Squashed 'lib/mbedtls/external/mbedtls/' content from commit 2ca6c285a0dd
git-subtree-dir: lib/mbedtls/external/mbedtls
git-subtree-split: 2ca6c285a0dd3f33982dd57299012dacab1ff206
diff --git a/programs/.gitignore b/programs/.gitignore
new file mode 100644
index 0000000..2ad0390
--- /dev/null
+++ b/programs/.gitignore
@@ -0,0 +1,83 @@
+# Ignore makefiles generated by CMake, but not the makefile that's checked in.
+*/Makefile
+!fuzz/Makefile
+
+*.sln
+*.vcxproj
+
+aes/crypt_and_hash
+cipher/cipher_aead_demo
+hash/generic_sum
+hash/hello
+hash/md_hmac_demo
+hash/md5sum
+hash/sha1sum
+hash/sha2sum
+pkey/dh_client
+pkey/dh_genprime
+pkey/dh_server
+pkey/ecdh_curve25519
+pkey/ecdsa
+pkey/gen_key
+pkey/key_app
+pkey/key_app_writer
+pkey/mpi_demo
+pkey/pk_decrypt
+pkey/pk_encrypt
+pkey/pk_sign
+pkey/pk_verify
+pkey/rsa_decrypt
+pkey/rsa_encrypt
+pkey/rsa_genkey
+pkey/rsa_sign
+pkey/rsa_sign_pss
+pkey/rsa_verify
+pkey/rsa_verify_pss
+psa/aead_demo
+psa/crypto_examples
+psa/hmac_demo
+psa/key_ladder_demo
+psa/psa_constant_names
+psa/psa_hash
+random/gen_entropy
+random/gen_random_ctr_drbg
+ssl/dtls_client
+ssl/dtls_server
+ssl/mini_client
+ssl/ssl_client1
+ssl/ssl_client2
+ssl/ssl_context_info
+ssl/ssl_fork_server
+ssl/ssl_mail_client
+ssl/ssl_pthread_server
+ssl/ssl_server
+ssl/ssl_server2
+test/benchmark
+test/cpp_dummy_build
+test/cpp_dummy_build.cpp
+test/dlopen
+test/ecp-bench
+test/metatest
+test/query_compile_time_config
+test/query_included_headers
+test/selftest
+test/ssl_cert_test
+test/udp_proxy
+test/zeroize
+util/pem2der
+util/strerror
+x509/cert_app
+x509/cert_req
+x509/cert_write
+x509/crl_app
+x509/load_roots
+x509/req_app
+
+####START_COMMENTED_GENERATED_FILES###
+## Generated source files
+#/psa/psa_constant_names_generated.c
+#/test/query_config.c
+#
+## Generated data files
+#pkey/keyfile.key
+####END_COMMENTED_GENERATED_FILES###
diff --git a/programs/CMakeLists.txt b/programs/CMakeLists.txt
new file mode 100644
index 0000000..0633aa6
--- /dev/null
+++ b/programs/CMakeLists.txt
@@ -0,0 +1,13 @@
+add_subdirectory(aes)
+add_subdirectory(cipher)
+if (NOT WIN32)
+ add_subdirectory(fuzz)
+endif()
+add_subdirectory(hash)
+add_subdirectory(pkey)
+add_subdirectory(psa)
+add_subdirectory(random)
+add_subdirectory(ssl)
+add_subdirectory(test)
+add_subdirectory(util)
+add_subdirectory(x509)
diff --git a/programs/Makefile b/programs/Makefile
new file mode 100644
index 0000000..8d1da6d
--- /dev/null
+++ b/programs/Makefile
@@ -0,0 +1,431 @@
+MBEDTLS_TEST_PATH = ../tests
+include ../scripts/common.make
+
+ifeq ($(shell uname -s),Linux)
+DLOPEN_LDFLAGS ?= -ldl
+else
+DLOPEN_LDFLAGS ?=
+endif
+
+ifdef RECORD_PSA_STATUS_COVERAGE_LOG
+LOCAL_CFLAGS += -Werror -DRECORD_PSA_STATUS_COVERAGE_LOG
+endif
+DEP=${MBEDLIBS} ${MBEDTLS_TEST_OBJS}
+
+# Only build the dlopen test in shared library builds, and not when building
+# for Windows.
+ifdef BUILD_DLOPEN
+# Don't override the value
+else ifdef WINDOWS_BUILD
+BUILD_DLOPEN =
+else ifdef SHARED
+BUILD_DLOPEN = y
+else
+BUILD_DLOPEN =
+endif
+
+## The following assignment is the list of base names of applications that
+## will be built on Windows. Extra Linux/Unix/POSIX-only applications can
+## be declared by appending with `APPS += ...` afterwards.
+## See the get_app_list function in scripts/generate_visualc_files.pl and
+## make sure to check that it still works if you tweak the format here.
+APPS = \
+ aes/crypt_and_hash \
+ cipher/cipher_aead_demo \
+ hash/generic_sum \
+ hash/hello \
+ hash/md_hmac_demo \
+ pkey/dh_client \
+ pkey/dh_genprime \
+ pkey/dh_server \
+ pkey/ecdh_curve25519 \
+ pkey/ecdsa \
+ pkey/gen_key \
+ pkey/key_app \
+ pkey/key_app_writer \
+ pkey/mpi_demo \
+ pkey/pk_decrypt \
+ pkey/pk_encrypt \
+ pkey/pk_sign \
+ pkey/pk_verify \
+ pkey/rsa_decrypt \
+ pkey/rsa_encrypt \
+ pkey/rsa_genkey \
+ pkey/rsa_sign \
+ pkey/rsa_sign_pss \
+ pkey/rsa_verify \
+ pkey/rsa_verify_pss \
+ psa/aead_demo \
+ psa/crypto_examples \
+ psa/hmac_demo \
+ psa/key_ladder_demo \
+ psa/psa_constant_names \
+ psa/psa_hash \
+ random/gen_entropy \
+ random/gen_random_ctr_drbg \
+ ssl/dtls_client \
+ ssl/dtls_server \
+ ssl/mini_client \
+ ssl/ssl_client1 \
+ ssl/ssl_client2 \
+ ssl/ssl_context_info \
+ ssl/ssl_fork_server \
+ ssl/ssl_mail_client \
+ ssl/ssl_server \
+ ssl/ssl_server2 \
+ test/benchmark \
+ test/metatest \
+ test/query_compile_time_config \
+ test/query_included_headers \
+ test/selftest \
+ test/udp_proxy \
+ test/zeroize \
+ util/pem2der \
+ util/strerror \
+ x509/cert_app \
+ x509/cert_req \
+ x509/cert_write \
+ x509/crl_app \
+ x509/load_roots \
+ x509/req_app \
+# End of APPS
+
+ifeq ($(THREADING),pthread)
+APPS += ssl/ssl_pthread_server
+endif
+
+ifdef BUILD_DLOPEN
+APPS += test/dlopen
+endif
+
+ifdef TEST_CPP
+APPS += test/cpp_dummy_build
+endif
+
+EXES = $(patsubst %,%$(EXEXT),$(APPS))
+
+.SILENT:
+
+.PHONY: all clean list fuzz
+
+all: $(EXES)
+ifndef WINDOWS
+# APPS doesn't include the fuzzing programs, which aren't "normal"
+# sample or test programs, and don't build with MSVC which is
+# warning about fopen
+all: fuzz
+endif
+
+fuzz: ${MBEDTLS_TEST_OBJS}
+ $(MAKE) -C fuzz
+
+${MBEDTLS_TEST_OBJS}:
+ $(MAKE) -C ../tests mbedtls_test
+
+.PHONY: generated_files
+GENERATED_FILES = psa/psa_constant_names_generated.c test/query_config.c
+generated_files: $(GENERATED_FILES)
+
+psa/psa_constant_names_generated.c: $(gen_file_dep) ../scripts/generate_psa_constants.py
+psa/psa_constant_names_generated.c: $(gen_file_dep) ../include/psa/crypto_values.h
+psa/psa_constant_names_generated.c: $(gen_file_dep) ../include/psa/crypto_extra.h
+psa/psa_constant_names_generated.c: $(gen_file_dep) ../tests/suites/test_suite_psa_crypto_metadata.data
+psa/psa_constant_names_generated.c:
+ echo " Gen $@"
+ $(PYTHON) ../scripts/generate_psa_constants.py
+
+test/query_config.c: $(gen_file_dep) ../scripts/generate_query_config.pl
+## The generated file only depends on the options that are present in mbedtls_config.h,
+## not on which options are set. To avoid regenerating this file all the time
+## when switching between configurations, don't declare mbedtls_config.h as a
+## dependency. Remove this file from your working tree if you've just added or
+## removed an option in mbedtls_config.h.
+#test/query_config.c: $(gen_file_dep) ../include/mbedtls/mbedtls_config.h
+test/query_config.c: $(gen_file_dep) ../scripts/data_files/query_config.fmt
+test/query_config.c:
+ echo " Gen $@"
+ $(PERL) ../scripts/generate_query_config.pl
+
+aes/crypt_and_hash$(EXEXT): aes/crypt_and_hash.c $(DEP)
+ echo " CC aes/crypt_and_hash.c"
+ $(CC) $(LOCAL_CFLAGS) $(CFLAGS) aes/crypt_and_hash.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
+
+cipher/cipher_aead_demo$(EXEXT): cipher/cipher_aead_demo.c $(DEP)
+ echo " CC cipher/cipher_aead_demo.c"
+ $(CC) $(LOCAL_CFLAGS) $(CFLAGS) cipher/cipher_aead_demo.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
+
+hash/generic_sum$(EXEXT): hash/generic_sum.c $(DEP)
+ echo " CC hash/generic_sum.c"
+ $(CC) $(LOCAL_CFLAGS) $(CFLAGS) hash/generic_sum.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
+
+hash/hello$(EXEXT): hash/hello.c $(DEP)
+ echo " CC hash/hello.c"
+ $(CC) $(LOCAL_CFLAGS) $(CFLAGS) hash/hello.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
+
+hash/md_hmac_demo$(EXEXT): hash/md_hmac_demo.c $(DEP)
+ echo " CC hash/md_hmac_demo.c"
+ $(CC) $(LOCAL_CFLAGS) $(CFLAGS) hash/md_hmac_demo.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
+
+pkey/dh_client$(EXEXT): pkey/dh_client.c $(DEP)
+ echo " CC pkey/dh_client.c"
+ $(CC) $(LOCAL_CFLAGS) $(CFLAGS) pkey/dh_client.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
+
+pkey/dh_genprime$(EXEXT): pkey/dh_genprime.c $(DEP)
+ echo " CC pkey/dh_genprime.c"
+ $(CC) $(LOCAL_CFLAGS) $(CFLAGS) pkey/dh_genprime.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
+
+pkey/dh_server$(EXEXT): pkey/dh_server.c $(DEP)
+ echo " CC pkey/dh_server.c"
+ $(CC) $(LOCAL_CFLAGS) $(CFLAGS) pkey/dh_server.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
+
+pkey/ecdh_curve25519$(EXEXT): pkey/ecdh_curve25519.c $(DEP)
+ echo " CC pkey/ecdh_curve25519.c"
+ $(CC) $(LOCAL_CFLAGS) $(CFLAGS) pkey/ecdh_curve25519.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
+
+pkey/ecdsa$(EXEXT): pkey/ecdsa.c $(DEP)
+ echo " CC pkey/ecdsa.c"
+ $(CC) $(LOCAL_CFLAGS) $(CFLAGS) pkey/ecdsa.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
+
+pkey/gen_key$(EXEXT): pkey/gen_key.c $(DEP)
+ echo " CC pkey/gen_key.c"
+ $(CC) $(LOCAL_CFLAGS) $(CFLAGS) pkey/gen_key.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
+
+pkey/key_app$(EXEXT): pkey/key_app.c $(DEP)
+ echo " CC pkey/key_app.c"
+ $(CC) $(LOCAL_CFLAGS) $(CFLAGS) pkey/key_app.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
+
+pkey/key_app_writer$(EXEXT): pkey/key_app_writer.c $(DEP)
+ echo " CC pkey/key_app_writer.c"
+ $(CC) $(LOCAL_CFLAGS) $(CFLAGS) pkey/key_app_writer.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
+
+pkey/mpi_demo$(EXEXT): pkey/mpi_demo.c $(DEP)
+ echo " CC pkey/mpi_demo.c"
+ $(CC) $(LOCAL_CFLAGS) $(CFLAGS) pkey/mpi_demo.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
+
+pkey/pk_decrypt$(EXEXT): pkey/pk_decrypt.c $(DEP)
+ echo " CC pkey/pk_decrypt.c"
+ $(CC) $(LOCAL_CFLAGS) $(CFLAGS) pkey/pk_decrypt.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
+
+pkey/pk_encrypt$(EXEXT): pkey/pk_encrypt.c $(DEP)
+ echo " CC pkey/pk_encrypt.c"
+ $(CC) $(LOCAL_CFLAGS) $(CFLAGS) pkey/pk_encrypt.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
+
+pkey/pk_sign$(EXEXT): pkey/pk_sign.c $(DEP)
+ echo " CC pkey/pk_sign.c"
+ $(CC) $(LOCAL_CFLAGS) $(CFLAGS) pkey/pk_sign.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
+
+pkey/pk_verify$(EXEXT): pkey/pk_verify.c $(DEP)
+ echo " CC pkey/pk_verify.c"
+ $(CC) $(LOCAL_CFLAGS) $(CFLAGS) pkey/pk_verify.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
+
+pkey/rsa_genkey$(EXEXT): pkey/rsa_genkey.c $(DEP)
+ echo " CC pkey/rsa_genkey.c"
+ $(CC) $(LOCAL_CFLAGS) $(CFLAGS) pkey/rsa_genkey.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
+
+pkey/rsa_sign$(EXEXT): pkey/rsa_sign.c $(DEP)
+ echo " CC pkey/rsa_sign.c"
+ $(CC) $(LOCAL_CFLAGS) $(CFLAGS) pkey/rsa_sign.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
+
+pkey/rsa_verify$(EXEXT): pkey/rsa_verify.c $(DEP)
+ echo " CC pkey/rsa_verify.c"
+ $(CC) $(LOCAL_CFLAGS) $(CFLAGS) pkey/rsa_verify.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
+
+pkey/rsa_sign_pss$(EXEXT): pkey/rsa_sign_pss.c $(DEP)
+ echo " CC pkey/rsa_sign_pss.c"
+ $(CC) $(LOCAL_CFLAGS) $(CFLAGS) pkey/rsa_sign_pss.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
+
+pkey/rsa_verify_pss$(EXEXT): pkey/rsa_verify_pss.c $(DEP)
+ echo " CC pkey/rsa_verify_pss.c"
+ $(CC) $(LOCAL_CFLAGS) $(CFLAGS) pkey/rsa_verify_pss.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
+
+pkey/rsa_decrypt$(EXEXT): pkey/rsa_decrypt.c $(DEP)
+ echo " CC pkey/rsa_decrypt.c"
+ $(CC) $(LOCAL_CFLAGS) $(CFLAGS) pkey/rsa_decrypt.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
+
+pkey/rsa_encrypt$(EXEXT): pkey/rsa_encrypt.c $(DEP)
+ echo " CC pkey/rsa_encrypt.c"
+ $(CC) $(LOCAL_CFLAGS) $(CFLAGS) pkey/rsa_encrypt.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
+
+psa/aead_demo$(EXEXT): psa/aead_demo.c $(DEP)
+ echo " CC psa/aead_demo.c"
+ $(CC) $(LOCAL_CFLAGS) $(CFLAGS) psa/aead_demo.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
+
+psa/crypto_examples$(EXEXT): psa/crypto_examples.c $(DEP)
+ echo " CC psa/crypto_examples.c"
+ $(CC) $(LOCAL_CFLAGS) $(CFLAGS) psa/crypto_examples.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
+
+psa/hmac_demo$(EXEXT): psa/hmac_demo.c $(DEP)
+ echo " CC psa/hmac_demo.c"
+ $(CC) $(LOCAL_CFLAGS) $(CFLAGS) psa/hmac_demo.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
+
+psa/key_ladder_demo$(EXEXT): psa/key_ladder_demo.c $(DEP)
+ echo " CC psa/key_ladder_demo.c"
+ $(CC) $(LOCAL_CFLAGS) $(CFLAGS) psa/key_ladder_demo.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
+
+psa/psa_constant_names$(EXEXT): psa/psa_constant_names.c psa/psa_constant_names_generated.c $(DEP)
+ echo " CC psa/psa_constant_names.c"
+ $(CC) $(LOCAL_CFLAGS) $(CFLAGS) psa/psa_constant_names.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
+
+psa/psa_hash$(EXEXT): psa/psa_hash.c $(DEP)
+ echo " CC psa/psa_hash.c"
+ $(CC) $(LOCAL_CFLAGS) $(CFLAGS) psa/psa_hash.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
+
+random/gen_entropy$(EXEXT): random/gen_entropy.c $(DEP)
+ echo " CC random/gen_entropy.c"
+ $(CC) $(LOCAL_CFLAGS) $(CFLAGS) random/gen_entropy.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
+
+random/gen_random_ctr_drbg$(EXEXT): random/gen_random_ctr_drbg.c $(DEP)
+ echo " CC random/gen_random_ctr_drbg.c"
+ $(CC) $(LOCAL_CFLAGS) $(CFLAGS) random/gen_random_ctr_drbg.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
+
+ssl/dtls_client$(EXEXT): ssl/dtls_client.c $(DEP)
+ echo " CC ssl/dtls_client.c"
+ $(CC) $(LOCAL_CFLAGS) $(CFLAGS) ssl/dtls_client.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
+
+ssl/dtls_server$(EXEXT): ssl/dtls_server.c $(DEP)
+ echo " CC ssl/dtls_server.c"
+ $(CC) $(LOCAL_CFLAGS) $(CFLAGS) ssl/dtls_server.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
+
+ssl/ssl_client1$(EXEXT): ssl/ssl_client1.c $(DEP)
+ echo " CC ssl/ssl_client1.c"
+ $(CC) $(LOCAL_CFLAGS) $(CFLAGS) ssl/ssl_client1.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
+
+SSL_TEST_OBJECTS = test/query_config.o ssl/ssl_test_lib.o
+SSL_TEST_DEPS = $(SSL_TEST_OBJECTS) \
+ test/query_config.h \
+ ssl/ssl_test_lib.h \
+ ssl/ssl_test_common_source.c \
+ $(DEP)
+
+ssl/ssl_test_lib.o: ssl/ssl_test_lib.c ssl/ssl_test_lib.h $(DEP)
+ echo " CC ssl/ssl_test_lib.c"
+ $(CC) $(LOCAL_CFLAGS) $(CFLAGS) -c ssl/ssl_test_lib.c -o $@
+
+ssl/ssl_client2$(EXEXT): ssl/ssl_client2.c $(SSL_TEST_DEPS)
+ echo " CC ssl/ssl_client2.c"
+ $(CC) $(LOCAL_CFLAGS) $(CFLAGS) ssl/ssl_client2.c $(SSL_TEST_OBJECTS) $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
+
+ssl/ssl_server$(EXEXT): ssl/ssl_server.c $(DEP)
+ echo " CC ssl/ssl_server.c"
+ $(CC) $(LOCAL_CFLAGS) $(CFLAGS) ssl/ssl_server.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
+
+ssl/ssl_server2$(EXEXT): ssl/ssl_server2.c $(SSL_TEST_DEPS)
+ echo " CC ssl/ssl_server2.c"
+ $(CC) $(LOCAL_CFLAGS) $(CFLAGS) ssl/ssl_server2.c $(SSL_TEST_OBJECTS) $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
+
+ssl/ssl_context_info$(EXEXT): ssl/ssl_context_info.c test/query_config.o test/query_config.h $(DEP)
+ echo " CC ssl/ssl_context_info.c"
+ $(CC) $(LOCAL_CFLAGS) $(CFLAGS) ssl/ssl_context_info.c test/query_config.o $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
+
+ssl/ssl_fork_server$(EXEXT): ssl/ssl_fork_server.c $(DEP)
+ echo " CC ssl/ssl_fork_server.c"
+ $(CC) $(LOCAL_CFLAGS) $(CFLAGS) ssl/ssl_fork_server.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
+
+ssl/ssl_pthread_server$(EXEXT): ssl/ssl_pthread_server.c $(DEP)
+ echo " CC ssl/ssl_pthread_server.c"
+ $(CC) $(LOCAL_CFLAGS) $(CFLAGS) ssl/ssl_pthread_server.c $(LOCAL_LDFLAGS) -lpthread $(LDFLAGS) -o $@
+
+ssl/ssl_mail_client$(EXEXT): ssl/ssl_mail_client.c $(DEP)
+ echo " CC ssl/ssl_mail_client.c"
+ $(CC) $(LOCAL_CFLAGS) $(CFLAGS) ssl/ssl_mail_client.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
+
+ssl/mini_client$(EXEXT): ssl/mini_client.c $(DEP)
+ echo " CC ssl/mini_client.c"
+ $(CC) $(LOCAL_CFLAGS) $(CFLAGS) ssl/mini_client.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
+
+test/benchmark$(EXEXT): test/benchmark.c $(DEP)
+ echo " CC test/benchmark.c"
+ $(CC) $(LOCAL_CFLAGS) $(CFLAGS) test/benchmark.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
+
+test/cpp_dummy_build.cpp: test/generate_cpp_dummy_build.sh
+ echo " Gen test/cpp_dummy_build.cpp"
+ test/generate_cpp_dummy_build.sh
+
+test/cpp_dummy_build$(EXEXT): test/cpp_dummy_build.cpp $(DEP)
+ echo " CXX test/cpp_dummy_build.cpp"
+ $(CXX) $(LOCAL_CXXFLAGS) $(CXXFLAGS) test/cpp_dummy_build.cpp $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
+
+ifdef BUILD_DLOPEN
+test/dlopen$(EXEXT): test/dlopen.c $(DEP)
+ echo " CC test/dlopen.c"
+# Do not link any test objects (that would bring in a static dependency on
+# libmbedcrypto at least). Do not link with libmbed* (that would defeat the
+# purpose of testing dynamic loading).
+ $(CC) $(LOCAL_CFLAGS) $(CFLAGS) test/dlopen.c $(LDFLAGS) $(DLOPEN_LDFLAGS) -o $@
+endif
+
+test/metatest$(EXEXT): test/metatest.c $(DEP)
+ echo " CC test/metatest.c"
+ $(CC) $(LOCAL_CFLAGS) $(CFLAGS) -I ../library test/metatest.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
+
+test/query_config.o: test/query_config.c test/query_config.h $(DEP)
+ echo " CC test/query_config.c"
+ $(CC) $(LOCAL_CFLAGS) $(CFLAGS) -c test/query_config.c -o $@
+
+test/query_included_headers$(EXEXT): test/query_included_headers.c $(DEP)
+ echo " CC test/query_included_headers.c"
+ $(CC) $(LOCAL_CFLAGS) $(CFLAGS) test/query_included_headers.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
+
+test/selftest$(EXEXT): test/selftest.c $(DEP)
+ echo " CC test/selftest.c"
+ $(CC) $(LOCAL_CFLAGS) $(CFLAGS) test/selftest.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
+
+test/udp_proxy$(EXEXT): test/udp_proxy.c $(DEP)
+ echo " CC test/udp_proxy.c"
+ $(CC) $(LOCAL_CFLAGS) $(CFLAGS) test/udp_proxy.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
+
+test/zeroize$(EXEXT): test/zeroize.c $(DEP)
+ echo " CC test/zeroize.c"
+ $(CC) $(LOCAL_CFLAGS) $(CFLAGS) test/zeroize.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
+
+test/query_compile_time_config$(EXEXT): test/query_compile_time_config.c test/query_config.o test/query_config.h $(DEP)
+ echo " CC test/query_compile_time_config.c"
+ $(CC) $(LOCAL_CFLAGS) $(CFLAGS) test/query_compile_time_config.c test/query_config.o $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
+
+util/pem2der$(EXEXT): util/pem2der.c $(DEP)
+ echo " CC util/pem2der.c"
+ $(CC) $(LOCAL_CFLAGS) $(CFLAGS) util/pem2der.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
+
+util/strerror$(EXEXT): util/strerror.c $(DEP)
+ echo " CC util/strerror.c"
+ $(CC) $(LOCAL_CFLAGS) $(CFLAGS) util/strerror.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
+
+x509/cert_app$(EXEXT): x509/cert_app.c $(DEP)
+ echo " CC x509/cert_app.c"
+ $(CC) $(LOCAL_CFLAGS) $(CFLAGS) x509/cert_app.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
+
+x509/cert_write$(EXEXT): x509/cert_write.c $(DEP)
+ echo " CC x509/cert_write.c"
+ $(CC) $(LOCAL_CFLAGS) $(CFLAGS) x509/cert_write.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
+
+x509/crl_app$(EXEXT): x509/crl_app.c $(DEP)
+ echo " CC x509/crl_app.c"
+ $(CC) $(LOCAL_CFLAGS) $(CFLAGS) x509/crl_app.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
+
+x509/cert_req$(EXEXT): x509/cert_req.c $(DEP)
+ echo " CC x509/cert_req.c"
+ $(CC) $(LOCAL_CFLAGS) $(CFLAGS) x509/cert_req.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
+
+x509/load_roots$(EXEXT): x509/load_roots.c $(DEP)
+ echo " CC x509/load_roots.c"
+ $(CC) $(LOCAL_CFLAGS) $(CFLAGS) x509/load_roots.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
+
+x509/req_app$(EXEXT): x509/req_app.c $(DEP)
+ echo " CC x509/req_app.c"
+ $(CC) $(LOCAL_CFLAGS) $(CFLAGS) x509/req_app.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
+
+clean:
+ifndef WINDOWS
+ rm -f $(EXES)
+ -rm -f ssl/ssl_pthread_server$(EXEXT)
+ -rm -f test/cpp_dummy_build.cpp test/cpp_dummy_build$(EXEXT)
+ -rm -f test/dlopen$(EXEXT)
+else
+ if exist *.o del /Q /F *.o
+ if exist *.exe del /Q /F *.exe
+ if exist test\cpp_dummy_build.cpp del /Q /F test\cpp_dummy_build.cpp
+endif
+ $(MAKE) -C fuzz clean
+
+list:
+ echo $(EXES)
diff --git a/programs/README.md b/programs/README.md
new file mode 100644
index 0000000..f53bde5
--- /dev/null
+++ b/programs/README.md
@@ -0,0 +1,118 @@
+Mbed TLS sample programs
+========================
+
+This subdirectory mostly contains sample programs that illustrate specific features of the library, as well as a few test and support programs.
+
+## Symmetric cryptography (AES) examples
+
+* [`aes/crypt_and_hash.c`](aes/crypt_and_hash.c): file encryption and authentication, demonstrating the generic cipher interface and the generic hash interface.
+
+## Hash (digest) examples
+
+* [`hash/generic_sum.c`](hash/generic_sum.c): file hash calculator and verifier, demonstrating the message digest (`md`) interface.
+
+* [`hash/hello.c`](hash/hello.c): hello-world program for MD5.
+
+## Public-key cryptography examples
+
+### Generic public-key cryptography (`pk`) examples
+
+* [`pkey/gen_key.c`](pkey/gen_key.c): generates a key for any of the supported public-key algorithms (RSA or ECC) and writes it to a file that can be used by the other pk sample programs.
+
+* [`pkey/key_app.c`](pkey/key_app.c): loads a PEM or DER public key or private key file and dumps its content.
+
+* [`pkey/key_app_writer.c`](pkey/key_app_writer.c): loads a PEM or DER public key or private key file and writes it to a new PEM or DER file.
+
+* [`pkey/pk_encrypt.c`](pkey/pk_encrypt.c), [`pkey/pk_decrypt.c`](pkey/pk_decrypt.c): loads a PEM or DER public/private key file and uses the key to encrypt/decrypt a short string through the generic public-key interface.
+
+* [`pkey/pk_sign.c`](pkey/pk_sign.c), [`pkey/pk_verify.c`](pkey/pk_verify.c): loads a PEM or DER private/public key file and uses the key to sign/verify a short string.
+
+### ECDSA and RSA signature examples
+
+* [`pkey/ecdsa.c`](pkey/ecdsa.c): generates an ECDSA key, signs a fixed message and verifies the signature.
+
+* [`pkey/rsa_encrypt.c`](pkey/rsa_encrypt.c), [`pkey/rsa_decrypt.c`](pkey/rsa_decrypt.c): loads an RSA public/private key and uses it to encrypt/decrypt a short string through the low-level RSA interface.
+
+* [`pkey/rsa_genkey.c`](pkey/rsa_genkey.c): generates an RSA key and writes it to a file that can be used with the other RSA sample programs.
+
+* [`pkey/rsa_sign.c`](pkey/rsa_sign.c), [`pkey/rsa_verify.c`](pkey/rsa_verify.c): loads an RSA private/public key and uses it to sign/verify a short string with the RSA PKCS#1 v1.5 algorithm.
+
+* [`pkey/rsa_sign_pss.c`](pkey/rsa_sign_pss.c), [`pkey/rsa_verify_pss.c`](pkey/rsa_verify_pss.c): loads an RSA private/public key and uses it to sign/verify a short string with the RSASSA-PSS algorithm.
+
+### Diffie-Hellman key exchange examples
+
+* [`pkey/dh_client.c`](pkey/dh_client.c), [`pkey/dh_server.c`](pkey/dh_server.c): secure channel demonstrators (client, server). This pair of programs illustrates how to set up a secure channel using RSA for authentication and Diffie-Hellman to generate a shared AES session key.
+
+* [`pkey/ecdh_curve25519.c`](pkey/ecdh_curve25519.c): demonstration of a elliptic curve Diffie-Hellman (ECDH) key agreement.
+
+### Bignum (`mpi`) usage examples
+
+* [`pkey/dh_genprime.c`](pkey/dh_genprime.c): shows how to use the bignum (`mpi`) interface to generate Diffie-Hellman parameters.
+
+* [`pkey/mpi_demo.c`](pkey/mpi_demo.c): demonstrates operations on big integers.
+
+## Random number generator (RNG) examples
+
+* [`random/gen_entropy.c`](random/gen_entropy.c): shows how to use the default entropy sources to generate random data.
+ Note: most applications should only use the entropy generator to seed a cryptographic pseudorandom generator, as illustrated by `random/gen_random_ctr_drbg.c`.
+
+* [`random/gen_random_ctr_drbg.c`](random/gen_random_ctr_drbg.c): shows how to use the default entropy sources to seed a pseudorandom generator, and how to use the resulting random generator to generate random data.
+
+## SSL/TLS examples
+
+### SSL/TLS sample applications
+
+* [`ssl/dtls_client.c`](ssl/dtls_client.c): a simple DTLS client program, which sends one datagram to the server and reads one datagram in response.
+
+* [`ssl/dtls_server.c`](ssl/dtls_server.c): a simple DTLS server program, which expects one datagram from the client and writes one datagram in response. This program supports DTLS cookies for hello verification.
+
+* [`ssl/mini_client.c`](ssl/mini_client.c): a minimalistic SSL client, which sends a short string and disconnects. This is primarily intended as a benchmark; for a better example of a typical TLS client, see `ssl/ssl_client1.c`.
+
+* [`ssl/ssl_client1.c`](ssl/ssl_client1.c): a simple HTTPS client that sends a fixed request and displays the response.
+
+* [`ssl/ssl_fork_server.c`](ssl/ssl_fork_server.c): a simple HTTPS server using one process per client to send a fixed response. This program requires a Unix/POSIX environment implementing the `fork` system call.
+
+* [`ssl/ssl_mail_client.c`](ssl/ssl_mail_client.c): a simple SMTP-over-TLS or SMTP-STARTTLS client. This client sends an email with fixed content.
+
+* [`ssl/ssl_pthread_server.c`](ssl/ssl_pthread_server.c): a simple HTTPS server using one thread per client to send a fixed response. This program requires the pthread library.
+
+* [`ssl/ssl_server.c`](ssl/ssl_server.c): a simple HTTPS server that sends a fixed response. It serves a single client at a time.
+
+### SSL/TLS feature demonstrators
+
+Note: unlike most of the other programs under the `programs/` directory, these two programs are not intended as a basis for writing an application. They combine most of the features supported by the library, and most applications require only a few features. To write a new application, we recommended that you start with `ssl_client1.c` or `ssl_server.c`, and then look inside `ssl/ssl_client2.c` or `ssl/ssl_server2.c` to see how to use the specific features that your application needs.
+
+* [`ssl/ssl_client2.c`](ssl/ssl_client2.c): an HTTPS client that sends a fixed request and displays the response, with options to select TLS protocol features and Mbed TLS library features.
+
+* [`ssl/ssl_server2.c`](ssl/ssl_server2.c): an HTTPS server that sends a fixed response, with options to select TLS protocol features and Mbed TLS library features.
+
+In addition to providing options for testing client-side features, the `ssl_client2` program has options that allow you to trigger certain behaviors in the server. For example, there are options to select ciphersuites, or to force a renegotiation. These options are useful for testing the corresponding features in a TLS server. Likewise, `ssl_server2` has options to activate certain behaviors that are useful for testing a TLS client.
+
+## Test utilities
+
+* [`test/benchmark.c`](test/benchmark.c): benchmark for cryptographic algorithms.
+
+* [`test/selftest.c`](test/selftest.c): runs the self-test function in each library module.
+
+* [`test/udp_proxy.c`](test/udp_proxy.c): a UDP proxy that can inject certain failures (delay, duplicate, drop). Useful for testing DTLS.
+
+* [`test/zeroize.c`](test/zeroize.c): a test program for `mbedtls_platform_zeroize`, used by [`tests/scripts/test_zeroize.gdb`](tests/scripts/test_zeroize.gdb).
+
+## Development utilities
+
+* [`util/pem2der.c`](util/pem2der.c): a PEM to DER converter. Mbed TLS can read PEM files directly, but this utility can be useful for interacting with other tools or with minimal Mbed TLS builds that lack PEM support.
+
+* [`util/strerror.c`](util/strerror.c): prints the error description corresponding to an integer status returned by an Mbed TLS function.
+
+## X.509 certificate examples
+
+* [`x509/cert_app.c`](x509/cert_app.c): connects to a TLS server and verifies its certificate chain.
+
+* [`x509/cert_req.c`](x509/cert_req.c): generates a certificate signing request (CSR) for a private key.
+
+* [`x509/cert_write.c`](x509/cert_write.c): signs a certificate signing request, or self-signs a certificate.
+
+* [`x509/crl_app.c`](x509/crl_app.c): loads and dumps a certificate revocation list (CRL).
+
+* [`x509/req_app.c`](x509/req_app.c): loads and dumps a certificate signing request (CSR).
+
diff --git a/programs/aes/CMakeLists.txt b/programs/aes/CMakeLists.txt
new file mode 100644
index 0000000..ccb8db5
--- /dev/null
+++ b/programs/aes/CMakeLists.txt
@@ -0,0 +1,13 @@
+set(executables
+ crypt_and_hash
+)
+
+foreach(exe IN LISTS executables)
+ add_executable(${exe} ${exe}.c $<TARGET_OBJECTS:mbedtls_test>)
+ target_link_libraries(${exe} ${mbedcrypto_target} ${CMAKE_THREAD_LIBS_INIT})
+ target_include_directories(${exe} PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../tests/include)
+endforeach()
+
+install(TARGETS ${executables}
+ DESTINATION "bin"
+ PERMISSIONS OWNER_READ OWNER_WRITE OWNER_EXECUTE GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE)
diff --git a/programs/aes/crypt_and_hash.c b/programs/aes/crypt_and_hash.c
new file mode 100644
index 0000000..b2cd704
--- /dev/null
+++ b/programs/aes/crypt_and_hash.c
@@ -0,0 +1,577 @@
+/*
+ * \brief Generic file encryption program using generic wrappers for configured
+ * security.
+ *
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ */
+
+/* Enable definition of fileno() even when compiling with -std=c99. Must be
+ * set before mbedtls_config.h, which pulls in glibc's features.h indirectly.
+ * Harmless on other platforms. */
+#define _POSIX_C_SOURCE 200112L
+
+#include "mbedtls/build_info.h"
+
+#include "mbedtls/platform.h"
+
+#if defined(MBEDTLS_CIPHER_C) && defined(MBEDTLS_MD_C) && \
+ defined(MBEDTLS_FS_IO)
+#include "mbedtls/cipher.h"
+#include "mbedtls/md.h"
+#include "mbedtls/platform_util.h"
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#endif
+
+#if defined(_WIN32)
+#include <windows.h>
+#if !defined(_WIN32_WCE)
+#include <io.h>
+#endif
+#else
+#include <sys/types.h>
+#include <unistd.h>
+#endif
+
+#define MODE_ENCRYPT 0
+#define MODE_DECRYPT 1
+
+#define USAGE \
+ "\n crypt_and_hash <mode> <input filename> <output filename> <cipher> <mbedtls_md> <key>\n" \
+ "\n <mode>: 0 = encrypt, 1 = decrypt\n" \
+ "\n example: crypt_and_hash 0 file file.aes AES-128-CBC SHA1 hex:E76B2413958B00E193\n" \
+ "\n"
+
+#if !defined(MBEDTLS_CIPHER_C) || !defined(MBEDTLS_MD_C) || \
+ !defined(MBEDTLS_FS_IO)
+int main(void)
+{
+ mbedtls_printf("MBEDTLS_CIPHER_C and/or MBEDTLS_MD_C and/or MBEDTLS_FS_IO not defined.\n");
+ mbedtls_exit(0);
+}
+#else
+
+
+int main(int argc, char *argv[])
+{
+ int ret = 1, i;
+ unsigned n;
+ int exit_code = MBEDTLS_EXIT_FAILURE;
+ int mode;
+ size_t keylen, ilen, olen;
+ FILE *fkey, *fin = NULL, *fout = NULL;
+
+ char *p;
+ unsigned char IV[16];
+ unsigned char key[512];
+ unsigned char digest[MBEDTLS_MD_MAX_SIZE];
+ unsigned char buffer[1024];
+ unsigned char output[1024];
+ unsigned char diff;
+
+ const mbedtls_cipher_info_t *cipher_info;
+ const mbedtls_md_info_t *md_info;
+ mbedtls_cipher_context_t cipher_ctx;
+ mbedtls_md_context_t md_ctx;
+ mbedtls_cipher_mode_t cipher_mode;
+ unsigned int cipher_block_size;
+ unsigned char md_size;
+#if defined(_WIN32_WCE)
+ long filesize, offset;
+#elif defined(_WIN32)
+ LARGE_INTEGER li_size;
+ __int64 filesize, offset;
+#else
+ off_t filesize, offset;
+#endif
+
+ mbedtls_cipher_init(&cipher_ctx);
+ mbedtls_md_init(&md_ctx);
+
+ /*
+ * Parse the command-line arguments.
+ */
+ if (argc != 7) {
+ const int *list;
+
+ mbedtls_printf(USAGE);
+
+ mbedtls_printf("Available ciphers:\n");
+ list = mbedtls_cipher_list();
+ while (*list) {
+ cipher_info = mbedtls_cipher_info_from_type(*list);
+ const char *name = mbedtls_cipher_info_get_name(cipher_info);
+
+ if (name) {
+ mbedtls_printf(" %s\n", mbedtls_cipher_info_get_name(cipher_info));
+ }
+ list++;
+ }
+
+ mbedtls_printf("\nAvailable message digests:\n");
+ list = mbedtls_md_list();
+ while (*list) {
+ md_info = mbedtls_md_info_from_type(*list);
+ mbedtls_printf(" %s\n", mbedtls_md_get_name(md_info));
+ list++;
+ }
+
+ goto exit;
+ }
+
+ mode = atoi(argv[1]);
+
+ if (mode != MODE_ENCRYPT && mode != MODE_DECRYPT) {
+ mbedtls_fprintf(stderr, "invalid operation mode\n");
+ goto exit;
+ }
+
+ if (strcmp(argv[2], argv[3]) == 0) {
+ mbedtls_fprintf(stderr, "input and output filenames must differ\n");
+ goto exit;
+ }
+
+ if ((fin = fopen(argv[2], "rb")) == NULL) {
+ mbedtls_fprintf(stderr, "fopen(%s,rb) failed\n", argv[2]);
+ goto exit;
+ }
+
+ if ((fout = fopen(argv[3], "wb+")) == NULL) {
+ mbedtls_fprintf(stderr, "fopen(%s,wb+) failed\n", argv[3]);
+ goto exit;
+ }
+
+ /* Ensure no stdio buffering of secrets, as such buffers cannot be wiped. */
+ mbedtls_setbuf(fin, NULL);
+ mbedtls_setbuf(fout, NULL);
+
+ /*
+ * Read the Cipher and MD from the command line
+ */
+ cipher_info = mbedtls_cipher_info_from_string(argv[4]);
+ if (cipher_info == NULL) {
+ mbedtls_fprintf(stderr, "Cipher '%s' not found\n", argv[4]);
+ goto exit;
+ }
+ if ((ret = mbedtls_cipher_setup(&cipher_ctx, cipher_info)) != 0) {
+ mbedtls_fprintf(stderr, "mbedtls_cipher_setup failed\n");
+ goto exit;
+ }
+
+ md_info = mbedtls_md_info_from_string(argv[5]);
+ if (md_info == NULL) {
+ mbedtls_fprintf(stderr, "Message Digest '%s' not found\n", argv[5]);
+ goto exit;
+ }
+
+ if (mbedtls_md_setup(&md_ctx, md_info, 1) != 0) {
+ mbedtls_fprintf(stderr, "mbedtls_md_setup failed\n");
+ goto exit;
+ }
+
+ /*
+ * Read the secret key from file or command line
+ */
+ if ((fkey = fopen(argv[6], "rb")) != NULL) {
+ keylen = fread(key, 1, sizeof(key), fkey);
+ fclose(fkey);
+ } else {
+ if (memcmp(argv[6], "hex:", 4) == 0) {
+ p = &argv[6][4];
+ keylen = 0;
+
+ while (sscanf(p, "%02X", (unsigned int *) &n) > 0 &&
+ keylen < (int) sizeof(key)) {
+ key[keylen++] = (unsigned char) n;
+ p += 2;
+ }
+ } else {
+ keylen = strlen(argv[6]);
+
+ if (keylen > (int) sizeof(key)) {
+ keylen = (int) sizeof(key);
+ }
+
+ memcpy(key, argv[6], keylen);
+ }
+ }
+
+#if defined(_WIN32_WCE)
+ filesize = fseek(fin, 0L, SEEK_END);
+#else
+#if defined(_WIN32)
+ /*
+ * Support large files (> 2Gb) on Win32
+ */
+ li_size.QuadPart = 0;
+ li_size.LowPart =
+ SetFilePointer((HANDLE) _get_osfhandle(_fileno(fin)),
+ li_size.LowPart, &li_size.HighPart, FILE_END);
+
+ if (li_size.LowPart == 0xFFFFFFFF && GetLastError() != NO_ERROR) {
+ mbedtls_fprintf(stderr, "SetFilePointer(0,FILE_END) failed\n");
+ goto exit;
+ }
+
+ filesize = li_size.QuadPart;
+#else
+ if ((filesize = lseek(fileno(fin), 0, SEEK_END)) < 0) {
+ perror("lseek");
+ goto exit;
+ }
+#endif
+#endif
+
+ if (fseek(fin, 0, SEEK_SET) < 0) {
+ mbedtls_fprintf(stderr, "fseek(0,SEEK_SET) failed\n");
+ goto exit;
+ }
+
+ md_size = mbedtls_md_get_size(md_info);
+ cipher_block_size = mbedtls_cipher_get_block_size(&cipher_ctx);
+
+ if (mode == MODE_ENCRYPT) {
+ /*
+ * Generate the initialization vector as:
+ * IV = MD( filesize || filename )[0..15]
+ */
+ for (i = 0; i < 8; i++) {
+ buffer[i] = (unsigned char) (filesize >> (i << 3));
+ }
+
+ p = argv[2];
+
+ if (mbedtls_md_starts(&md_ctx) != 0) {
+ mbedtls_fprintf(stderr, "mbedtls_md_starts() returned error\n");
+ goto exit;
+ }
+ if (mbedtls_md_update(&md_ctx, buffer, 8) != 0) {
+ mbedtls_fprintf(stderr, "mbedtls_md_update() returned error\n");
+ goto exit;
+ }
+ if (mbedtls_md_update(&md_ctx, (unsigned char *) p, strlen(p))
+ != 0) {
+ mbedtls_fprintf(stderr, "mbedtls_md_update() returned error\n");
+ goto exit;
+ }
+ if (mbedtls_md_finish(&md_ctx, digest) != 0) {
+ mbedtls_fprintf(stderr, "mbedtls_md_finish() returned error\n");
+ goto exit;
+ }
+
+ memcpy(IV, digest, 16);
+
+ /*
+ * Append the IV at the beginning of the output.
+ */
+ if (fwrite(IV, 1, 16, fout) != 16) {
+ mbedtls_fprintf(stderr, "fwrite(%d bytes) failed\n", 16);
+ goto exit;
+ }
+
+ /*
+ * Hash the IV and the secret key together 8192 times
+ * using the result to setup the AES context and HMAC.
+ */
+ memset(digest, 0, 32);
+ memcpy(digest, IV, 16);
+
+ for (i = 0; i < 8192; i++) {
+ if (mbedtls_md_starts(&md_ctx) != 0) {
+ mbedtls_fprintf(stderr,
+ "mbedtls_md_starts() returned error\n");
+ goto exit;
+ }
+ if (mbedtls_md_update(&md_ctx, digest, 32) != 0) {
+ mbedtls_fprintf(stderr,
+ "mbedtls_md_update() returned error\n");
+ goto exit;
+ }
+ if (mbedtls_md_update(&md_ctx, key, keylen) != 0) {
+ mbedtls_fprintf(stderr,
+ "mbedtls_md_update() returned error\n");
+ goto exit;
+ }
+ if (mbedtls_md_finish(&md_ctx, digest) != 0) {
+ mbedtls_fprintf(stderr,
+ "mbedtls_md_finish() returned error\n");
+ goto exit;
+ }
+
+ }
+
+ if (mbedtls_cipher_setkey(&cipher_ctx,
+ digest,
+ (int) mbedtls_cipher_info_get_key_bitlen(cipher_info),
+ MBEDTLS_ENCRYPT) != 0) {
+ mbedtls_fprintf(stderr, "mbedtls_cipher_setkey() returned error\n");
+ goto exit;
+ }
+ if (mbedtls_cipher_set_iv(&cipher_ctx, IV, 16) != 0) {
+ mbedtls_fprintf(stderr, "mbedtls_cipher_set_iv() returned error\n");
+ goto exit;
+ }
+ if (mbedtls_cipher_reset(&cipher_ctx) != 0) {
+ mbedtls_fprintf(stderr, "mbedtls_cipher_reset() returned error\n");
+ goto exit;
+ }
+
+ if (mbedtls_md_hmac_starts(&md_ctx, digest, 32) != 0) {
+ mbedtls_fprintf(stderr, "mbedtls_md_hmac_starts() returned error\n");
+ goto exit;
+ }
+
+ /*
+ * Encrypt and write the ciphertext.
+ */
+ for (offset = 0; offset < filesize; offset += cipher_block_size) {
+ ilen = ((unsigned int) filesize - offset > cipher_block_size) ?
+ cipher_block_size : (unsigned int) (filesize - offset);
+
+ if (fread(buffer, 1, ilen, fin) != ilen) {
+ mbedtls_fprintf(stderr, "fread(%ld bytes) failed\n", (long) ilen);
+ goto exit;
+ }
+
+ if (mbedtls_cipher_update(&cipher_ctx, buffer, ilen, output, &olen) != 0) {
+ mbedtls_fprintf(stderr, "mbedtls_cipher_update() returned error\n");
+ goto exit;
+ }
+
+ if (mbedtls_md_hmac_update(&md_ctx, output, olen) != 0) {
+ mbedtls_fprintf(stderr, "mbedtls_md_hmac_update() returned error\n");
+ goto exit;
+ }
+
+ if (fwrite(output, 1, olen, fout) != olen) {
+ mbedtls_fprintf(stderr, "fwrite(%ld bytes) failed\n", (long) olen);
+ goto exit;
+ }
+ }
+
+ if (mbedtls_cipher_finish(&cipher_ctx, output, &olen) != 0) {
+ mbedtls_fprintf(stderr, "mbedtls_cipher_finish() returned error\n");
+ goto exit;
+ }
+ if (mbedtls_md_hmac_update(&md_ctx, output, olen) != 0) {
+ mbedtls_fprintf(stderr, "mbedtls_md_hmac_update() returned error\n");
+ goto exit;
+ }
+
+ if (fwrite(output, 1, olen, fout) != olen) {
+ mbedtls_fprintf(stderr, "fwrite(%ld bytes) failed\n", (long) olen);
+ goto exit;
+ }
+
+ /*
+ * Finally write the HMAC.
+ */
+ if (mbedtls_md_hmac_finish(&md_ctx, digest) != 0) {
+ mbedtls_fprintf(stderr, "mbedtls_md_hmac_finish() returned error\n");
+ goto exit;
+ }
+
+ if (fwrite(digest, 1, md_size, fout) != md_size) {
+ mbedtls_fprintf(stderr, "fwrite(%d bytes) failed\n", md_size);
+ goto exit;
+ }
+ }
+
+ if (mode == MODE_DECRYPT) {
+ /*
+ * The encrypted file must be structured as follows:
+ *
+ * 00 .. 15 Initialization Vector
+ * 16 .. 31 Encrypted Block #1
+ * ..
+ * N*16 .. (N+1)*16 - 1 Encrypted Block #N
+ * (N+1)*16 .. (N+1)*16 + n Hash(ciphertext)
+ */
+ if (filesize < 16 + md_size) {
+ mbedtls_fprintf(stderr, "File too short to be encrypted.\n");
+ goto exit;
+ }
+
+ if (cipher_block_size == 0) {
+ mbedtls_fprintf(stderr, "Invalid cipher block size: 0. \n");
+ goto exit;
+ }
+
+ /*
+ * Check the file size.
+ */
+ cipher_mode = mbedtls_cipher_info_get_mode(cipher_info);
+ if (cipher_mode != MBEDTLS_MODE_GCM &&
+ cipher_mode != MBEDTLS_MODE_CTR &&
+ cipher_mode != MBEDTLS_MODE_CFB &&
+ cipher_mode != MBEDTLS_MODE_OFB &&
+ ((filesize - md_size) % cipher_block_size) != 0) {
+ mbedtls_fprintf(stderr, "File content not a multiple of the block size (%u).\n",
+ cipher_block_size);
+ goto exit;
+ }
+
+ /*
+ * Subtract the IV + HMAC length.
+ */
+ filesize -= (16 + md_size);
+
+ /*
+ * Read the IV and original filesize modulo 16.
+ */
+ if (fread(buffer, 1, 16, fin) != 16) {
+ mbedtls_fprintf(stderr, "fread(%d bytes) failed\n", 16);
+ goto exit;
+ }
+
+ memcpy(IV, buffer, 16);
+
+ /*
+ * Hash the IV and the secret key together 8192 times
+ * using the result to setup the AES context and HMAC.
+ */
+ memset(digest, 0, 32);
+ memcpy(digest, IV, 16);
+
+ for (i = 0; i < 8192; i++) {
+ if (mbedtls_md_starts(&md_ctx) != 0) {
+ mbedtls_fprintf(stderr, "mbedtls_md_starts() returned error\n");
+ goto exit;
+ }
+ if (mbedtls_md_update(&md_ctx, digest, 32) != 0) {
+ mbedtls_fprintf(stderr, "mbedtls_md_update() returned error\n");
+ goto exit;
+ }
+ if (mbedtls_md_update(&md_ctx, key, keylen) != 0) {
+ mbedtls_fprintf(stderr, "mbedtls_md_update() returned error\n");
+ goto exit;
+ }
+ if (mbedtls_md_finish(&md_ctx, digest) != 0) {
+ mbedtls_fprintf(stderr, "mbedtls_md_finish() returned error\n");
+ goto exit;
+ }
+ }
+
+ if (mbedtls_cipher_setkey(&cipher_ctx,
+ digest,
+ (int) mbedtls_cipher_info_get_key_bitlen(cipher_info),
+ MBEDTLS_DECRYPT) != 0) {
+ mbedtls_fprintf(stderr, "mbedtls_cipher_setkey() returned error\n");
+ goto exit;
+ }
+
+ if (mbedtls_cipher_set_iv(&cipher_ctx, IV, 16) != 0) {
+ mbedtls_fprintf(stderr, "mbedtls_cipher_set_iv() returned error\n");
+ goto exit;
+ }
+
+ if (mbedtls_cipher_reset(&cipher_ctx) != 0) {
+ mbedtls_fprintf(stderr, "mbedtls_cipher_reset() returned error\n");
+ goto exit;
+ }
+
+ if (mbedtls_md_hmac_starts(&md_ctx, digest, 32) != 0) {
+ mbedtls_fprintf(stderr, "mbedtls_md_hmac_starts() returned error\n");
+ goto exit;
+ }
+
+ /*
+ * Decrypt and write the plaintext.
+ */
+ for (offset = 0; offset < filesize; offset += cipher_block_size) {
+ ilen = ((unsigned int) filesize - offset > cipher_block_size) ?
+ cipher_block_size : (unsigned int) (filesize - offset);
+
+ if (fread(buffer, 1, ilen, fin) != ilen) {
+ mbedtls_fprintf(stderr, "fread(%u bytes) failed\n",
+ cipher_block_size);
+ goto exit;
+ }
+
+ if (mbedtls_md_hmac_update(&md_ctx, buffer, ilen) != 0) {
+ mbedtls_fprintf(stderr, "mbedtls_md_hmac_update() returned error\n");
+ goto exit;
+ }
+ if (mbedtls_cipher_update(&cipher_ctx, buffer, ilen, output,
+ &olen) != 0) {
+ mbedtls_fprintf(stderr, "mbedtls_cipher_update() returned error\n");
+ goto exit;
+ }
+
+ if (fwrite(output, 1, olen, fout) != olen) {
+ mbedtls_fprintf(stderr, "fwrite(%ld bytes) failed\n", (long) olen);
+ goto exit;
+ }
+ }
+
+ /*
+ * Verify the message authentication code.
+ */
+ if (mbedtls_md_hmac_finish(&md_ctx, digest) != 0) {
+ mbedtls_fprintf(stderr, "mbedtls_md_hmac_finish() returned error\n");
+ goto exit;
+ }
+
+ if (fread(buffer, 1, md_size, fin) != md_size) {
+ mbedtls_fprintf(stderr, "fread(%d bytes) failed\n", md_size);
+ goto exit;
+ }
+
+ /* Use constant-time buffer comparison */
+ diff = 0;
+ for (i = 0; i < md_size; i++) {
+ diff |= digest[i] ^ buffer[i];
+ }
+
+ if (diff != 0) {
+ mbedtls_fprintf(stderr, "HMAC check failed: wrong key, "
+ "or file corrupted.\n");
+ goto exit;
+ }
+
+ /*
+ * Write the final block of data
+ */
+ if (mbedtls_cipher_finish(&cipher_ctx, output, &olen) != 0) {
+ mbedtls_fprintf(stderr, "mbedtls_cipher_finish() returned error\n");
+ goto exit;
+ }
+
+ if (fwrite(output, 1, olen, fout) != olen) {
+ mbedtls_fprintf(stderr, "fwrite(%ld bytes) failed\n", (long) olen);
+ goto exit;
+ }
+ }
+
+ exit_code = MBEDTLS_EXIT_SUCCESS;
+
+exit:
+ if (fin) {
+ fclose(fin);
+ }
+ if (fout) {
+ fclose(fout);
+ }
+
+ /* Zeroize all command line arguments to also cover
+ the case when the user has missed or reordered some,
+ in which case the key might not be in argv[6]. */
+ for (i = 0; i < argc; i++) {
+ mbedtls_platform_zeroize(argv[i], strlen(argv[i]));
+ }
+
+ mbedtls_platform_zeroize(IV, sizeof(IV));
+ mbedtls_platform_zeroize(key, sizeof(key));
+ mbedtls_platform_zeroize(buffer, sizeof(buffer));
+ mbedtls_platform_zeroize(output, sizeof(output));
+ mbedtls_platform_zeroize(digest, sizeof(digest));
+
+ mbedtls_cipher_free(&cipher_ctx);
+ mbedtls_md_free(&md_ctx);
+
+ mbedtls_exit(exit_code);
+}
+#endif /* MBEDTLS_CIPHER_C && MBEDTLS_MD_C && MBEDTLS_FS_IO */
diff --git a/programs/cipher/CMakeLists.txt b/programs/cipher/CMakeLists.txt
new file mode 100644
index 0000000..e925524
--- /dev/null
+++ b/programs/cipher/CMakeLists.txt
@@ -0,0 +1,13 @@
+set(executables
+ cipher_aead_demo
+)
+
+foreach(exe IN LISTS executables)
+ add_executable(${exe} ${exe}.c $<TARGET_OBJECTS:mbedtls_test>)
+ target_link_libraries(${exe} ${mbedcrypto_target} ${CMAKE_THREAD_LIBS_INIT})
+ target_include_directories(${exe} PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../tests/include)
+endforeach()
+
+install(TARGETS ${executables}
+ DESTINATION "bin"
+ PERMISSIONS OWNER_READ OWNER_WRITE OWNER_EXECUTE GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE)
diff --git a/programs/cipher/cipher_aead_demo.c b/programs/cipher/cipher_aead_demo.c
new file mode 100644
index 0000000..853ec20
--- /dev/null
+++ b/programs/cipher/cipher_aead_demo.c
@@ -0,0 +1,259 @@
+/**
+ * Cipher API multi-part AEAD demonstration.
+ *
+ * This program AEAD-encrypts a message, using the algorithm and key size
+ * specified on the command line, using the multi-part API.
+ *
+ * It comes with a companion program psa/aead_demo.c, which does the same
+ * operations with the PSA Crypto API. The goal is that comparing the two
+ * programs will help people migrating to the PSA Crypto API.
+ *
+ * When used with multi-part AEAD operations, the `mbedtls_cipher_context`
+ * serves a triple purpose (1) hold the key, (2) store the algorithm when no
+ * operation is active, and (3) save progress information for the current
+ * operation. With PSA those roles are held by disinct objects: (1) a
+ * psa_key_id_t to hold the key, a (2) psa_algorithm_t to represent the
+ * algorithm, and (3) a psa_operation_t for multi-part progress.
+ *
+ * On the other hand, with PSA, the algorithms encodes the desired tag length;
+ * with Cipher the desired tag length needs to be tracked separately.
+ *
+ * This program and its companion psa/aead_demo.c illustrate this by doing the
+ * same sequence of multi-part AEAD computation with both APIs; looking at the
+ * two side by side should make the differences and similarities clear.
+ */
+
+/*
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ */
+
+/* First include Mbed TLS headers to get the Mbed TLS configuration and
+ * platform definitions that we'll use in this program. Also include
+ * standard C headers for functions we'll use here. */
+#include "mbedtls/build_info.h"
+
+#include "mbedtls/cipher.h"
+
+#include <stdlib.h>
+#include <stdio.h>
+#include <string.h>
+
+/* If the build options we need are not enabled, compile a placeholder. */
+#if !defined(MBEDTLS_CIPHER_C) || \
+ !defined(MBEDTLS_AES_C) || !defined(MBEDTLS_GCM_C) || \
+ !defined(MBEDTLS_CHACHAPOLY_C)
+int main(void)
+{
+ printf("MBEDTLS_MD_C and/or "
+ "MBEDTLS_AES_C and/or MBEDTLS_GCM_C and/or "
+ "MBEDTLS_CHACHAPOLY_C not defined\r\n");
+ return 0;
+}
+#else
+
+/* The real program starts here. */
+
+const char usage[] =
+ "Usage: cipher_aead_demo [aes128-gcm|aes256-gcm|aes128-gcm_8|chachapoly]";
+
+/* Dummy data for encryption: IV/nonce, additional data, 2-part message */
+const unsigned char iv1[12] = { 0x00 };
+const unsigned char add_data1[] = { 0x01, 0x02 };
+const unsigned char msg1_part1[] = { 0x03, 0x04 };
+const unsigned char msg1_part2[] = { 0x05, 0x06, 0x07 };
+
+/* Dummy data (2nd message) */
+const unsigned char iv2[12] = { 0x10 };
+const unsigned char add_data2[] = { 0x11, 0x12 };
+const unsigned char msg2_part1[] = { 0x13, 0x14 };
+const unsigned char msg2_part2[] = { 0x15, 0x16, 0x17 };
+
+/* Maximum total size of the messages */
+#define MSG1_SIZE (sizeof(msg1_part1) + sizeof(msg1_part2))
+#define MSG2_SIZE (sizeof(msg2_part1) + sizeof(msg2_part2))
+#define MSG_MAX_SIZE (MSG1_SIZE > MSG2_SIZE ? MSG1_SIZE : MSG2_SIZE)
+
+/* Dummy key material - never do this in production!
+ * 32-byte is enough to all the key size supported by this program. */
+const unsigned char key_bytes[32] = { 0x2a };
+
+/* Print the contents of a buffer in hex */
+void print_buf(const char *title, unsigned char *buf, size_t len)
+{
+ printf("%s:", title);
+ for (size_t i = 0; i < len; i++) {
+ printf(" %02x", buf[i]);
+ }
+ printf("\n");
+}
+
+/* Run an Mbed TLS function and bail out if it fails.
+ * A string description of the error code can be recovered with:
+ * programs/util/strerror <value> */
+#define CHK(expr) \
+ do \
+ { \
+ ret = (expr); \
+ if (ret != 0) \
+ { \
+ printf("Error %d at line %d: %s\n", \
+ ret, \
+ __LINE__, \
+ #expr); \
+ goto exit; \
+ } \
+ } while (0)
+
+/*
+ * Prepare encryption material:
+ * - interpret command-line argument
+ * - set up key
+ * - outputs: context and tag length, which together hold all the information
+ */
+static int aead_prepare(const char *info,
+ mbedtls_cipher_context_t *ctx,
+ size_t *tag_len)
+{
+ int ret;
+
+ /* Convert arg to type + tag_len */
+ mbedtls_cipher_type_t type;
+ if (strcmp(info, "aes128-gcm") == 0) {
+ type = MBEDTLS_CIPHER_AES_128_GCM;
+ *tag_len = 16;
+ } else if (strcmp(info, "aes256-gcm") == 0) {
+ type = MBEDTLS_CIPHER_AES_256_GCM;
+ *tag_len = 16;
+ } else if (strcmp(info, "aes128-gcm_8") == 0) {
+ type = MBEDTLS_CIPHER_AES_128_GCM;
+ *tag_len = 8;
+ } else if (strcmp(info, "chachapoly") == 0) {
+ type = MBEDTLS_CIPHER_CHACHA20_POLY1305;
+ *tag_len = 16;
+ } else {
+ puts(usage);
+ return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA;
+ }
+
+ /* Prepare context for the given type */
+ CHK(mbedtls_cipher_setup(ctx,
+ mbedtls_cipher_info_from_type(type)));
+
+ /* Import key */
+ int key_len = mbedtls_cipher_get_key_bitlen(ctx);
+ CHK(mbedtls_cipher_setkey(ctx, key_bytes, key_len, MBEDTLS_ENCRYPT));
+
+exit:
+ return ret;
+}
+
+/*
+ * Print out some information.
+ *
+ * All of this information was present in the command line argument, but his
+ * function demonstrates how each piece can be recovered from (ctx, tag_len).
+ */
+static void aead_info(const mbedtls_cipher_context_t *ctx, size_t tag_len)
+{
+ mbedtls_cipher_type_t type = mbedtls_cipher_get_type(ctx);
+ const mbedtls_cipher_info_t *info = mbedtls_cipher_info_from_type(type);
+ const char *ciph = mbedtls_cipher_info_get_name(info);
+ int key_bits = mbedtls_cipher_get_key_bitlen(ctx);
+ mbedtls_cipher_mode_t mode = mbedtls_cipher_get_cipher_mode(ctx);
+
+ const char *mode_str = mode == MBEDTLS_MODE_GCM ? "GCM"
+ : mode == MBEDTLS_MODE_CHACHAPOLY ? "ChachaPoly"
+ : "???";
+
+ printf("%s, %d, %s, %u\n",
+ ciph, key_bits, mode_str, (unsigned) tag_len);
+}
+
+/*
+ * Encrypt a 2-part message.
+ */
+static int aead_encrypt(mbedtls_cipher_context_t *ctx, size_t tag_len,
+ const unsigned char *iv, size_t iv_len,
+ const unsigned char *ad, size_t ad_len,
+ const unsigned char *part1, size_t part1_len,
+ const unsigned char *part2, size_t part2_len)
+{
+ int ret;
+ size_t olen;
+#define MAX_TAG_LENGTH 16
+ unsigned char out[MSG_MAX_SIZE + MAX_TAG_LENGTH];
+ unsigned char *p = out;
+
+ CHK(mbedtls_cipher_set_iv(ctx, iv, iv_len));
+ CHK(mbedtls_cipher_reset(ctx));
+ CHK(mbedtls_cipher_update_ad(ctx, ad, ad_len));
+ CHK(mbedtls_cipher_update(ctx, part1, part1_len, p, &olen));
+ p += olen;
+ CHK(mbedtls_cipher_update(ctx, part2, part2_len, p, &olen));
+ p += olen;
+ CHK(mbedtls_cipher_finish(ctx, p, &olen));
+ p += olen;
+ CHK(mbedtls_cipher_write_tag(ctx, p, tag_len));
+ p += tag_len;
+
+ olen = p - out;
+ print_buf("out", out, olen);
+
+exit:
+ return ret;
+}
+
+/*
+ * AEAD demo: set up key/alg, print out info, encrypt messages.
+ */
+static int aead_demo(const char *info)
+{
+ int ret = 0;
+
+ mbedtls_cipher_context_t ctx;
+ size_t tag_len;
+
+ mbedtls_cipher_init(&ctx);
+
+ CHK(aead_prepare(info, &ctx, &tag_len));
+
+ aead_info(&ctx, tag_len);
+
+ CHK(aead_encrypt(&ctx, tag_len,
+ iv1, sizeof(iv1), add_data1, sizeof(add_data1),
+ msg1_part1, sizeof(msg1_part1),
+ msg1_part2, sizeof(msg1_part2)));
+ CHK(aead_encrypt(&ctx, tag_len,
+ iv2, sizeof(iv2), add_data2, sizeof(add_data2),
+ msg2_part1, sizeof(msg2_part1),
+ msg2_part2, sizeof(msg2_part2)));
+
+exit:
+ mbedtls_cipher_free(&ctx);
+
+ return ret;
+}
+
+
+/*
+ * Main function
+ */
+int main(int argc, char **argv)
+{
+ /* Check usage */
+ if (argc != 2) {
+ puts(usage);
+ return 1;
+ }
+
+ int ret;
+
+ /* Run the demo */
+ CHK(aead_demo(argv[1]));
+
+exit:
+ return ret == 0 ? EXIT_SUCCESS : EXIT_FAILURE;
+}
+
+#endif
diff --git a/programs/demo_common.sh b/programs/demo_common.sh
new file mode 100644
index 0000000..d8fcda5
--- /dev/null
+++ b/programs/demo_common.sh
@@ -0,0 +1,137 @@
+## Common shell functions used by demo scripts programs/*/*.sh.
+
+## How to write a demo script
+## ==========================
+##
+## Include this file near the top of each demo script:
+## . "${0%/*}/../demo_common.sh"
+##
+## Start with a "msg" call that explains the purpose of the script.
+## Then call the "depends_on" function to ensure that all config
+## dependencies are met.
+##
+## As the last thing in the script, call the cleanup function.
+##
+## You can use the functions and variables described below.
+
+set -e -u
+
+## $root_dir is the root directory of the Mbed TLS source tree.
+root_dir="${0%/*}"
+# Find a nice path to the root directory, avoiding unnecessary "../".
+# The code supports demo scripts nested up to 4 levels deep.
+# The code works no matter where the demo script is relative to the current
+# directory, even if it is called with a relative path.
+n=4 # limit the search depth
+while ! [ -d "$root_dir/programs" ] || ! [ -d "$root_dir/library" ]; do
+ if [ $n -eq 0 ]; then
+ echo >&2 "This doesn't seem to be an Mbed TLS source tree."
+ exit 125
+ fi
+ n=$((n - 1))
+ case $root_dir in
+ .) root_dir="..";;
+ ..|?*/..) root_dir="$root_dir/..";;
+ ?*/*) root_dir="${root_dir%/*}";;
+ /*) root_dir="/";;
+ *) root_dir=".";;
+ esac
+done
+
+## $programs_dir is the directory containing the sample programs.
+# Assume an in-tree build.
+programs_dir="$root_dir/programs"
+
+## msg LINE...
+## msg <TEXT_ORIGIN
+## Display an informational message.
+msg () {
+ if [ $# -eq 0 ]; then
+ sed 's/^/# /'
+ else
+ for x in "$@"; do
+ echo "# $x"
+ done
+ fi
+}
+
+## run "Message" COMMAND ARGUMENT...
+## Display the message, then run COMMAND with the specified arguments.
+run () {
+ echo
+ echo "# $1"
+ shift
+ echo "+ $*"
+ "$@"
+}
+
+## Like '!', but stop on failure with 'set -e'
+not () {
+ if "$@"; then false; fi
+}
+
+## run_bad "Message" COMMAND ARGUMENT...
+## Like run, but the command is expected to fail.
+run_bad () {
+ echo
+ echo "$1 This must fail."
+ shift
+ echo "+ ! $*"
+ not "$@"
+}
+
+## config_has SYMBOL...
+## Succeeds if the library configuration has all SYMBOLs set.
+config_has () {
+ for x in "$@"; do
+ "$programs_dir/test/query_compile_time_config" "$x"
+ done
+}
+
+## depends_on SYMBOL...
+## Exit if the library configuration does not have all SYMBOLs set.
+depends_on () {
+ m=
+ for x in "$@"; do
+ if ! config_has "$x"; then
+ m="$m $x"
+ fi
+ done
+ if [ -n "$m" ]; then
+ cat >&2 <<EOF
+$0: this demo requires the following
+configuration options to be enabled at compile time:
+ $m
+EOF
+ # Exit with a success status so that this counts as a pass for run_demos.py.
+ exit
+ fi
+}
+
+## Add the names of files to clean up to this whitespace-separated variable.
+## The file names must not contain whitespace characters.
+files_to_clean=
+
+## Call this function at the end of each script.
+## It is called automatically if the script is killed by a signal.
+cleanup () {
+ rm -f -- $files_to_clean
+}
+
+
+
+################################################################
+## End of the public interfaces. Code beyond this point is not
+## meant to be called directly from a demo script.
+
+trap 'cleanup; trap - HUP; kill -HUP $$' HUP
+trap 'cleanup; trap - INT; kill -INT $$' INT
+trap 'cleanup; trap - TERM; kill -TERM $$' TERM
+
+if config_has MBEDTLS_ENTROPY_NV_SEED; then
+ # Create a seedfile that's sufficiently long in all library configurations.
+ # This is necessary for programs that use randomness.
+ # Assume that the name of the seedfile is the default name.
+ files_to_clean="$files_to_clean seedfile"
+ dd if=/dev/urandom of=seedfile ibs=64 obs=64 count=1
+fi
diff --git a/programs/fuzz/.gitignore b/programs/fuzz/.gitignore
new file mode 100644
index 0000000..34e3ed0
--- /dev/null
+++ b/programs/fuzz/.gitignore
@@ -0,0 +1,10 @@
+fuzz_client
+fuzz_dtlsclient
+fuzz_dtlsserver
+fuzz_pkcs7
+fuzz_privkey
+fuzz_pubkey
+fuzz_server
+fuzz_x509crl
+fuzz_x509crt
+fuzz_x509csr
diff --git a/programs/fuzz/CMakeLists.txt b/programs/fuzz/CMakeLists.txt
new file mode 100644
index 0000000..c389029
--- /dev/null
+++ b/programs/fuzz/CMakeLists.txt
@@ -0,0 +1,50 @@
+set(libs
+ ${mbedtls_target}
+ ${CMAKE_THREAD_LIBS_INIT}
+)
+
+find_library(FUZZINGENGINE_LIB FuzzingEngine)
+if(FUZZINGENGINE_LIB)
+ project(fuzz CXX)
+endif()
+
+set(executables_no_common_c
+ fuzz_pubkey
+ fuzz_x509crl
+ fuzz_x509crt
+ fuzz_x509csr
+ fuzz_pkcs7
+)
+
+set(executables_with_common_c
+ fuzz_privkey
+ fuzz_client
+ fuzz_dtlsclient
+ fuzz_dtlsserver
+ fuzz_server
+)
+
+foreach(exe IN LISTS executables_no_common_c executables_with_common_c)
+
+ set(exe_sources ${exe}.c $<TARGET_OBJECTS:mbedtls_test>)
+ if(NOT FUZZINGENGINE_LIB)
+ list(APPEND exe_sources onefile.c)
+ endif()
+
+ # This emulates "if ( ... IN_LIST ... )" which becomes available in CMake 3.3
+ list(FIND executables_with_common_c ${exe} exe_index)
+ if(${exe_index} GREATER -1)
+ list(APPEND exe_sources common.c)
+ endif()
+
+ add_executable(${exe} ${exe_sources})
+ target_include_directories(${exe} PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../tests/include)
+
+ if (NOT FUZZINGENGINE_LIB)
+ target_link_libraries(${exe} ${libs})
+ else()
+ target_link_libraries(${exe} ${libs} FuzzingEngine)
+ SET_TARGET_PROPERTIES(${exe} PROPERTIES LINKER_LANGUAGE CXX)
+ endif()
+
+endforeach()
diff --git a/programs/fuzz/Makefile b/programs/fuzz/Makefile
new file mode 100644
index 0000000..828e518
--- /dev/null
+++ b/programs/fuzz/Makefile
@@ -0,0 +1,48 @@
+MBEDTLS_TEST_PATH:=../../tests
+
+MBEDTLS_PATH := ../..
+include ../../scripts/common.make
+
+DEP=${MBEDLIBS}
+
+ifdef FUZZINGENGINE
+LOCAL_LDFLAGS += -lFuzzingEngine
+endif
+
+# A test application is built for each suites/test_suite_*.data file.
+# Application name is same as .data file's base name and can be
+# constructed by stripping path 'suites/' and extension .data.
+APPS = $(basename $(wildcard fuzz_*.c))
+
+# Construct executable name by adding OS specific suffix $(EXEXT).
+BINARIES := $(addsuffix $(EXEXT),$(APPS))
+
+.SILENT:
+
+.PHONY: all check test clean
+
+all: $(BINARIES)
+
+C_FILES := $(addsuffix .c,$(APPS))
+
+%.o: %.c
+ $(CC) $(LOCAL_CFLAGS) $(CFLAGS) -c $< -o $@
+
+
+ifdef FUZZINGENGINE
+$(BINARIES): %$(EXEXT): %.o common.o $(DEP)
+ echo " $(CC) common.o $< $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@"
+ $(CXX) common.o $< $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
+else
+$(BINARIES): %$(EXEXT): %.o common.o onefile.o $(DEP)
+ echo " $(CC) common.o onefile.o $< $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@"
+ $(CC) common.o onefile.o $< $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
+endif
+
+clean:
+ifndef WINDOWS
+ rm -rf $(BINARIES) *.o
+else
+ if exist *.o del /Q /F *.o
+ if exist *.exe del /Q /F *.exe
+endif
diff --git a/programs/fuzz/README.md b/programs/fuzz/README.md
new file mode 100644
index 0000000..aaef030
--- /dev/null
+++ b/programs/fuzz/README.md
@@ -0,0 +1,68 @@
+What is it?
+------
+
+This directory contains fuzz targets.
+Fuzz targets are simple codes using the library.
+They are used with a so-called fuzz driver, which will generate inputs, try to process them with the fuzz target, and alert in case of an unwanted behavior (such as a buffer overflow for instance).
+
+These targets were meant to be used with oss-fuzz but can be used in other contexts.
+
+This code was contributed by Philippe Antoine ( Catena cyber ).
+
+How to run?
+------
+
+To run the fuzz targets like oss-fuzz:
+```
+git clone https://github.com/google/oss-fuzz
+cd oss-fuzz
+python infra/helper.py build_image mbedtls
+python infra/helper.py build_fuzzers --sanitizer address mbedtls
+python infra/helper.py run_fuzzer mbedtls fuzz_client
+```
+You can use `undefined` sanitizer as well as `address` sanitizer.
+And you can run any of the fuzz targets like `fuzz_client`.
+
+To run the fuzz targets without oss-fuzz, you first need to install one libFuzzingEngine (libFuzzer for instance).
+Then you need to compile the code with the compiler flags of the wished sanitizer.
+```
+perl scripts/config.py set MBEDTLS_PLATFORM_TIME_ALT
+mkdir build
+cd build
+cmake ..
+make
+```
+Finally, you can run the targets like `./test/fuzz/fuzz_client`.
+
+
+Corpus generation for network traffic targets
+------
+
+These targets use network traffic as inputs :
+* client : simulates a client against (fuzzed) server traffic
+* server : simulates a server against (fuzzed) client traffic
+* dtls_client
+* dtls_server
+
+They also use the last bytes as configuration options.
+
+To generate corpus for these targets, you can do the following, not fully automated steps :
+* Build mbedtls programs ssl_server2 and ssl_client2
+* Run them one against the other with `reproducible` option turned on while capturing traffic into test.pcap
+* Extract tcp payloads, for instance with tshark : `tshark -Tfields -e tcp.dstport -e tcp.payload -r test.pcap > test.txt`
+* Run a dummy python script to output either client or server corpus file like `python dummy.py test.txt > test.cor`
+* Finally, you can add the options by appending the last bytes to the file test.cor
+
+Here is an example of dummy.py for extracting payload from client to server (if we used `tcp.dstport` in tshark command)
+```
+import sys
+import binascii
+
+f = open(sys.argv[1])
+for l in f.readlines():
+ portAndPl=l.split()
+ if len(portAndPl) == 2:
+ # determine client or server based on port
+ if portAndPl[0] == "4433":
+ print(binascii.unhexlify(portAndPl[1].replace(":","")))
+```
diff --git a/programs/fuzz/common.c b/programs/fuzz/common.c
new file mode 100644
index 0000000..98aa403
--- /dev/null
+++ b/programs/fuzz/common.c
@@ -0,0 +1,105 @@
+#include "common.h"
+#include <limits.h>
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+#include "mbedtls/ctr_drbg.h"
+
+#if defined(MBEDTLS_PLATFORM_TIME_ALT)
+mbedtls_time_t dummy_constant_time(mbedtls_time_t *time)
+{
+ (void) time;
+ return 0x5af2a056;
+}
+#endif
+
+void dummy_init(void)
+{
+#if defined(MBEDTLS_PLATFORM_TIME_ALT)
+ mbedtls_platform_set_time(dummy_constant_time);
+#else
+ fprintf(stderr, "Warning: fuzzing without constant time\n");
+#endif
+}
+
+int dummy_send(void *ctx, const unsigned char *buf, size_t len)
+{
+ //silence warning about unused parameter
+ (void) ctx;
+ (void) buf;
+
+ //pretends we wrote everything ok
+ if (len > INT_MAX) {
+ return -1;
+ }
+ return (int) len;
+}
+
+int fuzz_recv(void *ctx, unsigned char *buf, size_t len)
+{
+ //reads from the buffer from fuzzer
+ fuzzBufferOffset_t *biomemfuzz = (fuzzBufferOffset_t *) ctx;
+
+ if (biomemfuzz->Offset == biomemfuzz->Size) {
+ //EOF
+ return 0;
+ }
+ if (len > INT_MAX) {
+ return -1;
+ }
+ if (len + biomemfuzz->Offset > biomemfuzz->Size) {
+ //do not overflow
+ len = biomemfuzz->Size - biomemfuzz->Offset;
+ }
+ memcpy(buf, biomemfuzz->Data + biomemfuzz->Offset, len);
+ biomemfuzz->Offset += len;
+ return (int) len;
+}
+
+int dummy_random(void *p_rng, unsigned char *output, size_t output_len)
+{
+ int ret;
+ size_t i;
+
+#if defined(MBEDTLS_CTR_DRBG_C)
+ //mbedtls_ctr_drbg_random requires a valid mbedtls_ctr_drbg_context in p_rng
+ if (p_rng != NULL) {
+ //use mbedtls_ctr_drbg_random to find bugs in it
+ ret = mbedtls_ctr_drbg_random(p_rng, output, output_len);
+ } else {
+ //fall through to pseudo-random
+ ret = 0;
+ }
+#else
+ (void) p_rng;
+ ret = 0;
+#endif
+ for (i = 0; i < output_len; i++) {
+ //replace result with pseudo random
+ output[i] = (unsigned char) rand();
+ }
+ return ret;
+}
+
+int dummy_entropy(void *data, unsigned char *output, size_t len)
+{
+ size_t i;
+ (void) data;
+
+ //use mbedtls_entropy_func to find bugs in it
+ //test performance impact of entropy
+ //ret = mbedtls_entropy_func(data, output, len);
+ for (i = 0; i < len; i++) {
+ //replace result with pseudo random
+ output[i] = (unsigned char) rand();
+ }
+ return 0;
+}
+
+int fuzz_recv_timeout(void *ctx, unsigned char *buf, size_t len,
+ uint32_t timeout)
+{
+ (void) timeout;
+
+ return fuzz_recv(ctx, buf, len);
+}
diff --git a/programs/fuzz/common.h b/programs/fuzz/common.h
new file mode 100644
index 0000000..094383c
--- /dev/null
+++ b/programs/fuzz/common.h
@@ -0,0 +1,25 @@
+#include "mbedtls/build_info.h"
+
+#if defined(MBEDTLS_HAVE_TIME)
+#include "mbedtls/platform_time.h"
+#endif
+#include <stddef.h>
+#include <stdint.h>
+
+typedef struct fuzzBufferOffset {
+ const uint8_t *Data;
+ size_t Size;
+ size_t Offset;
+} fuzzBufferOffset_t;
+
+#if defined(MBEDTLS_HAVE_TIME)
+mbedtls_time_t dummy_constant_time(mbedtls_time_t *time);
+#endif
+void dummy_init(void);
+
+int dummy_send(void *ctx, const unsigned char *buf, size_t len);
+int fuzz_recv(void *ctx, unsigned char *buf, size_t len);
+int dummy_random(void *p_rng, unsigned char *output, size_t output_len);
+int dummy_entropy(void *data, unsigned char *output, size_t len);
+int fuzz_recv_timeout(void *ctx, unsigned char *buf, size_t len,
+ uint32_t timeout);
diff --git a/programs/fuzz/corpuses/client b/programs/fuzz/corpuses/client
new file mode 100644
index 0000000..48d0a67
--- /dev/null
+++ b/programs/fuzz/corpuses/client
Binary files differ
diff --git a/programs/fuzz/corpuses/dtlsclient b/programs/fuzz/corpuses/dtlsclient
new file mode 100644
index 0000000..87c3ca3
--- /dev/null
+++ b/programs/fuzz/corpuses/dtlsclient
Binary files differ
diff --git a/programs/fuzz/corpuses/dtlsserver b/programs/fuzz/corpuses/dtlsserver
new file mode 100644
index 0000000..7a7a117
--- /dev/null
+++ b/programs/fuzz/corpuses/dtlsserver
Binary files differ
diff --git a/programs/fuzz/corpuses/server b/programs/fuzz/corpuses/server
new file mode 100644
index 0000000..fbeb019
--- /dev/null
+++ b/programs/fuzz/corpuses/server
Binary files differ
diff --git a/programs/fuzz/fuzz_client.c b/programs/fuzz/fuzz_client.c
new file mode 100644
index 0000000..07ca96e
--- /dev/null
+++ b/programs/fuzz/fuzz_client.c
@@ -0,0 +1,193 @@
+#include "mbedtls/ssl.h"
+#include "mbedtls/entropy.h"
+#include "mbedtls/ctr_drbg.h"
+#include "test/certs.h"
+#include "common.h"
+#include <string.h>
+#include <stdlib.h>
+#include <stdint.h>
+
+
+#if defined(MBEDTLS_SSL_CLI_C) && \
+ defined(MBEDTLS_ENTROPY_C) && \
+ defined(MBEDTLS_CTR_DRBG_C)
+static int initialized = 0;
+#if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_PEM_PARSE_C)
+static mbedtls_x509_crt cacert;
+#endif
+const char *alpn_list[3];
+
+
+#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
+const unsigned char psk[] = {
+ 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+ 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f
+};
+const char psk_id[] = "Client_identity";
+#endif
+
+const char *pers = "fuzz_client";
+#endif /* MBEDTLS_SSL_CLI_C && MBEDTLS_ENTROPY_C && MBEDTLS_CTR_DRBG_C */
+
+
+int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size)
+{
+#if defined(MBEDTLS_SSL_CLI_C) && \
+ defined(MBEDTLS_ENTROPY_C) && \
+ defined(MBEDTLS_CTR_DRBG_C)
+ int ret;
+ size_t len;
+ mbedtls_ssl_context ssl;
+ mbedtls_ssl_config conf;
+ mbedtls_ctr_drbg_context ctr_drbg;
+ mbedtls_entropy_context entropy;
+ unsigned char buf[4096];
+ fuzzBufferOffset_t biomemfuzz;
+ uint16_t options;
+
+ if (initialized == 0) {
+#if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_PEM_PARSE_C)
+ mbedtls_x509_crt_init(&cacert);
+ if (mbedtls_x509_crt_parse(&cacert, (const unsigned char *) mbedtls_test_cas_pem,
+ mbedtls_test_cas_pem_len) != 0) {
+ return 1;
+ }
+#endif
+
+ alpn_list[0] = "HTTP";
+ alpn_list[1] = "fuzzalpn";
+ alpn_list[2] = NULL;
+
+ dummy_init();
+
+ initialized = 1;
+ }
+
+ //we take 1 byte as options input
+ if (Size < 2) {
+ return 0;
+ }
+ options = (Data[Size - 2] << 8) | Data[Size - 1];
+ //Avoid warnings if compile options imply no options
+ (void) options;
+
+ mbedtls_ssl_init(&ssl);
+ mbedtls_ssl_config_init(&conf);
+ mbedtls_ctr_drbg_init(&ctr_drbg);
+ mbedtls_entropy_init(&entropy);
+
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ psa_status_t status = psa_crypto_init();
+ if (status != PSA_SUCCESS) {
+ goto exit;
+ }
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+
+ if (mbedtls_ctr_drbg_seed(&ctr_drbg, dummy_entropy, &entropy,
+ (const unsigned char *) pers, strlen(pers)) != 0) {
+ goto exit;
+ }
+
+ if (mbedtls_ssl_config_defaults(&conf,
+ MBEDTLS_SSL_IS_CLIENT,
+ MBEDTLS_SSL_TRANSPORT_STREAM,
+ MBEDTLS_SSL_PRESET_DEFAULT) != 0) {
+ goto exit;
+ }
+
+#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
+ if (options & 2) {
+ mbedtls_ssl_conf_psk(&conf, psk, sizeof(psk),
+ (const unsigned char *) psk_id, sizeof(psk_id) - 1);
+ }
+#endif
+
+#if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_PEM_PARSE_C)
+ if (options & 4) {
+ mbedtls_ssl_conf_ca_chain(&conf, &cacert, NULL);
+ mbedtls_ssl_conf_authmode(&conf, MBEDTLS_SSL_VERIFY_REQUIRED);
+ } else
+#endif
+ {
+ mbedtls_ssl_conf_authmode(&conf, MBEDTLS_SSL_VERIFY_NONE);
+ }
+#if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET)
+ mbedtls_ssl_conf_extended_master_secret(&conf,
+ (options &
+ 0x10) ? MBEDTLS_SSL_EXTENDED_MS_DISABLED : MBEDTLS_SSL_EXTENDED_MS_ENABLED);
+#endif
+#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
+ mbedtls_ssl_conf_encrypt_then_mac(&conf,
+ (options &
+ 0x20) ? MBEDTLS_SSL_ETM_DISABLED : MBEDTLS_SSL_ETM_ENABLED);
+#endif
+#if defined(MBEDTLS_SSL_RENEGOTIATION)
+ mbedtls_ssl_conf_renegotiation(&conf,
+ (options &
+ 0x80) ? MBEDTLS_SSL_RENEGOTIATION_ENABLED : MBEDTLS_SSL_RENEGOTIATION_DISABLED);
+#endif
+#if defined(MBEDTLS_SSL_SESSION_TICKETS)
+ mbedtls_ssl_conf_session_tickets(&conf,
+ (options &
+ 0x100) ? MBEDTLS_SSL_SESSION_TICKETS_DISABLED : MBEDTLS_SSL_SESSION_TICKETS_ENABLED);
+#endif
+#if defined(MBEDTLS_SSL_ALPN)
+ if (options & 0x200) {
+ mbedtls_ssl_conf_alpn_protocols(&conf, alpn_list);
+ }
+#endif
+ //There may be other options to add :
+ // mbedtls_ssl_conf_cert_profile, mbedtls_ssl_conf_sig_hashes
+
+ srand(1);
+ mbedtls_ssl_conf_rng(&conf, dummy_random, &ctr_drbg);
+
+ if (mbedtls_ssl_setup(&ssl, &conf) != 0) {
+ goto exit;
+ }
+
+#if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_PEM_PARSE_C)
+ if ((options & 1) == 0) {
+ if (mbedtls_ssl_set_hostname(&ssl, "localhost") != 0) {
+ goto exit;
+ }
+ }
+#endif
+
+ biomemfuzz.Data = Data;
+ biomemfuzz.Size = Size-2;
+ biomemfuzz.Offset = 0;
+ mbedtls_ssl_set_bio(&ssl, &biomemfuzz, dummy_send, fuzz_recv, NULL);
+
+ ret = mbedtls_ssl_handshake(&ssl);
+ if (ret == 0) {
+ //keep reading data from server until the end
+ do {
+ len = sizeof(buf) - 1;
+ ret = mbedtls_ssl_read(&ssl, buf, len);
+
+ if (ret == MBEDTLS_ERR_SSL_WANT_READ) {
+ continue;
+ } else if (ret <= 0) {
+ //EOF or error
+ break;
+ }
+ } while (1);
+ }
+
+exit:
+ mbedtls_entropy_free(&entropy);
+ mbedtls_ctr_drbg_free(&ctr_drbg);
+ mbedtls_ssl_config_free(&conf);
+ mbedtls_ssl_free(&ssl);
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ mbedtls_psa_crypto_free();
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+
+#else
+ (void) Data;
+ (void) Size;
+#endif /* MBEDTLS_SSL_CLI_C && MBEDTLS_ENTROPY_C && MBEDTLS_CTR_DRBG_C */
+
+ return 0;
+}
diff --git a/programs/fuzz/fuzz_client.options b/programs/fuzz/fuzz_client.options
new file mode 100644
index 0000000..4d7340f
--- /dev/null
+++ b/programs/fuzz/fuzz_client.options
@@ -0,0 +1,2 @@
+[libfuzzer]
+max_len = 1048575
diff --git a/programs/fuzz/fuzz_dtlsclient.c b/programs/fuzz/fuzz_dtlsclient.c
new file mode 100644
index 0000000..6581dcb
--- /dev/null
+++ b/programs/fuzz/fuzz_dtlsclient.c
@@ -0,0 +1,136 @@
+#include <string.h>
+#include <stdlib.h>
+#include <stdint.h>
+#include "common.h"
+#include "mbedtls/ssl.h"
+#if defined(MBEDTLS_SSL_PROTO_DTLS)
+#include "mbedtls/entropy.h"
+#include "mbedtls/ctr_drbg.h"
+#include "mbedtls/timing.h"
+#include "test/certs.h"
+
+#if defined(MBEDTLS_SSL_CLI_C) && \
+ defined(MBEDTLS_ENTROPY_C) && \
+ defined(MBEDTLS_CTR_DRBG_C) && \
+ defined(MBEDTLS_TIMING_C)
+static int initialized = 0;
+#if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_PEM_PARSE_C)
+static mbedtls_x509_crt cacert;
+#endif
+
+const char *pers = "fuzz_dtlsclient";
+#endif
+#endif // MBEDTLS_SSL_PROTO_DTLS
+
+
+
+int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size)
+{
+#if defined(MBEDTLS_SSL_PROTO_DTLS) && \
+ defined(MBEDTLS_SSL_CLI_C) && \
+ defined(MBEDTLS_ENTROPY_C) && \
+ defined(MBEDTLS_CTR_DRBG_C) && \
+ defined(MBEDTLS_TIMING_C)
+ int ret;
+ size_t len;
+ mbedtls_ssl_context ssl;
+ mbedtls_ssl_config conf;
+ mbedtls_ctr_drbg_context ctr_drbg;
+ mbedtls_entropy_context entropy;
+ mbedtls_timing_delay_context timer;
+ unsigned char buf[4096];
+ fuzzBufferOffset_t biomemfuzz;
+
+ if (initialized == 0) {
+#if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_PEM_PARSE_C)
+ mbedtls_x509_crt_init(&cacert);
+ if (mbedtls_x509_crt_parse(&cacert, (const unsigned char *) mbedtls_test_cas_pem,
+ mbedtls_test_cas_pem_len) != 0) {
+ return 1;
+ }
+#endif
+ dummy_init();
+
+ initialized = 1;
+ }
+
+ mbedtls_ssl_init(&ssl);
+ mbedtls_ssl_config_init(&conf);
+ mbedtls_ctr_drbg_init(&ctr_drbg);
+ mbedtls_entropy_init(&entropy);
+
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ psa_status_t status = psa_crypto_init();
+ if (status != PSA_SUCCESS) {
+ goto exit;
+ }
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+
+ srand(1);
+ if (mbedtls_ctr_drbg_seed(&ctr_drbg, dummy_entropy, &entropy,
+ (const unsigned char *) pers, strlen(pers)) != 0) {
+ goto exit;
+ }
+
+ if (mbedtls_ssl_config_defaults(&conf,
+ MBEDTLS_SSL_IS_CLIENT,
+ MBEDTLS_SSL_TRANSPORT_DATAGRAM,
+ MBEDTLS_SSL_PRESET_DEFAULT) != 0) {
+ goto exit;
+ }
+
+#if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_PEM_PARSE_C)
+ mbedtls_ssl_conf_ca_chain(&conf, &cacert, NULL);
+#endif
+ mbedtls_ssl_conf_authmode(&conf, MBEDTLS_SSL_VERIFY_NONE);
+ mbedtls_ssl_conf_rng(&conf, dummy_random, &ctr_drbg);
+
+ if (mbedtls_ssl_setup(&ssl, &conf) != 0) {
+ goto exit;
+ }
+
+ mbedtls_ssl_set_timer_cb(&ssl, &timer, mbedtls_timing_set_delay,
+ mbedtls_timing_get_delay);
+
+#if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_PEM_PARSE_C)
+ if (mbedtls_ssl_set_hostname(&ssl, "localhost") != 0) {
+ goto exit;
+ }
+#endif
+
+ biomemfuzz.Data = Data;
+ biomemfuzz.Size = Size;
+ biomemfuzz.Offset = 0;
+ mbedtls_ssl_set_bio(&ssl, &biomemfuzz, dummy_send, fuzz_recv, fuzz_recv_timeout);
+
+ ret = mbedtls_ssl_handshake(&ssl);
+ if (ret == 0) {
+ //keep reading data from server until the end
+ do {
+ len = sizeof(buf) - 1;
+ ret = mbedtls_ssl_read(&ssl, buf, len);
+
+ if (ret == MBEDTLS_ERR_SSL_WANT_READ) {
+ continue;
+ } else if (ret <= 0) {
+ //EOF or error
+ break;
+ }
+ } while (1);
+ }
+
+exit:
+ mbedtls_entropy_free(&entropy);
+ mbedtls_ctr_drbg_free(&ctr_drbg);
+ mbedtls_ssl_config_free(&conf);
+ mbedtls_ssl_free(&ssl);
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ mbedtls_psa_crypto_free();
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+
+#else
+ (void) Data;
+ (void) Size;
+#endif
+ return 0;
+}
diff --git a/programs/fuzz/fuzz_dtlsclient.options b/programs/fuzz/fuzz_dtlsclient.options
new file mode 100644
index 0000000..4d7340f
--- /dev/null
+++ b/programs/fuzz/fuzz_dtlsclient.options
@@ -0,0 +1,2 @@
+[libfuzzer]
+max_len = 1048575
diff --git a/programs/fuzz/fuzz_dtlsserver.c b/programs/fuzz/fuzz_dtlsserver.c
new file mode 100644
index 0000000..fd3e0aa
--- /dev/null
+++ b/programs/fuzz/fuzz_dtlsserver.c
@@ -0,0 +1,181 @@
+#include <string.h>
+#include <stdlib.h>
+#include <stdint.h>
+#include "common.h"
+#include "mbedtls/ssl.h"
+#include "test/certs.h"
+#if defined(MBEDTLS_SSL_PROTO_DTLS)
+#include "mbedtls/entropy.h"
+#include "mbedtls/ctr_drbg.h"
+#include "mbedtls/timing.h"
+#include "mbedtls/ssl_cookie.h"
+
+#if defined(MBEDTLS_SSL_SRV_C) && \
+ defined(MBEDTLS_ENTROPY_C) && \
+ defined(MBEDTLS_CTR_DRBG_C) && \
+ defined(MBEDTLS_TIMING_C) && \
+ (defined(MBEDTLS_MD_CAN_SHA384) || \
+ defined(MBEDTLS_MD_CAN_SHA256))
+const char *pers = "fuzz_dtlsserver";
+const unsigned char client_ip[4] = { 0x7F, 0, 0, 1 };
+static int initialized = 0;
+#if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_PEM_PARSE_C)
+static mbedtls_x509_crt srvcert;
+static mbedtls_pk_context pkey;
+#endif
+#endif
+#endif // MBEDTLS_SSL_PROTO_DTLS
+
+int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size)
+{
+#if defined(MBEDTLS_SSL_PROTO_DTLS) && \
+ defined(MBEDTLS_SSL_SRV_C) && \
+ defined(MBEDTLS_ENTROPY_C) && \
+ defined(MBEDTLS_CTR_DRBG_C) && \
+ defined(MBEDTLS_TIMING_C) && \
+ (defined(MBEDTLS_MD_CAN_SHA384) || \
+ defined(MBEDTLS_MD_CAN_SHA256))
+ int ret;
+ size_t len;
+ mbedtls_ssl_context ssl;
+ mbedtls_ssl_config conf;
+ mbedtls_ctr_drbg_context ctr_drbg;
+ mbedtls_entropy_context entropy;
+ mbedtls_timing_delay_context timer;
+ mbedtls_ssl_cookie_ctx cookie_ctx;
+ unsigned char buf[4096];
+ fuzzBufferOffset_t biomemfuzz;
+
+ mbedtls_ctr_drbg_init(&ctr_drbg);
+ mbedtls_entropy_init(&entropy);
+#if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_PEM_PARSE_C)
+ mbedtls_x509_crt_init(&srvcert);
+ mbedtls_pk_init(&pkey);
+#endif
+ mbedtls_ssl_init(&ssl);
+ mbedtls_ssl_config_init(&conf);
+ mbedtls_ssl_cookie_init(&cookie_ctx);
+
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ psa_status_t status = psa_crypto_init();
+ if (status != PSA_SUCCESS) {
+ goto exit;
+ }
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+
+ if (mbedtls_ctr_drbg_seed(&ctr_drbg, dummy_entropy, &entropy,
+ (const unsigned char *) pers, strlen(pers)) != 0) {
+ goto exit;
+ }
+
+ if (initialized == 0) {
+#if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_PEM_PARSE_C)
+
+ if (mbedtls_x509_crt_parse(&srvcert, (const unsigned char *) mbedtls_test_srv_crt,
+ mbedtls_test_srv_crt_len) != 0) {
+ return 1;
+ }
+ if (mbedtls_x509_crt_parse(&srvcert, (const unsigned char *) mbedtls_test_cas_pem,
+ mbedtls_test_cas_pem_len) != 0) {
+ return 1;
+ }
+ if (mbedtls_pk_parse_key(&pkey, (const unsigned char *) mbedtls_test_srv_key,
+ mbedtls_test_srv_key_len, NULL, 0,
+ dummy_random, &ctr_drbg) != 0) {
+ return 1;
+ }
+#endif
+ dummy_init();
+
+ initialized = 1;
+ }
+
+ if (mbedtls_ssl_config_defaults(&conf,
+ MBEDTLS_SSL_IS_SERVER,
+ MBEDTLS_SSL_TRANSPORT_DATAGRAM,
+ MBEDTLS_SSL_PRESET_DEFAULT) != 0) {
+ goto exit;
+ }
+
+
+ srand(1);
+ mbedtls_ssl_conf_rng(&conf, dummy_random, &ctr_drbg);
+
+#if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_PEM_PARSE_C)
+ mbedtls_ssl_conf_ca_chain(&conf, srvcert.next, NULL);
+ if (mbedtls_ssl_conf_own_cert(&conf, &srvcert, &pkey) != 0) {
+ goto exit;
+ }
+#endif
+
+ if (mbedtls_ssl_cookie_setup(&cookie_ctx, dummy_random, &ctr_drbg) != 0) {
+ goto exit;
+ }
+
+ mbedtls_ssl_conf_dtls_cookies(&conf,
+ mbedtls_ssl_cookie_write,
+ mbedtls_ssl_cookie_check,
+ &cookie_ctx);
+
+ if (mbedtls_ssl_setup(&ssl, &conf) != 0) {
+ goto exit;
+ }
+
+ mbedtls_ssl_set_timer_cb(&ssl, &timer, mbedtls_timing_set_delay,
+ mbedtls_timing_get_delay);
+
+ biomemfuzz.Data = Data;
+ biomemfuzz.Size = Size;
+ biomemfuzz.Offset = 0;
+ mbedtls_ssl_set_bio(&ssl, &biomemfuzz, dummy_send, fuzz_recv, fuzz_recv_timeout);
+ if (mbedtls_ssl_set_client_transport_id(&ssl, client_ip, sizeof(client_ip)) != 0) {
+ goto exit;
+ }
+
+ ret = mbedtls_ssl_handshake(&ssl);
+
+ if (ret == MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED) {
+ biomemfuzz.Offset = ssl.MBEDTLS_PRIVATE(next_record_offset);
+ mbedtls_ssl_session_reset(&ssl);
+ mbedtls_ssl_set_bio(&ssl, &biomemfuzz, dummy_send, fuzz_recv, fuzz_recv_timeout);
+ if (mbedtls_ssl_set_client_transport_id(&ssl, client_ip, sizeof(client_ip)) != 0) {
+ goto exit;
+ }
+
+ ret = mbedtls_ssl_handshake(&ssl);
+
+ if (ret == 0) {
+ //keep reading data from server until the end
+ do {
+ len = sizeof(buf) - 1;
+ ret = mbedtls_ssl_read(&ssl, buf, len);
+ if (ret == MBEDTLS_ERR_SSL_WANT_READ) {
+ continue;
+ } else if (ret <= 0) {
+ //EOF or error
+ break;
+ }
+ } while (1);
+ }
+ }
+
+exit:
+ mbedtls_ssl_cookie_free(&cookie_ctx);
+ mbedtls_entropy_free(&entropy);
+#if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_PEM_PARSE_C)
+ mbedtls_pk_free(&pkey);
+ mbedtls_x509_crt_free(&srvcert);
+#endif
+ mbedtls_ctr_drbg_free(&ctr_drbg);
+ mbedtls_ssl_config_free(&conf);
+ mbedtls_ssl_free(&ssl);
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ mbedtls_psa_crypto_free();
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+
+#else
+ (void) Data;
+ (void) Size;
+#endif
+ return 0;
+}
diff --git a/programs/fuzz/fuzz_dtlsserver.options b/programs/fuzz/fuzz_dtlsserver.options
new file mode 100644
index 0000000..4d7340f
--- /dev/null
+++ b/programs/fuzz/fuzz_dtlsserver.options
@@ -0,0 +1,2 @@
+[libfuzzer]
+max_len = 1048575
diff --git a/programs/fuzz/fuzz_pkcs7.c b/programs/fuzz/fuzz_pkcs7.c
new file mode 100644
index 0000000..2056913
--- /dev/null
+++ b/programs/fuzz/fuzz_pkcs7.c
@@ -0,0 +1,20 @@
+#include <stdint.h>
+#include "mbedtls/pkcs7.h"
+
+int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size)
+{
+#ifdef MBEDTLS_PKCS7_C
+ mbedtls_pkcs7 pkcs7;
+
+ mbedtls_pkcs7_init(&pkcs7);
+
+ mbedtls_pkcs7_parse_der(&pkcs7, Data, Size);
+
+ mbedtls_pkcs7_free(&pkcs7);
+#else
+ (void) Data;
+ (void) Size;
+#endif
+
+ return 0;
+}
diff --git a/programs/fuzz/fuzz_pkcs7.options b/programs/fuzz/fuzz_pkcs7.options
new file mode 100644
index 0000000..0824b19f
--- /dev/null
+++ b/programs/fuzz/fuzz_pkcs7.options
@@ -0,0 +1,2 @@
+[libfuzzer]
+max_len = 65535
diff --git a/programs/fuzz/fuzz_privkey.c b/programs/fuzz/fuzz_privkey.c
new file mode 100644
index 0000000..7530964
--- /dev/null
+++ b/programs/fuzz/fuzz_privkey.c
@@ -0,0 +1,104 @@
+#include <stdint.h>
+#include <stdlib.h>
+#include <string.h>
+#include "mbedtls/pk.h"
+#include "mbedtls/entropy.h"
+#include "mbedtls/ctr_drbg.h"
+#include "common.h"
+
+//4 Kb should be enough for every bug ;-)
+#define MAX_LEN 0x1000
+
+#if defined(MBEDTLS_PK_PARSE_C) && defined(MBEDTLS_CTR_DRBG_C) && defined(MBEDTLS_ENTROPY_C)
+const char *pers = "fuzz_privkey";
+#endif // MBEDTLS_PK_PARSE_C && MBEDTLS_CTR_DRBG_C && MBEDTLS_ENTROPY_C
+
+int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size)
+{
+#if defined(MBEDTLS_PK_PARSE_C) && defined(MBEDTLS_CTR_DRBG_C) && defined(MBEDTLS_ENTROPY_C)
+ int ret;
+ mbedtls_pk_context pk;
+ mbedtls_ctr_drbg_context ctr_drbg;
+ mbedtls_entropy_context entropy;
+
+ if (Size > MAX_LEN) {
+ //only work on small inputs
+ Size = MAX_LEN;
+ }
+
+ mbedtls_ctr_drbg_init(&ctr_drbg);
+ mbedtls_entropy_init(&entropy);
+ mbedtls_pk_init(&pk);
+
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ psa_status_t status = psa_crypto_init();
+ if (status != PSA_SUCCESS) {
+ goto exit;
+ }
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+
+ if (mbedtls_ctr_drbg_seed(&ctr_drbg, dummy_entropy, &entropy,
+ (const unsigned char *) pers, strlen(pers)) != 0) {
+ goto exit;
+ }
+
+ ret = mbedtls_pk_parse_key(&pk, Data, Size, NULL, 0,
+ dummy_random, &ctr_drbg);
+ if (ret == 0) {
+#if defined(MBEDTLS_RSA_C)
+ if (mbedtls_pk_get_type(&pk) == MBEDTLS_PK_RSA) {
+ mbedtls_mpi N, P, Q, D, E, DP, DQ, QP;
+ mbedtls_rsa_context *rsa;
+
+ mbedtls_mpi_init(&N); mbedtls_mpi_init(&P); mbedtls_mpi_init(&Q);
+ mbedtls_mpi_init(&D); mbedtls_mpi_init(&E); mbedtls_mpi_init(&DP);
+ mbedtls_mpi_init(&DQ); mbedtls_mpi_init(&QP);
+
+ rsa = mbedtls_pk_rsa(pk);
+ if (mbedtls_rsa_export(rsa, &N, &P, &Q, &D, &E) != 0) {
+ abort();
+ }
+ if (mbedtls_rsa_export_crt(rsa, &DP, &DQ, &QP) != 0) {
+ abort();
+ }
+
+ mbedtls_mpi_free(&N); mbedtls_mpi_free(&P); mbedtls_mpi_free(&Q);
+ mbedtls_mpi_free(&D); mbedtls_mpi_free(&E); mbedtls_mpi_free(&DP);
+ mbedtls_mpi_free(&DQ); mbedtls_mpi_free(&QP);
+ } else
+#endif
+#if defined(MBEDTLS_ECP_C)
+ if (mbedtls_pk_get_type(&pk) == MBEDTLS_PK_ECKEY ||
+ mbedtls_pk_get_type(&pk) == MBEDTLS_PK_ECKEY_DH) {
+ mbedtls_ecp_keypair *ecp = mbedtls_pk_ec(pk);
+ mbedtls_ecp_group_id grp_id = mbedtls_ecp_keypair_get_group_id(ecp);
+ const mbedtls_ecp_curve_info *curve_info =
+ mbedtls_ecp_curve_info_from_grp_id(grp_id);
+
+ /* If the curve is not supported, the key should not have been
+ * accepted. */
+ if (curve_info == NULL) {
+ abort();
+ }
+ } else
+#endif
+ {
+ /* The key is valid but is not of a supported type.
+ * This should not happen. */
+ abort();
+ }
+ }
+exit:
+ mbedtls_entropy_free(&entropy);
+ mbedtls_ctr_drbg_free(&ctr_drbg);
+ mbedtls_pk_free(&pk);
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ mbedtls_psa_crypto_free();
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+#else
+ (void) Data;
+ (void) Size;
+#endif // MBEDTLS_PK_PARSE_C && MBEDTLS_CTR_DRBG_C && MBEDTLS_ENTROPY_C
+
+ return 0;
+}
diff --git a/programs/fuzz/fuzz_privkey.options b/programs/fuzz/fuzz_privkey.options
new file mode 100644
index 0000000..0824b19f
--- /dev/null
+++ b/programs/fuzz/fuzz_privkey.options
@@ -0,0 +1,2 @@
+[libfuzzer]
+max_len = 65535
diff --git a/programs/fuzz/fuzz_pubkey.c b/programs/fuzz/fuzz_pubkey.c
new file mode 100644
index 0000000..0b153b1
--- /dev/null
+++ b/programs/fuzz/fuzz_pubkey.c
@@ -0,0 +1,90 @@
+#include <stdint.h>
+#include <stdlib.h>
+#include "mbedtls/pk.h"
+
+int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size)
+{
+#ifdef MBEDTLS_PK_PARSE_C
+ int ret;
+ mbedtls_pk_context pk;
+
+ mbedtls_pk_init(&pk);
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ psa_status_t status = psa_crypto_init();
+ if (status != PSA_SUCCESS) {
+ goto exit;
+ }
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+ ret = mbedtls_pk_parse_public_key(&pk, Data, Size);
+ if (ret == 0) {
+#if defined(MBEDTLS_RSA_C)
+ if (mbedtls_pk_get_type(&pk) == MBEDTLS_PK_RSA) {
+ mbedtls_mpi N, P, Q, D, E, DP, DQ, QP;
+ mbedtls_rsa_context *rsa;
+
+ mbedtls_mpi_init(&N); mbedtls_mpi_init(&P); mbedtls_mpi_init(&Q);
+ mbedtls_mpi_init(&D); mbedtls_mpi_init(&E); mbedtls_mpi_init(&DP);
+ mbedtls_mpi_init(&DQ); mbedtls_mpi_init(&QP);
+
+ rsa = mbedtls_pk_rsa(pk);
+ if (mbedtls_rsa_export(rsa, &N, NULL, NULL, NULL, &E) != 0) {
+ abort();
+ }
+ if (mbedtls_rsa_export(rsa, &N, &P, &Q, &D, &E) != MBEDTLS_ERR_RSA_BAD_INPUT_DATA) {
+ abort();
+ }
+ if (mbedtls_rsa_export_crt(rsa, &DP, &DQ, &QP) != MBEDTLS_ERR_RSA_BAD_INPUT_DATA) {
+ abort();
+ }
+
+ mbedtls_mpi_free(&N); mbedtls_mpi_free(&P); mbedtls_mpi_free(&Q);
+ mbedtls_mpi_free(&D); mbedtls_mpi_free(&E); mbedtls_mpi_free(&DP);
+ mbedtls_mpi_free(&DQ); mbedtls_mpi_free(&QP);
+
+ } else
+#endif
+#if defined(MBEDTLS_ECP_C)
+ if (mbedtls_pk_get_type(&pk) == MBEDTLS_PK_ECKEY ||
+ mbedtls_pk_get_type(&pk) == MBEDTLS_PK_ECKEY_DH) {
+ mbedtls_ecp_keypair *ecp = mbedtls_pk_ec(pk);
+ mbedtls_ecp_group_id grp_id = mbedtls_ecp_keypair_get_group_id(ecp);
+ const mbedtls_ecp_curve_info *curve_info =
+ mbedtls_ecp_curve_info_from_grp_id(grp_id);
+
+ /* If the curve is not supported, the key should not have been
+ * accepted. */
+ if (curve_info == NULL) {
+ abort();
+ }
+
+ /* It's a public key, so the private value should not have
+ * been changed from its initialization to 0. */
+ mbedtls_mpi d;
+ mbedtls_mpi_init(&d);
+ if (mbedtls_ecp_export(ecp, NULL, &d, NULL) != 0) {
+ abort();
+ }
+ if (mbedtls_mpi_cmp_int(&d, 0) != 0) {
+ abort();
+ }
+ mbedtls_mpi_free(&d);
+ } else
+#endif
+ {
+ /* The key is valid but is not of a supported type.
+ * This should not happen. */
+ abort();
+ }
+ }
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+exit:
+ mbedtls_psa_crypto_free();
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+ mbedtls_pk_free(&pk);
+#else
+ (void) Data;
+ (void) Size;
+#endif //MBEDTLS_PK_PARSE_C
+
+ return 0;
+}
diff --git a/programs/fuzz/fuzz_pubkey.options b/programs/fuzz/fuzz_pubkey.options
new file mode 100644
index 0000000..0824b19f
--- /dev/null
+++ b/programs/fuzz/fuzz_pubkey.options
@@ -0,0 +1,2 @@
+[libfuzzer]
+max_len = 65535
diff --git a/programs/fuzz/fuzz_server.c b/programs/fuzz/fuzz_server.c
new file mode 100644
index 0000000..64b35ed
--- /dev/null
+++ b/programs/fuzz/fuzz_server.c
@@ -0,0 +1,216 @@
+#include "mbedtls/ssl.h"
+#include "mbedtls/entropy.h"
+#include "mbedtls/ctr_drbg.h"
+#include "mbedtls/ssl_ticket.h"
+#include "test/certs.h"
+#include "common.h"
+#include <string.h>
+#include <stdlib.h>
+#include <stdint.h>
+
+
+#if defined(MBEDTLS_SSL_SRV_C) && \
+ defined(MBEDTLS_ENTROPY_C) && \
+ defined(MBEDTLS_CTR_DRBG_C)
+const char *pers = "fuzz_server";
+static int initialized = 0;
+#if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_PEM_PARSE_C)
+static mbedtls_x509_crt srvcert;
+static mbedtls_pk_context pkey;
+#endif
+const char *alpn_list[3];
+
+#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
+const unsigned char psk[] = {
+ 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+ 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f
+};
+const char psk_id[] = "Client_identity";
+#endif
+#endif // MBEDTLS_SSL_SRV_C && MBEDTLS_ENTROPY_C && MBEDTLS_CTR_DRBG_C
+
+
+int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size)
+{
+#if defined(MBEDTLS_SSL_SRV_C) && \
+ defined(MBEDTLS_ENTROPY_C) && \
+ defined(MBEDTLS_CTR_DRBG_C)
+ int ret;
+ size_t len;
+ mbedtls_ssl_context ssl;
+ mbedtls_ssl_config conf;
+ mbedtls_ctr_drbg_context ctr_drbg;
+ mbedtls_entropy_context entropy;
+#if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_TICKET_C)
+ mbedtls_ssl_ticket_context ticket_ctx;
+#endif
+ unsigned char buf[4096];
+ fuzzBufferOffset_t biomemfuzz;
+ uint8_t options;
+
+ //we take 1 byte as options input
+ if (Size < 1) {
+ return 0;
+ }
+ options = Data[Size - 1];
+
+ mbedtls_ctr_drbg_init(&ctr_drbg);
+ mbedtls_entropy_init(&entropy);
+#if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_PEM_PARSE_C)
+ mbedtls_x509_crt_init(&srvcert);
+ mbedtls_pk_init(&pkey);
+#endif
+ mbedtls_ssl_init(&ssl);
+ mbedtls_ssl_config_init(&conf);
+#if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_TICKET_C)
+ mbedtls_ssl_ticket_init(&ticket_ctx);
+#endif
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ psa_status_t status = psa_crypto_init();
+ if (status != PSA_SUCCESS) {
+ goto exit;
+ }
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+
+ if (mbedtls_ctr_drbg_seed(&ctr_drbg, dummy_entropy, &entropy,
+ (const unsigned char *) pers, strlen(pers)) != 0) {
+ return 1;
+ }
+
+ if (initialized == 0) {
+
+#if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_PEM_PARSE_C)
+ if (mbedtls_x509_crt_parse(&srvcert, (const unsigned char *) mbedtls_test_srv_crt,
+ mbedtls_test_srv_crt_len) != 0) {
+ return 1;
+ }
+ if (mbedtls_x509_crt_parse(&srvcert, (const unsigned char *) mbedtls_test_cas_pem,
+ mbedtls_test_cas_pem_len) != 0) {
+ return 1;
+ }
+ if (mbedtls_pk_parse_key(&pkey, (const unsigned char *) mbedtls_test_srv_key,
+ mbedtls_test_srv_key_len, NULL, 0,
+ dummy_random, &ctr_drbg) != 0) {
+ return 1;
+ }
+#endif
+
+ alpn_list[0] = "HTTP";
+ alpn_list[1] = "fuzzalpn";
+ alpn_list[2] = NULL;
+
+ dummy_init();
+
+ initialized = 1;
+ }
+
+ if (mbedtls_ssl_config_defaults(&conf,
+ MBEDTLS_SSL_IS_SERVER,
+ MBEDTLS_SSL_TRANSPORT_STREAM,
+ MBEDTLS_SSL_PRESET_DEFAULT) != 0) {
+ goto exit;
+ }
+
+ srand(1);
+ mbedtls_ssl_conf_rng(&conf, dummy_random, &ctr_drbg);
+
+#if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_PEM_PARSE_C)
+ mbedtls_ssl_conf_ca_chain(&conf, srvcert.next, NULL);
+ if (mbedtls_ssl_conf_own_cert(&conf, &srvcert, &pkey) != 0) {
+ goto exit;
+ }
+#endif
+
+ mbedtls_ssl_conf_cert_req_ca_list(&conf,
+ (options &
+ 0x1) ? MBEDTLS_SSL_CERT_REQ_CA_LIST_ENABLED : MBEDTLS_SSL_CERT_REQ_CA_LIST_DISABLED);
+#if defined(MBEDTLS_SSL_ALPN)
+ if (options & 0x2) {
+ mbedtls_ssl_conf_alpn_protocols(&conf, alpn_list);
+ }
+#endif
+#if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_TICKET_C)
+ if (options & 0x4) {
+ if (mbedtls_ssl_ticket_setup(&ticket_ctx,
+ dummy_random, &ctr_drbg,
+ MBEDTLS_CIPHER_AES_256_GCM,
+ 86400) != 0) {
+ goto exit;
+ }
+
+ mbedtls_ssl_conf_session_tickets_cb(&conf,
+ mbedtls_ssl_ticket_write,
+ mbedtls_ssl_ticket_parse,
+ &ticket_ctx);
+ }
+#endif
+#if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET)
+ mbedtls_ssl_conf_extended_master_secret(&conf,
+ (options &
+ 0x10) ? MBEDTLS_SSL_EXTENDED_MS_DISABLED : MBEDTLS_SSL_EXTENDED_MS_ENABLED);
+#endif
+#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
+ mbedtls_ssl_conf_encrypt_then_mac(&conf,
+ (options &
+ 0x20) ? MBEDTLS_SSL_ETM_ENABLED : MBEDTLS_SSL_ETM_DISABLED);
+#endif
+#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
+ if (options & 0x40) {
+ mbedtls_ssl_conf_psk(&conf, psk, sizeof(psk),
+ (const unsigned char *) psk_id, sizeof(psk_id) - 1);
+ }
+#endif
+#if defined(MBEDTLS_SSL_RENEGOTIATION)
+ mbedtls_ssl_conf_renegotiation(&conf,
+ (options &
+ 0x80) ? MBEDTLS_SSL_RENEGOTIATION_ENABLED : MBEDTLS_SSL_RENEGOTIATION_DISABLED);
+#endif
+
+ if (mbedtls_ssl_setup(&ssl, &conf) != 0) {
+ goto exit;
+ }
+
+ biomemfuzz.Data = Data;
+ biomemfuzz.Size = Size-1;
+ biomemfuzz.Offset = 0;
+ mbedtls_ssl_set_bio(&ssl, &biomemfuzz, dummy_send, fuzz_recv, NULL);
+
+ mbedtls_ssl_session_reset(&ssl);
+ ret = mbedtls_ssl_handshake(&ssl);
+ if (ret == 0) {
+ //keep reading data from server until the end
+ do {
+ len = sizeof(buf) - 1;
+ ret = mbedtls_ssl_read(&ssl, buf, len);
+
+ if (ret == MBEDTLS_ERR_SSL_WANT_READ) {
+ continue;
+ } else if (ret <= 0) {
+ //EOF or error
+ break;
+ }
+ } while (1);
+ }
+
+exit:
+#if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_TICKET_C)
+ mbedtls_ssl_ticket_free(&ticket_ctx);
+#endif
+ mbedtls_entropy_free(&entropy);
+ mbedtls_ctr_drbg_free(&ctr_drbg);
+ mbedtls_ssl_config_free(&conf);
+#if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_PEM_PARSE_C)
+ mbedtls_x509_crt_free(&srvcert);
+ mbedtls_pk_free(&pkey);
+#endif
+ mbedtls_ssl_free(&ssl);
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ mbedtls_psa_crypto_free();
+#endif
+#else
+ (void) Data;
+ (void) Size;
+#endif /* MBEDTLS_SSL_SRV_C && MBEDTLS_ENTROPY_C && MBEDTLS_CTR_DRBG_C */
+
+ return 0;
+}
diff --git a/programs/fuzz/fuzz_server.options b/programs/fuzz/fuzz_server.options
new file mode 100644
index 0000000..4d7340f
--- /dev/null
+++ b/programs/fuzz/fuzz_server.options
@@ -0,0 +1,2 @@
+[libfuzzer]
+max_len = 1048575
diff --git a/programs/fuzz/fuzz_x509crl.c b/programs/fuzz/fuzz_x509crl.c
new file mode 100644
index 0000000..151db92
--- /dev/null
+++ b/programs/fuzz/fuzz_x509crl.c
@@ -0,0 +1,39 @@
+#include <stdint.h>
+#include "mbedtls/x509_crl.h"
+
+int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size)
+{
+#ifdef MBEDTLS_X509_CRL_PARSE_C
+ int ret;
+ mbedtls_x509_crl crl;
+ unsigned char buf[4096];
+
+ mbedtls_x509_crl_init(&crl);
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ psa_status_t status = psa_crypto_init();
+ if (status != PSA_SUCCESS) {
+ goto exit;
+ }
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+ ret = mbedtls_x509_crl_parse(&crl, Data, Size);
+#if !defined(MBEDTLS_X509_REMOVE_INFO)
+ if (ret == 0) {
+ ret = mbedtls_x509_crl_info((char *) buf, sizeof(buf) - 1, " ", &crl);
+ }
+#else
+ ((void) ret);
+ ((void) buf);
+#endif /* !MBEDTLS_X509_REMOVE_INFO */
+
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+exit:
+ mbedtls_psa_crypto_free();
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+ mbedtls_x509_crl_free(&crl);
+#else
+ (void) Data;
+ (void) Size;
+#endif
+
+ return 0;
+}
diff --git a/programs/fuzz/fuzz_x509crl.options b/programs/fuzz/fuzz_x509crl.options
new file mode 100644
index 0000000..0824b19f
--- /dev/null
+++ b/programs/fuzz/fuzz_x509crl.options
@@ -0,0 +1,2 @@
+[libfuzzer]
+max_len = 65535
diff --git a/programs/fuzz/fuzz_x509crt.c b/programs/fuzz/fuzz_x509crt.c
new file mode 100644
index 0000000..3eee072
--- /dev/null
+++ b/programs/fuzz/fuzz_x509crt.c
@@ -0,0 +1,39 @@
+#include <stdint.h>
+#include "mbedtls/x509_crt.h"
+
+int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size)
+{
+#ifdef MBEDTLS_X509_CRT_PARSE_C
+ int ret;
+ mbedtls_x509_crt crt;
+ unsigned char buf[4096];
+
+ mbedtls_x509_crt_init(&crt);
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ psa_status_t status = psa_crypto_init();
+ if (status != PSA_SUCCESS) {
+ goto exit;
+ }
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+ ret = mbedtls_x509_crt_parse(&crt, Data, Size);
+#if !defined(MBEDTLS_X509_REMOVE_INFO)
+ if (ret == 0) {
+ ret = mbedtls_x509_crt_info((char *) buf, sizeof(buf) - 1, " ", &crt);
+ }
+#else
+ ((void) ret);
+ ((void) buf);
+#endif /* !MBEDTLS_X509_REMOVE_INFO */
+
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+exit:
+ mbedtls_psa_crypto_free();
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+ mbedtls_x509_crt_free(&crt);
+#else
+ (void) Data;
+ (void) Size;
+#endif
+
+ return 0;
+}
diff --git a/programs/fuzz/fuzz_x509crt.options b/programs/fuzz/fuzz_x509crt.options
new file mode 100644
index 0000000..0824b19f
--- /dev/null
+++ b/programs/fuzz/fuzz_x509crt.options
@@ -0,0 +1,2 @@
+[libfuzzer]
+max_len = 65535
diff --git a/programs/fuzz/fuzz_x509csr.c b/programs/fuzz/fuzz_x509csr.c
new file mode 100644
index 0000000..7946e57e
--- /dev/null
+++ b/programs/fuzz/fuzz_x509csr.c
@@ -0,0 +1,39 @@
+#include <stdint.h>
+#include "mbedtls/x509_csr.h"
+
+int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size)
+{
+#ifdef MBEDTLS_X509_CSR_PARSE_C
+ int ret;
+ mbedtls_x509_csr csr;
+ unsigned char buf[4096];
+
+ mbedtls_x509_csr_init(&csr);
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ psa_status_t status = psa_crypto_init();
+ if (status != PSA_SUCCESS) {
+ goto exit;
+ }
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+ ret = mbedtls_x509_csr_parse(&csr, Data, Size);
+#if !defined(MBEDTLS_X509_REMOVE_INFO)
+ if (ret == 0) {
+ ret = mbedtls_x509_csr_info((char *) buf, sizeof(buf) - 1, " ", &csr);
+ }
+#else
+ ((void) ret);
+ ((void) buf);
+#endif /* !MBEDTLS_X509_REMOVE_INFO */
+
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+exit:
+ mbedtls_psa_crypto_free();
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+ mbedtls_x509_csr_free(&csr);
+#else
+ (void) Data;
+ (void) Size;
+#endif
+
+ return 0;
+}
diff --git a/programs/fuzz/fuzz_x509csr.options b/programs/fuzz/fuzz_x509csr.options
new file mode 100644
index 0000000..0824b19f
--- /dev/null
+++ b/programs/fuzz/fuzz_x509csr.options
@@ -0,0 +1,2 @@
+[libfuzzer]
+max_len = 65535
diff --git a/programs/fuzz/onefile.c b/programs/fuzz/onefile.c
new file mode 100644
index 0000000..3b2709f
--- /dev/null
+++ b/programs/fuzz/onefile.c
@@ -0,0 +1,69 @@
+#include <stdint.h>
+#include <stdlib.h>
+#include <stdio.h>
+
+/* This file doesn't use any Mbed TLS function, but grab mbedtls_config.h anyway
+ * in case it contains platform-specific #defines related to malloc or
+ * stdio functions. */
+#include "mbedtls/build_info.h"
+
+int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size);
+
+int main(int argc, char **argv)
+{
+ FILE *fp;
+ uint8_t *Data;
+ size_t Size;
+ const char *argv0 = argv[0] == NULL ? "PROGRAM_NAME" : argv[0];
+
+ if (argc != 2) {
+ fprintf(stderr, "Usage: %s REPRODUCER_FILE\n", argv0);
+ return 1;
+ }
+ //opens the file, get its size, and reads it into a buffer
+ fp = fopen(argv[1], "rb");
+ if (fp == NULL) {
+ fprintf(stderr, "%s: Error in fopen\n", argv0);
+ perror(argv[1]);
+ return 2;
+ }
+ if (fseek(fp, 0L, SEEK_END) != 0) {
+ fprintf(stderr, "%s: Error in fseek(SEEK_END)\n", argv0);
+ perror(argv[1]);
+ fclose(fp);
+ return 2;
+ }
+ Size = ftell(fp);
+ if (Size == (size_t) -1) {
+ fprintf(stderr, "%s: Error in ftell\n", argv0);
+ perror(argv[1]);
+ fclose(fp);
+ return 2;
+ }
+ if (fseek(fp, 0L, SEEK_SET) != 0) {
+ fprintf(stderr, "%s: Error in fseek(0)\n", argv0);
+ perror(argv[1]);
+ fclose(fp);
+ return 2;
+ }
+ Data = malloc(Size);
+ if (Data == NULL) {
+ fprintf(stderr, "%s: Could not allocate memory\n", argv0);
+ perror(argv[1]);
+ fclose(fp);
+ return 2;
+ }
+ if (fread(Data, Size, 1, fp) != 1) {
+ fprintf(stderr, "%s: Error in fread\n", argv0);
+ perror(argv[1]);
+ free(Data);
+ fclose(fp);
+ return 2;
+ }
+
+ //launch fuzzer
+ LLVMFuzzerTestOneInput(Data, Size);
+ free(Data);
+ fclose(fp);
+ return 0;
+}
diff --git a/programs/hash/CMakeLists.txt b/programs/hash/CMakeLists.txt
new file mode 100644
index 0000000..fcacf3b
--- /dev/null
+++ b/programs/hash/CMakeLists.txt
@@ -0,0 +1,15 @@
+set(executables
+ generic_sum
+ hello
+ md_hmac_demo
+)
+
+foreach(exe IN LISTS executables)
+ add_executable(${exe} ${exe}.c $<TARGET_OBJECTS:mbedtls_test>)
+ target_link_libraries(${exe} ${mbedcrypto_target} ${CMAKE_THREAD_LIBS_INIT})
+ target_include_directories(${exe} PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../tests/include)
+endforeach()
+
+install(TARGETS ${executables}
+ DESTINATION "bin"
+ PERMISSIONS OWNER_READ OWNER_WRITE OWNER_EXECUTE GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE)
diff --git a/programs/hash/generic_sum.c b/programs/hash/generic_sum.c
new file mode 100644
index 0000000..3fd2b00
--- /dev/null
+++ b/programs/hash/generic_sum.c
@@ -0,0 +1,209 @@
+/*
+ * generic message digest layer demonstration program
+ *
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ */
+
+#include "mbedtls/build_info.h"
+
+#include "mbedtls/platform.h"
+
+#if defined(MBEDTLS_MD_C) && defined(MBEDTLS_FS_IO)
+#include "mbedtls/md.h"
+
+#include <stdio.h>
+#include <string.h>
+#endif
+
+#if !defined(MBEDTLS_MD_C) || !defined(MBEDTLS_FS_IO)
+int main(void)
+{
+ mbedtls_printf("MBEDTLS_MD_C and/or MBEDTLS_FS_IO not defined.\n");
+ mbedtls_exit(0);
+}
+#else
+
+
+static int generic_wrapper(const mbedtls_md_info_t *md_info, char *filename, unsigned char *sum)
+{
+ int ret = mbedtls_md_file(md_info, filename, sum);
+
+ if (ret == 1) {
+ mbedtls_fprintf(stderr, "failed to open: %s\n", filename);
+ }
+
+ if (ret == 2) {
+ mbedtls_fprintf(stderr, "failed to read: %s\n", filename);
+ }
+
+ return ret;
+}
+
+static int generic_print(const mbedtls_md_info_t *md_info, char *filename)
+{
+ int i;
+ unsigned char sum[MBEDTLS_MD_MAX_SIZE];
+
+ if (generic_wrapper(md_info, filename, sum) != 0) {
+ return 1;
+ }
+
+ for (i = 0; i < mbedtls_md_get_size(md_info); i++) {
+ mbedtls_printf("%02x", sum[i]);
+ }
+
+ mbedtls_printf(" %s\n", filename);
+ return 0;
+}
+
+static int generic_check(const mbedtls_md_info_t *md_info, char *filename)
+{
+ int i;
+ size_t n;
+ FILE *f;
+ int nb_err1, nb_err2;
+ int nb_tot1, nb_tot2;
+ unsigned char sum[MBEDTLS_MD_MAX_SIZE];
+ char line[1024];
+ char diff;
+#if defined(__clang_analyzer__)
+ char buf[MBEDTLS_MD_MAX_SIZE * 2 + 1] = { };
+#else
+ char buf[MBEDTLS_MD_MAX_SIZE * 2 + 1];
+#endif
+
+ if ((f = fopen(filename, "rb")) == NULL) {
+ mbedtls_printf("failed to open: %s\n", filename);
+ return 1;
+ }
+
+ nb_err1 = nb_err2 = 0;
+ nb_tot1 = nb_tot2 = 0;
+
+ memset(line, 0, sizeof(line));
+
+ n = sizeof(line);
+
+ while (fgets(line, (int) n - 1, f) != NULL) {
+ n = strlen(line);
+
+ if (n < (size_t) 2 * mbedtls_md_get_size(md_info) + 4) {
+ mbedtls_printf("No '%s' hash found on line.\n", mbedtls_md_get_name(md_info));
+ continue;
+ }
+
+ if (line[2 * mbedtls_md_get_size(md_info)] != ' ' ||
+ line[2 * mbedtls_md_get_size(md_info) + 1] != ' ') {
+ mbedtls_printf("No '%s' hash found on line.\n", mbedtls_md_get_name(md_info));
+ continue;
+ }
+
+ if (line[n - 1] == '\n') {
+ n--; line[n] = '\0';
+ }
+ if (line[n - 1] == '\r') {
+ n--; line[n] = '\0';
+ }
+
+ nb_tot1++;
+
+ if (generic_wrapper(md_info, line + 2 + 2 * mbedtls_md_get_size(md_info), sum) != 0) {
+ nb_err1++;
+ continue;
+ }
+
+ nb_tot2++;
+
+ for (i = 0; i < mbedtls_md_get_size(md_info); i++) {
+ sprintf(buf + i * 2, "%02x", sum[i]);
+ }
+
+ /* Use constant-time buffer comparison */
+ diff = 0;
+ for (i = 0; i < 2 * mbedtls_md_get_size(md_info); i++) {
+ diff |= line[i] ^ buf[i];
+ }
+
+ if (diff != 0) {
+ nb_err2++;
+ mbedtls_fprintf(stderr, "wrong checksum: %s\n", line + 66);
+ }
+
+ n = sizeof(line);
+ }
+
+ if (nb_err1 != 0) {
+ mbedtls_printf("WARNING: %d (out of %d) input files could "
+ "not be read\n", nb_err1, nb_tot1);
+ }
+
+ if (nb_err2 != 0) {
+ mbedtls_printf("WARNING: %d (out of %d) computed checksums did "
+ "not match\n", nb_err2, nb_tot2);
+ }
+
+ fclose(f);
+
+ return nb_err1 != 0 || nb_err2 != 0;
+}
+
+int main(int argc, char *argv[])
+{
+ int ret = 1, i;
+ int exit_code = MBEDTLS_EXIT_FAILURE;
+ const mbedtls_md_info_t *md_info;
+ mbedtls_md_context_t md_ctx;
+
+ mbedtls_md_init(&md_ctx);
+
+ if (argc < 2) {
+ const int *list;
+
+ mbedtls_printf("print mode: generic_sum <mbedtls_md> <file> <file> ...\n");
+ mbedtls_printf("check mode: generic_sum <mbedtls_md> -c <checksum file>\n");
+
+ mbedtls_printf("\nAvailable message digests:\n");
+ list = mbedtls_md_list();
+ while (*list) {
+ md_info = mbedtls_md_info_from_type(*list);
+ mbedtls_printf(" %s\n", mbedtls_md_get_name(md_info));
+ list++;
+ }
+
+ mbedtls_exit(exit_code);
+ }
+
+ /*
+ * Read the MD from the command line
+ */
+ md_info = mbedtls_md_info_from_string(argv[1]);
+ if (md_info == NULL) {
+ mbedtls_fprintf(stderr, "Message Digest '%s' not found\n", argv[1]);
+ mbedtls_exit(exit_code);
+ }
+ if (mbedtls_md_setup(&md_ctx, md_info, 0)) {
+ mbedtls_fprintf(stderr, "Failed to initialize context.\n");
+ mbedtls_exit(exit_code);
+ }
+
+ ret = 0;
+ if (argc == 4 && strcmp("-c", argv[2]) == 0) {
+ ret |= generic_check(md_info, argv[3]);
+ goto exit;
+ }
+
+ for (i = 2; i < argc; i++) {
+ ret |= generic_print(md_info, argv[i]);
+ }
+
+ if (ret == 0) {
+ exit_code = MBEDTLS_EXIT_SUCCESS;
+ }
+
+exit:
+ mbedtls_md_free(&md_ctx);
+
+ mbedtls_exit(exit_code);
+}
+#endif /* MBEDTLS_MD_C && MBEDTLS_FS_IO */
diff --git a/programs/hash/hello.c b/programs/hash/hello.c
new file mode 100644
index 0000000..8caae88
--- /dev/null
+++ b/programs/hash/hello.c
@@ -0,0 +1,45 @@
+/*
+ * Classic "Hello, world" demonstration program
+ *
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ */
+
+#include "mbedtls/build_info.h"
+
+#include "mbedtls/platform.h"
+
+#if defined(MBEDTLS_MD5_C)
+#include "mbedtls/md5.h"
+#endif
+
+#if !defined(MBEDTLS_MD5_C)
+int main(void)
+{
+ mbedtls_printf("MBEDTLS_MD5_C not defined.\n");
+ mbedtls_exit(0);
+}
+#else
+
+
+int main(void)
+{
+ int i, ret;
+ unsigned char digest[16];
+ char str[] = "Hello, world!";
+
+ mbedtls_printf("\n MD5('%s') = ", str);
+
+ if ((ret = mbedtls_md5((unsigned char *) str, 13, digest)) != 0) {
+ mbedtls_exit(MBEDTLS_EXIT_FAILURE);
+ }
+
+ for (i = 0; i < 16; i++) {
+ mbedtls_printf("%02x", digest[i]);
+ }
+
+ mbedtls_printf("\n\n");
+
+ mbedtls_exit(MBEDTLS_EXIT_SUCCESS);
+}
+#endif /* MBEDTLS_MD5_C */
diff --git a/programs/hash/md_hmac_demo.c b/programs/hash/md_hmac_demo.c
new file mode 100644
index 0000000..581816a
--- /dev/null
+++ b/programs/hash/md_hmac_demo.c
@@ -0,0 +1,136 @@
+/**
+ * MD API multi-part HMAC demonstration.
+ *
+ * This programs computes the HMAC of two messages using the multi-part API.
+ *
+ * This is a companion to psa/hmac_demo.c, doing the same operations with the
+ * legacy MD API. The goal is that comparing the two programs will help people
+ * migrating to the PSA Crypto API.
+ *
+ * When it comes to multi-part HMAC operations, the `mbedtls_md_context`
+ * serves a dual purpose (1) hold the key, and (2) save progress information
+ * for the current operation. With PSA those roles are held by two disinct
+ * objects: (1) a psa_key_id_t to hold the key, and (2) a psa_operation_t for
+ * multi-part progress.
+ *
+ * This program and its companion psa/hmac_demo.c illustrate this by doing the
+ * same sequence of multi-part HMAC computation with both APIs; looking at the
+ * two side by side should make the differences and similarities clear.
+ */
+
+/*
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ */
+
+/* First include Mbed TLS headers to get the Mbed TLS configuration and
+ * platform definitions that we'll use in this program. Also include
+ * standard C headers for functions we'll use here. */
+#include "mbedtls/build_info.h"
+
+#include "mbedtls/md.h"
+
+#include "mbedtls/platform_util.h" // for mbedtls_platform_zeroize
+
+#include <stdlib.h>
+#include <stdio.h>
+
+/* If the build options we need are not enabled, compile a placeholder. */
+#if !defined(MBEDTLS_MD_C)
+int main(void)
+{
+ printf("MBEDTLS_MD_C not defined\r\n");
+ return 0;
+}
+#else
+
+/* The real program starts here. */
+
+/* Dummy inputs for HMAC */
+const unsigned char msg1_part1[] = { 0x01, 0x02 };
+const unsigned char msg1_part2[] = { 0x03, 0x04 };
+const unsigned char msg2_part1[] = { 0x05, 0x05 };
+const unsigned char msg2_part2[] = { 0x06, 0x06 };
+
+/* Dummy key material - never do this in production!
+ * This example program uses SHA-256, so a 32-byte key makes sense. */
+const unsigned char key_bytes[32] = { 0 };
+
+/* Print the contents of a buffer in hex */
+void print_buf(const char *title, unsigned char *buf, size_t len)
+{
+ printf("%s:", title);
+ for (size_t i = 0; i < len; i++) {
+ printf(" %02x", buf[i]);
+ }
+ printf("\n");
+}
+
+/* Run an Mbed TLS function and bail out if it fails.
+ * A string description of the error code can be recovered with:
+ * programs/util/strerror <value> */
+#define CHK(expr) \
+ do \
+ { \
+ ret = (expr); \
+ if (ret != 0) \
+ { \
+ printf("Error %d at line %d: %s\n", \
+ ret, \
+ __LINE__, \
+ #expr); \
+ goto exit; \
+ } \
+ } while (0)
+
+/*
+ * This function demonstrates computation of the HMAC of two messages using
+ * the multipart API.
+ */
+int hmac_demo(void)
+{
+ int ret;
+ const mbedtls_md_type_t alg = MBEDTLS_MD_SHA256;
+ unsigned char out[MBEDTLS_MD_MAX_SIZE]; // safe but not optimal
+
+ mbedtls_md_context_t ctx;
+
+ mbedtls_md_init(&ctx);
+
+ /* prepare context and load key */
+ // the last argument to setup is 1 to enable HMAC (not just hashing)
+ const mbedtls_md_info_t *info = mbedtls_md_info_from_type(alg);
+ CHK(mbedtls_md_setup(&ctx, info, 1));
+ CHK(mbedtls_md_hmac_starts(&ctx, key_bytes, sizeof(key_bytes)));
+
+ /* compute HMAC(key, msg1_part1 | msg1_part2) */
+ CHK(mbedtls_md_hmac_update(&ctx, msg1_part1, sizeof(msg1_part1)));
+ CHK(mbedtls_md_hmac_update(&ctx, msg1_part2, sizeof(msg1_part2)));
+ CHK(mbedtls_md_hmac_finish(&ctx, out));
+ print_buf("msg1", out, mbedtls_md_get_size(info));
+
+ /* compute HMAC(key, msg2_part1 | msg2_part2) */
+ CHK(mbedtls_md_hmac_reset(&ctx)); // prepare for new operation
+ CHK(mbedtls_md_hmac_update(&ctx, msg2_part1, sizeof(msg2_part1)));
+ CHK(mbedtls_md_hmac_update(&ctx, msg2_part2, sizeof(msg2_part2)));
+ CHK(mbedtls_md_hmac_finish(&ctx, out));
+ print_buf("msg2", out, mbedtls_md_get_size(info));
+
+exit:
+ mbedtls_md_free(&ctx);
+ mbedtls_platform_zeroize(out, sizeof(out));
+
+ return ret;
+}
+
+int main(void)
+{
+ int ret;
+
+ CHK(hmac_demo());
+
+exit:
+ return ret == 0 ? EXIT_SUCCESS : EXIT_FAILURE;
+}
+
+#endif
diff --git a/programs/pkey/CMakeLists.txt b/programs/pkey/CMakeLists.txt
new file mode 100644
index 0000000..cd0387a
--- /dev/null
+++ b/programs/pkey/CMakeLists.txt
@@ -0,0 +1,41 @@
+set(executables_mbedtls
+ dh_client
+ dh_server
+)
+
+foreach(exe IN LISTS executables_mbedtls)
+ add_executable(${exe} ${exe}.c $<TARGET_OBJECTS:mbedtls_test>)
+ target_link_libraries(${exe} ${mbedtls_target} ${CMAKE_THREAD_LIBS_INIT})
+ target_include_directories(${exe} PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../tests/include)
+endforeach()
+
+set(executables_mbedcrypto
+ dh_genprime
+ ecdh_curve25519
+ ecdsa
+ gen_key
+ key_app
+ key_app_writer
+ mpi_demo
+ pk_encrypt
+ pk_decrypt
+ pk_sign
+ pk_verify
+ rsa_decrypt
+ rsa_encrypt
+ rsa_genkey
+ rsa_sign
+ rsa_sign_pss
+ rsa_verify
+ rsa_verify_pss
+)
+
+foreach(exe IN LISTS executables_mbedcrypto)
+ add_executable(${exe} ${exe}.c $<TARGET_OBJECTS:mbedtls_test>)
+ target_link_libraries(${exe} ${mbedcrypto_target} ${CMAKE_THREAD_LIBS_INIT})
+ target_include_directories(${exe} PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../tests/include)
+endforeach()
+
+install(TARGETS ${executables_mbedtls} ${executables_mbedcrypto}
+ DESTINATION "bin"
+ PERMISSIONS OWNER_READ OWNER_WRITE OWNER_EXECUTE GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE)
diff --git a/programs/pkey/dh_client.c b/programs/pkey/dh_client.c
new file mode 100644
index 0000000..165cee2
--- /dev/null
+++ b/programs/pkey/dh_client.c
@@ -0,0 +1,288 @@
+/*
+ * Diffie-Hellman-Merkle key exchange (client side)
+ *
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ */
+
+#include "mbedtls/build_info.h"
+
+#include "mbedtls/platform.h"
+/* md.h is included this early since MD_CAN_XXX macros are defined there. */
+#include "mbedtls/md.h"
+
+#if defined(MBEDTLS_AES_C) && defined(MBEDTLS_DHM_C) && \
+ defined(MBEDTLS_ENTROPY_C) && defined(MBEDTLS_NET_C) && \
+ defined(MBEDTLS_RSA_C) && defined(MBEDTLS_SHA256_C) && \
+ defined(MBEDTLS_FS_IO) && defined(MBEDTLS_CTR_DRBG_C)
+#include "mbedtls/net_sockets.h"
+#include "mbedtls/aes.h"
+#include "mbedtls/dhm.h"
+#include "mbedtls/rsa.h"
+#include "mbedtls/sha256.h"
+#include "mbedtls/entropy.h"
+#include "mbedtls/ctr_drbg.h"
+
+#include <stdio.h>
+#include <string.h>
+#endif
+
+#define SERVER_NAME "localhost"
+#define SERVER_PORT "11999"
+
+#if !defined(MBEDTLS_AES_C) || !defined(MBEDTLS_DHM_C) || \
+ !defined(MBEDTLS_ENTROPY_C) || !defined(MBEDTLS_NET_C) || \
+ !defined(MBEDTLS_RSA_C) || !defined(MBEDTLS_SHA256_C) || \
+ !defined(MBEDTLS_FS_IO) || !defined(MBEDTLS_CTR_DRBG_C)
+int main(void)
+{
+ mbedtls_printf("MBEDTLS_AES_C and/or MBEDTLS_DHM_C and/or MBEDTLS_ENTROPY_C "
+ "and/or MBEDTLS_NET_C and/or MBEDTLS_RSA_C and/or "
+ "MBEDTLS_MD_CAN_SHA256 and/or MBEDTLS_FS_IO and/or "
+ "MBEDTLS_CTR_DRBG_C and/or MBEDTLS_SHA1_C not defined.\n");
+ mbedtls_exit(0);
+}
+
+#elif defined(MBEDTLS_BLOCK_CIPHER_NO_DECRYPT)
+int main(void)
+{
+ mbedtls_printf("MBEDTLS_BLOCK_CIPHER_NO_DECRYPT defined.\n");
+ mbedtls_exit(0);
+}
+#else
+
+
+int main(void)
+{
+ FILE *f;
+
+ int ret = 1;
+ int exit_code = MBEDTLS_EXIT_FAILURE;
+ unsigned int mdlen;
+ size_t n, buflen;
+ mbedtls_net_context server_fd;
+
+ unsigned char *p, *end;
+ unsigned char buf[2048];
+ unsigned char hash[MBEDTLS_MD_MAX_SIZE];
+ mbedtls_mpi N, E;
+ const char *pers = "dh_client";
+
+ mbedtls_entropy_context entropy;
+ mbedtls_ctr_drbg_context ctr_drbg;
+ mbedtls_rsa_context rsa;
+ mbedtls_dhm_context dhm;
+ mbedtls_aes_context aes;
+
+ mbedtls_net_init(&server_fd);
+ mbedtls_dhm_init(&dhm);
+ mbedtls_aes_init(&aes);
+ mbedtls_ctr_drbg_init(&ctr_drbg);
+ mbedtls_mpi_init(&N);
+ mbedtls_mpi_init(&E);
+
+ /*
+ * 1. Setup the RNG
+ */
+ mbedtls_printf("\n . Seeding the random number generator");
+ fflush(stdout);
+
+ mbedtls_entropy_init(&entropy);
+ if ((ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &entropy,
+ (const unsigned char *) pers,
+ strlen(pers))) != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_ctr_drbg_seed returned %d\n", ret);
+ goto exit;
+ }
+
+ /*
+ * 2. Read the server's public RSA key
+ */
+ mbedtls_printf("\n . Reading public key from rsa_pub.txt");
+ fflush(stdout);
+
+ if ((f = fopen("rsa_pub.txt", "rb")) == NULL) {
+ mbedtls_printf(" failed\n ! Could not open rsa_pub.txt\n" \
+ " ! Please run rsa_genkey first\n\n");
+ goto exit;
+ }
+
+ mbedtls_rsa_init(&rsa);
+ if ((ret = mbedtls_mpi_read_file(&N, 16, f)) != 0 ||
+ (ret = mbedtls_mpi_read_file(&E, 16, f)) != 0 ||
+ (ret = mbedtls_rsa_import(&rsa, &N, NULL, NULL, NULL, &E) != 0)) {
+ mbedtls_printf(" failed\n ! mbedtls_mpi_read_file returned %d\n\n", ret);
+ fclose(f);
+ goto exit;
+ }
+ fclose(f);
+
+ /*
+ * 3. Initiate the connection
+ */
+ mbedtls_printf("\n . Connecting to tcp/%s/%s", SERVER_NAME,
+ SERVER_PORT);
+ fflush(stdout);
+
+ if ((ret = mbedtls_net_connect(&server_fd, SERVER_NAME,
+ SERVER_PORT, MBEDTLS_NET_PROTO_TCP)) != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_net_connect returned %d\n\n", ret);
+ goto exit;
+ }
+
+ /*
+ * 4a. First get the buffer length
+ */
+ mbedtls_printf("\n . Receiving the server's DH parameters");
+ fflush(stdout);
+
+ memset(buf, 0, sizeof(buf));
+
+ if ((ret = mbedtls_net_recv(&server_fd, buf, 2)) != 2) {
+ mbedtls_printf(" failed\n ! mbedtls_net_recv returned %d\n\n", ret);
+ goto exit;
+ }
+
+ n = buflen = (buf[0] << 8) | buf[1];
+ if (buflen < 1 || buflen > sizeof(buf)) {
+ mbedtls_printf(" failed\n ! Got an invalid buffer length\n\n");
+ goto exit;
+ }
+
+ /*
+ * 4b. Get the DHM parameters: P, G and Ys = G^Xs mod P
+ */
+ memset(buf, 0, sizeof(buf));
+
+ if ((ret = mbedtls_net_recv(&server_fd, buf, n)) != (int) n) {
+ mbedtls_printf(" failed\n ! mbedtls_net_recv returned %d\n\n", ret);
+ goto exit;
+ }
+
+ p = buf, end = buf + buflen;
+
+ if ((ret = mbedtls_dhm_read_params(&dhm, &p, end)) != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_dhm_read_params returned %d\n\n", ret);
+ goto exit;
+ }
+
+ n = mbedtls_dhm_get_len(&dhm);
+ if (n < 64 || n > 512) {
+ mbedtls_printf(" failed\n ! Invalid DHM modulus size\n\n");
+ goto exit;
+ }
+
+ /*
+ * 5. Check that the server's RSA signature matches
+ * the SHA-256 hash of (P,G,Ys)
+ */
+ mbedtls_printf("\n . Verifying the server's RSA signature");
+ fflush(stdout);
+
+ p += 2;
+
+ if ((n = (size_t) (end - p)) != mbedtls_rsa_get_len(&rsa)) {
+ mbedtls_printf(" failed\n ! Invalid RSA signature size\n\n");
+ goto exit;
+ }
+
+ mdlen = (unsigned int) mbedtls_md_get_size(mbedtls_md_info_from_type(MBEDTLS_MD_SHA256));
+ if (mdlen == 0) {
+ mbedtls_printf(" failed\n ! Invalid digest type\n\n");
+ goto exit;
+ }
+
+ if ((ret = mbedtls_sha256(buf, (int) (p - 2 - buf), hash, 0)) != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_sha256 returned %d\n\n", ret);
+ goto exit;
+ }
+
+ if ((ret = mbedtls_rsa_pkcs1_verify(&rsa, MBEDTLS_MD_SHA256,
+ mdlen, hash, p)) != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_rsa_pkcs1_verify returned %d\n\n", ret);
+ goto exit;
+ }
+
+ /*
+ * 6. Send our public value: Yc = G ^ Xc mod P
+ */
+ mbedtls_printf("\n . Sending own public value to server");
+ fflush(stdout);
+
+ n = mbedtls_dhm_get_len(&dhm);
+ if ((ret = mbedtls_dhm_make_public(&dhm, (int) n, buf, n,
+ mbedtls_ctr_drbg_random, &ctr_drbg)) != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_dhm_make_public returned %d\n\n", ret);
+ goto exit;
+ }
+
+ if ((ret = mbedtls_net_send(&server_fd, buf, n)) != (int) n) {
+ mbedtls_printf(" failed\n ! mbedtls_net_send returned %d\n\n", ret);
+ goto exit;
+ }
+
+ /*
+ * 7. Derive the shared secret: K = Ys ^ Xc mod P
+ */
+ mbedtls_printf("\n . Shared secret: ");
+ fflush(stdout);
+
+ if ((ret = mbedtls_dhm_calc_secret(&dhm, buf, sizeof(buf), &n,
+ mbedtls_ctr_drbg_random, &ctr_drbg)) != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_dhm_calc_secret returned %d\n\n", ret);
+ goto exit;
+ }
+
+ for (n = 0; n < 16; n++) {
+ mbedtls_printf("%02x", buf[n]);
+ }
+
+ /*
+ * 8. Setup the AES-256 decryption key
+ *
+ * This is an overly simplified example; best practice is
+ * to hash the shared secret with a random value to derive
+ * the keying material for the encryption/decryption keys,
+ * IVs and MACs.
+ */
+ mbedtls_printf("...\n . Receiving and decrypting the ciphertext");
+ fflush(stdout);
+
+ ret = mbedtls_aes_setkey_dec(&aes, buf, 256);
+ if (ret != 0) {
+ goto exit;
+ }
+
+ memset(buf, 0, sizeof(buf));
+
+ if ((ret = mbedtls_net_recv(&server_fd, buf, 16)) != 16) {
+ mbedtls_printf(" failed\n ! mbedtls_net_recv returned %d\n\n", ret);
+ goto exit;
+ }
+
+ ret = mbedtls_aes_crypt_ecb(&aes, MBEDTLS_AES_DECRYPT, buf, buf);
+ if (ret != 0) {
+ goto exit;
+ }
+ buf[16] = '\0';
+ mbedtls_printf("\n . Plaintext is \"%s\"\n\n", (char *) buf);
+
+ exit_code = MBEDTLS_EXIT_SUCCESS;
+
+exit:
+
+ mbedtls_net_free(&server_fd);
+
+ mbedtls_aes_free(&aes);
+ mbedtls_rsa_free(&rsa);
+ mbedtls_dhm_free(&dhm);
+ mbedtls_ctr_drbg_free(&ctr_drbg);
+ mbedtls_entropy_free(&entropy);
+ mbedtls_mpi_free(&N);
+ mbedtls_mpi_free(&E);
+
+ mbedtls_exit(exit_code);
+}
+#endif /* MBEDTLS_AES_C && MBEDTLS_DHM_C && MBEDTLS_ENTROPY_C &&
+ MBEDTLS_NET_C && MBEDTLS_RSA_C && MBEDTLS_MD_CAN_SHA256 &&
+ MBEDTLS_FS_IO && MBEDTLS_CTR_DRBG_C */
diff --git a/programs/pkey/dh_genprime.c b/programs/pkey/dh_genprime.c
new file mode 100644
index 0000000..6872e61
--- /dev/null
+++ b/programs/pkey/dh_genprime.c
@@ -0,0 +1,161 @@
+/*
+ * Diffie-Hellman-Merkle key exchange (prime generation)
+ *
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ */
+
+#include "mbedtls/build_info.h"
+
+#include "mbedtls/platform.h"
+
+#if !defined(MBEDTLS_BIGNUM_C) || !defined(MBEDTLS_ENTROPY_C) || \
+ !defined(MBEDTLS_FS_IO) || !defined(MBEDTLS_CTR_DRBG_C) || \
+ !defined(MBEDTLS_GENPRIME)
+int main(void)
+{
+ mbedtls_printf("MBEDTLS_BIGNUM_C and/or MBEDTLS_ENTROPY_C and/or "
+ "MBEDTLS_FS_IO and/or MBEDTLS_CTR_DRBG_C and/or "
+ "MBEDTLS_GENPRIME not defined.\n");
+ mbedtls_exit(0);
+}
+#else
+
+#include "mbedtls/bignum.h"
+#include "mbedtls/entropy.h"
+#include "mbedtls/ctr_drbg.h"
+
+#include <stdio.h>
+#include <string.h>
+
+#define USAGE \
+ "\n usage: dh_genprime param=<>...\n" \
+ "\n acceptable parameters:\n" \
+ " bits=%%d default: 2048\n"
+
+#define DFL_BITS 2048
+
+/*
+ * Note: G = 4 is always a quadratic residue mod P,
+ * so it is a generator of order Q (with P = 2*Q+1).
+ */
+#define GENERATOR "4"
+
+
+int main(int argc, char **argv)
+{
+ int ret = 1;
+ int exit_code = MBEDTLS_EXIT_FAILURE;
+ mbedtls_mpi G, P, Q;
+ mbedtls_entropy_context entropy;
+ mbedtls_ctr_drbg_context ctr_drbg;
+ const char *pers = "dh_genprime";
+ FILE *fout;
+ int nbits = DFL_BITS;
+ int i;
+ char *p, *q;
+
+ mbedtls_mpi_init(&G); mbedtls_mpi_init(&P); mbedtls_mpi_init(&Q);
+ mbedtls_ctr_drbg_init(&ctr_drbg);
+ mbedtls_entropy_init(&entropy);
+
+ if (argc < 2) {
+usage:
+ mbedtls_printf(USAGE);
+ goto exit;
+ }
+
+ for (i = 1; i < argc; i++) {
+ p = argv[i];
+ if ((q = strchr(p, '=')) == NULL) {
+ goto usage;
+ }
+ *q++ = '\0';
+
+ if (strcmp(p, "bits") == 0) {
+ nbits = atoi(q);
+ if (nbits < 0 || nbits > MBEDTLS_MPI_MAX_BITS) {
+ goto usage;
+ }
+ } else {
+ goto usage;
+ }
+ }
+
+ if ((ret = mbedtls_mpi_read_string(&G, 10, GENERATOR)) != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_mpi_read_string returned %d\n", ret);
+ goto exit;
+ }
+
+ mbedtls_printf(" ! Generating large primes may take minutes!\n");
+
+ mbedtls_printf("\n . Seeding the random number generator...");
+ fflush(stdout);
+
+ if ((ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &entropy,
+ (const unsigned char *) pers,
+ strlen(pers))) != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_ctr_drbg_seed returned %d\n", ret);
+ goto exit;
+ }
+
+ mbedtls_printf(" ok\n . Generating the modulus, please wait...");
+ fflush(stdout);
+
+ /*
+ * This can take a long time...
+ */
+ if ((ret = mbedtls_mpi_gen_prime(&P, nbits, 1,
+ mbedtls_ctr_drbg_random, &ctr_drbg)) != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_mpi_gen_prime returned %d\n\n", ret);
+ goto exit;
+ }
+
+ mbedtls_printf(" ok\n . Verifying that Q = (P-1)/2 is prime...");
+ fflush(stdout);
+
+ if ((ret = mbedtls_mpi_sub_int(&Q, &P, 1)) != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_mpi_sub_int returned %d\n\n", ret);
+ goto exit;
+ }
+
+ if ((ret = mbedtls_mpi_div_int(&Q, NULL, &Q, 2)) != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_mpi_div_int returned %d\n\n", ret);
+ goto exit;
+ }
+
+ if ((ret = mbedtls_mpi_is_prime_ext(&Q, 50, mbedtls_ctr_drbg_random, &ctr_drbg)) != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_mpi_is_prime returned %d\n\n", ret);
+ goto exit;
+ }
+
+ mbedtls_printf(" ok\n . Exporting the value in dh_prime.txt...");
+ fflush(stdout);
+
+ if ((fout = fopen("dh_prime.txt", "wb+")) == NULL) {
+ mbedtls_printf(" failed\n ! Could not create dh_prime.txt\n\n");
+ goto exit;
+ }
+
+ if (((ret = mbedtls_mpi_write_file("P = ", &P, 16, fout)) != 0) ||
+ ((ret = mbedtls_mpi_write_file("G = ", &G, 16, fout)) != 0)) {
+ mbedtls_printf(" failed\n ! mbedtls_mpi_write_file returned %d\n\n", ret);
+ fclose(fout);
+ goto exit;
+ }
+
+ mbedtls_printf(" ok\n\n");
+ fclose(fout);
+
+ exit_code = MBEDTLS_EXIT_SUCCESS;
+
+exit:
+
+ mbedtls_mpi_free(&G); mbedtls_mpi_free(&P); mbedtls_mpi_free(&Q);
+ mbedtls_ctr_drbg_free(&ctr_drbg);
+ mbedtls_entropy_free(&entropy);
+
+ mbedtls_exit(exit_code);
+}
+#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_ENTROPY_C && MBEDTLS_FS_IO &&
+ MBEDTLS_CTR_DRBG_C && MBEDTLS_GENPRIME */
diff --git a/programs/pkey/dh_prime.txt b/programs/pkey/dh_prime.txt
new file mode 100644
index 0000000..de0c281
--- /dev/null
+++ b/programs/pkey/dh_prime.txt
@@ -0,0 +1,2 @@
+P = FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3DC2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F83655D23DCA3AD961C62F356208552BB9ED529077096966D670C354E4ABC9804F1746C08CA18217C32905E462E36CE3BE39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9DE2BCBF6955817183995497CEA956AE515D2261898FA051015728E5A8AACAA68FFFFFFFFFFFFFFFF
+G = 02
diff --git a/programs/pkey/dh_server.c b/programs/pkey/dh_server.c
new file mode 100644
index 0000000..1ae5651
--- /dev/null
+++ b/programs/pkey/dh_server.c
@@ -0,0 +1,306 @@
+/*
+ * Diffie-Hellman-Merkle key exchange (server side)
+ *
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ */
+
+#include "mbedtls/build_info.h"
+
+#include "mbedtls/platform.h"
+/* md.h is included this early since MD_CAN_XXX macros are defined there. */
+#include "mbedtls/md.h"
+
+#if defined(MBEDTLS_AES_C) && defined(MBEDTLS_DHM_C) && \
+ defined(MBEDTLS_ENTROPY_C) && defined(MBEDTLS_NET_C) && \
+ defined(MBEDTLS_RSA_C) && defined(MBEDTLS_SHA256_C) && \
+ defined(MBEDTLS_FS_IO) && defined(MBEDTLS_CTR_DRBG_C)
+#include "mbedtls/net_sockets.h"
+#include "mbedtls/aes.h"
+#include "mbedtls/dhm.h"
+#include "mbedtls/rsa.h"
+#include "mbedtls/sha256.h"
+#include "mbedtls/entropy.h"
+#include "mbedtls/ctr_drbg.h"
+
+#include <stdio.h>
+#include <string.h>
+#endif
+
+#define SERVER_PORT "11999"
+#define PLAINTEXT "==Hello there!=="
+
+#if !defined(MBEDTLS_AES_C) || !defined(MBEDTLS_DHM_C) || \
+ !defined(MBEDTLS_ENTROPY_C) || !defined(MBEDTLS_NET_C) || \
+ !defined(MBEDTLS_RSA_C) || !defined(MBEDTLS_SHA256_C) || \
+ !defined(MBEDTLS_FS_IO) || !defined(MBEDTLS_CTR_DRBG_C)
+int main(void)
+{
+ mbedtls_printf("MBEDTLS_AES_C and/or MBEDTLS_DHM_C and/or MBEDTLS_ENTROPY_C "
+ "and/or MBEDTLS_NET_C and/or MBEDTLS_RSA_C and/or "
+ "MBEDTLS_MD_CAN_SHA256 and/or MBEDTLS_FS_IO and/or "
+ "MBEDTLS_CTR_DRBG_C and/or MBEDTLS_SHA1_C not defined.\n");
+ mbedtls_exit(0);
+}
+#else
+
+
+int main(void)
+{
+ FILE *f;
+
+ int ret = 1;
+ int exit_code = MBEDTLS_EXIT_FAILURE;
+ unsigned int mdlen;
+ size_t n, buflen;
+ mbedtls_net_context listen_fd, client_fd;
+
+ unsigned char buf[2048];
+ unsigned char hash[MBEDTLS_MD_MAX_SIZE];
+ unsigned char buf2[2];
+ const char *pers = "dh_server";
+
+ mbedtls_entropy_context entropy;
+ mbedtls_ctr_drbg_context ctr_drbg;
+ mbedtls_rsa_context rsa;
+ mbedtls_dhm_context dhm;
+ mbedtls_aes_context aes;
+
+ mbedtls_mpi N, P, Q, D, E, dhm_P, dhm_G;
+
+ mbedtls_net_init(&listen_fd);
+ mbedtls_net_init(&client_fd);
+ mbedtls_dhm_init(&dhm);
+ mbedtls_aes_init(&aes);
+ mbedtls_ctr_drbg_init(&ctr_drbg);
+
+ mbedtls_mpi_init(&N); mbedtls_mpi_init(&P); mbedtls_mpi_init(&Q);
+ mbedtls_mpi_init(&D); mbedtls_mpi_init(&E); mbedtls_mpi_init(&dhm_P);
+ mbedtls_mpi_init(&dhm_G);
+ /*
+ * 1. Setup the RNG
+ */
+ mbedtls_printf("\n . Seeding the random number generator");
+ fflush(stdout);
+
+ mbedtls_entropy_init(&entropy);
+ if ((ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &entropy,
+ (const unsigned char *) pers,
+ strlen(pers))) != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_ctr_drbg_seed returned %d\n", ret);
+ goto exit;
+ }
+
+ /*
+ * 2a. Read the server's private RSA key
+ */
+ mbedtls_printf("\n . Reading private key from rsa_priv.txt");
+ fflush(stdout);
+
+ if ((f = fopen("rsa_priv.txt", "rb")) == NULL) {
+ mbedtls_printf(" failed\n ! Could not open rsa_priv.txt\n" \
+ " ! Please run rsa_genkey first\n\n");
+ goto exit;
+ }
+
+ mbedtls_rsa_init(&rsa);
+
+ if ((ret = mbedtls_mpi_read_file(&N, 16, f)) != 0 ||
+ (ret = mbedtls_mpi_read_file(&E, 16, f)) != 0 ||
+ (ret = mbedtls_mpi_read_file(&D, 16, f)) != 0 ||
+ (ret = mbedtls_mpi_read_file(&P, 16, f)) != 0 ||
+ (ret = mbedtls_mpi_read_file(&Q, 16, f)) != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_mpi_read_file returned %d\n\n",
+ ret);
+ fclose(f);
+ goto exit;
+ }
+ fclose(f);
+
+ if ((ret = mbedtls_rsa_import(&rsa, &N, &P, &Q, &D, &E)) != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_rsa_import returned %d\n\n",
+ ret);
+ goto exit;
+ }
+
+ if ((ret = mbedtls_rsa_complete(&rsa)) != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_rsa_complete returned %d\n\n",
+ ret);
+ goto exit;
+ }
+
+ /*
+ * 2b. Get the DHM modulus and generator
+ */
+ mbedtls_printf("\n . Reading DH parameters from dh_prime.txt");
+ fflush(stdout);
+
+ if ((f = fopen("dh_prime.txt", "rb")) == NULL) {
+ mbedtls_printf(" failed\n ! Could not open dh_prime.txt\n" \
+ " ! Please run dh_genprime first\n\n");
+ goto exit;
+ }
+
+ if ((ret = mbedtls_mpi_read_file(&dhm_P, 16, f)) != 0 ||
+ (ret = mbedtls_mpi_read_file(&dhm_G, 16, f)) != 0 ||
+ (ret = mbedtls_dhm_set_group(&dhm, &dhm_P, &dhm_G) != 0)) {
+ mbedtls_printf(" failed\n ! Invalid DH parameter file\n\n");
+ fclose(f);
+ goto exit;
+ }
+
+ fclose(f);
+
+ /*
+ * 3. Wait for a client to connect
+ */
+ mbedtls_printf("\n . Waiting for a remote connection");
+ fflush(stdout);
+
+ if ((ret = mbedtls_net_bind(&listen_fd, NULL, SERVER_PORT, MBEDTLS_NET_PROTO_TCP)) != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_net_bind returned %d\n\n", ret);
+ goto exit;
+ }
+
+ if ((ret = mbedtls_net_accept(&listen_fd, &client_fd,
+ NULL, 0, NULL)) != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_net_accept returned %d\n\n", ret);
+ goto exit;
+ }
+
+ /*
+ * 4. Setup the DH parameters (P,G,Ys)
+ */
+ mbedtls_printf("\n . Sending the server's DH parameters");
+ fflush(stdout);
+
+ memset(buf, 0, sizeof(buf));
+
+ if ((ret =
+ mbedtls_dhm_make_params(&dhm, (int) mbedtls_dhm_get_len(&dhm), buf, &n,
+ mbedtls_ctr_drbg_random, &ctr_drbg)) != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_dhm_make_params returned %d\n\n", ret);
+ goto exit;
+ }
+
+ /*
+ * 5. Sign the parameters and send them
+ */
+
+ mdlen = (unsigned int) mbedtls_md_get_size(mbedtls_md_info_from_type(MBEDTLS_MD_SHA256));
+ if (mdlen == 0) {
+ mbedtls_printf(" failed\n ! Invalid digest type\n\n");
+ goto exit;
+ }
+
+ if ((ret = mbedtls_sha256(buf, n, hash, 0)) != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_sha256 returned %d\n\n", ret);
+ goto exit;
+ }
+
+ const size_t rsa_key_len = mbedtls_rsa_get_len(&rsa);
+ buf[n] = (unsigned char) (rsa_key_len >> 8);
+ buf[n + 1] = (unsigned char) (rsa_key_len);
+
+ if ((ret = mbedtls_rsa_pkcs1_sign(&rsa, mbedtls_ctr_drbg_random, &ctr_drbg,
+ MBEDTLS_MD_SHA256, mdlen,
+ hash, buf + n + 2)) != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_rsa_pkcs1_sign returned %d\n\n", ret);
+ goto exit;
+ }
+
+ buflen = n + 2 + rsa_key_len;
+ buf2[0] = (unsigned char) (buflen >> 8);
+ buf2[1] = (unsigned char) (buflen);
+
+ if ((ret = mbedtls_net_send(&client_fd, buf2, 2)) != 2 ||
+ (ret = mbedtls_net_send(&client_fd, buf, buflen)) != (int) buflen) {
+ mbedtls_printf(" failed\n ! mbedtls_net_send returned %d\n\n", ret);
+ goto exit;
+ }
+
+ /*
+ * 6. Get the client's public value: Yc = G ^ Xc mod P
+ */
+ mbedtls_printf("\n . Receiving the client's public value");
+ fflush(stdout);
+
+ memset(buf, 0, sizeof(buf));
+
+ n = mbedtls_dhm_get_len(&dhm);
+ if ((ret = mbedtls_net_recv(&client_fd, buf, n)) != (int) n) {
+ mbedtls_printf(" failed\n ! mbedtls_net_recv returned %d\n\n", ret);
+ goto exit;
+ }
+
+ if ((ret = mbedtls_dhm_read_public(&dhm, buf, n)) != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_dhm_read_public returned %d\n\n", ret);
+ goto exit;
+ }
+
+ /*
+ * 7. Derive the shared secret: K = Ys ^ Xc mod P
+ */
+ mbedtls_printf("\n . Shared secret: ");
+ fflush(stdout);
+
+ if ((ret = mbedtls_dhm_calc_secret(&dhm, buf, sizeof(buf), &n,
+ mbedtls_ctr_drbg_random, &ctr_drbg)) != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_dhm_calc_secret returned %d\n\n", ret);
+ goto exit;
+ }
+
+ for (n = 0; n < 16; n++) {
+ mbedtls_printf("%02x", buf[n]);
+ }
+
+ /*
+ * 8. Setup the AES-256 encryption key
+ *
+ * This is an overly simplified example; best practice is
+ * to hash the shared secret with a random value to derive
+ * the keying material for the encryption/decryption keys
+ * and MACs.
+ */
+ mbedtls_printf("...\n . Encrypting and sending the ciphertext");
+ fflush(stdout);
+
+ ret = mbedtls_aes_setkey_enc(&aes, buf, 256);
+ if (ret != 0) {
+ goto exit;
+ }
+ memcpy(buf, PLAINTEXT, 16);
+ ret = mbedtls_aes_crypt_ecb(&aes, MBEDTLS_AES_ENCRYPT, buf, buf);
+ if (ret != 0) {
+ goto exit;
+ }
+
+ if ((ret = mbedtls_net_send(&client_fd, buf, 16)) != 16) {
+ mbedtls_printf(" failed\n ! mbedtls_net_send returned %d\n\n", ret);
+ goto exit;
+ }
+
+ mbedtls_printf("\n\n");
+
+ exit_code = MBEDTLS_EXIT_SUCCESS;
+
+exit:
+
+ mbedtls_mpi_free(&N); mbedtls_mpi_free(&P); mbedtls_mpi_free(&Q);
+ mbedtls_mpi_free(&D); mbedtls_mpi_free(&E); mbedtls_mpi_free(&dhm_P);
+ mbedtls_mpi_free(&dhm_G);
+
+ mbedtls_net_free(&client_fd);
+ mbedtls_net_free(&listen_fd);
+
+ mbedtls_aes_free(&aes);
+ mbedtls_rsa_free(&rsa);
+ mbedtls_dhm_free(&dhm);
+ mbedtls_ctr_drbg_free(&ctr_drbg);
+ mbedtls_entropy_free(&entropy);
+
+ mbedtls_exit(exit_code);
+}
+#endif /* MBEDTLS_AES_C && MBEDTLS_DHM_C && MBEDTLS_ENTROPY_C &&
+ MBEDTLS_NET_C && MBEDTLS_RSA_C && MBEDTLS_MD_CAN_SHA256 &&
+ MBEDTLS_FS_IO && MBEDTLS_CTR_DRBG_C */
diff --git a/programs/pkey/ecdh_curve25519.c b/programs/pkey/ecdh_curve25519.c
new file mode 100644
index 0000000..fedfcc9
--- /dev/null
+++ b/programs/pkey/ecdh_curve25519.c
@@ -0,0 +1,189 @@
+/*
+ * Example ECDHE with Curve25519 program
+ *
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ */
+
+#include "mbedtls/build_info.h"
+
+#include "mbedtls/platform.h"
+
+#if !defined(MBEDTLS_ECDH_C) || \
+ !defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED) || \
+ !defined(MBEDTLS_ENTROPY_C) || !defined(MBEDTLS_CTR_DRBG_C)
+int main(void)
+{
+ mbedtls_printf("MBEDTLS_ECDH_C and/or "
+ "MBEDTLS_ECP_DP_CURVE25519_ENABLED and/or "
+ "MBEDTLS_ENTROPY_C and/or MBEDTLS_CTR_DRBG_C "
+ "not defined\n");
+ mbedtls_exit(0);
+}
+#else
+
+#include "mbedtls/entropy.h"
+#include "mbedtls/ctr_drbg.h"
+#include "mbedtls/ecdh.h"
+
+#include <string.h>
+
+
+int main(int argc, char *argv[])
+{
+ int ret = 1;
+ int exit_code = MBEDTLS_EXIT_FAILURE;
+ mbedtls_ecdh_context ctx_cli, ctx_srv;
+ mbedtls_entropy_context entropy;
+ mbedtls_ctr_drbg_context ctr_drbg;
+ unsigned char cli_to_srv[36], srv_to_cli[33];
+ const char pers[] = "ecdh";
+
+ size_t srv_olen;
+ size_t cli_olen;
+ unsigned char secret_cli[32] = { 0 };
+ unsigned char secret_srv[32] = { 0 };
+ const unsigned char *p_cli_to_srv = cli_to_srv;
+
+ ((void) argc);
+ ((void) argv);
+
+ mbedtls_ecdh_init(&ctx_cli);
+ mbedtls_ecdh_init(&ctx_srv);
+ mbedtls_ctr_drbg_init(&ctr_drbg);
+
+ /*
+ * Initialize random number generation
+ */
+ mbedtls_printf(" . Seed the random number generator...");
+ fflush(stdout);
+
+ mbedtls_entropy_init(&entropy);
+ if ((ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func,
+ &entropy,
+ (const unsigned char *) pers,
+ sizeof(pers))) != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_ctr_drbg_seed returned %d\n",
+ ret);
+ goto exit;
+ }
+
+ mbedtls_printf(" ok\n");
+
+ /*
+ * Client: initialize context and generate keypair
+ */
+ mbedtls_printf(" . Set up client context, generate EC key pair...");
+ fflush(stdout);
+
+ ret = mbedtls_ecdh_setup(&ctx_cli, MBEDTLS_ECP_DP_CURVE25519);
+ if (ret != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_ecdh_setup returned %d\n", ret);
+ goto exit;
+ }
+
+ ret = mbedtls_ecdh_make_params(&ctx_cli, &cli_olen, cli_to_srv,
+ sizeof(cli_to_srv),
+ mbedtls_ctr_drbg_random, &ctr_drbg);
+ if (ret != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_ecdh_make_params returned %d\n",
+ ret);
+ goto exit;
+ }
+
+ mbedtls_printf(" ok\n");
+
+ /*
+ * Server: initialize context and generate keypair
+ */
+ mbedtls_printf(" . Server: read params, generate public key...");
+ fflush(stdout);
+
+ ret = mbedtls_ecdh_read_params(&ctx_srv, &p_cli_to_srv,
+ p_cli_to_srv + sizeof(cli_to_srv));
+ if (ret != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_ecdh_read_params returned %d\n",
+ ret);
+ goto exit;
+ }
+
+ ret = mbedtls_ecdh_make_public(&ctx_srv, &srv_olen, srv_to_cli,
+ sizeof(srv_to_cli),
+ mbedtls_ctr_drbg_random, &ctr_drbg);
+ if (ret != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_ecdh_make_public returned %d\n",
+ ret);
+ goto exit;
+ }
+
+ mbedtls_printf(" ok\n");
+
+ /*
+ * Client: read public key
+ */
+ mbedtls_printf(" . Client: read public key...");
+ fflush(stdout);
+
+ ret = mbedtls_ecdh_read_public(&ctx_cli, srv_to_cli,
+ sizeof(srv_to_cli));
+ if (ret != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_ecdh_read_public returned %d\n",
+ ret);
+ goto exit;
+ }
+
+ mbedtls_printf(" ok\n");
+
+ /*
+ * Calculate secrets
+ */
+ mbedtls_printf(" . Calculate secrets...");
+ fflush(stdout);
+
+ ret = mbedtls_ecdh_calc_secret(&ctx_cli, &cli_olen, secret_cli,
+ sizeof(secret_cli),
+ mbedtls_ctr_drbg_random, &ctr_drbg);
+ if (ret != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_ecdh_calc_secret returned %d\n",
+ ret);
+ goto exit;
+ }
+
+ ret = mbedtls_ecdh_calc_secret(&ctx_srv, &srv_olen, secret_srv,
+ sizeof(secret_srv),
+ mbedtls_ctr_drbg_random, &ctr_drbg);
+ if (ret != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_ecdh_calc_secret returned %d\n",
+ ret);
+ goto exit;
+ }
+
+ mbedtls_printf(" ok\n");
+
+ /*
+ * Verification: are the computed secrets equal?
