From 31cbbefde822cb2e2099e6c1d6b7013cdbb8b941 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 20 Apr 2021 11:18:25 +0200 Subject: [PATCH 001/188] PSA PBKDF2: add new key types MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Question to reviewers: regarding the numeric values, I'm not sure I've incremented the right byte/nibble. Should this be 0x1201, 0x1202 instead, or something else? Is there a convention I should be aware of? Signed-off-by: Manuel Pégourié-Gonnard --- include/psa/crypto_values.h | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/include/psa/crypto_values.h b/include/psa/crypto_values.h index 5e865c9315..2c247d068b 100644 --- a/include/psa/crypto_values.h +++ b/include/psa/crypto_values.h @@ -414,6 +414,20 @@ */ #define PSA_KEY_TYPE_DERIVE ((psa_key_type_t)0x1200) +/** A low-entropy secret for password hashing or key derivation. + * + * The key policy determines which key derivation algorithm the key + * can be used for. + */ +#define PSA_KEY_TYPE_PASSWORD ((psa_key_type_t)0x1300) + +/** A secret value that can be mixed in when doing password hashing. + * + * The key policy determines which key derivation algorithm the key + * can be used for. + */ +#define PSA_KEY_TYPE_PEPPER ((psa_key_type_t)0x1400) + /** Key for a cipher, AEAD or MAC algorithm based on the AES block cipher. * * The size of the key can be 16 bytes (AES-128), 24 bytes (AES-192) or From 759438cfce865317382c321cbc5d36ab285b067b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 20 Apr 2021 11:18:53 +0200 Subject: [PATCH 002/188] PSA PBKDF2: add new policies MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The documentation references functions that will be introduced in later commits, but hopefully from the naming it's already clear what those function will do. Signed-off-by: Manuel Pégourié-Gonnard --- include/psa/crypto_values.h | 30 +++++++++++++++++++++++++++++- 1 file changed, 29 insertions(+), 1 deletion(-) diff --git a/include/psa/crypto_values.h b/include/psa/crypto_values.h index 2c247d068b..840be8b6cf 100644 --- a/include/psa/crypto_values.h +++ b/include/psa/crypto_values.h @@ -2097,10 +2097,38 @@ static inline int mbedtls_svc_key_id_is_null( mbedtls_svc_key_id_t key ) */ #define PSA_KEY_USAGE_VERIFY_HASH ((psa_key_usage_t)0x00002000) -/** Whether the key may be used to derive other keys. +/** Whether the key may be used to derive other keys or produce a password + * hash. + * + * This flag allows the key to be used as the input of + * psa_key_derivation_input_key() at the step + * #PSA_KEY_DERIVATION_INPUT_SECRET of #PSA_KEY_DERIVATION_INPUT_PASSWORD + * depending on the algorithm, and allows the use of + * psa_key_derivation_output_bytes() or psa_key_derivation_output_key() + * at the end of the operation. */ #define PSA_KEY_USAGE_DERIVE ((psa_key_usage_t)0x00004000) +/** Whether the key may be used to produce a password hash and verify it + * against an expected value. + * + * This flag allows the key to be used as the input of + * psa_key_derivation_input_key() at the step + * #PSA_KEY_DERIVATION_INPUT_SECRET of #PSA_KEY_DERIVATION_INPUT_PASSWORD + * depending on the algorithm, and allows the use of + * psa_key_derivation_verify_output_bytes() or + * psa_key_derivation_verify_output_key() at the end of the operation. + */ +#define PSA_KEY_USAGE_PASSWORD_HASH_AND_VERITY ((psa_key_usage_t)0x00008000) + +/** Whether the key may be used to as the expected value to which a password + * hash will be compared. + * + * This flag allows key to be used as the \c key argument of + * psa_key_derivation_verify_output_key(). + */ +#define PSA_KEY_USAGE_PASSWORD_HASH_VERIFIER ((psa_key_usage_t)0x00010000) + /**@}*/ /** \defgroup derivation Key derivation From 5a67992a619b0f09577e86481e71a014c6a6b520 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 20 Apr 2021 11:30:11 +0200 Subject: [PATCH 003/188] PSA PBKDF2: add/update input types MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit For the numeric values, I followed the apparent existing convention: - first byte is 01 for secret inputs, 02 for non-secret inputs - then second by is just incremented for each new input type The documentation references a function that will be introduced in the next commit. Signed-off-by: Manuel Pégourié-Gonnard --- include/psa/crypto_values.h | 23 ++++++++++++++++++++++- 1 file changed, 22 insertions(+), 1 deletion(-) diff --git a/include/psa/crypto_values.h b/include/psa/crypto_values.h index 840be8b6cf..4787dc1a94 100644 --- a/include/psa/crypto_values.h +++ b/include/psa/crypto_values.h @@ -2149,6 +2149,20 @@ static inline int mbedtls_svc_key_id_is_null( mbedtls_svc_key_id_t key ) */ #define PSA_KEY_DERIVATION_INPUT_SECRET ((psa_key_derivation_step_t)0x0101) +/** A low-entropy secret input for password hashing / key stretching. + * + * This should be a key of type #PSA_KEY_TYPE_PASSWORD or #PSA_KEY_TYPE_DERIVE + * (passed to psa_key_derivation_input_key()) + * or the shared secret resulting from a key agreement + * (obtained via psa_key_derivation_key_agreement()). + * + * The secret can also be a direct input (passed to + * key_derivation_input_bytes()). In this case, the derivation operation + * may not be used to derive keys: the operation will only allow + * psa_key_derivation_output_bytes(), not psa_key_derivation_output_key(). + */ +#define PSA_KEY_DERIVATION_INPUT_PASSWORD ((psa_key_derivation_step_t)0x0102) + /** A label for key derivation. * * This should be a direct input. @@ -2159,7 +2173,8 @@ static inline int mbedtls_svc_key_id_is_null( mbedtls_svc_key_id_t key ) /** A salt for key derivation. * * This should be a direct input. - * It can also be a key of type #PSA_KEY_TYPE_RAW_DATA. + * It can also be a key of type #PSA_KEY_TYPE_RAW_DATA or + * #PSA_KEY_TYPE_PEPPER. */ #define PSA_KEY_DERIVATION_INPUT_SALT ((psa_key_derivation_step_t)0x0202) @@ -2177,6 +2192,12 @@ static inline int mbedtls_svc_key_id_is_null( mbedtls_svc_key_id_t key ) */ #define PSA_KEY_DERIVATION_INPUT_SEED ((psa_key_derivation_step_t)0x0204) +/** A cost parameter for password hashing / key stretching. + * + * This must be a direct input, passed to psa_key_derivation_input_numeric(). + */ +#define PSA_KEY_DERIVATION_INPUT_COST ((psa_key_derivation_step_t)0x0205) + /**@}*/ #endif /* PSA_CRYPTO_VALUES_H */ From 22f08bcc00d066731f47adfacc5722bb774b64fa Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 20 Apr 2021 11:57:34 +0200 Subject: [PATCH 004/188] PSA PBKDF2: add new input function MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Note on naming: previously considered input_numeric but then thought the other two input function are "input " not "input " so decided to follow that pattern. input_int would be shorter but sounds too much like the C type, which could be confusing as that's not the type of the parameter; IMO "integer" avoids that problem. Signed-off-by: Manuel Pégourié-Gonnard --- include/psa/crypto.h | 42 +++++++++++++++++++++++++++++++++++++ include/psa/crypto_values.h | 2 +- 2 files changed, 43 insertions(+), 1 deletion(-) diff --git a/include/psa/crypto.h b/include/psa/crypto.h index 81e1f28697..3eaaed10af 100644 --- a/include/psa/crypto.h +++ b/include/psa/crypto.h @@ -3290,6 +3290,48 @@ psa_status_t psa_key_derivation_input_bytes( const uint8_t *data, size_t data_length); +/** Provide a numeric input for key derivation or key agreement. + * + * Which inputs are required and in what order depends on the algorithm. + * Refer to the documentation of each key derivation or key agreement + * algorithm for information. + * + * This function is used for inputs which are small non-negative integers. + * + * If this function returns an error status, the operation enters an error + * state and must be aborted by calling psa_key_derivation_abort(). + * + * \param[in,out] operation The key derivation operation object to use. + * It must have been set up with + * psa_key_derivation_setup() and must not + * have produced any output yet. + * \param step Which step the input data is for. + * \param[in] data Input data to use. + * \param data_length Size of the \p data buffer in bytes. + * + * \retval #PSA_SUCCESS + * Success. + * \retval #PSA_ERROR_INVALID_ARGUMENT + * \c step is not compatible with the operation's algorithm. + * \retval #PSA_ERROR_INVALID_ARGUMENT + * \c step does not allow numeric inputs. + * \retval #PSA_ERROR_INSUFFICIENT_MEMORY + * \retval #PSA_ERROR_COMMUNICATION_FAILURE + * \retval #PSA_ERROR_HARDWARE_FAILURE + * \retval #PSA_ERROR_CORRUPTION_DETECTED + * \retval #PSA_ERROR_STORAGE_FAILURE + * \retval #PSA_ERROR_BAD_STATE + * The operation state is not valid for this input \p step. + * \retval #PSA_ERROR_BAD_STATE + * The library has not been previously initialized by psa_crypto_init(). + * It is implementation-dependent whether a failure to initialize + * results in this error code. + */ +psa_status_t psa_key_derivation_input_integer( + psa_key_derivation_operation_t *operation, + psa_key_derivation_step_t step, + uint64_t value); + /** Provide an input for key derivation in the form of a key. * * Which inputs are required and in what order depends on the algorithm. diff --git a/include/psa/crypto_values.h b/include/psa/crypto_values.h index 4787dc1a94..2565ebb985 100644 --- a/include/psa/crypto_values.h +++ b/include/psa/crypto_values.h @@ -2194,7 +2194,7 @@ static inline int mbedtls_svc_key_id_is_null( mbedtls_svc_key_id_t key ) /** A cost parameter for password hashing / key stretching. * - * This must be a direct input, passed to psa_key_derivation_input_numeric(). + * This must be a direct input, passed to psa_key_derivation_input_integer(). */ #define PSA_KEY_DERIVATION_INPUT_COST ((psa_key_derivation_step_t)0x0205) From 49325d3bcfdc5e17905d6b48732afcd9c2b01d4a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 20 Apr 2021 12:16:17 +0200 Subject: [PATCH 005/188] PSA PBKDF2: add verify-output functions MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Manuel Pégourié-Gonnard --- include/psa/crypto.h | 94 ++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 94 insertions(+) diff --git a/include/psa/crypto.h b/include/psa/crypto.h index 3eaaed10af..7df4f3aa48 100644 --- a/include/psa/crypto.h +++ b/include/psa/crypto.h @@ -3643,6 +3643,100 @@ psa_status_t psa_key_derivation_output_key( psa_key_derivation_operation_t *operation, mbedtls_svc_key_id_t *key); +/** Compare output data from a key derivation operation to an expected value. + * + * This function calculates output bytes from a key derivation algorithm and + * compares those bytes to an expected value. + * If you view the key derivation's output as a stream of bytes, this + * function destructively reads the requested number of bytes from the + * stream before comparing them. + * The operation's capacity decreases by the number of bytes read. + * + * If this function returns an error status other than + * #PSA_ERROR_INSUFFICIENT_DATA, the operation enters an error + * state and must be aborted by calling psa_key_derivation_abort(). + * + * \param[in,out] operation The key derivation operation object to read from. + * \param[in] expected_output Buffer where the output will be written. + * \param output_length Length ot the expected output; this is also the + * number of bytes that will be read. + * + * \retval #PSA_SUCCESS + * \retval #PSA_ERROR_INVALID_SIGNATURE + * The output was read successfully, but if differs from the expected + * output. + * \retval #PSA_ERROR_INSUFFICIENT_DATA + * The operation's capacity was less than + * \p output_length bytes. Note that in this case, + * the operation's capacity is set to 0, thus + * subsequent calls to this function will not + * succeed, even with a smaller output buffer. + * \retval #PSA_ERROR_BAD_STATE + * The operation state is not valid (it must be active and completed + * all required input steps). + * \retval #PSA_ERROR_INSUFFICIENT_MEMORY + * \retval #PSA_ERROR_COMMUNICATION_FAILURE + * \retval #PSA_ERROR_HARDWARE_FAILURE + * \retval #PSA_ERROR_CORRUPTION_DETECTED + * \retval #PSA_ERROR_STORAGE_FAILURE + * \retval #PSA_ERROR_BAD_STATE + * The library has not been previously initialized by psa_crypto_init(). + * It is implementation-dependent whether a failure to initialize + * results in this error code. + */ +psa_status_t psa_key_derivation_verify_output_bytes( + psa_key_derivation_operation_t *operation, + const uint8_t *output, + size_t output_length); + +/** Compare output data from a key derivation operation to an expected value. + * + * This function calculates output bytes from a key derivation algorithm and + * compares those bytes to an expected value, provided as key of type + * #PSA_KEY_TYPE_RAW_DATA. + * If you view the key derivation's output as a stream of bytes, this + * function destructively reads the number of bytes corresponding the the + * length of the expected value from the stream before comparing them. + * The operation's capacity decreases by the number of bytes read. + * + * If this function returns an error status other than + * #PSA_ERROR_INSUFFICIENT_DATA, the operation enters an error + * state and must be aborted by calling psa_key_derivation_abort(). + * + * \param[in,out] operation The key derivation operation object to read from. + * \param[in] expected A key of type #PSA_KEY_TYPE_RAW_DATA containing + * the expected output. Its policy must include the + * #PSA_KEY_USAGE_PASSWORD_HASH_VERIFIER flag. + * + * \retval #PSA_SUCCESS + * \retval #PSA_ERROR_INVALID_SIGNATURE + * The output was read successfully, but if differs from the expected + * output. + * \retval #PSA_ERROR_NOT_PERMITTED + * The key passed as the expected value does not allow this usage. + * \retval #PSA_ERROR_INSUFFICIENT_DATA + * The operation's capacity was less than + * the length of the expected value. In this case, + * the operation's capacity is set to 0, thus + * subsequent calls to this function will not + * succeed, even with a smaller output buffer. + * \retval #PSA_ERROR_BAD_STATE + * The operation state is not valid (it must be active and completed + * all required input steps). + * \retval #PSA_ERROR_INSUFFICIENT_MEMORY + * \retval #PSA_ERROR_COMMUNICATION_FAILURE + * \retval #PSA_ERROR_HARDWARE_FAILURE + * \retval #PSA_ERROR_CORRUPTION_DETECTED + * \retval #PSA_ERROR_STORAGE_FAILURE + * \retval #PSA_ERROR_BAD_STATE + * The library has not been previously initialized by psa_crypto_init(). + * It is implementation-dependent whether a failure to initialize + * results in this error code. + */ +psa_status_t psa_key_derivation_verify_output_bytes( + psa_key_derivation_operation_t *operation, + psa_key_id_t expected); + /** Abort a key derivation operation. * * Aborting an operation frees all associated resources except for the \c From 7da57914510d70290c75018a10beb1bfc2a53e8b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 20 Apr 2021 12:53:07 +0200 Subject: [PATCH 006/188] PSA PBKDF2: add algorithm macros + description MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Manuel Pégourié-Gonnard --- include/psa/crypto_values.h | 43 +++++++++++++++++++++++++++++++++++++ 1 file changed, 43 insertions(+) diff --git a/include/psa/crypto_values.h b/include/psa/crypto_values.h index 2565ebb985..45f1765527 100644 --- a/include/psa/crypto_values.h +++ b/include/psa/crypto_values.h @@ -1681,6 +1681,49 @@ #define PSA_ALG_TLS12_PSK_TO_MS_GET_HASH(hkdf_alg) \ (PSA_ALG_CATEGORY_HASH | ((hkdf_alg) & PSA_ALG_HASH_MASK)) +#define PSA_ALG_PBKDF2_HMAC_BASE ((psa_algorithm_t)0x08008100) +/** Macro to build a PBKDF2-HMAC algorithm. + * + * PBKDF2 is defined by PKCS#5, republished as RFC 8018 (section 5.2). + * It can use on of several PRFs internally; this macro is used when that PRF + * is based on HMAC with a given hash. + * + * For example, `PSA_ALG_PBKDF2_HMAC(PSA_ALG_SHA256)` represents PBKDF2 + * using HMAC-SHA-256 as the internal PRF. + * + * This key derivation algorithm uses the following inputs: + * - #PSA_KEY_DERIVATION_INPUT_PASSWORD is the password to be hashed + * - #PSA_KEY_DERIVATION_INPUT_SALT is (part of) the salt (see note below) + * - #PSA_KEY_DERIVATION_INPUT_COST is the iteration count + * + * Note: if multiple salt inputs are passed, they will be concatenated by the + * implementation in order to produce the salt that will be passed to the + * algorithm. This allows building the salt from multiple inputs, both public + * and secret (also known as pepper). + * + * \param hash_alg A hash algorithm (\c PSA_ALG_XXX value such that + * #PSA_ALG_IS_HASH(\p hash_alg) is true). + * + * \return The corresponding PBKDF2-HMAC-XXX algorithm. + * \return Unspecified if \p hash_alg is not a supported + * hash algorithm. + */ +#define PSA_ALG_PBKDF2_HMAC(hash_alg) \ + (PSA_ALG_PBKDF2_HMAC_BASE | ((hash_alg) & PSA_ALG_HASH_MASK)) + +/** Whether the specified algorithm is a PBKDF2-HMAC algorithm. + * + * \param alg An algorithm identifier (value of type #psa_algorithm_t). + * + * \return 1 if \c alg is a PBKDF2-HMAC algorithm, 0 otherwise. + * This macro may return either 0 or 1 if \c alg is not a supported + * key derivation algorithm identifier. + */ +#define PSA_ALG_IS_PBKDF2_HMAC(alg) \ + (((alg) & ~PSA_ALG_HASH_MASK) == PSA_ALG_PBKDF2_HMAC_BASE) +#define PSA_ALG_PBKDF2_HMAC_GET_HASH(hkdf_alg) \ + (PSA_ALG_CATEGORY_HASH | ((hkdf_alg) & PSA_ALG_HASH_MASK)) + #define PSA_ALG_KEY_DERIVATION_MASK ((psa_algorithm_t)0xfe00ffff) #define PSA_ALG_KEY_AGREEMENT_MASK ((psa_algorithm_t)0xffff0000) From 234b1ecace84103c58488619afa9cb8050526541 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 20 Apr 2021 13:07:21 +0200 Subject: [PATCH 007/188] PSA PBKDF2: add "stretching" sub-category of key derivation MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Manuel Pégourié-Gonnard --- include/psa/crypto_values.h | 25 +++++++++++++++++++++++++ 1 file changed, 25 insertions(+) diff --git a/include/psa/crypto_values.h b/include/psa/crypto_values.h index 45f1765527..38eb421afd 100644 --- a/include/psa/crypto_values.h +++ b/include/psa/crypto_values.h @@ -800,6 +800,24 @@ #define PSA_ALG_IS_KEY_DERIVATION(alg) \ (((alg) & PSA_ALG_CATEGORY_MASK) == PSA_ALG_CATEGORY_KEY_DERIVATION) +/** Whether the specified algorithm is a key stretching / password hashing + * algorithm. + * + * A key stretching / password hashing algorithm is a key derivation algorithm + * that is suitable for use with low-entropy secret such as passwords. + * Equivalently, it's a key derivation algorithm that accepts an input of type + * #PSA_KEY_DERIVATION_INPUT_PASSWORD. + * + * \param alg An algorithm identifier (value of type #psa_algorithm_t). + * + * \return 1 if \p alg is a key stretching / passowrd hashing algorithm, 0 + * otherwise. This macro may return either 0 or 1 if \p alg is not a + * supported algorithm identifier. + */ +#define PSA_ALG_IS_KEY_DERIVATION_STRETCHING(alg) \ + (PSA_ALG_IS_KEY_DERIVATION(alg) && \ + (alg) & PSA_ALG_KEY_DERIVATION_STRETCHING_FLAG) + #define PSA_ALG_HASH_MASK ((psa_algorithm_t)0x000000ff) /** MD2 */ #define PSA_ALG_MD2 ((psa_algorithm_t)0x02000001) @@ -1681,6 +1699,13 @@ #define PSA_ALG_TLS12_PSK_TO_MS_GET_HASH(hkdf_alg) \ (PSA_ALG_CATEGORY_HASH | ((hkdf_alg) & PSA_ALG_HASH_MASK)) +/* This flag indicates whether the key derivation algorithm is suitable for + * use on low-entropy secrets such as password - these algorithms are also + * known as key stretching or password hashing schemes. These are also the + * algorithms that accepts inputs of type #PSA_KEY_DERIVATION_INPUT_PASSWORD. + */ +#define PSA_ALG_KEY_DERIVATION_STRETCHING_FLAG ((psa_algorithm_t)0x00008000) + #define PSA_ALG_PBKDF2_HMAC_BASE ((psa_algorithm_t)0x08008100) /** Macro to build a PBKDF2-HMAC algorithm. * From 351a2576f51f7e530bcc092ed6af79c6abe9b115 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 20 Apr 2021 13:11:17 +0200 Subject: [PATCH 008/188] PSA PBKDF2: extend key derivation driver interface MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Manuel Pégourié-Gonnard --- docs/proposed/psa-driver-interface.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/docs/proposed/psa-driver-interface.md b/docs/proposed/psa-driver-interface.md index 47d7271e64..3685cca841 100644 --- a/docs/proposed/psa-driver-interface.md +++ b/docs/proposed/psa-driver-interface.md @@ -305,9 +305,12 @@ This family requires the following type and entry points: * `"key_derivation_setup"`: called by `psa_key_derivation_setup()`. * `"key_derivation_set_capacity"`: called by `psa_key_derivation_set_capacity()`. The core will always enforce the capacity, therefore this function does not need to do anything for algorithms where the output stream only depends on the effective generated length and not on the capacity. * `"key_derivation_input_bytes"`: called by `psa_key_derivation_input_bytes()` and `psa_key_derivation_input_key()`. For transparent drivers, when processing a call to `psa_key_derivation_input_key()`, the core always calls the applicable driver's `"key_derivation_input_bytes"` entry point. +* `"key_derivation_input_integer"`: called by `psa_key_derivation_input_integer()`. * `"key_derivation_input_key"` (opaque drivers only) * `"key_derivation_output_bytes"`: called by `psa_key_derivation_output_bytes()`; also by `psa_key_derivation_output_key()` for transparent drivers. * `"key_derivation_output_key"`: called by `psa_key_derivation_output_key()` for transparent drivers when deriving an asymmetric key pair, and also for opaque drivers. +* `"key_derivation_verify_output_bytes"`: called by `psa_key_derivation_verify_output_bytes()`; also by `psa_key_derivation_verify_output_key()` for transparent drivers. +* `"key_derivation_verify_output_key"` (opaque drivers only). * `"key_derivation_abort"`: called by all key derivation functions of the PSA Cryptography API. TODO: key input and output for opaque drivers; deterministic key generation for transparent drivers From 7a366f7f97a5b37dbc2fb94e27a62cf1432779d1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 20 Apr 2021 13:23:03 +0200 Subject: [PATCH 009/188] PSA PBKDF2: add config option MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Manuel Pégourié-Gonnard --- include/psa/crypto_config.h | 3 +++ 1 file changed, 3 insertions(+) diff --git a/include/psa/crypto_config.h b/include/psa/crypto_config.h index 736d9abe08..03aa86ccd6 100644 --- a/include/psa/crypto_config.h +++ b/include/psa/crypto_config.h @@ -72,6 +72,9 @@ #define PSA_WANT_ALG_MD4 1 #define PSA_WANT_ALG_MD5 1 #define PSA_WANT_ALG_OFB 1 +/* PBKDF2-HMAC is not yet support via the PSA API in Mbed TLS. + * Note: when adding support, also adjust include/mbedtls/config_psa.h */ +//#define PSA_WANT_ALG_PBKDF2_HMAC 1 #define PSA_WANT_ALG_RIPEMD160 1 #define PSA_WANT_ALG_RSA_OAEP 1 #define PSA_WANT_ALG_RSA_PKCS1V15_CRYPT 1 From 6b0f911b9aaef49e705c7e744cb3b223eb681df6 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 22 Apr 2021 00:21:58 +0200 Subject: [PATCH 010/188] Use Python 3 instead of Python 2 to generate test files Python 2 is no longer officially supported, but we were still using it to generate test suite .c files from .function files when using GNU make. Switch to looking for Python 3. This change was done for CMake a long time ago. Signed-off-by: Gilles Peskine --- tests/Makefile | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/tests/Makefile b/tests/Makefile index d250d717ac..59ed45a66e 100644 --- a/tests/Makefile +++ b/tests/Makefile @@ -54,8 +54,7 @@ else DLEXT ?= so EXEXT= SHARED_SUFFIX= -# python2 for POSIX since FreeBSD has only python2 as default. -PYTHON ?= python2 +PYTHON ?= $(shell if type python3 >/dev/null 2>/dev/null; then echo python3; else echo python; fi) endif # Zlib shared library extensions: From b86e588911781d5a4590e63ccdaead7439ec0a16 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Fri, 30 Apr 2021 05:14:25 +0100 Subject: [PATCH 011/188] Remove unused MBEDTLS_ERR_SSL_UNKNOWN_CIPHER The SSL error code MBEDTLS_ERR_SSL_UNKNOWN_CIPHER is unused. Remove it for Mbed TLS 3.0 and leave a comment indicating the gap in the error code space it creates. Signed-off-by: Hanno Becker --- include/mbedtls/error.h | 2 +- include/mbedtls/ssl.h | 2 +- library/error.c | 2 -- 3 files changed, 2 insertions(+), 4 deletions(-) diff --git a/include/mbedtls/error.h b/include/mbedtls/error.h index 7936f6b786..6b42b22e79 100644 --- a/include/mbedtls/error.h +++ b/include/mbedtls/error.h @@ -107,7 +107,7 @@ * SSL 5 2 (Started from 0x5F00) * CIPHER 6 8 (Started from 0x6080) * SSL 6 24 (Started from top, plus 0x6000) - * SSL 7 32 + * SSL 7 31 (Started from 0x7080, gap at 0x7300) * * Module dependent error code (5 bits 0x.00.-0x.F8.) */ diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index 2350910756..aaddd7f466 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -67,7 +67,7 @@ #define MBEDTLS_ERR_SSL_INVALID_MAC -0x7180 /**< Verification of the message MAC failed. */ #define MBEDTLS_ERR_SSL_INVALID_RECORD -0x7200 /**< An invalid SSL record was received. */ #define MBEDTLS_ERR_SSL_CONN_EOF -0x7280 /**< The connection indicated an EOF. */ -#define MBEDTLS_ERR_SSL_UNKNOWN_CIPHER -0x7300 /**< An unknown cipher was received. */ +/* NOTE: Error space gap */ #define MBEDTLS_ERR_SSL_NO_CIPHER_CHOSEN -0x7380 /**< The server has no ciphersuites in common with the client. */ #define MBEDTLS_ERR_SSL_NO_RNG -0x7400 /**< No RNG was provided to the SSL module. */ #define MBEDTLS_ERR_SSL_NO_CLIENT_CERTIFICATE -0x7480 /**< No client certification received from the client, but required by the authentication mode. */ diff --git a/library/error.c b/library/error.c index a176deb8c5..48e99249f6 100644 --- a/library/error.c +++ b/library/error.c @@ -374,8 +374,6 @@ const char * mbedtls_high_level_strerr( int error_code ) return( "SSL - An invalid SSL record was received" ); case -(MBEDTLS_ERR_SSL_CONN_EOF): return( "SSL - The connection indicated an EOF" ); - case -(MBEDTLS_ERR_SSL_UNKNOWN_CIPHER): - return( "SSL - An unknown cipher was received" ); case -(MBEDTLS_ERR_SSL_NO_CIPHER_CHOSEN): return( "SSL - The server has no ciphersuites in common with the client" ); case -(MBEDTLS_ERR_SSL_NO_RNG): From eca840f71ddda389e2d46af7a02b29dbd1049d12 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Fri, 30 Apr 2021 05:19:55 +0100 Subject: [PATCH 012/188] Remove unused MBEDTLS_ERR_SSL_PEER_VERIFY_FAILED The SSL error code MBEDTLS_ERR_SSL_PEER_VERIFY_FAILED is unused. Remove it for Mbed TLS 3.0. The code being unused comes as a surprise, at is seems to be reasonable to report it to the user upon peer CRT verification failure. However, this study (can potentially re-introduction of the code) can be left for 3.x, while the error code removal can only happen in 3.0. Signed-off-by: Hanno Becker --- include/mbedtls/error.h | 3 ++- include/mbedtls/ssl.h | 2 +- library/error.c | 2 -- 3 files changed, 3 insertions(+), 4 deletions(-) diff --git a/include/mbedtls/error.h b/include/mbedtls/error.h index 6b42b22e79..591692761e 100644 --- a/include/mbedtls/error.h +++ b/include/mbedtls/error.h @@ -107,7 +107,8 @@ * SSL 5 2 (Started from 0x5F00) * CIPHER 6 8 (Started from 0x6080) * SSL 6 24 (Started from top, plus 0x6000) - * SSL 7 31 (Started from 0x7080, gap at 0x7300) + * SSL 7 30 (Started from 0x7080, gaps at + * 0x7300, 0x7800) * * Module dependent error code (5 bits 0x.00.-0x.F8.) */ diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index aaddd7f466..2dd6cc4551 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -77,7 +77,7 @@ #define MBEDTLS_ERR_SSL_CA_CHAIN_REQUIRED -0x7680 /**< No CA Chain is set, but required to operate. */ #define MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE -0x7700 /**< An unexpected message was received from our peer. */ #define MBEDTLS_ERR_SSL_FATAL_ALERT_MESSAGE -0x7780 /**< A fatal alert message was received from our peer. */ -#define MBEDTLS_ERR_SSL_PEER_VERIFY_FAILED -0x7800 /**< Verification of our peer failed. */ +/* NOTE: Error space gap */ #define MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY -0x7880 /**< The peer notified us that the connection is going to be closed. */ #define MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO -0x7900 /**< Processing of the ClientHello handshake message failed. */ #define MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO -0x7980 /**< Processing of the ServerHello handshake message failed. */ diff --git a/library/error.c b/library/error.c index 48e99249f6..1b050df3de 100644 --- a/library/error.c +++ b/library/error.c @@ -392,8 +392,6 @@ const char * mbedtls_high_level_strerr( int error_code ) return( "SSL - An unexpected message was received from our peer" ); case -(MBEDTLS_ERR_SSL_FATAL_ALERT_MESSAGE): return( "SSL - A fatal alert message was received from our peer" ); - case -(MBEDTLS_ERR_SSL_PEER_VERIFY_FAILED): - return( "SSL - Verification of our peer failed" ); case -(MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY): return( "SSL - The peer notified us that the connection is going to be closed" ); case -(MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO): From 91e1cc3bd7dcfe89dd0c9c2d6ad7041f839c5c31 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Fri, 30 Apr 2021 05:28:49 +0100 Subject: [PATCH 013/188] Remove MBEDTLS_ERR_SSL_CERTIFICATE_TOO_LARGE error code This error is used when the output buffer isn't large enough to hold our own certificate. In the interest of cleaning up the error space for 3.0, this commit removes MBEDTLS_ERR_SSL_CERTIFICATE_TOO_LARGE and replaces its single use by MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL. Signed-off-by: Hanno Becker --- include/mbedtls/error.h | 4 ++-- include/mbedtls/ssl.h | 2 +- library/error.c | 2 -- library/ssl_tls.c | 2 +- 4 files changed, 4 insertions(+), 6 deletions(-) diff --git a/include/mbedtls/error.h b/include/mbedtls/error.h index 591692761e..c219d672e9 100644 --- a/include/mbedtls/error.h +++ b/include/mbedtls/error.h @@ -107,8 +107,8 @@ * SSL 5 2 (Started from 0x5F00) * CIPHER 6 8 (Started from 0x6080) * SSL 6 24 (Started from top, plus 0x6000) - * SSL 7 30 (Started from 0x7080, gaps at - * 0x7300, 0x7800) + * SSL 7 29 (Started from 0x7080, gaps at + * 0x7300, 0x7500, 0x7800) * * Module dependent error code (5 bits 0x.00.-0x.F8.) */ diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index 2dd6cc4551..107a40ea88 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -71,7 +71,7 @@ #define MBEDTLS_ERR_SSL_NO_CIPHER_CHOSEN -0x7380 /**< The server has no ciphersuites in common with the client. */ #define MBEDTLS_ERR_SSL_NO_RNG -0x7400 /**< No RNG was provided to the SSL module. */ #define MBEDTLS_ERR_SSL_NO_CLIENT_CERTIFICATE -0x7480 /**< No client certification received from the client, but required by the authentication mode. */ -#define MBEDTLS_ERR_SSL_CERTIFICATE_TOO_LARGE -0x7500 /**< Our own certificate(s) is/are too large to send in an SSL message. */ +/* NOTE: Error space gap */ #define MBEDTLS_ERR_SSL_CERTIFICATE_REQUIRED -0x7580 /**< The own certificate is not set, but needed by the server. */ #define MBEDTLS_ERR_SSL_PRIVATE_KEY_REQUIRED -0x7600 /**< The own private key or pre-shared key is not set, but needed. */ #define MBEDTLS_ERR_SSL_CA_CHAIN_REQUIRED -0x7680 /**< No CA Chain is set, but required to operate. */ diff --git a/library/error.c b/library/error.c index 1b050df3de..039e7be5b9 100644 --- a/library/error.c +++ b/library/error.c @@ -380,8 +380,6 @@ const char * mbedtls_high_level_strerr( int error_code ) return( "SSL - No RNG was provided to the SSL module" ); case -(MBEDTLS_ERR_SSL_NO_CLIENT_CERTIFICATE): return( "SSL - No client certification received from the client, but required by the authentication mode" ); - case -(MBEDTLS_ERR_SSL_CERTIFICATE_TOO_LARGE): - return( "SSL - Our own certificate(s) is/are too large to send in an SSL message" ); case -(MBEDTLS_ERR_SSL_CERTIFICATE_REQUIRED): return( "SSL - The own certificate is not set, but needed by the server" ); case -(MBEDTLS_ERR_SSL_PRIVATE_KEY_REQUIRED): diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 75faf22adf..422df9944c 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -1964,7 +1964,7 @@ int mbedtls_ssl_write_certificate( mbedtls_ssl_context *ssl ) MBEDTLS_SSL_DEBUG_MSG( 1, ( "certificate too large, %" MBEDTLS_PRINTF_SIZET " > %" MBEDTLS_PRINTF_SIZET, i + 3 + n, (size_t) MBEDTLS_SSL_OUT_CONTENT_LEN ) ); - return( MBEDTLS_ERR_SSL_CERTIFICATE_TOO_LARGE ); + return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL ); } ssl->out_msg[i ] = (unsigned char)( n >> 16 ); From 6c780469609da63915ec9930efb2a8ee0985799c Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Fri, 30 Apr 2021 05:35:50 +0100 Subject: [PATCH 014/188] Remove uses of MBEDTLS_ERR_SSL_INVALID_VERIFY_HASH The error code MBEDTLS_ERR_SSL_INVALID_VERIFY_HASH is only returned from the internal function ``` mbedtls_ssl_set_calc_verify_md() ``` Moreover, at every call-site of this function, it is only checked whether the return value is 0 or not, while the exact return value is irrelevant. The behavior the library is therefore unchanged if we return 1 instead of MBEDTLS_ERR_SSL_INVALID_VERIFY_HASH in `mbedtls_ssl_set_calc_verify_md()`. This commit makes this change. Signed-off-by: Hanno Becker --- library/ssl_tls.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 422df9944c..aceeb45dff 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -6998,14 +6998,14 @@ int mbedtls_ssl_set_calc_verify_md( mbedtls_ssl_context *ssl, int md ) { #if defined(MBEDTLS_SSL_PROTO_TLS1_2) if( ssl->minor_ver != MBEDTLS_SSL_MINOR_VERSION_3 ) - return MBEDTLS_ERR_SSL_INVALID_VERIFY_HASH; + return( 1 ); switch( md ) { #if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1) #if defined(MBEDTLS_MD5_C) case MBEDTLS_SSL_HASH_MD5: - return MBEDTLS_ERR_SSL_INVALID_VERIFY_HASH; + return( 1 ); #endif #if defined(MBEDTLS_SHA1_C) case MBEDTLS_SSL_HASH_SHA1: @@ -7024,7 +7024,7 @@ int mbedtls_ssl_set_calc_verify_md( mbedtls_ssl_context *ssl, int md ) break; #endif default: - return MBEDTLS_ERR_SSL_INVALID_VERIFY_HASH; + return( 1 ); } return 0; @@ -7032,7 +7032,7 @@ int mbedtls_ssl_set_calc_verify_md( mbedtls_ssl_context *ssl, int md ) (void) ssl; (void) md; - return MBEDTLS_ERR_SSL_INVALID_VERIFY_HASH; + return( 1 ); #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ } From 56ee9e5f141bb5cf3d0468fa09b6de7f5b19daf6 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Fri, 30 Apr 2021 05:36:02 +0100 Subject: [PATCH 015/188] Remove MBEDTLS_ERR_SSL_INVALID_VERIFY_HASH This commit removes the unused error code ``` MBEDTLS_ERR_SSL_INVALID_VERIFY_HASH ``` from the public API for Mbed TLS 3.0. Signed-off-by: Hanno Becker --- include/mbedtls/error.h | 3 ++- include/mbedtls/ssl.h | 2 +- library/error.c | 2 -- 3 files changed, 3 insertions(+), 4 deletions(-) diff --git a/include/mbedtls/error.h b/include/mbedtls/error.h index c219d672e9..776013ff32 100644 --- a/include/mbedtls/error.h +++ b/include/mbedtls/error.h @@ -106,7 +106,8 @@ * HKDF 5 1 (Started from top) * SSL 5 2 (Started from 0x5F00) * CIPHER 6 8 (Started from 0x6080) - * SSL 6 24 (Started from top, plus 0x6000) + * SSL 6 23 (Started from top, plus 0x6000, gaps at + * 0x6600) * SSL 7 29 (Started from 0x7080, gaps at * 0x7300, 0x7500, 0x7800) * diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index 107a40ea88..691b0ee519 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -111,7 +111,7 @@ #define MBEDTLS_ERR_SSL_CLIENT_RECONNECT -0x6780 /**< The client initiated a reconnect from the same port. */ #define MBEDTLS_ERR_SSL_UNEXPECTED_RECORD -0x6700 /**< Record header looks valid but is not expected. */ #define MBEDTLS_ERR_SSL_NON_FATAL -0x6680 /**< The alert message received indicates a non-fatal error. */ -#define MBEDTLS_ERR_SSL_INVALID_VERIFY_HASH -0x6600 /**< Couldn't set the hash for verifying CertificateVerify */ +/* NOTE: Error space gap */ #define MBEDTLS_ERR_SSL_CONTINUE_PROCESSING -0x6580 /**< Internal-only message signaling that further message-processing should be done */ #define MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS -0x6500 /**< The asynchronous operation is not completed yet. */ #define MBEDTLS_ERR_SSL_EARLY_MESSAGE -0x6480 /**< Internal-only message signaling that a message arrived early. */ diff --git a/library/error.c b/library/error.c index 039e7be5b9..14aaf3d092 100644 --- a/library/error.c +++ b/library/error.c @@ -456,8 +456,6 @@ const char * mbedtls_high_level_strerr( int error_code ) return( "SSL - Record header looks valid but is not expected" ); case -(MBEDTLS_ERR_SSL_NON_FATAL): return( "SSL - The alert message received indicates a non-fatal error" ); - case -(MBEDTLS_ERR_SSL_INVALID_VERIFY_HASH): - return( "SSL - Couldn't set the hash for verifying CertificateVerify" ); case -(MBEDTLS_ERR_SSL_CONTINUE_PROCESSING): return( "SSL - Internal-only message signaling that further message-processing should be done" ); case -(MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS): From 9cfe6e977d14bdc56f80e6f06a757ca7ccd42da2 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Fri, 30 Apr 2021 05:38:24 +0100 Subject: [PATCH 016/188] Assert presence of server certificate in Certificate writer The server-side `Certificate` handshake message writer checks whether a certificate is present, and if not fails with: ``` MBEDTLS_ERR_SSL_CERTIFICATE_REQUIRED ``` This should never happen, since the library checks the presence of a suitable certificate before picking a ciphersuite. It is therefore more suitable to convert this check into an assertion, and fail with MBEDTLS_ERR_SSL_INTERNAL_ERROR upon failure. Signed-off-by: Hanno Becker --- library/ssl_tls.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index aceeb45dff..fd77dc3d3a 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -1936,8 +1936,9 @@ int mbedtls_ssl_write_certificate( mbedtls_ssl_context *ssl ) { if( mbedtls_ssl_own_cert( ssl ) == NULL ) { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "got no certificate to send" ) ); - return( MBEDTLS_ERR_SSL_CERTIFICATE_REQUIRED ); + /* Should never happen because we shouldn't have picked the + * ciphersuite if we don't have a certificate. */ + return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); } } #endif From 3268d84313e16297b4f21ab251d5c5436e72d04c Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Fri, 30 Apr 2021 05:41:12 +0100 Subject: [PATCH 017/188] Remove unused error code MBEDTLS_ERR_SSL_CERTIFICATE_REQUIRED After the previous commit, the code is no longer used and can be removed for Mbed TLS 3.0. Signed-off-by: Hanno Becker --- include/mbedtls/error.h | 4 ++-- include/mbedtls/ssl.h | 2 +- library/error.c | 2 -- 3 files changed, 3 insertions(+), 5 deletions(-) diff --git a/include/mbedtls/error.h b/include/mbedtls/error.h index 776013ff32..73d155bb66 100644 --- a/include/mbedtls/error.h +++ b/include/mbedtls/error.h @@ -108,8 +108,8 @@ * CIPHER 6 8 (Started from 0x6080) * SSL 6 23 (Started from top, plus 0x6000, gaps at * 0x6600) - * SSL 7 29 (Started from 0x7080, gaps at - * 0x7300, 0x7500, 0x7800) + * SSL 7 28 (Started from 0x7080, gaps at + * 0x7300, 0x7500, 0x7580, 0x7800) * * Module dependent error code (5 bits 0x.00.-0x.F8.) */ diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index 691b0ee519..3ad19275ce 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -72,7 +72,7 @@ #define MBEDTLS_ERR_SSL_NO_RNG -0x7400 /**< No RNG was provided to the SSL module. */ #define MBEDTLS_ERR_SSL_NO_CLIENT_CERTIFICATE -0x7480 /**< No client certification received from the client, but required by the authentication mode. */ /* NOTE: Error space gap */ -#define MBEDTLS_ERR_SSL_CERTIFICATE_REQUIRED -0x7580 /**< The own certificate is not set, but needed by the server. */ +/* NOTE: Error space gap */ #define MBEDTLS_ERR_SSL_PRIVATE_KEY_REQUIRED -0x7600 /**< The own private key or pre-shared key is not set, but needed. */ #define MBEDTLS_ERR_SSL_CA_CHAIN_REQUIRED -0x7680 /**< No CA Chain is set, but required to operate. */ #define MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE -0x7700 /**< An unexpected message was received from our peer. */ diff --git a/library/error.c b/library/error.c index 14aaf3d092..3a84366327 100644 --- a/library/error.c +++ b/library/error.c @@ -380,8 +380,6 @@ const char * mbedtls_high_level_strerr( int error_code ) return( "SSL - No RNG was provided to the SSL module" ); case -(MBEDTLS_ERR_SSL_NO_CLIENT_CERTIFICATE): return( "SSL - No client certification received from the client, but required by the authentication mode" ); - case -(MBEDTLS_ERR_SSL_CERTIFICATE_REQUIRED): - return( "SSL - The own certificate is not set, but needed by the server" ); case -(MBEDTLS_ERR_SSL_PRIVATE_KEY_REQUIRED): return( "SSL - The own private key or pre-shared key is not set, but needed" ); case -(MBEDTLS_ERR_SSL_CA_CHAIN_REQUIRED): From dc1b4e42e9b7aa5ebcacce0afb38c4d6e7254f23 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Fri, 30 Apr 2021 10:41:07 +0200 Subject: [PATCH 018/188] Fix a few typos MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Manuel Pégourié-Gonnard --- include/psa/crypto.h | 2 +- include/psa/crypto_config.h | 2 +- include/psa/crypto_values.h | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/include/psa/crypto.h b/include/psa/crypto.h index 7df4f3aa48..deb5e0c9b3 100644 --- a/include/psa/crypto.h +++ b/include/psa/crypto.h @@ -3733,7 +3733,7 @@ psa_status_t psa_key_derivation_verify_output_bytes( * It is implementation-dependent whether a failure to initialize * results in this error code. */ -psa_status_t psa_key_derivation_verify_output_bytes( +psa_status_t psa_key_derivation_verify_output_key( psa_key_derivation_operation_t *operation, psa_key_id_t expected); diff --git a/include/psa/crypto_config.h b/include/psa/crypto_config.h index 03aa86ccd6..a0874a17d6 100644 --- a/include/psa/crypto_config.h +++ b/include/psa/crypto_config.h @@ -72,7 +72,7 @@ #define PSA_WANT_ALG_MD4 1 #define PSA_WANT_ALG_MD5 1 #define PSA_WANT_ALG_OFB 1 -/* PBKDF2-HMAC is not yet support via the PSA API in Mbed TLS. +/* PBKDF2-HMAC is not yet supported via the PSA API in Mbed TLS. * Note: when adding support, also adjust include/mbedtls/config_psa.h */ //#define PSA_WANT_ALG_PBKDF2_HMAC 1 #define PSA_WANT_ALG_RIPEMD160 1 diff --git a/include/psa/crypto_values.h b/include/psa/crypto_values.h index 38eb421afd..8036a17826 100644 --- a/include/psa/crypto_values.h +++ b/include/psa/crypto_values.h @@ -2187,7 +2187,7 @@ static inline int mbedtls_svc_key_id_is_null( mbedtls_svc_key_id_t key ) * psa_key_derivation_verify_output_bytes() or * psa_key_derivation_verify_output_key() at the end of the operation. */ -#define PSA_KEY_USAGE_PASSWORD_HASH_AND_VERITY ((psa_key_usage_t)0x00008000) +#define PSA_KEY_USAGE_PASSWORD_HASH_AND_VERIFY ((psa_key_usage_t)0x00008000) /** Whether the key may be used to as the expected value to which a password * hash will be compared. From ffc86ce8d6843ba7e92a8ecc350c51b4b79bf375 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Fri, 30 Apr 2021 11:37:57 +0200 Subject: [PATCH 019/188] Improve or expand several descriptions. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit No change of behaviour, encoding or naming intended in this commit: just describe the same behaviour, but in a way that's hopefully clearer and more complete. Signed-off-by: Manuel Pégourié-Gonnard --- include/psa/crypto.h | 46 +++++++++++++++------ include/psa/crypto_values.h | 79 ++++++++++++++++++++++++------------- 2 files changed, 86 insertions(+), 39 deletions(-) diff --git a/include/psa/crypto.h b/include/psa/crypto.h index deb5e0c9b3..f9e051e021 100644 --- a/include/psa/crypto.h +++ b/include/psa/crypto.h @@ -3293,10 +3293,13 @@ psa_status_t psa_key_derivation_input_bytes( /** Provide a numeric input for key derivation or key agreement. * * Which inputs are required and in what order depends on the algorithm. + * However, when an algorithm requires a particular order, numeric inputs + * usually come first as they tend to be configuration parameters. * Refer to the documentation of each key derivation or key agreement * algorithm for information. * - * This function is used for inputs which are small non-negative integers. + * This function is used for inputs which are fixed-size non-negative + * integers. * * If this function returns an error status, the operation enters an error * state and must be aborted by calling psa_key_derivation_abort(). @@ -3306,8 +3309,7 @@ psa_status_t psa_key_derivation_input_bytes( * psa_key_derivation_setup() and must not * have produced any output yet. * \param step Which step the input data is for. - * \param[in] data Input data to use. - * \param data_length Size of the \p data buffer in bytes. + * \param[in] value The value of the numeric input. * * \retval #PSA_SUCCESS * Success. @@ -3646,15 +3648,25 @@ psa_status_t psa_key_derivation_output_key( /** Compare output data from a key derivation operation to an expected value. * * This function calculates output bytes from a key derivation algorithm and - * compares those bytes to an expected value. + * compares those bytes to an expected value in constant time. * If you view the key derivation's output as a stream of bytes, this * function destructively reads the requested number of bytes from the * stream before comparing them. * The operation's capacity decreases by the number of bytes read. * + * This is functionally equivalent to the following code: + * \code + * psa_key_derivation_output_bytes(operation, tmp, output_length); + * if (memcmp(output, tmp, output_length) != 0) + * return PSA_ERROR_INVALID_SIGNATURE; + * \endcode + * except (1) it works even if the key's policy does not allow outputting the + * bytes, and (2) the comparison will be done in constant time. + * * If this function returns an error status other than - * #PSA_ERROR_INSUFFICIENT_DATA, the operation enters an error - * state and must be aborted by calling psa_key_derivation_abort(). + * #PSA_ERROR_INSUFFICIENT_DATA or #PSA_ERROR_INVALID_SIGNATURE, + * the operation enters an error state and must be aborted by calling + * psa_key_derivation_abort(). * * \param[in,out] operation The key derivation operation object to read from. * \param[in] expected_output Buffer where the output will be written. @@ -3686,32 +3698,44 @@ psa_status_t psa_key_derivation_output_key( */ psa_status_t psa_key_derivation_verify_output_bytes( psa_key_derivation_operation_t *operation, - const uint8_t *output, + const uint8_t *expected_output, size_t output_length); -/** Compare output data from a key derivation operation to an expected value. +/** Compare output data from a key derivation operation to an expected value + * stored in a key object. * * This function calculates output bytes from a key derivation algorithm and * compares those bytes to an expected value, provided as key of type - * #PSA_KEY_TYPE_RAW_DATA. + * #PSA_KEY_TYPE_RAW_DATA, in constant time. * If you view the key derivation's output as a stream of bytes, this * function destructively reads the number of bytes corresponding the the * length of the expected value from the stream before comparing them. * The operation's capacity decreases by the number of bytes read. * + * This is functionally equivalent to exporting the key and calling + * psa_key_derivation_verify_output_bytes() on the result, except that it + * works even if the key cannot be exported. + * * If this function returns an error status other than - * #PSA_ERROR_INSUFFICIENT_DATA, the operation enters an error - * state and must be aborted by calling psa_key_derivation_abort(). + * #PSA_ERROR_INSUFFICIENT_DATA or #PSA_ERROR_INVALID_SIGNATURE, + * the operation enters an error state and must be aborted by calling + * psa_key_derivation_abort(). * * \param[in,out] operation The key derivation operation object to read from. * \param[in] expected A key of type #PSA_KEY_TYPE_RAW_DATA containing * the expected output. Its policy must include the * #PSA_KEY_USAGE_PASSWORD_HASH_VERIFIER flag. + * The value of this key was likely computed by a + * previous call to psa_key_derivation_output_key(). * * \retval #PSA_SUCCESS * \retval #PSA_ERROR_INVALID_SIGNATURE * The output was read successfully, but if differs from the expected * output. + * \retval #PSA_ERROR_INVALID_HANDLE + * The key passed as the expected value does not exist. + * \retval #PSA_ERROR_INVALID_ARGUMENT + * The key passed as the expected value has an invalid type. * \retval #PSA_ERROR_NOT_PERMITTED * The key passed as the expected value does not allow this usage. * \retval #PSA_ERROR_INSUFFICIENT_DATA diff --git a/include/psa/crypto_values.h b/include/psa/crypto_values.h index 8036a17826..a3256f6144 100644 --- a/include/psa/crypto_values.h +++ b/include/psa/crypto_values.h @@ -408,6 +408,12 @@ #define PSA_KEY_TYPE_HMAC ((psa_key_type_t)0x1100) /** A secret for key derivation. + * + * This key type is for high-entropy secrets only. For low-entropy secrets, + * #PSA_KEY_TYPE_PASSWORD should be used instead. + * + * These keys can be used as the #PSA_KEY_DERIVATION_INPUT_SECRET or + * #PSA_KEY_DERIVATION_INPUT_PASSWORD input of key derivation algorithms. * * The key policy determines which key derivation algorithm the key * can be used for. @@ -416,15 +422,31 @@ /** A low-entropy secret for password hashing or key derivation. * - * The key policy determines which key derivation algorithm the key - * can be used for. + * This key type is suitable for passwords and passphrases which are typically + * intended to be memorizable by humans, and have a low entropy relative to + * their size. It can be used for randomly generated or derived keys with + * maximum or near-maximum entropy, but PSA_KEY_TYPE_DERIVE is more suitable + * for such keys. It is not suitable for passwords with extremely low entropy, + * such as numerical PINs. + * + * These keys can be used as the #PSA_KEY_DERIVATION_INPUT_PASSWORD input of + * key derivation algorithms. Algorithms that accept such an input were + * designed to accept low-entropy secret and are known as password hashing or + * key stretching algorithms. + * + * These keys cannot be used as the #PSA_KEY_DERIVATION_INPUT_SECRET input of + * key derivation algorithms, as the algorithms that take such an input expect + * it to be high-entropy. + * + * The key policy determines which key derivation algorithm the key can be + * used for, among the permissible subset defined above. */ #define PSA_KEY_TYPE_PASSWORD ((psa_key_type_t)0x1300) -/** A secret value that can be mixed in when doing password hashing. +/** A secret value that can be used in when computing a password hash. * * The key policy determines which key derivation algorithm the key - * can be used for. + * can be used for, among the subset of algorithms that can use pepper. */ #define PSA_KEY_TYPE_PEPPER ((psa_key_type_t)0x1400) @@ -804,9 +826,9 @@ * algorithm. * * A key stretching / password hashing algorithm is a key derivation algorithm - * that is suitable for use with low-entropy secret such as passwords. - * Equivalently, it's a key derivation algorithm that accepts an input of type - * #PSA_KEY_DERIVATION_INPUT_PASSWORD. + * that is suitable for use with a low-entropy secret such as a password. + * Equivalently, it's a key derivation algorithm that uses a + * #PSA_KEY_DERIVATION_INPUT_PASSWORD input step. * * \param alg An algorithm identifier (value of type #psa_algorithm_t). * @@ -1707,24 +1729,23 @@ #define PSA_ALG_KEY_DERIVATION_STRETCHING_FLAG ((psa_algorithm_t)0x00008000) #define PSA_ALG_PBKDF2_HMAC_BASE ((psa_algorithm_t)0x08008100) -/** Macro to build a PBKDF2-HMAC algorithm. +/** Macro to build a PBKDF2-HMAC password hashing / key stretching algorithm. * * PBKDF2 is defined by PKCS#5, republished as RFC 8018 (section 5.2). - * It can use on of several PRFs internally; this macro is used when that PRF - * is based on HMAC with a given hash. - * - * For example, `PSA_ALG_PBKDF2_HMAC(PSA_ALG_SHA256)` represents PBKDF2 - * using HMAC-SHA-256 as the internal PRF. + * This macro specifies the PBKDF2 algorithm constructed using a PRF based on + * HMAC with the specified hash. + * For example, `PSA_ALG_PBKDF2_HMAC(PSA_ALG_SHA256)` specifies PBKDF2 + * using the PRF HMAC-SHA-256. * * This key derivation algorithm uses the following inputs: - * - #PSA_KEY_DERIVATION_INPUT_PASSWORD is the password to be hashed - * - #PSA_KEY_DERIVATION_INPUT_SALT is (part of) the salt (see note below) - * - #PSA_KEY_DERIVATION_INPUT_COST is the iteration count - * - * Note: if multiple salt inputs are passed, they will be concatenated by the - * implementation in order to produce the salt that will be passed to the - * algorithm. This allows building the salt from multiple inputs, both public - * and secret (also known as pepper). + * - #PSA_KEY_DERIVATION_INPUT_PASSWORD is the password to be hashed. + * This input step must be used exactly once. + * - #PSA_KEY_DERIVATION_INPUT_SALT is the salt. + * This input step must be used one or more times; if used several times, the + * inputs will be concatenated. This can be used to build the final salt + * from multiple sources, both public and secret (also known as pepper). + * - #PSA_KEY_DERIVATION_INPUT_COST is the iteration count. + * This input step must be used exactly once. * * \param hash_alg A hash algorithm (\c PSA_ALG_XXX value such that * #PSA_ALG_IS_HASH(\p hash_alg) is true). @@ -2213,19 +2234,21 @@ static inline int mbedtls_svc_key_id_is_null( mbedtls_svc_key_id_t key ) * The secret can also be a direct input (passed to * key_derivation_input_bytes()). In this case, the derivation operation * may not be used to derive keys: the operation will only allow - * psa_key_derivation_output_bytes(), not psa_key_derivation_output_key(). + * psa_key_derivation_output_bytes() or + * psa_key_derivation_verify_output_xxx() but not + * psa_key_derivation_output_key(). */ #define PSA_KEY_DERIVATION_INPUT_SECRET ((psa_key_derivation_step_t)0x0101) /** A low-entropy secret input for password hashing / key stretching. * - * This should be a key of type #PSA_KEY_TYPE_PASSWORD or #PSA_KEY_TYPE_DERIVE - * (passed to psa_key_derivation_input_key()) - * or the shared secret resulting from a key agreement - * (obtained via psa_key_derivation_key_agreement()). + * This is usually a key of type #PSA_KEY_TYPE_PASSWORD (passed to + * psa_key_derivation_input_key()) or a direct input (passed to + * psa_key_derivation_input_bytes()) that is a password or passphrase. It can + * also be high-entropy secret such as a key of type #PSA_KEY_TYPE_DERIVE or + * the shared secret resulting from a key agreement. * - * The secret can also be a direct input (passed to - * key_derivation_input_bytes()). In this case, the derivation operation + * If the secret is a direct input, the derivation operation * may not be used to derive keys: the operation will only allow * psa_key_derivation_output_bytes(), not psa_key_derivation_output_key(). */ From c16033e0a3609a0efe7856e20da26030bc4dd905 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Fri, 30 Apr 2021 11:59:40 +0200 Subject: [PATCH 020/188] Fix the encodings of the new key types MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Manuel Pégourié-Gonnard --- include/psa/crypto_values.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/include/psa/crypto_values.h b/include/psa/crypto_values.h index a3256f6144..fafd3ec350 100644 --- a/include/psa/crypto_values.h +++ b/include/psa/crypto_values.h @@ -441,14 +441,14 @@ * The key policy determines which key derivation algorithm the key can be * used for, among the permissible subset defined above. */ -#define PSA_KEY_TYPE_PASSWORD ((psa_key_type_t)0x1300) +#define PSA_KEY_TYPE_PASSWORD ((psa_key_type_t)0x1203) /** A secret value that can be used in when computing a password hash. * * The key policy determines which key derivation algorithm the key * can be used for, among the subset of algorithms that can use pepper. */ -#define PSA_KEY_TYPE_PEPPER ((psa_key_type_t)0x1400) +#define PSA_KEY_TYPE_PEPPER ((psa_key_type_t)0x1205) /** Key for a cipher, AEAD or MAC algorithm based on the AES block cipher. * From 421390f52fc4e63ff0936f3c6390bc504fb17f6c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Fri, 30 Apr 2021 12:38:12 +0200 Subject: [PATCH 021/188] Fix driver interface for key derivation MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Manuel Pégourié-Gonnard --- docs/proposed/psa-driver-interface.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/proposed/psa-driver-interface.md b/docs/proposed/psa-driver-interface.md index 3685cca841..0e9877df57 100644 --- a/docs/proposed/psa-driver-interface.md +++ b/docs/proposed/psa-driver-interface.md @@ -309,7 +309,7 @@ This family requires the following type and entry points: * `"key_derivation_input_key"` (opaque drivers only) * `"key_derivation_output_bytes"`: called by `psa_key_derivation_output_bytes()`; also by `psa_key_derivation_output_key()` for transparent drivers. * `"key_derivation_output_key"`: called by `psa_key_derivation_output_key()` for transparent drivers when deriving an asymmetric key pair, and also for opaque drivers. -* `"key_derivation_verify_output_bytes"`: called by `psa_key_derivation_verify_output_bytes()`; also by `psa_key_derivation_verify_output_key()` for transparent drivers. +* `"key_derivation_verify_output_bytes"` (opaque drivers only). * `"key_derivation_verify_output_key"` (opaque drivers only). * `"key_derivation_abort"`: called by all key derivation functions of the PSA Cryptography API. From 3d72267db598dc8ae31211c27036c0326a797052 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Fri, 30 Apr 2021 12:42:36 +0200 Subject: [PATCH 022/188] Specify the order of PBKDF2 inputs MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Might make the implementer's life a bit simpler, and is not a big constraint on applications. Signed-off-by: Manuel Pégourié-Gonnard --- include/psa/crypto_values.h | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/include/psa/crypto_values.h b/include/psa/crypto_values.h index fafd3ec350..4bc4c1a5e3 100644 --- a/include/psa/crypto_values.h +++ b/include/psa/crypto_values.h @@ -1737,14 +1737,15 @@ * For example, `PSA_ALG_PBKDF2_HMAC(PSA_ALG_SHA256)` specifies PBKDF2 * using the PRF HMAC-SHA-256. * - * This key derivation algorithm uses the following inputs: - * - #PSA_KEY_DERIVATION_INPUT_PASSWORD is the password to be hashed. + * This key derivation algorithm uses the following inputs, which must be + * provided in the following order: + * - #PSA_KEY_DERIVATION_INPUT_COST is the iteration count. * This input step must be used exactly once. * - #PSA_KEY_DERIVATION_INPUT_SALT is the salt. * This input step must be used one or more times; if used several times, the * inputs will be concatenated. This can be used to build the final salt * from multiple sources, both public and secret (also known as pepper). - * - #PSA_KEY_DERIVATION_INPUT_COST is the iteration count. + * - #PSA_KEY_DERIVATION_INPUT_PASSWORD is the password to be hashed. * This input step must be used exactly once. * * \param hash_alg A hash algorithm (\c PSA_ALG_XXX value such that From d307f6359725ce686b396690c8f7cb6d610aedeb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Mon, 3 May 2021 10:12:06 +0200 Subject: [PATCH 023/188] Rename verify_output_xxx() to verify_xxx() MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Manuel Pégourié-Gonnard --- include/psa/crypto.h | 6 +++--- include/psa/crypto_values.h | 8 ++++---- 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/include/psa/crypto.h b/include/psa/crypto.h index f9e051e021..fdab2b14ec 100644 --- a/include/psa/crypto.h +++ b/include/psa/crypto.h @@ -3696,7 +3696,7 @@ psa_status_t psa_key_derivation_output_key( * It is implementation-dependent whether a failure to initialize * results in this error code. */ -psa_status_t psa_key_derivation_verify_output_bytes( +psa_status_t psa_key_derivation_verify_bytes( psa_key_derivation_operation_t *operation, const uint8_t *expected_output, size_t output_length); @@ -3713,7 +3713,7 @@ psa_status_t psa_key_derivation_verify_output_bytes( * The operation's capacity decreases by the number of bytes read. * * This is functionally equivalent to exporting the key and calling - * psa_key_derivation_verify_output_bytes() on the result, except that it + * psa_key_derivation_verify_bytes() on the result, except that it * works even if the key cannot be exported. * * If this function returns an error status other than @@ -3757,7 +3757,7 @@ psa_status_t psa_key_derivation_verify_output_bytes( * It is implementation-dependent whether a failure to initialize * results in this error code. */ -psa_status_t psa_key_derivation_verify_output_key( +psa_status_t psa_key_derivation_verify_key( psa_key_derivation_operation_t *operation, psa_key_id_t expected); diff --git a/include/psa/crypto_values.h b/include/psa/crypto_values.h index 4bc4c1a5e3..7c3ca2c6ad 100644 --- a/include/psa/crypto_values.h +++ b/include/psa/crypto_values.h @@ -2206,8 +2206,8 @@ static inline int mbedtls_svc_key_id_is_null( mbedtls_svc_key_id_t key ) * psa_key_derivation_input_key() at the step * #PSA_KEY_DERIVATION_INPUT_SECRET of #PSA_KEY_DERIVATION_INPUT_PASSWORD * depending on the algorithm, and allows the use of - * psa_key_derivation_verify_output_bytes() or - * psa_key_derivation_verify_output_key() at the end of the operation. + * psa_key_derivation_verify_bytes() or + * psa_key_derivation_verify_key() at the end of the operation. */ #define PSA_KEY_USAGE_PASSWORD_HASH_AND_VERIFY ((psa_key_usage_t)0x00008000) @@ -2215,7 +2215,7 @@ static inline int mbedtls_svc_key_id_is_null( mbedtls_svc_key_id_t key ) * hash will be compared. * * This flag allows key to be used as the \c key argument of - * psa_key_derivation_verify_output_key(). + * psa_key_derivation_verify_key(). */ #define PSA_KEY_USAGE_PASSWORD_HASH_VERIFIER ((psa_key_usage_t)0x00010000) @@ -2236,7 +2236,7 @@ static inline int mbedtls_svc_key_id_is_null( mbedtls_svc_key_id_t key ) * key_derivation_input_bytes()). In this case, the derivation operation * may not be used to derive keys: the operation will only allow * psa_key_derivation_output_bytes() or - * psa_key_derivation_verify_output_xxx() but not + * psa_key_derivation_verify_xxx() but not * psa_key_derivation_output_key(). */ #define PSA_KEY_DERIVATION_INPUT_SECRET ((psa_key_derivation_step_t)0x0101) From 9023cacf15cffbcbe37d4fc1a463d5cf80f175a4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Mon, 3 May 2021 10:23:12 +0200 Subject: [PATCH 024/188] Merge verification policies together MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Manuel Pégourié-Gonnard --- include/psa/crypto.h | 2 +- include/psa/crypto_values.h | 28 ++++++++++++---------------- 2 files changed, 13 insertions(+), 17 deletions(-) diff --git a/include/psa/crypto.h b/include/psa/crypto.h index fdab2b14ec..b92d194bf2 100644 --- a/include/psa/crypto.h +++ b/include/psa/crypto.h @@ -3724,7 +3724,7 @@ psa_status_t psa_key_derivation_verify_bytes( * \param[in,out] operation The key derivation operation object to read from. * \param[in] expected A key of type #PSA_KEY_TYPE_RAW_DATA containing * the expected output. Its policy must include the - * #PSA_KEY_USAGE_PASSWORD_HASH_VERIFIER flag. + * #PSA_KEY_USAGE_VERIFY_DERIVATION flag. * The value of this key was likely computed by a * previous call to psa_key_derivation_output_key(). * diff --git a/include/psa/crypto_values.h b/include/psa/crypto_values.h index 7c3ca2c6ad..faccaf6334 100644 --- a/include/psa/crypto_values.h +++ b/include/psa/crypto_values.h @@ -2199,25 +2199,21 @@ static inline int mbedtls_svc_key_id_is_null( mbedtls_svc_key_id_t key ) */ #define PSA_KEY_USAGE_DERIVE ((psa_key_usage_t)0x00004000) -/** Whether the key may be used to produce a password hash and verify it - * against an expected value. +/** Whether the key may be used to verify the result of a key derivation, + * including password hashing. * - * This flag allows the key to be used as the input of - * psa_key_derivation_input_key() at the step - * #PSA_KEY_DERIVATION_INPUT_SECRET of #PSA_KEY_DERIVATION_INPUT_PASSWORD - * depending on the algorithm, and allows the use of - * psa_key_derivation_verify_bytes() or - * psa_key_derivation_verify_key() at the end of the operation. - */ -#define PSA_KEY_USAGE_PASSWORD_HASH_AND_VERIFY ((psa_key_usage_t)0x00008000) - -/** Whether the key may be used to as the expected value to which a password - * hash will be compared. + * This flag allows the key to be used: * - * This flag allows key to be used as the \c key argument of - * psa_key_derivation_verify_key(). + * - for a key of type #PSA_KEY_TYPE_RAW_DATA, as the \c key argument of + * psa_key_derivation_verify_key(); + * - for a key of type #PSA_KEY_TYPE_PASSWORD (or #PSA_KEY_TYPE_DERIVE), as + * the input to psa_key_derivation_input_key() at the step + * #PSA_KEY_DERIVATION_INPUT_PASSWORD (or #PSA_KEY_DERIVATION_INPUT_SECRET); + * then at the end of the operation use of psa_key_derivation_verify_bytes() + * or psa_key_derivation_verify_key() will be permitted (but not + * psa_key_derivation_output_xxx() unless #PSA_KEY_USAGE_DERIVE is set). */ -#define PSA_KEY_USAGE_PASSWORD_HASH_VERIFIER ((psa_key_usage_t)0x00010000) +#define PSA_KEY_USAGE_VERIFY_DERIVATION ((psa_key_usage_t)0x00008000) /**@}*/ From 88658becd4c06eb6757899d3c30e4717d1c939d2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Mon, 3 May 2021 10:28:57 +0200 Subject: [PATCH 025/188] Clarify algorithm constraint for verification MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Manuel Pégourié-Gonnard --- include/psa/crypto.h | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/include/psa/crypto.h b/include/psa/crypto.h index b92d194bf2..da2a15cfc2 100644 --- a/include/psa/crypto.h +++ b/include/psa/crypto.h @@ -3724,7 +3724,8 @@ psa_status_t psa_key_derivation_verify_bytes( * \param[in,out] operation The key derivation operation object to read from. * \param[in] expected A key of type #PSA_KEY_TYPE_RAW_DATA containing * the expected output. Its policy must include the - * #PSA_KEY_USAGE_VERIFY_DERIVATION flag. + * #PSA_KEY_USAGE_VERIFY_DERIVATION flag and the + * permitted algorithm must match the operation. * The value of this key was likely computed by a * previous call to psa_key_derivation_output_key(). * @@ -3737,7 +3738,8 @@ psa_status_t psa_key_derivation_verify_bytes( * \retval #PSA_ERROR_INVALID_ARGUMENT * The key passed as the expected value has an invalid type. * \retval #PSA_ERROR_NOT_PERMITTED - * The key passed as the expected value does not allow this usage. + * The key passed as the expected value does not allow this usage or + * this algorithm. * \retval #PSA_ERROR_INSUFFICIENT_DATA * The operation's capacity was less than * the length of the expected value. In this case, From 2171e421c6e1ba62e67436e44d8babd79fdd7f49 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Mon, 3 May 2021 10:49:54 +0200 Subject: [PATCH 026/188] Add new key type PASSWORD_HASH MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Manuel Pégourié-Gonnard --- include/psa/crypto.h | 16 +++++++++------- include/psa/crypto_values.h | 12 ++++++++++-- 2 files changed, 19 insertions(+), 9 deletions(-) diff --git a/include/psa/crypto.h b/include/psa/crypto.h index da2a15cfc2..074893fe5a 100644 --- a/include/psa/crypto.h +++ b/include/psa/crypto.h @@ -3536,7 +3536,8 @@ psa_status_t psa_key_derivation_output_bytes( * - #PSA_KEY_TYPE_ARC4; * - #PSA_KEY_TYPE_CAMELLIA; * - #PSA_KEY_TYPE_DERIVE; - * - #PSA_KEY_TYPE_HMAC. + * - #PSA_KEY_TYPE_HMAC; + * - #PSA_KEY_TYPE_PASSWORD_HASH. * * - For ECC keys on a Montgomery elliptic curve * (#PSA_KEY_TYPE_ECC_KEY_PAIR(\c curve) where \c curve designates a @@ -3722,12 +3723,13 @@ psa_status_t psa_key_derivation_verify_bytes( * psa_key_derivation_abort(). * * \param[in,out] operation The key derivation operation object to read from. - * \param[in] expected A key of type #PSA_KEY_TYPE_RAW_DATA containing - * the expected output. Its policy must include the - * #PSA_KEY_USAGE_VERIFY_DERIVATION flag and the - * permitted algorithm must match the operation. - * The value of this key was likely computed by a - * previous call to psa_key_derivation_output_key(). + * \param[in] expected A key of type #PSA_KEY_TYPE_PASSWORD_HASH + * containing the expected output. Its policy must + * include the #PSA_KEY_USAGE_VERIFY_DERIVATION flag + * and the permitted algorithm must match the + * operation. The value of this key was likely + * computed by a previous call to + * psa_key_derivation_output_key(). * * \retval #PSA_SUCCESS * \retval #PSA_ERROR_INVALID_SIGNATURE diff --git a/include/psa/crypto_values.h b/include/psa/crypto_values.h index faccaf6334..917a0a2633 100644 --- a/include/psa/crypto_values.h +++ b/include/psa/crypto_values.h @@ -443,12 +443,20 @@ */ #define PSA_KEY_TYPE_PASSWORD ((psa_key_type_t)0x1203) +/** A secret value that can be used to verify a password hash. + * + * The key policy determines which key derivation algorithm the key + * can be used for, among the same permissible subset as for + * #PSA_KEY_TYPE_PASSWORD. + */ +#define PSA_KEY_TYPE_PASSWORD_HASH ((psa_key_type_t)0x1205) + /** A secret value that can be used in when computing a password hash. * * The key policy determines which key derivation algorithm the key * can be used for, among the subset of algorithms that can use pepper. */ -#define PSA_KEY_TYPE_PEPPER ((psa_key_type_t)0x1205) +#define PSA_KEY_TYPE_PEPPER ((psa_key_type_t)0x1206) /** Key for a cipher, AEAD or MAC algorithm based on the AES block cipher. * @@ -2204,7 +2212,7 @@ static inline int mbedtls_svc_key_id_is_null( mbedtls_svc_key_id_t key ) * * This flag allows the key to be used: * - * - for a key of type #PSA_KEY_TYPE_RAW_DATA, as the \c key argument of + * - for a key of type #PSA_KEY_TYPE_PASSWORD_HASH, as the \c key argument of * psa_key_derivation_verify_key(); * - for a key of type #PSA_KEY_TYPE_PASSWORD (or #PSA_KEY_TYPE_DERIVE), as * the input to psa_key_derivation_input_key() at the step From b12de9ffc1dc773a187a3070deae4bf7a9db1dda Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Mon, 3 May 2021 11:02:56 +0200 Subject: [PATCH 027/188] Add new key types to crypto_knowledge.py MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Manuel Pégourié-Gonnard --- scripts/mbedtls_dev/crypto_knowledge.py | 3 +++ 1 file changed, 3 insertions(+) diff --git a/scripts/mbedtls_dev/crypto_knowledge.py b/scripts/mbedtls_dev/crypto_knowledge.py index 500aceafd8..aa5279027c 100644 --- a/scripts/mbedtls_dev/crypto_knowledge.py +++ b/scripts/mbedtls_dev/crypto_knowledge.py @@ -89,6 +89,9 @@ class KeyType: 'PSA_KEY_TYPE_DERIVE': (120, 128), # sample 'PSA_KEY_TYPE_DES': (64, 128, 192), # exhaustive 'PSA_KEY_TYPE_HMAC': (128, 160, 224, 256, 384, 512), # standard size for each supported hash + 'PSA_KEY_TYPE_PASSWORD': (48, 168, 336), # sample + 'PSA_KEY_TYPE_PASSWORD_HASH': (128, 256), # sample + 'PSA_KEY_TYPE_PEPPER': (128, 256), # sample 'PSA_KEY_TYPE_RAW_DATA': (8, 40, 128), # sample 'PSA_KEY_TYPE_RSA_KEY_PAIR': (1024, 1536), # small sample } From aa923b9fed860a06a4dfb93026b7ac6ae841414c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Mon, 3 May 2021 11:03:24 +0200 Subject: [PATCH 028/188] Update generated files MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Manuel Pégourié-Gonnard --- programs/psa/psa_constant_names_generated.c | 18 ++++++ ...te_psa_crypto_not_supported.generated.data | 56 +++++++++++++++++++ ...ite_psa_crypto_storage_format.current.data | 42 +++++++++++++- ...st_suite_psa_crypto_storage_format.v0.data | 42 +++++++++++++- 4 files changed, 152 insertions(+), 6 deletions(-) diff --git a/programs/psa/psa_constant_names_generated.c b/programs/psa/psa_constant_names_generated.c index 2175af9ff8..b7afbb9172 100644 --- a/programs/psa/psa_constant_names_generated.c +++ b/programs/psa/psa_constant_names_generated.c @@ -113,6 +113,9 @@ static int psa_snprint_key_type(char *buffer, size_t buffer_size, case PSA_KEY_TYPE_ECC_PUBLIC_KEY_BASE: append(&buffer, buffer_size, &required_size, "PSA_KEY_TYPE_ECC_PUBLIC_KEY_BASE", 32); break; case PSA_KEY_TYPE_HMAC: append(&buffer, buffer_size, &required_size, "PSA_KEY_TYPE_HMAC", 17); break; case PSA_KEY_TYPE_NONE: append(&buffer, buffer_size, &required_size, "PSA_KEY_TYPE_NONE", 17); break; + case PSA_KEY_TYPE_PASSWORD: append(&buffer, buffer_size, &required_size, "PSA_KEY_TYPE_PASSWORD", 21); break; + case PSA_KEY_TYPE_PASSWORD_HASH: append(&buffer, buffer_size, &required_size, "PSA_KEY_TYPE_PASSWORD_HASH", 26); break; + case