From 8d4f15013ff23638c210d2b456b6bacd4622704a Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Fri, 14 Jun 2024 07:49:05 +0200 Subject: [PATCH 01/35] psa: allow to use static key buffers instead of dynamic ones This helps reducing heap memory usage and, if heap memory is not used anywhere else in an embedded device, it also reduces code footprint since there is no need for heap management code in this case. A new build symbol is added for this purpose, named MBEDTLS_PSA_STATIC_KEY_SLOTS. It's disabled by default so that normal usage of Mbed TLS library is not affected. Signed-off-by: Valerio Setti --- include/mbedtls/mbedtls_config.h | 33 ++++++++++++++++++++++++++++++++ include/psa/crypto_sizes.h | 25 ++++++++++++++++++++++++ library/pk.c | 4 ---- library/psa_crypto.c | 33 ++++++++++++++++++++++++++++++-- library/psa_crypto_core.h | 11 +++++++++++ scripts/config.py | 2 ++ 6 files changed, 102 insertions(+), 6 deletions(-) diff --git a/include/mbedtls/mbedtls_config.h b/include/mbedtls/mbedtls_config.h index bd3f71d5bc..61f44e028f 100644 --- a/include/mbedtls/mbedtls_config.h +++ b/include/mbedtls/mbedtls_config.h @@ -3268,6 +3268,39 @@ */ #define MBEDTLS_PSA_ITS_FILE_C +/** + * \def MBEDTLS_PSA_STATIC_KEY_SLOTS + * + * Statically preallocate all key slot buffers to store volatile keys in PSA + * instead of allocating them dynamically when required. This helps reducing + * heap memory usage as well as heap management code's footprint in embedded + * devices. + * + * \note This feature comes with a (potentially) higher RAM usage since: + * - All the key slots are allocated no matter if they are used of not. + * - Each key slot's length is as large as the largest key type supported + * in the build. + * + * Requires: MBEDTLS_PSA_CRYPTO_C + * + */ +//#define MBEDTLS_PSA_STATIC_KEY_SLOTS + +/** + * \def MBEDTLS_PSA_STATIC_KEY_SLOTS + * + * Optionally define the size (in bytes) of each static key slot. If not + * explicitly defined then it's automatically set to hold the maximum + * asymmetric PSA key enabled in the build (through PSA_WANT_xxx symbols). + * If required by the application this parameter can be set to higher values + * in order to store larger objects (ex: raw keys), but please note that this + * will increase RAM usage. + * + * Requires: MBEDTLS_PSA_STATIC_KEY_SLOTS + * + */ +//#define MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE 256 + /** * \def MBEDTLS_RIPEMD160_C * diff --git a/include/psa/crypto_sizes.h b/include/psa/crypto_sizes.h index 635ee98f80..892bfa3e7f 100644 --- a/include/psa/crypto_sizes.h +++ b/include/psa/crypto_sizes.h @@ -1038,6 +1038,10 @@ PSA_KEY_EXPORT_FFDH_PUBLIC_KEY_MAX_SIZE(PSA_VENDOR_FFDH_MAX_KEY_BITS) #endif +#define PSA_EXPORT_KEY_PAIR_OR_PUBLIC_MAX_SIZE \ + (PSA_EXPORT_KEY_PAIR_MAX_SIZE > PSA_EXPORT_PUBLIC_KEY_MAX_SIZE) ? \ + PSA_EXPORT_KEY_PAIR_MAX_SIZE : PSA_EXPORT_PUBLIC_KEY_MAX_SIZE + /** Sufficient output buffer size for psa_raw_key_agreement(). * * This macro returns a compile-time constant if its arguments are @@ -1085,6 +1089,27 @@ #define PSA_RAW_KEY_AGREEMENT_OUTPUT_MAX_SIZE PSA_BITS_TO_BYTES(PSA_VENDOR_FFDH_MAX_KEY_BITS) #endif +/** Maximum key length for ciphers. + * + * Since there is no additional PSA_WANT_xxx symbol to specifiy the size of + * the key once a cipher is enabled (as it happens for asymmetric keys for + * example), the maximum key length is taken into account for each cipher. + * The resulting value will be the maximum cipher's key length given depending + * on which ciphers are enabled. + * + * Note: max value for AES used below would be doubled if XTS were enabled, but + * this mode is currently not supported in Mbed TLS implementation of PSA + * APIs. + */ +#if (defined(PSA_WANT_KEY_TYPE_AES) || defined(PSA_WANT_KEY_TYPE_ARIA) || \ + defined(PSA_WANT_KEY_TYPE_CAMELLIA) || defined(PSA_WANT_KEY_TYPE_CHACHA20)) +#define PSA_CIPHER_MAX_KEY_LENGTH 32u +#elif defined(PSA_WANT_KEY_TYPE_DES) +#define PSA_CIPHER_MAX_KEY_LENGTH 24u +#else +#define PSA_CIPHER_MAX_KEY_LENGTH 0u +#endif + /** The default IV size for a cipher algorithm, in bytes. * * The IV that is generated as part of a call to #psa_cipher_encrypt() is always diff --git a/library/pk.c b/library/pk.c index 3fe51ea34f..51f0c24088 100644 --- a/library/pk.c +++ b/library/pk.c @@ -35,10 +35,6 @@ #include #include -#define PSA_EXPORT_KEY_PAIR_OR_PUBLIC_MAX_SIZE \ - (PSA_EXPORT_KEY_PAIR_MAX_SIZE > PSA_EXPORT_PUBLIC_KEY_MAX_SIZE) ? \ - PSA_EXPORT_KEY_PAIR_MAX_SIZE : PSA_EXPORT_PUBLIC_KEY_MAX_SIZE - /* * Initialise a mbedtls_pk_context */ diff --git a/library/psa_crypto.c b/library/psa_crypto.c index c4f41db10b..696e830b8e 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -705,6 +705,17 @@ MBEDTLS_STATIC_TESTABLE psa_status_t psa_mac_key_can_do( psa_status_t psa_allocate_buffer_to_slot(psa_key_slot_t *slot, size_t buffer_length) { +#if defined(MBEDTLS_PSA_STATIC_KEY_SLOTS) + if (slot->key.in_use) { + return PSA_ERROR_ALREADY_EXISTS; + } + + if (buffer_length > ((size_t) MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE)) { + return PSA_ERROR_NOT_SUPPORTED; + } + + slot->key.in_use = 1; +#else if (slot->key.data != NULL) { return PSA_ERROR_ALREADY_EXISTS; } @@ -713,6 +724,7 @@ psa_status_t psa_allocate_buffer_to_slot(psa_key_slot_t *slot, if (slot->key.data == NULL) { return PSA_ERROR_INSUFFICIENT_MEMORY; } +#endif slot->key.bytes = buffer_length; return PSA_SUCCESS; @@ -1177,11 +1189,16 @@ static psa_status_t psa_get_and_lock_transparent_key_slot_with_policy( psa_status_t psa_remove_key_data_from_memory(psa_key_slot_t *slot) { +#if defined(MBEDTLS_PSA_STATIC_KEY_SLOTS) + slot->key.in_use = 0; +#else /* MBEDTLS_PSA_STATIC_KEY_SLOTS */ if (slot->key.data != NULL) { mbedtls_zeroize_and_free(slot->key.data, slot->key.bytes); } slot->key.data = NULL; +#endif /* MBEDTLS_PSA_STATIC_KEY_SLOTS */ + slot->key.bytes = 0; return PSA_SUCCESS; @@ -2096,7 +2113,13 @@ psa_status_t psa_import_key(const psa_key_attributes_t *attributes, * storage ( thus not in the case of importing a key in a secure element * with storage ( MBEDTLS_PSA_CRYPTO_SE_C ) ),we have to allocate a * buffer to hold the imported key material. */ - if (slot->key.data == NULL) { +#if defined(MBEDTLS_PSA_STATIC_KEY_SLOTS) + int is_slot_unused = (slot->key.in_use == 0); +#else + int is_slot_unused = (slot->key.data == NULL); +#endif + + if (is_slot_unused) { if (psa_key_lifetime_is_external(attributes->lifetime)) { status = psa_driver_wrapper_get_key_buffer_size_from_key_data( attributes, data, data_length, &storage_size); @@ -8013,7 +8036,13 @@ psa_status_t psa_generate_key_custom(const psa_key_attributes_t *attributes, * storage ( thus not in the case of generating a key in a secure element * with storage ( MBEDTLS_PSA_CRYPTO_SE_C ) ),we have to allocate a * buffer to hold the generated key material. */ - if (slot->key.data == NULL) { +#if defined(MBEDTLS_PSA_STATIC_KEY_SLOTS) + int is_slot_unused = (slot->key.in_use == 0); +#else + int is_slot_unused = (slot->key.data == NULL); +#endif + + if (is_slot_unused) { if (PSA_KEY_LIFETIME_GET_LOCATION(attributes->lifetime) == PSA_KEY_LOCATION_LOCAL_STORAGE) { status = psa_validate_key_type_and_size_for_key_generation( diff --git a/library/psa_crypto_core.h b/library/psa_crypto_core.h index 21e7559f01..5f59697612 100644 --- a/library/psa_crypto_core.h +++ b/library/psa_crypto_core.h @@ -55,6 +55,12 @@ typedef enum { PSA_SLOT_PENDING_DELETION, } psa_key_slot_state_t; +/* If the size of static key slots is not explicitly defined by the user, then + * set it to PSA_EXPORT_KEY_PAIR_OR_PUBLIC_MAX_SIZE. */ +#if !defined(MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE) +#define MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE (PSA_EXPORT_KEY_PAIR_OR_PUBLIC_MAX_SIZE) +#endif /* !MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE*/ + /** The data structure representing a key slot, containing key material * and metadata for one key. */ @@ -155,7 +161,12 @@ typedef struct { /* Dynamically allocated key data buffer. * Format as specified in psa_export_key(). */ struct key_data { +#if defined(MBEDTLS_PSA_STATIC_KEY_SLOTS) + int in_use; + uint8_t data[MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE]; +#else /* MBEDTLS_PSA_STATIC_KEY_SLOTS */ uint8_t *data; +#endif /* MBEDTLS_PSA_STATIC_KEY_SLOTS */ size_t bytes; } key; } psa_key_slot_t; diff --git a/scripts/config.py b/scripts/config.py index bb4a22c9cc..ef13062936 100755 --- a/scripts/config.py +++ b/scripts/config.py @@ -110,6 +110,8 @@ EXCLUDE_FROM_FULL = frozenset([ 'MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN', # build dependency (clang+memsan) 'MBEDTLS_TEST_CONSTANT_FLOW_VALGRIND', # build dependency (valgrind headers) 'MBEDTLS_X509_REMOVE_INFO', # removes a feature + 'MBEDTLS_PSA_STATIC_KEY_SLOTS', # only relevant for embedded devices + 'MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE', # only relevant for embedded devices ]) def is_seamless_alt(name): From 168d24a00d01974aa0016042b1bf98e81424373d Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Thu, 20 Jun 2024 14:40:54 +0200 Subject: [PATCH 02/35] test: add new component to test MBEDTLS_PSA_STATIC_KEY_SLOTS This commit also fixes related errors in test suites. In all cases those failures are related to the use of raw keys whose size cannot be determined a-priori. Signed-off-by: Valerio Setti --- tests/scripts/components-configuration-crypto.sh | 8 ++++++++ tests/suites/test_suite_psa_crypto.data | 6 +++--- tests/suites/test_suite_psa_crypto.function | 2 +- tests/suites/test_suite_psa_crypto_persistent_key.data | 10 +++++++++- 4 files changed, 21 insertions(+), 5 deletions(-) diff --git a/tests/scripts/components-configuration-crypto.sh b/tests/scripts/components-configuration-crypto.sh index d2f7c22db5..bb28ff2c96 100644 --- a/tests/scripts/components-configuration-crypto.sh +++ b/tests/scripts/components-configuration-crypto.sh @@ -31,6 +31,14 @@ component_test_psa_assume_exclusive_buffers () { make test } +component_test_crypto_with_static_key_slots() { + msg "build: crypto full + MBEDTLS_PSA_STATIC_KEY_SLOTS" + scripts/config.py crypto_full + scripts/config.py set MBEDTLS_PSA_STATIC_KEY_SLOTS + + make test +} + # check_renamed_symbols HEADER LIB # Check that if HEADER contains '#define MACRO ...' then MACRO is not a symbol # name in LIB. diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data index e69469b958..cd8fbbf916 100644 --- a/tests/suites/test_suite_psa_crypto.data +++ b/tests/suites/test_suite_psa_crypto.data @@ -7170,7 +7170,7 @@ derive_key:PSA_ALG_PBKDF2_AES_CMAC_PRF_128:"706173737764":"01":"73616c74":PSA_KE # and not expected to be raised any time soon) is less than the maximum # output from HKDF-SHA512 (255*64 = 16320 bytes). PSA key derivation: largest possible key -depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_512 +depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_512:!MBEDTLS_PSA_STATIC_KEY_SLOTS derive_key:PSA_ALG_HKDF(PSA_ALG_SHA_512):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":PSA_KEY_TYPE_RAW_DATA:PSA_MAX_KEY_BITS:PSA_SUCCESS:1 PSA key derivation: key too large @@ -7420,6 +7420,7 @@ PSA generate key: raw data, (2 * MBEDTLS_CTR_DRBG_MAX_REQUEST + 1) * 8 bits generate_key:PSA_KEY_TYPE_RAW_DATA:(2 * MBEDTLS_CTR_DRBG_MAX_REQUEST + 1) * 8:PSA_KEY_USAGE_EXPORT:0:PSA_SUCCESS:0 PSA generate key: raw data, 65528 bits (large key, ok if it fits) +depends_on:!MBEDTLS_PSA_STATIC_KEY_SLOTS generate_key:PSA_KEY_TYPE_RAW_DATA:65528:PSA_KEY_USAGE_EXPORT:0:PSA_SUCCESS:1 PSA generate key: raw data, 65536 bits (not supported) @@ -7663,7 +7664,7 @@ depends_on:MBEDTLS_THREADING_PTHREAD concurrently_generate_keys:PSA_KEY_TYPE_RAW_DATA:(2 * MBEDTLS_CTR_DRBG_MAX_REQUEST + 1) * 8:PSA_KEY_USAGE_EXPORT:0:PSA_SUCCESS:0:8:5 PSA concurrent key generation: raw data, 65528 bits (large key, ok if it fits) -depends_on:MBEDTLS_THREADING_PTHREAD +depends_on:MBEDTLS_THREADING_PTHREAD:!MBEDTLS_PSA_STATIC_KEY_SLOTS concurrently_generate_keys:PSA_KEY_TYPE_RAW_DATA:65528:PSA_KEY_USAGE_EXPORT:0:PSA_SUCCESS:1:8:5 PSA concurrent key generation: raw data, 65536 bits (not supported) @@ -7874,4 +7875,3 @@ ecc_conversion_functions:MBEDTLS_ECP_DP_NONE:0:0 ECP group ID <-> PSA family - Wrong values ecc_conversion_functions_fail - diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function index 2e513ea45c..ae39af2e79 100644 --- a/tests/suites/test_suite_psa_crypto.function +++ b/tests/suites/test_suite_psa_crypto.function @@ -1639,7 +1639,7 @@ exit: } /* END_CASE */ -/* BEGIN_CASE */ +/* BEGIN_CASE depends_on: !MBEDTLS_PSA_STATIC_KEY_SLOTS*/ /* Construct and attempt to import a large unstructured key. */ void import_large_key(int type_arg, int byte_size_arg, int expected_status_arg) diff --git a/tests/suites/test_suite_psa_crypto_persistent_key.data b/tests/suites/test_suite_psa_crypto_persistent_key.data index 133e726aec..05dc0c3ee8 100644 --- a/tests/suites/test_suite_psa_crypto_persistent_key.data +++ b/tests/suites/test_suite_psa_crypto_persistent_key.data @@ -35,12 +35,20 @@ parse_storage_data_check:"505341004b45590000000000010000000170000001000000000000 # Not specific to files, but only run this test in an environment where the maximum size could be reached. Save maximum-size persistent raw key -depends_on:MBEDTLS_PSA_ITS_FILE_C +depends_on:MBEDTLS_PSA_ITS_FILE_C:!MBEDTLS_PSA_STATIC_KEY_SLOTS save_large_persistent_key:PSA_CRYPTO_MAX_STORAGE_SIZE:PSA_SUCCESS +Save maximum-size persistent raw key - static key slot size +depends_on:MBEDTLS_PSA_ITS_FILE_C:MBEDTLS_PSA_STATIC_KEY_SLOTS +save_large_persistent_key:MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE:PSA_SUCCESS + Save larger than maximum-size persistent raw key save_large_persistent_key:PSA_CRYPTO_MAX_STORAGE_SIZE + 1:PSA_ERROR_NOT_SUPPORTED +Save larger than maximum-size persistent raw key - static key slot size +depends_on:MBEDTLS_PSA_STATIC_KEY_SLOTS +save_large_persistent_key:MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE + 1:PSA_ERROR_NOT_SUPPORTED + Persistent key destroy depends_on:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT persistent_key_destroy:2:1:0:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_TYPE_RAW_DATA:"deadbeef" From efce6052d8b9f768dffdca6610ec185c4cc36623 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Tue, 25 Jun 2024 18:31:36 +0200 Subject: [PATCH 03/35] test: add new component to test core library without calloc/free This commit also fixes issues found in test suites function/data files. Signed-off-by: Valerio Setti --- .../components-configuration-crypto.sh | 86 +++++++++++++++++++ tests/suites/test_suite_psa_crypto.data | 2 + tests/suites/test_suite_psa_crypto.function | 4 +- ...test_suite_psa_crypto_driver_wrappers.data | 16 ++-- ..._suite_psa_crypto_driver_wrappers.function | 12 ++- .../test_suite_psa_crypto_entropy.function | 4 + .../test_suite_psa_crypto_init.function | 3 + 7 files changed, 114 insertions(+), 13 deletions(-) diff --git a/tests/scripts/components-configuration-crypto.sh b/tests/scripts/components-configuration-crypto.sh index bb28ff2c96..b23e291afd 100644 --- a/tests/scripts/components-configuration-crypto.sh +++ b/tests/scripts/components-configuration-crypto.sh @@ -64,6 +64,92 @@ component_build_psa_crypto_spm () { check_renamed_symbols tests/include/spe/crypto_spe.h library/libmbedcrypto.a } +# The goal of this component is to build a configuration where: +# - test code and libtestdriver1 can make use of calloc/free and +# - core library (including PSA core) cannot use calloc/free. +component_test_psa_crypto_without_heap() { + # Disable PSA features that cannot be accelerated and whose builtin support + # requires calloc/free. + scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE + scripts/config.py -f $CRYPTO_CONFIG_H unset-all PSA_WANT_ALG_HKDF* + scripts/config.py -f $CRYPTO_CONFIG_H unset-all PSA_WANT_ALG_PBKDF2* + scripts/config.py -f $CRYPTO_CONFIG_H unset-all PSA_WANT_ALG_TLS12* + # RSA key support requires ASN1 parse/write support for testing, but ASN1 + # is disabled below. + scripts/config.py -f $CRYPTO_CONFIG_H unset-all PSA_WANT_KEY_TYPE_RSA_* + scripts/config.py -f $CRYPTO_CONFIG_H unset-all PSA_WANT_ALG_RSA_* + # DES requires built-in support for key generation (parity check) so it + # cannot be accelerated + scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_KEY_TYPE_DES + # EC-JPAKE use calloc/free in PSA core + scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_JPAKE + + # Accelerate all PSA features (which are still enabled in CRYPTO_CONFIG_H). + PSA_SYM_LIST=$(./scripts/config.py -f $CRYPTO_CONFIG_H get-all-enabled PSA_WANT) + loc_accel_list=$(echo $PSA_SYM_LIST | sed 's/PSA_WANT_//g') + + msg "build: libtestdriver1" + helper_libtestdriver1_adjust_config crypto + helper_libtestdriver1_make_drivers "$loc_accel_list" + + msg "build: main library" + # Enable fully-static key slots in PSA core. + scripts/config.py set MBEDTLS_PSA_STATIC_KEY_SLOTS + # Prevent PSA core from creating a copy of input/output buffers + scripts/config.py set MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS + # Prevent PSA core from using CTR-DRBG or HMAC-DRBG for random generation. + scripts/config.py set MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG + # Set cmalloc/free as null pointer functions. Calling them would crash + # the program so we can use this as a "sentinel" for being sure no module + # is making use of these functions in the library. + scripts/config.py set MBEDTLS_PLATFORM_MEMORY + scripts/config.py set MBEDTLS_PLATFORM_STD_CALLOC NULL + scripts/config.py set MBEDTLS_PLATFORM_STD_FREE NULL + + # Disable all the modules/features that use cmalloc directly + scripts/config.py unset-all MBEDTLS_ASN1_ + scripts/config.py unset MBEDTLS_BIGNUM_C + scripts/config.py unset MBEDTLS_CIPHER_C + scripts/config.py unset MBEDTLS_CMAC_C + scripts/config.py unset MBEDTLS_DHM_C + scripts/config.py unset MBEDTLS_ECDSA_C + scripts/config.py unset MBEDTLS_ECP_RESTARTABLE + scripts/config.py unset MBEDTLS_ECP_C + scripts/config.py unset-all MBEDTLS_LMS_ + scripts/config.py unset MBEDTLS_MD_C + scripts/config.py unset MBEDTLS_OID_C + scripts/config.py unset-all MBEDTLS_PEM_ + scripts/config.py unset MBEDTLS_PKCS7_C + scripts/config.py unset-all MBEDTLS_PK_ + scripts/config.py unset MBEDTLS_RSA_C + scripts/config.py unset MBEDTLS_PSA_CRYPTO_STORAGE_C + # Disable all modules that depend on the the previous ones + scripts/config.py unset MBEDTLS_NIST_KW_C + scripts/config.py unset MBEDTLS_ECDH_C + scripts/config.py unset MBEDTLS_ECJPAKE_C + scripts/config.py unset-all MBEDTLS_PKCS1_ + scripts/config.py unset-all MBEDTLS_ENTROPY_ + scripts/config.py unset-all MBEDTLS_SHA + scripts/config.py unset MBEDTLS_PLATFORM_NV_SEED_ALT + scripts/config.py unset MBEDTLS_HKDF_C + scripts/config.py unset MBEDTLS_PKCS5_C + scripts/config.py unset MBEDTLS_PKCS12_C + scripts/config.py unset MBEDTLS_HMAC_DRBG_C + scripts/config.py unset MBEDTLS_ECDSA_DETERMINISTIC + helper_libtestdriver1_make_main "$loc_accel_list" lib + + msg "build: test suites and helpers" + # Reset cmalloc/free functions to normal operations so that test code can + # freely use them. + scripts/config.py unset MBEDTLS_PLATFORM_MEMORY + scripts/config.py unset MBEDTLS_PLATFORM_STD_CALLOC + scripts/config.py unset MBEDTLS_PLATFORM_STD_FREE + helper_libtestdriver1_make_main "$loc_accel_list" tests + + msg "run tests" + make test +} + # Get a list of library-wise undefined symbols and ensure that they only # belong to psa_xxx() functions and not to mbedtls_yyy() ones. # This function is a common helper used by both: diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data index cd8fbbf916..c1b4a2c816 100644 --- a/tests/suites/test_suite_psa_crypto.data +++ b/tests/suites/test_suite_psa_crypto.data @@ -7414,9 +7414,11 @@ PSA generate key: raw data, 9 bits: invalid argument generate_key:PSA_KEY_TYPE_RAW_DATA:9:PSA_KEY_USAGE_EXPORT:0:PSA_ERROR_INVALID_ARGUMENT:0 PSA generate key: raw data, (MBEDTLS_CTR_DRBG_MAX_REQUEST + 1) * 8 bits +depends_on:!MBEDTLS_PSA_STATIC_KEY_SLOTS generate_key:PSA_KEY_TYPE_RAW_DATA:(MBEDTLS_CTR_DRBG_MAX_REQUEST + 1) * 8:PSA_KEY_USAGE_EXPORT:0:PSA_SUCCESS:0 PSA generate key: raw data, (2 * MBEDTLS_CTR_DRBG_MAX_REQUEST + 1) * 8 bits +depends_on:!MBEDTLS_PSA_STATIC_KEY_SLOTS generate_key:PSA_KEY_TYPE_RAW_DATA:(2 * MBEDTLS_CTR_DRBG_MAX_REQUEST + 1) * 8:PSA_KEY_USAGE_EXPORT:0:PSA_SUCCESS:0 PSA generate key: raw data, 65528 bits (large key, ok if it fits) diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function index ae39af2e79..94bf28be4d 100644 --- a/tests/suites/test_suite_psa_crypto.function +++ b/tests/suites/test_suite_psa_crypto.function @@ -1236,7 +1236,7 @@ static void interruptible_signverify_get_minmax_completes(uint32_t max_ops, } #endif /* MBEDTLS_ECP_RESTARTABLE */ -#if defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE) +#if defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE) && defined(MBEDTLS_ASN1_PARSE_C) static int rsa_test_e(mbedtls_svc_key_id_t key, size_t bits, const data_t *e_arg) @@ -10246,7 +10246,7 @@ void generate_key_custom(int type_arg, TEST_EQUAL(psa_get_key_type(&got_attributes), type); TEST_EQUAL(psa_get_key_bits(&got_attributes), bits); -#if defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE) +#if defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE) && defined(MBEDTLS_ASN1_PARSE_C) if (type == PSA_KEY_TYPE_RSA_KEY_PAIR) { TEST_ASSERT(rsa_test_e(key, bits, custom_data)); } diff --git a/tests/suites/test_suite_psa_crypto_driver_wrappers.data b/tests/suites/test_suite_psa_crypto_driver_wrappers.data index fb2da8c3c2..632a4b6f0b 100644 --- a/tests/suites/test_suite_psa_crypto_driver_wrappers.data +++ b/tests/suites/test_suite_psa_crypto_driver_wrappers.data @@ -256,35 +256,35 @@ generate_ec_key through transparent driver: error generate_ec_key:PSA_ERROR_GENERIC_ERROR:"":PSA_ERROR_GENERIC_ERROR validate key through transparent driver: good private key -depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT:PSA_WANT_ECC_SECP_R1_256 +depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_PSA_CRYPTO_STORAGE_C validate_key:PSA_SUCCESS:PSA_KEY_LOCATION_LOCAL_STORAGE:130:1:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_SUCCESS validate key through transparent driver: good public key -depends_on:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:PSA_WANT_ECC_SECP_R1_256 +depends_on:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_PSA_CRYPTO_STORAGE_C validate_key:PSA_SUCCESS:PSA_KEY_LOCATION_LOCAL_STORAGE:131:1:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1):"04dea5e45d0ea37fc566232a508f4ad20ea13d47e4bf5fa4d54a57a0ba012042087097496efc583fed8b24a5b9be9a51de063f5a00a8b698a16fd7f29b5485f320":PSA_SUCCESS validate key through transparent driver: fallback private key -depends_on:MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_BASIC:MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_IMPORT:MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_EXPORT:MBEDTLS_PSA_BUILTIN_ECC_SECP_R1_256 +depends_on:MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_BASIC:MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_IMPORT:MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_EXPORT:MBEDTLS_PSA_BUILTIN_ECC_SECP_R1_256:MBEDTLS_PSA_CRYPTO_STORAGE_C validate_key:PSA_ERROR_NOT_SUPPORTED:PSA_KEY_LOCATION_LOCAL_STORAGE:132:1:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_SUCCESS validate key through transparent driver: fallback public key -depends_on:MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_PSA_BUILTIN_ECC_SECP_R1_256 +depends_on:MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_PSA_BUILTIN_ECC_SECP_R1_256:MBEDTLS_PSA_CRYPTO_STORAGE_C validate_key:PSA_ERROR_NOT_SUPPORTED:PSA_KEY_LOCATION_LOCAL_STORAGE:133:1:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1):"04dea5e45d0ea37fc566232a508f4ad20ea13d47e4bf5fa4d54a57a0ba012042087097496efc583fed8b24a5b9be9a51de063f5a00a8b698a16fd7f29b5485f320":PSA_SUCCESS validate key through transparent driver: error -depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT +depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT:MBEDTLS_PSA_CRYPTO_STORAGE_C validate_key:PSA_ERROR_GENERIC_ERROR:PSA_KEY_LOCATION_LOCAL_STORAGE:134:1:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_ERROR_GENERIC_ERROR validate key through opaque driver: good private key -depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT:PSA_WANT_ECC_SECP_R1_256 +depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_PSA_CRYPTO_STORAGE_C validate_key:PSA_SUCCESS:PSA_CRYPTO_TEST_DRIVER_LOCATION:130:1:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_SUCCESS validate key through opaque driver: good public key -depends_on:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:PSA_WANT_ECC_SECP_R1_256 +depends_on:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_PSA_CRYPTO_STORAGE_C validate_key:PSA_SUCCESS:PSA_CRYPTO_TEST_DRIVER_LOCATION:131:1:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1):"04dea5e45d0ea37fc566232a508f4ad20ea13d47e4bf5fa4d54a57a0ba012042087097496efc583fed8b24a5b9be9a51de063f5a00a8b698a16fd7f29b5485f320":PSA_SUCCESS validate key through opaque driver: error -depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT +depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT:MBEDTLS_PSA_CRYPTO_STORAGE_C validate_key:PSA_ERROR_GENERIC_ERROR:PSA_CRYPTO_TEST_DRIVER_LOCATION:134:1:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_ERROR_GENERIC_ERROR export_key private to public through driver: fake diff --git a/tests/suites/test_suite_psa_crypto_driver_wrappers.function b/tests/suites/test_suite_psa_crypto_driver_wrappers.function index 84611faddd..14fc644d9a 100644 --- a/tests/suites/test_suite_psa_crypto_driver_wrappers.function +++ b/tests/suites/test_suite_psa_crypto_driver_wrappers.function @@ -6,13 +6,14 @@ size_t pake_expected_hit_count = 0; int pake_in_driver = 0; +#if defined(PSA_WANT_ALG_JPAKE) && \ + defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC) && \ + defined(PSA_WANT_ECC_SECP_R1_256) && defined(PSA_WANT_ALG_SHA_256) + /* The only two JPAKE user/peer identifiers supported for the time being. */ static const uint8_t jpake_server_id[] = { 's', 'e', 'r', 'v', 'e', 'r' }; static const uint8_t jpake_client_id[] = { 'c', 'l', 'i', 'e', 'n', 't' }; -#if defined(PSA_WANT_ALG_JPAKE) && \ - defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC) && \ - defined(PSA_WANT_ECC_SECP_R1_256) && defined(PSA_WANT_ALG_SHA_256) static void ecjpake_do_round(psa_algorithm_t alg, unsigned int primitive, psa_pake_operation_t *server, psa_pake_operation_t *client, @@ -437,6 +438,11 @@ static int sanity_check_rsa_encryption_result( mbedtls_mpi_init(&D); mbedtls_mpi_init(&C); mbedtls_mpi_init(&X); +#else /* MBEDTLS_BIGNUM_C */ + (void) alg; + (void) private_exponent; + (void) input_data; + (void) buf; #endif /* MBEDTLS_BIGNUM_C */ int ok = 0; diff --git a/tests/suites/test_suite_psa_crypto_entropy.function b/tests/suites/test_suite_psa_crypto_entropy.function index 4d5eda2baf..24081638d6 100644 --- a/tests/suites/test_suite_psa_crypto_entropy.function +++ b/tests/suites/test_suite_psa_crypto_entropy.function @@ -8,6 +8,10 @@ #include "entropy_poll.h" /* Calculating the minimum allowed entropy size in bytes */ +#if !defined(MBEDTLS_ENTROPY_BLOCK_SIZE) +#define MBEDTLS_ENTROPY_BLOCK_SIZE MBEDTLS_ENTROPY_MIN_PLATFORM +#endif + #define MBEDTLS_PSA_INJECT_ENTROPY_MIN_SIZE MAX(MBEDTLS_ENTROPY_MIN_PLATFORM, \ MBEDTLS_ENTROPY_BLOCK_SIZE) diff --git a/tests/suites/test_suite_psa_crypto_init.function b/tests/suites/test_suite_psa_crypto_init.function index 954560a24e..c9a1e077d6 100644 --- a/tests/suites/test_suite_psa_crypto_init.function +++ b/tests/suites/test_suite_psa_crypto_init.function @@ -24,6 +24,9 @@ static int check_stats(void) exit: return 0; } +#if !defined(MBEDTLS_ENTROPY_BLOCK_SIZE) +#define MBEDTLS_ENTROPY_BLOCK_SIZE MBEDTLS_ENTROPY_MIN_PLATFORM +#endif #define ENTROPY_MIN_NV_SEED_SIZE \ MAX(MBEDTLS_ENTROPY_MIN_PLATFORM, MBEDTLS_ENTROPY_BLOCK_SIZE) From 2deb25a8acf19851dc9593e73d7e01e6b2b20e45 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Tue, 13 Aug 2024 10:44:02 +0200 Subject: [PATCH 04/35] mbedtls_config: move MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE to the correct place Signed-off-by: Valerio Setti --- include/mbedtls/mbedtls_config.h | 30 +++++++++++++++--------------- 1 file changed, 15 insertions(+), 15 deletions(-) diff --git a/include/mbedtls/mbedtls_config.h b/include/mbedtls/mbedtls_config.h index 61f44e028f..7272897104 100644 --- a/include/mbedtls/mbedtls_config.h +++ b/include/mbedtls/mbedtls_config.h @@ -3286,21 +3286,6 @@ */ //#define MBEDTLS_PSA_STATIC_KEY_SLOTS -/** - * \def MBEDTLS_PSA_STATIC_KEY_SLOTS - * - * Optionally define the size (in bytes) of each static key slot. If not - * explicitly defined then it's automatically set to hold the maximum - * asymmetric PSA key enabled in the build (through PSA_WANT_xxx symbols). - * If required by the application this parameter can be set to higher values - * in order to store larger objects (ex: raw keys), but please note that this - * will increase RAM usage. - * - * Requires: MBEDTLS_PSA_STATIC_KEY_SLOTS - * - */ -//#define MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE 256 - /** * \def MBEDTLS_RIPEMD160_C * @@ -4102,6 +4087,21 @@ */ //#define MBEDTLS_PSA_KEY_SLOT_COUNT 32 +/** + * \def MBEDTLS_PSA_STATIC_KEY_SLOTS + * + * Optionally define the size (in bytes) of each static key slot. If not + * explicitly defined then it's automatically set to hold the maximum + * asymmetric PSA key enabled in the build (through PSA_WANT_xxx symbols). + * If required by the application this parameter can be set to higher values + * in order to store larger objects (ex: raw keys), but please note that this + * will increase RAM usage. + * + * Requires: MBEDTLS_PSA_STATIC_KEY_SLOTS + * + */ +//#define MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE 256 + /* RSA OPTIONS */ //#define MBEDTLS_RSA_GEN_KEY_MIN_BITS 1024 /**< Minimum RSA key size that can be generated in bits (Minimum possible value is 128 bits) */ From 4603a080478369a87cbb17baf3072a11ef96b439 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Tue, 13 Aug 2024 11:08:26 +0200 Subject: [PATCH 05/35] mbedtls_config: fix descriptions for PSA static key slots Signed-off-by: Valerio Setti --- include/mbedtls/mbedtls_config.h | 22 +++++++++++----------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/include/mbedtls/mbedtls_config.h b/include/mbedtls/mbedtls_config.h index 7272897104..8d2afbf537 100644 --- a/include/mbedtls/mbedtls_config.h +++ b/include/mbedtls/mbedtls_config.h @@ -3271,15 +3271,17 @@ /** * \def MBEDTLS_PSA_STATIC_KEY_SLOTS * - * Statically preallocate all key slot buffers to store volatile keys in PSA - * instead of allocating them dynamically when required. This helps reducing - * heap memory usage as well as heap management code's footprint in embedded - * devices. + * Statically preallocate memory to store keys' material in PSA instead + * of allocating it dynamically when required. This allows builds without a + * heap, if none of the enabled cryptographic implementations or other features + * require it. + * This feature affects both volatile and persistent keys which means that + * it's not possible to persistently store a key which is larger than + * MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE. * * \note This feature comes with a (potentially) higher RAM usage since: * - All the key slots are allocated no matter if they are used of not. - * - Each key slot's length is as large as the largest key type supported - * in the build. + * - Each key buffer's length is MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE bytes. * * Requires: MBEDTLS_PSA_CRYPTO_C * @@ -4088,17 +4090,15 @@ //#define MBEDTLS_PSA_KEY_SLOT_COUNT 32 /** - * \def MBEDTLS_PSA_STATIC_KEY_SLOTS + * \def MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE * - * Optionally define the size (in bytes) of each static key slot. If not + * Define the size (in bytes) of each static key slot when + * MBEDTLS_PSA_STATIC_KEY_SLOTS is set. If not * explicitly defined then it's automatically set to hold the maximum * asymmetric PSA key enabled in the build (through PSA_WANT_xxx symbols). * If required by the application this parameter can be set to higher values * in order to store larger objects (ex: raw keys), but please note that this * will increase RAM usage. - * - * Requires: MBEDTLS_PSA_STATIC_KEY_SLOTS - * */ //#define MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE 256 From bc6117166a647f3cfa82e430e9457c5ba23e3b6c Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Tue, 13 Aug 2024 13:13:23 +0200 Subject: [PATCH 06/35] test: minor fixes to test_psa_crypto_without_heap and test_crypto_with_static_key_slots Signed-off-by: Valerio Setti --- .../components-configuration-crypto.sh | 37 ++++++++++--------- 1 file changed, 19 insertions(+), 18 deletions(-) diff --git a/tests/scripts/components-configuration-crypto.sh b/tests/scripts/components-configuration-crypto.sh index b23e291afd..bb5de380fc 100644 --- a/tests/scripts/components-configuration-crypto.sh +++ b/tests/scripts/components-configuration-crypto.sh @@ -36,6 +36,7 @@ component_test_crypto_with_static_key_slots() { scripts/config.py crypto_full scripts/config.py set MBEDTLS_PSA_STATIC_KEY_SLOTS + msg "test: crypto full + MBEDTLS_PSA_STATIC_KEY_SLOTS" make test } @@ -68,16 +69,17 @@ component_build_psa_crypto_spm () { # - test code and libtestdriver1 can make use of calloc/free and # - core library (including PSA core) cannot use calloc/free. component_test_psa_crypto_without_heap() { + msg "crypto without heap: build libtestdriver1" # Disable PSA features that cannot be accelerated and whose builtin support # requires calloc/free. scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE - scripts/config.py -f $CRYPTO_CONFIG_H unset-all PSA_WANT_ALG_HKDF* - scripts/config.py -f $CRYPTO_CONFIG_H unset-all PSA_WANT_ALG_PBKDF2* - scripts/config.py -f $CRYPTO_CONFIG_H unset-all PSA_WANT_ALG_TLS12* + scripts/config.py -f $CRYPTO_CONFIG_H unset-all "^PSA_WANT_ALG_HKDF" + scripts/config.py -f $CRYPTO_CONFIG_H unset-all "^PSA_WANT_ALG_PBKDF2_" + scripts/config.py -f $CRYPTO_CONFIG_H unset-all "^PSA_WANT_ALG_TLS12_" # RSA key support requires ASN1 parse/write support for testing, but ASN1 # is disabled below. - scripts/config.py -f $CRYPTO_CONFIG_H unset-all PSA_WANT_KEY_TYPE_RSA_* - scripts/config.py -f $CRYPTO_CONFIG_H unset-all PSA_WANT_ALG_RSA_* + scripts/config.py -f $CRYPTO_CONFIG_H unset-all "^PSA_WANT_KEY_TYPE_RSA_" + scripts/config.py -f $CRYPTO_CONFIG_H unset-all "^PSA_WANT_ALG_RSA_" # DES requires built-in support for key generation (parity check) so it # cannot be accelerated scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_KEY_TYPE_DES @@ -88,25 +90,24 @@ component_test_psa_crypto_without_heap() { PSA_SYM_LIST=$(./scripts/config.py -f $CRYPTO_CONFIG_H get-all-enabled PSA_WANT) loc_accel_list=$(echo $PSA_SYM_LIST | sed 's/PSA_WANT_//g') - msg "build: libtestdriver1" helper_libtestdriver1_adjust_config crypto helper_libtestdriver1_make_drivers "$loc_accel_list" - msg "build: main library" + msg "crypto without heap: build main library" # Enable fully-static key slots in PSA core. scripts/config.py set MBEDTLS_PSA_STATIC_KEY_SLOTS # Prevent PSA core from creating a copy of input/output buffers scripts/config.py set MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS # Prevent PSA core from using CTR-DRBG or HMAC-DRBG for random generation. scripts/config.py set MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG - # Set cmalloc/free as null pointer functions. Calling them would crash + # Set calloc/free as null pointer functions. Calling them would crash # the program so we can use this as a "sentinel" for being sure no module # is making use of these functions in the library. scripts/config.py set MBEDTLS_PLATFORM_MEMORY scripts/config.py set MBEDTLS_PLATFORM_STD_CALLOC NULL scripts/config.py set MBEDTLS_PLATFORM_STD_FREE NULL - # Disable all the modules/features that use cmalloc directly + # Disable all the modules/features that use calloc directly scripts/config.py unset-all MBEDTLS_ASN1_ scripts/config.py unset MBEDTLS_BIGNUM_C scripts/config.py unset MBEDTLS_CIPHER_C @@ -115,21 +116,21 @@ component_test_psa_crypto_without_heap() { scripts/config.py unset MBEDTLS_ECDSA_C scripts/config.py unset MBEDTLS_ECP_RESTARTABLE scripts/config.py unset MBEDTLS_ECP_C - scripts/config.py unset-all MBEDTLS_LMS_ + scripts/config.py unset-all "^MBEDTLS_LMS_" scripts/config.py unset MBEDTLS_MD_C scripts/config.py unset MBEDTLS_OID_C - scripts/config.py unset-all MBEDTLS_PEM_ + scripts/config.py unset-all "^MBEDTLS_PEM_" scripts/config.py unset MBEDTLS_PKCS7_C - scripts/config.py unset-all MBEDTLS_PK_ + scripts/config.py unset-all "^MBEDTLS_PK_" scripts/config.py unset MBEDTLS_RSA_C scripts/config.py unset MBEDTLS_PSA_CRYPTO_STORAGE_C # Disable all modules that depend on the the previous ones scripts/config.py unset MBEDTLS_NIST_KW_C scripts/config.py unset MBEDTLS_ECDH_C scripts/config.py unset MBEDTLS_ECJPAKE_C - scripts/config.py unset-all MBEDTLS_PKCS1_ - scripts/config.py unset-all MBEDTLS_ENTROPY_ - scripts/config.py unset-all MBEDTLS_SHA + scripts/config.py unset-all "^MBEDTLS_PKCS1_" + scripts/config.py unset-all "^MBEDTLS_ENTROPY_" + scripts/config.py unset-all "^MBEDTLS_SHA" scripts/config.py unset MBEDTLS_PLATFORM_NV_SEED_ALT scripts/config.py unset MBEDTLS_HKDF_C scripts/config.py unset MBEDTLS_PKCS5_C @@ -138,15 +139,15 @@ component_test_psa_crypto_without_heap() { scripts/config.py unset MBEDTLS_ECDSA_DETERMINISTIC helper_libtestdriver1_make_main "$loc_accel_list" lib - msg "build: test suites and helpers" - # Reset cmalloc/free functions to normal operations so that test code can + msg "crypto without heap: build test suites and helpers" + # Reset calloc/free functions to normal operations so that test code can # freely use them. scripts/config.py unset MBEDTLS_PLATFORM_MEMORY scripts/config.py unset MBEDTLS_PLATFORM_STD_CALLOC scripts/config.py unset MBEDTLS_PLATFORM_STD_FREE helper_libtestdriver1_make_main "$loc_accel_list" tests - msg "run tests" + msg "crypto without heap: test" make test } From f7485fbba164b368a430199977a9113159dda48d Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Tue, 13 Aug 2024 13:36:50 +0200 Subject: [PATCH 07/35] test: disable all legacy symbols in test_psa_crypto_without_heap Disable all MBEDTLS_xxx symbols (keeping only the relevant ones enabled) when building the main library. Signed-off-by: Valerio Setti --- .../components-configuration-crypto.sh | 38 ++++--------------- 1 file changed, 7 insertions(+), 31 deletions(-) diff --git a/tests/scripts/components-configuration-crypto.sh b/tests/scripts/components-configuration-crypto.sh index bb5de380fc..82c7b82e38 100644 --- a/tests/scripts/components-configuration-crypto.sh +++ b/tests/scripts/components-configuration-crypto.sh @@ -94,49 +94,25 @@ component_test_psa_crypto_without_heap() { helper_libtestdriver1_make_drivers "$loc_accel_list" msg "crypto without heap: build main library" + # Disable all legacy MBEDTLS_xxx symbols. + scripts/config.py unset-all "^MBEDTLS_" + # Build the PSA core using the proper config file. + scripts/config.py set MBEDTLS_PSA_CRYPTO_C + scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG # Enable fully-static key slots in PSA core. scripts/config.py set MBEDTLS_PSA_STATIC_KEY_SLOTS - # Prevent PSA core from creating a copy of input/output buffers + # Prevent PSA core from creating a copy of input/output buffers. scripts/config.py set MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS # Prevent PSA core from using CTR-DRBG or HMAC-DRBG for random generation. scripts/config.py set MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG # Set calloc/free as null pointer functions. Calling them would crash # the program so we can use this as a "sentinel" for being sure no module # is making use of these functions in the library. + scripts/config.py set MBEDTLS_PLATFORM_C scripts/config.py set MBEDTLS_PLATFORM_MEMORY scripts/config.py set MBEDTLS_PLATFORM_STD_CALLOC NULL scripts/config.py set MBEDTLS_PLATFORM_STD_FREE NULL - # Disable all the modules/features that use calloc directly - scripts/config.py unset-all MBEDTLS_ASN1_ - scripts/config.py unset MBEDTLS_BIGNUM_C - scripts/config.py unset MBEDTLS_CIPHER_C - scripts/config.py unset MBEDTLS_CMAC_C - scripts/config.py unset MBEDTLS_DHM_C - scripts/config.py unset MBEDTLS_ECDSA_C - scripts/config.py unset MBEDTLS_ECP_RESTARTABLE - scripts/config.py unset MBEDTLS_ECP_C - scripts/config.py unset-all "^MBEDTLS_LMS_" - scripts/config.py unset MBEDTLS_MD_C - scripts/config.py unset MBEDTLS_OID_C - scripts/config.py unset-all "^MBEDTLS_PEM_" - scripts/config.py unset MBEDTLS_PKCS7_C - scripts/config.py unset-all "^MBEDTLS_PK_" - scripts/config.py unset MBEDTLS_RSA_C - scripts/config.py unset MBEDTLS_PSA_CRYPTO_STORAGE_C - # Disable all modules that depend on the the previous ones - scripts/config.py unset MBEDTLS_NIST_KW_C - scripts/config.py unset MBEDTLS_ECDH_C - scripts/config.py unset MBEDTLS_ECJPAKE_C - scripts/config.py unset-all "^MBEDTLS_PKCS1_" - scripts/config.py unset-all "^MBEDTLS_ENTROPY_" - scripts/config.py unset-all "^MBEDTLS_SHA" - scripts/config.py unset MBEDTLS_PLATFORM_NV_SEED_ALT - scripts/config.py unset MBEDTLS_HKDF_C - scripts/config.py unset MBEDTLS_PKCS5_C - scripts/config.py unset MBEDTLS_PKCS12_C - scripts/config.py unset MBEDTLS_HMAC_DRBG_C - scripts/config.py unset MBEDTLS_ECDSA_DETERMINISTIC helper_libtestdriver1_make_main "$loc_accel_list" lib msg "crypto without heap: build test suites and helpers" From 1980bb781e57b4f21e726b3ac73fe7c0011c62c2 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Tue, 13 Aug 2024 14:35:30 +0200 Subject: [PATCH 08/35] psa-core: properly set PSA_CRYPTO_MAX_STORAGE_SIZE If MBEDTLS_PSA_STATIC_KEY_SLOTS is set then limit PSA_CRYPTO_MAX_STORAGE_SIZE to MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE, otherwise keep the previous PSA_BITS_TO_BYTES(PSA_MAX_KEY_BITS) size. This commit also removes changes to test_suite_psa_crypto_persistent_key.data done previously since MBEDTLS_PSA_STATIC_KEY_SLOTS is always up to date with key buffer size. Signed-off-by: Valerio Setti --- library/psa_crypto_storage.h | 12 ++++++++++-- .../suites/test_suite_psa_crypto_persistent_key.data | 10 +--------- 2 files changed, 11 insertions(+), 11 deletions(-) diff --git a/library/psa_crypto_storage.h b/library/psa_crypto_storage.h index d7f5b18953..809fd72249 100644 --- a/library/psa_crypto_storage.h +++ b/library/psa_crypto_storage.h @@ -17,13 +17,21 @@ extern "C" { #include "psa/crypto.h" #include "psa/crypto_se_driver.h" +#include "psa_crypto_core.h" #include #include -/* Limit the maximum key size in storage. This should have no effect - * since the key size is limited in memory. */ +/* Limit the maximum key size in storage. */ +#if defined(MBEDTLS_PSA_STATIC_KEY_SLOTS) +/* Reflect the maximum size for the key buffer. */ +#define PSA_CRYPTO_MAX_STORAGE_SIZE (MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE) +#else +/* Just set an upper boundary but it should have no effect since the key size + * is limited in memory. */ #define PSA_CRYPTO_MAX_STORAGE_SIZE (PSA_BITS_TO_BYTES(PSA_MAX_KEY_BITS)) +#endif + /* Sanity check: a file size must fit in 32 bits. Allow a generous * 64kB of metadata. */ #if PSA_CRYPTO_MAX_STORAGE_SIZE > 0xffff0000 diff --git a/tests/suites/test_suite_psa_crypto_persistent_key.data b/tests/suites/test_suite_psa_crypto_persistent_key.data index 05dc0c3ee8..133e726aec 100644 --- a/tests/suites/test_suite_psa_crypto_persistent_key.data +++ b/tests/suites/test_suite_psa_crypto_persistent_key.data @@ -35,20 +35,12 @@ parse_storage_data_check:"505341004b45590000000000010000000170000001000000000000 # Not specific to files, but only run this test in an environment where the maximum size could be reached. Save maximum-size persistent raw key -depends_on:MBEDTLS_PSA_ITS_FILE_C:!MBEDTLS_PSA_STATIC_KEY_SLOTS +depends_on:MBEDTLS_PSA_ITS_FILE_C save_large_persistent_key:PSA_CRYPTO_MAX_STORAGE_SIZE:PSA_SUCCESS -Save maximum-size persistent raw key - static key slot size -depends_on:MBEDTLS_PSA_ITS_FILE_C:MBEDTLS_PSA_STATIC_KEY_SLOTS -save_large_persistent_key:MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE:PSA_SUCCESS - Save larger than maximum-size persistent raw key save_large_persistent_key:PSA_CRYPTO_MAX_STORAGE_SIZE + 1:PSA_ERROR_NOT_SUPPORTED -Save larger than maximum-size persistent raw key - static key slot size -depends_on:MBEDTLS_PSA_STATIC_KEY_SLOTS -save_large_persistent_key:MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE + 1:PSA_ERROR_NOT_SUPPORTED - Persistent key destroy depends_on:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT persistent_key_destroy:2:1:0:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_TYPE_RAW_DATA:"deadbeef" From f5f505240a49b81a8ae2774f5f85cca1174c66e3 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Tue, 13 Aug 2024 15:25:08 +0200 Subject: [PATCH 09/35] test_suite_psa_crypto_driver_wrappers: revert changes and fix validate_key() Use only volatile keys in order to remove dependency on storage. Signed-off-by: Valerio Setti --- .../test_suite_psa_crypto_driver_wrappers.data | 16 ++++++++-------- ...est_suite_psa_crypto_driver_wrappers.function | 2 +- 2 files changed, 9 insertions(+), 9 deletions(-) diff --git a/tests/suites/test_suite_psa_crypto_driver_wrappers.data b/tests/suites/test_suite_psa_crypto_driver_wrappers.data index 632a4b6f0b..fb2da8c3c2 100644 --- a/tests/suites/test_suite_psa_crypto_driver_wrappers.data +++ b/tests/suites/test_suite_psa_crypto_driver_wrappers.data @@ -256,35 +256,35 @@ generate_ec_key through transparent driver: error generate_ec_key:PSA_ERROR_GENERIC_ERROR:"":PSA_ERROR_GENERIC_ERROR validate key through transparent driver: good private key -depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_PSA_CRYPTO_STORAGE_C +depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT:PSA_WANT_ECC_SECP_R1_256 