+ */
+ mbedtls_printf(" . Check if both calculated secrets are equal...");
+ fflush(stdout);
+
+ ret = memcmp(secret_srv, secret_cli, srv_olen);
+ if (ret != 0 || (cli_olen != srv_olen)) {
+ mbedtls_printf(" failed\n ! Shared secrets not equal.\n");
+ goto exit;
+ }
+
+ mbedtls_printf(" ok\n");
+
+ exit_code = MBEDTLS_EXIT_SUCCESS;
+
+exit:
+
+ mbedtls_ecdh_free(&ctx_srv);
+ mbedtls_ecdh_free(&ctx_cli);
+ mbedtls_ctr_drbg_free(&ctr_drbg);
+ mbedtls_entropy_free(&entropy);
+
+ mbedtls_exit(exit_code);
+}
+#endif /* MBEDTLS_ECDH_C && MBEDTLS_ECP_DP_CURVE25519_ENABLED &&
+ MBEDTLS_ENTROPY_C && MBEDTLS_CTR_DRBG_C */
diff --git a/programs/pkey/ecdsa.c b/programs/pkey/ecdsa.c
new file mode 100644
index 0000000..5664b8c
--- /dev/null
+++ b/programs/pkey/ecdsa.c
@@ -0,0 +1,220 @@
+/*
+ * Example ECDSA program
+ *
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ */
+
+#include "mbedtls/build_info.h"
+
+#include "mbedtls/platform.h"
+
+#if defined(MBEDTLS_ECDSA_C) && \
+ defined(MBEDTLS_ENTROPY_C) && defined(MBEDTLS_CTR_DRBG_C)
+#include "mbedtls/entropy.h"
+#include "mbedtls/ctr_drbg.h"
+#include "mbedtls/ecdsa.h"
+#include "mbedtls/sha256.h"
+
+#include <string.h>
+#endif
+
+/*
+ * Uncomment to show key and signature details
+ */
+#define VERBOSE
+
+/*
+ * Uncomment to force use of a specific curve
+ */
+#define ECPARAMS MBEDTLS_ECP_DP_SECP192R1
+
+#if !defined(ECPARAMS)
+#define ECPARAMS mbedtls_ecp_curve_list()->grp_id
+#endif
+
+#if !defined(MBEDTLS_ECDSA_C) || !defined(MBEDTLS_SHA256_C) || \
+ !defined(MBEDTLS_ENTROPY_C) || !defined(MBEDTLS_CTR_DRBG_C)
+int main(void)
+{
+ mbedtls_printf("MBEDTLS_ECDSA_C and/or MBEDTLS_SHA256_C and/or "
+ "MBEDTLS_ENTROPY_C and/or MBEDTLS_CTR_DRBG_C not defined\n");
+ mbedtls_exit(0);
+}
+#else
+#if defined(VERBOSE)
+static void dump_buf(const char *title, unsigned char *buf, size_t len)
+{
+ size_t i;
+
+ mbedtls_printf("%s", title);
+ for (i = 0; i < len; i++) {
+ mbedtls_printf("%c%c", "0123456789ABCDEF" [buf[i] / 16],
+ "0123456789ABCDEF" [buf[i] % 16]);
+ }
+ mbedtls_printf("\n");
+}
+
+static void dump_pubkey(const char *title, mbedtls_ecdsa_context *key)
+{
+ unsigned char buf[300];
+ size_t len;
+
+ if (mbedtls_ecp_write_public_key(key, MBEDTLS_ECP_PF_UNCOMPRESSED,
+ &len, buf, sizeof(buf)) != 0) {
+ mbedtls_printf("internal error\n");
+ return;
+ }
+
+ dump_buf(title, buf, len);
+}
+#else
+#define dump_buf(a, b, c)
+#define dump_pubkey(a, b)
+#endif
+
+
+int main(int argc, char *argv[])
+{
+ int ret = 1;
+ int exit_code = MBEDTLS_EXIT_FAILURE;
+ mbedtls_ecdsa_context ctx_sign, ctx_verify;
+ mbedtls_ecp_point Q;
+ mbedtls_ecp_point_init(&Q);
+ mbedtls_entropy_context entropy;
+ mbedtls_ctr_drbg_context ctr_drbg;
+ unsigned char message[100];
+ unsigned char hash[32];
+ unsigned char sig[MBEDTLS_ECDSA_MAX_LEN];
+ size_t sig_len;
+ const char *pers = "ecdsa";
+ ((void) argv);
+
+ mbedtls_ecdsa_init(&ctx_sign);
+ mbedtls_ecdsa_init(&ctx_verify);
+ mbedtls_ctr_drbg_init(&ctr_drbg);
+
+ memset(sig, 0, sizeof(sig));
+ memset(message, 0x25, sizeof(message));
+
+ if (argc != 1) {
+ mbedtls_printf("usage: ecdsa\n");
+
+#if defined(_WIN32)
+ mbedtls_printf("\n");
+#endif
+
+ goto exit;
+ }
+
+ /*
+ * Generate a key pair for signing
+ */
+ mbedtls_printf("\n . Seeding the random number generator...");
+ fflush(stdout);
+
+ mbedtls_entropy_init(&entropy);
+ if ((ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &entropy,
+ (const unsigned char *) pers,
+ strlen(pers))) != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_ctr_drbg_seed returned %d\n", ret);
+ goto exit;
+ }
+
+ mbedtls_printf(" ok\n . Generating key pair...");
+ fflush(stdout);
+
+ if ((ret = mbedtls_ecdsa_genkey(&ctx_sign, ECPARAMS,
+ mbedtls_ctr_drbg_random, &ctr_drbg)) != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_ecdsa_genkey returned %d\n", ret);
+ goto exit;
+ }
+
+ mbedtls_ecp_group_id grp_id = mbedtls_ecp_keypair_get_group_id(&ctx_sign);
+ const mbedtls_ecp_curve_info *curve_info =
+ mbedtls_ecp_curve_info_from_grp_id(grp_id);
+ mbedtls_printf(" ok (key size: %d bits)\n", (int) curve_info->bit_size);
+
+ dump_pubkey(" + Public key: ", &ctx_sign);
+
+ /*
+ * Compute message hash
+ */
+ mbedtls_printf(" . Computing message hash...");
+ fflush(stdout);
+
+ if ((ret = mbedtls_sha256(message, sizeof(message), hash, 0)) != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_sha256 returned %d\n", ret);
+ goto exit;
+ }
+
+ mbedtls_printf(" ok\n");
+
+ dump_buf(" + Hash: ", hash, sizeof(hash));
+
+ /*
+ * Sign message hash
+ */
+ mbedtls_printf(" . Signing message hash...");
+ fflush(stdout);
+
+ if ((ret = mbedtls_ecdsa_write_signature(&ctx_sign, MBEDTLS_MD_SHA256,
+ hash, sizeof(hash),
+ sig, sizeof(sig), &sig_len,
+ mbedtls_ctr_drbg_random, &ctr_drbg)) != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_ecdsa_write_signature returned %d\n", ret);
+ goto exit;
+ }
+ mbedtls_printf(" ok (signature length = %u)\n", (unsigned int) sig_len);
+
+ dump_buf(" + Signature: ", sig, sig_len);
+
+ /*
+ * Transfer public information to verifying context
+ *
+ * We could use the same context for verification and signatures, but we
+ * chose to use a new one in order to make it clear that the verifying
+ * context only needs the public key (Q), and not the private key (d).
+ */
+ mbedtls_printf(" . Preparing verification context...");
+ fflush(stdout);
+
+ if ((ret = mbedtls_ecp_export(&ctx_sign, NULL, NULL, &Q)) != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_ecp_export returned %d\n", ret);
+ goto exit;
+ }
+
+ if ((ret = mbedtls_ecp_set_public_key(grp_id, &ctx_verify, &Q)) != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_ecp_set_public_key returned %d\n", ret);
+ goto exit;
+ }
+
+ /*
+ * Verify signature
+ */
+ mbedtls_printf(" ok\n . Verifying signature...");
+ fflush(stdout);
+
+ if ((ret = mbedtls_ecdsa_read_signature(&ctx_verify,
+ hash, sizeof(hash),
+ sig, sig_len)) != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_ecdsa_read_signature returned %d\n", ret);
+ goto exit;
+ }
+
+ mbedtls_printf(" ok\n");
+
+ exit_code = MBEDTLS_EXIT_SUCCESS;
+
+exit:
+
+ mbedtls_ecdsa_free(&ctx_verify);
+ mbedtls_ecdsa_free(&ctx_sign);
+ mbedtls_ecp_point_free(&Q);
+ mbedtls_ctr_drbg_free(&ctr_drbg);
+ mbedtls_entropy_free(&entropy);
+
+ mbedtls_exit(exit_code);
+}
+#endif /* MBEDTLS_ECDSA_C && MBEDTLS_ENTROPY_C && MBEDTLS_CTR_DRBG_C &&
+ ECPARAMS */
diff --git a/programs/pkey/gen_key.c b/programs/pkey/gen_key.c
new file mode 100644
index 0000000..194a5cb
--- /dev/null
+++ b/programs/pkey/gen_key.c
@@ -0,0 +1,478 @@
+/*
+ * Key generation application
+ *
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ */
+
+#include "mbedtls/build_info.h"
+
+#include "mbedtls/platform.h"
+
+#if !defined(MBEDTLS_PK_WRITE_C) || !defined(MBEDTLS_PEM_WRITE_C) || \
+ !defined(MBEDTLS_FS_IO) || !defined(MBEDTLS_ENTROPY_C) || \
+ !defined(MBEDTLS_CTR_DRBG_C) || !defined(MBEDTLS_BIGNUM_C)
+int main(void)
+{
+ mbedtls_printf("MBEDTLS_PK_WRITE_C and/or MBEDTLS_FS_IO and/or "
+ "MBEDTLS_ENTROPY_C and/or MBEDTLS_CTR_DRBG_C and/or "
+ "MBEDTLS_PEM_WRITE_C and/or MBEDTLS_BIGNUM_C "
+ "not defined.\n");
+ mbedtls_exit(0);
+}
+#else
+
+#include "mbedtls/error.h"
+#include "mbedtls/pk.h"
+#include "mbedtls/ecdsa.h"
+#include "mbedtls/rsa.h"
+#include "mbedtls/error.h"
+#include "mbedtls/entropy.h"
+#include "mbedtls/ctr_drbg.h"
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#if !defined(_WIN32)
+#include <unistd.h>
+
+#define DEV_RANDOM_THRESHOLD 32
+
+int dev_random_entropy_poll(void *data, unsigned char *output,
+ size_t len, size_t *olen)
+{
+ FILE *file;
+ size_t ret, left = len;
+ unsigned char *p = output;
+ ((void) data);
+
+ *olen = 0;
+
+ file = fopen("/dev/random", "rb");
+ if (file == NULL) {
+ return MBEDTLS_ERR_ENTROPY_SOURCE_FAILED;
+ }
+
+ while (left > 0) {
+ /* /dev/random can return much less than requested. If so, try again */
+ ret = fread(p, 1, left, file);
+ if (ret == 0 && ferror(file)) {
+ fclose(file);
+ return MBEDTLS_ERR_ENTROPY_SOURCE_FAILED;
+ }
+
+ p += ret;
+ left -= ret;
+ sleep(1);
+ }
+ fclose(file);
+ *olen = len;
+
+ return 0;
+}
+#endif /* !_WIN32 */
+
+#if defined(MBEDTLS_ECP_C)
+#define DFL_EC_CURVE mbedtls_ecp_curve_list()->grp_id
+#else
+#define DFL_EC_CURVE 0
+#endif
+
+#if !defined(_WIN32) && defined(MBEDTLS_FS_IO)
+#define USAGE_DEV_RANDOM \
+ " use_dev_random=0|1 default: 0\n"
+#else
+#define USAGE_DEV_RANDOM ""
+#endif /* !_WIN32 && MBEDTLS_FS_IO */
+
+#define FORMAT_PEM 0
+#define FORMAT_DER 1
+
+#define DFL_TYPE MBEDTLS_PK_RSA
+#define DFL_RSA_KEYSIZE 4096
+#define DFL_FILENAME "keyfile.key"
+#define DFL_FORMAT FORMAT_PEM
+#define DFL_USE_DEV_RANDOM 0
+
+#define USAGE \
+ "\n usage: gen_key param=<>...\n" \
+ "\n acceptable parameters:\n" \
+ " type=rsa|ec default: rsa\n" \
+ " rsa_keysize=%%d default: 4096\n" \
+ " ec_curve=%%s see below\n" \
+ " filename=%%s default: keyfile.key\n" \
+ " format=pem|der default: pem\n" \
+ USAGE_DEV_RANDOM \
+ "\n"
+
+
+/*
+ * global options
+ */
+struct options {
+ int type; /* the type of key to generate */
+ int rsa_keysize; /* length of key in bits */
+ int ec_curve; /* curve identifier for EC keys */
+ const char *filename; /* filename of the key file */
+ int format; /* the output format to use */
+ int use_dev_random; /* use /dev/random as entropy source */
+} opt;
+
+static int write_private_key(mbedtls_pk_context *key, const char *output_file)
+{
+ int ret;
+ FILE *f;
+ unsigned char output_buf[16000];
+ unsigned char *c = output_buf;
+ size_t len = 0;
+
+ memset(output_buf, 0, 16000);
+ if (opt.format == FORMAT_PEM) {
+ if ((ret = mbedtls_pk_write_key_pem(key, output_buf, 16000)) != 0) {
+ return ret;
+ }
+
+ len = strlen((char *) output_buf);
+ } else {
+ if ((ret = mbedtls_pk_write_key_der(key, output_buf, 16000)) < 0) {
+ return ret;
+ }
+
+ len = ret;
+ c = output_buf + sizeof(output_buf) - len;
+ }
+
+ if ((f = fopen(output_file, "wb")) == NULL) {
+ return -1;
+ }
+
+ if (fwrite(c, 1, len, f) != len) {
+ fclose(f);
+ return -1;
+ }
+
+ fclose(f);
+
+ return 0;
+}
+
+#if defined(MBEDTLS_ECP_C)
+static int show_ecp_key(const mbedtls_ecp_keypair *ecp, int has_private)
+{
+ int ret = 0;
+
+ const mbedtls_ecp_curve_info *curve_info =
+ mbedtls_ecp_curve_info_from_grp_id(
+ mbedtls_ecp_keypair_get_group_id(ecp));
+ mbedtls_printf("curve: %s\n", curve_info->name);
+
+ mbedtls_ecp_group grp;
+ mbedtls_ecp_group_init(&grp);
+ mbedtls_mpi D;
+ mbedtls_mpi_init(&D);
+ mbedtls_ecp_point pt;
+ mbedtls_ecp_point_init(&pt);
+ mbedtls_mpi X, Y;
+ mbedtls_mpi_init(&X); mbedtls_mpi_init(&Y);
+
+ MBEDTLS_MPI_CHK(mbedtls_ecp_export(ecp, &grp,
+ (has_private ? &D : NULL),
+ &pt));
+
+ unsigned char point_bin[MBEDTLS_ECP_MAX_PT_LEN];
+ size_t len = 0;
+ MBEDTLS_MPI_CHK(mbedtls_ecp_point_write_binary(
+ &grp, &pt, MBEDTLS_ECP_PF_UNCOMPRESSED,
+ &len, point_bin, sizeof(point_bin)));
+ switch (mbedtls_ecp_get_type(&grp)) {
+ case MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS:
+ if ((len & 1) == 0 || point_bin[0] != 0x04) {
+ /* Point in an unxepected format. This shouldn't happen. */
+ ret = -1;
+ goto cleanup;
+ }
+ MBEDTLS_MPI_CHK(
+ mbedtls_mpi_read_binary(&X, point_bin + 1, len / 2));
+ MBEDTLS_MPI_CHK(
+ mbedtls_mpi_read_binary(&Y, point_bin + 1 + len / 2, len / 2));
+ mbedtls_mpi_write_file("X_Q: ", &X, 16, NULL);
+ mbedtls_mpi_write_file("Y_Q: ", &Y, 16, NULL);
+ break;
+ case MBEDTLS_ECP_TYPE_MONTGOMERY:
+ MBEDTLS_MPI_CHK(mbedtls_mpi_read_binary(&X, point_bin, len));
+ mbedtls_mpi_write_file("X_Q: ", &X, 16, NULL);
+ break;
+ default:
+ mbedtls_printf(
+ "This program does not yet support listing coordinates for this curve type.\n");
+ break;
+ }
+
+ if (has_private) {
+ mbedtls_mpi_write_file("D: ", &D, 16, NULL);
+ }
+
+cleanup:
+ mbedtls_ecp_group_free(&grp);
+ mbedtls_mpi_free(&D);
+ mbedtls_ecp_point_free(&pt);
+ mbedtls_mpi_free(&X); mbedtls_mpi_free(&Y);
+ return ret;
+}
+#endif
+
+int main(int argc, char *argv[])
+{
+ int ret = 1;
+ int exit_code = MBEDTLS_EXIT_FAILURE;
+ mbedtls_pk_context key;
+ char buf[1024];
+ int i;
+ char *p, *q;
+#if defined(MBEDTLS_RSA_C)
+ mbedtls_mpi N, P, Q, D, E, DP, DQ, QP;
+#endif /* MBEDTLS_RSA_C */
+ mbedtls_entropy_context entropy;
+ mbedtls_ctr_drbg_context ctr_drbg;
+ const char *pers = "gen_key";
+#if defined(MBEDTLS_ECP_C)
+ const mbedtls_ecp_curve_info *curve_info;
+#endif
+
+ /*
+ * Set to sane values
+ */
+#if defined(MBEDTLS_RSA_C)
+ mbedtls_mpi_init(&N); mbedtls_mpi_init(&P); mbedtls_mpi_init(&Q);
+ mbedtls_mpi_init(&D); mbedtls_mpi_init(&E); mbedtls_mpi_init(&DP);
+ mbedtls_mpi_init(&DQ); mbedtls_mpi_init(&QP);
+#endif /* MBEDTLS_RSA_C */
+
+ mbedtls_entropy_init(&entropy);
+ mbedtls_pk_init(&key);
+ mbedtls_ctr_drbg_init(&ctr_drbg);
+ memset(buf, 0, sizeof(buf));
+
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ psa_status_t status = psa_crypto_init();
+ if (status != PSA_SUCCESS) {
+ mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n",
+ (int) status);
+ goto exit;
+ }
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+
+ if (argc < 2) {
+usage:
+ mbedtls_printf(USAGE);
+#if defined(MBEDTLS_ECP_C)
+ mbedtls_printf(" available ec_curve values:\n");
+ curve_info = mbedtls_ecp_curve_list();
+ mbedtls_printf(" %s (default)\n", curve_info->name);
+ while ((++curve_info)->name != NULL) {
+ mbedtls_printf(" %s\n", curve_info->name);
+ }
+#endif /* MBEDTLS_ECP_C */
+ goto exit;
+ }
+
+ opt.type = DFL_TYPE;
+ opt.rsa_keysize = DFL_RSA_KEYSIZE;
+ opt.ec_curve = DFL_EC_CURVE;
+ opt.filename = DFL_FILENAME;
+ opt.format = DFL_FORMAT;
+ opt.use_dev_random = DFL_USE_DEV_RANDOM;
+
+ for (i = 1; i < argc; i++) {
+ p = argv[i];
+ if ((q = strchr(p, '=')) == NULL) {
+ goto usage;
+ }
+ *q++ = '\0';
+
+ if (strcmp(p, "type") == 0) {
+ if (strcmp(q, "rsa") == 0) {
+ opt.type = MBEDTLS_PK_RSA;
+ } else if (strcmp(q, "ec") == 0) {
+ opt.type = MBEDTLS_PK_ECKEY;
+ } else {
+ goto usage;
+ }
+ } else if (strcmp(p, "format") == 0) {
+ if (strcmp(q, "pem") == 0) {
+ opt.format = FORMAT_PEM;
+ } else if (strcmp(q, "der") == 0) {
+ opt.format = FORMAT_DER;
+ } else {
+ goto usage;
+ }
+ } else if (strcmp(p, "rsa_keysize") == 0) {
+ opt.rsa_keysize = atoi(q);
+ if (opt.rsa_keysize < 1024 ||
+ opt.rsa_keysize > MBEDTLS_MPI_MAX_BITS) {
+ goto usage;
+ }
+ }
+#if defined(MBEDTLS_ECP_C)
+ else if (strcmp(p, "ec_curve") == 0) {
+ if ((curve_info = mbedtls_ecp_curve_info_from_name(q)) == NULL) {
+ goto usage;
+ }
+ opt.ec_curve = curve_info->grp_id;
+ }
+#endif
+ else if (strcmp(p, "filename") == 0) {
+ opt.filename = q;
+ } else if (strcmp(p, "use_dev_random") == 0) {
+ opt.use_dev_random = atoi(q);
+ if (opt.use_dev_random < 0 || opt.use_dev_random > 1) {
+ goto usage;
+ }
+ } else {
+ goto usage;
+ }
+ }
+
+ mbedtls_printf("\n . Seeding the random number generator...");
+ fflush(stdout);
+
+#if !defined(_WIN32) && defined(MBEDTLS_FS_IO)
+ if (opt.use_dev_random) {
+ if ((ret = mbedtls_entropy_add_source(&entropy, dev_random_entropy_poll,
+ NULL, DEV_RANDOM_THRESHOLD,
+ MBEDTLS_ENTROPY_SOURCE_STRONG)) != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_entropy_add_source returned -0x%04x\n",
+ (unsigned int) -ret);
+ goto exit;
+ }
+
+ mbedtls_printf("\n Using /dev/random, so can take a long time! ");
+ fflush(stdout);
+ }
+#endif /* !_WIN32 && MBEDTLS_FS_IO */
+
+ if ((ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &entropy,
+ (const unsigned char *) pers,
+ strlen(pers))) != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_ctr_drbg_seed returned -0x%04x\n",
+ (unsigned int) -ret);
+ goto exit;
+ }
+
+ /*
+ * 1.1. Generate the key
+ */
+ mbedtls_printf("\n . Generating the private key ...");
+ fflush(stdout);
+
+ if ((ret = mbedtls_pk_setup(&key,
+ mbedtls_pk_info_from_type((mbedtls_pk_type_t) opt.type))) != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_pk_setup returned -0x%04x", (unsigned int) -ret);
+ goto exit;
+ }
+
+#if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_GENPRIME)
+ if (opt.type == MBEDTLS_PK_RSA) {
+ ret = mbedtls_rsa_gen_key(mbedtls_pk_rsa(key), mbedtls_ctr_drbg_random, &ctr_drbg,
+ opt.rsa_keysize, 65537);
+ if (ret != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_rsa_gen_key returned -0x%04x",
+ (unsigned int) -ret);
+ goto exit;
+ }
+ } else
+#endif /* MBEDTLS_RSA_C */
+#if defined(MBEDTLS_ECP_C)
+ if (opt.type == MBEDTLS_PK_ECKEY) {
+ ret = mbedtls_ecp_gen_key((mbedtls_ecp_group_id) opt.ec_curve,
+ mbedtls_pk_ec(key),
+ mbedtls_ctr_drbg_random, &ctr_drbg);
+ if (ret != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_ecp_gen_key returned -0x%04x",
+ (unsigned int) -ret);
+ goto exit;
+ }
+ } else
+#endif /* MBEDTLS_ECP_C */
+ {
+ mbedtls_printf(" failed\n ! key type not supported\n");
+ goto exit;
+ }
+
+ /*
+ * 1.2 Print the key
+ */
+ mbedtls_printf(" ok\n . Key information:\n");
+
+#if defined(MBEDTLS_RSA_C)
+ if (mbedtls_pk_get_type(&key) == MBEDTLS_PK_RSA) {
+ mbedtls_rsa_context *rsa = mbedtls_pk_rsa(key);
+
+ if ((ret = mbedtls_rsa_export(rsa, &N, &P, &Q, &D, &E)) != 0 ||
+ (ret = mbedtls_rsa_export_crt(rsa, &DP, &DQ, &QP)) != 0) {
+ mbedtls_printf(" failed\n ! could not export RSA parameters\n\n");
+ goto exit;
+ }
+
+ mbedtls_mpi_write_file("N: ", &N, 16, NULL);
+ mbedtls_mpi_write_file("E: ", &E, 16, NULL);
+ mbedtls_mpi_write_file("D: ", &D, 16, NULL);
+ mbedtls_mpi_write_file("P: ", &P, 16, NULL);
+ mbedtls_mpi_write_file("Q: ", &Q, 16, NULL);
+ mbedtls_mpi_write_file("DP: ", &DP, 16, NULL);
+ mbedtls_mpi_write_file("DQ: ", &DQ, 16, NULL);
+ mbedtls_mpi_write_file("QP: ", &QP, 16, NULL);
+ } else
+#endif
+#if defined(MBEDTLS_ECP_C)
+ if (mbedtls_pk_get_type(&key) == MBEDTLS_PK_ECKEY) {
+ if (show_ecp_key(mbedtls_pk_ec(key), 1) != 0) {
+ mbedtls_printf(" failed\n ! could not export ECC parameters\n\n");
+ goto exit;
+ }
+ } else
+#endif
+ mbedtls_printf(" ! key type not supported\n");
+
+ /*
+ * 1.3 Export key
+ */
+ mbedtls_printf(" . Writing key to file...");
+
+ if ((ret = write_private_key(&key, opt.filename)) != 0) {
+ mbedtls_printf(" failed\n");
+ goto exit;
+ }
+
+ mbedtls_printf(" ok\n");
+
+ exit_code = MBEDTLS_EXIT_SUCCESS;
+
+exit:
+
+ if (exit_code != MBEDTLS_EXIT_SUCCESS) {
+#ifdef MBEDTLS_ERROR_C
+ mbedtls_strerror(ret, buf, sizeof(buf));
+ mbedtls_printf(" - %s\n", buf);
+#else
+ mbedtls_printf("\n");
+#endif
+ }
+
+#if defined(MBEDTLS_RSA_C)
+ mbedtls_mpi_free(&N); mbedtls_mpi_free(&P); mbedtls_mpi_free(&Q);
+ mbedtls_mpi_free(&D); mbedtls_mpi_free(&E); mbedtls_mpi_free(&DP);
+ mbedtls_mpi_free(&DQ); mbedtls_mpi_free(&QP);
+#endif /* MBEDTLS_RSA_C */
+
+ mbedtls_pk_free(&key);
+ mbedtls_ctr_drbg_free(&ctr_drbg);
+ mbedtls_entropy_free(&entropy);
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ mbedtls_psa_crypto_free();
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+
+ mbedtls_exit(exit_code);
+}
+#endif /* program viability conditions */
diff --git a/programs/pkey/key_app.c b/programs/pkey/key_app.c
new file mode 100644
index 0000000..e3a6966
--- /dev/null
+++ b/programs/pkey/key_app.c
@@ -0,0 +1,368 @@
+/*
+ * Key reading application
+ *
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ */
+
+#include "mbedtls/build_info.h"
+
+#include "mbedtls/platform.h"
+
+#if defined(MBEDTLS_BIGNUM_C) && \
+ defined(MBEDTLS_PK_PARSE_C) && defined(MBEDTLS_FS_IO) && \
+ defined(MBEDTLS_ENTROPY_C) && defined(MBEDTLS_CTR_DRBG_C)
+#include "mbedtls/error.h"
+#include "mbedtls/rsa.h"
+#include "mbedtls/pk.h"
+#include "mbedtls/entropy.h"
+#include "mbedtls/ctr_drbg.h"
+
+#include <string.h>
+#endif
+
+#define MODE_NONE 0
+#define MODE_PRIVATE 1
+#define MODE_PUBLIC 2
+
+#define DFL_MODE MODE_NONE
+#define DFL_FILENAME "keyfile.key"
+#define DFL_PASSWORD ""
+#define DFL_PASSWORD_FILE ""
+#define DFL_DEBUG_LEVEL 0
+
+#define USAGE \
+ "\n usage: key_app param=<>...\n" \
+ "\n acceptable parameters:\n" \
+ " mode=private|public default: none\n" \
+ " filename=%%s default: keyfile.key\n" \
+ " password=%%s default: \"\"\n" \
+ " password_file=%%s default: \"\"\n" \
+ "\n"
+
+#if !defined(MBEDTLS_BIGNUM_C) || \
+ !defined(MBEDTLS_PK_PARSE_C) || !defined(MBEDTLS_FS_IO) || \
+ !defined(MBEDTLS_ENTROPY_C) || !defined(MBEDTLS_CTR_DRBG_C)
+int main(void)
+{
+ mbedtls_printf("MBEDTLS_BIGNUM_C and/or "
+ "MBEDTLS_PK_PARSE_C and/or MBEDTLS_FS_IO and/or "
+ "MBEDTLS_ENTROPY_C and/or MBEDTLS_CTR_DRBG_C not defined.\n");
+ mbedtls_exit(0);
+}
+#else
+
+
+#if defined(MBEDTLS_ECP_C)
+static int show_ecp_key(const mbedtls_ecp_keypair *ecp, int has_private)
+{
+ int ret = 0;
+
+ const mbedtls_ecp_curve_info *curve_info =
+ mbedtls_ecp_curve_info_from_grp_id(
+ mbedtls_ecp_keypair_get_group_id(ecp));
+ mbedtls_printf("curve: %s\n", curve_info->name);
+
+ mbedtls_ecp_group grp;
+ mbedtls_ecp_group_init(&grp);
+ mbedtls_mpi D;
+ mbedtls_mpi_init(&D);
+ mbedtls_ecp_point pt;
+ mbedtls_ecp_point_init(&pt);
+ mbedtls_mpi X, Y;
+ mbedtls_mpi_init(&X); mbedtls_mpi_init(&Y);
+
+ MBEDTLS_MPI_CHK(mbedtls_ecp_export(ecp, &grp,
+ (has_private ? &D : NULL),
+ &pt));
+
+ unsigned char point_bin[MBEDTLS_ECP_MAX_PT_LEN];
+ size_t len = 0;
+ MBEDTLS_MPI_CHK(mbedtls_ecp_point_write_binary(
+ &grp, &pt, MBEDTLS_ECP_PF_UNCOMPRESSED,
+ &len, point_bin, sizeof(point_bin)));
+ switch (mbedtls_ecp_get_type(&grp)) {
+ case MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS:
+ if ((len & 1) == 0 || point_bin[0] != 0x04) {
+ /* Point in an unxepected format. This shouldn't happen. */
+ ret = -1;
+ goto cleanup;
+ }
+ MBEDTLS_MPI_CHK(
+ mbedtls_mpi_read_binary(&X, point_bin + 1, len / 2));
+ MBEDTLS_MPI_CHK(
+ mbedtls_mpi_read_binary(&Y, point_bin + 1 + len / 2, len / 2));
+ mbedtls_mpi_write_file("X_Q: ", &X, 16, NULL);
+ mbedtls_mpi_write_file("Y_Q: ", &Y, 16, NULL);
+ break;
+ case MBEDTLS_ECP_TYPE_MONTGOMERY:
+ MBEDTLS_MPI_CHK(mbedtls_mpi_read_binary(&X, point_bin, len));
+ mbedtls_mpi_write_file("X_Q: ", &X, 16, NULL);
+ break;
+ default:
+ mbedtls_printf(
+ "This program does not yet support listing coordinates for this curve type.\n");
+ break;
+ }
+
+ if (has_private) {
+ mbedtls_mpi_write_file("D: ", &D, 16, NULL);
+ }
+
+cleanup:
+ mbedtls_ecp_group_free(&grp);
+ mbedtls_mpi_free(&D);
+ mbedtls_ecp_point_free(&pt);
+ mbedtls_mpi_free(&X); mbedtls_mpi_free(&Y);
+ return ret;
+}
+#endif
+
+/*
+ * global options
+ */
+struct options {
+ int mode; /* the mode to run the application in */
+ const char *filename; /* filename of the key file */
+ const char *password; /* password for the private key */
+ const char *password_file; /* password_file for the private key */
+} opt;
+
+int main(int argc, char *argv[])
+{
+ int ret = 1;
+ int exit_code = MBEDTLS_EXIT_FAILURE;
+ char buf[1024];
+ int i;
+ char *p, *q;
+
+ const char *pers = "pkey/key_app";
+ mbedtls_entropy_context entropy;
+ mbedtls_ctr_drbg_context ctr_drbg;
+
+ mbedtls_pk_context pk;
+ mbedtls_mpi N, P, Q, D, E, DP, DQ, QP;
+
+ /*
+ * Set to sane values
+ */
+ mbedtls_entropy_init(&entropy);
+ mbedtls_ctr_drbg_init(&ctr_drbg);
+
+ mbedtls_pk_init(&pk);
+ memset(buf, 0, sizeof(buf));
+
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ psa_status_t status = psa_crypto_init();
+ if (status != PSA_SUCCESS) {
+ mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n",
+ (int) status);
+ goto cleanup;
+ }
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+
+ mbedtls_mpi_init(&N); mbedtls_mpi_init(&P); mbedtls_mpi_init(&Q);
+ mbedtls_mpi_init(&D); mbedtls_mpi_init(&E); mbedtls_mpi_init(&DP);
+ mbedtls_mpi_init(&DQ); mbedtls_mpi_init(&QP);
+
+ if (argc < 2) {
+usage:
+ mbedtls_printf(USAGE);
+ goto cleanup;
+ }
+
+ opt.mode = DFL_MODE;
+ opt.filename = DFL_FILENAME;
+ opt.password = DFL_PASSWORD;
+ opt.password_file = DFL_PASSWORD_FILE;
+
+ for (i = 1; i < argc; i++) {
+ p = argv[i];
+ if ((q = strchr(p, '=')) == NULL) {
+ goto usage;
+ }
+ *q++ = '\0';
+
+ if (strcmp(p, "mode") == 0) {
+ if (strcmp(q, "private") == 0) {
+ opt.mode = MODE_PRIVATE;
+ } else if (strcmp(q, "public") == 0) {
+ opt.mode = MODE_PUBLIC;
+ } else {
+ goto usage;
+ }
+ } else if (strcmp(p, "filename") == 0) {
+ opt.filename = q;
+ } else if (strcmp(p, "password") == 0) {
+ opt.password = q;
+ } else if (strcmp(p, "password_file") == 0) {
+ opt.password_file = q;
+ } else {
+ goto usage;
+ }
+ }
+
+ if (opt.mode == MODE_PRIVATE) {
+ if (strlen(opt.password) && strlen(opt.password_file)) {
+ mbedtls_printf("Error: cannot have both password and password_file\n");
+ goto usage;
+ }
+
+ if (strlen(opt.password_file)) {
+ FILE *f;
+
+ mbedtls_printf("\n . Loading the password file ...");
+ if ((f = fopen(opt.password_file, "rb")) == NULL) {
+ mbedtls_printf(" failed\n ! fopen returned NULL\n");
+ goto cleanup;
+ }
+ if (fgets(buf, sizeof(buf), f) == NULL) {
+ fclose(f);
+ mbedtls_printf("Error: fgets() failed to retrieve password\n");
+ goto cleanup;
+ }
+ fclose(f);
+
+ i = (int) strlen(buf);
+ if (buf[i - 1] == '\n') {
+ buf[i - 1] = '\0';
+ }
+ if (buf[i - 2] == '\r') {
+ buf[i - 2] = '\0';
+ }
+ opt.password = buf;
+ }
+
+ /*
+ * 1.1. Load the key
+ */
+ mbedtls_printf("\n . Loading the private key ...");
+ fflush(stdout);
+
+ if ((ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &entropy,
+ (const unsigned char *) pers,
+ strlen(pers))) != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_ctr_drbg_seed returned -0x%04x\n",
+ (unsigned int) -ret);
+ goto cleanup;
+ }
+
+ ret = mbedtls_pk_parse_keyfile(&pk, opt.filename, opt.password,
+ mbedtls_ctr_drbg_random, &ctr_drbg);
+
+ if (ret != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_pk_parse_keyfile returned -0x%04x\n",
+ (unsigned int) -ret);
+ goto cleanup;
+ }
+
+ mbedtls_printf(" ok\n");
+
+ /*
+ * 1.2 Print the key
+ */
+ mbedtls_printf(" . Key information ...\n");
+#if defined(MBEDTLS_RSA_C)
+ if (mbedtls_pk_get_type(&pk) == MBEDTLS_PK_RSA) {
+ mbedtls_rsa_context *rsa = mbedtls_pk_rsa(pk);
+
+ if ((ret = mbedtls_rsa_export(rsa, &N, &P, &Q, &D, &E)) != 0 ||
+ (ret = mbedtls_rsa_export_crt(rsa, &DP, &DQ, &QP)) != 0) {
+ mbedtls_printf(" failed\n ! could not export RSA parameters\n\n");
+ goto cleanup;
+ }
+
+ MBEDTLS_MPI_CHK(mbedtls_mpi_write_file("N: ", &N, 16, NULL));
+ MBEDTLS_MPI_CHK(mbedtls_mpi_write_file("E: ", &E, 16, NULL));
+ MBEDTLS_MPI_CHK(mbedtls_mpi_write_file("D: ", &D, 16, NULL));
+ MBEDTLS_MPI_CHK(mbedtls_mpi_write_file("P: ", &P, 16, NULL));
+ MBEDTLS_MPI_CHK(mbedtls_mpi_write_file("Q: ", &Q, 16, NULL));
+ MBEDTLS_MPI_CHK(mbedtls_mpi_write_file("DP: ", &DP, 16, NULL));
+ MBEDTLS_MPI_CHK(mbedtls_mpi_write_file("DQ: ", &DQ, 16, NULL));
+ MBEDTLS_MPI_CHK(mbedtls_mpi_write_file("QP: ", &QP, 16, NULL));
+ } else
+#endif
+#if defined(MBEDTLS_ECP_C)
+ if (mbedtls_pk_get_type(&pk) == MBEDTLS_PK_ECKEY) {
+ if (show_ecp_key(mbedtls_pk_ec(pk), 1) != 0) {
+ mbedtls_printf(" failed\n ! could not export ECC parameters\n\n");
+ goto cleanup;
+ }
+ } else
+#endif
+ {
+ mbedtls_printf("Do not know how to print key information for this type\n");
+ goto cleanup;
+ }
+ } else if (opt.mode == MODE_PUBLIC) {
+ /*
+ * 1.1. Load the key
+ */
+ mbedtls_printf("\n . Loading the public key ...");
+ fflush(stdout);
+
+ ret = mbedtls_pk_parse_public_keyfile(&pk, opt.filename);
+
+ if (ret != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_pk_parse_public_keyfile returned -0x%04x\n",
+ (unsigned int) -ret);
+ goto cleanup;
+ }
+
+ mbedtls_printf(" ok\n");
+
+ mbedtls_printf(" . Key information ...\n");
+#if defined(MBEDTLS_RSA_C)
+ if (mbedtls_pk_get_type(&pk) == MBEDTLS_PK_RSA) {
+ mbedtls_rsa_context *rsa = mbedtls_pk_rsa(pk);
+
+ if ((ret = mbedtls_rsa_export(rsa, &N, NULL, NULL,
+ NULL, &E)) != 0) {
+ mbedtls_printf(" failed\n ! could not export RSA parameters\n\n");
+ goto cleanup;
+ }
+ MBEDTLS_MPI_CHK(mbedtls_mpi_write_file("N: ", &N, 16, NULL));
+ MBEDTLS_MPI_CHK(mbedtls_mpi_write_file("E: ", &E, 16, NULL));
+ } else
+#endif
+#if defined(MBEDTLS_ECP_C)
+ if (mbedtls_pk_get_type(&pk) == MBEDTLS_PK_ECKEY) {
+ if (show_ecp_key(mbedtls_pk_ec(pk), 0) != 0) {
+ mbedtls_printf(" failed\n ! could not export ECC parameters\n\n");
+ goto cleanup;
+ }
+ } else
+#endif
+ {
+ mbedtls_printf("Do not know how to print key information for this type\n");
+ goto cleanup;
+ }
+ } else {
+ goto usage;
+ }
+
+ exit_code = MBEDTLS_EXIT_SUCCESS;
+
+cleanup:
+
+#if defined(MBEDTLS_ERROR_C)
+ if (exit_code != MBEDTLS_EXIT_SUCCESS) {
+ mbedtls_strerror(ret, buf, sizeof(buf));
+ mbedtls_printf(" ! Last error was: %s\n", buf);
+ }
+#endif
+
+ mbedtls_ctr_drbg_free(&ctr_drbg);
+ mbedtls_entropy_free(&entropy);
+ mbedtls_pk_free(&pk);
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ mbedtls_psa_crypto_free();
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+ mbedtls_mpi_free(&N); mbedtls_mpi_free(&P); mbedtls_mpi_free(&Q);
+ mbedtls_mpi_free(&D); mbedtls_mpi_free(&E); mbedtls_mpi_free(&DP);
+ mbedtls_mpi_free(&DQ); mbedtls_mpi_free(&QP);
+
+ mbedtls_exit(exit_code);
+}
+#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_PK_PARSE_C && MBEDTLS_FS_IO &&
+ MBEDTLS_ENTROPY_C && MBEDTLS_CTR_DRBG_C */
diff --git a/programs/pkey/key_app_writer.c b/programs/pkey/key_app_writer.c
new file mode 100644
index 0000000..60f992e
--- /dev/null
+++ b/programs/pkey/key_app_writer.c
@@ -0,0 +1,495 @@
+/*
+ * Key writing application
+ *
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ */
+
+#include "mbedtls/build_info.h"
+
+#include "mbedtls/platform.h"
+
+#if !defined(MBEDTLS_PK_PARSE_C) || \
+ !defined(MBEDTLS_PK_WRITE_C) || \
+ !defined(MBEDTLS_FS_IO) || \
+ !defined(MBEDTLS_ENTROPY_C) || \
+ !defined(MBEDTLS_CTR_DRBG_C) || \
+ !defined(MBEDTLS_BIGNUM_C)
+int main(void)
+{
+ mbedtls_printf("MBEDTLS_PK_PARSE_C and/or MBEDTLS_PK_WRITE_C and/or "
+ "MBEDTLS_ENTROPY_C and/or MBEDTLS_CTR_DRBG_C and/or "
+ "MBEDTLS_FS_IO and/or MBEDTLS_BIGNUM_C not defined.\n");
+ mbedtls_exit(0);
+}
+#else
+
+#include "mbedtls/error.h"
+#include "mbedtls/pk.h"
+#include "mbedtls/error.h"
+
+#include "mbedtls/entropy.h"
+#include "mbedtls/ctr_drbg.h"
+
+#include <stdio.h>
+#include <string.h>
+
+#if defined(MBEDTLS_PEM_WRITE_C)
+#define USAGE_OUT \
+ " output_file=%%s default: keyfile.pem\n" \
+ " output_format=pem|der default: pem\n"
+#else
+#define USAGE_OUT \
+ " output_file=%%s default: keyfile.der\n" \
+ " output_format=der default: der\n"
+#endif
+
+#if defined(MBEDTLS_PEM_WRITE_C)
+#define DFL_OUTPUT_FILENAME "keyfile.pem"
+#define DFL_OUTPUT_FORMAT OUTPUT_FORMAT_PEM
+#else
+#define DFL_OUTPUT_FILENAME "keyfile.der"
+#define DFL_OUTPUT_FORMAT OUTPUT_FORMAT_DER
+#endif
+
+#define DFL_MODE MODE_NONE
+#define DFL_FILENAME "keyfile.key"
+#define DFL_DEBUG_LEVEL 0
+#define DFL_OUTPUT_MODE OUTPUT_MODE_NONE
+
+#define MODE_NONE 0
+#define MODE_PRIVATE 1
+#define MODE_PUBLIC 2
+
+#define OUTPUT_MODE_NONE 0
+#define OUTPUT_MODE_PRIVATE 1
+#define OUTPUT_MODE_PUBLIC 2
+
+#define OUTPUT_FORMAT_PEM 0
+#define OUTPUT_FORMAT_DER 1
+
+#define USAGE \
+ "\n usage: key_app_writer param=<>...\n" \
+ "\n acceptable parameters:\n" \
+ " mode=private|public default: none\n" \
+ " filename=%%s default: keyfile.key\n" \
+ " output_mode=private|public default: none\n" \
+ USAGE_OUT \
+ "\n"
+
+
+/*
+ * global options
+ */
+struct options {
+ int mode; /* the mode to run the application in */
+ const char *filename; /* filename of the key file */
+ int output_mode; /* the output mode to use */
+ const char *output_file; /* where to store the constructed key file */
+ int output_format; /* the output format to use */
+} opt;
+
+static int write_public_key(mbedtls_pk_context *key, const char *output_file)
+{
+ int ret;
+ FILE *f;
+ unsigned char output_buf[16000];
+ unsigned char *c = output_buf;
+ size_t len = 0;
+
+ memset(output_buf, 0, 16000);
+
+#if defined(MBEDTLS_PEM_WRITE_C)
+ if (opt.output_format == OUTPUT_FORMAT_PEM) {
+ if ((ret = mbedtls_pk_write_pubkey_pem(key, output_buf, 16000)) != 0) {
+ return ret;
+ }
+
+ len = strlen((char *) output_buf);
+ } else
+#endif
+ {
+ if ((ret = mbedtls_pk_write_pubkey_der(key, output_buf, 16000)) < 0) {
+ return ret;
+ }
+
+ len = ret;
+ c = output_buf + sizeof(output_buf) - len;
+ }
+
+ if ((f = fopen(output_file, "w")) == NULL) {
+ return -1;
+ }
+
+ if (fwrite(c, 1, len, f) != len) {
+ fclose(f);
+ return -1;
+ }
+
+ fclose(f);
+
+ return 0;
+}
+
+static int write_private_key(mbedtls_pk_context *key, const char *output_file)
+{
+ int ret;
+ FILE *f;
+ unsigned char output_buf[16000];
+ unsigned char *c = output_buf;
+ size_t len = 0;
+
+ memset(output_buf, 0, 16000);
+
+#if defined(MBEDTLS_PEM_WRITE_C)
+ if (opt.output_format == OUTPUT_FORMAT_PEM) {
+ if ((ret = mbedtls_pk_write_key_pem(key, output_buf, 16000)) != 0) {
+ return ret;
+ }
+
+ len = strlen((char *) output_buf);
+ } else
+#endif
+ {
+ if ((ret = mbedtls_pk_write_key_der(key, output_buf, 16000)) < 0) {
+ return ret;
+ }
+
+ len = ret;
+ c = output_buf + sizeof(output_buf) - len;
+ }
+
+ if ((f = fopen(output_file, "w")) == NULL) {
+ return -1;
+ }
+
+ if (fwrite(c, 1, len, f) != len) {
+ fclose(f);
+ return -1;
+ }
+
+ fclose(f);
+
+ return 0;
+}
+
+#if defined(MBEDTLS_ECP_C)
+static int show_ecp_key(const mbedtls_ecp_keypair *ecp, int has_private)
+{
+ int ret = 0;
+
+ const mbedtls_ecp_curve_info *curve_info =
+ mbedtls_ecp_curve_info_from_grp_id(
+ mbedtls_ecp_keypair_get_group_id(ecp));
+ mbedtls_printf("curve: %s\n", curve_info->name);
+
+ mbedtls_ecp_group grp;
+ mbedtls_ecp_group_init(&grp);
+ mbedtls_mpi D;
+ mbedtls_mpi_init(&D);
+ mbedtls_ecp_point pt;
+ mbedtls_ecp_point_init(&pt);
+ mbedtls_mpi X, Y;
+ mbedtls_mpi_init(&X); mbedtls_mpi_init(&Y);
+
+ MBEDTLS_MPI_CHK(mbedtls_ecp_export(ecp, &grp,
+ (has_private ? &D : NULL),
+ &pt));
+
+ unsigned char point_bin[MBEDTLS_ECP_MAX_PT_LEN];
+ size_t len = 0;
+ MBEDTLS_MPI_CHK(mbedtls_ecp_point_write_binary(
+ &grp, &pt, MBEDTLS_ECP_PF_UNCOMPRESSED,
+ &len, point_bin, sizeof(point_bin)));
+ switch (mbedtls_ecp_get_type(&grp)) {
+ case MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS:
+ if ((len & 1) == 0 || point_bin[0] != 0x04) {
+ /* Point in an unxepected format. This shouldn't happen. */
+ ret = -1;
+ goto cleanup;
+ }
+ MBEDTLS_MPI_CHK(
+ mbedtls_mpi_read_binary(&X, point_bin + 1, len / 2));
+ MBEDTLS_MPI_CHK(
+ mbedtls_mpi_read_binary(&Y, point_bin + 1 + len / 2, len / 2));
+ mbedtls_mpi_write_file("X_Q: ", &X, 16, NULL);
+ mbedtls_mpi_write_file("Y_Q: ", &Y, 16, NULL);
+ break;
+ case MBEDTLS_ECP_TYPE_MONTGOMERY:
+ MBEDTLS_MPI_CHK(mbedtls_mpi_read_binary(&X, point_bin, len));
+ mbedtls_mpi_write_file("X_Q: ", &X, 16, NULL);
+ break;
+ default:
+ mbedtls_printf(
+ "This program does not yet support listing coordinates for this curve type.\n");
+ break;
+ }
+
+ if (has_private) {
+ mbedtls_mpi_write_file("D: ", &D, 16, NULL);
+ }
+
+cleanup:
+ mbedtls_ecp_group_free(&grp);
+ mbedtls_mpi_free(&D);
+ mbedtls_ecp_point_free(&pt);
+ mbedtls_mpi_free(&X); mbedtls_mpi_free(&Y);
+ return ret;
+}
+#endif
+
+int main(int argc, char *argv[])
+{
+ int ret = 1;
+ int exit_code = MBEDTLS_EXIT_FAILURE;
+#if defined(MBEDTLS_ERROR_C)
+ char buf[200];
+#endif
+ int i;
+ char *p, *q;
+
+ const char *pers = "pkey/key_app";
+ mbedtls_entropy_context entropy;
+ mbedtls_ctr_drbg_context ctr_drbg;
+
+ mbedtls_pk_context key;
+#if defined(MBEDTLS_RSA_C)
+ mbedtls_mpi N, P, Q, D, E, DP, DQ, QP;
+#endif /* MBEDTLS_RSA_C */
+
+ /*
+ * Set to sane values
+ */
+ mbedtls_entropy_init(&entropy);
+ mbedtls_ctr_drbg_init(&ctr_drbg);
+
+ mbedtls_pk_init(&key);
+#if defined(MBEDTLS_ERROR_C)
+ memset(buf, 0, sizeof(buf));
+#endif
+
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ psa_status_t status = psa_crypto_init();
+ if (status != PSA_SUCCESS) {
+ mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n",
+ (int) status);
+ goto exit;
+ }
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+
+#if defined(MBEDTLS_RSA_C)
+ mbedtls_mpi_init(&N); mbedtls_mpi_init(&P); mbedtls_mpi_init(&Q);
+ mbedtls_mpi_init(&D); mbedtls_mpi_init(&E); mbedtls_mpi_init(&DP);
+ mbedtls_mpi_init(&DQ); mbedtls_mpi_init(&QP);
+#endif /* MBEDTLS_RSA_C */
+
+ if (argc < 2) {
+usage:
+ mbedtls_printf(USAGE);
+ goto exit;
+ }
+
+ opt.mode = DFL_MODE;
+ opt.filename = DFL_FILENAME;
+ opt.output_mode = DFL_OUTPUT_MODE;
+ opt.output_file = DFL_OUTPUT_FILENAME;
+ opt.output_format = DFL_OUTPUT_FORMAT;
+
+ for (i = 1; i < argc; i++) {
+ p = argv[i];
+ if ((q = strchr(p, '=')) == NULL) {
+ goto usage;
+ }
+ *q++ = '\0';
+
+ if (strcmp(p, "mode") == 0) {
+ if (strcmp(q, "private") == 0) {
+ opt.mode = MODE_PRIVATE;
+ } else if (strcmp(q, "public") == 0) {
+ opt.mode = MODE_PUBLIC;
+ } else {
+ goto usage;
+ }
+ } else if (strcmp(p, "output_mode") == 0) {
+ if (strcmp(q, "private") == 0) {
+ opt.output_mode = OUTPUT_MODE_PRIVATE;
+ } else if (strcmp(q, "public") == 0) {
+ opt.output_mode = OUTPUT_MODE_PUBLIC;
+ } else {
+ goto usage;
+ }
+ } else if (strcmp(p, "output_format") == 0) {
+#if defined(MBEDTLS_PEM_WRITE_C)
+ if (strcmp(q, "pem") == 0) {
+ opt.output_format = OUTPUT_FORMAT_PEM;
+ } else
+#endif
+ if (strcmp(q, "der") == 0) {
+ opt.output_format = OUTPUT_FORMAT_DER;
+ } else {
+ goto usage;
+ }
+ } else if (strcmp(p, "filename") == 0) {
+ opt.filename = q;
+ } else if (strcmp(p, "output_file") == 0) {
+ opt.output_file = q;
+ } else {
+ goto usage;
+ }
+ }
+
+ if (opt.mode == MODE_NONE && opt.output_mode != OUTPUT_MODE_NONE) {
+ mbedtls_printf("\nCannot output a key without reading one.\n");
+ goto exit;
+ }
+
+ if (opt.mode == MODE_PUBLIC && opt.output_mode == OUTPUT_MODE_PRIVATE) {
+ mbedtls_printf("\nCannot output a private key from a public key.\n");
+ goto exit;
+ }
+
+ if (opt.mode == MODE_PRIVATE) {
+ /*
+ * 1.1. Load the key
+ */
+ mbedtls_printf("\n . Loading the private key ...");
+ fflush(stdout);
+
+ if ((ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &entropy,
+ (const unsigned char *) pers,
+ strlen(pers))) != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_ctr_drbg_seed returned -0x%04x\n",
+ (unsigned int) -ret);
+ goto exit;
+ }
+
+ ret = mbedtls_pk_parse_keyfile(&key, opt.filename, NULL,
+ mbedtls_ctr_drbg_random, &ctr_drbg);
+ if (ret != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_pk_parse_keyfile returned -0x%04x",
+ (unsigned int) -ret);
+ goto exit;
+ }
+
+ mbedtls_printf(" ok\n");
+
+ /*
+ * 1.2 Print the key
+ */
+ mbedtls_printf(" . Key information ...\n");
+
+#if defined(MBEDTLS_RSA_C)
+ if (mbedtls_pk_get_type(&key) == MBEDTLS_PK_RSA) {
+ mbedtls_rsa_context *rsa = mbedtls_pk_rsa(key);
+
+ if ((ret = mbedtls_rsa_export(rsa, &N, &P, &Q, &D, &E)) != 0 ||
+ (ret = mbedtls_rsa_export_crt(rsa, &DP, &DQ, &QP)) != 0) {
+ mbedtls_printf(" failed\n ! could not export RSA parameters\n\n");
+ goto exit;
+ }
+
+ mbedtls_mpi_write_file("N: ", &N, 16, NULL);
+ mbedtls_mpi_write_file("E: ", &E, 16, NULL);
+ mbedtls_mpi_write_file("D: ", &D, 16, NULL);
+ mbedtls_mpi_write_file("P: ", &P, 16, NULL);
+ mbedtls_mpi_write_file("Q: ", &Q, 16, NULL);
+ mbedtls_mpi_write_file("DP: ", &DP, 16, NULL);
+ mbedtls_mpi_write_file("DQ: ", &DQ, 16, NULL);
+ mbedtls_mpi_write_file("QP: ", &QP, 16, NULL);
+ } else
+#endif
+#if defined(MBEDTLS_ECP_C)
+ if (mbedtls_pk_get_type(&key) == MBEDTLS_PK_ECKEY) {
+ if (show_ecp_key(mbedtls_pk_ec(key), 1) != 0) {
+ mbedtls_printf(" failed\n ! could not export ECC parameters\n\n");
+ goto exit;
+ }
+ } else
+#endif
+ mbedtls_printf("key type not supported yet\n");
+
+ } else if (opt.mode == MODE_PUBLIC) {
+ /*
+ * 1.1. Load the key
+ */
+ mbedtls_printf("\n . Loading the public key ...");
+ fflush(stdout);
+
+ ret = mbedtls_pk_parse_public_keyfile(&key, opt.filename);
+
+ if (ret != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_pk_parse_public_key returned -0x%04x",
+ (unsigned int) -ret);
+ goto exit;
+ }
+
+ mbedtls_printf(" ok\n");
+
+ /*
+ * 1.2 Print the key
+ */
+ mbedtls_printf(" . Key information ...\n");
+
+#if defined(MBEDTLS_RSA_C)
+ if (mbedtls_pk_get_type(&key) == MBEDTLS_PK_RSA) {
+ mbedtls_rsa_context *rsa = mbedtls_pk_rsa(key);
+
+ if ((ret = mbedtls_rsa_export(rsa, &N, NULL, NULL,
+ NULL, &E)) != 0) {
+ mbedtls_printf(" failed\n ! could not export RSA parameters\n\n");
+ goto exit;
+ }
+ mbedtls_mpi_write_file("N: ", &N, 16, NULL);
+ mbedtls_mpi_write_file("E: ", &E, 16, NULL);
+ } else
+#endif
+#if defined(MBEDTLS_ECP_C)
+ if (mbedtls_pk_get_type(&key) == MBEDTLS_PK_ECKEY) {
+ if (show_ecp_key(mbedtls_pk_ec(key), 0) != 0) {
+ mbedtls_printf(" failed\n ! could not export ECC parameters\n\n");
+ goto exit;
+ }
+ } else
+#endif
+ mbedtls_printf("key type not supported yet\n");
+ } else {
+ goto usage;
+ }
+
+ if (opt.output_mode == OUTPUT_MODE_PUBLIC) {
+ write_public_key(&key, opt.output_file);
+ }
+ if (opt.output_mode == OUTPUT_MODE_PRIVATE) {
+ write_private_key(&key, opt.output_file);
+ }
+
+ exit_code = MBEDTLS_EXIT_SUCCESS;
+
+exit:
+
+ if (exit_code != MBEDTLS_EXIT_SUCCESS) {
+#ifdef MBEDTLS_ERROR_C
+ mbedtls_strerror(ret, buf, sizeof(buf));
+ mbedtls_printf(" - %s\n", buf);
+#else
+ mbedtls_printf("\n");
+#endif
+ }
+
+#if defined(MBEDTLS_RSA_C)
+ mbedtls_mpi_free(&N); mbedtls_mpi_free(&P); mbedtls_mpi_free(&Q);
+ mbedtls_mpi_free(&D); mbedtls_mpi_free(&E); mbedtls_mpi_free(&DP);
+ mbedtls_mpi_free(&DQ); mbedtls_mpi_free(&QP);
+#endif /* MBEDTLS_RSA_C */
+
+ mbedtls_pk_free(&key);
+
+ mbedtls_ctr_drbg_free(&ctr_drbg);
+ mbedtls_entropy_free(&entropy);
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ mbedtls_psa_crypto_free();
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+
+ mbedtls_exit(exit_code);
+}
+#endif /* program viability conditions */
diff --git a/programs/pkey/mpi_demo.c b/programs/pkey/mpi_demo.c
new file mode 100644
index 0000000..e83aa32
--- /dev/null
+++ b/programs/pkey/mpi_demo.c
@@ -0,0 +1,84 @@
+/*
+ * Simple MPI demonstration program
+ *
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ */
+
+#include "mbedtls/build_info.h"
+
+#include "mbedtls/platform.h"
+
+#if defined(MBEDTLS_BIGNUM_C) && defined(MBEDTLS_FS_IO)
+#include "mbedtls/bignum.h"
+
+#include <stdio.h>
+#endif
+
+#if !defined(MBEDTLS_BIGNUM_C) || !defined(MBEDTLS_FS_IO)
+int main(void)
+{
+ mbedtls_printf("MBEDTLS_BIGNUM_C and/or MBEDTLS_FS_IO not defined.\n");
+ mbedtls_exit(0);
+}
+#else
+
+
+int main(void)
+{
+ int ret = 1;
+ int exit_code = MBEDTLS_EXIT_FAILURE;
+ mbedtls_mpi E, P, Q, N, H, D, X, Y, Z;
+
+ mbedtls_mpi_init(&E); mbedtls_mpi_init(&P); mbedtls_mpi_init(&Q); mbedtls_mpi_init(&N);
+ mbedtls_mpi_init(&H); mbedtls_mpi_init(&D); mbedtls_mpi_init(&X); mbedtls_mpi_init(&Y);
+ mbedtls_mpi_init(&Z);
+
+ MBEDTLS_MPI_CHK(mbedtls_mpi_read_string(&P, 10, "2789"));
+ MBEDTLS_MPI_CHK(mbedtls_mpi_read_string(&Q, 10, "3203"));
+ MBEDTLS_MPI_CHK(mbedtls_mpi_read_string(&E, 10, "257"));
+ MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mpi(&N, &P, &Q));
+
+ mbedtls_printf("\n Public key:\n\n");
+ MBEDTLS_MPI_CHK(mbedtls_mpi_write_file(" N = ", &N, 10, NULL));
+ MBEDTLS_MPI_CHK(mbedtls_mpi_write_file(" E = ", &E, 10, NULL));
+
+ mbedtls_printf("\n Private key:\n\n");
+ MBEDTLS_MPI_CHK(mbedtls_mpi_write_file(" P = ", &P, 10, NULL));
+ MBEDTLS_MPI_CHK(mbedtls_mpi_write_file(" Q = ", &Q, 10, NULL));
+
+#if defined(MBEDTLS_GENPRIME)
+ MBEDTLS_MPI_CHK(mbedtls_mpi_sub_int(&P, &P, 1));
+ MBEDTLS_MPI_CHK(mbedtls_mpi_sub_int(&Q, &Q, 1));
+ MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mpi(&H, &P, &Q));
+ MBEDTLS_MPI_CHK(mbedtls_mpi_inv_mod(&D, &E, &H));
+
+ mbedtls_mpi_write_file(" D = E^-1 mod (P-1)*(Q-1) = ",
+ &D, 10, NULL);
+#else
+ mbedtls_printf("\nTest skipped (MBEDTLS_GENPRIME not defined).\n\n");
+#endif
+ MBEDTLS_MPI_CHK(mbedtls_mpi_read_string(&X, 10, "55555"));
+ MBEDTLS_MPI_CHK(mbedtls_mpi_exp_mod(&Y, &X, &E, &N, NULL));
+ MBEDTLS_MPI_CHK(mbedtls_mpi_exp_mod(&Z, &Y, &D, &N, NULL));
+
+ mbedtls_printf("\n RSA operation:\n\n");
+ MBEDTLS_MPI_CHK(mbedtls_mpi_write_file(" X (plaintext) = ", &X, 10, NULL));
+ MBEDTLS_MPI_CHK(mbedtls_mpi_write_file(" Y (ciphertext) = X^E mod N = ", &Y, 10, NULL));
+ MBEDTLS_MPI_CHK(mbedtls_mpi_write_file(" Z (decrypted) = Y^D mod N = ", &Z, 10, NULL));
+ mbedtls_printf("\n");
+
+ exit_code = MBEDTLS_EXIT_SUCCESS;
+
+cleanup:
+ mbedtls_mpi_free(&E); mbedtls_mpi_free(&P); mbedtls_mpi_free(&Q); mbedtls_mpi_free(&N);
+ mbedtls_mpi_free(&H); mbedtls_mpi_free(&D); mbedtls_mpi_free(&X); mbedtls_mpi_free(&Y);
+ mbedtls_mpi_free(&Z);
+
+ if (exit_code != MBEDTLS_EXIT_SUCCESS) {
+ mbedtls_printf("\nAn error occurred.\n");
+ }
+
+ mbedtls_exit(exit_code);
+}
+#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_FS_IO */
diff --git a/programs/pkey/pk_decrypt.c b/programs/pkey/pk_decrypt.c
new file mode 100644
index 0000000..b8f7943
--- /dev/null
+++ b/programs/pkey/pk_decrypt.c
@@ -0,0 +1,153 @@
+/*
+ * Public key-based simple decryption program
+ *
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ */
+
+#include "mbedtls/build_info.h"
+
+#include "mbedtls/platform.h"
+
+#if defined(MBEDTLS_BIGNUM_C) && defined(MBEDTLS_PK_PARSE_C) && \
+ defined(MBEDTLS_FS_IO) && defined(MBEDTLS_ENTROPY_C) && \
+ defined(MBEDTLS_CTR_DRBG_C)
+#include "mbedtls/error.h"
+#include "mbedtls/pk.h"
+#include "mbedtls/entropy.h"
+#include "mbedtls/ctr_drbg.h"
+
+#include <stdio.h>
+#include <string.h>
+#endif
+
+#if !defined(MBEDTLS_BIGNUM_C) || !defined(MBEDTLS_PK_PARSE_C) || \
+ !defined(MBEDTLS_FS_IO) || !defined(MBEDTLS_ENTROPY_C) || \
+ !defined(MBEDTLS_CTR_DRBG_C)
+int main(void)
+{
+ mbedtls_printf("MBEDTLS_BIGNUM_C and/or MBEDTLS_PK_PARSE_C and/or "
+ "MBEDTLS_FS_IO and/or MBEDTLS_ENTROPY_C and/or "
+ "MBEDTLS_CTR_DRBG_C not defined.\n");
+ mbedtls_exit(0);
+}
+#else
+
+
+int main(int argc, char *argv[])
+{
+ FILE *f;
+ int ret = 1;
+ unsigned c;
+ int exit_code = MBEDTLS_EXIT_FAILURE;
+ size_t i, olen = 0;
+ mbedtls_pk_context pk;
+ mbedtls_entropy_context entropy;
+ mbedtls_ctr_drbg_context ctr_drbg;
+ unsigned char result[1024];
+ unsigned char buf[512];
+ const char *pers = "mbedtls_pk_decrypt";
+ ((void) argv);
+
+ mbedtls_pk_init(&pk);
+ mbedtls_entropy_init(&entropy);
+ mbedtls_ctr_drbg_init(&ctr_drbg);
+
+ memset(result, 0, sizeof(result));
+
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ psa_status_t status = psa_crypto_init();
+ if (status != PSA_SUCCESS) {
+ mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n",
+ (int) status);
+ goto exit;
+ }
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+
+ if (argc != 2) {
+ mbedtls_printf("usage: mbedtls_pk_decrypt <key_file>\n");
+
+#if defined(_WIN32)
+ mbedtls_printf("\n");
+#endif
+
+ goto exit;
+ }
+
+ mbedtls_printf("\n . Seeding the random number generator...");
+ fflush(stdout);
+
+ if ((ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func,
+ &entropy, (const unsigned char *) pers,
+ strlen(pers))) != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_ctr_drbg_seed returned -0x%04x\n",
+ (unsigned int) -ret);
+ goto exit;
+ }
+
+ mbedtls_printf("\n . Reading private key from '%s'", argv[1]);
+ fflush(stdout);
+
+ if ((ret = mbedtls_pk_parse_keyfile(&pk, argv[1], "",
+ mbedtls_ctr_drbg_random, &ctr_drbg)) != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_pk_parse_keyfile returned -0x%04x\n",
+ (unsigned int) -ret);
+ goto exit;
+ }
+
+ /*
+ * Extract the RSA encrypted value from the text file
+ */
+ if ((f = fopen("result-enc.txt", "rb")) == NULL) {
+ mbedtls_printf("\n ! Could not open %s\n\n", "result-enc.txt");
+ ret = 1;
+ goto exit;
+ }
+
+ i = 0;
+ while (fscanf(f, "%02X", (unsigned int *) &c) > 0 &&
+ i < (int) sizeof(buf)) {
+ buf[i++] = (unsigned char) c;
+ }
+
+ fclose(f);
+
+ /*
+ * Decrypt the encrypted RSA data and print the result.
+ */
+ mbedtls_printf("\n . Decrypting the encrypted data");
+ fflush(stdout);
+
+ if ((ret = mbedtls_pk_decrypt(&pk, buf, i, result, &olen, sizeof(result),
+ mbedtls_ctr_drbg_random, &ctr_drbg)) != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_pk_decrypt returned -0x%04x\n",
+ (unsigned int) -ret);
+ goto exit;
+ }
+
+ mbedtls_printf("\n . OK\n\n");
+
+ mbedtls_printf("The decrypted result is: '%s'\n\n", result);
+
+ exit_code = MBEDTLS_EXIT_SUCCESS;
+
+exit:
+
+ mbedtls_pk_free(&pk);
+ mbedtls_entropy_free(&entropy);
+ mbedtls_ctr_drbg_free(&ctr_drbg);
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ mbedtls_psa_crypto_free();
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+
+#if defined(MBEDTLS_ERROR_C)
+ if (exit_code != MBEDTLS_EXIT_SUCCESS) {
+ mbedtls_strerror(ret, (char *) buf, sizeof(buf));
+ mbedtls_printf(" ! Last error was: %s\n", buf);
+ }
+#endif
+
+ mbedtls_exit(exit_code);
+}
+#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_PK_PARSE_C && MBEDTLS_FS_IO &&
+ MBEDTLS_ENTROPY_C && MBEDTLS_CTR_DRBG_C */
diff --git a/programs/pkey/pk_encrypt.c b/programs/pkey/pk_encrypt.c
new file mode 100644
index 0000000..a916bc6
--- /dev/null
+++ b/programs/pkey/pk_encrypt.c
@@ -0,0 +1,154 @@
+/*
+ * RSA simple data encryption program
+ *
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ */
+
+#include "mbedtls/build_info.h"
+
+#include "mbedtls/platform.h"
+
+#if defined(MBEDTLS_BIGNUM_C) && defined(MBEDTLS_PK_PARSE_C) && \
+ defined(MBEDTLS_ENTROPY_C) && defined(MBEDTLS_FS_IO) && \
+ defined(MBEDTLS_CTR_DRBG_C)
+#include "mbedtls/error.h"
+#include "mbedtls/pk.h"
+#include "mbedtls/entropy.h"
+#include "mbedtls/ctr_drbg.h"
+
+#include <stdio.h>
+#include <string.h>
+#endif
+
+#if !defined(MBEDTLS_BIGNUM_C) || !defined(MBEDTLS_PK_PARSE_C) || \
+ !defined(MBEDTLS_ENTROPY_C) || !defined(MBEDTLS_FS_IO) || \
+ !defined(MBEDTLS_CTR_DRBG_C)
+int main(void)
+{
+ mbedtls_printf("MBEDTLS_BIGNUM_C and/or MBEDTLS_PK_PARSE_C and/or "
+ "MBEDTLS_ENTROPY_C and/or MBEDTLS_FS_IO and/or "
+ "MBEDTLS_CTR_DRBG_C not defined.\n");
+ mbedtls_exit(0);
+}
+#else
+
+
+int main(int argc, char *argv[])
+{
+ FILE *f;
+ int ret = 1;
+ int exit_code = MBEDTLS_EXIT_FAILURE;
+ size_t i, olen = 0;
+ mbedtls_pk_context pk;
+ mbedtls_entropy_context entropy;
+ mbedtls_ctr_drbg_context ctr_drbg;
+ unsigned char input[1024];
+ unsigned char buf[512];
+ const char *pers = "mbedtls_pk_encrypt";
+
+ mbedtls_ctr_drbg_init(&ctr_drbg);
+ mbedtls_entropy_init(&entropy);
+ mbedtls_pk_init(&pk);
+
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ psa_status_t status = psa_crypto_init();
+ if (status != PSA_SUCCESS) {
+ mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n",
+ (int) status);
+ goto exit;
+ }
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+
+ if (argc != 3) {
+ mbedtls_printf("usage: mbedtls_pk_encrypt <key_file> <string of max 100 characters>\n");
+
+#if defined(_WIN32)
+ mbedtls_printf("\n");
+#endif
+
+ goto exit;
+ }
+
+ mbedtls_printf("\n . Seeding the random number generator...");
+ fflush(stdout);
+
+ if ((ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func,
+ &entropy, (const unsigned char *) pers,
+ strlen(pers))) != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_ctr_drbg_seed returned -0x%04x\n",
+ (unsigned int) -ret);
+ goto exit;
+ }
+
+ mbedtls_printf("\n . Reading public key from '%s'", argv[1]);
+ fflush(stdout);
+
+ if ((ret = mbedtls_pk_parse_public_keyfile(&pk, argv[1])) != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_pk_parse_public_keyfile returned -0x%04x\n",
+ (unsigned int) -ret);
+ goto exit;
+ }
+
+ if (strlen(argv[2]) > 100) {
+ mbedtls_printf(" Input data larger than 100 characters.\n\n");
+ goto exit;
+ }
+
+ memcpy(input, argv[2], strlen(argv[2]));
+
+ /*
+ * Calculate the RSA encryption of the hash.
+ */
+ mbedtls_printf("\n . Generating the encrypted value");
+ fflush(stdout);
+
+ if ((ret = mbedtls_pk_encrypt(&pk, input, strlen(argv[2]),
+ buf, &olen, sizeof(buf),
+ mbedtls_ctr_drbg_random, &ctr_drbg)) != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_pk_encrypt returned -0x%04x\n",
+ (unsigned int) -ret);
+ goto exit;
+ }
+
+ /*
+ * Write the signature into result-enc.txt
+ */
+ if ((f = fopen("result-enc.txt", "wb+")) == NULL) {
+ mbedtls_printf(" failed\n ! Could not create %s\n\n",
+ "result-enc.txt");
+ ret = 1;
+ goto exit;
+ }
+
+ for (i = 0; i < olen; i++) {
+ mbedtls_fprintf(f, "%02X%s", buf[i],
+ (i + 1) % 16 == 0 ? "\r\n" : " ");
+ }
+
+ fclose(f);
+
+ mbedtls_printf("\n . Done (created \"%s\")\n\n", "result-enc.txt");
+
+ exit_code = MBEDTLS_EXIT_SUCCESS;
+
+exit:
+
+ mbedtls_pk_free(&pk);
+ mbedtls_entropy_free(&entropy);
+ mbedtls_ctr_drbg_free(&ctr_drbg);
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ mbedtls_psa_crypto_free();
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+
+#if defined(MBEDTLS_ERROR_C)
+ if (exit_code != MBEDTLS_EXIT_SUCCESS) {
+ mbedtls_strerror(ret, (char *) buf, sizeof(buf));
+ mbedtls_printf(" ! Last error was: %s\n", buf);
+ }
+#endif
+
+ mbedtls_exit(exit_code);
+}
+#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_PK_PARSE_C && MBEDTLS_ENTROPY_C &&
+ MBEDTLS_FS_IO && MBEDTLS_CTR_DRBG_C */
diff --git a/programs/pkey/pk_sign.c b/programs/pkey/pk_sign.c
new file mode 100644
index 0000000..59347ad
--- /dev/null
+++ b/programs/pkey/pk_sign.c
@@ -0,0 +1,155 @@
+/*
+ * Public key-based signature creation program
+ *
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ */
+
+#include "mbedtls/build_info.h"
+
+#include "mbedtls/platform.h"
+/* md.h is included this early since MD_CAN_XXX macros are defined there. */
+#include "mbedtls/md.h"
+
+#if !defined(MBEDTLS_BIGNUM_C) || !defined(MBEDTLS_ENTROPY_C) || \
+ !defined(MBEDTLS_MD_CAN_SHA256) || !defined(MBEDTLS_MD_C) || \
+ !defined(MBEDTLS_PK_PARSE_C) || !defined(MBEDTLS_FS_IO) || \
+ !defined(MBEDTLS_CTR_DRBG_C)
+int main(void)
+{
+ mbedtls_printf("MBEDTLS_BIGNUM_C and/or MBEDTLS_ENTROPY_C and/or "
+ "MBEDTLS_MD_CAN_SHA256 and/or MBEDTLS_MD_C and/or "
+ "MBEDTLS_PK_PARSE_C and/or MBEDTLS_FS_IO and/or "
+ "MBEDTLS_CTR_DRBG_C not defined.\n");
+ mbedtls_exit(0);
+}
+#else
+
+#include "mbedtls/error.h"
+#include "mbedtls/entropy.h"
+#include "mbedtls/ctr_drbg.h"
+#include "mbedtls/pk.h"
+
+#include <stdio.h>
+#include <string.h>
+
+int main(int argc, char *argv[])
+{
+ FILE *f;
+ int ret = 1;
+ int exit_code = MBEDTLS_EXIT_FAILURE;
+ mbedtls_pk_context pk;
+ mbedtls_entropy_context entropy;
+ mbedtls_ctr_drbg_context ctr_drbg;
+ unsigned char hash[32];
+ unsigned char buf[MBEDTLS_PK_SIGNATURE_MAX_SIZE];
+ char filename[512];
+ const char *pers = "mbedtls_pk_sign";
+ size_t olen = 0;
+
+ mbedtls_entropy_init(&entropy);
+ mbedtls_ctr_drbg_init(&ctr_drbg);
+ mbedtls_pk_init(&pk);
+
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ psa_status_t status = psa_crypto_init();
+ if (status != PSA_SUCCESS) {
+ mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n",
+ (int) status);
+ goto exit;
+ }
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+
+ if (argc != 3) {
+ mbedtls_printf("usage: mbedtls_pk_sign <key_file> <filename>\n");
+
+#if defined(_WIN32)
+ mbedtls_printf("\n");
+#endif
+
+ goto exit;
+ }
+
+ mbedtls_printf("\n . Seeding the random number generator...");
+ fflush(stdout);
+
+ if ((ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &entropy,
+ (const unsigned char *) pers,
+ strlen(pers))) != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_ctr_drbg_seed returned -0x%04x\n",
+ (unsigned int) -ret);
+ goto exit;
+ }
+
+ mbedtls_printf("\n . Reading private key from '%s'", argv[1]);
+ fflush(stdout);
+
+ if ((ret = mbedtls_pk_parse_keyfile(&pk, argv[1], "",
+ mbedtls_ctr_drbg_random, &ctr_drbg)) != 0) {
+ mbedtls_printf(" failed\n ! Could not parse '%s'\n", argv[1]);
+ goto exit;
+ }
+
+ /*
+ * Compute the SHA-256 hash of the input file,
+ * then calculate the signature of the hash.
+ */
+ mbedtls_printf("\n . Generating the SHA-256 signature");
+ fflush(stdout);
+
+ if ((ret = mbedtls_md_file(
+ mbedtls_md_info_from_type(MBEDTLS_MD_SHA256),
+ argv[2], hash)) != 0) {
+ mbedtls_printf(" failed\n ! Could not open or read %s\n\n", argv[2]);
+ goto exit;
+ }
+
+ if ((ret = mbedtls_pk_sign(&pk, MBEDTLS_MD_SHA256, hash, 0,
+ buf, sizeof(buf), &olen,
+ mbedtls_ctr_drbg_random, &ctr_drbg)) != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_pk_sign returned -0x%04x\n", (unsigned int) -ret);
+ goto exit;
+ }
+
+ /*
+ * Write the signature into <filename>.sig
+ */
+ mbedtls_snprintf(filename, sizeof(filename), "%s.sig", argv[2]);
+
+ if ((f = fopen(filename, "wb+")) == NULL) {
+ mbedtls_printf(" failed\n ! Could not create %s\n\n", filename);
+ goto exit;
+ }
+
+ if (fwrite(buf, 1, olen, f) != olen) {
+ mbedtls_printf("failed\n ! fwrite failed\n\n");
+ fclose(f);
+ goto exit;
+ }
+
+ fclose(f);
+
+ mbedtls_printf("\n . Done (created \"%s\")\n\n", filename);
+
+ exit_code = MBEDTLS_EXIT_SUCCESS;
+
+exit:
+ mbedtls_pk_free(&pk);
+ mbedtls_ctr_drbg_free(&ctr_drbg);
+ mbedtls_entropy_free(&entropy);
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ mbedtls_psa_crypto_free();
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+
+#if defined(MBEDTLS_ERROR_C)
+ if (exit_code != MBEDTLS_EXIT_SUCCESS) {
+ mbedtls_strerror(ret, (char *) buf, sizeof(buf));
+ mbedtls_printf(" ! Last error was: %s\n", buf);
+ }
+#endif
+
+ mbedtls_exit(exit_code);
+}
+#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_ENTROPY_C &&
+ MBEDTLS_MD_CAN_SHA256 && MBEDTLS_PK_PARSE_C && MBEDTLS_FS_IO &&
+ MBEDTLS_CTR_DRBG_C */
diff --git a/programs/pkey/pk_verify.c b/programs/pkey/pk_verify.c
new file mode 100644
index 0000000..3127df5
--- /dev/null
+++ b/programs/pkey/pk_verify.c
@@ -0,0 +1,128 @@
+/*
+ * Public key-based signature verification program
+ *
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ */
+
+#include "mbedtls/build_info.h"
+
+#include "mbedtls/platform.h"
+/* md.h is included this early since MD_CAN_XXX macros are defined there. */
+#include "mbedtls/md.h"
+
+#if !defined(MBEDTLS_BIGNUM_C) || !defined(MBEDTLS_MD_C) || \
+ !defined(MBEDTLS_MD_CAN_SHA256) || !defined(MBEDTLS_PK_PARSE_C) || \
+ !defined(MBEDTLS_FS_IO)
+int main(void)
+{
+ mbedtls_printf("MBEDTLS_BIGNUM_C and/or MBEDTLS_MD_C and/or "
+ "MBEDTLS_MD_CAN_SHA256 and/or MBEDTLS_PK_PARSE_C and/or "
+ "MBEDTLS_FS_IO not defined.\n");
+ mbedtls_exit(0);
+}
+#else
+
+#include "mbedtls/error.h"
+#include "mbedtls/pk.h"
+
+#include <stdio.h>
+#include <string.h>
+
+
+int main(int argc, char *argv[])
+{
+ FILE *f;
+ int ret = 1;
+ int exit_code = MBEDTLS_EXIT_FAILURE;
+ size_t i;
+ mbedtls_pk_context pk;
+ unsigned char hash[32];
+ unsigned char buf[MBEDTLS_PK_SIGNATURE_MAX_SIZE];
+ char filename[512];
+
+ mbedtls_pk_init(&pk);
+
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ psa_status_t status = psa_crypto_init();
+ if (status != PSA_SUCCESS) {
+ mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n",
+ (int) status);
+ goto exit;
+ }
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+
+ if (argc != 3) {
+ mbedtls_printf("usage: mbedtls_pk_verify <key_file> <filename>\n");
+
+#if defined(_WIN32)
+ mbedtls_printf("\n");
+#endif
+
+ goto exit;
+ }
+
+ mbedtls_printf("\n . Reading public key from '%s'", argv[1]);
+ fflush(stdout);
+
+ if ((ret = mbedtls_pk_parse_public_keyfile(&pk, argv[1])) != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_pk_parse_public_keyfile returned -0x%04x\n",
+ (unsigned int) -ret);
+ goto exit;
+ }
+
+ /*
+ * Extract the signature from the file
+ */
+ mbedtls_snprintf(filename, sizeof(filename), "%s.sig", argv[2]);
+
+ if ((f = fopen(filename, "rb")) == NULL) {
+ mbedtls_printf("\n ! Could not open %s\n\n", filename);
+ goto exit;
+ }
+
+ i = fread(buf, 1, sizeof(buf), f);
+
+ fclose(f);
+
+ /*
+ * Compute the SHA-256 hash of the input file and
+ * verify the signature
+ */
+ mbedtls_printf("\n . Verifying the SHA-256 signature");
+ fflush(stdout);
+
+ if ((ret = mbedtls_md_file(
+ mbedtls_md_info_from_type(MBEDTLS_MD_SHA256),
+ argv[2], hash)) != 0) {
+ mbedtls_printf(" failed\n ! Could not open or read %s\n\n", argv[2]);
+ goto exit;
+ }
+
+ if ((ret = mbedtls_pk_verify(&pk, MBEDTLS_MD_SHA256, hash, 0,
+ buf, i)) != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_pk_verify returned -0x%04x\n", (unsigned int) -ret);
+ goto exit;
+ }
+
+ mbedtls_printf("\n . OK (the signature is valid)\n\n");
+
+ exit_code = MBEDTLS_EXIT_SUCCESS;
+
+exit:
+ mbedtls_pk_free(&pk);
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ mbedtls_psa_crypto_free();
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+
+#if defined(MBEDTLS_ERROR_C)
+ if (exit_code != MBEDTLS_EXIT_SUCCESS) {
+ mbedtls_strerror(ret, (char *) buf, sizeof(buf));
+ mbedtls_printf(" ! Last error was: %s\n", buf);
+ }
+#endif
+
+ mbedtls_exit(exit_code);
+}
+#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_MD_CAN_SHA256 &&
+ MBEDTLS_PK_PARSE_C && MBEDTLS_FS_IO */
diff --git a/programs/pkey/rsa_decrypt.c b/programs/pkey/rsa_decrypt.c
new file mode 100644
index 0000000..a84af50
--- /dev/null
+++ b/programs/pkey/rsa_decrypt.c
@@ -0,0 +1,172 @@
+/*
+ * RSA simple decryption program
+ *
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ */
+
+#include "mbedtls/build_info.h"
+
+#include "mbedtls/platform.h"
+
+#if defined(MBEDTLS_BIGNUM_C) && defined(MBEDTLS_RSA_C) && \
+ defined(MBEDTLS_FS_IO) && defined(MBEDTLS_ENTROPY_C) && \
+ defined(MBEDTLS_CTR_DRBG_C)
+#include "mbedtls/rsa.h"
+#include "mbedtls/entropy.h"
+#include "mbedtls/ctr_drbg.h"
+
+#include <string.h>
+
+#endif
+
+#if !defined(MBEDTLS_BIGNUM_C) || !defined(MBEDTLS_RSA_C) || \
+ !defined(MBEDTLS_FS_IO) || !defined(MBEDTLS_ENTROPY_C) || \
+ !defined(MBEDTLS_CTR_DRBG_C)
+int main(void)
+{
+ mbedtls_printf("MBEDTLS_BIGNUM_C and/or MBEDTLS_RSA_C and/or "
+ "MBEDTLS_FS_IO and/or MBEDTLS_ENTROPY_C and/or "
+ "MBEDTLS_CTR_DRBG_C not defined.\n");
+ mbedtls_exit(0);
+}
+#else
+
+
+int main(int argc, char *argv[])
+{
+ FILE *f;
+ int ret = 1;
+ int exit_code = MBEDTLS_EXIT_FAILURE;
+ unsigned c;
+ size_t i;
+ mbedtls_rsa_context rsa;
+ mbedtls_mpi N, P, Q, D, E, DP, DQ, QP;
+ mbedtls_entropy_context entropy;
+ mbedtls_ctr_drbg_context ctr_drbg;
+ unsigned char result[1024];
+ unsigned char buf[512];
+ const char *pers = "rsa_decrypt";
+ ((void) argv);
+
+ memset(result, 0, sizeof(result));
+
+ if (argc != 1) {
+ mbedtls_printf("usage: rsa_decrypt\n");
+
+#if defined(_WIN32)
+ mbedtls_printf("\n");
+#endif
+
+ mbedtls_exit(exit_code);
+ }
+
+ mbedtls_printf("\n . Seeding the random number generator...");
+ fflush(stdout);
+
+ mbedtls_rsa_init(&rsa);
+ mbedtls_ctr_drbg_init(&ctr_drbg);
+ mbedtls_entropy_init(&entropy);
+ mbedtls_mpi_init(&N); mbedtls_mpi_init(&P); mbedtls_mpi_init(&Q);
+ mbedtls_mpi_init(&D); mbedtls_mpi_init(&E); mbedtls_mpi_init(&DP);
+ mbedtls_mpi_init(&DQ); mbedtls_mpi_init(&QP);
+
+ ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func,
+ &entropy, (const unsigned char *) pers,
+ strlen(pers));
+ if (ret != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_ctr_drbg_seed returned %d\n",
+ ret);
+ goto exit;
+ }
+
+ mbedtls_printf("\n . Reading private key from rsa_priv.txt");
+ fflush(stdout);
+
+ if ((f = fopen("rsa_priv.txt", "rb")) == NULL) {
+ mbedtls_printf(" failed\n ! Could not open rsa_priv.txt\n" \
+ " ! Please run rsa_genkey first\n\n");
+ goto exit;
+ }
+
+ if ((ret = mbedtls_mpi_read_file(&N, 16, f)) != 0 ||
+ (ret = mbedtls_mpi_read_file(&E, 16, f)) != 0 ||
+ (ret = mbedtls_mpi_read_file(&D, 16, f)) != 0 ||
+ (ret = mbedtls_mpi_read_file(&P, 16, f)) != 0 ||
+ (ret = mbedtls_mpi_read_file(&Q, 16, f)) != 0 ||
+ (ret = mbedtls_mpi_read_file(&DP, 16, f)) != 0 ||
+ (ret = mbedtls_mpi_read_file(&DQ, 16, f)) != 0 ||
+ (ret = mbedtls_mpi_read_file(&QP, 16, f)) != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_mpi_read_file returned %d\n\n",
+ ret);
+ fclose(f);
+ goto exit;
+ }
+ fclose(f);
+
+ if ((ret = mbedtls_rsa_import(&rsa, &N, &P, &Q, &D, &E)) != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_rsa_import returned %d\n\n",
+ ret);
+ goto exit;
+ }
+
+ if ((ret = mbedtls_rsa_complete(&rsa)) != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_rsa_complete returned %d\n\n",
+ ret);
+ goto exit;
+ }
+
+ /*
+ * Extract the RSA encrypted value from the text file
+ */
+ if ((f = fopen("result-enc.txt", "rb")) == NULL) {
+ mbedtls_printf("\n ! Could not open %s\n\n", "result-enc.txt");
+ goto exit;
+ }
+
+ i = 0;
+
+ while (fscanf(f, "%02X", (unsigned int *) &c) > 0 &&
+ i < (int) sizeof(buf)) {
+ buf[i++] = (unsigned char) c;
+ }
+
+ fclose(f);
+
+ if (i != mbedtls_rsa_get_len(&rsa)) {
+ mbedtls_printf("\n ! Invalid RSA signature format\n\n");
+ goto exit;
+ }
+
+ /*
+ * Decrypt the encrypted RSA data and print the result.
+ */
+ mbedtls_printf("\n . Decrypting the encrypted data");
+ fflush(stdout);
+
+ ret = mbedtls_rsa_pkcs1_decrypt(&rsa, mbedtls_ctr_drbg_random,
+ &ctr_drbg, &i,
+ buf, result, 1024);
+ if (ret != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_rsa_pkcs1_decrypt returned %d\n\n",
+ ret);
+ goto exit;
+ }
+
+ mbedtls_printf("\n . OK\n\n");
+
+ mbedtls_printf("The decrypted result is: '%s'\n\n", result);
+
+ exit_code = MBEDTLS_EXIT_SUCCESS;
+
+exit:
+ mbedtls_ctr_drbg_free(&ctr_drbg);
+ mbedtls_entropy_free(&entropy);
+ mbedtls_rsa_free(&rsa);
+ mbedtls_mpi_free(&N); mbedtls_mpi_free(&P); mbedtls_mpi_free(&Q);
+ mbedtls_mpi_free(&D); mbedtls_mpi_free(&E); mbedtls_mpi_free(&DP);
+ mbedtls_mpi_free(&DQ); mbedtls_mpi_free(&QP);
+
+ mbedtls_exit(exit_code);
+}
+#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_RSA_C && MBEDTLS_FS_IO */
diff --git a/programs/pkey/rsa_encrypt.c b/programs/pkey/rsa_encrypt.c
new file mode 100644
index 0000000..6538f8a
--- /dev/null
+++ b/programs/pkey/rsa_encrypt.c
@@ -0,0 +1,149 @@
+/*
+ * RSA simple data encryption program
+ *
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ */
+
+#include "mbedtls/build_info.h"
+
+#include "mbedtls/platform.h"
+
+#if defined(MBEDTLS_BIGNUM_C) && defined(MBEDTLS_RSA_C) && \
+ defined(MBEDTLS_ENTROPY_C) && defined(MBEDTLS_FS_IO) && \
+ defined(MBEDTLS_CTR_DRBG_C)
+#include "mbedtls/rsa.h"
+#include "mbedtls/entropy.h"
+#include "mbedtls/ctr_drbg.h"
+
+#include <string.h>
+#endif
+
+#if !defined(MBEDTLS_BIGNUM_C) || !defined(MBEDTLS_RSA_C) || \
+ !defined(MBEDTLS_ENTROPY_C) || !defined(MBEDTLS_FS_IO) || \
+ !defined(MBEDTLS_CTR_DRBG_C)
+int main(void)
+{
+ mbedtls_printf("MBEDTLS_BIGNUM_C and/or MBEDTLS_RSA_C and/or "
+ "MBEDTLS_ENTROPY_C and/or MBEDTLS_FS_IO and/or "
+ "MBEDTLS_CTR_DRBG_C not defined.\n");
+ mbedtls_exit(0);
+}
+#else
+
+
+int main(int argc, char *argv[])
+{
+ FILE *f;
+ int ret = 1;
+ int exit_code = MBEDTLS_EXIT_FAILURE;
+ size_t i;
+ mbedtls_rsa_context rsa;
+ mbedtls_entropy_context entropy;
+ mbedtls_ctr_drbg_context ctr_drbg;
+ unsigned char input[1024];
+ unsigned char buf[512];
+ const char *pers = "rsa_encrypt";
+ mbedtls_mpi N, E;
+
+ if (argc != 2) {
+ mbedtls_printf("usage: rsa_encrypt <string of max 100 characters>\n");
+
+#if defined(_WIN32)
+ mbedtls_printf("\n");
+#endif
+
+ mbedtls_exit(exit_code);
+ }
+
+ mbedtls_printf("\n . Seeding the random number generator...");
+ fflush(stdout);
+
+ mbedtls_mpi_init(&N); mbedtls_mpi_init(&E);
+ mbedtls_rsa_init(&rsa);
+ mbedtls_ctr_drbg_init(&ctr_drbg);
+ mbedtls_entropy_init(&entropy);
+
+ ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func,
+ &entropy, (const unsigned char *) pers,
+ strlen(pers));
+ if (ret != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_ctr_drbg_seed returned %d\n",
+ ret);
+ goto exit;
+ }
+
+ mbedtls_printf("\n . Reading public key from rsa_pub.txt");
+ fflush(stdout);
+
+ if ((f = fopen("rsa_pub.txt", "rb")) == NULL) {
+ mbedtls_printf(" failed\n ! Could not open rsa_pub.txt\n" \
+ " ! Please run rsa_genkey first\n\n");
+ goto exit;
+ }
+
+ if ((ret = mbedtls_mpi_read_file(&N, 16, f)) != 0 ||
+ (ret = mbedtls_mpi_read_file(&E, 16, f)) != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_mpi_read_file returned %d\n\n",
+ ret);
+ fclose(f);
+ goto exit;
+ }
+ fclose(f);
+
+ if ((ret = mbedtls_rsa_import(&rsa, &N, NULL, NULL, NULL, &E)) != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_rsa_import returned %d\n\n",
+ ret);
+ goto exit;
+ }
+
+ if (strlen(argv[1]) > 100) {
+ mbedtls_printf(" Input data larger than 100 characters.\n\n");
+ goto exit;
+ }
+
+ memcpy(input, argv[1], strlen(argv[1]));
+
+ /*
+ * Calculate the RSA encryption of the hash.
+ */
+ mbedtls_printf("\n . Generating the RSA encrypted value");
+ fflush(stdout);
+
+ ret = mbedtls_rsa_pkcs1_encrypt(&rsa, mbedtls_ctr_drbg_random,
+ &ctr_drbg, strlen(argv[1]), input, buf);
+ if (ret != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_rsa_pkcs1_encrypt returned %d\n\n",
+ ret);
+ goto exit;
+ }
+
+ /*
+ * Write the signature into result-enc.txt
+ */
+ if ((f = fopen("result-enc.txt", "wb+")) == NULL) {
+ mbedtls_printf(" failed\n ! Could not create %s\n\n", "result-enc.txt");
+ goto exit;
+ }
+
+ for (i = 0; i < mbedtls_rsa_get_len(&rsa); i++) {
+ mbedtls_fprintf(f, "%02X%s", buf[i],
+ (i + 1) % 16 == 0 ? "\r\n" : " ");
+ }
+
+ fclose(f);
+
+ mbedtls_printf("\n . Done (created \"%s\")\n\n", "result-enc.txt");
+
+ exit_code = MBEDTLS_EXIT_SUCCESS;
+
+exit:
+ mbedtls_mpi_free(&N); mbedtls_mpi_free(&E);
+ mbedtls_ctr_drbg_free(&ctr_drbg);
+ mbedtls_entropy_free(&entropy);
+ mbedtls_rsa_free(&rsa);
+
+ mbedtls_exit(exit_code);
+}
+#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_RSA_C && MBEDTLS_ENTROPY_C &&
+ MBEDTLS_FS_IO && MBEDTLS_CTR_DRBG_C */
diff --git a/programs/pkey/rsa_genkey.c b/programs/pkey/rsa_genkey.c
new file mode 100644
index 0000000..dc58215
--- /dev/null
+++ b/programs/pkey/rsa_genkey.c
@@ -0,0 +1,141 @@
+/*
+ * Example RSA key generation program
+ *
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ */
+
+#include "mbedtls/build_info.h"
+
+#include "mbedtls/platform.h"
+
+#if defined(MBEDTLS_BIGNUM_C) && defined(MBEDTLS_ENTROPY_C) && \
+ defined(MBEDTLS_RSA_C) && defined(MBEDTLS_GENPRIME) && \
+ defined(MBEDTLS_FS_IO) && defined(MBEDTLS_CTR_DRBG_C)
+#include "mbedtls/entropy.h"
+#include "mbedtls/ctr_drbg.h"
+#include "mbedtls/bignum.h"
+#include "mbedtls/rsa.h"
+
+#include <stdio.h>
+#include <string.h>
+#endif
+
+#define KEY_SIZE 2048
+#define EXPONENT 65537
+
+#if !defined(MBEDTLS_BIGNUM_C) || !defined(MBEDTLS_ENTROPY_C) || \
+ !defined(MBEDTLS_RSA_C) || !defined(MBEDTLS_GENPRIME) || \
+ !defined(MBEDTLS_FS_IO) || !defined(MBEDTLS_CTR_DRBG_C)
+int main(void)
+{
+ mbedtls_printf("MBEDTLS_BIGNUM_C and/or MBEDTLS_ENTROPY_C and/or "
+ "MBEDTLS_RSA_C and/or MBEDTLS_GENPRIME and/or "
+ "MBEDTLS_FS_IO and/or MBEDTLS_CTR_DRBG_C not defined.\n");
+ mbedtls_exit(0);
+}
+#else
+
+
+int main(void)
+{
+ int ret = 1;
+ int exit_code = MBEDTLS_EXIT_FAILURE;
+ mbedtls_rsa_context rsa;
+ mbedtls_entropy_context entropy;
+ mbedtls_ctr_drbg_context ctr_drbg;
+ mbedtls_mpi N, P, Q, D, E, DP, DQ, QP;
+ FILE *fpub = NULL;
+ FILE *fpriv = NULL;
+ const char *pers = "rsa_genkey";
+
+ mbedtls_ctr_drbg_init(&ctr_drbg);
+ mbedtls_rsa_init(&rsa);
+ mbedtls_mpi_init(&N); mbedtls_mpi_init(&P); mbedtls_mpi_init(&Q);
+ mbedtls_mpi_init(&D); mbedtls_mpi_init(&E); mbedtls_mpi_init(&DP);
+ mbedtls_mpi_init(&DQ); mbedtls_mpi_init(&QP);
+
+ mbedtls_printf("\n . Seeding the random number generator...");
+ fflush(stdout);
+
+ mbedtls_entropy_init(&entropy);
+ if ((ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &entropy,
+ (const unsigned char *) pers,
+ strlen(pers))) != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_ctr_drbg_seed returned %d\n", ret);
+ goto exit;
+ }
+
+ mbedtls_printf(" ok\n . Generating the RSA key [ %d-bit ]...", KEY_SIZE);
+ fflush(stdout);
+
+ if ((ret = mbedtls_rsa_gen_key(&rsa, mbedtls_ctr_drbg_random, &ctr_drbg, KEY_SIZE,
+ EXPONENT)) != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_rsa_gen_key returned %d\n\n", ret);
+ goto exit;
+ }
+
+ mbedtls_printf(" ok\n . Exporting the public key in rsa_pub.txt....");
+ fflush(stdout);
+
+ if ((ret = mbedtls_rsa_export(&rsa, &N, &P, &Q, &D, &E)) != 0 ||
+ (ret = mbedtls_rsa_export_crt(&rsa, &DP, &DQ, &QP)) != 0) {
+ mbedtls_printf(" failed\n ! could not export RSA parameters\n\n");
+ goto exit;
+ }
+
+ if ((fpub = fopen("rsa_pub.txt", "wb+")) == NULL) {
+ mbedtls_printf(" failed\n ! could not open rsa_pub.txt for writing\n\n");
+ goto exit;
+ }
+
+ if ((ret = mbedtls_mpi_write_file("N = ", &N, 16, fpub)) != 0 ||
+ (ret = mbedtls_mpi_write_file("E = ", &E, 16, fpub)) != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_mpi_write_file returned %d\n\n", ret);
+ goto exit;
+ }
+
+ mbedtls_printf(" ok\n . Exporting the private key in rsa_priv.txt...");
+ fflush(stdout);
+
+ if ((fpriv = fopen("rsa_priv.txt", "wb+")) == NULL) {
+ mbedtls_printf(" failed\n ! could not open rsa_priv.txt for writing\n");
+ goto exit;
+ }
+
+ if ((ret = mbedtls_mpi_write_file("N = ", &N, 16, fpriv)) != 0 ||
+ (ret = mbedtls_mpi_write_file("E = ", &E, 16, fpriv)) != 0 ||
+ (ret = mbedtls_mpi_write_file("D = ", &D, 16, fpriv)) != 0 ||
+ (ret = mbedtls_mpi_write_file("P = ", &P, 16, fpriv)) != 0 ||
+ (ret = mbedtls_mpi_write_file("Q = ", &Q, 16, fpriv)) != 0 ||
+ (ret = mbedtls_mpi_write_file("DP = ", &DP, 16, fpriv)) != 0 ||
+ (ret = mbedtls_mpi_write_file("DQ = ", &DQ, 16, fpriv)) != 0 ||
+ (ret = mbedtls_mpi_write_file("QP = ", &QP, 16, fpriv)) != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_mpi_write_file returned %d\n\n", ret);
+ goto exit;
+ }
+ mbedtls_printf(" ok\n\n");
+
+ exit_code = MBEDTLS_EXIT_SUCCESS;
+
+exit:
+
+ if (fpub != NULL) {
+ fclose(fpub);
+ }
+
+ if (fpriv != NULL) {
+ fclose(fpriv);
+ }
+
+ mbedtls_mpi_free(&N); mbedtls_mpi_free(&P); mbedtls_mpi_free(&Q);
+ mbedtls_mpi_free(&D); mbedtls_mpi_free(&E); mbedtls_mpi_free(&DP);
+ mbedtls_mpi_free(&DQ); mbedtls_mpi_free(&QP);
+ mbedtls_rsa_free(&rsa);
+ mbedtls_ctr_drbg_free(&ctr_drbg);
+ mbedtls_entropy_free(&entropy);
+
+ mbedtls_exit(exit_code);
+}
+#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_ENTROPY_C && MBEDTLS_RSA_C &&
+ MBEDTLS_GENPRIME && MBEDTLS_FS_IO && MBEDTLS_CTR_DRBG_C */
diff --git a/programs/pkey/rsa_priv.txt b/programs/pkey/rsa_priv.txt
new file mode 100644
index 0000000..254fcf8
--- /dev/null
+++ b/programs/pkey/rsa_priv.txt
@@ -0,0 +1,8 @@
+N = A1D46FBA2318F8DCEF16C280948B1CF27966B9B47225ED2989F8D74B45BD36049C0AAB5AD0FF003553BA843C8E12782FC5873BB89A3DC84B883D25666CD22BF3ACD5B675969F8BEBFBCAC93FDD927C7442B178B10D1DFF9398E52316AAE0AF74E594650BDC3C670241D418684593CDA1A7B9DC4F20D2FDC6F66344074003E211
+E = 010001
+D = 589552BB4F2F023ADDDD5586D0C8FD857512D82080436678D07F984A29D892D31F1F7000FC5A39A0F73E27D885E47249A4148C8A5653EF69F91F8F736BA9F84841C2D99CD8C24DE8B72B5C9BE0EDBE23F93D731749FEA9CFB4A48DD2B7F35A2703E74AA2D4DB7DE9CEEA7D763AF0ADA7AC176C4E9A22C4CDA65CEC0C65964401
+P = CD083568D2D46C44C40C1FA0101AF2155E59C70B08423112AF0C1202514BBA5210765E29FF13036F56C7495894D80CF8C3BAEE2839BACBB0B86F6A2965F60DB1
+Q = CA0EEEA5E710E8E9811A6B846399420E3AE4A4C16647E426DDF8BBBCB11CD3F35CE2E4B6BCAD07AE2C0EC2ECBFCC601B207CDD77B5673E16382B1130BF465261
+DP = 0D0E21C07BF434B4A83B116472C2147A11D8EB98A33CFBBCF1D275EF19D815941622435AAF3839B6C432CA53CE9E772CFBE1923A937A766FD93E96E6EDEC1DF1
+DQ = 269CEBE6305DFEE4809377F078C814E37B45AE6677114DFC4F76F5097E1F3031D592567AC55B9B98213B40ECD54A4D2361F5FAACA1B1F51F71E4690893C4F081
+QP = 97AC5BB885ABCA314375E9E4DB1BA4B2218C90619F61BD474F5785075ECA81750A735199A8C191FE2D3355E7CF601A70E5CABDE0E02C2538BB9FB4871540B3C1
diff --git a/programs/pkey/rsa_pub.txt b/programs/pkey/rsa_pub.txt
new file mode 100644
index 0000000..1e7ae0c
--- /dev/null
+++ b/programs/pkey/rsa_pub.txt
@@ -0,0 +1,2 @@
+N = A1D46FBA2318F8DCEF16C280948B1CF27966B9B47225ED2989F8D74B45BD36049C0AAB5AD0FF003553BA843C8E12782FC5873BB89A3DC84B883D25666CD22BF3ACD5B675969F8BEBFBCAC93FDD927C7442B178B10D1DFF9398E52316AAE0AF74E594650BDC3C670241D418684593CDA1A7B9DC4F20D2FDC6F66344074003E211
+E = 010001
diff --git a/programs/pkey/rsa_sign.c b/programs/pkey/rsa_sign.c
new file mode 100644
index 0000000..e14953b
--- /dev/null
+++ b/programs/pkey/rsa_sign.c
@@ -0,0 +1,155 @@
+/*
+ * RSA/SHA-256 signature creation program
+ *
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ */
+
+#include "mbedtls/build_info.h"
+
+#include "mbedtls/platform.h"
+/* md.h is included this early since MD_CAN_XXX macros are defined there. */
+#include "mbedtls/md.h"
+
+#if !defined(MBEDTLS_BIGNUM_C) || !defined(MBEDTLS_RSA_C) || \
+ !defined(MBEDTLS_MD_CAN_SHA256) || !defined(MBEDTLS_MD_C) || \
+ !defined(MBEDTLS_FS_IO)
+int main(void)
+{
+ mbedtls_printf("MBEDTLS_BIGNUM_C and/or MBEDTLS_RSA_C and/or "
+ "MBEDTLS_MD_C and/or "
+ "MBEDTLS_MD_CAN_SHA256 and/or MBEDTLS_FS_IO not defined.\n");
+ mbedtls_exit(0);
+}
+#else
+
+#include "mbedtls/rsa.h"
+
+#include <stdio.h>
+#include <string.h>
+
+
+int main(int argc, char *argv[])
+{
+ FILE *f;
+ int ret = 1;
+ int exit_code = MBEDTLS_EXIT_FAILURE;
+ size_t i;
+ mbedtls_rsa_context rsa;
+ unsigned char hash[32];
+ unsigned char buf[MBEDTLS_MPI_MAX_SIZE];
+ char filename[512];
+ mbedtls_mpi N, P, Q, D, E, DP, DQ, QP;
+
+ mbedtls_rsa_init(&rsa);
+
+ mbedtls_mpi_init(&N); mbedtls_mpi_init(&P); mbedtls_mpi_init(&Q);
+ mbedtls_mpi_init(&D); mbedtls_mpi_init(&E); mbedtls_mpi_init(&DP);
+ mbedtls_mpi_init(&DQ); mbedtls_mpi_init(&QP);
+
+ if (argc != 2) {
+ mbedtls_printf("usage: rsa_sign <filename>\n");
+
+#if defined(_WIN32)
+ mbedtls_printf("\n");
+#endif
+
+ goto exit;
+ }
+
+ mbedtls_printf("\n . Reading private key from rsa_priv.txt");
+ fflush(stdout);
+
+ if ((f = fopen("rsa_priv.txt", "rb")) == NULL) {
+ mbedtls_printf(" failed\n ! Could not open rsa_priv.txt\n" \
+ " ! Please run rsa_genkey first\n\n");
+ goto exit;
+ }
+
+ if ((ret = mbedtls_mpi_read_file(&N, 16, f)) != 0 ||
+ (ret = mbedtls_mpi_read_file(&E, 16, f)) != 0 ||
+ (ret = mbedtls_mpi_read_file(&D, 16, f)) != 0 ||
+ (ret = mbedtls_mpi_read_file(&P, 16, f)) != 0 ||
+ (ret = mbedtls_mpi_read_file(&Q, 16, f)) != 0 ||
+ (ret = mbedtls_mpi_read_file(&DP, 16, f)) != 0 ||
+ (ret = mbedtls_mpi_read_file(&DQ, 16, f)) != 0 ||
+ (ret = mbedtls_mpi_read_file(&QP, 16, f)) != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_mpi_read_file returned %d\n\n", ret);
+ fclose(f);
+ goto exit;
+ }
+ fclose(f);
+
+ if ((ret = mbedtls_rsa_import(&rsa, &N, &P, &Q, &D, &E)) != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_rsa_import returned %d\n\n",
+ ret);
+ goto exit;
+ }
+
+ if ((ret = mbedtls_rsa_complete(&rsa)) != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_rsa_complete returned %d\n\n",
+ ret);
+ goto exit;
+ }
+
+ mbedtls_printf("\n . Checking the private key");
+ fflush(stdout);
+ if ((ret = mbedtls_rsa_check_privkey(&rsa)) != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_rsa_check_privkey failed with -0x%0x\n",
+ (unsigned int) -ret);
+ goto exit;
+ }
+
+ /*
+ * Compute the SHA-256 hash of the input file,
+ * then calculate the RSA signature of the hash.
+ */
+ mbedtls_printf("\n . Generating the RSA/SHA-256 signature");
+ fflush(stdout);
+
+ if ((ret = mbedtls_md_file(
+ mbedtls_md_info_from_type(MBEDTLS_MD_SHA256),
+ argv[1], hash)) != 0) {
+ mbedtls_printf(" failed\n ! Could not open or read %s\n\n", argv[1]);
+ goto exit;
+ }
+
+ if ((ret = mbedtls_rsa_pkcs1_sign(&rsa, NULL, NULL, MBEDTLS_MD_SHA256,
+ 32, hash, buf)) != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_rsa_pkcs1_sign returned -0x%0x\n\n",
+ (unsigned int) -ret);
+ goto exit;
+ }
+
+ /*
+ * Write the signature into <filename>.sig
+ */
+ mbedtls_snprintf(filename, sizeof(filename), "%s.sig", argv[1]);
+
+ if ((f = fopen(filename, "wb+")) == NULL) {
+ mbedtls_printf(" failed\n ! Could not create %s\n\n", argv[1]);
+ goto exit;
+ }
+
+ for (i = 0; i < mbedtls_rsa_get_len(&rsa); i++) {
+ mbedtls_fprintf(f, "%02X%s", buf[i],
+ (i + 1) % 16 == 0 ? "\r\n" : " ");
+ }
+
+ fclose(f);
+
+ mbedtls_printf("\n . Done (created \"%s\")\n\n", filename);
+
+ exit_code = MBEDTLS_EXIT_SUCCESS;
+
+exit:
+
+ mbedtls_rsa_free(&rsa);
+ mbedtls_mpi_free(&N); mbedtls_mpi_free(&P); mbedtls_mpi_free(&Q);
+ mbedtls_mpi_free(&D); mbedtls_mpi_free(&E); mbedtls_mpi_free(&DP);
+ mbedtls_mpi_free(&DQ); mbedtls_mpi_free(&QP);
+
+ mbedtls_exit(exit_code);
+}
+#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_RSA_C && MBEDTLS_MD_CAN_SHA256 &&
+ MBEDTLS_FS_IO */
diff --git a/programs/pkey/rsa_sign_pss.c b/programs/pkey/rsa_sign_pss.c
new file mode 100644
index 0000000..3a1f747
--- /dev/null
+++ b/programs/pkey/rsa_sign_pss.c
@@ -0,0 +1,161 @@
+/*
+ * RSASSA-PSS/SHA-256 signature creation program
+ *
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ */
+
+#include "mbedtls/build_info.h"
+
+#include "mbedtls/platform.h"
+/* md.h is included this early since MD_CAN_XXX macros are defined there. */
+#include "mbedtls/md.h"
+
+#if !defined(MBEDTLS_MD_C) || !defined(MBEDTLS_ENTROPY_C) || \
+ !defined(MBEDTLS_RSA_C) || !defined(MBEDTLS_MD_CAN_SHA256) || \
+ !defined(MBEDTLS_PK_PARSE_C) || !defined(MBEDTLS_FS_IO) || \
+ !defined(MBEDTLS_CTR_DRBG_C)
+int main(void)
+{
+ mbedtls_printf("MBEDTLS_MD_C and/or MBEDTLS_ENTROPY_C and/or "
+ "MBEDTLS_RSA_C and/or MBEDTLS_MD_CAN_SHA256 and/or "
+ "MBEDTLS_PK_PARSE_C and/or MBEDTLS_FS_IO and/or "
+ "MBEDTLS_CTR_DRBG_C not defined.\n");
+ mbedtls_exit(0);
+}
+#else
+
+#include "mbedtls/entropy.h"
+#include "mbedtls/ctr_drbg.h"
+#include "mbedtls/rsa.h"
+#include "mbedtls/pk.h"
+
+#include <stdio.h>
+#include <string.h>
+
+
+int main(int argc, char *argv[])
+{
+ FILE *f;
+ int ret = 1;
+ int exit_code = MBEDTLS_EXIT_FAILURE;
+ mbedtls_pk_context pk;
+ mbedtls_entropy_context entropy;
+ mbedtls_ctr_drbg_context ctr_drbg;
+ unsigned char hash[32];
+ unsigned char buf[MBEDTLS_MPI_MAX_SIZE];
+ char filename[512];
+ const char *pers = "rsa_sign_pss";
+ size_t olen = 0;
+
+ mbedtls_entropy_init(&entropy);
+ mbedtls_pk_init(&pk);
+ mbedtls_ctr_drbg_init(&ctr_drbg);
+
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ psa_status_t status = psa_crypto_init();
+ if (status != PSA_SUCCESS) {
+ mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n",
+ (int) status);
+ goto exit;
+ }
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+
+ if (argc != 3) {
+ mbedtls_printf("usage: rsa_sign_pss <key_file> <filename>\n");
+
+#if defined(_WIN32)
+ mbedtls_printf("\n");
+#endif
+
+ goto exit;
+ }
+
+ mbedtls_printf("\n . Seeding the random number generator...");
+ fflush(stdout);
+
+ if ((ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &entropy,
+ (const unsigned char *) pers,
+ strlen(pers))) != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_ctr_drbg_seed returned %d\n", ret);
+ goto exit;
+ }
+
+ mbedtls_printf("\n . Reading private key from '%s'", argv[1]);
+ fflush(stdout);
+
+ if ((ret = mbedtls_pk_parse_keyfile(&pk, argv[1], "",
+ mbedtls_ctr_drbg_random, &ctr_drbg)) != 0) {
+ mbedtls_printf(" failed\n ! Could not read key from '%s'\n", argv[1]);
+ mbedtls_printf(" ! mbedtls_pk_parse_public_keyfile returned %d\n\n", ret);
+ goto exit;
+ }
+
+ if (!mbedtls_pk_can_do(&pk, MBEDTLS_PK_RSA)) {
+ mbedtls_printf(" failed\n ! Key is not an RSA key\n");
+ goto exit;
+ }
+
+ if ((ret = mbedtls_rsa_set_padding(mbedtls_pk_rsa(pk),
+ MBEDTLS_RSA_PKCS_V21,
+ MBEDTLS_MD_SHA256)) != 0) {
+ mbedtls_printf(" failed\n ! Padding not supported\n");
+ goto exit;
+ }
+
+ /*
+ * Compute the SHA-256 hash of the input file,
+ * then calculate the RSA signature of the hash.
+ */
+ mbedtls_printf("\n . Generating the RSA/SHA-256 signature");
+ fflush(stdout);
+
+ if ((ret = mbedtls_md_file(
+ mbedtls_md_info_from_type(MBEDTLS_MD_SHA256),
+ argv[2], hash)) != 0) {
+ mbedtls_printf(" failed\n ! Could not open or read %s\n\n", argv[2]);
+ goto exit;
+ }
+
+ if ((ret = mbedtls_pk_sign(&pk, MBEDTLS_MD_SHA256, hash, 0,
+ buf, sizeof(buf), &olen,
+ mbedtls_ctr_drbg_random, &ctr_drbg)) != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_pk_sign returned %d\n\n", ret);
+ goto exit;
+ }
+
+ /*
+ * Write the signature into <filename>.sig
+ */
+ mbedtls_snprintf(filename, 512, "%s.sig", argv[2]);
+
+ if ((f = fopen(filename, "wb+")) == NULL) {
+ mbedtls_printf(" failed\n ! Could not create %s\n\n", filename);
+ goto exit;
+ }
+
+ if (fwrite(buf, 1, olen, f) != olen) {
+ mbedtls_printf("failed\n ! fwrite failed\n\n");
+ fclose(f);
+ goto exit;
+ }
+
+ fclose(f);
+
+ mbedtls_printf("\n . Done (created \"%s\")\n\n", filename);
+
+ exit_code = MBEDTLS_EXIT_SUCCESS;
+
+exit:
+ mbedtls_pk_free(&pk);
+ mbedtls_ctr_drbg_free(&ctr_drbg);
+ mbedtls_entropy_free(&entropy);
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ mbedtls_psa_crypto_free();
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+
+ mbedtls_exit(exit_code);
+}
+#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_ENTROPY_C && MBEDTLS_RSA_C &&
+ MBEDTLS_MD_CAN_SHA256 && MBEDTLS_PK_PARSE_C && MBEDTLS_FS_IO &&
+ MBEDTLS_CTR_DRBG_C */
diff --git a/programs/pkey/rsa_verify.c b/programs/pkey/rsa_verify.c
new file mode 100644
index 0000000..4a9af77
--- /dev/null
+++ b/programs/pkey/rsa_verify.c
@@ -0,0 +1,134 @@
+/*
+ * RSA/SHA-256 signature verification program
+ *
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ */
+
+#include "mbedtls/build_info.h"
+
+#include "mbedtls/platform.h"
+/* md.h is included this early since MD_CAN_XXX macros are defined there. */
+#include "mbedtls/md.h"
+
+#if !defined(MBEDTLS_BIGNUM_C) || !defined(MBEDTLS_RSA_C) || \
+ !defined(MBEDTLS_MD_CAN_SHA256) || !defined(MBEDTLS_MD_C) || \
+ !defined(MBEDTLS_FS_IO)
+int main(void)
+{
+ mbedtls_printf("MBEDTLS_BIGNUM_C and/or MBEDTLS_RSA_C and/or "
+ "MBEDTLS_MD_C and/or "
+ "MBEDTLS_MD_CAN_SHA256 and/or MBEDTLS_FS_IO not defined.\n");
+ mbedtls_exit(0);
+}
+#else
+
+#include "mbedtls/rsa.h"
+
+#include <stdio.h>
+#include <string.h>
+
+
+int main(int argc, char *argv[])
+{
+ FILE *f;
+ int ret = 1;
+ unsigned c;
+ int exit_code = MBEDTLS_EXIT_FAILURE;
+ size_t i;
+ mbedtls_rsa_context rsa;
+ mbedtls_mpi N, E;
+ unsigned char hash[32];
+ unsigned char buf[MBEDTLS_MPI_MAX_SIZE];
+ char filename[512];
+
+ mbedtls_rsa_init(&rsa);
+ mbedtls_mpi_init(&N);
+ mbedtls_mpi_init(&E);
+
+ if (argc != 2) {
+ mbedtls_printf("usage: rsa_verify <filename>\n");
+
+#if defined(_WIN32)
+ mbedtls_printf("\n");
+#endif
+
+ goto exit;
+ }
+
+ mbedtls_printf("\n . Reading public key from rsa_pub.txt");
+ fflush(stdout);
+
+ if ((f = fopen("rsa_pub.txt", "rb")) == NULL) {
+ mbedtls_printf(" failed\n ! Could not open rsa_pub.txt\n" \
+ " ! Please run rsa_genkey first\n\n");
+ goto exit;
+ }
+
+ if ((ret = mbedtls_mpi_read_file(&N, 16, f)) != 0 ||
+ (ret = mbedtls_mpi_read_file(&E, 16, f)) != 0 ||
+ (ret = mbedtls_rsa_import(&rsa, &N, NULL, NULL, NULL, &E) != 0)) {
+ mbedtls_printf(" failed\n ! mbedtls_mpi_read_file returned %d\n\n", ret);
+ fclose(f);
+ goto exit;
+ }
+ fclose(f);
+
+ /*
+ * Extract the RSA signature from the text file
+ */
+ mbedtls_snprintf(filename, sizeof(filename), "%s.sig", argv[1]);
+
+ if ((f = fopen(filename, "rb")) == NULL) {
+ mbedtls_printf("\n ! Could not open %s\n\n", filename);
+ goto exit;
+ }
+
+ i = 0;
+ while (fscanf(f, "%02X", (unsigned int *) &c) > 0 &&
+ i < (int) sizeof(buf)) {
+ buf[i++] = (unsigned char) c;
+ }
+
+ fclose(f);
+
+ if (i != mbedtls_rsa_get_len(&rsa)) {
+ mbedtls_printf("\n ! Invalid RSA signature format\n\n");
+ goto exit;
+ }
+
+ /*
+ * Compute the SHA-256 hash of the input file and
+ * verify the signature
+ */
+ mbedtls_printf("\n . Verifying the RSA/SHA-256 signature");
+ fflush(stdout);
+
+ if ((ret = mbedtls_md_file(
+ mbedtls_md_info_from_type(MBEDTLS_MD_SHA256),
+ argv[1], hash)) != 0) {
+ mbedtls_printf(" failed\n ! Could not open or read %s\n\n", argv[1]);
+ goto exit;
+ }
+
+ if ((ret = mbedtls_rsa_pkcs1_verify(&rsa, MBEDTLS_MD_SHA256,
+ 32, hash, buf)) != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_rsa_pkcs1_verify returned -0x%0x\n\n",
+ (unsigned int) -ret);
+ goto exit;
+ }
+
+ mbedtls_printf("\n . OK (the signature is valid)\n\n");
+
+ exit_code = MBEDTLS_EXIT_SUCCESS;
+
+exit:
+
+ mbedtls_rsa_free(&rsa);
+ mbedtls_mpi_free(&N);
+ mbedtls_mpi_free(&E);
+
+ mbedtls_exit(exit_code);
+}
+#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_RSA_C && MBEDTLS_MD_CAN_SHA256 &&
+ MBEDTLS_FS_IO */
diff --git a/programs/pkey/rsa_verify_pss.c b/programs/pkey/rsa_verify_pss.c
new file mode 100644
index 0000000..afbbfa9
--- /dev/null
+++ b/programs/pkey/rsa_verify_pss.c
@@ -0,0 +1,136 @@
+/*
+ * RSASSA-PSS/SHA-256 signature verification program
+ *
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ */
+
+#include "mbedtls/build_info.h"
+
+#include "mbedtls/platform.h"
+/* md.h is included this early since MD_CAN_XXX macros are defined there. */
+#include "mbedtls/md.h"
+
+#if !defined(MBEDTLS_MD_C) || !defined(MBEDTLS_ENTROPY_C) || \
+ !defined(MBEDTLS_RSA_C) || !defined(MBEDTLS_MD_CAN_SHA256) || \
+ !defined(MBEDTLS_PK_PARSE_C) || !defined(MBEDTLS_FS_IO) || \
+ !defined(MBEDTLS_CTR_DRBG_C)
+int main(void)
+{
+ mbedtls_printf("MBEDTLS_MD_C and/or MBEDTLS_ENTROPY_C and/or "
+ "MBEDTLS_RSA_C and/or MBEDTLS_MD_CAN_SHA256 and/or "
+ "MBEDTLS_PK_PARSE_C and/or MBEDTLS_FS_IO and/or "
+ "MBEDTLS_CTR_DRBG_C not defined.\n");
+ mbedtls_exit(0);
+}
+#else
+
+#include "mbedtls/md.h"
+#include "mbedtls/pem.h"
+#include "mbedtls/pk.h"
+
+#include <stdio.h>
+#include <string.h>
+
+
+int main(int argc, char *argv[])
+{
+ FILE *f;
+ int ret = 1;
+ int exit_code = MBEDTLS_EXIT_FAILURE;
+ size_t i;
+ mbedtls_pk_context pk;
+ unsigned char hash[32];
+ unsigned char buf[MBEDTLS_MPI_MAX_SIZE];
+ char filename[512];
+
+ mbedtls_pk_init(&pk);
+
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ psa_status_t status = psa_crypto_init();
+ if (status != PSA_SUCCESS) {
+ mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n",
+ (int) status);
+ goto exit;
+ }
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+
+ if (argc != 3) {
+ mbedtls_printf("usage: rsa_verify_pss <key_file> <filename>\n");
+
+#if defined(_WIN32)
+ mbedtls_printf("\n");
+#endif
+
+ goto exit;
+ }
+
+ mbedtls_printf("\n . Reading public key from '%s'", argv[1]);
+ fflush(stdout);
+
+ if ((ret = mbedtls_pk_parse_public_keyfile(&pk, argv[1])) != 0) {
+ mbedtls_printf(" failed\n ! Could not read key from '%s'\n", argv[1]);
+ mbedtls_printf(" ! mbedtls_pk_parse_public_keyfile returned %d\n\n", ret);
+ goto exit;
+ }
+
+ if (!mbedtls_pk_can_do(&pk, MBEDTLS_PK_RSA)) {
+ mbedtls_printf(" failed\n ! Key is not an RSA key\n");
+ goto exit;
+ }
+
+ if ((ret = mbedtls_rsa_set_padding(mbedtls_pk_rsa(pk),
+ MBEDTLS_RSA_PKCS_V21,
+ MBEDTLS_MD_SHA256)) != 0) {
+ mbedtls_printf(" failed\n ! Invalid padding\n");
+ goto exit;
+ }
+
+ /*
+ * Extract the RSA signature from the file
+ */
+ mbedtls_snprintf(filename, 512, "%s.sig", argv[2]);
+
+ if ((f = fopen(filename, "rb")) == NULL) {
+ mbedtls_printf("\n ! Could not open %s\n\n", filename);
+ goto exit;
+ }
+
+ i = fread(buf, 1, MBEDTLS_MPI_MAX_SIZE, f);
+
+ fclose(f);
+
+ /*
+ * Compute the SHA-256 hash of the input file and
+ * verify the signature
+ */
+ mbedtls_printf("\n . Verifying the RSA/SHA-256 signature");
+ fflush(stdout);
+
+ if ((ret = mbedtls_md_file(
+ mbedtls_md_info_from_type(MBEDTLS_MD_SHA256),
+ argv[2], hash)) != 0) {
+ mbedtls_printf(" failed\n ! Could not open or read %s\n\n", argv[2]);
+ goto exit;
+ }
+
+ if ((ret = mbedtls_pk_verify(&pk, MBEDTLS_MD_SHA256, hash, 0,
+ buf, i)) != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_pk_verify returned %d\n\n", ret);
+ goto exit;
+ }
+
+ mbedtls_printf("\n . OK (the signature is valid)\n\n");
+
+ exit_code = MBEDTLS_EXIT_SUCCESS;
+
+exit:
+ mbedtls_pk_free(&pk);
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ mbedtls_psa_crypto_free();
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+
+ mbedtls_exit(exit_code);
+}
+#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_RSA_C && MBEDTLS_MD_CAN_SHA256 &&
+ MBEDTLS_PK_PARSE_C && MBEDTLS_FS_IO */
diff --git a/programs/psa/CMakeLists.txt b/programs/psa/CMakeLists.txt
new file mode 100644
index 0000000..a8e4b0e
--- /dev/null
+++ b/programs/psa/CMakeLists.txt
@@ -0,0 +1,48 @@
+set(executables
+ aead_demo
+ crypto_examples
+ hmac_demo
+ key_ladder_demo
+ psa_constant_names
+ psa_hash
+)
+
+if(GEN_FILES)
+ add_custom_command(
+ OUTPUT
+ ${CMAKE_CURRENT_BINARY_DIR}/psa_constant_names_generated.c
+ COMMAND
+ ${MBEDTLS_PYTHON_EXECUTABLE}
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../scripts/generate_psa_constants.py
+ ${CMAKE_CURRENT_BINARY_DIR}
+ WORKING_DIRECTORY
+ ${CMAKE_CURRENT_SOURCE_DIR}/../..
+ DEPENDS
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../scripts/generate_psa_constants.py
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../include/psa/crypto_values.h
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../include/psa/crypto_extra.h
+ )
+else()
+ link_to_source(psa_constant_names_generated.c)
+endif()
+
+foreach(exe IN LISTS executables)
+ add_executable(${exe} ${exe}.c $<TARGET_OBJECTS:mbedtls_test>)
+ target_link_libraries(${exe} ${mbedcrypto_target} ${CMAKE_THREAD_LIBS_INIT})
+ target_include_directories(${exe} PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../tests/include)
+endforeach()
+
+target_include_directories(psa_constant_names PRIVATE ${CMAKE_CURRENT_BINARY_DIR})
+if(GEN_FILES)
+ add_custom_target(generate_psa_constant_names_generated_c
+ DEPENDS ${CMAKE_CURRENT_BINARY_DIR}/psa_constant_names_generated.c)
+ add_dependencies(psa_constant_names generate_psa_constant_names_generated_c)
+endif()
+
+install(TARGETS ${executables}
+ DESTINATION "bin"
+ PERMISSIONS OWNER_READ OWNER_WRITE OWNER_EXECUTE GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE)
+
+install(PROGRAMS
+ key_ladder_demo.sh
+ DESTINATION "bin")
diff --git a/programs/psa/aead_demo.c b/programs/psa/aead_demo.c
new file mode 100644
index 0000000..619166d
--- /dev/null
+++ b/programs/psa/aead_demo.c
@@ -0,0 +1,281 @@
+/**
+ * PSA API multi-part AEAD demonstration.
+ *
+ * This program AEAD-encrypts a message, using the algorithm and key size
+ * specified on the command line, using the multi-part API.
+ *
+ * It comes with a companion program cipher/cipher_aead_demo.c, which does the
+ * same operations with the legacy Cipher API. The goal is that comparing the
+ * two programs will help people migrating to the PSA Crypto API.
+ *
+ * When used with multi-part AEAD operations, the `mbedtls_cipher_context`
+ * serves a triple purpose (1) hold the key, (2) store the algorithm when no
+ * operation is active, and (3) save progress information for the current
+ * operation. With PSA those roles are held by disinct objects: (1) a
+ * psa_key_id_t to hold the key, a (2) psa_algorithm_t to represent the
+ * algorithm, and (3) a psa_operation_t for multi-part progress.
+ *
+ * On the other hand, with PSA, the algorithms encodes the desired tag length;
+ * with Cipher the desired tag length needs to be tracked separately.
+ *
+ * This program and its companion cipher/cipher_aead_demo.c illustrate this by
+ * doing the same sequence of multi-part AEAD computation with both APIs;
+ * looking at the two side by side should make the differences and
+ * similarities clear.
+ */
+
+/*
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ */
+
+/* First include Mbed TLS headers to get the Mbed TLS configuration and
+ * platform definitions that we'll use in this program. Also include
+ * standard C headers for functions we'll use here. */
+#include "mbedtls/build_info.h"
+
+#include "psa/crypto.h"
+
+#include <stdlib.h>
+#include <stdio.h>
+#include <string.h>
+
+/* If the build options we need are not enabled, compile a placeholder. */
+#if !defined(MBEDTLS_PSA_CRYPTO_C) || \
+ !defined(MBEDTLS_AES_C) || !defined(MBEDTLS_GCM_C) || \
+ !defined(MBEDTLS_CHACHAPOLY_C) || \
+ defined(MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER)
+int main(void)
+{
+ printf("MBEDTLS_PSA_CRYPTO_C and/or "
+ "MBEDTLS_AES_C and/or MBEDTLS_GCM_C and/or "
+ "MBEDTLS_CHACHAPOLY_C not defined, and/or "
+ "MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER defined\r\n");
+ return 0;
+}
+#else
+
+/* The real program starts here. */
+
+const char usage[] =
+ "Usage: aead_demo [aes128-gcm|aes256-gcm|aes128-gcm_8|chachapoly]";
+
+/* Dummy data for encryption: IV/nonce, additional data, 2-part message */
+const unsigned char iv1[12] = { 0x00 };
+const unsigned char add_data1[] = { 0x01, 0x02 };
+const unsigned char msg1_part1[] = { 0x03, 0x04 };
+const unsigned char msg1_part2[] = { 0x05, 0x06, 0x07 };
+
+/* Dummy data (2nd message) */
+const unsigned char iv2[12] = { 0x10 };
+const unsigned char add_data2[] = { 0x11, 0x12 };
+const unsigned char msg2_part1[] = { 0x13, 0x14 };
+const unsigned char msg2_part2[] = { 0x15, 0x16, 0x17 };
+
+/* Maximum total size of the messages */
+#define MSG1_SIZE (sizeof(msg1_part1) + sizeof(msg1_part2))
+#define MSG2_SIZE (sizeof(msg2_part1) + sizeof(msg2_part2))
+#define MSG_MAX_SIZE (MSG1_SIZE > MSG2_SIZE ? MSG1_SIZE : MSG2_SIZE)
+
+/* Dummy key material - never do this in production!
+ * 32-byte is enough to all the key size supported by this program. */
+const unsigned char key_bytes[32] = { 0x2a };
+
+/* Print the contents of a buffer in hex */
+void print_buf(const char *title, uint8_t *buf, size_t len)
+{
+ printf("%s:", title);
+ for (size_t i = 0; i < len; i++) {
+ printf(" %02x", buf[i]);
+ }
+ printf("\n");
+}
+
+/* Run a PSA function and bail out if it fails.
+ * The symbolic name of the error code can be recovered using:
+ * programs/psa/psa_constant_name status <value> */
+#define PSA_CHECK(expr) \
+ do \
+ { \
+ status = (expr); \
+ if (status != PSA_SUCCESS) \
+ { \
+ printf("Error %d at line %d: %s\n", \
+ (int) status, \
+ __LINE__, \
+ #expr); \
+ goto exit; \
+ } \
+ } \
+ while (0)
+
+/*
+ * Prepare encryption material:
+ * - interpret command-line argument
+ * - set up key
+ * - outputs: key and algorithm, which together hold all the information
+ */
+static psa_status_t aead_prepare(const char *info,
+ psa_key_id_t *key,
+ psa_algorithm_t *alg)
+{
+ psa_status_t status;
+
+ /* Convert arg to alg + key_bits + key_type */
+ size_t key_bits;
+ psa_key_type_t key_type;
+ if (strcmp(info, "aes128-gcm") == 0) {
+ *alg = PSA_ALG_GCM;
+ key_bits = 128;
+ key_type = PSA_KEY_TYPE_AES;
+ } else if (strcmp(info, "aes256-gcm") == 0) {
+ *alg = PSA_ALG_GCM;
+ key_bits = 256;
+ key_type = PSA_KEY_TYPE_AES;
+ } else if (strcmp(info, "aes128-gcm_8") == 0) {
+ *alg = PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM, 8);
+ key_bits = 128;
+ key_type = PSA_KEY_TYPE_AES;
+ } else if (strcmp(info, "chachapoly") == 0) {
+ *alg = PSA_ALG_CHACHA20_POLY1305;
+ key_bits = 256;
+ key_type = PSA_KEY_TYPE_CHACHA20;
+ } else {
+ puts(usage);
+ return PSA_ERROR_INVALID_ARGUMENT;
+ }
+
+ /* Prepare key attributes */
+ psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
+ psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_ENCRYPT);
+ psa_set_key_algorithm(&attributes, *alg);
+ psa_set_key_type(&attributes, key_type);
+ psa_set_key_bits(&attributes, key_bits); // optional
+
+ /* Import key */
+ PSA_CHECK(psa_import_key(&attributes, key_bytes, key_bits / 8, key));
+
+exit:
+ return status;
+}
+
+/*
+ * Print out some information.
+ *
+ * All of this information was present in the command line argument, but his
+ * function demonstrates how each piece can be recovered from (key, alg).
+ */
+static void aead_info(psa_key_id_t key, psa_algorithm_t alg)
+{
+ psa_key_attributes_t attr = PSA_KEY_ATTRIBUTES_INIT;
+ (void) psa_get_key_attributes(key, &attr);
+ psa_key_type_t key_type = psa_get_key_type(&attr);
+ size_t key_bits = psa_get_key_bits(&attr);
+ psa_algorithm_t base_alg = PSA_ALG_AEAD_WITH_DEFAULT_LENGTH_TAG(alg);
+ size_t tag_len = PSA_AEAD_TAG_LENGTH(key_type, key_bits, alg);
+
+ const char *type_str = key_type == PSA_KEY_TYPE_AES ? "AES"
+ : key_type == PSA_KEY_TYPE_CHACHA20 ? "Chacha"
+ : "???";
+ const char *base_str = base_alg == PSA_ALG_GCM ? "GCM"
+ : base_alg == PSA_ALG_CHACHA20_POLY1305 ? "ChachaPoly"
+ : "???";
+
+ printf("%s, %u, %s, %u\n",
+ type_str, (unsigned) key_bits, base_str, (unsigned) tag_len);
+}
+
+/*
+ * Encrypt a 2-part message.
+ */
+static int aead_encrypt(psa_key_id_t key, psa_algorithm_t alg,
+ const unsigned char *iv, size_t iv_len,
+ const unsigned char *ad, size_t ad_len,
+ const unsigned char *part1, size_t part1_len,
+ const unsigned char *part2, size_t part2_len)
+{
+ psa_status_t status;
+ size_t olen, olen_tag;
+ unsigned char out[PSA_AEAD_ENCRYPT_OUTPUT_MAX_SIZE(MSG_MAX_SIZE)];
+ unsigned char *p = out, *end = out + sizeof(out);
+ unsigned char tag[PSA_AEAD_TAG_MAX_SIZE];
+
+ psa_aead_operation_t op = PSA_AEAD_OPERATION_INIT;
+ PSA_CHECK(psa_aead_encrypt_setup(&op, key, alg));
+
+ PSA_CHECK(psa_aead_set_nonce(&op, iv, iv_len));
+ PSA_CHECK(psa_aead_update_ad(&op, ad, ad_len));
+ PSA_CHECK(psa_aead_update(&op, part1, part1_len, p, end - p, &olen));
+ p += olen;
+ PSA_CHECK(psa_aead_update(&op, part2, part2_len, p, end - p, &olen));
+ p += olen;
+ PSA_CHECK(psa_aead_finish(&op, p, end - p, &olen,
+ tag, sizeof(tag), &olen_tag));
+ p += olen;
+ memcpy(p, tag, olen_tag);
+ p += olen_tag;
+
+ olen = p - out;
+ print_buf("out", out, olen);
+
+exit:
+ psa_aead_abort(&op); // required on errors, harmless on success
+ return status;
+}
+
+/*
+ * AEAD demo: set up key/alg, print out info, encrypt messages.
+ */
+static psa_status_t aead_demo(const char *info)
+{
+ psa_status_t status;
+
+ psa_key_id_t key;
+ psa_algorithm_t alg;
+
+ PSA_CHECK(aead_prepare(info, &key, &alg));
+
+ aead_info(key, alg);
+
+ PSA_CHECK(aead_encrypt(key, alg,
+ iv1, sizeof(iv1), add_data1, sizeof(add_data1),
+ msg1_part1, sizeof(msg1_part1),
+ msg1_part2, sizeof(msg1_part2)));
+ PSA_CHECK(aead_encrypt(key, alg,
+ iv2, sizeof(iv2), add_data2, sizeof(add_data2),
+ msg2_part1, sizeof(msg2_part1),
+ msg2_part2, sizeof(msg2_part2)));
+
+exit:
+ psa_destroy_key(key);
+
+ return status;
+}
+
+/*
+ * Main function
+ */
+int main(int argc, char **argv)
+{
+ psa_status_t status = PSA_SUCCESS;
+
+ /* Check usage */
+ if (argc != 2) {
+ puts(usage);
+ return EXIT_FAILURE;
+ }
+
+ /* Initialize the PSA crypto library. */
+ PSA_CHECK(psa_crypto_init());
+
+ /* Run the demo */
+ PSA_CHECK(aead_demo(argv[1]));
+
+ /* Deinitialize the PSA crypto library. */
+ mbedtls_psa_crypto_free();
+
+exit:
+ return status == PSA_SUCCESS ? EXIT_SUCCESS : EXIT_FAILURE;
+}
+
+#endif
diff --git a/programs/psa/crypto_examples.c b/programs/psa/crypto_examples.c
new file mode 100644
index 0000000..b755f09
--- /dev/null
+++ b/programs/psa/crypto_examples.c
@@ -0,0 +1,321 @@
+/*
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ */
+
+#include "psa/crypto.h"
+#include <string.h>
+#include <stdio.h>
+#include <stdlib.h>
+
+#define ASSERT(predicate) \
+ do \
+ { \
+ if (!(predicate)) \
+ { \
+ printf("\tassertion failed at %s:%d - '%s'\r\n", \
+ __FILE__, __LINE__, #predicate); \
+ goto exit; \
+ } \
+ } while (0)
+
+#define ASSERT_STATUS(actual, expected) \
+ do \
+ { \
+ if ((actual) != (expected)) \
+ { \
+ printf("\tassertion failed at %s:%d - " \
+ "actual:%d expected:%d\r\n", __FILE__, __LINE__, \
+ (psa_status_t) actual, (psa_status_t) expected); \
+ goto exit; \
+ } \
+ } while (0)
+
+#if !defined(MBEDTLS_PSA_CRYPTO_C) || !defined(MBEDTLS_AES_C) || \
+ !defined(MBEDTLS_CIPHER_MODE_CBC) || !defined(MBEDTLS_CIPHER_MODE_CTR) || \
+ !defined(MBEDTLS_CIPHER_MODE_WITH_PADDING) || \
+ defined(MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER)
+int main(void)
+{
+ printf("MBEDTLS_PSA_CRYPTO_C and/or MBEDTLS_AES_C and/or "
+ "MBEDTLS_CIPHER_MODE_CBC and/or MBEDTLS_CIPHER_MODE_CTR "
+ "and/or MBEDTLS_CIPHER_MODE_WITH_PADDING "
+ "not defined and/or MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER"
+ " defined.\r\n");
+ return 0;
+}
+#else
+
+static psa_status_t cipher_operation(psa_cipher_operation_t *operation,
+ const uint8_t *input,
+ size_t input_size,
+ size_t part_size,
+ uint8_t *output,
+ size_t output_size,
+ size_t *output_len)
+{
+ psa_status_t status;
+ size_t bytes_to_write = 0, bytes_written = 0, len = 0;
+
+ *output_len = 0;
+ while (bytes_written != input_size) {
+ bytes_to_write = (input_size - bytes_written > part_size ?
+ part_size :
+ input_size - bytes_written);
+
+ status = psa_cipher_update(operation, input + bytes_written,
+ bytes_to_write, output + *output_len,
+ output_size - *output_len, &len);
+ ASSERT_STATUS(status, PSA_SUCCESS);
+
+ bytes_written += bytes_to_write;
+ *output_len += len;
+ }
+
+ status = psa_cipher_finish(operation, output + *output_len,
+ output_size - *output_len, &len);
+ ASSERT_STATUS(status, PSA_SUCCESS);
+ *output_len += len;
+
+exit:
+ return status;
+}
+
+static psa_status_t cipher_encrypt(psa_key_id_t key,
+ psa_algorithm_t alg,
+ uint8_t *iv,
+ size_t iv_size,
+ const uint8_t *input,
+ size_t input_size,
+ size_t part_size,
+ uint8_t *output,
+ size_t output_size,
+ size_t *output_len)
+{
+ psa_status_t status;
+ psa_cipher_operation_t operation = PSA_CIPHER_OPERATION_INIT;
+ size_t iv_len = 0;
+
+ memset(&operation, 0, sizeof(operation));
+ status = psa_cipher_encrypt_setup(&operation, key, alg);
+ ASSERT_STATUS(status, PSA_SUCCESS);
+
+ status = psa_cipher_generate_iv(&operation, iv, iv_size, &iv_len);
+ ASSERT_STATUS(status, PSA_SUCCESS);
+
+ status = cipher_operation(&operation, input, input_size, part_size,
+ output, output_size, output_len);
+ ASSERT_STATUS(status, PSA_SUCCESS);
+
+exit:
+ psa_cipher_abort(&operation);
+ return status;
+}
+
+static psa_status_t cipher_decrypt(psa_key_id_t key,
+ psa_algorithm_t alg,
+ const uint8_t *iv,
+ size_t iv_size,
+ const uint8_t *input,
+ size_t input_size,
+ size_t part_size,
+ uint8_t *output,
+ size_t output_size,
+ size_t *output_len)
+{
+ psa_status_t status;
+ psa_cipher_operation_t operation = PSA_CIPHER_OPERATION_INIT;
+
+ memset(&operation, 0, sizeof(operation));
+ status = psa_cipher_decrypt_setup(&operation, key, alg);
+ ASSERT_STATUS(status, PSA_SUCCESS);
+
+ status = psa_cipher_set_iv(&operation, iv, iv_size);
+ ASSERT_STATUS(status, PSA_SUCCESS);
+
+ status = cipher_operation(&operation, input, input_size, part_size,
+ output, output_size, output_len);
+ ASSERT_STATUS(status, PSA_SUCCESS);
+
+exit:
+ psa_cipher_abort(&operation);
+ return status;
+}
+
+static psa_status_t
+cipher_example_encrypt_decrypt_aes_cbc_nopad_1_block(void)
+{
+ enum {
+ block_size = PSA_BLOCK_CIPHER_BLOCK_LENGTH(PSA_KEY_TYPE_AES),
+ key_bits = 256,
+ part_size = block_size,
+ };
+ const psa_algorithm_t alg = PSA_ALG_CBC_NO_PADDING;
+
+ psa_status_t status;
+ psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
+ psa_key_id_t key = 0;
+ size_t output_len = 0;
+ uint8_t iv[block_size];
+ uint8_t input[block_size];
+ uint8_t encrypt[block_size];
+ uint8_t decrypt[block_size];
+
+ status = psa_generate_random(input, sizeof(input));
+ ASSERT_STATUS(status, PSA_SUCCESS);
+
+ psa_set_key_usage_flags(&attributes,
+ PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT);
+ psa_set_key_algorithm(&attributes, alg);
+ psa_set_key_type(&attributes, PSA_KEY_TYPE_AES);
+ psa_set_key_bits(&attributes, key_bits);
+
+ status = psa_generate_key(&attributes, &key);
+ ASSERT_STATUS(status, PSA_SUCCESS);
+
+ status = cipher_encrypt(key, alg, iv, sizeof(iv),
+ input, sizeof(input), part_size,
+ encrypt, sizeof(encrypt), &output_len);
+ ASSERT_STATUS(status, PSA_SUCCESS);
+
+ status = cipher_decrypt(key, alg, iv, sizeof(iv),
+ encrypt, output_len, part_size,
+ decrypt, sizeof(decrypt), &output_len);
+ ASSERT_STATUS(status, PSA_SUCCESS);
+
+ status = memcmp(input, decrypt, sizeof(input));
+ ASSERT_STATUS(status, PSA_SUCCESS);
+
+exit:
+ psa_destroy_key(key);
+ return status;
+}
+
+static psa_status_t cipher_example_encrypt_decrypt_aes_cbc_pkcs7_multi(void)
+{
+ enum {
+ block_size = PSA_BLOCK_CIPHER_BLOCK_LENGTH(PSA_KEY_TYPE_AES),
+ key_bits = 256,
+ input_size = 100,
+ part_size = 10,
+ };
+
+ const psa_algorithm_t alg = PSA_ALG_CBC_PKCS7;
+
+ psa_status_t status;
+ psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
+ psa_key_id_t key = 0;
+ size_t output_len = 0;
+ uint8_t iv[block_size], input[input_size],
+ encrypt[input_size + block_size], decrypt[input_size + block_size];
+
+ status = psa_generate_random(input, sizeof(input));
+ ASSERT_STATUS(status, PSA_SUCCESS);
+
+ psa_set_key_usage_flags(&attributes,
+ PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT);
+ psa_set_key_algorithm(&attributes, alg);
+ psa_set_key_type(&attributes, PSA_KEY_TYPE_AES);
+ psa_set_key_bits(&attributes, key_bits);
+
+ status = psa_generate_key(&attributes, &key);
+ ASSERT_STATUS(status, PSA_SUCCESS);
+
+ status = cipher_encrypt(key, alg, iv, sizeof(iv),
+ input, sizeof(input), part_size,
+ encrypt, sizeof(encrypt), &output_len);
+ ASSERT_STATUS(status, PSA_SUCCESS);
+
+ status = cipher_decrypt(key, alg, iv, sizeof(iv),
+ encrypt, output_len, part_size,
+ decrypt, sizeof(decrypt), &output_len);
+ ASSERT_STATUS(status, PSA_SUCCESS);
+
+ status = memcmp(input, decrypt, sizeof(input));
+ ASSERT_STATUS(status, PSA_SUCCESS);
+
+exit:
+ psa_destroy_key(key);
+ return status;
+}
+
+static psa_status_t cipher_example_encrypt_decrypt_aes_ctr_multi(void)
+{
+ enum {
+ block_size = PSA_BLOCK_CIPHER_BLOCK_LENGTH(PSA_KEY_TYPE_AES),
+ key_bits = 256,
+ input_size = 100,
+ part_size = 10,
+ };
+ const psa_algorithm_t alg = PSA_ALG_CTR;
+
+ psa_status_t status;
+ psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
+ psa_key_id_t key = 0;
+ size_t output_len = 0;
+ uint8_t iv[block_size], input[input_size], encrypt[input_size],
+ decrypt[input_size];
+
+ status = psa_generate_random(input, sizeof(input));
+ ASSERT_STATUS(status, PSA_SUCCESS);
+
+ psa_set_key_usage_flags(&attributes,
+ PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT);
+ psa_set_key_algorithm(&attributes, alg);
+ psa_set_key_type(&attributes, PSA_KEY_TYPE_AES);
+ psa_set_key_bits(&attributes, key_bits);
+
+ status = psa_generate_key(&attributes, &key);
+ ASSERT_STATUS(status, PSA_SUCCESS);
+
+ status = cipher_encrypt(key, alg, iv, sizeof(iv),
+ input, sizeof(input), part_size,
+ encrypt, sizeof(encrypt), &output_len);
+ ASSERT_STATUS(status, PSA_SUCCESS);
+
+ status = cipher_decrypt(key, alg, iv, sizeof(iv),
+ encrypt, output_len, part_size,
+ decrypt, sizeof(decrypt), &output_len);
+ ASSERT_STATUS(status, PSA_SUCCESS);
+
+ status = memcmp(input, decrypt, sizeof(input));
+ ASSERT_STATUS(status, PSA_SUCCESS);
+
+exit:
+ psa_destroy_key(key);
+ return status;
+}
+
+static void cipher_examples(void)
+{
+ psa_status_t status;
+
+ printf("cipher encrypt/decrypt AES CBC no padding:\r\n");
+ status = cipher_example_encrypt_decrypt_aes_cbc_nopad_1_block();
+ if (status == PSA_SUCCESS) {
+ printf("\tsuccess!\r\n");
+ }
+
+ printf("cipher encrypt/decrypt AES CBC PKCS7 multipart:\r\n");
+ status = cipher_example_encrypt_decrypt_aes_cbc_pkcs7_multi();
+ if (status == PSA_SUCCESS) {
+ printf("\tsuccess!\r\n");
+ }
+
+ printf("cipher encrypt/decrypt AES CTR multipart:\r\n");
+ status = cipher_example_encrypt_decrypt_aes_ctr_multi();
+ if (status == PSA_SUCCESS) {
+ printf("\tsuccess!\r\n");
+ }
+}
+
+int main(void)
+{
+ ASSERT(psa_crypto_init() == PSA_SUCCESS);
+ cipher_examples();
+exit:
+ mbedtls_psa_crypto_free();
+ return 0;
+}
+#endif /* MBEDTLS_PSA_CRYPTO_C && MBEDTLS_AES_C && MBEDTLS_CIPHER_MODE_CBC &&
+ MBEDTLS_CIPHER_MODE_CTR && MBEDTLS_CIPHER_MODE_WITH_PADDING */
diff --git a/programs/psa/hmac_demo.c b/programs/psa/hmac_demo.c
new file mode 100644
index 0000000..2055054
--- /dev/null
+++ b/programs/psa/hmac_demo.c
@@ -0,0 +1,159 @@
+/**
+ * PSA API multi-part HMAC demonstration.
+ *
+ * This programs computes the HMAC of two messages using the multi-part API.
+ *
+ * It comes with a companion program hash/md_hmac_demo.c, which does the same
+ * operations with the legacy MD API. The goal is that comparing the two
+ * programs will help people migrating to the PSA Crypto API.
+ *
+ * When it comes to multi-part HMAC operations, the `mbedtls_md_context`
+ * serves a dual purpose (1) hold the key, and (2) save progress information
+ * for the current operation. With PSA those roles are held by two disinct
+ * objects: (1) a psa_key_id_t to hold the key, and (2) a psa_operation_t for
+ * multi-part progress.
+ *
+ * This program and its companion hash/md_hmac_demo.c illustrate this by doing
+ * the same sequence of multi-part HMAC computation with both APIs; looking at
+ * the two side by side should make the differences and similarities clear.
+ */
+
+/*
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ */
+
+/* First include Mbed TLS headers to get the Mbed TLS configuration and
+ * platform definitions that we'll use in this program. Also include
+ * standard C headers for functions we'll use here. */
+#include "mbedtls/build_info.h"
+
+#include "psa/crypto.h"
+
+#include "mbedtls/platform_util.h" // for mbedtls_platform_zeroize
+
+#include <stdlib.h>
+#include <stdio.h>
+
+/* If the build options we need are not enabled, compile a placeholder. */
+#if !defined(MBEDTLS_PSA_CRYPTO_C) || \
+ defined(MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER)
+int main(void)
+{
+ printf("MBEDTLS_PSA_CRYPTO_C not defined, "
+ "and/or MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER defined\r\n");
+ return 0;
+}
+#else
+
+/* The real program starts here. */
+
+/* Dummy inputs for HMAC */
+const unsigned char msg1_part1[] = { 0x01, 0x02 };
+const unsigned char msg1_part2[] = { 0x03, 0x04 };
+const unsigned char msg2_part1[] = { 0x05, 0x05 };
+const unsigned char msg2_part2[] = { 0x06, 0x06 };
+
+/* Dummy key material - never do this in production!
+ * This example program uses SHA-256, so a 32-byte key makes sense. */
+const unsigned char key_bytes[32] = { 0 };
+
+/* Print the contents of a buffer in hex */
+void print_buf(const char *title, uint8_t *buf, size_t len)
+{
+ printf("%s:", title);
+ for (size_t i = 0; i < len; i++) {
+ printf(" %02x", buf[i]);
+ }
+ printf("\n");
+}
+
+/* Run a PSA function and bail out if it fails.
+ * The symbolic name of the error code can be recovered using:
+ * programs/psa/psa_constant_name status <value> */
+#define PSA_CHECK(expr) \
+ do \
+ { \
+ status = (expr); \
+ if (status != PSA_SUCCESS) \
+ { \
+ printf("Error %d at line %d: %s\n", \
+ (int) status, \
+ __LINE__, \
+ #expr); \
+ goto exit; \
+ } \
+ } \
+ while (0)
+
+/*
+ * This function demonstrates computation of the HMAC of two messages using
+ * the multipart API.
+ */
+psa_status_t hmac_demo(void)
+{
+ psa_status_t status;
+ const psa_algorithm_t alg = PSA_ALG_HMAC(PSA_ALG_SHA_256);
+ uint8_t out[PSA_MAC_MAX_SIZE]; // safe but not optimal
+ /* PSA_MAC_LENGTH(PSA_KEY_TYPE_HMAC, 8 * sizeof( key_bytes ), alg)
+ * should work but see https://github.com/Mbed-TLS/mbedtls/issues/4320 */
+
+ psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
+ psa_key_id_t key = 0;
+
+ /* prepare key */
+ psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_SIGN_MESSAGE);
+ psa_set_key_algorithm(&attributes, alg);
+ psa_set_key_type(&attributes, PSA_KEY_TYPE_HMAC);
+ psa_set_key_bits(&attributes, 8 * sizeof(key_bytes)); // optional
+
+ status = psa_import_key(&attributes,
+ key_bytes, sizeof(key_bytes), &key);
+ if (status != PSA_SUCCESS) {
+ return status;
+ }
+
+ /* prepare operation */
+ psa_mac_operation_t op = PSA_MAC_OPERATION_INIT;
+ size_t out_len = 0;
+
+ /* compute HMAC(key, msg1_part1 | msg1_part2) */
+ PSA_CHECK(psa_mac_sign_setup(&op, key, alg));
+ PSA_CHECK(psa_mac_update(&op, msg1_part1, sizeof(msg1_part1)));
+ PSA_CHECK(psa_mac_update(&op, msg1_part2, sizeof(msg1_part2)));
+ PSA_CHECK(psa_mac_sign_finish(&op, out, sizeof(out), &out_len));
+ print_buf("msg1", out, out_len);
+
+ /* compute HMAC(key, msg2_part1 | msg2_part2) */
+ PSA_CHECK(psa_mac_sign_setup(&op, key, alg));
+ PSA_CHECK(psa_mac_update(&op, msg2_part1, sizeof(msg2_part1)));
+ PSA_CHECK(psa_mac_update(&op, msg2_part2, sizeof(msg2_part2)));
+ PSA_CHECK(psa_mac_sign_finish(&op, out, sizeof(out), &out_len));
+ print_buf("msg2", out, out_len);
+
+exit:
+ psa_mac_abort(&op); // needed on error, harmless on success
+ psa_destroy_key(key);
+ mbedtls_platform_zeroize(out, sizeof(out));
+
+ return status;
+}
+
+int main(void)
+{
+ psa_status_t status = PSA_SUCCESS;
+
+ /* Initialize the PSA crypto library. */
+ PSA_CHECK(psa_crypto_init());
+
+ /* Run the demo */
+ PSA_CHECK(hmac_demo());
+
+ /* Deinitialize the PSA crypto library. */
+ mbedtls_psa_crypto_free();
+
+exit:
+ return status == PSA_SUCCESS ? EXIT_SUCCESS : EXIT_FAILURE;
+}
+
+#endif
diff --git a/programs/psa/key_ladder_demo.c b/programs/psa/key_ladder_demo.c
new file mode 100644
index 0000000..2734ceb
--- /dev/null
+++ b/programs/psa/key_ladder_demo.c
@@ -0,0 +1,691 @@
+/**
+ * PSA API key derivation demonstration
+ *
+ * This program calculates a key ladder: a chain of secret material, each
+ * derived from the previous one in a deterministic way based on a label.
+ * Two keys are identical if and only if they are derived from the same key
+ * using the same label.
+ *
+ * The initial key is called the master key. The master key is normally
+ * randomly generated, but it could itself be derived from another key.
+ *
+ * This program derives a series of keys called intermediate keys.
+ * The first intermediate key is derived from the master key using the
+ * first label passed on the command line. Each subsequent intermediate
+ * key is derived from the previous one using the next label passed
+ * on the command line.
+ *
+ * This program has four modes of operation:
+ *
+ * - "generate": generate a random master key.
+ * - "wrap": derive a wrapping key from the last intermediate key,
+ * and use that key to encrypt-and-authenticate some data.
+ * - "unwrap": derive a wrapping key from the last intermediate key,
+ * and use that key to decrypt-and-authenticate some
+ * ciphertext created by wrap mode.
+ * - "save": save the last intermediate key so that it can be reused as
+ * the master key in another run of the program.
+ *
+ * See the usage() output for the command line usage. See the file
+ * `key_ladder_demo.sh` for an example run.
+ */
+
+/*
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ */
+
+/* First include Mbed TLS headers to get the Mbed TLS configuration and
+ * platform definitions that we'll use in this program. Also include
+ * standard C headers for functions we'll use here. */
+#include "mbedtls/build_info.h"
+
+#include <stdlib.h>
+#include <stdio.h>
+#include <string.h>
+
+#include "mbedtls/platform.h" // for mbedtls_setbuf
+#include "mbedtls/platform_util.h" // for mbedtls_platform_zeroize
+
+#include <psa/crypto.h>
+
+/* If the build options we need are not enabled, compile a placeholder. */
+#if !defined(PSA_WANT_ALG_SHA_256) || !defined(MBEDTLS_MD_C) || \
+ !defined(MBEDTLS_AES_C) || !defined(MBEDTLS_CCM_C) || \
+ !defined(MBEDTLS_PSA_CRYPTO_C) || !defined(MBEDTLS_FS_IO) || \
+ defined(MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER)
+int main(void)
+{
+ printf("PSA_WANT_ALG_SHA_256 and/or MBEDTLS_MD_C and/or "
+ "MBEDTLS_AES_C and/or MBEDTLS_CCM_C and/or "
+ "MBEDTLS_PSA_CRYPTO_C and/or MBEDTLS_FS_IO "
+ "not defined and/or MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER "
+ "defined.\n");
+ return 0;
+}
+#else
+
+/* The real program starts here. */
+
+/* Run a system function and bail out if it fails. */
+#define SYS_CHECK(expr) \
+ do \
+ { \
+ if (!(expr)) \
+ { \
+ perror( #expr); \
+ status = DEMO_ERROR; \
+ goto exit; \
+ } \
+ } \
+ while (0)
+
+/* Run a PSA function and bail out if it fails. */
+#define PSA_CHECK(expr) \
+ do \
+ { \
+ status = (expr); \
+ if (status != PSA_SUCCESS) \
+ { \
+ printf("Error %d at line %d: %s\n", \
+ (int) status, \
+ __LINE__, \
+ #expr); \
+ goto exit; \
+ } \
+ } \
+ while (0)
+
+/* To report operational errors in this program, use an error code that is
+ * different from every PSA error code. */
+#define DEMO_ERROR 120
+
+/* The maximum supported key ladder depth. */
+#define MAX_LADDER_DEPTH 10
+
+/* Salt to use when deriving an intermediate key. */
+#define DERIVE_KEY_SALT ((uint8_t *) "key_ladder_demo.derive")
+#define DERIVE_KEY_SALT_LENGTH (strlen((const char *) DERIVE_KEY_SALT))
+
+/* Salt to use when deriving a wrapping key. */
+#define WRAPPING_KEY_SALT ((uint8_t *) "key_ladder_demo.wrap")
+#define WRAPPING_KEY_SALT_LENGTH (strlen((const char *) WRAPPING_KEY_SALT))
+
+/* Size of the key derivation keys (applies both to the master key and
+ * to intermediate keys). */
+#define KEY_SIZE_BYTES 40
+
+/* Algorithm for key derivation. */
+#define KDF_ALG PSA_ALG_HKDF(PSA_ALG_SHA_256)
+
+/* Type and size of the key used to wrap data. */
+#define WRAPPING_KEY_TYPE PSA_KEY_TYPE_AES
+#define WRAPPING_KEY_BITS 128
+
+/* Cipher mode used to wrap data. */
+#define WRAPPING_ALG PSA_ALG_CCM
+
+/* Nonce size used to wrap data. */
+#define WRAPPING_IV_SIZE 13
+
+/* Header used in files containing wrapped data. We'll save this header
+ * directly without worrying about data representation issues such as
+ * integer sizes and endianness, because the data is meant to be read
+ * back by the same program on the same machine. */
+#define WRAPPED_DATA_MAGIC "key_ladder_demo" // including trailing null byte
+#define WRAPPED_DATA_MAGIC_LENGTH (sizeof(WRAPPED_DATA_MAGIC))
+typedef struct {
+ char magic[WRAPPED_DATA_MAGIC_LENGTH];
+ size_t ad_size; /* Size of the additional data, which is this header. */
+ size_t payload_size; /* Size of the encrypted data. */
+ /* Store the IV inside the additional data. It's convenient. */
+ uint8_t iv[WRAPPING_IV_SIZE];
+} wrapped_data_header_t;
+
+/* The modes that this program can operate in (see usage). */
+enum program_mode {
+ MODE_GENERATE,
+ MODE_SAVE,
+ MODE_UNWRAP,
+ MODE_WRAP
+};
+
+/* Save a key to a file. In the real world, you may want to export a derived
+ * key sometimes, to share it with another party. */
+static psa_status_t save_key(psa_key_id_t key,
+ const char *output_file_name)
+{
+ psa_status_t status = PSA_SUCCESS;
+ uint8_t key_data[KEY_SIZE_BYTES];
+ size_t key_size;
+ FILE *key_file = NULL;
+
+ PSA_CHECK(psa_export_key(key,
+ key_data, sizeof(key_data),
+ &key_size));
+ SYS_CHECK((key_file = fopen(output_file_name, "wb")) != NULL);
+ /* Ensure no stdio buffering of secrets, as such buffers cannot be wiped. */
+ mbedtls_setbuf(key_file, NULL);
+ SYS_CHECK(fwrite(key_data, 1, key_size, key_file) == key_size);
+ SYS_CHECK(fclose(key_file) == 0);
+ key_file = NULL;
+
+exit:
+ if (key_file != NULL) {
+ fclose(key_file);
+ }
+ return status;
+}
+
+/* Generate a master key for use in this demo.
+ *
+ * Normally a master key would be non-exportable. For the purpose of this
+ * demo, we want to save it to a file, to avoid relying on the keystore
+ * capability of the PSA crypto library. */
+static psa_status_t generate(const char *key_file_name)
+{
+ psa_status_t status = PSA_SUCCESS;
+ psa_key_id_t key = 0;
+ psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
+
+ psa_set_key_usage_flags(&attributes,
+ PSA_KEY_USAGE_DERIVE | PSA_KEY_USAGE_EXPORT);
+ psa_set_key_algorithm(&attributes, KDF_ALG);
+ psa_set_key_type(&attributes, PSA_KEY_TYPE_DERIVE);
+ psa_set_key_bits(&attributes, PSA_BYTES_TO_BITS(KEY_SIZE_BYTES));
+
+ PSA_CHECK(psa_generate_key(&attributes, &key));
+
+ PSA_CHECK(save_key(key, key_file_name));
+
+exit:
+ (void) psa_destroy_key(key);
+ return status;
+}
+
+/* Load the master key from a file.
+ *
+ * In the real world, this master key would be stored in an internal memory
+ * and the storage would be managed by the keystore capability of the PSA
+ * crypto library. */
+static psa_status_t import_key_from_file(psa_key_usage_t usage,
+ psa_algorithm_t alg,
+ const char *key_file_name,
+ psa_key_id_t *master_key)
+{
+ psa_status_t status = PSA_SUCCESS;
+ psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
+ uint8_t key_data[KEY_SIZE_BYTES];
+ size_t key_size;
+ FILE *key_file = NULL;
+ unsigned char extra_byte;
+
+ SYS_CHECK((key_file = fopen(key_file_name, "rb")) != NULL);
+ /* Ensure no stdio buffering of secrets, as such buffers cannot be wiped. */
+ mbedtls_setbuf(key_file, NULL);
+ SYS_CHECK((key_size = fread(key_data, 1, sizeof(key_data),
+ key_file)) != 0);
+ if (fread(&extra_byte, 1, 1, key_file) != 0) {
+ printf("Key file too large (max: %u).\n",
+ (unsigned) sizeof(key_data));
+ status = DEMO_ERROR;
+ goto exit;
+ }
+ SYS_CHECK(fclose(key_file) == 0);
+ key_file = NULL;
+
+ psa_set_key_usage_flags(&attributes, usage);
+ psa_set_key_algorithm(&attributes, alg);
+ psa_set_key_type(&attributes, PSA_KEY_TYPE_DERIVE);
+ PSA_CHECK(psa_import_key(&attributes, key_data, key_size, master_key));
+exit:
+ if (key_file != NULL) {
+ fclose(key_file);
+ }
+ mbedtls_platform_zeroize(key_data, sizeof(key_data));
+ if (status != PSA_SUCCESS) {
+ /* If the key creation hasn't happened yet or has failed,
+ * *master_key is null. psa_destroy_key( 0 ) is
+ * guaranteed to do nothing and return PSA_SUCCESS. */
+ (void) psa_destroy_key(*master_key);
+ *master_key = 0;
+ }
+ return status;
+}
+
+/* Derive the intermediate keys, using the list of labels provided on
+ * the command line. On input, *key is the master key identifier.
+ * This function destroys the master key. On successful output, *key
+ * is the identifier of the final derived key.
+ */
+static psa_status_t derive_key_ladder(const char *ladder[],
+ size_t ladder_depth,
+ psa_key_id_t *key)
+{
+ psa_status_t status = PSA_SUCCESS;
+ psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
+ psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT;
+ size_t i;
+
+ psa_set_key_usage_flags(&attributes,
+ PSA_KEY_USAGE_DERIVE | PSA_KEY_USAGE_EXPORT);
+ psa_set_key_algorithm(&attributes, KDF_ALG);
+ psa_set_key_type(&attributes, PSA_KEY_TYPE_DERIVE);
+ psa_set_key_bits(&attributes, PSA_BYTES_TO_BITS(KEY_SIZE_BYTES));
+
+ /* For each label in turn, ... */
+ for (i = 0; i < ladder_depth; i++) {
+ /* Start deriving material from the master key (if i=0) or from
+ * the current intermediate key (if i>0). */
+ PSA_CHECK(psa_key_derivation_setup(&operation, KDF_ALG));
+ PSA_CHECK(psa_key_derivation_input_bytes(
+ &operation, PSA_KEY_DERIVATION_INPUT_SALT,
+ DERIVE_KEY_SALT, DERIVE_KEY_SALT_LENGTH));
+ PSA_CHECK(psa_key_derivation_input_key(
+ &operation, PSA_KEY_DERIVATION_INPUT_SECRET,
+ *key));
+ PSA_CHECK(psa_key_derivation_input_bytes(
+ &operation, PSA_KEY_DERIVATION_INPUT_INFO,
+ (uint8_t *) ladder[i], strlen(ladder[i])));
+ /* When the parent key is not the master key, destroy it,
+ * since it is no longer needed. */
+ PSA_CHECK(psa_destroy_key(*key));
+ *key = 0;
+ /* Derive the next intermediate key from the parent key. */
+ PSA_CHECK(psa_key_derivation_output_key(&attributes, &operation,
+ key));
+ PSA_CHECK(psa_key_derivation_abort(&operation));
+ }
+
+exit:
+ psa_key_derivation_abort(&operation);
+ if (status != PSA_SUCCESS) {
+ psa_destroy_key(*key);
+ *key = 0;
+ }
+ return status;
+}
+
+/* Derive a wrapping key from the last intermediate key. */
+static psa_status_t derive_wrapping_key(psa_key_usage_t usage,
+ psa_key_id_t derived_key,
+ psa_key_id_t *wrapping_key)
+{
+ psa_status_t status = PSA_SUCCESS;
+ psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
+ psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT;
+
+ *wrapping_key = 0;
+
+ /* Set up a key derivation operation from the key derived from
+ * the master key. */
+ PSA_CHECK(psa_key_derivation_setup(&operation, KDF_ALG));
+ PSA_CHECK(psa_key_derivation_input_bytes(
+ &operation, PSA_KEY_DERIVATION_INPUT_SALT,
+ WRAPPING_KEY_SALT, WRAPPING_KEY_SALT_LENGTH));
+ PSA_CHECK(psa_key_derivation_input_key(
+ &operation, PSA_KEY_DERIVATION_INPUT_SECRET,
+ derived_key));
+ PSA_CHECK(psa_key_derivation_input_bytes(
+ &operation, PSA_KEY_DERIVATION_INPUT_INFO,
+ NULL, 0));
+
+ /* Create the wrapping key. */
+ psa_set_key_usage_flags(&attributes, usage);
+ psa_set_key_algorithm(&attributes, WRAPPING_ALG);
+ psa_set_key_type(&attributes, PSA_KEY_TYPE_AES);
+ psa_set_key_bits(&attributes, WRAPPING_KEY_BITS);
+ PSA_CHECK(psa_key_derivation_output_key(&attributes, &operation,
+ wrapping_key));
+
+exit:
+ psa_key_derivation_abort(&operation);
+ return status;
+}
+
+static psa_status_t wrap_data(const char *input_file_name,
+ const char *output_file_name,
+ psa_key_id_t wrapping_key)
+{
+ psa_status_t status;
+ FILE *input_file = NULL;
+ FILE *output_file = NULL;
+ psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
+ psa_key_type_t key_type;
+ long input_position;
+ size_t input_size;
+ size_t buffer_size = 0;
+ unsigned char *buffer = NULL;
+ size_t ciphertext_size;
+ wrapped_data_header_t header;
+
+ /* Find the size of the data to wrap. */
+ SYS_CHECK((input_file = fopen(input_file_name, "rb")) != NULL);
+ /* Ensure no stdio buffering of secrets, as such buffers cannot be wiped. */
+ mbedtls_setbuf(input_file, NULL);
+ SYS_CHECK(fseek(input_file, 0, SEEK_END) == 0);
+ SYS_CHECK((input_position = ftell(input_file)) != -1);
+#if LONG_MAX > SIZE_MAX
+ if (input_position > SIZE_MAX) {
+ printf("Input file too large.\n");
+ status = DEMO_ERROR;
+ goto exit;
+ }
+#endif
+ input_size = input_position;
+ PSA_CHECK(psa_get_key_attributes(wrapping_key, &attributes));
+ key_type = psa_get_key_type(&attributes);
+ buffer_size =
+ PSA_AEAD_ENCRYPT_OUTPUT_SIZE(key_type, WRAPPING_ALG, input_size);
+ /* Check for integer overflow. */
+ if (buffer_size < input_size) {
+ printf("Input file too large.\n");
+ status = DEMO_ERROR;
+ goto exit;
+ }
+
+ /* Load the data to wrap. */
+ SYS_CHECK(fseek(input_file, 0, SEEK_SET) == 0);
+ SYS_CHECK((buffer = calloc(1, buffer_size)) != NULL);
+ SYS_CHECK(fread(buffer, 1, input_size, input_file) == input_size);
+ SYS_CHECK(fclose(input_file) == 0);
+ input_file = NULL;
+
+ /* Construct a header. */
+ memcpy(&header.magic, WRAPPED_DATA_MAGIC, WRAPPED_DATA_MAGIC_LENGTH);
+ header.ad_size = sizeof(header);
+ header.payload_size = input_size;
+
+ /* Wrap the data. */
+ PSA_CHECK(psa_generate_random(header.iv, WRAPPING_IV_SIZE));
+ PSA_CHECK(psa_aead_encrypt(wrapping_key, WRAPPING_ALG,
+ header.iv, WRAPPING_IV_SIZE,
+ (uint8_t *) &header, sizeof(header),
+ buffer, input_size,
+ buffer, buffer_size,
+ &ciphertext_size));
+
+ /* Write the output. */
+ SYS_CHECK((output_file = fopen(output_file_name, "wb")) != NULL);
+ /* Ensure no stdio buffering of secrets, as such buffers cannot be wiped. */
+ mbedtls_setbuf(output_file, NULL);
+ SYS_CHECK(fwrite(&header, 1, sizeof(header),
+ output_file) == sizeof(header));
+ SYS_CHECK(fwrite(buffer, 1, ciphertext_size,
+ output_file) == ciphertext_size);
+ SYS_CHECK(fclose(output_file) == 0);
+ output_file = NULL;
+
+exit:
+ if (input_file != NULL) {
+ fclose(input_file);
+ }
+ if (output_file != NULL) {
+ fclose(output_file);
+ }
+ if (buffer != NULL) {
+ mbedtls_platform_zeroize(buffer, buffer_size);
+ }
+ free(buffer);
+ return status;
+}
+
+static psa_status_t unwrap_data(const char *input_file_name,
+ const char *output_file_name,
+ psa_key_id_t wrapping_key)
+{
+ psa_status_t status;
+ FILE *input_file = NULL;
+ FILE *output_file = NULL;
+ psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
+ psa_key_type_t key_type;
+ unsigned char *buffer = NULL;
+ size_t ciphertext_size = 0;
+ size_t plaintext_size;
+ wrapped_data_header_t header;
+ unsigned char extra_byte;
+
+ /* Load and validate the header. */
+ SYS_CHECK((input_file = fopen(input_file_name, "rb")) != NULL);
+ /* Ensure no stdio buffering of secrets, as such buffers cannot be wiped. */
+ mbedtls_setbuf(input_file, NULL);
+ SYS_CHECK(fread(&header, 1, sizeof(header),
+ input_file) == sizeof(header));
+ if (memcmp(&header.magic, WRAPPED_DATA_MAGIC,
+ WRAPPED_DATA_MAGIC_LENGTH) != 0) {
+ printf("The input does not start with a valid magic header.\n");
+ status = DEMO_ERROR;
+ goto exit;
+ }
+ if (header.ad_size != sizeof(header)) {
+ printf("The header size is not correct.\n");
+ status = DEMO_ERROR;
+ goto exit;
+ }
+ PSA_CHECK(psa_get_key_attributes(wrapping_key, &attributes));
+ key_type = psa_get_key_type(&attributes);
+ ciphertext_size =
+ PSA_AEAD_ENCRYPT_OUTPUT_SIZE(key_type, WRAPPING_ALG, header.payload_size);
+ /* Check for integer overflow. */
+ if (ciphertext_size < header.payload_size) {
+ printf("Input file too large.\n");
+ status = DEMO_ERROR;
+ goto exit;
+ }
+
+ /* Load the payload data. */
+ SYS_CHECK((buffer = calloc(1, ciphertext_size)) != NULL);
+ SYS_CHECK(fread(buffer, 1, ciphertext_size,
+ input_file) == ciphertext_size);
+ if (fread(&extra_byte, 1, 1, input_file) != 0) {
+ printf("Extra garbage after ciphertext\n");
+ status = DEMO_ERROR;
+ goto exit;
+ }
+ SYS_CHECK(fclose(input_file) == 0);
+ input_file = NULL;
+
+ /* Unwrap the data. */
+ PSA_CHECK(psa_aead_decrypt(wrapping_key, WRAPPING_ALG,
+ header.iv, WRAPPING_IV_SIZE,
+ (uint8_t *) &header, sizeof(header),
+ buffer, ciphertext_size,
+ buffer, ciphertext_size,
+ &plaintext_size));
+ if (plaintext_size != header.payload_size) {
+ printf("Incorrect payload size in the header.\n");
+ status = DEMO_ERROR;
+ goto exit;
+ }
+
+ /* Write the output. */
+ SYS_CHECK((output_file = fopen(output_file_name, "wb")) != NULL);
+ /* Ensure no stdio buffering of secrets, as such buffers cannot be wiped. */
+ mbedtls_setbuf(output_file, NULL);
+ SYS_CHECK(fwrite(buffer, 1, plaintext_size,
+ output_file) == plaintext_size);
+ SYS_CHECK(fclose(output_file) == 0);
+ output_file = NULL;
+
+exit:
+ if (input_file != NULL) {
+ fclose(input_file);
+ }
+ if (output_file != NULL) {
+ fclose(output_file);
+ }
+ if (buffer != NULL) {
+ mbedtls_platform_zeroize(buffer, ciphertext_size);
+ }
+ free(buffer);
+ return status;
+}
+
+static psa_status_t run(enum program_mode mode,
+ const char *key_file_name,
+ const char *ladder[], size_t ladder_depth,
+ const char *input_file_name,
+ const char *output_file_name)
+{
+ psa_status_t status = PSA_SUCCESS;
+ psa_key_id_t derivation_key = 0;
+ psa_key_id_t wrapping_key = 0;
+
+ /* Initialize the PSA crypto library. */
+ PSA_CHECK(psa_crypto_init());
+
+ /* Generate mode is unlike the others. Generate the master key and exit. */
+ if (mode == MODE_GENERATE) {
+ return generate(key_file_name);
+ }
+
+ /* Read the master key. */
+ PSA_CHECK(import_key_from_file(PSA_KEY_USAGE_DERIVE | PSA_KEY_USAGE_EXPORT,
+ KDF_ALG,
+ key_file_name,
+ &derivation_key));
+
+ /* Calculate the derived key for this session. */
+ PSA_CHECK(derive_key_ladder(ladder, ladder_depth,
+ &derivation_key));
+
+ switch (mode) {
+ case MODE_SAVE:
+ PSA_CHECK(save_key(derivation_key, output_file_name));
+ break;
+ case MODE_UNWRAP:
+ PSA_CHECK(derive_wrapping_key(PSA_KEY_USAGE_DECRYPT,
+ derivation_key,
+ &wrapping_key));
+ PSA_CHECK(unwrap_data(input_file_name, output_file_name,
+ wrapping_key));
+ break;
+ case MODE_WRAP:
+ PSA_CHECK(derive_wrapping_key(PSA_KEY_USAGE_ENCRYPT,
+ derivation_key,
+ &wrapping_key));
+ PSA_CHECK(wrap_data(input_file_name, output_file_name,
+ wrapping_key));
+ break;
+ default:
+ /* Unreachable but some compilers don't realize it. */
+ break;
+ }
+
+exit:
+ /* Destroy any remaining key. Deinitializing the crypto library would do
+ * this anyway since they are volatile keys, but explicitly destroying
+ * keys makes the code easier to reuse. */
+ (void) psa_destroy_key(derivation_key);
+ (void) psa_destroy_key(wrapping_key);
+ /* Deinitialize the PSA crypto library. */
+ mbedtls_psa_crypto_free();
+ return status;
+}
+
+static void usage(void)
+{
+ printf("Usage: key_ladder_demo MODE [OPTION=VALUE]...\n");
+ printf("Demonstrate the usage of a key derivation ladder.\n");
+ printf("\n");
+ printf("Modes:\n");
+ printf(" generate Generate the master key\n");
+ printf(" save Save the derived key\n");
+ printf(" unwrap Unwrap (decrypt) input with the derived key\n");
+ printf(" wrap Wrap (encrypt) input with the derived key\n");
+ printf("\n");
+ printf("Options:\n");
+ printf(" input=FILENAME Input file (required for wrap/unwrap)\n");
+ printf(" master=FILENAME File containing the master key (default: master.key)\n");
+ printf(" output=FILENAME Output file (required for save/wrap/unwrap)\n");
+ printf(" label=TEXT Label for the key derivation.\n");
+ printf(" This may be repeated multiple times.\n");
+ printf(" To get the same key, you must use the same master key\n");
+ printf(" and the same sequence of labels.\n");
+}
+
+int main(int argc, char *argv[])
+{
+ const char *key_file_name = "master.key";
+ const char *input_file_name = NULL;
+ const char *output_file_name = NULL;
+ const char *ladder[MAX_LADDER_DEPTH];
+ size_t ladder_depth = 0;
+ int i;
+ enum program_mode mode;
+ psa_status_t status;
+
+ if (argc <= 1 ||
+ strcmp(argv[1], "help") == 0 ||
+ strcmp(argv[1], "-help") == 0 ||
+ strcmp(argv[1], "--help") == 0) {
+ usage();
+ return EXIT_SUCCESS;
+ }
+
+ for (i = 2; i < argc; i++) {
+ char *q = strchr(argv[i], '=');
+ if (q == NULL) {
+ printf("Missing argument to option %s\n", argv[i]);
+ goto usage_failure;
+ }
+ *q = 0;
+ ++q;
+ if (strcmp(argv[i], "input") == 0) {
+ input_file_name = q;
+ } else if (strcmp(argv[i], "label") == 0) {
+ if (ladder_depth == MAX_LADDER_DEPTH) {
+ printf("Maximum ladder depth %u exceeded.\n",
+ (unsigned) MAX_LADDER_DEPTH);
+ return EXIT_FAILURE;
+ }
+ ladder[ladder_depth] = q;
+ ++ladder_depth;
+ } else if (strcmp(argv[i], "master") == 0) {
+ key_file_name = q;
+ } else if (strcmp(argv[i], "output") == 0) {
+ output_file_name = q;
+ } else {
+ printf("Unknown option: %s\n", argv[i]);
+ goto usage_failure;
+ }
+ }
+
+ if (strcmp(argv[1], "generate") == 0) {
+ mode = MODE_GENERATE;
+ } else if (strcmp(argv[1], "save") == 0) {
+ mode = MODE_SAVE;
+ } else if (strcmp(argv[1], "unwrap") == 0) {
+ mode = MODE_UNWRAP;
+ } else if (strcmp(argv[1], "wrap") == 0) {
+ mode = MODE_WRAP;
+ } else {
+ printf("Unknown action: %s\n", argv[1]);
+ goto usage_failure;
+ }
+
+ if (input_file_name == NULL &&
+ (mode == MODE_WRAP || mode == MODE_UNWRAP)) {
+ printf("Required argument missing: input\n");
+ return DEMO_ERROR;
+ }
+ if (output_file_name == NULL &&
+ (mode == MODE_SAVE || mode == MODE_WRAP || mode == MODE_UNWRAP)) {
+ printf("Required argument missing: output\n");
+ return DEMO_ERROR;
+ }
+
+ status = run(mode, key_file_name,
+ ladder, ladder_depth,
+ input_file_name, output_file_name);
+ return status == PSA_SUCCESS ?
