diff --git a/components/asio/port/mbedtls/include/mbedtls_engine.hpp b/components/asio/port/mbedtls/include/mbedtls_engine.hpp index 9e77acbc3a6..d9ac614d4d2 100644 --- a/components/asio/port/mbedtls/include/mbedtls_engine.hpp +++ b/components/asio/port/mbedtls/include/mbedtls_engine.hpp @@ -1,5 +1,5 @@ // -// SPDX-FileCopyrightText: 2021 Espressif Systems (Shanghai) CO LTD +// SPDX-FileCopyrightText: 2021-2022 Espressif Systems (Shanghai) CO LTD // // SPDX-License-Identifier: BSL-1.0 // @@ -141,7 +141,7 @@ class engine { int ret = 0; mbedtls_ssl_set_bio(&impl_.ssl_, bio_.first.get(), bio_write, bio_read, nullptr); - while (impl_.ssl_.state != MBEDTLS_SSL_HANDSHAKE_OVER) { + while (impl_.ssl_.MBEDTLS_PRIVATE(state) != MBEDTLS_SSL_HANDSHAKE_OVER) { ret = mbedtls_ssl_handshake_step(&impl_.ssl_); if (ret != 0) { @@ -189,7 +189,7 @@ class engine { bool before_handshake() const { - return ssl_.state == 0; + return ssl_.MBEDTLS_PRIVATE(state) == 0; } int write(const void *buffer, int len) @@ -246,7 +246,7 @@ class engine { return false; } ret = mbedtls_pk_parse_key(&pk_key_, ctx->data(container::PRIVKEY), ctx->size(container::PRIVKEY), - nullptr, 0); + nullptr, 0, mbedtls_ctr_drbg_random, &ctr_drbg_); if (ret < 0) { print_error("mbedtls_pk_parse_keyfile", ret); return false; diff --git a/components/bootloader_support/src/idf/bootloader_sha.c b/components/bootloader_support/src/idf/bootloader_sha.c index f6347e44e64..6248d8d7cd2 100644 --- a/components/bootloader_support/src/idf/bootloader_sha.c +++ b/components/bootloader_support/src/idf/bootloader_sha.c @@ -18,7 +18,7 @@ bootloader_sha256_handle_t bootloader_sha256_start(void) return NULL; } mbedtls_sha256_init(ctx); - int ret = mbedtls_sha256_starts_ret(ctx, false); + int ret = mbedtls_sha256_starts(ctx, false); if (ret != 0) { return NULL; } @@ -29,7 +29,7 @@ void bootloader_sha256_data(bootloader_sha256_handle_t handle, const void *data, { assert(handle != NULL); mbedtls_sha256_context *ctx = (mbedtls_sha256_context *)handle; - int ret = mbedtls_sha256_update_ret(ctx, data, data_len); + int ret = mbedtls_sha256_update(ctx, data, data_len); assert(ret == 0); (void)ret; } @@ -39,7 +39,7 @@ void bootloader_sha256_finish(bootloader_sha256_handle_t handle, uint8_t *digest assert(handle != NULL); mbedtls_sha256_context *ctx = (mbedtls_sha256_context *)handle; if (digest != NULL) { - int ret = mbedtls_sha256_finish_ret(ctx, digest); + int ret = mbedtls_sha256_finish(ctx, digest); assert(ret == 0); (void)ret; } diff --git a/components/bootloader_support/src/secure_boot_v1/secure_boot_signatures_app.c b/components/bootloader_support/src/secure_boot_v1/secure_boot_signatures_app.c index a0eaa39af21..facbb173142 100644 --- a/components/bootloader_support/src/secure_boot_v1/secure_boot_signatures_app.c +++ b/components/bootloader_support/src/secure_boot_v1/secure_boot_signatures_app.c @@ -102,8 +102,8 @@ esp_err_t esp_secure_boot_verify_ecdsa_signature_block(const esp_secure_boot_sig mbedtls_ecdsa_context ecdsa_context; mbedtls_ecdsa_init(&ecdsa_context); - mbedtls_ecp_group_load(&ecdsa_context.grp, MBEDTLS_ECP_DP_SECP256R1); - size_t plen = mbedtls_mpi_size(&ecdsa_context.grp.P); + mbedtls_ecp_group_load(&ecdsa_context.MBEDTLS_PRIVATE(grp), MBEDTLS_ECP_DP_SECP256R1); + size_t plen = mbedtls_mpi_size(&ecdsa_context.MBEDTLS_PRIVATE(grp).P); if (keylen != 2 * plen) { ESP_LOGE(TAG, "Incorrect ECDSA key length %d", keylen); ret = ESP_FAIL; @@ -111,11 +111,11 @@ esp_err_t esp_secure_boot_verify_ecdsa_signature_block(const esp_secure_boot_sig } /* Extract X and Y components from ECDSA public key */ - MBEDTLS_MPI_CHK(mbedtls_mpi_read_binary(&ecdsa_context.Q.X, signature_verification_key_start, plen)); - MBEDTLS_MPI_CHK(mbedtls_mpi_read_binary(&ecdsa_context.Q.Y, signature_verification_key_start + plen, plen)); - MBEDTLS_MPI_CHK(mbedtls_mpi_lset(&ecdsa_context.Q.Z, 1)); + MBEDTLS_MPI_CHK(mbedtls_mpi_read_binary(&ecdsa_context.MBEDTLS_PRIVATE(Q).MBEDTLS_PRIVATE(X), signature_verification_key_start, plen)); + MBEDTLS_MPI_CHK(mbedtls_mpi_read_binary(&ecdsa_context.MBEDTLS_PRIVATE(Q).MBEDTLS_PRIVATE(Y), signature_verification_key_start + plen, plen)); + MBEDTLS_MPI_CHK(mbedtls_mpi_lset(&ecdsa_context.MBEDTLS_PRIVATE(Q).MBEDTLS_PRIVATE(Z), 1)); - ret = mbedtls_ecdsa_verify(&ecdsa_context.grp, image_digest, ESP_SECURE_BOOT_DIGEST_LEN, &ecdsa_context.Q, &r, &s); + ret = mbedtls_ecdsa_verify(&ecdsa_context.MBEDTLS_PRIVATE(grp), image_digest, ESP_SECURE_BOOT_DIGEST_LEN, &ecdsa_context.MBEDTLS_PRIVATE(Q), &r, &s); ESP_LOGD(TAG, "Verification result %d", ret); cleanup: diff --git a/components/bootloader_support/src/secure_boot_v2/secure_boot_signatures_app.c b/components/bootloader_support/src/secure_boot_v2/secure_boot_signatures_app.c index 26f450385e0..a32ff419dc5 100644 --- a/components/bootloader_support/src/secure_boot_v2/secure_boot_signatures_app.c +++ b/components/bootloader_support/src/secure_boot_v2/secure_boot_signatures_app.c @@ -222,15 +222,16 @@ esp_err_t esp_secure_boot_verify_rsa_signature_block(const ets_secure_boot_signa ESP_LOGI(TAG, "Verifying with RSA-PSS..."); - const mbedtls_mpi N = { .s = 1, - .n = sizeof(trusted_block->key.n)/sizeof(mbedtls_mpi_uint), - .p = (void *)trusted_block->key.n, + const mbedtls_mpi N = { .MBEDTLS_PRIVATE(s) = 1, + .MBEDTLS_PRIVATE(n) = sizeof(trusted_block->key.n)/sizeof(mbedtls_mpi_uint), + .MBEDTLS_PRIVATE(p) = (void *)trusted_block->key.n, }; - const mbedtls_mpi e = { .s = 1, - .n = sizeof(trusted_block->key.e)/sizeof(mbedtls_mpi_uint), // 1 - .p = (void *)&trusted_block->key.e, + const mbedtls_mpi e = { .MBEDTLS_PRIVATE(s) = 1, + .MBEDTLS_PRIVATE(n) = sizeof(trusted_block->key.e)/sizeof(mbedtls_mpi_uint), // 1 + .MBEDTLS_PRIVATE(p) = (void *)&trusted_block->key.e, }; - mbedtls_rsa_init(&pk, MBEDTLS_RSA_PKCS_V21, MBEDTLS_MD_SHA256); + mbedtls_rsa_init(&pk); + mbedtls_rsa_set_padding(&pk,MBEDTLS_RSA_PKCS_V21, MBEDTLS_MD_SHA256); ret = mbedtls_rsa_import(&pk, &N, NULL, NULL, NULL, &e); if (ret != 0) { ESP_LOGE(TAG, "Failed mbedtls_rsa_import, err: %d", ret); @@ -260,8 +261,7 @@ esp_err_t esp_secure_boot_verify_rsa_signature_block(const ets_secure_boot_signa goto exit_inner; } - ret = mbedtls_rsa_rsassa_pss_verify( &pk, mbedtls_ctr_drbg_random, &ctr_drbg, MBEDTLS_RSA_PUBLIC, MBEDTLS_MD_SHA256, ESP_SECURE_BOOT_DIGEST_LEN, - image_digest, sig_be); + ret = mbedtls_rsa_rsassa_pss_verify( &pk, MBEDTLS_MD_SHA256, ESP_SECURE_BOOT_DIGEST_LEN, image_digest, sig_be); if (ret != 0) { ESP_LOGE(TAG, "Failed mbedtls_rsa_rsassa_pss_verify, err: %d", ret); } else { diff --git a/components/bt/common/api/include/api/esp_blufi_api.h b/components/bt/common/api/include/api/esp_blufi_api.h index 89c46785b78..e9add2c58bf 100644 --- a/components/bt/common/api/include/api/esp_blufi_api.h +++ b/components/bt/common/api/include/api/esp_blufi_api.h @@ -74,6 +74,7 @@ typedef enum { ESP_BLUFI_READ_PARAM_ERROR, ESP_BLUFI_MAKE_PUBLIC_ERROR, ESP_BLUFI_DATA_FORMAT_ERROR, + ESP_BLUFI_CALC_MD5_ERROR, } esp_blufi_error_state_t; /** diff --git a/components/bt/host/nimble/nimble b/components/bt/host/nimble/nimble index 1dc1ec6e76b..51f4b84aca5 160000 --- a/components/bt/host/nimble/nimble +++ b/components/bt/host/nimble/nimble @@ -1 +1 @@ -Subproject commit 1dc1ec6e76b0ab3bf93cc9f1ff7a2a09141e7c61 +Subproject commit 51f4b84aca5ae5a4083fa31b0cb5f34bfabef2ee diff --git a/components/esp-tls/esp-tls-crypto/esp_tls_crypto.c b/components/esp-tls/esp-tls-crypto/esp_tls_crypto.c index dc0b88894fa..c3a9a1b4fba 100644 --- a/components/esp-tls/esp-tls-crypto/esp_tls_crypto.c +++ b/components/esp-tls/esp-tls-crypto/esp_tls_crypto.c @@ -25,7 +25,7 @@ static int esp_crypto_sha1_mbedtls( const unsigned char *input, size_t ilen, unsigned char output[20]) { - int ret = mbedtls_sha1_ret(input, ilen, output); + int ret = mbedtls_sha1(input, ilen, output); if (ret != 0) { ESP_LOGE(TAG, "Error in calculating sha1 sum , Returned 0x%02X", ret); } diff --git a/components/esp-tls/esp_tls_mbedtls.c b/components/esp-tls/esp_tls_mbedtls.c index f0764520aea..bca6ba6cda0 100644 --- a/components/esp-tls/esp_tls_mbedtls.c +++ b/components/esp-tls/esp_tls_mbedtls.c @@ -1,5 +1,5 @@ /* - * SPDX-FileCopyrightText: 2019-2021 Espressif Systems (Shanghai) CO LTD + * SPDX-FileCopyrightText: 2019-2022 Espressif Systems (Shanghai) CO LTD * * SPDX-License-Identifier: Apache-2.0 */ @@ -114,6 +114,14 @@ esp_err_t esp_create_mbedtls_handle(const char *hostname, size_t hostlen, const mbedtls_esp_enable_debug_log(&tls->conf, CONFIG_MBEDTLS_DEBUG_LEVEL); #endif +#ifdef CONFIG_MBEDTLS_SSL_PROTO_TLS1_3 + // NOTE: Mbed TLS currently supports only client-side config with TLS 1.3 + if (tls->role != ESP_TLS_SERVER) { + mbedtls_ssl_conf_min_version(&tls->conf, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_4); + mbedtls_ssl_conf_max_version(&tls->conf, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_4); + } +#endif + if ((ret = mbedtls_ssl_setup(&tls->ssl, &tls->conf)) != 0) { ESP_LOGE(TAG, "mbedtls_ssl_setup returned -0x%04X", -ret); mbedtls_print_error_msg(ret); @@ -365,7 +373,8 @@ static esp_err_t set_pki_context(esp_tls_t *tls, const esp_tls_pki_t *pki) #endif if (pki->privkey_pem_buf != NULL) { ret = mbedtls_pk_parse_key(pki->pk_key, pki->privkey_pem_buf, pki->privkey_pem_bytes, - pki->privkey_password, pki->privkey_password_len); + pki->privkey_password, pki->privkey_password_len, + mbedtls_ctr_drbg_random, &tls->ctr_drbg); } else { return ESP_ERR_INVALID_ARG; } @@ -906,7 +915,7 @@ static esp_err_t esp_mbedtls_init_pk_ctx_for_ds(const void *pki) int ret = -1; /* initialize the mbedtls pk context with rsa context */ mbedtls_rsa_context rsakey; - mbedtls_rsa_init(&rsakey, MBEDTLS_RSA_PKCS_V15, 0); + mbedtls_rsa_init(&rsakey); if ((ret = mbedtls_pk_setup_rsa_alt(((const esp_tls_pki_t*)pki)->pk_key, &rsakey, NULL, esp_ds_rsa_sign, esp_ds_get_keylen )) != 0) { ESP_LOGE(TAG, "Error in mbedtls_pk_setup_rsa_alt, returned -0x%04X", -ret); diff --git a/components/esp_http_server/src/httpd_ws.c b/components/esp_http_server/src/httpd_ws.c index 4a4c2373dff..26e86143157 100644 --- a/components/esp_http_server/src/httpd_ws.c +++ b/components/esp_http_server/src/httpd_ws.c @@ -143,7 +143,7 @@ esp_err_t httpd_ws_respond_server_handshake(httpd_req_t *req, const char *suppor /* Generate SHA-1 first and then encode to Base64 */ size_t key_len = strlen(server_raw_text); - mbedtls_sha1_ret((uint8_t *)server_raw_text, key_len, server_key_hash); + mbedtls_sha1((uint8_t *)server_raw_text, key_len, server_key_hash); size_t encoded_len = 0; mbedtls_base64_encode((uint8_t *)server_key_encoded, sizeof(server_key_encoded), &encoded_len, diff --git a/components/espcoredump/src/core_dump_checksum.c b/components/espcoredump/src/core_dump_checksum.c index 53d5b00440f..0cd67b263e5 100644 --- a/components/espcoredump/src/core_dump_checksum.c +++ b/components/espcoredump/src/core_dump_checksum.c @@ -1,17 +1,8 @@ -// Copyright 2015-2020 Espressif Systems (Shanghai) PTE LTD -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at - -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - +/* + * SPDX-FileCopyrightText: 2015-2021 Espressif Systems (Shanghai) CO LTD + * + * SPDX-License-Identifier: Apache-2.0 + */ /** * @file * @brief Checksum interface implemetation @@ -74,7 +65,7 @@ void esp_core_dump_checksum_init(core_dump_checksum_ctx** out_ctx) s_checksum_context.crc = 0; #elif CONFIG_ESP_COREDUMP_CHECKSUM_SHA256 mbedtls_sha256_init(&s_checksum_context.ctx); - (void)mbedtls_sha256_starts_ret(&s_checksum_context.ctx, 0); + (void)mbedtls_sha256_starts(&s_checksum_context.ctx, 0); #endif s_checksum_context.total_bytes_checksum = 0; @@ -95,7 +86,7 @@ void esp_core_dump_checksum_update(core_dump_checksum_ctx* cks_ctx, void* data, // set software mode of SHA calculation cks_ctx->ctx.mode = ESP_MBEDTLS_SHA256_SOFTWARE; #endif - (void)mbedtls_sha256_update_ret(&cks_ctx->ctx, data, data_len); + (void)mbedtls_sha256_update(&cks_ctx->ctx, data, data_len); #endif // keep counter of cashed bytes cks_ctx->total_bytes_checksum += data_len; @@ -120,7 +111,7 @@ uint32_t esp_core_dump_checksum_finish(core_dump_checksum_ctx* cks_ctx, core_dum #elif CONFIG_ESP_COREDUMP_CHECKSUM_SHA256 if (chs_ptr != NULL) { - (void)mbedtls_sha256_finish_ret(&cks_ctx->ctx, (uint8_t*)&cks_ctx->sha_output); + (void)mbedtls_sha256_finish(&cks_ctx->ctx, (uint8_t*)&cks_ctx->sha_output); *chs_ptr = &cks_ctx->sha_output[0]; mbedtls_sha256_free(&cks_ctx->ctx); } diff --git a/components/mbedtls/CMakeLists.txt b/components/mbedtls/CMakeLists.txt index f1935a9da81..88314bb0c3b 100644 --- a/components/mbedtls/CMakeLists.txt +++ b/components/mbedtls/CMakeLists.txt @@ -8,11 +8,12 @@ if(NOT BOOTLOADER_BUILD) endif() idf_component_register(SRCS "esp_crt_bundle/esp_crt_bundle.c" - INCLUDE_DIRS "port/include" "mbedtls/include" "esp_crt_bundle/include" + INCLUDE_DIRS "port/include" "mbedtls/include" "esp_crt_bundle/include" "./mbedtls/library" REQUIRES lwip PRIV_REQUIRES "${priv_requires}" ) + if(CONFIG_MBEDTLS_CERTIFICATE_BUNDLE) set(bundle_name "x509_crt_bundle") set(DEFAULT_CRT_DIR ${COMPONENT_DIR}/esp_crt_bundle) @@ -88,7 +89,8 @@ endif() set(mbedtls_targets mbedtls mbedcrypto mbedx509) set(mbedtls_target_sources "${COMPONENT_DIR}/port/mbedtls_debug.c" - "${COMPONENT_DIR}/port/net_sockets.c") + "${COMPONENT_DIR}/port/net_sockets.c" + "${COMPONENT_DIR}/port/certs.c") if(CONFIG_MBEDTLS_DYNAMIC_BUFFER) set(mbedtls_target_sources ${mbedtls_target_sources} diff --git a/components/mbedtls/Kconfig b/components/mbedtls/Kconfig index 2503faad753..01570e5005d 100644 --- a/components/mbedtls/Kconfig +++ b/components/mbedtls/Kconfig @@ -114,13 +114,6 @@ menu "mbedTLS" "MBEDTLS_SSL_IN_CONTENT_LEN", so to save more heap, users can set the options to be an appropriate value. - config MBEDTLS_DYNAMIC_FREE_PEER_CERT - bool "Free SSL peer certificate after its usage" - default n - depends on MBEDTLS_DYNAMIC_BUFFER - help - Free peer certificate after its usage in handshake process. - config MBEDTLS_DYNAMIC_FREE_CONFIG_DATA bool "Free private key and DHM data after its usage" default n @@ -178,7 +171,18 @@ menu "mbedTLS" default 3 if MBEDTLS_DEBUG_LEVEL_DEBUG default 4 if MBEDTLS_DEBUG_LEVEL_VERBOSE - menu "mbedTLS v2.28.x related" + menu "mbedTLS v3.x related" + + config MBEDTLS_SSL_PROTO_TLS1_3 + bool "Support TLS 1.3 protocol" + depends on MBEDTLS_TLS_ENABLED + select MBEDTLS_HKDF_C + default n + + config MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE + bool "Enable TLS 1.3 middlebox compatibility mode" + depends on MBEDTLS_SSL_PROTO_TLS1_3 + default y config MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH bool "Variable SSL buffer length" @@ -189,7 +193,7 @@ menu "mbedTLS" config MBEDTLS_ECDH_LEGACY_CONTEXT bool "Use a backward compatible ECDH context (Experimental)" - default y + default n depends on MBEDTLS_ECDH_C && MBEDTLS_ECP_RESTARTABLE help Use the legacy ECDH context format. @@ -327,6 +331,7 @@ menu "mbedTLS" config MBEDTLS_ECP_RESTARTABLE bool "Enable mbedTLS ecp restartable" + select MBEDTLS_ECDH_LEGACY_CONTEXT default n help Enable "non-blocking" ECC operations that can return early and be resumed. @@ -629,24 +634,6 @@ menu "mbedTLS" If you don't need renegotiation, disabling it will save code size and reduce the possibility of abuse/vulnerability. - config MBEDTLS_SSL_PROTO_SSL3 - bool "Legacy SSL 3.0 support" - depends on MBEDTLS_TLS_ENABLED - default n - help - Support the legacy SSL 3.0 protocol. Most servers will speak a newer - TLS protocol these days. - - config MBEDTLS_SSL_PROTO_TLS1 - bool "Support TLS 1.0 protocol" - depends on MBEDTLS_TLS_ENABLED - default y - - config MBEDTLS_SSL_PROTO_TLS1_1 - bool "Support TLS 1.1 protocol" - depends on MBEDTLS_TLS_ENABLED - default y - config MBEDTLS_SSL_PROTO_TLS1_2 bool "Support TLS 1.2 protocol" depends on MBEDTLS_TLS_ENABLED @@ -662,9 +649,8 @@ menu "mbedTLS" config MBEDTLS_SSL_PROTO_DTLS bool "Support DTLS protocol (all versions)" default n - depends on MBEDTLS_SSL_PROTO_TLS1_1 || MBEDTLS_SSL_PROTO_TLS1_2 + depends on MBEDTLS_SSL_PROTO_TLS1_2 help - Requires TLS 1.1 to be enabled for DTLS 1.0 Requires TLS 1.2 to be enabled for DTLS 1.2 config MBEDTLS_SSL_ALPN @@ -682,22 +668,6 @@ menu "mbedTLS" Client support for RFC 5077 session tickets. See mbedTLS documentation for more details. Disabling this option will save some code size. - config MBEDTLS_X509_CHECK_KEY_USAGE - bool "Enable verification of the keyUsage extension" - default y - depends on MBEDTLS_TLS_ENABLED - help - Disabling this avoids problems with mis-issued and/or misused (intermediate) CA and leaf certificates. - Depending on your PKI use, disabling this can be a security risk. - - config MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE - bool "Enable verification of the extendedKeyUsage extension" - default y - depends on MBEDTLS_TLS_ENABLED - help - Disabling this avoids problems with mis-issued and/or misused certificates. - Depending on your PKI use, disabling this can be a security risk. - config MBEDTLS_SERVER_SSL_SESSION_TICKETS bool "TLS: Server Support for RFC 5077 SSL session tickets" default y diff --git a/components/mbedtls/esp_crt_bundle/esp_crt_bundle.c b/components/mbedtls/esp_crt_bundle/esp_crt_bundle.c index 89f3fb0b63f..cbe6cf431d5 100644 --- a/components/mbedtls/esp_crt_bundle/esp_crt_bundle.c +++ b/components/mbedtls/esp_crt_bundle/esp_crt_bundle.c @@ -1,18 +1,8 @@ -// Copyright 2018-2019 Espressif Systems (Shanghai) PTE LTD -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at - -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - - +/* + * SPDX-FileCopyrightText: 2018-2022 Espressif Systems (Shanghai) CO LTD + * + * SPDX-License-Identifier: Apache-2.0 + */ #include #include #include "esp_crt_bundle.h" @@ -60,21 +50,21 @@ static int esp_crt_check_signature(mbedtls_x509_crt *child, const uint8_t *pub_k // Fast check to avoid expensive computations when not necessary - if (!mbedtls_pk_can_do(&parent.pk, child->sig_pk)) { + if (!mbedtls_pk_can_do(&parent.pk, child->MBEDTLS_PRIVATE(sig_pk))) { ESP_LOGE(TAG, "Simple compare failed"); ret = -1; goto cleanup; } - md_info = mbedtls_md_info_from_type(child->sig_md); + md_info = mbedtls_md_info_from_type(child->MBEDTLS_PRIVATE(sig_md)); if ( (ret = mbedtls_md( md_info, child->tbs.p, child->tbs.len, hash )) != 0 ) { ESP_LOGE(TAG, "Internal mbedTLS error %X", ret); goto cleanup; } - if ( (ret = mbedtls_pk_verify_ext( child->sig_pk, child->sig_opts, &parent.pk, - child->sig_md, hash, mbedtls_md_get_size( md_info ), - child->sig.p, child->sig.len )) != 0 ) { + if ( (ret = mbedtls_pk_verify_ext( child->MBEDTLS_PRIVATE(sig_pk), child->MBEDTLS_PRIVATE(sig_opts), &parent.pk, + child->MBEDTLS_PRIVATE(sig_md), hash, mbedtls_md_get_size( md_info ), + child->MBEDTLS_PRIVATE(sig).p, child->MBEDTLS_PRIVATE(sig).len )) != 0 ) { ESP_LOGE(TAG, "PK verify failed with error %X", ret); goto cleanup; diff --git a/components/mbedtls/esp_crt_bundle/gen_crt_bundle.py b/components/mbedtls/esp_crt_bundle/gen_crt_bundle.py index 87e29e61fa4..6c5d18edfff 100755 --- a/components/mbedtls/esp_crt_bundle/gen_crt_bundle.py +++ b/components/mbedtls/esp_crt_bundle/gen_crt_bundle.py @@ -8,19 +8,8 @@ # The bundle will have the format: number of certificates; crt 1 subject name length; crt 1 public key length; # crt 1 subject name; crt 1 public key; crt 2... # -# Copyright 2018-2019 Espressif Systems (Shanghai) PTE LTD -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http:#www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# SPDX-FileCopyrightText: 2018-2022 Espressif Systems (Shanghai) CO LTD +# SPDX-License-Identifier: Apache-2.0 from __future__ import with_statement diff --git a/components/mbedtls/mbedtls b/components/mbedtls/mbedtls index 8b0e35f2ad4..9bb5effc329 160000 --- a/components/mbedtls/mbedtls +++ b/components/mbedtls/mbedtls @@ -1 +1 @@ -Subproject commit 8b0e35f2ad477fcc2a267cf434528024b8499085 +Subproject commit 9bb5effc3298265f829878825d9bd38478e67514 diff --git a/components/mbedtls/port/aes/esp_aes_common.c b/components/mbedtls/port/aes/esp_aes_common.c index c0dd78a9684..78780c52461 100644 --- a/components/mbedtls/port/aes/esp_aes_common.c +++ b/components/mbedtls/port/aes/esp_aes_common.c @@ -1,23 +1,12 @@ -/** - * \brief AES block cipher, ESP hardware accelerated version, common +/* + * AES block cipher, ESP hardware accelerated version, common * Based on mbedTLS FIPS-197 compliant version. * - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved - * Additions Copyright (C) 2016-2017, Espressif Systems (Shanghai) PTE Ltd - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at + * SPDX-FileCopyrightText: The Mbed TLS Contributors * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 * + * SPDX-FileContributor: 2016-2021 Espressif Systems (Shanghai) CO LTD */ /* * The AES block cipher was designed by Vincent Rijmen and Joan Daemen. @@ -25,12 +14,12 @@ * http://csrc.nist.gov/encryption/aes/rijndael/Rijndael.pdf * http://csrc.nist.gov/publications/fips/fips197/fips-197.pdf */ - #include "aes/esp_aes_internal.h" #include "mbedtls/aes.h" #include "hal/aes_hal.h" #include "hal/aes_types.h" #include "soc/soc_caps.h" +#include "mbedtls/error.h" #include #include "mbedtls/platform.h" diff --git a/components/mbedtls/port/aes/esp_aes_gcm.c b/components/mbedtls/port/aes/esp_aes_gcm.c index 81a5bfebd64..d95f36e2fa6 100644 --- a/components/mbedtls/port/aes/esp_aes_gcm.c +++ b/components/mbedtls/port/aes/esp_aes_gcm.c @@ -1,23 +1,12 @@ -/** - * \brief GCM block cipher, ESP DMA hardware accelerated version +/* + * GCM block cipher, ESP DMA hardware accelerated version * Based on mbedTLS FIPS-197 compliant version. * - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved - * Additions Copyright (C) 2016-2020, Espressif Systems (Shanghai) PTE Ltd - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 + * SPDX-FileCopyrightText: The Mbed TLS Contributors * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 * + * SPDX-FileContributor: 2016-2021 Espressif Systems (Shanghai) CO LTD */ /* * The AES block cipher was designed by Vincent Rijmen and Joan Daemen. @@ -25,7 +14,6 @@ * http://csrc.nist.gov/encryption/aes/rijndael/Rijndael.pdf * http://csrc.nist.gov/publications/fips/fips197/fips-197.pdf */ - #include "soc/soc_caps.h" #if SOC_AES_SUPPORT_GCM @@ -336,15 +324,12 @@ void esp_aes_gcm_free( esp_gcm_context *ctx) int esp_aes_gcm_starts( esp_gcm_context *ctx, int mode, const unsigned char *iv, - size_t iv_len, - const unsigned char *aad, - size_t aad_len ) + size_t iv_len ) { - /* IV and AD are limited to 2^32 bits, so 2^29 bytes */ + /* IV is limited to 2^32 bits, so 2^29 bytes */ /* IV is not allowed to be zero length */ if ( iv_len == 0 || - ( (uint32_t) iv_len ) >> 29 != 0 || - ( (uint32_t) aad_len ) >> 29 != 0 ) { + ( (uint32_t) iv_len ) >> 29 != 0 ) { return ( MBEDTLS_ERR_GCM_BAD_INPUT ); } @@ -358,19 +343,12 @@ int esp_aes_gcm_starts( esp_gcm_context *ctx, return -1; } - if ( (aad_len > 0) && !aad) { - ESP_LOGE(TAG, "No aad supplied"); - return -1; - } - /* Initialize AES-GCM context */ memset(ctx->ghash, 0, sizeof(ctx->ghash)); ctx->data_len = 0; ctx->iv = iv; ctx->iv_len = iv_len; - ctx->aad = aad; - ctx->aad_len = aad_len; ctx->mode = mode; /* H and the lookup table are only generated once per ctx */ @@ -389,6 +367,40 @@ int esp_aes_gcm_starts( esp_gcm_context *ctx, ctx->gcm_state = ESP_AES_GCM_STATE_START; + return ( 0 ); +} + +int esp_aes_gcm_update_ad( esp_gcm_context *ctx, + const unsigned char *aad, + size_t aad_len ) +{ + /* AD are limited to 2^32 bits, so 2^29 bytes */ + if ( ( (uint32_t) aad_len ) >> 29 != 0 ) { + return ( MBEDTLS_ERR_GCM_BAD_INPUT ); + } + + if (!ctx) { + ESP_LOGE(TAG, "No AES context supplied"); + return -1; + } + + if ( (aad_len > 0) && !aad) { + ESP_LOGE(TAG, "No aad supplied"); + return -1; + } + + /* Initialize AES-GCM context */ + memset(ctx->ghash, 0, sizeof(ctx->ghash)); + ctx->data_len = 0; + + ctx->aad = aad; + ctx->aad_len = aad_len; + + if (ctx->gcm_state != ESP_AES_GCM_STATE_START) { + ESP_LOGE(TAG, "AES context in invalid state!"); + return -1; + } + /* Once H is obtained we need to derive J0 (Initial Counter Block) */ esp_gcm_derive_J0(ctx); @@ -405,9 +417,9 @@ int esp_aes_gcm_starts( esp_gcm_context *ctx, /* Perform AES-GCM operation */ int esp_aes_gcm_update( esp_gcm_context *ctx, - size_t length, - const unsigned char *input, - unsigned char *output ) + const unsigned char *input, size_t input_length, + unsigned char *output, size_t output_size, + size_t *output_length ) { size_t nc_off = 0; uint8_t nonce_counter[AES_BLOCK_BYTES] = {0}; @@ -426,7 +438,7 @@ int esp_aes_gcm_update( esp_gcm_context *ctx, return -1; } - if ( output > input && (size_t) ( output - input ) < length ) { + if ( output > input && (size_t) ( output - input ) < input_length ) { return ( MBEDTLS_ERR_GCM_BAD_INPUT ); } /* If this is the first time esp_gcm_update is getting called @@ -444,21 +456,21 @@ int esp_aes_gcm_update( esp_gcm_context *ctx, /* Perform intermediate GHASH on "encrypted" data during decryption */ if (ctx->mode == ESP_AES_DECRYPT) { - esp_gcm_ghash(ctx, input, length, ctx->ghash); + esp_gcm_ghash(ctx, input, input_length, ctx->ghash); } /* Output = GCTR(J0, Input): Encrypt/Decrypt the input */ - esp_aes_crypt_ctr(&ctx->aes_ctx, length, &nc_off, nonce_counter, stream, input, output); + esp_aes_crypt_ctr(&ctx->aes_ctx, input_length, &nc_off, nonce_counter, stream, input, output); /* ICB gets auto incremented after GCTR operation here so update the context */ memcpy(ctx->J0, nonce_counter, AES_BLOCK_BYTES); /* Keep updating the length counter for final tag calculation */ - ctx->data_len += length; + ctx->data_len += input_length; /* Perform intermediate GHASH on "encrypted" data during encryption*/ if (ctx->mode == ESP_AES_ENCRYPT) { - esp_gcm_ghash(ctx, output, length, ctx->ghash); + esp_gcm_ghash(ctx, output, input_length, ctx->ghash); } return 0; @@ -466,8 +478,9 @@ int esp_aes_gcm_update( esp_gcm_context *ctx, /* Function to read the tag value */ int esp_aes_gcm_finish( esp_gcm_context *ctx, - unsigned char *tag, - size_t tag_len ) + unsigned char *output, size_t output_size, + size_t *output_length, + unsigned char *tag, size_t tag_len ) { size_t nc_off = 0; uint8_t len_block[AES_BLOCK_BYTES] = {0}; @@ -531,15 +544,19 @@ static int esp_aes_gcm_crypt_and_tag_partial_hw( esp_gcm_context *ctx, { int ret = 0; - if ( ( ret = esp_aes_gcm_starts( ctx, mode, iv, iv_len, aad, aad_len ) ) != 0 ) { + if ( ( ret = esp_aes_gcm_starts( ctx, mode, iv, iv_len ) ) != 0 ) { + return ( ret ); + } + + if ( ( ret = esp_aes_gcm_update_ad( ctx, aad, aad_len ) ) != 0 ) { return ( ret ); } - if ( ( ret = esp_aes_gcm_update( ctx, length, input, output ) ) != 0 ) { + if ( ( ret = esp_aes_gcm_update( ctx, input, length, output, 0, NULL ) ) != 0 ) { return ( ret ); } - if ( ( ret = esp_aes_gcm_finish( ctx, tag, tag_len ) ) != 0 ) { + if ( ( ret = esp_aes_gcm_finish( ctx, output, 0, NULL, tag, tag_len ) ) != 0 ) { return ( ret ); } diff --git a/components/mbedtls/port/certs.c b/components/mbedtls/port/certs.c new file mode 100644 index 00000000000..4818a00c49c --- /dev/null +++ b/components/mbedtls/port/certs.c @@ -0,0 +1,1743 @@ +/* + * SPDX-FileCopyrightText: 2022 Espressif Systems (Shanghai) CO LTD + * + * SPDX-License-Identifier: Apache-2.0 + */ +/* + * X.509 test certificates + * + * Apache License 2.0: + */ + +#if !defined(MBEDTLS_CONFIG_FILE) +#include "mbedtls/mbedtls_config.h" +#else +#include MBEDTLS_CONFIG_FILE +#endif + +#include "mbedtls/certs.h" + +#if defined(MBEDTLS_CERTS_C) + +/* + * Test CA Certificates + * + * We define test CA certificates for each choice of the following parameters: + * - PEM or DER encoding + * - SHA-1 or SHA-256 hash + * - RSA or EC key + * + * Things to add: + * - multiple EC curve types + * + */ + +/* This is taken from tests/data_files/test-ca2.crt */ +/* BEGIN FILE string macro TEST_CA_CRT_EC_PEM tests/data_files/test-ca2.crt */ +#define TEST_CA_CRT_EC_PEM \ + "-----BEGIN CERTIFICATE-----\r\n" \ + "MIICBDCCAYigAwIBAgIJAMFD4n5iQ8zoMAwGCCqGSM49BAMCBQAwPjELMAkGA1UE\r\n" \ + "BhMCTkwxETAPBgNVBAoMCFBvbGFyU1NMMRwwGgYDVQQDDBNQb2xhcnNzbCBUZXN0\r\n" \ + "IEVDIENBMB4XDTE5MDIxMDE0NDQwMFoXDTI5MDIxMDE0NDQwMFowPjELMAkGA1UE\r\n" \ + "BhMCTkwxETAPBgNVBAoMCFBvbGFyU1NMMRwwGgYDVQQDDBNQb2xhcnNzbCBUZXN0\r\n" \ + "IEVDIENBMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEw9orNEE3WC+HVv78ibopQ0tO\r\n" \ + "4G7DDldTMzlY1FK0kZU5CyPfXxckYkj8GpUpziwth8KIUoCv1mqrId240xxuWLjK\r\n" \ + "6LJpjvNBrSnDtF91p0dv1RkpVWmaUzsgtGYWYDMeo1AwTjAMBgNVHRMEBTADAQH/\r\n" \ + "MB0GA1UdDgQWBBSdbSAkSQE/K8t4tRm8fiTJ2/s2fDAfBgNVHSMEGDAWgBSdbSAk\r\n" \ + "SQE/K8t4tRm8fiTJ2/s2fDAMBggqhkjOPQQDAgUAA2gAMGUCMFHKrjAPpHB0BN1a\r\n" \ + "LH8TwcJ3vh0AxeKZj30mRdOKBmg/jLS3rU3g8VQBHpn8sOTTBwIxANxPO5AerimZ\r\n" \ + "hCjMe0d4CTHf1gFZMF70+IqEP+o5VHsIp2Cqvflb0VGWFC5l9a4cQg==\r\n" \ + "-----END CERTIFICATE-----\r\n" +/* END FILE */ + +/* This is generated from tests/data_files/test-ca2.crt.der using `xxd -i`. */ +/* BEGIN FILE binary macro TEST_CA_CRT_EC_DER tests/data_files/test-ca2.crt.der */ +#define TEST_CA_CRT_EC_DER { \ + 0x30, 0x82, 0x02, 0x04, 0x30, 0x82, 0x01, 0x88, 0xa0, 0x03, 0x02, 0x01, \ + 0x02, 0x02, 0x09, 0x00, 0xc1, 0x43, 0xe2, 0x7e, 0x62, 0x43, 0xcc, 0xe8, \ + 0x30, 0x0c, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, 0x03, 0x02, \ + 0x05, 0x00, 0x30, 0x3e, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, \ + 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, 0x30, 0x0f, 0x06, 0x03, 0x55, \ + 0x04, 0x0a, 0x0c, 0x08, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, 0x53, 0x4c, \ + 0x31, 0x1c, 0x30, 0x1a, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x13, 0x50, \ + 0x6f, 0x6c, 0x61, 0x72, 0x73, 0x73, 0x6c, 0x20, 0x54, 0x65, 0x73, 0x74, \ + 0x20, 0x45, 0x43, 0x20, 0x43, 0x41, 0x30, 0x1e, 0x17, 0x0d, 0x31, 0x39, \ + 0x30, 0x32, 0x31, 0x30, 0x31, 0x34, 0x34, 0x34, 0x30, 0x30, 0x5a, 0x17, \ + 0x0d, 0x32, 0x39, 0x30, 0x32, 0x31, 0x30, 0x31, 0x34, 0x34, 0x34, 0x30, \ + 0x30, 0x5a, 0x30, 0x3e, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, \ + 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, 0x30, 0x0f, 0x06, 0x03, 0x55, \ + 0x04, 0x0a, 0x0c, 0x08, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, 0x53, 0x4c, \ + 0x31, 0x1c, 0x30, 0x1a, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x13, 0x50, \ + 0x6f, 0x6c, 0x61, 0x72, 0x73, 0x73, 0x6c, 0x20, 0x54, 0x65, 0x73, 0x74, \ + 0x20, 0x45, 0x43, 0x20, 0x43, 0x41, 0x30, 0x76, 0x30, 0x10, 0x06, 0x07, \ + 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, \ + 0x00, 0x22, 0x03, 0x62, 0x00, 0x04, 0xc3, 0xda, 0x2b, 0x34, 0x41, 0x37, \ + 0x58, 0x2f, 0x87, 0x56, 0xfe, 0xfc, 0x89, 0xba, 0x29, 0x43, 0x4b, 0x4e, \ + 0xe0, 0x6e, 0xc3, 0x0e, 0x57, 0x53, 0x33, 0x39, 0x58, 0xd4, 0x52, 0xb4, \ + 0x91, 0x95, 0x39, 0x0b, 0x23, 0xdf, 0x5f, 0x17, 0x24, 0x62, 0x48, 0xfc, \ + 0x1a, 0x95, 0x29, 0xce, 0x2c, 0x2d, 0x87, 0xc2, 0x88, 0x52, 0x80, 0xaf, \ + 0xd6, 0x6a, 0xab, 0x21, 0xdd, 0xb8, 0xd3, 0x1c, 0x6e, 0x58, 0xb8, 0xca, \ + 0xe8, 0xb2, 0x69, 0x8e, 0xf3, 0x41, 0xad, 0x29, 0xc3, 0xb4, 0x5f, 0x75, \ + 0xa7, 0x47, 0x6f, 0xd5, 0x19, 0x29, 0x55, 0x69, 0x9a, 0x53, 0x3b, 0x20, \ + 0xb4, 0x66, 0x16, 0x60, 0x33, 0x1e, 0xa3, 0x50, 0x30, 0x4e, 0x30, 0x0c, \ + 0x06, 0x03, 0x55, 0x1d, 0x13, 0x04, 0x05, 0x30, 0x03, 0x01, 0x01, 0xff, \ + 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0x9d, \ + 0x6d, 0x20, 0x24, 0x49, 0x01, 0x3f, 0x2b, 0xcb, 0x78, 0xb5, 0x19, 0xbc, \ + 0x7e, 0x24, 0xc9, 0xdb, 0xfb, 0x36, 0x7c, 0x30, 0x1f, 0x06, 0x03, 0x55, \ + 0x1d, 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, 0x14, 0x9d, 0x6d, 0x20, 0x24, \ + 0x49, 0x01, 0x3f, 0x2b, 0xcb, 0x78, 0xb5, 0x19, 0xbc, 0x7e, 0x24, 0xc9, \ + 0xdb, 0xfb, 0x36, 0x7c, 0x30, 0x0c, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, \ + 0x3d, 0x04, 0x03, 0x02, 0x05, 0x00, 0x03, 0x68, 0x00, 0x30, 0x65, 0x02, \ + 0x30, 0x51, 0xca, 0xae, 0x30, 0x0f, 0xa4, 0x70, 0x74, 0x04, 0xdd, 0x5a, \ + 0x2c, 0x7f, 0x13, 0xc1, 0xc2, 0x77, 0xbe, 0x1d, 0x00, 0xc5, 0xe2, 0x99, \ + 0x8f, 0x7d, 0x26, 0x45, 0xd3, 0x8a, 0x06, 0x68, 0x3f, 0x8c, 0xb4, 0xb7, \ + 0xad, 0x4d, 0xe0, 0xf1, 0x54, 0x01, 0x1e, 0x99, 0xfc, 0xb0, 0xe4, 0xd3, \ + 0x07, 0x02, 0x31, 0x00, 0xdc, 0x4f, 0x3b, 0x90, 0x1e, 0xae, 0x29, 0x99, \ + 0x84, 0x28, 0xcc, 0x7b, 0x47, 0x78, 0x09, 0x31, 0xdf, 0xd6, 0x01, 0x59, \ + 0x30, 0x5e, 0xf4, 0xf8, 0x8a, 0x84, 0x3f, 0xea, 0x39, 0x54, 0x7b, 0x08, \ + 0xa7, 0x60, 0xaa, 0xbd, 0xf9, 0x5b, 0xd1, 0x51, 0x96, 0x14, 0x2e, 0x65, \ + 0xf5, 0xae, 0x1c, 0x42 \ +} +/* END FILE */ + +/* This is taken from tests/data_files/test-ca2.key.enc */ +/* BEGIN FILE string macro TEST_CA_KEY_EC_PEM tests/data_files/test-ca2.key.enc */ +#define TEST_CA_KEY_EC_PEM \ + "-----BEGIN EC PRIVATE KEY-----\r\n" \ + "Proc-Type: 4,ENCRYPTED\r\n" \ + "DEK-Info: DES-EDE3-CBC,307EAB469933D64E\r\n" \ + "\r\n" \ + "IxbrRmKcAzctJqPdTQLA4SWyBYYGYJVkYEna+F7Pa5t5Yg/gKADrFKcm6B72e7DG\r\n" \ + "ihExtZI648s0zdYw6qSJ74vrPSuWDe5qm93BqsfVH9svtCzWHW0pm1p0KTBCFfUq\r\n" \ + "UsuWTITwJImcnlAs1gaRZ3sAWm7cOUidL0fo2G0fYUFNcYoCSLffCFTEHBuPnagb\r\n" \ + "a77x/sY1Bvii8S9/XhDTb6pTMx06wzrm\r\n" \ + "-----END EC PRIVATE KEY-----\r\n" +/* END FILE */ + +#define TEST_CA_PWD_EC_PEM "PolarSSLTest" + +/* This is generated from tests/data_files/test-ca2.key.der using `xxd -i`. */ +/* BEGIN FILE binary macro TEST_CA_KEY_EC_DER tests/data_files/test-ca2.key.der */ +#define TEST_CA_KEY_EC_DER { \ + 0x30, 0x81, 0xa4, 0x02, 0x01, 0x01, 0x04, 0x30, 0x83, 0xd9, 0x15, 0x0e, \ + 0xa0, 0x71, 0xf0, 0x57, 0x10, 0x33, 0xa3, 0x38, 0xb8, 0x86, 0xc1, 0xa6, \ + 0x11, 0x5d, 0x6d, 0xb4, 0x03, 0xe1, 0x29, 0x76, 0x45, 0xd7, 0x87, 0x6f, \ + 0x23, 0xab, 0x44, 0x20, 0xea, 0x64, 0x7b, 0x85, 0xb1, 0x76, 0xe7, 0x85, \ + 0x95, 0xaa, 0x74, 0xd6, 0xd1, 0xa4, 0x5e, 0xea, 0xa0, 0x07, 0x06, 0x05, \ + 0x2b, 0x81, 0x04, 0x00, 0x22, 0xa1, 0x64, 0x03, 0x62, 0x00, 0x04, 0xc3, \ + 0xda, 0x2b, 0x34, 0x41, 0x37, 0x58, 0x2f, 0x87, 0x56, 0xfe, 0xfc, 0x89, \ + 0xba, 0x29, 0x43, 0x4b, 0x4e, 0xe0, 0x6e, 0xc3, 0x0e, 0x57, 0x53, 0x33, \ + 0x39, 0x58, 0xd4, 0x52, 0xb4, 0x91, 0x95, 0x39, 0x0b, 0x23, 0xdf, 0x5f, \ + 0x17, 0x24, 0x62, 0x48, 0xfc, 0x1a, 0x95, 0x29, 0xce, 0x2c, 0x2d, 0x87, \ + 0xc2, 0x88, 0x52, 0x80, 0xaf, 0xd6, 0x6a, 0xab, 0x21, 0xdd, 0xb8, 0xd3, \ + 0x1c, 0x6e, 0x58, 0xb8, 0xca, 0xe8, 0xb2, 0x69, 0x8e, 0xf3, 0x41, 0xad, \ + 0x29, 0xc3, 0xb4, 0x5f, 0x75, 0xa7, 0x47, 0x6f, 0xd5, 0x19, 0x29, 0x55, \ + 0x69, 0x9a, 0x53, 0x3b, 0x20, 0xb4, 0x66, 0x16, 0x60, 0x33, 0x1e \ +} +/* END FILE */ + +/* This is taken from tests/data_files/test-ca-sha256.crt. */ +/* BEGIN FILE string macro TEST_CA_CRT_RSA_SHA256_PEM tests/data_files/test-ca-sha256.crt */ +#define TEST_CA_CRT_RSA_SHA256_PEM \ + "-----BEGIN CERTIFICATE-----\r\n" \ + "MIIDQTCCAimgAwIBAgIBAzANBgkqhkiG9w0BAQsFADA7MQswCQYDVQQGEwJOTDER\r\n" \ + "MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN\r\n" \ + "MTkwMjEwMTQ0NDAwWhcNMjkwMjEwMTQ0NDAwWjA7MQswCQYDVQQGEwJOTDERMA8G\r\n" \ + "A1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwggEiMA0G\r\n" \ + "CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDA3zf8F7vglp0/ht6WMn1EpRagzSHx\r\n" \ + "mdTs6st8GFgIlKXsm8WL3xoemTiZhx57wI053zhdcHgH057Zk+i5clHFzqMwUqny\r\n" \ + "50BwFMtEonILwuVA+T7lpg6z+exKY8C4KQB0nFc7qKUEkHHxvYPZP9al4jwqj+8n\r\n" \ + "YMPGn8u67GB9t+aEMr5P+1gmIgNb1LTV+/Xjli5wwOQuvfwu7uJBVcA0Ln0kcmnL\r\n" \ + "R7EUQIN9Z/SG9jGr8XmksrUuEvmEF/Bibyc+E1ixVA0hmnM3oTDPb5Lc9un8rNsu\r\n" \ + "KNF+AksjoBXyOGVkCeoMbo4bF6BxyLObyavpw/LPh5aPgAIynplYb6LVAgMBAAGj\r\n" \ + "UDBOMAwGA1UdEwQFMAMBAf8wHQYDVR0OBBYEFLRa5KWz3tJS9rnVppUP6z68x/3/\r\n" \ + "MB8GA1UdIwQYMBaAFLRa5KWz3tJS9rnVppUP6z68x/3/MA0GCSqGSIb3DQEBCwUA\r\n" \ + "A4IBAQA4qFSCth2q22uJIdE4KGHJsJjVEfw2/xn+MkTvCMfxVrvmRvqCtjE4tKDl\r\n" \ + "oK4MxFOek07oDZwvtAT9ijn1hHftTNS7RH9zd/fxNpfcHnMZXVC4w4DNA1fSANtW\r\n" \ + "5sY1JB5Je9jScrsLSS+mAjyv0Ow3Hb2Bix8wu7xNNrV5fIf7Ubm+wt6SqEBxu3Kb\r\n" \ + "+EfObAT4huf3czznhH3C17ed6NSbXwoXfby7stWUDeRJv08RaFOykf/Aae7bY5PL\r\n" \ + "yTVrkAnikMntJ9YI+hNNYt3inqq11A5cN0+rVTst8UKCxzQ4GpvroSwPKTFkbMw4\r\n" \ + "/anT1dVxr/BtwJfiESoK3/4CeXR1\r\n" \ + "-----END CERTIFICATE-----\r\n" +/* END FILE */ + +/* This is generated from tests/data_files/test-ca-sha256.crt.der + * using `xxd -i`. */ +/* BEGIN FILE binary macro TEST_CA_CRT_RSA_SHA256_DER tests/data_files/test-ca-sha256.crt.der */ +#define TEST_CA_CRT_RSA_SHA256_DER { \ + 0x30, 0x82, 0x03, 0x41, 0x30, 0x82, 0x02, 0x29, 0xa0, 0x03, 0x02, 0x01, \ + 0x02, 0x02, 0x01, 0x03, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, \ + 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x30, 0x3b, 0x31, 0x0b, 0x30, \ + 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, \ + 0x30, 0x0f, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x08, 0x50, 0x6f, 0x6c, \ + 0x61, 0x72, 0x53, 0x53, 0x4c, 0x31, 0x19, 0x30, 0x17, 0x06, 0x03, 0x55, \ + 0x04, 0x03, 0x0c, 0x10, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, 0x53, 0x4c, \ + 0x20, 0x54, 0x65, 0x73, 0x74, 0x20, 0x43, 0x41, 0x30, 0x1e, 0x17, 0x0d, \ + 0x31, 0x39, 0x30, 0x32, 0x31, 0x30, 0x31, 0x34, 0x34, 0x34, 0x30, 0x30, \ + 0x5a, 0x17, 0x0d, 0x32, 0x39, 0x30, 0x32, 0x31, 0x30, 0x31, 0x34, 0x34, \ + 0x34, 0x30, 0x30, 0x5a, 0x30, 0x3b, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, \ + 0x55, 0x04, 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, 0x30, 0x0f, 0x06, \ + 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x08, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, \ + 0x53, 0x4c, 0x31, 0x19, 0x30, 0x17, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, \ + 0x10, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, 0x53, 0x4c, 0x20, 0x54, 0x65, \ + 0x73, 0x74, 0x20, 0x43, 0x41, 0x30, 0x82, 0x01, 0x22, 0x30, 0x0d, 0x06, \ + 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, \ + 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30, 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, \ + 0x01, 0x00, 0xc0, 0xdf, 0x37, 0xfc, 0x17, 0xbb, 0xe0, 0x96, 0x9d, 0x3f, \ + 0x86, 0xde, 0x96, 0x32, 0x7d, 0x44, 0xa5, 0x16, 0xa0, 0xcd, 0x21, 0xf1, \ + 0x99, 0xd4, 0xec, 0xea, 0xcb, 0x7c, 0x18, 0x58, 0x08, 0x94, 0xa5, 0xec, \ + 0x9b, 0xc5, 0x8b, 0xdf, 0x1a, 0x1e, 0x99, 0x38, 0x99, 0x87, 0x1e, 0x7b, \ + 0xc0, 0x8d, 0x39, 0xdf, 0x38, 0x5d, 0x70, 0x78, 0x07, 0xd3, 0x9e, 0xd9, \ + 0x93, 0xe8, 0xb9, 0x72, 0x51, 0xc5, 0xce, 0xa3, 0x30, 0x52, 0xa9, 0xf2, \ + 0xe7, 0x40, 0x70, 0x14, 0xcb, 0x44, 0xa2, 0x72, 0x0b, 0xc2, 0xe5, 0x40, \ + 0xf9, 0x3e, 0xe5, 0xa6, 0x0e, 0xb3, 0xf9, 0xec, 0x4a, 0x63, 0xc0, 0xb8, \ + 0x29, 0x00, 0x74, 0x9c, 0x57, 0x3b, 0xa8, 0xa5, 0x04, 0x90, 0x71, 0xf1, \ + 0xbd, 0x83, 0xd9, 0x3f, 0xd6, 0xa5, 0xe2, 0x3c, 0x2a, 0x8f, 0xef, 0x27, \ + 0x60, 0xc3, 0xc6, 0x9f, 0xcb, 0xba, 0xec, 0x60, 0x7d, 0xb7, 0xe6, 0x84, \ + 0x32, 0xbe, 0x4f, 0xfb, 0x58, 0x26, 0x22, 0x03, 0x5b, 0xd4, 0xb4, 0xd5, \ + 0xfb, 0xf5, 0xe3, 0x96, 0x2e, 0x70, 0xc0, 0xe4, 0x2e, 0xbd, 0xfc, 0x2e, \ + 0xee, 0xe2, 0x41, 0x55, 0xc0, 0x34, 0x2e, 0x7d, 0x24, 0x72, 0x69, 0xcb, \ + 0x47, 0xb1, 0x14, 0x40, 0x83, 0x7d, 0x67, 0xf4, 0x86, 0xf6, 0x31, 0xab, \ + 0xf1, 0x79, 0xa4, 0xb2, 0xb5, 0x2e, 0x12, 0xf9, 0x84, 0x17, 0xf0, 0x62, \ + 0x6f, 0x27, 0x3e, 0x13, 0x58, 0xb1, 0x54, 0x0d, 0x21, 0x9a, 0x73, 0x37, \ + 0xa1, 0x30, 0xcf, 0x6f, 0x92, 0xdc, 0xf6, 0xe9, 0xfc, 0xac, 0xdb, 0x2e, \ + 0x28, 0xd1, 0x7e, 0x02, 0x4b, 0x23, 0xa0, 0x15, 0xf2, 0x38, 0x65, 0x64, \ + 0x09, 0xea, 0x0c, 0x6e, 0x8e, 0x1b, 0x17, 0xa0, 0x71, 0xc8, 0xb3, 0x9b, \ + 0xc9, 0xab, 0xe9, 0xc3, 0xf2, 0xcf, 0x87, 0x96, 0x8f, 0x80, 0x02, 0x32, \ + 0x9e, 0x99, 0x58, 0x6f, 0xa2, 0xd5, 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, \ + 0x50, 0x30, 0x4e, 0x30, 0x0c, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x04, 0x05, \ + 0x30, 0x03, 0x01, 0x01, 0xff, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, \ + 0x04, 0x16, 0x04, 0x14, 0xb4, 0x5a, 0xe4, 0xa5, 0xb3, 0xde, 0xd2, 0x52, \ + 0xf6, 0xb9, 0xd5, 0xa6, 0x95, 0x0f, 0xeb, 0x3e, 0xbc, 0xc7, 0xfd, 0xff, \ + 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, \ + 0x14, 0xb4, 0x5a, 0xe4, 0xa5, 0xb3, 0xde, 0xd2, 0x52, 0xf6, 0xb9, 0xd5, \ + 0xa6, 0x95, 0x0f, 0xeb, 0x3e, 0xbc, 0xc7, 0xfd, 0xff, 0x30, 0x0d, 0x06, \ + 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, \ + 0x03, 0x82, 0x01, 0x01, 0x00, 0x38, 0xa8, 0x54, 0x82, 0xb6, 0x1d, 0xaa, \ + 0xdb, 0x6b, 0x89, 0x21, 0xd1, 0x38, 0x28, 0x61, 0xc9, 0xb0, 0x98, 0xd5, \ + 0x11, 0xfc, 0x36, 0xff, 0x19, 0xfe, 0x32, 0x44, 0xef, 0x08, 0xc7, 0xf1, \ + 0x56, 0xbb, 0xe6, 0x46, 0xfa, 0x82, 0xb6, 0x31, 0x38, 0xb4, 0xa0, 0xe5, \ + 0xa0, 0xae, 0x0c, 0xc4, 0x53, 0x9e, 0x93, 0x4e, 0xe8, 0x0d, 0x9c, 0x2f, \ + 0xb4, 0x04, 0xfd, 0x8a, 0x39, 0xf5, 0x84, 0x77, 0xed, 0x4c, 0xd4, 0xbb, \ + 0x44, 0x7f, 0x73, 0x77, 0xf7, 0xf1, 0x36, 0x97, 0xdc, 0x1e, 0x73, 0x19, \ + 0x5d, 0x50, 0xb8, 0xc3, 0x80, 0xcd, 0x03, 0x57, 0xd2, 0x00, 0xdb, 0x56, \ + 0xe6, 0xc6, 0x35, 0x24, 0x1e, 0x49, 0x7b, 0xd8, 0xd2, 0x72, 0xbb, 0x0b, \ + 0x49, 0x2f, 0xa6, 0x02, 0x3c, 0xaf, 0xd0, 0xec, 0x37, 0x1d, 0xbd, 0x81, \ + 0x8b, 0x1f, 0x30, 0xbb, 0xbc, 0x4d, 0x36, 0xb5, 0x79, 0x7c, 0x87, 0xfb, \ + 0x51, 0xb9, 0xbe, 0xc2, 0xde, 0x92, 0xa8, 0x40, 0x71, 0xbb, 0x72, 0x9b, \ + 0xf8, 0x47, 0xce, 0x6c, 0x04, 