PSA_KEY_TYPE_PEPPER: append(&buffer, buffer_size, &required_size, "PSA_KEY_TYPE_PEPPER", 19); break; case PSA_KEY_TYPE_RAW_DATA: append(&buffer, buffer_size, &required_size, "PSA_KEY_TYPE_RAW_DATA", 21); break; case PSA_KEY_TYPE_RSA_KEY_PAIR: append(&buffer, buffer_size, &required_size, "PSA_KEY_TYPE_RSA_KEY_PAIR", 25); break; case PSA_KEY_TYPE_RSA_PUBLIC_KEY: append(&buffer, buffer_size, &required_size, "PSA_KEY_TYPE_RSA_PUBLIC_KEY", 27); break; @@ -221,6 +224,7 @@ static int psa_snprint_algorithm(char *buffer, size_t buffer_size, case PSA_ALG_MD4: append(&buffer, buffer_size, &required_size, "PSA_ALG_MD4", 11); break; case PSA_ALG_MD5: append(&buffer, buffer_size, &required_size, "PSA_ALG_MD5", 11); break; case PSA_ALG_OFB: append(&buffer, buffer_size, &required_size, "PSA_ALG_OFB", 11); break; + case PSA_ALG_PBKDF2_HMAC_BASE: append(&buffer, buffer_size, &required_size, "PSA_ALG_PBKDF2_HMAC_BASE", 24); break; case PSA_ALG_PURE_EDDSA: append(&buffer, buffer_size, &required_size, "PSA_ALG_PURE_EDDSA", 18); break; case PSA_ALG_RIPEMD160: append(&buffer, buffer_size, &required_size, "PSA_ALG_RIPEMD160", 17); break; case PSA_ALG_RSA_OAEP_BASE: append(&buffer, buffer_size, &required_size, "PSA_ALG_RSA_OAEP_BASE", 21); break; @@ -286,6 +290,13 @@ static int psa_snprint_algorithm(char *buffer, size_t buffer_size, psa_hash_algorithm_name, PSA_ALG_GET_HASH(core_alg)); append(&buffer, buffer_size, &required_size, ")", 1); + } else if (PSA_ALG_IS_PBKDF2_HMAC(core_alg)) { + append(&buffer, buffer_size, &required_size, + "PSA_ALG_PBKDF2_HMAC(", 19 + 1); + append_with_alg(&buffer, buffer_size, &required_size, + psa_hash_algorithm_name, + PSA_ALG_GET_HASH(core_alg)); + append(&buffer, buffer_size, &required_size, ")", 1); } else if (PSA_ALG_IS_RSA_OAEP(core_alg)) { append(&buffer, buffer_size, &required_size, "PSA_ALG_RSA_OAEP(", 16 + 1); @@ -394,6 +405,13 @@ static int psa_snprint_key_usage(char *buffer, size_t buffer_size, append(&buffer, buffer_size, &required_size, "PSA_KEY_USAGE_SIGN_HASH", 23); usage ^= PSA_KEY_USAGE_SIGN_HASH; } + if (usage & PSA_KEY_USAGE_VERIFY_DERIVATION) { + if (required_size != 0) { + append(&buffer, buffer_size, &required_size, " | ", 3); + } + append(&buffer, buffer_size, &required_size, "PSA_KEY_USAGE_VERIFY_DERIVATION", 31); + usage ^= PSA_KEY_USAGE_VERIFY_DERIVATION; + } if (usage & PSA_KEY_USAGE_VERIFY_HASH) { if (required_size != 0) { append(&buffer, buffer_size, &required_size, " | ", 3); diff --git a/tests/suites/test_suite_psa_crypto_not_supported.generated.data b/tests/suites/test_suite_psa_crypto_not_supported.generated.data index e39c8ed8b3..23ce19ff14 100644 --- a/tests/suites/test_suite_psa_crypto_not_supported.generated.data +++ b/tests/suites/test_suite_psa_crypto_not_supported.generated.data @@ -152,6 +152,62 @@ PSA generate HMAC 512-bit not supported depends_on:!PSA_WANT_KEY_TYPE_HMAC generate_not_supported:PSA_KEY_TYPE_HMAC:512 +PSA import PASSWORD 48-bit not supported +depends_on:!PSA_WANT_KEY_TYPE_PASSWORD:DEPENDENCY_NOT_IMPLEMENTED_YET +import_not_supported:PSA_KEY_TYPE_PASSWORD:"486572650069" + +PSA generate PASSWORD 48-bit not supported +depends_on:!PSA_WANT_KEY_TYPE_PASSWORD:DEPENDENCY_NOT_IMPLEMENTED_YET +generate_not_supported:PSA_KEY_TYPE_PASSWORD:48 + +PSA import PASSWORD 168-bit not supported +depends_on:!PSA_WANT_KEY_TYPE_PASSWORD:DEPENDENCY_NOT_IMPLEMENTED_YET +import_not_supported:PSA_KEY_TYPE_PASSWORD:"48657265006973206b6579a0646174614865726500" + +PSA generate PASSWORD 168-bit not supported +depends_on:!PSA_WANT_KEY_TYPE_PASSWORD:DEPENDENCY_NOT_IMPLEMENTED_YET +generate_not_supported:PSA_KEY_TYPE_PASSWORD:168 + +PSA import PASSWORD 336-bit not supported +depends_on:!PSA_WANT_KEY_TYPE_PASSWORD:DEPENDENCY_NOT_IMPLEMENTED_YET +import_not_supported:PSA_KEY_TYPE_PASSWORD:"48657265006973206b6579a06461746148657265006973206b6579a06461746148657265006973206b65" + +PSA generate PASSWORD 336-bit not supported +depends_on:!PSA_WANT_KEY_TYPE_PASSWORD:DEPENDENCY_NOT_IMPLEMENTED_YET +generate_not_supported:PSA_KEY_TYPE_PASSWORD:336 + +PSA import PASSWORD_HASH 128-bit not supported +depends_on:!PSA_WANT_KEY_TYPE_PASSWORD_HASH:DEPENDENCY_NOT_IMPLEMENTED_YET +import_not_supported:PSA_KEY_TYPE_PASSWORD_HASH:"48657265006973206b6579a064617461" + +PSA generate PASSWORD_HASH 128-bit not supported +depends_on:!PSA_WANT_KEY_TYPE_PASSWORD_HASH:DEPENDENCY_NOT_IMPLEMENTED_YET +generate_not_supported:PSA_KEY_TYPE_PASSWORD_HASH:128 + +PSA import PASSWORD_HASH 256-bit not supported +depends_on:!PSA_WANT_KEY_TYPE_PASSWORD_HASH:DEPENDENCY_NOT_IMPLEMENTED_YET +import_not_supported:PSA_KEY_TYPE_PASSWORD_HASH:"48657265006973206b6579a06461746148657265006973206b6579a064617461" + +PSA generate PASSWORD_HASH 256-bit not supported +depends_on:!PSA_WANT_KEY_TYPE_PASSWORD_HASH:DEPENDENCY_NOT_IMPLEMENTED_YET +generate_not_supported:PSA_KEY_TYPE_PASSWORD_HASH:256 + +PSA import PEPPER 128-bit not supported +depends_on:!PSA_WANT_KEY_TYPE_PEPPER:DEPENDENCY_NOT_IMPLEMENTED_YET +import_not_supported:PSA_KEY_TYPE_PEPPER:"48657265006973206b6579a064617461" + +PSA generate PEPPER 128-bit not supported +depends_on:!PSA_WANT_KEY_TYPE_PEPPER:DEPENDENCY_NOT_IMPLEMENTED_YET +generate_not_supported:PSA_KEY_TYPE_PEPPER:128 + +PSA import PEPPER 256-bit not supported +depends_on:!PSA_WANT_KEY_TYPE_PEPPER:DEPENDENCY_NOT_IMPLEMENTED_YET +import_not_supported:PSA_KEY_TYPE_PEPPER:"48657265006973206b6579a06461746148657265006973206b6579a064617461" + +PSA generate PEPPER 256-bit not supported +depends_on:!PSA_WANT_KEY_TYPE_PEPPER:DEPENDENCY_NOT_IMPLEMENTED_YET +generate_not_supported:PSA_KEY_TYPE_PEPPER:256 + PSA import RSA_KEY_PAIR 1024-bit not supported depends_on:!PSA_WANT_KEY_TYPE_RSA_KEY_PAIR import_not_supported:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24" diff --git a/tests/suites/test_suite_psa_crypto_storage_format.current.data b/tests/suites/test_suite_psa_crypto_storage_format.current.data index f74d0e2736..546299ed36 100644 --- a/tests/suites/test_suite_psa_crypto_storage_format.current.data +++ b/tests/suites/test_suite_psa_crypto_storage_format.current.data @@ -28,6 +28,10 @@ PSA storage save: usage: SIGN_HASH depends_on:PSA_WANT_KEY_TYPE_RAW_DATA key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_SIGN_HASH:0x0000:0x0000:"4b":"505341004b455900000000000100000001100800001000000000000000000000010000004b" +PSA storage save: usage: VERIFY_DERIVATION +depends_on:PSA_WANT_KEY_TYPE_RAW_DATA +key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_VERIFY_DERIVATION:0x0000:0x0000:"4b":"505341004b455900000000000100000001100800008000000000000000000000010000004b" + PSA storage save: usage: VERIFY_HASH depends_on:PSA_WANT_KEY_TYPE_RAW_DATA key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_VERIFY_HASH:0x0000:0x0000:"4b":"505341004b455900000000000100000001100800002000000000000000000000010000004b" @@ -52,9 +56,13 @@ PSA storage save: usage: EXPORT | SIGN_HASH depends_on:PSA_WANT_KEY_TYPE_RAW_DATA key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH:0x0000:0x0000:"4b":"505341004b455900000000000100000001100800011000000000000000000000010000004b" -PSA storage save: usage: SIGN_HASH | VERIFY_HASH +PSA storage save: usage: SIGN_HASH | VERIFY_DERIVATION depends_on:PSA_WANT_KEY_TYPE_RAW_DATA -key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:0x0000:0x0000:"4b":"505341004b455900000000000100000001100800003000000000000000000000010000004b" +key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_DERIVATION:0x0000:0x0000:"4b":"505341004b455900000000000100000001100800009000000000000000000000010000004b" + +PSA storage save: usage: VERIFY_DERIVATION | VERIFY_HASH +depends_on:PSA_WANT_KEY_TYPE_RAW_DATA +key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_VERIFY_DERIVATION | PSA_KEY_USAGE_VERIFY_HASH:0x0000:0x0000:"4b":"505341004b45590000000000010000000110080000a000000000000000000000010000004b" PSA storage save: usage: VERIFY_HASH | COPY depends_on:PSA_WANT_KEY_TYPE_RAW_DATA @@ -62,7 +70,7 @@ key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_VERIFY_HASH | PSA_ PSA storage save: usage: all known depends_on:PSA_WANT_KEY_TYPE_RAW_DATA -key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_DERIVE | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:0x0000:0x0000:"4b":"505341004b455900000000000100000001100800037300000000000000000000010000004b" +key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_DERIVE | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_DERIVATION | PSA_KEY_USAGE_VERIFY_HASH:0x0000:0x0000:"4b":"505341004b45590000000000010000000110080003f300000000000000000000010000004b" PSA storage save: type: AES 128-bit depends_on:PSA_WANT_KEY_TYPE_AES @@ -148,6 +156,34 @@ PSA storage save: type: HMAC 512-bit depends_on:PSA_WANT_KEY_TYPE_HMAC key_storage_save:0x0001:PSA_KEY_TYPE_HMAC:512:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"48657265006973206b6579a06461746148657265006973206b6579a06461746148657265006973206b6579a06461746148657265006973206b6579a064617461":"505341004b4559000000000001000000001100020100000000000000000000004000000048657265006973206b6579a06461746148657265006973206b6579a06461746148657265006973206b6579a06461746148657265006973206b6579a064617461" +PSA storage save: type: PASSWORD 48-bit +depends_on:PSA_WANT_KEY_TYPE_PASSWORD +key_storage_save:0x0001:PSA_KEY_TYPE_PASSWORD:48:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"486572650069":"505341004b45590000000000010000000312300001000000000000000000000006000000486572650069" + +PSA storage save: type: PASSWORD 168-bit +depends_on:PSA_WANT_KEY_TYPE_PASSWORD +key_storage_save:0x0001:PSA_KEY_TYPE_PASSWORD:168:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"48657265006973206b6579a0646174614865726500":"505341004b45590000000000010000000312a8000100000000000000000000001500000048657265006973206b6579a0646174614865726500" + +PSA storage save: type: PASSWORD 336-bit +depends_on:PSA_WANT_KEY_TYPE_PASSWORD +key_storage_save:0x0001:PSA_KEY_TYPE_PASSWORD:336:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"48657265006973206b6579a06461746148657265006973206b6579a06461746148657265006973206b65":"505341004b4559000000000001000000031250010100000000000000000000002a00000048657265006973206b6579a06461746148657265006973206b6579a06461746148657265006973206b65" + +PSA storage save: type: PASSWORD_HASH 128-bit +depends_on:PSA_WANT_KEY_TYPE_PASSWORD_HASH +key_storage_save:0x0001:PSA_KEY_TYPE_PASSWORD_HASH:128:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"48657265006973206b6579a064617461":"505341004b4559000000000001000000051280000100000000000000000000001000000048657265006973206b6579a064617461" + +PSA storage save: type: PASSWORD_HASH 256-bit +depends_on:PSA_WANT_KEY_TYPE_PASSWORD_HASH +key_storage_save:0x0001:PSA_KEY_TYPE_PASSWORD_HASH:256:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"48657265006973206b6579a06461746148657265006973206b6579a064617461":"505341004b4559000000000001000000051200010100000000000000000000002000000048657265006973206b6579a06461746148657265006973206b6579a064617461" + +PSA storage save: type: PEPPER 128-bit +depends_on:PSA_WANT_KEY_TYPE_PEPPER +key_storage_save:0x0001:PSA_KEY_TYPE_PEPPER:128:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"48657265006973206b6579a064617461":"505341004b4559000000000001000000061280000100000000000000000000001000000048657265006973206b6579a064617461" + +PSA storage save: type: PEPPER 256-bit +depends_on:PSA_WANT_KEY_TYPE_PEPPER +key_storage_save:0x0001:PSA_KEY_TYPE_PEPPER:256:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"48657265006973206b6579a06461746148657265006973206b6579a064617461":"505341004b4559000000000001000000061200010100000000000000000000002000000048657265006973206b6579a06461746148657265006973206b6579a064617461" + PSA storage save: type: RAW_DATA 8-bit depends_on:PSA_WANT_KEY_TYPE_RAW_DATA key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"48":"505341004b4559000000000001000000011008000100000000000000000000000100000048" diff --git a/tests/suites/test_suite_psa_crypto_storage_format.v0.data b/tests/suites/test_suite_psa_crypto_storage_format.v0.data index 2b2f1b7a73..72d1eb8464 100644 --- a/tests/suites/test_suite_psa_crypto_storage_format.v0.data +++ b/tests/suites/test_suite_psa_crypto_storage_format.v0.data @@ -28,6 +28,10 @@ PSA storage read: usage: SIGN_HASH depends_on:PSA_WANT_KEY_TYPE_RAW_DATA key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_SIGN_HASH:0x0000:0x0000:"4b":"505341004b455900000000000100000001100800001000000000000000000000010000004b":0 +PSA storage read: usage: VERIFY_DERIVATION +depends_on:PSA_WANT_KEY_TYPE_RAW_DATA +key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_VERIFY_DERIVATION:0x0000:0x0000:"4b":"505341004b455900000000000100000001100800008000000000000000000000010000004b":0 + PSA storage read: usage: VERIFY_HASH depends_on:PSA_WANT_KEY_TYPE_RAW_DATA key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_VERIFY_HASH:0x0000:0x0000:"4b":"505341004b455900000000000100000001100800002000000000000000000000010000004b":0 @@ -52,9 +56,13 @@ PSA storage read: usage: EXPORT | SIGN_HASH depends_on:PSA_WANT_KEY_TYPE_RAW_DATA key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH:0x0000:0x0000:"4b":"505341004b455900000000000100000001100800011000000000000000000000010000004b":0 -PSA storage read: usage: SIGN_HASH | VERIFY_HASH +PSA storage read: usage: SIGN_HASH | VERIFY_DERIVATION depends_on:PSA_WANT_KEY_TYPE_RAW_DATA -key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:0x0000:0x0000:"4b":"505341004b455900000000000100000001100800003000000000000000000000010000004b":0 +key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_DERIVATION:0x0000:0x0000:"4b":"505341004b455900000000000100000001100800009000000000000000000000010000004b":0 + +PSA storage read: usage: VERIFY_DERIVATION | VERIFY_HASH +depends_on:PSA_WANT_KEY_TYPE_RAW_DATA +key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_VERIFY_DERIVATION | PSA_KEY_USAGE_VERIFY_HASH:0x0000:0x0000:"4b":"505341004b45590000000000010000000110080000a000000000000000000000010000004b":0 PSA storage read: usage: VERIFY_HASH | COPY depends_on:PSA_WANT_KEY_TYPE_RAW_DATA @@ -62,7 +70,7 @@ key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_VERIFY_HASH | PSA_ PSA storage read: usage: all known depends_on:PSA_WANT_KEY_TYPE_RAW_DATA -key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_DERIVE | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:0x0000:0x0000:"4b":"505341004b455900000000000100000001100800037300000000000000000000010000004b":0 +key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_DERIVE | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_DERIVATION | PSA_KEY_USAGE_VERIFY_HASH:0x0000:0x0000:"4b":"505341004b45590000000000010000000110080003f300000000000000000000010000004b":0 PSA storage read: type: AES 128-bit depends_on:PSA_WANT_KEY_TYPE_AES @@ -148,6 +156,34 @@ PSA storage read: type: HMAC 512-bit depends_on:PSA_WANT_KEY_TYPE_HMAC key_storage_read:0x0001:PSA_KEY_TYPE_HMAC:512:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"48657265006973206b6579a06461746148657265006973206b6579a06461746148657265006973206b6579a06461746148657265006973206b6579a064617461":"505341004b4559000000000001000000001100020100000000000000000000004000000048657265006973206b6579a06461746148657265006973206b6579a06461746148657265006973206b6579a06461746148657265006973206b6579a064617461":1 +PSA storage read: type: PASSWORD 48-bit +depends_on:PSA_WANT_KEY_TYPE_PASSWORD +key_storage_read:0x0001:PSA_KEY_TYPE_PASSWORD:48:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"486572650069":"505341004b45590000000000010000000312300001000000000000000000000006000000486572650069":1 + +PSA storage read: type: PASSWORD 168-bit +depends_on:PSA_WANT_KEY_TYPE_PASSWORD +key_storage_read:0x0001:PSA_KEY_TYPE_PASSWORD:168:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"48657265006973206b6579a0646174614865726500":"505341004b45590000000000010000000312a8000100000000000000000000001500000048657265006973206b6579a0646174614865726500":1 + +PSA storage read: type: PASSWORD 336-bit +depends_on:PSA_WANT_KEY_TYPE_PASSWORD +key_storage_read:0x0001:PSA_KEY_TYPE_PASSWORD:336:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"48657265006973206b6579a06461746148657265006973206b6579a06461746148657265006973206b65":"505341004b4559000000000001000000031250010100000000000000000000002a00000048657265006973206b6579a06461746148657265006973206b6579a06461746148657265006973206b65":1 + +PSA storage read: type: PASSWORD_HASH 128-bit +depends_on:PSA_WANT_KEY_TYPE_PASSWORD_HASH +key_storage_read:0x0001:PSA_KEY_TYPE_PASSWORD_HASH:128:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"48657265006973206b6579a064617461":"505341004b4559000000000001000000051280000100000000000000000000001000000048657265006973206b6579a064617461":1 + +PSA storage read: type: PASSWORD_HASH 256-bit +depends_on:PSA_WANT_KEY_TYPE_PASSWORD_HASH +key_storage_read:0x0001:PSA_KEY_TYPE_PASSWORD_HASH:256:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"48657265006973206b6579a06461746148657265006973206b6579a064617461":"505341004b4559000000000001000000051200010100000000000000000000002000000048657265006973206b6579a06461746148657265006973206b6579a064617461":1 + +PSA storage read: type: PEPPER 128-bit +depends_on:PSA_WANT_KEY_TYPE_PEPPER +key_storage_read:0x0001:PSA_KEY_TYPE_PEPPER:128:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"48657265006973206b6579a064617461":"505341004b4559000000000001000000061280000100000000000000000000001000000048657265006973206b6579a064617461":1 + +PSA storage read: type: PEPPER 256-bit +depends_on:PSA_WANT_KEY_TYPE_PEPPER +key_storage_read:0x0001:PSA_KEY_TYPE_PEPPER:256:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"48657265006973206b6579a06461746148657265006973206b6579a064617461":"505341004b4559000000000001000000061200010100000000000000000000002000000048657265006973206b6579a06461746148657265006973206b6579a064617461":1 + PSA storage read: type: RAW_DATA 8-bit depends_on:PSA_WANT_KEY_TYPE_RAW_DATA key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"48":"505341004b4559000000000001000000011008000100000000000000000000000100000048":0 From 6983b4fffcb062c5e5ebe595880686c2a2dca620 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Mon, 3 May 2021 11:41:49 +0200 Subject: [PATCH 029/188] Add identifier for PBKDF2 with AES-CMAC-PRF-128 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This algorithm is used for example by the Thread 1.1.1 specification, which is not public but can be obtained free of charge at https://www.threadgroup.org/ThreadSpec Here it doesn't really make sense to define a parametrised family, as this really seems to be the only use of PBKDF2 with a CMAC-based PRF (or with any PRF other than HMAC with SHA1 or SHA2, for that matter). Signed-off-by: Manuel Pégourié-Gonnard --- include/psa/crypto_values.h | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/include/psa/crypto_values.h b/include/psa/crypto_values.h index 917a0a2633..fa008d45a0 100644 --- a/include/psa/crypto_values.h +++ b/include/psa/crypto_values.h @@ -1779,6 +1779,17 @@ #define PSA_ALG_PBKDF2_HMAC_GET_HASH(hkdf_alg) \ (PSA_ALG_CATEGORY_HASH | ((hkdf_alg) & PSA_ALG_HASH_MASK)) +/** The PBKDF2-AES-CMAC-PRF-128 password hashing / key stretching algorithm. + * + * PBKDF2 is defined by PKCS#5, republished as RFC 8018 (section 5.2). + * This macro specifies the PBKDF2 algorithm constructed using the + * AES-CMAC-PRF-128 PRF specified by RFC 4615. + * + * This key derivation algorithm uses the same inputs as + * #PBKDF_ALG_PBKDF2_HMAC() with the same constraints. + */ +#define PSA_ALG_PBKDF2_AES_CMAC_PRF_128 ((psa_algorithm_t)0x08008200) + #define PSA_ALG_KEY_DERIVATION_MASK ((psa_algorithm_t)0xfe00ffff) #define PSA_ALG_KEY_AGREEMENT_MASK ((psa_algorithm_t)0xffff0000) From 40b81bf8f7ec9241dd4f99d4ec6de32cafb4aa00 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Mon, 3 May 2021 11:53:40 +0200 Subject: [PATCH 030/188] Introduce PSA_ALG_GET_HASH() MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit No need to introduce a specific macro for PBKDF2-HMAC when the PSA spec already has a generic one. Documentation from: https://armmbed.github.io/mbed-crypto/html/api/ops/algorithms.html#c.PSA_ALG_GET_HASH Implementation from: https://armmbed.github.io/mbed-crypto/html/appendix/specdef_values.html Signed-off-by: Manuel Pégourié-Gonnard --- include/psa/crypto_values.h | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/include/psa/crypto_values.h b/include/psa/crypto_values.h index fa008d45a0..6d34b0640b 100644 --- a/include/psa/crypto_values.h +++ b/include/psa/crypto_values.h @@ -1776,8 +1776,6 @@ */ #define PSA_ALG_IS_PBKDF2_HMAC(alg) \ (((alg) & ~PSA_ALG_HASH_MASK) == PSA_ALG_PBKDF2_HMAC_BASE) -#define PSA_ALG_PBKDF2_HMAC_GET_HASH(hkdf_alg) \ - (PSA_ALG_CATEGORY_HASH | ((hkdf_alg) & PSA_ALG_HASH_MASK)) /** The PBKDF2-AES-CMAC-PRF-128 password hashing / key stretching algorithm. * @@ -1927,6 +1925,18 @@ (alg & PSA_ALG_AEAD_AT_LEAST_THIS_LENGTH_FLAG) != 0 : \ (alg) == PSA_ALG_ANY_HASH) +/** Get the hash used by a composite algorithm. + * + * \param alg An algorithm identifier (value of type #psa_algorithm_t). + * + * \return The underlying hash algorithm if alg is a composite algorithm that + * uses a hash algorithm. + * + * \return #PSA_ALG_NONE if alg is not a composite algorithm that uses a hash. + */ +#define PSA_ALG_GET_HASH(alg) \ + (((alg) & 0x000000ff) == 0 ? PSA_ALG_NONE : 0x02000000 | ((alg) & 0x000000ff)) + /**@}*/ /** \defgroup key_lifetimes Key lifetimes From c7f8dbe837fce2c599e3c227165dfcb94f2f699e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 4 May 2021 09:41:35 +0200 Subject: [PATCH 031/188] Update generated files MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Manuel Pégourié-Gonnard --- programs/psa/psa_constant_names_generated.c | 1 + .../test_suite_psa_crypto_storage_format.current.data | 8 ++++++++ tests/suites/test_suite_psa_crypto_storage_format.v0.data | 8 ++++++++ 3 files changed, 17 insertions(+) diff --git a/programs/psa/psa_constant_names_generated.c b/programs/psa/psa_constant_names_generated.c index b7afbb9172..34919df769 100644 --- a/programs/psa/psa_constant_names_generated.c +++ b/programs/psa/psa_constant_names_generated.c @@ -224,6 +224,7 @@ static int psa_snprint_algorithm(char *buffer, size_t buffer_size, case PSA_ALG_MD4: append(&buffer, buffer_size, &required_size, "PSA_ALG_MD4", 11); break; case PSA_ALG_MD5: append(&buffer, buffer_size, &required_size, "PSA_ALG_MD5", 11); break; case PSA_ALG_OFB: append(&buffer, buffer_size, &required_size, "PSA_ALG_OFB", 11); break; + case PSA_ALG_PBKDF2_AES_CMAC_PRF_128: append(&buffer, buffer_size, &required_size, "PSA_ALG_PBKDF2_AES_CMAC_PRF_128", 31); break; case PSA_ALG_PBKDF2_HMAC_BASE: append(&buffer, buffer_size, &required_size, "PSA_ALG_PBKDF2_HMAC_BASE", 24); break; case PSA_ALG_PURE_EDDSA: append(&buffer, buffer_size, &required_size, "PSA_ALG_PURE_EDDSA", 18); break; case PSA_ALG_RIPEMD160: append(&buffer, buffer_size, &required_size, "PSA_ALG_RIPEMD160", 17); break; diff --git a/tests/suites/test_suite_psa_crypto_storage_format.current.data b/tests/suites/test_suite_psa_crypto_storage_format.current.data index 546299ed36..6c280a2f7c 100644 --- a/tests/suites/test_suite_psa_crypto_storage_format.current.data +++ b/tests/suites/test_suite_psa_crypto_storage_format.current.data @@ -620,6 +620,14 @@ PSA storage save: alg2: PSA_ALG_OFB depends_on:PSA_WANT_ALG_OFB:PSA_WANT_KEY_TYPE_RAW_DATA key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_OFB:"4c":"505341004b45590000000000010000000110080001000000000000000012c004010000004c" +PSA storage save: alg: PSA_ALG_PBKDF2_AES_CMAC_PRF_128 +depends_on:PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_WANT_KEY_TYPE_RAW_DATA +key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_PBKDF2_AES_CMAC_PRF_128:0x0000:"4b":"505341004b455900000000000100000001100800010000000082000800000000010000004b" + +PSA storage save: alg2: PSA_ALG_PBKDF2_AES_CMAC_PRF_128 +depends_on:PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_WANT_KEY_TYPE_RAW_DATA +key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_PBKDF2_AES_CMAC_PRF_128:"4c":"505341004b455900000000000100000001100800010000000000000000820008010000004c" + PSA storage save: alg: PSA_ALG_PURE_EDDSA depends_on:PSA_WANT_ALG_PURE_EDDSA:PSA_WANT_KEY_TYPE_RAW_DATA key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_PURE_EDDSA:0x0000:"4b":"505341004b455900000000000100000001100800010000000008000600000000010000004b" diff --git a/tests/suites/test_suite_psa_crypto_storage_format.v0.data b/tests/suites/test_suite_psa_crypto_storage_format.v0.data index 72d1eb8464..83f80232d1 100644 --- a/tests/suites/test_suite_psa_crypto_storage_format.v0.data +++ b/tests/suites/test_suite_psa_crypto_storage_format.v0.data @@ -620,6 +620,14 @@ PSA storage read: alg2: PSA_ALG_OFB depends_on:PSA_WANT_ALG_OFB:PSA_WANT_KEY_TYPE_RAW_DATA key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_OFB:"4c":"505341004b45590000000000010000000110080001000000000000000012c004010000004c":0 +PSA storage read: alg: PSA_ALG_PBKDF2_AES_CMAC_PRF_128 +depends_on:PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_WANT_KEY_TYPE_RAW_DATA +key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_PBKDF2_AES_CMAC_PRF_128:0x0000:"4b":"505341004b455900000000000100000001100800010000000082000800000000010000004b":0 + +PSA storage read: alg2: PSA_ALG_PBKDF2_AES_CMAC_PRF_128 +depends_on:PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_WANT_KEY_TYPE_RAW_DATA +key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_PBKDF2_AES_CMAC_PRF_128:"4c":"505341004b455900000000000100000001100800010000000000000000820008010000004c":0 + PSA storage read: alg: PSA_ALG_PURE_EDDSA depends_on:PSA_WANT_ALG_PURE_EDDSA:PSA_WANT_KEY_TYPE_RAW_DATA key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_PURE_EDDSA:0x0000:"4b":"505341004b455900000000000100000001100800010000000008000600000000010000004b":0 From 805251b70c8e069b5e25b558f9f15b53dc0f6473 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 4 May 2021 09:49:59 +0200 Subject: [PATCH 032/188] Update psa_validate_key_policy() for the new policy MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Manuel Pégourié-Gonnard --- library/psa_crypto.c | 1 + 1 file changed, 1 insertion(+) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 32568b3225..f2245f14c9 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -1571,6 +1571,7 @@ static psa_status_t psa_validate_key_policy( const psa_key_policy_t *policy ) PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | + PSA_KEY_USAGE_VERIFY_DERIVATION | PSA_KEY_USAGE_DERIVE ) ) != 0 ) return( PSA_ERROR_INVALID_ARGUMENT ); From 06638ae3e8ccb5973243ba7e7ebce0d8384eba9c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 4 May 2021 10:19:37 +0200 Subject: [PATCH 033/188] Update "key stretching" flag MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Manuel Pégourié-Gonnard --- include/psa/crypto_values.h | 8 +++++--- .../test_suite_psa_crypto_storage_format.current.data | 4 ++-- tests/suites/test_suite_psa_crypto_storage_format.v0.data | 4 ++-- 3 files changed, 9 insertions(+), 7 deletions(-) diff --git a/include/psa/crypto_values.h b/include/psa/crypto_values.h index 6d34b0640b..4f75b1f66c 100644 --- a/include/psa/crypto_values.h +++ b/include/psa/crypto_values.h @@ -1733,10 +1733,12 @@ * use on low-entropy secrets such as password - these algorithms are also * known as key stretching or password hashing schemes. These are also the * algorithms that accepts inputs of type #PSA_KEY_DERIVATION_INPUT_PASSWORD. + * + * Those algorithms cannot be combined with a key agreement algorithm. */ -#define PSA_ALG_KEY_DERIVATION_STRETCHING_FLAG ((psa_algorithm_t)0x00008000) +#define PSA_ALG_KEY_DERIVATION_STRETCHING_FLAG ((psa_algorithm_t)0x00800000) -#define PSA_ALG_PBKDF2_HMAC_BASE ((psa_algorithm_t)0x08008100) +#define PSA_ALG_PBKDF2_HMAC_BASE ((psa_algorithm_t)0x08800100) /** Macro to build a PBKDF2-HMAC password hashing / key stretching algorithm. * * PBKDF2 is defined by PKCS#5, republished as RFC 8018 (section 5.2). @@ -1786,7 +1788,7 @@ * This key derivation algorithm uses the same inputs as * #PBKDF_ALG_PBKDF2_HMAC() with the same constraints. */ -#define PSA_ALG_PBKDF2_AES_CMAC_PRF_128 ((psa_algorithm_t)0x08008200) +#define PSA_ALG_PBKDF2_AES_CMAC_PRF_128 ((psa_algorithm_t)0x08800200) #define PSA_ALG_KEY_DERIVATION_MASK ((psa_algorithm_t)0xfe00ffff) #define PSA_ALG_KEY_AGREEMENT_MASK ((psa_algorithm_t)0xffff0000) diff --git a/tests/suites/test_suite_psa_crypto_storage_format.current.data b/tests/suites/test_suite_psa_crypto_storage_format.current.data index 6c280a2f7c..732b80b6b9 100644 --- a/tests/suites/test_suite_psa_crypto_storage_format.current.data +++ b/tests/suites/test_suite_psa_crypto_storage_format.current.data @@ -622,11 +622,11 @@ key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ PSA storage save: alg: PSA_ALG_PBKDF2_AES_CMAC_PRF_128 depends_on:PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_WANT_KEY_TYPE_RAW_DATA -key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_PBKDF2_AES_CMAC_PRF_128:0x0000:"4b":"505341004b455900000000000100000001100800010000000082000800000000010000004b" +key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_PBKDF2_AES_CMAC_PRF_128:0x0000:"4b":"505341004b455900000000000100000001100800010000000002800800000000010000004b" PSA storage save: alg2: PSA_ALG_PBKDF2_AES_CMAC_PRF_128 depends_on:PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_WANT_KEY_TYPE_RAW_DATA -key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_PBKDF2_AES_CMAC_PRF_128:"4c":"505341004b455900000000000100000001100800010000000000000000820008010000004c" +key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_PBKDF2_AES_CMAC_PRF_128:"4c":"505341004b455900000000000100000001100800010000000000000000028008010000004c" PSA storage save: alg: PSA_ALG_PURE_EDDSA depends_on:PSA_WANT_ALG_PURE_EDDSA:PSA_WANT_KEY_TYPE_RAW_DATA diff --git a/tests/suites/test_suite_psa_crypto_storage_format.v0.data b/tests/suites/test_suite_psa_crypto_storage_format.v0.data index 83f80232d1..82f55dd5da 100644 --- a/tests/suites/test_suite_psa_crypto_storage_format.v0.data +++ b/tests/suites/test_suite_psa_crypto_storage_format.v0.data @@ -622,11 +622,11 @@ key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ PSA storage read: alg: PSA_ALG_PBKDF2_AES_CMAC_PRF_128 depends_on:PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_WANT_KEY_TYPE_RAW_DATA -key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_PBKDF2_AES_CMAC_PRF_128:0x0000:"4b":"505341004b455900000000000100000001100800010000000082000800000000010000004b":0 +key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_PBKDF2_AES_CMAC_PRF_128:0x0000:"4b":"505341004b455900000000000100000001100800010000000002800800000000010000004b":0 PSA storage read: alg2: PSA_ALG_PBKDF2_AES_CMAC_PRF_128 depends_on:PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_WANT_KEY_TYPE_RAW_DATA -key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_PBKDF2_AES_CMAC_PRF_128:"4c":"505341004b455900000000000100000001100800010000000000000000820008010000004c":0 +key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_PBKDF2_AES_CMAC_PRF_128:"4c":"505341004b455900000000000100000001100800010000000000000000028008010000004c":0 PSA storage read: alg: PSA_ALG_PURE_EDDSA depends_on:PSA_WANT_ALG_PURE_EDDSA:PSA_WANT_KEY_TYPE_RAW_DATA From c149e1de9b77e380c43bb01122aaaf9a59e18166 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 4 May 2021 10:25:05 +0200 Subject: [PATCH 034/188] Remove duplicated definition of PSA_ALG_GET_HASH() MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Manuel Pégourié-Gonnard --- programs/psa/psa_constant_names.c | 6 ------ 1 file changed, 6 deletions(-) diff --git a/programs/psa/psa_constant_names.c b/programs/psa/psa_constant_names.c index 14d449441c..b5fea04ddc 100644 --- a/programs/psa/psa_constant_names.c +++ b/programs/psa/psa_constant_names.c @@ -52,12 +52,6 @@ int snprintf( char *s, size_t n, const char *fmt, ... ) } #endif -/* There are different GET_HASH macros for different kinds of algorithms - * built from hashes, but the values are all constructed on the - * same model. */ -#define PSA_ALG_GET_HASH(alg) \ - (((alg) & PSA_ALG_HASH_MASK) | PSA_ALG_CATEGORY_HASH) - static void append(char **buffer, size_t buffer_size, size_t *required_size, const char *string, size_t length) From 71d955a79d4a8fbb9b579c00abd194cc019439c2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 4 May 2021 10:32:39 +0200 Subject: [PATCH 035/188] Introduce PSA_ALG_NONE MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit It is required by the standard definition of PSA_ALG_GET_HASH. Documentation and definition from: https://armmbed.github.io/mbed-crypto/html/api/ops/algorithms.html#c.PSA_ALG_NONE Signed-off-by: Manuel Pégourié-Gonnard --- include/psa/crypto_values.h | 6 ++++++ programs/psa/psa_constant_names_generated.c | 1 + 2 files changed, 7 insertions(+) diff --git a/include/psa/crypto_values.h b/include/psa/crypto_values.h index 4f75b1f66c..304182519f 100644 --- a/include/psa/crypto_values.h +++ b/include/psa/crypto_values.h @@ -713,6 +713,12 @@ 1u << PSA_GET_KEY_TYPE_BLOCK_SIZE_EXPONENT(type) : \ 0u) +/** An invalid algorithm identifier value. + * + * Zero is not the encoding of any algorithm. + */ +#define PSA_ALG_NONE ((psa_algorithm_t)0) + /** Vendor-defined algorithm flag. * * Algorithms defined by this standard will never have the #PSA_ALG_VENDOR_FLAG diff --git a/programs/psa/psa_constant_names_generated.c b/programs/psa/psa_constant_names_generated.c index 34919df769..63c79ee9cc 100644 --- a/programs/psa/psa_constant_names_generated.c +++ b/programs/psa/psa_constant_names_generated.c @@ -223,6 +223,7 @@ static int psa_snprint_algorithm(char *buffer, size_t buffer_size, case PSA_ALG_MD2: append(&buffer, buffer_size, &required_size, "PSA_ALG_MD2", 11); break; case PSA_ALG_MD4: append(&buffer, buffer_size, &required_size, "PSA_ALG_MD4", 11); break; case PSA_ALG_MD5: append(&buffer, buffer_size, &required_size, "PSA_ALG_MD5", 11); break; + case PSA_ALG_NONE: append(&buffer, buffer_size, &required_size, "PSA_ALG_NONE", 12); break; case PSA_ALG_OFB: append(&buffer, buffer_size, &required_size, "PSA_ALG_OFB", 11); break; case PSA_ALG_PBKDF2_AES_CMAC_PRF_128: append(&buffer, buffer_size, &required_size, "PSA_ALG_PBKDF2_AES_CMAC_PRF_128", 31); break; case PSA_ALG_PBKDF2_HMAC_BASE: append(&buffer, buffer_size, &required_size, "PSA_ALG_PBKDF2_HMAC_BASE", 24); break; From 5b79ee252e56b068a63d4753c6a87d51a430f0cd Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 4 May 2021 10:34:56 +0200 Subject: [PATCH 036/188] Fix typo in doxygen reference MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Manuel Pégourié-Gonnard --- include/psa/crypto_values.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/psa/crypto_values.h b/include/psa/crypto_values.h index 304182519f..0f156a80f0 100644 --- a/include/psa/crypto_values.h +++ b/include/psa/crypto_values.h @@ -1792,7 +1792,7 @@ * AES-CMAC-PRF-128 PRF specified by RFC 4615. * * This key derivation algorithm uses the same inputs as - * #PBKDF_ALG_PBKDF2_HMAC() with the same constraints. + * #PSA_ALG_PBKDF2_HMAC() with the same constraints. */ #define PSA_ALG_PBKDF2_AES_CMAC_PRF_128 ((psa_algorithm_t)0x08800200) From acfde465f0916eaf98c8d24007420efc545e199e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Wed, 5 May 2021 09:54:22 +0200 Subject: [PATCH 037/188] Mention USAGE_VERIFY_DERIVATION in input_key() MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Manuel Pégourié-Gonnard --- include/psa/crypto.h | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/include/psa/crypto.h b/include/psa/crypto.h index 074893fe5a..84cd90313b 100644 --- a/include/psa/crypto.h +++ b/include/psa/crypto.h @@ -3358,7 +3358,8 @@ psa_status_t psa_key_derivation_input_integer( * \param step Which step the input data is for. * \param key Identifier of the key. It must have an * appropriate type for step and must allow the - * usage #PSA_KEY_USAGE_DERIVE. + * usage #PSA_KEY_USAGE_DERIVE or + * #PSA_KEY_USAGE_VERIFY_DERIVATION. * * \retval #PSA_SUCCESS * Success. From 730f62a80ac675407359e28d4d887d4d90bffaec Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Wed, 5 May 2021 10:05:06 +0200 Subject: [PATCH 038/188] Clarify the case of direct inputs MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Now use the same description for INPUT_SECRET and INPUT_PASSWORD too. Signed-off-by: Manuel Pégourié-Gonnard --- include/psa/crypto_values.h | 17 +++++++++++------ 1 file changed, 11 insertions(+), 6 deletions(-) diff --git a/include/psa/crypto_values.h b/include/psa/crypto_values.h index 0f156a80f0..f7d83020ba 100644 --- a/include/psa/crypto_values.h +++ b/include/psa/crypto_values.h @@ -2267,10 +2267,11 @@ static inline int mbedtls_svc_key_id_is_null( mbedtls_svc_key_id_t key ) * * The secret can also be a direct input (passed to * key_derivation_input_bytes()). In this case, the derivation operation - * may not be used to derive keys: the operation will only allow + * may not be used to derive or verify keys: the operation will only allow * psa_key_derivation_output_bytes() or - * psa_key_derivation_verify_xxx() but not - * psa_key_derivation_output_key(). + * psa_key_derivation_verify_bytes() but not + * psa_key_derivation_output_key() or + * psa_key_derivation_verify_key(). */ #define PSA_KEY_DERIVATION_INPUT_SECRET ((psa_key_derivation_step_t)0x0101) @@ -2282,9 +2283,13 @@ static inline int mbedtls_svc_key_id_is_null( mbedtls_svc_key_id_t key ) * also be high-entropy secret such as a key of type #PSA_KEY_TYPE_DERIVE or * the shared secret resulting from a key agreement. * - * If the secret is a direct input, the derivation operation - * may not be used to derive keys: the operation will only allow - * psa_key_derivation_output_bytes(), not psa_key_derivation_output_key(). + * The secret can also be a direct input (passed to + * key_derivation_input_bytes()). In this case, the derivation operation + * may not be used to derive or verify keys: the operation will only allow + * psa_key_derivation_output_bytes() or + * psa_key_derivation_verify_bytes(), not + * psa_key_derivation_output_key() or + * psa_key_derivation_verify_key(). */ #define PSA_KEY_DERIVATION_INPUT_PASSWORD ((psa_key_derivation_step_t)0x0102) From ece9087b9375b841b724d5f5551fc8d0347c4254 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Wed, 5 May 2021 10:26:29 +0200 Subject: [PATCH 039/188] Clarify requirement on usage flags MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Manuel Pégourié-Gonnard --- include/psa/crypto.h | 37 +++++++++++++++++++++++++++++++++---- 1 file changed, 33 insertions(+), 4 deletions(-) diff --git a/include/psa/crypto.h b/include/psa/crypto.h index 84cd90313b..ae4970c225 100644 --- a/include/psa/crypto.h +++ b/include/psa/crypto.h @@ -3359,12 +3359,30 @@ psa_status_t psa_key_derivation_input_integer( * \param key Identifier of the key. It must have an * appropriate type for step and must allow the * usage #PSA_KEY_USAGE_DERIVE or - * #PSA_KEY_USAGE_VERIFY_DERIVATION. + * #PSA_KEY_USAGE_VERIFY_DERIVATION (see note) + * and the algorithm used by the operation. + * + * \note Once all inputs steps are completed, the operations will allow: + * - psa_key_derivation_output_bytes() if each input was either a direct input + * or a key with #PSA_KEY_USAGE_DERIVE set; + * - psa_key_derivation_output_key() if each input was either a direct input + * or a key with #PSA_KEY_USAGE_DERIVE set and input for step + * #PSA_KEY_DERIVATION_INPUT_SECRET or #PSA_KEY_DERIVATION_INPUT_PASSWORD + * was from a key slot; + * - psa_key_derivation_verify_bytes() if each input was either a direct input + * or a key with #PSA_KEY_USAGE_VERIFY_DERIVATION set; + * - psa_key_derivation_verify_key() if each input was either a direct input + * or a key with #PSA_KEY_USAGE_VERIFY_DERIVATION set and input for step + * #PSA_KEY_DERIVATION_INPUT_SECRET or #PSA_KEY_DERIVATION_INPUT_PASSWORD + * was from a key slot. * * \retval #PSA_SUCCESS * Success. * \retval #PSA_ERROR_INVALID_HANDLE * \retval #PSA_ERROR_NOT_PERMITTED + * The key allows neither #PSA_KEY_USAGE_DERIVE nor + * #PSA_KEY_USAGE_VERIFY_DERIVATION, or it doesn't allow this + * algorithm. * \retval #PSA_ERROR_INVALID_ARGUMENT * \c step is not compatible with the operation's algorithm. * \retval #PSA_ERROR_INVALID_ARGUMENT @@ -3477,6 +3495,9 @@ psa_status_t psa_key_derivation_key_agreement( * \param output_length Number of bytes to output. * * \retval #PSA_SUCCESS + * \retval #PSA_ERROR_NOT_PERMITTED + * One of the inputs was a key whose policy didn't allow + * #PSA_KEY_USAGE_DERIVE. * \retval #PSA_ERROR_INSUFFICIENT_DATA * The operation's capacity was less than * \p output_length bytes. Note that in this case, @@ -3624,8 +3645,10 @@ psa_status_t psa_key_derivation_output_bytes( * \retval #PSA_ERROR_INVALID_ARGUMENT * The provided key attributes are not valid for the operation. * \retval #PSA_ERROR_NOT_PERMITTED - * The #PSA_KEY_DERIVATION_INPUT_SECRET input was not provided through - * a key. + * The #PSA_KEY_DERIVATION_INPUT_SECRET or + * #PSA_KEY_DERIVATION_INPUT_PASSWORD input was not provided through a + * key; or one of the inputs was a key whose policy didn't allow + * #PSA_KEY_USAGE_DERIVE. * \retval #PSA_ERROR_BAD_STATE * The operation state is not valid (it must be active and completed * all required input steps). @@ -3679,6 +3702,9 @@ psa_status_t psa_key_derivation_output_key( * \retval #PSA_ERROR_INVALID_SIGNATURE * The output was read successfully, but if differs from the expected * output. + * \retval #PSA_ERROR_NOT_PERMITTED + * One of the inputs was a key whose policy didn't allow + * #PSA_KEY_USAGE_VERIFY_DERIVATION. * \retval #PSA_ERROR_INSUFFICIENT_DATA * The operation's capacity was less than * \p output_length bytes. Note that in this case, @@ -3742,7 +3768,10 @@ psa_status_t psa_key_derivation_verify_bytes( * The key passed as the expected value has an invalid type. * \retval #PSA_ERROR_NOT_PERMITTED * The key passed as the expected value does not allow this usage or - * this algorithm. + * this algorithm; or the #PSA_KEY_DERIVATION_INPUT_SECRET or + * #PSA_KEY_DERIVATION_INPUT_PASSWORD input was not provided through a + * key; or one of the inputs was a key whose policy didn't allow + * #PSA_KEY_USAGE_DERIVE. * \retval #PSA_ERROR_INSUFFICIENT_DATA * The operation's capacity was less than * the length of the expected value. In this case, From e0de27729e6afc076f5560c7a408af797465c392 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 6 May 2021 11:34:07 +0200 Subject: [PATCH 040/188] Changelog entry for no longer explicitly invoking python2 Signed-off-by: Gilles Peskine --- ChangeLog.d/make-generate-tests-python.txt | 3 +++ 1 file changed, 3 insertions(+) create mode 100644 ChangeLog.d/make-generate-tests-python.txt diff --git a/ChangeLog.d/make-generate-tests-python.txt b/ChangeLog.d/make-generate-tests-python.txt new file mode 100644 index 0000000000..4b9009d6f8 --- /dev/null +++ b/ChangeLog.d/make-generate-tests-python.txt @@ -0,0 +1,3 @@ +Changes + * When building the test suites with GNU make, invoke python3 or python, not + python2, which is no longer supported upstream. From 99cce1dd4fe7b18b8c219a52ba49f51e6e48acb6 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 6 May 2021 11:36:50 +0200 Subject: [PATCH 041/188] Remove copy-pasted definition of PYTHON that wasn't used Signed-off-by: Gilles Peskine --- programs/fuzz/Makefile | 2 -- 1 file changed, 2 deletions(-) diff --git a/programs/fuzz/Makefile b/programs/fuzz/Makefile index fa17918fad..084fc241ec 100644 --- a/programs/fuzz/Makefile +++ b/programs/fuzz/Makefile @@ -20,8 +20,6 @@ endif DLEXT ?= so EXEXT= SHARED_SUFFIX= -# python2 for POSIX since FreeBSD has only python2 as default. -PYTHON ?= python2 # Zlib shared library extensions: ifdef ZLIB From f9a68ad62a5ea783f1c3a6ad51ced87cabf36a80 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Fri, 7 May 2021 12:11:38 +0200 Subject: [PATCH 042/188] Fix typos MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Manuel Pégourié-Gonnard --- docs/proposed/psa-driver-interface.md | 4 ++-- include/psa/crypto_values.h | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/docs/proposed/psa-driver-interface.md b/docs/proposed/psa-driver-interface.md index 0e9877df57..9e46eb0bdb 100644 --- a/docs/proposed/psa-driver-interface.md +++ b/docs/proposed/psa-driver-interface.md @@ -309,8 +309,8 @@ This family requires the following type and entry points: * `"key_derivation_input_key"` (opaque drivers only) * `"key_derivation_output_bytes"`: called by `psa_key_derivation_output_bytes()`; also by `psa_key_derivation_output_key()` for transparent drivers. * `"key_derivation_output_key"`: called by `psa_key_derivation_output_key()` for transparent drivers when deriving an asymmetric key pair, and also for opaque drivers. -* `"key_derivation_verify_output_bytes"` (opaque drivers only). -* `"key_derivation_verify_output_key"` (opaque drivers only). +* `"key_derivation_verify_bytes"` (opaque drivers only). +* `"key_derivation_verify_key"` (opaque drivers only). * `"key_derivation_abort"`: called by all key derivation functions of the PSA Cryptography API. TODO: key input and output for opaque drivers; deterministic key generation for transparent drivers diff --git a/include/psa/crypto_values.h b/include/psa/crypto_values.h index f7d83020ba..722f5bafe2 100644 --- a/include/psa/crypto_values.h +++ b/include/psa/crypto_values.h @@ -425,7 +425,7 @@ * This key type is suitable for passwords and passphrases which are typically * intended to be memorizable by humans, and have a low entropy relative to * their size. It can be used for randomly generated or derived keys with - * maximum or near-maximum entropy, but PSA_KEY_TYPE_DERIVE is more suitable + * maximum or near-maximum entropy, but #PSA_KEY_TYPE_DERIVE is more suitable * for such keys. It is not suitable for passwords with extremely low entropy, * such as numerical PINs. * From f0c28eff09288fde5cead64d07eaef450fe3843a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Fri, 7 May 2021 12:13:48 +0200 Subject: [PATCH 043/188] Avoid introducing PSA_ALG_NONE for now MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Manuel Pégourié-Gonnard --- include/psa/crypto_values.h | 10 ++-------- programs/psa/psa_constant_names_generated.c | 1 - 2 files changed, 2 insertions(+), 9 deletions(-) diff --git a/include/psa/crypto_values.h b/include/psa/crypto_values.h index 722f5bafe2..5fba5382c0 100644 --- a/include/psa/crypto_values.h +++ b/include/psa/crypto_values.h @@ -713,12 +713,6 @@ 1u << PSA_GET_KEY_TYPE_BLOCK_SIZE_EXPONENT(type) : \ 0u) -/** An invalid algorithm identifier value. - * - * Zero is not the encoding of any algorithm. - */ -#define PSA_ALG_NONE ((psa_algorithm_t)0) - /** Vendor-defined algorithm flag. * * Algorithms defined by this standard will never have the #PSA_ALG_VENDOR_FLAG @@ -1940,10 +1934,10 @@ * \return The underlying hash algorithm if alg is a composite algorithm that * uses a hash algorithm. * - * \return #PSA_ALG_NONE if alg is not a composite algorithm that uses a hash. + * \return \c 0 if alg is not a composite algorithm that uses a hash. */ #define PSA_ALG_GET_HASH(alg) \ - (((alg) & 0x000000ff) == 0 ? PSA_ALG_NONE : 0x02000000 | ((alg) & 0x000000ff)) + (((alg) & 0x000000ff) == 0 ? ((psa_algorithm_t)0) : 0x02000000 | ((alg) & 0x000000ff)) /**@}*/ diff --git a/programs/psa/psa_constant_names_generated.c b/programs/psa/psa_constant_names_generated.c index 63c79ee9cc..34919df769 100644 --- a/programs/psa/psa_constant_names_generated.c +++ b/programs/psa/psa_constant_names_generated.c @@ -223,7 +223,6 @@ static int psa_snprint_algorithm(char *buffer, size_t buffer_size, case PSA_ALG_MD2: append(&buffer, buffer_size, &required_size, "PSA_ALG_MD2", 11); break; case PSA_ALG_MD4: append(&buffer, buffer_size, &required_size, "PSA_ALG_MD4", 11); break; case PSA_ALG_MD5: append(&buffer, buffer_size, &required_size, "PSA_ALG_MD5", 11); break; - case PSA_ALG_NONE: append(&buffer, buffer_size, &required_size, "PSA_ALG_NONE", 12); break; case PSA_ALG_OFB: append(&buffer, buffer_size, &required_size, "PSA_ALG_OFB", 11); break; case PSA_ALG_PBKDF2_AES_CMAC_PRF_128: append(&buffer, buffer_size, &required_size, "PSA_ALG_PBKDF2_AES_CMAC_PRF_128", 31); break; case PSA_ALG_PBKDF2_HMAC_BASE: append(&buffer, buffer_size, &required_size, "PSA_ALG_PBKDF2_HMAC_BASE", 24); break; From e88511d7fed18f1bfcf99f82ab52b1215f1e5868 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Fri, 7 May 2021 12:19:03 +0200 Subject: [PATCH 044/188] Try making one condition more readable MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit No semantic change intended. Signed-off-by: Manuel Pégourié-Gonnard --- include/psa/crypto.h | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/include/psa/crypto.h b/include/psa/crypto.h index ae4970c225..2ae1ba1df4 100644 --- a/include/psa/crypto.h +++ b/include/psa/crypto.h @@ -3365,10 +3365,10 @@ psa_status_t psa_key_derivation_input_integer( * \note Once all inputs steps are completed, the operations will allow: * - psa_key_derivation_output_bytes() if each input was either a direct input * or a key with #PSA_KEY_USAGE_DERIVE set; - * - psa_key_derivation_output_key() if each input was either a direct input - * or a key with #PSA_KEY_USAGE_DERIVE set and input for step + * - psa_key_derivation_output_key() if the input for step * #PSA_KEY_DERIVATION_INPUT_SECRET or #PSA_KEY_DERIVATION_INPUT_PASSWORD - * was from a key slot; + * was from a key slot with #PSA_KEY_USAGE_DERIVE and each other input was + * either a direct input or a key with #PSA_KEY_USAGE_DERIVE set; * - psa_key_derivation_verify_bytes() if each input was either a direct input * or a key with #PSA_KEY_USAGE_VERIFY_DERIVATION set; * - psa_key_derivation_verify_key() if each input was either a direct input From 4feb611a4944d9b5e12942aee275b5a09051ebb4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Fri, 7 May 2021 12:22:21 +0200 Subject: [PATCH 045/188] Lift a restriction on usage of verify_key() MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Manuel Pégourié-Gonnard --- include/psa/crypto.h | 12 ++++-------- 1 file changed, 4 insertions(+), 8 deletions(-) diff --git a/include/psa/crypto.h b/include/psa/crypto.h index 2ae1ba1df4..1780f9821f 100644 --- a/include/psa/crypto.h +++ b/include/psa/crypto.h @@ -3371,10 +3371,8 @@ psa_status_t psa_key_derivation_input_integer( * either a direct input or a key with #PSA_KEY_USAGE_DERIVE set; * - psa_key_derivation_verify_bytes() if each input was either a direct input * or a key with #PSA_KEY_USAGE_VERIFY_DERIVATION set; - * - psa_key_derivation_verify_key() if each input was either a direct input - * or a key with #PSA_KEY_USAGE_VERIFY_DERIVATION set and input for step - * #PSA_KEY_DERIVATION_INPUT_SECRET or #PSA_KEY_DERIVATION_INPUT_PASSWORD - * was from a key slot. + * - psa_key_derivation_verify_key() under the same conditions as + * psa_key_derivation_verify_bytes(). * * \retval #PSA_SUCCESS * Success. @@ -3768,10 +3766,8 @@ psa_status_t psa_key_derivation_verify_bytes( * The key passed as the expected value has an invalid type. * \retval #PSA_ERROR_NOT_PERMITTED * The key passed as the expected value does not allow this usage or - * this algorithm; or the #PSA_KEY_DERIVATION_INPUT_SECRET or - * #PSA_KEY_DERIVATION_INPUT_PASSWORD input was not provided through a - * key; or one of the inputs was a key whose policy didn't allow - * #PSA_KEY_USAGE_DERIVE. + * this algorithm; or one of the inputs was a key whose policy didn't + * allow #PSA_KEY_USAGE_VERIFY_DERIVATION. * \retval #PSA_ERROR_INSUFFICIENT_DATA * The operation's capacity was less than * the length of the expected value. In this case, From b02570372fb22a4fe74e493a42b9202bde0ce150 Mon Sep 17 00:00:00 2001 From: Flavio Ceolin Date: Wed, 27 May 2020 22:41:19 -0700 Subject: [PATCH 046/188] Check if feature macro is defined before define it Zephyr's native posix port define _POSIX_C_SOURCE with a higher value during the build, so when mbedTLS defines it with a different value breaks the build. As Zephyr is already defining a higher value is guaranteed that mbedTLS required features will be available. So, just define it in case it was not defined before. [taken from Zephyr mbedtls module: https://github.com/zephyrproject-rtos/mbedtls/commit/76dcd6eecae4c1b556a52b1b9ef66e75fc538bc5] Signed-off-by: Flavio Ceolin Signed-off-by: David Brown --- library/net_sockets.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/library/net_sockets.c b/library/net_sockets.c index ad1ac13fbc..8f79b7401a 100644 --- a/library/net_sockets.c +++ b/library/net_sockets.c @@ -20,8 +20,12 @@ /* Enable definition of getaddrinfo() even when compiling with -std=c99. Must * be set before config.h, which pulls in glibc's features.h indirectly. * Harmless on other platforms. */ +#ifndef _POSIX_C_SOURCE #define _POSIX_C_SOURCE 200112L +#endif +#ifndef _XOPEN_SOURCE #define _XOPEN_SOURCE 600 /* sockaddr_storage */ +#endif #include "common.h" From 675501d9db6e658ba8a2cdc9994a982679209fdd Mon Sep 17 00:00:00 2001 From: Steven Cooreman Date: Mon, 26 Apr 2021 11:54:58 +0200 Subject: [PATCH 047/188] Rename the PSA driver context structure headers to _primitives This is a preparatory step in order to be able to organize the include chain from crypto_struct in such a way that the MAC operation structure for the PSA 'software' driver can make use of the hash operation structure. Conceptually: * Primitives: * Hash * Cipher * Composites: * AEAD (can use cipher) * MAC (can use cipher and/or hash) Signed-off-by: Steven Cooreman --- .../{crypto_builtin.h => crypto_builtin_primitives.h} | 8 +++++--- ...contexts.h => crypto_driver_contexts_primitives.h} | 11 ++++++----- include/psa/crypto_struct.h | 2 +- visualc/VS2010/mbedTLS.vcxproj | 4 ++-- 4 files changed, 14 insertions(+), 11 deletions(-) rename include/psa/{crypto_builtin.h => crypto_builtin_primitives.h} (94%) rename include/psa/{crypto_driver_contexts.h => crypto_driver_contexts_primitives.h} (88%) diff --git a/include/psa/crypto_builtin.h b/include/psa/crypto_builtin_primitives.h similarity index 94% rename from include/psa/crypto_builtin.h rename to include/psa/crypto_builtin_primitives.h index b3bc1408c7..75801a1789 100644 --- a/include/psa/crypto_builtin.h +++ b/include/psa/crypto_builtin_primitives.h @@ -1,6 +1,8 @@ /* * Context structure declaration of the Mbed TLS software-based PSA drivers * called through the PSA Crypto driver dispatch layer. + * This file contains the context structures of those algorithms which do not + * rely on other algorithms, i.e. are 'primitive' algorithms. * * \note This file may not be included directly. Applications must * include psa/crypto.h. @@ -28,8 +30,8 @@ * limitations under the License. */ -#ifndef PSA_CRYPTO_BUILTIN_H -#define PSA_CRYPTO_BUILTIN_H +#ifndef PSA_CRYPTO_BUILTIN_PRIMITIVES_H +#define PSA_CRYPTO_BUILTIN_PRIMITIVES_H #include @@ -141,4 +143,4 @@ typedef struct { #endif /* PSA_CRYPTO_DRIVER_TEST */ -#endif /* PSA_CRYPTO_BUILTIN_H */ +#endif /* PSA_CRYPTO_BUILTIN_PRIMITIVES_H */ diff --git a/include/psa/crypto_driver_contexts.h b/include/psa/crypto_driver_contexts_primitives.h similarity index 88% rename from include/psa/crypto_driver_contexts.h rename to include/psa/crypto_driver_contexts_primitives.h index d725e8440f..3e7fdee398 100644 --- a/include/psa/crypto_driver_contexts.h +++ b/include/psa/crypto_driver_contexts_primitives.h @@ -1,6 +1,7 @@ /* * Declaration of context structures for use with the PSA driver wrapper - * interface. + * interface. This file contains the context structures for 'primitive' + * operations, i.e. those operations which do not rely on other contexts. * * Warning: This file will be auto-generated in the future. * @@ -29,8 +30,8 @@ * limitations under the License. */ -#ifndef PSA_CRYPTO_DRIVER_CONTEXTS_H -#define PSA_CRYPTO_DRIVER_CONTEXTS_H +#ifndef PSA_CRYPTO_DRIVER_CONTEXTS_PRIMITIVES_H +#define PSA_CRYPTO_DRIVER_CONTEXTS_PRIMITIVES_H #include "psa/crypto.h" #include "psa/crypto_driver_common.h" @@ -39,7 +40,7 @@ * declared during the autogeneration process. */ /* Include the context structure definitions for the Mbed TLS software drivers */ -#include "psa/crypto_builtin.h" +#include "psa/crypto_builtin_primitives.h" /* Define the context to be used for an operation that is executed through the * PSA Driver wrapper layer as the union of all possible driver's contexts. @@ -65,5 +66,5 @@ typedef union { #endif } psa_driver_cipher_context_t; -#endif /* PSA_CRYPTO_DRIVER_CONTEXTS_H */ +#endif /* PSA_CRYPTO_DRIVER_CONTEXTS_PRIMITIVES_H */ /* End of automatically generated file. */ diff --git a/include/psa/crypto_struct.h b/include/psa/crypto_struct.h index 8ac7ce1efe..5665fa541a 100644 --- a/include/psa/crypto_struct.h +++ b/include/psa/crypto_struct.h @@ -77,7 +77,7 @@ extern "C" { #include "mbedtls/gcm.h" /* Include the context definition for the compiled-in drivers */ -#include "psa/crypto_driver_contexts.h" +#include "psa/crypto_driver_contexts_primitives.h" struct psa_hash_operation_s { diff --git a/visualc/VS2010/mbedTLS.vcxproj b/visualc/VS2010/mbedTLS.vcxproj index c3e1d026a4..66e1bc8da1 100644 --- a/visualc/VS2010/mbedTLS.vcxproj +++ b/visualc/VS2010/mbedTLS.vcxproj @@ -208,11 +208,11 @@ - + - + From f4248f2e1b1cffa4c64ec3e74457aa681211458e Mon Sep 17 00:00:00 2001 From: Steven Cooreman Date: Mon, 26 Apr 2021 11:56:33 +0200 Subject: [PATCH 048/188] Remove inclusion of top-level crypto.h from the driver context header This was probably included by mistake, because the file itself is part of the inclusion chain starting with crypto.h. Signed-off-by: Steven Cooreman --- include/psa/crypto_driver_contexts_primitives.h | 1 - 1 file changed, 1 deletion(-) diff --git a/include/psa/crypto_driver_contexts_primitives.h b/include/psa/crypto_driver_contexts_primitives.h index 3e7fdee398..104d4bdb6d 100644 --- a/include/psa/crypto_driver_contexts_primitives.h +++ b/include/psa/crypto_driver_contexts_primitives.h @@ -33,7 +33,6 @@ #ifndef PSA_CRYPTO_DRIVER_CONTEXTS_PRIMITIVES_H #define PSA_CRYPTO_DRIVER_CONTEXTS_PRIMITIVES_H -#include "psa/crypto.h" #include "psa/crypto_driver_common.h" /* Include the context structure definitions for those drivers that were From 61398ec5dc9972ad2ed823c5dcc243708082ddcc Mon Sep 17 00:00:00 2001 From: Steven Cooreman Date: Mon, 26 Apr 2021 12:04:53 +0200 Subject: [PATCH 049/188] Move the cipher operation structure declaration for grouping Cipher and Hash are grouped, since they are 'primitive' operations. Signed-off-by: Steven Cooreman --- include/psa/crypto_struct.h | 53 +++++++++++++++++++------------------ 1 file changed, 27 insertions(+), 26 deletions(-) diff --git a/include/psa/crypto_struct.h b/include/psa/crypto_struct.h index 5665fa541a..9ae5c9bfc7 100644 --- a/include/psa/crypto_struct.h +++ b/include/psa/crypto_struct.h @@ -76,7 +76,8 @@ extern "C" { #include "mbedtls/cmac.h" #include "mbedtls/gcm.h" -/* Include the context definition for the compiled-in drivers */ +/* Include the context definition for the compiled-in drivers for the primitive + * algorithms. */ #include "psa/crypto_driver_contexts_primitives.h" struct psa_hash_operation_s @@ -98,6 +99,31 @@ static inline struct psa_hash_operation_s psa_hash_operation_init( void ) return( v ); } +struct psa_cipher_operation_s +{ + /** Unique ID indicating which driver got assigned to do the + * operation. Since driver contexts are driver-specific, swapping + * drivers halfway through the operation is not supported. + * ID values are auto-generated in psa_crypto_driver_wrappers.h + * ID value zero means the context is not valid or not assigned to + * any driver (i.e. none of the driver contexts are active). */ + unsigned int id; + + unsigned int iv_required : 1; + unsigned int iv_set : 1; + + uint8_t default_iv_length; + + psa_driver_cipher_context_t ctx; +}; + +#define PSA_CIPHER_OPERATION_INIT {0, 0, 0, 0, {0}} +static inline struct psa_cipher_operation_s psa_cipher_operation_init( void ) +{ + const struct psa_cipher_operation_s v = PSA_CIPHER_OPERATION_INIT; + return( v ); +} + #if defined(MBEDTLS_MD_C) typedef struct { @@ -138,31 +164,6 @@ static inline struct psa_mac_operation_s psa_mac_operation_init( void ) return( v ); } -struct psa_cipher_operation_s -{ - /** Unique ID indicating which driver got assigned to do the - * operation. Since driver contexts are driver-specific, swapping - * drivers halfway through the operation is not supported. - * ID values are auto-generated in psa_crypto_driver_wrappers.h - * ID value zero means the context is not valid or not assigned to - * any driver (i.e. none of the driver contexts are active). */ - unsigned int id; - - unsigned int iv_required : 1; - unsigned int iv_set : 1; - - uint8_t default_iv_length; - - psa_driver_cipher_context_t ctx; -}; - -#define PSA_CIPHER_OPERATION_INIT {0, 0, 0, 0, {0}} -static inline struct psa_cipher_operation_s psa_cipher_operation_init( void ) -{ - const struct psa_cipher_operation_s v = PSA_CIPHER_OPERATION_INIT; - return( v ); -} - struct psa_aead_operation_s { psa_algorithm_t alg; From 3c8dd634ddef53b66edcd9443d20588031fa49c6 Mon Sep 17 00:00:00 2001 From: Steven Cooreman Date: Mon, 26 Apr 2021 12:16:27 +0200 Subject: [PATCH 050/188] Add include headers for composite operation contexts and move hmac Modeled after the include chain of the primitive operation contexts. Also moved the HMAC context structure to the builtin composites file, since that is where it conceptually belongs. This is a preparatory step for implementing driver dispatch of MAC multipart operations. Signed-off-by: Steven Cooreman --- include/psa/crypto_builtin_composites.h | 54 +++++++++++++++++++ .../psa/crypto_driver_contexts_composites.h | 53 ++++++++++++++++++ include/psa/crypto_struct.h | 14 ++--- visualc/VS2010/mbedTLS.vcxproj | 2 + 4 files changed, 112 insertions(+), 11 deletions(-) create mode 100644 include/psa/crypto_builtin_composites.h create mode 100644 include/psa/crypto_driver_contexts_composites.h diff --git a/include/psa/crypto_builtin_composites.h b/include/psa/crypto_builtin_composites.h new file mode 100644 index 0000000000..a22a997c50 --- /dev/null +++ b/include/psa/crypto_builtin_composites.h @@ -0,0 +1,54 @@ +/* + * Context structure declaration of the Mbed TLS software-based PSA drivers + * called through the PSA Crypto driver dispatch layer. + * This file contains the context structures of those algorithms which need to + * rely on other algorithms, i.e. are 'composite' algorithms. + * + * \note This file may not be included directly. Applications must + * include psa/crypto.h. + * + * \note This header and its content is not part of the Mbed TLS API and + * applications must not depend on it. Its main purpose is to define the + * multi-part state objects of the Mbed TLS software-based PSA drivers. The + * definition of these objects are then used by crypto_struct.h to define the + * implementation-defined types of PSA multi-part state objects. + */ +/* + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef PSA_CRYPTO_BUILTIN_COMPOSITES_H +#define PSA_CRYPTO_BUILTIN_COMPOSITES_H + +#include + +/* + * MAC multi-part operation definitions. + */ + +#if defined(MBEDTLS_MD_C) +typedef struct +{ + /** The HMAC algorithm in use */ + psa_algorithm_t alg; + /** The hash context. */ + struct psa_hash_operation_s hash_ctx; + /** The HMAC part of the context. */ + uint8_t opad[PSA_HMAC_MAX_HASH_BLOCK_SIZE]; +} psa_hmac_internal_data; +#endif /* MBEDTLS_MD_C */ + +#endif /* PSA_CRYPTO_BUILTIN_COMPOSITES_H */ diff --git a/include/psa/crypto_driver_contexts_composites.h b/include/psa/crypto_driver_contexts_composites.h new file mode 100644 index 0000000000..1c71c52066 --- /dev/null +++ b/include/psa/crypto_driver_contexts_composites.h @@ -0,0 +1,53 @@ +/* + * Declaration of context structures for use with the PSA driver wrapper + * interface. This file contains the context structures for 'composite' + * operations, i.e. those operations which need to make use of other operations + * from the primitives (crypto_driver_contexts_primitives.h) + * + * Warning: This file will be auto-generated in the future. + * + * \note This file may not be included directly. Applications must + * include psa/crypto.h. + * + * \note This header and its content is not part of the Mbed TLS API and + * applications must not depend on it. Its main purpose is to define the + * multi-part state objects of the PSA drivers included in the cryptographic + * library. The definition of these objects are then used by crypto_struct.h + * to define the implementation-defined types of PSA multi-part state objects. + */ +/* Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef PSA_CRYPTO_DRIVER_CONTEXTS_COMPOSITES_H +#define PSA_CRYPTO_DRIVER_CONTEXTS_COMPOSITES_H + +#include "psa/crypto_driver_common.h" + +/* Include the context structure definitions for those drivers that were + * declared during the autogeneration process. */ + +/* Include the context structure definitions for the Mbed TLS software drivers */ +#include "psa/crypto_builtin_composites.h" + +/* Define the context to be used for an operation that is executed through the + * PSA Driver wrapper layer as the union of all possible driver's contexts. + * + * The union members are the driver's context structures, and the member names + * are formatted as `'drivername'_ctx`. This allows for procedural generation + * of both this file and the content of psa_crypto_driver_wrappers.c */ + +#endif /* PSA_CRYPTO_DRIVER_CONTEXTS_COMPOSITES_H */ +/* End of automatically generated file. */ diff --git a/include/psa/crypto_struct.h b/include/psa/crypto_struct.h index 9ae5c9bfc7..58f2c67b78 100644 --- a/include/psa/crypto_struct.h +++ b/include/psa/crypto_struct.h @@ -124,17 +124,9 @@ static inline struct psa_cipher_operation_s psa_cipher_operation_init( void ) return( v ); } -#if defined(MBEDTLS_MD_C) -typedef struct -{ - /** The HMAC algorithm in use */ - psa_algorithm_t alg; - /** The hash context. */ - struct psa_hash_operation_s hash_ctx; - /** The HMAC part of the context. */ - uint8_t opad[PSA_HMAC_MAX_HASH_BLOCK_SIZE]; -} psa_hmac_internal_data; -#endif /* MBEDTLS_MD_C */ +/* Include the context definition for the compiled-in drivers for the composite + * algorithms. */ +#include "psa/crypto_driver_contexts_composites.h" struct psa_mac_operation_s { diff --git a/visualc/VS2010/mbedTLS.vcxproj b/visualc/VS2010/mbedTLS.vcxproj index 66e1bc8da1..201751b9c4 100644 --- a/visualc/VS2010/mbedTLS.vcxproj +++ b/visualc/VS2010/mbedTLS.vcxproj @@ -208,10 +208,12 @@ + + From d13a70f2dc8eb0edb0c3b92a35c7f5279b2b7c7f Mon Sep 17 00:00:00 2001 From: Steven Cooreman Date: Fri, 19 Mar 2021 15:24:23 +0100 Subject: [PATCH 051/188] Add boilerplate for dispatching MAC operations Signed-off-by: Steven Cooreman --- include/psa/crypto_builtin_composites.h | 28 ++ .../psa/crypto_driver_contexts_composites.h | 9 + include/psa/crypto_struct.h | 4 +- library/CMakeLists.txt | 1 + library/Makefile | 1 + library/psa_crypto_driver_wrappers.c | 349 ++++++++++++++ library/psa_crypto_driver_wrappers.h | 47 ++ library/psa_crypto_mac.c | 434 ++++++++++++++++++ library/psa_crypto_mac.h | 375 +++++++++++++++ visualc/VS2010/mbedTLS.vcxproj | 2 + 10 files changed, 1249 insertions(+), 1 deletion(-) create mode 100644 library/psa_crypto_mac.c create mode 100644 library/psa_crypto_mac.h diff --git a/include/psa/crypto_builtin_composites.h b/include/psa/crypto_builtin_composites.h index a22a997c50..16fa3db720 100644 --- a/include/psa/crypto_builtin_composites.h +++ b/include/psa/crypto_builtin_composites.h @@ -51,4 +51,32 @@ typedef struct } psa_hmac_internal_data; #endif /* MBEDTLS_MD_C */ +#include "mbedtls/cmac.h" + +#if defined(MBEDTLS_PSA_BUILTIN_ALG_CMAC) || \ + defined(MBEDTLS_PSA_BUILTIN_ALG_HMAC) +#define MBEDTLS_PSA_BUILTIN_MAC +#endif + +typedef struct +{ + psa_algorithm_t alg; + /* To be fleshed out in a later commit. */ +} mbedtls_psa_mac_operation_t; + +#define MBEDTLS_PSA_MAC_OPERATION_INIT {0, {0}} + +/* + * BEYOND THIS POINT, TEST DRIVER DECLARATIONS ONLY. + */ +#if defined(PSA_CRYPTO_DRIVER_TEST) + +typedef mbedtls_psa_mac_operation_t mbedtls_transparent_test_driver_mac_operation_t; +typedef mbedtls_psa_mac_operation_t mbedtls_opaque_test_driver_mac_operation_t; + +#define MBEDTLS_TRANSPARENT_TEST_DRIVER_MAC_OPERATION_INIT MBEDTLS_PSA_MAC_OPERATION_INIT +#define MBEDTLS_OPAQUE_TEST_DRIVER_MAC_OPERATION_INIT MBEDTLS_PSA_MAC_OPERATION_INIT + +#endif /* PSA_CRYPTO_DRIVER_TEST */ + #endif /* PSA_CRYPTO_BUILTIN_COMPOSITES_H */ diff --git a/include/psa/crypto_driver_contexts_composites.h b/include/psa/crypto_driver_contexts_composites.h index 1c71c52066..239fdcb337 100644 --- a/include/psa/crypto_driver_contexts_composites.h +++ b/include/psa/crypto_driver_contexts_composites.h @@ -49,5 +49,14 @@ * are formatted as `'drivername'_ctx`. This allows for procedural generation * of both this file and the content of psa_crypto_driver_wrappers.c */ +typedef union { + unsigned dummy; /* Make sure this union is always non-empty */ + mbedtls_psa_mac_operation_t mbedtls_ctx; +#if defined(PSA_CRYPTO_DRIVER_TEST) + mbedtls_transparent_test_driver_mac_operation_t transparent_test_driver_ctx; + mbedtls_opaque_test_driver_mac_operation_t opaque_test_driver_ctx; +#endif +} psa_driver_mac_context_t; + #endif /* PSA_CRYPTO_DRIVER_CONTEXTS_COMPOSITES_H */ /* End of automatically generated file. */ diff --git a/include/psa/crypto_struct.h b/include/psa/crypto_struct.h index 58f2c67b78..975e9f76ba 100644 --- a/include/psa/crypto_struct.h +++ b/include/psa/crypto_struct.h @@ -137,6 +137,7 @@ struct psa_mac_operation_s unsigned int has_input : 1; unsigned int is_sign : 1; uint8_t mac_size; + unsigned int id; union { unsigned dummy; /* Make the union non-empty even with no supported algorithms. */ @@ -146,10 +147,11 @@ struct psa_mac_operation_s #if defined(MBEDTLS_CMAC_C) mbedtls_cipher_context_t cmac; #endif + psa_driver_mac_context_t driver; } ctx; }; -#define PSA_MAC_OPERATION_INIT {0, 0, 0, 0, 0, 0, 0, {0}} +#define PSA_MAC_OPERATION_INIT {0, 0, 0, 0, 0, 0, 0, 0, {0}} static inline struct psa_mac_operation_s psa_mac_operation_init( void ) { const struct psa_mac_operation_s v = PSA_MAC_OPERATION_INIT; diff --git a/library/CMakeLists.txt b/library/CMakeLists.txt index e7ba130d91..f31820a2f8 100644 --- a/library/CMakeLists.txt +++ b/library/CMakeLists.txt @@ -68,6 +68,7 @@ set(src_crypto psa_crypto_driver_wrappers.c psa_crypto_ecp.c psa_crypto_hash.c + psa_crypto_mac.c psa_crypto_rsa.c psa_crypto_se.c psa_crypto_slot_management.c diff --git a/library/Makefile b/library/Makefile index 17e42c2cae..d7fa4d9275 100644 --- a/library/Makefile +++ b/library/Makefile @@ -125,6 +125,7 @@ OBJS_CRYPTO= \ psa_crypto_driver_wrappers.o \ psa_crypto_ecp.o \ psa_crypto_hash.o \ + psa_crypto_mac.o \ psa_crypto_rsa.o \ psa_crypto_se.o \ psa_crypto_slot_management.o \ diff --git a/library/psa_crypto_driver_wrappers.c b/library/psa_crypto_driver_wrappers.c index 9bef02cd00..09f6319199 100644 --- a/library/psa_crypto_driver_wrappers.c +++ b/library/psa_crypto_driver_wrappers.c @@ -24,6 +24,7 @@ #include "psa_crypto_core.h" #include "psa_crypto_driver_wrappers.h" #include "psa_crypto_hash.h" +#include "psa_crypto_mac.h" #include "mbedtls/platform.h" @@ -1290,4 +1291,352 @@ psa_status_t psa_driver_wrapper_aead_decrypt( return( PSA_ERROR_INVALID_ARGUMENT ); } } + + +/* + * MAC functions + */ +psa_status_t psa_driver_wrapper_mac_compute( + const psa_key_attributes_t *attributes, + const uint8_t *key_buffer, + size_t key_buffer_size, + psa_algorithm_t alg, + const uint8_t *input, + size_t input_length, + uint8_t *mac, + size_t mac_size, + size_t *mac_length ) +{ + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + psa_key_location_t location = + PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime ); + + switch( location ) + { + case PSA_KEY_LOCATION_LOCAL_STORAGE: + /* Key is stored in the slot in export representation, so + * cycle through all known transparent accelerators */ +#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) +#if defined(PSA_CRYPTO_DRIVER_TEST) + status = mbedtls_transparent_test_driver_mac_compute( + attributes, key_buffer, key_buffer_size, alg, + input, input_length, + mac, mac_size, mac_length ); + /* Declared with fallback == true */ + if( status != PSA_ERROR_NOT_SUPPORTED ) + return( status ); +#endif /* PSA_CRYPTO_DRIVER_TEST */ +#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ +#if defined(MBEDTLS_PSA_BUILTIN_MAC) + /* Fell through, meaning no accelerator supports this operation */ + status = mbedtls_psa_mac_compute( + attributes, key_buffer, key_buffer_size, alg, + input, input_length, + mac, mac_size, mac_length ); + if( status != PSA_ERROR_NOT_SUPPORTED ) + return( status ); +#endif /* MBEDTLS_PSA_BUILTIN_MAC */ + return( PSA_ERROR_NOT_SUPPORTED ); + + /* Add cases for opaque driver here */ +#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) +#if defined(PSA_CRYPTO_DRIVER_TEST) + case PSA_CRYPTO_TEST_DRIVER_LOCATION: + status = mbedtls_opaque_test_driver_mac_compute( + attributes, key_buffer, key_buffer_size, alg, + input, input_length, + mac, mac_size, mac_length ); + return( status ); +#endif /* PSA_CRYPTO_DRIVER_TEST */ +#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ + default: + /* Key is declared with a lifetime not known to us */ + (void) key_buffer; + (void) key_buffer_size; + (void) alg; + (void) input; + (void) input_length; + (void) mac; + (void) mac_size; + (void) mac_length; + (void) status; + return( PSA_ERROR_INVALID_ARGUMENT ); + } +} + +psa_status_t psa_driver_wrapper_mac_sign_setup( + psa_mac_operation_t *operation, + const psa_key_attributes_t *attributes, + const uint8_t *key_buffer, + size_t key_buffer_size, + psa_algorithm_t alg ) +{ + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + psa_key_location_t location = + PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime ); + + switch( location ) + { + case PSA_KEY_LOCATION_LOCAL_STORAGE: + /* Key is stored in the slot in export representation, so + * cycle through all known transparent accelerators */ +#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) +#if defined(PSA_CRYPTO_DRIVER_TEST) + status = mbedtls_transparent_test_driver_mac_sign_setup( + &operation->ctx.driver.transparent_test_driver_ctx, + attributes, + key_buffer, key_buffer_size, + alg ); + /* Declared with fallback == true */ + if( status == PSA_SUCCESS ) + operation->id = PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID; + + if( status != PSA_ERROR_NOT_SUPPORTED ) + return( status ); +#endif /* PSA_CRYPTO_DRIVER_TEST */ +#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ +#if defined(MBEDTLS_PSA_BUILTIN_MAC) + /* Fell through, meaning no accelerator supports this operation */ + status = mbedtls_psa_mac_sign_setup( &operation->ctx.driver.mbedtls_ctx, + attributes, + key_buffer, key_buffer_size, + alg ); + if( status == PSA_SUCCESS ) + operation->id = PSA_CRYPTO_MBED_TLS_DRIVER_ID; + + if( status != PSA_ERROR_NOT_SUPPORTED ) + return( status ); +#endif /* MBEDTLS_PSA_BUILTIN_MAC */ + return( PSA_ERROR_NOT_SUPPORTED ); + + /* Add cases for opaque driver here */ +#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) +#if defined(PSA_CRYPTO_DRIVER_TEST) + case PSA_CRYPTO_TEST_DRIVER_LOCATION: + status = mbedtls_opaque_test_driver_mac_sign_setup( + &operation->ctx.driver.opaque_test_driver_ctx, + attributes, + key_buffer, key_buffer_size, + alg ); + + if( status == PSA_SUCCESS ) + operation->id = PSA_CRYPTO_OPAQUE_TEST_DRIVER_ID; + + return( status ); +#endif /* PSA_CRYPTO_DRIVER_TEST */ +#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ + default: + /* Key is declared with a lifetime not known to us */ + (void) status; + (void) key_buffer; + (void) key_buffer_size; + (void) alg; + return( PSA_ERROR_INVALID_ARGUMENT ); + } +} + +psa_status_t psa_driver_wrapper_mac_verify_setup( + psa_mac_operation_t *operation, + const psa_key_attributes_t *attributes, + const uint8_t *key_buffer, + size_t key_buffer_size, + psa_algorithm_t alg ) +{ + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + psa_key_location_t location = + PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime ); + + switch( location ) + { + case PSA_KEY_LOCATION_LOCAL_STORAGE: + /* Key is stored in the slot in export representation, so + * cycle through all known transparent accelerators */ +#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) +#if defined(PSA_CRYPTO_DRIVER_TEST) + status = mbedtls_transparent_test_driver_mac_verify_setup( + &operation->ctx.driver.transparent_test_driver_ctx, + attributes, + key_buffer, key_buffer_size, + alg ); + /* Declared with fallback == true */ + if( status == PSA_SUCCESS ) + operation->id = PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID; + + if( status != PSA_ERROR_NOT_SUPPORTED ) + return( status ); +#endif /* PSA_CRYPTO_DRIVER_TEST */ +#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ +#if defined(MBEDTLS_PSA_BUILTIN_MAC) + /* Fell through, meaning no accelerator supports this operation */ + status = mbedtls_psa_mac_verify_setup( &operation->ctx.driver.mbedtls_ctx, + attributes, + key_buffer, key_buffer_size, + alg ); + if( status == PSA_SUCCESS ) + operation->id = PSA_CRYPTO_MBED_TLS_DRIVER_ID; + + if( status != PSA_ERROR_NOT_SUPPORTED ) + return( status ); +#endif /* MBEDTLS_PSA_BUILTIN_MAC */ + return( PSA_ERROR_NOT_SUPPORTED ); + + /* Add cases for opaque driver here */ +#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) +#if defined(PSA_CRYPTO_DRIVER_TEST) + case PSA_CRYPTO_TEST_DRIVER_LOCATION: + status = mbedtls_opaque_test_driver_mac_sign_setup( + &operation->ctx.driver.opaque_test_driver_ctx, + attributes, + key_buffer, key_buffer_size, + alg ); + + if( status == PSA_SUCCESS ) + operation->id = PSA_CRYPTO_OPAQUE_TEST_DRIVER_ID; + + return( status ); +#endif /* PSA_CRYPTO_DRIVER_TEST */ +#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ + default: + /* Key is declared with a lifetime not known to us */ + (void) status; + (void) key_buffer; + (void) key_buffer_size; + (void) alg; + return( PSA_ERROR_INVALID_ARGUMENT ); + } +} + +psa_status_t psa_driver_wrapper_mac_update( + psa_mac_operation_t *operation, + const uint8_t *input, + size_t input_length ) +{ + switch( operation->id ) + { +#if defined(MBEDTLS_PSA_BUILTIN_MAC) + case PSA_CRYPTO_MBED_TLS_DRIVER_ID: + return( mbedtls_psa_mac_update( &operation->ctx.driver.mbedtls_ctx, + input, input_length ) ); +#endif /* MBEDTLS_PSA_BUILTIN_MAC */ + +#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) +#if defined(PSA_CRYPTO_DRIVER_TEST) + case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID: + return( mbedtls_transparent_test_driver_mac_update( + &operation->ctx.driver.transparent_test_driver_ctx, + input, input_length ) ); + + case PSA_CRYPTO_OPAQUE_TEST_DRIVER_ID: + return( mbedtls_opaque_test_driver_mac_update( + &operation->ctx.driver.opaque_test_driver_ctx, + input, input_length ) ); +#endif /* PSA_CRYPTO_DRIVER_TEST */ +#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ + default: + (void) input; + (void) input_length; + return( PSA_ERROR_INVALID_ARGUMENT ); + } +} + +psa_status_t psa_driver_wrapper_mac_sign_finish( + psa_mac_operation_t *operation, + uint8_t *mac, + size_t mac_size, + size_t *mac_length ) +{ + switch( operation->id ) + { +#if defined(MBEDTLS_PSA_BUILTIN_MAC) + case PSA_CRYPTO_MBED_TLS_DRIVER_ID: + return( mbedtls_psa_mac_sign_finish( &operation->ctx.driver.mbedtls_ctx, + mac, mac_size, mac_length ) ); +#endif /* MBEDTLS_PSA_BUILTIN_MAC */ + +#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) +#if defined(PSA_CRYPTO_DRIVER_TEST) + case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID: + return( mbedtls_transparent_test_driver_mac_sign_finish( + &operation->ctx.driver.transparent_test_driver_ctx, + mac, mac_size, mac_length ) ); + + case PSA_CRYPTO_OPAQUE_TEST_DRIVER_ID: + return( mbedtls_opaque_test_driver_mac_sign_finish( + &operation->ctx.driver.opaque_test_driver_ctx, + mac, mac_size, mac_length ) ); +#endif /* PSA_CRYPTO_DRIVER_TEST */ +#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ + default: + (void) mac; + (void) mac_size; + (void) mac_length; + return( PSA_ERROR_INVALID_ARGUMENT ); + } +} + +psa_status_t psa_driver_wrapper_mac_verify_finish( + psa_mac_operation_t *operation, + const uint8_t *mac, + size_t mac_length ) +{ + switch( operation->id ) + { +#if defined(MBEDTLS_PSA_BUILTIN_MAC) + case PSA_CRYPTO_MBED_TLS_DRIVER_ID: + return( mbedtls_psa_mac_verify_finish( &operation->ctx.driver.mbedtls_ctx, + mac, mac_length ) ); +#endif /* MBEDTLS_PSA_BUILTIN_MAC */ + +#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) +#if defined(PSA_CRYPTO_DRIVER_TEST) + case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID: + return( mbedtls_transparent_test_driver_mac_verify_finish( + &operation->ctx.driver.transparent_test_driver_ctx, + mac, mac_length ) ); + + case PSA_CRYPTO_OPAQUE_TEST_DRIVER_ID: + return( mbedtls_opaque_test_driver_mac_verify_finish( + &operation->ctx.driver.opaque_test_driver_ctx, + mac, mac_length ) ); +#endif /* PSA_CRYPTO_DRIVER_TEST */ +#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ + default: + (void) mac; + (void) mac_length; + return( PSA_ERROR_INVALID_ARGUMENT ); + } +} + +psa_status_t psa_driver_wrapper_mac_abort( + psa_mac_operation_t *operation ) +{ + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + switch( operation->id ) + { +#if defined(MBEDTLS_PSA_BUILTIN_MAC) + case PSA_CRYPTO_MBED_TLS_DRIVER_ID: + status = mbedtls_psa_mac_abort( &operation->ctx.driver.mbedtls_ctx ); + break; +#endif /* MBEDTLS_PSA_BUILTIN_MAC */ + +#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) +#if defined(PSA_CRYPTO_DRIVER_TEST) + case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID: + status = mbedtls_transparent_test_driver_mac_abort( + &operation->ctx.driver.transparent_test_driver_ctx ); + break; + case PSA_CRYPTO_OPAQUE_TEST_DRIVER_ID: + status = mbedtls_opaque_test_driver_mac_abort( + &operation->ctx.driver.opaque_test_driver_ctx ); + break; +#endif /* PSA_CRYPTO_DRIVER_TEST */ +#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ + default: + status = PSA_ERROR_INVALID_ARGUMENT; + break; + } + + operation->id = 0; + return( status ); +} /* End of automatically generated file. */ diff --git a/library/psa_crypto_driver_wrappers.h b/library/psa_crypto_driver_wrappers.h index e82d0931bf..37d5a9a1c0 100644 --- a/library/psa_crypto_driver_wrappers.h +++ b/library/psa_crypto_driver_wrappers.h @@ -183,6 +183,53 @@ psa_status_t psa_driver_wrapper_aead_decrypt( const uint8_t *ciphertext, size_t ciphertext_length, uint8_t *plaintext, size_t plaintext_size, size_t *plaintext_length ); +/* + * MAC functions + */ +psa_status_t psa_driver_wrapper_mac_compute( + const psa_key_attributes_t *attributes, + const uint8_t *key_buffer, + size_t key_buffer_size, + psa_algorithm_t alg, + const uint8_t *input, + size_t input_length, + uint8_t *mac, + size_t mac_size, + size_t *mac_length ); + +psa_status_t psa_driver_wrapper_mac_sign_setup( + psa_mac_operation_t *operation, + const psa_key_attributes_t *attributes, + const uint8_t *key_buffer, + size_t key_buffer_size, + psa_algorithm_t alg ); + +psa_status_t psa_driver_wrapper_mac_verify_setup( + psa_mac_operation_t *operation, + const psa_key_attributes_t *attributes, + const uint8_t *key_buffer, + size_t key_buffer_size, + psa_algorithm_t alg ); + +psa_status_t psa_driver_wrapper_mac_update( + psa_mac_operation_t *operation, + const uint8_t *input, + size_t input_length ); + +psa_status_t psa_driver_wrapper_mac_sign_finish( + psa_mac_operation_t *operation, + uint8_t *mac, + size_t mac_size, + size_t *mac_length ); + +psa_status_t psa_driver_wrapper_mac_verify_finish( + psa_mac_operation_t *operation, + const uint8_t *mac, + size_t mac_length ); + +psa_status_t psa_driver_wrapper_mac_abort( + psa_mac_operation_t *operation ); + #endif /* PSA_CRYPTO_DRIVER_WRAPPERS_H */ /* End of automatically generated file. */ diff --git a/library/psa_crypto_mac.c b/library/psa_crypto_mac.c new file mode 100644 index 0000000000..169be3a454 --- /dev/null +++ b/library/psa_crypto_mac.c @@ -0,0 +1,434 @@ +/* + * PSA MAC layer on top of Mbed TLS software crypto + */ +/* + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include "common.h" + +#if defined(MBEDTLS_PSA_CRYPTO_C) + +#include +#include "psa_crypto_core.h" +#include "psa_crypto_mac.h" + +#include +#include + +/* Use builtin defines specific to this compilation unit, since the test driver + * relies on the software driver. */ +#if( defined(MBEDTLS_PSA_BUILTIN_ALG_CMAC) || \ + ( defined(PSA_CRYPTO_DRIVER_TEST) && defined(MBEDTLS_PSA_ACCEL_ALG_CMAC) ) ) +#define BUILTIN_ALG_CMAC 1 +#endif +#if( defined(MBEDTLS_PSA_BUILTIN_ALG_HMAC) || \ + ( defined(PSA_CRYPTO_DRIVER_TEST) && defined(MBEDTLS_PSA_ACCEL_ALG_HMAC) ) ) +#define BUILTIN_ALG_HMAC 1 +#endif + +/* Implement the PSA driver MAC interface on top of mbed TLS if either the + * software driver or the test driver requires it. */ +#if defined(MBEDTLS_PSA_BUILTIN_MAC) || defined(PSA_CRYPTO_DRIVER_TEST) +static psa_status_t mac_compute( + const psa_key_attributes_t *attributes, + const uint8_t *key_buffer, + size_t key_buffer_size, + psa_algorithm_t alg, + const uint8_t *input, + size_t input_length, + uint8_t *mac, + size_t mac_size, + size_t *mac_length ) +{ + /* To be fleshed out in a subsequent commit */ + (void) attributes; + (void) key_buffer; + (void) key_buffer_size; + (void) alg; + (void) input; + (void) input_length; + (void) mac; + (void) mac_size; + (void) mac_length; + return( PSA_ERROR_NOT_SUPPORTED ); +} + +static psa_status_t mac_sign_setup( + mbedtls_psa_mac_operation_t *operation, + const psa_key_attributes_t *attributes, + const uint8_t *key_buffer, + size_t key_buffer_size, + psa_algorithm_t alg ) +{ + /* To be fleshed out in a subsequent commit */ + (void) operation; + (void) attributes; + (void) key_buffer; + (void) key_buffer_size; + (void) alg; + return( PSA_ERROR_NOT_SUPPORTED ); +} + +static psa_status_t mac_verify_setup( + mbedtls_psa_mac_operation_t *operation, + const psa_key_attributes_t *attributes, + const uint8_t *key_buffer, + size_t key_buffer_size, + psa_algorithm_t alg ) +{ + /* To be fleshed out in a subsequent commit */ + (void) operation; + (void) attributes; + (void) key_buffer; + (void) key_buffer_size; + (void) alg; + return( PSA_ERROR_NOT_SUPPORTED ); +} + +static psa_status_t mac_update( + mbedtls_psa_mac_operation_t *operation, + const uint8_t *input, + size_t input_length ) +{ + /* To be fleshed out in a subsequent commit */ + (void) operation; + (void) input; + (void) input_length; + return( PSA_ERROR_NOT_SUPPORTED ); +} + +static psa_status_t mac_sign_finish( + mbedtls_psa_mac_operation_t *operation, + uint8_t *mac, + size_t mac_size, + size_t *mac_length ) +{ + /* To be fleshed out in a subsequent commit */ + (void) operation; + (void) mac; + (void) mac_size; + (void) mac_length; + return( PSA_ERROR_NOT_SUPPORTED ); +} + +static psa_status_t mac_verify_finish( + mbedtls_psa_mac_operation_t *operation, + const uint8_t *mac, + size_t mac_length ) +{ + /* To be fleshed out in a subsequent commit */ + (void) operation; + (void) mac; + (void) mac_length; + return( PSA_ERROR_NOT_SUPPORTED ); +} + +static psa_status_t mac_abort( + mbedtls_psa_mac_operation_t *operation ) +{ + /* To be fleshed out in a subsequent commit */ + (void) operation; + return( PSA_ERROR_NOT_SUPPORTED ); +} +#endif /* MBEDTLS_PSA_BUILTIN_MAC || PSA_CRYPTO_DRIVER_TEST */ + +#if defined(MBEDTLS_PSA_BUILTIN_MAC) +psa_status_t mbedtls_psa_mac_compute( + const psa_key_attributes_t *attributes, + const uint8_t *key_buffer, + size_t key_buffer_size, + psa_algorithm_t alg, + const uint8_t *input, + size_t input_length, + uint8_t *mac, + size_t mac_size, + size_t *mac_length ) +{ + return( mac_compute( attributes, key_buffer, key_buffer_size, alg, + input, input_length, + mac, mac_size, mac_length ) ); +} + +psa_status_t mbedtls_psa_mac_sign_setup( + mbedtls_psa_mac_operation_t *operation, + const psa_key_attributes_t *attributes, + const uint8_t *key_buffer, + size_t key_buffer_size, + psa_algorithm_t alg ) +{ + return( mac_sign_setup( operation, attributes, + key_buffer, key_buffer_size, alg ) ); +} + +psa_status_t mbedtls_psa_mac_verify_setup( + mbedtls_psa_mac_operation_t *operation, + const psa_key_attributes_t *attributes, + const uint8_t *key_buffer, + size_t key_buffer_size, + psa_algorithm_t alg ) +{ + return( mac_verify_setup( operation, attributes, + key_buffer, key_buffer_size, alg ) ); +} + +psa_status_t mbedtls_psa_mac_update( + mbedtls_psa_mac_operation_t *operation, + const uint8_t *input, + size_t input_length ) +{ + return( mac_update( operation, input, input_length ) ); +} + +psa_status_t mbedtls_psa_mac_sign_finish( + mbedtls_psa_mac_operation_t *operation, + uint8_t *mac, + size_t mac_size, + size_t *mac_length ) +{ + return( mac_sign_finish( operation, mac, mac_size, mac_length ) ); +} + +psa_status_t mbedtls_psa_mac_verify_finish( + mbedtls_psa_mac_operation_t *operation, + const uint8_t *mac, + size_t mac_length ) +{ + return( mac_verify_finish( operation, mac, mac_length ) ); +} + +psa_status_t mbedtls_psa_mac_abort( + mbedtls_psa_mac_operation_t *operation ) +{ + return( mac_abort( operation ) ); +} +#endif /* MBEDTLS_PSA_BUILTIN_MAC */ + + /* + * BEYOND THIS POINT, TEST DRIVER ENTRY POINTS ONLY. + */ +#if defined(PSA_CRYPTO_DRIVER_TEST) + +static int is_mac_accelerated( psa_algorithm_t alg ) +{ +#if defined(MBEDTLS_PSA_ACCEL_ALG_HMAC) + if( PSA_ALG_IS_HMAC( alg ) ) + return( 1 ); +#endif + + switch( PSA_ALG_FULL_LENGTH_MAC( alg ) ) + { +#if defined(MBEDTLS_PSA_ACCEL_ALG_CMAC) + case PSA_ALG_CMAC: + return( 1 ); +#endif + default: + return( 0 ); + } +} + +psa_status_t mbedtls_transparent_test_driver_mac_compute( + const psa_key_attributes_t *attributes, + const uint8_t *key_buffer, + size_t key_buffer_size, + psa_algorithm_t alg, + const uint8_t *input, + size_t input_length, + uint8_t *mac, + size_t mac_size, + size_t *mac_length ) +{ + if( is_mac_accelerated( alg ) ) + return( mac_compute( attributes, key_buffer, key_buffer_size, alg, + input, input_length, + mac, mac_size, mac_length ) ); + else + return( PSA_ERROR_NOT_SUPPORTED ); +} + +psa_status_t mbedtls_transparent_test_driver_mac_sign_setup( + mbedtls_transparent_test_driver_mac_operation_t *operation, + const psa_key_attributes_t *attributes, + const uint8_t *key_buffer, + size_t key_buffer_size, + psa_algorithm_t alg ) +{ + if( is_mac_accelerated( alg ) ) + return( mac_sign_setup( operation, attributes, + key_buffer, key_buffer_size, alg ) ); + else + return( PSA_ERROR_NOT_SUPPORTED ); +} + +psa_status_t mbedtls_transparent_test_driver_mac_verify_setup( + mbedtls_transparent_test_driver_mac_operation_t *operation, + const psa_key_attributes_t *attributes, + const uint8_t *key_buffer, + size_t key_buffer_size, + psa_algorithm_t alg ) +{ + if( is_mac_accelerated( alg ) ) + return( mac_verify_setup( operation, attributes, + key_buffer, key_buffer_size, alg ) ); + else + return( PSA_ERROR_NOT_SUPPORTED ); +} + +psa_status_t mbedtls_transparent_test_driver_mac_update( + mbedtls_transparent_test_driver_mac_operation_t *operation, + const uint8_t *input, + size_t input_length ) +{ + if( is_mac_accelerated( operation->alg ) ) + return( mac_update( operation, input, input_length ) ); + else + return( PSA_ERROR_BAD_STATE ); +} + +psa_status_t mbedtls_transparent_test_driver_mac_sign_finish( + mbedtls_transparent_test_driver_mac_operation_t *operation, + uint8_t *mac, + size_t mac_size, + size_t *mac_length ) +{ + if( is_mac_accelerated( operation->alg ) ) + return( mac_sign_finish( operation, mac, mac_size, mac_length ) ); + else + return( PSA_ERROR_BAD_STATE ); +} + +psa_status_t mbedtls_transparent_test_driver_mac_verify_finish( + mbedtls_transparent_test_driver_mac_operation_t *operation, + const uint8_t *mac, + size_t mac_length ) +{ + if( is_mac_accelerated( operation->alg ) ) + return( mac_verify_finish( operation, mac, mac_length ) ); + else + return( PSA_ERROR_BAD_STATE ); +} + +psa_status_t mbedtls_transparent_test_driver_mac_abort( + mbedtls_transparent_test_driver_mac_operation_t *operation ) +{ + return( mac_abort( operation ) ); +} + +psa_status_t mbedtls_opaque_test_driver_mac_compute( + const psa_key_attributes_t *attributes, + const uint8_t *key_buffer, + size_t key_buffer_size, + psa_algorithm_t alg, + const uint8_t *input, + size_t input_length, + uint8_t *mac, + size_t mac_size, + size_t *mac_length ) +{ + /* Opaque driver testing is not implemented yet through this mechanism. */ + (void) attributes; + (void) key_buffer; + (void) key_buffer_size; + (void) alg; + (void) input; + (void) input_length; + (void) mac; + (void) mac_size; + (void) mac_length; + return( PSA_ERROR_NOT_SUPPORTED ); +} + +psa_status_t mbedtls_opaque_test_driver_mac_sign_setup( + mbedtls_opaque_test_driver_mac_operation_t *operation, + const psa_key_attributes_t *attributes, + const uint8_t *key_buffer, + size_t key_buffer_size, + psa_algorithm_t alg ) +{ + /* Opaque driver testing is not implemented yet through this mechanism. */ + (void) operation; + (void) attributes; + (void) key_buffer; + (void) key_buffer_size; + (void) alg; + return( PSA_ERROR_NOT_SUPPORTED ); +} + +psa_status_t mbedtls_opaque_test_driver_mac_verify_setup( + mbedtls_opaque_test_driver_mac_operation_t *operation, + const psa_key_attributes_t *attributes, + const uint8_t *key_buffer, + size_t key_buffer_size, + psa_algorithm_t alg ) +{ + /* Opaque driver testing is not implemented yet through this mechanism. */ + (void) operation; + (void) attributes; + (void) key_buffer; + (void) key_buffer_size; + (void) alg; + return( PSA_ERROR_NOT_SUPPORTED ); +} + +psa_status_t mbedtls_opaque_test_driver_mac_update( + mbedtls_opaque_test_driver_mac_operation_t *operation, + const uint8_t *input, + size_t input_length ) +{ + /* Opaque driver testing is not implemented yet through this mechanism. */ + (void) operation; + (void) input; + (void) input_length; + return( PSA_ERROR_NOT_SUPPORTED ); +} + +psa_status_t mbedtls_opaque_test_driver_mac_sign_finish( + mbedtls_opaque_test_driver_mac_operation_t *operation, + uint8_t *mac, + size_t mac_size, + size_t *mac_length ) +{ + /* Opaque driver testing is not implemented yet through this mechanism. */ + (void) operation; + (void) mac; + (void) mac_size; + (void) mac_length; + return( PSA_ERROR_NOT_SUPPORTED ); +} + +psa_status_t mbedtls_opaque_test_driver_mac_verify_finish( + mbedtls_opaque_test_driver_mac_operation_t *operation, + const uint8_t *mac, + size_t mac_length ) +{ + /* Opaque driver testing is not implemented yet through this mechanism. */ + (void) operation; + (void) mac; + (void) mac_length; + return( PSA_ERROR_NOT_SUPPORTED ); +} + +psa_status_t mbedtls_opaque_test_driver_mac_abort( + mbedtls_opaque_test_driver_mac_operation_t *operation ) +{ + /* Opaque driver testing is not implemented yet through this mechanism. */ + (void) operation; + return( PSA_ERROR_NOT_SUPPORTED ); +} + +#endif /* PSA_CRYPTO_DRIVER_TEST */ + +#endif /* MBEDTLS_PSA_CRYPTO_C */ diff --git a/library/psa_crypto_mac.h b/library/psa_crypto_mac.h new file mode 100644 index 0000000000..4da60bf408 --- /dev/null +++ b/library/psa_crypto_mac.h @@ -0,0 +1,375 @@ +/* + * PSA MAC layer on top of Mbed TLS software crypto + */ +/* + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef PSA_CRYPTO_MAC_H +#define PSA_CRYPTO_MAC_H + +#include + +/** Calculate the MAC (message authentication code) of a message using Mbed TLS. + * + * \note The signature of this function is that of a PSA driver mac_compute + * entry point. This function behaves as a mac_compute entry point as + * defined in the PSA driver interface specification for transparent + * drivers. + * + * \param[in] attributes The attributes of the key to use for the + * operation. + * \param[in] key_buffer The buffer containing the key to use for + * computing the MAC. This buffer contains the key + * in export representation as defined by + * psa_export_key() (i.e. the raw key bytes). + * \param key_buffer_size Size of the \p key_buffer buffer in bytes. + * \param alg The MAC algorithm to use (\c PSA_ALG_XXX value + * such that #PSA_ALG_IS_MAC(\p alg) is true). + * \param[in] input Buffer containing the input message. + * \param input_length Size of the \p input buffer in bytes. + * \param[out] mac Buffer where the MAC value is to be written. + * \param mac_size Size of the \p mac buffer in bytes. + * \param[out] mac_length On success, the number of bytes + * that make up the MAC value. + * + * \retval #PSA_SUCCESS + * Success. + * \retval #PSA_ERROR_INVALID_ARGUMENT + * The key is not compatible with \p alg. + * \retval #PSA_ERROR_NOT_SUPPORTED + * \p alg is not supported. + * \retval #PSA_ERROR_BUFFER_TOO_SMALL + * \p mac_size is too small + * \retval #PSA_ERROR_INSUFFICIENT_MEMORY + * \retval #PSA_ERROR_CORRUPTION_DETECTED + */ +psa_status_t mbedtls_psa_mac_compute( + const psa_key_attributes_t *attributes, + const uint8_t *key_buffer, + size_t key_buffer_size, + psa_algorithm_t alg, + const uint8_t *input, + size_t input_length, + uint8_t *mac, + size_t mac_size, + size_t *mac_length); + +/** Set up a multipart MAC calculation operation using Mbed TLS. + * + * \note The signature of this function is that of a PSA driver mac_sign_setup + * entry point. This function behaves as a mac_sign_setup entry point as + * defined in the PSA driver interface specification for transparent + * drivers. + * + * \param[in,out] operation The operation object to set up. It must have + * been initialized and not yet in use. + * \param[in] attributes The attributes of the key to use for the + * operation. + * \param[in] key_buffer The buffer containing the key to use for + * computing the MAC. This buffer contains the key + * in export representation as defined by + * psa_export_key() (i.e. the raw key bytes). + * \param key_buffer_size Size of the \p key_buffer buffer in bytes. + * \param alg The MAC algorithm to use (\c PSA_ALG_XXX value + * such that #PSA_ALG_IS_MAC(\p alg) is true). + * + * \retval #PSA_SUCCESS + * Success. + * \retval #PSA_ERROR_INVALID_ARGUMENT + * The key is not compatible with \p alg. + * \retval #PSA_ERROR_NOT_SUPPORTED + * \p alg is not supported. + * \retval #PSA_ERROR_INSUFFICIENT_MEMORY + * \retval #PSA_ERROR_CORRUPTION_DETECTED + * \retval #PSA_ERROR_BAD_STATE + * The operation state is not valid (it must be inactive). + */ +psa_status_t mbedtls_psa_mac_sign_setup( + mbedtls_psa_mac_operation_t *operation, + const psa_key_attributes_t *attributes, + const uint8_t *key_buffer, + size_t key_buffer_size, + psa_algorithm_t alg); + +/** Set up a multipart MAC verification operation using Mbed TLS. + * + * \note The signature of this function is that of a PSA driver mac_verify_setup + * entry point. This function behaves as a mac_verify_setup entry point as + * defined in the PSA driver interface specification for transparent + * drivers. + * + * \param[in,out] operation The operation object to set up. It must have + * been initialized and not yet in use. + * \param[in] attributes The attributes of the key to use for the + * operation. + * \param[in] key_buffer The buffer containing the key to use for + * computing the MAC. This buffer contains the key + * in export representation as defined by + * psa_export_key() (i.e. the raw key bytes). + * \param key_buffer_size Size of the \p key_buffer buffer in bytes. + * \param alg The MAC algorithm to use (\c PSA_ALG_XXX value + * such that #PSA_ALG_IS_MAC(\p alg) is true). + * + * \retval #PSA_SUCCESS + * Success. + * \retval #PSA_ERROR_INVALID_ARGUMENT + * The key is not compatible with \p alg. + * \retval #PSA_ERROR_NOT_SUPPORTED + * \p alg is not supported. + * \retval #PSA_ERROR_INSUFFICIENT_MEMORY + * \retval #PSA_ERROR_CORRUPTION_DETECTED + * \retval #PSA_ERROR_BAD_STATE + * The operation state is not valid (it must be inactive). + */ +psa_status_t mbedtls_psa_mac_verify_setup( + mbedtls_psa_mac_operation_t *operation, + const psa_key_attributes_t *attributes, + const uint8_t *key_buffer, + size_t key_buffer_size, + psa_algorithm_t alg); + +/** Add a message fragment to a multipart MAC operation using Mbed TLS. + * + * \note The signature of this function is that of a PSA driver mac_update + * entry point. This function behaves as a mac_update entry point as + * defined in the PSA driver interface specification for transparent + * drivers. + * + * The core must call mbedtls_psa_mac_sign_setup() or + * mbedtls_psa_mac_verify_setup() before calling this function. + * + * If this function returns an error status, the operation enters an error + * state and must be aborted by calling psa_mac_abort(). + * + * \param[in,out] operation Active MAC operation. + * \param[in] input Buffer containing the message fragment to add to + * the MAC calculation. + * \param input_length Size of the \p input buffer in bytes. + * + * \retval #PSA_SUCCESS + * Success. + * \retval #PSA_ERROR_BAD_STATE + * The operation state is not valid (it must be active). + * \retval #PSA_ERROR_INSUFFICIENT_MEMORY + * \retval #PSA_ERROR_CORRUPTION_DETECTED + */ +psa_status_t mbedtls_psa_mac_update( + mbedtls_psa_mac_operation_t *operation, + const uint8_t *input, + size_t input_length ); + +/** Finish the calculation of the MAC of a message using Mbed TLS. + * + * \note The signature of this function is that of a PSA driver mac_sign_finish + * entry point. This function behaves as a mac_sign_finish entry point as + * defined in the PSA driver interface specification for transparent + * drivers. + * + * The core must call mbedtls_psa_mac_sign_setup() before calling this function. + * This function calculates the MAC of the message formed by concatenating + * the inputs passed to preceding calls to mbedtls_psa_mac_update(). + * + * When this function returns successfully, the operation becomes inactive. + * If this function returns an error status, the operation enters an error + * state and must be aborted by calling mbedtls_psa_mac_abort(). + * + * \param[in,out] operation Active MAC operation. + * \param[out] mac Buffer where the MAC value is to be written. + * \param mac_size Size of the \p mac buffer in bytes. + * \param[out] mac_length On success, the number of bytes + * that make up the MAC value. This is always + * #PSA_MAC_LENGTH(\c key_type, \c key_bits, \c alg) + * where \c key_type and \c key_bits are the type and + * bit-size respectively of the key and \c alg is the + * MAC algorithm that is calculated. + * + * \retval #PSA_SUCCESS + * Success. + * \retval #PSA_ERROR_BAD_STATE + * The operation state is not valid (it must be an active mac sign + * operation). + * \retval #PSA_ERROR_BUFFER_TOO_SMALL + * The size of the \p mac buffer is too small. A sufficient buffer size + * can be determined by calling PSA_MAC_LENGTH(). + * \retval #PSA_ERROR_INSUFFICIENT_MEMORY + * \retval #PSA_ERROR_CORRUPTION_DETECTED + */ +psa_status_t mbedtls_psa_mac_sign_finish( + mbedtls_psa_mac_operation_t *operation, + uint8_t *mac, + size_t mac_size, + size_t *mac_length ); + +/** Finish the calculation of the MAC of a message and compare it with + * an expected value using Mbed TLS. + * + * \note The signature of this function is that of a PSA driver + * mac_verify_finish entry point. This function behaves as a + * mac_verify_finish entry point as defined in the PSA driver interface + * specification for transparent drivers. + * + * The core must call mbedtls_psa_mac_verify_setup() before calling this + * function. This function calculates the MAC of the message formed by + * concatenating the inputs passed to preceding calls to + * mbedtls_psa_mac_update(). It then compares the calculated MAC with the + * expected MAC passed as a parameter to this function. + * + * When this function returns successfully, the operation becomes inactive. + * If this function returns an error status, the operation enters an error + * state and must be aborted by calling mbedtls_psa_mac_abort(). + * + * \param[in,out] operation Active MAC operation. + * \param[in] mac Buffer containing the expected MAC value. + * \param mac_length Size of the \p mac buffer in bytes. + * + * \retval #PSA_SUCCESS + * The expected MAC is identical to the actual MAC of the message. + * \retval #PSA_ERROR_INVALID_SIGNATURE + * The MAC of the message was calculated successfully, but it + * differs from the expected MAC. + * \retval #PSA_ERROR_BAD_STATE + * The operation state is not valid (it must be an active mac verify + * operation). + * \retval #PSA_ERROR_INSUFFICIENT_MEMORY + * \retval #PSA_ERROR_CORRUPTION_DETECTED + */ +psa_status_t mbedtls_psa_mac_verify_finish( + mbedtls_psa_mac_operation_t *operation, + const uint8_t *mac, + size_t mac_length ); + +/** Abort a MAC operation using Mbed TLS. + * + * Aborting an operation frees all associated resources except for the + * \p operation structure itself. Once aborted, the operation object + * can be reused for another operation by calling + * mbedtls_psa_mac_sign_setup() or mbedtls_psa_mac_verify_setup() again. + * + * The core may call this function any time after the operation object has + * been initialized by one of the methods described in + * #mbedtls_psa_mac_operation_t. + * + * In particular, calling mbedtls_psa_mac_abort() after the operation has been + * terminated by a call to mbedtls_psa_mac_abort(), + * mbedtls_psa_mac_sign_finish() or mbedtls_psa_mac_verify_finish() is safe and + * has no effect. + * + * \param[in,out] operation Initialized MAC operation. + * + * \retval #PSA_SUCCESS + * \retval #PSA_ERROR_CORRUPTION_DETECTED + */ +psa_status_t mbedtls_psa_mac_abort( + mbedtls_psa_mac_operation_t *operation ); + +/* + * BEYOND THIS POINT, TEST DRIVER ENTRY POINTS ONLY. + */ + +#if defined(PSA_CRYPTO_DRIVER_TEST) + +psa_status_t mbedtls_transparent_test_driver_mac_compute( + const psa_key_attributes_t *attributes, + const uint8_t *key_buffer, + size_t key_buffer_size, + psa_algorithm_t alg, + const uint8_t *input, + size_t input_length, + uint8_t *mac, + size_t mac_size, + size_t *mac_length ); + +psa_status_t mbedtls_transparent_test_driver_mac_sign_setup( + mbedtls_transparent_test_driver_mac_operation_t *operation, + const psa_key_attributes_t *attributes, + const uint8_t *key_buffer, + size_t key_buffer_size, + psa_algorithm_t alg ); + +psa_status_t mbedtls_transparent_test_driver_mac_verify_setup( + mbedtls_transparent_test_driver_mac_operation_t *operation, + const psa_key_attributes_t *attributes, + const uint8_t *key_buffer, + size_t key_buffer_size, + psa_algorithm_t alg ); + +psa_status_t mbedtls_transparent_test_driver_mac_update( + mbedtls_transparent_test_driver_mac_operation_t *operation, + const uint8_t *input, + size_t input_length ); + +psa_status_t mbedtls_transparent_test_driver_mac_sign_finish( + mbedtls_transparent_test_driver_mac_operation_t *operation, + uint8_t *mac, + size_t mac_size, + size_t *mac_length ); + +psa_status_t mbedtls_transparent_test_driver_mac_verify_finish( + mbedtls_transparent_test_driver_mac_operation_t *operation, + const uint8_t *mac, + size_t mac_length ); + +psa_status_t mbedtls_transparent_test_driver_mac_abort( + mbedtls_transparent_test_driver_mac_operation_t *operation ); + +psa_status_t mbedtls_opaque_test_driver_mac_compute( + const psa_key_attributes_t *attributes, + const uint8_t *key_buffer, + size_t key_buffer_size, + psa_algorithm_t alg, + const uint8_t *input, + size_t input_length, + uint8_t *mac, + size_t mac_size, + size_t *mac_length ); + +psa_status_t mbedtls_opaque_test_driver_mac_sign_setup( + mbedtls_opaque_test_driver_mac_operation_t *operation, + const psa_key_attributes_t *attributes, + const uint8_t *key_buffer, + size_t key_buffer_size, + psa_algorithm_t alg ); + +psa_status_t mbedtls_opaque_test_driver_mac_verify_setup( + mbedtls_opaque_test_driver_mac_operation_t *operation, + const psa_key_attributes_t *attributes, + const uint8_t *key_buffer, + size_t key_buffer_size, + psa_algorithm_t alg ); + +psa_status_t mbedtls_opaque_test_driver_mac_update( + mbedtls_opaque_test_driver_mac_operation_t *operation, + const uint8_t *input, + size_t input_length ); + +psa_status_t mbedtls_opaque_test_driver_mac_sign_finish( + mbedtls_opaque_test_driver_mac_operation_t *operation, + uint8_t *mac, + size_t mac_size, + size_t *mac_length ); + +psa_status_t mbedtls_opaque_test_driver_mac_verify_finish( + mbedtls_opaque_test_driver_mac_operation_t *operation, + const uint8_t *mac, + size_t mac_length ); + +psa_status_t mbedtls_opaque_test_driver_mac_abort( + mbedtls_opaque_test_driver_mac_operation_t *operation ); + +#endif /* PSA_CRYPTO_DRIVER_TEST */ + +#endif /* PSA_CRYPTO_MAC_H */ diff --git a/visualc/VS2010/mbedTLS.vcxproj b/visualc/VS2010/mbedTLS.vcxproj index 201751b9c4..46adbbec5f 100644 --- a/visualc/VS2010/mbedTLS.vcxproj +++ b/visualc/VS2010/mbedTLS.vcxproj @@ -262,6 +262,7 @@ + @@ -337,6 +338,7 @@ + From 77e2cc56618371f57c3db1f3e6cacca815cb3cdb Mon Sep 17 00:00:00 2001 From: Steven Cooreman Date: Fri, 19 Mar 2021 17:05:52 +0100 Subject: [PATCH 052/188] Move the MAC operation structure into the driver headers Signed-off-by: Steven Cooreman --- include/psa/crypto_builtin_composites.h | 33 +++++++++++++------ include/psa/crypto_struct.h | 27 +++++----------- library/psa_crypto.c | 43 +++++++++++++++++-------- library/psa_crypto_driver_wrappers.c | 36 ++++++++++----------- 4 files changed, 79 insertions(+), 60 deletions(-) diff --git a/include/psa/crypto_builtin_composites.h b/include/psa/crypto_builtin_composites.h index 16fa3db720..fd7f6f91a9 100644 --- a/include/psa/crypto_builtin_composites.h +++ b/include/psa/crypto_builtin_composites.h @@ -38,8 +38,12 @@ /* * MAC multi-part operation definitions. */ +#if defined(MBEDTLS_PSA_BUILTIN_ALG_CMAC) || \ + defined(MBEDTLS_PSA_BUILTIN_ALG_HMAC) +#define MBEDTLS_PSA_BUILTIN_MAC +#endif -#if defined(MBEDTLS_MD_C) +#if defined(PSA_WANT_ALG_HMAC) typedef struct { /** The HMAC algorithm in use */ @@ -49,22 +53,33 @@ typedef struct /** The HMAC part of the context. */ uint8_t opad[PSA_HMAC_MAX_HASH_BLOCK_SIZE]; } psa_hmac_internal_data; -#endif /* MBEDTLS_MD_C */ +#endif /* PSA_WANT_ALG_HMAC */ #include "mbedtls/cmac.h" -#if defined(MBEDTLS_PSA_BUILTIN_ALG_CMAC) || \ - defined(MBEDTLS_PSA_BUILTIN_ALG_HMAC) -#define MBEDTLS_PSA_BUILTIN_MAC -#endif - typedef struct { psa_algorithm_t alg; - /* To be fleshed out in a later commit. */ + unsigned int key_set : 1; + unsigned int iv_required : 1; + unsigned int iv_set : 1; + unsigned int has_input : 1; + unsigned int is_sign : 1; + uint8_t mac_size; + unsigned int id; + union + { + unsigned dummy; /* Make the union non-empty even with no supported algorithms. */ +#if defined(PSA_WANT_ALG_HMAC) + psa_hmac_internal_data hmac; +#endif +#if defined(MBEDTLS_CMAC_C) + mbedtls_cipher_context_t cmac; +#endif + } ctx; } mbedtls_psa_mac_operation_t; -#define MBEDTLS_PSA_MAC_OPERATION_INIT {0, {0}} +#define MBEDTLS_PSA_MAC_OPERATION_INIT {0, 0, 0, 0, 0, 0, 0, 0, {0}} /* * BEYOND THIS POINT, TEST DRIVER DECLARATIONS ONLY. diff --git a/include/psa/crypto_struct.h b/include/psa/crypto_struct.h index 975e9f76ba..04c0064634 100644 --- a/include/psa/crypto_struct.h +++ b/include/psa/crypto_struct.h @@ -130,28 +130,17 @@ static inline struct psa_cipher_operation_s psa_cipher_operation_init( void ) struct psa_mac_operation_s { - psa_algorithm_t alg; - unsigned int key_set : 1; - unsigned int iv_required : 1; - unsigned int iv_set : 1; - unsigned int has_input : 1; - unsigned int is_sign : 1; - uint8_t mac_size; + /** Unique ID indicating which driver got assigned to do the + * operation. Since driver contexts are driver-specific, swapping + * drivers halfway through the operation is not supported. + * ID values are auto-generated in psa_driver_wrappers.h + * ID value zero means the context is not valid or not assigned to + * any driver (i.e. none of the driver contexts are active). */ unsigned int id; - union - { - unsigned dummy; /* Make the union non-empty even with no supported algorithms. */ -#if defined(MBEDTLS_MD_C) - psa_hmac_internal_data hmac; -#endif -#if defined(MBEDTLS_CMAC_C) - mbedtls_cipher_context_t cmac; -#endif - psa_driver_mac_context_t driver; - } ctx; + psa_driver_mac_context_t ctx; }; -#define PSA_MAC_OPERATION_INIT {0, 0, 0, 0, 0, 0, 0, 0, {0}} +#define PSA_MAC_OPERATION_INIT {0, {0}} static inline struct psa_mac_operation_s psa_mac_operation_init( void ) { const struct psa_mac_operation_s v = PSA_MAC_OPERATION_INIT; diff --git a/library/psa_crypto.c b/library/psa_crypto.c index c153217908..ed847b280a 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -2277,7 +2277,7 @@ static size_t psa_get_hash_block_size( psa_algorithm_t alg ) /* Initialize the MAC operation structure. Once this function has been * called, psa_mac_abort can run and will do the right thing. */ -static psa_status_t psa_mac_init( psa_mac_operation_t *operation, +static psa_status_t psa_mac_init( mbedtls_psa_mac_operation_t *operation, psa_algorithm_t alg ) { psa_status_t status = PSA_ERROR_NOT_SUPPORTED; @@ -2325,8 +2325,11 @@ static psa_status_t psa_hmac_abort_internal( psa_hmac_internal_data *hmac ) } #endif /* MBEDTLS_PSA_BUILTIN_ALG_HMAC */ -psa_status_t psa_mac_abort( psa_mac_operation_t *operation ) +psa_status_t psa_mac_abort( psa_mac_operation_t *psa_operation ) { + /* Temporary recast to avoid changing a lot of lines */ + mbedtls_psa_mac_operation_t* operation = &psa_operation->ctx.mbedtls_ctx; + if( operation->alg == 0 ) { /* The object has (apparently) been initialized but it is not @@ -2374,7 +2377,7 @@ bad_state: } #if defined(MBEDTLS_PSA_BUILTIN_ALG_CMAC) -static psa_status_t psa_cmac_setup( psa_mac_operation_t *operation, +static psa_status_t psa_cmac_setup( mbedtls_psa_mac_operation_t *operation, psa_key_slot_t *slot ) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; @@ -2463,7 +2466,7 @@ cleanup: } #endif /* MBEDTLS_PSA_BUILTIN_ALG_HMAC */ -static psa_status_t psa_mac_setup( psa_mac_operation_t *operation, +static psa_status_t psa_mac_setup( psa_mac_operation_t *psa_operation, mbedtls_svc_key_id_t key, psa_algorithm_t alg, int is_sign ) @@ -2474,6 +2477,9 @@ static psa_status_t psa_mac_setup( psa_mac_operation_t *operation, psa_key_usage_t usage = is_sign ? PSA_KEY_USAGE_SIGN_HASH : PSA_KEY_USAGE_VERIFY_HASH; + /* Temporary recast to avoid changing a lot of lines */ + mbedtls_psa_mac_operation_t* operation = &psa_operation->ctx.mbedtls_ctx; + /* A context must be freshly initialized before it can be set up. */ if( operation->alg != 0 ) { @@ -2557,7 +2563,7 @@ static psa_status_t psa_mac_setup( psa_mac_operation_t *operation, exit: if( status != PSA_SUCCESS ) { - psa_mac_abort( operation ); + psa_mac_abort( psa_operation ); } else { @@ -2583,10 +2589,13 @@ psa_status_t psa_mac_verify_setup( psa_mac_operation_t *operation, return( psa_mac_setup( operation, key, alg, 0 ) ); } -psa_status_t psa_mac_update( psa_mac_operation_t *operation, +psa_status_t psa_mac_update( psa_mac_operation_t *psa_operation, const uint8_t *input, size_t input_length ) { + /* Temporary recast to avoid changing a lot of lines */ + mbedtls_psa_mac_operation_t* operation = &psa_operation->ctx.mbedtls_ctx; + psa_status_t status = PSA_ERROR_BAD_STATE; if( ! operation->key_set ) return( PSA_ERROR_BAD_STATE ); @@ -2618,7 +2627,7 @@ psa_status_t psa_mac_update( psa_mac_operation_t *operation, } if( status != PSA_SUCCESS ) - psa_mac_abort( operation ); + psa_mac_abort( psa_operation ); return( status ); } @@ -2662,7 +2671,7 @@ exit: } #endif /* MBEDTLS_PSA_BUILTIN_ALG_HMAC */ -static psa_status_t psa_mac_finish_internal( psa_mac_operation_t *operation, +static psa_status_t psa_mac_finish_internal( mbedtls_psa_mac_operation_t *operation, uint8_t *mac, size_t mac_size ) { @@ -2701,11 +2710,14 @@ static psa_status_t psa_mac_finish_internal( psa_mac_operation_t *operation, } } -psa_status_t psa_mac_sign_finish( psa_mac_operation_t *operation, +psa_status_t psa_mac_sign_finish( psa_mac_operation_t *psa_operation, uint8_t *mac, size_t mac_size, size_t *mac_length ) { + /* Temporary recast to avoid changing a lot of lines */ + mbedtls_psa_mac_operation_t* operation = &psa_operation->ctx.mbedtls_ctx; + psa_status_t status; if( operation->alg == 0 ) @@ -2731,21 +2743,24 @@ psa_status_t psa_mac_sign_finish( psa_mac_operation_t *operation, if( status == PSA_SUCCESS ) { - status = psa_mac_abort( operation ); + status = psa_mac_abort( psa_operation ); if( status == PSA_SUCCESS ) *mac_length = operation->mac_size; else memset( mac, '!', mac_size ); } else - psa_mac_abort( operation ); + psa_mac_abort( psa_operation ); return( status ); } -psa_status_t psa_mac_verify_finish( psa_mac_operation_t *operation, +psa_status_t psa_mac_verify_finish( psa_mac_operation_t *psa_operation, const uint8_t *mac, size_t mac_length ) { + /* Temporary recast to avoid changing a lot of lines */ + mbedtls_psa_mac_operation_t* operation = &psa_operation->ctx.mbedtls_ctx; + uint8_t actual_mac[PSA_MAC_MAX_SIZE]; psa_status_t status; @@ -2774,9 +2789,9 @@ psa_status_t psa_mac_verify_finish( psa_mac_operation_t *operation, cleanup: if( status == PSA_SUCCESS ) - status = psa_mac_abort( operation ); + status = psa_mac_abort( psa_operation ); else - psa_mac_abort( operation ); + psa_mac_abort( psa_operation ); mbedtls_platform_zeroize( actual_mac, sizeof( actual_mac ) ); diff --git a/library/psa_crypto_driver_wrappers.c b/library/psa_crypto_driver_wrappers.c index 09f6319199..32ea7f535d 100644 --- a/library/psa_crypto_driver_wrappers.c +++ b/library/psa_crypto_driver_wrappers.c @@ -1383,7 +1383,7 @@ psa_status_t psa_driver_wrapper_mac_sign_setup( #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) #if defined(PSA_CRYPTO_DRIVER_TEST) status = mbedtls_transparent_test_driver_mac_sign_setup( - &operation->ctx.driver.transparent_test_driver_ctx, + &operation->ctx.transparent_test_driver_ctx, attributes, key_buffer, key_buffer_size, alg ); @@ -1397,7 +1397,7 @@ psa_status_t psa_driver_wrapper_mac_sign_setup( #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ #if defined(MBEDTLS_PSA_BUILTIN_MAC) /* Fell through, meaning no accelerator supports this operation */ - status = mbedtls_psa_mac_sign_setup( &operation->ctx.driver.mbedtls_ctx, + status = mbedtls_psa_mac_sign_setup( &operation->ctx.mbedtls_ctx, attributes, key_buffer, key_buffer_size, alg ); @@ -1414,7 +1414,7 @@ psa_status_t psa_driver_wrapper_mac_sign_setup( #if defined(PSA_CRYPTO_DRIVER_TEST) case PSA_CRYPTO_TEST_DRIVER_LOCATION: status = mbedtls_opaque_test_driver_mac_sign_setup( - &operation->ctx.driver.opaque_test_driver_ctx, + &operation->ctx.opaque_test_driver_ctx, attributes, key_buffer, key_buffer_size, alg ); @@ -1454,7 +1454,7 @@ psa_status_t psa_driver_wrapper_mac_verify_setup( #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) #if defined(PSA_CRYPTO_DRIVER_TEST) status = mbedtls_transparent_test_driver_mac_verify_setup( - &operation->ctx.driver.transparent_test_driver_ctx, + &operation->ctx.transparent_test_driver_ctx, attributes, key_buffer, key_buffer_size, alg ); @@ -1468,7 +1468,7 @@ psa_status_t psa_driver_wrapper_mac_verify_setup( #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ #if defined(MBEDTLS_PSA_BUILTIN_MAC) /* Fell through, meaning no accelerator supports this operation */ - status = mbedtls_psa_mac_verify_setup( &operation->ctx.driver.mbedtls_ctx, + status = mbedtls_psa_mac_verify_setup( &operation->ctx.mbedtls_ctx, attributes, key_buffer, key_buffer_size, alg ); @@ -1485,7 +1485,7 @@ psa_status_t psa_driver_wrapper_mac_verify_setup( #if defined(PSA_CRYPTO_DRIVER_TEST) case PSA_CRYPTO_TEST_DRIVER_LOCATION: status = mbedtls_opaque_test_driver_mac_sign_setup( - &operation->ctx.driver.opaque_test_driver_ctx, + &operation->ctx.opaque_test_driver_ctx, attributes, key_buffer, key_buffer_size, alg ); @@ -1515,7 +1515,7 @@ psa_status_t psa_driver_wrapper_mac_update( { #if defined(MBEDTLS_PSA_BUILTIN_MAC) case PSA_CRYPTO_MBED_TLS_DRIVER_ID: - return( mbedtls_psa_mac_update( &operation->ctx.driver.mbedtls_ctx, + return( mbedtls_psa_mac_update( &operation->ctx.mbedtls_ctx, input, input_length ) ); #endif /* MBEDTLS_PSA_BUILTIN_MAC */ @@ -1523,12 +1523,12 @@ psa_status_t psa_driver_wrapper_mac_update( #if defined(PSA_CRYPTO_DRIVER_TEST) case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID: return( mbedtls_transparent_test_driver_mac_update( - &operation->ctx.driver.transparent_test_driver_ctx, + &operation->ctx.transparent_test_driver_ctx, input, input_length ) ); case PSA_CRYPTO_OPAQUE_TEST_DRIVER_ID: return( mbedtls_opaque_test_driver_mac_update( - &operation->ctx.driver.opaque_test_driver_ctx, + &operation->ctx.opaque_test_driver_ctx, input, input_length ) ); #endif /* PSA_CRYPTO_DRIVER_TEST */ #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ @@ -1549,7 +1549,7 @@ psa_status_t psa_driver_wrapper_mac_sign_finish( { #if defined(MBEDTLS_PSA_BUILTIN_MAC) case PSA_CRYPTO_MBED_TLS_DRIVER_ID: - return( mbedtls_psa_mac_sign_finish( &operation->ctx.driver.mbedtls_ctx, + return( mbedtls_psa_mac_sign_finish( &operation->ctx.mbedtls_ctx, mac, mac_size, mac_length ) ); #endif /* MBEDTLS_PSA_BUILTIN_MAC */ @@ -1557,12 +1557,12 @@ psa_status_t psa_driver_wrapper_mac_sign_finish( #if defined(PSA_CRYPTO_DRIVER_TEST) case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID: return( mbedtls_transparent_test_driver_mac_sign_finish( - &operation->ctx.driver.transparent_test_driver_ctx, + &operation->ctx.transparent_test_driver_ctx, mac, mac_size, mac_length ) ); case PSA_CRYPTO_OPAQUE_TEST_DRIVER_ID: return( mbedtls_opaque_test_driver_mac_sign_finish( - &operation->ctx.driver.opaque_test_driver_ctx, + &operation->ctx.opaque_test_driver_ctx, mac, mac_size, mac_length ) ); #endif /* PSA_CRYPTO_DRIVER_TEST */ #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ @@ -1583,7 +1583,7 @@ psa_status_t psa_driver_wrapper_mac_verify_finish( { #if defined(MBEDTLS_PSA_BUILTIN_MAC) case PSA_CRYPTO_MBED_TLS_DRIVER_ID: - return( mbedtls_psa_mac_verify_finish( &operation->ctx.driver.mbedtls_ctx, + return( mbedtls_psa_mac_verify_finish( &operation->ctx.mbedtls_ctx, mac, mac_length ) ); #endif /* MBEDTLS_PSA_BUILTIN_MAC */ @@ -1591,12 +1591,12 @@ psa_status_t psa_driver_wrapper_mac_verify_finish( #if defined(PSA_CRYPTO_DRIVER_TEST) case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID: return( mbedtls_transparent_test_driver_mac_verify_finish( - &operation->ctx.driver.transparent_test_driver_ctx, + &operation->ctx.transparent_test_driver_ctx, mac, mac_length ) ); case PSA_CRYPTO_OPAQUE_TEST_DRIVER_ID: return( mbedtls_opaque_test_driver_mac_verify_finish( - &operation->ctx.driver.opaque_test_driver_ctx, + &operation->ctx.opaque_test_driver_ctx, mac, mac_length ) ); #endif /* PSA_CRYPTO_DRIVER_TEST */ #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ @@ -1615,7 +1615,7 @@ psa_status_t psa_driver_wrapper_mac_abort( { #if defined(MBEDTLS_PSA_BUILTIN_MAC) case PSA_CRYPTO_MBED_TLS_DRIVER_ID: - status = mbedtls_psa_mac_abort( &operation->ctx.driver.mbedtls_ctx ); + status = mbedtls_psa_mac_abort( &operation->ctx.mbedtls_ctx ); break; #endif /* MBEDTLS_PSA_BUILTIN_MAC */ @@ -1623,11 +1623,11 @@ psa_status_t psa_driver_wrapper_mac_abort( #if defined(PSA_CRYPTO_DRIVER_TEST) case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID: status = mbedtls_transparent_test_driver_mac_abort( - &operation->ctx.driver.transparent_test_driver_ctx ); + &operation->ctx.transparent_test_driver_ctx ); break; case PSA_CRYPTO_OPAQUE_TEST_DRIVER_ID: status = mbedtls_opaque_test_driver_mac_abort( - &operation->ctx.driver.opaque_test_driver_ctx ); + &operation->ctx.opaque_test_driver_ctx ); break; #endif /* PSA_CRYPTO_DRIVER_TEST */ #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ From 82c66b6b8ba1cdd073e89ae89d0bd98eb80bddf4 Mon Sep 17 00:00:00 2001 From: Steven Cooreman Date: Fri, 19 Mar 2021 17:39:17 +0100 Subject: [PATCH 053/188] Move internal HMAC implementation into internal MAC driver This is a temporary measure. Other operations in the PSA Core which rely on this internal HMAC API should be rewritten to use the MAC API instead, since they can then leverage accelerated HMAC should a platform provide such acceleration support. Signed-off-by: Steven Cooreman --- library/psa_crypto.c | 144 +-------------------------------------- library/psa_crypto_mac.c | 140 ++++++++++++++++++++++++++++++++++++- library/psa_crypto_mac.h | 11 +++ 3 files changed, 151 insertions(+), 144 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index ed847b280a..edfe9a7571 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -35,6 +35,7 @@ #include "psa_crypto_driver_wrappers.h" #include "psa_crypto_ecp.h" #include "psa_crypto_hash.h" +#include "psa_crypto_mac.h" #include "psa_crypto_rsa.h" #include "psa_crypto_ecp.h" #if defined(MBEDTLS_PSA_CRYPTO_SE_C) @@ -2246,35 +2247,6 @@ psa_status_t psa_hash_clone( const psa_hash_operation_t *source_operation, /* MAC */ /****************************************************************/ -#if defined(MBEDTLS_PSA_BUILTIN_ALG_HMAC) -static size_t psa_get_hash_block_size( psa_algorithm_t alg ) -{ - switch( alg ) - { - case PSA_ALG_MD2: - return( 16 ); - case PSA_ALG_MD4: - return( 64 ); - case PSA_ALG_MD5: - return( 64 ); - case PSA_ALG_RIPEMD160: - return( 64 ); - case PSA_ALG_SHA_1: - return( 64 ); - case PSA_ALG_SHA_224: - return( 64 ); - case PSA_ALG_SHA_256: - return( 64 ); - case PSA_ALG_SHA_384: - return( 128 ); - case PSA_ALG_SHA_512: - return( 128 ); - default: - return( 0 ); - } -} -#endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_HMAC) */ - /* Initialize the MAC operation structure. Once this function has been * called, psa_mac_abort can run and will do the right thing. */ static psa_status_t psa_mac_init( mbedtls_psa_mac_operation_t *operation, @@ -2317,14 +2289,6 @@ static psa_status_t psa_mac_init( mbedtls_psa_mac_operation_t *operation, return( status ); } -#if defined(MBEDTLS_PSA_BUILTIN_ALG_HMAC) -static psa_status_t psa_hmac_abort_internal( psa_hmac_internal_data *hmac ) -{ - mbedtls_platform_zeroize( hmac->opad, sizeof( hmac->opad ) ); - return( psa_hash_abort( &hmac->hash_ctx ) ); -} -#endif /* MBEDTLS_PSA_BUILTIN_ALG_HMAC */ - psa_status_t psa_mac_abort( psa_mac_operation_t *psa_operation ) { /* Temporary recast to avoid changing a lot of lines */ @@ -2400,72 +2364,6 @@ exit: } #endif /* MBEDTLS_PSA_BUILTIN_ALG_CMAC */ -#if defined(MBEDTLS_PSA_BUILTIN_ALG_HMAC) -static psa_status_t psa_hmac_setup_internal( psa_hmac_internal_data *hmac, - const uint8_t *key, - size_t key_length, - psa_algorithm_t hash_alg ) -{ - uint8_t ipad[PSA_HMAC_MAX_HASH_BLOCK_SIZE]; - size_t i; - size_t hash_size = PSA_HASH_LENGTH( hash_alg ); - size_t block_size = psa_get_hash_block_size( hash_alg ); - psa_status_t status; - - hmac->alg = hash_alg; - - /* Sanity checks on block_size, to guarantee that there won't be a buffer - * overflow below. This should never trigger if the hash algorithm - * is implemented correctly. */ - /* The size checks against the ipad and opad buffers cannot be written - * `block_size > sizeof( ipad ) || block_size > sizeof( hmac->opad )` - * because that triggers -Wlogical-op on GCC 7.3. */ - if( block_size > sizeof( ipad ) ) - return( PSA_ERROR_NOT_SUPPORTED ); - if( block_size > sizeof( hmac->opad ) ) - return( PSA_ERROR_NOT_SUPPORTED ); - if( block_size < hash_size ) - return( PSA_ERROR_NOT_SUPPORTED ); - - if( key_length > block_size ) - { - status = psa_hash_compute( hash_alg, key, key_length, - ipad, sizeof( ipad ), &key_length ); - if( status != PSA_SUCCESS ) - goto cleanup; - } - /* A 0-length key is not commonly used in HMAC when used as a MAC, - * but it is permitted. It is common when HMAC is used in HKDF, for - * example. Don't call `memcpy` in the 0-length because `key` could be - * an invalid pointer which would make the behavior undefined. */ - else if( key_length != 0 ) - memcpy( ipad, key, key_length ); - - /* ipad contains the key followed by garbage. Xor and fill with 0x36 - * to create the ipad value. */ - for( i = 0; i < key_length; i++ ) - ipad[i] ^= 0x36; - memset( ipad + key_length, 0x36, block_size - key_length ); - - /* Copy the key material from ipad to opad, flipping the requisite bits, - * and filling the rest of opad with the requisite constant. */ - for( i = 0; i < key_length; i++ ) - hmac->opad[i] = ipad[i] ^ 0x36 ^ 0x5C; - memset( hmac->opad + key_length, 0x5C, block_size - key_length ); - - status = psa_hash_setup( &hmac->hash_ctx, hash_alg ); - if( status != PSA_SUCCESS ) - goto cleanup; - - status = psa_hash_update( &hmac->hash_ctx, ipad, block_size ); - -cleanup: - mbedtls_platform_zeroize( ipad, sizeof( ipad ) ); - - return( status ); -} -#endif /* MBEDTLS_PSA_BUILTIN_ALG_HMAC */ - static psa_status_t psa_mac_setup( psa_mac_operation_t *psa_operation, mbedtls_svc_key_id_t key, psa_algorithm_t alg, @@ -2631,46 +2529,6 @@ psa_status_t psa_mac_update( psa_mac_operation_t *psa_operation, return( status ); } -#if defined(MBEDTLS_PSA_BUILTIN_ALG_HMAC) -static psa_status_t psa_hmac_finish_internal( psa_hmac_internal_data *hmac, - uint8_t *mac, - size_t mac_size ) -{ - uint8_t tmp[MBEDTLS_MD_MAX_SIZE]; - psa_algorithm_t hash_alg = hmac->alg; - size_t hash_size = 0; - size_t block_size = psa_get_hash_block_size( hash_alg ); - psa_status_t status; - - status = psa_hash_finish( &hmac->hash_ctx, tmp, sizeof( tmp ), &hash_size ); - if( status != PSA_SUCCESS ) - return( status ); - /* From here on, tmp needs to be wiped. */ - - status = psa_hash_setup( &hmac->hash_ctx, hash_alg ); - if( status != PSA_SUCCESS ) - goto exit; - - status = psa_hash_update( &hmac->hash_ctx, hmac->opad, block_size ); - if( status != PSA_SUCCESS ) - goto exit; - - status = psa_hash_update( &hmac->hash_ctx, tmp, hash_size ); - if( status != PSA_SUCCESS ) - goto exit; - - status = psa_hash_finish( &hmac->hash_ctx, tmp, sizeof( tmp ), &hash_size ); - if( status != PSA_SUCCESS ) - goto exit; - - memcpy( mac, tmp, mac_size ); - -exit: - mbedtls_platform_zeroize( tmp, hash_size ); - return( status ); -} -#endif /* MBEDTLS_PSA_BUILTIN_ALG_HMAC */ - static psa_status_t psa_mac_finish_internal( mbedtls_psa_mac_operation_t *operation, uint8_t *mac, size_t mac_size ) diff --git a/library/psa_crypto_mac.c b/library/psa_crypto_mac.c index 169be3a454..b09efea596 100644 --- a/library/psa_crypto_mac.c +++ b/library/psa_crypto_mac.c @@ -25,6 +25,7 @@ #include #include "psa_crypto_core.h" #include "psa_crypto_mac.h" +#include #include #include @@ -40,6 +41,143 @@ #define BUILTIN_ALG_HMAC 1 #endif +#if defined(MBEDTLS_PSA_BUILTIN_ALG_HMAC) || defined(PSA_CRYPTO_DRIVER_TEST) +static size_t psa_get_hash_block_size( psa_algorithm_t alg ) +{ + switch( alg ) + { + case PSA_ALG_MD2: + return( 16 ); + case PSA_ALG_MD4: + return( 64 ); + case PSA_ALG_MD5: + return( 64 ); + case PSA_ALG_RIPEMD160: + return( 64 ); + case PSA_ALG_SHA_1: + return( 64 ); + case PSA_ALG_SHA_224: + return( 64 ); + case PSA_ALG_SHA_256: + return( 64 ); + case PSA_ALG_SHA_384: + return( 128 ); + case PSA_ALG_SHA_512: + return( 128 ); + default: + return( 0 ); + } +} + +psa_status_t psa_hmac_abort_internal( psa_hmac_internal_data *hmac ) +{ + mbedtls_platform_zeroize( hmac->opad, sizeof( hmac->opad ) ); + return( psa_hash_abort( &hmac->hash_ctx ) ); +} + +psa_status_t psa_hmac_setup_internal( psa_hmac_internal_data *hmac, + const uint8_t *key, + size_t key_length, + psa_algorithm_t hash_alg ) +{ + uint8_t ipad[PSA_HMAC_MAX_HASH_BLOCK_SIZE]; + size_t i; + size_t hash_size = PSA_HASH_LENGTH( hash_alg ); + size_t block_size = psa_get_hash_block_size( hash_alg ); + psa_status_t status; + + hmac->alg = hash_alg; + + /* Sanity checks on block_size, to guarantee that there won't be a buffer + * overflow below. This should never trigger if the hash algorithm + * is implemented correctly. */ + /* The size checks against the ipad and opad buffers cannot be written + * `block_size > sizeof( ipad ) || block_size > sizeof( hmac->opad )` + * because that triggers -Wlogical-op on GCC 7.3. */ + if( block_size > sizeof( ipad ) ) + return( PSA_ERROR_NOT_SUPPORTED ); + if( block_size > sizeof( hmac->opad ) ) + return( PSA_ERROR_NOT_SUPPORTED ); + if( block_size < hash_size ) + return( PSA_ERROR_NOT_SUPPORTED ); + + if( key_length > block_size ) + { + status = psa_hash_compute( hash_alg, key, key_length, + ipad, sizeof( ipad ), &key_length ); + if( status != PSA_SUCCESS ) + goto cleanup; + } + /* A 0-length key is not commonly used in HMAC when used as a MAC, + * but it is permitted. It is common when HMAC is used in HKDF, for + * example. Don't call `memcpy` in the 0-length because `key` could be + * an invalid pointer which would make the behavior undefined. */ + else if( key_length != 0 ) + memcpy( ipad, key, key_length ); + + /* ipad contains the key followed by garbage. Xor and fill with 0x36 + * to create the ipad value. */ + for( i = 0; i < key_length; i++ ) + ipad[i] ^= 0x36; + memset( ipad + key_length, 0x36, block_size - key_length ); + + /* Copy the key material from ipad to opad, flipping the requisite bits, + * and filling the rest of opad with the requisite constant. */ + for( i = 0; i < key_length; i++ ) + hmac->opad[i] = ipad[i] ^ 0x36 ^ 0x5C; + memset( hmac->opad + key_length, 0x5C, block_size - key_length ); + + status = psa_hash_setup( &hmac->hash_ctx, hash_alg ); + if( status != PSA_SUCCESS ) + goto cleanup; + + status = psa_hash_update( &hmac->hash_ctx, ipad, block_size ); + +cleanup: + mbedtls_platform_zeroize( ipad, sizeof( ipad ) ); + + return( status ); +} + +psa_status_t psa_hmac_finish_internal( psa_hmac_internal_data *hmac, + uint8_t *mac, + size_t mac_size ) +{ + uint8_t tmp[MBEDTLS_MD_MAX_SIZE]; + psa_algorithm_t hash_alg = hmac->alg; + size_t hash_size = 0; + size_t block_size = psa_get_hash_block_size( hash_alg ); + psa_status_t status; + + status = psa_hash_finish( &hmac->hash_ctx, tmp, sizeof( tmp ), &hash_size ); + if( status != PSA_SUCCESS ) + return( status ); + /* From here on, tmp needs to be wiped. */ + + status = psa_hash_setup( &hmac->hash_ctx, hash_alg ); + if( status != PSA_SUCCESS ) + goto exit; + + status = psa_hash_update( &hmac->hash_ctx, hmac->opad, block_size ); + if( status != PSA_SUCCESS ) + goto exit; + + status = psa_hash_update( &hmac->hash_ctx, tmp, hash_size ); + if( status != PSA_SUCCESS ) + goto exit; + + status = psa_hash_finish( &hmac->hash_ctx, tmp, sizeof( tmp ), &hash_size ); + if( status != PSA_SUCCESS ) + goto exit; + + memcpy( mac, tmp, mac_size ); + +exit: + mbedtls_platform_zeroize( tmp, hash_size ); + return( status ); +} +#endif /* MBEDTLS_PSA_BUILTIN_ALG_HMAC || PSA_CRYPTO_DRIVER_TEST */ + /* Implement the PSA driver MAC interface on top of mbed TLS if either the * software driver or the test driver requires it. */ #if defined(MBEDTLS_PSA_BUILTIN_MAC) || defined(PSA_CRYPTO_DRIVER_TEST) @@ -54,7 +192,7 @@ static psa_status_t mac_compute( size_t mac_size, size_t *mac_length ) { - /* To be fleshed out in a subsequent commit */ + /* One-shot MAC has not been implemented in this PSA implementation yet. */ (void) attributes; (void) key_buffer; (void) key_buffer_size; diff --git a/library/psa_crypto_mac.h b/library/psa_crypto_mac.h index 4da60bf408..d923511605 100644 --- a/library/psa_crypto_mac.h +++ b/library/psa_crypto_mac.h @@ -23,6 +23,17 @@ #include +psa_status_t psa_hmac_setup_internal( psa_hmac_internal_data *hmac, + const uint8_t *key, + size_t key_length, + psa_algorithm_t hash_alg ); + +psa_status_t psa_hmac_finish_internal( psa_hmac_internal_data *hmac, + uint8_t *mac, + size_t mac_size ); + +psa_status_t psa_hmac_abort_internal( psa_hmac_internal_data *hmac ); + /** Calculate the MAC (message authentication code) of a message using Mbed TLS. * * \note The signature of this function is that of a PSA driver mac_compute From e680419791dd308ac87ce0123614d5e624e96406 Mon Sep 17 00:00:00 2001 From: Steven Cooreman Date: Fri, 19 Mar 2021 18:28:56 +0100 Subject: [PATCH 054/188] Migrate MAC setup/abort calls into the software driver Step 1/x in moving the driver. Separate commits should make for easier review. Additional changes on top of just moving code: * Added a sanity check on the key buffer size for CMAC. * Transfered responsibility for resetting the core members of the PSA MAC operation structure back to the core (from the driver wrapper layer) Signed-off-by: Steven Cooreman --- library/psa_crypto.c | 197 ++++-------------------- library/psa_crypto_driver_wrappers.c | 20 +-- library/psa_crypto_mac.c | 221 ++++++++++++++++++++++++--- 3 files changed, 237 insertions(+), 201 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index edfe9a7571..19503f681b 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -2247,124 +2247,19 @@ psa_status_t psa_hash_clone( const psa_hash_operation_t *source_operation, /* MAC */ /****************************************************************/ -/* Initialize the MAC operation structure. Once this function has been - * called, psa_mac_abort can run and will do the right thing. */ -static psa_status_t psa_mac_init( mbedtls_psa_mac_operation_t *operation, - psa_algorithm_t alg ) +psa_status_t psa_mac_abort( psa_mac_operation_t *operation ) { - psa_status_t status = PSA_ERROR_NOT_SUPPORTED; + /* Aborting a non-active operation is allowed */ + if( operation->id == 0 ) + return( PSA_SUCCESS ); - operation->alg = PSA_ALG_FULL_LENGTH_MAC( alg ); - operation->key_set = 0; - operation->iv_set = 0; - operation->iv_required = 0; - operation->has_input = 0; - operation->is_sign = 0; + psa_status_t status = psa_driver_wrapper_mac_abort( operation ); + operation->id = 0; -#if defined(MBEDTLS_PSA_BUILTIN_ALG_CMAC) - if( operation->alg == PSA_ALG_CMAC ) - { - operation->iv_required = 0; - mbedtls_cipher_init( &operation->ctx.cmac ); - status = PSA_SUCCESS; - } - else -#endif /* MBEDTLS_PSA_BUILTIN_ALG_CMAC */ -#if defined(MBEDTLS_PSA_BUILTIN_ALG_HMAC) - if( PSA_ALG_IS_HMAC( operation->alg ) ) - { - /* We'll set up the hash operation later in psa_hmac_setup_internal. */ - operation->ctx.hmac.alg = 0; - status = PSA_SUCCESS; - } - else -#endif /* MBEDTLS_PSA_BUILTIN_ALG_HMAC */ - { - if( ! PSA_ALG_IS_MAC( alg ) ) - status = PSA_ERROR_INVALID_ARGUMENT; - } - - if( status != PSA_SUCCESS ) - memset( operation, 0, sizeof( *operation ) ); return( status ); } -psa_status_t psa_mac_abort( psa_mac_operation_t *psa_operation ) -{ - /* Temporary recast to avoid changing a lot of lines */ - mbedtls_psa_mac_operation_t* operation = &psa_operation->ctx.mbedtls_ctx; - - if( operation->alg == 0 ) - { - /* The object has (apparently) been initialized but it is not - * in use. It's ok to call abort on such an object, and there's - * nothing to do. */ - return( PSA_SUCCESS ); - } - else -#if defined(MBEDTLS_PSA_BUILTIN_ALG_CMAC) - if( operation->alg == PSA_ALG_CMAC ) - { - mbedtls_cipher_free( &operation->ctx.cmac ); - } - else -#endif /* MBEDTLS_PSA_BUILTIN_ALG_CMAC */ -#if defined(MBEDTLS_PSA_BUILTIN_ALG_HMAC) - if( PSA_ALG_IS_HMAC( operation->alg ) ) - { - psa_hmac_abort_internal( &operation->ctx.hmac ); - } - else -#endif /* MBEDTLS_PSA_BUILTIN_ALG_HMAC */ - { - /* Sanity check (shouldn't happen: operation->alg should - * always have been initialized to a valid value). */ - goto bad_state; - } - - operation->alg = 0; - operation->key_set = 0; - operation->iv_set = 0; - operation->iv_required = 0; - operation->has_input = 0; - operation->is_sign = 0; - - return( PSA_SUCCESS ); - -bad_state: - /* If abort is called on an uninitialized object, we can't trust - * anything. Wipe the object in case it contains confidential data. - * This may result in a memory leak if a pointer gets overwritten, - * but it's too late to do anything about this. */ - memset( operation, 0, sizeof( *operation ) ); - return( PSA_ERROR_BAD_STATE ); -} - -#if defined(MBEDTLS_PSA_BUILTIN_ALG_CMAC) -static psa_status_t psa_cmac_setup( mbedtls_psa_mac_operation_t *operation, - psa_key_slot_t *slot ) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - const mbedtls_cipher_info_t *cipher_info = - mbedtls_cipher_info_from_psa( PSA_ALG_CMAC, - slot->attr.type, slot->attr.bits, - NULL ); - if( cipher_info == NULL ) - return( PSA_ERROR_NOT_SUPPORTED ); - - ret = mbedtls_cipher_setup( &operation->ctx.cmac, cipher_info ); - if( ret != 0 ) - goto exit; - - ret = mbedtls_cipher_cmac_starts( &operation->ctx.cmac, - slot->key.data, - slot->attr.bits ); -exit: - return( mbedtls_to_psa_error( ret ) ); -} -#endif /* MBEDTLS_PSA_BUILTIN_ALG_CMAC */ - -static psa_status_t psa_mac_setup( psa_mac_operation_t *psa_operation, +static psa_status_t psa_mac_setup( psa_mac_operation_t *operation, mbedtls_svc_key_id_t key, psa_algorithm_t alg, int is_sign ) @@ -2374,38 +2269,32 @@ static psa_status_t psa_mac_setup( psa_mac_operation_t *psa_operation, psa_key_slot_t *slot; psa_key_usage_t usage = is_sign ? PSA_KEY_USAGE_SIGN_HASH : PSA_KEY_USAGE_VERIFY_HASH; - - /* Temporary recast to avoid changing a lot of lines */ - mbedtls_psa_mac_operation_t* operation = &psa_operation->ctx.mbedtls_ctx; + size_t mac_size = 0; /* A context must be freshly initialized before it can be set up. */ - if( operation->alg != 0 ) - { + if( operation->id != 0 ) return( PSA_ERROR_BAD_STATE ); - } - status = psa_mac_init( operation, alg ); - if( status != PSA_SUCCESS ) - return( status ); - if( is_sign ) - operation->is_sign = 1; - - status = psa_get_and_lock_transparent_key_slot_with_policy( + status = psa_get_and_lock_key_slot_with_policy( key, &slot, usage, alg ); if( status != PSA_SUCCESS ) goto exit; + psa_key_attributes_t attributes = { + .core = slot->attr + }; + /* Validate the combination of key type and algorithm */ - status = psa_mac_key_can_do( alg, slot->attr.type ); + status = psa_mac_key_can_do( alg, psa_get_key_type( &attributes ) ); if( status != PSA_SUCCESS ) goto exit; /* Get the output length for the algorithm and key combination. None of the * currently supported algorithms have an output length dependent on actual * key size, so setting it to a bogus value is currently OK. */ - operation->mac_size = PSA_MAC_LENGTH( slot->attr.type, 0, alg ); + mac_size = PSA_MAC_LENGTH( psa_get_key_type( &attributes ), 0, alg ); - if( operation->mac_size < 4 ) + if( mac_size < 4 ) { /* A very short MAC is too short for security since it can be * brute-forced. Ancient protocols with 32-bit MACs do exist, @@ -2415,8 +2304,8 @@ static psa_status_t psa_mac_setup( psa_mac_operation_t *psa_operation, goto exit; } - if( operation->mac_size > - PSA_MAC_LENGTH( slot->attr.type, 0, PSA_ALG_FULL_LENGTH_MAC( alg ) ) ) + if( mac_size > PSA_MAC_LENGTH( psa_get_key_type( &attributes ), 0, + PSA_ALG_FULL_LENGTH_MAC( alg ) ) ) { /* It's impossible to "truncate" to a larger length than the full length * of the algorithm. */ @@ -2424,49 +2313,27 @@ static psa_status_t psa_mac_setup( psa_mac_operation_t *psa_operation, goto exit; } -#if defined(MBEDTLS_PSA_BUILTIN_ALG_CMAC) - if( PSA_ALG_FULL_LENGTH_MAC( alg ) == PSA_ALG_CMAC ) + /* Dispatch the MAC setup call with validated input */ + if( is_sign ) { - status = psa_cmac_setup( operation, slot ); + status = psa_driver_wrapper_mac_sign_setup( operation, + &attributes, + slot->key.data, + slot->key.bytes, + alg ); } else -#endif /* MBEDTLS_PSA_BUILTIN_ALG_CMAC */ -#if defined(MBEDTLS_PSA_BUILTIN_ALG_HMAC) - if( PSA_ALG_IS_HMAC( alg ) ) { - /* Sanity check. This shouldn't fail on a valid configuration. */ - if( operation->mac_size > sizeof( operation->ctx.hmac.opad ) ) - { - status = PSA_ERROR_NOT_SUPPORTED; - goto exit; - } - - if( slot->attr.type != PSA_KEY_TYPE_HMAC ) - { - status = PSA_ERROR_INVALID_ARGUMENT; - goto exit; - } - - status = psa_hmac_setup_internal( &operation->ctx.hmac, - slot->key.data, - slot->key.bytes, - PSA_ALG_HMAC_GET_HASH( alg ) ); - } - else -#endif /* MBEDTLS_PSA_BUILTIN_ALG_HMAC */ - { - status = PSA_ERROR_NOT_SUPPORTED; + status = psa_driver_wrapper_mac_verify_setup( operation, + &attributes, + slot->key.data, + slot->key.bytes, + alg ); } exit: if( status != PSA_SUCCESS ) - { - psa_mac_abort( psa_operation ); - } - else - { - operation->key_set = 1; - } + psa_mac_abort( operation ); unlock_status = psa_unlock_key_slot( slot ); diff --git a/library/psa_crypto_driver_wrappers.c b/library/psa_crypto_driver_wrappers.c index 32ea7f535d..5d78aede29 100644 --- a/library/psa_crypto_driver_wrappers.c +++ b/library/psa_crypto_driver_wrappers.c @@ -1610,33 +1610,25 @@ psa_status_t psa_driver_wrapper_mac_verify_finish( psa_status_t psa_driver_wrapper_mac_abort( psa_mac_operation_t *operation ) { - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; switch( operation->id ) { #if defined(MBEDTLS_PSA_BUILTIN_MAC) case PSA_CRYPTO_MBED_TLS_DRIVER_ID: - status = mbedtls_psa_mac_abort( &operation->ctx.mbedtls_ctx ); - break; + return( mbedtls_psa_mac_abort( &operation->ctx.mbedtls_ctx ) ); #endif /* MBEDTLS_PSA_BUILTIN_MAC */ #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) #if