+ EXIT_SUCCESS :
+ EXIT_FAILURE;
+
+usage_failure:
+ usage();
+ return EXIT_FAILURE;
+}
+#endif /* PSA_WANT_ALG_SHA_256 && MBEDTLS_MD_C &&
+ MBEDTLS_AES_C && MBEDTLS_CCM_C &&
+ MBEDTLS_PSA_CRYPTO_C && MBEDTLS_FS_IO */
diff --git a/programs/psa/key_ladder_demo.sh b/programs/psa/key_ladder_demo.sh
new file mode 100755
index 0000000..e55da7e
--- /dev/null
+++ b/programs/psa/key_ladder_demo.sh
@@ -0,0 +1,51 @@
+#!/bin/sh
+#
+# Copyright The Mbed TLS Contributors
+# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+
+. "${0%/*}/../demo_common.sh"
+
+msg <<'EOF'
+This script demonstrates the use of the PSA cryptography interface to
+create a master key, derive a key from it and use that derived key to
+wrap some data using an AEAD algorithm.
+EOF
+
+depends_on MBEDTLS_SHA256_C MBEDTLS_MD_C MBEDTLS_AES_C MBEDTLS_CCM_C MBEDTLS_PSA_CRYPTO_C MBEDTLS_FS_IO
+
+program="${0%/*}"/key_ladder_demo
+
+if [ -e master.key ]; then
+ echo "# Reusing the existing master.key file."
+else
+ files_to_clean="$files_to_clean master.key"
+ run "Generate a master key." \
+ "$program" generate master=master.key
+fi
+
+files_to_clean="$files_to_clean input.txt hello_world.wrap"
+echo "Here is some input. See it wrapped." >input.txt
+run "Derive a key and wrap some data with it." \
+ "$program" wrap master=master.key label=hello label=world \
+ input=input.txt output=hello_world.wrap
+
+files_to_clean="$files_to_clean hello_world.txt"
+run "Derive the same key again and unwrap the data." \
+ "$program" unwrap master=master.key label=hello label=world \
+ input=hello_world.wrap output=hello_world.txt
+run "Compare the unwrapped data with the original input." \
+ cmp input.txt hello_world.txt
+
+files_to_clean="$files_to_clean hellow_orld.txt"
+run_bad "Derive a different key and attempt to unwrap the data." \
+ "$program" unwrap master=master.key input=hello_world.wrap output=hellow_orld.txt label=hellow label=orld
+
+files_to_clean="$files_to_clean hello.key"
+run "Save the first step of the key ladder, then load it as a master key and construct the rest of the ladder." \
+ "$program" save master=master.key label=hello \
+ input=hello_world.wrap output=hello.key
+run "Check that we get the same key by unwrapping data made by the other key." \
+ "$program" unwrap master=hello.key label=world \
+ input=hello_world.wrap output=hello_world.txt
+
+cleanup
diff --git a/programs/psa/psa_constant_names.c b/programs/psa/psa_constant_names.c
new file mode 100644
index 0000000..0baf4a0
--- /dev/null
+++ b/programs/psa/psa_constant_names.c
@@ -0,0 +1,310 @@
+/*
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ */
+
+#include <errno.h>
+#include <stdint.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include "psa/crypto.h"
+
+/* This block is present to support Visual Studio builds prior to 2015 */
+#if defined(_MSC_VER) && _MSC_VER < 1900
+#include <stdarg.h>
+int snprintf(char *s, size_t n, const char *fmt, ...)
+{
+ int ret;
+ va_list argp;
+
+ /* Avoid calling the invalid parameter handler by checking ourselves */
+ if (s == NULL || n == 0 || fmt == NULL) {
+ return -1;
+ }
+
+ va_start(argp, fmt);
+#if defined(_TRUNCATE) && !defined(__MINGW32__)
+ ret = _vsnprintf_s(s, n, _TRUNCATE, fmt, argp);
+#else
+ ret = _vsnprintf(s, n, fmt, argp);
+ if (ret < 0 || (size_t) ret == n) {
+ s[n-1] = '\0';
+ ret = -1;
+ }
+#endif
+ va_end(argp);
+
+ return ret;
+}
+#endif
+
+static void append(char **buffer, size_t buffer_size,
+ size_t *required_size,
+ const char *string, size_t length)
+{
+ *required_size += length;
+ if (*required_size < buffer_size) {
+ memcpy(*buffer, string, length);
+ *buffer += length;
+ }
+}
+
+static void append_integer(char **buffer, size_t buffer_size,
+ size_t *required_size,
+ const char *format /*printf format for value*/,
+ unsigned long value)
+{
+ size_t n = snprintf(*buffer, buffer_size - *required_size, format, value);
+ if (n < buffer_size - *required_size) {
+ *buffer += n;
+ }
+ *required_size += n;
+}
+
+/* The code of these function is automatically generated and included below. */
+static const char *psa_ecc_family_name(psa_ecc_family_t curve);
+static const char *psa_dh_family_name(psa_dh_family_t group);
+static const char *psa_hash_algorithm_name(psa_algorithm_t hash_alg);
+
+static void append_with_curve(char **buffer, size_t buffer_size,
+ size_t *required_size,
+ const char *string, size_t length,
+ psa_ecc_family_t curve)
+{
+ const char *family_name = psa_ecc_family_name(curve);
+ append(buffer, buffer_size, required_size, string, length);
+ append(buffer, buffer_size, required_size, "(", 1);
+ if (family_name != NULL) {
+ append(buffer, buffer_size, required_size,
+ family_name, strlen(family_name));
+ } else {
+ append_integer(buffer, buffer_size, required_size,
+ "0x%02x", curve);
+ }
+ append(buffer, buffer_size, required_size, ")", 1);
+}
+
+static void append_with_group(char **buffer, size_t buffer_size,
+ size_t *required_size,
+ const char *string, size_t length,
+ psa_dh_family_t group)
+{
+ const char *group_name = psa_dh_family_name(group);
+ append(buffer, buffer_size, required_size, string, length);
+ append(buffer, buffer_size, required_size, "(", 1);
+ if (group_name != NULL) {
+ append(buffer, buffer_size, required_size,
+ group_name, strlen(group_name));
+ } else {
+ append_integer(buffer, buffer_size, required_size,
+ "0x%02x", group);
+ }
+ append(buffer, buffer_size, required_size, ")", 1);
+}
+
+typedef const char *(*psa_get_algorithm_name_func_ptr)(psa_algorithm_t alg);
+
+static void append_with_alg(char **buffer, size_t buffer_size,
+ size_t *required_size,
+ psa_get_algorithm_name_func_ptr get_name,
+ psa_algorithm_t alg)
+{
+ const char *name = get_name(alg);
+ if (name != NULL) {
+ append(buffer, buffer_size, required_size,
+ name, strlen(name));
+ } else {
+ append_integer(buffer, buffer_size, required_size,
+ "0x%08lx", alg);
+ }
+}
+
+#include "psa_constant_names_generated.c"
+
+static int psa_snprint_status(char *buffer, size_t buffer_size,
+ psa_status_t status)
+{
+ const char *name = psa_strerror(status);
+ if (name == NULL) {
+ return snprintf(buffer, buffer_size, "%ld", (long) status);
+ } else {
+ size_t length = strlen(name);
+ if (length < buffer_size) {
+ memcpy(buffer, name, length + 1);
+ return (int) length;
+ } else {
+ return (int) buffer_size;
+ }
+ }
+}
+
+static int psa_snprint_ecc_curve(char *buffer, size_t buffer_size,
+ psa_ecc_family_t curve)
+{
+ const char *name = psa_ecc_family_name(curve);
+ if (name == NULL) {
+ return snprintf(buffer, buffer_size, "0x%02x", (unsigned) curve);
+ } else {
+ size_t length = strlen(name);
+ if (length < buffer_size) {
+ memcpy(buffer, name, length + 1);
+ return (int) length;
+ } else {
+ return (int) buffer_size;
+ }
+ }
+}
+
+static int psa_snprint_dh_group(char *buffer, size_t buffer_size,
+ psa_dh_family_t group)
+{
+ const char *name = psa_dh_family_name(group);
+ if (name == NULL) {
+ return snprintf(buffer, buffer_size, "0x%02x", (unsigned) group);
+ } else {
+ size_t length = strlen(name);
+ if (length < buffer_size) {
+ memcpy(buffer, name, length + 1);
+ return (int) length;
+ } else {
+ return (int) buffer_size;
+ }
+ }
+}
+
+static void usage(const char *program_name)
+{
+ printf("Usage: %s TYPE VALUE [VALUE...]\n",
+ program_name == NULL ? "psa_constant_names" : program_name);
+ printf("Print the symbolic name whose numerical value is VALUE in TYPE.\n");
+ printf("Supported types (with = between aliases):\n");
+ printf(" alg=algorithm Algorithm (psa_algorithm_t)\n");
+ printf(" curve=ecc_curve Elliptic curve identifier (psa_ecc_family_t)\n");
+ printf(" group=dh_group Diffie-Hellman group identifier (psa_dh_family_t)\n");
+ printf(" type=key_type Key type (psa_key_type_t)\n");
+ printf(" usage=key_usage Key usage (psa_key_usage_t)\n");
+ printf(" error=status Status code (psa_status_t)\n");
+}
+
+typedef enum {
+ TYPE_STATUS,
+} signed_value_type;
+
+int process_signed(signed_value_type type, long min, long max, char **argp)
+{
+ for (; *argp != NULL; argp++) {
+ char buffer[200];
+ char *end;
+ long value = strtol(*argp, &end, 0);
+ if (*end) {
+ printf("Non-numeric value: %s\n", *argp);
+ return EXIT_FAILURE;
+ }
+ if (value < min || (errno == ERANGE && value < 0)) {
+ printf("Value too small: %s\n", *argp);
+ return EXIT_FAILURE;
+ }
+ if (value > max || (errno == ERANGE && value > 0)) {
+ printf("Value too large: %s\n", *argp);
+ return EXIT_FAILURE;
+ }
+
+ switch (type) {
+ case TYPE_STATUS:
+ psa_snprint_status(buffer, sizeof(buffer),
+ (psa_status_t) value);
+ break;
+ }
+ puts(buffer);
+ }
+
+ return EXIT_SUCCESS;
+}
+
+typedef enum {
+ TYPE_ALGORITHM,
+ TYPE_ECC_CURVE,
+ TYPE_DH_GROUP,
+ TYPE_KEY_TYPE,
+ TYPE_KEY_USAGE,
+} unsigned_value_type;
+
+int process_unsigned(unsigned_value_type type, unsigned long max, char **argp)
+{
+ for (; *argp != NULL; argp++) {
+ char buffer[200];
+ char *end;
+ unsigned long value = strtoul(*argp, &end, 0);
+ if (*end) {
+ printf("Non-numeric value: %s\n", *argp);
+ return EXIT_FAILURE;
+ }
+ if (value > max || errno == ERANGE) {
+ printf("Value out of range: %s\n", *argp);
+ return EXIT_FAILURE;
+ }
+
+ switch (type) {
+ case TYPE_ALGORITHM:
+ psa_snprint_algorithm(buffer, sizeof(buffer),
+ (psa_algorithm_t) value);
+ break;
+ case TYPE_ECC_CURVE:
+ psa_snprint_ecc_curve(buffer, sizeof(buffer),
+ (psa_ecc_family_t) value);
+ break;
+ case TYPE_DH_GROUP:
+ psa_snprint_dh_group(buffer, sizeof(buffer),
+ (psa_dh_family_t) value);
+ break;
+ case TYPE_KEY_TYPE:
+ psa_snprint_key_type(buffer, sizeof(buffer),
+ (psa_key_type_t) value);
+ break;
+ case TYPE_KEY_USAGE:
+ psa_snprint_key_usage(buffer, sizeof(buffer),
+ (psa_key_usage_t) value);
+ break;
+ }
+ puts(buffer);
+ }
+
+ return EXIT_SUCCESS;
+}
+
+int main(int argc, char *argv[])
+{
+ if (argc <= 1 ||
+ !strcmp(argv[1], "help") ||
+ !strcmp(argv[1], "--help")) {
+ usage(argv[0]);
+ return EXIT_FAILURE;
+ }
+
+ if (!strcmp(argv[1], "error") || !strcmp(argv[1], "status")) {
+ /* There's no way to obtain the actual range of a signed type,
+ * so hard-code it here: psa_status_t is int32_t. */
+ return process_signed(TYPE_STATUS, INT32_MIN, INT32_MAX,
+ argv + 2);
+ } else if (!strcmp(argv[1], "alg") || !strcmp(argv[1], "algorithm")) {
+ return process_unsigned(TYPE_ALGORITHM, (psa_algorithm_t) (-1),
+ argv + 2);
+ } else if (!strcmp(argv[1], "curve") || !strcmp(argv[1], "ecc_curve")) {
+ return process_unsigned(TYPE_ECC_CURVE, (psa_ecc_family_t) (-1),
+ argv + 2);
+ } else if (!strcmp(argv[1], "group") || !strcmp(argv[1], "dh_group")) {
+ return process_unsigned(TYPE_DH_GROUP, (psa_dh_family_t) (-1),
+ argv + 2);
+ } else if (!strcmp(argv[1], "type") || !strcmp(argv[1], "key_type")) {
+ return process_unsigned(TYPE_KEY_TYPE, (psa_key_type_t) (-1),
+ argv + 2);
+ } else if (!strcmp(argv[1], "usage") || !strcmp(argv[1], "key_usage")) {
+ return process_unsigned(TYPE_KEY_USAGE, (psa_key_usage_t) (-1),
+ argv + 2);
+ } else {
+ printf("Unknown type: %s\n", argv[1]);
+ return EXIT_FAILURE;
+ }
+}
diff --git a/programs/psa/psa_constant_names_generated.c b/programs/psa/psa_constant_names_generated.c
new file mode 100644
index 0000000..143a6a3
--- /dev/null
+++ b/programs/psa/psa_constant_names_generated.c
@@ -0,0 +1,474 @@
+/* Automatically generated by generate_psa_constant.py. DO NOT EDIT. */
+
+static const char *psa_strerror(psa_status_t status)
+{
+ switch (status) {
+ case PSA_ERROR_ALREADY_EXISTS: return "PSA_ERROR_ALREADY_EXISTS";
+ case PSA_ERROR_BAD_STATE: return "PSA_ERROR_BAD_STATE";
+ case PSA_ERROR_BUFFER_TOO_SMALL: return "PSA_ERROR_BUFFER_TOO_SMALL";
+ case PSA_ERROR_COMMUNICATION_FAILURE: return "PSA_ERROR_COMMUNICATION_FAILURE";
+ case PSA_ERROR_CORRUPTION_DETECTED: return "PSA_ERROR_CORRUPTION_DETECTED";
+ case PSA_ERROR_DATA_CORRUPT: return "PSA_ERROR_DATA_CORRUPT";
+ case PSA_ERROR_DATA_INVALID: return "PSA_ERROR_DATA_INVALID";
+ case PSA_ERROR_DOES_NOT_EXIST: return "PSA_ERROR_DOES_NOT_EXIST";
+ case PSA_ERROR_GENERIC_ERROR: return "PSA_ERROR_GENERIC_ERROR";
+ case PSA_ERROR_HARDWARE_FAILURE: return "PSA_ERROR_HARDWARE_FAILURE";
+ case PSA_ERROR_INSUFFICIENT_DATA: return "PSA_ERROR_INSUFFICIENT_DATA";
+ case PSA_ERROR_INSUFFICIENT_ENTROPY: return "PSA_ERROR_INSUFFICIENT_ENTROPY";
+ case PSA_ERROR_INSUFFICIENT_MEMORY: return "PSA_ERROR_INSUFFICIENT_MEMORY";
+ case PSA_ERROR_INSUFFICIENT_STORAGE: return "PSA_ERROR_INSUFFICIENT_STORAGE";
+ case PSA_ERROR_INVALID_ARGUMENT: return "PSA_ERROR_INVALID_ARGUMENT";
+ case PSA_ERROR_INVALID_HANDLE: return "PSA_ERROR_INVALID_HANDLE";
+ case PSA_ERROR_INVALID_PADDING: return "PSA_ERROR_INVALID_PADDING";
+ case PSA_ERROR_INVALID_SIGNATURE: return "PSA_ERROR_INVALID_SIGNATURE";
+ case PSA_ERROR_NOT_PERMITTED: return "PSA_ERROR_NOT_PERMITTED";
+ case PSA_ERROR_NOT_SUPPORTED: return "PSA_ERROR_NOT_SUPPORTED";
+ case PSA_ERROR_SERVICE_FAILURE: return "PSA_ERROR_SERVICE_FAILURE";
+ case PSA_ERROR_STORAGE_FAILURE: return "PSA_ERROR_STORAGE_FAILURE";
+ case PSA_SUCCESS: return "PSA_SUCCESS";
+ default: return NULL;
+ }
+}
+
+static const char *psa_ecc_family_name(psa_ecc_family_t curve)
+{
+ switch (curve) {
+ case PSA_ECC_FAMILY_BRAINPOOL_P_R1: return "PSA_ECC_FAMILY_BRAINPOOL_P_R1";
+ case PSA_ECC_FAMILY_MONTGOMERY: return "PSA_ECC_FAMILY_MONTGOMERY";
+ case PSA_ECC_FAMILY_SECP_K1: return "PSA_ECC_FAMILY_SECP_K1";
+ case PSA_ECC_FAMILY_SECP_R1: return "PSA_ECC_FAMILY_SECP_R1";
+ case PSA_ECC_FAMILY_SECP_R2: return "PSA_ECC_FAMILY_SECP_R2";
+ case PSA_ECC_FAMILY_SECT_K1: return "PSA_ECC_FAMILY_SECT_K1";
+ case PSA_ECC_FAMILY_SECT_R1: return "PSA_ECC_FAMILY_SECT_R1";
+ case PSA_ECC_FAMILY_SECT_R2: return "PSA_ECC_FAMILY_SECT_R2";
+ case PSA_ECC_FAMILY_TWISTED_EDWARDS: return "PSA_ECC_FAMILY_TWISTED_EDWARDS";
+ default: return NULL;
+ }
+}
+
+static const char *psa_dh_family_name(psa_dh_family_t group)
+{
+ switch (group) {
+ case PSA_DH_FAMILY_RFC7919: return "PSA_DH_FAMILY_RFC7919";
+ default: return NULL;
+ }
+}
+
+static const char *psa_hash_algorithm_name(psa_algorithm_t hash_alg)
+{
+ switch (hash_alg) {
+ case PSA_ALG_ANY_HASH: return "PSA_ALG_ANY_HASH";
+ case PSA_ALG_CATEGORY_HASH: return "PSA_ALG_CATEGORY_HASH";
+ case PSA_ALG_MD5: return "PSA_ALG_MD5";
+ case PSA_ALG_RIPEMD160: return "PSA_ALG_RIPEMD160";
+ case PSA_ALG_SHA3_224: return "PSA_ALG_SHA3_224";
+ case PSA_ALG_SHA3_256: return "PSA_ALG_SHA3_256";
+ case PSA_ALG_SHA3_384: return "PSA_ALG_SHA3_384";
+ case PSA_ALG_SHA3_512: return "PSA_ALG_SHA3_512";
+ case PSA_ALG_SHAKE256_512: return "PSA_ALG_SHAKE256_512";
+ case PSA_ALG_SHA_1: return "PSA_ALG_SHA_1";
+ case PSA_ALG_SHA_224: return "PSA_ALG_SHA_224";
+ case PSA_ALG_SHA_256: return "PSA_ALG_SHA_256";
+ case PSA_ALG_SHA_384: return "PSA_ALG_SHA_384";
+ case PSA_ALG_SHA_512: return "PSA_ALG_SHA_512";
+ case PSA_ALG_SHA_512_224: return "PSA_ALG_SHA_512_224";
+ case PSA_ALG_SHA_512_256: return "PSA_ALG_SHA_512_256";
+ default: return NULL;
+ }
+}
+
+static const char *psa_ka_algorithm_name(psa_algorithm_t ka_alg)
+{
+ switch (ka_alg) {
+ case PSA_ALG_CATEGORY_KEY_AGREEMENT: return "PSA_ALG_CATEGORY_KEY_AGREEMENT";
+ case PSA_ALG_ECDH: return "PSA_ALG_ECDH";
+ case PSA_ALG_FFDH: return "PSA_ALG_FFDH";
+ default: return NULL;
+ }
+}
+
+static int psa_snprint_key_type(char *buffer, size_t buffer_size,
+ psa_key_type_t type)
+{
+ size_t required_size = 0;
+ switch (type) {
+ case PSA_KEY_TYPE_AES: append(&buffer, buffer_size, &required_size, "PSA_KEY_TYPE_AES", 16); break;
+ case PSA_KEY_TYPE_ARIA: append(&buffer, buffer_size, &required_size, "PSA_KEY_TYPE_ARIA", 17); break;
+ case PSA_KEY_TYPE_CAMELLIA: append(&buffer, buffer_size, &required_size, "PSA_KEY_TYPE_CAMELLIA", 21); break;
+ case PSA_KEY_TYPE_CATEGORY_FLAG_PAIR: append(&buffer, buffer_size, &required_size, "PSA_KEY_TYPE_CATEGORY_FLAG_PAIR", 31); break;
+ case PSA_KEY_TYPE_CATEGORY_KEY_PAIR: append(&buffer, buffer_size, &required_size, "PSA_KEY_TYPE_CATEGORY_KEY_PAIR", 30); break;
+ case PSA_KEY_TYPE_CATEGORY_PUBLIC_KEY: append(&buffer, buffer_size, &required_size, "PSA_KEY_TYPE_CATEGORY_PUBLIC_KEY", 32); break;
+ case PSA_KEY_TYPE_CATEGORY_RAW: append(&buffer, buffer_size, &required_size, "PSA_KEY_TYPE_CATEGORY_RAW", 25); break;
+ case PSA_KEY_TYPE_CATEGORY_SYMMETRIC: append(&buffer, buffer_size, &required_size, "PSA_KEY_TYPE_CATEGORY_SYMMETRIC", 31); break;
+ case PSA_KEY_TYPE_CHACHA20: append(&buffer, buffer_size, &required_size, "PSA_KEY_TYPE_CHACHA20", 21); break;
+ case PSA_KEY_TYPE_DERIVE: append(&buffer, buffer_size, &required_size, "PSA_KEY_TYPE_DERIVE", 19); break;
+ case PSA_KEY_TYPE_DES: append(&buffer, buffer_size, &required_size, "PSA_KEY_TYPE_DES", 16); break;
+ case PSA_KEY_TYPE_DH_KEY_PAIR_BASE: append(&buffer, buffer_size, &required_size, "PSA_KEY_TYPE_DH_KEY_PAIR_BASE", 29); break;
+ case PSA_KEY_TYPE_DH_PUBLIC_KEY_BASE: append(&buffer, buffer_size, &required_size, "PSA_KEY_TYPE_DH_PUBLIC_KEY_BASE", 31); break;
+ case PSA_KEY_TYPE_DSA_KEY_PAIR: append(&buffer, buffer_size, &required_size, "PSA_KEY_TYPE_DSA_KEY_PAIR", 25); break;
+ case PSA_KEY_TYPE_DSA_PUBLIC_KEY: append(&buffer, buffer_size, &required_size, "PSA_KEY_TYPE_DSA_PUBLIC_KEY", 27); break;
+ case PSA_KEY_TYPE_ECC_KEY_PAIR_BASE: append(&buffer, buffer_size, &required_size, "PSA_KEY_TYPE_ECC_KEY_PAIR_BASE", 30); break;
+ case PSA_KEY_TYPE_ECC_PUBLIC_KEY_BASE: append(&buffer, buffer_size, &required_size, "PSA_KEY_TYPE_ECC_PUBLIC_KEY_BASE", 32); break;
+ case PSA_KEY_TYPE_HMAC: append(&buffer, buffer_size, &required_size, "PSA_KEY_TYPE_HMAC", 17); break;
+ case PSA_KEY_TYPE_NONE: append(&buffer, buffer_size, &required_size, "PSA_KEY_TYPE_NONE", 17); break;
+ case PSA_KEY_TYPE_PASSWORD: append(&buffer, buffer_size, &required_size, "PSA_KEY_TYPE_PASSWORD", 21); break;
+ case PSA_KEY_TYPE_PASSWORD_HASH: append(&buffer, buffer_size, &required_size, "PSA_KEY_TYPE_PASSWORD_HASH", 26); break;
+ case PSA_KEY_TYPE_PEPPER: append(&buffer, buffer_size, &required_size, "PSA_KEY_TYPE_PEPPER", 19); break;
+ case PSA_KEY_TYPE_RAW_DATA: append(&buffer, buffer_size, &required_size, "PSA_KEY_TYPE_RAW_DATA", 21); break;
+ case PSA_KEY_TYPE_RSA_KEY_PAIR: append(&buffer, buffer_size, &required_size, "PSA_KEY_TYPE_RSA_KEY_PAIR", 25); break;
+ case PSA_KEY_TYPE_RSA_PUBLIC_KEY: append(&buffer, buffer_size, &required_size, "PSA_KEY_TYPE_RSA_PUBLIC_KEY", 27); break;
+ default:
+ if (PSA_KEY_TYPE_IS_ECC_KEY_PAIR(type)) {
+ append_with_curve(&buffer, buffer_size, &required_size,
+ "PSA_KEY_TYPE_ECC_KEY_PAIR", 25,
+ PSA_KEY_TYPE_ECC_GET_FAMILY(type));
+ } else if (PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY(type)) {
+ append_with_curve(&buffer, buffer_size, &required_size,
+ "PSA_KEY_TYPE_ECC_PUBLIC_KEY", 27,
+ PSA_KEY_TYPE_ECC_GET_FAMILY(type));
+ } else if (PSA_KEY_TYPE_IS_DH_KEY_PAIR(type)) {
+ append_with_group(&buffer, buffer_size, &required_size,
+ "PSA_KEY_TYPE_DH_KEY_PAIR", 24,
+ PSA_KEY_TYPE_DH_GET_FAMILY(type));
+ } else if (PSA_KEY_TYPE_IS_DH_PUBLIC_KEY(type)) {
+ append_with_group(&buffer, buffer_size, &required_size,
+ "PSA_KEY_TYPE_DH_PUBLIC_KEY", 26,
+ PSA_KEY_TYPE_DH_GET_FAMILY(type));
+ } else {
+ return snprintf(buffer, buffer_size,
+ "0x%04x", (unsigned) type);
+ }
+ break;
+ }
+ buffer[0] = 0;
+ return (int) required_size;
+}
+
+#define NO_LENGTH_MODIFIER 0xfffffffflu
+static int psa_snprint_algorithm(char *buffer, size_t buffer_size,
+ psa_algorithm_t alg)
+{
+ size_t required_size = 0;
+ psa_algorithm_t core_alg = alg;
+ unsigned long length_modifier = NO_LENGTH_MODIFIER;
+ if (PSA_ALG_IS_MAC(alg)) {
+ core_alg = PSA_ALG_TRUNCATED_MAC(alg, 0);
+ if (alg & PSA_ALG_MAC_AT_LEAST_THIS_LENGTH_FLAG) {
+ append(&buffer, buffer_size, &required_size,
+ "PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(", 33);
+ length_modifier = PSA_MAC_TRUNCATED_LENGTH(alg);
+ } else if (core_alg != alg) {
+ append(&buffer, buffer_size, &required_size,
+ "PSA_ALG_TRUNCATED_MAC(", 22);
+ length_modifier = PSA_MAC_TRUNCATED_LENGTH(alg);
+ }
+ } else if (PSA_ALG_IS_AEAD(alg)) {
+ core_alg = PSA_ALG_AEAD_WITH_DEFAULT_LENGTH_TAG(alg);
+ if (core_alg == 0) {
+ /* For unknown AEAD algorithms, there is no "default tag length". */
+ core_alg = alg;
+ } else if (alg & PSA_ALG_AEAD_AT_LEAST_THIS_LENGTH_FLAG) {
+ append(&buffer, buffer_size, &required_size,
+ "PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG(", 43);
+ length_modifier = PSA_ALG_AEAD_GET_TAG_LENGTH(alg);
+ } else if (core_alg != alg) {
+ append(&buffer, buffer_size, &required_size,
+ "PSA_ALG_AEAD_WITH_SHORTENED_TAG(", 32);
+ length_modifier = PSA_ALG_AEAD_GET_TAG_LENGTH(alg);
+ }
+ } else if (PSA_ALG_IS_KEY_AGREEMENT(alg) &&
+ !PSA_ALG_IS_RAW_KEY_AGREEMENT(alg)) {
+ core_alg = PSA_ALG_KEY_AGREEMENT_GET_KDF(alg);
+ append(&buffer, buffer_size, &required_size,
+ "PSA_ALG_KEY_AGREEMENT(", 22);
+ append_with_alg(&buffer, buffer_size, &required_size,
+ psa_ka_algorithm_name,
+ PSA_ALG_KEY_AGREEMENT_GET_BASE(alg));
+ append(&buffer, buffer_size, &required_size, ", ", 2);
+ }
+ switch (core_alg) {
+ case PSA_ALG_ANY_HASH: append(&buffer, buffer_size, &required_size, "PSA_ALG_ANY_HASH", 16); break;
+ case PSA_ALG_CATEGORY_AEAD: append(&buffer, buffer_size, &required_size, "PSA_ALG_CATEGORY_AEAD", 21); break;
+ case PSA_ALG_CATEGORY_ASYMMETRIC_ENCRYPTION: append(&buffer, buffer_size, &required_size, "PSA_ALG_CATEGORY_ASYMMETRIC_ENCRYPTION", 38); break;
+ case PSA_ALG_CATEGORY_CIPHER: append(&buffer, buffer_size, &required_size, "PSA_ALG_CATEGORY_CIPHER", 23); break;
+ case PSA_ALG_CATEGORY_HASH: append(&buffer, buffer_size, &required_size, "PSA_ALG_CATEGORY_HASH", 21); break;
+ case PSA_ALG_CATEGORY_KEY_AGREEMENT: append(&buffer, buffer_size, &required_size, "PSA_ALG_CATEGORY_KEY_AGREEMENT", 30); break;
+ case PSA_ALG_CATEGORY_KEY_DERIVATION: append(&buffer, buffer_size, &required_size, "PSA_ALG_CATEGORY_KEY_DERIVATION", 31); break;
+ case PSA_ALG_CATEGORY_MAC: append(&buffer, buffer_size, &required_size, "PSA_ALG_CATEGORY_MAC", 20); break;
+ case PSA_ALG_CATEGORY_PAKE: append(&buffer, buffer_size, &required_size, "PSA_ALG_CATEGORY_PAKE", 21); break;
+ case PSA_ALG_CATEGORY_SIGN: append(&buffer, buffer_size, &required_size, "PSA_ALG_CATEGORY_SIGN", 21); break;
+ case PSA_ALG_CBC_MAC: append(&buffer, buffer_size, &required_size, "PSA_ALG_CBC_MAC", 15); break;
+ case PSA_ALG_CBC_NO_PADDING: append(&buffer, buffer_size, &required_size, "PSA_ALG_CBC_NO_PADDING", 22); break;
+ case PSA_ALG_CBC_PKCS7: append(&buffer, buffer_size, &required_size, "PSA_ALG_CBC_PKCS7", 17); break;
+ case PSA_ALG_CCM: append(&buffer, buffer_size, &required_size, "PSA_ALG_CCM", 11); break;
+ case PSA_ALG_CCM_STAR_NO_TAG: append(&buffer, buffer_size, &required_size, "PSA_ALG_CCM_STAR_NO_TAG", 23); break;
+ case PSA_ALG_CFB: append(&buffer, buffer_size, &required_size, "PSA_ALG_CFB", 11); break;
+ case PSA_ALG_CHACHA20_POLY1305: append(&buffer, buffer_size, &required_size, "PSA_ALG_CHACHA20_POLY1305", 25); break;
+ case PSA_ALG_CIPHER_MAC_BASE: append(&buffer, buffer_size, &required_size, "PSA_ALG_CIPHER_MAC_BASE", 23); break;
+ case PSA_ALG_CMAC: append(&buffer, buffer_size, &required_size, "PSA_ALG_CMAC", 12); break;
+ case PSA_ALG_CTR: append(&buffer, buffer_size, &required_size, "PSA_ALG_CTR", 11); break;
+ case PSA_ALG_DETERMINISTIC_DSA_BASE: append(&buffer, buffer_size, &required_size, "PSA_ALG_DETERMINISTIC_DSA_BASE", 30); break;
+ case PSA_ALG_DETERMINISTIC_ECDSA_BASE: append(&buffer, buffer_size, &required_size, "PSA_ALG_DETERMINISTIC_ECDSA_BASE", 32); break;
+ case PSA_ALG_DSA_BASE: append(&buffer, buffer_size, &required_size, "PSA_ALG_DSA_BASE", 16); break;
+ case PSA_ALG_ECB_NO_PADDING: append(&buffer, buffer_size, &required_size, "PSA_ALG_ECB_NO_PADDING", 22); break;
+ case PSA_ALG_ECDH: append(&buffer, buffer_size, &required_size, "PSA_ALG_ECDH", 12); break;
+ case PSA_ALG_ECDSA_ANY: append(&buffer, buffer_size, &required_size, "PSA_ALG_ECDSA_ANY", 17); break;
+ case PSA_ALG_ED25519PH: append(&buffer, buffer_size, &required_size, "PSA_ALG_ED25519PH", 17); break;
+ case PSA_ALG_ED448PH: append(&buffer, buffer_size, &required_size, "PSA_ALG_ED448PH", 15); break;
+ case PSA_ALG_FFDH: append(&buffer, buffer_size, &required_size, "PSA_ALG_FFDH", 12); break;
+ case PSA_ALG_GCM: append(&buffer, buffer_size, &required_size, "PSA_ALG_GCM", 11); break;
+ case PSA_ALG_HASH_EDDSA_BASE: append(&buffer, buffer_size, &required_size, "PSA_ALG_HASH_EDDSA_BASE", 23); break;
+ case PSA_ALG_HKDF_BASE: append(&buffer, buffer_size, &required_size, "PSA_ALG_HKDF_BASE", 17); break;
+ case PSA_ALG_HKDF_EXPAND_BASE: append(&buffer, buffer_size, &required_size, "PSA_ALG_HKDF_EXPAND_BASE", 24); break;
+ case PSA_ALG_HKDF_EXTRACT_BASE: append(&buffer, buffer_size, &required_size, "PSA_ALG_HKDF_EXTRACT_BASE", 25); break;
+ case PSA_ALG_HMAC_BASE: append(&buffer, buffer_size, &required_size, "PSA_ALG_HMAC_BASE", 17); break;
+ case PSA_ALG_JPAKE: append(&buffer, buffer_size, &required_size, "PSA_ALG_JPAKE", 13); break;
+ case PSA_ALG_MD5: append(&buffer, buffer_size, &required_size, "PSA_ALG_MD5", 11); break;
+ case PSA_ALG_NONE: append(&buffer, buffer_size, &required_size, "PSA_ALG_NONE", 12); break;
+ case PSA_ALG_OFB: append(&buffer, buffer_size, &required_size, "PSA_ALG_OFB", 11); break;
+ case PSA_ALG_PBKDF2_AES_CMAC_PRF_128: append(&buffer, buffer_size, &required_size, "PSA_ALG_PBKDF2_AES_CMAC_PRF_128", 31); break;
+ case PSA_ALG_PBKDF2_HMAC_BASE: append(&buffer, buffer_size, &required_size, "PSA_ALG_PBKDF2_HMAC_BASE", 24); break;
+ case PSA_ALG_PURE_EDDSA: append(&buffer, buffer_size, &required_size, "PSA_ALG_PURE_EDDSA", 18); break;
+ case PSA_ALG_RIPEMD160: append(&buffer, buffer_size, &required_size, "PSA_ALG_RIPEMD160", 17); break;
+ case PSA_ALG_RSA_OAEP_BASE: append(&buffer, buffer_size, &required_size, "PSA_ALG_RSA_OAEP_BASE", 21); break;
+ case PSA_ALG_RSA_PKCS1V15_CRYPT: append(&buffer, buffer_size, &required_size, "PSA_ALG_RSA_PKCS1V15_CRYPT", 26); break;
+ case PSA_ALG_RSA_PKCS1V15_SIGN_RAW: append(&buffer, buffer_size, &required_size, "PSA_ALG_RSA_PKCS1V15_SIGN_RAW", 29); break;
+ case PSA_ALG_RSA_PSS_ANY_SALT_BASE: append(&buffer, buffer_size, &required_size, "PSA_ALG_RSA_PSS_ANY_SALT_BASE", 29); break;
+ case PSA_ALG_RSA_PSS_BASE: append(&buffer, buffer_size, &required_size, "PSA_ALG_RSA_PSS_BASE", 20); break;
+ case PSA_ALG_SHA3_224: append(&buffer, buffer_size, &required_size, "PSA_ALG_SHA3_224", 16); break;
+ case PSA_ALG_SHA3_256: append(&buffer, buffer_size, &required_size, "PSA_ALG_SHA3_256", 16); break;
+ case PSA_ALG_SHA3_384: append(&buffer, buffer_size, &required_size, "PSA_ALG_SHA3_384", 16); break;
+ case PSA_ALG_SHA3_512: append(&buffer, buffer_size, &required_size, "PSA_ALG_SHA3_512", 16); break;
+ case PSA_ALG_SHAKE256_512: append(&buffer, buffer_size, &required_size, "PSA_ALG_SHAKE256_512", 20); break;
+ case PSA_ALG_SHA_1: append(&buffer, buffer_size, &required_size, "PSA_ALG_SHA_1", 13); break;
+ case PSA_ALG_SHA_224: append(&buffer, buffer_size, &required_size, "PSA_ALG_SHA_224", 15); break;
+ case PSA_ALG_SHA_256: append(&buffer, buffer_size, &required_size, "PSA_ALG_SHA_256", 15); break;
+ case PSA_ALG_SHA_384: append(&buffer, buffer_size, &required_size, "PSA_ALG_SHA_384", 15); break;
+ case PSA_ALG_SHA_512: append(&buffer, buffer_size, &required_size, "PSA_ALG_SHA_512", 15); break;
+ case PSA_ALG_SHA_512_224: append(&buffer, buffer_size, &required_size, "PSA_ALG_SHA_512_224", 19); break;
+ case PSA_ALG_SHA_512_256: append(&buffer, buffer_size, &required_size, "PSA_ALG_SHA_512_256", 19); break;
+ case PSA_ALG_STREAM_CIPHER: append(&buffer, buffer_size, &required_size, "PSA_ALG_STREAM_CIPHER", 21); break;
+ case PSA_ALG_TLS12_ECJPAKE_TO_PMS: append(&buffer, buffer_size, &required_size, "PSA_ALG_TLS12_ECJPAKE_TO_PMS", 28); break;
+ case PSA_ALG_TLS12_PRF_BASE: append(&buffer, buffer_size, &required_size, "PSA_ALG_TLS12_PRF_BASE", 22); break;
+ case PSA_ALG_TLS12_PSK_TO_MS_BASE: append(&buffer, buffer_size, &required_size, "PSA_ALG_TLS12_PSK_TO_MS_BASE", 28); break;
+ case PSA_ALG_XTS: append(&buffer, buffer_size, &required_size, "PSA_ALG_XTS", 11); break;
+ default:
+ if (PSA_ALG_IS_DETERMINISTIC_DSA(core_alg)) {
+ append(&buffer, buffer_size, &required_size,
+ "PSA_ALG_DETERMINISTIC_DSA(", 25 + 1);
+ append_with_alg(&buffer, buffer_size, &required_size,
+ psa_hash_algorithm_name,
+ PSA_ALG_GET_HASH(core_alg));
+ append(&buffer, buffer_size, &required_size, ")", 1);
+ } else if (PSA_ALG_IS_DETERMINISTIC_ECDSA(core_alg)) {
+ append(&buffer, buffer_size, &required_size,
+ "PSA_ALG_DETERMINISTIC_ECDSA(", 27 + 1);
+ append_with_alg(&buffer, buffer_size, &required_size,
+ psa_hash_algorithm_name,
+ PSA_ALG_GET_HASH(core_alg));
+ append(&buffer, buffer_size, &required_size, ")", 1);
+ } else if (PSA_ALG_IS_RANDOMIZED_DSA(core_alg)) {
+ append(&buffer, buffer_size, &required_size,
+ "PSA_ALG_DSA(", 11 + 1);
+ append_with_alg(&buffer, buffer_size, &required_size,
+ psa_hash_algorithm_name,
+ PSA_ALG_GET_HASH(core_alg));
+ append(&buffer, buffer_size, &required_size, ")", 1);
+ } else if (PSA_ALG_IS_RANDOMIZED_ECDSA(core_alg)) {
+ append(&buffer, buffer_size, &required_size,
+ "PSA_ALG_ECDSA(", 13 + 1);
+ append_with_alg(&buffer, buffer_size, &required_size,
+ psa_hash_algorithm_name,
+ PSA_ALG_GET_HASH(core_alg));
+ append(&buffer, buffer_size, &required_size, ")", 1);
+ } else if (PSA_ALG_IS_HKDF(core_alg)) {
+ append(&buffer, buffer_size, &required_size,
+ "PSA_ALG_HKDF(", 12 + 1);
+ append_with_alg(&buffer, buffer_size, &required_size,
+ psa_hash_algorithm_name,
+ PSA_ALG_GET_HASH(core_alg));
+ append(&buffer, buffer_size, &required_size, ")", 1);
+ } else if (PSA_ALG_IS_HKDF_EXPAND(core_alg)) {
+ append(&buffer, buffer_size, &required_size,
+ "PSA_ALG_HKDF_EXPAND(", 19 + 1);
+ append_with_alg(&buffer, buffer_size, &required_size,
+ psa_hash_algorithm_name,
+ PSA_ALG_GET_HASH(core_alg));
+ append(&buffer, buffer_size, &required_size, ")", 1);
+ } else if (PSA_ALG_IS_HKDF_EXTRACT(core_alg)) {
+ append(&buffer, buffer_size, &required_size,
+ "PSA_ALG_HKDF_EXTRACT(", 20 + 1);
+ append_with_alg(&buffer, buffer_size, &required_size,
+ psa_hash_algorithm_name,
+ PSA_ALG_GET_HASH(core_alg));
+ append(&buffer, buffer_size, &required_size, ")", 1);
+ } else if (PSA_ALG_IS_HMAC(core_alg)) {
+ append(&buffer, buffer_size, &required_size,
+ "PSA_ALG_HMAC(", 12 + 1);
+ append_with_alg(&buffer, buffer_size, &required_size,
+ psa_hash_algorithm_name,
+ PSA_ALG_GET_HASH(core_alg));
+ append(&buffer, buffer_size, &required_size, ")", 1);
+ } else if (PSA_ALG_IS_PBKDF2_HMAC(core_alg)) {
+ append(&buffer, buffer_size, &required_size,
+ "PSA_ALG_PBKDF2_HMAC(", 19 + 1);
+ append_with_alg(&buffer, buffer_size, &required_size,
+ psa_hash_algorithm_name,
+ PSA_ALG_GET_HASH(core_alg));
+ append(&buffer, buffer_size, &required_size, ")", 1);
+ } else if (PSA_ALG_IS_RSA_OAEP(core_alg)) {
+ append(&buffer, buffer_size, &required_size,
+ "PSA_ALG_RSA_OAEP(", 16 + 1);
+ append_with_alg(&buffer, buffer_size, &required_size,
+ psa_hash_algorithm_name,
+ PSA_ALG_GET_HASH(core_alg));
+ append(&buffer, buffer_size, &required_size, ")", 1);
+ } else if (PSA_ALG_IS_RSA_PKCS1V15_SIGN(core_alg)) {
+ append(&buffer, buffer_size, &required_size,
+ "PSA_ALG_RSA_PKCS1V15_SIGN(", 25 + 1);
+ append_with_alg(&buffer, buffer_size, &required_size,
+ psa_hash_algorithm_name,
+ PSA_ALG_GET_HASH(core_alg));
+ append(&buffer, buffer_size, &required_size, ")", 1);
+ } else if (PSA_ALG_IS_RSA_PSS_STANDARD_SALT(core_alg)) {
+ append(&buffer, buffer_size, &required_size,
+ "PSA_ALG_RSA_PSS(", 15 + 1);
+ append_with_alg(&buffer, buffer_size, &required_size,
+ psa_hash_algorithm_name,
+ PSA_ALG_GET_HASH(core_alg));
+ append(&buffer, buffer_size, &required_size, ")", 1);
+ } else if (PSA_ALG_IS_RSA_PSS_ANY_SALT(core_alg)) {
+ append(&buffer, buffer_size, &required_size,
+ "PSA_ALG_RSA_PSS_ANY_SALT(", 24 + 1);
+ append_with_alg(&buffer, buffer_size, &required_size,
+ psa_hash_algorithm_name,
+ PSA_ALG_GET_HASH(core_alg));
+ append(&buffer, buffer_size, &required_size, ")", 1);
+ } else if (PSA_ALG_IS_TLS12_PRF(core_alg)) {
+ append(&buffer, buffer_size, &required_size,
+ "PSA_ALG_TLS12_PRF(", 17 + 1);
+ append_with_alg(&buffer, buffer_size, &required_size,
+ psa_hash_algorithm_name,
+ PSA_ALG_GET_HASH(core_alg));
+ append(&buffer, buffer_size, &required_size, ")", 1);
+ } else if (PSA_ALG_IS_TLS12_PSK_TO_MS(core_alg)) {
+ append(&buffer, buffer_size, &required_size,
+ "PSA_ALG_TLS12_PSK_TO_MS(", 23 + 1);
+ append_with_alg(&buffer, buffer_size, &required_size,
+ psa_hash_algorithm_name,
+ PSA_ALG_GET_HASH(core_alg));
+ append(&buffer, buffer_size, &required_size, ")", 1);
+ } else {
+ append_integer(&buffer, buffer_size, &required_size,
+ "0x%08lx", (unsigned long) core_alg);
+ }
+ break;
+ }
+ if (core_alg != alg) {
+ if (length_modifier != NO_LENGTH_MODIFIER) {
+ append(&buffer, buffer_size, &required_size, ", ", 2);
+ append_integer(&buffer, buffer_size, &required_size,
+ "%lu", length_modifier);
+ }
+ append(&buffer, buffer_size, &required_size, ")", 1);
+ }
+ buffer[0] = 0;
+ return (int) required_size;
+}
+
+static int psa_snprint_key_usage(char *buffer, size_t buffer_size,
+ psa_key_usage_t usage)
+{
+ size_t required_size = 0;
+ if (usage == 0) {
+ if (buffer_size > 1) {
+ buffer[0] = '0';
+ buffer[1] = 0;
+ } else if (buffer_size == 1) {
+ buffer[0] = 0;
+ }
+ return 1;
+ }
+ if (usage & PSA_KEY_USAGE_COPY) {
+ if (required_size != 0) {
+ append(&buffer, buffer_size, &required_size, " | ", 3);
+ }
+ append(&buffer, buffer_size, &required_size, "PSA_KEY_USAGE_COPY", 18);
+ usage ^= PSA_KEY_USAGE_COPY;
+ }
+ if (usage & PSA_KEY_USAGE_DECRYPT) {
+ if (required_size != 0) {
+ append(&buffer, buffer_size, &required_size, " | ", 3);
+ }
+ append(&buffer, buffer_size, &required_size, "PSA_KEY_USAGE_DECRYPT", 21);
+ usage ^= PSA_KEY_USAGE_DECRYPT;
+ }
+ if (usage & PSA_KEY_USAGE_DERIVE) {
+ if (required_size != 0) {
+ append(&buffer, buffer_size, &required_size, " | ", 3);
+ }
+ append(&buffer, buffer_size, &required_size, "PSA_KEY_USAGE_DERIVE", 20);
+ usage ^= PSA_KEY_USAGE_DERIVE;
+ }
+ if (usage & PSA_KEY_USAGE_ENCRYPT) {
+ if (required_size != 0) {
+ append(&buffer, buffer_size, &required_size, " | ", 3);
+ }
+ append(&buffer, buffer_size, &required_size, "PSA_KEY_USAGE_ENCRYPT", 21);
+ usage ^= PSA_KEY_USAGE_ENCRYPT;
+ }
+ if (usage & PSA_KEY_USAGE_EXPORT) {
+ if (required_size != 0) {
+ append(&buffer, buffer_size, &required_size, " | ", 3);
+ }
+ append(&buffer, buffer_size, &required_size, "PSA_KEY_USAGE_EXPORT", 20);
+ usage ^= PSA_KEY_USAGE_EXPORT;
+ }
+ if (usage & PSA_KEY_USAGE_SIGN_HASH) {
+ if (required_size != 0) {
+ append(&buffer, buffer_size, &required_size, " | ", 3);
+ }
+ append(&buffer, buffer_size, &required_size, "PSA_KEY_USAGE_SIGN_HASH", 23);
+ usage ^= PSA_KEY_USAGE_SIGN_HASH;
+ }
+ if (usage & PSA_KEY_USAGE_SIGN_MESSAGE) {
+ if (required_size != 0) {
+ append(&buffer, buffer_size, &required_size, " | ", 3);
+ }
+ append(&buffer, buffer_size, &required_size, "PSA_KEY_USAGE_SIGN_MESSAGE", 26);
+ usage ^= PSA_KEY_USAGE_SIGN_MESSAGE;
+ }
+ if (usage & PSA_KEY_USAGE_VERIFY_DERIVATION) {
+ if (required_size != 0) {
+ append(&buffer, buffer_size, &required_size, " | ", 3);
+ }
+ append(&buffer, buffer_size, &required_size, "PSA_KEY_USAGE_VERIFY_DERIVATION", 31);
+ usage ^= PSA_KEY_USAGE_VERIFY_DERIVATION;
+ }
+ if (usage & PSA_KEY_USAGE_VERIFY_HASH) {
+ if (required_size != 0) {
+ append(&buffer, buffer_size, &required_size, " | ", 3);
+ }
+ append(&buffer, buffer_size, &required_size, "PSA_KEY_USAGE_VERIFY_HASH", 25);
+ usage ^= PSA_KEY_USAGE_VERIFY_HASH;
+ }
+ if (usage & PSA_KEY_USAGE_VERIFY_MESSAGE) {
+ if (required_size != 0) {
+ append(&buffer, buffer_size, &required_size, " | ", 3);
+ }
+ append(&buffer, buffer_size, &required_size, "PSA_KEY_USAGE_VERIFY_MESSAGE", 28);
+ usage ^= PSA_KEY_USAGE_VERIFY_MESSAGE;
+ }
+ if (usage != 0) {
+ if (required_size != 0) {
+ append(&buffer, buffer_size, &required_size, " | ", 3);
+ }
+ append_integer(&buffer, buffer_size, &required_size,
+ "0x%08lx", (unsigned long) usage);
+ } else {
+ buffer[0] = 0;
+ }
+ return (int) required_size;
+}
+
+/* End of automatically generated file. */
diff --git a/programs/psa/psa_hash.c b/programs/psa/psa_hash.c
new file mode 100644
index 0000000..c5244d6
--- /dev/null
+++ b/programs/psa/psa_hash.c
@@ -0,0 +1,159 @@
+/*
+ * Example computing a SHA-256 hash using the PSA Crypto API
+ *
+ * The example computes the SHA-256 hash of a test string using the
+ * one-shot API call psa_hash_compute() and the using multi-part
+ * operation, which requires psa_hash_setup(), psa_hash_update() and
+ * psa_hash_finish(). The multi-part operation is popular on embedded
+ * devices where a rolling hash needs to be computed.
+ *
+ *
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ */
+
+#include "psa/crypto.h"
+#include <string.h>
+#include <stdio.h>
+#include <stdlib.h>
+
+#include "mbedtls/build_info.h"
+#include "mbedtls/platform.h"
+
+/* Information about hashing with the PSA API can be
+ * found here:
+ * https://arm-software.github.io/psa-api/crypto/1.1/api/ops/hashes.html
+ *
+ * The algorithm used by this demo is SHA 256.
+ * Please see include/psa/crypto_values.h to see the other
+ * algorithms that are supported by Mbed TLS.
+ * If you switch to a different algorithm you will need to update
+ * the hash data in the EXAMPLE_HASH_VALUE macro below. */
+
+#if !defined(MBEDTLS_PSA_CRYPTO_C) || !defined(PSA_WANT_ALG_SHA_256)
+int main(void)
+{
+ mbedtls_printf("MBEDTLS_PSA_CRYPTO_C and PSA_WANT_ALG_SHA_256"
+ "not defined.\r\n");
+ return EXIT_SUCCESS;
+}
+#else
+
+#define HASH_ALG PSA_ALG_SHA_256
+
+const uint8_t sample_message[] = "Hello World!";
+/* sample_message is terminated with a null byte which is not part of
+ * the message itself so we make sure to subtract it in order to get
+ * the message length. */
+const size_t sample_message_length = sizeof(sample_message) - 1;
+
+#define EXPECTED_HASH_VALUE { \
+ 0x7f, 0x83, 0xb1, 0x65, 0x7f, 0xf1, 0xfc, 0x53, 0xb9, 0x2d, 0xc1, 0x81, \
+ 0x48, 0xa1, 0xd6, 0x5d, 0xfc, 0x2d, 0x4b, 0x1f, 0xa3, 0xd6, 0x77, 0x28, \
+ 0x4a, 0xdd, 0xd2, 0x00, 0x12, 0x6d, 0x90, 0x69 \
+}
+
+const uint8_t expected_hash[] = EXPECTED_HASH_VALUE;
+const size_t expected_hash_len = sizeof(expected_hash);
+
+int main(void)
+{
+ psa_status_t status;
+ uint8_t hash[PSA_HASH_LENGTH(HASH_ALG)];
+ size_t hash_length;
+ psa_hash_operation_t hash_operation = PSA_HASH_OPERATION_INIT;
+ psa_hash_operation_t cloned_hash_operation = PSA_HASH_OPERATION_INIT;
+
+ mbedtls_printf("PSA Crypto API: SHA-256 example\n\n");
+
+ status = psa_crypto_init();
+ if (status != PSA_SUCCESS) {
+ mbedtls_printf("psa_crypto_init failed\n");
+ return EXIT_FAILURE;
+ }
+
+ /* Compute hash using multi-part operation */
+ status = psa_hash_setup(&hash_operation, HASH_ALG);
+ if (status == PSA_ERROR_NOT_SUPPORTED) {
+ mbedtls_printf("unknown hash algorithm supplied\n");
+ return EXIT_FAILURE;
+ } else if (status != PSA_SUCCESS) {
+ mbedtls_printf("psa_hash_setup failed\n");
+ return EXIT_FAILURE;
+ }
+
+ status = psa_hash_update(&hash_operation, sample_message, sample_message_length);
+ if (status != PSA_SUCCESS) {
+ mbedtls_printf("psa_hash_update failed\n");
+ goto cleanup;
+ }
+
+ status = psa_hash_clone(&hash_operation, &cloned_hash_operation);
+ if (status != PSA_SUCCESS) {
+ mbedtls_printf("PSA hash clone failed\n");
+ goto cleanup;
+ }
+
+ status = psa_hash_finish(&hash_operation, hash, sizeof(hash), &hash_length);
+ if (status != PSA_SUCCESS) {
+ mbedtls_printf("psa_hash_finish failed\n");
+ goto cleanup;
+ }
+
+ /* Check the result of the operation against the sample */
+ if (hash_length != expected_hash_len ||
+ (memcmp(hash, expected_hash, expected_hash_len) != 0)) {
+ mbedtls_printf("Multi-part hash operation gave the wrong result!\n\n");
+ goto cleanup;
+ }
+
+ status =
+ psa_hash_verify(&cloned_hash_operation, expected_hash,
+ expected_hash_len);
+ if (status != PSA_SUCCESS) {
+ mbedtls_printf("psa_hash_verify failed\n");
+ goto cleanup;
+ } else {
+ mbedtls_printf("Multi-part hash operation successful!\n");
+ }
+
+ /* Clear local variables prior to one-shot hash demo */
+ memset(hash, 0, sizeof(hash));
+ hash_length = 0;
+
+ /* Compute hash using one-shot function call */
+ status = psa_hash_compute(HASH_ALG,
+ sample_message, sample_message_length,
+ hash, sizeof(hash),
+ &hash_length);
+ if (status != PSA_SUCCESS) {
+ mbedtls_printf("psa_hash_compute failed\n");
+ goto cleanup;
+ }
+
+ if (hash_length != expected_hash_len ||
+ (memcmp(hash, expected_hash, expected_hash_len) != 0)) {
+ mbedtls_printf("One-shot hash operation gave the wrong result!\n\n");
+ goto cleanup;
+ }
+
+ mbedtls_printf("One-shot hash operation successful!\n\n");
+
+ /* Print out result */
+ mbedtls_printf("The SHA-256( '%s' ) is: ", sample_message);
+
+ for (size_t j = 0; j < expected_hash_len; j++) {
+ mbedtls_printf("%02x", hash[j]);
+ }
+
+ mbedtls_printf("\n");
+
+ mbedtls_psa_crypto_free();
+ return EXIT_SUCCESS;
+
+cleanup:
+ psa_hash_abort(&hash_operation);
+ psa_hash_abort(&cloned_hash_operation);
+ return EXIT_FAILURE;
+}
+#endif /* !MBEDTLS_PSA_CRYPTO_C || !PSA_WANT_ALG_SHA_256 */
diff --git a/programs/psa/psa_hash_demo.sh b/programs/psa/psa_hash_demo.sh
new file mode 100755
index 0000000..a26697c
--- /dev/null
+++ b/programs/psa/psa_hash_demo.sh
@@ -0,0 +1,20 @@
+#!/bin/sh
+#
+# Copyright The Mbed TLS Contributors
+# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+
+. "${0%/*}/../demo_common.sh"
+
+msg <<'EOF'
+This program demonstrates the use of the PSA cryptography interface to
+compute a SHA-256 hash of a test string using the one-shot API call
+and also using the multi-part operation API.
+EOF
+
+depends_on MBEDTLS_PSA_CRYPTO_C PSA_WANT_ALG_SHA_256
+
+program="${0%/*}"/psa_hash
+
+"$program"
+
+cleanup
diff --git a/programs/random/CMakeLists.txt b/programs/random/CMakeLists.txt
new file mode 100644
index 0000000..5940395
--- /dev/null
+++ b/programs/random/CMakeLists.txt
@@ -0,0 +1,14 @@
+set(executables
+ gen_entropy
+ gen_random_ctr_drbg
+)
+
+foreach(exe IN LISTS executables)
+ add_executable(${exe} ${exe}.c $<TARGET_OBJECTS:mbedtls_test>)
+ target_link_libraries(${exe} ${mbedcrypto_target} ${CMAKE_THREAD_LIBS_INIT})
+ target_include_directories(${exe} PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../tests/include)
+endforeach()
+
+install(TARGETS ${executables}
+ DESTINATION "bin"
+ PERMISSIONS OWNER_READ OWNER_WRITE OWNER_EXECUTE GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE)
diff --git a/programs/random/gen_entropy.c b/programs/random/gen_entropy.c
new file mode 100644
index 0000000..887b2c9
--- /dev/null
+++ b/programs/random/gen_entropy.c
@@ -0,0 +1,75 @@
+/**
+ * \brief Use and generate multiple entropies calls into a file
+ *
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ */
+
+#include "mbedtls/build_info.h"
+
+#include "mbedtls/platform.h"
+
+#if defined(MBEDTLS_ENTROPY_C) && defined(MBEDTLS_FS_IO)
+#include "mbedtls/entropy.h"
+
+#include <stdio.h>
+#endif
+
+#if !defined(MBEDTLS_ENTROPY_C) || !defined(MBEDTLS_FS_IO)
+int main(void)
+{
+ mbedtls_printf("MBEDTLS_ENTROPY_C and/or MBEDTLS_FS_IO not defined.\n");
+ mbedtls_exit(0);
+}
+#else
+
+
+int main(int argc, char *argv[])
+{
+ FILE *f;
+ int i, k, ret = 1;
+ int exit_code = MBEDTLS_EXIT_FAILURE;
+ mbedtls_entropy_context entropy;
+ unsigned char buf[MBEDTLS_ENTROPY_BLOCK_SIZE];
+
+ if (argc < 2) {
+ mbedtls_fprintf(stderr, "usage: %s <output filename>\n", argv[0]);
+ mbedtls_exit(exit_code);
+ }
+
+ if ((f = fopen(argv[1], "wb+")) == NULL) {
+ mbedtls_printf("failed to open '%s' for writing.\n", argv[1]);
+ mbedtls_exit(exit_code);
+ }
+
+ mbedtls_entropy_init(&entropy);
+
+ for (i = 0, k = 768; i < k; i++) {
+ ret = mbedtls_entropy_func(&entropy, buf, sizeof(buf));
+ if (ret != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_entropy_func returned -%04X\n",
+ (unsigned int) ret);
+ goto cleanup;
+ }
+
+ fwrite(buf, 1, sizeof(buf), f);
+
+ mbedtls_printf("Generating %ldkb of data in file '%s'... %04.1f" \
+ "%% done\r",
+ (long) (sizeof(buf) * k / 1024),
+ argv[1],
+ (100 * (float) (i + 1)) / k);
+ fflush(stdout);
+ }
+
+ exit_code = MBEDTLS_EXIT_SUCCESS;
+
+cleanup:
+ mbedtls_printf("\n");
+
+ fclose(f);
+ mbedtls_entropy_free(&entropy);
+
+ mbedtls_exit(exit_code);
+}
+#endif /* MBEDTLS_ENTROPY_C */
diff --git a/programs/random/gen_random_ctr_drbg.c b/programs/random/gen_random_ctr_drbg.c
new file mode 100644
index 0000000..0eecf0a
--- /dev/null
+++ b/programs/random/gen_random_ctr_drbg.c
@@ -0,0 +1,107 @@
+/**
+ * \brief Use and generate random data into a file via the CTR_DBRG based on AES
+ *
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ */
+
+#include "mbedtls/build_info.h"
+
+#include "mbedtls/platform.h"
+
+#if defined(MBEDTLS_CTR_DRBG_C) && defined(MBEDTLS_ENTROPY_C) && \
+ defined(MBEDTLS_FS_IO)
+#include "mbedtls/entropy.h"
+#include "mbedtls/ctr_drbg.h"
+
+#include <stdio.h>
+#endif
+
+#if !defined(MBEDTLS_CTR_DRBG_C) || !defined(MBEDTLS_ENTROPY_C) || \
+ !defined(MBEDTLS_FS_IO)
+int main(void)
+{
+ mbedtls_printf("MBEDTLS_CTR_DRBG_C and/or MBEDTLS_ENTROPY_C and/or MBEDTLS_FS_IO not defined.\n");
+ mbedtls_exit(0);
+}
+#else
+
+
+int main(int argc, char *argv[])
+{
+ FILE *f;
+ int i, k, ret = 1;
+ int exit_code = MBEDTLS_EXIT_FAILURE;
+ mbedtls_ctr_drbg_context ctr_drbg;
+ mbedtls_entropy_context entropy;
+ unsigned char buf[1024];
+
+ mbedtls_ctr_drbg_init(&ctr_drbg);
+
+ if (argc < 2) {
+ mbedtls_fprintf(stderr, "usage: %s <output filename>\n", argv[0]);
+ mbedtls_exit(exit_code);
+ }
+
+ if ((f = fopen(argv[1], "wb+")) == NULL) {
+ mbedtls_printf("failed to open '%s' for writing.\n", argv[1]);
+ mbedtls_exit(exit_code);
+ }
+
+ mbedtls_entropy_init(&entropy);
+ ret = mbedtls_ctr_drbg_seed(&ctr_drbg,
+ mbedtls_entropy_func,
+ &entropy,
+ (const unsigned char *) "RANDOM_GEN",
+ 10);
+ if (ret != 0) {
+ mbedtls_printf("failed in mbedtls_ctr_drbg_seed: %d\n", ret);
+ goto cleanup;
+ }
+ mbedtls_ctr_drbg_set_prediction_resistance(&ctr_drbg, MBEDTLS_CTR_DRBG_PR_OFF);
+
+#if defined(MBEDTLS_FS_IO)
+ ret = mbedtls_ctr_drbg_update_seed_file(&ctr_drbg, "seedfile");
+
+ if (ret == MBEDTLS_ERR_CTR_DRBG_FILE_IO_ERROR) {
+ mbedtls_printf("Failed to open seedfile. Generating one.\n");
+ ret = mbedtls_ctr_drbg_write_seed_file(&ctr_drbg, "seedfile");
+ if (ret != 0) {
+ mbedtls_printf("failed in mbedtls_ctr_drbg_write_seed_file: %d\n", ret);
+ goto cleanup;
+ }
+ } else if (ret != 0) {
+ mbedtls_printf("failed in mbedtls_ctr_drbg_update_seed_file: %d\n", ret);
+ goto cleanup;
+ }
+#endif
+
+ for (i = 0, k = 768; i < k; i++) {
+ ret = mbedtls_ctr_drbg_random(&ctr_drbg, buf, sizeof(buf));
+ if (ret != 0) {
+ mbedtls_printf("failed!\n");
+ goto cleanup;
+ }
+
+ fwrite(buf, 1, sizeof(buf), f);
+
+ mbedtls_printf("Generating %ldkb of data in file '%s'... %04.1f" \
+ "%% done\r",
+ (long) (sizeof(buf) * k / 1024),
+ argv[1],
+ (100 * (float) (i + 1)) / k);
+ fflush(stdout);
+ }
+
+ exit_code = MBEDTLS_EXIT_SUCCESS;
+
+cleanup:
+ mbedtls_printf("\n");
+
+ fclose(f);
+ mbedtls_ctr_drbg_free(&ctr_drbg);
+ mbedtls_entropy_free(&entropy);
+
+ mbedtls_exit(exit_code);
+}
+#endif /* MBEDTLS_CTR_DRBG_C && MBEDTLS_ENTROPY_C */
diff --git a/programs/ssl/CMakeLists.txt b/programs/ssl/CMakeLists.txt
new file mode 100644
index 0000000..ec2c86f
--- /dev/null
+++ b/programs/ssl/CMakeLists.txt
@@ -0,0 +1,61 @@
+find_package(Threads)
+
+set(libs
+ ${mbedtls_target}
+)
+
+set(executables
+ dtls_client
+ dtls_server
+ mini_client
+ ssl_client1
+ ssl_client2
+ ssl_context_info
+ ssl_fork_server
+ ssl_mail_client
+ ssl_server
+ ssl_server2
+)
+
+if(GEN_FILES)
+ # Inform CMake that the following file will be generated as part of the build
+ # process, so it doesn't complain that it doesn't exist yet. Starting from
+ # CMake 3.20, this will no longer be necessary as CMake will automatically
+ # propagate this information across the tree, for now it's only visible
+ # inside the same directory, so we need to propagate manually.
+ set_source_files_properties(
+ ${CMAKE_CURRENT_BINARY_DIR}/../test/query_config.c
+ PROPERTIES GENERATED TRUE)
+endif()
+
+foreach(exe IN LISTS executables)
+ set(extra_sources "")
+ if(exe STREQUAL "ssl_client2" OR exe STREQUAL "ssl_server2")
+ list(APPEND extra_sources
+ ssl_test_lib.c
+ ${CMAKE_CURRENT_SOURCE_DIR}/../test/query_config.h
+ ${CMAKE_CURRENT_BINARY_DIR}/../test/query_config.c)
+ endif()
+ add_executable(${exe} ${exe}.c $<TARGET_OBJECTS:mbedtls_test>
+ ${extra_sources})
+ target_link_libraries(${exe} ${libs} ${CMAKE_THREAD_LIBS_INIT})
+ target_include_directories(${exe} PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../tests/include)
+ if(exe STREQUAL "ssl_client2" OR exe STREQUAL "ssl_server2")
+ if(GEN_FILES)
+ add_dependencies(${exe} generate_query_config_c)
+ endif()
+ target_include_directories(${exe}
+ PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../test)
+ endif()
+endforeach()
+
+if(THREADS_FOUND)
+ add_executable(ssl_pthread_server ssl_pthread_server.c $<TARGET_OBJECTS:mbedtls_test>)
+ target_include_directories(ssl_pthread_server PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../tests/include)
+ target_link_libraries(ssl_pthread_server ${libs} ${CMAKE_THREAD_LIBS_INIT})
+ list(APPEND executables ssl_pthread_server)
+endif(THREADS_FOUND)
+
+install(TARGETS ${executables}
+ DESTINATION "bin"
+ PERMISSIONS OWNER_READ OWNER_WRITE OWNER_EXECUTE GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE)
diff --git a/programs/ssl/dtls_client.c b/programs/ssl/dtls_client.c
new file mode 100644
index 0000000..ddb3c34
--- /dev/null
+++ b/programs/ssl/dtls_client.c
@@ -0,0 +1,342 @@
+/*
+ * Simple DTLS client demonstration program
+ *
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ */
+
+#include "mbedtls/build_info.h"
+
+#include "mbedtls/platform.h"
+
+#if !defined(MBEDTLS_SSL_CLI_C) || !defined(MBEDTLS_SSL_PROTO_DTLS) || \
+ !defined(MBEDTLS_NET_C) || !defined(MBEDTLS_TIMING_C) || \
+ !defined(MBEDTLS_ENTROPY_C) || !defined(MBEDTLS_CTR_DRBG_C) || \
+ !defined(MBEDTLS_X509_CRT_PARSE_C) || !defined(MBEDTLS_RSA_C) || \
+ !defined(MBEDTLS_PEM_PARSE_C)
+int main(void)
+{
+ mbedtls_printf("MBEDTLS_SSL_CLI_C and/or MBEDTLS_SSL_PROTO_DTLS and/or "
+ "MBEDTLS_NET_C and/or MBEDTLS_TIMING_C and/or "
+ "MBEDTLS_ENTROPY_C and/or MBEDTLS_CTR_DRBG_C and/or "
+ "MBEDTLS_X509_CRT_PARSE_C and/or MBEDTLS_RSA_C and/or "
+ "MBEDTLS_PEM_PARSE_C not defined.\n");
+ mbedtls_exit(0);
+}
+#else
+
+#include <string.h>
+
+#include "mbedtls/net_sockets.h"
+#include "mbedtls/debug.h"
+#include "mbedtls/ssl.h"
+#include "mbedtls/entropy.h"
+#include "mbedtls/ctr_drbg.h"
+#include "mbedtls/error.h"
+#include "mbedtls/timing.h"
+#include "test/certs.h"
+
+/* Uncomment out the following line to default to IPv4 and disable IPv6 */
+//#define FORCE_IPV4
+
+#define SERVER_PORT "4433"
+#define SERVER_NAME "localhost"
+
+#ifdef FORCE_IPV4
+#define SERVER_ADDR "127.0.0.1" /* Forces IPv4 */
+#else
+#define SERVER_ADDR "::1"
+#endif
+
+#define MESSAGE "Echo this"
+
+#define READ_TIMEOUT_MS 1000
+#define MAX_RETRY 5
+
+#define DEBUG_LEVEL 0
+
+
+static void my_debug(void *ctx, int level,
+ const char *file, int line,
+ const char *str)
+{
+ ((void) level);
+
+ mbedtls_fprintf((FILE *) ctx, "%s:%04d: %s", file, line, str);
+ fflush((FILE *) ctx);
+}
+
+int main(int argc, char *argv[])
+{
+ int ret, len;
+ mbedtls_net_context server_fd;
+ uint32_t flags;
+ unsigned char buf[1024];
+ const char *pers = "dtls_client";
+ int retry_left = MAX_RETRY;
+
+ mbedtls_entropy_context entropy;
+ mbedtls_ctr_drbg_context ctr_drbg;
+ mbedtls_ssl_context ssl;
+ mbedtls_ssl_config conf;
+ mbedtls_x509_crt cacert;
+ mbedtls_timing_delay_context timer;
+
+ ((void) argc);
+ ((void) argv);
+
+#if defined(MBEDTLS_DEBUG_C)
+ mbedtls_debug_set_threshold(DEBUG_LEVEL);
+#endif
+
+ /*
+ * 0. Initialize the RNG and the session data
+ */
+ mbedtls_net_init(&server_fd);
+ mbedtls_ssl_init(&ssl);
+ mbedtls_ssl_config_init(&conf);
+ mbedtls_x509_crt_init(&cacert);
+ mbedtls_ctr_drbg_init(&ctr_drbg);
+ mbedtls_entropy_init(&entropy);
+
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ psa_status_t status = psa_crypto_init();
+ if (status != PSA_SUCCESS) {
+ mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n",
+ (int) status);
+ ret = MBEDTLS_ERR_SSL_HW_ACCEL_FAILED;
+ goto exit;
+ }
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+
+ mbedtls_printf("\n . Seeding the random number generator...");
+ fflush(stdout);
+
+ if ((ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &entropy,
+ (const unsigned char *) pers,
+ strlen(pers))) != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_ctr_drbg_seed returned %d\n", ret);
+ goto exit;
+ }
+
+ mbedtls_printf(" ok\n");
+
+ /*
+ * 0. Load certificates
+ */
+ mbedtls_printf(" . Loading the CA root certificate ...");
+ fflush(stdout);
+
+ ret = mbedtls_x509_crt_parse(&cacert, (const unsigned char *) mbedtls_test_cas_pem,
+ mbedtls_test_cas_pem_len);
+ if (ret < 0) {
+ mbedtls_printf(" failed\n ! mbedtls_x509_crt_parse returned -0x%x\n\n",
+ (unsigned int) -ret);
+ goto exit;
+ }
+
+ mbedtls_printf(" ok (%d skipped)\n", ret);
+
+ /*
+ * 1. Start the connection
+ */
+ mbedtls_printf(" . Connecting to udp/%s/%s...", SERVER_NAME, SERVER_PORT);
+ fflush(stdout);
+
+ if ((ret = mbedtls_net_connect(&server_fd, SERVER_ADDR,
+ SERVER_PORT, MBEDTLS_NET_PROTO_UDP)) != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_net_connect returned %d\n\n", ret);
+ goto exit;
+ }
+
+ mbedtls_printf(" ok\n");
+
+ /*
+ * 2. Setup stuff
+ */
+ mbedtls_printf(" . Setting up the DTLS structure...");
+ fflush(stdout);
+
+ if ((ret = mbedtls_ssl_config_defaults(&conf,
+ MBEDTLS_SSL_IS_CLIENT,
+ MBEDTLS_SSL_TRANSPORT_DATAGRAM,
+ MBEDTLS_SSL_PRESET_DEFAULT)) != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_ssl_config_defaults returned %d\n\n", ret);
+ goto exit;
+ }
+
+ /* OPTIONAL is usually a bad choice for security, but makes interop easier
+ * in this simplified example, in which the ca chain is hardcoded.
+ * Production code should set a proper ca chain and use REQUIRED. */
+ mbedtls_ssl_conf_authmode(&conf, MBEDTLS_SSL_VERIFY_OPTIONAL);
+ mbedtls_ssl_conf_ca_chain(&conf, &cacert, NULL);
+ mbedtls_ssl_conf_rng(&conf, mbedtls_ctr_drbg_random, &ctr_drbg);
+ mbedtls_ssl_conf_dbg(&conf, my_debug, stdout);
+ mbedtls_ssl_conf_read_timeout(&conf, READ_TIMEOUT_MS);
+
+ if ((ret = mbedtls_ssl_setup(&ssl, &conf)) != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_ssl_setup returned %d\n\n", ret);
+ goto exit;
+ }
+
+ if ((ret = mbedtls_ssl_set_hostname(&ssl, SERVER_NAME)) != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_ssl_set_hostname returned %d\n\n", ret);
+ goto exit;
+ }
+
+ mbedtls_ssl_set_bio(&ssl, &server_fd,
+ mbedtls_net_send, mbedtls_net_recv, mbedtls_net_recv_timeout);
+
+ mbedtls_ssl_set_timer_cb(&ssl, &timer, mbedtls_timing_set_delay,
+ mbedtls_timing_get_delay);
+
+ mbedtls_printf(" ok\n");
+
+ /*
+ * 4. Handshake
+ */
+ mbedtls_printf(" . Performing the DTLS handshake...");
+ fflush(stdout);
+
+ do {
+ ret = mbedtls_ssl_handshake(&ssl);
+ } while (ret == MBEDTLS_ERR_SSL_WANT_READ ||
+ ret == MBEDTLS_ERR_SSL_WANT_WRITE);
+
+ if (ret != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_ssl_handshake returned -0x%x\n\n",
+ (unsigned int) -ret);
+ goto exit;
+ }
+
+ mbedtls_printf(" ok\n");
+
+ /*
+ * 5. Verify the server certificate
+ */
+ mbedtls_printf(" . Verifying peer X.509 certificate...");
+
+ /* In real life, we would have used MBEDTLS_SSL_VERIFY_REQUIRED so that the
+ * handshake would not succeed if the peer's cert is bad. Even if we used
+ * MBEDTLS_SSL_VERIFY_OPTIONAL, we would bail out here if ret != 0 */
+ if ((flags = mbedtls_ssl_get_verify_result(&ssl)) != 0) {
+#if !defined(MBEDTLS_X509_REMOVE_INFO)
+ char vrfy_buf[512];
+#endif
+
+ mbedtls_printf(" failed\n");
+
+#if !defined(MBEDTLS_X509_REMOVE_INFO)
+ mbedtls_x509_crt_verify_info(vrfy_buf, sizeof(vrfy_buf), " ! ", flags);
+
+ mbedtls_printf("%s\n", vrfy_buf);
+#endif
+ } else {
+ mbedtls_printf(" ok\n");
+ }
+
+ /*
+ * 6. Write the echo request
+ */
+send_request:
+ mbedtls_printf(" > Write to server:");
+ fflush(stdout);
+
+ len = sizeof(MESSAGE) - 1;
+
+ do {
+ ret = mbedtls_ssl_write(&ssl, (unsigned char *) MESSAGE, len);
+ } while (ret == MBEDTLS_ERR_SSL_WANT_READ ||
+ ret == MBEDTLS_ERR_SSL_WANT_WRITE);
+
+ if (ret < 0) {
+ mbedtls_printf(" failed\n ! mbedtls_ssl_write returned %d\n\n", ret);
+ goto exit;
+ }
+
+ len = ret;
+ mbedtls_printf(" %d bytes written\n\n%s\n\n", len, MESSAGE);
+
+ /*
+ * 7. Read the echo response
+ */
+ mbedtls_printf(" < Read from server:");
+ fflush(stdout);
+
+ len = sizeof(buf) - 1;
+ memset(buf, 0, sizeof(buf));
+
+ do {
+ ret = mbedtls_ssl_read(&ssl, buf, len);
+ } while (ret == MBEDTLS_ERR_SSL_WANT_READ ||
+ ret == MBEDTLS_ERR_SSL_WANT_WRITE);
+
+ if (ret <= 0) {
+ switch (ret) {
+ case MBEDTLS_ERR_SSL_TIMEOUT:
+ mbedtls_printf(" timeout\n\n");
+ if (retry_left-- > 0) {
+ goto send_request;
+ }
+ goto exit;
+
+ case MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY:
+ mbedtls_printf(" connection was closed gracefully\n");
+ goto close_notify;
+
+ default:
+ mbedtls_printf(" mbedtls_ssl_read returned -0x%x\n\n", (unsigned int) -ret);
+ goto exit;
+ }
+ }
+
+ len = ret;
+ mbedtls_printf(" %d bytes read\n\n%s\n\n", len, buf);
+
+ /*
+ * 8. Done, cleanly close the connection
+ */
+close_notify:
+ mbedtls_printf(" . Closing the connection...");
+
+ /* No error checking, the connection might be closed already */
+ do {
+ ret = mbedtls_ssl_close_notify(&ssl);
+ } while (ret == MBEDTLS_ERR_SSL_WANT_WRITE);
+ ret = 0;
+
+ mbedtls_printf(" done\n");
+
+ /*
+ * 9. Final clean-ups and exit
+ */
+exit:
+
+#ifdef MBEDTLS_ERROR_C
+ if (ret != 0) {
+ char error_buf[100];
+ mbedtls_strerror(ret, error_buf, 100);
+ mbedtls_printf("Last error was: %d - %s\n\n", ret, error_buf);
+ }
+#endif
+
+ mbedtls_net_free(&server_fd);
+ mbedtls_x509_crt_free(&cacert);
+ mbedtls_ssl_free(&ssl);
+ mbedtls_ssl_config_free(&conf);
+ mbedtls_ctr_drbg_free(&ctr_drbg);
+ mbedtls_entropy_free(&entropy);
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ mbedtls_psa_crypto_free();
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+
+ /* Shell can not handle large exit numbers -> 1 for errors */
+ if (ret < 0) {
+ ret = 1;
+ }
+
+ mbedtls_exit(ret);
+}
+#endif /* MBEDTLS_SSL_CLI_C && MBEDTLS_SSL_PROTO_DTLS && MBEDTLS_NET_C &&
+ MBEDTLS_TIMING_C && MBEDTLS_ENTROPY_C && MBEDTLS_CTR_DRBG_C &&
+ MBEDTLS_X509_CRT_PARSE_C && MBEDTLS_RSA_C && MBEDTLS_PEM_PARSE_C */
diff --git a/programs/ssl/dtls_server.c b/programs/ssl/dtls_server.c
new file mode 100644
index 0000000..732625e
--- /dev/null
+++ b/programs/ssl/dtls_server.c
@@ -0,0 +1,408 @@
+/*
+ * Simple DTLS server demonstration program
+ *
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ */
+
+#include "mbedtls/build_info.h"
+
+#include "mbedtls/platform.h"
+
+/* Uncomment out the following line to default to IPv4 and disable IPv6 */
+//#define FORCE_IPV4
+
+#ifdef FORCE_IPV4
+#define BIND_IP "0.0.0.0" /* Forces IPv4 */
+#else
+#define BIND_IP "::"
+#endif
+
+#if !defined(MBEDTLS_SSL_SRV_C) || !defined(MBEDTLS_SSL_PROTO_DTLS) || \
+ !defined(MBEDTLS_SSL_COOKIE_C) || !defined(MBEDTLS_NET_C) || \
+ !defined(MBEDTLS_ENTROPY_C) || !defined(MBEDTLS_CTR_DRBG_C) || \
+ !defined(MBEDTLS_X509_CRT_PARSE_C) || !defined(MBEDTLS_RSA_C) || \
+ !defined(MBEDTLS_PEM_PARSE_C) || !defined(MBEDTLS_TIMING_C)
+
+int main(void)
+{
+ printf("MBEDTLS_SSL_SRV_C and/or MBEDTLS_SSL_PROTO_DTLS and/or "
+ "MBEDTLS_SSL_COOKIE_C and/or MBEDTLS_NET_C and/or "
+ "MBEDTLS_ENTROPY_C and/or MBEDTLS_CTR_DRBG_C and/or "
+ "MBEDTLS_X509_CRT_PARSE_C and/or MBEDTLS_RSA_C and/or "
+ "MBEDTLS_PEM_PARSE_C and/or MBEDTLS_TIMING_C not defined.\n");
+ mbedtls_exit(0);
+}
+#else
+
+#if defined(_WIN32)
+#include <windows.h>
+#endif
+
+#include <string.h>
+#include <stdlib.h>
+#include <stdio.h>
+
+#include "mbedtls/entropy.h"
+#include "mbedtls/ctr_drbg.h"
+#include "mbedtls/x509.h"
+#include "mbedtls/ssl.h"
+#include "mbedtls/ssl_cookie.h"
+#include "mbedtls/net_sockets.h"
+#include "mbedtls/error.h"
+#include "mbedtls/debug.h"
+#include "mbedtls/timing.h"
+
+#include "test/certs.h"
+
+#if defined(MBEDTLS_SSL_CACHE_C)
+#include "mbedtls/ssl_cache.h"
+#endif
+
+#define READ_TIMEOUT_MS 10000 /* 10 seconds */
+#define DEBUG_LEVEL 0
+
+
+static void my_debug(void *ctx, int level,
+ const char *file, int line,
+ const char *str)
+{
+ ((void) level);
+
+ mbedtls_fprintf((FILE *) ctx, "%s:%04d: %s", file, line, str);
+ fflush((FILE *) ctx);
+}
+
+int main(void)
+{
+ int ret, len;
+ mbedtls_net_context listen_fd, client_fd;
+ unsigned char buf[1024];
+ const char *pers = "dtls_server";
+ unsigned char client_ip[16] = { 0 };
+ size_t cliip_len;
+ mbedtls_ssl_cookie_ctx cookie_ctx;
+
+ mbedtls_entropy_context entropy;
+ mbedtls_ctr_drbg_context ctr_drbg;
+ mbedtls_ssl_context ssl;
+ mbedtls_ssl_config conf;
+ mbedtls_x509_crt srvcert;
+ mbedtls_pk_context pkey;
+ mbedtls_timing_delay_context timer;
+#if defined(MBEDTLS_SSL_CACHE_C)
+ mbedtls_ssl_cache_context cache;
+#endif
+
+ mbedtls_net_init(&listen_fd);
+ mbedtls_net_init(&client_fd);
+ mbedtls_ssl_init(&ssl);
+ mbedtls_ssl_config_init(&conf);
+ mbedtls_ssl_cookie_init(&cookie_ctx);
+#if defined(MBEDTLS_SSL_CACHE_C)
+ mbedtls_ssl_cache_init(&cache);
+#endif
+ mbedtls_x509_crt_init(&srvcert);
+ mbedtls_pk_init(&pkey);
+ mbedtls_entropy_init(&entropy);
+ mbedtls_ctr_drbg_init(&ctr_drbg);
+
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ psa_status_t status = psa_crypto_init();
+ if (status != PSA_SUCCESS) {
+ mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n",
+ (int) status);
+ ret = MBEDTLS_ERR_SSL_HW_ACCEL_FAILED;
+ goto exit;
+ }
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+
+#if defined(MBEDTLS_DEBUG_C)
+ mbedtls_debug_set_threshold(DEBUG_LEVEL);
+#endif
+
+ /*
+ * 1. Seed the RNG
+ */
+ printf(" . Seeding the random number generator...");
+ fflush(stdout);
+
+ if ((ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &entropy,
+ (const unsigned char *) pers,
+ strlen(pers))) != 0) {
+ printf(" failed\n ! mbedtls_ctr_drbg_seed returned %d\n", ret);
+ goto exit;
+ }
+
+ printf(" ok\n");
+
+ /*
+ * 2. Load the certificates and private RSA key
+ */
+ printf("\n . Loading the server cert. and key...");
+ fflush(stdout);
+
+ /*
+ * This demonstration program uses embedded test certificates.
+ * Instead, you may want to use mbedtls_x509_crt_parse_file() to read the
+ * server and CA certificates, as well as mbedtls_pk_parse_keyfile().
+ */
+ ret = mbedtls_x509_crt_parse(&srvcert, (const unsigned char *) mbedtls_test_srv_crt,
+ mbedtls_test_srv_crt_len);
+ if (ret != 0) {
+ printf(" failed\n ! mbedtls_x509_crt_parse returned %d\n\n", ret);
+ goto exit;
+ }
+
+ ret = mbedtls_x509_crt_parse(&srvcert, (const unsigned char *) mbedtls_test_cas_pem,
+ mbedtls_test_cas_pem_len);
+ if (ret != 0) {
+ printf(" failed\n ! mbedtls_x509_crt_parse returned %d\n\n", ret);
+ goto exit;
+ }
+
+ ret = mbedtls_pk_parse_key(&pkey,
+ (const unsigned char *) mbedtls_test_srv_key,
+ mbedtls_test_srv_key_len,
+ NULL,
+ 0,
+ mbedtls_ctr_drbg_random,
+ &ctr_drbg);
+ if (ret != 0) {
+ printf(" failed\n ! mbedtls_pk_parse_key returned %d\n\n", ret);
+ goto exit;
+ }
+
+ printf(" ok\n");
+
+ /*
+ * 3. Setup the "listening" UDP socket
+ */
+ printf(" . Bind on udp/*/4433 ...");
+ fflush(stdout);
+
+ if ((ret = mbedtls_net_bind(&listen_fd, BIND_IP, "4433", MBEDTLS_NET_PROTO_UDP)) != 0) {
+ printf(" failed\n ! mbedtls_net_bind returned %d\n\n", ret);
+ goto exit;
+ }
+
+ printf(" ok\n");
+
+ /*
+ * 4. Setup stuff
+ */
+ printf(" . Setting up the DTLS data...");
+ fflush(stdout);
+
+ if ((ret = mbedtls_ssl_config_defaults(&conf,
+ MBEDTLS_SSL_IS_SERVER,
+ MBEDTLS_SSL_TRANSPORT_DATAGRAM,
+ MBEDTLS_SSL_PRESET_DEFAULT)) != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_ssl_config_defaults returned %d\n\n", ret);
+ goto exit;
+ }
+
+ mbedtls_ssl_conf_rng(&conf, mbedtls_ctr_drbg_random, &ctr_drbg);
+ mbedtls_ssl_conf_dbg(&conf, my_debug, stdout);
+ mbedtls_ssl_conf_read_timeout(&conf, READ_TIMEOUT_MS);
+
+#if defined(MBEDTLS_SSL_CACHE_C)
+ mbedtls_ssl_conf_session_cache(&conf, &cache,
+ mbedtls_ssl_cache_get,
+ mbedtls_ssl_cache_set);
+#endif
+
+ mbedtls_ssl_conf_ca_chain(&conf, srvcert.next, NULL);
+ if ((ret = mbedtls_ssl_conf_own_cert(&conf, &srvcert, &pkey)) != 0) {
+ printf(" failed\n ! mbedtls_ssl_conf_own_cert returned %d\n\n", ret);
+ goto exit;
+ }
+
+ if ((ret = mbedtls_ssl_cookie_setup(&cookie_ctx,
+ mbedtls_ctr_drbg_random, &ctr_drbg)) != 0) {
+ printf(" failed\n ! mbedtls_ssl_cookie_setup returned %d\n\n", ret);
+ goto exit;
+ }
+
+ mbedtls_ssl_conf_dtls_cookies(&conf, mbedtls_ssl_cookie_write, mbedtls_ssl_cookie_check,
+ &cookie_ctx);
+
+ if ((ret = mbedtls_ssl_setup(&ssl, &conf)) != 0) {
+ printf(" failed\n ! mbedtls_ssl_setup returned %d\n\n", ret);
+ goto exit;
+ }
+
+ mbedtls_ssl_set_timer_cb(&ssl, &timer, mbedtls_timing_set_delay,
+ mbedtls_timing_get_delay);
+
+ printf(" ok\n");
+
+reset:
+#ifdef MBEDTLS_ERROR_C
+ if (ret != 0) {
+ char error_buf[100];
+ mbedtls_strerror(ret, error_buf, 100);
+ printf("Last error was: %d - %s\n\n", ret, error_buf);
+ }
+#endif
+
+ mbedtls_net_free(&client_fd);
+
+ mbedtls_ssl_session_reset(&ssl);
+
+ /*
+ * 5. Wait until a client connects
+ */
+ printf(" . Waiting for a remote connection ...");
+ fflush(stdout);
+
+ if ((ret = mbedtls_net_accept(&listen_fd, &client_fd,
+ client_ip, sizeof(client_ip), &cliip_len)) != 0) {
+ printf(" failed\n ! mbedtls_net_accept returned %d\n\n", ret);
+ goto exit;
+ }
+
+ /* For HelloVerifyRequest cookies */
+ if ((ret = mbedtls_ssl_set_client_transport_id(&ssl,
+ client_ip, cliip_len)) != 0) {
+ printf(" failed\n ! "
+ "mbedtls_ssl_set_client_transport_id() returned -0x%x\n\n", (unsigned int) -ret);
+ goto exit;
+ }
+
+ mbedtls_ssl_set_bio(&ssl, &client_fd,
+ mbedtls_net_send, mbedtls_net_recv, mbedtls_net_recv_timeout);
+
+ printf(" ok\n");
+
+ /*
+ * 6. Handshake
+ */
+ printf(" . Performing the DTLS handshake...");
+ fflush(stdout);
+
+ do {
+ ret = mbedtls_ssl_handshake(&ssl);
+ } while (ret == MBEDTLS_ERR_SSL_WANT_READ ||
+ ret == MBEDTLS_ERR_SSL_WANT_WRITE);
+
+ if (ret == MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED) {
+ printf(" hello verification requested\n");
+ ret = 0;
+ goto reset;
+ } else if (ret != 0) {
+ printf(" failed\n ! mbedtls_ssl_handshake returned -0x%x\n\n", (unsigned int) -ret);
+ goto reset;
+ }
+
+ printf(" ok\n");
+
+ /*
+ * 7. Read the echo Request
+ */
+ printf(" < Read from client:");
+ fflush(stdout);
+
+ len = sizeof(buf) - 1;
+ memset(buf, 0, sizeof(buf));
+
+ do {
+ ret = mbedtls_ssl_read(&ssl, buf, len);
+ } while (ret == MBEDTLS_ERR_SSL_WANT_READ ||
+ ret == MBEDTLS_ERR_SSL_WANT_WRITE);
+
+ if (ret <= 0) {
+ switch (ret) {
+ case MBEDTLS_ERR_SSL_TIMEOUT:
+ printf(" timeout\n\n");
+ goto reset;
+
+ case MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY:
+ printf(" connection was closed gracefully\n");
+ goto close_notify;
+
+ default:
+ printf(" mbedtls_ssl_read returned -0x%x\n\n", (unsigned int) -ret);
+ goto reset;
+ }
+ }
+
+ len = ret;
+ printf(" %d bytes read\n\n%s\n\n", len, buf);
+
+ /*
+ * 8. Write the 200 Response
+ */
+ printf(" > Write to client:");
+ fflush(stdout);
+
+ do {
+ ret = mbedtls_ssl_write(&ssl, buf, len);
+ } while (ret == MBEDTLS_ERR_SSL_WANT_READ ||
+ ret == MBEDTLS_ERR_SSL_WANT_WRITE);
+
+ if (ret < 0) {
+ printf(" failed\n ! mbedtls_ssl_write returned %d\n\n", ret);
+ goto exit;
+ }
+
+ len = ret;
+ printf(" %d bytes written\n\n%s\n\n", len, buf);
+
+ /*
+ * 9. Done, cleanly close the connection
+ */
+close_notify:
+ printf(" . Closing the connection...");
+
+ /* No error checking, the connection might be closed already */
+ do {
+ ret = mbedtls_ssl_close_notify(&ssl);
+ } while (ret == MBEDTLS_ERR_SSL_WANT_WRITE);
+ ret = 0;
+
+ printf(" done\n");
+
+ goto reset;
+
+ /*
+ * Final clean-ups and exit
+ */
+exit:
+
+#ifdef MBEDTLS_ERROR_C
+ if (ret != 0) {
+ char error_buf[100];
+ mbedtls_strerror(ret, error_buf, 100);
+ printf("Last error was: %d - %s\n\n", ret, error_buf);
+ }
+#endif
+
+ mbedtls_net_free(&client_fd);
+ mbedtls_net_free(&listen_fd);
+
+ mbedtls_x509_crt_free(&srvcert);
+ mbedtls_pk_free(&pkey);
+ mbedtls_ssl_free(&ssl);
+ mbedtls_ssl_config_free(&conf);
+ mbedtls_ssl_cookie_free(&cookie_ctx);
+#if defined(MBEDTLS_SSL_CACHE_C)
+ mbedtls_ssl_cache_free(&cache);
+#endif
+ mbedtls_ctr_drbg_free(&ctr_drbg);
+ mbedtls_entropy_free(&entropy);
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ mbedtls_psa_crypto_free();
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+
+ /* Shell can not handle large exit numbers -> 1 for errors */
+ if (ret < 0) {
+ ret = 1;
+ }
+
+ mbedtls_exit(ret);
+}
+#endif /* MBEDTLS_SSL_SRV_C && MBEDTLS_SSL_PROTO_DTLS &&
+ MBEDTLS_SSL_COOKIE_C && MBEDTLS_NET_C && MBEDTLS_ENTROPY_C &&
+ MBEDTLS_CTR_DRBG_C && MBEDTLS_X509_CRT_PARSE_C && MBEDTLS_RSA_C
+ && MBEDTLS_PEM_PARSE_C && MBEDTLS_TIMING_C */
diff --git a/programs/ssl/mini_client.c b/programs/ssl/mini_client.c
new file mode 100644
index 0000000..6bef208
--- /dev/null
+++ b/programs/ssl/mini_client.c
@@ -0,0 +1,274 @@
+/*
+ * Minimal SSL client, used for memory measurements.
+ * (meant to be used with config-suite-b.h or config-ccm-psk-tls1_2.h)
+ *
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ */
+
+#include "mbedtls/build_info.h"
+
+#include "mbedtls/platform.h"
+
+/*
+ * We're creating and connecting the socket "manually" rather than using the
+ * NET module, in order to avoid the overhead of getaddrinfo() which tends to
+ * dominate memory usage in small configurations. For the sake of simplicity,
+ * only a Unix version is implemented.
+ *
+ * Warning: we are breaking some of the abstractions from the NET layer here.
+ * This is not a good example for general use. This programs has the specific
+ * goal of minimizing use of the libc functions on full-blown OSes.
+ */
+#if defined(unix) || defined(__unix__) || defined(__unix) || defined(__APPLE__)
+#define UNIX
+#endif
+
+#if !defined(MBEDTLS_CTR_DRBG_C) || !defined(MBEDTLS_ENTROPY_C) || \
+ !defined(MBEDTLS_NET_C) || !defined(MBEDTLS_SSL_CLI_C) || \
+ !defined(UNIX)
+
+int main(void)
+{
+ mbedtls_printf("MBEDTLS_CTR_DRBG_C and/or MBEDTLS_ENTROPY_C and/or "
+ "MBEDTLS_NET_C and/or MBEDTLS_SSL_CLI_C and/or UNIX "
+ "not defined.\n");
+ mbedtls_exit(0);
+}
+#else
+
+#include <string.h>
+
+#include "mbedtls/net_sockets.h"
+#include "mbedtls/ssl.h"
+#include "mbedtls/entropy.h"
+#include "mbedtls/ctr_drbg.h"
+
+#include <sys/socket.h>
+#include <netinet/in.h>
+#include <arpa/inet.h>
+
+/*
+ * Hardcoded values for server host and port
+ */
+#define PORT_BE 0x1151 /* 4433 */
+#define PORT_LE 0x5111
+#define ADDR_BE 0x7f000001 /* 127.0.0.1 */
+#define ADDR_LE 0x0100007f
+#define HOSTNAME "localhost" /* for cert verification if enabled */
+
+#define GET_REQUEST "GET / HTTP/1.0\r\n\r\n"
+
+const char *pers = "mini_client";
+
+#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
+const unsigned char psk[] = {
+ 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+ 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f
+};
+const char psk_id[] = "Client_identity";
+#endif
+
+#if defined(MBEDTLS_X509_CRT_PARSE_C)
+/* This is tests/data_files/test-ca2.crt, a CA using EC secp384r1 */
+const unsigned char ca_cert[] = {
+ 0x30, 0x82, 0x02, 0x52, 0x30, 0x82, 0x01, 0xd7, 0xa0, 0x03, 0x02, 0x01,
+ 0x02, 0x02, 0x09, 0x00, 0xc1, 0x43, 0xe2, 0x7e, 0x62, 0x43, 0xcc, 0xe8,
+ 0x30, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, 0x03, 0x02,
+ 0x30, 0x3e, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13,
+ 0x02, 0x4e, 0x4c, 0x31, 0x11, 0x30, 0x0f, 0x06, 0x03, 0x55, 0x04, 0x0a,
+ 0x13, 0x08, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, 0x53, 0x4c, 0x31, 0x1c,
+ 0x30, 0x1a, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x13, 0x50, 0x6f, 0x6c,
+ 0x61, 0x72, 0x73, 0x73, 0x6c, 0x20, 0x54, 0x65, 0x73, 0x74, 0x20, 0x45,
+ 0x43, 0x20, 0x43, 0x41, 0x30, 0x1e, 0x17, 0x0d, 0x31, 0x33, 0x30, 0x39,
+ 0x32, 0x34, 0x31, 0x35, 0x34, 0x39, 0x34, 0x38, 0x5a, 0x17, 0x0d, 0x32,
+ 0x33, 0x30, 0x39, 0x32, 0x32, 0x31, 0x35, 0x34, 0x39, 0x34, 0x38, 0x5a,
+ 0x30, 0x3e, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13,
+ 0x02, 0x4e, 0x4c, 0x31, 0x11, 0x30, 0x0f, 0x06, 0x03, 0x55, 0x04, 0x0a,
+ 0x13, 0x08, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, 0x53, 0x4c, 0x31, 0x1c,
+ 0x30, 0x1a, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x13, 0x50, 0x6f, 0x6c,
+ 0x61, 0x72, 0x73, 0x73, 0x6c, 0x20, 0x54, 0x65, 0x73, 0x74, 0x20, 0x45,
+ 0x43, 0x20, 0x43, 0x41, 0x30, 0x76, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86,
+ 0x48, 0xce, 0x3d, 0x02, 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x22,
+ 0x03, 0x62, 0x00, 0x04, 0xc3, 0xda, 0x2b, 0x34, 0x41, 0x37, 0x58, 0x2f,
+ 0x87, 0x56, 0xfe, 0xfc, 0x89, 0xba, 0x29, 0x43, 0x4b, 0x4e, 0xe0, 0x6e,
+ 0xc3, 0x0e, 0x57, 0x53, 0x33, 0x39, 0x58, 0xd4, 0x52, 0xb4, 0x91, 0x95,
+ 0x39, 0x0b, 0x23, 0xdf, 0x5f, 0x17, 0x24, 0x62, 0x48, 0xfc, 0x1a, 0x95,
+ 0x29, 0xce, 0x2c, 0x2d, 0x87, 0xc2, 0x88, 0x52, 0x80, 0xaf, 0xd6, 0x6a,
+ 0xab, 0x21, 0xdd, 0xb8, 0xd3, 0x1c, 0x6e, 0x58, 0xb8, 0xca, 0xe8, 0xb2,
+ 0x69, 0x8e, 0xf3, 0x41, 0xad, 0x29, 0xc3, 0xb4, 0x5f, 0x75, 0xa7, 0x47,
+ 0x6f, 0xd5, 0x19, 0x29, 0x55, 0x69, 0x9a, 0x53, 0x3b, 0x20, 0xb4, 0x66,
+ 0x16, 0x60, 0x33, 0x1e, 0xa3, 0x81, 0xa0, 0x30, 0x81, 0x9d, 0x30, 0x1d,
+ 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0x9d, 0x6d, 0x20,
+ 0x24, 0x49, 0x01, 0x3f, 0x2b, 0xcb, 0x78, 0xb5, 0x19, 0xbc, 0x7e, 0x24,
+ 0xc9, 0xdb, 0xfb, 0x36, 0x7c, 0x30, 0x6e, 0x06, 0x03, 0x55, 0x1d, 0x23,
+ 0x04, 0x67, 0x30, 0x65, 0x80, 0x14, 0x9d, 0x6d, 0x20, 0x24, 0x49, 0x01,
+ 0x3f, 0x2b, 0xcb, 0x78, 0xb5, 0x19, 0xbc, 0x7e, 0x24, 0xc9, 0xdb, 0xfb,
+ 0x36, 0x7c, 0xa1, 0x42, 0xa4, 0x40, 0x30, 0x3e, 0x31, 0x0b, 0x30, 0x09,
+ 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, 0x30,
+ 0x0f, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x08, 0x50, 0x6f, 0x6c, 0x61,
+ 0x72, 0x53, 0x53, 0x4c, 0x31, 0x1c, 0x30, 0x1a, 0x06, 0x03, 0x55, 0x04,
+ 0x03, 0x13, 0x13, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x73, 0x73, 0x6c, 0x20,
+ 0x54, 0x65, 0x73, 0x74, 0x20, 0x45, 0x43, 0x20, 0x43, 0x41, 0x82, 0x09,
+ 0x00, 0xc1, 0x43, 0xe2, 0x7e, 0x62, 0x43, 0xcc, 0xe8, 0x30, 0x0c, 0x06,
+ 0x03, 0x55, 0x1d, 0x13, 0x04, 0x05, 0x30, 0x03, 0x01, 0x01, 0xff, 0x30,
+ 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, 0x03, 0x02, 0x03,
+ 0x69, 0x00, 0x30, 0x66, 0x02, 0x31, 0x00, 0xc3, 0xb4, 0x62, 0x73, 0x56,
+ 0x28, 0x95, 0x00, 0x7d, 0x78, 0x12, 0x26, 0xd2, 0x71, 0x7b, 0x19, 0xf8,
+ 0x8a, 0x98, 0x3e, 0x92, 0xfe, 0x33, 0x9e, 0xe4, 0x79, 0xd2, 0xfe, 0x7a,
+ 0xb7, 0x87, 0x74, 0x3c, 0x2b, 0xb8, 0xd7, 0x69, 0x94, 0x0b, 0xa3, 0x67,
+ 0x77, 0xb8, 0xb3, 0xbe, 0xd1, 0x36, 0x32, 0x02, 0x31, 0x00, 0xfd, 0x67,
+ 0x9c, 0x94, 0x23, 0x67, 0xc0, 0x56, 0xba, 0x4b, 0x33, 0x15, 0x00, 0xc6,
+ 0xe3, 0xcc, 0x31, 0x08, 0x2c, 0x9c, 0x8b, 0xda, 0xa9, 0x75, 0x23, 0x2f,
+ 0xb8, 0x28, 0xe7, 0xf2, 0x9c, 0x14, 0x3a, 0x40, 0x01, 0x5c, 0xaf, 0x0c,
+ 0xb2, 0xcf, 0x74, 0x7f, 0x30, 0x9f, 0x08, 0x43, 0xad, 0x20,
+};
+#endif /* MBEDTLS_X509_CRT_PARSE_C */
+
+enum exit_codes {
+ exit_ok = 0,
+ ctr_drbg_seed_failed,
+ ssl_config_defaults_failed,
+ ssl_setup_failed,
+ hostname_failed,
+ socket_failed,
+ connect_failed,
+ x509_crt_parse_failed,
+ ssl_handshake_failed,
+ ssl_write_failed,
+};
+
+
+int main(void)
+{
+ int ret = exit_ok;
+ mbedtls_net_context server_fd;
+ struct sockaddr_in addr;
+#if defined(MBEDTLS_X509_CRT_PARSE_C)
+ mbedtls_x509_crt ca;
+#endif
+
+ mbedtls_entropy_context entropy;
+ mbedtls_ctr_drbg_context ctr_drbg;
+ mbedtls_ssl_context ssl;
+ mbedtls_ssl_config conf;
+ mbedtls_ctr_drbg_init(&ctr_drbg);
+
+ /*
+ * 0. Initialize and setup stuff
+ */
+ mbedtls_net_init(&server_fd);
+ mbedtls_ssl_init(&ssl);
+ mbedtls_ssl_config_init(&conf);
+#if defined(MBEDTLS_X509_CRT_PARSE_C)
+ mbedtls_x509_crt_init(&ca);
+#endif
+ mbedtls_entropy_init(&entropy);
+
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ psa_status_t status = psa_crypto_init();
+ if (status != PSA_SUCCESS) {
+ ret = MBEDTLS_ERR_SSL_HW_ACCEL_FAILED;
+ goto exit;
+ }
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+
+ if (mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &entropy,
+ (const unsigned char *) pers, strlen(pers)) != 0) {
+ ret = ctr_drbg_seed_failed;
+ goto exit;
+ }
+
+ if (mbedtls_ssl_config_defaults(&conf,
+ MBEDTLS_SSL_IS_CLIENT,
+ MBEDTLS_SSL_TRANSPORT_STREAM,
+ MBEDTLS_SSL_PRESET_DEFAULT) != 0) {
+ ret = ssl_config_defaults_failed;
+ goto exit;
+ }
+
+ mbedtls_ssl_conf_rng(&conf, mbedtls_ctr_drbg_random, &ctr_drbg);
+
+#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
+ mbedtls_ssl_conf_psk(&conf, psk, sizeof(psk),
+ (const unsigned char *) psk_id, sizeof(psk_id) - 1);
+#endif
+
+#if defined(MBEDTLS_X509_CRT_PARSE_C)
+ if (mbedtls_x509_crt_parse_der(&ca, ca_cert, sizeof(ca_cert)) != 0) {
+ ret = x509_crt_parse_failed;
+ goto exit;
+ }
+
+ mbedtls_ssl_conf_ca_chain(&conf, &ca, NULL);
+ mbedtls_ssl_conf_authmode(&conf, MBEDTLS_SSL_VERIFY_REQUIRED);
+#endif
+
+ if (mbedtls_ssl_setup(&ssl, &conf) != 0) {
+ ret = ssl_setup_failed;
+ goto exit;
+ }
+
+#if defined(MBEDTLS_X509_CRT_PARSE_C)
+ if (mbedtls_ssl_set_hostname(&ssl, HOSTNAME) != 0) {
+ ret = hostname_failed;
+ goto exit;
+ }
+#endif
+
+ /*
+ * 1. Start the connection
+ */
+ memset(&addr, 0, sizeof(addr));
+ addr.sin_family = AF_INET;
+
+ ret = 1; /* for endianness detection */
+ addr.sin_port = *((char *) &ret) == ret ? PORT_LE : PORT_BE;
+ addr.sin_addr.s_addr = *((char *) &ret) == ret ? ADDR_LE : ADDR_BE;
+ ret = 0;
+
+ if ((server_fd.fd = socket(AF_INET, SOCK_STREAM, 0)) < 0) {
+ ret = socket_failed;
+ goto exit;
+ }
+
+ if (connect(server_fd.fd,
+ (const struct sockaddr *) &addr, sizeof(addr)) < 0) {
+ ret = connect_failed;
+ goto exit;
+ }
+
+ mbedtls_ssl_set_bio(&ssl, &server_fd, mbedtls_net_send, mbedtls_net_recv, NULL);
+
+ if (mbedtls_ssl_handshake(&ssl) != 0) {
+ ret = ssl_handshake_failed;
+ goto exit;
+ }
+
+ /*
+ * 2. Write the GET request and close the connection
+ */
+ if (mbedtls_ssl_write(&ssl, (const unsigned char *) GET_REQUEST,
+ sizeof(GET_REQUEST) - 1) <= 0) {
+ ret = ssl_write_failed;
+ goto exit;
+ }
+
+ mbedtls_ssl_close_notify(&ssl);
+
+exit:
+ mbedtls_net_free(&server_fd);
+ mbedtls_ssl_free(&ssl);
+ mbedtls_ssl_config_free(&conf);
+ mbedtls_ctr_drbg_free(&ctr_drbg);
+ mbedtls_entropy_free(&entropy);
+#if defined(MBEDTLS_X509_CRT_PARSE_C)
+ mbedtls_x509_crt_free(&ca);
+#endif
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ mbedtls_psa_crypto_free();
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+
+ mbedtls_exit(ret);
+}
+#endif
diff --git a/programs/ssl/ssl_client1.c b/programs/ssl/ssl_client1.c
new file mode 100644
index 0000000..ee734b1
--- /dev/null
+++ b/programs/ssl/ssl_client1.c
@@ -0,0 +1,288 @@
+/*
+ * SSL client demonstration program
+ *
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ */
+
+#include "mbedtls/build_info.h"
+
+#include "mbedtls/platform.h"
+
+#if !defined(MBEDTLS_BIGNUM_C) || !defined(MBEDTLS_ENTROPY_C) || \
+ !defined(MBEDTLS_SSL_TLS_C) || !defined(MBEDTLS_SSL_CLI_C) || \
+ !defined(MBEDTLS_NET_C) || !defined(MBEDTLS_RSA_C) || \
+ !defined(MBEDTLS_PEM_PARSE_C) || !defined(MBEDTLS_CTR_DRBG_C) || \
+ !defined(MBEDTLS_X509_CRT_PARSE_C)
+int main(void)
+{
+ mbedtls_printf("MBEDTLS_BIGNUM_C and/or MBEDTLS_ENTROPY_C and/or "
+ "MBEDTLS_SSL_TLS_C and/or MBEDTLS_SSL_CLI_C and/or "
+ "MBEDTLS_NET_C and/or MBEDTLS_RSA_C and/or "
+ "MBEDTLS_CTR_DRBG_C and/or MBEDTLS_X509_CRT_PARSE_C "
+ "not defined.\n");
+ mbedtls_exit(0);
+}
+#else
+
+#include "mbedtls/net_sockets.h"
+#include "mbedtls/debug.h"
+#include "mbedtls/ssl.h"
+#include "mbedtls/entropy.h"
+#include "mbedtls/ctr_drbg.h"
+#include "mbedtls/error.h"
+#include "test/certs.h"
+
+#include <string.h>
+
+#define SERVER_PORT "4433"
+#define SERVER_NAME "localhost"
+#define GET_REQUEST "GET / HTTP/1.0\r\n\r\n"
+
+#define DEBUG_LEVEL 1
+
+
+static void my_debug(void *ctx, int level,
+ const char *file, int line,
+ const char *str)
+{
+ ((void) level);
+
+ mbedtls_fprintf((FILE *) ctx, "%s:%04d: %s", file, line, str);
+ fflush((FILE *) ctx);
+}
+
+int main(void)
+{
+ int ret = 1, len;
+ int exit_code = MBEDTLS_EXIT_FAILURE;
+ mbedtls_net_context server_fd;
+ uint32_t flags;
+ unsigned char buf[1024];
+ const char *pers = "ssl_client1";
+
+ mbedtls_entropy_context entropy;
+ mbedtls_ctr_drbg_context ctr_drbg;
+ mbedtls_ssl_context ssl;
+ mbedtls_ssl_config conf;
+ mbedtls_x509_crt cacert;
+
+#if defined(MBEDTLS_DEBUG_C)
+ mbedtls_debug_set_threshold(DEBUG_LEVEL);
+#endif
+
+ /*
+ * 0. Initialize the RNG and the session data
+ */
+ mbedtls_net_init(&server_fd);
+ mbedtls_ssl_init(&ssl);
+ mbedtls_ssl_config_init(&conf);
+ mbedtls_x509_crt_init(&cacert);
+ mbedtls_ctr_drbg_init(&ctr_drbg);
+ mbedtls_entropy_init(&entropy);
+
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ psa_status_t status = psa_crypto_init();
+ if (status != PSA_SUCCESS) {
+ mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n",
+ (int) status);
+ goto exit;
+ }
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+
+ mbedtls_printf("\n . Seeding the random number generator...");
+ fflush(stdout);
+
+
+ if ((ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &entropy,
+ (const unsigned char *) pers,
+ strlen(pers))) != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_ctr_drbg_seed returned %d\n", ret);
+ goto exit;
+ }
+
+ mbedtls_printf(" ok\n");
+
+ /*
+ * 0. Initialize certificates
+ */
+ mbedtls_printf(" . Loading the CA root certificate ...");
+ fflush(stdout);
+
+ ret = mbedtls_x509_crt_parse(&cacert, (const unsigned char *) mbedtls_test_cas_pem,
+ mbedtls_test_cas_pem_len);
+ if (ret < 0) {
+ mbedtls_printf(" failed\n ! mbedtls_x509_crt_parse returned -0x%x\n\n",
+ (unsigned int) -ret);
+ goto exit;
+ }
+
+ mbedtls_printf(" ok (%d skipped)\n", ret);
+
+ /*
+ * 1. Start the connection
+ */
+ mbedtls_printf(" . Connecting to tcp/%s/%s...", SERVER_NAME, SERVER_PORT);
+ fflush(stdout);
+
+ if ((ret = mbedtls_net_connect(&server_fd, SERVER_NAME,
+ SERVER_PORT, MBEDTLS_NET_PROTO_TCP)) != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_net_connect returned %d\n\n", ret);
+ goto exit;
+ }
+
+ mbedtls_printf(" ok\n");
+
+ /*
+ * 2. Setup stuff
+ */
+ mbedtls_printf(" . Setting up the SSL/TLS structure...");
+ fflush(stdout);
+
+ if ((ret = mbedtls_ssl_config_defaults(&conf,
+ MBEDTLS_SSL_IS_CLIENT,
+ MBEDTLS_SSL_TRANSPORT_STREAM,
+ MBEDTLS_SSL_PRESET_DEFAULT)) != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_ssl_config_defaults returned %d\n\n", ret);
+ goto exit;
+ }
+
+ mbedtls_printf(" ok\n");
+
+ /* OPTIONAL is not optimal for security,
+ * but makes interop easier in this simplified example */
+ mbedtls_ssl_conf_authmode(&conf, MBEDTLS_SSL_VERIFY_OPTIONAL);
+ mbedtls_ssl_conf_ca_chain(&conf, &cacert, NULL);
+ mbedtls_ssl_conf_rng(&conf, mbedtls_ctr_drbg_random, &ctr_drbg);
+ mbedtls_ssl_conf_dbg(&conf, my_debug, stdout);
+
+ if ((ret = mbedtls_ssl_setup(&ssl, &conf)) != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_ssl_setup returned %d\n\n", ret);
+ goto exit;
+ }
+
+ if ((ret = mbedtls_ssl_set_hostname(&ssl, SERVER_NAME)) != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_ssl_set_hostname returned %d\n\n", ret);
+ goto exit;
+ }
+
+ mbedtls_ssl_set_bio(&ssl, &server_fd, mbedtls_net_send, mbedtls_net_recv, NULL);
+
+ /*
+ * 4. Handshake
+ */
+ mbedtls_printf(" . Performing the SSL/TLS handshake...");
+ fflush(stdout);
+
+ while ((ret = mbedtls_ssl_handshake(&ssl)) != 0) {
+ if (ret != MBEDTLS_ERR_SSL_WANT_READ && ret != MBEDTLS_ERR_SSL_WANT_WRITE) {
+ mbedtls_printf(" failed\n ! mbedtls_ssl_handshake returned -0x%x\n\n",
+ (unsigned int) -ret);
+ goto exit;
+ }
+ }
+
+ mbedtls_printf(" ok\n");
+
+ /*
+ * 5. Verify the server certificate
+ */
+ mbedtls_printf(" . Verifying peer X.509 certificate...");
+
+ /* In real life, we probably want to bail out when ret != 0 */
+ if ((flags = mbedtls_ssl_get_verify_result(&ssl)) != 0) {
+#if !defined(MBEDTLS_X509_REMOVE_INFO)
+ char vrfy_buf[512];
+#endif
+
+ mbedtls_printf(" failed\n");
+
+#if !defined(MBEDTLS_X509_REMOVE_INFO)
+ mbedtls_x509_crt_verify_info(vrfy_buf, sizeof(vrfy_buf), " ! ", flags);
+
+ mbedtls_printf("%s\n", vrfy_buf);
+#endif
+ } else {
+ mbedtls_printf(" ok\n");
+ }
+
+ /*
+ * 3. Write the GET request
+ */
+ mbedtls_printf(" > Write to server:");
+ fflush(stdout);
+
+ len = sprintf((char *) buf, GET_REQUEST);
+
+ while ((ret = mbedtls_ssl_write(&ssl, buf, len)) <= 0) {
+ if (ret != MBEDTLS_ERR_SSL_WANT_READ && ret != MBEDTLS_ERR_SSL_WANT_WRITE) {
+ mbedtls_printf(" failed\n ! mbedtls_ssl_write returned %d\n\n", ret);
+ goto exit;
+ }
+ }
+
+ len = ret;
+ mbedtls_printf(" %d bytes written\n\n%s", len, (char *) buf);
+
+ /*
+ * 7. Read the HTTP response
+ */
+ mbedtls_printf(" < Read from server:");
+ fflush(stdout);
+
+ do {
+ len = sizeof(buf) - 1;
+ memset(buf, 0, sizeof(buf));
+ ret = mbedtls_ssl_read(&ssl, buf, len);
+
+ if (ret == MBEDTLS_ERR_SSL_WANT_READ || ret == MBEDTLS_ERR_SSL_WANT_WRITE) {
+ continue;
+ }
+
+ if (ret == MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY) {
+ break;
+ }
+
+ if (ret < 0) {
+ mbedtls_printf("failed\n ! mbedtls_ssl_read returned %d\n\n", ret);
+ break;
+ }
+
+ if (ret == 0) {
+ mbedtls_printf("\n\nEOF\n\n");
+ break;
+ }
+
+ len = ret;
+ mbedtls_printf(" %d bytes read\n\n%s", len, (char *) buf);
+ } while (1);
+
+ mbedtls_ssl_close_notify(&ssl);
+
+ exit_code = MBEDTLS_EXIT_SUCCESS;
+
+exit:
+
+#ifdef MBEDTLS_ERROR_C
+ if (exit_code != MBEDTLS_EXIT_SUCCESS) {
+ char error_buf[100];
+ mbedtls_strerror(ret, error_buf, 100);
+ mbedtls_printf("Last error was: %d - %s\n\n", ret, error_buf);
+ }
+#endif
+
+ mbedtls_net_free(&server_fd);
+ mbedtls_x509_crt_free(&cacert);
+ mbedtls_ssl_free(&ssl);
+ mbedtls_ssl_config_free(&conf);
+ mbedtls_ctr_drbg_free(&ctr_drbg);
+ mbedtls_entropy_free(&entropy);
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ mbedtls_psa_crypto_free();
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+
+ mbedtls_exit(exit_code);
+}
+#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_ENTROPY_C && MBEDTLS_SSL_TLS_C &&
+ MBEDTLS_SSL_CLI_C && MBEDTLS_NET_C && MBEDTLS_RSA_C &&
+ MBEDTLS_PEM_PARSE_C && MBEDTLS_CTR_DRBG_C && MBEDTLS_X509_CRT_PARSE_C */
diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c
new file mode 100644
index 0000000..43133d9
--- /dev/null
+++ b/programs/ssl/ssl_client2.c
@@ -0,0 +1,3230 @@
+/*
+ * SSL client with certificate authentication
+ *
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ */
+
+#define MBEDTLS_ALLOW_PRIVATE_ACCESS
+
+#include "ssl_test_lib.h"
+
+#if defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3)
+#include "test/psa_crypto_helpers.h"
+#endif /* MBEDTLS_USE_PSA_CRYPTO || MBEDTLS_SSL_PROTO_TLS1_3 */
+
+#if defined(MBEDTLS_SSL_TEST_IMPOSSIBLE)
+int main(void)
+{
+ mbedtls_printf(MBEDTLS_SSL_TEST_IMPOSSIBLE);
+ mbedtls_exit(0);
+}
+#elif !defined(MBEDTLS_SSL_CLI_C)
+int main(void)
+{
+ mbedtls_printf("MBEDTLS_SSL_CLI_C not defined.\n");
+ mbedtls_exit(0);
+}
+#else /* !MBEDTLS_SSL_TEST_IMPOSSIBLE && MBEDTLS_SSL_CLI_C */
+
+/* Size of memory to be allocated for the heap, when using the library's memory
+ * management and MBEDTLS_MEMORY_BUFFER_ALLOC_C is enabled. */
+#define MEMORY_HEAP_SIZE 120000
+
+#define MAX_REQUEST_SIZE 20000
+#define MAX_REQUEST_SIZE_STR "20000"
+
+#define DFL_SERVER_NAME "localhost"
+#define DFL_SERVER_ADDR NULL
+#define DFL_SERVER_PORT "4433"
+#define DFL_REQUEST_PAGE "/"
+#define DFL_REQUEST_SIZE -1
+#define DFL_DEBUG_LEVEL 0
+#define DFL_CONTEXT_CRT_CB 0
+#define DFL_NBIO 0
+#define DFL_EVENT 0
+#define DFL_READ_TIMEOUT 0
+#define DFL_MAX_RESEND 0
+#define DFL_CA_FILE ""
+#define DFL_CA_PATH ""
+#define DFL_CRT_FILE ""
+#define DFL_KEY_FILE ""
+#define DFL_KEY_OPAQUE 0
+#define DFL_KEY_PWD ""
+#define DFL_PSK ""
+#define DFL_EARLY_DATA -1
+#define DFL_PSK_OPAQUE 0
+#define DFL_PSK_IDENTITY "Client_identity"
+#define DFL_ECJPAKE_PW NULL
+#define DFL_ECJPAKE_PW_OPAQUE 0
+#define DFL_EC_MAX_OPS -1
+#define DFL_FORCE_CIPHER 0
+#define DFL_TLS1_3_KEX_MODES MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_ALL
+#define DFL_RENEGOTIATION MBEDTLS_SSL_RENEGOTIATION_DISABLED
+#define DFL_ALLOW_LEGACY -2
+#define DFL_RENEGOTIATE 0
+#define DFL_EXCHANGES 1
+#define DFL_MIN_VERSION -1
+#define DFL_MAX_VERSION -1
+#define DFL_SHA1 -1
+#define DFL_AUTH_MODE -1
+#define DFL_MFL_CODE MBEDTLS_SSL_MAX_FRAG_LEN_NONE
+#define DFL_TRUNC_HMAC -1
+#define DFL_RECSPLIT -1
+#define DFL_DHMLEN -1
+#define DFL_RECONNECT 0
+#define DFL_RECO_SERVER_NAME NULL
+#define DFL_RECO_DELAY 0
+#define DFL_RECO_MODE 1
+#define DFL_CID_ENABLED 0
+#define DFL_CID_VALUE ""
+#define DFL_CID_ENABLED_RENEGO -1
+#define DFL_CID_VALUE_RENEGO NULL
+#define DFL_RECONNECT_HARD 0
+#define DFL_TICKETS MBEDTLS_SSL_SESSION_TICKETS_ENABLED
+#define DFL_ALPN_STRING NULL
+#define DFL_GROUPS NULL
+#define DFL_SIG_ALGS NULL
+#define DFL_TRANSPORT MBEDTLS_SSL_TRANSPORT_STREAM
+#define DFL_HS_TO_MIN 0
+#define DFL_HS_TO_MAX 0
+#define DFL_DTLS_MTU -1
+#define DFL_DGRAM_PACKING 1
+#define DFL_FALLBACK -1
+#define DFL_EXTENDED_MS -1
+#define DFL_ETM -1
+#define DFL_SERIALIZE 0
+#define DFL_CONTEXT_FILE ""
+#define DFL_EXTENDED_MS_ENFORCE -1
+#define DFL_CA_CALLBACK 0
+#define DFL_EAP_TLS 0
+#define DFL_REPRODUCIBLE 0
+#define DFL_NSS_KEYLOG 0
+#define DFL_NSS_KEYLOG_FILE NULL
+#define DFL_SKIP_CLOSE_NOTIFY 0
+#define DFL_QUERY_CONFIG_MODE 0
+#define DFL_USE_SRTP 0
+#define DFL_SRTP_FORCE_PROFILE 0
+#define DFL_SRTP_MKI ""
+#define DFL_KEY_OPAQUE_ALG "none"
+
+#define GET_REQUEST "GET %s HTTP/1.0\r\nExtra-header: "
+#define GET_REQUEST_END "\r\n\r\n"
+
+#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
+#define USAGE_CONTEXT_CRT_CB \
+ " context_crt_cb=%%d This determines whether the CRT verification callback is bound\n" \
+ " to the SSL configuration of the SSL context.\n" \
+ " Possible values:\n" \
+ " - 0 (default): Use CRT callback bound to configuration\n" \
+ " - 1: Use CRT callback bound to SSL context\n"
+#else
+#define USAGE_CONTEXT_CRT_CB ""
+#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */
+#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
+#if defined(MBEDTLS_FS_IO)
+#define USAGE_IO \
+ " ca_file=%%s The single file containing the top-level CA(s) you fully trust\n" \
+ " default: \"\" (pre-loaded)\n" \
+ " use \"none\" to skip loading any top-level CAs.\n" \
+ " ca_path=%%s The path containing the top-level CA(s) you fully trust\n" \
+ " default: \"\" (pre-loaded) (overrides ca_file)\n" \
+ " use \"none\" to skip loading any top-level CAs.\n" \
+ " crt_file=%%s Your own cert and chain (in bottom to top order, top may be omitted)\n" \
+ " default: \"\" (pre-loaded)\n" \
+ " key_file=%%s default: \"\" (pre-loaded)\n" \
+ " key_pwd=%%s Password for key specified by key_file argument\n" \
+ " default: none\n"
+#else
+#define USAGE_IO \
+ " No file operations available (MBEDTLS_FS_IO not defined)\n"
+#endif /* MBEDTLS_FS_IO */
+#else /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */
+#define USAGE_IO ""
+#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */
+#if defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
+#define USAGE_KEY_OPAQUE \
+ " key_opaque=%%d Handle your private key as if it were opaque\n" \
+ " default: 0 (disabled)\n"
+#else
+#define USAGE_KEY_OPAQUE ""
+#endif
+
+#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
+#define USAGE_CID \
+ " cid=%%d Disable (0) or enable (1) the use of the DTLS Connection ID extension.\n" \
+ " default: 0 (disabled)\n" \
+ " cid_renego=%%d Disable (0) or enable (1) the use of the DTLS Connection ID extension during renegotiation.\n" \
+ " default: same as 'cid' parameter\n" \
+ " cid_val=%%s The CID to use for incoming messages (in hex, without 0x).\n" \
+ " default: \"\"\n" \
+ " cid_val_renego=%%s The CID to use for incoming messages (in hex, without 0x) after renegotiation.\n" \
+ " default: same as 'cid_val' parameter\n"
+#else /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
+#define USAGE_CID ""
+#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
+
+#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED)
+#define USAGE_PSK_RAW \
+ " psk=%%s default: \"\" (disabled)\n" \
+ " The PSK values are in hex, without 0x.\n" \
+ " psk_identity=%%s default: \"Client_identity\"\n"
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+#define USAGE_PSK_SLOT \
+ " psk_opaque=%%d default: 0 (don't use opaque static PSK)\n" \
+ " Enable this to store the PSK configured through command line\n" \
+ " parameter `psk` in a PSA-based key slot.\n" \
+ " Note: Currently only supported in conjunction with\n" \
+ " the use of min_version to force TLS 1.2 and force_ciphersuite \n" \
+ " to force a particular PSK-only ciphersuite.\n" \
+ " Note: This is to test integration of PSA-based opaque PSKs with\n" \
+ " Mbed TLS only. Production systems are likely to configure Mbed TLS\n" \
+ " with prepopulated key slots instead of importing raw key material.\n"
+#else
+#define USAGE_PSK_SLOT ""
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+#define USAGE_PSK USAGE_PSK_RAW USAGE_PSK_SLOT
+#else
+#define USAGE_PSK ""
+#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED */
+
+#if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK)
+#define USAGE_CA_CALLBACK \
+ " ca_callback=%%d default: 0 (disabled)\n" \
+ " Enable this to use the trusted certificate callback function\n"
+#else
+#define USAGE_CA_CALLBACK ""
+#endif /* MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK */
+
+#if defined(MBEDTLS_SSL_SESSION_TICKETS)
+#define USAGE_TICKETS \
+ " tickets=%%d default: 1 (enabled)\n"
+#else
+#define USAGE_TICKETS ""
+#endif /* MBEDTLS_SSL_SESSION_TICKETS */
+
+#define USAGE_EAP_TLS \
+ " eap_tls=%%d default: 0 (disabled)\n"
+#define USAGE_NSS_KEYLOG \
+ " nss_keylog=%%d default: 0 (disabled)\n" \
+ " This cannot be used with eap_tls=1\n"
+#define USAGE_NSS_KEYLOG_FILE \
+ " nss_keylog_file=%%s\n"
+#if defined(MBEDTLS_SSL_DTLS_SRTP)
+#define USAGE_SRTP \
+ " use_srtp=%%d default: 0 (disabled)\n" \
+ " This cannot be used with eap_tls=1 or " \
+ " nss_keylog=1\n" \
+ " srtp_force_profile=%%d default: 0 (all enabled)\n" \
+ " available profiles:\n" \
+ " 1 - SRTP_AES128_CM_HMAC_SHA1_80\n" \
+ " 2 - SRTP_AES128_CM_HMAC_SHA1_32\n" \
+ " 3 - SRTP_NULL_HMAC_SHA1_80\n" \
+ " 4 - SRTP_NULL_HMAC_SHA1_32\n" \
+ " mki=%%s default: \"\" (in hex, without 0x)\n"
+#else /* MBEDTLS_SSL_DTLS_SRTP */
+#define USAGE_SRTP ""
+#endif
+
+#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
+#define USAGE_MAX_FRAG_LEN \
+ " max_frag_len=%%d default: 16384 (tls default)\n" \
+ " options: 512, 1024, 2048, 4096\n"
+#else
+#define USAGE_MAX_FRAG_LEN ""
+#endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */
+
+#if defined(MBEDTLS_DHM_C)
+#define USAGE_DHMLEN \
+ " dhmlen=%%d default: (library default: 1024 bits)\n"
+#else
+#define USAGE_DHMLEN
+#endif
+
+#if defined(MBEDTLS_SSL_ALPN)
+#define USAGE_ALPN \
+ " alpn=%%s default: \"\" (disabled)\n" \
+ " example: spdy/1,http/1.1\n"
+#else
+#define USAGE_ALPN ""
+#endif /* MBEDTLS_SSL_ALPN */
+
+#if defined(MBEDTLS_PK_HAVE_ECC_KEYS) || \
+ (defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_EPHEMERAL_ENABLED) && \
+ defined(PSA_WANT_ALG_FFDH))
+#define USAGE_GROUPS \
+ " groups=a,b,c,d default: \"default\" (library default)\n" \
+ " example: \"secp521r1,brainpoolP512r1\"\n" \
+ " - use \"none\" for empty list\n" \
+ " - see mbedtls_ecp_curve_list()\n" \
+ " for acceptable EC group names\n" \
+ " - the following ffdh groups are supported:\n" \
+ " ffdhe2048, ffdhe3072, ffdhe4096, ffdhe6144,\n" \
+ " ffdhe8192\n"
+#else
+#define USAGE_GROUPS ""
+#endif
+
+#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
+#define USAGE_SIG_ALGS \
+ " sig_algs=a,b,c,d default: \"default\" (library default)\n" \
+ " example: \"ecdsa_secp256r1_sha256,ecdsa_secp384r1_sha384\"\n"
+#else
+#define USAGE_SIG_ALGS ""
+#endif
+
+#if defined(MBEDTLS_SSL_PROTO_DTLS)
+#define USAGE_DTLS \
+ " dtls=%%d default: 0 (TLS)\n" \
+ " hs_timeout=%%d-%%d default: (library default: 1000-60000)\n" \
+ " range of DTLS handshake timeouts in millisecs\n" \
+ " mtu=%%d default: (library default: unlimited)\n" \
+ " dgram_packing=%%d default: 1 (allowed)\n" \
+ " allow or forbid packing of multiple\n" \
+ " records within a single datgram.\n"
+#else
+#define USAGE_DTLS ""
+#endif
+
+#if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET)
+#define USAGE_EMS \
+ " extended_ms=0/1 default: (library default: on)\n"
+#else
+#define USAGE_EMS ""
+#endif
+
+#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
+#define USAGE_ETM \
+ " etm=0/1 default: (library default: on)\n"
+#else
+#define USAGE_ETM ""
+#endif
+
+#define USAGE_REPRODUCIBLE \
+ " reproducible=0/1 default: 0 (disabled)\n"
+
+#if defined(MBEDTLS_SSL_RENEGOTIATION)
+#define USAGE_RENEGO \
+ " renegotiation=%%d default: 0 (disabled)\n" \
+ " renegotiate=%%d default: 0 (disabled)\n"
+#else
+#define USAGE_RENEGO ""
+#endif
+
+#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+#define USAGE_ECJPAKE \
+ " ecjpake_pw=%%s default: none (disabled)\n" \
+ " ecjpake_pw_opaque=%%d default: 0 (disabled)\n"
+#else /* MBEDTLS_USE_PSA_CRYPTO */
+#define USAGE_ECJPAKE \
+ " ecjpake_pw=%%s default: none (disabled)\n"
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+#else /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
+#define USAGE_ECJPAKE ""
+#endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
+
+#if defined(MBEDTLS_ECP_RESTARTABLE)
+#define USAGE_ECRESTART \
+ " ec_max_ops=%%s default: library default (restart disabled)\n"
+#else
+#define USAGE_ECRESTART ""
+#endif
+
+#if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION)
+#define USAGE_SERIALIZATION \
+ " serialize=%%d default: 0 (do not serialize/deserialize)\n" \
+ " options: 1 (serialize)\n" \
+ " 2 (serialize with re-initialization)\n" \
+ " context_file=%%s The file path to write a serialized connection\n" \
+ " in the form of base64 code (serialize option\n" \
+ " must be set)\n" \
+ " default: \"\" (do nothing)\n" \
+ " option: a file path\n"
+#else
+#define USAGE_SERIALIZATION ""
+#endif
+
+#if defined(MBEDTLS_SSL_EARLY_DATA)
+#define USAGE_EARLY_DATA \
+ " early_data=%%d default: library default\n" \
+ " options: 0 (disabled), 1 (enabled)\n"
+#else
+#define USAGE_EARLY_DATA ""
+#endif /* MBEDTLS_SSL_EARLY_DATA && MBEDTLS_SSL_PROTO_TLS1_3 */
+
+#define USAGE_KEY_OPAQUE_ALGS \
+ " key_opaque_algs=%%s Allowed opaque key algorithms.\n" \
+ " comma-separated pair of values among the following:\n" \
+ " rsa-sign-pkcs1, rsa-sign-pss, rsa-sign-pss-sha256,\n" \
+ " rsa-sign-pss-sha384, rsa-sign-pss-sha512, rsa-decrypt,\n" \
+ " ecdsa-sign, ecdh, none (only acceptable for\n" \
+ " the second value).\n" \
+
+#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
+#define USAGE_TLS1_3_KEY_EXCHANGE_MODES \
+ " tls13_kex_modes=%%s default: all\n" \
+ " options: psk, psk_ephemeral, psk_all, ephemeral,\n" \
+ " ephemeral_all, all, psk_or_ephemeral\n"
+#else
+#define USAGE_TLS1_3_KEY_EXCHANGE_MODES ""
+#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
+
+/* USAGE is arbitrarily split to stay under the portable string literal
+ * length limit: 4095 bytes in C99. */
+#define USAGE1 \
+ "\n usage: ssl_client2 param=<>...\n" \
+ "\n acceptable parameters:\n" \
+ " server_name=%%s default: localhost\n" \
+ " server_addr=%%s default: given by name\n" \
+ " server_port=%%d default: 4433\n" \
+ " request_page=%%s default: \".\"\n" \
+ " request_size=%%d default: about 34 (basic request)\n" \
+ " (minimum: 0, max: " MAX_REQUEST_SIZE_STR ")\n" \
+ " If 0, in the first exchange only an empty\n" \
+ " application data message is sent followed by\n" \
+ " a second non-empty message before attempting\n" \
+ " to read a response from the server\n" \
+ " debug_level=%%d default: 0 (disabled)\n" \
+ " build_version=%%d default: none (disabled)\n" \
+ " option: 1 (print build version only and stop)\n" \
+ " nbio=%%d default: 0 (blocking I/O)\n" \
+ " options: 1 (non-blocking), 2 (added delays)\n" \
+ " event=%%d default: 0 (loop)\n" \
+ " options: 1 (level-triggered, implies nbio=1),\n" \
+ " read_timeout=%%d default: 0 ms (no timeout)\n" \
+ " max_resend=%%d default: 0 (no resend on timeout)\n" \
+ " skip_close_notify=%%d default: 0 (send close_notify)\n" \
+ "\n" \
+ USAGE_DTLS \
+ USAGE_CID \
+ USAGE_SRTP \
+ "\n"
+#define USAGE2 \
+ " auth_mode=%%s default: (library default: none)\n" \
+ " options: none, optional, required\n" \
+ USAGE_IO \
+ USAGE_KEY_OPAQUE \
+ USAGE_CA_CALLBACK \
+ "\n" \
+ USAGE_PSK \
+ USAGE_ECJPAKE \
+ USAGE_ECRESTART \
+ "\n"
+#define USAGE3 \
+ " allow_legacy=%%d default: (library default: no)\n" \
+ USAGE_RENEGO \
+ " exchanges=%%d default: 1\n" \
+ " reconnect=%%d number of reconnections using session resumption\n" \
+ " default: 0 (disabled)\n" \
+ " reco_server_name=%%s default: NULL\n" \
+ " reco_delay=%%d default: 0 milliseconds\n" \
+ " reco_mode=%%d 0: copy session, 1: serialize session\n" \
+ " default: 1\n" \
+ " reconnect_hard=%%d default: 0 (disabled)\n" \
+ USAGE_TICKETS \
+ USAGE_EAP_TLS \
+ USAGE_MAX_FRAG_LEN \
+ USAGE_CONTEXT_CRT_CB \
+ USAGE_ALPN \
+ USAGE_EMS \
+ USAGE_ETM \
+ USAGE_REPRODUCIBLE \
+ USAGE_GROUPS \
+ USAGE_SIG_ALGS \
+ USAGE_EARLY_DATA \
+ USAGE_DHMLEN \
+ USAGE_KEY_OPAQUE_ALGS \
+ "\n"
+
+#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
+#define TLS1_3_VERSION_OPTIONS ", tls13"
+#else /* MBEDTLS_SSL_PROTO_TLS1_3 */
+#define TLS1_3_VERSION_OPTIONS ""
+#endif /* !MBEDTLS_SSL_PROTO_TLS1_3 */
+
+#define USAGE4 \
+ " allow_sha1=%%d default: 0\n" \
+ " min_version=%%s default: (library default: tls12)\n" \
+ " max_version=%%s default: (library default: tls12)\n" \
+ " force_version=%%s default: \"\" (none)\n" \
+ " options: tls12, dtls12" TLS1_3_VERSION_OPTIONS \
+ "\n\n" \
+ " force_ciphersuite=<name> default: all enabled\n" \
+ USAGE_TLS1_3_KEY_EXCHANGE_MODES \
+ " query_config=<name> return 0 if the specified\n" \
+ " configuration macro is defined and 1\n" \
+ " otherwise. The expansion of the macro\n" \
+ " is printed if it is defined\n" \
+ USAGE_SERIALIZATION \
+ "\n"
+
+/*
+ * global options
+ */
+struct options {
+ const char *server_name; /* hostname of the server (client only) */
+ const char *server_addr; /* address of the server (client only) */
+ const char *server_port; /* port on which the ssl service runs */
+ int debug_level; /* level of debugging */
+ int nbio; /* should I/O be blocking? */
+ int event; /* loop or event-driven IO? level or edge triggered? */
+ uint32_t read_timeout; /* timeout on mbedtls_ssl_read() in milliseconds */
+ int max_resend; /* DTLS times to resend on read timeout */
+ const char *request_page; /* page on server to request */
+ int request_size; /* pad request with header to requested size */
+ const char *ca_file; /* the file with the CA certificate(s) */
+ const char *ca_path; /* the path with the CA certificate(s) reside */
+ const char *crt_file; /* the file with the client certificate */
+ const char *key_file; /* the file with the client key */
+ int key_opaque; /* handle private key as if it were opaque */
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ int psk_opaque;
+#endif
+#if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK)
+ int ca_callback; /* Use callback for trusted certificate list */
+#endif
+ const char *key_pwd; /* the password for the client key */
+ const char *psk; /* the pre-shared key */
+ const char *psk_identity; /* the pre-shared key identity */
+ const char *ecjpake_pw; /* the EC J-PAKE password */
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ int ecjpake_pw_opaque; /* set to 1 to use the opaque method for setting the password */
+#endif
+ int ec_max_ops; /* EC consecutive operations limit */
+ int force_ciphersuite[2]; /* protocol/ciphersuite to use, or all */
+#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
+ int tls13_kex_modes; /* supported TLS 1.3 key exchange modes */
+#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
+ int renegotiation; /* enable / disable renegotiation */
+ int allow_legacy; /* allow legacy renegotiation */
+ int renegotiate; /* attempt renegotiation? */
+ int renego_delay; /* delay before enforcing renegotiation */
+ int exchanges; /* number of data exchanges */
+ int min_version; /* minimum protocol version accepted */
+ int max_version; /* maximum protocol version accepted */
+ int allow_sha1; /* flag for SHA-1 support */
+ int auth_mode; /* verify mode for connection */
+ unsigned char mfl_code; /* code for maximum fragment length */
+ int trunc_hmac; /* negotiate truncated hmac or not */
+ int recsplit; /* enable record splitting? */
+ int dhmlen; /* minimum DHM params len in bits */
+ int reconnect; /* attempt to resume session */
+ const char *reco_server_name; /* hostname of the server (re-connect) */
+ int reco_delay; /* delay in seconds before resuming session */
+ int reco_mode; /* how to keep the session around */
+ int reconnect_hard; /* unexpectedly reconnect from the same port */
+ int tickets; /* enable / disable session tickets */
+ const char *groups; /* list of supported groups */
+ const char *sig_algs; /* supported TLS 1.3 signature algorithms */
+ const char *alpn_string; /* ALPN supported protocols */
+ int transport; /* TLS or DTLS? */
+ uint32_t hs_to_min; /* Initial value of DTLS handshake timer */
+ uint32_t hs_to_max; /* Max value of DTLS handshake timer */
+ int dtls_mtu; /* UDP Maximum transport unit for DTLS */
+ int fallback; /* is this a fallback connection? */
+ int dgram_packing; /* allow/forbid datagram packing */
+ int extended_ms; /* negotiate extended master secret? */
+ int etm; /* negotiate encrypt then mac? */
+ int context_crt_cb; /* use context-specific CRT verify callback */
+ int eap_tls; /* derive EAP-TLS keying material? */
+ int nss_keylog; /* export NSS key log material */
+ const char *nss_keylog_file; /* NSS key log file */
+ int cid_enabled; /* whether to use the CID extension or not */
+ int cid_enabled_renego; /* whether to use the CID extension or not
+ * during renegotiation */
+ const char *cid_val; /* the CID to use for incoming messages */
+ int serialize; /* serialize/deserialize connection */
+ const char *context_file; /* the file to write a serialized connection
+ * in the form of base64 code (serialize
+ * option must be set) */
+ const char *cid_val_renego; /* the CID to use for incoming messages
+ * after renegotiation */
+ int reproducible; /* make communication reproducible */
+ int skip_close_notify; /* skip sending the close_notify alert */
+#if defined(MBEDTLS_SSL_EARLY_DATA)
+ int early_data; /* early data enablement flag */
+#endif
+ int query_config_mode; /* whether to read config */
+ int use_srtp; /* Support SRTP */
+ int force_srtp_profile; /* SRTP protection profile to use or all */
+ const char *mki; /* The dtls mki value to use */
+ const char *key_opaque_alg1; /* Allowed opaque key alg 1 */
+ const char *key_opaque_alg2; /* Allowed Opaque key alg 2 */
+} opt;
+
+#include "ssl_test_common_source.c"
+
+#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
+static unsigned char peer_crt_info[1024];
+
+/*
+ * Enabled if debug_level > 1 in code below
+ */
+static int my_verify(void *data, mbedtls_x509_crt *crt,
+ int depth, uint32_t *flags)
+{
+ char buf[1024];
+ ((void) data);
+
+ mbedtls_printf("\nVerify requested for (Depth %d):\n", depth);
+
+#if !defined(MBEDTLS_X509_REMOVE_INFO)
+ mbedtls_x509_crt_info(buf, sizeof(buf) - 1, "", crt);
+ if (depth == 0) {
+ memcpy(peer_crt_info, buf, sizeof(buf));
+ }
+
+ if (opt.debug_level == 0) {
+ return 0;
+ }
+
+ mbedtls_printf("%s", buf);
+#else
+ ((void) crt);
+ ((void) depth);
+#endif
+
+ if ((*flags) == 0) {
+ mbedtls_printf(" This certificate has no flags\n");
+ } else {
+ x509_crt_verify_info(buf, sizeof(buf), " ! ", *flags);
+ mbedtls_printf("%s\n", buf);
+ }
+
+ return 0;
+}
+#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */
+
+#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
+int report_cid_usage(mbedtls_ssl_context *ssl,
+ const char *additional_description)
+{
+ int ret;
+ unsigned char peer_cid[MBEDTLS_SSL_CID_OUT_LEN_MAX];
+ size_t peer_cid_len;
+ int cid_negotiated;
+
+ if (opt.transport != MBEDTLS_SSL_TRANSPORT_DATAGRAM) {
+ return 0;
+ }
+
+ /* Check if the use of a CID has been negotiated,
+ * but don't ask for the CID value and length.
+ *
+ * Note: Here and below, we're demonstrating the various ways
+ * in which mbedtls_ssl_get_peer_cid() can be called,
+ * depending on whether or not the length/value of the
+ * peer's CID is needed.
+ *
+ * An actual application, however, should use
+ * just one call to mbedtls_ssl_get_peer_cid(). */
+ ret = mbedtls_ssl_get_peer_cid(ssl, &cid_negotiated,
+ NULL, NULL);
+ if (ret != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_ssl_get_peer_cid returned -0x%x\n\n",
+ (unsigned int) -ret);
+ return ret;
+ }
+
+ if (cid_negotiated == MBEDTLS_SSL_CID_DISABLED) {
+ if (opt.cid_enabled == MBEDTLS_SSL_CID_ENABLED) {
+ mbedtls_printf("(%s) Use of Connection ID was rejected by the server.\n",
+ additional_description);
+ }
+ } else {
+ size_t idx = 0;
+ mbedtls_printf("(%s) Use of Connection ID has been negotiated.\n",
+ additional_description);
+
+ /* Ask for just the length of the peer's CID. */
+ ret = mbedtls_ssl_get_peer_cid(ssl, &cid_negotiated,
+ NULL, &peer_cid_len);
+ if (ret != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_ssl_get_peer_cid returned -0x%x\n\n",
+ (unsigned int) -ret);
+ return ret;
+ }
+
+ /* Ask for just length + value of the peer's CID. */
+ ret = mbedtls_ssl_get_peer_cid(ssl, &cid_negotiated,
+ peer_cid, &peer_cid_len);
+ if (ret != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_ssl_get_peer_cid returned -0x%x\n\n",
+ (unsigned int) -ret);
+ return ret;
+ }
+ mbedtls_printf("(%s) Peer CID (length %u Bytes): ",
+ additional_description,
+ (unsigned) peer_cid_len);
+ while (idx < peer_cid_len) {
+ mbedtls_printf("%02x ", peer_cid[idx]);
+ idx++;
+ }
+ mbedtls_printf("\n");
+ }
+
+ return 0;
+}
+#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
+
+static int ssl_save_session_serialize(mbedtls_ssl_context *ssl,
+ unsigned char **session_data,
+ size_t *session_data_len)
+{
+ int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
+ mbedtls_ssl_session exported_session;
+
+ /* free any previously saved data */
+ if (*session_data != NULL) {
+ mbedtls_platform_zeroize(*session_data, *session_data_len);
+ mbedtls_free(*session_data);
+ *session_data = NULL;
+ *session_data_len = 0;
+ }
+
+ mbedtls_ssl_session_init(&exported_session);
+ ret = mbedtls_ssl_get_session(ssl, &exported_session);
+ if (ret != 0) {
+ mbedtls_printf(
+ "failed\n ! mbedtls_ssl_get_session() returned -%#02x\n",
+ (unsigned) -ret);
+ goto exit;
+ }
+
+ /* get size of the buffer needed */
+ (void) mbedtls_ssl_session_save(&exported_session, NULL, 0, session_data_len);
+ *session_data = mbedtls_calloc(1, *session_data_len);
+ if (*session_data == NULL) {
+ mbedtls_printf(" failed\n ! alloc %u bytes for session data\n",
+ (unsigned) *session_data_len);
+ ret = MBEDTLS_ERR_SSL_ALLOC_FAILED;
+ goto exit;
+ }
+
+ /* actually save session data */
+ if ((ret = mbedtls_ssl_session_save(&exported_session,
+ *session_data, *session_data_len,
+ session_data_len)) != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_ssl_session_saved returned -0x%04x\n\n",
+ (unsigned int) -ret);
+ goto exit;
+ }
+
+exit:
+ mbedtls_ssl_session_free(&exported_session);
+ return ret;
+}
+
+/*
+ * Build HTTP request
+ */
+static int build_http_request(unsigned char *buf, size_t buf_size, size_t *request_len)
+{
+ int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
+ size_t len, tail_len, request_size;
+
+ ret = mbedtls_snprintf((char *) buf, buf_size, GET_REQUEST, opt.request_page);
+ if (ret < 0) {
+ return ret;
+ }
+
+ len = (size_t) ret;
+ tail_len = strlen(GET_REQUEST_END);
+ if (opt.request_size != DFL_REQUEST_SIZE) {
+ request_size = (size_t) opt.request_size;
+ } else {
+ request_size = len + tail_len;
+ }
+
+ if (request_size > buf_size) {
+ return MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL;
+ }
+
+ /* Add padding to GET request to reach opt.request_size in length */
+ if (opt.request_size != DFL_REQUEST_SIZE &&
+ len + tail_len < request_size) {
+ memset(buf + len, 'A', request_size - len - tail_len);
+ len = request_size - tail_len;
+ }
+
+ strncpy((char *) buf + len, GET_REQUEST_END, buf_size - len);
+ len += tail_len;
+
+ /* Truncate if request size is smaller than the "natural" size */
+ if (opt.request_size != DFL_REQUEST_SIZE &&
+ len > request_size) {
+ len = request_size;
+
+ /* Still end with \r\n unless that's really not possible */
+ if (len >= 2) {
+ buf[len - 2] = '\r';
+ }
+ if (len >= 1) {
+ buf[len - 1] = '\n';
+ }
+ }
+
+ *request_len = len;
+
+ return 0;
+}
+
+int main(int argc, char *argv[])
+{
+ int ret = 0, i;
+ size_t len, written, frags, retry_left;
+ int query_config_ret = 0;
+ mbedtls_net_context server_fd;
+ io_ctx_t io_ctx;
+
+#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
+ uint16_t sig_alg_list[SIG_ALG_LIST_SIZE];
+#endif
+
+ unsigned char buf[MAX_REQUEST_SIZE + 1];
+
+#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED)
+ unsigned char psk[MBEDTLS_PSK_MAX_LEN];
+ size_t psk_len = 0;
+#endif
+
+#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
+ unsigned char cid[MBEDTLS_SSL_CID_IN_LEN_MAX];
+ unsigned char cid_renego[MBEDTLS_SSL_CID_IN_LEN_MAX];
+ size_t cid_len = 0;
+ size_t cid_renego_len = 0;
+#endif
+
+#if defined(MBEDTLS_SSL_ALPN)
+ const char *alpn_list[ALPN_LIST_SIZE];
+#endif
+
+#if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C)
+ unsigned char alloc_buf[MEMORY_HEAP_SIZE];
+#endif
+ uint16_t group_list[GROUP_LIST_SIZE];
+#if defined(MBEDTLS_SSL_DTLS_SRTP)
+ unsigned char mki[MBEDTLS_TLS_SRTP_MAX_MKI_LENGTH];
+ size_t mki_len = 0;
+#endif
+
+ const char *pers = "ssl_client2";
+
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED)
+ mbedtls_svc_key_id_t slot = MBEDTLS_SVC_KEY_ID_INIT;
+ psa_algorithm_t alg = 0;
+ psa_key_attributes_t key_attributes;
+#endif
+ psa_status_t status;
+#elif defined(MBEDTLS_SSL_PROTO_TLS1_3)
+ psa_status_t status;
+#endif
+
+ rng_context_t rng;
+ mbedtls_ssl_context ssl;
+ mbedtls_ssl_config conf;
+ mbedtls_ssl_session saved_session;
+ unsigned char *session_data = NULL;
+ size_t session_data_len = 0;
+#if defined(MBEDTLS_TIMING_C)
+ mbedtls_timing_delay_context timer;
+#endif
+#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
+ uint32_t flags;
+ mbedtls_x509_crt cacert;
+ mbedtls_x509_crt clicert;
+ mbedtls_pk_context pkey;
+ mbedtls_x509_crt_profile crt_profile_for_test = mbedtls_x509_crt_profile_default;
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ mbedtls_svc_key_id_t key_slot = MBEDTLS_SVC_KEY_ID_INIT; /* invalid key slot */
+#endif
+#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */
+ char *p, *q;
+ const int *list;
+#if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION)
+ unsigned char *context_buf = NULL;
+ size_t context_buf_len;
+#endif
+ unsigned char eap_tls_keymaterial[16];
+ unsigned char eap_tls_iv[8];
+ const char *eap_tls_label = "client EAP encryption";
+ eap_tls_keys eap_tls_keying;
+#if defined(MBEDTLS_SSL_DTLS_SRTP)
+ /*! master keys and master salt for SRTP generated during handshake */
+ unsigned char dtls_srtp_key_material[MBEDTLS_TLS_SRTP_MAX_KEY_MATERIAL_LENGTH];
+ const char *dtls_srtp_label = "EXTRACTOR-dtls_srtp";
+ dtls_srtp_keys dtls_srtp_keying;
+ const mbedtls_ssl_srtp_profile default_profiles[] = {
+ MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_80,
+ MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_32,
+ MBEDTLS_TLS_SRTP_NULL_HMAC_SHA1_80,
+ MBEDTLS_TLS_SRTP_NULL_HMAC_SHA1_32,
+ MBEDTLS_TLS_SRTP_UNSET
+ };
+#endif /* MBEDTLS_SSL_DTLS_SRTP */
+#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) && \
+ defined(MBEDTLS_USE_PSA_CRYPTO)
+ mbedtls_svc_key_id_t ecjpake_pw_slot = MBEDTLS_SVC_KEY_ID_INIT; /* ecjpake password key slot */
+#endif /* MBEDTLS_USE_PSA_CRYPTO && MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
+
+#if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C)
+ mbedtls_memory_buffer_alloc_init(alloc_buf, sizeof(alloc_buf));
+#endif
+
+#if defined(MBEDTLS_TEST_HOOKS)
+ test_hooks_init();
+#endif /* MBEDTLS_TEST_HOOKS */
+
+ /*
+ * Make sure memory references are valid.
+ */
+ mbedtls_net_init(&server_fd);
+ mbedtls_ssl_init(&ssl);
+ mbedtls_ssl_config_init(&conf);
+ mbedtls_ssl_session_init(&saved_session);
+ rng_init(&rng);
+#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
+ mbedtls_x509_crt_init(&cacert);
+ mbedtls_x509_crt_init(&clicert);
+ mbedtls_pk_init(&pkey);
+#endif
+#if defined(MBEDTLS_SSL_ALPN)
+ memset((void *) alpn_list, 0, sizeof(alpn_list));
+#endif
+
+#if defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3)
+ status = psa_crypto_init();
+ if (status != PSA_SUCCESS) {
+ mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n",
+ (int) status);
+ ret = MBEDTLS_ERR_SSL_HW_ACCEL_FAILED;
+ goto exit;
+ }
+#endif /* MBEDTLS_USE_PSA_CRYPTO || MBEDTLS_SSL_PROTO_TLS1_3 */
+#if defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG)
+ mbedtls_test_enable_insecure_external_rng();
+#endif /* MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG */
+
+ opt.server_name = DFL_SERVER_NAME;
+ opt.server_addr = DFL_SERVER_ADDR;
+ opt.server_port = DFL_SERVER_PORT;
+ opt.debug_level = DFL_DEBUG_LEVEL;
+ opt.cid_enabled = DFL_CID_ENABLED;
+ opt.cid_val = DFL_CID_VALUE;
+ opt.cid_enabled_renego = DFL_CID_ENABLED_RENEGO;
+ opt.cid_val_renego = DFL_CID_VALUE_RENEGO;
+ opt.nbio = DFL_NBIO;
+ opt.event = DFL_EVENT;
+ opt.context_crt_cb = DFL_CONTEXT_CRT_CB;
+ opt.read_timeout = DFL_READ_TIMEOUT;
+ opt.max_resend = DFL_MAX_RESEND;
+ opt.request_page = DFL_REQUEST_PAGE;
+ opt.request_size = DFL_REQUEST_SIZE;
+ opt.ca_file = DFL_CA_FILE;
+ opt.ca_path = DFL_CA_PATH;
+ opt.crt_file = DFL_CRT_FILE;
+ opt.key_file = DFL_KEY_FILE;
+ opt.key_opaque = DFL_KEY_OPAQUE;
+ opt.key_pwd = DFL_KEY_PWD;
+ opt.psk = DFL_PSK;
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ opt.psk_opaque = DFL_PSK_OPAQUE;
+#endif
+#if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK)
+ opt.ca_callback = DFL_CA_CALLBACK;
+#endif
+ opt.psk_identity = DFL_PSK_IDENTITY;
+ opt.ecjpake_pw = DFL_ECJPAKE_PW;
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ opt.ecjpake_pw_opaque = DFL_ECJPAKE_PW_OPAQUE;
+#endif
+ opt.ec_max_ops = DFL_EC_MAX_OPS;
+ opt.force_ciphersuite[0] = DFL_FORCE_CIPHER;
+#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
+ opt.tls13_kex_modes = DFL_TLS1_3_KEX_MODES;
+#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
+ opt.renegotiation = DFL_RENEGOTIATION;
+ opt.allow_legacy = DFL_ALLOW_LEGACY;
+ opt.renegotiate = DFL_RENEGOTIATE;
+ opt.exchanges = DFL_EXCHANGES;
+ opt.min_version = DFL_MIN_VERSION;
+ opt.max_version = DFL_MAX_VERSION;
+ opt.allow_sha1 = DFL_SHA1;
+ opt.auth_mode = DFL_AUTH_MODE;
+ opt.mfl_code = DFL_MFL_CODE;
+ opt.trunc_hmac = DFL_TRUNC_HMAC;
+ opt.recsplit = DFL_RECSPLIT;
+ opt.dhmlen = DFL_DHMLEN;
+ opt.reconnect = DFL_RECONNECT;
+ opt.reco_server_name = DFL_RECO_SERVER_NAME;
+ opt.reco_delay = DFL_RECO_DELAY;
+ opt.reco_mode = DFL_RECO_MODE;
+ opt.reconnect_hard = DFL_RECONNECT_HARD;
+ opt.tickets = DFL_TICKETS;
+ opt.alpn_string = DFL_ALPN_STRING;
+ opt.groups = DFL_GROUPS;
+ opt.sig_algs = DFL_SIG_ALGS;
+#if defined(MBEDTLS_SSL_EARLY_DATA)
+ opt.early_data = DFL_EARLY_DATA;
+#endif
+ opt.transport = DFL_TRANSPORT;
+ opt.hs_to_min = DFL_HS_TO_MIN;
+ opt.hs_to_max = DFL_HS_TO_MAX;
+ opt.dtls_mtu = DFL_DTLS_MTU;
+ opt.fallback = DFL_FALLBACK;
+ opt.extended_ms = DFL_EXTENDED_MS;
+ opt.etm = DFL_ETM;
+ opt.dgram_packing = DFL_DGRAM_PACKING;
+ opt.serialize = DFL_SERIALIZE;
+ opt.context_file = DFL_CONTEXT_FILE;
+ opt.eap_tls = DFL_EAP_TLS;
+ opt.reproducible = DFL_REPRODUCIBLE;
+ opt.nss_keylog = DFL_NSS_KEYLOG;
+ opt.nss_keylog_file = DFL_NSS_KEYLOG_FILE;
+ opt.skip_close_notify = DFL_SKIP_CLOSE_NOTIFY;
+ opt.query_config_mode = DFL_QUERY_CONFIG_MODE;
+ opt.use_srtp = DFL_USE_SRTP;
+ opt.force_srtp_profile = DFL_SRTP_FORCE_PROFILE;
+ opt.mki = DFL_SRTP_MKI;
+ opt.key_opaque_alg1 = DFL_KEY_OPAQUE_ALG;
+ opt.key_opaque_alg2 = DFL_KEY_OPAQUE_ALG;
+
+ p = q = NULL;
+ if (argc < 1) {
+usage:
+ if (p != NULL && q != NULL) {
+ printf("unrecognized value for '%s': '%s'\n", p, q);
+ } else if (p != NULL && q == NULL) {
+ printf("unrecognized param: '%s'\n", p);
+ }
+
+ mbedtls_printf("usage: ssl_client2 [param=value] [...]\n");
+ mbedtls_printf(" ssl_client2 help[_theme]\n");
+ mbedtls_printf("'help' lists acceptable 'param' and 'value'\n");
+ mbedtls_printf("'help_ciphersuites' lists available ciphersuites\n");
+ mbedtls_printf("\n");
+
+ if (ret == 0) {
+ ret = 1;
+ }
+ goto exit;
+ }
+
+ for (i = 1; i < argc; i++) {
+ p = argv[i];
+
+ if (strcmp(p, "help") == 0) {
+ mbedtls_printf(USAGE1);
+ mbedtls_printf(USAGE2);
+ mbedtls_printf(USAGE3);
+ mbedtls_printf(USAGE4);
+
+ ret = 0;
+ goto exit;
+ }
+ if (strcmp(p, "help_ciphersuites") == 0) {
+ mbedtls_printf(" acceptable ciphersuite names:\n");
+ for (list = mbedtls_ssl_list_ciphersuites();
+ *list != 0;
+ list++) {
+ mbedtls_printf(" %s\n", mbedtls_ssl_get_ciphersuite_name(*list));
+ }
+
+ ret = 0;
+ goto exit;
+ }
+
+ if ((q = strchr(p, '=')) == NULL) {
+ mbedtls_printf("param requires a value: '%s'\n", p);
+ p = NULL; // avoid "unrecnognized param" message
+ goto usage;
+ }
+ *q++ = '\0';
+
+ if (strcmp(p, "server_name") == 0) {
+ opt.server_name = q;
+ } else if (strcmp(p, "server_addr") == 0) {
+ opt.server_addr = q;
+ } else if (strcmp(p, "server_port") == 0) {
+ opt.server_port = q;
+ } else if (strcmp(p, "dtls") == 0) {
+ int t = atoi(q);
+ if (t == 0) {
+ opt.transport = MBEDTLS_SSL_TRANSPORT_STREAM;
+ } else if (t == 1) {
+ opt.transport = MBEDTLS_SSL_TRANSPORT_DATAGRAM;
+ } else {
+ goto usage;
+ }
+ } else if (strcmp(p, "debug_level") == 0) {
+ opt.debug_level = atoi(q);
+ if (opt.debug_level < 0 || opt.debug_level > 65535) {
+ goto usage;
+ }
+ } else if (strcmp(p, "build_version") == 0) {
+ if (strcmp(q, "1") == 0) {
+ mbedtls_printf("build version: %s (build %d)\n",
+ MBEDTLS_VERSION_STRING_FULL,
+ MBEDTLS_VERSION_NUMBER);
+ goto exit;
+ }
+ } else if (strcmp(p, "context_crt_cb") == 0) {
+ opt.context_crt_cb = atoi(q);
+ if (opt.context_crt_cb != 0 && opt.context_crt_cb != 1) {
+ goto usage;
+ }
+ } else if (strcmp(p, "nbio") == 0) {
+ opt.nbio = atoi(q);
+ if (opt.nbio < 0 || opt.nbio > 2) {
+ goto usage;
+ }
+ } else if (strcmp(p, "event") == 0) {
+ opt.event = atoi(q);
+ if (opt.event < 0 || opt.event > 2) {
+ goto usage;
+ }
+ } else if (strcmp(p, "read_timeout") == 0) {
+ opt.read_timeout = atoi(q);
+ } else if (strcmp(p, "max_resend") == 0) {
+ opt.max_resend = atoi(q);
+ if (opt.max_resend < 0) {
+ goto usage;
+ }
+ } else if (strcmp(p, "request_page") == 0) {
+ opt.request_page = q;
+ } else if (strcmp(p, "request_size") == 0) {
+ opt.request_size = atoi(q);
+ if (opt.request_size < 0 ||
+ opt.request_size > MAX_REQUEST_SIZE) {
+ goto usage;
+ }
+ } else if (strcmp(p, "ca_file") == 0) {
+ opt.ca_file = q;
+ } else if (strcmp(p, "ca_path") == 0) {
+ opt.ca_path = q;
+ } else if (strcmp(p, "crt_file") == 0) {
+ opt.crt_file = q;
+ } else if (strcmp(p, "key_file") == 0) {
+ opt.key_file = q;
+ } else if (strcmp(p, "key_pwd") == 0) {
+ opt.key_pwd = q;
+ }
+#if defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
+ else if (strcmp(p, "key_opaque") == 0) {
+ opt.key_opaque = atoi(q);
+ }
+#endif
+#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
+ else if (strcmp(p, "cid") == 0) {
+ opt.cid_enabled = atoi(q);
+ if (opt.cid_enabled != 0 && opt.cid_enabled != 1) {
+ goto usage;
+ }
+ } else if (strcmp(p, "cid_renego") == 0) {
+ opt.cid_enabled_renego = atoi(q);
+ if (opt.cid_enabled_renego != 0 && opt.cid_enabled_renego != 1) {
+ goto usage;
+ }
+ } else if (strcmp(p, "cid_val") == 0) {
+ opt.cid_val = q;
+ } else if (strcmp(p, "cid_val_renego") == 0) {
+ opt.cid_val_renego = q;
+ }
+#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
+ else if (strcmp(p, "psk") == 0) {
+ opt.psk = q;
+ }
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ else if (strcmp(p, "psk_opaque") == 0) {
+ opt.psk_opaque = atoi(q);
+ }
+#endif
+#if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK)
+ else if (strcmp(p, "ca_callback") == 0) {
+ opt.ca_callback = atoi(q);
+ }
+#endif
+ else if (strcmp(p, "psk_identity") == 0) {
+ opt.psk_identity = q;
+ } else if (strcmp(p, "ecjpake_pw") == 0) {
+ opt.ecjpake_pw = q;
+ }
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ else if (strcmp(p, "ecjpake_pw_opaque") == 0) {
+ opt.ecjpake_pw_opaque = atoi(q);
+ }
+#endif
+ else if (strcmp(p, "ec_max_ops") == 0) {
+ opt.ec_max_ops = atoi(q);
+ } else if (strcmp(p, "force_ciphersuite") == 0) {
+ opt.force_ciphersuite[0] = mbedtls_ssl_get_ciphersuite_id(q);
+
+ if (opt.force_ciphersuite[0] == 0) {
+ ret = 2;
+ goto usage;
+ }
+ opt.force_ciphersuite[1] = 0;
+ } else if (strcmp(p, "renegotiation") == 0) {
+ opt.renegotiation = (atoi(q)) ?