validate_key:PSA_SUCCESS:PSA_KEY_LOCATION_LOCAL_STORAGE:130:1:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_SUCCESS validate key through transparent driver: good public key -depends_on:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_PSA_CRYPTO_STORAGE_C +depends_on:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:PSA_WANT_ECC_SECP_R1_256 validate_key:PSA_SUCCESS:PSA_KEY_LOCATION_LOCAL_STORAGE:131:1:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1):"04dea5e45d0ea37fc566232a508f4ad20ea13d47e4bf5fa4d54a57a0ba012042087097496efc583fed8b24a5b9be9a51de063f5a00a8b698a16fd7f29b5485f320":PSA_SUCCESS validate key through transparent driver: fallback private key -depends_on:MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_BASIC:MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_IMPORT:MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_EXPORT:MBEDTLS_PSA_BUILTIN_ECC_SECP_R1_256:MBEDTLS_PSA_CRYPTO_STORAGE_C +depends_on:MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_BASIC:MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_IMPORT:MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_EXPORT:MBEDTLS_PSA_BUILTIN_ECC_SECP_R1_256 validate_key:PSA_ERROR_NOT_SUPPORTED:PSA_KEY_LOCATION_LOCAL_STORAGE:132:1:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_SUCCESS validate key through transparent driver: fallback public key -depends_on:MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_PSA_BUILTIN_ECC_SECP_R1_256:MBEDTLS_PSA_CRYPTO_STORAGE_C +depends_on:MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_PSA_BUILTIN_ECC_SECP_R1_256 validate_key:PSA_ERROR_NOT_SUPPORTED:PSA_KEY_LOCATION_LOCAL_STORAGE:133:1:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1):"04dea5e45d0ea37fc566232a508f4ad20ea13d47e4bf5fa4d54a57a0ba012042087097496efc583fed8b24a5b9be9a51de063f5a00a8b698a16fd7f29b5485f320":PSA_SUCCESS validate key through transparent driver: error -depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT:MBEDTLS_PSA_CRYPTO_STORAGE_C +depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT validate_key:PSA_ERROR_GENERIC_ERROR:PSA_KEY_LOCATION_LOCAL_STORAGE:134:1:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_ERROR_GENERIC_ERROR validate key through opaque driver: good private key -depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_PSA_CRYPTO_STORAGE_C +depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT:PSA_WANT_ECC_SECP_R1_256 validate_key:PSA_SUCCESS:PSA_CRYPTO_TEST_DRIVER_LOCATION:130:1:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_SUCCESS validate key through opaque driver: good public key -depends_on:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_PSA_CRYPTO_STORAGE_C +depends_on:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:PSA_WANT_ECC_SECP_R1_256 validate_key:PSA_SUCCESS:PSA_CRYPTO_TEST_DRIVER_LOCATION:131:1:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1):"04dea5e45d0ea37fc566232a508f4ad20ea13d47e4bf5fa4d54a57a0ba012042087097496efc583fed8b24a5b9be9a51de063f5a00a8b698a16fd7f29b5485f320":PSA_SUCCESS validate key through opaque driver: error -depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT:MBEDTLS_PSA_CRYPTO_STORAGE_C +depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT validate_key:PSA_ERROR_GENERIC_ERROR:PSA_CRYPTO_TEST_DRIVER_LOCATION:134:1:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_ERROR_GENERIC_ERROR export_key private to public through driver: fake diff --git a/tests/suites/test_suite_psa_crypto_driver_wrappers.function b/tests/suites/test_suite_psa_crypto_driver_wrappers.function index 14fc644d9a..49b1c15b77 100644 --- a/tests/suites/test_suite_psa_crypto_driver_wrappers.function +++ b/tests/suites/test_suite_psa_crypto_driver_wrappers.function @@ -849,7 +849,7 @@ void validate_key(int force_status_arg, { psa_key_lifetime_t lifetime = PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( \ - PSA_KEY_PERSISTENCE_DEFAULT, location); + PSA_KEY_PERSISTENCE_VOLATILE, location); mbedtls_svc_key_id_t id = mbedtls_svc_key_id_make(owner_id_arg, id_arg); psa_status_t force_status = force_status_arg; psa_status_t expected_status = expected_status_arg; From 762a12bdf8faa89a17672aa6182a12a750fb44b3 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Tue, 13 Aug 2024 15:36:02 +0200 Subject: [PATCH 10/35] test: revert fixes for PSA entropy Signed-off-by: Valerio Setti --- tests/suites/test_suite_psa_crypto_entropy.function | 4 ---- tests/suites/test_suite_psa_crypto_init.function | 3 --- 2 files changed, 7 deletions(-) diff --git a/tests/suites/test_suite_psa_crypto_entropy.function b/tests/suites/test_suite_psa_crypto_entropy.function index 24081638d6..4d5eda2baf 100644 --- a/tests/suites/test_suite_psa_crypto_entropy.function +++ b/tests/suites/test_suite_psa_crypto_entropy.function @@ -8,10 +8,6 @@ #include "entropy_poll.h" /* Calculating the minimum allowed entropy size in bytes */ -#if !defined(MBEDTLS_ENTROPY_BLOCK_SIZE) -#define MBEDTLS_ENTROPY_BLOCK_SIZE MBEDTLS_ENTROPY_MIN_PLATFORM -#endif - #define MBEDTLS_PSA_INJECT_ENTROPY_MIN_SIZE MAX(MBEDTLS_ENTROPY_MIN_PLATFORM, \ MBEDTLS_ENTROPY_BLOCK_SIZE) diff --git a/tests/suites/test_suite_psa_crypto_init.function b/tests/suites/test_suite_psa_crypto_init.function index c9a1e077d6..954560a24e 100644 --- a/tests/suites/test_suite_psa_crypto_init.function +++ b/tests/suites/test_suite_psa_crypto_init.function @@ -24,9 +24,6 @@ static int check_stats(void) exit: return 0; } -#if !defined(MBEDTLS_ENTROPY_BLOCK_SIZE) -#define MBEDTLS_ENTROPY_BLOCK_SIZE MBEDTLS_ENTROPY_MIN_PLATFORM -#endif #define ENTROPY_MIN_NV_SEED_SIZE \ MAX(MBEDTLS_ENTROPY_MIN_PLATFORM, MBEDTLS_ENTROPY_BLOCK_SIZE) From faed169e5762838104fd0b2216d37b349c193136 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Tue, 13 Aug 2024 16:02:08 +0200 Subject: [PATCH 11/35] psa_crypto_core: take also cipher's key length into account when sizing static key buffer Signed-off-by: Valerio Setti --- library/psa_crypto_core.h | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/library/psa_crypto_core.h b/library/psa_crypto_core.h index 5f59697612..a3c0fd6f19 100644 --- a/library/psa_crypto_core.h +++ b/library/psa_crypto_core.h @@ -56,9 +56,12 @@ typedef enum { } psa_key_slot_state_t; /* If the size of static key slots is not explicitly defined by the user, then - * set it to PSA_EXPORT_KEY_PAIR_OR_PUBLIC_MAX_SIZE. */ + * set it to the maximum between PSA_EXPORT_KEY_PAIR_OR_PUBLIC_MAX_SIZE and + * PSA_CIPHER_MAX_KEY_LENGTH. */ #if !defined(MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE) -#define MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE (PSA_EXPORT_KEY_PAIR_OR_PUBLIC_MAX_SIZE) +#define MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE \ + (PSA_EXPORT_KEY_PAIR_OR_PUBLIC_MAX_SIZE > PSA_CIPHER_MAX_KEY_LENGTH) ? \ + PSA_EXPORT_KEY_PAIR_OR_PUBLIC_MAX_SIZE : PSA_CIPHER_MAX_KEY_LENGTH #endif /* !MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE*/ /** The data structure representing a key slot, containing key material From 70fa89c1f97fe2472c7a324ff5fed00aa648cdcb Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Wed, 14 Aug 2024 05:12:45 +0200 Subject: [PATCH 12/35] psa-core: remove unnecessary element in psa_key_slot_t Instead of checking for "in_use" to be true/false or "key.data" to be not NULL, simply check that "key.bytes" is 0/not-0. psa_allocate_buffer_to_slot() will update this value whenever a new slot is allocated (for the fully static case "allocated" actually mean "taken"). Signed-off-by: Valerio Setti --- library/psa_crypto.c | 26 +++----------------------- library/psa_crypto_core.h | 1 - 2 files changed, 3 insertions(+), 24 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 696e830b8e..8c2c543d09 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -706,15 +706,9 @@ psa_status_t psa_allocate_buffer_to_slot(psa_key_slot_t *slot, size_t buffer_length) { #if defined(MBEDTLS_PSA_STATIC_KEY_SLOTS) - if (slot->key.in_use) { - return PSA_ERROR_ALREADY_EXISTS; - } - if (buffer_length > ((size_t) MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE)) { return PSA_ERROR_NOT_SUPPORTED; } - - slot->key.in_use = 1; #else if (slot->key.data != NULL) { return PSA_ERROR_ALREADY_EXISTS; @@ -1189,9 +1183,7 @@ static psa_status_t psa_get_and_lock_transparent_key_slot_with_policy( psa_status_t psa_remove_key_data_from_memory(psa_key_slot_t *slot) { -#if defined(MBEDTLS_PSA_STATIC_KEY_SLOTS) - slot->key.in_use = 0; -#else /* MBEDTLS_PSA_STATIC_KEY_SLOTS */ +#if !defined(MBEDTLS_PSA_STATIC_KEY_SLOTS) if (slot->key.data != NULL) { mbedtls_zeroize_and_free(slot->key.data, slot->key.bytes); } @@ -2113,13 +2105,7 @@ psa_status_t psa_import_key(const psa_key_attributes_t *attributes, * storage ( thus not in the case of importing a key in a secure element * with storage ( MBEDTLS_PSA_CRYPTO_SE_C ) ),we have to allocate a * buffer to hold the imported key material. */ -#if defined(MBEDTLS_PSA_STATIC_KEY_SLOTS) - int is_slot_unused = (slot->key.in_use == 0); -#else - int is_slot_unused = (slot->key.data == NULL); -#endif - - if (is_slot_unused) { + if (slot->key.bytes == 0) { if (psa_key_lifetime_is_external(attributes->lifetime)) { status = psa_driver_wrapper_get_key_buffer_size_from_key_data( attributes, data, data_length, &storage_size); @@ -8036,13 +8022,7 @@ psa_status_t psa_generate_key_custom(const psa_key_attributes_t *attributes, * storage ( thus not in the case of generating a key in a secure element * with storage ( MBEDTLS_PSA_CRYPTO_SE_C ) ),we have to allocate a * buffer to hold the generated key material. */ -#if defined(MBEDTLS_PSA_STATIC_KEY_SLOTS) - int is_slot_unused = (slot->key.in_use == 0); -#else - int is_slot_unused = (slot->key.data == NULL); -#endif - - if (is_slot_unused) { + if (slot->key.bytes == 0) { if (PSA_KEY_LIFETIME_GET_LOCATION(attributes->lifetime) == PSA_KEY_LOCATION_LOCAL_STORAGE) { status = psa_validate_key_type_and_size_for_key_generation( diff --git a/library/psa_crypto_core.h b/library/psa_crypto_core.h index a3c0fd6f19..7832001d8c 100644 --- a/library/psa_crypto_core.h +++ b/library/psa_crypto_core.h @@ -165,7 +165,6 @@ typedef struct { * Format as specified in psa_export_key(). */ struct key_data { #if defined(MBEDTLS_PSA_STATIC_KEY_SLOTS) - int in_use; uint8_t data[MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE]; #else /* MBEDTLS_PSA_STATIC_KEY_SLOTS */ uint8_t *data; From 291532fd45d2f4ee5cca71d23b3276378e792b6a Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Wed, 14 Aug 2024 06:37:02 +0200 Subject: [PATCH 13/35] test: extend component_test_crypto_with_static_key_slots Intentionally set MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE slightly smaller than the maximum RSA key pair size for an RSA key of 4096 bits. Also add a test in test_suite_psa_crypto to verify this condition. Signed-off-by: Valerio Setti --- tests/scripts/components-configuration-crypto.sh | 6 +++++- tests/suites/test_suite_psa_crypto.data | 4 ++++ 2 files changed, 9 insertions(+), 1 deletion(-) diff --git a/tests/scripts/components-configuration-crypto.sh b/tests/scripts/components-configuration-crypto.sh index 82c7b82e38..398abda6b1 100644 --- a/tests/scripts/components-configuration-crypto.sh +++ b/tests/scripts/components-configuration-crypto.sh @@ -35,9 +35,13 @@ component_test_crypto_with_static_key_slots() { msg "build: crypto full + MBEDTLS_PSA_STATIC_KEY_SLOTS" scripts/config.py crypto_full scripts/config.py set MBEDTLS_PSA_STATIC_KEY_SLOTS + # Intentionally set MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE slightly smaller + # than PSA_EXPORT_KEY_PAIR_OR_PUBLIC_MAX_SIZE where the latter would be 2364 + # bytes for an RSA key pair of 4096 bits. + scripts/config.py set MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE 2362 msg "test: crypto full + MBEDTLS_PSA_STATIC_KEY_SLOTS" - make test + make CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS" test } # check_renamed_symbols HEADER LIB diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data index c1b4a2c816..6296e3deb7 100644 --- a/tests/suites/test_suite_psa_crypto.data +++ b/tests/suites/test_suite_psa_crypto.data @@ -7493,6 +7493,10 @@ PSA generate key: RSA, maximum size exceeded depends_on:PSA_WANT_ALG_RSA_PKCS1V15_CRYPT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE generate_key:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_VENDOR_RSA_MAX_KEY_BITS+8:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_ERROR_NOT_SUPPORTED:0 +PSA generate key: RSA, key pair size does not fit in static key buffer +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_CRYPT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE:MBEDTLS_PSA_STATIC_KEY_SLOTS:MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE<2364 +generate_key:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_VENDOR_RSA_MAX_KEY_BITS:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_ERROR_NOT_SUPPORTED:0 + PSA generate key: ECC, SECP256R1, good depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE:PSA_WANT_ECC_SECP_R1_256 generate_key:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):256:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_ECDSA_ANY:PSA_SUCCESS:0 From 29c7222b5ac336a38aa2b674303a996fb139d35c Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Wed, 14 Aug 2024 09:16:23 +0200 Subject: [PATCH 14/35] test: add test with persitent key whose length is larger than MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE Signed-off-by: Valerio Setti --- ...t_suite_psa_crypto_storage_format.function | 32 +++++++++++++++++-- ..._suite_psa_crypto_storage_format.misc.data | 6 ++++ 2 files changed, 36 insertions(+), 2 deletions(-) diff --git a/tests/suites/test_suite_psa_crypto_storage_format.function b/tests/suites/test_suite_psa_crypto_storage_format.function index efaaba58a3..ca70d20f67 100644 --- a/tests/suites/test_suite_psa_crypto_storage_format.function +++ b/tests/suites/test_suite_psa_crypto_storage_format.function @@ -1,14 +1,16 @@ /* BEGIN_HEADER */ #include +#include #include #include #include -#define TEST_FLAG_EXERCISE 0x00000001 -#define TEST_FLAG_READ_ONLY 0x00000002 +#define TEST_FLAG_EXERCISE 0x00000001 +#define TEST_FLAG_READ_ONLY 0x00000002 +#define TEST_FLAG_OVERSIZED_KEY 0x00000004 /** Write a key with the given attributes and key material to storage. * Test that it has the expected representation. @@ -158,6 +160,12 @@ static int test_read_key(const psa_key_attributes_t *expected_attributes, /* Prime the storage with a key file. */ PSA_ASSERT(psa_its_set(uid, representation->len, representation->x, 0)); + if (flags & TEST_FLAG_OVERSIZED_KEY) { + TEST_EQUAL(psa_get_key_attributes(key_id, &actual_attributes), PSA_ERROR_DATA_INVALID); + ok = 1; + goto exit; + } + /* Check that the injected key exists and looks as expected. */ PSA_ASSERT(psa_get_key_attributes(key_id, &actual_attributes)); TEST_ASSERT(mbedtls_svc_key_id_equal(key_id, @@ -281,6 +289,7 @@ void key_storage_read(int lifetime_arg, int type_arg, int bits_arg, mbedtls_svc_key_id_t key_id = mbedtls_svc_key_id_make(0, 1); psa_storage_uid_t uid = 1; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; + uint8_t *custom_key_data = NULL, *custom_storage_data = NULL; PSA_INIT(); TEST_USES_KEY_ID(key_id); @@ -293,6 +302,23 @@ void key_storage_read(int lifetime_arg, int type_arg, int bits_arg, psa_set_key_algorithm(&attributes, alg); psa_set_key_enrollment_algorithm(&attributes, alg2); + /* Create a persistent key which is intentionally larger than the specified + * bit size. */ + if (flags & TEST_FLAG_OVERSIZED_KEY) { + TEST_CALLOC(custom_key_data, PSA_BITS_TO_BYTES(bits) + 1); + memset(custom_key_data, 0xAA, PSA_BITS_TO_BYTES(bits) + 1); + material->len = PSA_BITS_TO_BYTES(bits) + 1; + material->x = custom_key_data; + + /* 36 bytes are the overhead of psa_persistent_key_storage_format */ + TEST_CALLOC(custom_storage_data, PSA_BITS_TO_BYTES(bits) + 1 + 36); + representation->len = PSA_BITS_TO_BYTES(bits) + 1 + 36; + representation->x = custom_storage_data; + + psa_format_key_data_for_storage(custom_key_data, PSA_BITS_TO_BYTES(bits) + 1, + &attributes, custom_storage_data); + } + /* Test that we can use a key with the given representation. This * guarantees backward compatibility with keys that were stored by * past versions of Mbed TLS. */ @@ -300,6 +326,8 @@ void key_storage_read(int lifetime_arg, int type_arg, int bits_arg, uid, representation, flags)); exit: + mbedtls_free(custom_key_data); + mbedtls_free(custom_storage_data); psa_reset_key_attributes(&attributes); PSA_DONE(); } diff --git a/tests/suites/test_suite_psa_crypto_storage_format.misc.data b/tests/suites/test_suite_psa_crypto_storage_format.misc.data index 48e3804b42..8aabe4cb2c 100644 --- a/tests/suites/test_suite_psa_crypto_storage_format.misc.data +++ b/tests/suites/test_suite_psa_crypto_storage_format.misc.data @@ -9,3 +9,9 @@ key_storage_read:PSA_KEY_LIFETIME_PERSISTENT:PSA_KEY_TYPE_AES:128:PSA_KEY_USAGE_ PSA storage save: AES-GCM+CTR depends_on:PSA_WANT_KEY_TYPE_AES key_storage_save:PSA_KEY_LIFETIME_PERSISTENT:PSA_KEY_TYPE_AES:128:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_ENCRYPT:PSA_ALG_GCM:PSA_ALG_CTR:"404142434445464748494a4b4c4d4e4f":"505341004b45590000000000010000000024800001010000000250050010c00410000000404142434445464748494a4b4c4d4e4f" + +# Create a persistent key which is larger than MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE +# so that when psa_get_key_attributes() tries to load it from the storage it will fail. +PSA storage read: key larger than MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE +depends_on:PSA_WANT_KEY_TYPE_RAW_DATA:MBEDTLS_PSA_STATIC_KEY_SLOTS +key_storage_read:PSA_KEY_LIFETIME_PERSISTENT:PSA_KEY_TYPE_RAW_DATA:MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE*8:PSA_KEY_USAGE_EXPORT:PSA_ALG_NONE:PSA_ALG_NONE:"":"":TEST_FLAG_OVERSIZED_KEY From f51488b95d46d0c6643c5163ba231524df738bcf Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Fri, 16 Aug 2024 07:46:06 +0200 Subject: [PATCH 15/35] psa: fix some macro definition Signed-off-by: Valerio Setti --- include/psa/crypto_sizes.h | 4 ++-- library/psa_crypto_core.h | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/include/psa/crypto_sizes.h b/include/psa/crypto_sizes.h index 892bfa3e7f..87b8c39fa6 100644 --- a/include/psa/crypto_sizes.h +++ b/include/psa/crypto_sizes.h @@ -1039,8 +1039,8 @@ #endif #define PSA_EXPORT_KEY_PAIR_OR_PUBLIC_MAX_SIZE \ - (PSA_EXPORT_KEY_PAIR_MAX_SIZE > PSA_EXPORT_PUBLIC_KEY_MAX_SIZE) ? \ - PSA_EXPORT_KEY_PAIR_MAX_SIZE : PSA_EXPORT_PUBLIC_KEY_MAX_SIZE + ((PSA_EXPORT_KEY_PAIR_MAX_SIZE > PSA_EXPORT_PUBLIC_KEY_MAX_SIZE) ? \ + PSA_EXPORT_KEY_PAIR_MAX_SIZE : PSA_EXPORT_PUBLIC_KEY_MAX_SIZE) /** Sufficient output buffer size for psa_raw_key_agreement(). * diff --git a/library/psa_crypto_core.h b/library/psa_crypto_core.h index 7832001d8c..6dd00730ce 100644 --- a/library/psa_crypto_core.h +++ b/library/psa_crypto_core.h @@ -60,8 +60,8 @@ typedef enum { * PSA_CIPHER_MAX_KEY_LENGTH. */ #if !defined(MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE) #define MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE \ - (PSA_EXPORT_KEY_PAIR_OR_PUBLIC_MAX_SIZE > PSA_CIPHER_MAX_KEY_LENGTH) ? \ - PSA_EXPORT_KEY_PAIR_OR_PUBLIC_MAX_SIZE : PSA_CIPHER_MAX_KEY_LENGTH + ((PSA_EXPORT_KEY_PAIR_OR_PUBLIC_MAX_SIZE > PSA_CIPHER_MAX_KEY_LENGTH) ? \ + PSA_EXPORT_KEY_PAIR_OR_PUBLIC_MAX_SIZE : PSA_CIPHER_MAX_KEY_LENGTH) #endif /* !MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE*/ /** The data structure representing a key slot, containing key material From 54dc535998358175f517b2f161790eaac9055ff7 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Fri, 16 Aug 2024 07:58:02 +0200 Subject: [PATCH 16/35] mbedtls_config: fix/improve descriptions of PSA_STATIC_KEY_SLOT symbols Signed-off-by: Valerio Setti --- include/mbedtls/mbedtls_config.h | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/include/mbedtls/mbedtls_config.h b/include/mbedtls/mbedtls_config.h index 8d2afbf537..97994977f7 100644 --- a/include/mbedtls/mbedtls_config.h +++ b/include/mbedtls/mbedtls_config.h @@ -3277,11 +3277,11 @@ * require it. * This feature affects both volatile and persistent keys which means that * it's not possible to persistently store a key which is larger than - * MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE. + * #MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE. * * \note This feature comes with a (potentially) higher RAM usage since: * - All the key slots are allocated no matter if they are used of not. - * - Each key buffer's length is MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE bytes. + * - Each key buffer's length is #MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE bytes. * * Requires: MBEDTLS_PSA_CRYPTO_C * @@ -4092,10 +4092,10 @@ /** * \def MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE * - * Define the size (in bytes) of each static key slot when - * MBEDTLS_PSA_STATIC_KEY_SLOTS is set. If not - * explicitly defined then it's automatically set to hold the maximum - * asymmetric PSA key enabled in the build (through PSA_WANT_xxx symbols). + * Define the size (in bytes) of each static key buffer when + * #MBEDTLS_PSA_STATIC_KEY_SLOTS is set. If not + * explicitly defined then it's automatically guessed from available PSA keys + * enabled in the build through PSA_WANT_xxx symbols. * If required by the application this parameter can be set to higher values * in order to store larger objects (ex: raw keys), but please note that this * will increase RAM usage. From ba98d5b90ece1056f071c5577a46574573d62db4 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Fri, 16 Aug 2024 12:35:24 +0200 Subject: [PATCH 17/35] test: properly select MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE value This value should be: - OK for all EC/FFDH key pairs/public keys; - OK for all supported public RSA keys; - OK for RSA key pairs up to 2048 bits; - FAIL for RSA key pairs above 2048 bits. Signed-off-by: Valerio Setti --- tests/include/test/psa_crypto_helpers.h | 22 +++ .../components-configuration-crypto.sh | 11 +- tests/suites/test_suite_pkparse.data | 146 +++++++++--------- tests/suites/test_suite_pkwrite.data | 10 +- tests/suites/test_suite_psa_crypto.data | 15 +- 5 files changed, 118 insertions(+), 86 deletions(-) diff --git a/tests/include/test/psa_crypto_helpers.h b/tests/include/test/psa_crypto_helpers.h index 1039712aef..30b696d4e7 100644 --- a/tests/include/test/psa_crypto_helpers.h +++ b/tests/include/test/psa_crypto_helpers.h @@ -468,4 +468,26 @@ uint64_t mbedtls_test_parse_binary_string(data_t *bin_string); #define MBEDTLS_TEST_PSA_INTERNAL_KEYS \ MBEDTLS_TEST_PSA_INTERNAL_KEYS_FOR_DRBG +/* Some helper macros to verify if MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE is + * large enough to contain an RSA key pair of the given size. This is meant to be + * used in test cases where MBEDTLS_PSA_STATIC_KEY_SLOTS is enabled. */ +#if defined(MBEDTLS_PSA_CRYPTO_C) +#if (MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE >= PSA_KEY_EXPORT_RSA_KEY_PAIR_MAX_SIZE(4096)) +#define STATIC_KEY_SLOTS_SUPPORT_RSA_4096 +#endif + +#if (MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE >= PSA_KEY_EXPORT_RSA_KEY_PAIR_MAX_SIZE(2048)) +#define STATIC_KEY_SLOTS_SUPPORT_RSA_2048 +#endif + +#if !defined(MBEDTLS_PSA_STATIC_KEY_SLOTS) || defined(STATIC_KEY_SLOTS_SUPPORT_RSA_4096) +#define MBEDTLS_TEST_ALLOW_RSA_4096 +#endif + +#else /* MBEDTLS_PSA_CRYPTO_C */ + +#define MBEDTLS_TEST_ALLOW_RSA_4096 + +#endif /* MBEDTLS_PSA_CRYPTO_C */ + #endif /* PSA_CRYPTO_HELPERS_H */ diff --git a/tests/scripts/components-configuration-crypto.sh b/tests/scripts/components-configuration-crypto.sh index 398abda6b1..a12616f980 100644 --- a/tests/scripts/components-configuration-crypto.sh +++ b/tests/scripts/components-configuration-crypto.sh @@ -35,10 +35,13 @@ component_test_crypto_with_static_key_slots() { msg "build: crypto full + MBEDTLS_PSA_STATIC_KEY_SLOTS" scripts/config.py crypto_full scripts/config.py set MBEDTLS_PSA_STATIC_KEY_SLOTS - # Intentionally set MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE slightly smaller - # than PSA_EXPORT_KEY_PAIR_OR_PUBLIC_MAX_SIZE where the latter would be 2364 - # bytes for an RSA key pair of 4096 bits. - scripts/config.py set MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE 2362 + # Intentionally set MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE to a value that + # is enough to contain: + # - all RSA public keys up to 4096 bits (max of PSA_VENDOR_RSA_MAX_KEY_BITS). + # - RSA key pairs up to 1024 bits, but not 2048 or larger. + # - all FFDH key pairs and public keys up to 8192 bits (max of PSA_VENDOR_FFDH_MAX_KEY_BITS). + # - all EC key pairs and public keys up to 521 bits (max of PSA_VENDOR_ECC_MAX_CURVE_BITS). + scripts/config.py set MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE 1212 msg "test: crypto full + MBEDTLS_PSA_STATIC_KEY_SLOTS" make CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS" test diff --git a/tests/suites/test_suite_pkparse.data b/tests/suites/test_suite_pkparse.data index 144274966b..0db53b13ce 100644 --- a/tests/suites/test_suite_pkparse.data +++ b/tests/suites/test_suite_pkparse.data @@ -51,23 +51,23 @@ depends_on:MBEDTLS_MD_CAN_MD5:MBEDTLS_AES_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_CIPHER_M pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs1_2048_aes256.pem":"testkey":0 Parse RSA Key #14 (4096-bit, DES Encrypted) -depends_on:MBEDTLS_MD_CAN_MD5:MBEDTLS_DES_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_CIPHER_MODE_CBC +depends_on:MBEDTLS_MD_CAN_MD5:MBEDTLS_DES_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_TEST_ALLOW_RSA_4096 pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs1_4096_des.pem":"testkey":0 Parse RSA Key #15 (4096-bit, 3DES Encrypted) -depends_on:MBEDTLS_MD_CAN_MD5:MBEDTLS_DES_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_CIPHER_MODE_CBC +depends_on:MBEDTLS_MD_CAN_MD5:MBEDTLS_DES_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_TEST_ALLOW_RSA_4096 pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs1_4096_3des.pem":"testkey":0 Parse RSA Key #16 (4096-bit, AES-128 Encrypted) -depends_on:MBEDTLS_MD_CAN_MD5:MBEDTLS_AES_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_CIPHER_MODE_CBC +depends_on:MBEDTLS_MD_CAN_MD5:MBEDTLS_AES_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_TEST_ALLOW_RSA_4096 pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs1_4096_aes128.pem":"testkey":0 Parse RSA Key #17 (4096-bit, AES-192 Encrypted) -depends_on:MBEDTLS_MD_CAN_MD5:MBEDTLS_AES_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_CIPHER_MODE_CBC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_MD_CAN_MD5:MBEDTLS_AES_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_CIPHER_MODE_CBC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:MBEDTLS_TEST_ALLOW_RSA_4096 pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs1_4096_aes192.pem":"testkey":0 Parse RSA Key #18 (4096-bit, AES-256 Encrypted) -depends_on:MBEDTLS_MD_CAN_MD5:MBEDTLS_AES_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_CIPHER_MODE_CBC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_MD_CAN_MD5:MBEDTLS_AES_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_CIPHER_MODE_CBC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:MBEDTLS_TEST_ALLOW_RSA_4096 pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs1_4096_aes256.pem":"testkey":0 Parse RSA Key #19 (PKCS#8 wrapped) @@ -99,15 +99,15 @@ depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS12_ pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbe_sha1_2048_3des.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED Parse RSA Key #22 (PKCS#8 encrypted SHA1-3DES, 4096-bit) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS12_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC +depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS12_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_TEST_ALLOW_RSA_4096 pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbe_sha1_4096_3des.pem":"PolarSSLTest":0 Parse RSA Key #22.1 (PKCS#8 encrypted SHA1-3DES, 4096-bit, wrong PW) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS12_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS12_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7:MBEDTLS_TEST_ALLOW_RSA_4096 pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbe_sha1_4096_3des.pem":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH Parse RSA Key #22.2 (PKCS#8 encrypted SHA1-3DES, 4096-bit, no PW) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS12_C:MBEDTLS_CIPHER_C +depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS12_C:MBEDTLS_CIPHER_C:MBEDTLS_TEST_ALLOW_RSA_4096 pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbe_sha1_4096_3des.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED Parse RSA Key #23 (PKCS#8 encrypted SHA1-3DES DER) @@ -119,7 +119,7 @@ depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PKCS12_C:MBEDTLS_CIPHER_C:M pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbe_sha1_2048_3des.der":"PolarSSLTest":0 Parse RSA Key #25 (PKCS#8 encrypted SHA1-3DES DER, 4096-bit) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PKCS12_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC +depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PKCS12_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_TEST_ALLOW_RSA_4096 pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbe_sha1_4096_3des.der":"PolarSSLTest":0 Parse RSA Key #26 (PKCS#8 encrypted SHA1-2DES) @@ -147,15 +147,15 @@ depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS12_ pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbe_sha1_2048_2des.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED Parse RSA Key #28 (PKCS#8 encrypted SHA1-2DES, 4096-bit) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS12_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC +depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS12_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_TEST_ALLOW_RSA_4096 pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbe_sha1_4096_2des.pem":"PolarSSLTest":0 Parse RSA Key #28.1 (PKCS#8 encrypted SHA1-2DES, 4096-bit, wrong PW) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS12_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS12_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7:MBEDTLS_TEST_ALLOW_RSA_4096 pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbe_sha1_4096_2des.pem":"PolarSLTest":MBEDTLS_ERR_PK_PASSWORD_MISMATCH Parse RSA Key #28.2 (PKCS#8 encrypted SHA1-2DES, 4096-bit, no PW) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS12_C:MBEDTLS_CIPHER_C +depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS12_C:MBEDTLS_CIPHER_C:MBEDTLS_TEST_ALLOW_RSA_4096 pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbe_sha1_4096_2des.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED Parse RSA Key #29 (PKCS#8 encrypted SHA1-2DES DER) @@ -167,7 +167,7 @@ depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PKCS12_C:MBEDTLS_CIPHER_C:M pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbe_sha1_2048_2des.der":"PolarSSLTest":0 Parse RSA Key #31 (PKCS#8 encrypted SHA1-2DES DER, 4096-bit) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PKCS12_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC +depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PKCS12_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_TEST_ALLOW_RSA_4096 pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbe_sha1_4096_2des.der":"PolarSSLTest":0 Parse RSA Key #38 (PKCS#8 encrypted v2 PBKDF2 3DES) @@ -195,15 +195,15 @@ depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED Parse RSA Key #40 (PKCS#8 encrypted v2 PBKDF2 3DES, 4096-bit) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC +depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_TEST_ALLOW_RSA_4096 pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des.pem":"PolarSSLTest":0 Parse RSA Key #40.1 (PKCS#8 encrypted v2 PBKDF2 3DES, 4096-bit, wrong PW) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7:MBEDTLS_TEST_ALLOW_RSA_4096 pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des.pem":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH Parse RSA Key #40.2 (PKCS#8 encrypted v2 PBKDF2 3DES, 4096-bit, no PW) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C +depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_TEST_ALLOW_RSA_4096 pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED Parse RSA Key #41 (PKCS#8 encrypted v2 PBKDF2 3DES DER) @@ -231,15 +231,15 @@ depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT Parse RSA Key #43 (PKCS#8 encrypted v2 PBKDF2 3DES DER, 4096-bit) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC +depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_TEST_ALLOW_RSA_4096 pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des.der":"PolarSSLTest":0 Parse RSA Key #43.1 (PKCS#8 encrypted v2 PBKDF2 3DES DER, 4096-bit, wrong PW) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7:MBEDTLS_TEST_ALLOW_RSA_4096 pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des.der":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH Parse RSA Key #43.2 (PKCS#8 encrypted v2 PBKDF2 3DES DER, 4096-bit, no PW) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C +depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_TEST_ALLOW_RSA_4096 pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT Parse RSA Key #44 (PKCS#8 encrypted v2 PBKDF2 DES) @@ -267,15 +267,15 @@ depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_des.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED Parse RSA Key #46 (PKCS#8 encrypted v2 PBKDF2 DES, 4096-bit) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC +depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_TEST_ALLOW_RSA_4096 pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des.pem":"PolarSSLTest":0 Parse RSA Key #46.1 (PKCS#8 encrypted v2 PBKDF2 DES, 4096-bit, wrong PW) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7:MBEDTLS_TEST_ALLOW_RSA_4096 pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des.pem":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH Parse RSA Key #46.2 (PKCS#8 encrypted v2 PBKDF2 DES, 4096-bit, no PW) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C +depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_TEST_ALLOW_RSA_4096 pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED Parse RSA Key #47 (PKCS#8 encrypted v2 PBKDF2 DES DER) @@ -303,15 +303,15 @@ depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_des.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT Parse RSA Key #49 (PKCS#8 encrypted v2 PBKDF2 DES DER, 4096-bit) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC +depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_TEST_ALLOW_RSA_4096 pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des.der":"PolarSSLTest":0 Parse RSA Key #49.1 (PKCS#8 encrypted v2 PBKDF2 DES DER, 4096-bit, wrong PW) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7:MBEDTLS_TEST_ALLOW_RSA_4096 pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des.der":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH Parse RSA Key #49.2 (PKCS#8 encrypted v2 PBKDF2 DES DER, 4096-bit, no PW) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C +depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_TEST_ALLOW_RSA_4096 pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT Parse RSA Key #50 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA224) @@ -339,15 +339,15 @@ depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA224:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5 pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha224.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED Parse RSA Key #52 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA224, 4096-bit) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA224:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC +depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA224:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_TEST_ALLOW_RSA_4096 pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha224.pem":"PolarSSLTest":0 Parse RSA Key #52.1 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA224, 4096-bit, wrong PW) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA224:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA224:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7:MBEDTLS_TEST_ALLOW_RSA_4096 pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha224.pem":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH Parse RSA Key #52.2 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA224, 4096-bit, no PW) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA224:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C +depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA224:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_TEST_ALLOW_RSA_4096 pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha224.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED Parse RSA Key #53 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA224 DER) @@ -375,15 +375,15 @@ depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA224:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha224.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT Parse RSA Key #55 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA224 DER, 4096-bit) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA224:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC +depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA224:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_TEST_ALLOW_RSA_4096 pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha224.der":"PolarSSLTest":0 Parse RSA Key #55.1 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA224 DER, 4096-bit, wrong PW) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA224:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA224:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7:MBEDTLS_TEST_ALLOW_RSA_4096 pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha224.der":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH Parse RSA Key #55.2 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA224 DER, 4096-bit, no PW) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA224:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C +depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA224:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_TEST_ALLOW_RSA_4096 pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha224.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT Parse RSA Key #56 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA224) @@ -411,15 +411,15 @@ depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA224:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5 pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_des_sha224.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED Parse RSA Key #58 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA224, 4096-bit) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA224:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC +depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA224:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_TEST_ALLOW_RSA_4096 pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha224.pem":"PolarSSLTest":0 Parse RSA Key #58.1 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA224, 4096-bit, wrong PW) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA224:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA224:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7:MBEDTLS_TEST_ALLOW_RSA_4096 pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha224.pem":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH Parse RSA Key #58.2 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA224, 4096-bit, no PW) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA224:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C +depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA224:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_TEST_ALLOW_RSA_4096 pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha224.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED Parse RSA Key #59 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA224 DER) @@ -447,15 +447,15 @@ depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA224:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_des_sha224.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT Parse RSA Key #61 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA224 DER, 4096-bit) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA224:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC +depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA224:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_TEST_ALLOW_RSA_4096 pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha224.der":"PolarSSLTest":0 Parse RSA Key #61.1 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA224 DER, 4096-bit, wrong PW) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA224:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA224:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7:MBEDTLS_TEST_ALLOW_RSA_4096 pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha224.der":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH Parse RSA Key #61.2 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA224 DER, 4096-bit, no PW) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA224:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C +depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA224:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_TEST_ALLOW_RSA_4096 pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha224.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT Parse RSA Key #62 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA256) @@ -483,15 +483,15 @@ depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA256:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5 pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha256.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED Parse RSA Key #64 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA256, 4096-bit) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA256:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC +depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA256:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_TEST_ALLOW_RSA_4096 pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha256.pem":"PolarSSLTest":0 Parse RSA Key #64.1 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA256, 4096-bit, wrong PW) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA256:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA256:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7:MBEDTLS_TEST_ALLOW_RSA_4096 pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha256.pem":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH Parse RSA Key #64.2 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA256, 4096-bit, no PW) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA256:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C +depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA256:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_TEST_ALLOW_RSA_4096 pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha256.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED Parse RSA Key #65 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA256 DER) @@ -519,15 +519,15 @@ depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA256:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha256.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT Parse RSA Key #67 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA256 DER, 4096-bit) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA256:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC +depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA256:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_TEST_ALLOW_RSA_4096 pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha256.der":"PolarSSLTest":0 Parse RSA Key #68.1 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA256 DER, 4096-bit, wrong PW) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA256:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA256:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7:MBEDTLS_TEST_ALLOW_RSA_4096 pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha256.der":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH Parse RSA Key #68.2 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA256 DER, 4096-bit, no PW) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA256:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C +depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA256:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_TEST_ALLOW_RSA_4096 pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha256.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT Parse RSA Key #69 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA256) @@ -555,15 +555,15 @@ depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA256:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5 pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_des_sha256.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED Parse RSA Key #71 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA256, 4096-bit) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA256:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC +depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA256:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_TEST_ALLOW_RSA_4096 pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha256.pem":"PolarSSLTest":0 Parse RSA Key #71.1 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA256, 4096-bit, wrong PW) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA256:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA256:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7:MBEDTLS_TEST_ALLOW_RSA_4096 pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha256.pem":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH Parse RSA Key #71.2 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA256, 4096-bit, no PW) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA256:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C +depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA256:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_TEST_ALLOW_RSA_4096 pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha256.