defined(PSA_CRYPTO_DRIVER_TEST) case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID: - status = mbedtls_transparent_test_driver_mac_abort( - &operation->ctx.transparent_test_driver_ctx ); - break; + return( mbedtls_transparent_test_driver_mac_abort( + &operation->ctx.transparent_test_driver_ctx ) ); case PSA_CRYPTO_OPAQUE_TEST_DRIVER_ID: - status = mbedtls_opaque_test_driver_mac_abort( - &operation->ctx.opaque_test_driver_ctx ); - break; + return( mbedtls_opaque_test_driver_mac_abort( + &operation->ctx.opaque_test_driver_ctx ) ); #endif /* PSA_CRYPTO_DRIVER_TEST */ #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ default: - status = PSA_ERROR_INVALID_ARGUMENT; - break; + return( PSA_ERROR_INVALID_ARGUMENT ); } - - operation->id = 0; - return( status ); } /* End of automatically generated file. */ diff --git a/library/psa_crypto_mac.c b/library/psa_crypto_mac.c index b09efea596..03618a5831 100644 --- a/library/psa_crypto_mac.c +++ b/library/psa_crypto_mac.c @@ -181,6 +181,201 @@ exit: /* Implement the PSA driver MAC interface on top of mbed TLS if either the * software driver or the test driver requires it. */ #if defined(MBEDTLS_PSA_BUILTIN_MAC) || defined(PSA_CRYPTO_DRIVER_TEST) + +#if defined(BUILTIN_ALG_CMAC) +static psa_status_t cmac_setup( mbedtls_psa_mac_operation_t *operation, + const psa_key_attributes_t *attributes, + const uint8_t *key_buffer, + size_t key_buffer_size ) +{ + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + const mbedtls_cipher_info_t * cipher_info_tmp = + mbedtls_cipher_info_from_psa( + PSA_ALG_CMAC, + psa_get_key_type( attributes ), + psa_get_key_bits( attributes ), + NULL ); + + if( cipher_info_tmp == NULL ) + return( PSA_ERROR_NOT_SUPPORTED ); + + if( key_buffer_size < PSA_BITS_TO_BYTES( psa_get_key_bits( attributes ) ) ) + return( PSA_ERROR_INVALID_ARGUMENT ); + + ret = mbedtls_cipher_setup( &operation->ctx.cmac, cipher_info_tmp ); + if( ret != 0 ) + goto exit; + + ret = mbedtls_cipher_cmac_starts( &operation->ctx.cmac, + key_buffer, + psa_get_key_bits( attributes ) ); +exit: + return( mbedtls_to_psa_error( ret ) ); +} +#endif /* BUILTIN_ALG_CMAC */ + +/* Initialize this driver's MAC operation structure. Once this function has been + * called, mbedtls_psa_mac_abort can run and will do the right thing. */ +static psa_status_t mac_init( + mbedtls_psa_mac_operation_t *operation, + psa_algorithm_t alg ) +{ + psa_status_t status = PSA_ERROR_NOT_SUPPORTED; + + operation->alg = PSA_ALG_FULL_LENGTH_MAC( alg ); + operation->key_set = 0; + operation->iv_set = 0; + operation->iv_required = 0; + operation->has_input = 0; + operation->is_sign = 0; + +#if defined(BUILTIN_ALG_CMAC) + if( operation->alg == PSA_ALG_CMAC ) + { + operation->iv_required = 0; + mbedtls_cipher_init( &operation->ctx.cmac ); + status = PSA_SUCCESS; + } + else +#endif /* BUILTIN_ALG_CMAC */ +#if defined(BUILTIN_ALG_HMAC) + if( PSA_ALG_IS_HMAC( operation->alg ) ) + { + /* We'll set up the hash operation later in psa_hmac_setup_internal. */ + operation->ctx.hmac.alg = 0; + status = PSA_SUCCESS; + } + else +#endif /* BUILTIN_ALG_HMAC */ + { + if( ! PSA_ALG_IS_MAC( alg ) ) + status = PSA_ERROR_INVALID_ARGUMENT; + } + + if( status != PSA_SUCCESS ) + memset( operation, 0, sizeof( *operation ) ); + return( status ); +} + +static psa_status_t mac_abort( mbedtls_psa_mac_operation_t *operation ) +{ + if( operation->alg == 0 ) + { + /* The object has (apparently) been initialized but it is not + * in use. It's ok to call abort on such an object, and there's + * nothing to do. */ + return( PSA_SUCCESS ); + } + else +#if defined(BUILTIN_ALG_CMAC) + if( operation->alg == PSA_ALG_CMAC ) + { + mbedtls_cipher_free( &operation->ctx.cmac ); + } + else +#endif /* BUILTIN_ALG_CMAC */ +#if defined(BUILTIN_ALG_HMAC) + if( PSA_ALG_IS_HMAC( operation->alg ) ) + { + psa_hmac_abort_internal( &operation->ctx.hmac ); + } + else +#endif /* BUILTIN_ALG_HMAC */ + { + /* Sanity check (shouldn't happen: operation->alg should + * always have been initialized to a valid value). */ + goto bad_state; + } + + operation->alg = 0; + operation->key_set = 0; + operation->iv_set = 0; + operation->iv_required = 0; + operation->has_input = 0; + operation->is_sign = 0; + + return( PSA_SUCCESS ); + +bad_state: + /* If abort is called on an uninitialized object, we can't trust + * anything. Wipe the object in case it contains confidential data. + * This may result in a memory leak if a pointer gets overwritten, + * but it's too late to do anything about this. */ + memset( operation, 0, sizeof( *operation ) ); + return( PSA_ERROR_BAD_STATE ); +} + +static psa_status_t mac_setup( mbedtls_psa_mac_operation_t *operation, + const psa_key_attributes_t *attributes, + const uint8_t *key_buffer, + size_t key_buffer_size, + psa_algorithm_t alg, + int is_sign ) +{ + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + + /* A context must be freshly initialized before it can be set up. */ + if( operation->alg != 0 ) + { + return( PSA_ERROR_BAD_STATE ); + } + + status = mac_init( operation, alg ); + if( status != PSA_SUCCESS ) + return( status ); + if( is_sign ) + operation->is_sign = 1; + + /* Get the output length for the algorithm and key combination. None of the + * currently supported algorithms have an output length dependent on actual + * key size, so setting it to a bogus value is currently OK. */ + operation->mac_size = + PSA_MAC_LENGTH( psa_get_key_type( attributes ), 0, alg ); + +#if defined(BUILTIN_ALG_CMAC) + if( PSA_ALG_FULL_LENGTH_MAC( alg ) == PSA_ALG_CMAC ) + { + status = cmac_setup( operation, attributes, + key_buffer, key_buffer_size ); + } + else +#endif /* BUILTIN_ALG_CMAC */ +#if defined(BUILTIN_ALG_HMAC) + if( PSA_ALG_IS_HMAC( alg ) ) + { + /* Sanity check. This shouldn't fail on a valid configuration. */ + if( operation->mac_size > sizeof( operation->ctx.hmac.opad ) ) + { + status = PSA_ERROR_NOT_SUPPORTED; + goto exit; + } + + if( psa_get_key_type( attributes ) != PSA_KEY_TYPE_HMAC ) + { + status = PSA_ERROR_INVALID_ARGUMENT; + goto exit; + } + + status = psa_hmac_setup_internal( &operation->ctx.hmac, + key_buffer, + key_buffer_size, + PSA_ALG_HMAC_GET_HASH( alg ) ); + } + else +#endif /* BUILTIN_ALG_HMAC */ + { + status = PSA_ERROR_NOT_SUPPORTED; + } + +exit: + if( status == PSA_SUCCESS ) + operation->key_set = 1; + else + mac_abort( operation ); + + return( status ); +} + static psa_status_t mac_compute( const psa_key_attributes_t *attributes, const uint8_t *key_buffer, @@ -212,13 +407,8 @@ static psa_status_t mac_sign_setup( size_t key_buffer_size, psa_algorithm_t alg ) { - /* To be fleshed out in a subsequent commit */ - (void) operation; - (void) attributes; - (void) key_buffer; - (void) key_buffer_size; - (void) alg; - return( PSA_ERROR_NOT_SUPPORTED ); + return( mac_setup( operation, attributes, key_buffer, key_buffer_size, alg, + 1 ) ); } static psa_status_t mac_verify_setup( @@ -228,13 +418,8 @@ static psa_status_t mac_verify_setup( size_t key_buffer_size, psa_algorithm_t alg ) { - /* To be fleshed out in a subsequent commit */ - (void) operation; - (void) attributes; - (void) key_buffer; - (void) key_buffer_size; - (void) alg; - return( PSA_ERROR_NOT_SUPPORTED ); + return( mac_setup( operation, attributes, key_buffer, key_buffer_size, alg, + 0 ) ); } static psa_status_t mac_update( @@ -274,14 +459,6 @@ static psa_status_t mac_verify_finish( (void) mac_length; return( PSA_ERROR_NOT_SUPPORTED ); } - -static psa_status_t mac_abort( - mbedtls_psa_mac_operation_t *operation ) -{ - /* To be fleshed out in a subsequent commit */ - (void) operation; - return( PSA_ERROR_NOT_SUPPORTED ); -} #endif /* MBEDTLS_PSA_BUILTIN_MAC || PSA_CRYPTO_DRIVER_TEST */ #if defined(MBEDTLS_PSA_BUILTIN_MAC) From 6e7f291bb503394616d46746bc0de89d9c627764 Mon Sep 17 00:00:00 2001 From: Steven Cooreman Date: Fri, 19 Mar 2021 18:38:46 +0100 Subject: [PATCH 055/188] Migrate MAC update call into the software driver Step 2/x in moving the driver. Separate commits should make for easier review. Additional changes on top of code movement: * Early-return success on input with zero-length to mac_update, to avoid NULL pointers getting passed into the driver dispatch Signed-off-by: Steven Cooreman --- library/psa_crypto.c | 42 ++++++++++------------------------------ library/psa_crypto_mac.c | 33 ++++++++++++++++++++++++++----- 2 files changed, 38 insertions(+), 37 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 19503f681b..7d7d05317c 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -2354,45 +2354,23 @@ psa_status_t psa_mac_verify_setup( psa_mac_operation_t *operation, return( psa_mac_setup( operation, key, alg, 0 ) ); } -psa_status_t psa_mac_update( psa_mac_operation_t *psa_operation, +psa_status_t psa_mac_update( psa_mac_operation_t *operation, const uint8_t *input, size_t input_length ) { - /* Temporary recast to avoid changing a lot of lines */ - mbedtls_psa_mac_operation_t* operation = &psa_operation->ctx.mbedtls_ctx; - - psa_status_t status = PSA_ERROR_BAD_STATE; - if( ! operation->key_set ) + if( operation->id == 0 ) return( PSA_ERROR_BAD_STATE ); - if( operation->iv_required && ! operation->iv_set ) - return( PSA_ERROR_BAD_STATE ); - operation->has_input = 1; -#if defined(MBEDTLS_PSA_BUILTIN_ALG_CMAC) - if( operation->alg == PSA_ALG_CMAC ) - { - int ret = mbedtls_cipher_cmac_update( &operation->ctx.cmac, - input, input_length ); - status = mbedtls_to_psa_error( ret ); - } - else -#endif /* MBEDTLS_PSA_BUILTIN_ALG_CMAC */ -#if defined(MBEDTLS_PSA_BUILTIN_ALG_HMAC) - if( PSA_ALG_IS_HMAC( operation->alg ) ) - { - status = psa_hash_update( &operation->ctx.hmac.hash_ctx, input, - input_length ); - } - else -#endif /* MBEDTLS_PSA_BUILTIN_ALG_HMAC */ - { - /* This shouldn't happen if `operation` was initialized by - * a setup function. */ - return( PSA_ERROR_BAD_STATE ); - } + /* Don't require hash implementations to behave correctly on a + * zero-length input, which may have an invalid pointer. */ + if( input_length == 0 ) + return( PSA_SUCCESS ); + psa_status_t status = psa_driver_wrapper_mac_update( operation, + input, input_length ); if( status != PSA_SUCCESS ) - psa_mac_abort( psa_operation ); + psa_mac_abort( operation ); + return( status ); } diff --git a/library/psa_crypto_mac.c b/library/psa_crypto_mac.c index 03618a5831..252afca1f1 100644 --- a/library/psa_crypto_mac.c +++ b/library/psa_crypto_mac.c @@ -427,11 +427,34 @@ static psa_status_t mac_update( const uint8_t *input, size_t input_length ) { - /* To be fleshed out in a subsequent commit */ - (void) operation; - (void) input; - (void) input_length; - return( PSA_ERROR_NOT_SUPPORTED ); + if( ! operation->key_set ) + return( PSA_ERROR_BAD_STATE ); + if( operation->iv_required && ! operation->iv_set ) + return( PSA_ERROR_BAD_STATE ); + operation->has_input = 1; + +#if defined(BUILTIN_ALG_CMAC) + if( operation->alg == PSA_ALG_CMAC ) + { + return( mbedtls_to_psa_error( + mbedtls_cipher_cmac_update( &operation->ctx.cmac, + input, input_length ) ) ); + } + else +#endif /* BUILTIN_ALG_CMAC */ +#if defined(BUILTIN_ALG_HMAC) + if( PSA_ALG_IS_HMAC( operation->alg ) ) + { + return( psa_hash_update( &operation->ctx.hmac.hash_ctx, input, + input_length ) ); + } + else +#endif /* BUILTIN_ALG_HMAC */ + { + /* This shouldn't happen if `operation` was initialized by + * a setup function. */ + return( PSA_ERROR_BAD_STATE ); + } } static psa_status_t mac_sign_finish( From a5b860a5f85dc24004755632bcb0c997aafc312d Mon Sep 17 00:00:00 2001 From: Steven Cooreman Date: Fri, 19 Mar 2021 19:04:39 +0100 Subject: [PATCH 056/188] Migrate MAC finish calls into the software driver Step 3/x in moving the driver. Separate commits should make for easier review. Additional changes on top of code movement: * Copied the implementation of safer_memcmp from psa_crypto into psa_cipher_mac since the mac_verify driver implementation depends on it, and it isn't available through external linkage Signed-off-by: Steven Cooreman --- library/psa_crypto.c | 117 +++++++-------------------------------- library/psa_crypto_mac.c | 102 ++++++++++++++++++++++++++++++---- 2 files changed, 110 insertions(+), 109 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 7d7d05317c..3ca8c9d8f6 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -2374,59 +2374,16 @@ psa_status_t psa_mac_update( psa_mac_operation_t *operation, return( status ); } -static psa_status_t psa_mac_finish_internal( mbedtls_psa_mac_operation_t *operation, - uint8_t *mac, - size_t mac_size ) -{ - if( ! operation->key_set ) - return( PSA_ERROR_BAD_STATE ); - if( operation->iv_required && ! operation->iv_set ) - return( PSA_ERROR_BAD_STATE ); - - if( mac_size < operation->mac_size ) - return( PSA_ERROR_BUFFER_TOO_SMALL ); - -#if defined(MBEDTLS_PSA_BUILTIN_ALG_CMAC) - if( operation->alg == PSA_ALG_CMAC ) - { - uint8_t tmp[PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE]; - int ret = mbedtls_cipher_cmac_finish( &operation->ctx.cmac, tmp ); - if( ret == 0 ) - memcpy( mac, tmp, operation->mac_size ); - mbedtls_platform_zeroize( tmp, sizeof( tmp ) ); - return( mbedtls_to_psa_error( ret ) ); - } - else -#endif /* MBEDTLS_PSA_BUILTIN_ALG_CMAC */ -#if defined(MBEDTLS_PSA_BUILTIN_ALG_HMAC) - if( PSA_ALG_IS_HMAC( operation->alg ) ) - { - return( psa_hmac_finish_internal( &operation->ctx.hmac, - mac, operation->mac_size ) ); - } - else -#endif /* MBEDTLS_PSA_BUILTIN_ALG_HMAC */ - { - /* This shouldn't happen if `operation` was initialized by - * a setup function. */ - return( PSA_ERROR_BAD_STATE ); - } -} - -psa_status_t psa_mac_sign_finish( psa_mac_operation_t *psa_operation, +psa_status_t psa_mac_sign_finish( psa_mac_operation_t *operation, uint8_t *mac, size_t mac_size, size_t *mac_length ) { - /* Temporary recast to avoid changing a lot of lines */ - mbedtls_psa_mac_operation_t* operation = &psa_operation->ctx.mbedtls_ctx; + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + psa_status_t abort_status = PSA_ERROR_CORRUPTION_DETECTED; - psa_status_t status; - - if( operation->alg == 0 ) - { + if( operation->id == 0 ) return( PSA_ERROR_BAD_STATE ); - } /* Fill the output buffer with something that isn't a valid mac * (barring an attack on the mac and deliberately-crafted input), @@ -2437,68 +2394,32 @@ psa_status_t psa_mac_sign_finish( psa_mac_operation_t *psa_operation, if( mac_size != 0 ) memset( mac, '!', mac_size ); - if( ! operation->is_sign ) - { - return( PSA_ERROR_BAD_STATE ); - } + status = psa_driver_wrapper_mac_sign_finish( operation, + mac, mac_size, mac_length ); - status = psa_mac_finish_internal( operation, mac, mac_size ); + abort_status = psa_mac_abort( operation ); - if( status == PSA_SUCCESS ) - { - status = psa_mac_abort( psa_operation ); - if( status == PSA_SUCCESS ) - *mac_length = operation->mac_size; - else - memset( mac, '!', mac_size ); - } - else - psa_mac_abort( psa_operation ); - return( status ); + if( status != PSA_SUCCESS && mac_size > 0 ) + memset( mac, '!', mac_size ); + + return( status == PSA_SUCCESS ? abort_status : status ); } -psa_status_t psa_mac_verify_finish( psa_mac_operation_t *psa_operation, +psa_status_t psa_mac_verify_finish( psa_mac_operation_t *operation, const uint8_t *mac, size_t mac_length ) { - /* Temporary recast to avoid changing a lot of lines */ - mbedtls_psa_mac_operation_t* operation = &psa_operation->ctx.mbedtls_ctx; + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + psa_status_t abort_status = PSA_ERROR_CORRUPTION_DETECTED; - uint8_t actual_mac[PSA_MAC_MAX_SIZE]; - psa_status_t status; - - if( operation->alg == 0 ) - { + if( operation->id == 0 ) return( PSA_ERROR_BAD_STATE ); - } - if( operation->is_sign ) - { - return( PSA_ERROR_BAD_STATE ); - } - if( operation->mac_size != mac_length ) - { - status = PSA_ERROR_INVALID_SIGNATURE; - goto cleanup; - } + status = psa_driver_wrapper_mac_verify_finish( operation, + mac, mac_length ); + abort_status = psa_mac_abort( operation ); - status = psa_mac_finish_internal( operation, - actual_mac, sizeof( actual_mac ) ); - if( status != PSA_SUCCESS ) - goto cleanup; - - if( safer_memcmp( mac, actual_mac, mac_length ) != 0 ) - status = PSA_ERROR_INVALID_SIGNATURE; - -cleanup: - if( status == PSA_SUCCESS ) - status = psa_mac_abort( psa_operation ); - else - psa_mac_abort( psa_operation ); - - mbedtls_platform_zeroize( actual_mac, sizeof( actual_mac ) ); - - return( status ); + return( status == PSA_SUCCESS ? abort_status : status ); } diff --git a/library/psa_crypto_mac.c b/library/psa_crypto_mac.c index 252afca1f1..72386d873e 100644 --- a/library/psa_crypto_mac.c +++ b/library/psa_crypto_mac.c @@ -457,18 +457,77 @@ static psa_status_t mac_update( } } +static psa_status_t mac_finish_internal( mbedtls_psa_mac_operation_t *operation, + uint8_t *mac, + size_t mac_size ) +{ + if( ! operation->key_set ) + return( PSA_ERROR_BAD_STATE ); + if( operation->iv_required && ! operation->iv_set ) + return( PSA_ERROR_BAD_STATE ); + + if( mac_size < operation->mac_size ) + return( PSA_ERROR_BUFFER_TOO_SMALL ); + +#if defined(BUILTIN_ALG_CMAC) + if( operation->alg == PSA_ALG_CMAC ) + { + uint8_t tmp[PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE]; + int ret = mbedtls_cipher_cmac_finish( &operation->ctx.cmac, tmp ); + if( ret == 0 ) + memcpy( mac, tmp, operation->mac_size ); + mbedtls_platform_zeroize( tmp, sizeof( tmp ) ); + return( mbedtls_to_psa_error( ret ) ); + } + else +#endif /* BUILTIN_ALG_CMAC */ +#if defined(BUILTIN_ALG_HMAC) + if( PSA_ALG_IS_HMAC( operation->alg ) ) + { + return( psa_hmac_finish_internal( &operation->ctx.hmac, + mac, operation->mac_size ) ); + } + else +#endif /* BUILTIN_ALG_HMAC */ + { + /* This shouldn't happen if `operation` was initialized by + * a setup function. */ + return( PSA_ERROR_BAD_STATE ); + } +} + static psa_status_t mac_sign_finish( mbedtls_psa_mac_operation_t *operation, uint8_t *mac, size_t mac_size, size_t *mac_length ) { - /* To be fleshed out in a subsequent commit */ - (void) operation; - (void) mac; - (void) mac_size; - (void) mac_length; - return( PSA_ERROR_NOT_SUPPORTED ); + psa_status_t status; + + if( operation->alg == 0 ) + return( PSA_ERROR_BAD_STATE ); + + if( ! operation->is_sign ) + return( PSA_ERROR_BAD_STATE ); + + status = mac_finish_internal( operation, mac, mac_size ); + + if( status == PSA_SUCCESS ) + *mac_length = operation->mac_size; + + return( status ); +} + +/* constant-time buffer comparison */ +static inline int safer_memcmp( const uint8_t *a, const uint8_t *b, size_t n ) +{ + size_t i; + unsigned char diff = 0; + + for( i = 0; i < n; i++ ) + diff |= a[i] ^ b[i]; + + return( diff ); } static psa_status_t mac_verify_finish( @@ -476,11 +535,32 @@ static psa_status_t mac_verify_finish( const uint8_t *mac, size_t mac_length ) { - /* To be fleshed out in a subsequent commit */ - (void) operation; - (void) mac; - (void) mac_length; - return( PSA_ERROR_NOT_SUPPORTED ); + uint8_t actual_mac[PSA_MAC_MAX_SIZE]; + psa_status_t status; + + if( operation->alg == 0 ) + return( PSA_ERROR_BAD_STATE ); + + if( operation->is_sign ) + return( PSA_ERROR_BAD_STATE ); + + if( operation->mac_size != mac_length ) + { + status = PSA_ERROR_INVALID_SIGNATURE; + goto cleanup; + } + + status = mac_finish_internal( operation, actual_mac, sizeof( actual_mac ) ); + if( status != PSA_SUCCESS ) + goto cleanup; + + if( safer_memcmp( mac, actual_mac, mac_length ) != 0 ) + status = PSA_ERROR_INVALID_SIGNATURE; + +cleanup: + mbedtls_platform_zeroize( actual_mac, sizeof( actual_mac ) ); + + return( status ); } #endif /* MBEDTLS_PSA_BUILTIN_MAC || PSA_CRYPTO_DRIVER_TEST */ From 7515e7535d0bb25bb08398460ea031dfaf26e638 Mon Sep 17 00:00:00 2001 From: Steven Cooreman Date: Fri, 19 Mar 2021 19:36:38 +0100 Subject: [PATCH 057/188] Add CMAC and HMAC driver testing to all.sh Signed-off-by: Steven Cooreman --- tests/scripts/all.sh | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index b3f1415315..f6b1a430cc 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -1437,6 +1437,8 @@ component_test_psa_crypto_config_basic() { loc_cflags="${loc_cflags} -DMBEDTLS_PSA_ACCEL_ALG_SHA_384" loc_cflags="${loc_cflags} -DMBEDTLS_PSA_ACCEL_ALG_SHA_512" loc_cflags="${loc_cflags} -DMBEDTLS_PSA_ACCEL_ALG_XTS" + loc_cflags="${loc_cflags} -DMBEDTLS_PSA_ACCEL_ALG_CMAC" + loc_cflags="${loc_cflags} -DMBEDTLS_PSA_ACCEL_ALG_HMAC" loc_cflags="${loc_cflags} -I../tests/include -O2" make CC=gcc CFLAGS="$loc_cflags" LDFLAGS="$ASAN_CFLAGS" @@ -2233,6 +2235,8 @@ component_test_psa_crypto_drivers () { loc_cflags="${loc_cflags} -DMBEDTLS_PSA_ACCEL_ALG_SHA_384" loc_cflags="${loc_cflags} -DMBEDTLS_PSA_ACCEL_ALG_SHA_512" loc_cflags="${loc_cflags} -DMBEDTLS_PSA_ACCEL_ALG_XTS" + loc_cflags="${loc_cflags} -DMBEDTLS_PSA_ACCEL_ALG_CMAC" + loc_cflags="${loc_cflags} -DMBEDTLS_PSA_ACCEL_ALG_HMAC" loc_cflags="${loc_cflags} -I../tests/include -O2" make CC=gcc CFLAGS="${loc_cflags}" LDFLAGS="$ASAN_CFLAGS" From 4fdf060a81e230871af95499402ba3946faeb403 Mon Sep 17 00:00:00 2001 From: Steven Cooreman Date: Mon, 22 Mar 2021 12:21:10 +0100 Subject: [PATCH 058/188] Complete, document and fully use internal HMAC API Since HMAC moved into its own compilation unit, the internal API needed to be documented and finalized. This means no more reaching deep into the operation structure from within the PSA Crypto core. This will make future refactoring work easier, since internal HMAC is now opaque to the core. Signed-off-by: Steven Cooreman --- include/psa/crypto_builtin_composites.h | 2 + library/psa_crypto.c | 56 +++++++++--------- library/psa_crypto_mac.c | 23 ++++++++ library/psa_crypto_mac.h | 78 +++++++++++++++++++++++++ 4 files changed, 132 insertions(+), 27 deletions(-) diff --git a/include/psa/crypto_builtin_composites.h b/include/psa/crypto_builtin_composites.h index fd7f6f91a9..2fb0633ab4 100644 --- a/include/psa/crypto_builtin_composites.h +++ b/include/psa/crypto_builtin_composites.h @@ -53,6 +53,8 @@ typedef struct /** The HMAC part of the context. */ uint8_t opad[PSA_HMAC_MAX_HASH_BLOCK_SIZE]; } psa_hmac_internal_data; + +#define MBEDTLS_PSA_HMAC_OPERATION_INIT {0, {0}, {0}} #endif /* PSA_WANT_ALG_HMAC */ #include "mbedtls/cmac.h" diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 3ca8c9d8f6..0ef73dff7a 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -3331,19 +3331,19 @@ static psa_status_t psa_key_derivation_hkdf_read( psa_hkdf_key_derivation_t *hkd return( status ); if( hkdf->block_number != 1 ) { - status = psa_hash_update( &hkdf->hmac.hash_ctx, - hkdf->output_block, - hash_length ); + status = psa_hmac_update_internal( &hkdf->hmac, + hkdf->output_block, + hash_length ); if( status != PSA_SUCCESS ) return( status ); } - status = psa_hash_update( &hkdf->hmac.hash_ctx, - hkdf->info, - hkdf->info_length ); + status = psa_hmac_update_internal( &hkdf->hmac, + hkdf->info, + hkdf->info_length ); if( status != PSA_SUCCESS ) return( status ); - status = psa_hash_update( &hkdf->hmac.hash_ctx, - &hkdf->block_number, 1 ); + status = psa_hmac_update_internal( &hkdf->hmac, + &hkdf->block_number, 1 ); if( status != PSA_SUCCESS ) return( status ); status = psa_hmac_finish_internal( &hkdf->hmac, @@ -3365,7 +3365,7 @@ static psa_status_t psa_key_derivation_tls12_prf_generate_next_block( { psa_algorithm_t hash_alg = PSA_ALG_HKDF_GET_HASH( alg ); uint8_t hash_length = PSA_HASH_LENGTH( hash_alg ); - psa_hash_operation_t backup = PSA_HASH_OPERATION_INIT; + psa_hmac_internal_data backup = MBEDTLS_PSA_HMAC_OPERATION_INIT; psa_status_t status, cleanup_status; /* We can't be wanting more output after block 0xff, otherwise @@ -3400,7 +3400,7 @@ static psa_status_t psa_key_derivation_tls12_prf_generate_next_block( /* Save the hash context before using it, to preserve the hash state with * only the inner padding in it. We need this, because inner padding depends * on the key (secret in the RFC's terminology). */ - status = psa_hash_clone( &tls12_prf->hmac.hash_ctx, &backup ); + status = psa_hmac_clone_internal( &tls12_prf->hmac, &backup ); if( status != PSA_SUCCESS ) goto cleanup; @@ -3410,20 +3410,22 @@ static psa_status_t psa_key_derivation_tls12_prf_generate_next_block( /* A(1) = HMAC_hash(secret, A(0)), where A(0) = seed. (The RFC overloads * the variable seed and in this instance means it in the context of the * P_hash function, where seed = label + seed.) */ - status = psa_hash_update( &tls12_prf->hmac.hash_ctx, - tls12_prf->label, tls12_prf->label_length ); + status = psa_hmac_update_internal( &tls12_prf->hmac, + tls12_prf->label, + tls12_prf->label_length ); if( status != PSA_SUCCESS ) goto cleanup; - status = psa_hash_update( &tls12_prf->hmac.hash_ctx, - tls12_prf->seed, tls12_prf->seed_length ); + status = psa_hmac_update_internal( &tls12_prf->hmac, + tls12_prf->seed, + tls12_prf->seed_length ); if( status != PSA_SUCCESS ) goto cleanup; } else { /* A(i) = HMAC_hash(secret, A(i-1)) */ - status = psa_hash_update( &tls12_prf->hmac.hash_ctx, - tls12_prf->Ai, hash_length ); + status = psa_hmac_update_internal( &tls12_prf->hmac, + tls12_prf->Ai, hash_length ); if( status != PSA_SUCCESS ) goto cleanup; } @@ -3432,35 +3434,35 @@ static psa_status_t psa_key_derivation_tls12_prf_generate_next_block( tls12_prf->Ai, hash_length ); if( status != PSA_SUCCESS ) goto cleanup; - status = psa_hash_clone( &backup, &tls12_prf->hmac.hash_ctx ); + status = psa_hmac_clone_internal( &backup, &tls12_prf->hmac ); if( status != PSA_SUCCESS ) goto cleanup; /* Calculate HMAC_hash(secret, A(i) + label + seed). */ - status = psa_hash_update( &tls12_prf->hmac.hash_ctx, - tls12_prf->Ai, hash_length ); + status = psa_hmac_update_internal( &tls12_prf->hmac, + tls12_prf->Ai, hash_length ); if( status != PSA_SUCCESS ) goto cleanup; - status = psa_hash_update( &tls12_prf->hmac.hash_ctx, - tls12_prf->label, tls12_prf->label_length ); + status = psa_hmac_update_internal( &tls12_prf->hmac, + tls12_prf->label, tls12_prf->label_length ); if( status != PSA_SUCCESS ) goto cleanup; - status = psa_hash_update( &tls12_prf->hmac.hash_ctx, - tls12_prf->seed, tls12_prf->seed_length ); + status = psa_hmac_update_internal( &tls12_prf->hmac, + tls12_prf->seed, tls12_prf->seed_length ); if( status != PSA_SUCCESS ) goto cleanup; status = psa_hmac_finish_internal( &tls12_prf->hmac, tls12_prf->output_block, hash_length ); if( status != PSA_SUCCESS ) goto cleanup; - status = psa_hash_clone( &backup, &tls12_prf->hmac.hash_ctx ); + status = psa_hmac_clone_internal( &backup, &tls12_prf->hmac ); if( status != PSA_SUCCESS ) goto cleanup; cleanup: - cleanup_status = psa_hash_abort( &backup ); + cleanup_status = psa_hmac_abort_internal( &backup ); if( status == PSA_SUCCESS && cleanup_status != PSA_SUCCESS ) status = cleanup_status; @@ -3806,8 +3808,8 @@ static psa_status_t psa_hkdf_input( psa_hkdf_key_derivation_t *hkdf, } if( hkdf->state != HKDF_STATE_STARTED ) return( PSA_ERROR_BAD_STATE ); - status = psa_hash_update( &hkdf->hmac.hash_ctx, - data, data_length ); + status = psa_hmac_update_internal( &hkdf->hmac, + data, data_length ); if( status != PSA_SUCCESS ) return( status ); status = psa_hmac_finish_internal( &hkdf->hmac, diff --git a/library/psa_crypto_mac.c b/library/psa_crypto_mac.c index 72386d873e..5a7bc2c86a 100644 --- a/library/psa_crypto_mac.c +++ b/library/psa_crypto_mac.c @@ -139,6 +139,13 @@ cleanup: return( status ); } +psa_status_t psa_hmac_update_internal( psa_hmac_internal_data *hmac, + const uint8_t *data, + size_t data_length ) +{ + return( psa_hash_update( &hmac->hash_ctx, data, data_length ) ); +} + psa_status_t psa_hmac_finish_internal( psa_hmac_internal_data *hmac, uint8_t *mac, size_t mac_size ) @@ -176,6 +183,22 @@ exit: mbedtls_platform_zeroize( tmp, hash_size ); return( status ); } + +psa_status_t psa_hmac_clone_internal( const psa_hmac_internal_data *source, + psa_hmac_internal_data *destination ) +{ + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + + destination->alg = source->alg; + destination->hash_ctx = psa_hash_operation_init(); + status = psa_hash_clone( &source->hash_ctx, &destination->hash_ctx ); + memcpy( destination->opad, source->opad, sizeof( destination->opad ) ); + + if( status != PSA_SUCCESS ) + memset( destination, 0, sizeof( *destination ) ); + + return( status ); +} #endif /* MBEDTLS_PSA_BUILTIN_ALG_HMAC || PSA_CRYPTO_DRIVER_TEST */ /* Implement the PSA driver MAC interface on top of mbed TLS if either the diff --git a/library/psa_crypto_mac.h b/library/psa_crypto_mac.h index d923511605..6a5629618d 100644 --- a/library/psa_crypto_mac.h +++ b/library/psa_crypto_mac.h @@ -23,15 +23,93 @@ #include +/** Internal API for starting an HMAC operation, using PSA hash primitives. + * + * \note This API is not meant for application use. Applications should always + * use the top-level psa_mac_xxx APIs for doing HMAC operations. + * + * \param[in] hmac Context structure for this HMAC operation. Needs to have + * been zero-initialized prior to calling this function. + * \param[in] key Key to initialize the HMAC operation with. + * \param key_length Length (in bytes) of key \p key. + * \param hash_alg Hash algorithm to use for calculating the HMAC. + * + * \retval #PSA_SUCCESS + * Success. + * \return Any error code reported by psa_hash_compute(), psa_hash_setup() or + * psa_hash_update(). + */ psa_status_t psa_hmac_setup_internal( psa_hmac_internal_data *hmac, const uint8_t *key, size_t key_length, psa_algorithm_t hash_alg ); +/** Internal API for adding data to an HMAC operation, using PSA hash primitives. + * + * \note This API is not meant for application use. Applications should always + * use the top-level psa_mac_xxx APIs for doing HMAC operations. + * + * \param[in] hmac Context structure for this HMAC operation. Needs to have + * been initialized with psa_hmac_setup_internal(). + * \param[in] data Buffer containing the data to add to the current HMAC + * calculation. + * \param data_length Length (in bytes) of the input buffer \p data. + * + * \retval #PSA_SUCCESS + * Success. + * \return Any error code reported by psa_hash_update(). + */ +psa_status_t psa_hmac_update_internal( psa_hmac_internal_data *hmac, + const uint8_t *data, + size_t data_length ); + +/** Internal API for finalizing an HMAC operation, using PSA hash primitives. + * + * \note This API is not meant for application use. Applications should always + * use the top-level psa_mac_xxx APIs for doing HMAC operations. + * + * \param[in] hmac Context structure for this HMAC operation. Needs to have + * been initialized with psa_hmac_setup_internal(). + * \param[out] mac Buffer to output the calculated HMAC into. + * \param mac_size Size (in bytes) of the output buffer \p mac. + * + * \retval #PSA_SUCCESS + * Success. + * \return Any error code reported by psa_hash_setup(), psa_hash_update() or + * psa_hash_finish(). + */ psa_status_t psa_hmac_finish_internal( psa_hmac_internal_data *hmac, uint8_t *mac, size_t mac_size ); +/** Internal API for cloning an HMAC operation, using PSA hash primitives. + * + * \note This API is not meant for application use. Applications should always + * use the top-level psa_mac_xxx APIs for doing HMAC operations. + * + * \param[in] source Context structure to clone from. Needs to have been + * initialized with psa_hmac_setup_internal(). + * \param[out] destination Context structure to clone to. Needs to have been + * zero-initialized. + * + * \retval #PSA_SUCCESS + * Success. + * \return Any error code reported by psa_hash_clone(). + */ +psa_status_t psa_hmac_clone_internal( const psa_hmac_internal_data *source, + psa_hmac_internal_data *destination ); + +/** Internal API for aborting an HMAC operation, using PSA hash primitives. + * + * \note This API is not meant for application use. Applications should always + * use the top-level psa_mac_xxx APIs for doing HMAC operations. + * + * \param[in] hmac Context structure for the HMAC operation to abort. + * + * \retval #PSA_SUCCESS + * Success. + * \return Any error code reported by psa_hash_abort(). + */ psa_status_t psa_hmac_abort_internal( psa_hmac_internal_data *hmac ); /** Calculate the MAC (message authentication code) of a message using Mbed TLS. From d1955af5df458f10ec0710da37085d033a968ef1 Mon Sep 17 00:00:00 2001 From: Steven Cooreman Date: Mon, 22 Mar 2021 14:49:06 +0100 Subject: [PATCH 059/188] Rename internal HMAC structure type to match convention Typedef'ed structures are suffixed _t Also updated the initialiser macro with content that actually matches the structure's content. Signed-off-by: Steven Cooreman --- include/psa/crypto_builtin_composites.h | 18 +++++++++--------- include/psa/crypto_struct.h | 4 ++-- library/psa_crypto.c | 2 +- library/psa_crypto_mac.c | 12 ++++++------ library/psa_crypto_mac.h | 12 ++++++------ 5 files changed, 24 insertions(+), 24 deletions(-) diff --git a/include/psa/crypto_builtin_composites.h b/include/psa/crypto_builtin_composites.h index 2fb0633ab4..e1acf3955b 100644 --- a/include/psa/crypto_builtin_composites.h +++ b/include/psa/crypto_builtin_composites.h @@ -46,15 +46,15 @@ #if defined(PSA_WANT_ALG_HMAC) typedef struct { - /** The HMAC algorithm in use */ - psa_algorithm_t alg; - /** The hash context. */ - struct psa_hash_operation_s hash_ctx; - /** The HMAC part of the context. */ - uint8_t opad[PSA_HMAC_MAX_HASH_BLOCK_SIZE]; -} psa_hmac_internal_data; + /** The HMAC algorithm in use */ + psa_algorithm_t alg; + /** The hash context. */ + struct psa_hash_operation_s hash_ctx; + /** The HMAC part of the context. */ + uint8_t opad[PSA_HMAC_MAX_HASH_BLOCK_SIZE]; +} psa_hmac_internal_data_t; -#define MBEDTLS_PSA_HMAC_OPERATION_INIT {0, {0}, {0}} +#define MBEDTLS_PSA_HMAC_OPERATION_INIT {0, PSA_HASH_OPERATION_INIT, {0}} #endif /* PSA_WANT_ALG_HMAC */ #include "mbedtls/cmac.h" @@ -73,7 +73,7 @@ typedef struct { unsigned dummy; /* Make the union non-empty even with no supported algorithms. */ #if defined(PSA_WANT_ALG_HMAC) - psa_hmac_internal_data hmac; + psa_hmac_internal_data_t hmac; #endif #if defined(MBEDTLS_CMAC_C) mbedtls_cipher_context_t cmac; diff --git a/include/psa/crypto_struct.h b/include/psa/crypto_struct.h index 04c0064634..23a090836e 100644 --- a/include/psa/crypto_struct.h +++ b/include/psa/crypto_struct.h @@ -173,7 +173,7 @@ typedef struct { uint8_t *info; size_t info_length; - psa_hmac_internal_data hmac; + psa_hmac_internal_data_t hmac; uint8_t prk[PSA_HASH_MAX_SIZE]; uint8_t output_block[PSA_HASH_MAX_SIZE]; #if PSA_HASH_MAX_SIZE > 0xff @@ -215,7 +215,7 @@ typedef struct psa_tls12_prf_key_derivation_s size_t seed_length; uint8_t *label; size_t label_length; - psa_hmac_internal_data hmac; + psa_hmac_internal_data_t hmac; uint8_t Ai[PSA_HASH_MAX_SIZE]; /* `HMAC_hash( prk, A(i) + seed )` in the notation of RFC 5246, Sect. 5. */ diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 0ef73dff7a..01ddb524dc 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -3365,7 +3365,7 @@ static psa_status_t psa_key_derivation_tls12_prf_generate_next_block( { psa_algorithm_t hash_alg = PSA_ALG_HKDF_GET_HASH( alg ); uint8_t hash_length = PSA_HASH_LENGTH( hash_alg ); - psa_hmac_internal_data backup = MBEDTLS_PSA_HMAC_OPERATION_INIT; + psa_hmac_internal_data_t backup = MBEDTLS_PSA_HMAC_OPERATION_INIT; psa_status_t status, cleanup_status; /* We can't be wanting more output after block 0xff, otherwise diff --git a/library/psa_crypto_mac.c b/library/psa_crypto_mac.c index 5a7bc2c86a..5ea2f1760c 100644 --- a/library/psa_crypto_mac.c +++ b/library/psa_crypto_mac.c @@ -69,13 +69,13 @@ static size_t psa_get_hash_block_size( psa_algorithm_t alg ) } } -psa_status_t psa_hmac_abort_internal( psa_hmac_internal_data *hmac ) +psa_status_t psa_hmac_abort_internal( psa_hmac_internal_data_t *hmac ) { mbedtls_platform_zeroize( hmac->opad, sizeof( hmac->opad ) ); return( psa_hash_abort( &hmac->hash_ctx ) ); } -psa_status_t psa_hmac_setup_internal( psa_hmac_internal_data *hmac, +psa_status_t psa_hmac_setup_internal( psa_hmac_internal_data_t *hmac, const uint8_t *key, size_t key_length, psa_algorithm_t hash_alg ) @@ -139,14 +139,14 @@ cleanup: return( status ); } -psa_status_t psa_hmac_update_internal( psa_hmac_internal_data *hmac, +psa_status_t psa_hmac_update_internal( psa_hmac_internal_data_t *hmac, const uint8_t *data, size_t data_length ) { return( psa_hash_update( &hmac->hash_ctx, data, data_length ) ); } -psa_status_t psa_hmac_finish_internal( psa_hmac_internal_data *hmac, +psa_status_t psa_hmac_finish_internal( psa_hmac_internal_data_t *hmac, uint8_t *mac, size_t mac_size ) { @@ -184,8 +184,8 @@ exit: return( status ); } -psa_status_t psa_hmac_clone_internal( const psa_hmac_internal_data *source, - psa_hmac_internal_data *destination ) +psa_status_t psa_hmac_clone_internal( const psa_hmac_internal_data_t *source, + psa_hmac_internal_data_t *destination ) { psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; diff --git a/library/psa_crypto_mac.h b/library/psa_crypto_mac.h index 6a5629618d..e63da5304f 100644 --- a/library/psa_crypto_mac.h +++ b/library/psa_crypto_mac.h @@ -39,7 +39,7 @@ * \return Any error code reported by psa_hash_compute(), psa_hash_setup() or * psa_hash_update(). */ -psa_status_t psa_hmac_setup_internal( psa_hmac_internal_data *hmac, +psa_status_t psa_hmac_setup_internal( psa_hmac_internal_data_t *hmac, const uint8_t *key, size_t key_length, psa_algorithm_t hash_alg ); @@ -59,7 +59,7 @@ psa_status_t psa_hmac_setup_internal( psa_hmac_internal_data *hmac, * Success. * \return Any error code reported by psa_hash_update(). */ -psa_status_t psa_hmac_update_internal( psa_hmac_internal_data *hmac, +psa_status_t psa_hmac_update_internal( psa_hmac_internal_data_t *hmac, const uint8_t *data, size_t data_length ); @@ -78,7 +78,7 @@ psa_status_t psa_hmac_update_internal( psa_hmac_internal_data *hmac, * \return Any error code reported by psa_hash_setup(), psa_hash_update() or * psa_hash_finish(). */ -psa_status_t psa_hmac_finish_internal( psa_hmac_internal_data *hmac, +psa_status_t psa_hmac_finish_internal( psa_hmac_internal_data_t *hmac, uint8_t *mac, size_t mac_size ); @@ -96,8 +96,8 @@ psa_status_t psa_hmac_finish_internal( psa_hmac_internal_data *hmac, * Success. * \return Any error code reported by psa_hash_clone(). */ -psa_status_t psa_hmac_clone_internal( const psa_hmac_internal_data *source, - psa_hmac_internal_data *destination ); +psa_status_t psa_hmac_clone_internal( const psa_hmac_internal_data_t *source, + psa_hmac_internal_data_t *destination ); /** Internal API for aborting an HMAC operation, using PSA hash primitives. * @@ -110,7 +110,7 @@ psa_status_t psa_hmac_clone_internal( const psa_hmac_internal_data *source, * Success. * \return Any error code reported by psa_hash_abort(). */ -psa_status_t psa_hmac_abort_internal( psa_hmac_internal_data *hmac ); +psa_status_t psa_hmac_abort_internal( psa_hmac_internal_data_t *hmac ); /** Calculate the MAC (message authentication code) of a message using Mbed TLS. * From 939102e7a32c3e471696f36ae96457c45092c41c Mon Sep 17 00:00:00 2001 From: Steven Cooreman Date: Mon, 22 Mar 2021 15:09:44 +0100 Subject: [PATCH 060/188] Add CMAC to standard PSA config Signed-off-by: Steven Cooreman --- include/psa/crypto_config.h | 1 + 1 file changed, 1 insertion(+) diff --git a/include/psa/crypto_config.h b/include/psa/crypto_config.h index 736d9abe08..246e894278 100644 --- a/include/psa/crypto_config.h +++ b/include/psa/crypto_config.h @@ -57,6 +57,7 @@ #define PSA_WANT_ALG_CBC_NO_PADDING 1 #define PSA_WANT_ALG_CBC_PKCS7 1 #define PSA_WANT_ALG_CCM 1 +#define PSA_WANT_ALG_CMAC 1 #define PSA_WANT_ALG_CFB 1 #define PSA_WANT_ALG_CHACHA20_POLY1305 1 #define PSA_WANT_ALG_CMAC 1 From c7f0a576b68aa42bb0f5aee4417ad2edf4030279 Mon Sep 17 00:00:00 2001 From: Steven Cooreman Date: Thu, 29 Apr 2021 21:10:11 +0200 Subject: [PATCH 061/188] Add testing of the MAC driver entry points Signed-off-by: Steven Cooreman --- library/psa_crypto_driver_wrappers.c | 28 +- tests/include/test/drivers/mac.h | 140 +++++++ tests/include/test/drivers/test_driver.h | 1 + tests/src/drivers/test_driver_mac.c | 361 ++++++++++++++++++ ...test_suite_psa_crypto_driver_wrappers.data | 48 +++ ..._suite_psa_crypto_driver_wrappers.function | 191 +++++++++ visualc/VS2010/mbedTLS.vcxproj | 2 + 7 files changed, 757 insertions(+), 14 deletions(-) create mode 100644 tests/include/test/drivers/mac.h create mode 100644 tests/src/drivers/test_driver_mac.c diff --git a/library/psa_crypto_driver_wrappers.c b/library/psa_crypto_driver_wrappers.c index 5d78aede29..795e424894 100644 --- a/library/psa_crypto_driver_wrappers.c +++ b/library/psa_crypto_driver_wrappers.c @@ -1318,7 +1318,7 @@ psa_status_t psa_driver_wrapper_mac_compute( * cycle through all known transparent accelerators */ #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) #if defined(PSA_CRYPTO_DRIVER_TEST) - status = mbedtls_transparent_test_driver_mac_compute( + status = mbedtls_test_transparent_mac_compute( attributes, key_buffer, key_buffer_size, alg, input, input_length, mac, mac_size, mac_length ); @@ -1342,7 +1342,7 @@ psa_status_t psa_driver_wrapper_mac_compute( #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) #if defined(PSA_CRYPTO_DRIVER_TEST) case PSA_CRYPTO_TEST_DRIVER_LOCATION: - status = mbedtls_opaque_test_driver_mac_compute( + status = mbedtls_test_opaque_mac_compute( attributes, key_buffer, key_buffer_size, alg, input, input_length, mac, mac_size, mac_length ); @@ -1382,7 +1382,7 @@ psa_status_t psa_driver_wrapper_mac_sign_setup( * cycle through all known transparent accelerators */ #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) #if defined(PSA_CRYPTO_DRIVER_TEST) - status = mbedtls_transparent_test_driver_mac_sign_setup( + status = mbedtls_test_transparent_mac_sign_setup( &operation->ctx.transparent_test_driver_ctx, attributes, key_buffer, key_buffer_size, @@ -1413,7 +1413,7 @@ psa_status_t psa_driver_wrapper_mac_sign_setup( #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) #if defined(PSA_CRYPTO_DRIVER_TEST) case PSA_CRYPTO_TEST_DRIVER_LOCATION: - status = mbedtls_opaque_test_driver_mac_sign_setup( + status = mbedtls_test_opaque_mac_sign_setup( &operation->ctx.opaque_test_driver_ctx, attributes, key_buffer, key_buffer_size, @@ -1453,7 +1453,7 @@ psa_status_t psa_driver_wrapper_mac_verify_setup( * cycle through all known transparent accelerators */ #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) #if defined(PSA_CRYPTO_DRIVER_TEST) - status = mbedtls_transparent_test_driver_mac_verify_setup( + status = mbedtls_test_transparent_mac_verify_setup( &operation->ctx.transparent_test_driver_ctx, attributes, key_buffer, key_buffer_size, @@ -1484,7 +1484,7 @@ psa_status_t psa_driver_wrapper_mac_verify_setup( #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) #if defined(PSA_CRYPTO_DRIVER_TEST) case PSA_CRYPTO_TEST_DRIVER_LOCATION: - status = mbedtls_opaque_test_driver_mac_sign_setup( + status = mbedtls_test_opaque_mac_verify_setup( &operation->ctx.opaque_test_driver_ctx, attributes, key_buffer, key_buffer_size, @@ -1522,12 +1522,12 @@ psa_status_t psa_driver_wrapper_mac_update( #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) #if defined(PSA_CRYPTO_DRIVER_TEST) case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID: - return( mbedtls_transparent_test_driver_mac_update( + return( mbedtls_test_transparent_mac_update( &operation->ctx.transparent_test_driver_ctx, input, input_length ) ); case PSA_CRYPTO_OPAQUE_TEST_DRIVER_ID: - return( mbedtls_opaque_test_driver_mac_update( + return( mbedtls_test_opaque_mac_update( &operation->ctx.opaque_test_driver_ctx, input, input_length ) ); #endif /* PSA_CRYPTO_DRIVER_TEST */ @@ -1556,12 +1556,12 @@ psa_status_t psa_driver_wrapper_mac_sign_finish( #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) #if defined(PSA_CRYPTO_DRIVER_TEST) case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID: - return( mbedtls_transparent_test_driver_mac_sign_finish( + return( mbedtls_test_transparent_mac_sign_finish( &operation->ctx.transparent_test_driver_ctx, mac, mac_size, mac_length ) ); case PSA_CRYPTO_OPAQUE_TEST_DRIVER_ID: - return( mbedtls_opaque_test_driver_mac_sign_finish( + return( mbedtls_test_opaque_mac_sign_finish( &operation->ctx.opaque_test_driver_ctx, mac, mac_size, mac_length ) ); #endif /* PSA_CRYPTO_DRIVER_TEST */ @@ -1590,12 +1590,12 @@ psa_status_t psa_driver_wrapper_mac_verify_finish( #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) #if defined(PSA_CRYPTO_DRIVER_TEST) case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID: - return( mbedtls_transparent_test_driver_mac_verify_finish( + return( mbedtls_test_transparent_mac_verify_finish( &operation->ctx.transparent_test_driver_ctx, mac, mac_length ) ); case PSA_CRYPTO_OPAQUE_TEST_DRIVER_ID: - return( mbedtls_opaque_test_driver_mac_verify_finish( + return( mbedtls_test_opaque_mac_verify_finish( &operation->ctx.opaque_test_driver_ctx, mac, mac_length ) ); #endif /* PSA_CRYPTO_DRIVER_TEST */ @@ -1620,10 +1620,10 @@ psa_status_t psa_driver_wrapper_mac_abort( #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) #if defined(PSA_CRYPTO_DRIVER_TEST) case PSA_CRYPTO_TRANSPARENT_TEST_DRIVER_ID: - return( mbedtls_transparent_test_driver_mac_abort( + return( mbedtls_test_transparent_mac_abort( &operation->ctx.transparent_test_driver_ctx ) ); case PSA_CRYPTO_OPAQUE_TEST_DRIVER_ID: - return( mbedtls_opaque_test_driver_mac_abort( + return( mbedtls_test_opaque_mac_abort( &operation->ctx.opaque_test_driver_ctx ) ); #endif /* PSA_CRYPTO_DRIVER_TEST */ #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ diff --git a/tests/include/test/drivers/mac.h b/tests/include/test/drivers/mac.h new file mode 100644 index 0000000000..e4c750bd61 --- /dev/null +++ b/tests/include/test/drivers/mac.h @@ -0,0 +1,140 @@ +/* + * Test driver for MAC driver entry points. + */ +/* Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef PSA_CRYPTO_TEST_DRIVERS_MAC_H +#define PSA_CRYPTO_TEST_DRIVERS_MAC_H + +#if !defined(MBEDTLS_CONFIG_FILE) +#include "mbedtls/config.h" +#else +#include MBEDTLS_CONFIG_FILE +#endif + +#if defined(PSA_CRYPTO_DRIVER_TEST) +#include + +typedef struct { + /* If not PSA_SUCCESS, return this error code instead of processing the + * function call. */ + psa_status_t forced_status; + /* Count the amount of times MAC driver functions are called. */ + unsigned long hits; + /* Status returned by the last MAC driver function call. */ + psa_status_t driver_status; +} test_driver_mac_hooks_t; + +#define MBEDTLS_TEST_DRIVER_MAC_INIT { 0, 0, 0 } +static inline test_driver_mac_hooks_t test_driver_mac_hooks_init( void ) +{ + const test_driver_mac_hooks_t v = MBEDTLS_TEST_DRIVER_MAC_INIT; + return( v ); +} + +extern test_driver_mac_hooks_t test_driver_mac_hooks; + +psa_status_t mbedtls_test_transparent_mac_compute( + const psa_key_attributes_t *attributes, + const uint8_t *key_buffer, + size_t key_buffer_size, + psa_algorithm_t alg, + const uint8_t *input, + size_t input_length, + uint8_t *mac, + size_t mac_size, + size_t *mac_length ); + +psa_status_t mbedtls_test_transparent_mac_sign_setup( + mbedtls_transparent_test_driver_mac_operation_t *operation, + const psa_key_attributes_t *attributes, + const uint8_t *key_buffer, + size_t key_buffer_size, + psa_algorithm_t alg ); + +psa_status_t mbedtls_test_transparent_mac_verify_setup( + mbedtls_transparent_test_driver_mac_operation_t *operation, + const psa_key_attributes_t *attributes, + const uint8_t *key_buffer, + size_t key_buffer_size, + psa_algorithm_t alg ); + +psa_status_t mbedtls_test_transparent_mac_update( + mbedtls_transparent_test_driver_mac_operation_t *operation, + const uint8_t *input, + size_t input_length ); + +psa_status_t mbedtls_test_transparent_mac_sign_finish( + mbedtls_transparent_test_driver_mac_operation_t *operation, + uint8_t *mac, + size_t mac_size, + size_t *mac_length ); + +psa_status_t mbedtls_test_transparent_mac_verify_finish( + mbedtls_transparent_test_driver_mac_operation_t *operation, + const uint8_t *mac, + size_t mac_length ); + +psa_status_t mbedtls_test_transparent_mac_abort( + mbedtls_transparent_test_driver_mac_operation_t *operation ); + +psa_status_t mbedtls_test_opaque_mac_compute( + const psa_key_attributes_t *attributes, + const uint8_t *key_buffer, + size_t key_buffer_size, + psa_algorithm_t alg, + const uint8_t *input, + size_t input_length, + uint8_t *mac, + size_t mac_size, + size_t *mac_length ); + +psa_status_t mbedtls_test_opaque_mac_sign_setup( + mbedtls_opaque_test_driver_mac_operation_t *operation, + const psa_key_attributes_t *attributes, + const uint8_t *key_buffer, + size_t key_buffer_size, + psa_algorithm_t alg ); + +psa_status_t mbedtls_test_opaque_mac_verify_setup( + mbedtls_opaque_test_driver_mac_operation_t *operation, + const psa_key_attributes_t *attributes, + const uint8_t *key_buffer, + size_t key_buffer_size, + psa_algorithm_t alg ); + +psa_status_t mbedtls_test_opaque_mac_update( + mbedtls_opaque_test_driver_mac_operation_t *operation, + const uint8_t *input, + size_t input_length ); + +psa_status_t mbedtls_test_opaque_mac_sign_finish( + mbedtls_opaque_test_driver_mac_operation_t *operation, + uint8_t *mac, + size_t mac_size, + size_t *mac_length ); + +psa_status_t mbedtls_test_opaque_mac_verify_finish( + mbedtls_opaque_test_driver_mac_operation_t *operation, + const uint8_t *mac, + size_t mac_length ); + +psa_status_t mbedtls_test_opaque_mac_abort( + mbedtls_opaque_test_driver_mac_operation_t *operation ); + +#endif /* PSA_CRYPTO_DRIVER_TEST */ +#endif /* PSA_CRYPTO_TEST_DRIVERS_MAC_H */ diff --git a/tests/include/test/drivers/test_driver.h b/tests/include/test/drivers/test_driver.h index dc2136a6ab..5b60932d3a 100644 --- a/tests/include/test/drivers/test_driver.h +++ b/tests/include/test/drivers/test_driver.h @@ -25,6 +25,7 @@ #include "test/drivers/aead.h" #include "test/drivers/cipher.h" #include "test/drivers/hash.h" +#include "test/drivers/mac.h" #include "test/drivers/key_management.h" #include "test/drivers/signature.h" #include "test/drivers/size.h" diff --git a/tests/src/drivers/test_driver_mac.c b/tests/src/drivers/test_driver_mac.c new file mode 100644 index 0000000000..4e26e9f21e --- /dev/null +++ b/tests/src/drivers/test_driver_mac.c @@ -0,0 +1,361 @@ +/* + * Test driver for MAC entry points. + */ +/* Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#if !defined(MBEDTLS_CONFIG_FILE) +#include "mbedtls/config.h" +#else +#include MBEDTLS_CONFIG_FILE +#endif + +#if defined(MBEDTLS_PSA_CRYPTO_DRIVERS) && defined(PSA_CRYPTO_DRIVER_TEST) +#include "psa_crypto_mac.h" + +#include "test/drivers/mac.h" + +test_driver_mac_hooks_t test_driver_mac_hooks = MBEDTLS_TEST_DRIVER_MAC_INIT; + +psa_status_t mbedtls_test_transparent_mac_compute( + const psa_key_attributes_t *attributes, + const uint8_t *key_buffer, + size_t key_buffer_size, + psa_algorithm_t alg, + const uint8_t *input, + size_t input_length, + uint8_t *mac, + size_t mac_size, + size_t *mac_length ) +{ + test_driver_mac_hooks.hits++; + + if( test_driver_mac_hooks.forced_status != PSA_SUCCESS ) + { + test_driver_mac_hooks.driver_status = + test_driver_mac_hooks.forced_status; + } + else + { + test_driver_mac_hooks.driver_status = + mbedtls_transparent_test_driver_mac_compute( + attributes, key_buffer, key_buffer_size, alg, + input, input_length, + mac, mac_size, mac_length ); + } + + return( test_driver_mac_hooks.driver_status ); +} + +psa_status_t mbedtls_test_transparent_mac_sign_setup( + mbedtls_transparent_test_driver_mac_operation_t *operation, + const psa_key_attributes_t *attributes, + const uint8_t *key_buffer, + size_t key_buffer_size, + psa_algorithm_t alg ) +{ + test_driver_mac_hooks.hits++; + + if( test_driver_mac_hooks.forced_status != PSA_SUCCESS ) + { + test_driver_mac_hooks.driver_status = + test_driver_mac_hooks.forced_status; + } + else + { + test_driver_mac_hooks.driver_status = + mbedtls_transparent_test_driver_mac_sign_setup( + operation, attributes, key_buffer, key_buffer_size, alg ); + } + + return( test_driver_mac_hooks.driver_status ); +} + +psa_status_t mbedtls_test_transparent_mac_verify_setup( + mbedtls_transparent_test_driver_mac_operation_t *operation, + const psa_key_attributes_t *attributes, + const uint8_t *key_buffer, + size_t key_buffer_size, + psa_algorithm_t alg ) +{ + test_driver_mac_hooks.hits++; + + if( test_driver_mac_hooks.forced_status != PSA_SUCCESS ) + { + test_driver_mac_hooks.driver_status = + test_driver_mac_hooks.forced_status; + } + else + { + test_driver_mac_hooks.driver_status = + mbedtls_transparent_test_driver_mac_verify_setup( + operation, attributes, key_buffer, key_buffer_size, alg ); + } + + return( test_driver_mac_hooks.driver_status ); +} + +psa_status_t mbedtls_test_transparent_mac_update( + mbedtls_transparent_test_driver_mac_operation_t *operation, + const uint8_t *input, + size_t input_length ) +{ + test_driver_mac_hooks.hits++; + + if( test_driver_mac_hooks.forced_status != PSA_SUCCESS ) + { + test_driver_mac_hooks.driver_status = + test_driver_mac_hooks.forced_status; + } + else + { + test_driver_mac_hooks.driver_status = + mbedtls_transparent_test_driver_mac_update( + operation, input, input_length ); + } + + return( test_driver_mac_hooks.driver_status ); +} + +psa_status_t mbedtls_test_transparent_mac_sign_finish( + mbedtls_transparent_test_driver_mac_operation_t *operation, + uint8_t *mac, + size_t mac_size, + size_t *mac_length ) +{ + test_driver_mac_hooks.hits++; + + if( test_driver_mac_hooks.forced_status != PSA_SUCCESS ) + { + test_driver_mac_hooks.driver_status = + test_driver_mac_hooks.forced_status; + } + else + { + test_driver_mac_hooks.driver_status = + mbedtls_transparent_test_driver_mac_sign_finish( + operation, mac, mac_size, mac_length ); + } + + return( test_driver_mac_hooks.driver_status ); +} + +psa_status_t mbedtls_test_transparent_mac_verify_finish( + mbedtls_transparent_test_driver_mac_operation_t *operation, + const uint8_t *mac, + size_t mac_length ) +{ + test_driver_mac_hooks.hits++; + + if( test_driver_mac_hooks.forced_status != PSA_SUCCESS ) + { + test_driver_mac_hooks.driver_status = + test_driver_mac_hooks.forced_status; + } + else + { + test_driver_mac_hooks.driver_status = + mbedtls_transparent_test_driver_mac_verify_finish( + operation, mac, mac_length ); + } + + return( test_driver_mac_hooks.driver_status ); +} + +psa_status_t mbedtls_test_transparent_mac_abort( + mbedtls_transparent_test_driver_mac_operation_t *operation ) +{ + test_driver_mac_hooks.hits++; + + if( test_driver_mac_hooks.forced_status != PSA_SUCCESS ) + { + test_driver_mac_hooks.driver_status = + test_driver_mac_hooks.forced_status; + } + else + { + test_driver_mac_hooks.driver_status = + mbedtls_transparent_test_driver_mac_abort( operation ); + } + + return( test_driver_mac_hooks.driver_status ); +} + +psa_status_t mbedtls_test_opaque_mac_compute( + const psa_key_attributes_t *attributes, + const uint8_t *key_buffer, + size_t key_buffer_size, + psa_algorithm_t alg, + const uint8_t *input, + size_t input_length, + uint8_t *mac, + size_t mac_size, + size_t *mac_length ) +{ + test_driver_mac_hooks.hits++; + + if( test_driver_mac_hooks.forced_status != PSA_SUCCESS ) + { + test_driver_mac_hooks.driver_status = + test_driver_mac_hooks.forced_status; + } + else + { + test_driver_mac_hooks.driver_status = + mbedtls_opaque_test_driver_mac_compute( + attributes, key_buffer, key_buffer_size, alg, + input, input_length, + mac, mac_size, mac_length ); + } + + return( test_driver_mac_hooks.driver_status ); +} + +psa_status_t mbedtls_test_opaque_mac_sign_setup( + mbedtls_opaque_test_driver_mac_operation_t *operation, + const psa_key_attributes_t *attributes, + const uint8_t *key_buffer, + size_t key_buffer_size, + psa_algorithm_t alg ) +{ + test_driver_mac_hooks.hits++; + + if( test_driver_mac_hooks.forced_status != PSA_SUCCESS ) + { + test_driver_mac_hooks.driver_status = + test_driver_mac_hooks.forced_status; + } + else + { + test_driver_mac_hooks.driver_status = + mbedtls_opaque_test_driver_mac_sign_setup( + operation, attributes, key_buffer, key_buffer_size, alg ); + } + + return( test_driver_mac_hooks.driver_status ); +} + +psa_status_t mbedtls_test_opaque_mac_verify_setup( + mbedtls_opaque_test_driver_mac_operation_t *operation, + const psa_key_attributes_t *attributes, + const uint8_t *key_buffer, + size_t key_buffer_size, + psa_algorithm_t alg ) +{ + test_driver_mac_hooks.hits++; + + if( test_driver_mac_hooks.forced_status != PSA_SUCCESS ) + { + test_driver_mac_hooks.driver_status = + test_driver_mac_hooks.forced_status; + } + else + { + test_driver_mac_hooks.driver_status = + mbedtls_opaque_test_driver_mac_verify_setup( + operation, attributes, key_buffer, key_buffer_size, alg ); + } + + return( test_driver_mac_hooks.driver_status ); +} + +psa_status_t mbedtls_test_opaque_mac_update( + mbedtls_opaque_test_driver_mac_operation_t *operation, + const uint8_t *input, + size_t input_length ) +{ + test_driver_mac_hooks.hits++; + + if( test_driver_mac_hooks.forced_status != PSA_SUCCESS ) + { + test_driver_mac_hooks.driver_status = + test_driver_mac_hooks.forced_status; + } + else + { + test_driver_mac_hooks.driver_status = + mbedtls_opaque_test_driver_mac_update( + operation, input, input_length ); + } + + return( test_driver_mac_hooks.driver_status ); +} + +psa_status_t mbedtls_test_opaque_mac_sign_finish( + mbedtls_opaque_test_driver_mac_operation_t *operation, + uint8_t *mac, + size_t mac_size, + size_t *mac_length ) +{ + test_driver_mac_hooks.hits++; + + if( test_driver_mac_hooks.forced_status != PSA_SUCCESS ) + { + test_driver_mac_hooks.driver_status = + test_driver_mac_hooks.forced_status; + } + else + { + test_driver_mac_hooks.driver_status = + mbedtls_opaque_test_driver_mac_sign_finish( + operation, mac, mac_size, mac_length ); + } + + return( test_driver_mac_hooks.driver_status ); +} + +psa_status_t mbedtls_test_opaque_mac_verify_finish( + mbedtls_opaque_test_driver_mac_operation_t *operation, + const uint8_t *mac, + size_t mac_length ) +{ + test_driver_mac_hooks.hits++; + + if( test_driver_mac_hooks.forced_status != PSA_SUCCESS ) + { + test_driver_mac_hooks.driver_status = + test_driver_mac_hooks.forced_status; + } + else + { + test_driver_mac_hooks.driver_status = + mbedtls_opaque_test_driver_mac_verify_finish( + operation, mac, mac_length ); + } + + return( test_driver_mac_hooks.driver_status ); +} + +psa_status_t mbedtls_test_opaque_mac_abort( + mbedtls_opaque_test_driver_mac_operation_t *operation ) +{ + test_driver_mac_hooks.hits++; + + if( test_driver_mac_hooks.forced_status != PSA_SUCCESS ) + { + test_driver_mac_hooks.driver_status = + test_driver_mac_hooks.forced_status; + } + else + { + test_driver_mac_hooks.driver_status = + mbedtls_opaque_test_driver_mac_abort( operation ); + } + + return( test_driver_mac_hooks.driver_status ); +} + +#endif /* MBEDTLS_PSA_CRYPTO_DRIVERS && PSA_CRYPTO_DRIVER_TEST */ diff --git a/tests/suites/test_suite_psa_crypto_driver_wrappers.data b/tests/suites/test_suite_psa_crypto_driver_wrappers.data index 5fbfac66a8..cab40d37f8 100644 --- a/tests/suites/test_suite_psa_crypto_driver_wrappers.data +++ b/tests/suites/test_suite_psa_crypto_driver_wrappers.data @@ -244,6 +244,54 @@ PSA AEAD decrypt, AES-GCM, 144 bytes #1, INSUFFICIENT_MEMORY depends_on:MBEDTLS_AES_C:MBEDTLS_GCM_C aead_decrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_GCM:"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847fe0b7b7fbed325953df344a96":"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826":PSA_ERROR_INSUFFICIENT_MEMORY +PSA MAC sign, through driver: HMAC-SHA-224 +depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_224:PSA_WANT_KEY_TYPE_HMAC +mac_sign:PSA_KEY_TYPE_HMAC:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_ALG_HMAC(PSA_ALG_SHA_224):"4869205468657265":"896fb1128abbdf196832107cd49df33f47b4b1169912ba4f53684b22":PSA_SUCCESS + +PSA MAC sign, fallback: HMAC-SHA-224 +depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_224:PSA_WANT_KEY_TYPE_HMAC +mac_sign:PSA_KEY_TYPE_HMAC:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_ALG_HMAC(PSA_ALG_SHA_224):"4869205468657265":"896fb1128abbdf196832107cd49df33f47b4b1169912ba4f53684b22":PSA_ERROR_NOT_SUPPORTED + +PSA MAC sign, driver reports error: RFC4231 Test case 1 - HMAC-SHA-224 +depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_224:PSA_WANT_KEY_TYPE_HMAC +mac_sign:PSA_KEY_TYPE_HMAC:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_ALG_HMAC(PSA_ALG_SHA_224):"4869205468657265":"896fb1128abbdf196832107cd49df33f47b4b1169912ba4f53684b22":PSA_ERROR_GENERIC_ERROR + +PSA MAC sign, through driver: CMAC-AES-128 +depends_on:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES +mac_sign:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":PSA_ALG_CMAC:"6bc1bee22e409f96e93d7e117393172aae2d8a571e03ac9c9eb76fac45af8e5130c81c46a35ce411":"dfa66747de9ae63030ca32611497c827":PSA_SUCCESS + +PSA MAC sign, fallback: CMAC-AES-128 +depends_on:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES +mac_sign:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":PSA_ALG_CMAC:"6bc1bee22e409f96e93d7e117393172aae2d8a571e03ac9c9eb76fac45af8e5130c81c46a35ce411":"dfa66747de9ae63030ca32611497c827":PSA_ERROR_NOT_SUPPORTED + +PSA MAC sign, driver reports error: CMAC-AES-128 +depends_on:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES +mac_sign:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":PSA_ALG_CMAC:"6bc1bee22e409f96e93d7e117393172aae2d8a571e03ac9c9eb76fac45af8e5130c81c46a35ce411":"dfa66747de9ae63030ca32611497c827":PSA_ERROR_GENERIC_ERROR + +PSA MAC verify, through driver: HMAC-SHA-224 +depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_224:PSA_WANT_KEY_TYPE_HMAC +mac_verify:PSA_KEY_TYPE_HMAC:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_ALG_HMAC(PSA_ALG_SHA_224):"4869205468657265":"896fb1128abbdf196832107cd49df33f47b4b1169912ba4f53684b22":PSA_SUCCESS + +PSA MAC verify, fallback: HMAC-SHA-224 +depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_224:PSA_WANT_KEY_TYPE_HMAC +mac_verify:PSA_KEY_TYPE_HMAC:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_ALG_HMAC(PSA_ALG_SHA_224):"4869205468657265":"896fb1128abbdf196832107cd49df33f47b4b1169912ba4f53684b22":PSA_ERROR_NOT_SUPPORTED + +PSA MAC verify, driver reports error: RFC4231 Test case 1 - HMAC-SHA-224 +depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_224:PSA_WANT_KEY_TYPE_HMAC +mac_verify:PSA_KEY_TYPE_HMAC:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_ALG_HMAC(PSA_ALG_SHA_224):"4869205468657265":"896fb1128abbdf196832107cd49df33f47b4b1169912ba4f53684b22":PSA_ERROR_GENERIC_ERROR + +PSA MAC verify, through driver: CMAC-AES-128 +depends_on:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES +mac_verify:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":PSA_ALG_CMAC:"6bc1bee22e409f96e93d7e117393172aae2d8a571e03ac9c9eb76fac45af8e5130c81c46a35ce411":"dfa66747de9ae63030ca32611497c827":PSA_SUCCESS + +PSA MAC verify, fallback: CMAC-AES-128 +depends_on:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES +mac_verify:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":PSA_ALG_CMAC:"6bc1bee22e409f96e93d7e117393172aae2d8a571e03ac9c9eb76fac45af8e5130c81c46a35ce411":"dfa66747de9ae63030ca32611497c827":PSA_ERROR_NOT_SUPPORTED + +PSA MAC verify, driver reports error: CMAC-AES-128 +depends_on:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES +mac_verify:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":PSA_ALG_CMAC:"6bc1bee22e409f96e93d7e117393172aae2d8a571e03ac9c9eb76fac45af8e5130c81c46a35ce411":"dfa66747de9ae63030ca32611497c827":PSA_ERROR_GENERIC_ERROR + PSA opaque driver builtin key export: AES builtin_key_export:MBEDTLS_PSA_KEY_ID_BUILTIN_MIN:PSA_KEY_TYPE_AES:128:PSA_ALG_CTR:"3677397A24432646294A404E63526655":PSA_SUCCESS diff --git a/tests/suites/test_suite_psa_crypto_driver_wrappers.function b/tests/suites/test_suite_psa_crypto_driver_wrappers.function index a0b719ef69..f523d3c881 100644 --- a/tests/suites/test_suite_psa_crypto_driver_wrappers.function +++ b/tests/suites/test_suite_psa_crypto_driver_wrappers.function @@ -963,6 +963,197 @@ exit: } /* END_CASE */ +/* BEGIN_CASE */ +void mac_sign( int key_type_arg, + data_t *key_data, + int alg_arg, + data_t *input, + data_t *expected_mac, + int forced_status_arg ) +{ + mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; + psa_key_type_t key_type = key_type_arg; + psa_algorithm_t alg = alg_arg; + psa_mac_operation_t operation = PSA_MAC_OPERATION_INIT; + psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; + uint8_t *actual_mac = NULL; + size_t mac_buffer_size = + PSA_MAC_LENGTH( key_type, PSA_BYTES_TO_BITS( key_data->len ), alg ); + size_t mac_length = 0; + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + psa_status_t forced_status = forced_status_arg; + test_driver_mac_hooks = test_driver_mac_hooks_init(); + + TEST_ASSERT( mac_buffer_size <= PSA_MAC_MAX_SIZE ); + /* We expect PSA_MAC_LENGTH to be exact. */ + TEST_ASSERT( expected_mac->len == mac_buffer_size ); + + PSA_ASSERT( psa_crypto_init( ) ); + + psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_SIGN_HASH ); + psa_set_key_algorithm( &attributes, alg ); + psa_set_key_type( &attributes, key_type ); + + PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len, + &key ) ); + + ASSERT_ALLOC( actual_mac, mac_buffer_size ); + test_driver_mac_hooks.forced_status = forced_status; + + /* Calculate the MAC. */ + status = psa_mac_sign_setup( &operation, key, alg ); + TEST_EQUAL( test_driver_mac_hooks.hits, 1 ); + + if( forced_status == PSA_SUCCESS || + forced_status == PSA_ERROR_NOT_SUPPORTED ) + { + PSA_ASSERT( status ); + } + else + TEST_EQUAL( forced_status, status ); + + status = psa_mac_update( &operation, + input->x, input->len ); + if( forced_status == PSA_SUCCESS ) + TEST_EQUAL( test_driver_mac_hooks.hits, 2 ); + else + TEST_EQUAL( test_driver_mac_hooks.hits, 1 ); + if( forced_status == PSA_SUCCESS || + forced_status == PSA_ERROR_NOT_SUPPORTED ) + { + PSA_ASSERT( status ); + } + else + TEST_EQUAL( PSA_ERROR_BAD_STATE, status ); + + status = psa_mac_sign_finish( &operation, + actual_mac, mac_buffer_size, + &mac_length ); + if( forced_status == PSA_SUCCESS ) + TEST_EQUAL( test_driver_mac_hooks.hits, 4 ); + else + TEST_EQUAL( test_driver_mac_hooks.hits, 1 ); + + if( forced_status == PSA_SUCCESS || + forced_status == PSA_ERROR_NOT_SUPPORTED ) + { + PSA_ASSERT( status ); + } + else + TEST_EQUAL( PSA_ERROR_BAD_STATE, status ); + + PSA_ASSERT( psa_mac_abort( &operation ) ); + if( forced_status == PSA_SUCCESS ) + TEST_EQUAL( test_driver_mac_hooks.hits, 4 ); + else + TEST_EQUAL( test_driver_mac_hooks.hits, 1 ); + + if( forced_status == PSA_SUCCESS ) + { + ASSERT_COMPARE( expected_mac->x, expected_mac->len, + actual_mac, mac_length ); + } + + mbedtls_free( actual_mac ); + actual_mac = NULL; + +exit: + psa_mac_abort( &operation ); + psa_destroy_key( key ); + PSA_DONE( ); + mbedtls_free( actual_mac ); + test_driver_mac_hooks = test_driver_mac_hooks_init(); +} +/* END_CASE */ + +/* BEGIN_CASE */ +void mac_verify( int key_type_arg, + data_t *key_data, + int alg_arg, + data_t *input, + data_t *expected_mac, + int forced_status_arg ) +{ + mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; + psa_key_type_t key_type = key_type_arg; + psa_algorithm_t alg = alg_arg; + psa_mac_operation_t operation = PSA_MAC_OPERATION_INIT; + psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; + psa_status_t status = PSA_ERROR_GENERIC_ERROR; + psa_status_t forced_status = forced_status_arg; + test_driver_mac_hooks = test_driver_mac_hooks_init(); + + TEST_ASSERT( expected_mac->len <= PSA_MAC_MAX_SIZE ); + + PSA_ASSERT( psa_crypto_init( ) ); + + psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_VERIFY_HASH ); + psa_set_key_algorithm( &attributes, alg ); + psa_set_key_type( &attributes, key_type ); + + PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len, + &key ) ); + + test_driver_mac_hooks.forced_status = forced_status; + + /* Test the correct MAC. */ + status = psa_mac_verify_setup( &operation, key, alg ); + TEST_EQUAL( test_driver_mac_hooks.hits, 1 ); + + if( forced_status == PSA_SUCCESS || + forced_status == PSA_ERROR_NOT_SUPPORTED ) + { + PSA_ASSERT( status ); + } + else + TEST_EQUAL( forced_status, status ); + + status = psa_mac_update( &operation, + input->x, input->len ); + if( forced_status == PSA_SUCCESS ) + TEST_EQUAL( test_driver_mac_hooks.hits, 2 ); + else + TEST_EQUAL( test_driver_mac_hooks.hits, 1 ); + + if( forced_status == PSA_SUCCESS || + forced_status == PSA_ERROR_NOT_SUPPORTED ) + { + PSA_ASSERT( status ); + } + else + TEST_EQUAL( PSA_ERROR_BAD_STATE, status ); + + status = psa_mac_verify_finish( &operation, + expected_mac->x, + expected_mac->len ); + if( forced_status == PSA_SUCCESS ) + TEST_EQUAL( test_driver_mac_hooks.hits, 4 ); + else + TEST_EQUAL( test_driver_mac_hooks.hits, 1 ); + + if( forced_status == PSA_SUCCESS || + forced_status == PSA_ERROR_NOT_SUPPORTED ) + { + PSA_ASSERT( status ); + } + else + TEST_EQUAL( PSA_ERROR_BAD_STATE, status ); + + + PSA_ASSERT( psa_mac_abort( &operation ) ); + if( forced_status == PSA_SUCCESS ) + TEST_EQUAL( test_driver_mac_hooks.hits, 4 ); + else + TEST_EQUAL( test_driver_mac_hooks.hits, 1 ); + +exit: + psa_mac_abort( &operation ); + psa_destroy_key( key ); + PSA_DONE( ); + test_driver_mac_hooks = test_driver_mac_hooks_init(); +} +/* END_CASE */ + /* BEGIN_CASE depends_on:PSA_CRYPTO_DRIVER_TEST:MBEDTLS_PSA_CRYPTO_DRIVERS:MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS */ void builtin_key_export( int builtin_key_id_arg, int builtin_key_type_arg, diff --git a/visualc/VS2010/mbedTLS.vcxproj b/visualc/VS2010/mbedTLS.vcxproj index 46adbbec5f..9aa0b78df1 100644 --- a/visualc/VS2010/mbedTLS.vcxproj +++ b/visualc/VS2010/mbedTLS.vcxproj @@ -236,6 +236,7 @@ + @@ -384,6 +385,7 @@ + From 02fc62a6fa283593d717fa7a3c36abb8f7a32160 Mon Sep 17 00:00:00 2001 From: Steven Cooreman Date: Thu, 29 Apr 2021 15:32:42 +0200 Subject: [PATCH 062/188] Remove unused items from MAC operation context structure Apparently it was at some point assumed that there would be support for MAC algorithms with IV, but that hasn't been implemented yet. Until that time, these context structure members are superfluous and can be removed. Signed-off-by: Steven Cooreman --- include/psa/crypto_builtin_composites.h | 5 +---- library/psa_crypto_mac.c | 9 --------- 2 files changed, 1 insertion(+), 13 deletions(-) diff --git a/include/psa/crypto_builtin_composites.h b/include/psa/crypto_builtin_composites.h index e1acf3955b..3b0f82ad24 100644 --- a/include/psa/crypto_builtin_composites.h +++ b/include/psa/crypto_builtin_composites.h @@ -63,12 +63,9 @@ typedef struct { psa_algorithm_t alg; unsigned int key_set : 1; - unsigned int iv_required : 1; - unsigned int iv_set : 1; unsigned int has_input : 1; unsigned int is_sign : 1; uint8_t mac_size; - unsigned int id; union { unsigned dummy; /* Make the union non-empty even with no supported algorithms. */ @@ -81,7 +78,7 @@ typedef struct } ctx; } mbedtls_psa_mac_operation_t; -#define MBEDTLS_PSA_MAC_OPERATION_INIT {0, 0, 0, 0, 0, 0, 0, 0, {0}} +#define MBEDTLS_PSA_MAC_OPERATION_INIT {0, 0, 0, 0, 0, {0}} /* * BEYOND THIS POINT, TEST DRIVER DECLARATIONS ONLY. diff --git a/library/psa_crypto_mac.c b/library/psa_crypto_mac.c index 5ea2f1760c..0189cded8a 100644 --- a/library/psa_crypto_mac.c +++ b/library/psa_crypto_mac.c @@ -247,15 +247,12 @@ static psa_status_t mac_init( operation->alg = PSA_ALG_FULL_LENGTH_MAC( alg ); operation->key_set = 0; - operation->iv_set = 0; - operation->iv_required = 0; operation->has_input = 0; operation->is_sign = 0; #if defined(BUILTIN_ALG_CMAC) if( operation->alg == PSA_ALG_CMAC ) { - operation->iv_required = 0; mbedtls_cipher_init( &operation->ctx.cmac ); status = PSA_SUCCESS; } @@ -312,8 +309,6 @@ static psa_status_t mac_abort( mbedtls_psa_mac_operation_t *operation ) operation->alg = 0; operation->key_set = 0; - operation->iv_set = 0; - operation->iv_required = 0; operation->has_input = 0; operation->is_sign = 0; @@ -452,8 +447,6 @@ static psa_status_t mac_update( { if( ! operation->key_set ) return( PSA_ERROR_BAD_STATE ); - if( operation->iv_required && ! operation->iv_set ) - return( PSA_ERROR_BAD_STATE ); operation->has_input = 1; #if defined(BUILTIN_ALG_CMAC) @@ -486,8 +479,6 @@ static psa_status_t mac_finish_internal( mbedtls_psa_mac_operation_t *operation, { if( ! operation->key_set ) return( PSA_ERROR_BAD_STATE ); - if( operation->iv_required && ! operation->iv_set ) - return( PSA_ERROR_BAD_STATE ); if( mac_size < operation->mac_size ) return( PSA_ERROR_BUFFER_TOO_SMALL ); From ba9a5bf5e7825c836dd49ec9e512a2b20718d99e Mon Sep 17 00:00:00 2001 From: Steven Cooreman Date: Thu, 29 Apr 2021 16:21:24 +0200 Subject: [PATCH 063/188] Code