+ MBEDTLS_SSL_RENEGOTIATION_ENABLED :
+ MBEDTLS_SSL_RENEGOTIATION_DISABLED;
+ } else if (strcmp(p, "allow_legacy") == 0) {
+ switch (atoi(q)) {
+ case -1:
+ opt.allow_legacy = MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE;
+ break;
+ case 0:
+ opt.allow_legacy = MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION;
+ break;
+ case 1:
+ opt.allow_legacy = MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION;
+ break;
+ default: goto usage;
+ }
+ } else if (strcmp(p, "renegotiate") == 0) {
+ opt.renegotiate = atoi(q);
+ if (opt.renegotiate < 0 || opt.renegotiate > 1) {
+ goto usage;
+ }
+ } else if (strcmp(p, "exchanges") == 0) {
+ opt.exchanges = atoi(q);
+ if (opt.exchanges < 1) {
+ goto usage;
+ }
+ } else if (strcmp(p, "reconnect") == 0) {
+ opt.reconnect = atoi(q);
+ if (opt.reconnect < 0 || opt.reconnect > 2) {
+ goto usage;
+ }
+ } else if (strcmp(p, "reco_server_name") == 0) {
+ opt.reco_server_name = q;
+ } else if (strcmp(p, "reco_delay") == 0) {
+ opt.reco_delay = atoi(q);
+ if (opt.reco_delay < 0) {
+ goto usage;
+ }
+ } else if (strcmp(p, "reco_mode") == 0) {
+ opt.reco_mode = atoi(q);
+ if (opt.reco_mode < 0) {
+ goto usage;
+ }
+ } else if (strcmp(p, "reconnect_hard") == 0) {
+ opt.reconnect_hard = atoi(q);
+ if (opt.reconnect_hard < 0 || opt.reconnect_hard > 1) {
+ goto usage;
+ }
+ } else if (strcmp(p, "tickets") == 0) {
+ opt.tickets = atoi(q);
+ if (opt.tickets < 0) {
+ goto usage;
+ }
+ } else if (strcmp(p, "alpn") == 0) {
+ opt.alpn_string = q;
+ } else if (strcmp(p, "extended_ms") == 0) {
+ switch (atoi(q)) {
+ case 0:
+ opt.extended_ms = MBEDTLS_SSL_EXTENDED_MS_DISABLED;
+ break;
+ case 1:
+ opt.extended_ms = MBEDTLS_SSL_EXTENDED_MS_ENABLED;
+ break;
+ default: goto usage;
+ }
+ } else if (strcmp(p, "groups") == 0) {
+ opt.groups = q;
+ }
+#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
+ else if (strcmp(p, "sig_algs") == 0) {
+ opt.sig_algs = q;
+ }
+#endif
+ else if (strcmp(p, "etm") == 0) {
+ switch (atoi(q)) {
+ case 0: opt.etm = MBEDTLS_SSL_ETM_DISABLED; break;
+ case 1: opt.etm = MBEDTLS_SSL_ETM_ENABLED; break;
+ default: goto usage;
+ }
+ }
+
+#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
+#if defined(MBEDTLS_SSL_EARLY_DATA)
+ else if (strcmp(p, "early_data") == 0) {
+ switch (atoi(q)) {
+ case 0:
+ opt.early_data = MBEDTLS_SSL_EARLY_DATA_DISABLED;
+ break;
+ case 1:
+ opt.early_data = MBEDTLS_SSL_EARLY_DATA_ENABLED;
+ break;
+ default: goto usage;
+ }
+ }
+#endif /* MBEDTLS_SSL_EARLY_DATA */
+
+ else if (strcmp(p, "tls13_kex_modes") == 0) {
+ if (strcmp(q, "psk") == 0) {
+ opt.tls13_kex_modes = MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK;
+ } else if (strcmp(q, "psk_ephemeral") == 0) {
+ opt.tls13_kex_modes = MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL;
+ } else if (strcmp(q, "ephemeral") == 0) {
+ opt.tls13_kex_modes = MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL;
+ } else if (strcmp(q, "ephemeral_all") == 0) {
+ opt.tls13_kex_modes = MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ALL;
+ } else if (strcmp(q, "psk_all") == 0) {
+ opt.tls13_kex_modes = MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ALL;
+ } else if (strcmp(q, "all") == 0) {
+ opt.tls13_kex_modes = MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_ALL;
+ } else if (strcmp(q, "psk_or_ephemeral") == 0) {
+ opt.tls13_kex_modes = MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK |
+ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL;
+ } else {
+ goto usage;
+ }
+ }
+#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
+ else if (strcmp(p, "min_version") == 0) {
+ if (strcmp(q, "tls12") == 0 ||
+ strcmp(q, "dtls12") == 0) {
+ opt.min_version = MBEDTLS_SSL_VERSION_TLS1_2;
+ }
+#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
+ else if (strcmp(q, "tls13") == 0) {
+ opt.min_version = MBEDTLS_SSL_VERSION_TLS1_3;
+ }
+#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
+ else {
+ goto usage;
+ }
+ } else if (strcmp(p, "max_version") == 0) {
+ if (strcmp(q, "tls12") == 0 ||
+ strcmp(q, "dtls12") == 0) {
+ opt.max_version = MBEDTLS_SSL_VERSION_TLS1_2;
+ }
+#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
+ else if (strcmp(q, "tls13") == 0) {
+ opt.max_version = MBEDTLS_SSL_VERSION_TLS1_3;
+ }
+#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
+ else {
+ goto usage;
+ }
+ } else if (strcmp(p, "allow_sha1") == 0) {
+ switch (atoi(q)) {
+ case 0: opt.allow_sha1 = 0; break;
+ case 1: opt.allow_sha1 = 1; break;
+ default: goto usage;
+ }
+ } else if (strcmp(p, "force_version") == 0) {
+ if (strcmp(q, "tls12") == 0) {
+ opt.min_version = MBEDTLS_SSL_VERSION_TLS1_2;
+ opt.max_version = MBEDTLS_SSL_VERSION_TLS1_2;
+ } else if (strcmp(q, "dtls12") == 0) {
+ opt.min_version = MBEDTLS_SSL_VERSION_TLS1_2;
+ opt.max_version = MBEDTLS_SSL_VERSION_TLS1_2;
+ opt.transport = MBEDTLS_SSL_TRANSPORT_DATAGRAM;
+ }
+#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
+ else if (strcmp(q, "tls13") == 0) {
+ opt.min_version = MBEDTLS_SSL_VERSION_TLS1_3;
+ opt.max_version = MBEDTLS_SSL_VERSION_TLS1_3;
+ }
+#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
+ else {
+ goto usage;
+ }
+ } else if (strcmp(p, "auth_mode") == 0) {
+ if (strcmp(q, "none") == 0) {
+ opt.auth_mode = MBEDTLS_SSL_VERIFY_NONE;
+ } else if (strcmp(q, "optional") == 0) {
+ opt.auth_mode = MBEDTLS_SSL_VERIFY_OPTIONAL;
+ } else if (strcmp(q, "required") == 0) {
+ opt.auth_mode = MBEDTLS_SSL_VERIFY_REQUIRED;
+ } else {
+ goto usage;
+ }
+ } else if (strcmp(p, "max_frag_len") == 0) {
+ if (strcmp(q, "512") == 0) {
+ opt.mfl_code = MBEDTLS_SSL_MAX_FRAG_LEN_512;
+ } else if (strcmp(q, "1024") == 0) {
+ opt.mfl_code = MBEDTLS_SSL_MAX_FRAG_LEN_1024;
+ } else if (strcmp(q, "2048") == 0) {
+ opt.mfl_code = MBEDTLS_SSL_MAX_FRAG_LEN_2048;
+ } else if (strcmp(q, "4096") == 0) {
+ opt.mfl_code = MBEDTLS_SSL_MAX_FRAG_LEN_4096;
+ } else {
+ goto usage;
+ }
+ } else if (strcmp(p, "trunc_hmac") == 0) {
+ switch (atoi(q)) {
+ case 0: opt.trunc_hmac = MBEDTLS_SSL_TRUNC_HMAC_DISABLED; break;
+ case 1: opt.trunc_hmac = MBEDTLS_SSL_TRUNC_HMAC_ENABLED; break;
+ default: goto usage;
+ }
+ } else if (strcmp(p, "hs_timeout") == 0) {
+ if ((p = strchr(q, '-')) == NULL) {
+ goto usage;
+ }
+ *p++ = '\0';
+ opt.hs_to_min = atoi(q);
+ opt.hs_to_max = atoi(p);
+ if (opt.hs_to_min == 0 || opt.hs_to_max < opt.hs_to_min) {
+ goto usage;
+ }
+ } else if (strcmp(p, "mtu") == 0) {
+ opt.dtls_mtu = atoi(q);
+ if (opt.dtls_mtu < 0) {
+ goto usage;
+ }
+ } else if (strcmp(p, "dgram_packing") == 0) {
+ opt.dgram_packing = atoi(q);
+ if (opt.dgram_packing != 0 &&
+ opt.dgram_packing != 1) {
+ goto usage;
+ }
+ } else if (strcmp(p, "recsplit") == 0) {
+ opt.recsplit = atoi(q);
+ if (opt.recsplit < 0 || opt.recsplit > 1) {
+ goto usage;
+ }
+ } else if (strcmp(p, "dhmlen") == 0) {
+ opt.dhmlen = atoi(q);
+ if (opt.dhmlen < 0) {
+ goto usage;
+ }
+ } else if (strcmp(p, "query_config") == 0) {
+ opt.query_config_mode = 1;
+ query_config_ret = query_config(q);
+ goto exit;
+ } else if (strcmp(p, "serialize") == 0) {
+ opt.serialize = atoi(q);
+ if (opt.serialize < 0 || opt.serialize > 2) {
+ goto usage;
+ }
+ } else if (strcmp(p, "context_file") == 0) {
+ opt.context_file = q;
+ } else if (strcmp(p, "eap_tls") == 0) {
+ opt.eap_tls = atoi(q);
+ if (opt.eap_tls < 0 || opt.eap_tls > 1) {
+ goto usage;
+ }
+ } else if (strcmp(p, "reproducible") == 0) {
+ opt.reproducible = 1;
+ } else if (strcmp(p, "nss_keylog") == 0) {
+ opt.nss_keylog = atoi(q);
+ if (opt.nss_keylog < 0 || opt.nss_keylog > 1) {
+ goto usage;
+ }
+ } else if (strcmp(p, "nss_keylog_file") == 0) {
+ opt.nss_keylog_file = q;
+ } else if (strcmp(p, "skip_close_notify") == 0) {
+ opt.skip_close_notify = atoi(q);
+ if (opt.skip_close_notify < 0 || opt.skip_close_notify > 1) {
+ goto usage;
+ }
+ } else if (strcmp(p, "use_srtp") == 0) {
+ opt.use_srtp = atoi(q);
+ } else if (strcmp(p, "srtp_force_profile") == 0) {
+ opt.force_srtp_profile = atoi(q);
+ } else if (strcmp(p, "mki") == 0) {
+ opt.mki = q;
+ } else if (strcmp(p, "key_opaque_algs") == 0) {
+ if (key_opaque_alg_parse(q, &opt.key_opaque_alg1,
+ &opt.key_opaque_alg2) != 0) {
+ goto usage;
+ }
+ } else {
+ /* This signals that the problem is with p not q */
+ q = NULL;
+ goto usage;
+ }
+ }
+ /* This signals that any further errors are not with a single option */
+ p = q = NULL;
+
+ if (opt.nss_keylog != 0 && opt.eap_tls != 0) {
+ mbedtls_printf("Error: eap_tls and nss_keylog options cannot be used together.\n");
+ goto usage;
+ }
+
+ /* Event-driven IO is incompatible with the above custom
+ * receive and send functions, as the polling builds on
+ * refers to the underlying net_context. */
+ if (opt.event == 1 && opt.nbio != 1) {
+ mbedtls_printf("Warning: event-driven IO mandates nbio=1 - overwrite\n");
+ opt.nbio = 1;
+ }
+
+#if defined(MBEDTLS_DEBUG_C)
+ mbedtls_debug_set_threshold(opt.debug_level);
+#endif
+
+#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED)
+ /*
+ * Unhexify the pre-shared key if any is given
+ */
+ if (strlen(opt.psk)) {
+ if (mbedtls_test_unhexify(psk, sizeof(psk),
+ opt.psk, &psk_len) != 0) {
+ mbedtls_printf("pre-shared key not valid\n");
+ goto exit;
+ }
+ }
+#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED */
+
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ if (opt.psk_opaque != 0) {
+ if (opt.psk == NULL) {
+ mbedtls_printf("psk_opaque set but no psk to be imported specified.\n");
+ ret = 2;
+ goto usage;
+ }
+
+ if (opt.force_ciphersuite[0] <= 0) {
+ mbedtls_printf(
+ "opaque PSKs are only supported in conjunction with forcing TLS 1.2 and a PSK-only ciphersuite through the 'force_ciphersuite' option.\n");
+ ret = 2;
+ goto usage;
+ }
+ }
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+
+ if (opt.force_ciphersuite[0] > 0) {
+ const mbedtls_ssl_ciphersuite_t *ciphersuite_info;
+ ciphersuite_info =
+ mbedtls_ssl_ciphersuite_from_id(opt.force_ciphersuite[0]);
+
+ if (opt.max_version != -1 &&
+ ciphersuite_info->min_tls_version > opt.max_version) {
+ mbedtls_printf("forced ciphersuite not allowed with this protocol version\n");
+ ret = 2;
+ goto usage;
+ }
+ if (opt.min_version != -1 &&
+ ciphersuite_info->max_tls_version < opt.min_version) {
+ mbedtls_printf("forced ciphersuite not allowed with this protocol version\n");
+ ret = 2;
+ goto usage;
+ }
+
+ /* If the server selects a version that's not supported by
+ * this suite, then there will be no common ciphersuite... */
+ if (opt.max_version == -1 ||
+ opt.max_version > ciphersuite_info->max_tls_version) {
+ opt.max_version = ciphersuite_info->max_tls_version;
+ }
+ if (opt.min_version < ciphersuite_info->min_tls_version) {
+ opt.min_version = ciphersuite_info->min_tls_version;
+ /* DTLS starts with TLS 1.2 */
+ if (opt.transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
+ opt.min_version < MBEDTLS_SSL_VERSION_TLS1_2) {
+ opt.min_version = MBEDTLS_SSL_VERSION_TLS1_2;
+ }
+ }
+
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED)
+ if (opt.psk_opaque != 0) {
+ /* Determine KDF algorithm the opaque PSK will be used in. */
+#if defined(MBEDTLS_MD_CAN_SHA384)
+ if (ciphersuite_info->mac == MBEDTLS_MD_SHA384) {
+ alg = PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_384);
+ } else
+#endif /* MBEDTLS_MD_CAN_SHA384 */
+ alg = PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_256);
+ }
+#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED */
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+ }
+
+#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
+ if (mbedtls_test_unhexify(cid, sizeof(cid),
+ opt.cid_val, &cid_len) != 0) {
+ mbedtls_printf("CID not valid\n");
+ goto exit;
+ }
+
+ /* Keep CID settings for renegotiation unless
+ * specified otherwise. */
+ if (opt.cid_enabled_renego == DFL_CID_ENABLED_RENEGO) {
+ opt.cid_enabled_renego = opt.cid_enabled;
+ }
+ if (opt.cid_val_renego == DFL_CID_VALUE_RENEGO) {
+ opt.cid_val_renego = opt.cid_val;
+ }
+
+ if (mbedtls_test_unhexify(cid_renego, sizeof(cid_renego),
+ opt.cid_val_renego, &cid_renego_len) != 0) {
+ mbedtls_printf("CID not valid\n");
+ goto exit;
+ }
+#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
+
+ if (opt.groups != NULL) {
+ if (parse_groups(opt.groups, group_list, GROUP_LIST_SIZE) != 0) {
+ goto exit;
+ }
+ }
+
+#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
+ if (opt.sig_algs != NULL) {
+ p = (char *) opt.sig_algs;
+ i = 0;
+
+ /* Leave room for a final MBEDTLS_TLS1_3_SIG_NONE in signature algorithm list (sig_alg_list). */
+ while (i < SIG_ALG_LIST_SIZE - 1 && *p != '\0') {
+ q = p;
+
+ /* Terminate the current string */
+ while (*p != ',' && *p != '\0') {
+ p++;
+ }
+ if (*p == ',') {
+ *p++ = '\0';
+ }
+
+ if (strcmp(q, "rsa_pkcs1_sha256") == 0) {
+ sig_alg_list[i++] = MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA256;
+ } else if (strcmp(q, "rsa_pkcs1_sha384") == 0) {
+ sig_alg_list[i++] = MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA384;
+ } else if (strcmp(q, "rsa_pkcs1_sha512") == 0) {
+ sig_alg_list[i++] = MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA512;
+ } else if (strcmp(q, "ecdsa_secp256r1_sha256") == 0) {
+ sig_alg_list[i++] = MBEDTLS_TLS1_3_SIG_ECDSA_SECP256R1_SHA256;
+ } else if (strcmp(q, "ecdsa_secp384r1_sha384") == 0) {
+ sig_alg_list[i++] = MBEDTLS_TLS1_3_SIG_ECDSA_SECP384R1_SHA384;
+ } else if (strcmp(q, "ecdsa_secp521r1_sha512") == 0) {
+ sig_alg_list[i++] = MBEDTLS_TLS1_3_SIG_ECDSA_SECP521R1_SHA512;
+ } else if (strcmp(q, "rsa_pss_rsae_sha256") == 0) {
+ sig_alg_list[i++] = MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA256;
+ } else if (strcmp(q, "rsa_pss_rsae_sha384") == 0) {
+ sig_alg_list[i++] = MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA384;
+ } else if (strcmp(q, "rsa_pss_rsae_sha512") == 0) {
+ sig_alg_list[i++] = MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA512;
+ } else if (strcmp(q, "ed25519") == 0) {
+ sig_alg_list[i++] = MBEDTLS_TLS1_3_SIG_ED25519;
+ } else if (strcmp(q, "ed448") == 0) {
+ sig_alg_list[i++] = MBEDTLS_TLS1_3_SIG_ED448;
+ } else if (strcmp(q, "rsa_pss_pss_sha256") == 0) {
+ sig_alg_list[i++] = MBEDTLS_TLS1_3_SIG_RSA_PSS_PSS_SHA256;
+ } else if (strcmp(q, "rsa_pss_pss_sha384") == 0) {
+ sig_alg_list[i++] = MBEDTLS_TLS1_3_SIG_RSA_PSS_PSS_SHA384;
+ } else if (strcmp(q, "rsa_pss_pss_sha512") == 0) {
+ sig_alg_list[i++] = MBEDTLS_TLS1_3_SIG_RSA_PSS_PSS_SHA512;
+ } else if (strcmp(q, "rsa_pkcs1_sha1") == 0) {
+ sig_alg_list[i++] = MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA1;
+ } else if (strcmp(q, "ecdsa_sha1") == 0) {
+ sig_alg_list[i++] = MBEDTLS_TLS1_3_SIG_ECDSA_SHA1;
+ } else {
+ ret = -1;
+ mbedtls_printf("unknown signature algorithm \"%s\"\n", q);
+ mbedtls_print_supported_sig_algs();
+ goto exit;
+ }
+ }
+
+ if (i == (SIG_ALG_LIST_SIZE - 1) && *p != '\0') {
+ mbedtls_printf("signature algorithm list too long, maximum %d",
+ SIG_ALG_LIST_SIZE - 1);
+ goto exit;
+ }
+
+ sig_alg_list[i] = MBEDTLS_TLS1_3_SIG_NONE;
+ }
+#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */
+
+#if defined(MBEDTLS_SSL_ALPN)
+ if (opt.alpn_string != NULL) {
+ p = (char *) opt.alpn_string;
+ i = 0;
+
+ /* Leave room for a final NULL in alpn_list */
+ while (i < ALPN_LIST_SIZE - 1 && *p != '\0') {
+ alpn_list[i++] = p;
+
+ /* Terminate the current string and move on to next one */
+ while (*p != ',' && *p != '\0') {
+ p++;
+ }
+ if (*p == ',') {
+ *p++ = '\0';
+ }
+ }
+ }
+#endif /* MBEDTLS_SSL_ALPN */
+
+ mbedtls_printf("build version: %s (build %d)\n",
+ MBEDTLS_VERSION_STRING_FULL, MBEDTLS_VERSION_NUMBER);
+
+ /*
+ * 0. Initialize the RNG and the session data
+ */
+ mbedtls_printf("\n . Seeding the random number generator...");
+ fflush(stdout);
+
+ ret = rng_seed(&rng, opt.reproducible, pers);
+ if (ret != 0) {
+ goto exit;
+ }
+ mbedtls_printf(" ok\n");
+
+#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
+ /*
+ * 1.1. Load the trusted CA
+ */
+ mbedtls_printf(" . Loading the CA root certificate ...");
+ fflush(stdout);
+
+ if (strcmp(opt.ca_path, "none") == 0 ||
+ strcmp(opt.ca_file, "none") == 0) {
+ ret = 0;
+ } else
+#if defined(MBEDTLS_FS_IO)
+ if (strlen(opt.ca_path)) {
+ ret = mbedtls_x509_crt_parse_path(&cacert, opt.ca_path);
+ } else if (strlen(opt.ca_file)) {
+ ret = mbedtls_x509_crt_parse_file(&cacert, opt.ca_file);
+ } else
+#endif
+ {
+#if defined(MBEDTLS_PEM_PARSE_C)
+ for (i = 0; mbedtls_test_cas[i] != NULL; i++) {
+ ret = mbedtls_x509_crt_parse(&cacert,
+ (const unsigned char *) mbedtls_test_cas[i],
+ mbedtls_test_cas_len[i]);
+ if (ret != 0) {
+ break;
+ }
+ }
+#endif /* MBEDTLS_PEM_PARSE_C */
+ if (ret == 0) {
+ for (i = 0; mbedtls_test_cas_der[i] != NULL; i++) {
+ ret = mbedtls_x509_crt_parse_der(&cacert,
+ (const unsigned char *) mbedtls_test_cas_der[i],
+ mbedtls_test_cas_der_len[i]);
+ if (ret != 0) {
+ break;
+ }
+ }
+ }
+ }
+ if (ret < 0) {
+ mbedtls_printf(" failed\n ! mbedtls_x509_crt_parse returned -0x%x\n\n",
+ (unsigned int) -ret);
+ goto exit;
+ }
+
+ mbedtls_printf(" ok (%d skipped)\n", ret);
+
+ /*
+ * 1.2. Load own certificate and private key
+ *
+ * (can be skipped if client authentication is not required)
+ */
+ mbedtls_printf(" . Loading the client cert. and key...");
+ fflush(stdout);
+
+ if (strcmp(opt.crt_file, "none") == 0) {
+ ret = 0;
+ } else
+#if defined(MBEDTLS_FS_IO)
+ if (strlen(opt.crt_file)) {
+ ret = mbedtls_x509_crt_parse_file(&clicert, opt.crt_file);
+ } else
+#endif
+ { ret = mbedtls_x509_crt_parse(&clicert,
+ (const unsigned char *) mbedtls_test_cli_crt,
+ mbedtls_test_cli_crt_len); }
+ if (ret != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_x509_crt_parse returned -0x%x\n\n",
+ (unsigned int) -ret);
+ goto exit;
+ }
+
+ if (strcmp(opt.key_file, "none") == 0) {
+ ret = 0;
+ } else
+#if defined(MBEDTLS_FS_IO)
+ if (strlen(opt.key_file)) {
+ ret = mbedtls_pk_parse_keyfile(&pkey, opt.key_file, opt.key_pwd, rng_get, &rng);
+ } else
+#endif
+ { ret = mbedtls_pk_parse_key(&pkey,
+ (const unsigned char *) mbedtls_test_cli_key,
+ mbedtls_test_cli_key_len, NULL, 0, rng_get, &rng); }
+ if (ret != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_pk_parse_key returned -0x%x\n\n",
+ (unsigned int) -ret);
+ goto exit;
+ }
+
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ if (opt.key_opaque != 0) {
+ psa_algorithm_t psa_alg, psa_alg2 = PSA_ALG_NONE;
+ psa_key_usage_t usage = 0;
+
+ if (key_opaque_set_alg_usage(opt.key_opaque_alg1,
+ opt.key_opaque_alg2,
+ &psa_alg, &psa_alg2,
+ &usage,
+ mbedtls_pk_get_type(&pkey)) == 0) {
+ ret = pk_wrap_as_opaque(&pkey, psa_alg, psa_alg2, usage, &key_slot);
+ if (ret != 0) {
+ mbedtls_printf(" failed\n ! "
+ "mbedtls_pk_get_psa_attributes returned -0x%x\n\n",
+ (unsigned int) -ret);
+ goto exit;
+ }
+ }
+ }
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+
+ mbedtls_printf(" ok (key type: %s)\n",
+ strlen(opt.key_file) || strlen(opt.key_opaque_alg1) ?
+ mbedtls_pk_get_name(&pkey) : "none");
+#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */
+
+ /*
+ * 2. Setup stuff
+ */
+ mbedtls_printf(" . Setting up the SSL/TLS structure...");
+ fflush(stdout);
+
+ if ((ret = mbedtls_ssl_config_defaults(&conf,
+ MBEDTLS_SSL_IS_CLIENT,
+ opt.transport,
+ MBEDTLS_SSL_PRESET_DEFAULT)) != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_ssl_config_defaults returned -0x%x\n\n",
+ (unsigned int) -ret);
+ goto exit;
+ }
+
+#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
+ /* The default algorithms profile disables SHA-1, but our tests still
+ rely on it heavily. */
+ if (opt.allow_sha1 > 0) {
+ crt_profile_for_test.allowed_mds |= MBEDTLS_X509_ID_FLAG(MBEDTLS_MD_SHA1);
+ mbedtls_ssl_conf_cert_profile(&conf, &crt_profile_for_test);
+ mbedtls_ssl_conf_sig_algs(&conf, ssl_sig_algs_for_test);
+ }
+ if (opt.context_crt_cb == 0) {
+ mbedtls_ssl_conf_verify(&conf, my_verify, NULL);
+ }
+
+ memset(peer_crt_info, 0, sizeof(peer_crt_info));
+#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */
+
+#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
+ if (opt.cid_enabled == 1 || opt.cid_enabled_renego == 1) {
+ if (opt.cid_enabled == 1 &&
+ opt.cid_enabled_renego == 1 &&
+ cid_len != cid_renego_len) {
+ mbedtls_printf("CID length must not change during renegotiation\n");
+ goto usage;
+ }
+
+ if (opt.cid_enabled == 1) {
+ ret = mbedtls_ssl_conf_cid(&conf, cid_len,
+ MBEDTLS_SSL_UNEXPECTED_CID_IGNORE);
+ } else {
+ ret = mbedtls_ssl_conf_cid(&conf, cid_renego_len,
+ MBEDTLS_SSL_UNEXPECTED_CID_IGNORE);
+ }
+
+ if (ret != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_ssl_conf_cid_len returned -%#04x\n\n",
+ (unsigned int) -ret);
+ goto exit;
+ }
+ }
+#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
+
+ if (opt.auth_mode != DFL_AUTH_MODE) {
+ mbedtls_ssl_conf_authmode(&conf, opt.auth_mode);
+ }
+
+#if defined(MBEDTLS_SSL_PROTO_DTLS)
+ if (opt.hs_to_min != DFL_HS_TO_MIN || opt.hs_to_max != DFL_HS_TO_MAX) {
+ mbedtls_ssl_conf_handshake_timeout(&conf, opt.hs_to_min,
+ opt.hs_to_max);
+ }
+
+ if (opt.dgram_packing != DFL_DGRAM_PACKING) {
+ mbedtls_ssl_set_datagram_packing(&ssl, opt.dgram_packing);
+ }
+#endif /* MBEDTLS_SSL_PROTO_DTLS */
+
+#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
+ if ((ret = mbedtls_ssl_conf_max_frag_len(&conf, opt.mfl_code)) != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_ssl_conf_max_frag_len returned %d\n\n",
+ ret);
+ goto exit;
+ }
+#endif
+
+#if defined(MBEDTLS_SSL_DTLS_SRTP)
+ const mbedtls_ssl_srtp_profile forced_profile[] =
+ { opt.force_srtp_profile, MBEDTLS_TLS_SRTP_UNSET };
+ if (opt.use_srtp == 1) {
+ if (opt.force_srtp_profile != 0) {
+ ret = mbedtls_ssl_conf_dtls_srtp_protection_profiles(&conf, forced_profile);
+ } else {
+ ret = mbedtls_ssl_conf_dtls_srtp_protection_profiles(&conf, default_profiles);
+ }
+
+ if (ret != 0) {
+ mbedtls_printf(" failed\n ! "
+ "mbedtls_ssl_conf_dtls_srtp_protection_profiles returned %d\n\n",
+ ret);
+ goto exit;
+ }
+
+ } else if (opt.force_srtp_profile != 0) {
+ mbedtls_printf(" failed\n ! must enable use_srtp to force srtp profile\n\n");
+ goto exit;
+ }
+#endif /* MBEDTLS_SSL_DTLS_SRTP */
+
+#if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET)
+ if (opt.extended_ms != DFL_EXTENDED_MS) {
+ mbedtls_ssl_conf_extended_master_secret(&conf, opt.extended_ms);
+ }
+#endif
+
+#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
+ if (opt.etm != DFL_ETM) {
+ mbedtls_ssl_conf_encrypt_then_mac(&conf, opt.etm);
+ }
+#endif
+
+#if defined(MBEDTLS_DHM_C)
+ if (opt.dhmlen != DFL_DHMLEN) {
+ mbedtls_ssl_conf_dhm_min_bitlen(&conf, opt.dhmlen);
+ }
+#endif
+
+#if defined(MBEDTLS_SSL_ALPN)
+ if (opt.alpn_string != NULL) {
+ if ((ret = mbedtls_ssl_conf_alpn_protocols(&conf, alpn_list)) != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_ssl_conf_alpn_protocols returned %d\n\n",
+ ret);
+ goto exit;
+ }
+ }
+#endif
+
+ if (opt.reproducible) {
+#if defined(MBEDTLS_HAVE_TIME)
+#if defined(MBEDTLS_PLATFORM_TIME_ALT)
+ mbedtls_platform_set_time(dummy_constant_time);
+#else
+ fprintf(stderr, "Warning: reproducible option used without constant time\n");
+#endif
+#endif /* MBEDTLS_HAVE_TIME */
+ }
+ mbedtls_ssl_conf_rng(&conf, rng_get, &rng);
+ mbedtls_ssl_conf_dbg(&conf, my_debug, stdout);
+
+ mbedtls_ssl_conf_read_timeout(&conf, opt.read_timeout);
+
+#if defined(MBEDTLS_SSL_SESSION_TICKETS)
+ mbedtls_ssl_conf_session_tickets(&conf, opt.tickets);
+#endif
+
+ if (opt.force_ciphersuite[0] != DFL_FORCE_CIPHER) {
+ mbedtls_ssl_conf_ciphersuites(&conf, opt.force_ciphersuite);
+ }
+
+#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
+ mbedtls_ssl_conf_tls13_key_exchange_modes(&conf, opt.tls13_kex_modes);
+#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
+
+ if (opt.allow_legacy != DFL_ALLOW_LEGACY) {
+ mbedtls_ssl_conf_legacy_renegotiation(&conf, opt.allow_legacy);
+ }
+#if defined(MBEDTLS_SSL_RENEGOTIATION)
+ mbedtls_ssl_conf_renegotiation(&conf, opt.renegotiation);
+#endif
+
+#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
+ if (strcmp(opt.ca_path, "none") != 0 &&
+ strcmp(opt.ca_file, "none") != 0) {
+#if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK)
+ if (opt.ca_callback != 0) {
+ mbedtls_ssl_conf_ca_cb(&conf, ca_callback, &cacert);
+ } else
+#endif
+ mbedtls_ssl_conf_ca_chain(&conf, &cacert, NULL);
+ }
+ if (strcmp(opt.crt_file, "none") != 0 &&
+ strcmp(opt.key_file, "none") != 0) {
+ if ((ret = mbedtls_ssl_conf_own_cert(&conf, &clicert, &pkey)) != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_ssl_conf_own_cert returned %d\n\n",
+ ret);
+ goto exit;
+ }
+ }
+#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */
+
+#if defined(MBEDTLS_PK_HAVE_ECC_KEYS) || \
+ (defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_EPHEMERAL_ENABLED) && \
+ defined(PSA_WANT_ALG_FFDH))
+ if (opt.groups != NULL &&
+ strcmp(opt.groups, "default") != 0) {
+ mbedtls_ssl_conf_groups(&conf, group_list);
+ }
+#endif
+
+#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
+ if (opt.sig_algs != NULL) {
+ mbedtls_ssl_conf_sig_algs(&conf, sig_alg_list);
+ }
+#endif
+
+#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED)
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ if (opt.psk_opaque != 0) {
+ key_attributes = psa_key_attributes_init();
+ psa_set_key_usage_flags(&key_attributes, PSA_KEY_USAGE_DERIVE);
+ psa_set_key_algorithm(&key_attributes, alg);
+ psa_set_key_type(&key_attributes, PSA_KEY_TYPE_DERIVE);
+
+ status = psa_import_key(&key_attributes, psk, psk_len, &slot);
+ if (status != PSA_SUCCESS) {
+ ret = MBEDTLS_ERR_SSL_HW_ACCEL_FAILED;
+ goto exit;
+ }
+
+ if ((ret = mbedtls_ssl_conf_psk_opaque(&conf, slot,
+ (const unsigned char *) opt.psk_identity,
+ strlen(opt.psk_identity))) != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_ssl_conf_psk_opaque returned %d\n\n",
+ ret);
+ goto exit;
+ }
+ } else
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+ if (psk_len > 0) {
+ ret = mbedtls_ssl_conf_psk(&conf, psk, psk_len,
+ (const unsigned char *) opt.psk_identity,
+ strlen(opt.psk_identity));
+ if (ret != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_ssl_conf_psk returned %d\n\n", ret);
+ goto exit;
+ }
+ }
+#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED */
+
+ if (opt.min_version != DFL_MIN_VERSION) {
+ mbedtls_ssl_conf_min_tls_version(&conf, opt.min_version);
+ }
+
+ if (opt.max_version != DFL_MAX_VERSION) {
+ mbedtls_ssl_conf_max_tls_version(&conf, opt.max_version);
+ }
+
+#if defined(MBEDTLS_SSL_EARLY_DATA)
+ if (opt.early_data != DFL_EARLY_DATA) {
+ mbedtls_ssl_conf_early_data(&conf, opt.early_data);
+ }
+#endif /* MBEDTLS_SSL_EARLY_DATA */
+
+ if ((ret = mbedtls_ssl_setup(&ssl, &conf)) != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_ssl_setup returned -0x%x\n\n",
+ (unsigned int) -ret);
+ goto exit;
+ }
+
+ if (opt.eap_tls != 0) {
+ mbedtls_ssl_set_export_keys_cb(&ssl, eap_tls_key_derivation,
+ &eap_tls_keying);
+ } else if (opt.nss_keylog != 0) {
+ mbedtls_ssl_set_export_keys_cb(&ssl,
+ nss_keylog_export,
+ NULL);
+ }
+#if defined(MBEDTLS_SSL_DTLS_SRTP)
+ else if (opt.use_srtp != 0) {
+ mbedtls_ssl_set_export_keys_cb(&ssl, dtls_srtp_key_derivation,
+ &dtls_srtp_keying);
+ }
+#endif /* MBEDTLS_SSL_DTLS_SRTP */
+
+#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
+ if ((ret = mbedtls_ssl_set_hostname(&ssl, opt.server_name)) != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_ssl_set_hostname returned %d\n\n",
+ ret);
+ goto exit;
+ }
+#endif
+
+#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
+ if (opt.ecjpake_pw != DFL_ECJPAKE_PW) {
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ if (opt.ecjpake_pw_opaque != DFL_ECJPAKE_PW_OPAQUE) {
+ psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
+
+ psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_DERIVE);
+ psa_set_key_algorithm(&attributes, PSA_ALG_JPAKE);
+ psa_set_key_type(&attributes, PSA_KEY_TYPE_PASSWORD);
+
+ status = psa_import_key(&attributes,
+ (const unsigned char *) opt.ecjpake_pw,
+ strlen(opt.ecjpake_pw),
+ &ecjpake_pw_slot);
+ if (status != PSA_SUCCESS) {
+ mbedtls_printf(" failed\n ! psa_import_key returned %d\n\n",
+ status);
+ goto exit;
+ }
+ if ((ret = mbedtls_ssl_set_hs_ecjpake_password_opaque(&ssl,
+ ecjpake_pw_slot)) != 0) {
+ mbedtls_printf(
+ " failed\n ! mbedtls_ssl_set_hs_ecjpake_password_opaque returned %d\n\n",
+ ret);
+ goto exit;
+ }
+ mbedtls_printf("using opaque password\n");
+ } else
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+ {
+ if ((ret = mbedtls_ssl_set_hs_ecjpake_password(&ssl,
+ (const unsigned char *) opt.ecjpake_pw,
+ strlen(opt.ecjpake_pw))) != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_ssl_set_hs_ecjpake_password returned %d\n\n",
+ ret);
+ goto exit;
+ }
+ }
+ }
+#endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
+
+#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
+ if (opt.context_crt_cb == 1) {
+ mbedtls_ssl_set_verify(&ssl, my_verify, NULL);
+ }
+#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */
+
+ io_ctx.ssl = &ssl;
+ io_ctx.net = &server_fd;
+ mbedtls_ssl_set_bio(&ssl, &io_ctx, send_cb, recv_cb,
+ opt.nbio == 0 ? recv_timeout_cb : NULL);
+
+#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
+ if (opt.transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) {
+ if ((ret = mbedtls_ssl_set_cid(&ssl, opt.cid_enabled,
+ cid, cid_len)) != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_ssl_set_cid returned %d\n\n",
+ ret);
+ goto exit;
+ }
+ }
+#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
+
+#if defined(MBEDTLS_SSL_PROTO_DTLS)
+ if (opt.dtls_mtu != DFL_DTLS_MTU) {
+ mbedtls_ssl_set_mtu(&ssl, opt.dtls_mtu);
+ }
+#endif
+
+#if defined(MBEDTLS_TIMING_C)
+ mbedtls_ssl_set_timer_cb(&ssl, &timer, mbedtls_timing_set_delay,
+ mbedtls_timing_get_delay);
+#endif
+
+#if defined(MBEDTLS_ECP_RESTARTABLE)
+ if (opt.ec_max_ops != DFL_EC_MAX_OPS) {
+ mbedtls_ecp_set_max_ops(opt.ec_max_ops);
+ }
+#endif
+
+#if defined(MBEDTLS_SSL_DTLS_SRTP)
+ if (opt.use_srtp != 0 && strlen(opt.mki) != 0) {
+ if (mbedtls_test_unhexify(mki, sizeof(mki),
+ opt.mki, &mki_len) != 0) {
+ mbedtls_printf("mki value not valid hex\n");
+ goto exit;
+ }
+
+ mbedtls_ssl_conf_srtp_mki_value_supported(&conf, MBEDTLS_SSL_DTLS_SRTP_MKI_SUPPORTED);
+ if ((ret = mbedtls_ssl_dtls_srtp_set_mki_value(&ssl, mki,
+ (uint16_t) strlen(opt.mki) / 2)) != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_ssl_dtls_srtp_set_mki_value returned %d\n\n", ret);
+ goto exit;
+ }
+ }
+#endif
+
+ mbedtls_printf(" ok\n");
+
+ /*
+ * 3. Start the connection
+ */
+ if (opt.server_addr == NULL) {
+ opt.server_addr = opt.server_name;
+ }
+
+ mbedtls_printf(" . Connecting to %s/%s/%s...",
+ opt.transport == MBEDTLS_SSL_TRANSPORT_STREAM ? "tcp" : "udp",
+ opt.server_addr, opt.server_port);
+ fflush(stdout);
+
+ if ((ret = mbedtls_net_connect(&server_fd,
+ opt.server_addr, opt.server_port,
+ opt.transport == MBEDTLS_SSL_TRANSPORT_STREAM ?
+ MBEDTLS_NET_PROTO_TCP : MBEDTLS_NET_PROTO_UDP)) != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_net_connect returned -0x%x\n\n",
+ (unsigned int) -ret);
+ goto exit;
+ }
+
+ if (opt.nbio > 0) {
+ ret = mbedtls_net_set_nonblock(&server_fd);
+ } else {
+ ret = mbedtls_net_set_block(&server_fd);
+ }
+ if (ret != 0) {
+ mbedtls_printf(" failed\n ! net_set_(non)block() returned -0x%x\n\n",
+ (unsigned int) -ret);
+ goto exit;
+ }
+
+ mbedtls_printf(" ok\n");
+
+ /*
+ * 4. Handshake
+ */
+ mbedtls_printf(" . Performing the SSL/TLS handshake...");
+ fflush(stdout);
+
+ while ((ret = mbedtls_ssl_handshake(&ssl)) != 0) {
+ if (ret != MBEDTLS_ERR_SSL_WANT_READ &&
+ ret != MBEDTLS_ERR_SSL_WANT_WRITE &&
+ ret != MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS) {
+ mbedtls_printf(" failed\n ! mbedtls_ssl_handshake returned -0x%x\n",
+ (unsigned int) -ret);
+ if (ret == MBEDTLS_ERR_X509_CERT_VERIFY_FAILED) {
+ mbedtls_printf(
+ " Unable to verify the server's certificate. "
+ "Either it is invalid,\n"
+ " or you didn't set ca_file or ca_path "
+ "to an appropriate value.\n"
+ " Alternatively, you may want to use "
+ "auth_mode=optional for testing purposes if "
+ "not using TLS 1.3.\n"
+ " For TLS 1.3 server, try `ca_path=/etc/ssl/certs/`"
+ "or other folder that has root certificates\n");
+ }
+ mbedtls_printf("\n");
+ goto exit;
+ }
+
+#if defined(MBEDTLS_ECP_RESTARTABLE)
+ if (ret == MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS) {
+ continue;
+ }
+#endif
+
+ /* For event-driven IO, wait for socket to become available */
+ if (opt.event == 1 /* level triggered IO */) {
+#if defined(MBEDTLS_TIMING_C)
+ ret = idle(&server_fd, &timer, ret);
+#else
+ ret = idle(&server_fd, ret);
+#endif
+ if (ret != 0) {
+ goto exit;
+ }
+ }
+ }
+
+ {
+ int suite_id = mbedtls_ssl_get_ciphersuite_id_from_ssl(&ssl);
+ const mbedtls_ssl_ciphersuite_t *ciphersuite_info;
+ ciphersuite_info = mbedtls_ssl_ciphersuite_from_id(suite_id);
+
+ mbedtls_printf(" ok\n [ Protocol is %s ]\n"
+ " [ Ciphersuite is %s ]\n"
+ " [ Key size is %u ]\n",
+ mbedtls_ssl_get_version(&ssl),
+ mbedtls_ssl_ciphersuite_get_name(ciphersuite_info),
+ (unsigned int)
+ mbedtls_ssl_ciphersuite_get_cipher_key_bitlen(ciphersuite_info));
+ }
+
+ if ((ret = mbedtls_ssl_get_record_expansion(&ssl)) >= 0) {
+ mbedtls_printf(" [ Record expansion is %d ]\n", ret);
+ } else {
+ mbedtls_printf(" [ Record expansion is unknown ]\n");
+ }
+
+#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
+ mbedtls_printf(" [ Maximum incoming record payload length is %u ]\n",
+ (unsigned int) mbedtls_ssl_get_max_in_record_payload(&ssl));
+ mbedtls_printf(" [ Maximum outgoing record payload length is %u ]\n",
+ (unsigned int) mbedtls_ssl_get_max_out_record_payload(&ssl));
+#endif
+
+#if defined(MBEDTLS_SSL_ALPN)
+ if (opt.alpn_string != NULL) {
+ const char *alp = mbedtls_ssl_get_alpn_protocol(&ssl);
+ mbedtls_printf(" [ Application Layer Protocol is %s ]\n",
+ alp ? alp : "(none)");
+ }
+#endif
+
+ if (opt.eap_tls != 0) {
+ size_t j = 0;
+
+ if ((ret = mbedtls_ssl_tls_prf(eap_tls_keying.tls_prf_type,
+ eap_tls_keying.master_secret,
+ sizeof(eap_tls_keying.master_secret),
+ eap_tls_label,
+ eap_tls_keying.randbytes,
+ sizeof(eap_tls_keying.randbytes),
+ eap_tls_keymaterial,
+ sizeof(eap_tls_keymaterial)))
+ != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_ssl_tls_prf returned -0x%x\n\n",
+ (unsigned int) -ret);
+ goto exit;
+ }
+
+ mbedtls_printf(" EAP-TLS key material is:");
+ for (j = 0; j < sizeof(eap_tls_keymaterial); j++) {
+ if (j % 8 == 0) {
+ mbedtls_printf("\n ");
+ }
+ mbedtls_printf("%02x ", eap_tls_keymaterial[j]);
+ }
+ mbedtls_printf("\n");
+
+ if ((ret = mbedtls_ssl_tls_prf(eap_tls_keying.tls_prf_type, NULL, 0,
+ eap_tls_label,
+ eap_tls_keying.randbytes,
+ sizeof(eap_tls_keying.randbytes),
+ eap_tls_iv,
+ sizeof(eap_tls_iv))) != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_ssl_tls_prf returned -0x%x\n\n",
+ (unsigned int) -ret);
+ goto exit;
+ }
+
+ mbedtls_printf(" EAP-TLS IV is:");
+ for (j = 0; j < sizeof(eap_tls_iv); j++) {
+ if (j % 8 == 0) {
+ mbedtls_printf("\n ");
+ }
+ mbedtls_printf("%02x ", eap_tls_iv[j]);
+ }
+ mbedtls_printf("\n");
+ }
+
+#if defined(MBEDTLS_SSL_DTLS_SRTP)
+ else if (opt.use_srtp != 0) {
+ size_t j = 0;
+ mbedtls_dtls_srtp_info dtls_srtp_negotiation_result;
+ mbedtls_ssl_get_dtls_srtp_negotiation_result(&ssl, &dtls_srtp_negotiation_result);
+
+ if (dtls_srtp_negotiation_result.chosen_dtls_srtp_profile
+ == MBEDTLS_TLS_SRTP_UNSET) {
+ mbedtls_printf(" Unable to negotiate "
+ "the use of DTLS-SRTP\n");
+ } else {
+ if ((ret = mbedtls_ssl_tls_prf(dtls_srtp_keying.tls_prf_type,
+ dtls_srtp_keying.master_secret,
+ sizeof(dtls_srtp_keying.master_secret),
+ dtls_srtp_label,
+ dtls_srtp_keying.randbytes,
+ sizeof(dtls_srtp_keying.randbytes),
+ dtls_srtp_key_material,
+ sizeof(dtls_srtp_key_material)))
+ != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_ssl_tls_prf returned -0x%x\n\n",
+ (unsigned int) -ret);
+ goto exit;
+ }
+
+ mbedtls_printf(" DTLS-SRTP key material is:");
+ for (j = 0; j < sizeof(dtls_srtp_key_material); j++) {
+ if (j % 8 == 0) {
+ mbedtls_printf("\n ");
+ }
+ mbedtls_printf("%02x ", dtls_srtp_key_material[j]);
+ }
+ mbedtls_printf("\n");
+
+ /* produce a less readable output used to perform automatic checks
+ * - compare client and server output
+ * - interop test with openssl which client produces this kind of output
+ */
+ mbedtls_printf(" Keying material: ");
+ for (j = 0; j < sizeof(dtls_srtp_key_material); j++) {
+ mbedtls_printf("%02X", dtls_srtp_key_material[j]);
+ }
+ mbedtls_printf("\n");
+
+ if (dtls_srtp_negotiation_result.mki_len > 0) {
+ mbedtls_printf(" DTLS-SRTP mki value: ");
+ for (j = 0; j < dtls_srtp_negotiation_result.mki_len; j++) {
+ mbedtls_printf("%02X", dtls_srtp_negotiation_result.mki_value[j]);
+ }
+ } else {
+ mbedtls_printf(" DTLS-SRTP no mki value negotiated");
+ }
+ mbedtls_printf("\n");
+ }
+ }
+#endif /* MBEDTLS_SSL_DTLS_SRTP */
+ if (opt.reconnect != 0 && ssl.tls_version != MBEDTLS_SSL_VERSION_TLS1_3) {
+ mbedtls_printf(" . Saving session for reuse...");
+ fflush(stdout);
+
+ if (opt.reco_mode == 1) {
+ if ((ret = ssl_save_session_serialize(&ssl,
+ &session_data, &session_data_len)) != 0) {
+ mbedtls_printf(" failed\n ! ssl_save_session_serialize returned -0x%04x\n\n",
+ (unsigned int) -ret);
+ goto exit;
+ }
+
+ } else {
+ if ((ret = mbedtls_ssl_get_session(&ssl, &saved_session)) != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_ssl_get_session returned -0x%x\n\n",
+ (unsigned int) -ret);
+ goto exit;
+ }
+ }
+
+ mbedtls_printf(" ok\n");
+
+ if (opt.reco_mode == 1) {
+ mbedtls_printf(" [ Saved %u bytes of session data]\n",
+ (unsigned) session_data_len);
+ }
+ }
+
+#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
+ /*
+ * 5. Verify the server certificate
+ */
+ mbedtls_printf(" . Verifying peer X.509 certificate...");
+
+ if ((flags = mbedtls_ssl_get_verify_result(&ssl)) != 0) {
+ char vrfy_buf[512];
+ mbedtls_printf(" failed\n");
+
+ x509_crt_verify_info(vrfy_buf, sizeof(vrfy_buf),
+ " ! ", flags);
+
+ mbedtls_printf("%s\n", vrfy_buf);
+ } else {
+ mbedtls_printf(" ok\n");
+ }
+
+#if !defined(MBEDTLS_X509_REMOVE_INFO)
+ mbedtls_printf(" . Peer certificate information ...\n");
+ mbedtls_printf("%s\n", peer_crt_info);
+#endif /* !MBEDTLS_X509_REMOVE_INFO */
+#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */
+
+#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
+ ret = report_cid_usage(&ssl, "initial handshake");
+ if (ret != 0) {
+ goto exit;
+ }
+
+ if (opt.transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) {
+ if ((ret = mbedtls_ssl_set_cid(&ssl, opt.cid_enabled_renego,
+ cid_renego,
+ cid_renego_len)) != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_ssl_set_cid returned %d\n\n",
+ ret);
+ goto exit;
+ }
+ }
+#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
+
+#if defined(MBEDTLS_SSL_RENEGOTIATION)
+ if (opt.renegotiate) {
+ /*
+ * Perform renegotiation (this must be done when the server is waiting
+ * for input from our side).
+ */
+ mbedtls_printf(" . Performing renegotiation...");
+ fflush(stdout);
+ while ((ret = mbedtls_ssl_renegotiate(&ssl)) != 0) {
+ if (ret != MBEDTLS_ERR_SSL_WANT_READ &&
+ ret != MBEDTLS_ERR_SSL_WANT_WRITE &&
+ ret != MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS) {
+ mbedtls_printf(" failed\n ! mbedtls_ssl_renegotiate returned %d\n\n",
+ ret);
+ goto exit;
+ }
+
+#if defined(MBEDTLS_ECP_RESTARTABLE)
+ if (ret == MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS) {
+ continue;
+ }
+#endif
+
+ /* For event-driven IO, wait for socket to become available */
+ if (opt.event == 1 /* level triggered IO */) {
+#if defined(MBEDTLS_TIMING_C)
+ idle(&server_fd, &timer, ret);
+#else
+ idle(&server_fd, ret);
+#endif
+ }
+
+ }
+ mbedtls_printf(" ok\n");
+ }
+#endif /* MBEDTLS_SSL_RENEGOTIATION */
+
+#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
+ ret = report_cid_usage(&ssl, "after renegotiation");
+ if (ret != 0) {
+ goto exit;
+ }
+#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
+
+ /*
+ * 6. Write the GET request
+ */
+ retry_left = opt.max_resend;
+send_request:
+ mbedtls_printf(" > Write to server:");
+ fflush(stdout);
+
+ ret = build_http_request(buf, sizeof(buf) - 1, &len);
+ if (ret != 0) {
+ goto exit;
+ }
+
+ if (opt.transport == MBEDTLS_SSL_TRANSPORT_STREAM) {
+ written = 0;
+ frags = 0;
+
+ do {
+ while ((ret = mbedtls_ssl_write(&ssl, buf + written,
+ len - written)) < 0) {
+ if (ret != MBEDTLS_ERR_SSL_WANT_READ &&
+ ret != MBEDTLS_ERR_SSL_WANT_WRITE &&
+ ret != MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS) {
+ mbedtls_printf(" failed\n ! mbedtls_ssl_write returned -0x%x\n\n",
+ (unsigned int) -ret);
+ goto exit;
+ }
+
+ /* For event-driven IO, wait for socket to become available */
+ if (opt.event == 1 /* level triggered IO */) {
+#if defined(MBEDTLS_TIMING_C)
+ idle(&server_fd, &timer, ret);
+#else
+ idle(&server_fd, ret);
+#endif
+ }
+ }
+
+ frags++;
+ written += ret;
+ } while (written < len);
+ } else { /* Not stream, so datagram */
+ while (1) {
+ ret = mbedtls_ssl_write(&ssl, buf, len);
+
+#if defined(MBEDTLS_ECP_RESTARTABLE)
+ if (ret == MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS) {
+ continue;
+ }
+#endif
+
+ if (ret != MBEDTLS_ERR_SSL_WANT_READ &&
+ ret != MBEDTLS_ERR_SSL_WANT_WRITE) {
+ break;
+ }
+
+ /* For event-driven IO, wait for socket to become available */
+ if (opt.event == 1 /* level triggered IO */) {
+#if defined(MBEDTLS_TIMING_C)
+ idle(&server_fd, &timer, ret);
+#else
+ idle(&server_fd, ret);
+#endif
+ }
+ }
+
+ if (ret < 0) {
+ mbedtls_printf(" failed\n ! mbedtls_ssl_write returned %d\n\n",
+ ret);
+ goto exit;
+ }
+
+ frags = 1;
+ written = ret;
+
+ if (written < len) {
+ mbedtls_printf(" warning\n ! request didn't fit into single datagram and "
+ "was truncated to size %u", (unsigned) written);
+ }
+ }
+
+ buf[written] = '\0';
+ mbedtls_printf(
+ " %" MBEDTLS_PRINTF_SIZET " bytes written in %" MBEDTLS_PRINTF_SIZET " fragments\n\n%s\n",
+ written,
+ frags,
+ (char *) buf);
+
+ /* Send a non-empty request if request_size == 0 */
+ if (len == 0) {
+ opt.request_size = DFL_REQUEST_SIZE;
+ goto send_request;
+ }
+
+ /*
+ * 7. Read the HTTP response
+ */
+
+ /*
+ * TLS and DTLS need different reading styles (stream vs datagram)
+ */
+ if (opt.transport == MBEDTLS_SSL_TRANSPORT_STREAM) {
+#if defined(MBEDTLS_SSL_PROTO_TLS1_3) && defined(MBEDTLS_SSL_SESSION_TICKETS)
+ int ticket_id = 0;
+#endif
+ do {
+ len = sizeof(buf) - 1;
+ memset(buf, 0, sizeof(buf));
+ ret = mbedtls_ssl_read(&ssl, buf, len);
+
+#if defined(MBEDTLS_ECP_RESTARTABLE)
+ if (ret == MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS) {
+ continue;
+ }
+#endif
+
+ if (ret == MBEDTLS_ERR_SSL_WANT_READ ||
+ ret == MBEDTLS_ERR_SSL_WANT_WRITE) {
+ /* For event-driven IO, wait for socket to become available */
+ if (opt.event == 1 /* level triggered IO */) {
+#if defined(MBEDTLS_TIMING_C)
+ idle(&server_fd, &timer, ret);
+#else
+ idle(&server_fd, ret);
+#endif
+ }
+ continue;
+ }
+
+ if (ret <= 0) {
+ switch (ret) {
+ case MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY:
+ mbedtls_printf(" connection was closed gracefully\n");
+ ret = 0;
+ goto close_notify;
+
+ case 0:
+ case MBEDTLS_ERR_NET_CONN_RESET:
+ mbedtls_printf(" connection was reset by peer\n");
+ ret = 0;
+ goto reconnect;
+
+#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
+
+#if defined(MBEDTLS_SSL_SESSION_TICKETS)
+ case MBEDTLS_ERR_SSL_RECEIVED_NEW_SESSION_TICKET:
+ /* We were waiting for application data but got
+ * a NewSessionTicket instead. */
+ mbedtls_printf(" got new session ticket ( %d ).\n",
+ ticket_id++);
+ if (opt.reconnect != 0) {
+ mbedtls_printf(" . Saving session for reuse...");
+ fflush(stdout);
+
+ if (opt.reco_mode == 1) {
+ if ((ret = ssl_save_session_serialize(&ssl,
+ &session_data,
+ &session_data_len)) != 0) {
+ mbedtls_printf(
+ " failed\n ! ssl_save_session_serialize returned -0x%04x\n\n",
+ (unsigned int) -ret);
+ goto exit;
+ }
+ } else {
+ if ((ret = mbedtls_ssl_get_session(&ssl, &saved_session)) != 0) {
+ mbedtls_printf(
+ " failed\n ! mbedtls_ssl_get_session returned -0x%x\n\n",
+ (unsigned int) -ret);
+ goto exit;
+ }
+ }
+
+ mbedtls_printf(" ok\n");
+
+ if (opt.reco_mode == 1) {
+ mbedtls_printf(" [ Saved %u bytes of session data]\n",
+ (unsigned) session_data_len);
+ }
+ }
+ continue;
+#endif /* MBEDTLS_SSL_SESSION_TICKETS */
+
+#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
+
+ default:
+ mbedtls_printf(" mbedtls_ssl_read returned -0x%x\n",
+ (unsigned int) -ret);
+ goto exit;
+ }
+ }
+
+ len = ret;
+ buf[len] = '\0';
+ mbedtls_printf(" < Read from server: %" MBEDTLS_PRINTF_SIZET " bytes read\n\n%s",
+ len,
+ (char *) buf);
+ fflush(stdout);
+ /* End of message should be detected according to the syntax of the
+ * application protocol (eg HTTP), just use a dummy test here. */
+ if (ret > 0 && buf[len-1] == '\n') {
+ ret = 0;
+ break;
+ }
+ } while (1);
+ } else { /* Not stream, so datagram */
+ len = sizeof(buf) - 1;
+ memset(buf, 0, sizeof(buf));
+
+ while (1) {
+ ret = mbedtls_ssl_read(&ssl, buf, len);
+
+#if defined(MBEDTLS_ECP_RESTARTABLE)
+ if (ret == MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS) {
+ continue;
+ }
+#endif
+
+ if (ret != MBEDTLS_ERR_SSL_WANT_READ &&
+ ret != MBEDTLS_ERR_SSL_WANT_WRITE) {
+ break;
+ }
+
+ /* For event-driven IO, wait for socket to become available */
+ if (opt.event == 1 /* level triggered IO */) {
+#if defined(MBEDTLS_TIMING_C)
+ idle(&server_fd, &timer, ret);
+#else
+ idle(&server_fd, ret);
+#endif
+ }
+ }
+
+ if (ret <= 0) {
+ switch (ret) {
+ case MBEDTLS_ERR_SSL_TIMEOUT:
+ mbedtls_printf(" timeout\n");
+ if (retry_left-- > 0) {
+ goto send_request;
+ }
+ goto exit;
+
+ case MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY:
+ mbedtls_printf(" connection was closed gracefully\n");
+ ret = 0;
+ goto close_notify;
+
+ default:
+ mbedtls_printf(" mbedtls_ssl_read returned -0x%x\n", (unsigned int) -ret);
+ goto exit;
+ }
+ }
+
+ len = ret;
+ buf[len] = '\0';
+ mbedtls_printf(" < Read from server: %" MBEDTLS_PRINTF_SIZET " bytes read\n\n%s",
+ len,
+ (char *) buf);
+ ret = 0;
+ }
+
+ /*
+ * 7b. Simulate hard reset and reconnect from same port?
+ */
+ if (opt.reconnect_hard != 0) {
+ opt.reconnect_hard = 0;
+
+ mbedtls_printf(" . Restarting connection from same port...");
+ fflush(stdout);
+
+#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
+ memset(peer_crt_info, 0, sizeof(peer_crt_info));
+#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */
+
+ if ((ret = mbedtls_ssl_session_reset(&ssl)) != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_ssl_session_reset returned -0x%x\n\n",
+ (unsigned int) -ret);
+ goto exit;
+ }
+
+ while ((ret = mbedtls_ssl_handshake(&ssl)) != 0) {
+ if (ret != MBEDTLS_ERR_SSL_WANT_READ &&
+ ret != MBEDTLS_ERR_SSL_WANT_WRITE &&
+ ret != MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS) {
+ mbedtls_printf(" failed\n ! mbedtls_ssl_handshake returned -0x%x\n\n",
+ (unsigned int) -ret);
+ goto exit;
+ }
+
+ /* For event-driven IO, wait for socket to become available */
+ if (opt.event == 1 /* level triggered IO */) {
+#if defined(MBEDTLS_TIMING_C)
+ idle(&server_fd, &timer, ret);
+#else
+ idle(&server_fd, ret);
+#endif
+ }
+ }
+
+ mbedtls_printf(" ok\n");
+
+ goto send_request;
+ }
+
+ /*
+ * 7c. Simulate serialize/deserialize and go back to data exchange
+ */
+#if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION)
+ if (opt.serialize != 0) {
+ size_t buf_len;
+
+ mbedtls_printf(" . Serializing live connection...");
+
+ ret = mbedtls_ssl_context_save(&ssl, NULL, 0, &buf_len);
+ if (ret != MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL) {
+ mbedtls_printf(" failed\n ! mbedtls_ssl_context_save returned "
+ "-0x%x\n\n", (unsigned int) -ret);
+
+ goto exit;
+ }
+
+ if ((context_buf = mbedtls_calloc(1, buf_len)) == NULL) {
+ mbedtls_printf(" failed\n ! Couldn't allocate buffer for "
+ "serialized context");
+
+ goto exit;
+ }
+ context_buf_len = buf_len;
+
+ if ((ret = mbedtls_ssl_context_save(&ssl, context_buf,
+ buf_len, &buf_len)) != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_ssl_context_save returned "
+ "-0x%x\n\n", (unsigned int) -ret);
+
+ goto exit;
+ }
+
+ mbedtls_printf(" ok\n");
+
+ /* Save serialized context to the 'opt.context_file' as a base64 code */
+ if (0 < strlen(opt.context_file)) {
+ FILE *b64_file;
+ uint8_t *b64_buf;
+ size_t b64_len;
+
+ mbedtls_printf(" . Save serialized context to a file... ");
+
+ mbedtls_base64_encode(NULL, 0, &b64_len, context_buf, buf_len);
+
+ if ((b64_buf = mbedtls_calloc(1, b64_len)) == NULL) {
+ mbedtls_printf("failed\n ! Couldn't allocate buffer for "
+ "the base64 code\n");
+ goto exit;
+ }
+
+ if ((ret = mbedtls_base64_encode(b64_buf, b64_len, &b64_len,
+ context_buf, buf_len)) != 0) {
+ mbedtls_printf("failed\n ! mbedtls_base64_encode returned "
+ "-0x%x\n", (unsigned int) -ret);
+ mbedtls_free(b64_buf);
+ goto exit;
+ }
+
+ if ((b64_file = fopen(opt.context_file, "w")) == NULL) {
+ mbedtls_printf("failed\n ! Cannot open '%s' for writing.\n",
+ opt.context_file);
+ mbedtls_free(b64_buf);
+ goto exit;
+ }
+
+ if (b64_len != fwrite(b64_buf, 1, b64_len, b64_file)) {
+ mbedtls_printf("failed\n ! fwrite(%ld bytes) failed\n",
+ (long) b64_len);
+ mbedtls_free(b64_buf);
+ fclose(b64_file);
+ goto exit;
+ }
+
+ mbedtls_free(b64_buf);
+ fclose(b64_file);
+
+ mbedtls_printf("ok\n");
+ }
+
+ if (opt.serialize == 1) {
+ /* nothing to do here, done by context_save() already */
+ mbedtls_printf(" . Context has been reset... ok\n");
+ }
+
+ if (opt.serialize == 2) {
+ mbedtls_printf(" . Freeing and reinitializing context...");
+
+ mbedtls_ssl_free(&ssl);
+
+ mbedtls_ssl_init(&ssl);
+
+ if ((ret = mbedtls_ssl_setup(&ssl, &conf)) != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_ssl_setup returned "
+ "-0x%x\n\n", (unsigned int) -ret);
+ goto exit;
+ }
+
+ if (opt.nbio == 2) {
+ mbedtls_ssl_set_bio(&ssl, &server_fd, delayed_send,
+ delayed_recv, NULL);
+ } else {
+ mbedtls_ssl_set_bio(&ssl, &server_fd, mbedtls_net_send,
+ mbedtls_net_recv,
+ opt.nbio == 0 ? mbedtls_net_recv_timeout : NULL);
+ }
+
+#if defined(MBEDTLS_TIMING_C)
+ mbedtls_ssl_set_timer_cb(&ssl, &timer,
+ mbedtls_timing_set_delay,
+ mbedtls_timing_get_delay);
+#endif /* MBEDTLS_TIMING_C */
+
+ mbedtls_printf(" ok\n");
+ }
+
+ mbedtls_printf(" . Deserializing connection...");
+
+ if ((ret = mbedtls_ssl_context_load(&ssl, context_buf,
+ buf_len)) != 0) {
+ mbedtls_printf("failed\n ! mbedtls_ssl_context_load returned "
+ "-0x%x\n\n", (unsigned int) -ret);
+
+ goto exit;
+ }
+
+ mbedtls_free(context_buf);
+ context_buf = NULL;
+ context_buf_len = 0;
+
+ mbedtls_printf(" ok\n");
+ }
+#endif /* MBEDTLS_SSL_CONTEXT_SERIALIZATION */
+
+ /*
+ * 7d. Continue doing data exchanges?
+ */
+ if (--opt.exchanges > 0) {
+ goto send_request;
+ }
+
+ /*
+ * 8. Done, cleanly close the connection
+ */
+close_notify:
+ mbedtls_printf(" . Closing the connection...");
+ fflush(stdout);
+
+ /*
+ * Most of the time sending a close_notify before closing is the right
+ * thing to do. However, when the server already knows how many messages
+ * are expected and closes the connection by itself, this alert becomes
+ * redundant. Sometimes with DTLS this redundancy becomes a problem by
+ * leading to a race condition where the server might close the connection
+ * before seeing the alert, and since UDP is connection-less when the
+ * alert arrives it will be seen as a new connection, which will fail as
+ * the alert is clearly not a valid ClientHello. This may cause spurious
+ * failures in tests that use DTLS and resumption with ssl_server2 in
+ * ssl-opt.sh, avoided by enabling skip_close_notify client-side.
+ */
+ if (opt.skip_close_notify == 0) {
+ /* No error checking, the connection might be closed already */
+ do {
+ ret = mbedtls_ssl_close_notify(&ssl);
+ } while (ret == MBEDTLS_ERR_SSL_WANT_WRITE);
+ ret = 0;
+ }
+
+ mbedtls_printf(" done\n");
+
+ /*
+ * 9. Reconnect?
+ */
+reconnect:
+ if (opt.reconnect != 0) {
+ --opt.reconnect;
+
+ mbedtls_net_free(&server_fd);
+
+#if defined(MBEDTLS_TIMING_C)
+ if (opt.reco_delay > 0) {
+ mbedtls_net_usleep(1000 * opt.reco_delay);
+ }
+#endif
+
+ mbedtls_printf(" . Reconnecting with saved session...");
+
+#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
+ memset(peer_crt_info, 0, sizeof(peer_crt_info));
+#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */
+
+ if ((ret = mbedtls_ssl_session_reset(&ssl)) != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_ssl_session_reset returned -0x%x\n\n",
+ (unsigned int) -ret);
+ goto exit;
+ }
+
+ if (opt.reco_mode == 1) {
+ if ((ret = mbedtls_ssl_session_load(&saved_session,
+ session_data,
+ session_data_len)) != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_ssl_session_load returned -0x%x\n\n",
+ (unsigned int) -ret);
+ goto exit;
+ }
+ }
+
+ if ((ret = mbedtls_ssl_set_session(&ssl, &saved_session)) != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_ssl_set_session returned -0x%x\n\n",
+ (unsigned int) -ret);
+ goto exit;
+ }
+
+#if defined(MBEDTLS_X509_CRT_PARSE_C)
+ if (opt.reco_server_name != NULL &&
+ (ret = mbedtls_ssl_set_hostname(&ssl,
+ opt.reco_server_name)) != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_ssl_set_hostname returned %d\n\n",
+ ret);
+ goto exit;
+ }
+#endif
+
+ if ((ret = mbedtls_net_connect(&server_fd,
+ opt.server_addr, opt.server_port,
+ opt.transport == MBEDTLS_SSL_TRANSPORT_STREAM ?
+ MBEDTLS_NET_PROTO_TCP : MBEDTLS_NET_PROTO_UDP)) != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_net_connect returned -0x%x\n\n",
+ (unsigned int) -ret);
+ goto exit;
+ }
+
+ if (opt.nbio > 0) {
+ ret = mbedtls_net_set_nonblock(&server_fd);
+ } else {
+ ret = mbedtls_net_set_block(&server_fd);
+ }
+ if (ret != 0) {
+ mbedtls_printf(" failed\n ! net_set_(non)block() returned -0x%x\n\n",
+ (unsigned int) -ret);
+ goto exit;
+ }
+
+ ret = build_http_request(buf, sizeof(buf) - 1, &len);
+ if (ret != 0) {
+ goto exit;
+ }
+
+#if defined(MBEDTLS_SSL_EARLY_DATA)
+ if (ssl.conf->early_data_enabled == MBEDTLS_SSL_EARLY_DATA_ENABLED) {
+ frags = 0;
+ written = 0;
+ do {
+ while ((ret = mbedtls_ssl_write_early_data(&ssl, buf + written,
+ len - written)) < 0) {
+ if (ret == MBEDTLS_ERR_SSL_CANNOT_WRITE_EARLY_DATA) {
+ goto end_of_early_data;
+ }
+ if (ret != MBEDTLS_ERR_SSL_WANT_READ &&
+ ret != MBEDTLS_ERR_SSL_WANT_WRITE &&
+ ret != MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS) {
+ mbedtls_printf(" failed\n ! mbedtls_ssl_write returned -0x%x\n\n",
+ (unsigned int) -ret);
+ goto exit;
+ }
+
+ /* For event-driven IO, wait for socket to become available */
+ if (opt.event == 1 /* level triggered IO */) {
+#if defined(MBEDTLS_TIMING_C)
+ idle(&server_fd, &timer, ret);
+#else
+ idle(&server_fd, ret);
+#endif
+ }
+ }
+
+ frags++;
+ written += ret;
+ } while (written < len);
+
+end_of_early_data:
+
+ buf[written] = '\0';
+ mbedtls_printf(
+ " %" MBEDTLS_PRINTF_SIZET " bytes of early data written in %" MBEDTLS_PRINTF_SIZET " fragments\n\n%s\n",
+ written,
+ frags,
+ (char *) buf);
+ }
+#endif /* MBEDTLS_SSL_EARLY_DATA */
+
+ while ((ret = mbedtls_ssl_handshake(&ssl)) != 0) {
+ if (ret != MBEDTLS_ERR_SSL_WANT_READ &&
+ ret != MBEDTLS_ERR_SSL_WANT_WRITE &&
+ ret != MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS) {
+ mbedtls_printf(" failed\n ! mbedtls_ssl_handshake returned -0x%x\n\n",
+ (unsigned int) -ret);
+ goto exit;
+ }
+ }
+
+ mbedtls_printf(" ok\n");
+
+ goto send_request;
+ }
+
+ /*
+ * Cleanup and exit
+ */
+exit:
+#ifdef MBEDTLS_ERROR_C
+ if (ret != 0) {
+ char error_buf[100];
+ mbedtls_strerror(ret, error_buf, 100);
+ mbedtls_printf("Last error was: -0x%X - %s\n\n", (unsigned int) -ret, error_buf);
+ }
+#endif
+
+ mbedtls_net_free(&server_fd);
+
+ mbedtls_ssl_free(&ssl);
+ mbedtls_ssl_config_free(&conf);
+ mbedtls_ssl_session_free(&saved_session);
+
+ if (session_data != NULL) {
+ mbedtls_platform_zeroize(session_data, session_data_len);
+ }
+ mbedtls_free(session_data);
+#if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION)
+ if (context_buf != NULL) {
+ mbedtls_platform_zeroize(context_buf, context_buf_len);
+ }
+ mbedtls_free(context_buf);
+#endif
+
+#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
+ mbedtls_x509_crt_free(&clicert);
+ mbedtls_x509_crt_free(&cacert);
+ mbedtls_pk_free(&pkey);
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ psa_destroy_key(key_slot);
+#endif
+#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */
+
+#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED) && \
+ defined(MBEDTLS_USE_PSA_CRYPTO)
+ if (opt.psk_opaque != 0) {
+ /* This is ok even if the slot hasn't been
+ * initialized (we might have jumed here
+ * immediately because of bad cmd line params,
+ * for example). */
+ status = psa_destroy_key(slot);
+ if ((status != PSA_SUCCESS) &&
+ (opt.query_config_mode == DFL_QUERY_CONFIG_MODE)) {
+ mbedtls_printf("Failed to destroy key slot %u - error was %d",
+ (unsigned) MBEDTLS_SVC_KEY_ID_GET_KEY_ID(slot),
+ (int) status);
+ if (ret == 0) {
+ ret = MBEDTLS_ERR_SSL_HW_ACCEL_FAILED;
+ }
+ }
+ }
+#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED &&
+ MBEDTLS_USE_PSA_CRYPTO */
+
+#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) && \
+ defined(MBEDTLS_USE_PSA_CRYPTO)
+ /*
+ * In case opaque keys it's the user responsibility to keep the key valid
+ * for the duration of the handshake and destroy it at the end
+ */
+ if ((opt.ecjpake_pw_opaque != DFL_ECJPAKE_PW_OPAQUE)) {
+ psa_key_attributes_t check_attributes = PSA_KEY_ATTRIBUTES_INIT;
+
+ /* Verify that the key is still valid before destroying it */
+ if (psa_get_key_attributes(ecjpake_pw_slot, &check_attributes) !=
+ PSA_SUCCESS) {
+ if (ret == 0) {
+ ret = 1;
+ }
+ mbedtls_printf("The EC J-PAKE password key has unexpectedly been already destroyed\n");
+ } else {
+ psa_destroy_key(ecjpake_pw_slot);
+ }
+ }
+#endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED && MBEDTLS_USE_PSA_CRYPTO */
+
+#if defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3)
+ const char *message = mbedtls_test_helper_is_psa_leaking();
+ if (message) {
+ if (ret == 0) {
+ ret = 1;
+ }
+ mbedtls_printf("PSA memory leak detected: %s\n", message);
+ }
+#endif /* MBEDTLS_USE_PSA_CRYPTO || MBEDTLS_SSL_PROTO_TLS1_3 */
+
+ /* For builds with MBEDTLS_TEST_USE_PSA_CRYPTO_RNG psa crypto
+ * resources are freed by rng_free(). */
+#if (defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3)) && \
+ !defined(MBEDTLS_TEST_USE_PSA_CRYPTO_RNG)
+ mbedtls_psa_crypto_free();
+#endif
+
+ rng_free(&rng);
+
+#if defined(MBEDTLS_TEST_HOOKS)
+ if (test_hooks_failure_detected()) {
+ if (ret == 0) {
+ ret = 1;
+ }
+ mbedtls_printf("Test hooks detected errors.\n");
+ }
+ test_hooks_free();
+#endif /* MBEDTLS_TEST_HOOKS */
+
+#if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C)
+#if defined(MBEDTLS_MEMORY_DEBUG)
+ mbedtls_memory_buffer_alloc_status();
+#endif
+ mbedtls_memory_buffer_alloc_free();
+#endif /* MBEDTLS_MEMORY_BUFFER_ALLOC_C */
+
+ // Shell can not handle large exit numbers -> 1 for errors
+ if (ret < 0) {
+ ret = 1;
+ }
+
+ if (opt.query_config_mode == DFL_QUERY_CONFIG_MODE) {
+ mbedtls_exit(ret);
+ } else {
+ mbedtls_exit(query_config_ret);
+ }
+}
+#endif /* !MBEDTLS_SSL_TEST_IMPOSSIBLE && MBEDTLS_SSL_CLI_C */
diff --git a/programs/ssl/ssl_context_info.c b/programs/ssl/ssl_context_info.c
new file mode 100644
index 0000000..ee2cdb7
--- /dev/null
+++ b/programs/ssl/ssl_context_info.c
@@ -0,0 +1,1012 @@
+/*
+ * Mbed TLS SSL context deserializer from base64 code
+ *
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ */
+
+#include "mbedtls/build_info.h"
+#include "mbedtls/debug.h"
+#include "mbedtls/platform.h"
+
+#include <stdio.h>
+#include <stdlib.h>
+
+#if !defined(MBEDTLS_X509_CRT_PARSE_C) || !defined(MBEDTLS_ERROR_C) || \
+ !defined(MBEDTLS_SSL_TLS_C)
+int main(void)
+{
+ printf("MBEDTLS_X509_CRT_PARSE_C and/or MBEDTLS_ERROR_C and/or "
+ "MBEDTLS_SSL_TLS_C not defined.\n");
+ return 0;
+}
+#else
+
+#if defined(_MSC_VER) && !defined(_CRT_SECURE_NO_DEPRECATE)
+#define _CRT_SECURE_NO_DEPRECATE 1
+#endif
+
+#include <stdint.h>
+#include <stdarg.h>
+#include <string.h>
+#if defined(MBEDTLS_HAVE_TIME)
+#include <time.h>
+#endif
+#include "mbedtls/ssl.h"
+#include "mbedtls/error.h"
+#include "mbedtls/base64.h"
+#include "mbedtls/md.h"
+#include "mbedtls/x509_crt.h"
+#include "mbedtls/ssl_ciphersuites.h"
+
+/*
+ * This program version
+ */
+#define PROG_NAME "ssl_context_info"
+#define VER_MAJOR 0
+#define VER_MINOR 1
+
+/*
+ * Flags copied from the Mbed TLS library.
+ */
+#define SESSION_CONFIG_TIME_BIT (1 << 0)
+#define SESSION_CONFIG_CRT_BIT (1 << 1)
+#define SESSION_CONFIG_CLIENT_TICKET_BIT (1 << 2)
+#define SESSION_CONFIG_MFL_BIT (1 << 3)
+#define SESSION_CONFIG_TRUNC_HMAC_BIT (1 << 4)
+#define SESSION_CONFIG_ETM_BIT (1 << 5)
+#define SESSION_CONFIG_TICKET_BIT (1 << 6)
+
+#define CONTEXT_CONFIG_DTLS_CONNECTION_ID_BIT (1 << 0)
+#define CONTEXT_CONFIG_DTLS_BADMAC_LIMIT_BIT (1 << 1)
+#define CONTEXT_CONFIG_DTLS_ANTI_REPLAY_BIT (1 << 2)
+#define CONTEXT_CONFIG_ALPN_BIT (1 << 3)
+
+#define TRANSFORM_RANDBYTE_LEN 64
+
+/*
+ * Minimum and maximum number of bytes for specific data: context, sessions,
+ * certificates, tickets and buffers in the program. The context and session
+ * size values have been calculated based on the 'print_deserialized_ssl_context()'
+ * and 'print_deserialized_ssl_session()' content.
+ */
+#define MIN_CONTEXT_LEN 84
+#define MIN_SESSION_LEN 88
+
+#define MAX_CONTEXT_LEN 875 /* without session data */
+#define MAX_SESSION_LEN 109 /* without certificate and ticket data */
+#define MAX_CERTIFICATE_LEN ((1 << 24) - 1)
+#define MAX_TICKET_LEN ((1 << 24) - 1)
+
+#define MIN_SERIALIZED_DATA (MIN_CONTEXT_LEN + MIN_SESSION_LEN)
+#define MAX_SERIALIZED_DATA (MAX_CONTEXT_LEN + MAX_SESSION_LEN + \
+ MAX_CERTIFICATE_LEN + MAX_TICKET_LEN)
+
+#define MIN_BASE64_LEN (MIN_SERIALIZED_DATA * 4 / 3)
+#define MAX_BASE64_LEN (MAX_SERIALIZED_DATA * 4 / 3 + 3)
+
+/*
+ * A macro that prevents from reading out of the ssl buffer range.
+ */
+#define CHECK_SSL_END(LEN) \
+ do \
+ { \
+ if (end - ssl < (int) (LEN)) \
+ { \
+ printf_err("%s", buf_ln_err); \
+ return; \
+ } \
+ } while (0)
+
+/*
+ * Global values
+ */
+FILE *b64_file = NULL; /* file with base64 codes to deserialize */
+char conf_keep_peer_certificate = 1; /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE from mbedTLS configuration */
+char conf_dtls_proto = 1; /* MBEDTLS_SSL_PROTO_DTLS from mbedTLS configuration */
+char debug = 0; /* flag for debug messages */
+const char alloc_err[] = "Cannot allocate memory\n";
+const char buf_ln_err[] = "Buffer does not have enough data to complete the parsing\n";
+
+/*
+ * Basic printing functions
+ */
+void print_version(void)
+{
+ printf("%s v%d.%d\n", PROG_NAME, VER_MAJOR, VER_MINOR);
+}
+
+void print_usage(void)
+{
+ print_version();
+ printf("\nThis program is used to deserialize an Mbed TLS SSL session from the base64 code provided\n"
+ "in the text file. The program can deserialize many codes from one file, but they must be\n"
+ "separated, e.g. by a newline.\n\n");
+ printf(
+ "Usage:\n"
+ "\t-f path - Path to the file with base64 code\n"
+ "\t-v - Show version\n"
+ "\t-h - Show this usage\n"
+ "\t-d - Print more information\n"
+ "\t--keep-peer-cert=0 - Use this option if you know that the Mbed TLS library\n"
+ "\t has been compiled with the MBEDTLS_SSL_KEEP_PEER_CERTIFICATE\n"
+ "\t flag. You can also use it if there are some problems with reading\n"
+ "\t the information about certificate\n"
+ "\t--dtls-protocol=0 - Use this option if you know that the Mbed TLS library\n"
+ "\t has been compiled without the MBEDTLS_SSL_PROTO_DTLS flag\n"
+ "\n"
+ );
+}
+
+void printf_dbg(const char *str, ...)
+{
+ if (debug) {
+ va_list args;
+ va_start(args, str);
+ printf("debug: ");
+ vprintf(str, args);
+ fflush(stdout);
+ va_end(args);
+ }
+}
+
+MBEDTLS_PRINTF_ATTRIBUTE(1, 2)
+void printf_err(const char *str, ...)
+{
+ va_list args;
+ va_start(args, str);
+ fflush(stdout);
+ fprintf(stderr, "ERROR: ");
+ vfprintf(stderr, str, args);
+ fflush(stderr);
+ va_end(args);
+}
+
+/*
+ * Exit from the program in case of error
+ */
+void error_exit(void)
+{
+ if (NULL != b64_file) {
+ fclose(b64_file);
+ }
+ exit(-1);
+}
+
+/*
+ * This function takes the input arguments of this program
+ */
+void parse_arguments(int argc, char *argv[])
+{
+ int i = 1;
+
+ if (argc < 2) {
+ print_usage();
+ error_exit();
+ }
+
+ while (i < argc) {
+ if (strcmp(argv[i], "-d") == 0) {
+ debug = 1;
+ } else if (strcmp(argv[i], "-h") == 0) {
+ print_usage();
+ } else if (strcmp(argv[i], "-v") == 0) {
+ print_version();
+ } else if (strcmp(argv[i], "-f") == 0) {
+ if (++i >= argc) {
+ printf_err("File path is empty\n");
+ error_exit();
+ }
+
+ if (NULL != b64_file) {
+ printf_err("Cannot specify more than one file with -f\n");
+ error_exit();
+ }
+
+ if ((b64_file = fopen(argv[i], "r")) == NULL) {
+ printf_err("Cannot find file \"%s\"\n", argv[i]);
+ error_exit();
+ }
+ } else if (strcmp(argv[i], "--keep-peer-cert=0") == 0) {
+ conf_keep_peer_certificate = 0;
+ } else if (strcmp(argv[i], "--dtls-protocol=0") == 0) {
+ conf_dtls_proto = 0;
+ } else {
+ print_usage();
+ error_exit();
+ }
+
+ i++;
+ }
+}
+
+/*
+ * This function prints base64 code to the stdout
+ */
+void print_b64(const uint8_t *b, size_t len)
+{
+ size_t i = 0;
+ const uint8_t *end = b + len;
+ printf("\t");
+ while (b < end) {
+ if (++i > 75) {
+ printf("\n\t");
+ i = 0;
+ }
+ printf("%c", *b++);
+ }
+ printf("\n");
+ fflush(stdout);
+}
+
+/*
+ * This function prints hex code from the buffer to the stdout.
+ *
+ * /p b buffer with data to print
+ * /p len number of bytes to print
+ * /p in_line number of bytes in one line
+ * /p prefix prefix for the new lines
+ */
+void print_hex(const uint8_t *b, size_t len,
+ const size_t in_line, const char *prefix)
+{
+ size_t i = 0;
+ const uint8_t *end = b + len;
+
+ if (prefix == NULL) {
+ prefix = "";
+ }
+
+ while (b < end) {
+ if (++i > in_line) {
+ printf("\n%s", prefix);
+ i = 1;
+ }
+ printf("%02X ", (uint8_t) *b++);
+ }
+ printf("\n");
+ fflush(stdout);
+}
+
+/*
+ * Print the value of time_t in format e.g. 2020-01-23 13:05:59
+ */
+void print_time(const uint64_t *time)
+{
+#if defined(MBEDTLS_HAVE_TIME)
+ char buf[20];
+ struct tm *t = gmtime((time_t *) time);
+ static const char format[] = "%Y-%m-%d %H:%M:%S";
+ if (NULL != t) {
+ strftime(buf, sizeof(buf), format, t);
+ printf("%s\n", buf);
+ } else {
+ printf("unknown\n");
+ }
+#else
+ (void) time;
+ printf("not supported\n");
+#endif
+}
+
+/*
+ * Print the input string if the bit is set in the value
+ */
+void print_if_bit(const char *str, int bit, int val)
+{
+ if (bit & val) {
+ printf("\t%s\n", str);
+ }
+}
+
+/*
+ * Return pointer to hardcoded "enabled" or "disabled" depending on the input value
+ */
+const char *get_enabled_str(int is_en)
+{
+ return (is_en) ? "enabled" : "disabled";
+}
+
+/*
+ * Return pointer to hardcoded MFL string value depending on the MFL code at the input
+ */
+const char *get_mfl_str(int mfl_code)
+{
+ switch (mfl_code) {
+ case MBEDTLS_SSL_MAX_FRAG_LEN_NONE:
+ return "none";
+ case MBEDTLS_SSL_MAX_FRAG_LEN_512:
+ return "512";
+ case MBEDTLS_SSL_MAX_FRAG_LEN_1024:
+ return "1024";
+ case MBEDTLS_SSL_MAX_FRAG_LEN_2048:
+ return "2048";
+ case MBEDTLS_SSL_MAX_FRAG_LEN_4096:
+ return "4096";
+ default:
+ return "error";
+ }
+}
+
+/*
+ * Read next base64 code from the 'b64_file'. The 'b64_file' must be opened
+ * previously. After each call to this function, the internal file position
+ * indicator of the global b64_file is advanced.
+ *
+ * Note - This function checks the size of the input buffer and if necessary,
+ * increases it to the maximum MAX_BASE64_LEN
+ *
+ * /p b64 pointer to the pointer of the buffer for input data
+ * /p max_len pointer to the current buffer capacity. It can be changed if
+ * the buffer needs to be increased
+ *
+ * \retval number of bytes written in to the b64 buffer or 0 in case no more
+ * data was found
+ */
+size_t read_next_b64_code(uint8_t **b64, size_t *max_len)
+{
+ int valid_balance = 0; /* balance between valid and invalid characters */
+ size_t len = 0;
+ char pad = 0;
+ int c = 0;
+
+ while (EOF != c) {
+ char c_valid = 0;
+
+ c = fgetc(b64_file);
+
+ if (pad > 0) {
+ if (c == '=' && pad == 1) {
+ c_valid = 1;
+ pad = 2;
+ }
+ } else if ((c >= 'A' && c <= 'Z') ||
+ (c >= 'a' && c <= 'z') ||
+ (c >= '0' && c <= '9') ||
+ c == '+' || c == '/') {
+ c_valid = 1;
+ } else if (c == '=') {
+ c_valid = 1;
+ pad = 1;
+ } else if (c == '-') {
+ c = '+';
+ c_valid = 1;
+ } else if (c == '_') {
+ c = '/';
+ c_valid = 1;
+ }
+
+ if (c_valid) {
+ /* A string of characters that could be a base64 code. */
+ valid_balance++;
+
+ if (len < *max_len) {
+ (*b64)[len++] = c;
+ } else if (*max_len < MAX_BASE64_LEN) {
+ /* Current buffer is too small, but can be resized. */
+ void *ptr;
+ size_t new_size = (MAX_BASE64_LEN - 4096 > *max_len) ?
+ *max_len + 4096 : MAX_BASE64_LEN;
+
+ ptr = realloc(*b64, new_size);
+ if (NULL == ptr) {
+ printf_err(alloc_err);
+ return 0;
+ }
+ *b64 = ptr;
+ *max_len = new_size;
+ (*b64)[len++] = c;
+ } else {
+ /* Too much data so it will be treated as invalid */
+ len++;
+ }
+ } else if (len > 0) {
+ /* End of a string that could be a base64 code, but need to check
+ * that the length of the characters is correct. */
+
+ valid_balance--;
+
+ if (len < MIN_CONTEXT_LEN) {
+ printf_dbg("The code found is too small to be a SSL context.\n");
+ len = pad = 0;
+ } else if (len > *max_len) {
+ printf_err("The code found is too large by %" MBEDTLS_PRINTF_SIZET " bytes.\n",
+ len - *max_len);
+ len = pad = 0;
+ } else if (len % 4 != 0) {
+ printf_err("The length of the base64 code found should be a multiple of 4.\n");
+ len = pad = 0;
+ } else {
+ /* Base64 code with valid character length. */
+ return len;
+ }
+ } else {
+ valid_balance--;
+ }
+
+ /* Detection of potentially wrong file format like: binary, zip, ISO, etc. */
+ if (valid_balance < -100) {
+ printf_err("Too many bad symbols detected. File check aborted.\n");
+ return 0;
+ }
+ }
+
+ printf_dbg("End of file\n");
+ return 0;
+}
+
+#if !defined(MBEDTLS_X509_REMOVE_INFO)
+/*
+ * This function deserializes and prints to the stdout all obtained information
+ * about the certificates from provided data.
+ *
+ * /p ssl pointer to serialized certificate
+ * /p len number of bytes in the buffer
+ */
+void print_deserialized_ssl_cert(const uint8_t *ssl, uint32_t len)
+{
+ enum { STRLEN = 4096 };
+ mbedtls_x509_crt crt;
+ int ret;
+ char str[STRLEN];
+
+ printf("\nCertificate:\n");
+
+ mbedtls_x509_crt_init(&crt);
+ ret = mbedtls_x509_crt_parse_der(&crt, ssl, len);
+ if (0 != ret) {
+ mbedtls_strerror(ret, str, STRLEN);
+ printf_err("Invalid format of X.509 - %s\n", str);
+ printf("Cannot deserialize:\n\t");
+ print_hex(ssl, len, 25, "\t");
+ } else {
+ mbedtls_x509_crt *current = &crt;
+
+ while (current != NULL) {
+ ret = mbedtls_x509_crt_info(str, STRLEN, "\t", current);
+ if (0 > ret) {
+ mbedtls_strerror(ret, str, STRLEN);
+ printf_err("Cannot write to the output - %s\n", str);
+ } else {
+ printf("%s", str);
+ }
+
+ current = current->next;
+
+ if (current) {
+ printf("\n");
+ }
+
+ }
+ }
+
+ mbedtls_x509_crt_free(&crt);
+}
+#endif /* !MBEDTLS_X509_REMOVE_INFO */
+
+/*
+ * This function deserializes and prints to the stdout all obtained information
+ * about the session from provided data. This function was built based on
+ * mbedtls_ssl_session_load(). mbedtls_ssl_session_load() could not be used
+ * due to dependencies on the mbedTLS configuration.
+ *
+ * The data structure in the buffer:
+ * uint64 start_time;
+ * uint8 ciphersuite[2]; // defined by the standard
+ * uint8 compression; // 0 or 1
+ * uint8 session_id_len; // at most 32
+ * opaque session_id[32];
+ * opaque master[48]; // fixed length in the standard
+ * uint32 verify_result;
+ * opaque peer_cert<0..2^24-1>; // length 0 means no peer cert
+ * opaque ticket<0..2^24-1>; // length 0 means no ticket
+ * uint32 ticket_lifetime;
+ * uint8 mfl_code; // up to 255 according to standard
+ * uint8 trunc_hmac; // 0 or 1
+ * uint8 encrypt_then_mac; // 0 or 1
+ *
+ * /p ssl pointer to serialized session
+ * /p len number of bytes in the buffer
+ * /p session_cfg_flag session configuration flags
+ */
+void print_deserialized_ssl_session(const uint8_t *ssl, uint32_t len,
+ int session_cfg_flag)
+{
+ const struct mbedtls_ssl_ciphersuite_t *ciphersuite_info;
+ int ciphersuite_id;
+ uint32_t cert_len, ticket_len;
+ uint32_t verify_result, ticket_lifetime;
+ const uint8_t *end = ssl + len;
+
+ printf("\nSession info:\n");
+
+ if (session_cfg_flag & SESSION_CONFIG_TIME_BIT) {
+ uint64_t start;
+ CHECK_SSL_END(8);
+ start = ((uint64_t) ssl[0] << 56) |
+ ((uint64_t) ssl[1] << 48) |
+ ((uint64_t) ssl[2] << 40) |
+ ((uint64_t) ssl[3] << 32) |
+ ((uint64_t) ssl[4] << 24) |
+ ((uint64_t) ssl[5] << 16) |
+ ((uint64_t) ssl[6] << 8) |
+ ((uint64_t) ssl[7]);
+ ssl += 8;
+ printf("\tstart time : ");
+ print_time(&start);
+ }
+
+ CHECK_SSL_END(2);
+ ciphersuite_id = ((int) ssl[0] << 8) | (int) ssl[1];
+ printf_dbg("Ciphersuite ID: %d\n", ciphersuite_id);
+ ssl += 2;
+
+ ciphersuite_info = mbedtls_ssl_ciphersuite_from_id(ciphersuite_id);
+ if (ciphersuite_info == NULL) {
+ printf_err("Cannot find ciphersuite info\n");
+ } else {
+#if defined(MBEDTLS_MD_C)
+ const mbedtls_md_info_t *md_info;
+#endif
+
+ printf("\tciphersuite : %s\n", mbedtls_ssl_ciphersuite_get_name(ciphersuite_info));
+ printf("\tcipher flags : 0x%02X\n", ciphersuite_info->MBEDTLS_PRIVATE(flags));
+
+#if defined(MBEDTLS_CIPHER_C)
+ const mbedtls_cipher_info_t *cipher_info;
+ cipher_info = mbedtls_cipher_info_from_type(ciphersuite_info->MBEDTLS_PRIVATE(cipher));
+ if (cipher_info == NULL) {
+ printf_err("Cannot find cipher info\n");
+ } else {
+ printf("\tcipher : %s\n", mbedtls_cipher_info_get_name(cipher_info));
+ }
+#else /* MBEDTLS_CIPHER_C */
+ printf("\tcipher type : %d\n", ciphersuite_info->MBEDTLS_PRIVATE(cipher));
+#endif /* MBEDTLS_CIPHER_C */
+
+#if defined(MBEDTLS_MD_C)
+ md_info = mbedtls_md_info_from_type(ciphersuite_info->MBEDTLS_PRIVATE(mac));
+ if (md_info == NULL) {
+ printf_err("Cannot find Message-Digest info\n");
+ } else {
+ printf("\tMessage-Digest : %s\n", mbedtls_md_get_name(md_info));
+ }
+#endif /* MBEDTLS_MD_C */
+ }
+
+ CHECK_SSL_END(1);
+ printf("\tcompression : %s\n", get_enabled_str(*ssl++));
+
+ /* Note - Here we can get session ID length from serialized data, but we
+ * use hardcoded 32-bytes length. This approach was taken from
+ * 'mbedtls_ssl_session_load()'. */
+ CHECK_SSL_END(1 + 32);
+ printf_dbg("Session id length: %u\n", (uint32_t) *ssl++);
+ printf("\tsession ID : ");
+ print_hex(ssl, 32, 16, "\t ");
+ ssl += 32;
+
+ printf("\tmaster secret : ");
+ CHECK_SSL_END(48);
+ print_hex(ssl, 48, 16, "\t ");
+ ssl += 48;
+
+ CHECK_SSL_END(4);
+ verify_result = ((uint32_t) ssl[0] << 24) |
+ ((uint32_t) ssl[1] << 16) |
+ ((uint32_t) ssl[2] << 8) |
+ ((uint32_t) ssl[3]);
+ ssl += 4;
+ printf("\tverify result : 0x%08X\n", verify_result);
+
+ if (SESSION_CONFIG_CRT_BIT & session_cfg_flag) {
+ if (conf_keep_peer_certificate) {
+ CHECK_SSL_END(3);
+ cert_len = ((uint32_t) ssl[0] << 16) |
+ ((uint32_t) ssl[1] << 8) |
+ ((uint32_t) ssl[2]);
+ ssl += 3;
+ printf_dbg("Certificate length: %u\n", cert_len);
+
+ if (cert_len > 0) {
+ CHECK_SSL_END(cert_len);
+#if !defined(MBEDTLS_X509_REMOVE_INFO)
+ print_deserialized_ssl_cert(ssl, cert_len);
+#endif
+ ssl += cert_len;
+ }
+ } else {
+ printf("\tPeer digest : ");
+
+ CHECK_SSL_END(1);
+ switch ((mbedtls_md_type_t) *ssl++) {
+ case MBEDTLS_MD_NONE:
+ printf("none\n");
+ break;
+ case MBEDTLS_MD_MD5:
+ printf("MD5\n");
+ break;
+ case MBEDTLS_MD_SHA1:
+ printf("SHA1\n");
+ break;
+ case MBEDTLS_MD_SHA224:
+ printf("SHA224\n");
+ break;
+ case MBEDTLS_MD_SHA256:
+ printf("SHA256\n");
+ break;
+ case MBEDTLS_MD_SHA384:
+ printf("SHA384\n");
+ break;
+ case MBEDTLS_MD_SHA512:
+ printf("SHA512\n");
+ break;
+ case MBEDTLS_MD_RIPEMD160:
+ printf("RIPEMD160\n");
+ break;
+ default:
+ printf("undefined or erroneous\n");
+ break;
+ }
+
+ CHECK_SSL_END(1);
+ cert_len = (uint32_t) *ssl++;
+ printf_dbg("Message-Digest length: %u\n", cert_len);
+
+ if (cert_len > 0) {
+ printf("\tPeer digest cert : ");
+ CHECK_SSL_END(cert_len);
+ print_hex(ssl, cert_len, 16, "\t ");
+ ssl += cert_len;
+ }
+ }
+ }
+
+ if (SESSION_CONFIG_CLIENT_TICKET_BIT & session_cfg_flag) {
+ printf("\nTicket:\n");
+
+ CHECK_SSL_END(3);
+ ticket_len = ((uint32_t) ssl[0] << 16) |
+ ((uint32_t) ssl[1] << 8) |
+ ((uint32_t) ssl[2]);
+ ssl += 3;
+ printf_dbg("Ticket length: %u\n", ticket_len);
+
+ if (ticket_len > 0) {
+ printf("\t");
+ CHECK_SSL_END(ticket_len);
+ print_hex(ssl, ticket_len, 22, "\t");
+ ssl += ticket_len;
+ printf("\n");
+ }
+
+ CHECK_SSL_END(4);
+ ticket_lifetime = ((uint32_t) ssl[0] << 24) |
+ ((uint32_t) ssl[1] << 16) |
+ ((uint32_t) ssl[2] << 8) |
+ ((uint32_t) ssl[3]);
+ ssl += 4;
+ printf("\tlifetime : %u sec.\n", ticket_lifetime);
+ }
+
+ if (ssl < end) {
+ printf("\nSession others:\n");
+ }
+
+ if (SESSION_CONFIG_MFL_BIT & session_cfg_flag) {
+ CHECK_SSL_END(1);
+ printf("\tMFL : %s\n", get_mfl_str(*ssl++));
+ }
+
+ if (SESSION_CONFIG_TRUNC_HMAC_BIT & session_cfg_flag) {
+ CHECK_SSL_END(1);
+ printf("\tnegotiate truncated HMAC : %s\n", get_enabled_str(*ssl++));
+ }
+
+ if (SESSION_CONFIG_ETM_BIT & session_cfg_flag) {
+ CHECK_SSL_END(1);
+ printf("\tEncrypt-then-MAC : %s\n", get_enabled_str(*ssl++));
+ }
+
+ if (0 != (end - ssl)) {
+ printf_err("%i bytes left to analyze from session\n", (int32_t) (end - ssl));
+ }
+}
+
+/*
+ * This function deserializes and prints to the stdout all obtained information
+ * about the context from provided data. This function was built based on
+ * mbedtls_ssl_context_load(). mbedtls_ssl_context_load() could not be used
+ * due to dependencies on the mbedTLS configuration and the configuration of
+ * the context when serialization was created.
+ *
+ * The data structure in the buffer:
+ * // header
+ * uint8 version[3];
+ * uint8 configuration[5];
+ * // session sub-structure
+ * uint32_t session_len;
+ * opaque session<1..2^32-1>; // see mbedtls_ssl_session_save()
+ * // transform sub-structure
+ * uint8 random[64]; // ServerHello.random+ClientHello.random
+ * uint8 in_cid_len;
+ * uint8 in_cid<0..2^8-1> // Connection ID: expected incoming value
+ * uint8 out_cid_len;
+ * uint8 out_cid<0..2^8-1> // Connection ID: outgoing value to use
+ * // fields from ssl_context
+ * uint32 badmac_seen; // DTLS: number of records with failing MAC
+ * uint64 in_window_top; // DTLS: last validated record seq_num
+ * uint64 in_window; // DTLS: bitmask for replay protection
+ * uint8 disable_datagram_packing; // DTLS: only one record per datagram
+ * uint64 cur_out_ctr; // Record layer: outgoing sequence number
+ * uint16 mtu; // DTLS: path mtu (max outgoing fragment size)
+ * uint8 alpn_chosen_len;
+ * uint8 alpn_chosen<0..2^8-1> // ALPN: negotiated application protocol
+ *
+ * /p ssl pointer to serialized session
+ * /p len number of bytes in the buffer
+ */
+void print_deserialized_ssl_context(const uint8_t *ssl, size_t len)
+{
+ const uint8_t *end = ssl + len;
+ uint32_t session_len;
+ int session_cfg_flag;
+ int context_cfg_flag;
+
+ printf("\nMbed TLS version:\n");
+
+ CHECK_SSL_END(3 + 2 + 3);
+
+ printf("\tmajor %u\n", (uint32_t) *ssl++);
+ printf("\tminor %u\n", (uint32_t) *ssl++);
+ printf("\tpath %u\n", (uint32_t) *ssl++);
+
+ printf("\nEnabled session and context configuration:\n");
+
+ session_cfg_flag = ((int) ssl[0] << 8) | ((int) ssl[1]);
+ ssl += 2;
+
+ context_cfg_flag = ((int) ssl[0] << 16) |
+ ((int) ssl[1] << 8) |
+ ((int) ssl[2]);
+ ssl += 3;
+
+ printf_dbg("Session config flags 0x%04X\n", session_cfg_flag);
+ printf_dbg("Context config flags 0x%06X\n", context_cfg_flag);
+
+ print_if_bit("MBEDTLS_HAVE_TIME", SESSION_CONFIG_TIME_BIT, session_cfg_flag);
+ print_if_bit("MBEDTLS_X509_CRT_PARSE_C", SESSION_CONFIG_CRT_BIT, session_cfg_flag);
+ print_if_bit("MBEDTLS_SSL_MAX_FRAGMENT_LENGTH", SESSION_CONFIG_MFL_BIT, session_cfg_flag);
+ print_if_bit("MBEDTLS_SSL_ENCRYPT_THEN_MAC", SESSION_CONFIG_ETM_BIT, session_cfg_flag);
+ print_if_bit("MBEDTLS_SSL_SESSION_TICKETS", SESSION_CONFIG_TICKET_BIT, session_cfg_flag);
+ print_if_bit("MBEDTLS_SSL_SESSION_TICKETS and client",
+ SESSION_CONFIG_CLIENT_TICKET_BIT,
+ session_cfg_flag);
+
+ print_if_bit("MBEDTLS_SSL_DTLS_CONNECTION_ID",
+ CONTEXT_CONFIG_DTLS_CONNECTION_ID_BIT,
+ context_cfg_flag);
+ print_if_bit("MBEDTLS_SSL_DTLS_ANTI_REPLAY",
+ CONTEXT_CONFIG_DTLS_ANTI_REPLAY_BIT,
+ context_cfg_flag);
+ print_if_bit("MBEDTLS_SSL_ALPN", CONTEXT_CONFIG_ALPN_BIT, context_cfg_flag);
+
+ CHECK_SSL_END(4);
+ session_len = ((uint32_t) ssl[0] << 24) |
+ ((uint32_t) ssl[1] << 16) |
+ ((uint32_t) ssl[2] << 8) |
+ ((uint32_t) ssl[3]);
+ ssl += 4;
+ printf_dbg("Session length %u\n", session_len);
+
+ CHECK_SSL_END(session_len);
+ print_deserialized_ssl_session(ssl, session_len, session_cfg_flag);
+ ssl += session_len;
+
+ printf("\nRandom bytes:\n\t");
+
+ CHECK_SSL_END(TRANSFORM_RANDBYTE_LEN);
+ print_hex(ssl, TRANSFORM_RANDBYTE_LEN, 22, "\t");
+ ssl += TRANSFORM_RANDBYTE_LEN;
+
+ printf("\nContext others:\n");
+
+ if (CONTEXT_CONFIG_DTLS_CONNECTION_ID_BIT & context_cfg_flag) {
+ uint8_t cid_len;
+
+ CHECK_SSL_END(1);
+ cid_len = *ssl++;
+ printf_dbg("In CID length %u\n", (uint32_t) cid_len);
+
+ printf("\tin CID : ");
+ if (cid_len > 0) {
+ CHECK_SSL_END(cid_len);
+ print_hex(ssl, cid_len, 20, "\t");
+ ssl += cid_len;
+ } else {
+ printf("none\n");
+ }
+
+ CHECK_SSL_END(1);
+ cid_len = *ssl++;
+ printf_dbg("Out CID length %u\n", (uint32_t) cid_len);
+
+ printf("\tout CID : ");
+ if (cid_len > 0) {
+ CHECK_SSL_END(cid_len);
+ print_hex(ssl, cid_len, 20, "\t");
+ ssl += cid_len;
+ } else {
+ printf("none\n");
+ }
+ }
+
+ if (CONTEXT_CONFIG_DTLS_BADMAC_LIMIT_BIT & context_cfg_flag) {
+ uint32_t badmac_seen;
+
+ CHECK_SSL_END(4);
+ badmac_seen = ((uint32_t) ssl[0] << 24) |
+ ((uint32_t) ssl[1] << 16) |
+ ((uint32_t) ssl[2] << 8) |
+ ((uint32_t) ssl[3]);
+ ssl += 4;
+ printf("\tbad MAC seen number : %u\n", badmac_seen);
+
+ /* value 'in_window_top' from mbedtls_ssl_context */
+ printf("\tlast validated record sequence no. : ");
+ CHECK_SSL_END(8);
+ print_hex(ssl, 8, 20, "");
+ ssl += 8;
+
+ /* value 'in_window' from mbedtls_ssl_context */
+ printf("\tbitmask for replay detection : ");
+ CHECK_SSL_END(8);
+ print_hex(ssl, 8, 20, "");
+ ssl += 8;
+ }
+
+ if (conf_dtls_proto) {
+ CHECK_SSL_END(1);
+ printf("\tDTLS datagram packing : %s\n",
+ get_enabled_str(!(*ssl++)));
+ }
+
+ /* value 'cur_out_ctr' from mbedtls_ssl_context */
+ printf("\toutgoing record sequence no. : ");
+ CHECK_SSL_END(8);
+ print_hex(ssl, 8, 20, "");
+ ssl += 8;
+
+ if (conf_dtls_proto) {
+ uint16_t mtu;
+ CHECK_SSL_END(2);
+ mtu = (ssl[0] << 8) | ssl[1];
+ ssl += 2;
+ printf("\tMTU : %u\n", mtu);
+ }
+
+
+ if (CONTEXT_CONFIG_ALPN_BIT & context_cfg_flag) {
+ uint8_t alpn_len;
+
+ CHECK_SSL_END(1);
+ alpn_len = *ssl++;
+ printf_dbg("ALPN length %u\n", (uint32_t) alpn_len);
+
+ printf("\tALPN negotiation : ");
+ CHECK_SSL_END(alpn_len);
+ if (alpn_len > 0) {
+ if (strlen((const char *) ssl) == alpn_len) {
+ printf("%s\n", ssl);
+ } else {
+ printf("\n");
+ printf_err("\tALPN negotiation is incorrect\n");
+ }
+ ssl += alpn_len;
+ } else {
+ printf("not selected\n");
+ }
+ }
+
+ if (0 != (end - ssl)) {
+ printf_err("%i bytes left to analyze from context\n", (int32_t) (end - ssl));
+ }
+ printf("\n");
+}
+
+int main(int argc, char *argv[])
+{
+ enum { SSL_INIT_LEN = 4096 };
+
+ uint32_t b64_counter = 0;
+ uint8_t *b64_buf = NULL;
+ uint8_t *ssl_buf = NULL;
+ size_t b64_max_len = SSL_INIT_LEN;
+ size_t ssl_max_len = SSL_INIT_LEN;
+ size_t ssl_len = 0;
+
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ psa_status_t status = psa_crypto_init();
+ if (status != PSA_SUCCESS) {
+ mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n",
+ (int) status);
+ return MBEDTLS_ERR_SSL_HW_ACCEL_FAILED;
+ }
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+
+ /* The 'b64_file' is opened when parsing arguments to check that the
+ * file name is correct */
+ parse_arguments(argc, argv);
+
+ if (NULL != b64_file) {
+ b64_buf = malloc(SSL_INIT_LEN);
+ ssl_buf = malloc(SSL_INIT_LEN);
+
+ if (NULL == b64_buf || NULL == ssl_buf) {
+ printf_err(alloc_err);
+ fclose(b64_file);
+ b64_file = NULL;
+ }
+ }
+
+ while (NULL != b64_file) {
+ size_t b64_len = read_next_b64_code(&b64_buf, &b64_max_len);
+ if (b64_len > 0) {
+ int ret;
+ size_t ssl_required_len = b64_len * 3 / 4 + 1;
+
+ /* Allocate more memory if necessary. */
+ if (ssl_required_len > ssl_max_len) {
+ void *ptr = realloc(ssl_buf, ssl_required_len);
+ if (NULL == ptr) {
+ printf_err(alloc_err);
+ fclose(b64_file);
+ b64_file = NULL;
+ break;
+ }
+ ssl_buf = ptr;
+ ssl_max_len = ssl_required_len;
+ }
+
+ printf("\nDeserializing number %u:\n", ++b64_counter);
+
+ printf("\nBase64 code:\n");
+ print_b64(b64_buf, b64_len);
+
+ ret = mbedtls_base64_decode(ssl_buf, ssl_max_len, &ssl_len, b64_buf, b64_len);
+ if (ret != 0) {
+ mbedtls_strerror(ret, (char *) b64_buf, b64_max_len);
+ printf_err("base64 code cannot be decoded - %s\n", b64_buf);
+ continue;
+ }
+
+ if (debug) {
+ printf("\nDecoded data in hex:\n\t");
+ print_hex(ssl_buf, ssl_len, 25, "\t");
+ }
+
+ print_deserialized_ssl_context(ssl_buf, ssl_len);
+
+ } else {
+ fclose(b64_file);
+ b64_file = NULL;
+ }
+ }
+
+ free(b64_buf);
+ free(ssl_buf);
+
+ if (b64_counter > 0) {
+ printf_dbg("Finished. Found %u base64 codes\n", b64_counter);
+ } else {
+ printf("Finished. No valid base64 code found\n");
+ }
+
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ mbedtls_psa_crypto_free();
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+
+ return 0;
+}
+
+#endif /* MBEDTLS_X509_CRT_PARSE_C */
diff --git a/programs/ssl/ssl_fork_server.c b/programs/ssl/ssl_fork_server.c
new file mode 100644
index 0000000..f4822b7
--- /dev/null
+++ b/programs/ssl/ssl_fork_server.c
@@ -0,0 +1,381 @@
+/*
+ * SSL server demonstration program using fork() for handling multiple clients
+ *
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ */
+
+#include "mbedtls/build_info.h"
+
+#include "mbedtls/platform.h"
+
+#if !defined(MBEDTLS_BIGNUM_C) || !defined(MBEDTLS_ENTROPY_C) || \
+ !defined(MBEDTLS_SSL_TLS_C) || !defined(MBEDTLS_SSL_SRV_C) || \
+ !defined(MBEDTLS_NET_C) || !defined(MBEDTLS_RSA_C) || \
+ !defined(MBEDTLS_CTR_DRBG_C) || !defined(MBEDTLS_X509_CRT_PARSE_C) || \
+ !defined(MBEDTLS_TIMING_C) || !defined(MBEDTLS_FS_IO) || \
+ !defined(MBEDTLS_PEM_PARSE_C)
+int main(int argc, char *argv[])
+{
+ ((void) argc);
+ ((void) argv);
+
+ mbedtls_printf("MBEDTLS_BIGNUM_C and/or MBEDTLS_ENTROPY_C "
+ "and/or MBEDTLS_SSL_TLS_C and/or MBEDTLS_SSL_SRV_C and/or "
+ "MBEDTLS_NET_C and/or MBEDTLS_RSA_C and/or "
+ "MBEDTLS_CTR_DRBG_C and/or MBEDTLS_X509_CRT_PARSE_C and/or "
+ "MBEDTLS_TIMING_C and/or MBEDTLS_PEM_PARSE_C not defined.\n");
+ mbedtls_exit(0);
+}
+#elif defined(_WIN32)
+int main(void)
+{
+ mbedtls_printf("_WIN32 defined. This application requires fork() and signals "
+ "to work correctly.\n");
+ mbedtls_exit(0);
+}
+#else
+
+#include "mbedtls/entropy.h"
+#include "mbedtls/ctr_drbg.h"
+#include "test/certs.h"
+#include "mbedtls/x509.h"
+#include "mbedtls/ssl.h"
+#include "mbedtls/net_sockets.h"
+#include "mbedtls/timing.h"
+
+#include <string.h>
+#include <signal.h>
+
+#if !defined(_MSC_VER) || defined(EFIX64) || defined(EFI32)
+#include <unistd.h>
+#endif
+
+#define HTTP_RESPONSE \
+ "HTTP/1.0 200 OK\r\nContent-Type: text/html\r\n\r\n" \
+ "<h2>Mbed TLS Test Server</h2>\r\n" \
+ "<p>Successful connection using: %s</p>\r\n"
+
+#define DEBUG_LEVEL 0
+
+
+static void my_debug(void *ctx, int level,
+ const char *file, int line,
+ const char *str)
+{
+ ((void) level);
+
+ mbedtls_fprintf((FILE *) ctx, "%s:%04d: %s", file, line, str);
+ fflush((FILE *) ctx);
+}
+
+int main(void)
+{
+ int ret = 1, len, cnt = 0, pid;
+ int exit_code = MBEDTLS_EXIT_FAILURE;
+ mbedtls_net_context listen_fd, client_fd;
+ unsigned char buf[1024];
+ const char *pers = "ssl_fork_server";
+
+ mbedtls_entropy_context entropy;
+ mbedtls_ctr_drbg_context ctr_drbg;
+ mbedtls_ssl_context ssl;
+ mbedtls_ssl_config conf;
+ mbedtls_x509_crt srvcert;
+ mbedtls_pk_context pkey;
+
+ mbedtls_net_init(&listen_fd);
+ mbedtls_net_init(&client_fd);
+ mbedtls_ssl_init(&ssl);
+ mbedtls_ssl_config_init(&conf);
+ mbedtls_entropy_init(&entropy);
+ mbedtls_pk_init(&pkey);
+ mbedtls_x509_crt_init(&srvcert);
+ mbedtls_ctr_drbg_init(&ctr_drbg);
+
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ psa_status_t status = psa_crypto_init();
+ if (status != PSA_SUCCESS) {
+ mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n",
+ (int) status);
+ goto exit;
+ }
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+
+ signal(SIGCHLD, SIG_IGN);
+
+ /*
+ * 0. Initial seeding of the RNG
+ */
+ mbedtls_printf("\n . Initial seeding of the random generator...");
+ fflush(stdout);
+
+ if ((ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &entropy,
+ (const unsigned char *) pers,
+ strlen(pers))) != 0) {
+ mbedtls_printf(" failed! mbedtls_ctr_drbg_seed returned %d\n\n", ret);
+ goto exit;
+ }
+
+ mbedtls_printf(" ok\n");
+
+ /*
+ * 1. Load the certificates and private RSA key
+ */
+ mbedtls_printf(" . Loading the server cert. and key...");
+ fflush(stdout);
+
+ /*
+ * This demonstration program uses embedded test certificates.
+ * Instead, you may want to use mbedtls_x509_crt_parse_file() to read the
+ * server and CA certificates, as well as mbedtls_pk_parse_keyfile().
+ */
+ ret = mbedtls_x509_crt_parse(&srvcert, (const unsigned char *) mbedtls_test_srv_crt,
+ mbedtls_test_srv_crt_len);
+ if (ret != 0) {
+ mbedtls_printf(" failed! mbedtls_x509_crt_parse returned %d\n\n", ret);
+ goto exit;
+ }
+
+ ret = mbedtls_x509_crt_parse(&srvcert, (const unsigned char *) mbedtls_test_cas_pem,
+ mbedtls_test_cas_pem_len);
+ if (ret != 0) {
+ mbedtls_printf(" failed! mbedtls_x509_crt_parse returned %d\n\n", ret);
+ goto exit;
+ }
+
+ ret = mbedtls_pk_parse_key(&pkey, (const unsigned char *) mbedtls_test_srv_key,
+ mbedtls_test_srv_key_len, NULL, 0,
+ mbedtls_ctr_drbg_random, &ctr_drbg);
+ if (ret != 0) {
+ mbedtls_printf(" failed! mbedtls_pk_parse_key returned %d\n\n", ret);
+ goto exit;
+ }
+
+ mbedtls_printf(" ok\n");
+
+ /*
+ * 1b. Prepare SSL configuration
+ */
+ mbedtls_printf(" . Configuring SSL...");
+ fflush(stdout);
+
+ if ((ret = mbedtls_ssl_config_defaults(&conf,
+ MBEDTLS_SSL_IS_SERVER,
+ MBEDTLS_SSL_TRANSPORT_STREAM,
+ MBEDTLS_SSL_PRESET_DEFAULT)) != 0) {
+ mbedtls_printf(" failed! mbedtls_ssl_config_defaults returned %d\n\n", ret);
+ goto exit;
+ }
+
+ mbedtls_ssl_conf_rng(&conf, mbedtls_ctr_drbg_random, &ctr_drbg);
+ mbedtls_ssl_conf_dbg(&conf, my_debug, stdout);
+
+ mbedtls_ssl_conf_ca_chain(&conf, srvcert.next, NULL);
+ if ((ret = mbedtls_ssl_conf_own_cert(&conf, &srvcert, &pkey)) != 0) {
+ mbedtls_printf(" failed! mbedtls_ssl_conf_own_cert returned %d\n\n", ret);
+ goto exit;
+ }
+
+ mbedtls_printf(" ok\n");
+
+ /*
+ * 2. Setup the listening TCP socket
+ */
+ mbedtls_printf(" . Bind on https://localhost:4433/ ...");
+ fflush(stdout);
+
+ if ((ret = mbedtls_net_bind(&listen_fd, NULL, "4433", MBEDTLS_NET_PROTO_TCP)) != 0) {
+ mbedtls_printf(" failed! mbedtls_net_bind returned %d\n\n", ret);
+ goto exit;
+ }
+
+ mbedtls_printf(" ok\n");
+
+ while (1) {
+ /*
+ * 3. Wait until a client connects
+ */
+ mbedtls_net_init(&client_fd);
+ mbedtls_ssl_init(&ssl);
+
+ mbedtls_printf(" . Waiting for a remote connection ...\n");
+ fflush(stdout);
+
+ if ((ret = mbedtls_net_accept(&listen_fd, &client_fd,
+ NULL, 0, NULL)) != 0) {
+ mbedtls_printf(" failed! mbedtls_net_accept returned %d\n\n", ret);
+ goto exit;
+ }
+
+ /*
+ * 3.5. Forking server thread
+ */
+
+ mbedtls_printf(" . Forking to handle connection ...");
+ fflush(stdout);
+
+ pid = fork();
+
+ if (pid < 0) {
+ mbedtls_printf(" failed! fork returned %d\n\n", pid);
+ goto exit;
+ }
+
+ if (pid != 0) {
+ mbedtls_printf(" ok\n");
+ mbedtls_net_close(&client_fd);
+
+ if ((ret = mbedtls_ctr_drbg_reseed(&ctr_drbg,
+ (const unsigned char *) "parent",
+ 6)) != 0) {
+ mbedtls_printf(" failed! mbedtls_ctr_drbg_reseed returned %d\n\n", ret);
+ goto exit;
+ }
+
+ continue;
+ }
+
+ mbedtls_net_close(&listen_fd);
+
+ pid = getpid();
+
+ /*
+ * 4. Setup stuff
+ */
+ mbedtls_printf("pid %d: Setting up the SSL data.\n", pid);
+ fflush(stdout);
+
+ if ((ret = mbedtls_ctr_drbg_reseed(&ctr_drbg,
+ (const unsigned char *) "child",
+ 5)) != 0) {
+ mbedtls_printf(
+ "pid %d: SSL setup failed! mbedtls_ctr_drbg_reseed returned %d\n\n",
+ pid, ret);
+ goto exit;
+ }
+
+ if ((ret = mbedtls_ssl_setup(&ssl, &conf)) != 0) {
+ mbedtls_printf(
+ "pid %d: SSL setup failed! mbedtls_ssl_setup returned %d\n\n",
+ pid, ret);
+ goto exit;
+ }
+
+ mbedtls_ssl_set_bio(&ssl, &client_fd, mbedtls_net_send, mbedtls_net_recv, NULL);
+
+ mbedtls_printf("pid %d: SSL setup ok\n", pid);
+
+ /*
+ * 5. Handshake
+ */
+ mbedtls_printf("pid %d: Performing the SSL/TLS handshake.\n", pid);
+ fflush(stdout);
+
+ while ((ret = mbedtls_ssl_handshake(&ssl)) != 0) {
+ if (ret != MBEDTLS_ERR_SSL_WANT_READ && ret != MBEDTLS_ERR_SSL_WANT_WRITE) {
+ mbedtls_printf(
+ "pid %d: SSL handshake failed! mbedtls_ssl_handshake returned %d\n\n",
+ pid, ret);
+ goto exit;
+ }
+ }
+
+ mbedtls_printf("pid %d: SSL handshake ok\n", pid);
+
+ /*
+ * 6. Read the HTTP Request
+ */
+ mbedtls_printf("pid %d: Start reading from client.\n", pid);
+ fflush(stdout);
+
+ do {
+ len = sizeof(buf) - 1;
+ memset(buf, 0, sizeof(buf));
+ ret = mbedtls_ssl_read(&ssl, buf, len);
+
+ if (ret == MBEDTLS_ERR_SSL_WANT_READ || ret == MBEDTLS_ERR_SSL_WANT_WRITE) {
+ continue;
+ }
+
+ if (ret <= 0) {
+ switch (ret) {
+ case MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY:
+ mbedtls_printf("pid %d: connection was closed gracefully\n", pid);
+ break;
+
+ case MBEDTLS_ERR_NET_CONN_RESET:
+ mbedtls_printf("pid %d: connection was reset by peer\n", pid);
+ break;
+
+ default:
+ mbedtls_printf("pid %d: mbedtls_ssl_read returned %d\n", pid, ret);
+ break;
+ }
+
+ break;
+ }
+
+ len = ret;
+ mbedtls_printf("pid %d: %d bytes read\n\n%s", pid, len, (char *) buf);
+
+ if (ret > 0) {
+ break;
+ }
+ } while (1);
+
+ /*
+ * 7. Write the 200 Response
+ */
+ mbedtls_printf("pid %d: Start writing to client.\n", pid);
+ fflush(stdout);
+
+ len = sprintf((char *) buf, HTTP_RESPONSE,
+ mbedtls_ssl_get_ciphersuite(&ssl));
+
+ while (cnt++ < 100) {
+ while ((ret = mbedtls_ssl_write(&ssl, buf, len)) <= 0) {
+ if (ret == MBEDTLS_ERR_NET_CONN_RESET) {
+ mbedtls_printf(
+ "pid %d: Write failed! peer closed the connection\n\n", pid);
+ goto exit;
+ }
+
+ if (ret != MBEDTLS_ERR_SSL_WANT_READ && ret != MBEDTLS_ERR_SSL_WANT_WRITE) {
+ mbedtls_printf(
+ "pid %d: Write failed! mbedtls_ssl_write returned %d\n\n",
+ pid, ret);
+ goto exit;
+ }
+ }
+ len = ret;
+ mbedtls_printf("pid %d: %d bytes written\n\n%s\n", pid, len, (char *) buf);
+
+ mbedtls_net_usleep(1000000);
+ }
+
+ mbedtls_ssl_close_notify(&ssl);
+ goto exit;
+ }
+
+ exit_code = MBEDTLS_EXIT_SUCCESS;
+
+exit:
+ mbedtls_net_free(&client_fd);
+ mbedtls_net_free(&listen_fd);
+ mbedtls_x509_crt_free(&srvcert);
+ mbedtls_pk_free(&pkey);
+ mbedtls_ssl_free(&ssl);
+ mbedtls_ssl_config_free(&conf);
+ mbedtls_ctr_drbg_free(&ctr_drbg);
+ mbedtls_entropy_free(&entropy);
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ mbedtls_psa_crypto_free();
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+
+ mbedtls_exit(exit_code);
+}
+#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_ENTROPY_C &&
+ MBEDTLS_SSL_TLS_C && MBEDTLS_SSL_SRV_C && MBEDTLS_NET_C &&
+ MBEDTLS_RSA_C && MBEDTLS_CTR_DRBG_C && MBEDTLS_PEM_PARSE_C &&
+ ! _WIN32 */
diff --git a/programs/ssl/ssl_mail_client.c b/programs/ssl/ssl_mail_client.c
new file mode 100644
index 0000000..febb881
--- /dev/null
+++ b/programs/ssl/ssl_mail_client.c
@@ -0,0 +1,804 @@
+/*
+ * SSL client for SMTP servers
+ *
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ */
+
+/* Enable definition of gethostname() even when compiling with -std=c99. Must
+ * be set before mbedtls_config.h, which pulls in glibc's features.h indirectly.
+ * Harmless on other platforms. */
+
+#define _POSIX_C_SOURCE 200112L
+#define _XOPEN_SOURCE 600
+
+#include "mbedtls/build_info.h"
+
+#include "mbedtls/platform.h"
+
+#if !defined(MBEDTLS_BIGNUM_C) || !defined(MBEDTLS_ENTROPY_C) || \
+ !defined(MBEDTLS_SSL_TLS_C) || !defined(MBEDTLS_SSL_CLI_C) || \
+ !defined(MBEDTLS_NET_C) || !defined(MBEDTLS_RSA_C) || \
+ !defined(MBEDTLS_CTR_DRBG_C) || !defined(MBEDTLS_X509_CRT_PARSE_C) || \
+ !defined(MBEDTLS_FS_IO)
+int main(void)
+{
+ mbedtls_printf("MBEDTLS_BIGNUM_C and/or MBEDTLS_ENTROPY_C and/or "
+ "MBEDTLS_SSL_TLS_C and/or MBEDTLS_SSL_CLI_C and/or "
+ "MBEDTLS_NET_C and/or MBEDTLS_RSA_C and/or "
+ "MBEDTLS_CTR_DRBG_C and/or MBEDTLS_X509_CRT_PARSE_C "
+ "not defined.\n");
+ mbedtls_exit(0);
+}
+#else
+
+#include "mbedtls/base64.h"
+#include "mbedtls/error.h"
+#include "mbedtls/net_sockets.h"
+#include "mbedtls/ssl.h"
+#include "mbedtls/entropy.h"
+#include "mbedtls/ctr_drbg.h"
+#include "test/certs.h"
+#include "mbedtls/x509.h"
+
+#include <stdlib.h>
+#include <string.h>
+
+#if !defined(_MSC_VER) || defined(EFIX64) || defined(EFI32)
+#include <unistd.h>
+#else
+#include <io.h>
+#endif
+
+#if defined(_WIN32) || defined(_WIN32_WCE)
+#include <winsock2.h>
+#include <windows.h>
+
+#if defined(_MSC_VER)
+#if defined(_WIN32_WCE)
+#pragma comment( lib, "ws2.lib" )
+#else
+#pragma comment( lib, "ws2_32.lib" )
+#endif
+#endif /* _MSC_VER */
+#endif
+
+#define DFL_SERVER_NAME "localhost"
+#define DFL_SERVER_PORT "465"
+#define DFL_USER_NAME "user"
+#define DFL_USER_PWD "password"
+#define DFL_MAIL_FROM ""
+#define DFL_MAIL_TO ""
+#define DFL_DEBUG_LEVEL 0
+#define DFL_CA_FILE ""
+#define DFL_CRT_FILE ""
+#define DFL_KEY_FILE ""
+#define DFL_FORCE_CIPHER 0
+#define DFL_MODE 0
+#define DFL_AUTHENTICATION 0
+
+#define MODE_SSL_TLS 0
+#define MODE_STARTTLS 0
+
+#if defined(MBEDTLS_BASE64_C)
+#define USAGE_AUTH \
+ " authentication=%%d default: 0 (disabled)\n" \
+ " user_name=%%s default: \"" DFL_USER_NAME "\"\n" \
+ " user_pwd=%%s default: \"" \
+ DFL_USER_PWD "\"\n"
+#else
+#define USAGE_AUTH \
+ " authentication options disabled. (Require MBEDTLS_BASE64_C)\n"
+#endif /* MBEDTLS_BASE64_C */
+
+#if defined(MBEDTLS_FS_IO)
+#define USAGE_IO \
+ " ca_file=%%s default: \"\" (pre-loaded)\n" \
+ " crt_file=%%s default: \"\" (pre-loaded)\n" \
+ " key_file=%%s default: \"\" (pre-loaded)\n"
+#else
+#define USAGE_IO \
+ " No file operations available (MBEDTLS_FS_IO not defined)\n"
+#endif /* MBEDTLS_FS_IO */
+
+#define USAGE \
+ "\n usage: ssl_mail_client param=<>...\n" \
+ "\n acceptable parameters:\n" \
+ " server_name=%%s default: " DFL_SERVER_NAME "\n" \
+ " server_port=%%d default: " \
+ DFL_SERVER_PORT "\n" \
+ " debug_level=%%d default: 0 (disabled)\n" \
+ " mode=%%d default: 0 (SSL/TLS) (1 for STARTTLS)\n" \
+ USAGE_AUTH \
+ " mail_from=%%s default: \"\"\n" \
+ " mail_to=%%s default: \"\"\n" \
+ USAGE_IO \
+ " force_ciphersuite=<name> default: all enabled\n" \
+ " acceptable ciphersuite names:\n"
+
+
+/*
+ * global options
+ */
+struct options {
+ const char *server_name; /* hostname of the server (client only) */
+ const char *server_port; /* port on which the ssl service runs */
+ int debug_level; /* level of debugging */
+ int authentication; /* if authentication is required */
+ int mode; /* SSL/TLS (0) or STARTTLS (1) */
+ const char *user_name; /* username to use for authentication */
+ const char *user_pwd; /* password to use for authentication */
+ const char *mail_from; /* E-Mail address to use as sender */
+ const char *mail_to; /* E-Mail address to use as recipient */
+ const char *ca_file; /* the file with the CA certificate(s) */
+ const char *crt_file; /* the file with the client certificate */
+ const char *key_file; /* the file with the client key */
+ int force_ciphersuite[2]; /* protocol/ciphersuite to use, or all */
+} opt;
+
+static void my_debug(void *ctx, int level,
+ const char *file, int line,
+ const char *str)
+{
+ ((void) level);
+
+ mbedtls_fprintf((FILE *) ctx, "%s:%04d: %s", file, line, str);
+ fflush((FILE *) ctx);
+}
+
+static int do_handshake(mbedtls_ssl_context *ssl)
+{
+ int ret;
+ uint32_t flags;
+ unsigned char buf[1024];
+ memset(buf, 0, 1024);
+
+ /*
+ * 4. Handshake
+ */
+ mbedtls_printf(" . Performing the SSL/TLS handshake...");
+ fflush(stdout);
+
+ while ((ret = mbedtls_ssl_handshake(ssl)) != 0) {
+ if (ret != MBEDTLS_ERR_SSL_WANT_READ && ret != MBEDTLS_ERR_SSL_WANT_WRITE) {
+#if defined(MBEDTLS_ERROR_C)
+ mbedtls_strerror(ret, (char *) buf, 1024);
+#endif
+ mbedtls_printf(" failed\n ! mbedtls_ssl_handshake returned %d: %s\n\n", ret, buf);
+ return -1;
+ }
+ }
+
+ mbedtls_printf(" ok\n [ Ciphersuite is %s ]\n",
+ mbedtls_ssl_get_ciphersuite(ssl));
+
+ /*
+ * 5. Verify the server certificate
+ */
+ mbedtls_printf(" . Verifying peer X.509 certificate...");
+
+ /* In real life, we probably want to bail out when ret != 0 */
+ if ((flags = mbedtls_ssl_get_verify_result(ssl)) != 0) {
+#if !defined(MBEDTLS_X509_REMOVE_INFO)
+ char vrfy_buf[512];
+#endif
+
+ mbedtls_printf(" failed\n");
+
+#if !defined(MBEDTLS_X509_REMOVE_INFO)
+ mbedtls_x509_crt_verify_info(vrfy_buf, sizeof(vrfy_buf), " ! ", flags);
+
+ mbedtls_printf("%s\n", vrfy_buf);
+#endif
+ } else {
+ mbedtls_printf(" ok\n");
+ }
+
+#if !defined(MBEDTLS_X509_REMOVE_INFO)
+ mbedtls_printf(" . Peer certificate information ...\n");
+ mbedtls_x509_crt_info((char *) buf, sizeof(buf) - 1, " ",
+ mbedtls_ssl_get_peer_cert(ssl));
+ mbedtls_printf("%s\n", buf);
+#endif
+
+ return 0;
+}
+
+static int write_ssl_data(mbedtls_ssl_context *ssl, unsigned char *buf, size_t len)
+{
+ int ret;
+
+ mbedtls_printf("\n%s", buf);
+ while (len && (ret = mbedtls_ssl_write(ssl, buf, len)) <= 0) {
+ if (ret != MBEDTLS_ERR_SSL_WANT_READ && ret != MBEDTLS_ERR_SSL_WANT_WRITE) {
+ mbedtls_printf(" failed\n ! mbedtls_ssl_write returned %d\n\n", ret);
+ return -1;
+ }
+ }
+
+ return 0;
+}
+
+static int write_ssl_and_get_response(mbedtls_ssl_context *ssl, unsigned char *buf, size_t len)
+{
+ int ret;
+ unsigned char data[128];
+ char code[4];
+ size_t i, idx = 0;
+
+ mbedtls_printf("\n%s", buf);
+ while (len && (ret = mbedtls_ssl_write(ssl, buf, len)) <= 0) {
+ if (ret != MBEDTLS_ERR_SSL_WANT_READ && ret != MBEDTLS_ERR_SSL_WANT_WRITE) {
+ mbedtls_printf(" failed\n ! mbedtls_ssl_write returned %d\n\n", ret);
+ return -1;
+ }
+ }
+
+ do {
+ len = sizeof(data) - 1;
+ memset(data, 0, sizeof(data));
+ ret = mbedtls_ssl_read(ssl, data, len);
+
+ if (ret == MBEDTLS_ERR_SSL_WANT_READ || ret == MBEDTLS_ERR_SSL_WANT_WRITE) {
+ continue;
+ }
+
+ if (ret == MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY) {
+ return -1;
+ }
+
+ if (ret <= 0) {
+ mbedtls_printf("failed\n ! mbedtls_ssl_read returned %d\n\n", ret);
+ return -1;
+ }
+
+ mbedtls_printf("\n%s", data);
+ len = ret;
+ for (i = 0; i < len; i++) {
+ if (data[i] != '\n') {
+ if (idx < 4) {
+ code[idx++] = data[i];
+ }
+ continue;
+ }
+
+ if (idx == 4 && code[0] >= '0' && code[0] <= '9' && code[3] == ' ') {
+ code[3] = '\0';
+ return atoi(code);
+ }
+
+ idx = 0;
+ }
+ } while (1);
+}
+
+static int write_and_get_response(mbedtls_net_context *sock_fd, unsigned char *buf, size_t len)
+{
+ int ret;
+ unsigned char data[128];
+ char code[4];
+ size_t i, idx = 0;
+
+ mbedtls_printf("\n%s", buf);
+ if (len && (ret = mbedtls_net_send(sock_fd, buf, len)) <= 0) {
+ mbedtls_printf(" failed\n ! mbedtls_net_send returned %d\n\n", ret);
+ return -1;
+ }
+
+ do {
+ len = sizeof(data) - 1;
+ memset(data, 0, sizeof(data));
+ ret = mbedtls_net_recv(sock_fd, data, len);
+
+ if (ret <= 0) {
+ mbedtls_printf("failed\n ! mbedtls_net_recv returned %d\n\n", ret);
+ return -1;
+ }
+
+ data[len] = '\0';
+ mbedtls_printf("\n%s", data);
+ len = ret;
+ for (i = 0; i < len; i++) {
+ if (data[i] != '\n') {
+ if (idx < 4) {
+ code[idx++] = data[i];
+ }
+ continue;
+ }
+
+ if (idx == 4 && code[0] >= '0' && code[0] <= '9' && code[3] == ' ') {
+ code[3] = '\0';
+ return atoi(code);
+ }
+
+ idx = 0;
+ }
+ } while (1);
+}
+
+int main(int argc, char *argv[])
+{
+ int ret = 1, len;
+ int exit_code = MBEDTLS_EXIT_FAILURE;
+ mbedtls_net_context server_fd;
+#if defined(MBEDTLS_BASE64_C)
+ unsigned char base[1024];
+ /* buf is used as the destination buffer for printing base with the format:
+ * "%s\r\n". Hence, the size of buf should be at least the size of base
+ * plus 2 bytes for the \r and \n characters.
+ */
+ unsigned char buf[sizeof(base) + 2];
+#else
+ unsigned char buf[1024];
+#endif
+ char hostname[32];
+ const char *pers = "ssl_mail_client";
+
+ mbedtls_entropy_context entropy;
+ mbedtls_ctr_drbg_context ctr_drbg;
+ mbedtls_ssl_context ssl;
+ mbedtls_ssl_config conf;
+ mbedtls_x509_crt cacert;
+ mbedtls_x509_crt clicert;
+ mbedtls_pk_context pkey;
+ int i;
+ size_t n;
+ char *p, *q;
+ const int *list;
+
+ /*
+ * Make sure memory references are valid in case we exit early.
+ */
+ mbedtls_net_init(&server_fd);
+ mbedtls_ssl_init(&ssl);
+ mbedtls_ssl_config_init(&conf);
+ memset(&buf, 0, sizeof(buf));
+ mbedtls_x509_crt_init(&cacert);
+ mbedtls_x509_crt_init(&clicert);
+ mbedtls_pk_init(&pkey);
+ mbedtls_ctr_drbg_init(&ctr_drbg);
+ mbedtls_entropy_init(&entropy);
+
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ psa_status_t status = psa_crypto_init();
+ if (status != PSA_SUCCESS) {
+ mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n",
+ (int) status);
+ goto exit;
+ }
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+
+ if (argc < 2) {
+usage:
+ mbedtls_printf(USAGE);
+
+ list = mbedtls_ssl_list_ciphersuites();
+ while (*list) {
+ mbedtls_printf(" %s\n", mbedtls_ssl_get_ciphersuite_name(*list));
+ list++;
+ }
+ mbedtls_printf("\n");
+ goto exit;
+ }
+
+ opt.server_name = DFL_SERVER_NAME;
+ opt.server_port = DFL_SERVER_PORT;
+ opt.debug_level = DFL_DEBUG_LEVEL;
+ opt.authentication = DFL_AUTHENTICATION;
+ opt.mode = DFL_MODE;
+ opt.user_name = DFL_USER_NAME;
+ opt.user_pwd = DFL_USER_PWD;
+ opt.mail_from = DFL_MAIL_FROM;
+ opt.mail_to = DFL_MAIL_TO;
+ opt.ca_file = DFL_CA_FILE;
+ opt.crt_file = DFL_CRT_FILE;
+ opt.key_file = DFL_KEY_FILE;
+ opt.force_ciphersuite[0] = DFL_FORCE_CIPHER;
+
+ for (i = 1; i < argc; i++) {
+ p = argv[i];
+ if ((q = strchr(p, '=')) == NULL) {
+ goto usage;
+ }
+ *q++ = '\0';
+
+ if (strcmp(p, "server_name") == 0) {
+ opt.server_name = q;
+ } else if (strcmp(p, "server_port") == 0) {
+ opt.server_port = q;
+ } else if (strcmp(p, "debug_level") == 0) {
+ opt.debug_level = atoi(q);
+ if (opt.debug_level < 0 || opt.debug_level > 65535) {
+ goto usage;
+ }
+ } else if (strcmp(p, "authentication") == 0) {
+ opt.authentication = atoi(q);
+ if (opt.authentication < 0 || opt.authentication > 1) {
+ goto usage;
+ }
+ } else if (strcmp(p, "mode") == 0) {
+ opt.mode = atoi(q);
+ if (opt.mode < 0 || opt.mode > 1) {
+ goto usage;
+ }
+ } else if (strcmp(p, "user_name") == 0) {
+ opt.user_name = q;
+ } else if (strcmp(p, "user_pwd") == 0) {
+ opt.user_pwd = q;
+ } else if (strcmp(p, "mail_from") == 0) {
+ opt.mail_from = q;
+ } else if (strcmp(p, "mail_to") == 0) {
+ opt.mail_to = q;
+ } else if (strcmp(p, "ca_file") == 0) {
+ opt.ca_file = q;
+ } else if (strcmp(p, "crt_file") == 0) {
+ opt.crt_file = q;
+ } else if (strcmp(p, "key_file") == 0) {
+ opt.key_file = q;
+ } else if (strcmp(p, "force_ciphersuite") == 0) {
+ opt.force_ciphersuite[0] = -1;
+
+ opt.force_ciphersuite[0] = mbedtls_ssl_get_ciphersuite_id(q);
+
+ if (opt.force_ciphersuite[0] <= 0) {
+ goto usage;
+ }
+
+ opt.force_ciphersuite[1] = 0;
+ } else {
+ goto usage;
+ }
+ }
+
+ /*
+ * 0. Initialize the RNG and the session data
+ */
+ mbedtls_printf("\n . Seeding the random number generator...");
+ fflush(stdout);
+
+ if ((ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &entropy,
+ (const unsigned char *) pers,
+ strlen(pers))) != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_ctr_drbg_seed returned %d\n", ret);
+ goto exit;
+ }
+
+ mbedtls_printf(" ok\n");
+
+ /*
+ * 1.1. Load the trusted CA
+ */
+ mbedtls_printf(" . Loading the CA root certificate ...");
+ fflush(stdout);
+
+#if defined(MBEDTLS_FS_IO)
+ if (strlen(opt.ca_file)) {
+ ret = mbedtls_x509_crt_parse_file(&cacert, opt.ca_file);
+ } else
+#endif
+#if defined(MBEDTLS_PEM_PARSE_C)
+ ret = mbedtls_x509_crt_parse(&cacert, (const unsigned char *) mbedtls_test_cas_pem,
+ mbedtls_test_cas_pem_len);
+#else
+ {
+ mbedtls_printf("MBEDTLS_PEM_PARSE_C not defined.");
+ goto exit;
+ }
+#endif
+ if (ret < 0) {
+ mbedtls_printf(" failed\n ! mbedtls_x509_crt_parse returned %d\n\n", ret);
+ goto exit;
+ }
+
+ mbedtls_printf(" ok (%d skipped)\n", ret);
+
+ /*
+ * 1.2. Load own certificate and private key
+ *
+ * (can be skipped if client authentication is not required)
+ */
+ mbedtls_printf(" . Loading the client cert. and key...");
+ fflush(stdout);
+
+#if defined(MBEDTLS_FS_IO)
+ if (strlen(opt.crt_file)) {
+ ret = mbedtls_x509_crt_parse_file(&clicert, opt.crt_file);
+ } else
+#endif
+ ret = mbedtls_x509_crt_parse(&clicert, (const unsigned char *) mbedtls_test_cli_crt,
+ mbedtls_test_cli_crt_len);
+ if (ret != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_x509_crt_parse returned %d\n\n", ret);
+ goto exit;
+ }
+
+#if defined(MBEDTLS_FS_IO)
+ if (strlen(opt.key_file)) {
+ ret = mbedtls_pk_parse_keyfile(&pkey, opt.key_file, "",
+ mbedtls_ctr_drbg_random, &ctr_drbg);
+ } else
+#endif
+#if defined(MBEDTLS_PEM_PARSE_C)
+ {
+ ret = mbedtls_pk_parse_key(&pkey,
+ (const unsigned char *) mbedtls_test_cli_key,
+ mbedtls_test_cli_key_len,
+ NULL,
+ 0,
+ mbedtls_ctr_drbg_random,
+ &ctr_drbg);
+ }
+#else
+ {
+ mbedtls_printf("MBEDTLS_PEM_PARSE_C not defined.");
+ goto exit;
+ }
+#endif
+ if (ret != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_pk_parse_key returned %d\n\n", ret);
+ goto exit;
+ }
+
+ mbedtls_printf(" ok\n");
+
+ /*
+ * 2. Start the connection
+ */
+ mbedtls_printf(" . Connecting to tcp/%s/%s...", opt.server_name,
+ opt.server_port);
+ fflush(stdout);
+
+ if ((ret = mbedtls_net_connect(&server_fd, opt.server_name,
+ opt.server_port, MBEDTLS_NET_PROTO_TCP)) != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_net_connect returned %d\n\n", ret);
+ goto exit;
+ }
+
+ mbedtls_printf(" ok\n");
+
+ /*
+ * 3. Setup stuff
+ */
+ mbedtls_printf(" . Setting up the SSL/TLS structure...");
+ fflush(stdout);
+
+ if ((ret = mbedtls_ssl_config_defaults(&conf,
+ MBEDTLS_SSL_IS_CLIENT,
+ MBEDTLS_SSL_TRANSPORT_STREAM,
+ MBEDTLS_SSL_PRESET_DEFAULT)) != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_ssl_config_defaults returned %d\n\n", ret);
+ goto exit;
+ }
+
+ /* OPTIONAL is not optimal for security,
+ * but makes interop easier in this simplified example */
+ mbedtls_ssl_conf_authmode(&conf, MBEDTLS_SSL_VERIFY_OPTIONAL);
+
+ mbedtls_ssl_conf_rng(&conf, mbedtls_ctr_drbg_random, &ctr_drbg);
+ mbedtls_ssl_conf_dbg(&conf, my_debug, stdout);
+
+ if (opt.force_ciphersuite[0] != DFL_FORCE_CIPHER) {
+ mbedtls_ssl_conf_ciphersuites(&conf, opt.force_ciphersuite);
+ }
+
+ mbedtls_ssl_conf_ca_chain(&conf, &cacert, NULL);
+ if ((ret = mbedtls_ssl_conf_own_cert(&conf, &clicert, &pkey)) != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_ssl_conf_own_cert returned %d\n\n", ret);
+ goto exit;
+ }
+
+ if ((ret = mbedtls_ssl_setup(&ssl, &conf)) != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_ssl_setup returned %d\n\n", ret);
+ goto exit;
+ }
+
+ if ((ret = mbedtls_ssl_set_hostname(&ssl, opt.server_name)) != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_ssl_set_hostname returned %d\n\n", ret);
+ goto exit;
+ }
+
+ mbedtls_ssl_set_bio(&ssl, &server_fd, mbedtls_net_send, mbedtls_net_recv, NULL);
+
+ mbedtls_printf(" ok\n");
+
+ if (opt.mode == MODE_SSL_TLS) {
+ if (do_handshake(&ssl) != 0) {
+ goto exit;
+ }
+
+ mbedtls_printf(" > Get header from server:");
+ fflush(stdout);
+
+ ret = write_ssl_and_get_response(&ssl, buf, 0);
+ if (ret < 200 || ret > 299) {
+ mbedtls_printf(" failed\n ! server responded with %d\n\n", ret);
+ goto exit;
+ }
+
+ mbedtls_printf(" ok\n");
+
+ mbedtls_printf(" > Write EHLO to server:");
+ fflush(stdout);
+
+ gethostname(hostname, 32);
+ len = sprintf((char *) buf, "EHLO %s\r\n", hostname);
+ ret = write_ssl_and_get_response(&ssl, buf, len);
+ if (ret < 200 || ret > 299) {
+ mbedtls_printf(" failed\n ! server responded with %d\n\n", ret);
+ goto exit;
+ }
+ } else {
+ mbedtls_printf(" > Get header from server:");
+ fflush(stdout);
+
+ ret = write_and_get_response(&server_fd, buf, 0);
+ if (ret < 200 || ret > 299) {
+ mbedtls_printf(" failed\n ! server responded with %d\n\n", ret);
+ goto exit;
+ }
+
+ mbedtls_printf(" ok\n");
+
+ mbedtls_printf(" > Write EHLO to server:");
+ fflush(stdout);
+
+ gethostname(hostname, 32);
+ len = sprintf((char *) buf, "EHLO %s\r\n", hostname);
+ ret = write_and_get_response(&server_fd, buf, len);
+ if (ret < 200 || ret > 299) {
+ mbedtls_printf(" failed\n ! server responded with %d\n\n", ret);
+ goto exit;
+ }
+
+ mbedtls_printf(" ok\n");
+
+ mbedtls_printf(" > Write STARTTLS to server:");
+ fflush(stdout);
+
+ gethostname(hostname, 32);
+ len = sprintf((char *) buf, "STARTTLS\r\n");
+ ret = write_and_get_response(&server_fd, buf, len);
+ if (ret < 200 || ret > 299) {
+ mbedtls_printf(" failed\n ! server responded with %d\n\n", ret);
+ goto exit;
+ }
+
+ mbedtls_printf(" ok\n");
+
+ if (do_handshake(&ssl) != 0) {
+ goto exit;
+ }
+ }
+
+#if defined(MBEDTLS_BASE64_C)
+ if (opt.authentication) {
+ mbedtls_printf(" > Write AUTH LOGIN to server:");
+ fflush(stdout);
+
+ len = sprintf((char *) buf, "AUTH LOGIN\r\n");
+ ret = write_ssl_and_get_response(&ssl, buf, len);
+ if (ret < 200 || ret > 399) {
+ mbedtls_printf(" failed\n ! server responded with %d\n\n", ret);
+ goto exit;
+ }
+
+ mbedtls_printf(" ok\n");
+
+ mbedtls_printf(" > Write username to server: %s", opt.user_name);
+ fflush(stdout);
+
+ ret = mbedtls_base64_encode(base, sizeof(base), &n, (const unsigned char *) opt.user_name,
+ strlen(opt.user_name));
+
+ if (ret != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_base64_encode returned %d\n\n", ret);
+ goto exit;
+ }
+ len = sprintf((char *) buf, "%s\r\n", base);
+ ret = write_ssl_and_get_response(&ssl, buf, len);
+ if (ret < 300 || ret > 399) {
+ mbedtls_printf(" failed\n ! server responded with %d\n\n", ret);
+ goto exit;
+ }
+
+ mbedtls_printf(" ok\n");
+
+ mbedtls_printf(" > Write password to server: %s", opt.user_pwd);
+ fflush(stdout);
+
+ ret = mbedtls_base64_encode(base, sizeof(base), &n, (const unsigned char *) opt.user_pwd,
+ strlen(opt.user_pwd));
+
+ if (ret != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_base64_encode returned %d\n\n", ret);
+ goto exit;
+ }
+ len = sprintf((char *) buf, "%s\r\n", base);
+ ret = write_ssl_and_get_response(&ssl, buf, len);
+ if (ret < 200 || ret > 399) {
+ mbedtls_printf(" failed\n ! server responded with %d\n\n", ret);
+ goto exit;
+ }
+
+ mbedtls_printf(" ok\n");
+ }
+#endif
+
+ mbedtls_printf(" > Write MAIL FROM to server:");
+ fflush(stdout);
+
+ len = sprintf((char *) buf, "MAIL FROM:<%s>\r\n", opt.mail_from);
+ ret = write_ssl_and_get_response(&ssl, buf, len);
+ if (ret < 200 || ret > 299) {
+ mbedtls_printf(" failed\n ! server responded with %d\n\n", ret);
+ goto exit;
+ }
+
+ mbedtls_printf(" ok\n");
+
+ mbedtls_printf(" > Write RCPT TO to server:");
+ fflush(stdout);
+
+ len = sprintf((char *) buf, "RCPT TO:<%s>\r\n", opt.mail_to);
+ ret = write_ssl_and_get_response(&ssl, buf, len);
+ if (ret < 200 || ret > 299) {
+ mbedtls_printf(" failed\n ! server responded with %d\n\n", ret);
+ goto exit;
+ }
+
+ mbedtls_printf(" ok\n");
+
+ mbedtls_printf(" > Write DATA to server:");
+ fflush(stdout);
+
+ len = sprintf((char *) buf, "DATA\r\n");
+ ret = write_ssl_and_get_response(&ssl, buf, len);
+ if (ret < 300 || ret > 399) {
+ mbedtls_printf(" failed\n ! server responded with %d\n\n", ret);
+ goto exit;
+ }
+
+ mbedtls_printf(" ok\n");
+
+ mbedtls_printf(" > Write content to server:");
+ fflush(stdout);
+
+ len = sprintf((char *) buf, "From: %s\r\nSubject: Mbed TLS Test mail\r\n\r\n"
+ "This is a simple test mail from the "
+ "Mbed TLS mail client example.\r\n"
+ "\r\n"
+ "Enjoy!", opt.mail_from);
+ ret = write_ssl_data(&ssl, buf, len);
+
+ len = sprintf((char *) buf, "\r\n.\r\n");
+ ret = write_ssl_and_get_response(&ssl, buf, len);
+ if (ret < 200 || ret > 299) {
+ mbedtls_printf(" failed\n ! server responded with %d\n\n", ret);
+ goto exit;
+ }
+
+ mbedtls_printf(" ok\n");
+
+ mbedtls_ssl_close_notify(&ssl);
+
+ exit_code = MBEDTLS_EXIT_SUCCESS;
+
+exit:
+
+ mbedtls_net_free(&server_fd);
+ mbedtls_x509_crt_free(&clicert);
+ mbedtls_x509_crt_free(&cacert);
+ mbedtls_pk_free(&pkey);
+ mbedtls_ssl_free(&ssl);
+ mbedtls_ssl_config_free(&conf);
+ mbedtls_ctr_drbg_free(&ctr_drbg);
+ mbedtls_entropy_free(&entropy);
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ mbedtls_psa_crypto_free();
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+
+ mbedtls_exit(exit_code);
+}
+#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_ENTROPY_C && MBEDTLS_SSL_TLS_C &&
+ MBEDTLS_SSL_CLI_C && MBEDTLS_NET_C && MBEDTLS_RSA_C **
+ MBEDTLS_CTR_DRBG_C */
diff --git a/programs/ssl/ssl_pthread_server.c b/programs/ssl/ssl_pthread_server.c
new file mode 100644
index 0000000..fcb8f2f
--- /dev/null
+++ b/programs/ssl/ssl_pthread_server.c
@@ -0,0 +1,489 @@
+/*
+ * SSL server demonstration program using pthread for handling multiple
+ * clients.
+ *
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ */
+
+#include "mbedtls/build_info.h"
+
+#include "mbedtls/platform.h"
+
+#if !defined(MBEDTLS_BIGNUM_C) || !defined(MBEDTLS_ENTROPY_C) || \
+ !defined(MBEDTLS_SSL_TLS_C) || !defined(MBEDTLS_SSL_SRV_C) || \
+ !defined(MBEDTLS_NET_C) || !defined(MBEDTLS_RSA_C) || \
+ !defined(MBEDTLS_CTR_DRBG_C) || !defined(MBEDTLS_X509_CRT_PARSE_C) || \
+ !defined(MBEDTLS_FS_IO) || !defined(MBEDTLS_THREADING_C) || \
+ !defined(MBEDTLS_THREADING_PTHREAD) || !defined(MBEDTLS_PEM_PARSE_C)
+int main(void)
+{
+ mbedtls_printf("MBEDTLS_BIGNUM_C and/or MBEDTLS_ENTROPY_C "
+ "and/or MBEDTLS_SSL_TLS_C and/or MBEDTLS_SSL_SRV_C and/or "
+ "MBEDTLS_NET_C and/or MBEDTLS_RSA_C and/or "
+ "MBEDTLS_CTR_DRBG_C and/or MBEDTLS_X509_CRT_PARSE_C and/or "
+ "MBEDTLS_THREADING_C and/or MBEDTLS_THREADING_PTHREAD "
+ "and/or MBEDTLS_PEM_PARSE_C not defined.\n");
+ mbedtls_exit(0);
+}
+#else
+
+#include <stdlib.h>
+#include <string.h>
+
+#if defined(_WIN32)
+#include <windows.h>
+#endif
+
+#include "mbedtls/entropy.h"
+#include "mbedtls/ctr_drbg.h"
+#include "mbedtls/x509.h"
+#include "mbedtls/ssl.h"
+#include "mbedtls/net_sockets.h"
+#include "mbedtls/error.h"
+#include "test/certs.h"
+
+#if defined(MBEDTLS_SSL_CACHE_C)
+#include "mbedtls/ssl_cache.h"
+#endif
+
+#if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C)
+#include "mbedtls/memory_buffer_alloc.h"
+#endif
+
+
+#define HTTP_RESPONSE \
+ "HTTP/1.0 200 OK\r\nContent-Type: text/html\r\n\r\n" \
+ "<h2>Mbed TLS Test Server</h2>\r\n" \
+ "<p>Successful connection using: %s</p>\r\n"
+
+#define DEBUG_LEVEL 0
+
+#define MAX_NUM_THREADS 5
+
+mbedtls_threading_mutex_t debug_mutex;
+
+static void my_mutexed_debug(void *ctx, int level,
+ const char *file, int line,
+ const char *str)
+{
+ long int thread_id = (long int) pthread_self();
+
+ mbedtls_mutex_lock(&debug_mutex);
+
+ ((void) level);
+ mbedtls_fprintf((FILE *) ctx, "%s:%04d: [ #%ld ] %s",
+ file, line, thread_id, str);
+ fflush((FILE *) ctx);
+
+ mbedtls_mutex_unlock(&debug_mutex);
+}
+
+typedef struct {
+ mbedtls_net_context client_fd;
+ int thread_complete;
+ const mbedtls_ssl_config *config;
+} thread_info_t;
+
+typedef struct {
+ int active;
+ thread_info_t data;
+ pthread_t thread;
+} pthread_info_t;
+
+static thread_info_t base_info;
+static pthread_info_t threads[MAX_NUM_THREADS];
+
+static void *handle_ssl_connection(void *data)
+{
+ int ret, len;
+ thread_info_t *thread_info = (thread_info_t *) data;
+ mbedtls_net_context *client_fd = &thread_info->client_fd;
+ long int thread_id = (long int) pthread_self();
+ unsigned char buf[1024];
+ mbedtls_ssl_context ssl;
+
+ /* Make sure memory references are valid */
+ mbedtls_ssl_init(&ssl);
+
+ mbedtls_printf(" [ #%ld ] Setting up SSL/TLS data\n", thread_id);
+
+ /*
+ * 4. Get the SSL context ready
+ */
+ if ((ret = mbedtls_ssl_setup(&ssl, thread_info->config)) != 0) {
+ mbedtls_printf(" [ #%ld ] failed: mbedtls_ssl_setup returned -0x%04x\n",
+ thread_id, (unsigned int) -ret);
+ goto thread_exit;
+ }
+
+ mbedtls_ssl_set_bio(&ssl, client_fd, mbedtls_net_send, mbedtls_net_recv, NULL);
+
+ /*
+ * 5. Handshake
+ */
+ mbedtls_printf(" [ #%ld ] Performing the SSL/TLS handshake\n", thread_id);
+
+ while ((ret = mbedtls_ssl_handshake(&ssl)) != 0) {
+ if (ret != MBEDTLS_ERR_SSL_WANT_READ && ret != MBEDTLS_ERR_SSL_WANT_WRITE) {
+ mbedtls_printf(" [ #%ld ] failed: mbedtls_ssl_handshake returned -0x%04x\n",
+ thread_id, (unsigned int) -ret);
+ goto thread_exit;
+ }
+ }
+
+ mbedtls_printf(" [ #%ld ] ok\n", thread_id);
+
+ /*
+ * 6. Read the HTTP Request
+ */
+ mbedtls_printf(" [ #%ld ] < Read from client\n", thread_id);
+
+ do {
+ len = sizeof(buf) - 1;
+ memset(buf, 0, sizeof(buf));
+ ret = mbedtls_ssl_read(&ssl, buf, len);
+
+ if (ret == MBEDTLS_ERR_SSL_WANT_READ || ret == MBEDTLS_ERR_SSL_WANT_WRITE) {
+ continue;
+ }
+
+ if (ret <= 0) {
+ switch (ret) {
+ case MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY:
+ mbedtls_printf(" [ #%ld ] connection was closed gracefully\n",
+ thread_id);
+ goto thread_exit;
+
+ case MBEDTLS_ERR_NET_CONN_RESET:
+ mbedtls_printf(" [ #%ld ] connection was reset by peer\n",
+ thread_id);
+ goto thread_exit;
+
+ default:
+ mbedtls_printf(" [ #%ld ] mbedtls_ssl_read returned -0x%04x\n",
+ thread_id, (unsigned int) -ret);
+ goto thread_exit;
+ }
+ }
+
+ len = ret;
+ mbedtls_printf(" [ #%ld ] %d bytes read\n=====\n%s\n=====\n",
+ thread_id, len, (char *) buf);
+
+ if (ret > 0) {
+ break;
+ }
+ } while (1);
+
+ /*
+ * 7. Write the 200 Response
+ */
+ mbedtls_printf(" [ #%ld ] > Write to client:\n", thread_id);
+
+ len = sprintf((char *) buf, HTTP_RESPONSE,
+ mbedtls_ssl_get_ciphersuite(&ssl));
+
+ while ((ret = mbedtls_ssl_write(&ssl, buf, len)) <= 0) {
+ if (ret == MBEDTLS_ERR_NET_CONN_RESET) {
+ mbedtls_printf(" [ #%ld ] failed: peer closed the connection\n",
+ thread_id);
+ goto thread_exit;
+ }
+
+ if (ret != MBEDTLS_ERR_SSL_WANT_READ && ret != MBEDTLS_ERR_SSL_WANT_WRITE) {
+ mbedtls_printf(" [ #%ld ] failed: mbedtls_ssl_write returned -0x%04x\n",
+ thread_id, (unsigned int) ret);
+ goto thread_exit;
+ }
+ }
+
+ len = ret;
+ mbedtls_printf(" [ #%ld ] %d bytes written\n=====\n%s\n=====\n",
+ thread_id, len, (char *) buf);
+
+ mbedtls_printf(" [ #%ld ] . Closing the connection...", thread_id);
+
+ while ((ret = mbedtls_ssl_close_notify(&ssl)) < 0) {
+ if (ret != MBEDTLS_ERR_SSL_WANT_READ &&
+ ret != MBEDTLS_ERR_SSL_WANT_WRITE) {
+ mbedtls_printf(" [ #%ld ] failed: mbedtls_ssl_close_notify returned -0x%04x\n",
+ thread_id, (unsigned int) ret);
+ goto thread_exit;
+ }
+ }
+
+ mbedtls_printf(" ok\n");
+
+ ret = 0;
+
+thread_exit:
+
+#ifdef MBEDTLS_ERROR_C
+ if (ret != 0) {
+ char error_buf[100];
+ mbedtls_strerror(ret, error_buf, 100);
+ mbedtls_printf(" [ #%ld ] Last error was: -0x%04x - %s\n\n",
+ thread_id, (unsigned int) -ret, error_buf);
+ }
+#endif
+
+ mbedtls_net_free(client_fd);
+ mbedtls_ssl_free(&ssl);
+
+ thread_info->thread_complete = 1;
+
+ return NULL;
+}
+
+static int thread_create(mbedtls_net_context *client_fd)
+{
+ int ret, i;
+
+ /*
+ * Find in-active or finished thread slot
+ */
+ for (i = 0; i < MAX_NUM_THREADS; i++) {
+ if (threads[i].active == 0) {
+ break;
+ }
+
+ if (threads[i].data.thread_complete == 1) {
+ mbedtls_printf(" [ main ] Cleaning up thread %d\n", i);
+ pthread_join(threads[i].thread, NULL);
+ memset(&threads[i], 0, sizeof(pthread_info_t));
+ break;
+ }
+ }
+
+ if (i == MAX_NUM_THREADS) {
+ return -1;
+ }
+
+ /*
+ * Fill thread-info for thread
+ */
+ memcpy(&threads[i].data, &base_info, sizeof(base_info));
+ threads[i].active = 1;
+ memcpy(&threads[i].data.client_fd, client_fd, sizeof(mbedtls_net_context));
+
+ if ((ret = pthread_create(&threads[i].thread, NULL, handle_ssl_connection,
+ &threads[i].data)) != 0) {
+ return ret;
+ }
+
+ return 0;
+}
+
+int main(void)
+{
+ int ret;
+ mbedtls_net_context listen_fd, client_fd;
+ const char pers[] = "ssl_pthread_server";
+
+ mbedtls_entropy_context entropy;
+ mbedtls_ctr_drbg_context ctr_drbg;
+ mbedtls_ssl_config conf;
+ mbedtls_x509_crt srvcert;
+ mbedtls_x509_crt cachain;
+ mbedtls_pk_context pkey;
+#if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C)
+ unsigned char alloc_buf[100000];
+#endif
+#if defined(MBEDTLS_SSL_CACHE_C)
+ mbedtls_ssl_cache_context cache;
+#endif
+
+#if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C)
+ mbedtls_memory_buffer_alloc_init(alloc_buf, sizeof(alloc_buf));
+#endif
+
+#if defined(MBEDTLS_SSL_CACHE_C)
+ mbedtls_ssl_cache_init(&cache);
+#endif
+
+ mbedtls_x509_crt_init(&srvcert);
+ mbedtls_x509_crt_init(&cachain);
+
+ mbedtls_ssl_config_init(&conf);
+ mbedtls_ctr_drbg_init(&ctr_drbg);
+ memset(threads, 0, sizeof(threads));
+ mbedtls_net_init(&listen_fd);
+ mbedtls_net_init(&client_fd);
+
+ mbedtls_mutex_init(&debug_mutex);
+
+ base_info.config = &conf;
+
+ /*
+ * We use only a single entropy source that is used in all the threads.
+ */
+ mbedtls_entropy_init(&entropy);
+
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ psa_status_t status = psa_crypto_init();
+ if (status != PSA_SUCCESS) {
+ mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n",
+ (int) status);
+ ret = MBEDTLS_ERR_SSL_HW_ACCEL_FAILED;
+ goto exit;
+ }
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+
+ /*
+ * 1a. Seed the random number generator
+ */
+ mbedtls_printf(" . Seeding the random number generator...");
+
+ if ((ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &entropy,
+ (const unsigned char *) pers,
+ strlen(pers))) != 0) {
+ mbedtls_printf(" failed: mbedtls_ctr_drbg_seed returned -0x%04x\n",
+ (unsigned int) -ret);
+ goto exit;
+ }
+
+ mbedtls_printf(" ok\n");
+
+ /*
+ * 1b. Load the certificates and private RSA key
+ */
+ mbedtls_printf("\n . Loading the server cert. and key...");
+ fflush(stdout);
+
+ /*
+ * This demonstration program uses embedded test certificates.
+ * Instead, you may want to use mbedtls_x509_crt_parse_file() to read the
+ * server and CA certificates, as well as mbedtls_pk_parse_keyfile().
+ */
+ ret = mbedtls_x509_crt_parse(&srvcert, (const unsigned char *) mbedtls_test_srv_crt,
+ mbedtls_test_srv_crt_len);
+ if (ret != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_x509_crt_parse returned %d\n\n", ret);
+ goto exit;
+ }
+
+ ret = mbedtls_x509_crt_parse(&cachain, (const unsigned char *) mbedtls_test_cas_pem,
+ mbedtls_test_cas_pem_len);
+ if (ret != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_x509_crt_parse returned %d\n\n", ret);
+ goto exit;
+ }
+
+ mbedtls_pk_init(&pkey);
+ ret = mbedtls_pk_parse_key(&pkey, (const unsigned char *) mbedtls_test_srv_key,
+ mbedtls_test_srv_key_len, NULL, 0,
+ mbedtls_ctr_drbg_random, &ctr_drbg);
+ if (ret != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_pk_parse_key returned %d\n\n", ret);
+ goto exit;
+ }
+
+ mbedtls_printf(" ok\n");
+
+ /*
+ * 1c. Prepare SSL configuration
+ */
+ mbedtls_printf(" . Setting up the SSL data....");
+
+ if ((ret = mbedtls_ssl_config_defaults(&conf,
+ MBEDTLS_SSL_IS_SERVER,
+ MBEDTLS_SSL_TRANSPORT_STREAM,
+ MBEDTLS_SSL_PRESET_DEFAULT)) != 0) {
+ mbedtls_printf(" failed: mbedtls_ssl_config_defaults returned -0x%04x\n",
+ (unsigned int) -ret);
+ goto exit;
+ }
+
+ mbedtls_ssl_conf_rng(&conf, mbedtls_ctr_drbg_random, &ctr_drbg);
+ mbedtls_ssl_conf_dbg(&conf, my_mutexed_debug, stdout);
+
+ /* mbedtls_ssl_cache_get() and mbedtls_ssl_cache_set() are thread-safe if
+ * MBEDTLS_THREADING_C is set.
+ */
+#if defined(MBEDTLS_SSL_CACHE_C)
+ mbedtls_ssl_conf_session_cache(&conf, &cache,
+ mbedtls_ssl_cache_get,
+ mbedtls_ssl_cache_set);
+#endif
+
+ mbedtls_ssl_conf_ca_chain(&conf, &cachain, NULL);
+ if ((ret = mbedtls_ssl_conf_own_cert(&conf, &srvcert, &pkey)) != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_ssl_conf_own_cert returned %d\n\n", ret);
+ goto exit;
+ }
+
+ mbedtls_printf(" ok\n");
+
+ /*
+ * 2. Setup the listening TCP socket
+ */
+ mbedtls_printf(" . Bind on https://localhost:4433/ ...");
+ fflush(stdout);
+
+ if ((ret = mbedtls_net_bind(&listen_fd, NULL, "4433", MBEDTLS_NET_PROTO_TCP)) != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_net_bind returned %d\n\n", ret);
+ goto exit;
+ }
+
+ mbedtls_printf(" ok\n");
+
+reset:
+#ifdef MBEDTLS_ERROR_C
+ if (ret != 0) {
+ char error_buf[100];
+ mbedtls_strerror(ret, error_buf, 100);
+ mbedtls_printf(" [ main ] Last error was: -0x%04x - %s\n", (unsigned int) -ret,
+ error_buf);
+ }
+#endif
+
+ /*
+ * 3. Wait until a client connects
+ */
+ mbedtls_printf(" [ main ] Waiting for a remote connection\n");
+
+ if ((ret = mbedtls_net_accept(&listen_fd, &client_fd,
+ NULL, 0, NULL)) != 0) {
+ mbedtls_printf(" [ main ] failed: mbedtls_net_accept returned -0x%04x\n",
+ (unsigned int) ret);
+ goto exit;
+ }
+
+ mbedtls_printf(" [ main ] ok\n");
+ mbedtls_printf(" [ main ] Creating a new thread\n");
+
+ if ((ret = thread_create(&client_fd)) != 0) {
+ mbedtls_printf(" [ main ] failed: thread_create returned %d\n", ret);
+ mbedtls_net_free(&client_fd);
+ goto reset;
+ }
+
+ ret = 0;
+ goto reset;
+
+exit:
+ mbedtls_x509_crt_free(&srvcert);
+ mbedtls_pk_free(&pkey);
+#if defined(MBEDTLS_SSL_CACHE_C)
+ mbedtls_ssl_cache_free(&cache);
+#endif
+ mbedtls_ctr_drbg_free(&ctr_drbg);
+ mbedtls_entropy_free(&entropy);
+ mbedtls_ssl_config_free(&conf);
+ mbedtls_net_free(&listen_fd);
+ mbedtls_mutex_free(&debug_mutex);
+#if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C)
+ mbedtls_memory_buffer_alloc_free();
+#endif
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ mbedtls_psa_crypto_free();
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+
+ mbedtls_exit(ret);
+}
+
+#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_ENTROPY_C &&
+ MBEDTLS_SSL_TLS_C && MBEDTLS_SSL_SRV_C && MBEDTLS_NET_C &&
+ MBEDTLS_RSA_C && MBEDTLS_CTR_DRBG_C && MBEDTLS_THREADING_C &&
+ MBEDTLS_THREADING_PTHREAD && MBEDTLS_PEM_PARSE_C */
diff --git a/programs/ssl/ssl_server.c b/programs/ssl/ssl_server.c
new file mode 100644
index 0000000..6becf8d
--- /dev/null
+++ b/programs/ssl/ssl_server.c
@@ -0,0 +1,362 @@
+/*
+ * SSL server demonstration program
+ *
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ */
+
+#include "mbedtls/build_info.h"
+
+#include "mbedtls/platform.h"
+
+#if !defined(MBEDTLS_BIGNUM_C) || !defined(MBEDTLS_PEM_PARSE_C) || \
+ !defined(MBEDTLS_ENTROPY_C) || !defined(MBEDTLS_SSL_TLS_C) || \
+ !defined(MBEDTLS_SSL_SRV_C) || !defined(MBEDTLS_NET_C) || \
+ !defined(MBEDTLS_RSA_C) || !defined(MBEDTLS_CTR_DRBG_C) || \
+ !defined(MBEDTLS_X509_CRT_PARSE_C) || !defined(MBEDTLS_FS_IO)
+int main(void)
+{
+ mbedtls_printf("MBEDTLS_BIGNUM_C and/or MBEDTLS_ENTROPY_C "
+ "and/or MBEDTLS_SSL_TLS_C and/or MBEDTLS_SSL_SRV_C and/or "
+ "MBEDTLS_NET_C and/or MBEDTLS_RSA_C and/or "
+ "MBEDTLS_CTR_DRBG_C and/or MBEDTLS_X509_CRT_PARSE_C "
+ "and/or MBEDTLS_PEM_PARSE_C not defined.\n");
+ mbedtls_exit(0);
+}
+#else
+
+#include <stdlib.h>
+#include <string.h>
+
+#if defined(_WIN32)
+#include <windows.h>
+#endif
+
+#include "mbedtls/entropy.h"
+#include "mbedtls/ctr_drbg.h"
+#include "mbedtls/x509.h"
+#include "mbedtls/ssl.h"
+#include "mbedtls/net_sockets.h"
+#include "mbedtls/error.h"
+#include "mbedtls/debug.h"
+#include "test/certs.h"
+
+#if defined(MBEDTLS_SSL_CACHE_C)
+#include "mbedtls/ssl_cache.h"
+#endif
+
+#define HTTP_RESPONSE \
+ "HTTP/1.0 200 OK\r\nContent-Type: text/html\r\n\r\n" \
+ "<h2>Mbed TLS Test Server</h2>\r\n" \
+ "<p>Successful connection using: %s</p>\r\n"
+
+#define DEBUG_LEVEL 0
+
+
+static void my_debug(void *ctx, int level,
+ const char *file, int line,
+ const char *str)
+{
+ ((void) level);
+
+ mbedtls_fprintf((FILE *) ctx, "%s:%04d: %s", file, line, str);
+ fflush((FILE *) ctx);
+}
+
+int main(void)
+{
+ int ret, len;
+ mbedtls_net_context listen_fd, client_fd;
+ unsigned char buf[1024];
+ const char *pers = "ssl_server";
+
+ mbedtls_entropy_context entropy;
+ mbedtls_ctr_drbg_context ctr_drbg;
+ mbedtls_ssl_context ssl;
+ mbedtls_ssl_config conf;
+ mbedtls_x509_crt srvcert;
+ mbedtls_pk_context pkey;
+#if defined(MBEDTLS_SSL_CACHE_C)
+ mbedtls_ssl_cache_context cache;
+#endif
+
+ mbedtls_net_init(&listen_fd);
+ mbedtls_net_init(&client_fd);
+ mbedtls_ssl_init(&ssl);
+ mbedtls_ssl_config_init(&conf);
+#if defined(MBEDTLS_SSL_CACHE_C)
+ mbedtls_ssl_cache_init(&cache);
+#endif
+ mbedtls_x509_crt_init(&srvcert);
+ mbedtls_pk_init(&pkey);
+ mbedtls_entropy_init(&entropy);
+ mbedtls_ctr_drbg_init(&ctr_drbg);
+
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ psa_status_t status = psa_crypto_init();
+ if (status != PSA_SUCCESS) {
+ mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n",
+ (int) status);
+ ret = MBEDTLS_ERR_SSL_HW_ACCEL_FAILED;
+ goto exit;
+ }
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+
+#if defined(MBEDTLS_DEBUG_C)
+ mbedtls_debug_set_threshold(DEBUG_LEVEL);
+#endif
+
+ /*
+ * 1. Seed the RNG
+ */
+ mbedtls_printf(" . Seeding the random number generator...");
+ fflush(stdout);
+
+ if ((ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &entropy,
+ (const unsigned char *) pers,
+ strlen(pers))) != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_ctr_drbg_seed returned %d\n", ret);
+ goto exit;
+ }
+
+ mbedtls_printf(" ok\n");
+
+ /*
+ * 2. Load the certificates and private RSA key
+ */
+ mbedtls_printf("\n . Loading the server cert. and key...");
+ fflush(stdout);
+
+ /*
+ * This demonstration program uses embedded test certificates.
+ * Instead, you may want to use mbedtls_x509_crt_parse_file() to read the
+ * server and CA certificates, as well as mbedtls_pk_parse_keyfile().