0xf8, 0x86, 0xe7, 0xf7, 0x73, 0x3c, 0xe7, \ + 0x84, 0x7d, 0xc2, 0xd7, 0xb7, 0x9d, 0xe8, 0xd4, 0x9b, 0x5f, 0x0a, 0x17, \ + 0x7d, 0xbc, 0xbb, 0xb2, 0xd5, 0x94, 0x0d, 0xe4, 0x49, 0xbf, 0x4f, 0x11, \ + 0x68, 0x53, 0xb2, 0x91, 0xff, 0xc0, 0x69, 0xee, 0xdb, 0x63, 0x93, 0xcb, \ + 0xc9, 0x35, 0x6b, 0x90, 0x09, 0xe2, 0x90, 0xc9, 0xed, 0x27, 0xd6, 0x08, \ + 0xfa, 0x13, 0x4d, 0x62, 0xdd, 0xe2, 0x9e, 0xaa, 0xb5, 0xd4, 0x0e, 0x5c, \ + 0x37, 0x4f, 0xab, 0x55, 0x3b, 0x2d, 0xf1, 0x42, 0x82, 0xc7, 0x34, 0x38, \ + 0x1a, 0x9b, 0xeb, 0xa1, 0x2c, 0x0f, 0x29, 0x31, 0x64, 0x6c, 0xcc, 0x38, \ + 0xfd, 0xa9, 0xd3, 0xd5, 0xd5, 0x71, 0xaf, 0xf0, 0x6d, 0xc0, 0x97, 0xe2, \ + 0x11, 0x2a, 0x0a, 0xdf, 0xfe, 0x02, 0x79, 0x74, 0x75 \ +} +/* END FILE */ + +/* This is taken from tests/data_files/test-ca-sha1.crt. */ +/* BEGIN FILE string macro TEST_CA_CRT_RSA_SHA1_PEM tests/data_files/test-ca-sha1.crt */ +#define TEST_CA_CRT_RSA_SHA1_PEM \ + "-----BEGIN CERTIFICATE-----\r\n" \ + "MIIDQTCCAimgAwIBAgIBAzANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER\r\n" \ + "MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN\r\n" \ + "MTkwMjEwMTQ0NDAwWhcNMjkwMjEwMTQ0NDAwWjA7MQswCQYDVQQGEwJOTDERMA8G\r\n" \ + "A1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwggEiMA0G\r\n" \ + "CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDA3zf8F7vglp0/ht6WMn1EpRagzSHx\r\n" \ + "mdTs6st8GFgIlKXsm8WL3xoemTiZhx57wI053zhdcHgH057Zk+i5clHFzqMwUqny\r\n" \ + "50BwFMtEonILwuVA+T7lpg6z+exKY8C4KQB0nFc7qKUEkHHxvYPZP9al4jwqj+8n\r\n" \ + "YMPGn8u67GB9t+aEMr5P+1gmIgNb1LTV+/Xjli5wwOQuvfwu7uJBVcA0Ln0kcmnL\r\n" \ + "R7EUQIN9Z/SG9jGr8XmksrUuEvmEF/Bibyc+E1ixVA0hmnM3oTDPb5Lc9un8rNsu\r\n" \ + "KNF+AksjoBXyOGVkCeoMbo4bF6BxyLObyavpw/LPh5aPgAIynplYb6LVAgMBAAGj\r\n" \ + "UDBOMAwGA1UdEwQFMAMBAf8wHQYDVR0OBBYEFLRa5KWz3tJS9rnVppUP6z68x/3/\r\n" \ + "MB8GA1UdIwQYMBaAFLRa5KWz3tJS9rnVppUP6z68x/3/MA0GCSqGSIb3DQEBBQUA\r\n" \ + "A4IBAQB0ZiNRFdia6kskaPnhrqejIRq8YMEGAf2oIPnyZ78xoyERgc35lHGyMtsL\r\n" \ + "hWicNjP4d/hS9As4j5KA2gdNGi5ETA1X7SowWOGsryivSpMSHVy1+HdfWlsYQOzm\r\n" \ + "8o+faQNUm8XzPVmttfAVspxeHSxJZ36Oo+QWZ5wZlCIEyjEdLUId+Tm4Bz3B5jRD\r\n" \ + "zZa/SaqDokq66N2zpbgKKAl3GU2O++fBqP2dSkdQykmTxhLLWRN8FJqhYATyQntZ\r\n" \ + "0QSi3W9HfSZPnFTcPIXeoiPd2pLlxt1hZu8dws2LTXE63uP6MM4LHvWxiuJaWkP/\r\n" \ + "mtxyUALj2pQxRitopORFQdn7AOY5\r\n" \ + "-----END CERTIFICATE-----\r\n" +/* END FILE */ + +/* This is taken from tests/data_files/test-ca-sha1.crt.der. */ +/* BEGIN FILE binary macro TEST_CA_CRT_RSA_SHA1_DER tests/data_files/test-ca-sha1.crt.der */ +#define TEST_CA_CRT_RSA_SHA1_DER { \ + 0x30, 0x82, 0x03, 0x41, 0x30, 0x82, 0x02, 0x29, 0xa0, 0x03, 0x02, 0x01, \ + 0x02, 0x02, 0x01, 0x03, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, \ + 0xf7, 0x0d, 0x01, 0x01, 0x05, 0x05, 0x00, 0x30, 0x3b, 0x31, 0x0b, 0x30, \ + 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, \ + 0x30, 0x0f, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x08, 0x50, 0x6f, 0x6c, \ + 0x61, 0x72, 0x53, 0x53, 0x4c, 0x31, 0x19, 0x30, 0x17, 0x06, 0x03, 0x55, \ + 0x04, 0x03, 0x0c, 0x10, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, 0x53, 0x4c, \ + 0x20, 0x54, 0x65, 0x73, 0x74, 0x20, 0x43, 0x41, 0x30, 0x1e, 0x17, 0x0d, \ + 0x31, 0x39, 0x30, 0x32, 0x31, 0x30, 0x31, 0x34, 0x34, 0x34, 0x30, 0x30, \ + 0x5a, 0x17, 0x0d, 0x32, 0x39, 0x30, 0x32, 0x31, 0x30, 0x31, 0x34, 0x34, \ + 0x34, 0x30, 0x30, 0x5a, 0x30, 0x3b, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, \ + 0x55, 0x04, 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, 0x30, 0x0f, 0x06, \ + 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x08, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, \ + 0x53, 0x4c, 0x31, 0x19, 0x30, 0x17, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, \ + 0x10, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, 0x53, 0x4c, 0x20, 0x54, 0x65, \ + 0x73, 0x74, 0x20, 0x43, 0x41, 0x30, 0x82, 0x01, 0x22, 0x30, 0x0d, 0x06, \ + 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, \ + 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30, 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, \ + 0x01, 0x00, 0xc0, 0xdf, 0x37, 0xfc, 0x17, 0xbb, 0xe0, 0x96, 0x9d, 0x3f, \ + 0x86, 0xde, 0x96, 0x32, 0x7d, 0x44, 0xa5, 0x16, 0xa0, 0xcd, 0x21, 0xf1, \ + 0x99, 0xd4, 0xec, 0xea, 0xcb, 0x7c, 0x18, 0x58, 0x08, 0x94, 0xa5, 0xec, \ + 0x9b, 0xc5, 0x8b, 0xdf, 0x1a, 0x1e, 0x99, 0x38, 0x99, 0x87, 0x1e, 0x7b, \ + 0xc0, 0x8d, 0x39, 0xdf, 0x38, 0x5d, 0x70, 0x78, 0x07, 0xd3, 0x9e, 0xd9, \ + 0x93, 0xe8, 0xb9, 0x72, 0x51, 0xc5, 0xce, 0xa3, 0x30, 0x52, 0xa9, 0xf2, \ + 0xe7, 0x40, 0x70, 0x14, 0xcb, 0x44, 0xa2, 0x72, 0x0b, 0xc2, 0xe5, 0x40, \ + 0xf9, 0x3e, 0xe5, 0xa6, 0x0e, 0xb3, 0xf9, 0xec, 0x4a, 0x63, 0xc0, 0xb8, \ + 0x29, 0x00, 0x74, 0x9c, 0x57, 0x3b, 0xa8, 0xa5, 0x04, 0x90, 0x71, 0xf1, \ + 0xbd, 0x83, 0xd9, 0x3f, 0xd6, 0xa5, 0xe2, 0x3c, 0x2a, 0x8f, 0xef, 0x27, \ + 0x60, 0xc3, 0xc6, 0x9f, 0xcb, 0xba, 0xec, 0x60, 0x7d, 0xb7, 0xe6, 0x84, \ + 0x32, 0xbe, 0x4f, 0xfb, 0x58, 0x26, 0x22, 0x03, 0x5b, 0xd4, 0xb4, 0xd5, \ + 0xfb, 0xf5, 0xe3, 0x96, 0x2e, 0x70, 0xc0, 0xe4, 0x2e, 0xbd, 0xfc, 0x2e, \ + 0xee, 0xe2, 0x41, 0x55, 0xc0, 0x34, 0x2e, 0x7d, 0x24, 0x72, 0x69, 0xcb, \ + 0x47, 0xb1, 0x14, 0x40, 0x83, 0x7d, 0x67, 0xf4, 0x86, 0xf6, 0x31, 0xab, \ + 0xf1, 0x79, 0xa4, 0xb2, 0xb5, 0x2e, 0x12, 0xf9, 0x84, 0x17, 0xf0, 0x62, \ + 0x6f, 0x27, 0x3e, 0x13, 0x58, 0xb1, 0x54, 0x0d, 0x21, 0x9a, 0x73, 0x37, \ + 0xa1, 0x30, 0xcf, 0x6f, 0x92, 0xdc, 0xf6, 0xe9, 0xfc, 0xac, 0xdb, 0x2e, \ + 0x28, 0xd1, 0x7e, 0x02, 0x4b, 0x23, 0xa0, 0x15, 0xf2, 0x38, 0x65, 0x64, \ + 0x09, 0xea, 0x0c, 0x6e, 0x8e, 0x1b, 0x17, 0xa0, 0x71, 0xc8, 0xb3, 0x9b, \ + 0xc9, 0xab, 0xe9, 0xc3, 0xf2, 0xcf, 0x87, 0x96, 0x8f, 0x80, 0x02, 0x32, \ + 0x9e, 0x99, 0x58, 0x6f, 0xa2, 0xd5, 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, \ + 0x50, 0x30, 0x4e, 0x30, 0x0c, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x04, 0x05, \ + 0x30, 0x03, 0x01, 0x01, 0xff, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, \ + 0x04, 0x16, 0x04, 0x14, 0xb4, 0x5a, 0xe4, 0xa5, 0xb3, 0xde, 0xd2, 0x52, \ + 0xf6, 0xb9, 0xd5, 0xa6, 0x95, 0x0f, 0xeb, 0x3e, 0xbc, 0xc7, 0xfd, 0xff, \ + 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, \ + 0x14, 0xb4, 0x5a, 0xe4, 0xa5, 0xb3, 0xde, 0xd2, 0x52, 0xf6, 0xb9, 0xd5, \ + 0xa6, 0x95, 0x0f, 0xeb, 0x3e, 0xbc, 0xc7, 0xfd, 0xff, 0x30, 0x0d, 0x06, \ + 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x05, 0x05, 0x00, \ + 0x03, 0x82, 0x01, 0x01, 0x00, 0x74, 0x66, 0x23, 0x51, 0x15, 0xd8, 0x9a, \ + 0xea, 0x4b, 0x24, 0x68, 0xf9, 0xe1, 0xae, 0xa7, 0xa3, 0x21, 0x1a, 0xbc, \ + 0x60, 0xc1, 0x06, 0x01, 0xfd, 0xa8, 0x20, 0xf9, 0xf2, 0x67, 0xbf, 0x31, \ + 0xa3, 0x21, 0x11, 0x81, 0xcd, 0xf9, 0x94, 0x71, 0xb2, 0x32, 0xdb, 0x0b, \ + 0x85, 0x68, 0x9c, 0x36, 0x33, 0xf8, 0x77, 0xf8, 0x52, 0xf4, 0x0b, 0x38, \ + 0x8f, 0x92, 0x80, 0xda, 0x07, 0x4d, 0x1a, 0x2e, 0x44, 0x4c, 0x0d, 0x57, \ + 0xed, 0x2a, 0x30, 0x58, 0xe1, 0xac, 0xaf, 0x28, 0xaf, 0x4a, 0x93, 0x12, \ + 0x1d, 0x5c, 0xb5, 0xf8, 0x77, 0x5f, 0x5a, 0x5b, 0x18, 0x40, 0xec, 0xe6, \ + 0xf2, 0x8f, 0x9f, 0x69, 0x03, 0x54, 0x9b, 0xc5, 0xf3, 0x3d, 0x59, 0xad, \ + 0xb5, 0xf0, 0x15, 0xb2, 0x9c, 0x5e, 0x1d, 0x2c, 0x49, 0x67, 0x7e, 0x8e, \ + 0xa3, 0xe4, 0x16, 0x67, 0x9c, 0x19, 0x94, 0x22, 0x04, 0xca, 0x31, 0x1d, \ + 0x2d, 0x42, 0x1d, 0xf9, 0x39, 0xb8, 0x07, 0x3d, 0xc1, 0xe6, 0x34, 0x43, \ + 0xcd, 0x96, 0xbf, 0x49, 0xaa, 0x83, 0xa2, 0x4a, 0xba, 0xe8, 0xdd, 0xb3, \ + 0xa5, 0xb8, 0x0a, 0x28, 0x09, 0x77, 0x19, 0x4d, 0x8e, 0xfb, 0xe7, 0xc1, \ + 0xa8, 0xfd, 0x9d, 0x4a, 0x47, 0x50, 0xca, 0x49, 0x93, 0xc6, 0x12, 0xcb, \ + 0x59, 0x13, 0x7c, 0x14, 0x9a, 0xa1, 0x60, 0x04, 0xf2, 0x42, 0x7b, 0x59, \ + 0xd1, 0x04, 0xa2, 0xdd, 0x6f, 0x47, 0x7d, 0x26, 0x4f, 0x9c, 0x54, 0xdc, \ + 0x3c, 0x85, 0xde, 0xa2, 0x23, 0xdd, 0xda, 0x92, 0xe5, 0xc6, 0xdd, 0x61, \ + 0x66, 0xef, 0x1d, 0xc2, 0xcd, 0x8b, 0x4d, 0x71, 0x3a, 0xde, 0xe3, 0xfa, \ + 0x30, 0xce, 0x0b, 0x1e, 0xf5, 0xb1, 0x8a, 0xe2, 0x5a, 0x5a, 0x43, 0xff, \ + 0x9a, 0xdc, 0x72, 0x50, 0x02, 0xe3, 0xda, 0x94, 0x31, 0x46, 0x2b, 0x68, \ + 0xa4, 0xe4, 0x45, 0x41, 0xd9, 0xfb, 0x00, 0xe6, 0x39 \ +} +/* END FILE */ + +/* This is taken from tests/data_files/test-ca.key */ +/* BEGIN FILE string macro TEST_CA_KEY_RSA_PEM tests/data_files/test-ca.key */ +#define TEST_CA_KEY_RSA_PEM \ + "-----BEGIN RSA PRIVATE KEY-----\r\n" \ + "Proc-Type: 4,ENCRYPTED\r\n" \ + "DEK-Info: DES-EDE3-CBC,A8A95B05D5B7206B\r\n" \ + "\r\n" \ + "9Qd9GeArejl1GDVh2lLV1bHt0cPtfbh5h/5zVpAVaFpqtSPMrElp50Rntn9et+JA\r\n" \ + "7VOyboR+Iy2t/HU4WvA687k3Bppe9GwKHjHhtl//8xFKwZr3Xb5yO5JUP8AUctQq\r\n" \ + "Nb8CLlZyuUC+52REAAthdWgsX+7dJO4yabzUcQ22Tp9JSD0hiL43BlkWYUNK3dAo\r\n" \ + "PZlmiptjnzVTjg1MxsBSydZinWOLBV8/JQgxSPo2yD4uEfig28qbvQ2wNIn0pnAb\r\n" \ + "GxnSAOazkongEGfvcjIIs+LZN9gXFhxcOh6kc4Q/c99B7QWETwLLkYgZ+z1a9VY9\r\n" \ + "gEU7CwCxYCD+h9hY6FPmsK0/lC4O7aeRKpYq00rPPxs6i7phiexg6ax6yTMmArQq\r\n" \ + "QmK3TAsJm8V/J5AWpLEV6jAFgRGymGGHnof0DXzVWZidrcZJWTNuGEX90nB3ee2w\r\n" \ + "PXJEFWKoD3K3aFcSLdHYr3mLGxP7H9ThQai9VsycxZKS5kwvBKQ//YMrmFfwPk8x\r\n" \ + "vTeY4KZMaUrveEel5tWZC94RSMKgxR6cyE1nBXyTQnDOGbfpNNgBKxyKbINWoOJU\r\n" \ + "WJZAwlsQn+QzCDwpri7+sV1mS3gBE6UY7aQmnmiiaC2V3Hbphxct/en5QsfDOt1X\r\n" \ + "JczSfpRWLlbPznZg8OQh/VgCMA58N5DjOzTIK7sJJ5r+94ZBTCpgAMbF588f0NTR\r\n" \ + "KCe4yrxGJR7X02M4nvD4IwOlpsQ8xQxZtOSgXv4LkxvdU9XJJKWZ/XNKJeWztxSe\r\n" \ + "Z1vdTc2YfsDBA2SEv33vxHx2g1vqtw8SjDRT2RaQSS0QuSaMJimdOX6mTOCBKk1J\r\n" \ + "9Q5mXTrER+/LnK0jEmXsBXWA5bqqVZIyahXSx4VYZ7l7w/PHiUDtDgyRhMMKi4n2\r\n" \ + "iQvQcWSQTjrpnlJbca1/DkpRt3YwrvJwdqb8asZU2VrNETh5x0QVefDRLFiVpif/\r\n" \ + "tUaeAe/P1F8OkS7OIZDs1SUbv/sD2vMbhNkUoCms3/PvNtdnvgL4F0zhaDpKCmlT\r\n" \ + "P8vx49E7v5CyRNmED9zZg4o3wmMqrQO93PtTug3Eu9oVx1zPQM1NVMyBa2+f29DL\r\n" \ + "1nuTCeXdo9+ni45xx+jAI4DCwrRdhJ9uzZyC6962H37H6D+5naNvClFR1s6li1Gb\r\n" \ + "nqPoiy/OBsEx9CaDGcqQBp5Wme/3XW+6z1ISOx+igwNTVCT14mHdBMbya0eIKft5\r\n" \ + "X+GnwtgEMyCYyyWuUct8g4RzErcY9+yW9Om5Hzpx4zOuW4NPZgPDTgK+t2RSL/Yq\r\n" \ + "rE1njrgeGYcVeG3f+OftH4s6fPbq7t1A5ZgUscbLMBqr9tK+OqygR4EgKBPsH6Cz\r\n" \ + "L6zlv/2RV0qAHvVuDJcIDIgwY5rJtINEm32rhOeFNJwZS5MNIC1czXZx5//ugX7l\r\n" \ + "I4sy5nbVhwSjtAk8Xg5dZbdTZ6mIrb7xqH+fdakZor1khG7bC2uIwibD3cSl2XkR\r\n" \ + "wN48lslbHnqqagr6Xm1nNOSVl8C/6kbJEsMpLhAezfRtGwvOucoaE+WbeUNolGde\r\n" \ + "P/eQiddSf0brnpiLJRh7qZrl9XuqYdpUqnoEdMAfotDOID8OtV7gt8a48ad8VPW2\r\n" \ + "-----END RSA PRIVATE KEY-----\r\n" +/* END FILE */ + +#define TEST_CA_PWD_RSA_PEM "PolarSSLTest" + +/* This was generated from test-ca.key.der using `xxd -i`. */ +/* BEGIN FILE binary macro TEST_CA_KEY_RSA_DER tests/data_files/test-ca.key.der */ +#define TEST_CA_KEY_RSA_DER { \ + 0x30, 0x82, 0x04, 0xa4, 0x02, 0x01, 0x00, 0x02, 0x82, 0x01, 0x01, 0x00, \ + 0xc0, 0xdf, 0x37, 0xfc, 0x17, 0xbb, 0xe0, 0x96, 0x9d, 0x3f, 0x86, 0xde, \ + 0x96, 0x32, 0x7d, 0x44, 0xa5, 0x16, 0xa0, 0xcd, 0x21, 0xf1, 0x99, 0xd4, \ + 0xec, 0xea, 0xcb, 0x7c, 0x18, 0x58, 0x08, 0x94, 0xa5, 0xec, 0x9b, 0xc5, \ + 0x8b, 0xdf, 0x1a, 0x1e, 0x99, 0x38, 0x99, 0x87, 0x1e, 0x7b, 0xc0, 0x8d, \ + 0x39, 0xdf, 0x38, 0x5d, 0x70, 0x78, 0x07, 0xd3, 0x9e, 0xd9, 0x93, 0xe8, \ + 0xb9, 0x72, 0x51, 0xc5, 0xce, 0xa3, 0x30, 0x52, 0xa9, 0xf2, 0xe7, 0x40, \ + 0x70, 0x14, 0xcb, 0x44, 0xa2, 0x72, 0x0b, 0xc2, 0xe5, 0x40, 0xf9, 0x3e, \ + 0xe5, 0xa6, 0x0e, 0xb3, 0xf9, 0xec, 0x4a, 0x63, 0xc0, 0xb8, 0x29, 0x00, \ + 0x74, 0x9c, 0x57, 0x3b, 0xa8, 0xa5, 0x04, 0x90, 0x71, 0xf1, 0xbd, 0x83, \ + 0xd9, 0x3f, 0xd6, 0xa5, 0xe2, 0x3c, 0x2a, 0x8f, 0xef, 0x27, 0x60, 0xc3, \ + 0xc6, 0x9f, 0xcb, 0xba, 0xec, 0x60, 0x7d, 0xb7, 0xe6, 0x84, 0x32, 0xbe, \ + 0x4f, 0xfb, 0x58, 0x26, 0x22, 0x03, 0x5b, 0xd4, 0xb4, 0xd5, 0xfb, 0xf5, \ + 0xe3, 0x96, 0x2e, 0x70, 0xc0, 0xe4, 0x2e, 0xbd, 0xfc, 0x2e, 0xee, 0xe2, \ + 0x41, 0x55, 0xc0, 0x34, 0x2e, 0x7d, 0x24, 0x72, 0x69, 0xcb, 0x47, 0xb1, \ + 0x14, 0x40, 0x83, 0x7d, 0x67, 0xf4, 0x86, 0xf6, 0x31, 0xab, 0xf1, 0x79, \ + 0xa4, 0xb2, 0xb5, 0x2e, 0x12, 0xf9, 0x84, 0x17, 0xf0, 0x62, 0x6f, 0x27, \ + 0x3e, 0x13, 0x58, 0xb1, 0x54, 0x0d, 0x21, 0x9a, 0x73, 0x37, 0xa1, 0x30, \ + 0xcf, 0x6f, 0x92, 0xdc, 0xf6, 0xe9, 0xfc, 0xac, 0xdb, 0x2e, 0x28, 0xd1, \ + 0x7e, 0x02, 0x4b, 0x23, 0xa0, 0x15, 0xf2, 0x38, 0x65, 0x64, 0x09, 0xea, \ + 0x0c, 0x6e, 0x8e, 0x1b, 0x17, 0xa0, 0x71, 0xc8, 0xb3, 0x9b, 0xc9, 0xab, \ + 0xe9, 0xc3, 0xf2, 0xcf, 0x87, 0x96, 0x8f, 0x80, 0x02, 0x32, 0x9e, 0x99, \ + 0x58, 0x6f, 0xa2, 0xd5, 0x02, 0x03, 0x01, 0x00, 0x01, 0x02, 0x82, 0x01, \ + 0x00, 0x3f, 0xf7, 0x07, 0xd3, 0x34, 0x6f, 0xdb, 0xc9, 0x37, 0xb7, 0x84, \ + 0xdc, 0x37, 0x45, 0xe1, 0x63, 0xad, 0xb8, 0xb6, 0x75, 0xb1, 0xc7, 0x35, \ + 0xb4, 0x77, 0x2a, 0x5b, 0x77, 0xf9, 0x7e, 0xe0, 0xc1, 0xa3, 0xd1, 0xb7, \ + 0xcb, 0xa9, 0x5a, 0xc1, 0x87, 0xda, 0x5a, 0xfa, 0x17, 0xe4, 0xd5, 0x38, \ + 0x03, 0xde, 0x68, 0x98, 0x81, 0xec, 0xb5, 0xf2, 0x2a, 0x8d, 0xe9, 0x2c, \ + 0xf3, 0xa6, 0xe5, 0x32, 0x17, 0x7f, 0x33, 0x81, 0xe8, 0x38, 0x72, 0xd5, \ + 0x9c, 0xfa, 0x4e, 0xfb, 0x26, 0xf5, 0x15, 0x0b, 0xaf, 0x84, 0x66, 0xab, \ + 0x02, 0xe0, 0x18, 0xd5, 0x91, 0x7c, 0xd6, 0x8f, 0xc9, 0x4b, 0x76, 0x08, \ + 0x2b, 0x1d, 0x81, 0x68, 0x30, 0xe1, 0xfa, 0x70, 0x6c, 0x13, 0x4e, 0x10, \ + 0x03, 0x35, 0x3e, 0xc5, 0xca, 0x58, 0x20, 0x8a, 0x21, 0x18, 0x38, 0xa0, \ + 0x0f, 0xed, 0xc4, 0xbb, 0x45, 0x6f, 0xf5, 0x84, 0x5b, 0xb0, 0xcf, 0x4e, \ + 0x9d, 0x58, 0x13, 0x6b, 0x35, 0x35, 0x69, 0xa1, 0xd2, 0xc4, 0xf2, 0xc1, \ + 0x48, 0x04, 0x20, 0x51, 0xb9, 0x6b, 0xa4, 0x5d, 0xa5, 0x4b, 0x84, 0x88, \ + 0x43, 0x48, 0x99, 0x2c, 0xbb, 0xa4, 0x97, 0xd6, 0xd6, 0x18, 0xf6, 0xec, \ + 0x5c, 0xd1, 0x31, 0x49, 0xc9, 0xf2, 0x8f, 0x0b, 0x4d, 0xef, 0x09, 0x02, \ + 0xfe, 0x7d, 0xfd, 0xbb, 0xaf, 0x2b, 0x83, 0x94, 0x22, 0xc4, 0xa7, 0x3e, \ + 0x66, 0xf5, 0xe0, 0x57, 0xdc, 0xf2, 0xed, 0x2c, 0x3e, 0x81, 0x74, 0x76, \ + 0x1e, 0x96, 0x6f, 0x74, 0x1e, 0x32, 0x0e, 0x14, 0x31, 0xd0, 0x74, 0xf0, \ + 0xf4, 0x07, 0xbd, 0xc3, 0xd1, 0x22, 0xc2, 0xa8, 0x95, 0x92, 0x06, 0x7f, \ + 0x43, 0x02, 0x91, 0xbc, 0xdd, 0x23, 0x01, 0x89, 0x94, 0x20, 0x44, 0x64, \ + 0xf5, 0x1d, 0x67, 0xd2, 0x8f, 0xe8, 0x69, 0xa5, 0x29, 0x25, 0xe6, 0x50, \ + 0x9c, 0xe3, 0xe9, 0xcb, 0x75, 0x02, 0x81, 0x81, 0x00, 0xe2, 0x29, 0x3e, \ + 0xaa, 0x6b, 0xd5, 0x59, 0x1e, 0x9c, 0xe6, 0x47, 0xd5, 0xb6, 0xd7, 0xe3, \ + 0xf1, 0x8e, 0x9e, 0xe9, 0x83, 0x5f, 0x10, 0x9f, 0x63, 0xec, 0x04, 0x44, \ + 0xcc, 0x3f, 0xf8, 0xd9, 0x3a, 0x17, 0xe0, 0x4f, 0xfe, 0xd8, 0x4d, 0xcd, \ + 0x46, 0x54, 0x74, 0xbf, 0x0a, 0xc4, 0x67, 0x9c, 0xa7, 0xd8, 0x89, 0x65, \ + 0x4c, 0xfd, 0x58, 0x2a, 0x47, 0x0f, 0xf4, 0x37, 0xb6, 0x55, 0xb0, 0x1d, \ + 0xed, 0xa7, 0x39, 0xfc, 0x4f, 0xa3, 0xc4, 0x75, 0x3a, 0xa3, 0x98, 0xa7, \ + 0x45, 0xf5, 0x66, 0xcb, 0x7c, 0x65, 0xfb, 0x80, 0x23, 0xe6, 0xff, 0xfd, \ + 0x99, 0x1f, 0x8e, 0x6b, 0xff, 0x5e, 0x93, 0x66, 0xdf, 0x6c, 0x6f, 0xc3, \ + 0xf6, 0x38, 0x2e, 0xff, 0x69, 0xb5, 0xac, 0xae, 0xbb, 0xc6, 0x71, 0x16, \ + 0x6b, 0xd0, 0xf8, 0x22, 0xd9, 0xf8, 0xa2, 0x72, 0x20, 0xd2, 0xe2, 0x3a, \ + 0x70, 0x4b, 0xde, 0xab, 0x2f, 0x02, 0x81, 0x81, 0x00, 0xda, 0x51, 0x9b, \ + 0xb8, 0xb2, 0x2a, 0x14, 0x75, 0x58, 0x40, 0x8d, 0x27, 0x70, 0xfa, 0x31, \ + 0x48, 0xb0, 0x20, 0x21, 0x34, 0xfa, 0x4c, 0x57, 0xa8, 0x11, 0x88, 0xf3, \ + 0xa7, 0xae, 0x21, 0xe9, 0xb6, 0x2b, 0xd1, 0xcd, 0xa7, 0xf8, 0xd8, 0x0c, \ + 0x8a, 0x76, 0x22, 0x35, 0x44, 0xce, 0x3f, 0x25, 0x29, 0x83, 0x7d, 0x79, \ + 0xa7, 0x31, 0xd6, 0xec, 0xb2, 0xbf, 0xda, 0x34, 0xb6, 0xf6, 0xb2, 0x3b, \ + 0xf3, 0x78, 0x5a, 0x04, 0x83, 0x33, 0x3e, 0xa2, 0xe2, 0x81, 0x82, 0x13, \ + 0xd4, 0x35, 0x17, 0x63, 0x9b, 0x9e, 0xc4, 0x8d, 0x91, 0x4c, 0x03, 0x77, \ + 0xc7, 0x71, 0x5b, 0xee, 0x83, 0x6d, 0xd5, 0x78, 0x88, 0xf6, 0x2c, 0x79, \ + 0xc2, 0x4a, 0xb4, 0x79, 0x90, 0x70, 0xbf, 0xdf, 0x34, 0x56, 0x96, 0x71, \ + 0xe3, 0x0e, 0x68, 0x91, 0xbc, 0xea, 0xcb, 0x33, 0xc0, 0xbe, 0x45, 0xd7, \ + 0xfc, 0x30, 0xfd, 0x01, 0x3b, 0x02, 0x81, 0x81, 0x00, 0xd2, 0x9f, 0x2a, \ + 0xb7, 0x38, 0x19, 0xc7, 0x17, 0x95, 0x73, 0x78, 0xae, 0xf5, 0xcb, 0x75, \ + 0x83, 0x7f, 0x19, 0x4b, 0xcb, 0x86, 0xfb, 0x4a, 0x15, 0x9a, 0xb6, 0x17, \ + 0x04, 0x49, 0x07, 0x8d, 0xf6, 0x66, 0x4a, 0x06, 0xf6, 0x05, 0xa7, 0xdf, \ + 0x66, 0x82, 0x3c, 0xff, 0xb6, 0x1d, 0x57, 0x89, 0x33, 0x5f, 0x9c, 0x05, \ + 0x75, 0x7f, 0xf3, 0x5d, 0xdc, 0x34, 0x65, 0x72, 0x85, 0x22, 0xa4, 0x14, \ + 0x1b, 0x41, 0xc3, 0xe4, 0xd0, 0x9e, 0x69, 0xd5, 0xeb, 0x38, 0x74, 0x70, \ + 0x43, 0xdc, 0xd9, 0x50, 0xe4, 0x97, 0x6d, 0x73, 0xd6, 0xfb, 0xc8, 0xa7, \ + 0xfa, 0xb4, 0xc2, 0xc4, 0x9d, 0x5d, 0x0c, 0xd5, 0x9f, 0x79, 0xb3, 0x54, \ + 0xc2, 0xb7, 0x6c, 0x3d, 0x7d, 0xcb, 0x2d, 0xf8, 0xc4, 0xf3, 0x78, 0x5a, \ + 0x33, 0x2a, 0xb8, 0x0c, 0x6d, 0x06, 0xfa, 0xf2, 0x62, 0xd3, 0x42, 0xd0, \ + 0xbd, 0xc8, 0x4a, 0xa5, 0x0d, 0x02, 0x81, 0x81, 0x00, 0xd4, 0xa9, 0x90, \ + 0x15, 0xde, 0xbf, 0x2c, 0xc4, 0x8d, 0x9d, 0xfb, 0xa1, 0xc2, 0xe4, 0x83, \ + 0xe3, 0x79, 0x65, 0x22, 0xd3, 0xb7, 0x49, 0x6c, 0x4d, 0x94, 0x1f, 0x22, \ + 0xb1, 0x60, 0xe7, 0x3a, 0x00, 0xb1, 0x38, 0xa2, 0xab, 0x0f, 0xb4, 0x6c, \ + 0xaa, 0xe7, 0x9e, 0x34, 0xe3, 0x7c, 0x40, 0x78, 0x53, 0xb2, 0xf9, 0x23, \ + 0xea, 0xa0, 0x9a, 0xea, 0x60, 0xc8, 0x8f, 0xa6, 0xaf, 0xdf, 0x29, 0x09, \ + 0x4b, 0x06, 0x1e, 0x31, 0xad, 0x17, 0xda, 0xd8, 0xd1, 0xe9, 0x33, 0xab, \ + 0x5b, 0x18, 0x08, 0x5b, 0x87, 0xf8, 0xa5, 0x1f, 0xfd, 0xbb, 0xdc, 0xd8, \ + 0xed, 0x97, 0x57, 0xe4, 0xc3, 0x73, 0xd6, 0xf0, 0x9e, 0x01, 0xa6, 0x9b, \ + 0x48, 0x8e, 0x7a, 0xb4, 0xbb, 0xe5, 0x88, 0x91, 0xc5, 0x2a, 0xdf, 0x4b, \ + 0xba, 0xd0, 0x8b, 0x3e, 0x03, 0x97, 0x77, 0x2f, 0x47, 0x7e, 0x51, 0x0c, \ + 0xae, 0x65, 0x8d, 0xde, 0x87, 0x02, 0x81, 0x80, 0x20, 0x24, 0x0f, 0xd2, \ + 0xaf, 0xc2, 0x28, 0x3b, 0x97, 0x20, 0xb2, 0x92, 0x49, 0xeb, 0x09, 0x68, \ + 0x40, 0xb2, 0xbe, 0xd1, 0xc3, 0x83, 0x94, 0x34, 0x38, 0xd6, 0xc9, 0xec, \ + 0x34, 0x09, 0xf9, 0x41, 0x6d, 0x5c, 0x42, 0x94, 0xf7, 0x04, 0xfc, 0x32, \ + 0x39, 0x69, 0xbc, 0x1c, 0xfb, 0x3e, 0x61, 0x98, 0xc0, 0x80, 0xd8, 0x36, \ + 0x47, 0xc3, 0x6d, 0xc2, 0x2e, 0xe7, 0x81, 0x2a, 0x17, 0x34, 0x64, 0x30, \ + 0x4e, 0x96, 0xbb, 0x26, 0x16, 0xb9, 0x41, 0x36, 0xfe, 0x8a, 0xd6, 0x53, \ + 0x7c, 0xaa, 0xec, 0x39, 0x42, 0x50, 0xef, 0xe3, 0xb3, 0x01, 0x28, 0x32, \ + 0xca, 0x6d, 0xf5, 0x9a, 0x1e, 0x9f, 0x37, 0xbe, 0xfe, 0x38, 0x20, 0x22, \ + 0x91, 0x8c, 0xcd, 0x95, 0x02, 0xf2, 0x4d, 0x6f, 0x1a, 0xb4, 0x43, 0xf0, \ + 0x19, 0xdf, 0x65, 0xc0, 0x92, 0xe7, 0x9d, 0x2f, 0x09, 0xe7, 0xec, 0x69, \ + 0xa8, 0xc2, 0x8f, 0x0d \ +} +/* END FILE */ + +/* + * Test server Certificates + * + * Test server certificates are defined for each choice + * of the following parameters: + * - PEM or DER encoding + * - SHA-1 or SHA-256 hash + * - RSA or EC key + * + * Things to add: + * - multiple EC curve types + */ + +/* This is taken from tests/data_files/server5.crt. */ +/* BEGIN FILE string macro TEST_SRV_CRT_EC_PEM tests/data_files/server5.crt */ +#define TEST_SRV_CRT_EC_PEM \ + "-----BEGIN CERTIFICATE-----\r\n" \ + "MIICHzCCAaWgAwIBAgIBCTAKBggqhkjOPQQDAjA+MQswCQYDVQQGEwJOTDERMA8G\r\n" \ + "A1UEChMIUG9sYXJTU0wxHDAaBgNVBAMTE1BvbGFyc3NsIFRlc3QgRUMgQ0EwHhcN\r\n" \ + "MTMwOTI0MTU1MjA0WhcNMjMwOTIyMTU1MjA0WjA0MQswCQYDVQQGEwJOTDERMA8G\r\n" \ + "A1UEChMIUG9sYXJTU0wxEjAQBgNVBAMTCWxvY2FsaG9zdDBZMBMGByqGSM49AgEG\r\n" \ + "CCqGSM49AwEHA0IABDfMVtl2CR5acj7HWS3/IG7ufPkGkXTQrRS192giWWKSTuUA\r\n" \ + "2CMR/+ov0jRdXRa9iojCa3cNVc2KKg76Aci07f+jgZ0wgZowCQYDVR0TBAIwADAd\r\n" \ + "BgNVHQ4EFgQUUGGlj9QH2deCAQzlZX+MY0anE74wbgYDVR0jBGcwZYAUnW0gJEkB\r\n" \ + "PyvLeLUZvH4kydv7NnyhQqRAMD4xCzAJBgNVBAYTAk5MMREwDwYDVQQKEwhQb2xh\r\n" \ + "clNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBFQyBDQYIJAMFD4n5iQ8zoMAoG\r\n" \ + "CCqGSM49BAMCA2gAMGUCMQCaLFzXptui5WQN8LlO3ddh1hMxx6tzgLvT03MTVK2S\r\n" \ + "C12r0Lz3ri/moSEpNZWqPjkCMCE2f53GXcYLqyfyJR078c/xNSUU5+Xxl7VZ414V\r\n" \ + "fGa5kHvHARBPc8YAIVIqDvHH1Q==\r\n" \ + "-----END CERTIFICATE-----\r\n" +/* END FILE */ + +/* This is generated from tests/data_files/server5.crt.der using `xxd -i`. */ +/* BEGIN FILE binary macro TEST_SRV_CRT_EC_DER tests/data_files/server5.crt.der */ +#define TEST_SRV_CRT_EC_DER { \ + 0x30, 0x82, 0x02, 0x1f, 0x30, 0x82, 0x01, 0xa5, 0xa0, 0x03, 0x02, 0x01, \ + 0x02, 0x02, 0x01, 0x09, 0x30, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, \ + 0x3d, 0x04, 0x03, 0x02, 0x30, 0x3e, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, \ + 0x55, 0x04, 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, 0x30, 0x0f, 0x06, \ + 0x03, 0x55, 0x04, 0x0a, 0x13, 0x08, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, \ + 0x53, 0x4c, 0x31, 0x1c, 0x30, 0x1a, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, \ + 0x13, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x73, 0x73, 0x6c, 0x20, 0x54, 0x65, \ + 0x73, 0x74, 0x20, 0x45, 0x43, 0x20, 0x43, 0x41, 0x30, 0x1e, 0x17, 0x0d, \ + 0x31, 0x33, 0x30, 0x39, 0x32, 0x34, 0x31, 0x35, 0x35, 0x32, 0x30, 0x34, \ + 0x5a, 0x17, 0x0d, 0x32, 0x33, 0x30, 0x39, 0x32, 0x32, 0x31, 0x35, 0x35, \ + 0x32, 0x30, 0x34, 0x5a, 0x30, 0x34, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, \ + 0x55, 0x04, 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, 0x30, 0x0f, 0x06, \ + 0x03, 0x55, 0x04, 0x0a, 0x13, 0x08, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, \ + 0x53, 0x4c, 0x31, 0x12, 0x30, 0x10, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, \ + 0x09, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x68, 0x6f, 0x73, 0x74, 0x30, 0x59, \ + 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, 0x01, 0x06, \ + 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03, 0x42, 0x00, \ + 0x04, 0x37, 0xcc, 0x56, 0xd9, 0x76, 0x09, 0x1e, 0x5a, 0x72, 0x3e, 0xc7, \ + 0x59, 0x2d, 0xff, 0x20, 0x6e, 0xee, 0x7c, 0xf9, 0x06, 0x91, 0x74, 0xd0, \ + 0xad, 0x14, 0xb5, 0xf7, 0x68, 0x22, 0x59, 0x62, 0x92, 0x4e, 0xe5, 0x00, \ + 0xd8, 0x23, 0x11, 0xff, 0xea, 0x2f, 0xd2, 0x34, 0x5d, 0x5d, 0x16, 0xbd, \ + 0x8a, 0x88, 0xc2, 0x6b, 0x77, 0x0d, 0x55, 0xcd, 0x8a, 0x2a, 0x0e, 0xfa, \ + 0x01, 0xc8, 0xb4, 0xed, 0xff, 0xa3, 0x81, 0x9d, 0x30, 0x81, 0x9a, 0x30, \ + 0x09, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x04, 0x02, 0x30, 0x00, 0x30, 0x1d, \ + 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0x50, 0x61, 0xa5, \ + 0x8f, 0xd4, 0x07, 0xd9, 0xd7, 0x82, 0x01, 0x0c, 0xe5, 0x65, 0x7f, 0x8c, \ + 0x63, 0x46, 0xa7, 0x13, 0xbe, 0x30, 0x6e, 0x06, 0x03, 0x55, 0x1d, 0x23, \ + 0x04, 0x67, 0x30, 0x65, 0x80, 0x14, 0x9d, 0x6d, 0x20, 0x24, 0x49, 0x01, \ + 0x3f, 0x2b, 0xcb, 0x78, 0xb5, 0x19, 0xbc, 0x7e, 0x24, 0xc9, 0xdb, 0xfb, \ + 0x36, 0x7c, 0xa1, 0x42, 0xa4, 0x40, 0x30, 0x3e, 0x31, 0x0b, 0x30, 0x09, \ + 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, 0x30, \ + 0x0f, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x08, 0x50, 0x6f, 0x6c, 0x61, \ + 0x72, 0x53, 0x53, 0x4c, 0x31, 0x1c, 0x30, 0x1a, 0x06, 0x03, 0x55, 0x04, \ + 0x03, 0x13, 0x13, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x73, 0x73, 0x6c, 0x20, \ + 0x54, 0x65, 0x73, 0x74, 0x20, 0x45, 0x43, 0x20, 0x43, 0x41, 0x82, 0x09, \ + 0x00, 0xc1, 0x43, 0xe2, 0x7e, 0x62, 0x43, 0xcc, 0xe8, 0x30, 0x0a, 0x06, \ + 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, 0x03, 0x02, 0x03, 0x68, 0x00, \ + 0x30, 0x65, 0x02, 0x31, 0x00, 0x9a, 0x2c, 0x5c, 0xd7, 0xa6, 0xdb, 0xa2, \ + 0xe5, 0x64, 0x0d, 0xf0, 0xb9, 0x4e, 0xdd, 0xd7, 0x61, 0xd6, 0x13, 0x31, \ + 0xc7, 0xab, 0x73, 0x80, 0xbb, 0xd3, 0xd3, 0x73, 0x13, 0x54, 0xad, 0x92, \ + 0x0b, 0x5d, 0xab, 0xd0, 0xbc, 0xf7, 0xae, 0x2f, 0xe6, 0xa1, 0x21, 0x29, \ + 0x35, 0x95, 0xaa, 0x3e, 0x39, 0x02, 0x30, 0x21, 0x36, 0x7f, 0x9d, 0xc6, \ + 0x5d, 0xc6, 0x0b, 0xab, 0x27, 0xf2, 0x25, 0x1d, 0x3b, 0xf1, 0xcf, 0xf1, \ + 0x35, 0x25, 0x14, 0xe7, 0xe5, 0xf1, 0x97, 0xb5, 0x59, 0xe3, 0x5e, 0x15, \ + 0x7c, 0x66, 0xb9, 0x90, 0x7b, 0xc7, 0x01, 0x10, 0x4f, 0x73, 0xc6, 0x00, \ + 0x21, 0x52, 0x2a, 0x0e, 0xf1, 0xc7, 0xd5 \ +} +/* END FILE */ + +/* This is taken from tests/data_files/server5.key. */ +/* BEGIN FILE string macro TEST_SRV_KEY_EC_PEM tests/data_files/server5.key */ +#define TEST_SRV_KEY_EC_PEM \ + "-----BEGIN EC PRIVATE KEY-----\r\n" \ + "MHcCAQEEIPEqEyB2AnCoPL/9U/YDHvdqXYbIogTywwyp6/UfDw6noAoGCCqGSM49\r\n" \ + "AwEHoUQDQgAEN8xW2XYJHlpyPsdZLf8gbu58+QaRdNCtFLX3aCJZYpJO5QDYIxH/\r\n" \ + "6i/SNF1dFr2KiMJrdw1VzYoqDvoByLTt/w==\r\n" \ + "-----END EC PRIVATE KEY-----\r\n" +/* END FILE */ + +/* This is generated from tests/data_files/server5.key.der using `xxd -i`. */ +/* BEGIN FILE binary macro TEST_SRV_KEY_EC_DER tests/data_files/server5.key.der */ +#define TEST_SRV_KEY_EC_DER { \ + 0x30, 0x77, 0x02, 0x01, 0x01, 0x04, 0x20, 0xf1, 0x2a, 0x13, 0x20, 0x76, \ + 0x02, 0x70, 0xa8, 0x3c, 0xbf, 0xfd, 0x53, 0xf6, 0x03, 0x1e, 0xf7, 0x6a, \ + 0x5d, 0x86, 0xc8, 0xa2, 0x04, 0xf2, 0xc3, 0x0c, 0xa9, 0xeb, 0xf5, 0x1f, \ + 0x0f, 0x0e, 0xa7, 0xa0, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, \ + 0x03, 0x01, 0x07, 0xa1, 0x44, 0x03, 0x42, 0x00, 0x04, 0x37, 0xcc, 0x56, \ + 0xd9, 0x76, 0x09, 0x1e, 0x5a, 0x72, 0x3e, 0xc7, 0x59, 0x2d, 0xff, 0x20, \ + 0x6e, 0xee, 0x7c, 0xf9, 0x06, 0x91, 0x74, 0xd0, 0xad, 0x14, 0xb5, 0xf7, \ + 0x68, 0x22, 0x59, 0x62, 0x92, 0x4e, 0xe5, 0x00, 0xd8, 0x23, 0x11, 0xff, \ + 0xea, 0x2f, 0xd2, 0x34, 0x5d, 0x5d, 0x16, 0xbd, 0x8a, 0x88, 0xc2, 0x6b, \ + 0x77, 0x0d, 0x55, 0xcd, 0x8a, 0x2a, 0x0e, 0xfa, 0x01, 0xc8, 0xb4, 0xed, \ + 0xff \ +} +/* END FILE */ + +/* This is taken from tests/data_files/server2-sha256.crt. */ +/* BEGIN FILE string macro TEST_SRV_CRT_RSA_SHA256_PEM tests/data_files/server2-sha256.crt */ +#define TEST_SRV_CRT_RSA_SHA256_PEM \ + "-----BEGIN CERTIFICATE-----\r\n" \ + "MIIDNzCCAh+gAwIBAgIBAjANBgkqhkiG9w0BAQsFADA7MQswCQYDVQQGEwJOTDER\r\n" \ + "MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN\r\n" \ + "MTkwMjEwMTQ0NDA2WhcNMjkwMjEwMTQ0NDA2WjA0MQswCQYDVQQGEwJOTDERMA8G\r\n" \ + "A1UECgwIUG9sYXJTU0wxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcN\r\n" \ + "AQEBBQADggEPADCCAQoCggEBAMFNo93nzR3RBNdJcriZrA545Do8Ss86ExbQWuTN\r\n" \ + "owCIp+4ea5anUrSQ7y1yej4kmvy2NKwk9XfgJmSMnLAofaHa6ozmyRyWvP7BBFKz\r\n" \ + "NtSj+uGxdtiQwWG0ZlI2oiZTqqt0Xgd9GYLbKtgfoNkNHC1JZvdbJXNG6AuKT2kM\r\n" \ + "tQCQ4dqCEGZ9rlQri2V5kaHiYcPNQEkI7mgM8YuG0ka/0LiqEQMef1aoGh5EGA8P\r\n" \ + "hYvai0Re4hjGYi/HZo36Xdh98yeJKQHFkA4/J/EwyEoO79bex8cna8cFPXrEAjya\r\n" \ + "HT4P6DSYW8tzS1KW2BGiLICIaTla0w+w3lkvEcf36hIBMJcCAwEAAaNNMEswCQYD\r\n" \ + "VR0TBAIwADAdBgNVHQ4EFgQUpQXoZLjc32APUBJNYKhkr02LQ5MwHwYDVR0jBBgw\r\n" \ + "FoAUtFrkpbPe0lL2udWmlQ/rPrzH/f8wDQYJKoZIhvcNAQELBQADggEBAC465FJh\r\n" \ + "Pqel7zJngHIHJrqj/wVAxGAFOTF396XKATGAp+HRCqJ81Ry60CNK1jDzk8dv6M6U\r\n" \ + "HoS7RIFiM/9rXQCbJfiPD5xMTejZp5n5UYHAmxsxDaazfA5FuBhkfokKK6jD4Eq9\r\n" \ + "1C94xGKb6X4/VkaPF7cqoBBw/bHxawXc0UEPjqayiBpCYU/rJoVZgLqFVP7Px3sv\r\n" \ + "a1nOrNx8rPPI1hJ+ZOg8maiPTxHZnBVLakSSLQy/sWeWyazO1RnrbxjrbgQtYKz0\r\n" \ + "e3nwGpu1w13vfckFmUSBhHXH7AAS/HpKC4IH7G2GAk3+n8iSSN71sZzpxonQwVbo\r\n" \ + "pMZqLmbBm/7WPLc=\r\n" \ + "-----END CERTIFICATE-----\r\n" +/* END FILE */ + +/* This is taken from tests/data_files/server2-sha256.crt.der. */ +/* BEGIN FILE binary macro TEST_SRV_CRT_RSA_SHA256_DER tests/data_files/server2-sha256.crt.der */ +#define TEST_SRV_CRT_RSA_SHA256_DER { \ + 0x30, 0x82, 0x03, 0x37, 0x30, 0x82, 0x02, 0x1f, 0xa0, 0x03, 0x02, 0x01, \ + 0x02, 0x02, 0x01, 0x02, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, \ + 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x30, 0x3b, 0x31, 0x0b, 0x30, \ + 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, \ + 0x30, 0x0f, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x08, 0x50, 0x6f, 0x6c, \ + 0x61, 0x72, 0x53, 0x53, 0x4c, 0x31, 0x19, 0x30, 0x17, 0x06, 0x03, 0x55, \ + 0x04, 0x03, 0x0c, 0x10, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, 0x53, 0x4c, \ + 0x20, 0x54, 0x65, 0x73, 0x74, 0x20, 0x43, 0x41, 0x30, 0x1e, 0x17, 0x0d, \ + 0x31, 0x39, 0x30, 0x32, 0x31, 0x30, 0x31, 0x34, 0x34, 0x34, 0x30, 0x36, \ + 0x5a, 0x17, 0x0d, 0x32, 0x39, 0x30, 0x32, 0x31, 0x30, 0x31, 0x34, 0x34, \ + 0x34, 0x30, 0x36, 0x5a, 0x30, 0x34, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, \ + 0x55, 0x04, 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, 0x30, 0x0f, 0x06, \ + 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x08, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, \ + 0x53, 0x4c, 0x31, 0x12, 0x30, 0x10, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, \ + 0x09, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x68, 0x6f, 0x73, 0x74, 0x30, 0x82, \ + 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, \ + 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30, 0x82, \ + 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00, 0xc1, 0x4d, 0xa3, 0xdd, 0xe7, \ + 0xcd, 0x1d, 0xd1, 0x04, 0xd7, 0x49, 0x72, 0xb8, 0x99, 0xac, 0x0e, 0x78, \ + 0xe4, 0x3a, 0x3c, 0x4a, 0xcf, 0x3a, 0x13, 0x16, 0xd0, 0x5a, 0xe4, 0xcd, \ + 0xa3, 0x00, 0x88, 0xa7, 0xee, 0x1e, 0x6b, 0x96, 0xa7, 0x52, 0xb4, 0x90, \ + 0xef, 0x2d, 0x72, 0x7a, 0x3e, 0x24, 0x9a, 0xfc, 0xb6, 0x34, 0xac, 0x24, \ + 0xf5, 0x77, 0xe0, 0x26, 0x64, 0x8c, 0x9c, 0xb0, 0x28, 0x7d, 0xa1, 0xda, \ + 0xea, 0x8c, 0xe6, 0xc9, 0x1c, 0x96, 0xbc, 0xfe, 0xc1, 0x04, 0x52, 0xb3, \ + 0x36, 0xd4, 0xa3, 0xfa, 0xe1, 0xb1, 0x76, 0xd8, 0x90, 0xc1, 0x61, 0xb4, \ + 0x66, 0x52, 0x36, 0xa2, 0x26, 0x53, 0xaa, 0xab, 0x74, 0x5e, 0x07, 0x7d, \ + 0x19, 0x82, 0xdb, 0x2a, 0xd8, 0x1f, 0xa0, 0xd9, 0x0d, 0x1c, 0x2d, 0x49, \ + 0x66, 0xf7, 0x5b, 0x25, 0x73, 0x46, 0xe8, 0x0b, 0x8a, 0x4f, 0x69, 0x0c, \ + 0xb5, 0x00, 0x90, 0xe1, 0xda, 0x82, 0x10, 0x66, 0x7d, 0xae, 0x54, 0x2b, \ + 0x8b, 0x65, 0x79, 0x91, 0xa1, 0xe2, 0x61, 0xc3, 0xcd, 0x40, 0x49, 0x08, \ + 0xee, 0x68, 0x0c, 0xf1, 0x8b, 0x86, 0xd2, 0x46, 0xbf, 0xd0, 0xb8, 0xaa, \ + 0x11, 0x03, 0x1e, 0x7f, 0x56, 0xa8, 0x1a, 0x1e, 0x44, 0x18, 0x0f, 0x0f, \ + 0x85, 0x8b, 0xda, 0x8b, 0x44, 0x5e, 0xe2, 0x18, 0xc6, 0x62, 0x2f, 0xc7, \ + 0x66, 0x8d, 0xfa, 0x5d, 0xd8, 0x7d, 0xf3, 0x27, 0x89, 0x29, 0x01, 0xc5, \ + 0x90, 0x0e, 0x3f, 0x27, 0xf1, 0x30, 0xc8, 0x4a, 0x0e, 0xef, 0xd6, 0xde, \ + 0xc7, 0xc7, 0x27, 0x6b, 0xc7, 0x05, 0x3d, 0x7a, 0xc4, 0x02, 0x3c, 0x9a, \ + 0x1d, 0x3e, 0x0f, 0xe8, 0x34, 0x98, 0x5b, 0xcb, 0x73, 0x4b, 0x52, 0x96, \ + 0xd8, 0x11, 0xa2, 0x2c, 0x80, 0x88, 0x69, 0x39, 0x5a, 0xd3, 0x0f, 0xb0, \ + 0xde, 0x59, 0x2f, 0x11, 0xc7, 0xf7, 0xea, 0x12, 0x01, 0x30, 0x97, 0x02, \ + 0x03, 0x01, 0x00, 0x01, 0xa3, 0x4d, 0x30, 0x4b, 0x30, 0x09, 0x06, 0x03, \ + 0x55, 0x1d, 0x13, 0x04, 0x02, 0x30, 0x00, 0x30, 0x1d, 0x06, 0x03, 0x55, \ + 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0xa5, 0x05, 0xe8, 0x64, 0xb8, 0xdc, \ + 0xdf, 0x60, 0x0f, 0x50, 0x12, 0x4d, 0x60, 0xa8, 0x64, 0xaf, 0x4d, 0x8b, \ + 0x43, 0x93, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, \ + 0x16, 0x80, 0x14, 0xb4, 0x5a, 0xe4, 0xa5, 0xb3, 0xde, 0xd2, 0x52, 0xf6, \ + 0xb9, 0xd5, 0xa6, 0x95, 0x0f, 0xeb, 0x3e, 0xbc, 0xc7, 0xfd, 0xff, 0x30, \ + 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, \ + 0x05, 0x00, 0x03, 0x82, 0x01, 0x01, 0x00, 0x2e, 0x3a, 0xe4, 0x52, 0x61, \ + 0x3e, 0xa7, 0xa5, 0xef, 0x32, 0x67, 0x80, 0x72, 0x07, 0x26, 0xba, 0xa3, \ + 0xff, 0x05, 0x40, 0xc4, 0x60, 0x05, 0x39, 0x31, 0x77, 0xf7, 0xa5, 0xca, \ + 0x01, 0x31, 0x80, 0xa7, 0xe1, 0xd1, 0x0a, 0xa2, 0x7c, 0xd5, 0x1c, 0xba, \ + 0xd0, 0x23, 0x4a, 0xd6, 0x30, 0xf3, 0x93, 0xc7, 0x6f, 0xe8, 0xce, 0x94, \ + 0x1e, 0x84, 0xbb, 0x44, 0x81, 0x62, 0x33, 0xff, 0x6b, 0x5d, 0x00, 0x9b, \ + 0x25, 0xf8, 0x8f, 0x0f, 0x9c, 0x4c, 0x4d, 0xe8, 0xd9, 0xa7, 0x99, 0xf9, \ + 0x51, 0x81, 0xc0, 0x9b, 0x1b, 0x31, 0x0d, 0xa6, 0xb3, 0x7c, 0x0e, 0x45, \ + 0xb8, 0x18, 0x64, 0x7e, 0x89, 0x0a, 0x2b, 0xa8, 0xc3, 0xe0, 0x4a, 0xbd, \ + 0xd4, 0x2f, 0x78, 0xc4, 0x62, 0x9b, 0xe9, 0x7e, 0x3f, 0x56, 0x46, 0x8f, \ + 0x17, 0xb7, 0x2a, 0xa0, 0x10, 0x70, 0xfd, 0xb1, 0xf1, 0x6b, 0x05, 0xdc, \ + 0xd1, 0x41, 0x0f, 0x8e, 0xa6, 0xb2, 0x88, 0x1a, 0x42, 0x61, 0x4f, 0xeb, \ + 0x26, 0x85, 0x59, 0x80, 0xba, 0x85, 0x54, 0xfe, 0xcf, 0xc7, 0x7b, 0x2f, \ + 0x6b, 0x59, 0xce, 0xac, 0xdc, 0x7c, 0xac, 0xf3, 0xc8, 0xd6, 0x12, 0x7e, \ + 0x64, 0xe8, 0x3c, 0x99, 0xa8, 0x8f, 0x4f, 0x11, 0xd9, 0x9c, 0x15, 0x4b, \ + 0x6a, 0x44, 0x92, 0x2d, 0x0c, 0xbf, 0xb1, 0x67, 0x96, 0xc9, 0xac, 0xce, \ + 0xd5, 0x19, 0xeb, 0x6f, 0x18, 0xeb, 0x6e, 0x04, 0x2d, 0x60, 0xac, 0xf4, \ + 0x7b, 0x79, 0xf0, 0x1a, 0x9b, 0xb5, 0xc3, 0x5d, 0xef, 0x7d, 0xc9, 0x05, \ + 0x99, 0x44, 0x81, 0x84, 0x75, 0xc7, 0xec, 0x00, 0x12, 0xfc, 0x7a, 0x4a, \ + 0x0b, 0x82, 0x07, 0xec, 0x6d, 0x86, 0x02, 0x4d, 0xfe, 0x9f, 0xc8, 0x92, \ + 0x48, 0xde, 0xf5, 0xb1, 0x9c, 0xe9, 0xc6, 0x89, 0xd0, 0xc1, 0x56, 0xe8, \ + 0xa4, 0xc6, 0x6a, 0x2e, 0x66, 0xc1, 0x9b, 0xfe, 0xd6, 0x3c, 0xb7 \ +} +/* END FILE */ + +/* This is taken from tests/data_files/server2.crt. */ +/* BEGIN FILE string macro TEST_SRV_CRT_RSA_SHA1_PEM tests/data_files/server2.crt */ +#define TEST_SRV_CRT_RSA_SHA1_PEM \ + "-----BEGIN CERTIFICATE-----\r\n" \ + "MIIDNzCCAh+gAwIBAgIBAjANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER\r\n" \ + "MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN\r\n" \ + "MTkwMjEwMTQ0NDA2WhcNMjkwMjEwMTQ0NDA2WjA0MQswCQYDVQQGEwJOTDERMA8G\r\n" \ + "A1UECgwIUG9sYXJTU0wxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcN\r\n" \ + "AQEBBQADggEPADCCAQoCggEBAMFNo93nzR3RBNdJcriZrA545Do8Ss86ExbQWuTN\r\n" \ + "owCIp+4ea5anUrSQ7y1yej4kmvy2NKwk9XfgJmSMnLAofaHa6ozmyRyWvP7BBFKz\r\n" \ + "NtSj+uGxdtiQwWG0ZlI2oiZTqqt0Xgd9GYLbKtgfoNkNHC1JZvdbJXNG6AuKT2kM\r\n" \ + "tQCQ4dqCEGZ9rlQri2V5kaHiYcPNQEkI7mgM8YuG0ka/0LiqEQMef1aoGh5EGA8P\r\n" \ + "hYvai0Re4hjGYi/HZo36Xdh98yeJKQHFkA4/J/EwyEoO79bex8cna8cFPXrEAjya\r\n" \ + "HT4P6DSYW8tzS1KW2BGiLICIaTla0w+w3lkvEcf36hIBMJcCAwEAAaNNMEswCQYD\r\n" \ + "VR0TBAIwADAdBgNVHQ4EFgQUpQXoZLjc32APUBJNYKhkr02LQ5MwHwYDVR0jBBgw\r\n" \ + "FoAUtFrkpbPe0lL2udWmlQ/rPrzH/f8wDQYJKoZIhvcNAQEFBQADggEBAJklg3Q4\r\n" \ + "cB7v7BzsxM/vLyKccO6op0/gZzM4ghuLq2Y32kl0sM6kSNUUmduuq3u/+GmUZN2A\r\n" \ + "O/7c+Hw7hDFEIvZk98aBGjCLqn3DmgHIv8ToQ67nellQxx2Uj309PdgjNi/r9HOc\r\n" \ + "KNAYPbBcg6MJGWWj2TI6vNaceios/DhOYx5V0j5nfqSJ/pnU0g9Ign2LAhgYpGJE\r\n" \ + "iEM9wW7hEMkwmk0h/sqZsrJsGH5YsF/VThSq/JVO1e2mZH2vruyZKJVBq+8tDNYp\r\n" \ + "HkK6tSyVYQhzIt3StMJWKMl/o5k2AYz6tSC164+1oG+ML3LWg8XrGKa91H4UOKap\r\n" \ + "Awgk0+4m0T25cNs=\r\n" \ + "-----END CERTIFICATE-----\r\n" +/* END FILE */ + +/* This is taken from tests/data_files/server2.crt.der. */ +/* BEGIN FILE binary macro TEST_SRV_CRT_RSA_SHA1_DER tests/data_files/server2.crt.der */ +#define TEST_SRV_CRT_RSA_SHA1_DER { \ + 0x30, 0x82, 0x03, 0x37, 0x30, 0x82, 0x02, 0x1f, 0xa0, 0x03, 0x02, 0x01, \ + 0x02, 0x02, 0x01, 0x02, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, \ + 0xf7, 0x0d, 0x01, 0x01, 0x05, 0x05, 0x00, 0x30, 0x3b, 0x31, 0x0b, 0x30, \ + 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, \ + 0x30, 0x0f, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x08, 0x50, 0x6f, 0x6c, \ + 0x61, 0x72, 0x53, 0x53, 0x4c, 0x31, 0x19, 0x30, 0x17, 0x06, 0x03, 0x55, \ + 0x04, 0x03, 0x0c, 0x10, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, 0x53, 0x4c, \ + 0x20, 0x54, 0x65, 0x73, 0x74, 0x20, 0x43, 0x41, 0x30, 0x1e, 0x17, 0x0d, \ + 0x31, 0x39, 0x30, 0x32, 0x31, 0x30, 0x31, 0x34, 0x34, 0x34, 0x30, 0x36, \ + 0x5a, 0x17, 0x0d, 0x32, 0x39, 0x30, 0x32, 0x31, 0x30, 0x31, 0x34, 0x34, \ + 0x34, 0x30, 0x36, 0x5a, 0x30, 0x34, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, \ + 0x55, 0x04, 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, 0x30, 0x0f, 0x06, \ + 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x08, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, \ + 0x53, 0x4c, 0x31, 0x12, 0x30, 0x10, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, \ + 0x09, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x68, 0x6f, 0x73, 0x74, 0x30, 0x82, \ + 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, \ + 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30, 0x82, \ + 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00, 0xc1, 0x4d, 0xa3, 0xdd, 0xe7, \ + 0xcd, 0x1d, 0xd1, 0x04, 0xd7, 0x49, 0x72, 0xb8, 0x99, 0xac, 0x0e, 0x78, \ + 0xe4, 0x3a, 0x3c, 0x4a, 0xcf, 0x3a, 0x13, 0x16, 0xd0, 0x5a, 0xe4, 0xcd, \ + 0xa3, 0x00, 0x88, 0xa7, 0xee, 0x1e, 0x6b, 0x96, 0xa7, 0x52, 0xb4, 0x90, \ + 0xef, 0x2d, 0x72, 0x7a, 0x3e, 0x24, 0x9a, 0xfc, 0xb6, 0x34, 0xac, 0x24, \ + 0xf5, 0x77, 0xe0, 0x26, 0x64, 0x8c, 0x9c, 0xb0, 0x28, 0x7d, 0xa1, 0xda, \ + 0xea, 0x8c, 0xe6, 0xc9, 0x1c, 0x96, 0xbc, 0xfe, 0xc1, 0x04, 0x52, 0xb3, \ + 0x36, 0xd4, 0xa3, 0xfa, 0xe1, 0xb1, 0x76, 0xd8, 0x90, 0xc1, 0x61, 0xb4, \ + 0x66, 0x52, 0x36, 0xa2, 0x26, 0x53, 0xaa, 0xab, 0x74, 0x5e, 0x07, 0x7d, \ + 0x19, 0x82, 0xdb, 0x2a, 0xd8, 0x1f, 0xa0, 0xd9, 0x0d, 0x1c, 0x2d, 0x49, \ + 0x66, 0xf7, 0x5b, 0x25, 0x73, 0x46, 0xe8, 0x0b, 0x8a, 0x4f, 0x69, 0x0c, \ + 0xb5, 0x00, 0x90, 0xe1, 0xda, 0x82, 0x10, 0x66, 0x7d, 0xae, 0x54, 0x2b, \ + 0x8b, 0x65, 0x79, 0x91, 0xa1, 0xe2, 0x61, 0xc3, 0xcd, 0x40, 0x49, 0x08, \ + 0xee, 0x68, 0x0c, 0xf1, 0x8b, 0x86, 0xd2, 0x46, 0xbf, 0xd0, 0xb8, 0xaa, \ + 0x11, 0x03, 0x1e, 0x7f, 0x56, 0xa8, 0x1a, 0x1e, 0x44, 0x18, 0x0f, 0x0f, \ + 0x85, 0x8b, 0xda, 0x8b, 0x44, 0x5e, 0xe2, 0x18, 0xc6, 0x62, 0x2f, 0xc7, \ + 0x66, 0x8d, 0xfa, 0x5d, 0xd8, 0x7d, 0xf3, 0x27, 0x89, 0x29, 0x01, 0xc5, \ + 0x90, 0x0e, 0x3f, 0x27, 0xf1, 0x30, 0xc8, 0x4a, 0x0e, 0xef, 0xd6, 0xde, \ + 0xc7, 0xc7, 0x27, 0x6b, 0xc7, 0x05, 0x3d, 0x7a, 0xc4, 0x02, 0x3c, 0x9a, \ + 0x1d, 0x3e, 0x0f, 0xe8, 0x34, 0x98, 0x5b, 0xcb, 0x73, 0x4b, 0x52, 0x96, \ + 0xd8, 0x11, 0xa2, 0x2c, 0x80, 0x88, 0x69, 0x39, 0x5a, 0xd3, 0x0f, 0xb0, \ + 0xde, 0x59, 0x2f, 0x11, 0xc7, 0xf7, 0xea, 0x12, 0x01, 0x30, 0x97, 0x02, \ + 0x03, 0x01, 0x00, 0x01, 0xa3, 0x4d, 0x30, 0x4b, 0x30, 0x09, 0x06, 0x03, \ + 0x55, 0x1d, 0x13, 0x04, 0x02, 0x30, 0x00, 0x30, 0x1d, 0x06, 0x03, 0x55, \ + 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0xa5, 0x05, 0xe8, 0x64, 0xb8, 0xdc, \ + 0xdf, 0x60, 0x0f, 0x50, 0x12, 0x4d, 0x60, 0xa8, 0x64, 0xaf, 0x4d, 0x8b, \ + 0x43, 0x93, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, \ + 0x16, 0x80, 0x14, 0xb4, 0x5a, 0xe4, 0xa5, 0xb3, 0xde, 0xd2, 0x52, 0xf6, \ + 0xb9, 0xd5, 0xa6, 0x95, 0x0f, 0xeb, 0x3e, 0xbc, 0xc7, 0xfd, 0xff, 0x30, \ + 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x05, \ + 0x05, 0x00, 0x03, 0x82, 0x01, 0x01, 0x00, 0x99, 0x25, 0x83, 0x74, 0x38, \ + 0x70, 0x1e, 0xef, 0xec, 0x1c, 0xec, 0xc4, 0xcf, 0xef, 0x2f, 0x22, 0x9c, \ + 0x70, 0xee, 0xa8, 0xa7, 0x4f, 0xe0, 0x67, 0x33, 0x38, 0x82, 0x1b, 0x8b, \ + 0xab, 0x66, 0x37, 0xda, 0x49, 0x74, 0xb0, 0xce, 0xa4, 0x48, 0xd5, 0x14, \ + 0x99, 0xdb, 0xae, 0xab, 0x7b, 0xbf, 0xf8, 0x69, 0x94, 0x64, 0xdd, 0x80, \ + 0x3b, 0xfe, 0xdc, 0xf8, 0x7c, 0x3b, 0x84, 0x31, 0x44, 0x22, 0xf6, 0x64, \ + 0xf7, 0xc6, 0x81, 0x1a, 0x30, 0x8b, 0xaa, 0x7d, 0xc3, 0x9a, 0x01, 0xc8, \ + 0xbf, 0xc4, 0xe8, 0x43, 0xae, 0xe7, 0x7a, 0x59, 0x50, 0xc7, 0x1d, 0x94, \ + 0x8f, 0x7d, 0x3d, 0x3d, 0xd8, 0x23, 0x36, 0x2f, 0xeb, 0xf4, 0x73, 0x9c, \ + 0x28, 0xd0, 0x18, 0x3d, 0xb0, 0x5c, 0x83, 0xa3, 0x09, 0x19, 0x65, 0xa3, \ + 0xd9, 0x32, 0x3a, 0xbc, 0xd6, 0x9c, 0x7a, 0x2a, 0x2c, 0xfc, 0x38, 0x4e, \ + 0x63, 0x1e, 0x55, 0xd2, 0x3e, 0x67, 0x7e, 0xa4, 0x89, 0xfe, 0x99, 0xd4, \ + 0xd2, 0x0f, 0x48, 0x82, 0x7d, 0x8b, 0x02, 0x18, 0x18, 0xa4, 0x62, 0x44, \ + 0x88, 0x43, 0x3d, 0xc1, 0x6e, 0xe1, 0x10, 0xc9, 0x30, 0x9a, 0x4d, 0x21, \ + 0xfe, 0xca, 0x99, 0xb2, 0xb2, 0x6c, 0x18, 0x7e, 0x58, 0xb0, 0x5f, 0xd5, \ + 0x4e, 0x14, 0xaa, 0xfc, 0x95, 0x4e, 0xd5, 0xed, 0xa6, 0x64, 0x7d, 0xaf, \ + 0xae, 0xec, 0x99, 0x28, 0x95, 0x41, 0xab, 0xef, 0x2d, 0x0c, 0xd6, 0x29, \ + 0x1e, 0x42, 0xba, 0xb5, 0x2c, 0x95, 0x61, 0x08, 0x73, 0x22, 0xdd, 0xd2, \ + 0xb4, 0xc2, 0x56, 0x28, 0xc9, 0x7f, 0xa3, 0x99, 0x36, 0x01, 0x8c, 0xfa, \ + 0xb5, 0x20, 0xb5, 0xeb, 0x8f, 0xb5, 0xa0, 0x6f, 0x8c, 0x2f, 0x72, 0xd6, \ + 0x83, 0xc5, 0xeb, 0x18, 0xa6, 0xbd, 0xd4, 0x7e, 0x14, 0x38, 0xa6, 0xa9, \ + 0x03, 0x08, 0x24, 0xd3, 0xee, 0x26, 0xd1, 0x3d, 0xb9, 0x70, 0xdb \ +} +/* END FILE */ + +/* This is taken from tests/data_files/server2.key. */ +/* BEGIN FILE string macro TEST_SRV_KEY_RSA_PEM tests/data_files/server2.key */ +#define TEST_SRV_KEY_RSA_PEM \ + "-----BEGIN RSA PRIVATE KEY-----\r\n" \ + "MIIEpAIBAAKCAQEAwU2j3efNHdEE10lyuJmsDnjkOjxKzzoTFtBa5M2jAIin7h5r\r\n" \ + "lqdStJDvLXJ6PiSa/LY0rCT1d+AmZIycsCh9odrqjObJHJa8/sEEUrM21KP64bF2\r\n" \ + "2JDBYbRmUjaiJlOqq3ReB30Zgtsq2B+g2Q0cLUlm91slc0boC4pPaQy1AJDh2oIQ\r\n" \ + "Zn2uVCuLZXmRoeJhw81ASQjuaAzxi4bSRr/QuKoRAx5/VqgaHkQYDw+Fi9qLRF7i\r\n" \ + "GMZiL8dmjfpd2H3zJ4kpAcWQDj8n8TDISg7v1t7HxydrxwU9esQCPJodPg/oNJhb\r\n" \ + "y3NLUpbYEaIsgIhpOVrTD7DeWS8Rx/fqEgEwlwIDAQABAoIBAQCXR0S8EIHFGORZ\r\n" \ + "++AtOg6eENxD+xVs0f1IeGz57Tjo3QnXX7VBZNdj+p1ECvhCE/G7XnkgU5hLZX+G\r\n" \ + "Z0jkz/tqJOI0vRSdLBbipHnWouyBQ4e/A1yIJdlBtqXxJ1KE/ituHRbNc4j4kL8Z\r\n" \ + "/r6pvwnTI0PSx2Eqs048YdS92LT6qAv4flbNDxMn2uY7s4ycS4Q8w1JXnCeaAnYm\r\n" \ + "WYI5wxO+bvRELR2Mcz5DmVnL8jRyml6l6582bSv5oufReFIbyPZbQWlXgYnpu6He\r\n" \ + "GTc7E1zKYQGG/9+DQUl/1vQuCPqQwny0tQoX2w5tdYpdMdVm+zkLtbajzdTviJJa\r\n" \ + "TWzL6lt5AoGBAN86+SVeJDcmQJcv4Eq6UhtRr4QGMiQMz0Sod6ettYxYzMgxtw28\r\n" \ + "CIrgpozCc+UaZJLo7UxvC6an85r1b2nKPCLQFaggJ0H4Q0J/sZOhBIXaoBzWxveK\r\n" \ + "nupceKdVxGsFi8CDy86DBfiyFivfBj+47BbaQzPBj7C4rK7UlLjab2rDAoGBAN2u\r\n" \ + "AM2gchoFiu4v1HFL8D7lweEpi6ZnMJjnEu/dEgGQJFjwdpLnPbsj4c75odQ4Gz8g\r\n" \ + "sw9lao9VVzbusoRE/JGI4aTdO0pATXyG7eG1Qu+5Yc1YGXcCrliA2xM9xx+d7f+s\r\n" \ + "mPzN+WIEg5GJDYZDjAzHG5BNvi/FfM1C9dOtjv2dAoGAF0t5KmwbjWHBhcVqO4Ic\r\n" \ + "BVvN3BIlc1ue2YRXEDlxY5b0r8N4XceMgKmW18OHApZxfl8uPDauWZLXOgl4uepv\r\n" \ + "whZC3EuWrSyyICNhLY21Ah7hbIEBPF3L3ZsOwC+UErL+dXWLdB56Jgy3gZaBeW7b\r\n" \ + "vDrEnocJbqCm7IukhXHOBK8CgYEAwqdHB0hqyNSzIOGY7v9abzB6pUdA3BZiQvEs\r\n" \ + "3LjHVd4HPJ2x0N8CgrBIWOE0q8+0hSMmeE96WW/7jD3fPWwCR5zlXknxBQsfv0gP\r\n" \ + "3BC5PR0Qdypz+d+9zfMf625kyit4T/hzwhDveZUzHnk1Cf+IG7Q+TOEnLnWAWBED\r\n" \ + "ISOWmrUCgYAFEmRxgwAc/u+D6t0syCwAYh6POtscq9Y0i9GyWk89NzgC4NdwwbBH\r\n" \ + "4AgahOxIxXx2gxJnq3yfkJfIjwf0s2DyP0kY2y6Ua1OeomPeY9mrIS4tCuDQ6LrE\r\n" \ + "TB6l9VGoxJL4fyHnZb8L5gGvnB1bbD8cL6YPaDiOhcRseC9vBiEuVg==\r\n" \ + "-----END RSA PRIVATE KEY-----\r\n" +/* END FILE */ + +/* This was generated from tests/data_files/server2.key.der using `xxd -i`. */ +/* BEGIN FILE binary macro TEST_SRV_KEY_RSA_DER tests/data_files/server2.key.der */ +#define TEST_SRV_KEY_RSA_DER { \ + 0x30, 0x82, 0x04, 0xa4, 0x02, 0x01, 0x00, 0x02, 0x82, 0x01, 0x01, 0x00, \ + 0xc1, 0x4d, 0xa3, 0xdd, 0xe7, 0xcd, 0x1d, 0xd1, 0x04, 0xd7, 0x49, 0x72, \ + 0xb8, 0x99, 0xac, 0x0e, 0x78, 0xe4, 0x3a, 0x3c, 0x4a, 0xcf, 0x3a, 0x13, \ + 0x16, 0xd0, 0x5a, 0xe4, 0xcd, 0xa3, 0x00, 0x88, 0xa7, 0xee, 0x1e, 0x6b, \ + 0x96, 0xa7, 0x52, 0xb4, 0x90, 0xef, 0x2d, 0x72, 0x7a, 0x3e, 0x24, 0x9a, \ + 0xfc, 0xb6, 0x34, 0xac, 0x24, 0xf5, 0x77, 0xe0, 0x26, 0x64, 0x8c, 0x9c, \ + 0xb0, 0x28, 0x7d, 0xa1, 0xda, 0xea, 0x8c, 0xe6, 0xc9, 0x1c, 0x96, 0xbc, \ + 0xfe, 0xc1, 0x04, 0x52, 0xb3, 0x36, 0xd4, 0xa3, 0xfa, 0xe1, 0xb1, 0x76, \ + 0xd8, 0x90, 0xc1, 0x61, 0xb4, 0x66, 0x52, 0x36, 0xa2, 0x26, 0x53, 0xaa, \ + 0xab, 0x74, 0x5e, 0x07, 0x7d, 0x19, 0x82, 0xdb, 0x2a, 0xd8, 0x1f, 0xa0, \ + 0xd9, 0x0d, 0x1c, 0x2d, 0x49, 0x66, 0xf7, 0x5b, 0x25, 0x73, 0x46, 0xe8, \ + 0x0b, 0x8a, 0x4f, 0x69, 0x0c, 0xb5, 0x00, 0x90, 0xe1, 0xda, 0x82, 0x10, \ + 0x66, 0x7d, 0xae, 0x54, 0x2b, 0x8b, 0x65, 0x79, 0x91, 0xa1, 0xe2, 0x61, \ + 0xc3, 0xcd, 0x40, 0x49, 0x08, 0xee, 0x68, 0x0c, 0xf1, 0x8b, 0x86, 0xd2, \ + 0x46, 0xbf, 0xd0, 0xb8, 0xaa, 0x11, 0x03, 0x1e, 0x7f, 0x56, 0xa8, 0x1a, \ + 0x1e, 0x44, 0x18, 0x0f, 0x0f, 0x85, 0x8b, 0xda, 0x8b, 0x44, 0x5e, 0xe2, \ + 0x18, 0xc6, 0x62, 0x2f, 0xc7, 0x66, 0x8d, 0xfa, 0x5d, 0xd8, 0x7d, 0xf3, \ + 0x27, 0x89, 0x29, 0x01, 0xc5, 0x90, 0x0e, 0x3f, 0x27, 0xf1, 0x30, 0xc8, \ + 0x4a, 0x0e, 0xef, 0xd6, 0xde, 0xc7, 0xc7, 0x27, 0x6b, 0xc7, 0x05, 0x3d, \ + 0x7a, 0xc4, 0x02, 0x3c, 0x9a, 0x1d, 0x3e, 0x0f, 0xe8, 0x34, 0x98, 0x5b, \ + 0xcb, 0x73, 0x4b, 0x52, 0x96, 0xd8, 0x11, 0xa2, 0x2c, 0x80, 0x88, 0x69, \ + 0x39, 0x5a, 0xd3, 0x0f, 0xb0, 0xde, 0x59, 0x2f, 0x11, 0xc7, 0xf7, 0xea, \ + 0x12, 0x01, 0x30, 0x97, 0x02, 0x03, 0x01, 0x00, 0x01, 0x02, 0x82, 0x01, \ + 0x01, 0x00, 0x97, 0x47, 0x44, 0xbc, 0x10, 0x81, 0xc5, 0x18, 0xe4, 0x59, \ + 0xfb, 0xe0, 0x2d, 0x3a, 0x0e, 0x9e, 0x10, 0xdc, 0x43, 0xfb, 0x15, 0x6c, \ + 0xd1, 0xfd, 0x48, 0x78, 0x6c, 0xf9, 0xed, 0x38, 0xe8, 0xdd, 0x09, 0xd7, \ + 0x5f, 0xb5, 0x41, 0x64, 0xd7, 0x63, 0xfa, 0x9d, 0x44, 0x0a, 0xf8, 0x42, \ + 0x13, 0xf1, 0xbb, 0x5e, 0x79, 0x20, 0x53, 0x98, 0x4b, 0x65, 0x7f, 0x86, \ + 0x67, 0x48, 0xe4, 0xcf, 0xfb, 0x6a, 0x24, 0xe2, 0x34, 0xbd, 0x14, 0x9d, \ + 0x2c, 0x16, 0xe2, 0xa4, 0x79, 0xd6, 0xa2, 0xec, 0x81, 0x43, 0x87, 0xbf, \ + 0x03, 0x5c, 0x88, 0x25, 0xd9, 0x41, 0xb6, 0xa5, 0xf1, 0x27, 0x52, 0x84, \ + 0xfe, 0x2b, 0x6e, 0x1d, 0x16, 0xcd, 0x73, 0x88, 0xf8, 0x90, 0xbf, 0x19, \ + 0xfe, 0xbe, 0xa9, 0xbf, 0x09, 0xd3, 0x23, 0x43, 0xd2, 0xc7, 0x61, 0x2a, \ + 0xb3, 0x4e, 0x3c, 0x61, 0xd4, 0xbd, 0xd8, 0xb4, 0xfa, 0xa8, 0x0b, 0xf8, \ + 0x7e, 0x56, 0xcd, 0x0f, 0x13, 0x27, 0xda, 0xe6, 0x3b, 0xb3, 0x8c, 0x9c, \ + 0x4b, 0x84, 0x3c, 0xc3, 0x52, 0x57, 0x9c, 0x27, 0x9a, 0x02, 0x76, 0x26, \ + 0x59, 0x82, 0x39, 0xc3, 0x13, 0xbe, 0x6e, 0xf4, 0x44, 0x2d, 0x1d, 0x8c, \ + 0x73, 0x3e, 0x43, 0x99, 0x59, 0xcb, 0xf2, 0x34, 0x72, 0x9a, 0x5e, 0xa5, \ + 0xeb, 0x9f, 0x36, 0x6d, 0x2b, 0xf9, 0xa2, 0xe7, 0xd1, 0x78, 0x52, 0x1b, \ + 0xc8, 0xf6, 0x5b, 0x41, 0x69, 0x57, 0x81, 0x89, 0xe9, 0xbb, 0xa1, 0xde, \ + 0x19, 0x37, 0x3b, 0x13, 0x5c, 0xca, 0x61, 0x01, 0x86, 0xff, 0xdf, 0x83, \ + 0x41, 0x49, 0x7f, 0xd6, 0xf4, 0x2e, 0x08, 0xfa, 0x90, 0xc2, 0x7c, 0xb4, \ + 0xb5, 0x0a, 0x17, 0xdb, 0x0e, 0x6d, 0x75, 0x8a, 0x5d, 0x31, 0xd5, 0x66, \ + 0xfb, 0x39, 0x0b, 0xb5, 0xb6, 0xa3, 0xcd, 0xd4, 0xef, 0x88, 0x92, 0x5a, \ + 0x4d, 0x6c, 0xcb, 0xea, 0x5b, 0x79, 0x02, 0x81, 0x81, 0x00, 0xdf, 0x3a, \ + 0xf9, 0x25, 0x5e, 0x24, 0x37, 0x26, 0x40, 0x97, 0x2f, 0xe0, 0x4a, 0xba, \ + 0x52, 0x1b, 0x51, 0xaf, 0x84, 0x06, 0x32, 0x24, 0x0c, 0xcf, 0x44, 0xa8, \ + 0x77, 0xa7, 0xad, 0xb5, 0x8c, 0x58, 0xcc, 0xc8, 0x31, 0xb7, 0x0d, 0xbc, \ + 0x08, 0x8a, 0xe0, 0xa6, 0x8c, 0xc2, 0x73, 0xe5, 0x1a, 0x64, 0x92, 0xe8, \ + 0xed, 0x4c, 0x6f, 0x0b, 0xa6, 0xa7, 0xf3, 0x9a, 0xf5, 0x6f, 0x69, 0xca, \ + 0x3c, 0x22, 0xd0, 0x15, 0xa8, 0x20, 0x27, 0x41, 0xf8, 0x43, 0x42, 0x7f, \ + 0xb1, 0x93, 0xa1, 0x04, 0x85, 0xda, 0xa0, 0x1c, 0xd6, 0xc6, 0xf7, 0x8a, \ + 0x9e, 0xea, 0x5c, 0x78, 0xa7, 0x55, 0xc4, 0x6b, 0x05, 0x8b, 0xc0, 0x83, \ + 0xcb, 0xce, 0x83, 0x05, 0xf8, 0xb2, 0x16, 0x2b, 0xdf, 0x06, 0x3f, 0xb8, \ + 0xec, 0x16, 0xda, 0x43, 0x33, 0xc1, 0x8f, 0xb0, 0xb8, 0xac, 0xae, 0xd4, \ + 0x94, 0xb8, 0xda, 0x6f, 0x6a, 0xc3, 0x02, 0x81, 0x81, 0x00, 0xdd, 0xae, \ + 0x00, 0xcd, 0xa0, 0x72, 0x1a, 0x05, 0x8a, 0xee, 0x2f, 0xd4, 0x71, 0x4b, \ + 0xf0, 0x3e, 0xe5, 0xc1, 0xe1, 0x29, 0x8b, 0xa6, 0x67, 0x30, 0x98, 0xe7, \ + 0x12, 0xef, 0xdd, 0x12, 0x01, 0x90, 0x24, 0x58, 0xf0, 0x76, 0x92, 0xe7, \ + 0x3d, 0xbb, 0x23, 0xe1, 0xce, 0xf9, 0xa1, 0xd4, 0x38, 0x1b, 0x3f, 0x20, \ + 0xb3, 0x0f, 0x65, 0x6a, 0x8f, 0x55, 0x57, 0x36, 0xee, 0xb2, 0x84, 0x44, \ + 0xfc, 0x91, 0x88, 0xe1, 0xa4, 0xdd, 0x3b, 0x4a, 0x40, 0x4d, 0x7c, 0x86, \ + 0xed, 0xe1, 0xb5, 0x42, 0xef, 0xb9, 0x61, 0xcd, 0x58, 0x19, 0x77, 0x02, \ + 0xae, 0x58, 0x80, 0xdb, 0x13, 0x3d, 0xc7, 0x1f, 0x9d, 0xed, 0xff, 0xac, \ + 0x98, 0xfc, 0xcd, 0xf9, 0x62, 0x04, 0x83, 0x91, 0x89, 0x0d, 0x86, 0x43, \ + 0x8c, 0x0c, 0xc7, 0x1b, 0x90, 0x4d, 0xbe, 0x2f, 0xc5, 0x7c, 0xcd, 0x42, \ + 0xf5, 0xd3, 0xad, 0x8e, 0xfd, 0x9d, 0x02, 0x81, 0x80, 0x17, 0x4b, 0x79, \ + 0x2a, 0x6c, 0x1b, 0x8d, 0x61, 0xc1, 0x85, 0xc5, 0x6a, 0x3b, 0x82, 0x1c, \ + 0x05, 0x5b, 0xcd, 0xdc, 0x12, 0x25, 0x73, 0x5b, 0x9e, 0xd9, 0x84, 0x57, \ + 0x10, 0x39, 0x71, 0x63, 0x96, 0xf4, 0xaf, 0xc3, 0x78, 0x5d, 0xc7, 0x8c, \ + 0x80, 0xa9, 0x96, 0xd7, 0xc3, 0x87, 0x02, 0x96, 0x71, 0x7e, 0x5f, 0x2e, \ + 0x3c, 0x36, 0xae, 0x59, 0x92, 0xd7, 0x3a, 0x09, 0x78, 0xb9, 0xea, 0x6f, \ + 0xc2, 0x16, 0x42, 0xdc, 0x4b, 0x96, 0xad, 0x2c, 0xb2, 0x20, 0x23, 0x61, \ + 0x2d, 0x8d, 0xb5, 0x02, 0x1e, 0xe1, 0x6c, 0x81, 0x01, 0x3c, 0x5d, 0xcb, \ + 0xdd, 0x9b, 0x0e, 0xc0, 0x2f, 0x94, 0x12, 0xb2, 0xfe, 0x75, 0x75, 0x8b, \ + 0x74, 0x1e, 0x7a, 0x26, 0x0c, 0xb7, 0x81, 0x96, 0x81, 0x79, 0x6e, 0xdb, \ + 0xbc, 0x3a, 0xc4, 0x9e, 0x87, 0x09, 0x6e, 0xa0, 0xa6, 0xec, 0x8b, 0xa4, \ + 0x85, 0x71, 0xce, 0x04, 0xaf, 0x02, 0x81, 0x81, 0x00, 0xc2, 0xa7, 0x47, \ + 0x07, 0x48, 0x6a, 0xc8, 0xd4, 0xb3, 0x20, 0xe1, 0x98, 0xee, 0xff, 0x5a, \ + 0x6f, 0x30, 0x7a, 0xa5, 0x47, 0x40, 0xdc, 0x16, 0x62, 0x42, 0xf1, 0x2c, \ + 0xdc, 0xb8, 0xc7, 0x55, 0xde, 0x07, 0x3c, 0x9d, 0xb1, 0xd0, 0xdf, 0x02, \ + 0x82, 0xb0, 0x48, 0x58, 0xe1, 0x34, 0xab, 0xcf, 0xb4, 0x85, 0x23, 0x26, \ + 0x78, 0x4f, 0x7a, 0x59, 0x6f, 0xfb, 0x8c, 0x3d, 0xdf, 0x3d, 0x6c, 0x02, \ + 0x47, 0x9c, 0xe5, 0x5e, 0x49, 0xf1, 0x05, 0x0b, 0x1f, 0xbf, 0x48, 0x0f, \ + 0xdc, 0x10, 0xb9, 0x3d, 0x1d, 0x10, 0x77, 0x2a, 0x73, 0xf9, 0xdf, 0xbd, \ + 0xcd, 0xf3, 0x1f, 0xeb, 0x6e, 0x64, 0xca, 0x2b, 0x78, 0x4f, 0xf8, 0x73, \ + 0xc2, 0x10, 0xef, 0x79, 0x95, 0x33, 0x1e, 0x79, 0x35, 0x09, 0xff, 0x88, \ + 0x1b, 0xb4, 0x3e, 0x4c, 0xe1, 0x27, 0x2e, 0x75, 0x80, 0x58, 0x11, 0x03, \ + 0x21, 0x23, 0x96, 0x9a, 0xb5, 0x02, 0x81, 0x80, 0x05, 0x12, 0x64, 0x71, \ + 0x83, 0x00, 0x1c, 0xfe, 0xef, 0x83, 0xea, 0xdd, 0x2c, 0xc8, 0x2c, 0x00, \ + 0x62, 0x1e, 0x8f, 0x3a, 0xdb, 0x1c, 0xab, 0xd6, 0x34, 0x8b, 0xd1, 0xb2, \ + 0x5a, 0x4f, 0x3d, 0x37, 0x38, 0x02, 0xe0, 0xd7, 0x70, 0xc1, 0xb0, 0x47, \ + 0xe0, 0x08, 0x1a, 0x84, 0xec, 0x48, 0xc5, 0x7c, 0x76, 0x83, 0x12, 0x67, \ + 0xab, 0x7c, 0x9f, 0x90, 0x97, 0xc8, 0x8f, 0x07, 0xf4, 0xb3, 0x60, 0xf2, \ + 0x3f, 0x49, 0x18, 0xdb, 0x2e, 0x94, 0x6b, 0x53, 0x9e, 0xa2, 0x63, 0xde, \ + 0x63, 0xd9, 0xab, 0x21, 0x2e, 0x2d, 0x0a, 0xe0, 0xd0, 0xe8, 0xba, 0xc4, \ + 0x4c, 0x1e, 0xa5, 0xf5, 0x51, 0xa8, 0xc4, 0x92, 0xf8, 0x7f, 0x21, 0xe7, \ + 0x65, 0xbf, 0x0b, 0xe6, 0x01, 0xaf, 0x9c, 0x1d, 0x5b, 0x6c, 0x3f, 0x1c, \ + 0x2f, 0xa6, 0x0f, 0x68, 0x38, 0x8e, 0x85, 0xc4, 0x6c, 0x78, 0x2f, 0x6f, \ + 0x06, 0x21, 0x2e, 0x56 \ +} +/* END FILE */ + +/* + * Test client Certificates + * + * Test client certificates are defined for each choice + * of the following parameters: + * - PEM or DER encoding + * - RSA or EC key + * + * Things to add: + * - hash type + * - multiple EC curve types + */ + +/* This is taken from tests/data_files/cli2.crt. */ +/* BEGIN FILE string macro TEST_CLI_CRT_EC_PEM tests/data_files/cli2.crt */ +#define TEST_CLI_CRT_EC_PEM \ + "-----BEGIN CERTIFICATE-----\r\n" \ + "MIIB3zCCAWOgAwIBAgIBDTAMBggqhkjOPQQDAgUAMD4xCzAJBgNVBAYTAk5MMREw\r\n" \ + "DwYDVQQKDAhQb2xhclNTTDEcMBoGA1UEAwwTUG9sYXJTU0wgVGVzdCBFQyBDQTAe\r\n" \ + "Fw0xOTAyMTAxNDQ0MDBaFw0yOTAyMTAxNDQ0MDBaMEExCzAJBgNVBAYTAk5MMREw\r\n" \ + "DwYDVQQKDAhQb2xhclNTTDEfMB0GA1UEAwwWUG9sYXJTU0wgVGVzdCBDbGllbnQg\r\n" \ + "MjBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABFflrrFz39Osu5O4gf8Sru7mU6zO\r\n" \ + "VVP2NA7MLuNjJQvfmOLzXGA2lsDVGBRw5X+f1UtFGOWwbNVc+JaPh3Cj5MejTTBL\r\n" \ + "MAkGA1UdEwQCMAAwHQYDVR0OBBYEFHoAX4Zk/OBd5REQO7LmO8QmP8/iMB8GA1Ud\r\n" \ + "IwQYMBaAFJ1tICRJAT8ry3i1Gbx+JMnb+zZ8MAwGCCqGSM49BAMCBQADaAAwZQIx\r\n" \ + "AMqme4DKMldUlplDET9Q6Eptre7uUWKhsLOF+zPkKDlfzpIkJYEFgcloDHGYw80u\r\n" \ + "IgIwNftyPXsabTqMM7iEHgVpX/GRozKklY9yQI/5eoA6gGW7Y+imuGR/oao5ySOb\r\n" \ + "a9Vk\r\n" \ + "-----END CERTIFICATE-----\r\n" +/* END FILE */ + +/* This is generated from tests/data_files/cli2.crt.der using `xxd -i`. */ +/* BEGIN FILE binary macro TEST_CLI_CRT_EC_DER tests/data_files/cli2.crt.der */ +#define TEST_CLI_CRT_EC_DER { \ + 0x30, 0x82, 0x01, 0xdf, 0x30, 0x82, 0x01, 0x63, 0xa0, 0x03, 0x02, 0x01, \ + 0x02, 0x02, 0x01, 0x0d, 0x30, 0x0c, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, \ + 0x3d, 0x04, 0x03, 0x02, 0x05, 0x00, 0x30, 0x3e, 0x31, 0x0b, 0x30, 0x09, \ + 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, 0x30, \ + 0x0f, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x08, 0x50, 0x6f, 0x6c, 0x61, \ + 0x72, 0x53, 0x53, 0x4c, 0x31, 0x1c, 0x30, 0x1a, 0x06, 0x03, 0x55, 0x04, \ + 0x03, 0x0c, 0x13, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, 0x53, 0x4c, 0x20, \ + 0x54, 0x65, 0x73, 0x74, 0x20, 0x45, 0x43, 0x20, 0x43, 0x41, 0x30, 0x1e, \ + 0x17, 0x0d, 0x31, 0x39, 0x30, 0x32, 0x31, 0x30, 0x31, 0x34, 0x34, 0x34, \ + 0x30, 0x30, 0x5a, 0x17, 0x0d, 0x32, 0x39, 0x30, 0x32, 0x31, 0x30, 0x31, \ + 0x34, 0x34, 0x34, 0x30, 0x30, 0x5a, 0x30, 0x41, 0x31, 0x0b, 0x30, 0x09, \ + 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, 0x30, \ + 0x0f, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x08, 0x50, 0x6f, 0x6c, 0x61, \ + 0x72, 0x53, 0x53, 0x4c, 0x31, 0x1f, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x04, \ + 0x03, 0x0c, 0x16, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, 0x53, 0x4c, 0x20, \ + 0x54, 0x65, 0x73, 0x74, 0x20, 0x43, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x20, \ + 0x32, 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, \ + 0x02, 0x01, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, \ + 0x03, 0x42, 0x00, 0x04, 0x57, 0xe5, 0xae, 0xb1, 0x73, 0xdf, 0xd3, 0xac, \ + 0xbb, 0x93, 0xb8, 0x81, 0xff, 0x12, 0xae, 0xee, 0xe6, 0x53, 0xac, 0xce, \ + 0x55, 0x53, 0xf6, 0x34, 0x0e, 0xcc, 0x2e, 0xe3, 0x63, 0x25, 0x0b, 0xdf, \ + 0x98, 0xe2, 0xf3, 0x5c, 0x60, 0x36, 0x96, 0xc0, 0xd5, 0x18, 0x14, 0x70, \ + 0xe5, 0x7f, 0x9f, 0xd5, 0x4b, 0x45, 0x18, 0xe5, 0xb0, 0x6c, 0xd5, 0x5c, \ + 0xf8, 0x96, 0x8f, 0x87, 0x70, 0xa3, 0xe4, 0xc7, 0xa3, 0x4d, 0x30, 0x4b, \ + 0x30, 0x09, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x04, 0x02, 0x30, 0x00, 0x30, \ + 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0x7a, 0x00, \ + 0x5f, 0x86, 0x64, 0xfc, 0xe0, 0x5d, 0xe5, 0x11, 0x10, 0x3b, 0xb2, 0xe6, \ + 0x3b, 0xc4, 0x26, 0x3f, 0xcf, 0xe2, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, \ + 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, 0x14, 0x9d, 0x6d, 0x20, 0x24, 0x49, \ + 0x01, 0x3f, 0x2b, 0xcb, 0x78, 0xb5, 0x19, 0xbc, 0x7e, 0x24, 0xc9, 0xdb, \ + 0xfb, 0x36, 0x7c, 0x30, 0x0c, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, \ + 0x04, 0x03, 0x02, 0x05, 0x00, 0x03, 0x68, 0x00, 0x30, 0x65, 0x02, 0x31, \ + 0x00, 0xca, 0xa6, 0x7b, 0x80, 0xca, 0x32, 0x57, 0x54, 0x96, 0x99, 0x43, \ + 0x11, 0x3f, 0x50, 0xe8, 0x4a, 0x6d, 0xad, 0xee, 0xee, 0x51, 0x62, 0xa1, \ + 0xb0, 0xb3, 0x85, 0xfb, 0x33, 0xe4, 0x28, 0x39, 0x5f, 0xce, 0x92, 0x24, \ + 0x25, 0x81, 0x05, 0x81, 0xc9, 0x68, 0x0c, 0x71, 0x98, 0xc3, 0xcd, 0x2e, \ + 0x22, 0x02, 0x30, 0x35, 0xfb, 0x72, 0x3d, 0x7b, 0x1a, 0x6d, 0x3a, 0x8c, \ + 0x33, 0xb8, 0x84, 0x1e, 0x05, 0x69, 0x5f, 0xf1, 0x91, 0xa3, 0x32, 0xa4, \ + 0x95, 0x8f, 0x72, 0x40, 0x8f, 0xf9, 0x7a, 0x80, 0x3a, 0x80, 0x65, 0xbb, \ + 0x63, 0xe8, 0xa6, 0xb8, 0x64, 0x7f, 0xa1, 0xaa, 0x39, 0xc9, 0x23, 0x9b, \ + 0x6b, 0xd5, 0x64 \ +} +/* END FILE */ + +/* This is taken from tests/data_files/cli2.key. */ +/* BEGIN FILE string macro TEST_CLI_KEY_EC_PEM tests/data_files/cli2.key */ +#define TEST_CLI_KEY_EC_PEM \ + "-----BEGIN EC PRIVATE KEY-----\r\n" \ + "MHcCAQEEIPb3hmTxZ3/mZI3vyk7p3U3wBf+WIop6hDhkFzJhmLcqoAoGCCqGSM49\r\n" \ + "AwEHoUQDQgAEV+WusXPf06y7k7iB/xKu7uZTrM5VU/Y0Dswu42MlC9+Y4vNcYDaW\r\n" \ + "wNUYFHDlf5/VS0UY5bBs1Vz4lo+HcKPkxw==\r\n" \ + "-----END EC PRIVATE KEY-----\r\n" +/* END FILE */ + +/* This is generated from tests/data_files/cli2.key.der using `xxd -i`. */ +/* BEGIN FILE binary macro TEST_CLI_KEY_EC_DER tests/data_files/cli2.key.der */ +#define TEST_CLI_KEY_EC_DER { \ + 0x30, 0x77, 0x02, 0x01, 0x01, 0x04, 0x20, 0xf6, 0xf7, 0x86, 0x64, 0xf1, \ + 0x67, 0x7f, 0xe6, 0x64, 0x8d, 0xef, 0xca, 0x4e, 0xe9, 0xdd, 0x4d, 0xf0, \ + 0x05, 0xff, 0x96, 0x22, 0x8a, 0x7a, 0x84, 0x38, 0x64, 0x17, 0x32, 0x61, \ + 0x98, 0xb7, 0x2a, 0xa0, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, \ + 0x03, 0x01, 0x07, 0xa1, 0x44, 0x03, 0x42, 0x00, 0x04, 0x57, 0xe5, 0xae, \ + 0xb1, 0x73, 0xdf, 0xd3, 0xac, 0xbb, 0x93, 0xb8, 0x81, 0xff, 0x12, 0xae, \ + 0xee, 0xe6, 0x53, 0xac, 0xce, 0x55, 0x53, 0xf6, 0x34, 0x0e, 0xcc, 0x2e, \ + 0xe3, 0x63, 0x25, 0x0b, 0xdf, 0x98, 0xe2, 0xf3, 0x5c, 0x60, 0x36, 0x96, \ + 0xc0, 0xd5, 0x18, 0x14, 0x70, 0xe5, 0x7f, 0x9f, 0xd5, 0x4b, 0x45, 0x18, \ + 0xe5, 0xb0, 0x6c, 0xd5, 0x5c, 0xf8, 0x96, 0x8f, 0x87, 0x70, 0xa3, 0xe4, \ + 0xc7 \ +} +/* END FILE */ + +/* This is taken from tests/data_files/cli-rsa-sha256.crt. */ +/* BEGIN FILE string macro TEST_CLI_CRT_RSA_PEM tests/data_files/cli-rsa-sha256.crt */ +#define TEST_CLI_CRT_RSA_PEM \ + "-----BEGIN CERTIFICATE-----\r\n" \ + "MIIDPzCCAiegAwIBAgIBBDANBgkqhkiG9w0BAQsFADA7MQswCQYDVQQGEwJOTDER\r\n" \ + "MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN\r\n" \ + "MTkwMjEwMTQ0NDA2WhcNMjkwMjEwMTQ0NDA2WjA8MQswCQYDVQQGEwJOTDERMA8G\r\n" \ + "A1UECgwIUG9sYXJTU0wxGjAYBgNVBAMMEVBvbGFyU1NMIENsaWVudCAyMIIBIjAN\r\n" \ + "BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyHTEzLn5tXnpRdkUYLB9u5Pyax6f\r\n" \ + "M60Nj4o8VmXl3ETZzGaFB9X4J7BKNdBjngpuG7fa8H6r7gwQk4ZJGDTzqCrSV/Uu\r\n" \ + "1C93KYRhTYJQj6eVSHD1bk2y1RPD0hrt5kPqQhTrdOrA7R/UV06p86jt0uDBMHEw\r\n" \ + "MjDV0/YI0FZPRo7yX/k9Z5GIMC5Cst99++UMd//sMcB4j7/Cf8qtbCHWjdmLao5v\r\n" \ + "4Jv4EFbMs44TFeY0BGbH7vk2DmqV9gmaBmf0ZXH4yqSxJeD+PIs1BGe64E92hfx/\r\n" \ + "/DZrtenNLQNiTrM9AM+vdqBpVoNq0qjU51Bx5rU2BXcFbXvI5MT9TNUhXwIDAQAB\r\n" \ + "o00wSzAJBgNVHRMEAjAAMB0GA1UdDgQWBBRxoQBzckAvVHZeM/xSj7zx3WtGITAf\r\n" \ + "BgNVHSMEGDAWgBS0WuSls97SUva51aaVD+s+vMf9/zANBgkqhkiG9w0BAQsFAAOC\r\n" \ + "AQEAXidv1d4pLlBiKWED95rMycBdgDcgyNqJxakFkRfRyA2y1mlyTn7uBXRkNLY5\r\n" \ + "ZFzK82GCjk2Q2OD4RZSCPAJJqLpHHU34t71ciffvy2KK81YvrxczRhMAE64i+qna\r\n" \ + "yP3Td2XuWJR05PVPoSemsNELs9gWttdnYy3ce+EY2Y0n7Rsi7982EeLIAA7H6ca4\r\n" \ + "2Es/NUH//JZJT32OP0doMxeDRA+vplkKqTLLWf7dX26LIriBkBaRCgR5Yv9LBPFc\r\n" \ + "NOtpzu/LbrY7QFXKJMI+JXDudCsOn8KCmiA4d6Emisqfh3V3485l7HEQNcvLTxlD\r\n" \ + "6zDQyi0/ykYUYZkwQTK1N2Nvlw==\r\n" \ + "-----END CERTIFICATE-----\r\n" +/* END FILE */ + +/* This was generated from tests/data_files/cli-rsa-sha256.crt.der + using `xxd -i.` */ +/* BEGIN FILE binary macro TEST_CLI_CRT_RSA_DER tests/data_files/cli-rsa-sha256.crt.der */ +#define TEST_CLI_CRT_RSA_DER { \ + 0x30, 0x82, 0x03, 0x3f, 0x30, 0x82, 0x02, 0x27, 0xa0, 0x03, 0x02, 0x01, \ + 0x02, 0x02, 0x01, 0x04, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, \ + 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x30, 0x3b, 0x31, 0x0b, 0x30, \ + 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, \ + 0x30, 0x0f, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x08, 0x50, 0x6f, 0x6c, \ + 0x61, 0x72, 0x53, 0x53, 0x4c, 0x31, 0x19, 0x30, 0x17, 0x06, 0x03, 0x55, \ + 0x04, 0x03, 0x0c, 0x10, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, 0x53, 0x4c, \ + 0x20, 0x54, 0x65, 0x73, 0x74, 0x20, 0x43, 0x41, 0x30, 0x1e, 0x17, 0x0d, \ + 0x31, 0x39, 0x30, 0x32, 0x31, 0x30, 0x31, 0x34, 0x34, 0x34, 0x30, 0x36, \ + 0x5a, 0x17, 0x0d, 0x32, 0x39, 0x30, 0x32, 0x31, 0x30, 0x31, 0x34, 0x34, \ + 0x34, 0x30, 0x36, 0x5a, 0x30, 0x3c, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, \ + 0x55, 0x04, 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, 0x30, 0x0f, 0x06, \ + 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x08, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, \ + 0x53, 0x4c, 0x31, 0x1a, 0x30, 0x18, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, \ + 0x11, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, 0x53, 0x4c, 0x20, 0x43, 0x6c, \ + 0x69, 0x65, 0x6e, 0x74, 0x20, 0x32, 0x30, 0x82, 0x01, 0x22, 0x30, 0x0d, \ + 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, \ + 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30, 0x82, 0x01, 0x0a, 0x02, 0x82, \ + 0x01, 0x01, 0x00, 0xc8, 0x74, 0xc4, 0xcc, 0xb9, 0xf9, 0xb5, 0x79, 0xe9, \ + 0x45, 0xd9, 0x14, 0x60, 0xb0, 0x7d, 0xbb, 0x93, 0xf2, 0x6b, 0x1e, 0x9f, \ + 0x33, 0xad, 0x0d, 0x8f, 0x8a, 0x3c, 0x56, 0x65, 0xe5, 0xdc, 0x44, 0xd9, \ + 0xcc, 0x66, 0x85, 0x07, 0xd5, 0xf8, 0x27, 0xb0, 0x4a, 0x35, 0xd0, 0x63, \ + 0x9e, 0x0a, 0x6e, 0x1b, 0xb7, 0xda, 0xf0, 0x7e, 0xab, 0xee, 0x0c, 0x10, \ + 0x93, 0x86, 0x49, 0x18, 0x34, 0xf3, 0xa8, 0x2a, 0xd2, 0x57, 0xf5, 0x2e, \ + 0xd4, 0x2f, 0x77, 0x29, 0x84, 0x61, 0x4d, 0x82, 0x50, 0x8f, 0xa7, 0x95, \ + 0x48, 0x70, 0xf5, 0x6e, 0x4d, 0xb2, 0xd5, 0x13, 0xc3, 0xd2, 0x1a, 0xed, \ + 0xe6, 0x43, 0xea, 0x42, 0x14, 0xeb, 0x74, 0xea, 0xc0, 0xed, 0x1f, 0xd4, \ + 0x57, 0x4e, 0xa9, 0xf3, 0xa8, 0xed, 0xd2, 0xe0, 0xc1, 0x30, 0x71, 0x30, \ + 0x32, 0x30, 0xd5, 0xd3, 0xf6, 0x08, 0xd0, 0x56, 0x4f, 0x46, 0x8e, 0xf2, \ + 0x5f, 0xf9, 0x3d, 0x67, 0x91, 0x88, 0x30, 0x2e, 0x42, 0xb2, 0xdf, 0x7d, \ + 0xfb, 0xe5, 0x0c, 0x77, 0xff, 0xec, 0x31, 0xc0, 0x78, 0x8f, 0xbf, 0xc2, \ + 0x7f, 0xca, 0xad, 0x6c, 0x21, 0xd6, 0x8d, 0xd9, 0x8b, 0x6a, 0x8e, 0x6f, \ + 0xe0, 0x9b, 0xf8, 0x10, 0x56, 0xcc, 0xb3, 0x8e, 0x13, 0x15, 0xe6, 0x34, \ + 0x04, 0x66, 0xc7, 0xee, 0xf9, 0x36, 0x0e, 0x6a, 0x95, 0xf6, 0x09, 0x9a, \ + 0x06, 0x67, 0xf4, 0x65, 0x71, 0xf8, 0xca, 0xa4, 0xb1, 0x25, 0xe0, 0xfe, \ + 0x3c, 0x8b, 0x35, 0x04, 0x67, 0xba, 0xe0, 0x4f, 0x76, 0x85, 0xfc, 0x7f, \ + 0xfc, 0x36, 0x6b, 0xb5, 0xe9, 0xcd, 0x2d, 0x03, 0x62, 0x4e, 0xb3, 0x3d, \ + 0x00, 0xcf, 0xaf, 0x76, 0xa0, 0x69, 0x56, 0x83, 0x6a, 0xd2, 0xa8, 0xd4, \ + 0xe7, 0x50, 0x71, 0xe6, 0xb5, 0x36, 0x05, 0x77, 0x05, 0x6d, 0x7b, 0xc8, \ + 0xe4, 0xc4, 0xfd, 0x4c, 0xd5, 0x21, 0x5f, 0x02, 0x03, 0x01, 0x00, 0x01, \ + 0xa3, 0x4d, 0x30, 0x4b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x04, \ + 0x02, 0x30, 0x00, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, \ + 0x04, 0x14, 0x71, 0xa1, 0x00, 0x73, 0x72, 0x40, 0x2f, 0x54, 0x76, 0x5e, \ + 0x33, 0xfc, 0x52, 0x8f, 0xbc, 0xf1, 0xdd, 0x6b, 0x46, 0x21, 0x30, 0x1f, \ + 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, 0x14, 0xb4, \ + 0x5a, 0xe4, 0xa5, 0xb3, 0xde, 0xd2, 0x52, 0xf6, 0xb9, 0xd5, 0xa6, 0x95, \ + 0x0f, 0xeb, 0x3e, 0xbc, 0xc7, 0xfd, 0xff, 0x30, 0x0d, 0x06, 0x09, 0x2a, \ + 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x03, 0x82, \ + 0x01, 0x01, 0x00, 0x5e, 0x27, 0x6f, 0xd5, 0xde, 0x29, 0x2e, 0x50, 0x62, \ + 0x29, 0x61, 0x03, 0xf7, 0x9a, 0xcc, 0xc9, 0xc0, 0x5d, 0x80, 0x37, 0x20, \ + 0xc8, 0xda, 0x89, 0xc5, 0xa9, 0x05, 0x91, 0x17, 0xd1, 0xc8, 0x0d, 0xb2, \ + 0xd6, 0x69, 0x72, 0x4e, 0x7e, 0xee, 0x05, 0x74, 0x64, 0x34, 0xb6, 0x39, \ + 0x64, 0x5c, 0xca, 0xf3, 0x61, 0x82, 0x8e, 0x4d, 0x90, 0xd8, 0xe0, 0xf8, \ + 0x45, 0x94, 0x82, 0x3c, 0x02, 0x49, 0xa8, 0xba, 0x47, 0x1d, 0x4d, 0xf8, \ + 0xb7, 0xbd, 0x5c, 0x89, 0xf7, 0xef, 0xcb, 0x62, 0x8a, 0xf3, 0x56, 0x2f, \ + 0xaf, 0x17, 0x33, 0x46, 0x13, 0x00, 0x13, 0xae, 0x22, 0xfa, 0xa9, 0xda, \ + 0xc8, 0xfd, 0xd3, 0x77, 0x65, 0xee, 0x58, 0x94, 0x74, 0xe4, 0xf5, 0x4f, \ + 0xa1, 0x27, 0xa6, 0xb0, 0xd1, 0x0b, 0xb3, 0xd8, 0x16, 0xb6, 0xd7, 0x67, \ + 0x63, 0x2d, 0xdc, 0x7b, 0xe1, 0x18, 0xd9, 0x8d, 0x27, 0xed, 0x1b, 0x22, \ + 0xef, 0xdf, 0x36, 0x11, 0xe2, 0xc8, 0x00, 0x0e, 0xc7, 0xe9, 0xc6, 0xb8, \ + 0xd8, 0x4b, 0x3f, 0x35, 0x41, 0xff, 0xfc, 0x96, 0x49, 0x4f, 0x7d, 0x8e, \ + 0x3f, 0x47, 0x68, 0x33, 0x17, 0x83, 0x44, 0x0f, 0xaf, 0xa6, 0x59, 0x0a, \ + 0xa9, 0x32, 0xcb, 0x59, 0xfe, 0xdd, 0x5f, 0x6e, 0x8b, 0x22, 0xb8, 0x81, \ + 0x90, 0x16, 0x91, 0x0a, 0x04, 0x79, 0x62, 0xff, 0x4b, 0x04, 0xf1, 0x5c, \ + 0x34, 0xeb, 0x69, 0xce, 0xef, 0xcb, 0x6e, 0xb6, 0x3b, 0x40, 0x55, 0xca, \ + 0x24, 0xc2, 0x3e, 0x25, 0x70, 0xee, 0x74, 0x2b, 0x0e, 0x9f, 0xc2, 0x82, \ + 0x9a, 0x20, 0x38, 0x77, 0xa1, 0x26, 0x8a, 0xca, 0x9f, 0x87, 0x75, 0x77, \ + 0xe3, 0xce, 0x65, 0xec, 0x71, 0x10, 0x35, 0xcb, 0xcb, 0x4f, 0x19, 0x43, \ + 0xeb, 0x30, 0xd0, 0xca, 0x2d, 0x3f, 0xca, 0x46, 0x14, 0x61, 0x99, 0x30, \ + 0x41, 0x32, 0xb5, 0x37, 0x63, 0x6f, 0x97 \ +} +/* END FILE */ + +/* This is taken from tests/data_files/cli-rsa.key. */ +/* BEGIN FILE string macro TEST_CLI_KEY_RSA_PEM tests/data_files/cli-rsa.key */ +#define TEST_CLI_KEY_RSA_PEM \ + "-----BEGIN RSA PRIVATE KEY-----\r\n" \ + "MIIEpAIBAAKCAQEAyHTEzLn5tXnpRdkUYLB9u5Pyax6fM60Nj4o8VmXl3ETZzGaF\r\n" \ + "B9X4J7BKNdBjngpuG7fa8H6r7gwQk4ZJGDTzqCrSV/Uu1C93KYRhTYJQj6eVSHD1\r\n" \ + "bk2y1RPD0hrt5kPqQhTrdOrA7R/UV06p86jt0uDBMHEwMjDV0/YI0FZPRo7yX/k9\r\n" \ + "Z5GIMC5Cst99++UMd//sMcB4j7/Cf8qtbCHWjdmLao5v4Jv4EFbMs44TFeY0BGbH\r\n" \ + "7vk2DmqV9gmaBmf0ZXH4yqSxJeD+PIs1BGe64E92hfx//DZrtenNLQNiTrM9AM+v\r\n" \ + "dqBpVoNq0qjU51Bx5rU2BXcFbXvI5MT9TNUhXwIDAQABAoIBAGdNtfYDiap6bzst\r\n" \ + "yhCiI8m9TtrhZw4MisaEaN/ll3XSjaOG2dvV6xMZCMV+5TeXDHOAZnY18Yi18vzz\r\n" \ + "4Ut2TnNFzizCECYNaA2fST3WgInnxUkV3YXAyP6CNxJaCmv2aA0yFr2kFVSeaKGt\r\n" \ + "ymvljNp2NVkvm7Th8fBQBO7I7AXhz43k0mR7XmPgewe8ApZOG3hstkOaMvbWAvWA\r\n" \ + "zCZupdDjZYjOJqlA4eEA4H8/w7F83r5CugeBE8LgEREjLPiyejrU5H1fubEY+h0d\r\n" \ + "l5HZBJ68ybTXfQ5U9o/QKA3dd0toBEhhdRUDGzWtjvwkEQfqF1reGWj/tod/gCpf\r\n" \ + "DFi6X0ECgYEA4wOv/pjSC3ty6TuOvKX2rOUiBrLXXv2JSxZnMoMiWI5ipLQt+RYT\r\n" \ + "VPafL/m7Dn6MbwjayOkcZhBwk5CNz5A6Q4lJ64Mq/lqHznRCQQ2Mc1G8eyDF/fYL\r\n" \ + "Ze2pLvwP9VD5jTc2miDfw+MnvJhywRRLcemDFP8k4hQVtm8PMp3ZmNECgYEA4gz7\r\n" \ + "wzObR4gn8ibe617uQPZjWzUj9dUHYd+in1gwBCIrtNnaRn9I9U/Q6tegRYpii4ys\r\n" \ + "c176NmU+umy6XmuSKV5qD9bSpZWG2nLFnslrN15Lm3fhZxoeMNhBaEDTnLT26yoi\r\n" \ + "33gp0mSSWy94ZEqipms+ULF6sY1ZtFW6tpGFoy8CgYAQHhnnvJflIs2ky4q10B60\r\n" \ + "ZcxFp3rtDpkp0JxhFLhiizFrujMtZSjYNm5U7KkgPVHhLELEUvCmOnKTt4ap/vZ0\r\n" \ + "BxJNe1GZH3pW6SAvGDQpl9sG7uu/vTFP+lCxukmzxB0DrrDcvorEkKMom7ZCCRvW\r\n" \ + "KZsZ6YeH2Z81BauRj218kQKBgQCUV/DgKP2985xDTT79N08jUo3hTP5MVYCCuj/+\r\n" \ + "UeEw1TvZcx3LJby7P6Xad6a1/BqveaGyFKIfEFIaBUBItk801sDDpDaYc4gL00Xc\r\n" \ + "7lFuBHOZkxJYlss5QrGpuOEl9ZwUt5IrFLBdYaKqNHzNVC1pCPfb/JyH6Dr2HUxq\r\n" \ + "gxUwAQKBgQCcU6G2L8AG9d9c0UpOyL1tMvFe5Ttw0KjlQVdsh1MP6yigYo9DYuwu\r\n" \ + "bHFVW2r0dBTqegP2/KTOxKzaHfC1qf0RGDsUoJCNJrd1cwoCLG8P2EF4w3OBrKqv\r\n" \ + "8u4ytY0F+Vlanj5lm3TaoHSVF1+NWPyOTiwevIECGKwSxvlki4fDAA==\r\n" \ + "-----END RSA PRIVATE KEY-----\r\n"/* END FILE */ + +/* This was generated from tests/data_files/cli-rsa.key.der using `xxd -i`. */ +/* BEGIN FILE binary macro TEST_CLI_KEY_RSA_DER tests/data_files/cli-rsa.key.der */ +#define TEST_CLI_KEY_RSA_DER { \ + 0x30, 0x82, 0x04, 0xa4, 0x02, 0x01, 0x00, 0x02, 0x82, 0x01, 0x01, 0x00, \ + 0xc8, 0x74, 0xc4, 0xcc, 0xb9, 0xf9, 0xb5, 0x79, 0xe9, 0x45, 0xd9, 0x14, \ + 0x60, 0xb0, 0x7d, 0xbb, 0x93, 0xf2, 0x6b, 0x1e, 0x9f, 0x33, 0xad, 0x0d, \ + 0x8f, 0x8a, 0x3c, 0x56, 0x65, 0xe5, 0xdc, 0x44, 0xd9, 0xcc, 0x66, 0x85, \ + 0x07, 0xd5, 0xf8, 0x27, 0xb0, 0x4a, 0x35, 0xd0, 0x63, 0x9e, 0x0a, 0x6e, \ + 0x1b, 0xb7, 0xda, 0xf0, 0x7e, 0xab, 0xee, 0x0c, 0x10, 0x93, 0x86, 0x49, \ + 0x18, 0x34, 0xf3, 0xa8, 0x2a, 0xd2, 0x57, 0xf5, 0x2e, 0xd4, 0x2f, 0x77, \ + 0x29, 0x84, 0x61, 0x4d, 0x82, 0x50, 0x8f, 0xa7, 0x95, 0x48, 0x70, 0xf5, \ + 0x6e, 0x4d, 0xb2, 0xd5, 0x13, 0xc3, 0xd2, 0x1a, 0xed, 0xe6, 0x43, 0xea, \ + 0x42, 0x14, 0xeb, 0x74, 0xea, 0xc0, 0xed, 0x1f, 0xd4, 0x57, 0x4e, 0xa9, \ + 0xf3, 0xa8, 0xed, 0xd2, 0xe0, 0xc1, 0x30, 0x71, 0x30, 0x32, 0x30, 0xd5, \ + 0xd3, 0xf6, 0x08, 0xd0, 0x56, 0x4f, 0x46, 0x8e, 0xf2, 0x5f, 0xf9, 0x3d, \ + 0x67, 0x91, 0x88, 0x30, 0x2e, 0x42, 0xb2, 0xdf, 0x7d, 0xfb, 0xe5, 0x0c, \ + 0x77, 0xff, 0xec, 0x31, 0xc0, 0x78, 0x8f, 0xbf, 0xc2, 0x7f, 0xca, 0xad, \ + 0x6c, 0x21, 0xd6, 0x8d, 0xd9, 0x8b, 0x6a, 0x8e, 0x6f, 0xe0, 0x9b, 0xf8, \ + 0x10, 0x56, 0xcc, 0xb3, 0x8e, 0x13, 0x15, 0xe6, 0x34, 0x04, 0x66, 0xc7, \ + 0xee, 0xf9, 0x36, 0x0e, 0x6a, 0x95, 0xf6, 0x09, 0x9a, 0x06, 0x67, 0xf4, \ + 0x65, 0x71, 0xf8, 0xca, 0xa4, 0xb1, 0x25, 0xe0, 0xfe, 0x3c, 0x8b, 0x35, \ + 0x04, 0x67, 0xba, 0xe0, 0x4f, 0x76, 0x85, 0xfc, 0x7f, 0xfc, 0x36, 0x6b, \ + 0xb5, 0xe9, 0xcd, 0x2d, 0x03, 0x62, 0x4e, 0xb3, 0x3d, 0x00, 0xcf, 0xaf, \ + 0x76, 0xa0, 0x69, 0x56, 0x83, 0x6a, 0xd2, 0xa8, 0xd4, 0xe7, 0x50, 0x71, \ + 0xe6, 0xb5, 0x36, 0x05, 0x77, 0x05, 0x6d, 0x7b, 0xc8, 0xe4, 0xc4, 0xfd, \ + 0x4c, 0xd5, 0x21, 0x5f, 0x02, 0x03, 0x01, 0x00, 0x01, 0x02, 0x82, 0x01, \ + 0x00, 0x67, 0x4d, 0xb5, 0xf6, 0x03, 0x89, 0xaa, 0x7a, 0x6f, 0x3b, 0x2d, \ + 0xca, 0x10, 0xa2, 0x23, 0xc9, 0xbd, 0x4e, 0xda, 0xe1, 0x67, 0x0e, 0x0c, \ + 0x8a, 0xc6, 0x84, 0x68, 0xdf, 0xe5, 0x97, 0x75, 0xd2, 0x8d, 0xa3, 0x86, \ + 0xd9, 0xdb, 0xd5, 0xeb, 0x13, 0x19, 0x08, 0xc5, 0x7e, 0xe5, 0x37, 0x97, \ + 0x0c, 0x73, 0x80, 0x66, 0x76, 0x35, 0xf1, 0x88, 0xb5, 0xf2, 0xfc, 0xf3, \ + 0xe1, 0x4b, 0x76, 0x4e, 0x73, 0x45, 0xce, 0x2c, 0xc2, 0x10, 0x26, 0x0d, \ + 0x68, 0x0d, 0x9f, 0x49, 0x3d, 0xd6, 0x80, 0x89, 0xe7, 0xc5, 0x49, 0x15, \ + 0xdd, 0x85, 0xc0, 0xc8, 0xfe, 0x82, 0x37, 0x12, 0x5a, 0x0a, 0x6b, 0xf6, \ + 0x68, 0x0d, 0x32, 0x16, 0xbd, 0xa4, 0x15, 0x54, 0x9e, 0x68, 0xa1, 0xad, \ + 0xca, 0x6b, 0xe5, 0x8c, 0xda, 0x76, 0x35, 0x59, 0x2f, 0x9b, 0xb4, 0xe1, \ + 0xf1, 0xf0, 0x50, 0x04, 0xee, 0xc8, 0xec, 0x05, 0xe1, 0xcf, 0x8d, 0xe4, \ + 0xd2, 0x64, 0x7b, 0x5e, 0x63, 0xe0, 0x7b, 0x07, 0xbc, 0x02, 0x96, 0x4e, \ + 0x1b, 0x78, 0x6c, 0xb6, 0x43, 0x9a, 0x32, 0xf6, 0xd6, 0x02, 0xf5, 0x80, \ + 0xcc, 0x26, 0x6e, 0xa5, 0xd0, 0xe3, 0x65, 0x88, 0xce, 0x26, 0xa9, 0x40, \ + 0xe1, 0xe1, 0x00, 0xe0, 0x7f, 0x3f, 0xc3, 0xb1, 0x7c, 0xde, 0xbe, 0x42, \ + 0xba, 0x07, 0x81, 0x13, 0xc2, 0xe0, 0x11, 0x11, 0x23, 0x2c, 0xf8, 0xb2, \ + 0x7a, 0x3a, 0xd4, 0xe4, 0x7d, 0x5f, 0xb9, 0xb1, 0x18, 0xfa, 0x1d, 0x1d, \ + 0x97, 0x91, 0xd9, 0x04, 0x9e, 0xbc, 0xc9, 0xb4, 0xd7, 0x7d, 0x0e, 0x54, \ + 0xf6, 0x8f, 0xd0, 0x28, 0x0d, 0xdd, 0x77, 0x4b, 0x68, 0x04, 0x48, 0x61, \ + 0x75, 0x15, 0x03, 0x1b, 0x35, 0xad, 0x8e, 0xfc, 0x24, 0x11, 0x07, 0xea, \ + 0x17, 0x5a, 0xde, 0x19, 0x68, 0xff, 0xb6, 0x87, 0x7f, 0x80, 0x2a, 0x5f, \ + 0x0c, 0x58, 0xba, 0x5f, 0x41, 0x02, 0x81, 0x81, 0x00, 0xe3, 0x03, 0xaf, \ + 0xfe, 0x98, 0xd2, 0x0b, 0x7b, 0x72, 0xe9, 0x3b, 0x8e, 0xbc, 0xa5, 0xf6, \ + 0xac, 0xe5, 0x22, 0x06, 0xb2, 0xd7, 0x5e, 0xfd, 0x89, 0x4b, 0x16, 0x67, \ + 0x32, 0x83, 0x22, 0x58, 0x8e, 0x62, 0xa4, 0xb4, 0x2d, 0xf9, 0x16, 0x13, \ + 0x54, 0xf6, 0x9f, 0x2f, 0xf9, 0xbb, 0x0e, 0x7e, 0x8c, 0x6f, 0x08, 0xda, \ + 0xc8, 0xe9, 0x1c, 0x66, 0x10, 0x70, 0x93, 0x90, 0x8d, 0xcf, 0x90, 0x3a, \ + 0x43, 0x89, 0x49, 0xeb, 0x83, 0x2a, 0xfe, 0x5a, 0x87, 0xce, 0x74, 0x42, \ + 0x41, 0x0d, 0x8c, 0x73, 0x51, 0xbc, 0x7b, 0x20, 0xc5, 0xfd, 0xf6, 0x0b, \ + 0x65, 0xed, 0xa9, 0x2e, 0xfc, 0x0f, 0xf5, 0x50, 0xf9, 0x8d, 0x37, 0x36, \ + 0x9a, 0x20, 0xdf, 0xc3, 0xe3, 0x27, 0xbc, 0x98, 0x72, 0xc1, 0x14, 0x4b, \ + 0x71, 0xe9, 0x83, 0x14, 0xff, 0x24, 0xe2, 0x14, 0x15, 0xb6, 0x6f, 0x0f, \ + 0x32, 0x9d, 0xd9, 0x98, 0xd1, 0x02, 0x81, 0x81, 0x00, 0xe2, 0x0c, 0xfb, \ + 0xc3, 0x33, 0x9b, 0x47, 0x88, 0x27, 0xf2, 0x26, 0xde, 0xeb, 0x5e, 0xee, \ + 0x40, 0xf6, 0x63, 0x5b, 0x35, 0x23, 0xf5, 0xd5, 0x07, 0x61, 0xdf, 0xa2, \ + 0x9f, 0x58, 0x30, 0x04, 0x22, 0x2b, 0xb4, 0xd9, 0xda, 0x46, 0x7f, 0x48, \ + 0xf5, 0x4f, 0xd0, 0xea, 0xd7, 0xa0, 0x45, 0x8a, 0x62, 0x8b, 0x8c, 0xac, \ + 0x73, 0x5e, 0xfa, 0x36, 0x65, 0x3e, 0xba, 0x6c, 0xba, 0x5e, 0x6b, 0x92, \ + 0x29, 0x5e, 0x6a, 0x0f, 0xd6, 0xd2, 0xa5, 0x95, 0x86, 0xda, 0x72, 0xc5, \ + 0x9e, 0xc9, 0x6b, 0x37, 0x5e, 0x4b, 0x9b, 0x77, 0xe1, 0x67, 0x1a, 0x1e, \ + 0x30, 0xd8, 0x41, 0x68, 0x40, 0xd3, 0x9c, 0xb4, 0xf6, 0xeb, 0x2a, 0x22, \ + 0xdf, 0x78, 0x29, 0xd2, 0x64, 0x92, 0x5b, 0x2f, 0x78, 0x64, 0x4a, 0xa2, \ + 0xa6, 0x6b, 0x3e, 0x50, 0xb1, 0x7a, 0xb1, 0x8d, 0x59, 0xb4, 0x55, 0xba, \ + 0xb6, 0x91, 0x85, 0xa3, 0x2f, 0x02, 0x81, 0x80, 0x10, 0x1e, 0x19, 0xe7, \ + 0xbc, 0x97, 0xe5, 0x22, 0xcd, 0xa4, 0xcb, 0x8a, 0xb5, 0xd0, 0x1e, 0xb4, \ + 0x65, 0xcc, 0x45, 0xa7, 0x7a, 0xed, 0x0e, 0x99, 0x29, 0xd0, 0x9c, 0x61, \ + 0x14, 0xb8, 0x62, 0x8b, 0x31, 0x6b, 0xba, 0x33, 0x2d, 0x65, 0x28, 0xd8, \ + 0x36, 0x6e, 0x54, 0xec, 0xa9, 0x20, 0x3d, 0x51, 0xe1, 0x2c, 0x42, 0xc4, \ + 0x52, 0xf0, 0xa6, 0x3a, 0x72, 0x93, 0xb7, 0x86, 0xa9, 0xfe, 0xf6, 0x74, \ + 0x07, 0x12, 0x4d, 0x7b, 0x51, 0x99, 0x1f, 0x7a, 0x56, 0xe9, 0x20, 0x2f, \ + 0x18, 0x34, 0x29, 0x97, 0xdb, 0x06, 0xee, 0xeb, 0xbf, 0xbd, 0x31, 0x4f, \ + 0xfa, 0x50, 0xb1, 0xba, 0x49, 0xb3, 0xc4, 0x1d, 0x03, 0xae, 0xb0, 0xdc, \ + 0xbe, 0x8a, 0xc4, 0x90, 0xa3, 0x28, 0x9b, 0xb6, 0x42, 0x09, 0x1b, 0xd6, \ + 0x29, 0x9b, 0x19, 0xe9, 0x87, 0x87, 0xd9, 0x9f, 0x35, 0x05, 0xab, 0x91, \ + 0x8f, 0x6d, 0x7c, 0x91, 0x02, 0x81, 0x81, 0x00, 0x94, 0x57, 0xf0, 0xe0, \ + 0x28, 0xfd, 0xbd, 0xf3, 0x9c, 0x43, 0x4d, 0x3e, 0xfd, 0x37, 0x4f, 0x23, \ + 0x52, 0x8d, 0xe1, 0x4c, 0xfe, 0x4c, 0x55, 0x80, 0x82, 0xba, 0x3f, 0xfe, \ + 0x51, 0xe1, 0x30, 0xd5, 0x3b, 0xd9, 0x73, 0x1d, 0xcb, 0x25, 0xbc, 0xbb, \ + 0x3f, 0xa5, 0xda, 0x77, 0xa6, 0xb5, 0xfc, 0x1a, 0xaf, 0x79, 0xa1, 0xb2, \ + 0x14, 0xa2, 0x1f, 0x10, 0x52, 0x1a, 0x05, 0x40, 0x48, 0xb6, 0x4f, 0x34, \ + 0xd6, 0xc0, 0xc3, 0xa4, 0x36, 0x98, 0x73, 0x88, 0x0b, 0xd3, 0x45, 0xdc, \ + 0xee, 0x51, 0x6e, 0x04, 0x73, 0x99, 0x93, 0x12, 0x58, 0x96, 0xcb, 0x39, \ + 0x42, 0xb1, 0xa9, 0xb8, 0xe1, 0x25, 0xf5, 0x9c, 0x14, 0xb7, 0x92, 0x2b, \ + 0x14, 0xb0, 0x5d, 0x61, 0xa2, 0xaa, 0x34, 0x7c, 0xcd, 0x54, 0x2d, 0x69, \ + 0x08, 0xf7, 0xdb, 0xfc, 0x9c, 0x87, 0xe8, 0x3a, 0xf6, 0x1d, 0x4c, 0x6a, \ + 0x83, 0x15, 0x30, 0x01, 0x02, 0x81, 0x81, 0x00, 0x9c, 0x53, 0xa1, 0xb6, \ + 0x2f, 0xc0, 0x06, 0xf5, 0xdf, 0x5c, 0xd1, 0x4a, 0x4e, 0xc8, 0xbd, 0x6d, \ + 0x32, 0xf1, 0x5e, 0xe5, 0x3b, 0x70, 0xd0, 0xa8, 0xe5, 0x41, 0x57, 0x6c, \ + 0x87, 0x53, 0x0f, 0xeb, 0x28, 0xa0, 0x62, 0x8f, 0x43, 0x62, 0xec, 0x2e, \ + 0x6c, 0x71, 0x55, 0x5b, 0x6a, 0xf4, 0x74, 0x14, 0xea, 0x7a, 0x03, 0xf6, \ + 0xfc, 0xa4, 0xce, 0xc4, 0xac, 0xda, 0x1d, 0xf0, 0xb5, 0xa9, 0xfd, 0x11, \ + 0x18, 0x3b, 0x14, 0xa0, 0x90, 0x8d, 0x26, 0xb7, 0x75, 0x73, 0x0a, 0x02, \ + 0x2c, 0x6f, 0x0f, 0xd8, 0x41, 0x78, 0xc3, 0x73, 0x81, 0xac, 0xaa, 0xaf, \ + 0xf2, 0xee, 0x32, 0xb5, 0x8d, 0x05, 0xf9, 0x59, 0x5a, 0x9e, 0x3e, 0x65, \ + 0x9b, 0x74, 0xda, 0xa0, 0x74, 0x95, 0x17, 0x5f, 0x8d, 0x58, 0xfc, 0x8e, \ + 0x4e, 0x2c, 0x1e, 0xbc, 0x81, 0x02, 0x18, 0xac, 0x12, 0xc6, 0xf9, 0x64, \ + 0x8b, 0x87, 0xc3, 0x00 \ +} +/* END FILE */ + +/* + * + * Test certificates and keys as C variables + * + */ + +/* + * CA + */ + +const char mbedtls_test_ca_crt_ec_pem[] = TEST_CA_CRT_EC_PEM; +const char mbedtls_test_ca_key_ec_pem[] = TEST_CA_KEY_EC_PEM; +const char mbedtls_test_ca_pwd_ec_pem[] = TEST_CA_PWD_EC_PEM; +const char mbedtls_test_ca_key_rsa_pem[] = TEST_CA_KEY_RSA_PEM; +const char mbedtls_test_ca_pwd_rsa_pem[] = TEST_CA_PWD_RSA_PEM; +const char mbedtls_test_ca_crt_rsa_sha1_pem[] = TEST_CA_CRT_RSA_SHA1_PEM; +const char mbedtls_test_ca_crt_rsa_sha256_pem[] = TEST_CA_CRT_RSA_SHA256_PEM; + +const unsigned char mbedtls_test_ca_crt_ec_der[] = TEST_CA_CRT_EC_DER; +const unsigned char mbedtls_test_ca_key_ec_der[] = TEST_CA_KEY_EC_DER; +const unsigned char mbedtls_test_ca_key_rsa_der[] = TEST_CA_KEY_RSA_DER; +const unsigned char mbedtls_test_ca_crt_rsa_sha1_der[] = + TEST_CA_CRT_RSA_SHA1_DER; +const unsigned char mbedtls_test_ca_crt_rsa_sha256_der[] = + TEST_CA_CRT_RSA_SHA256_DER; + +const size_t mbedtls_test_ca_crt_ec_pem_len = + sizeof( mbedtls_test_ca_crt_ec_pem ); +const size_t mbedtls_test_ca_key_ec_pem_len = + sizeof( mbedtls_test_ca_key_ec_pem ); +const size_t mbedtls_test_ca_pwd_ec_pem_len = + sizeof( mbedtls_test_ca_pwd_ec_pem ) - 1; +const size_t mbedtls_test_ca_key_rsa_pem_len = + sizeof( mbedtls_test_ca_key_rsa_pem ); +const size_t mbedtls_test_ca_pwd_rsa_pem_len = + sizeof( mbedtls_test_ca_pwd_rsa_pem ) - 1; +const size_t mbedtls_test_ca_crt_rsa_sha1_pem_len = + sizeof( mbedtls_test_ca_crt_rsa_sha1_pem ); +const size_t mbedtls_test_ca_crt_rsa_sha256_pem_len = + sizeof( mbedtls_test_ca_crt_rsa_sha256_pem ); + +const size_t mbedtls_test_ca_crt_ec_der_len = + sizeof( mbedtls_test_ca_crt_ec_der ); +const size_t mbedtls_test_ca_key_ec_der_len = + sizeof( mbedtls_test_ca_key_ec_der ); +const size_t mbedtls_test_ca_pwd_ec_der_len = 0; +const size_t mbedtls_test_ca_key_rsa_der_len = + sizeof( mbedtls_test_ca_key_rsa_der ); +const size_t mbedtls_test_ca_pwd_rsa_der_len = 0; +const size_t mbedtls_test_ca_crt_rsa_sha1_der_len = + sizeof( mbedtls_test_ca_crt_rsa_sha1_der ); +const size_t mbedtls_test_ca_crt_rsa_sha256_der_len = + sizeof( mbedtls_test_ca_crt_rsa_sha256_der ); + +/* + * Server + */ + +const char mbedtls_test_srv_crt_ec_pem[] = TEST_SRV_CRT_EC_PEM; +const char mbedtls_test_srv_key_ec_pem[] = TEST_SRV_KEY_EC_PEM; +const char mbedtls_test_srv_pwd_ec_pem[] = ""; +const char mbedtls_test_srv_key_rsa_pem[] = TEST_SRV_KEY_RSA_PEM; +const char mbedtls_test_srv_pwd_rsa_pem[] = ""; +const char mbedtls_test_srv_crt_rsa_sha1_pem[] = TEST_SRV_CRT_RSA_SHA1_PEM; +const char mbedtls_test_srv_crt_rsa_sha256_pem[] = TEST_SRV_CRT_RSA_SHA256_PEM; + +const unsigned char mbedtls_test_srv_crt_ec_der[] = TEST_SRV_CRT_EC_DER; +const unsigned char mbedtls_test_srv_key_ec_der[] = TEST_SRV_KEY_EC_DER; +const unsigned char mbedtls_test_srv_key_rsa_der[] = TEST_SRV_KEY_RSA_DER; +const unsigned char mbedtls_test_srv_crt_rsa_sha1_der[] = + TEST_SRV_CRT_RSA_SHA1_DER; +const unsigned char mbedtls_test_srv_crt_rsa_sha256_der[] = + TEST_SRV_CRT_RSA_SHA256_DER; + +const size_t mbedtls_test_srv_crt_ec_pem_len = + sizeof( mbedtls_test_srv_crt_ec_pem ); +const size_t mbedtls_test_srv_key_ec_pem_len = + sizeof( mbedtls_test_srv_key_ec_pem ); +const size_t mbedtls_test_srv_pwd_ec_pem_len = + sizeof( mbedtls_test_srv_pwd_ec_pem ) - 1; +const size_t mbedtls_test_srv_key_rsa_pem_len = + sizeof( mbedtls_test_srv_key_rsa_pem ); +const size_t mbedtls_test_srv_pwd_rsa_pem_len = + sizeof( mbedtls_test_srv_pwd_rsa_pem ) - 1; +const size_t mbedtls_test_srv_crt_rsa_sha1_pem_len = + sizeof( mbedtls_test_srv_crt_rsa_sha1_pem ); +const size_t mbedtls_test_srv_crt_rsa_sha256_pem_len = + sizeof( mbedtls_test_srv_crt_rsa_sha256_pem ); + +const size_t mbedtls_test_srv_crt_ec_der_len = + sizeof( mbedtls_test_srv_crt_ec_der ); +const size_t mbedtls_test_srv_key_ec_der_len = + sizeof( mbedtls_test_srv_key_ec_der ); +const size_t mbedtls_test_srv_pwd_ec_der_len = 0; +const size_t mbedtls_test_srv_key_rsa_der_len = + sizeof( mbedtls_test_srv_key_rsa_der ); +const size_t mbedtls_test_srv_pwd_rsa_der_len = 0; +const size_t mbedtls_test_srv_crt_rsa_sha1_der_len = + sizeof( mbedtls_test_srv_crt_rsa_sha1_der ); +const size_t mbedtls_test_srv_crt_rsa_sha256_der_len = + sizeof( mbedtls_test_srv_crt_rsa_sha256_der ); + +/* + * Client + */ + +const char mbedtls_test_cli_crt_ec_pem[] = TEST_CLI_CRT_EC_PEM; +const char mbedtls_test_cli_key_ec_pem[] = TEST_CLI_KEY_EC_PEM; +const char mbedtls_test_cli_pwd_ec_pem[] = ""; +const char mbedtls_test_cli_key_rsa_pem[] = TEST_CLI_KEY_RSA_PEM; +const char mbedtls_test_cli_pwd_rsa_pem[] = ""; +const char mbedtls_test_cli_crt_rsa_pem[] = TEST_CLI_CRT_RSA_PEM; + +const unsigned char mbedtls_test_cli_crt_ec_der[] = TEST_CLI_CRT_EC_DER; +const unsigned char mbedtls_test_cli_key_ec_der[] = TEST_CLI_KEY_EC_DER; +const unsigned char mbedtls_test_cli_key_rsa_der[] = TEST_CLI_KEY_RSA_DER; +const unsigned char mbedtls_test_cli_crt_rsa_der[] = TEST_CLI_CRT_RSA_DER; + +const size_t mbedtls_test_cli_crt_ec_pem_len = + sizeof( mbedtls_test_cli_crt_ec_pem ); +const size_t mbedtls_test_cli_key_ec_pem_len = + sizeof( mbedtls_test_cli_key_ec_pem ); +const size_t mbedtls_test_cli_pwd_ec_pem_len = + sizeof( mbedtls_test_cli_pwd_ec_pem ) - 1; +const size_t mbedtls_test_cli_key_rsa_pem_len = + sizeof( mbedtls_test_cli_key_rsa_pem ); +const size_t mbedtls_test_cli_pwd_rsa_pem_len = + sizeof( mbedtls_test_cli_pwd_rsa_pem ) - 1; +const size_t mbedtls_test_cli_crt_rsa_pem_len = + sizeof( mbedtls_test_cli_crt_rsa_pem ); + +const size_t mbedtls_test_cli_crt_ec_der_len = + sizeof( mbedtls_test_cli_crt_ec_der ); +const size_t mbedtls_test_cli_key_ec_der_len = + sizeof( mbedtls_test_cli_key_ec_der ); +const size_t mbedtls_test_cli_key_rsa_der_len = + sizeof( mbedtls_test_cli_key_rsa_der ); +const size_t mbedtls_test_cli_crt_rsa_der_len = + sizeof( mbedtls_test_cli_crt_rsa_der ); + +/* + * + * Definitions of test CRTs without specification of all parameters, choosing + * them automatically according to the config. For example, mbedtls_test_ca_crt + * is one of mbedtls_test_ca_crt_{rsa|ec}_{sha1|sha256}_{pem|der}. + * + */ + +/* + * Dispatch between PEM and DER according to config + */ + +#if defined(MBEDTLS_PEM_PARSE_C) + +/* PEM encoded test CA certificates and keys */ + +#define TEST_CA_KEY_RSA TEST_CA_KEY_RSA_PEM +#define TEST_CA_PWD_RSA TEST_CA_PWD_RSA_PEM +#define TEST_CA_CRT_RSA_SHA256 TEST_CA_CRT_RSA_SHA256_PEM +#define TEST_CA_CRT_RSA_SHA1 TEST_CA_CRT_RSA_SHA1_PEM +#define TEST_CA_KEY_EC TEST_CA_KEY_EC_PEM +#define TEST_CA_PWD_EC TEST_CA_PWD_EC_PEM +#define TEST_CA_CRT_EC TEST_CA_CRT_EC_PEM + +/* PEM encoded test server certificates and keys */ + +#define TEST_SRV_KEY_RSA TEST_SRV_KEY_RSA_PEM +#define TEST_SRV_PWD_RSA "" +#define TEST_SRV_CRT_RSA_SHA256 TEST_SRV_CRT_RSA_SHA256_PEM +#define TEST_SRV_CRT_RSA_SHA1 TEST_SRV_CRT_RSA_SHA1_PEM +#define TEST_SRV_KEY_EC TEST_SRV_KEY_EC_PEM +#define TEST_SRV_PWD_EC "" +#define TEST_SRV_CRT_EC TEST_SRV_CRT_EC_PEM + +/* PEM encoded test client certificates and keys */ + +#define TEST_CLI_KEY_RSA TEST_CLI_KEY_RSA_PEM +#define TEST_CLI_PWD_RSA "" +#define TEST_CLI_CRT_RSA TEST_CLI_CRT_RSA_PEM +#define TEST_CLI_KEY_EC TEST_CLI_KEY_EC_PEM +#define TEST_CLI_PWD_EC "" +#define TEST_CLI_CRT_EC TEST_CLI_CRT_EC_PEM + +#else /* MBEDTLS_PEM_PARSE_C */ + +/* DER encoded test CA certificates and keys */ + +#define TEST_CA_KEY_RSA TEST_CA_KEY_RSA_DER +#define TEST_CA_PWD_RSA "" +#define TEST_CA_CRT_RSA_SHA256 TEST_CA_CRT_RSA_SHA256_DER +#define TEST_CA_CRT_RSA_SHA1 TEST_CA_CRT_RSA_SHA1_DER +#define TEST_CA_KEY_EC TEST_CA_KEY_EC_DER +#define TEST_CA_PWD_EC "" +#define TEST_CA_CRT_EC TEST_CA_CRT_EC_DER + +/* DER encoded test server certificates and keys */ + +#define TEST_SRV_KEY_RSA TEST_SRV_KEY_RSA_DER +#define TEST_SRV_PWD_RSA "" +#define TEST_SRV_CRT_RSA_SHA256 TEST_SRV_CRT_RSA_SHA256_DER +#define TEST_SRV_CRT_RSA_SHA1 TEST_SRV_CRT_RSA_SHA1_DER +#define TEST_SRV_KEY_EC TEST_SRV_KEY_EC_DER +#define TEST_SRV_PWD_EC "" +#define TEST_SRV_CRT_EC TEST_SRV_CRT_EC_DER + +/* DER encoded test client certificates and keys */ + +#define TEST_CLI_KEY_RSA TEST_CLI_KEY_RSA_DER +#define TEST_CLI_PWD_RSA "" +#define TEST_CLI_CRT_RSA TEST_CLI_CRT_RSA_DER +#define TEST_CLI_KEY_EC TEST_CLI_KEY_EC_DER +#define TEST_CLI_PWD_EC "" +#define TEST_CLI_CRT_EC TEST_CLI_CRT_EC_DER + +#endif /* MBEDTLS_PEM_PARSE_C */ + +const char mbedtls_test_ca_key_rsa[] = TEST_CA_KEY_RSA; +const char mbedtls_test_ca_pwd_rsa[] = TEST_CA_PWD_RSA; +const char mbedtls_test_ca_crt_rsa_sha256[] = TEST_CA_CRT_RSA_SHA256; +const char mbedtls_test_ca_crt_rsa_sha1[] = TEST_CA_CRT_RSA_SHA1; +const char mbedtls_test_ca_key_ec[] = TEST_CA_KEY_EC; +const char mbedtls_test_ca_pwd_ec[] = TEST_CA_PWD_EC; +const char mbedtls_test_ca_crt_ec[] = TEST_CA_CRT_EC; + +const char mbedtls_test_srv_key_rsa[] = TEST_SRV_KEY_RSA; +const char mbedtls_test_srv_pwd_rsa[] = TEST_SRV_PWD_RSA; +const char mbedtls_test_srv_crt_rsa_sha256[] = TEST_SRV_CRT_RSA_SHA256; +const char mbedtls_test_srv_crt_rsa_sha1[] = TEST_SRV_CRT_RSA_SHA1; +const char mbedtls_test_srv_key_ec[] = TEST_SRV_KEY_EC; +const char mbedtls_test_srv_pwd_ec[] = TEST_SRV_PWD_EC; +const char mbedtls_test_srv_crt_ec[] = TEST_SRV_CRT_EC; + +const char mbedtls_test_cli_key_rsa[] = TEST_CLI_KEY_RSA; +const char mbedtls_test_cli_pwd_rsa[] = TEST_CLI_PWD_RSA; +const char mbedtls_test_cli_crt_rsa[] = TEST_CLI_CRT_RSA; +const char mbedtls_test_cli_key_ec[] = TEST_CLI_KEY_EC; +const char mbedtls_test_cli_pwd_ec[] = TEST_CLI_PWD_EC; +const char mbedtls_test_cli_crt_ec[] = TEST_CLI_CRT_EC; + +const size_t mbedtls_test_ca_key_rsa_len = + sizeof( mbedtls_test_ca_key_rsa ); +const size_t mbedtls_test_ca_pwd_rsa_len = + sizeof( mbedtls_test_ca_pwd_rsa ) - 1; +const size_t mbedtls_test_ca_crt_rsa_sha256_len = + sizeof( mbedtls_test_ca_crt_rsa_sha256 ); +const size_t mbedtls_test_ca_crt_rsa_sha1_len = + sizeof( mbedtls_test_ca_crt_rsa_sha1 ); +const size_t mbedtls_test_ca_key_ec_len = + sizeof( mbedtls_test_ca_key_ec ); +const size_t mbedtls_test_ca_pwd_ec_len = + sizeof( mbedtls_test_ca_pwd_ec ) - 1; +const size_t mbedtls_test_ca_crt_ec_len = + sizeof( mbedtls_test_ca_crt_ec ); + +const size_t mbedtls_test_srv_key_rsa_len = + sizeof( mbedtls_test_srv_key_rsa ); +const size_t mbedtls_test_srv_pwd_rsa_len = + sizeof( mbedtls_test_srv_pwd_rsa ) -1; +const size_t mbedtls_test_srv_crt_rsa_sha256_len = + sizeof( mbedtls_test_srv_crt_rsa_sha256 ); +const size_t mbedtls_test_srv_crt_rsa_sha1_len = + sizeof( mbedtls_test_srv_crt_rsa_sha1 ); +const size_t mbedtls_test_srv_key_ec_len = + sizeof( mbedtls_test_srv_key_ec ); +const size_t mbedtls_test_srv_pwd_ec_len = + sizeof( mbedtls_test_srv_pwd_ec ) - 1; +const size_t mbedtls_test_srv_crt_ec_len = + sizeof( mbedtls_test_srv_crt_ec ); + +const size_t mbedtls_test_cli_key_rsa_len = + sizeof( mbedtls_test_cli_key_rsa ); +const size_t mbedtls_test_cli_pwd_rsa_len = + sizeof( mbedtls_test_cli_pwd_rsa ) - 1; +const size_t mbedtls_test_cli_crt_rsa_len = + sizeof( mbedtls_test_cli_crt_rsa ); +const size_t mbedtls_test_cli_key_ec_len = + sizeof( mbedtls_test_cli_key_ec ); +const size_t mbedtls_test_cli_pwd_ec_len = + sizeof( mbedtls_test_cli_pwd_ec ) - 1; +const size_t mbedtls_test_cli_crt_ec_len = + sizeof( mbedtls_test_cli_crt_ec ); + +/* + * Dispatch between SHA-1 and SHA-256 + */ + +#if defined(MBEDTLS_SHA256_C) +#define TEST_CA_CRT_RSA TEST_CA_CRT_RSA_SHA256 +#define TEST_SRV_CRT_RSA TEST_SRV_CRT_RSA_SHA256 +#else +#define TEST_CA_CRT_RSA TEST_CA_CRT_RSA_SHA1 +#define TEST_SRV_CRT_RSA TEST_SRV_CRT_RSA_SHA1 +#endif /* MBEDTLS_SHA256_C */ + +const char mbedtls_test_ca_crt_rsa[] = TEST_CA_CRT_RSA; +const char mbedtls_test_srv_crt_rsa[] = TEST_SRV_CRT_RSA; + +const size_t mbedtls_test_ca_crt_rsa_len = + sizeof( mbedtls_test_ca_crt_rsa ); +const size_t mbedtls_test_srv_crt_rsa_len = + sizeof( mbedtls_test_srv_crt_rsa ); + +/* + * Dispatch between RSA and EC + */ + +#if defined(MBEDTLS_RSA_C) + +#define TEST_CA_KEY TEST_CA_KEY_RSA +#define TEST_CA_PWD TEST_CA_PWD_RSA +#define TEST_CA_CRT TEST_CA_CRT_RSA + +#define TEST_SRV_KEY TEST_SRV_KEY_RSA +#define TEST_SRV_PWD TEST_SRV_PWD_RSA +#define TEST_SRV_CRT TEST_SRV_CRT_RSA + +#define TEST_CLI_KEY TEST_CLI_KEY_RSA +#define TEST_CLI_PWD TEST_CLI_PWD_RSA +#define TEST_CLI_CRT TEST_CLI_CRT_RSA + +#else /* no RSA, so assume ECDSA */ + +#define TEST_CA_KEY TEST_CA_KEY_EC +#define TEST_CA_PWD TEST_CA_PWD_EC +#define TEST_CA_CRT TEST_CA_CRT_EC + +#define TEST_SRV_KEY TEST_SRV_KEY_EC +#define TEST_SRV_PWD TEST_SRV_PWD_EC +#define TEST_SRV_CRT TEST_SRV_CRT_EC + +#define TEST_CLI_KEY TEST_CLI_KEY_EC +#define TEST_CLI_PWD TEST_CLI_PWD_EC +#define TEST_CLI_CRT TEST_CLI_CRT_EC + +#endif /* MBEDTLS_RSA_C */ + +/* API stability forces us to declare + * mbedtls_test_{ca|srv|cli}_{key|pwd|crt} + * as pointers. */ +static const char test_ca_key[] = TEST_CA_KEY; +static const char test_ca_pwd[] = TEST_CA_PWD; +static const char test_ca_crt[] = TEST_CA_CRT; + +static const char test_srv_key[] = TEST_SRV_KEY; +static const char test_srv_pwd[] = TEST_SRV_PWD; +static const char test_srv_crt[] = TEST_SRV_CRT; + +static const char test_cli_key[] = TEST_CLI_KEY; +static const char test_cli_pwd[] = TEST_CLI_PWD; +static const char test_cli_crt[] = TEST_CLI_CRT; + +const char *mbedtls_test_ca_key = test_ca_key; +const char *mbedtls_test_ca_pwd = test_ca_pwd; +const char *mbedtls_test_ca_crt = test_ca_crt; + +const char *mbedtls_test_srv_key = test_srv_key; +const char *mbedtls_test_srv_pwd = test_srv_pwd; +const char *mbedtls_test_srv_crt = test_srv_crt; + +const char *mbedtls_test_cli_key = test_cli_key; +const char *mbedtls_test_cli_pwd = test_cli_pwd; +const char *mbedtls_test_cli_crt = test_cli_crt; + +const size_t mbedtls_test_ca_key_len = + sizeof( test_ca_key ); +const size_t mbedtls_test_ca_pwd_len = + sizeof( test_ca_pwd ) - 1; +const size_t mbedtls_test_ca_crt_len = + sizeof( test_ca_crt ); + +const size_t mbedtls_test_srv_key_len = + sizeof( test_srv_key ); +const size_t mbedtls_test_srv_pwd_len = + sizeof( test_srv_pwd ) - 1; +const size_t mbedtls_test_srv_crt_len = + sizeof( test_srv_crt ); + +const size_t mbedtls_test_cli_key_len = + sizeof( test_cli_key ); +const size_t mbedtls_test_cli_pwd_len = + sizeof( test_cli_pwd ) - 1; +const size_t mbedtls_test_cli_crt_len = + sizeof( test_cli_crt ); + +/* + * + * Lists of certificates + * + */ + +/* List of CAs in PEM or DER, depending on config */ +const char * mbedtls_test_cas[] = { +#if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_SHA1_C) + mbedtls_test_ca_crt_rsa_sha1, +#endif +#if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_SHA256_C) + mbedtls_test_ca_crt_rsa_sha256, +#endif +#if defined(MBEDTLS_ECDSA_C) + mbedtls_test_ca_crt_ec, +#endif + NULL +}; +const size_t mbedtls_test_cas_len[] = { +#if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_SHA1_C) + sizeof( mbedtls_test_ca_crt_rsa_sha1 ), +#endif +#if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_SHA256_C) + sizeof( mbedtls_test_ca_crt_rsa_sha256 ), +#endif +#if defined(MBEDTLS_ECDSA_C) + sizeof( mbedtls_test_ca_crt_ec ), +#endif + 0 +}; + +/* List of all available CA certificates in DER format */ +const unsigned char * mbedtls_test_cas_der[] = { +#if defined(MBEDTLS_RSA_C) +#if defined(MBEDTLS_SHA256_C) + mbedtls_test_ca_crt_rsa_sha256_der, +#endif /* MBEDTLS_SHA256_C */ +#if defined(MBEDTLS_SHA1_C) + mbedtls_test_ca_crt_rsa_sha1_der, +#endif /* MBEDTLS_SHA1_C */ +#endif /* MBEDTLS_RSA_C */ +#if defined(MBEDTLS_ECDSA_C) + mbedtls_test_ca_crt_ec_der, +#endif /* MBEDTLS_ECDSA_C */ + NULL +}; + +const size_t mbedtls_test_cas_der_len[] = { +#if defined(MBEDTLS_RSA_C) +#if defined(MBEDTLS_SHA256_C) + sizeof( mbedtls_test_ca_crt_rsa_sha256_der ), +#endif /* MBEDTLS_SHA256_C */ +#if defined(MBEDTLS_SHA1_C) + sizeof( mbedtls_test_ca_crt_rsa_sha1_der ), +#endif /* MBEDTLS_SHA1_C */ +#endif /* MBEDTLS_RSA_C */ +#if defined(MBEDTLS_ECDSA_C) + sizeof( mbedtls_test_ca_crt_ec_der ), +#endif /* MBEDTLS_ECDSA_C */ + 0 +}; + +/* Concatenation of all available CA certificates in PEM format */ +#if defined(MBEDTLS_PEM_PARSE_C) +const char mbedtls_test_cas_pem[] = +#if defined(MBEDTLS_RSA_C) +#if defined(MBEDTLS_SHA256_C) + TEST_CA_CRT_RSA_SHA256_PEM +#endif /* MBEDTLS_SHA256_C */ +#if defined(MBEDTLS_SHA1_C) + TEST_CA_CRT_RSA_SHA1_PEM +#endif /* MBEDTLS_SHA1_C */ +#endif /* MBEDTLS_RSA_C */ +#if defined(MBEDTLS_ECDSA_C) + TEST_CA_CRT_EC_PEM +#endif /* MBEDTLS_ECDSA_C */ + ""; +const size_t mbedtls_test_cas_pem_len = sizeof( mbedtls_test_cas_pem ); +#endif /* MBEDTLS_PEM_PARSE_C */ + +#endif /* MBEDTLS_CERTS_C */ diff --git a/components/mbedtls/port/dynamic/esp_mbedtls_dynamic_impl.c b/components/mbedtls/port/dynamic/esp_mbedtls_dynamic_impl.c index e6329c5a425..2252b79ab7a 100644 --- a/components/mbedtls/port/dynamic/esp_mbedtls_dynamic_impl.c +++ b/components/mbedtls/port/dynamic/esp_mbedtls_dynamic_impl.c @@ -44,8 +44,8 @@ static void esp_mbedtls_init_ssl_buf(struct esp_mbedtls_ssl_buf *buf, unsigned i static void esp_mbedtls_parse_record_header(mbedtls_ssl_context *ssl) { - ssl->in_msgtype = ssl->in_hdr[0]; - ssl->in_msglen = (ssl->in_len[0] << 8) | ssl->in_len[1]; + ssl->MBEDTLS_PRIVATE(in_msgtype) = ssl->MBEDTLS_PRIVATE(in_hdr)[0]; + ssl->MBEDTLS_PRIVATE(in_msglen) = (ssl->MBEDTLS_PRIVATE(in_len)[0] << 8) | ssl->MBEDTLS_PRIVATE(in_len)[1]; } static int tx_buffer_len(mbedtls_ssl_context *ssl, int len) @@ -56,92 +56,92 @@ static int tx_buffer_len(mbedtls_ssl_context *ssl, int len) return MBEDTLS_SSL_OUT_BUFFER_LEN; } else { return len + MBEDTLS_SSL_HEADER_LEN - + MBEDTLS_SSL_COMPRESSION_ADD + MBEDTLS_MAX_IV_LENGTH + MBEDTLS_SSL_MAC_ADD - + MBEDTLS_SSL_PADDING_ADD; + + MBEDTLS_SSL_PADDING_ADD + + MBEDTLS_SSL_MAX_CID_EXPANSION; } } static void init_tx_buffer(mbedtls_ssl_context *ssl, unsigned char *buf) { /** - * In mbedtls, ssl->out_msg = ssl->out_buf + offset; + * In mbedtls, ssl->MBEDTLS_PRIVATE(out_msg) = ssl->MBEDTLS_PRIVATE(out_buf) + offset; */ if (!buf) { - int out_msg_off = (int)ssl->out_msg - (int)ssl->out_buf; + int out_msg_off = (int)ssl->MBEDTLS_PRIVATE(out_msg) - (int)ssl->MBEDTLS_PRIVATE(out_buf); if (!out_msg_off) { out_msg_off = MBEDTLS_SSL_HEADER_LEN; } - ssl->out_buf = NULL; - ssl->out_ctr = NULL; - ssl->out_hdr = NULL; - ssl->out_len = NULL; - ssl->out_iv = NULL; - ssl->out_msg = (unsigned char *)out_msg_off; + ssl->MBEDTLS_PRIVATE(out_buf) = NULL; + ssl->MBEDTLS_PRIVATE(out_ctr) = NULL; + ssl->MBEDTLS_PRIVATE(out_hdr) = NULL; + ssl->MBEDTLS_PRIVATE(out_len) = NULL; + ssl->MBEDTLS_PRIVATE(out_iv) = NULL; + ssl->MBEDTLS_PRIVATE(out_msg) = (unsigned char *)out_msg_off; } else { - int out_msg_off = (int)ssl->out_msg; + int out_msg_off = (int)ssl->MBEDTLS_PRIVATE(out_msg); - ssl->out_buf = buf; - ssl->out_ctr = ssl->out_buf; - ssl->out_hdr = ssl->out_buf + 8; - ssl->out_len = ssl->out_buf + 11; - ssl->out_iv = ssl->out_buf + MBEDTLS_SSL_HEADER_LEN; - ssl->out_msg = ssl->out_buf + out_msg_off; + ssl->MBEDTLS_PRIVATE(out_buf) = buf; + ssl->MBEDTLS_PRIVATE(out_ctr) = ssl->MBEDTLS_PRIVATE(out_buf); + ssl->MBEDTLS_PRIVATE(out_hdr) = ssl->MBEDTLS_PRIVATE(out_buf) + 8; + ssl->MBEDTLS_PRIVATE(out_len) = ssl->MBEDTLS_PRIVATE(out_buf) + 11; + ssl->MBEDTLS_PRIVATE(out_iv) = ssl->MBEDTLS_PRIVATE(out_buf) + MBEDTLS_SSL_HEADER_LEN; + ssl->MBEDTLS_PRIVATE(out_msg) = ssl->MBEDTLS_PRIVATE(out_buf) + out_msg_off; ESP_LOGV(TAG, "out msg offset is %d", out_msg_off); } - ssl->out_msgtype = 0; - ssl->out_msglen = 0; - ssl->out_left = 0; + ssl->MBEDTLS_PRIVATE(out_msgtype) = 0; + ssl->MBEDTLS_PRIVATE(out_msglen) = 0; + ssl->MBEDTLS_PRIVATE(out_left) = 0; } static void init_rx_buffer(mbedtls_ssl_context *ssl, unsigned char *buf) { /** - * In mbedtls, ssl->in_msg = ssl->in_buf + offset; + * In mbedtls, ssl->MBEDTLS_PRIVATE(in_msg) = ssl->MBEDTLS_PRIVATE(in_buf) + offset; */ if (!buf) { - int in_msg_off = (int)ssl->in_msg - (int)ssl->in_buf; + int in_msg_off = (int)ssl->MBEDTLS_PRIVATE(in_msg) - (int)ssl->MBEDTLS_PRIVATE(in_buf); if (!in_msg_off) { in_msg_off = MBEDTLS_SSL_HEADER_LEN; } - ssl->in_buf = NULL; - ssl->in_ctr = NULL; - ssl->in_hdr = NULL; - ssl->in_len = NULL; - ssl->in_iv = NULL; - ssl->in_msg = (unsigned char *)in_msg_off; + ssl->MBEDTLS_PRIVATE(in_buf) = NULL; + ssl->MBEDTLS_PRIVATE(in_ctr) = NULL; + ssl->MBEDTLS_PRIVATE(in_hdr) = NULL; + ssl->MBEDTLS_PRIVATE(in_len) = NULL; + ssl->MBEDTLS_PRIVATE(in_iv) = NULL; + ssl->MBEDTLS_PRIVATE(in_msg) = (unsigned char *)in_msg_off; } else { - int in_msg_off = (int)ssl->in_msg; + int in_msg_off = (int)ssl->MBEDTLS_PRIVATE(in_msg); - ssl->in_buf = buf; - ssl->in_ctr = ssl->in_buf; - ssl->in_hdr = ssl->in_buf + 8; - ssl->in_len = ssl->in_buf + 11; - ssl->in_iv = ssl->in_buf + MBEDTLS_SSL_HEADER_LEN; - ssl->in_msg = ssl->in_buf + in_msg_off; + ssl->MBEDTLS_PRIVATE(in_buf) = buf; + ssl->MBEDTLS_PRIVATE(in_ctr) = ssl->MBEDTLS_PRIVATE(in_buf); + ssl->MBEDTLS_PRIVATE(in_hdr) = ssl->MBEDTLS_PRIVATE(in_buf) + 8; + ssl->MBEDTLS_PRIVATE(in_len) = ssl->MBEDTLS_PRIVATE(in_buf) + 11; + ssl->MBEDTLS_PRIVATE(in_iv) = ssl->MBEDTLS_PRIVATE(in_buf) + MBEDTLS_SSL_HEADER_LEN; + ssl->MBEDTLS_PRIVATE(in_msg) = ssl->MBEDTLS_PRIVATE(in_buf) + in_msg_off; ESP_LOGV(TAG, "in msg offset is %d", in_msg_off); } - ssl->in_msgtype = 0; - ssl->in_msglen = 0; - ssl->in_left = 0; + ssl->MBEDTLS_PRIVATE(in_msgtype) = 0; + ssl->MBEDTLS_PRIVATE(in_msglen) = 0; + ssl->MBEDTLS_PRIVATE(in_left) = 0; } static int esp_mbedtls_alloc_tx_buf(mbedtls_ssl_context *ssl, int len) { struct esp_mbedtls_ssl_buf *esp_buf; - if (ssl->out_buf) { - esp_mbedtls_free_buf(ssl->out_buf); - ssl->out_buf = NULL; + if (ssl->MBEDTLS_PRIVATE(out_buf)) { + esp_mbedtls_free_buf(ssl->MBEDTLS_PRIVATE(out_buf)); + ssl->MBEDTLS_PRIVATE(out_buf) = NULL; } esp_buf = mbedtls_calloc(1, SSL_BUF_HEAD_OFFSET_SIZE + len); @@ -154,11 +154,11 @@ static int esp_mbedtls_alloc_tx_buf(mbedtls_ssl_context *ssl, int len) esp_mbedtls_init_ssl_buf(esp_buf, len); /** - * Mark the out_msg offset from ssl->out_buf. + * Mark the out_msg offset from ssl->MBEDTLS_PRIVATE(out_buf). * - * In mbedtls, ssl->out_msg = ssl->out_buf + offset; + * In mbedtls, ssl->MBEDTLS_PRIVATE(out_msg) = ssl->MBEDTLS_PRIVATE(out_buf) + offset; */ - ssl->out_msg = (unsigned char *)MBEDTLS_SSL_HEADER_LEN; + ssl->MBEDTLS_PRIVATE(out_msg) = (unsigned char *)MBEDTLS_SSL_HEADER_LEN; init_tx_buffer(ssl, esp_buf->buf); @@ -170,14 +170,14 @@ int esp_mbedtls_setup_tx_buffer(mbedtls_ssl_context *ssl) CHECK_OK(esp_mbedtls_alloc_tx_buf(ssl, TX_IDLE_BUFFER_SIZE)); /* mark the out buffer has no data cached */ - esp_mbedtls_set_buf_state(ssl->out_buf, ESP_MBEDTLS_SSL_BUF_NO_CACHED); + esp_mbedtls_set_buf_state(ssl->MBEDTLS_PRIVATE(out_buf), ESP_MBEDTLS_SSL_BUF_NO_CACHED); return 0; } void esp_mbedtls_setup_rx_buffer(mbedtls_ssl_context *ssl) { - ssl->in_msg = ssl->in_buf = NULL; + ssl->MBEDTLS_PRIVATE(in_msg) = ssl->MBEDTLS_PRIVATE(in_buf) = NULL; init_rx_buffer(ssl, NULL); } @@ -188,7 +188,7 @@ int esp_mbedtls_reset_add_tx_buffer(mbedtls_ssl_context *ssl) int esp_mbedtls_reset_free_tx_buffer(mbedtls_ssl_context *ssl) { - esp_mbedtls_free_buf(ssl->out_buf); + esp_mbedtls_free_buf(ssl->MBEDTLS_PRIVATE(out_buf)); init_tx_buffer(ssl, NULL); CHECK_OK(esp_mbedtls_setup_tx_buffer(ssl)); @@ -200,9 +200,9 @@ int esp_mbedtls_reset_add_rx_buffer(mbedtls_ssl_context *ssl) { struct esp_mbedtls_ssl_buf *esp_buf; - if (ssl->in_buf) { - esp_mbedtls_free_buf(ssl->in_buf); - ssl->in_buf = NULL; + if (ssl->MBEDTLS_PRIVATE(in_buf)) { + esp_mbedtls_free_buf(ssl->MBEDTLS_PRIVATE(in_buf)); + ssl->MBEDTLS_PRIVATE(in_buf) = NULL; } esp_buf = mbedtls_calloc(1, SSL_BUF_HEAD_OFFSET_SIZE + MBEDTLS_SSL_IN_BUFFER_LEN); @@ -215,11 +215,11 @@ int esp_mbedtls_reset_add_rx_buffer(mbedtls_ssl_context *ssl) esp_mbedtls_init_ssl_buf(esp_buf, MBEDTLS_SSL_IN_BUFFER_LEN); /** - * Mark the in_msg offset from ssl->in_buf. + * Mark the in_msg offset from ssl->MBEDTLS_PRIVATE(in_buf). * - * In mbedtls, ssl->in_msg = ssl->in_buf + offset; + * In mbedtls, ssl->MBEDTLS_PRIVATE(in_msg) = ssl->MBEDTLS_PRIVATE(in_buf) + offset; */ - ssl->in_msg = (unsigned char *)MBEDTLS_SSL_HEADER_LEN; + ssl->MBEDTLS_PRIVATE(in_msg) = (unsigned char *)MBEDTLS_SSL_HEADER_LEN; init_rx_buffer(ssl, esp_buf->buf); @@ -228,7 +228,7 @@ int esp_mbedtls_reset_add_rx_buffer(mbedtls_ssl_context *ssl) void esp_mbedtls_reset_free_rx_buffer(mbedtls_ssl_context *ssl) { - esp_mbedtls_free_buf(ssl->in_buf); + esp_mbedtls_free_buf(ssl->MBEDTLS_PRIVATE(in_buf)); init_rx_buffer(ssl, NULL); } @@ -241,14 +241,14 @@ int esp_mbedtls_add_tx_buffer(mbedtls_ssl_context *ssl, size_t buffer_len) ESP_LOGV(TAG, "--> add out"); - if (ssl->out_buf) { - if (esp_mbedtls_get_buf_state(ssl->out_buf) == ESP_MBEDTLS_SSL_BUF_CACHED) { + if (ssl->MBEDTLS_PRIVATE(out_buf)) { + if (esp_mbedtls_get_buf_state(ssl->MBEDTLS_PRIVATE(out_buf)) == ESP_MBEDTLS_SSL_BUF_CACHED) { ESP_LOGV(TAG, "out buffer is not empty"); ret = 0; goto exit; } else { - memcpy(cache_buf, ssl->out_buf, CACHE_BUFFER_SIZE); - esp_mbedtls_free_buf(ssl->out_buf); + memcpy(cache_buf, ssl->MBEDTLS_PRIVATE(out_buf), CACHE_BUFFER_SIZE); + esp_mbedtls_free_buf(ssl->MBEDTLS_PRIVATE(out_buf)); init_tx_buffer(ssl, NULL); cached = 1; } @@ -269,11 +269,11 @@ int esp_mbedtls_add_tx_buffer(mbedtls_ssl_context *ssl, size_t buffer_len) init_tx_buffer(ssl, esp_buf->buf); if (cached) { - memcpy(ssl->out_ctr, cache_buf, COUNTER_SIZE); - memcpy(ssl->out_iv, cache_buf + COUNTER_SIZE, CACHE_IV_SIZE); + memcpy(ssl->MBEDTLS_PRIVATE(out_ctr), cache_buf, COUNTER_SIZE); + memcpy(ssl->MBEDTLS_PRIVATE(out_iv), cache_buf + COUNTER_SIZE, CACHE_IV_SIZE); } - ESP_LOGV(TAG, "ssl->out_buf=%p ssl->out_msg=%p", ssl->out_buf, ssl->out_msg); + ESP_LOGV(TAG, "ssl->MBEDTLS_PRIVATE(out_buf)=%p ssl->MBEDTLS_PRIVATE(out_msg)=%p", ssl->MBEDTLS_PRIVATE(out_buf), ssl->MBEDTLS_PRIVATE(out_msg)); exit: ESP_LOGV(TAG, "<-- add out"); @@ -290,15 +290,15 @@ int esp_mbedtls_free_tx_buffer(mbedtls_ssl_context *ssl) ESP_LOGV(TAG, "--> free out"); - if (!ssl->out_buf || (ssl->out_buf && (esp_mbedtls_get_buf_state(ssl->out_buf) == ESP_MBEDTLS_SSL_BUF_NO_CACHED))) { + if (!ssl->MBEDTLS_PRIVATE(out_buf) || (ssl->MBEDTLS_PRIVATE(out_buf) && (esp_mbedtls_get_buf_state(ssl->MBEDTLS_PRIVATE(out_buf)) == ESP_MBEDTLS_SSL_BUF_NO_CACHED))) { ret = 0; goto exit; } - memcpy(buf, ssl->out_ctr, COUNTER_SIZE); - memcpy(buf + COUNTER_SIZE, ssl->out_iv, CACHE_IV_SIZE); + memcpy(buf, ssl->MBEDTLS_PRIVATE(out_ctr), COUNTER_SIZE); + memcpy(buf + COUNTER_SIZE, ssl->MBEDTLS_PRIVATE(out_iv), CACHE_IV_SIZE); - esp_mbedtls_free_buf(ssl->out_buf); + esp_mbedtls_free_buf(ssl->MBEDTLS_PRIVATE(out_buf)); init_tx_buffer(ssl, NULL); esp_buf = mbedtls_calloc(1, SSL_BUF_HEAD_OFFSET_SIZE + TX_IDLE_BUFFER_SIZE); @@ -310,7 +310,7 @@ int esp_mbedtls_free_tx_buffer(mbedtls_ssl_context *ssl) esp_mbedtls_init_ssl_buf(esp_buf, TX_IDLE_BUFFER_SIZE); memcpy(esp_buf->buf, buf, CACHE_BUFFER_SIZE); init_tx_buffer(ssl, esp_buf->buf); - esp_mbedtls_set_buf_state(ssl->out_buf, ESP_MBEDTLS_SSL_BUF_NO_CACHED); + esp_mbedtls_set_buf_state(ssl->MBEDTLS_PRIVATE(out_buf), ESP_MBEDTLS_SSL_BUF_NO_CACHED); exit: ESP_LOGV(TAG, "<-- free out"); @@ -329,8 +329,8 @@ int esp_mbedtls_add_rx_buffer(mbedtls_ssl_context *ssl) ESP_LOGV(TAG, "--> add rx"); - if (ssl->in_buf) { - if (esp_mbedtls_get_buf_state(ssl->in_buf) == ESP_MBEDTLS_SSL_BUF_CACHED) { + if (ssl->MBEDTLS_PRIVATE(in_buf)) { + if (esp_mbedtls_get_buf_state(ssl->MBEDTLS_PRIVATE(in_buf)) == ESP_MBEDTLS_SSL_BUF_CACHED) { ESP_LOGV(TAG, "in buffer is not empty"); ret = 0; goto exit; @@ -339,8 +339,8 @@ int esp_mbedtls_add_rx_buffer(mbedtls_ssl_context *ssl) } } - ssl->in_hdr = msg_head; - ssl->in_len = msg_head + 3; + ssl->MBEDTLS_PRIVATE(in_hdr) = msg_head; + ssl->MBEDTLS_PRIVATE(in_len) = msg_head + 3; if ((ret = mbedtls_ssl_fetch_input(ssl, mbedtls_ssl_in_hdr_len(ssl))) != 0) { if (ret == MBEDTLS_ERR_SSL_TIMEOUT) { @@ -356,16 +356,16 @@ int esp_mbedtls_add_rx_buffer(mbedtls_ssl_context *ssl) esp_mbedtls_parse_record_header(ssl); - in_left = ssl->in_left; - in_msglen = ssl->in_msglen; + in_left = ssl->MBEDTLS_PRIVATE(in_left); + in_msglen = ssl->MBEDTLS_PRIVATE(in_msglen); buffer_len = tx_buffer_len(ssl, in_msglen); ESP_LOGV(TAG, "message length is %d RX buffer length should be %d left is %d", - (int)in_msglen, (int)buffer_len, (int)ssl->in_left); + (int)in_msglen, (int)buffer_len, (int)ssl->MBEDTLS_PRIVATE(in_left)); if (cached) { - memcpy(cache_buf, ssl->in_buf, 16); - esp_mbedtls_free_buf(ssl->in_buf); + memcpy(cache_buf, ssl->MBEDTLS_PRIVATE(in_buf), 16); + esp_mbedtls_free_buf(ssl->MBEDTLS_PRIVATE(in_buf)); init_rx_buffer(ssl, NULL); } @@ -382,13 +382,13 @@ int esp_mbedtls_add_rx_buffer(mbedtls_ssl_context *ssl) init_rx_buffer(ssl, esp_buf->buf); if (cached) { - memcpy(ssl->in_ctr, cache_buf, 8); - memcpy(ssl->in_iv, cache_buf + 8, 8); + memcpy(ssl->MBEDTLS_PRIVATE(in_ctr), cache_buf, 8); + memcpy(ssl->MBEDTLS_PRIVATE(in_iv), cache_buf + 8, 8); } - memcpy(ssl->in_hdr, msg_head, in_left); - ssl->in_left = in_left; - ssl->in_msglen = 0; + memcpy(ssl->MBEDTLS_PRIVATE(in_hdr), msg_head, in_left); + ssl->MBEDTLS_PRIVATE(in_left) = in_left; + ssl->MBEDTLS_PRIVATE(in_msglen) = 0; exit: ESP_LOGV(TAG, "<-- add rx"); @@ -407,23 +407,23 @@ int esp_mbedtls_free_rx_buffer(mbedtls_ssl_context *ssl) /** * When have read multi messages once, can't free the input buffer directly. */ - if (!ssl->in_buf || (ssl->in_hslen && (ssl->in_hslen < ssl->in_msglen)) || - (ssl->in_buf && (esp_mbedtls_get_buf_state(ssl->in_buf) == ESP_MBEDTLS_SSL_BUF_NO_CACHED))) { + if (!ssl->MBEDTLS_PRIVATE(in_buf) || (ssl->MBEDTLS_PRIVATE(in_hslen) && (ssl->MBEDTLS_PRIVATE(in_hslen) < ssl->MBEDTLS_PRIVATE(in_msglen))) || + (ssl->MBEDTLS_PRIVATE(in_buf) && (esp_mbedtls_get_buf_state(ssl->MBEDTLS_PRIVATE(in_buf)) == ESP_MBEDTLS_SSL_BUF_NO_CACHED))) { ret = 0; goto exit; } /** - * The previous processing is just skipped, so "ssl->in_msglen = 0" + * The previous processing is just skipped, so "ssl->MBEDTLS_PRIVATE(in_msglen) = 0" */ - if (!ssl->in_msgtype) { + if (!ssl->MBEDTLS_PRIVATE(in_msgtype)) { goto exit; } - memcpy(buf, ssl->in_ctr, 8); - memcpy(buf + 8, ssl->in_iv, 8); + memcpy(buf, ssl->MBEDTLS_PRIVATE(in_ctr), 8); + memcpy(buf + 8, ssl->MBEDTLS_PRIVATE(in_iv), 8); - esp_mbedtls_free_buf(ssl->in_buf); + esp_mbedtls_free_buf(ssl->MBEDTLS_PRIVATE(in_buf)); init_rx_buffer(ssl, NULL); esp_buf = mbedtls_calloc(1, SSL_BUF_HEAD_OFFSET_SIZE + 16); @@ -436,7 +436,7 @@ int esp_mbedtls_free_rx_buffer(mbedtls_ssl_context *ssl) esp_mbedtls_init_ssl_buf(esp_buf, 16); memcpy(esp_buf->buf, buf, 16); init_rx_buffer(ssl, esp_buf->buf); - esp_mbedtls_set_buf_state(ssl->in_buf, ESP_MBEDTLS_SSL_BUF_NO_CACHED); + esp_mbedtls_set_buf_state(ssl->MBEDTLS_PRIVATE(in_buf), ESP_MBEDTLS_SSL_BUF_NO_CACHED); exit: ESP_LOGV(TAG, "<-- free rx"); @@ -449,10 +449,10 @@ size_t esp_mbedtls_get_crt_size(mbedtls_x509_crt *cert, size_t *num) size_t bytes = 0; while (cert) { - bytes += cert->raw.len; + bytes += cert->MBEDTLS_PRIVATE(raw).MBEDTLS_PRIVATE(len); n++; - cert = cert->next; + cert = cert->MBEDTLS_PRIVATE(next); } *num = n; @@ -464,15 +464,15 @@ size_t esp_mbedtls_get_crt_size(mbedtls_x509_crt *cert, size_t *num) void esp_mbedtls_free_dhm(mbedtls_ssl_context *ssl) { #ifdef CONFIG_MBEDTLS_DHM_C - mbedtls_mpi_free((mbedtls_mpi *)&ssl->conf->dhm_P); - mbedtls_mpi_free((mbedtls_mpi *)&ssl->conf->dhm_G); + mbedtls_mpi_free((mbedtls_mpi *)&ssl->MBEDTLS_PRIVATE(conf)->MBEDTLS_PRIVATE(dhm_P)); + mbedtls_mpi_free((mbedtls_mpi *)&ssl->MBEDTLS_PRIVATE(conf)->MBEDTLS_PRIVATE(dhm_G)); #endif /* CONFIG_MBEDTLS_DHM_C */ } void esp_mbedtls_free_keycert(mbedtls_ssl_context *ssl) { - mbedtls_ssl_config *conf = (mbedtls_ssl_config *)ssl->conf; - mbedtls_ssl_key_cert *keycert = conf->key_cert, *next; + mbedtls_ssl_config *conf = (mbedtls_ssl_config *)ssl->MBEDTLS_PRIVATE(conf); + mbedtls_ssl_key_cert *keycert = conf->MBEDTLS_PRIVATE(key_cert), *next; while (keycert) { next = keycert->next; @@ -484,12 +484,12 @@ void esp_mbedtls_free_keycert(mbedtls_ssl_context *ssl) keycert = next; } - conf->key_cert = NULL; + conf->MBEDTLS_PRIVATE(key_cert) = NULL; } void esp_mbedtls_free_keycert_key(mbedtls_ssl_context *ssl) { - mbedtls_ssl_key_cert *keycert = ssl->conf->key_cert; + mbedtls_ssl_key_cert *keycert = ssl->MBEDTLS_PRIVATE(conf)->MBEDTLS_PRIVATE(key_cert); while (keycert) { if (keycert->key) { @@ -502,7 +502,7 @@ void esp_mbedtls_free_keycert_key(mbedtls_ssl_context *ssl) void esp_mbedtls_free_keycert_cert(mbedtls_ssl_context *ssl) { - mbedtls_ssl_key_cert *keycert = ssl->conf->key_cert; + mbedtls_ssl_key_cert *keycert = ssl->MBEDTLS_PRIVATE(conf)->MBEDTLS_PRIVATE(key_cert); while (keycert) { if (keycert->cert) { @@ -517,11 +517,11 @@ void esp_mbedtls_free_keycert_cert(mbedtls_ssl_context *ssl) #ifdef CONFIG_MBEDTLS_DYNAMIC_FREE_CA_CERT void esp_mbedtls_free_cacert(mbedtls_ssl_context *ssl) { - if (ssl->conf->ca_chain) { - mbedtls_ssl_config *conf = (mbedtls_ssl_config *)ssl->conf; + if (ssl->MBEDTLS_PRIVATE(conf)->MBEDTLS_PRIVATE(ca_chain)) { + mbedtls_ssl_config *conf = (mbedtls_ssl_config *)ssl->MBEDTLS_PRIVATE(conf); - mbedtls_x509_crt_free(conf->ca_chain); - conf->ca_chain = NULL; + mbedtls_x509_crt_free(conf->MBEDTLS_PRIVATE(ca_chain)); + conf->MBEDTLS_PRIVATE(ca_chain) = NULL; } } #endif /* CONFIG_MBEDTLS_DYNAMIC_FREE_CA_CERT */ diff --git a/components/mbedtls/port/dynamic/esp_mbedtls_dynamic_impl.h b/components/mbedtls/port/dynamic/esp_mbedtls_dynamic_impl.h index 5dac6dd188e..0e1bc37f7a4 100644 --- a/components/mbedtls/port/dynamic/esp_mbedtls_dynamic_impl.h +++ b/components/mbedtls/port/dynamic/esp_mbedtls_dynamic_impl.h @@ -3,14 +3,20 @@ * * SPDX-License-Identifier: Apache-2.0 */ - #ifndef _DYNAMIC_IMPL_H_ #define _DYNAMIC_IMPL_H_ #include #include +/* ToDo - Remove this once appropriate solution is available. +We need to define this for the file as ssl_misc.h uses private structures from mbedtls, +which are undefined if the following flag is not defined */ +/* Many APIs in the file make use of this flag instead of `MBEDTLS_PRIVATE` */ +/* ToDo - Replace them with proper getter-setter once they are added */ +#define MBEDTLS_ALLOW_PRIVATE_ACCESS + #include "mbedtls/ssl.h" -#include "mbedtls/ssl_internal.h" +#include "ssl_misc.h" // located at mbedtls/library/ssl_misc.h #include "mbedtls/platform.h" #include "esp_log.h" diff --git a/components/mbedtls/port/dynamic/esp_ssl_cli.c b/components/mbedtls/port/dynamic/esp_ssl_cli.c index ddad9b44d31..615525b2714 100644 --- a/components/mbedtls/port/dynamic/esp_ssl_cli.c +++ b/components/mbedtls/port/dynamic/esp_ssl_cli.c @@ -15,14 +15,14 @@ static const char *TAG = "SSL client"; static int manage_resource(mbedtls_ssl_context *ssl, bool add) { - int state = add ? ssl->state : ssl->state - 1; + int state = add ? ssl->MBEDTLS_PRIVATE(state) : ssl->MBEDTLS_PRIVATE(state) - 1; - if (ssl->state == MBEDTLS_SSL_HANDSHAKE_OVER || ssl->handshake == NULL) { + if (ssl->MBEDTLS_PRIVATE(state) == MBEDTLS_SSL_HANDSHAKE_OVER || ssl->MBEDTLS_PRIVATE(handshake) == NULL) { return 0; } if (!add) { - if (!ssl->out_left) { + if (!ssl->MBEDTLS_PRIVATE(out_left)) { CHECK_OK(esp_mbedtls_free_tx_buffer(ssl)); } } @@ -61,25 +61,25 @@ static int manage_resource(mbedtls_ssl_context *ssl, bool add) if (add) { CHECK_OK(esp_mbedtls_add_rx_buffer(ssl)); } else { - if (!ssl->keep_current_message) { + if (!ssl->MBEDTLS_PRIVATE(keep_current_message)) { CHECK_OK(esp_mbedtls_free_rx_buffer(ssl)); } } break; case MBEDTLS_SSL_CERTIFICATE_REQUEST: if (add) { - if (!ssl->keep_current_message) { + if (!ssl->MBEDTLS_PRIVATE(keep_current_message)) { CHECK_OK(esp_mbedtls_add_rx_buffer(ssl)); } } else { - if (!ssl->keep_current_message) { + if (!ssl->MBEDTLS_PRIVATE(keep_current_message)) { CHECK_OK(esp_mbedtls_free_rx_buffer(ssl)); } } break; case MBEDTLS_SSL_SERVER_HELLO_DONE: if (add) { - if (!ssl->keep_current_message) { + if (!ssl->MBEDTLS_PRIVATE(keep_current_message)) { CHECK_OK(esp_mbedtls_add_rx_buffer(ssl)); } } else { @@ -91,7 +91,7 @@ static int manage_resource(mbedtls_ssl_context *ssl, bool add) case MBEDTLS_SSL_CLIENT_CERTIFICATE: if (add) { size_t buffer_len = 3; - mbedtls_ssl_key_cert *key_cert = ssl->conf->key_cert; + mbedtls_ssl_key_cert *key_cert = ssl->MBEDTLS_PRIVATE(conf)->MBEDTLS_PRIVATE(key_cert); while (key_cert && key_cert->cert) { size_t num; diff --git a/components/mbedtls/port/dynamic/esp_ssl_srv.c b/components/mbedtls/port/dynamic/esp_ssl_srv.c index 84bbd59682e..d64629bd00f 100644 --- a/components/mbedtls/port/dynamic/esp_ssl_srv.c +++ b/components/mbedtls/port/dynamic/esp_ssl_srv.c @@ -14,21 +14,21 @@ static const char *TAG = "SSL Server"; static int manage_resource(mbedtls_ssl_context *ssl, bool add) { - int state = add ? ssl->state : ssl->state - 1; + int state = add ? ssl->MBEDTLS_PRIVATE(state) : ssl->MBEDTLS_PRIVATE(state) - 1; - if (ssl->state == MBEDTLS_SSL_HANDSHAKE_OVER || ssl->handshake == NULL) { + if (ssl->MBEDTLS_PRIVATE(state) == MBEDTLS_SSL_HANDSHAKE_OVER || ssl->MBEDTLS_PRIVATE(handshake) == NULL) { return 0; } if (!add) { - if (!ssl->out_left) { + if (!ssl->MBEDTLS_PRIVATE(out_left)) { CHECK_OK(esp_mbedtls_free_tx_buffer(ssl)); } } switch (state) { case MBEDTLS_SSL_HELLO_REQUEST: - ssl->major_ver = MBEDTLS_SSL_MAJOR_VERSION_3; + ssl->MBEDTLS_PRIVATE(major_ver) = MBEDTLS_SSL_MAJOR_VERSION_3; break; case MBEDTLS_SSL_CLIENT_HELLO: if (add) { @@ -49,7 +49,7 @@ static int manage_resource(mbedtls_ssl_context *ssl, bool add) case MBEDTLS_SSL_SERVER_CERTIFICATE: if (add) { size_t buffer_len = 3; - mbedtls_ssl_key_cert *key_cert = ssl->conf->key_cert; + mbedtls_ssl_key_cert *key_cert = ssl->MBEDTLS_PRIVATE(conf)->MBEDTLS_PRIVATE(key_cert); while (key_cert && key_cert->cert) { size_t num; diff --git a/components/mbedtls/port/dynamic/esp_ssl_tls.c b/components/mbedtls/port/dynamic/esp_ssl_tls.c index e64bc2e8c2e..72cfc60f3af 100644 --- a/components/mbedtls/port/dynamic/esp_ssl_tls.c +++ b/components/mbedtls/port/dynamic/esp_ssl_tls.c @@ -3,7 +3,6 @@ * * SPDX-License-Identifier: Apache-2.0 */ - #include #include "esp_mbedtls_dynamic_impl.h" @@ -27,7 +26,7 @@ static const char *TAG = "SSL TLS"; static int tx_done(mbedtls_ssl_context *ssl) { - if (!ssl->out_left) + if (!ssl->MBEDTLS_PRIVATE(out_left)) return 1; return 0; @@ -35,12 +34,11 @@ static int tx_done(mbedtls_ssl_context *ssl) static int rx_done(mbedtls_ssl_context *ssl) { - if (!ssl->in_msglen) { + if (!ssl->MBEDTLS_PRIVATE(in_msglen)) { return 1; } - ESP_LOGD(TAG, "RX left %zu bytes", ssl->in_msglen); - + ESP_LOGD(TAG, "RX left %zu bytes", ssl->MBEDTLS_PRIVATE(in_msglen)); return 0; } @@ -49,15 +47,15 @@ static void ssl_update_checksum_start( mbedtls_ssl_context *ssl, { #if defined(MBEDTLS_SSL_PROTO_SSL3) || defined(MBEDTLS_SSL_PROTO_TLS1) || \ defined(MBEDTLS_SSL_PROTO_TLS1_1) - mbedtls_md5_update_ret( &ssl->handshake->fin_md5 , buf, len ); - mbedtls_sha1_update_ret( &ssl->handshake->fin_sha1, buf, len ); + mbedtls_md5_update( &ssl->handshake->fin_md5 , buf, len ); + mbedtls_sha1_update( &ssl->handshake->fin_sha1, buf, len ); #endif #if defined(MBEDTLS_SSL_PROTO_TLS1_2) #if defined(MBEDTLS_SHA256_C) - mbedtls_sha256_update_ret( &ssl->handshake->fin_sha256, buf, len ); + mbedtls_sha256_update( &ssl->handshake->fin_sha256, buf, len ); #endif #if defined(MBEDTLS_SHA512_C) - mbedtls_sha512_update_ret( &ssl->handshake->fin_sha512, buf, len ); + mbedtls_sha512_update( &ssl->handshake->fin_sha512, buf, len ); #endif #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ } @@ -70,17 +68,17 @@ static void ssl_handshake_params_init( mbedtls_ssl_handshake_params *handshake ) defined(MBEDTLS_SSL_PROTO_TLS1_1) mbedtls_md5_init( &handshake->fin_md5 ); mbedtls_sha1_init( &handshake->fin_sha1 ); - mbedtls_md5_starts_ret( &handshake->fin_md5 ); - mbedtls_sha1_starts_ret( &handshake->fin_sha1 ); + mbedtls_md5_starts( &handshake->fin_md5 ); + mbedtls_sha1_starts( &handshake->fin_sha1 ); #endif #if defined(MBEDTLS_SSL_PROTO_TLS1_2) #if defined(MBEDTLS_SHA256_C) mbedtls_sha256_init( &handshake->fin_sha256 ); - mbedtls_sha256_starts_ret( &handshake->fin_sha256, 0 ); + mbedtls_sha256_starts( &handshake->fin_sha256, 0 ); #endif #if defined(MBEDTLS_SHA512_C) mbedtls_sha512_init( &handshake->fin_sha512 ); - mbedtls_sha512_starts_ret( &handshake->fin_sha512, 1 ); + mbedtls_sha512_starts( &handshake->fin_sha512, 1 ); #endif #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ @@ -179,10 +177,12 @@ int __wrap_mbedtls_ssl_setup(mbedtls_ssl_context *ssl, const mbedtls_ssl_config ssl->conf = conf; CHECK_OK(ssl_handshake_init(ssl)); - ssl->out_buf = NULL; + mbedtls_free(ssl->MBEDTLS_PRIVATE(out_buf)); + ssl->MBEDTLS_PRIVATE(out_buf) = NULL; CHECK_OK(esp_mbedtls_setup_tx_buffer(ssl)); - ssl->in_buf = NULL; + mbedtls_free(ssl->MBEDTLS_PRIVATE(in_buf)); + ssl->MBEDTLS_PRIVATE(in_buf) = NULL; esp_mbedtls_setup_rx_buffer(ssl); return 0; @@ -229,14 +229,14 @@ int __wrap_mbedtls_ssl_read(mbedtls_ssl_context *ssl, unsigned char *buf, size_t void __wrap_mbedtls_ssl_free(mbedtls_ssl_context *ssl) { - if (ssl->out_buf) { - esp_mbedtls_free_buf(ssl->out_buf); - ssl->out_buf = NULL; + if (ssl->MBEDTLS_PRIVATE(out_buf)) { + esp_mbedtls_free_buf(ssl->MBEDTLS_PRIVATE(out_buf)); + ssl->MBEDTLS_PRIVATE(out_buf) = NULL; } - if (ssl->in_buf) { - esp_mbedtls_free_buf(ssl->in_buf); - ssl->in_buf = NULL; + if (ssl->MBEDTLS_PRIVATE(in_buf)) { + esp_mbedtls_free_buf(ssl->MBEDTLS_PRIVATE(in_buf)); + ssl->MBEDTLS_PRIVATE(in_buf) = NULL; } __real_mbedtls_ssl_free(ssl); diff --git a/components/mbedtls/port/esp32/bignum.c b/components/mbedtls/port/esp32/bignum.c index 62467298582..87f38552d88 100644 --- a/components/mbedtls/port/esp32/bignum.c +++ b/components/mbedtls/port/esp32/bignum.c @@ -1,26 +1,13 @@ -/** - * \brief Multi-precision integer library, ESP-IDF hardware accelerated parts +/* + * Multi-precision integer library + * ESP32 hardware accelerated parts based on mbedTLS implementation * - * based on mbedTLS implementation + * SPDX-FileCopyrightText: The Mbed TLS Contributors * - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved - * Additions Copyright (C) 2016-2020, Espressif Systems (Shanghai) PTE Ltd - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 * + * SPDX-FileContributor: 2016-2021 Espressif Systems (Shanghai) CO LTD */ - #include "soc/hwcrypto_periph.h" #include "soc/dport_reg.h" #include "esp_private/periph_ctrl.h" @@ -83,11 +70,11 @@ void esp_mpi_interrupt_clear( void ) static inline void mpi_to_mem_block(uint32_t mem_base, const mbedtls_mpi *mpi, size_t hw_words) { uint32_t *pbase = (uint32_t *)mem_base; - uint32_t copy_words = MIN(hw_words, mpi->n); + uint32_t copy_words = MIN(hw_words, mpi->MBEDTLS_PRIVATE(n)); /* Copy MPI data to memory block registers */ for (uint32_t i = 0; i < copy_words; i++) { - pbase[i] = mpi->p[i]; + pbase[i] = mpi->MBEDTLS_PRIVATE(p[i]); } /* Zero any remaining memory block data */ @@ -105,15 +92,15 @@ static inline void mpi_to_mem_block(uint32_t mem_base, const mbedtls_mpi *mpi, s */ static inline void mem_block_to_mpi(mbedtls_mpi *x, uint32_t mem_base, size_t num_words) { - assert(x->n >= num_words); + assert(x->MBEDTLS_PRIVATE(n) >= num_words); /* Copy data from memory block registers */ - esp_dport_access_read_buffer(x->p, mem_base, num_words); + esp_dport_access_read_buffer(x->MBEDTLS_PRIVATE(p), mem_base, num_words); /* Zero any remaining limbs in the bignum, if the buffer is bigger than num_words */ - for (size_t i = num_words; i < x->n; i++) { - x->p[i] = 0; + for (size_t i = num_words; i < x->MBEDTLS_PRIVATE(n); i++) { + x->MBEDTLS_PRIVATE(p[i]) = 0; } } @@ -215,7 +202,7 @@ int esp_mont_hw_op(mbedtls_mpi *Z, const mbedtls_mpi *X, const mbedtls_mpi *Y, c mpi_to_mem_block(RSA_MEM_RB_BLOCK_BASE, Y, hw_words); start_op(RSA_MULT_START_REG); - Z->s = 1; // The sign of Z will be = M->s (but M->s is always 1) + Z->MBEDTLS_PRIVATE(s) = 1; // The sign of Z will be = M->s (but M->s is always 1) MBEDTLS_MPI_CHK( mbedtls_mpi_grow(Z, hw_words) ); wait_op_complete(); diff --git a/components/mbedtls/port/esp32c3/bignum.c b/components/mbedtls/port/esp32c3/bignum.c index a5d13077e23..4ff05e624af 100644 --- a/components/mbedtls/port/esp32c3/bignum.c +++ b/components/mbedtls/port/esp32c3/bignum.c @@ -1,24 +1,12 @@ -/** - * \brief Multi-precision integer library, ESP32 C3 hardware accelerated parts - * - * based on mbedTLS implementation - * - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved - * Additions Copyright (C) 2016-2020, Espressif Systems (Shanghai) PTE Ltd - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at +/* + * Multi-precision integer library + * ESP32 C3 hardware accelerated parts based on mbedTLS implementation * - * http://www.apache.org/licenses/LICENSE-2.0 + * SPDX-FileCopyrightText: The Mbed TLS Contributors * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 * + * SPDX-FileContributor: 2016-2021 Espressif Systems (Shanghai) CO LTD */ #include #include @@ -80,11 +68,11 @@ void esp_mpi_interrupt_clear( void ) static inline void mpi_to_mem_block(uint32_t mem_base, const mbedtls_mpi *mpi, size_t num_words) { uint32_t *pbase = (uint32_t *)mem_base; - uint32_t copy_words = MIN(num_words, mpi->n); + uint32_t copy_words = MIN(num_words, mpi->MBEDTLS_PRIVATE(n)); /* Copy MPI data to memory block registers */ for (int i = 0; i < copy_words; i++) { - pbase[i] = mpi->p[i]; + pbase[i] = mpi->MBEDTLS_PRIVATE(p)[i]; } /* Zero any remaining memory block data */ @@ -103,12 +91,12 @@ static inline void mem_block_to_mpi(mbedtls_mpi *x, uint32_t mem_base, int num_w /* Copy data from memory block registers */ const size_t REG_WIDTH = sizeof(uint32_t); for (size_t i = 0; i < num_words; i++) { - x->p[i] = REG_READ(mem_base + (i * REG_WIDTH)); + x->MBEDTLS_PRIVATE(p)[i] = REG_READ(mem_base + (i * REG_WIDTH)); } /* Zero any remaining limbs in the bignum, if the buffer is bigger than num_words */ - for (size_t i = num_words; i < x->n; i++) { - x->p[i] = 0; + for (size_t i = num_words; i < x->MBEDTLS_PRIVATE(n); i++) { + x->MBEDTLS_PRIVATE(p)[i] = 0; } } diff --git a/components/mbedtls/port/esp32h2/bignum.c b/components/mbedtls/port/esp32h2/bignum.c index a2c56b68c58..6fcecfbecea 100644 --- a/components/mbedtls/port/esp32h2/bignum.c +++ b/components/mbedtls/port/esp32h2/bignum.c @@ -1,24 +1,12 @@ -/** - * \brief Multi-precision integer library, ESP32 H2 hardware accelerated parts - * - * based on mbedTLS implementation - * - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved - * Additions Copyright (C) 2016-2020, Espressif Systems (Shanghai) PTE Ltd - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at +/* + * Multi-precision integer library + * ESP32 H2 hardware accelerated parts based on mbedTLS implementation * - * http://www.apache.org/licenses/LICENSE-2.0 + * SPDX-FileCopyrightText: The Mbed TLS Contributors * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 * + * SPDX-FileContributor: 2016-2021 Espressif Systems (Shanghai) CO LTD */ #include #include @@ -80,11 +68,11 @@ void esp_mpi_interrupt_clear( void ) static inline void mpi_to_mem_block(uint32_t mem_base, const mbedtls_mpi *mpi, size_t num_words) { uint32_t *pbase = (uint32_t *)mem_base; - uint32_t copy_words = MIN(num_words, mpi->n); + uint32_t copy_words = MIN(num_words, mpi->MBEDTLS_PRIVATE(n)); /* Copy MPI data to memory block registers */ for (int i = 0; i < copy_words; i++) { - pbase[i] = mpi->p[i]; + pbase[i] = mpi->MBEDTLS_PRIVATE(p)[i]; } /* Zero any remaining memory block data */ @@ -103,12 +91,12 @@ static inline void mem_block_to_mpi(mbedtls_mpi *x, uint32_t mem_base, int num_w /* Copy data from memory block registers */ const size_t REG_WIDTH = sizeof(uint32_t); for (size_t i = 0; i < num_words; i++) { - x->p[i] = REG_READ(mem_base + (i * REG_WIDTH)); + x->MBEDTLS_PRIVATE(p)[i] = REG_READ(mem_base + (i * REG_WIDTH)); } /* Zero any remaining limbs in the bignum, if the buffer is bigger than num_words */ - for (size_t i = num_words; i < x->n; i++) { - x->p[i] = 0; + for (size_t i = num_words; i < x->MBEDTLS_PRIVATE(n); i++) { + x->MBEDTLS_PRIVATE(p)[i] = 0; } } diff --git a/components/mbedtls/port/esp32s2/bignum.c b/components/mbedtls/port/esp32s2/bignum.c index 419afa4e883..2d09f654587 100644 --- a/components/mbedtls/port/esp32s2/bignum.c +++ b/components/mbedtls/port/esp32s2/bignum.c @@ -1,24 +1,12 @@ -/** - * \brief Multi-precision integer library, ESP32 S2 hardware accelerated parts - * - * based on mbedTLS implementation - * - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved - * Additions Copyright (C) 2016-2020, Espressif Systems (Shanghai) PTE Ltd - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at +/* + * Multi-precision integer library + * ESP32 S2 hardware accelerated parts based on mbedTLS implementation * - * http://www.apache.org/licenses/LICENSE-2.0 + * SPDX-FileCopyrightText: The Mbed TLS Contributors * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 * + * SPDX-FileContributor: 2016-2021 Espressif Systems (Shanghai) CO LTD */ #include "soc/hwcrypto_periph.h" #include "esp_private/periph_ctrl.h" @@ -78,11 +66,11 @@ void esp_mpi_interrupt_clear( void ) static inline void mpi_to_mem_block(uint32_t mem_base, const mbedtls_mpi *mpi, size_t num_words) { uint32_t *pbase = (uint32_t *)mem_base; - uint32_t copy_words = MIN(num_words, mpi->n); + uint32_t copy_words = MIN(num_words, mpi->MBEDTLS_PRIVATE(n)); /* Copy MPI data to memory block registers */ for (uint32_t i = 0; i < copy_words; i++) { - pbase[i] = mpi->p[i]; + pbase[i] = mpi->MBEDTLS_PRIVATE(p)[i]; } /* Zero any remaining memory block data */ @@ -99,11 +87,11 @@ static inline void mem_block_to_mpi(mbedtls_mpi *x, uint32_t mem_base, int num_w { /* Copy data from memory block registers */ - esp_dport_access_read_buffer(x->p, mem_base, num_words); + esp_dport_access_read_buffer(x->MBEDTLS_PRIVATE(p), mem_base, num_words); /* Zero any remaining limbs in the bignum, if the buffer is bigger than num_words */ - for (size_t i = num_words; i < x->n; i++) { - x->p[i] = 0; + for (size_t i = num_words; i < x->MBEDTLS_PRIVATE(n); i++) { + x->MBEDTLS_PRIVATE(p)[i] = 0; } } diff --git a/components/mbedtls/port/esp32s3/bignum.c b/components/mbedtls/port/esp32s3/bignum.c index 25bf552ac06..dc3e0ee2349 100644 --- a/components/mbedtls/port/esp32s3/bignum.c +++ b/components/mbedtls/port/esp32s3/bignum.c @@ -1,24 +1,12 @@ -/** - * \brief Multi-precision integer library, ESP32 S3 hardware accelerated parts - * - * based on mbedTLS implementation - * - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved - * Additions Copyright (C) 2016-2020, Espressif Systems (Shanghai) PTE Ltd - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at +/* + * Multi-precision integer library + * ESP32 S3 hardware accelerated parts based on mbedTLS implementation * - * http://www.apache.org/licenses/LICENSE-2.0 + * SPDX-FileCopyrightText: The Mbed TLS Contributors * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 * + * SPDX-FileContributor: 2016-2021 Espressif Systems (Shanghai) CO LTD */ #include "soc/hwcrypto_periph.h" #include "esp_private/periph_ctrl.h" @@ -75,11 +63,11 @@ void esp_mpi_interrupt_clear( void ) static inline void mpi_to_mem_block(uint32_t mem_base, const mbedtls_mpi *mpi, size_t num_words) { uint32_t *pbase = (uint32_t *)mem_base; - uint32_t copy_words = MIN(num_words, mpi->n); + uint32_t copy_words = MIN(num_words, mpi->MBEDTLS_PRIVATE(n)); /* Copy MPI data to memory block registers */ for (uint32_t i = 0; i < copy_words; i++) { - pbase[i] = mpi->p[i]; + pbase[i] = mpi->MBEDTLS_PRIVATE(p)[i]; } /* Zero any remaining memory block data */ @@ -96,11 +84,11 @@ static inline void mem_block_to_mpi(mbedtls_mpi *x, uint32_t mem_base, int num_w { /* Copy data from memory block registers */ - esp_dport_access_read_buffer(x->p, mem_base, num_words); + esp_dport_access_read_buffer(x->MBEDTLS_PRIVATE(p), mem_base, num_words); /* Zero any remaining limbs in the bignum, if the buffer is bigger than num_words */ - for (size_t i = num_words; i < x->n; i++) { - x->p[i] = 0; + for (size_t i = num_words; i < x->MBEDTLS_PRIVATE(n); i++) { + x->MBEDTLS_PRIVATE(p)[i] = 0; } } diff --git a/components/mbedtls/port/esp_bignum.c b/components/mbedtls/port/esp_bignum.c index 8a3db2eb3ad..ef901d66613 100644 --- a/components/mbedtls/port/esp_bignum.c +++ b/components/mbedtls/port/esp_bignum.c @@ -1,24 +1,12 @@ -/** - * \brief Multi-precision integer library, ESP32 hardware accelerated parts - * - * based on mbedTLS implementation - * - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved - * Additions Copyright (C) 2016, Espressif Systems (Shanghai) PTE Ltd - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at +/* + * Multi-precision integer library + * ESP-IDF hardware accelerated parts based on mbedTLS implementation * - * http://www.apache.org/licenses/LICENSE-2.0 + * SPDX-FileCopyrightText: The Mbed TLS Contributors * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 * + * SPDX-FileContributor: 2016-2021 Espressif Systems (Shanghai) CO LTD */ #include #include @@ -150,8 +138,8 @@ static inline size_t bits_to_words(size_t bits) #if defined(MBEDTLS_MPI_EXP_MOD_ALT) || defined(MBEDTLS_MPI_EXP_MOD_ALT_FALLBACK) static size_t mpi_words(const mbedtls_mpi *mpi) { - for (size_t i = mpi->n; i > 0; i--) { - if (mpi->p[i - 1] != 0) { + for (size_t i = mpi->MBEDTLS_PRIVATE(n); i > 0; i--) { + if (mpi->MBEDTLS_PRIVATE(p[i - 1]) != 0) { return i; } } @@ -174,7 +162,7 @@ static mbedtls_mpi_uint modular_inverse(const mbedtls_mpi *M) uint64_t t = 1; uint64_t two_2_i_minus_1 = 2; /* 2^(i-1) */ uint64_t two_2_i = 4; /* 2^i */ - uint64_t N = M->p[0]; + uint64_t N = M->MBEDTLS_PRIVATE(p[0]); for (i = 2; i <= 32; i++) { if ((mbedtls_mpi_uint) N * t % two_2_i >= two_2_i_minus_1) { @@ -252,7 +240,7 @@ int esp_mpi_mul_mpi_mod(mbedtls_mpi *Z, const mbedtls_mpi *X, const mbedtls_mpi MBEDTLS_MPI_CHK(mbedtls_mpi_grow(Z, z_words)); esp_mpi_read_result_hw_op(Z, z_words); - Z->s = X->s * Y->s; + Z->MBEDTLS_PRIVATE(s) = X->MBEDTLS_PRIVATE(s) * Y->MBEDTLS_PRIVATE(s); cleanup: mbedtls_mpi_free(&Rinv); @@ -270,11 +258,11 @@ int esp_mpi_mul_mpi_mod(mbedtls_mpi *Z, const mbedtls_mpi *X, const mbedtls_mpi static size_t mbedtls_mpi_msb( const mbedtls_mpi *X ) { int i, j; - if (X != NULL && X->n != 0) { - for (i = X->n - 1; i >= 0; i--) { - if (X->p[i] != 0) { + if (X != NULL && X->MBEDTLS_PRIVATE(n) != 0) { + for (i = X->MBEDTLS_PRIVATE(n) - 1; i >= 0; i--) { + if (X->MBEDTLS_PRIVATE(p[i]) != 0) { for (j = biL - 1; j >= 0; j--) { - if ((X->p[i] & (1 << j)) != 0) { + if ((X->MBEDTLS_PRIVATE(p[i]) & (1 << j)) != 0) { return (i * biL) + j; } } @@ -374,7 +362,7 @@ static int esp_mpi_exp_mod( mbedtls_mpi *Z, const mbedtls_mpi *X, const mbedtls_ return MBEDTLS_ERR_MPI_NOT_ACCEPTABLE; } - if (mbedtls_mpi_cmp_int(M, 0) <= 0 || (M->p[0] & 1) == 0) { + if (mbedtls_mpi_cmp_int(M, 0) <= 0 || (M->MBEDTLS_PRIVATE(p[0]) & 1) == 0) { return MBEDTLS_ERR_MPI_BAD_INPUT_DATA; } @@ -394,7 +382,7 @@ static int esp_mpi_exp_mod( mbedtls_mpi *Z, const mbedtls_mpi *X, const mbedtls_ } else { Rinv = _Rinv; } - if (Rinv->p == NULL) { + if (Rinv->MBEDTLS_PRIVATE(p) == NULL) { MBEDTLS_MPI_CHK(calculate_rinv(Rinv, M, num_words)); } @@ -435,11 +423,11 @@ static int esp_mpi_exp_mod( mbedtls_mpi *Z, const mbedtls_mpi *X, const mbedtls_ #endif // Compensate for negative X - if (X->s == -1 && (Y->p[0] & 1) != 0) { - Z->s = -1; + if (X->MBEDTLS_PRIVATE(s) == -1 && (Y->MBEDTLS_PRIVATE(p[0]) & 1) != 0) { + Z->MBEDTLS_PRIVATE(s) = -1; MBEDTLS_MPI_CHK(mbedtls_mpi_add_mpi(Z, M, Z)); } else { - Z->s = 1; + Z->MBEDTLS_PRIVATE(s) = 1; } cleanup: @@ -504,12 +492,12 @@ int mbedtls_mpi_mul_mpi( mbedtls_mpi *Z, const mbedtls_mpi *X, const mbedtls_mpi } if (x_bits == 1) { ret = mbedtls_mpi_copy(Z, Y); - Z->s *= X->s; + Z->MBEDTLS_PRIVATE(s) *= X->MBEDTLS_PRIVATE(s); return ret; } if (y_bits == 1) { ret = mbedtls_mpi_copy(Z, X); - Z->s *= Y->s; + Z->MBEDTLS_PRIVATE(s) *= Y->MBEDTLS_PRIVATE(s); return ret; } @@ -548,7 +536,7 @@ int mbedtls_mpi_mul_mpi( mbedtls_mpi *Z, const mbedtls_mpi *X, const mbedtls_mpi esp_mpi_disable_hardware_hw_op(); - Z->s = X->s * Y->s; + Z->MBEDTLS_PRIVATE(s) = X->MBEDTLS_PRIVATE(s) * Y->MBEDTLS_PRIVATE(s); cleanup: return ret; @@ -559,9 +547,9 @@ int mbedtls_mpi_mul_int( mbedtls_mpi *X, const mbedtls_mpi *A, mbedtls_mpi_uint mbedtls_mpi _B; mbedtls_mpi_uint p[1]; - _B.s = 1; - _B.n = 1; - _B.p = p; + _B.MBEDTLS_PRIVATE(s) = 1; + _B.MBEDTLS_PRIVATE(n) = 1; + _B.MBEDTLS_PRIVATE(p) = p; p[0] = b; return( mbedtls_mpi_mul_mpi( X, A, &_B ) ); @@ -592,15 +580,15 @@ static int mpi_mult_mpi_overlong(mbedtls_mpi *Z, const mbedtls_mpi *X, const mbe const size_t words_slice = y_words / 2; /* Yp holds lower bits of Y (declared to reuse Y's array contents to save on copying) */ const mbedtls_mpi Yp = { - .p = Y->p, - .n = words_slice, - .s = Y->s + .MBEDTLS_PRIVATE(p) = Y->MBEDTLS_PRIVATE(p), + .MBEDTLS_PRIVATE(n) = words_slice, + .MBEDTLS_PRIVATE(s) = Y->MBEDTLS_PRIVATE(s) }; /* Ypp holds upper bits of Y, right shifted (also reuses Y's array contents) */ const mbedtls_mpi Ypp = { - .p = Y->p + words_slice, - .n = y_words - words_slice, - .s = Y->s + .MBEDTLS_PRIVATE(p) = Y->MBEDTLS_PRIVATE(p) + words_slice, + .MBEDTLS_PRIVATE(n) = y_words - words_slice, + .MBEDTLS_PRIVATE(s) = Y->MBEDTLS_PRIVATE(s) }; mbedtls_mpi_init(&Ztemp); @@ -651,7 +639,7 @@ static int mpi_mult_mpi_failover_mod_mult( mbedtls_mpi *Z, const mbedtls_mpi *X, MBEDTLS_MPI_CHK( mbedtls_mpi_grow(Z, hw_words) ); esp_mpi_read_result_hw_op(Z, hw_words); - Z->s = X->s * Y->s; + Z->MBEDTLS_PRIVATE(s) = X->MBEDTLS_PRIVATE(s) * Y->MBEDTLS_PRIVATE(s); cleanup: esp_mpi_disable_hardware_hw_op(); return ret; diff --git a/components/mbedtls/port/esp_ds/esp_rsa_sign_alt.c b/components/mbedtls/port/esp_ds/esp_rsa_sign_alt.c index 7368ac4facd..0bf520fe7c7 100644 --- a/components/mbedtls/port/esp_ds/esp_rsa_sign_alt.c +++ b/components/mbedtls/port/esp_ds/esp_rsa_sign_alt.c @@ -25,16 +25,11 @@ #include "esp_heap_caps.h" #include "freertos/FreeRTOS.h" #include "freertos/semphr.h" -#if !defined(MBEDTLS_CONFIG_FILE) -#include "mbedtls/config.h" -#else -#include MBEDTLS_CONFIG_FILE -#endif +#include static const char *TAG = "ESP_RSA_SIGN_ALT"; #define SWAP_INT32(x) (((x) >> 24) | (((x) & 0x00FF0000) >> 8) | (((x) & 0x0000FF00) << 8) | ((x) << 24)) #include "mbedtls/rsa.h" -#include "mbedtls/rsa_internal.h" #include "mbedtls/oid.h" #include "mbedtls/platform_util.h" #include @@ -209,7 +204,7 @@ static int rsa_rsassa_pkcs1_v15_encode( mbedtls_md_type_t md_alg, int esp_ds_rsa_sign( void *ctx, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng, - int mode, mbedtls_md_type_t md_alg, unsigned int hashlen, + mbedtls_md_type_t md_alg, unsigned int hashlen, const unsigned char *hash, unsigned char *sig ) { esp_ds_context_t *esp_ds_ctx; diff --git a/components/mbedtls/port/esp_hardware.c b/components/mbedtls/port/esp_hardware.c index 6d5c0d5ebf9..3244c06644d 100644 --- a/components/mbedtls/port/esp_hardware.c +++ b/components/mbedtls/port/esp_hardware.c @@ -1,15 +1,16 @@ -#if !defined(MBEDTLS_CONFIG_FILE) -#include "mbedtls/config.h" -#else -#include MBEDTLS_CONFIG_FILE -#endif +/* + * SPDX-FileCopyrightText: 2021-2022 Espressif Systems (Shanghai) CO LTD + * + * SPDX-License-Identifier: Apache-2.0 + */ +#include #include #include #include #include -#include "mbedtls/entropy_poll.h" +#include #ifndef MBEDTLS_ENTROPY_HARDWARE_ALT #error "MBEDTLS_ENTROPY_HARDWARE_ALT should always be set in ESP-IDF" diff --git a/components/mbedtls/port/esp_mem.c b/components/mbedtls/port/esp_mem.c index 3ba915ebbf4..c4ea9ae6c64 100644 --- a/components/mbedtls/port/esp_mem.c +++ b/components/mbedtls/port/esp_mem.c @@ -1,16 +1,8 @@ -// Copyright 2018 Espressif Systems (Shanghai) PTE LTD -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. +/* + * SPDX-FileCopyrightText: 2018-2021 Espressif Systems (Shanghai) CO LTD + * + * SPDX-License-Identifier: Apache-2.0 + */ #include #include diff --git a/components/mbedtls/port/esp_timing.c b/components/mbedtls/port/esp_timing.c index 93a34f5fa8d..c92a570d09e 100644 --- a/components/mbedtls/port/esp_timing.c +++ b/components/mbedtls/port/esp_timing.c @@ -1,24 +1,12 @@ /* - * Portable interface to the CPU cycle counter + * Portable interface to the CPU cycle counter * - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved - * SPDX-License-Identifier: Apache-2.0 + * SPDX-FileCopyrightText: The Mbed TLS Contributors * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at + * SPDX-License-Identifier: Apache-2.0 * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - * This file is part of mbed TLS (https://tls.mbed.org) + * SPDX-FileContributor: 2016-2021 Espressif Systems (Shanghai) CO LTD */ - /* * mbedtls_timing_get_timer()m mbedtls_timing_set_delay() and * mbedtls_timing_set_delay only abstracted from mbedtls/library/timing.c @@ -27,11 +15,7 @@ * which requires these 2 delay functions). */ -#if !defined(MBEDTLS_CONFIG_FILE) -#include "mbedtls/config.h" -#else -#include MBEDTLS_CONFIG_FILE -#endif +#include #if !defined(MBEDTLS_ESP_TIMING_C) @@ -70,11 +54,11 @@ void mbedtls_timing_set_delay( void *data, uint32_t int_ms, uint32_t fin_ms ) { mbedtls_timing_delay_context *ctx = (mbedtls_timing_delay_context *) data; - ctx->int_ms = int_ms; - ctx->fin_ms = fin_ms; + ctx->MBEDTLS_PRIVATE(int_ms) = int_ms; + ctx->MBEDTLS_PRIVATE(fin_ms) = fin_ms; if( fin_ms != 0 ) - (void) mbedtls_timing_get_timer( &ctx->timer, 1 ); + (void) mbedtls_timing_get_timer( &ctx->MBEDTLS_PRIVATE(timer), 1 ); } /* @@ -85,15 +69,15 @@ int mbedtls_timing_get_delay( void *data ) mbedtls_timing_delay_context *ctx = (mbedtls_timing_delay_context *) data; unsigned long elapsed_ms; - if( ctx->fin_ms == 0 ) + if( ctx->MBEDTLS_PRIVATE(fin_ms) == 0 ) return( -1 ); - elapsed_ms = mbedtls_timing_get_timer( &ctx->timer, 0 ); + elapsed_ms = mbedtls_timing_get_timer( &ctx->MBEDTLS_PRIVATE(timer), 0 ); - if( elapsed_ms >= ctx->fin_ms ) + if( elapsed_ms >= ctx->MBEDTLS_PRIVATE(fin_ms) ) return( 2 ); - if( elapsed_ms >= ctx->int_ms ) + if( elapsed_ms >= ctx->MBEDTLS_PRIVATE(int_ms) ) return( 1 ); return( 0 ); diff --git a/components/mbedtls/port/include/aes/esp_aes_gcm.h b/components/mbedtls/port/include/aes/esp_aes_gcm.h index 92c81205f8e..b5a3af7be8d 100644 --- a/components/mbedtls/port/include/aes/esp_aes_gcm.h +++ b/components/mbedtls/port/include/aes/esp_aes_gcm.h @@ -1,26 +1,13 @@ -/** - * \brief AES GCM block cipher, ESP hardware accelerated version +/* + * GCM block cipher, ESP DMA hardware accelerated version * Based on mbedTLS FIPS-197 compliant version. * - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved - * Additions Copyright (C) 2019-2020, Espressif Systems (Shanghai) PTE Ltd - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-FileCopyrightText: The Mbed TLS Contributors * + * SPDX-License-Identifier: Apache-2.0 * + * SPDX-FileContributor: 2016-2021 Espressif Systems (Shanghai) CO LTD */ - #pragma once #include "aes/esp_aes.h" @@ -93,50 +80,99 @@ int esp_aes_gcm_setkey( esp_gcm_context *ctx, * \brief This function starts a GCM encryption or decryption * operation. * - * \param ctx The GCM context. + * \param ctx The GCM context. This must be initialized. * \param mode The operation to perform: #MBEDTLS_GCM_ENCRYPT or * #MBEDTLS_GCM_DECRYPT. - * \param iv The initialization vector. + * \param iv The initialization vector. This must be a readable buffer of + * at least \p iv_len Bytes. * \param iv_len The length of the IV. - * \param add The buffer holding the additional data, or NULL - * if \p aad_len is 0. - * \param aad_len The length of the additional data. If 0, - * \p add is NULL. * * \return \c 0 on success. */ int esp_aes_gcm_starts( esp_gcm_context *ctx, int mode, const unsigned char *iv, - size_t iv_len, - const unsigned char *aad, - size_t aad_len ); + size_t iv_len ); + +/** + * \brief This function feeds an input buffer as associated data + * (authenticated but not encrypted data) in a GCM + * encryption or decryption operation. + * + * Call this function after mbedtls_gcm_starts() to pass + * the associated data. If the associated data is empty, + * you do not need to call this function. You may not + * call this function after calling mbedtls_cipher_update(). + * + * \param ctx The GCM context. This must have been started with + * mbedtls_gcm_starts() and must not have yet received + * any input with mbedtls_gcm_update(). + * \param aad The buffer holding the additional data, or \c NULL + * if \p aad_len is \c 0. + * \param aad_len The length of the additional data. If \c 0, + * \p add may be \c NULL. + * + * \return \c 0 on success. + */ +int esp_aes_gcm_update_ad( esp_gcm_context *ctx, + const unsigned char *aad, + size_t aad_len ); /** * \brief This function feeds an input buffer into an ongoing GCM * encryption or decryption operation. * - * ` The function expects input to be a multiple of 16 - * Bytes. Only the last call before calling - * mbedtls_gcm_finish() can be less than 16 Bytes. + * You may call this function zero, one or more times + * to pass successive parts of the input: the plaintext to + * encrypt, or the ciphertext (not including the tag) to + * decrypt. After the last part of the input, call + * mbedtls_gcm_finish(). + * + * This function may produce output in one of the following + * ways: + * - Immediate output: the output length is always equal + * to the input length. + * - Buffered output: the output consists of a whole number + * of 16-byte blocks. If the total input length so far + * (not including associated data) is 16 \* *B* + *A* + * with *A* < 16 then the total output length is 16 \* *B*. + * + * In particular: + * - It is always correct to call this function with + * \p output_size >= \p input_length + 15. + * - If \p input_length is a multiple of 16 for all the calls + * to this function during an operation, then it is + * correct to use \p output_size = \p input_length. * * \note For decryption, the output buffer cannot be the same as * input buffer. If the buffers overlap, the output buffer * must trail at least 8 Bytes behind the input buffer. * - * \param ctx The GCM context. - * \param length The length of the input data. This must be a multiple of - * 16 except in the last call before mbedtls_gcm_finish(). - * \param input The buffer holding the input data. - * \param output The buffer for holding the output data. + * \param ctx The GCM context. This must be initialized. + * \param input The buffer holding the input data. If \p input_length + * is greater than zero, this must be a readable buffer + * of at least \p input_length bytes. + * \param input_length The length of the input data in bytes. + * \param output The buffer for the output data. If \p output_size + * is greater than zero, this must be a writable buffer of + * of at least \p output_size bytes. + * \param output_size The size of the output buffer in bytes. + * See the function description regarding the output size. + * \param output_length On success, \p *output_length contains the actual + * length of the output written in \p output. + * On failure, the content of \p *output_length is + * unspecified. * * \return \c 0 on success. - * \return #MBEDTLS_ERR_GCM_BAD_INPUT on failure. + * \return #MBEDTLS_ERR_GCM_BAD_INPUT on failure: + * total input length too long, + * unsupported input/output buffer overlap detected, + * or \p output_size too small. */ int esp_aes_gcm_update( esp_gcm_context *ctx, - size_t length, - const unsigned char *input, - unsigned char *output ); + const unsigned char *input, size_t input_length, + unsigned char *output, size_t output_size, + size_t *output_length ); /** * \brief This function finishes the GCM operation and generates @@ -145,16 +181,36 @@ int esp_aes_gcm_update( esp_gcm_context *ctx, * It wraps up the GCM stream, and generates the * tag. The tag can have a maximum length of 16 Bytes. * - * \param ctx The GCM context. - * \param tag The buffer for holding the tag. - * \param tag_len The length of the tag to generate. Must be at least four. + * \param ctx The GCM context. This must be initialized. + * \param tag The buffer for holding the tag. This must be a writable + * buffer of at least \p tag_len Bytes. + * \param tag_len The length of the tag to generate. This must be at least + * four. + * \param output The buffer for the final output. + * If \p output_size is nonzero, this must be a writable + * buffer of at least \p output_size bytes. + * \param output_size The size of the \p output buffer in bytes. + * This must be large enough for the output that + * mbedtls_gcm_update() has not produced. In particular: + * - If mbedtls_gcm_update() produces immediate output, + * or if the total input size is a multiple of \c 16, + * then mbedtls_gcm_finish() never produces any output, + * so \p output_size can be \c 0. + * - \p output_size never needs to be more than \c 15. + * \param output_length On success, \p *output_length contains the actual + * length of the output written in \p output. + * On failure, the content of \p *output_length is + * unspecified. * * \return \c 0 on success. - * \return #MBEDTLS_ERR_GCM_BAD_INPUT on failure. + * \return #MBEDTLS_ERR_GCM_BAD_INPUT on failure: + * invalid value of \p tag_len, + * or \p output_size too small. */ int esp_aes_gcm_finish( esp_gcm_context *ctx, - unsigned char *tag, - size_t tag_len ); + unsigned char *output, size_t output_size, + size_t *output_length, + unsigned char *tag, size_t tag_len ); /** * \brief This function clears a GCM context @@ -178,7 +234,7 @@ void esp_aes_gcm_free( esp_gcm_context *ctx); * 16 except in the last call before mbedtls_gcm_finish(). * \param iv The initialization vector. * \param iv_len The length of the IV. - * \param add The buffer holding the additional data. + * \param aad The buffer holding the additional data. * \param aad_len The length of the additional data. * \param input The buffer holding the input data. * \param output The buffer for holding the output data. @@ -192,7 +248,7 @@ int esp_aes_gcm_crypt_and_tag( esp_gcm_context *ctx, size_t length, const unsigned char *iv, size_t iv_len, - const unsigned char *add, + const unsigned char *aad, size_t aad_len, const unsigned char *input, unsigned char *output, @@ -213,7 +269,7 @@ int esp_aes_gcm_crypt_and_tag( esp_gcm_context *ctx, * of 16 except in the last call before mbedtls_gcm_finish(). * \param iv The initialization vector. * \param iv_len The length of the IV. - * \param add The buffer holding the additional data. + * \param aad The buffer holding the additional data. * \param aad_len The length of the additional data. * \param tag The buffer holding the tag. * \param tag_len The length of the tag. @@ -227,7 +283,7 @@ int esp_aes_gcm_auth_decrypt( esp_gcm_context *ctx, size_t length, const unsigned char *iv, size_t iv_len, - const unsigned char *add, + const unsigned char *aad, size_t aad_len, const unsigned char *tag, size_t tag_len, diff --git a/components/mbedtls/port/include/entropy_poll.h b/components/mbedtls/port/include/entropy_poll.h new file mode 100644 index 00000000000..4bae4d1db3e --- /dev/null +++ b/components/mbedtls/port/include/entropy_poll.h @@ -0,0 +1,28 @@ +/** + * Mbedtls entropy_poll.h file + * SPDX-FileCopyrightText: 2022 Espressif Systems (Shanghai) CO LTD + * + * SPDX-License-Identifier: Apache-2.0 + */ +#ifndef MBEDTLS_ENTROPY_POLL_H +#define MBEDTLS_ENTROPY_POLL_H +#include "mbedtls/build_info.h" +#include +#ifdef __cplusplus +extern "C" { +#endif + +/** + * \brief Entropy poll callback for a hardware source + * + * + * \note This must accept NULL as its first argument. + */ +int mbedtls_hardware_poll( void *data, + unsigned char *output, size_t len, size_t *olen ); + +#ifdef __cplusplus +} +#endif + +#endif /* entropy_poll.h */ diff --git a/components/mbedtls/port/include/esp_crypto_shared_gdma.h b/components/mbedtls/port/include/esp_crypto_shared_gdma.h index 46aa0383b14..4e69a5f8eab 100644 --- a/components/mbedtls/port/include/esp_crypto_shared_gdma.h +++ b/components/mbedtls/port/include/esp_crypto_shared_gdma.h @@ -1,16 +1,8 @@ -// Copyright 2021 Espressif Systems (Shanghai) PTE LTD -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. +/* + * SPDX-FileCopyrightText: 2021-2022 Espressif Systems (Shanghai) CO LTD + * + * SPDX-License-Identifier: Apache-2.0 + */ #pragma once diff --git a/components/mbedtls/port/include/esp_ds/esp_rsa_sign_alt.h b/components/mbedtls/port/include/esp_ds/esp_rsa_sign_alt.h index 51fc22e2fa8..7c00ced5482 100644 --- a/components/mbedtls/port/include/esp_ds/esp_rsa_sign_alt.h +++ b/components/mbedtls/port/include/esp_ds/esp_rsa_sign_alt.h @@ -1,16 +1,8 @@ -// Copyright 2020 Espressif Systems (Shanghai) PTE LTD -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at - -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. +/* + * SPDX-FileCopyrightText: 2022 Espressif Systems (Shanghai) CO LTD + * + * SPDX-License-Identifier: Apache-2.0 + */ #pragma once @@ -65,7 +57,7 @@ void esp_ds_release_ds_lock(void); */ int esp_ds_rsa_sign( void *ctx, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng, - int mode, mbedtls_md_type_t md_alg, unsigned int hashlen, + mbedtls_md_type_t md_alg, unsigned int hashlen, const unsigned char *hash, unsigned char *sig ); /* diff --git a/components/mbedtls/port/include/esp_mem.h b/components/mbedtls/port/include/esp_mem.h index da740830478..c88b13287f6 100644 --- a/components/mbedtls/port/include/esp_mem.h +++ b/components/mbedtls/port/include/esp_mem.h @@ -1,16 +1,8 @@ -// Copyright 2018 Espressif Systems (Shanghai) PTE LTD -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. +/* + * SPDX-FileCopyrightText: 2018-2022 Espressif Systems (Shanghai) CO LTD + * + * SPDX-License-Identifier: Apache-2.0 + */ #pragma once diff --git a/components/mbedtls/port/include/gcm_alt.h b/components/mbedtls/port/include/gcm_alt.h index 7210d92b877..3f36e5562e5 100644 --- a/components/mbedtls/port/include/gcm_alt.h +++ b/components/mbedtls/port/include/gcm_alt.h @@ -1,24 +1,11 @@ -/** - * \file gcm_alt.h +/* + * gcm_alt.h: AES block cipher * - * \brief AES block cipher - * - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-FileCopyrightText: The Mbed TLS Contributors * + * SPDX-License-Identifier: Apache-2.0 * + * SPDX-FileContributor: 2016-2021 Espressif Systems (Shanghai) CO LTD */ #ifndef GCM_ALT_H #define GCM_ALT_H @@ -41,6 +28,7 @@ typedef esp_gcm_context mbedtls_gcm_context; #define mbedtls_gcm_free esp_aes_gcm_free #define mbedtls_gcm_setkey esp_aes_gcm_setkey #define mbedtls_gcm_starts esp_aes_gcm_starts +#define mbedtls_gcm_update_ad esp_aes_gcm_update_ad #define mbedtls_gcm_update esp_aes_gcm_update #define mbedtls_gcm_finish esp_aes_gcm_finish #define mbedtls_gcm_auth_decrypt esp_aes_gcm_auth_decrypt diff --git a/components/mbedtls/port/include/mbedtls/certs.h b/components/mbedtls/port/include/mbedtls/certs.h new file mode 100644 index 00000000000..d2b38b4b64e --- /dev/null +++ b/components/mbedtls/port/include/mbedtls/certs.h @@ -0,0 +1,239 @@ +/* + * SPDX-FileCopyrightText: 2022 Espressif Systems (Shanghai) CO LTD + * + * SPDX-License-Identifier: Apache-2.0 + */ +/** + * \file certs.h + * + + */ +#ifndef MBEDTLS_CERTS_H +#define MBEDTLS_CERTS_H + +#if !defined(MBEDTLS_CONFIG_FILE) +#include "mbedtls_config.h" +#else +#include MBEDTLS_CONFIG_FILE +#endif + +#include + +#ifdef __cplusplus +extern "C" { +#endif + +/* List of all PEM-encoded CA certificates, terminated by NULL; + * PEM encoded if MBEDTLS_PEM_PARSE_C is enabled, DER encoded + * otherwise. */ +extern const char * mbedtls_test_cas[]; +extern const size_t mbedtls_test_cas_len[]; + +/* List of all DER-encoded CA certificates, terminated by NULL */ +extern const unsigned char * mbedtls_test_cas_der[]; +extern const size_t mbedtls_test_cas_der_len[]; + +#if defined(MBEDTLS_PEM_PARSE_C) +/* Concatenation of all CA certificates in PEM format if available */ +extern const char mbedtls_test_cas_pem[]; +extern const size_t mbedtls_test_cas_pem_len; +#endif /* MBEDTLS_PEM_PARSE_C */ + +/* + * CA test certificates + */ + +extern const char mbedtls_test_ca_crt_ec_pem[]; +extern const char mbedtls_test_ca_key_ec_pem[]; +extern const char mbedtls_test_ca_pwd_ec_pem[]; +extern const char mbedtls_test_ca_key_rsa_pem[]; +extern const char mbedtls_test_ca_pwd_rsa_pem[]; +extern const char mbedtls_test_ca_crt_rsa_sha1_pem[]; +extern const char mbedtls_test_ca_crt_rsa_sha256_pem[]; + +extern const unsigned char mbedtls_test_ca_crt_ec_der[]; +extern const unsigned char mbedtls_test_ca_key_ec_der[]; +extern const unsigned char mbedtls_test_ca_key_rsa_der[]; +extern const unsigned char mbedtls_test_ca_crt_rsa_sha1_der[]; +extern const unsigned char mbedtls_test_ca_crt_rsa_sha256_der[]; + +extern const size_t mbedtls_test_ca_crt_ec_pem_len; +extern const size_t mbedtls_test_ca_key_ec_pem_len; +extern const size_t mbedtls_test_ca_pwd_ec_pem_len; +extern const size_t mbedtls_test_ca_key_rsa_pem_len; +extern const size_t mbedtls_test_ca_pwd_rsa_pem_len; +extern const size_t mbedtls_test_ca_crt_rsa_sha1_pem_len; +extern const size_t mbedtls_test_ca_crt_rsa_sha256_pem_len; + +extern const size_t mbedtls_test_ca_crt_ec_der_len; +extern const size_t mbedtls_test_ca_key_ec_der_len; +extern const size_t mbedtls_test_ca_pwd_ec_der_len; +extern const size_t mbedtls_test_ca_key_rsa_der_len; +extern const size_t mbedtls_test_ca_pwd_rsa_der_len; +extern const size_t mbedtls_test_ca_crt_rsa_sha1_der_len; +extern const size_t mbedtls_test_ca_crt_rsa_sha256_der_len; + +/* Config-dependent dispatch between PEM and DER encoding + * (PEM if enabled, otherwise DER) */ + +extern const char mbedtls_test_ca_crt_ec[]; +extern const char mbedtls_test_ca_key_ec[]; +extern const char mbedtls_test_ca_pwd_ec[]; +extern const char mbedtls_test_ca_key_rsa[]; +extern const char mbedtls_test_ca_pwd_rsa[]; +extern const char mbedtls_test_ca_crt_rsa_sha1[]; +extern const char mbedtls_test_ca_crt_rsa_sha256[]; + +extern const size_t mbedtls_test_ca_crt_ec_len; +extern const size_t mbedtls_test_ca_key_ec_len; +extern const size_t mbedtls_test_ca_pwd_ec_len; +extern const size_t mbedtls_test_ca_key_rsa_len; +extern const size_t mbedtls_test_ca_pwd_rsa_len; +extern const size_t mbedtls_test_ca_crt_rsa_sha1_len; +extern const size_t mbedtls_test_ca_crt_rsa_sha256_len; + +/* Config-dependent dispatch between SHA-1 and SHA-256 + * (SHA-256 if enabled, otherwise SHA-1) */ + +extern const char mbedtls_test_ca_crt_rsa[]; +extern const size_t mbedtls_test_ca_crt_rsa_len; + +/* Config-dependent dispatch between EC and RSA + * (RSA if enabled, otherwise EC) */ + +extern const char * mbedtls_test_ca_crt; +extern const char * mbedtls_test_ca_key; +extern const char * mbedtls_test_ca_pwd; +extern const size_t mbedtls_test_ca_crt_len; +extern const size_t mbedtls_test_ca_key_len; +extern const size_t mbedtls_test_ca_pwd_len; + +/* + * Server test certificates + */ + +extern const char mbedtls_test_srv_crt_ec_pem[]; +extern const char mbedtls_test_srv_key_ec_pem[]; +extern const char mbedtls_test_srv_pwd_ec_pem[]; +extern const char mbedtls_test_srv_key_rsa_pem[]; +extern const char mbedtls_test_srv_pwd_rsa_pem[]; +extern const char mbedtls_test_srv_crt_rsa_sha1_pem[]; +extern const char mbedtls_test_srv_crt_rsa_sha256_pem[]; + +extern const unsigned char mbedtls_test_srv_crt_ec_der[]; +extern const unsigned char mbedtls_test_srv_key_ec_der[]; +extern const unsigned char mbedtls_test_srv_key_rsa_der[]; +extern const unsigned char mbedtls_test_srv_crt_rsa_sha1_der[]; +extern const unsigned char mbedtls_test_srv_crt_rsa_sha256_der[]; + +extern const size_t mbedtls_test_srv_crt_ec_pem_len; +extern const size_t mbedtls_test_srv_key_ec_pem_len; +extern const size_t mbedtls_test_srv_pwd_ec_pem_len; +extern const size_t mbedtls_test_srv_key_rsa_pem_len; +extern const size_t mbedtls_test_srv_pwd_rsa_pem_len; +extern const size_t mbedtls_test_srv_crt_rsa_sha1_pem_len; +extern const size_t mbedtls_test_srv_crt_rsa_sha256_pem_len; + +extern const size_t mbedtls_test_srv_crt_ec_der_len; +extern const size_t mbedtls_test_srv_key_ec_der_len; +extern const size_t mbedtls_test_srv_pwd_ec_der_len; +extern const size_t mbedtls_test_srv_key_rsa_der_len; +extern const size_t mbedtls_test_srv_pwd_rsa_der_len; +extern const size_t mbedtls_test_srv_crt_rsa_sha1_der_len; +extern const size_t mbedtls_test_srv_crt_rsa_sha256_der_len; + +/* Config-dependent dispatch between PEM and DER encoding + * (PEM if enabled, otherwise DER) */ + +extern const char mbedtls_test_srv_crt_ec[]; +extern const char mbedtls_test_srv_key_ec[]; +extern const char mbedtls_test_srv_pwd_ec[]; +extern const char mbedtls_test_srv_key_rsa[]; +extern const char mbedtls_test_srv_pwd_rsa[]; +extern const char mbedtls_test_srv_crt_rsa_sha1[]; +extern const char mbedtls_test_srv_crt_rsa_sha256[]; + +extern const size_t mbedtls_test_srv_crt_ec_len; +extern const size_t mbedtls_test_srv_key_ec_len; +extern const size_t mbedtls_test_srv_pwd_ec_len; +extern const size_t mbedtls_test_srv_key_rsa_len; +extern const size_t mbedtls_test_srv_pwd_rsa_len; +extern const size_t mbedtls_test_srv_crt_rsa_sha1_len; +extern const size_t mbedtls_test_srv_crt_rsa_sha256_len; + +/* Config-dependent dispatch between SHA-1 and SHA-256 + * (SHA-256 if enabled, otherwise SHA-1) */ + +extern const char mbedtls_test_srv_crt_rsa[]; +extern const size_t mbedtls_test_srv_crt_rsa_len; + +/* Config-dependent dispatch between EC and RSA + * (RSA if enabled, otherwise EC) */ + +extern const char * mbedtls_test_srv_crt; +extern const char * mbedtls_test_srv_key; +extern const char * mbedtls_test_srv_pwd; +extern const size_t mbedtls_test_srv_crt_len; +extern const size_t mbedtls_test_srv_key_len; +extern const size_t mbedtls_test_srv_pwd_len; + +/* + * Client test certificates + */ + +extern const char mbedtls_test_cli_crt_ec_pem[]; +extern const char mbedtls_test_cli_key_ec_pem[]; +extern const char mbedtls_test_cli_pwd_ec_pem[]; +extern const char mbedtls_test_cli_key_rsa_pem[]; +extern const char mbedtls_test_cli_pwd_rsa_pem[]; +extern const char mbedtls_test_cli_crt_rsa_pem[]; + +extern const unsigned char mbedtls_test_cli_crt_ec_der[]; +extern const unsigned char mbedtls_test_cli_key_ec_der[]; +extern const unsigned char mbedtls_test_cli_key_rsa_der[]; +extern const unsigned char mbedtls_test_cli_crt_rsa_der[]; + +extern const size_t mbedtls_test_cli_crt_ec_pem_len; +extern const size_t mbedtls_test_cli_key_ec_pem_len; +extern const size_t mbedtls_test_cli_pwd_ec_pem_len; +extern const size_t mbedtls_test_cli_key_rsa_pem_len; +extern const size_t mbedtls_test_cli_pwd_rsa_pem_len; +extern const size_t mbedtls_test_cli_crt_rsa_pem_len; + +extern const size_t mbedtls_test_cli_crt_ec_der_len; +extern const size_t mbedtls_test_cli_key_ec_der_len; +extern const size_t mbedtls_test_cli_key_rsa_der_len; +extern const size_t mbedtls_test_cli_crt_rsa_der_len; + +/* Config-dependent dispatch between PEM and DER encoding + * (PEM if enabled, otherwise DER) */ + +extern const char mbedtls_test_cli_crt_ec[]; +extern const char mbedtls_test_cli_key_ec[]; +extern const char mbedtls_test_cli_pwd_ec[]; +extern const char mbedtls_test_cli_key_rsa[]; +extern const char mbedtls_test_cli_pwd_rsa[]; +extern const char mbedtls_test_cli_crt_rsa[]; + +extern const size_t mbedtls_test_cli_crt_ec_len; +extern const size_t mbedtls_test_cli_key_ec_len; +extern const size_t mbedtls_test_cli_pwd_ec_len; +extern const size_t mbedtls_test_cli_key_rsa_len; +extern const size_t mbedtls_test_cli_pwd_rsa_len; +extern const size_t mbedtls_test_cli_crt_rsa_len; + +/* Config-dependent dispatch between EC and RSA + * (RSA if enabled, otherwise EC) */ + +extern const char * mbedtls_test_cli_crt; +extern const char * mbedtls_test_cli_key; +extern const char * mbedtls_test_cli_pwd; +extern const size_t mbedtls_test_cli_crt_len; +extern const size_t mbedtls_test_cli_key_len; +extern const size_t mbedtls_test_cli_pwd_len; + +#ifdef __cplusplus +} +#endif + +#endif /* certs.h */ diff --git a/components/mbedtls/port/include/mbedtls/esp_config.h b/components/mbedtls/port/include/mbedtls/esp_config.h index b5d0fee0fd1..89bcd93972e 100644 --- a/components/mbedtls/port/include/mbedtls/esp_config.h +++ b/components/mbedtls/port/include/mbedtls/esp_config.h @@ -10,11 +10,11 @@ * Copyright The Mbed TLS Contributors * SPDX-License-Identifier: Apache-2.0 * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at + * This set of compile-time options may be used to enable + * or disable features selectively, and reduce the global + * memory footprint. * - * http://www.apache.org/licenses/LICENSE-2.0 + * SPDX-FileCopyrightText: The Mbed TLS Contributors * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT @@ -22,12 +22,11 @@ * See the License for the specific language governing permissions and * limitations under the License. */ - #ifndef ESP_CONFIG_H #define ESP_CONFIG_H #include "sdkconfig.h" -#include "mbedtls/config.h" +#include "mbedtls/mbedtls_config.h" #include "soc/soc_caps.h" /** @@ -959,9 +958,7 @@ * * This only affects CBC ciphersuites, and is useless if none is defined. * - * Requires: MBEDTLS_SSL_PROTO_TLS1 or - * MBEDTLS_SSL_PROTO_TLS1_1 or - * MBEDTLS_SSL_PROTO_TLS1_2 + * Requires: MBEDTLS_SSL_PROTO_TLS1_2 * * Comment this macro to disable support for Encrypt-then-MAC */ @@ -981,9 +978,7 @@ * renegotiation), since it actually fixes a more fundamental issue in the * original SSL/TLS design, and has implications beyond Triple Handshake. * - * Requires: MBEDTLS_SSL_PROTO_TLS1 or - * MBEDTLS_SSL_PROTO_TLS1_1 or - * MBEDTLS_SSL_PROTO_TLS1_2 + * Requires: MBEDTLS_SSL_PROTO_TLS1_2 * * Comment this macro to disable support for Extended Master Secret. */ @@ -1091,7 +1086,7 @@ /** * \def MBEDTLS_SSL_RENEGOTIATION * - * Disable support for TLS renegotiation. + * Enable support for TLS renegotiation. * * The two main uses of renegotiation are (1) refresh keys on long-lived * connections and (2) client authentication after the initial handshake. @@ -1100,6 +1095,13 @@ * misuse/misunderstand. * * Comment this to disable support for renegotiation. + * + * \note Even if this option is disabled, both client and server are aware + * of the Renegotiation Indication Extension (RFC 5746) used to + * prevent the SSL renegotiation attack (see RFC 5746 Sect. 1). + * (See \c mbedtls_ssl_conf_legacy_renegotiation for the + * configuration of this extension). + * */ #ifdef CONFIG_MBEDTLS_SSL_RENEGOTIATION #define MBEDTLS_SSL_RENEGOTIATION @@ -1116,21 +1118,6 @@ */ #define MBEDTLS_SSL_MAX_FRAGMENT_LENGTH -/** - * \def MBEDTLS_SSL_PROTO_TLS1_1 - * - * Enable support for TLS 1.1 (and DTLS 1.0 if DTLS is enabled). - * - * Requires: MBEDTLS_MD5_C - * MBEDTLS_SHA1_C - * - * Comment this macro to disable support for TLS 1.1 / DTLS 1.0 - */ -#ifdef CONFIG_MBEDTLS_SSL_PROTO_TLS1_1 -#define MBEDTLS_SSL_PROTO_TLS1_1 -#else -#undef MBEDTLS_SSL_PROTO_TLS1_1 -#endif /** * \def MBEDTLS_SSL_PROTO_TLS1_2 @@ -1148,16 +1135,59 @@ #undef MBEDTLS_SSL_PROTO_TLS1_2 #endif +/** + * \def MBEDTLS_SSL_PROTO_TLS1_3 + * + * Enable support for TLS 1.3. + * + * \note The support for TLS 1.3 is not comprehensive yet, in particular + * pre-shared keys are not supported. + * See docs/architecture/tls13-support.md for a description of the TLS + * 1.3 support that this option enables. + * + * Uncomment this macro to enable the support for TLS 1.3. + * + */ +#ifdef CONFIG_MBEDTLS_SSL_PROTO_TLS1_3 +#define MBEDTLS_SSL_PROTO_TLS1_3 +#else +#undef MBEDTLS_SSL_PROTO_TLS1_3 +#endif + +/** + * \def MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE + * + * Enable TLS 1.3 middlebox compatibility mode. + * + * As specified in Section D.4 of RFC 8446, TLS 1.3 offers a compatibility + * mode to make a TLS 1.3 connection more likely to pass through middle boxes + * expecting TLS 1.2 traffic. + * + * Turning on the compatibility mode comes at the cost of a few added bytes + * on the wire, but it doesn't affect compatibility with TLS 1.3 implementations + * that don't use it. Therefore, unless transmission bandwidth is critical and + * you know that middlebox compatibility issues won't occur, it is therefore + * recommended to set this option. + * + * Comment to disable compatibility mode for TLS 1.3. If + * MBEDTLS_SSL_PROTO_TLS1_3 is not enabled, this option does not have any + * effect on the build. + * + */ +#ifdef CONFIG_MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +#define MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +#else +#undef MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE +#endif + /** * \def MBEDTLS_SSL_PROTO_DTLS * * Enable support for DTLS (all available versions). * - * Enable this and MBEDTLS_SSL_PROTO_TLS1_1 to enable DTLS 1.0, - * and/or this and MBEDTLS_SSL_PROTO_TLS1_2 to enable DTLS 1.2. + * Enable this and MBEDTLS_SSL_PROTO_TLS1_2 to enable DTLS 1.2. * - * Requires: MBEDTLS_SSL_PROTO_TLS1_1 - * or MBEDTLS_SSL_PROTO_TLS1_2 + * Requires: MBEDTLS_SSL_PROTO_TLS1_2 * * Comment this macro to disable support for DTLS */ @@ -1276,21 +1306,6 @@ #undef MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE #endif -/** - * \def MBEDTLS_SSL_DTLS_BADMAC_LIMIT - * - * Enable support for a limit of records with bad MAC. - * - * See mbedtls_ssl_conf_dtls_badmac_limit(). - * - * Requires: MBEDTLS_SSL_PROTO_DTLS - */ -#ifdef CONFIG_MBEDTLS_SSL_PROTO_DTLS -#define MBEDTLS_SSL_DTLS_BADMAC_LIMIT -#else -#undef MBEDTLS_SSL_DTLS_BADMAC_LIMIT -#endif - /** * \def MBEDTLS_SSL_SESSION_TICKETS * @@ -1330,14 +1345,6 @@ */ #define MBEDTLS_SSL_SERVER_NAME_INDICATION -/** - * \def MBEDTLS_SSL_TRUNCATED_HMAC - * - * Enable support for RFC 6066 truncated HMAC in SSL. - * - * Comment this macro to disable support for truncated HMAC in SSL - */ -#define MBEDTLS_SSL_TRUNCATED_HMAC /** * \def MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH @@ -1367,40 +1374,6 @@ */ #define MBEDTLS_VERSION_FEATURES -/** - * \def MBEDTLS_X509_CHECK_KEY_USAGE - * - * Enable verification of the keyUsage extension (CA and leaf certificates). - * - * Disabling this avoids problems with mis-issued and/or misused - * (intermediate) CA and leaf certificates. - * - * \warning Depending on your PKI use, disabling this can be a security risk! - * - * Comment to skip keyUsage checking for both CA and leaf certificates. - */ -#ifdef CONFIG_MBEDTLS_X509_CHECK_KEY_USAGE -#define MBEDTLS_X509_CHECK_KEY_USAGE -#else -#undef MBEDTLS_X509_CHECK_KEY_USAGE -#endif - -/** - * \def MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE - * - * Enable verification of the extendedKeyUsage extension (leaf certificates). - * - * Disabling this avoids problems with mis-issued and/or misused certificates. - * - * \warning Depending on your PKI use, disabling this can be a security risk! - * - * Comment to skip extendedKeyUsage checking for certificates. - */ -#ifdef CONFIG_MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE -#define MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE -#else -#undef MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE -#endif /** * \def MBEDTLS_X509_RSASSA_PSS_SUPPORT @@ -2259,8 +2232,10 @@ * This module adds support for SHA-384 and SHA-512. */ #ifdef CONFIG_MBEDTLS_SHA512_C +#define MBEDTLS_SHA384_C #define MBEDTLS_SHA512_C #else +#undef MBEDTLS_SHA384_C #undef MBEDTLS_SHA512_C #endif @@ -2766,6 +2741,8 @@ #include MBEDTLS_USER_CONFIG_FILE #endif -#include "mbedtls/check_config.h" +/* This flag makes sure that we are not using + * any functino that is deprecated by mbedtls */ +#define MBEDTLS_DEPRECATED_REMOVED -#endif /* MBEDTLS_CONFIG_H */ +#endif /* ESP_CONFIG_H */ diff --git a/components/mbedtls/port/include/md/esp_md.h b/components/mbedtls/port/include/md/esp_md.h index f6c0a92d027..40ee6bc0a49 100644 --- a/components/mbedtls/port/include/md/esp_md.h +++ b/components/mbedtls/port/include/md/esp_md.h @@ -1,16 +1,8 @@ -// Copyright 2020 Espressif Systems (Shanghai) PTE LTD -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at - -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and - +/* + * SPDX-FileCopyrightText: 2020-2021 Espressif Systems (Shanghai) CO LTD + * + * SPDX-License-Identifier: Apache-2.0 + */ #pragma once #include "esp_rom_md5.h" @@ -35,7 +27,7 @@ typedef struct MD5Context mbedtls_md5_context; * stronger message digests instead. * */ -int esp_md5_init_ret( mbedtls_md5_context *ctx ); +void esp_md5_init( mbedtls_md5_context *ctx ); /** * \brief Clear MD5 context @@ -63,11 +55,9 @@ void esp_md5_free( mbedtls_md5_context *ctx ); void esp_md5_clone( mbedtls_md5_context *dst, const mbedtls_md5_context *src ); /** - * \brief MD5 process buffer + * \brief MD5 context setup * - * \param ctx MD5 context - * \param input buffer holding the data - * \param ilen length of the input data + * \param ctx context to be initialized * * \return 0 if successful * @@ -76,13 +66,14 @@ void esp_md5_clone( mbedtls_md5_context *dst, const mbedtls_md5_context *src ); * stronger message digests instead. * */ -int esp_md5_update_ret( mbedtls_md5_context *ctx, const unsigned char *input, size_t ilen ); +int mbedtls_md5_starts( mbedtls_md5_context *ctx ); /** - * \brief MD5 final digest + * \brief MD5 process buffer * * \param ctx MD5 context - * \param output MD5 checksum result + * \param input buffer holding the data + * \param ilen length of the input data * * \return 0 if successful * @@ -91,13 +82,13 @@ int esp_md5_update_ret( mbedtls_md5_context *ctx, const unsigned char *input, si * stronger message digests instead. * */ -int esp_md5_finish_ret( mbedtls_md5_context *ctx, unsigned char output[16] ); +int esp_md5_update( mbedtls_md5_context *ctx, const unsigned char *input, size_t ilen ); /** - * \brief MD5 process data block (internal use only) + * \brief MD5 final digest * * \param ctx MD5 context - * \param data buffer holding one block of data + * \param output MD5 checksum result * * \return 0 if successful * @@ -106,52 +97,22 @@ int esp_md5_finish_ret( mbedtls_md5_context *ctx, unsigned char output[16] ); * stronger message digests instead. * */ -int esp_md5_process( mbedtls_md5_context *ctx, const unsigned char data[64] ); - -/** - * \brief MD5 context setup - * - * \deprecated Superseded by mbedtls_md5_starts_ret() in 2.7.0 - * - * \param ctx context to be initialized - * - * \warning MD5 is considered a weak message digest and its use - * constitutes a security risk. We recommend considering - * stronger message digests instead. - * - */ -void esp_md5_init( mbedtls_md5_context *ctx ); +int esp_md5_finish( mbedtls_md5_context *ctx, unsigned char output[16] ); /** - * \brief MD5 process buffer - * - * \deprecated Superseded by mbedtls_md5_update_ret() in 2.7.0 + * \brief MD5 process data block (internal use only) * * \param ctx MD5 context - * \param input buffer holding the data - * \param ilen length of the input data - * - * \warning MD5 is considered a weak message digest and its use - * constitutes a security risk. We recommend considering - * stronger message digests instead. - * - */ -void esp_md5_update( mbedtls_md5_context *ctx, const unsigned char *input, size_t ilen ); - -/** - * \brief MD5 final digest - * - * \deprecated Superseded by mbedtls_md5_finish_ret() in 2.7.0 + * \param data buffer holding one block of data * - * \param ctx MD5 context - * \param output MD5 checksum result + * \return 0 if successful * * \warning MD5 is considered a weak message digest and its use * constitutes a security risk. We recommend considering * stronger message digests instead. * */ -void esp_md5_finish( mbedtls_md5_context *ctx, unsigned char output[16] ); +int esp_md5_process( mbedtls_md5_context *ctx, const unsigned char data[64] ); #ifdef __cplusplus } diff --git a/components/mbedtls/port/include/md5_alt.h b/components/mbedtls/port/include/md5_alt.h index 4777d047f1c..312719598b7 100644 --- a/components/mbedtls/port/include/md5_alt.h +++ b/components/mbedtls/port/include/md5_alt.h @@ -1,24 +1,11 @@ -/** - * \file md5_alt.h +/* + * md5_alt.h: MD5 block cipher * - * \brief MD5 block cipher - * - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-FileCopyrightText: The Mbed TLS Contributors * + * SPDX-License-Identifier: Apache-2.0 * + * SPDX-FileContributor: 2016-2021 Espressif Systems (Shanghai) CO LTD */ #ifndef MD5_ALT_H #define MD5_ALT_H @@ -33,9 +20,7 @@ extern "C" { #define mbedtls_md5_init esp_md5_init #define mbedtls_md5_update esp_md5_update #define mbedtls_md5_finish esp_md5_finish -#define mbedtls_md5_starts_ret esp_md5_init_ret -#define mbedtls_md5_update_ret esp_md5_update_ret -#define mbedtls_md5_finish_ret esp_md5_finish_ret +#define mbedtls_md5_starts esp_md5_starts #define mbedtls_md5_free esp_md5_free #define mbedtls_md5_clone esp_md5_clone diff --git a/components/mbedtls/port/include/rsa_sign_alt.h b/components/mbedtls/port/include/rsa_sign_alt.h index aacac95563e..bd299cfc3e2 100644 --- a/components/mbedtls/port/include/rsa_sign_alt.h +++ b/components/mbedtls/port/include/rsa_sign_alt.h @@ -1,16 +1,8 @@ -// Copyright 2020 Espressif Systems (Shanghai) PTE LTD -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at - -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. +/* + * SPDX-FileCopyrightText: 2020-2022 Espressif Systems (Shanghai) CO LTD + * + * SPDX-License-Identifier: Apache-2.0 + */ #pragma once diff --git a/components/mbedtls/port/mbedtls_debug.c b/components/mbedtls/port/mbedtls_debug.c index 90ffe9f5d3a..ac2aa4684c3 100644 --- a/components/mbedtls/port/mbedtls_debug.c +++ b/components/mbedtls/port/mbedtls_debug.c @@ -1,16 +1,8 @@ -// Copyright 2015-2016 Espressif Systems (Shanghai) PTE LTD -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at - -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. +/* + * SPDX-FileCopyrightText: 2015-2021 Espressif Systems (Shanghai) CO LTD + * + * SPDX-License-Identifier: Apache-2.0 + */ #include diff --git a/components/mbedtls/port/md/esp_md.c b/components/mbedtls/port/md/esp_md.c index f15a0b937b5..eb54b5d85cc 100644 --- a/components/mbedtls/port/md/esp_md.c +++ b/components/mbedtls/port/md/esp_md.c @@ -11,7 +11,7 @@ #if defined(MBEDTLS_MD5_ALT) #include "md/esp_md.h" -int esp_md5_finish_ret( mbedtls_md5_context *ctx, unsigned char output[16] ) +int esp_md5_finish( mbedtls_md5_context *ctx, unsigned char output[16] ) { esp_rom_md5_final(output, ctx); @@ -19,7 +19,7 @@ int esp_md5_finish_ret( mbedtls_md5_context *ctx, unsigned char output[16] ) return 0; } -int esp_md5_update_ret( mbedtls_md5_context *ctx, const unsigned char *input, size_t ilen ) +int esp_md5_update( mbedtls_md5_context *ctx, const unsigned char *input, size_t ilen ) { esp_rom_md5_update(ctx, input, ilen); @@ -27,27 +27,15 @@ int esp_md5_update_ret( mbedtls_md5_context *ctx, const unsigned char *input, si return 0; } -int esp_md5_init_ret( mbedtls_md5_context *ctx ) +void esp_md5_init( mbedtls_md5_context *ctx ) { esp_rom_md5_init(ctx); - - - return 0; -} - -void esp_md5_finish( mbedtls_md5_context *ctx, unsigned char output[16] ) -{ - esp_md5_finish_ret(ctx, output); -} - -void esp_md5_update( mbedtls_md5_context *ctx, const unsigned char *input, size_t ilen ) -{ - esp_md5_update_ret(ctx, input, ilen); } -void esp_md5_init( mbedtls_md5_context *ctx ) +int esp_md5_starts( mbedtls_md5_context *ctx ) { - esp_md5_init_ret(ctx); + esp_md5_init(ctx); + return 0; } void esp_md5_free( mbedtls_md5_context *ctx ) @@ -61,7 +49,7 @@ void esp_md5_free( mbedtls_md5_context *ctx ) int esp_md5_process( mbedtls_md5_context *ctx, const unsigned char data[64] ) { - esp_md5_update_ret(ctx, data, 64); + esp_md5_update(ctx, data, 64); return 0; } diff --git a/components/mbedtls/port/net_sockets.c b/components/mbedtls/port/net_sockets.c index b51cb2ae98f..102b9c80251 100644 --- a/components/mbedtls/port/net_sockets.c +++ b/components/mbedtls/port/net_sockets.c @@ -1,31 +1,15 @@ /* - * TCP/IP or UDP/IP networking functions - * modified for LWIP support on ESP32 + * TCP/IP or UDP/IP networking functions + * modified for LWIP support on ESP32 * - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved - * Additions Copyright (C) 2015 Angus Gratton - * SPDX-License-Identifier: Apache-2.0 + * SPDX-FileCopyrightText: The Mbed TLS Contributors * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at + * SPDX-License-Identifier: Apache-2.0 * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - * This file is part of mbed TLS (https://tls.mbed.org) + * SPDX-FileContributor: 2015 Angus Gratton */ -#if !defined(MBEDTLS_CONFIG_FILE) -#include "mbedtls/config.h" -#else -#include MBEDTLS_CONFIG_FILE -#endif +#include #ifdef CONFIG_ESP_NETIF_TCPIP_LWIP @@ -432,12 +416,12 @@ int mbedtls_net_send( void *ctx, const unsigned char *buf, size_t len ) */ void mbedtls_net_free( mbedtls_net_context *ctx ) { - if ( ctx->fd == -1 ) { + if ( ctx->fd == -1) { return; } - shutdown( ctx->fd, 2 ); - close( ctx->fd ); + shutdown( ctx->fd, 2); + close(ctx->fd); ctx->fd = -1; } diff --git a/components/mbedtls/port/sha/dma/esp_sha1.c b/components/mbedtls/port/sha/dma/esp_sha1.c index 91b011f386f..6d4b43028fd 100644 --- a/components/mbedtls/port/sha/dma/esp_sha1.c +++ b/components/mbedtls/port/sha/dma/esp_sha1.c @@ -1,22 +1,11 @@ /* - * SHA-1 implementation with hardware ESP support added. + * SHA-1 implementation with hardware ESP support added. * - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved - * Additions Copyright (C) 2016-2020, Espressif Systems (Shanghai) PTE LTD - * SPDX-License-Identifier: Apache-2.0 + * SPDX-FileCopyrightText: The Mbed TLS Contributors * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 * + * SPDX-FileContributor: 2016-2021 Espressif Systems (Shanghai) CO LTD */ /* * The SHA-1 standard was published by NIST in 1993. @@ -24,11 +13,7 @@ * http://www.itl.nist.gov/fipspubs/fip180-1.htm */ -#if !defined(MBEDTLS_CONFIG_FILE) -#include "mbedtls/config.h" -#else -#include MBEDTLS_CONFIG_FILE -#endif +#include #if defined(MBEDTLS_SHA1_C) && defined(MBEDTLS_SHA1_ALT) @@ -92,7 +77,7 @@ void mbedtls_sha1_clone( mbedtls_sha1_context *dst, /* * SHA-1 context setup */ -int mbedtls_sha1_starts_ret( mbedtls_sha1_context *ctx ) +int mbedtls_sha1_starts( mbedtls_sha1_context *ctx ) { ctx->total[0] = 0; ctx->total[1] = 0; @@ -103,12 +88,6 @@ int mbedtls_sha1_starts_ret( mbedtls_sha1_context *ctx ) return 0; } -#if !defined(MBEDTLS_DEPRECATED_REMOVED) -void mbedtls_sha1_starts( mbedtls_sha1_context *ctx ) -{ - mbedtls_sha1_starts_ret( ctx ); -} -#endif static int esp_internal_sha1_dma_process(mbedtls_sha1_context *ctx, const uint8_t *data, size_t len, @@ -126,15 +105,7 @@ int mbedtls_internal_sha1_process( mbedtls_sha1_context *ctx, const unsigned cha return ret; } -#if !defined(MBEDTLS_DEPRECATED_REMOVED) -void mbedtls_sha1_process( mbedtls_sha1_context *ctx, - const unsigned char data[64] ) -{ - mbedtls_internal_sha1_process( ctx, data ); -} -#endif - -int mbedtls_sha1_update_ret( mbedtls_sha1_context *ctx, const unsigned char *input, size_t ilen ) +int mbedtls_sha1_update( mbedtls_sha1_context *ctx, const unsigned char *input, size_t ilen ) { int ret; size_t fill; @@ -195,15 +166,6 @@ int mbedtls_sha1_update_ret( mbedtls_sha1_context *ctx, const unsigned char *inp return 0; } -#if !defined(MBEDTLS_DEPRECATED_REMOVED) -void mbedtls_sha1_update( mbedtls_sha1_context *ctx, - const unsigned char *input, - size_t ilen ) -{ - mbedtls_sha1_update_ret( ctx, input, ilen ); -} -#endif - static const unsigned char sha1_padding[64] = { 0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, @@ -214,7 +176,7 @@ static const unsigned char sha1_padding[64] = { /* * SHA-1 final digest */ -int mbedtls_sha1_finish_ret( mbedtls_sha1_context *ctx, unsigned char output[20] ) +int mbedtls_sha1_finish( mbedtls_sha1_context *ctx, unsigned char output[20] ) { int ret; uint32_t last, padn; @@ -232,10 +194,10 @@ int mbedtls_sha1_finish_ret( mbedtls_sha1_context *ctx, unsigned char output[20] padn = ( last < 56 ) ? ( 56 - last ) : ( 120 - last ); - if ( ( ret = mbedtls_sha1_update_ret( ctx, sha1_padding, padn ) ) != 0 ) { + if ( ( ret = mbedtls_sha1_update( ctx, sha1_padding, padn ) ) != 0 ) { return ret; } - if ( ( ret = mbedtls_sha1_update_ret( ctx, msglen, 8 ) ) != 0 ) { + if ( ( ret = mbedtls_sha1_update( ctx, msglen, 8 ) ) != 0 ) { return ret; } @@ -244,12 +206,4 @@ int mbedtls_sha1_finish_ret( mbedtls_sha1_context *ctx, unsigned char output[20] return ret; } -#if !defined(MBEDTLS_DEPRECATED_REMOVED) -void mbedtls_sha1_finish( mbedtls_sha1_context *ctx, - unsigned char output[20] ) -{ - mbedtls_sha1_finish_ret( ctx, output ); -} -#endif - #endif /* MBEDTLS_SHA1_C && MBEDTLS_SHA1_ALT */ diff --git a/components/mbedtls/port/sha/dma/esp_sha256.c b/components/mbedtls/port/sha/dma/esp_sha256.c index 307b3384987..8934913b9f6 100644 --- a/components/mbedtls/port/sha/dma/esp_sha256.c +++ b/components/mbedtls/port/sha/dma/esp_sha256.c @@ -1,35 +1,19 @@ /* - * SHA-256 implementation with hardware ESP support added. + * SHA-256 implementation with hardware ESP support added. * - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved - * Additions Copyright (C) 2016-2020, Espressif Systems (Shanghai) PTE LTD - * SPDX-License-Identifier: Apache-2.0 + * SPDX-FileCopyrightText: The Mbed TLS Contributors * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 * + * SPDX-FileContributor: 2016-2021 Espressif Systems (Shanghai) CO LTD */ - /* * The SHA-256 Secure Hash Standard was published by NIST in 2002. * * http://csrc.nist.gov/publications/fips/fips180-2/fips180-2.pdf */ -#if !defined(MBEDTLS_CONFIG_FILE) -#include "mbedtls/config.h" -#else -#include MBEDTLS_CONFIG_FILE -#endif +#include #if defined(MBEDTLS_SHA256_C) && defined(MBEDTLS_SHA256_ALT) @@ -103,7 +87,7 @@ void mbedtls_sha256_clone( mbedtls_sha256_context *dst, /* * SHA-256 context setup */ -int mbedtls_sha256_starts_ret( mbedtls_sha256_context *ctx, int is224 ) +int mbedtls_sha256_starts( mbedtls_sha256_context *ctx, int is224 ) { memset( ctx, 0, sizeof( mbedtls_sha256_context ) ); @@ -116,15 +100,6 @@ int mbedtls_sha256_starts_ret( mbedtls_sha256_context *ctx, int is224 ) return 0; } -#if !defined(MBEDTLS_DEPRECATED_REMOVED) -void mbedtls_sha256_starts( mbedtls_sha256_context *ctx, - int is224 ) -{ - mbedtls_sha256_starts_ret( ctx, is224 ); -} -#endif - - int mbedtls_internal_sha256_process( mbedtls_sha256_context *ctx, const unsigned char data[64] ) { int ret; @@ -135,18 +110,10 @@ int mbedtls_internal_sha256_process( mbedtls_sha256_context *ctx, const unsigned return ret; } -#if !defined(MBEDTLS_DEPRECATED_REMOVED) -void mbedtls_sha256_process( mbedtls_sha256_context *ctx, - const unsigned char data[64] ) -{ - mbedtls_internal_sha256_process( ctx, data ); -} -#endif - /* * SHA-256 process buffer */ -int mbedtls_sha256_update_ret( mbedtls_sha256_context *ctx, const unsigned char *input, +int mbedtls_sha256_update( mbedtls_sha256_context *ctx, const unsigned char *input, size_t ilen ) { int ret = 0; @@ -208,15 +175,6 @@ int mbedtls_sha256_update_ret( mbedtls_sha256_context *ctx, const unsigned char return 0; } -#if !defined(MBEDTLS_DEPRECATED_REMOVED) -void mbedtls_sha256_update( mbedtls_sha256_context *ctx, - const unsigned char *input, - size_t ilen ) -{ - mbedtls_sha256_update_ret( ctx, input, ilen ); -} -#endif - static const unsigned char sha256_padding[64] = { 0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, @@ -227,7 +185,7 @@ static const unsigned char sha256_padding[64] = { /* * SHA-256 final digest */ -int mbedtls_sha256_finish_ret( mbedtls_sha256_context *ctx, unsigned char output[32] ) +int mbedtls_sha256_finish( mbedtls_sha256_context *ctx, unsigned char output[32] ) { int ret; uint32_t last, padn; @@ -244,11 +202,11 @@ int mbedtls_sha256_finish_ret( mbedtls_sha256_context *ctx, unsigned char output last = ctx->total[0] & 0x3F; padn = ( last < 56 ) ? ( 56 - last ) : ( 120 - last ); - if ( ( ret = mbedtls_sha256_update_ret( ctx, sha256_padding, padn ) ) != 0 ) { + if ( ( ret = mbedtls_sha256_update( ctx, sha256_padding, padn ) ) != 0 ) { return ret; } - if ( ( ret = mbedtls_sha256_update_ret( ctx, msglen, 8 ) ) != 0 ) { + if ( ( ret = mbedtls_sha256_update( ctx, msglen, 8 ) ) != 0 ) { return ret; } @@ -257,12 +215,4 @@ int mbedtls_sha256_finish_ret( mbedtls_sha256_context *ctx, unsigned char output return ret; } -#if !defined(MBEDTLS_DEPRECATED_REMOVED) -void mbedtls_sha256_finish( mbedtls_sha256_context *ctx, - unsigned char output[32] ) -{ - mbedtls_sha256_finish_ret( ctx, output ); -} -#endif - #endif /* MBEDTLS_SHA256_C && MBEDTLS_SHA256_ALT */ diff --git a/components/mbedtls/port/sha/dma/esp_sha512.c b/components/mbedtls/port/sha/dma/esp_sha512.c index fa4465d0f87..197d7e8b314 100644 --- a/components/mbedtls/port/sha/dma/esp_sha512.c +++ b/components/mbedtls/port/sha/dma/esp_sha512.c @@ -1,35 +1,19 @@ /* - * SHA-512 implementation with hardware ESP support added. + * SHA-512 implementation with hardware ESP support added. * - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved - * Additions Copyright (C) 2016-2020, Espressif Systems (Shanghai) PTE LTD - * SPDX-License-Identifier: Apache-2.0 + * SPDX-FileCopyrightText: The Mbed TLS Contributors * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 * + * SPDX-FileContributor: 2016-2021 Espressif Systems (Shanghai) CO LTD */ - /* * The SHA-512 Secure Hash Standard was published by NIST in 2002. * * http://csrc.nist.gov/publications/fips/fips180-2/fips180-2.pdf */ -#if !defined(MBEDTLS_CONFIG_FILE) -#include "mbedtls/config.h" -#else -#include MBEDTLS_CONFIG_FILE -#endif +#include #if defined(MBEDTLS_SHA512_C) && defined(MBEDTLS_SHA512_ALT) @@ -125,7 +109,7 @@ void mbedtls_sha512_clone( mbedtls_sha512_context *dst, /* * SHA-512 context setup */ -int mbedtls_sha512_starts_ret( mbedtls_sha512_context *ctx, int is384 ) +int mbedtls_sha512_starts( mbedtls_sha512_context *ctx, int is384 ) { mbedtls_zeroize( ctx, sizeof( mbedtls_sha512_context ) ); @@ -138,14 +122,6 @@ int mbedtls_sha512_starts_ret( mbedtls_sha512_context *ctx, int is384 ) return 0; } -#if !defined(MBEDTLS_DEPRECATED_REMOVED) -void mbedtls_sha512_starts( mbedtls_sha512_context *ctx, - int is384 ) -{ - mbedtls_sha512_starts_ret( ctx, is384 ); -} -#endif - static int esp_internal_sha512_dma_process(mbedtls_sha512_context *ctx, const uint8_t *data, size_t len, uint8_t *buf, size_t buf_len) @@ -168,18 +144,10 @@ int mbedtls_internal_sha512_process( mbedtls_sha512_context *ctx, const unsigned } -#if !defined(MBEDTLS_DEPRECATED_REMOVED) -void mbedtls_sha512_process( mbedtls_sha512_context *ctx, - const unsigned char data[128] ) -{ - mbedtls_internal_sha512_process( ctx, data ); -} -#endif - /* * SHA-512 process buffer */ -int mbedtls_sha512_update_ret( mbedtls_sha512_context *ctx, const unsigned char *input, +int mbedtls_sha512_update( mbedtls_sha512_context *ctx, const unsigned char *input, size_t ilen ) { int ret; @@ -249,16 +217,6 @@ int mbedtls_sha512_update_ret( mbedtls_sha512_context *ctx, const unsigned char return 0; } -#if !defined(MBEDTLS_DEPRECATED_REMOVED) -void mbedtls_sha512_update( mbedtls_sha512_context *ctx, - const unsigned char *input, - size_t ilen ) -{ - mbedtls_sha512_update_ret( ctx, input, ilen ); -} -#endif - - static const unsigned char sha512_padding[128] = { 0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, @@ -273,7 +231,7 @@ static const unsigned char sha512_padding[128] = { /* * SHA-512 final digest */ -int mbedtls_sha512_finish_ret( mbedtls_sha512_context *ctx, unsigned char output[64] ) +int mbedtls_sha512_finish( mbedtls_sha512_context *ctx, unsigned char output[64] ) { int ret; size_t last, padn; @@ -290,11 +248,11 @@ int mbedtls_sha512_finish_ret( mbedtls_sha512_context *ctx, unsigned char output last = (size_t)( ctx->total[0] & 0x7F ); padn = ( last < 112 ) ? ( 112 - last ) : ( 240 - last ); - if ( ( ret = mbedtls_sha512_update_ret( ctx, sha512_padding, padn ) ) != 0 ) { + if ( ( ret = mbedtls_sha512_update( ctx, sha512_padding, padn ) ) != 0 ) { return ret; } - if ( ( ret = mbedtls_sha512_update_ret( ctx, msglen, 16 ) ) != 0 ) { + if ( ( ret = mbedtls_sha512_update( ctx, msglen, 16 ) ) != 0 ) { return ret; } @@ -307,12 +265,4 @@ int mbedtls_sha512_finish_ret( mbedtls_sha512_context *ctx, unsigned char output return ret; } -#if !defined(MBEDTLS_DEPRECATED_REMOVED) -void mbedtls_sha512_finish( mbedtls_sha512_context *ctx, - unsigned char output[64] ) -{ - mbedtls_sha512_finish_ret( ctx, output ); -} -#endif - #endif /* MBEDTLS_SHA512_C && MBEDTLS_SHA512_ALT */ diff --git a/components/mbedtls/port/sha/dma/esp_sha_crypto_dma_impl.c b/components/mbedtls/port/sha/dma/esp_sha_crypto_dma_impl.c index a30803195c7..331751f95d4 100644 --- a/components/mbedtls/port/sha/dma/esp_sha_crypto_dma_impl.c +++ b/components/mbedtls/port/sha/dma/esp_sha_crypto_dma_impl.c @@ -1,16 +1,8 @@ -// Copyright 2020 Espressif Systems (Shanghai) PTE LTD -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. +/* + * SPDX-FileCopyrightText: 2020-2022 Espressif Systems (Shanghai) CO LTD + * + * SPDX-License-Identifier: Apache-2.0 + */ #include "esp_sha_dma_priv.h" diff --git a/components/mbedtls/port/sha/dma/esp_sha_gdma_impl.c b/components/mbedtls/port/sha/dma/esp_sha_gdma_impl.c index 0dc827fec24..bf65283040d 100644 --- a/components/mbedtls/port/sha/dma/esp_sha_gdma_impl.c +++ b/components/mbedtls/port/sha/dma/esp_sha_gdma_impl.c @@ -1,16 +1,8 @@ -// Copyright 2020 Espressif Systems (Shanghai) PTE LTD -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. +/* + * SPDX-FileCopyrightText: 2020-2022 Espressif Systems (Shanghai) CO LTD + * + * SPDX-License-Identifier: Apache-2.0 + */ #include "esp_sha_dma_priv.h" #include "esp_crypto_shared_gdma.h" diff --git a/components/mbedtls/port/sha/esp_sha.c b/components/mbedtls/port/sha/esp_sha.c index aa4fc23b17c..00be97f0e1c 100644 --- a/components/mbedtls/port/sha/esp_sha.c +++ b/components/mbedtls/port/sha/esp_sha.c @@ -43,10 +43,10 @@ void esp_sha(esp_sha_type sha_type, const unsigned char *input, size_t ilen, uns #if SOC_SHA_SUPPORT_SHA1 if (sha_type == SHA1) { mbedtls_sha1_init(&ctx.sha1); - mbedtls_sha1_starts_ret(&ctx.sha1); - ret = mbedtls_sha1_update_ret(&ctx.sha1, input, ilen); + mbedtls_sha1_starts(&ctx.sha1); + ret = mbedtls_sha1_update(&ctx.sha1, input, ilen); assert(ret == 0); - ret = mbedtls_sha1_finish_ret(&ctx.sha1, output); + ret = mbedtls_sha1_finish(&ctx.sha1, output); assert(ret == 0); mbedtls_sha1_free(&ctx.sha1); return; @@ -56,10 +56,10 @@ void esp_sha(esp_sha_type sha_type, const unsigned char *input, size_t ilen, uns #if SOC_SHA_SUPPORT_SHA256 if (sha_type == SHA2_256) { mbedtls_sha256_init(&ctx.sha256); - mbedtls_sha256_starts_ret(&ctx.sha256, 0); - ret = mbedtls_sha256_update_ret(&ctx.sha256, input, ilen); + mbedtls_sha256_starts(&ctx.sha256, 0); + ret = mbedtls_sha256_update(&ctx.sha256, input, ilen); assert(ret == 0); - ret = mbedtls_sha256_finish_ret(&ctx.sha256, output); + ret = mbedtls_sha256_finish(&ctx.sha256, output); assert(ret == 0); mbedtls_sha256_free(&ctx.sha256); return; @@ -69,10 +69,10 @@ void esp_sha(esp_sha_type sha_type, const unsigned char *input, size_t ilen, uns #if SOC_SHA_SUPPORT_SHA384 if (sha_type == SHA2_384) { mbedtls_sha512_init(&ctx.sha512); - mbedtls_sha512_starts_ret(&ctx.sha512, 1); - ret = mbedtls_sha512_update_ret(&ctx.sha512, input, ilen); + mbedtls_sha512_starts(&ctx.sha512, 1); + ret = mbedtls_sha512_update(&ctx.sha512, input, ilen); assert(ret == 0); - ret = mbedtls_sha512_finish_ret(&ctx.sha512, output); + ret = mbedtls_sha512_finish(&ctx.sha512, output); assert(ret == 0); mbedtls_sha512_free(&ctx.sha512); return; @@ -82,10 +82,10 @@ void esp_sha(esp_sha_type sha_type, const unsigned char *input, size_t ilen, uns #if SOC_SHA_SUPPORT_SHA512 if (sha_type == SHA2_512) { mbedtls_sha512_init(&ctx.sha512); - mbedtls_sha512_starts_ret(&ctx.sha512, 0); - ret = mbedtls_sha512_update_ret(&ctx.sha512, input, ilen); + mbedtls_sha512_starts(&ctx.sha512, 0); + ret = mbedtls_sha512_update(&ctx.sha512, input, ilen); assert(ret == 0); - ret = mbedtls_sha512_finish_ret(&ctx.sha512, output); + ret = mbedtls_sha512_finish(&ctx.sha512, output); assert(ret == 0); mbedtls_sha512_free(&ctx.sha512); return; diff --git a/components/mbedtls/port/sha/parallel_engine/esp_sha1.c b/components/mbedtls/port/sha/parallel_engine/esp_sha1.c index 4700daf5539..a5061ff9336 100644 --- a/components/mbedtls/port/sha/parallel_engine/esp_sha1.c +++ b/components/mbedtls/port/sha/parallel_engine/esp_sha1.c @@ -3,22 +3,11 @@ * Uses mbedTLS software implementation for failover when concurrent * SHA operations are in use. * - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved - * Additions Copyright (C) 2016, Espressif Systems (Shanghai) PTE LTD - * SPDX-License-Identifier: Apache-2.0 + * SPDX-FileCopyrightText: The Mbed TLS Contributors * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 * + * SPDX-FileContributor: 2016-2021 Espressif Systems (Shanghai) CO LTD */ /* * The SHA-1 standard was published by NIST in 1993. @@ -26,11 +15,7 @@ * http://www.itl.nist.gov/fipspubs/fip180-1.htm */ -#if !defined(MBEDTLS_CONFIG_FILE) -#include "mbedtls/config.h" -#else -#include MBEDTLS_CONFIG_FILE -#endif +#include #if defined(MBEDTLS_SHA1_C) && defined(MBEDTLS_SHA1_ALT) @@ -116,7 +101,7 @@ void mbedtls_sha1_clone( mbedtls_sha1_context *dst, /* * SHA-1 context setup */ -int mbedtls_sha1_starts_ret( mbedtls_sha1_context *ctx ) +int mbedtls_sha1_starts( mbedtls_sha1_context *ctx ) { ctx->total[0] = 0; ctx->total[1] = 0; @@ -135,12 +120,6 @@ int mbedtls_sha1_starts_ret( mbedtls_sha1_context *ctx ) return 0; } -#if !defined(MBEDTLS_DEPRECATED_REMOVED) -void mbedtls_sha1_starts( mbedtls_sha1_context *ctx ) -{ - mbedtls_sha1_starts_ret( ctx ); -} -#endif static void mbedtls_sha1_software_process( mbedtls_sha1_context *ctx, const unsigned char data[64] ); @@ -166,15 +145,6 @@ int mbedtls_internal_sha1_process( mbedtls_sha1_context *ctx, const unsigned cha return 0; } -#if !defined(MBEDTLS_DEPRECATED_REMOVED) -void mbedtls_sha1_process( mbedtls_sha1_context *ctx, - const unsigned char data[64] ) -{ - mbedtls_internal_sha1_process( ctx, data ); -} -#endif - - static void mbedtls_sha1_software_process( mbedtls_sha1_context *ctx, const unsigned char data[64] ) { uint32_t temp, W[16], A, B, C, D, E; @@ -334,7 +304,7 @@ static void mbedtls_sha1_software_process( mbedtls_sha1_context *ctx, const unsi /* * SHA-1 process buffer */ -int mbedtls_sha1_update_ret( mbedtls_sha1_context *ctx, const unsigned char *input, size_t ilen ) +int mbedtls_sha1_update( mbedtls_sha1_context *ctx, const unsigned char *input, size_t ilen ) { int ret; size_t fill; @@ -382,15 +352,6 @@ int mbedtls_sha1_update_ret( mbedtls_sha1_context *ctx, const unsigned char *inp return 0; } -#if !defined(MBEDTLS_DEPRECATED_REMOVED) -void mbedtls_sha1_update( mbedtls_sha1_context *ctx, - const unsigned char *input, - size_t ilen ) -{ - mbedtls_sha1_update_ret( ctx, input, ilen ); -} -#endif - static const unsigned char sha1_padding[64] = { 0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, @@ -401,7 +362,7 @@ static const unsigned char sha1_padding[64] = { /* * SHA-1 final digest */ -int mbedtls_sha1_finish_ret( mbedtls_sha1_context *ctx, unsigned char output[20] ) +int mbedtls_sha1_finish( mbedtls_sha1_context *ctx, unsigned char output[20] ) { int ret; uint32_t last, padn; @@ -418,10 +379,10 @@ int mbedtls_sha1_finish_ret( mbedtls_sha1_context *ctx, unsigned char output[20] last = ctx->total[0] & 0x3F; padn = ( last < 56 ) ? ( 56 - last ) : ( 120 - last ); - if ( ( ret = mbedtls_sha1_update_ret( ctx, sha1_padding, padn ) ) != 0 ) { + if ( ( ret = mbedtls_sha1_update( ctx, sha1_padding, padn ) ) != 0 ) { goto out; } - if ( ( ret = mbedtls_sha1_update_ret( ctx, msglen, 8 ) ) != 0 ) { + if ( ( ret = mbedtls_sha1_update( ctx, msglen, 8 ) ) != 0 ) { goto out; } @@ -445,12 +406,4 @@ int mbedtls_sha1_finish_ret( mbedtls_sha1_context *ctx, unsigned char output[20] return ret; } -#if !defined(MBEDTLS_DEPRECATED_REMOVED) -void mbedtls_sha1_finish( mbedtls_sha1_context *ctx, - unsigned char output[20] ) -{ - mbedtls_sha1_finish_ret( ctx, output ); -} -#endif - #endif /* MBEDTLS_SHA1_C && MBEDTLS_SHA1_ALT */ diff --git a/components/mbedtls/port/sha/parallel_engine/esp_sha256.c b/components/mbedtls/port/sha/parallel_engine/esp_sha256.c index c29ffebb7d4..3efa1113bfb 100644 --- a/components/mbedtls/port/sha/parallel_engine/esp_sha256.c +++ b/components/mbedtls/port/sha/parallel_engine/esp_sha256.c @@ -3,35 +3,19 @@ * Uses mbedTLS software implementation for failover when concurrent * SHA operations are in use. * - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved - * Additions Copyright (C) 2016, Espressif Systems (Shanghai) PTE LTD - * SPDX-License-Identifier: Apache-2.0 + * SPDX-FileCopyrightText: The Mbed TLS Contributors * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 * + * SPDX-FileContributor: 2016-2021 Espressif Systems (Shanghai) CO LTD */ - /* * The SHA-256 Secure Hash Standard was published by NIST in 2002. * * http://csrc.nist.gov/publications/fips/fips180-2/fips180-2.pdf */ -#if !defined(MBEDTLS_CONFIG_FILE) -#include "mbedtls/config.h" -#else -#include MBEDTLS_CONFIG_FILE -#endif +#include #if defined(MBEDTLS_SHA256_C) && defined(MBEDTLS_SHA256_ALT) @@ -116,7 +100,7 @@ void mbedtls_sha256_clone( mbedtls_sha256_context *dst, /* * SHA-256 context setup */ -int mbedtls_sha256_starts_ret( mbedtls_sha256_context *ctx, int is224 ) +int mbedtls_sha256_starts( mbedtls_sha256_context *ctx, int is224 ) { ctx->total[0] = 0; ctx->total[1] = 0; @@ -151,14 +135,6 @@ int mbedtls_sha256_starts_ret( mbedtls_sha256_context *ctx, int is224 ) return 0; } -#if !defined(MBEDTLS_DEPRECATED_REMOVED) -void mbedtls_sha256_starts( mbedtls_sha256_context *ctx, - int is224 ) -{ - mbedtls_sha256_starts_ret( ctx, is224 ); -} -#endif - static const uint32_t K[] = { 0x428A2F98, 0x71374491, 0xB5C0FBCF, 0xE9B5DBA5, 0x3956C25B, 0x59F111F1, 0x923F82A4, 0xAB1C5ED5, @@ -228,14 +204,6 @@ int mbedtls_internal_sha256_process( mbedtls_sha256_context *ctx, const unsigned return 0; } -#if !defined(MBEDTLS_DEPRECATED_REMOVED) -void mbedtls_sha256_process( mbedtls_sha256_context *ctx, - const unsigned char data[64] ) -{ - mbedtls_internal_sha256_process( ctx, data ); -} -#endif - static void mbedtls_sha256_software_process( mbedtls_sha256_context *ctx, const unsigned char data[64] ) { uint32_t temp1, temp2, W[64]; @@ -295,7 +263,7 @@ static void mbedtls_sha256_software_process( mbedtls_sha256_context *ctx, const /* * SHA-256 process buffer */ -int mbedtls_sha256_update_ret( mbedtls_sha256_context *ctx, const unsigned char *input, +int mbedtls_sha256_update( mbedtls_sha256_context *ctx, const unsigned char *input, size_t ilen ) { int ret; @@ -344,15 +312,6 @@ int mbedtls_sha256_update_ret( mbedtls_sha256_context *ctx, const unsigned char return 0; } -#if !defined(MBEDTLS_DEPRECATED_REMOVED) -void mbedtls_sha256_update( mbedtls_sha256_context *ctx, - const unsigned char *input, - size_t ilen ) -{ - mbedtls_sha256_update_ret( ctx, input, ilen ); -} -#endif - static const unsigned char sha256_padding[64] = { 0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, @@ -363,7 +322,7 @@ static const unsigned char sha256_padding[64] = { /* * SHA-256 final digest */ -int mbedtls_sha256_finish_ret( mbedtls_sha256_context *ctx, unsigned char output[32] ) +int mbedtls_sha256_finish( mbedtls_sha256_context *ctx, unsigned char output[32] ) { int ret; uint32_t last, padn; @@ -380,11 +339,11 @@ int mbedtls_sha256_finish_ret( mbedtls_sha256_context *ctx, unsigned char output last = ctx->total[0] & 0x3F; padn = ( last < 56 ) ? ( 56 - last ) : ( 120 - last ); - if ( ( ret = mbedtls_sha256_update_ret( ctx, sha256_padding, padn ) ) != 0 ) { + if ( ( ret = mbedtls_sha256_update( ctx, sha256_padding, padn ) ) != 0 ) { goto out; } - if ( ( ret = mbedtls_sha256_update_ret( ctx, msglen, 8 ) ) != 0 ) { + if ( ( ret = mbedtls_sha256_update( ctx, msglen, 8 ) ) != 0 ) { goto out; } @@ -414,12 +373,4 @@ int mbedtls_sha256_finish_ret( mbedtls_sha256_context *ctx, unsigned char output return ret; } -#if !defined(MBEDTLS_DEPRECATED_REMOVED) -void mbedtls_sha256_finish( mbedtls_sha256_context *ctx, - unsigned char output[32] ) -{ - mbedtls_sha256_finish_ret( ctx, output ); -} -#endif - #endif /* MBEDTLS_SHA256_C && MBEDTLS_SHA256_ALT */ diff --git a/components/mbedtls/port/sha/parallel_engine/esp_sha512.c b/components/mbedtls/port/sha/parallel_engine/esp_sha512.c index fd9c354d156..6b39100c2b5 100644 --- a/components/mbedtls/port/sha/parallel_engine/esp_sha512.c +++ b/components/mbedtls/port/sha/parallel_engine/esp_sha512.c @@ -3,35 +3,19 @@ * Uses mbedTLS software implementation for failover when concurrent * SHA operations are in use. * - * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved - * Additions Copyright (C) 2016, Espressif Systems (Shanghai) PTE LTD - * SPDX-License-Identifier: Apache-2.0 + * SPDX-FileCopyrightText: The Mbed TLS Contributors * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-License-Identifier: Apache-2.0 * + * SPDX-FileContributor: 2016-2021 Espressif Systems (Shanghai) CO LTD */ - /* * The SHA-512 Secure Hash Standard was published by NIST in 2002. * * http://csrc.nist.gov/publications/fips/fips180-2/fips180-2.pdf */ -#if !defined(MBEDTLS_CONFIG_FILE) -#include "mbedtls/config.h" -#else -#include MBEDTLS_CONFIG_FILE -#endif +#include #if defined(MBEDTLS_SHA512_C) && defined(MBEDTLS_SHA512_ALT) @@ -140,7 +124,7 @@ void mbedtls_sha512_clone( mbedtls_sha512_context *dst, /* * SHA-512 context setup */ -int mbedtls_sha512_starts_ret( mbedtls_sha512_context *ctx, int is384 ) +int mbedtls_sha512_starts( mbedtls_sha512_context *ctx, int is384 ) { ctx->total[0] = 0; ctx->total[1] = 0; @@ -176,14 +160,6 @@ int mbedtls_sha512_starts_ret( mbedtls_sha512_context *ctx, int is384 ) return 0; } -#if !defined(MBEDTLS_DEPRECATED_REMOVED) -void mbedtls_sha512_starts( mbedtls_sha512_context *ctx, - int is384 ) -{ - mbedtls_sha512_starts_ret( ctx, is384 ); -} -#endif - /* * Round constants */ @@ -255,15 +231,6 @@ int mbedtls_internal_sha512_process( mbedtls_sha512_context *ctx, const unsigned return 0; } -#if !defined(MBEDTLS_DEPRECATED_REMOVED) -void mbedtls_sha512_process( mbedtls_sha512_context *ctx, - const unsigned char data[128] ) -{ - mbedtls_internal_sha512_process( ctx, data ); -} -#endif - - static void mbedtls_sha512_software_process( mbedtls_sha512_context *ctx, const unsigned char data[128] ) { int i; @@ -332,7 +299,7 @@ static void mbedtls_sha512_software_process( mbedtls_sha512_context *ctx, const /* * SHA-512 process buffer */ -int mbedtls_sha512_update_ret( mbedtls_sha512_context *ctx, const unsigned char *input, +int mbedtls_sha512_update( mbedtls_sha512_context *ctx, const unsigned char *input, size_t ilen ) { int ret; @@ -379,16 +346,6 @@ int mbedtls_sha512_update_ret( mbedtls_sha512_context *ctx, const unsigned char return 0; } -#if !defined(MBEDTLS_DEPRECATED_REMOVED) -void mbedtls_sha512_update( mbedtls_sha512_context *ctx, - const unsigned char *input, - size_t ilen ) -{ - mbedtls_sha512_update_ret( ctx, input, ilen ); -} -#endif - - static const unsigned char sha512_padding[128] = { 0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, @@ -403,7 +360,7 @@ static const unsigned char sha512_padding[128] = { /* * SHA-512 final digest */ -int mbedtls_sha512_finish_ret( mbedtls_sha512_context *ctx, unsigned char output[64] ) +int mbedtls_sha512_finish( mbedtls_sha512_context *ctx, unsigned char output[64] ) { int ret; size_t last, padn; @@ -420,11 +377,11 @@ int mbedtls_sha512_finish_ret( mbedtls_sha512_context *ctx, unsigned char output last = (size_t)( ctx->total[0] & 0x7F ); padn = ( last < 112 ) ? ( 112 - last ) : ( 240 - last ); - if ( ( ret = mbedtls_sha512_update_ret( ctx, sha512_padding, padn ) ) != 0 ) { + if ( ( ret = mbedtls_sha512_update( ctx, sha512_padding, padn ) ) != 0 ) { goto out; } - if ( ( ret = mbedtls_sha512_update_ret( ctx, msglen, 16 ) ) != 0 ) { + if ( ( ret = mbedtls_sha512_update( ctx, msglen, 16 ) ) != 0 ) { goto out; } @@ -454,12 +411,4 @@ int mbedtls_sha512_finish_ret( mbedtls_sha512_context *ctx, unsigned char output return ret; } -#if !defined(MBEDTLS_DEPRECATED_REMOVED) -void mbedtls_sha512_finish( mbedtls_sha512_context *ctx, - unsigned char output[64] ) -{ - mbedtls_sha512_finish_ret( ctx, output ); -} -#endif - #endif /* MBEDTLS_SHA512_C && MBEDTLS_SHA512_ALT */ diff --git a/components/mbedtls/test/test_aes_gcm.c b/components/mbedtls/test/test_aes_gcm.c index 9576090468b..115a67cf411 100644 --- a/components/mbedtls/test/test_aes_gcm.c +++ b/components/mbedtls/test/test_aes_gcm.c @@ -1,6 +1,9 @@ /* mbedTLS GCM test -*/ - + * + * SPDX-FileCopyrightText: 2021-2022 Espressif Systems (Shanghai) CO LTD + * + * SPDX-License-Identifier: Apache-2.0 + */ #include #include #include @@ -79,11 +82,11 @@ TEST_CASE("mbedtls GCM stream test", "[aes-gcm]") memset(key, 0x56, 16); // allocate internal memory - uint8_t *chipertext = heap_caps_malloc(SZ, MALLOC_CAP_DMA | MALLOC_CAP_8BIT | MALLOC_CAP_INTERNAL); + uint8_t *ciphertext = heap_caps_malloc(SZ, MALLOC_CAP_DMA | MALLOC_CAP_8BIT | MALLOC_CAP_INTERNAL); uint8_t *plaintext = heap_caps_malloc(SZ, MALLOC_CAP_DMA | MALLOC_CAP_8BIT | MALLOC_CAP_INTERNAL); uint8_t *decryptedtext = heap_caps_malloc(SZ, MALLOC_CAP_DMA | MALLOC_CAP_8BIT | MALLOC_CAP_INTERNAL); - TEST_ASSERT_NOT_NULL(chipertext); + TEST_ASSERT_NOT_NULL(ciphertext); TEST_ASSERT_NOT_NULL(plaintext); TEST_ASSERT_NOT_NULL(decryptedtext); @@ -93,43 +96,47 @@ TEST_CASE("mbedtls GCM stream test", "[aes-gcm]") */ for (int bytes_to_process = 16; bytes_to_process < SZ; bytes_to_process = bytes_to_process + 16) { memset(nonce, 0x89, 16); - memset(chipertext, 0x0, SZ); + memset(ciphertext, 0x0, SZ); memset(decryptedtext, 0x0, SZ); memset(tag, 0x0, 16); mbedtls_gcm_init(&ctx); mbedtls_gcm_setkey(&ctx, cipher, key, 128); - mbedtls_gcm_starts( &ctx, MBEDTLS_AES_ENCRYPT, nonce, sizeof(nonce), NULL, 0 ); + mbedtls_gcm_starts( &ctx, MBEDTLS_AES_ENCRYPT, nonce, sizeof(nonce) ); + mbedtls_gcm_update_ad( &ctx, NULL, 0 ); // Encrypt for (int idx = 0; idx < SZ; idx = idx + bytes_to_process) { // Limit length of last call to avoid exceeding buffer size size_t length = (idx + bytes_to_process > SZ) ? (SZ - idx) : bytes_to_process; - mbedtls_gcm_update(&ctx, length, plaintext + idx, chipertext + idx ); + mbedtls_gcm_update(&ctx, plaintext + idx, length, ciphertext + idx, 0, NULL); } - mbedtls_gcm_finish( &ctx, tag, sizeof(tag) ); - TEST_ASSERT_EQUAL_HEX8_ARRAY(expected_cipher, chipertext, SZ); + size_t olen; + mbedtls_gcm_finish( &ctx, NULL, 0, &olen, tag, sizeof(tag) ); + TEST_ASSERT_EQUAL_HEX8_ARRAY(expected_cipher, ciphertext, SZ); TEST_ASSERT_EQUAL_HEX8_ARRAY(expected_tag, tag, sizeof(tag)); // Decrypt memset(nonce, 0x89, 16); mbedtls_gcm_free( &ctx ); + mbedtls_gcm_init(&ctx); mbedtls_gcm_setkey(&ctx, cipher, key, 128); - mbedtls_gcm_starts( &ctx, MBEDTLS_AES_DECRYPT, nonce, sizeof(nonce), NULL, 0 ); + mbedtls_gcm_starts( &ctx, MBEDTLS_AES_DECRYPT, nonce, sizeof(nonce)); + mbedtls_gcm_update_ad( &ctx, NULL, 0 ); for (int idx = 0; idx < SZ; idx = idx + bytes_to_process) { // Limit length of last call to avoid exceeding buffer size size_t length = (idx + bytes_to_process > SZ) ? (SZ - idx) : bytes_to_process; - mbedtls_gcm_update(&ctx, length, chipertext + idx, decryptedtext + idx ); + mbedtls_gcm_update(&ctx, ciphertext + idx, length, decryptedtext + idx, 0, NULL); } - mbedtls_gcm_finish( &ctx, tag, sizeof(tag) ); + mbedtls_gcm_finish( &ctx, NULL, 0, &olen, tag, sizeof(tag) ); TEST_ASSERT_EQUAL_HEX8_ARRAY(plaintext, decryptedtext, SZ); mbedtls_gcm_free( &ctx ); } free(plaintext); - free(chipertext); + free(ciphertext); free(decryptedtext); } @@ -153,7 +160,7 @@ typedef struct { typedef struct { const uint8_t *expected_tag; - const uint8_t *ciphertext_last_block; // Last block of the chipertext + const uint8_t *ciphertext_last_block; // Last block of the ciphertext } aes_gcm_test_expected_res_t; @@ -185,14 +192,15 @@ static void aes_gcm_test(aes_gcm_test_cfg_t *cfg, aes_gcm_test_expected_res_t *r mbedtls_gcm_init(&ctx); mbedtls_gcm_setkey(&ctx, cipher, cfg->key, cfg->key_bits); - + size_t olen; /* Encrypt and tag */ if (aes_gcm_type == AES_GCM_TEST_CRYPT_N_TAG) { mbedtls_gcm_crypt_and_tag(&ctx, MBEDTLS_AES_ENCRYPT, cfg->plaintext_length, iv_buf, cfg->iv_length, cfg->add_buf, cfg->add_length, cfg->plaintext, ciphertext, cfg->tag_len, tag_buf_encrypt); } else if (aes_gcm_type == AES_GCM_TEST_START_UPDATE_FINISH) { - TEST_ASSERT(mbedtls_gcm_starts( &ctx, MBEDTLS_AES_ENCRYPT, iv_buf, cfg->iv_length, cfg->add_buf, cfg->add_length) == 0 ); - TEST_ASSERT(mbedtls_gcm_update( &ctx, cfg->plaintext_length, cfg->plaintext, ciphertext) == 0 ); - TEST_ASSERT(mbedtls_gcm_finish( &ctx, tag_buf_encrypt, cfg->tag_len) == 0 ); + TEST_ASSERT(mbedtls_gcm_starts( &ctx, MBEDTLS_AES_ENCRYPT, iv_buf, cfg->iv_length) == 0 ); + TEST_ASSERT(mbedtls_gcm_update_ad( &ctx, cfg->add_buf, cfg->add_length) == 0 ); + TEST_ASSERT(mbedtls_gcm_update( &ctx, cfg->plaintext, cfg->plaintext_length, ciphertext, 0, NULL) == 0 ); + TEST_ASSERT(mbedtls_gcm_finish( &ctx, NULL, 