flow/readability improvements after review * Early return since there's nothing to clean up * Get rid of unnecessary local variable * Check algorithm validity for MAC in the PSA core instead of in the driver Signed-off-by: Steven Cooreman --- library/psa_crypto.c | 14 +++++++++----- library/psa_crypto_mac.c | 5 ++--- 2 files changed, 11 insertions(+), 8 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 01ddb524dc..293f40e656 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -2267,18 +2267,22 @@ static psa_status_t psa_mac_setup( psa_mac_operation_t *operation, psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED; psa_key_slot_t *slot; - psa_key_usage_t usage = - is_sign ? PSA_KEY_USAGE_SIGN_HASH : PSA_KEY_USAGE_VERIFY_HASH; - size_t mac_size = 0; + size_t mac_size; /* A context must be freshly initialized before it can be set up. */ if( operation->id != 0 ) return( PSA_ERROR_BAD_STATE ); + if( ! PSA_ALG_IS_MAC( alg ) ) + return( PSA_ERROR_INVALID_ARGUMENT ); + status = psa_get_and_lock_key_slot_with_policy( - key, &slot, usage, alg ); + key, + &slot, + is_sign ? PSA_KEY_USAGE_SIGN_HASH : PSA_KEY_USAGE_VERIFY_HASH, + alg ); if( status != PSA_SUCCESS ) - goto exit; + return( status ); psa_key_attributes_t attributes = { .core = slot->attr diff --git a/library/psa_crypto_mac.c b/library/psa_crypto_mac.c index 0189cded8a..d8e229325d 100644 --- a/library/psa_crypto_mac.c +++ b/library/psa_crypto_mac.c @@ -243,7 +243,7 @@ static psa_status_t mac_init( mbedtls_psa_mac_operation_t *operation, psa_algorithm_t alg ) { - psa_status_t status = PSA_ERROR_NOT_SUPPORTED; + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; operation->alg = PSA_ALG_FULL_LENGTH_MAC( alg ); operation->key_set = 0; @@ -268,8 +268,7 @@ static psa_status_t mac_init( else #endif /* BUILTIN_ALG_HMAC */ { - if( ! PSA_ALG_IS_MAC( alg ) ) - status = PSA_ERROR_INVALID_ARGUMENT; + status = PSA_ERROR_NOT_SUPPORTED; } if( status != PSA_SUCCESS ) From a4638e708e5c883ee4532b7dadea7287c4764d67 Mon Sep 17 00:00:00 2001 From: Steven Cooreman Date: Thu, 29 Apr 2021 16:24:36 +0200 Subject: [PATCH 064/188] Remove redundant key_set from MAC operation structure The purpose of key_set was to guard the operation structure from being used for update/finish before a key was set. Now that the implementation fully adheres to the PSA API, that function is covered by the `alg` variable instead. It's set to the algorithm in use when a key is set, and is zero when the operation is reset/invalid. Signed-off-by: Steven Cooreman --- include/psa/crypto_builtin_composites.h | 3 +-- library/psa_crypto_mac.c | 11 +++-------- 2 files changed, 4 insertions(+), 10 deletions(-) diff --git a/include/psa/crypto_builtin_composites.h b/include/psa/crypto_builtin_composites.h index 3b0f82ad24..780a6c54e3 100644 --- a/include/psa/crypto_builtin_composites.h +++ b/include/psa/crypto_builtin_composites.h @@ -62,7 +62,6 @@ typedef struct typedef struct { psa_algorithm_t alg; - unsigned int key_set : 1; unsigned int has_input : 1; unsigned int is_sign : 1; uint8_t mac_size; @@ -78,7 +77,7 @@ typedef struct } ctx; } mbedtls_psa_mac_operation_t; -#define MBEDTLS_PSA_MAC_OPERATION_INIT {0, 0, 0, 0, 0, {0}} +#define MBEDTLS_PSA_MAC_OPERATION_INIT {0, 0, 0, 0, {0}} /* * BEYOND THIS POINT, TEST DRIVER DECLARATIONS ONLY. diff --git a/library/psa_crypto_mac.c b/library/psa_crypto_mac.c index d8e229325d..7122ecdd36 100644 --- a/library/psa_crypto_mac.c +++ b/library/psa_crypto_mac.c @@ -246,7 +246,6 @@ static psa_status_t mac_init( psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; operation->alg = PSA_ALG_FULL_LENGTH_MAC( alg ); - operation->key_set = 0; operation->has_input = 0; operation->is_sign = 0; @@ -307,7 +306,6 @@ static psa_status_t mac_abort( mbedtls_psa_mac_operation_t *operation ) } operation->alg = 0; - operation->key_set = 0; operation->has_input = 0; operation->is_sign = 0; @@ -385,9 +383,7 @@ static psa_status_t mac_setup( mbedtls_psa_mac_operation_t *operation, } exit: - if( status == PSA_SUCCESS ) - operation->key_set = 1; - else + if( status != PSA_SUCCESS ) mac_abort( operation ); return( status ); @@ -444,7 +440,7 @@ static psa_status_t mac_update( const uint8_t *input, size_t input_length ) { - if( ! operation->key_set ) + if( operation->alg == 0 ) return( PSA_ERROR_BAD_STATE ); operation->has_input = 1; @@ -476,9 +472,8 @@ static psa_status_t mac_finish_internal( mbedtls_psa_mac_operation_t *operation, uint8_t *mac, size_t mac_size ) { - if( ! operation->key_set ) + if( operation->alg == 0 ) return( PSA_ERROR_BAD_STATE ); - if( mac_size < operation->mac_size ) return( PSA_ERROR_BUFFER_TOO_SMALL ); From 36876a01a46fa9d067166121868f2fe81f0fbdc5 Mon Sep 17 00:00:00 2001 From: Steven Cooreman Date: Thu, 29 Apr 2021 16:37:59 +0200 Subject: [PATCH 065/188] Make safer_memcmp available to all compile units under PSA Now renamed to mbedtls_psa_safer_memcmp, it provides a single location for buffer comparison. Signed-off-by: Steven Cooreman --- library/psa_crypto.c | 18 ++---------------- library/psa_crypto_core.h | 20 ++++++++++++++++++++ library/psa_crypto_mac.c | 14 +------------- 3 files changed, 23 insertions(+), 29 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 293f40e656..432b77a31a 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -93,20 +93,6 @@ #define ARRAY_LENGTH( array ) ( sizeof( array ) / sizeof( *( array ) ) ) -/* constant-time buffer comparison */ -static inline int safer_memcmp( const uint8_t *a, const uint8_t *b, size_t n ) -{ - size_t i; - unsigned char diff = 0; - - for( i = 0; i < n; i++ ) - diff |= a[i] ^ b[i]; - - return( diff ); -} - - - /****************************************************************/ /* Global data, support functions and library management */ /****************************************************************/ @@ -2184,7 +2170,7 @@ psa_status_t psa_hash_verify( psa_hash_operation_t *operation, return( status ); if( actual_hash_length != hash_length ) return( PSA_ERROR_INVALID_SIGNATURE ); - if( safer_memcmp( hash, actual_hash, actual_hash_length ) != 0 ) + if( mbedtls_psa_safer_memcmp( hash, actual_hash, actual_hash_length ) != 0 ) return( PSA_ERROR_INVALID_SIGNATURE ); return( PSA_SUCCESS ); } @@ -2220,7 +2206,7 @@ psa_status_t psa_hash_compare( psa_algorithm_t alg, return( status ); if( actual_hash_length != hash_length ) return( PSA_ERROR_INVALID_SIGNATURE ); - if( safer_memcmp( hash, actual_hash, actual_hash_length ) != 0 ) + if( mbedtls_psa_safer_memcmp( hash, actual_hash, actual_hash_length ) != 0 ) return( PSA_ERROR_INVALID_SIGNATURE ); return( PSA_SUCCESS ); } diff --git a/library/psa_crypto_core.h b/library/psa_crypto_core.h index 90f9d18630..b75e59a819 100644 --- a/library/psa_crypto_core.h +++ b/library/psa_crypto_core.h @@ -30,6 +30,26 @@ #include "psa/crypto.h" #include "psa/crypto_se_driver.h" +/** Constant-time buffer comparison + * + * \param[in] a Left-hand buffer for comparison. + * \param[in] b Right-hand buffer for comparison. + * \param n Amount of bytes to compare. + * + * \return 0 if the buffer contents are equal, non-zero otherwise + */ +static inline int mbedtls_psa_safer_memcmp( + const uint8_t *a, const uint8_t *b, size_t n ) +{ + size_t i; + unsigned char diff = 0; + + for( i = 0; i < n; i++ ) + diff |= a[i] ^ b[i]; + + return( diff ); +} + /** The data structure representing a key slot, containing key material * and metadata for one key. */ diff --git a/library/psa_crypto_mac.c b/library/psa_crypto_mac.c index 7122ecdd36..854aee4f0b 100644 --- a/library/psa_crypto_mac.c +++ b/library/psa_crypto_mac.c @@ -526,18 +526,6 @@ static psa_status_t mac_sign_finish( return( status ); } -/* constant-time buffer comparison */ -static inline int safer_memcmp( const uint8_t *a, const uint8_t *b, size_t n ) -{ - size_t i; - unsigned char diff = 0; - - for( i = 0; i < n; i++ ) - diff |= a[i] ^ b[i]; - - return( diff ); -} - static psa_status_t mac_verify_finish( mbedtls_psa_mac_operation_t *operation, const uint8_t *mac, @@ -562,7 +550,7 @@ static psa_status_t mac_verify_finish( if( status != PSA_SUCCESS ) goto cleanup; - if( safer_memcmp( mac, actual_mac, mac_length ) != 0 ) + if( mbedtls_psa_safer_memcmp( mac, actual_mac, mac_length ) != 0 ) status = PSA_ERROR_INVALID_SIGNATURE; cleanup: From dd1a915c0f0236c5b4c76247dd8383743c8f4d89 Mon Sep 17 00:00:00 2001 From: Steven Cooreman Date: Thu, 29 Apr 2021 17:49:11 +0200 Subject: [PATCH 066/188] Rename HMAC operation structure Prefix with 'mbedtls_psa' as per the other types which implement some sort of algorithm in software. Signed-off-by: Steven Cooreman --- include/psa/crypto_builtin_composites.h | 4 ++-- include/psa/crypto_struct.h | 4 ++-- library/psa_crypto.c | 2 +- library/psa_crypto_mac.c | 13 +++++++------ library/psa_crypto_mac.h | 13 +++++++------ 5 files changed, 19 insertions(+), 17 deletions(-) diff --git a/include/psa/crypto_builtin_composites.h b/include/psa/crypto_builtin_composites.h index 780a6c54e3..81a8ec7191 100644 --- a/include/psa/crypto_builtin_composites.h +++ b/include/psa/crypto_builtin_composites.h @@ -52,7 +52,7 @@ typedef struct struct psa_hash_operation_s hash_ctx; /** The HMAC part of the context. */ uint8_t opad[PSA_HMAC_MAX_HASH_BLOCK_SIZE]; -} psa_hmac_internal_data_t; +} mbedtls_psa_hmac_operation_t; #define MBEDTLS_PSA_HMAC_OPERATION_INIT {0, PSA_HASH_OPERATION_INIT, {0}} #endif /* PSA_WANT_ALG_HMAC */ @@ -69,7 +69,7 @@ typedef struct { unsigned dummy; /* Make the union non-empty even with no supported algorithms. */ #if defined(PSA_WANT_ALG_HMAC) - psa_hmac_internal_data_t hmac; + mbedtls_psa_hmac_operation_t hmac; #endif #if defined(MBEDTLS_CMAC_C) mbedtls_cipher_context_t cmac; diff --git a/include/psa/crypto_struct.h b/include/psa/crypto_struct.h index 23a090836e..79c4285a52 100644 --- a/include/psa/crypto_struct.h +++ b/include/psa/crypto_struct.h @@ -173,7 +173,7 @@ typedef struct { uint8_t *info; size_t info_length; - psa_hmac_internal_data_t hmac; + mbedtls_psa_hmac_operation_t hmac; uint8_t prk[PSA_HASH_MAX_SIZE]; uint8_t output_block[PSA_HASH_MAX_SIZE]; #if PSA_HASH_MAX_SIZE > 0xff @@ -215,7 +215,7 @@ typedef struct psa_tls12_prf_key_derivation_s size_t seed_length; uint8_t *label; size_t label_length; - psa_hmac_internal_data_t hmac; + mbedtls_psa_hmac_operation_t hmac; uint8_t Ai[PSA_HASH_MAX_SIZE]; /* `HMAC_hash( prk, A(i) + seed )` in the notation of RFC 5246, Sect. 5. */ diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 432b77a31a..f0a43e3ad5 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -3355,7 +3355,7 @@ static psa_status_t psa_key_derivation_tls12_prf_generate_next_block( { psa_algorithm_t hash_alg = PSA_ALG_HKDF_GET_HASH( alg ); uint8_t hash_length = PSA_HASH_LENGTH( hash_alg ); - psa_hmac_internal_data_t backup = MBEDTLS_PSA_HMAC_OPERATION_INIT; + mbedtls_psa_hmac_operation_t backup = MBEDTLS_PSA_HMAC_OPERATION_INIT; psa_status_t status, cleanup_status; /* We can't be wanting more output after block 0xff, otherwise diff --git a/library/psa_crypto_mac.c b/library/psa_crypto_mac.c index 854aee4f0b..ac026ff4c9 100644 --- a/library/psa_crypto_mac.c +++ b/library/psa_crypto_mac.c @@ -69,13 +69,13 @@ static size_t psa_get_hash_block_size( psa_algorithm_t alg ) } } -psa_status_t psa_hmac_abort_internal( psa_hmac_internal_data_t *hmac ) +psa_status_t psa_hmac_abort_internal( mbedtls_psa_hmac_operation_t *hmac ) { mbedtls_platform_zeroize( hmac->opad, sizeof( hmac->opad ) ); return( psa_hash_abort( &hmac->hash_ctx ) ); } -psa_status_t psa_hmac_setup_internal( psa_hmac_internal_data_t *hmac, +psa_status_t psa_hmac_setup_internal( mbedtls_psa_hmac_operation_t *hmac, const uint8_t *key, size_t key_length, psa_algorithm_t hash_alg ) @@ -139,14 +139,14 @@ cleanup: return( status ); } -psa_status_t psa_hmac_update_internal( psa_hmac_internal_data_t *hmac, +psa_status_t psa_hmac_update_internal( mbedtls_psa_hmac_operation_t *hmac, const uint8_t *data, size_t data_length ) { return( psa_hash_update( &hmac->hash_ctx, data, data_length ) ); } -psa_status_t psa_hmac_finish_internal( psa_hmac_internal_data_t *hmac, +psa_status_t psa_hmac_finish_internal( mbedtls_psa_hmac_operation_t *hmac, uint8_t *mac, size_t mac_size ) { @@ -184,8 +184,9 @@ exit: return( status ); } -psa_status_t psa_hmac_clone_internal( const psa_hmac_internal_data_t *source, - psa_hmac_internal_data_t *destination ) +psa_status_t psa_hmac_clone_internal( + const mbedtls_psa_hmac_operation_t *source, + mbedtls_psa_hmac_operation_t *destination ) { psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; diff --git a/library/psa_crypto_mac.h b/library/psa_crypto_mac.h index e63da5304f..b7f2a6c3b9 100644 --- a/library/psa_crypto_mac.h +++ b/library/psa_crypto_mac.h @@ -39,7 +39,7 @@ * \return Any error code reported by psa_hash_compute(), psa_hash_setup() or * psa_hash_update(). */ -psa_status_t psa_hmac_setup_internal( psa_hmac_internal_data_t *hmac, +psa_status_t psa_hmac_setup_internal( mbedtls_psa_hmac_operation_t *hmac, const uint8_t *key, size_t key_length, psa_algorithm_t hash_alg ); @@ -59,7 +59,7 @@ psa_status_t psa_hmac_setup_internal( psa_hmac_internal_data_t *hmac, * Success. * \return Any error code reported by psa_hash_update(). */ -psa_status_t psa_hmac_update_internal( psa_hmac_internal_data_t *hmac, +psa_status_t psa_hmac_update_internal( mbedtls_psa_hmac_operation_t *hmac, const uint8_t *data, size_t data_length ); @@ -78,7 +78,7 @@ psa_status_t psa_hmac_update_internal( psa_hmac_internal_data_t *hmac, * \return Any error code reported by psa_hash_setup(), psa_hash_update() or * psa_hash_finish(). */ -psa_status_t psa_hmac_finish_internal( psa_hmac_internal_data_t *hmac, +psa_status_t psa_hmac_finish_internal( mbedtls_psa_hmac_operation_t *hmac, uint8_t *mac, size_t mac_size ); @@ -96,8 +96,9 @@ psa_status_t psa_hmac_finish_internal( psa_hmac_internal_data_t *hmac, * Success. * \return Any error code reported by psa_hash_clone(). */ -psa_status_t psa_hmac_clone_internal( const psa_hmac_internal_data_t *source, - psa_hmac_internal_data_t *destination ); +psa_status_t psa_hmac_clone_internal( + const mbedtls_psa_hmac_operation_t *source, + mbedtls_psa_hmac_operation_t *destination ); /** Internal API for aborting an HMAC operation, using PSA hash primitives. * @@ -110,7 +111,7 @@ psa_status_t psa_hmac_clone_internal( const psa_hmac_internal_data_t *source, * Success. * \return Any error code reported by psa_hash_abort(). */ -psa_status_t psa_hmac_abort_internal( psa_hmac_internal_data_t *hmac ); +psa_status_t psa_hmac_abort_internal( mbedtls_psa_hmac_operation_t *hmac ); /** Calculate the MAC (message authentication code) of a message using Mbed TLS. * From ac8d82a6f825ff937d36e0acb17de7b83832c49e Mon Sep 17 00:00:00 2001 From: Steven Cooreman Date: Thu, 29 Apr 2021 18:01:53 +0200 Subject: [PATCH 067/188] Use the correct guards on the context structures for MAC/HKDF/PRF Signed-off-by: Steven Cooreman --- include/psa/crypto_builtin_composites.h | 12 ++++++------ include/psa/crypto_struct.h | 15 ++++++++++----- 2 files changed, 16 insertions(+), 11 deletions(-) diff --git a/include/psa/crypto_builtin_composites.h b/include/psa/crypto_builtin_composites.h index 81a8ec7191..6979dec42a 100644 --- a/include/psa/crypto_builtin_composites.h +++ b/include/psa/crypto_builtin_composites.h @@ -43,7 +43,7 @@ #define MBEDTLS_PSA_BUILTIN_MAC #endif -#if defined(PSA_WANT_ALG_HMAC) +#if defined(MBEDTLS_PSA_BUILTIN_ALG_HMAC) || defined(PSA_CRYPTO_DRIVER_TEST) typedef struct { /** The HMAC algorithm in use */ @@ -55,7 +55,7 @@ typedef struct } mbedtls_psa_hmac_operation_t; #define MBEDTLS_PSA_HMAC_OPERATION_INIT {0, PSA_HASH_OPERATION_INIT, {0}} -#endif /* PSA_WANT_ALG_HMAC */ +#endif /* MBEDTLS_PSA_BUILTIN_ALG_HMAC */ #include "mbedtls/cmac.h" @@ -68,12 +68,12 @@ typedef struct union { unsigned dummy; /* Make the union non-empty even with no supported algorithms. */ -#if defined(PSA_WANT_ALG_HMAC) +#if defined(MBEDTLS_PSA_BUILTIN_ALG_HMAC) || defined(PSA_CRYPTO_DRIVER_TEST) mbedtls_psa_hmac_operation_t hmac; -#endif -#if defined(MBEDTLS_CMAC_C) +#endif /* MBEDTLS_PSA_BUILTIN_ALG_HMAC */ +#if defined(MBEDTLS_PSA_BUILTIN_ALG_CMAC) || defined(PSA_CRYPTO_DRIVER_TEST) mbedtls_cipher_context_t cmac; -#endif +#endif /* MBEDTLS_PSA_BUILTIN_ALG_CMAC */ } ctx; } mbedtls_psa_mac_operation_t; diff --git a/include/psa/crypto_struct.h b/include/psa/crypto_struct.h index 79c4285a52..22b5fc2fb7 100644 --- a/include/psa/crypto_struct.h +++ b/include/psa/crypto_struct.h @@ -168,7 +168,7 @@ static inline struct psa_aead_operation_s psa_aead_operation_init( void ) return( v ); } -#if defined(MBEDTLS_MD_C) +#if defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF) typedef struct { uint8_t *info; @@ -184,9 +184,10 @@ typedef struct unsigned int state : 2; unsigned int info_set : 1; } psa_hkdf_key_derivation_t; -#endif /* MBEDTLS_MD_C */ +#endif /* MBEDTLS_PSA_BUILTIN_ALG_HKDF */ -#if defined(MBEDTLS_MD_C) +#if defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_PRF) || \ + defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_PSK_TO_MS) typedef enum { PSA_TLS12_PRF_STATE_INIT, /* no input provided */ @@ -221,7 +222,8 @@ typedef struct psa_tls12_prf_key_derivation_s /* `HMAC_hash( prk, A(i) + seed )` in the notation of RFC 5246, Sect. 5. */ uint8_t output_block[PSA_HASH_MAX_SIZE]; } psa_tls12_prf_key_derivation_t; -#endif /* MBEDTLS_MD_C */ +#endif /* MBEDTLS_PSA_BUILTIN_ALG_TLS12_PRF) || + * MBEDTLS_PSA_BUILTIN_ALG_TLS12_PSK_TO_MS */ struct psa_key_derivation_s { @@ -232,8 +234,11 @@ struct psa_key_derivation_s { /* Make the union non-empty even with no supported algorithms. */ uint8_t dummy; -#if defined(MBEDTLS_MD_C) +#if defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF) psa_hkdf_key_derivation_t hkdf; +#endif +#if defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_PRF) || \ + defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_PSK_TO_MS) psa_tls12_prf_key_derivation_t tls12_prf; #endif } ctx; From d1ed1d935f5938a767cd66a15f8e6526b164b466 Mon Sep 17 00:00:00 2001 From: Steven Cooreman Date: Thu, 29 Apr 2021 19:11:25 +0200 Subject: [PATCH 068/188] Make HKDF use the generic MAC API Such that the underlying HMAC can be accelerated if such a driver is present Signed-off-by: Steven Cooreman --- include/psa/crypto_struct.h | 2 +- library/psa_crypto.c | 100 ++++++++++++++++++++++++------------ 2 files changed, 68 insertions(+), 34 deletions(-) diff --git a/include/psa/crypto_struct.h b/include/psa/crypto_struct.h index 22b5fc2fb7..6b4cda60a0 100644 --- a/include/psa/crypto_struct.h +++ b/include/psa/crypto_struct.h @@ -173,7 +173,7 @@ typedef struct { uint8_t *info; size_t info_length; - mbedtls_psa_hmac_operation_t hmac; + psa_mac_operation_t hmac; uint8_t prk[PSA_HASH_MAX_SIZE]; uint8_t output_block[PSA_HASH_MAX_SIZE]; #if PSA_HASH_MAX_SIZE > 0xff diff --git a/library/psa_crypto.c b/library/psa_crypto.c index f0a43e3ad5..05af159a26 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -3213,7 +3213,7 @@ psa_status_t psa_key_derivation_abort( psa_key_derivation_operation_t *operation if( PSA_ALG_IS_HKDF( kdf_alg ) ) { mbedtls_free( operation->ctx.hkdf.info ); - status = psa_hmac_abort_internal( &operation->ctx.hkdf.hmac ); + status = psa_mac_abort( &operation->ctx.hkdf.hmac ); } else #endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF */ @@ -3280,11 +3280,12 @@ psa_status_t psa_key_derivation_set_capacity( psa_key_derivation_operation_t *op /* Read some bytes from an HKDF-based operation. This performs a chunk * of the expand phase of the HKDF algorithm. */ static psa_status_t psa_key_derivation_hkdf_read( psa_hkdf_key_derivation_t *hkdf, - psa_algorithm_t hash_alg, - uint8_t *output, - size_t output_length ) + psa_algorithm_t hash_alg, + uint8_t *output, + size_t output_length ) { uint8_t hash_length = PSA_HASH_LENGTH( hash_alg ); + size_t hmac_output_length; psa_status_t status; if( hkdf->state < HKDF_STATE_KEYED || ! hkdf->info_set ) @@ -3314,31 +3315,42 @@ static psa_status_t psa_key_derivation_hkdf_read( psa_hkdf_key_derivation_t *hkd /* We need a new block */ ++hkdf->block_number; hkdf->offset_in_block = 0; - status = psa_hmac_setup_internal( &hkdf->hmac, - hkdf->prk, hash_length, - hash_alg ); + + psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; + psa_set_key_type( &attributes, PSA_KEY_TYPE_HMAC ); + psa_set_key_bits( &attributes, + PSA_BYTES_TO_BITS( hash_length ) ); + psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_SIGN_HASH ); + + status = psa_driver_wrapper_mac_sign_setup( &hkdf->hmac, + &attributes, + hkdf->prk, hash_length, + PSA_ALG_HMAC( hash_alg ) ); + psa_reset_key_attributes( &attributes ); if( status != PSA_SUCCESS ) return( status ); + if( hkdf->block_number != 1 ) { - status = psa_hmac_update_internal( &hkdf->hmac, - hkdf->output_block, - hash_length ); + status = psa_mac_update( &hkdf->hmac, + hkdf->output_block, + hash_length ); if( status != PSA_SUCCESS ) return( status ); } - status = psa_hmac_update_internal( &hkdf->hmac, - hkdf->info, - hkdf->info_length ); + status = psa_mac_update( &hkdf->hmac, + hkdf->info, + hkdf->info_length ); if( status != PSA_SUCCESS ) return( status ); - status = psa_hmac_update_internal( &hkdf->hmac, - &hkdf->block_number, 1 ); + status = psa_mac_update( &hkdf->hmac, + &hkdf->block_number, 1 ); if( status != PSA_SUCCESS ) return( status ); - status = psa_hmac_finish_internal( &hkdf->hmac, - hkdf->output_block, - sizeof( hkdf->output_block ) ); + status = psa_mac_sign_finish( &hkdf->hmac, + hkdf->output_block, + sizeof( hkdf->output_block ), + &hmac_output_length ); if( status != PSA_SUCCESS ) return( status ); } @@ -3778,33 +3790,55 @@ static psa_status_t psa_hkdf_input( psa_hkdf_key_derivation_t *hkdf, case PSA_KEY_DERIVATION_INPUT_SALT: if( hkdf->state != HKDF_STATE_INIT ) return( PSA_ERROR_BAD_STATE ); - status = psa_hmac_setup_internal( &hkdf->hmac, - data, data_length, - hash_alg ); - if( status != PSA_SUCCESS ) - return( status ); - hkdf->state = HKDF_STATE_STARTED; - return( PSA_SUCCESS ); + else + { + /* In a scope block due to scope-local attributes variable */ + psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; + psa_set_key_type( &attributes, PSA_KEY_TYPE_HMAC ); + psa_set_key_bits( &attributes, + PSA_BYTES_TO_BITS( data_length ) ); + psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_SIGN_HASH ); + + status = psa_driver_wrapper_mac_sign_setup( + &hkdf->hmac, + &attributes, + data, data_length, + PSA_ALG_HMAC( hash_alg ) ); + psa_reset_key_attributes( &attributes ); + if( status != PSA_SUCCESS ) + return( status ); + hkdf->state = HKDF_STATE_STARTED; + return( PSA_SUCCESS ); + } case PSA_KEY_DERIVATION_INPUT_SECRET: /* If no salt was provided, use an empty salt. */ if( hkdf->state == HKDF_STATE_INIT ) { - status = psa_hmac_setup_internal( &hkdf->hmac, - NULL, 0, - hash_alg ); + psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; + psa_set_key_type( &attributes, PSA_KEY_TYPE_HMAC ); + psa_set_key_bits( &attributes, 0 ); + psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_SIGN_HASH ); + + status = psa_driver_wrapper_mac_sign_setup( + &hkdf->hmac, + &attributes, + NULL, 0, + PSA_ALG_HMAC( hash_alg ) ); + psa_reset_key_attributes( &attributes ); if( status != PSA_SUCCESS ) return( status ); hkdf->state = HKDF_STATE_STARTED; } if( hkdf->state != HKDF_STATE_STARTED ) return( PSA_ERROR_BAD_STATE ); - status = psa_hmac_update_internal( &hkdf->hmac, - data, data_length ); + status = psa_mac_update( &hkdf->hmac, + data, data_length ); if( status != PSA_SUCCESS ) return( status ); - status = psa_hmac_finish_internal( &hkdf->hmac, - hkdf->prk, - sizeof( hkdf->prk ) ); + status = psa_mac_sign_finish( &hkdf->hmac, + hkdf->prk, + sizeof( hkdf->prk ), + &data_length ); if( status != PSA_SUCCESS ) return( status ); hkdf->offset_in_block = PSA_HASH_LENGTH( hash_alg ); From a6df6040eec06b4defb5dadb8f0be774d3fb34ec Mon Sep 17 00:00:00 2001 From: Steven Cooreman Date: Thu, 29 Apr 2021 19:32:25 +0200 Subject: [PATCH 069/188] Base the PSA implementation of TLS 1.2 PRF on the MAC API This means there is no longer a need to have an internal HMAC API, so it is being removed in this commit as well. Signed-off-by: Steven Cooreman --- include/psa/crypto_struct.h | 4 +- library/psa_crypto.c | 106 +++++++++++++++++++++--------------- library/psa_crypto_mac.c | 47 ++++++---------- library/psa_crypto_mac.h | 90 ------------------------------ 4 files changed, 81 insertions(+), 166 deletions(-) diff --git a/include/psa/crypto_struct.h b/include/psa/crypto_struct.h index 6b4cda60a0..fc7e7785cc 100644 --- a/include/psa/crypto_struct.h +++ b/include/psa/crypto_struct.h @@ -212,11 +212,13 @@ typedef struct psa_tls12_prf_key_derivation_s psa_tls12_prf_key_derivation_state_t state; + uint8_t *secret; + size_t secret_length; uint8_t *seed; size_t seed_length; uint8_t *label; size_t label_length; - mbedtls_psa_hmac_operation_t hmac; + uint8_t Ai[PSA_HASH_MAX_SIZE]; /* `HMAC_hash( prk, A(i) + seed )` in the notation of RFC 5246, Sect. 5. */ diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 05af159a26..04a0637286 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -3223,6 +3223,13 @@ psa_status_t psa_key_derivation_abort( psa_key_derivation_operation_t *operation /* TLS-1.2 PSK-to-MS KDF uses the same core as TLS-1.2 PRF */ PSA_ALG_IS_TLS12_PSK_TO_MS( kdf_alg ) ) { + if( operation->ctx.tls12_prf.secret != NULL ) + { + mbedtls_platform_zeroize( operation->ctx.tls12_prf.secret, + operation->ctx.tls12_prf.secret_length ); + mbedtls_free( operation->ctx.tls12_prf.secret ); + } + if( operation->ctx.tls12_prf.seed != NULL ) { mbedtls_platform_zeroize( operation->ctx.tls12_prf.seed, @@ -3237,7 +3244,7 @@ psa_status_t psa_key_derivation_abort( psa_key_derivation_operation_t *operation mbedtls_free( operation->ctx.tls12_prf.label ); } - status = psa_hmac_abort_internal( &operation->ctx.tls12_prf.hmac ); + status = PSA_SUCCESS; /* We leave the fields Ai and output_block to be erased safely by the * mbedtls_platform_zeroize() in the end of this function. */ @@ -3367,7 +3374,8 @@ static psa_status_t psa_key_derivation_tls12_prf_generate_next_block( { psa_algorithm_t hash_alg = PSA_ALG_HKDF_GET_HASH( alg ); uint8_t hash_length = PSA_HASH_LENGTH( hash_alg ); - mbedtls_psa_hmac_operation_t backup = MBEDTLS_PSA_HMAC_OPERATION_INIT; + psa_mac_operation_t hmac = PSA_MAC_OPERATION_INIT; + size_t hmac_output_length; psa_status_t status, cleanup_status; /* We can't be wanting more output after block 0xff, otherwise @@ -3399,10 +3407,17 @@ static psa_status_t psa_key_derivation_tls12_prf_generate_next_block( * `block_number`. */ - /* Save the hash context before using it, to preserve the hash state with - * only the inner padding in it. We need this, because inner padding depends - * on the key (secret in the RFC's terminology). */ - status = psa_hmac_clone_internal( &tls12_prf->hmac, &backup ); + psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; + psa_set_key_type( &attributes, PSA_KEY_TYPE_HMAC ); + psa_set_key_bits( &attributes, + PSA_BYTES_TO_BITS( tls12_prf->secret_length ) ); + psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_SIGN_HASH ); + + status = psa_driver_wrapper_mac_sign_setup( &hmac, + &attributes, + tls12_prf->secret, + tls12_prf->secret_length, + PSA_ALG_HMAC( hash_alg ) ); if( status != PSA_SUCCESS ) goto cleanup; @@ -3412,59 +3427,61 @@ static psa_status_t psa_key_derivation_tls12_prf_generate_next_block( /* A(1) = HMAC_hash(secret, A(0)), where A(0) = seed. (The RFC overloads * the variable seed and in this instance means it in the context of the * P_hash function, where seed = label + seed.) */ - status = psa_hmac_update_internal( &tls12_prf->hmac, - tls12_prf->label, - tls12_prf->label_length ); + status = psa_mac_update( &hmac, + tls12_prf->label, + tls12_prf->label_length ); if( status != PSA_SUCCESS ) goto cleanup; - status = psa_hmac_update_internal( &tls12_prf->hmac, - tls12_prf->seed, - tls12_prf->seed_length ); + status = psa_mac_update( &hmac, + tls12_prf->seed, + tls12_prf->seed_length ); if( status != PSA_SUCCESS ) goto cleanup; } else { /* A(i) = HMAC_hash(secret, A(i-1)) */ - status = psa_hmac_update_internal( &tls12_prf->hmac, - tls12_prf->Ai, hash_length ); + status = psa_mac_update( &hmac, tls12_prf->Ai, hash_length ); if( status != PSA_SUCCESS ) goto cleanup; } - status = psa_hmac_finish_internal( &tls12_prf->hmac, - tls12_prf->Ai, hash_length ); - if( status != PSA_SUCCESS ) - goto cleanup; - status = psa_hmac_clone_internal( &backup, &tls12_prf->hmac ); + status = psa_mac_sign_finish( &hmac, + tls12_prf->Ai, hash_length, + &hmac_output_length ); + if( hmac_output_length != hash_length ) + status = PSA_ERROR_CORRUPTION_DETECTED; if( status != PSA_SUCCESS ) goto cleanup; /* Calculate HMAC_hash(secret, A(i) + label + seed). */ - status = psa_hmac_update_internal( &tls12_prf->hmac, - tls12_prf->Ai, hash_length ); + status = psa_driver_wrapper_mac_sign_setup( &hmac, + &attributes, + tls12_prf->secret, + tls12_prf->secret_length, + PSA_ALG_HMAC( hash_alg ) ); if( status != PSA_SUCCESS ) goto cleanup; - status = psa_hmac_update_internal( &tls12_prf->hmac, - tls12_prf->label, tls12_prf->label_length ); + status = psa_mac_update( &hmac, tls12_prf->Ai, hash_length ); if( status != PSA_SUCCESS ) goto cleanup; - status = psa_hmac_update_internal( &tls12_prf->hmac, - tls12_prf->seed, tls12_prf->seed_length ); + status = psa_mac_update( &hmac, tls12_prf->label, tls12_prf->label_length ); if( status != PSA_SUCCESS ) goto cleanup; - status = psa_hmac_finish_internal( &tls12_prf->hmac, - tls12_prf->output_block, hash_length ); + status = psa_mac_update( &hmac, tls12_prf->seed, tls12_prf->seed_length ); if( status != PSA_SUCCESS ) goto cleanup; - status = psa_hmac_clone_internal( &backup, &tls12_prf->hmac ); + status = psa_mac_sign_finish( &hmac, + tls12_prf->output_block, hash_length, + &hmac_output_length ); if( status != PSA_SUCCESS ) goto cleanup; cleanup: + psa_reset_key_attributes( &attributes ); - cleanup_status = psa_hmac_abort_internal( &backup ); + cleanup_status = psa_mac_abort( &hmac ); if( status == PSA_SUCCESS && cleanup_status != PSA_SUCCESS ) status = cleanup_status; @@ -3561,8 +3578,8 @@ psa_status_t psa_key_derivation_output_bytes( PSA_ALG_IS_TLS12_PSK_TO_MS( kdf_alg ) ) { status = psa_key_derivation_tls12_prf_read( &operation->ctx.tls12_prf, - kdf_alg, output, - output_length ); + kdf_alg, output, + output_length ); } else #endif /* MBEDTLS_PSA_BUILTIN_ALG_TLS12_PRF || @@ -3891,17 +3908,21 @@ static psa_status_t psa_tls12_prf_set_seed( psa_tls12_prf_key_derivation_t *prf, } static psa_status_t psa_tls12_prf_set_key( psa_tls12_prf_key_derivation_t *prf, - psa_algorithm_t hash_alg, const uint8_t *data, size_t data_length ) { - psa_status_t status; if( prf->state != PSA_TLS12_PRF_STATE_SEED_SET ) return( PSA_ERROR_BAD_STATE ); - status = psa_hmac_setup_internal( &prf->hmac, data, data_length, hash_alg ); - if( status != PSA_SUCCESS ) - return( status ); + if( data_length != 0 ) + { + prf->secret = mbedtls_calloc( 1, data_length ); + if( prf->secret == NULL ) + return( PSA_ERROR_INSUFFICIENT_MEMORY ); + + memcpy( prf->secret, data, data_length ); + prf->secret_length = data_length; + } prf->state = PSA_TLS12_PRF_STATE_KEY_SET; @@ -3931,7 +3952,6 @@ static psa_status_t psa_tls12_prf_set_label( psa_tls12_prf_key_derivation_t *prf } static psa_status_t psa_tls12_prf_input( psa_tls12_prf_key_derivation_t *prf, - psa_algorithm_t hash_alg, psa_key_derivation_step_t step, const uint8_t *data, size_t data_length ) @@ -3941,7 +3961,7 @@ static psa_status_t psa_tls12_prf_input( psa_tls12_prf_key_derivation_t *prf, case PSA_KEY_DERIVATION_INPUT_SEED: return( psa_tls12_prf_set_seed( prf, data, data_length ) ); case PSA_KEY_DERIVATION_INPUT_SECRET: - return( psa_tls12_prf_set_key( prf, hash_alg, data, data_length ) ); + return( psa_tls12_prf_set_key( prf, data, data_length ) ); case PSA_KEY_DERIVATION_INPUT_LABEL: return( psa_tls12_prf_set_label( prf, data, data_length ) ); default: @@ -3954,7 +3974,6 @@ static psa_status_t psa_tls12_prf_input( psa_tls12_prf_key_derivation_t *prf, #if defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_PSK_TO_MS) static psa_status_t psa_tls12_prf_psk_to_ms_set_key( psa_tls12_prf_key_derivation_t *prf, - psa_algorithm_t hash_alg, const uint8_t *data, size_t data_length ) { @@ -3981,7 +4000,7 @@ static psa_status_t psa_tls12_prf_psk_to_ms_set_key( memcpy( cur, data, data_length ); cur += data_length; - status = psa_tls12_prf_set_key( prf, hash_alg, pms, cur - pms ); + status = psa_tls12_prf_set_key( prf, pms, cur - pms ); mbedtls_platform_zeroize( pms, sizeof( pms ) ); return( status ); @@ -3989,18 +4008,17 @@ static psa_status_t psa_tls12_prf_psk_to_ms_set_key( static psa_status_t psa_tls12_prf_psk_to_ms_input( psa_tls12_prf_key_derivation_t *prf, - psa_algorithm_t hash_alg, psa_key_derivation_step_t step, const uint8_t *data, size_t data_length ) { if( step == PSA_KEY_DERIVATION_INPUT_SECRET ) { - return( psa_tls12_prf_psk_to_ms_set_key( prf, hash_alg, + return( psa_tls12_prf_psk_to_ms_set_key( prf, data, data_length ) ); } - return( psa_tls12_prf_input( prf, hash_alg, step, data, data_length ) ); + return( psa_tls12_prf_input( prf, step, data, data_length ) ); } #endif /* MBEDTLS_PSA_BUILTIN_ALG_TLS12_PSK_TO_MS */ @@ -4065,7 +4083,6 @@ static psa_status_t psa_key_derivation_input_internal( if( PSA_ALG_IS_TLS12_PRF( kdf_alg ) ) { status = psa_tls12_prf_input( &operation->ctx.tls12_prf, - PSA_ALG_HKDF_GET_HASH( kdf_alg ), step, data, data_length ); } else @@ -4074,7 +4091,6 @@ static psa_status_t psa_key_derivation_input_internal( if( PSA_ALG_IS_TLS12_PSK_TO_MS( kdf_alg ) ) { status = psa_tls12_prf_psk_to_ms_input( &operation->ctx.tls12_prf, - PSA_ALG_HKDF_GET_HASH( kdf_alg ), step, data, data_length ); } else diff --git a/library/psa_crypto_mac.c b/library/psa_crypto_mac.c index ac026ff4c9..ca40b03bf7 100644 --- a/library/psa_crypto_mac.c +++ b/library/psa_crypto_mac.c @@ -69,16 +69,18 @@ static size_t psa_get_hash_block_size( psa_algorithm_t alg ) } } -psa_status_t psa_hmac_abort_internal( mbedtls_psa_hmac_operation_t *hmac ) +static psa_status_t psa_hmac_abort_internal( + mbedtls_psa_hmac_operation_t *hmac ) { mbedtls_platform_zeroize( hmac->opad, sizeof( hmac->opad ) ); return( psa_hash_abort( &hmac->hash_ctx ) ); } -psa_status_t psa_hmac_setup_internal( mbedtls_psa_hmac_operation_t *hmac, - const uint8_t *key, - size_t key_length, - psa_algorithm_t hash_alg ) +static psa_status_t psa_hmac_setup_internal( + mbedtls_psa_hmac_operation_t *hmac, + const uint8_t *key, + size_t key_length, + psa_algorithm_t hash_alg ) { uint8_t ipad[PSA_HMAC_MAX_HASH_BLOCK_SIZE]; size_t i; @@ -139,16 +141,18 @@ cleanup: return( status ); } -psa_status_t psa_hmac_update_internal( mbedtls_psa_hmac_operation_t *hmac, - const uint8_t *data, - size_t data_length ) +static psa_status_t psa_hmac_update_internal( + mbedtls_psa_hmac_operation_t *hmac, + const uint8_t *data, + size_t data_length ) { return( psa_hash_update( &hmac->hash_ctx, data, data_length ) ); } -psa_status_t psa_hmac_finish_internal( mbedtls_psa_hmac_operation_t *hmac, - uint8_t *mac, - size_t mac_size ) +static psa_status_t psa_hmac_finish_internal( + mbedtls_psa_hmac_operation_t *hmac, + uint8_t *mac, + size_t mac_size ) { uint8_t tmp[MBEDTLS_MD_MAX_SIZE]; psa_algorithm_t hash_alg = hmac->alg; @@ -183,23 +187,6 @@ exit: mbedtls_platform_zeroize( tmp, hash_size ); return( status ); } - -psa_status_t psa_hmac_clone_internal( - const mbedtls_psa_hmac_operation_t *source, - mbedtls_psa_hmac_operation_t *destination ) -{ - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - - destination->alg = source->alg; - destination->hash_ctx = psa_hash_operation_init(); - status = psa_hash_clone( &source->hash_ctx, &destination->hash_ctx ); - memcpy( destination->opad, source->opad, sizeof( destination->opad ) ); - - if( status != PSA_SUCCESS ) - memset( destination, 0, sizeof( *destination ) ); - - return( status ); -} #endif /* MBEDTLS_PSA_BUILTIN_ALG_HMAC || PSA_CRYPTO_DRIVER_TEST */ /* Implement the PSA driver MAC interface on top of mbed TLS if either the @@ -457,8 +444,8 @@ static psa_status_t mac_update( #if defined(BUILTIN_ALG_HMAC) if( PSA_ALG_IS_HMAC( operation->alg ) ) { - return( psa_hash_update( &operation->ctx.hmac.hash_ctx, input, - input_length ) ); + return( psa_hmac_update_internal( &operation->ctx.hmac, + input, input_length ) ); } else #endif /* BUILTIN_ALG_HMAC */ diff --git a/library/psa_crypto_mac.h b/library/psa_crypto_mac.h index b7f2a6c3b9..4da60bf408 100644 --- a/library/psa_crypto_mac.h +++ b/library/psa_crypto_mac.h @@ -23,96 +23,6 @@ #include -/** Internal API for starting an HMAC operation, using PSA hash primitives. - * - * \note This API is not meant for application use. Applications should always - * use the top-level psa_mac_xxx APIs for doing HMAC operations. - * - * \param[in] hmac Context structure for this HMAC operation. Needs to have - * been zero-initialized prior to calling this function. - * \param[in] key Key to initialize the HMAC operation with. - * \param key_length Length (in bytes) of key \p key. - * \param hash_alg Hash algorithm to use for calculating the HMAC. - * - * \retval #PSA_SUCCESS - * Success. - * \return Any error code reported by psa_hash_compute(), psa_hash_setup() or - * psa_hash_update(). - */ -psa_status_t psa_hmac_setup_internal( mbedtls_psa_hmac_operation_t *hmac, - const uint8_t *key, - size_t key_length, - psa_algorithm_t hash_alg ); - -/** Internal API for adding data to an HMAC operation, using PSA hash primitives. - * - * \note This API is not meant for application use. Applications should always - * use the top-level psa_mac_xxx APIs for doing HMAC operations. - * - * \param[in] hmac Context structure for this HMAC operation. Needs to have - * been initialized with psa_hmac_setup_internal(). - * \param[in] data Buffer containing the data to add to the current HMAC - * calculation. - * \param data_length Length (in bytes) of the input buffer \p data. - * - * \retval #PSA_SUCCESS - * Success. - * \return Any error code reported by psa_hash_update(). - */ -psa_status_t psa_hmac_update_internal( mbedtls_psa_hmac_operation_t *hmac, - const uint8_t *data, - size_t data_length ); - -/** Internal API for finalizing an HMAC operation, using PSA hash primitives. - * - * \note This API is not meant for application use. Applications should always - * use the top-level psa_mac_xxx APIs for doing HMAC operations. - * - * \param[in] hmac Context structure for this HMAC operation. Needs to have - * been initialized with psa_hmac_setup_internal(). - * \param[out] mac Buffer to output the calculated HMAC into. - * \param mac_size Size (in bytes) of the output buffer \p mac. - * - * \retval #PSA_SUCCESS - * Success. - * \return Any error code reported by psa_hash_setup(), psa_hash_update() or - * psa_hash_finish(). - */ -psa_status_t psa_hmac_finish_internal( mbedtls_psa_hmac_operation_t *hmac, - uint8_t *mac, - size_t mac_size ); - -/** Internal API for cloning an HMAC operation, using PSA hash primitives. - * - * \note This API is not meant for application use. Applications should always - * use the top-level psa_mac_xxx APIs for doing HMAC operations. - * - * \param[in] source Context structure to clone from. Needs to have been - * initialized with psa_hmac_setup_internal(). - * \param[out] destination Context structure to clone to. Needs to have been - * zero-initialized. - * - * \retval #PSA_SUCCESS - * Success. - * \return Any error code reported by psa_hash_clone(). - */ -psa_status_t psa_hmac_clone_internal( - const mbedtls_psa_hmac_operation_t *source, - mbedtls_psa_hmac_operation_t *destination ); - -/** Internal API for aborting an HMAC operation, using PSA hash primitives. - * - * \note This API is not meant for application use. Applications should always - * use the top-level psa_mac_xxx APIs for doing HMAC operations. - * - * \param[in] hmac Context structure for the HMAC operation to abort. - * - * \retval #PSA_SUCCESS - * Success. - * \return Any error code reported by psa_hash_abort(). - */ -psa_status_t psa_hmac_abort_internal( mbedtls_psa_hmac_operation_t *hmac ); - /** Calculate the MAC (message authentication code) of a message using Mbed TLS. * * \note The signature of this function is that of a PSA driver mac_compute From 094a77e79c079bb8d8f1258013a8f2cf012eebc4 Mon Sep 17 00:00:00 2001 From: Steven Cooreman Date: Thu, 6 May 2021 17:58:36 +0200 Subject: [PATCH 070/188] Code flow and style improvements Signed-off-by: Steven Cooreman --- library/psa_crypto.c | 98 ++++++++++++++++++---------------------- library/psa_crypto_mac.c | 15 +++--- 2 files changed, 50 insertions(+), 63 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 04a0637286..1d33f6b63b 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -3182,7 +3182,32 @@ psa_status_t psa_aead_decrypt( mbedtls_svc_key_id_t key, defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_PRF) || \ defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_PSK_TO_MS) #define AT_LEAST_ONE_BUILTIN_KDF -#endif +#endif /* At least one builtin KDF */ + +#if defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF) || \ + defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_PRF) || \ + defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_PSK_TO_MS) +static psa_status_t psa_key_derivation_start_hmac( + psa_mac_operation_t *operation, + psa_algorithm_t hash_alg, + const uint8_t *hmac_key, + size_t hmac_key_length ) +{ + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; + psa_set_key_type( &attributes, PSA_KEY_TYPE_HMAC ); + psa_set_key_bits( &attributes, PSA_BYTES_TO_BITS( hmac_key_length ) ); + psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_SIGN_HASH ); + + status = psa_driver_wrapper_mac_sign_setup( operation, + &attributes, + hmac_key, hmac_key_length, + PSA_ALG_HMAC( hash_alg ) ); + + psa_reset_key_attributes( &attributes ); + return( status ); +} +#endif /* KDF algorithms reliant on HMAC */ #define HKDF_STATE_INIT 0 /* no input yet */ #define HKDF_STATE_STARTED 1 /* got salt */ @@ -3323,17 +3348,10 @@ static psa_status_t psa_key_derivation_hkdf_read( psa_hkdf_key_derivation_t *hkd ++hkdf->block_number; hkdf->offset_in_block = 0; - psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; - psa_set_key_type( &attributes, PSA_KEY_TYPE_HMAC ); - psa_set_key_bits( &attributes, - PSA_BYTES_TO_BITS( hash_length ) ); - psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_SIGN_HASH ); - - status = psa_driver_wrapper_mac_sign_setup( &hkdf->hmac, - &attributes, - hkdf->prk, hash_length, - PSA_ALG_HMAC( hash_alg ) ); - psa_reset_key_attributes( &attributes ); + status = psa_key_derivation_start_hmac( &hkdf->hmac, + hash_alg, + hkdf->prk, + hash_length ); if( status != PSA_SUCCESS ) return( status ); @@ -3407,17 +3425,10 @@ static psa_status_t psa_key_derivation_tls12_prf_generate_next_block( * `block_number`. */ - psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; - psa_set_key_type( &attributes, PSA_KEY_TYPE_HMAC ); - psa_set_key_bits( &attributes, - PSA_BYTES_TO_BITS( tls12_prf->secret_length ) ); - psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_SIGN_HASH ); - - status = psa_driver_wrapper_mac_sign_setup( &hmac, - &attributes, - tls12_prf->secret, - tls12_prf->secret_length, - PSA_ALG_HMAC( hash_alg ) ); + status = psa_key_derivation_start_hmac( &hmac, + hash_alg, + tls12_prf->secret, + tls12_prf->secret_length ); if( status != PSA_SUCCESS ) goto cleanup; @@ -3455,11 +3466,10 @@ static psa_status_t psa_key_derivation_tls12_prf_generate_next_block( goto cleanup; /* Calculate HMAC_hash(secret, A(i) + label + seed). */ - status = psa_driver_wrapper_mac_sign_setup( &hmac, - &attributes, - tls12_prf->secret, - tls12_prf->secret_length, - PSA_ALG_HMAC( hash_alg ) ); + status = psa_key_derivation_start_hmac( &hmac, + hash_alg, + tls12_prf->secret, + tls12_prf->secret_length ); if( status != PSA_SUCCESS ) goto cleanup; status = psa_mac_update( &hmac, tls12_prf->Ai, hash_length ); @@ -3479,8 +3489,6 @@ static psa_status_t psa_key_derivation_tls12_prf_generate_next_block( cleanup: - psa_reset_key_attributes( &attributes ); - cleanup_status = psa_mac_abort( &hmac ); if( status == PSA_SUCCESS && cleanup_status != PSA_SUCCESS ) status = cleanup_status; @@ -3809,19 +3817,9 @@ static psa_status_t psa_hkdf_input( psa_hkdf_key_derivation_t *hkdf, return( PSA_ERROR_BAD_STATE ); else { - /* In a scope block due to scope-local attributes variable */ - psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; - psa_set_key_type( &attributes, PSA_KEY_TYPE_HMAC ); - psa_set_key_bits( &attributes, - PSA_BYTES_TO_BITS( data_length ) ); - psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_SIGN_HASH ); - - status = psa_driver_wrapper_mac_sign_setup( - &hkdf->hmac, - &attributes, - data, data_length, - PSA_ALG_HMAC( hash_alg ) ); - psa_reset_key_attributes( &attributes ); + status = psa_key_derivation_start_hmac( &hkdf->hmac, + hash_alg, + data, data_length ); if( status != PSA_SUCCESS ) return( status ); hkdf->state = HKDF_STATE_STARTED; @@ -3831,17 +3829,9 @@ static psa_status_t psa_hkdf_input( psa_hkdf_key_derivation_t *hkdf, /* If no salt was provided, use an empty salt. */ if( hkdf->state == HKDF_STATE_INIT ) { - psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; - psa_set_key_type( &attributes, PSA_KEY_TYPE_HMAC ); - psa_set_key_bits( &attributes, 0 ); - psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_SIGN_HASH ); - - status = psa_driver_wrapper_mac_sign_setup( - &hkdf->hmac, - &attributes, - NULL, 0, - PSA_ALG_HMAC( hash_alg ) ); - psa_reset_key_attributes( &attributes ); + status = psa_key_derivation_start_hmac( &hkdf->hmac, + hash_alg, + NULL, 0 ); if( status != PSA_SUCCESS ) return( status ); hkdf->state = HKDF_STATE_STARTED; diff --git a/library/psa_crypto_mac.c b/library/psa_crypto_mac.c index ca40b03bf7..8e64741e6e 100644 --- a/library/psa_crypto_mac.c +++ b/library/psa_crypto_mac.c @@ -200,20 +200,20 @@ static psa_status_t cmac_setup( mbedtls_psa_mac_operation_t *operation, size_t key_buffer_size ) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - const mbedtls_cipher_info_t * cipher_info_tmp = + const mbedtls_cipher_info_t * cipher_info = mbedtls_cipher_info_from_psa( PSA_ALG_CMAC, psa_get_key_type( attributes ), psa_get_key_bits( attributes ), NULL ); - if( cipher_info_tmp == NULL ) + if( cipher_info == NULL ) return( PSA_ERROR_NOT_SUPPORTED ); if( key_buffer_size < PSA_BITS_TO_BYTES( psa_get_key_bits( attributes ) ) ) return( PSA_ERROR_INVALID_ARGUMENT ); - ret = mbedtls_cipher_setup( &operation->ctx.cmac, cipher_info_tmp ); + ret = mbedtls_cipher_setup( &operation->ctx.cmac, cipher_info ); if( ret != 0 ) goto exit; @@ -319,15 +319,12 @@ static psa_status_t mac_setup( mbedtls_psa_mac_operation_t *operation, /* A context must be freshly initialized before it can be set up. */ if( operation->alg != 0 ) - { return( PSA_ERROR_BAD_STATE ); - } status = mac_init( operation, alg ); if( status != PSA_SUCCESS ) return( status ); - if( is_sign ) - operation->is_sign = 1; + operation->is_sign = is_sign; /* Get the output length for the algorithm and key combination. None of the * currently supported algorithms have an output length dependent on actual @@ -498,7 +495,7 @@ static psa_status_t mac_sign_finish( size_t mac_size, size_t *mac_length ) { - psa_status_t status; + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; if( operation->alg == 0 ) return( PSA_ERROR_BAD_STATE ); @@ -520,7 +517,7 @@ static psa_status_t mac_verify_finish( size_t mac_length ) { uint8_t actual_mac[PSA_MAC_MAX_SIZE]; - psa_status_t status; + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; if( operation->alg == 0 ) return( PSA_ERROR_BAD_STATE ); From dcd081150196f567fa8b4ef2de5df3e755ef3bab Mon Sep 17 00:00:00 2001 From: Steven Cooreman Date: Thu, 6 May 2021 18:00:37 +0200 Subject: [PATCH 071/188] Remove superfluous length check The key passed to the driver has been imported by the PSA Core, meaning its length has already been verified, and the driver can rely on the buffer length and key attributes being consistent. Signed-off-by: Steven Cooreman --- library/psa_crypto_mac.c | 12 +++++------- 1 file changed, 5 insertions(+), 7 deletions(-) diff --git a/library/psa_crypto_mac.c b/library/psa_crypto_mac.c index 8e64741e6e..a5ef9e57da 100644 --- a/library/psa_crypto_mac.c +++ b/library/psa_crypto_mac.c @@ -196,8 +196,7 @@ exit: #if defined(BUILTIN_ALG_CMAC) static psa_status_t cmac_setup( mbedtls_psa_mac_operation_t *operation, const psa_key_attributes_t *attributes, - const uint8_t *key_buffer, - size_t key_buffer_size ) + const uint8_t *key_buffer ) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; const mbedtls_cipher_info_t * cipher_info = @@ -210,9 +209,6 @@ static psa_status_t cmac_setup( mbedtls_psa_mac_operation_t *operation, if( cipher_info == NULL ) return( PSA_ERROR_NOT_SUPPORTED ); - if( key_buffer_size < PSA_BITS_TO_BYTES( psa_get_key_bits( attributes ) ) ) - return( PSA_ERROR_INVALID_ARGUMENT ); - ret = mbedtls_cipher_setup( &operation->ctx.cmac, cipher_info ); if( ret != 0 ) goto exit; @@ -335,8 +331,10 @@ static psa_status_t mac_setup( mbedtls_psa_mac_operation_t *operation, #if defined(BUILTIN_ALG_CMAC) if( PSA_ALG_FULL_LENGTH_MAC( alg ) == PSA_ALG_CMAC ) { - status = cmac_setup( operation, attributes, - key_buffer, key_buffer_size ); + /* Key buffer size for CMAC is dictated by the key bits set on the + * attributes, and previously validated by the core on key import. */ + (void) key_buffer_size; + status = cmac_setup( operation, attributes, key_buffer ); } else #endif /* BUILTIN_ALG_CMAC */ From 8f37004bd71f674d47c8d79594bfe0101af5ffee Mon Sep 17 00:00:00 2001 From: Steven Cooreman Date: Thu, 6 May 2021 18:02:39 +0200 Subject: [PATCH 072/188] Remove unused variable from MAC driver structure Signed-off-by: Steven Cooreman --- include/psa/crypto_builtin_composites.h | 1 - library/psa_crypto_mac.c | 3 --- 2 files changed, 4 deletions(-) diff --git a/include/psa/crypto_builtin_composites.h b/include/psa/crypto_builtin_composites.h index 6979dec42a..f968c169e8 100644 --- a/include/psa/crypto_builtin_composites.h +++ b/include/psa/crypto_builtin_composites.h @@ -62,7 +62,6 @@ typedef struct typedef struct { psa_algorithm_t alg; - unsigned int has_input : 1; unsigned int is_sign : 1; uint8_t mac_size; union diff --git a/library/psa_crypto_mac.c b/library/psa_crypto_mac.c index a5ef9e57da..dc07d455ed 100644 --- a/library/psa_crypto_mac.c +++ b/library/psa_crypto_mac.c @@ -230,7 +230,6 @@ static psa_status_t mac_init( psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; operation->alg = PSA_ALG_FULL_LENGTH_MAC( alg ); - operation->has_input = 0; operation->is_sign = 0; #if defined(BUILTIN_ALG_CMAC) @@ -290,7 +289,6 @@ static psa_status_t mac_abort( mbedtls_psa_mac_operation_t *operation ) } operation->alg = 0; - operation->has_input = 0; operation->is_sign = 0; return( PSA_SUCCESS ); @@ -425,7 +423,6 @@ static psa_status_t mac_update( { if( operation->alg == 0 ) return( PSA_ERROR_BAD_STATE ); - operation->has_input = 1; #if defined(BUILTIN_ALG_CMAC) if( operation->alg == PSA_ALG_CMAC ) From 3409b02b27b618edf3c171947ab3081c03a6e646 Mon Sep 17 00:00:00 2001 From: Steven Cooreman Date: Thu, 6 May 2021 18:08:30 +0200 Subject: [PATCH 073/188] Remove superfluous check As psa_mac_sign_finish / psa_mac_verify_finish already checks that the operation structure is valid (id is non-zero), the driver itself doesn't have to check for that anymore. If the operation has a driver ID assigned, it means that driver has returned success from its setup function, so the algorithm value will be set correctly. Signed-off-by: Steven Cooreman --- library/psa_crypto_mac.c | 2 -- 1 file changed, 2 deletions(-) diff --git a/library/psa_crypto_mac.c b/library/psa_crypto_mac.c index dc07d455ed..3d7f70bacb 100644 --- a/library/psa_crypto_mac.c +++ b/library/psa_crypto_mac.c @@ -452,8 +452,6 @@ static psa_status_t mac_finish_internal( mbedtls_psa_mac_operation_t *operation, uint8_t *mac, size_t mac_size ) { - if( operation->alg == 0 ) - return( PSA_ERROR_BAD_STATE ); if( mac_size < operation->mac_size ) return( PSA_ERROR_BUFFER_TOO_SMALL ); From f45f071f017980ab7e4c3770b7cded5724ebe170 Mon Sep 17 00:00:00 2001 From: Steven Cooreman Date: Thu, 6 May 2021 19:23:00 +0200 Subject: [PATCH 074/188] Minor documentation and language fixes Signed-off-by: Steven Cooreman --- library/psa_crypto_mac.h | 28 ++++++++++------------------ 1 file changed, 10 insertions(+), 18 deletions(-) diff --git a/library/psa_crypto_mac.h b/library/psa_crypto_mac.h index 4da60bf408..4635fe1d7b 100644 --- a/library/psa_crypto_mac.h +++ b/library/psa_crypto_mac.h @@ -48,8 +48,6 @@ * * \retval #PSA_SUCCESS * Success. - * \retval #PSA_ERROR_INVALID_ARGUMENT - * The key is not compatible with \p alg. * \retval #PSA_ERROR_NOT_SUPPORTED * \p alg is not supported. * \retval #PSA_ERROR_BUFFER_TOO_SMALL @@ -89,8 +87,6 @@ psa_status_t mbedtls_psa_mac_compute( * * \retval #PSA_SUCCESS * Success. - * \retval #PSA_ERROR_INVALID_ARGUMENT - * The key is not compatible with \p alg. * \retval #PSA_ERROR_NOT_SUPPORTED * \p alg is not supported. * \retval #PSA_ERROR_INSUFFICIENT_MEMORY @@ -126,8 +122,6 @@ psa_status_t mbedtls_psa_mac_sign_setup( * * \retval #PSA_SUCCESS * Success. - * \retval #PSA_ERROR_INVALID_ARGUMENT - * The key is not compatible with \p alg. * \retval #PSA_ERROR_NOT_SUPPORTED * \p alg is not supported. * \retval #PSA_ERROR_INSUFFICIENT_MEMORY @@ -149,11 +143,11 @@ psa_status_t mbedtls_psa_mac_verify_setup( * defined in the PSA driver interface specification for transparent * drivers. * - * The core must call mbedtls_psa_mac_sign_setup() or + * The PSA core calls mbedtls_psa_mac_sign_setup() or * mbedtls_psa_mac_verify_setup() before calling this function. * - * If this function returns an error status, the operation enters an error - * state and must be aborted by calling psa_mac_abort(). + * If this function returns an error status, the PSA core aborts the + * operation by calling mbedtls_psa_mac_abort(). * * \param[in,out] operation Active MAC operation. * \param[in] input Buffer containing the message fragment to add to @@ -179,13 +173,12 @@ psa_status_t mbedtls_psa_mac_update( * defined in the PSA driver interface specification for transparent * drivers. * - * The core must call mbedtls_psa_mac_sign_setup() before calling this function. + * The PSA core calls mbedtls_psa_mac_sign_setup() before calling this function. * This function calculates the MAC of the message formed by concatenating * the inputs passed to preceding calls to mbedtls_psa_mac_update(). * - * When this function returns successfully, the operation becomes inactive. - * If this function returns an error status, the operation enters an error - * state and must be aborted by calling mbedtls_psa_mac_abort(). + * Whether this function returns successfully or not, the PSA core subsequently + * aborts the operation by calling mbedtls_psa_mac_abort(). * * \param[in,out] operation Active MAC operation. * \param[out] mac Buffer where the MAC value is to be written. @@ -222,15 +215,14 @@ psa_status_t mbedtls_psa_mac_sign_finish( * mac_verify_finish entry point as defined in the PSA driver interface * specification for transparent drivers. * - * The core must call mbedtls_psa_mac_verify_setup() before calling this + * The PSA core calls mbedtls_psa_mac_verify_setup() before calling this * function. This function calculates the MAC of the message formed by * concatenating the inputs passed to preceding calls to * mbedtls_psa_mac_update(). It then compares the calculated MAC with the * expected MAC passed as a parameter to this function. * - * When this function returns successfully, the operation becomes inactive. - * If this function returns an error status, the operation enters an error - * state and must be aborted by calling mbedtls_psa_mac_abort(). + * Whether this function returns successfully or not, the PSA core subsequently + * aborts the operation by calling mbedtls_psa_mac_abort(). * * \param[in,out] operation Active MAC operation. * \param[in] mac Buffer containing the expected MAC value. @@ -259,7 +251,7 @@ psa_status_t mbedtls_psa_mac_verify_finish( * can be reused for another operation by calling * mbedtls_psa_mac_sign_setup() or mbedtls_psa_mac_verify_setup() again. * - * The core may call this function any time after the operation object has + * The PSA core may call this function any time after the operation object has * been initialized by one of the methods described in * #mbedtls_psa_mac_operation_t. * From a2058a7832442484ff2d378c0d8ff00ee1d6e43e Mon Sep 17 00:00:00 2001 From: Steven Cooreman Date: Thu, 6 May 2021 19:38:42 +0200 Subject: [PATCH 075/188] Convert mbedTLS to PSA dependencies for the driver wrapper tests Signed-off-by: Steven Cooreman --- ...test_suite_psa_crypto_driver_wrappers.data | 24 ++++++++++++------- 1 file changed, 16 insertions(+), 8 deletions(-) diff --git a/tests/suites/test_suite_psa_crypto_driver_wrappers.data b/tests/suites/test_suite_psa_crypto_driver_wrappers.data index cab40d37f8..bc6d64703e 100644 --- a/tests/suites/test_suite_psa_crypto_driver_wrappers.data +++ b/tests/suites/test_suite_psa_crypto_driver_wrappers.data @@ -197,7 +197,7 @@ depends_on:PSA_WANT_ALG_CTR:PSA_WANT_KEY_TYPE_AES cipher_entry_points:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee22e409f96e93d7e117393172a" PSA AEAD encrypt: AES-CCM, 24 bytes -depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C +depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES aead_encrypt:PSA_KEY_TYPE_AES:"4189351B5CAEA375A0299E81C621BF43":PSA_ALG_CCM:"48c0906930561e0ab0ef4cd972":"40a27c1d1e23ea3dbe8056b2774861a4a201cce49f19997d19206d8c8a343951":"4535d12b4377928a7c0a61c9f825a48671ea05910748c8ef":"26c56961c035a7e452cce61bc6ee220d77b3f94d18fd10b6d80e8bf80f4a46cab06d4313f0db9be9":PSA_SUCCESS PSA AEAD encrypt: AES-CCM, 24 bytes, fallback @@ -205,11 +205,11 @@ depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C aead_encrypt:PSA_KEY_TYPE_AES:"4189351B5CAEA375A0299E81C621BF43":PSA_ALG_CCM:"48c0906930561e0ab0ef4cd972":"40a27c1d1e23ea3dbe8056b2774861a4a201cce49f19997d19206d8c8a343951":"4535d12b4377928a7c0a61c9f825a48671ea05910748c8ef":"26c56961c035a7e452cce61bc6ee220d77b3f94d18fd10b6d80e8bf80f4a46cab06d4313f0db9be9":PSA_ERROR_NOT_SUPPORTED PSA AEAD encrypt: AES-CCM, 24 bytes, INSUFFICIENT_MEMORY -depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C +depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES aead_encrypt:PSA_KEY_TYPE_AES:"4189351B5CAEA375A0299E81C621BF43":PSA_ALG_CCM:"48c0906930561e0ab0ef4cd972":"40a27c1d1e23ea3dbe8056b2774861a4a201cce49f19997d19206d8c8a343951":"4535d12b4377928a7c0a61c9f825a48671ea05910748c8ef":"26c56961c035a7e452cce61bc6ee220d77b3f94d18fd10b6d80e8bf80f4a46cab06d4313f0db9be9":PSA_ERROR_INSUFFICIENT_MEMORY PSA AEAD encrypt, AES-GCM, 128 bytes #1 -depends_on:MBEDTLS_AES_C:MBEDTLS_GCM_C +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES aead_encrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_GCM:"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826":"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847fe0b7b7fbed325953df344a96":PSA_SUCCESS PSA AEAD encrypt, AES-GCM, 128 bytes #1, fallback @@ -217,11 +217,11 @@ depends_on:MBEDTLS_AES_C:MBEDTLS_GCM_C aead_encrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_GCM:"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826":"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847fe0b7b7fbed325953df344a96":PSA_ERROR_NOT_SUPPORTED PSA AEAD encrypt, AES-GCM, 128 bytes #1, INSUFFICIENT_MEMORY -depends_on:MBEDTLS_AES_C:MBEDTLS_GCM_C +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES aead_encrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_GCM:"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826":"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847fe0b7b7fbed325953df344a96":PSA_ERROR_INSUFFICIENT_MEMORY PSA AEAD decrypt: AES-CCM, 39 bytes -depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C +depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES aead_decrypt:PSA_KEY_TYPE_AES:"D7828D13B2B0BDC325A76236DF93CC6B":PSA_ALG_CCM:"00412B4EA9CDBE3C9696766CFA":"0BE1A88BACE018B1":"4CB97F86A2A4689A877947AB8091EF5386A6FFBDD080F8120333D1FCB691F3406CBF531F83A4D8":"08E8CF97D820EA258460E96AD9CF5289054D895CEAC47C":PSA_SUCCESS PSA AEAD decrypt: AES-CCM, 39 bytes, fallback @@ -229,11 +229,11 @@ depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C aead_decrypt:PSA_KEY_TYPE_AES:"D7828D13B2B0BDC325A76236DF93CC6B":PSA_ALG_CCM:"00412B4EA9CDBE3C9696766CFA":"0BE1A88BACE018B1":"4CB97F86A2A4689A877947AB8091EF5386A6FFBDD080F8120333D1FCB691F3406CBF531F83A4D8":"08E8CF97D820EA258460E96AD9CF5289054D895CEAC47C":PSA_ERROR_NOT_SUPPORTED PSA AEAD decrypt: AES-CCM, 39 bytes, INSUFFICIENT_MEMORY -depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C +depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES aead_decrypt:PSA_KEY_TYPE_AES:"D7828D13B2B0BDC325A76236DF93CC6B":PSA_ALG_CCM:"00412B4EA9CDBE3C9696766CFA":"0BE1A88BACE018B1":"4CB97F86A2A4689A877947AB8091EF5386A6FFBDD080F8120333D1FCB691F3406CBF531F83A4D8":"08E8CF97D820EA258460E96AD9CF5289054D895CEAC47C":PSA_ERROR_INSUFFICIENT_MEMORY PSA AEAD decrypt, AES-GCM, 144 bytes #1 -depends_on:MBEDTLS_AES_C:MBEDTLS_GCM_C +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES aead_decrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_GCM:"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847fe0b7b7fbed325953df344a96":"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826":PSA_SUCCESS PSA AEAD decrypt, AES-GCM, 144 bytes #1, fallback @@ -241,7 +241,7 @@ depends_on:MBEDTLS_AES_C:MBEDTLS_GCM_C aead_decrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_GCM:"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847fe0b7b7fbed325953df344a96":"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826":PSA_ERROR_NOT_SUPPORTED PSA AEAD decrypt, AES-GCM, 144 bytes #1, INSUFFICIENT_MEMORY -depends_on:MBEDTLS_AES_C:MBEDTLS_GCM_C +depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES aead_decrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_GCM:"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847fe0b7b7fbed325953df344a96":"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826":PSA_ERROR_INSUFFICIENT_MEMORY PSA MAC sign, through driver: HMAC-SHA-224 @@ -293,27 +293,35 @@ depends_on:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES mac_verify:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":PSA_ALG_CMAC:"6bc1bee22e409f96e93d7e117393172aae2d8a571e03ac9c9eb76fac45af8e5130c81c46a35ce411":"dfa66747de9ae63030ca32611497c827":PSA_ERROR_GENERIC_ERROR PSA opaque driver builtin key export: AES +depends_on:PSA_WANT_ALG_CTR:PSA_WANT_KEY_TYPE_AES builtin_key_export:MBEDTLS_PSA_KEY_ID_BUILTIN_MIN:PSA_KEY_TYPE_AES:128:PSA_ALG_CTR:"3677397A24432646294A404E63526655":PSA_SUCCESS PSA opaque driver builtin key export: AES (registered to ID_MAX-1) +depends_on:PSA_WANT_ALG_CTR:PSA_WANT_KEY_TYPE_AES builtin_key_export:MBEDTLS_PSA_KEY_ID_BUILTIN_MAX - 1:PSA_KEY_TYPE_AES:128:PSA_ALG_CTR:"3677397A24432646294A404E63526655":PSA_SUCCESS PSA opaque driver builtin key export: AES (registered to ID_MAX) +depends_on:PSA_WANT_ALG_CTR:PSA_WANT_KEY_TYPE_AES builtin_key_export:MBEDTLS_PSA_KEY_ID_BUILTIN_MAX:PSA_KEY_TYPE_AES:128:PSA_ALG_CTR:"3677397A24432646294A404E63526655":PSA_SUCCESS PSA opaque driver builtin key export: key ID out of range (ID_MIN - 1) +depends_on:PSA_WANT_ALG_CTR:PSA_WANT_KEY_TYPE_AES builtin_key_export:MBEDTLS_PSA_KEY_ID_BUILTIN_MIN - 1:PSA_KEY_TYPE_AES:128:PSA_ALG_CTR:"3677397A24432646294A404E63526655":PSA_ERROR_INVALID_HANDLE PSA opaque driver builtin key export: key ID out of range (ID_MAX + 1) +depends_on:PSA_WANT_ALG_CTR:PSA_WANT_KEY_TYPE_AES builtin_key_export:MBEDTLS_PSA_KEY_ID_BUILTIN_MAX + 1:PSA_KEY_TYPE_AES:128:PSA_ALG_CTR:"3677397A24432646294A404E63526655":PSA_ERROR_INVALID_HANDLE PSA opaque driver builtin key export: secp256r1 +depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR builtin_key_export:MBEDTLS_PSA_KEY_ID_BUILTIN_MIN + 1:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):256:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):"dc7d9d26d67a4f632c34c2dc0b6986183882c206df04cdb7d69aabe28be4f81a":PSA_SUCCESS PSA opaque driver builtin pubkey export: secp256r1 +depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR builtin_pubkey_export:MBEDTLS_PSA_KEY_ID_BUILTIN_MIN + 1:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):256:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):"0485f64d89f00be66c88dd937efd6d7c445648dcb701150b8a9509295850f41c1931e571fb8f8c78317a20b380e866584bbc2516c3d2702d792f131a922095fd6c":PSA_SUCCESS PSA opaque driver builtin pubkey export: not a public key +depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR builtin_pubkey_export:MBEDTLS_PSA_KEY_ID_BUILTIN_MIN:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):256:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):"0485f64d89f00be66c88dd937efd6d7c445648dcb701150b8a9509295850f41c1931e571fb8f8c78317a20b380e866584bbc2516c3d2702d792f131a922095fd6c":PSA_ERROR_INVALID_ARGUMENT Hash compute: SHA-256, computed by the driver From c112315aebc20e39ad1affb91eb84f4d21100073 Mon Sep 17 00:00:00 2001 From: Steven Cooreman Date: Thu, 6 May 2021 19:41:15 +0200 Subject: [PATCH 076/188] Add PSA_ACCEL test dependencies in MAC driver wrappers tests To avoid the MAC tests from being run when only part of the driver wrappers (not including MAC) are being configured for test. Signed-off-by: Steven Cooreman --- .../test_suite_psa_crypto_driver_wrappers.data | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/tests/suites/test_suite_psa_crypto_driver_wrappers.data b/tests/suites/test_suite_psa_crypto_driver_wrappers.data index bc6d64703e..95ab688bea 100644 --- a/tests/suites/test_suite_psa_crypto_driver_wrappers.data +++ b/tests/suites/test_suite_psa_crypto_driver_wrappers.data @@ -245,11 +245,11 @@ depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES aead_decrypt:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_GCM:"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c872814365847fe0b7b7fbed325953df344a96":"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826":PSA_ERROR_INSUFFICIENT_MEMORY PSA MAC sign, through driver: HMAC-SHA-224 -depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_224:PSA_WANT_KEY_TYPE_HMAC +depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_224:PSA_WANT_KEY_TYPE_HMAC:MBEDTLS_PSA_ACCEL_ALG_HMAC mac_sign:PSA_KEY_TYPE_HMAC:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_ALG_HMAC(PSA_ALG_SHA_224):"4869205468657265":"896fb1128abbdf196832107cd49df33f47b4b1169912ba4f53684b22":PSA_SUCCESS PSA MAC sign, fallback: HMAC-SHA-224 -depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_224:PSA_WANT_KEY_TYPE_HMAC +depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_224:PSA_WANT_KEY_TYPE_HMAC:MBEDTLS_PSA_BUILTIN_ALG_HMAC mac_sign:PSA_KEY_TYPE_HMAC:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_ALG_HMAC(PSA_ALG_SHA_224):"4869205468657265":"896fb1128abbdf196832107cd49df33f47b4b1169912ba4f53684b22":PSA_ERROR_NOT_SUPPORTED PSA MAC sign, driver reports error: RFC4231 Test case 1 - HMAC-SHA-224 @@ -257,11 +257,11 @@ depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_224:PSA_WANT_KEY_TYPE_HMAC mac_sign:PSA_KEY_TYPE_HMAC:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_ALG_HMAC(PSA_ALG_SHA_224):"4869205468657265":"896fb1128abbdf196832107cd49df33f47b4b1169912ba4f53684b22":PSA_ERROR_GENERIC_ERROR PSA MAC sign, through driver: CMAC-AES-128 -depends_on:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES +depends_on:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES:MBEDTLS_PSA_ACCEL_ALG_CMAC mac_sign:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":PSA_ALG_CMAC:"6bc1bee22e409f96e93d7e117393172aae2d8a571e03ac9c9eb76fac45af8e5130c81c46a35ce411":"dfa66747de9ae63030ca32611497c827":PSA_SUCCESS PSA MAC sign, fallback: CMAC-AES-128 -depends_on:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES +depends_on:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES:MBEDTLS_PSA_BUILTIN_ALG_CMAC mac_sign:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":PSA_ALG_CMAC:"6bc1bee22e409f96e93d7e117393172aae2d8a571e03ac9c9eb76fac45af8e5130c81c46a35ce411":"dfa66747de9ae63030ca32611497c827":PSA_ERROR_NOT_SUPPORTED PSA MAC sign, driver reports error: CMAC-AES-128 @@ -269,11 +269,11 @@ depends_on:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES mac_sign:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":PSA_ALG_CMAC:"6bc1bee22e409f96e93d7e117393172aae2d8a571e03ac9c9eb76fac45af8e5130c81c46a35ce411":"dfa66747de9ae63030ca32611497c827":PSA_ERROR_GENERIC_ERROR PSA MAC verify, through driver: HMAC-SHA-224 -depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_224:PSA_WANT_KEY_TYPE_HMAC +depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_224:PSA_WANT_KEY_TYPE_HMAC:MBEDTLS_PSA_ACCEL_ALG_HMAC mac_verify:PSA_KEY_TYPE_HMAC:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_ALG_HMAC(PSA_ALG_SHA_224):"4869205468657265":"896fb1128abbdf196832107cd49df33f47b4b1169912ba4f53684b22":PSA_SUCCESS PSA MAC verify, fallback: HMAC-SHA-224 -depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_224:PSA_WANT_KEY_TYPE_HMAC +depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_224:PSA_WANT_KEY_TYPE_HMAC:MBEDTLS_PSA_BUILTIN_ALG_HMAC mac_verify:PSA_KEY_TYPE_HMAC:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_ALG_HMAC(PSA_ALG_SHA_224):"4869205468657265":"896fb1128abbdf196832107cd49df33f47b4b1169912ba4f53684b22":PSA_ERROR_NOT_SUPPORTED PSA MAC verify, driver reports error: RFC4231 Test case 1 - HMAC-SHA-224 @@ -281,11 +281,11 @@ depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_224:PSA_WANT_KEY_TYPE_HMAC mac_verify:PSA_KEY_TYPE_HMAC:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_ALG_HMAC(PSA_ALG_SHA_224):"4869205468657265":"896fb1128abbdf196832107cd49df33f47b4b1169912ba4f53684b22":PSA_ERROR_GENERIC_ERROR PSA MAC verify, through driver: CMAC-AES-128 -depends_on:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES +depends_on:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES:MBEDTLS_PSA_ACCEL_ALG_CMAC mac_verify:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":PSA_ALG_CMAC:"6bc1bee22e409f96e93d7e117393172aae2d8a571e03ac9c9eb76fac45af8e5130c81c46a35ce411":"dfa66747de9ae63030ca32611497c827":PSA_SUCCESS PSA MAC verify, fallback: CMAC-AES-128 -depends_on:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES +depends_on:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES:MBEDTLS_PSA_BUILTIN_ALG_CMAC mac_verify:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":PSA_ALG_CMAC:"6bc1bee22e409f96e93d7e117393172aae2d8a571e03ac9c9eb76fac45af8e5130c81c46a35ce411":"dfa66747de9ae63030ca32611497c827":PSA_ERROR_NOT_SUPPORTED PSA MAC verify, driver reports error: CMAC-AES-128 From 72f736a1912cf85dab2c488a9433f84e300ce901 Mon Sep 17 00:00:00 2001 From: Steven Cooreman Date: Fri, 7 May 2021 14:14:37 +0200 Subject: [PATCH 077/188] Move is_sign and mac_size checking back to PSA core scope It makes sense to do the length checking in the core rather than expect each driver to deal with it themselves. This puts the onus on the core to dictate which algorithm/key combinations are valid before calling a driver. Additionally, this commit also updates the psa_mac_sign_finish function to better deal with output buffer sanitation, as per the review comments on #4247. Signed-off-by: Steven Cooreman --- include/psa/crypto_builtin_composites.h | 4 +- include/psa/crypto_struct.h | 4 +- library/psa_crypto.c | 72 +++++++++++++++++++------ library/psa_crypto_mac.c | 62 ++++++++------------- library/psa_crypto_mac.h | 21 +++++--- 5 files changed, 94 insertions(+), 69 deletions(-) diff --git a/include/psa/crypto_builtin_composites.h b/include/psa/crypto_builtin_composites.h index f968c169e8..1d11b003e4 100644 --- a/include/psa/crypto_builtin_composites.h +++ b/include/psa/crypto_builtin_composites.h @@ -62,8 +62,6 @@ typedef struct typedef struct { psa_algorithm_t alg; - unsigned int is_sign : 1; - uint8_t mac_size; union { unsigned dummy; /* Make the union non-empty even with no supported algorithms. */ @@ -76,7 +74,7 @@ typedef struct } ctx; } mbedtls_psa_mac_operation_t; -#define MBEDTLS_PSA_MAC_OPERATION_INIT {0, 0, 0, 0, {0}} +#define MBEDTLS_PSA_MAC_OPERATION_INIT {0, {0}} /* * BEYOND THIS POINT, TEST