+ */
+ ret = mbedtls_x509_crt_parse(&srvcert, (const unsigned char *) mbedtls_test_srv_crt,
+ mbedtls_test_srv_crt_len);
+ if (ret != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_x509_crt_parse returned %d\n\n", ret);
+ goto exit;
+ }
+
+ ret = mbedtls_x509_crt_parse(&srvcert, (const unsigned char *) mbedtls_test_cas_pem,
+ mbedtls_test_cas_pem_len);
+ if (ret != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_x509_crt_parse returned %d\n\n", ret);
+ goto exit;
+ }
+
+ ret = mbedtls_pk_parse_key(&pkey, (const unsigned char *) mbedtls_test_srv_key,
+ mbedtls_test_srv_key_len, NULL, 0,
+ mbedtls_ctr_drbg_random, &ctr_drbg);
+ if (ret != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_pk_parse_key returned %d\n\n", ret);
+ goto exit;
+ }
+
+ mbedtls_printf(" ok\n");
+
+ /*
+ * 3. Setup the listening TCP socket
+ */
+ mbedtls_printf(" . Bind on https://localhost:4433/ ...");
+ fflush(stdout);
+
+ if ((ret = mbedtls_net_bind(&listen_fd, NULL, "4433", MBEDTLS_NET_PROTO_TCP)) != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_net_bind returned %d\n\n", ret);
+ goto exit;
+ }
+
+ mbedtls_printf(" ok\n");
+
+ /*
+ * 4. Setup stuff
+ */
+ mbedtls_printf(" . Setting up the SSL data....");
+ fflush(stdout);
+
+ if ((ret = mbedtls_ssl_config_defaults(&conf,
+ MBEDTLS_SSL_IS_SERVER,
+ MBEDTLS_SSL_TRANSPORT_STREAM,
+ MBEDTLS_SSL_PRESET_DEFAULT)) != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_ssl_config_defaults returned %d\n\n", ret);
+ goto exit;
+ }
+
+ mbedtls_ssl_conf_rng(&conf, mbedtls_ctr_drbg_random, &ctr_drbg);
+ mbedtls_ssl_conf_dbg(&conf, my_debug, stdout);
+
+#if defined(MBEDTLS_SSL_CACHE_C)
+ mbedtls_ssl_conf_session_cache(&conf, &cache,
+ mbedtls_ssl_cache_get,
+ mbedtls_ssl_cache_set);
+#endif
+
+ mbedtls_ssl_conf_ca_chain(&conf, srvcert.next, NULL);
+ if ((ret = mbedtls_ssl_conf_own_cert(&conf, &srvcert, &pkey)) != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_ssl_conf_own_cert returned %d\n\n", ret);
+ goto exit;
+ }
+
+ if ((ret = mbedtls_ssl_setup(&ssl, &conf)) != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_ssl_setup returned %d\n\n", ret);
+ goto exit;
+ }
+
+ mbedtls_printf(" ok\n");
+
+reset:
+#ifdef MBEDTLS_ERROR_C
+ if (ret != 0) {
+ char error_buf[100];
+ mbedtls_strerror(ret, error_buf, 100);
+ mbedtls_printf("Last error was: %d - %s\n\n", ret, error_buf);
+ }
+#endif
+
+ mbedtls_net_free(&client_fd);
+
+ mbedtls_ssl_session_reset(&ssl);
+
+ /*
+ * 3. Wait until a client connects
+ */
+ mbedtls_printf(" . Waiting for a remote connection ...");
+ fflush(stdout);
+
+ if ((ret = mbedtls_net_accept(&listen_fd, &client_fd,
+ NULL, 0, NULL)) != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_net_accept returned %d\n\n", ret);
+ goto exit;
+ }
+
+ mbedtls_ssl_set_bio(&ssl, &client_fd, mbedtls_net_send, mbedtls_net_recv, NULL);
+
+ mbedtls_printf(" ok\n");
+
+ /*
+ * 5. Handshake
+ */
+ mbedtls_printf(" . Performing the SSL/TLS handshake...");
+ fflush(stdout);
+
+ while ((ret = mbedtls_ssl_handshake(&ssl)) != 0) {
+ if (ret != MBEDTLS_ERR_SSL_WANT_READ && ret != MBEDTLS_ERR_SSL_WANT_WRITE) {
+ mbedtls_printf(" failed\n ! mbedtls_ssl_handshake returned %d\n\n", ret);
+ goto reset;
+ }
+ }
+
+ mbedtls_printf(" ok\n");
+
+ /*
+ * 6. Read the HTTP Request
+ */
+ mbedtls_printf(" < Read from client:");
+ fflush(stdout);
+
+ do {
+ len = sizeof(buf) - 1;
+ memset(buf, 0, sizeof(buf));
+ ret = mbedtls_ssl_read(&ssl, buf, len);
+
+ if (ret == MBEDTLS_ERR_SSL_WANT_READ || ret == MBEDTLS_ERR_SSL_WANT_WRITE) {
+ continue;
+ }
+
+ if (ret <= 0) {
+ switch (ret) {
+ case MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY:
+ mbedtls_printf(" connection was closed gracefully\n");
+ break;
+
+ case MBEDTLS_ERR_NET_CONN_RESET:
+ mbedtls_printf(" connection was reset by peer\n");
+ break;
+
+ default:
+ mbedtls_printf(" mbedtls_ssl_read returned -0x%x\n", (unsigned int) -ret);
+ break;
+ }
+
+ break;
+ }
+
+ len = ret;
+ mbedtls_printf(" %d bytes read\n\n%s", len, (char *) buf);
+
+ if (ret > 0) {
+ break;
+ }
+ } while (1);
+
+ /*
+ * 7. Write the 200 Response
+ */
+ mbedtls_printf(" > Write to client:");
+ fflush(stdout);
+
+ len = sprintf((char *) buf, HTTP_RESPONSE,
+ mbedtls_ssl_get_ciphersuite(&ssl));
+
+ while ((ret = mbedtls_ssl_write(&ssl, buf, len)) <= 0) {
+ if (ret == MBEDTLS_ERR_NET_CONN_RESET) {
+ mbedtls_printf(" failed\n ! peer closed the connection\n\n");
+ goto reset;
+ }
+
+ if (ret != MBEDTLS_ERR_SSL_WANT_READ && ret != MBEDTLS_ERR_SSL_WANT_WRITE) {
+ mbedtls_printf(" failed\n ! mbedtls_ssl_write returned %d\n\n", ret);
+ goto exit;
+ }
+ }
+
+ len = ret;
+ mbedtls_printf(" %d bytes written\n\n%s\n", len, (char *) buf);
+
+ mbedtls_printf(" . Closing the connection...");
+
+ while ((ret = mbedtls_ssl_close_notify(&ssl)) < 0) {
+ if (ret != MBEDTLS_ERR_SSL_WANT_READ &&
+ ret != MBEDTLS_ERR_SSL_WANT_WRITE) {
+ mbedtls_printf(" failed\n ! mbedtls_ssl_close_notify returned %d\n\n", ret);
+ goto reset;
+ }
+ }
+
+ mbedtls_printf(" ok\n");
+
+ ret = 0;
+ goto reset;
+
+exit:
+
+#ifdef MBEDTLS_ERROR_C
+ if (ret != 0) {
+ char error_buf[100];
+ mbedtls_strerror(ret, error_buf, 100);
+ mbedtls_printf("Last error was: %d - %s\n\n", ret, error_buf);
+ }
+#endif
+
+ mbedtls_net_free(&client_fd);
+ mbedtls_net_free(&listen_fd);
+ mbedtls_x509_crt_free(&srvcert);
+ mbedtls_pk_free(&pkey);
+ mbedtls_ssl_free(&ssl);
+ mbedtls_ssl_config_free(&conf);
+#if defined(MBEDTLS_SSL_CACHE_C)
+ mbedtls_ssl_cache_free(&cache);
+#endif
+ mbedtls_ctr_drbg_free(&ctr_drbg);
+ mbedtls_entropy_free(&entropy);
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ mbedtls_psa_crypto_free();
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+
+ mbedtls_exit(ret);
+}
+#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_ENTROPY_C &&
+ MBEDTLS_SSL_TLS_C && MBEDTLS_SSL_SRV_C && MBEDTLS_NET_C &&
+ MBEDTLS_RSA_C && MBEDTLS_CTR_DRBG_C && MBEDTLS_X509_CRT_PARSE_C
+ && MBEDTLS_FS_IO && MBEDTLS_PEM_PARSE_C */
diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c
new file mode 100644
index 0000000..a5d2ed1
--- /dev/null
+++ b/programs/ssl/ssl_server2.c
@@ -0,0 +1,4357 @@
+/*
+ * SSL client with options
+ *
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ */
+
+#define MBEDTLS_ALLOW_PRIVATE_ACCESS
+
+#include "ssl_test_lib.h"
+
+#if defined(MBEDTLS_SSL_TEST_IMPOSSIBLE)
+int main(void)
+{
+ mbedtls_printf(MBEDTLS_SSL_TEST_IMPOSSIBLE);
+ mbedtls_exit(0);
+}
+#elif !defined(MBEDTLS_SSL_SRV_C)
+int main(void)
+{
+ mbedtls_printf("MBEDTLS_SSL_SRV_C not defined.\n");
+ mbedtls_exit(0);
+}
+#else /* !MBEDTLS_SSL_TEST_IMPOSSIBLE && MBEDTLS_SSL_SRV_C */
+
+#include <stdint.h>
+
+#if !defined(_MSC_VER)
+#include <inttypes.h>
+#endif
+
+#if !defined(_WIN32)
+#include <signal.h>
+#endif
+
+#if defined(MBEDTLS_SSL_CACHE_C)
+#include "mbedtls/ssl_cache.h"
+#endif
+
+#if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_TICKET_C)
+#include "mbedtls/ssl_ticket.h"
+#endif
+
+#if defined(MBEDTLS_SSL_COOKIE_C)
+#include "mbedtls/ssl_cookie.h"
+#endif
+
+#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) && defined(MBEDTLS_FS_IO)
+#define SNI_OPTION
+#endif
+
+#if defined(_WIN32)
+#include <windows.h>
+#endif
+
+#if defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3)
+#include "test/psa_crypto_helpers.h"
+#endif
+
+#include "mbedtls/pk.h"
+#include "mbedtls/dhm.h"
+
+/* Size of memory to be allocated for the heap, when using the library's memory
+ * management and MBEDTLS_MEMORY_BUFFER_ALLOC_C is enabled. */
+#define MEMORY_HEAP_SIZE 180000
+
+#define DFL_SERVER_ADDR NULL
+#define DFL_SERVER_PORT "4433"
+#define DFL_RESPONSE_SIZE -1
+#define DFL_DEBUG_LEVEL 0
+#define DFL_NBIO 0
+#define DFL_EVENT 0
+#define DFL_READ_TIMEOUT 0
+#define DFL_CA_FILE ""
+#define DFL_CA_PATH ""
+#define DFL_CRT_FILE ""
+#define DFL_KEY_FILE ""
+#define DFL_KEY_OPAQUE 0
+#define DFL_KEY_PWD ""
+#define DFL_CRT_FILE2 ""
+#define DFL_KEY_FILE2 ""
+#define DFL_KEY_PWD2 ""
+#define DFL_ASYNC_OPERATIONS "-"
+#define DFL_ASYNC_PRIVATE_DELAY1 (-1)
+#define DFL_ASYNC_PRIVATE_DELAY2 (-1)
+#define DFL_ASYNC_PRIVATE_ERROR (0)
+#define DFL_PSK ""
+#define DFL_PSK_OPAQUE 0
+#define DFL_PSK_LIST_OPAQUE 0
+#define DFL_PSK_IDENTITY "Client_identity"
+#define DFL_ECJPAKE_PW NULL
+#define DFL_ECJPAKE_PW_OPAQUE 0
+#define DFL_PSK_LIST NULL
+#define DFL_FORCE_CIPHER 0
+#define DFL_TLS1_3_KEX_MODES MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_ALL
+#define DFL_RENEGOTIATION MBEDTLS_SSL_RENEGOTIATION_DISABLED
+#define DFL_ALLOW_LEGACY -2
+#define DFL_RENEGOTIATE 0
+#define DFL_RENEGO_DELAY -2
+#define DFL_RENEGO_PERIOD ((uint64_t) -1)
+#define DFL_EXCHANGES 1
+#define DFL_MIN_VERSION -1
+#define DFL_MAX_VERSION -1
+#define DFL_SHA1 -1
+#define DFL_CID_ENABLED 0
+#define DFL_CID_VALUE ""
+#define DFL_CID_ENABLED_RENEGO -1
+#define DFL_CID_VALUE_RENEGO NULL
+#define DFL_AUTH_MODE -1
+#define DFL_CERT_REQ_CA_LIST MBEDTLS_SSL_CERT_REQ_CA_LIST_ENABLED
+#define DFL_CERT_REQ_DN_HINT 0
+#define DFL_MFL_CODE MBEDTLS_SSL_MAX_FRAG_LEN_NONE
+#define DFL_TRUNC_HMAC -1
+#define DFL_TICKETS MBEDTLS_SSL_SESSION_TICKETS_ENABLED
+#define DFL_DUMMY_TICKET 0
+#define DFL_TICKET_ROTATE 0
+#define DFL_TICKET_TIMEOUT 86400
+#define DFL_TICKET_AEAD MBEDTLS_CIPHER_AES_256_GCM
+#define DFL_CACHE_MAX -1
+#define DFL_CACHE_TIMEOUT -1
+#define DFL_CACHE_REMOVE 0
+#define DFL_SNI NULL
+#define DFL_ALPN_STRING NULL
+#define DFL_GROUPS NULL
+#define DFL_EARLY_DATA -1
+#define DFL_MAX_EARLY_DATA_SIZE ((uint32_t) -1)
+#define DFL_SIG_ALGS NULL
+#define DFL_DHM_FILE NULL
+#define DFL_TRANSPORT MBEDTLS_SSL_TRANSPORT_STREAM
+#define DFL_COOKIES 1
+#define DFL_ANTI_REPLAY -1
+#define DFL_HS_TO_MIN 0
+#define DFL_HS_TO_MAX 0
+#define DFL_DTLS_MTU -1
+#define DFL_BADMAC_LIMIT -1
+#define DFL_DGRAM_PACKING 1
+#define DFL_EXTENDED_MS -1
+#define DFL_ETM -1
+#define DFL_SERIALIZE 0
+#define DFL_CONTEXT_FILE ""
+#define DFL_EXTENDED_MS_ENFORCE -1
+#define DFL_CA_CALLBACK 0
+#define DFL_EAP_TLS 0
+#define DFL_REPRODUCIBLE 0
+#define DFL_NSS_KEYLOG 0
+#define DFL_NSS_KEYLOG_FILE NULL
+#define DFL_QUERY_CONFIG_MODE 0
+#define DFL_USE_SRTP 0
+#define DFL_SRTP_FORCE_PROFILE 0
+#define DFL_SRTP_SUPPORT_MKI 0
+#define DFL_KEY_OPAQUE_ALG "none"
+
+#define LONG_RESPONSE "<p>01-blah-blah-blah-blah-blah-blah-blah-blah-blah\r\n" \
+ "02-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah\r\n" \
+ "03-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah\r\n" \
+ "04-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah\r\n" \
+ "05-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah\r\n" \
+ "06-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah\r\n" \
+ "07-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah</p>\r\n"
+
+/* Uncomment LONG_RESPONSE at the end of HTTP_RESPONSE to test sending longer
+ * packets (for fragmentation purposes) */
+#define HTTP_RESPONSE \
+ "HTTP/1.0 200 OK\r\nContent-Type: text/html\r\n\r\n" \
+ "<h2>Mbed TLS Test Server</h2>\r\n" \
+ "<p>Successful connection using: %s</p>\r\n" // LONG_RESPONSE
+
+/*
+ * Size of the basic I/O buffer. Able to hold our default response.
+ */
+#define DFL_IO_BUF_LEN 200
+
+#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
+#if defined(MBEDTLS_FS_IO)
+#define USAGE_IO \
+ " ca_file=%%s The single file containing the top-level CA(s) you fully trust\n" \
+ " default: \"\" (pre-loaded)\n" \
+ " use \"none\" to skip loading any top-level CAs.\n" \
+ " ca_path=%%s The path containing the top-level CA(s) you fully trust\n" \
+ " default: \"\" (pre-loaded) (overrides ca_file)\n" \
+ " use \"none\" to skip loading any top-level CAs.\n" \
+ " crt_file=%%s Your own cert and chain (in bottom to top order, top may be omitted)\n" \
+ " default: see note after key_file2\n" \
+ " key_file=%%s default: see note after key_file2\n" \
+ " key_pwd=%%s Password for key specified by key_file argument\n" \
+ " default: none\n" \
+ " crt_file2=%%s Your second cert and chain (in bottom to top order, top may be omitted)\n" \
+ " default: see note after key_file2\n" \
+ " key_file2=%%s default: see note below\n" \
+ " note: if neither crt_file/key_file nor crt_file2/key_file2 are used,\n" \
+ " preloaded certificate(s) and key(s) are used if available\n" \
+ " key_pwd2=%%s Password for key specified by key_file2 argument\n" \
+ " default: none\n" \
+ " dhm_file=%%s File containing Diffie-Hellman parameters\n" \
+ " default: preloaded parameters\n"
+#else
+#define USAGE_IO \
+ "\n" \
+ " No file operations available (MBEDTLS_FS_IO not defined)\n" \
+ "\n"
+#endif /* MBEDTLS_FS_IO */
+#else
+#define USAGE_IO ""
+#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */
+#if defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
+#define USAGE_KEY_OPAQUE \
+ " key_opaque=%%d Handle your private keys as if they were opaque\n" \
+ " default: 0 (disabled)\n"
+#else
+#define USAGE_KEY_OPAQUE ""
+#endif
+
+#if defined(MBEDTLS_SSL_ASYNC_PRIVATE)
+#define USAGE_SSL_ASYNC \
+ " async_operations=%%c... d=decrypt, s=sign (default: -=off)\n" \
+ " async_private_delay1=%%d Asynchronous delay for key_file or preloaded key\n" \
+ " async_private_delay2=%%d Asynchronous delay for key_file2 and sni\n" \
+ " default: -1 (not asynchronous)\n" \
+ " async_private_error=%%d Async callback error injection (default=0=none,\n" \
+ " 1=start, 2=cancel, 3=resume, negative=first time only)"
+#else
+#define USAGE_SSL_ASYNC ""
+#endif /* MBEDTLS_SSL_ASYNC_PRIVATE */
+
+#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
+#define USAGE_CID \
+ " cid=%%d Disable (0) or enable (1) the use of the DTLS Connection ID extension.\n" \
+ " default: 0 (disabled)\n" \
+ " cid_renego=%%d Disable (0) or enable (1) the use of the DTLS Connection ID extension during renegotiation.\n" \
+ " default: same as 'cid' parameter\n" \
+ " cid_val=%%s The CID to use for incoming messages (in hex, without 0x).\n" \
+ " default: \"\"\n" \
+ " cid_val_renego=%%s The CID to use for incoming messages (in hex, without 0x) after renegotiation.\n" \
+ " default: same as 'cid_val' parameter\n"
+#else /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
+#define USAGE_CID ""
+#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
+
+#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED)
+#define USAGE_PSK_RAW \
+ " psk=%%s default: \"\" (disabled)\n" \
+ " The PSK values are in hex, without 0x.\n" \
+ " psk_list=%%s default: \"\"\n" \
+ " A list of (PSK identity, PSK value) pairs.\n" \
+ " The PSK values are in hex, without 0x.\n" \
+ " id1,psk1[,id2,psk2[,...]]\n" \
+ " psk_identity=%%s default: \"Client_identity\"\n"
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+#define USAGE_PSK_SLOT \
+ " psk_opaque=%%d default: 0 (don't use opaque static PSK)\n" \
+ " Enable this to store the PSK configured through command line\n" \
+ " parameter `psk` in a PSA-based key slot.\n" \
+ " Note: Currently only supported in conjunction with\n" \
+ " the use of min_version to force TLS 1.2 and force_ciphersuite \n" \
+ " to force a particular PSK-only ciphersuite.\n" \
+ " Note: This is to test integration of PSA-based opaque PSKs with\n" \
+ " Mbed TLS only. Production systems are likely to configure Mbed TLS\n" \
+ " with prepopulated key slots instead of importing raw key material.\n" \
+ " psk_list_opaque=%%d default: 0 (don't use opaque dynamic PSKs)\n" \
+ " Enable this to store the list of dynamically chosen PSKs configured\n" \
+ " through the command line parameter `psk_list` in PSA-based key slots.\n" \
+ " Note: Currently only supported in conjunction with\n" \
+ " the use of min_version to force TLS 1.2 and force_ciphersuite \n" \
+ " to force a particular PSK-only ciphersuite.\n" \
+ " Note: This is to test integration of PSA-based opaque PSKs with\n" \
+ " Mbed TLS only. Production systems are likely to configure Mbed TLS\n" \
+ " with prepopulated key slots instead of importing raw key material.\n"
+#else
+#define USAGE_PSK_SLOT ""
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+#define USAGE_PSK USAGE_PSK_RAW USAGE_PSK_SLOT
+#else
+#define USAGE_PSK ""
+#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED */
+
+#if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK)
+#define USAGE_CA_CALLBACK \
+ " ca_callback=%%d default: 0 (disabled)\n" \
+ " Enable this to use the trusted certificate callback function\n"
+#else
+#define USAGE_CA_CALLBACK ""
+#endif /* MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK */
+
+#if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_TICKET_C)
+#define USAGE_TICKETS \
+ " tickets=%%d default: 1 (enabled)\n" \
+ " ticket_rotate=%%d default: 0 (disabled)\n" \
+ " ticket_timeout=%%d default: 86400 (one day)\n" \
+ " ticket_aead=%%s default: \"AES-256-GCM\"\n"
+#else /* MBEDTLS_SSL_SESSION_TICKETS && MBEDTLS_SSL_TICKET_C */
+#define USAGE_TICKETS ""
+#endif /* MBEDTLS_SSL_SESSION_TICKETS && MBEDTLS_SSL_TICKET_C */
+
+#define USAGE_EAP_TLS \
+ " eap_tls=%%d default: 0 (disabled)\n"
+#define USAGE_NSS_KEYLOG \
+ " nss_keylog=%%d default: 0 (disabled)\n" \
+ " This cannot be used with eap_tls=1\n"
+#define USAGE_NSS_KEYLOG_FILE \
+ " nss_keylog_file=%%s\n"
+#if defined(MBEDTLS_SSL_DTLS_SRTP)
+#define USAGE_SRTP \
+ " use_srtp=%%d default: 0 (disabled)\n" \
+ " srtp_force_profile=%%d default: 0 (all enabled)\n" \
+ " available profiles:\n" \
+ " 1 - SRTP_AES128_CM_HMAC_SHA1_80\n" \
+ " 2 - SRTP_AES128_CM_HMAC_SHA1_32\n" \
+ " 3 - SRTP_NULL_HMAC_SHA1_80\n" \
+ " 4 - SRTP_NULL_HMAC_SHA1_32\n" \
+ " support_mki=%%d default: 0 (not supported)\n"
+#else /* MBEDTLS_SSL_DTLS_SRTP */
+#define USAGE_SRTP ""
+#endif
+
+#if defined(MBEDTLS_SSL_CACHE_C)
+#define USAGE_CACHE \
+ " cache_max=%%d default: cache default (50)\n" \
+ " cache_remove=%%d default: 0 (don't remove)\n"
+#if defined(MBEDTLS_HAVE_TIME)
+#define USAGE_CACHE_TIME \
+ " cache_timeout=%%d default: cache default (1d)\n"
+#else
+#define USAGE_CACHE_TIME ""
+#endif
+#else
+#define USAGE_CACHE ""
+#define USAGE_CACHE_TIME ""
+#endif /* MBEDTLS_SSL_CACHE_C */
+
+#if defined(SNI_OPTION)
+#if defined(MBEDTLS_X509_CRL_PARSE_C)
+#define SNI_CRL ",crl"
+#else
+#define SNI_CRL ""
+#endif
+
+#define USAGE_SNI \
+ " sni=%%s name1,cert1,key1,ca1"SNI_CRL ",auth1[,...]\n" \
+ " default: disabled\n"
+#else
+#define USAGE_SNI ""
+#endif /* SNI_OPTION */
+
+#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
+#define USAGE_MAX_FRAG_LEN \
+ " max_frag_len=%%d default: 16384 (tls default)\n" \
+ " options: 512, 1024, 2048, 4096\n"
+#else
+#define USAGE_MAX_FRAG_LEN ""
+#endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */
+
+#if defined(MBEDTLS_SSL_ALPN)
+#define USAGE_ALPN \
+ " alpn=%%s default: \"\" (disabled)\n" \
+ " example: spdy/1,http/1.1\n"
+#else
+#define USAGE_ALPN ""
+#endif /* MBEDTLS_SSL_ALPN */
+
+#if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY)
+#define USAGE_COOKIES \
+ " cookies=0/1/-1 default: 1 (enabled)\n" \
+ " 0: disabled, -1: library default (broken)\n"
+#else
+#define USAGE_COOKIES ""
+#endif
+
+#if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY)
+#define USAGE_ANTI_REPLAY \
+ " anti_replay=0/1 default: (library default: enabled)\n"
+#else
+#define USAGE_ANTI_REPLAY ""
+#endif
+
+#define USAGE_BADMAC_LIMIT \
+ " badmac_limit=%%d default: (library default: disabled)\n"
+
+#if defined(MBEDTLS_SSL_PROTO_DTLS)
+#define USAGE_DTLS \
+ " dtls=%%d default: 0 (TLS)\n" \
+ " hs_timeout=%%d-%%d default: (library default: 1000-60000)\n" \
+ " range of DTLS handshake timeouts in millisecs\n" \
+ " mtu=%%d default: (library default: unlimited)\n" \
+ " dgram_packing=%%d default: 1 (allowed)\n" \
+ " allow or forbid packing of multiple\n" \
+ " records within a single datgram.\n"
+#else
+#define USAGE_DTLS ""
+#endif
+
+#if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET)
+#define USAGE_EMS \
+ " extended_ms=0/1 default: (library default: on)\n"
+#else
+#define USAGE_EMS ""
+#endif
+
+#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
+#define USAGE_ETM \
+ " etm=0/1 default: (library default: on)\n"
+#else
+#define USAGE_ETM ""
+#endif
+
+#define USAGE_REPRODUCIBLE \
+ " reproducible=0/1 default: 0 (disabled)\n"
+
+#if defined(MBEDTLS_SSL_RENEGOTIATION)
+#define USAGE_RENEGO \
+ " renegotiation=%%d default: 0 (disabled)\n" \
+ " renegotiate=%%d default: 0 (disabled)\n" \
+ " renego_delay=%%d default: -2 (library default)\n" \
+ " renego_period=%%d default: (2^64 - 1 for TLS, 2^48 - 1 for DTLS)\n"
+#else
+#define USAGE_RENEGO ""
+#endif
+
+#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+#define USAGE_ECJPAKE \
+ " ecjpake_pw=%%s default: none (disabled)\n" \
+ " ecjpake_pw_opaque=%%d default: 0 (disabled)\n"
+#else /* MBEDTLS_USE_PSA_CRYPTO */
+#define USAGE_ECJPAKE \
+ " ecjpake_pw=%%s default: none (disabled)\n"
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+#else /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
+#define USAGE_ECJPAKE ""
+#endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
+
+#if defined(MBEDTLS_SSL_EARLY_DATA)
+#define USAGE_EARLY_DATA \
+ " early_data=%%d default: library default\n" \
+ " options: 0 (disabled), 1 (enabled)\n" \
+ " max_early_data_size=%%d default: library default\n" \
+ " options: max amount of early data\n"
+#else
+#define USAGE_EARLY_DATA ""
+#endif /* MBEDTLS_SSL_EARLY_DATA */
+
+#if defined(MBEDTLS_PK_HAVE_ECC_KEYS) || \
+ (defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_EPHEMERAL_ENABLED) && \
+ defined(PSA_WANT_ALG_FFDH))
+#define USAGE_GROUPS \
+ " groups=a,b,c,d default: \"default\" (library default)\n" \
+ " example: \"secp521r1,brainpoolP512r1\"\n" \
+ " - use \"none\" for empty list\n" \
+ " - see mbedtls_ecp_curve_list()\n" \
+ " for acceptable EC group names\n" \
+ " - the following ffdh groups are supported:\n" \
+ " ffdhe2048, ffdhe3072, ffdhe4096, ffdhe6144,\n" \
+ " ffdhe8192\n"
+#else
+#define USAGE_GROUPS ""
+#endif
+
+#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
+#define USAGE_SIG_ALGS \
+ " sig_algs=a,b,c,d default: \"default\" (library default)\n" \
+ " example: \"ecdsa_secp256r1_sha256,ecdsa_secp384r1_sha384\"\n"
+#else
+#define USAGE_SIG_ALGS ""
+#endif
+
+#if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION)
+#define USAGE_SERIALIZATION \
+ " serialize=%%d default: 0 (do not serialize/deserialize)\n" \
+ " options: 1 (serialize)\n" \
+ " 2 (serialize with re-initialization)\n" \
+ " context_file=%%s The file path to write a serialized connection\n" \
+ " in the form of base64 code (serialize option\n" \
+ " must be set)\n" \
+ " default: \"\" (do nothing)\n" \
+ " option: a file path\n"
+#else
+#define USAGE_SERIALIZATION ""
+#endif
+
+#define USAGE_KEY_OPAQUE_ALGS \
+ " key_opaque_algs=%%s Allowed opaque key 1 algorithms.\n" \
+ " comma-separated pair of values among the following:\n" \
+ " rsa-sign-pkcs1, rsa-sign-pss, rsa-sign-pss-sha256,\n" \
+ " rsa-sign-pss-sha384, rsa-sign-pss-sha512, rsa-decrypt,\n" \
+ " ecdsa-sign, ecdh, none (only acceptable for\n" \
+ " the second value).\n" \
+ " key_opaque_algs2=%%s Allowed opaque key 2 algorithms.\n" \
+ " comma-separated pair of values among the following:\n" \
+ " rsa-sign-pkcs1, rsa-sign-pss, rsa-sign-pss-sha256,\n" \
+ " rsa-sign-pss-sha384, rsa-sign-pss-sha512, rsa-decrypt,\n" \
+ " ecdsa-sign, ecdh, none (only acceptable for\n" \
+ " the second value).\n"
+#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
+#define USAGE_TLS1_3_KEY_EXCHANGE_MODES \
+ " tls13_kex_modes=%%s default: all\n" \
+ " options: psk, psk_ephemeral, psk_all, ephemeral,\n" \
+ " ephemeral_all, all, psk_or_ephemeral\n"
+#else
+#define USAGE_TLS1_3_KEY_EXCHANGE_MODES ""
+#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
+
+
+/* USAGE is arbitrarily split to stay under the portable string literal
+ * length limit: 4095 bytes in C99. */
+#define USAGE1 \
+ "\n usage: ssl_server2 param=<>...\n" \
+ "\n acceptable parameters:\n" \
+ " server_addr=%%s default: (all interfaces)\n" \
+ " server_port=%%d default: 4433\n" \
+ " debug_level=%%d default: 0 (disabled)\n" \
+ " build_version=%%d default: none (disabled)\n" \
+ " option: 1 (print build version only and stop)\n" \
+ " buffer_size=%%d default: 200 \n" \
+ " (minimum: 1)\n" \
+ " response_size=%%d default: about 152 (basic response)\n" \
+ " (minimum: 0, max: 16384)\n" \
+ " increases buffer_size if bigger\n" \
+ " nbio=%%d default: 0 (blocking I/O)\n" \
+ " options: 1 (non-blocking), 2 (added delays)\n" \
+ " event=%%d default: 0 (loop)\n" \
+ " options: 1 (level-triggered, implies nbio=1),\n" \
+ " read_timeout=%%d default: 0 ms (no timeout)\n" \
+ "\n" \
+ USAGE_DTLS \
+ USAGE_SRTP \
+ USAGE_COOKIES \
+ USAGE_ANTI_REPLAY \
+ USAGE_BADMAC_LIMIT \
+ "\n"
+#define USAGE2 \
+ " auth_mode=%%s default: (library default: none)\n" \
+ " options: none, optional, required\n" \
+ " cert_req_ca_list=%%d default: 1 (send ca list)\n" \
+ " options: 1 (send ca list), 0 (don't send)\n" \
+ " 2 (send conf dn hint), 3 (send hs dn hint)\n" \
+ USAGE_IO \
+ USAGE_KEY_OPAQUE \
+ "\n" \
+ USAGE_PSK \
+ USAGE_CA_CALLBACK \
+ USAGE_ECJPAKE \
+ "\n"
+#define USAGE3 \
+ " allow_legacy=%%d default: (library default: no)\n" \
+ USAGE_RENEGO \
+ " exchanges=%%d default: 1\n" \
+ "\n" \
+ USAGE_TICKETS \
+ USAGE_EAP_TLS \
+ USAGE_REPRODUCIBLE \
+ USAGE_NSS_KEYLOG \
+ USAGE_NSS_KEYLOG_FILE \
+ USAGE_CACHE \
+ USAGE_CACHE_TIME \
+ USAGE_MAX_FRAG_LEN \
+ USAGE_ALPN \
+ USAGE_EMS \
+ USAGE_ETM \
+ USAGE_GROUPS \
+ USAGE_SIG_ALGS \
+ USAGE_KEY_OPAQUE_ALGS \
+ USAGE_EARLY_DATA \
+ "\n"
+
+#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
+#define TLS1_3_VERSION_OPTIONS ", tls13"
+#else /* MBEDTLS_SSL_PROTO_TLS1_3 */
+#define TLS1_3_VERSION_OPTIONS ""
+#endif /* !MBEDTLS_SSL_PROTO_TLS1_3 */
+
+#define USAGE4 \
+ USAGE_SSL_ASYNC \
+ USAGE_SNI \
+ " allow_sha1=%%d default: 0\n" \
+ " min_version=%%s default: (library default: tls12)\n" \
+ " max_version=%%s default: (library default: tls12)\n" \
+ " force_version=%%s default: \"\" (none)\n" \
+ " options: tls12, dtls12" TLS1_3_VERSION_OPTIONS \
+ "\n\n" \
+ " force_ciphersuite=<name> default: all enabled\n" \
+ USAGE_TLS1_3_KEY_EXCHANGE_MODES \
+ " query_config=<name> return 0 if the specified\n" \
+ " configuration macro is defined and 1\n" \
+ " otherwise. The expansion of the macro\n" \
+ " is printed if it is defined\n" \
+ USAGE_SERIALIZATION \
+ "\n"
+
+#define PUT_UINT64_BE(out_be, in_le, i) \
+ { \
+ (out_be)[(i) + 0] = (unsigned char) (((in_le) >> 56) & 0xFF); \
+ (out_be)[(i) + 1] = (unsigned char) (((in_le) >> 48) & 0xFF); \
+ (out_be)[(i) + 2] = (unsigned char) (((in_le) >> 40) & 0xFF); \
+ (out_be)[(i) + 3] = (unsigned char) (((in_le) >> 32) & 0xFF); \
+ (out_be)[(i) + 4] = (unsigned char) (((in_le) >> 24) & 0xFF); \
+ (out_be)[(i) + 5] = (unsigned char) (((in_le) >> 16) & 0xFF); \
+ (out_be)[(i) + 6] = (unsigned char) (((in_le) >> 8) & 0xFF); \
+ (out_be)[(i) + 7] = (unsigned char) (((in_le) >> 0) & 0xFF); \
+ }
+
+/* This is global so it can be easily accessed by callback functions */
+rng_context_t rng;
+
+/*
+ * global options
+ */
+struct options {
+ const char *server_addr; /* address on which the ssl service runs */
+ const char *server_port; /* port on which the ssl service runs */
+ int debug_level; /* level of debugging */
+ int nbio; /* should I/O be blocking? */
+ int event; /* loop or event-driven IO? level or edge triggered? */
+ uint32_t read_timeout; /* timeout on mbedtls_ssl_read() in milliseconds */
+ int response_size; /* pad response with header to requested size */
+ uint16_t buffer_size; /* IO buffer size */
+ const char *ca_file; /* the file with the CA certificate(s) */
+ const char *ca_path; /* the path with the CA certificate(s) reside */
+ const char *crt_file; /* the file with the server certificate */
+ const char *key_file; /* the file with the server key */
+ int key_opaque; /* handle private key as if it were opaque */
+ const char *key_pwd; /* the password for the server key */
+ const char *crt_file2; /* the file with the 2nd server certificate */
+ const char *key_file2; /* the file with the 2nd server key */
+ const char *key_pwd2; /* the password for the 2nd server key */
+ const char *async_operations; /* supported SSL asynchronous operations */
+ int async_private_delay1; /* number of times f_async_resume needs to be called for key 1, or -1 for no async */
+ int async_private_delay2; /* number of times f_async_resume needs to be called for key 2, or -1 for no async */
+ int async_private_error; /* inject error in async private callback */
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ int psk_opaque;
+ int psk_list_opaque;
+#endif
+#if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK)
+ int ca_callback; /* Use callback for trusted certificate list */
+#endif
+ const char *psk; /* the pre-shared key */
+ const char *psk_identity; /* the pre-shared key identity */
+ char *psk_list; /* list of PSK id/key pairs for callback */
+ const char *ecjpake_pw; /* the EC J-PAKE password */
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ int ecjpake_pw_opaque; /* set to 1 to use the opaque method for setting the password */
+#endif
+ int force_ciphersuite[2]; /* protocol/ciphersuite to use, or all */
+#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
+ int tls13_kex_modes; /* supported TLS 1.3 key exchange modes */
+#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
+ int renegotiation; /* enable / disable renegotiation */
+ int allow_legacy; /* allow legacy renegotiation */
+ int renegotiate; /* attempt renegotiation? */
+ int renego_delay; /* delay before enforcing renegotiation */
+ uint64_t renego_period; /* period for automatic renegotiation */
+ int exchanges; /* number of data exchanges */
+ int min_version; /* minimum protocol version accepted */
+ int max_version; /* maximum protocol version accepted */
+ int allow_sha1; /* flag for SHA-1 support */
+ int auth_mode; /* verify mode for connection */
+ int cert_req_ca_list; /* should we send the CA list? */
+ int cert_req_dn_hint; /* mode to set DN hints for CA list to send */
+ unsigned char mfl_code; /* code for maximum fragment length */
+ int trunc_hmac; /* accept truncated hmac? */
+ int tickets; /* enable / disable session tickets */
+ int dummy_ticket; /* enable / disable dummy ticket generator */
+ int ticket_rotate; /* session ticket rotate (code coverage) */
+ int ticket_timeout; /* session ticket lifetime */
+ int ticket_aead; /* session ticket protection */
+ int cache_max; /* max number of session cache entries */
+#if defined(MBEDTLS_HAVE_TIME)
+ int cache_timeout; /* expiration delay of session cache entries*/
+#endif
+ int cache_remove; /* enable / disable cache entry removal */
+ char *sni; /* string describing sni information */
+ const char *groups; /* list of supported groups */
+ const char *sig_algs; /* supported TLS 1.3 signature algorithms */
+ const char *alpn_string; /* ALPN supported protocols */
+ const char *dhm_file; /* the file with the DH parameters */
+ int extended_ms; /* allow negotiation of extended MS? */
+ int etm; /* allow negotiation of encrypt-then-MAC? */
+ int transport; /* TLS or DTLS? */
+ int cookies; /* Use cookies for DTLS? -1 to break them */
+ int anti_replay; /* Use anti-replay for DTLS? -1 for default */
+ uint32_t hs_to_min; /* Initial value of DTLS handshake timer */
+ uint32_t hs_to_max; /* Max value of DTLS handshake timer */
+ int dtls_mtu; /* UDP Maximum transport unit for DTLS */
+ int dgram_packing; /* allow/forbid datagram packing */
+ int badmac_limit; /* Limit of records with bad MAC */
+ int eap_tls; /* derive EAP-TLS keying material? */
+ int nss_keylog; /* export NSS key log material */
+ const char *nss_keylog_file; /* NSS key log file */
+ int cid_enabled; /* whether to use the CID extension or not */
+ int cid_enabled_renego; /* whether to use the CID extension or not
+ * during renegotiation */
+ const char *cid_val; /* the CID to use for incoming messages */
+ int serialize; /* serialize/deserialize connection */
+ const char *context_file; /* the file to write a serialized connection
+ * in the form of base64 code (serialize
+ * option must be set) */
+ const char *cid_val_renego; /* the CID to use for incoming messages
+ * after renegotiation */
+ int reproducible; /* make communication reproducible */
+#if defined(MBEDTLS_SSL_EARLY_DATA)
+ int early_data; /* early data enablement flag */
+ uint32_t max_early_data_size; /* max amount of early data */
+#endif
+ int query_config_mode; /* whether to read config */
+ int use_srtp; /* Support SRTP */
+ int force_srtp_profile; /* SRTP protection profile to use or all */
+ int support_mki; /* The dtls mki mki support */
+ const char *key1_opaque_alg1; /* Allowed opaque key 1 alg 1 */
+ const char *key1_opaque_alg2; /* Allowed opaque key 1 alg 2 */
+ const char *key2_opaque_alg1; /* Allowed opaque key 2 alg 1 */
+ const char *key2_opaque_alg2; /* Allowed opaque key 2 alg 2 */
+} opt;
+
+#include "ssl_test_common_source.c"
+
+/*
+ * Return authmode from string, or -1 on error
+ */
+static int get_auth_mode(const char *s)
+{
+ if (strcmp(s, "none") == 0) {
+ return MBEDTLS_SSL_VERIFY_NONE;
+ }
+ if (strcmp(s, "optional") == 0) {
+ return MBEDTLS_SSL_VERIFY_OPTIONAL;
+ }
+ if (strcmp(s, "required") == 0) {
+ return MBEDTLS_SSL_VERIFY_REQUIRED;
+ }
+
+ return -1;
+}
+
+/*
+ * Used by sni_parse and psk_parse to handle comma-separated lists
+ */
+#define GET_ITEM(dst) \
+ do \
+ { \
+ (dst) = p; \
+ while (*p != ',') \
+ if (++p > end) \
+ goto error; \
+ *p++ = '\0'; \
+ } while (0)
+
+#if defined(SNI_OPTION)
+typedef struct _sni_entry sni_entry;
+
+struct _sni_entry {
+ const char *name;
+ mbedtls_x509_crt *cert;
+ mbedtls_pk_context *key;
+ mbedtls_x509_crt *ca;
+ mbedtls_x509_crl *crl;
+ int authmode;
+ sni_entry *next;
+};
+
+void sni_free(sni_entry *head)
+{
+ sni_entry *cur = head, *next;
+
+ while (cur != NULL) {
+ mbedtls_x509_crt_free(cur->cert);
+ mbedtls_free(cur->cert);
+
+ mbedtls_pk_free(cur->key);
+ mbedtls_free(cur->key);
+
+ mbedtls_x509_crt_free(cur->ca);
+ mbedtls_free(cur->ca);
+#if defined(MBEDTLS_X509_CRL_PARSE_C)
+ mbedtls_x509_crl_free(cur->crl);
+ mbedtls_free(cur->crl);
+#endif
+ next = cur->next;
+ mbedtls_free(cur);
+ cur = next;
+ }
+}
+
+/*
+ * Parse a string of sextuples name1,crt1,key1,ca1,crl1,auth1[,...]
+ * into a usable sni_entry list. For ca1, crl1, auth1, the special value
+ * '-' means unset. If ca1 is unset, then crl1 is ignored too.
+ *
+ * Modifies the input string! This is not production quality!
+ */
+sni_entry *sni_parse(char *sni_string)
+{
+ sni_entry *cur = NULL, *new = NULL;
+ char *p = sni_string;
+ char *end = p;
+ char *crt_file, *key_file, *ca_file, *auth_str;
+#if defined(MBEDTLS_X509_CRL_PARSE_C)
+ char *crl_file;
+#endif
+
+ while (*end != '\0') {
+ ++end;
+ }
+ *end = ',';
+
+ while (p <= end) {
+ if ((new = mbedtls_calloc(1, sizeof(sni_entry))) == NULL) {
+ sni_free(cur);
+ return NULL;
+ }
+
+ GET_ITEM(new->name);
+ GET_ITEM(crt_file);
+ GET_ITEM(key_file);
+ GET_ITEM(ca_file);
+#if defined(MBEDTLS_X509_CRL_PARSE_C)
+ GET_ITEM(crl_file);
+#endif
+ GET_ITEM(auth_str);
+
+ if ((new->cert = mbedtls_calloc(1, sizeof(mbedtls_x509_crt))) == NULL ||
+ (new->key = mbedtls_calloc(1, sizeof(mbedtls_pk_context))) == NULL) {
+ goto error;
+ }
+
+ mbedtls_x509_crt_init(new->cert);
+ mbedtls_pk_init(new->key);
+
+ if (mbedtls_x509_crt_parse_file(new->cert, crt_file) != 0 ||
+ mbedtls_pk_parse_keyfile(new->key, key_file, "", rng_get, &rng) != 0) {
+ goto error;
+ }
+
+ if (strcmp(ca_file, "-") != 0) {
+ if ((new->ca = mbedtls_calloc(1, sizeof(mbedtls_x509_crt))) == NULL) {
+ goto error;
+ }
+
+ mbedtls_x509_crt_init(new->ca);
+
+ if (mbedtls_x509_crt_parse_file(new->ca, ca_file) != 0) {
+ goto error;
+ }
+ }
+
+#if defined(MBEDTLS_X509_CRL_PARSE_C)
+ if (strcmp(crl_file, "-") != 0) {
+ if ((new->crl = mbedtls_calloc(1, sizeof(mbedtls_x509_crl))) == NULL) {
+ goto error;
+ }
+
+ mbedtls_x509_crl_init(new->crl);
+
+ if (mbedtls_x509_crl_parse_file(new->crl, crl_file) != 0) {
+ goto error;
+ }
+ }
+#endif
+
+ if (strcmp(auth_str, "-") != 0) {
+ if ((new->authmode = get_auth_mode(auth_str)) < 0) {
+ goto error;
+ }
+ } else {
+ new->authmode = DFL_AUTH_MODE;
+ }
+
+ new->next = cur;
+ cur = new;
+ }
+
+ return cur;
+
+error:
+ sni_free(new);
+ sni_free(cur);
+ return NULL;
+}
+
+/*
+ * SNI callback.
+ */
+int sni_callback(void *p_info, mbedtls_ssl_context *ssl,
+ const unsigned char *name, size_t name_len)
+{
+ const sni_entry *cur = (const sni_entry *) p_info;
+
+ /* preserve behavior which checks for SNI match in sni_callback() for
+ * the benefits of tests using sni_callback(), even though the actual
+ * certificate assignment has moved to certificate selection callback
+ * in this application. This exercises sni_callback and cert_callback
+ * even though real applications might choose to do this differently.
+ * Application might choose to save name and name_len in user_data for
+ * later use in certificate selection callback.
+ */
+ while (cur != NULL) {
+ if (name_len == strlen(cur->name) &&
+ memcmp(name, cur->name, name_len) == 0) {
+ void *p;
+ *(const void **)&p = cur;
+ mbedtls_ssl_set_user_data_p(ssl, p);
+ return 0;
+ }
+
+ cur = cur->next;
+ }
+
+ return -1;
+}
+
+/*
+ * server certificate selection callback.
+ */
+int cert_callback(mbedtls_ssl_context *ssl)
+{
+ const sni_entry *cur = (sni_entry *) mbedtls_ssl_get_user_data_p(ssl);
+ if (cur != NULL) {
+ /*(exercise mbedtls_ssl_get_hs_sni(); not otherwise used here)*/
+ size_t name_len;
+ const unsigned char *name = mbedtls_ssl_get_hs_sni(ssl, &name_len);
+ if (strlen(cur->name) != name_len ||
+ memcmp(cur->name, name, name_len) != 0) {
+ return MBEDTLS_ERR_SSL_DECODE_ERROR;
+ }
+
+ if (cur->ca != NULL) {
+ mbedtls_ssl_set_hs_ca_chain(ssl, cur->ca, cur->crl);
+ }
+
+ if (cur->authmode != DFL_AUTH_MODE) {
+ mbedtls_ssl_set_hs_authmode(ssl, cur->authmode);
+ }
+
+ return mbedtls_ssl_set_hs_own_cert(ssl, cur->cert, cur->key);
+ }
+
+ return 0;
+}
+
+#endif /* SNI_OPTION */
+
+#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED)
+
+typedef struct _psk_entry psk_entry;
+
+struct _psk_entry {
+ const char *name;
+ size_t key_len;
+ unsigned char key[MBEDTLS_PSK_MAX_LEN];
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ mbedtls_svc_key_id_t slot;
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+ psk_entry *next;
+};
+
+/*
+ * Free a list of psk_entry's
+ */
+int psk_free(psk_entry *head)
+{
+ psk_entry *next;
+
+ while (head != NULL) {
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ psa_status_t status;
+ mbedtls_svc_key_id_t const slot = head->slot;
+
+ if (MBEDTLS_SVC_KEY_ID_GET_KEY_ID(slot) != 0) {
+ status = psa_destroy_key(slot);
+ if (status != PSA_SUCCESS) {
+ return status;
+ }
+ }
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+
+ next = head->next;
+ mbedtls_free(head);
+ head = next;
+ }
+
+ return 0;
+}
+
+/*
+ * Parse a string of pairs name1,key1[,name2,key2[,...]]
+ * into a usable psk_entry list.
+ *
+ * Modifies the input string! This is not production quality!
+ */
+psk_entry *psk_parse(char *psk_string)
+{
+ psk_entry *cur = NULL, *new = NULL;
+ char *p = psk_string;
+ char *end = p;
+ char *key_hex;
+
+ while (*end != '\0') {
+ ++end;
+ }
+ *end = ',';
+
+ while (p <= end) {
+ if ((new = mbedtls_calloc(1, sizeof(psk_entry))) == NULL) {
+ goto error;
+ }
+
+ memset(new, 0, sizeof(psk_entry));
+
+ GET_ITEM(new->name);
+ GET_ITEM(key_hex);
+
+ if (mbedtls_test_unhexify(new->key, MBEDTLS_PSK_MAX_LEN,
+ key_hex, &new->key_len) != 0) {
+ goto error;
+ }
+
+ new->next = cur;
+ cur = new;
+ }
+
+ return cur;
+
+error:
+ psk_free(new);
+ psk_free(cur);
+ return 0;
+}
+
+/*
+ * PSK callback
+ */
+int psk_callback(void *p_info, mbedtls_ssl_context *ssl,
+ const unsigned char *name, size_t name_len)
+{
+ psk_entry *cur = (psk_entry *) p_info;
+
+ while (cur != NULL) {
+ if (name_len == strlen(cur->name) &&
+ memcmp(name, cur->name, name_len) == 0) {
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ if (MBEDTLS_SVC_KEY_ID_GET_KEY_ID(cur->slot) != 0) {
+ return mbedtls_ssl_set_hs_psk_opaque(ssl, cur->slot);
+ } else
+#endif
+ return mbedtls_ssl_set_hs_psk(ssl, cur->key, cur->key_len);
+ }
+
+ cur = cur->next;
+ }
+
+ return -1;
+}
+#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED */
+
+static mbedtls_net_context listen_fd, client_fd;
+
+/* Interruption handler to ensure clean exit (for valgrind testing) */
+#if !defined(_WIN32)
+static int received_sigterm = 0;
+void term_handler(int sig)
+{
+ ((void) sig);
+ received_sigterm = 1;
+ mbedtls_net_free(&listen_fd); /* causes mbedtls_net_accept() to abort */
+ mbedtls_net_free(&client_fd); /* causes net_read() to abort */
+}
+#endif
+
+/** Return true if \p ret is a status code indicating that there is an
+ * operation in progress on an SSL connection, and false if it indicates
+ * success or a fatal error.
+ *
+ * The possible operations in progress are:
+ *
+ * - A read, when the SSL input buffer does not contain a full message.
+ * - A write, when the SSL output buffer contains some data that has not
+ * been sent over the network yet.
+ * - An asynchronous callback that has not completed yet. */
+static int mbedtls_status_is_ssl_in_progress(int ret)
+{
+ return ret == MBEDTLS_ERR_SSL_WANT_READ ||
+ ret == MBEDTLS_ERR_SSL_WANT_WRITE ||
+ ret == MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS;
+}
+
+#if defined(MBEDTLS_SSL_ASYNC_PRIVATE)
+typedef struct {
+ mbedtls_x509_crt *cert; /*!< Certificate corresponding to the key */
+ mbedtls_pk_context *pk; /*!< Private key */
+ unsigned delay; /*!< Number of resume steps to go through */
+ unsigned pk_owned : 1; /*!< Whether to free the pk object on exit */
+} ssl_async_key_slot_t;
+
+typedef enum {
+ SSL_ASYNC_INJECT_ERROR_NONE = 0, /*!< Let the callbacks succeed */
+ SSL_ASYNC_INJECT_ERROR_START, /*!< Inject error during start */
+ SSL_ASYNC_INJECT_ERROR_CANCEL, /*!< Close the connection after async start */
+ SSL_ASYNC_INJECT_ERROR_RESUME, /*!< Inject error during resume */
+#define SSL_ASYNC_INJECT_ERROR_MAX SSL_ASYNC_INJECT_ERROR_RESUME
+} ssl_async_inject_error_t;
+
+typedef struct {
+ ssl_async_key_slot_t slots[4]; /* key, key2, sni1, sni2 */
+ size_t slots_used;
+ ssl_async_inject_error_t inject_error;
+ int (*f_rng)(void *, unsigned char *, size_t);
+ void *p_rng;
+} ssl_async_key_context_t;
+
+int ssl_async_set_key(ssl_async_key_context_t *ctx,
+ mbedtls_x509_crt *cert,
+ mbedtls_pk_context *pk,
+ int pk_take_ownership,
+ unsigned delay)
+{
+ if (ctx->slots_used >= sizeof(ctx->slots) / sizeof(*ctx->slots)) {
+ return -1;
+ }
+ ctx->slots[ctx->slots_used].cert = cert;
+ ctx->slots[ctx->slots_used].pk = pk;
+ ctx->slots[ctx->slots_used].delay = delay;
+ ctx->slots[ctx->slots_used].pk_owned = pk_take_ownership;
+ ++ctx->slots_used;
+ return 0;
+}
+
+#define SSL_ASYNC_INPUT_MAX_SIZE 512
+
+typedef enum {
+ ASYNC_OP_SIGN,
+ ASYNC_OP_DECRYPT,
+} ssl_async_operation_type_t;
+
+typedef struct {
+ unsigned slot;
+ ssl_async_operation_type_t operation_type;
+ mbedtls_md_type_t md_alg;
+ unsigned char input[SSL_ASYNC_INPUT_MAX_SIZE];
+ size_t input_len;
+ unsigned remaining_delay;
+} ssl_async_operation_context_t;
+
+#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
+
+/* Note that ssl_async_operation_type_t and the array below need to be kept in sync!
+ * `ssl_async_operation_names[op]` is the name of op for each value `op`
+ * of type `ssl_async_operation_type_t`. */
+static const char *const ssl_async_operation_names[] =
+{
+ "sign",
+ "decrypt",
+};
+
+static int ssl_async_start(mbedtls_ssl_context *ssl,
+ mbedtls_x509_crt *cert,
+ ssl_async_operation_type_t op_type,
+ mbedtls_md_type_t md_alg,
+ const unsigned char *input,
+ size_t input_len)
+{
+ ssl_async_key_context_t *config_data =
+ mbedtls_ssl_conf_get_async_config_data(ssl->conf);
+ unsigned slot;
+ ssl_async_operation_context_t *ctx = NULL;
+ const char *op_name = ssl_async_operation_names[op_type];
+
+ {
+ char dn[100];
+ if (mbedtls_x509_dn_gets(dn, sizeof(dn), &cert->subject) > 0) {
+ mbedtls_printf("Async %s callback: looking for DN=%s\n",
+ op_name, dn);
+ }
+ }
+
+ /* Look for a private key that matches the public key in cert.
+ * Since this test code has the private key inside Mbed TLS,
+ * we call mbedtls_pk_check_pair to match a private key with the
+ * public key. */
+ for (slot = 0; slot < config_data->slots_used; slot++) {
+ if (mbedtls_pk_check_pair(&cert->pk,
+ config_data->slots[slot].pk,
+ rng_get, &rng) == 0) {
+ break;
+ }
+ }
+ if (slot == config_data->slots_used) {
+ mbedtls_printf("Async %s callback: no key matches this certificate.\n",
+ op_name);
+ return MBEDTLS_ERR_SSL_HW_ACCEL_FALLTHROUGH;
+ }
+ mbedtls_printf("Async %s callback: using key slot %u, delay=%u.\n",
+ op_name, slot, config_data->slots[slot].delay);
+
+ if (config_data->inject_error == SSL_ASYNC_INJECT_ERROR_START) {
+ mbedtls_printf("Async %s callback: injected error\n", op_name);
+ return MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE;
+ }
+
+ if (input_len > SSL_ASYNC_INPUT_MAX_SIZE) {
+ return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
+ }
+
+ ctx = mbedtls_calloc(1, sizeof(*ctx));
+ if (ctx == NULL) {
+ return MBEDTLS_ERR_SSL_ALLOC_FAILED;
+ }
+ ctx->slot = slot;
+ ctx->operation_type = op_type;
+ ctx->md_alg = md_alg;
+ memcpy(ctx->input, input, input_len);
+ ctx->input_len = input_len;
+ ctx->remaining_delay = config_data->slots[slot].delay;
+ mbedtls_ssl_set_async_operation_data(ssl, ctx);
+
+ if (ctx->remaining_delay == 0) {
+ return 0;
+ } else {
+ return MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS;
+ }
+}
+
+static int ssl_async_sign(mbedtls_ssl_context *ssl,
+ mbedtls_x509_crt *cert,
+ mbedtls_md_type_t md_alg,
+ const unsigned char *hash,
+ size_t hash_len)
+{
+ return ssl_async_start(ssl, cert,
+ ASYNC_OP_SIGN, md_alg,
+ hash, hash_len);
+}
+
+static int ssl_async_decrypt(mbedtls_ssl_context *ssl,
+ mbedtls_x509_crt *cert,
+ const unsigned char *input,
+ size_t input_len)
+{
+ return ssl_async_start(ssl, cert,
+ ASYNC_OP_DECRYPT, MBEDTLS_MD_NONE,
+ input, input_len);
+}
+
+static int ssl_async_resume(mbedtls_ssl_context *ssl,
+ unsigned char *output,
+ size_t *output_len,
+ size_t output_size)
+{
+ ssl_async_operation_context_t *ctx = mbedtls_ssl_get_async_operation_data(ssl);
+ ssl_async_key_context_t *config_data =
+ mbedtls_ssl_conf_get_async_config_data(ssl->conf);
+ ssl_async_key_slot_t *key_slot = &config_data->slots[ctx->slot];
+ int ret;
+ const char *op_name;
+
+ if (ctx->remaining_delay > 0) {
+ --ctx->remaining_delay;
+ mbedtls_printf("Async resume (slot %u): call %u more times.\n",
+ ctx->slot, ctx->remaining_delay);
+ return MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS;
+ }
+
+ switch (ctx->operation_type) {
+ case ASYNC_OP_DECRYPT:
+ ret = mbedtls_pk_decrypt(key_slot->pk,
+ ctx->input, ctx->input_len,
+ output, output_len, output_size,
+ config_data->f_rng, config_data->p_rng);
+ break;
+ case ASYNC_OP_SIGN:
+ ret = mbedtls_pk_sign(key_slot->pk,
+ ctx->md_alg,
+ ctx->input, ctx->input_len,
+ output, output_size, output_len,
+ config_data->f_rng, config_data->p_rng);
+ break;
+ default:
+ mbedtls_printf(
+ "Async resume (slot %u): unknown operation type %ld. This shouldn't happen.\n",
+ ctx->slot,
+ (long) ctx->operation_type);
+ mbedtls_free(ctx);
+ return MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE;
+ break;
+ }
+
+ op_name = ssl_async_operation_names[ctx->operation_type];
+
+ if (config_data->inject_error == SSL_ASYNC_INJECT_ERROR_RESUME) {
+ mbedtls_printf("Async resume callback: %s done but injected error\n",
+ op_name);
+ mbedtls_free(ctx);
+ return MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE;
+ }
+
+ mbedtls_printf("Async resume (slot %u): %s done, status=%d.\n",
+ ctx->slot, op_name, ret);
+ mbedtls_free(ctx);
+ return ret;
+}
+
+static void ssl_async_cancel(mbedtls_ssl_context *ssl)
+{
+ ssl_async_operation_context_t *ctx = mbedtls_ssl_get_async_operation_data(ssl);
+ mbedtls_printf("Async cancel callback.\n");
+ mbedtls_free(ctx);
+}
+#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */
+#endif /* MBEDTLS_SSL_ASYNC_PRIVATE */
+
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED)
+static psa_status_t psa_setup_psk_key_slot(mbedtls_svc_key_id_t *slot,
+ psa_algorithm_t alg,
+ unsigned char *psk,
+ size_t psk_len)
+{
+ psa_status_t status;
+ psa_key_attributes_t key_attributes;
+
+ key_attributes = psa_key_attributes_init();
+ psa_set_key_usage_flags(&key_attributes, PSA_KEY_USAGE_DERIVE);
+ psa_set_key_algorithm(&key_attributes, alg);
+ psa_set_key_type(&key_attributes, PSA_KEY_TYPE_DERIVE);
+
+ status = psa_import_key(&key_attributes, psk, psk_len, slot);
+ if (status != PSA_SUCCESS) {
+ fprintf(stderr, "IMPORT\n");
+ return status;
+ }
+
+ return PSA_SUCCESS;
+}
+#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED */
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+
+#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
+int report_cid_usage(mbedtls_ssl_context *ssl,
+ const char *additional_description)
+{
+ int ret;
+ unsigned char peer_cid[MBEDTLS_SSL_CID_OUT_LEN_MAX];
+ size_t peer_cid_len;
+ int cid_negotiated;
+
+ if (opt.transport != MBEDTLS_SSL_TRANSPORT_DATAGRAM) {
+ return 0;
+ }
+
+ /* Check if the use of a CID has been negotiated */
+ ret = mbedtls_ssl_get_peer_cid(ssl, &cid_negotiated,
+ peer_cid, &peer_cid_len);
+ if (ret != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_ssl_get_peer_cid returned -0x%x\n\n",
+ (unsigned int) -ret);
+ return ret;
+ }
+
+ if (cid_negotiated == MBEDTLS_SSL_CID_DISABLED) {
+ if (opt.cid_enabled == MBEDTLS_SSL_CID_ENABLED) {
+ mbedtls_printf("(%s) Use of Connection ID was not offered by client.\n",
+ additional_description);
+ }
+ } else {
+ size_t idx = 0;
+ mbedtls_printf("(%s) Use of Connection ID has been negotiated.\n",
+ additional_description);
+ mbedtls_printf("(%s) Peer CID (length %u Bytes): ",
+ additional_description,
+ (unsigned) peer_cid_len);
+ while (idx < peer_cid_len) {
+ mbedtls_printf("%02x ", peer_cid[idx]);
+ idx++;
+ }
+ mbedtls_printf("\n");
+ }
+
+ return 0;
+}
+#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
+
+#if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_HAVE_TIME)
+static inline void put_unaligned_uint32(void *p, uint32_t x)
+{
+ memcpy(p, &x, sizeof(x));
+}
+
+/* Functions for session ticket tests */
+int dummy_ticket_write(void *p_ticket, const mbedtls_ssl_session *session,
+ unsigned char *start, const unsigned char *end,
+ size_t *tlen, uint32_t *ticket_lifetime)
+{
+ int ret;
+ unsigned char *p = start;
+ size_t clear_len;
+ ((void) p_ticket);
+
+ if (end - p < 4) {
+ return MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL;
+ }
+ put_unaligned_uint32(p, 7 * 24 * 3600);
+ *ticket_lifetime = 7 * 24 * 3600;
+ p += 4;
+
+ /* Dump session state */
+ if ((ret = mbedtls_ssl_session_save(session, p, end - p,
+ &clear_len)) != 0) {
+ return ret;
+ }
+
+ *tlen = 4 + clear_len;
+
+ return 0;
+}
+
+int dummy_ticket_parse(void *p_ticket, mbedtls_ssl_session *session,
+ unsigned char *buf, size_t len)
+{
+ int ret;
+ ((void) p_ticket);
+
+ if ((ret = mbedtls_ssl_session_load(session, buf + 4, len - 4)) != 0) {
+ return ret;
+ }
+
+ switch (opt.dummy_ticket % 11) {
+ case 1:
+ return MBEDTLS_ERR_SSL_INVALID_MAC;
+ case 2:
+ return MBEDTLS_ERR_SSL_SESSION_TICKET_EXPIRED;
+ case 3:
+ /* Creation time in the future. */
+ session->ticket_creation_time = mbedtls_ms_time() + 1000;
+ break;
+ case 4:
+ /* Ticket has reached the end of lifetime. */
+ session->ticket_creation_time = mbedtls_ms_time() -
+ (7 * 24 * 3600 * 1000 + 1000);
+ break;
+#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
+ case 5:
+ /* Ticket is valid, but client age is below the lower bound of the tolerance window. */
+ session->ticket_age_add += MBEDTLS_SSL_TLS1_3_TICKET_AGE_TOLERANCE + 4 * 1000;
+ /* Make sure the execution time does not affect the result */
+ session->ticket_creation_time = mbedtls_ms_time();
+ break;
+
+ case 6:
+ /* Ticket is valid, but client age is beyond the upper bound of the tolerance window. */
+ session->ticket_age_add -= MBEDTLS_SSL_TLS1_3_TICKET_AGE_TOLERANCE + 4 * 1000;
+ /* Make sure the execution time does not affect the result */
+ session->ticket_creation_time = mbedtls_ms_time();
+ break;
+ case 7:
+ session->ticket_flags = MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_NONE;
+ break;
+ case 8:
+ session->ticket_flags = MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK;
+ break;
+ case 9:
+ session->ticket_flags = MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL;
+ break;
+ case 10:
+ session->ticket_flags = MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ALL;
+ break;
+#endif
+ default:
+ break;
+ }
+
+ return ret;
+}
+#endif /* MBEDTLS_SSL_SESSION_TICKETS && MBEDTLS_HAVE_TIME */
+
+int parse_cipher(char *buf)
+{
+ if (strcmp(buf, "AES-128-CCM")) {
+ return MBEDTLS_CIPHER_AES_128_CCM;
+ } else if (strcmp(buf, "AES-128-GCM")) {
+ return MBEDTLS_CIPHER_AES_128_GCM;
+ } else if (strcmp(buf, "AES-192-CCM")) {
+ return MBEDTLS_CIPHER_AES_192_CCM;
+ } else if (strcmp(buf, "AES-192-GCM")) {
+ return MBEDTLS_CIPHER_AES_192_GCM;
+ } else if (strcmp(buf, "AES-256-CCM")) {
+ return MBEDTLS_CIPHER_AES_256_CCM;
+ } else if (strcmp(buf, "ARIA-128-CCM")) {
+ return MBEDTLS_CIPHER_ARIA_128_CCM;
+ } else if (strcmp(buf, "ARIA-128-GCM")) {
+ return MBEDTLS_CIPHER_ARIA_128_GCM;
+ } else if (strcmp(buf, "ARIA-192-CCM")) {
+ return MBEDTLS_CIPHER_ARIA_192_CCM;
+ } else if (strcmp(buf, "ARIA-192-GCM")) {
+ return MBEDTLS_CIPHER_ARIA_192_GCM;
+ } else if (strcmp(buf, "ARIA-256-CCM")) {
+ return MBEDTLS_CIPHER_ARIA_256_CCM;
+ } else if (strcmp(buf, "ARIA-256-GCM")) {
+ return MBEDTLS_CIPHER_ARIA_256_GCM;
+ } else if (strcmp(buf, "CAMELLIA-128-CCM")) {
+ return MBEDTLS_CIPHER_CAMELLIA_128_CCM;
+ } else if (strcmp(buf, "CAMELLIA-192-CCM")) {
+ return MBEDTLS_CIPHER_CAMELLIA_192_CCM;
+ } else if (strcmp(buf, "CAMELLIA-256-CCM")) {
+ return MBEDTLS_CIPHER_CAMELLIA_256_CCM;
+ } else if (strcmp(buf, "CHACHA20-POLY1305")) {
+ return MBEDTLS_CIPHER_CHACHA20_POLY1305;
+ }
+ return MBEDTLS_CIPHER_NONE;
+}
+
+int main(int argc, char *argv[])
+{
+ int ret = 0, len, written, frags, exchanges_left;
+ int query_config_ret = 0;
+ io_ctx_t io_ctx;
+ unsigned char *buf = 0;
+#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED)
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ psa_algorithm_t alg = 0;
+ mbedtls_svc_key_id_t psk_slot = MBEDTLS_SVC_KEY_ID_INIT;
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+ unsigned char psk[MBEDTLS_PSK_MAX_LEN];
+ size_t psk_len = 0;
+ psk_entry *psk_info = NULL;
+#endif
+ const char *pers = "ssl_server2";
+ unsigned char client_ip[16] = { 0 };
+ size_t cliip_len;
+#if defined(MBEDTLS_SSL_COOKIE_C)
+ mbedtls_ssl_cookie_ctx cookie_ctx;
+#endif
+
+ mbedtls_ssl_context ssl;
+ mbedtls_ssl_config conf;
+#if defined(MBEDTLS_TIMING_C)
+ mbedtls_timing_delay_context timer;
+#endif
+#if defined(MBEDTLS_SSL_RENEGOTIATION)
+ unsigned char renego_period[8] = { 0 };
+#endif
+#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
+ uint32_t flags;
+ mbedtls_x509_crt cacert;
+ mbedtls_x509_crt srvcert;
+ mbedtls_pk_context pkey;
+ mbedtls_x509_crt srvcert2;
+ mbedtls_pk_context pkey2;
+ mbedtls_x509_crt_profile crt_profile_for_test = mbedtls_x509_crt_profile_default;
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ mbedtls_svc_key_id_t key_slot = MBEDTLS_SVC_KEY_ID_INIT; /* invalid key slot */
+ mbedtls_svc_key_id_t key_slot2 = MBEDTLS_SVC_KEY_ID_INIT; /* invalid key slot */
+#endif
+ int key_cert_init = 0, key_cert_init2 = 0;
+#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */
+#if defined(MBEDTLS_SSL_ASYNC_PRIVATE)
+ ssl_async_key_context_t ssl_async_keys;
+#endif /* MBEDTLS_SSL_ASYNC_PRIVATE */
+#if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_FS_IO)
+ mbedtls_dhm_context dhm;
+#endif
+#if defined(MBEDTLS_SSL_CACHE_C)
+ mbedtls_ssl_cache_context cache;
+#endif
+#if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_TICKET_C)
+ mbedtls_ssl_ticket_context ticket_ctx;
+#endif /* MBEDTLS_SSL_SESSION_TICKETS && MBEDTLS_SSL_TICKET_C */
+#if defined(SNI_OPTION)
+ sni_entry *sni_info = NULL;
+#endif
+ uint16_t group_list[GROUP_LIST_SIZE];
+#if defined(MBEDTLS_SSL_ALPN)
+ const char *alpn_list[ALPN_LIST_SIZE];
+#endif
+#if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C)
+ unsigned char alloc_buf[MEMORY_HEAP_SIZE];
+#endif
+#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
+ unsigned char cid[MBEDTLS_SSL_CID_IN_LEN_MAX];
+ unsigned char cid_renego[MBEDTLS_SSL_CID_IN_LEN_MAX];
+ size_t cid_len = 0;
+ size_t cid_renego_len = 0;
+#endif
+#if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION)
+ unsigned char *context_buf = NULL;
+ size_t context_buf_len = 0;
+#endif
+#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) && \
+ defined(MBEDTLS_USE_PSA_CRYPTO)
+ mbedtls_svc_key_id_t ecjpake_pw_slot = MBEDTLS_SVC_KEY_ID_INIT; /* ecjpake password key slot */
+#endif /* MBEDTLS_USE_PSA_CRYPTO && MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
+
+#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
+ uint16_t sig_alg_list[SIG_ALG_LIST_SIZE];
+#endif
+
+ int i;
+ char *p, *q;
+ const int *list;
+#if defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3)
+ psa_status_t status;
+#endif
+ unsigned char eap_tls_keymaterial[16];
+ unsigned char eap_tls_iv[8];
+ const char *eap_tls_label = "client EAP encryption";
+ eap_tls_keys eap_tls_keying;
+#if defined(MBEDTLS_SSL_DTLS_SRTP)
+ /*! master keys and master salt for SRTP generated during handshake */
+ unsigned char dtls_srtp_key_material[MBEDTLS_TLS_SRTP_MAX_KEY_MATERIAL_LENGTH];
+ const char *dtls_srtp_label = "EXTRACTOR-dtls_srtp";
+ dtls_srtp_keys dtls_srtp_keying;
+ const mbedtls_ssl_srtp_profile default_profiles[] = {
+ MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_80,
+ MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_32,
+ MBEDTLS_TLS_SRTP_NULL_HMAC_SHA1_80,
+ MBEDTLS_TLS_SRTP_NULL_HMAC_SHA1_32,
+ MBEDTLS_TLS_SRTP_UNSET
+ };
+#endif /* MBEDTLS_SSL_DTLS_SRTP */
+
+#if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C)
+ mbedtls_memory_buffer_alloc_init(alloc_buf, sizeof(alloc_buf));
+#if defined(MBEDTLS_MEMORY_DEBUG)
+ size_t current_heap_memory, peak_heap_memory, heap_blocks;
+#endif /* MBEDTLS_MEMORY_DEBUG */
+#endif /* MBEDTLS_MEMORY_BUFFER_ALLOC_C */
+
+#if defined(MBEDTLS_TEST_HOOKS)
+ test_hooks_init();
+#endif /* MBEDTLS_TEST_HOOKS */
+
+ /*
+ * Make sure memory references are valid in case we exit early.
+ */
+ mbedtls_net_init(&client_fd);
+ mbedtls_net_init(&listen_fd);
+ mbedtls_ssl_init(&ssl);
+ mbedtls_ssl_config_init(&conf);
+ rng_init(&rng);
+#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
+ mbedtls_x509_crt_init(&cacert);
+ mbedtls_x509_crt_init(&srvcert);
+ mbedtls_pk_init(&pkey);
+ mbedtls_x509_crt_init(&srvcert2);
+ mbedtls_pk_init(&pkey2);
+#endif
+#if defined(MBEDTLS_SSL_ASYNC_PRIVATE)
+ memset(&ssl_async_keys, 0, sizeof(ssl_async_keys));
+#endif
+#if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_FS_IO)
+ mbedtls_dhm_init(&dhm);
+#endif
+#if defined(MBEDTLS_SSL_CACHE_C)
+ mbedtls_ssl_cache_init(&cache);
+#endif
+#if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_TICKET_C)
+ mbedtls_ssl_ticket_init(&ticket_ctx);
+#endif
+#if defined(MBEDTLS_SSL_ALPN)
+ memset((void *) alpn_list, 0, sizeof(alpn_list));
+#endif
+#if defined(MBEDTLS_SSL_COOKIE_C)
+ mbedtls_ssl_cookie_init(&cookie_ctx);
+#endif
+
+#if defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3)
+ status = psa_crypto_init();
+ if (status != PSA_SUCCESS) {
+ mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n",
+ (int) status);
+ ret = MBEDTLS_ERR_SSL_HW_ACCEL_FAILED;
+ goto exit;
+ }
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+#if defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG)
+ mbedtls_test_enable_insecure_external_rng();
+#endif /* MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG */
+
+#if !defined(_WIN32)
+ /* Abort cleanly on SIGTERM and SIGINT */
+ signal(SIGTERM, term_handler);
+ signal(SIGINT, term_handler);
+#endif
+
+ opt.buffer_size = DFL_IO_BUF_LEN;
+ opt.server_addr = DFL_SERVER_ADDR;
+ opt.server_port = DFL_SERVER_PORT;
+ opt.debug_level = DFL_DEBUG_LEVEL;
+ opt.event = DFL_EVENT;
+ opt.response_size = DFL_RESPONSE_SIZE;
+ opt.nbio = DFL_NBIO;
+ opt.cid_enabled = DFL_CID_ENABLED;
+ opt.cid_enabled_renego = DFL_CID_ENABLED_RENEGO;
+ opt.cid_val = DFL_CID_VALUE;
+ opt.cid_val_renego = DFL_CID_VALUE_RENEGO;
+ opt.read_timeout = DFL_READ_TIMEOUT;
+ opt.ca_file = DFL_CA_FILE;
+ opt.ca_path = DFL_CA_PATH;
+ opt.crt_file = DFL_CRT_FILE;
+ opt.key_file = DFL_KEY_FILE;
+ opt.key_opaque = DFL_KEY_OPAQUE;
+ opt.key_pwd = DFL_KEY_PWD;
+ opt.crt_file2 = DFL_CRT_FILE2;
+ opt.key_file2 = DFL_KEY_FILE2;
+ opt.key_pwd2 = DFL_KEY_PWD2;
+ opt.async_operations = DFL_ASYNC_OPERATIONS;
+ opt.async_private_delay1 = DFL_ASYNC_PRIVATE_DELAY1;
+ opt.async_private_delay2 = DFL_ASYNC_PRIVATE_DELAY2;
+ opt.async_private_error = DFL_ASYNC_PRIVATE_ERROR;
+ opt.psk = DFL_PSK;
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ opt.psk_opaque = DFL_PSK_OPAQUE;
+ opt.psk_list_opaque = DFL_PSK_LIST_OPAQUE;
+#endif
+#if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK)
+ opt.ca_callback = DFL_CA_CALLBACK;
+#endif
+ opt.psk_identity = DFL_PSK_IDENTITY;
+ opt.psk_list = DFL_PSK_LIST;
+ opt.ecjpake_pw = DFL_ECJPAKE_PW;
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ opt.ecjpake_pw_opaque = DFL_ECJPAKE_PW_OPAQUE;
+#endif
+ opt.force_ciphersuite[0] = DFL_FORCE_CIPHER;
+#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
+ opt.tls13_kex_modes = DFL_TLS1_3_KEX_MODES;
+#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
+ opt.renegotiation = DFL_RENEGOTIATION;
+ opt.allow_legacy = DFL_ALLOW_LEGACY;
+ opt.renegotiate = DFL_RENEGOTIATE;
+ opt.renego_delay = DFL_RENEGO_DELAY;
+ opt.renego_period = DFL_RENEGO_PERIOD;
+ opt.exchanges = DFL_EXCHANGES;
+ opt.min_version = DFL_MIN_VERSION;
+ opt.max_version = DFL_MAX_VERSION;
+ opt.allow_sha1 = DFL_SHA1;
+ opt.auth_mode = DFL_AUTH_MODE;
+ opt.cert_req_ca_list = DFL_CERT_REQ_CA_LIST;
+ opt.cert_req_dn_hint = DFL_CERT_REQ_DN_HINT;
+ opt.mfl_code = DFL_MFL_CODE;
+ opt.trunc_hmac = DFL_TRUNC_HMAC;
+ opt.tickets = DFL_TICKETS;
+ opt.dummy_ticket = DFL_DUMMY_TICKET;
+ opt.ticket_rotate = DFL_TICKET_ROTATE;
+ opt.ticket_timeout = DFL_TICKET_TIMEOUT;
+ opt.ticket_aead = DFL_TICKET_AEAD;
+ opt.cache_max = DFL_CACHE_MAX;
+#if defined(MBEDTLS_HAVE_TIME)
+ opt.cache_timeout = DFL_CACHE_TIMEOUT;
+#endif
+ opt.cache_remove = DFL_CACHE_REMOVE;
+ opt.sni = DFL_SNI;
+ opt.alpn_string = DFL_ALPN_STRING;
+ opt.groups = DFL_GROUPS;
+#if defined(MBEDTLS_SSL_EARLY_DATA)
+ opt.early_data = DFL_EARLY_DATA;
+ opt.max_early_data_size = DFL_MAX_EARLY_DATA_SIZE;
+#endif
+ opt.sig_algs = DFL_SIG_ALGS;
+ opt.dhm_file = DFL_DHM_FILE;
+ opt.transport = DFL_TRANSPORT;
+ opt.cookies = DFL_COOKIES;
+ opt.anti_replay = DFL_ANTI_REPLAY;
+ opt.hs_to_min = DFL_HS_TO_MIN;
+ opt.hs_to_max = DFL_HS_TO_MAX;
+ opt.dtls_mtu = DFL_DTLS_MTU;
+ opt.dgram_packing = DFL_DGRAM_PACKING;
+ opt.badmac_limit = DFL_BADMAC_LIMIT;
+ opt.extended_ms = DFL_EXTENDED_MS;
+ opt.etm = DFL_ETM;
+ opt.serialize = DFL_SERIALIZE;
+ opt.context_file = DFL_CONTEXT_FILE;
+ opt.eap_tls = DFL_EAP_TLS;
+ opt.reproducible = DFL_REPRODUCIBLE;
+ opt.nss_keylog = DFL_NSS_KEYLOG;
+ opt.nss_keylog_file = DFL_NSS_KEYLOG_FILE;
+ opt.query_config_mode = DFL_QUERY_CONFIG_MODE;
+ opt.use_srtp = DFL_USE_SRTP;
+ opt.force_srtp_profile = DFL_SRTP_FORCE_PROFILE;
+ opt.support_mki = DFL_SRTP_SUPPORT_MKI;
+ opt.key1_opaque_alg1 = DFL_KEY_OPAQUE_ALG;
+ opt.key1_opaque_alg2 = DFL_KEY_OPAQUE_ALG;
+ opt.key2_opaque_alg1 = DFL_KEY_OPAQUE_ALG;
+ opt.key2_opaque_alg2 = DFL_KEY_OPAQUE_ALG;
+
+ p = q = NULL;
+ if (argc < 1) {
+usage:
+ if (p != NULL && q != NULL) {
+ printf("unrecognized value for '%s': '%s'\n", p, q);
+ } else if (p != NULL && q == NULL) {
+ printf("unrecognized param: '%s'\n", p);
+ }
+
+ mbedtls_printf("usage: ssl_client2 [param=value] [...]\n");
+ mbedtls_printf(" ssl_client2 help[_theme]\n");
+ mbedtls_printf("'help' lists acceptable 'param' and 'value'\n");
+ mbedtls_printf("'help_ciphersuites' lists available ciphersuites\n");
+ mbedtls_printf("\n");
+
+ if (ret == 0) {
+ ret = 1;
+ }
+ goto exit;
+ }
+
+ for (i = 1; i < argc; i++) {
+ p = argv[i];
+
+ if (strcmp(p, "help") == 0) {
+ mbedtls_printf(USAGE1);
+ mbedtls_printf(USAGE2);
+ mbedtls_printf(USAGE3);
+ mbedtls_printf(USAGE4);
+
+ ret = 0;
+ goto exit;
+ }
+ if (strcmp(p, "help_ciphersuites") == 0) {
+ mbedtls_printf(" acceptable ciphersuite names:\n");
+ for (list = mbedtls_ssl_list_ciphersuites();
+ *list != 0;
+ list++) {
+ mbedtls_printf(" %s\n", mbedtls_ssl_get_ciphersuite_name(*list));
+ }
+
+ ret = 0;
+ goto exit;
+ }
+
+ if ((q = strchr(p, '=')) == NULL) {
+ mbedtls_printf("param requires a value: '%s'\n", p);
+ p = NULL; // avoid "unrecnognized param" message
+ goto usage;
+ }
+ *q++ = '\0';
+
+ if (strcmp(p, "server_port") == 0) {
+ opt.server_port = q;
+ } else if (strcmp(p, "server_addr") == 0) {
+ opt.server_addr = q;
+ } else if (strcmp(p, "dtls") == 0) {
+ int t = atoi(q);
+ if (t == 0) {
+ opt.transport = MBEDTLS_SSL_TRANSPORT_STREAM;
+ } else if (t == 1) {
+ opt.transport = MBEDTLS_SSL_TRANSPORT_DATAGRAM;
+ } else {
+ goto usage;
+ }
+ } else if (strcmp(p, "debug_level") == 0) {
+ opt.debug_level = atoi(q);
+ if (opt.debug_level < 0 || opt.debug_level > 65535) {
+ goto usage;
+ }
+ } else if (strcmp(p, "build_version") == 0) {
+ if (strcmp(q, "1") == 0) {
+ mbedtls_printf("build version: %s (build %d)\n",
+ MBEDTLS_VERSION_STRING_FULL,
+ MBEDTLS_VERSION_NUMBER);
+ goto exit;
+ }
+ } else if (strcmp(p, "nbio") == 0) {
+ opt.nbio = atoi(q);
+ if (opt.nbio < 0 || opt.nbio > 2) {
+ goto usage;
+ }
+ } else if (strcmp(p, "event") == 0) {
+ opt.event = atoi(q);
+ if (opt.event < 0 || opt.event > 2) {
+ goto usage;
+ }
+ } else if (strcmp(p, "read_timeout") == 0) {
+ opt.read_timeout = atoi(q);
+ } else if (strcmp(p, "buffer_size") == 0) {
+ opt.buffer_size = atoi(q);
+ if (opt.buffer_size < 1) {
+ goto usage;
+ }
+ } else if (strcmp(p, "response_size") == 0) {
+ opt.response_size = atoi(q);
+ if (opt.response_size < 0 || opt.response_size > MBEDTLS_SSL_OUT_CONTENT_LEN) {
+ goto usage;
+ }
+ if (opt.buffer_size < opt.response_size) {
+ opt.buffer_size = opt.response_size;
+ }
+ } else if (strcmp(p, "ca_file") == 0) {
+ opt.ca_file = q;
+ } else if (strcmp(p, "ca_path") == 0) {
+ opt.ca_path = q;
+ } else if (strcmp(p, "crt_file") == 0) {
+ opt.crt_file = q;
+ } else if (strcmp(p, "key_file") == 0) {
+ opt.key_file = q;
+ } else if (strcmp(p, "key_pwd") == 0) {
+ opt.key_pwd = q;
+ }
+#if defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
+ else if (strcmp(p, "key_opaque") == 0) {
+ opt.key_opaque = atoi(q);
+ }
+#endif
+ else if (strcmp(p, "crt_file2") == 0) {
+ opt.crt_file2 = q;
+ } else if (strcmp(p, "key_file2") == 0) {
+ opt.key_file2 = q;
+ } else if (strcmp(p, "key_pwd2") == 0) {
+ opt.key_pwd2 = q;
+ } else if (strcmp(p, "dhm_file") == 0) {
+ opt.dhm_file = q;
+ }
+#if defined(MBEDTLS_SSL_ASYNC_PRIVATE)
+ else if (strcmp(p, "async_operations") == 0) {
+ opt.async_operations = q;
+ } else if (strcmp(p, "async_private_delay1") == 0) {
+ opt.async_private_delay1 = atoi(q);
+ } else if (strcmp(p, "async_private_delay2") == 0) {
+ opt.async_private_delay2 = atoi(q);
+ } else if (strcmp(p, "async_private_error") == 0) {
+ int n = atoi(q);
+ if (n < -SSL_ASYNC_INJECT_ERROR_MAX ||
+ n > SSL_ASYNC_INJECT_ERROR_MAX) {
+ ret = 2;
+ goto usage;
+ }
+ opt.async_private_error = n;
+ }
+#endif /* MBEDTLS_SSL_ASYNC_PRIVATE */
+#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
+ else if (strcmp(p, "cid") == 0) {
+ opt.cid_enabled = atoi(q);
+ if (opt.cid_enabled != 0 && opt.cid_enabled != 1) {
+ goto usage;
+ }
+ } else if (strcmp(p, "cid_renego") == 0) {
+ opt.cid_enabled_renego = atoi(q);
+ if (opt.cid_enabled_renego != 0 && opt.cid_enabled_renego != 1) {
+ goto usage;
+ }
+ } else if (strcmp(p, "cid_val") == 0) {
+ opt.cid_val = q;
+ } else if (strcmp(p, "cid_val_renego") == 0) {
+ opt.cid_val_renego = q;
+ }
+#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
+ else if (strcmp(p, "psk") == 0) {
+ opt.psk = q;
+ }
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ else if (strcmp(p, "psk_opaque") == 0) {
+ opt.psk_opaque = atoi(q);
+ } else if (strcmp(p, "psk_list_opaque") == 0) {
+ opt.psk_list_opaque = atoi(q);
+ }
+#endif
+#if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK)
+ else if (strcmp(p, "ca_callback") == 0) {
+ opt.ca_callback = atoi(q);
+ }
+#endif
+ else if (strcmp(p, "psk_identity") == 0) {
+ opt.psk_identity = q;
+ } else if (strcmp(p, "psk_list") == 0) {
+ opt.psk_list = q;
+ } else if (strcmp(p, "ecjpake_pw") == 0) {
+ opt.ecjpake_pw = q;
+ }
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ else if (strcmp(p, "ecjpake_pw_opaque") == 0) {
+ opt.ecjpake_pw_opaque = atoi(q);
+ }
+#endif
+ else if (strcmp(p, "force_ciphersuite") == 0) {
+ opt.force_ciphersuite[0] = mbedtls_ssl_get_ciphersuite_id(q);
+
+ if (opt.force_ciphersuite[0] == 0) {
+ ret = 2;
+ goto usage;
+ }
+ opt.force_ciphersuite[1] = 0;
+ } else if (strcmp(p, "groups") == 0) {
+ opt.groups = q;
+ }
+#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
+ else if (strcmp(p, "sig_algs") == 0) {
+ opt.sig_algs = q;
+ }
+#endif
+#if defined(MBEDTLS_SSL_EARLY_DATA)
+ else if (strcmp(p, "early_data") == 0) {
+ switch (atoi(q)) {
+ case 0:
+ opt.early_data = MBEDTLS_SSL_EARLY_DATA_DISABLED;
+ break;
+ case 1:
+ opt.early_data = MBEDTLS_SSL_EARLY_DATA_ENABLED;
+ break;
+ default: goto usage;
+ }
+ } else if (strcmp(p, "max_early_data_size") == 0) {
+ opt.max_early_data_size = (uint32_t) atoll(q);
+ }
+#endif /* MBEDTLS_SSL_EARLY_DATA */
+ else if (strcmp(p, "renegotiation") == 0) {
+ opt.renegotiation = (atoi(q)) ?
+ MBEDTLS_SSL_RENEGOTIATION_ENABLED :
+ MBEDTLS_SSL_RENEGOTIATION_DISABLED;
+ } else if (strcmp(p, "allow_legacy") == 0) {
+ switch (atoi(q)) {
+ case -1:
+ opt.allow_legacy = MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE;
+ break;
+ case 0:
+ opt.allow_legacy = MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION;
+ break;
+ case 1:
+ opt.allow_legacy = MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION;
+ break;
+ default: goto usage;
+ }
+ } else if (strcmp(p, "renegotiate") == 0) {
+ opt.renegotiate = atoi(q);
+ if (opt.renegotiate < 0 || opt.renegotiate > 1) {
+ goto usage;
+ }
+ } else if (strcmp(p, "renego_delay") == 0) {
+ opt.renego_delay = atoi(q);
+ } else if (strcmp(p, "renego_period") == 0) {
+#if defined(_MSC_VER)
+ opt.renego_period = _strtoui64(q, NULL, 10);
+#else
+ if (sscanf(q, "%" SCNu64, &opt.renego_period) != 1) {
+ goto usage;
+ }
+#endif /* _MSC_VER */
+ if (opt.renego_period < 2) {
+ goto usage;
+ }
+ } else if (strcmp(p, "exchanges") == 0) {
+ opt.exchanges = atoi(q);
+ if (opt.exchanges < 0) {
+ goto usage;
+ }
+ }
+#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
+ else if (strcmp(p, "tls13_kex_modes") == 0) {
+ if (strcmp(q, "psk") == 0) {
+ opt.tls13_kex_modes = MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK;
+ } else if (strcmp(q, "psk_ephemeral") == 0) {
+ opt.tls13_kex_modes = MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL;
+ } else if (strcmp(q, "ephemeral") == 0) {
+ opt.tls13_kex_modes = MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL;
+ } else if (strcmp(q, "ephemeral_all") == 0) {
+ opt.tls13_kex_modes = MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ALL;
+ } else if (strcmp(q, "psk_all") == 0) {
+ opt.tls13_kex_modes = MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ALL;
+ } else if (strcmp(q, "all") == 0) {
+ opt.tls13_kex_modes = MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_ALL;
+ }
+ /* The purpose of `psk_or_ephemeral` is to improve test coverage. That
+ * is not recommended in practice.
+ * `psk_or_ephemeral` exists in theory, we need this mode to test if
+ * this setting work correctly. With this key exchange setting, server
+ * should always perform `ephemeral` handshake. `psk` or `psk_ephemeral`
+ * is not expected.
+ */
+ else if (strcmp(q, "psk_or_ephemeral") == 0) {
+ opt.tls13_kex_modes = MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK |
+ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL;
+ } else {
+ goto usage;
+ }
+ }
+#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
+
+ else if (strcmp(p, "min_version") == 0) {
+ if (strcmp(q, "tls12") == 0 ||
+ strcmp(q, "dtls12") == 0) {
+ opt.min_version = MBEDTLS_SSL_VERSION_TLS1_2;
+ }
+#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
+ else if (strcmp(q, "tls13") == 0) {
+ opt.min_version = MBEDTLS_SSL_VERSION_TLS1_3;
+ }
+#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
+ else {
+ goto usage;
+ }
+ } else if (strcmp(p, "max_version") == 0) {
+ if (strcmp(q, "tls12") == 0 ||
+ strcmp(q, "dtls12") == 0) {
+ opt.max_version = MBEDTLS_SSL_VERSION_TLS1_2;
+ }
+#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
+ else if (strcmp(q, "tls13") == 0) {
+ opt.max_version = MBEDTLS_SSL_VERSION_TLS1_3;
+ }
+#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
+ else {
+ goto usage;
+ }
+ } else if (strcmp(p, "allow_sha1") == 0) {
+ switch (atoi(q)) {
+ case 0: opt.allow_sha1 = 0; break;
+ case 1: opt.allow_sha1 = 1; break;
+ default: goto usage;
+ }
+ } else if (strcmp(p, "force_version") == 0) {
+ if (strcmp(q, "tls12") == 0) {
+ opt.min_version = MBEDTLS_SSL_VERSION_TLS1_2;
+ opt.max_version = MBEDTLS_SSL_VERSION_TLS1_2;
+ } else if (strcmp(q, "dtls12") == 0) {
+ opt.min_version = MBEDTLS_SSL_VERSION_TLS1_2;
+ opt.max_version = MBEDTLS_SSL_VERSION_TLS1_2;
+ opt.transport = MBEDTLS_SSL_TRANSPORT_DATAGRAM;
+ }
+#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
+ else if (strcmp(q, "tls13") == 0) {
+ opt.min_version = MBEDTLS_SSL_VERSION_TLS1_3;
+ opt.max_version = MBEDTLS_SSL_VERSION_TLS1_3;
+ }
+#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
+ else {
+ goto usage;
+ }
+ } else if (strcmp(p, "auth_mode") == 0) {
+ if ((opt.auth_mode = get_auth_mode(q)) < 0) {
+ goto usage;
+ }
+ } else if (strcmp(p, "cert_req_ca_list") == 0) {
+ opt.cert_req_ca_list = atoi(q);
+ if (opt.cert_req_ca_list < 0 || opt.cert_req_ca_list > 3) {
+ goto usage;
+ }
+ if (opt.cert_req_ca_list > 1) {
+ opt.cert_req_dn_hint = opt.cert_req_ca_list;
+ opt.cert_req_ca_list = MBEDTLS_SSL_CERT_REQ_CA_LIST_ENABLED;
+ }
+ } else if (strcmp(p, "max_frag_len") == 0) {
+ if (strcmp(q, "512") == 0) {
+ opt.mfl_code = MBEDTLS_SSL_MAX_FRAG_LEN_512;
+ } else if (strcmp(q, "1024") == 0) {
+ opt.mfl_code = MBEDTLS_SSL_MAX_FRAG_LEN_1024;
+ } else if (strcmp(q, "2048") == 0) {
+ opt.mfl_code = MBEDTLS_SSL_MAX_FRAG_LEN_2048;
+ } else if (strcmp(q, "4096") == 0) {
+ opt.mfl_code = MBEDTLS_SSL_MAX_FRAG_LEN_4096;
+ } else {
+ goto usage;
+ }
+ } else if (strcmp(p, "alpn") == 0) {
+ opt.alpn_string = q;
+ } else if (strcmp(p, "trunc_hmac") == 0) {
+ switch (atoi(q)) {
+ case 0: opt.trunc_hmac = MBEDTLS_SSL_TRUNC_HMAC_DISABLED; break;
+ case 1: opt.trunc_hmac = MBEDTLS_SSL_TRUNC_HMAC_ENABLED; break;
+ default: goto usage;
+ }
+ } else if (strcmp(p, "extended_ms") == 0) {
+ switch (atoi(q)) {
+ case 0:
+ opt.extended_ms = MBEDTLS_SSL_EXTENDED_MS_DISABLED;
+ break;
+ case 1:
+ opt.extended_ms = MBEDTLS_SSL_EXTENDED_MS_ENABLED;
+ break;
+ default: goto usage;
+ }
+ } else if (strcmp(p, "etm") == 0) {
+ switch (atoi(q)) {
+ case 0: opt.etm = MBEDTLS_SSL_ETM_DISABLED; break;
+ case 1: opt.etm = MBEDTLS_SSL_ETM_ENABLED; break;
+ default: goto usage;
+ }
+ } else if (strcmp(p, "tickets") == 0) {
+ opt.tickets = atoi(q);
+ if (opt.tickets < 0) {
+ goto usage;
+ }
+ } else if (strcmp(p, "dummy_ticket") == 0) {
+ opt.dummy_ticket = atoi(q);
+ if (opt.dummy_ticket < 0) {
+ goto usage;
+ }
+ } else if (strcmp(p, "ticket_rotate") == 0) {
+ opt.ticket_rotate = atoi(q);
+ if (opt.ticket_rotate < 0 || opt.ticket_rotate > 1) {
+ goto usage;
+ }
+ } else if (strcmp(p, "ticket_timeout") == 0) {
+ opt.ticket_timeout = atoi(q);
+ if (opt.ticket_timeout < 0) {
+ goto usage;
+ }
+ } else if (strcmp(p, "ticket_aead") == 0) {
+ opt.ticket_aead = parse_cipher(q);
+
+ if (opt.ticket_aead == MBEDTLS_CIPHER_NONE) {
+ goto usage;
+ }
+ } else if (strcmp(p, "cache_max") == 0) {
+ opt.cache_max = atoi(q);
+ if (opt.cache_max < 0) {
+ goto usage;
+ }
+ }
+#if defined(MBEDTLS_HAVE_TIME)
+ else if (strcmp(p, "cache_timeout") == 0) {
+ opt.cache_timeout = atoi(q);
+ if (opt.cache_timeout < 0) {
+ goto usage;
+ }
+ }
+#endif
+ else if (strcmp(p, "cache_remove") == 0) {
+ opt.cache_remove = atoi(q);
+ if (opt.cache_remove < 0 || opt.cache_remove > 1) {
+ goto usage;
+ }
+ } else if (strcmp(p, "cookies") == 0) {
+ opt.cookies = atoi(q);
+ if (opt.cookies < -1 || opt.cookies > 1) {
+ goto usage;
+ }
+ } else if (strcmp(p, "anti_replay") == 0) {
+ opt.anti_replay = atoi(q);
+ if (opt.anti_replay < 0 || opt.anti_replay > 1) {
+ goto usage;
+ }
+ } else if (strcmp(p, "badmac_limit") == 0) {
+ opt.badmac_limit = atoi(q);
+ if (opt.badmac_limit < 0) {
+ goto usage;
+ }
+ } else if (strcmp(p, "hs_timeout") == 0) {
+ if ((p = strchr(q, '-')) == NULL) {
+ goto usage;
+ }
+ *p++ = '\0';
+ opt.hs_to_min = atoi(q);
+ opt.hs_to_max = atoi(p);
+ if (opt.hs_to_min == 0 || opt.hs_to_max < opt.hs_to_min) {
+ goto usage;
+ }
+ } else if (strcmp(p, "mtu") == 0) {
+ opt.dtls_mtu = atoi(q);
+ if (opt.dtls_mtu < 0) {
+ goto usage;
+ }
+ } else if (strcmp(p, "dgram_packing") == 0) {
+ opt.dgram_packing = atoi(q);
+ if (opt.dgram_packing != 0 &&
+ opt.dgram_packing != 1) {
+ goto usage;
+ }
+ } else if (strcmp(p, "sni") == 0) {
+ opt.sni = q;
+ } else if (strcmp(p, "query_config") == 0) {
+ opt.query_config_mode = 1;
+ query_config_ret = query_config(q);
+ goto exit;
+ } else if (strcmp(p, "serialize") == 0) {
+ opt.serialize = atoi(q);
+ if (opt.serialize < 0 || opt.serialize > 2) {
+ goto usage;
+ }
+ } else if (strcmp(p, "context_file") == 0) {
+ opt.context_file = q;
+ } else if (strcmp(p, "eap_tls") == 0) {
+ opt.eap_tls = atoi(q);
+ if (opt.eap_tls < 0 || opt.eap_tls > 1) {
+ goto usage;
+ }
+ } else if (strcmp(p, "reproducible") == 0) {
+ opt.reproducible = 1;
+ } else if (strcmp(p, "nss_keylog") == 0) {
+ opt.nss_keylog = atoi(q);
+ if (opt.nss_keylog < 0 || opt.nss_keylog > 1) {
+ goto usage;
+ }
+ } else if (strcmp(p, "nss_keylog_file") == 0) {
+ opt.nss_keylog_file = q;
+ } else if (strcmp(p, "use_srtp") == 0) {
+ opt.use_srtp = atoi(q);
+ } else if (strcmp(p, "srtp_force_profile") == 0) {
+ opt.force_srtp_profile = atoi(q);
+ } else if (strcmp(p, "support_mki") == 0) {
+ opt.support_mki = atoi(q);
+ } else if (strcmp(p, "key_opaque_algs") == 0) {
+ if (key_opaque_alg_parse(q, &opt.key1_opaque_alg1,
+ &opt.key1_opaque_alg2) != 0) {
+ goto usage;
+ }
+ } else if (strcmp(p, "key_opaque_algs2") == 0) {
+ if (key_opaque_alg_parse(q, &opt.key2_opaque_alg1,
+ &opt.key2_opaque_alg2) != 0) {
+ goto usage;
+ }
+ } else {
+ /* This signals that the problem is with p not q */
+ q = NULL;
+ goto usage;
+ }
+ }
+ /* This signals that any further erorrs are not with a single option */
+ p = q = NULL;
+
+ if (opt.nss_keylog != 0 && opt.eap_tls != 0) {
+ mbedtls_printf("Error: eap_tls and nss_keylog options cannot be used together.\n");
+ goto usage;
+ }
+
+ /* Event-driven IO is incompatible with the above custom
+ * receive and send functions, as the polling builds on
+ * refers to the underlying net_context. */
+ if (opt.event == 1 && opt.nbio != 1) {
+ mbedtls_printf("Warning: event-driven IO mandates nbio=1 - overwrite\n");
+ opt.nbio = 1;
+ }
+
+#if defined(MBEDTLS_DEBUG_C)
+ mbedtls_debug_set_threshold(opt.debug_level);
+#endif
+
+ /* buf will alternatively contain the input read from the client and the
+ * response that's about to be sent, plus a null byte in each case. */
+ size_t buf_content_size = opt.buffer_size;
+ /* The default response contains the ciphersuite name. Leave enough
+ * room for that plus some margin. */
+ if (buf_content_size < strlen(HTTP_RESPONSE) + 80) {
+ buf_content_size = strlen(HTTP_RESPONSE) + 80;
+ }
+ if (opt.response_size != DFL_RESPONSE_SIZE &&
+ buf_content_size < (size_t) opt.response_size) {
+ buf_content_size = opt.response_size;
+ }
+ buf = mbedtls_calloc(1, buf_content_size + 1);
+ if (buf == NULL) {
+ mbedtls_printf("Could not allocate %lu bytes\n",
+ (unsigned long) buf_content_size + 1);
+ ret = 3;
+ goto exit;
+ }
+
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ if (opt.psk_opaque != 0) {
+ if (strlen(opt.psk) == 0) {
+ mbedtls_printf("psk_opaque set but no psk to be imported specified.\n");
+ ret = 2;
+ goto usage;
+ }
+
+ if (opt.force_ciphersuite[0] <= 0) {
+ mbedtls_printf(
+ "opaque PSKs are only supported in conjunction with forcing TLS 1.2 and a PSK-only ciphersuite through the 'force_ciphersuite' option.\n");
+ ret = 2;
+ goto usage;
+ }
+ }
+
+ if (opt.psk_list_opaque != 0) {
+ if (opt.psk_list == NULL) {
+ mbedtls_printf("psk_slot set but no psk to be imported specified.\n");
+ ret = 2;
+ goto usage;
+ }
+
+ if (opt.force_ciphersuite[0] <= 0) {
+ mbedtls_printf(
+ "opaque PSKs are only supported in conjunction with forcing TLS 1.2 and a PSK-only ciphersuite through the 'force_ciphersuite' option.\n");
+ ret = 2;
+ goto usage;
+ }
+ }
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+
+ if (opt.force_ciphersuite[0] > 0) {
+ const mbedtls_ssl_ciphersuite_t *ciphersuite_info;
+ ciphersuite_info =
+ mbedtls_ssl_ciphersuite_from_id(opt.force_ciphersuite[0]);
+
+ if (opt.max_version != -1 &&
+ ciphersuite_info->min_tls_version > opt.max_version) {
+ mbedtls_printf("forced ciphersuite not allowed with this protocol version\n");
+ ret = 2;
+ goto usage;
+ }
+ if (opt.min_version != -1 &&
+ ciphersuite_info->max_tls_version < opt.min_version) {
+ mbedtls_printf("forced ciphersuite not allowed with this protocol version\n");
+ ret = 2;
+ goto usage;
+ }
+
+ /* If we select a version that's not supported by
+ * this suite, then there will be no common ciphersuite... */
+ if (opt.max_version == -1 ||
+ opt.max_version > ciphersuite_info->max_tls_version) {
+ opt.max_version = ciphersuite_info->max_tls_version;
+ }
+ if (opt.min_version < ciphersuite_info->min_tls_version) {
+ opt.min_version = ciphersuite_info->min_tls_version;
+ }
+
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED)
+ if (opt.psk_opaque != 0 || opt.psk_list_opaque != 0) {
+ /* Determine KDF algorithm the opaque PSK will be used in. */
+#if defined(MBEDTLS_MD_CAN_SHA384)
+ if (ciphersuite_info->mac == MBEDTLS_MD_SHA384) {
+ alg = PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_384);
+ } else
+#endif /* MBEDTLS_MD_CAN_SHA384 */
+ alg = PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_256);
+ }
+#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED */
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+ }
+
+#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
+ if (mbedtls_test_unhexify(cid, sizeof(cid),
+ opt.cid_val, &cid_len) != 0) {
+ mbedtls_printf("CID not valid hex\n");
+ goto exit;
+ }
+
+ /* Keep CID settings for renegotiation unless
+ * specified otherwise. */
+ if (opt.cid_enabled_renego == DFL_CID_ENABLED_RENEGO) {
+ opt.cid_enabled_renego = opt.cid_enabled;
+ }
+ if (opt.cid_val_renego == DFL_CID_VALUE_RENEGO) {
+ opt.cid_val_renego = opt.cid_val;
+ }
+
+ if (mbedtls_test_unhexify(cid_renego, sizeof(cid_renego),
+ opt.cid_val_renego, &cid_renego_len) != 0) {
+ mbedtls_printf("CID not valid hex\n");
+ goto exit;
+ }
+#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
+
+#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED)
+ /*
+ * Unhexify the pre-shared key and parse the list if any given
+ */
+ if (mbedtls_test_unhexify(psk, sizeof(psk),
+ opt.psk, &psk_len) != 0) {
+ mbedtls_printf("pre-shared key not valid hex\n");
+ goto exit;
+ }
+
+ if (opt.psk_list != NULL) {
+ if ((psk_info = psk_parse(opt.psk_list)) == NULL) {
+ mbedtls_printf("psk_list invalid");
+ goto exit;
+ }
+ }
+#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED */
+
+ if (opt.groups != NULL) {
+ if (parse_groups(opt.groups, group_list, GROUP_LIST_SIZE) != 0) {
+ goto exit;
+ }
+ }
+
+#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
+ if (opt.sig_algs != NULL) {
+ p = (char *) opt.sig_algs;
+ i = 0;
+
+ /* Leave room for a final MBEDTLS_TLS1_3_SIG_NONE in signature algorithm list (sig_alg_list). */
+ while (i < SIG_ALG_LIST_SIZE - 1 && *p != '\0') {
+ q = p;
+
+ /* Terminate the current string */
+ while (*p != ',' && *p != '\0') {
+ p++;
+ }
+ if (*p == ',') {
+ *p++ = '\0';
+ }
+
+ if (strcmp(q, "rsa_pkcs1_sha256") == 0) {
+ sig_alg_list[i++] = MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA256;
+ } else if (strcmp(q, "rsa_pkcs1_sha384") == 0) {
+ sig_alg_list[i++] = MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA384;
+ } else if (strcmp(q, "rsa_pkcs1_sha512") == 0) {
+ sig_alg_list[i++] = MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA512;
+ } else if (strcmp(q, "ecdsa_secp256r1_sha256") == 0) {
+ sig_alg_list[i++] = MBEDTLS_TLS1_3_SIG_ECDSA_SECP256R1_SHA256;
+ } else if (strcmp(q, "ecdsa_secp384r1_sha384") == 0) {
+ sig_alg_list[i++] = MBEDTLS_TLS1_3_SIG_ECDSA_SECP384R1_SHA384;
+ } else if (strcmp(q, "ecdsa_secp521r1_sha512") == 0) {
+ sig_alg_list[i++] = MBEDTLS_TLS1_3_SIG_ECDSA_SECP521R1_SHA512;
+ } else if (strcmp(q, "rsa_pss_rsae_sha256") == 0) {
+ sig_alg_list[i++] = MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA256;
+ } else if (strcmp(q, "rsa_pss_rsae_sha384") == 0) {
+ sig_alg_list[i++] = MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA384;
+ } else if (strcmp(q, "rsa_pss_rsae_sha512") == 0) {
+ sig_alg_list[i++] = MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA512;
+ } else if (strcmp(q, "ed25519") == 0) {
+ sig_alg_list[i++] = MBEDTLS_TLS1_3_SIG_ED25519;
+ } else if (strcmp(q, "ed448") == 0) {
+ sig_alg_list[i++] = MBEDTLS_TLS1_3_SIG_ED448;
+ } else if (strcmp(q, "rsa_pss_pss_sha256") == 0) {
+ sig_alg_list[i++] = MBEDTLS_TLS1_3_SIG_RSA_PSS_PSS_SHA256;
+ } else if (strcmp(q, "rsa_pss_pss_sha384") == 0) {
+ sig_alg_list[i++] = MBEDTLS_TLS1_3_SIG_RSA_PSS_PSS_SHA384;
+ } else if (strcmp(q, "rsa_pss_pss_sha512") == 0) {
+ sig_alg_list[i++] = MBEDTLS_TLS1_3_SIG_RSA_PSS_PSS_SHA512;
+ } else if (strcmp(q, "rsa_pkcs1_sha1") == 0) {
+ sig_alg_list[i++] = MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA1;
+ } else if (strcmp(q, "ecdsa_sha1") == 0) {
+ sig_alg_list[i++] = MBEDTLS_TLS1_3_SIG_ECDSA_SHA1;
+ } else {
+ ret = -1;
+ mbedtls_printf("unknown signature algorithm \"%s\"\n", q);
+ mbedtls_print_supported_sig_algs();
+ goto exit;
+ }
+ }
+
+ if (i == (SIG_ALG_LIST_SIZE - 1) && *p != '\0') {
+ mbedtls_printf("signature algorithm list too long, maximum %d",
+ SIG_ALG_LIST_SIZE - 1);
+ goto exit;
+ }
+
+ sig_alg_list[i] = MBEDTLS_TLS1_3_SIG_NONE;
+ }
+#endif
+
+#if defined(MBEDTLS_SSL_ALPN)
+ if (opt.alpn_string != NULL) {
+ p = (char *) opt.alpn_string;
+ i = 0;
+
+ /* Leave room for a final NULL in alpn_list */
+ while (i < ALPN_LIST_SIZE - 1 && *p != '\0') {
+ alpn_list[i++] = p;
+
+ /* Terminate the current string and move on to next one */
+ while (*p != ',' && *p != '\0') {
+ p++;
+ }
+ if (*p == ',') {
+ *p++ = '\0';
+ }
+ }
+ }
+#endif /* MBEDTLS_SSL_ALPN */
+
+ mbedtls_printf("build version: %s (build %d)\n",
+ MBEDTLS_VERSION_STRING_FULL, MBEDTLS_VERSION_NUMBER);
+
+ /*
+ * 0. Initialize the RNG and the session data
+ */
+ mbedtls_printf("\n . Seeding the random number generator...");
+ fflush(stdout);
+
+ ret = rng_seed(&rng, opt.reproducible, pers);
+ if (ret != 0) {
+ goto exit;
+ }
+ mbedtls_printf(" ok\n");
+
+#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
+ /*
+ * 1.1. Load the trusted CA
+ */
+ mbedtls_printf(" . Loading the CA root certificate ...");
+ fflush(stdout);
+
+ if (strcmp(opt.ca_path, "none") == 0 ||
+ strcmp(opt.ca_file, "none") == 0) {
+ ret = 0;
+ } else
+#if defined(MBEDTLS_FS_IO)
+ if (strlen(opt.ca_path)) {
+ ret = mbedtls_x509_crt_parse_path(&cacert, opt.ca_path);
+ } else if (strlen(opt.ca_file)) {
+ ret = mbedtls_x509_crt_parse_file(&cacert, opt.ca_file);
+ } else
+#endif
+ {
+#if defined(MBEDTLS_PEM_PARSE_C)
+ for (i = 0; mbedtls_test_cas[i] != NULL; i++) {
+ ret = mbedtls_x509_crt_parse(&cacert,
+ (const unsigned char *) mbedtls_test_cas[i],
+ mbedtls_test_cas_len[i]);
+ if (ret != 0) {
+ break;
+ }
+ }
+#endif /* MBEDTLS_PEM_PARSE_C */
+ if (ret == 0) {
+ for (i = 0; mbedtls_test_cas_der[i] != NULL; i++) {
+ ret = mbedtls_x509_crt_parse_der(&cacert,
+ (const unsigned char *) mbedtls_test_cas_der[i],
+ mbedtls_test_cas_der_len[i]);
+ if (ret != 0) {
+ break;
+ }
+ }
+ }
+ }
+ if (ret < 0) {
+ mbedtls_printf(" failed\n ! mbedtls_x509_crt_parse returned -0x%x\n\n",
+ (unsigned int) -ret);
+ goto exit;
+ }
+
+ mbedtls_printf(" ok (%d skipped)\n", ret);
+
+ /*
+ * 1.2. Load own certificate and private key
+ */
+ mbedtls_printf(" . Loading the server cert. and key...");
+ fflush(stdout);
+
+#if defined(MBEDTLS_FS_IO)
+ if (strlen(opt.crt_file) && strcmp(opt.crt_file, "none") != 0) {
+ key_cert_init++;
+ if ((ret = mbedtls_x509_crt_parse_file(&srvcert, opt.crt_file)) != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_x509_crt_parse_file returned -0x%x\n\n",
+ (unsigned int) -ret);
+ goto exit;
+ }
+ }
+ if (strlen(opt.key_file) && strcmp(opt.key_file, "none") != 0) {
+ key_cert_init++;
+ if ((ret = mbedtls_pk_parse_keyfile(&pkey, opt.key_file,
+ opt.key_pwd, rng_get, &rng)) != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_pk_parse_keyfile returned -0x%x\n\n",
+ (unsigned int) -ret);
+ goto exit;
+ }
+ }
+ if (key_cert_init == 1) {
+ mbedtls_printf(" failed\n ! crt_file without key_file or vice-versa\n\n");
+ goto exit;
+ }
+
+ if (strlen(opt.crt_file2) && strcmp(opt.crt_file2, "none") != 0) {
+ key_cert_init2++;
+ if ((ret = mbedtls_x509_crt_parse_file(&srvcert2, opt.crt_file2)) != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_x509_crt_parse_file(2) returned -0x%x\n\n",
+ (unsigned int) -ret);
+ goto exit;
+ }
+ }
+ if (strlen(opt.key_file2) && strcmp(opt.key_file2, "none") != 0) {
+ key_cert_init2++;
+ if ((ret = mbedtls_pk_parse_keyfile(&pkey2, opt.key_file2,
+ opt.key_pwd2, rng_get, &rng)) != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_pk_parse_keyfile(2) returned -0x%x\n\n",
+ (unsigned int) -ret);
+ goto exit;
+ }
+ }
+ if (key_cert_init2 == 1) {
+ mbedtls_printf(" failed\n ! crt_file2 without key_file2 or vice-versa\n\n");
+ goto exit;
+ }
+#endif
+ if (key_cert_init == 0 &&
+ strcmp(opt.crt_file, "none") != 0 &&
+ strcmp(opt.key_file, "none") != 0 &&
+ key_cert_init2 == 0 &&
+ strcmp(opt.crt_file2, "none") != 0 &&
+ strcmp(opt.key_file2, "none") != 0) {
+#if defined(MBEDTLS_RSA_C)
+ if ((ret = mbedtls_x509_crt_parse(&srvcert,
+ (const unsigned char *) mbedtls_test_srv_crt_rsa,
+ mbedtls_test_srv_crt_rsa_len)) != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_x509_crt_parse returned -0x%x\n\n",
+ (unsigned int) -ret);
+ goto exit;
+ }
+ if ((ret = mbedtls_pk_parse_key(&pkey,
+ (const unsigned char *) mbedtls_test_srv_key_rsa,
+ mbedtls_test_srv_key_rsa_len, NULL, 0,
+ rng_get, &rng)) != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_pk_parse_key returned -0x%x\n\n",
+ (unsigned int) -ret);
+ goto exit;
+ }
+ key_cert_init = 2;
+#endif /* MBEDTLS_RSA_C */
+#if defined(MBEDTLS_PK_CAN_ECDSA_SOME)
+ if ((ret = mbedtls_x509_crt_parse(&srvcert2,
+ (const unsigned char *) mbedtls_test_srv_crt_ec,
+ mbedtls_test_srv_crt_ec_len)) != 0) {
+ mbedtls_printf(" failed\n ! x509_crt_parse2 returned -0x%x\n\n",
+ (unsigned int) -ret);
+ goto exit;
+ }
+ if ((ret = mbedtls_pk_parse_key(&pkey2,
+ (const unsigned char *) mbedtls_test_srv_key_ec,
+ mbedtls_test_srv_key_ec_len, NULL, 0,
+ rng_get, &rng)) != 0) {
+ mbedtls_printf(" failed\n ! pk_parse_key2 returned -0x%x\n\n",
+ (unsigned int) -ret);
+ goto exit;
+ }
+ key_cert_init2 = 2;
+#endif /* MBEDTLS_PK_CAN_ECDSA_SOME */
+ }
+
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ if (opt.key_opaque != 0) {
+ psa_algorithm_t psa_alg, psa_alg2 = PSA_ALG_NONE;
+ psa_key_usage_t psa_usage = 0;
+
+ if (key_opaque_set_alg_usage(opt.key1_opaque_alg1,
+ opt.key1_opaque_alg2,
+ &psa_alg, &psa_alg2,
+ &psa_usage,
+ mbedtls_pk_get_type(&pkey)) == 0) {
+ ret = pk_wrap_as_opaque(&pkey, psa_alg, psa_alg2, psa_usage, &key_slot);
+ if (ret != 0) {
+ mbedtls_printf(" failed\n ! "
+ "pk_wrap_as_opaque returned -0x%x\n\n",
+ (unsigned int) -ret);
+ goto exit;
+ }
+ }
+
+ psa_alg = PSA_ALG_NONE; psa_alg2 = PSA_ALG_NONE;
+ psa_usage = 0;
+
+ if (key_opaque_set_alg_usage(opt.key2_opaque_alg1,
+ opt.key2_opaque_alg2,
+ &psa_alg, &psa_alg2,
+ &psa_usage,
+ mbedtls_pk_get_type(&pkey2)) == 0) {
+ ret = pk_wrap_as_opaque(&pkey2, psa_alg, psa_alg2, psa_usage, &key_slot2);
+ if (ret != 0) {
+ mbedtls_printf(" failed\n ! "
+ "mbedtls_pk_get_psa_attributes returned -0x%x\n\n",
+ (unsigned int) -ret);
+ goto exit;
+ }
+ }
+ }
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+
+ mbedtls_printf(" ok (key types: %s, %s)\n",
+ key_cert_init ? mbedtls_pk_get_name(&pkey) : "none",
+ key_cert_init2 ? mbedtls_pk_get_name(&pkey2) : "none");
+#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */
+
+#if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_FS_IO)
+ if (opt.dhm_file != NULL) {
+ mbedtls_printf(" . Loading DHM parameters...");
+ fflush(stdout);
+
+ if ((ret = mbedtls_dhm_parse_dhmfile(&dhm, opt.dhm_file)) != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_dhm_parse_dhmfile returned -0x%04X\n\n",
+ (unsigned int) -ret);
+ goto exit;
+ }
+
+ mbedtls_printf(" ok\n");
+ }
+#endif
+
+#if defined(SNI_OPTION)
+ if (opt.sni != NULL) {
+ mbedtls_printf(" . Setting up SNI information...");
+ fflush(stdout);
+
+ if ((sni_info = sni_parse(opt.sni)) == NULL) {
+ mbedtls_printf(" failed\n");
+ goto exit;
+ }
+
+ mbedtls_printf(" ok\n");
+ }
+#endif /* SNI_OPTION */
+
+ /*
+ * 2. Setup stuff
+ */
+ mbedtls_printf(" . Setting up the SSL/TLS structure...");
+ fflush(stdout);
+
+ if ((ret = mbedtls_ssl_config_defaults(&conf,
+ MBEDTLS_SSL_IS_SERVER,
+ opt.transport,
+ MBEDTLS_SSL_PRESET_DEFAULT)) != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_ssl_config_defaults returned -0x%x\n\n",
+ (unsigned int) -ret);
+ goto exit;
+ }
+
+#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
+ /* The default algorithms profile disables SHA-1, but our tests still
+ rely on it heavily. Hence we allow it here. A real-world server
+ should use the default profile unless there is a good reason not to. */
+ if (opt.allow_sha1 > 0) {
+ crt_profile_for_test.allowed_mds |= MBEDTLS_X509_ID_FLAG(MBEDTLS_MD_SHA1);
+ mbedtls_ssl_conf_cert_profile(&conf, &crt_profile_for_test);
+ mbedtls_ssl_conf_sig_algs(&conf, ssl_sig_algs_for_test);
+ }
+#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */
+
+ if (opt.auth_mode != DFL_AUTH_MODE) {
+ mbedtls_ssl_conf_authmode(&conf, opt.auth_mode);
+ }
+
+ if (opt.cert_req_ca_list != DFL_CERT_REQ_CA_LIST) {
+ mbedtls_ssl_conf_cert_req_ca_list(&conf, opt.cert_req_ca_list);
+ }
+
+#if defined(MBEDTLS_SSL_EARLY_DATA)
+ if (opt.early_data != DFL_EARLY_DATA) {
+ mbedtls_ssl_conf_early_data(&conf, opt.early_data);
+ }
+ if (opt.max_early_data_size != DFL_MAX_EARLY_DATA_SIZE) {
+ mbedtls_ssl_conf_max_early_data_size(
+ &conf, opt.max_early_data_size);
+ }
+#endif /* MBEDTLS_SSL_EARLY_DATA */
+
+#if defined(MBEDTLS_KEY_EXCHANGE_CERT_REQ_ALLOWED_ENABLED)
+ /* exercise setting DN hints for server certificate request
+ * (Intended for use where the client cert expected has been signed by
+ * a specific CA which is an intermediate in a CA chain, not the root) */
+ if (opt.cert_req_dn_hint == 2 && key_cert_init2) {
+ mbedtls_ssl_conf_dn_hints(&conf, &srvcert2);
+ }
+#endif
+
+#if defined(MBEDTLS_SSL_PROTO_DTLS)
+ if (opt.hs_to_min != DFL_HS_TO_MIN || opt.hs_to_max != DFL_HS_TO_MAX) {
+ mbedtls_ssl_conf_handshake_timeout(&conf, opt.hs_to_min, opt.hs_to_max);
+ }
+
+ if (opt.dgram_packing != DFL_DGRAM_PACKING) {
+ mbedtls_ssl_set_datagram_packing(&ssl, opt.dgram_packing);
+ }
+#endif /* MBEDTLS_SSL_PROTO_DTLS */
+
+#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
+ if ((ret = mbedtls_ssl_conf_max_frag_len(&conf, opt.mfl_code)) != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_ssl_conf_max_frag_len returned %d\n\n", ret);
+ goto exit;
+ }
+#endif
+
+#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
+ if (opt.cid_enabled == 1 || opt.cid_enabled_renego == 1) {
+ if (opt.cid_enabled == 1 &&
+ opt.cid_enabled_renego == 1 &&
+ cid_len != cid_renego_len) {
+ mbedtls_printf("CID length must not change during renegotiation\n");
+ goto usage;
+ }
+
+ if (opt.cid_enabled == 1) {
+ ret = mbedtls_ssl_conf_cid(&conf, cid_len,
+ MBEDTLS_SSL_UNEXPECTED_CID_IGNORE);
+ } else {
+ ret = mbedtls_ssl_conf_cid(&conf, cid_renego_len,
+ MBEDTLS_SSL_UNEXPECTED_CID_IGNORE);
+ }
+
+ if (ret != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_ssl_conf_cid_len returned -%#04x\n\n",
+ (unsigned int) -ret);
+ goto exit;
+ }
+ }
+#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
+
+#if defined(MBEDTLS_SSL_DTLS_SRTP)
+ const mbedtls_ssl_srtp_profile forced_profile[] =
+ { opt.force_srtp_profile, MBEDTLS_TLS_SRTP_UNSET };
+ if (opt.use_srtp == 1) {
+ if (opt.force_srtp_profile != 0) {
+ ret = mbedtls_ssl_conf_dtls_srtp_protection_profiles(&conf, forced_profile);
+ } else {
+ ret = mbedtls_ssl_conf_dtls_srtp_protection_profiles(&conf, default_profiles);
+ }
+
+ if (ret != 0) {
+ mbedtls_printf(
+ " failed\n ! mbedtls_ssl_conf_dtls_srtp_protection_profiles returned %d\n\n",
+ ret);
+ goto exit;
+ }
+
+ mbedtls_ssl_conf_srtp_mki_value_supported(&conf,
+ opt.support_mki ?
+ MBEDTLS_SSL_DTLS_SRTP_MKI_SUPPORTED :
+ MBEDTLS_SSL_DTLS_SRTP_MKI_UNSUPPORTED);
+
+ } else if (opt.force_srtp_profile != 0) {
+ mbedtls_printf(" failed\n ! must enable use_srtp to force srtp profile\n\n");
+ goto exit;
+ }
+#endif /* MBEDTLS_SSL_DTLS_SRTP */
+
+#if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET)
+ if (opt.extended_ms != DFL_EXTENDED_MS) {
+ mbedtls_ssl_conf_extended_master_secret(&conf, opt.extended_ms);
+ }
+#endif
+
+#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
+ if (opt.etm != DFL_ETM) {
+ mbedtls_ssl_conf_encrypt_then_mac(&conf, opt.etm);
+ }
+#endif
+
+#if defined(MBEDTLS_SSL_ALPN)
+ if (opt.alpn_string != NULL) {
+ if ((ret = mbedtls_ssl_conf_alpn_protocols(&conf, alpn_list)) != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_ssl_conf_alpn_protocols returned %d\n\n", ret);
+ goto exit;
+ }
+ }
+#endif
+
+ if (opt.reproducible) {
+#if defined(MBEDTLS_HAVE_TIME)
+#if defined(MBEDTLS_PLATFORM_TIME_ALT)
+ mbedtls_platform_set_time(dummy_constant_time);
+#else
+ fprintf(stderr, "Warning: reproducible option used without constant time\n");
+#endif
+#endif /* MBEDTLS_HAVE_TIME */
+ }
+ mbedtls_ssl_conf_rng(&conf, rng_get, &rng);
+ mbedtls_ssl_conf_dbg(&conf, my_debug, stdout);
+
+#if defined(MBEDTLS_SSL_CACHE_C)
+ if (opt.cache_max != -1) {
+ mbedtls_ssl_cache_set_max_entries(&cache, opt.cache_max);
+ }
+
+#if defined(MBEDTLS_HAVE_TIME)
+ if (opt.cache_timeout != -1) {
+ mbedtls_ssl_cache_set_timeout(&cache, opt.cache_timeout);
+ }
+#endif
+
+ mbedtls_ssl_conf_session_cache(&conf, &cache,
+ mbedtls_ssl_cache_get,
+ mbedtls_ssl_cache_set);
+#endif
+
+#if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_TICKET_C)
+ if (opt.tickets != MBEDTLS_SSL_SESSION_TICKETS_DISABLED) {
+#if defined(MBEDTLS_HAVE_TIME)
+ if (opt.dummy_ticket) {
+ mbedtls_ssl_conf_session_tickets_cb(&conf,
+ dummy_ticket_write,
+ dummy_ticket_parse,
+ NULL);
+ } else
+#endif /* MBEDTLS_HAVE_TIME */
+ {
+ if ((ret = mbedtls_ssl_ticket_setup(&ticket_ctx,
+ rng_get, &rng,
+ opt.ticket_aead,
+ opt.ticket_timeout)) != 0) {
+ mbedtls_printf(
+ " failed\n ! mbedtls_ssl_ticket_setup returned %d\n\n",
+ ret);
+ goto exit;
+ }
+
+ mbedtls_ssl_conf_session_tickets_cb(&conf,
+ mbedtls_ssl_ticket_write,
+ mbedtls_ssl_ticket_parse,
+ &ticket_ctx);
+ }
+
+#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
+ mbedtls_ssl_conf_new_session_tickets(&conf, opt.tickets);
+#endif
+ /* exercise manual ticket rotation (not required for typical use)
+ * (used for external synchronization of session ticket encryption keys)
+ */
+ if (opt.ticket_rotate) {
+ unsigned char kbuf[MBEDTLS_SSL_TICKET_MAX_KEY_BYTES];
+ unsigned char name[MBEDTLS_SSL_TICKET_KEY_NAME_BYTES];
+ if ((ret = rng_get(&rng, name, sizeof(name))) != 0 ||
+ (ret = rng_get(&rng, kbuf, sizeof(kbuf))) != 0 ||
+ (ret = mbedtls_ssl_ticket_rotate(&ticket_ctx,
+ name, sizeof(name), kbuf, sizeof(kbuf),
+ opt.ticket_timeout)) != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_ssl_ticket_rotate returned %d\n\n", ret);
+ goto exit;
+ }
+ }
+ }
+#endif
+
+#if defined(MBEDTLS_SSL_PROTO_DTLS)
+ if (opt.transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) {
+#if defined(MBEDTLS_SSL_COOKIE_C)
+ if (opt.cookies > 0) {
+ if ((ret = mbedtls_ssl_cookie_setup(&cookie_ctx,
+ rng_get, &rng)) != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_ssl_cookie_setup returned %d\n\n", ret);
+ goto exit;
+ }
+
+ mbedtls_ssl_conf_dtls_cookies(&conf, mbedtls_ssl_cookie_write, mbedtls_ssl_cookie_check,
+ &cookie_ctx);
+ } else
+#endif /* MBEDTLS_SSL_COOKIE_C */
+#if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY)
+ if (opt.cookies == 0) {
+ mbedtls_ssl_conf_dtls_cookies(&conf, NULL, NULL, NULL);
+ } else
+#endif /* MBEDTLS_SSL_DTLS_HELLO_VERIFY */
+ {
+ ; /* Nothing to do */
+ }
+
+#if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY)
+ if (opt.anti_replay != DFL_ANTI_REPLAY) {
+ mbedtls_ssl_conf_dtls_anti_replay(&conf, opt.anti_replay);
+ }
+#endif
+
+ if (opt.badmac_limit != DFL_BADMAC_LIMIT) {
+ mbedtls_ssl_conf_dtls_badmac_limit(&conf, opt.badmac_limit);
+ }
+ }
+#endif /* MBEDTLS_SSL_PROTO_DTLS */
+
+ if (opt.force_ciphersuite[0] != DFL_FORCE_CIPHER) {
+ mbedtls_ssl_conf_ciphersuites(&conf, opt.force_ciphersuite);
+ }
+
+#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
+ mbedtls_ssl_conf_tls13_key_exchange_modes(&conf, opt.tls13_kex_modes);
+#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
+
+ if (opt.allow_legacy != DFL_ALLOW_LEGACY) {
+ mbedtls_ssl_conf_legacy_renegotiation(&conf, opt.allow_legacy);
+ }
+#if defined(MBEDTLS_SSL_RENEGOTIATION)
+ mbedtls_ssl_conf_renegotiation(&conf, opt.renegotiation);
+
+ if (opt.renego_delay != DFL_RENEGO_DELAY) {
+ mbedtls_ssl_conf_renegotiation_enforced(&conf, opt.renego_delay);
+ }
+
+ if (opt.renego_period != DFL_RENEGO_PERIOD) {
+ PUT_UINT64_BE(renego_period, opt.renego_period, 0);
+ mbedtls_ssl_conf_renegotiation_period(&conf, renego_period);
+ }
+#endif
+
+#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
+ if (strcmp(opt.ca_path, "none") != 0 &&
+ strcmp(opt.ca_file, "none") != 0) {
+#if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK)
+ if (opt.ca_callback != 0) {
+ mbedtls_ssl_conf_ca_cb(&conf, ca_callback, &cacert);
+ } else
+#endif
+ mbedtls_ssl_conf_ca_chain(&conf, &cacert, NULL);
+ }
+ if (key_cert_init) {
+ mbedtls_pk_context *pk = &pkey;
+#if defined(MBEDTLS_SSL_ASYNC_PRIVATE)
+ if (opt.async_private_delay1 >= 0) {
+ ret = ssl_async_set_key(&ssl_async_keys, &srvcert, pk, 0,
+ opt.async_private_delay1);
+ if (ret < 0) {
+ mbedtls_printf(" Test error: ssl_async_set_key failed (%d)\n",
+ ret);
+ goto exit;
+ }
+ pk = NULL;
+ }
+#endif /* MBEDTLS_SSL_ASYNC_PRIVATE */
+ if ((ret = mbedtls_ssl_conf_own_cert(&conf, &srvcert, pk)) != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_ssl_conf_own_cert returned %d\n\n", ret);
+ goto exit;
+ }
+ }
+ if (key_cert_init2) {
+ mbedtls_pk_context *pk = &pkey2;
+#if defined(MBEDTLS_SSL_ASYNC_PRIVATE)
+ if (opt.async_private_delay2 >= 0) {
+ ret = ssl_async_set_key(&ssl_async_keys, &srvcert2, pk, 0,
+ opt.async_private_delay2);
+ if (ret < 0) {
+ mbedtls_printf(" Test error: ssl_async_set_key failed (%d)\n",
+ ret);
+ goto exit;
+ }
+ pk = NULL;
+ }
+#endif /* MBEDTLS_SSL_ASYNC_PRIVATE */
+ if ((ret = mbedtls_ssl_conf_own_cert(&conf, &srvcert2, pk)) != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_ssl_conf_own_cert returned %d\n\n", ret);
+ goto exit;
+ }
+ }
+
+#if defined(MBEDTLS_SSL_ASYNC_PRIVATE)
+ if (opt.async_operations[0] != '-') {
+ mbedtls_ssl_async_sign_t *sign = NULL;
+ mbedtls_ssl_async_decrypt_t *decrypt = NULL;
+ const char *r;
+ for (r = opt.async_operations; *r; r++) {
+ switch (*r) {
+ case 'd':
+ decrypt = ssl_async_decrypt;
+ break;
+ case 's':
+ sign = ssl_async_sign;
+ break;
+ }
+ }
+ ssl_async_keys.inject_error = (opt.async_private_error < 0 ?
+ -opt.async_private_error :
+ opt.async_private_error);
+ ssl_async_keys.f_rng = rng_get;
+ ssl_async_keys.p_rng = &rng;
+ mbedtls_ssl_conf_async_private_cb(&conf,
+ sign,
+ decrypt,
+ ssl_async_resume,
+ ssl_async_cancel,
+ &ssl_async_keys);
+ }
+#endif /* MBEDTLS_SSL_ASYNC_PRIVATE */
+#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */
+
+#if defined(SNI_OPTION)
+ if (opt.sni != NULL) {
+ mbedtls_ssl_conf_sni(&conf, sni_callback, sni_info);
+ mbedtls_ssl_conf_cert_cb(&conf, cert_callback);
+#if defined(MBEDTLS_SSL_ASYNC_PRIVATE)
+ if (opt.async_private_delay2 >= 0) {
+ sni_entry *cur;
+ for (cur = sni_info; cur != NULL; cur = cur->next) {
+ ret = ssl_async_set_key(&ssl_async_keys,
+ cur->cert, cur->key, 1,
+ opt.async_private_delay2);
+ if (ret < 0) {
+ mbedtls_printf(" Test error: ssl_async_set_key failed (%d)\n",
+ ret);
+ goto exit;
+ }
+ cur->key = NULL;
+ }
+ }
+#endif /* MBEDTLS_SSL_ASYNC_PRIVATE */
+ }
+#endif
+
+#if defined(MBEDTLS_PK_HAVE_ECC_KEYS) || \
+ (defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_EPHEMERAL_ENABLED) && \
+ defined(PSA_WANT_ALG_FFDH))
+ if (opt.groups != NULL &&
+ strcmp(opt.groups, "default") != 0) {
+ mbedtls_ssl_conf_groups(&conf, group_list);
+ }
+#endif
+
+#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
+ if (opt.sig_algs != NULL) {
+ mbedtls_ssl_conf_sig_algs(&conf, sig_alg_list);
+ }
+#endif
+
+#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED)
+
+ if (strlen(opt.psk) != 0 && strlen(opt.psk_identity) != 0) {
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ if (opt.psk_opaque != 0) {
+ /* The algorithm has already been determined earlier. */
+ status = psa_setup_psk_key_slot(&psk_slot, alg, psk, psk_len);
+ if (status != PSA_SUCCESS) {
+ fprintf(stderr, "SETUP FAIL\n");
+ ret = MBEDTLS_ERR_SSL_HW_ACCEL_FAILED;
+ goto exit;
+ }
+ if ((ret = mbedtls_ssl_conf_psk_opaque(&conf, psk_slot,
+ (const unsigned char *) opt.psk_identity,
+ strlen(opt.psk_identity))) != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_ssl_conf_psk_opaque returned %d\n\n",
+ ret);
+ goto exit;
+ }
+ } else
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+ if (psk_len > 0) {
+ ret = mbedtls_ssl_conf_psk(&conf, psk, psk_len,
+ (const unsigned char *) opt.psk_identity,
+ strlen(opt.psk_identity));
+ if (ret != 0) {
+ mbedtls_printf(" failed\n mbedtls_ssl_conf_psk returned -0x%04X\n\n",
+ (unsigned int) -ret);
+ goto exit;
+ }
+ }
+ }
+
+ if (opt.psk_list != NULL) {
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ if (opt.psk_list_opaque != 0) {
+ psk_entry *cur_psk;
+ for (cur_psk = psk_info; cur_psk != NULL; cur_psk = cur_psk->next) {
+
+ status = psa_setup_psk_key_slot(&cur_psk->slot, alg,
+ cur_psk->key,
+ cur_psk->key_len);
+ if (status != PSA_SUCCESS) {
+ ret = MBEDTLS_ERR_SSL_HW_ACCEL_FAILED;
+ goto exit;
+ }
+ }
+ }
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+
+ mbedtls_ssl_conf_psk_cb(&conf, psk_callback, psk_info);
+ }
+#endif
+
+#if defined(MBEDTLS_DHM_C)
+ /*
+ * Use different group than default DHM group
+ */
+#if defined(MBEDTLS_FS_IO)
+ if (opt.dhm_file != NULL) {
+ ret = mbedtls_ssl_conf_dh_param_ctx(&conf, &dhm);
+ }
+#endif
+ if (ret != 0) {
+ mbedtls_printf(" failed\n mbedtls_ssl_conf_dh_param returned -0x%04X\n\n",
+ (unsigned int) -ret);
+ goto exit;
+ }
+#endif
+
+ if (opt.min_version != DFL_MIN_VERSION) {
+ mbedtls_ssl_conf_min_tls_version(&conf, opt.min_version);
+ }
+
+ if (opt.max_version != DFL_MIN_VERSION) {
+ mbedtls_ssl_conf_max_tls_version(&conf, opt.max_version);
+ }
+
+ if ((ret = mbedtls_ssl_setup(&ssl, &conf)) != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_ssl_setup returned -0x%x\n\n", (unsigned int) -ret);
+ goto exit;
+ }
+
+ if (opt.eap_tls != 0) {
+ mbedtls_ssl_set_export_keys_cb(&ssl, eap_tls_key_derivation,
+ &eap_tls_keying);
+ } else if (opt.nss_keylog != 0) {
+ mbedtls_ssl_set_export_keys_cb(&ssl,
+ nss_keylog_export,
+ NULL);
+ }
+#if defined(MBEDTLS_SSL_DTLS_SRTP)
+ else if (opt.use_srtp != 0) {
+ mbedtls_ssl_set_export_keys_cb(&ssl, dtls_srtp_key_derivation,
+ &dtls_srtp_keying);
+ }
+#endif /* MBEDTLS_SSL_DTLS_SRTP */
+
+ io_ctx.ssl = &ssl;
+ io_ctx.net = &client_fd;
+ mbedtls_ssl_set_bio(&ssl, &io_ctx, send_cb, recv_cb,
+ opt.nbio == 0 ? recv_timeout_cb : NULL);
+
+#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
+ if (opt.transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) {
+ if ((ret = mbedtls_ssl_set_cid(&ssl, opt.cid_enabled,
+ cid, cid_len)) != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_ssl_set_cid returned %d\n\n",
+ ret);
+ goto exit;
+ }
+ }
+#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
+
+#if defined(MBEDTLS_SSL_PROTO_DTLS)
+ if (opt.dtls_mtu != DFL_DTLS_MTU) {
+ mbedtls_ssl_set_mtu(&ssl, opt.dtls_mtu);
+ }
+#endif
+
+#if defined(MBEDTLS_TIMING_C)
+ mbedtls_ssl_set_timer_cb(&ssl, &timer, mbedtls_timing_set_delay,
+ mbedtls_timing_get_delay);
+#endif
+
+ mbedtls_printf(" ok\n");
+
+ /*
+ * 3. Setup the listening TCP socket
+ */
+ mbedtls_printf(" . Bind on %s://%s:%s/ ...",
+ opt.transport == MBEDTLS_SSL_TRANSPORT_STREAM ? "tcp" : "udp",
+ opt.server_addr ? opt.server_addr : "*",
+ opt.server_port);
+ fflush(stdout);
+
+ if ((ret = mbedtls_net_bind(&listen_fd, opt.server_addr, opt.server_port,
+ opt.transport == MBEDTLS_SSL_TRANSPORT_STREAM ?
+ MBEDTLS_NET_PROTO_TCP : MBEDTLS_NET_PROTO_UDP)) != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_net_bind returned -0x%x\n\n", (unsigned int) -ret);
+ goto exit;
+ }
+ mbedtls_printf(" ok\n");
+
+reset:
+#if !defined(_WIN32)
+ if (received_sigterm) {
+ mbedtls_printf(" interrupted by SIGTERM (not in net_accept())\n");
+ if (ret == MBEDTLS_ERR_NET_INVALID_CONTEXT) {
+ ret = 0;
+ }
+
+ goto exit;
+ }
+#endif
+
+ if (ret == MBEDTLS_ERR_SSL_CLIENT_RECONNECT) {
+ mbedtls_printf(" ! Client initiated reconnection from same port\n");
+ goto handshake;
+ }
+
+#ifdef MBEDTLS_ERROR_C
+ if (ret != 0) {
+ char error_buf[100];
+ mbedtls_strerror(ret, error_buf, 100);
+ mbedtls_printf("Last error was: %d - %s\n\n", ret, error_buf);
+ }
+#endif
+
+ mbedtls_net_free(&client_fd);
+
+ mbedtls_ssl_session_reset(&ssl);
+
+ /*
+ * 3. Wait until a client connects
+ */
+ mbedtls_printf(" . Waiting for a remote connection ...");
+ fflush(stdout);
+
+ if ((ret = mbedtls_net_accept(&listen_fd, &client_fd,
+ client_ip, sizeof(client_ip), &cliip_len)) != 0) {
+#if !defined(_WIN32)
+ if (received_sigterm) {
+ mbedtls_printf(" interrupted by SIGTERM (in net_accept())\n");
+ if (ret == MBEDTLS_ERR_NET_ACCEPT_FAILED) {
+ ret = 0;
+ }
+
+ goto exit;
+ }
+#endif
+
+ mbedtls_printf(" failed\n ! mbedtls_net_accept returned -0x%x\n\n", (unsigned int) -ret);
+ goto exit;
+ }
+
+ if (opt.nbio > 0) {
+ ret = mbedtls_net_set_nonblock(&client_fd);
+ } else {
+ ret = mbedtls_net_set_block(&client_fd);
+ }
+ if (ret != 0) {
+ mbedtls_printf(" failed\n ! net_set_(non)block() returned -0x%x\n\n", (unsigned int) -ret);
+ goto exit;
+ }
+
+ mbedtls_ssl_conf_read_timeout(&conf, opt.read_timeout);
+
+#if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY)
+ if (opt.transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) {
+ if ((ret = mbedtls_ssl_set_client_transport_id(&ssl,
+ client_ip, cliip_len)) != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_ssl_set_client_transport_id() returned -0x%x\n\n",
+ (unsigned int) -ret);
+ goto exit;
+ }
+ }
+#endif /* MBEDTLS_SSL_DTLS_HELLO_VERIFY */
+
+#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
+ if (opt.ecjpake_pw != DFL_ECJPAKE_PW) {
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ if (opt.ecjpake_pw_opaque != DFL_ECJPAKE_PW_OPAQUE) {
+ psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
+
+ psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_DERIVE);
+ psa_set_key_algorithm(&attributes, PSA_ALG_JPAKE);
+ psa_set_key_type(&attributes, PSA_KEY_TYPE_PASSWORD);
+
+ status = psa_import_key(&attributes,
+ (const unsigned char *) opt.ecjpake_pw,
+ strlen(opt.ecjpake_pw),
+ &ecjpake_pw_slot);
+ if (status != PSA_SUCCESS) {
+ mbedtls_printf(" failed\n ! psa_import_key returned %d\n\n",
+ status);
+ goto exit;
+ }
+ if ((ret = mbedtls_ssl_set_hs_ecjpake_password_opaque(&ssl,
+ ecjpake_pw_slot)) != 0) {
+ mbedtls_printf(
+ " failed\n ! mbedtls_ssl_set_hs_ecjpake_password_opaque returned %d\n\n",
+ ret);
+ goto exit;
+ }
+ mbedtls_printf("using opaque password\n");
+ } else
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+ {
+ if ((ret = mbedtls_ssl_set_hs_ecjpake_password(&ssl,
+ (const unsigned char *) opt.ecjpake_pw,
+ strlen(opt.ecjpake_pw))) != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_ssl_set_hs_ecjpake_password returned %d\n\n",
+ ret);
+ goto exit;
+ }
+ }
+ }
+#endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
+
+#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
+#if defined(MBEDTLS_KEY_EXCHANGE_CERT_REQ_ALLOWED_ENABLED)
+ /* exercise setting DN hints for server certificate request
+ * (Intended for use where the client cert expected has been signed by
+ * a specific CA which is an intermediate in a CA chain, not the root)
+ * (Additionally, the CA choice would typically be influenced by SNI
+ * if being set per-handshake using mbedtls_ssl_set_hs_dn_hints()) */
+ if (opt.cert_req_dn_hint == 3 && key_cert_init2) {
+ mbedtls_ssl_set_hs_dn_hints(&ssl, &srvcert2);
+ }
+#endif
+#endif
+
+ mbedtls_printf(" ok\n");
+
+ /*
+ * 4. Handshake
+ */
+handshake:
+ mbedtls_printf(" . Performing the SSL/TLS handshake...");
+ fflush(stdout);
+
+ while ((ret = mbedtls_ssl_handshake(&ssl)) != 0) {
+#if defined(MBEDTLS_SSL_EARLY_DATA)
+ if (ret == MBEDTLS_ERR_SSL_RECEIVED_EARLY_DATA) {
+ memset(buf, 0, opt.buffer_size);
+ ret = mbedtls_ssl_read_early_data(&ssl, buf, opt.buffer_size);
+ if (ret > 0) {
+ buf[ret] = '\0';
+ mbedtls_printf(" %d early data bytes read\n\n%s\n",
+ ret, (char *) buf);
+ }
+ continue;
+ }
+#endif /* MBEDTLS_SSL_EARLY_DATA */
+
+#if defined(MBEDTLS_SSL_ASYNC_PRIVATE)
+ if (ret == MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS &&
+ ssl_async_keys.inject_error == SSL_ASYNC_INJECT_ERROR_CANCEL) {
+ mbedtls_printf(" cancelling on injected error\n");
+ break;
+ }
+#endif /* MBEDTLS_SSL_ASYNC_PRIVATE */
+
+ if (!mbedtls_status_is_ssl_in_progress(ret)) {
+ break;
+ }
+
+ /* For event-driven IO, wait for socket to become available */
+ if (opt.event == 1 /* level triggered IO */) {
+#if defined(MBEDTLS_TIMING_C)
+ ret = idle(&client_fd, &timer, ret);
+#else
+ ret = idle(&client_fd, ret);
+#endif
+ if (ret != 0) {
+ goto reset;
+ }
+ }
+ }
+
+ if (ret == MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED) {
+ mbedtls_printf(" hello verification requested\n");
+ ret = 0;
+ goto reset;
+ } else if (ret != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_ssl_handshake returned -0x%x\n\n",
+ (unsigned int) -ret);
+
+#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
+ if (ret == MBEDTLS_ERR_X509_CERT_VERIFY_FAILED) {
+ char vrfy_buf[512];
+ flags = mbedtls_ssl_get_verify_result(&ssl);
+
+ x509_crt_verify_info(vrfy_buf, sizeof(vrfy_buf), " ! ", flags);
+
+ mbedtls_printf("%s\n", vrfy_buf);
+ }
+#endif
+
+#if defined(MBEDTLS_SSL_ASYNC_PRIVATE)
+ if (opt.async_private_error < 0) {
+ /* Injected error only the first time round, to test reset */
+ ssl_async_keys.inject_error = SSL_ASYNC_INJECT_ERROR_NONE;
+ }
+#endif
+ goto reset;
+ } else { /* ret == 0 */
+ int suite_id = mbedtls_ssl_get_ciphersuite_id_from_ssl(&ssl);
+ const mbedtls_ssl_ciphersuite_t *ciphersuite_info;
+ ciphersuite_info = mbedtls_ssl_ciphersuite_from_id(suite_id);
+
+ mbedtls_printf(" ok\n [ Protocol is %s ]\n"
+ " [ Ciphersuite is %s ]\n"
+ " [ Key size is %u ]\n",
+ mbedtls_ssl_get_version(&ssl),
+ mbedtls_ssl_ciphersuite_get_name(ciphersuite_info),
+ (unsigned int)
+ mbedtls_ssl_ciphersuite_get_cipher_key_bitlen(ciphersuite_info));
+ }
+
+ if ((ret = mbedtls_ssl_get_record_expansion(&ssl)) >= 0) {
+ mbedtls_printf(" [ Record expansion is %d ]\n", ret);
+ } else {
+ mbedtls_printf(" [ Record expansion is unknown ]\n");
+ }
+
+#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH) || defined(MBEDTLS_SSL_RECORD_SIZE_LIMIT)
+ mbedtls_printf(" [ Maximum incoming record payload length is %u ]\n",
+ (unsigned int) mbedtls_ssl_get_max_in_record_payload(&ssl));
+ mbedtls_printf(" [ Maximum outgoing record payload length is %u ]\n",
+ (unsigned int) mbedtls_ssl_get_max_out_record_payload(&ssl));
+#endif
+
+#if defined(MBEDTLS_SSL_ALPN)
+ if (opt.alpn_string != NULL) {
+ const char *alp = mbedtls_ssl_get_alpn_protocol(&ssl);
+ mbedtls_printf(" [ Application Layer Protocol is %s ]\n",
+ alp ? alp : "(none)");
+ }
+#endif
+
+#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
+ /*
+ * 5. Verify the client certificate
+ */
+ mbedtls_printf(" . Verifying peer X.509 certificate...");
+
+ if ((flags = mbedtls_ssl_get_verify_result(&ssl)) != 0) {
+ char vrfy_buf[512];
+
+ mbedtls_printf(" failed\n");
+
+ x509_crt_verify_info(vrfy_buf, sizeof(vrfy_buf), " ! ", flags);
+ mbedtls_printf("%s\n", vrfy_buf);
+ } else {
+ mbedtls_printf(" ok\n");
+ }
+
+#if !defined(MBEDTLS_X509_REMOVE_INFO)
+ if (mbedtls_ssl_get_peer_cert(&ssl) != NULL) {
+ char crt_buf[512];
+
+ mbedtls_printf(" . Peer certificate information ...\n");
+ mbedtls_x509_crt_info(crt_buf, sizeof(crt_buf), " ",
+ mbedtls_ssl_get_peer_cert(&ssl));
+ mbedtls_printf("%s\n", crt_buf);
+ }
+#endif /* MBEDTLS_X509_REMOVE_INFO */
+#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */
+
+ if (opt.eap_tls != 0) {
+ size_t j = 0;
+
+ if ((ret = mbedtls_ssl_tls_prf(eap_tls_keying.tls_prf_type,
+ eap_tls_keying.master_secret,
+ sizeof(eap_tls_keying.master_secret),
+ eap_tls_label,
+ eap_tls_keying.randbytes,
+ sizeof(eap_tls_keying.randbytes),
+ eap_tls_keymaterial,
+ sizeof(eap_tls_keymaterial)))
+ != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_ssl_tls_prf returned -0x%x\n\n",
+ (unsigned int) -ret);
+ goto reset;
+ }
+
+ mbedtls_printf(" EAP-TLS key material is:");
+ for (j = 0; j < sizeof(eap_tls_keymaterial); j++) {
+ if (j % 8 == 0) {
+ mbedtls_printf("\n ");
+ }
+ mbedtls_printf("%02x ", eap_tls_keymaterial[j]);
+ }
+ mbedtls_printf("\n");
+
+ if ((ret = mbedtls_ssl_tls_prf(eap_tls_keying.tls_prf_type, NULL, 0,
+ eap_tls_label,
+ eap_tls_keying.randbytes,
+ sizeof(eap_tls_keying.randbytes),
+ eap_tls_iv,
+ sizeof(eap_tls_iv))) != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_ssl_tls_prf returned -0x%x\n\n",
+ (unsigned int) -ret);
+ goto reset;
+ }
+
+ mbedtls_printf(" EAP-TLS IV is:");
+ for (j = 0; j < sizeof(eap_tls_iv); j++) {
+ if (j % 8 == 0) {
+ mbedtls_printf("\n ");
+ }
+ mbedtls_printf("%02x ", eap_tls_iv[j]);
+ }
+ mbedtls_printf("\n");
+ }
+
+#if defined(MBEDTLS_SSL_DTLS_SRTP)
+ else if (opt.use_srtp != 0) {
+ size_t j = 0;
+ mbedtls_dtls_srtp_info dtls_srtp_negotiation_result;
+ mbedtls_ssl_get_dtls_srtp_negotiation_result(&ssl, &dtls_srtp_negotiation_result);
+
+ if (dtls_srtp_negotiation_result.chosen_dtls_srtp_profile
+ == MBEDTLS_TLS_SRTP_UNSET) {
+ mbedtls_printf(" Unable to negotiate "
+ "the use of DTLS-SRTP\n");
+ } else {
+ if ((ret = mbedtls_ssl_tls_prf(dtls_srtp_keying.tls_prf_type,
+ dtls_srtp_keying.master_secret,
+ sizeof(dtls_srtp_keying.master_secret),
+ dtls_srtp_label,
+ dtls_srtp_keying.randbytes,
+ sizeof(dtls_srtp_keying.randbytes),
+ dtls_srtp_key_material,
+ sizeof(dtls_srtp_key_material)))
+ != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_ssl_tls_prf returned -0x%x\n\n",
+ (unsigned int) -ret);
+ goto exit;
+ }
+
+ mbedtls_printf(" DTLS-SRTP key material is:");
+ for (j = 0; j < sizeof(dtls_srtp_key_material); j++) {
+ if (j % 8 == 0) {
+ mbedtls_printf("\n ");
+ }
+ mbedtls_printf("%02x ", dtls_srtp_key_material[j]);
+ }
+ mbedtls_printf("\n");
+
+ /* produce a less readable output used to perform automatic checks
+ * - compare client and server output
+ * - interop test with openssl which client produces this kind of output
+ */
+ mbedtls_printf(" Keying material: ");
+ for (j = 0; j < sizeof(dtls_srtp_key_material); j++) {
+ mbedtls_printf("%02X", dtls_srtp_key_material[j]);
+ }
+ mbedtls_printf("\n");
+
+ if (dtls_srtp_negotiation_result.mki_len > 0) {
+ mbedtls_printf(" DTLS-SRTP mki value: ");
+ for (j = 0; j < dtls_srtp_negotiation_result.mki_len; j++) {
+ mbedtls_printf("%02X", dtls_srtp_negotiation_result.mki_value[j]);
+ }
+ } else {
+ mbedtls_printf(" DTLS-SRTP no mki value negotiated");
+ }
+ mbedtls_printf("\n");
+
+ }
+ }
+#endif /* MBEDTLS_SSL_DTLS_SRTP */
+
+#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
+ ret = report_cid_usage(&ssl, "initial handshake");
+ if (ret != 0) {
+ goto exit;
+ }
+
+ if (opt.transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) {
+ if ((ret = mbedtls_ssl_set_cid(&ssl, opt.cid_enabled_renego,
+ cid_renego, cid_renego_len)) != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_ssl_set_cid returned %d\n\n",
+ ret);
+ goto exit;
+ }
+ }
+#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
+
+#if defined(MBEDTLS_MEMORY_DEBUG)
+ mbedtls_memory_buffer_alloc_cur_get(¤t_heap_memory, &heap_blocks);
+ mbedtls_memory_buffer_alloc_max_get(&peak_heap_memory, &heap_blocks);
+ mbedtls_printf("Heap memory usage after handshake: %lu bytes. Peak memory usage was %lu\n",
+ (unsigned long) current_heap_memory, (unsigned long) peak_heap_memory);
+#endif /* MBEDTLS_MEMORY_DEBUG */
+
+ if (opt.exchanges == 0) {
+ goto close_notify;
+ }
+
+ exchanges_left = opt.exchanges;
+data_exchange:
+ /*
+ * 6. Read the HTTP Request
+ */
+ mbedtls_printf(" < Read from client:");
+ fflush(stdout);
+
+ /*
+ * TLS and DTLS need different reading styles (stream vs datagram)
+ */
+ if (opt.transport == MBEDTLS_SSL_TRANSPORT_STREAM) {
+ do {
+ int terminated = 0;
+ len = opt.buffer_size;
+ memset(buf, 0, opt.buffer_size);
+ ret = mbedtls_ssl_read(&ssl, buf, len);
+
+ if (mbedtls_status_is_ssl_in_progress(ret)) {
+ if (opt.event == 1 /* level triggered IO */) {
+#if defined(MBEDTLS_TIMING_C)
+ idle(&client_fd, &timer, ret);
+#else
+ idle(&client_fd, ret);
+#endif
+ }
+
+ continue;
+ }
+
+ if (ret <= 0) {
+ switch (ret) {
+ case MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY:
+ mbedtls_printf(" connection was closed gracefully\n");
+ goto close_notify;
+
+ case 0:
+ case MBEDTLS_ERR_NET_CONN_RESET:
+ mbedtls_printf(" connection was reset by peer\n");
+ ret = MBEDTLS_ERR_NET_CONN_RESET;
+ goto reset;
+
+ default:
+ mbedtls_printf(" mbedtls_ssl_read returned -0x%x\n", (unsigned int) -ret);
+ goto reset;
+ }
+ }
+
+ if (mbedtls_ssl_get_bytes_avail(&ssl) == 0) {
+ len = ret;
+ buf[len] = '\0';
+ mbedtls_printf(" %d bytes read\n\n%s\n", len, (char *) buf);
+
+ /* End of message should be detected according to the syntax of the
+ * application protocol (eg HTTP), just use a dummy test here. */
+ if (buf[len - 1] == '\n') {
+ terminated = 1;
+ }
+ } else {
+ int extra_len, ori_len;
+ unsigned char *larger_buf;
+
+ ori_len = ret;
+ extra_len = (int) mbedtls_ssl_get_bytes_avail(&ssl);
+
+ larger_buf = mbedtls_calloc(1, ori_len + extra_len + 1);
+ if (larger_buf == NULL) {
+ mbedtls_printf(" ! memory allocation failed\n");
+ ret = 1;
+ goto reset;
+ }
+
+ memset(larger_buf, 0, ori_len + extra_len);
+ memcpy(larger_buf, buf, ori_len);
+
+ /* This read should never fail and get the whole cached data */
+ ret = mbedtls_ssl_read(&ssl, larger_buf + ori_len, extra_len);
+ if (ret != extra_len ||
+ mbedtls_ssl_get_bytes_avail(&ssl) != 0) {
+ mbedtls_printf(" ! mbedtls_ssl_read failed on cached data\n");
+ ret = 1;
+ goto reset;
+ }
+
+ larger_buf[ori_len + extra_len] = '\0';
+ mbedtls_printf(" %d bytes read (%d + %d)\n\n%s\n",
+ ori_len + extra_len, ori_len, extra_len,
+ (char *) larger_buf);
+
+ /* End of message should be detected according to the syntax of the
+ * application protocol (eg HTTP), just use a dummy test here. */
+ if (larger_buf[ori_len + extra_len - 1] == '\n') {
+ terminated = 1;
+ }
+
+ mbedtls_free(larger_buf);
+ }
+
+ if (terminated) {
+ ret = 0;
+ break;
+ }
+ } while (1);
+ } else { /* Not stream, so datagram */
+ len = opt.buffer_size;
+ memset(buf, 0, opt.buffer_size);
+
+ do {
+ /* Without the call to `mbedtls_ssl_check_pending`, it might
+ * happen that the client sends application data in the same
+ * datagram as the Finished message concluding the handshake.
+ * In this case, the application data would be ready to be
+ * processed while the underlying transport wouldn't signal
+ * any further incoming data.
+ *
+ * See the test 'Event-driven I/O: session-id resume, UDP packing'
+ * in tests/ssl-opt.sh.
+ */
+
+ /* For event-driven IO, wait for socket to become available */
+ if (mbedtls_ssl_check_pending(&ssl) == 0 &&
+ opt.event == 1 /* level triggered IO */) {
+#if defined(MBEDTLS_TIMING_C)
+ idle(&client_fd, &timer, MBEDTLS_ERR_SSL_WANT_READ);
+#else
+ idle(&client_fd, MBEDTLS_ERR_SSL_WANT_READ);
+#endif
+ }
+
+ ret = mbedtls_ssl_read(&ssl, buf, len);
+
+ /* Note that even if `mbedtls_ssl_check_pending` returns true,
+ * it can happen that the subsequent call to `mbedtls_ssl_read`
+ * returns `MBEDTLS_ERR_SSL_WANT_READ`, because the pending messages
+ * might be discarded (e.g. because they are retransmissions). */
+ } while (mbedtls_status_is_ssl_in_progress(ret));
+
+ if (ret <= 0) {
+ switch (ret) {
+ case MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY:
+ mbedtls_printf(" connection was closed gracefully\n");
+ goto close_notify;
+
+ default:
+ mbedtls_printf(" mbedtls_ssl_read returned -0x%x\n", (unsigned int) -ret);
+ goto reset;
+ }
+ }
+
+ len = ret;
+ buf[len] = '\0';
+ mbedtls_printf(" %d bytes read\n\n%s", len, (char *) buf);
+ ret = 0;
+ }
+
+ /*
+ * 7a. Request renegotiation while client is waiting for input from us.
+ * (only on the first exchange, to be able to test retransmission)
+ */
+#if defined(MBEDTLS_SSL_RENEGOTIATION)
+ if (opt.renegotiate && exchanges_left == opt.exchanges) {
+ mbedtls_printf(" . Requestion renegotiation...");
+ fflush(stdout);
+
+ while ((ret = mbedtls_ssl_renegotiate(&ssl)) != 0) {
+ if (!mbedtls_status_is_ssl_in_progress(ret)) {
+ mbedtls_printf(" failed\n ! mbedtls_ssl_renegotiate returned %d\n\n", ret);
+ goto reset;
+ }
+
+ /* For event-driven IO, wait for socket to become available */
+ if (opt.event == 1 /* level triggered IO */) {
+#if defined(MBEDTLS_TIMING_C)
+ idle(&client_fd, &timer, ret);
+#else
+ idle(&client_fd, ret);
+#endif
+ }
+ }
+
+ mbedtls_printf(" ok\n");
+ }
+#endif /* MBEDTLS_SSL_RENEGOTIATION */
+
+#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
+ ret = report_cid_usage(&ssl, "after renegotiation");
+ if (ret != 0) {
+ goto exit;
+ }
+#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
+
+ /*
+ * 7. Write the 200 Response
+ */
+ mbedtls_printf(" > Write to client:");
+ fflush(stdout);
+
+ /* If the format of the response changes, make sure there is enough
+ * room in buf (buf_content_size calculation above). */
+ len = sprintf((char *) buf, HTTP_RESPONSE,
+ mbedtls_ssl_get_ciphersuite(&ssl));
+
+ /* Add padding to the response to reach opt.response_size in length */
+ if (opt.response_size != DFL_RESPONSE_SIZE &&
+ len < opt.response_size) {
+ memset(buf + len, 'B', opt.response_size - len);
+ len += opt.response_size - len;
+ }
+
+ /* Truncate if response size is smaller than the "natural" size */
+ if (opt.response_size != DFL_RESPONSE_SIZE &&
+ len > opt.response_size) {
+ len = opt.response_size;
+
+ /* Still end with \r\n unless that's really not possible */
+ if (len >= 2) {
+ buf[len - 2] = '\r';
+ }
+ if (len >= 1) {
+ buf[len - 1] = '\n';
+ }
+ }
+
+ if (opt.transport == MBEDTLS_SSL_TRANSPORT_STREAM) {
+ for (written = 0, frags = 0; written < len; written += ret, frags++) {
+ while ((ret = mbedtls_ssl_write(&ssl, buf + written, len - written))
+ <= 0) {
+ if (ret == MBEDTLS_ERR_NET_CONN_RESET) {
+ mbedtls_printf(" failed\n ! peer closed the connection\n\n");
+ goto reset;
+ }
+
+ if (!mbedtls_status_is_ssl_in_progress(ret)) {
+ mbedtls_printf(" failed\n ! mbedtls_ssl_write returned %d\n\n", ret);
+ goto reset;
+ }
+
+ /* For event-driven IO, wait for socket to become available */
+ if (opt.event == 1 /* level triggered IO */) {
+#if defined(MBEDTLS_TIMING_C)
+ idle(&client_fd, &timer, ret);
+#else
+ idle(&client_fd, ret);
+#endif
+ }
+ }
+ }
+ } else { /* Not stream, so datagram */
+ while (1) {
+ ret = mbedtls_ssl_write(&ssl, buf, len);
+
+ if (!mbedtls_status_is_ssl_in_progress(ret)) {
+ break;
+ }
+
+ /* For event-driven IO, wait for socket to become available */
+ if (opt.event == 1 /* level triggered IO */) {
+#if defined(MBEDTLS_TIMING_C)
+ idle(&client_fd, &timer, ret);
+#else
+ idle(&client_fd, ret);
+#endif
+ }
+ }
+
+ if (ret < 0) {
+ mbedtls_printf(" failed\n ! mbedtls_ssl_write returned %d\n\n", ret);
+ goto reset;
+ }
+
+ frags = 1;
+ written = ret;
+ }
+
+ buf[written] = '\0';
+ mbedtls_printf(" %d bytes written in %d fragments\n\n%s\n", written, frags, (char *) buf);
+ ret = 0;
+
+ /*
+ * 7b. Simulate serialize/deserialize and go back to data exchange
+ */
+#if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION)
+ if (opt.serialize != 0) {
+ size_t buf_len;
+
+ mbedtls_printf(" . Serializing live connection...");
+
+ ret = mbedtls_ssl_context_save(&ssl, NULL, 0, &buf_len);
+ if (ret != MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL) {
+ mbedtls_printf(" failed\n ! mbedtls_ssl_context_save returned "
+ "-0x%x\n\n", (unsigned int) -ret);
+
+ goto exit;
+ }
+
+ if ((context_buf = mbedtls_calloc(1, buf_len)) == NULL) {
+ mbedtls_printf(" failed\n ! Couldn't allocate buffer for "
+ "serialized context");
+
+ goto exit;
+ }
+ context_buf_len = buf_len;
+
+ if ((ret = mbedtls_ssl_context_save(&ssl, context_buf,
+ buf_len, &buf_len)) != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_ssl_context_save returned "
+ "-0x%x\n\n", (unsigned int) -ret);
+
+ goto exit;
+ }
+
+ mbedtls_printf(" ok\n");
+
+ /* Save serialized context to the 'opt.context_file' as a base64 code */
+ if (0 < strlen(opt.context_file)) {
+ FILE *b64_file;
+ uint8_t *b64_buf;
+ size_t b64_len;
+
+ mbedtls_printf(" . Save serialized context to a file... ");
+
+ mbedtls_base64_encode(NULL, 0, &b64_len, context_buf, buf_len);
+
+ if ((b64_buf = mbedtls_calloc(1, b64_len)) == NULL) {
+ mbedtls_printf("failed\n ! Couldn't allocate buffer for "
+ "the base64 code\n");
+ goto exit;
+ }
+
+ if ((ret = mbedtls_base64_encode(b64_buf, b64_len, &b64_len,
+ context_buf, buf_len)) != 0) {
+ mbedtls_printf("failed\n ! mbedtls_base64_encode returned "
+ "-0x%x\n", (unsigned int) -ret);
+ mbedtls_free(b64_buf);
+ goto exit;
+ }
+
+ if ((b64_file = fopen(opt.context_file, "w")) == NULL) {
+ mbedtls_printf("failed\n ! Cannot open '%s' for writing.\n",
+ opt.context_file);
+ mbedtls_free(b64_buf);
+ goto exit;
+ }
+
+ if (b64_len != fwrite(b64_buf, 1, b64_len, b64_file)) {
+ mbedtls_printf("failed\n ! fwrite(%ld bytes) failed\n",
+ (long) b64_len);
+ mbedtls_free(b64_buf);
+ fclose(b64_file);
+ goto exit;
+ }
+
+ mbedtls_free(b64_buf);
+ fclose(b64_file);
+
+ mbedtls_printf("ok\n");
+ }
+
+ /*
+ * This simulates a workflow where you have a long-lived server
+ * instance, potentially with a pool of ssl_context objects, and you
+ * just want to re-use one while the connection is inactive: in that
+ * case you can just reset() it, and then it's ready to receive
+ * serialized data from another connection (or the same here).
+ */
+ if (opt.serialize == 1) {
+ /* nothing to do here, done by context_save() already */
+ mbedtls_printf(" . Context has been reset... ok\n");
+ }
+
+ /*
+ * This simulates a workflow where you have one server instance per
+ * connection, and want to release it entire when the connection is
+ * inactive, and spawn it again when needed again - this would happen
+ * between ssl_free() and ssl_init() below, together with any other
+ * teardown/startup code needed - for example, preparing the
+ * ssl_config again (see section 3 "setup stuff" in this file).
+ */
+ if (opt.serialize == 2) {
+ mbedtls_printf(" . Freeing and reinitializing context...");
+
+ mbedtls_ssl_free(&ssl);
+
+ mbedtls_ssl_init(&ssl);
+
+ if ((ret = mbedtls_ssl_setup(&ssl, &conf)) != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_ssl_setup returned "
+ "-0x%x\n\n", (unsigned int) -ret);
+ goto exit;
+ }
+
+ /*
+ * This illustrates the minimum amount of things you need to set
+ * up, however you could set up much more if desired, for example
+ * if you want to share your set up code between the case of
+ * establishing a new connection and this case.
+ */
+ if (opt.nbio == 2) {
+ mbedtls_ssl_set_bio(&ssl, &client_fd, delayed_send,
+ delayed_recv, NULL);
+ } else {
+ mbedtls_ssl_set_bio(&ssl, &client_fd, mbedtls_net_send,
+ mbedtls_net_recv,
+ opt.nbio == 0 ? mbedtls_net_recv_timeout : NULL);
+ }
+
+#if defined(MBEDTLS_TIMING_C)
+ mbedtls_ssl_set_timer_cb(&ssl, &timer,
+ mbedtls_timing_set_delay,
+ mbedtls_timing_get_delay);
+#endif /* MBEDTLS_TIMING_C */
+
+ mbedtls_printf(" ok\n");
+ }
+
+ mbedtls_printf(" . Deserializing connection...");
+
+ if ((ret = mbedtls_ssl_context_load(&ssl, context_buf,
+ buf_len)) != 0) {
+ mbedtls_printf("failed\n ! mbedtls_ssl_context_load returned "
+ "-0x%x\n\n", (unsigned int) -ret);
+
+ goto exit;
+ }
+
+ mbedtls_free(context_buf);
+ context_buf = NULL;
+ context_buf_len = 0;
+
+ mbedtls_printf(" ok\n");
+ }
+#endif /* MBEDTLS_SSL_CONTEXT_SERIALIZATION */
+
+ /*
+ * 7c. Continue doing data exchanges?
+ */
+ if (--exchanges_left > 0) {
+ goto data_exchange;
+ }
+
+ /*
+ * 8. Done, cleanly close the connection
+ */
+close_notify:
+ mbedtls_printf(" . Closing the connection...");
+
+ /* No error checking, the connection might be closed already */
+ do {
+ ret = mbedtls_ssl_close_notify(&ssl);
+ } while (ret == MBEDTLS_ERR_SSL_WANT_WRITE);
+ ret = 0;
+
+ mbedtls_printf(" done\n");
+
+#if defined(MBEDTLS_SSL_CACHE_C)
+ if (opt.cache_remove > 0) {
+ mbedtls_ssl_cache_remove(&cache, ssl.session->id, ssl.session->id_len);
+ }
+#endif
+
+ goto reset;
+
+ /*
+ * Cleanup and exit
+ */
+exit:
+#ifdef MBEDTLS_ERROR_C
+ if (ret != 0) {
+ char error_buf[100];
+ mbedtls_strerror(ret, error_buf, 100);
+ mbedtls_printf("Last error was: -0x%X - %s\n\n", (unsigned int) -ret, error_buf);
+ }
+#endif
+
+ if (opt.query_config_mode == DFL_QUERY_CONFIG_MODE) {
+ mbedtls_printf(" . Cleaning up...");
+ fflush(stdout);
+ }
+
+ mbedtls_net_free(&client_fd);
+ mbedtls_net_free(&listen_fd);
+
+ mbedtls_ssl_free(&ssl);
+ mbedtls_ssl_config_free(&conf);
+
+#if defined(MBEDTLS_SSL_CACHE_C)
+ mbedtls_ssl_cache_free(&cache);
+#endif
+#if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_TICKET_C)
+ mbedtls_ssl_ticket_free(&ticket_ctx);
+#endif
+#if defined(MBEDTLS_SSL_COOKIE_C)
+ mbedtls_ssl_cookie_free(&cookie_ctx);
+#endif
+
+#if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION)
+ if (context_buf != NULL) {
+ mbedtls_platform_zeroize(context_buf, context_buf_len);
+ }
+ mbedtls_free(context_buf);
+#endif
+
+#if defined(SNI_OPTION)
+ sni_free(sni_info);
+#endif
+
+#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED)
+ ret = psk_free(psk_info);
+ if ((ret != 0) && (opt.query_config_mode == DFL_QUERY_CONFIG_MODE)) {
+ mbedtls_printf("Failed to list of opaque PSKs - error was %d\n", ret);
+ }
+#endif
+
+#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
+ mbedtls_x509_crt_free(&cacert);
+ mbedtls_x509_crt_free(&srvcert);
+ mbedtls_pk_free(&pkey);
+ mbedtls_x509_crt_free(&srvcert2);
+ mbedtls_pk_free(&pkey2);
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ psa_destroy_key(key_slot);
+ psa_destroy_key(key_slot2);
+#endif
+#endif
+
+#if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_FS_IO)
+ mbedtls_dhm_free(&dhm);
+#endif
+
+#if defined(MBEDTLS_SSL_ASYNC_PRIVATE)
+ for (i = 0; (size_t) i < ssl_async_keys.slots_used; i++) {
+ if (ssl_async_keys.slots[i].pk_owned) {
+ mbedtls_pk_free(ssl_async_keys.slots[i].pk);
+ mbedtls_free(ssl_async_keys.slots[i].pk);
+ ssl_async_keys.slots[i].pk = NULL;
+ }
+ }
+#endif
+
+#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED) && \
+ defined(MBEDTLS_USE_PSA_CRYPTO)
+ if (opt.psk_opaque != 0) {
+ /* This is ok even if the slot hasn't been
+ * initialized (we might have jumed here
+ * immediately because of bad cmd line params,
+ * for example). */
+ status = psa_destroy_key(psk_slot);
+ if ((status != PSA_SUCCESS) &&
+ (opt.query_config_mode == DFL_QUERY_CONFIG_MODE)) {
+ mbedtls_printf("Failed to destroy key slot %u - error was %d",
+ (unsigned) MBEDTLS_SVC_KEY_ID_GET_KEY_ID(psk_slot),
+ (int) status);
+ }
+ }
+#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED &&
+ MBEDTLS_USE_PSA_CRYPTO */
+
+#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) && \
+ defined(MBEDTLS_USE_PSA_CRYPTO)
+ /*
+ * In case opaque keys it's the user responsibility to keep the key valid
+ * for the duration of the handshake and destroy it at the end
+ */
+ if ((opt.ecjpake_pw_opaque != DFL_ECJPAKE_PW_OPAQUE)) {
+ psa_key_attributes_t check_attributes = PSA_KEY_ATTRIBUTES_INIT;
+
+ /* Verify that the key is still valid before destroying it */
+ if (psa_get_key_attributes(ecjpake_pw_slot, &check_attributes) !=
+ PSA_SUCCESS) {
+ if (ret == 0) {
+ ret = 1;
+ }
+ mbedtls_printf("The EC J-PAKE password key has unexpectedly been already destroyed\n");
+ } else {
+ psa_destroy_key(ecjpake_pw_slot);
+ }
+ }
+#endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED && MBEDTLS_USE_PSA_CRYPTO */
+
+#if defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3)
+ const char *message = mbedtls_test_helper_is_psa_leaking();
+ if (message) {
+ if (ret == 0) {
+ ret = 1;
+ }
+ mbedtls_printf("PSA memory leak detected: %s\n", message);
+ }
+#endif
+
+ /* For builds with MBEDTLS_TEST_USE_PSA_CRYPTO_RNG psa crypto
+ * resources are freed by rng_free(). */
+#if (defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3)) \
+ && !defined(MBEDTLS_TEST_USE_PSA_CRYPTO_RNG)
+ mbedtls_psa_crypto_free();
+#endif
+
+ rng_free(&rng);
+
+ mbedtls_free(buf);
+
+#if defined(MBEDTLS_TEST_HOOKS)
+ /* Let test hooks detect errors such as resource leaks.
+ * Don't do it in query_config mode, because some test code prints
+ * information to stdout and this gets mixed with the regular output. */
+ if (opt.query_config_mode == DFL_QUERY_CONFIG_MODE) {
+ if (test_hooks_failure_detected()) {
+ if (ret == 0) {
+ ret = 1;
+ }
+ mbedtls_printf("Test hooks detected errors.\n");
+ }
+ }
+ test_hooks_free();
+#endif /* MBEDTLS_TEST_HOOKS */
+
+#if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C)
+#if defined(MBEDTLS_MEMORY_DEBUG)
+ mbedtls_memory_buffer_alloc_status();
+#endif
+ mbedtls_memory_buffer_alloc_free();
+#endif /* MBEDTLS_MEMORY_BUFFER_ALLOC_C */
+
+ if (opt.query_config_mode == DFL_QUERY_CONFIG_MODE) {
+ mbedtls_printf(" done.\n");
+ }
+
+ // Shell can not handle large exit numbers -> 1 for errors
+ if (ret < 0) {
+ ret = 1;
+ }
+
+ if (opt.query_config_mode == DFL_QUERY_CONFIG_MODE) {
+ mbedtls_exit(ret);
+ } else {
+ mbedtls_exit(query_config_ret);
+ }
+}
+#endif /* !MBEDTLS_SSL_TEST_IMPOSSIBLE && MBEDTLS_SSL_SRV_C */
diff --git a/programs/ssl/ssl_test_common_source.c b/programs/ssl/ssl_test_common_source.c
new file mode 100644
index 0000000..1ff2077
--- /dev/null
+++ b/programs/ssl/ssl_test_common_source.c
@@ -0,0 +1,375 @@
+/*
+ * Common source code for SSL test programs. This file is included by
+ * both ssl_client2.c and ssl_server2.c and is intended for source
+ * code that is textually identical in both programs, but that cannot be
+ * compiled separately because it refers to types or macros that are
+ * different in the two programs, or because it would have an incomplete
+ * type.
+ *
+ * This file is meant to be #include'd and cannot be compiled separately.