0, &olen, tag_buf_encrypt, cfg->tag_len) == 0 ); } size_t offset = cfg->plaintext_length > 16 ? cfg->plaintext_length - 16 : 0; /* Sanity check: make sure the last ciphertext block matches what we expect to see. */ @@ -204,9 +212,10 @@ static void aes_gcm_test(aes_gcm_test_cfg_t *cfg, aes_gcm_test_expected_res_t *r if (aes_gcm_type == AES_GCM_TEST_CRYPT_N_TAG) { TEST_ASSERT(mbedtls_gcm_auth_decrypt(&ctx, cfg->plaintext_length, iv_buf, cfg->iv_length, cfg->add_buf, cfg->add_length, res->expected_tag, cfg->tag_len, ciphertext, output) == 0); } else if (aes_gcm_type == AES_GCM_TEST_START_UPDATE_FINISH) { - TEST_ASSERT(mbedtls_gcm_starts( &ctx, MBEDTLS_AES_DECRYPT, iv_buf, cfg->iv_length, cfg->add_buf, cfg->add_length) == 0 ); - TEST_ASSERT(mbedtls_gcm_update( &ctx, cfg->plaintext_length, ciphertext, output) == 0 ); - TEST_ASSERT(mbedtls_gcm_finish( &ctx, tag_buf_decrypt, cfg->tag_len) == 0 ); + TEST_ASSERT(mbedtls_gcm_starts( &ctx, MBEDTLS_AES_DECRYPT, iv_buf, cfg->iv_length) == 0 ); + TEST_ASSERT(mbedtls_gcm_update_ad( &ctx, cfg->add_buf, cfg->add_length) == 0 ); + TEST_ASSERT(mbedtls_gcm_update( &ctx, ciphertext, cfg->plaintext_length, output, 0, NULL) == 0 ); + TEST_ASSERT(mbedtls_gcm_finish( &ctx, NULL, 0, &olen, tag_buf_decrypt, cfg->tag_len) == 0 ); /* mbedtls_gcm_auth_decrypt already checks tag so only needed for AES_GCM_TEST_START_UPDATE_FINISH */ TEST_ASSERT_EQUAL_HEX8_ARRAY(res->expected_tag, tag_buf_decrypt, cfg->tag_len); @@ -412,7 +421,7 @@ TEST_CASE("mbedtls AES GCM performance, start, update, ret", "[aes-gcm]") uint8_t iv[16]; uint8_t key[16]; uint8_t aad[16]; - + size_t olen; memset(iv, 0xEE, 16); memset(key, 0x44, 16); memset(aad, 0x76, 16); @@ -428,9 +437,10 @@ TEST_CASE("mbedtls AES GCM performance, start, update, ret", "[aes-gcm]") memset(buf, 0xAA, CALL_SZ); - TEST_ASSERT(mbedtls_gcm_starts( &ctx, MBEDTLS_AES_ENCRYPT, iv, sizeof(iv), aad, sizeof(aad) ) == 0 ); - TEST_ASSERT(mbedtls_gcm_update( &ctx, CALL_SZ, buf, buf ) == 0 ); - TEST_ASSERT(mbedtls_gcm_finish( &ctx, tag_buf, 16 ) == 0 ); + TEST_ASSERT(mbedtls_gcm_starts( &ctx, MBEDTLS_AES_ENCRYPT, iv, sizeof(iv) ) == 0 ); + TEST_ASSERT(mbedtls_gcm_update_ad( &ctx, aad, sizeof(aad)) == 0 ); + TEST_ASSERT(mbedtls_gcm_update( &ctx, buf, CALL_SZ, buf, 0, NULL) == 0 ); + TEST_ASSERT(mbedtls_gcm_finish( &ctx, NULL, 0, &olen, tag_buf, 16 ) == 0 ); elapsed_usec = ccomp_timer_stop(); diff --git a/components/mbedtls/test/test_aes_sha_parallel.c b/components/mbedtls/test/test_aes_sha_parallel.c index a36e085d752..888935a7731 100644 --- a/components/mbedtls/test/test_aes_sha_parallel.c +++ b/components/mbedtls/test/test_aes_sha_parallel.c @@ -1,3 +1,8 @@ +/* + * SPDX-FileCopyrightText: 2021-2022 Espressif Systems (Shanghai) CO LTD + * + * SPDX-License-Identifier: Apache-2.0 + */ #include #include #include @@ -28,11 +33,11 @@ static void tskRunSHA256Test(void *pvParameters) for (int i = 0; i < 1000; i++) { mbedtls_sha256_init(&sha256_ctx); - TEST_ASSERT_EQUAL(0, mbedtls_sha256_starts_ret(&sha256_ctx, false)); + TEST_ASSERT_EQUAL(0, mbedtls_sha256_starts(&sha256_ctx, false)); for (int j = 0; j < 10; j++) { - TEST_ASSERT_EQUAL(0, mbedtls_sha256_update_ret(&sha256_ctx, (unsigned char *)one_hundred_bs, 100)); + TEST_ASSERT_EQUAL(0, mbedtls_sha256_update(&sha256_ctx, (unsigned char *)one_hundred_bs, 100)); } - TEST_ASSERT_EQUAL(0, mbedtls_sha256_finish_ret(&sha256_ctx, sha256)); + TEST_ASSERT_EQUAL(0, mbedtls_sha256_finish(&sha256_ctx, sha256)); mbedtls_sha256_free(&sha256_ctx); TEST_ASSERT_EQUAL_MEMORY_MESSAGE(sha256_thousand_bs, sha256, 32, "SHA256 calculation"); } diff --git a/components/mbedtls/test/test_aes_sha_rsa.c b/components/mbedtls/test/test_aes_sha_rsa.c index 4f3bda83d39..497180fba1f 100644 --- a/components/mbedtls/test/test_aes_sha_rsa.c +++ b/components/mbedtls/test/test_aes_sha_rsa.c @@ -82,21 +82,21 @@ static void mbedtls_sha256_task(void *pvParameters) mbedtls_sha256_init(&sha256_ctx); memset(output, 0, sizeof(output)); - mbedtls_sha256_starts_ret(&sha256_ctx, false); + mbedtls_sha256_starts(&sha256_ctx, false); for (int i = 0; i < 3; ++i) { - mbedtls_sha256_update_ret(&sha256_ctx, (unsigned char *)input, 100); + mbedtls_sha256_update(&sha256_ctx, (unsigned char *)input, 100); } - mbedtls_sha256_finish_ret(&sha256_ctx, output); + mbedtls_sha256_finish(&sha256_ctx, output); memcpy(output_origin, output, sizeof(output)); while (exit_flag == false) { mbedtls_sha256_init(&sha256_ctx); memset(output, 0, sizeof(output)); - mbedtls_sha256_starts_ret(&sha256_ctx, false); + mbedtls_sha256_starts(&sha256_ctx, false); for (int i = 0; i < 3; ++i) { - mbedtls_sha256_update_ret(&sha256_ctx, (unsigned char *)input, 100); + mbedtls_sha256_update(&sha256_ctx, (unsigned char *)input, 100); } - mbedtls_sha256_finish_ret(&sha256_ctx, output); + mbedtls_sha256_finish(&sha256_ctx, output); TEST_ASSERT_EQUAL_MEMORY_MESSAGE(output, output_origin, sizeof(output), "MBEDTLS SHA256 must match"); } diff --git a/components/mbedtls/test/test_ecp.c b/components/mbedtls/test/test_ecp.c index 148d4634318..2ba9423d2dc 100644 --- a/components/mbedtls/test/test_ecp.c +++ b/components/mbedtls/test/test_ecp.c @@ -1,14 +1,24 @@ /* mbedTLS Elliptic Curve functionality tests - - Focus on testing functionality where we use ESP32 hardware - accelerated crypto features. - -*/ + * + * Focus on testing functionality where we use ESP32 hardware + * accelerated crypto features. + * + * SPDX-FileCopyrightText: 2021-2022 Espressif Systems (Shanghai) CO LTD + * + * SPDX-License-Identifier: Apache-2.0 + */ #include #include #include #include +/* ToDo - Remove this once appropriate solution is available. +We need to define this for the file as ssl_misc.h uses private structures from mbedtls, +which are undefined if the following flag is not defined */ +/* Many APIs in the file make use of this flag instead of `MBEDTLS_PRIVATE` */ +/* ToDo - Replace them with proper getter-setter once they are added */ +#define MBEDTLS_ALLOW_PRIVATE_ACCESS + #include #include #include @@ -33,9 +43,9 @@ TEST_CASE("mbedtls ECDH Generate Key", "[mbedtls]") mbedtls_entropy_init(&entropy); TEST_ASSERT_MBEDTLS_OK( mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &entropy, NULL, 0) ); - TEST_ASSERT_MBEDTLS_OK( mbedtls_ecp_group_load(&ctx.grp, MBEDTLS_ECP_DP_CURVE25519) ); + TEST_ASSERT_MBEDTLS_OK( mbedtls_ecp_group_load(&ctx.ctx.mbed_ecdh.grp, MBEDTLS_ECP_DP_CURVE25519) ); - TEST_ASSERT_MBEDTLS_OK( mbedtls_ecdh_gen_public(&ctx.grp, &ctx.d, &ctx.Q, + TEST_ASSERT_MBEDTLS_OK( mbedtls_ecdh_gen_public(&ctx.ctx.mbed_ecdh.grp, &ctx.ctx.mbed_ecdh.d, &ctx.ctx.mbed_ecdh.Q, mbedtls_ctr_drbg_random, &ctr_drbg ) ); mbedtls_ecdh_free(&ctx); diff --git a/components/mbedtls/test/test_esp_crt_bundle.c b/components/mbedtls/test/test_esp_crt_bundle.c index 5b5eb13b7f4..7e2024506fc 100644 --- a/components/mbedtls/test/test_esp_crt_bundle.c +++ b/components/mbedtls/test/test_esp_crt_bundle.c @@ -2,21 +2,11 @@ * * Adapted from the ssl_server example in mbedtls. * - * Original Copyright (C) 2006-2015, ARM Limited, All Rights Reserved - * Additions Copyright (C) Copyright 2019 Espressif Systems (Shanghai) PTE LTD, Apache 2.0 License. + * SPDX-FileCopyrightText: The Mbed TLS Contributors * + * SPDX-License-Identifier: Apache-2.0 * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-FileContributor: 2019-2021 Espressif Systems (Shanghai) CO LTD */ #include "esp_err.h" #include "esp_log.h" @@ -27,9 +17,9 @@ #include "mbedtls/entropy.h" #include "mbedtls/ctr_drbg.h" -#include "mbedtls/certs.h" #include "mbedtls/x509.h" #include "mbedtls/ssl.h" +#include "entropy_poll.h" #include "mbedtls/net_sockets.h" #include "mbedtls/error.h" #include "mbedtls/debug.h" @@ -91,6 +81,12 @@ static volatile bool exit_flag; esp_err_t endpoint_teardown(mbedtls_endpoint_t *endpoint); +static int myrand(void *rng_state, unsigned char *output, size_t len) +{ + size_t olen; + return mbedtls_hardware_poll(rng_state, output, len, &olen); +} + esp_err_t server_setup(mbedtls_endpoint_t *server) { int ret; @@ -113,7 +109,7 @@ esp_err_t server_setup(mbedtls_endpoint_t *server) } ret = mbedtls_pk_parse_key( &server->pkey, (const unsigned char *)server_pk_start, - server_pk_end - server_pk_start, NULL, 0 ); + server_pk_end - server_pk_start, NULL, 0, myrand, NULL ); if ( ret != 0 ) { ESP_LOGE(TAG, "mbedtls_pk_parse_key returned %d", ret ); return ESP_FAIL; diff --git a/components/mbedtls/test/test_mbedtls_mpi.c b/components/mbedtls/test/test_mbedtls_mpi.c index 44d067a225c..22bdac0f30b 100644 --- a/components/mbedtls/test/test_mbedtls_mpi.c +++ b/components/mbedtls/test/test_mbedtls_mpi.c @@ -1,5 +1,9 @@ /* mbedTLS bignum (MPI) self-tests as unit tests -*/ + * + * SPDX-FileCopyrightText: 2021-2022 Espressif Systems (Shanghai) CO LTD + * + * SPDX-License-Identifier: Apache-2.0 + */ #include #include #include @@ -24,7 +28,7 @@ void mbedtls_mpi_printf(const char *name, const mbedtls_mpi *X) memset(buf, 0, sizeof(buf)); mbedtls_mpi_write_string(X, 16, buf, sizeof(buf)-1, &n); if(n) { - printf("%s = (s=%d) 0x%s\n", name, X->s, buf); + printf("%s = (s=%d) 0x%s\n", name, X->MBEDTLS_PRIVATE(s), buf); } else { printf("%s = TOOLONG\n", name); } diff --git a/components/mbedtls/test/test_mbedtls_sha.c b/components/mbedtls/test/test_mbedtls_sha.c index 21e10754997..64a9244d116 100644 --- a/components/mbedtls/test/test_mbedtls_sha.c +++ b/components/mbedtls/test/test_mbedtls_sha.c @@ -7,7 +7,6 @@ /* * mbedTLS SHA unit tests */ - #include #include #include @@ -72,19 +71,19 @@ TEST_CASE("mbedtls SHA interleaving", "[mbedtls]") mbedtls_sha256_init(&sha256_ctx); mbedtls_sha512_init(&sha512_ctx); - TEST_ASSERT_EQUAL(0, mbedtls_sha1_starts_ret(&sha1_ctx)); - TEST_ASSERT_EQUAL(0, mbedtls_sha256_starts_ret(&sha256_ctx, false)); - TEST_ASSERT_EQUAL(0, mbedtls_sha512_starts_ret(&sha512_ctx, false)); + TEST_ASSERT_EQUAL(0, mbedtls_sha1_starts(&sha1_ctx)); + TEST_ASSERT_EQUAL(0, mbedtls_sha256_starts(&sha256_ctx, false)); + TEST_ASSERT_EQUAL(0, mbedtls_sha512_starts(&sha512_ctx, false)); for (int i = 0; i < 10; i++) { - TEST_ASSERT_EQUAL(0, mbedtls_sha1_update_ret(&sha1_ctx, one_hundred_as, 100)); - TEST_ASSERT_EQUAL(0, mbedtls_sha256_update_ret(&sha256_ctx, one_hundred_as, 100)); - TEST_ASSERT_EQUAL(0, mbedtls_sha512_update_ret(&sha512_ctx, one_hundred_bs, 100)); + TEST_ASSERT_EQUAL(0, mbedtls_sha1_update(&sha1_ctx, one_hundred_as, 100)); + TEST_ASSERT_EQUAL(0, mbedtls_sha256_update(&sha256_ctx, one_hundred_as, 100)); + TEST_ASSERT_EQUAL(0, mbedtls_sha512_update(&sha512_ctx, one_hundred_bs, 100)); } - TEST_ASSERT_EQUAL(0, mbedtls_sha1_finish_ret(&sha1_ctx, sha1)); - TEST_ASSERT_EQUAL(0, mbedtls_sha256_finish_ret(&sha256_ctx, sha256)); - TEST_ASSERT_EQUAL(0, mbedtls_sha512_finish_ret(&sha512_ctx, sha512)); + TEST_ASSERT_EQUAL(0, mbedtls_sha1_finish(&sha1_ctx, sha1)); + TEST_ASSERT_EQUAL(0, mbedtls_sha256_finish(&sha256_ctx, sha256)); + TEST_ASSERT_EQUAL(0, mbedtls_sha512_finish(&sha512_ctx, sha512)); mbedtls_sha1_free(&sha1_ctx); mbedtls_sha256_free(&sha256_ctx); @@ -103,11 +102,11 @@ static void tskRunSHA1Test(void *pvParameters) for (int i = 0; i < 1000; i++) { mbedtls_sha1_init(&sha1_ctx); - TEST_ASSERT_EQUAL(0, mbedtls_sha1_starts_ret(&sha1_ctx)); + TEST_ASSERT_EQUAL(0, mbedtls_sha1_starts(&sha1_ctx)); for (int j = 0; j < 10; j++) { - TEST_ASSERT_EQUAL(0, mbedtls_sha1_update_ret(&sha1_ctx, (unsigned char *)one_hundred_as, 100)); + TEST_ASSERT_EQUAL(0, mbedtls_sha1_update(&sha1_ctx, (unsigned char *)one_hundred_as, 100)); } - TEST_ASSERT_EQUAL(0, mbedtls_sha1_finish_ret(&sha1_ctx, sha1)); + TEST_ASSERT_EQUAL(0, mbedtls_sha1_finish(&sha1_ctx, sha1)); mbedtls_sha1_free(&sha1_ctx); TEST_ASSERT_EQUAL_MEMORY_MESSAGE(sha1_thousand_as, sha1, 20, "SHA1 calculation"); } @@ -122,11 +121,11 @@ static void tskRunSHA256Test(void *pvParameters) for (int i = 0; i < 1000; i++) { mbedtls_sha256_init(&sha256_ctx); - TEST_ASSERT_EQUAL(0, mbedtls_sha256_starts_ret(&sha256_ctx, false)); + TEST_ASSERT_EQUAL(0, mbedtls_sha256_starts(&sha256_ctx, false)); for (int j = 0; j < 10; j++) { - TEST_ASSERT_EQUAL(0, mbedtls_sha256_update_ret(&sha256_ctx, (unsigned char *)one_hundred_bs, 100)); + TEST_ASSERT_EQUAL(0, mbedtls_sha256_update(&sha256_ctx, (unsigned char *)one_hundred_bs, 100)); } - TEST_ASSERT_EQUAL(0, mbedtls_sha256_finish_ret(&sha256_ctx, sha256)); + TEST_ASSERT_EQUAL(0, mbedtls_sha256_finish(&sha256_ctx, sha256)); mbedtls_sha256_free(&sha256_ctx); TEST_ASSERT_EQUAL_MEMORY_MESSAGE(sha256_thousand_bs, sha256, 32, "SHA256 calculation"); } @@ -204,23 +203,23 @@ TEST_CASE("mbedtls SHA512 clone", "[mbedtls]") unsigned char sha512[64]; mbedtls_sha512_init(&ctx); - TEST_ASSERT_EQUAL(0, mbedtls_sha512_starts_ret(&ctx, false)); + TEST_ASSERT_EQUAL(0, mbedtls_sha512_starts(&ctx, false)); for (int i = 0; i < 5; i++) { - TEST_ASSERT_EQUAL(0, mbedtls_sha512_update_ret(&ctx, one_hundred_bs, 100)); + TEST_ASSERT_EQUAL(0, mbedtls_sha512_update(&ctx, one_hundred_bs, 100)); } mbedtls_sha512_init(&clone); mbedtls_sha512_clone(&clone, &ctx); for (int i = 0; i < 5; i++) { - TEST_ASSERT_EQUAL(0, mbedtls_sha512_update_ret(&ctx, one_hundred_bs, 100)); - TEST_ASSERT_EQUAL(0, mbedtls_sha512_update_ret(&clone, one_hundred_bs, 100)); + TEST_ASSERT_EQUAL(0, mbedtls_sha512_update(&ctx, one_hundred_bs, 100)); + TEST_ASSERT_EQUAL(0, mbedtls_sha512_update(&clone, one_hundred_bs, 100)); } - TEST_ASSERT_EQUAL(0, mbedtls_sha512_finish_ret(&ctx, sha512)); + TEST_ASSERT_EQUAL(0, mbedtls_sha512_finish(&ctx, sha512)); mbedtls_sha512_free(&ctx); TEST_ASSERT_EQUAL_MEMORY_MESSAGE(sha512_thousand_bs, sha512, 64, "SHA512 original calculation"); - TEST_ASSERT_EQUAL(0, mbedtls_sha512_finish_ret(&clone, sha512)); + TEST_ASSERT_EQUAL(0, mbedtls_sha512_finish(&clone, sha512)); mbedtls_sha512_free(&clone); TEST_ASSERT_EQUAL_MEMORY_MESSAGE(sha512_thousand_bs, sha512, 64, "SHA512 cloned calculation"); @@ -234,24 +233,24 @@ TEST_CASE("mbedtls SHA384 clone", "[mbedtls][") unsigned char sha384[48]; mbedtls_sha512_init(&ctx); - TEST_ASSERT_EQUAL(0, mbedtls_sha512_starts_ret(&ctx, true)); + TEST_ASSERT_EQUAL(0, mbedtls_sha512_starts(&ctx, true)); for (int i = 0; i < 5; i++) { - TEST_ASSERT_EQUAL(0, mbedtls_sha512_update_ret(&ctx, one_hundred_bs, 100)); + TEST_ASSERT_EQUAL(0, mbedtls_sha512_update(&ctx, one_hundred_bs, 100)); } mbedtls_sha512_init(&clone); mbedtls_sha512_clone(&clone, &ctx); for (int i = 0; i < 5; i++) { - TEST_ASSERT_EQUAL(0, mbedtls_sha512_update_ret(&ctx, one_hundred_bs, 100)); - TEST_ASSERT_EQUAL(0, mbedtls_sha512_update_ret(&clone, one_hundred_bs, 100)); + TEST_ASSERT_EQUAL(0, mbedtls_sha512_update(&ctx, one_hundred_bs, 100)); + TEST_ASSERT_EQUAL(0, mbedtls_sha512_update(&clone, one_hundred_bs, 100)); } - TEST_ASSERT_EQUAL(0, mbedtls_sha512_finish_ret(&ctx, sha384)); + TEST_ASSERT_EQUAL(0, mbedtls_sha512_finish(&ctx, sha384)); mbedtls_sha512_free(&ctx); TEST_ASSERT_EQUAL_MEMORY_MESSAGE(sha384_thousand_bs, sha384, 48, "SHA512 original calculation"); - TEST_ASSERT_EQUAL(0, mbedtls_sha512_finish_ret(&clone, sha384)); + TEST_ASSERT_EQUAL(0, mbedtls_sha512_finish(&clone, sha384)); mbedtls_sha512_free(&clone); TEST_ASSERT_EQUAL_MEMORY_MESSAGE(sha384_thousand_bs, sha384, 48, "SHA512 cloned calculation"); @@ -265,23 +264,23 @@ TEST_CASE("mbedtls SHA256 clone", "[mbedtls]") unsigned char sha256[64]; mbedtls_sha256_init(&ctx); - TEST_ASSERT_EQUAL(0, mbedtls_sha256_starts_ret(&ctx, false)); + TEST_ASSERT_EQUAL(0, mbedtls_sha256_starts(&ctx, false)); for (int i = 0; i < 5; i++) { - TEST_ASSERT_EQUAL(0, mbedtls_sha256_update_ret(&ctx, one_hundred_as, 100)); + TEST_ASSERT_EQUAL(0, mbedtls_sha256_update(&ctx, one_hundred_as, 100)); } mbedtls_sha256_init(&clone); mbedtls_sha256_clone(&clone, &ctx); for (int i = 0; i < 5; i++) { - TEST_ASSERT_EQUAL(0, mbedtls_sha256_update_ret(&ctx, one_hundred_as, 100)); - TEST_ASSERT_EQUAL(0, mbedtls_sha256_update_ret(&clone, one_hundred_as, 100)); + TEST_ASSERT_EQUAL(0, mbedtls_sha256_update(&ctx, one_hundred_as, 100)); + TEST_ASSERT_EQUAL(0, mbedtls_sha256_update(&clone, one_hundred_as, 100)); } - TEST_ASSERT_EQUAL(0, mbedtls_sha256_finish_ret(&ctx, sha256)); + TEST_ASSERT_EQUAL(0, mbedtls_sha256_finish(&ctx, sha256)); mbedtls_sha256_free(&ctx); TEST_ASSERT_EQUAL_MEMORY_MESSAGE(sha256_thousand_as, sha256, 32, "SHA256 original calculation"); - TEST_ASSERT_EQUAL(0, mbedtls_sha256_finish_ret(&clone, sha256)); + TEST_ASSERT_EQUAL(0, mbedtls_sha256_finish(&clone, sha256)); mbedtls_sha256_free(&clone); TEST_ASSERT_EQUAL_MEMORY_MESSAGE(sha256_thousand_as, sha256, 32, "SHA256 cloned calculation"); @@ -299,10 +298,10 @@ static void tskFinaliseSha(void *v_param) finalise_sha_param_t *param = (finalise_sha_param_t *)v_param; for (int i = 0; i < 5; i++) { - TEST_ASSERT_EQUAL(0, mbedtls_sha256_update_ret(¶m->ctx, one_hundred_as, 100)); + TEST_ASSERT_EQUAL(0, mbedtls_sha256_update(¶m->ctx, one_hundred_as, 100)); } - param->ret = mbedtls_sha256_finish_ret(¶m->ctx, param->result); + param->ret = mbedtls_sha256_finish(¶m->ctx, param->result); mbedtls_sha256_free(¶m->ctx); param->done = true; @@ -315,9 +314,9 @@ TEST_CASE("mbedtls SHA session passed between tasks", "[mbedtls]") finalise_sha_param_t param = { 0 }; mbedtls_sha256_init(¶m.ctx); - TEST_ASSERT_EQUAL(0, mbedtls_sha256_starts_ret(¶m.ctx, false)); + TEST_ASSERT_EQUAL(0, mbedtls_sha256_starts(¶m.ctx, false)); for (int i = 0; i < 5; i++) { - TEST_ASSERT_EQUAL(0, mbedtls_sha256_update_ret(¶m.ctx, one_hundred_as, 100)); + TEST_ASSERT_EQUAL(0, mbedtls_sha256_update(¶m.ctx, one_hundred_as, 100)); } // pass the SHA context off to a different task @@ -387,9 +386,9 @@ TEST_CASE("mbedtls SHA, input in flash", "[mbedtls]") mbedtls_sha256_init(&sha256_ctx); - TEST_ASSERT_EQUAL(0, mbedtls_sha256_starts_ret(&sha256_ctx, false)); - TEST_ASSERT_EQUAL(0, mbedtls_sha256_update_ret(&sha256_ctx, test_vector, sizeof(test_vector))); - TEST_ASSERT_EQUAL(0, mbedtls_sha256_finish_ret(&sha256_ctx, sha256)); + TEST_ASSERT_EQUAL(0, mbedtls_sha256_starts(&sha256_ctx, false)); + TEST_ASSERT_EQUAL(0, mbedtls_sha256_update(&sha256_ctx, test_vector, sizeof(test_vector))); + TEST_ASSERT_EQUAL(0, mbedtls_sha256_finish(&sha256_ctx, sha256)); mbedtls_sha256_free(&sha256_ctx); TEST_ASSERT_EQUAL_MEMORY_MESSAGE(test_vector_digest, sha256, 32, "SHA256 calculation"); @@ -467,14 +466,14 @@ TEST_CASE("mbedtls SHA512/t", "[mbedtls]") for (int j = 0; j < 2; j++) { k = i * 2 + j; mbedtls_sha512_init(&sha512_ctx); - TEST_ASSERT_EQUAL(0, mbedtls_sha512_starts_ret(&sha512_ctx, false)); + TEST_ASSERT_EQUAL(0, mbedtls_sha512_starts(&sha512_ctx, false)); esp_sha512_set_mode(&sha512_ctx, sha512T_algo[i]); if (i > 1) { k = (i - 2) * 2 + j; esp_sha512_set_t(&sha512_ctx, sha512T_t_len[i]); } - TEST_ASSERT_EQUAL(0, mbedtls_sha512_update_ret(&sha512_ctx, sha512T_test_buf[j], sha512T_test_buflen[j])); - TEST_ASSERT_EQUAL(0, mbedtls_sha512_finish_ret(&sha512_ctx, sha512)); + TEST_ASSERT_EQUAL(0, mbedtls_sha512_update(&sha512_ctx, sha512T_test_buf[j], sha512T_test_buflen[j])); + TEST_ASSERT_EQUAL(0, mbedtls_sha512_finish(&sha512_ctx, sha512)); mbedtls_sha512_free(&sha512_ctx); TEST_ASSERT_EQUAL_MEMORY_MESSAGE(sha512_test_sum[k], sha512, sha512T_t_len[i] / 8, "SHA512t calculation"); @@ -498,11 +497,11 @@ TEST_CASE("mbedtls SHA256 PSRAM DMA", "[mbedtls]") memset(buf, 0x54, CALL_SZ); mbedtls_sha256_init(&sha256_ctx); - TEST_ASSERT_EQUAL(0, mbedtls_sha256_starts_ret(&sha256_ctx, false)); + TEST_ASSERT_EQUAL(0, mbedtls_sha256_starts(&sha256_ctx, false)); for (int c = 0; c < CALLS; c++) { - TEST_ASSERT_EQUAL(0, mbedtls_sha256_update_ret(&sha256_ctx, buf, CALL_SZ)); + TEST_ASSERT_EQUAL(0, mbedtls_sha256_update(&sha256_ctx, buf, CALL_SZ)); } - TEST_ASSERT_EQUAL(0, mbedtls_sha256_finish_ret(&sha256_ctx, sha256)); + TEST_ASSERT_EQUAL(0, mbedtls_sha256_finish(&sha256_ctx, sha256)); free(buf); mbedtls_sha256_free(&sha256_ctx); diff --git a/components/mbedtls/test/test_mbedtls_utils.c b/components/mbedtls/test/test_mbedtls_utils.c index a28ac0e859c..a2db3891840 100644 --- a/components/mbedtls/test/test_mbedtls_utils.c +++ b/components/mbedtls/test/test_mbedtls_utils.c @@ -1,5 +1,5 @@ /* - * SPDX-FileCopyrightText: 2021 Espressif Systems (Shanghai) CO LTD + * SPDX-FileCopyrightText: 2021-2022 Espressif Systems (Shanghai) CO LTD * * SPDX-License-Identifier: Apache-2.0 */ diff --git a/components/mbedtls/test/test_mbedtls_utils.h b/components/mbedtls/test/test_mbedtls_utils.h index 0ff15052687..8d2b73c0888 100644 --- a/components/mbedtls/test/test_mbedtls_utils.h +++ b/components/mbedtls/test/test_mbedtls_utils.h @@ -1,5 +1,5 @@ /* - * SPDX-FileCopyrightText: 2021 Espressif Systems (Shanghai) CO LTD + * SPDX-FileCopyrightText: 2021-2022 Espressif Systems (Shanghai) CO LTD * * SPDX-License-Identifier: Apache-2.0 */ diff --git a/components/mbedtls/test/test_rsa.c b/components/mbedtls/test/test_rsa.c index 2137de847e6..fc6d721c030 100644 --- a/components/mbedtls/test/test_rsa.c +++ b/components/mbedtls/test/test_rsa.c @@ -1,9 +1,12 @@ /* mbedTLS RSA functionality tests - - Focus on testing functionality where we use ESP32 hardware - accelerated crypto features. - -*/ + * + * Focus on testing functionality where we use ESP32 hardware + * accelerated crypto features + * + * SPDX-FileCopyrightText: 2021-2022 Espressif Systems (Shanghai) CO LTD + * + * SPDX-License-Identifier: Apache-2.0 + */ #include #include #include "esp_system.h" @@ -11,9 +14,9 @@ #include "mbedtls/rsa.h" #include "mbedtls/pk.h" #include "mbedtls/x509_crt.h" -#include "mbedtls/entropy_poll.h" #include #include +#include "entropy_poll.h" #include "freertos/FreeRTOS.h" #include "unity.h" #include "test_utils.h" @@ -418,12 +421,15 @@ static void print_rsa_details(mbedtls_rsa_context *rsa) } #endif +// TODO: IDF-4708 +#if !TEMPORARY_DISABLED_FOR_TARGETS(ESP32, ESP32S2, ESP32S3, ESP32C3) TEST_CASE("test performance RSA key operations", "[bignum]") { for (int keysize = 2048; keysize <= SOC_RSA_MAX_BIT_LEN; keysize += 1024) { rsa_key_operations(keysize, true, false, false); } } +#endif TEST_CASE("test RSA-3072 calculations", "[bignum]") { @@ -461,20 +467,20 @@ static void rsa_key_operations(int keysize, bool check_performance, bool use_bli memset(orig_buf, 0xAA, sizeof(orig_buf)); orig_buf[0] = 0; // Ensure that orig_buf is smaller than rsa.N if (generate_new_rsa) { - mbedtls_rsa_init(&rsa, MBEDTLS_RSA_PRIVATE, 0); + mbedtls_rsa_init(&rsa); TEST_ASSERT_EQUAL(0, mbedtls_rsa_gen_key(&rsa, myrand, NULL, keysize, 65537)); } else { mbedtls_pk_init(&clientkey); switch(keysize) { case 4096: - res = mbedtls_pk_parse_key(&clientkey, (const uint8_t *)privkey_4096_buf, sizeof(privkey_4096_buf), NULL, 0); + res = mbedtls_pk_parse_key(&clientkey, (const uint8_t *)privkey_4096_buf, sizeof(privkey_4096_buf), NULL, 0, myrand, NULL); break; case 3072: - res = mbedtls_pk_parse_key(&clientkey, (const uint8_t *)privkey_3072_buf, sizeof(privkey_3072_buf), NULL, 0); + res = mbedtls_pk_parse_key(&clientkey, (const uint8_t *)privkey_3072_buf, sizeof(privkey_3072_buf), NULL, 0, myrand, NULL); break; case 2048: - res = mbedtls_pk_parse_key(&clientkey, (const uint8_t *)privkey_2048_buf, sizeof(privkey_2048_buf), NULL, 0); + res = mbedtls_pk_parse_key(&clientkey, (const uint8_t *)privkey_2048_buf, sizeof(privkey_2048_buf), NULL, 0, myrand, NULL); break; default: TEST_FAIL_MESSAGE("unsupported keysize, pass generate_new_rsa=true or update test"); @@ -489,8 +495,8 @@ static void rsa_key_operations(int keysize, bool check_performance, bool use_bli print_rsa_details(&rsa); #endif - TEST_ASSERT_EQUAL(keysize, (int)rsa.len * 8); - TEST_ASSERT_EQUAL(keysize, (int)rsa.D.n * sizeof(mbedtls_mpi_uint) * 8); // The private exponent + TEST_ASSERT_EQUAL(keysize, (int)rsa.MBEDTLS_PRIVATE(len) * 8); + TEST_ASSERT_EQUAL(keysize, (int)rsa.MBEDTLS_PRIVATE(D).MBEDTLS_PRIVATE(n) * sizeof(mbedtls_mpi_uint) * 8); // The private exponent ccomp_timer_start(); res = mbedtls_rsa_public(&rsa, orig_buf, encrypted_buf); @@ -539,7 +545,7 @@ TEST_CASE("mbedtls RSA Generate Key", "[mbedtls][timeout=60]") esp_task_wdt_add(xTaskGetIdleTaskHandleForCPU(0)); #endif //CONFIG_MBEDTLS_MPI_USE_INTERRUPT - mbedtls_rsa_init(&ctx, MBEDTLS_RSA_PKCS_V15, 0); + mbedtls_rsa_init(&ctx); mbedtls_ctr_drbg_init(&ctr_drbg); mbedtls_entropy_init(&entropy); diff --git a/components/mbedtls/test/test_sha.c b/components/mbedtls/test/test_sha.c index 1a9aed2f722..c6a771f67ce 100644 --- a/components/mbedtls/test/test_sha.c +++ b/components/mbedtls/test/test_sha.c @@ -1,5 +1,5 @@ /* - * SPDX-FileCopyrightText: 2021 Espressif Systems (Shanghai) CO LTD + * SPDX-FileCopyrightText: 2021-2022 Espressif Systems (Shanghai) CO LTD * * SPDX-License-Identifier: Apache-2.0 */ @@ -114,16 +114,16 @@ TEST_CASE("Test esp_sha() function with long input", "[hw_crypto]") /* Compare esp_sha() result to the mbedTLS result, should always be the same */ esp_sha(SHA1, ptr, LEN, sha1_espsha); - int r = mbedtls_sha1_ret(ptr, LEN, sha1_mbedtls); + int r = mbedtls_sha1(ptr, LEN, sha1_mbedtls); TEST_ASSERT_EQUAL(0, r); esp_sha(SHA2_256, ptr, LEN, sha256_espsha); - r = mbedtls_sha256_ret(ptr, LEN, sha256_mbedtls, 0); + r = mbedtls_sha256(ptr, LEN, sha256_mbedtls, 0); TEST_ASSERT_EQUAL(0, r); #if SOC_SHA_SUPPORT_SHA512 esp_sha(SHA2_512, ptr, LEN, sha512_espsha); - r = mbedtls_sha512_ret(ptr, LEN, sha512_mbedtls, 0); + r = mbedtls_sha512(ptr, LEN, sha512_mbedtls, 0); TEST_ASSERT_EQUAL(0, r); #endif diff --git a/components/mbedtls/test/test_sha_perf.c b/components/mbedtls/test/test_sha_perf.c index 7c646c9bf6f..41101e712fa 100644 --- a/components/mbedtls/test/test_sha_perf.c +++ b/components/mbedtls/test/test_sha_perf.c @@ -1,5 +1,5 @@ /* - * SPDX-FileCopyrightText: 2021 Espressif Systems (Shanghai) CO LTD + * SPDX-FileCopyrightText: 2021-2022 Espressif Systems (Shanghai) CO LTD * * SPDX-License-Identifier: Apache-2.0 */ @@ -7,9 +7,9 @@ /* * mbedTLS SHA performance test */ -#include #include #include +#include #include "mbedtls/sha256.h" #include "unity.h" #include "sdkconfig.h" @@ -33,11 +33,11 @@ TEST_CASE("mbedtls SHA performance", "[aes]") mbedtls_sha256_init(&sha256_ctx); ccomp_timer_start(); - TEST_ASSERT_EQUAL(0, mbedtls_sha256_starts_ret(&sha256_ctx, false)); + TEST_ASSERT_EQUAL(0, mbedtls_sha256_starts(&sha256_ctx, false)); for (int c = 0; c < CALLS; c++) { - TEST_ASSERT_EQUAL(0, mbedtls_sha256_update_ret(&sha256_ctx, buf, CALL_SZ)); + TEST_ASSERT_EQUAL(0, mbedtls_sha256_update(&sha256_ctx, buf, CALL_SZ)); } - TEST_ASSERT_EQUAL(0, mbedtls_sha256_finish_ret(&sha256_ctx, sha256)); + TEST_ASSERT_EQUAL(0, mbedtls_sha256_finish(&sha256_ctx, sha256)); elapsed_usec = ccomp_timer_stop(); free(buf); diff --git a/components/openthread/openthread b/components/openthread/openthread index e736d2488d9..5eeea0993e1 160000 --- a/components/openthread/openthread +++ b/components/openthread/openthread @@ -1 +1 @@ -Subproject commit e736d2488d9d4f787650d81f2b84f59a194f2b41 +Subproject commit 5eeea0993e1c1a48ff3c60906c5b628f12e87137 diff --git a/components/protocomm/src/security/security1.c b/components/protocomm/src/security/security1.c index d9365f5027f..dca71315bd9 100644 --- a/components/protocomm/src/security/security1.c +++ b/components/protocomm/src/security/security1.c @@ -10,13 +10,33 @@ #include #include +/* ToDo - Remove this once appropriate solution is available. +We need to define this for the file as ssl_misc.h uses private structures from mbedtls, +which are undefined if the following flag is not defined */ +/* Many APIs in the file make use of this flag instead of `MBEDTLS_PRIVATE` */ +/* ToDo - Replace them with proper getter-setter once they are added */ +#define MBEDTLS_ALLOW_PRIVATE_ACCESS + +/* ToDo - Remove this once appropriate solution is available. + * Currently MBEDTLS_LEGACY_CONTEXT is enabled by default for MBEDTLS_ECP_RESTARTABLE + * This is a temporary workaround to allow that. + * The LEGACY option is soon going to be removed in future mbedtls + * once it is removed we can remove the workaround. + */ +#ifdef CONFIG_MBEDTLS_ECDH_LEGACY_CONTEXT +#define ACCESS_ECDH(S, var) S->var +#else +#define ACCESS_ECDH(S, var) S->ctx.mbed_ecdh.var +#endif + #include #include #include #include #include #include -#include +#include +#include #include #include @@ -203,6 +223,7 @@ static esp_err_t handle_session_command0(session_t *cur_session, } mbedtls_ecdh_init(ctx_server); + mbedtls_ecdh_setup(ctx_server, MBEDTLS_ECP_DP_CURVE25519); mbedtls_ctr_drbg_init(ctr_drbg); mbedtls_entropy_init(entropy); @@ -214,14 +235,14 @@ static esp_err_t handle_session_command0(session_t *cur_session, goto exit_cmd0; } - mbed_err = mbedtls_ecp_group_load(&ctx_server->grp, MBEDTLS_ECP_DP_CURVE25519); + mbed_err = mbedtls_ecp_group_load(ACCESS_ECDH(&ctx_server, grp), MBEDTLS_ECP_DP_CURVE25519); if (mbed_err != 0) { ESP_LOGE(TAG, "Failed at mbedtls_ecp_group_load with error code : -0x%x", -mbed_err); ret = ESP_FAIL; goto exit_cmd0; } - mbed_err = mbedtls_ecdh_gen_public(&ctx_server->grp, &ctx_server->d, &ctx_server->Q, + mbed_err = mbedtls_ecdh_gen_public(ACCESS_ECDH(&ctx_server, grp), ACCESS_ECDH(&ctx_server, d), ACCESS_ECDH(&ctx_server, Q), mbedtls_ctr_drbg_random, ctr_drbg); if (mbed_err != 0) { ESP_LOGE(TAG, "Failed at mbedtls_ecdh_gen_public with error code : -0x%x", -mbed_err); @@ -229,7 +250,7 @@ static esp_err_t handle_session_command0(session_t *cur_session, goto exit_cmd0; } - mbed_err = mbedtls_mpi_write_binary(&ctx_server->Q.X, + mbed_err = mbedtls_mpi_write_binary(ACCESS_ECDH(&ctx_server, Q).X, cur_session->device_pubkey, PUBLIC_KEY_LEN); if (mbed_err != 0) { @@ -246,7 +267,7 @@ static esp_err_t handle_session_command0(session_t *cur_session, hexdump("Device pubkey", dev_pubkey, PUBLIC_KEY_LEN); hexdump("Client pubkey", cli_pubkey, PUBLIC_KEY_LEN); - mbed_err = mbedtls_mpi_lset(&ctx_server->Qp.Z, 1); + mbed_err = mbedtls_mpi_lset(ACCESS_ECDH(&ctx_server, Qp).Z, 1); if (mbed_err != 0) { ESP_LOGE(TAG, "Failed at mbedtls_mpi_lset with error code : -0x%x", -mbed_err); ret = ESP_FAIL; @@ -254,7 +275,7 @@ static esp_err_t handle_session_command0(session_t *cur_session, } flip_endian(cur_session->client_pubkey, PUBLIC_KEY_LEN); - mbed_err = mbedtls_mpi_read_binary(&ctx_server->Qp.X, cli_pubkey, PUBLIC_KEY_LEN); + mbed_err = mbedtls_mpi_read_binary(ACCESS_ECDH(&ctx_server, Qp).X, cli_pubkey, PUBLIC_KEY_LEN); flip_endian(cur_session->client_pubkey, PUBLIC_KEY_LEN); if (mbed_err != 0) { ESP_LOGE(TAG, "Failed at mbedtls_mpi_read_binary with error code : -0x%x", -mbed_err); @@ -262,15 +283,15 @@ static esp_err_t handle_session_command0(session_t *cur_session, goto exit_cmd0; } - mbed_err = mbedtls_ecdh_compute_shared(&ctx_server->grp, &ctx_server->z, &ctx_server->Qp, - &ctx_server->d, mbedtls_ctr_drbg_random, ctr_drbg); + mbed_err = mbedtls_ecdh_compute_shared(ACCESS_ECDH(&ctx_server, grp), ACCESS_ECDH(&ctx_server, z), ACCESS_ECDH(&ctx_server, Qp), + ACCESS_ECDH(&ctx_server, d), mbedtls_ctr_drbg_random, ctr_drbg); if (mbed_err != 0) { ESP_LOGE(TAG, "Failed at mbedtls_ecdh_compute_shared with error code : -0x%x", -mbed_err); ret = ESP_FAIL; goto exit_cmd0; } - mbed_err = mbedtls_mpi_write_binary(&ctx_server->z, cur_session->sym_key, PUBLIC_KEY_LEN); + mbed_err = mbedtls_mpi_write_binary(ACCESS_ECDH(&ctx_server, z), cur_session->sym_key, PUBLIC_KEY_LEN); if (mbed_err != 0) { ESP_LOGE(TAG, "Failed at mbedtls_mpi_write_binary with error code : -0x%x", -mbed_err); ret = ESP_FAIL; @@ -282,7 +303,7 @@ static esp_err_t handle_session_command0(session_t *cur_session, ESP_LOGD(TAG, "Adding proof of possession"); uint8_t sha_out[PUBLIC_KEY_LEN]; - mbed_err = mbedtls_sha256_ret((const unsigned char *) pop->data, pop->len, sha_out, 0); + mbed_err = mbedtls_sha256((const unsigned char *) pop->data, pop->len, sha_out, 0); if (mbed_err != 0) { ESP_LOGE(TAG, "Failed at mbedtls_sha256_ret with error code : -0x%x", -mbed_err); ret = ESP_FAIL; diff --git a/components/protocomm/test/test_protocomm.c b/components/protocomm/test/test_protocomm.c index 7b1b1af1897..6e44ffd2472 100644 --- a/components/protocomm/test/test_protocomm.c +++ b/components/protocomm/test/test_protocomm.c @@ -1,16 +1,8 @@ -// Copyright 2018 Espressif Systems (Shanghai) PTE LTD -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. +/* + * SPDX-FileCopyrightText: 2018-2021 Espressif Systems (Shanghai) CO LTD + * + * SPDX-License-Identifier: Apache-2.0 + */ #include #include @@ -22,13 +14,19 @@ #include #include +/* ToDo - Remove this once appropriate solution is available. +We need to define this for the file as ssl_misc.h uses private structures from mbedtls, +which are undefined if the following flag is not defined */ +/* Many APIs in the file make use of this flag instead of `MBEDTLS_PRIVATE()` */ +/* ToDo - Replace them with proper getter-setter once they are added */ +#define MBEDTLS_ALLOW_PRIVATE_ACCESS + #include #include #include #include #include #include -#include #include #include @@ -156,24 +154,24 @@ static esp_err_t verify_response0(session_t *session, SessionData *resp) hexdump("Device pubkey", dev_pubkey, PUBLIC_KEY_LEN); hexdump("Client pubkey", cli_pubkey, PUBLIC_KEY_LEN); - ret = mbedtls_mpi_lset(&session->ctx_client.Qp.Z, 1); + ret = mbedtls_mpi_lset(&session->ctx_client.ctx.mbed_ecdh.Qp.Z, 1); if (ret != 0) { ESP_LOGE(TAG, "Failed at mbedtls_mpi_lset with error code : %d", ret); return ESP_FAIL; } flip_endian(session->device_pubkey, PUBLIC_KEY_LEN); - ret = mbedtls_mpi_read_binary(&session->ctx_client.Qp.X, dev_pubkey, PUBLIC_KEY_LEN); + ret = mbedtls_mpi_read_binary(&session->ctx_client.ctx.mbed_ecdh.Qp.X, dev_pubkey, PUBLIC_KEY_LEN); flip_endian(session->device_pubkey, PUBLIC_KEY_LEN); if (ret != 0) { ESP_LOGE(TAG, "Failed at mbedtls_mpi_read_binary with error code : %d", ret); return ESP_FAIL; } - ret = mbedtls_ecdh_compute_shared(&session->ctx_client.grp, - &session->ctx_client.z, - &session->ctx_client.Qp, - &session->ctx_client.d, + ret = mbedtls_ecdh_compute_shared(&session->ctx_client.ctx.mbed_ecdh.grp, + &session->ctx_client.ctx.mbed_ecdh.z, + &session->ctx_client.ctx.mbed_ecdh.Qp, + &session->ctx_client.ctx.mbed_ecdh.d, mbedtls_ctr_drbg_random, &session->ctr_drbg); if (ret != 0) { @@ -181,7 +179,7 @@ static esp_err_t verify_response0(session_t *session, SessionData *resp) return ESP_FAIL; } - ret = mbedtls_mpi_write_binary(&session->ctx_client.z, session->sym_key, PUBLIC_KEY_LEN); + ret = mbedtls_mpi_write_binary(&session->ctx_client.ctx.mbed_ecdh.z, session->sym_key, PUBLIC_KEY_LEN); if (ret != 0) { ESP_LOGE(TAG, "Failed at mbedtls_mpi_write_binary with error code : %d", ret); return ESP_FAIL; @@ -193,7 +191,7 @@ static esp_err_t verify_response0(session_t *session, SessionData *resp) ESP_LOGD(TAG, "Adding proof of possession"); uint8_t sha_out[PUBLIC_KEY_LEN]; - ret = mbedtls_sha256_ret((const unsigned char *) pop->data, pop->len, sha_out, 0); + ret = mbedtls_sha256((const unsigned char *) pop->data, pop->len, sha_out, 0); if (ret != 0) { ESP_LOGE(TAG, "Failed at mbedtls_sha256_ret with error code : %d", ret); return ESP_FAIL; @@ -372,6 +370,7 @@ static esp_err_t test_sec_endpoint(session_t *session) uint8_t *outbuf = NULL; mbedtls_ecdh_init(&session->ctx_client); + mbedtls_ecdh_setup(&session->ctx_client, MBEDTLS_ECP_DP_CURVE25519); mbedtls_ctr_drbg_init(&session->ctr_drbg); mbedtls_entropy_init(&session->entropy); @@ -382,15 +381,15 @@ static esp_err_t test_sec_endpoint(session_t *session) goto abort_test_sec_endpoint; } - ret = mbedtls_ecp_group_load(&session->ctx_client.grp, MBEDTLS_ECP_DP_CURVE25519); + ret = mbedtls_ecp_group_load(&session->ctx_client.ctx.mbed_ecdh.grp, MBEDTLS_ECP_DP_CURVE25519); if (ret != 0) { ESP_LOGE(TAG, "Failed at mbedtls_ecp_group_load with error code : %d", ret); goto abort_test_sec_endpoint; } - ret = mbedtls_ecdh_gen_public(&session->ctx_client.grp, - &session->ctx_client.d, - &session->ctx_client.Q, + ret = mbedtls_ecdh_gen_public(&session->ctx_client.ctx.mbed_ecdh.grp, + &session->ctx_client.ctx.mbed_ecdh.d, + &session->ctx_client.ctx.mbed_ecdh.Q, mbedtls_ctr_drbg_random, &session->ctr_drbg); if (ret != 0) { @@ -400,7 +399,7 @@ static esp_err_t test_sec_endpoint(session_t *session) if (session->weak) { /* Read zero client public key */ - ret = mbedtls_mpi_read_binary(&session->ctx_client.Q.X, + ret = mbedtls_mpi_read_binary(&session->ctx_client.ctx.mbed_ecdh.Q.X, session->client_pubkey, PUBLIC_KEY_LEN); if (ret != 0) { @@ -408,7 +407,7 @@ static esp_err_t test_sec_endpoint(session_t *session) goto abort_test_sec_endpoint; } } - ret = mbedtls_mpi_write_binary(&session->ctx_client.Q.X, + ret = mbedtls_mpi_write_binary(&session->ctx_client.ctx.mbed_ecdh.Q.X, session->client_pubkey, PUBLIC_KEY_LEN); if (ret != 0) { diff --git a/components/wpa_supplicant/src/crypto/crypto_mbedtls-ec.c b/components/wpa_supplicant/src/crypto/crypto_mbedtls-ec.c index 9d1520902b9..b8722eae1c5 100644 --- a/components/wpa_supplicant/src/crypto/crypto_mbedtls-ec.c +++ b/components/wpa_supplicant/src/crypto/crypto_mbedtls-ec.c @@ -3,7 +3,6 @@ * * SPDX-License-Identifier: Apache-2.0 */ - #ifdef ESP_PLATFORM #include "esp_system.h" #include "mbedtls/bignum.h" @@ -156,7 +155,7 @@ int crypto_ec_point_to_bin(struct crypto_ec *e, int len = mbedtls_mpi_size(&e->group.P); if (x) { - if(crypto_bignum_to_bin((struct crypto_bignum *) & ((mbedtls_ecp_point *) point)->X, + if(crypto_bignum_to_bin((struct crypto_bignum *) & ((mbedtls_ecp_point *) point)->MBEDTLS_PRIVATE(X), x, len, len) < 0) { return -1; } @@ -164,7 +163,7 @@ int crypto_ec_point_to_bin(struct crypto_ec *e, } if (y) { - if(crypto_bignum_to_bin((struct crypto_bignum *) & ((mbedtls_ecp_point *) point)->Y, + if(crypto_bignum_to_bin((struct crypto_bignum *) & ((mbedtls_ecp_point *) point)->MBEDTLS_PRIVATE(Y), y, len, len) < 0) { return -1; } @@ -179,17 +178,17 @@ int crypto_ec_get_affine_coordinates(struct crypto_ec *e, struct crypto_ec_point int ret = -1; mbedtls_ecp_point *point = (mbedtls_ecp_point *)pt; - if (!mbedtls_ecp_is_zero(point) && (mbedtls_mpi_cmp_int( &point->Z, 1 ) == 0 )) { + if (!mbedtls_ecp_is_zero(point) && (mbedtls_mpi_cmp_int( &point->MBEDTLS_PRIVATE(Z), 1 ) == 0 )) { // Affine coordinates mean that z should be 1, wpa_printf(MSG_ERROR, "Z coordinate is neither 0 or 1"); return -1; } if (x) { - MBEDTLS_MPI_CHK(mbedtls_mpi_copy((mbedtls_mpi*) x, &((mbedtls_ecp_point* )point)->X)); + MBEDTLS_MPI_CHK(mbedtls_mpi_copy((mbedtls_mpi*) x, &((mbedtls_ecp_point* )point)->MBEDTLS_PRIVATE(X))); } if (y) { - MBEDTLS_MPI_CHK(mbedtls_mpi_copy((mbedtls_mpi*) y, &((mbedtls_ecp_point* )point)->Y)); + MBEDTLS_MPI_CHK(mbedtls_mpi_copy((mbedtls_mpi*) y, &((mbedtls_ecp_point* )point)->MBEDTLS_PRIVATE(Y))); } return 0; cleanup: @@ -214,9 +213,9 @@ struct crypto_ec_point *crypto_ec_point_from_bin(struct crypto_ec *e, } mbedtls_ecp_point_init(pt); - MBEDTLS_MPI_CHK(mbedtls_mpi_read_binary(&pt->X, val, len)); - MBEDTLS_MPI_CHK(mbedtls_mpi_read_binary(&pt->Y, val + len, len)); - MBEDTLS_MPI_CHK(mbedtls_mpi_lset((&pt->Z), 1)); + MBEDTLS_MPI_CHK(mbedtls_mpi_read_binary(&pt->MBEDTLS_PRIVATE(X), val, len)); + MBEDTLS_MPI_CHK(mbedtls_mpi_read_binary(&pt->MBEDTLS_PRIVATE(Y), val + len, len)); + MBEDTLS_MPI_CHK(mbedtls_mpi_lset((&pt->MBEDTLS_PRIVATE(Z)), 1)); return (struct crypto_ec_point *) pt; @@ -286,8 +285,8 @@ static int ecp_opp(const mbedtls_ecp_group *grp, mbedtls_ecp_point *R, const mbe } /* In-place opposite */ - if (mbedtls_mpi_cmp_int(&R->Y, 0) != 0) { - MBEDTLS_MPI_CHK(mbedtls_mpi_sub_mpi(&R->Y, &grp->P, &R->Y)); + if (mbedtls_mpi_cmp_int(&R->MBEDTLS_PRIVATE(Y), 0) != 0) { + MBEDTLS_MPI_CHK(mbedtls_mpi_sub_mpi(&R->MBEDTLS_PRIVATE(Y), &grp->P, &R->MBEDTLS_PRIVATE(Y))); } cleanup: @@ -308,7 +307,7 @@ int crypto_ec_point_solve_y_coord(struct crypto_ec *e, mbedtls_mpi_init(&temp); int ret = 0; - y = &((mbedtls_ecp_point *)p)->Y; + y = &((mbedtls_ecp_point *)p)->MBEDTLS_PRIVATE(Y); /* Faster way to find sqrt * Works only with curves having prime p @@ -332,8 +331,8 @@ int crypto_ec_point_solve_y_coord(struct crypto_ec *e, if (y_bit != mbedtls_mpi_get_bit(y, 0)) MBEDTLS_MPI_CHK(mbedtls_mpi_sub_mpi(y, &e->group.P, y)); - MBEDTLS_MPI_CHK(mbedtls_mpi_copy(&((mbedtls_ecp_point* )p)->X, (const mbedtls_mpi*) x)); - MBEDTLS_MPI_CHK(mbedtls_mpi_lset(&((mbedtls_ecp_point *)p)->Z, 1)); + MBEDTLS_MPI_CHK(mbedtls_mpi_copy(&((mbedtls_ecp_point* )p)->MBEDTLS_PRIVATE(X), (const mbedtls_mpi*) x)); + MBEDTLS_MPI_CHK(mbedtls_mpi_lset(&((mbedtls_ecp_point *)p)->MBEDTLS_PRIVATE(Z), 1)); } else { ret = 1; } @@ -417,9 +416,9 @@ int crypto_ec_point_is_on_curve(struct crypto_ec *e, /* Calculate y^2 mod P*/ MBEDTLS_MPI_CHK(mbedtls_mpi_lset(&two, 2)); - MBEDTLS_MPI_CHK(mbedtls_mpi_exp_mod(&y_sqr_lhs, &((const mbedtls_ecp_point *)p)->Y , &two, &e->group.P, NULL)); + MBEDTLS_MPI_CHK(mbedtls_mpi_exp_mod(&y_sqr_lhs, &((const mbedtls_ecp_point *)p)->MBEDTLS_PRIVATE(Y) , &two, &e->group.P, NULL)); - y_sqr_rhs = (mbedtls_mpi *) crypto_ec_point_compute_y_sqr(e, (const struct crypto_bignum *) & ((const mbedtls_ecp_point *)p)->X); + y_sqr_rhs = (mbedtls_mpi *) crypto_ec_point_compute_y_sqr(e, (const struct crypto_bignum *) & ((const mbedtls_ecp_point *)p)->MBEDTLS_PRIVATE(X)); if (y_sqr_rhs && (mbedtls_mpi_cmp_mpi(y_sqr_rhs, &y_sqr_lhs) == 0)) { on_curve = 1; @@ -440,12 +439,26 @@ int crypto_ec_point_cmp(const struct