DRIVER DECLARATIONS ONLY. diff --git a/include/psa/crypto_struct.h b/include/psa/crypto_struct.h index fc7e7785cc..47012fdd00 100644 --- a/include/psa/crypto_struct.h +++ b/include/psa/crypto_struct.h @@ -137,10 +137,12 @@ struct psa_mac_operation_s * ID value zero means the context is not valid or not assigned to * any driver (i.e. none of the driver contexts are active). */ unsigned int id; + uint8_t mac_size; + unsigned int is_sign : 1; psa_driver_mac_context_t ctx; }; -#define PSA_MAC_OPERATION_INIT {0, {0}} +#define PSA_MAC_OPERATION_INIT {0, 0, 0, {0}} static inline struct psa_mac_operation_s psa_mac_operation_init( void ) { const struct psa_mac_operation_s v = PSA_MAC_OPERATION_INIT; diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 1d33f6b63b..4b769e9f6f 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -2240,6 +2240,8 @@ psa_status_t psa_mac_abort( psa_mac_operation_t *operation ) return( PSA_SUCCESS ); psa_status_t status = psa_driver_wrapper_mac_abort( operation ); + operation->mac_size = 0; + operation->is_sign = 0; operation->id = 0; return( status ); @@ -2253,7 +2255,6 @@ static psa_status_t psa_mac_setup( psa_mac_operation_t *operation, psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED; psa_key_slot_t *slot; - size_t mac_size; /* A context must be freshly initialized before it can be set up. */ if( operation->id != 0 ) @@ -2279,12 +2280,15 @@ static psa_status_t psa_mac_setup( psa_mac_operation_t *operation, if( status != PSA_SUCCESS ) goto exit; + operation->is_sign = is_sign; + /* Get the output length for the algorithm and key combination. None of the * currently supported algorithms have an output length dependent on actual * key size, so setting it to a bogus value is currently OK. */ - mac_size = PSA_MAC_LENGTH( psa_get_key_type( &attributes ), 0, alg ); + operation->mac_size = PSA_MAC_LENGTH( + psa_get_key_type( &attributes ), 0, alg ); - if( mac_size < 4 ) + if( operation->mac_size < 4 ) { /* A very short MAC is too short for security since it can be * brute-forced. Ancient protocols with 32-bit MACs do exist, @@ -2294,8 +2298,9 @@ static psa_status_t psa_mac_setup( psa_mac_operation_t *operation, goto exit; } - if( mac_size > PSA_MAC_LENGTH( psa_get_key_type( &attributes ), 0, - PSA_ALG_FULL_LENGTH_MAC( alg ) ) ) + if( operation->mac_size > PSA_MAC_LENGTH( psa_get_key_type( &attributes ), + 0, + PSA_ALG_FULL_LENGTH_MAC( alg ) ) ) { /* It's impossible to "truncate" to a larger length than the full length * of the algorithm. */ @@ -2372,26 +2377,45 @@ psa_status_t psa_mac_sign_finish( psa_mac_operation_t *operation, psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; psa_status_t abort_status = PSA_ERROR_CORRUPTION_DETECTED; + /* Set the output length and content to a safe default, such that in + * case the caller misses an error check, the output would be an + * unachievable MAC. */ + *mac_length = mac_size; + if( operation->id == 0 ) return( PSA_ERROR_BAD_STATE ); - /* Fill the output buffer with something that isn't a valid mac - * (barring an attack on the mac and deliberately-crafted input), - * in case the caller doesn't check the return status properly. */ - *mac_length = mac_size; - /* If mac_size is 0 then mac may be NULL and then the - * call to memset would have undefined behavior. */ - if( mac_size != 0 ) - memset( mac, '!', mac_size ); + if( ! operation->is_sign ) + return( PSA_ERROR_BAD_STATE ); + + /* Sanity checks on output buffer length. */ + if( mac_size == 0 || mac_size < operation->mac_size ) + return( PSA_ERROR_BUFFER_TOO_SMALL ); status = psa_driver_wrapper_mac_sign_finish( operation, - mac, mac_size, mac_length ); + mac, operation->mac_size, + mac_length ); + + if( status == PSA_SUCCESS ) + { + /* Set the excess room in the output buffer to an invalid value, to + * avoid potentially leaking a longer MAC. */ + if( mac_size > operation->mac_size ) + memset( &mac[operation->mac_size], + '!', + mac_size - operation->mac_size ); + } + else + { + /* Set the output length and content to a safe default, such that in + * case the caller misses an error check, the output would be an + * unachievable MAC. */ + *mac_length = mac_size; + memset( mac, '!', mac_size ); + } abort_status = psa_mac_abort( operation ); - if( status != PSA_SUCCESS && mac_size > 0 ) - memset( mac, '!', mac_size ); - return( status == PSA_SUCCESS ? abort_status : status ); } @@ -2405,8 +2429,19 @@ psa_status_t psa_mac_verify_finish( psa_mac_operation_t *operation, if( operation->id == 0 ) return( PSA_ERROR_BAD_STATE ); + if( operation->is_sign ) + return( PSA_ERROR_BAD_STATE ); + + if( operation->mac_size != mac_length ) + { + status = PSA_ERROR_INVALID_SIGNATURE; + goto cleanup; + } + status = psa_driver_wrapper_mac_verify_finish( operation, mac, mac_length ); + +cleanup: abort_status = psa_mac_abort( operation ); return( status == PSA_SUCCESS ? abort_status : status ); @@ -3199,6 +3234,9 @@ static psa_status_t psa_key_derivation_start_hmac( psa_set_key_bits( &attributes, PSA_BYTES_TO_BITS( hmac_key_length ) ); psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_SIGN_HASH ); + operation->is_sign = 1; + operation->mac_size = PSA_HASH_LENGTH( hash_alg ); + status = psa_driver_wrapper_mac_sign_setup( operation, &attributes, hmac_key, hmac_key_length, diff --git a/library/psa_crypto_mac.c b/library/psa_crypto_mac.c index 3d7f70bacb..6753dedf54 100644 --- a/library/psa_crypto_mac.c +++ b/library/psa_crypto_mac.c @@ -229,11 +229,10 @@ static psa_status_t mac_init( { psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - operation->alg = PSA_ALG_FULL_LENGTH_MAC( alg ); - operation->is_sign = 0; + operation->alg = alg; #if defined(BUILTIN_ALG_CMAC) - if( operation->alg == PSA_ALG_CMAC ) + if( PSA_ALG_FULL_LENGTH_MAC( operation->alg ) == PSA_ALG_CMAC ) { mbedtls_cipher_init( &operation->ctx.cmac ); status = PSA_SUCCESS; @@ -269,7 +268,7 @@ static psa_status_t mac_abort( mbedtls_psa_mac_operation_t *operation ) } else #if defined(BUILTIN_ALG_CMAC) - if( operation->alg == PSA_ALG_CMAC ) + if( PSA_ALG_FULL_LENGTH_MAC( operation->alg ) == PSA_ALG_CMAC ) { mbedtls_cipher_free( &operation->ctx.cmac ); } @@ -289,7 +288,6 @@ static psa_status_t mac_abort( mbedtls_psa_mac_operation_t *operation ) } operation->alg = 0; - operation->is_sign = 0; return( PSA_SUCCESS ); @@ -306,8 +304,7 @@ static psa_status_t mac_setup( mbedtls_psa_mac_operation_t *operation, const psa_key_attributes_t *attributes, const uint8_t *key_buffer, size_t key_buffer_size, - psa_algorithm_t alg, - int is_sign ) + psa_algorithm_t alg ) { psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; @@ -318,13 +315,6 @@ static psa_status_t mac_setup( mbedtls_psa_mac_operation_t *operation, status = mac_init( operation, alg ); if( status != PSA_SUCCESS ) return( status ); - operation->is_sign = is_sign; - - /* Get the output length for the algorithm and key combination. None of the - * currently supported algorithms have an output length dependent on actual - * key size, so setting it to a bogus value is currently OK. */ - operation->mac_size = - PSA_MAC_LENGTH( psa_get_key_type( attributes ), 0, alg ); #if defined(BUILTIN_ALG_CMAC) if( PSA_ALG_FULL_LENGTH_MAC( alg ) == PSA_ALG_CMAC ) @@ -340,7 +330,8 @@ static psa_status_t mac_setup( mbedtls_psa_mac_operation_t *operation, if( PSA_ALG_IS_HMAC( alg ) ) { /* Sanity check. This shouldn't fail on a valid configuration. */ - if( operation->mac_size > sizeof( operation->ctx.hmac.opad ) ) + if( PSA_MAC_LENGTH( psa_get_key_type( attributes ), 0, alg ) > + sizeof( operation->ctx.hmac.opad ) ) { status = PSA_ERROR_NOT_SUPPORTED; goto exit; @@ -363,7 +354,6 @@ static psa_status_t mac_setup( mbedtls_psa_mac_operation_t *operation, status = PSA_ERROR_NOT_SUPPORTED; } -exit: if( status != PSA_SUCCESS ) mac_abort( operation ); @@ -401,8 +391,8 @@ static psa_status_t mac_sign_setup( size_t key_buffer_size, psa_algorithm_t alg ) { - return( mac_setup( operation, attributes, key_buffer, key_buffer_size, alg, - 1 ) ); + return( mac_setup( operation, + attributes, key_buffer, key_buffer_size, alg ) ); } static psa_status_t mac_verify_setup( @@ -412,8 +402,8 @@ static psa_status_t mac_verify_setup( size_t key_buffer_size, psa_algorithm_t alg ) { - return( mac_setup( operation, attributes, key_buffer, key_buffer_size, alg, - 0 ) ); + return( mac_setup( operation, + attributes, key_buffer, key_buffer_size, alg ) ); } static psa_status_t mac_update( @@ -425,7 +415,7 @@ static psa_status_t mac_update( return( PSA_ERROR_BAD_STATE ); #if defined(BUILTIN_ALG_CMAC) - if( operation->alg == PSA_ALG_CMAC ) + if( PSA_ALG_FULL_LENGTH_MAC( operation->alg ) == PSA_ALG_CMAC ) { return( mbedtls_to_psa_error( mbedtls_cipher_cmac_update( &operation->ctx.cmac, @@ -452,16 +442,13 @@ static psa_status_t mac_finish_internal( mbedtls_psa_mac_operation_t *operation, uint8_t *mac, size_t mac_size ) { - if( mac_size < operation->mac_size ) - return( PSA_ERROR_BUFFER_TOO_SMALL ); - #if defined(BUILTIN_ALG_CMAC) - if( operation->alg == PSA_ALG_CMAC ) + if( PSA_ALG_FULL_LENGTH_MAC( operation->alg ) == PSA_ALG_CMAC ) { uint8_t tmp[PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE]; int ret = mbedtls_cipher_cmac_finish( &operation->ctx.cmac, tmp ); if( ret == 0 ) - memcpy( mac, tmp, operation->mac_size ); + memcpy( mac, tmp, mac_size ); mbedtls_platform_zeroize( tmp, sizeof( tmp ) ); return( mbedtls_to_psa_error( ret ) ); } @@ -471,13 +458,16 @@ static psa_status_t mac_finish_internal( mbedtls_psa_mac_operation_t *operation, if( PSA_ALG_IS_HMAC( operation->alg ) ) { return( psa_hmac_finish_internal( &operation->ctx.hmac, - mac, operation->mac_size ) ); + mac, mac_size ) ); } else #endif /* BUILTIN_ALG_HMAC */ { /* This shouldn't happen if `operation` was initialized by * a setup function. */ + (void) operation; + (void) mac; + (void) mac_size; return( PSA_ERROR_BAD_STATE ); } } @@ -493,13 +483,10 @@ static psa_status_t mac_sign_finish( if( operation->alg == 0 ) return( PSA_ERROR_BAD_STATE ); - if( ! operation->is_sign ) - return( PSA_ERROR_BAD_STATE ); - status = mac_finish_internal( operation, mac, mac_size ); if( status == PSA_SUCCESS ) - *mac_length = operation->mac_size; + *mac_length = mac_size; return( status ); } @@ -515,16 +502,11 @@ static psa_status_t mac_verify_finish( if( operation->alg == 0 ) return( PSA_ERROR_BAD_STATE ); - if( operation->is_sign ) - return( PSA_ERROR_BAD_STATE ); + /* Consistency check: requested MAC length fits our local buffer */ + if( mac_length > sizeof( actual_mac ) ) + return( PSA_ERROR_INVALID_ARGUMENT ); - if( operation->mac_size != mac_length ) - { - status = PSA_ERROR_INVALID_SIGNATURE; - goto cleanup; - } - - status = mac_finish_internal( operation, actual_mac, sizeof( actual_mac ) ); + status = mac_finish_internal( operation, actual_mac, mac_length ); if( status != PSA_SUCCESS ) goto cleanup; diff --git a/library/psa_crypto_mac.h b/library/psa_crypto_mac.h index 4635fe1d7b..9b81e73e02 100644 --- a/library/psa_crypto_mac.h +++ b/library/psa_crypto_mac.h @@ -182,13 +182,15 @@ psa_status_t mbedtls_psa_mac_update( * * \param[in,out] operation Active MAC operation. * \param[out] mac Buffer where the MAC value is to be written. - * \param mac_size Size of the \p mac buffer in bytes. - * \param[out] mac_length On success, the number of bytes - * that make up the MAC value. This is always - * #PSA_MAC_LENGTH(\c key_type, \c key_bits, \c alg) - * where \c key_type and \c key_bits are the type and - * bit-size respectively of the key and \c alg is the - * MAC algorithm that is calculated. + * \param mac_size Output size requested for the MAC algorithm. The PSA + * core guarantees this is a valid MAC length for the + * algorithm and key combination passed to + * mbedtls_psa_mac_sign_setup(). It also guarantees the + * \p mac buffer is large enough to contain the + * requested output size. + * \param[out] mac_length On success, the number of bytes output to buffer + * \p mac, which will be equal to the requested length + * \p mac_size. * * \retval #PSA_SUCCESS * Success. @@ -226,7 +228,10 @@ psa_status_t mbedtls_psa_mac_sign_finish( * * \param[in,out] operation Active MAC operation. * \param[in] mac Buffer containing the expected MAC value. - * \param mac_length Size of the \p mac buffer in bytes. + * \param mac_length Length in bytes of the expected MAC value. The PSA + * core guarantees that this length is a valid MAC + * length for the algorithm and key combination passed + * to mbedtls_psa_mac_verify_setup(). * * \retval #PSA_SUCCESS * The expected MAC is identical to the actual MAC of the message. From 2f60f20884d9659d0bf687fc3e0eba34226b8b19 Mon Sep 17 00:00:00 2001 From: Steven Cooreman Date: Fri, 7 May 2021 15:44:46 +0200 Subject: [PATCH 078/188] Remove superfluous checking from MAC driver The PSA core checks the key type and algorithm combination before calling the driver, so the driver doesn't have to do this once more. The PSA core will also not start an operation with a requested length which is larger than the full MAC output size, so the output length check in the driver isn't needed as long as the driver returns an error on mac_setup if it doesn't support the underlying hash algorithm. Signed-off-by: Steven Cooreman --- library/psa_crypto_mac.c | 14 -------------- 1 file changed, 14 deletions(-) diff --git a/library/psa_crypto_mac.c b/library/psa_crypto_mac.c index 6753dedf54..32ab88535d 100644 --- a/library/psa_crypto_mac.c +++ b/library/psa_crypto_mac.c @@ -329,20 +329,6 @@ static psa_status_t mac_setup( mbedtls_psa_mac_operation_t *operation, #if defined(BUILTIN_ALG_HMAC) if( PSA_ALG_IS_HMAC( alg ) ) { - /* Sanity check. This shouldn't fail on a valid configuration. */ - if( PSA_MAC_LENGTH( psa_get_key_type( attributes ), 0, alg ) > - sizeof( operation->ctx.hmac.opad ) ) - { - status = PSA_ERROR_NOT_SUPPORTED; - goto exit; - } - - if( psa_get_key_type( attributes ) != PSA_KEY_TYPE_HMAC ) - { - status = PSA_ERROR_INVALID_ARGUMENT; - goto exit; - } - status = psa_hmac_setup_internal( &operation->ctx.hmac, key_buffer, key_buffer_size, From 02865f5cbb1eb22b4d2deb75e3d0cbbe7bb602dc Mon Sep 17 00:00:00 2001 From: Steven Cooreman Date: Fri, 7 May 2021 15:55:27 +0200 Subject: [PATCH 079/188] Use the proper define guards in the MAC driver Signed-off-by: Steven Cooreman --- library/psa_crypto_mac.c | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/library/psa_crypto_mac.c b/library/psa_crypto_mac.c index 32ab88535d..9c44c237f0 100644 --- a/library/psa_crypto_mac.c +++ b/library/psa_crypto_mac.c @@ -41,7 +41,7 @@ #define BUILTIN_ALG_HMAC 1 #endif -#if defined(MBEDTLS_PSA_BUILTIN_ALG_HMAC) || defined(PSA_CRYPTO_DRIVER_TEST) +#if defined(BUILTIN_ALG_HMAC) static size_t psa_get_hash_block_size( psa_algorithm_t alg ) { switch( alg ) @@ -187,11 +187,7 @@ exit: mbedtls_platform_zeroize( tmp, hash_size ); return( status ); } -#endif /* MBEDTLS_PSA_BUILTIN_ALG_HMAC || PSA_CRYPTO_DRIVER_TEST */ - -/* Implement the PSA driver MAC interface on top of mbed TLS if either the - * software driver or the test driver requires it. */ -#if defined(MBEDTLS_PSA_BUILTIN_MAC) || defined(PSA_CRYPTO_DRIVER_TEST) +#endif /* BUILTIN_ALG_HMAC */ #if defined(BUILTIN_ALG_CMAC) static psa_status_t cmac_setup( mbedtls_psa_mac_operation_t *operation, @@ -221,6 +217,10 @@ exit: } #endif /* BUILTIN_ALG_CMAC */ +/* Implement the PSA driver MAC interface on top of mbed TLS if either the + * software driver or the test driver requires it. */ +#if defined(BUILTIN_ALG_HMAC) || defined(BUILTIN_ALG_CMAC) + /* Initialize this driver's MAC operation structure. Once this function has been * called, mbedtls_psa_mac_abort can run and will do the right thing. */ static psa_status_t mac_init( @@ -504,7 +504,7 @@ cleanup: return( status ); } -#endif /* MBEDTLS_PSA_BUILTIN_MAC || PSA_CRYPTO_DRIVER_TEST */ +#endif /* BUILTIN_ALG_HMAC || BUILTIN_ALG_CMAC */ #if defined(MBEDTLS_PSA_BUILTIN_MAC) psa_status_t mbedtls_psa_mac_compute( From 0c239659772634a01e9ebec8400e4ba4193e811b Mon Sep 17 00:00:00 2001 From: Steven Cooreman Date: Fri, 7 May 2021 17:27:27 +0200 Subject: [PATCH 080/188] Add sanity tests for CMAC-(3)DES through PSA Crypto Signed-off-by: Steven Cooreman --- library/psa_crypto_mac.c | 10 ++++++++++ tests/suites/test_suite_psa_crypto.data | 16 ++++++++++++++++ 2 files changed, 26 insertions(+) diff --git a/library/psa_crypto_mac.c b/library/psa_crypto_mac.c index 9c44c237f0..69724727a6 100644 --- a/library/psa_crypto_mac.c +++ b/library/psa_crypto_mac.c @@ -195,6 +195,16 @@ static psa_status_t cmac_setup( mbedtls_psa_mac_operation_t *operation, const uint8_t *key_buffer ) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + +#if defined(PSA_WANT_KEY_TYPE_DES) + /* Mbed TLS CMAC does not accept 3DES with only two keys, nor does it accept + * to do CMAC with pure DES, so return NOT_SUPPORTED here. */ + if( psa_get_key_type( attributes ) == PSA_KEY_TYPE_DES && + ( psa_get_key_bits( attributes ) == 64 || + psa_get_key_bits( attributes ) == 128 ) ) + return( PSA_ERROR_NOT_SUPPORTED ); +#endif + const mbedtls_cipher_info_t * cipher_info = mbedtls_cipher_info_from_psa( PSA_ALG_CMAC, diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data index 944ef23861..7b86185b9b 100644 --- a/tests/suites/test_suite_psa_crypto.data +++ b/tests/suites/test_suite_psa_crypto.data @@ -1294,6 +1294,22 @@ PSA MAC verify: HMAC-SHA-512, truncated to 4 bytes depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_512:PSA_WANT_KEY_TYPE_HMAC mac_verify:PSA_KEY_TYPE_HMAC:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_ALG_TRUNCATED_MAC(PSA_ALG_HMAC(PSA_ALG_SHA_512), 4):"4869205468657265":"87aa7cde" +PSA MAC sign: CMAC-3DES (CAVP vector #95) +depends_on:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_DES +mac_sign:PSA_KEY_TYPE_DES:"7c34e67a2a8fef581cc4f7dceaea130dad52c189739e401f":PSA_ALG_CMAC:"eb3365a0a9d141270334065547418fe64c47823c024082b94d54a66d149f2af1":"e1d7c3736739e726" + +PSA MAC verify: CMAC-3DES (CAVP vector #95) +depends_on:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_DES +mac_verify:PSA_KEY_TYPE_DES:"7c34e67a2a8fef581cc4f7dceaea130dad52c189739e401f":PSA_ALG_CMAC:"eb3365a0a9d141270334065547418fe64c47823c024082b94d54a66d149f2af1":"e1d7c3736739e726" + +PSA MAC: CMAC-3DES-2key (not supported in PSA) +depends_on:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_DES +mac_setup:PSA_KEY_TYPE_DES:"89fe91f1c1ef2f01efc4c18f5715894c":PSA_ALG_CMAC:PSA_ERROR_NOT_SUPPORTED + +PSA MAC: CMAC-DES (not supported in PSA) +depends_on:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_DES +mac_setup:PSA_KEY_TYPE_DES:"89fe91f1c1ef2f01":PSA_ALG_CMAC:PSA_ERROR_NOT_SUPPORTED + PSA MAC sign: CMAC-AES-128 depends_on:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES mac_sign:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":PSA_ALG_CMAC:"6bc1bee22e409f96e93d7e117393172aae2d8a571e03ac9c9eb76fac45af8e5130c81c46a35ce411":"dfa66747de9ae63030ca32611497c827" From b29902ac9f11fdaaa17317b654625a5d1e7e4e89 Mon Sep 17 00:00:00 2001 From: Steven Cooreman Date: Mon, 10 May 2021 09:47:05 +0200 Subject: [PATCH 081/188] Correctly mark unused arguments when MAC algorithms are compiled out Signed-off-by: Steven Cooreman --- library/psa_crypto_mac.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/library/psa_crypto_mac.c b/library/psa_crypto_mac.c index 69724727a6..9db9a37e52 100644 --- a/library/psa_crypto_mac.c +++ b/library/psa_crypto_mac.c @@ -347,6 +347,9 @@ static psa_status_t mac_setup( mbedtls_psa_mac_operation_t *operation, else #endif /* BUILTIN_ALG_HMAC */ { + (void) attributes; + (void) key_buffer; + (void) key_buffer_size; status = PSA_ERROR_NOT_SUPPORTED; } @@ -430,6 +433,8 @@ static psa_status_t mac_update( { /* This shouldn't happen if `operation` was initialized by * a setup function. */ + (void) input; + (void) input_length; return( PSA_ERROR_BAD_STATE ); } } From d1a68f10c0e01e9d601f961f899bab8ebe461404 Mon Sep 17 00:00:00 2001 From: Steven Cooreman Date: Mon, 10 May 2021 11:13:41 +0200 Subject: [PATCH 082/188] Supply actual key bits to PSA_MAC_LENGTH during MAC setup Signed-off-by: Steven Cooreman --- library/psa_crypto.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 4b769e9f6f..c0e0976e8a 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -2282,11 +2282,11 @@ static psa_status_t psa_mac_setup( psa_mac_operation_t *operation, operation->is_sign = is_sign; - /* Get the output length for the algorithm and key combination. None of the - * currently supported algorithms have an output length dependent on actual - * key size, so setting it to a bogus value is currently OK. */ + /* Get the output length for the algorithm and key combination */ operation->mac_size = PSA_MAC_LENGTH( - psa_get_key_type( &attributes ), 0, alg ); + psa_get_key_type( &attributes ), + psa_get_key_bits( &attributes ), + alg ); if( operation->mac_size < 4 ) { @@ -2299,7 +2299,7 @@ static psa_status_t psa_mac_setup( psa_mac_operation_t *operation, } if( operation->mac_size > PSA_MAC_LENGTH( psa_get_key_type( &attributes ), - 0, + psa_get_key_bits( &attributes ), PSA_ALG_FULL_LENGTH_MAC( alg ) ) ) { /* It's impossible to "truncate" to a larger length than the full length From ae3ec52d8d2f9d0ea080be1540de2f7bf6291ad0 Mon Sep 17 00:00:00 2001 From: Steven Cooreman Date: Mon, 10 May 2021 11:18:20 +0200 Subject: [PATCH 083/188] Apply mbedtls namespacing to MAC driver test hooks Signed-off-by: Steven Cooreman --- tests/include/test/drivers/mac.h | 9 +- tests/src/drivers/test_driver_mac.c | 171 +++++++++--------- ..._suite_psa_crypto_driver_wrappers.function | 40 ++-- 3 files changed, 111 insertions(+), 109 deletions(-) diff --git a/tests/include/test/drivers/mac.h b/tests/include/test/drivers/mac.h index e4c750bd61..7733dd341c 100644 --- a/tests/include/test/drivers/mac.h +++ b/tests/include/test/drivers/mac.h @@ -37,16 +37,17 @@ typedef struct { unsigned long hits; /* Status returned by the last MAC driver function call. */ psa_status_t driver_status; -} test_driver_mac_hooks_t; +} mbedtls_test_driver_mac_hooks_t; #define MBEDTLS_TEST_DRIVER_MAC_INIT { 0, 0, 0 } -static inline test_driver_mac_hooks_t test_driver_mac_hooks_init( void ) +static inline mbedtls_test_driver_mac_hooks_t + mbedtls_test_driver_mac_hooks_init( void ) { - const test_driver_mac_hooks_t v = MBEDTLS_TEST_DRIVER_MAC_INIT; + const mbedtls_test_driver_mac_hooks_t v = MBEDTLS_TEST_DRIVER_MAC_INIT; return( v ); } -extern test_driver_mac_hooks_t test_driver_mac_hooks; +extern mbedtls_test_driver_mac_hooks_t mbedtls_test_driver_mac_hooks; psa_status_t mbedtls_test_transparent_mac_compute( const psa_key_attributes_t *attributes, diff --git a/tests/src/drivers/test_driver_mac.c b/tests/src/drivers/test_driver_mac.c index 4e26e9f21e..69af107809 100644 --- a/tests/src/drivers/test_driver_mac.c +++ b/tests/src/drivers/test_driver_mac.c @@ -28,7 +28,8 @@ #include "test/drivers/mac.h" -test_driver_mac_hooks_t test_driver_mac_hooks = MBEDTLS_TEST_DRIVER_MAC_INIT; +mbedtls_test_driver_mac_hooks_t mbedtls_test_driver_mac_hooks = + MBEDTLS_TEST_DRIVER_MAC_INIT; psa_status_t mbedtls_test_transparent_mac_compute( const psa_key_attributes_t *attributes, @@ -41,23 +42,23 @@ psa_status_t mbedtls_test_transparent_mac_compute( size_t mac_size, size_t *mac_length ) { - test_driver_mac_hooks.hits++; + mbedtls_test_driver_mac_hooks.hits++; - if( test_driver_mac_hooks.forced_status != PSA_SUCCESS ) + if( mbedtls_test_driver_mac_hooks.forced_status != PSA_SUCCESS ) { - test_driver_mac_hooks.driver_status = - test_driver_mac_hooks.forced_status; + mbedtls_test_driver_mac_hooks.driver_status = + mbedtls_test_driver_mac_hooks.forced_status; } else { - test_driver_mac_hooks.driver_status = + mbedtls_test_driver_mac_hooks.driver_status = mbedtls_transparent_test_driver_mac_compute( attributes, key_buffer, key_buffer_size, alg, input, input_length, mac, mac_size, mac_length ); } - return( test_driver_mac_hooks.driver_status ); + return( mbedtls_test_driver_mac_hooks.driver_status ); } psa_status_t mbedtls_test_transparent_mac_sign_setup( @@ -67,21 +68,21 @@ psa_status_t mbedtls_test_transparent_mac_sign_setup( size_t key_buffer_size, psa_algorithm_t alg ) { - test_driver_mac_hooks.hits++; + mbedtls_test_driver_mac_hooks.hits++; - if( test_driver_mac_hooks.forced_status != PSA_SUCCESS ) + if( mbedtls_test_driver_mac_hooks.forced_status != PSA_SUCCESS ) { - test_driver_mac_hooks.driver_status = - test_driver_mac_hooks.forced_status; + mbedtls_test_driver_mac_hooks.driver_status = + mbedtls_test_driver_mac_hooks.forced_status; } else { - test_driver_mac_hooks.driver_status = + mbedtls_test_driver_mac_hooks.driver_status = mbedtls_transparent_test_driver_mac_sign_setup( operation, attributes, key_buffer, key_buffer_size, alg ); } - return( test_driver_mac_hooks.driver_status ); + return( mbedtls_test_driver_mac_hooks.driver_status ); } psa_status_t mbedtls_test_transparent_mac_verify_setup( @@ -91,21 +92,21 @@ psa_status_t mbedtls_test_transparent_mac_verify_setup( size_t key_buffer_size, psa_algorithm_t alg ) { - test_driver_mac_hooks.hits++; + mbedtls_test_driver_mac_hooks.hits++; - if( test_driver_mac_hooks.forced_status != PSA_SUCCESS ) + if( mbedtls_test_driver_mac_hooks.forced_status != PSA_SUCCESS ) { - test_driver_mac_hooks.driver_status = - test_driver_mac_hooks.forced_status; + mbedtls_test_driver_mac_hooks.driver_status = + mbedtls_test_driver_mac_hooks.forced_status; } else { - test_driver_mac_hooks.driver_status = + mbedtls_test_driver_mac_hooks.driver_status = mbedtls_transparent_test_driver_mac_verify_setup( operation, attributes, key_buffer, key_buffer_size, alg ); } - return( test_driver_mac_hooks.driver_status ); + return( mbedtls_test_driver_mac_hooks.driver_status ); } psa_status_t mbedtls_test_transparent_mac_update( @@ -113,21 +114,21 @@ psa_status_t mbedtls_test_transparent_mac_update( const uint8_t *input, size_t input_length ) { - test_driver_mac_hooks.hits++; + mbedtls_test_driver_mac_hooks.hits++; - if( test_driver_mac_hooks.forced_status != PSA_SUCCESS ) + if( mbedtls_test_driver_mac_hooks.forced_status != PSA_SUCCESS ) { - test_driver_mac_hooks.driver_status = - test_driver_mac_hooks.forced_status; + mbedtls_test_driver_mac_hooks.driver_status = + mbedtls_test_driver_mac_hooks.forced_status; } else { - test_driver_mac_hooks.driver_status = + mbedtls_test_driver_mac_hooks.driver_status = mbedtls_transparent_test_driver_mac_update( operation, input, input_length ); } - return( test_driver_mac_hooks.driver_status ); + return( mbedtls_test_driver_mac_hooks.driver_status ); } psa_status_t mbedtls_test_transparent_mac_sign_finish( @@ -136,21 +137,21 @@ psa_status_t mbedtls_test_transparent_mac_sign_finish( size_t mac_size, size_t *mac_length ) { - test_driver_mac_hooks.hits++; + mbedtls_test_driver_mac_hooks.hits++; - if( test_driver_mac_hooks.forced_status != PSA_SUCCESS ) + if( mbedtls_test_driver_mac_hooks.forced_status != PSA_SUCCESS ) { - test_driver_mac_hooks.driver_status = - test_driver_mac_hooks.forced_status; + mbedtls_test_driver_mac_hooks.driver_status = + mbedtls_test_driver_mac_hooks.forced_status; } else { - test_driver_mac_hooks.driver_status = + mbedtls_test_driver_mac_hooks.driver_status = mbedtls_transparent_test_driver_mac_sign_finish( operation, mac, mac_size, mac_length ); } - return( test_driver_mac_hooks.driver_status ); + return( mbedtls_test_driver_mac_hooks.driver_status ); } psa_status_t mbedtls_test_transparent_mac_verify_finish( @@ -158,40 +159,40 @@ psa_status_t mbedtls_test_transparent_mac_verify_finish( const uint8_t *mac, size_t mac_length ) { - test_driver_mac_hooks.hits++; + mbedtls_test_driver_mac_hooks.hits++; - if( test_driver_mac_hooks.forced_status != PSA_SUCCESS ) + if( mbedtls_test_driver_mac_hooks.forced_status != PSA_SUCCESS ) { - test_driver_mac_hooks.driver_status = - test_driver_mac_hooks.forced_status; + mbedtls_test_driver_mac_hooks.driver_status = + mbedtls_test_driver_mac_hooks.forced_status; } else { - test_driver_mac_hooks.driver_status = + mbedtls_test_driver_mac_hooks.driver_status = mbedtls_transparent_test_driver_mac_verify_finish( operation, mac, mac_length ); } - return( test_driver_mac_hooks.driver_status ); + return( mbedtls_test_driver_mac_hooks.driver_status ); } psa_status_t mbedtls_test_transparent_mac_abort( mbedtls_transparent_test_driver_mac_operation_t *operation ) { - test_driver_mac_hooks.hits++; + mbedtls_test_driver_mac_hooks.hits++; - if( test_driver_mac_hooks.forced_status != PSA_SUCCESS ) + if( mbedtls_test_driver_mac_hooks.forced_status != PSA_SUCCESS ) { - test_driver_mac_hooks.driver_status = - test_driver_mac_hooks.forced_status; + mbedtls_test_driver_mac_hooks.driver_status = + mbedtls_test_driver_mac_hooks.forced_status; } else { - test_driver_mac_hooks.driver_status = + mbedtls_test_driver_mac_hooks.driver_status = mbedtls_transparent_test_driver_mac_abort( operation ); } - return( test_driver_mac_hooks.driver_status ); + return( mbedtls_test_driver_mac_hooks.driver_status ); } psa_status_t mbedtls_test_opaque_mac_compute( @@ -205,23 +206,23 @@ psa_status_t mbedtls_test_opaque_mac_compute( size_t mac_size, size_t *mac_length ) { - test_driver_mac_hooks.hits++; + mbedtls_test_driver_mac_hooks.hits++; - if( test_driver_mac_hooks.forced_status != PSA_SUCCESS ) + if( mbedtls_test_driver_mac_hooks.forced_status != PSA_SUCCESS ) { - test_driver_mac_hooks.driver_status = - test_driver_mac_hooks.forced_status; + mbedtls_test_driver_mac_hooks.driver_status = + mbedtls_test_driver_mac_hooks.forced_status; } else { - test_driver_mac_hooks.driver_status = + mbedtls_test_driver_mac_hooks.driver_status = mbedtls_opaque_test_driver_mac_compute( attributes, key_buffer, key_buffer_size, alg, input, input_length, mac, mac_size, mac_length ); } - return( test_driver_mac_hooks.driver_status ); + return( mbedtls_test_driver_mac_hooks.driver_status ); } psa_status_t mbedtls_test_opaque_mac_sign_setup( @@ -231,21 +232,21 @@ psa_status_t mbedtls_test_opaque_mac_sign_setup( size_t key_buffer_size, psa_algorithm_t alg ) { - test_driver_mac_hooks.hits++; + mbedtls_test_driver_mac_hooks.hits++; - if( test_driver_mac_hooks.forced_status != PSA_SUCCESS ) + if( mbedtls_test_driver_mac_hooks.forced_status != PSA_SUCCESS ) { - test_driver_mac_hooks.driver_status = - test_driver_mac_hooks.forced_status; + mbedtls_test_driver_mac_hooks.driver_status = + mbedtls_test_driver_mac_hooks.forced_status; } else { - test_driver_mac_hooks.driver_status = + mbedtls_test_driver_mac_hooks.driver_status = mbedtls_opaque_test_driver_mac_sign_setup( operation, attributes, key_buffer, key_buffer_size, alg ); } - return( test_driver_mac_hooks.driver_status ); + return( mbedtls_test_driver_mac_hooks.driver_status ); } psa_status_t mbedtls_test_opaque_mac_verify_setup( @@ -255,21 +256,21 @@ psa_status_t mbedtls_test_opaque_mac_verify_setup( size_t key_buffer_size, psa_algorithm_t alg ) { - test_driver_mac_hooks.hits++; + mbedtls_test_driver_mac_hooks.hits++; - if( test_driver_mac_hooks.forced_status != PSA_SUCCESS ) + if( mbedtls_test_driver_mac_hooks.forced_status != PSA_SUCCESS ) { - test_driver_mac_hooks.driver_status = - test_driver_mac_hooks.forced_status; + mbedtls_test_driver_mac_hooks.driver_status = + mbedtls_test_driver_mac_hooks.forced_status; } else { - test_driver_mac_hooks.driver_status = + mbedtls_test_driver_mac_hooks.driver_status = mbedtls_opaque_test_driver_mac_verify_setup( operation, attributes, key_buffer, key_buffer_size, alg ); } - return( test_driver_mac_hooks.driver_status ); + return( mbedtls_test_driver_mac_hooks.driver_status ); } psa_status_t mbedtls_test_opaque_mac_update( @@ -277,21 +278,21 @@ psa_status_t mbedtls_test_opaque_mac_update( const uint8_t *input, size_t input_length ) { - test_driver_mac_hooks.hits++; + mbedtls_test_driver_mac_hooks.hits++; - if( test_driver_mac_hooks.forced_status != PSA_SUCCESS ) + if( mbedtls_test_driver_mac_hooks.forced_status != PSA_SUCCESS ) { - test_driver_mac_hooks.driver_status = - test_driver_mac_hooks.forced_status; + mbedtls_test_driver_mac_hooks.driver_status = + mbedtls_test_driver_mac_hooks.forced_status; } else { - test_driver_mac_hooks.driver_status = + mbedtls_test_driver_mac_hooks.driver_status = mbedtls_opaque_test_driver_mac_update( operation, input, input_length ); } - return( test_driver_mac_hooks.driver_status ); + return( mbedtls_test_driver_mac_hooks.driver_status ); } psa_status_t mbedtls_test_opaque_mac_sign_finish( @@ -300,21 +301,21 @@ psa_status_t mbedtls_test_opaque_mac_sign_finish( size_t mac_size, size_t *mac_length ) { - test_driver_mac_hooks.hits++; + mbedtls_test_driver_mac_hooks.hits++; - if( test_driver_mac_hooks.forced_status != PSA_SUCCESS ) + if( mbedtls_test_driver_mac_hooks.forced_status != PSA_SUCCESS ) { - test_driver_mac_hooks.driver_status = - test_driver_mac_hooks.forced_status; + mbedtls_test_driver_mac_hooks.driver_status = + mbedtls_test_driver_mac_hooks.forced_status; } else { - test_driver_mac_hooks.driver_status = + mbedtls_test_driver_mac_hooks.driver_status = mbedtls_opaque_test_driver_mac_sign_finish( operation, mac, mac_size, mac_length ); } - return( test_driver_mac_hooks.driver_status ); + return( mbedtls_test_driver_mac_hooks.driver_status ); } psa_status_t mbedtls_test_opaque_mac_verify_finish( @@ -322,40 +323,40 @@ psa_status_t mbedtls_test_opaque_mac_verify_finish( const uint8_t *mac, size_t mac_length ) { - test_driver_mac_hooks.hits++; + mbedtls_test_driver_mac_hooks.hits++; - if( test_driver_mac_hooks.forced_status != PSA_SUCCESS ) + if( mbedtls_test_driver_mac_hooks.forced_status != PSA_SUCCESS ) { - test_driver_mac_hooks.driver_status = - test_driver_mac_hooks.forced_status; + mbedtls_test_driver_mac_hooks.driver_status = + mbedtls_test_driver_mac_hooks.forced_status; } else { - test_driver_mac_hooks.driver_status = + mbedtls_test_driver_mac_hooks.driver_status = mbedtls_opaque_test_driver_mac_verify_finish( operation, mac, mac_length ); } - return( test_driver_mac_hooks.driver_status ); + return( mbedtls_test_driver_mac_hooks.driver_status ); } psa_status_t mbedtls_test_opaque_mac_abort( mbedtls_opaque_test_driver_mac_operation_t *operation ) { - test_driver_mac_hooks.hits++; + mbedtls_test_driver_mac_hooks.hits++; - if( test_driver_mac_hooks.forced_status != PSA_SUCCESS ) + if( mbedtls_test_driver_mac_hooks.forced_status != PSA_SUCCESS ) { - test_driver_mac_hooks.driver_status = - test_driver_mac_hooks.forced_status; + mbedtls_test_driver_mac_hooks.driver_status = + mbedtls_test_driver_mac_hooks.forced_status; } else { - test_driver_mac_hooks.driver_status = + mbedtls_test_driver_mac_hooks.driver_status = mbedtls_opaque_test_driver_mac_abort( operation ); } - return( test_driver_mac_hooks.driver_status ); + return( mbedtls_test_driver_mac_hooks.driver_status ); } #endif /* MBEDTLS_PSA_CRYPTO_DRIVERS && PSA_CRYPTO_DRIVER_TEST */ diff --git a/tests/suites/test_suite_psa_crypto_driver_wrappers.function b/tests/suites/test_suite_psa_crypto_driver_wrappers.function index f523d3c881..ac241f5ad4 100644 --- a/tests/suites/test_suite_psa_crypto_driver_wrappers.function +++ b/tests/suites/test_suite_psa_crypto_driver_wrappers.function @@ -982,7 +982,7 @@ void mac_sign( int key_type_arg, size_t mac_length = 0; psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; psa_status_t forced_status = forced_status_arg; - test_driver_mac_hooks = test_driver_mac_hooks_init(); + mbedtls_test_driver_mac_hooks = mbedtls_test_driver_mac_hooks_init(); TEST_ASSERT( mac_buffer_size <= PSA_MAC_MAX_SIZE ); /* We expect PSA_MAC_LENGTH to be exact. */ @@ -998,11 +998,11 @@ void mac_sign( int key_type_arg, &key ) ); ASSERT_ALLOC( actual_mac, mac_buffer_size ); - test_driver_mac_hooks.forced_status = forced_status; + mbedtls_test_driver_mac_hooks.forced_status = forced_status; /* Calculate the MAC. */ status = psa_mac_sign_setup( &operation, key, alg ); - TEST_EQUAL( test_driver_mac_hooks.hits, 1 ); + TEST_EQUAL( mbedtls_test_driver_mac_hooks.hits, 1 ); if( forced_status == PSA_SUCCESS || forced_status == PSA_ERROR_NOT_SUPPORTED ) @@ -1015,9 +1015,9 @@ void mac_sign( int key_type_arg, status = psa_mac_update( &operation, input->x, input->len ); if( forced_status == PSA_SUCCESS ) - TEST_EQUAL( test_driver_mac_hooks.hits, 2 ); + TEST_EQUAL( mbedtls_test_driver_mac_hooks.hits, 2 ); else - TEST_EQUAL( test_driver_mac_hooks.hits, 1 ); + TEST_EQUAL( mbedtls_test_driver_mac_hooks.hits, 1 ); if( forced_status == PSA_SUCCESS || forced_status == PSA_ERROR_NOT_SUPPORTED ) { @@ -1030,9 +1030,9 @@ void mac_sign( int key_type_arg, actual_mac, mac_buffer_size, &mac_length ); if( forced_status == PSA_SUCCESS ) - TEST_EQUAL( test_driver_mac_hooks.hits, 4 ); + TEST_EQUAL( mbedtls_test_driver_mac_hooks.hits, 4 ); else - TEST_EQUAL( test_driver_mac_hooks.hits, 1 ); + TEST_EQUAL( mbedtls_test_driver_mac_hooks.hits, 1 ); if( forced_status == PSA_SUCCESS || forced_status == PSA_ERROR_NOT_SUPPORTED ) @@ -1044,9 +1044,9 @@ void mac_sign( int key_type_arg, PSA_ASSERT( psa_mac_abort( &operation ) ); if( forced_status == PSA_SUCCESS ) - TEST_EQUAL( test_driver_mac_hooks.hits, 4 ); + TEST_EQUAL( mbedtls_test_driver_mac_hooks.hits, 4 ); else - TEST_EQUAL( test_driver_mac_hooks.hits, 1 ); + TEST_EQUAL( mbedtls_test_driver_mac_hooks.hits, 1 ); if( forced_status == PSA_SUCCESS ) { @@ -1062,7 +1062,7 @@ exit: psa_destroy_key( key ); PSA_DONE( ); mbedtls_free( actual_mac ); - test_driver_mac_hooks = test_driver_mac_hooks_init(); + mbedtls_test_driver_mac_hooks = mbedtls_test_driver_mac_hooks_init(); } /* END_CASE */ @@ -1081,7 +1081,7 @@ void mac_verify( int key_type_arg, psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; psa_status_t status = PSA_ERROR_GENERIC_ERROR; psa_status_t forced_status = forced_status_arg; - test_driver_mac_hooks = test_driver_mac_hooks_init(); + mbedtls_test_driver_mac_hooks = mbedtls_test_driver_mac_hooks_init(); TEST_ASSERT( expected_mac->len <= PSA_MAC_MAX_SIZE ); @@ -1094,11 +1094,11 @@ void mac_verify( int key_type_arg, PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len, &key ) ); - test_driver_mac_hooks.forced_status = forced_status; + mbedtls_test_driver_mac_hooks.forced_status = forced_status; /* Test the correct MAC. */ status = psa_mac_verify_setup( &operation, key, alg ); - TEST_EQUAL( test_driver_mac_hooks.hits, 1 ); + TEST_EQUAL( mbedtls_test_driver_mac_hooks.hits, 1 ); if( forced_status == PSA_SUCCESS || forced_status == PSA_ERROR_NOT_SUPPORTED ) @@ -1111,9 +1111,9 @@ void mac_verify( int key_type_arg, status = psa_mac_update( &operation, input->x, input->len ); if( forced_status == PSA_SUCCESS ) - TEST_EQUAL( test_driver_mac_hooks.hits, 2 ); + TEST_EQUAL( mbedtls_test_driver_mac_hooks.hits, 2 ); else - TEST_EQUAL( test_driver_mac_hooks.hits, 1 ); + TEST_EQUAL( mbedtls_test_driver_mac_hooks.hits, 1 ); if( forced_status == PSA_SUCCESS || forced_status == PSA_ERROR_NOT_SUPPORTED ) @@ -1127,9 +1127,9 @@ void mac_verify( int key_type_arg, expected_mac->x, expected_mac->len ); if( forced_status == PSA_SUCCESS ) - TEST_EQUAL( test_driver_mac_hooks.hits, 4 ); + TEST_EQUAL( mbedtls_test_driver_mac_hooks.hits, 4 ); else - TEST_EQUAL( test_driver_mac_hooks.hits, 1 ); + TEST_EQUAL( mbedtls_test_driver_mac_hooks.hits, 1 ); if( forced_status == PSA_SUCCESS || forced_status == PSA_ERROR_NOT_SUPPORTED ) @@ -1142,15 +1142,15 @@ void mac_verify( int key_type_arg, PSA_ASSERT( psa_mac_abort( &operation ) ); if( forced_status == PSA_SUCCESS ) - TEST_EQUAL( test_driver_mac_hooks.hits, 4 ); + TEST_EQUAL( mbedtls_test_driver_mac_hooks.hits, 4 ); else - TEST_EQUAL( test_driver_mac_hooks.hits, 1 ); + TEST_EQUAL( mbedtls_test_driver_mac_hooks.hits, 1 ); exit: psa_mac_abort( &operation ); psa_destroy_key( key ); PSA_DONE( ); - test_driver_mac_hooks = test_driver_mac_hooks_init(); + mbedtls_test_driver_mac_hooks = mbedtls_test_driver_mac_hooks_init(); } /* END_CASE */ From 2c44daf0bc2204500e6ead57f799964f352b617a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Mon, 10 May 2021 12:53:30 +0200 Subject: [PATCH 084/188] Add restriction on output_key alg for password hash MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Manuel Pégourié-Gonnard --- include/psa/crypto.h | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/include/psa/crypto.h b/include/psa/crypto.h index 1780f9821f..6fee2b4676 100644 --- a/include/psa/crypto.h +++ b/include/psa/crypto.h @@ -3619,6 +3619,10 @@ psa_status_t psa_key_derivation_output_bytes( * on the derived key based on the attributes and strength of the secret key. * * \param[in] attributes The attributes for the new key. + * If the key type to be created is + * #PSA_KEY_TYPE_PASSWORD_HASH then the algorithm in + * the policy must be the same as in the current + * operation. * \param[in,out] operation The key derivation operation object to read from. * \param[out] key On success, an identifier for the newly created * key. For persistent keys, this is the key From 95d516f319ccb5419dbcca2bd1ce69b494254174 Mon Sep 17 00:00:00 2001 From: David Horstmann Date: Tue, 4 May 2021 18:36:56 +0100 Subject: [PATCH 085/188] Remove MBEDTLS_SSL_MAX_CONTENT_LEN option Signed-off-by: David Horstmann --- ChangeLog.d/remove-max-content-len.txt | 4 ++ configs/config-ccm-psk-tls1_2.h | 3 +- configs/config-suite-b.h | 3 +- .../remove-max-content-len.md | 10 +++++ include/mbedtls/config.h | 38 +------------------ include/mbedtls/ssl.h | 10 ++--- library/ssl_misc.h | 16 +++----- library/ssl_tls.c | 2 +- programs/ssl/ssl_server2.c | 6 ++- programs/test/query_config.c | 8 ---- tests/ssl-opt.sh | 11 ++++-- 11 files changed, 42 insertions(+), 69 deletions(-) create mode 100644 ChangeLog.d/remove-max-content-len.txt create mode 100644 docs/3.0-migration-guide.d/remove-max-content-len.md diff --git a/ChangeLog.d/remove-max-content-len.txt b/ChangeLog.d/remove-max-content-len.txt new file mode 100644 index 0000000000..b7607e6c6b --- /dev/null +++ b/ChangeLog.d/remove-max-content-len.txt @@ -0,0 +1,4 @@ +Removals + * Remove MBEDTLS_SSL_MAX_CONTENT_LEN configuration option, since + MBEDTLS_SSL_IN_CONTENT_LEN and MBEDTLS_SSL_OUT_CONTENT_LEN replace + it. Fixes #4362. diff --git a/configs/config-ccm-psk-tls1_2.h b/configs/config-ccm-psk-tls1_2.h index c58d150d9d..a3662d8957 100644 --- a/configs/config-ccm-psk-tls1_2.h +++ b/configs/config-ccm-psk-tls1_2.h @@ -79,7 +79,8 @@ * both ends of the connection! (See comments in "mbedtls/ssl.h".) * The optimal size here depends on the typical size of records. */ -#define MBEDTLS_SSL_MAX_CONTENT_LEN 1024 +#define MBEDTLS_SSL_IN_CONTENT_LEN 1024 +#define MBEDTLS_SSL_OUT_CONTENT_LEN 1024 #include "mbedtls/check_config.h" diff --git a/configs/config-suite-b.h b/configs/config-suite-b.h index 7cb566c1b3..f1c809e679 100644 --- a/configs/config-suite-b.h +++ b/configs/config-suite-b.h @@ -107,7 +107,8 @@ * The minimum size here depends on the certificate chain used as well as the * typical size of records. */ -#define MBEDTLS_SSL_MAX_CONTENT_LEN 1024 +#define MBEDTLS_SSL_IN_CONTENT_LEN 1024 +#define MBEDTLS_SSL_OUT_CONTENT_LEN 1024 #include "mbedtls/check_config.h" diff --git a/docs/3.0-migration-guide.d/remove-max-content-len.md b/docs/3.0-migration-guide.d/remove-max-content-len.md new file mode 100644 index 0000000000..40c7d539fb --- /dev/null +++ b/docs/3.0-migration-guide.d/remove-max-content-len.md @@ -0,0 +1,10 @@ +Remove the `MBEDTLS_SSL_MAX_CONTENT_LEN` configuration option +------------------------------------------------------------- + +This affects users who use the `MBEDTLS_SSL_MAX_CONTENT_LEN` option to +set the maximum length of incoming and outgoing plaintext fragments, +which can save memory by reducing the size of the TLS I/O buffers. + +This option is replaced by the more fine-grained options +`MBEDTLS_SSL_IN_CONTENT_LEN` and `MBEDTLS_SSL_OUT_CONTENT_LEN` that set +the maximum incoming and outgoing plaintext fragment lengths, respectively. diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index 603d985ae0..6714db33fc 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -3531,32 +3531,6 @@ /* SSL options */ -/** \def MBEDTLS_SSL_MAX_CONTENT_LEN - * - * Maximum length (in bytes) of incoming and outgoing plaintext fragments. - * - * This determines the size of both the incoming and outgoing TLS I/O buffers - * in such a way that both are capable of holding the specified amount of - * plaintext data, regardless of the protection mechanism used. - * - * To configure incoming and outgoing I/O buffers separately, use - * #MBEDTLS_SSL_IN_CONTENT_LEN and #MBEDTLS_SSL_OUT_CONTENT_LEN, - * which overwrite the value set by this option. - * - * \note When using a value less than the default of 16KB on the client, it is - * recommended to use the Maximum Fragment Length (MFL) extension to - * inform the server about this limitation. On the server, there - * is no supported, standardized way of informing the client about - * restriction on the maximum size of incoming messages, and unless - * the limitation has been communicated by other means, it is recommended - * to only change the outgoing buffer size #MBEDTLS_SSL_OUT_CONTENT_LEN - * while keeping the default value of 16KB for the incoming buffer. - * - * Uncomment to set the maximum plaintext size of both - * incoming and outgoing I/O buffers. - */ -//#define MBEDTLS_SSL_MAX_CONTENT_LEN 16384 - /** \def MBEDTLS_SSL_IN_CONTENT_LEN * * Maximum length (in bytes) of incoming plaintext fragments. @@ -3565,9 +3539,6 @@ * that it is capable of holding the specified amount of plaintext data, * regardless of the protection mechanism used. * - * If this option is undefined, it inherits its value from - * #MBEDTLS_SSL_MAX_CONTENT_LEN. - * * \note When using a value less than the default of 16KB on the client, it is * recommended to use the Maximum Fragment Length (MFL) extension to * inform the server about this limitation. On the server, there @@ -3577,8 +3548,7 @@ * to only change the outgoing buffer size #MBEDTLS_SSL_OUT_CONTENT_LEN * while keeping the default value of 16KB for the incoming buffer. * - * Uncomment to set the maximum plaintext size of the incoming I/O buffer - * independently of the outgoing I/O buffer. + * Uncomment to set the maximum plaintext size of the incoming I/O buffer. */ //#define MBEDTLS_SSL_IN_CONTENT_LEN 16384 @@ -3637,9 +3607,6 @@ * that it is capable of holding the specified amount of plaintext data, * regardless of the protection mechanism used. * - * If this option undefined, it inherits its value from - * #MBEDTLS_SSL_MAX_CONTENT_LEN. - * * It is possible to save RAM by setting a smaller outward buffer, while keeping * the default inward 16384 byte buffer to conform to the TLS specification. * @@ -3648,8 +3615,7 @@ * The specific size requirement depends on the configured ciphers and any * certificate data which is sent during the handshake. * - * Uncomment to set the maximum plaintext size of the outgoing I/O buffer - * independently of the incoming I/O buffer. + * Uncomment to set the maximum plaintext size of the outgoing I/O buffer. */ //#define MBEDTLS_SSL_OUT_CONTENT_LEN 16384 diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index 40814e660d..9e750f7af1 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -236,16 +236,12 @@ * if you're using the Max Fragment Length extension and you know all your * peers are using it too! */ -#if !defined(MBEDTLS_SSL_MAX_CONTENT_LEN) -#define MBEDTLS_SSL_MAX_CONTENT_LEN 16384 /**< Size of the input / output buffer */ -#endif - #if !defined(MBEDTLS_SSL_IN_CONTENT_LEN) -#define MBEDTLS_SSL_IN_CONTENT_LEN MBEDTLS_SSL_MAX_CONTENT_LEN +#define MBEDTLS_SSL_IN_CONTENT_LEN 16384 #endif #if !defined(MBEDTLS_SSL_OUT_CONTENT_LEN) -#define MBEDTLS_SSL_OUT_CONTENT_LEN MBEDTLS_SSL_MAX_CONTENT_LEN +#define MBEDTLS_SSL_OUT_CONTENT_LEN 16384 #endif /* @@ -3619,7 +3615,7 @@ size_t mbedtls_ssl_get_output_max_frag_len( const mbedtls_ssl_context *ssl ); /** * \brief Return the maximum fragment length (payload, in bytes) for * the input buffer. This is the negotiated maximum fragment - * length, or, if there is none, MBEDTLS_SSL_MAX_CONTENT_LEN. + * length, or, if there is none, MBEDTLS_SSL_IN_CONTENT_LEN. * If it is not defined either, the value is 2^14. This function * works as its predecessor, \c mbedtls_ssl_get_max_frag_len(). * diff --git a/library/ssl_misc.h b/library/ssl_misc.h index 9ac48c757c..9b3f4cd154 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -213,23 +213,19 @@ * Check that we obey the standard's message size bounds */ -#if MBEDTLS_SSL_MAX_CONTENT_LEN > 16384 -#error "Bad configuration - record content too large." +#if MBEDTLS_SSL_IN_CONTENT_LEN > 16384 +#error "Bad configuration - incoming record content too large." #endif -#if MBEDTLS_SSL_IN_CONTENT_LEN > MBEDTLS_SSL_MAX_CONTENT_LEN -#error "Bad configuration - incoming record content should not be larger than MBEDTLS_SSL_MAX_CONTENT_LEN." +#if MBEDTLS_SSL_OUT_CONTENT_LEN > 16384 +#error "Bad configuration - outgoing record content too large." #endif -#if MBEDTLS_SSL_OUT_CONTENT_LEN > MBEDTLS_SSL_MAX_CONTENT_LEN -#error "Bad configuration - outgoing record content should not be larger than MBEDTLS_SSL_MAX_CONTENT_LEN." -#endif - -#if MBEDTLS_SSL_IN_PAYLOAD_LEN > MBEDTLS_SSL_MAX_CONTENT_LEN + 2048 +#if MBEDTLS_SSL_IN_PAYLOAD_LEN > MBEDTLS_SSL_IN_CONTENT_LEN + 2048 #error "Bad configuration - incoming protected record payload too large." #endif -#if MBEDTLS_SSL_OUT_PAYLOAD_LEN > MBEDTLS_SSL_MAX_CONTENT_LEN + 2048 +#if MBEDTLS_SSL_OUT_PAYLOAD_LEN > MBEDTLS_SSL_OUT_CONTENT_LEN + 2048 #error "Bad configuration - outgoing protected record payload too large." #endif diff --git a/library/ssl_tls.c b/library/ssl_tls.c index bc2f269a9c..614bb046e4 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -4646,7 +4646,7 @@ const char *mbedtls_ssl_get_version( const mbedtls_ssl_context *ssl ) #if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH) size_t mbedtls_ssl_get_input_max_frag_len( const mbedtls_ssl_context *ssl ) { - size_t max_len = MBEDTLS_SSL_MAX_CONTENT_LEN; + size_t max_len = MBEDTLS_SSL_IN_CONTENT_LEN; size_t read_mfl; /* Use the configured MFL for the client if we're past SERVER_HELLO_DONE */ diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index 8f97541af7..0b89b5573d 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -1572,13 +1572,15 @@ int main( int argc, char *argv[] ) else if( strcmp( p, "buffer_size" ) == 0 ) { opt.buffer_size = atoi( q ); - if( opt.buffer_size < 1 || opt.buffer_size > MBEDTLS_SSL_MAX_CONTENT_LEN + 1 ) + if( opt.buffer_size < 1 || + ( opt.buffer_size > MBEDTLS_SSL_IN_CONTENT_LEN + 1 + && opt.buffer_size > MBEDTLS_SSL_OUT_CONTENT_LEN + 1 ) ) goto usage; } else if( strcmp( p, "response_size" ) == 0 ) { opt.response_size = atoi( q ); - if( opt.response_size < 0 || opt.response_size > MBEDTLS_SSL_MAX_CONTENT_LEN ) + if( opt.response_size < 0 || opt.response_size > MBEDTLS_SSL_OUT_CONTENT_LEN ) goto usage; if( opt.buffer_size < opt.response_size ) opt.buffer_size = opt.response_size; diff --git a/programs/test/query_config.c b/programs/test/query_config.c index 450e2fbbf0..c6c4d1f04f 100644 --- a/programs/test/query_config.c +++ b/programs/test/query_config.c @@ -2595,14 +2595,6 @@ int query_config( const char *config ) } #endif /* MBEDTLS_SSL_CACHE_DEFAULT_MAX_ENTRIES */ -#if defined(MBEDTLS_SSL_MAX_CONTENT_LEN) - if( strcmp( "MBEDTLS_SSL_MAX_CONTENT_LEN", config ) == 0 ) - { - MACRO_EXPANSION_TO_STR( MBEDTLS_SSL_MAX_CONTENT_LEN ); - return( 0 ); - } -#endif /* MBEDTLS_SSL_MAX_CONTENT_LEN */ - #if defined(MBEDTLS_SSL_IN_CONTENT_LEN) if( strcmp( "MBEDTLS_SSL_IN_CONTENT_LEN", config ) == 0 ) { diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 267b564464..80dfa0a92a 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -374,7 +374,7 @@ requires_not_i686() { } # Calculate the input & output maximum content lengths set in the config -MAX_CONTENT_LEN=$( ../scripts/config.py get MBEDTLS_SSL_MAX_CONTENT_LEN || echo "16384") +MAX_CONTENT_LEN=16384 MAX_IN_LEN=$( ../scripts/config.py get MBEDTLS_SSL_IN_CONTENT_LEN || echo "$MAX_CONTENT_LEN") MAX_OUT_LEN=$( ../scripts/config.py get MBEDTLS_SSL_OUT_CONTENT_LEN || echo "$MAX_CONTENT_LEN") @@ -3014,8 +3014,13 @@ run_test "Session resume using cache, DTLS: openssl server" \ # Tests for Max Fragment Length extension -if [ "$MAX_CONTENT_LEN" -lt "4096" ]; then - printf '%s defines MBEDTLS_SSL_MAX_CONTENT_LEN to be less than 4096. Fragment length tests will fail.\n' "${CONFIG_H}" +if [ "$MAX_IN_LEN" -lt "4096" ]; then + printf '%s defines MBEDTLS_SSL_IN_CONTENT_LEN to be less than 4096. Fragment length tests will fail.\n' "${CONFIG_H}" + exit 1 +fi + +if [ "$MAX_OUT_LEN" -lt "4096" ]; then + printf '%s defines MBEDTLS_SSL_OUT_CONTENT_LEN to be less than 4096. Fragment length tests will fail.\n' "${CONFIG_H}" exit 1 fi From 1e8ca122f4979cf113415c06dfb244e30f96657b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tobias=20Nie=C3=9Fen?= Date: Mon, 10 May 2021 19:53:15 +0200 Subject: [PATCH 086/188] Fix typos in C header files MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Tobias Nießen --- include/mbedtls/config.h | 4 ++-- include/mbedtls/ecp.h | 2 +- include/mbedtls/error.h | 4 ++-- include/mbedtls/ssl.h | 6 +++--- include/mbedtls/ssl_ticket.h | 2 +- include/psa/crypto_compat.h | 2 +- include/psa/crypto_se_driver.h | 4 ++-- 7 files changed, 12 insertions(+), 12 deletions(-) diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index 603d985ae0..a4479d79ff 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -421,7 +421,7 @@ * of mbedtls_sha1_context, so your implementation of mbedtls_sha1_process must be compatible * with this definition. * - * \note If you use the AES_xxx_ALT macros, then is is recommended to also set + * \note If you use the AES_xxx_ALT macros, then it is recommended to also set * MBEDTLS_AES_ROM_TABLES in order to help the linker garbage-collect the AES * tables. * @@ -1807,7 +1807,7 @@ /** * \def MBEDTLS_SSL_DTLS_SRTP * - * Enable support for negotation of DTLS-SRTP (RFC 5764) + * Enable support for negotiation of DTLS-SRTP (RFC 5764) * through the use_srtp extension. * * \note This feature provides the minimum functionality required diff --git a/include/mbedtls/ecp.h b/include/mbedtls/ecp.h index 149bda04f3..dd400a0186 100644 --- a/include/mbedtls/ecp.h +++ b/include/mbedtls/ecp.h @@ -1176,7 +1176,7 @@ int mbedtls_ecp_gen_key( mbedtls_ecp_group_id grp_id, mbedtls_ecp_keypair *key, * * \param grp_id The ECP group identifier. * \param key The destination key. - * \param buf The the buffer containing the binary representation of the + * \param buf The buffer containing the binary representation of the * key. (Big endian integer for Weierstrass curves, byte * string for Montgomery curves.) * \param buflen The length of the buffer in bytes. diff --git a/include/mbedtls/error.h b/include/mbedtls/error.h index 7936f6b786..94b95fcca6 100644 --- a/include/mbedtls/error.h +++ b/include/mbedtls/error.h @@ -154,8 +154,8 @@ extern void (*mbedtls_test_hook_error_add)( int, int, const char *, int ); * * \param high high-level error code. See error.h for more details. * \param low low-level error code. See error.h for more details. - * \param file file where this error code addition occured. - * \param line line where this error code addition occured. + * \param file file where this error code addition occurred. + * \param line line where this error code addition occurred. */ static inline int mbedtls_error_add( int high, int low, const char *file, int line ) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index 40814e660d..b9b2e045f3 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -2496,7 +2496,7 @@ void mbedtls_ssl_conf_ciphersuites( mbedtls_ssl_config *conf, * * \param conf The SSL configuration. * \param prot_version Protocol version. One of MBEDTLS_SSL_MINOR_VERSION_x macros. - * \return Ciphersuites pointer if succesful. + * \return Ciphersuites pointer if successful. * \return \c NULL if no ciphersuites where found. */ const int *mbedtls_ssl_get_protocol_version_ciphersuites( @@ -4188,7 +4188,7 @@ void mbedtls_ssl_session_free( mbedtls_ssl_session *session ); /** * \brief TLS-PRF function for key derivation. * - * \param prf The tls_prf type funtion type to be used. + * \param prf The tls_prf type function type to be used. * \param secret Secret for the key derivation function. * \param slen Length of the secret. * \param label String label for the key derivation function, @@ -4198,7 +4198,7 @@ void mbedtls_ssl_session_free( mbedtls_ssl_session *session ); * \param dstbuf The buffer holding the derived key. * \param dlen Length of the output buffer. * - * \return 0 on sucess. An SSL specific error on failure. + * \return 0 on success. An SSL specific error on failure. */ int mbedtls_ssl_tls_prf( const mbedtls_tls_prf_types prf, const unsigned char *secret, size_t slen, diff --git a/include/mbedtls/ssl_ticket.h b/include/mbedtls/ssl_ticket.h index bf5fc97028..a882eed23b 100644 --- a/include/mbedtls/ssl_ticket.h +++ b/include/mbedtls/ssl_ticket.h @@ -97,7 +97,7 @@ void mbedtls_ssl_ticket_init( mbedtls_ssl_ticket_context *ctx ); * Recommended value: 86400 (one day). * * \note It is highly recommended to select a cipher that is at - * least as strong as the the strongest ciphersuite + * least as strong as the strongest ciphersuite * supported. Usually that means a 256-bit key. * * \note The lifetime of the keys is twice the lifetime of tickets. diff --git a/include/psa/crypto_compat.h b/include/psa/crypto_compat.h index b20a6e1cc9..1d3253cb28 100644 --- a/include/psa/crypto_compat.h +++ b/include/psa/crypto_compat.h @@ -44,7 +44,7 @@ typedef mbedtls_svc_key_id_t psa_key_handle_t; #define PSA_KEY_HANDLE_INIT MBEDTLS_SVC_KEY_ID_INIT -/** Check wether an handle is null. +/** Check whether an handle is null. * * \param handle Handle * diff --git a/include/psa/crypto_se_driver.h b/include/psa/crypto_se_driver.h index aaf117f93e..1dc8f9b5c4 100644 --- a/include/psa/crypto_se_driver.h +++ b/include/psa/crypto_se_driver.h @@ -1159,7 +1159,7 @@ typedef struct { * can be problemmatic to manage on embedded platforms, the inputs are passed * to the driver via a function, `psa_drv_se_key_derivation_collateral`, that * is called multiple times with different `collateral_id`s. Thus, for a key - * derivation algorithm that required 3 paramter inputs, the flow would look + * derivation algorithm that required 3 parameter inputs, the flow would look * something like: * ~~~~~~~~~~~~~{.c} * psa_drv_se_key_derivation_setup(kdf_algorithm, source_key, dest_key_size_bytes); @@ -1207,7 +1207,7 @@ typedef psa_status_t (*psa_drv_se_key_derivation_setup_t)(psa_drv_se_context_t * * element key derivation or key agreement operation * * Since many key derivation algorithms require multiple parameters, it is - * expeced that this function may be called multiple times for the same + * expected that this function may be called multiple times for the same * operation, each with a different algorithm-specific `collateral_id` * * \param[in,out] op_context A hardware-specific structure containing any From 8af5c5c7de815bea536a92c58c584fb88e567953 Mon Sep 17 00:00:00 2001 From: Steven Cooreman Date: Tue, 11 May 2021 11:09:13 +0200 Subject: [PATCH 087/188] Be explicit about why the zero-length check is there Since a valid mac operation context would guarantee that the stored mac size is >= 4, it wasn't immediately obvious that the zero-length check is meant for static analyzers and a bit of robustness. Signed-off-by: Steven Cooreman --- library/psa_crypto.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index c0e0976e8a..5f57c38c65 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -2388,8 +2388,12 @@ psa_status_t psa_mac_sign_finish( psa_mac_operation_t *operation, if( ! operation->is_sign ) return( PSA_ERROR_BAD_STATE ); - /* Sanity checks on output buffer length. */ - if( mac_size == 0 || mac_size < operation->mac_size ) + /* Sanity check. This will guarantee that mac_size != 0 (and so mac != NULL) + * once all the error checks are done. */ + if( operation->mac_size == 0 ) + return( PSA_ERROR_BAD_STATE ); + + if( mac_size < operation->mac_size ) return( PSA_ERROR_BUFFER_TOO_SMALL ); status = psa_driver_wrapper_mac_sign_finish( operation, From 9e15fb783c2919144db086fc5eac06be81dd382a Mon Sep 17 00:00:00 2001 From: Steven Cooreman Date: Tue, 11 May 2021 11:10:34 +0200 Subject: [PATCH 088/188] Refactor out mac_sign_setup and mac_verify_setup Since they became equivalent after moving the is_sign checking back to the PSA core, they're now redundant, and the generic mac_setup function can just be called directly. Signed-off-by: Steven Cooreman --- library/psa_crypto_mac.c | 38 ++++++++------------------------------ 1 file changed, 8 insertions(+), 30 deletions(-) diff --git a/library/psa_crypto_mac.c b/library/psa_crypto_mac.c index 9db9a37e52..20c56a0214 100644 --- a/library/psa_crypto_mac.c +++ b/library/psa_crypto_mac.c @@ -383,28 +383,6 @@ static psa_status_t mac_compute( return( PSA_ERROR_NOT_SUPPORTED ); } -static psa_status_t mac_sign_setup( - mbedtls_psa_mac_operation_t *operation, - const psa_key_attributes_t *attributes, - const uint8_t *key_buffer, - size_t key_buffer_size, - psa_algorithm_t alg ) -{ - return( mac_setup( operation, - attributes, key_buffer, key_buffer_size, alg ) ); -} - -static psa_status_t mac_verify_setup( - mbedtls_psa_mac_operation_t *operation, - const psa_key_attributes_t *attributes, - const uint8_t *key_buffer, - size_t key_buffer_size, - psa_algorithm_t alg ) -{ - return( mac_setup( operation, - attributes, key_buffer, key_buffer_size, alg ) ); -} - static psa_status_t mac_update( mbedtls_psa_mac_operation_t *operation, const uint8_t *input, @@ -545,8 +523,8 @@ psa_status_t mbedtls_psa_mac_sign_setup( size_t key_buffer_size, psa_algorithm_t alg ) { - return( mac_sign_setup( operation, attributes, - key_buffer, key_buffer_size, alg ) ); + return( mac_setup( operation, attributes, + key_buffer, key_buffer_size, alg ) ); } psa_status_t mbedtls_psa_mac_verify_setup( @@ -556,8 +534,8 @@ psa_status_t mbedtls_psa_mac_verify_setup( size_t key_buffer_size, psa_algorithm_t alg ) { - return( mac_verify_setup( operation, attributes, - key_buffer, key_buffer_size, alg ) ); + return( mac_setup( operation, attributes, + key_buffer, key_buffer_size, alg ) ); } psa_status_t mbedtls_psa_mac_update( @@ -642,8 +620,8 @@ psa_status_t mbedtls_transparent_test_driver_mac_sign_setup( psa_algorithm_t alg ) { if( is_mac_accelerated( alg ) ) - return( mac_sign_setup( operation, attributes, - key_buffer, key_buffer_size, alg ) ); + return( mac_setup( operation, attributes, + key_buffer, key_buffer_size, alg ) ); else return( PSA_ERROR_NOT_SUPPORTED ); } @@ -656,8 +634,8 @@ psa_status_t mbedtls_transparent_test_driver_mac_verify_setup( psa_algorithm_t alg ) { if( is_mac_accelerated( alg ) ) - return( mac_verify_setup( operation, attributes, - key_buffer, key_buffer_size, alg ) ); + return( mac_setup( operation, attributes, + key_buffer, key_buffer_size, alg ) ); else return( PSA_ERROR_NOT_SUPPORTED ); } From 72f60dfcc1fa985f1c665528ef894eac16bf0828 Mon Sep 17 00:00:00 2001 From: Mateusz Starzyk Date: Fri, 30 Apr 2021 13:28:22 +0200 Subject: [PATCH 089/188] Remove MBEDTLS_TEST_NULL_ENTROPY config option. Building the library without entropy sources negates any and all security provided by the library. This option was originally requested a relatively long time ago and it does not provide any tangible benefit for users any more. Signed-off-by: Mateusz Starzyk --- CMakeLists.txt | 31 ------------------------- ChangeLog.d/remove_null_entropy.txt | 2 ++ Makefile | 9 ------- include/mbedtls/check_config.h | 9 ------- include/mbedtls/config.h | 17 -------------- library/entropy.c | 17 -------------- library/entropy_poll.c | 17 -------------- library/entropy_poll.h | 8 ------- library/version_features.c | 3 --- programs/test/query_config.c | 8 ------- scripts/config.py | 1 - tests/scripts/all.sh | 15 ------------ tests/suites/helpers.function | 9 ++++--- tests/suites/test_suite_entropy.data | 5 ---- tests/suites/test_suite_random.function | 8 +++---- 15 files changed, 10 insertions(+), 149 deletions(-) create mode 100644 ChangeLog.d/remove_null_entropy.txt diff --git a/CMakeLists.txt b/CMakeLists.txt index fb1ffaf96d..f648f2299b 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -56,17 +56,6 @@ else() endif() # Warning string - created as a list for compatibility with CMake 2.8 -set(WARNING_BORDER "*******************************************************\n") -set(NULL_ENTROPY_WARN_L1 "**** WARNING! MBEDTLS_TEST_NULL_ENTROPY defined!\n") -set(NULL_ENTROPY_WARN_L2 "**** THIS BUILD HAS NO DEFINED ENTROPY SOURCES\n") -set(NULL_ENTROPY_WARN_L3 "**** AND IS *NOT* SUITABLE FOR PRODUCTION USE\n") - -set(NULL_ENTROPY_WARNING "${WARNING_BORDER}" - "${NULL_ENTROPY_WARN_L1}" - "${NULL_ENTROPY_WARN_L2}" - "${NULL_ENTROPY_WARN_L3}" - "${WARNING_BORDER}") - set(CTR_DRBG_128_BIT_KEY_WARN_L1 "**** WARNING! MBEDTLS_CTR_DRBG_USE_128_BIT_KEY defined!