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED Parse RSA Key #72 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA256 DER) @@ -591,15 +591,15 @@ depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA256:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_des_sha256.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT Parse RSA Key #74 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA256 DER, 4096-bit) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA256:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC +depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA256:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_TEST_ALLOW_RSA_4096 pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha256.der":"PolarSSLTest":0 Parse RSA Key #74.1 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA256 DER, 4096-bit, wrong PW) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA256:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA256:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7:MBEDTLS_TEST_ALLOW_RSA_4096 pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha256.der":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH Parse RSA Key #74.2 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA256 DER, 4096-bit, no PW) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA256:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C +depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA256:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_TEST_ALLOW_RSA_4096 pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha256.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT Parse RSA Key #75 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA384) @@ -627,15 +627,15 @@ depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5 pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha384.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED Parse RSA Key #77 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA384, 4096-bit) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC +depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_TEST_ALLOW_RSA_4096 pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha384.pem":"PolarSSLTest":0 Parse RSA Key #77.1 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA384, 4096-bit, wrong PW) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7:MBEDTLS_TEST_ALLOW_RSA_4096 pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha384.pem":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH Parse RSA Key #77.2 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA384, 4096-bit, no PW) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C +depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_TEST_ALLOW_RSA_4096 pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha384.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED Parse RSA Key #78 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA384 DER) @@ -663,15 +663,15 @@ depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha384.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT Parse RSA Key #80 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA384 DER, 4096-bit) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC +depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_TEST_ALLOW_RSA_4096 pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha384.der":"PolarSSLTest":0 Parse RSA Key #80.1 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA384 DER, 4096-bit, wrong PW) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7:MBEDTLS_TEST_ALLOW_RSA_4096 pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha384.der":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH Parse RSA Key #80.2 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA384 DER, 4096-bit, no PW) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C +depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_TEST_ALLOW_RSA_4096 pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha384.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT Parse RSA Key #81 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA384) @@ -699,15 +699,15 @@ depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5 pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_des_sha384.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED Parse RSA Key #83 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA384, 4096-bit) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC +depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_TEST_ALLOW_RSA_4096 pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha384.pem":"PolarSSLTest":0 Parse RSA Key #83.1 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA384, 4096-bit, wrong PW) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7:MBEDTLS_TEST_ALLOW_RSA_4096 pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha384.pem":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH Parse RSA Key #83.2 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA384, 4096-bit, no PW) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C +depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_TEST_ALLOW_RSA_4096 pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha384.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED Parse RSA Key #84 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA384 DER) @@ -735,15 +735,15 @@ depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_des_sha384.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT Parse RSA Key #87 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA384 DER, 4096-bit) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC +depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_TEST_ALLOW_RSA_4096 pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha384.der":"PolarSSLTest":0 Parse RSA Key #87.1 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA384 DER, 4096-bit, wrong PW) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7:MBEDTLS_TEST_ALLOW_RSA_4096 pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha384.der":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH Parse RSA Key #87.2 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA384 DER, 4096-bit, no PW) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C +depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_TEST_ALLOW_RSA_4096 pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha384.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT Parse RSA Key #88 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA512) @@ -771,15 +771,15 @@ depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA512:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5 pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha512.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED Parse RSA Key #90 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA512, 4096-bit) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA512:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC +depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA512:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_TEST_ALLOW_RSA_4096 pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha512.pem":"PolarSSLTest":0 Parse RSA Key #90.1 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA512, 4096-bit, wrong PW) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA512:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA512:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7:MBEDTLS_TEST_ALLOW_RSA_4096 pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha512.pem":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH Parse RSA Key #90.2 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA512, 4096-bit, no PW) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA512:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C +depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA512:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_TEST_ALLOW_RSA_4096 pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha512.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED Parse RSA Key #91 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA512 DER) @@ -807,15 +807,15 @@ depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA512:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha512.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT Parse RSA Key #93 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA512 DER, 4096-bit) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA512:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC +depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA512:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_TEST_ALLOW_RSA_4096 pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha512.der":"PolarSSLTest":0 Parse RSA Key #93.1 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA512 DER, 4096-bit, wrong PW) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA512:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA512:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7:MBEDTLS_TEST_ALLOW_RSA_4096 pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha512.der":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH Parse RSA Key #93.2 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA512 DER, 4096-bit, no PW) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA512:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C +depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA512:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_TEST_ALLOW_RSA_4096 pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha512.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT Parse RSA Key #94 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA512) @@ -843,15 +843,15 @@ depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA512:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5 pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_des_sha512.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED Parse RSA Key #96 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA512, 4096-bit) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA512:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC +depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA512:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_TEST_ALLOW_RSA_4096 pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha512.pem":"PolarSSLTest":0 Parse RSA Key #96.1 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA512, 4096-bit, wrong PW) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA512:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA512:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7:MBEDTLS_TEST_ALLOW_RSA_4096 pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha512.pem":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH Parse RSA Key #96.2 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA512, 4096-bit, no PW) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA512:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C +depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA512:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_TEST_ALLOW_RSA_4096 pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha512.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED Parse RSA Key #97 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA512 DER) @@ -879,15 +879,15 @@ depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA512:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_des_sha512.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT Parse RSA Key #99 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA512 DER, 4096-bit) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA512:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC +depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA512:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_TEST_ALLOW_RSA_4096 pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha512.der":"PolarSSLTest":0 Parse RSA Key #99.1 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA512 DER, 4096-bit, wrong PW) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA512:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA512:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7:MBEDTLS_TEST_ALLOW_RSA_4096 pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha512.der":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH Parse RSA Key #99.2 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA512 DER, 4096-bit, no PW) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA512:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C +depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA512:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_TEST_ALLOW_RSA_4096 pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha512.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT Parse RSA Key #99.3 (PKCS#8 encrypted v2 PBKDF2 AES-128-CBC hmacWithSHA384, 2048-bit) diff --git a/tests/suites/test_suite_pkwrite.data b/tests/suites/test_suite_pkwrite.data index 30ccfbc75b..34b8698124 100644 --- a/tests/suites/test_suite_pkwrite.data +++ b/tests/suites/test_suite_pkwrite.data @@ -7,11 +7,11 @@ depends_on:MBEDTLS_RSA_C pk_write_pubkey_check:"../framework/data_files/server1.pubkey.der":TEST_DER Public key write check RSA 4096 -depends_on:MBEDTLS_RSA_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PEM_WRITE_C +depends_on:MBEDTLS_RSA_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PEM_WRITE_C:MBEDTLS_TEST_ALLOW_RSA_4096 pk_write_pubkey_check:"../framework/data_files/rsa4096_pub.pem":TEST_PEM Public key write check RSA 4096 (DER) -depends_on:MBEDTLS_RSA_C +depends_on:MBEDTLS_RSA_C:MBEDTLS_TEST_ALLOW_RSA_4096 pk_write_pubkey_check:"../framework/data_files/rsa4096_pub.der":TEST_DER Public key write check EC 192 bits @@ -66,11 +66,11 @@ depends_on:MBEDTLS_RSA_C pk_write_key_check:"../framework/data_files/server1.key.der":TEST_DER Private key write check RSA 4096 -depends_on:MBEDTLS_RSA_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PEM_WRITE_C +depends_on:MBEDTLS_RSA_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PEM_WRITE_C:MBEDTLS_TEST_ALLOW_RSA_4096 pk_write_key_check:"../framework/data_files/rsa4096_prv.pem":TEST_PEM Private key write check RSA 4096 (DER) -depends_on:MBEDTLS_RSA_C +depends_on:MBEDTLS_RSA_C:MBEDTLS_TEST_ALLOW_RSA_4096 pk_write_key_check:"../framework/data_files/rsa4096_prv.der":TEST_DER Private key write check EC 192 bits @@ -134,7 +134,7 @@ depends_on:MBEDTLS_RSA_C pk_write_public_from_private:"../framework/data_files/server1.key.der":"../framework/data_files/server1.pubkey.der" Derive public key RSA 4096 -depends_on:MBEDTLS_RSA_C +depends_on:MBEDTLS_RSA_C:MBEDTLS_TEST_ALLOW_RSA_4096 pk_write_public_from_private:"../framework/data_files/rsa4096_prv.der":"../framework/data_files/rsa4096_pub.der" Derive public key EC 192 bits diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data index 6296e3deb7..e5d53845c2 100644 --- a/tests/suites/test_suite_psa_crypto.data +++ b/tests/suites/test_suite_psa_crypto.data @@ -7493,9 +7493,16 @@ PSA generate key: RSA, maximum size exceeded depends_on:PSA_WANT_ALG_RSA_PKCS1V15_CRYPT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE generate_key:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_VENDOR_RSA_MAX_KEY_BITS+8:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_ERROR_NOT_SUPPORTED:0 +# Following 2 tests are meant to be tested from the component_test_crypto_with_static_key_slots() +# test component. There MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE is intentionally set to a value +# that is OK for all public RSA key bit sizes, but only valid up to 2048 bits for key pairs. PSA generate key: RSA, key pair size does not fit in static key buffer -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_CRYPT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE:MBEDTLS_PSA_STATIC_KEY_SLOTS:MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE<2364 -generate_key:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_VENDOR_RSA_MAX_KEY_BITS:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_ERROR_NOT_SUPPORTED:0 +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_CRYPT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE:MBEDTLS_PSA_STATIC_KEY_SLOTS:!STATIC_KEY_SLOTS_SUPPORT_RSA_4096:PSA_VENDOR_RSA_MAX_KEY_BITS>=4096 +generate_key:PSA_KEY_TYPE_RSA_KEY_PAIR:4096:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_ERROR_NOT_SUPPORTED:0 + +PSA generate key: RSA, key pair size fits in static key buffer +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_CRYPT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE:MBEDTLS_PSA_STATIC_KEY_SLOTS:STATIC_KEY_SLOTS_SUPPORT_RSA_2048:PSA_VENDOR_RSA_MAX_KEY_BITS>=2048 +generate_key:PSA_KEY_TYPE_RSA_KEY_PAIR:2048:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_SUCCESS:0 PSA generate key: ECC, SECP256R1, good depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE:PSA_WANT_ECC_SECP_R1_256 @@ -7662,11 +7669,11 @@ depends_on:MBEDTLS_THREADING_PTHREAD concurrently_generate_keys:PSA_KEY_TYPE_RAW_DATA:9:PSA_KEY_USAGE_EXPORT:0:PSA_ERROR_INVALID_ARGUMENT:0:8:5 PSA concurrent key generation: raw data, (MBEDTLS_CTR_DRBG_MAX_REQUEST + 1) * 8 bits -depends_on:MBEDTLS_THREADING_PTHREAD +depends_on:MBEDTLS_THREADING_PTHREAD:!MBEDTLS_PSA_STATIC_KEY_SLOTS concurrently_generate_keys:PSA_KEY_TYPE_RAW_DATA:(MBEDTLS_CTR_DRBG_MAX_REQUEST + 1) * 8:PSA_KEY_USAGE_EXPORT:0:PSA_SUCCESS:0:8:5 PSA concurrent key generation: raw data, (2 * MBEDTLS_CTR_DRBG_MAX_REQUEST + 1) * 8 bits -depends_on:MBEDTLS_THREADING_PTHREAD +depends_on:MBEDTLS_THREADING_PTHREAD:!MBEDTLS_PSA_STATIC_KEY_SLOTS concurrently_generate_keys:PSA_KEY_TYPE_RAW_DATA:(2 * MBEDTLS_CTR_DRBG_MAX_REQUEST + 1) * 8:PSA_KEY_USAGE_EXPORT:0:PSA_SUCCESS:0:8:5 PSA concurrent key generation: raw data, 65528 bits (large key, ok if it fits) From 9e154debfb448617ff90c4d676d25bdec2d5d023 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Fri, 16 Aug 2024 12:43:47 +0200 Subject: [PATCH 18/35] test_suite_psa_crypto_storage_format: improve input bit length specification for static key buffer Signed-off-by: Valerio Setti --- .../test_suite_psa_crypto_storage_format.function | 12 ++++++------ .../test_suite_psa_crypto_storage_format.misc.data | 2 +- 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/tests/suites/test_suite_psa_crypto_storage_format.function b/tests/suites/test_suite_psa_crypto_storage_format.function index ca70d20f67..5788742aa5 100644 --- a/tests/suites/test_suite_psa_crypto_storage_format.function +++ b/tests/suites/test_suite_psa_crypto_storage_format.function @@ -305,17 +305,17 @@ void key_storage_read(int lifetime_arg, int type_arg, int bits_arg, /* Create a persistent key which is intentionally larger than the specified * bit size. */ if (flags & TEST_FLAG_OVERSIZED_KEY) { - TEST_CALLOC(custom_key_data, PSA_BITS_TO_BYTES(bits) + 1); - memset(custom_key_data, 0xAA, PSA_BITS_TO_BYTES(bits) + 1); - material->len = PSA_BITS_TO_BYTES(bits) + 1; + TEST_CALLOC(custom_key_data, PSA_BITS_TO_BYTES(bits)); + memset(custom_key_data, 0xAA, PSA_BITS_TO_BYTES(bits)); + material->len = PSA_BITS_TO_BYTES(bits); material->x = custom_key_data; /* 36 bytes are the overhead of psa_persistent_key_storage_format */ - TEST_CALLOC(custom_storage_data, PSA_BITS_TO_BYTES(bits) + 1 + 36); - representation->len = PSA_BITS_TO_BYTES(bits) + 1 + 36; + TEST_CALLOC(custom_storage_data, PSA_BITS_TO_BYTES(bits) + 36); + representation->len = PSA_BITS_TO_BYTES(bits) + 36; representation->x = custom_storage_data; - psa_format_key_data_for_storage(custom_key_data, PSA_BITS_TO_BYTES(bits) + 1, + psa_format_key_data_for_storage(custom_key_data, PSA_BITS_TO_BYTES(bits), &attributes, custom_storage_data); } diff --git a/tests/suites/test_suite_psa_crypto_storage_format.misc.data b/tests/suites/test_suite_psa_crypto_storage_format.misc.data index 8aabe4cb2c..359053ec0d 100644 --- a/tests/suites/test_suite_psa_crypto_storage_format.misc.data +++ b/tests/suites/test_suite_psa_crypto_storage_format.misc.data @@ -14,4 +14,4 @@ key_storage_save:PSA_KEY_LIFETIME_PERSISTENT:PSA_KEY_TYPE_AES:128:PSA_KEY_USAGE_ # so that when psa_get_key_attributes() tries to load it from the storage it will fail. PSA storage read: key larger than MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE depends_on:PSA_WANT_KEY_TYPE_RAW_DATA:MBEDTLS_PSA_STATIC_KEY_SLOTS -key_storage_read:PSA_KEY_LIFETIME_PERSISTENT:PSA_KEY_TYPE_RAW_DATA:MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE*8:PSA_KEY_USAGE_EXPORT:PSA_ALG_NONE:PSA_ALG_NONE:"":"":TEST_FLAG_OVERSIZED_KEY +key_storage_read:PSA_KEY_LIFETIME_PERSISTENT:PSA_KEY_TYPE_RAW_DATA:PSA_BYTES_TO_BITS(MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE + 1):PSA_KEY_USAGE_EXPORT:PSA_ALG_NONE:PSA_ALG_NONE:"":"":TEST_FLAG_OVERSIZED_KEY From dbfb2ab4ea18653cedf8de041f1ca965687960e4 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Fri, 16 Aug 2024 12:52:19 +0200 Subject: [PATCH 19/35] psa: zeroize static key buffer content when key slot is freed Signed-off-by: Valerio Setti --- library/psa_crypto.