+ *
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ */
+
+void eap_tls_key_derivation(void *p_expkey,
+ mbedtls_ssl_key_export_type secret_type,
+ const unsigned char *secret,
+ size_t secret_len,
+ const unsigned char client_random[32],
+ const unsigned char server_random[32],
+ mbedtls_tls_prf_types tls_prf_type)
+{
+ eap_tls_keys *keys = (eap_tls_keys *) p_expkey;
+
+ /* We're only interested in the TLS 1.2 master secret */
+ if (secret_type != MBEDTLS_SSL_KEY_EXPORT_TLS12_MASTER_SECRET) {
+ return;
+ }
+ if (secret_len != sizeof(keys->master_secret)) {
+ return;
+ }
+
+ memcpy(keys->master_secret, secret, sizeof(keys->master_secret));
+ memcpy(keys->randbytes, client_random, 32);
+ memcpy(keys->randbytes + 32, server_random, 32);
+ keys->tls_prf_type = tls_prf_type;
+}
+
+void nss_keylog_export(void *p_expkey,
+ mbedtls_ssl_key_export_type secret_type,
+ const unsigned char *secret,
+ size_t secret_len,
+ const unsigned char client_random[32],
+ const unsigned char server_random[32],
+ mbedtls_tls_prf_types tls_prf_type)
+{
+ char nss_keylog_line[200];
+ size_t const client_random_len = 32;
+ size_t len = 0;
+ size_t j;
+
+ /* We're only interested in the TLS 1.2 master secret */
+ if (secret_type != MBEDTLS_SSL_KEY_EXPORT_TLS12_MASTER_SECRET) {
+ return;
+ }
+
+ ((void) p_expkey);
+ ((void) server_random);
+ ((void) tls_prf_type);
+
+ len += sprintf(nss_keylog_line + len,
+ "%s", "CLIENT_RANDOM ");
+
+ for (j = 0; j < client_random_len; j++) {
+ len += sprintf(nss_keylog_line + len,
+ "%02x", client_random[j]);
+ }
+
+ len += sprintf(nss_keylog_line + len, " ");
+
+ for (j = 0; j < secret_len; j++) {
+ len += sprintf(nss_keylog_line + len,
+ "%02x", secret[j]);
+ }
+
+ len += sprintf(nss_keylog_line + len, "\n");
+ nss_keylog_line[len] = '\0';
+
+ mbedtls_printf("\n");
+ mbedtls_printf("---------------- NSS KEYLOG -----------------\n");
+ mbedtls_printf("%s", nss_keylog_line);
+ mbedtls_printf("---------------------------------------------\n");
+
+ if (opt.nss_keylog_file != NULL) {
+ FILE *f;
+
+ if ((f = fopen(opt.nss_keylog_file, "a")) == NULL) {
+ goto exit;
+ }
+
+ /* Ensure no stdio buffering of secrets, as such buffers cannot be
+ * wiped. */
+ mbedtls_setbuf(f, NULL);
+
+ if (fwrite(nss_keylog_line, 1, len, f) != len) {
+ fclose(f);
+ goto exit;
+ }
+
+ fclose(f);
+ }
+
+exit:
+ mbedtls_platform_zeroize(nss_keylog_line,
+ sizeof(nss_keylog_line));
+}
+
+#if defined(MBEDTLS_SSL_DTLS_SRTP)
+void dtls_srtp_key_derivation(void *p_expkey,
+ mbedtls_ssl_key_export_type secret_type,
+ const unsigned char *secret,
+ size_t secret_len,
+ const unsigned char client_random[32],
+ const unsigned char server_random[32],
+ mbedtls_tls_prf_types tls_prf_type)
+{
+ dtls_srtp_keys *keys = (dtls_srtp_keys *) p_expkey;
+
+ /* We're only interested in the TLS 1.2 master secret */
+ if (secret_type != MBEDTLS_SSL_KEY_EXPORT_TLS12_MASTER_SECRET) {
+ return;
+ }
+ if (secret_len != sizeof(keys->master_secret)) {
+ return;
+ }
+
+ memcpy(keys->master_secret, secret, sizeof(keys->master_secret));
+ memcpy(keys->randbytes, client_random, 32);
+ memcpy(keys->randbytes + 32, server_random, 32);
+ keys->tls_prf_type = tls_prf_type;
+}
+#endif /* MBEDTLS_SSL_DTLS_SRTP */
+
+int ssl_check_record(mbedtls_ssl_context const *ssl,
+ unsigned char const *buf, size_t len)
+{
+ int my_ret = 0, ret_cr1, ret_cr2;
+ unsigned char *tmp_buf;
+
+ /* Record checking may modify the input buffer,
+ * so make a copy. */
+ tmp_buf = mbedtls_calloc(1, len);
+ if (tmp_buf == NULL) {
+ return MBEDTLS_ERR_SSL_ALLOC_FAILED;
+ }
+ memcpy(tmp_buf, buf, len);
+
+ ret_cr1 = mbedtls_ssl_check_record(ssl, tmp_buf, len);
+ if (ret_cr1 != MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE) {
+ /* Test-only: Make sure that mbedtls_ssl_check_record()
+ * doesn't alter state. */
+ memcpy(tmp_buf, buf, len); /* Restore buffer */
+ ret_cr2 = mbedtls_ssl_check_record(ssl, tmp_buf, len);
+ if (ret_cr2 != ret_cr1) {
+ mbedtls_printf("mbedtls_ssl_check_record() returned inconsistent results.\n");
+ my_ret = -1;
+ goto cleanup;
+ }
+
+ switch (ret_cr1) {
+ case 0:
+ break;
+
+ case MBEDTLS_ERR_SSL_INVALID_RECORD:
+ if (opt.debug_level > 1) {
+ mbedtls_printf("mbedtls_ssl_check_record() detected invalid record.\n");
+ }
+ break;
+
+ case MBEDTLS_ERR_SSL_INVALID_MAC:
+ if (opt.debug_level > 1) {
+ mbedtls_printf("mbedtls_ssl_check_record() detected unauthentic record.\n");
+ }
+ break;
+
+ case MBEDTLS_ERR_SSL_UNEXPECTED_RECORD:
+ if (opt.debug_level > 1) {
+ mbedtls_printf("mbedtls_ssl_check_record() detected unexpected record.\n");
+ }
+ break;
+
+ default:
+ mbedtls_printf("mbedtls_ssl_check_record() failed fatally with -%#04x.\n",
+ (unsigned int) -ret_cr1);
+ my_ret = -1;
+ goto cleanup;
+ }
+
+ /* Regardless of the outcome, forward the record to the stack. */
+ }
+
+cleanup:
+ mbedtls_free(tmp_buf);
+
+ return my_ret;
+}
+
+int recv_cb(void *ctx, unsigned char *buf, size_t len)
+{
+ io_ctx_t *io_ctx = (io_ctx_t *) ctx;
+ size_t recv_len;
+ int ret;
+
+ if (opt.nbio == 2) {
+ ret = delayed_recv(io_ctx->net, buf, len);
+ } else {
+ ret = mbedtls_net_recv(io_ctx->net, buf, len);
+ }
+ if (ret < 0) {
+ return ret;
+ }
+ recv_len = (size_t) ret;
+
+ if (opt.transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) {
+ /* Here's the place to do any datagram/record checking
+ * in between receiving the packet from the underlying
+ * transport and passing it on to the TLS stack. */
+ if (ssl_check_record(io_ctx->ssl, buf, recv_len) != 0) {
+ return -1;
+ }
+ }
+
+ return (int) recv_len;
+}
+
+int recv_timeout_cb(void *ctx, unsigned char *buf, size_t len,
+ uint32_t timeout)
+{
+ io_ctx_t *io_ctx = (io_ctx_t *) ctx;
+ int ret;
+ size_t recv_len;
+
+ ret = mbedtls_net_recv_timeout(io_ctx->net, buf, len, timeout);
+ if (ret < 0) {
+ return ret;
+ }
+ recv_len = (size_t) ret;
+
+ if (opt.transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) {
+ /* Here's the place to do any datagram/record checking
+ * in between receiving the packet from the underlying
+ * transport and passing it on to the TLS stack. */
+ if (ssl_check_record(io_ctx->ssl, buf, recv_len) != 0) {
+ return -1;
+ }
+ }
+
+ return (int) recv_len;
+}
+
+int send_cb(void *ctx, unsigned char const *buf, size_t len)
+{
+ io_ctx_t *io_ctx = (io_ctx_t *) ctx;
+
+ if (opt.nbio == 2) {
+ return delayed_send(io_ctx->net, buf, len);
+ }
+
+ return mbedtls_net_send(io_ctx->net, buf, len);
+}
+
+#if defined(MBEDTLS_X509_CRT_PARSE_C)
+#if defined(MBEDTLS_PK_CAN_ECDSA_SOME) && defined(MBEDTLS_RSA_C)
+#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
+/*
+ * When GnuTLS/Openssl server is configured in TLS 1.2 mode with a certificate
+ * declaring an RSA public key and Mbed TLS is configured in hybrid mode, if
+ * `rsa_pss_rsae_*` algorithms are before `rsa_pkcs1_*` ones in this list then
+ * the GnuTLS/Openssl server chooses an `rsa_pss_rsae_*` signature algorithm
+ * for its signature in the key exchange message. As Mbed TLS 1.2 does not
+ * support them, the handshake fails.
+ */
+#define MBEDTLS_SSL_SIG_ALG(hash) ((hash << 8) | MBEDTLS_SSL_SIG_ECDSA), \
+ ((hash << 8) | MBEDTLS_SSL_SIG_RSA), \
+ (0x800 | hash),
+#else
+#define MBEDTLS_SSL_SIG_ALG(hash) ((hash << 8) | MBEDTLS_SSL_SIG_ECDSA), \
+ ((hash << 8) | MBEDTLS_SSL_SIG_RSA),
+#endif
+#elif defined(MBEDTLS_PK_CAN_ECDSA_SOME)
+#define MBEDTLS_SSL_SIG_ALG(hash) ((hash << 8) | MBEDTLS_SSL_SIG_ECDSA),
+#elif defined(MBEDTLS_RSA_C)
+#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
+/* See above */
+#define MBEDTLS_SSL_SIG_ALG(hash) ((hash << 8) | MBEDTLS_SSL_SIG_RSA), \
+ (0x800 | hash),
+#else
+#define MBEDTLS_SSL_SIG_ALG(hash) ((hash << 8) | MBEDTLS_SSL_SIG_RSA),
+#endif
+#else
+#define MBEDTLS_SSL_SIG_ALG(hash)
+#endif
+
+uint16_t ssl_sig_algs_for_test[] = {
+#if defined(MBEDTLS_MD_CAN_SHA512)
+ MBEDTLS_SSL_SIG_ALG(MBEDTLS_SSL_HASH_SHA512)
+#endif
+#if defined(MBEDTLS_MD_CAN_SHA384)
+ MBEDTLS_SSL_SIG_ALG(MBEDTLS_SSL_HASH_SHA384)
+#endif
+#if defined(MBEDTLS_MD_CAN_SHA256)
+ MBEDTLS_SSL_SIG_ALG(MBEDTLS_SSL_HASH_SHA256)
+#endif
+#if defined(MBEDTLS_MD_CAN_SHA224)
+ MBEDTLS_SSL_SIG_ALG(MBEDTLS_SSL_HASH_SHA224)
+#endif
+#if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_MD_CAN_SHA256)
+ MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA256,
+#endif /* MBEDTLS_RSA_C && MBEDTLS_MD_CAN_SHA256 */
+#if defined(MBEDTLS_MD_CAN_SHA1)
+ /* Allow SHA-1 as we use it extensively in tests. */
+ MBEDTLS_SSL_SIG_ALG(MBEDTLS_SSL_HASH_SHA1)
+#endif
+ MBEDTLS_TLS1_3_SIG_NONE
+};
+#endif /* MBEDTLS_X509_CRT_PARSE_C */
+
+#if defined(MBEDTLS_X509_CRT_PARSE_C)
+/** Functionally equivalent to mbedtls_x509_crt_verify_info, see that function
+ * for more info.
+ */
+int x509_crt_verify_info(char *buf, size_t size, const char *prefix,
+ uint32_t flags)
+{
+#if !defined(MBEDTLS_X509_REMOVE_INFO)
+ return mbedtls_x509_crt_verify_info(buf, size, prefix, flags);
+
+#else /* !MBEDTLS_X509_REMOVE_INFO */
+ int ret;
+ char *p = buf;
+ size_t n = size;
+
+#define X509_CRT_ERROR_INFO(err, err_str, info) \
+ if ((flags & err) != 0) \
+ { \
+ ret = mbedtls_snprintf(p, n, "%s%s\n", prefix, info); \
+ MBEDTLS_X509_SAFE_SNPRINTF; \
+ flags ^= err; \
+ }
+
+ MBEDTLS_X509_CRT_ERROR_INFO_LIST
+#undef X509_CRT_ERROR_INFO
+
+ if (flags != 0) {
+ ret = mbedtls_snprintf(p, n, "%sUnknown reason "
+ "(this should not happen)\n", prefix);
+ MBEDTLS_X509_SAFE_SNPRINTF;
+ }
+
+ return (int) (size - n);
+#endif /* MBEDTLS_X509_REMOVE_INFO */
+}
+#endif /* MBEDTLS_X509_CRT_PARSE_C */
+
+void mbedtls_print_supported_sig_algs(void)
+{
+ mbedtls_printf("supported signature algorithms:\n");
+ mbedtls_printf("\trsa_pkcs1_sha256 ");
+ mbedtls_printf("rsa_pkcs1_sha384 ");
+ mbedtls_printf("rsa_pkcs1_sha512\n");
+ mbedtls_printf("\tecdsa_secp256r1_sha256 ");
+ mbedtls_printf("ecdsa_secp384r1_sha384 ");
+ mbedtls_printf("ecdsa_secp521r1_sha512\n");
+ mbedtls_printf("\trsa_pss_rsae_sha256 ");
+ mbedtls_printf("rsa_pss_rsae_sha384 ");
+ mbedtls_printf("rsa_pss_rsae_sha512\n");
+ mbedtls_printf("\trsa_pss_pss_sha256 ");
+ mbedtls_printf("rsa_pss_pss_sha384 ");
+ mbedtls_printf("rsa_pss_pss_sha512\n");
+ mbedtls_printf("\ted25519 ");
+ mbedtls_printf("ed448 ");
+ mbedtls_printf("rsa_pkcs1_sha1 ");
+ mbedtls_printf("ecdsa_sha1\n");
+ mbedtls_printf("\n");
+}
diff --git a/programs/ssl/ssl_test_lib.c b/programs/ssl/ssl_test_lib.c
new file mode 100644
index 0000000..17d36b7
--- /dev/null
+++ b/programs/ssl/ssl_test_lib.c
@@ -0,0 +1,648 @@
+/*
+ * Common code library for SSL test programs.
+ *
+ * In addition to the functions in this file, there is shared source code
+ * that cannot be compiled separately in "ssl_test_common_source.c".
+ *
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ */
+
+
+#include "ssl_test_lib.h"
+
+#if defined(MBEDTLS_TEST_HOOKS)
+#include "test/threading_helpers.h"
+#endif
+
+#if !defined(MBEDTLS_SSL_TEST_IMPOSSIBLE)
+
+#define ARRAY_LENGTH(x) (sizeof(x)/sizeof(x[0]))
+
+void my_debug(void *ctx, int level,
+ const char *file, int line,
+ const char *str)
+{
+ const char *p, *basename;
+
+ /* Extract basename from file */
+ for (p = basename = file; *p != '\0'; p++) {
+ if (*p == '/' || *p == '\\') {
+ basename = p + 1;
+ }
+ }
+
+ mbedtls_fprintf((FILE *) ctx, "%s:%04d: |%d| %s",
+ basename, line, level, str);
+ fflush((FILE *) ctx);
+}
+
+#if defined(MBEDTLS_HAVE_TIME)
+mbedtls_time_t dummy_constant_time(mbedtls_time_t *time)
+{
+ (void) time;
+ return 0x5af2a056;
+}
+#endif
+
+#if !defined(MBEDTLS_TEST_USE_PSA_CRYPTO_RNG)
+static int dummy_entropy(void *data, unsigned char *output, size_t len)
+{
+ size_t i;
+ int ret;
+ (void) data;
+
+ ret = mbedtls_entropy_func(data, output, len);
+ for (i = 0; i < len; i++) {
+ //replace result with pseudo random
+ output[i] = (unsigned char) rand();
+ }
+ return ret;
+}
+#endif
+
+void rng_init(rng_context_t *rng)
+{
+#if defined(MBEDTLS_TEST_USE_PSA_CRYPTO_RNG)
+ (void) rng;
+ psa_crypto_init();
+#else /* !MBEDTLS_TEST_USE_PSA_CRYPTO_RNG */
+
+#if defined(MBEDTLS_CTR_DRBG_C)
+ mbedtls_ctr_drbg_init(&rng->drbg);
+#elif defined(MBEDTLS_HMAC_DRBG_C)
+ mbedtls_hmac_drbg_init(&rng->drbg);
+#else
+#error "No DRBG available"
+#endif
+
+ mbedtls_entropy_init(&rng->entropy);
+#endif /* !MBEDTLS_TEST_USE_PSA_CRYPTO_RNG */
+}
+
+int rng_seed(rng_context_t *rng, int reproducible, const char *pers)
+{
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ if (reproducible) {
+ mbedtls_fprintf(stderr,
+ "MBEDTLS_USE_PSA_CRYPTO does not support reproducible mode.\n");
+ return -1;
+ }
+#endif
+#if defined(MBEDTLS_TEST_USE_PSA_CRYPTO_RNG)
+ /* The PSA crypto RNG does its own seeding. */
+ (void) rng;
+ (void) pers;
+ if (reproducible) {
+ mbedtls_fprintf(stderr,
+ "The PSA RNG does not support reproducible mode.\n");
+ return -1;
+ }
+ return 0;
+#else /* !MBEDTLS_TEST_USE_PSA_CRYPTO_RNG */
+ int (*f_entropy)(void *, unsigned char *, size_t) =
+ (reproducible ? dummy_entropy : mbedtls_entropy_func);
+
+ if (reproducible) {
+ srand(1);
+ }
+
+#if defined(MBEDTLS_CTR_DRBG_C)
+ int ret = mbedtls_ctr_drbg_seed(&rng->drbg,
+ f_entropy, &rng->entropy,
+ (const unsigned char *) pers,
+ strlen(pers));
+#elif defined(MBEDTLS_HMAC_DRBG_C)
+#if defined(MBEDTLS_MD_CAN_SHA256)
+ const mbedtls_md_type_t md_type = MBEDTLS_MD_SHA256;
+#elif defined(MBEDTLS_MD_CAN_SHA512)
+ const mbedtls_md_type_t md_type = MBEDTLS_MD_SHA512;
+#else
+#error "No message digest available for HMAC_DRBG"
+#endif
+ int ret = mbedtls_hmac_drbg_seed(&rng->drbg,
+ mbedtls_md_info_from_type(md_type),
+ f_entropy, &rng->entropy,
+ (const unsigned char *) pers,
+ strlen(pers));
+#else /* !defined(MBEDTLS_CTR_DRBG_C) && !defined(MBEDTLS_HMAC_DRBG_C) */
+#error "No DRBG available"
+#endif /* !defined(MBEDTLS_CTR_DRBG_C) && !defined(MBEDTLS_HMAC_DRBG_C) */
+
+ if (ret != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_ctr_drbg_seed returned -0x%x\n",
+ (unsigned int) -ret);
+ return ret;
+ }
+#endif /* !MBEDTLS_TEST_USE_PSA_CRYPTO_RNG */
+
+ return 0;
+}
+
+void rng_free(rng_context_t *rng)
+{
+#if defined(MBEDTLS_TEST_USE_PSA_CRYPTO_RNG)
+ (void) rng;
+ /* Deinitialize the PSA crypto subsystem. This deactivates all PSA APIs.
+ * This is ok because none of our applications try to do any crypto after
+ * deinitializing the RNG. */
+ mbedtls_psa_crypto_free();
+#else /* !MBEDTLS_TEST_USE_PSA_CRYPTO_RNG */
+
+#if defined(MBEDTLS_CTR_DRBG_C)
+ mbedtls_ctr_drbg_free(&rng->drbg);
+#elif defined(MBEDTLS_HMAC_DRBG_C)
+ mbedtls_hmac_drbg_free(&rng->drbg);
+#else
+#error "No DRBG available"
+#endif
+
+ mbedtls_entropy_free(&rng->entropy);
+#endif /* !MBEDTLS_TEST_USE_PSA_CRYPTO_RNG */
+}
+
+int rng_get(void *p_rng, unsigned char *output, size_t output_len)
+{
+#if defined(MBEDTLS_TEST_USE_PSA_CRYPTO_RNG)
+ (void) p_rng;
+ return mbedtls_psa_get_random(MBEDTLS_PSA_RANDOM_STATE,
+ output, output_len);
+#else /* !MBEDTLS_TEST_USE_PSA_CRYPTO_RNG */
+ rng_context_t *rng = p_rng;
+
+#if defined(MBEDTLS_CTR_DRBG_C)
+ return mbedtls_ctr_drbg_random(&rng->drbg, output, output_len);
+#elif defined(MBEDTLS_HMAC_DRBG_C)
+ return mbedtls_hmac_drbg_random(&rng->drbg, output, output_len);
+#else
+#error "No DRBG available"
+#endif
+
+#endif /* !MBEDTLS_TEST_USE_PSA_CRYPTO_RNG */
+}
+
+int key_opaque_alg_parse(const char *arg, const char **alg1, const char **alg2)
+{
+ char *separator;
+ if ((separator = strchr(arg, ',')) == NULL) {
+ return 1;
+ }
+ *separator = '\0';
+
+ *alg1 = arg;
+ *alg2 = separator + 1;
+
+ if (strcmp(*alg1, "rsa-sign-pkcs1") != 0 &&
+ strcmp(*alg1, "rsa-sign-pss") != 0 &&
+ strcmp(*alg1, "rsa-sign-pss-sha256") != 0 &&
+ strcmp(*alg1, "rsa-sign-pss-sha384") != 0 &&
+ strcmp(*alg1, "rsa-sign-pss-sha512") != 0 &&
+ strcmp(*alg1, "rsa-decrypt") != 0 &&
+ strcmp(*alg1, "ecdsa-sign") != 0 &&
+ strcmp(*alg1, "ecdh") != 0) {
+ return 1;
+ }
+
+ if (strcmp(*alg2, "rsa-sign-pkcs1") != 0 &&
+ strcmp(*alg2, "rsa-sign-pss") != 0 &&
+ strcmp(*alg1, "rsa-sign-pss-sha256") != 0 &&
+ strcmp(*alg1, "rsa-sign-pss-sha384") != 0 &&
+ strcmp(*alg1, "rsa-sign-pss-sha512") != 0 &&
+ strcmp(*alg2, "rsa-decrypt") != 0 &&
+ strcmp(*alg2, "ecdsa-sign") != 0 &&
+ strcmp(*alg2, "ecdh") != 0 &&
+ strcmp(*alg2, "none") != 0) {
+ return 1;
+ }
+
+ return 0;
+}
+
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+int key_opaque_set_alg_usage(const char *alg1, const char *alg2,
+ psa_algorithm_t *psa_alg1,
+ psa_algorithm_t *psa_alg2,
+ psa_key_usage_t *usage,
+ mbedtls_pk_type_t key_type)
+{
+ if (strcmp(alg1, "none") != 0) {
+ const char *algs[] = { alg1, alg2 };
+ psa_algorithm_t *psa_algs[] = { psa_alg1, psa_alg2 };
+
+ for (int i = 0; i < 2; i++) {
+ if (strcmp(algs[i], "rsa-sign-pkcs1") == 0) {
+ *psa_algs[i] = PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH);
+ *usage |= PSA_KEY_USAGE_SIGN_HASH;
+ } else if (strcmp(algs[i], "rsa-sign-pss") == 0) {
+ *psa_algs[i] = PSA_ALG_RSA_PSS(PSA_ALG_ANY_HASH);
+ *usage |= PSA_KEY_USAGE_SIGN_HASH;
+ } else if (strcmp(algs[i], "rsa-sign-pss-sha256") == 0) {
+ *psa_algs[i] = PSA_ALG_RSA_PSS(PSA_ALG_SHA_256);
+ *usage |= PSA_KEY_USAGE_SIGN_HASH;
+ } else if (strcmp(algs[i], "rsa-sign-pss-sha384") == 0) {
+ *psa_algs[i] = PSA_ALG_RSA_PSS(PSA_ALG_SHA_384);
+ *usage |= PSA_KEY_USAGE_SIGN_HASH;
+ } else if (strcmp(algs[i], "rsa-sign-pss-sha512") == 0) {
+ *psa_algs[i] = PSA_ALG_RSA_PSS(PSA_ALG_SHA_512);
+ *usage |= PSA_KEY_USAGE_SIGN_HASH;
+ } else if (strcmp(algs[i], "rsa-decrypt") == 0) {
+ *psa_algs[i] = PSA_ALG_RSA_PKCS1V15_CRYPT;
+ *usage |= PSA_KEY_USAGE_DECRYPT;
+ } else if (strcmp(algs[i], "ecdsa-sign") == 0) {
+ *psa_algs[i] = PSA_ALG_ECDSA(PSA_ALG_ANY_HASH);
+ *usage |= PSA_KEY_USAGE_SIGN_HASH;
+ } else if (strcmp(algs[i], "ecdh") == 0) {
+ *psa_algs[i] = PSA_ALG_ECDH;
+ *usage |= PSA_KEY_USAGE_DERIVE;
+ } else if (strcmp(algs[i], "none") == 0) {
+ *psa_algs[i] = PSA_ALG_NONE;
+ }
+ }
+ } else {
+ if (key_type == MBEDTLS_PK_ECKEY) {
+ *psa_alg1 = PSA_ALG_ECDSA(PSA_ALG_ANY_HASH);
+ *psa_alg2 = PSA_ALG_ECDH;
+ *usage = PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_DERIVE;
+ } else if (key_type == MBEDTLS_PK_RSA) {
+ *psa_alg1 = PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH);
+ *psa_alg2 = PSA_ALG_RSA_PSS(PSA_ALG_ANY_HASH);
+ *usage = PSA_KEY_USAGE_SIGN_HASH;
+ } else {
+ return 1;
+ }
+ }
+
+ return 0;
+}
+
+#if defined(MBEDTLS_PK_C)
+int pk_wrap_as_opaque(mbedtls_pk_context *pk, psa_algorithm_t psa_alg, psa_algorithm_t psa_alg2,
+ psa_key_usage_t psa_usage, mbedtls_svc_key_id_t *key_id)
+{
+ int ret;
+ psa_key_attributes_t key_attr = PSA_KEY_ATTRIBUTES_INIT;
+
+ ret = mbedtls_pk_get_psa_attributes(pk, PSA_KEY_USAGE_SIGN_HASH, &key_attr);
+ if (ret != 0) {
+ return ret;
+ }
+ psa_set_key_usage_flags(&key_attr, psa_usage);
+ psa_set_key_algorithm(&key_attr, psa_alg);
+ if (psa_alg2 != PSA_ALG_NONE) {
+ psa_set_key_enrollment_algorithm(&key_attr, psa_alg2);
+ }
+ ret = mbedtls_pk_import_into_psa(pk, &key_attr, key_id);
+ if (ret != 0) {
+ return ret;
+ }
+ mbedtls_pk_free(pk);
+ mbedtls_pk_init(pk);
+ ret = mbedtls_pk_setup_opaque(pk, *key_id);
+ if (ret != 0) {
+ return ret;
+ }
+
+ return 0;
+}
+#endif /* MBEDTLS_PK_C */
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+
+#if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK)
+int ca_callback(void *data, mbedtls_x509_crt const *child,
+ mbedtls_x509_crt **candidates)
+{
+ int ret = 0;
+ mbedtls_x509_crt *ca = (mbedtls_x509_crt *) data;
+ mbedtls_x509_crt *first;
+
+ /* This is a test-only implementation of the CA callback
+ * which always returns the entire list of trusted certificates.
+ * Production implementations managing a large number of CAs
+ * should use an efficient presentation and lookup for the
+ * set of trusted certificates (such as a hashtable) and only
+ * return those trusted certificates which satisfy basic
+ * parental checks, such as the matching of child `Issuer`
+ * and parent `Subject` field or matching key identifiers. */
+ ((void) child);
+
+ first = mbedtls_calloc(1, sizeof(mbedtls_x509_crt));
+ if (first == NULL) {
+ ret = -1;
+ goto exit;
+ }
+ mbedtls_x509_crt_init(first);
+
+ if (mbedtls_x509_crt_parse_der(first, ca->raw.p, ca->raw.len) != 0) {
+ ret = -1;
+ goto exit;
+ }
+
+ while (ca->next != NULL) {
+ ca = ca->next;
+ if (mbedtls_x509_crt_parse_der(first, ca->raw.p, ca->raw.len) != 0) {
+ ret = -1;
+ goto exit;
+ }
+ }
+
+exit:
+
+ if (ret != 0) {
+ mbedtls_x509_crt_free(first);
+ mbedtls_free(first);
+ first = NULL;
+ }
+
+ *candidates = first;
+ return ret;
+}
+#endif /* MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK */
+
+int delayed_recv(void *ctx, unsigned char *buf, size_t len)
+{
+ static int first_try = 1;
+ int ret;
+
+ if (first_try) {
+ first_try = 0;
+ return MBEDTLS_ERR_SSL_WANT_READ;
+ }
+
+ ret = mbedtls_net_recv(ctx, buf, len);
+ if (ret != MBEDTLS_ERR_SSL_WANT_READ) {
+ first_try = 1; /* Next call will be a new operation */
+ }
+ return ret;
+}
+
+int delayed_send(void *ctx, const unsigned char *buf, size_t len)
+{
+ static int first_try = 1;
+ int ret;
+
+ if (first_try) {
+ first_try = 0;
+ return MBEDTLS_ERR_SSL_WANT_WRITE;
+ }
+
+ ret = mbedtls_net_send(ctx, buf, len);
+ if (ret != MBEDTLS_ERR_SSL_WANT_WRITE) {
+ first_try = 1; /* Next call will be a new operation */
+ }
+ return ret;
+}
+
+#if !defined(MBEDTLS_TIMING_C)
+int idle(mbedtls_net_context *fd,
+ int idle_reason)
+#else
+int idle(mbedtls_net_context *fd,
+ mbedtls_timing_delay_context *timer,
+ int idle_reason)
+#endif
+{
+ int ret;
+ int poll_type = 0;
+
+ if (idle_reason == MBEDTLS_ERR_SSL_WANT_WRITE) {
+ poll_type = MBEDTLS_NET_POLL_WRITE;
+ } else if (idle_reason == MBEDTLS_ERR_SSL_WANT_READ) {
+ poll_type = MBEDTLS_NET_POLL_READ;
+ }
+#if !defined(MBEDTLS_TIMING_C)
+ else {
+ return 0;
+ }
+#endif
+
+ while (1) {
+ /* Check if timer has expired */
+#if defined(MBEDTLS_TIMING_C)
+ if (timer != NULL &&
+ mbedtls_timing_get_delay(timer) == 2) {
+ break;
+ }
+#endif /* MBEDTLS_TIMING_C */
+
+ /* Check if underlying transport became available */
+ if (poll_type != 0) {
+ ret = mbedtls_net_poll(fd, poll_type, 0);
+ if (ret < 0) {
+ return ret;
+ }
+ if (ret == poll_type) {
+ break;
+ }
+ }
+ }
+
+ return 0;
+}
+
+#if defined(MBEDTLS_TEST_HOOKS)
+
+void test_hooks_init(void)
+{
+ mbedtls_test_info_reset();
+
+#if defined(MBEDTLS_TEST_MUTEX_USAGE)
+ mbedtls_test_mutex_usage_init();
+#endif
+}
+
+int test_hooks_failure_detected(void)
+{
+#if defined(MBEDTLS_TEST_MUTEX_USAGE)
+ /* Errors are reported via mbedtls_test_info. */
+ mbedtls_test_mutex_usage_check();
+#endif
+
+ if (mbedtls_test_get_result() != MBEDTLS_TEST_RESULT_SUCCESS) {
+ return 1;
+ }
+ return 0;
+}
+
+void test_hooks_free(void)
+{
+#if defined(MBEDTLS_TEST_MUTEX_USAGE)
+ mbedtls_test_mutex_usage_end();
+#endif
+}
+
+#endif /* MBEDTLS_TEST_HOOKS */
+
+static const struct {
+ uint16_t tls_id;
+ const char *name;
+ uint8_t is_supported;
+} tls_id_group_name_table[] =
+{
+#if defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED) || defined(PSA_WANT_ECC_SECP_R1_521)
+ { MBEDTLS_SSL_IANA_TLS_GROUP_SECP521R1, "secp521r1", 1 },
+#else
+ { MBEDTLS_SSL_IANA_TLS_GROUP_SECP521R1, "secp521r1", 0 },
+#endif
+#if defined(MBEDTLS_ECP_DP_BP512R1_ENABLED) || defined(PSA_WANT_ECC_BRAINPOOL_P_R1_512)
+ { MBEDTLS_SSL_IANA_TLS_GROUP_BP512R1, "brainpoolP512r1", 1 },
+#else
+ { MBEDTLS_SSL_IANA_TLS_GROUP_BP512R1, "brainpoolP512r1", 0 },
+#endif
+#if defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED) || defined(PSA_WANT_ECC_SECP_R1_384)
+ { MBEDTLS_SSL_IANA_TLS_GROUP_SECP384R1, "secp384r1", 1 },
+#else
+ { MBEDTLS_SSL_IANA_TLS_GROUP_SECP384R1, "secp384r1", 0 },
+#endif
+#if defined(MBEDTLS_ECP_DP_BP384R1_ENABLED) || defined(PSA_WANT_ECC_BRAINPOOL_P_R1_384)
+ { MBEDTLS_SSL_IANA_TLS_GROUP_BP384R1, "brainpoolP384r1", 1 },
+#else
+ { MBEDTLS_SSL_IANA_TLS_GROUP_BP384R1, "brainpoolP384r1", 0 },
+#endif
+#if defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED) || defined(PSA_WANT_ECC_SECP_R1_256)
+ { MBEDTLS_SSL_IANA_TLS_GROUP_SECP256R1, "secp256r1", 1 },
+#else
+ { MBEDTLS_SSL_IANA_TLS_GROUP_SECP256R1, "secp256r1", 0 },
+#endif
+#if defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED) || defined(PSA_WANT_ECC_SECP_K1_256)
+ { MBEDTLS_SSL_IANA_TLS_GROUP_SECP256K1, "secp256k1", 1 },
+#else
+ { MBEDTLS_SSL_IANA_TLS_GROUP_SECP256K1, "secp256k1", 0 },
+#endif
+#if defined(MBEDTLS_ECP_DP_BP256R1_ENABLED) || defined(PSA_WANT_ECC_BRAINPOOL_P_R1_256)
+ { MBEDTLS_SSL_IANA_TLS_GROUP_BP256R1, "brainpoolP256r1", 1 },
+#else
+ { MBEDTLS_SSL_IANA_TLS_GROUP_BP256R1, "brainpoolP256r1", 0 },
+#endif
+#if defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED) || defined(PSA_WANT_ECC_SECP_R1_224)
+ { MBEDTLS_SSL_IANA_TLS_GROUP_SECP224R1, "secp224r1", 1 },
+#else
+ { MBEDTLS_SSL_IANA_TLS_GROUP_SECP224R1, "secp224r1", 0 },
+#endif
+#if defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED) || defined(PSA_WANT_ECC_SECP_K1_224)
+ { MBEDTLS_SSL_IANA_TLS_GROUP_SECP224K1, "secp224k1", 1 },
+#else
+ { MBEDTLS_SSL_IANA_TLS_GROUP_SECP224K1, "secp224k1", 0 },
+#endif
+#if defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED) || defined(PSA_WANT_ECC_SECP_R1_192)
+ { MBEDTLS_SSL_IANA_TLS_GROUP_SECP192R1, "secp192r1", 1 },
+#else
+ { MBEDTLS_SSL_IANA_TLS_GROUP_SECP192R1, "secp192r1", 0 },
+#endif
+#if defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED) || defined(PSA_WANT_ECC_SECP_K1_192)
+ { MBEDTLS_SSL_IANA_TLS_GROUP_SECP192K1, "secp192k1", 1 },
+#else
+ { MBEDTLS_SSL_IANA_TLS_GROUP_SECP192K1, "secp192k1", 0 },
+#endif
+#if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED) || defined(PSA_WANT_ECC_MONTGOMERY_255)
+ { MBEDTLS_SSL_IANA_TLS_GROUP_X25519, "x25519", 1 },
+#else
+ { MBEDTLS_SSL_IANA_TLS_GROUP_X25519, "x25519", 0 },
+#endif
+#if defined(MBEDTLS_ECP_DP_CURVE448_ENABLED) || defined(PSA_WANT_ECC_MONTGOMERY_448)
+ { MBEDTLS_SSL_IANA_TLS_GROUP_X448, "x448", 1 },
+#else
+ { MBEDTLS_SSL_IANA_TLS_GROUP_X448, "x448", 0 },
+#endif
+#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_EPHEMERAL_ENABLED) && \
+ defined(PSA_WANT_ALG_FFDH)
+#if defined(PSA_WANT_DH_RFC7919_2048)
+ { MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE2048, "ffdhe2048", 1 },
+#else /* PSA_WANT_DH_RFC7919_2048 */
+ { MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE2048, "ffdhe2048", 0 },
+#endif /* PSA_WANT_DH_RFC7919_2048 */
+#if defined(PSA_WANT_DH_RFC7919_3072)
+ { MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE3072, "ffdhe3072", 1 },
+#else /* PSA_WANT_DH_RFC7919_3072 */
+ { MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE3072, "ffdhe3072", 0 },
+#endif /* PSA_WANT_DH_RFC7919_3072 */
+#if defined(PSA_WANT_DH_RFC7919_4096)
+ { MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE4096, "ffdhe4096", 1 },
+#else /* PSA_WANT_DH_RFC7919_4096 */
+ { MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE4096, "ffdhe4096", 0 },
+#endif /* PSA_WANT_DH_RFC7919_4096 */
+#if defined(PSA_WANT_DH_RFC7919_6144)
+ { MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE6144, "ffdhe6144", 1 },
+#else /* PSA_WANT_DH_RFC7919_6144 */
+ { MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE6144, "ffdhe6144", 0 },
+#endif /* PSA_WANT_DH_RFC7919_6144 */
+#if defined(PSA_WANT_DH_RFC7919_8192)
+ { MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE8192, "ffdhe8192", 1 },
+#else /* PSA_WANT_DH_RFC7919_8192 */
+ { MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE8192, "ffdhe8192", 0 },
+#endif /* PSA_WANT_DH_RFC7919_8192 */
+#endif /* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_EPHEMERAL_ENABLED && PSA_WANT_ALG_FFDH */
+ { 0, NULL, 0 },
+};
+
+static uint16_t mbedtls_ssl_get_curve_tls_id_from_name(const char *name)
+{
+ if (name == NULL) {
+ return 0;
+ }
+
+ for (int i = 0; tls_id_group_name_table[i].tls_id != 0; i++) {
+ if (strcmp(tls_id_group_name_table[i].name, name) == 0) {
+ return tls_id_group_name_table[i].tls_id;
+ }
+ }
+
+ return 0;
+}
+
+static void mbedtls_ssl_print_supported_groups_list(void)
+{
+ for (int i = 0; tls_id_group_name_table[i].tls_id != 0; i++) {
+ if (tls_id_group_name_table[i].is_supported == 1) {
+ mbedtls_printf("%s ", tls_id_group_name_table[i].name);
+ }
+ }
+}
+
+int parse_groups(const char *groups, uint16_t *group_list, size_t group_list_len)
+{
+ char *p = (char *) groups;
+ char *q = NULL;
+ size_t i = 0;
+
+ if (strcmp(p, "none") == 0) {
+ group_list[0] = 0;
+ } else if (strcmp(p, "default") != 0) {
+ /* Leave room for a final NULL in group list */
+ while (i < group_list_len - 1 && *p != '\0') {
+ uint16_t curve_tls_id;
+ q = p;
+
+ /* Terminate the current string */
+ while (*p != ',' && *p != '\0') {
+ p++;
+ }
+ if (*p == ',') {
+ *p++ = '\0';
+ }
+
+ if ((curve_tls_id = mbedtls_ssl_get_curve_tls_id_from_name(q)) != 0) {
+ group_list[i++] = curve_tls_id;
+ } else {
+ mbedtls_printf("unknown group %s\n", q);
+ mbedtls_printf("supported groups: ");
+ mbedtls_ssl_print_supported_groups_list();
+ mbedtls_printf("\n");
+ return -1;
+ }
+ }
+
+ mbedtls_printf("Number of groups: %u\n", (unsigned int) i);
+
+ if (i == group_list_len - 1 && *p != '\0') {
+ mbedtls_printf("groups list too long, maximum %u",
+ (unsigned int) (group_list_len - 1));
+ return -1;
+ }
+
+ group_list[i] = 0;
+ }
+
+ return 0;
+}
+
+#endif /* !defined(MBEDTLS_SSL_TEST_IMPOSSIBLE) */
diff --git a/programs/ssl/ssl_test_lib.h b/programs/ssl/ssl_test_lib.h
new file mode 100644
index 0000000..1da2dfb
--- /dev/null
+++ b/programs/ssl/ssl_test_lib.h
@@ -0,0 +1,331 @@
+/*
+ * Common code for SSL test programs
+ *
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ */
+
+#ifndef MBEDTLS_PROGRAMS_SSL_SSL_TEST_LIB_H
+#define MBEDTLS_PROGRAMS_SSL_SSL_TEST_LIB_H
+
+#include "mbedtls/build_info.h"
+
+#include "mbedtls/platform.h"
+#include "mbedtls/md.h"
+
+#undef HAVE_RNG
+#if defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG) && \
+ (defined(MBEDTLS_USE_PSA_CRYPTO) || \
+ defined(MBEDTLS_TEST_USE_PSA_CRYPTO_RNG))
+#define HAVE_RNG
+#elif defined(MBEDTLS_ENTROPY_C) && defined(MBEDTLS_CTR_DRBG_C)
+#define HAVE_RNG
+#elif defined(MBEDTLS_ENTROPY_C) && defined(MBEDTLS_HMAC_DRBG_C) && \
+ (defined(MBEDTLS_MD_CAN_SHA256) || defined(MBEDTLS_MD_CAN_SHA512))
+#define HAVE_RNG
+#endif
+
+#if !defined(MBEDTLS_NET_C) || \
+ !defined(MBEDTLS_SSL_TLS_C)
+#define MBEDTLS_SSL_TEST_IMPOSSIBLE \
+ "MBEDTLS_NET_C and/or " \
+ "MBEDTLS_SSL_TLS_C not defined."
+#elif !defined(HAVE_RNG)
+#define MBEDTLS_SSL_TEST_IMPOSSIBLE \
+ "No random generator is available.\n"
+#else
+#undef MBEDTLS_SSL_TEST_IMPOSSIBLE
+
+#undef HAVE_RNG
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include "mbedtls/net_sockets.h"
+#include "mbedtls/ssl.h"
+#include "mbedtls/ssl_ciphersuites.h"
+#include "mbedtls/entropy.h"
+#include "mbedtls/ctr_drbg.h"
+#include "mbedtls/hmac_drbg.h"
+#include "mbedtls/x509.h"
+#include "mbedtls/error.h"
+#include "mbedtls/debug.h"
+#include "mbedtls/timing.h"
+#include "mbedtls/base64.h"
+#include "test/certs.h"
+
+#if defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_TEST_USE_PSA_CRYPTO_RNG)
+#include "psa/crypto.h"
+#include "mbedtls/psa_util.h"
+#endif
+
+#if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C)
+#include "mbedtls/memory_buffer_alloc.h"
+#endif
+
+#include <test/helpers.h>
+
+#include "../test/query_config.h"
+
+#define ALPN_LIST_SIZE 10
+#define GROUP_LIST_SIZE 25
+#define SIG_ALG_LIST_SIZE 5
+
+typedef struct eap_tls_keys {
+ unsigned char master_secret[48];
+ unsigned char randbytes[64];
+ mbedtls_tls_prf_types tls_prf_type;
+} eap_tls_keys;
+
+#if defined(MBEDTLS_SSL_DTLS_SRTP)
+
+/* Supported SRTP mode needs a maximum of :
+ * - 16 bytes for key (AES-128)
+ * - 14 bytes SALT
+ * One for sender, one for receiver context
+ */
+#define MBEDTLS_TLS_SRTP_MAX_KEY_MATERIAL_LENGTH 60
+
+typedef struct dtls_srtp_keys {
+ unsigned char master_secret[48];
+ unsigned char randbytes[64];
+ mbedtls_tls_prf_types tls_prf_type;
+} dtls_srtp_keys;
+
+#endif /* MBEDTLS_SSL_DTLS_SRTP */
+
+typedef struct {
+ mbedtls_ssl_context *ssl;
+ mbedtls_net_context *net;
+} io_ctx_t;
+
+void my_debug(void *ctx, int level,
+ const char *file, int line,
+ const char *str);
+
+#if defined(MBEDTLS_HAVE_TIME)
+mbedtls_time_t dummy_constant_time(mbedtls_time_t *time);
+#endif
+
+#if defined(MBEDTLS_USE_PSA_CRYPTO) && !defined(MBEDTLS_TEST_USE_PSA_CRYPTO_RNG)
+/* If MBEDTLS_TEST_USE_PSA_CRYPTO_RNG is defined, the SSL test programs will use
+ * mbedtls_psa_get_random() rather than entropy+DRBG as a random generator.
+ *
+ * The constraints are:
+ * - Without the entropy module, the PSA RNG is the only option.
+ * - Without at least one of the DRBG modules, the PSA RNG is the only option.
+ * - The PSA RNG does not support explicit seeding, so it is incompatible with
+ * the reproducible mode used by test programs.
+ * - For good overall test coverage, there should be at least one configuration
+ * where the test programs use the PSA RNG while the PSA RNG is itself based
+ * on entropy+DRBG, and at least one configuration where the test programs
+ * do not use the PSA RNG even though it's there.
+ *
+ * A simple choice that meets the constraints is to use the PSA RNG whenever
+ * MBEDTLS_USE_PSA_CRYPTO is enabled. There's no real technical reason the
+ * choice to use the PSA RNG in the test programs and the choice to use
+ * PSA crypto when TLS code needs crypto have to be tied together, but it
+ * happens to be a good match. It's also a good match from an application
+ * perspective: either PSA is preferred for TLS (both for crypto and for
+ * random generation) or it isn't.
+ */
+#define MBEDTLS_TEST_USE_PSA_CRYPTO_RNG
+#endif
+
+/** A context for random number generation (RNG).
+ */
+typedef struct {
+#if defined(MBEDTLS_TEST_USE_PSA_CRYPTO_RNG)
+ unsigned char dummy;
+#else /* MBEDTLS_TEST_USE_PSA_CRYPTO_RNG */
+ mbedtls_entropy_context entropy;
+#if defined(MBEDTLS_CTR_DRBG_C)
+ mbedtls_ctr_drbg_context drbg;
+#elif defined(MBEDTLS_HMAC_DRBG_C)
+ mbedtls_hmac_drbg_context drbg;
+#else
+#error "No DRBG available"
+#endif
+#endif /* MBEDTLS_TEST_USE_PSA_CRYPTO_RNG */
+} rng_context_t;
+
+/** Initialize the RNG.
+ *
+ * This function only initializes the memory used by the RNG context.
+ * Before using the RNG, it must be seeded with rng_seed().
+ */
+void rng_init(rng_context_t *rng);
+
+/* Seed the random number generator.
+ *
+ * \param rng The RNG context to use. It must have been initialized
+ * with rng_init().
+ * \param reproducible If zero, seed the RNG from entropy.
+ * If nonzero, use a fixed seed, so that the program
+ * will produce the same sequence of random numbers
+ * each time it is invoked.
+ * \param pers A null-terminated string. Different values for this
+ * string cause the RNG to emit different output for
+ * the same seed.
+ *
+ * return 0 on success, a negative value on error.
+ */
+int rng_seed(rng_context_t *rng, int reproducible, const char *pers);
+
+/** Deinitialize the RNG. Free any embedded resource.
+ *
+ * \param rng The RNG context to deinitialize. It must have been
+ * initialized with rng_init().
+ */
+void rng_free(rng_context_t *rng);
+
+/** Generate random data.
+ *
+ * This function is suitable for use as the \c f_rng argument to Mbed TLS
+ * library functions.
+ *
+ * \param p_rng The random generator context. This must be a pointer to
+ * a #rng_context_t structure.
+ * \param output The buffer to fill.
+ * \param output_len The length of the buffer in bytes.
+ *
+ * \return \c 0 on success.
+ * \return An Mbed TLS error code on error.
+ */
+int rng_get(void *p_rng, unsigned char *output, size_t output_len);
+
+/** Parse command-line option: key_opaque_algs
+ *
+ *
+ * \param arg String value of key_opaque_algs
+ * Coma-separated pair of values among the following:
+ * - "rsa-sign-pkcs1"
+ * - "rsa-sign-pss"
+ * - "rsa-decrypt"
+ * - "ecdsa-sign"
+ * - "ecdh"
+ * - "none" (only acceptable for the second value).
+ * \param alg1 Address of pointer to alg #1
+ * \param alg2 Address of pointer to alg #2
+ *
+ * \return \c 0 on success.
+ * \return \c 1 on parse failure.
+ */
+int key_opaque_alg_parse(const char *arg, const char **alg1, const char **alg2);
+
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+/** Parse given opaque key algorithms to obtain psa algs and usage
+ * that will be passed to mbedtls_pk_wrap_as_opaque().
+ *
+ *
+ * \param alg1 input string opaque key algorithm #1
+ * \param alg2 input string opaque key algorithm #2
+ * \param psa_alg1 output PSA algorithm #1
+ * \param psa_alg2 output PSA algorithm #2
+ * \param usage output key usage
+ * \param key_type key type used to set default psa algorithm/usage
+ * when alg1 in "none"
+ *
+ * \return \c 0 on success.
+ * \return \c 1 on parse failure.
+ */
+int key_opaque_set_alg_usage(const char *alg1, const char *alg2,
+ psa_algorithm_t *psa_alg1,
+ psa_algorithm_t *psa_alg2,
+ psa_key_usage_t *usage,
+ mbedtls_pk_type_t key_type);
+
+#if defined(MBEDTLS_PK_C)
+/** Turn a non-opaque PK context into an opaque one with folowing steps:
+ * - extract the key data and attributes from the PK context.
+ * - import the key material into PSA.
+ * - free the provided PK context and re-initilize it as an opaque PK context
+ * wrapping the PSA key imported in the above step.
+ *
+ * \param[in/out] pk On input the non-opaque PK context which contains the
+ * key to be wrapped. On output the re-initialized PK
+ * context which represents the opaque version of the one
+ * provided as input.
+ * \param[in] psa_alg The primary algorithm that will be associated to the
+ * PSA key.
+ * \param[in] psa_alg2 The enrollment algorithm that will be associated to the
+ * PSA key.
+ * \param[in] psa_usage The PSA key usage policy.
+ * \param[out] key_id The PSA key identifier of the imported key.
+ *
+ * \return \c 0 on sucess.
+ * \return \c -1 on failure.
+ */
+int pk_wrap_as_opaque(mbedtls_pk_context *pk, psa_algorithm_t psa_alg, psa_algorithm_t psa_alg2,
+ psa_key_usage_t psa_usage, mbedtls_svc_key_id_t *key_id);
+#endif /* MBEDTLS_PK_C */
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+
+#if defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG)
+/* The test implementation of the PSA external RNG is insecure. When
+ * MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG is enabled, before using any PSA crypto
+ * function that makes use of an RNG, you must call
+ * mbedtls_test_enable_insecure_external_rng(). */
+#include <test/fake_external_rng_for_test.h>
+#endif
+
+#if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK)
+int ca_callback(void *data, mbedtls_x509_crt const *child,
+ mbedtls_x509_crt **candidates);
+#endif /* MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK */
+
+/*
+ * Test recv/send functions that make sure each try returns
+ * WANT_READ/WANT_WRITE at least once before succeeding
+ */
+int delayed_recv(void *ctx, unsigned char *buf, size_t len);
+int delayed_send(void *ctx, const unsigned char *buf, size_t len);
+
+/*
+ * Wait for an event from the underlying transport or the timer
+ * (Used in event-driven IO mode).
+ */
+int idle(mbedtls_net_context *fd,
+#if defined(MBEDTLS_TIMING_C)
+ mbedtls_timing_delay_context *timer,
+#endif
+ int idle_reason);
+
+#if defined(MBEDTLS_TEST_HOOKS)
+/** Initialize whatever test hooks are enabled by the compile-time
+ * configuration and make sense for the TLS test programs. */
+void test_hooks_init(void);
+
+/** Check if any test hooks detected a problem.
+ *
+ * If a problem was detected, it's ok for the calling program to keep going,
+ * but it should ultimately exit with an error status.
+ *
+ * \note When implementing a test hook that detects errors on its own
+ * (as opposed to e.g. leaving the error for a memory sanitizer to
+ * report), make sure to print a message to standard error either at
+ * the time the problem is detected or during the execution of this
+ * function. This function does not indicate what problem was detected,
+ * so printing a message is the only way to provide feedback in the
+ * logs of the calling program.
+ *
+ * \return Nonzero if a problem was detected.
+ * \c 0 if no problem was detected.
+ */
+int test_hooks_failure_detected(void);
+
+/** Free any resources allocated for the sake of test hooks.
+ *
+ * Call this at the end of the program so that resource leak analyzers
+ * don't complain.
+ */
+void test_hooks_free(void);
+
+#endif /* !MBEDTLS_TEST_HOOKS */
+
+/* Helper functions for FFDH groups. */
+int parse_groups(const char *groups, uint16_t *group_list, size_t group_list_len);
+
+#endif /* MBEDTLS_SSL_TEST_IMPOSSIBLE conditions: else */
+#endif /* MBEDTLS_PROGRAMS_SSL_SSL_TEST_LIB_H */
diff --git a/programs/test/CMakeLists.txt b/programs/test/CMakeLists.txt
new file mode 100644
index 0000000..0d43ffd
--- /dev/null
+++ b/programs/test/CMakeLists.txt
@@ -0,0 +1,95 @@
+set(libs
+ ${mbedtls_target}
+)
+
+set(executables_libs
+ metatest
+ query_included_headers
+ selftest
+ udp_proxy
+)
+
+set(executables_mbedcrypto
+ benchmark
+ query_compile_time_config
+ zeroize
+)
+
+if(TEST_CPP)
+ set(cpp_dummy_build_cpp "${CMAKE_CURRENT_BINARY_DIR}/cpp_dummy_build.cpp")
+ set(generate_cpp_dummy_build "${CMAKE_CURRENT_SOURCE_DIR}/generate_cpp_dummy_build.sh")
+ add_custom_command(
+ OUTPUT "${cpp_dummy_build_cpp}"
+ COMMAND "${generate_cpp_dummy_build}" "${cpp_dummy_build_cpp}"
+ DEPENDS "${generate_cpp_dummy_build}"
+ WORKING_DIRECTORY "${CMAKE_CURRENT_SOURCE_DIR}"
+ )
+ add_executable(cpp_dummy_build "${cpp_dummy_build_cpp}")
+ target_include_directories(cpp_dummy_build PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../include)
+ target_link_libraries(cpp_dummy_build ${mbedcrypto_target} ${CMAKE_THREAD_LIBS_INIT})
+endif()
+
+if(USE_SHARED_MBEDTLS_LIBRARY AND
+ NOT ${CMAKE_SYSTEM_NAME} MATCHES "[Ww][Ii][Nn]")
+ add_executable(dlopen "dlopen.c")
+ target_include_directories(dlopen PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../include)
+ target_link_libraries(dlopen ${CMAKE_DL_LIBS})
+endif()
+
+if(GEN_FILES)
+ find_package(Perl REQUIRED)
+
+ add_custom_command(
+ OUTPUT
+ ${CMAKE_CURRENT_BINARY_DIR}/query_config.c
+ COMMAND
+ ${PERL}
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../scripts/generate_query_config.pl
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../include/mbedtls/mbedtls_config.h
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../include/psa/crypto_config.h
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../scripts/data_files/query_config.fmt
+ ${CMAKE_CURRENT_BINARY_DIR}/query_config.c
+ DEPENDS
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../scripts/generate_query_config.pl
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../include/mbedtls/mbedtls_config.h
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../include/psa/crypto_config.h
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../scripts/data_files/query_config.fmt
+ )
+ # this file will also be used in another directory, so create a target, see
+ # https://gitlab.kitware.com/cmake/community/-/wikis/FAQ#how-can-i-add-a-dependency-to-a-source-file-which-is-generated-in-a-subdirectory
+ add_custom_target(generate_query_config_c
+ DEPENDS ${CMAKE_CURRENT_BINARY_DIR}/query_config.c)
+else()
+ link_to_source(query_config.c)
+endif()
+
+foreach(exe IN LISTS executables_libs executables_mbedcrypto)
+ set(extra_sources "")
+ if(exe STREQUAL "query_compile_time_config")
+ list(APPEND extra_sources
+ ${CMAKE_CURRENT_SOURCE_DIR}/query_config.h
+ ${CMAKE_CURRENT_BINARY_DIR}/query_config.c)
+ endif()
+ add_executable(${exe} ${exe}.c $<TARGET_OBJECTS:mbedtls_test>
+ ${extra_sources})
+ target_include_directories(${exe} PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../tests/include)
+ target_include_directories(${exe} PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../library)
+ if(exe STREQUAL "query_compile_time_config")
+ target_include_directories(${exe} PRIVATE ${CMAKE_CURRENT_SOURCE_DIR})
+ endif()
+
+ # Request C11, required for memory poisoning
+ set_target_properties(${exe} PROPERTIES C_STANDARD 11)
+
+ # This emulates "if ( ... IN_LIST ... )" which becomes available in CMake 3.3
+ list(FIND executables_libs ${exe} exe_index)
+ if (${exe_index} GREATER -1)
+ target_link_libraries(${exe} ${libs} ${CMAKE_THREAD_LIBS_INIT})
+ else()
+ target_link_libraries(${exe} ${mbedcrypto_target} ${CMAKE_THREAD_LIBS_INIT})
+ endif()
+endforeach()
+
+install(TARGETS ${executables_libs} ${executables_mbedcrypto}
+ DESTINATION "bin"
+ PERMISSIONS OWNER_READ OWNER_WRITE OWNER_EXECUTE GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE)
diff --git a/programs/test/benchmark.c b/programs/test/benchmark.c
new file mode 100644
index 0000000..93c1729
--- /dev/null
+++ b/programs/test/benchmark.c
@@ -0,0 +1,1271 @@
+/*
+ * Benchmark demonstration program
+ *
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ */
+
+#include "mbedtls/build_info.h"
+
+#include "mbedtls/platform.h"
+
+#if !defined(MBEDTLS_HAVE_TIME)
+int main(void)
+{
+ mbedtls_printf("MBEDTLS_HAVE_TIME not defined.\n");
+ mbedtls_exit(0);
+}
+#else
+
+#include <string.h>
+#include <stdlib.h>
+
+#include "mbedtls/md5.h"
+#include "mbedtls/ripemd160.h"
+#include "mbedtls/sha1.h"
+#include "mbedtls/sha256.h"
+#include "mbedtls/sha512.h"
+#include "mbedtls/sha3.h"
+
+#include "mbedtls/des.h"
+#include "mbedtls/aes.h"
+#include "mbedtls/aria.h"
+#include "mbedtls/camellia.h"
+#include "mbedtls/chacha20.h"
+#include "mbedtls/gcm.h"
+#include "mbedtls/ccm.h"
+#include "mbedtls/chachapoly.h"
+#include "mbedtls/cmac.h"
+#include "mbedtls/poly1305.h"
+
+#include "mbedtls/ctr_drbg.h"
+#include "mbedtls/hmac_drbg.h"
+
+#include "mbedtls/rsa.h"
+#include "mbedtls/dhm.h"
+#include "mbedtls/ecdsa.h"
+#include "mbedtls/ecdh.h"
+
+#include "mbedtls/error.h"
+
+/* *INDENT-OFF* */
+#ifndef asm
+#define asm __asm
+#endif
+/* *INDENT-ON* */
+
+#if defined(_WIN32) && !defined(EFIX64) && !defined(EFI32)
+
+#include <windows.h>
+#include <process.h>
+
+struct _hr_time {
+ LARGE_INTEGER start;
+};
+
+#else
+
+#include <unistd.h>
+#include <sys/types.h>
+#include <sys/time.h>
+#include <signal.h>
+#include <time.h>
+
+struct _hr_time {
+ struct timeval start;
+};
+
+#endif /* _WIN32 && !EFIX64 && !EFI32 */
+
+#if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C)
+#include "mbedtls/memory_buffer_alloc.h"
+#endif
+
+#ifdef MBEDTLS_TIMING_ALT
+void mbedtls_set_alarm(int seconds);
+unsigned long mbedtls_timing_hardclock(void);
+extern volatile int mbedtls_timing_alarmed;
+#else
+static void mbedtls_set_alarm(int seconds);
+static unsigned long mbedtls_timing_hardclock(void);
+#endif
+
+/*
+ * For heap usage estimates, we need an estimate of the overhead per allocated
+ * block. ptmalloc2/3 (used in gnu libc for instance) uses 2 size_t per block,
+ * so use that as our baseline.
+ */
+#define MEM_BLOCK_OVERHEAD (2 * sizeof(size_t))
+
+/*
+ * Size to use for the alloc buffer if MEMORY_BUFFER_ALLOC_C is defined.
+ */
+#define HEAP_SIZE (1u << 16) /* 64k */
+
+#define BUFSIZE 1024
+#define HEADER_FORMAT " %-24s : "
+#define TITLE_LEN 25
+
+#define OPTIONS \
+ "md5, ripemd160, sha1, sha256, sha512,\n" \
+ "sha3_224, sha3_256, sha3_384, sha3_512,\n" \
+ "des3, des, camellia, chacha20,\n" \
+ "aes_cbc, aes_cfb128, aes_cfb8, aes_gcm, aes_ccm, aes_xts, chachapoly\n" \
+ "aes_cmac, des3_cmac, poly1305\n" \
+ "ctr_drbg, hmac_drbg\n" \
+ "rsa, dhm, ecdsa, ecdh.\n"
+
+#if defined(MBEDTLS_ERROR_C)
+#define PRINT_ERROR \
+ mbedtls_strerror(ret, (char *) tmp, sizeof(tmp)); \
+ mbedtls_printf("FAILED: %s\n", tmp);
+#else
+#define PRINT_ERROR \
+ mbedtls_printf("FAILED: -0x%04x\n", (unsigned int) -ret);
+#endif
+
+#define TIME_AND_TSC(TITLE, CODE) \
+ do { \
+ unsigned long ii, jj, tsc; \
+ int ret = 0; \
+ \
+ mbedtls_printf(HEADER_FORMAT, TITLE); \
+ fflush(stdout); \
+ \
+ mbedtls_set_alarm(1); \
+ for (ii = 1; ret == 0 && !mbedtls_timing_alarmed; ii++) \
+ { \
+ ret = CODE; \
+ } \
+ \
+ tsc = mbedtls_timing_hardclock(); \
+ for (jj = 0; ret == 0 && jj < 1024; jj++) \
+ { \
+ ret = CODE; \
+ } \
+ \
+ if (ret != 0) \
+ { \
+ PRINT_ERROR; \
+ } \
+ else \
+ { \
+ mbedtls_printf("%9lu KiB/s, %9lu cycles/byte\n", \
+ ii * BUFSIZE / 1024, \
+ (mbedtls_timing_hardclock() - tsc) \
+ / (jj * BUFSIZE)); \
+ } \
+ } while (0)
+
+#if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C) && defined(MBEDTLS_MEMORY_DEBUG)
+
+/* How much space to reserve for the title when printing heap usage results.
+ * Updated manually as the output of the following command:
+ *
+ * sed -n 's/.*[T]IME_PUBLIC.*"\(.*\)",/\1/p' programs/test/benchmark.c |
+ * awk '{print length+3}' | sort -rn | head -n1
+ *
+ * This computes the maximum length of a title +3, because we appends "/s" and
+ * want at least one space. (If the value is too small, the only consequence
+ * is poor alignment.) */
+#define TITLE_SPACE 17
+
+#define MEMORY_MEASURE_INIT \
+ size_t max_used, max_blocks, max_bytes; \
+ size_t prv_used, prv_blocks; \
+ size_t alloc_cnt, free_cnt, prv_alloc, prv_free; \
+ mbedtls_memory_buffer_alloc_cur_get(&prv_used, &prv_blocks); \
+ mbedtls_memory_buffer_alloc_max_reset();
+
+#define MEMORY_MEASURE_RESET \
+ mbedtls_memory_buffer_alloc_count_get(&prv_alloc, &prv_free);
+
+#define MEMORY_MEASURE_PRINT(title_len) \
+ mbedtls_memory_buffer_alloc_max_get(&max_used, &max_blocks); \
+ mbedtls_memory_buffer_alloc_count_get(&alloc_cnt, &free_cnt); \
+ ii = TITLE_SPACE > (title_len) ? TITLE_SPACE - (title_len) : 1; \
+ while (ii--) mbedtls_printf(" "); \
+ max_used -= prv_used; \
+ max_blocks -= prv_blocks; \
+ max_bytes = max_used + MEM_BLOCK_OVERHEAD * max_blocks; \
+ mbedtls_printf("%6u heap bytes, %6u allocs", \
+ (unsigned) max_bytes, \
+ (unsigned) (alloc_cnt - prv_alloc));
+
+#else
+#define MEMORY_MEASURE_INIT
+#define MEMORY_MEASURE_RESET
+#define MEMORY_MEASURE_PRINT(title_len)
+#endif
+
+#define TIME_PUBLIC(TITLE, TYPE, CODE) \
+ do { \
+ unsigned long ii; \
+ int ret; \
+ MEMORY_MEASURE_INIT; \
+ \
+ mbedtls_printf(HEADER_FORMAT, TITLE); \
+ fflush(stdout); \
+ mbedtls_set_alarm(3); \
+ \
+ ret = 0; \
+ for (ii = 1; !mbedtls_timing_alarmed && !ret; ii++) \
+ { \
+ MEMORY_MEASURE_RESET; \
+ CODE; \
+ } \
+ \
+ if (ret == MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED) \
+ { \
+ mbedtls_printf("Feature Not Supported. Skipping.\n"); \
+ ret = 0; \
+ } \
+ else if (ret != 0) \
+ { \
+ PRINT_ERROR; \
+ } \
+ else \
+ { \
+ mbedtls_printf("%6lu " TYPE "/s", ii / 3); \
+ MEMORY_MEASURE_PRINT(sizeof(TYPE) + 1); \
+ mbedtls_printf("\n"); \
+ } \
+ } while (0)
+
+#if !defined(MBEDTLS_TIMING_ALT)
+#if !defined(HAVE_HARDCLOCK) && defined(MBEDTLS_HAVE_ASM) && \
+ (defined(_MSC_VER) && defined(_M_IX86)) || defined(__WATCOMC__)
+
+#define HAVE_HARDCLOCK
+
+static unsigned long mbedtls_timing_hardclock(void)
+{
+ unsigned long tsc;
+ __asm rdtsc
+ __asm mov[tsc], eax
+ return tsc;
+}
+#endif /* !HAVE_HARDCLOCK && MBEDTLS_HAVE_ASM &&
+ ( _MSC_VER && _M_IX86 ) || __WATCOMC__ */
+
+/* some versions of mingw-64 have 32-bit longs even on x84_64 */
+#if !defined(HAVE_HARDCLOCK) && defined(MBEDTLS_HAVE_ASM) && \
+ defined(__GNUC__) && (defined(__i386__) || ( \
+ (defined(__amd64__) || defined(__x86_64__)) && __SIZEOF_LONG__ == 4))
+
+#define HAVE_HARDCLOCK
+
+static unsigned long mbedtls_timing_hardclock(void)
+{
+ unsigned long lo, hi;
+ asm volatile ("rdtsc" : "=a" (lo), "=d" (hi));
+ return lo;
+}
+#endif /* !HAVE_HARDCLOCK && MBEDTLS_HAVE_ASM &&
+ __GNUC__ && __i386__ */
+
+#if !defined(HAVE_HARDCLOCK) && defined(MBEDTLS_HAVE_ASM) && \
+ defined(__GNUC__) && (defined(__amd64__) || defined(__x86_64__))
+
+#define HAVE_HARDCLOCK
+
+static unsigned long mbedtls_timing_hardclock(void)
+{
+ unsigned long lo, hi;
+ asm volatile ("rdtsc" : "=a" (lo), "=d" (hi));
+ return lo | (hi << 32);
+}
+#endif /* !HAVE_HARDCLOCK && MBEDTLS_HAVE_ASM &&
+ __GNUC__ && ( __amd64__ || __x86_64__ ) */
+
+#if !defined(HAVE_HARDCLOCK) && defined(MBEDTLS_HAVE_ASM) && \
+ defined(__GNUC__) && (defined(__powerpc__) || defined(__ppc__))
+
+#define HAVE_HARDCLOCK
+
+static unsigned long mbedtls_timing_hardclock(void)
+{
+ unsigned long tbl, tbu0, tbu1;
+
+ do {
+ asm volatile ("mftbu %0" : "=r" (tbu0));
+ asm volatile ("mftb %0" : "=r" (tbl));
+ asm volatile ("mftbu %0" : "=r" (tbu1));
+ } while (tbu0 != tbu1);
+
+ return tbl;
+}
+#endif /* !HAVE_HARDCLOCK && MBEDTLS_HAVE_ASM &&
+ __GNUC__ && ( __powerpc__ || __ppc__ ) */
+
+#if !defined(HAVE_HARDCLOCK) && defined(MBEDTLS_HAVE_ASM) && \
+ defined(__GNUC__) && defined(__sparc64__)
+
+#if defined(__OpenBSD__)
+#warning OpenBSD does not allow access to tick register using software version instead
+#else
+#define HAVE_HARDCLOCK
+
+static unsigned long mbedtls_timing_hardclock(void)
+{
+ unsigned long tick;
+ asm volatile ("rdpr %%tick, %0;" : "=&r" (tick));
+ return tick;
+}
+#endif /* __OpenBSD__ */
+#endif /* !HAVE_HARDCLOCK && MBEDTLS_HAVE_ASM &&
+ __GNUC__ && __sparc64__ */
+
+#if !defined(HAVE_HARDCLOCK) && defined(MBEDTLS_HAVE_ASM) && \
+ defined(__GNUC__) && defined(__sparc__) && !defined(__sparc64__)
+
+#define HAVE_HARDCLOCK
+
+static unsigned long mbedtls_timing_hardclock(void)
+{
+ unsigned long tick;
+ asm volatile (".byte 0x83, 0x41, 0x00, 0x00");
+ asm volatile ("mov %%g1, %0" : "=r" (tick));
+ return tick;
+}
+#endif /* !HAVE_HARDCLOCK && MBEDTLS_HAVE_ASM &&
+ __GNUC__ && __sparc__ && !__sparc64__ */
+
+#if !defined(HAVE_HARDCLOCK) && defined(MBEDTLS_HAVE_ASM) && \
+ defined(__GNUC__) && defined(__alpha__)
+
+#define HAVE_HARDCLOCK
+
+static unsigned long mbedtls_timing_hardclock(void)
+{
+ unsigned long cc;
+ asm volatile ("rpcc %0" : "=r" (cc));
+ return cc & 0xFFFFFFFF;
+}
+#endif /* !HAVE_HARDCLOCK && MBEDTLS_HAVE_ASM &&
+ __GNUC__ && __alpha__ */
+
+#if !defined(HAVE_HARDCLOCK) && defined(MBEDTLS_HAVE_ASM) && \
+ defined(__GNUC__) && defined(__ia64__)
+
+#define HAVE_HARDCLOCK
+
+static unsigned long mbedtls_timing_hardclock(void)
+{
+ unsigned long itc;
+ asm volatile ("mov %0 = ar.itc" : "=r" (itc));
+ return itc;
+}
+#endif /* !HAVE_HARDCLOCK && MBEDTLS_HAVE_ASM &&
+ __GNUC__ && __ia64__ */
+
+#if !defined(HAVE_HARDCLOCK) && defined(_WIN32) && \
+ !defined(EFIX64) && !defined(EFI32)
+
+#define HAVE_HARDCLOCK
+
+static unsigned long mbedtls_timing_hardclock(void)
+{
+ LARGE_INTEGER offset;
+
+ QueryPerformanceCounter(&offset);
+
+ return (unsigned long) (offset.QuadPart);
+}
+#endif /* !HAVE_HARDCLOCK && _WIN32 && !EFIX64 && !EFI32 */
+
+#if !defined(HAVE_HARDCLOCK)
+
+#define HAVE_HARDCLOCK
+
+static int hardclock_init = 0;
+static struct timeval tv_init;
+
+static unsigned long mbedtls_timing_hardclock(void)
+{
+ struct timeval tv_cur;
+
+ if (hardclock_init == 0) {
+ gettimeofday(&tv_init, NULL);
+ hardclock_init = 1;
+ }
+
+ gettimeofday(&tv_cur, NULL);
+ return (tv_cur.tv_sec - tv_init.tv_sec) * 1000000U
+ + (tv_cur.tv_usec - tv_init.tv_usec);
+}
+#endif /* !HAVE_HARDCLOCK */
+
+volatile int mbedtls_timing_alarmed = 0;
+
+#if defined(_WIN32) && !defined(EFIX64) && !defined(EFI32)
+
+/* It's OK to use a global because alarm() is supposed to be global anyway */
+static DWORD alarmMs;
+
+static void TimerProc(void *TimerContext)
+{
+ (void) TimerContext;
+ Sleep(alarmMs);
+ mbedtls_timing_alarmed = 1;
+ /* _endthread will be called implicitly on return
+ * That ensures execution of thread function's epilogue */
+}
+
+static void mbedtls_set_alarm(int seconds)
+{
+ if (seconds == 0) {
+ /* No need to create a thread for this simple case.
+ * Also, this shorcut is more reliable at least on MinGW32 */
+ mbedtls_timing_alarmed = 1;
+ return;
+ }
+
+ mbedtls_timing_alarmed = 0;
+ alarmMs = seconds * 1000;
+ (void) _beginthread(TimerProc, 0, NULL);
+}
+
+#else /* _WIN32 && !EFIX64 && !EFI32 */
+
+static void sighandler(int signum)
+{
+ mbedtls_timing_alarmed = 1;
+ signal(signum, sighandler);
+}
+
+static void mbedtls_set_alarm(int seconds)
+{
+ mbedtls_timing_alarmed = 0;
+ signal(SIGALRM, sighandler);
+ alarm(seconds);
+ if (seconds == 0) {
+ /* alarm(0) cancelled any previous pending alarm, but the
+ handler won't fire, so raise the flag straight away. */
+ mbedtls_timing_alarmed = 1;
+ }
+}
+
+#endif /* _WIN32 && !EFIX64 && !EFI32 */
+#endif /* !MBEDTLS_TIMING_ALT */
+
+static int myrand(void *rng_state, unsigned char *output, size_t len)
+{
+ size_t use_len;
+ int rnd;
+
+ if (rng_state != NULL) {
+ rng_state = NULL;
+ }
+
+ while (len > 0) {
+ use_len = len;
+ if (use_len > sizeof(int)) {
+ use_len = sizeof(int);
+ }
+
+ rnd = rand();
+ memcpy(output, &rnd, use_len);
+ output += use_len;
+ len -= use_len;
+ }
+
+ return 0;
+}
+
+#define CHECK_AND_CONTINUE(R) \
+ { \
+ int CHECK_AND_CONTINUE_ret = (R); \
+ if (CHECK_AND_CONTINUE_ret == MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED) { \
+ mbedtls_printf("Feature not supported. Skipping.\n"); \
+ continue; \
+ } \
+ else if (CHECK_AND_CONTINUE_ret != 0) { \
+ mbedtls_exit(1); \
+ } \
+ }
+
+#if defined(MBEDTLS_ECP_C)
+static int set_ecp_curve(const char *string, mbedtls_ecp_curve_info *curve)
+{
+ const mbedtls_ecp_curve_info *found =
+ mbedtls_ecp_curve_info_from_name(string);
+ if (found != NULL) {
+ *curve = *found;
+ return 1;
+ } else {
+ return 0;
+ }
+}
+#endif
+
+unsigned char buf[BUFSIZE];
+
+typedef struct {
+ char md5, ripemd160, sha1, sha256, sha512,
+ sha3_224, sha3_256, sha3_384, sha3_512,
+ des3, des,
+ aes_cbc, aes_cfb128, aes_cfb8, aes_ctr, aes_gcm, aes_ccm, aes_xts, chachapoly,
+ aes_cmac, des3_cmac,
+ aria, camellia, chacha20,
+ poly1305,
+ ctr_drbg, hmac_drbg,
+ rsa, dhm, ecdsa, ecdh;
+} todo_list;
+
+
+int main(int argc, char *argv[])
+{
+ int i;
+ unsigned char tmp[200];
+ char title[TITLE_LEN];
+ todo_list todo;
+#if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C)
+ unsigned char alloc_buf[HEAP_SIZE] = { 0 };
+#endif
+#if defined(MBEDTLS_ECP_C)
+ mbedtls_ecp_curve_info single_curve[2] = {
+ { MBEDTLS_ECP_DP_NONE, 0, 0, NULL },
+ { MBEDTLS_ECP_DP_NONE, 0, 0, NULL },
+ };
+ const mbedtls_ecp_curve_info *curve_list = mbedtls_ecp_curve_list();
+#endif
+
+#if defined(MBEDTLS_ECP_C)
+ (void) curve_list; /* Unused in some configurations where no benchmark uses ECC */
+#endif
+
+ if (argc <= 1) {
+ memset(&todo, 1, sizeof(todo));
+ } else {
+ memset(&todo, 0, sizeof(todo));
+
+ for (i = 1; i < argc; i++) {
+ if (strcmp(argv[i], "md5") == 0) {
+ todo.md5 = 1;
+ } else if (strcmp(argv[i], "ripemd160") == 0) {
+ todo.ripemd160 = 1;
+ } else if (strcmp(argv[i], "sha1") == 0) {
+ todo.sha1 = 1;
+ } else if (strcmp(argv[i], "sha256") == 0) {
+ todo.sha256 = 1;
+ } else if (strcmp(argv[i], "sha512") == 0) {
+ todo.sha512 = 1;
+ } else if (strcmp(argv[i], "sha3_224") == 0) {
+ todo.sha3_224 = 1;
+ } else if (strcmp(argv[i], "sha3_256") == 0) {
+ todo.sha3_256 = 1;
+ } else if (strcmp(argv[i], "sha3_384") == 0) {
+ todo.sha3_384 = 1;
+ } else if (strcmp(argv[i], "sha3_512") == 0) {
+ todo.sha3_512 = 1;
+ } else if (strcmp(argv[i], "des3") == 0) {
+ todo.des3 = 1;
+ } else if (strcmp(argv[i], "des") == 0) {
+ todo.des = 1;
+ } else if (strcmp(argv[i], "aes_cbc") == 0) {
+ todo.aes_cbc = 1;
+ } else if (strcmp(argv[i], "aes_cfb128") == 0) {
+ todo.aes_cfb128 = 1;
+ } else if (strcmp(argv[i], "aes_cfb8") == 0) {
+ todo.aes_cfb8 = 1;
+ } else if (strcmp(argv[i], "aes_ctr") == 0) {
+ todo.aes_ctr = 1;
+ } else if (strcmp(argv[i], "aes_xts") == 0) {
+ todo.aes_xts = 1;
+ } else if (strcmp(argv[i], "aes_gcm") == 0) {
+ todo.aes_gcm = 1;
+ } else if (strcmp(argv[i], "aes_ccm") == 0) {
+ todo.aes_ccm = 1;
+ } else if (strcmp(argv[i], "chachapoly") == 0) {
+ todo.chachapoly = 1;
+ } else if (strcmp(argv[i], "aes_cmac") == 0) {
+ todo.aes_cmac = 1;
+ } else if (strcmp(argv[i], "des3_cmac") == 0) {
+ todo.des3_cmac = 1;
+ } else if (strcmp(argv[i], "aria") == 0) {
+ todo.aria = 1;
+ } else if (strcmp(argv[i], "camellia") == 0) {
+ todo.camellia = 1;
+ } else if (strcmp(argv[i], "chacha20") == 0) {
+ todo.chacha20 = 1;
+ } else if (strcmp(argv[i], "poly1305") == 0) {
+ todo.poly1305 = 1;
+ } else if (strcmp(argv[i], "ctr_drbg") == 0) {
+ todo.ctr_drbg = 1;
+ } else if (strcmp(argv[i], "hmac_drbg") == 0) {
+ todo.hmac_drbg = 1;
+ } else if (strcmp(argv[i], "rsa") == 0) {
+ todo.rsa = 1;
+ } else if (strcmp(argv[i], "dhm") == 0) {
+ todo.dhm = 1;
+ } else if (strcmp(argv[i], "ecdsa") == 0) {
+ todo.ecdsa = 1;
+ } else if (strcmp(argv[i], "ecdh") == 0) {
+ todo.ecdh = 1;
+ }
+#if defined(MBEDTLS_ECP_C)
+ else if (set_ecp_curve(argv[i], single_curve)) {
+ curve_list = single_curve;
+ }
+#endif
+ else {
+ mbedtls_printf("Unrecognized option: %s\n", argv[i]);
+ mbedtls_printf("Available options: " OPTIONS);
+ }
+ }
+ }
+
+ mbedtls_printf("\n");
+
+#if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C)
+ mbedtls_memory_buffer_alloc_init(alloc_buf, sizeof(alloc_buf));
+#endif
+ memset(buf, 0xAA, sizeof(buf));
+ memset(tmp, 0xBB, sizeof(tmp));
+
+ /* Avoid "unused static function" warning in configurations without
+ * symmetric crypto. */
+ (void) mbedtls_timing_hardclock;
+
+#if defined(MBEDTLS_MD5_C)
+ if (todo.md5) {
+ TIME_AND_TSC("MD5", mbedtls_md5(buf, BUFSIZE, tmp));
+ }
+#endif
+
+#if defined(MBEDTLS_RIPEMD160_C)
+ if (todo.ripemd160) {
+ TIME_AND_TSC("RIPEMD160", mbedtls_ripemd160(buf, BUFSIZE, tmp));
+ }
+#endif
+
+#if defined(MBEDTLS_SHA1_C)
+ if (todo.sha1) {
+ TIME_AND_TSC("SHA-1", mbedtls_sha1(buf, BUFSIZE, tmp));
+ }
+#endif
+
+#if defined(MBEDTLS_SHA256_C)
+ if (todo.sha256) {
+ TIME_AND_TSC("SHA-256", mbedtls_sha256(buf, BUFSIZE, tmp, 0));
+ }
+#endif
+
+#if defined(MBEDTLS_SHA512_C)
+ if (todo.sha512) {
+ TIME_AND_TSC("SHA-512", mbedtls_sha512(buf, BUFSIZE, tmp, 0));
+ }
+#endif
+#if defined(MBEDTLS_SHA3_C)
+ if (todo.sha3_224) {
+ TIME_AND_TSC("SHA3-224", mbedtls_sha3(MBEDTLS_SHA3_224, buf, BUFSIZE, tmp, 28));
+ }
+ if (todo.sha3_256) {
+ TIME_AND_TSC("SHA3-256", mbedtls_sha3(MBEDTLS_SHA3_256, buf, BUFSIZE, tmp, 32));
+ }
+ if (todo.sha3_384) {
+ TIME_AND_TSC("SHA3-384", mbedtls_sha3(MBEDTLS_SHA3_384, buf, BUFSIZE, tmp, 48));
+ }
+ if (todo.sha3_512) {
+ TIME_AND_TSC("SHA3-512", mbedtls_sha3(MBEDTLS_SHA3_512, buf, BUFSIZE, tmp, 64));
+ }
+#endif
+
+#if defined(MBEDTLS_DES_C)
+#if defined(MBEDTLS_CIPHER_MODE_CBC)
+ if (todo.des3) {
+ mbedtls_des3_context des3;
+
+ mbedtls_des3_init(&des3);
+ if (mbedtls_des3_set3key_enc(&des3, tmp) != 0) {
+ mbedtls_exit(1);
+ }
+ TIME_AND_TSC("3DES",
+ mbedtls_des3_crypt_cbc(&des3, MBEDTLS_DES_ENCRYPT, BUFSIZE, tmp, buf, buf));
+ mbedtls_des3_free(&des3);
+ }
+
+ if (todo.des) {
+ mbedtls_des_context des;
+
+ mbedtls_des_init(&des);
+ if (mbedtls_des_setkey_enc(&des, tmp) != 0) {
+ mbedtls_exit(1);
+ }
+ TIME_AND_TSC("DES",
+ mbedtls_des_crypt_cbc(&des, MBEDTLS_DES_ENCRYPT, BUFSIZE, tmp, buf, buf));
+ mbedtls_des_free(&des);
+ }
+
+#endif /* MBEDTLS_CIPHER_MODE_CBC */
+#if defined(MBEDTLS_CMAC_C)
+ if (todo.des3_cmac) {
+ unsigned char output[8];
+ const mbedtls_cipher_info_t *cipher_info;
+
+ memset(buf, 0, sizeof(buf));
+ memset(tmp, 0, sizeof(tmp));
+
+ cipher_info = mbedtls_cipher_info_from_type(MBEDTLS_CIPHER_DES_EDE3_ECB);
+
+ TIME_AND_TSC("3DES-CMAC",
+ mbedtls_cipher_cmac(cipher_info, tmp, 192, buf,
+ BUFSIZE, output));
+ }
+#endif /* MBEDTLS_CMAC_C */
+#endif /* MBEDTLS_DES_C */
+
+#if defined(MBEDTLS_AES_C)
+#if defined(MBEDTLS_CIPHER_MODE_CBC)
+ if (todo.aes_cbc) {
+ int keysize;
+ mbedtls_aes_context aes;
+
+ mbedtls_aes_init(&aes);
+ for (keysize = 128; keysize <= 256; keysize += 64) {
+ mbedtls_snprintf(title, sizeof(title), "AES-CBC-%d", keysize);
+
+ memset(buf, 0, sizeof(buf));
+ memset(tmp, 0, sizeof(tmp));
+ CHECK_AND_CONTINUE(mbedtls_aes_setkey_enc(&aes, tmp, keysize));
+
+ TIME_AND_TSC(title,
+ mbedtls_aes_crypt_cbc(&aes, MBEDTLS_AES_ENCRYPT, BUFSIZE, tmp, buf, buf));
+ }
+ mbedtls_aes_free(&aes);
+ }
+#endif
+#if defined(MBEDTLS_CIPHER_MODE_CFB)
+ if (todo.aes_cfb128) {
+ int keysize;
+ size_t iv_off = 0;
+ mbedtls_aes_context aes;
+
+ mbedtls_aes_init(&aes);
+ for (keysize = 128; keysize <= 256; keysize += 64) {
+ mbedtls_snprintf(title, sizeof(title), "AES-CFB128-%d", keysize);
+
+ memset(buf, 0, sizeof(buf));
+ memset(tmp, 0, sizeof(tmp));
+ CHECK_AND_CONTINUE(mbedtls_aes_setkey_enc(&aes, tmp, keysize));
+
+ TIME_AND_TSC(title,
+ mbedtls_aes_crypt_cfb128(&aes, MBEDTLS_AES_ENCRYPT, BUFSIZE,
+ &iv_off, tmp, buf, buf));
+ }
+ mbedtls_aes_free(&aes);
+ }
+ if (todo.aes_cfb8) {
+ int keysize;
+ mbedtls_aes_context aes;
+
+ mbedtls_aes_init(&aes);
+ for (keysize = 128; keysize <= 256; keysize += 64) {
+ mbedtls_snprintf(title, sizeof(title), "AES-CFB8-%d", keysize);
+
+ memset(buf, 0, sizeof(buf));
+ memset(tmp, 0, sizeof(tmp));
+ CHECK_AND_CONTINUE(mbedtls_aes_setkey_enc(&aes, tmp, keysize));
+
+ TIME_AND_TSC(title,
+ mbedtls_aes_crypt_cfb8(&aes, MBEDTLS_AES_ENCRYPT, BUFSIZE, tmp, buf, buf));
+ }
+ mbedtls_aes_free(&aes);
+ }
+#endif
+#if defined(MBEDTLS_CIPHER_MODE_CTR)
+ if (todo.aes_ctr) {
+ int keysize;
+ mbedtls_aes_context aes;
+
+ uint8_t stream_block[16];
+ size_t nc_off;
+
+ mbedtls_aes_init(&aes);
+ for (keysize = 128; keysize <= 256; keysize += 64) {
+ mbedtls_snprintf(title, sizeof(title), "AES-CTR-%d", keysize);
+
+ memset(buf, 0, sizeof(buf));
+ memset(tmp, 0, sizeof(tmp));
+ memset(stream_block, 0, sizeof(stream_block));
+ nc_off = 0;
+
+ CHECK_AND_CONTINUE(mbedtls_aes_setkey_enc(&aes, tmp, keysize));
+
+ TIME_AND_TSC(title, mbedtls_aes_crypt_ctr(&aes, BUFSIZE, &nc_off, tmp, stream_block,
+ buf, buf));
+ }
+ mbedtls_aes_free(&aes);
+ }
+#endif
+#if defined(MBEDTLS_CIPHER_MODE_XTS)
+ if (todo.aes_xts) {
+ int keysize;
+ mbedtls_aes_xts_context ctx;
+
+ mbedtls_aes_xts_init(&ctx);
+ for (keysize = 128; keysize <= 256; keysize += 128) {
+ mbedtls_snprintf(title, sizeof(title), "AES-XTS-%d", keysize);
+
+ memset(buf, 0, sizeof(buf));
+ memset(tmp, 0, sizeof(tmp));
+ CHECK_AND_CONTINUE(mbedtls_aes_xts_setkey_enc(&ctx, tmp, keysize * 2));
+
+ TIME_AND_TSC(title,
+ mbedtls_aes_crypt_xts(&ctx, MBEDTLS_AES_ENCRYPT, BUFSIZE,
+ tmp, buf, buf));
+
+ mbedtls_aes_xts_free(&ctx);
+ }
+ }
+#endif
+#if defined(MBEDTLS_GCM_C)
+ if (todo.aes_gcm) {
+ int keysize;
+ mbedtls_gcm_context gcm;
+
+ mbedtls_gcm_init(&gcm);
+ for (keysize = 128; keysize <= 256; keysize += 64) {
+ mbedtls_snprintf(title, sizeof(title), "AES-GCM-%d", keysize);
+
+ memset(buf, 0, sizeof(buf));
+ memset(tmp, 0, sizeof(tmp));
+ mbedtls_gcm_setkey(&gcm, MBEDTLS_CIPHER_ID_AES, tmp, keysize);
+
+ TIME_AND_TSC(title,
+ mbedtls_gcm_crypt_and_tag(&gcm, MBEDTLS_GCM_ENCRYPT, BUFSIZE, tmp,
+ 12, NULL, 0, buf, buf, 16, tmp));
+
+ mbedtls_gcm_free(&gcm);
+ }
+ }
+#endif
+#if defined(MBEDTLS_CCM_C)
+ if (todo.aes_ccm) {
+ int keysize;
+ mbedtls_ccm_context ccm;
+
+ mbedtls_ccm_init(&ccm);
+ for (keysize = 128; keysize <= 256; keysize += 64) {
+ mbedtls_snprintf(title, sizeof(title), "AES-CCM-%d", keysize);
+
+ memset(buf, 0, sizeof(buf));
+ memset(tmp, 0, sizeof(tmp));
+ mbedtls_ccm_setkey(&ccm, MBEDTLS_CIPHER_ID_AES, tmp, keysize);
+
+ TIME_AND_TSC(title,
+ mbedtls_ccm_encrypt_and_tag(&ccm, BUFSIZE, tmp,
+ 12, NULL, 0, buf, buf, tmp, 16));
+
+ mbedtls_ccm_free(&ccm);
+ }
+ }
+#endif
+#if defined(MBEDTLS_CHACHAPOLY_C)
+ if (todo.chachapoly) {
+ mbedtls_chachapoly_context chachapoly;
+
+ mbedtls_chachapoly_init(&chachapoly);
+ memset(buf, 0, sizeof(buf));
+ memset(tmp, 0, sizeof(tmp));
+
+ mbedtls_snprintf(title, sizeof(title), "ChaCha20-Poly1305");
+
+ mbedtls_chachapoly_setkey(&chachapoly, tmp);
+
+ TIME_AND_TSC(title,
+ mbedtls_chachapoly_encrypt_and_tag(&chachapoly,
+ BUFSIZE, tmp, NULL, 0, buf, buf, tmp));
+
+ mbedtls_chachapoly_free(&chachapoly);
+ }
+#endif
+#if defined(MBEDTLS_CMAC_C)
+ if (todo.aes_cmac) {
+ unsigned char output[16];
+ const mbedtls_cipher_info_t *cipher_info;
+ mbedtls_cipher_type_t cipher_type;
+ int keysize;
+
+ for (keysize = 128, cipher_type = MBEDTLS_CIPHER_AES_128_ECB;
+ keysize <= 256;
+ keysize += 64, cipher_type++) {
+ mbedtls_snprintf(title, sizeof(title), "AES-CMAC-%d", keysize);
+
+ memset(buf, 0, sizeof(buf));
+ memset(tmp, 0, sizeof(tmp));
+
+ cipher_info = mbedtls_cipher_info_from_type(cipher_type);
+
+ TIME_AND_TSC(title,
+ mbedtls_cipher_cmac(cipher_info, tmp, keysize,
+ buf, BUFSIZE, output));
+ }
+
+ memset(buf, 0, sizeof(buf));
+ memset(tmp, 0, sizeof(tmp));
+ TIME_AND_TSC("AES-CMAC-PRF-128",
+ mbedtls_aes_cmac_prf_128(tmp, 16, buf, BUFSIZE,
+ output));
+ }
+#endif /* MBEDTLS_CMAC_C */
+#endif /* MBEDTLS_AES_C */
+
+#if defined(MBEDTLS_ARIA_C) && defined(MBEDTLS_CIPHER_MODE_CBC)
+ if (todo.aria) {
+ int keysize;
+ mbedtls_aria_context aria;
+
+ mbedtls_aria_init(&aria);
+ for (keysize = 128; keysize <= 256; keysize += 64) {
+ mbedtls_snprintf(title, sizeof(title), "ARIA-CBC-%d", keysize);
+
+ memset(buf, 0, sizeof(buf));
+ memset(tmp, 0, sizeof(tmp));
+ mbedtls_aria_setkey_enc(&aria, tmp, keysize);
+
+ TIME_AND_TSC(title,
+ mbedtls_aria_crypt_cbc(&aria, MBEDTLS_ARIA_ENCRYPT,
+ BUFSIZE, tmp, buf, buf));
+ }
+ mbedtls_aria_free(&aria);
+ }
+#endif
+
+#if defined(MBEDTLS_CAMELLIA_C) && defined(MBEDTLS_CIPHER_MODE_CBC)
+ if (todo.camellia) {
+ int keysize;
+ mbedtls_camellia_context camellia;
+
+ mbedtls_camellia_init(&camellia);
+ for (keysize = 128; keysize <= 256; keysize += 64) {
+ mbedtls_snprintf(title, sizeof(title), "CAMELLIA-CBC-%d", keysize);
+
+ memset(buf, 0, sizeof(buf));
+ memset(tmp, 0, sizeof(tmp));
+ mbedtls_camellia_setkey_enc(&camellia, tmp, keysize);
+
+ TIME_AND_TSC(title,
+ mbedtls_camellia_crypt_cbc(&camellia, MBEDTLS_CAMELLIA_ENCRYPT,
+ BUFSIZE, tmp, buf, buf));
+ }
+ mbedtls_camellia_free(&camellia);
+ }
+#endif
+
+#if defined(MBEDTLS_CHACHA20_C)
+ if (todo.chacha20) {
+ TIME_AND_TSC("ChaCha20", mbedtls_chacha20_crypt(buf, buf, 0U, BUFSIZE, buf, buf));
+ }
+#endif
+
+#if defined(MBEDTLS_POLY1305_C)
+ if (todo.poly1305) {
+ TIME_AND_TSC("Poly1305", mbedtls_poly1305_mac(buf, buf, BUFSIZE, buf));
+ }
+#endif
+
+#if defined(MBEDTLS_CTR_DRBG_C)
+ if (todo.ctr_drbg) {
+ mbedtls_ctr_drbg_context ctr_drbg;
+
+ mbedtls_ctr_drbg_init(&ctr_drbg);
+ if (mbedtls_ctr_drbg_seed(&ctr_drbg, myrand, NULL, NULL, 0) != 0) {
+ mbedtls_exit(1);
+ }
+ TIME_AND_TSC("CTR_DRBG (NOPR)",
+ mbedtls_ctr_drbg_random(&ctr_drbg, buf, BUFSIZE));
+ mbedtls_ctr_drbg_free(&ctr_drbg);
+
+ mbedtls_ctr_drbg_init(&ctr_drbg);
+ if (mbedtls_ctr_drbg_seed(&ctr_drbg, myrand, NULL, NULL, 0) != 0) {
+ mbedtls_exit(1);
+ }
+ mbedtls_ctr_drbg_set_prediction_resistance(&ctr_drbg, MBEDTLS_CTR_DRBG_PR_ON);
+ TIME_AND_TSC("CTR_DRBG (PR)",
+ mbedtls_ctr_drbg_random(&ctr_drbg, buf, BUFSIZE));
+ mbedtls_ctr_drbg_free(&ctr_drbg);
+ }
+#endif
+
+#if defined(MBEDTLS_HMAC_DRBG_C) && \
+ (defined(MBEDTLS_SHA1_C) || defined(MBEDTLS_SHA256_C))
+ if (todo.hmac_drbg) {
+ mbedtls_hmac_drbg_context hmac_drbg;
+ const mbedtls_md_info_t *md_info;
+
+ mbedtls_hmac_drbg_init(&hmac_drbg);
+
+#if defined(MBEDTLS_SHA1_C)
+ if ((md_info = mbedtls_md_info_from_type(MBEDTLS_MD_SHA1)) == NULL) {
+ mbedtls_exit(1);
+ }
+
+ if (mbedtls_hmac_drbg_seed(&hmac_drbg, md_info, myrand, NULL, NULL, 0) != 0) {
+ mbedtls_exit(1);
+ }
+ TIME_AND_TSC("HMAC_DRBG SHA-1 (NOPR)",
+ mbedtls_hmac_drbg_random(&hmac_drbg, buf, BUFSIZE));
+
+ if (mbedtls_hmac_drbg_seed(&hmac_drbg, md_info, myrand, NULL, NULL, 0) != 0) {
+ mbedtls_exit(1);
+ }
+ mbedtls_hmac_drbg_set_prediction_resistance(&hmac_drbg,
+ MBEDTLS_HMAC_DRBG_PR_ON);
+ TIME_AND_TSC("HMAC_DRBG SHA-1 (PR)",
+ mbedtls_hmac_drbg_random(&hmac_drbg, buf, BUFSIZE));
+#endif
+
+#if defined(MBEDTLS_SHA256_C)
+ if ((md_info = mbedtls_md_info_from_type(MBEDTLS_MD_SHA256)) == NULL) {
+ mbedtls_exit(1);
+ }
+
+ if (mbedtls_hmac_drbg_seed(&hmac_drbg, md_info, myrand, NULL, NULL, 0) != 0) {
+ mbedtls_exit(1);
+ }
+ TIME_AND_TSC("HMAC_DRBG SHA-256 (NOPR)",
+ mbedtls_hmac_drbg_random(&hmac_drbg, buf, BUFSIZE));
+
+ if (mbedtls_hmac_drbg_seed(&hmac_drbg, md_info, myrand, NULL, NULL, 0) != 0) {
+ mbedtls_exit(1);
+ }
+ mbedtls_hmac_drbg_set_prediction_resistance(&hmac_drbg,
+ MBEDTLS_HMAC_DRBG_PR_ON);
+ TIME_AND_TSC("HMAC_DRBG SHA-256 (PR)",
+ mbedtls_hmac_drbg_random(&hmac_drbg, buf, BUFSIZE));
+#endif
+ mbedtls_hmac_drbg_free(&hmac_drbg);
+ }
+#endif /* MBEDTLS_HMAC_DRBG_C && ( MBEDTLS_SHA1_C || MBEDTLS_SHA256_C ) */
+
+#if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_GENPRIME)
+ if (todo.rsa) {
+ int keysize;
+ mbedtls_rsa_context rsa;
+
+ for (keysize = 2048; keysize <= 4096; keysize += 1024) {
+ mbedtls_snprintf(title, sizeof(title), "RSA-%d", keysize);
+
+ mbedtls_rsa_init(&rsa);
+ mbedtls_rsa_gen_key(&rsa, myrand, NULL, keysize, 65537);
+
+ TIME_PUBLIC(title, " public",
+ buf[0] = 0;
+ ret = mbedtls_rsa_public(&rsa, buf, buf));
+
+ TIME_PUBLIC(title, "private",
+ buf[0] = 0;
+ ret = mbedtls_rsa_private(&rsa, myrand, NULL, buf, buf));
+
+ mbedtls_rsa_free(&rsa);
+ }
+ }
+#endif
+
+#if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_BIGNUM_C)
+ if (todo.dhm) {
+ int dhm_sizes[] = { 2048, 3072 };
+ static const unsigned char dhm_P_2048[] =
+ MBEDTLS_DHM_RFC3526_MODP_2048_P_BIN;
+ static const unsigned char dhm_P_3072[] =
+ MBEDTLS_DHM_RFC3526_MODP_3072_P_BIN;
+ static const unsigned char dhm_G_2048[] =
+ MBEDTLS_DHM_RFC3526_MODP_2048_G_BIN;
+ static const unsigned char dhm_G_3072[] =
+ MBEDTLS_DHM_RFC3526_MODP_3072_G_BIN;
+
+ const unsigned char *dhm_P[] = { dhm_P_2048, dhm_P_3072 };
+ const size_t dhm_P_size[] = { sizeof(dhm_P_2048),
+ sizeof(dhm_P_3072) };
+
+ const unsigned char *dhm_G[] = { dhm_G_2048, dhm_G_3072 };
+ const size_t dhm_G_size[] = { sizeof(dhm_G_2048),
+ sizeof(dhm_G_3072) };
+
+ mbedtls_dhm_context dhm;
+ size_t olen;
+ size_t n;
+ mbedtls_mpi P, G;
+ mbedtls_mpi_init(&P); mbedtls_mpi_init(&G);
+
+ for (i = 0; (size_t) i < sizeof(dhm_sizes) / sizeof(dhm_sizes[0]); i++) {
+ mbedtls_dhm_init(&dhm);
+
+ if (mbedtls_mpi_read_binary(&P, dhm_P[i],
+ dhm_P_size[i]) != 0 ||
+ mbedtls_mpi_read_binary(&G, dhm_G[i],
+ dhm_G_size[i]) != 0 ||
+ mbedtls_dhm_set_group(&dhm, &P, &G) != 0) {
+ mbedtls_exit(1);
+ }
+
+ n = mbedtls_dhm_get_len(&dhm);
+ mbedtls_dhm_make_public(&dhm, (int) n, buf, n, myrand, NULL);
+
+ if (mbedtls_dhm_read_public(&dhm, buf, n) != 0) {
+ mbedtls_exit(1);
+ }
+
+ mbedtls_snprintf(title, sizeof(title), "DHE-%d", dhm_sizes[i]);
+ TIME_PUBLIC(title, "handshake",
+ ret |= mbedtls_dhm_make_public(&dhm, (int) n, buf, n,
+ myrand, NULL);
+ ret |=
+ mbedtls_dhm_calc_secret(&dhm, buf, sizeof(buf), &olen, myrand, NULL));
+
+ mbedtls_snprintf(title, sizeof(title), "DH-%d", dhm_sizes[i]);
+ TIME_PUBLIC(title, "handshake",
+ ret |=
+ mbedtls_dhm_calc_secret(&dhm, buf, sizeof(buf), &olen, myrand, NULL));
+
+ mbedtls_dhm_free(&dhm);
+ mbedtls_mpi_free(&P), mbedtls_mpi_free(&G);
+ }
+ }
+#endif
+
+#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_SHA256_C)
+ if (todo.ecdsa) {
+ mbedtls_ecdsa_context ecdsa;
+ const mbedtls_ecp_curve_info *curve_info;
+ size_t sig_len;
+
+ memset(buf, 0x2A, sizeof(buf));
+
+ for (curve_info = curve_list;
+ curve_info->grp_id != MBEDTLS_ECP_DP_NONE;
+ curve_info++) {
+ if (!mbedtls_ecdsa_can_do(curve_info->grp_id)) {
+ continue;
+ }
+
+ mbedtls_ecdsa_init(&ecdsa);
+
+ if (mbedtls_ecdsa_genkey(&ecdsa, curve_info->grp_id, myrand, NULL) != 0) {
+ mbedtls_exit(1);
+ }
+
+ mbedtls_snprintf(title, sizeof(title), "ECDSA-%s",
+ curve_info->name);
+ TIME_PUBLIC(title,
+ "sign",
+ ret =
+ mbedtls_ecdsa_write_signature(&ecdsa, MBEDTLS_MD_SHA256, buf,
+ curve_info->bit_size,
+ tmp, sizeof(tmp), &sig_len, myrand,
+ NULL));
+
+ mbedtls_ecdsa_free(&ecdsa);
+ }
+
+ for (curve_info = curve_list;
+ curve_info->grp_id != MBEDTLS_ECP_DP_NONE;
+ curve_info++) {
+ if (!mbedtls_ecdsa_can_do(curve_info->grp_id)) {
+ continue;
+ }
+
+ mbedtls_ecdsa_init(&ecdsa);
+
+ if (mbedtls_ecdsa_genkey(&ecdsa, curve_info->grp_id, myrand, NULL) != 0 ||
+ mbedtls_ecdsa_write_signature(&ecdsa, MBEDTLS_MD_SHA256, buf, curve_info->bit_size,
+ tmp, sizeof(tmp), &sig_len, myrand, NULL) != 0) {
+ mbedtls_exit(1);
+ }
+
+ mbedtls_snprintf(title, sizeof(title), "ECDSA-%s",
+ curve_info->name);
+ TIME_PUBLIC(title, "verify",
+ ret = mbedtls_ecdsa_read_signature(&ecdsa, buf, curve_info->bit_size,
+ tmp, sig_len));
+
+ mbedtls_ecdsa_free(&ecdsa);
+ }
+ }
+#endif
+
+#if defined(MBEDTLS_ECDH_C)
+ if (todo.ecdh) {
+ mbedtls_ecdh_context ecdh_srv, ecdh_cli;
+ unsigned char buf_srv[BUFSIZE], buf_cli[BUFSIZE];
+ const mbedtls_ecp_curve_info *curve_info;
+ size_t params_len, publen, seclen;
+
+ for (curve_info = curve_list;
+ curve_info->grp_id != MBEDTLS_ECP_DP_NONE;
+ curve_info++) {
+ if (!mbedtls_ecdh_can_do(curve_info->grp_id)) {
+ continue;
+ }
+
+ mbedtls_ecdh_init(&ecdh_srv);
+
+ CHECK_AND_CONTINUE(mbedtls_ecdh_setup(&ecdh_srv, curve_info->grp_id));
+ CHECK_AND_CONTINUE(mbedtls_ecdh_make_params(&ecdh_srv, ¶ms_len, buf_srv,
+ sizeof(buf_srv), myrand, NULL));
+
+ mbedtls_snprintf(title, sizeof(title), "ECDHE-%s", curve_info->name);
+ TIME_PUBLIC(title,
+ "ephemeral handshake",
+ const unsigned char *p_srv = buf_srv;
+ mbedtls_ecdh_init(&ecdh_cli);
+
+ CHECK_AND_CONTINUE(mbedtls_ecdh_read_params(&ecdh_cli, &p_srv,
+ p_srv + params_len));
+ CHECK_AND_CONTINUE(mbedtls_ecdh_make_public(&ecdh_cli, &publen, buf_cli,
+ sizeof(buf_cli), myrand, NULL));
+
+ CHECK_AND_CONTINUE(mbedtls_ecdh_calc_secret(&ecdh_cli, &seclen, buf_cli,
+ sizeof(buf_cli), myrand, NULL));
+ mbedtls_ecdh_free(&ecdh_cli);
+ );
+
+ mbedtls_ecdh_free(&ecdh_srv);
+ }
+
+ for (curve_info = curve_list;
+ curve_info->grp_id != MBEDTLS_ECP_DP_NONE;
+ curve_info++) {
+ if (!mbedtls_ecdh_can_do(curve_info->grp_id)) {
+ continue;
+ }
+
+ mbedtls_ecdh_init(&ecdh_srv);
+ mbedtls_ecdh_init(&ecdh_cli);
+
+ CHECK_AND_CONTINUE(mbedtls_ecdh_setup(&ecdh_srv, curve_info->grp_id));
+ CHECK_AND_CONTINUE(mbedtls_ecdh_make_params(&ecdh_srv, ¶ms_len, buf_srv,
+ sizeof(buf_srv), myrand, NULL));
+
+ const unsigned char *p_srv = buf_srv;
+ CHECK_AND_CONTINUE(mbedtls_ecdh_read_params(&ecdh_cli, &p_srv,
+ p_srv + params_len));
+ CHECK_AND_CONTINUE(mbedtls_ecdh_make_public(&ecdh_cli, &publen, buf_cli,
+ sizeof(buf_cli), myrand, NULL));
+
+
+ mbedtls_snprintf(title, sizeof(title), "ECDH-%s", curve_info->name);
+ TIME_PUBLIC(title,
+ "static handshake",
+ CHECK_AND_CONTINUE(mbedtls_ecdh_calc_secret(&ecdh_cli, &seclen, buf_cli,
+ sizeof(buf_cli), myrand, NULL));
+ );
+
+ mbedtls_ecdh_free(&ecdh_cli);
+ mbedtls_ecdh_free(&ecdh_srv);
+ }
+ }
+#endif
+
+ mbedtls_printf("\n");
+
+#if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C)
+ mbedtls_memory_buffer_alloc_free();
+#endif
+
+ mbedtls_exit(0);
+}
+
+#endif /* MBEDTLS_HAVE_TIME */
diff --git a/programs/test/cmake_package/.gitignore b/programs/test/cmake_package/.gitignore
new file mode 100644
index 0000000..9ae6b59
--- /dev/null
+++ b/programs/test/cmake_package/.gitignore
@@ -0,0 +1,3 @@
+build
+Makefile
+cmake_package
diff --git a/programs/test/cmake_package/CMakeLists.txt b/programs/test/cmake_package/CMakeLists.txt
new file mode 100644
index 0000000..f498cf9
--- /dev/null
+++ b/programs/test/cmake_package/CMakeLists.txt
@@ -0,0 +1,38 @@
+cmake_minimum_required(VERSION 3.5.1)
+
+#
+# Simulate configuring and building Mbed TLS as the user might do it. We'll
+# skip installing it, and use the build directory directly instead.
+#
+
+set(MbedTLS_SOURCE_DIR "${CMAKE_CURRENT_SOURCE_DIR}/../../..")
+set(MbedTLS_BINARY_DIR "${CMAKE_CURRENT_BINARY_DIR}/mbedtls")
+
+execute_process(
+ COMMAND "${CMAKE_COMMAND}"
+ "-H${MbedTLS_SOURCE_DIR}"
+ "-B${MbedTLS_BINARY_DIR}"
+ "-DENABLE_PROGRAMS=NO"
+ "-DENABLE_TESTING=NO"
+ # Turn on generated files explicitly in case this is a release
+ "-DGEN_FILES=ON")
+
+execute_process(
+ COMMAND "${CMAKE_COMMAND}"
+ --build "${MbedTLS_BINARY_DIR}")
+
+#
+# Locate the package.
+#
+
+set(MbedTLS_DIR "${MbedTLS_BINARY_DIR}/cmake")
+find_package(MbedTLS REQUIRED)
+
+#
+# At this point, the Mbed TLS targets should have been imported, and we can now
+# link to them from our own program.
+#
+
+add_executable(cmake_package cmake_package.c)
+target_link_libraries(cmake_package
+ MbedTLS::mbedcrypto MbedTLS::mbedtls MbedTLS::mbedx509)
diff --git a/programs/test/cmake_package/cmake_package.c b/programs/test/cmake_package/cmake_package.c
new file mode 100644
index 0000000..729800a
--- /dev/null
+++ b/programs/test/cmake_package/cmake_package.c
@@ -0,0 +1,27 @@
+/*
+ * Simple program to test that Mbed TLS builds correctly as a CMake package.
+ *
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ */
+
+#include "mbedtls/build_info.h"
+
+#include "mbedtls/platform.h"
+
+#include "mbedtls/version.h"
+
+/* The main reason to build this is for testing the CMake build, so the program
+ * doesn't need to do very much. It calls a single library function to ensure
+ * linkage works, but that is all. */
+int main()
+{
+ /* This version string is 18 bytes long, as advised by version.h. */
+ char version[18];
+
+ mbedtls_version_get_string_full(version);
+
+ mbedtls_printf("Built against %s\n", version);
+
+ return 0;
+}
diff --git a/programs/test/cmake_package_install/.gitignore b/programs/test/cmake_package_install/.gitignore
new file mode 100644
index 0000000..b9b8282
--- /dev/null
+++ b/programs/test/cmake_package_install/.gitignore
@@ -0,0 +1,3 @@
+build
+Makefile
+cmake_package_install
diff --git a/programs/test/cmake_package_install/CMakeLists.txt b/programs/test/cmake_package_install/CMakeLists.txt
new file mode 100644
index 0000000..6937af4
--- /dev/null
+++ b/programs/test/cmake_package_install/CMakeLists.txt
@@ -0,0 +1,41 @@
+cmake_minimum_required(VERSION 3.5.1)
+
+#
+# Simulate configuring and building Mbed TLS as the user might do it. We'll
+# install into a directory inside our own build directory.
+#
+
+set(MbedTLS_SOURCE_DIR "${CMAKE_CURRENT_SOURCE_DIR}/../../..")
+set(MbedTLS_INSTALL_DIR "${CMAKE_CURRENT_BINARY_DIR}/mbedtls")
+set(MbedTLS_BINARY_DIR "${MbedTLS_INSTALL_DIR}${CMAKE_FILES_DIRECTORY}")
+
+execute_process(
+ COMMAND "${CMAKE_COMMAND}"
+ "-H${MbedTLS_SOURCE_DIR}"
+ "-B${MbedTLS_BINARY_DIR}"
+ "-DENABLE_PROGRAMS=NO"
+ "-DENABLE_TESTING=NO"
+ # Turn on generated files explicitly in case this is a release
+ "-DGEN_FILES=ON"
+ "-DCMAKE_INSTALL_PREFIX=${MbedTLS_INSTALL_DIR}")
+
+execute_process(
+ COMMAND "${CMAKE_COMMAND}"
+ --build "${MbedTLS_BINARY_DIR}"
+ --target install)
+
+#
+# Locate the package.
+#
+
+list(INSERT CMAKE_PREFIX_PATH 0 "${MbedTLS_INSTALL_DIR}")
+find_package(MbedTLS REQUIRED)
+
+#
+# At this point, the Mbed TLS targets should have been imported, and we can now
+# link to them from our own program.
+#
+
+add_executable(cmake_package_install cmake_package_install.c)
+target_link_libraries(cmake_package_install
+ MbedTLS::mbedcrypto MbedTLS::mbedtls MbedTLS::mbedx509)
diff --git a/programs/test/cmake_package_install/cmake_package_install.c b/programs/test/cmake_package_install/cmake_package_install.c
new file mode 100644
index 0000000..44a2ada
--- /dev/null
+++ b/programs/test/cmake_package_install/cmake_package_install.c
@@ -0,0 +1,28 @@
+/*
+ * Simple program to test that Mbed TLS builds correctly as an installable CMake
+ * package.
+ *
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ */
+
+#include "mbedtls/build_info.h"
+
+#include "mbedtls/platform.h"
+
+#include "mbedtls/version.h"
+
+/* The main reason to build this is for testing the CMake build, so the program
+ * doesn't need to do very much. It calls a single library function to ensure
+ * linkage works, but that is all. */
+int main()
+{
+ /* This version string is 18 bytes long, as advised by version.h. */
+ char version[18];
+
+ mbedtls_version_get_string_full(version);
+
+ mbedtls_printf("Built against %s\n", version);
+
+ return 0;
+}
diff --git a/programs/test/cmake_subproject/.gitignore b/programs/test/cmake_subproject/.gitignore
new file mode 100644
index 0000000..464833b
--- /dev/null
+++ b/programs/test/cmake_subproject/.gitignore
@@ -0,0 +1,3 @@
+build
+Makefile
+cmake_subproject
diff --git a/programs/test/cmake_subproject/CMakeLists.txt b/programs/test/cmake_subproject/CMakeLists.txt
new file mode 100644
index 0000000..78bd5e7
--- /dev/null
+++ b/programs/test/cmake_subproject/CMakeLists.txt
@@ -0,0 +1,23 @@
+cmake_minimum_required(VERSION 3.5.1)
+
+# Test the target renaming support by adding a prefix to the targets built
+set(MBEDTLS_TARGET_PREFIX subproject_test_)
+
+# We use the parent Mbed TLS directory as the MBEDTLS_DIR for this test. Other
+# projects that use Mbed TLS as a subproject are likely to add by their own
+# relative paths.
+set(MBEDTLS_DIR ../../../)
+
+# Add Mbed TLS as a subdirectory.
+add_subdirectory(${MBEDTLS_DIR} build)
+
+# Link against all the Mbed TLS libraries. Verifies that the targets have been
+# created using the specified prefix
+set(libs
+ subproject_test_mbedcrypto
+ subproject_test_mbedx509
+ subproject_test_mbedtls
+)
+
+add_executable(cmake_subproject cmake_subproject.c)
+target_link_libraries(cmake_subproject ${libs} ${CMAKE_THREAD_LIBS_INIT})
diff --git a/programs/test/cmake_subproject/cmake_subproject.c b/programs/test/cmake_subproject/cmake_subproject.c
new file mode 100644
index 0000000..8b4f18e
--- /dev/null
+++ b/programs/test/cmake_subproject/cmake_subproject.c
@@ -0,0 +1,28 @@
+/*
+ * Simple program to test that CMake builds with Mbed TLS as a subdirectory
+ * work correctly.
+ *
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ */
+
+#include "mbedtls/build_info.h"
+
+#include "mbedtls/platform.h"
+
+#include "mbedtls/version.h"
+
+/* The main reason to build this is for testing the CMake build, so the program
+ * doesn't need to do very much. It calls a single library function to ensure
+ * linkage works, but that is all. */
+int main()
+{
+ /* This version string is 18 bytes long, as advised by version.h. */
+ char version[18];
+
+ mbedtls_version_get_string_full(version);
+
+ mbedtls_printf("Built against %s\n", version);
+
+ return 0;
+}
diff --git a/programs/test/dlopen.c b/programs/test/dlopen.c
new file mode 100644
index 0000000..f241254
--- /dev/null
+++ b/programs/test/dlopen.c
@@ -0,0 +1,92 @@
+/*
+ * Test dynamic loading of libmbed*
+ *
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ */
+
+#include "mbedtls/build_info.h"
+
+#include "mbedtls/platform.h"
+
+#if defined(MBEDTLS_X509_CRT_PARSE_C)
+#include "mbedtls/x509_crt.h"
+#endif
+
+#if defined(__APPLE__)
+#define SO_SUFFIX ".dylib"
+#else
+#define SO_SUFFIX ".so"
+#endif
+
+#define CRYPTO_SO_FILENAME "libmbedcrypto" SO_SUFFIX
+#define X509_SO_FILENAME "libmbedx509" SO_SUFFIX
+#define TLS_SO_FILENAME "libmbedtls" SO_SUFFIX
+
+#include <dlfcn.h>
+
+#define CHECK_DLERROR(function, argument) \
+ do \
+ { \
+ char *CHECK_DLERROR_error = dlerror(); \
+ if (CHECK_DLERROR_error != NULL) \
+ { \
+ fprintf(stderr, "Dynamic loading error for %s(%s): %s\n", \
+ function, argument, CHECK_DLERROR_error); \
+ mbedtls_exit(MBEDTLS_EXIT_FAILURE); \
+ } \
+ } \
+ while (0)
+
+int main(void)
+{
+#if defined(MBEDTLS_MD_C) || defined(MBEDTLS_SSL_TLS_C)
+ unsigned n;
+#endif
+
+#if defined(MBEDTLS_SSL_TLS_C)
+ void *tls_so = dlopen(TLS_SO_FILENAME, RTLD_NOW);
+ CHECK_DLERROR("dlopen", TLS_SO_FILENAME);
+ const int *(*ssl_list_ciphersuites)(void) =
+ dlsym(tls_so, "mbedtls_ssl_list_ciphersuites");
+ CHECK_DLERROR("dlsym", "mbedtls_ssl_list_ciphersuites");
+ const int *ciphersuites = ssl_list_ciphersuites();
+ for (n = 0; ciphersuites[n] != 0; n++) {/* nothing to do, we're just counting */
+ ;
+ }
+ mbedtls_printf("dlopen(%s): %u ciphersuites\n",
+ TLS_SO_FILENAME, n);
+ dlclose(tls_so);
+ CHECK_DLERROR("dlclose", TLS_SO_FILENAME);
+#endif /* MBEDTLS_SSL_TLS_C */
+
+#if defined(MBEDTLS_X509_CRT_PARSE_C)
+ void *x509_so = dlopen(X509_SO_FILENAME, RTLD_NOW);
+ CHECK_DLERROR("dlopen", X509_SO_FILENAME);
+ const mbedtls_x509_crt_profile *profile =
+ dlsym(x509_so, "mbedtls_x509_crt_profile_default");
+ CHECK_DLERROR("dlsym", "mbedtls_x509_crt_profile_default");
+ mbedtls_printf("dlopen(%s): Allowed md mask: %08x\n",
+ X509_SO_FILENAME, (unsigned) profile->allowed_mds);
+ dlclose(x509_so);
+ CHECK_DLERROR("dlclose", X509_SO_FILENAME);
+#endif /* MBEDTLS_X509_CRT_PARSE_C */
+
+#if defined(MBEDTLS_MD_C)
+ void *crypto_so = dlopen(CRYPTO_SO_FILENAME, RTLD_NOW);
+ CHECK_DLERROR("dlopen", CRYPTO_SO_FILENAME);
+ const int *(*md_list)(void) =
+ dlsym(crypto_so, "mbedtls_md_list");
+ CHECK_DLERROR("dlsym", "mbedtls_md_list");
+ const int *mds = md_list();
+ for (n = 0; mds[n] != 0; n++) {/* nothing to do, we're just counting */
+ ;
+ }
+ mbedtls_printf("dlopen(%s): %u hashes\n",
+ CRYPTO_SO_FILENAME, n);
+ dlclose(crypto_so);
+ CHECK_DLERROR("dlclose", CRYPTO_SO_FILENAME);
+#endif /* MBEDTLS_MD_C */
+
+ return 0;
+}
diff --git a/programs/test/dlopen_demo.sh b/programs/test/dlopen_demo.sh
new file mode 100755
index 0000000..7280f1d
--- /dev/null
+++ b/programs/test/dlopen_demo.sh
@@ -0,0 +1,42 @@
+#!/bin/sh
+
+# Run the shared library dynamic loading demo program.
+# This is only expected to work when Mbed TLS is built as a shared library.
+
+# Copyright The Mbed TLS Contributors
+# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+
+. "${0%/*}/../demo_common.sh"
+
+msg "Test the dynamic loading of libmbed*"
+
+program="$programs_dir/test/dlopen"
+library_dir="$root_dir/library"
+
+# Skip this test if we don't have a shared library build. Detect this
+# through the absence of the demo program.
+if [ ! -e "$program" ]; then
+ msg "$0: this demo requires a shared library build."
+ # Exit with a success status so that this counts as a pass for run_demos.py.
+ exit
+fi
+
+# ELF-based Unix-like (Linux, *BSD, Solaris, ...)
+if [ -n "${LD_LIBRARY_PATH-}" ]; then
+ LD_LIBRARY_PATH="$library_dir:$LD_LIBRARY_PATH"
+else
+ LD_LIBRARY_PATH="$library_dir"
+fi
+export LD_LIBRARY_PATH
+
+# OSX/macOS
+if [ -n "${DYLD_LIBRARY_PATH-}" ]; then
+ DYLD_LIBRARY_PATH="$library_dir:$DYLD_LIBRARY_PATH"
+else
+ DYLD_LIBRARY_PATH="$library_dir"
+fi
+export DYLD_LIBRARY_PATH
+
+msg "Running dynamic loading test program: $program"
+msg "Loading libraries from: $library_dir"
+"$program"
diff --git a/programs/test/generate_cpp_dummy_build.sh b/programs/test/generate_cpp_dummy_build.sh
new file mode 100755
index 0000000..0b4bd0b
--- /dev/null
+++ b/programs/test/generate_cpp_dummy_build.sh
@@ -0,0 +1,78 @@
+#!/bin/sh
+
+DEFAULT_OUTPUT_FILE=programs/test/cpp_dummy_build.cpp
+
+if [ "$1" = "--help" ]; then
+ cat <<EOF
+Usage: $0 [OUTPUT]
+Generate a C++ dummy build program that includes all the headers.
+OUTPUT defaults to "programs/test/cpp_dummy_build.cpp".
+Run this program from the root of an Mbed TLS directory tree or from
+its "programs" or "programs/test" subdirectory.
+EOF
+ exit
+fi
+
+# Copyright The Mbed TLS Contributors
+# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+
+set -e
+
+# Ensure a reproducible order for *.h
+export LC_ALL=C
+
+print_cpp () {
+ cat <<'EOF'
+/* Automatically generated file. Do not edit.
+ *
+ * This program is a dummy C++ program to ensure Mbed TLS library header files
+ * can be included and built with a C++ compiler.
+ *
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ *
+ */
+
+#include "mbedtls/build_info.h"
+
+EOF
+
+ for header in include/mbedtls/*.h include/psa/*.h; do
+ case ${header#include/} in
+ mbedtls/mbedtls_config.h) :;; # not meant for direct inclusion
+ mbedtls/config_*.h) :;; # not meant for direct inclusion
+ psa/crypto_config.h) :;; # not meant for direct inclusion
+ psa/crypto_ajdust_config*.h) :;; # not meant for direct inclusion
+ # Some of the psa/crypto_*.h headers are not meant to be included
+ # directly. They do have include guards that make them no-ops if
+ # psa/crypto.h has been included before. Since psa/crypto.h comes
+ # before psa/crypto_*.h in the wildcard enumeration, we don't need
+ # to skip those headers.
+ *) echo "#include \"${header#include/}\"";;
+ esac
+ done
+
+ cat <<'EOF'
+
+int main()
+{
+ mbedtls_platform_context *ctx = NULL;
+ mbedtls_platform_setup(ctx);
+ mbedtls_printf("CPP Build test passed\n");
+ mbedtls_platform_teardown(ctx);
+}
+EOF
+}
+
+if [ -d include/mbedtls ]; then
+ :
+elif [ -d ../include/mbedtls ]; then
+ cd ..
+elif [ -d ../../include/mbedtls ]; then
+ cd ../..
+else
+ echo >&2 "This script must be run from an Mbed TLS source tree."
+ exit 3
+fi
+
+print_cpp >"${1:-$DEFAULT_OUTPUT_FILE}"
diff --git a/programs/test/metatest.c b/programs/test/metatest.c
new file mode 100644
index 0000000..c52e579
--- /dev/null
+++ b/programs/test/metatest.c
@@ -0,0 +1,484 @@
+/** \file metatest.c
+ *
+ * \brief Test features of the test framework.
+ *
+ * When you run this program, it runs a single "meta-test". A meta-test
+ * performs an operation which should be caught as a failure by our
+ * test framework. The meta-test passes if this program calls `exit` with
+ * a nonzero status, or aborts, or is terminated by a signal, or if the
+ * framework running the program considers the run an error (this happens
+ * with Valgrind for a memory leak). The non-success of the meta-test
+ * program means that the test failure has been caught correctly.
+ *
+ * Some failures are purely functional: the logic of the code causes the
+ * test result to be set to FAIL. Other failures come from extra
+ * instrumentation which is not present in a normal build; for example,
+ * Asan or Valgrind to detect memory leaks. This is reflected by the
+ * "platform" associated with each meta-test.
+ *
+ * Use the companion script `tests/scripts/run-metatests.sh` to run all
+ * the meta-tests for a given platform and validate that they trigger a
+ * detected failure as expected.
+ */
+
+/*
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ */
+
+
+#include <mbedtls/debug.h>
+#include <mbedtls/platform.h>
+#include <mbedtls/platform_util.h>
+#include "test/helpers.h"
+#include "test/threading_helpers.h"
+#include "test/macros.h"
+#include "test/memory.h"
+#include "common.h"
+
+#include <stdio.h>
+#include <string.h>
+
+#if defined(MBEDTLS_THREADING_C)
+#include <mbedtls/threading.h>
+#endif
+
+
+/* This is an external variable, so the compiler doesn't know that we're never
+ * changing its value.
+ */
+volatile int false_but_the_compiler_does_not_know = 0;
+
+/* Hide calls to calloc/free from static checkers such as
+ * `gcc-12 -Wuse-after-free`, to avoid compile-time complaints about
+ * code where we do mean to cause a runtime error. */
+void * (* volatile calloc_but_the_compiler_does_not_know)(size_t, size_t) = mbedtls_calloc;
+void(*volatile free_but_the_compiler_does_not_know)(void *) = mbedtls_free;
+
+/* Set n bytes at the address p to all-bits-zero, in such a way that
+ * the compiler should not know that p is all-bits-zero. */
+static void set_to_zero_but_the_compiler_does_not_know(volatile void *p, size_t n)
+{
+ memset((void *) p, false_but_the_compiler_does_not_know, n);
+}
+
+/* Simulate an access to the given object, to avoid compiler optimizations
+ * in code that prepares or consumes the object. */
+static void do_nothing_with_object(void *p)
+{
+ (void) p;
+}
+void(*volatile do_nothing_with_object_but_the_compiler_does_not_know)(void *) =
+ do_nothing_with_object;
+
+
+/****************************************************************/
+/* Test framework features */
+/****************************************************************/
+
+void meta_test_fail(const char *name)
+{
+ (void) name;
+ mbedtls_test_fail("Forced test failure", __LINE__, __FILE__);
+}
+
+void meta_test_not_equal(const char *name)
+{
+ int left = 20;
+ int right = 10;
+
+ (void) name;
+
+ TEST_EQUAL(left, right);
+exit:
+ ;
+}
+
+void meta_test_not_le_s(const char *name)
+{
+ int left = 20;
+ int right = 10;
+
+ (void) name;
+
+ TEST_LE_S(left, right);
+exit:
+ ;
+}
+
+void meta_test_not_le_u(const char *name)
+{
+ size_t left = 20;
+ size_t right = 10;
+
+ (void) name;
+
+ TEST_LE_U(left, right);
+exit:
+ ;
+}
+
+/****************************************************************/
+/* Platform features */
+/****************************************************************/
+
+void null_pointer_dereference(const char *name)
+{
+ (void) name;
+ volatile char *volatile p;
+ set_to_zero_but_the_compiler_does_not_know(&p, sizeof(p));
+ /* Undefined behavior (read from null data pointer) */
+ mbedtls_printf("%p -> %u\n", p, (unsigned) *p);
+}
+
+void null_pointer_call(const char *name)
+{
+ (void) name;
+ unsigned(*volatile p)(void);
+ set_to_zero_but_the_compiler_does_not_know(&p, sizeof(p));
+ /* Undefined behavior (execute null function pointer) */
+ /* The pointer representation may be truncated, but we don't care:
+ * the only point of printing it is to have some use of the pointer
+ * to dissuade the compiler from optimizing it away. */
+ mbedtls_printf("%lx() -> %u\n", (unsigned long) (uintptr_t) p, p());
+}
+
+
+/****************************************************************/
+/* Memory */
+/****************************************************************/
+
+void read_after_free(const char *name)
+{
+ (void) name;
+ volatile char *p = calloc_but_the_compiler_does_not_know(1, 1);
+ *p = 'a';
+ free_but_the_compiler_does_not_know((void *) p);
+ /* Undefined behavior (read after free) */
+ mbedtls_printf("%u\n", (unsigned) *p);
+}
+
+void double_free(const char *name)
+{
+ (void) name;
+ volatile char *p = calloc_but_the_compiler_does_not_know(1, 1);
+ *p = 'a';
+ free_but_the_compiler_does_not_know((void *) p);
+ /* Undefined behavior (double free) */
+ free_but_the_compiler_does_not_know((void *) p);
+}
+
+void read_uninitialized_stack(const char *name)
+{
+ (void) name;
+ char buf[1];
+ if (false_but_the_compiler_does_not_know) {
+ buf[0] = '!';
+ }
+ char *volatile p = buf;
+ if (*p != 0) {
+ /* Unspecified result (read from uninitialized memory) */
+ mbedtls_printf("%u\n", (unsigned) *p);
+ }
+}
+
+void memory_leak(const char *name)
+{
+ (void) name;
+ volatile char *p = calloc_but_the_compiler_does_not_know(1, 1);
+ mbedtls_printf("%u\n", (unsigned) *p);
+ /* Leak of a heap object */
+}
+
+/* name = "test_memory_poison_%(start)_%(offset)_%(count)_%(direction)"
+ * Poison a region starting at start from an 8-byte aligned origin,
+ * encompassing count bytes. Access the region at offset from the start.
+ * %(start), %(offset) and %(count) are decimal integers.
+ * %(direction) is either the character 'r' for read or 'w' for write.
+ */
+void test_memory_poison(const char *name)
+{
+ size_t start = 0, offset = 0, count = 0;
+ char direction = 'r';
+ if (sscanf(name,
+ "%*[^0-9]%" MBEDTLS_PRINTF_SIZET
+ "%*[^0-9]%" MBEDTLS_PRINTF_SIZET
+ "%*[^0-9]%" MBEDTLS_PRINTF_SIZET
+ "_%c",
+ &start, &offset, &count, &direction) != 4) {
+ mbedtls_fprintf(stderr, "%s: Bad name format: %s\n", __func__, name);
+ return;
+ }
+
+ union {
+ long long ll;
+ unsigned char buf[32];
+ } aligned;
+ memset(aligned.buf, 'a', sizeof(aligned.buf));
+
+ if (start > sizeof(aligned.buf)) {
+ mbedtls_fprintf(stderr,
+ "%s: start=%" MBEDTLS_PRINTF_SIZET
+ " > size=%" MBEDTLS_PRINTF_SIZET,
+ __func__, start, sizeof(aligned.buf));
+ return;
+ }
+ if (start + count > sizeof(aligned.buf)) {
+ mbedtls_fprintf(stderr,
+ "%s: start+count=%" MBEDTLS_PRINTF_SIZET
+ " > size=%" MBEDTLS_PRINTF_SIZET,
+ __func__, start + count, sizeof(aligned.buf));
+ return;
+ }
+ if (offset >= count) {
+ mbedtls_fprintf(stderr,
+ "%s: offset=%" MBEDTLS_PRINTF_SIZET
+ " >= count=%" MBEDTLS_PRINTF_SIZET,
+ __func__, offset, count);
+ return;
+ }
+
+ MBEDTLS_TEST_MEMORY_POISON(aligned.buf + start, count);
+
+ if (direction == 'w') {
+ aligned.buf[start + offset] = 'b';
+ do_nothing_with_object_but_the_compiler_does_not_know(aligned.buf);
+ } else {
+ do_nothing_with_object_but_the_compiler_does_not_know(aligned.buf);
+ mbedtls_printf("%u\n", (unsigned) aligned.buf[start + offset]);
+ }
+}
+
+
+/****************************************************************/
+/* Threading */
+/****************************************************************/
+
+void mutex_lock_not_initialized(const char *name)
+{
+ (void) name;
+#if defined(MBEDTLS_THREADING_C)
+ mbedtls_threading_mutex_t mutex;
+ memset(&mutex, 0, sizeof(mutex));
+ /* This mutex usage error is detected by our test framework's mutex usage
+ * verification framework. See tests/src/threading_helpers.c. Other
+ * threading implementations (e.g. pthread without our instrumentation)
+ * might consider this normal usage. */
+ TEST_ASSERT(mbedtls_mutex_lock(&mutex) == 0);
+exit:
+ ;
+#endif
+}
+
+void mutex_unlock_not_initialized(const char *name)
+{
+ (void) name;
+#if defined(MBEDTLS_THREADING_C)
+ mbedtls_threading_mutex_t mutex;
+ memset(&mutex, 0, sizeof(mutex));
+ /* This mutex usage error is detected by our test framework's mutex usage
+ * verification framework. See tests/src/threading_helpers.c. Other
+ * threading implementations (e.g. pthread without our instrumentation)
+ * might consider this normal usage. */
+ TEST_ASSERT(mbedtls_mutex_unlock(&mutex) == 0);
+exit:
+ ;
+#endif
+}
+
+void mutex_free_not_initialized(const char *name)
+{
+ (void) name;
+#if defined(MBEDTLS_THREADING_C)
+ mbedtls_threading_mutex_t mutex;
+ memset(&mutex, 0, sizeof(mutex));
+ /* This mutex usage error is detected by our test framework's mutex usage
+ * verification framework. See tests/src/threading_helpers.c. Other
+ * threading implementations (e.g. pthread without our instrumentation)
+ * might consider this normal usage. */
+ mbedtls_mutex_free(&mutex);
+#endif
+}
+
+void mutex_double_init(const char *name)
+{
+ (void) name;
+#if defined(MBEDTLS_THREADING_C)
+ mbedtls_threading_mutex_t mutex;
+ mbedtls_mutex_init(&mutex);
+ /* This mutex usage error is detected by our test framework's mutex usage
+ * verification framework. See tests/src/threading_helpers.c. Other
+ * threading implementations (e.g. pthread without our instrumentation)
+ * might consider this normal usage. */
+ mbedtls_mutex_init(&mutex);
+ mbedtls_mutex_free(&mutex);
+#endif
+}
+
+void mutex_double_free(const char *name)
+{
+ (void) name;
+#if defined(MBEDTLS_THREADING_C)
+ mbedtls_threading_mutex_t mutex;
+ mbedtls_mutex_init(&mutex);
+ mbedtls_mutex_free(&mutex);
+ /* This mutex usage error is detected by our test framework's mutex usage
+ * verification framework. See tests/src/threading_helpers.c. Other
+ * threading implementations (e.g. pthread without our instrumentation)
+ * might consider this normal usage. */
+ mbedtls_mutex_free(&mutex);
+#endif
+}
+
+void mutex_leak(const char *name)
+{
+ (void) name;
+#if defined(MBEDTLS_THREADING_C)
+ mbedtls_threading_mutex_t mutex;
+ mbedtls_mutex_init(&mutex);
+#endif
+ /* This mutex usage error is detected by our test framework's mutex usage
+ * verification framework. See tests/src/threading_helpers.c. Other
+ * threading implementations (e.g. pthread without our instrumentation)
+ * might consider this normal usage. */
+}
+
+
+/****************************************************************/
+/* Command line entry point */
+/****************************************************************/
+
+typedef struct {
+ /** Command line argument that will trigger that metatest.
+ *
+ * Conventionally matches "[a-z0-9_]+". */
+ const char *name;
+
+ /** Platform under which that metatest is valid.
+ *
+ * - "any": should work anywhere.
+ * - "asan": triggers ASan (Address Sanitizer).
+ * - "msan": triggers MSan (Memory Sanitizer).
+ * - "pthread": requires MBEDTLS_THREADING_PTHREAD and MBEDTLS_TEST_HOOKS,
+ * which enables MBEDTLS_TEST_MUTEX_USAGE internally in the test
+ * framework (see tests/src/threading_helpers.c).
+ */
+ const char *platform;
+
+ /** Function that performs the metatest.
+ *
+ * The function receives the name as an argument. This allows using the
+ * same function to perform multiple variants of a test based on the name.
+ *
+ * When executed on a conforming platform, the function is expected to
+ * either cause a test failure (mbedtls_test_fail()), or cause the
+ * program to abort in some way (e.g. by causing a segfault or by
+ * triggering a sanitizer).
+ *
+ * When executed on a non-conforming platform, the function may return
+ * normally or may have unpredictable behavior.
+ */
+ void (*entry_point)(const char *name);
+} metatest_t;
+
+/* The list of availble meta-tests. Remember to register new functions here!
+ *
+ * Note that we always compile all the functions, so that `metatest --list`
+ * will always list all the available meta-tests.
+ *
+ * See the documentation of metatest_t::platform for the meaning of
+ * platform values.
+ */
+metatest_t metatests[] = {
+ { "test_fail", "any", meta_test_fail },
+ { "test_not_equal", "any", meta_test_not_equal },
+ { "test_not_le_s", "any", meta_test_not_le_s },
+ { "test_not_le_u", "any", meta_test_not_le_u },
+ { "null_dereference", "any", null_pointer_dereference },
+ { "null_call", "any", null_pointer_call },
+ { "read_after_free", "asan", read_after_free },
+ { "double_free", "asan", double_free },
+ { "read_uninitialized_stack", "msan", read_uninitialized_stack },
+ { "memory_leak", "asan", memory_leak },
+ { "test_memory_poison_0_0_8_r", "poison", test_memory_poison },
+ { "test_memory_poison_0_0_8_w", "poison", test_memory_poison },
+ { "test_memory_poison_0_7_8_r", "poison", test_memory_poison },
+ { "test_memory_poison_0_7_8_w", "poison", test_memory_poison },
+ { "test_memory_poison_0_0_1_r", "poison", test_memory_poison },
+ { "test_memory_poison_0_0_1_w", "poison", test_memory_poison },
+ { "test_memory_poison_0_1_2_r", "poison", test_memory_poison },
+ { "test_memory_poison_0_1_2_w", "poison", test_memory_poison },
+ { "test_memory_poison_7_0_8_r", "poison", test_memory_poison },
+ { "test_memory_poison_7_0_8_w", "poison", test_memory_poison },
+ { "test_memory_poison_7_7_8_r", "poison", test_memory_poison },
+ { "test_memory_poison_7_7_8_w", "poison", test_memory_poison },
+ { "test_memory_poison_7_0_1_r", "poison", test_memory_poison },
+ { "test_memory_poison_7_0_1_w", "poison", test_memory_poison },
+ { "test_memory_poison_7_1_2_r", "poison", test_memory_poison },
+ { "test_memory_poison_7_1_2_w", "poison", test_memory_poison },
+ { "mutex_lock_not_initialized", "pthread", mutex_lock_not_initialized },
+ { "mutex_unlock_not_initialized", "pthread", mutex_unlock_not_initialized },
+ { "mutex_free_not_initialized", "pthread", mutex_free_not_initialized },
+ { "mutex_double_init", "pthread", mutex_double_init },
+ { "mutex_double_free", "pthread", mutex_double_free },
+ { "mutex_leak", "pthread", mutex_leak },
+ { NULL, NULL, NULL }
+};
+
+static void help(FILE *out, const char *argv0)
+{
+ mbedtls_fprintf(out, "Usage: %s list|TEST\n", argv0);
+ mbedtls_fprintf(out, "Run a meta-test that should cause a test failure.\n");
+ mbedtls_fprintf(out, "With 'list', list the available tests and their platform requirement.\n");
+}
+
+int main(int argc, char *argv[])
+{
+ const char *argv0 = argc > 0 ? argv[0] : "metatest";
+ if (argc != 2) {
+ help(stderr, argv0);
+ mbedtls_exit(MBEDTLS_EXIT_FAILURE);
+ }
+
+ /* Support "-help", "--help", "--list", etc. */
+ const char *command = argv[1];
+ while (*command == '-') {
+ ++command;
+ }
+
+ if (strcmp(argv[1], "help") == 0) {
+ help(stdout, argv0);
+ mbedtls_exit(MBEDTLS_EXIT_SUCCESS);
+ }
+ if (strcmp(argv[1], "list") == 0) {
+ for (const metatest_t *p = metatests; p->name != NULL; p++) {
+ mbedtls_printf("%s %s\n", p->name, p->platform);
+ }
+ mbedtls_exit(MBEDTLS_EXIT_SUCCESS);
+ }
+
+#if defined(MBEDTLS_TEST_MUTEX_USAGE)
+ mbedtls_test_mutex_usage_init();
+#endif
+
+ for (const metatest_t *p = metatests; p->name != NULL; p++) {
+ if (strcmp(argv[1], p->name) == 0) {
+ mbedtls_printf("Running metatest %s...\n", argv[1]);
+ p->entry_point(argv[1]);
+#if defined(MBEDTLS_TEST_MUTEX_USAGE)
+ mbedtls_test_mutex_usage_check();
+#endif
+ int result = (int) mbedtls_test_get_result();
+
+ mbedtls_printf("Running metatest %s... done, result=%d\n",
+ argv[1], result);
+ mbedtls_exit(result == MBEDTLS_TEST_RESULT_SUCCESS ?
+ MBEDTLS_EXIT_SUCCESS :
+ MBEDTLS_EXIT_FAILURE);
+ }
+ }
+
+ mbedtls_fprintf(stderr, "%s: FATAL: No such metatest: %s\n",
+ argv0, command);
+ mbedtls_exit(MBEDTLS_EXIT_FAILURE);
+}
diff --git a/programs/test/query_compile_time_config.c b/programs/test/query_compile_time_config.c
new file mode 100644
index 0000000..a70e6da
--- /dev/null
+++ b/programs/test/query_compile_time_config.c
@@ -0,0 +1,66 @@
+/*
+ * Query the Mbed TLS compile time configuration
+ *
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ */
+
+#include "mbedtls/build_info.h"
+
+#include "mbedtls/platform.h"
+
+#define USAGE \
+ "usage: %s [ -all | -any | -l ] <MBEDTLS_CONFIG> ...\n\n" \
+ "This program takes command line arguments which correspond to\n" \
+ "the string representation of Mbed TLS compile time configurations.\n\n" \
+ "If \"--all\" and \"--any\" are not used, then, if all given arguments\n" \
+ "are defined in the Mbed TLS build, 0 is returned; otherwise 1 is\n" \
+ "returned. Macro expansions of configurations will be printed (if any).\n" \
+ "-l\tPrint all available configuration.\n" \
+ "-all\tReturn 0 if all configurations are defined. Otherwise, return 1\n" \
+ "-any\tReturn 0 if any configuration is defined. Otherwise, return 1\n" \
+ "-h\tPrint this usage\n"
+
+#include <string.h>
+#include "query_config.h"
+
+int main(int argc, char *argv[])
+{
+ int i;
+
+ if (argc < 2 || strcmp(argv[1], "-h") == 0) {
+ mbedtls_printf(USAGE, argv[0]);
+ return MBEDTLS_EXIT_FAILURE;
+ }
+
+ if (strcmp(argv[1], "-l") == 0) {
+ list_config();
+ return 0;
+ }
+
+ if (strcmp(argv[1], "-all") == 0) {
+ for (i = 2; i < argc; i++) {
+ if (query_config(argv[i]) != 0) {
+ return 1;
+ }
+ }
+ return 0;
+ }
+
+ if (strcmp(argv[1], "-any") == 0) {
+ for (i = 2; i < argc; i++) {
+ if (query_config(argv[i]) == 0) {
+ return 0;
+ }
+ }
+ return 1;
+ }
+
+ for (i = 1; i < argc; i++) {
+ if (query_config(argv[i]) != 0) {
+ return 1;
+ }
+ }
+
+ return 0;
+}
diff --git a/programs/test/query_config.c b/programs/test/query_config.c
new file mode 100644
index 0000000..54a0884
--- /dev/null
+++ b/programs/test/query_config.c
@@ -0,0 +1,5257 @@
+/*
+ * Query Mbed TLS compile time configurations from mbedtls_config.h
+ *
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ */
+
+#include "mbedtls/build_info.h"
+
+#include "query_config.h"
+
+#include "mbedtls/platform.h"
+
+/*
+ * Include all the headers with public APIs in case they define a macro to its
+ * default value when that configuration is not set in mbedtls_config.h, or
+ * for PSA_WANT macros, in case they're auto-defined based on mbedtls_config.h
+ * rather than defined directly in crypto_config.h.
+ */
+#include "psa/crypto.h"
+
+#include "mbedtls/aes.h"
+#include "mbedtls/aria.h"
+#include "mbedtls/asn1.h"
+#include "mbedtls/asn1write.h"
+#include "mbedtls/base64.h"
+#include "mbedtls/bignum.h"
+#include "mbedtls/camellia.h"
+#include "mbedtls/ccm.h"
+#include "mbedtls/chacha20.h"
+#include "mbedtls/chachapoly.h"
+#include "mbedtls/cipher.h"
+#include "mbedtls/cmac.h"
+#include "mbedtls/ctr_drbg.h"
+#include "mbedtls/debug.h"
+#include "mbedtls/des.h"
+#include "mbedtls/dhm.h"
+#include "mbedtls/ecdh.h"
+#include "mbedtls/ecdsa.h"
+#include "mbedtls/ecjpake.h"
+#include "mbedtls/ecp.h"
+#include "mbedtls/entropy.h"
+#include "mbedtls/error.h"
+#include "mbedtls/gcm.h"
+#include "mbedtls/hkdf.h"
+#include "mbedtls/hmac_drbg.h"
+#include "mbedtls/md.h"
+#include "mbedtls/md5.h"
+#include "mbedtls/memory_buffer_alloc.h"
+#include "mbedtls/net_sockets.h"
+#include "mbedtls/nist_kw.h"
+#include "mbedtls/oid.h"
+#include "mbedtls/pem.h"
+#include "mbedtls/pk.h"
+#include "mbedtls/pkcs12.h"
+#include "mbedtls/pkcs5.h"
+#if defined(MBEDTLS_HAVE_TIME)
+#include "mbedtls/platform_time.h"
+#endif
+#include "mbedtls/platform_util.h"
+#include "mbedtls/poly1305.h"
+#include "mbedtls/ripemd160.h"
+#include "mbedtls/rsa.h"
+#include "mbedtls/sha1.h"
+#include "mbedtls/sha256.h"
+#include "mbedtls/sha512.h"
+#include "mbedtls/ssl.h"
+#include "mbedtls/ssl_cache.h"
+#include "mbedtls/ssl_ciphersuites.h"
+#include "mbedtls/ssl_cookie.h"
+#include "mbedtls/ssl_ticket.h"
+#include "mbedtls/threading.h"
+#include "mbedtls/timing.h"
+#include "mbedtls/version.h"
+#include "mbedtls/x509.h"
+#include "mbedtls/x509_crl.h"
+#include "mbedtls/x509_crt.h"
+#include "mbedtls/x509_csr.h"
+
+#include <string.h>
+
+/*
+ * Helper macros to convert a macro or its expansion into a string
+ * WARNING: This does not work for expanding function-like macros. However,
+ * Mbed TLS does not currently have configuration options used in this fashion.
+ */
+#define MACRO_EXPANSION_TO_STR(macro) MACRO_NAME_TO_STR(macro)
+#define MACRO_NAME_TO_STR(macro) \
+ mbedtls_printf("%s", strlen( #macro "") > 0 ? #macro "\n" : "")
+
+#define STRINGIFY(macro) #macro
+#define OUTPUT_MACRO_NAME_VALUE(macro) mbedtls_printf( #macro "%s\n", \
+ (STRINGIFY(macro) "")[0] != 0 ? "=" STRINGIFY( \
+ macro) : "")
+
+#if defined(_MSC_VER)
+/*
+ * Visual Studio throws the warning 4003 because many Mbed TLS feature macros
+ * are defined empty. This means that from the preprocessor's point of view
+ * the macro MBEDTLS_EXPANSION_TO_STR is being invoked without arguments as
+ * some macros expand to nothing. We suppress that specific warning to get a
+ * clean build and to ensure that tests treating warnings as errors do not
+ * fail.