\n") set(CTR_DRBG_128_BIT_KEY_WARN_L2 "**** Using 128-bit keys for CTR_DRBG limits the security of generated\n") set(CTR_DRBG_128_BIT_KEY_WARN_L3 "**** keys and operations that use random values generated to 128-bit security\n") @@ -99,26 +88,6 @@ if(MBEDTLS_PYTHON_EXECUTABLE) message(WARNING ${CTR_DRBG_128_BIT_KEY_WARNING}) endif() - # If NULL Entropy is configured, display an appropriate warning - execute_process(COMMAND ${MBEDTLS_PYTHON_EXECUTABLE} ${CMAKE_CURRENT_SOURCE_DIR}/scripts/config.py -f ${CMAKE_CURRENT_SOURCE_DIR}/include/mbedtls/config.h get MBEDTLS_TEST_NULL_ENTROPY - RESULT_VARIABLE result) - if(${result} EQUAL 0) - message(WARNING ${NULL_ENTROPY_WARNING}) - - if(NOT UNSAFE_BUILD) - message(FATAL_ERROR "\ -\n\ -Warning! You have enabled MBEDTLS_TEST_NULL_ENTROPY. \ -This option is not safe for production use and negates all security \ -It is intended for development use only. \ -\n\ -To confirm you want to build with this option, re-run cmake with the \ -option: \n\ - cmake -DUNSAFE_BUILD=ON ") - - return() - endif() - endif() endif() # If this is the root project add longer list of available CMAKE_BUILD_TYPE values diff --git a/ChangeLog.d/remove_null_entropy.txt b/ChangeLog.d/remove_null_entropy.txt new file mode 100644 index 0000000000..3d9674b45f --- /dev/null +++ b/ChangeLog.d/remove_null_entropy.txt @@ -0,0 +1,2 @@ +API changes + * Remove the MBEDTLS_TEST_NULL_ENTROPY config option. Fixes #4388. diff --git a/Makefile b/Makefile index 6a8b230077..8d1a6ce5ba 100644 --- a/Makefile +++ b/Makefile @@ -59,12 +59,6 @@ uninstall: done endif -WARNING_BORDER =*******************************************************\n -NULL_ENTROPY_WARN_L1=**** WARNING! MBEDTLS_TEST_NULL_ENTROPY defined! ****\n -NULL_ENTROPY_WARN_L2=**** THIS BUILD HAS NO DEFINED ENTROPY SOURCES ****\n -NULL_ENTROPY_WARN_L3=**** AND IS *NOT* SUITABLE FOR PRODUCTION USE ****\n - -NULL_ENTROPY_WARNING=\n$(WARNING_BORDER)$(NULL_ENTROPY_WARN_L1)$(NULL_ENTROPY_WARN_L2)$(NULL_ENTROPY_WARN_L3)$(WARNING_BORDER) WARNING_BORDER_LONG =**********************************************************************************\n CTR_DRBG_128_BIT_KEY_WARN_L1=**** WARNING! MBEDTLS_CTR_DRBG_USE_128_BIT_KEY defined! ****\n @@ -81,9 +75,6 @@ ifndef WINDOWS -scripts/config.py get MBEDTLS_CTR_DRBG_USE_128_BIT_KEY && ([ $$? -eq 0 ]) && \ echo '$(CTR_DRBG_128_BIT_KEY_WARNING)' - # If NULL Entropy is configured, display an appropriate warning - -scripts/config.py get MBEDTLS_TEST_NULL_ENTROPY && ([ $$? -eq 0 ]) && \ - echo '$(NULL_ENTROPY_WARNING)' endif clean: diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h index 47b5de04dd..4a2d70f237 100644 --- a/include/mbedtls/check_config.h +++ b/include/mbedtls/check_config.h @@ -201,15 +201,6 @@ #endif #undef MBEDTLS_HAS_MEMSAN -#if defined(MBEDTLS_TEST_NULL_ENTROPY) && \ - ( !defined(MBEDTLS_ENTROPY_C) || !defined(MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES) ) -#error "MBEDTLS_TEST_NULL_ENTROPY defined, but not all prerequisites" -#endif -#if defined(MBEDTLS_TEST_NULL_ENTROPY) && \ - ( defined(MBEDTLS_ENTROPY_NV_SEED) || defined(MBEDTLS_ENTROPY_HARDWARE_ALT) ) -#error "MBEDTLS_TEST_NULL_ENTROPY defined, but entropy sources too" -#endif - #if defined(MBEDTLS_GCM_C) && ( \ !defined(MBEDTLS_AES_C) && !defined(MBEDTLS_CAMELLIA_C) && !defined(MBEDTLS_ARIA_C) ) #error "MBEDTLS_GCM_C defined, but not all prerequisites" diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index 603d985ae0..009a25ca9c 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -527,23 +527,6 @@ //#define MBEDTLS_ECP_RANDOMIZE_MXZ_ALT //#define MBEDTLS_ECP_NORMALIZE_MXZ_ALT -/** - * \def MBEDTLS_TEST_NULL_ENTROPY - * - * Enables testing and use of mbed TLS without any configured entropy sources. - * This permits use of the library on platforms before an entropy source has - * been integrated (see for example the MBEDTLS_ENTROPY_HARDWARE_ALT or the - * MBEDTLS_ENTROPY_NV_SEED switches). - * - * WARNING! This switch MUST be disabled in production builds, and is suitable - * only for development. - * Enabling the switch negates any security provided by the library. - * - * Requires MBEDTLS_ENTROPY_C, MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES - * - */ -//#define MBEDTLS_TEST_NULL_ENTROPY - /** * \def MBEDTLS_ENTROPY_HARDWARE_ALT * diff --git a/library/entropy.c b/library/entropy.c index c7ae97aa45..cc686282a6 100644 --- a/library/entropy.c +++ b/library/entropy.c @@ -21,12 +21,6 @@ #if defined(MBEDTLS_ENTROPY_C) -#if defined(MBEDTLS_TEST_NULL_ENTROPY) -#warning "**** WARNING! MBEDTLS_TEST_NULL_ENTROPY defined! " -#warning "**** THIS BUILD HAS NO DEFINED ENTROPY SOURCES " -#warning "**** THIS BUILD IS *NOT* SUITABLE FOR PRODUCTION USE " -#endif - #include "mbedtls/entropy.h" #include "entropy_poll.h" #include "mbedtls/platform_util.h" @@ -73,11 +67,6 @@ void mbedtls_entropy_init( mbedtls_entropy_context *ctx ) /* Reminder: Update ENTROPY_HAVE_STRONG in the test files * when adding more strong entropy sources here. */ -#if defined(MBEDTLS_TEST_NULL_ENTROPY) - mbedtls_entropy_add_source( ctx, mbedtls_null_entropy_poll, NULL, - 1, MBEDTLS_ENTROPY_SOURCE_STRONG ); -#endif - #if !defined(MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES) #if !defined(MBEDTLS_NO_PLATFORM_ENTROPY) mbedtls_entropy_add_source( ctx, mbedtls_platform_entropy_poll, NULL, @@ -524,7 +513,6 @@ int mbedtls_entropy_update_seed_file( mbedtls_entropy_context *ctx, const char * #endif /* MBEDTLS_FS_IO */ #if defined(MBEDTLS_SELF_TEST) -#if !defined(MBEDTLS_TEST_NULL_ENTROPY) /* * Dummy source function */ @@ -538,7 +526,6 @@ static int entropy_dummy_source( void *data, unsigned char *output, return( 0 ); } -#endif /* !MBEDTLS_TEST_NULL_ENTROPY */ #if defined(MBEDTLS_ENTROPY_HARDWARE_ALT) @@ -646,17 +633,14 @@ cleanup: int mbedtls_entropy_self_test( int verbose ) { int ret = 1; -#if !defined(MBEDTLS_TEST_NULL_ENTROPY) mbedtls_entropy_context ctx; unsigned char buf[MBEDTLS_ENTROPY_BLOCK_SIZE] = { 0 }; unsigned char acc[MBEDTLS_ENTROPY_BLOCK_SIZE] = { 0 }; size_t i, j; -#endif /* !MBEDTLS_TEST_NULL_ENTROPY */ if( verbose != 0 ) mbedtls_printf( " ENTROPY test: " ); -#if !defined(MBEDTLS_TEST_NULL_ENTROPY) mbedtls_entropy_init( &ctx ); /* First do a gather to make sure we have default sources */ @@ -704,7 +688,6 @@ int mbedtls_entropy_self_test( int verbose ) cleanup: mbedtls_entropy_free( &ctx ); -#endif /* !MBEDTLS_TEST_NULL_ENTROPY */ if( verbose != 0 ) { diff --git a/library/entropy_poll.c b/library/entropy_poll.c index e4ffe2bde5..e5d75c5b37 100644 --- a/library/entropy_poll.c +++ b/library/entropy_poll.c @@ -211,23 +211,6 @@ int mbedtls_platform_entropy_poll( void *data, #endif /* _WIN32 && !EFIX64 && !EFI32 */ #endif /* !MBEDTLS_NO_PLATFORM_ENTROPY */ -#if defined(MBEDTLS_TEST_NULL_ENTROPY) -int mbedtls_null_entropy_poll( void *data, - unsigned char *output, size_t len, size_t *olen ) -{ - ((void) data); - ((void) output); - - *olen = 0; - if( len < sizeof(unsigned char) ) - return( 0 ); - - output[0] = 0; - *olen = sizeof(unsigned char); - return( 0 ); -} -#endif - #if defined(MBEDTLS_TIMING_C) int mbedtls_hardclock_poll( void *data, unsigned char *output, size_t len, size_t *olen ) diff --git a/library/entropy_poll.h b/library/entropy_poll.h index e12a134b54..9120fe5a0e 100644 --- a/library/entropy_poll.h +++ b/library/entropy_poll.h @@ -43,14 +43,6 @@ extern "C" { #define MBEDTLS_ENTROPY_MIN_HARDWARE 32 /**< Minimum for the hardware source */ #endif -/** - * \brief Entropy poll callback that provides 0 entropy. - */ -#if defined(MBEDTLS_TEST_NULL_ENTROPY) - int mbedtls_null_entropy_poll( void *data, - unsigned char *output, size_t len, size_t *olen ); -#endif - #if !defined(MBEDTLS_NO_PLATFORM_ENTROPY) /** * \brief Platform-specific entropy poll callback diff --git a/library/version_features.c b/library/version_features.c index d2de8957d2..50dd5ac754 100644 --- a/library/version_features.c +++ b/library/version_features.c @@ -252,9 +252,6 @@ static const char * const features[] = { #if defined(MBEDTLS_ECP_NORMALIZE_MXZ_ALT) "MBEDTLS_ECP_NORMALIZE_MXZ_ALT", #endif /* MBEDTLS_ECP_NORMALIZE_MXZ_ALT */ -#if defined(MBEDTLS_TEST_NULL_ENTROPY) - "MBEDTLS_TEST_NULL_ENTROPY", -#endif /* MBEDTLS_TEST_NULL_ENTROPY */ #if defined(MBEDTLS_ENTROPY_HARDWARE_ALT) "MBEDTLS_ENTROPY_HARDWARE_ALT", #endif /* MBEDTLS_ENTROPY_HARDWARE_ALT */ diff --git a/programs/test/query_config.c b/programs/test/query_config.c index 450e2fbbf0..e4205397e7 100644 --- a/programs/test/query_config.c +++ b/programs/test/query_config.c @@ -723,14 +723,6 @@ int query_config( const char *config ) } #endif /* MBEDTLS_ECP_NORMALIZE_MXZ_ALT */ -#if defined(MBEDTLS_TEST_NULL_ENTROPY) - if( strcmp( "MBEDTLS_TEST_NULL_ENTROPY", config ) == 0 ) - { - MACRO_EXPANSION_TO_STR( MBEDTLS_TEST_NULL_ENTROPY ); - return( 0 ); - } -#endif /* MBEDTLS_TEST_NULL_ENTROPY */ - #if defined(MBEDTLS_ENTROPY_HARDWARE_ALT) if( strcmp( "MBEDTLS_ENTROPY_HARDWARE_ALT", config ) == 0 ) { diff --git a/scripts/config.py b/scripts/config.py index a77ead0544..a68b2a94fa 100755 --- a/scripts/config.py +++ b/scripts/config.py @@ -194,7 +194,6 @@ EXCLUDE_FROM_FULL = frozenset([ 'MBEDTLS_SHA512_NO_SHA384', # removes a feature 'MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN', # build dependency (clang+memsan) 'MBEDTLS_TEST_CONSTANT_FLOW_VALGRIND', # build dependency (valgrind headers) - 'MBEDTLS_TEST_NULL_ENTROPY', # removes a feature 'MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION', # influences the use of X.509 in TLS 'MBEDTLS_X509_REMOVE_INFO', # removes a feature ]) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index a4d50c1f6a..78487692ed 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -2072,21 +2072,6 @@ component_test_when_no_ciphersuites_have_mac () { if_build_succeeded tests/ssl-opt.sh -f 'Default\|EtM' -e 'without EtM' } -component_test_null_entropy () { - msg "build: default config with MBEDTLS_TEST_NULL_ENTROPY (ASan build)" - scripts/config.py set MBEDTLS_TEST_NULL_ENTROPY - scripts/config.py set MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES - scripts/config.py set MBEDTLS_ENTROPY_C - scripts/config.py unset MBEDTLS_ENTROPY_NV_SEED - scripts/config.py unset MBEDTLS_PLATFORM_NV_SEED_ALT - scripts/config.py unset MBEDTLS_ENTROPY_HARDWARE_ALT - CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan -D UNSAFE_BUILD=ON . - make - - msg "test: MBEDTLS_TEST_NULL_ENTROPY - main suites (inc. selftests) (ASan build)" - make test -} - component_test_no_date_time () { msg "build: default config without MBEDTLS_HAVE_TIME_DATE" scripts/config.py unset MBEDTLS_HAVE_TIME_DATE diff --git a/tests/suites/helpers.function b/tests/suites/helpers.function index 27d92492b7..2ef07fa62b 100644 --- a/tests/suites/helpers.function +++ b/tests/suites/helpers.function @@ -87,11 +87,10 @@ jmp_buf jmp_tmp; /* Indicates whether we expect mbedtls_entropy_init * to initialize some strong entropy source. */ -#if defined(MBEDTLS_TEST_NULL_ENTROPY) || \ - ( !defined(MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES) && \ - ( !defined(MBEDTLS_NO_PLATFORM_ENTROPY) || \ - defined(MBEDTLS_ENTROPY_HARDWARE_ALT) || \ - defined(ENTROPY_NV_SEED) ) ) +#if !defined(MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES) && \ + ( !defined(MBEDTLS_NO_PLATFORM_ENTROPY) || \ + defined(MBEDTLS_ENTROPY_HARDWARE_ALT) || \ + defined(ENTROPY_NV_SEED) ) #define ENTROPY_HAVE_STRONG #endif diff --git a/tests/suites/test_suite_entropy.data b/tests/suites/test_suite_entropy.data index 95bfe66e17..0b30bb8a5a 100644 --- a/tests/suites/test_suite_entropy.data +++ b/tests/suites/test_suite_entropy.data @@ -83,9 +83,4 @@ Check NV seed manually #3 entropy_nv_seed:"ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff" Entropy self test -depends_on:!MBEDTLS_TEST_NULL_ENTROPY entropy_selftest:0 - -Entropy self test (MBEDTLS_TEST_NULL_ENTROPY) -depends_on:MBEDTLS_TEST_NULL_ENTROPY -entropy_selftest:1 diff --git a/tests/suites/test_suite_random.function b/tests/suites/test_suite_random.function index 37fa36ecd4..c532c8a3be 100644 --- a/tests/suites/test_suite_random.function +++ b/tests/suites/test_suite_random.function @@ -18,7 +18,7 @@ /* END_HEADER */ -/* BEGIN_CASE depends_on:MBEDTLS_ENTROPY_C:!MBEDTLS_TEST_NULL_ENTROPY:MBEDTLS_CTR_DRBG_C */ +/* BEGIN_CASE depends_on:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C */ void random_twice_with_ctr_drbg( ) { mbedtls_entropy_context entropy; @@ -57,7 +57,7 @@ exit: } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_ENTROPY_C:!MBEDTLS_TEST_NULL_ENTROPY:MBEDTLS_HMAC_DRBG_C */ +/* BEGIN_CASE depends_on:MBEDTLS_ENTROPY_C:MBEDTLS_HMAC_DRBG_C */ void random_twice_with_hmac_drbg( int md_type ) { mbedtls_entropy_context entropy; @@ -97,7 +97,7 @@ exit: } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_PSA_CRYPTO_C:!MBEDTLS_TEST_NULL_ENTROPY:!MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG */ +/* BEGIN_CASE depends_on:MBEDTLS_PSA_CRYPTO_C:!MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG */ void random_twice_with_psa_from_classic( ) { unsigned char output1[OUTPUT_SIZE]; @@ -123,7 +123,7 @@ exit: } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_PSA_CRYPTO_C:!MBEDTLS_TEST_NULL_ENTROPY:!MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG */ +/* BEGIN_CASE depends_on:MBEDTLS_PSA_CRYPTO_C:!MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG */ void random_twice_with_psa_from_psa( ) { unsigned char output1[OUTPUT_SIZE]; From fba138a08a6fe0c4ed63073ffa91d2f1cff03595 Mon Sep 17 00:00:00 2001 From: David Horstmann Date: Tue, 11 May 2021 15:23:56 +0100 Subject: [PATCH 090/188] Remove buffer_size maximum from ssl_server2.c Signed-off-by: David Horstmann --- programs/ssl/ssl_server2.c | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index 0b89b5573d..fa733c46a2 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -451,7 +451,7 @@ int main( void ) " server_port=%%d default: 4433\n" \ " debug_level=%%d default: 0 (disabled)\n" \ " buffer_size=%%d default: 200 \n" \ - " (minimum: 1, max: 16385)\n" \ + " (minimum: 1)\n" \ " response_size=%%d default: about 152 (basic response)\n" \ " (minimum: 0, max: 16384)\n" \ " increases buffer_size if bigger\n"\ @@ -1572,9 +1572,7 @@ int main( int argc, char *argv[] ) else if( strcmp( p, "buffer_size" ) == 0 ) { opt.buffer_size = atoi( q ); - if( opt.buffer_size < 1 || - ( opt.buffer_size > MBEDTLS_SSL_IN_CONTENT_LEN + 1 - && opt.buffer_size > MBEDTLS_SSL_OUT_CONTENT_LEN + 1 ) ) + if( opt.buffer_size < 1 ) goto usage; } else if( strcmp( p, "response_size" ) == 0 ) From 803d3e4c70137571d441ccc539e7dc8e76a50abe Mon Sep 17 00:00:00 2001 From: David Brown Date: Tue, 11 May 2021 12:44:40 -0600 Subject: [PATCH 091/188] Add changelog for posix definition Signed-off-by: David Brown --- ChangeLog.d/posix-define.txt | 6 ++++++ 1 file changed, 6 insertions(+) create mode 100644 ChangeLog.d/posix-define.txt diff --git a/ChangeLog.d/posix-define.txt b/ChangeLog.d/posix-define.txt new file mode 100644 index 0000000000..98cf2d0122 --- /dev/null +++ b/ChangeLog.d/posix-define.txt @@ -0,0 +1,6 @@ +Bugfix + * In library/net_sockets.c, _POSIX_C_SOURCE and _XOPEN_SOURCE are + defined to specific values. If the code is used in a context + where these are already defined, this can result in a compilation + error. Instead, assume that if they are defined, the values will + be adequate to build Mbed TLS. From 4e02f01815557a04c30b73dcec99e6de3a808334 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Wed, 12 May 2021 10:05:45 +0200 Subject: [PATCH 092/188] Fix key type that wasn't updated earlier MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Manuel Pégourié-Gonnard --- include/psa/crypto.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/psa/crypto.h b/include/psa/crypto.h index 6fee2b4676..dfd47314f5 100644 --- a/include/psa/crypto.h +++ b/include/psa/crypto.h @@ -3736,7 +3736,7 @@ psa_status_t psa_key_derivation_verify_bytes( * * This function calculates output bytes from a key derivation algorithm and * compares those bytes to an expected value, provided as key of type - * #PSA_KEY_TYPE_RAW_DATA, in constant time. + * #PSA_KEY_TYPE_PASSWORD_HASH. * If you view the key derivation's output as a stream of bytes, this * function destructively reads the number of bytes corresponding the the * length of the expected value from the stream before comparing them. From 102c89ed65c2ada2b43fb40cd2b6f08b86cc89b7 Mon Sep 17 00:00:00 2001 From: TRodziewicz Date: Wed, 12 May 2021 13:28:59 +0200 Subject: [PATCH 093/188] Remove the MBEDTLS_SSL_RECORD_CHECKING option Signed-off-by: TRodziewicz --- ChangeLog.d/issue4361.txt | 2 ++ include/mbedtls/config.h | 14 -------------- include/mbedtls/ssl.h | 2 -- library/ssl_msg.c | 2 -- library/version_features.c | 3 --- programs/ssl/ssl_test_common_source.c | 6 ------ programs/test/query_config.c | 8 -------- 7 files changed, 2 insertions(+), 35 deletions(-) create mode 100644 ChangeLog.d/issue4361.txt diff --git a/ChangeLog.d/issue4361.txt b/ChangeLog.d/issue4361.txt new file mode 100644 index 0000000000..670c8a6580 --- /dev/null +++ b/ChangeLog.d/issue4361.txt @@ -0,0 +1,2 @@ +Removals + * Remove the MBEDTLS_SSL_RECORD_CHECKING option. Fixes #4361. diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index 603d985ae0..aa69848c78 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -1467,20 +1467,6 @@ */ #define MBEDTLS_SSL_ALL_ALERT_MESSAGES -/** - * \def MBEDTLS_SSL_RECORD_CHECKING - * - * Enable the function mbedtls_ssl_check_record() which can be used to check - * the validity and authenticity of an incoming record, to verify that it has - * not been seen before. These checks are performed without modifying the - * externally visible state of the SSL context. - * - * See mbedtls_ssl_check_record() for more information. - * - * Uncomment to enable support for record checking. - */ -#define MBEDTLS_SSL_RECORD_CHECKING - /** * \def MBEDTLS_SSL_DTLS_CONNECTION_ID * diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index 40814e660d..a47631c94f 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -1795,7 +1795,6 @@ void mbedtls_ssl_set_verify( mbedtls_ssl_context *ssl, */ void mbedtls_ssl_conf_read_timeout( mbedtls_ssl_config *conf, uint32_t timeout ); -#if defined(MBEDTLS_SSL_RECORD_CHECKING) /** * \brief Check whether a buffer contains a valid and authentic record * that has not been seen before. (DTLS only). @@ -1843,7 +1842,6 @@ void mbedtls_ssl_conf_read_timeout( mbedtls_ssl_config *conf, uint32_t timeout ) int mbedtls_ssl_check_record( mbedtls_ssl_context const *ssl, unsigned char *buf, size_t buflen ); -#endif /* MBEDTLS_SSL_RECORD_CHECKING */ /** * \brief Set the timer callbacks (Mandatory for DTLS.) diff --git a/library/ssl_msg.c b/library/ssl_msg.c index 3956a67d27..c2fcdcbfd2 100644 --- a/library/ssl_msg.c +++ b/library/ssl_msg.c @@ -86,7 +86,6 @@ int mbedtls_ssl_check_timer( mbedtls_ssl_context *ssl ) return( 0 ); } -#if defined(MBEDTLS_SSL_RECORD_CHECKING) static int ssl_parse_record_header( mbedtls_ssl_context const *ssl, unsigned char *buf, size_t len, @@ -150,7 +149,6 @@ exit: MBEDTLS_SSL_DEBUG_MSG( 1, ( "<= mbedtls_ssl_check_record" ) ); return( ret ); } -#endif /* MBEDTLS_SSL_RECORD_CHECKING */ #define SSL_DONT_FORCE_FLUSH 0 #define SSL_FORCE_FLUSH 1 diff --git a/library/version_features.c b/library/version_features.c index d2de8957d2..b42fb29aa1 100644 --- a/library/version_features.c +++ b/library/version_features.c @@ -468,9 +468,6 @@ static const char * const features[] = { #if defined(MBEDTLS_SSL_ALL_ALERT_MESSAGES) "MBEDTLS_SSL_ALL_ALERT_MESSAGES", #endif /* MBEDTLS_SSL_ALL_ALERT_MESSAGES */ -#if defined(MBEDTLS_SSL_RECORD_CHECKING) - "MBEDTLS_SSL_RECORD_CHECKING", -#endif /* MBEDTLS_SSL_RECORD_CHECKING */ #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) "MBEDTLS_SSL_DTLS_CONNECTION_ID", #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ diff --git a/programs/ssl/ssl_test_common_source.c b/programs/ssl/ssl_test_common_source.c index 73457a1390..fd7eacf6d8 100644 --- a/programs/ssl/ssl_test_common_source.c +++ b/programs/ssl/ssl_test_common_source.c @@ -159,7 +159,6 @@ int dtls_srtp_key_derivation( void *p_expkey, #endif /* MBEDTLS_SSL_EXPORT_KEYS */ -#if defined(MBEDTLS_SSL_RECORD_CHECKING) int ssl_check_record( mbedtls_ssl_context const *ssl, unsigned char const *buf, size_t len ) { @@ -220,7 +219,6 @@ int ssl_check_record( mbedtls_ssl_context const *ssl, return( 0 ); } -#endif /* MBEDTLS_SSL_RECORD_CHECKING */ int recv_cb( void *ctx, unsigned char *buf, size_t len ) { @@ -241,10 +239,8 @@ int recv_cb( void *ctx, unsigned char *buf, size_t len ) /* Here's the place to do any datagram/record checking * in between receiving the packet from the underlying * transport and passing it on to the TLS stack. */ -#if defined(MBEDTLS_SSL_RECORD_CHECKING) if( ssl_check_record( io_ctx->ssl, buf, recv_len ) != 0 ) return( -1 ); -#endif /* MBEDTLS_SSL_RECORD_CHECKING */ } return( (int) recv_len ); @@ -267,10 +263,8 @@ int recv_timeout_cb( void *ctx, unsigned char *buf, size_t len, /* Here's the place to do any datagram/record checking * in between receiving the packet from the underlying * transport and passing it on to the TLS stack. */ -#if defined(MBEDTLS_SSL_RECORD_CHECKING) if( ssl_check_record( io_ctx->ssl, buf, recv_len ) != 0 ) return( -1 ); -#endif /* MBEDTLS_SSL_RECORD_CHECKING */ } return( (int) recv_len ); diff --git a/programs/test/query_config.c b/programs/test/query_config.c index 450e2fbbf0..cf7b3032f6 100644 --- a/programs/test/query_config.c +++ b/programs/test/query_config.c @@ -1299,14 +1299,6 @@ int query_config( const char *config ) } #endif /* MBEDTLS_SSL_ALL_ALERT_MESSAGES */ -#if defined(MBEDTLS_SSL_RECORD_CHECKING) - if( strcmp( "MBEDTLS_SSL_RECORD_CHECKING", config ) == 0 ) - { - MACRO_EXPANSION_TO_STR( MBEDTLS_SSL_RECORD_CHECKING ); - return( 0 ); - } -#endif /* MBEDTLS_SSL_RECORD_CHECKING */ - #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) if( strcmp( "MBEDTLS_SSL_DTLS_CONNECTION_ID", config ) == 0 ) { From 99914146a4a1eb6c147f348cf9a9f581882d88b8 Mon Sep 17 00:00:00 2001 From: Thomas Daubney Date: Thu, 6 May 2021 15:17:03 +0100 Subject: [PATCH 094/188] Preparatory commit to remove tests Removed a conditional compilation block relating to MBEDTLS_PKCS1_V15 in rsa_pkcs1_verify_raw function that was no longer relevant. Signed-off-by: Thomas Daubney --- include/mbedtls/pk.h | 2 +- library/pk_wrap.c | 2 +- tests/suites/test_suite_pk.function | 5 +- tests/suites/test_suite_pkcs1_v15.data | 76 ++++------------------ tests/suites/test_suite_pkcs1_v15.function | 12 +--- tests/suites/test_suite_rsa.function | 30 --------- tests/suites/test_suite_x509write.function | 5 +- 7 files changed, 25 insertions(+), 107 deletions(-) diff --git a/include/mbedtls/pk.h b/include/mbedtls/pk.h index 67cbb380b0..093b3bc6d6 100644 --- a/include/mbedtls/pk.h +++ b/include/mbedtls/pk.h @@ -229,7 +229,7 @@ static inline mbedtls_ecp_keypair *mbedtls_pk_ec( const mbedtls_pk_context pk ) /** * \brief Types for RSA-alt abstraction */ -typedef int (*mbedtls_pk_rsa_alt_decrypt_func)( void *ctx, int mode, size_t *olen, +typedef int (*mbedtls_pk_rsa_alt_decrypt_func)( void *ctx, size_t *olen, const unsigned char *input, unsigned char *output, size_t output_max_len ); typedef int (*mbedtls_pk_rsa_alt_sign_func)( void *ctx, diff --git a/library/pk_wrap.c b/library/pk_wrap.c index bf9d4c5f83..3663fb8488 100644 --- a/library/pk_wrap.c +++ b/library/pk_wrap.c @@ -788,7 +788,7 @@ static int rsa_alt_decrypt_wrap( void *ctx, return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); return( rsa_alt->decrypt_func( rsa_alt->key, - MBEDTLS_RSA_PRIVATE, olen, input, output, osize ) ); + olen, input, output, osize ) ); } #if defined(MBEDTLS_RSA_C) diff --git a/tests/suites/test_suite_pk.function b/tests/suites/test_suite_pk.function index bc469b68db..9408bb8d5d 100644 --- a/tests/suites/test_suite_pk.function +++ b/tests/suites/test_suite_pk.function @@ -60,12 +60,13 @@ static int pk_genkey( mbedtls_pk_context *pk, int parameter ) } #if defined(MBEDTLS_RSA_C) -int mbedtls_rsa_decrypt_func( void *ctx, int mode, size_t *olen, +int mbedtls_rsa_decrypt_func( void *ctx, size_t *olen, const unsigned char *input, unsigned char *output, size_t output_max_len ) { return( mbedtls_rsa_pkcs1_decrypt( (mbedtls_rsa_context *) ctx, - mbedtls_test_rnd_std_rand, NULL, mode, + mbedtls_test_rnd_std_rand, NULL, + MBEDTLS_RSA_PRIVATE, olen, input, output, output_max_len ) ); } int mbedtls_rsa_sign_func( void *ctx, diff --git a/tests/suites/test_suite_pkcs1_v15.data b/tests/suites/test_suite_pkcs1_v15.data index b4cf09a57e..32dd2181fa 100644 --- a/tests/suites/test_suite_pkcs1_v15.data +++ b/tests/suites/test_suite_pkcs1_v15.data @@ -41,91 +41,43 @@ RSASSA-V15 Verification Test Vector Int pkcs1_rsassa_v15_verify:1024:16:"a2ba40ee07e3b2bd2f02ce227f36a195024486e49c19cb41bbbdfbba98b22b0e577c2eeaffa20d883a76e65e394c69d4b3c05a1e8fadda27edb2a42bc000fe888b9b32c22d15add0cd76b3e7936e19955b220dd17d4ea904b1ec102b2e4de7751222aa99151024c7cb41cc5ea21d00eeb41f7c800834d2c6e06bce3bce7ea9a5":16:"010001":MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA1:"859eef2fd78aca00308bdc471193bf55bf9d78db8f8a672b484634f3c9c26e6478ae10260fe0dd8c082e53a5293af2173cd50c6d5d354febf78b26021c25c02712e78cd4694c9f469777e451e7f8e9e04cd3739c6bbfedae487fb55644e9ca74ff77a53cb729802f6ed4a5ffa8ba159890fc":"e3b5d5d002c1bce50c2b65ef88a188d83bce7e61":"2154f928615e5101fcdeb57bc08fc2f35c3d5996403861ae3efb1d0712f8bb05cc21f7f5f11f62e5b6ea9f0f2b62180e5cbe7ba535032d6ac8068fff7f362f73d2c3bf5eca6062a1723d7cfd5abb6dcf7e405f2dc560ffe6fc37d38bee4dc9e24fe2bece3e3b4a3f032701d3f0947b42930083dd4ad241b3309b514595482d42":0 RSAES-V15 decoding: good, payload=max, tight output buffer -pkcs1_v15_decode:MBEDTLS_RSA_PRIVATE:"0002505152535455565700":117:117:0 +pkcs1_v15_decode:"0002505152535455565700":117:117:0 RSAES-V15 decoding: good, payload=max, larger output buffer -pkcs1_v15_decode:MBEDTLS_RSA_PRIVATE:"0002505152535455565700":117:128:0 +pkcs1_v15_decode:"0002505152535455565700":117:128:0 RSAES-V15 decoding: good, payload=max-1, tight output buffer -pkcs1_v15_decode:MBEDTLS_RSA_PRIVATE:"000250515253545556575800":116:116:0 +pkcs1_v15_decode:"000250515253545556575800":116:116:0 RSAES-V15 decoding: good, payload=max-1, larger output buffer -pkcs1_v15_decode:MBEDTLS_RSA_PRIVATE:"000250515253545556575800":116:117:0 +pkcs1_v15_decode:"000250515253545556575800":116:117:0 RSAES-V15 decoding: good, payload=1 -pkcs1_v15_decode:MBEDTLS_RSA_PRIVATE:"00025050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505000":1:1:0 +pkcs1_v15_decode:"00025050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505000":1:1:0 RSAES-V15 decoding: good, empty payload -pkcs1_v15_decode:MBEDTLS_RSA_PRIVATE:"0002505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505000":0:0:0 +pkcs1_v15_decode:"0002505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505000":0:0:0 RSAES-V15 decoding: payload=max, output too large -pkcs1_v15_decode:MBEDTLS_RSA_PRIVATE:"0002505152535455565700":117:116:MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE +pkcs1_v15_decode:"0002505152535455565700":117:116:MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE RSAES-V15 decoding: payload=max-1, output too large -pkcs1_v15_decode:MBEDTLS_RSA_PRIVATE:"000250515253545556575800":116:115:MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE +pkcs1_v15_decode:"000250515253545556575800":116:115:MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE RSAES-V15 decoding: bad first byte -pkcs1_v15_decode:MBEDTLS_RSA_PRIVATE:"0102505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050":0:42:MBEDTLS_ERR_RSA_INVALID_PADDING +pkcs1_v15_decode:"0102505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050":0:42:MBEDTLS_ERR_RSA_INVALID_PADDING RSAES-V15 decoding: bad second byte (0 instead of 2) -pkcs1_v15_decode:MBEDTLS_RSA_PRIVATE:"0000505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050":0:42:MBEDTLS_ERR_RSA_INVALID_PADDING +pkcs1_v15_decode:"0000505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050":0:42:MBEDTLS_ERR_RSA_INVALID_PADDING RSAES-V15 decoding: bad second byte (1 instead of 2) -pkcs1_v15_decode:MBEDTLS_RSA_PRIVATE:"0001505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050":0:42:MBEDTLS_ERR_RSA_INVALID_PADDING +pkcs1_v15_decode:"0001505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050":0:42:MBEDTLS_ERR_RSA_INVALID_PADDING RSAES-V15 decoding: padding too short (0) -pkcs1_v15_decode:MBEDTLS_RSA_PRIVATE:"000200":0:42:MBEDTLS_ERR_RSA_INVALID_PADDING +pkcs1_v15_decode:"000200":0:42:MBEDTLS_ERR_RSA_INVALID_PADDING RSAES-V15 decoding: padding too short (7) -pkcs1_v15_decode:MBEDTLS_RSA_PRIVATE:"0002505050505050500000ffffffffffffffffff00":0:42:MBEDTLS_ERR_RSA_INVALID_PADDING +pkcs1_v15_decode:"0002505050505050500000ffffffffffffffffff00":0:42:MBEDTLS_ERR_RSA_INVALID_PADDING RSAES-V15 decoding: unfinished padding -pkcs1_v15_decode:MBEDTLS_RSA_PRIVATE:"0002505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050":0:42:MBEDTLS_ERR_RSA_INVALID_PADDING - -EMSA-V15 decoding: good, payload=max, tight output buffer -pkcs1_v15_decode:MBEDTLS_RSA_PUBLIC:"0001ffffffffffffffff00":117:117:0 - -EMSA-V15 decoding: good, payload=max, larger output buffer -pkcs1_v15_decode:MBEDTLS_RSA_PUBLIC:"0001ffffffffffffffff00":117:128:0 - -EMSA-V15 decoding: good, payload=max-1, tight output buffer -pkcs1_v15_decode:MBEDTLS_RSA_PUBLIC:"0001ffffffffffffffffff00":116:116:0 - -EMSA-V15 decoding: good, payload=max-1, larger output buffer -pkcs1_v15_decode:MBEDTLS_RSA_PUBLIC:"0001ffffffffffffffffff00":116:117:0 - -EMSA-V15 decoding: good, payload=1 -pkcs1_v15_decode:MBEDTLS_RSA_PUBLIC:"0001ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff00":1:1:0 - -EMSA-V15 decoding: good, empty payload -pkcs1_v15_decode:MBEDTLS_RSA_PUBLIC:"0001ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff00":0:0:0 - -EMSA-V15 decoding: bad first byte -pkcs1_v15_decode:MBEDTLS_RSA_PUBLIC:"0101ffffffffffffffff00":0:42:MBEDTLS_ERR_RSA_INVALID_PADDING - -EMSA-V15 decoding: bad second byte (0 instead of 1) -pkcs1_v15_decode:MBEDTLS_RSA_PUBLIC:"0000ffffffffffffffff00":0:42:MBEDTLS_ERR_RSA_INVALID_PADDING - -EMSA-V15 decoding: bad second byte (2 instead of 1) -pkcs1_v15_decode:MBEDTLS_RSA_PUBLIC:"0002ffffffffffffffff00":0:42:MBEDTLS_ERR_RSA_INVALID_PADDING - -EMSA-V15 decoding: padding too short (0) -pkcs1_v15_decode:MBEDTLS_RSA_PUBLIC:"000100":0:42:MBEDTLS_ERR_RSA_INVALID_PADDING - -EMSA-V15 decoding: padding too short (7) -pkcs1_v15_decode:MBEDTLS_RSA_PUBLIC:"0001ffffffffffffff0000ffffffffffffffff00":0:42:MBEDTLS_ERR_RSA_INVALID_PADDING - -EMSA-V15 decoding: invalid padding at first byte -pkcs1_v15_decode:MBEDTLS_RSA_PUBLIC:"0001fffffffffffffffe00":0:42:MBEDTLS_ERR_RSA_INVALID_PADDING - -EMSA-V15 decoding: invalid padding at last byte -pkcs1_v15_decode:MBEDTLS_RSA_PUBLIC:"0001feffffffffffffff00":0:42:MBEDTLS_ERR_RSA_INVALID_PADDING - -EMSA-V15 decoding: unfinished padding -pkcs1_v15_decode:MBEDTLS_RSA_PUBLIC:"0001ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff":0:42:MBEDTLS_ERR_RSA_INVALID_PADDING - -EMSA-V15 decoding: unfinished padding with invalid first byte -pkcs1_v15_decode:MBEDTLS_RSA_PUBLIC:"0001feffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff":0:42:MBEDTLS_ERR_RSA_INVALID_PADDING - -EMSA-V15 decoding: unfinished padding with invalid last byte -pkcs1_v15_decode:MBEDTLS_RSA_PUBLIC:"0001fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffe":0:42:MBEDTLS_ERR_RSA_INVALID_PADDING +pkcs1_v15_decode:"0002505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050505050":0:42:MBEDTLS_ERR_RSA_INVALID_PADDING diff --git a/tests/suites/test_suite_pkcs1_v15.function b/tests/suites/test_suite_pkcs1_v15.function index 068027b0e9..273c6044e5 100644 --- a/tests/suites/test_suite_pkcs1_v15.function +++ b/tests/suites/test_suite_pkcs1_v15.function @@ -116,8 +116,7 @@ exit: /* END_CASE */ /* BEGIN_CASE */ -void pkcs1_v15_decode( int mode, - data_t *input, +void pkcs1_v15_decode( data_t *input, int expected_plaintext_length_arg, int output_size_arg, int expected_result ) @@ -207,17 +206,12 @@ void pkcs1_v15_decode( int mode, TEST_ASSERT( input->len <= sizeof( N ) ); memcpy( original, input->x, input->len ); memset( original + input->len, 'd', sizeof( original ) - input->len ); - if( mode == MBEDTLS_RSA_PRIVATE ) - TEST_ASSERT( mbedtls_rsa_public( &ctx, original, intermediate ) == 0 ); - else - TEST_ASSERT( mbedtls_rsa_private( &ctx, &mbedtls_test_rnd_pseudo_rand, - &rnd_info, original, - intermediate ) == 0 ); + TEST_ASSERT( mbedtls_rsa_public( &ctx, original, intermediate ) == 0 ); memcpy( final, default_content, sizeof( final ) ); TEST_ASSERT( mbedtls_rsa_pkcs1_decrypt( &ctx, &mbedtls_test_rnd_pseudo_rand, - &rnd_info, mode, &output_length, + &rnd_info, MBEDTLS_RSA_PRIVATE, &output_length, intermediate, final, output_size ) == expected_result ); if( expected_result == 0 ) diff --git a/tests/suites/test_suite_rsa.function b/tests/suites/test_suite_rsa.function index f4b3226542..516b3a08f5 100644 --- a/tests/suites/test_suite_rsa.function +++ b/tests/suites/test_suite_rsa.function @@ -697,36 +697,6 @@ void rsa_pkcs1_verify_raw( data_t * hash_result, TEST_ASSERT( mbedtls_rsa_pkcs1_verify( &ctx, NULL, NULL, MBEDTLS_RSA_PUBLIC, MBEDTLS_MD_NONE, hash_result->len, hash_result->x, result_str->x ) == correct ); -#if defined(MBEDTLS_PKCS1_V15) - /* For PKCS#1 v1.5, there is an alternative way to verify signatures */ - if( padding_mode == MBEDTLS_RSA_PKCS_V15 ) - { - int res; - int ok; - size_t olen; - - res = mbedtls_rsa_rsaes_pkcs1_v15_decrypt( &ctx, - NULL, NULL, MBEDTLS_RSA_PUBLIC, - &olen, result_str->x, output, sizeof( output ) ); - -#if !defined(MBEDTLS_RSA_ALT) - TEST_ASSERT( res == 0 ); -#else - TEST_ASSERT( ( res == 0 ) || - ( res == MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED ) ); -#endif - - if( res == 0 ) - { - ok = olen == hash_result->len && memcmp( output, hash_result->x, olen ) == 0; - if( correct == 0 ) - TEST_ASSERT( ok == 1 ); - else - TEST_ASSERT( ok == 0 ); - } - } -#endif /* MBEDTLS_PKCS1_V15 */ - exit: mbedtls_mpi_free( &N ); mbedtls_mpi_free( &E ); mbedtls_rsa_free( &ctx ); diff --git a/tests/suites/test_suite_x509write.function b/tests/suites/test_suite_x509write.function index 59ea17b2c5..234ef4510f 100644 --- a/tests/suites/test_suite_x509write.function +++ b/tests/suites/test_suite_x509write.function @@ -7,11 +7,12 @@ #include "mbedtls/rsa.h" #if defined(MBEDTLS_RSA_C) -int mbedtls_rsa_decrypt_func( void *ctx, int mode, size_t *olen, +int mbedtls_rsa_decrypt_func( void *ctx, size_t *olen, const unsigned char *input, unsigned char *output, size_t output_max_len ) { - return( mbedtls_rsa_pkcs1_decrypt( (mbedtls_rsa_context *) ctx, NULL, NULL, mode, olen, + return( mbedtls_rsa_pkcs1_decrypt( (mbedtls_rsa_context *) ctx, NULL, NULL, + MBEDTLS_RSA_PRIVATE, olen, input, output, output_max_len ) ); } int mbedtls_rsa_sign_func( void *ctx, From c7feaf349ce3ad00ef478d0f69915c39061d3212 Mon Sep 17 00:00:00 2001 From: Thomas Daubney Date: Fri, 7 May 2021 14:02:43 +0100 Subject: [PATCH 095/188] Remove mode param from mbedtls_rsa_pkcs1_decrypt The mode parameter has been removed from the mbedtls_rsa_pkcs1_decrypt function. The change has been progagated to all function calls, including in test suite .function files. Signed-off-by: Thomas Daubney --- include/mbedtls/rsa.h | 16 ++++------------ library/pk_wrap.c | 2 +- library/psa_crypto.c | 1 - library/rsa.c | 10 ++++------ programs/pkey/rsa_decrypt.c | 2 +- tests/suites/test_suite_pk.function | 1 - tests/suites/test_suite_pkcs1_v15.function | 5 ++--- tests/suites/test_suite_pkcs1_v21.function | 2 -- tests/suites/test_suite_rsa.function | 14 +++++--------- tests/suites/test_suite_x509write.function | 3 +-- 10 files changed, 18 insertions(+), 38 deletions(-) diff --git a/include/mbedtls/rsa.h b/include/mbedtls/rsa.h index 38784fc5a5..93dd7255e4 100644 --- a/include/mbedtls/rsa.h +++ b/include/mbedtls/rsa.h @@ -705,7 +705,7 @@ int mbedtls_rsa_rsaes_oaep_encrypt( mbedtls_rsa_context *ctx, * message padding. * * It is the generic wrapper for performing a PKCS#1 decryption - * operation using the \p mode from the context. + * operation. * * \note The output buffer length \c output_max_len should be * as large as the size \p ctx->len of \p ctx->N (for example, @@ -714,24 +714,16 @@ int mbedtls_rsa_rsaes_oaep_encrypt( mbedtls_rsa_context *ctx, * hold the decryption of the particular ciphertext provided, * the function returns \c MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE. * - * \deprecated It is deprecated and discouraged to call this function - * in #MBEDTLS_RSA_PUBLIC mode. Future versions of the library - * are likely to remove the \p mode argument and have it - * implicitly set to #MBEDTLS_RSA_PRIVATE. * * \note Alternative implementations of RSA need not support * mode being set to #MBEDTLS_RSA_PUBLIC and might instead * return #MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED. * * \param ctx The initialized RSA context to use. - * \param f_rng The RNG function. If \p mode is #MBEDTLS_RSA_PRIVATE, - * this is used for blinding and should be provided; see - * mbedtls_rsa_private() for more. If \p mode is - * #MBEDTLS_RSA_PUBLIC, it is ignored. + * \param f_rng The RNG function. This is used for blinding and should + * be provided; see mbedtls_rsa_private() for more. * \param p_rng The RNG context to be passed to \p f_rng. This may be * \c NULL if \p f_rng is \c NULL or doesn't need a context. - * \param mode The mode of operation. This must be either - * #MBEDTLS_RSA_PRIVATE or #MBEDTLS_RSA_PUBLIC (deprecated). * \param olen The address at which to store the length of * the plaintext. This must not be \c NULL. * \param input The ciphertext buffer. This must be a readable buffer @@ -747,7 +739,7 @@ int mbedtls_rsa_rsaes_oaep_encrypt( mbedtls_rsa_context *ctx, int mbedtls_rsa_pkcs1_decrypt( mbedtls_rsa_context *ctx, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng, - int mode, size_t *olen, + size_t *olen, const unsigned char *input, unsigned char *output, size_t output_max_len ); diff --git a/library/pk_wrap.c b/library/pk_wrap.c index 3663fb8488..8e4f251231 100644 --- a/library/pk_wrap.c +++ b/library/pk_wrap.c @@ -135,7 +135,7 @@ static int rsa_decrypt_wrap( void *ctx, return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); return( mbedtls_rsa_pkcs1_decrypt( rsa, f_rng, p_rng, - MBEDTLS_RSA_PRIVATE, olen, input, output, osize ) ); + olen, input, output, osize ) ); } static int rsa_encrypt_wrap( void *ctx, diff --git a/library/psa_crypto.c b/library/psa_crypto.c index c153217908..8f0b62c26a 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -3171,7 +3171,6 @@ psa_status_t psa_asymmetric_decrypt( mbedtls_svc_key_id_t key, mbedtls_rsa_pkcs1_decrypt( rsa, mbedtls_psa_get_random, MBEDTLS_PSA_RANDOM_STATE, - MBEDTLS_RSA_PRIVATE, output_length, input, output, diff --git a/library/rsa.c b/library/rsa.c index 209273e090..502fe8654e 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -1763,14 +1763,12 @@ cleanup: int mbedtls_rsa_pkcs1_decrypt( mbedtls_rsa_context *ctx, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng, - int mode, size_t *olen, + size_t *olen, const unsigned char *input, unsigned char *output, size_t output_max_len) { RSA_VALIDATE_RET( ctx != NULL ); - RSA_VALIDATE_RET( mode == MBEDTLS_RSA_PRIVATE || - mode == MBEDTLS_RSA_PUBLIC ); RSA_VALIDATE_RET( output_max_len == 0 || output != NULL ); RSA_VALIDATE_RET( input != NULL ); RSA_VALIDATE_RET( olen != NULL ); @@ -1779,13 +1777,13 @@ int mbedtls_rsa_pkcs1_decrypt( mbedtls_rsa_context *ctx, { #if defined(MBEDTLS_PKCS1_V15) case MBEDTLS_RSA_PKCS_V15: - return mbedtls_rsa_rsaes_pkcs1_v15_decrypt( ctx, f_rng, p_rng, mode, olen, + return mbedtls_rsa_rsaes_pkcs1_v15_decrypt( ctx, f_rng, p_rng, MBEDTLS_RSA_PRIVATE, olen, input, output, output_max_len ); #endif #if defined(MBEDTLS_PKCS1_V21) case MBEDTLS_RSA_PKCS_V21: - return mbedtls_rsa_rsaes_oaep_decrypt( ctx, f_rng, p_rng, mode, NULL, 0, + return mbedtls_rsa_rsaes_oaep_decrypt( ctx, f_rng, p_rng, MBEDTLS_RSA_PRIVATE, NULL, 0, olen, input, output, output_max_len ); #endif @@ -2733,7 +2731,7 @@ int mbedtls_rsa_self_test( int verbose ) if( verbose != 0 ) mbedtls_printf( "passed\n PKCS#1 decryption : " ); - if( mbedtls_rsa_pkcs1_decrypt( &rsa, myrand, NULL, MBEDTLS_RSA_PRIVATE, + if( mbedtls_rsa_pkcs1_decrypt( &rsa, myrand, NULL, &len, rsa_ciphertext, rsa_decrypted, sizeof(rsa_decrypted) ) != 0 ) { diff --git a/programs/pkey/rsa_decrypt.c b/programs/pkey/rsa_decrypt.c index 01bf3a621a..1ba8c735db 100644 --- a/programs/pkey/rsa_decrypt.c +++ b/programs/pkey/rsa_decrypt.c @@ -177,7 +177,7 @@ int main( int argc, char *argv[] ) fflush( stdout ); ret = mbedtls_rsa_pkcs1_decrypt( &rsa, mbedtls_ctr_drbg_random, - &ctr_drbg, MBEDTLS_RSA_PRIVATE, &i, + &ctr_drbg, &i, buf, result, 1024 ); if( ret != 0 ) { diff --git a/tests/suites/test_suite_pk.function b/tests/suites/test_suite_pk.function index 9408bb8d5d..b81bd7be47 100644 --- a/tests/suites/test_suite_pk.function +++ b/tests/suites/test_suite_pk.function @@ -66,7 +66,6 @@ int mbedtls_rsa_decrypt_func( void *ctx, size_t *olen, { return( mbedtls_rsa_pkcs1_decrypt( (mbedtls_rsa_context *) ctx, mbedtls_test_rnd_std_rand, NULL, - MBEDTLS_RSA_PRIVATE, olen, input, output, output_max_len ) ); } int mbedtls_rsa_sign_func( void *ctx, diff --git a/tests/suites/test_suite_pkcs1_v15.function b/tests/suites/test_suite_pkcs1_v15.function index 273c6044e5..b03bddac68 100644 --- a/tests/suites/test_suite_pkcs1_v15.function +++ b/tests/suites/test_suite_pkcs1_v15.function @@ -89,7 +89,6 @@ void pkcs1_rsaes_v15_decrypt( int mod, int radix_P, char * input_P, TEST_ASSERT( mbedtls_rsa_pkcs1_decrypt( &ctx, &mbedtls_test_rnd_pseudo_rand, &rnd_info, - MBEDTLS_RSA_PRIVATE, &output_len, message_str->x, NULL, 0 ) == result ); } @@ -97,7 +96,7 @@ void pkcs1_rsaes_v15_decrypt( int mod, int radix_P, char * input_P, { TEST_ASSERT( mbedtls_rsa_pkcs1_decrypt( &ctx, &mbedtls_test_rnd_pseudo_rand, - &rnd_info, MBEDTLS_RSA_PRIVATE, + &rnd_info, &output_len, message_str->x, output, 1000 ) == result ); if( result == 0 ) @@ -211,7 +210,7 @@ void pkcs1_v15_decode( data_t *input, memcpy( final, default_content, sizeof( final ) ); TEST_ASSERT( mbedtls_rsa_pkcs1_decrypt( &ctx, &mbedtls_test_rnd_pseudo_rand, - &rnd_info, MBEDTLS_RSA_PRIVATE, &output_length, + &rnd_info, &output_length, intermediate, final, output_size ) == expected_result ); if( expected_result == 0 ) diff --git a/tests/suites/test_suite_pkcs1_v21.function b/tests/suites/test_suite_pkcs1_v21.function index 97f440d28d..2e7f3399db 100644 --- a/tests/suites/test_suite_pkcs1_v21.function +++ b/tests/suites/test_suite_pkcs1_v21.function @@ -85,7 +85,6 @@ void pkcs1_rsaes_oaep_decrypt( int mod, data_t * input_P, data_t * input_Q, TEST_ASSERT( mbedtls_rsa_pkcs1_decrypt( &ctx, &mbedtls_test_rnd_pseudo_rand, &rnd_info, - MBEDTLS_RSA_PRIVATE, &output_len, message_str->x, NULL, 0 ) == result ); } @@ -94,7 +93,6 @@ void pkcs1_rsaes_oaep_decrypt( int mod, data_t * input_P, data_t * input_Q, TEST_ASSERT( mbedtls_rsa_pkcs1_decrypt( &ctx, &mbedtls_test_rnd_pseudo_rand, &rnd_info, - MBEDTLS_RSA_PRIVATE, &output_len, message_str->x, output, sizeof( output ) ) == result ); diff --git a/tests/suites/test_suite_rsa.function b/tests/suites/test_suite_rsa.function index 516b3a08f5..1313f55a4f 100644 --- a/tests/suites/test_suite_rsa.function +++ b/tests/suites/test_suite_rsa.function @@ -180,23 +180,19 @@ void rsa_invalid_param( ) TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, mbedtls_rsa_pkcs1_decrypt( NULL, NULL, NULL, - valid_mode, &olen, + &olen, buf, buf, 42 ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, mbedtls_rsa_pkcs1_decrypt( &ctx, NULL, NULL, - invalid_mode, &olen, + NULL, buf, buf, 42 ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, mbedtls_rsa_pkcs1_decrypt( &ctx, NULL, NULL, - valid_mode, NULL, - buf, buf, 42 ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, - mbedtls_rsa_pkcs1_decrypt( &ctx, NULL, NULL, - valid_mode, &olen, + &olen, NULL, buf, 42 ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, mbedtls_rsa_pkcs1_decrypt( &ctx, NULL, NULL, - valid_mode, &olen, + &olen, buf, NULL, 42 ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, @@ -823,7 +819,7 @@ void mbedtls_rsa_pkcs1_decrypt( data_t * message_str, int padding_mode, output_len = 0; TEST_ASSERT( mbedtls_rsa_pkcs1_decrypt( &ctx, mbedtls_test_rnd_pseudo_rand, - &rnd_info, MBEDTLS_RSA_PRIVATE, + &rnd_info, &output_len, message_str->x, output, max_output ) == result ); if( result == 0 ) diff --git a/tests/suites/test_suite_x509write.function b/tests/suites/test_suite_x509write.function index 234ef4510f..04ea69b1a6 100644 --- a/tests/suites/test_suite_x509write.function +++ b/tests/suites/test_suite_x509write.function @@ -12,8 +12,7 @@ int mbedtls_rsa_decrypt_func( void *ctx, size_t *olen, size_t output_max_len ) { return( mbedtls_rsa_pkcs1_decrypt( (mbedtls_rsa_context *) ctx, NULL, NULL, - MBEDTLS_RSA_PRIVATE, olen, - input, output, output_max_len ) ); + olen, input, output, output_max_len ) ); } int mbedtls_rsa_sign_func( void *ctx, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng, From d21e0b780a178eaca6b2a897595c50c165a8570f Mon Sep 17 00:00:00 2001 From: Thomas Daubney Date: Thu, 6 May 2021 11:41:09 +0100 Subject: [PATCH 096/188] Remove mode parameter from mbedtls_rsa_rsaes_oaep_decrypt function Removing the mode parameter from the mbedtls_rsa_rsaes_oaep_decrypt function. The change is progagated to all function calls, including in test suite .function files. Additionally fully removing one test where the wrong mode was being tested. Signed-off-by: Tom Daubney Signed-off-by: Thomas Daubney --- include/mbedtls/rsa.h | 14 ++------------ library/psa_crypto.c | 1 - library/rsa.c | 11 +++-------- tests/suites/test_suite_rsa.function | 10 ---------- 4 files changed, 5 insertions(+), 31 deletions(-) diff --git a/include/mbedtls/rsa.h b/include/mbedtls/rsa.h index 93dd7255e4..c366623bcf 100644 --- a/include/mbedtls/rsa.h +++ b/include/mbedtls/rsa.h @@ -806,24 +806,15 @@ int mbedtls_rsa_rsaes_pkcs1_v15_decrypt( mbedtls_rsa_context *ctx, * ciphertext provided, the function returns * #MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE. * - * \deprecated It is deprecated and discouraged to call this function - * in #MBEDTLS_RSA_PUBLIC mode. Future versions of the library - * are likely to remove the \p mode argument and have it - * implicitly set to #MBEDTLS_RSA_PRIVATE. - * * \note Alternative implementations of RSA need not support * mode being set to #MBEDTLS_RSA_PUBLIC and might instead * return #MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED. * * \param ctx The initialized RSA context to use. - * \param f_rng The RNG function. If \p mode is #MBEDTLS_RSA_PRIVATE, - * this is used for blinding and should be provided; see - * mbedtls_rsa_private() for more. If \p mode is - * #MBEDTLS_RSA_PUBLIC, it is ignored. + * \param f_rng The RNG function. This is used for blinding and should + * be provided; see mbedtls_rsa_private() for more. * \param p_rng The RNG context to be passed to \p f_rng. This may be * \c NULL if \p f_rng is \c NULL or doesn't need a context. - * \param mode The mode of operation. This must be either - * #MBEDTLS_RSA_PRIVATE or #MBEDTLS_RSA_PUBLIC (deprecated). * \param label The buffer holding the custom label to use. * This must be a readable buffer of length \p label_len * Bytes. It may be \c NULL if \p label_len is \c 0. @@ -843,7 +834,6 @@ int mbedtls_rsa_rsaes_pkcs1_v15_decrypt( mbedtls_rsa_context *ctx, int mbedtls_rsa_rsaes_oaep_decrypt( mbedtls_rsa_context *ctx, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng, - int mode, const unsigned char *label, size_t label_len, size_t *olen, const unsigned char *input, diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 8f0b62c26a..64ead5b6ed 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -3186,7 +3186,6 @@ psa_status_t psa_asymmetric_decrypt( mbedtls_svc_key_id_t key, mbedtls_rsa_rsaes_oaep_decrypt( rsa, mbedtls_psa_get_random, MBEDTLS_PSA_RANDOM_STATE, - MBEDTLS_RSA_PRIVATE, salt, salt_length, output_length, input, diff --git a/library/rsa.c b/library/rsa.c index 502fe8654e..bef30026fa 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -1353,7 +1353,6 @@ int mbedtls_rsa_pkcs1_encrypt( mbedtls_rsa_context *ctx, int mbedtls_rsa_rsaes_oaep_decrypt( mbedtls_rsa_context *ctx, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng, - int mode, const unsigned char *label, size_t label_len, size_t *olen, const unsigned char *input, @@ -1370,8 +1369,6 @@ int mbedtls_rsa_rsaes_oaep_decrypt( mbedtls_rsa_context *ctx, mbedtls_md_context_t md_ctx; RSA_VALIDATE_RET( ctx != NULL ); - RSA_VALIDATE_RET( mode == MBEDTLS_RSA_PRIVATE || - mode == MBEDTLS_RSA_PUBLIC ); RSA_VALIDATE_RET( output_max_len == 0 || output != NULL ); RSA_VALIDATE_RET( label_len == 0 || label != NULL ); RSA_VALIDATE_RET( input != NULL ); @@ -1380,7 +1377,7 @@ int mbedtls_rsa_rsaes_oaep_decrypt( mbedtls_rsa_context *ctx, /* * Parameters sanity checks */ - if( mode == MBEDTLS_RSA_PRIVATE && ctx->padding != MBEDTLS_RSA_PKCS_V21 ) + if( ctx->padding != MBEDTLS_RSA_PKCS_V21 ) return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); ilen = ctx->len; @@ -1401,9 +1398,7 @@ int mbedtls_rsa_rsaes_oaep_decrypt( mbedtls_rsa_context *ctx, /* * RSA operation */ - ret = ( mode == MBEDTLS_RSA_PUBLIC ) - ? mbedtls_rsa_public( ctx, input, buf ) - : mbedtls_rsa_private( ctx, f_rng, p_rng, input, buf ); + ret = mbedtls_rsa_private( ctx, f_rng, p_rng, input, buf ); if( ret != 0 ) goto cleanup; @@ -1783,7 +1778,7 @@ int mbedtls_rsa_pkcs1_decrypt( mbedtls_rsa_context *ctx, #if defined(MBEDTLS_PKCS1_V21) case MBEDTLS_RSA_PKCS_V21: - return mbedtls_rsa_rsaes_oaep_decrypt( ctx, f_rng, p_rng, MBEDTLS_RSA_PRIVATE, NULL, 0, + return mbedtls_rsa_rsaes_oaep_decrypt( ctx, f_rng, p_rng, NULL, 0, olen, input, output, output_max_len ); #endif diff --git a/tests/suites/test_suite_rsa.function b/tests/suites/test_suite_rsa.function index 1313f55a4f..95881efb23 100644 --- a/tests/suites/test_suite_rsa.function +++ b/tests/suites/test_suite_rsa.function @@ -223,31 +223,21 @@ void rsa_invalid_param( ) TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, mbedtls_rsa_rsaes_oaep_decrypt( NULL, NULL, NULL, - valid_mode, buf, sizeof( buf ), &olen, buf, buf, 42 ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, mbedtls_rsa_rsaes_oaep_decrypt( &ctx, NULL, NULL, - invalid_mode, - buf, sizeof( buf ), - &olen, - buf, buf, 42 ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, - mbedtls_rsa_rsaes_oaep_decrypt( &ctx, NULL, NULL, - valid_mode, NULL, sizeof( buf ), NULL, buf, buf, 42 ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, mbedtls_rsa_rsaes_oaep_decrypt( &ctx, NULL, NULL, - valid_mode, buf, sizeof( buf ), &olen, NULL, buf, 42 ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, mbedtls_rsa_rsaes_oaep_decrypt( &ctx, NULL, NULL, - valid_mode, buf, sizeof( buf ), &olen, buf, NULL, 42 ) ); From 3473308b5d326011a96054b12a132b4f058ca332 Mon Sep 17 00:00:00 2001 From: Thomas Daubney Date: Wed, 12 May 2021 09:24:29 +0100 Subject: [PATCH 097/188] Remove mode param from mbedtls_rsa_rsaes_pkcs1_v15_decrypt Remove mode param from mbedtls_rsa_rsaes_pkcs1_v15_decrypt and also modify and remove relevant tests. Signed-off-by: Thomas Daubney --- include/mbedtls/rsa.h | 15 ++------- library/rsa.c | 49 ++++++++-------------------- tests/suites/test_suite_rsa.function | 17 +++------- 3 files changed, 21 insertions(+), 60 deletions(-) diff --git a/include/mbedtls/rsa.h b/include/mbedtls/rsa.h index c366623bcf..a4ef488609 100644 --- a/include/mbedtls/rsa.h +++ b/include/mbedtls/rsa.h @@ -755,24 +755,15 @@ int mbedtls_rsa_pkcs1_decrypt( mbedtls_rsa_context *ctx, * hold the decryption of the particular ciphertext provided, * the function returns #MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE. * - * \deprecated It is deprecated and discouraged to call this function - * in #MBEDTLS_RSA_PUBLIC mode. Future versions of the library - * are likely to remove the \p mode argument and have it - * implicitly set to #MBEDTLS_RSA_PRIVATE. - * * \note Alternative implementations of RSA need not support * mode being set to #MBEDTLS_RSA_PUBLIC and might instead * return #MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED. * * \param ctx The initialized RSA context to use. - * \param f_rng The RNG function. If \p mode is #MBEDTLS_RSA_PRIVATE, - * this is used for blinding and should be provided; see - * mbedtls_rsa_private() for more. If \p mode is - * #MBEDTLS_RSA_PUBLIC, it is ignored. + * \param f_rng The RNG function. This is used for blinding and should + * be provided; see mbedtls_rsa_private() for more. * \param p_rng The RNG context to be passed to \p f_rng. This may be * \c NULL if \p f_rng is \c NULL or doesn't need a context. - * \param mode The mode of operation. This must be either - * #MBEDTLS_RSA_PRIVATE or #MBEDTLS_RSA_PUBLIC (deprecated). * \param olen The address at which to store the length of * the plaintext. This must not be \c NULL. * \param input The ciphertext buffer. This must be a readable buffer @@ -789,7 +780,7 @@ int mbedtls_rsa_pkcs1_decrypt( mbedtls_rsa_context *ctx, int mbedtls_rsa_rsaes_pkcs1_v15_decrypt( mbedtls_rsa_context *ctx, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng, - int mode, size_t *olen, + size_t *olen, const unsigned char *input, unsigned char *output, size_t output_max_len ); diff --git a/library/rsa.c b/library/rsa.c index bef30026fa..6761fbdb79 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -1586,7 +1586,7 @@ static void mem_move_to_left( void *start, int mbedtls_rsa_rsaes_pkcs1_v15_decrypt( mbedtls_rsa_context *ctx, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng, - int mode, size_t *olen, + size_t *olen, const unsigned char *input, unsigned char *output, size_t output_max_len ) @@ -1611,8 +1611,6 @@ int mbedtls_rsa_rsaes_pkcs1_v15_decrypt( mbedtls_rsa_context *ctx, unsigned output_too_large; RSA_VALIDATE_RET( ctx != NULL ); - RSA_VALIDATE_RET( mode == MBEDTLS_RSA_PRIVATE || - mode == MBEDTLS_RSA_PUBLIC ); RSA_VALIDATE_RET( output_max_len == 0 || output != NULL ); RSA_VALIDATE_RET( input != NULL ); RSA_VALIDATE_RET( olen != NULL ); @@ -1622,15 +1620,13 @@ int mbedtls_rsa_rsaes_pkcs1_v15_decrypt( mbedtls_rsa_context *ctx, ilen - 11 : output_max_len ); - if( mode == MBEDTLS_RSA_PRIVATE && ctx->padding != MBEDTLS_RSA_PKCS_V15 ) + if( ctx->padding != MBEDTLS_RSA_PKCS_V15 ) return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); if( ilen < 16 || ilen > sizeof( buf ) ) return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); - ret = ( mode == MBEDTLS_RSA_PUBLIC ) - ? mbedtls_rsa_public( ctx, input, buf ) - : mbedtls_rsa_private( ctx, f_rng, p_rng, input, buf ); + ret = mbedtls_rsa_private( ctx, f_rng, p_rng, input, buf ); if( ret != 0 ) goto cleanup; @@ -1639,37 +1635,20 @@ int mbedtls_rsa_rsaes_pkcs1_v15_decrypt( mbedtls_rsa_context *ctx, * memory trace. The first byte must be 0. */ bad |= buf[0]; - if( mode == MBEDTLS_RSA_PRIVATE ) - { - /* Decode EME-PKCS1-v1_5 padding: 0x00 || 0x02 || PS || 0x00 - * where PS must be at least 8 nonzero bytes. */ - bad |= buf[1] ^ MBEDTLS_RSA_CRYPT; - /* Read the whole buffer. Set pad_done to nonzero if we find - * the 0x00 byte and remember the padding length in pad_count. */ - for( i = 2; i < ilen; i++ ) - { - pad_done |= ((buf[i] | (unsigned char)-buf[i]) >> 7) ^ 1; - pad_count += ((pad_done | (unsigned char)-pad_done) >> 7) ^ 1; - } - } - else - { - /* Decode EMSA-PKCS1-v1_5 padding: 0x00 || 0x01 || PS || 0x00 - * where PS must be at least 8 bytes with the value 0xFF. */ - bad |= buf[1] ^ MBEDTLS_RSA_SIGN; + /* Decode EME-PKCS1-v1_5 padding: 0x00 || 0x02 || PS || 0x00 + * where PS must be at least 8 nonzero bytes. */ + bad |= buf[1] ^ MBEDTLS_RSA_CRYPT; - /* Read the whole buffer. Set pad_done to nonzero if we find - * the 0x00 byte and remember the padding length in pad_count. - * If there's a non-0xff byte in the padding, the padding is bad. */ - for( i = 2; i < ilen; i++ ) - { - pad_done |= if_int( buf[i], 0, 1 ); - pad_count += if_int( pad_done, 0, 1 ); - bad |= if_int( pad_done, 0, buf[i] ^ 0xFF ); - } + /* Read the whole buffer. Set pad_done to nonzero if we find + * the 0x00 byte and remember the padding length in pad_count. */ + for( i = 2; i < ilen; i++ ) + { + pad_done |= ((buf[i] | (unsigned char)-buf[i]) >> 7) ^ 1; + pad_count += ((pad_done | (unsigned char)-pad_done) >> 7) ^ 1; } + /* If pad_done is still zero, there's no data, only unfinished padding. */ bad |= if_int( pad_done, 0, 1 ); @@ -1772,7 +1751,7 @@ int mbedtls_rsa_pkcs1_decrypt( mbedtls_rsa_context *ctx, { #if defined(MBEDTLS_PKCS1_V15) case MBEDTLS_RSA_PKCS_V15: - return mbedtls_rsa_rsaes_pkcs1_v15_decrypt( ctx, f_rng, p_rng, MBEDTLS_RSA_PRIVATE, olen, + return mbedtls_rsa_rsaes_pkcs1_v15_decrypt( ctx, f_rng, p_rng, olen, input, output, output_max_len ); #endif diff --git a/tests/suites/test_suite_rsa.function b/tests/suites/test_suite_rsa.function index 95881efb23..1182cc6e69 100644 --- a/tests/suites/test_suite_rsa.function +++ b/tests/suites/test_suite_rsa.function @@ -197,28 +197,19 @@ void rsa_invalid_param( ) TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, mbedtls_rsa_rsaes_pkcs1_v15_decrypt( NULL, NULL, - NULL, - valid_mode, &olen, + NULL, &olen, buf, buf, 42 ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, mbedtls_rsa_rsaes_pkcs1_v15_decrypt( &ctx, NULL, - NULL, - invalid_mode, &olen, + NULL, NULL, buf, buf, 42 ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, mbedtls_rsa_rsaes_pkcs1_v15_decrypt( &ctx, NULL, - NULL, - valid_mode, NULL, - buf, buf, 42 ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, - mbedtls_rsa_rsaes_pkcs1_v15_decrypt( &ctx, NULL, - NULL, - valid_mode, &olen, + NULL, &olen, NULL, buf, 42 ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, mbedtls_rsa_rsaes_pkcs1_v15_decrypt( &ctx, NULL, - NULL, - valid_mode, &olen, + NULL, &olen, buf, NULL, 42 ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, From e02e02f203e3f71e04b53e95fcd7c535940b48aa Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 13 May 2021 00:22:35 +0200 Subject: [PATCH 098/188] Change sha512 output type from an array to a pointer The output parameter of mbedtls_sha512_finish_ret and mbedtls_sha512_ret now has a pointer type rather than array type. This removes spurious warnings in some compilers when outputting a SHA-384 hash into a 48-byte buffer. Signed-off-by: Gilles Peskine --- ChangeLog.d/sha512-output-type.txt | 5 +++++ docs/3.0-migration-guide.d/sha512-output-type.md | 8 ++++++++ include/mbedtls/sha512.h | 10 ++++++---- library/sha512.c | 4 ++-- 4 files changed, 21 insertions(+), 6 deletions(-) create mode 100644 ChangeLog.d/sha512-output-type.txt create mode 100644 docs/3.0-migration-guide.d/sha512-output-type.md diff --git a/ChangeLog.d/sha512-output-type.txt b/ChangeLog.d/sha512-output-type.txt new file mode 100644 index 0000000000..e29557c9d5 --- /dev/null +++ b/ChangeLog.d/sha512-output-type.txt @@ -0,0 +1,5 @@ +API changes + * The output parameter of mbedtls_sha512_finish_ret and mbedtls_sha512_ret + now has a pointer type rather than array type. This removes spurious + warnings in some compilers when outputting a SHA-384 hash into a + 48-byte buffer. diff --git a/docs/3.0-migration-guide.d/sha512-output-type.md b/docs/3.0-migration-guide.d/sha512-output-type.md new file mode 100644 index 0000000000..5a7d2053c4 --- /dev/null +++ b/docs/3.0-migration-guide.d/sha512-output-type.md @@ -0,0 +1,8 @@ +SHA-512 output type change +-------------------------- + +The output parameter of `mbedtls_sha512_finish_ret()` and `mbedtls_sha512_ret()` now has a pointer type rather than array type. This makes no difference in terms of C semantics, but removes spurious warnings in some compilers when outputting a SHA-384 hash into a 48-byte buffer. + +This makes no difference to a vast majority of applications. If your code takes a pointer to one of these functions, you may need to change the type of the pointer. + +Alternative implementations of the SHA512 module must adjust their functions' prototype accordingly. diff --git a/include/mbedtls/sha512.h b/include/mbedtls/sha512.h index 56cefe1bd0..2852273140 100644 --- a/include/mbedtls/sha512.h +++ b/include/mbedtls/sha512.h @@ -134,13 +134,14 @@ int mbedtls_sha512_update_ret( mbedtls_sha512_context *ctx, * \param ctx The SHA-512 context. This must be initialized * and have a hash operation started. * \param output The SHA-384 or SHA-512 checksum result. - * This must be a writable buffer of length \c 64 Bytes. + * This must be a writable buffer of length \c 64 bytes + * for SHA-512, 48 bytes for SHA-384. * * \return \c 0 on success. * \return A negative error code on failure. */ int mbedtls_sha512_finish_ret( mbedtls_sha512_context *ctx, - unsigned char output[64] ); + unsigned char *output ); /** * \brief This function processes a single data block within @@ -171,7 +172,8 @@ int mbedtls_internal_sha512_process( mbedtls_sha512_context *ctx, * a readable buffer of length \p ilen Bytes. * \param ilen The length of the input data in Bytes. * \param output The SHA-384 or SHA-512 checksum result. - * This must be a writable buffer of length \c 64 Bytes. + * This must be a writable buffer of length \c 64 bytes + * for SHA-512, 48 bytes for SHA-384. * \param is384 Determines which function to use. This must be either * \c 0 for SHA-512, or \c 1 for SHA-384. * @@ -184,7 +186,7 @@ int mbedtls_internal_sha512_process( mbedtls_sha512_context *ctx, */ int mbedtls_sha512_ret( const unsigned char *input, size_t ilen, - unsigned char output[64], + unsigned char *output, int is384 ); #if defined(MBEDTLS_SELF_TEST) diff --git a/library/sha512.c b/library/sha512.c index 75306298fd..7d53731d08 100644 --- a/library/sha512.c +++ b/library/sha512.c @@ -380,7 +380,7 @@ int mbedtls_sha512_update_ret( mbedtls_sha512_context *ctx, * SHA-512 final digest */ int mbedtls_sha512_finish_ret( mbedtls_sha512_context *ctx, - unsigned char output[64] ) + unsigned char *output ) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; unsigned used; @@ -453,7 +453,7 @@ int mbedtls_sha512_finish_ret( mbedtls_sha512_context *ctx, */ int mbedtls_sha512_ret( const unsigned char *input, size_t ilen, - unsigned char output[64], + unsigned char *output, int is384 ) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; From 3e3a6789d12571000df91f4e5ef3549a6cd5733c Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 13 May 2021 00:26:17 +0200 Subject: [PATCH 099/188] Remove a kludge for the output size of mbedtls_sha512_finish_ret Remove a kludge to avoid a warning in GCC 11 when calling mbedtls_sha512_finish_ret with a 48-byte output buffer. This is correct since we're calculating SHA-384. When mbedtls_sha512_finish_ret's output parameter was declared as a 64-byte array, GCC 11 -Wstringop-overflow emitted a well-meaning, but inaccurate buffer overflow warning, which we tried to work around (successfully with beta releases but unsuccessfully with GCC 11.1.0 as released). Now that the output parameter is declared as a pointer, no workaround is necessary. Signed-off-by: Gilles Peskine --- library/ssl_tls.c | 10 +--------- 1 file changed, 1 insertion(+), 9 deletions(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index bc2f269a9c..bae9ed70ca 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -2897,8 +2897,6 @@ static void ssl_calc_finished_tls_sha256( #if defined(MBEDTLS_SHA512_C) -typedef int (*finish_sha384_t)(mbedtls_sha512_context*, unsigned char*); - static void ssl_calc_finished_tls_sha384( mbedtls_ssl_context *ssl, unsigned char *buf, int from ) { @@ -2957,13 +2955,7 @@ static void ssl_calc_finished_tls_sha384( MBEDTLS_SSL_DEBUG_BUF( 4, "finished sha512 state", (unsigned char *) sha512.state, sizeof( sha512.state ) ); #endif - /* - * For SHA-384, we can save 16 bytes by keeping padbuf 48 bytes long. - * However, to avoid stringop-overflow warning in gcc, we have to cast - * mbedtls_sha512_finish_ret(). - */ - finish_sha384_t finish = (finish_sha384_t)mbedtls_sha512_finish_ret; - finish( &sha512, padbuf ); + mbedtls_sha512_finish_ret( &sha512, padbuf ); mbedtls_sha512_free( &sha512 ); #endif From d7b3d9247602fe5d5015a759d4f3867f28ac22a8 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 13 May 2021 00:45:25 +0200 Subject: [PATCH 100/188] Change sha256 output type from an array to a pointer The output parameter of mbedtls_sha256_finish_ret and mbedtls_sha256_ret now has a pointer type rather than array type. This removes spurious warnings in some compilers when outputting a SHA-224 hash into a 28-byte buffer. Signed-off-by: Gilles Peskine --- ChangeLog.d/sha512-output-type.txt | 9 +++++---- docs/3.0-migration-guide.d/sha512-output-type.md | 6 +++--- include/mbedtls/sha256.h | 12 +++++++----- library/sha256.c | 4 ++-- 4 files changed, 17 insertions(+), 14 deletions(-) diff --git a/ChangeLog.d/sha512-output-type.txt b/ChangeLog.d/sha512-output-type.txt index e29557c9d5..eabc67df70 100644 --- a/ChangeLog.d/sha512-output-type.txt +++ b/ChangeLog.d/sha512-output-type.txt @@ -1,5 +1,6 @@ API changes - * The output parameter of mbedtls_sha512_finish_ret and mbedtls_sha512_ret - now has a pointer type rather than array type. This removes spurious - warnings in some compilers when outputting a SHA-384 hash into a - 48-byte buffer. + * The output parameter of mbedtls_sha512_finish_ret, mbedtls_sha512_ret, + mbedtls_sha256_finish_ret and mbedtls_sha256_ret now has a pointer type + rather than array type. This removes spurious warnings in some compilers + when outputting a SHA-384 or SHA-224 hash into a buffer of exactly + the hash size. diff --git a/docs/3.0-migration-guide.d/sha512-output-type.md b/docs/3.0-migration-guide.d/sha512-output-type.md index 5a7d2053c4..c62a881598 100644 --- a/docs/3.0-migration-guide.d/sha512-output-type.md +++ b/docs/3.0-migration-guide.d/sha512-output-type.md @@ -1,8 +1,8 @@ -SHA-512 output type change +SHA-512 and SHA-256 output type change -------------------------- -The output parameter of `mbedtls_sha512_finish_ret()` and `mbedtls_sha512_ret()` now has a pointer type rather than array type. This makes no difference in terms of C semantics, but removes spurious warnings in some compilers when outputting a SHA-384 hash into a 48-byte buffer. +The output parameter of `mbedtls_sha256_finish_ret()`, `mbedtls_sha256_ret()`, `mbedtls_sha512_finish_ret()`, `mbedtls_sha512_ret()` now has a pointer type rather than array type. This makes no difference in terms of C semantics, but removes spurious warnings in some compilers when outputting a SHA-384 hash into a 48-byte buffer or a SHA-224 hash into a 28-byte buffer. This makes no difference to a vast majority of applications. If your code takes a pointer to one of these functions, you may need to change the type of the pointer. -Alternative implementations of the SHA512 module must adjust their functions' prototype accordingly. +Alternative implementations of the SHA256 and SHA512 modules must adjust their functions' prototype accordingly. diff --git a/include/mbedtls/sha256.h b/include/mbedtls/sha256.h index 9b8d91d1ca..1100869520 100644 --- a/include/mbedtls/sha256.h +++ b/include/mbedtls/sha256.h @@ -127,13 +127,14 @@ int mbedtls_sha256_update_ret( mbedtls_sha256_context *ctx, * \param ctx The SHA-256 context. This must be initialized * and have a hash operation started. * \param output The SHA-224 or SHA-256 checksum result. - * This must be a writable buffer of length \c 32 Bytes. + * This must be a writable buffer of length \c 32 bytes + * for SHA-256, 28 bytes for SHA-224. * * \return \c 0 on success. * \return A negative error code on failure. */ int mbedtls_sha256_finish_ret( mbedtls_sha256_context *ctx, - unsigned char output[32] ); + unsigned char *output ); /** * \brief This function processes a single data block within @@ -163,14 +164,15 @@ int mbedtls_internal_sha256_process( mbedtls_sha256_context *ctx, * \param input The buffer holding the data. This must be a readable * buffer of length \p ilen Bytes. * \param ilen The length of the input data in Bytes. - * \param output The SHA-224 or SHA-256 checksum result. This must - * be a writable buffer of length \c 32 Bytes. + * \param output The SHA-224 or SHA-256 checksum result. + * This must be a writable buffer of length \c 32 bytes + * for SHA-256, 28 bytes for SHA-224. * \param is224 Determines which function to use. This must be * either \c 0 for SHA-256, or \c 1 for SHA-224. */ int mbedtls_sha256_ret( const unsigned char *input, size_t ilen, - unsigned char output[32], + unsigned char *output, int is224 ); #if defined(MBEDTLS_SELF_TEST) diff --git a/library/sha256.c b/library/sha256.c index a94f325e8b..36ab0c1aa8 100644 --- a/library/sha256.c +++ b/library/sha256.c @@ -332,7 +332,7 @@ int mbedtls_sha256_update_ret( mbedtls_sha256_context *ctx, * SHA-256 final digest */ int mbedtls_sha256_finish_ret( mbedtls_sha256_context *ctx, - unsigned char output[32] ) + unsigned char *output ) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; uint32_t used; @@ -401,7 +401,7 @@ int mbedtls_sha256_finish_ret( mbedtls_sha256_context *ctx, */ int mbedtls_sha256_ret( const unsigned char *input, size_t ilen, - unsigned char output[32], + unsigned char *output, int is224 ) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; From 4a210196532e861f3421fcbd0ed87efffb431765 Mon Sep 17 00:00:00 2001 From: gabor-mezei-arm Date: Wed, 14 Apr 2021 21:14:28 +0200 Subject: [PATCH 101/188] Implement psa_sign_message and psa_verify_message functions Signed-off-by: gabor-mezei-arm --- include/psa/crypto.h | 119 ++++++++++++++++- include/psa/crypto_values.h | 37 ++++++ library/psa_crypto.c | 136 ++++++++++++++++++++ programs/psa/psa_constant_names_generated.c | 14 ++ 4 files changed, 305 insertions(+), 1 deletion(-) diff --git a/include/psa/crypto.h b/include/psa/crypto.h index b14f4c50b2..eedf5f52d1 100644 --- a/include/psa/crypto.h +++ b/include/psa/crypto.h @@ -2889,6 +2889,123 @@ psa_status_t psa_aead_abort(psa_aead_operation_t *operation); * @{ */ +/** + * \brief Sign a message with a private key. For hash-and-sign algorithms, + * this includes the hashing step. + * + * \note To perform a multi-part hash-and-sign signature algorithm, first use + * a multi-part hash operation and then pass the resulting hash to + * psa_sign_hash(). PSA_ALG_GET_HASH(\p alg) can be used to determine the + * hash algorithm to use. + * + * \param[in] key Identifier of the key to use for the operation. + * It must be an asymmetric key pair. The key must + * allow the usage #PSA_KEY_USAGE_SIGN_MESSAGE. + * \param[in] alg An asymmetric signature algorithm (PSA_ALG_XXX + * value such that #PSA_ALG_IS_SIGN_MESSAGE(\p alg) + * is true), that is compatible with the type of + * \p key. + * \param[in] input The input message to sign. + * \param[in] input_length Size of the \p input buffer in bytes. + * \param[out] signature Buffer where the signature is to be written. + * \param[in] signature_size Size of the \p signature buffer in bytes. This + * must be appropriate for the selected + * algorithm and key: + * - The required signature size is + * #PSA_SIGN_OUTPUT_SIZE(key_type, key_bits, \p alg) + * where key_type and key_bits are the type and + * bit-size respectively of key. + * - #PSA_SIGNATURE_MAX_SIZE evaluates to the + * maximum signature size of any supported + * signature algorithm. + * \param[out] signature_length On success, the number of bytes that make up + * the returned signature value. + * + * \retval #PSA_SUCCESS + * \retval #PSA_ERROR_INVALID_HANDLE + * \retval #PSA_ERROR_NOT_PERMITTED + * The key does not have the #PSA_KEY_USAGE_SIGN_MESSAGE flag, + * or it does not permit the requested algorithm. + * \retval #PSA_ERROR_BUFFER_TOO_SMALL + * The size of the \p signature buffer is too small. You can + * determine a sufficient buffer size by calling + * #PSA_SIGN_OUTPUT_SIZE(\c key_type, \c key_bits, \p alg) + * where \c key_type and \c key_bits are the type and bit-size + * respectively of \p key. + * \retval #PSA_ERROR_NOT_SUPPORTED + * \retval #PSA_ERROR_INVALID_ARGUMENT + * \retval #PSA_ERROR_INSUFFICIENT_MEMORY + * \retval #PSA_ERROR_COMMUNICATION_FAILURE + * \retval #PSA_ERROR_HARDWARE_FAILURE + * \retval #PSA_ERROR_CORRUPTION_DETECTED + * \retval #PSA_ERROR_STORAGE_FAILURE + * \retval #PSA_ERROR_DATA_CORRUPT + * \retval #PSA_ERROR_DATA_INVALID + * \retval #PSA_ERROR_INSUFFICIENT_ENTROPY + * \retval #PSA_ERROR_BAD_STATE + * The library has not been previously initialized by psa_crypto_init(). + * It is implementation-dependent whether a failure to initialize + * results in this error code. + */ +psa_status_t psa_sign_message( mbedtls_svc_key_id_t key, + psa_algorithm_t alg, + const uint8_t * input, + size_t input_length, + uint8_t * signature, + size_t signature_size, + size_t * signature_length ); + +/** \brief Verify the signature of a message with a public key, using + * a hash-and-sign verification algorithm. + * + * \note To perform a multi-part hash-and-sign signature verification + * algorithm, first use a multi-part hash operation to hash the message + * and then pass the resulting hash to psa_verify_hash(). + * PSA_ALG_GET_HASH(\p alg) can be used to determine the hash algorithm + * to use. + * + * \param[in] key Identifier of the key to use for the operation. + * It must be a public key or an asymmetric key + * pair. The key must allow the usage + * #PSA_KEY_USAGE_VERIFY_MESSAGE. + * \param[in] alg An asymmetric signature algorithm (PSA_ALG_XXX + * value such that #PSA_ALG_IS_SIGN_MESSAGE(\p alg) + * is true), that is compatible with the type of + * \p key. + * \param[in] input The message whose signature is to be verified. + * \param[in] input_length Size of the \p input buffer in bytes. + * \param[out] signature Buffer containing the signature to verify. + * \param[in] signature_length Size of the \p signature buffer in bytes. + * + * \retval #PSA_SUCCESS + * \retval #PSA_ERROR_INVALID_HANDLE + * \retval #PSA_ERROR_NOT_PERMITTED + * The key does not have the #PSA_KEY_USAGE_SIGN_MESSAGE flag, + * or it does not permit the requested algorithm. + * \retval #PSA_ERROR_INVALID_SIGNATURE + * The calculation was performed successfully, but the passed signature + * is not a valid signature. + * \retval #PSA_ERROR_NOT_SUPPORTED + * \retval #PSA_ERROR_INVALID_ARGUMENT + * \retval #PSA_ERROR_INSUFFICIENT_MEMORY + * \retval #PSA_ERROR_COMMUNICATION_FAILURE + * \retval #PSA_ERROR_HARDWARE_FAILURE + * \retval #PSA_ERROR_CORRUPTION_DETECTED + * \retval #PSA_ERROR_STORAGE_FAILURE + * \retval #PSA_ERROR_DATA_CORRUPT + * \retval #PSA_ERROR_DATA_INVALID + * \retval #PSA_ERROR_BAD_STATE + * The library has not been previously initialized by psa_crypto_init(). + * It is implementation-dependent whether a failure to initialize + * results in this error code. + */ +psa_status_t psa_verify_message( mbedtls_svc_key_id_t key, + psa_algorithm_t alg, + const uint8_t * input, + size_t input_length, + const uint8_t * signature, + size_t signature_length ); + /** * \brief Sign a hash or short message with a private key. * @@ -2942,7 +3059,7 @@ psa_status_t psa_sign_hash(mbedtls_svc_key_id_t key, size_t *signature_length); /** - * \brief Verify the signature a hash or short message using a public key. + * \brief Verify the signature of a hash or short message using a public key. * * Note that to perform a hash-and-sign signature algorithm, you must * first calculate the hash by calling psa_hash_setup(), psa_hash_update() diff --git a/include/psa/crypto_values.h b/include/psa/crypto_values.h index bfff9683f5..2fd1ad5dec 100644 --- a/include/psa/crypto_values.h +++ b/include/psa/crypto_values.h @@ -1549,6 +1549,23 @@ PSA_ALG_IS_ECDSA(alg) || PSA_ALG_IS_HASH_EDDSA(alg) || \ PSA_ALG_IS_VENDOR_HASH_AND_SIGN(alg)) + +/** Whether the specified algorithm is a signature algorithm that can be used + * with psa_sign_message() and psa_verify_message(). + * + * \param alg An algorithm identifier (value of type #psa_algorithm_t). + * + * \return 1 if alg is a signature algorithm that can be used to sign a + * message. 