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 8c2c543d09..f0ccf3d80e 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -1183,7 +1183,11 @@ static psa_status_t psa_get_and_lock_transparent_key_slot_with_policy( psa_status_t psa_remove_key_data_from_memory(psa_key_slot_t *slot) { -#if !defined(MBEDTLS_PSA_STATIC_KEY_SLOTS) +#if defined(MBEDTLS_PSA_STATIC_KEY_SLOTS) + if (slot->key.bytes > 0) { + mbedtls_platform_zeroize(slot->key.data, MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE); + } +#else if (slot->key.data != NULL) { mbedtls_zeroize_and_free(slot->key.data, slot->key.bytes); } From 7a2ca19213f08240e5141deb4ff2dcead9eb9aca Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Fri, 16 Aug 2024 13:32:58 +0200 Subject: [PATCH 20/35] check_config: prevent fully dynamic and static key stores to be enabled simultaneously Signed-off-by: Valerio Setti --- include/mbedtls/check_config.h | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h index c80e286baf..aec5050b70 100644 --- a/include/mbedtls/check_config.h +++ b/include/mbedtls/check_config.h @@ -741,6 +741,11 @@ #error "MBEDTLS_PSA_INJECT_ENTROPY is not compatible with MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG" #endif +#if defined(MBEDTLS_PSA_KEY_STORE_DYNAMIC) && \ + defined(MBEDTLS_PSA_STATIC_KEY_SLOTS) +#error "MBEDTLS_PSA_KEY_STORE_DYNAMIC and MBEDTLS_PSA_STATIC_KEY_SLOTS cannot be defined simultaneously" +#endif + #if defined(MBEDTLS_PSA_ITS_FILE_C) && \ !defined(MBEDTLS_FS_IO) #error "MBEDTLS_PSA_ITS_FILE_C defined, but not all prerequisites" From 92f1d2dcb2770a07e910c4a6227a12c31b9b9a6e Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Wed, 28 Aug 2024 05:50:45 +0200 Subject: [PATCH 21/35] test: disable dynamic key store in test_crypto_with_static_key_slots Signed-off-by: Valerio Setti --- tests/scripts/components-configuration-crypto.sh | 3 +++ 1 file changed, 3 insertions(+) diff --git a/tests/scripts/components-configuration-crypto.sh b/tests/scripts/components-configuration-crypto.sh index a12616f980..ea14026b0b 100644 --- a/tests/scripts/components-configuration-crypto.sh +++ b/tests/scripts/components-configuration-crypto.sh @@ -42,6 +42,9 @@ component_test_crypto_with_static_key_slots() { # - all FFDH key pairs and public keys up to 8192 bits (max of PSA_VENDOR_FFDH_MAX_KEY_BITS). # - all EC key pairs and public keys up to 521 bits (max of PSA_VENDOR_ECC_MAX_CURVE_BITS). scripts/config.py set MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE 1212 + # Disable the fully dynamic key store (default on) since it conflicts + # with the static behavior that we're testing here. + scripts/config.py unset MBEDTLS_PSA_KEY_STORE_DYNAMIC msg "test: crypto full + MBEDTLS_PSA_STATIC_KEY_SLOTS" make CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS" test From ce849212981a624f82e5eca6c6132163afb053ec Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Thu, 29 Aug 2024 15:02:47 +0200 Subject: [PATCH 22/35] psa: move default definition of MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE Move the default definition of MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE from psa_crypto_core.h to the public header crypto_extra.h in order to solve documentation build issues. Signed-off-by: Valerio Setti --- include/psa/crypto_extra.h | 10 ++++++++++ library/psa_crypto_core.h | 9 --------- library/psa_crypto_storage.h | 1 - 3 files changed, 10 insertions(+), 10 deletions(-) diff --git a/include/psa/crypto_extra.h b/include/psa/crypto_extra.h index 0cf42c6055..f48c0873b5 100644 --- a/include/psa/crypto_extra.h +++ b/include/psa/crypto_extra.h @@ -32,6 +32,16 @@ extern "C" { #define MBEDTLS_PSA_KEY_SLOT_COUNT 32 #endif +/* If the size of static key slots is not explicitly defined by the user, then + * set it to the maximum between PSA_EXPORT_KEY_PAIR_OR_PUBLIC_MAX_SIZE and + * PSA_CIPHER_MAX_KEY_LENGTH. + * See mbedtls_config.h for the definition. */ +#if !defined(MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE) +#define MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE \ + ((PSA_EXPORT_KEY_PAIR_OR_PUBLIC_MAX_SIZE > PSA_CIPHER_MAX_KEY_LENGTH) ? \ + PSA_EXPORT_KEY_PAIR_OR_PUBLIC_MAX_SIZE : PSA_CIPHER_MAX_KEY_LENGTH) +#endif /* !MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE*/ + /** \addtogroup attributes * @{ */ diff --git a/library/psa_crypto_core.h b/library/psa_crypto_core.h index 6dd00730ce..f2d849876c 100644 --- a/library/psa_crypto_core.h +++ b/library/psa_crypto_core.h @@ -55,15 +55,6 @@ typedef enum { PSA_SLOT_PENDING_DELETION, } psa_key_slot_state_t; -/* If the size of static key slots is not explicitly defined by the user, then - * set it to the maximum between PSA_EXPORT_KEY_PAIR_OR_PUBLIC_MAX_SIZE and - * PSA_CIPHER_MAX_KEY_LENGTH. */ -#if !defined(MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE) -#define MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE \ - ((PSA_EXPORT_KEY_PAIR_OR_PUBLIC_MAX_SIZE > PSA_CIPHER_MAX_KEY_LENGTH) ? \ - PSA_EXPORT_KEY_PAIR_OR_PUBLIC_MAX_SIZE : PSA_CIPHER_MAX_KEY_LENGTH) -#endif /* !MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE*/ - /** The data structure representing a key slot, containing key material * and metadata for one key. */ diff --git a/library/psa_crypto_storage.h b/library/psa_crypto_storage.h index 809fd72249..433ecdca51 100644 --- a/library/psa_crypto_storage.h +++ b/library/psa_crypto_storage.h @@ -17,7 +17,6 @@ extern "C" { #include "psa/crypto.h" #include "psa/crypto_se_driver.h" -#include "psa_crypto_core.h" #include #include From 38efe85e9fc987af14f1aca6525478844e83bf37 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Thu, 26 Sep 2024 13:01:53 +0200 Subject: [PATCH 23/35] psa_crypto_helpers: add MBEDTLS_TEST_ prefix to newly created symbols Signed-off-by: Valerio Setti --- tests/include/test/psa_crypto_helpers.h | 7 ++++--- tests/suites/test_suite_psa_crypto.data | 4 ++-- 2 files changed, 6 insertions(+), 5 deletions(-) diff --git a/tests/include/test/psa_crypto_helpers.h b/tests/include/test/psa_crypto_helpers.h index 30b696d4e7..0becb4c242 100644 --- a/tests/include/test/psa_crypto_helpers.h +++ b/tests/include/test/psa_crypto_helpers.h @@ -473,14 +473,15 @@ uint64_t mbedtls_test_parse_binary_string(data_t *bin_string); * used in test cases where MBEDTLS_PSA_STATIC_KEY_SLOTS is enabled. */ #if defined(MBEDTLS_PSA_CRYPTO_C) #if (MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE >= PSA_KEY_EXPORT_RSA_KEY_PAIR_MAX_SIZE(4096)) -#define STATIC_KEY_SLOTS_SUPPORT_RSA_4096 +#define MBEDTLS_TEST_STATIC_KEY_SLOTS_SUPPORT_RSA_4096 #endif #if (MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE >= PSA_KEY_EXPORT_RSA_KEY_PAIR_MAX_SIZE(2048)) -#define STATIC_KEY_SLOTS_SUPPORT_RSA_2048 +#define MBEDTLS_TEST_STATIC_KEY_SLOTS_SUPPORT_RSA_2048 #endif -#if !defined(MBEDTLS_PSA_STATIC_KEY_SLOTS) || defined(STATIC_KEY_SLOTS_SUPPORT_RSA_4096) +#if !defined(MBEDTLS_PSA_STATIC_KEY_SLOTS) || \ + defined(MBEDTLS_TEST_STATIC_KEY_SLOTS_SUPPORT_RSA_4096) #define MBEDTLS_TEST_ALLOW_RSA_4096 #endif diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data index e5d53845c2..5a3a4f3d1c 100644 --- a/tests/suites/test_suite_psa_crypto.data +++ b/tests/suites/test_suite_psa_crypto.data @@ -7497,11 +7497,11 @@ generate_key:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_VENDOR_RSA_MAX_KEY_BITS+8:PSA_KEY_USA # test component. There MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE is intentionally set to a value # that is OK for all public RSA key bit sizes, but only valid up to 2048 bits for key pairs. PSA generate key: RSA, key pair size does not fit in static key buffer -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_CRYPT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE:MBEDTLS_PSA_STATIC_KEY_SLOTS:!STATIC_KEY_SLOTS_SUPPORT_RSA_4096:PSA_VENDOR_RSA_MAX_KEY_BITS>=4096 +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_CRYPT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE:MBEDTLS_PSA_STATIC_KEY_SLOTS:!MBEDTLS_TEST_STATIC_KEY_SLOTS_SUPPORT_RSA_4096:PSA_VENDOR_RSA_MAX_KEY_BITS>=4096 generate_key:PSA_KEY_TYPE_RSA_KEY_PAIR:4096:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_ERROR_NOT_SUPPORTED:0 PSA generate key: RSA, key pair size fits in static key buffer -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_CRYPT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE:MBEDTLS_PSA_STATIC_KEY_SLOTS:STATIC_KEY_SLOTS_SUPPORT_RSA_2048:PSA_VENDOR_RSA_MAX_KEY_BITS>=2048 +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_CRYPT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE:MBEDTLS_PSA_STATIC_KEY_SLOTS:MBEDTLS_TEST_STATIC_KEY_SLOTS_SUPPORT_RSA_2048:PSA_VENDOR_RSA_MAX_KEY_BITS>=2048 generate_key:PSA_KEY_TYPE_RSA_KEY_PAIR:2048:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_SUCCESS:0 PSA generate key: ECC, SECP256R1, good From 7b1b9de1350f652c7a03f3189c14b91aa5c5fc61 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Thu, 26 Sep 2024 13:51:39 +0200 Subject: [PATCH 24/35] psa_crypto_helpers: enhance definitions for static key slot related test symbols - MBEDTLS_TEST_STATIC_KEY_SLOTS_SUPPORT_RSA_[2048/4096] are always defined because they are only used in test_suite_psa_crypto tests. - MBEDTLS_TEST_ALLOW_RSA_4096 was renamed as MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096 because this is only used in PK related test suites. Signed-off-by: Valerio Setti --- tests/include/test/psa_crypto_helpers.h | 17 ++- tests/suites/test_suite_pkparse.data | 146 ++++++++++++------------ tests/suites/test_suite_pkwrite.data | 10 +- 3 files changed, 89 insertions(+), 84 deletions(-) diff --git a/tests/include/test/psa_crypto_helpers.h b/tests/include/test/psa_crypto_helpers.h index 0becb4c242..e7b41b22a4 100644 --- a/tests/include/test/psa_crypto_helpers.h +++ b/tests/include/test/psa_crypto_helpers.h @@ -468,10 +468,9 @@ uint64_t mbedtls_test_parse_binary_string(data_t *bin_string); #define MBEDTLS_TEST_PSA_INTERNAL_KEYS \ MBEDTLS_TEST_PSA_INTERNAL_KEYS_FOR_DRBG -/* Some helper macros to verify if MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE is +/* A couple of helper macros to verify if MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE is * large enough to contain an RSA key pair of the given size. This is meant to be * used in test cases where MBEDTLS_PSA_STATIC_KEY_SLOTS is enabled. */ -#if defined(MBEDTLS_PSA_CRYPTO_C) #if (MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE >= PSA_KEY_EXPORT_RSA_KEY_PAIR_MAX_SIZE(4096)) #define MBEDTLS_TEST_STATIC_KEY_SLOTS_SUPPORT_RSA_4096 #endif @@ -480,15 +479,21 @@ uint64_t mbedtls_test_parse_binary_string(data_t *bin_string); #define MBEDTLS_TEST_STATIC_KEY_SLOTS_SUPPORT_RSA_2048 #endif +/* Helper macro for the PK module to check whether MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE + * is large enough to contain 4096 bits RSA key pairs. Of course this check is only + * necessary if PK relies on PSA (i.e. MBEDTLS_USE_PSA_CRYPTO) to store and manage + * the key. */ +#if defined(MBEDTLS_USE_PSA_CRYPTO) + #if !defined(MBEDTLS_PSA_STATIC_KEY_SLOTS) || \ defined(MBEDTLS_TEST_STATIC_KEY_SLOTS_SUPPORT_RSA_4096) -#define MBEDTLS_TEST_ALLOW_RSA_4096 +#define MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096 #endif -#else /* MBEDTLS_PSA_CRYPTO_C */ +#else /* MBEDTLS_USE_PSA_CRYPTO */ -#define MBEDTLS_TEST_ALLOW_RSA_4096 +#define MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096 -#endif /* MBEDTLS_PSA_CRYPTO_C */ +#endif /* MBEDTLS_USE_PSA_CRYPTO */ #endif /* PSA_CRYPTO_HELPERS_H */ diff --git a/tests/suites/test_suite_pkparse.data b/tests/suites/test_suite_pkparse.data index 0db53b13ce..b25a796903 100644 --- a/tests/suites/test_suite_pkparse.data +++ b/tests/suites/test_suite_pkparse.data @@ -51,23 +51,23 @@ depends_on:MBEDTLS_MD_CAN_MD5:MBEDTLS_AES_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_CIPHER_M pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs1_2048_aes256.pem":"testkey":0 Parse RSA Key #14 (4096-bit, DES Encrypted) -depends_on:MBEDTLS_MD_CAN_MD5:MBEDTLS_DES_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_TEST_ALLOW_RSA_4096 +depends_on:MBEDTLS_MD_CAN_MD5:MBEDTLS_DES_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096 pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs1_4096_des.pem":"testkey":0 Parse RSA Key #15 (4096-bit, 3DES Encrypted) -depends_on:MBEDTLS_MD_CAN_MD5:MBEDTLS_DES_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_TEST_ALLOW_RSA_4096 +depends_on:MBEDTLS_MD_CAN_MD5:MBEDTLS_DES_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096 pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs1_4096_3des.pem":"testkey":0 Parse RSA Key #16 (4096-bit, AES-128 Encrypted) -depends_on:MBEDTLS_MD_CAN_MD5:MBEDTLS_AES_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_TEST_ALLOW_RSA_4096 +depends_on:MBEDTLS_MD_CAN_MD5:MBEDTLS_AES_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096 pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs1_4096_aes128.pem":"testkey":0 Parse RSA Key #17 (4096-bit, AES-192 Encrypted) -depends_on:MBEDTLS_MD_CAN_MD5:MBEDTLS_AES_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_CIPHER_MODE_CBC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:MBEDTLS_TEST_ALLOW_RSA_4096 +depends_on:MBEDTLS_MD_CAN_MD5:MBEDTLS_AES_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_CIPHER_MODE_CBC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096 pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs1_4096_aes192.pem":"testkey":0 Parse RSA Key #18 (4096-bit, AES-256 Encrypted) -depends_on:MBEDTLS_MD_CAN_MD5:MBEDTLS_AES_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_CIPHER_MODE_CBC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:MBEDTLS_TEST_ALLOW_RSA_4096 +depends_on:MBEDTLS_MD_CAN_MD5:MBEDTLS_AES_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_CIPHER_MODE_CBC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096 pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs1_4096_aes256.pem":"testkey":0 Parse RSA Key #19 (PKCS#8 wrapped) @@ -99,15 +99,15 @@ depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS12_ pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbe_sha1_2048_3des.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED Parse RSA Key #22 (PKCS#8 encrypted SHA1-3DES, 4096-bit) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS12_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_TEST_ALLOW_RSA_4096 +depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS12_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096 pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbe_sha1_4096_3des.pem":"PolarSSLTest":0 Parse RSA Key #22.1 (PKCS#8 encrypted SHA1-3DES, 4096-bit, wrong PW) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS12_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7:MBEDTLS_TEST_ALLOW_RSA_4096 +depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS12_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096 pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbe_sha1_4096_3des.pem":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH Parse RSA Key #22.2 (PKCS#8 encrypted SHA1-3DES, 4096-bit, no PW) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS12_C:MBEDTLS_CIPHER_C:MBEDTLS_TEST_ALLOW_RSA_4096 +depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS12_C:MBEDTLS_CIPHER_C:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096 pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbe_sha1_4096_3des.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED Parse RSA Key #23 (PKCS#8 encrypted SHA1-3DES DER) @@ -119,7 +119,7 @@ depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PKCS12_C:MBEDTLS_CIPHER_C:M pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbe_sha1_2048_3des.der":"PolarSSLTest":0 Parse RSA Key #25 (PKCS#8 encrypted SHA1-3DES DER, 4096-bit) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PKCS12_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_TEST_ALLOW_RSA_4096 +depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PKCS12_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096 pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbe_sha1_4096_3des.der":"PolarSSLTest":0 Parse RSA Key #26 (PKCS#8 encrypted SHA1-2DES) @@ -147,15 +147,15 @@ depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS12_ pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbe_sha1_2048_2des.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED Parse RSA Key #28 (PKCS#8 encrypted SHA1-2DES, 4096-bit) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS12_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_TEST_ALLOW_RSA_4096 +depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS12_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096 pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbe_sha1_4096_2des.pem":"PolarSSLTest":0 Parse RSA Key #28.1 (PKCS#8 encrypted SHA1-2DES, 4096-bit, wrong PW) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS12_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7:MBEDTLS_TEST_ALLOW_RSA_4096 +depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS12_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096 pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbe_sha1_4096_2des.pem":"PolarSLTest":MBEDTLS_ERR_PK_PASSWORD_MISMATCH Parse RSA Key #28.2 (PKCS#8 encrypted SHA1-2DES, 4096-bit, no PW) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS12_C:MBEDTLS_CIPHER_C:MBEDTLS_TEST_ALLOW_RSA_4096 +depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS12_C:MBEDTLS_CIPHER_C:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096 pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbe_sha1_4096_2des.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED Parse RSA Key #29 (PKCS#8 encrypted SHA1-2DES DER) @@ -167,7 +167,7 @@ depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PKCS12_C:MBEDTLS_CIPHER_C:M pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbe_sha1_2048_2des.der":"PolarSSLTest":0 Parse RSA Key #31 (PKCS#8 encrypted SHA1-2DES DER, 4096-bit) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PKCS12_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_TEST_ALLOW_RSA_4096 +depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PKCS12_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096 pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbe_sha1_4096_2des.der":"PolarSSLTest":0 Parse RSA Key #38 (PKCS#8 encrypted v2 PBKDF2 3DES) @@ -195,15 +195,15 @@ depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED Parse RSA Key #40 (PKCS#8 encrypted v2 PBKDF2 3DES, 4096-bit) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_TEST_ALLOW_RSA_4096 +depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096 pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des.pem":"PolarSSLTest":0 Parse RSA Key #40.1 (PKCS#8 encrypted v2 PBKDF2 3DES, 4096-bit, wrong PW) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7:MBEDTLS_TEST_ALLOW_RSA_4096 +depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096 pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des.pem":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH Parse RSA Key #40.2 (PKCS#8 encrypted v2 PBKDF2 3DES, 4096-bit, no PW) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_TEST_ALLOW_RSA_4096 +depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096 pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED Parse RSA Key #41 (PKCS#8 encrypted v2 PBKDF2 3DES DER) @@ -231,15 +231,15 @@ depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT Parse RSA Key #43 (PKCS#8 encrypted v2 PBKDF2 3DES DER, 4096-bit) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_TEST_ALLOW_RSA_4096 +depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096 pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des.der":"PolarSSLTest":0 Parse RSA Key #43.1 (PKCS#8 encrypted v2 PBKDF2 3DES DER, 4096-bit, wrong PW) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7:MBEDTLS_TEST_ALLOW_RSA_4096 +depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096 pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des.der":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH Parse RSA Key #43.2 (PKCS#8 encrypted v2 PBKDF2 3DES DER, 4096-bit, no PW) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_TEST_ALLOW_RSA_4096 +depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096 pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT Parse RSA Key #44 (PKCS#8 encrypted v2 PBKDF2 DES) @@ -267,15 +267,15 @@ depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_des.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED Parse RSA Key #46 (PKCS#8 encrypted v2 PBKDF2 DES, 4096-bit) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_TEST_ALLOW_RSA_4096 +depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096 pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des.pem":"PolarSSLTest":0 Parse RSA Key #46.1 (PKCS#8 encrypted v2 PBKDF2 DES, 4096-bit, wrong PW) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7:MBEDTLS_TEST_ALLOW_RSA_4096 +depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096 pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des.pem":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH Parse RSA Key #46.2 (PKCS#8 encrypted v2 PBKDF2 DES, 4096-bit, no PW) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_TEST_ALLOW_RSA_4096 +depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096 pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED Parse RSA Key #47 (PKCS#8 encrypted v2 PBKDF2 DES DER) @@ -303,15 +303,15 @@ depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_des.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT Parse RSA Key #49 (PKCS#8 encrypted v2 PBKDF2 DES DER, 4096-bit) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_TEST_ALLOW_RSA_4096 +depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096 pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des.der":"PolarSSLTest":0 Parse RSA Key #49.1 (PKCS#8 encrypted v2 PBKDF2 DES DER, 4096-bit, wrong PW) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7:MBEDTLS_TEST_ALLOW_RSA_4096 +depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096 pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des.der":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH Parse RSA Key #49.2 (PKCS#8 encrypted v2 PBKDF2 DES DER, 4096-bit, no PW) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_TEST_ALLOW_RSA_4096 +depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096 pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT Parse RSA Key #50 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA224) @@ -339,15 +339,15 @@ depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA224:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5 pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha224.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED Parse RSA Key #52 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA224, 4096-bit) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA224:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_TEST_ALLOW_RSA_4096 +depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA224:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096 pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha224.pem":"PolarSSLTest":0 Parse RSA Key #52.1 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA224, 4096-bit, wrong PW) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA224:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7:MBEDTLS_TEST_ALLOW_RSA_4096 +depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA224:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096 pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha224.pem":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH Parse RSA Key #52.2 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA224, 4096-bit, no PW) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA224:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_TEST_ALLOW_RSA_4096 +depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA224:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096 pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha224.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED Parse RSA Key #53 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA224 DER) @@ -375,15 +375,15 @@ depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA224:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha224.