crypto_ec *e, return mbedtls_ecp_point_cmp((const mbedtls_ecp_point *) a, (const mbedtls_ecp_point *) b); } + int crypto_key_compare(struct crypto_key *key1, struct crypto_key *key2) { - if (mbedtls_pk_check_pair((mbedtls_pk_context *)key1, (mbedtls_pk_context *)key2) < 0) - return 0; + int ret = 0; + mbedtls_entropy_context entropy; + mbedtls_ctr_drbg_context ctr_drbg; - return 1; + mbedtls_entropy_init(&entropy); + mbedtls_ctr_drbg_init(&ctr_drbg); + + MBEDTLS_MPI_CHK(mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &entropy, NULL, 0)); + if (mbedtls_pk_check_pair((mbedtls_pk_context *)key1, (mbedtls_pk_context *)key2, mbedtls_ctr_drbg_random, &ctr_drbg) < 0) { + goto cleanup; + } + + ret = 1; +cleanup: + mbedtls_ctr_drbg_free(&ctr_drbg); + mbedtls_entropy_free(&entropy); + return ret; } void crypto_debug_print_point(const char *title, struct crypto_ec *e, @@ -512,8 +525,8 @@ struct crypto_key * crypto_ec_set_pubkey_point(const struct crypto_ec_group *gro if( ( ret = mbedtls_pk_setup( key, mbedtls_pk_info_from_type(MBEDTLS_PK_ECKEY) ) ) != 0 ) goto fail; - mbedtls_ecp_copy(&mbedtls_pk_ec(*key)->Q, point); - mbedtls_ecp_group_load(&mbedtls_pk_ec(*key)->grp, MBEDTLS_ECP_DP_SECP256R1); + mbedtls_ecp_copy(&mbedtls_pk_ec(*key)->MBEDTLS_PRIVATE(Q), point); + mbedtls_ecp_group_load(&mbedtls_pk_ec(*key)->MBEDTLS_PRIVATE(grp), MBEDTLS_ECP_DP_SECP256R1); pkey = (struct crypto_key *)key; crypto_ec_point_deinit((struct crypto_ec_point *)point, 0); @@ -539,7 +552,7 @@ struct crypto_ec_point *crypto_ec_get_public_key(struct crypto_key *key) { mbedtls_pk_context *pkey = (mbedtls_pk_context *)key; - return (struct crypto_ec_point *)&mbedtls_pk_ec(*pkey)->Q; + return (struct crypto_ec_point *)&mbedtls_pk_ec(*pkey)->MBEDTLS_PRIVATE(Q); } @@ -567,14 +580,14 @@ struct crypto_ec_group *crypto_ec_get_group_from_key(struct crypto_key *key) { mbedtls_pk_context *pkey = (mbedtls_pk_context *)key; - return (struct crypto_ec_group *)&(mbedtls_pk_ec(*pkey)->grp); + return (struct crypto_ec_group *)&(mbedtls_pk_ec(*pkey)->MBEDTLS_PRIVATE(grp)); } struct crypto_bignum *crypto_ec_get_private_key(struct crypto_key *key) { mbedtls_pk_context *pkey = (mbedtls_pk_context *)key; - return ((struct crypto_bignum *)&(mbedtls_pk_ec(*pkey)->d)); + return ((struct crypto_bignum *)&(mbedtls_pk_ec(*pkey)->MBEDTLS_PRIVATE(d))); } int crypto_ec_get_publickey_buf(struct crypto_key *key, u8 *key_buf, int len) @@ -623,7 +636,7 @@ struct crypto_key *crypto_ec_get_key(const u8 *privkey, size_t privkey_len) wpa_printf(MSG_ERROR, "memory allocation failed\n"); return NULL; } - ret = mbedtls_pk_parse_key(kctx, privkey, privkey_len, NULL, 0); + ret = mbedtls_pk_parse_key(kctx, privkey, privkey_len, NULL, 0, crypto_rng_wrapper, NULL); if (ret < 0) { //crypto_print_error_string(ret); @@ -743,8 +756,8 @@ int crypto_ecdsa_get_sign(unsigned char *hash, if (mbedtls_ecdsa_from_keypair(ctx, mbedtls_pk_ec(*pkey)) < 0) { goto fail; } - ret = mbedtls_ecdsa_sign(&ctx->grp, (mbedtls_mpi *)r, (mbedtls_mpi *)s, - &ctx->d, hash, SHA256_MAC_LEN, crypto_rng_wrapper, NULL); + ret = mbedtls_ecdsa_sign(&ctx->MBEDTLS_PRIVATE(grp), (mbedtls_mpi *)r, (mbedtls_mpi *)s, + &ctx->MBEDTLS_PRIVATE(d), hash, SHA256_MAC_LEN, crypto_rng_wrapper, NULL); fail: mbedtls_ecdsa_free(ctx); @@ -769,8 +782,8 @@ int crypto_edcsa_sign_verify(const unsigned char *hash, if (mbedtls_ecdsa_from_keypair(ctx, mbedtls_pk_ec(*pkey)) < 0) return ret; - if((ret = mbedtls_ecdsa_verify(&ctx->grp, hash, hlen, - &ctx->Q, (mbedtls_mpi *)r, (mbedtls_mpi *)s)) != 0){ + if((ret = mbedtls_ecdsa_verify(&ctx->MBEDTLS_PRIVATE(grp), hash, hlen, + &ctx->MBEDTLS_PRIVATE(Q), (mbedtls_mpi *)r, (mbedtls_mpi *)s)) != 0){ wpa_printf(MSG_ERROR, "ecdsa verification failed\n"); return ret; } @@ -857,7 +870,7 @@ static int pk_write_ec_param( unsigned char **p, unsigned char *start, const char *oid; size_t oid_len; - if( ( ret = mbedtls_oid_get_oid_by_ec_grp( ec->grp.id, &oid, &oid_len ) ) != 0 ) + if( ( ret = mbedtls_oid_get_oid_by_ec_grp( ec->MBEDTLS_PRIVATE(grp).id, &oid, &oid_len ) ) != 0 ) return( ret ); MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_oid( p, start, oid, oid_len ) ); @@ -872,7 +885,7 @@ static int pk_write_ec_pubkey_formatted( unsigned char **p, unsigned char *start size_t len = 0; unsigned char buf[MBEDTLS_ECP_MAX_PT_LEN]; - if( ( ret = mbedtls_ecp_point_write_binary( &ec->grp, &ec->Q, + if( ( ret = mbedtls_ecp_point_write_binary( &ec->MBEDTLS_PRIVATE(grp), &ec->MBEDTLS_PRIVATE(Q), format, &len, buf, sizeof( buf ) ) ) != 0 ) { diff --git a/components/wpa_supplicant/src/crypto/crypto_mbedtls.c b/components/wpa_supplicant/src/crypto/crypto_mbedtls.c index d640a64189b..85f8983e321 100644 --- a/components/wpa_supplicant/src/crypto/crypto_mbedtls.c +++ b/components/wpa_supplicant/src/crypto/crypto_mbedtls.c @@ -3,7 +3,6 @@ * * SPDX-License-Identifier: Apache-2.0 */ - #ifdef ESP_PLATFORM #include "esp_system.h" #endif @@ -25,7 +24,6 @@ #include "mbedtls/nist_kw.h" #include "mbedtls/des.h" #include "mbedtls/ccm.h" -#include "mbedtls/arc4.h" #include "common.h" #include "utils/wpabuf.h" @@ -37,6 +35,10 @@ #include "crypto.h" #include "mbedtls/esp_config.h" +#ifdef MBEDTLS_ARC4_C +#include "mbedtls/arc4.h" +#endif + static int digest_vector(mbedtls_md_type_t md_type, size_t num_elem, const u8 *addr[], const size_t *len, u8 *mac) { @@ -400,12 +402,12 @@ static int crypto_init_cipher_ctx(mbedtls_cipher_context_t *ctx, return -1; } - if (mbedtls_cipher_setkey(ctx, key, cipher_info->key_bitlen, + if (mbedtls_cipher_setkey(ctx, key, cipher_info->MBEDTLS_PRIVATE(key_bitlen), operation) != 0) { wpa_printf(MSG_ERROR, "mbedtls_cipher_setkey returned error"); return -1; } - if (mbedtls_cipher_set_iv(ctx, iv, cipher_info->iv_size) != 0) { + if (mbedtls_cipher_set_iv(ctx, iv, cipher_info->MBEDTLS_PRIVATE(iv_size)) != 0) { wpa_printf(MSG_ERROR, "mbedtls_cipher_set_iv returned error"); return -1; } diff --git a/components/wpa_supplicant/src/crypto/tls_mbedtls.c b/components/wpa_supplicant/src/crypto/tls_mbedtls.c index 61e397511ce..e2a1ee481a5 100644 --- a/components/wpa_supplicant/src/crypto/tls_mbedtls.c +++ b/components/wpa_supplicant/src/crypto/tls_mbedtls.c @@ -12,7 +12,15 @@ #include "crypto/md5.h" #include "crypto/sha256.h" #include "crypto/sha384.h" -#include "mbedtls/ssl_internal.h" + +/* ToDo - Remove this once appropriate solution is available. +We need to define this for the file as ssl_misc.h uses private structures from mbedtls, +which are undefined if the following flag is not defined */ +/* Many APIs in the file make use of this flag instead of `MBEDTLS_PRIVATE` */ +/* ToDo - Replace them with proper getter-setter once they are added */ +#define MBEDTLS_ALLOW_PRIVATE_ACCESS + +#include "ssl_misc.h" #include "mbedtls/ctr_drbg.h" #include "mbedtls/entropy.h" #include "mbedtls/debug.h" @@ -27,6 +35,8 @@ #define TLS_MASTER_SECRET_LEN 48 #define MAX_CIPHERSUITE 32 + + /* Throw a compilation error if basic requirements in mbedtls are not enabled */ #if !defined(MBEDTLS_SSL_TLS_C) #error "TLS not enabled in mbedtls config" @@ -63,7 +73,9 @@ typedef struct tls_context { struct tls_connection { tls_context_t *tls; struct tls_data tls_io_data; + unsigned char master_secret[TLS_MASTER_SECRET_LEN]; unsigned char randbytes[2 * TLS_RANDOM_LEN]; + mbedtls_tls_prf_types tls_prf_type; mbedtls_md_type_t mac; }; @@ -151,7 +163,7 @@ static int set_pki_context(tls_context_t *tls, const struct tls_connection_param ret = mbedtls_pk_parse_key(&tls->clientkey, cfg->private_key_blob, cfg->private_key_blob_len, (const unsigned char *)cfg->private_key_passwd, - cfg->private_key_passwd ? os_strlen(cfg->private_key_passwd) : 0); + cfg->private_key_passwd ? os_strlen(cfg->private_key_passwd) : 0, mbedtls_ctr_drbg_random, &tls->ctr_drbg); if (ret < 0) { wpa_printf(MSG_ERROR, "mbedtls_pk_parse_keyfile returned -0x%x", -ret); return ret; @@ -515,7 +527,24 @@ static int set_client_config(const struct tls_connection_params *cfg, tls_contex return 0; } -static int tls_create_mbedtls_handle(const struct tls_connection_params *params, +static void tls_key_derivation(void *ctx, + mbedtls_ssl_key_export_type secret_type, + const unsigned char *secret, + size_t secret_len, + const unsigned char client_random[TLS_RANDOM_LEN], + const unsigned char server_random[TLS_RANDOM_LEN], + mbedtls_tls_prf_types tls_prf_type) +{ + struct tls_connection *conn = (struct tls_connection *)ctx; + + os_memcpy(conn->master_secret, secret, sizeof(conn->master_secret)); + os_memcpy(conn->randbytes, client_random, TLS_RANDOM_LEN); + os_memcpy(conn->randbytes + 32, server_random, TLS_RANDOM_LEN); + conn->tls_prf_type = tls_prf_type; +} + +static int tls_create_mbedtls_handle(struct tls_connection *conn, + const struct tls_connection_params *params, tls_context_t *tls) { int ret; @@ -548,6 +577,7 @@ static int tls_create_mbedtls_handle(const struct tls_connection_params *params, wpa_printf(MSG_ERROR, "mbedtls_ssl_setup returned -0x%x", -ret); goto exit; } + mbedtls_ssl_set_export_keys_cb(&tls->ssl, tls_key_derivation, conn); #if defined(MBEDTLS_SSL_CBC_RECORD_SPLITTING) /* Disable BEAST attack countermeasures for Windows 2008 interoperability */ mbedtls_ssl_conf_cbc_record_splitting(&tls->conf, MBEDTLS_SSL_CBC_RECORD_SPLITTING_DISABLED); @@ -609,7 +639,7 @@ int tls_connection_established(void *tls_ctx, struct tls_connection *conn) { mbedtls_ssl_context *ssl = &conn->tls->ssl; - if (ssl->state == MBEDTLS_SSL_HANDSHAKE_OVER) { + if (ssl->MBEDTLS_PRIVATE(state) == MBEDTLS_SSL_HANDSHAKE_OVER) { return 1; } @@ -646,11 +676,11 @@ struct wpabuf * tls_connection_handshake(void *tls_ctx, } /* Multiple reads */ - while (tls->ssl.state != MBEDTLS_SSL_HANDSHAKE_OVER) { - if (tls->ssl.state == MBEDTLS_SSL_CLIENT_CERTIFICATE) { + while (tls->ssl.MBEDTLS_PRIVATE(state) != MBEDTLS_SSL_HANDSHAKE_OVER) { + if (tls->ssl.MBEDTLS_PRIVATE(state) == MBEDTLS_SSL_CLIENT_CERTIFICATE) { /* Read random data before session completes, not present after handshake */ - if (tls->ssl.handshake) { - os_memcpy(conn->randbytes, tls->ssl.handshake->randbytes, + if (tls->ssl.MBEDTLS_PRIVATE(handshake)) { + os_memcpy(conn->randbytes, tls->ssl.MBEDTLS_PRIVATE(handshake)->randbytes, TLS_RANDOM_LEN * 2); conn->mac = tls->ssl.handshake->ciphersuite_info->mac; } @@ -753,8 +783,8 @@ struct wpabuf *tls_connection_decrypt(void *tls_ctx, int tls_connection_resumed(void *tls_ctx, struct tls_connection *conn) { - if (conn && conn->tls && conn->tls->ssl.handshake) { - return conn->tls->ssl.handshake->resume; + if (conn && conn->tls && conn->tls->ssl.MBEDTLS_PRIVATE(handshake)) { + return conn->tls->ssl.MBEDTLS_PRIVATE(handshake)->resume; } return 0; @@ -852,7 +882,7 @@ int tls_connection_set_params(void *tls_ctx, struct tls_connection *conn, goto err; } - ret = tls_create_mbedtls_handle(params, tls); + ret = tls_create_mbedtls_handle(conn, params, tls); if (ret < 0) { wpa_printf(MSG_ERROR, "failed to create ssl handle"); goto err; @@ -890,12 +920,12 @@ static int tls_connection_prf(void *tls_ctx, struct tls_connection *conn, u8 seed[2 * TLS_RANDOM_LEN]; mbedtls_ssl_context *ssl = &conn->tls->ssl; - if (!ssl || !ssl->transform) { + if (!ssl) { wpa_printf(MSG_ERROR, "TLS: %s, session ingo is null", __func__); return -1; } - if (ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER) { - wpa_printf(MSG_ERROR, "TLS: %s, incorrect tls state=%d", __func__, ssl->state); + if (ssl->MBEDTLS_PRIVATE(state) != MBEDTLS_SSL_HANDSHAKE_OVER) { + wpa_printf(MSG_ERROR, "TLS: %s, incorrect tls state=%d", __func__, ssl->MBEDTLS_PRIVATE(state)); return -1; } @@ -907,18 +937,10 @@ static int tls_connection_prf(void *tls_ctx, struct tls_connection *conn, } wpa_hexdump_key(MSG_MSGDUMP, "random", seed, 2 * TLS_RANDOM_LEN); - wpa_hexdump_key(MSG_MSGDUMP, "master", ssl->session->master, TLS_MASTER_SECRET_LEN); + wpa_hexdump_key(MSG_MSGDUMP, "master", ssl->MBEDTLS_PRIVATE(session)->MBEDTLS_PRIVATE(master), TLS_MASTER_SECRET_LEN); - if (conn->mac == MBEDTLS_MD_SHA384) { - ret = tls_prf_sha384(ssl->session->master, TLS_MASTER_SECRET_LEN, - label, seed, 2 * TLS_RANDOM_LEN, out, out_len); - } else if (conn->mac == MBEDTLS_MD_SHA256) { - ret = tls_prf_sha256(ssl->session->master, TLS_MASTER_SECRET_LEN, + ret = mbedtls_ssl_tls_prf(conn->tls_prf_type, conn->master_secret, TLS_MASTER_SECRET_LEN, label, seed, 2 * TLS_RANDOM_LEN, out, out_len); - } else { - ret = tls_prf_sha1_md5(ssl->session->master, TLS_MASTER_SECRET_LEN, - label, seed, 2 * TLS_RANDOM_LEN, out, out_len); - } if (ret < 0) { wpa_printf(MSG_ERROR, "prf failed, ret=%d\n", ret); @@ -969,14 +991,14 @@ int tls_connection_get_random(void *tls_ctx, struct tls_connection *conn, mbedtls_ssl_context *ssl = &conn->tls->ssl; os_memset(data, 0, sizeof(*data)); - if (ssl->state == MBEDTLS_SSL_CLIENT_HELLO) { + if (ssl->MBEDTLS_PRIVATE(state) == MBEDTLS_SSL_CLIENT_HELLO) { return -1; } data->client_random = conn->randbytes; data->client_random_len = TLS_RANDOM_LEN; - if (ssl->state != MBEDTLS_SSL_SERVER_HELLO) { + if (ssl->MBEDTLS_PRIVATE(state) != MBEDTLS_SSL_SERVER_HELLO) { data->server_random = conn->randbytes + TLS_RANDOM_LEN; data->server_random_len = TLS_RANDOM_LEN; } diff --git a/components/wpa_supplicant/test/test_crypto.c b/components/wpa_supplicant/test/test_crypto.c index 19399a6c6df..7a7fed85c58 100644 --- a/components/wpa_supplicant/test/test_crypto.c +++ b/components/wpa_supplicant/test/test_crypto.c @@ -1,16 +1,8 @@ -// Copyright 2015-2018 Espressif Systems (Shanghai) PTE LTD -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at - -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. +/* + * SPDX-FileCopyrightText: 2015-2021 Espressif Systems (Shanghai) CO LTD + * + * SPDX-License-Identifier: Apache-2.0 + */ #include #include #include @@ -328,10 +320,10 @@ TEST_CASE("Test crypto lib bignum apis", "[wpa_crypto]") */ static inline void ecp_mpi_load( mbedtls_mpi *X, const mbedtls_mpi_uint *p, size_t len ) { - X->s = 1; - X->n = len / sizeof( mbedtls_mpi_uint ); - X->p = os_zalloc(len); - memcpy(X->p, (void *)p, len); + X->MBEDTLS_PRIVATE(s) = 1; + X->MBEDTLS_PRIVATE(n) = len / sizeof( mbedtls_mpi_uint ); + X->MBEDTLS_PRIVATE(p) = os_zalloc(len); + memcpy(X->MBEDTLS_PRIVATE(p), (void *)p, len); } @@ -399,10 +391,10 @@ TEST_CASE("Test crypto lib ECC apis", "[wpa_crypto]") mbedtls_mpi_init( &num ); mbedtls_mpi_lset( &num, 3 ); - ecp_mpi_load(& ((mbedtls_ecp_point *)p)->X, secp256r1_gx, sizeof(secp256r1_gx)); - ecp_mpi_load(& ((mbedtls_ecp_point *)p)->Y, secp256r1_gy, sizeof(secp256r1_gy)); + ecp_mpi_load(& ((mbedtls_ecp_point *)p)->MBEDTLS_PRIVATE(X), secp256r1_gx, sizeof(secp256r1_gx)); + ecp_mpi_load(& ((mbedtls_ecp_point *)p)->MBEDTLS_PRIVATE(Y), secp256r1_gy, sizeof(secp256r1_gy)); - mbedtls_mpi_lset((&((mbedtls_ecp_point *)p)->Z), 1); + mbedtls_mpi_lset((&((mbedtls_ecp_point *)p)->MBEDTLS_PRIVATE(Z)), 1); TEST_ASSERT(crypto_ec_point_mul(e, p, (crypto_bignum *) &num, q) == 0); //q = 3p @@ -438,10 +430,10 @@ TEST_CASE("Test crypto lib ECC apis", "[wpa_crypto]") mbedtls_mpi_init( &num ); mbedtls_mpi_lset( &num, 100 ); - ecp_mpi_load(& ((mbedtls_ecp_point *)p)->X, secp256r1_gx, sizeof(secp256r1_gx)); - ecp_mpi_load(& ((mbedtls_ecp_point *)p)->Y, secp256r1_gy, sizeof(secp256r1_gy)); + ecp_mpi_load(& ((mbedtls_ecp_point *)p)->MBEDTLS_PRIVATE(X), secp256r1_gx, sizeof(secp256r1_gx)); + ecp_mpi_load(& ((mbedtls_ecp_point *)p)->MBEDTLS_PRIVATE(Y), secp256r1_gy, sizeof(secp256r1_gy)); - mbedtls_mpi_lset((&((mbedtls_ecp_point *)p)->Z), 1); + mbedtls_mpi_lset((&((mbedtls_ecp_point *)p)->MBEDTLS_PRIVATE(Z)), 1); TEST_ASSERT(crypto_ec_point_mul(e, p, (crypto_bignum *) &num, q) == 0); TEST_ASSERT(crypto_ec_point_mul(e, p, (crypto_bignum *) &num, r) == 0); @@ -474,10 +466,10 @@ TEST_CASE("Test crypto lib ECC apis", "[wpa_crypto]") mbedtls_mpi_init( &num ); mbedtls_mpi_lset( &num, 50 ); - ecp_mpi_load(& ((mbedtls_ecp_point *)p)->X, secp256r1_gx, sizeof(secp256r1_gx)); - ecp_mpi_load(& ((mbedtls_ecp_point *)p)->Y, secp256r1_gy, sizeof(secp256r1_gy)); + ecp_mpi_load(& ((mbedtls_ecp_point *)p)->MBEDTLS_PRIVATE(X), secp256r1_gx, sizeof(secp256r1_gx)); + ecp_mpi_load(& ((mbedtls_ecp_point *)p)->MBEDTLS_PRIVATE(Y), secp256r1_gy, sizeof(secp256r1_gy)); - mbedtls_mpi_lset((&((mbedtls_ecp_point *)p)->Z), 1); + mbedtls_mpi_lset((&((mbedtls_ecp_point *)p)->MBEDTLS_PRIVATE(Z)), 1); /* Generator should always be on the curve*/ TEST_ASSERT(crypto_ec_point_is_on_curve(e, p)); @@ -512,21 +504,21 @@ TEST_CASE("Test crypto lib ECC apis", "[wpa_crypto]") mbedtls_mpi_init( &num ); mbedtls_mpi_lset( &num, 50 ); - ecp_mpi_load(& ((mbedtls_ecp_point *)p)->X, secp256r1_gx, sizeof(secp256r1_gx)); - ecp_mpi_load(& ((mbedtls_ecp_point *)p)->Y, secp256r1_gy, sizeof(secp256r1_gy)); + ecp_mpi_load(& ((mbedtls_ecp_point *)p)->MBEDTLS_PRIVATE(X), secp256r1_gx, sizeof(secp256r1_gx)); + ecp_mpi_load(& ((mbedtls_ecp_point *)p)->MBEDTLS_PRIVATE(Y), secp256r1_gy, sizeof(secp256r1_gy)); - mbedtls_mpi_lset((&((mbedtls_ecp_point *)p)->Z), 1); + mbedtls_mpi_lset((&((mbedtls_ecp_point *)p)->MBEDTLS_PRIVATE(Z)), 1); - mbedtls_mpi_copy(&((mbedtls_ecp_point *)q)->X, &((mbedtls_ecp_point *)p)->X); - mbedtls_mpi_copy(&((mbedtls_ecp_point *)r)->X, &((mbedtls_ecp_point *)p)->X); + mbedtls_mpi_copy(&((mbedtls_ecp_point *)q)->MBEDTLS_PRIVATE(X), &((mbedtls_ecp_point *)p)->MBEDTLS_PRIVATE(X)); + mbedtls_mpi_copy(&((mbedtls_ecp_point *)r)->MBEDTLS_PRIVATE(X), &((mbedtls_ecp_point *)p)->MBEDTLS_PRIVATE(X)); - mbedtls_mpi_lset((&((mbedtls_ecp_point *)q)->Z), 1); - mbedtls_mpi_lset((&((mbedtls_ecp_point *)r)->Z), 1); + mbedtls_mpi_lset((&((mbedtls_ecp_point *)q)->MBEDTLS_PRIVATE(Z)), 1); + mbedtls_mpi_lset((&((mbedtls_ecp_point *)r)->MBEDTLS_PRIVATE(Z)), 1); - TEST_ASSERT(crypto_ec_point_solve_y_coord(e, q, (crypto_bignum *) & ((mbedtls_ecp_point *)q)->X, 0) == 0); + TEST_ASSERT(crypto_ec_point_solve_y_coord(e, q, (crypto_bignum *) & ((mbedtls_ecp_point *)q)->MBEDTLS_PRIVATE(X), 0) == 0); TEST_ASSERT(crypto_ec_point_is_on_curve(e, q)); - TEST_ASSERT(crypto_ec_point_solve_y_coord(e, r, (crypto_bignum *) & ((mbedtls_ecp_point *)q)->X, 1) == 0); + TEST_ASSERT(crypto_ec_point_solve_y_coord(e, r, (crypto_bignum *) & ((mbedtls_ecp_point *)q)->MBEDTLS_PRIVATE(X), 1) == 0); TEST_ASSERT(crypto_ec_point_is_on_curve(e, r)); TEST_ASSERT((crypto_ec_point_cmp(e, p, q) == 0) || (crypto_ec_point_cmp(e, p, r) == 0)); diff --git a/docs/en/api-guides/performance/size.rst b/docs/en/api-guides/performance/size.rst index 92c8478320b..2ed6b04083e 100644 --- a/docs/en/api-guides/performance/size.rst +++ b/docs/en/api-guides/performance/size.rst @@ -374,8 +374,6 @@ These include: - :ref:`CONFIG_MBEDTLS_HAVE_TIME` - :ref:`CONFIG_MBEDTLS_ECDSA_DETERMINISTIC` - :ref:`CONFIG_MBEDTLS_SHA512_C` -- :ref:`CONFIG_MBEDTLS_SSL_PROTO_TLS1` -- :ref:`CONFIG_MBEDTLS_SSL_PROTO_TLS1_1` - :ref:`CONFIG_MBEDTLS_CLIENT_SSL_SESSION_TICKETS` - :ref:`CONFIG_MBEDTLS_SERVER_SSL_SESSION_TICKETS` - :ref:`CONFIG_MBEDTLS_SSL_ALPN` diff --git a/docs/en/migration-guides/index.rst b/docs/en/migration-guides/index.rst index a5429c42e26..95edeae128d 100644 --- a/docs/en/migration-guides/index.rst +++ b/docs/en/migration-guides/index.rst @@ -10,6 +10,7 @@ ESP-IDF 5.0 Migration Guides Ethernet FreeRTOS Peripherals + Protocols Removed or deprecated components Storage System diff --git a/docs/en/migration-guides/protocols.rst b/docs/en/migration-guides/protocols.rst new file mode 100644 index 00000000000..1719a05f928 --- /dev/null +++ b/docs/en/migration-guides/protocols.rst @@ -0,0 +1,59 @@ +Migration of Protocol Components to ESP-IDF 5.0 +=============================================== + +Mbed TLS +-------- + +For ESP-IDF v5.0, `Mbed TLS `_ has been updated from v2.x to v3.1.0. + +The official guide for Mbed TLS to migrate from version 2.x to version 3.0 or greater can be found `here `__. + +Breaking Changes (Summary) +~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +Most structure fields are now private +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +- Direct access to fields of structures (``struct`` types) declared in public headers is no longer supported. +- Appropriate accessor functions (getter/setter) must be used for the same. A temporary workaround would be to use ``MBEDTLS_PRIVATE`` macro (**not recommended**). +- For more details, refer to the official guide `here `__. + +SSL +^^^ +- Removed the support for TLS 1.0, 1.1 and DTLS 1.0 +- Removed the support for SSL 3.0 + +Deprecated functions were removed from cryptography modules +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +- The functions ``mbedtls_*_ret()`` (related to MD, SHA, RIPEMD, RNG, HMAC modules) was renamed to replace the corresponding functions without ``_ret`` appended and updated return value. +- For more details, refer to the official guide `here `__. + + +Deprecated Config Options +^^^^^^^^^^^^^^^^^^^^^^^^^ +Following are some of the important config options deprecated by this update. The configs related to and/or dependent on these have also been deprecated. + +- ``MBEDTLS_SSL_PROTO_SSL3`` : Support for SSL 3.0 +- ``MBEDTLS_SSL_PROTO_TLS1`` : Support for TLS 1.0 +- ``MBEDTLS_SSL_PROTO_TLS1_1``: Support for TLS 1.1 +- ``MBEDTLS_SSL_PROTO_DTLS`` : Support for DTLS 1.1 (Only DTLS 1.2 is supported now) +- ``MBEDTLS_DES_C`` : Support for 3DES ciphersuites +- ``MBEDTLS_RC4_MODE`` : Support for RC4-based ciphersuites + +.. note:: This list includes only major options configurable through ``idf.py menuconfig``. For more details on deprecated options, refer to the official migration guide. + + +Miscellaneous +------------- + +Disabled Diffie-Hellman Key Exchange modes +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +The Diffie-Hellman Key Exchange modes have now been disabled by default due to security risks (see warning text `here `__). Related configs are given below: + +- ``MBEDTLS_DHM_C`` : Support for the Diffie-Hellman-Merkle module +- ``MBEDTLS_KEY_EXCHANGE_DHE_PSK`` : Support for Diffie-Hellman PSK (pre-shared-key) TLS authentication modes +- ``MBEDTLS_KEY_EXCHANGE_DHE_RSA`` : Support for cipher suites with the prefix ``TLS-DHE-RSA-WITH-`` + +.. note:: During the initial step of the handshake (i.e. ``client_hello``), the server selects a cipher from the list that the client publishes. As the DHE_PSK/DHE_RSA ciphers have now been disabled by the above change, the server would fall back to an alternative cipher; if in a rare case, it does not support any other cipher, the handshake would fail. To retrieve the list of ciphers supported by the server, one must attempt to connect with the server with a specific cipher from the client-side. Few utilities can help do this, e.g. ``sslscan``. diff --git a/docs/zh_CN/migration-guides/index.rst b/docs/zh_CN/migration-guides/index.rst index 74ffba7d2a4..e5bb4d17c2a 100644 --- a/docs/zh_CN/migration-guides/index.rst +++ b/docs/zh_CN/migration-guides/index.rst @@ -12,5 +12,6 @@ ESP-IDF 5.0 迁移指南 FreeRTOS 以太网 Storage + Protocols Removed or deprecated components Tools diff --git a/docs/zh_CN/migration-guides/protocols.rst b/docs/zh_CN/migration-guides/protocols.rst new file mode 100644 index 00000000000..ef5f85ce7c3 --- /dev/null +++ b/docs/zh_CN/migration-guides/protocols.rst @@ -0,0 +1 @@ +.. include:: ../../en/migration-guides/protocols.rst diff --git a/examples/bluetooth/blufi/main/blufi_security.c b/examples/bluetooth/blufi/main/blufi_security.c index b0405e4652d..5d4334829aa 100644 --- a/examples/bluetooth/blufi/main/blufi_security.c +++ b/examples/bluetooth/blufi/main/blufi_security.c @@ -1,5 +1,5 @@ /* - * SPDX-FileCopyrightText: 2021 Espressif Systems (Shanghai) CO LTD + * SPDX-FileCopyrightText: 2021-2022 Espressif Systems (Shanghai) CO LTD * * SPDX-License-Identifier: Unlicense OR CC0-1.0 */ @@ -103,7 +103,7 @@ void blufi_dh_negotiate_data_handler(uint8_t *data, int len, uint8_t **output_da } free(blufi_sec->dh_param); blufi_sec->dh_param = NULL; - ret = mbedtls_dhm_make_public(&blufi_sec->dhm, (int) mbedtls_mpi_size( &blufi_sec->dhm.P ), blufi_sec->self_public_key, blufi_sec->dhm.len, myrand, NULL); + ret = mbedtls_dhm_make_public(&blufi_sec->dhm, (int) mbedtls_mpi_size( &blufi_sec->dhm.MBEDTLS_PRIVATE(P) ), blufi_sec->self_public_key, mbedtls_mpi_size( &blufi_sec->dhm.MBEDTLS_PRIVATE(P) ), myrand, NULL); if (ret) { BLUFI_ERROR("%s make public failed %d\n", __func__, ret); btc_blufi_report_error(ESP_BLUFI_MAKE_PUBLIC_ERROR); @@ -116,13 +116,19 @@ void blufi_dh_negotiate_data_handler(uint8_t *data, int len, uint8_t **output_da &blufi_sec->share_len, NULL, NULL); - mbedtls_md5(blufi_sec->share_key, blufi_sec->share_len, blufi_sec->psk); + ret = mbedtls_md5(blufi_sec->share_key, blufi_sec->share_len, blufi_sec->psk); + + if (ret) { + BLUFI_ERROR("%s mbedtls_md5 failed %d\n", __func__, ret); + btc_blufi_report_error(ESP_BLUFI_CALC_MD5_ERROR); + return; + } mbedtls_aes_setkey_enc(&blufi_sec->aes, blufi_sec->psk, 128); /* alloc output data */ *output_data = &blufi_sec->self_public_key[0]; - *output_len = blufi_sec->dhm.len; + *output_len = mbedtls_mpi_size( &blufi_sec->dhm.MBEDTLS_PRIVATE(P) ); *need_free = false; } diff --git a/examples/bluetooth/esp_ble_mesh/aligenie_demo/main/aligenie_demo.c b/examples/bluetooth/esp_ble_mesh/aligenie_demo/main/aligenie_demo.c index 1546d0b07a0..7fa961c5ef3 100644 --- a/examples/bluetooth/esp_ble_mesh/aligenie_demo/main/aligenie_demo.c +++ b/examples/bluetooth/esp_ble_mesh/aligenie_demo/main/aligenie_demo.c @@ -1,7 +1,7 @@ /* * AliGenie - Example * - * SPDX-FileCopyrightText: 2021 Espressif Systems (Shanghai) CO LTD + * SPDX-FileCopyrightText: 2021-2022 Espressif Systems (Shanghai) CO LTD * * SPDX-License-Identifier: Unlicense OR CC0-1.0 */ @@ -1282,7 +1282,7 @@ void config_triples(void) ESP_LOGI(TAG, "authvalue_string: %s", authvalue_string); uint8_t sha256_out[32] = {0}; - mbedtls_sha256_ret((const unsigned char *)authvalue_string, strlen(authvalue_string), sha256_out, 0); + mbedtls_sha256((const unsigned char *)authvalue_string, strlen(authvalue_string), sha256_out, 0); memcpy(static_val, sha256_out, 16); provision.static_val = static_val; diff --git a/examples/peripherals/secure_element/atecc608_ecdsa/components/esp-cryptoauthlib b/examples/peripherals/secure_element/atecc608_ecdsa/components/esp-cryptoauthlib index 077758db50d..985ea960f83 160000 --- a/examples/peripherals/secure_element/atecc608_ecdsa/components/esp-cryptoauthlib +++ b/examples/peripherals/secure_element/atecc608_ecdsa/components/esp-cryptoauthlib @@ -1 +1 @@ -Subproject commit 077758db50d4b55addab56e723a5a379f09077d0 +Subproject commit 985ea960f83f67f66881e2dae57097e2a07b92a0 diff --git a/examples/peripherals/secure_element/atecc608_ecdsa/main/ecdsa_example_main.c b/examples/peripherals/secure_element/atecc608_ecdsa/main/ecdsa_example_main.c index be379ff3cc2..f3df1384284 100644 --- a/examples/peripherals/secure_element/atecc608_ecdsa/main/ecdsa_example_main.c +++ b/examples/peripherals/secure_element/atecc608_ecdsa/main/ecdsa_example_main.c @@ -1,25 +1,15 @@ -/** +/* * atecc608a_ecdsa example * - * Original Copyright (C) 2006-2016, ARM Limited, All Rights Reserved, Apache 2.0 License. - * Additions Copyright (C) Copyright 2015-2020 Espressif Systems (Shanghai) PTE LTD, Apache 2.0 License. + * SPDX-FileCopyrightText: 2006-2016 ARM Limited, All Rights Reserved * + * SPDX-License-Identifier: Apache-2.0 * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-FileContributor: 2015-2021 Espressif Systems (Shanghai) CO LTD */ /* This is mbedtls boilerplate for library configuration */ -#include "mbedtls/config.h" +#include "mbedtls/mbedtls_config.h" /* System Includes*/ #include @@ -146,7 +136,7 @@ static int atca_ecdsa_test(void) #endif ESP_LOGI(TAG, " Generating ECDSA Signature..."); - ret = mbedtls_pk_sign(&pkey, MBEDTLS_MD_SHA256, hash, 0, buf, &olen, + ret = mbedtls_pk_sign(&pkey, MBEDTLS_MD_SHA256, hash, 0, buf, MBEDTLS_MPI_MAX_SIZE, &olen, mbedtls_ctr_drbg_random, &ctr_drbg); if (ret != 0) { ESP_LOGI(TAG, " failed ! mbedtls_pk_sign returned -0x%04x", -ret); diff --git a/examples/protocols/https_mbedtls/main/https_mbedtls_example_main.c b/examples/protocols/https_mbedtls/main/https_mbedtls_example_main.c index c28c1b31e84..a04cb516911 100644 --- a/examples/protocols/https_mbedtls/main/https_mbedtls_example_main.c +++ b/examples/protocols/https_mbedtls/main/https_mbedtls_example_main.c @@ -5,21 +5,11 @@ * * Adapted from the ssl_client1 example in mbedtls. * - * Original Copyright (C) 2006-2016, ARM Limited, All Rights Reserved, Apache 2.0 License. - * Additions Copyright (C) Copyright 2015-2016 Espressif Systems (Shanghai) PTE LTD, Apache 2.0 License. + * SPDX-FileCopyrightText: The Mbed TLS Contributors * + * SPDX-License-Identifier: Apache-2.0 * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-FileContributor: 2015-2021 Espressif Systems (Shanghai) CO LTD */ #include #include @@ -46,7 +36,6 @@ #include "mbedtls/entropy.h" #include "mbedtls/ctr_drbg.h" #include "mbedtls/error.h" -#include "mbedtls/certs.h" #include "esp_crt_bundle.h" diff --git a/examples/protocols/https_server/simple/example_test.py b/examples/protocols/https_server/simple/example_test.py index b1590420330..53bcc7e7e75 100644 --- a/examples/protocols/https_server/simple/example_test.py +++ b/examples/protocols/https_server/simple/example_test.py @@ -1,6 +1,6 @@ #!/usr/bin/env python # -# SPDX-FileCopyrightText: 2021 Espressif Systems (Shanghai) CO LTD +# SPDX-FileCopyrightText: 2021-2022 Espressif Systems (Shanghai) CO LTD # SPDX-License-Identifier: Apache-2.0 import http.client @@ -121,7 +121,7 @@ def test_examples_protocol_https_server_simple(env, extra_data): # type: (tiny_ CLIENT_CERT_FILE = 'client_cert.pem' CLIENT_KEY_FILE = 'client_key.pem' - ssl_context = ssl.SSLContext(ssl.PROTOCOL_TLSv1) + ssl_context = ssl.SSLContext(ssl.PROTOCOL_TLSv1_2) ssl_context.verify_mode = ssl.CERT_REQUIRED ssl_context.check_hostname = False ssl_context.load_verify_locations(cadata=server_cert_pem) diff --git a/examples/protocols/smtp_client/main/smtp_client_example_main.c b/examples/protocols/smtp_client/main/smtp_client_example_main.c index 52f090405f4..96dc69486d9 100644 --- a/examples/protocols/smtp_client/main/smtp_client_example_main.c +++ b/examples/protocols/smtp_client/main/smtp_client_example_main.c @@ -1,25 +1,14 @@ -/** +/* * SMTP email client * * Adapted from the `ssl_mail_client` example in mbedtls. * - * Original Copyright (C) 2006-2016, ARM Limited, All Rights Reserved, Apache 2.0 License. - * Additions Copyright (C) Copyright 2015-2020 Espressif Systems (Shanghai) PTE LTD, Apache 2.0 License. - * + * SPDX-FileCopyrightText: The Mbed TLS Contributors * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at + * SPDX-License-Identifier: Apache-2.0 * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * SPDX-FileContributor: 2015-2021 Espressif Systems (Shanghai) CO LTD */ - #include #include #include "freertos/FreeRTOS.h" @@ -37,7 +26,6 @@ #include "mbedtls/entropy.h" #include "mbedtls/ctr_drbg.h" #include "mbedtls/error.h" -#include "mbedtls/certs.h" #include #include diff --git a/examples/storage/spiffsgen/main/spiffsgen_example_main.c b/examples/storage/spiffsgen/main/spiffsgen_example_main.c index bff8c860306..c5efb039b62 100644 --- a/examples/storage/spiffsgen/main/spiffsgen_example_main.c +++ b/examples/storage/spiffsgen/main/spiffsgen_example_main.c @@ -1,12 +1,9 @@ /* SPIFFS Image Generation on Build Example - - This example code is in the Public Domain (or CC0 licensed, at your option.) - - Unless required by applicable law or agreed to in writing, this - software is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR - CONDITIONS OF ANY KIND, either express or implied. -*/ - + * + * SPDX-FileCopyrightText: 2015-2021 Espressif Systems (Shanghai) CO LTD + * + * SPDX-License-Identifier: Unlicense or CC0-1.0 + */ #include #include #include @@ -57,16 +54,16 @@ static void compute_alice_txt_md5(void) unsigned char digest[MD5_MAX_LEN]; mbedtls_md5_init(&ctx); - mbedtls_md5_starts_ret(&ctx); + mbedtls_md5_starts(&ctx); size_t read; do { read = fread((void*) buf, 1, sizeof(buf), f); - mbedtls_md5_update_ret(&ctx, (unsigned const char*) buf, read); + mbedtls_md5_update(&ctx, (unsigned const char*) buf, read); } while(read == sizeof(buf)); - mbedtls_md5_finish_ret(&ctx, digest); + mbedtls_md5_finish(&ctx, digest); // Create a string of the digest char digest_str[MD5_MAX_LEN * 2]; diff --git a/tools/ci/check_build_warnings.py b/tools/ci/check_build_warnings.py index 73538ebda9e..4936acb989e 100755 --- a/tools/ci/check_build_warnings.py +++ b/tools/ci/check_build_warnings.py @@ -25,6 +25,7 @@ r'library/error\.o', r'/.*error\S*\.o', r'.*error.*\.c\.obj', + r'.*error.*\.c', r'.*error.*\.cpp\.obj', r'.*error.*\.cxx\.obj', r'.*error.*\.cc\.obj', diff --git a/tools/ci/check_copyright_config.yaml b/tools/ci/check_copyright_config.yaml index 250b9a60359..2b252d3d1a5 100644 --- a/tools/ci/check_copyright_config.yaml +++ b/tools/ci/check_copyright_config.yaml @@ -75,6 +75,13 @@ lwip_component: - BSD-3-Clause license_for_new_files: Apache-2.0 +asio_component: + include: + - 'components/asio/port/**' + allowed_licenses: + - Apache-2.0 + - BSL-1.0 + freertos_component: include: - 'components/freertos/**' diff --git a/tools/ci/check_copyright_ignore.txt b/tools/ci/check_copyright_ignore.txt index 35f0c391fea..dabe0eb7c47 100644 --- a/tools/ci/check_copyright_ignore.txt +++ b/tools/ci/check_copyright_ignore.txt @@ -773,7 +773,6 @@ components/espcoredump/include_core_dump/esp_core_dump_types.h components/espcoredump/include_core_dump/port/riscv/esp_core_dump_port_impl.h components/espcoredump/include_core_dump/port/xtensa/esp_core_dump_port_impl.h components/espcoredump/src/core_dump_binary.c -components/espcoredump/src/core_dump_checksum.c components/espcoredump/src/core_dump_flash.c components/espcoredump/src/core_dump_uart.c components/espcoredump/src/port/riscv/core_dump_port.c @@ -1084,8 +1083,6 @@ components/lwip/test_afl_host/test_dhcp_client.c components/lwip/test_afl_host/test_dhcp_server.c components/lwip/test_afl_host/test_dns.c components/lwip/weekend_test/net_suite_test.py -components/mbedtls/esp_crt_bundle/esp_crt_bundle.c -components/mbedtls/esp_crt_bundle/gen_crt_bundle.py components/mbedtls/esp_crt_bundle/include/esp_crt_bundle.h components/mbedtls/esp_crt_bundle/test_gen_crt_bundle/test_gen_crt_bundle.py components/mbedtls/port/aes/block/esp_aes.c @@ -1093,21 +1090,8 @@ components/mbedtls/port/aes/dma/esp_aes.c components/mbedtls/port/aes/dma/esp_aes_crypto_dma_impl.c components/mbedtls/port/aes/dma/esp_aes_gdma_impl.c components/mbedtls/port/aes/dma/include/esp_aes_dma_priv.h -components/mbedtls/port/aes/esp_aes_common.c -components/mbedtls/port/aes/esp_aes_gcm.c components/mbedtls/port/aes/esp_aes_xts.c -components/mbedtls/port/esp32/bignum.c -components/mbedtls/port/esp32c2/bignum.c -components/mbedtls/port/esp32c3/bignum.c -components/mbedtls/port/esp32h2/bignum.c -components/mbedtls/port/esp32s2/bignum.c -components/mbedtls/port/esp32s3/bignum.c -components/mbedtls/port/esp_bignum.c -components/mbedtls/port/esp_hardware.c -components/mbedtls/port/esp_mem.c -components/mbedtls/port/esp_timing.c components/mbedtls/port/include/aes/esp_aes.h -components/mbedtls/port/include/aes/esp_aes_gcm.h components/mbedtls/port/include/aes/esp_aes_internal.h components/mbedtls/port/include/aes_alt.h components/mbedtls/port/include/bignum_impl.h @@ -1116,44 +1100,20 @@ components/mbedtls/port/include/esp32/sha.h components/mbedtls/port/include/esp32s2/aes.h components/mbedtls/port/include/esp32s2/gcm.h components/mbedtls/port/include/esp32s2/sha.h -components/mbedtls/port/include/esp_crypto_shared_gdma.h -components/mbedtls/port/include/esp_ds/esp_rsa_sign_alt.h -components/mbedtls/port/include/esp_mem.h -components/mbedtls/port/include/gcm_alt.h -components/mbedtls/port/include/mbedtls/esp_config.h components/mbedtls/port/include/mbedtls/esp_debug.h -components/mbedtls/port/include/md/esp_md.h -components/mbedtls/port/include/md5_alt.h -components/mbedtls/port/include/rsa_sign_alt.h components/mbedtls/port/include/sha/sha_dma.h components/mbedtls/port/include/sha/sha_parallel_engine.h components/mbedtls/port/include/sha1_alt.h components/mbedtls/port/include/sha256_alt.h components/mbedtls/port/include/sha512_alt.h -components/mbedtls/port/mbedtls_debug.c -components/mbedtls/port/net_sockets.c -components/mbedtls/port/sha/dma/esp_sha1.c -components/mbedtls/port/sha/dma/esp_sha256.c -components/mbedtls/port/sha/dma/esp_sha512.c -components/mbedtls/port/sha/dma/esp_sha_crypto_dma_impl.c -components/mbedtls/port/sha/dma/esp_sha_gdma_impl.c components/mbedtls/port/sha/dma/include/esp_sha_dma_priv.h components/mbedtls/port/sha/dma/sha.c -components/mbedtls/port/sha/parallel_engine/esp_sha1.c -components/mbedtls/port/sha/parallel_engine/esp_sha256.c -components/mbedtls/port/sha/parallel_engine/esp_sha512.c components/mbedtls/port/sha/parallel_engine/sha.c components/mbedtls/test/test_aes.c -components/mbedtls/test/test_aes_gcm.c components/mbedtls/test/test_aes_perf.c -components/mbedtls/test/test_aes_sha_parallel.c components/mbedtls/test/test_apb_dport_access.c components/mbedtls/test/test_apb_dport_access.h -components/mbedtls/test/test_ecp.c -components/mbedtls/test/test_esp_crt_bundle.c components/mbedtls/test/test_mbedtls.c -components/mbedtls/test/test_mbedtls_mpi.c -components/mbedtls/test/test_rsa.c components/mdns/host_test/components/esp_event_mock/esp_event_mock.c components/mdns/host_test/components/esp_event_mock/include/esp_event.h components/mdns/host_test/components/esp_event_mock/include/esp_event_base.h @@ -1295,7 +1255,6 @@ components/protocomm/python/session_pb2.py components/protocomm/src/common/protocomm.c components/protocomm/src/common/protocomm_priv.h components/protocomm/src/security/security0.c -components/protocomm/test/test_protocomm.c components/pthread/pthread_cond_var.c components/pthread/pthread_internal.h components/pthread/pthread_local_storage.c @@ -2048,7 +2007,6 @@ components/wpa_supplicant/src/wps/wps_enrollee.c components/wpa_supplicant/src/wps/wps_i.h components/wpa_supplicant/src/wps/wps_registrar.c components/wpa_supplicant/src/wps/wps_validate.c -components/wpa_supplicant/test/test_crypto.c components/wpa_supplicant/test/test_dpp.c components/xtensa/eri.c components/xtensa/esp32/include/xtensa/config/core-isa.h @@ -2286,7 +2244,6 @@ examples/peripherals/rmt/musical_buzzer/main/musical_buzzer_example_main.c examples/peripherals/sdio/host/main/app_main.c examples/peripherals/sdio/sdio_test.py examples/peripherals/sdio/slave/main/app_main.c -examples/peripherals/secure_element/atecc608_ecdsa/main/ecdsa_example_main.c examples/peripherals/sigmadelta/main/sigmadelta_example_main.c examples/peripherals/spi_master/hd_eeprom/components/eeprom/spi_eeprom.c examples/peripherals/spi_master/hd_eeprom/components/eeprom/spi_eeprom.h @@ -2373,9 +2330,7 @@ examples/protocols/http_server/restful_server/main/rest_server.c examples/protocols/http_server/simple/http_server_simple_test.py examples/protocols/http_server/simple/main/main.c examples/protocols/http_server/ws_echo_server/main/ws_echo_server.c -examples/protocols/https_mbedtls/main/https_mbedtls_example_main.c examples/protocols/https_request/example_test.py -examples/protocols/https_request/main/https_request_example_main.c examples/protocols/https_server/simple/main/main.c examples/protocols/https_server/wss_server/main/keep_alive.c examples/protocols/https_server/wss_server/main/keep_alive.h @@ -2399,7 +2354,6 @@ examples/protocols/mqtt/wss/main/app_main.c examples/protocols/mqtt/wss/mqtt_wss_example_test.py examples/protocols/slip/slip_udp/components/slip_modem/include/slip_modem.h examples/protocols/slip/slip_udp/main/slip_client_main.c -examples/protocols/smtp_client/main/smtp_client_example_main.c examples/protocols/sntp/example_test.py examples/protocols/sntp/main/sntp_example_main.c examples/protocols/sockets/non_blocking/example_test.py diff --git a/tools/ci/check_public_headers_exceptions.txt b/tools/ci/check_public_headers_exceptions.txt index 814201df58e..9c48c156ce6 100644 --- a/tools/ci/check_public_headers_exceptions.txt +++ b/tools/ci/check_public_headers_exceptions.txt @@ -45,9 +45,10 @@ components/wpa_supplicant/include/ components/wpa_supplicant/port/ components/wpa_supplicant/esp_supplicant/include/ +components/mbedtls/mbedtls/ components/mbedtls/port/include/ -components/mbedtls/mbedtls/include/mbedtls/ -components/mbedtls/mbedtls/include/psa/ +components/mbedtls/port/dynamic/esp_mbedtls_dynamic_impl.h +components/mbedtls/test/ components/esp-tls/private_include/ diff --git a/tools/unit-test-app/components/test_utils/memory_checks.c b/tools/unit-test-app/components/test_utils/memory_checks.c index f126ea9c12e..f845eab5caa 100644 --- a/tools/unit-test-app/components/test_utils/memory_checks.c +++ b/tools/unit-test-app/components/test_utils/memory_checks.c @@ -8,6 +8,9 @@ #include "esp_heap_caps.h" #include "unity.h" #include "memory_checks.h" +#ifdef CONFIG_HEAP_TRACING +#include "esp_heap_trace.h" +#endif static size_t before_free_8bit; static size_t before_free_32bit;