+ */
+#pragma warning(push)
+#pragma warning(disable:4003)
+#endif /* _MSC_VER */
+
+int query_config(const char *config)
+{
+ #if defined(MBEDTLS_CONFIG_VERSION)
+ if( strcmp( "MBEDTLS_CONFIG_VERSION", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_CONFIG_VERSION );
+ return( 0 );
+ }
+#endif /* MBEDTLS_CONFIG_VERSION */
+
+#if defined(MBEDTLS_HAVE_ASM)
+ if( strcmp( "MBEDTLS_HAVE_ASM", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_HAVE_ASM );
+ return( 0 );
+ }
+#endif /* MBEDTLS_HAVE_ASM */
+
+#if defined(MBEDTLS_NO_UDBL_DIVISION)
+ if( strcmp( "MBEDTLS_NO_UDBL_DIVISION", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_NO_UDBL_DIVISION );
+ return( 0 );
+ }
+#endif /* MBEDTLS_NO_UDBL_DIVISION */
+
+#if defined(MBEDTLS_NO_64BIT_MULTIPLICATION)
+ if( strcmp( "MBEDTLS_NO_64BIT_MULTIPLICATION", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_NO_64BIT_MULTIPLICATION );
+ return( 0 );
+ }
+#endif /* MBEDTLS_NO_64BIT_MULTIPLICATION */
+
+#if defined(MBEDTLS_HAVE_SSE2)
+ if( strcmp( "MBEDTLS_HAVE_SSE2", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_HAVE_SSE2 );
+ return( 0 );
+ }
+#endif /* MBEDTLS_HAVE_SSE2 */
+
+#if defined(MBEDTLS_HAVE_TIME)
+ if( strcmp( "MBEDTLS_HAVE_TIME", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_HAVE_TIME );
+ return( 0 );
+ }
+#endif /* MBEDTLS_HAVE_TIME */
+
+#if defined(MBEDTLS_HAVE_TIME_DATE)
+ if( strcmp( "MBEDTLS_HAVE_TIME_DATE", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_HAVE_TIME_DATE );
+ return( 0 );
+ }
+#endif /* MBEDTLS_HAVE_TIME_DATE */
+
+#if defined(MBEDTLS_PLATFORM_MEMORY)
+ if( strcmp( "MBEDTLS_PLATFORM_MEMORY", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_PLATFORM_MEMORY );
+ return( 0 );
+ }
+#endif /* MBEDTLS_PLATFORM_MEMORY */
+
+#if defined(MBEDTLS_PLATFORM_NO_STD_FUNCTIONS)
+ if( strcmp( "MBEDTLS_PLATFORM_NO_STD_FUNCTIONS", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_PLATFORM_NO_STD_FUNCTIONS );
+ return( 0 );
+ }
+#endif /* MBEDTLS_PLATFORM_NO_STD_FUNCTIONS */
+
+#if defined(MBEDTLS_PLATFORM_SETBUF_ALT)
+ if( strcmp( "MBEDTLS_PLATFORM_SETBUF_ALT", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_PLATFORM_SETBUF_ALT );
+ return( 0 );
+ }
+#endif /* MBEDTLS_PLATFORM_SETBUF_ALT */
+
+#if defined(MBEDTLS_PLATFORM_EXIT_ALT)
+ if( strcmp( "MBEDTLS_PLATFORM_EXIT_ALT", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_PLATFORM_EXIT_ALT );
+ return( 0 );
+ }
+#endif /* MBEDTLS_PLATFORM_EXIT_ALT */
+
+#if defined(MBEDTLS_PLATFORM_TIME_ALT)
+ if( strcmp( "MBEDTLS_PLATFORM_TIME_ALT", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_PLATFORM_TIME_ALT );
+ return( 0 );
+ }
+#endif /* MBEDTLS_PLATFORM_TIME_ALT */
+
+#if defined(MBEDTLS_PLATFORM_FPRINTF_ALT)
+ if( strcmp( "MBEDTLS_PLATFORM_FPRINTF_ALT", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_PLATFORM_FPRINTF_ALT );
+ return( 0 );
+ }
+#endif /* MBEDTLS_PLATFORM_FPRINTF_ALT */
+
+#if defined(MBEDTLS_PLATFORM_PRINTF_ALT)
+ if( strcmp( "MBEDTLS_PLATFORM_PRINTF_ALT", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_PLATFORM_PRINTF_ALT );
+ return( 0 );
+ }
+#endif /* MBEDTLS_PLATFORM_PRINTF_ALT */
+
+#if defined(MBEDTLS_PLATFORM_SNPRINTF_ALT)
+ if( strcmp( "MBEDTLS_PLATFORM_SNPRINTF_ALT", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_PLATFORM_SNPRINTF_ALT );
+ return( 0 );
+ }
+#endif /* MBEDTLS_PLATFORM_SNPRINTF_ALT */
+
+#if defined(MBEDTLS_PLATFORM_VSNPRINTF_ALT)
+ if( strcmp( "MBEDTLS_PLATFORM_VSNPRINTF_ALT", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_PLATFORM_VSNPRINTF_ALT );
+ return( 0 );
+ }
+#endif /* MBEDTLS_PLATFORM_VSNPRINTF_ALT */
+
+#if defined(MBEDTLS_PLATFORM_NV_SEED_ALT)
+ if( strcmp( "MBEDTLS_PLATFORM_NV_SEED_ALT", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_PLATFORM_NV_SEED_ALT );
+ return( 0 );
+ }
+#endif /* MBEDTLS_PLATFORM_NV_SEED_ALT */
+
+#if defined(MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT)
+ if( strcmp( "MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT );
+ return( 0 );
+ }
+#endif /* MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT */
+
+#if defined(MBEDTLS_PLATFORM_MS_TIME_ALT)
+ if( strcmp( "MBEDTLS_PLATFORM_MS_TIME_ALT", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_PLATFORM_MS_TIME_ALT );
+ return( 0 );
+ }
+#endif /* MBEDTLS_PLATFORM_MS_TIME_ALT */
+
+#if defined(MBEDTLS_PLATFORM_GMTIME_R_ALT)
+ if( strcmp( "MBEDTLS_PLATFORM_GMTIME_R_ALT", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_PLATFORM_GMTIME_R_ALT );
+ return( 0 );
+ }
+#endif /* MBEDTLS_PLATFORM_GMTIME_R_ALT */
+
+#if defined(MBEDTLS_PLATFORM_ZEROIZE_ALT)
+ if( strcmp( "MBEDTLS_PLATFORM_ZEROIZE_ALT", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_PLATFORM_ZEROIZE_ALT );
+ return( 0 );
+ }
+#endif /* MBEDTLS_PLATFORM_ZEROIZE_ALT */
+
+#if defined(MBEDTLS_DEPRECATED_WARNING)
+ if( strcmp( "MBEDTLS_DEPRECATED_WARNING", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_DEPRECATED_WARNING );
+ return( 0 );
+ }
+#endif /* MBEDTLS_DEPRECATED_WARNING */
+
+#if defined(MBEDTLS_DEPRECATED_REMOVED)
+ if( strcmp( "MBEDTLS_DEPRECATED_REMOVED", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_DEPRECATED_REMOVED );
+ return( 0 );
+ }
+#endif /* MBEDTLS_DEPRECATED_REMOVED */
+
+#if defined(MBEDTLS_TIMING_ALT)
+ if( strcmp( "MBEDTLS_TIMING_ALT", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_TIMING_ALT );
+ return( 0 );
+ }
+#endif /* MBEDTLS_TIMING_ALT */
+
+#if defined(MBEDTLS_AES_ALT)
+ if( strcmp( "MBEDTLS_AES_ALT", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_AES_ALT );
+ return( 0 );
+ }
+#endif /* MBEDTLS_AES_ALT */
+
+#if defined(MBEDTLS_ARIA_ALT)
+ if( strcmp( "MBEDTLS_ARIA_ALT", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_ARIA_ALT );
+ return( 0 );
+ }
+#endif /* MBEDTLS_ARIA_ALT */
+
+#if defined(MBEDTLS_CAMELLIA_ALT)
+ if( strcmp( "MBEDTLS_CAMELLIA_ALT", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_CAMELLIA_ALT );
+ return( 0 );
+ }
+#endif /* MBEDTLS_CAMELLIA_ALT */
+
+#if defined(MBEDTLS_CCM_ALT)
+ if( strcmp( "MBEDTLS_CCM_ALT", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_CCM_ALT );
+ return( 0 );
+ }
+#endif /* MBEDTLS_CCM_ALT */
+
+#if defined(MBEDTLS_CHACHA20_ALT)
+ if( strcmp( "MBEDTLS_CHACHA20_ALT", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_CHACHA20_ALT );
+ return( 0 );
+ }
+#endif /* MBEDTLS_CHACHA20_ALT */
+
+#if defined(MBEDTLS_CHACHAPOLY_ALT)
+ if( strcmp( "MBEDTLS_CHACHAPOLY_ALT", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_CHACHAPOLY_ALT );
+ return( 0 );
+ }
+#endif /* MBEDTLS_CHACHAPOLY_ALT */
+
+#if defined(MBEDTLS_CMAC_ALT)
+ if( strcmp( "MBEDTLS_CMAC_ALT", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_CMAC_ALT );
+ return( 0 );
+ }
+#endif /* MBEDTLS_CMAC_ALT */
+
+#if defined(MBEDTLS_DES_ALT)
+ if( strcmp( "MBEDTLS_DES_ALT", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_DES_ALT );
+ return( 0 );
+ }
+#endif /* MBEDTLS_DES_ALT */
+
+#if defined(MBEDTLS_DHM_ALT)
+ if( strcmp( "MBEDTLS_DHM_ALT", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_DHM_ALT );
+ return( 0 );
+ }
+#endif /* MBEDTLS_DHM_ALT */
+
+#if defined(MBEDTLS_ECJPAKE_ALT)
+ if( strcmp( "MBEDTLS_ECJPAKE_ALT", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_ECJPAKE_ALT );
+ return( 0 );
+ }
+#endif /* MBEDTLS_ECJPAKE_ALT */
+
+#if defined(MBEDTLS_GCM_ALT)
+ if( strcmp( "MBEDTLS_GCM_ALT", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_GCM_ALT );
+ return( 0 );
+ }
+#endif /* MBEDTLS_GCM_ALT */
+
+#if defined(MBEDTLS_NIST_KW_ALT)
+ if( strcmp( "MBEDTLS_NIST_KW_ALT", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_NIST_KW_ALT );
+ return( 0 );
+ }
+#endif /* MBEDTLS_NIST_KW_ALT */
+
+#if defined(MBEDTLS_MD5_ALT)
+ if( strcmp( "MBEDTLS_MD5_ALT", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_MD5_ALT );
+ return( 0 );
+ }
+#endif /* MBEDTLS_MD5_ALT */
+
+#if defined(MBEDTLS_POLY1305_ALT)
+ if( strcmp( "MBEDTLS_POLY1305_ALT", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_POLY1305_ALT );
+ return( 0 );
+ }
+#endif /* MBEDTLS_POLY1305_ALT */
+
+#if defined(MBEDTLS_RIPEMD160_ALT)
+ if( strcmp( "MBEDTLS_RIPEMD160_ALT", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_RIPEMD160_ALT );
+ return( 0 );
+ }
+#endif /* MBEDTLS_RIPEMD160_ALT */
+
+#if defined(MBEDTLS_RSA_ALT)
+ if( strcmp( "MBEDTLS_RSA_ALT", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_RSA_ALT );
+ return( 0 );
+ }
+#endif /* MBEDTLS_RSA_ALT */
+
+#if defined(MBEDTLS_SHA1_ALT)
+ if( strcmp( "MBEDTLS_SHA1_ALT", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_SHA1_ALT );
+ return( 0 );
+ }
+#endif /* MBEDTLS_SHA1_ALT */
+
+#if defined(MBEDTLS_SHA256_ALT)
+ if( strcmp( "MBEDTLS_SHA256_ALT", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_SHA256_ALT );
+ return( 0 );
+ }
+#endif /* MBEDTLS_SHA256_ALT */
+
+#if defined(MBEDTLS_SHA512_ALT)
+ if( strcmp( "MBEDTLS_SHA512_ALT", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_SHA512_ALT );
+ return( 0 );
+ }
+#endif /* MBEDTLS_SHA512_ALT */
+
+#if defined(MBEDTLS_ECP_ALT)
+ if( strcmp( "MBEDTLS_ECP_ALT", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_ECP_ALT );
+ return( 0 );
+ }
+#endif /* MBEDTLS_ECP_ALT */
+
+#if defined(MBEDTLS_MD5_PROCESS_ALT)
+ if( strcmp( "MBEDTLS_MD5_PROCESS_ALT", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_MD5_PROCESS_ALT );
+ return( 0 );
+ }
+#endif /* MBEDTLS_MD5_PROCESS_ALT */
+
+#if defined(MBEDTLS_RIPEMD160_PROCESS_ALT)
+ if( strcmp( "MBEDTLS_RIPEMD160_PROCESS_ALT", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_RIPEMD160_PROCESS_ALT );
+ return( 0 );
+ }
+#endif /* MBEDTLS_RIPEMD160_PROCESS_ALT */
+
+#if defined(MBEDTLS_SHA1_PROCESS_ALT)
+ if( strcmp( "MBEDTLS_SHA1_PROCESS_ALT", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_SHA1_PROCESS_ALT );
+ return( 0 );
+ }
+#endif /* MBEDTLS_SHA1_PROCESS_ALT */
+
+#if defined(MBEDTLS_SHA256_PROCESS_ALT)
+ if( strcmp( "MBEDTLS_SHA256_PROCESS_ALT", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_SHA256_PROCESS_ALT );
+ return( 0 );
+ }
+#endif /* MBEDTLS_SHA256_PROCESS_ALT */
+
+#if defined(MBEDTLS_SHA512_PROCESS_ALT)
+ if( strcmp( "MBEDTLS_SHA512_PROCESS_ALT", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_SHA512_PROCESS_ALT );
+ return( 0 );
+ }
+#endif /* MBEDTLS_SHA512_PROCESS_ALT */
+
+#if defined(MBEDTLS_DES_SETKEY_ALT)
+ if( strcmp( "MBEDTLS_DES_SETKEY_ALT", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_DES_SETKEY_ALT );
+ return( 0 );
+ }
+#endif /* MBEDTLS_DES_SETKEY_ALT */
+
+#if defined(MBEDTLS_DES_CRYPT_ECB_ALT)
+ if( strcmp( "MBEDTLS_DES_CRYPT_ECB_ALT", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_DES_CRYPT_ECB_ALT );
+ return( 0 );
+ }
+#endif /* MBEDTLS_DES_CRYPT_ECB_ALT */
+
+#if defined(MBEDTLS_DES3_CRYPT_ECB_ALT)
+ if( strcmp( "MBEDTLS_DES3_CRYPT_ECB_ALT", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_DES3_CRYPT_ECB_ALT );
+ return( 0 );
+ }
+#endif /* MBEDTLS_DES3_CRYPT_ECB_ALT */
+
+#if defined(MBEDTLS_AES_SETKEY_ENC_ALT)
+ if( strcmp( "MBEDTLS_AES_SETKEY_ENC_ALT", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_AES_SETKEY_ENC_ALT );
+ return( 0 );
+ }
+#endif /* MBEDTLS_AES_SETKEY_ENC_ALT */
+
+#if defined(MBEDTLS_AES_SETKEY_DEC_ALT)
+ if( strcmp( "MBEDTLS_AES_SETKEY_DEC_ALT", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_AES_SETKEY_DEC_ALT );
+ return( 0 );
+ }
+#endif /* MBEDTLS_AES_SETKEY_DEC_ALT */
+
+#if defined(MBEDTLS_AES_ENCRYPT_ALT)
+ if( strcmp( "MBEDTLS_AES_ENCRYPT_ALT", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_AES_ENCRYPT_ALT );
+ return( 0 );
+ }
+#endif /* MBEDTLS_AES_ENCRYPT_ALT */
+
+#if defined(MBEDTLS_AES_DECRYPT_ALT)
+ if( strcmp( "MBEDTLS_AES_DECRYPT_ALT", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_AES_DECRYPT_ALT );
+ return( 0 );
+ }
+#endif /* MBEDTLS_AES_DECRYPT_ALT */
+
+#if defined(MBEDTLS_ECDH_GEN_PUBLIC_ALT)
+ if( strcmp( "MBEDTLS_ECDH_GEN_PUBLIC_ALT", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_ECDH_GEN_PUBLIC_ALT );
+ return( 0 );
+ }
+#endif /* MBEDTLS_ECDH_GEN_PUBLIC_ALT */
+
+#if defined(MBEDTLS_ECDH_COMPUTE_SHARED_ALT)
+ if( strcmp( "MBEDTLS_ECDH_COMPUTE_SHARED_ALT", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_ECDH_COMPUTE_SHARED_ALT );
+ return( 0 );
+ }
+#endif /* MBEDTLS_ECDH_COMPUTE_SHARED_ALT */
+
+#if defined(MBEDTLS_ECDSA_VERIFY_ALT)
+ if( strcmp( "MBEDTLS_ECDSA_VERIFY_ALT", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_ECDSA_VERIFY_ALT );
+ return( 0 );
+ }
+#endif /* MBEDTLS_ECDSA_VERIFY_ALT */
+
+#if defined(MBEDTLS_ECDSA_SIGN_ALT)
+ if( strcmp( "MBEDTLS_ECDSA_SIGN_ALT", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_ECDSA_SIGN_ALT );
+ return( 0 );
+ }
+#endif /* MBEDTLS_ECDSA_SIGN_ALT */
+
+#if defined(MBEDTLS_ECDSA_GENKEY_ALT)
+ if( strcmp( "MBEDTLS_ECDSA_GENKEY_ALT", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_ECDSA_GENKEY_ALT );
+ return( 0 );
+ }
+#endif /* MBEDTLS_ECDSA_GENKEY_ALT */
+
+#if defined(MBEDTLS_ECP_INTERNAL_ALT)
+ if( strcmp( "MBEDTLS_ECP_INTERNAL_ALT", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_ECP_INTERNAL_ALT );
+ return( 0 );
+ }
+#endif /* MBEDTLS_ECP_INTERNAL_ALT */
+
+#if defined(MBEDTLS_ECP_NO_FALLBACK)
+ if( strcmp( "MBEDTLS_ECP_NO_FALLBACK", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_ECP_NO_FALLBACK );
+ return( 0 );
+ }
+#endif /* MBEDTLS_ECP_NO_FALLBACK */
+
+#if defined(MBEDTLS_ECP_RANDOMIZE_JAC_ALT)
+ if( strcmp( "MBEDTLS_ECP_RANDOMIZE_JAC_ALT", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_ECP_RANDOMIZE_JAC_ALT );
+ return( 0 );
+ }
+#endif /* MBEDTLS_ECP_RANDOMIZE_JAC_ALT */
+
+#if defined(MBEDTLS_ECP_ADD_MIXED_ALT)
+ if( strcmp( "MBEDTLS_ECP_ADD_MIXED_ALT", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_ECP_ADD_MIXED_ALT );
+ return( 0 );
+ }
+#endif /* MBEDTLS_ECP_ADD_MIXED_ALT */
+
+#if defined(MBEDTLS_ECP_DOUBLE_JAC_ALT)
+ if( strcmp( "MBEDTLS_ECP_DOUBLE_JAC_ALT", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_ECP_DOUBLE_JAC_ALT );
+ return( 0 );
+ }
+#endif /* MBEDTLS_ECP_DOUBLE_JAC_ALT */
+
+#if defined(MBEDTLS_ECP_NORMALIZE_JAC_MANY_ALT)
+ if( strcmp( "MBEDTLS_ECP_NORMALIZE_JAC_MANY_ALT", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_ECP_NORMALIZE_JAC_MANY_ALT );
+ return( 0 );
+ }
+#endif /* MBEDTLS_ECP_NORMALIZE_JAC_MANY_ALT */
+
+#if defined(MBEDTLS_ECP_NORMALIZE_JAC_ALT)
+ if( strcmp( "MBEDTLS_ECP_NORMALIZE_JAC_ALT", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_ECP_NORMALIZE_JAC_ALT );
+ return( 0 );
+ }
+#endif /* MBEDTLS_ECP_NORMALIZE_JAC_ALT */
+
+#if defined(MBEDTLS_ECP_DOUBLE_ADD_MXZ_ALT)
+ if( strcmp( "MBEDTLS_ECP_DOUBLE_ADD_MXZ_ALT", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_ECP_DOUBLE_ADD_MXZ_ALT );
+ return( 0 );
+ }
+#endif /* MBEDTLS_ECP_DOUBLE_ADD_MXZ_ALT */
+
+#if defined(MBEDTLS_ECP_RANDOMIZE_MXZ_ALT)
+ if( strcmp( "MBEDTLS_ECP_RANDOMIZE_MXZ_ALT", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_ECP_RANDOMIZE_MXZ_ALT );
+ return( 0 );
+ }
+#endif /* MBEDTLS_ECP_RANDOMIZE_MXZ_ALT */
+
+#if defined(MBEDTLS_ECP_NORMALIZE_MXZ_ALT)
+ if( strcmp( "MBEDTLS_ECP_NORMALIZE_MXZ_ALT", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_ECP_NORMALIZE_MXZ_ALT );
+ return( 0 );
+ }
+#endif /* MBEDTLS_ECP_NORMALIZE_MXZ_ALT */
+
+#if defined(MBEDTLS_ENTROPY_HARDWARE_ALT)
+ if( strcmp( "MBEDTLS_ENTROPY_HARDWARE_ALT", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_ENTROPY_HARDWARE_ALT );
+ return( 0 );
+ }
+#endif /* MBEDTLS_ENTROPY_HARDWARE_ALT */
+
+#if defined(MBEDTLS_AES_ROM_TABLES)
+ if( strcmp( "MBEDTLS_AES_ROM_TABLES", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_AES_ROM_TABLES );
+ return( 0 );
+ }
+#endif /* MBEDTLS_AES_ROM_TABLES */
+
+#if defined(MBEDTLS_AES_FEWER_TABLES)
+ if( strcmp( "MBEDTLS_AES_FEWER_TABLES", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_AES_FEWER_TABLES );
+ return( 0 );
+ }
+#endif /* MBEDTLS_AES_FEWER_TABLES */
+
+#if defined(MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH)
+ if( strcmp( "MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH );
+ return( 0 );
+ }
+#endif /* MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH */
+
+#if defined(MBEDTLS_AES_USE_HARDWARE_ONLY)
+ if( strcmp( "MBEDTLS_AES_USE_HARDWARE_ONLY", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_AES_USE_HARDWARE_ONLY );
+ return( 0 );
+ }
+#endif /* MBEDTLS_AES_USE_HARDWARE_ONLY */
+
+#if defined(MBEDTLS_CAMELLIA_SMALL_MEMORY)
+ if( strcmp( "MBEDTLS_CAMELLIA_SMALL_MEMORY", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_CAMELLIA_SMALL_MEMORY );
+ return( 0 );
+ }
+#endif /* MBEDTLS_CAMELLIA_SMALL_MEMORY */
+
+#if defined(MBEDTLS_CHECK_RETURN_WARNING)
+ if( strcmp( "MBEDTLS_CHECK_RETURN_WARNING", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_CHECK_RETURN_WARNING );
+ return( 0 );
+ }
+#endif /* MBEDTLS_CHECK_RETURN_WARNING */
+
+#if defined(MBEDTLS_CIPHER_MODE_CBC)
+ if( strcmp( "MBEDTLS_CIPHER_MODE_CBC", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_CIPHER_MODE_CBC );
+ return( 0 );
+ }
+#endif /* MBEDTLS_CIPHER_MODE_CBC */
+
+#if defined(MBEDTLS_CIPHER_MODE_CFB)
+ if( strcmp( "MBEDTLS_CIPHER_MODE_CFB", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_CIPHER_MODE_CFB );
+ return( 0 );
+ }
+#endif /* MBEDTLS_CIPHER_MODE_CFB */
+
+#if defined(MBEDTLS_CIPHER_MODE_CTR)
+ if( strcmp( "MBEDTLS_CIPHER_MODE_CTR", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_CIPHER_MODE_CTR );
+ return( 0 );
+ }
+#endif /* MBEDTLS_CIPHER_MODE_CTR */
+
+#if defined(MBEDTLS_CIPHER_MODE_OFB)
+ if( strcmp( "MBEDTLS_CIPHER_MODE_OFB", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_CIPHER_MODE_OFB );
+ return( 0 );
+ }
+#endif /* MBEDTLS_CIPHER_MODE_OFB */
+
+#if defined(MBEDTLS_CIPHER_MODE_XTS)
+ if( strcmp( "MBEDTLS_CIPHER_MODE_XTS", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_CIPHER_MODE_XTS );
+ return( 0 );
+ }
+#endif /* MBEDTLS_CIPHER_MODE_XTS */
+
+#if defined(MBEDTLS_CIPHER_NULL_CIPHER)
+ if( strcmp( "MBEDTLS_CIPHER_NULL_CIPHER", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_CIPHER_NULL_CIPHER );
+ return( 0 );
+ }
+#endif /* MBEDTLS_CIPHER_NULL_CIPHER */
+
+#if defined(MBEDTLS_CIPHER_PADDING_PKCS7)
+ if( strcmp( "MBEDTLS_CIPHER_PADDING_PKCS7", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_CIPHER_PADDING_PKCS7 );
+ return( 0 );
+ }
+#endif /* MBEDTLS_CIPHER_PADDING_PKCS7 */
+
+#if defined(MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS)
+ if( strcmp( "MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS );
+ return( 0 );
+ }
+#endif /* MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS */
+
+#if defined(MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN)
+ if( strcmp( "MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN );
+ return( 0 );
+ }
+#endif /* MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN */
+
+#if defined(MBEDTLS_CIPHER_PADDING_ZEROS)
+ if( strcmp( "MBEDTLS_CIPHER_PADDING_ZEROS", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_CIPHER_PADDING_ZEROS );
+ return( 0 );
+ }
+#endif /* MBEDTLS_CIPHER_PADDING_ZEROS */
+
+#if defined(MBEDTLS_CTR_DRBG_USE_128_BIT_KEY)
+ if( strcmp( "MBEDTLS_CTR_DRBG_USE_128_BIT_KEY", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_CTR_DRBG_USE_128_BIT_KEY );
+ return( 0 );
+ }
+#endif /* MBEDTLS_CTR_DRBG_USE_128_BIT_KEY */
+
+#if defined(MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED)
+ if( strcmp( "MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED );
+ return( 0 );
+ }
+#endif /* MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED */
+
+#if defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED)
+ if( strcmp( "MBEDTLS_ECP_DP_SECP192R1_ENABLED", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_ECP_DP_SECP192R1_ENABLED );
+ return( 0 );
+ }
+#endif /* MBEDTLS_ECP_DP_SECP192R1_ENABLED */
+
+#if defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED)
+ if( strcmp( "MBEDTLS_ECP_DP_SECP224R1_ENABLED", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_ECP_DP_SECP224R1_ENABLED );
+ return( 0 );
+ }
+#endif /* MBEDTLS_ECP_DP_SECP224R1_ENABLED */
+
+#if defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED)
+ if( strcmp( "MBEDTLS_ECP_DP_SECP256R1_ENABLED", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_ECP_DP_SECP256R1_ENABLED );
+ return( 0 );
+ }
+#endif /* MBEDTLS_ECP_DP_SECP256R1_ENABLED */
+
+#if defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED)
+ if( strcmp( "MBEDTLS_ECP_DP_SECP384R1_ENABLED", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_ECP_DP_SECP384R1_ENABLED );
+ return( 0 );
+ }
+#endif /* MBEDTLS_ECP_DP_SECP384R1_ENABLED */
+
+#if defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED)
+ if( strcmp( "MBEDTLS_ECP_DP_SECP521R1_ENABLED", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_ECP_DP_SECP521R1_ENABLED );
+ return( 0 );
+ }
+#endif /* MBEDTLS_ECP_DP_SECP521R1_ENABLED */
+
+#if defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED)
+ if( strcmp( "MBEDTLS_ECP_DP_SECP192K1_ENABLED", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_ECP_DP_SECP192K1_ENABLED );
+ return( 0 );
+ }
+#endif /* MBEDTLS_ECP_DP_SECP192K1_ENABLED */
+
+#if defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED)
+ if( strcmp( "MBEDTLS_ECP_DP_SECP224K1_ENABLED", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_ECP_DP_SECP224K1_ENABLED );
+ return( 0 );
+ }
+#endif /* MBEDTLS_ECP_DP_SECP224K1_ENABLED */
+
+#if defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED)
+ if( strcmp( "MBEDTLS_ECP_DP_SECP256K1_ENABLED", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_ECP_DP_SECP256K1_ENABLED );
+ return( 0 );
+ }
+#endif /* MBEDTLS_ECP_DP_SECP256K1_ENABLED */
+
+#if defined(MBEDTLS_ECP_DP_BP256R1_ENABLED)
+ if( strcmp( "MBEDTLS_ECP_DP_BP256R1_ENABLED", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_ECP_DP_BP256R1_ENABLED );
+ return( 0 );
+ }
+#endif /* MBEDTLS_ECP_DP_BP256R1_ENABLED */
+
+#if defined(MBEDTLS_ECP_DP_BP384R1_ENABLED)
+ if( strcmp( "MBEDTLS_ECP_DP_BP384R1_ENABLED", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_ECP_DP_BP384R1_ENABLED );
+ return( 0 );
+ }
+#endif /* MBEDTLS_ECP_DP_BP384R1_ENABLED */
+
+#if defined(MBEDTLS_ECP_DP_BP512R1_ENABLED)
+ if( strcmp( "MBEDTLS_ECP_DP_BP512R1_ENABLED", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_ECP_DP_BP512R1_ENABLED );
+ return( 0 );
+ }
+#endif /* MBEDTLS_ECP_DP_BP512R1_ENABLED */
+
+#if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED)
+ if( strcmp( "MBEDTLS_ECP_DP_CURVE25519_ENABLED", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_ECP_DP_CURVE25519_ENABLED );
+ return( 0 );
+ }
+#endif /* MBEDTLS_ECP_DP_CURVE25519_ENABLED */
+
+#if defined(MBEDTLS_ECP_DP_CURVE448_ENABLED)
+ if( strcmp( "MBEDTLS_ECP_DP_CURVE448_ENABLED", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_ECP_DP_CURVE448_ENABLED );
+ return( 0 );
+ }
+#endif /* MBEDTLS_ECP_DP_CURVE448_ENABLED */
+
+#if defined(MBEDTLS_ECP_NIST_OPTIM)
+ if( strcmp( "MBEDTLS_ECP_NIST_OPTIM", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_ECP_NIST_OPTIM );
+ return( 0 );
+ }
+#endif /* MBEDTLS_ECP_NIST_OPTIM */
+
+#if defined(MBEDTLS_ECP_RESTARTABLE)
+ if( strcmp( "MBEDTLS_ECP_RESTARTABLE", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_ECP_RESTARTABLE );
+ return( 0 );
+ }
+#endif /* MBEDTLS_ECP_RESTARTABLE */
+
+#if defined(MBEDTLS_ECP_WITH_MPI_UINT)
+ if( strcmp( "MBEDTLS_ECP_WITH_MPI_UINT", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_ECP_WITH_MPI_UINT );
+ return( 0 );
+ }
+#endif /* MBEDTLS_ECP_WITH_MPI_UINT */
+
+#if defined(MBEDTLS_ECDSA_DETERMINISTIC)
+ if( strcmp( "MBEDTLS_ECDSA_DETERMINISTIC", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_ECDSA_DETERMINISTIC );
+ return( 0 );
+ }
+#endif /* MBEDTLS_ECDSA_DETERMINISTIC */
+
+#if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED)
+ if( strcmp( "MBEDTLS_KEY_EXCHANGE_PSK_ENABLED", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_KEY_EXCHANGE_PSK_ENABLED );
+ return( 0 );
+ }
+#endif /* MBEDTLS_KEY_EXCHANGE_PSK_ENABLED */
+
+#if defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED)
+ if( strcmp( "MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED );
+ return( 0 );
+ }
+#endif /* MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED */
+
+#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED)
+ if( strcmp( "MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED );
+ return( 0 );
+ }
+#endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED */
+
+#if defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED)
+ if( strcmp( "MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED );
+ return( 0 );
+ }
+#endif /* MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED */
+
+#if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED)
+ if( strcmp( "MBEDTLS_KEY_EXCHANGE_RSA_ENABLED", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_KEY_EXCHANGE_RSA_ENABLED );
+ return( 0 );
+ }
+#endif /* MBEDTLS_KEY_EXCHANGE_RSA_ENABLED */
+
+#if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED)
+ if( strcmp( "MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED );
+ return( 0 );
+ }
+#endif /* MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED */
+
+#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED)
+ if( strcmp( "MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED );
+ return( 0 );
+ }
+#endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED */
+
+#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED)
+ if( strcmp( "MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED );
+ return( 0 );
+ }
+#endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED */
+
+#if defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED)
+ if( strcmp( "MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED );
+ return( 0 );
+ }
+#endif /* MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED */
+
+#if defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED)
+ if( strcmp( "MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED );
+ return( 0 );
+ }
+#endif /* MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED */
+
+#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
+ if( strcmp( "MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED );
+ return( 0 );
+ }
+#endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
+
+#if defined(MBEDTLS_PK_PARSE_EC_EXTENDED)
+ if( strcmp( "MBEDTLS_PK_PARSE_EC_EXTENDED", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_PK_PARSE_EC_EXTENDED );
+ return( 0 );
+ }
+#endif /* MBEDTLS_PK_PARSE_EC_EXTENDED */
+
+#if defined(MBEDTLS_PK_PARSE_EC_COMPRESSED)
+ if( strcmp( "MBEDTLS_PK_PARSE_EC_COMPRESSED", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_PK_PARSE_EC_COMPRESSED );
+ return( 0 );
+ }
+#endif /* MBEDTLS_PK_PARSE_EC_COMPRESSED */
+
+#if defined(MBEDTLS_ERROR_STRERROR_DUMMY)
+ if( strcmp( "MBEDTLS_ERROR_STRERROR_DUMMY", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_ERROR_STRERROR_DUMMY );
+ return( 0 );
+ }
+#endif /* MBEDTLS_ERROR_STRERROR_DUMMY */
+
+#if defined(MBEDTLS_GENPRIME)
+ if( strcmp( "MBEDTLS_GENPRIME", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_GENPRIME );
+ return( 0 );
+ }
+#endif /* MBEDTLS_GENPRIME */
+
+#if defined(MBEDTLS_FS_IO)
+ if( strcmp( "MBEDTLS_FS_IO", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_FS_IO );
+ return( 0 );
+ }
+#endif /* MBEDTLS_FS_IO */
+
+#if defined(MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES)
+ if( strcmp( "MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES );
+ return( 0 );
+ }
+#endif /* MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES */
+
+#if defined(MBEDTLS_NO_PLATFORM_ENTROPY)
+ if( strcmp( "MBEDTLS_NO_PLATFORM_ENTROPY", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_NO_PLATFORM_ENTROPY );
+ return( 0 );
+ }
+#endif /* MBEDTLS_NO_PLATFORM_ENTROPY */
+
+#if defined(MBEDTLS_ENTROPY_FORCE_SHA256)
+ if( strcmp( "MBEDTLS_ENTROPY_FORCE_SHA256", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_ENTROPY_FORCE_SHA256 );
+ return( 0 );
+ }
+#endif /* MBEDTLS_ENTROPY_FORCE_SHA256 */
+
+#if defined(MBEDTLS_ENTROPY_NV_SEED)
+ if( strcmp( "MBEDTLS_ENTROPY_NV_SEED", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_ENTROPY_NV_SEED );
+ return( 0 );
+ }
+#endif /* MBEDTLS_ENTROPY_NV_SEED */
+
+#if defined(MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER)
+ if( strcmp( "MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER );
+ return( 0 );
+ }
+#endif /* MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER */
+
+#if defined(MBEDTLS_MEMORY_DEBUG)
+ if( strcmp( "MBEDTLS_MEMORY_DEBUG", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_MEMORY_DEBUG );
+ return( 0 );
+ }
+#endif /* MBEDTLS_MEMORY_DEBUG */
+
+#if defined(MBEDTLS_MEMORY_BACKTRACE)
+ if( strcmp( "MBEDTLS_MEMORY_BACKTRACE", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_MEMORY_BACKTRACE );
+ return( 0 );
+ }
+#endif /* MBEDTLS_MEMORY_BACKTRACE */
+
+#if defined(MBEDTLS_PK_RSA_ALT_SUPPORT)
+ if( strcmp( "MBEDTLS_PK_RSA_ALT_SUPPORT", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_PK_RSA_ALT_SUPPORT );
+ return( 0 );
+ }
+#endif /* MBEDTLS_PK_RSA_ALT_SUPPORT */
+
+#if defined(MBEDTLS_PKCS1_V15)
+ if( strcmp( "MBEDTLS_PKCS1_V15", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_PKCS1_V15 );
+ return( 0 );
+ }
+#endif /* MBEDTLS_PKCS1_V15 */
+
+#if defined(MBEDTLS_PKCS1_V21)
+ if( strcmp( "MBEDTLS_PKCS1_V21", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_PKCS1_V21 );
+ return( 0 );
+ }
+#endif /* MBEDTLS_PKCS1_V21 */
+
+#if defined(MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS)
+ if( strcmp( "MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS );
+ return( 0 );
+ }
+#endif /* MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS */
+
+#if defined(MBEDTLS_PSA_CRYPTO_CLIENT)
+ if( strcmp( "MBEDTLS_PSA_CRYPTO_CLIENT", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_PSA_CRYPTO_CLIENT );
+ return( 0 );
+ }
+#endif /* MBEDTLS_PSA_CRYPTO_CLIENT */
+
+#if defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG)
+ if( strcmp( "MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG );
+ return( 0 );
+ }
+#endif /* MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG */
+
+#if defined(MBEDTLS_PSA_CRYPTO_SPM)
+ if( strcmp( "MBEDTLS_PSA_CRYPTO_SPM", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_PSA_CRYPTO_SPM );
+ return( 0 );
+ }
+#endif /* MBEDTLS_PSA_CRYPTO_SPM */
+
+#if defined(MBEDTLS_PSA_P256M_DRIVER_ENABLED)
+ if( strcmp( "MBEDTLS_PSA_P256M_DRIVER_ENABLED", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_PSA_P256M_DRIVER_ENABLED );
+ return( 0 );
+ }
+#endif /* MBEDTLS_PSA_P256M_DRIVER_ENABLED */
+
+#if defined(MBEDTLS_PSA_INJECT_ENTROPY)
+ if( strcmp( "MBEDTLS_PSA_INJECT_ENTROPY", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_PSA_INJECT_ENTROPY );
+ return( 0 );
+ }
+#endif /* MBEDTLS_PSA_INJECT_ENTROPY */
+
+#if defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS)
+ if( strcmp( "MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS );
+ return( 0 );
+ }
+#endif /* MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS */
+
+#if defined(MBEDTLS_RSA_NO_CRT)
+ if( strcmp( "MBEDTLS_RSA_NO_CRT", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_RSA_NO_CRT );
+ return( 0 );
+ }
+#endif /* MBEDTLS_RSA_NO_CRT */
+
+#if defined(MBEDTLS_SELF_TEST)
+ if( strcmp( "MBEDTLS_SELF_TEST", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_SELF_TEST );
+ return( 0 );
+ }
+#endif /* MBEDTLS_SELF_TEST */
+
+#if defined(MBEDTLS_SHA256_SMALLER)
+ if( strcmp( "MBEDTLS_SHA256_SMALLER", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_SHA256_SMALLER );
+ return( 0 );
+ }
+#endif /* MBEDTLS_SHA256_SMALLER */
+
+#if defined(MBEDTLS_SHA512_SMALLER)
+ if( strcmp( "MBEDTLS_SHA512_SMALLER", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_SHA512_SMALLER );
+ return( 0 );
+ }
+#endif /* MBEDTLS_SHA512_SMALLER */
+
+#if defined(MBEDTLS_SSL_ALL_ALERT_MESSAGES)
+ if( strcmp( "MBEDTLS_SSL_ALL_ALERT_MESSAGES", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_SSL_ALL_ALERT_MESSAGES );
+ return( 0 );
+ }
+#endif /* MBEDTLS_SSL_ALL_ALERT_MESSAGES */
+
+#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
+ if( strcmp( "MBEDTLS_SSL_DTLS_CONNECTION_ID", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_SSL_DTLS_CONNECTION_ID );
+ return( 0 );
+ }
+#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
+
+#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT)
+ if( strcmp( "MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT );
+ return( 0 );
+ }
+#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT */
+
+#if defined(MBEDTLS_SSL_ASYNC_PRIVATE)
+ if( strcmp( "MBEDTLS_SSL_ASYNC_PRIVATE", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_SSL_ASYNC_PRIVATE );
+ return( 0 );
+ }
+#endif /* MBEDTLS_SSL_ASYNC_PRIVATE */
+
+#if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION)
+ if( strcmp( "MBEDTLS_SSL_CONTEXT_SERIALIZATION", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_SSL_CONTEXT_SERIALIZATION );
+ return( 0 );
+ }
+#endif /* MBEDTLS_SSL_CONTEXT_SERIALIZATION */
+
+#if defined(MBEDTLS_SSL_DEBUG_ALL)
+ if( strcmp( "MBEDTLS_SSL_DEBUG_ALL", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_SSL_DEBUG_ALL );
+ return( 0 );
+ }
+#endif /* MBEDTLS_SSL_DEBUG_ALL */
+
+#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
+ if( strcmp( "MBEDTLS_SSL_ENCRYPT_THEN_MAC", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_SSL_ENCRYPT_THEN_MAC );
+ return( 0 );
+ }
+#endif /* MBEDTLS_SSL_ENCRYPT_THEN_MAC */
+
+#if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET)
+ if( strcmp( "MBEDTLS_SSL_EXTENDED_MASTER_SECRET", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_SSL_EXTENDED_MASTER_SECRET );
+ return( 0 );
+ }
+#endif /* MBEDTLS_SSL_EXTENDED_MASTER_SECRET */
+
+#if defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
+ if( strcmp( "MBEDTLS_SSL_KEEP_PEER_CERTIFICATE", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_SSL_KEEP_PEER_CERTIFICATE );
+ return( 0 );
+ }
+#endif /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
+
+#if defined(MBEDTLS_SSL_RENEGOTIATION)
+ if( strcmp( "MBEDTLS_SSL_RENEGOTIATION", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_SSL_RENEGOTIATION );
+ return( 0 );
+ }
+#endif /* MBEDTLS_SSL_RENEGOTIATION */
+
+#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
+ if( strcmp( "MBEDTLS_SSL_MAX_FRAGMENT_LENGTH", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_SSL_MAX_FRAGMENT_LENGTH );
+ return( 0 );
+ }
+#endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */
+
+#if defined(MBEDTLS_SSL_RECORD_SIZE_LIMIT)
+ if( strcmp( "MBEDTLS_SSL_RECORD_SIZE_LIMIT", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_SSL_RECORD_SIZE_LIMIT );
+ return( 0 );
+ }
+#endif /* MBEDTLS_SSL_RECORD_SIZE_LIMIT */
+
+#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
+ if( strcmp( "MBEDTLS_SSL_PROTO_TLS1_2", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_SSL_PROTO_TLS1_2 );
+ return( 0 );
+ }
+#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
+
+#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
+ if( strcmp( "MBEDTLS_SSL_PROTO_TLS1_3", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_SSL_PROTO_TLS1_3 );
+ return( 0 );
+ }
+#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
+
+#if defined(MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE)
+ if( strcmp( "MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE );
+ return( 0 );
+ }
+#endif /* MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE */
+
+#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED)
+ if( strcmp( "MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED );
+ return( 0 );
+ }
+#endif /* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED */
+
+#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED)
+ if( strcmp( "MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED );
+ return( 0 );
+ }
+#endif /* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED */
+
+#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED)
+ if( strcmp( "MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED );
+ return( 0 );
+ }
+#endif /* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED */
+
+#if defined(MBEDTLS_SSL_EARLY_DATA)
+ if( strcmp( "MBEDTLS_SSL_EARLY_DATA", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_SSL_EARLY_DATA );
+ return( 0 );
+ }
+#endif /* MBEDTLS_SSL_EARLY_DATA */
+
+#if defined(MBEDTLS_SSL_PROTO_DTLS)
+ if( strcmp( "MBEDTLS_SSL_PROTO_DTLS", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_SSL_PROTO_DTLS );
+ return( 0 );
+ }
+#endif /* MBEDTLS_SSL_PROTO_DTLS */
+
+#if defined(MBEDTLS_SSL_ALPN)
+ if( strcmp( "MBEDTLS_SSL_ALPN", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_SSL_ALPN );
+ return( 0 );
+ }
+#endif /* MBEDTLS_SSL_ALPN */
+
+#if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY)
+ if( strcmp( "MBEDTLS_SSL_DTLS_ANTI_REPLAY", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_SSL_DTLS_ANTI_REPLAY );
+ return( 0 );
+ }
+#endif /* MBEDTLS_SSL_DTLS_ANTI_REPLAY */
+
+#if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY)
+ if( strcmp( "MBEDTLS_SSL_DTLS_HELLO_VERIFY", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_SSL_DTLS_HELLO_VERIFY );
+ return( 0 );
+ }
+#endif /* MBEDTLS_SSL_DTLS_HELLO_VERIFY */
+
+#if defined(MBEDTLS_SSL_DTLS_SRTP)
+ if( strcmp( "MBEDTLS_SSL_DTLS_SRTP", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_SSL_DTLS_SRTP );
+ return( 0 );
+ }
+#endif /* MBEDTLS_SSL_DTLS_SRTP */
+
+#if defined(MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE)
+ if( strcmp( "MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE );
+ return( 0 );
+ }
+#endif /* MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE */
+
+#if defined(MBEDTLS_SSL_SESSION_TICKETS)
+ if( strcmp( "MBEDTLS_SSL_SESSION_TICKETS", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_SSL_SESSION_TICKETS );
+ return( 0 );
+ }
+#endif /* MBEDTLS_SSL_SESSION_TICKETS */
+
+#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
+ if( strcmp( "MBEDTLS_SSL_SERVER_NAME_INDICATION", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_SSL_SERVER_NAME_INDICATION );
+ return( 0 );
+ }
+#endif /* MBEDTLS_SSL_SERVER_NAME_INDICATION */
+
+#if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH)
+ if( strcmp( "MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH );
+ return( 0 );
+ }
+#endif /* MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH */
+
+#if defined(MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN)
+ if( strcmp( "MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN );
+ return( 0 );
+ }
+#endif /* MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN */
+
+#if defined(MBEDTLS_TEST_CONSTANT_FLOW_VALGRIND)
+ if( strcmp( "MBEDTLS_TEST_CONSTANT_FLOW_VALGRIND", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_TEST_CONSTANT_FLOW_VALGRIND );
+ return( 0 );
+ }
+#endif /* MBEDTLS_TEST_CONSTANT_FLOW_VALGRIND */
+
+#if defined(MBEDTLS_TEST_HOOKS)
+ if( strcmp( "MBEDTLS_TEST_HOOKS", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_TEST_HOOKS );
+ return( 0 );
+ }
+#endif /* MBEDTLS_TEST_HOOKS */
+
+#if defined(MBEDTLS_THREADING_ALT)
+ if( strcmp( "MBEDTLS_THREADING_ALT", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_THREADING_ALT );
+ return( 0 );
+ }
+#endif /* MBEDTLS_THREADING_ALT */
+
+#if defined(MBEDTLS_THREADING_PTHREAD)
+ if( strcmp( "MBEDTLS_THREADING_PTHREAD", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_THREADING_PTHREAD );
+ return( 0 );
+ }
+#endif /* MBEDTLS_THREADING_PTHREAD */
+
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ if( strcmp( "MBEDTLS_USE_PSA_CRYPTO", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_USE_PSA_CRYPTO );
+ return( 0 );
+ }
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+
+#if defined(MBEDTLS_PSA_CRYPTO_CONFIG)
+ if( strcmp( "MBEDTLS_PSA_CRYPTO_CONFIG", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_PSA_CRYPTO_CONFIG );
+ return( 0 );
+ }
+#endif /* MBEDTLS_PSA_CRYPTO_CONFIG */
+
+#if defined(MBEDTLS_VERSION_FEATURES)
+ if( strcmp( "MBEDTLS_VERSION_FEATURES", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_VERSION_FEATURES );
+ return( 0 );
+ }
+#endif /* MBEDTLS_VERSION_FEATURES */
+
+#if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK)
+ if( strcmp( "MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK );
+ return( 0 );
+ }
+#endif /* MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK */
+
+#if defined(MBEDTLS_X509_REMOVE_INFO)
+ if( strcmp( "MBEDTLS_X509_REMOVE_INFO", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_X509_REMOVE_INFO );
+ return( 0 );
+ }
+#endif /* MBEDTLS_X509_REMOVE_INFO */
+
+#if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT)
+ if( strcmp( "MBEDTLS_X509_RSASSA_PSS_SUPPORT", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_X509_RSASSA_PSS_SUPPORT );
+ return( 0 );
+ }
+#endif /* MBEDTLS_X509_RSASSA_PSS_SUPPORT */
+
+#if defined(MBEDTLS_AESNI_C)
+ if( strcmp( "MBEDTLS_AESNI_C", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_AESNI_C );
+ return( 0 );
+ }
+#endif /* MBEDTLS_AESNI_C */
+
+#if defined(MBEDTLS_AESCE_C)
+ if( strcmp( "MBEDTLS_AESCE_C", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_AESCE_C );
+ return( 0 );
+ }
+#endif /* MBEDTLS_AESCE_C */
+
+#if defined(MBEDTLS_AES_C)
+ if( strcmp( "MBEDTLS_AES_C", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_AES_C );
+ return( 0 );
+ }
+#endif /* MBEDTLS_AES_C */
+
+#if defined(MBEDTLS_ASN1_PARSE_C)
+ if( strcmp( "MBEDTLS_ASN1_PARSE_C", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_ASN1_PARSE_C );
+ return( 0 );
+ }
+#endif /* MBEDTLS_ASN1_PARSE_C */
+
+#if defined(MBEDTLS_ASN1_WRITE_C)
+ if( strcmp( "MBEDTLS_ASN1_WRITE_C", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_ASN1_WRITE_C );
+ return( 0 );
+ }
+#endif /* MBEDTLS_ASN1_WRITE_C */
+
+#if defined(MBEDTLS_BASE64_C)
+ if( strcmp( "MBEDTLS_BASE64_C", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_BASE64_C );
+ return( 0 );
+ }
+#endif /* MBEDTLS_BASE64_C */
+
+#if defined(MBEDTLS_BLOCK_CIPHER_NO_DECRYPT)
+ if( strcmp( "MBEDTLS_BLOCK_CIPHER_NO_DECRYPT", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_BLOCK_CIPHER_NO_DECRYPT );
+ return( 0 );
+ }
+#endif /* MBEDTLS_BLOCK_CIPHER_NO_DECRYPT */
+
+#if defined(MBEDTLS_BIGNUM_C)
+ if( strcmp( "MBEDTLS_BIGNUM_C", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_BIGNUM_C );
+ return( 0 );
+ }
+#endif /* MBEDTLS_BIGNUM_C */
+
+#if defined(MBEDTLS_CAMELLIA_C)
+ if( strcmp( "MBEDTLS_CAMELLIA_C", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_CAMELLIA_C );
+ return( 0 );
+ }
+#endif /* MBEDTLS_CAMELLIA_C */
+
+#if defined(MBEDTLS_ARIA_C)
+ if( strcmp( "MBEDTLS_ARIA_C", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_ARIA_C );
+ return( 0 );
+ }
+#endif /* MBEDTLS_ARIA_C */
+
+#if defined(MBEDTLS_CCM_C)
+ if( strcmp( "MBEDTLS_CCM_C", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_CCM_C );
+ return( 0 );
+ }
+#endif /* MBEDTLS_CCM_C */
+
+#if defined(MBEDTLS_CHACHA20_C)
+ if( strcmp( "MBEDTLS_CHACHA20_C", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_CHACHA20_C );
+ return( 0 );
+ }
+#endif /* MBEDTLS_CHACHA20_C */
+
+#if defined(MBEDTLS_CHACHAPOLY_C)
+ if( strcmp( "MBEDTLS_CHACHAPOLY_C", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_CHACHAPOLY_C );
+ return( 0 );
+ }
+#endif /* MBEDTLS_CHACHAPOLY_C */
+
+#if defined(MBEDTLS_CIPHER_C)
+ if( strcmp( "MBEDTLS_CIPHER_C", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_CIPHER_C );
+ return( 0 );
+ }
+#endif /* MBEDTLS_CIPHER_C */
+
+#if defined(MBEDTLS_CMAC_C)
+ if( strcmp( "MBEDTLS_CMAC_C", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_CMAC_C );
+ return( 0 );
+ }
+#endif /* MBEDTLS_CMAC_C */
+
+#if defined(MBEDTLS_CTR_DRBG_C)
+ if( strcmp( "MBEDTLS_CTR_DRBG_C", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_CTR_DRBG_C );
+ return( 0 );
+ }
+#endif /* MBEDTLS_CTR_DRBG_C */
+
+#if defined(MBEDTLS_DEBUG_C)
+ if( strcmp( "MBEDTLS_DEBUG_C", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_DEBUG_C );
+ return( 0 );
+ }
+#endif /* MBEDTLS_DEBUG_C */
+
+#if defined(MBEDTLS_DES_C)
+ if( strcmp( "MBEDTLS_DES_C", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_DES_C );
+ return( 0 );
+ }
+#endif /* MBEDTLS_DES_C */
+
+#if defined(MBEDTLS_DHM_C)
+ if( strcmp( "MBEDTLS_DHM_C", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_DHM_C );
+ return( 0 );
+ }
+#endif /* MBEDTLS_DHM_C */
+
+#if defined(MBEDTLS_ECDH_C)
+ if( strcmp( "MBEDTLS_ECDH_C", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_ECDH_C );
+ return( 0 );
+ }
+#endif /* MBEDTLS_ECDH_C */
+
+#if defined(MBEDTLS_ECDSA_C)
+ if( strcmp( "MBEDTLS_ECDSA_C", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_ECDSA_C );
+ return( 0 );
+ }
+#endif /* MBEDTLS_ECDSA_C */
+
+#if defined(MBEDTLS_ECJPAKE_C)
+ if( strcmp( "MBEDTLS_ECJPAKE_C", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_ECJPAKE_C );
+ return( 0 );
+ }
+#endif /* MBEDTLS_ECJPAKE_C */
+
+#if defined(MBEDTLS_ECP_C)
+ if( strcmp( "MBEDTLS_ECP_C", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_ECP_C );
+ return( 0 );
+ }
+#endif /* MBEDTLS_ECP_C */
+
+#if defined(MBEDTLS_ENTROPY_C)
+ if( strcmp( "MBEDTLS_ENTROPY_C", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_ENTROPY_C );
+ return( 0 );
+ }
+#endif /* MBEDTLS_ENTROPY_C */
+
+#if defined(MBEDTLS_ERROR_C)
+ if( strcmp( "MBEDTLS_ERROR_C", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_ERROR_C );
+ return( 0 );
+ }
+#endif /* MBEDTLS_ERROR_C */
+
+#if defined(MBEDTLS_GCM_C)
+ if( strcmp( "MBEDTLS_GCM_C", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_GCM_C );
+ return( 0 );
+ }
+#endif /* MBEDTLS_GCM_C */
+
+#if defined(MBEDTLS_GCM_LARGE_TABLE)
+ if( strcmp( "MBEDTLS_GCM_LARGE_TABLE", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_GCM_LARGE_TABLE );
+ return( 0 );
+ }
+#endif /* MBEDTLS_GCM_LARGE_TABLE */
+
+#if defined(MBEDTLS_HKDF_C)
+ if( strcmp( "MBEDTLS_HKDF_C", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_HKDF_C );
+ return( 0 );
+ }
+#endif /* MBEDTLS_HKDF_C */
+
+#if defined(MBEDTLS_HMAC_DRBG_C)
+ if( strcmp( "MBEDTLS_HMAC_DRBG_C", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_HMAC_DRBG_C );
+ return( 0 );
+ }
+#endif /* MBEDTLS_HMAC_DRBG_C */
+
+#if defined(MBEDTLS_LMS_C)
+ if( strcmp( "MBEDTLS_LMS_C", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_LMS_C );
+ return( 0 );
+ }
+#endif /* MBEDTLS_LMS_C */
+
+#if defined(MBEDTLS_LMS_PRIVATE)
+ if( strcmp( "MBEDTLS_LMS_PRIVATE", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_LMS_PRIVATE );
+ return( 0 );
+ }
+#endif /* MBEDTLS_LMS_PRIVATE */
+
+#if defined(MBEDTLS_NIST_KW_C)
+ if( strcmp( "MBEDTLS_NIST_KW_C", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_NIST_KW_C );
+ return( 0 );
+ }
+#endif /* MBEDTLS_NIST_KW_C */
+
+#if defined(MBEDTLS_MD_C)
+ if( strcmp( "MBEDTLS_MD_C", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_MD_C );
+ return( 0 );
+ }
+#endif /* MBEDTLS_MD_C */
+
+#if defined(MBEDTLS_MD5_C)
+ if( strcmp( "MBEDTLS_MD5_C", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_MD5_C );
+ return( 0 );
+ }
+#endif /* MBEDTLS_MD5_C */
+
+#if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C)
+ if( strcmp( "MBEDTLS_MEMORY_BUFFER_ALLOC_C", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_MEMORY_BUFFER_ALLOC_C );
+ return( 0 );
+ }
+#endif /* MBEDTLS_MEMORY_BUFFER_ALLOC_C */
+
+#if defined(MBEDTLS_NET_C)
+ if( strcmp( "MBEDTLS_NET_C", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_NET_C );
+ return( 0 );
+ }
+#endif /* MBEDTLS_NET_C */
+
+#if defined(MBEDTLS_OID_C)
+ if( strcmp( "MBEDTLS_OID_C", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_OID_C );
+ return( 0 );
+ }
+#endif /* MBEDTLS_OID_C */
+
+#if defined(MBEDTLS_PADLOCK_C)
+ if( strcmp( "MBEDTLS_PADLOCK_C", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_PADLOCK_C );
+ return( 0 );
+ }
+#endif /* MBEDTLS_PADLOCK_C */
+
+#if defined(MBEDTLS_PEM_PARSE_C)
+ if( strcmp( "MBEDTLS_PEM_PARSE_C", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_PEM_PARSE_C );
+ return( 0 );
+ }
+#endif /* MBEDTLS_PEM_PARSE_C */
+
+#if defined(MBEDTLS_PEM_WRITE_C)
+ if( strcmp( "MBEDTLS_PEM_WRITE_C", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_PEM_WRITE_C );
+ return( 0 );
+ }
+#endif /* MBEDTLS_PEM_WRITE_C */
+
+#if defined(MBEDTLS_PK_C)
+ if( strcmp( "MBEDTLS_PK_C", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_PK_C );
+ return( 0 );
+ }
+#endif /* MBEDTLS_PK_C */
+
+#if defined(MBEDTLS_PK_PARSE_C)
+ if( strcmp( "MBEDTLS_PK_PARSE_C", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_PK_PARSE_C );
+ return( 0 );
+ }
+#endif /* MBEDTLS_PK_PARSE_C */
+
+#if defined(MBEDTLS_PK_WRITE_C)
+ if( strcmp( "MBEDTLS_PK_WRITE_C", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_PK_WRITE_C );
+ return( 0 );
+ }
+#endif /* MBEDTLS_PK_WRITE_C */
+
+#if defined(MBEDTLS_PKCS5_C)
+ if( strcmp( "MBEDTLS_PKCS5_C", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_PKCS5_C );
+ return( 0 );
+ }
+#endif /* MBEDTLS_PKCS5_C */
+
+#if defined(MBEDTLS_PKCS7_C)
+ if( strcmp( "MBEDTLS_PKCS7_C", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_PKCS7_C );
+ return( 0 );
+ }
+#endif /* MBEDTLS_PKCS7_C */
+
+#if defined(MBEDTLS_PKCS12_C)
+ if( strcmp( "MBEDTLS_PKCS12_C", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_PKCS12_C );
+ return( 0 );
+ }
+#endif /* MBEDTLS_PKCS12_C */
+
+#if defined(MBEDTLS_PLATFORM_C)
+ if( strcmp( "MBEDTLS_PLATFORM_C", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_PLATFORM_C );
+ return( 0 );
+ }
+#endif /* MBEDTLS_PLATFORM_C */
+
+#if defined(MBEDTLS_POLY1305_C)
+ if( strcmp( "MBEDTLS_POLY1305_C", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_POLY1305_C );
+ return( 0 );
+ }
+#endif /* MBEDTLS_POLY1305_C */
+
+#if defined(MBEDTLS_PSA_CRYPTO_C)
+ if( strcmp( "MBEDTLS_PSA_CRYPTO_C", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_PSA_CRYPTO_C );
+ return( 0 );
+ }
+#endif /* MBEDTLS_PSA_CRYPTO_C */
+
+#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
+ if( strcmp( "MBEDTLS_PSA_CRYPTO_SE_C", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_PSA_CRYPTO_SE_C );
+ return( 0 );
+ }
+#endif /* MBEDTLS_PSA_CRYPTO_SE_C */
+
+#if defined(MBEDTLS_PSA_CRYPTO_STORAGE_C)
+ if( strcmp( "MBEDTLS_PSA_CRYPTO_STORAGE_C", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_PSA_CRYPTO_STORAGE_C );
+ return( 0 );
+ }
+#endif /* MBEDTLS_PSA_CRYPTO_STORAGE_C */
+
+#if defined(MBEDTLS_PSA_ITS_FILE_C)
+ if( strcmp( "MBEDTLS_PSA_ITS_FILE_C", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_PSA_ITS_FILE_C );
+ return( 0 );
+ }
+#endif /* MBEDTLS_PSA_ITS_FILE_C */
+
+#if defined(MBEDTLS_RIPEMD160_C)
+ if( strcmp( "MBEDTLS_RIPEMD160_C", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_RIPEMD160_C );
+ return( 0 );
+ }
+#endif /* MBEDTLS_RIPEMD160_C */
+
+#if defined(MBEDTLS_RSA_C)
+ if( strcmp( "MBEDTLS_RSA_C", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_RSA_C );
+ return( 0 );
+ }
+#endif /* MBEDTLS_RSA_C */
+
+#if defined(MBEDTLS_SHA1_C)
+ if( strcmp( "MBEDTLS_SHA1_C", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_SHA1_C );
+ return( 0 );
+ }
+#endif /* MBEDTLS_SHA1_C */
+
+#if defined(MBEDTLS_SHA224_C)
+ if( strcmp( "MBEDTLS_SHA224_C", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_SHA224_C );
+ return( 0 );
+ }
+#endif /* MBEDTLS_SHA224_C */
+
+#if defined(MBEDTLS_SHA256_C)
+ if( strcmp( "MBEDTLS_SHA256_C", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_SHA256_C );
+ return( 0 );
+ }
+#endif /* MBEDTLS_SHA256_C */
+
+#if defined(MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_IF_PRESENT)
+ if( strcmp( "MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_IF_PRESENT", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_IF_PRESENT );
+ return( 0 );
+ }
+#endif /* MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_IF_PRESENT */
+
+#if defined(MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT)
+ if( strcmp( "MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT );
+ return( 0 );
+ }
+#endif /* MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT */
+
+#if defined(MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_ONLY)
+ if( strcmp( "MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_ONLY", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_ONLY );
+ return( 0 );
+ }
+#endif /* MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_ONLY */
+
+#if defined(MBEDTLS_SHA256_USE_A64_CRYPTO_ONLY)
+ if( strcmp( "MBEDTLS_SHA256_USE_A64_CRYPTO_ONLY", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_SHA256_USE_A64_CRYPTO_ONLY );
+ return( 0 );
+ }
+#endif /* MBEDTLS_SHA256_USE_A64_CRYPTO_ONLY */
+
+#if defined(MBEDTLS_SHA384_C)
+ if( strcmp( "MBEDTLS_SHA384_C", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_SHA384_C );
+ return( 0 );
+ }
+#endif /* MBEDTLS_SHA384_C */
+
+#if defined(MBEDTLS_SHA512_C)
+ if( strcmp( "MBEDTLS_SHA512_C", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_SHA512_C );
+ return( 0 );
+ }
+#endif /* MBEDTLS_SHA512_C */
+
+#if defined(MBEDTLS_SHA3_C)
+ if( strcmp( "MBEDTLS_SHA3_C", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_SHA3_C );
+ return( 0 );
+ }
+#endif /* MBEDTLS_SHA3_C */
+
+#if defined(MBEDTLS_SHA512_USE_A64_CRYPTO_IF_PRESENT)
+ if( strcmp( "MBEDTLS_SHA512_USE_A64_CRYPTO_IF_PRESENT", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_SHA512_USE_A64_CRYPTO_IF_PRESENT );
+ return( 0 );
+ }
+#endif /* MBEDTLS_SHA512_USE_A64_CRYPTO_IF_PRESENT */
+
+#if defined(MBEDTLS_SHA512_USE_A64_CRYPTO_ONLY)
+ if( strcmp( "MBEDTLS_SHA512_USE_A64_CRYPTO_ONLY", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_SHA512_USE_A64_CRYPTO_ONLY );
+ return( 0 );
+ }
+#endif /* MBEDTLS_SHA512_USE_A64_CRYPTO_ONLY */
+
+#if defined(MBEDTLS_SSL_CACHE_C)
+ if( strcmp( "MBEDTLS_SSL_CACHE_C", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_SSL_CACHE_C );
+ return( 0 );
+ }
+#endif /* MBEDTLS_SSL_CACHE_C */
+
+#if defined(MBEDTLS_SSL_COOKIE_C)
+ if( strcmp( "MBEDTLS_SSL_COOKIE_C", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_SSL_COOKIE_C );
+ return( 0 );
+ }
+#endif /* MBEDTLS_SSL_COOKIE_C */
+
+#if defined(MBEDTLS_SSL_TICKET_C)
+ if( strcmp( "MBEDTLS_SSL_TICKET_C", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_SSL_TICKET_C );
+ return( 0 );
+ }
+#endif /* MBEDTLS_SSL_TICKET_C */
+
+#if defined(MBEDTLS_SSL_CLI_C)
+ if( strcmp( "MBEDTLS_SSL_CLI_C", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_SSL_CLI_C );
+ return( 0 );
+ }
+#endif /* MBEDTLS_SSL_CLI_C */
+
+#if defined(MBEDTLS_SSL_SRV_C)
+ if( strcmp( "MBEDTLS_SSL_SRV_C", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_SSL_SRV_C );
+ return( 0 );
+ }
+#endif /* MBEDTLS_SSL_SRV_C */
+
+#if defined(MBEDTLS_SSL_TLS_C)
+ if( strcmp( "MBEDTLS_SSL_TLS_C", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_SSL_TLS_C );
+ return( 0 );
+ }
+#endif /* MBEDTLS_SSL_TLS_C */
+
+#if defined(MBEDTLS_THREADING_C)
+ if( strcmp( "MBEDTLS_THREADING_C", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_THREADING_C );
+ return( 0 );
+ }
+#endif /* MBEDTLS_THREADING_C */
+
+#if defined(MBEDTLS_TIMING_C)
+ if( strcmp( "MBEDTLS_TIMING_C", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_TIMING_C );
+ return( 0 );
+ }
+#endif /* MBEDTLS_TIMING_C */
+
+#if defined(MBEDTLS_VERSION_C)
+ if( strcmp( "MBEDTLS_VERSION_C", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_VERSION_C );
+ return( 0 );
+ }
+#endif /* MBEDTLS_VERSION_C */
+
+#if defined(MBEDTLS_X509_USE_C)
+ if( strcmp( "MBEDTLS_X509_USE_C", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_X509_USE_C );
+ return( 0 );
+ }
+#endif /* MBEDTLS_X509_USE_C */
+
+#if defined(MBEDTLS_X509_CRT_PARSE_C)
+ if( strcmp( "MBEDTLS_X509_CRT_PARSE_C", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_X509_CRT_PARSE_C );
+ return( 0 );
+ }
+#endif /* MBEDTLS_X509_CRT_PARSE_C */
+
+#if defined(MBEDTLS_X509_CRL_PARSE_C)
+ if( strcmp( "MBEDTLS_X509_CRL_PARSE_C", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_X509_CRL_PARSE_C );
+ return( 0 );
+ }
+#endif /* MBEDTLS_X509_CRL_PARSE_C */
+
+#if defined(MBEDTLS_X509_CSR_PARSE_C)
+ if( strcmp( "MBEDTLS_X509_CSR_PARSE_C", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_X509_CSR_PARSE_C );
+ return( 0 );
+ }
+#endif /* MBEDTLS_X509_CSR_PARSE_C */
+
+#if defined(MBEDTLS_X509_CREATE_C)
+ if( strcmp( "MBEDTLS_X509_CREATE_C", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_X509_CREATE_C );
+ return( 0 );
+ }
+#endif /* MBEDTLS_X509_CREATE_C */
+
+#if defined(MBEDTLS_X509_CRT_WRITE_C)
+ if( strcmp( "MBEDTLS_X509_CRT_WRITE_C", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_X509_CRT_WRITE_C );
+ return( 0 );
+ }
+#endif /* MBEDTLS_X509_CRT_WRITE_C */
+
+#if defined(MBEDTLS_X509_CSR_WRITE_C)
+ if( strcmp( "MBEDTLS_X509_CSR_WRITE_C", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_X509_CSR_WRITE_C );
+ return( 0 );
+ }
+#endif /* MBEDTLS_X509_CSR_WRITE_C */
+
+#if defined(MBEDTLS_CONFIG_FILE)
+ if( strcmp( "MBEDTLS_CONFIG_FILE", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_CONFIG_FILE );
+ return( 0 );
+ }
+#endif /* MBEDTLS_CONFIG_FILE */
+
+#if defined(MBEDTLS_USER_CONFIG_FILE)
+ if( strcmp( "MBEDTLS_USER_CONFIG_FILE", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_USER_CONFIG_FILE );
+ return( 0 );
+ }
+#endif /* MBEDTLS_USER_CONFIG_FILE */
+
+#if defined(MBEDTLS_PSA_CRYPTO_CONFIG_FILE)
+ if( strcmp( "MBEDTLS_PSA_CRYPTO_CONFIG_FILE", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_PSA_CRYPTO_CONFIG_FILE );
+ return( 0 );
+ }
+#endif /* MBEDTLS_PSA_CRYPTO_CONFIG_FILE */
+
+#if defined(MBEDTLS_PSA_CRYPTO_USER_CONFIG_FILE)
+ if( strcmp( "MBEDTLS_PSA_CRYPTO_USER_CONFIG_FILE", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_PSA_CRYPTO_USER_CONFIG_FILE );
+ return( 0 );
+ }
+#endif /* MBEDTLS_PSA_CRYPTO_USER_CONFIG_FILE */
+
+#if defined(MBEDTLS_PSA_CRYPTO_PLATFORM_FILE)
+ if( strcmp( "MBEDTLS_PSA_CRYPTO_PLATFORM_FILE", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_PSA_CRYPTO_PLATFORM_FILE );
+ return( 0 );
+ }
+#endif /* MBEDTLS_PSA_CRYPTO_PLATFORM_FILE */
+
+#if defined(MBEDTLS_PSA_CRYPTO_STRUCT_FILE)
+ if( strcmp( "MBEDTLS_PSA_CRYPTO_STRUCT_FILE", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_PSA_CRYPTO_STRUCT_FILE );
+ return( 0 );
+ }
+#endif /* MBEDTLS_PSA_CRYPTO_STRUCT_FILE */
+
+#if defined(MBEDTLS_MPI_WINDOW_SIZE)
+ if( strcmp( "MBEDTLS_MPI_WINDOW_SIZE", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_MPI_WINDOW_SIZE );
+ return( 0 );
+ }
+#endif /* MBEDTLS_MPI_WINDOW_SIZE */
+
+#if defined(MBEDTLS_MPI_MAX_SIZE)
+ if( strcmp( "MBEDTLS_MPI_MAX_SIZE", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_MPI_MAX_SIZE );
+ return( 0 );
+ }
+#endif /* MBEDTLS_MPI_MAX_SIZE */
+
+#if defined(MBEDTLS_CTR_DRBG_ENTROPY_LEN)
+ if( strcmp( "MBEDTLS_CTR_DRBG_ENTROPY_LEN", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_CTR_DRBG_ENTROPY_LEN );
+ return( 0 );
+ }
+#endif /* MBEDTLS_CTR_DRBG_ENTROPY_LEN */
+
+#if defined(MBEDTLS_CTR_DRBG_RESEED_INTERVAL)
+ if( strcmp( "MBEDTLS_CTR_DRBG_RESEED_INTERVAL", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_CTR_DRBG_RESEED_INTERVAL );
+ return( 0 );
+ }
+#endif /* MBEDTLS_CTR_DRBG_RESEED_INTERVAL */
+
+#if defined(MBEDTLS_CTR_DRBG_MAX_INPUT)
+ if( strcmp( "MBEDTLS_CTR_DRBG_MAX_INPUT", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_CTR_DRBG_MAX_INPUT );
+ return( 0 );
+ }
+#endif /* MBEDTLS_CTR_DRBG_MAX_INPUT */
+
+#if defined(MBEDTLS_CTR_DRBG_MAX_REQUEST)
+ if( strcmp( "MBEDTLS_CTR_DRBG_MAX_REQUEST", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_CTR_DRBG_MAX_REQUEST );
+ return( 0 );
+ }
+#endif /* MBEDTLS_CTR_DRBG_MAX_REQUEST */
+
+#if defined(MBEDTLS_CTR_DRBG_MAX_SEED_INPUT)
+ if( strcmp( "MBEDTLS_CTR_DRBG_MAX_SEED_INPUT", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_CTR_DRBG_MAX_SEED_INPUT );
+ return( 0 );
+ }
+#endif /* MBEDTLS_CTR_DRBG_MAX_SEED_INPUT */
+
+#if defined(MBEDTLS_HMAC_DRBG_RESEED_INTERVAL)
+ if( strcmp( "MBEDTLS_HMAC_DRBG_RESEED_INTERVAL", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_HMAC_DRBG_RESEED_INTERVAL );
+ return( 0 );
+ }
+#endif /* MBEDTLS_HMAC_DRBG_RESEED_INTERVAL */
+
+#if defined(MBEDTLS_HMAC_DRBG_MAX_INPUT)
+ if( strcmp( "MBEDTLS_HMAC_DRBG_MAX_INPUT", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_HMAC_DRBG_MAX_INPUT );
+ return( 0 );
+ }
+#endif /* MBEDTLS_HMAC_DRBG_MAX_INPUT */
+
+#if defined(MBEDTLS_HMAC_DRBG_MAX_REQUEST)
+ if( strcmp( "MBEDTLS_HMAC_DRBG_MAX_REQUEST", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_HMAC_DRBG_MAX_REQUEST );
+ return( 0 );
+ }
+#endif /* MBEDTLS_HMAC_DRBG_MAX_REQUEST */
+
+#if defined(MBEDTLS_HMAC_DRBG_MAX_SEED_INPUT)
+ if( strcmp( "MBEDTLS_HMAC_DRBG_MAX_SEED_INPUT", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_HMAC_DRBG_MAX_SEED_INPUT );
+ return( 0 );
+ }
+#endif /* MBEDTLS_HMAC_DRBG_MAX_SEED_INPUT */
+
+#if defined(MBEDTLS_ECP_WINDOW_SIZE)
+ if( strcmp( "MBEDTLS_ECP_WINDOW_SIZE", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_ECP_WINDOW_SIZE );
+ return( 0 );
+ }
+#endif /* MBEDTLS_ECP_WINDOW_SIZE */
+
+#if defined(MBEDTLS_ECP_FIXED_POINT_OPTIM)
+ if( strcmp( "MBEDTLS_ECP_FIXED_POINT_OPTIM", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_ECP_FIXED_POINT_OPTIM );
+ return( 0 );
+ }
+#endif /* MBEDTLS_ECP_FIXED_POINT_OPTIM */
+
+#if defined(MBEDTLS_ENTROPY_MAX_SOURCES)
+ if( strcmp( "MBEDTLS_ENTROPY_MAX_SOURCES", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_ENTROPY_MAX_SOURCES );
+ return( 0 );
+ }
+#endif /* MBEDTLS_ENTROPY_MAX_SOURCES */
+
+#if defined(MBEDTLS_ENTROPY_MAX_GATHER)
+ if( strcmp( "MBEDTLS_ENTROPY_MAX_GATHER", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_ENTROPY_MAX_GATHER );
+ return( 0 );
+ }
+#endif /* MBEDTLS_ENTROPY_MAX_GATHER */
+
+#if defined(MBEDTLS_ENTROPY_MIN_HARDWARE)
+ if( strcmp( "MBEDTLS_ENTROPY_MIN_HARDWARE", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_ENTROPY_MIN_HARDWARE );
+ return( 0 );
+ }
+#endif /* MBEDTLS_ENTROPY_MIN_HARDWARE */
+
+#if defined(MBEDTLS_MEMORY_ALIGN_MULTIPLE)
+ if( strcmp( "MBEDTLS_MEMORY_ALIGN_MULTIPLE", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_MEMORY_ALIGN_MULTIPLE );
+ return( 0 );
+ }
+#endif /* MBEDTLS_MEMORY_ALIGN_MULTIPLE */
+
+#if defined(MBEDTLS_PLATFORM_STD_MEM_HDR)
+ if( strcmp( "MBEDTLS_PLATFORM_STD_MEM_HDR", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_PLATFORM_STD_MEM_HDR );
+ return( 0 );
+ }
+#endif /* MBEDTLS_PLATFORM_STD_MEM_HDR */
+
+#if defined(MBEDTLS_PLATFORM_STD_CALLOC)
+ if( strcmp( "MBEDTLS_PLATFORM_STD_CALLOC", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_PLATFORM_STD_CALLOC );
+ return( 0 );
+ }
+#endif /* MBEDTLS_PLATFORM_STD_CALLOC */
+
+#if defined(MBEDTLS_PLATFORM_STD_FREE)
+ if( strcmp( "MBEDTLS_PLATFORM_STD_FREE", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_PLATFORM_STD_FREE );
+ return( 0 );
+ }
+#endif /* MBEDTLS_PLATFORM_STD_FREE */
+
+#if defined(MBEDTLS_PLATFORM_STD_SETBUF)
+ if( strcmp( "MBEDTLS_PLATFORM_STD_SETBUF", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_PLATFORM_STD_SETBUF );
+ return( 0 );
+ }
+#endif /* MBEDTLS_PLATFORM_STD_SETBUF */
+
+#if defined(MBEDTLS_PLATFORM_STD_EXIT)
+ if( strcmp( "MBEDTLS_PLATFORM_STD_EXIT", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_PLATFORM_STD_EXIT );
+ return( 0 );
+ }
+#endif /* MBEDTLS_PLATFORM_STD_EXIT */
+
+#if defined(MBEDTLS_PLATFORM_STD_TIME)
+ if( strcmp( "MBEDTLS_PLATFORM_STD_TIME", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_PLATFORM_STD_TIME );
+ return( 0 );
+ }
+#endif /* MBEDTLS_PLATFORM_STD_TIME */
+
+#if defined(MBEDTLS_PLATFORM_STD_FPRINTF)
+ if( strcmp( "MBEDTLS_PLATFORM_STD_FPRINTF", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_PLATFORM_STD_FPRINTF );
+ return( 0 );
+ }
+#endif /* MBEDTLS_PLATFORM_STD_FPRINTF */
+
+#if defined(MBEDTLS_PLATFORM_STD_PRINTF)
+ if( strcmp( "MBEDTLS_PLATFORM_STD_PRINTF", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_PLATFORM_STD_PRINTF );
+ return( 0 );
+ }
+#endif /* MBEDTLS_PLATFORM_STD_PRINTF */
+
+#if defined(MBEDTLS_PLATFORM_STD_SNPRINTF)
+ if( strcmp( "MBEDTLS_PLATFORM_STD_SNPRINTF", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_PLATFORM_STD_SNPRINTF );
+ return( 0 );
+ }
+#endif /* MBEDTLS_PLATFORM_STD_SNPRINTF */
+
+#if defined(MBEDTLS_PLATFORM_STD_EXIT_SUCCESS)
+ if( strcmp( "MBEDTLS_PLATFORM_STD_EXIT_SUCCESS", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_PLATFORM_STD_EXIT_SUCCESS );
+ return( 0 );
+ }
+#endif /* MBEDTLS_PLATFORM_STD_EXIT_SUCCESS */
+
+#if defined(MBEDTLS_PLATFORM_STD_EXIT_FAILURE)
+ if( strcmp( "MBEDTLS_PLATFORM_STD_EXIT_FAILURE", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_PLATFORM_STD_EXIT_FAILURE );
+ return( 0 );
+ }
+#endif /* MBEDTLS_PLATFORM_STD_EXIT_FAILURE */
+
+#if defined(MBEDTLS_PLATFORM_STD_NV_SEED_READ)
+ if( strcmp( "MBEDTLS_PLATFORM_STD_NV_SEED_READ", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_PLATFORM_STD_NV_SEED_READ );
+ return( 0 );
+ }
+#endif /* MBEDTLS_PLATFORM_STD_NV_SEED_READ */
+
+#if defined(MBEDTLS_PLATFORM_STD_NV_SEED_WRITE)
+ if( strcmp( "MBEDTLS_PLATFORM_STD_NV_SEED_WRITE", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_PLATFORM_STD_NV_SEED_WRITE );
+ return( 0 );
+ }
+#endif /* MBEDTLS_PLATFORM_STD_NV_SEED_WRITE */
+
+#if defined(MBEDTLS_PLATFORM_STD_NV_SEED_FILE)
+ if( strcmp( "MBEDTLS_PLATFORM_STD_NV_SEED_FILE", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_PLATFORM_STD_NV_SEED_FILE );
+ return( 0 );
+ }
+#endif /* MBEDTLS_PLATFORM_STD_NV_SEED_FILE */
+
+#if defined(MBEDTLS_PLATFORM_CALLOC_MACRO)
+ if( strcmp( "MBEDTLS_PLATFORM_CALLOC_MACRO", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_PLATFORM_CALLOC_MACRO );
+ return( 0 );
+ }
+#endif /* MBEDTLS_PLATFORM_CALLOC_MACRO */
+
+#if defined(MBEDTLS_PLATFORM_FREE_MACRO)
+ if( strcmp( "MBEDTLS_PLATFORM_FREE_MACRO", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_PLATFORM_FREE_MACRO );
+ return( 0 );
+ }
+#endif /* MBEDTLS_PLATFORM_FREE_MACRO */
+
+#if defined(MBEDTLS_PLATFORM_EXIT_MACRO)
+ if( strcmp( "MBEDTLS_PLATFORM_EXIT_MACRO", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_PLATFORM_EXIT_MACRO );
+ return( 0 );
+ }
+#endif /* MBEDTLS_PLATFORM_EXIT_MACRO */
+
+#if defined(MBEDTLS_PLATFORM_SETBUF_MACRO)
+ if( strcmp( "MBEDTLS_PLATFORM_SETBUF_MACRO", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_PLATFORM_SETBUF_MACRO );
+ return( 0 );
+ }
+#endif /* MBEDTLS_PLATFORM_SETBUF_MACRO */
+
+#if defined(MBEDTLS_PLATFORM_TIME_MACRO)
+ if( strcmp( "MBEDTLS_PLATFORM_TIME_MACRO", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_PLATFORM_TIME_MACRO );
+ return( 0 );
+ }
+#endif /* MBEDTLS_PLATFORM_TIME_MACRO */
+
+#if defined(MBEDTLS_PLATFORM_TIME_TYPE_MACRO)
+ if( strcmp( "MBEDTLS_PLATFORM_TIME_TYPE_MACRO", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_PLATFORM_TIME_TYPE_MACRO );
+ return( 0 );
+ }
+#endif /* MBEDTLS_PLATFORM_TIME_TYPE_MACRO */
+
+#if defined(MBEDTLS_PLATFORM_FPRINTF_MACRO)
+ if( strcmp( "MBEDTLS_PLATFORM_FPRINTF_MACRO", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_PLATFORM_FPRINTF_MACRO );
+ return( 0 );
+ }
+#endif /* MBEDTLS_PLATFORM_FPRINTF_MACRO */
+
+#if defined(MBEDTLS_PLATFORM_PRINTF_MACRO)
+ if( strcmp( "MBEDTLS_PLATFORM_PRINTF_MACRO", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_PLATFORM_PRINTF_MACRO );
+ return( 0 );
+ }
+#endif /* MBEDTLS_PLATFORM_PRINTF_MACRO */
+
+#if defined(MBEDTLS_PLATFORM_SNPRINTF_MACRO)
+ if( strcmp( "MBEDTLS_PLATFORM_SNPRINTF_MACRO", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_PLATFORM_SNPRINTF_MACRO );
+ return( 0 );
+ }
+#endif /* MBEDTLS_PLATFORM_SNPRINTF_MACRO */
+
+#if defined(MBEDTLS_PLATFORM_VSNPRINTF_MACRO)
+ if( strcmp( "MBEDTLS_PLATFORM_VSNPRINTF_MACRO", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_PLATFORM_VSNPRINTF_MACRO );
+ return( 0 );
+ }
+#endif /* MBEDTLS_PLATFORM_VSNPRINTF_MACRO */
+
+#if defined(MBEDTLS_PLATFORM_NV_SEED_READ_MACRO)
+ if( strcmp( "MBEDTLS_PLATFORM_NV_SEED_READ_MACRO", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_PLATFORM_NV_SEED_READ_MACRO );
+ return( 0 );
+ }
+#endif /* MBEDTLS_PLATFORM_NV_SEED_READ_MACRO */
+
+#if defined(MBEDTLS_PLATFORM_NV_SEED_WRITE_MACRO)
+ if( strcmp( "MBEDTLS_PLATFORM_NV_SEED_WRITE_MACRO", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_PLATFORM_NV_SEED_WRITE_MACRO );
+ return( 0 );
+ }
+#endif /* MBEDTLS_PLATFORM_NV_SEED_WRITE_MACRO */
+
+#if defined(MBEDTLS_PLATFORM_MS_TIME_TYPE_MACRO)
+ if( strcmp( "MBEDTLS_PLATFORM_MS_TIME_TYPE_MACRO", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_PLATFORM_MS_TIME_TYPE_MACRO );
+ return( 0 );
+ }
+#endif /* MBEDTLS_PLATFORM_MS_TIME_TYPE_MACRO */
+
+#if defined(MBEDTLS_PRINTF_MS_TIME)
+ if( strcmp( "MBEDTLS_PRINTF_MS_TIME", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_PRINTF_MS_TIME );
+ return( 0 );
+ }
+#endif /* MBEDTLS_PRINTF_MS_TIME */
+
+#if defined(MBEDTLS_CHECK_RETURN)
+ if( strcmp( "MBEDTLS_CHECK_RETURN", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_CHECK_RETURN );
+ return( 0 );
+ }
+#endif /* MBEDTLS_CHECK_RETURN */
+
+#if defined(MBEDTLS_IGNORE_RETURN)
+ if( strcmp( "MBEDTLS_IGNORE_RETURN", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_IGNORE_RETURN );
+ return( 0 );
+ }
+#endif /* MBEDTLS_IGNORE_RETURN */
+
+#if defined(MBEDTLS_PSA_HMAC_DRBG_MD_TYPE)
+ if( strcmp( "MBEDTLS_PSA_HMAC_DRBG_MD_TYPE", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_PSA_HMAC_DRBG_MD_TYPE );
+ return( 0 );
+ }
+#endif /* MBEDTLS_PSA_HMAC_DRBG_MD_TYPE */
+
+#if defined(MBEDTLS_PSA_KEY_SLOT_COUNT)
+ if( strcmp( "MBEDTLS_PSA_KEY_SLOT_COUNT", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_PSA_KEY_SLOT_COUNT );
+ return( 0 );
+ }
+#endif /* MBEDTLS_PSA_KEY_SLOT_COUNT */
+
+#if defined(MBEDTLS_RSA_GEN_KEY_MIN_BITS)
+ if( strcmp( "MBEDTLS_RSA_GEN_KEY_MIN_BITS", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_RSA_GEN_KEY_MIN_BITS );
+ return( 0 );
+ }
+#endif /* MBEDTLS_RSA_GEN_KEY_MIN_BITS */
+
+#if defined(MBEDTLS_SSL_CACHE_DEFAULT_TIMEOUT)
+ if( strcmp( "MBEDTLS_SSL_CACHE_DEFAULT_TIMEOUT", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_SSL_CACHE_DEFAULT_TIMEOUT );
+ return( 0 );
+ }
+#endif /* MBEDTLS_SSL_CACHE_DEFAULT_TIMEOUT */
+
+#if defined(MBEDTLS_SSL_CACHE_DEFAULT_MAX_ENTRIES)
+ if( strcmp( "MBEDTLS_SSL_CACHE_DEFAULT_MAX_ENTRIES", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_SSL_CACHE_DEFAULT_MAX_ENTRIES );
+ return( 0 );
+ }
+#endif /* MBEDTLS_SSL_CACHE_DEFAULT_MAX_ENTRIES */
+
+#if defined(MBEDTLS_SSL_IN_CONTENT_LEN)
+ if( strcmp( "MBEDTLS_SSL_IN_CONTENT_LEN", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_SSL_IN_CONTENT_LEN );
+ return( 0 );
+ }
+#endif /* MBEDTLS_SSL_IN_CONTENT_LEN */
+
+#if defined(MBEDTLS_SSL_CID_IN_LEN_MAX)
+ if( strcmp( "MBEDTLS_SSL_CID_IN_LEN_MAX", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_SSL_CID_IN_LEN_MAX );
+ return( 0 );
+ }
+#endif /* MBEDTLS_SSL_CID_IN_LEN_MAX */
+
+#if defined(MBEDTLS_SSL_CID_OUT_LEN_MAX)
+ if( strcmp( "MBEDTLS_SSL_CID_OUT_LEN_MAX", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_SSL_CID_OUT_LEN_MAX );
+ return( 0 );
+ }
+#endif /* MBEDTLS_SSL_CID_OUT_LEN_MAX */
+
+#if defined(MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY)
+ if( strcmp( "MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY );
+ return( 0 );
+ }
+#endif /* MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY */
+
+#if defined(MBEDTLS_SSL_OUT_CONTENT_LEN)
+ if( strcmp( "MBEDTLS_SSL_OUT_CONTENT_LEN", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_SSL_OUT_CONTENT_LEN );
+ return( 0 );
+ }
+#endif /* MBEDTLS_SSL_OUT_CONTENT_LEN */
+
+#if defined(MBEDTLS_SSL_DTLS_MAX_BUFFERING)
+ if( strcmp( "MBEDTLS_SSL_DTLS_MAX_BUFFERING", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_SSL_DTLS_MAX_BUFFERING );
+ return( 0 );
+ }
+#endif /* MBEDTLS_SSL_DTLS_MAX_BUFFERING */
+
+#if defined(MBEDTLS_PSK_MAX_LEN)
+ if( strcmp( "MBEDTLS_PSK_MAX_LEN", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_PSK_MAX_LEN );
+ return( 0 );
+ }
+#endif /* MBEDTLS_PSK_MAX_LEN */
+
+#if defined(MBEDTLS_SSL_COOKIE_TIMEOUT)
+ if( strcmp( "MBEDTLS_SSL_COOKIE_TIMEOUT", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_SSL_COOKIE_TIMEOUT );
+ return( 0 );
+ }
+#endif /* MBEDTLS_SSL_COOKIE_TIMEOUT */
+
+#if defined(MBEDTLS_SSL_MAX_EARLY_DATA_SIZE)
+ if( strcmp( "MBEDTLS_SSL_MAX_EARLY_DATA_SIZE", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_SSL_MAX_EARLY_DATA_SIZE );
+ return( 0 );
+ }
+#endif /* MBEDTLS_SSL_MAX_EARLY_DATA_SIZE */
+
+#if defined(MBEDTLS_SSL_TLS1_3_TICKET_AGE_TOLERANCE)
+ if( strcmp( "MBEDTLS_SSL_TLS1_3_TICKET_AGE_TOLERANCE", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_SSL_TLS1_3_TICKET_AGE_TOLERANCE );
+ return( 0 );
+ }
+#endif /* MBEDTLS_SSL_TLS1_3_TICKET_AGE_TOLERANCE */
+
+#if defined(MBEDTLS_SSL_TLS1_3_TICKET_NONCE_LENGTH)
+ if( strcmp( "MBEDTLS_SSL_TLS1_3_TICKET_NONCE_LENGTH", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_SSL_TLS1_3_TICKET_NONCE_LENGTH );
+ return( 0 );
+ }
+#endif /* MBEDTLS_SSL_TLS1_3_TICKET_NONCE_LENGTH */
+
+#if defined(MBEDTLS_SSL_TLS1_3_DEFAULT_NEW_SESSION_TICKETS)
+ if( strcmp( "MBEDTLS_SSL_TLS1_3_DEFAULT_NEW_SESSION_TICKETS", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_SSL_TLS1_3_DEFAULT_NEW_SESSION_TICKETS );
+ return( 0 );
+ }
+#endif /* MBEDTLS_SSL_TLS1_3_DEFAULT_NEW_SESSION_TICKETS */
+
+#if defined(MBEDTLS_X509_MAX_INTERMEDIATE_CA)
+ if( strcmp( "MBEDTLS_X509_MAX_INTERMEDIATE_CA", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_X509_MAX_INTERMEDIATE_CA );
+ return( 0 );
+ }
+#endif /* MBEDTLS_X509_MAX_INTERMEDIATE_CA */
+
+#if defined(MBEDTLS_X509_MAX_FILE_PATH_LEN)
+ if( strcmp( "MBEDTLS_X509_MAX_FILE_PATH_LEN", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_X509_MAX_FILE_PATH_LEN );
+ return( 0 );
+ }
+#endif /* MBEDTLS_X509_MAX_FILE_PATH_LEN */
+
+#if defined(PSA_WANT_ALG_CBC_MAC)
+ if( strcmp( "PSA_WANT_ALG_CBC_MAC", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( PSA_WANT_ALG_CBC_MAC );
+ return( 0 );
+ }
+#endif /* PSA_WANT_ALG_CBC_MAC */
+
+#if defined(PSA_WANT_ALG_CBC_NO_PADDING)
+ if( strcmp( "PSA_WANT_ALG_CBC_NO_PADDING", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( PSA_WANT_ALG_CBC_NO_PADDING );
+ return( 0 );
+ }
+#endif /* PSA_WANT_ALG_CBC_NO_PADDING */
+
+#if defined(PSA_WANT_ALG_CBC_PKCS7)
+ if( strcmp( "PSA_WANT_ALG_CBC_PKCS7", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( PSA_WANT_ALG_CBC_PKCS7 );
+ return( 0 );
+ }
+#endif /* PSA_WANT_ALG_CBC_PKCS7 */
+
+#if defined(PSA_WANT_ALG_CCM)
+ if( strcmp( "PSA_WANT_ALG_CCM", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( PSA_WANT_ALG_CCM );
+ return( 0 );
+ }
+#endif /* PSA_WANT_ALG_CCM */
+
+#if defined(PSA_WANT_ALG_CCM_STAR_NO_TAG)
+ if( strcmp( "PSA_WANT_ALG_CCM_STAR_NO_TAG", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( PSA_WANT_ALG_CCM_STAR_NO_TAG );
+ return( 0 );
+ }
+#endif /* PSA_WANT_ALG_CCM_STAR_NO_TAG */
+
+#if defined(PSA_WANT_ALG_CMAC)
+ if( strcmp( "PSA_WANT_ALG_CMAC", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( PSA_WANT_ALG_CMAC );
+ return( 0 );
+ }
+#endif /* PSA_WANT_ALG_CMAC */
+
+#if defined(PSA_WANT_ALG_CFB)
+ if( strcmp( "PSA_WANT_ALG_CFB", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( PSA_WANT_ALG_CFB );
+ return( 0 );
+ }
+#endif /* PSA_WANT_ALG_CFB */
+
+#if defined(PSA_WANT_ALG_CHACHA20_POLY1305)
+ if( strcmp( "PSA_WANT_ALG_CHACHA20_POLY1305", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( PSA_WANT_ALG_CHACHA20_POLY1305 );
+ return( 0 );
+ }
+#endif /* PSA_WANT_ALG_CHACHA20_POLY1305 */
+
+#if defined(PSA_WANT_ALG_CTR)
+ if( strcmp( "PSA_WANT_ALG_CTR", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( PSA_WANT_ALG_CTR );
+ return( 0 );
+ }
+#endif /* PSA_WANT_ALG_CTR */
+
+#if defined(PSA_WANT_ALG_DETERMINISTIC_ECDSA)
+ if( strcmp( "PSA_WANT_ALG_DETERMINISTIC_ECDSA", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( PSA_WANT_ALG_DETERMINISTIC_ECDSA );
+ return( 0 );
+ }
+#endif /* PSA_WANT_ALG_DETERMINISTIC_ECDSA */
+
+#if defined(PSA_WANT_ALG_ECB_NO_PADDING)
+ if( strcmp( "PSA_WANT_ALG_ECB_NO_PADDING", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( PSA_WANT_ALG_ECB_NO_PADDING );
+ return( 0 );
+ }
+#endif /* PSA_WANT_ALG_ECB_NO_PADDING */
+
+#if defined(PSA_WANT_ALG_ECDH)
+ if( strcmp( "PSA_WANT_ALG_ECDH", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( PSA_WANT_ALG_ECDH );
+ return( 0 );
+ }
+#endif /* PSA_WANT_ALG_ECDH */
+
+#if defined(PSA_WANT_ALG_FFDH)
+ if( strcmp( "PSA_WANT_ALG_FFDH", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( PSA_WANT_ALG_FFDH );
+ return( 0 );
+ }
+#endif /* PSA_WANT_ALG_FFDH */
+
+#if defined(PSA_WANT_ALG_ECDSA)
+ if( strcmp( "PSA_WANT_ALG_ECDSA", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( PSA_WANT_ALG_ECDSA );
+ return( 0 );
+ }
+#endif /* PSA_WANT_ALG_ECDSA */
+
+#if defined(PSA_WANT_ALG_JPAKE)
+ if( strcmp( "PSA_WANT_ALG_JPAKE", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( PSA_WANT_ALG_JPAKE );
+ return( 0 );
+ }
+#endif /* PSA_WANT_ALG_JPAKE */
+
+#if defined(PSA_WANT_ALG_GCM)
+ if( strcmp( "PSA_WANT_ALG_GCM", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( PSA_WANT_ALG_GCM );
+ return( 0 );
+ }
+#endif /* PSA_WANT_ALG_GCM */
+
+#if defined(PSA_WANT_ALG_HKDF)
+ if( strcmp( "PSA_WANT_ALG_HKDF", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( PSA_WANT_ALG_HKDF );
+ return( 0 );
+ }
+#endif /* PSA_WANT_ALG_HKDF */
+
+#if defined(PSA_WANT_ALG_HKDF_EXTRACT)
+ if( strcmp( "PSA_WANT_ALG_HKDF_EXTRACT", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( PSA_WANT_ALG_HKDF_EXTRACT );
+ return( 0 );
+ }
+#endif /* PSA_WANT_ALG_HKDF_EXTRACT */
+
+#if defined(PSA_WANT_ALG_HKDF_EXPAND)
+ if( strcmp( "PSA_WANT_ALG_HKDF_EXPAND", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( PSA_WANT_ALG_HKDF_EXPAND );
+ return( 0 );
+ }
+#endif /* PSA_WANT_ALG_HKDF_EXPAND */
+
+#if defined(PSA_WANT_ALG_HMAC)
+ if( strcmp( "PSA_WANT_ALG_HMAC", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( PSA_WANT_ALG_HMAC );
+ return( 0 );
+ }
+#endif /* PSA_WANT_ALG_HMAC */
+
+#if defined(PSA_WANT_ALG_MD5)
+ if( strcmp( "PSA_WANT_ALG_MD5", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( PSA_WANT_ALG_MD5 );
+ return( 0 );
+ }
+#endif /* PSA_WANT_ALG_MD5 */
+
+#if defined(PSA_WANT_ALG_OFB)
+ if( strcmp( "PSA_WANT_ALG_OFB", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( PSA_WANT_ALG_OFB );
+ return( 0 );
+ }
+#endif /* PSA_WANT_ALG_OFB */
+
+#if defined(PSA_WANT_ALG_PBKDF2_HMAC)
+ if( strcmp( "PSA_WANT_ALG_PBKDF2_HMAC", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( PSA_WANT_ALG_PBKDF2_HMAC );
+ return( 0 );
+ }
+#endif /* PSA_WANT_ALG_PBKDF2_HMAC */
+
+#if defined(PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128)
+ if( strcmp( "PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128 );
+ return( 0 );
+ }
+#endif /* PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128 */
+
+#if defined(PSA_WANT_ALG_RIPEMD160)
+ if( strcmp( "PSA_WANT_ALG_RIPEMD160", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( PSA_WANT_ALG_RIPEMD160 );
+ return( 0 );
+ }
+#endif /* PSA_WANT_ALG_RIPEMD160 */
+
+#if defined(PSA_WANT_ALG_RSA_OAEP)
+ if( strcmp( "PSA_WANT_ALG_RSA_OAEP", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( PSA_WANT_ALG_RSA_OAEP );
+ return( 0 );
+ }
+#endif /* PSA_WANT_ALG_RSA_OAEP */
+
+#if defined(PSA_WANT_ALG_RSA_PKCS1V15_CRYPT)
+ if( strcmp( "PSA_WANT_ALG_RSA_PKCS1V15_CRYPT", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( PSA_WANT_ALG_RSA_PKCS1V15_CRYPT );
+ return( 0 );
+ }
+#endif /* PSA_WANT_ALG_RSA_PKCS1V15_CRYPT */
+
+#if defined(PSA_WANT_ALG_RSA_PKCS1V15_SIGN)
+ if( strcmp( "PSA_WANT_ALG_RSA_PKCS1V15_SIGN", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( PSA_WANT_ALG_RSA_PKCS1V15_SIGN );
+ return( 0 );
+ }
+#endif /* PSA_WANT_ALG_RSA_PKCS1V15_SIGN */
+
+#if defined(PSA_WANT_ALG_RSA_PSS)
+ if( strcmp( "PSA_WANT_ALG_RSA_PSS", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( PSA_WANT_ALG_RSA_PSS );
+ return( 0 );
+ }
+#endif /* PSA_WANT_ALG_RSA_PSS */
+
+#if defined(PSA_WANT_ALG_SHA_1)
+ if( strcmp( "PSA_WANT_ALG_SHA_1", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( PSA_WANT_ALG_SHA_1 );
+ return( 0 );
+ }
+#endif /* PSA_WANT_ALG_SHA_1 */
+
+#if defined(PSA_WANT_ALG_SHA_224)
+ if( strcmp( "PSA_WANT_ALG_SHA_224", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( PSA_WANT_ALG_SHA_224 );
+ return( 0 );
+ }
+#endif /* PSA_WANT_ALG_SHA_224 */
+
+#if defined(PSA_WANT_ALG_SHA_256)
+ if( strcmp( "PSA_WANT_ALG_SHA_256", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( PSA_WANT_ALG_SHA_256 );
+ return( 0 );
+ }
+#endif /* PSA_WANT_ALG_SHA_256 */
+
+#if defined(PSA_WANT_ALG_SHA_384)
+ if( strcmp( "PSA_WANT_ALG_SHA_384", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( PSA_WANT_ALG_SHA_384 );
+ return( 0 );
+ }
+#endif /* PSA_WANT_ALG_SHA_384 */
+
+#if defined(PSA_WANT_ALG_SHA_512)
+ if( strcmp( "PSA_WANT_ALG_SHA_512", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( PSA_WANT_ALG_SHA_512 );
+ return( 0 );
+ }
+#endif /* PSA_WANT_ALG_SHA_512 */
+
+#if defined(PSA_WANT_ALG_SHA3_224)
+ if( strcmp( "PSA_WANT_ALG_SHA3_224", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( PSA_WANT_ALG_SHA3_224 );
+ return( 0 );
+ }
+#endif /* PSA_WANT_ALG_SHA3_224 */
+
+#if defined(PSA_WANT_ALG_SHA3_256)
+ if( strcmp( "PSA_WANT_ALG_SHA3_256", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( PSA_WANT_ALG_SHA3_256 );
+ return( 0 );
+ }
+#endif /* PSA_WANT_ALG_SHA3_256 */
+
+#if defined(PSA_WANT_ALG_SHA3_384)
+ if( strcmp( "PSA_WANT_ALG_SHA3_384", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( PSA_WANT_ALG_SHA3_384 );
+ return( 0 );
+ }
+#endif /* PSA_WANT_ALG_SHA3_384 */
+
+#if defined(PSA_WANT_ALG_SHA3_512)
+ if( strcmp( "PSA_WANT_ALG_SHA3_512", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( PSA_WANT_ALG_SHA3_512 );
+ return( 0 );
+ }
+#endif /* PSA_WANT_ALG_SHA3_512 */
+
+#if defined(PSA_WANT_ALG_STREAM_CIPHER)
+ if( strcmp( "PSA_WANT_ALG_STREAM_CIPHER", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( PSA_WANT_ALG_STREAM_CIPHER );
+ return( 0 );
+ }
+#endif /* PSA_WANT_ALG_STREAM_CIPHER */
+
+#if defined(PSA_WANT_ALG_TLS12_PRF)
+ if( strcmp( "PSA_WANT_ALG_TLS12_PRF", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( PSA_WANT_ALG_TLS12_PRF );
+ return( 0 );
+ }
+#endif /* PSA_WANT_ALG_TLS12_PRF */
+
+#if defined(PSA_WANT_ALG_TLS12_PSK_TO_MS)
+ if( strcmp( "PSA_WANT_ALG_TLS12_PSK_TO_MS", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( PSA_WANT_ALG_TLS12_PSK_TO_MS );
+ return( 0 );
+ }
+#endif /* PSA_WANT_ALG_TLS12_PSK_TO_MS */
+
+#if defined(PSA_WANT_ALG_TLS12_ECJPAKE_TO_PMS)
+ if( strcmp( "PSA_WANT_ALG_TLS12_ECJPAKE_TO_PMS", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( PSA_WANT_ALG_TLS12_ECJPAKE_TO_PMS );
+ return( 0 );
+ }
+#endif /* PSA_WANT_ALG_TLS12_ECJPAKE_TO_PMS */
+
+#if defined(PSA_WANT_ALG_XTS)
+ if( strcmp( "PSA_WANT_ALG_XTS", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( PSA_WANT_ALG_XTS );
+ return( 0 );
+ }
+#endif /* PSA_WANT_ALG_XTS */
+
+#if defined(PSA_WANT_ECC_BRAINPOOL_P_R1_256)
+ if( strcmp( "PSA_WANT_ECC_BRAINPOOL_P_R1_256", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( PSA_WANT_ECC_BRAINPOOL_P_R1_256 );
+ return( 0 );
+ }
+#endif /* PSA_WANT_ECC_BRAINPOOL_P_R1_256 */
+
+#if defined(PSA_WANT_ECC_BRAINPOOL_P_R1_384)
+ if( strcmp( "PSA_WANT_ECC_BRAINPOOL_P_R1_384", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( PSA_WANT_ECC_BRAINPOOL_P_R1_384 );
+ return( 0 );
+ }
+#endif /* PSA_WANT_ECC_BRAINPOOL_P_R1_384 */
+
+#if defined(PSA_WANT_ECC_BRAINPOOL_P_R1_512)
+ if( strcmp( "PSA_WANT_ECC_BRAINPOOL_P_R1_512", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( PSA_WANT_ECC_BRAINPOOL_P_R1_512 );
+ return( 0 );
+ }
+#endif /* PSA_WANT_ECC_BRAINPOOL_P_R1_512 */
+
+#if defined(PSA_WANT_ECC_MONTGOMERY_255)
+ if( strcmp( "PSA_WANT_ECC_MONTGOMERY_255", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( PSA_WANT_ECC_MONTGOMERY_255 );
+ return( 0 );
+ }
+#endif /* PSA_WANT_ECC_MONTGOMERY_255 */
+
+#if defined(PSA_WANT_ECC_MONTGOMERY_448)
+ if( strcmp( "PSA_WANT_ECC_MONTGOMERY_448", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( PSA_WANT_ECC_MONTGOMERY_448 );
+ return( 0 );
+ }
+#endif /* PSA_WANT_ECC_MONTGOMERY_448 */
+
+#if defined(PSA_WANT_ECC_SECP_K1_192)
+ if( strcmp( "PSA_WANT_ECC_SECP_K1_192", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( PSA_WANT_ECC_SECP_K1_192 );
+ return( 0 );
+ }
+#endif /* PSA_WANT_ECC_SECP_K1_192 */
+
+#if defined(PSA_WANT_ECC_SECP_K1_224)
+ if( strcmp( "PSA_WANT_ECC_SECP_K1_224", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( PSA_WANT_ECC_SECP_K1_224 );
+ return( 0 );
+ }
+#endif /* PSA_WANT_ECC_SECP_K1_224 */
+
+#if defined(PSA_WANT_ECC_SECP_K1_256)
+ if( strcmp( "PSA_WANT_ECC_SECP_K1_256", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( PSA_WANT_ECC_SECP_K1_256 );
+ return( 0 );
+ }
+#endif /* PSA_WANT_ECC_SECP_K1_256 */
+
+#if defined(PSA_WANT_ECC_SECP_R1_192)
+ if( strcmp( "PSA_WANT_ECC_SECP_R1_192", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( PSA_WANT_ECC_SECP_R1_192 );
+ return( 0 );
+ }
+#endif /* PSA_WANT_ECC_SECP_R1_192 */
+
+#if defined(PSA_WANT_ECC_SECP_R1_224)
+ if( strcmp( "PSA_WANT_ECC_SECP_R1_224", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( PSA_WANT_ECC_SECP_R1_224 );
+ return( 0 );
+ }
+#endif /* PSA_WANT_ECC_SECP_R1_224 */
+
+#if defined(PSA_WANT_ECC_SECP_R1_256)
+ if( strcmp( "PSA_WANT_ECC_SECP_R1_256", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( PSA_WANT_ECC_SECP_R1_256 );
+ return( 0 );
+ }
+#endif /* PSA_WANT_ECC_SECP_R1_256 */
+
+#if defined(PSA_WANT_ECC_SECP_R1_384)
+ if( strcmp( "PSA_WANT_ECC_SECP_R1_384", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( PSA_WANT_ECC_SECP_R1_384 );
+ return( 0 );
+ }
+#endif /* PSA_WANT_ECC_SECP_R1_384 */
+
+#if defined(PSA_WANT_ECC_SECP_R1_521)
+ if( strcmp( "PSA_WANT_ECC_SECP_R1_521", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( PSA_WANT_ECC_SECP_R1_521 );
+ return( 0 );
+ }
+#endif /* PSA_WANT_ECC_SECP_R1_521 */
+
+#if defined(PSA_WANT_DH_RFC7919_2048)
+ if( strcmp( "PSA_WANT_DH_RFC7919_2048", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( PSA_WANT_DH_RFC7919_2048 );
+ return( 0 );
+ }
+#endif /* PSA_WANT_DH_RFC7919_2048 */
+
+#if defined(PSA_WANT_DH_RFC7919_3072)
+ if( strcmp( "PSA_WANT_DH_RFC7919_3072", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( PSA_WANT_DH_RFC7919_3072 );
+ return( 0 );
+ }
+#endif /* PSA_WANT_DH_RFC7919_3072 */
+
+#if defined(PSA_WANT_DH_RFC7919_4096)
+ if( strcmp( "PSA_WANT_DH_RFC7919_4096", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( PSA_WANT_DH_RFC7919_4096 );
+ return( 0 );
+ }
+#endif /* PSA_WANT_DH_RFC7919_4096 */
+
+#if defined(PSA_WANT_DH_RFC7919_6144)
+ if( strcmp( "PSA_WANT_DH_RFC7919_6144", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( PSA_WANT_DH_RFC7919_6144 );
+ return( 0 );
+ }
+#endif /* PSA_WANT_DH_RFC7919_6144 */
+
+#if defined(PSA_WANT_DH_RFC7919_8192)
+ if( strcmp( "PSA_WANT_DH_RFC7919_8192", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( PSA_WANT_DH_RFC7919_8192 );
+ return( 0 );
+ }
+#endif /* PSA_WANT_DH_RFC7919_8192 */
+
+#if defined(PSA_WANT_KEY_TYPE_DERIVE)
+ if( strcmp( "PSA_WANT_KEY_TYPE_DERIVE", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( PSA_WANT_KEY_TYPE_DERIVE );
+ return( 0 );
+ }
+#endif /* PSA_WANT_KEY_TYPE_DERIVE */
+
+#if defined(PSA_WANT_KEY_TYPE_PASSWORD)
+ if( strcmp( "PSA_WANT_KEY_TYPE_PASSWORD", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( PSA_WANT_KEY_TYPE_PASSWORD );
+ return( 0 );
+ }
+#endif /* PSA_WANT_KEY_TYPE_PASSWORD */
+
+#if defined(PSA_WANT_KEY_TYPE_PASSWORD_HASH)
+ if( strcmp( "PSA_WANT_KEY_TYPE_PASSWORD_HASH", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( PSA_WANT_KEY_TYPE_PASSWORD_HASH );
+ return( 0 );
+ }
+#endif /* PSA_WANT_KEY_TYPE_PASSWORD_HASH */
+
+#if defined(PSA_WANT_KEY_TYPE_HMAC)
+ if( strcmp( "PSA_WANT_KEY_TYPE_HMAC", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( PSA_WANT_KEY_TYPE_HMAC );
+ return( 0 );
+ }
+#endif /* PSA_WANT_KEY_TYPE_HMAC */
+
+#if defined(PSA_WANT_KEY_TYPE_AES)
+ if( strcmp( "PSA_WANT_KEY_TYPE_AES", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( PSA_WANT_KEY_TYPE_AES );
+ return( 0 );
+ }
+#endif /* PSA_WANT_KEY_TYPE_AES */
+
+#if defined(PSA_WANT_KEY_TYPE_ARIA)
+ if( strcmp( "PSA_WANT_KEY_TYPE_ARIA", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( PSA_WANT_KEY_TYPE_ARIA );
+ return( 0 );
+ }
+#endif /* PSA_WANT_KEY_TYPE_ARIA */
+
+#if defined(PSA_WANT_KEY_TYPE_CAMELLIA)
+ if( strcmp( "PSA_WANT_KEY_TYPE_CAMELLIA", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( PSA_WANT_KEY_TYPE_CAMELLIA );
+ return( 0 );
+ }
+#endif /* PSA_WANT_KEY_TYPE_CAMELLIA */
+
+#if defined(PSA_WANT_KEY_TYPE_CHACHA20)
+ if( strcmp( "PSA_WANT_KEY_TYPE_CHACHA20", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( PSA_WANT_KEY_TYPE_CHACHA20 );
+ return( 0 );
+ }
+#endif /* PSA_WANT_KEY_TYPE_CHACHA20 */
+
+#if defined(PSA_WANT_KEY_TYPE_DES)
+ if( strcmp( "PSA_WANT_KEY_TYPE_DES", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( PSA_WANT_KEY_TYPE_DES );
+ return( 0 );
+ }
+#endif /* PSA_WANT_KEY_TYPE_DES */
+
+#if defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR)
+ if( strcmp( "PSA_WANT_KEY_TYPE_ECC_KEY_PAIR", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( PSA_WANT_KEY_TYPE_ECC_KEY_PAIR );
+ return( 0 );
+ }
+#endif /* PSA_WANT_KEY_TYPE_ECC_KEY_PAIR */
+
+#if defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY)
+ if( strcmp( "PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY );
+ return( 0 );
+ }
+#endif /* PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY */
+
+#if defined(PSA_WANT_KEY_TYPE_DH_PUBLIC_KEY)
+ if( strcmp( "PSA_WANT_KEY_TYPE_DH_PUBLIC_KEY", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( PSA_WANT_KEY_TYPE_DH_PUBLIC_KEY );
+ return( 0 );
+ }
+#endif /* PSA_WANT_KEY_TYPE_DH_PUBLIC_KEY */
+
+#if defined(PSA_WANT_KEY_TYPE_RAW_DATA)
+ if( strcmp( "PSA_WANT_KEY_TYPE_RAW_DATA", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( PSA_WANT_KEY_TYPE_RAW_DATA );
+ return( 0 );
+ }
+#endif /* PSA_WANT_KEY_TYPE_RAW_DATA */
+
+#if defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR)
+ if( strcmp( "PSA_WANT_KEY_TYPE_RSA_KEY_PAIR", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( PSA_WANT_KEY_TYPE_RSA_KEY_PAIR );
+ return( 0 );
+ }
+#endif /* PSA_WANT_KEY_TYPE_RSA_KEY_PAIR */
+
+#if defined(PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY)
+ if( strcmp( "PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY );
+ return( 0 );
+ }
+#endif /* PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY */
+
+#if defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC)
+ if( strcmp( "PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC );
+ return( 0 );
+ }
+#endif /* PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC */
+
+#if defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT)
+ if( strcmp( "PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT );
+ return( 0 );
+ }
+#endif /* PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT */
+
+#if defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT)
+ if( strcmp( "PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT );
+ return( 0 );
+ }
+#endif /* PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT */
+
+#if defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE)
+ if( strcmp( "PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE );
+ return( 0 );
+ }
+#endif /* PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE */
+
+#if defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE)
+ if( strcmp( "PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE );
+ return( 0 );
+ }
+#endif /* PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE */
+
+#if defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC)
+ if( strcmp( "PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC );
+ return( 0 );
+ }
+#endif /* PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC */
+
+#if defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT)
+ if( strcmp( "PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT );
+ return( 0 );
+ }
+#endif /* PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT */
+
+#if defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_EXPORT)
+ if( strcmp( "PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_EXPORT", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_EXPORT );
+ return( 0 );
+ }
+#endif /* PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_EXPORT */
+
+#if defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE)
+ if( strcmp( "PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE );
+ return( 0 );
+ }
+#endif /* PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE */
+
+#if defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_DERIVE)
+ if( strcmp( "PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_DERIVE", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_DERIVE );
+ return( 0 );
+ }
+#endif /* PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_DERIVE */
+
+#if defined(PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC)
+ if( strcmp( "PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC );
+ return( 0 );
+ }
+#endif /* PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC */
+
+#if defined(PSA_WANT_KEY_TYPE_DH_KEY_PAIR_IMPORT)
+ if( strcmp( "PSA_WANT_KEY_TYPE_DH_KEY_PAIR_IMPORT", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( PSA_WANT_KEY_TYPE_DH_KEY_PAIR_IMPORT );
+ return( 0 );
+ }
+#endif /* PSA_WANT_KEY_TYPE_DH_KEY_PAIR_IMPORT */
+
+#if defined(PSA_WANT_KEY_TYPE_DH_KEY_PAIR_EXPORT)
+ if( strcmp( "PSA_WANT_KEY_TYPE_DH_KEY_PAIR_EXPORT", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( PSA_WANT_KEY_TYPE_DH_KEY_PAIR_EXPORT );
+ return( 0 );
+ }
+#endif /* PSA_WANT_KEY_TYPE_DH_KEY_PAIR_EXPORT */
+
+#if defined(PSA_WANT_KEY_TYPE_DH_KEY_PAIR_GENERATE)
+ if( strcmp( "PSA_WANT_KEY_TYPE_DH_KEY_PAIR_GENERATE", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( PSA_WANT_KEY_TYPE_DH_KEY_PAIR_GENERATE );
+ return( 0 );
+ }
+#endif /* PSA_WANT_KEY_TYPE_DH_KEY_PAIR_GENERATE */
+
+#if defined(PSA_WANT_KEY_TYPE_DH_KEY_PAIR_DERIVE)
+ if( strcmp( "PSA_WANT_KEY_TYPE_DH_KEY_PAIR_DERIVE", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( PSA_WANT_KEY_TYPE_DH_KEY_PAIR_DERIVE );
+ return( 0 );
+ }
+#endif /* PSA_WANT_KEY_TYPE_DH_KEY_PAIR_DERIVE */
+
+ /* If the symbol is not found, return an error */
+ return 1;
+}
+
+void list_config(void)
+{
+ #if defined(MBEDTLS_CONFIG_VERSION)
+ OUTPUT_MACRO_NAME_VALUE(MBEDTLS_CONFIG_VERSION);
+#endif /* MBEDTLS_CONFIG_VERSION */
+
+#if defined(MBEDTLS_HAVE_ASM)
+ OUTPUT_MACRO_NAME_VALUE(MBEDTLS_HAVE_ASM);
+#endif /* MBEDTLS_HAVE_ASM */
+
+#if defined(MBEDTLS_NO_UDBL_DIVISION)
+ OUTPUT_MACRO_NAME_VALUE(MBEDTLS_NO_UDBL_DIVISION);
+#endif /* MBEDTLS_NO_UDBL_DIVISION */
+
+#if defined(MBEDTLS_NO_64BIT_MULTIPLICATION)
+ OUTPUT_MACRO_NAME_VALUE(MBEDTLS_NO_64BIT_MULTIPLICATION);
+#endif /* MBEDTLS_NO_64BIT_MULTIPLICATION */
+
+#if defined(MBEDTLS_HAVE_SSE2)
+ OUTPUT_MACRO_NAME_VALUE(MBEDTLS_HAVE_SSE2);
+#endif /* MBEDTLS_HAVE_SSE2 */
+
+#if defined(MBEDTLS_HAVE_TIME)
+ OUTPUT_MACRO_NAME_VALUE(MBEDTLS_HAVE_TIME);
+#endif /* MBEDTLS_HAVE_TIME */
+
+#if defined(MBEDTLS_HAVE_TIME_DATE)
+ OUTPUT_MACRO_NAME_VALUE(MBEDTLS_HAVE_TIME_DATE);
+#endif /* MBEDTLS_HAVE_TIME_DATE */
+
+#if defined(MBEDTLS_PLATFORM_MEMORY)
+ OUTPUT_MACRO_NAME_VALUE(MBEDTLS_PLATFORM_MEMORY);
+#endif /* MBEDTLS_PLATFORM_MEMORY */
+
+#if defined(MBEDTLS_PLATFORM_NO_STD_FUNCTIONS)
+ OUTPUT_MACRO_NAME_VALUE(MBEDTLS_PLATFORM_NO_STD_FUNCTIONS);
+#endif /* MBEDTLS_PLATFORM_NO_STD_FUNCTIONS */
+
+#if defined(MBEDTLS_PLATFORM_SETBUF_ALT)
+ OUTPUT_MACRO_NAME_VALUE(MBEDTLS_PLATFORM_SETBUF_ALT);
+#endif /* MBEDTLS_PLATFORM_SETBUF_ALT */
+
+#if defined(MBEDTLS_PLATFORM_EXIT_ALT)
+ OUTPUT_MACRO_NAME_VALUE(MBEDTLS_PLATFORM_EXIT_ALT);
+#endif /* MBEDTLS_PLATFORM_EXIT_ALT */
+
+#if defined(MBEDTLS_PLATFORM_TIME_ALT)
+ OUTPUT_MACRO_NAME_VALUE(MBEDTLS_PLATFORM_TIME_ALT);
+#endif /* MBEDTLS_PLATFORM_TIME_ALT */
+
+#if defined(MBEDTLS_PLATFORM_FPRINTF_ALT)
+ OUTPUT_MACRO_NAME_VALUE(MBEDTLS_PLATFORM_FPRINTF_ALT);
+#endif /* MBEDTLS_PLATFORM_FPRINTF_ALT */
+
+#if defined(MBEDTLS_PLATFORM_PRINTF_ALT)
+ OUTPUT_MACRO_NAME_VALUE(MBEDTLS_PLATFORM_PRINTF_ALT);
+#endif /* MBEDTLS_PLATFORM_PRINTF_ALT */
+
+#if defined(MBEDTLS_PLATFORM_SNPRINTF_ALT)
+ OUTPUT_MACRO_NAME_VALUE(MBEDTLS_PLATFORM_SNPRINTF_ALT);
+#endif /* MBEDTLS_PLATFORM_SNPRINTF_ALT */
+
+#if defined(MBEDTLS_PLATFORM_VSNPRINTF_ALT)
+ OUTPUT_MACRO_NAME_VALUE(MBEDTLS_PLATFORM_VSNPRINTF_ALT);
+#endif /* MBEDTLS_PLATFORM_VSNPRINTF_ALT */
+
+#if defined(MBEDTLS_PLATFORM_NV_SEED_ALT)
+ OUTPUT_MACRO_NAME_VALUE(MBEDTLS_PLATFORM_NV_SEED_ALT);
+#endif /* MBEDTLS_PLATFORM_NV_SEED_ALT */
+
+#if defined(MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT)
+ OUTPUT_MACRO_NAME_VALUE(MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT);
+#endif /* MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT */
+
+#if defined(MBEDTLS_PLATFORM_MS_TIME_ALT)
+ OUTPUT_MACRO_NAME_VALUE(MBEDTLS_PLATFORM_MS_TIME_ALT);
+#endif /* MBEDTLS_PLATFORM_MS_TIME_ALT */
+
+#if defined(MBEDTLS_PLATFORM_GMTIME_R_ALT)
+ OUTPUT_MACRO_NAME_VALUE(MBEDTLS_PLATFORM_GMTIME_R_ALT);
+#endif /* MBEDTLS_PLATFORM_GMTIME_R_ALT */
+
+#if defined(MBEDTLS_PLATFORM_ZEROIZE_ALT)
+ OUTPUT_MACRO_NAME_VALUE(MBEDTLS_PLATFORM_ZEROIZE_ALT);
+#endif /* MBEDTLS_PLATFORM_ZEROIZE_ALT */
+
+#if defined(MBEDTLS_DEPRECATED_WARNING)
+ OUTPUT_MACRO_NAME_VALUE(MBEDTLS_DEPRECATED_WARNING);
+#endif /* MBEDTLS_DEPRECATED_WARNING */
+
+#if defined(MBEDTLS_DEPRECATED_REMOVED)
+ OUTPUT_MACRO_NAME_VALUE(MBEDTLS_DEPRECATED_REMOVED);
+#endif /* MBEDTLS_DEPRECATED_REMOVED */
+
+#if defined(MBEDTLS_TIMING_ALT)
+ OUTPUT_MACRO_NAME_VALUE(MBEDTLS_TIMING_ALT);
+#endif /* MBEDTLS_TIMING_ALT */
+
+#if defined(MBEDTLS_AES_ALT)
+ OUTPUT_MACRO_NAME_VALUE(MBEDTLS_AES_ALT);
+#endif /* MBEDTLS_AES_ALT */
+
+#if defined(MBEDTLS_ARIA_ALT)
+ OUTPUT_MACRO_NAME_VALUE(MBEDTLS_ARIA_ALT);
+#endif /* MBEDTLS_ARIA_ALT */
+
+#if defined(MBEDTLS_CAMELLIA_ALT)
+ OUTPUT_MACRO_NAME_VALUE(MBEDTLS_CAMELLIA_ALT);
+#endif /* MBEDTLS_CAMELLIA_ALT */
+
+#if defined(MBEDTLS_CCM_ALT)
+ OUTPUT_MACRO_NAME_VALUE(MBEDTLS_CCM_ALT);
+#endif /* MBEDTLS_CCM_ALT */
+
+#if defined(MBEDTLS_CHACHA20_ALT)
+ OUTPUT_MACRO_NAME_VALUE(MBEDTLS_CHACHA20_ALT);
+#endif /* MBEDTLS_CHACHA20_ALT */
+
+#if defined(MBEDTLS_CHACHAPOLY_ALT)
+ OUTPUT_MACRO_NAME_VALUE(MBEDTLS_CHACHAPOLY_ALT);
+#endif /* MBEDTLS_CHACHAPOLY_ALT */
+
+#if defined(MBEDTLS_CMAC_ALT)
+ OUTPUT_MACRO_NAME_VALUE(MBEDTLS_CMAC_ALT);
+#endif /* MBEDTLS_CMAC_ALT */
+
+#if defined(MBEDTLS_DES_ALT)
+ OUTPUT_MACRO_NAME_VALUE(MBEDTLS_DES_ALT);
+#endif /* MBEDTLS_DES_ALT */
+
+#if defined(MBEDTLS_DHM_ALT)
+ OUTPUT_MACRO_NAME_VALUE(MBEDTLS_DHM_ALT);
+#endif /* MBEDTLS_DHM_ALT */
+
+#if defined(MBEDTLS_ECJPAKE_ALT)
+ OUTPUT_MACRO_NAME_VALUE(MBEDTLS_ECJPAKE_ALT);
+#endif /* MBEDTLS_ECJPAKE_ALT */
+
+#if defined(MBEDTLS_GCM_ALT)
+ OUTPUT_MACRO_NAME_VALUE(MBEDTLS_GCM_ALT);
+#endif /* MBEDTLS_GCM_ALT */
+
+#if defined(MBEDTLS_NIST_KW_ALT)
+ OUTPUT_MACRO_NAME_VALUE(MBEDTLS_NIST_KW_ALT);
+#endif /* MBEDTLS_NIST_KW_ALT */
+
+#if defined(MBEDTLS_MD5_ALT)
+ OUTPUT_MACRO_NAME_VALUE(MBEDTLS_MD5_ALT);
+#endif /* MBEDTLS_MD5_ALT */
+
+#if defined(MBEDTLS_POLY1305_ALT)
+ OUTPUT_MACRO_NAME_VALUE(MBEDTLS_POLY1305_ALT);
+#endif /* MBEDTLS_POLY1305_ALT */
+
+#if defined(MBEDTLS_RIPEMD160_ALT)
+ OUTPUT_MACRO_NAME_VALUE(MBEDTLS_RIPEMD160_ALT);
+#endif /* MBEDTLS_RIPEMD160_ALT */
+
+#if defined(MBEDTLS_RSA_ALT)
+ OUTPUT_MACRO_NAME_VALUE(MBEDTLS_RSA_ALT);
+#endif /* MBEDTLS_RSA_ALT */
+
+#if defined(MBEDTLS_SHA1_ALT)
+ OUTPUT_MACRO_NAME_VALUE(MBEDTLS_SHA1_ALT);
+#endif /* MBEDTLS_SHA1_ALT */
+
+#if defined(MBEDTLS_SHA256_ALT)
+ OUTPUT_MACRO_NAME_VALUE(MBEDTLS_SHA256_ALT);
+#endif /* MBEDTLS_SHA256_ALT */
+
+#if defined(MBEDTLS_SHA512_ALT)
+ OUTPUT_MACRO_NAME_VALUE(MBEDTLS_SHA512_ALT);
+#endif /* MBEDTLS_SHA512_ALT */
+
+#if defined(MBEDTLS_ECP_ALT)
+ OUTPUT_MACRO_NAME_VALUE(MBEDTLS_ECP_ALT);
+#endif /* MBEDTLS_ECP_ALT */
+
+#if defined(MBEDTLS_MD5_PROCESS_ALT)
+ OUTPUT_MACRO_NAME_VALUE(MBEDTLS_MD5_PROCESS_ALT);
+#endif /* MBEDTLS_MD5_PROCESS_ALT */
+
+#if defined(MBEDTLS_RIPEMD160_PROCESS_ALT)
+ OUTPUT_MACRO_NAME_VALUE(MBEDTLS_RIPEMD160_PROCESS_ALT);
+#endif /* MBEDTLS_RIPEMD160_PROCESS_ALT */
+
+#if defined(MBEDTLS_SHA1_PROCESS_ALT)
+ OUTPUT_MACRO_NAME_VALUE(MBEDTLS_SHA1_PROCESS_ALT);
+#endif /* MBEDTLS_SHA1_PROCESS_ALT */
+
+#if defined(MBEDTLS_SHA256_PROCESS_ALT)
+ OUTPUT_MACRO_NAME_VALUE(MBEDTLS_SHA256_PROCESS_ALT);
+#endif /* MBEDTLS_SHA256_PROCESS_ALT */
+
+#if defined(MBEDTLS_SHA512_PROCESS_ALT)
+ OUTPUT_MACRO_NAME_VALUE(MBEDTLS_SHA512_PROCESS_ALT);
+#endif /* MBEDTLS_SHA512_PROCESS_ALT */
+
+#if defined(MBEDTLS_DES_SETKEY_ALT)
+ OUTPUT_MACRO_NAME_VALUE(MBEDTLS_DES_SETKEY_ALT);
+#endif /* MBEDTLS_DES_SETKEY_ALT */
+
+#if defined(MBEDTLS_DES_CRYPT_ECB_ALT)
+ OUTPUT_MACRO_NAME_VALUE(MBEDTLS_DES_CRYPT_ECB_ALT);
+#endif /* MBEDTLS_DES_CRYPT_ECB_ALT */
+
+#if defined(MBEDTLS_DES3_CRYPT_ECB_ALT)
+ OUTPUT_MACRO_NAME_VALUE(MBEDTLS_DES3_CRYPT_ECB_ALT);
+#endif /* MBEDTLS_DES3_CRYPT_ECB_ALT */
+
+#if defined(MBEDTLS_AES_SETKEY_ENC_ALT)
+ OUTPUT_MACRO_NAME_VALUE(MBEDTLS_AES_SETKEY_ENC_ALT);
+#endif /* MBEDTLS_AES_SETKEY_ENC_ALT */
+
+#if defined(MBEDTLS_AES_SETKEY_DEC_ALT)
+ OUTPUT_MACRO_NAME_VALUE(MBEDTLS_AES_SETKEY_DEC_ALT);
+#endif /* MBEDTLS_AES_SETKEY_DEC_ALT */
+
+#if defined(MBEDTLS_AES_ENCRYPT_ALT)
+ OUTPUT_MACRO_NAME_VALUE(MBEDTLS_AES_ENCRYPT_ALT);
+#endif /* MBEDTLS_AES_ENCRYPT_ALT */
+
+#if defined(MBEDTLS_AES_DECRYPT_ALT)
+ OUTPUT_MACRO_NAME_VALUE(MBEDTLS_AES_DECRYPT_ALT);
+#endif /* MBEDTLS_AES_DECRYPT_ALT */
+
+#if defined(MBEDTLS_ECDH_GEN_PUBLIC_ALT)
+ OUTPUT_MACRO_NAME_VALUE(MBEDTLS_ECDH_GEN_PUBLIC_ALT);
+#endif /* MBEDTLS_ECDH_GEN_PUBLIC_ALT */
+
+#if defined(MBEDTLS_ECDH_COMPUTE_SHARED_ALT)
+ OUTPUT_MACRO_NAME_VALUE(MBEDTLS_ECDH_COMPUTE_SHARED_ALT);
+#endif /* MBEDTLS_ECDH_COMPUTE_SHARED_ALT */
+
+#if defined(MBEDTLS_ECDSA_VERIFY_ALT)
+ OUTPUT_MACRO_NAME_VALUE(MBEDTLS_ECDSA_VERIFY_ALT);
+#endif /* MBEDTLS_ECDSA_VERIFY_ALT */
+
+#if defined(MBEDTLS_ECDSA_SIGN_ALT)
+ OUTPUT_MACRO_NAME_VALUE(MBEDTLS_ECDSA_SIGN_ALT);
+#endif /* MBEDTLS_ECDSA_SIGN_ALT */
+
+#if defined(MBEDTLS_ECDSA_GENKEY_ALT)
+ OUTPUT_MACRO_NAME_VALUE(MBEDTLS_ECDSA_GENKEY_ALT);
+#endif /* MBEDTLS_ECDSA_GENKEY_ALT */
+
+#if defined(MBEDTLS_ECP_INTERNAL_ALT)
+ OUTPUT_MACRO_NAME_VALUE(MBEDTLS_ECP_INTERNAL_ALT);
+#endif /* MBEDTLS_ECP_INTERNAL_ALT */
+
+#if defined(MBEDTLS_ECP_NO_FALLBACK)
+ OUTPUT_MACRO_NAME_VALUE(MBEDTLS_ECP_NO_FALLBACK);
+#endif /* MBEDTLS_ECP_NO_FALLBACK */
+
+#if defined(MBEDTLS_ECP_RANDOMIZE_JAC_ALT)
+ OUTPUT_MACRO_NAME_VALUE(MBEDTLS_ECP_RANDOMIZE_JAC_ALT);
+#endif /* MBEDTLS_ECP_RANDOMIZE_JAC_ALT */
+
+#if defined(MBEDTLS_ECP_ADD_MIXED_ALT)
+ OUTPUT_MACRO_NAME_VALUE(MBEDTLS_ECP_ADD_MIXED_ALT);
+#endif /* MBEDTLS_ECP_ADD_MIXED_ALT */
+
+#if defined(MBEDTLS_ECP_DOUBLE_JAC_ALT)
+ OUTPUT_MACRO_NAME_VALUE(MBEDTLS_ECP_DOUBLE_JAC_ALT);
+#endif /* MBEDTLS_ECP_DOUBLE_JAC_ALT */
+
+#if defined(MBEDTLS_ECP_NORMALIZE_JAC_MANY_ALT)
+ OUTPUT_MACRO_NAME_VALUE(MBEDTLS_ECP_NORMALIZE_JAC_MANY_ALT);
+#endif /* MBEDTLS_ECP_NORMALIZE_JAC_MANY_ALT */
+
+#if defined(MBEDTLS_ECP_NORMALIZE_JAC_ALT)
+ OUTPUT_MACRO_NAME_VALUE(MBEDTLS_ECP_NORMALIZE_JAC_ALT);
+#endif /* MBEDTLS_ECP_NORMALIZE_JAC_ALT */
+
+#if defined(MBEDTLS_ECP_DOUBLE_ADD_MXZ_ALT)
+ OUTPUT_MACRO_NAME_VALUE(MBEDTLS_ECP_DOUBLE_ADD_MXZ_ALT);
+#endif /* MBEDTLS_ECP_DOUBLE_ADD_MXZ_ALT */
+
+#if defined(MBEDTLS_ECP_RANDOMIZE_MXZ_ALT)
+ OUTPUT_MACRO_NAME_VALUE(MBEDTLS_ECP_RANDOMIZE_MXZ_ALT);
+#endif /* MBEDTLS_ECP_RANDOMIZE_MXZ_ALT */
+
+#if defined(MBEDTLS_ECP_NORMALIZE_MXZ_ALT)
+ OUTPUT_MACRO_NAME_VALUE(MBEDTLS_ECP_NORMALIZE_MXZ_ALT);
+#endif /* MBEDTLS_ECP_NORMALIZE_MXZ_ALT */
+
+#if defined(MBEDTLS_ENTROPY_HARDWARE_ALT)
+ OUTPUT_MACRO_NAME_VALUE(MBEDTLS_ENTROPY_HARDWARE_ALT);
+#endif /* MBEDTLS_ENTROPY_HARDWARE_ALT */
+
+#if defined(MBEDTLS_AES_ROM_TABLES)
+ OUTPUT_MACRO_NAME_VALUE(MBEDTLS_AES_ROM_TABLES);
+#endif /* MBEDTLS_AES_ROM_TABLES */
+
+#if defined(MBEDTLS_AES_FEWER_TABLES)
+ OUTPUT_MACRO_NAME_VALUE(MBEDTLS_AES_FEWER_TABLES);
+#endif /* MBEDTLS_AES_FEWER_TABLES */
+
+#if defined(MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH)
+ OUTPUT_MACRO_NAME_VALUE(MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH);
+#endif /* MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH */
+
+#if defined(MBEDTLS_AES_USE_HARDWARE_ONLY)
+ OUTPUT_MACRO_NAME_VALUE(MBEDTLS_AES_USE_HARDWARE_ONLY);
+#endif /* MBEDTLS_AES_USE_HARDWARE_ONLY */
+
+#if defined(MBEDTLS_CAMELLIA_SMALL_MEMORY)
+ OUTPUT_MACRO_NAME_VALUE(MBEDTLS_CAMELLIA_SMALL_MEMORY);
+#endif /* MBEDTLS_CAMELLIA_SMALL_MEMORY */
+
+#if defined(MBEDTLS_CHECK_RETURN_WARNING)
+ OUTPUT_MACRO_NAME_VALUE(MBEDTLS_CHECK_RETURN_WARNING);
+#endif /* MBEDTLS_CHECK_RETURN_WARNING */
+
+#if defined(MBEDTLS_CIPHER_MODE_CBC)
+ OUTPUT_MACRO_NAME_VALUE(MBEDTLS_CIPHER_MODE_CBC);
+#endif /* MBEDTLS_CIPHER_MODE_CBC */
+
+#if defined(MBEDTLS_CIPHER_MODE_CFB)
+ OUTPUT_MACRO_NAME_VALUE(MBEDTLS_CIPHER_MODE_CFB);
+#endif /* MBEDTLS_CIPHER_MODE_CFB */
+
+#if defined(MBEDTLS_CIPHER_MODE_CTR)
+ OUTPUT_MACRO_NAME_VALUE(MBEDTLS_CIPHER_MODE_CTR);
+#endif /* MBEDTLS_CIPHER_MODE_CTR */
+
+#if defined(MBEDTLS_CIPHER_MODE_OFB)
+ OUTPUT_MACRO_NAME_VALUE(MBEDTLS_CIPHER_MODE_OFB);
+#endif /* MBEDTLS_CIPHER_MODE_OFB */
+
+#if defined(MBEDTLS_CIPHER_MODE_XTS)
+ OUTPUT_MACRO_NAME_VALUE(MBEDTLS_CIPHER_MODE_XTS);
+#endif /* MBEDTLS_CIPHER_MODE_XTS */
+
+#if defined(MBEDTLS_CIPHER_NULL_CIPHER)
+ OUTPUT_MACRO_NAME_VALUE(MBEDTLS_CIPHER_NULL_CIPHER);
+#endif /* MBEDTLS_CIPHER_NULL_CIPHER */
+
+#if defined(MBEDTLS_CIPHER_PADDING_PKCS7)
+ OUTPUT_MACRO_NAME_VALUE(MBEDTLS_CIPHER_PADDING_PKCS7);
+#endif /* MBEDTLS_CIPHER_PADDING_PKCS7 */
+
+#if defined(MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS)
+ OUTPUT_MACRO_NAME_VALUE(MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS);
+#endif /* MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS */
+
+#if defined(MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN)
+ OUTPUT_MACRO_NAME_VALUE(MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN);
+#endif /* MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN */
+
+#if defined(MBEDTLS_CIPHER_PADDING_ZEROS)
+ OUTPUT_MACRO_NAME_VALUE(MBEDTLS_CIPHER_PADDING_ZEROS);
+#endif /* MBEDTLS_CIPHER_PADDING_ZEROS */
+
+#if defined(MBEDTLS_CTR_DRBG_USE_128_BIT_KEY)
+ OUTPUT_MACRO_NAME_VALUE(MBEDTLS_CTR_DRBG_USE_128_BIT_KEY);
+#endif /* MBEDTLS_CTR_DRBG_USE_128_BIT_KEY */
+
+#if defined(MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED)
+ OUTPUT_MACRO_NAME_VALUE(MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED);
+#endif /* MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED */
+
+#if defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED)
+ OUTPUT_MACRO_NAME_VALUE(MBEDTLS_ECP_DP_SECP192R1_ENABLED);
+#endif /* MBEDTLS_ECP_DP_SECP192R1_ENABLED */
+
+#if defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED)
+ OUTPUT_MACRO_NAME_VALUE(MBEDTLS_ECP_DP_SECP224R1_ENABLED);
+#endif /* MBEDTLS_ECP_DP_SECP224R1_ENABLED */
+
+#if defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED)
+ OUTPUT_MACRO_NAME_VALUE(MBEDTLS_ECP_DP_SECP256R1_ENABLED);
+#endif /* MBEDTLS_ECP_DP_SECP256R1_ENABLED */
+
+#if defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED)
+ OUTPUT_MACRO_NAME_VALUE(MBEDTLS_ECP_DP_SECP384R1_ENABLED);
+#endif /* MBEDTLS_ECP_DP_SECP384R1_ENABLED */
+
+#if defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED)
+ OUTPUT_MACRO_NAME_VALUE(MBEDTLS_ECP_DP_SECP521R1_ENABLED);
+#endif /* MBEDTLS_ECP_DP_SECP521R1_ENABLED */
+
+#if defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED)
+ OUTPUT_MACRO_NAME_VALUE(MBEDTLS_ECP_DP_SECP192K1_ENABLED);
+#endif /* MBEDTLS_ECP_DP_SECP192K1_ENABLED */
+
+#if defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED)
+ OUTPUT_MACRO_NAME_VALUE(MBEDTLS_ECP_DP_SECP224K1_ENABLED);
+#endif /* MBEDTLS_ECP_DP_SECP224K1_ENABLED */
+
+#if defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED)
+ OUTPUT_MACRO_NAME_VALUE(MBEDTLS_ECP_DP_SECP256K1_ENABLED);
+#endif /* MBEDTLS_ECP_DP_SECP256K1_ENABLED */
+
+#if defined(MBEDTLS_ECP_DP_BP256R1_ENABLED)
+ OUTPUT_MACRO_NAME_VALUE(MBEDTLS_ECP_DP_BP256R1_ENABLED);
+#endif /* MBEDTLS_ECP_DP_BP256R1_ENABLED */
+
+#if defined(MBEDTLS_ECP_DP_BP384R1_ENABLED)
+ OUTPUT_MACRO_NAME_VALUE(MBEDTLS_ECP_DP_BP384R1_ENABLED);
+#endif /* MBEDTLS_ECP_DP_BP384R1_ENABLED */
+
+#if defined(MBEDTLS_ECP_DP_BP512R1_ENABLED)
+ OUTPUT_MACRO_NAME_VALUE(MBEDTLS_ECP_DP_BP512R1_ENABLED);
+#endif /* MBEDTLS_ECP_DP_BP512R1_ENABLED */
+
+#if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED)
+ OUTPUT_MACRO_NAME_VALUE(MBEDTLS_ECP_DP_CURVE25519_ENABLED);
+#endif /* MBEDTLS_ECP_DP_CURVE25519_ENABLED */
+
+#if defined(MBEDTLS_ECP_DP_CURVE448_ENABLED)
+ OUTPUT_MACRO_NAME_VALUE(MBEDTLS_ECP_DP_CURVE448_ENABLED);
+#endif /* MBEDTLS_ECP_DP_CURVE448_ENABLED */
+
+#if defined(MBEDTLS_ECP_NIST_OPTIM)
+ OUTPUT_MACRO_NAME_VALUE(MBEDTLS_ECP_NIST_OPTIM);
+#endif /* MBEDTLS_ECP_NIST_OPTIM */
+
+#if defined(MBEDTLS_ECP_RESTARTABLE)
+ OUTPUT_MACRO_NAME_VALUE(MBEDTLS_ECP_RESTARTABLE);
+#endif /* MBEDTLS_ECP_RESTARTABLE */
+
+#if defined(MBEDTLS_ECP_WITH_MPI_UINT)
+ OUTPUT_MACRO_NAME_VALUE(MBEDTLS_ECP_WITH_MPI_UINT);
+#endif /* MBEDTLS_ECP_WITH_MPI_UINT */
+
+#if defined(MBEDTLS_ECDSA_DETERMINISTIC)
+ OUTPUT_MACRO_NAME_VALUE(MBEDTLS_ECDSA_DETERMINISTIC);
+#endif /* MBEDTLS_ECDSA_DETERMINISTIC */
+
+#if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED)
+ OUTPUT_MACRO_NAME_VALUE(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED);
+#endif /* MBEDTLS_KEY_EXCHANGE_PSK_ENABLED */
+
+#if defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED)
+ OUTPUT_MACRO_NAME_VALUE(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED);
+#endif /* MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED */
+
+#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED)
+ OUTPUT_MACRO_NAME_VALUE(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED);
+#endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED */
+
+#if defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED)
+ OUTPUT_MACRO_NAME_VALUE(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED);
+#endif /* MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED */
+
+#if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED)
+ OUTPUT_MACRO_NAME_VALUE(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED);
+#endif /* MBEDTLS_KEY_EXCHANGE_RSA_ENABLED */
+
+#if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED)
+ OUTPUT_MACRO_NAME_VALUE(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED);
+#endif /* MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED */
+
+#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED)
+ OUTPUT_MACRO_NAME_VALUE(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED);
+#endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED */
+
+#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED)
+ OUTPUT_MACRO_NAME_VALUE(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED);
+#endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED */
+
+#if defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED)
+ OUTPUT_MACRO_NAME_VALUE(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED);
+#endif /* MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED */
+
+#if defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED)
+ OUTPUT_MACRO_NAME_VALUE(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED);
+#endif /* MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED */
+
+#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
+ OUTPUT_MACRO_NAME_VALUE(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED);
+#endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
+
+#if defined(MBEDTLS_PK_PARSE_EC_EXTENDED)
+ OUTPUT_MACRO_NAME_VALUE(MBEDTLS_PK_PARSE_EC_EXTENDED);
+#endif /* MBEDTLS_PK_PARSE_EC_EXTENDED */
+
+#if defined(MBEDTLS_PK_PARSE_EC_COMPRESSED)
+ OUTPUT_MACRO_NAME_VALUE(MBEDTLS_PK_PARSE_EC_COMPRESSED);
+#endif /* MBEDTLS_PK_PARSE_EC_COMPRESSED */
+
+#if defined(MBEDTLS_ERROR_STRERROR_DUMMY)
+ OUTPUT_MACRO_NAME_VALUE(MBEDTLS_ERROR_STRERROR_DUMMY);
+#endif /* MBEDTLS_ERROR_STRERROR_DUMMY */
+
+#if defined(MBEDTLS_GENPRIME)
+ OUTPUT_MACRO_NAME_VALUE(MBEDTLS_GENPRIME);
+#endif /* MBEDTLS_GENPRIME */
+
+#if defined(MBEDTLS_FS_IO)
+ OUTPUT_MACRO_NAME_VALUE(MBEDTLS_FS_IO);
+#endif /* MBEDTLS_FS_IO */
+
+#if defined(MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES)
+ OUTPUT_MACRO_NAME_VALUE(MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES);
+#endif /* MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES */
+
+#if defined(MBEDTLS_NO_PLATFORM_ENTROPY)
+ OUTPUT_MACRO_NAME_VALUE(MBEDTLS_NO_PLATFORM_ENTROPY);
+#endif /* MBEDTLS_NO_PLATFORM_ENTROPY */
+
+#if defined(MBEDTLS_ENTROPY_FORCE_SHA256)
+ OUTPUT_MACRO_NAME_VALUE(MBEDTLS_ENTROPY_FORCE_SHA256);
+#endif /* MBEDTLS_ENTROPY_FORCE_SHA256 */
+
+#if defined(MBEDTLS_ENTROPY_NV_SEED)
+ OUTPUT_MACRO_NAME_VALUE(MBEDTLS_ENTROPY_NV_SEED);
+#endif /* MBEDTLS_ENTROPY_NV_SEED */
+
+#if defined(MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER)
+ OUTPUT_MACRO_NAME_VALUE(MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER);
+#endif /* MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER */
+
+#if defined(MBEDTLS_MEMORY_DEBUG)
+ OUTPUT_MACRO_NAME_VALUE(MBEDTLS_MEMORY_DEBUG);
+#endif /* MBEDTLS_MEMORY_DEBUG */
+
+#if defined(MBEDTLS_MEMORY_BACKTRACE)
+ OUTPUT_MACRO_NAME_VALUE(MBEDTLS_MEMORY_BACKTRACE);
+#endif /* MBEDTLS_MEMORY_BACKTRACE */
+
+#if defined(MBEDTLS_PK_RSA_ALT_SUPPORT)
+ OUTPUT_MACRO_NAME_VALUE(MBEDTLS_PK_RSA_ALT_SUPPORT);
+#endif /* MBEDTLS_PK_RSA_ALT_SUPPORT */
+
+#if defined(MBEDTLS_PKCS1_V15)
+ OUTPUT_MACRO_NAME_VALUE(MBEDTLS_PKCS1_V15);
+#endif /* MBEDTLS_PKCS1_V15 */
+
+#if defined(MBEDTLS_PKCS1_V21)
+ OUTPUT_MACRO_NAME_VALUE(MBEDTLS_PKCS1_V21);
+#endif /* MBEDTLS_PKCS1_V21 */
+
+#if defined(MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS)
+ OUTPUT_MACRO_NAME_VALUE(MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS);
+#endif /* MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS */
+
+#if defined(MBEDTLS_PSA_CRYPTO_CLIENT)
+ OUTPUT_MACRO_NAME_VALUE(MBEDTLS_PSA_CRYPTO_CLIENT);
+#endif /* MBEDTLS_PSA_CRYPTO_CLIENT */
+
+#if defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG)
+ OUTPUT_MACRO_NAME_VALUE(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG);
+#endif /* MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG */
+
+#if defined(MBEDTLS_PSA_CRYPTO_SPM)
+ OUTPUT_MACRO_NAME_VALUE(MBEDTLS_PSA_CRYPTO_SPM);
+#endif /* MBEDTLS_PSA_CRYPTO_SPM */
+
+#if defined(MBEDTLS_PSA_P256M_DRIVER_ENABLED)
+ OUTPUT_MACRO_NAME_VALUE(MBEDTLS_PSA_P256M_DRIVER_ENABLED);
+#endif /* MBEDTLS_PSA_P256M_DRIVER_ENABLED */
+
+#if defined(MBEDTLS_PSA_INJECT_ENTROPY)
+ OUTPUT_MACRO_NAME_VALUE(MBEDTLS_PSA_INJECT_ENTROPY);
+#endif /* MBEDTLS_PSA_INJECT_ENTROPY */
+
+#if defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS)
+ OUTPUT_MACRO_NAME_VALUE(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS);
+#endif /* MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS */
+
+#if defined(MBEDTLS_RSA_NO_CRT)
+ OUTPUT_MACRO_NAME_VALUE(MBEDTLS_RSA_NO_CRT);
+#endif /* MBEDTLS_RSA_NO_CRT */
+
+#if defined(MBEDTLS_SELF_TEST)
+ OUTPUT_MACRO_NAME_VALUE(MBEDTLS_SELF_TEST);
+#endif /* MBEDTLS_SELF_TEST */
+
+#if defined(MBEDTLS_SHA256_SMALLER)
+ OUTPUT_MACRO_NAME_VALUE(MBEDTLS_SHA256_SMALLER);
+#endif /* MBEDTLS_SHA256_SMALLER */
+
+#if defined(MBEDTLS_SHA512_SMALLER)
+ OUTPUT_MACRO_NAME_VALUE(MBEDTLS_SHA512_SMALLER);
+#endif /* MBEDTLS_SHA512_SMALLER */
+
+#if defined(MBEDTLS_SSL_ALL_ALERT_MESSAGES)
+ OUTPUT_MACRO_NAME_VALUE(MBEDTLS_SSL_ALL_ALERT_MESSAGES);
+#endif /* MBEDTLS_SSL_ALL_ALERT_MESSAGES */
+
+#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
+ OUTPUT_MACRO_NAME_VALUE(MBEDTLS_SSL_DTLS_CONNECTION_ID);
+#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
+
+#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT)
+ OUTPUT_MACRO_NAME_VALUE(MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT);
+#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT */
+
+#if defined(MBEDTLS_SSL_ASYNC_PRIVATE)
+ OUTPUT_MACRO_NAME_VALUE(MBEDTLS_SSL_ASYNC_PRIVATE);
+#endif /* MBEDTLS_SSL_ASYNC_PRIVATE */
+
+#if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION)
+ OUTPUT_MACRO_NAME_VALUE(MBEDTLS_SSL_CONTEXT_SERIALIZATION);
+#endif /* MBEDTLS_SSL_CONTEXT_SERIALIZATION */
+
+#if defined(MBEDTLS_SSL_DEBUG_ALL)
+ OUTPUT_MACRO_NAME_VALUE(MBEDTLS_SSL_DEBUG_ALL);
+#endif /* MBEDTLS_SSL_DEBUG_ALL */
+
+#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
+ OUTPUT_MACRO_NAME_VALUE(MBEDTLS_SSL_ENCRYPT_THEN_MAC);
+#endif /* MBEDTLS_SSL_ENCRYPT_THEN_MAC */
+
+#if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET)
+ OUTPUT_MACRO_NAME_VALUE(MBEDTLS_SSL_EXTENDED_MASTER_SECRET);
+#endif /* MBEDTLS_SSL_EXTENDED_MASTER_SECRET */
+
+#if defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
+ OUTPUT_MACRO_NAME_VALUE(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE);
+#endif /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
+
+#if defined(MBEDTLS_SSL_RENEGOTIATION)
+ OUTPUT_MACRO_NAME_VALUE(MBEDTLS_SSL_RENEGOTIATION);
+#endif /* MBEDTLS_SSL_RENEGOTIATION */
+
+#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
+ OUTPUT_MACRO_NAME_VALUE(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH);
+#endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */
+
+#if defined(MBEDTLS_SSL_RECORD_SIZE_LIMIT)
+ OUTPUT_MACRO_NAME_VALUE(MBEDTLS_SSL_RECORD_SIZE_LIMIT);
+#endif /* MBEDTLS_SSL_RECORD_SIZE_LIMIT */
+
+#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
+ OUTPUT_MACRO_NAME_VALUE(MBEDTLS_SSL_PROTO_TLS1_2);
+#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
+
+#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
+ OUTPUT_MACRO_NAME_VALUE(MBEDTLS_SSL_PROTO_TLS1_3);
+#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
+
+#if defined(MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE)
+ OUTPUT_MACRO_NAME_VALUE(MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE);
+#endif /* MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE */
+
+#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED)
+ OUTPUT_MACRO_NAME_VALUE(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED);
+#endif /* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED */
+
+#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED)
+ OUTPUT_MACRO_NAME_VALUE(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED);
+#endif /* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED */
+
+#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED)
+ OUTPUT_MACRO_NAME_VALUE(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED);
+#endif /* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED */
+
+#if defined(MBEDTLS_SSL_EARLY_DATA)
+ OUTPUT_MACRO_NAME_VALUE(MBEDTLS_SSL_EARLY_DATA);
+#endif /* MBEDTLS_SSL_EARLY_DATA */
+
+#if defined(MBEDTLS_SSL_PROTO_DTLS)
+ OUTPUT_MACRO_NAME_VALUE(MBEDTLS_SSL_PROTO_DTLS);
+#endif /* MBEDTLS_SSL_PROTO_DTLS */
+
+#if defined(MBEDTLS_SSL_ALPN)
+ OUTPUT_MACRO_NAME_VALUE(MBEDTLS_SSL_ALPN);
+#endif /* MBEDTLS_SSL_ALPN */
+
+#if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY)
+ OUTPUT_MACRO_NAME_VALUE(MBEDTLS_SSL_DTLS_ANTI_REPLAY);
+#endif /* MBEDTLS_SSL_DTLS_ANTI_REPLAY */
+
+#if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY)
+ OUTPUT_MACRO_NAME_VALUE(MBEDTLS_SSL_DTLS_HELLO_VERIFY);
+#endif /* MBEDTLS_SSL_DTLS_HELLO_VERIFY */
+
+#if defined(MBEDTLS_SSL_DTLS_SRTP)
+ OUTPUT_MACRO_NAME_VALUE(MBEDTLS_SSL_DTLS_SRTP);
+#endif /* MBEDTLS_SSL_DTLS_SRTP */
+
+#if defined(MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE)
+ OUTPUT_MACRO_NAME_VALUE(MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE);
+#endif /* MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE */
+
+#if defined(MBEDTLS_SSL_SESSION_TICKETS)
+ OUTPUT_MACRO_NAME_VALUE(MBEDTLS_SSL_SESSION_TICKETS);
+#endif /* MBEDTLS_SSL_SESSION_TICKETS */
+
+#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
+ OUTPUT_MACRO_NAME_VALUE(MBEDTLS_SSL_SERVER_NAME_INDICATION);
+#endif /* MBEDTLS_SSL_SERVER_NAME_INDICATION */
+
+#if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH)
+ OUTPUT_MACRO_NAME_VALUE(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH);
+#endif /* MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH */
+
+#if defined(MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN)
+ OUTPUT_MACRO_NAME_VALUE(MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN);
+#endif /* MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN */
+
+#if defined(MBEDTLS_TEST_CONSTANT_FLOW_VALGRIND)
+ OUTPUT_MACRO_NAME_VALUE(MBEDTLS_TEST_CONSTANT_FLOW_VALGRIND);
+#endif /* MBEDTLS_TEST_CONSTANT_FLOW_VALGRIND */
+
+#if defined(MBEDTLS_TEST_HOOKS)
+ OUTPUT_MACRO_NAME_VALUE(MBEDTLS_TEST_HOOKS);
+#endif /* MBEDTLS_TEST_HOOKS */
+
+#if defined(MBEDTLS_THREADING_ALT)
+ OUTPUT_MACRO_NAME_VALUE(MBEDTLS_THREADING_ALT);
+#endif /* MBEDTLS_THREADING_ALT */
+
+#if defined(MBEDTLS_THREADING_PTHREAD)
+ OUTPUT_MACRO_NAME_VALUE(MBEDTLS_THREADING_PTHREAD);
+#endif /* MBEDTLS_THREADING_PTHREAD */
+
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ OUTPUT_MACRO_NAME_VALUE(MBEDTLS_USE_PSA_CRYPTO);
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+
+#if defined(MBEDTLS_PSA_CRYPTO_CONFIG)
+ OUTPUT_MACRO_NAME_VALUE(MBEDTLS_PSA_CRYPTO_CONFIG);
+#endif /* MBEDTLS_PSA_CRYPTO_CONFIG */
+
+#if defined(MBEDTLS_VERSION_FEATURES)
+ OUTPUT_MACRO_NAME_VALUE(MBEDTLS_VERSION_FEATURES);
+#endif /* MBEDTLS_VERSION_FEATURES */
+
+#if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK)
+ OUTPUT_MACRO_NAME_VALUE(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK);
+#endif /* MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK */
+
+#if defined(MBEDTLS_X509_REMOVE_INFO)
+ OUTPUT_MACRO_NAME_VALUE(MBEDTLS_X509_REMOVE_INFO);
+#endif /* MBEDTLS_X509_REMOVE_INFO */
+
+#if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT)
+ OUTPUT_MACRO_NAME_VALUE(MBEDTLS_X509_RSASSA_PSS_SUPPORT);
+#endif /* MBEDTLS_X509_RSASSA_PSS_SUPPORT */
+
+#if defined(MBEDTLS_AESNI_C)
+ OUTPUT_MACRO_NAME_VALUE(MBEDTLS_AESNI_C);
+#endif /* MBEDTLS_AESNI_C */
+
+#if defined(MBEDTLS_AESCE_C)
+ OUTPUT_MACRO_NAME_VALUE(MBEDTLS_AESCE_C);
+#endif /* MBEDTLS_AESCE_C */
+
+#if defined(MBEDTLS_AES_C)
+ OUTPUT_MACRO_NAME_VALUE(MBEDTLS_AES_C);
+#endif /* MBEDTLS_AES_C */
+
+#if defined(MBEDTLS_ASN1_PARSE_C)
+ OUTPUT_MACRO_NAME_VALUE(MBEDTLS_ASN1_PARSE_C);
+#endif /* MBEDTLS_ASN1_PARSE_C */
+
+#if defined(MBEDTLS_ASN1_WRITE_C)
+ OUTPUT_MACRO_NAME_VALUE(MBEDTLS_ASN1_WRITE_C);
+#endif /* MBEDTLS_ASN1_WRITE_C */
+
+#if defined(MBEDTLS_BASE64_C)
+ OUTPUT_MACRO_NAME_VALUE(MBEDTLS_BASE64_C);
+#endif /* MBEDTLS_BASE64_C */
+
+#if defined(MBEDTLS_BLOCK_CIPHER_NO_DECRYPT)
+ OUTPUT_MACRO_NAME_VALUE(MBEDTLS_BLOCK_CIPHER_NO_DECRYPT);
+#endif /* MBEDTLS_BLOCK_CIPHER_NO_DECRYPT */
+
+#if defined(MBEDTLS_BIGNUM_C)
+ OUTPUT_MACRO_NAME_VALUE(MBEDTLS_BIGNUM_C);
+#endif /* MBEDTLS_BIGNUM_C */
+
+#if defined(MBEDTLS_CAMELLIA_C)
+ OUTPUT_MACRO_NAME_VALUE(MBEDTLS_CAMELLIA_C);
+#endif /* MBEDTLS_CAMELLIA_C */
+
+#if defined(MBEDTLS_ARIA_C)
+ OUTPUT_MACRO_NAME_VALUE(MBEDTLS_ARIA_C);
+#endif /* MBEDTLS_ARIA_C */
+
+#if defined(MBEDTLS_CCM_C)
+ OUTPUT_MACRO_NAME_VALUE(MBEDTLS_CCM_C);
+#endif /* MBEDTLS_CCM_C */
+
+#if defined(MBEDTLS_CHACHA20_C)
+ OUTPUT_MACRO_NAME_VALUE(MBEDTLS_CHACHA20_C);
+#endif /* MBEDTLS_CHACHA20_C */
+
+#if defined(MBEDTLS_CHACHAPOLY_C)
+ OUTPUT_MACRO_NAME_VALUE(MBEDTLS_CHACHAPOLY_C);
+#endif /* MBEDTLS_CHACHAPOLY_C */
+
+#if defined(MBEDTLS_CIPHER_C)
+ OUTPUT_MACRO_NAME_VALUE(MBEDTLS_CIPHER_C);
+#endif /* MBEDTLS_CIPHER_C */
+
+#if defined(MBEDTLS_CMAC_C)
+ OUTPUT_MACRO_NAME_VALUE(MBEDTLS_CMAC_C);
+#endif /* MBEDTLS_CMAC_C */
+
+#if defined(MBEDTLS_CTR_DRBG_C)
+ OUTPUT_MACRO_NAME_VALUE(MBEDTLS_CTR_DRBG_C);
+#endif /* MBEDTLS_CTR_DRBG_C */
+
+#if defined(MBEDTLS_DEBUG_C)
+ OUTPUT_MACRO_NAME_VALUE(MBEDTLS_DEBUG_C);
+#endif /* MBEDTLS_DEBUG_C */
+
+#if defined(MBEDTLS_DES_C)
+ OUTPUT_MACRO_NAME_VALUE(MBEDTLS_DES_C);
+#endif /* MBEDTLS_DES_C */
+
+#if defined(MBEDTLS_DHM_C)
+ OUTPUT_MACRO_NAME_VALUE(MBEDTLS_DHM_C);
+#endif /* MBEDTLS_DHM_C */
+
+#if defined(MBEDTLS_ECDH_C)
+ OUTPUT_MACRO_NAME_VALUE(MBEDTLS_ECDH_C);
+#endif /* MBEDTLS_ECDH_C */
+
+#if defined(MBEDTLS_ECDSA_C)
+ OUTPUT_MACRO_NAME_VALUE(MBEDTLS_ECDSA_C);
+#endif /* MBEDTLS_ECDSA_C */
+
+#if defined(MBEDTLS_ECJPAKE_C)
+ OUTPUT_MACRO_NAME_VALUE(MBEDTLS_ECJPAKE_C);
+#endif /* MBEDTLS_ECJPAKE_C */
+
+#if defined(MBEDTLS_ECP_C)
+ OUTPUT_MACRO_NAME_VALUE(MBEDTLS_ECP_C);
+#endif /* MBEDTLS_ECP_C */
+
+#if defined(MBEDTLS_ENTROPY_C)
+ OUTPUT_MACRO_NAME_VALUE(MBEDTLS_ENTROPY_C);
+#endif /* MBEDTLS_ENTROPY_C */
+
+#if defined(MBEDTLS_ERROR_C)
+ OUTPUT_MACRO_NAME_VALUE(MBEDTLS_ERROR_C);
+#endif /* MBEDTLS_ERROR_C */
+
+#if defined(MBEDTLS_GCM_C)
+ OUTPUT_MACRO_NAME_VALUE(MBEDTLS_GCM_C);
+#endif /* MBEDTLS_GCM_C */
+
+#if defined(MBEDTLS_GCM_LARGE_TABLE)
+ OUTPUT_MACRO_NAME_VALUE(MBEDTLS_GCM_LARGE_TABLE);
+#endif /* MBEDTLS_GCM_LARGE_TABLE */
+
+#if defined(MBEDTLS_HKDF_C)
+ OUTPUT_MACRO_NAME_VALUE(MBEDTLS_HKDF_C);
+#endif /* MBEDTLS_HKDF_C */
+
+#if defined(MBEDTLS_HMAC_DRBG_C)
+ OUTPUT_MACRO_NAME_VALUE(MBEDTLS_HMAC_DRBG_C);
+#endif /* MBEDTLS_HMAC_DRBG_C */
+
+#if defined(MBEDTLS_LMS_C)
+ OUTPUT_MACRO_NAME_VALUE(MBEDTLS_LMS_C);
+#endif /* MBEDTLS_LMS_C */
+
+#if defined(MBEDTLS_LMS_PRIVATE)
+ OUTPUT_MACRO_NAME_VALUE(MBEDTLS_LMS_PRIVATE);
+#endif /* MBEDTLS_LMS_PRIVATE */
+
+#if defined(MBEDTLS_NIST_KW_C)
+ OUTPUT_MACRO_NAME_VALUE(MBEDTLS_NIST_KW_C);
+#endif /* MBEDTLS_NIST_KW_C */
+
+#if defined(MBEDTLS_MD_C)
+ OUTPUT_MACRO_NAME_VALUE(MBEDTLS_MD_C);
+#endif /* MBEDTLS_MD_C */
+
+#if defined(MBEDTLS_MD5_C)
+ OUTPUT_MACRO_NAME_VALUE(MBEDTLS_MD5_C);
+#endif /* MBEDTLS_MD5_C */
+
+#if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C)
+ OUTPUT_MACRO_NAME_VALUE(MBEDTLS_MEMORY_BUFFER_ALLOC_C);
+#endif /* MBEDTLS_MEMORY_BUFFER_ALLOC_C */
+
+#if defined(MBEDTLS_NET_C)
+ OUTPUT_MACRO_NAME_VALUE(MBEDTLS_NET_C);
+#endif /* MBEDTLS_NET_C */
+
+#if defined(MBEDTLS_OID_C)
+ OUTPUT_MACRO_NAME_VALUE(MBEDTLS_OID_C);
+#endif /* MBEDTLS_OID_C */
+
+#if defined(MBEDTLS_PADLOCK_C)
+ OUTPUT_MACRO_NAME_VALUE(MBEDTLS_PADLOCK_C);
+#endif /* MBEDTLS_PADLOCK_C */
+
+#if defined(MBEDTLS_PEM_PARSE_C)
+ OUTPUT_MACRO_NAME_VALUE(MBEDTLS_PEM_PARSE_C);
+#endif /* MBEDTLS_PEM_PARSE_C */
+
+#if defined(MBEDTLS_PEM_WRITE_C)
+ OUTPUT_MACRO_NAME_VALUE(MBEDTLS_PEM_WRITE_C);
+#endif /* MBEDTLS_PEM_WRITE_C */
+
+#if defined(MBEDTLS_PK_C)
+ OUTPUT_MACRO_NAME_VALUE(MBEDTLS_PK_C);
+#endif /* MBEDTLS_PK_C */
+
+#if defined(MBEDTLS_PK_PARSE_C)
+ OUTPUT_MACRO_NAME_VALUE(MBEDTLS_PK_PARSE_C);
+#endif /* MBEDTLS_PK_PARSE_C */
+
+#if defined(MBEDTLS_PK_WRITE_C)
+ OUTPUT_MACRO_NAME_VALUE(MBEDTLS_PK_WRITE_C);
+#endif /* MBEDTLS_PK_WRITE_C */
+
+#if defined(MBEDTLS_PKCS5_C)
+ OUTPUT_MACRO_NAME_VALUE(MBEDTLS_PKCS5_C);
+#endif /* MBEDTLS_PKCS5_C */
+
+#if defined(MBEDTLS_PKCS7_C)
+ OUTPUT_MACRO_NAME_VALUE(MBEDTLS_PKCS7_C);
+#endif /* MBEDTLS_PKCS7_C */
+
+#if defined(MBEDTLS_PKCS12_C)
+ OUTPUT_MACRO_NAME_VALUE(MBEDTLS_PKCS12_C);
+#endif /* MBEDTLS_PKCS12_C */
+
+#if defined(MBEDTLS_PLATFORM_C)
+ OUTPUT_MACRO_NAME_VALUE(MBEDTLS_PLATFORM_C);
+#endif /* MBEDTLS_PLATFORM_C */
+
+#if defined(MBEDTLS_POLY1305_C)
+ OUTPUT_MACRO_NAME_VALUE(MBEDTLS_POLY1305_C);
+#endif /* MBEDTLS_POLY1305_C */
+
+#if defined(MBEDTLS_PSA_CRYPTO_C)
+ OUTPUT_MACRO_NAME_VALUE(MBEDTLS_PSA_CRYPTO_C);
+#endif /* MBEDTLS_PSA_CRYPTO_C */
+
+#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
+ OUTPUT_MACRO_NAME_VALUE(MBEDTLS_PSA_CRYPTO_SE_C);
+#endif /* MBEDTLS_PSA_CRYPTO_SE_C */
+
+#if defined(MBEDTLS_PSA_CRYPTO_STORAGE_C)
+ OUTPUT_MACRO_NAME_VALUE(MBEDTLS_PSA_CRYPTO_STORAGE_C);
+#endif /* MBEDTLS_PSA_CRYPTO_STORAGE_C */
+
+#if defined(MBEDTLS_PSA_ITS_FILE_C)
+ OUTPUT_MACRO_NAME_VALUE(MBEDTLS_PSA_ITS_FILE_C);
+#endif /* MBEDTLS_PSA_ITS_FILE_C */
+
+#if defined(MBEDTLS_RIPEMD160_C)
+ OUTPUT_MACRO_NAME_VALUE(MBEDTLS_RIPEMD160_C);
+#endif /* MBEDTLS_RIPEMD160_C */
+
+#if defined(MBEDTLS_RSA_C)
+ OUTPUT_MACRO_NAME_VALUE(MBEDTLS_RSA_C);
+#endif /* MBEDTLS_RSA_C */
+
+#if defined(MBEDTLS_SHA1_C)
+ OUTPUT_MACRO_NAME_VALUE(MBEDTLS_SHA1_C);
+#endif /* MBEDTLS_SHA1_C */
+
+#if defined(MBEDTLS_SHA224_C)
+ OUTPUT_MACRO_NAME_VALUE(MBEDTLS_SHA224_C);
+#endif /* MBEDTLS_SHA224_C */
+
+#if defined(MBEDTLS_SHA256_C)
+ OUTPUT_MACRO_NAME_VALUE(MBEDTLS_SHA256_C);
+#endif /* MBEDTLS_SHA256_C */
+
+#if defined(MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_IF_PRESENT)
+ OUTPUT_MACRO_NAME_VALUE(MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_IF_PRESENT);
+#endif /* MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_IF_PRESENT */
+
+#if defined(MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT)
+ OUTPUT_MACRO_NAME_VALUE(MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT);
+#endif /* MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT */
+
+#if defined(MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_ONLY)
+ OUTPUT_MACRO_NAME_VALUE(MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_ONLY);
+#endif /* MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_ONLY */
+
+#if defined(MBEDTLS_SHA256_USE_A64_CRYPTO_ONLY)
+ OUTPUT_MACRO_NAME_VALUE(MBEDTLS_SHA256_USE_A64_CRYPTO_ONLY);
+#endif /* MBEDTLS_SHA256_USE_A64_CRYPTO_ONLY */
+
+#if defined(MBEDTLS_SHA384_C)
+ OUTPUT_MACRO_NAME_VALUE(MBEDTLS_SHA384_C);
+#endif /* MBEDTLS_SHA384_C */
+
+#if defined(MBEDTLS_SHA512_C)
+ OUTPUT_MACRO_NAME_VALUE(MBEDTLS_SHA512_C);
+#endif /* MBEDTLS_SHA512_C */
+
+#if defined(MBEDTLS_SHA3_C)
+ OUTPUT_MACRO_NAME_VALUE(MBEDTLS_SHA3_C);
+#endif /* MBEDTLS_SHA3_C */
+
+#if defined(MBEDTLS_SHA512_USE_A64_CRYPTO_IF_PRESENT)
+ OUTPUT_MACRO_NAME_VALUE(MBEDTLS_SHA512_USE_A64_CRYPTO_IF_PRESENT);
+#endif /* MBEDTLS_SHA512_USE_A64_CRYPTO_IF_PRESENT */
+
+#if defined(MBEDTLS_SHA512_USE_A64_CRYPTO_ONLY)
+ OUTPUT_MACRO_NAME_VALUE(MBEDTLS_SHA512_USE_A64_CRYPTO_ONLY);
+#endif /* MBEDTLS_SHA512_USE_A64_CRYPTO_ONLY */
+
+#if defined(MBEDTLS_SSL_CACHE_C)
+ OUTPUT_MACRO_NAME_VALUE(MBEDTLS_SSL_CACHE_C);
+#endif /* MBEDTLS_SSL_CACHE_C */
+
+#if defined(MBEDTLS_SSL_COOKIE_C)
+ OUTPUT_MACRO_NAME_VALUE(MBEDTLS_SSL_COOKIE_C);
+#endif /* MBEDTLS_SSL_COOKIE_C */
+
+#if defined(MBEDTLS_SSL_TICKET_C)
+ OUTPUT_MACRO_NAME_VALUE(MBEDTLS_SSL_TICKET_C);
+#endif /* MBEDTLS_SSL_TICKET_C */
+
+#if defined(MBEDTLS_SSL_CLI_C)
+ OUTPUT_MACRO_NAME_VALUE(MBEDTLS_SSL_CLI_C);
+#endif /* MBEDTLS_SSL_CLI_C */
+
+#if defined(MBEDTLS_SSL_SRV_C)
+ OUTPUT_MACRO_NAME_VALUE(MBEDTLS_SSL_SRV_C);
+#endif /* MBEDTLS_SSL_SRV_C */
+
+#if defined(MBEDTLS_SSL_TLS_C)
+ OUTPUT_MACRO_NAME_VALUE(MBEDTLS_SSL_TLS_C);
+#endif /* MBEDTLS_SSL_TLS_C */
+
+#if defined(MBEDTLS_THREADING_C)
+ OUTPUT_MACRO_NAME_VALUE(MBEDTLS_THREADING_C);
+#endif /* MBEDTLS_THREADING_C */
+
+#if defined(MBEDTLS_TIMING_C)
+ OUTPUT_MACRO_NAME_VALUE(MBEDTLS_TIMING_C);
+#endif /* MBEDTLS_TIMING_C */
+
+#if defined(MBEDTLS_VERSION_C)
+ OUTPUT_MACRO_NAME_VALUE(MBEDTLS_VERSION_C);
+#endif /* MBEDTLS_VERSION_C */
+
+#if defined(MBEDTLS_X509_USE_C)
+ OUTPUT_MACRO_NAME_VALUE(MBEDTLS_X509_USE_C);
+#endif /* MBEDTLS_X509_USE_C */
+
+#if defined(MBEDTLS_X509_CRT_PARSE_C)
+ OUTPUT_MACRO_NAME_VALUE(MBEDTLS_X509_CRT_PARSE_C);
+#endif /* MBEDTLS_X509_CRT_PARSE_C */
+
+#if defined(MBEDTLS_X509_CRL_PARSE_C)
+ OUTPUT_MACRO_NAME_VALUE(MBEDTLS_X509_CRL_PARSE_C);
+#endif /* MBEDTLS_X509_CRL_PARSE_C */
+
+#if defined(MBEDTLS_X509_CSR_PARSE_C)
+ OUTPUT_MACRO_NAME_VALUE(MBEDTLS_X509_CSR_PARSE_C);
+#endif /* MBEDTLS_X509_CSR_PARSE_C */
+
+#if defined(MBEDTLS_X509_CREATE_C)
+ OUTPUT_MACRO_NAME_VALUE(MBEDTLS_X509_CREATE_C);
+#endif /* MBEDTLS_X509_CREATE_C */
+
+#if defined(MBEDTLS_X509_CRT_WRITE_C)
+ OUTPUT_MACRO_NAME_VALUE(MBEDTLS_X509_CRT_WRITE_C);
+#endif /* MBEDTLS_X509_CRT_WRITE_C */
+
+#if defined(MBEDTLS_X509_CSR_WRITE_C)
+ OUTPUT_MACRO_NAME_VALUE(MBEDTLS_X509_CSR_WRITE_C);
+#endif /* MBEDTLS_X509_CSR_WRITE_C */
+
+#if defined(MBEDTLS_CONFIG_FILE)
+ OUTPUT_MACRO_NAME_VALUE(MBEDTLS_CONFIG_FILE);
+#endif /* MBEDTLS_CONFIG_FILE */
+
+#if defined(MBEDTLS_USER_CONFIG_FILE)
+ OUTPUT_MACRO_NAME_VALUE(MBEDTLS_USER_CONFIG_FILE);
+#endif /* MBEDTLS_USER_CONFIG_FILE */
+
+#if defined(MBEDTLS_PSA_CRYPTO_CONFIG_FILE)
+ OUTPUT_MACRO_NAME_VALUE(MBEDTLS_PSA_CRYPTO_CONFIG_FILE);
+#endif /* MBEDTLS_PSA_CRYPTO_CONFIG_FILE */
+
+#if defined(MBEDTLS_PSA_CRYPTO_USER_CONFIG_FILE)
+ OUTPUT_MACRO_NAME_VALUE(MBEDTLS_PSA_CRYPTO_USER_CONFIG_FILE);
+#endif /* MBEDTLS_PSA_CRYPTO_USER_CONFIG_FILE */
+
+#if defined(MBEDTLS_PSA_CRYPTO_PLATFORM_FILE)
+ OUTPUT_MACRO_NAME_VALUE(MBEDTLS_PSA_CRYPTO_PLATFORM_FILE);
+#endif /* MBEDTLS_PSA_CRYPTO_PLATFORM_FILE */
+
+#if defined(MBEDTLS_PSA_CRYPTO_STRUCT_FILE)
+ OUTPUT_MACRO_NAME_VALUE(MBEDTLS_PSA_CRYPTO_STRUCT_FILE);
+#endif /* MBEDTLS_PSA_CRYPTO_STRUCT_FILE */
+
+#if defined(MBEDTLS_MPI_WINDOW_SIZE)
+ OUTPUT_MACRO_NAME_VALUE(MBEDTLS_MPI_WINDOW_SIZE);
+#endif /* MBEDTLS_MPI_WINDOW_SIZE */
+
+#if defined(MBEDTLS_MPI_MAX_SIZE)
+ OUTPUT_MACRO_NAME_VALUE(MBEDTLS_MPI_MAX_SIZE);
+#endif /* MBEDTLS_MPI_MAX_SIZE */
+
+#if defined(MBEDTLS_CTR_DRBG_ENTROPY_LEN)
+ OUTPUT_MACRO_NAME_VALUE(MBEDTLS_CTR_DRBG_ENTROPY_LEN);
+#endif /* MBEDTLS_CTR_DRBG_ENTROPY_LEN */
+
+#if defined(MBEDTLS_CTR_DRBG_RESEED_INTERVAL)
+ OUTPUT_MACRO_NAME_VALUE(MBEDTLS_CTR_DRBG_RESEED_INTERVAL);
+#endif /* MBEDTLS_CTR_DRBG_RESEED_INTERVAL */
+
+#if defined(MBEDTLS_CTR_DRBG_MAX_INPUT)
+ OUTPUT_MACRO_NAME_VALUE(MBEDTLS_CTR_DRBG_MAX_INPUT);
+#endif /* MBEDTLS_CTR_DRBG_MAX_INPUT */
+
+#if defined(MBEDTLS_CTR_DRBG_MAX_REQUEST)
+ OUTPUT_MACRO_NAME_VALUE(MBEDTLS_CTR_DRBG_MAX_REQUEST);
+#endif /* MBEDTLS_CTR_DRBG_MAX_REQUEST */
+
+#if defined(MBEDTLS_CTR_DRBG_MAX_SEED_INPUT)
+ OUTPUT_MACRO_NAME_VALUE(MBEDTLS_CTR_DRBG_MAX_SEED_INPUT);
+#endif /* MBEDTLS_CTR_DRBG_MAX_SEED_INPUT */
+
+#if defined(MBEDTLS_HMAC_DRBG_RESEED_INTERVAL)
+ OUTPUT_MACRO_NAME_VALUE(MBEDTLS_HMAC_DRBG_RESEED_INTERVAL);
+#endif /* MBEDTLS_HMAC_DRBG_RESEED_INTERVAL */
+
+#if defined(MBEDTLS_HMAC_DRBG_MAX_INPUT)
+ OUTPUT_MACRO_NAME_VALUE(MBEDTLS_HMAC_DRBG_MAX_INPUT);
+#endif /* MBEDTLS_HMAC_DRBG_MAX_INPUT */
+
+#if defined(MBEDTLS_HMAC_DRBG_MAX_REQUEST)
+ OUTPUT_MACRO_NAME_VALUE(MBEDTLS_HMAC_DRBG_MAX_REQUEST);
+#endif /* MBEDTLS_HMAC_DRBG_MAX_REQUEST */
+
+#if defined(MBEDTLS_HMAC_DRBG_MAX_SEED_INPUT)
+ OUTPUT_MACRO_NAME_VALUE(MBEDTLS_HMAC_DRBG_MAX_SEED_INPUT);
+#endif /* MBEDTLS_HMAC_DRBG_MAX_SEED_INPUT */
+
+#if defined(MBEDTLS_ECP_WINDOW_SIZE)
+ OUTPUT_MACRO_NAME_VALUE(MBEDTLS_ECP_WINDOW_SIZE);
+#endif /* MBEDTLS_ECP_WINDOW_SIZE */
+
+#if defined(MBEDTLS_ECP_FIXED_POINT_OPTIM)
+ OUTPUT_MACRO_NAME_VALUE(MBEDTLS_ECP_FIXED_POINT_OPTIM);
+#endif /* MBEDTLS_ECP_FIXED_POINT_OPTIM */
+
+#if defined(MBEDTLS_ENTROPY_MAX_SOURCES)
+ OUTPUT_MACRO_NAME_VALUE(MBEDTLS_ENTROPY_MAX_SOURCES);
+#endif /* MBEDTLS_ENTROPY_MAX_SOURCES */
+
+#if defined(MBEDTLS_ENTROPY_MAX_GATHER)
+ OUTPUT_MACRO_NAME_VALUE(MBEDTLS_ENTROPY_MAX_GATHER);
+#endif /* MBEDTLS_ENTROPY_MAX_GATHER */
+
+#if defined(MBEDTLS_ENTROPY_MIN_HARDWARE)
+ OUTPUT_MACRO_NAME_VALUE(MBEDTLS_ENTROPY_MIN_HARDWARE);
+#endif /* MBEDTLS_ENTROPY_MIN_HARDWARE */
+
+#if defined(MBEDTLS_MEMORY_ALIGN_MULTIPLE)
+ OUTPUT_MACRO_NAME_VALUE(MBEDTLS_MEMORY_ALIGN_MULTIPLE);
+#endif /* MBEDTLS_MEMORY_ALIGN_MULTIPLE */
+
+#if defined(MBEDTLS_PLATFORM_STD_MEM_HDR)
+ OUTPUT_MACRO_NAME_VALUE(MBEDTLS_PLATFORM_STD_MEM_HDR);
+#endif /* MBEDTLS_PLATFORM_STD_MEM_HDR */
+
+#if defined(MBEDTLS_PLATFORM_STD_CALLOC)
+ OUTPUT_MACRO_NAME_VALUE(MBEDTLS_PLATFORM_STD_CALLOC);
+#endif /* MBEDTLS_PLATFORM_STD_CALLOC */
+
+#if defined(MBEDTLS_PLATFORM_STD_FREE)
+ OUTPUT_MACRO_NAME_VALUE(MBEDTLS_PLATFORM_STD_FREE);
+#endif /* MBEDTLS_PLATFORM_STD_FREE */
+
+#if defined(MBEDTLS_PLATFORM_STD_SETBUF)
+ OUTPUT_MACRO_NAME_VALUE(MBEDTLS_PLATFORM_STD_SETBUF);
+#endif /* MBEDTLS_PLATFORM_STD_SETBUF */
+
+#if defined(MBEDTLS_PLATFORM_STD_EXIT)
+ OUTPUT_MACRO_NAME_VALUE(MBEDTLS_PLATFORM_STD_EXIT);
+#endif /* MBEDTLS_PLATFORM_STD_EXIT */
+
+#if defined(MBEDTLS_PLATFORM_STD_TIME)
+ OUTPUT_MACRO_NAME_VALUE(MBEDTLS_PLATFORM_STD_TIME);
+#endif /* MBEDTLS_PLATFORM_STD_TIME */
+
+#if defined(MBEDTLS_PLATFORM_STD_FPRINTF)
+ OUTPUT_MACRO_NAME_VALUE(MBEDTLS_PLATFORM_STD_FPRINTF);
+#endif /* MBEDTLS_PLATFORM_STD_FPRINTF */
+
+#if defined(MBEDTLS_PLATFORM_STD_PRINTF)
+ OUTPUT_MACRO_NAME_VALUE(MBEDTLS_PLATFORM_STD_PRINTF);
+#endif /* MBEDTLS_PLATFORM_STD_PRINTF */
+
+#if defined(MBEDTLS_PLATFORM_STD_SNPRINTF)
+ OUTPUT_MACRO_NAME_VALUE(MBEDTLS_PLATFORM_STD_SNPRINTF);
+#endif /* MBEDTLS_PLATFORM_STD_SNPRINTF */
+
+#if defined(MBEDTLS_PLATFORM_STD_EXIT_SUCCESS)
+ OUTPUT_MACRO_NAME_VALUE(MBEDTLS_PLATFORM_STD_EXIT_SUCCESS);
+#endif /* MBEDTLS_PLATFORM_STD_EXIT_SUCCESS */
+
+#if defined(MBEDTLS_PLATFORM_STD_EXIT_FAILURE)
+ OUTPUT_MACRO_NAME_VALUE(MBEDTLS_PLATFORM_STD_EXIT_FAILURE);
+#endif /* MBEDTLS_PLATFORM_STD_EXIT_FAILURE */
+
+#if defined(MBEDTLS_PLATFORM_STD_NV_SEED_READ)
+ OUTPUT_MACRO_NAME_VALUE(MBEDTLS_PLATFORM_STD_NV_SEED_READ);
+#endif /* MBEDTLS_PLATFORM_STD_NV_SEED_READ */
+
+#if defined(MBEDTLS_PLATFORM_STD_NV_SEED_WRITE)
+ OUTPUT_MACRO_NAME_VALUE(MBEDTLS_PLATFORM_STD_NV_SEED_WRITE);
+#endif /* MBEDTLS_PLATFORM_STD_NV_SEED_WRITE */
+
+#if defined(MBEDTLS_PLATFORM_STD_NV_SEED_FILE)
+ OUTPUT_MACRO_NAME_VALUE(MBEDTLS_PLATFORM_STD_NV_SEED_FILE);
+#endif /* MBEDTLS_PLATFORM_STD_NV_SEED_FILE */
+
+#if defined(MBEDTLS_PLATFORM_CALLOC_MACRO)
+ OUTPUT_MACRO_NAME_VALUE(MBEDTLS_PLATFORM_CALLOC_MACRO);
+#endif /* MBEDTLS_PLATFORM_CALLOC_MACRO */
+
+#if defined(MBEDTLS_PLATFORM_FREE_MACRO)
+ OUTPUT_MACRO_NAME_VALUE(MBEDTLS_PLATFORM_FREE_MACRO);
+#endif /* MBEDTLS_PLATFORM_FREE_MACRO */
+
+#if defined(MBEDTLS_PLATFORM_EXIT_MACRO)
+ OUTPUT_MACRO_NAME_VALUE(MBEDTLS_PLATFORM_EXIT_MACRO);
+#endif /* MBEDTLS_PLATFORM_EXIT_MACRO */
+
+#if defined(MBEDTLS_PLATFORM_SETBUF_MACRO)
+ OUTPUT_MACRO_NAME_VALUE(MBEDTLS_PLATFORM_SETBUF_MACRO);
+#endif /* MBEDTLS_PLATFORM_SETBUF_MACRO */
+
+#if defined(MBEDTLS_PLATFORM_TIME_MACRO)
+ OUTPUT_MACRO_NAME_VALUE(MBEDTLS_PLATFORM_TIME_MACRO);
+#endif /* MBEDTLS_PLATFORM_TIME_MACRO */
+
+#if defined(MBEDTLS_PLATFORM_TIME_TYPE_MACRO)
+ OUTPUT_MACRO_NAME_VALUE(MBEDTLS_PLATFORM_TIME_TYPE_MACRO);
+#endif /* MBEDTLS_PLATFORM_TIME_TYPE_MACRO */
+
+#if defined(MBEDTLS_PLATFORM_FPRINTF_MACRO)
+ OUTPUT_MACRO_NAME_VALUE(MBEDTLS_PLATFORM_FPRINTF_MACRO);
+#endif /* MBEDTLS_PLATFORM_FPRINTF_MACRO */
+
+#if defined(MBEDTLS_PLATFORM_PRINTF_MACRO)
+ OUTPUT_MACRO_NAME_VALUE(MBEDTLS_PLATFORM_PRINTF_MACRO);
+#endif /* MBEDTLS_PLATFORM_PRINTF_MACRO */
+
+#if defined(MBEDTLS_PLATFORM_SNPRINTF_MACRO)
+ OUTPUT_MACRO_NAME_VALUE(MBEDTLS_PLATFORM_SNPRINTF_MACRO);
+#endif /* MBEDTLS_PLATFORM_SNPRINTF_MACRO */
+
+#if defined(MBEDTLS_PLATFORM_VSNPRINTF_MACRO)
+ OUTPUT_MACRO_NAME_VALUE(MBEDTLS_PLATFORM_VSNPRINTF_MACRO);
+#endif /* MBEDTLS_PLATFORM_VSNPRINTF_MACRO */
+
+#if defined(MBEDTLS_PLATFORM_NV_SEED_READ_MACRO)
+ OUTPUT_MACRO_NAME_VALUE(MBEDTLS_PLATFORM_NV_SEED_READ_MACRO);
+#endif /* MBEDTLS_PLATFORM_NV_SEED_READ_MACRO */
+
+#if defined(MBEDTLS_PLATFORM_NV_SEED_WRITE_MACRO)
+ OUTPUT_MACRO_NAME_VALUE(MBEDTLS_PLATFORM_NV_SEED_WRITE_MACRO);
+#endif /* MBEDTLS_PLATFORM_NV_SEED_WRITE_MACRO */
+
+#if defined(MBEDTLS_PLATFORM_MS_TIME_TYPE_MACRO)
+ OUTPUT_MACRO_NAME_VALUE(MBEDTLS_PLATFORM_MS_TIME_TYPE_MACRO);
+#endif /* MBEDTLS_PLATFORM_MS_TIME_TYPE_MACRO */
+
+#if defined(MBEDTLS_PRINTF_MS_TIME)
+ OUTPUT_MACRO_NAME_VALUE(MBEDTLS_PRINTF_MS_TIME);
+#endif /* MBEDTLS_PRINTF_MS_TIME */
+
+#if defined(MBEDTLS_CHECK_RETURN)
+ OUTPUT_MACRO_NAME_VALUE(MBEDTLS_CHECK_RETURN);
+#endif /* MBEDTLS_CHECK_RETURN */
+
+#if defined(MBEDTLS_IGNORE_RETURN)
+ OUTPUT_MACRO_NAME_VALUE(MBEDTLS_IGNORE_RETURN);
+#endif /* MBEDTLS_IGNORE_RETURN */
+
+#if defined(MBEDTLS_PSA_HMAC_DRBG_MD_TYPE)
+ OUTPUT_MACRO_NAME_VALUE(MBEDTLS_PSA_HMAC_DRBG_MD_TYPE);
+#endif /* MBEDTLS_PSA_HMAC_DRBG_MD_TYPE */
+
+#if defined(MBEDTLS_PSA_KEY_SLOT_COUNT)
+ OUTPUT_MACRO_NAME_VALUE(MBEDTLS_PSA_KEY_SLOT_COUNT);
+#endif /* MBEDTLS_PSA_KEY_SLOT_COUNT */
+
+#if defined(MBEDTLS_RSA_GEN_KEY_MIN_BITS)
+ OUTPUT_MACRO_NAME_VALUE(MBEDTLS_RSA_GEN_KEY_MIN_BITS);
+#endif /* MBEDTLS_RSA_GEN_KEY_MIN_BITS */
+
+#if defined(MBEDTLS_SSL_CACHE_DEFAULT_TIMEOUT)
+ OUTPUT_MACRO_NAME_VALUE(MBEDTLS_SSL_CACHE_DEFAULT_TIMEOUT);
+#endif /* MBEDTLS_SSL_CACHE_DEFAULT_TIMEOUT */
+
+#if defined(MBEDTLS_SSL_CACHE_DEFAULT_MAX_ENTRIES)
+ OUTPUT_MACRO_NAME_VALUE(MBEDTLS_SSL_CACHE_DEFAULT_MAX_ENTRIES);
+#endif /* MBEDTLS_SSL_CACHE_DEFAULT_MAX_ENTRIES */
+
+#if defined(MBEDTLS_SSL_IN_CONTENT_LEN)
+ OUTPUT_MACRO_NAME_VALUE(MBEDTLS_SSL_IN_CONTENT_LEN);
+#endif /* MBEDTLS_SSL_IN_CONTENT_LEN */
+
+#if defined(MBEDTLS_SSL_CID_IN_LEN_MAX)
+ OUTPUT_MACRO_NAME_VALUE(MBEDTLS_SSL_CID_IN_LEN_MAX);
+#endif /* MBEDTLS_SSL_CID_IN_LEN_MAX */
+
+#if defined(MBEDTLS_SSL_CID_OUT_LEN_MAX)
+ OUTPUT_MACRO_NAME_VALUE(MBEDTLS_SSL_CID_OUT_LEN_MAX);
+#endif /* MBEDTLS_SSL_CID_OUT_LEN_MAX */
+
+#if defined(MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY)
+ OUTPUT_MACRO_NAME_VALUE(MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY);
+#endif /* MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY */
+
+#if defined(MBEDTLS_SSL_OUT_CONTENT_LEN)
+ OUTPUT_MACRO_NAME_VALUE(MBEDTLS_SSL_OUT_CONTENT_LEN);
+#endif /* MBEDTLS_SSL_OUT_CONTENT_LEN */
+
+#if defined(MBEDTLS_SSL_DTLS_MAX_BUFFERING)
+ OUTPUT_MACRO_NAME_VALUE(MBEDTLS_SSL_DTLS_MAX_BUFFERING);
+#endif /* MBEDTLS_SSL_DTLS_MAX_BUFFERING */
+
+#if defined(MBEDTLS_PSK_MAX_LEN)
+ OUTPUT_MACRO_NAME_VALUE(MBEDTLS_PSK_MAX_LEN);
+#endif /* MBEDTLS_PSK_MAX_LEN */
+
+#if defined(MBEDTLS_SSL_COOKIE_TIMEOUT)
+ OUTPUT_MACRO_NAME_VALUE(MBEDTLS_SSL_COOKIE_TIMEOUT);
+#endif /* MBEDTLS_SSL_COOKIE_TIMEOUT */
+
+#if defined(MBEDTLS_SSL_MAX_EARLY_DATA_SIZE)
+ OUTPUT_MACRO_NAME_VALUE(MBEDTLS_SSL_MAX_EARLY_DATA_SIZE);
+#endif /* MBEDTLS_SSL_MAX_EARLY_DATA_SIZE */
+
+#if defined(MBEDTLS_SSL_TLS1_3_TICKET_AGE_TOLERANCE)
+ OUTPUT_MACRO_NAME_VALUE(MBEDTLS_SSL_TLS1_3_TICKET_AGE_TOLERANCE);
+#endif /* MBEDTLS_SSL_TLS1_3_TICKET_AGE_TOLERANCE */
+
+#if defined(MBEDTLS_SSL_TLS1_3_TICKET_NONCE_LENGTH)
+ OUTPUT_MACRO_NAME_VALUE(MBEDTLS_SSL_TLS1_3_TICKET_NONCE_LENGTH);
+#endif /* MBEDTLS_SSL_TLS1_3_TICKET_NONCE_LENGTH */
+
+#if defined(MBEDTLS_SSL_TLS1_3_DEFAULT_NEW_SESSION_TICKETS)
+ OUTPUT_MACRO_NAME_VALUE(MBEDTLS_SSL_TLS1_3_DEFAULT_NEW_SESSION_TICKETS);
+#endif /* MBEDTLS_SSL_TLS1_3_DEFAULT_NEW_SESSION_TICKETS */
+
+#if defined(MBEDTLS_X509_MAX_INTERMEDIATE_CA)
+ OUTPUT_MACRO_NAME_VALUE(MBEDTLS_X509_MAX_INTERMEDIATE_CA);
+#endif /* MBEDTLS_X509_MAX_INTERMEDIATE_CA */
+
+#if defined(MBEDTLS_X509_MAX_FILE_PATH_LEN)
+ OUTPUT_MACRO_NAME_VALUE(MBEDTLS_X509_MAX_FILE_PATH_LEN);
+#endif /* MBEDTLS_X509_MAX_FILE_PATH_LEN */
+
+#if defined(PSA_WANT_ALG_CBC_MAC)
+ OUTPUT_MACRO_NAME_VALUE(PSA_WANT_ALG_CBC_MAC);
+#endif /* PSA_WANT_ALG_CBC_MAC */
+
+#if defined(PSA_WANT_ALG_CBC_NO_PADDING)
+ OUTPUT_MACRO_NAME_VALUE(PSA_WANT_ALG_CBC_NO_PADDING);
+#endif /* PSA_WANT_ALG_CBC_NO_PADDING */
+
+#if defined(PSA_WANT_ALG_CBC_PKCS7)
+ OUTPUT_MACRO_NAME_VALUE(PSA_WANT_ALG_CBC_PKCS7);
+#endif /* PSA_WANT_ALG_CBC_PKCS7 */
+
+#if defined(PSA_WANT_ALG_CCM)
+ OUTPUT_MACRO_NAME_VALUE(PSA_WANT_ALG_CCM);
+#endif /* PSA_WANT_ALG_CCM */
+
+#if defined(PSA_WANT_ALG_CCM_STAR_NO_TAG)
+ OUTPUT_MACRO_NAME_VALUE(PSA_WANT_ALG_CCM_STAR_NO_TAG);
+#endif /* PSA_WANT_ALG_CCM_STAR_NO_TAG */
+
+#if defined(PSA_WANT_ALG_CMAC)
+ OUTPUT_MACRO_NAME_VALUE(PSA_WANT_ALG_CMAC);
+#endif /* PSA_WANT_ALG_CMAC */
+
+#if defined(PSA_WANT_ALG_CFB)
+ OUTPUT_MACRO_NAME_VALUE(PSA_WANT_ALG_CFB);
+#endif /* PSA_WANT_ALG_CFB */
+
+#if defined(PSA_WANT_ALG_CHACHA20_POLY1305)
+ OUTPUT_MACRO_NAME_VALUE(PSA_WANT_ALG_CHACHA20_POLY1305);
+#endif /* PSA_WANT_ALG_CHACHA20_POLY1305 */
+
+#if defined(PSA_WANT_ALG_CTR)
+ OUTPUT_MACRO_NAME_VALUE(PSA_WANT_ALG_CTR);
+#endif /* PSA_WANT_ALG_CTR */
+
+#if defined(PSA_WANT_ALG_DETERMINISTIC_ECDSA)
+ OUTPUT_MACRO_NAME_VALUE(PSA_WANT_ALG_DETERMINISTIC_ECDSA);
+#endif /* PSA_WANT_ALG_DETERMINISTIC_ECDSA */
+
+#if defined(PSA_WANT_ALG_ECB_NO_PADDING)
+ OUTPUT_MACRO_NAME_VALUE(PSA_WANT_ALG_ECB_NO_PADDING);
+#endif /* PSA_WANT_ALG_ECB_NO_PADDING */
+
+#if defined(PSA_WANT_ALG_ECDH)
+ OUTPUT_MACRO_NAME_VALUE(PSA_WANT_ALG_ECDH);
+#endif /* PSA_WANT_ALG_ECDH */
+
+#if defined(PSA_WANT_ALG_FFDH)
+ OUTPUT_MACRO_NAME_VALUE(PSA_WANT_ALG_FFDH);
+#endif /* PSA_WANT_ALG_FFDH */
+
+#if defined(PSA_WANT_ALG_ECDSA)
+ OUTPUT_MACRO_NAME_VALUE(PSA_WANT_ALG_ECDSA);
+#endif /* PSA_WANT_ALG_ECDSA */
+
+#if defined(PSA_WANT_ALG_JPAKE)
+ OUTPUT_MACRO_NAME_VALUE(PSA_WANT_ALG_JPAKE);
+#endif /* PSA_WANT_ALG_JPAKE */
+
+#if defined(PSA_WANT_ALG_GCM)
+ OUTPUT_MACRO_NAME_VALUE(PSA_WANT_ALG_GCM);
+#endif /* PSA_WANT_ALG_GCM */
+
+#if defined(PSA_WANT_ALG_HKDF)
+ OUTPUT_MACRO_NAME_VALUE(PSA_WANT_ALG_HKDF);
+#endif /* PSA_WANT_ALG_HKDF */
+
+#if defined(PSA_WANT_ALG_HKDF_EXTRACT)
+ OUTPUT_MACRO_NAME_VALUE(PSA_WANT_ALG_HKDF_EXTRACT);
+#endif /* PSA_WANT_ALG_HKDF_EXTRACT */
+
+#if defined(PSA_WANT_ALG_HKDF_EXPAND)
+ OUTPUT_MACRO_NAME_VALUE(PSA_WANT_ALG_HKDF_EXPAND);
+#endif /* PSA_WANT_ALG_HKDF_EXPAND */
+
+#if defined(PSA_WANT_ALG_HMAC)
+ OUTPUT_MACRO_NAME_VALUE(PSA_WANT_ALG_HMAC);
+#endif /* PSA_WANT_ALG_HMAC */
+
+#if defined(PSA_WANT_ALG_MD5)
+ OUTPUT_MACRO_NAME_VALUE(PSA_WANT_ALG_MD5);
+#endif /* PSA_WANT_ALG_MD5 */
+
+#if defined(PSA_WANT_ALG_OFB)
+ OUTPUT_MACRO_NAME_VALUE(PSA_WANT_ALG_OFB);
+#endif /* PSA_WANT_ALG_OFB */
+
+#if defined(PSA_WANT_ALG_PBKDF2_HMAC)
+ OUTPUT_MACRO_NAME_VALUE(PSA_WANT_ALG_PBKDF2_HMAC);
+#endif /* PSA_WANT_ALG_PBKDF2_HMAC */
+
+#if defined(PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128)
+ OUTPUT_MACRO_NAME_VALUE(PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128);
+#endif /* PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128 */
+
+#if defined(PSA_WANT_ALG_RIPEMD160)
+ OUTPUT_MACRO_NAME_VALUE(PSA_WANT_ALG_RIPEMD160);
+#endif /* PSA_WANT_ALG_RIPEMD160 */
+
+#if defined(PSA_WANT_ALG_RSA_OAEP)
+ OUTPUT_MACRO_NAME_VALUE(PSA_WANT_ALG_RSA_OAEP);
+#endif /* PSA_WANT_ALG_RSA_OAEP */
+
+#if defined(PSA_WANT_ALG_RSA_PKCS1V15_CRYPT)
+ OUTPUT_MACRO_NAME_VALUE(PSA_WANT_ALG_RSA_PKCS1V15_CRYPT);
+#endif /* PSA_WANT_ALG_RSA_PKCS1V15_CRYPT */
+
+#if defined(PSA_WANT_ALG_RSA_PKCS1V15_SIGN)
+ OUTPUT_MACRO_NAME_VALUE(PSA_WANT_ALG_RSA_PKCS1V15_SIGN);
+#endif /* PSA_WANT_ALG_RSA_PKCS1V15_SIGN */
+
+#if defined(PSA_WANT_ALG_RSA_PSS)
+ OUTPUT_MACRO_NAME_VALUE(PSA_WANT_ALG_RSA_PSS);
+#endif /* PSA_WANT_ALG_RSA_PSS */
+
+#if defined(PSA_WANT_ALG_SHA_1)
+ OUTPUT_MACRO_NAME_VALUE(PSA_WANT_ALG_SHA_1);
+#endif /* PSA_WANT_ALG_SHA_1 */
+
+#if defined(PSA_WANT_ALG_SHA_224)
+ OUTPUT_MACRO_NAME_VALUE(PSA_WANT_ALG_SHA_224);
+#endif /* PSA_WANT_ALG_SHA_224 */
+
+#if defined(PSA_WANT_ALG_SHA_256)
+ OUTPUT_MACRO_NAME_VALUE(PSA_WANT_ALG_SHA_256);
+#endif /* PSA_WANT_ALG_SHA_256 */
+
+#if defined(PSA_WANT_ALG_SHA_384)
+ OUTPUT_MACRO_NAME_VALUE(PSA_WANT_ALG_SHA_384);
+#endif /* PSA_WANT_ALG_SHA_384 */
+
+#if defined(PSA_WANT_ALG_SHA_512)
+ OUTPUT_MACRO_NAME_VALUE(PSA_WANT_ALG_SHA_512);
+#endif /* PSA_WANT_ALG_SHA_512 */
+
+#if defined(PSA_WANT_ALG_SHA3_224)
+ OUTPUT_MACRO_NAME_VALUE(PSA_WANT_ALG_SHA3_224);
+#endif /* PSA_WANT_ALG_SHA3_224 */
+
+#if defined(PSA_WANT_ALG_SHA3_256)
+ OUTPUT_MACRO_NAME_VALUE(PSA_WANT_ALG_SHA3_256);
+#endif /* PSA_WANT_ALG_SHA3_256 */
+
+#if defined(PSA_WANT_ALG_SHA3_384)
+ OUTPUT_MACRO_NAME_VALUE(PSA_WANT_ALG_SHA3_384);
+#endif /* PSA_WANT_ALG_SHA3_384 */
+
+#if defined(PSA_WANT_ALG_SHA3_512)
+ OUTPUT_MACRO_NAME_VALUE(PSA_WANT_ALG_SHA3_512);
+#endif /* PSA_WANT_ALG_SHA3_512 */
+
+#if defined(PSA_WANT_ALG_STREAM_CIPHER)
+ OUTPUT_MACRO_NAME_VALUE(PSA_WANT_ALG_STREAM_CIPHER);
+#endif /* PSA_WANT_ALG_STREAM_CIPHER */
+
+#if defined(PSA_WANT_ALG_TLS12_PRF)
+ OUTPUT_MACRO_NAME_VALUE(PSA_WANT_ALG_TLS12_PRF);
+#endif /* PSA_WANT_ALG_TLS12_PRF */
+
+#if defined(PSA_WANT_ALG_TLS12_PSK_TO_MS)
+ OUTPUT_MACRO_NAME_VALUE(PSA_WANT_ALG_TLS12_PSK_TO_MS);
+#endif /* PSA_WANT_ALG_TLS12_PSK_TO_MS */
+
+#if defined(PSA_WANT_ALG_TLS12_ECJPAKE_TO_PMS)
+ OUTPUT_MACRO_NAME_VALUE(PSA_WANT_ALG_TLS12_ECJPAKE_TO_PMS);
+#endif /* PSA_WANT_ALG_TLS12_ECJPAKE_TO_PMS */
+
+#if defined(PSA_WANT_ALG_XTS)
+ OUTPUT_MACRO_NAME_VALUE(PSA_WANT_ALG_XTS);
+#endif /* PSA_WANT_ALG_XTS */
+
+#if defined(PSA_WANT_ECC_BRAINPOOL_P_R1_256)
+ OUTPUT_MACRO_NAME_VALUE(PSA_WANT_ECC_BRAINPOOL_P_R1_256);
+#endif /* PSA_WANT_ECC_BRAINPOOL_P_R1_256 */
+
+#if defined(PSA_WANT_ECC_BRAINPOOL_P_R1_384)
+ OUTPUT_MACRO_NAME_VALUE(PSA_WANT_ECC_BRAINPOOL_P_R1_384);
+#endif /* PSA_WANT_ECC_BRAINPOOL_P_R1_384 */
+
+#if defined(PSA_WANT_ECC_BRAINPOOL_P_R1_512)
+ OUTPUT_MACRO_NAME_VALUE(PSA_WANT_ECC_BRAINPOOL_P_R1_512);
+#endif /* PSA_WANT_ECC_BRAINPOOL_P_R1_512 */
+
+#if defined(PSA_WANT_ECC_MONTGOMERY_255)
+ OUTPUT_MACRO_NAME_VALUE(PSA_WANT_ECC_MONTGOMERY_255);
+#endif /* PSA_WANT_ECC_MONTGOMERY_255 */
+
+#if defined(PSA_WANT_ECC_MONTGOMERY_448)
+ OUTPUT_MACRO_NAME_VALUE(PSA_WANT_ECC_MONTGOMERY_448);
+#endif /* PSA_WANT_ECC_MONTGOMERY_448 */
+
+#if defined(PSA_WANT_ECC_SECP_K1_192)
+ OUTPUT_MACRO_NAME_VALUE(PSA_WANT_ECC_SECP_K1_192);
+#endif /* PSA_WANT_ECC_SECP_K1_192 */
+
+#if defined(PSA_WANT_ECC_SECP_K1_224)
+ OUTPUT_MACRO_NAME_VALUE(PSA_WANT_ECC_SECP_K1_224);
+#endif /* PSA_WANT_ECC_SECP_K1_224 */
+
+#if defined(PSA_WANT_ECC_SECP_K1_256)
+ OUTPUT_MACRO_NAME_VALUE(PSA_WANT_ECC_SECP_K1_256);
+#endif /* PSA_WANT_ECC_SECP_K1_256 */
+
+#if defined(PSA_WANT_ECC_SECP_R1_192)
+ OUTPUT_MACRO_NAME_VALUE(PSA_WANT_ECC_SECP_R1_192);
+#endif /* PSA_WANT_ECC_SECP_R1_192 */
+
+#if defined(PSA_WANT_ECC_SECP_R1_224)
+ OUTPUT_MACRO_NAME_VALUE(PSA_WANT_ECC_SECP_R1_224);
+#endif /* PSA_WANT_ECC_SECP_R1_224 */
+
+#if defined(PSA_WANT_ECC_SECP_R1_256)
+ OUTPUT_MACRO_NAME_VALUE(PSA_WANT_ECC_SECP_R1_256);
+#endif /* PSA_WANT_ECC_SECP_R1_256 */
+
+#if defined(PSA_WANT_ECC_SECP_R1_384)
+ OUTPUT_MACRO_NAME_VALUE(PSA_WANT_ECC_SECP_R1_384);
+#endif /* PSA_WANT_ECC_SECP_R1_384 */
+
+#if defined(PSA_WANT_ECC_SECP_R1_521)
+ OUTPUT_MACRO_NAME_VALUE(PSA_WANT_ECC_SECP_R1_521);
+#endif /* PSA_WANT_ECC_SECP_R1_521 */
+
+#if defined(PSA_WANT_DH_RFC7919_2048)
+ OUTPUT_MACRO_NAME_VALUE(PSA_WANT_DH_RFC7919_2048);
+#endif /* PSA_WANT_DH_RFC7919_2048 */
+
+#if defined(PSA_WANT_DH_RFC7919_3072)
+ OUTPUT_MACRO_NAME_VALUE(PSA_WANT_DH_RFC7919_3072);
+#endif /* PSA_WANT_DH_RFC7919_3072 */
+
+#if defined(PSA_WANT_DH_RFC7919_4096)
+ OUTPUT_MACRO_NAME_VALUE(PSA_WANT_DH_RFC7919_4096);
+#endif /* PSA_WANT_DH_RFC7919_4096 */
+
+#if defined(PSA_WANT_DH_RFC7919_6144)
+ OUTPUT_MACRO_NAME_VALUE(PSA_WANT_DH_RFC7919_6144);
+#endif /* PSA_WANT_DH_RFC7919_6144 */
+
+#if defined(PSA_WANT_DH_RFC7919_8192)
+ OUTPUT_MACRO_NAME_VALUE(PSA_WANT_DH_RFC7919_8192);
+#endif /* PSA_WANT_DH_RFC7919_8192 */
+
+#if defined(PSA_WANT_KEY_TYPE_DERIVE)
+ OUTPUT_MACRO_NAME_VALUE(PSA_WANT_KEY_TYPE_DERIVE);
+#endif /* PSA_WANT_KEY_TYPE_DERIVE */
+
+#if defined(PSA_WANT_KEY_TYPE_PASSWORD)
+ OUTPUT_MACRO_NAME_VALUE(PSA_WANT_KEY_TYPE_PASSWORD);
+#endif /* PSA_WANT_KEY_TYPE_PASSWORD */
+
+#if defined(PSA_WANT_KEY_TYPE_PASSWORD_HASH)
+ OUTPUT_MACRO_NAME_VALUE(PSA_WANT_KEY_TYPE_PASSWORD_HASH);
+#endif /* PSA_WANT_KEY_TYPE_PASSWORD_HASH */
+
+#if defined(PSA_WANT_KEY_TYPE_HMAC)
+ OUTPUT_MACRO_NAME_VALUE(PSA_WANT_KEY_TYPE_HMAC);
+#endif /* PSA_WANT_KEY_TYPE_HMAC */
+
+#if defined(PSA_WANT_KEY_TYPE_AES)
+ OUTPUT_MACRO_NAME_VALUE(PSA_WANT_KEY_TYPE_AES);
+#endif /* PSA_WANT_KEY_TYPE_AES */
+
+#if defined(PSA_WANT_KEY_TYPE_ARIA)
+ OUTPUT_MACRO_NAME_VALUE(PSA_WANT_KEY_TYPE_ARIA);
+#endif /* PSA_WANT_KEY_TYPE_ARIA */
+
+#if defined(PSA_WANT_KEY_TYPE_CAMELLIA)
+ OUTPUT_MACRO_NAME_VALUE(PSA_WANT_KEY_TYPE_CAMELLIA);
+#endif /* PSA_WANT_KEY_TYPE_CAMELLIA */
+
+#if defined(PSA_WANT_KEY_TYPE_CHACHA20)
+ OUTPUT_MACRO_NAME_VALUE(PSA_WANT_KEY_TYPE_CHACHA20);
+#endif /* PSA_WANT_KEY_TYPE_CHACHA20 */
+
+#if defined(PSA_WANT_KEY_TYPE_DES)
+ OUTPUT_MACRO_NAME_VALUE(PSA_WANT_KEY_TYPE_DES);
+#endif /* PSA_WANT_KEY_TYPE_DES */
+
+#if defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR)
+ OUTPUT_MACRO_NAME_VALUE(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR);
+#endif /* PSA_WANT_KEY_TYPE_ECC_KEY_PAIR */
+
+#if defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY)
+ OUTPUT_MACRO_NAME_VALUE(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY);
+#endif /* PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY */
+
+#if defined(PSA_WANT_KEY_TYPE_DH_PUBLIC_KEY)
+ OUTPUT_MACRO_NAME_VALUE(PSA_WANT_KEY_TYPE_DH_PUBLIC_KEY);
+#endif /* PSA_WANT_KEY_TYPE_DH_PUBLIC_KEY */
+
+#if defined(PSA_WANT_KEY_TYPE_RAW_DATA)
+ OUTPUT_MACRO_NAME_VALUE(PSA_WANT_KEY_TYPE_RAW_DATA);
+#endif /* PSA_WANT_KEY_TYPE_RAW_DATA */
+
+#if defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR)
+ OUTPUT_MACRO_NAME_VALUE(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR);
+#endif /* PSA_WANT_KEY_TYPE_RSA_KEY_PAIR */
+
+#if defined(PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY)
+ OUTPUT_MACRO_NAME_VALUE(PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY);
+#endif /* PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY */
+
+#if defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC)
+ OUTPUT_MACRO_NAME_VALUE(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC);
+#endif /* PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC */
+
+#if defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT)
+ OUTPUT_MACRO_NAME_VALUE(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT);
+#endif /* PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT */
+
+#if defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT)
+ OUTPUT_MACRO_NAME_VALUE(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT);
+#endif /* PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT */
+
+#if defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE)
+ OUTPUT_MACRO_NAME_VALUE(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE);
+#endif /* PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE */
+
+#if defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE)
+ OUTPUT_MACRO_NAME_VALUE(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE);
+#endif /* PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE */
+
+#if defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC)
+ OUTPUT_MACRO_NAME_VALUE(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC);
+#endif /* PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC */
+
+#if defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT)
+ OUTPUT_MACRO_NAME_VALUE(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT);
+#endif /* PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT */
+
+#if defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_EXPORT)
+ OUTPUT_MACRO_NAME_VALUE(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_EXPORT);
+#endif /* PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_EXPORT */
+
+#if defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE)
+ OUTPUT_MACRO_NAME_VALUE(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE);
+#endif /* PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE */
+
+#if defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_DERIVE)
+ OUTPUT_MACRO_NAME_VALUE(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_DERIVE);
+#endif /* PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_DERIVE */
+
+#if defined(PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC)
+ OUTPUT_MACRO_NAME_VALUE(PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC);
+#endif /* PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC */
+
+#if defined(PSA_WANT_KEY_TYPE_DH_KEY_PAIR_IMPORT)
+ OUTPUT_MACRO_NAME_VALUE(PSA_WANT_KEY_TYPE_DH_KEY_PAIR_IMPORT);
+#endif /* PSA_WANT_KEY_TYPE_DH_KEY_PAIR_IMPORT */
+
+#if defined(PSA_WANT_KEY_TYPE_DH_KEY_PAIR_EXPORT)
+ OUTPUT_MACRO_NAME_VALUE(PSA_WANT_KEY_TYPE_DH_KEY_PAIR_EXPORT);
+#endif /* PSA_WANT_KEY_TYPE_DH_KEY_PAIR_EXPORT */
+
+#if defined(PSA_WANT_KEY_TYPE_DH_KEY_PAIR_GENERATE)
+ OUTPUT_MACRO_NAME_VALUE(PSA_WANT_KEY_TYPE_DH_KEY_PAIR_GENERATE);
+#endif /* PSA_WANT_KEY_TYPE_DH_KEY_PAIR_GENERATE */
+
+#if defined(PSA_WANT_KEY_TYPE_DH_KEY_PAIR_DERIVE)
+ OUTPUT_MACRO_NAME_VALUE(PSA_WANT_KEY_TYPE_DH_KEY_PAIR_DERIVE);
+#endif /* PSA_WANT_KEY_TYPE_DH_KEY_PAIR_DERIVE */
+
+
+}
+#if defined(_MSC_VER)
+#pragma warning(pop)
+#endif /* _MSC_VER */
diff --git a/programs/test/query_config.h b/programs/test/query_config.h
new file mode 100644
index 0000000..43f120b
--- /dev/null
+++ b/programs/test/query_config.h
@@ -0,0 +1,34 @@
+/*
+ * Query Mbed TLS compile time configurations from mbedtls_config.h
+ *
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ */
+
+#ifndef MBEDTLS_PROGRAMS_TEST_QUERY_CONFIG_H
+#define MBEDTLS_PROGRAMS_TEST_QUERY_CONFIG_H
+
+#include "mbedtls/build_info.h"
+
+/** Check whether a given configuration symbol is enabled.