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT Parse RSA Key #55 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA224 DER, 4096-bit) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA224:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_TEST_ALLOW_RSA_4096 +depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA224:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096 pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha224.der":"PolarSSLTest":0 Parse RSA Key #55.1 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA224 DER, 4096-bit, wrong PW) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA224:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7:MBEDTLS_TEST_ALLOW_RSA_4096 +depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA224:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096 pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha224.der":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH Parse RSA Key #55.2 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA224 DER, 4096-bit, no PW) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA224:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_TEST_ALLOW_RSA_4096 +depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA224:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096 pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha224.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT Parse RSA Key #56 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA224) @@ -411,15 +411,15 @@ depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA224:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5 pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_des_sha224.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED Parse RSA Key #58 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA224, 4096-bit) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA224:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_TEST_ALLOW_RSA_4096 +depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA224:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096 pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha224.pem":"PolarSSLTest":0 Parse RSA Key #58.1 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA224, 4096-bit, wrong PW) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA224:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7:MBEDTLS_TEST_ALLOW_RSA_4096 +depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA224:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096 pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha224.pem":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH Parse RSA Key #58.2 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA224, 4096-bit, no PW) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA224:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_TEST_ALLOW_RSA_4096 +depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA224:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096 pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha224.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED Parse RSA Key #59 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA224 DER) @@ -447,15 +447,15 @@ depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA224:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_des_sha224.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT Parse RSA Key #61 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA224 DER, 4096-bit) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA224:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_TEST_ALLOW_RSA_4096 +depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA224:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096 pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha224.der":"PolarSSLTest":0 Parse RSA Key #61.1 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA224 DER, 4096-bit, wrong PW) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA224:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7:MBEDTLS_TEST_ALLOW_RSA_4096 +depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA224:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096 pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha224.der":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH Parse RSA Key #61.2 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA224 DER, 4096-bit, no PW) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA224:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_TEST_ALLOW_RSA_4096 +depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA224:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096 pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha224.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT Parse RSA Key #62 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA256) @@ -483,15 +483,15 @@ depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA256:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5 pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha256.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED Parse RSA Key #64 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA256, 4096-bit) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA256:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_TEST_ALLOW_RSA_4096 +depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA256:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096 pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha256.pem":"PolarSSLTest":0 Parse RSA Key #64.1 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA256, 4096-bit, wrong PW) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA256:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7:MBEDTLS_TEST_ALLOW_RSA_4096 +depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA256:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096 pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha256.pem":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH Parse RSA Key #64.2 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA256, 4096-bit, no PW) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA256:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_TEST_ALLOW_RSA_4096 +depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA256:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096 pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha256.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED Parse RSA Key #65 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA256 DER) @@ -519,15 +519,15 @@ depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA256:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha256.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT Parse RSA Key #67 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA256 DER, 4096-bit) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA256:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_TEST_ALLOW_RSA_4096 +depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA256:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096 pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha256.der":"PolarSSLTest":0 Parse RSA Key #68.1 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA256 DER, 4096-bit, wrong PW) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA256:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7:MBEDTLS_TEST_ALLOW_RSA_4096 +depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA256:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096 pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha256.der":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH Parse RSA Key #68.2 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA256 DER, 4096-bit, no PW) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA256:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_TEST_ALLOW_RSA_4096 +depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA256:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096 pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha256.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT Parse RSA Key #69 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA256) @@ -555,15 +555,15 @@ depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA256:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5 pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_des_sha256.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED Parse RSA Key #71 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA256, 4096-bit) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA256:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_TEST_ALLOW_RSA_4096 +depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA256:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096 pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha256.pem":"PolarSSLTest":0 Parse RSA Key #71.1 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA256, 4096-bit, wrong PW) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA256:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7:MBEDTLS_TEST_ALLOW_RSA_4096 +depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA256:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096 pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha256.pem":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH Parse RSA Key #71.2 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA256, 4096-bit, no PW) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA256:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_TEST_ALLOW_RSA_4096 +depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA256:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096 pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha256.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED Parse RSA Key #72 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA256 DER) @@ -591,15 +591,15 @@ depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA256:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_des_sha256.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT Parse RSA Key #74 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA256 DER, 4096-bit) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA256:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_TEST_ALLOW_RSA_4096 +depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA256:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096 pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha256.der":"PolarSSLTest":0 Parse RSA Key #74.1 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA256 DER, 4096-bit, wrong PW) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA256:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7:MBEDTLS_TEST_ALLOW_RSA_4096 +depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA256:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096 pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha256.der":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH Parse RSA Key #74.2 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA256 DER, 4096-bit, no PW) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA256:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_TEST_ALLOW_RSA_4096 +depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA256:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096 pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha256.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT Parse RSA Key #75 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA384) @@ -627,15 +627,15 @@ depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5 pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha384.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED Parse RSA Key #77 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA384, 4096-bit) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_TEST_ALLOW_RSA_4096 +depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096 pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha384.pem":"PolarSSLTest":0 Parse RSA Key #77.1 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA384, 4096-bit, wrong PW) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7:MBEDTLS_TEST_ALLOW_RSA_4096 +depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096 pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha384.pem":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH Parse RSA Key #77.2 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA384, 4096-bit, no PW) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_TEST_ALLOW_RSA_4096 +depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096 pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha384.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED Parse RSA Key #78 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA384 DER) @@ -663,15 +663,15 @@ depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha384.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT Parse RSA Key #80 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA384 DER, 4096-bit) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_TEST_ALLOW_RSA_4096 +depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096 pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha384.der":"PolarSSLTest":0 Parse RSA Key #80.1 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA384 DER, 4096-bit, wrong PW) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7:MBEDTLS_TEST_ALLOW_RSA_4096 +depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096 pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha384.der":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH Parse RSA Key #80.2 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA384 DER, 4096-bit, no PW) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_TEST_ALLOW_RSA_4096 +depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096 pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha384.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT Parse RSA Key #81 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA384) @@ -699,15 +699,15 @@ depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5 pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_des_sha384.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED Parse RSA Key #83 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA384, 4096-bit) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_TEST_ALLOW_RSA_4096 +depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096 pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha384.pem":"PolarSSLTest":0 Parse RSA Key #83.1 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA384, 4096-bit, wrong PW) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7:MBEDTLS_TEST_ALLOW_RSA_4096 +depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096 pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha384.pem":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH Parse RSA Key #83.2 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA384, 4096-bit, no PW) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_TEST_ALLOW_RSA_4096 +depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096 pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha384.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED Parse RSA Key #84 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA384 DER) @@ -735,15 +735,15 @@ depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_des_sha384.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT Parse RSA Key #87 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA384 DER, 4096-bit) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_TEST_ALLOW_RSA_4096 +depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096 pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha384.der":"PolarSSLTest":0 Parse RSA Key #87.1 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA384 DER, 4096-bit, wrong PW) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7:MBEDTLS_TEST_ALLOW_RSA_4096 +depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096 pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha384.der":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH Parse RSA Key #87.2 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA384 DER, 4096-bit, no PW) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_TEST_ALLOW_RSA_4096 +depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096 pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha384.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT Parse RSA Key #88 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA512) @@ -771,15 +771,15 @@ depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA512:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5 pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha512.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED Parse RSA Key #90 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA512, 4096-bit) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA512:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_TEST_ALLOW_RSA_4096 +depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA512:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096 pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha512.pem":"PolarSSLTest":0 Parse RSA Key #90.1 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA512, 4096-bit, wrong PW) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA512:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7:MBEDTLS_TEST_ALLOW_RSA_4096 +depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA512:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096 pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha512.pem":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH Parse RSA Key #90.2 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA512, 4096-bit, no PW) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA512:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_TEST_ALLOW_RSA_4096 +depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA512:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096 pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha512.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED Parse RSA Key #91 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA512 DER) @@ -807,15 +807,15 @@ depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA512:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha512.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT Parse RSA Key #93 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA512 DER, 4096-bit) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA512:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_TEST_ALLOW_RSA_4096 +depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA512:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096 pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha512.der":"PolarSSLTest":0 Parse RSA Key #93.1 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA512 DER, 4096-bit, wrong PW) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA512:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7:MBEDTLS_TEST_ALLOW_RSA_4096 +depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA512:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096 pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha512.der":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH Parse RSA Key #93.2 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA512 DER, 4096-bit, no PW) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA512:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_TEST_ALLOW_RSA_4096 +depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA512:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096 pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha512.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT Parse RSA Key #94 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA512) @@ -843,15 +843,15 @@ depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA512:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5 pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_des_sha512.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED Parse RSA Key #96 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA512, 4096-bit) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA512:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_TEST_ALLOW_RSA_4096 +depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA512:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096 pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha512.pem":"PolarSSLTest":0 Parse RSA Key #96.1 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA512, 4096-bit, wrong PW) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA512:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7:MBEDTLS_TEST_ALLOW_RSA_4096 +depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA512:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096 pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha512.pem":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH Parse RSA Key #96.2 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA512, 4096-bit, no PW) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA512:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_TEST_ALLOW_RSA_4096 +depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA512:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096 pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha512.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED Parse RSA Key #97 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA512 DER) @@ -879,15 +879,15 @@ depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA512:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_des_sha512.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT Parse RSA Key #99 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA512 DER, 4096-bit) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA512:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_TEST_ALLOW_RSA_4096 +depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA512:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096 pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha512.der":"PolarSSLTest":0 Parse RSA Key #99.1 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA512 DER, 4096-bit, wrong PW) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA512:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7:MBEDTLS_TEST_ALLOW_RSA_4096 +depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA512:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096 pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha512.der":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH Parse RSA Key #99.2 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA512 DER, 4096-bit, no PW) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA512:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_TEST_ALLOW_RSA_4096 +depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA512:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096 pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha512.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT Parse RSA Key #99.3 (PKCS#8 encrypted v2 PBKDF2 AES-128-CBC hmacWithSHA384, 2048-bit) diff --git a/tests/suites/test_suite_pkwrite.data b/tests/suites/test_suite_pkwrite.data index 34b8698124..d333dddb79 100644 --- a/tests/suites/test_suite_pkwrite.data +++ b/tests/suites/test_suite_pkwrite.data @@ -7,11 +7,11 @@ depends_on:MBEDTLS_RSA_C pk_write_pubkey_check:"../framework/data_files/server1.pubkey.der":TEST_DER Public key write check RSA 4096 -depends_on:MBEDTLS_RSA_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PEM_WRITE_C:MBEDTLS_TEST_ALLOW_RSA_4096 +depends_on:MBEDTLS_RSA_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PEM_WRITE_C:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096 pk_write_pubkey_check:"../framework/data_files/rsa4096_pub.pem":TEST_PEM Public key write check RSA 4096 (DER) -depends_on:MBEDTLS_RSA_C:MBEDTLS_TEST_ALLOW_RSA_4096 +depends_on:MBEDTLS_RSA_C:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096 pk_write_pubkey_check:"../framework/data_files/rsa4096_pub.der":TEST_DER Public key write check EC 192 bits @@ -66,11 +66,11 @@ depends_on:MBEDTLS_RSA_C pk_write_key_check:"../framework/data_files/server1.key.der":TEST_DER Private key write check RSA 4096 -depends_on:MBEDTLS_RSA_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PEM_WRITE_C:MBEDTLS_TEST_ALLOW_RSA_4096 +depends_on:MBEDTLS_RSA_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PEM_WRITE_C:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096 pk_write_key_check:"../framework/data_files/rsa4096_prv.pem":TEST_PEM Private key write check RSA 4096 (DER) -depends_on:MBEDTLS_RSA_C:MBEDTLS_TEST_ALLOW_RSA_4096 +depends_on:MBEDTLS_RSA_C:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096 pk_write_key_check:"../framework/data_files/rsa4096_prv.der":TEST_DER Private key write check EC 192 bits @@ -134,7 +134,7 @@ depends_on:MBEDTLS_RSA_C pk_write_public_from_private:"../framework/data_files/server1.key.der":"../framework/data_files/server1.pubkey.der" Derive public key RSA 4096 -depends_on:MBEDTLS_RSA_C:MBEDTLS_TEST_ALLOW_RSA_4096 +depends_on:MBEDTLS_RSA_C:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096 pk_write_public_from_private:"../framework/data_files/rsa4096_prv.der":"../framework/data_files/rsa4096_pub.der" Derive public key EC 192 bits From 0c4a74b74b0e65d80c5bdd77b0c476a6ecb8cc9e Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Thu, 26 Sep 2024 17:26:02 +0200 Subject: [PATCH 25/35] test_suite_psa_crypto: use finer grained checks on the key slot buffer size Instead of skipping some tests when !MBEDTLS_PSA_STATIC_KEY_SLOTS, add a proper check in the depends_on to verify if MBEDTLS_PSA_KEY_BUFFER_MAX_SIZE is actually large enough to contain the key used in such test. Signed-off-by: Valerio Setti --- include/psa/crypto_extra.h | 7 +++++++ tests/suites/test_suite_psa_crypto.data | 14 +++++++------- 2 files changed, 14 insertions(+), 7 deletions(-) diff --git a/include/psa/crypto_extra.h b/include/psa/crypto_extra.h index f48c0873b5..9bc68f6a26 100644 --- a/include/psa/crypto_extra.h +++ b/include/psa/crypto_extra.h @@ -42,6 +42,13 @@ extern "C" { PSA_EXPORT_KEY_PAIR_OR_PUBLIC_MAX_SIZE : PSA_CIPHER_MAX_KEY_LENGTH) #endif /* !MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE*/ +/* Define the size of the each key slot buffer. */ +#if defined(MBEDTLS_PSA_STATIC_KEY_SLOTS) +#define MBEDTLS_PSA_KEY_BUFFER_MAX_SIZE MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE +#else +#define MBEDTLS_PSA_KEY_BUFFER_MAX_SIZE SIZE_MAX +#endif + /** \addtogroup attributes * @{ */ diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data index 5a3a4f3d1c..ef14b47201 100644 --- a/tests/suites/test_suite_psa_crypto.data +++ b/tests/suites/test_suite_psa_crypto.data @@ -7170,7 +7170,7 @@ derive_key:PSA_ALG_PBKDF2_AES_CMAC_PRF_128:"706173737764":"01":"73616c74":PSA_KE # and not expected to be raised any time soon) is less than the maximum # output from HKDF-SHA512 (255*64 = 16320 bytes). PSA key derivation: largest possible key -depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_512:!MBEDTLS_PSA_STATIC_KEY_SLOTS +depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_512:MBEDTLS_PSA_KEY_BUFFER_MAX_SIZE >= 16320 derive_key:PSA_ALG_HKDF(PSA_ALG_SHA_512):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":PSA_KEY_TYPE_RAW_DATA:PSA_MAX_KEY_BITS:PSA_SUCCESS:1 PSA key derivation: key too large @@ -7414,15 +7414,15 @@ PSA generate key: raw data, 9 bits: invalid argument generate_key:PSA_KEY_TYPE_RAW_DATA:9:PSA_KEY_USAGE_EXPORT:0:PSA_ERROR_INVALID_ARGUMENT:0 PSA generate key: raw data, (MBEDTLS_CTR_DRBG_MAX_REQUEST + 1) * 8 bits -depends_on:!MBEDTLS_PSA_STATIC_KEY_SLOTS +depends_on:MBEDTLS_PSA_KEY_BUFFER_MAX_SIZE >= (MBEDTLS_CTR_DRBG_MAX_REQUEST + 1) generate_key:PSA_KEY_TYPE_RAW_DATA:(MBEDTLS_CTR_DRBG_MAX_REQUEST + 1) * 8:PSA_KEY_USAGE_EXPORT:0:PSA_SUCCESS:0 PSA generate key: raw data, (2 * MBEDTLS_CTR_DRBG_MAX_REQUEST + 1) * 8 bits -depends_on:!MBEDTLS_PSA_STATIC_KEY_SLOTS +depends_on:MBEDTLS_PSA_KEY_BUFFER_MAX_SIZE >= (2 * MBEDTLS_CTR_DRBG_MAX_REQUEST + 1) generate_key:PSA_KEY_TYPE_RAW_DATA:(2 * MBEDTLS_CTR_DRBG_MAX_REQUEST + 1) * 8:PSA_KEY_USAGE_EXPORT:0:PSA_SUCCESS:0 PSA generate key: raw data, 65528 bits (large key, ok if it fits) -depends_on:!MBEDTLS_PSA_STATIC_KEY_SLOTS +depends_on:MBEDTLS_PSA_KEY_BUFFER_MAX_SIZE >= 65528 generate_key:PSA_KEY_TYPE_RAW_DATA:65528:PSA_KEY_USAGE_EXPORT:0:PSA_SUCCESS:1 PSA generate key: raw data, 65536 bits (not supported) @@ -7669,15 +7669,15 @@ depends_on:MBEDTLS_THREADING_PTHREAD concurrently_generate_keys:PSA_KEY_TYPE_RAW_DATA:9:PSA_KEY_USAGE_EXPORT:0:PSA_ERROR_INVALID_ARGUMENT:0:8:5 PSA concurrent key generation: raw data, (MBEDTLS_CTR_DRBG_MAX_REQUEST + 1) * 8 bits -depends_on:MBEDTLS_THREADING_PTHREAD:!MBEDTLS_PSA_STATIC_KEY_SLOTS +depends_on:MBEDTLS_THREADING_PTHREAD:MBEDTLS_PSA_KEY_BUFFER_MAX_SIZE >= (MBEDTLS_CTR_DRBG_MAX_REQUEST + 1) concurrently_generate_keys:PSA_KEY_TYPE_RAW_DATA:(MBEDTLS_CTR_DRBG_MAX_REQUEST + 1) * 8:PSA_KEY_USAGE_EXPORT:0:PSA_SUCCESS:0:8:5 PSA concurrent key generation: raw data, (2 * MBEDTLS_CTR_DRBG_MAX_REQUEST + 1) * 8 bits -depends_on:MBEDTLS_THREADING_PTHREAD:!MBEDTLS_PSA_STATIC_KEY_SLOTS +depends_on:MBEDTLS_THREADING_PTHREAD:MBEDTLS_PSA_KEY_BUFFER_MAX_SIZE >= (2 * MBEDTLS_CTR_DRBG_MAX_REQUEST + 1) concurrently_generate_keys:PSA_KEY_TYPE_RAW_DATA:(2 * MBEDTLS_CTR_DRBG_MAX_REQUEST + 1) * 8:PSA_KEY_USAGE_EXPORT:0:PSA_SUCCESS:0:8:5 PSA concurrent key generation: raw data, 65528 bits (large key, ok if it fits) -depends_on:MBEDTLS_THREADING_PTHREAD:!MBEDTLS_PSA_STATIC_KEY_SLOTS +depends_on:MBEDTLS_THREADING_PTHREAD:MBEDTLS_PSA_KEY_BUFFER_MAX_SIZE > 65528 concurrently_generate_keys:PSA_KEY_TYPE_RAW_DATA:65528:PSA_KEY_USAGE_EXPORT:0:PSA_SUCCESS:1:8:5 PSA concurrent key generation: raw data, 65536 bits (not supported) From 5fbb0e882942b965995a70cd30c38a39cb6475dd Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Fri, 27 Sep 2024 09:35:20 +0200 Subject: [PATCH 26/35] components-basic-checks: add new exception for MBEDTLS_CTR_DRBG_MAX_REQUEST Signed-off-by: Valerio Setti --- tests/scripts/components-basic-checks.sh | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/tests/scripts/components-basic-checks.sh b/tests/scripts/components-basic-checks.sh index da48f71107..7b60b49ca4 100644 --- a/tests/scripts/components-basic-checks.sh +++ b/tests/scripts/components-basic-checks.sh @@ -106,6 +106,9 @@ component_check_test_dependencies () { # the test code and that's probably the most convenient way of achieving # the test's goal. echo "MBEDTLS_ASN1_WRITE_C" >> $expected + # No PSA equivalent - used in test_suite_psa_crypto to get some "known" size + # for raw key generation. + echo "MBEDTLS_CTR_DRBG_MAX_REQUEST" >> $expected # No PSA equivalent - we should probably have one in the future. echo "MBEDTLS_ECP_RESTARTABLE" >> $expected # No PSA equivalent - needed by some init tests @@ -159,4 +162,3 @@ component_check_test_helpers () { msg "unit test: translate_ciphers.py" python3 -m unittest framework/scripts/translate_ciphers.py 2>&1 } - From 5c10bc759b6fbdd36dd73672b8579a0810308a7e Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Fri, 27 Sep 2024 09:55:26 +0200 Subject: [PATCH 27/35] psa_crypto_helpers: add guard for MBEDTLS_TEST_STATIC_KEY_SLOTS_SUPPORT_RSA_xxx PSA_KEY_EXPORT_RSA_KEY_PAIR_MAX_SIZE() is not defined when there is no MBEDTLS_PSA_CRYPTO_CLIENT so we need this guard to define MBEDTLS_TEST_STATIC_KEY_SLOTS_SUPPORT_RSA_[2048/4096]. Signed-off-by: Valerio Setti --- tests/include/test/psa_crypto_helpers.h | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/tests/include/test/psa_crypto_helpers.h b/tests/include/test/psa_crypto_helpers.h index e7b41b22a4..2889513f26 100644 --- a/tests/include/test/psa_crypto_helpers.h +++ b/tests/include/test/psa_crypto_helpers.h @@ -471,6 +471,8 @@ uint64_t mbedtls_test_parse_binary_string(data_t *bin_string); /* A couple of helper macros to verify if MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE is * large enough to contain an RSA key pair of the given size. This is meant to be * used in test cases where MBEDTLS_PSA_STATIC_KEY_SLOTS is enabled. */ +#if defined(MBEDTLS_PSA_CRYPTO_CLIENT) + #if (MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE >= PSA_KEY_EXPORT_RSA_KEY_PAIR_MAX_SIZE(4096)) #define MBEDTLS_TEST_STATIC_KEY_SLOTS_SUPPORT_RSA_4096 #endif @@ -479,6 +481,8 @@ uint64_t mbedtls_test_parse_binary_string(data_t *bin_string); #define MBEDTLS_TEST_STATIC_KEY_SLOTS_SUPPORT_RSA_2048 #endif +#endif /* MBEDTLS_PSA_CRYPTO_CLIENT */ + /* Helper macro for the PK module to check whether MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE * is large enough to contain 4096 bits RSA key pairs. Of course this check is only * necessary if PK relies on PSA (i.e. MBEDTLS_USE_PSA_CRYPTO) to store and manage From 0c4cacc0b3c907fda75b403292821e8069f7f0f7 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Fri, 4 Oct 2024 07:09:16 +0200 Subject: [PATCH 28/35] test_suite_psa_crypto.data: fix some depends_on Signed-off-by: Valerio Setti --- tests/suites/test_suite_psa_crypto.data | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data index ef14b47201..bbf7575aa0 100644 --- a/tests/suites/test_suite_psa_crypto.data +++ b/tests/suites/test_suite_psa_crypto.data @@ -7170,7 +7170,7 @@ derive_key:PSA_ALG_PBKDF2_AES_CMAC_PRF_128:"706173737764":"01":"73616c74":PSA_KE # and not expected to be raised any time soon) is less than the maximum # output from HKDF-SHA512 (255*64 = 16320 bytes). PSA key derivation: largest possible key -depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_512:MBEDTLS_PSA_KEY_BUFFER_MAX_SIZE >= 16320 +depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_512:MBEDTLS_PSA_KEY_BUFFER_MAX_SIZE >= PSA_BITS_TO_BYTES(PSA_MAX_KEY_BITS) derive_key:PSA_ALG_HKDF(PSA_ALG_SHA_512):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":PSA_KEY_TYPE_RAW_DATA:PSA_MAX_KEY_BITS:PSA_SUCCESS:1 PSA key derivation: key too large @@ -7422,7 +7422,7 @@ depends_on:MBEDTLS_PSA_KEY_BUFFER_MAX_SIZE >= (2 * MBEDTLS_CTR_DRBG_MAX_REQUEST generate_key:PSA_KEY_TYPE_RAW_DATA:(2 * MBEDTLS_CTR_DRBG_MAX_REQUEST + 1) * 8:PSA_KEY_USAGE_EXPORT:0:PSA_SUCCESS:0 PSA generate key: raw data, 65528 bits (large key, ok if it fits) -depends_on:MBEDTLS_PSA_KEY_BUFFER_MAX_SIZE >= 65528 +depends_on:MBEDTLS_PSA_KEY_BUFFER_MAX_SIZE >= PSA_BITS_TO_BYTES(65528) generate_key:PSA_KEY_TYPE_RAW_DATA:65528:PSA_KEY_USAGE_EXPORT:0:PSA_SUCCESS:1 PSA generate key: raw data, 65536 bits (not supported) @@ -7677,7 +7677,7 @@ depends_on:MBEDTLS_THREADING_PTHREAD:MBEDTLS_PSA_KEY_BUFFER_MAX_SIZE >= (2 * MBE concurrently_generate_keys:PSA_KEY_TYPE_RAW_DATA:(2 * MBEDTLS_CTR_DRBG_MAX_REQUEST + 1) * 8:PSA_KEY_USAGE_EXPORT:0:PSA_SUCCESS:0:8:5 PSA concurrent key generation: raw data, 65528 bits (large key, ok if it fits) -depends_on:MBEDTLS_THREADING_PTHREAD:MBEDTLS_PSA_KEY_BUFFER_MAX_SIZE > 65528 +depends_on:MBEDTLS_THREADING_PTHREAD:MBEDTLS_PSA_KEY_BUFFER_MAX_SIZE > PSA_BITS_TO_BYTES(65528) concurrently_generate_keys:PSA_KEY_TYPE_RAW_DATA:65528:PSA_KEY_USAGE_EXPORT:0:PSA_SUCCESS:1:8:5 PSA concurrent key generation: raw data, 65536 bits (not supported) From bdfb80bf3bc6eea3b9c9f0da81d0b53bac9234c7 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Fri, 4 Oct 2024 07:14:35 +0200 Subject: [PATCH 29/35] psa: move definition of MBEDTLS_PSA_KEY_BUFFER_MAX_SIZE MBEDTLS_PSA_KEY_BUFFER_MAX_SIZE is only used in tests so it should not be defined in a public header such as "crypto_extra.h". "psa_crypto_helpers.h" is a better option. Signed-off-by: Valerio Setti --- include/psa/crypto_extra.h | 7 ------- tests/include/test/psa_crypto_helpers.h | 7 +++++++ 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/include/psa/crypto_extra.h b/include/psa/crypto_extra.h index 9bc68f6a26..f48c0873b5 100644 --- a/include/psa/crypto_extra.h +++ b/include/psa/crypto_extra.h @@ -42,13 +42,6 @@ extern "C" { PSA_EXPORT_KEY_PAIR_OR_PUBLIC_MAX_SIZE : PSA_CIPHER_MAX_KEY_LENGTH) #endif /* !MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE*/ -/* Define the size of the each key slot buffer. */ -#if defined(MBEDTLS_PSA_STATIC_KEY_SLOTS) -#define MBEDTLS_PSA_KEY_BUFFER_MAX_SIZE MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE -#else -#define MBEDTLS_PSA_KEY_BUFFER_MAX_SIZE SIZE_MAX -#endif - /** \addtogroup attributes * @{ */ diff --git a/tests/include/test/psa_crypto_helpers.h b/tests/include/test/psa_crypto_helpers.h index 2889513f26..723fc32f85 100644 --- a/tests/include/test/psa_crypto_helpers.h +++ b/tests/include/test/psa_crypto_helpers.h @@ -483,6 +483,13 @@ uint64_t mbedtls_test_parse_binary_string(data_t *bin_string); #endif /* MBEDTLS_PSA_CRYPTO_CLIENT */ +/* Helper macro to get the size of the each key slot buffer. */ +#if defined(MBEDTLS_PSA_STATIC_KEY_SLOTS) +#define MBEDTLS_PSA_KEY_BUFFER_MAX_SIZE MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE +#else +#define MBEDTLS_PSA_KEY_BUFFER_MAX_SIZE SIZE_MAX +#endif + /* Helper macro for the PK module to check whether MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE * is large enough to contain 4096 bits RSA key pairs. Of course this check is only * necessary if PK relies on PSA (i.e. MBEDTLS_USE_PSA_CRYPTO) to store and manage From fe0f09e35fa1389a382c5069a98c5347e21cedd6 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Fri, 4 Oct 2024 13:46:37 +0200 Subject: [PATCH 30/35] Documentation: fix some nits Signed-off-by: Valerio Setti --- include/mbedtls/mbedtls_config.h | 2 +- library/psa_crypto_core.h | 4 ++-- tests/include/test/psa_crypto_helpers.h | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/include/mbedtls/mbedtls_config.h b/include/mbedtls/mbedtls_config.h index 97994977f7..ebc9276d20 100644 --- a/include/mbedtls/mbedtls_config.h +++ b/include/mbedtls/mbedtls_config.h @@ -3280,7 +3280,7 @@ * #MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE. * * \note This feature comes with a (potentially) higher RAM usage since: - * - All the key slots are allocated no matter if they are used of not. + * - All the key slots are allocated no matter if they are used or not. * - Each key buffer's length is #MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE bytes. * * Requires: MBEDTLS_PSA_CRYPTO_C diff --git a/library/psa_crypto_core.h b/library/psa_crypto_core.h index f2d849876c..df0ee501ab 100644 --- a/library/psa_crypto_core.h +++ b/library/psa_crypto_core.h @@ -157,9 +157,9 @@ typedef struct { struct key_data { #if defined(MBEDTLS_PSA_STATIC_KEY_SLOTS) uint8_t data[MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE]; -#else /* MBEDTLS_PSA_STATIC_KEY_SLOTS */ +#else uint8_t *data; -#endif /* MBEDTLS_PSA_STATIC_KEY_SLOTS */ +#endif size_t bytes; } key; } psa_key_slot_t; diff --git a/tests/include/test/psa_crypto_helpers.h b/tests/include/test/psa_crypto_helpers.h index 723fc32f85..195f871d43 100644 --- a/tests/include/test/psa_crypto_helpers.h +++ b/tests/include/test/psa_crypto_helpers.h @@ -491,7 +491,7 @@ uint64_t mbedtls_test_parse_binary_string(data_t *bin_string); #endif /* Helper macro for the PK module to check whether MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE - * is large enough to contain 4096 bits RSA key pairs. Of course this check is only + * is large enough to contain 4096-bit RSA key pairs. Of course this check is only * necessary if PK relies on PSA (i.e. MBEDTLS_USE_PSA_CRYPTO) to store and manage * the key. */ #if defined(MBEDTLS_USE_PSA_CRYPTO) From d65ed17d740eede2e118855c6407d40bc4e69eb4 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Fri, 4 Oct 2024 16:50:24 +0200 Subject: [PATCH 31/35] changelog: describe support for static key slot buffers Signed-off-by: Valerio Setti --- ChangeLog.d/9302.txt | 8 ++++++++ 1 file changed, 8 insertions(+) create mode 100644 ChangeLog.d/9302.txt diff --git a/ChangeLog.d/9302.txt b/ChangeLog.d/9302.txt new file mode 100644 index 0000000000..bc121de0c9 --- /dev/null +++ b/ChangeLog.d/9302.txt @@ -0,0 +1,8 @@ +Features + * When the new compilation option MBEDTLS_PSA_STATIC_KEY_SLOTS is enabled, + key store uses static key slot buffers instead of dynamically allocated + ones. + * The size of each static key slot buffer is determined by + MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE. If not set, its default value + is set to accomodate for the largest PSA asymmetric/symmetric key enabled + in the build. From cc27702cebc612e3a63a8613cf92128935701e76 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Fri, 4 Oct 2024 17:45:21 +0200 Subject: [PATCH 32/35] changelog: updated description Signed-off-by: Valerio Setti --- ChangeLog.d/9302.txt | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/ChangeLog.d/9302.txt b/ChangeLog.d/9302.txt index bc121de0c9..f2389bf820 100644 --- a/ChangeLog.d/9302.txt +++ b/ChangeLog.d/9302.txt @@ -1,8 +1,8 @@ Features * When the new compilation option MBEDTLS_PSA_STATIC_KEY_SLOTS is enabled, - key store uses static key slot buffers instead of dynamically allocated - ones. - * The size of each static key slot buffer is determined by - MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE. If not set, its default value - is set to accomodate for the largest PSA asymmetric/symmetric key enabled - in the build. + key store uses statically allocated key slot's buffers instead of + dynamically allocating them on heap memory at runtime (through malloc/free + calls). + The size of each buffer is given by the option + MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE. By default it accomodates the + largest PSA key enabled in the build. From d218b57d673a765683a1e7b74657c6d186aaa0a0 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Mon, 7 Oct 2024 09:52:44 +0200 Subject: [PATCH 33/35] changelog: updated description Signed-off-by: Valerio Setti --- ChangeLog.d/9302.txt | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/ChangeLog.d/9302.txt b/ChangeLog.d/9302.txt index f2389bf820..6f56ece021 100644 --- a/ChangeLog.d/9302.txt +++ b/ChangeLog.d/9302.txt @@ -1,8 +1,6 @@ Features - * When the new compilation option MBEDTLS_PSA_STATIC_KEY_SLOTS is enabled, - key store uses statically allocated key slot's buffers instead of - dynamically allocating them on heap memory at runtime (through malloc/free - calls). + * Added new configuration option MBEDTLS_PSA_STATIC_KEY_SLOTS, which + uses static storage for keys, enabling malloc-less use of key slots. The size of each buffer is given by the option MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE. By default it accomodates the largest PSA key enabled in the build. From a71c75f0fbc9327fea2a2139e58c3e2379fefa37 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Mon, 7 Oct 2024 11:21:02 +0200 Subject: [PATCH 34/35] changelog: fix typo Signed-off-by: Valerio Setti --- ChangeLog.d/9302.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ChangeLog.d/9302.txt b/ChangeLog.d/9302.txt index 6f56ece021..d61ba19632 100644 --- a/ChangeLog.d/9302.txt +++ b/ChangeLog.d/9302.txt @@ -2,5 +2,5 @@ Features * Added new configuration option MBEDTLS_PSA_STATIC_KEY_SLOTS, which uses static storage for keys, enabling malloc-less use of key slots. The size of each buffer is given by the option - MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE. By default it accomodates the + MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE. By default it accommodates the largest PSA key enabled in the build. From 40859ac3b6ad62fccbd5078207480515b654bdbd Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Wed, 9 Oct 2024 14:45:51 +0200 Subject: [PATCH 35/35] fix PR9302 backporting issues - psa_crypto_helpers.h mbedtls-3.6 branch misses some crypto client changes that has been done in the development branch since the LTS release. Therefore CRYPTO_C guard here is more accurate than CRYPTO_CLIENT. - entropy.h In the development branch MBEDTLS_ENTROPY_BLOCK_SIZE is defined when PSA_WANT_ALG_SHA_[256/512] is defined while in the mbedtls-3.6 branch is guarded by MBEDTLS_MD_CAN_SHA[256/512] which is slightly different. Since MBEDTLS_ENTROPY_BLOCK_SIZE is used in some tests's data files, we need to have it defined also if the related test is skipped. Therefore we add the PSA_WANT_ALG_SHA conditions together with the MBEDTLS_MD_CAN_SHA ones to mimic the development behavior. Signed-off-by: Valerio Setti --- include/mbedtls/entropy.h | 5 +++-- tests/include/test/psa_crypto_helpers.h | 4 ++-- 2 files changed, 5 insertions(+), 4 deletions(-) diff --git a/include/mbedtls/entropy.h b/include/mbedtls/entropy.h index 20fd6872b8..6c64e3e4e1 100644 --- a/include/mbedtls/entropy.h +++ b/include/mbedtls/entropy.h @@ -17,12 +17,13 @@ #include "md.h" -#if defined(MBEDTLS_MD_CAN_SHA512) && !defined(MBEDTLS_ENTROPY_FORCE_SHA256) +#if (defined(MBEDTLS_MD_CAN_SHA512) || defined(PSA_WANT_ALG_SHA_512)) && \ + !defined(MBEDTLS_ENTROPY_FORCE_SHA256) #define MBEDTLS_ENTROPY_SHA512_ACCUMULATOR #define MBEDTLS_ENTROPY_MD MBEDTLS_MD_SHA512 #define MBEDTLS_ENTROPY_BLOCK_SIZE 64 /**< Block size of entropy accumulator (SHA-512) */ #else -#if defined(MBEDTLS_MD_CAN_SHA256) +#if (defined(MBEDTLS_MD_CAN_SHA256) || defined(PSA_WANT_ALG_SHA_256)) #define MBEDTLS_ENTROPY_SHA256_ACCUMULATOR #define MBEDTLS_ENTROPY_MD MBEDTLS_MD_SHA256 #define MBEDTLS_ENTROPY_BLOCK_SIZE 32 /**< Block size of entropy accumulator (SHA-256) */ diff --git a/tests/include/test/psa_crypto_helpers.h b/tests/include/test/psa_crypto_helpers.h index 195f871d43..bf0707d429 100644 --- a/tests/include/test/psa_crypto_helpers.h +++ b/tests/include/test/psa_crypto_helpers.h @@ -471,7 +471,7 @@ uint64_t mbedtls_test_parse_binary_string(data_t *bin_string); /* A couple of helper macros to verify if MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE is * large enough to contain an RSA key pair of the given size. This is meant to be * used in test cases where MBEDTLS_PSA_STATIC_KEY_SLOTS is enabled. */ -#if defined(MBEDTLS_PSA_CRYPTO_CLIENT) +#if defined(MBEDTLS_PSA_CRYPTO_C) #if (MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE >= PSA_KEY_EXPORT_RSA_KEY_PAIR_MAX_SIZE(4096)) #define MBEDTLS_TEST_STATIC_KEY_SLOTS_SUPPORT_RSA_4096 @@ -481,7 +481,7 @@ uint64_t mbedtls_test_parse_binary_string(data_t *bin_string); #define MBEDTLS_TEST_STATIC_KEY_SLOTS_SUPPORT_RSA_2048 #endif -#endif /* MBEDTLS_PSA_CRYPTO_CLIENT */ +#endif /* MBEDTLS_PSA_CRYPTO_C */ /* Helper macro to get the size of the each key slot buffer. */ #if defined(MBEDTLS_PSA_STATIC_KEY_SLOTS)