+ *
+ * \param config The symbol to query (e.g. "MBEDTLS_RSA_C").
+ * \return \c 0 if the symbol was defined at compile time
+ * (in MBEDTLS_CONFIG_FILE or mbedtls_config.h),
+ * \c 1 otherwise.
+ *
+ * \note This function is defined in `programs/test/query_config.c`
+ * which is automatically generated by
+ * `scripts/generate_query_config.pl`.
+ */
+int query_config(const char *config);
+
+/** List all enabled configuration symbols
+ *
+ * \note This function is defined in `programs/test/query_config.c`
+ * which is automatically generated by
+ * `scripts/generate_query_config.pl`.
+ */
+void list_config(void);
+
+#endif /* MBEDTLS_PROGRAMS_TEST_QUERY_CONFIG_H */
diff --git a/programs/test/query_included_headers.c b/programs/test/query_included_headers.c
new file mode 100644
index 0000000..cdafa16
--- /dev/null
+++ b/programs/test/query_included_headers.c
@@ -0,0 +1,29 @@
+/* Ad hoc report on included headers. */
+/*
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ */
+
+#include <psa/crypto.h>
+#include <mbedtls/platform.h>
+
+int main(void)
+{
+
+ /* Which PSA platform header? */
+#if defined(PSA_CRYPTO_PLATFORM_H)
+ mbedtls_printf("PSA_CRYPTO_PLATFORM_H\n");
+#endif
+#if defined(PSA_CRYPTO_PLATFORM_ALT_H)
+ mbedtls_printf("PSA_CRYPTO_PLATFORM_ALT_H\n");
+#endif
+
+ /* Which PSA struct header? */
+#if defined(PSA_CRYPTO_STRUCT_H)
+ mbedtls_printf("PSA_CRYPTO_STRUCT_H\n");
+#endif
+#if defined(PSA_CRYPTO_STRUCT_ALT_H)
+ mbedtls_printf("PSA_CRYPTO_STRUCT_ALT_H\n");
+#endif
+
+}
diff --git a/programs/test/selftest.c b/programs/test/selftest.c
new file mode 100644
index 0000000..043209b
--- /dev/null
+++ b/programs/test/selftest.c
@@ -0,0 +1,584 @@
+/*
+ * Self-test demonstration program
+ *
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ */
+
+#include "mbedtls/build_info.h"
+
+#include "mbedtls/entropy.h"
+#include "mbedtls/hmac_drbg.h"
+#include "mbedtls/ctr_drbg.h"
+#include "mbedtls/dhm.h"
+#include "mbedtls/gcm.h"
+#include "mbedtls/ccm.h"
+#include "mbedtls/cmac.h"
+#include "mbedtls/md5.h"
+#include "mbedtls/ripemd160.h"
+#include "mbedtls/sha1.h"
+#include "mbedtls/sha256.h"
+#include "mbedtls/sha512.h"
+#include "mbedtls/sha3.h"
+#include "mbedtls/des.h"
+#include "mbedtls/aes.h"
+#include "mbedtls/camellia.h"
+#include "mbedtls/aria.h"
+#include "mbedtls/chacha20.h"
+#include "mbedtls/poly1305.h"
+#include "mbedtls/chachapoly.h"
+#include "mbedtls/base64.h"
+#include "mbedtls/bignum.h"
+#include "mbedtls/rsa.h"
+#include "mbedtls/x509.h"
+#include "mbedtls/pkcs5.h"
+#include "mbedtls/ecp.h"
+#include "mbedtls/ecjpake.h"
+#include "mbedtls/timing.h"
+#include "mbedtls/nist_kw.h"
+#include "mbedtls/debug.h"
+
+#include <limits.h>
+#include <string.h>
+
+#include "mbedtls/platform.h"
+
+#if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C)
+#include "mbedtls/memory_buffer_alloc.h"
+#endif
+
+
+#if defined MBEDTLS_SELF_TEST
+/* Sanity check for malloc. This is not expected to fail, and is rather
+ * intended to display potentially useful information about the platform,
+ * in particular the behavior of malloc(0). */
+static int calloc_self_test(int verbose)
+{
+ int failures = 0;
+ void *empty1 = mbedtls_calloc(0, 1);
+ void *empty2 = mbedtls_calloc(0, 1);
+ void *buffer1 = mbedtls_calloc(1, 1);
+ void *buffer2 = mbedtls_calloc(1, 1);
+ unsigned int buffer_3_size = 256;
+ unsigned int buffer_4_size = 4097; /* Allocate more than the usual page size */
+ unsigned char *buffer3 = mbedtls_calloc(buffer_3_size, 1);
+ unsigned char *buffer4 = mbedtls_calloc(buffer_4_size, 1);
+
+ if (empty1 == NULL && empty2 == NULL) {
+ if (verbose) {
+ mbedtls_printf(" CALLOC(0,1): passed (NULL)\n");
+ }
+ } else if (empty1 == NULL || empty2 == NULL) {
+ if (verbose) {
+ mbedtls_printf(" CALLOC(0,1): failed (mix of NULL and non-NULL)\n");
+ }
+ ++failures;
+ } else if (empty1 == empty2) {
+ if (verbose) {
+ mbedtls_printf(" CALLOC(0,1): passed (same non-null)\n");
+ }
+ empty2 = NULL;
+ } else {
+ if (verbose) {
+ mbedtls_printf(" CALLOC(0,1): passed (distinct non-null)\n");
+ }
+ }
+
+ mbedtls_free(empty1);
+ mbedtls_free(empty2);
+
+ empty1 = mbedtls_calloc(1, 0);
+ empty2 = mbedtls_calloc(1, 0);
+ if (empty1 == NULL && empty2 == NULL) {
+ if (verbose) {
+ mbedtls_printf(" CALLOC(1,0): passed (NULL)\n");
+ }
+ } else if (empty1 == NULL || empty2 == NULL) {
+ if (verbose) {
+ mbedtls_printf(" CALLOC(1,0): failed (mix of NULL and non-NULL)\n");
+ }
+ ++failures;
+ } else if (empty1 == empty2) {
+ if (verbose) {
+ mbedtls_printf(" CALLOC(1,0): passed (same non-null)\n");
+ }
+ empty2 = NULL;
+ } else {
+ if (verbose) {
+ mbedtls_printf(" CALLOC(1,0): passed (distinct non-null)\n");
+ }
+ }
+
+ if (buffer1 == NULL || buffer2 == NULL) {
+ if (verbose) {
+ mbedtls_printf(" CALLOC(1): failed (NULL)\n");
+ }
+ ++failures;
+ } else if (buffer1 == buffer2) {
+ if (verbose) {
+ mbedtls_printf(" CALLOC(1): failed (same buffer twice)\n");
+ }
+ ++failures;
+ buffer2 = NULL;
+ } else {
+ if (verbose) {
+ mbedtls_printf(" CALLOC(1): passed\n");
+ }
+ }
+
+ mbedtls_free(buffer1);
+ buffer1 = mbedtls_calloc(1, 1);
+ if (buffer1 == NULL) {
+ if (verbose) {
+ mbedtls_printf(" CALLOC(1 again): failed (NULL)\n");
+ }
+ ++failures;
+ } else {
+ if (verbose) {
+ mbedtls_printf(" CALLOC(1 again): passed\n");
+ }
+ }
+
+ for (unsigned int i = 0; i < buffer_3_size; i++) {
+ if (buffer3[i] != 0) {
+ ++failures;
+ if (verbose) {
+ mbedtls_printf(" CALLOC(%u): failed (memory not initialized to 0)\n",
+ buffer_3_size);
+ }
+ break;
+ }
+ }
+
+ for (unsigned int i = 0; i < buffer_4_size; i++) {
+ if (buffer4[i] != 0) {
+ ++failures;
+ if (verbose) {
+ mbedtls_printf(" CALLOC(%u): failed (memory not initialized to 0)\n",
+ buffer_4_size);
+ }
+ break;
+ }
+ }
+
+ if (verbose) {
+ mbedtls_printf("\n");
+ }
+ mbedtls_free(empty1);
+ mbedtls_free(empty2);
+ mbedtls_free(buffer1);
+ mbedtls_free(buffer2);
+ mbedtls_free(buffer3);
+ mbedtls_free(buffer4);
+ return failures;
+}
+#endif /* MBEDTLS_SELF_TEST */
+
+static int test_snprintf(size_t n, const char *ref_buf, int ref_ret)
+{
+ int ret;
+ char buf[10] = "xxxxxxxxx";
+ const char ref[10] = "xxxxxxxxx";
+
+ ret = mbedtls_snprintf(buf, n, "%s", "123");
+ if (ret < 0 || (size_t) ret >= n) {
+ ret = -1;
+ }
+
+ if (strncmp(ref_buf, buf, sizeof(buf)) != 0 ||
+ ref_ret != ret ||
+ memcmp(buf + n, ref + n, sizeof(buf) - n) != 0) {
+ return 1;
+ }
+
+ return 0;
+}
+
+static int run_test_snprintf(void)
+{
+ return test_snprintf(0, "xxxxxxxxx", -1) != 0 ||
+ test_snprintf(1, "", -1) != 0 ||
+ test_snprintf(2, "1", -1) != 0 ||
+ test_snprintf(3, "12", -1) != 0 ||
+ test_snprintf(4, "123", 3) != 0 ||
+ test_snprintf(5, "123", 3) != 0;
+}
+
+/*
+ * Check if a seed file is present, and if not create one for the entropy
+ * self-test. If this fails, we attempt the test anyway, so no error is passed
+ * back.
+ */
+#if defined(MBEDTLS_SELF_TEST) && defined(MBEDTLS_ENTROPY_C)
+#if defined(MBEDTLS_ENTROPY_NV_SEED) && !defined(MBEDTLS_NO_PLATFORM_ENTROPY)
+static void create_entropy_seed_file(void)
+{
+ int result;
+ size_t output_len = 0;
+ unsigned char seed_value[MBEDTLS_ENTROPY_BLOCK_SIZE];
+
+ /* Attempt to read the entropy seed file. If this fails - attempt to write
+ * to the file to ensure one is present. */
+ result = mbedtls_platform_std_nv_seed_read(seed_value,
+ MBEDTLS_ENTROPY_BLOCK_SIZE);
+ if (0 == result) {
+ return;
+ }
+
+ result = mbedtls_platform_entropy_poll(NULL,
+ seed_value,
+ MBEDTLS_ENTROPY_BLOCK_SIZE,
+ &output_len);
+ if (0 != result) {
+ return;
+ }
+
+ if (MBEDTLS_ENTROPY_BLOCK_SIZE != output_len) {
+ return;
+ }
+
+ mbedtls_platform_std_nv_seed_write(seed_value, MBEDTLS_ENTROPY_BLOCK_SIZE);
+}
+#endif
+
+int mbedtls_entropy_self_test_wrapper(int verbose)
+{
+#if defined(MBEDTLS_ENTROPY_NV_SEED) && !defined(MBEDTLS_NO_PLATFORM_ENTROPY)
+ create_entropy_seed_file();
+#endif
+ return mbedtls_entropy_self_test(verbose);
+}
+#endif
+
+#if defined(MBEDTLS_SELF_TEST)
+#if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C)
+int mbedtls_memory_buffer_alloc_free_and_self_test(int verbose)
+{
+ if (verbose != 0) {
+#if defined(MBEDTLS_MEMORY_DEBUG)
+ mbedtls_memory_buffer_alloc_status();
+#endif
+ }
+ mbedtls_memory_buffer_alloc_free();
+ return mbedtls_memory_buffer_alloc_self_test(verbose);
+}
+#endif
+
+typedef struct {
+ const char *name;
+ int (*function)(int);
+} selftest_t;
+
+const selftest_t selftests[] =
+{
+ { "calloc", calloc_self_test },
+#if defined(MBEDTLS_MD5_C)
+ { "md5", mbedtls_md5_self_test },
+#endif
+#if defined(MBEDTLS_RIPEMD160_C)
+ { "ripemd160", mbedtls_ripemd160_self_test },
+#endif
+#if defined(MBEDTLS_SHA1_C)
+ { "sha1", mbedtls_sha1_self_test },
+#endif
+#if defined(MBEDTLS_SHA224_C)
+ { "sha224", mbedtls_sha224_self_test },
+#endif
+#if defined(MBEDTLS_SHA256_C)
+ { "sha256", mbedtls_sha256_self_test },
+#endif
+#if defined(MBEDTLS_SHA384_C)
+ { "sha384", mbedtls_sha384_self_test },
+#endif
+#if defined(MBEDTLS_SHA512_C)
+ { "sha512", mbedtls_sha512_self_test },
+#endif
+#if defined(MBEDTLS_SHA3_C)
+ { "sha3", mbedtls_sha3_self_test },
+#endif
+#if defined(MBEDTLS_DES_C)
+ { "des", mbedtls_des_self_test },
+#endif
+#if defined(MBEDTLS_AES_C)
+ { "aes", mbedtls_aes_self_test },
+#endif
+#if defined(MBEDTLS_GCM_C) && defined(MBEDTLS_AES_C)
+ { "gcm", mbedtls_gcm_self_test },
+#endif
+#if defined(MBEDTLS_CCM_C) && defined(MBEDTLS_AES_C)
+ { "ccm", mbedtls_ccm_self_test },
+#endif
+#if defined(MBEDTLS_NIST_KW_C) && defined(MBEDTLS_AES_C)
+ { "nist_kw", mbedtls_nist_kw_self_test },
+#endif
+#if defined(MBEDTLS_CMAC_C)
+ { "cmac", mbedtls_cmac_self_test },
+#endif
+#if defined(MBEDTLS_CHACHA20_C)
+ { "chacha20", mbedtls_chacha20_self_test },
+#endif
+#if defined(MBEDTLS_POLY1305_C)
+ { "poly1305", mbedtls_poly1305_self_test },
+#endif
+#if defined(MBEDTLS_CHACHAPOLY_C)
+ { "chacha20-poly1305", mbedtls_chachapoly_self_test },
+#endif
+#if defined(MBEDTLS_BASE64_C)
+ { "base64", mbedtls_base64_self_test },
+#endif
+#if defined(MBEDTLS_BIGNUM_C)
+ { "mpi", mbedtls_mpi_self_test },
+#endif
+#if defined(MBEDTLS_RSA_C)
+ { "rsa", mbedtls_rsa_self_test },
+#endif
+#if defined(MBEDTLS_CAMELLIA_C)
+ { "camellia", mbedtls_camellia_self_test },
+#endif
+#if defined(MBEDTLS_ARIA_C)
+ { "aria", mbedtls_aria_self_test },
+#endif
+#if defined(MBEDTLS_CTR_DRBG_C)
+ { "ctr_drbg", mbedtls_ctr_drbg_self_test },
+#endif
+#if defined(MBEDTLS_HMAC_DRBG_C)
+ { "hmac_drbg", mbedtls_hmac_drbg_self_test },
+#endif
+#if defined(MBEDTLS_ECP_C)
+ { "ecp", mbedtls_ecp_self_test },
+#endif
+#if defined(MBEDTLS_ECJPAKE_C)
+ { "ecjpake", mbedtls_ecjpake_self_test },
+#endif
+#if defined(MBEDTLS_DHM_C)
+ { "dhm", mbedtls_dhm_self_test },
+#endif
+#if defined(MBEDTLS_ENTROPY_C)
+ { "entropy", mbedtls_entropy_self_test_wrapper },
+#endif
+#if defined(MBEDTLS_PKCS5_C)
+ { "pkcs5", mbedtls_pkcs5_self_test },
+#endif
+/* Heap test comes last */
+#if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C)
+ { "memory_buffer_alloc", mbedtls_memory_buffer_alloc_free_and_self_test },
+#endif
+ { NULL, NULL }
+};
+#endif /* MBEDTLS_SELF_TEST */
+
+int main(int argc, char *argv[])
+{
+#if defined(MBEDTLS_SELF_TEST)
+ const selftest_t *test;
+#endif /* MBEDTLS_SELF_TEST */
+ char **argp;
+ int v = 1; /* v=1 for verbose mode */
+ int exclude_mode = 0;
+ int suites_tested = 0, suites_failed = 0;
+#if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C) && defined(MBEDTLS_SELF_TEST)
+ unsigned char buf[1000000];
+#endif
+ void *pointer;
+
+ /*
+ * Check some basic platform requirements as specified in README.md
+ */
+ if (SIZE_MAX < INT_MAX || SIZE_MAX < UINT_MAX) {
+ mbedtls_printf("SIZE_MAX must be at least as big as INT_MAX and UINT_MAX\n");
+ mbedtls_exit(MBEDTLS_EXIT_FAILURE);
+ }
+
+ if (sizeof(int) < 4) {
+ mbedtls_printf("int must be at least 32 bits\n");
+ mbedtls_exit(MBEDTLS_EXIT_FAILURE);
+ }
+
+ if (sizeof(size_t) < 4) {
+ mbedtls_printf("size_t must be at least 32 bits\n");
+ mbedtls_exit(MBEDTLS_EXIT_FAILURE);
+ }
+
+ uint32_t endian_test = 0x12345678;
+ char *p = (char *) &endian_test;
+ if (!(p[0] == 0x12 && p[1] == 0x34 && p[2] == 0x56 && p[3] == 0x78) &&
+ !(p[3] == 0x12 && p[2] == 0x34 && p[1] == 0x56 && p[0] == 0x78)) {
+ mbedtls_printf("Mixed-endian platforms are not supported\n");
+ mbedtls_exit(MBEDTLS_EXIT_FAILURE);
+ }
+
+ /*
+ * The C standard doesn't guarantee that all-bits-0 is the representation
+ * of a NULL pointer. We do however use that in our code for initializing
+ * structures, which should work on every modern platform. Let's be sure.
+ */
+ memset(&pointer, 0, sizeof(void *));
+ if (pointer != NULL) {
+ mbedtls_printf("all-bits-zero is not a NULL pointer\n");
+ mbedtls_exit(MBEDTLS_EXIT_FAILURE);
+ }
+
+ /*
+ * The C standard allows padding bits in the representation
+ * of standard integer types, but our code does currently not
+ * support them.
+ *
+ * Here we check that the underlying C implementation doesn't
+ * use padding bits, and fail cleanly if it does.
+ *
+ * The check works by casting the maximum value representable
+ * by a given integer type into the unpadded integer type of the
+ * same bit-width and checking that it agrees with the maximum value
+ * of that unpadded type. For example, for a 4-byte int,
+ * MAX_INT should be 0x7fffffff in int32_t. This assumes that
+ * CHAR_BIT == 8, which is checked in check_config.h.
+ *
+ * We assume that [u]intxx_t exist and that they don't
+ * have padding bits, as the standard requires.
+ */
+
+#define CHECK_PADDING_SIGNED(TYPE, NAME) \
+ do \
+ { \
+ if (sizeof(TYPE) == 2 || sizeof(TYPE) == 4 || \
+ sizeof(TYPE) == 8) { \
+ if ((sizeof(TYPE) == 2 && \
+ (int16_t) NAME ## _MAX != 0x7FFF) || \
+ (sizeof(TYPE) == 4 && \
+ (int32_t) NAME ## _MAX != 0x7FFFFFFF) || \
+ (sizeof(TYPE) == 8 && \
+ (int64_t) NAME ## _MAX != 0x7FFFFFFFFFFFFFFF)) \
+ { \
+ mbedtls_printf("Type '" #TYPE "' has padding bits\n"); \
+ mbedtls_exit(MBEDTLS_EXIT_FAILURE); \
+ } \
+ } else { \
+ mbedtls_printf("Padding checks only implemented for types of size 2, 4 or 8" \
+ " - cannot check type '" #TYPE "' of size %" MBEDTLS_PRINTF_SIZET "\n", \
+ sizeof(TYPE)); \
+ mbedtls_exit(MBEDTLS_EXIT_FAILURE); \
+ } \
+ } while (0)
+
+#define CHECK_PADDING_UNSIGNED(TYPE, NAME) \
+ do \
+ { \
+ if ((sizeof(TYPE) == 2 && \
+ (uint16_t) NAME ## _MAX != 0xFFFF) || \
+ (sizeof(TYPE) == 4 && \
+ (uint32_t) NAME ## _MAX != 0xFFFFFFFF) || \
+ (sizeof(TYPE) == 8 && \
+ (uint64_t) NAME ## _MAX != 0xFFFFFFFFFFFFFFFF)) \
+ { \
+ mbedtls_printf("Type '" #TYPE "' has padding bits\n"); \
+ mbedtls_exit(MBEDTLS_EXIT_FAILURE); \
+ } \
+ } while (0)
+
+ CHECK_PADDING_SIGNED(short, SHRT);
+ CHECK_PADDING_SIGNED(int, INT);
+ CHECK_PADDING_SIGNED(long, LONG);
+ CHECK_PADDING_SIGNED(long long, LLONG);
+ CHECK_PADDING_SIGNED(ptrdiff_t, PTRDIFF);
+
+ CHECK_PADDING_UNSIGNED(unsigned short, USHRT);
+ CHECK_PADDING_UNSIGNED(unsigned, UINT);
+ CHECK_PADDING_UNSIGNED(unsigned long, ULONG);
+ CHECK_PADDING_UNSIGNED(unsigned long long, ULLONG);
+ CHECK_PADDING_UNSIGNED(size_t, SIZE);
+
+#undef CHECK_PADDING_SIGNED
+#undef CHECK_PADDING_UNSIGNED
+
+ /*
+ * Make sure we have a snprintf that correctly zero-terminates
+ */
+ if (run_test_snprintf() != 0) {
+ mbedtls_printf("the snprintf implementation is broken\n");
+ mbedtls_exit(MBEDTLS_EXIT_FAILURE);
+ }
+
+ for (argp = argv + (argc >= 1 ? 1 : argc); *argp != NULL; ++argp) {
+ if (strcmp(*argp, "--quiet") == 0 ||
+ strcmp(*argp, "-q") == 0) {
+ v = 0;
+ } else if (strcmp(*argp, "--exclude") == 0 ||
+ strcmp(*argp, "-x") == 0) {
+ exclude_mode = 1;
+ } else {
+ break;
+ }
+ }
+
+ if (v != 0) {
+ mbedtls_printf("\n");
+ }
+
+#if defined(MBEDTLS_SELF_TEST)
+
+#if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C)
+ mbedtls_memory_buffer_alloc_init(buf, sizeof(buf));
+#endif
+
+ if (*argp != NULL && exclude_mode == 0) {
+ /* Run the specified tests */
+ for (; *argp != NULL; argp++) {
+ for (test = selftests; test->name != NULL; test++) {
+ if (!strcmp(*argp, test->name)) {
+ if (test->function(v) != 0) {
+ suites_failed++;
+ }
+ suites_tested++;
+ break;
+ }
+ }
+ if (test->name == NULL) {
+ mbedtls_printf(" Test suite %s not available -> failed\n\n", *argp);
+ suites_failed++;
+ }
+ }
+ } else {
+ /* Run all the tests except excluded ones */
+ for (test = selftests; test->name != NULL; test++) {
+ if (exclude_mode) {
+ char **excluded;
+ for (excluded = argp; *excluded != NULL; ++excluded) {
+ if (!strcmp(*excluded, test->name)) {
+ break;
+ }
+ }
+ if (*excluded) {
+ if (v) {
+ mbedtls_printf(" Skip: %s\n", test->name);
+ }
+ continue;
+ }
+ }
+ if (test->function(v) != 0) {
+ suites_failed++;
+ }
+ suites_tested++;
+ }
+ }
+
+#else
+ (void) exclude_mode;
+ mbedtls_printf(" MBEDTLS_SELF_TEST not defined.\n");
+#endif
+
+ if (v != 0) {
+ mbedtls_printf(" Executed %d test suites\n\n", suites_tested);
+
+ if (suites_failed > 0) {
+ mbedtls_printf(" [ %d tests FAIL ]\n\n", suites_failed);
+ } else {
+ mbedtls_printf(" [ All tests PASS ]\n\n");
+ }
+ }
+
+ if (suites_failed > 0) {
+ mbedtls_exit(MBEDTLS_EXIT_FAILURE);
+ }
+
+ mbedtls_exit(MBEDTLS_EXIT_SUCCESS);
+}
diff --git a/programs/test/udp_proxy.c b/programs/test/udp_proxy.c
new file mode 100644
index 0000000..beaa8bd
--- /dev/null
+++ b/programs/test/udp_proxy.c
@@ -0,0 +1,966 @@
+/*
+ * UDP proxy: emulate an unreliable UDP connection for DTLS testing
+ *
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ */
+
+/*
+ * Warning: this is an internal utility program we use for tests.
+ * It does break some abstractions from the NET layer, and is thus NOT an
+ * example of good general usage.
+ */
+
+
+#include "mbedtls/build_info.h"
+
+#if defined(MBEDTLS_PLATFORM_C)
+#include "mbedtls/platform.h"
+#else
+#include <stdio.h>
+#include <stdlib.h>
+#if defined(MBEDTLS_HAVE_TIME)
+#include <time.h>
+#define mbedtls_time time
+#define mbedtls_time_t time_t
+#endif
+#define mbedtls_printf printf
+#define mbedtls_calloc calloc
+#define mbedtls_free free
+#define mbedtls_exit exit
+#define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS
+#define MBEDTLS_EXIT_FAILURE EXIT_FAILURE
+#endif /* MBEDTLS_PLATFORM_C */
+
+#if !defined(MBEDTLS_NET_C)
+int main(void)
+{
+ mbedtls_printf("MBEDTLS_NET_C not defined.\n");
+ mbedtls_exit(0);
+}
+#else
+
+#include "mbedtls/net_sockets.h"
+#include "mbedtls/error.h"
+#include "mbedtls/ssl.h"
+#include "mbedtls/timing.h"
+
+#include <string.h>
+
+/* For select() */
+#if (defined(_WIN32) || defined(_WIN32_WCE)) && !defined(EFIX64) && \
+ !defined(EFI32)
+#include <winsock2.h>
+#include <windows.h>
+#if defined(_MSC_VER)
+#if defined(_WIN32_WCE)
+#pragma comment( lib, "ws2.lib" )
+#else
+#pragma comment( lib, "ws2_32.lib" )
+#endif
+#endif /* _MSC_VER */
+#else /* ( _WIN32 || _WIN32_WCE ) && !EFIX64 && !EFI32 */
+#if defined(MBEDTLS_HAVE_TIME) || (defined(MBEDTLS_TIMING_C) && !defined(MBEDTLS_TIMING_ALT))
+#include <sys/time.h>
+#endif
+#include <sys/select.h>
+#include <sys/types.h>
+#include <unistd.h>
+#endif /* ( _WIN32 || _WIN32_WCE ) && !EFIX64 && !EFI32 */
+
+#define MAX_MSG_SIZE 16384 + 2048 /* max record/datagram size */
+
+#define DFL_SERVER_ADDR "localhost"
+#define DFL_SERVER_PORT "4433"
+#define DFL_LISTEN_ADDR "localhost"
+#define DFL_LISTEN_PORT "5556"
+#define DFL_PACK 0
+
+#if defined(MBEDTLS_TIMING_C)
+#define USAGE_PACK \
+ " pack=%%d default: 0 (don't pack)\n" \
+ " options: t > 0 (pack for t milliseconds)\n"
+#else
+#define USAGE_PACK
+#endif
+
+#define USAGE \
+ "\n usage: udp_proxy param=<>...\n" \
+ "\n acceptable parameters:\n" \
+ " server_addr=%%s default: localhost\n" \
+ " server_port=%%d default: 4433\n" \
+ " listen_addr=%%s default: localhost\n" \
+ " listen_port=%%d default: 4433\n" \
+ "\n" \
+ " duplicate=%%d default: 0 (no duplication)\n" \
+ " duplicate about 1:N packets randomly\n" \
+ " delay=%%d default: 0 (no delayed packets)\n" \
+ " delay about 1:N packets randomly\n" \
+ " delay_ccs=0/1 default: 0 (don't delay ChangeCipherSpec)\n" \
+ " delay_cli=%%s Handshake message from client that should be\n" \
+ " delayed. Possible values are 'ClientHello',\n" \
+ " 'Certificate', 'CertificateVerify', and\n" \
+ " 'ClientKeyExchange'.\n" \
+ " May be used multiple times, even for the same\n" \
+ " message, in which case the respective message\n" \
+ " gets delayed multiple times.\n" \
+ " delay_srv=%%s Handshake message from server that should be\n" \
+ " delayed. Possible values are 'HelloRequest',\n" \
+ " 'ServerHello', 'ServerHelloDone', 'Certificate'\n" \
+ " 'ServerKeyExchange', 'NewSessionTicket',\n" \
+ " 'HelloVerifyRequest' and ''CertificateRequest'.\n" \
+ " May be used multiple times, even for the same\n" \
+ " message, in which case the respective message\n" \
+ " gets delayed multiple times.\n" \
+ " drop=%%d default: 0 (no dropped packets)\n" \
+ " drop about 1:N packets randomly\n" \
+ " mtu=%%d default: 0 (unlimited)\n" \
+ " drop packets larger than N bytes\n" \
+ " bad_ad=0/1 default: 0 (don't add bad ApplicationData)\n" \
+ " bad_cid=%%d default: 0 (don't corrupt Connection IDs)\n" \
+ " duplicate 1:N packets containing a CID,\n" \
+ " modifying CID in first instance of the packet.\n" \
+ " protect_hvr=0/1 default: 0 (don't protect HelloVerifyRequest)\n" \
+ " protect_len=%%d default: (don't protect packets of this size)\n" \
+ " inject_clihlo=0/1 default: 0 (don't inject fake ClientHello)\n" \
+ "\n" \
+ " seed=%%d default: (use current time)\n" \
+ USAGE_PACK \
+ "\n"
+
+/*
+ * global options
+ */
+
+#define MAX_DELAYED_HS 10
+
+static struct options {
+ const char *server_addr; /* address to forward packets to */
+ const char *server_port; /* port to forward packets to */
+ const char *listen_addr; /* address for accepting client connections */
+ const char *listen_port; /* port for accepting client connections */
+
+ int duplicate; /* duplicate 1 in N packets (none if 0) */
+ int delay; /* delay 1 packet in N (none if 0) */
+ int delay_ccs; /* delay ChangeCipherSpec */
+ char *delay_cli[MAX_DELAYED_HS]; /* handshake types of messages from
+ * client that should be delayed. */
+ uint8_t delay_cli_cnt; /* Number of entries in delay_cli. */
+ char *delay_srv[MAX_DELAYED_HS]; /* handshake types of messages from
+ * server that should be delayed. */
+ uint8_t delay_srv_cnt; /* Number of entries in delay_srv. */
+ int drop; /* drop 1 packet in N (none if 0) */
+ int mtu; /* drop packets larger than this */
+ int bad_ad; /* inject corrupted ApplicationData record */
+ unsigned bad_cid; /* inject corrupted CID record */
+ int protect_hvr; /* never drop or delay HelloVerifyRequest */
+ int protect_len; /* never drop/delay packet of the given size*/
+ int inject_clihlo; /* inject fake ClientHello after handshake */
+ unsigned pack; /* merge packets into single datagram for
+ * at most \c merge milliseconds if > 0 */
+ unsigned int seed; /* seed for "random" events */
+} opt;
+
+static void exit_usage(const char *name, const char *value)
+{
+ if (value == NULL) {
+ mbedtls_printf(" unknown option or missing value: %s\n", name);
+ } else {
+ mbedtls_printf(" option %s: illegal value: %s\n", name, value);
+ }
+
+ mbedtls_printf(USAGE);
+ mbedtls_exit(1);
+}
+
+static void get_options(int argc, char *argv[])
+{
+ int i;
+ char *p, *q;
+
+ opt.server_addr = DFL_SERVER_ADDR;
+ opt.server_port = DFL_SERVER_PORT;
+ opt.listen_addr = DFL_LISTEN_ADDR;
+ opt.listen_port = DFL_LISTEN_PORT;
+ opt.pack = DFL_PACK;
+ /* Other members default to 0 */
+
+ opt.delay_cli_cnt = 0;
+ opt.delay_srv_cnt = 0;
+ memset(opt.delay_cli, 0, sizeof(opt.delay_cli));
+ memset(opt.delay_srv, 0, sizeof(opt.delay_srv));
+
+ for (i = 1; i < argc; i++) {
+ p = argv[i];
+ if ((q = strchr(p, '=')) == NULL) {
+ exit_usage(p, NULL);
+ }
+ *q++ = '\0';
+
+ if (strcmp(p, "server_addr") == 0) {
+ opt.server_addr = q;
+ } else if (strcmp(p, "server_port") == 0) {
+ opt.server_port = q;
+ } else if (strcmp(p, "listen_addr") == 0) {
+ opt.listen_addr = q;
+ } else if (strcmp(p, "listen_port") == 0) {
+ opt.listen_port = q;
+ } else if (strcmp(p, "duplicate") == 0) {
+ opt.duplicate = atoi(q);
+ if (opt.duplicate < 0 || opt.duplicate > 20) {
+ exit_usage(p, q);
+ }
+ } else if (strcmp(p, "delay") == 0) {
+ opt.delay = atoi(q);
+ if (opt.delay < 0 || opt.delay > 20 || opt.delay == 1) {
+ exit_usage(p, q);
+ }
+ } else if (strcmp(p, "delay_ccs") == 0) {
+ opt.delay_ccs = atoi(q);
+ if (opt.delay_ccs < 0 || opt.delay_ccs > 1) {
+ exit_usage(p, q);
+ }
+ } else if (strcmp(p, "delay_cli") == 0 ||
+ strcmp(p, "delay_srv") == 0) {
+ uint8_t *delay_cnt;
+ char **delay_list;
+ size_t len;
+ char *buf;
+
+ if (strcmp(p, "delay_cli") == 0) {
+ delay_cnt = &opt.delay_cli_cnt;
+ delay_list = opt.delay_cli;
+ } else {
+ delay_cnt = &opt.delay_srv_cnt;
+ delay_list = opt.delay_srv;
+ }
+
+ if (*delay_cnt == MAX_DELAYED_HS) {
+ mbedtls_printf(" too many uses of %s: only %d allowed\n",
+ p, MAX_DELAYED_HS);
+ exit_usage(p, NULL);
+ }
+
+ len = strlen(q);
+ buf = mbedtls_calloc(1, len + 1);
+ if (buf == NULL) {
+ mbedtls_printf(" Allocation failure\n");
+ exit(1);
+ }
+ memcpy(buf, q, len + 1);
+
+ delay_list[(*delay_cnt)++] = buf;
+ } else if (strcmp(p, "drop") == 0) {
+ opt.drop = atoi(q);
+ if (opt.drop < 0 || opt.drop > 20 || opt.drop == 1) {
+ exit_usage(p, q);
+ }
+ } else if (strcmp(p, "pack") == 0) {
+#if defined(MBEDTLS_TIMING_C)
+ opt.pack = (unsigned) atoi(q);
+#else
+ mbedtls_printf(" option pack only defined if MBEDTLS_TIMING_C is enabled\n");
+ exit(1);
+#endif
+ } else if (strcmp(p, "mtu") == 0) {
+ opt.mtu = atoi(q);
+ if (opt.mtu < 0 || opt.mtu > MAX_MSG_SIZE) {
+ exit_usage(p, q);
+ }
+ } else if (strcmp(p, "bad_ad") == 0) {
+ opt.bad_ad = atoi(q);
+ if (opt.bad_ad < 0 || opt.bad_ad > 1) {
+ exit_usage(p, q);
+ }
+ }
+#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
+ else if (strcmp(p, "bad_cid") == 0) {
+ opt.bad_cid = (unsigned) atoi(q);
+ }
+#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
+ else if (strcmp(p, "protect_hvr") == 0) {
+ opt.protect_hvr = atoi(q);
+ if (opt.protect_hvr < 0 || opt.protect_hvr > 1) {
+ exit_usage(p, q);
+ }
+ } else if (strcmp(p, "protect_len") == 0) {
+ opt.protect_len = atoi(q);
+ if (opt.protect_len < 0) {
+ exit_usage(p, q);
+ }
+ } else if (strcmp(p, "inject_clihlo") == 0) {
+ opt.inject_clihlo = atoi(q);
+ if (opt.inject_clihlo < 0 || opt.inject_clihlo > 1) {
+ exit_usage(p, q);
+ }
+ } else if (strcmp(p, "seed") == 0) {
+ opt.seed = atoi(q);
+ if (opt.seed == 0) {
+ exit_usage(p, q);
+ }
+ } else {
+ exit_usage(p, NULL);
+ }
+ }
+}
+
+static const char *msg_type(unsigned char *msg, size_t len)
+{
+ if (len < 1) {
+ return "Invalid";
+ }
+ switch (msg[0]) {
+ case MBEDTLS_SSL_MSG_CHANGE_CIPHER_SPEC: return "ChangeCipherSpec";
+ case MBEDTLS_SSL_MSG_ALERT: return "Alert";
+ case MBEDTLS_SSL_MSG_APPLICATION_DATA: return "ApplicationData";
+ case MBEDTLS_SSL_MSG_CID: return "CID";
+ case MBEDTLS_SSL_MSG_HANDSHAKE: break; /* See below */
+ default: return "Unknown";
+ }
+
+ if (len < 13 + 12) {
+ return "Invalid handshake";
+ }
+
+ /*
+ * Our handshake message are less than 2^16 bytes long, so they should
+ * have 0 as the first byte of length, frag_offset and frag_length.
+ * Otherwise, assume they are encrypted.
+ */
+ if (msg[14] || msg[19] || msg[22]) {
+ return "Encrypted handshake";
+ }
+
+ switch (msg[13]) {
+ case MBEDTLS_SSL_HS_HELLO_REQUEST: return "HelloRequest";
+ case MBEDTLS_SSL_HS_CLIENT_HELLO: return "ClientHello";
+ case MBEDTLS_SSL_HS_SERVER_HELLO: return "ServerHello";
+ case MBEDTLS_SSL_HS_HELLO_VERIFY_REQUEST: return "HelloVerifyRequest";
+ case MBEDTLS_SSL_HS_NEW_SESSION_TICKET: return "NewSessionTicket";
+ case MBEDTLS_SSL_HS_CERTIFICATE: return "Certificate";
+ case MBEDTLS_SSL_HS_SERVER_KEY_EXCHANGE: return "ServerKeyExchange";
+ case MBEDTLS_SSL_HS_CERTIFICATE_REQUEST: return "CertificateRequest";
+ case MBEDTLS_SSL_HS_SERVER_HELLO_DONE: return "ServerHelloDone";
+ case MBEDTLS_SSL_HS_CERTIFICATE_VERIFY: return "CertificateVerify";
+ case MBEDTLS_SSL_HS_CLIENT_KEY_EXCHANGE: return "ClientKeyExchange";
+ case MBEDTLS_SSL_HS_FINISHED: return "Finished";
+ default: return "Unknown handshake";
+ }
+}
+
+#if defined(MBEDTLS_TIMING_C)
+/* Return elapsed time in milliseconds since the first call */
+static unsigned elapsed_time(void)
+{
+ static int initialized = 0;
+ static struct mbedtls_timing_hr_time hires;
+
+ if (initialized == 0) {
+ (void) mbedtls_timing_get_timer(&hires, 1);
+ initialized = 1;
+ return 0;
+ }
+
+ return mbedtls_timing_get_timer(&hires, 0);
+}
+
+typedef struct {
+ mbedtls_net_context *ctx;
+
+ const char *description;
+
+ unsigned packet_lifetime;
+ unsigned num_datagrams;
+
+ unsigned char data[MAX_MSG_SIZE];
+ size_t len;
+
+} ctx_buffer;
+
+static ctx_buffer outbuf[2];
+
+static int ctx_buffer_flush(ctx_buffer *buf)
+{
+ int ret;
+
+ mbedtls_printf(" %05u flush %s: %u bytes, %u datagrams, last %u ms\n",
+ elapsed_time(), buf->description,
+ (unsigned) buf->len, buf->num_datagrams,
+ elapsed_time() - buf->packet_lifetime);
+
+ ret = mbedtls_net_send(buf->ctx, buf->data, buf->len);
+
+ buf->len = 0;
+ buf->num_datagrams = 0;
+
+ return ret;
+}
+
+static unsigned ctx_buffer_time_remaining(ctx_buffer *buf)
+{
+ unsigned const cur_time = elapsed_time();
+
+ if (buf->num_datagrams == 0) {
+ return (unsigned) -1;
+ }
+
+ if (cur_time - buf->packet_lifetime >= opt.pack) {
+ return 0;
+ }
+
+ return opt.pack - (cur_time - buf->packet_lifetime);
+}
+
+static int ctx_buffer_append(ctx_buffer *buf,
+ const unsigned char *data,
+ size_t len)
+{
+ int ret;
+
+ if (len > (size_t) INT_MAX) {
+ return -1;
+ }
+
+ if (len > sizeof(buf->data)) {
+ mbedtls_printf(" ! buffer size %u too large (max %u)\n",
+ (unsigned) len, (unsigned) sizeof(buf->data));
+ return -1;
+ }
+
+ if (sizeof(buf->data) - buf->len < len) {
+ if ((ret = ctx_buffer_flush(buf)) <= 0) {
+ mbedtls_printf("ctx_buffer_flush failed with -%#04x", (unsigned int) -ret);
+ return ret;
+ }
+ }
+
+ memcpy(buf->data + buf->len, data, len);
+
+ buf->len += len;
+ if (++buf->num_datagrams == 1) {
+ buf->packet_lifetime = elapsed_time();
+ }
+
+ return (int) len;
+}
+#endif /* MBEDTLS_TIMING_C */
+
+static int dispatch_data(mbedtls_net_context *ctx,
+ const unsigned char *data,
+ size_t len)
+{
+ int ret;
+#if defined(MBEDTLS_TIMING_C)
+ ctx_buffer *buf = NULL;
+ if (opt.pack > 0) {
+ if (outbuf[0].ctx == ctx) {
+ buf = &outbuf[0];
+ } else if (outbuf[1].ctx == ctx) {
+ buf = &outbuf[1];
+ }
+
+ if (buf == NULL) {
+ return -1;
+ }
+
+ return ctx_buffer_append(buf, data, len);
+ }
+#endif /* MBEDTLS_TIMING_C */
+
+ ret = mbedtls_net_send(ctx, data, len);
+ if (ret < 0) {
+ mbedtls_printf("net_send returned -%#04x\n", (unsigned int) -ret);
+ }
+ return ret;
+}
+
+typedef struct {
+ mbedtls_net_context *dst;
+ const char *way;
+ const char *type;
+ unsigned len;
+ unsigned char buf[MAX_MSG_SIZE];
+} packet;
+
+/* Print packet. Outgoing packets come with a reason (forward, dupl, etc.) */
+void print_packet(const packet *p, const char *why)
+{
+#if defined(MBEDTLS_TIMING_C)
+ if (why == NULL) {
+ mbedtls_printf(" %05u dispatch %s %s (%u bytes)\n",
+ elapsed_time(), p->way, p->type, p->len);
+ } else {
+ mbedtls_printf(" %05u dispatch %s %s (%u bytes): %s\n",
+ elapsed_time(), p->way, p->type, p->len, why);
+ }
+#else
+ if (why == NULL) {
+ mbedtls_printf(" dispatch %s %s (%u bytes)\n",
+ p->way, p->type, p->len);
+ } else {
+ mbedtls_printf(" dispatch %s %s (%u bytes): %s\n",
+ p->way, p->type, p->len, why);
+ }
+#endif
+
+ fflush(stdout);
+}
+
+/*
+ * In order to test the server's behaviour when receiving a ClientHello after
+ * the connection is established (this could be a hard reset from the client,
+ * but the server must not drop the existing connection before establishing
+ * client reachability, see RFC 6347 Section 4.2.8), we memorize the first
+ * ClientHello we see (which can't have a cookie), then replay it after the
+ * first ApplicationData record - then we're done.
+ *
+ * This is controlled by the inject_clihlo option.
+ *
+ * We want an explicit state and a place to store the packet.
+ */
+typedef enum {
+ ICH_INIT, /* haven't seen the first ClientHello yet */
+ ICH_CACHED, /* cached the initial ClientHello */
+ ICH_INJECTED, /* ClientHello already injected, done */
+} inject_clihlo_state_t;
+
+static inject_clihlo_state_t inject_clihlo_state;
+static packet initial_clihlo;
+
+int send_packet(const packet *p, const char *why)
+{
+ int ret;
+ mbedtls_net_context *dst = p->dst;
+
+ /* save initial ClientHello? */
+ if (opt.inject_clihlo != 0 &&
+ inject_clihlo_state == ICH_INIT &&
+ strcmp(p->type, "ClientHello") == 0) {
+ memcpy(&initial_clihlo, p, sizeof(packet));
+ inject_clihlo_state = ICH_CACHED;
+ }
+
+ /* insert corrupted CID record? */
+ if (opt.bad_cid != 0 &&
+ strcmp(p->type, "CID") == 0 &&
+ (rand() % opt.bad_cid) == 0) {
+ unsigned char buf[MAX_MSG_SIZE];
+ memcpy(buf, p->buf, p->len);
+
+ /* The CID resides at offset 11 in the DTLS record header. */
+ buf[11] ^= 1;
+ print_packet(p, "modified CID");
+
+ if ((ret = dispatch_data(dst, buf, p->len)) <= 0) {
+ mbedtls_printf(" ! dispatch returned %d\n", ret);
+ return ret;
+ }
+ }
+
+ /* insert corrupted ApplicationData record? */
+ if (opt.bad_ad &&
+ strcmp(p->type, "ApplicationData") == 0) {
+ unsigned char buf[MAX_MSG_SIZE];
+ memcpy(buf, p->buf, p->len);
+
+ if (p->len <= 13) {
+ mbedtls_printf(" ! can't corrupt empty AD record");
+ } else {
+ ++buf[13];
+ print_packet(p, "corrupted");
+ }
+
+ if ((ret = dispatch_data(dst, buf, p->len)) <= 0) {
+ mbedtls_printf(" ! dispatch returned %d\n", ret);
+ return ret;
+ }
+ }
+
+ print_packet(p, why);
+ if ((ret = dispatch_data(dst, p->buf, p->len)) <= 0) {
+ mbedtls_printf(" ! dispatch returned %d\n", ret);
+ return ret;
+ }
+
+ /* Don't duplicate Application Data, only handshake covered */
+ if (opt.duplicate != 0 &&
+ strcmp(p->type, "ApplicationData") != 0 &&
+ rand() % opt.duplicate == 0) {
+ print_packet(p, "duplicated");
+
+ if ((ret = dispatch_data(dst, p->buf, p->len)) <= 0) {
+ mbedtls_printf(" ! dispatch returned %d\n", ret);
+ return ret;
+ }
+ }
+
+ /* Inject ClientHello after first ApplicationData */
+ if (opt.inject_clihlo != 0 &&
+ inject_clihlo_state == ICH_CACHED &&
+ strcmp(p->type, "ApplicationData") == 0) {
+ print_packet(&initial_clihlo, "injected");
+
+ if ((ret = dispatch_data(dst, initial_clihlo.buf,
+ initial_clihlo.len)) <= 0) {
+ mbedtls_printf(" ! dispatch returned %d\n", ret);
+ return ret;
+ }
+
+ inject_clihlo_state = ICH_INJECTED;
+ }
+
+ return 0;
+}
+
+#define MAX_DELAYED_MSG 5
+static size_t prev_len;
+static packet prev[MAX_DELAYED_MSG];
+
+void clear_pending(void)
+{
+ memset(&prev, 0, sizeof(prev));
+ prev_len = 0;
+}
+
+void delay_packet(packet *delay)
+{
+ if (prev_len == MAX_DELAYED_MSG) {
+ return;
+ }
+
+ memcpy(&prev[prev_len++], delay, sizeof(packet));
+}
+
+int send_delayed(void)
+{
+ uint8_t offset;
+ int ret;
+ for (offset = 0; offset < prev_len; offset++) {
+ ret = send_packet(&prev[offset], "delayed");
+ if (ret != 0) {
+ return ret;
+ }
+ }
+
+ clear_pending();
+ return 0;
+}
+
+/*
+ * Avoid dropping or delaying a packet that was already dropped or delayed
+ * ("held") twice: this only results in uninteresting timeouts. We can't rely
+ * on type to identify packets, since during renegotiation they're all
+ * encrypted. So, rely on size mod 2048 (which is usually just size).
+ *
+ * We only hold packets at the level of entire datagrams, not at the level
+ * of records. In particular, if the peer changes the way it packs multiple
+ * records into a single datagram, we don't necessarily count the number of
+ * times a record has been held correctly. However, the only known reason
+ * why a peer would change datagram packing is disabling the latter on
+ * retransmission, in which case we'd hold involved records at most
+ * HOLD_MAX + 1 times.
+ */
+static unsigned char held[2048] = { 0 };
+#define HOLD_MAX 2
+
+int handle_message(const char *way,
+ mbedtls_net_context *dst,
+ mbedtls_net_context *src)
+{
+ int ret;
+ packet cur;
+ size_t id;
+
+ uint8_t delay_idx;
+ char **delay_list;
+ uint8_t delay_list_len;
+
+ /* receive packet */
+ if ((ret = mbedtls_net_recv(src, cur.buf, sizeof(cur.buf))) <= 0) {
+ mbedtls_printf(" ! mbedtls_net_recv returned %d\n", ret);
+ return ret;
+ }
+
+ cur.len = ret;
+ cur.type = msg_type(cur.buf, cur.len);
+ cur.way = way;
+ cur.dst = dst;
+ print_packet(&cur, NULL);
+
+ id = cur.len % sizeof(held);
+
+ if (strcmp(way, "S <- C") == 0) {
+ delay_list = opt.delay_cli;
+ delay_list_len = opt.delay_cli_cnt;
+ } else {
+ delay_list = opt.delay_srv;
+ delay_list_len = opt.delay_srv_cnt;
+ }
+
+ /* Check if message type is in the list of messages
+ * that should be delayed */
+ for (delay_idx = 0; delay_idx < delay_list_len; delay_idx++) {
+ if (delay_list[delay_idx] == NULL) {
+ continue;
+ }
+
+ if (strcmp(delay_list[delay_idx], cur.type) == 0) {
+ /* Delay message */
+ delay_packet(&cur);
+
+ /* Remove entry from list */
+ mbedtls_free(delay_list[delay_idx]);
+ delay_list[delay_idx] = NULL;
+
+ return 0;
+ }
+ }
+
+ /* do we want to drop, delay, or forward it? */
+ if ((opt.mtu != 0 &&
+ cur.len > (unsigned) opt.mtu) ||
+ (opt.drop != 0 &&
+ strcmp(cur.type, "CID") != 0 &&
+ strcmp(cur.type, "ApplicationData") != 0 &&
+ !(opt.protect_hvr &&
+ strcmp(cur.type, "HelloVerifyRequest") == 0) &&
+ cur.len != (size_t) opt.protect_len &&
+ held[id] < HOLD_MAX &&
+ rand() % opt.drop == 0)) {
+ ++held[id];
+ } else if ((opt.delay_ccs == 1 &&
+ strcmp(cur.type, "ChangeCipherSpec") == 0) ||
+ (opt.delay != 0 &&
+ strcmp(cur.type, "CID") != 0 &&
+ strcmp(cur.type, "ApplicationData") != 0 &&
+ !(opt.protect_hvr &&
+ strcmp(cur.type, "HelloVerifyRequest") == 0) &&
+ cur.len != (size_t) opt.protect_len &&
+ held[id] < HOLD_MAX &&
+ rand() % opt.delay == 0)) {
+ ++held[id];
+ delay_packet(&cur);
+ } else {
+ /* forward and possibly duplicate */
+ if ((ret = send_packet(&cur, "forwarded")) != 0) {
+ return ret;
+ }
+
+ /* send previously delayed messages if any */
+ ret = send_delayed();
+ if (ret != 0) {
+ return ret;
+ }
+ }
+
+ return 0;
+}
+
+int main(int argc, char *argv[])
+{
+ int ret = 1;
+ int exit_code = MBEDTLS_EXIT_FAILURE;
+ uint8_t delay_idx;
+
+ mbedtls_net_context listen_fd, client_fd, server_fd;
+
+#if defined(MBEDTLS_TIMING_C)
+ struct timeval tm;
+#endif
+
+ struct timeval *tm_ptr = NULL;
+
+ int nb_fds;
+ fd_set read_fds;
+
+ mbedtls_net_init(&listen_fd);
+ mbedtls_net_init(&client_fd);
+ mbedtls_net_init(&server_fd);
+
+ get_options(argc, argv);
+
+ /*
+ * Decisions to drop/delay/duplicate packets are pseudo-random: dropping
+ * exactly 1 in N packets would lead to problems when a flight has exactly
+ * N packets: the same packet would be dropped on every resend.
+ *
+ * In order to be able to reproduce problems reliably, the seed may be
+ * specified explicitly.
+ */
+ if (opt.seed == 0) {
+#if defined(MBEDTLS_HAVE_TIME)
+ opt.seed = (unsigned int) mbedtls_time(NULL);
+#else
+ opt.seed = 1;
+#endif /* MBEDTLS_HAVE_TIME */
+ mbedtls_printf(" . Pseudo-random seed: %u\n", opt.seed);
+ }
+
+ srand(opt.seed);
+
+ /*
+ * 0. "Connect" to the server
+ */
+ mbedtls_printf(" . Connect to server on UDP/%s/%s ...",
+ opt.server_addr, opt.server_port);
+ fflush(stdout);
+
+ if ((ret = mbedtls_net_connect(&server_fd, opt.server_addr, opt.server_port,
+ MBEDTLS_NET_PROTO_UDP)) != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_net_connect returned %d\n\n", ret);
+ goto exit;
+ }
+
+ mbedtls_printf(" ok\n");
+
+ /*
+ * 1. Setup the "listening" UDP socket
+ */
+ mbedtls_printf(" . Bind on UDP/%s/%s ...",
+ opt.listen_addr, opt.listen_port);
+ fflush(stdout);
+
+ if ((ret = mbedtls_net_bind(&listen_fd, opt.listen_addr, opt.listen_port,
+ MBEDTLS_NET_PROTO_UDP)) != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_net_bind returned %d\n\n", ret);
+ goto exit;
+ }
+
+ mbedtls_printf(" ok\n");
+
+ /*
+ * 2. Wait until a client connects
+ */
+accept:
+ mbedtls_net_free(&client_fd);
+
+ mbedtls_printf(" . Waiting for a remote connection ...");
+ fflush(stdout);
+
+ if ((ret = mbedtls_net_accept(&listen_fd, &client_fd,
+ NULL, 0, NULL)) != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_net_accept returned %d\n\n", ret);
+ goto exit;
+ }
+
+ mbedtls_printf(" ok\n");
+
+ /*
+ * 3. Forward packets forever (kill the process to terminate it)
+ */
+ clear_pending();
+ memset(held, 0, sizeof(held));
+
+ nb_fds = client_fd.fd;
+ if (nb_fds < server_fd.fd) {
+ nb_fds = server_fd.fd;
+ }
+ if (nb_fds < listen_fd.fd) {
+ nb_fds = listen_fd.fd;
+ }
+ ++nb_fds;
+
+#if defined(MBEDTLS_TIMING_C)
+ if (opt.pack > 0) {
+ outbuf[0].ctx = &server_fd;
+ outbuf[0].description = "S <- C";
+ outbuf[0].num_datagrams = 0;
+ outbuf[0].len = 0;
+
+ outbuf[1].ctx = &client_fd;
+ outbuf[1].description = "S -> C";
+ outbuf[1].num_datagrams = 0;
+ outbuf[1].len = 0;
+ }
+#endif /* MBEDTLS_TIMING_C */
+
+ while (1) {
+#if defined(MBEDTLS_TIMING_C)
+ if (opt.pack > 0) {
+ unsigned max_wait_server, max_wait_client, max_wait;
+ max_wait_server = ctx_buffer_time_remaining(&outbuf[0]);
+ max_wait_client = ctx_buffer_time_remaining(&outbuf[1]);
+
+ max_wait = (unsigned) -1;
+
+ if (max_wait_server == 0) {
+ ctx_buffer_flush(&outbuf[0]);
+ } else {
+ max_wait = max_wait_server;
+ }
+
+ if (max_wait_client == 0) {
+ ctx_buffer_flush(&outbuf[1]);
+ } else {
+ if (max_wait_client < max_wait) {
+ max_wait = max_wait_client;
+ }
+ }
+
+ if (max_wait != (unsigned) -1) {
+ tm.tv_sec = max_wait / 1000;
+ tm.tv_usec = (max_wait % 1000) * 1000;
+
+ tm_ptr = &tm;
+ } else {
+ tm_ptr = NULL;
+ }
+ }
+#endif /* MBEDTLS_TIMING_C */
+
+ FD_ZERO(&read_fds);
+ FD_SET(server_fd.fd, &read_fds);
+ FD_SET(client_fd.fd, &read_fds);
+ FD_SET(listen_fd.fd, &read_fds);
+
+ if ((ret = select(nb_fds, &read_fds, NULL, NULL, tm_ptr)) < 0) {
+ perror("select");
+ goto exit;
+ }
+
+ if (FD_ISSET(listen_fd.fd, &read_fds)) {
+ goto accept;
+ }
+
+ if (FD_ISSET(client_fd.fd, &read_fds)) {
+ if ((ret = handle_message("S <- C",
+ &server_fd, &client_fd)) != 0) {
+ goto accept;
+ }
+ }
+
+ if (FD_ISSET(server_fd.fd, &read_fds)) {
+ if ((ret = handle_message("S -> C",
+ &client_fd, &server_fd)) != 0) {
+ goto accept;
+ }
+ }
+
+ }
+
+ exit_code = MBEDTLS_EXIT_SUCCESS;
+
+exit:
+
+#ifdef MBEDTLS_ERROR_C
+ if (exit_code != MBEDTLS_EXIT_SUCCESS) {
+ char error_buf[100];
+ mbedtls_strerror(ret, error_buf, 100);
+ mbedtls_printf("Last error was: -0x%04X - %s\n\n", (unsigned int) -ret, error_buf);
+ fflush(stdout);
+ }
+#endif
+
+ for (delay_idx = 0; delay_idx < MAX_DELAYED_HS; delay_idx++) {
+ mbedtls_free(opt.delay_cli[delay_idx]);
+ mbedtls_free(opt.delay_srv[delay_idx]);
+ }
+
+ mbedtls_net_free(&client_fd);
+ mbedtls_net_free(&server_fd);
+ mbedtls_net_free(&listen_fd);
+
+ mbedtls_exit(exit_code);
+}
+
+#endif /* MBEDTLS_NET_C */
diff --git a/programs/test/udp_proxy_wrapper.sh b/programs/test/udp_proxy_wrapper.sh
new file mode 100755
index 0000000..aa6a6d1
--- /dev/null
+++ b/programs/test/udp_proxy_wrapper.sh
@@ -0,0 +1,120 @@
+#!/bin/sh
+# -*-sh-basic-offset: 4-*-
+# Usage: udp_proxy_wrapper.sh [PROXY_PARAM...] -- [SERVER_PARAM...]
+#
+# Copyright The Mbed TLS Contributors
+# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+
+set -u
+
+MBEDTLS_BASE="$(dirname -- "$0")/../.."
+TPXY_BIN="$MBEDTLS_BASE/programs/test/udp_proxy"
+SRV_BIN="$MBEDTLS_BASE/programs/ssl/ssl_server2"
+
+: ${VERBOSE:=0}
+
+stop_proxy() {
+ if [ -n "${tpxy_pid:-}" ]; then
+ echo
+ echo " * Killing proxy (pid $tpxy_pid) ..."
+ kill $tpxy_pid
+ fi
+}
+
+stop_server() {
+ if [ -n "${srv_pid:-}" ]; then
+ echo
+ echo " * Killing server (pid $srv_pid) ..."
+ kill $srv_pid >/dev/null 2>/dev/null
+ fi
+}
+
+cleanup() {
+ stop_server
+ stop_proxy
+ exit 129
+}
+
+trap cleanup INT TERM HUP
+
+# Extract the proxy parameters
+tpxy_cmd_snippet='"$TPXY_BIN"'
+while [ $# -ne 0 ] && [ "$1" != "--" ]; do
+ tail="$1" quoted=""
+ while [ -n "$tail" ]; do
+ case "$tail" in
+ *\'*) quoted="${quoted}${tail%%\'*}'\\''" tail="${tail#*\'}";;
+ *) quoted="${quoted}${tail}"; tail=; false;;
+ esac
+ done
+ tpxy_cmd_snippet="$tpxy_cmd_snippet '$quoted'"
+ shift
+done
+unset tail quoted
+if [ $# -eq 0 ]; then
+ echo " * No server arguments (must be preceded by \" -- \") - exit"
+ exit 3
+fi
+shift
+
+dtls_enabled=
+ipv6_in_use=
+server_port_orig=
+server_addr_orig=
+for param; do
+ case "$param" in
+ server_port=*) server_port_orig="${param#*=}";;
+ server_addr=*:*) server_addr_orig="${param#*=}"; ipv6_in_use=1;;
+ server_addr=*) server_addr_orig="${param#*=}";;
+ dtls=[!0]*) dtls_enabled=1;;
+ esac
+done
+
+if [ -z "$dtls_enabled" ] || [ -n "$ipv6_in_use" ]; then
+ echo >&2 "$0: Couldn't find DTLS enabling, or IPv6 is in use - immediate fallback to server application..."
+ if [ $VERBOSE -gt 0 ]; then
+ echo "[ $SRV_BIN $* ]"
+ fi
+ exec "$SRV_BIN" "$@"
+fi
+
+if [ -z "$server_port_orig" ]; then
+ server_port_orig=4433
+fi
+echo " * Server port: $server_port_orig"
+tpxy_cmd_snippet="$tpxy_cmd_snippet \"listen_port=\$server_port_orig\""
+tpxy_cmd_snippet="$tpxy_cmd_snippet \"server_port=\$server_port\""
+
+if [ -n "$server_addr_orig" ]; then
+ echo " * Server address: $server_addr_orig"
+ tpxy_cmd_snippet="$tpxy_cmd_snippet \"server_addr=\$server_addr_orig\""
+ tpxy_cmd_snippet="$tpxy_cmd_snippet \"listen_addr=\$server_addr_orig\""
+fi
+
+server_port=$(( server_port_orig + 1 ))
+set -- "$@" "server_port=$server_port"
+echo " * Intermediate port: $server_port"
+
+echo " * Start proxy in background ..."
+if [ $VERBOSE -gt 0 ]; then
+ echo "[ $tpxy_cmd_snippet ]"
+fi
+eval exec "$tpxy_cmd_snippet" >/dev/null 2>&1 &
+tpxy_pid=$!
+
+if [ $VERBOSE -gt 0 ]; then
+ echo " * Proxy ID: $TPXY_PID"
+fi
+
+echo " * Starting server ..."
+if [ $VERBOSE -gt 0 ]; then
+ echo "[ $SRV_BIN $* ]"
+fi
+
+exec "$SRV_BIN" "$@" >&2 &
+srv_pid=$!
+
+wait $srv_pid
+
+stop_proxy
+return 0
diff --git a/programs/test/zeroize.c b/programs/test/zeroize.c
new file mode 100644
index 0000000..1e9b98d
--- /dev/null
+++ b/programs/test/zeroize.c
@@ -0,0 +1,72 @@
+/*
+ * Zeroize application for debugger-driven testing
+ *
+ * This is a simple test application used for debugger-driven testing to check
+ * whether calls to mbedtls_platform_zeroize() are being eliminated by compiler
+ * optimizations. This application is used by the GDB script at
+ * tests/scripts/test_zeroize.gdb: the script sets a breakpoint at the last
+ * return statement in the main() function of this program. The debugger
+ * facilities are then used to manually inspect the memory and verify that the
+ * call to mbedtls_platform_zeroize() was not eliminated.
+ *
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ */
+
+#include "mbedtls/build_info.h"
+
+#include <stdio.h>
+
+#include "mbedtls/platform.h"
+
+#include "mbedtls/platform_util.h"
+
+#define BUFFER_LEN 1024
+
+void usage(void)
+{
+ mbedtls_printf("Zeroize is a simple program to assist with testing\n");
+ mbedtls_printf("the mbedtls_platform_zeroize() function by using the\n");
+ mbedtls_printf("debugger. This program takes a file as input and\n");
+ mbedtls_printf("prints the first %d characters. Usage:\n\n", BUFFER_LEN);
+ mbedtls_printf(" zeroize <FILE>\n");
+}
+
+int main(int argc, char **argv)
+{
+ int exit_code = MBEDTLS_EXIT_FAILURE;
+ FILE *fp;
+ char buf[BUFFER_LEN];
+ char *p = buf;
+ char *end = p + BUFFER_LEN;
+ int c;
+
+ if (argc != 2) {
+ mbedtls_printf("This program takes exactly 1 argument\n");
+ usage();
+ mbedtls_exit(exit_code);
+ }
+
+ fp = fopen(argv[1], "r");
+ if (fp == NULL) {
+ mbedtls_printf("Could not open file '%s'\n", argv[1]);
+ mbedtls_exit(exit_code);
+ }
+
+ while ((c = fgetc(fp)) != EOF && p < end - 1) {
+ *p++ = (char) c;
+ }
+ *p = '\0';
+
+ if (p - buf != 0) {
+ mbedtls_printf("%s\n", buf);
+ exit_code = MBEDTLS_EXIT_SUCCESS;
+ } else {
+ mbedtls_printf("The file is empty!\n");
+ }
+
+ fclose(fp);
+ mbedtls_platform_zeroize(buf, sizeof(buf));
+
+ mbedtls_exit(exit_code); // GDB_BREAK_HERE -- don't remove this comment!
+}
diff --git a/programs/util/CMakeLists.txt b/programs/util/CMakeLists.txt
new file mode 100644
index 0000000..cb6bc3d
--- /dev/null
+++ b/programs/util/CMakeLists.txt
@@ -0,0 +1,18 @@
+set(libs
+ ${mbedcrypto_target}
+)
+
+set(executables
+ pem2der
+ strerror
+)
+
+foreach(exe IN LISTS executables)
+ add_executable(${exe} ${exe}.c $<TARGET_OBJECTS:mbedtls_test>)
+ target_link_libraries(${exe} ${libs} ${CMAKE_THREAD_LIBS_INIT})
+ target_include_directories(${exe} PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../tests/include)
+endforeach()
+
+install(TARGETS ${executables}
+ DESTINATION "bin"
+ PERMISSIONS OWNER_READ OWNER_WRITE OWNER_EXECUTE GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE)
diff --git a/programs/util/pem2der.c b/programs/util/pem2der.c
new file mode 100644
index 0000000..d682c2b
--- /dev/null
+++ b/programs/util/pem2der.c
@@ -0,0 +1,265 @@
+/*
+ * Convert PEM to DER
+ *
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ */
+
+#include "mbedtls/build_info.h"
+
+#include "mbedtls/platform.h"
+
+#if defined(MBEDTLS_BASE64_C) && defined(MBEDTLS_FS_IO)
+#include "mbedtls/error.h"
+#include "mbedtls/base64.h"
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#endif
+
+#define DFL_FILENAME "file.pem"
+#define DFL_OUTPUT_FILENAME "file.der"
+
+#define USAGE \
+ "\n usage: pem2der param=<>...\n" \
+ "\n acceptable parameters:\n" \
+ " filename=%%s default: file.pem\n" \
+ " output_file=%%s default: file.der\n" \
+ "\n"
+
+#if !defined(MBEDTLS_BASE64_C) || !defined(MBEDTLS_FS_IO)
+int main(void)
+{
+ mbedtls_printf("MBEDTLS_BASE64_C and/or MBEDTLS_FS_IO not defined.\n");
+ mbedtls_exit(0);
+}
+#else
+
+
+/*
+ * global options
+ */
+struct options {
+ const char *filename; /* filename of the input file */
+ const char *output_file; /* where to store the output */
+} opt;
+
+int convert_pem_to_der(const unsigned char *input, size_t ilen,
+ unsigned char *output, size_t *olen)
+{
+ int ret;
+ const unsigned char *s1, *s2, *end = input + ilen;
+ size_t len = 0;
+
+ s1 = (unsigned char *) strstr((const char *) input, "-----BEGIN");
+ if (s1 == NULL) {
+ return -1;
+ }
+
+ s2 = (unsigned char *) strstr((const char *) input, "-----END");
+ if (s2 == NULL) {
+ return -1;
+ }
+
+ s1 += 10;
+ while (s1 < end && *s1 != '-') {
+ s1++;
+ }
+ while (s1 < end && *s1 == '-') {
+ s1++;
+ }
+ if (*s1 == '\r') {
+ s1++;
+ }
+ if (*s1 == '\n') {
+ s1++;
+ }
+
+ if (s2 <= s1 || s2 > end) {
+ return -1;
+ }
+
+ ret = mbedtls_base64_decode(NULL, 0, &len, (const unsigned char *) s1, s2 - s1);
+ if (ret == MBEDTLS_ERR_BASE64_INVALID_CHARACTER) {
+ return ret;
+ }
+
+ if (len > *olen) {
+ return -1;
+ }
+
+ if ((ret = mbedtls_base64_decode(output, len, &len, (const unsigned char *) s1,
+ s2 - s1)) != 0) {
+ return ret;
+ }
+
+ *olen = len;
+
+ return 0;
+}
+
+/*
+ * Load all data from a file into a given buffer.
+ */
+static int load_file(const char *path, unsigned char **buf, size_t *n)
+{
+ FILE *f;
+ long size;
+
+ if ((f = fopen(path, "rb")) == NULL) {
+ return -1;
+ }
+
+ fseek(f, 0, SEEK_END);
+ if ((size = ftell(f)) == -1) {
+ fclose(f);
+ return -1;
+ }
+ fseek(f, 0, SEEK_SET);
+
+ *n = (size_t) size;
+
+ if (*n + 1 == 0 ||
+ (*buf = mbedtls_calloc(1, *n + 1)) == NULL) {
+ fclose(f);
+ return -1;
+ }
+
+ if (fread(*buf, 1, *n, f) != *n) {
+ fclose(f);
+ free(*buf);
+ *buf = NULL;
+ return -1;
+ }
+
+ fclose(f);
+
+ (*buf)[*n] = '\0';
+
+ return 0;
+}
+
+/*
+ * Write buffer to a file
+ */
+static int write_file(const char *path, unsigned char *buf, size_t n)
+{
+ FILE *f;
+
+ if ((f = fopen(path, "wb")) == NULL) {
+ return -1;
+ }
+
+ if (fwrite(buf, 1, n, f) != n) {
+ fclose(f);
+ return -1;
+ }
+
+ fclose(f);
+ return 0;
+}
+
+int main(int argc, char *argv[])
+{
+ int ret = 1;
+ int exit_code = MBEDTLS_EXIT_FAILURE;
+ unsigned char *pem_buffer = NULL;
+ unsigned char der_buffer[4096];
+ char buf[1024];
+ size_t pem_size, der_size = sizeof(der_buffer);
+ int i;
+ char *p, *q;
+
+ /*
+ * Set to sane values
+ */
+ memset(buf, 0, sizeof(buf));
+ memset(der_buffer, 0, sizeof(der_buffer));
+
+ if (argc < 2) {
+usage:
+ mbedtls_printf(USAGE);
+ goto exit;
+ }
+
+ opt.filename = DFL_FILENAME;
+ opt.output_file = DFL_OUTPUT_FILENAME;
+
+ for (i = 1; i < argc; i++) {
+
+ p = argv[i];
+ if ((q = strchr(p, '=')) == NULL) {
+ goto usage;
+ }
+ *q++ = '\0';
+
+ if (strcmp(p, "filename") == 0) {
+ opt.filename = q;
+ } else if (strcmp(p, "output_file") == 0) {
+ opt.output_file = q;
+ } else {
+ goto usage;
+ }
+ }
+
+ /*
+ * 1.1. Load the PEM file
+ */
+ mbedtls_printf("\n . Loading the PEM file ...");
+ fflush(stdout);
+
+ ret = load_file(opt.filename, &pem_buffer, &pem_size);
+
+ if (ret != 0) {
+#ifdef MBEDTLS_ERROR_C
+ mbedtls_strerror(ret, buf, 1024);
+#endif
+ mbedtls_printf(" failed\n ! load_file returned %d - %s\n\n", ret, buf);
+ goto exit;
+ }
+
+ mbedtls_printf(" ok\n");
+
+ /*
+ * 1.2. Convert from PEM to DER
+ */
+ mbedtls_printf(" . Converting from PEM to DER ...");
+ fflush(stdout);
+
+ if ((ret = convert_pem_to_der(pem_buffer, pem_size, der_buffer, &der_size)) != 0) {
+#ifdef MBEDTLS_ERROR_C
+ mbedtls_strerror(ret, buf, 1024);
+#endif
+ mbedtls_printf(" failed\n ! convert_pem_to_der %d - %s\n\n", ret, buf);
+ goto exit;
+ }
+
+ mbedtls_printf(" ok\n");
+
+ /*
+ * 1.3. Write the DER file
+ */
+ mbedtls_printf(" . Writing the DER file ...");
+ fflush(stdout);
+
+ ret = write_file(opt.output_file, der_buffer, der_size);
+
+ if (ret != 0) {
+#ifdef MBEDTLS_ERROR_C
+ mbedtls_strerror(ret, buf, 1024);
+#endif
+ mbedtls_printf(" failed\n ! write_file returned %d - %s\n\n", ret, buf);
+ goto exit;
+ }
+
+ mbedtls_printf(" ok\n");
+
+ exit_code = MBEDTLS_EXIT_SUCCESS;
+
+exit:
+ free(pem_buffer);
+
+ mbedtls_exit(exit_code);
+}
+#endif /* MBEDTLS_BASE64_C && MBEDTLS_FS_IO */
diff --git a/programs/util/strerror.c b/programs/util/strerror.c
new file mode 100644
index 0000000..316f286
--- /dev/null
+++ b/programs/util/strerror.c
@@ -0,0 +1,61 @@
+/*
+ * Translate error code to error string
+ *
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ */
+
+#include "mbedtls/build_info.h"
+
+#include "mbedtls/platform.h"
+
+#if defined(MBEDTLS_ERROR_C) || defined(MBEDTLS_ERROR_STRERROR_DUMMY)
+#include "mbedtls/error.h"
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#endif
+
+#define USAGE \
+ "\n usage: strerror <errorcode>\n" \
+ "\n where <errorcode> can be a decimal or hexadecimal (starts with 0x or -0x)\n"
+
+#if !defined(MBEDTLS_ERROR_C) && !defined(MBEDTLS_ERROR_STRERROR_DUMMY)
+int main(void)
+{
+ mbedtls_printf("MBEDTLS_ERROR_C and/or MBEDTLS_ERROR_STRERROR_DUMMY not defined.\n");
+ mbedtls_exit(0);
+}
+#else
+int main(int argc, char *argv[])
+{
+ long int val;
+ char *end = argv[1];
+
+ if (argc != 2) {
+ mbedtls_printf(USAGE);
+ mbedtls_exit(0);
+ }
+
+ val = strtol(argv[1], &end, 10);
+ if (*end != '\0') {
+ val = strtol(argv[1], &end, 16);
+ if (*end != '\0') {
+ mbedtls_printf(USAGE);
+ return 0;
+ }
+ }
+ if (val > 0) {
+ val = -val;
+ }
+
+ if (val != 0) {
+ char error_buf[200];
+ mbedtls_strerror(val, error_buf, 200);
+ mbedtls_printf("Last error was: -0x%04x - %s\n\n", (unsigned int) -val, error_buf);
+ }
+
+ mbedtls_exit(val);
+}
+#endif /* MBEDTLS_ERROR_C */
diff --git a/programs/wince_main.c b/programs/wince_main.c
new file mode 100644
index 0000000..e817b9f
--- /dev/null
+++ b/programs/wince_main.c
@@ -0,0 +1,31 @@
+/*
+ * Windows CE console application entry point
+ *
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ */
+
+#if defined(_WIN32_WCE)
+
+#include <windows.h>
+
+extern int main(int, const char **);
+
+int _tmain(int argc, _TCHAR *targv[])
+{
+ char **argv;
+ int i;
+
+ argv = (char **) calloc(argc, sizeof(char *));
+
+ for (i = 0; i < argc; i++) {
+ size_t len;
+ len = _tcslen(targv[i]) + 1;
+ argv[i] = (char *) calloc(len, sizeof(char));
+ wcstombs(argv[i], targv[i], len);
+ }
+
+ return main(argc, argv);
+}
+
+#endif /* defined(_WIN32_WCE) */
diff --git a/programs/x509/CMakeLists.txt b/programs/x509/CMakeLists.txt
new file mode 100644
index 0000000..43437f0
--- /dev/null
+++ b/programs/x509/CMakeLists.txt
@@ -0,0 +1,24 @@
+set(libs
+ ${mbedx509_target}
+)
+
+set(executables
+ cert_app
+ cert_req
+ cert_write
+ crl_app
+ load_roots
+ req_app
+)
+
+foreach(exe IN LISTS executables)
+ add_executable(${exe} ${exe}.c $<TARGET_OBJECTS:mbedtls_test>)
+ target_link_libraries(${exe} ${libs} ${CMAKE_THREAD_LIBS_INIT})
+ target_include_directories(${exe} PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../tests/include)
+endforeach()
+
+target_link_libraries(cert_app ${mbedtls_target})
+
+install(TARGETS ${executables}
+ DESTINATION "bin"
+ PERMISSIONS OWNER_READ OWNER_WRITE OWNER_EXECUTE GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE)
diff --git a/programs/x509/cert_app.c b/programs/x509/cert_app.c
new file mode 100644
index 0000000..cb1e5bc
--- /dev/null
+++ b/programs/x509/cert_app.c
@@ -0,0 +1,456 @@
+/*
+ * Certificate reading application
+ *
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ */
+
+#include "mbedtls/build_info.h"
+
+#include "mbedtls/platform.h"
+
+#if !defined(MBEDTLS_BIGNUM_C) || !defined(MBEDTLS_ENTROPY_C) || \
+ !defined(MBEDTLS_SSL_TLS_C) || !defined(MBEDTLS_SSL_CLI_C) || \
+ !defined(MBEDTLS_NET_C) || !defined(MBEDTLS_RSA_C) || \
+ !defined(MBEDTLS_X509_CRT_PARSE_C) || !defined(MBEDTLS_FS_IO) || \
+ !defined(MBEDTLS_CTR_DRBG_C) || defined(MBEDTLS_X509_REMOVE_INFO)
+int main(void)
+{
+ mbedtls_printf("MBEDTLS_BIGNUM_C and/or MBEDTLS_ENTROPY_C and/or "
+ "MBEDTLS_SSL_TLS_C and/or MBEDTLS_SSL_CLI_C and/or "
+ "MBEDTLS_NET_C and/or MBEDTLS_RSA_C and/or "
+ "MBEDTLS_X509_CRT_PARSE_C and/or MBEDTLS_FS_IO and/or "
+ "MBEDTLS_CTR_DRBG_C not defined and/or MBEDTLS_X509_REMOVE_INFO defined.\n");
+ mbedtls_exit(0);
+}
+#else
+
+#include "mbedtls/entropy.h"
+#include "mbedtls/ctr_drbg.h"
+#include "mbedtls/net_sockets.h"
+#include "mbedtls/ssl.h"
+#include "mbedtls/x509.h"
+#include "mbedtls/debug.h"
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#define MODE_NONE 0
+#define MODE_FILE 1
+#define MODE_SSL 2
+
+#define DFL_MODE MODE_NONE
+#define DFL_FILENAME "cert.crt"
+#define DFL_CA_FILE ""
+#define DFL_CRL_FILE ""
+#define DFL_CA_PATH ""
+#define DFL_SERVER_NAME "localhost"
+#define DFL_SERVER_PORT "4433"
+#define DFL_DEBUG_LEVEL 0
+#define DFL_PERMISSIVE 0
+
+#define USAGE_IO \
+ " ca_file=%%s The single file containing the top-level CA(s) you fully trust\n" \
+ " default: \"\" (none)\n" \
+ " crl_file=%%s The single CRL file you want to use\n" \
+ " default: \"\" (none)\n" \
+ " ca_path=%%s The path containing the top-level CA(s) you fully trust\n" \
+ " default: \"\" (none) (overrides ca_file)\n"
+
+#define USAGE \
+ "\n usage: cert_app param=<>...\n" \
+ "\n acceptable parameters:\n" \
+ " mode=file|ssl default: none\n" \
+ " filename=%%s default: cert.crt\n" \
+ USAGE_IO \
+ " server_name=%%s default: localhost\n" \
+ " server_port=%%d default: 4433\n" \
+ " debug_level=%%d default: 0 (disabled)\n" \
+ " permissive=%%d default: 0 (disabled)\n" \
+ "\n"
+
+
+/*
+ * global options
+ */
+struct options {
+ int mode; /* the mode to run the application in */
+ const char *filename; /* filename of the certificate file */
+ const char *ca_file; /* the file with the CA certificate(s) */
+ const char *crl_file; /* the file with the CRL to use */
+ const char *ca_path; /* the path with the CA certificate(s) reside */
+ const char *server_name; /* hostname of the server (client only) */
+ const char *server_port; /* port on which the ssl service runs */
+ int debug_level; /* level of debugging */
+ int permissive; /* permissive parsing */
+} opt;
+
+static void my_debug(void *ctx, int level,
+ const char *file, int line,
+ const char *str)
+{
+ ((void) level);
+
+ mbedtls_fprintf((FILE *) ctx, "%s:%04d: %s", file, line, str);
+ fflush((FILE *) ctx);
+}
+
+static int my_verify(void *data, mbedtls_x509_crt *crt, int depth, uint32_t *flags)
+{
+ char buf[1024];
+ ((void) data);
+
+ mbedtls_printf("\nVerify requested for (Depth %d):\n", depth);
+ mbedtls_x509_crt_info(buf, sizeof(buf) - 1, "", crt);
+ mbedtls_printf("%s", buf);
+
+ if ((*flags) == 0) {
+ mbedtls_printf(" This certificate has no flags\n");
+ } else {
+ mbedtls_x509_crt_verify_info(buf, sizeof(buf), " ! ", *flags);
+ mbedtls_printf("%s\n", buf);
+ }
+
+ return 0;
+}
+
+int main(int argc, char *argv[])
+{
+ int ret = 1;
+ int exit_code = MBEDTLS_EXIT_FAILURE;
+ mbedtls_net_context server_fd;
+ unsigned char buf[1024];
+ mbedtls_entropy_context entropy;
+ mbedtls_ctr_drbg_context ctr_drbg;
+ mbedtls_ssl_context ssl;
+ mbedtls_ssl_config conf;
+ mbedtls_x509_crt cacert;
+ mbedtls_x509_crl cacrl;
+ int i, j;
+ uint32_t flags;
+ int verify = 0;
+ char *p, *q;
+ const char *pers = "cert_app";
+
+ /*
+ * Set to sane values
+ */
+ mbedtls_net_init(&server_fd);
+ mbedtls_ctr_drbg_init(&ctr_drbg);
+ mbedtls_ssl_init(&ssl);
+ mbedtls_ssl_config_init(&conf);
+ mbedtls_x509_crt_init(&cacert);
+ mbedtls_entropy_init(&entropy);
+#if defined(MBEDTLS_X509_CRL_PARSE_C)
+ mbedtls_x509_crl_init(&cacrl);
+#else
+ /* Zeroize structure as CRL parsing is not supported and we have to pass
+ it to the verify function */
+ memset(&cacrl, 0, sizeof(mbedtls_x509_crl));
+#endif
+
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ psa_status_t status = psa_crypto_init();
+ if (status != PSA_SUCCESS) {
+ mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n",
+ (int) status);
+ goto exit;
+ }
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+
+ if (argc < 2) {
+usage:
+ mbedtls_printf(USAGE);
+ goto exit;
+ }
+
+ opt.mode = DFL_MODE;
+ opt.filename = DFL_FILENAME;
+ opt.ca_file = DFL_CA_FILE;
+ opt.crl_file = DFL_CRL_FILE;
+ opt.ca_path = DFL_CA_PATH;
+ opt.server_name = DFL_SERVER_NAME;
+ opt.server_port = DFL_SERVER_PORT;
+ opt.debug_level = DFL_DEBUG_LEVEL;
+ opt.permissive = DFL_PERMISSIVE;
+
+ for (i = 1; i < argc; i++) {
+ p = argv[i];
+ if ((q = strchr(p, '=')) == NULL) {
+ goto usage;
+ }
+ *q++ = '\0';
+
+ for (j = 0; p + j < q; j++) {
+ if (argv[i][j] >= 'A' && argv[i][j] <= 'Z') {
+ argv[i][j] |= 0x20;
+ }
+ }
+
+ if (strcmp(p, "mode") == 0) {
+ if (strcmp(q, "file") == 0) {
+ opt.mode = MODE_FILE;
+ } else if (strcmp(q, "ssl") == 0) {
+ opt.mode = MODE_SSL;
+ } else {
+ goto usage;
+ }
+ } else if (strcmp(p, "filename") == 0) {
+ opt.filename = q;
+ } else if (strcmp(p, "ca_file") == 0) {
+ opt.ca_file = q;
+ } else if (strcmp(p, "crl_file") == 0) {
+ opt.crl_file = q;
+ } else if (strcmp(p, "ca_path") == 0) {
+ opt.ca_path = q;
+ } else if (strcmp(p, "server_name") == 0) {
+ opt.server_name = q;
+ } else if (strcmp(p, "server_port") == 0) {
+ opt.server_port = q;
+ } else if (strcmp(p, "debug_level") == 0) {
+ opt.debug_level = atoi(q);
+ if (opt.debug_level < 0 || opt.debug_level > 65535) {
+ goto usage;
+ }
+ } else if (strcmp(p, "permissive") == 0) {
+ opt.permissive = atoi(q);
+ if (opt.permissive < 0 || opt.permissive > 1) {
+ goto usage;
+ }
+ } else {
+ goto usage;
+ }
+ }
+
+ /*
+ * 1.1. Load the trusted CA
+ */
+ mbedtls_printf(" . Loading the CA root certificate ...");
+ fflush(stdout);
+
+ if (strlen(opt.ca_path)) {
+ if ((ret = mbedtls_x509_crt_parse_path(&cacert, opt.ca_path)) < 0) {
+ mbedtls_printf(" failed\n ! mbedtls_x509_crt_parse_path returned -0x%x\n\n",
+ (unsigned int) -ret);
+ goto exit;
+ }
+
+ verify = 1;
+ } else if (strlen(opt.ca_file)) {
+ if ((ret = mbedtls_x509_crt_parse_file(&cacert, opt.ca_file)) < 0) {
+ mbedtls_printf(" failed\n ! mbedtls_x509_crt_parse_file returned -0x%x\n\n",
+ (unsigned int) -ret);
+ goto exit;
+ }
+
+ verify = 1;
+ }
+
+ mbedtls_printf(" ok (%d skipped)\n", ret);
+
+#if defined(MBEDTLS_X509_CRL_PARSE_C)
+ if (strlen(opt.crl_file)) {
+ if ((ret = mbedtls_x509_crl_parse_file(&cacrl, opt.crl_file)) != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_x509_crl_parse returned -0x%x\n\n",
+ (unsigned int) -ret);
+ goto exit;
+ }
+
+ verify = 1;
+ }
+#endif
+
+ if (opt.mode == MODE_FILE) {
+ mbedtls_x509_crt crt;
+ mbedtls_x509_crt *cur = &crt;
+ mbedtls_x509_crt_init(&crt);
+
+ /*
+ * 1.1. Load the certificate(s)
+ */
+ mbedtls_printf("\n . Loading the certificate(s) ...");
+ fflush(stdout);
+
+ ret = mbedtls_x509_crt_parse_file(&crt, opt.filename);
+
+ if (ret < 0) {
+ mbedtls_printf(" failed\n ! mbedtls_x509_crt_parse_file returned %d\n\n", ret);
+ mbedtls_x509_crt_free(&crt);
+ goto exit;
+ }
+
+ if (opt.permissive == 0 && ret > 0) {
+ mbedtls_printf(
+ " failed\n ! mbedtls_x509_crt_parse failed to parse %d certificates\n\n",
+ ret);
+ mbedtls_x509_crt_free(&crt);
+ goto exit;
+ }
+
+ mbedtls_printf(" ok\n");
+
+ /*
+ * 1.2 Print the certificate(s)
+ */
+ while (cur != NULL) {
+ mbedtls_printf(" . Peer certificate information ...\n");
+ ret = mbedtls_x509_crt_info((char *) buf, sizeof(buf) - 1, " ",
+ cur);
+ if (ret == -1) {
+ mbedtls_printf(" failed\n ! mbedtls_x509_crt_info returned %d\n\n", ret);
+ mbedtls_x509_crt_free(&crt);
+ goto exit;
+ }
+
+ mbedtls_printf("%s\n", buf);
+
+ cur = cur->next;
+ }
+
+ /*
+ * 1.3 Verify the certificate
+ */
+ if (verify) {
+ mbedtls_printf(" . Verifying X.509 certificate...");
+
+ if ((ret = mbedtls_x509_crt_verify(&crt, &cacert, &cacrl, NULL, &flags,
+ my_verify, NULL)) != 0) {
+ char vrfy_buf[512];
+
+ mbedtls_printf(" failed\n");
+
+ mbedtls_x509_crt_verify_info(vrfy_buf, sizeof(vrfy_buf), " ! ", flags);
+
+ mbedtls_printf("%s\n", vrfy_buf);
+ } else {
+ mbedtls_printf(" ok\n");
+ }
+ }
+
+ mbedtls_x509_crt_free(&crt);
+ } else if (opt.mode == MODE_SSL) {
+ /*
+ * 1. Initialize the RNG and the session data
+ */
+ mbedtls_printf("\n . Seeding the random number generator...");
+ fflush(stdout);
+
+ if ((ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &entropy,
+ (const unsigned char *) pers,
+ strlen(pers))) != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_ctr_drbg_seed returned %d\n", ret);
+ goto ssl_exit;
+ }
+
+ mbedtls_printf(" ok\n");
+
+#if defined(MBEDTLS_DEBUG_C)
+ mbedtls_debug_set_threshold(opt.debug_level);
+#endif
+
+ /*
+ * 2. Start the connection
+ */
+ mbedtls_printf(" . SSL connection to tcp/%s/%s...", opt.server_name,
+ opt.server_port);
+ fflush(stdout);
+
+ if ((ret = mbedtls_net_connect(&server_fd, opt.server_name,
+ opt.server_port, MBEDTLS_NET_PROTO_TCP)) != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_net_connect returned %d\n\n", ret);
+ goto ssl_exit;
+ }
+
+ /*
+ * 3. Setup stuff
+ */
+ if ((ret = mbedtls_ssl_config_defaults(&conf,
+ MBEDTLS_SSL_IS_CLIENT,
+ MBEDTLS_SSL_TRANSPORT_STREAM,
+ MBEDTLS_SSL_PRESET_DEFAULT)) != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_ssl_config_defaults returned %d\n\n", ret);
+ goto exit;
+ }
+
+ if (verify) {
+ mbedtls_ssl_conf_authmode(&conf, MBEDTLS_SSL_VERIFY_REQUIRED);
+ mbedtls_ssl_conf_ca_chain(&conf, &cacert, NULL);
+ mbedtls_ssl_conf_verify(&conf, my_verify, NULL);
+ } else {
+ mbedtls_ssl_conf_authmode(&conf, MBEDTLS_SSL_VERIFY_NONE);
+ }
+
+ mbedtls_ssl_conf_rng(&conf, mbedtls_ctr_drbg_random, &ctr_drbg);
+ mbedtls_ssl_conf_dbg(&conf, my_debug, stdout);
+
+ if ((ret = mbedtls_ssl_setup(&ssl, &conf)) != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_ssl_setup returned %d\n\n", ret);
+ goto ssl_exit;
+ }
+
+ if ((ret = mbedtls_ssl_set_hostname(&ssl, opt.server_name)) != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_ssl_set_hostname returned %d\n\n", ret);
+ goto ssl_exit;
+ }
+
+ mbedtls_ssl_set_bio(&ssl, &server_fd, mbedtls_net_send, mbedtls_net_recv, NULL);
+
+ /*
+ * 4. Handshake
+ */
+ while ((ret = mbedtls_ssl_handshake(&ssl)) != 0) {
+ if (ret != MBEDTLS_ERR_SSL_WANT_READ && ret != MBEDTLS_ERR_SSL_WANT_WRITE) {
+ mbedtls_printf(" failed\n ! mbedtls_ssl_handshake returned %d\n\n", ret);
+ goto ssl_exit;
+ }
+ }
+
+ mbedtls_printf(" ok\n");
+
+ /*
+ * 5. Print the certificate
+ */
+#if !defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
+ mbedtls_printf(" . Peer certificate information ... skipped\n");
+#else
+ mbedtls_printf(" . Peer certificate information ...\n");
+ ret = mbedtls_x509_crt_info((char *) buf, sizeof(buf) - 1, " ",
+ mbedtls_ssl_get_peer_cert(&ssl));
+ if (ret == -1) {
+ mbedtls_printf(" failed\n ! mbedtls_x509_crt_info returned %d\n\n", ret);
+ goto ssl_exit;
+ }
+
+ mbedtls_printf("%s\n", buf);
+#endif /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
+
+ mbedtls_ssl_close_notify(&ssl);
+
+ssl_exit:
+ mbedtls_ssl_free(&ssl);
+ mbedtls_ssl_config_free(&conf);
+ } else {
+ goto usage;
+ }
+
+ exit_code = MBEDTLS_EXIT_SUCCESS;
+
+exit:
+
+ mbedtls_net_free(&server_fd);
+ mbedtls_x509_crt_free(&cacert);
+#if defined(MBEDTLS_X509_CRL_PARSE_C)
+ mbedtls_x509_crl_free(&cacrl);
+#endif
+ mbedtls_ctr_drbg_free(&ctr_drbg);
+ mbedtls_entropy_free(&entropy);
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ mbedtls_psa_crypto_free();
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+
+ mbedtls_exit(exit_code);
+}
+#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_ENTROPY_C && MBEDTLS_SSL_TLS_C &&
+ MBEDTLS_SSL_CLI_C && MBEDTLS_NET_C && MBEDTLS_RSA_C &&
+ MBEDTLS_X509_CRT_PARSE_C && MBEDTLS_FS_IO && MBEDTLS_CTR_DRBG_C */
diff --git a/programs/x509/cert_req.c b/programs/x509/cert_req.c
new file mode 100644
index 0000000..dcfd176
--- /dev/null
+++ b/programs/x509/cert_req.c
@@ -0,0 +1,514 @@
+/*
+ * Certificate request generation
+ *
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ */
+
+#include "mbedtls/build_info.h"
+
+#include "mbedtls/platform.h"
+/* md.h is included this early since MD_CAN_XXX macros are defined there. */
+#include "mbedtls/md.h"
+
+#if !defined(MBEDTLS_X509_CSR_WRITE_C) || !defined(MBEDTLS_X509_CRT_PARSE_C) || \
+ !defined(MBEDTLS_PK_PARSE_C) || !defined(MBEDTLS_MD_CAN_SHA256) || \
+ !defined(MBEDTLS_ENTROPY_C) || !defined(MBEDTLS_CTR_DRBG_C) || \
+ !defined(MBEDTLS_PEM_WRITE_C) || !defined(MBEDTLS_FS_IO) || \
+ !defined(MBEDTLS_MD_C)
+int main(void)
+{
+ mbedtls_printf("MBEDTLS_X509_CSR_WRITE_C and/or MBEDTLS_FS_IO and/or "
+ "MBEDTLS_PK_PARSE_C and/or MBEDTLS_MD_CAN_SHA256 and/or "
+ "MBEDTLS_ENTROPY_C and/or MBEDTLS_CTR_DRBG_C "
+ "not defined.\n");
+ mbedtls_exit(0);
+}
+#else
+
+#include "mbedtls/x509_csr.h"
+#include "mbedtls/entropy.h"
+#include "mbedtls/ctr_drbg.h"
+#include "mbedtls/error.h"
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#define DFL_FILENAME "keyfile.key"
+#define DFL_PASSWORD NULL
+#define DFL_DEBUG_LEVEL 0
+#define DFL_OUTPUT_FILENAME "cert.req"
+#define DFL_SUBJECT_NAME "CN=Cert,O=mbed TLS,C=UK"
+#define DFL_KEY_USAGE 0
+#define DFL_FORCE_KEY_USAGE 0
+#define DFL_NS_CERT_TYPE 0
+#define DFL_FORCE_NS_CERT_TYPE 0
+#define DFL_MD_ALG MBEDTLS_MD_SHA256
+
+#define USAGE \
+ "\n usage: cert_req param=<>...\n" \
+ "\n acceptable parameters:\n" \
+ " filename=%%s default: keyfile.key\n" \
+ " password=%%s default: NULL\n" \
+ " debug_level=%%d default: 0 (disabled)\n" \
+ " output_file=%%s default: cert.req\n" \
+ " subject_name=%%s default: CN=Cert,O=mbed TLS,C=UK\n" \
+ " san=%%s default: (none)\n" \
+ " Semicolon-separated-list of values:\n" \
+ " DNS:value\n" \
+ " URI:value\n" \
+ " RFC822:value\n" \
+ " IP:value (Only IPv4 is supported)\n" \
+ " DN:list of comma separated key=value pairs\n" \
+ " key_usage=%%s default: (empty)\n" \
+ " Comma-separated-list of values:\n" \
+ " digital_signature\n" \
+ " non_repudiation\n" \
+ " key_encipherment\n" \
+ " data_encipherment\n" \
+ " key_agreement\n" \
+ " key_cert_sign\n" \
+ " crl_sign\n" \
+ " force_key_usage=0/1 default: off\n" \
+ " Add KeyUsage even if it is empty\n" \
+ " ns_cert_type=%%s default: (empty)\n" \
+ " Comma-separated-list of values:\n" \
+ " ssl_client\n" \
+ " ssl_server\n" \
+ " email\n" \
+ " object_signing\n" \
+ " ssl_ca\n" \
+ " email_ca\n" \
+ " object_signing_ca\n" \
+ " force_ns_cert_type=0/1 default: off\n" \
+ " Add NsCertType even if it is empty\n" \
+ " md=%%s default: SHA256\n" \
+ " possible values:\n" \
+ " MD5, RIPEMD160, SHA1,\n" \
+ " SHA224, SHA256, SHA384, SHA512\n" \
+ "\n"
+
+
+/*
+ * global options
+ */
+struct options {
+ const char *filename; /* filename of the key file */
+ const char *password; /* password for the key file */
+ int debug_level; /* level of debugging */
+ const char *output_file; /* where to store the constructed key file */
+ const char *subject_name; /* subject name for certificate request */
+ mbedtls_x509_san_list *san_list; /* subjectAltName for certificate request */
+ unsigned char key_usage; /* key usage flags */
+ int force_key_usage; /* Force adding the KeyUsage extension */
+ unsigned char ns_cert_type; /* NS cert type */
+ int force_ns_cert_type; /* Force adding NsCertType extension */
+ mbedtls_md_type_t md_alg; /* Hash algorithm used for signature. */
+} opt;
+
+int write_certificate_request(mbedtls_x509write_csr *req, const char *output_file,
+ int (*f_rng)(void *, unsigned char *, size_t),
+ void *p_rng)
+{
+ int ret;
+ FILE *f;
+ unsigned char output_buf[4096];
+ size_t len = 0;
+
+ memset(output_buf, 0, 4096);
+ if ((ret = mbedtls_x509write_csr_pem(req, output_buf, 4096, f_rng, p_rng)) < 0) {
+ return ret;
+ }
+
+ len = strlen((char *) output_buf);
+
+ if ((f = fopen(output_file, "w")) == NULL) {
+ return -1;
+ }
+
+ if (fwrite(output_buf, 1, len, f) != len) {
+ fclose(f);
+ return -1;
+ }
+
+ fclose(f);
+
+ return 0;
+}
+
+int main(int argc, char *argv[])
+{
+ int ret = 1;
+ int exit_code = MBEDTLS_EXIT_FAILURE;
+ mbedtls_pk_context key;
+ char buf[1024];
+ int i;
+ char *p, *q, *r;
+ mbedtls_x509write_csr req;
+ mbedtls_entropy_context entropy;
+ mbedtls_ctr_drbg_context ctr_drbg;
+ const char *pers = "csr example app";
+ mbedtls_x509_san_list *cur, *prev;
+ mbedtls_asn1_named_data *ext_san_dirname = NULL;
+#if defined(MBEDTLS_X509_CRT_PARSE_C)
+ uint8_t ip[4] = { 0 };
+#endif
+ /*
+ * Set to sane values
+ */
+ mbedtls_x509write_csr_init(&req);
+ mbedtls_pk_init(&key);
+ mbedtls_ctr_drbg_init(&ctr_drbg);
+ memset(buf, 0, sizeof(buf));
+ mbedtls_entropy_init(&entropy);
+
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ psa_status_t status = psa_crypto_init();
+ if (status != PSA_SUCCESS) {
+ mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n",
+ (int) status);
+ goto exit;
+ }
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+
+ if (argc < 2) {
+usage:
+ mbedtls_printf(USAGE);
+ goto exit;
+ }
+
+ opt.filename = DFL_FILENAME;
+ opt.password = DFL_PASSWORD;
+ opt.debug_level = DFL_DEBUG_LEVEL;
+ opt.output_file = DFL_OUTPUT_FILENAME;
+ opt.subject_name = DFL_SUBJECT_NAME;
+ opt.key_usage = DFL_KEY_USAGE;
+ opt.force_key_usage = DFL_FORCE_KEY_USAGE;
+ opt.ns_cert_type = DFL_NS_CERT_TYPE;
+ opt.force_ns_cert_type = DFL_FORCE_NS_CERT_TYPE;
+ opt.md_alg = DFL_MD_ALG;
+ opt.san_list = NULL;
+
+ for (i = 1; i < argc; i++) {
+ p = argv[i];
+ if ((q = strchr(p, '=')) == NULL) {
+ goto usage;
+ }
+ *q++ = '\0';
+ if (strcmp(p, "filename") == 0) {
+ opt.filename = q;
+ } else if (strcmp(p, "password") == 0) {
+ opt.password = q;
+ } else if (strcmp(p, "output_file") == 0) {
+ opt.output_file = q;
+ } else if (strcmp(p, "debug_level") == 0) {
+ opt.debug_level = atoi(q);
+ if (opt.debug_level < 0 || opt.debug_level > 65535) {
+ goto usage;
+ }
+ } else if (strcmp(p, "subject_name") == 0) {
+ opt.subject_name = q;
+ } else if (strcmp(p, "san") == 0) {
+ char *subtype_value;
+ prev = NULL;
+
+ while (q != NULL) {
+ char *semicolon;
+ r = q;
+
+ /* Find the first non-escaped ; occurrence and remove escaped ones */
+ do {
+ if ((semicolon = strchr(r, ';')) != NULL) {
+ if (*(semicolon-1) != '\\') {
+ r = semicolon;
+ break;
+ }
+ /* Remove the escape character */
+ size_t size_left = strlen(semicolon);
+ memmove(semicolon-1, semicolon, size_left);
+ *(semicolon + size_left - 1) = '\0';
+ /* r will now point at the character after the semicolon */
+ r = semicolon;
+ }
+
+ } while (semicolon != NULL);
+
+ if (semicolon != NULL) {
+ *r++ = '\0';
+ } else {
+ r = NULL;
+ }
+
+ cur = mbedtls_calloc(1, sizeof(mbedtls_x509_san_list));
+ if (cur == NULL) {
+ mbedtls_printf("Not enough memory for subjectAltName list\n");
+ goto usage;
+ }
+
+ cur->next = NULL;
+
+ if ((subtype_value = strchr(q, ':')) != NULL) {
+ *subtype_value++ = '\0';
+ } else {
+ mbedtls_printf(
+ "Invalid argument for option SAN: Entry must be of the form TYPE:value\n");
+ goto usage;
+ }
+ if (strcmp(q, "RFC822") == 0) {
+ cur->node.type = MBEDTLS_X509_SAN_RFC822_NAME;
+ } else if (strcmp(q, "URI") == 0) {
+ cur->node.type = MBEDTLS_X509_SAN_UNIFORM_RESOURCE_IDENTIFIER;
+ } else if (strcmp(q, "DNS") == 0) {
+ cur->node.type = MBEDTLS_X509_SAN_DNS_NAME;
+ } else if (strcmp(q, "IP") == 0) {
+ size_t ip_addr_len = 0;
+ cur->node.type = MBEDTLS_X509_SAN_IP_ADDRESS;
+ ip_addr_len = mbedtls_x509_crt_parse_cn_inet_pton(subtype_value, ip);
+ if (ip_addr_len == 0) {
+ mbedtls_printf("mbedtls_x509_crt_parse_cn_inet_pton failed to parse %s\n",
+ subtype_value);
+ goto exit;
+ }
+ cur->node.san.unstructured_name.p = (unsigned char *) ip;
+ cur->node.san.unstructured_name.len = sizeof(ip);
+ } else if (strcmp(q, "DN") == 0) {
+ cur->node.type = MBEDTLS_X509_SAN_DIRECTORY_NAME;
+ if ((ret = mbedtls_x509_string_to_names(&ext_san_dirname,
+ subtype_value)) != 0) {
+ mbedtls_strerror(ret, buf, sizeof(buf));
+ mbedtls_printf(
+ " failed\n ! mbedtls_x509_string_to_names "
+ "returned -0x%04x - %s\n\n",
+ (unsigned int) -ret, buf);
+ goto exit;
+ }
+ cur->node.san.directory_name = *ext_san_dirname;
+ } else {
+ mbedtls_free(cur);
+ goto usage;
+ }
+
+ if (cur->node.type == MBEDTLS_X509_SAN_RFC822_NAME ||
+ cur->node.type == MBEDTLS_X509_SAN_UNIFORM_RESOURCE_IDENTIFIER ||
+ cur->node.type == MBEDTLS_X509_SAN_DNS_NAME) {
+ q = subtype_value;
+ cur->node.san.unstructured_name.p = (unsigned char *) q;
+ cur->node.san.unstructured_name.len = strlen(q);
+ }
+
+ if (prev == NULL) {
+ opt.san_list = cur;
+ } else {
+ prev->next = cur;
+ }
+
+ prev = cur;
+ q = r;
+ }
+ } else if (strcmp(p, "md") == 0) {
+ const mbedtls_md_info_t *md_info =
+ mbedtls_md_info_from_string(q);
+ if (md_info == NULL) {
+ mbedtls_printf("Invalid argument for option %s\n", p);
+ goto usage;
+ }
+ opt.md_alg = mbedtls_md_get_type(md_info);
+ } else if (strcmp(p, "key_usage") == 0) {
+ while (q != NULL) {
+ if ((r = strchr(q, ',')) != NULL) {
+ *r++ = '\0';
+ }
+
+ if (strcmp(q, "digital_signature") == 0) {
+ opt.key_usage |= MBEDTLS_X509_KU_DIGITAL_SIGNATURE;
+ } else if (strcmp(q, "non_repudiation") == 0) {
+ opt.key_usage |= MBEDTLS_X509_KU_NON_REPUDIATION;
+ } else if (strcmp(q, "key_encipherment") == 0) {
+ opt.key_usage |= MBEDTLS_X509_KU_KEY_ENCIPHERMENT;
+ } else if (strcmp(q, "data_encipherment") == 0) {
+ opt.key_usage |= MBEDTLS_X509_KU_DATA_ENCIPHERMENT;
+ } else if (strcmp(q, "key_agreement") == 0) {
+ opt.key_usage |= MBEDTLS_X509_KU_KEY_AGREEMENT;
+ } else if (strcmp(q, "key_cert_sign") == 0) {
+ opt.key_usage |= MBEDTLS_X509_KU_KEY_CERT_SIGN;
+ } else if (strcmp(q, "crl_sign") == 0) {
+ opt.key_usage |= MBEDTLS_X509_KU_CRL_SIGN;
+ } else {
+ goto usage;
+ }
+
+ q = r;
+ }
+ } else if (strcmp(p, "force_key_usage") == 0) {
+ switch (atoi(q)) {
+ case 0: opt.force_key_usage = 0; break;
+ case 1: opt.force_key_usage = 1; break;
+ default: goto usage;
+ }
+ } else if (strcmp(p, "ns_cert_type") == 0) {
+ while (q != NULL) {
+ if ((r = strchr(q, ',')) != NULL) {
+ *r++ = '\0';
+ }
+
+ if (strcmp(q, "ssl_client") == 0) {
+ opt.ns_cert_type |= MBEDTLS_X509_NS_CERT_TYPE_SSL_CLIENT;
+ } else if (strcmp(q, "ssl_server") == 0) {
+ opt.ns_cert_type |= MBEDTLS_X509_NS_CERT_TYPE_SSL_SERVER;
+ } else if (strcmp(q, "email") == 0) {
+ opt.ns_cert_type |= MBEDTLS_X509_NS_CERT_TYPE_EMAIL;
+ } else if (strcmp(q, "object_signing") == 0) {
+ opt.ns_cert_type |= MBEDTLS_X509_NS_CERT_TYPE_OBJECT_SIGNING;
+ } else if (strcmp(q, "ssl_ca") == 0) {
+ opt.ns_cert_type |= MBEDTLS_X509_NS_CERT_TYPE_SSL_CA;
+ } else if (strcmp(q, "email_ca") == 0) {
+ opt.ns_cert_type |= MBEDTLS_X509_NS_CERT_TYPE_EMAIL_CA;
+ } else if (strcmp(q, "object_signing_ca") == 0) {
+ opt.ns_cert_type |= MBEDTLS_X509_NS_CERT_TYPE_OBJECT_SIGNING_CA;
+ } else {
+ goto usage;
+ }
+
+ q = r;
+ }
+ } else if (strcmp(p, "force_ns_cert_type") == 0) {
+ switch (atoi(q)) {
+ case 0: opt.force_ns_cert_type = 0; break;
+ case 1: opt.force_ns_cert_type = 1; break;
+ default: goto usage;
+ }
+ } else {
+ goto usage;
+ }
+ }
+
+ /* Set the MD algorithm to use for the signature in the CSR */
+ mbedtls_x509write_csr_set_md_alg(&req, opt.md_alg);
+
+ /* Set the Key Usage Extension flags in the CSR */
+ if (opt.key_usage || opt.force_key_usage == 1) {
+ ret = mbedtls_x509write_csr_set_key_usage(&req, opt.key_usage);
+
+ if (ret != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_x509write_csr_set_key_usage returned %d", ret);
+ goto exit;
+ }
+ }
+
+ /* Set the Cert Type flags in the CSR */
+ if (opt.ns_cert_type || opt.force_ns_cert_type == 1) {
+ ret = mbedtls_x509write_csr_set_ns_cert_type(&req, opt.ns_cert_type);
+
+ if (ret != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_x509write_csr_set_ns_cert_type returned %d", ret);
+ goto exit;
+ }
+ }
+
+ /* Set the SubjectAltName in the CSR */
+ if (opt.san_list != NULL) {
+ ret = mbedtls_x509write_csr_set_subject_alternative_name(&req, opt.san_list);
+
+ if (ret != 0) {
+ mbedtls_printf(
+ " failed\n ! mbedtls_x509write_csr_set_subject_alternative_name returned %d",
+ ret);
+ goto exit;
+ }
+ }
+
+ /*
+ * 0. Seed the PRNG
+ */
+ mbedtls_printf(" . Seeding the random number generator...");
+ fflush(stdout);
+
+ if ((ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &entropy,
+ (const unsigned char *) pers,
+ strlen(pers))) != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_ctr_drbg_seed returned %d", ret);
+ goto exit;
+ }
+
+ mbedtls_printf(" ok\n");
+
+ /*
+ * 1.0. Check the subject name for validity
+ */
+ mbedtls_printf(" . Checking subject name...");
+ fflush(stdout);
+
+ if ((ret = mbedtls_x509write_csr_set_subject_name(&req, opt.subject_name)) != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_x509write_csr_set_subject_name returned %d", ret);
+ goto exit;
+ }
+
+ mbedtls_printf(" ok\n");
+
+ /*
+ * 1.1. Load the key
+ */
+ mbedtls_printf(" . Loading the private key ...");
+ fflush(stdout);
+
+ ret = mbedtls_pk_parse_keyfile(&key, opt.filename, opt.password,
+ mbedtls_ctr_drbg_random, &ctr_drbg);
+
+ if (ret != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_pk_parse_keyfile returned %d", ret);
+ goto exit;
+ }
+
+ mbedtls_x509write_csr_set_key(&req, &key);
+
+ mbedtls_printf(" ok\n");
+
+ /*
+ * 1.2. Writing the request
+ */
+ mbedtls_printf(" . Writing the certificate request ...");
+ fflush(stdout);
+
+ if ((ret = write_certificate_request(&req, opt.output_file,
+ mbedtls_ctr_drbg_random, &ctr_drbg)) != 0) {
+ mbedtls_printf(" failed\n ! write_certificate_request %d", ret);
+ goto exit;
+ }
+
+ mbedtls_printf(" ok\n");
+
+ exit_code = MBEDTLS_EXIT_SUCCESS;
+
+exit:
+
+ if (exit_code != MBEDTLS_EXIT_SUCCESS) {
+#ifdef MBEDTLS_ERROR_C
+ mbedtls_strerror(ret, buf, sizeof(buf));
+ mbedtls_printf(" - %s\n", buf);
+#else
+ mbedtls_printf("\n");
+#endif
+ }
+
+ mbedtls_x509write_csr_free(&req);
+ mbedtls_asn1_free_named_data_list(&ext_san_dirname);
+ mbedtls_pk_free(&key);
+ mbedtls_ctr_drbg_free(&ctr_drbg);
+ mbedtls_entropy_free(&entropy);
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ mbedtls_psa_crypto_free();
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+
+ cur = opt.san_list;
+ while (cur != NULL) {
+ prev = cur;
+ cur = cur->next;
+ mbedtls_free(prev);
+ }
+
+
+ mbedtls_exit(exit_code);
+}
+#endif /* MBEDTLS_X509_CSR_WRITE_C && MBEDTLS_PK_PARSE_C && MBEDTLS_FS_IO &&
+ MBEDTLS_ENTROPY_C && MBEDTLS_CTR_DRBG_C && MBEDTLS_PEM_WRITE_C */
diff --git a/programs/x509/cert_write.c b/programs/x509/cert_write.c
new file mode 100644
index 0000000..0b2575e
--- /dev/null
+++ b/programs/x509/cert_write.c
@@ -0,0 +1,1016 @@
+/*
+ * Certificate generation and signing
+ *
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ */
+
+#include "mbedtls/build_info.h"
+
+#include "mbedtls/platform.h"
+/* md.h is included this early since MD_CAN_XXX macros are defined there. */
+#include "mbedtls/md.h"
+
+#if !defined(MBEDTLS_X509_CRT_WRITE_C) || \
+ !defined(MBEDTLS_X509_CRT_PARSE_C) || !defined(MBEDTLS_FS_IO) || \
+ !defined(MBEDTLS_ENTROPY_C) || !defined(MBEDTLS_CTR_DRBG_C) || \
+ !defined(MBEDTLS_ERROR_C) || !defined(MBEDTLS_MD_CAN_SHA256) || \
+ !defined(MBEDTLS_PEM_WRITE_C) || !defined(MBEDTLS_MD_C)
+int main(void)
+{
+ mbedtls_printf("MBEDTLS_X509_CRT_WRITE_C and/or MBEDTLS_X509_CRT_PARSE_C and/or "
+ "MBEDTLS_FS_IO and/or MBEDTLS_MD_CAN_SHA256 and/or "
+ "MBEDTLS_ENTROPY_C and/or MBEDTLS_CTR_DRBG_C and/or "
+ "MBEDTLS_ERROR_C not defined.\n");
+ mbedtls_exit(0);
+}
+#else
+
+#include "mbedtls/x509_crt.h"
+#include "mbedtls/x509_csr.h"
+#include "mbedtls/oid.h"
+#include "mbedtls/entropy.h"
+#include "mbedtls/ctr_drbg.h"
+#include "mbedtls/error.h"
+#include "test/helpers.h"
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <errno.h>
+
+#define SET_OID(x, oid) \
+ do { x.len = MBEDTLS_OID_SIZE(oid); x.p = (unsigned char *) oid; } while (0)
+
+#if defined(MBEDTLS_X509_CSR_PARSE_C)
+#define USAGE_CSR \
+ " request_file=%%s default: (empty)\n" \
+ " If request_file is specified, subject_key,\n" \
+ " subject_pwd and subject_name are ignored!\n"
+#else
+#define USAGE_CSR ""
+#endif /* MBEDTLS_X509_CSR_PARSE_C */
+
+#define FORMAT_PEM 0
+#define FORMAT_DER 1
+
+#define DFL_ISSUER_CRT ""
+#define DFL_REQUEST_FILE ""
+#define DFL_SUBJECT_KEY "subject.key"
+#define DFL_ISSUER_KEY "ca.key"
+#define DFL_SUBJECT_PWD ""
+#define DFL_ISSUER_PWD ""
+#define DFL_OUTPUT_FILENAME "cert.crt"
+#define DFL_SUBJECT_NAME "CN=Cert,O=mbed TLS,C=UK"
+#define DFL_ISSUER_NAME "CN=CA,O=mbed TLS,C=UK"
+#define DFL_NOT_BEFORE "20010101000000"
+#define DFL_NOT_AFTER "20301231235959"
+#define DFL_SERIAL "1"
+#define DFL_SERIAL_HEX "1"
+#define DFL_EXT_SUBJECTALTNAME ""
+#define DFL_SELFSIGN 0
+#define DFL_IS_CA 0
+#define DFL_MAX_PATHLEN -1
+#define DFL_SIG_ALG MBEDTLS_MD_SHA256
+#define DFL_KEY_USAGE 0
+#define DFL_EXT_KEY_USAGE NULL
+#define DFL_NS_CERT_TYPE 0
+#define DFL_VERSION 3
+#define DFL_AUTH_IDENT 1
+#define DFL_SUBJ_IDENT 1
+#define DFL_CONSTRAINTS 1
+#define DFL_DIGEST MBEDTLS_MD_SHA256
+#define DFL_FORMAT FORMAT_PEM
+
+#define USAGE \
+ "\n usage: cert_write param=<>...\n" \
+ "\n acceptable parameters:\n" \
+ USAGE_CSR \
+ " subject_key=%%s default: subject.key\n" \
+ " subject_pwd=%%s default: (empty)\n" \
+ " subject_name=%%s default: CN=Cert,O=mbed TLS,C=UK\n" \
+ "\n" \
+ " issuer_crt=%%s default: (empty)\n" \
+ " If issuer_crt is specified, issuer_name is\n" \
+ " ignored!\n" \
+ " issuer_name=%%s default: CN=CA,O=mbed TLS,C=UK\n" \
+ "\n" \
+ " selfsign=%%d default: 0 (false)\n" \
+ " If selfsign is enabled, issuer_name and\n" \
+ " issuer_key are required (issuer_crt and\n" \
+ " subject_* are ignored\n" \
+ " issuer_key=%%s default: ca.key\n" \
+ " issuer_pwd=%%s default: (empty)\n" \
+ " output_file=%%s default: cert.crt\n" \
+ " serial=%%s default: 1\n" \
+ " In decimal format; it can be used as\n" \
+ " alternative to serial_hex, but it's\n" \
+ " limited in max length to\n" \
+ " unsigned long long int\n" \
+ " serial_hex=%%s default: 1\n" \
+ " In hex format; it can be used as\n" \
+ " alternative to serial\n" \
+ " not_before=%%s default: 20010101000000\n" \
+ " not_after=%%s default: 20301231235959\n" \
+ " is_ca=%%d default: 0 (disabled)\n" \
+ " max_pathlen=%%d default: -1 (none)\n" \
+ " md=%%s default: SHA256\n" \
+ " Supported values (if enabled):\n" \
+ " MD5, RIPEMD160, SHA1,\n" \
+ " SHA224, SHA256, SHA384, SHA512\n" \
+ " version=%%d default: 3\n" \
+ " Possible values: 1, 2, 3\n" \
+ " subject_identifier=%%s default: 1\n" \
+ " Possible values: 0, 1\n" \
+ " (Considered for v3 only)\n" \
+ " san=%%s default: (none)\n" \
+ " Semicolon-separated-list of values:\n" \
+ " DNS:value\n" \
+ " URI:value\n" \
+ " RFC822:value\n" \
+ " IP:value (Only IPv4 is supported)\n" \
+ " DN:list of comma separated key=value pairs\n" \
+ " authority_identifier=%%s default: 1\n" \
+ " Possible values: 0, 1\n" \
+ " (Considered for v3 only)\n" \
+ " basic_constraints=%%d default: 1\n" \
+ " Possible values: 0, 1\n" \
+ " (Considered for v3 only)\n" \
+ " key_usage=%%s default: (empty)\n" \
+ " Comma-separated-list of values:\n" \
+ " digital_signature\n" \
+ " non_repudiation\n" \
+ " key_encipherment\n" \
+ " data_encipherment\n" \
+ " key_agreement\n" \
+ " key_cert_sign\n" \
+ " crl_sign\n" \
+ " (Considered for v3 only)\n" \
+ " ext_key_usage=%%s default: (empty)\n" \
+ " Comma-separated-list of values:\n" \
+ " serverAuth\n" \
+ " clientAuth\n" \
+ " codeSigning\n" \
+ " emailProtection\n" \
+ " timeStamping\n" \
+ " OCSPSigning\n" \
+ " ns_cert_type=%%s default: (empty)\n" \
+ " Comma-separated-list of values:\n" \
+ " ssl_client\n" \
+ " ssl_server\n" \
+ " email\n" \
+ " object_signing\n" \
+ " ssl_ca\n" \
+ " email_ca\n" \
+ " object_signing_ca\n" \
+ " format=pem|der default: pem\n" \
+ "\n"
+
+typedef enum {
+ SERIAL_FRMT_UNSPEC,
+ SERIAL_FRMT_DEC,
+ SERIAL_FRMT_HEX
+} serial_format_t;
+
+/*
+ * global options
+ */
+struct options {
+ const char *issuer_crt; /* filename of the issuer certificate */
+ const char *request_file; /* filename of the certificate request */
+ const char *subject_key; /* filename of the subject key file */
+ const char *issuer_key; /* filename of the issuer key file */
+ const char *subject_pwd; /* password for the subject key file */
+ const char *issuer_pwd; /* password for the issuer key file */
+ const char *output_file; /* where to store the constructed CRT */
+ const char *subject_name; /* subject name for certificate */
+ mbedtls_x509_san_list *san_list; /* subjectAltName for certificate */
+ const char *issuer_name; /* issuer name for certificate */
+ const char *not_before; /* validity period not before */
+ const char *not_after; /* validity period not after */
+ const char *serial; /* serial number string (decimal) */
+ const char *serial_hex; /* serial number string (hex) */
+ int selfsign; /* selfsign the certificate */
+ int is_ca; /* is a CA certificate */
+ int max_pathlen; /* maximum CA path length */
+ int authority_identifier; /* add authority identifier to CRT */
+ int subject_identifier; /* add subject identifier to CRT */
+ int basic_constraints; /* add basic constraints ext to CRT */
+ int version; /* CRT version */
+ mbedtls_md_type_t md; /* Hash used for signing */
+ unsigned char key_usage; /* key usage flags */
+ mbedtls_asn1_sequence *ext_key_usage; /* extended key usages */
+ unsigned char ns_cert_type; /* NS cert type */
+ int format; /* format */
+} opt;
+
+int write_certificate(mbedtls_x509write_cert *crt, const char *output_file,
+ int (*f_rng)(void *, unsigned char *, size_t),
+ void *p_rng)
+{
+ int ret;
+ FILE *f;
+ unsigned char output_buf[4096];
+ unsigned char *output_start;
+ size_t len = 0;
+
+ memset(output_buf, 0, 4096);
+ if (opt.format == FORMAT_DER) {
+ ret = mbedtls_x509write_crt_der(crt, output_buf, 4096,
+ f_rng, p_rng);
+ if (ret < 0) {
+ return ret;
+ }
+
+ len = ret;
+ output_start = output_buf + 4096 - len;
+ } else {
+ ret = mbedtls_x509write_crt_pem(crt, output_buf, 4096,
+ f_rng, p_rng);
+ if (ret < 0) {
+ return ret;
+ }
+
+ len = strlen((char *) output_buf);
+ output_start = output_buf;
+ }
+
+ if ((f = fopen(output_file, "w")) == NULL) {
+ return -1;
+ }
+
+ if (fwrite(output_start, 1, len, f) != len) {
+ fclose(f);
+ return -1;
+ }
+
+ fclose(f);
+
+ return 0;
+}
+
+int parse_serial_decimal_format(unsigned char *obuf, size_t obufmax,
+ const char *ibuf, size_t *len)
+{
+ unsigned long long int dec;
+ unsigned int remaining_bytes = sizeof(dec);
+ unsigned char *p = obuf;
+ unsigned char val;
+ char *end_ptr = NULL;
+
+ errno = 0;
+ dec = strtoull(ibuf, &end_ptr, 10);
+
+ if ((errno != 0) || (end_ptr == ibuf)) {
+ return -1;
+ }
+
+ *len = 0;
+
+ while (remaining_bytes > 0) {
+ if (obufmax < (*len + 1)) {
+ return -1;
+ }
+
+ val = (dec >> ((remaining_bytes - 1) * 8)) & 0xFF;
+
+ /* Skip leading zeros */
+ if ((val != 0) || (*len != 0)) {
+ *p = val;
+ (*len)++;
+ p++;
+ }
+
+ remaining_bytes--;
+ }
+
+ return 0;
+}
+
+int main(int argc, char *argv[])
+{
+ int ret = 1;
+ int exit_code = MBEDTLS_EXIT_FAILURE;
+ mbedtls_x509_crt issuer_crt;
+ mbedtls_pk_context loaded_issuer_key, loaded_subject_key;
+ mbedtls_pk_context *issuer_key = &loaded_issuer_key,
+ *subject_key = &loaded_subject_key;
+ char buf[1024];
+ char issuer_name[256];
+ int i;
+ char *p, *q, *r;
+#if defined(MBEDTLS_X509_CSR_PARSE_C)
+ char subject_name[256];
+ mbedtls_x509_csr csr;
+#endif
+ mbedtls_x509write_cert crt;
+ serial_format_t serial_frmt = SERIAL_FRMT_UNSPEC;
+ unsigned char serial[MBEDTLS_X509_RFC5280_MAX_SERIAL_LEN];
+ size_t serial_len;
+ mbedtls_asn1_sequence *ext_key_usage;
+ mbedtls_entropy_context entropy;
+ mbedtls_ctr_drbg_context ctr_drbg;
+ const char *pers = "crt example app";
+ mbedtls_x509_san_list *cur, *prev;
+ mbedtls_asn1_named_data *ext_san_dirname = NULL;
+ uint8_t ip[4] = { 0 };
+ /*
+ * Set to sane values
+ */
+ mbedtls_x509write_crt_init(&crt);
+ mbedtls_pk_init(&loaded_issuer_key);
+ mbedtls_pk_init(&loaded_subject_key);
+ mbedtls_ctr_drbg_init(&ctr_drbg);
+ mbedtls_entropy_init(&entropy);
+#if defined(MBEDTLS_X509_CSR_PARSE_C)
+ mbedtls_x509_csr_init(&csr);
+#endif
+ mbedtls_x509_crt_init(&issuer_crt);
+ memset(buf, 0, sizeof(buf));
+ memset(serial, 0, sizeof(serial));
+
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ psa_status_t status = psa_crypto_init();
+ if (status != PSA_SUCCESS) {
+ mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n",
+ (int) status);
+ goto exit;
+ }
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+
+ if (argc < 2) {
+usage:
+ mbedtls_printf(USAGE);
+ goto exit;
+ }
+
+ opt.issuer_crt = DFL_ISSUER_CRT;
+ opt.request_file = DFL_REQUEST_FILE;
+ opt.subject_key = DFL_SUBJECT_KEY;
+ opt.issuer_key = DFL_ISSUER_KEY;
+ opt.subject_pwd = DFL_SUBJECT_PWD;
+ opt.issuer_pwd = DFL_ISSUER_PWD;
+ opt.output_file = DFL_OUTPUT_FILENAME;
+ opt.subject_name = DFL_SUBJECT_NAME;
+ opt.issuer_name = DFL_ISSUER_NAME;
+ opt.not_before = DFL_NOT_BEFORE;
+ opt.not_after = DFL_NOT_AFTER;
+ opt.serial = DFL_SERIAL;
+ opt.serial_hex = DFL_SERIAL_HEX;
+ opt.selfsign = DFL_SELFSIGN;
+ opt.is_ca = DFL_IS_CA;
+ opt.max_pathlen = DFL_MAX_PATHLEN;
+ opt.key_usage = DFL_KEY_USAGE;
+ opt.ext_key_usage = DFL_EXT_KEY_USAGE;
+ opt.ns_cert_type = DFL_NS_CERT_TYPE;
+ opt.version = DFL_VERSION - 1;
+ opt.md = DFL_DIGEST;
+ opt.subject_identifier = DFL_SUBJ_IDENT;
+ opt.authority_identifier = DFL_AUTH_IDENT;
+ opt.basic_constraints = DFL_CONSTRAINTS;
+ opt.format = DFL_FORMAT;
+ opt.san_list = NULL;
+
+ for (i = 1; i < argc; i++) {
+
+ p = argv[i];
+ if ((q = strchr(p, '=')) == NULL) {
+ goto usage;
+ }
+ *q++ = '\0';
+
+ if (strcmp(p, "request_file") == 0) {
+ opt.request_file = q;
+ } else if (strcmp(p, "subject_key") == 0) {
+ opt.subject_key = q;
+ } else if (strcmp(p, "issuer_key") == 0) {
+ opt.issuer_key = q;
+ } else if (strcmp(p, "subject_pwd") == 0) {
+ opt.subject_pwd = q;
+ } else if (strcmp(p, "issuer_pwd") == 0) {
+ opt.issuer_pwd = q;
+ } else if (strcmp(p, "issuer_crt") == 0) {
+ opt.issuer_crt = q;
+ } else if (strcmp(p, "output_file") == 0) {
+ opt.output_file = q;
+ } else if (strcmp(p, "subject_name") == 0) {
+ opt.subject_name = q;
+ } else if (strcmp(p, "issuer_name") == 0) {
+ opt.issuer_name = q;
+ } else if (strcmp(p, "not_before") == 0) {
+ opt.not_before = q;
+ } else if (strcmp(p, "not_after") == 0) {
+ opt.not_after = q;
+ } else if (strcmp(p, "serial") == 0) {
+ if (serial_frmt != SERIAL_FRMT_UNSPEC) {
+ mbedtls_printf("Invalid attempt to set the serial more than once\n");
+ goto usage;
+ }
+ serial_frmt = SERIAL_FRMT_DEC;
+ opt.serial = q;
+ } else if (strcmp(p, "serial_hex") == 0) {
+ if (serial_frmt != SERIAL_FRMT_UNSPEC) {
+ mbedtls_printf("Invalid attempt to set the serial more than once\n");
+ goto usage;
+ }
+ serial_frmt = SERIAL_FRMT_HEX;
+ opt.serial_hex = q;
+ } else if (strcmp(p, "authority_identifier") == 0) {
+ opt.authority_identifier = atoi(q);
+ if (opt.authority_identifier != 0 &&
+ opt.authority_identifier != 1) {
+ mbedtls_printf("Invalid argument for option %s\n", p);
+ goto usage;
+ }
+ } else if (strcmp(p, "subject_identifier") == 0) {
+ opt.subject_identifier = atoi(q);
+ if (opt.subject_identifier != 0 &&
+ opt.subject_identifier != 1) {
+ mbedtls_printf("Invalid argument for option %s\n", p);
+ goto usage;
+ }
+ } else if (strcmp(p, "basic_constraints") == 0) {
+ opt.basic_constraints = atoi(q);
+ if (opt.basic_constraints != 0 &&
+ opt.basic_constraints != 1) {
+ mbedtls_printf("Invalid argument for option %s\n", p);
+ goto usage;
+ }
+ } else if (strcmp(p, "md") == 0) {
+ const mbedtls_md_info_t *md_info =
+ mbedtls_md_info_from_string(q);
+ if (md_info == NULL) {
+ mbedtls_printf("Invalid argument for option %s\n", p);
+ goto usage;
+ }
+ opt.md = mbedtls_md_get_type(md_info);
+ } else if (strcmp(p, "version") == 0) {
+ opt.version = atoi(q);
+ if (opt.version < 1 || opt.version > 3) {
+ mbedtls_printf("Invalid argument for option %s\n", p);
+ goto usage;
+ }
+ opt.version--;
+ } else if (strcmp(p, "selfsign") == 0) {
+ opt.selfsign = atoi(q);
+ if (opt.selfsign < 0 || opt.selfsign > 1) {
+ mbedtls_printf("Invalid argument for option %s\n", p);
+ goto usage;
+ }
+ } else if (strcmp(p, "is_ca") == 0) {
+ opt.is_ca = atoi(q);
+ if (opt.is_ca < 0 || opt.is_ca > 1) {
+ mbedtls_printf("Invalid argument for option %s\n", p);
+ goto usage;
+ }
+ } else if (strcmp(p, "max_pathlen") == 0) {
+ opt.max_pathlen = atoi(q);
+ if (opt.max_pathlen < -1 || opt.max_pathlen > 127) {
+ mbedtls_printf("Invalid argument for option %s\n", p);
+ goto usage;
+ }
+ } else if (strcmp(p, "key_usage") == 0) {
+ while (q != NULL) {
+ if ((r = strchr(q, ',')) != NULL) {
+ *r++ = '\0';
+ }
+
+ if (strcmp(q, "digital_signature") == 0) {
+ opt.key_usage |= MBEDTLS_X509_KU_DIGITAL_SIGNATURE;
+ } else if (strcmp(q, "non_repudiation") == 0) {
+ opt.key_usage |= MBEDTLS_X509_KU_NON_REPUDIATION;
+ } else if (strcmp(q, "key_encipherment") == 0) {
+ opt.key_usage |= MBEDTLS_X509_KU_KEY_ENCIPHERMENT;
+ } else if (strcmp(q, "data_encipherment") == 0) {
+ opt.key_usage |= MBEDTLS_X509_KU_DATA_ENCIPHERMENT;
+ } else if (strcmp(q, "key_agreement") == 0) {
+ opt.key_usage |= MBEDTLS_X509_KU_KEY_AGREEMENT;
+ } else if (strcmp(q, "key_cert_sign") == 0) {
+ opt.key_usage |= MBEDTLS_X509_KU_KEY_CERT_SIGN;
+ } else if (strcmp(q, "crl_sign") == 0) {
+ opt.key_usage |= MBEDTLS_X509_KU_CRL_SIGN;
+ } else {
+ mbedtls_printf("Invalid argument for option %s\n", p);
+ goto usage;
+ }
+
+ q = r;
+ }
+ } else if (strcmp(p, "ext_key_usage") == 0) {
+ mbedtls_asn1_sequence **tail = &opt.ext_key_usage;
+
+ while (q != NULL) {
+ if ((r = strchr(q, ',')) != NULL) {
+ *r++ = '\0';
+ }
+
+ ext_key_usage = mbedtls_calloc(1, sizeof(mbedtls_asn1_sequence));
+ ext_key_usage->buf.tag = MBEDTLS_ASN1_OID;
+ if (strcmp(q, "serverAuth") == 0) {
+ SET_OID(ext_key_usage->buf, MBEDTLS_OID_SERVER_AUTH);
+ } else if (strcmp(q, "clientAuth") == 0) {
+ SET_OID(ext_key_usage->buf, MBEDTLS_OID_CLIENT_AUTH);
+ } else if (strcmp(q, "codeSigning") == 0) {
+ SET_OID(ext_key_usage->buf, MBEDTLS_OID_CODE_SIGNING);
+ } else if (strcmp(q, "emailProtection") == 0) {
+ SET_OID(ext_key_usage->buf, MBEDTLS_OID_EMAIL_PROTECTION);
+ } else if (strcmp(q, "timeStamping") == 0) {
+ SET_OID(ext_key_usage->buf, MBEDTLS_OID_TIME_STAMPING);
+ } else if (strcmp(q, "OCSPSigning") == 0) {
+ SET_OID(ext_key_usage->buf, MBEDTLS_OID_OCSP_SIGNING);
+ } else if (strcmp(q, "any") == 0) {
+ SET_OID(ext_key_usage->buf, MBEDTLS_OID_ANY_EXTENDED_KEY_USAGE);
+ } else {
+ mbedtls_printf("Invalid argument for option %s\n", p);
+ goto usage;
+ }
+
+ *tail = ext_key_usage;
+ tail = &ext_key_usage->next;
+
+ q = r;
+ }
+ } else if (strcmp(p, "san") == 0) {
+ char *subtype_value;
+ prev = NULL;
+
+ while (q != NULL) {
+ char *semicolon;
+ r = q;
+
+ /* Find the first non-escaped ; occurrence and remove escaped ones */
+ do {
+ if ((semicolon = strchr(r, ';')) != NULL) {
+ if (*(semicolon-1) != '\\') {
+ r = semicolon;
+ break;
+ }
+ /* Remove the escape character */
+ size_t size_left = strlen(semicolon);
+ memmove(semicolon-1, semicolon, size_left);
+ *(semicolon + size_left - 1) = '\0';
+ /* r will now point at the character after the semicolon */
+ r = semicolon;
+ }
+
+ } while (semicolon != NULL);
+
+ if (semicolon != NULL) {
+ *r++ = '\0';
+ } else {
+ r = NULL;
+ }
+
+ cur = mbedtls_calloc(1, sizeof(mbedtls_x509_san_list));
+ if (cur == NULL) {
+ mbedtls_printf("Not enough memory for subjectAltName list\n");
+ goto usage;
+ }
+
+ cur->next = NULL;
+
+ if ((subtype_value = strchr(q, ':')) != NULL) {
+ *subtype_value++ = '\0';
+ } else {
+ mbedtls_printf(
+ "Invalid argument for option SAN: Entry must be of the form TYPE:value\n");
+ goto usage;
+ }
+ if (strcmp(q, "RFC822") == 0) {
+ cur->node.type = MBEDTLS_X509_SAN_RFC822_NAME;
+ } else if (strcmp(q, "URI") == 0) {
+ cur->node.type = MBEDTLS_X509_SAN_UNIFORM_RESOURCE_IDENTIFIER;
+ } else if (strcmp(q, "DNS") == 0) {
+ cur->node.type = MBEDTLS_X509_SAN_DNS_NAME;
+ } else if (strcmp(q, "IP") == 0) {
+ size_t ip_addr_len = 0;
+ cur->node.type = MBEDTLS_X509_SAN_IP_ADDRESS;
+ ip_addr_len = mbedtls_x509_crt_parse_cn_inet_pton(subtype_value, ip);
+ if (ip_addr_len == 0) {
+ mbedtls_printf("mbedtls_x509_crt_parse_cn_inet_pton failed to parse %s\n",
+ subtype_value);
+ goto exit;
+ }
+ cur->node.san.unstructured_name.p = (unsigned char *) ip;
+ cur->node.san.unstructured_name.len = sizeof(ip);
+ } else if (strcmp(q, "DN") == 0) {
+ cur->node.type = MBEDTLS_X509_SAN_DIRECTORY_NAME;
+ if ((ret = mbedtls_x509_string_to_names(&ext_san_dirname,
+ subtype_value)) != 0) {
+ mbedtls_strerror(ret, buf, sizeof(buf));
+ mbedtls_printf(
+ " failed\n ! mbedtls_x509_string_to_names "
+ "returned -0x%04x - %s\n\n",
+ (unsigned int) -ret, buf);
+ goto exit;
+ }
+ cur->node.san.directory_name = *ext_san_dirname;
+ } else {
+ mbedtls_free(cur);
+ goto usage;
+ }
+
+ if (cur->node.type == MBEDTLS_X509_SAN_RFC822_NAME ||
+ cur->node.type == MBEDTLS_X509_SAN_UNIFORM_RESOURCE_IDENTIFIER ||
+ cur->node.type == MBEDTLS_X509_SAN_DNS_NAME) {
+ q = subtype_value;
+ cur->node.san.unstructured_name.p = (unsigned char *) q;
+ cur->node.san.unstructured_name.len = strlen(q);
+ }
+
+ if (prev == NULL) {
+ opt.san_list = cur;
+ } else {
+ prev->next = cur;
+ }
+
+ prev = cur;
+ q = r;
+ }
+ } else if (strcmp(p, "ns_cert_type") == 0) {
+ while (q != NULL) {
+ if ((r = strchr(q, ',')) != NULL) {
+ *r++ = '\0';
+ }
+
+ if (strcmp(q, "ssl_client") == 0) {
+ opt.ns_cert_type |= MBEDTLS_X509_NS_CERT_TYPE_SSL_CLIENT;
+ } else if (strcmp(q, "ssl_server") == 0) {
+ opt.ns_cert_type |= MBEDTLS_X509_NS_CERT_TYPE_SSL_SERVER;
+ } else if (strcmp(q, "email") == 0) {
+ opt.ns_cert_type |= MBEDTLS_X509_NS_CERT_TYPE_EMAIL;
+ } else if (strcmp(q, "object_signing") == 0) {
+ opt.ns_cert_type |= MBEDTLS_X509_NS_CERT_TYPE_OBJECT_SIGNING;
+ } else if (strcmp(q, "ssl_ca") == 0) {
+ opt.ns_cert_type |= MBEDTLS_X509_NS_CERT_TYPE_SSL_CA;
+ } else if (strcmp(q, "email_ca") == 0) {
+ opt.ns_cert_type |= MBEDTLS_X509_NS_CERT_TYPE_EMAIL_CA;
+ } else if (strcmp(q, "object_signing_ca") == 0) {
+ opt.ns_cert_type |= MBEDTLS_X509_NS_CERT_TYPE_OBJECT_SIGNING_CA;
+ } else {
+ mbedtls_printf("Invalid argument for option %s\n", p);
+ goto usage;
+ }
+
+ q = r;
+ }
+ } else if (strcmp(p, "format") == 0) {
+ if (strcmp(q, "der") == 0) {
+ opt.format = FORMAT_DER;
+ } else if (strcmp(q, "pem") == 0) {
+ opt.format = FORMAT_PEM;
+ } else {
+ mbedtls_printf("Invalid argument for option %s\n", p);
+ goto usage;
+ }
+ } else {
+ goto usage;
+ }
+ }
+
+ mbedtls_printf("\n");
+
+ /*
+ * 0. Seed the PRNG
+ */
+ mbedtls_printf(" . Seeding the random number generator...");
+ fflush(stdout);
+
+ if ((ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &entropy,
+ (const unsigned char *) pers,
+ strlen(pers))) != 0) {
+ mbedtls_strerror(ret, buf, sizeof(buf));
+ mbedtls_printf(" failed\n ! mbedtls_ctr_drbg_seed returned %d - %s\n",
+ ret, buf);
+ goto exit;
+ }
+
+ mbedtls_printf(" ok\n");
+
+ // Parse serial to MPI
+ //
+ mbedtls_printf(" . Reading serial number...");
+ fflush(stdout);
+
+ if (serial_frmt == SERIAL_FRMT_HEX) {
+ ret = mbedtls_test_unhexify(serial, sizeof(serial),
+ opt.serial_hex, &serial_len);
+ } else { // SERIAL_FRMT_DEC || SERIAL_FRMT_UNSPEC
+ ret = parse_serial_decimal_format(serial, sizeof(serial),
+ opt.serial, &serial_len);
+ }
+
+ if (ret != 0) {
+ mbedtls_printf(" failed\n ! Unable to parse serial\n");
+ goto exit;
+ }
+
+ mbedtls_printf(" ok\n");
+
+ // Parse issuer certificate if present
+ //
+ if (!opt.selfsign && strlen(opt.issuer_crt)) {
+ /*
+ * 1.0.a. Load the certificates
+ */
+ mbedtls_printf(" . Loading the issuer certificate ...");
+ fflush(stdout);
+
+ if ((ret = mbedtls_x509_crt_parse_file(&issuer_crt, opt.issuer_crt)) != 0) {
+ mbedtls_strerror(ret, buf, sizeof(buf));
+ mbedtls_printf(" failed\n ! mbedtls_x509_crt_parse_file "
+ "returned -0x%04x - %s\n\n", (unsigned int) -ret, buf);
+ goto exit;
+ }
+
+ ret = mbedtls_x509_dn_gets(issuer_name, sizeof(issuer_name),
+ &issuer_crt.subject);
+ if (ret < 0) {
+ mbedtls_strerror(ret, buf, sizeof(buf));
+ mbedtls_printf(" failed\n ! mbedtls_x509_dn_gets "
+ "returned -0x%04x - %s\n\n", (unsigned int) -ret, buf);
+ goto exit;
+ }
+
+ opt.issuer_name = issuer_name;
+
+ mbedtls_printf(" ok\n");
+ }
+
+#if defined(MBEDTLS_X509_CSR_PARSE_C)
+ // Parse certificate request if present
+ //
+ if (!opt.selfsign && strlen(opt.request_file)) {
+ /*
+ * 1.0.b. Load the CSR
+ */
+ mbedtls_printf(" . Loading the certificate request ...");
+ fflush(stdout);
+
+ if ((ret = mbedtls_x509_csr_parse_file(&csr, opt.request_file)) != 0) {
+ mbedtls_strerror(ret, buf, sizeof(buf));
+ mbedtls_printf(" failed\n ! mbedtls_x509_csr_parse_file "
+ "returned -0x%04x - %s\n\n", (unsigned int) -ret, buf);
+ goto exit;
+ }
+
+ ret = mbedtls_x509_dn_gets(subject_name, sizeof(subject_name),
+ &csr.subject);
+ if (ret < 0) {
+ mbedtls_strerror(ret, buf, sizeof(buf));
+ mbedtls_printf(" failed\n ! mbedtls_x509_dn_gets "
+ "returned -0x%04x - %s\n\n", (unsigned int) -ret, buf);
+ goto exit;
+ }
+
+ opt.subject_name = subject_name;
+ subject_key = &csr.pk;
+
+ mbedtls_printf(" ok\n");
+ }
+#endif /* MBEDTLS_X509_CSR_PARSE_C */
+
+ /*
+ * 1.1. Load the keys
+ */
+ if (!opt.selfsign && !strlen(opt.request_file)) {
+ mbedtls_printf(" . Loading the subject key ...");
+ fflush(stdout);
+
+ ret = mbedtls_pk_parse_keyfile(&loaded_subject_key, opt.subject_key,
+ opt.subject_pwd, mbedtls_ctr_drbg_random, &ctr_drbg);
+ if (ret != 0) {
+ mbedtls_strerror(ret, buf, sizeof(buf));
+ mbedtls_printf(" failed\n ! mbedtls_pk_parse_keyfile "
+ "returned -0x%04x - %s\n\n", (unsigned int) -ret, buf);
+ goto exit;
+ }
+
+ mbedtls_printf(" ok\n");
+ }
+
+ mbedtls_printf(" . Loading the issuer key ...");
+ fflush(stdout);
+
+ ret = mbedtls_pk_parse_keyfile(&loaded_issuer_key, opt.issuer_key,
+ opt.issuer_pwd, mbedtls_ctr_drbg_random, &ctr_drbg);
+ if (ret != 0) {
+ mbedtls_strerror(ret, buf, sizeof(buf));
+ mbedtls_printf(" failed\n ! mbedtls_pk_parse_keyfile "
+ "returned -x%02x - %s\n\n", (unsigned int) -ret, buf);
+ goto exit;
+ }
+
+ // Check if key and issuer certificate match
+ //
+ if (strlen(opt.issuer_crt)) {
+ if (mbedtls_pk_check_pair(&issuer_crt.pk, issuer_key,
+ mbedtls_ctr_drbg_random, &ctr_drbg) != 0) {
+ mbedtls_printf(" failed\n ! issuer_key does not match "
+ "issuer certificate\n\n");
+ goto exit;
+ }
+ }
+
+ mbedtls_printf(" ok\n");
+
+ if (opt.selfsign) {
+ opt.subject_name = opt.issuer_name;
+ subject_key = issuer_key;
+ }
+
+ mbedtls_x509write_crt_set_subject_key(&crt, subject_key);
+ mbedtls_x509write_crt_set_issuer_key(&crt, issuer_key);
+
+ /*
+ * 1.0. Check the names for validity
+ */
+ if ((ret = mbedtls_x509write_crt_set_subject_name(&crt, opt.subject_name)) != 0) {
+ mbedtls_strerror(ret, buf, sizeof(buf));
+ mbedtls_printf(" failed\n ! mbedtls_x509write_crt_set_subject_name "
+ "returned -0x%04x - %s\n\n", (unsigned int) -ret, buf);
+ goto exit;
+ }
+
+ if ((ret = mbedtls_x509write_crt_set_issuer_name(&crt, opt.issuer_name)) != 0) {
+ mbedtls_strerror(ret, buf, sizeof(buf));
+ mbedtls_printf(" failed\n ! mbedtls_x509write_crt_set_issuer_name "
+ "returned -0x%04x - %s\n\n", (unsigned int) -ret, buf);
+ goto exit;
+ }
+
+ mbedtls_printf(" . Setting certificate values ...");
+ fflush(stdout);
+
+ mbedtls_x509write_crt_set_version(&crt, opt.version);
+ mbedtls_x509write_crt_set_md_alg(&crt, opt.md);
+
+ ret = mbedtls_x509write_crt_set_serial_raw(&crt, serial, serial_len);
+ if (ret != 0) {
+ mbedtls_strerror(ret, buf, sizeof(buf));
+ mbedtls_printf(" failed\n ! mbedtls_x509write_crt_set_serial_raw "
+ "returned -0x%04x - %s\n\n", (unsigned int) -ret, buf);
+ goto exit;
+ }
+
+ ret = mbedtls_x509write_crt_set_validity(&crt, opt.not_before, opt.not_after);
+ if (ret != 0) {
+ mbedtls_strerror(ret, buf, sizeof(buf));
+ mbedtls_printf(" failed\n ! mbedtls_x509write_crt_set_validity "
+ "returned -0x%04x - %s\n\n", (unsigned int) -ret, buf);
+ goto exit;
+ }
+
+ mbedtls_printf(" ok\n");
+
+ if (opt.version == MBEDTLS_X509_CRT_VERSION_3 &&
+ opt.basic_constraints != 0) {
+ mbedtls_printf(" . Adding the Basic Constraints extension ...");
+ fflush(stdout);
+
+ ret = mbedtls_x509write_crt_set_basic_constraints(&crt, opt.is_ca,
+ opt.max_pathlen);
+ if (ret != 0) {
+ mbedtls_strerror(ret, buf, sizeof(buf));
+ mbedtls_printf(" failed\n ! x509write_crt_set_basic_constraints "
+ "returned -0x%04x - %s\n\n", (unsigned int) -ret, buf);
+ goto exit;
+ }
+
+ mbedtls_printf(" ok\n");
+ }
+
+#if defined(MBEDTLS_MD_CAN_SHA1)
+ if (opt.version == MBEDTLS_X509_CRT_VERSION_3 &&
+ opt.subject_identifier != 0) {
+ mbedtls_printf(" . Adding the Subject Key Identifier ...");
+ fflush(stdout);
+
+ ret = mbedtls_x509write_crt_set_subject_key_identifier(&crt);
+ if (ret != 0) {
+ mbedtls_strerror(ret, buf, sizeof(buf));
+ mbedtls_printf(" failed\n ! mbedtls_x509write_crt_set_subject"
+ "_key_identifier returned -0x%04x - %s\n\n",
+ (unsigned int) -ret, buf);
+ goto exit;
+ }
+
+ mbedtls_printf(" ok\n");
+ }
+
+ if (opt.version == MBEDTLS_X509_CRT_VERSION_3 &&
+ opt.authority_identifier != 0) {
+ mbedtls_printf(" . Adding the Authority Key Identifier ...");
+ fflush(stdout);
+
+ ret = mbedtls_x509write_crt_set_authority_key_identifier(&crt);
+ if (ret != 0) {
+ mbedtls_strerror(ret, buf, sizeof(buf));
+ mbedtls_printf(" failed\n ! mbedtls_x509write_crt_set_authority_"
+ "key_identifier returned -0x%04x - %s\n\n",
+ (unsigned int) -ret, buf);
+ goto exit;
+ }
+
+ mbedtls_printf(" ok\n");
+ }
+#endif /* MBEDTLS_MD_CAN_SHA1 */
+
+ if (opt.version == MBEDTLS_X509_CRT_VERSION_3 &&
+ opt.key_usage != 0) {
+ mbedtls_printf(" . Adding the Key Usage extension ...");
+ fflush(stdout);
+
+ ret = mbedtls_x509write_crt_set_key_usage(&crt, opt.key_usage);
+ if (ret != 0) {
+ mbedtls_strerror(ret, buf, sizeof(buf));
+ mbedtls_printf(" failed\n ! mbedtls_x509write_crt_set_key_usage "
+ "returned -0x%04x - %s\n\n", (unsigned int) -ret, buf);
+ goto exit;
+ }
+
+ mbedtls_printf(" ok\n");
+ }
+
+ if (opt.san_list != NULL) {
+ ret = mbedtls_x509write_crt_set_subject_alternative_name(&crt, opt.san_list);
+
+ if (ret != 0) {
+ mbedtls_printf(
+ " failed\n ! mbedtls_x509write_crt_set_subject_alternative_name returned %d",
+ ret);
+ goto exit;
+ }
+ }
+
+ if (opt.ext_key_usage) {
+ mbedtls_printf(" . Adding the Extended Key Usage extension ...");
+ fflush(stdout);
+
+ ret = mbedtls_x509write_crt_set_ext_key_usage(&crt, opt.ext_key_usage);
+ if (ret != 0) {
+ mbedtls_strerror(ret, buf, sizeof(buf));
+ mbedtls_printf(
+ " failed\n ! mbedtls_x509write_crt_set_ext_key_usage returned -0x%02x - %s\n\n",
+ (unsigned int) -ret,
+ buf);
+ goto exit;
+ }
+
+ mbedtls_printf(" ok\n");
+ }
+
+ if (opt.version == MBEDTLS_X509_CRT_VERSION_3 &&
+ opt.ns_cert_type != 0) {
+ mbedtls_printf(" . Adding the NS Cert Type extension ...");
+ fflush(stdout);
+
+ ret = mbedtls_x509write_crt_set_ns_cert_type(&crt, opt.ns_cert_type);
+ if (ret != 0) {
+ mbedtls_strerror(ret, buf, sizeof(buf));
+ mbedtls_printf(" failed\n ! mbedtls_x509write_crt_set_ns_cert_type "
+ "returned -0x%04x - %s\n\n", (unsigned int) -ret, buf);
+ goto exit;
+ }
+
+ mbedtls_printf(" ok\n");
+ }
+
+ /*
+ * 1.2. Writing the certificate
+ */
+ mbedtls_printf(" . Writing the certificate...");
+ fflush(stdout);
+
+ if ((ret = write_certificate(&crt, opt.output_file,
+ mbedtls_ctr_drbg_random, &ctr_drbg)) != 0) {
+ mbedtls_strerror(ret, buf, sizeof(buf));
+ mbedtls_printf(" failed\n ! write_certificate -0x%04x - %s\n\n",
+ (unsigned int) -ret, buf);
+ goto exit;
+ }
+
+ mbedtls_printf(" ok\n");
+
+ exit_code = MBEDTLS_EXIT_SUCCESS;
+
+exit:
+#if defined(MBEDTLS_X509_CSR_PARSE_C)
+ mbedtls_x509_csr_free(&csr);
+#endif /* MBEDTLS_X509_CSR_PARSE_C */
+ mbedtls_asn1_free_named_data_list(&ext_san_dirname);
+ mbedtls_x509_crt_free(&issuer_crt);
+ mbedtls_x509write_crt_free(&crt);
+ mbedtls_pk_free(&loaded_subject_key);
+ mbedtls_pk_free(&loaded_issuer_key);
+ mbedtls_ctr_drbg_free(&ctr_drbg);
+ mbedtls_entropy_free(&entropy);
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ mbedtls_psa_crypto_free();
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+
+ mbedtls_exit(exit_code);
+}
+#endif /* MBEDTLS_X509_CRT_WRITE_C && MBEDTLS_X509_CRT_PARSE_C &&
+ MBEDTLS_FS_IO && MBEDTLS_ENTROPY_C && MBEDTLS_CTR_DRBG_C &&
+ MBEDTLS_ERROR_C && MBEDTLS_PEM_WRITE_C */
diff --git a/programs/x509/crl_app.c b/programs/x509/crl_app.c
new file mode 100644
index 0000000..5e3fd5a
--- /dev/null
+++ b/programs/x509/crl_app.c
@@ -0,0 +1,132 @@
+/*
+ * CRL reading application
+ *
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ */
+
+#include "mbedtls/build_info.h"
+
+#include "mbedtls/platform.h"
+
+#if !defined(MBEDTLS_BIGNUM_C) || !defined(MBEDTLS_RSA_C) || \
+ !defined(MBEDTLS_X509_CRL_PARSE_C) || !defined(MBEDTLS_FS_IO) || \
+ defined(MBEDTLS_X509_REMOVE_INFO)
+int main(void)
+{
+ mbedtls_printf("MBEDTLS_BIGNUM_C and/or MBEDTLS_RSA_C and/or "
+ "MBEDTLS_X509_CRL_PARSE_C and/or MBEDTLS_FS_IO not defined and/or "
+ "MBEDTLS_X509_REMOVE_INFO defined.\n");
+ mbedtls_exit(0);
+}
+#else
+
+#include "mbedtls/x509_crl.h"
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#define DFL_FILENAME "crl.pem"
+#define DFL_DEBUG_LEVEL 0
+
+#define USAGE \
+ "\n usage: crl_app param=<>...\n" \
+ "\n acceptable parameters:\n" \
+ " filename=%%s default: crl.pem\n" \
+ "\n"
+
+
+/*
+ * global options
+ */
+struct options {
+ const char *filename; /* filename of the certificate file */
+} opt;
+
+int main(int argc, char *argv[])
+{
+ int ret = 1;
+ int exit_code = MBEDTLS_EXIT_FAILURE;
+ unsigned char buf[100000];
+ mbedtls_x509_crl crl;
+ int i;
+ char *p, *q;
+
+ /*
+ * Set to sane values
+ */
+ mbedtls_x509_crl_init(&crl);
+
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ psa_status_t status = psa_crypto_init();
+ if (status != PSA_SUCCESS) {
+ mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n",
+ (int) status);
+ goto exit;
+ }
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+
+ if (argc < 2) {
+usage:
+ mbedtls_printf(USAGE);
+ goto exit;
+ }
+
+ opt.filename = DFL_FILENAME;
+
+ for (i = 1; i < argc; i++) {
+ p = argv[i];
+ if ((q = strchr(p, '=')) == NULL) {
+ goto usage;
+ }
+ *q++ = '\0';
+
+ if (strcmp(p, "filename") == 0) {
+ opt.filename = q;
+ } else {
+ goto usage;
+ }
+ }
+
+ /*
+ * 1.1. Load the CRL
+ */
+ mbedtls_printf("\n . Loading the CRL ...");
+ fflush(stdout);
+
+ ret = mbedtls_x509_crl_parse_file(&crl, opt.filename);
+
+ if (ret != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_x509_crl_parse_file returned %d\n\n", ret);
+ mbedtls_x509_crl_free(&crl);
+ goto exit;
+ }
+
+ mbedtls_printf(" ok\n");
+
+ /*
+ * 1.2 Print the CRL
+ */
+ mbedtls_printf(" . CRL information ...\n");
+ ret = mbedtls_x509_crl_info((char *) buf, sizeof(buf) - 1, " ", &crl);
+ if (ret == -1) {
+ mbedtls_printf(" failed\n ! mbedtls_x509_crl_info returned %d\n\n", ret);
+ mbedtls_x509_crl_free(&crl);
+ goto exit;
+ }
+
+ mbedtls_printf("%s\n", buf);
+
+ exit_code = MBEDTLS_EXIT_SUCCESS;
+
+exit:
+ mbedtls_x509_crl_free(&crl);
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ mbedtls_psa_crypto_free();
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+
+ mbedtls_exit(exit_code);
+}
+#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_RSA_C && MBEDTLS_X509_CRL_PARSE_C &&
+ MBEDTLS_FS_IO */
diff --git a/programs/x509/load_roots.c b/programs/x509/load_roots.c
new file mode 100644
index 0000000..f0e6acf
--- /dev/null
+++ b/programs/x509/load_roots.c
@@ -0,0 +1,165 @@
+/*
+ * Root CA reading application
+ *
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ */
+
+#include "mbedtls/build_info.h"
+
+#include "mbedtls/platform.h"
+
+#if !defined(MBEDTLS_X509_CRT_PARSE_C) || !defined(MBEDTLS_FS_IO) || \
+ !defined(MBEDTLS_TIMING_C)
+int main(void)
+{
+ mbedtls_printf("MBEDTLS_X509_CRT_PARSE_C and/or MBEDTLS_FS_IO and/or "
+ "MBEDTLS_TIMING_C not defined.\n");
+ mbedtls_exit(0);
+}
+#else
+
+#include "mbedtls/error.h"
+#include "mbedtls/timing.h"
+#include "mbedtls/x509_crt.h"
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#define DFL_ITERATIONS 1
+#define DFL_PRIME_CACHE 1
+
+#define USAGE \
+ "\n usage: load_roots param=<>... [--] FILE...\n" \
+ "\n acceptable parameters:\n" \
+ " iterations=%%d Iteration count (not including cache priming); default: 1\n" \
+ " prime=%%d Prime the disk read cache? Default: 1 (yes)\n" \
+ "\n"
+
+
+/*
+ * global options
+ */
+struct options {
+ const char **filenames; /* NULL-terminated list of file names */
+ unsigned iterations; /* Number of iterations to time */
+ int prime_cache; /* Prime the disk read cache? */
+} opt;
+
+
+int read_certificates(const char *const *filenames)
+{
+ mbedtls_x509_crt cas;
+ int ret = 0;
+ const char *const *cur;
+
+ mbedtls_x509_crt_init(&cas);
+
+ for (cur = filenames; *cur != NULL; cur++) {
+ ret = mbedtls_x509_crt_parse_file(&cas, *cur);
+ if (ret != 0) {
+#if defined(MBEDTLS_ERROR_C) || defined(MBEDTLS_ERROR_STRERROR_DUMMY)
+ char error_message[200];
+ mbedtls_strerror(ret, error_message, sizeof(error_message));
+ printf("\n%s: -0x%04x (%s)\n",
+ *cur, (unsigned) -ret, error_message);
+#else
+ printf("\n%s: -0x%04x\n",
+ *cur, (unsigned) -ret);
+#endif
+ goto exit;
+ }
+ }
+
+exit:
+ mbedtls_x509_crt_free(&cas);
+ return ret == 0;
+}
+
+int main(int argc, char *argv[])
+{
+ int exit_code = MBEDTLS_EXIT_FAILURE;
+ unsigned i, j;
+ struct mbedtls_timing_hr_time timer;
+ unsigned long ms;
+
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ psa_status_t status = psa_crypto_init();
+ if (status != PSA_SUCCESS) {
+ mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n",
+ (int) status);
+ goto exit;
+ }
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+
+ if (argc <= 1) {
+ mbedtls_printf(USAGE);
+ goto exit;
+ }
+
+ opt.filenames = NULL;
+ opt.iterations = DFL_ITERATIONS;
+ opt.prime_cache = DFL_PRIME_CACHE;
+
+ for (i = 1; i < (unsigned) argc; i++) {
+ char *p = argv[i];
+ char *q = NULL;
+
+ if (strcmp(p, "--") == 0) {
+ break;
+ }
+ if ((q = strchr(p, '=')) == NULL) {
+ break;
+ }
+ *q++ = '\0';
+
+ for (j = 0; p + j < q; j++) {
+ if (argv[i][j] >= 'A' && argv[i][j] <= 'Z') {
+ argv[i][j] |= 0x20;
+ }
+ }
+
+ if (strcmp(p, "iterations") == 0) {
+ opt.iterations = atoi(q);
+ } else if (strcmp(p, "prime") == 0) {
+ opt.iterations = atoi(q) != 0;
+ } else {
+ mbedtls_printf("Unknown option: %s\n", p);
+ mbedtls_printf(USAGE);
+ goto exit;
+ }
+ }
+
+ opt.filenames = (const char **) argv + i;
+ if (*opt.filenames == 0) {
+ mbedtls_printf("Missing list of certificate files to parse\n");
+ goto exit;
+ }
+
+ mbedtls_printf("Parsing %u certificates", argc - i);
+ if (opt.prime_cache) {
+ if (!read_certificates(opt.filenames)) {
+ goto exit;
+ }
+ mbedtls_printf(" ");
+ }
+
+ (void) mbedtls_timing_get_timer(&timer, 1);
+ for (i = 1; i <= opt.iterations; i++) {
+ if (!read_certificates(opt.filenames)) {
+ goto exit;
+ }
+ mbedtls_printf(".");
+ }
+ ms = mbedtls_timing_get_timer(&timer, 0);
+ mbedtls_printf("\n%u iterations -> %lu ms\n", opt.iterations, ms);
+ exit_code = MBEDTLS_EXIT_SUCCESS;
+
+exit:
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ mbedtls_psa_crypto_free();
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+ mbedtls_exit(exit_code);
+}
+#endif /* necessary configuration */
diff --git a/programs/x509/req_app.c b/programs/x509/req_app.c
new file mode 100644
index 0000000..fff0983
--- /dev/null
+++ b/programs/x509/req_app.c
@@ -0,0 +1,132 @@
+/*
+ * Certificate request reading application
+ *
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ */
+
+#include "mbedtls/build_info.h"
+
+#include "mbedtls/platform.h"
+
+#if !defined(MBEDTLS_BIGNUM_C) || !defined(MBEDTLS_RSA_C) || \
+ !defined(MBEDTLS_X509_CSR_PARSE_C) || !defined(MBEDTLS_FS_IO) || \
+ defined(MBEDTLS_X509_REMOVE_INFO)
+int main(void)
+{
+ mbedtls_printf("MBEDTLS_BIGNUM_C and/or MBEDTLS_RSA_C and/or "
+ "MBEDTLS_X509_CSR_PARSE_C and/or MBEDTLS_FS_IO not defined and/or "
+ "MBEDTLS_X509_REMOVE_INFO defined.\n");
+ mbedtls_exit(0);
+}
+#else
+
+#include "mbedtls/x509_csr.h"
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#define DFL_FILENAME "cert.req"
+#define DFL_DEBUG_LEVEL 0
+
+#define USAGE \
+ "\n usage: req_app param=<>...\n" \
+ "\n acceptable parameters:\n" \
+ " filename=%%s default: cert.req\n" \
+ "\n"
+
+
+/*
+ * global options
+ */
+struct options {
+ const char *filename; /* filename of the certificate request */
+} opt;
+
+int main(int argc, char *argv[])
+{
+ int ret = 1;
+ int exit_code = MBEDTLS_EXIT_FAILURE;
+ unsigned char buf[100000];
+ mbedtls_x509_csr csr;
+ int i;
+ char *p, *q;
+
+ /*
+ * Set to sane values
+ */
+ mbedtls_x509_csr_init(&csr);
+
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ psa_status_t status = psa_crypto_init();
+ if (status != PSA_SUCCESS) {
+ mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n",
+ (int) status);
+ goto exit;
+ }
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+
+ if (argc < 2) {
+usage:
+ mbedtls_printf(USAGE);
+ goto exit;
+ }
+
+ opt.filename = DFL_FILENAME;
+
+ for (i = 1; i < argc; i++) {
+ p = argv[i];
+ if ((q = strchr(p, '=')) == NULL) {
+ goto usage;
+ }
+ *q++ = '\0';
+
+ if (strcmp(p, "filename") == 0) {
+ opt.filename = q;
+ } else {
+ goto usage;
+ }
+ }
+
+ /*
+ * 1.1. Load the CSR
+ */
+ mbedtls_printf("\n . Loading the CSR ...");
+ fflush(stdout);
+
+ ret = mbedtls_x509_csr_parse_file(&csr, opt.filename);
+
+ if (ret != 0) {
+ mbedtls_printf(" failed\n ! mbedtls_x509_csr_parse_file returned %d\n\n", ret);
+ mbedtls_x509_csr_free(&csr);
+ goto exit;
+ }
+
+ mbedtls_printf(" ok\n");
+
+ /*
+ * 1.2 Print the CSR
+ */
+ mbedtls_printf(" . CSR information ...\n");
+ ret = mbedtls_x509_csr_info((char *) buf, sizeof(buf) - 1, " ", &csr);
+ if (ret == -1) {
+ mbedtls_printf(" failed\n ! mbedtls_x509_csr_info returned %d\n\n", ret);
+ mbedtls_x509_csr_free(&csr);
+ goto exit;
+ }
+
+ mbedtls_printf("%s\n", buf);
+
+ exit_code = MBEDTLS_EXIT_SUCCESS;
+
+exit:
+ mbedtls_x509_csr_free(&csr);
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ mbedtls_psa_crypto_free();
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+
+ mbedtls_exit(exit_code);
+}
+#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_RSA_C && MBEDTLS_X509_CSR_PARSE_C &&
+ MBEDTLS_FS_IO */