0 if alg is a signature algorithm that can only be used + * to sign an already-calculated hash. 0 if alg is not a signature + * algorithm. This macro can return either 0 or 1 if alg is not a + * supported algorithm identifier. + */ +#define PSA_ALG_IS_SIGN_MESSAGE(alg) \ + (PSA_ALG_IS_RSA_PSS(alg) || PSA_ALG_IS_RSA_PKCS1V15_SIGN(alg) || \ + PSA_ALG_IS_ECDSA(alg) || PSA_ALG_IS_HASH_EDDSA(alg) || \ + PSA_ALG_IS_VENDOR_HASH_AND_SIGN(alg)) + /** Get the hash used by a hash-and-sign signature algorithm. * * A hash-and-sign algorithm is a signature algorithm which is @@ -2198,6 +2215,26 @@ static inline int mbedtls_svc_key_id_is_null( mbedtls_svc_key_id_t key ) */ #define PSA_KEY_USAGE_DECRYPT ((psa_key_usage_t)0x00000200) +/** Whether the key may be used to sign a message. + * + * This flag allows the key to be used for a MAC calculation operation or for + * an asymmetric message signature operation, if otherwise permitted by the + * key’s type and policy. + * + * For a key pair, this concerns the private key. + */ +#define PSA_KEY_USAGE_SIGN_MESSAGE ((psa_key_usage_t)0x00000400) + +/** Whether the key may be used to verify a message. + * + * This flag allows the key to be used for a MAC verification operation or for + * an asymmetric message signature verification operation, if otherwise + * permitted by the key’s type and policy. + * + * For a key pair, this concerns the public key. + */ +#define PSA_KEY_USAGE_VERIFY_MESSAGE ((psa_key_usage_t)0x00000800) + /** Whether the key may be used to sign a message. * * This flag allows the key to be used for a MAC calculation operation diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 2583735fe9..c649d1cfed 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -1492,6 +1492,8 @@ static psa_status_t psa_validate_key_policy( const psa_key_policy_t *policy ) PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT | + PSA_KEY_USAGE_SIGN_MESSAGE | + PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_DERIVATION | @@ -2458,6 +2460,140 @@ cleanup: /* Asymmetric cryptography */ /****************************************************************/ +psa_status_t psa_sign_message( mbedtls_svc_key_id_t key, + psa_algorithm_t alg, + const uint8_t * input, + size_t input_length, + uint8_t * signature, + size_t signature_size, + size_t * signature_length ) +{ + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED; + psa_key_slot_t *slot; + size_t hash_length; + uint8_t hash[PSA_HASH_MAX_SIZE]; + + *signature_length = 0; + + if( ! PSA_ALG_IS_SIGN_MESSAGE( alg ) ) + return( PSA_ERROR_INVALID_ARGUMENT ); + + if ( ! PSA_ALG_IS_HASH( PSA_ALG_SIGN_GET_HASH( alg ) ) ) + return( PSA_ERROR_INVALID_ARGUMENT ); + + /* Immediately reject a zero-length signature buffer. This guarantees + * that signature must be a valid pointer. (On the other hand, the hash + * buffer can in principle be empty since it doesn't actually have + * to be a hash.) */ + if( signature_size == 0 ) + return( PSA_ERROR_BUFFER_TOO_SMALL ); + + status = psa_get_and_lock_key_slot_with_policy( key, &slot, + PSA_KEY_USAGE_SIGN_MESSAGE, + alg ); + if( status != PSA_SUCCESS ) + goto exit; + + if( ! PSA_KEY_TYPE_IS_KEY_PAIR( slot->attr.type ) ) + { + status = PSA_ERROR_INVALID_ARGUMENT; + goto exit; + } + + psa_key_attributes_t attributes = { + .core = slot->attr + }; + + status = psa_driver_wrapper_hash_compute( PSA_ALG_SIGN_GET_HASH( alg ), + input, input_length, + hash, sizeof( hash ), + &hash_length ); + + if( status != PSA_SUCCESS ) + { + memset( hash, 0, sizeof( hash ) ); + goto exit; + } + + status = psa_driver_wrapper_sign_hash( + &attributes, slot->key.data, slot->key.bytes, + alg, hash, hash_length, + signature, signature_size, signature_length ); + + memset( hash, 0, hash_length ); + +exit: + /* Fill the unused part of the output buffer (the whole buffer on error, + * the trailing part on success) with something that isn't a valid signature + * (barring an attack on the signature and deliberately-crafted input), + * in case the caller doesn't check the return status properly. */ + if( status == PSA_SUCCESS ) + memset( signature + *signature_length, '!', + signature_size - *signature_length ); + else + memset( signature, '!', signature_size ); + /* If signature_size is 0 then we have nothing to do. We must not call + * memset because signature may be NULL in this case. */ + + unlock_status = psa_unlock_key_slot( slot ); + + return( ( status == PSA_SUCCESS ) ? unlock_status : status ); +} + +psa_status_t psa_verify_message( mbedtls_svc_key_id_t key, + psa_algorithm_t alg, + const uint8_t * input, + size_t input_length, + const uint8_t * signature, + size_t signature_length ) +{ + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED; + psa_key_slot_t *slot; + size_t hash_length; + uint8_t hash[PSA_HASH_MAX_SIZE]; + + if( ! PSA_ALG_IS_SIGN_MESSAGE( alg ) ) + return( PSA_ERROR_INVALID_ARGUMENT ); + + if ( ! PSA_ALG_IS_HASH( PSA_ALG_SIGN_GET_HASH( alg ) ) ) + return( PSA_ERROR_INVALID_ARGUMENT ); + + status = psa_get_and_lock_key_slot_with_policy( key, &slot, + PSA_KEY_USAGE_VERIFY_MESSAGE, + alg ); + if( status != PSA_SUCCESS ) + return( status ); + + psa_key_attributes_t attributes = { + .core = slot->attr + }; + + status = psa_driver_wrapper_hash_compute( PSA_ALG_SIGN_GET_HASH( alg ), + input, input_length, + hash, sizeof( hash ), + &hash_length ); + + if( status != PSA_SUCCESS ) + { + memset( hash, 0, sizeof( hash ) ); + goto exit; + } + + status = psa_driver_wrapper_verify_hash( + &attributes, slot->key.data, slot->key.bytes, + alg, hash, hash_length, + signature, signature_length ); + + memset( hash, 0, hash_length ); + +exit: + unlock_status = psa_unlock_key_slot( slot ); + + return( ( status == PSA_SUCCESS ) ? unlock_status : status ); +} + psa_status_t psa_sign_hash_internal( const psa_key_attributes_t *attributes, const uint8_t *key_buffer, size_t key_buffer_size, diff --git a/programs/psa/psa_constant_names_generated.c b/programs/psa/psa_constant_names_generated.c index bcb95f8999..0b256a272d 100644 --- a/programs/psa/psa_constant_names_generated.c +++ b/programs/psa/psa_constant_names_generated.c @@ -406,6 +406,13 @@ static int psa_snprint_key_usage(char *buffer, size_t buffer_size, append(&buffer, buffer_size, &required_size, "PSA_KEY_USAGE_SIGN_HASH", 23); usage ^= PSA_KEY_USAGE_SIGN_HASH; } + if (usage & PSA_KEY_USAGE_SIGN_MESSAGE) { + if (required_size != 0) { + append(&buffer, buffer_size, &required_size, " | ", 3); + } + append(&buffer, buffer_size, &required_size, "PSA_KEY_USAGE_SIGN_MESSAGE", 26); + usage ^= PSA_KEY_USAGE_SIGN_MESSAGE; + } if (usage & PSA_KEY_USAGE_VERIFY_DERIVATION) { if (required_size != 0) { append(&buffer, buffer_size, &required_size, " | ", 3); @@ -420,6 +427,13 @@ static int psa_snprint_key_usage(char *buffer, size_t buffer_size, append(&buffer, buffer_size, &required_size, "PSA_KEY_USAGE_VERIFY_HASH", 25); usage ^= PSA_KEY_USAGE_VERIFY_HASH; } + if (usage & PSA_KEY_USAGE_VERIFY_MESSAGE) { + if (required_size != 0) { + append(&buffer, buffer_size, &required_size, " | ", 3); + } + append(&buffer, buffer_size, &required_size, "PSA_KEY_USAGE_VERIFY_MESSAGE", 28); + usage ^= PSA_KEY_USAGE_VERIFY_MESSAGE; + } if (usage != 0) { if (required_size != 0) { append(&buffer, buffer_size, &required_size, " | ", 3); From b95302358f593273e808d393a000ea33fafdd7f6 Mon Sep 17 00:00:00 2001 From: gabor-mezei-arm Date: Fri, 16 Apr 2021 14:21:21 +0200 Subject: [PATCH 102/188] Rename test funtions and test cases Modify function and test case names that testing psa_sign_hash and psa_verify_hash funtions to be less confusing with the newly introduced function and test case names which tests psa_sign_message and psa_verify_message functions. Signed-off-by: gabor-mezei-arm --- tests/suites/test_suite_psa_crypto.data | 192 ++++++++++---------- tests/suites/test_suite_psa_crypto.function | 30 +-- 2 files changed, 111 insertions(+), 111 deletions(-) diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data index 7b86185b9b..d26ac9ab4e 100644 --- a/tests/suites/test_suite_psa_crypto.data +++ b/tests/suites/test_suite_psa_crypto.data @@ -2122,197 +2122,197 @@ PSA import/exercise: TLS 1.2 PRF SHA-256 depends_on:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_TLS12_PRF import_and_exercise_key:"c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0":PSA_KEY_TYPE_DERIVE:192:PSA_ALG_TLS12_PRF(PSA_ALG_SHA_256) -PSA sign: RSA PKCS#1 v1.5, raw +PSA sign hash: RSA PKCS#1 v1.5, raw depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C -sign_deterministic:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_PKCS1V15_SIGN_RAW:"616263":"2c7744983f023ac7bb1c55529d83ed11a76a7898a1bb5ce191375a4aa7495a633d27879ff58eba5a57371c34feb1180e8b850d552476ebb5634df620261992f12ebee9097041dbbea85a42d45b344be5073ceb772ffc604954b9158ba81ec3dc4d9d65e3ab7aa318165f38c36f841f1c69cb1cfa494aa5cbb4d6c0efbafb043a" +sign_hash_deterministic:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_PKCS1V15_SIGN_RAW:"616263":"2c7744983f023ac7bb1c55529d83ed11a76a7898a1bb5ce191375a4aa7495a633d27879ff58eba5a57371c34feb1180e8b850d552476ebb5634df620261992f12ebee9097041dbbea85a42d45b344be5073ceb772ffc604954b9158ba81ec3dc4d9d65e3ab7aa318165f38c36f841f1c69cb1cfa494aa5cbb4d6c0efbafb043a" -PSA sign: RSA PKCS#1 v1.5 SHA-256 +PSA sign hash: RSA PKCS#1 v1.5 SHA-256 depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C -sign_deterministic:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad":"a73664d55b39c7ea6c1e5b5011724a11e1d7073d3a68f48c836fad153a1d91b6abdbc8f69da13b206cc96af6363b114458b026af14b24fab8929ed634c6a2acace0bcc62d9bb6a984afbcbfcd3a0608d32a2bae535b9cd1ecdf9dd281db1e0025c3bfb5512963ec3b98ddaa69e38bc3c84b1b61a04e5648640856aacc6fc7311" +sign_hash_deterministic:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad":"a73664d55b39c7ea6c1e5b5011724a11e1d7073d3a68f48c836fad153a1d91b6abdbc8f69da13b206cc96af6363b114458b026af14b24fab8929ed634c6a2acace0bcc62d9bb6a984afbcbfcd3a0608d32a2bae535b9cd1ecdf9dd281db1e0025c3bfb5512963ec3b98ddaa69e38bc3c84b1b61a04e5648640856aacc6fc7311" -PSA sign: deterministic ECDSA SECP256R1 SHA-256 +PSA sign hash: deterministic ECDSA SECP256R1 SHA-256 depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_MD_C -sign_deterministic:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_DETERMINISTIC_ECDSA( PSA_ALG_SHA_256 ):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"6a3399f69421ffe1490377adf2ea1f117d81a63cf5bf22e918d51175eb259151ce95d7c26cc04e25503e2f7a1ec3573e3c2412534bb4a19b3a7811742f49f50f" +sign_hash_deterministic:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_DETERMINISTIC_ECDSA( PSA_ALG_SHA_256 ):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"6a3399f69421ffe1490377adf2ea1f117d81a63cf5bf22e918d51175eb259151ce95d7c26cc04e25503e2f7a1ec3573e3c2412534bb4a19b3a7811742f49f50f" -PSA sign: deterministic ECDSA SECP256R1 SHA-384 +PSA sign hash: deterministic ECDSA SECP256R1 SHA-384 depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_MD_C -sign_deterministic:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_ALG_DETERMINISTIC_ECDSA( PSA_ALG_SHA_384 ):"59e1748777448c69de6b800d7a33bbfb9ff1b463e44354c3553bcdb9c666fa90125a3c79f90397bdf5f6a13de828684f":"cd40ba1b555ca5994d30ddffc4ad734b1f5c604675b0f249814aa5de3992ef3ddf4d5dc5d2aab1979ce210b560754df671363d99795475882894c048e3b986ca" +sign_hash_deterministic:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_ALG_DETERMINISTIC_ECDSA( PSA_ALG_SHA_384 ):"59e1748777448c69de6b800d7a33bbfb9ff1b463e44354c3553bcdb9c666fa90125a3c79f90397bdf5f6a13de828684f":"cd40ba1b555ca5994d30ddffc4ad734b1f5c604675b0f249814aa5de3992ef3ddf4d5dc5d2aab1979ce210b560754df671363d99795475882894c048e3b986ca" -PSA sign: deterministic ECDSA SECP384R1 SHA-256 +PSA sign hash: deterministic ECDSA SECP384R1 SHA-256 depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_MD_C -sign_deterministic:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"3f5d8d9be280b5696cc5cc9f94cf8af7e6b61dd6592b2ab2b3a4c607450417ec327dcdcaed7c10053d719a0574f0a76a":PSA_ALG_DETERMINISTIC_ECDSA( PSA_ALG_SHA_256 ):"2cf24dba5fb0a30e26e83b2ac5b9e29e1b161e5c1fa7425e73043362938b9824":"52d92aac1fcc0fea3ecce01a9ed4bc9ac342f92470fd3f54d0d6d2fa5d2940405057a9d49a817c2b193322f05fc93ac1c7a055edac93bec0ade6814ab27b86b5295ac1ddb323818200f00c3d94d959f714f128b64a2e19628037ac009b14774f" +sign_hash_deterministic:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"3f5d8d9be280b5696cc5cc9f94cf8af7e6b61dd6592b2ab2b3a4c607450417ec327dcdcaed7c10053d719a0574f0a76a":PSA_ALG_DETERMINISTIC_ECDSA( PSA_ALG_SHA_256 ):"2cf24dba5fb0a30e26e83b2ac5b9e29e1b161e5c1fa7425e73043362938b9824":"52d92aac1fcc0fea3ecce01a9ed4bc9ac342f92470fd3f54d0d6d2fa5d2940405057a9d49a817c2b193322f05fc93ac1c7a055edac93bec0ade6814ab27b86b5295ac1ddb323818200f00c3d94d959f714f128b64a2e19628037ac009b14774f" -PSA sign: RSA PKCS#1 v1.5 SHA-256, wrong hash size +PSA sign hash: RSA PKCS#1 v1.5 SHA-256, wrong hash size depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C -sign_fail:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015":128:PSA_ERROR_INVALID_ARGUMENT +sign_hash_fail:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015":128:PSA_ERROR_INVALID_ARGUMENT -PSA sign: RSA PKCS#1 v1.5, invalid hash (wildcard) +PSA sign hash: RSA PKCS#1 v1.5, invalid hash (wildcard) depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C -sign_fail:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":128:PSA_ERROR_INVALID_ARGUMENT +sign_hash_fail:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":128:PSA_ERROR_INVALID_ARGUMENT -PSA sign: RSA PKCS#1 v1.5 raw, input too large +PSA sign hash: RSA PKCS#1 v1.5 raw, input too large depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C -sign_fail:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_PKCS1V15_SIGN_RAW:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":128:PSA_ERROR_INVALID_ARGUMENT +sign_hash_fail:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_PKCS1V15_SIGN_RAW:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":128:PSA_ERROR_INVALID_ARGUMENT -PSA sign: RSA PKCS#1 v1.5 SHA-256, output buffer too small +PSA sign hash: RSA PKCS#1 v1.5 SHA-256, output buffer too small depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C -sign_fail:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad":127:PSA_ERROR_BUFFER_TOO_SMALL +sign_hash_fail:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad":127:PSA_ERROR_BUFFER_TOO_SMALL -PSA sign: deterministic ECDSA SECP256R1 SHA-256, output buffer too small +PSA sign hash: deterministic ECDSA SECP256R1 SHA-256, output buffer too small depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256 -sign_fail:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_DETERMINISTIC_ECDSA( PSA_ALG_SHA_256 ):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":63:PSA_ERROR_BUFFER_TOO_SMALL +sign_hash_fail:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_DETERMINISTIC_ECDSA( PSA_ALG_SHA_256 ):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":63:PSA_ERROR_BUFFER_TOO_SMALL -PSA sign: RSA PKCS#1 v1.5 SHA-256, empty output buffer +PSA sign hash: RSA PKCS#1 v1.5 SHA-256, empty output buffer depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C -sign_fail:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad":0:PSA_ERROR_BUFFER_TOO_SMALL +sign_hash_fail:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad":0:PSA_ERROR_BUFFER_TOO_SMALL -PSA sign: deterministic ECDSA SECP256R1 SHA-256, empty output buffer +PSA sign hash: deterministic ECDSA SECP256R1 SHA-256, empty output buffer depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256 -sign_fail:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_DETERMINISTIC_ECDSA( PSA_ALG_SHA_256 ):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":0:PSA_ERROR_BUFFER_TOO_SMALL +sign_hash_fail:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_DETERMINISTIC_ECDSA( PSA_ALG_SHA_256 ):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":0:PSA_ERROR_BUFFER_TOO_SMALL -PSA sign: deterministic ECDSA SECP256R1, invalid hash algorithm (0) +PSA sign hash: deterministic ECDSA SECP256R1, invalid hash algorithm (0) depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_MD_C -sign_fail:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_DETERMINISTIC_ECDSA( 0 ):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":72:PSA_ERROR_INVALID_ARGUMENT +sign_hash_fail:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_DETERMINISTIC_ECDSA( 0 ):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":72:PSA_ERROR_INVALID_ARGUMENT -PSA sign: deterministic ECDSA SECP256R1, invalid hash algorithm (wildcard) +PSA sign hash: deterministic ECDSA SECP256R1, invalid hash algorithm (wildcard) depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_MD_C -sign_fail:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_DETERMINISTIC_ECDSA( PSA_ALG_ANY_HASH ):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":72:PSA_ERROR_INVALID_ARGUMENT +sign_hash_fail:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_DETERMINISTIC_ECDSA( PSA_ALG_ANY_HASH ):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":72:PSA_ERROR_INVALID_ARGUMENT -PSA sign: invalid key type, signing with a public key +PSA sign hash: invalid key type, signing with a public key depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C -sign_fail:PSA_KEY_TYPE_RSA_PUBLIC_KEY:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_ALG_RSA_PKCS1V15_SIGN_RAW:"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":72:PSA_ERROR_INVALID_ARGUMENT +sign_hash_fail:PSA_KEY_TYPE_RSA_PUBLIC_KEY:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_ALG_RSA_PKCS1V15_SIGN_RAW:"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":72:PSA_ERROR_INVALID_ARGUMENT -PSA sign: invalid algorithm for ECC key +PSA sign hash: invalid algorithm for ECC key depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C -sign_fail:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":72:PSA_ERROR_INVALID_ARGUMENT +sign_hash_fail:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":72:PSA_ERROR_INVALID_ARGUMENT -PSA sign: deterministic ECDSA not supported +PSA sign hash: deterministic ECDSA not supported depends_on:!PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_MD_C -sign_fail:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"3f5d8d9be280b5696cc5cc9f94cf8af7e6b61dd6592b2ab2b3a4c607450417ec327dcdcaed7c10053d719a0574f0a76a":PSA_ALG_DETERMINISTIC_ECDSA( PSA_ALG_SHA_256 ):"2cf24dba5fb0a30e26e83b2ac5b9e29e1b161e5c1fa7425e73043362938b9824":96:PSA_ERROR_NOT_SUPPORTED +sign_hash_fail:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"3f5d8d9be280b5696cc5cc9f94cf8af7e6b61dd6592b2ab2b3a4c607450417ec327dcdcaed7c10053d719a0574f0a76a":PSA_ALG_DETERMINISTIC_ECDSA( PSA_ALG_SHA_256 ):"2cf24dba5fb0a30e26e83b2ac5b9e29e1b161e5c1fa7425e73043362938b9824":96:PSA_ERROR_NOT_SUPPORTED -PSA sign/verify: RSA PKCS#1 v1.5, raw +PSA sign/verify hash: RSA PKCS#1 v1.5, raw depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C -sign_verify:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_PKCS1V15_SIGN_RAW:"616263" +sign_verify_hash:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_PKCS1V15_SIGN_RAW:"616263" -PSA sign/verify: RSA PKCS#1 v1.5 SHA-256 +PSA sign/verify hash: RSA PKCS#1 v1.5 SHA-256 depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C -sign_verify:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad" +sign_verify_hash:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad" -PSA sign/verify: RSA PSS SHA-256, 0 bytes +PSA sign/verify hash: RSA PSS SHA-256, 0 bytes depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C -sign_verify:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):"" +sign_verify_hash:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):"" -PSA sign/verify: RSA PSS SHA-256, 32 bytes (hash size) +PSA sign/verify hash: RSA PSS SHA-256, 32 bytes (hash size) depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C -sign_verify:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad" +sign_verify_hash:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad" -PSA sign/verify: RSA PSS SHA-256, 129 bytes +PSA sign/verify hash: RSA PSS SHA-256, 129 bytes depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C -sign_verify:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" +sign_verify_hash:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" -PSA sign/verify: randomized ECDSA SECP256R1 SHA-256 +PSA sign/verify hash: randomized ECDSA SECP256R1 SHA-256 depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256 -sign_verify:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_ECDSA( PSA_ALG_SHA_256 ):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b" +sign_verify_hash:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_ECDSA( PSA_ALG_SHA_256 ):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b" -PSA sign/verify: deterministic ECDSA SECP256R1 SHA-256 +PSA sign/verify hash: deterministic ECDSA SECP256R1 SHA-256 depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_MD_C -sign_verify:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_DETERMINISTIC_ECDSA( PSA_ALG_SHA_256 ):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b" +sign_verify_hash:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_DETERMINISTIC_ECDSA( PSA_ALG_SHA_256 ):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b" -PSA sign/verify: randomized ECDSA SECP256R1 SHA-384 +PSA sign/verify hash: randomized ECDSA SECP256R1 SHA-384 depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256 -sign_verify:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_ECDSA( PSA_ALG_SHA_384 ):"59e1748777448c69de6b800d7a33bbfb9ff1b463e44354c3553bcdb9c666fa90125a3c79f90397bdf5f6a13de828684f" +sign_verify_hash:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_ECDSA( PSA_ALG_SHA_384 ):"59e1748777448c69de6b800d7a33bbfb9ff1b463e44354c3553bcdb9c666fa90125a3c79f90397bdf5f6a13de828684f" -PSA sign/verify: deterministic ECDSA SECP256R1 SHA-384 +PSA sign/verify hash: deterministic ECDSA SECP256R1 SHA-384 depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_MD_C -sign_verify:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_DETERMINISTIC_ECDSA( PSA_ALG_SHA_384 ):"59e1748777448c69de6b800d7a33bbfb9ff1b463e44354c3553bcdb9c666fa90125a3c79f90397bdf5f6a13de828684f" +sign_verify_hash:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_DETERMINISTIC_ECDSA( PSA_ALG_SHA_384 ):"59e1748777448c69de6b800d7a33bbfb9ff1b463e44354c3553bcdb9c666fa90125a3c79f90397bdf5f6a13de828684f" -PSA sign/verify: randomized ECDSA SECP384R1 SHA-256 +PSA sign/verify hash: randomized ECDSA SECP384R1 SHA-256 depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_384 -sign_verify:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"3f5d8d9be280b5696cc5cc9f94cf8af7e6b61dd6592b2ab2b3a4c607450417ec327dcdcaed7c10053d719a0574f0a76a":PSA_ALG_ECDSA( PSA_ALG_SHA_256 ):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b" +sign_verify_hash:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"3f5d8d9be280b5696cc5cc9f94cf8af7e6b61dd6592b2ab2b3a4c607450417ec327dcdcaed7c10053d719a0574f0a76a":PSA_ALG_ECDSA( PSA_ALG_SHA_256 ):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b" -PSA sign/verify: deterministic ECDSA SECP384R1 SHA-256 +PSA sign/verify hash: deterministic ECDSA SECP384R1 SHA-256 depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_MD_C -sign_verify:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"3f5d8d9be280b5696cc5cc9f94cf8af7e6b61dd6592b2ab2b3a4c607450417ec327dcdcaed7c10053d719a0574f0a76a":PSA_ALG_DETERMINISTIC_ECDSA( PSA_ALG_SHA_256 ):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b" +sign_verify_hash:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"3f5d8d9be280b5696cc5cc9f94cf8af7e6b61dd6592b2ab2b3a4c607450417ec327dcdcaed7c10053d719a0574f0a76a":PSA_ALG_DETERMINISTIC_ECDSA( PSA_ALG_SHA_256 ):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b" -PSA verify: RSA PKCS#1 v1.5 SHA-256, good signature +PSA verify hash: RSA PKCS#1 v1.5 SHA-256, good signature depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C -asymmetric_verify:PSA_KEY_TYPE_RSA_PUBLIC_KEY:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad":"a73664d55b39c7ea6c1e5b5011724a11e1d7073d3a68f48c836fad153a1d91b6abdbc8f69da13b206cc96af6363b114458b026af14b24fab8929ed634c6a2acace0bcc62d9bb6a984afbcbfcd3a0608d32a2bae535b9cd1ecdf9dd281db1e0025c3bfb5512963ec3b98ddaa69e38bc3c84b1b61a04e5648640856aacc6fc7311" +verify_hash:PSA_KEY_TYPE_RSA_PUBLIC_KEY:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad":"a73664d55b39c7ea6c1e5b5011724a11e1d7073d3a68f48c836fad153a1d91b6abdbc8f69da13b206cc96af6363b114458b026af14b24fab8929ed634c6a2acace0bcc62d9bb6a984afbcbfcd3a0608d32a2bae535b9cd1ecdf9dd281db1e0025c3bfb5512963ec3b98ddaa69e38bc3c84b1b61a04e5648640856aacc6fc7311" -PSA verify with keypair: RSA PKCS#1 v1.5 SHA-256, good signature +PSA verify hash with keypair: RSA PKCS#1 v1.5 SHA-256, good signature depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C -asymmetric_verify:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad":"a73664d55b39c7ea6c1e5b5011724a11e1d7073d3a68f48c836fad153a1d91b6abdbc8f69da13b206cc96af6363b114458b026af14b24fab8929ed634c6a2acace0bcc62d9bb6a984afbcbfcd3a0608d32a2bae535b9cd1ecdf9dd281db1e0025c3bfb5512963ec3b98ddaa69e38bc3c84b1b61a04e5648640856aacc6fc7311" +verify_hash:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad":"a73664d55b39c7ea6c1e5b5011724a11e1d7073d3a68f48c836fad153a1d91b6abdbc8f69da13b206cc96af6363b114458b026af14b24fab8929ed634c6a2acace0bcc62d9bb6a984afbcbfcd3a0608d32a2bae535b9cd1ecdf9dd281db1e0025c3bfb5512963ec3b98ddaa69e38bc3c84b1b61a04e5648640856aacc6fc7311" -PSA verify: RSA PKCS#1 v1.5 SHA-256, wrong hash length +PSA verify hash: RSA PKCS#1 v1.5 SHA-256, wrong hash length depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_1:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C -asymmetric_verify_fail:PSA_KEY_TYPE_RSA_PUBLIC_KEY:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_1):"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad":"a73664d55b39c7ea6c1e5b5011724a11e1d7073d3a68f48c836fad153a1d91b6abdbc8f69da13b206cc96af6363b114458b026af14b24fab8929ed634c6a2acace0bcc62d9bb6a984afbcbfcd3a0608d32a2bae535b9cd1ecdf9dd281db1e0025c3bfb5512963ec3b98ddaa69e38bc3c84b1b61a04e5648640856aacc6fc7311":PSA_ERROR_INVALID_ARGUMENT +verify_hash_fail:PSA_KEY_TYPE_RSA_PUBLIC_KEY:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_1):"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad":"a73664d55b39c7ea6c1e5b5011724a11e1d7073d3a68f48c836fad153a1d91b6abdbc8f69da13b206cc96af6363b114458b026af14b24fab8929ed634c6a2acace0bcc62d9bb6a984afbcbfcd3a0608d32a2bae535b9cd1ecdf9dd281db1e0025c3bfb5512963ec3b98ddaa69e38bc3c84b1b61a04e5648640856aacc6fc7311":PSA_ERROR_INVALID_ARGUMENT -PSA verify: RSA PKCS#1 v1.5 SHA-256, wrong signature (same size) +PSA verify hash: RSA PKCS#1 v1.5 SHA-256, wrong signature (same size) depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C -asymmetric_verify_fail:PSA_KEY_TYPE_RSA_PUBLIC_KEY:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad":"111164d55b39c7ea6c1e5b5011724a11e1d7073d3a68f48c836fad153a1d91b6abdbc8f69da13b206cc96af6363b114458b026af14b24fab8929ed634c6a2acace0bcc62d9bb6a984afbcbfcd3a0608d32a2bae535b9cd1ecdf9dd281db1e0025c3bfb5512963ec3b98ddaa69e38bc3c84b1b61a04e5648640856aacc6fc7311":PSA_ERROR_INVALID_SIGNATURE +verify_hash_fail:PSA_KEY_TYPE_RSA_PUBLIC_KEY:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad":"111164d55b39c7ea6c1e5b5011724a11e1d7073d3a68f48c836fad153a1d91b6abdbc8f69da13b206cc96af6363b114458b026af14b24fab8929ed634c6a2acace0bcc62d9bb6a984afbcbfcd3a0608d32a2bae535b9cd1ecdf9dd281db1e0025c3bfb5512963ec3b98ddaa69e38bc3c84b1b61a04e5648640856aacc6fc7311":PSA_ERROR_INVALID_SIGNATURE -PSA verify: RSA PKCS#1 v1.5 SHA-256, wrong signature (empty) +PSA verify hash: RSA PKCS#1 v1.5 SHA-256, wrong signature (empty) depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C -asymmetric_verify_fail:PSA_KEY_TYPE_RSA_PUBLIC_KEY:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad":"":PSA_ERROR_INVALID_SIGNATURE +verify_hash_fail:PSA_KEY_TYPE_RSA_PUBLIC_KEY:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad":"":PSA_ERROR_INVALID_SIGNATURE -PSA verify: RSA PKCS#1 v1.5 SHA-256, wrong signature (truncated) +PSA verify hash: RSA PKCS#1 v1.5 SHA-256, wrong signature (truncated) depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C -asymmetric_verify_fail:PSA_KEY_TYPE_RSA_PUBLIC_KEY:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad":"a73664d55b39c7ea6c1e5b5011724a11e1d7073d3a68f48c836fad153a1d91b6abdbc8f69da13b206cc96af6363b114458b026af14b24fab8929ed634c6a2acace0bcc62d9bb6a984afbcbfcd3a0608d32a2bae535b9cd1ecdf9dd281db1e0025c3bfb5512963ec3b98ddaa69e38bc3c84b1b61a04e5648640856aacc6fc73":PSA_ERROR_INVALID_SIGNATURE +verify_hash_fail:PSA_KEY_TYPE_RSA_PUBLIC_KEY:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad":"a73664d55b39c7ea6c1e5b5011724a11e1d7073d3a68f48c836fad153a1d91b6abdbc8f69da13b206cc96af6363b114458b026af14b24fab8929ed634c6a2acace0bcc62d9bb6a984afbcbfcd3a0608d32a2bae535b9cd1ecdf9dd281db1e0025c3bfb5512963ec3b98ddaa69e38bc3c84b1b61a04e5648640856aacc6fc73":PSA_ERROR_INVALID_SIGNATURE -PSA verify: RSA PKCS#1 v1.5 SHA-256, wrong signature (trailing junk) +PSA verify hash: RSA PKCS#1 v1.5 SHA-256, wrong signature (trailing junk) depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C -asymmetric_verify_fail:PSA_KEY_TYPE_RSA_PUBLIC_KEY:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad":"a73664d55b39c7ea6c1e5b5011724a11e1d7073d3a68f48c836fad153a1d91b6abdbc8f69da13b206cc96af6363b114458b026af14b24fab8929ed634c6a2acace0bcc62d9bb6a984afbcbfcd3a0608d32a2bae535b9cd1ecdf9dd281db1e0025c3bfb5512963ec3b98ddaa69e38bc3c84b1b61a04e5648640856aacc6fc731121":PSA_ERROR_INVALID_SIGNATURE +verify_hash_fail:PSA_KEY_TYPE_RSA_PUBLIC_KEY:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad":"a73664d55b39c7ea6c1e5b5011724a11e1d7073d3a68f48c836fad153a1d91b6abdbc8f69da13b206cc96af6363b114458b026af14b24fab8929ed634c6a2acace0bcc62d9bb6a984afbcbfcd3a0608d32a2bae535b9cd1ecdf9dd281db1e0025c3bfb5512963ec3b98ddaa69e38bc3c84b1b61a04e5648640856aacc6fc731121":PSA_ERROR_INVALID_SIGNATURE -PSA verify: RSA PKCS#1 v1.5 SHA-256, wrong signature (leading junk) +PSA verify hash: RSA PKCS#1 v1.5 SHA-256, wrong signature (leading junk) depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C -asymmetric_verify_fail:PSA_KEY_TYPE_RSA_PUBLIC_KEY:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad":"21a73664d55b39c7ea6c1e5b5011724a11e1d7073d3a68f48c836fad153a1d91b6abdbc8f69da13b206cc96af6363b114458b026af14b24fab8929ed634c6a2acace0bcc62d9bb6a984afbcbfcd3a0608d32a2bae535b9cd1ecdf9dd281db1e0025c3bfb5512963ec3b98ddaa69e38bc3c84b1b61a04e5648640856aacc6fc7311":PSA_ERROR_INVALID_SIGNATURE +verify_hash_fail:PSA_KEY_TYPE_RSA_PUBLIC_KEY:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad":"21a73664d55b39c7ea6c1e5b5011724a11e1d7073d3a68f48c836fad153a1d91b6abdbc8f69da13b206cc96af6363b114458b026af14b24fab8929ed634c6a2acace0bcc62d9bb6a984afbcbfcd3a0608d32a2bae535b9cd1ecdf9dd281db1e0025c3bfb5512963ec3b98ddaa69e38bc3c84b1b61a04e5648640856aacc6fc7311":PSA_ERROR_INVALID_SIGNATURE -PSA verify: RSA PSS SHA-256, good signature, 0 bytes +PSA verify hash: RSA PSS SHA-256, good signature, 0 bytes depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C -asymmetric_verify:PSA_KEY_TYPE_RSA_PUBLIC_KEY:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):"":"34c011b625c32d992f4ab8fcfa52b616ea66270b5b75a4fc71af712f9b8806bcdd374ce50eafcbb489562b93347885f93c2de1d404c45cacccefceb112ff6ffdfe4264f91d66320bbbe09304b851b8ad6280bbccc571eebcd49c7db5dfa399a6289e1978407904598751613d9870770cdd8507e3dc7b46851dbf05ae1df2988d" +verify_hash:PSA_KEY_TYPE_RSA_PUBLIC_KEY:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):"":"34c011b625c32d992f4ab8fcfa52b616ea66270b5b75a4fc71af712f9b8806bcdd374ce50eafcbb489562b93347885f93c2de1d404c45cacccefceb112ff6ffdfe4264f91d66320bbbe09304b851b8ad6280bbccc571eebcd49c7db5dfa399a6289e1978407904598751613d9870770cdd8507e3dc7b46851dbf05ae1df2988d" -PSA verify: RSA PSS SHA-256, good signature, 32 bytes (hash size) +PSA verify hash: RSA PSS SHA-256, good signature, 32 bytes (hash size) depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C -asymmetric_verify:PSA_KEY_TYPE_RSA_PUBLIC_KEY:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad":"1967ae568cc071dfebeeca76b11d40bd1ec5af241c50b3dcceff21f4536c0693a7179a8d5d163a7625fefd37c161127800edeebc24fa73ca772096827bd3f75e8ccf2c64f07b7171b5c99022a4d73b760f34a385ccff0bd5ed7997d2a29d2847acb0767f93a2a404bc046c97de66d95dc9f7646fdb216b627b2ea0de8afcefb7" +verify_hash:PSA_KEY_TYPE_RSA_PUBLIC_KEY:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad":"1967ae568cc071dfebeeca76b11d40bd1ec5af241c50b3dcceff21f4536c0693a7179a8d5d163a7625fefd37c161127800edeebc24fa73ca772096827bd3f75e8ccf2c64f07b7171b5c99022a4d73b760f34a385ccff0bd5ed7997d2a29d2847acb0767f93a2a404bc046c97de66d95dc9f7646fdb216b627b2ea0de8afcefb7" -PSA verify: RSA PSS SHA-256, good signature, 129 bytes +PSA verify hash: RSA PSS SHA-256, good signature, 129 bytes depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C -asymmetric_verify:PSA_KEY_TYPE_RSA_PUBLIC_KEY:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":"1491cead330b4ad5b092f8351518141ac11d0888591572669c1e79d6e932c488acd62d44479b0e14cd91a048778bc02398a772ad6bdb4f7764780cf0afe70293d0cac86f2695a1dcb54568bb37d7086f9e86f95a6802d2ee5a4facaa762beff5261bb2816b62cb5af86404974c3f6b67985ac1fbfdf46d6de54f6e29d9274308" +verify_hash:PSA_KEY_TYPE_RSA_PUBLIC_KEY:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":"1491cead330b4ad5b092f8351518141ac11d0888591572669c1e79d6e932c488acd62d44479b0e14cd91a048778bc02398a772ad6bdb4f7764780cf0afe70293d0cac86f2695a1dcb54568bb37d7086f9e86f95a6802d2ee5a4facaa762beff5261bb2816b62cb5af86404974c3f6b67985ac1fbfdf46d6de54f6e29d9274308" -PSA verify: ECDSA SECP256R1, good +PSA verify hash: ECDSA SECP256R1, good depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256 -asymmetric_verify:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1):"04dea5e45d0ea37fc566232a508f4ad20ea13d47e4bf5fa4d54a57a0ba012042087097496efc583fed8b24a5b9be9a51de063f5a00a8b698a16fd7f29b5485f320":PSA_ALG_ECDSA_ANY:"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"6a3399f69421ffe1490377adf2ea1f117d81a63cf5bf22e918d51175eb259151ce95d7c26cc04e25503e2f7a1ec3573e3c2412534bb4a19b3a7811742f49f50f" +verify_hash:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1):"04dea5e45d0ea37fc566232a508f4ad20ea13d47e4bf5fa4d54a57a0ba012042087097496efc583fed8b24a5b9be9a51de063f5a00a8b698a16fd7f29b5485f320":PSA_ALG_ECDSA_ANY:"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"6a3399f69421ffe1490377adf2ea1f117d81a63cf5bf22e918d51175eb259151ce95d7c26cc04e25503e2f7a1ec3573e3c2412534bb4a19b3a7811742f49f50f" -PSA verify with keypair: ECDSA SECP256R1, good +PSA verify hash with keypair: ECDSA SECP256R1, good depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256 -asymmetric_verify:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_ECDSA_ANY:"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"6a3399f69421ffe1490377adf2ea1f117d81a63cf5bf22e918d51175eb259151ce95d7c26cc04e25503e2f7a1ec3573e3c2412534bb4a19b3a7811742f49f50f" +verify_hash:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_ECDSA_ANY:"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"6a3399f69421ffe1490377adf2ea1f117d81a63cf5bf22e918d51175eb259151ce95d7c26cc04e25503e2f7a1ec3573e3c2412534bb4a19b3a7811742f49f50f" -PSA verify: ECDSA SECP256R1, wrong signature size (correct but ASN1-encoded) +PSA verify hash: ECDSA SECP256R1, wrong signature size (correct but ASN1-encoded) depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256 -asymmetric_verify_fail:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1):"04dea5e45d0ea37fc566232a508f4ad20ea13d47e4bf5fa4d54a57a0ba012042087097496efc583fed8b24a5b9be9a51de063f5a00a8b698a16fd7f29b5485f320":PSA_ALG_ECDSA_ANY:"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"304502206a3399f69421ffe1490377adf2ea1f117d81a63cf5bf22e918d51175eb259151022100ce95d7c26cc04e25503e2f7a1ec3573e3c2412534bb4a19b3a7811742f49f50f":PSA_ERROR_INVALID_SIGNATURE +verify_hash_fail:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1):"04dea5e45d0ea37fc566232a508f4ad20ea13d47e4bf5fa4d54a57a0ba012042087097496efc583fed8b24a5b9be9a51de063f5a00a8b698a16fd7f29b5485f320":PSA_ALG_ECDSA_ANY:"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"304502206a3399f69421ffe1490377adf2ea1f117d81a63cf5bf22e918d51175eb259151022100ce95d7c26cc04e25503e2f7a1ec3573e3c2412534bb4a19b3a7811742f49f50f":PSA_ERROR_INVALID_SIGNATURE -PSA verify: ECDSA SECP256R1, wrong signature of correct size +PSA verify hash: ECDSA SECP256R1, wrong signature of correct size depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256 -asymmetric_verify_fail:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1):"04dea5e45d0ea37fc566232a508f4ad20ea13d47e4bf5fa4d54a57a0ba012042087097496efc583fed8b24a5b9be9a51de063f5a00a8b698a16fd7f29b5485f320":PSA_ALG_ECDSA_ANY:"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"6a3399f69421ffe1490377adf2ea1f117d81a63cf5bf22e918d51175eb259151ce95d7c26cc04e25503e2f7a1ec3573e3c2412534bb4a19b3a7811742f49f50e":PSA_ERROR_INVALID_SIGNATURE +verify_hash_fail:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1):"04dea5e45d0ea37fc566232a508f4ad20ea13d47e4bf5fa4d54a57a0ba012042087097496efc583fed8b24a5b9be9a51de063f5a00a8b698a16fd7f29b5485f320":PSA_ALG_ECDSA_ANY:"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"6a3399f69421ffe1490377adf2ea1f117d81a63cf5bf22e918d51175eb259151ce95d7c26cc04e25503e2f7a1ec3573e3c2412534bb4a19b3a7811742f49f50e":PSA_ERROR_INVALID_SIGNATURE -PSA verify: ECDSA SECP256R1, wrong signature (empty) +PSA verify hash: ECDSA SECP256R1, wrong signature (empty) depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256 -asymmetric_verify_fail:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1):"04dea5e45d0ea37fc566232a508f4ad20ea13d47e4bf5fa4d54a57a0ba012042087097496efc583fed8b24a5b9be9a51de063f5a00a8b698a16fd7f29b5485f320":PSA_ALG_ECDSA_ANY:"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"":PSA_ERROR_INVALID_SIGNATURE +verify_hash_fail:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1):"04dea5e45d0ea37fc566232a508f4ad20ea13d47e4bf5fa4d54a57a0ba012042087097496efc583fed8b24a5b9be9a51de063f5a00a8b698a16fd7f29b5485f320":PSA_ALG_ECDSA_ANY:"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"":PSA_ERROR_INVALID_SIGNATURE -PSA verify: ECDSA SECP256R1, wrong signature (truncated) +PSA verify hash: ECDSA SECP256R1, wrong signature (truncated) depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256 -asymmetric_verify_fail:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1):"04dea5e45d0ea37fc566232a508f4ad20ea13d47e4bf5fa4d54a57a0ba012042087097496efc583fed8b24a5b9be9a51de063f5a00a8b698a16fd7f29b5485f320":PSA_ALG_ECDSA_ANY:"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"6a3399f69421ffe1490377adf2ea1f117d81a63cf5bf22e918d51175eb259151ce95d7c26cc04e25503e2f7a1ec3573e3c2412534bb4a19b3a7811742f49f5":PSA_ERROR_INVALID_SIGNATURE +verify_hash_fail:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1):"04dea5e45d0ea37fc566232a508f4ad20ea13d47e4bf5fa4d54a57a0ba012042087097496efc583fed8b24a5b9be9a51de063f5a00a8b698a16fd7f29b5485f320":PSA_ALG_ECDSA_ANY:"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"6a3399f69421ffe1490377adf2ea1f117d81a63cf5bf22e918d51175eb259151ce95d7c26cc04e25503e2f7a1ec3573e3c2412534bb4a19b3a7811742f49f5":PSA_ERROR_INVALID_SIGNATURE -PSA verify: ECDSA SECP256R1, wrong signature (trailing junk) +PSA verify hash: ECDSA SECP256R1, wrong signature (trailing junk) depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256 -asymmetric_verify_fail:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1):"04dea5e45d0ea37fc566232a508f4ad20ea13d47e4bf5fa4d54a57a0ba012042087097496efc583fed8b24a5b9be9a51de063f5a00a8b698a16fd7f29b5485f320":PSA_ALG_ECDSA_ANY:"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"6a3399f69421ffe1490377adf2ea1f117d81a63cf5bf22e918d51175eb259151ce95d7c26cc04e25503e2f7a1ec3573e3c2412534bb4a19b3a7811742f49f50f21":PSA_ERROR_INVALID_SIGNATURE +verify_hash_fail:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1):"04dea5e45d0ea37fc566232a508f4ad20ea13d47e4bf5fa4d54a57a0ba012042087097496efc583fed8b24a5b9be9a51de063f5a00a8b698a16fd7f29b5485f320":PSA_ALG_ECDSA_ANY:"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"6a3399f69421ffe1490377adf2ea1f117d81a63cf5bf22e918d51175eb259151ce95d7c26cc04e25503e2f7a1ec3573e3c2412534bb4a19b3a7811742f49f50f21":PSA_ERROR_INVALID_SIGNATURE -PSA verify: ECDSA SECP256R1, wrong signature (leading junk) +PSA verify hash: ECDSA SECP256R1, wrong signature (leading junk) depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256 -asymmetric_verify_fail:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1):"04dea5e45d0ea37fc566232a508f4ad20ea13d47e4bf5fa4d54a57a0ba012042087097496efc583fed8b24a5b9be9a51de063f5a00a8b698a16fd7f29b5485f320":PSA_ALG_ECDSA_ANY:"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"216a3399f69421ffe1490377adf2ea1f117d81a63cf5bf22e918d51175eb259151ce95d7c26cc04e25503e2f7a1ec3573e3c2412534bb4a19b3a7811742f49f50f":PSA_ERROR_INVALID_SIGNATURE +verify_hash_fail:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1):"04dea5e45d0ea37fc566232a508f4ad20ea13d47e4bf5fa4d54a57a0ba012042087097496efc583fed8b24a5b9be9a51de063f5a00a8b698a16fd7f29b5485f320":PSA_ALG_ECDSA_ANY:"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"216a3399f69421ffe1490377adf2ea1f117d81a63cf5bf22e918d51175eb259151ce95d7c26cc04e25503e2f7a1ec3573e3c2412534bb4a19b3a7811742f49f50f":PSA_ERROR_INVALID_SIGNATURE -PSA verify: invalid algorithm for ECC key +PSA verify hash: invalid algorithm for ECC key depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_MD_C -asymmetric_verify_fail:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):"":"":PSA_ERROR_INVALID_ARGUMENT +verify_hash_fail:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):"":"":PSA_ERROR_INVALID_ARGUMENT PSA encrypt: RSA PKCS#1 v1.5, good depends_on:PSA_WANT_ALG_RSA_PKCS1V15_CRYPT:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function index bff0c35a04..79227bbf35 100644 --- a/tests/suites/test_suite_psa_crypto.function +++ b/tests/suites/test_suite_psa_crypto.function @@ -3170,9 +3170,9 @@ exit: /* END_CASE */ /* BEGIN_CASE */ -void sign_deterministic( int key_type_arg, data_t *key_data, - int alg_arg, data_t *input_data, - data_t *output_data ) +void sign_hash_deterministic( int key_type_arg, data_t *key_data, + int alg_arg, data_t *input_data, + data_t *output_data ) { mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; psa_key_type_t key_type = key_type_arg; @@ -3225,9 +3225,9 @@ exit: /* END_CASE */ /* BEGIN_CASE */ -void sign_fail( int key_type_arg, data_t *key_data, - int alg_arg, data_t *input_data, - int signature_size_arg, int expected_status_arg ) +void sign_hash_fail( int key_type_arg, data_t *key_data, + int alg_arg, data_t *input_data, + int signature_size_arg, int expected_status_arg ) { mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; psa_key_type_t key_type = key_type_arg; @@ -3270,8 +3270,8 @@ exit: /* END_CASE */ /* BEGIN_CASE */ -void sign_verify( int key_type_arg, data_t *key_data, - int alg_arg, data_t *input_data ) +void sign_verify_hash( int key_type_arg, data_t *key_data, + int alg_arg, data_t *input_data ) { mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; psa_key_type_t key_type = key_type_arg; @@ -3341,9 +3341,9 @@ exit: /* END_CASE */ /* BEGIN_CASE */ -void asymmetric_verify( int key_type_arg, data_t *key_data, - int alg_arg, data_t *hash_data, - data_t *signature_data ) +void verify_hash( int key_type_arg, data_t *key_data, + int alg_arg, data_t *hash_data, + data_t *signature_data ) { mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; psa_key_type_t key_type = key_type_arg; @@ -3373,10 +3373,10 @@ exit: /* END_CASE */ /* BEGIN_CASE */ -void asymmetric_verify_fail( int key_type_arg, data_t *key_data, - int alg_arg, data_t *hash_data, - data_t *signature_data, - int expected_status_arg ) +void verify_hash_fail( int key_type_arg, data_t *key_data, + int alg_arg, data_t *hash_data, + data_t *signature_data, + int expected_status_arg ) { mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; psa_key_type_t key_type = key_type_arg; From 5302848ba5ffd6c90c241c55a2780061eefe8dcc Mon Sep 17 00:00:00 2001 From: gabor-mezei-arm Date: Thu, 15 Apr 2021 18:19:50 +0200 Subject: [PATCH 103/188] Add tests for psa_sign_message and psa_verify_message The reference output data was created with cryptodome for RSA algorithms and python-ecdsa for ECDSA algorithms. Signed-off-by: gabor-mezei-arm --- tests/suites/test_suite_psa_crypto.data | 208 +++++++++++++++++ tests/suites/test_suite_psa_crypto.function | 233 ++++++++++++++++++++ 2 files changed, 441 insertions(+) diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data index d26ac9ab4e..d745ae3e59 100644 --- a/tests/suites/test_suite_psa_crypto.data +++ b/tests/suites/test_suite_psa_crypto.data @@ -2314,6 +2314,214 @@ PSA verify hash: invalid algorithm for ECC key depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_MD_C verify_hash_fail:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):"":"":PSA_ERROR_INVALID_ARGUMENT +PSA sign message: RSA PKCS#1 v1.5 SHA-256 +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C +sign_message_deterministic:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):"616263":"a73664d55b39c7ea6c1e5b5011724a11e1d7073d3a68f48c836fad153a1d91b6abdbc8f69da13b206cc96af6363b114458b026af14b24fab8929ed634c6a2acace0bcc62d9bb6a984afbcbfcd3a0608d32a2bae535b9cd1ecdf9dd281db1e0025c3bfb5512963ec3b98ddaa69e38bc3c84b1b61a04e5648640856aacc6fc7311" + +PSA sign message: deterministic ECDSA SECP256R1 SHA-256 +depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_MD_C +sign_message_deterministic:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_SHA_256):"616263":"36e5b5a7da1c9c265dc447de3a5a704fcb8c03f7a3749dde48d84c9bf736fc1ed48d8b3660e7d3cbc6b1870730b7ce2a043f69e37ccb340b98d1e65184e03548" + +PSA sign message: deterministic ECDSA SECP256R1 SHA-384 +depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_MD_C +sign_message_deterministic:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_SHA_384):"616263":"7ea712a20e3a8cbe0c6e64195362ba7635bbe78af51ddedd7a5fd858395250c592654c35d3b0614ae0e3b329c25cf5b4a5fcb243af3e3ad15c8446fe401be066" + +PSA sign message: deterministic ECDSA SECP384R1 SHA-256 +depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_MD_C +sign_message_deterministic:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"3f5d8d9be280b5696cc5cc9f94cf8af7e6b61dd6592b2ab2b3a4c607450417ec327dcdcaed7c10053d719a0574f0a76a":PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_SHA_256):"616263":"3548ea85eb66d756ae90fd64a3104b5b9a17aa282f8722409762e9da4811ec5d3060a97d3450b4bc484cd21ac588f563c4873843506fed8609b7d093db0e9a2496c36995ee74c906528af6898feb502f45bfb1e9ccf371416c68d32bb5ebc1b6" + +PSA sign message: RSA PKCS#1 v1.5, invalid hash (wildcard) +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C +sign_message_fail:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):"616263":128:PSA_ERROR_INVALID_ARGUMENT + +PSA sign message: RSA PKCS#1 v1.5, invalid hash algorithm (0) +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C +sign_message_fail:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_PKCS1V15_SIGN(0):"616263":128:PSA_ERROR_INVALID_ARGUMENT + +PSA sign message: RSA PKCS#1 v1.5 SHA-256, output buffer too small +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C +sign_message_fail:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):"616263":127:PSA_ERROR_BUFFER_TOO_SMALL + +PSA sign message: RSA PKCS#1 v1.5 SHA-256, empty output buffer +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C +sign_message_fail:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):"616263":0:PSA_ERROR_BUFFER_TOO_SMALL + +PSA sign message: RSA PKCS#1 v1.5 SHA-256, invalid key type +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_CHACHA20:MBEDTLS_MD_C +sign_message_fail:PSA_KEY_TYPE_CHACHA20:"4bddc98c551a95395ef719557f813656b566bc45aac04eca3866324cc75489f2":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):"616263":128:PSA_ERROR_INVALID_ARGUMENT + +PSA sign message: ECDSA SECP256R1 SHA-256, invalid hash (wildcard) +depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_MD_C +sign_message_fail:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):"616263":64:PSA_ERROR_INVALID_ARGUMENT + +PSA sign message: ECDSA SECP256R1 SHA-256, invalid hash algorithm (0) +depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_MD_C +sign_message_fail:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_ECDSA(0):"616263":64:PSA_ERROR_INVALID_ARGUMENT + +PSA sign message: ECDSA SECP256R1 SHA-256, output buffer too small +depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_MD_C +sign_message_fail:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_ECDSA(PSA_ALG_SHA_256):"616263":63:PSA_ERROR_BUFFER_TOO_SMALL + +PSA sign message: ECDSA SECP256R1 SHA-256, empty output buffer +depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_MD_C +sign_message_fail:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_ECDSA(PSA_ALG_SHA_256):"616263":0:PSA_ERROR_BUFFER_TOO_SMALL + +PSA sign message: ECDSA SECP256R1 SHA-256, invalid key type +depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_CHACHA20:MBEDTLS_MD_C +sign_message_fail:PSA_KEY_TYPE_CHACHA20:"4bddc98c551a95395ef719557f813656b566bc45aac04eca3866324cc75489f2":PSA_ALG_ECDSA(PSA_ALG_SHA_256):"616263":64:PSA_ERROR_INVALID_ARGUMENT + +PSA sign message: invalid algorithm for ECC key +depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C +sign_message_fail:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):"616263":72:PSA_ERROR_INVALID_ARGUMENT + +PSA sign message: deterministic ECDSA not supported +depends_on:!PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_MD_C +sign_message_fail:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"3f5d8d9be280b5696cc5cc9f94cf8af7e6b61dd6592b2ab2b3a4c607450417ec327dcdcaed7c10053d719a0574f0a76a":PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_SHA_256):"616263":96:PSA_ERROR_NOT_SUPPORTED + +PSA sign/verify message: RSA PKCS#1 v1.5 SHA-256 +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C +sign_verify_message:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):"616263" + +PSA sign/verify message: RSA PSS SHA-256 +depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C +sign_verify_message:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):"616263" + +PSA sign/verify message: RSA PSS SHA-256, 0 bytes +depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C +sign_verify_message:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):"" + +PSA sign/verify message: RSA PSS SHA-256, 32 bytes (hash size) +depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C +sign_verify_message:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" + +PSA sign/verify message: RSA PSS SHA-256, 128 bytes (signature size) +depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C +sign_verify_message:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" + +PSA sign/verify message: RSA PSS SHA-256, 129 bytes +depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C +sign_verify_message:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" + +PSA sign/verify message: randomized ECDSA SECP256R1 SHA-256 +depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256 +sign_verify_message:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_ECDSA(PSA_ALG_SHA_256):"616263" + +PSA sign/verify message: randomized ECDSA SECP256R1 SHA-256, 0 bytes +depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256 +sign_verify_message:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_ECDSA(PSA_ALG_SHA_256):"" + +PSA sign/verify message: randomized ECDSA SECP256R1 SHA-256, 32 bytes (hash size) +depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256 +sign_verify_message:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_ECDSA(PSA_ALG_SHA_256):"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" + +PSA sign/verify message: randomized ECDSA SECP256R1 SHA-256, 64 bytes (signature size) +depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256 +sign_verify_message:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_ECDSA(PSA_ALG_SHA_256):"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" + +PSA sign/verify message: randomized ECDSA SECP256R1 SHA-256, 65 bytes +depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256 +sign_verify_message:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_ECDSA(PSA_ALG_SHA_256):"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" + +PSA sign/verify message: deterministic ECDSA SECP256R1 SHA-256 +depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_MD_C +sign_verify_message:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_SHA_256):"616263" + +PSA sign/verify message: randomized ECDSA SECP256R1 SHA-384 +depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256 +sign_verify_message:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_ECDSA(PSA_ALG_SHA_384):"616263" + +PSA sign/verify message: deterministic ECDSA SECP256R1 SHA-384 +depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_MD_C +sign_verify_message:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_SHA_384):"616263" + +PSA sign/verify message: randomized ECDSA SECP384R1 SHA-256 +depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_384 +sign_verify_message:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"3f5d8d9be280b5696cc5cc9f94cf8af7e6b61dd6592b2ab2b3a4c607450417ec327dcdcaed7c10053d719a0574f0a76a":PSA_ALG_ECDSA(PSA_ALG_SHA_256):"616263" + +PSA sign/verify message: deterministic ECDSA SECP384R1 SHA-256 +depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_MD_C +sign_verify_message:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"3f5d8d9be280b5696cc5cc9f94cf8af7e6b61dd6592b2ab2b3a4c607450417ec327dcdcaed7c10053d719a0574f0a76a":PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_SHA_256):"616263" + +PSA verify message: RSA PKCS#1 v1.5 SHA-256, good signature +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C +verify_message:PSA_KEY_TYPE_RSA_PUBLIC_KEY:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):"616263":"a73664d55b39c7ea6c1e5b5011724a11e1d7073d3a68f48c836fad153a1d91b6abdbc8f69da13b206cc96af6363b114458b026af14b24fab8929ed634c6a2acace0bcc62d9bb6a984afbcbfcd3a0608d32a2bae535b9cd1ecdf9dd281db1e0025c3bfb5512963ec3b98ddaa69e38bc3c84b1b61a04e5648640856aacc6fc7311" + +PSA verify message with keypair: RSA PKCS#1 v1.5 SHA-256, good signature +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C +verify_message:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):"616263":"a73664d55b39c7ea6c1e5b5011724a11e1d7073d3a68f48c836fad153a1d91b6abdbc8f69da13b206cc96af6363b114458b026af14b24fab8929ed634c6a2acace0bcc62d9bb6a984afbcbfcd3a0608d32a2bae535b9cd1ecdf9dd281db1e0025c3bfb5512963ec3b98ddaa69e38bc3c84b1b61a04e5648640856aacc6fc7311" + +PSA verify message: RSA PSS SHA-256, good signature, 0 bytes +depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C +verify_message:PSA_KEY_TYPE_RSA_PUBLIC_KEY:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):"":"50c06249deb97228e277b51d3e3542a6e5c140d6f6d1cb8a3dff53b5ce6e6fcb39d0767703174135208adf5d75399dd7525702b275153e7605ec38b65d33337bb9bbeb8c392ee22e3e9c0dafa43074a8205e17df2106bedd7bf6f1ada702aeb2ce04864c0ca9ec31964f9a957d8ebb9abc82454ad37c541e9b4d9842436c14a4" + +PSA verify message: RSA PSS SHA-256, good signature, 32 bytes (hash size) +depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C +verify_message:PSA_KEY_TYPE_RSA_PUBLIC_KEY:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":"6b65e1fdc900dce8a2b82130ae8ccfac27b6d0eb5f2c0c1085b80f34ceaaf064c8ff237e74a24a3c6fb7a842f172e5146315616281bbbeeae90febaab139a212decf1c68923f2a48e242b1fd72105e3a3f2329c30d78abe8673335ad08c5ba1aa515360bb5660050f1994bb08d3dd17e3407a379403bafa4e229b3c851283f6d" + +PSA verify message: RSA PSS SHA-256, good signature, 128 bytes (signature size) +depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C +verify_message:PSA_KEY_TYPE_RSA_PUBLIC_KEY:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":"29b65db0936b7fe408bda672077b0bc5e176177ba9a550fb548c292f7b4af1bb6475e0a979ba43dd644780801fabe5b62a1359cf7692918f30013e90c2362235765abc2078905d13b345dd689bf15e4e94ca51535d12f0675d5f13e9f254ba7696f0096d62deb023d106e9a96a5da3162bead6a745c8b9000868d2f9a447d5c5" + +PSA verify message: RSA PSS SHA-256, good signature, 129 bytes +depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C +verify_message:PSA_KEY_TYPE_RSA_PUBLIC_KEY:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":"43286cc0fc599603fbb0cd1fd70c3a17b08d2adf4f90202dddfa4b9d74be8c720bbb1c714665466de6452d401ca061b68225785ff387c2615f03c81351cc3838cd3014a031a4f4c9f70bba06f504c6a9942ac2dbfed2329e590d526a9be26b4025a6d7c4151b4e795cfe756c9a8a5e8fa9228a6f5f6f427a5a070e5c0ea69830" + +PSA verify message ECDSA SECP256R1, good +depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:PSA_WANT_ALG_SHA_256:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256 +verify_message:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1):"04dea5e45d0ea37fc566232a508f4ad20ea13d47e4bf5fa4d54a57a0ba012042087097496efc583fed8b24a5b9be9a51de063f5a00a8b698a16fd7f29b5485f320":PSA_ALG_ECDSA(PSA_ALG_SHA_256):"616263":"0f8c19f5affea6d593a33e176aa52717bff8d5875165fc63e80a2d65580d295789db5ffb5397ba4c67834e2731ee268ea6f7e83846fbb02145b35442db18cf0b" + +PSA verify message with keypair: ECDSA SECP256R1, good +depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ALG_SHA_256:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256 +verify_message:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_ECDSA(PSA_ALG_SHA_256):"616263":"0f8c19f5affea6d593a33e176aa52717bff8d5875165fc63e80a2d65580d295789db5ffb5397ba4c67834e2731ee268ea6f7e83846fbb02145b35442db18cf0b" + +PSA verify message: RSA PKCS#1 v1.5 SHA-256, wrong signature (same size) +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C +verify_message_fail:PSA_KEY_TYPE_RSA_PUBLIC_KEY:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):"616263":"111164d55b39c7ea6c1e5b5011724a11e1d7073d3a68f48c836fad153a1d91b6abdbc8f69da13b206cc96af6363b114458b026af14b24fab8929ed634c6a2acace0bcc62d9bb6a984afbcbfcd3a0608d32a2bae535b9cd1ecdf9dd281db1e0025c3bfb5512963ec3b98ddaa69e38bc3c84b1b61a04e5648640856aacc6fc7311":PSA_ERROR_INVALID_SIGNATURE + +PSA verify message: RSA PKCS#1 v1.5 SHA-256, wrong signature (empty) +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C +verify_message_fail:PSA_KEY_TYPE_RSA_PUBLIC_KEY:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):"616263":"":PSA_ERROR_INVALID_SIGNATURE + +PSA verify message: RSA PKCS#1 v1.5 SHA-256, wrong signature (truncated) +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C +verify_message_fail:PSA_KEY_TYPE_RSA_PUBLIC_KEY:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):"616263":"a73664d55b39c7ea6c1e5b5011724a11e1d7073d3a68f48c836fad153a1d91b6abdbc8f69da13b206cc96af6363b114458b026af14b24fab8929ed634c6a2acace0bcc62d9bb6a984afbcbfcd3a0608d32a2bae535b9cd1ecdf9dd281db1e0025c3bfb5512963ec3b98ddaa69e38bc3c84b1b61a04e5648640856aacc6fc73":PSA_ERROR_INVALID_SIGNATURE + +PSA verify message: RSA PKCS#1 v1.5 SHA-256, wrong signature (trailing junk) +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C +verify_message_fail:PSA_KEY_TYPE_RSA_PUBLIC_KEY:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):"616263":"a73664d55b39c7ea6c1e5b5011724a11e1d7073d3a68f48c836fad153a1d91b6abdbc8f69da13b206cc96af6363b114458b026af14b24fab8929ed634c6a2acace0bcc62d9bb6a984afbcbfcd3a0608d32a2bae535b9cd1ecdf9dd281db1e0025c3bfb5512963ec3b98ddaa69e38bc3c84b1b61a04e5648640856aacc6fc731121":PSA_ERROR_INVALID_SIGNATURE + +PSA verify message: RSA PKCS#1 v1.5 SHA-256, wrong signature (leading junk) +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C +verify_message_fail:PSA_KEY_TYPE_RSA_PUBLIC_KEY:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):"616263":"21a73664d55b39c7ea6c1e5b5011724a11e1d7073d3a68f48c836fad153a1d91b6abdbc8f69da13b206cc96af6363b114458b026af14b24fab8929ed634c6a2acace0bcc62d9bb6a984afbcbfcd3a0608d32a2bae535b9cd1ecdf9dd281db1e0025c3bfb5512963ec3b98ddaa69e38bc3c84b1b61a04e5648640856aacc6fc7311":PSA_ERROR_INVALID_SIGNATURE + +PSA verify message: ECDSA SECP256R1, wrong signature size (correct but ASN1-encoded) +depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256 +verify_message_fail:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1):"04dea5e45d0ea37fc566232a508f4ad20ea13d47e4bf5fa4d54a57a0ba012042087097496efc583fed8b24a5b9be9a51de063f5a00a8b698a16fd7f29b5485f320":PSA_ALG_ECDSA(PSA_ALG_SHA_256):"616263":"304502200b295f3dc3ac2bde92f550b7e73a2de15a753b4ebc761c521a32d1ed9bf5800a022100fe7301254058347c3dec7768f62dfc63f7c049d28bfdd1d6712126fd888e9f04":PSA_ERROR_INVALID_SIGNATURE + +PSA verify message: ECDSA SECP256R1, wrong signature of correct size +depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256 +verify_message_fail:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1):"04dea5e45d0ea37fc566232a508f4ad20ea13d47e4bf5fa4d54a57a0ba012042087097496efc583fed8b24a5b9be9a51de063f5a00a8b698a16fd7f29b5485f320":PSA_ALG_ECDSA(PSA_ALG_SHA_256):"616263":"0f8c19f5affea6d593a33e176aa52717bff8d5875165fc63e80a2d65580d295789db5ffb5397ba4c67834e2731ee268ea6f7e83846fbb02145b35442db18cf00":PSA_ERROR_INVALID_SIGNATURE + +PSA verify message: ECDSA SECP256R1, wrong signature (empty) +depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256 +verify_message_fail:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1):"04dea5e45d0ea37fc566232a508f4ad20ea13d47e4bf5fa4d54a57a0ba012042087097496efc583fed8b24a5b9be9a51de063f5a00a8b698a16fd7f29b5485f320":PSA_ALG_ECDSA(PSA_ALG_SHA_256):"616263":"":PSA_ERROR_INVALID_SIGNATURE + +PSA verify message: ECDSA SECP256R1, wrong signature (truncated) +depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256 +verify_message_fail:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1):"04dea5e45d0ea37fc566232a508f4ad20ea13d47e4bf5fa4d54a57a0ba012042087097496efc583fed8b24a5b9be9a51de063f5a00a8b698a16fd7f29b5485f320":PSA_ALG_ECDSA(PSA_ALG_SHA_256):"616263":"0f8c19f5affea6d593a33e176aa52717bff8d5875165fc63e80a2d65580d295789db5ffb5397ba4c67834e2731ee268ea6f7e83846fbb02145b35442db18cf":PSA_ERROR_INVALID_SIGNATURE + +PSA verify message: ECDSA SECP256R1, wrong signature (trailing junk) +depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256 +verify_message_fail:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1):"04dea5e45d0ea37fc566232a508f4ad20ea13d47e4bf5fa4d54a57a0ba012042087097496efc583fed8b24a5b9be9a51de063f5a00a8b698a16fd7f29b5485f320":PSA_ALG_ECDSA(PSA_ALG_SHA_256):"616263":"0f8c19f5affea6d593a33e176aa52717bff8d5875165fc63e80a2d65580d295789db5ffb5397ba4c67834e2731ee268ea6f7e83846fbb02145b35442db18cf0bff":PSA_ERROR_INVALID_SIGNATURE + +PSA verify message: ECDSA SECP256R1, wrong signature (leading junk) +depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256 +verify_message_fail:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1):"04dea5e45d0ea37fc566232a508f4ad20ea13d47e4bf5fa4d54a57a0ba012042087097496efc583fed8b24a5b9be9a51de063f5a00a8b698a16fd7f29b5485f320":PSA_ALG_ECDSA(PSA_ALG_SHA_256):"616263":"ff0f8c19f5affea6d593a33e176aa52717bff8d5875165fc63e80a2d65580d295789db5ffb5397ba4c67834e2731ee268ea6f7e83846fbb02145b35442db18cf0b":PSA_ERROR_INVALID_SIGNATURE + +PSA verify message: invalid algorithm for ECC key +depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_MD_C +verify_message_fail:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):"":"":PSA_ERROR_INVALID_ARGUMENT + PSA encrypt: RSA PKCS#1 v1.5, good depends_on:PSA_WANT_ALG_RSA_PKCS1V15_CRYPT:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C asymmetric_encrypt:PSA_KEY_TYPE_RSA_PUBLIC_KEY:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_ALG_RSA_PKCS1V15_CRYPT:"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad":"":128:PSA_SUCCESS diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function index 79227bbf35..5b5531f037 100644 --- a/tests/suites/test_suite_psa_crypto.function +++ b/tests/suites/test_suite_psa_crypto.function @@ -3406,6 +3406,239 @@ exit: } /* END_CASE */ +/* BEGIN_CASE */ +void sign_message_deterministic( int key_type_arg, + data_t *key_data, + int alg_arg, + data_t *input_data, + data_t *output_data ) +{ + mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; + psa_key_type_t key_type = key_type_arg; + psa_algorithm_t alg = alg_arg; + size_t key_bits; + unsigned char *signature = NULL; + size_t signature_size; + size_t signature_length = 0xdeadbeef; + psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; + + PSA_ASSERT( psa_crypto_init( ) ); + + psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_SIGN_MESSAGE ); + psa_set_key_algorithm( &attributes, alg ); + psa_set_key_type( &attributes, key_type ); + + PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len, + &key ) ); + PSA_ASSERT( psa_get_key_attributes( key, &attributes ) ); + key_bits = psa_get_key_bits( &attributes ); + + signature_size = PSA_SIGN_OUTPUT_SIZE( key_type, key_bits, alg ); + TEST_ASSERT( signature_size != 0 ); + TEST_ASSERT( signature_size <= PSA_SIGNATURE_MAX_SIZE ); + ASSERT_ALLOC( signature, signature_size ); + + PSA_ASSERT( psa_sign_message( key, alg, + input_data->x, input_data->len, + signature, signature_size, + &signature_length ) ); + + ASSERT_COMPARE( output_data->x, output_data->len, + signature, signature_length ); + +exit: + psa_reset_key_attributes( &attributes ); + + psa_destroy_key( key ); + mbedtls_free( signature ); + PSA_DONE( ); + +} +/* END_CASE */ + +/* BEGIN_CASE */ +void sign_message_fail( int key_type_arg, + data_t *key_data, + int alg_arg, + data_t *input_data, + int signature_size_arg, + int expected_status_arg ) +{ + mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; + psa_key_type_t key_type = key_type_arg; + psa_algorithm_t alg = alg_arg; + size_t signature_size = signature_size_arg; + psa_status_t actual_status; + psa_status_t expected_status = expected_status_arg; + unsigned char *signature = NULL; + size_t signature_length = 0xdeadbeef; + psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; + + ASSERT_ALLOC( signature, signature_size ); + + PSA_ASSERT( psa_crypto_init( ) ); + + psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_SIGN_MESSAGE ); + psa_set_key_algorithm( &attributes, alg ); + psa_set_key_type( &attributes, key_type ); + + PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len, + &key ) ); + + actual_status = psa_sign_message( key, alg, + input_data->x, input_data->len, + signature, signature_size, + &signature_length ); + TEST_EQUAL( actual_status, expected_status ); + /* The value of *signature_length is unspecified on error, but + * whatever it is, it should be less than signature_size, so that + * if the caller tries to read *signature_length bytes without + * checking the error code then they don't overflow a buffer. */ + TEST_ASSERT( signature_length <= signature_size ); + +exit: + psa_reset_key_attributes( &attributes ); + psa_destroy_key( key ); + mbedtls_free( signature ); + PSA_DONE( ); +} +/* END_CASE */ + +/* BEGIN_CASE */ +void sign_verify_message( int key_type_arg, + data_t *key_data, + int alg_arg, + data_t *input_data ) +{ + mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; + psa_key_type_t key_type = key_type_arg; + psa_algorithm_t alg = alg_arg; + size_t key_bits; + unsigned char *signature = NULL; + size_t signature_size; + size_t signature_length = 0xdeadbeef; + psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; + + PSA_ASSERT( psa_crypto_init( ) ); + + psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_SIGN_MESSAGE | + PSA_KEY_USAGE_VERIFY_MESSAGE ); + psa_set_key_algorithm( &attributes, alg ); + psa_set_key_type( &attributes, key_type ); + + PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len, + &key ) ); + PSA_ASSERT( psa_get_key_attributes( key, &attributes ) ); + key_bits = psa_get_key_bits( &attributes ); + + signature_size = PSA_SIGN_OUTPUT_SIZE( key_type, key_bits, alg ); + TEST_ASSERT( signature_size != 0 ); + TEST_ASSERT( signature_size <= PSA_SIGNATURE_MAX_SIZE ); + ASSERT_ALLOC( signature, signature_size ); + + PSA_ASSERT( psa_sign_message( key, alg, + input_data->x, input_data->len, + signature, signature_size, + &signature_length ) ); + TEST_ASSERT( signature_length <= signature_size ); + TEST_ASSERT( signature_length > 0 ); + + PSA_ASSERT( psa_verify_message( key, alg, + input_data->x, input_data->len, + signature, signature_length ) ); + + if( input_data->len != 0 ) + { + /* Flip a bit in the input and verify that the signature is now + * detected as invalid. Flip a bit at the beginning, not at the end, + * because ECDSA may ignore the last few bits of the input. */ + input_data->x[0] ^= 1; + TEST_EQUAL( psa_verify_message( key, alg, + input_data->x, input_data->len, + signature, signature_length ), + PSA_ERROR_INVALID_SIGNATURE ); + } + +exit: + psa_reset_key_attributes( &attributes ); + + psa_destroy_key( key ); + mbedtls_free( signature ); + PSA_DONE( ); +} +/* END_CASE */ + +/* BEGIN_CASE */ +void verify_message( int key_type_arg, + data_t *key_data, + int alg_arg, + data_t *input_data, + data_t *signature_data ) +{ + mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; + psa_key_type_t key_type = key_type_arg; + psa_algorithm_t alg = alg_arg; + psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; + + TEST_ASSERT( signature_data->len <= PSA_SIGNATURE_MAX_SIZE ); + + PSA_ASSERT( psa_crypto_init( ) ); + + psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_VERIFY_MESSAGE ); + psa_set_key_algorithm( &attributes, alg ); + psa_set_key_type( &attributes, key_type ); + + PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len, + &key ) ); + + PSA_ASSERT( psa_verify_message( key, alg, + input_data->x, input_data->len, + signature_data->x, signature_data->len ) ); + +exit: + psa_reset_key_attributes( &attributes ); + psa_destroy_key( key ); + PSA_DONE( ); +} +/* END_CASE */ + +/* BEGIN_CASE */ +void verify_message_fail( int key_type_arg, + data_t *key_data, + int alg_arg, + data_t *hash_data, + data_t *signature_data, + int expected_status_arg ) +{ + mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; + psa_key_type_t key_type = key_type_arg; + psa_algorithm_t alg = alg_arg; + psa_status_t actual_status; + psa_status_t expected_status = expected_status_arg; + psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; + + PSA_ASSERT( psa_crypto_init( ) ); + + psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_VERIFY_MESSAGE ); + psa_set_key_algorithm( &attributes, alg ); + psa_set_key_type( &attributes, key_type ); + + PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len, + &key ) ); + + actual_status = psa_verify_message( key, alg, + hash_data->x, hash_data->len, + signature_data->x, + signature_data->len ); + TEST_EQUAL( actual_status, expected_status ); + +exit: + psa_reset_key_attributes( &attributes ); + psa_destroy_key( key ); + PSA_DONE( ); +} +/* END_CASE */ + /* BEGIN_CASE */ void asymmetric_encrypt( int key_type_arg, data_t *key_data, From 36658e46ba0ab3f0766c9f3e085715b961a977fc Mon Sep 17 00:00:00 2001 From: gabor-mezei-arm Date: Tue, 20 Apr 2021 12:08:36 +0200 Subject: [PATCH 104/188] Update PSA_ALG_IS_SIGN_MESSAGE Add missing algorithm for PSA_ALG_IS_SIGN_MESSAGE and update documentation. Signed-off-by: gabor-mezei-arm --- include/psa/crypto_values.h | 10 ++++------ 1 file changed, 4 insertions(+), 6 deletions(-) diff --git a/include/psa/crypto_values.h b/include/psa/crypto_values.h index 2fd1ad5dec..5fc868814d 100644 --- a/include/psa/crypto_values.h +++ b/include/psa/crypto_values.h @@ -1556,15 +1556,13 @@ * \param alg An algorithm identifier (value of type #psa_algorithm_t). * * \return 1 if alg is a signature algorithm that can be used to sign a - * message. 0 if alg is a signature algorithm that can only be used - * to sign an already-calculated hash. 0 if alg is not a signature - * algorithm. This macro can return either 0 or 1 if alg is not a + * message. 0 if \p alg is a signature algorithm that can only be used + * to sign an already-calculated hash. 0 if \p alg is not a signature + * algorithm. This macro can return either 0 or 1 if \p alg is not a * supported algorithm identifier. */ #define PSA_ALG_IS_SIGN_MESSAGE(alg) \ - (PSA_ALG_IS_RSA_PSS(alg) || PSA_ALG_IS_RSA_PKCS1V15_SIGN(alg) || \ - PSA_ALG_IS_ECDSA(alg) || PSA_ALG_IS_HASH_EDDSA(alg) || \ - PSA_ALG_IS_VENDOR_HASH_AND_SIGN(alg)) + (PSA_ALG_IS_HASH_AND_SIGN(alg) || (alg) == PSA_ALG_PURE_EDDSA ) /** Get the hash used by a hash-and-sign signature algorithm. * From 5b4465259304e35719d5493cd2a32def98d7c475 Mon Sep 17 00:00:00 2001 From: gabor-mezei-arm Date: Tue, 20 Apr 2021 12:11:35 +0200 Subject: [PATCH 105/188] Unify similar functions Use common funtion for psa_sign_hash and psa_sign_message and one for psa_verify_hash and psa_verify_message to unify them. Signed-off-by: gabor-mezei-arm --- library/psa_crypto.c | 274 +++++++++++++++++++++++-------------------- 1 file changed, 148 insertions(+), 126 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index c649d1cfed..3f35868f8a 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -2460,26 +2460,51 @@ cleanup: /* Asymmetric cryptography */ /****************************************************************/ -psa_status_t psa_sign_message( mbedtls_svc_key_id_t key, - psa_algorithm_t alg, - const uint8_t * input, - size_t input_length, - uint8_t * signature, - size_t signature_size, - size_t * signature_length ) +typedef enum +{ + PSA_SIGN_INVALID = 0, + PSA_SIGN_HASH = 1, + PSA_SIGN_MESSAGE +} psa_sign_operation_t; + +typedef enum +{ + PSA_VERIFY_INVALID = 0, + PSA_VERIFY_HASH = 1, + PSA_VERIFY_MESSAGE +} psa_verify_operation_t; + +static psa_status_t psa_sign_internal( mbedtls_svc_key_id_t key, + psa_sign_operation_t operation, + psa_algorithm_t alg, + const uint8_t * input, + size_t input_length, + uint8_t * signature, + size_t signature_size, + size_t * signature_length ) { psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED; psa_key_slot_t *slot; - size_t hash_length; - uint8_t hash[PSA_HASH_MAX_SIZE]; *signature_length = 0; - if( ! PSA_ALG_IS_SIGN_MESSAGE( alg ) ) - return( PSA_ERROR_INVALID_ARGUMENT ); + if( operation == PSA_SIGN_MESSAGE ) + { + if( ! PSA_ALG_IS_SIGN_MESSAGE( alg ) ) + return( PSA_ERROR_INVALID_ARGUMENT ); - if ( ! PSA_ALG_IS_HASH( PSA_ALG_SIGN_GET_HASH( alg ) ) ) + if ( PSA_ALG_IS_HASH_AND_SIGN( alg ) ) + { + if( ! PSA_ALG_IS_HASH( PSA_ALG_SIGN_GET_HASH( alg ) ) ) + return( PSA_ERROR_INVALID_ARGUMENT ); + } + /* Curently only hash-then-sign algorithms are supported. */ + else + return( PSA_ERROR_INVALID_ARGUMENT ); + } + + else if( operation == PSA_SIGN_INVALID ) return( PSA_ERROR_INVALID_ARGUMENT ); /* Immediately reject a zero-length signature buffer. This guarantees @@ -2489,9 +2514,12 @@ psa_status_t psa_sign_message( mbedtls_svc_key_id_t key, if( signature_size == 0 ) return( PSA_ERROR_BUFFER_TOO_SMALL ); - status = psa_get_and_lock_key_slot_with_policy( key, &slot, - PSA_KEY_USAGE_SIGN_MESSAGE, - alg ); + status = psa_get_and_lock_key_slot_with_policy( + key, &slot, + operation == PSA_SIGN_HASH ? PSA_KEY_USAGE_SIGN_HASH : + PSA_KEY_USAGE_SIGN_MESSAGE, + alg ); + if( status != PSA_SUCCESS ) goto exit; @@ -2505,23 +2533,33 @@ psa_status_t psa_sign_message( mbedtls_svc_key_id_t key, .core = slot->attr }; - status = psa_driver_wrapper_hash_compute( PSA_ALG_SIGN_GET_HASH( alg ), - input, input_length, - hash, sizeof( hash ), - &hash_length ); - - if( status != PSA_SUCCESS ) + if( operation == PSA_SIGN_MESSAGE ) { - memset( hash, 0, sizeof( hash ) ); - goto exit; + size_t hash_length; + uint8_t hash[PSA_HASH_MAX_SIZE]; + + status = psa_driver_wrapper_hash_compute( PSA_ALG_SIGN_GET_HASH( alg ), + input, input_length, + hash, sizeof( hash ), + &hash_length ); + + if( status != PSA_SUCCESS ) + goto exit; + + status = psa_driver_wrapper_sign_hash( + &attributes, slot->key.data, slot->key.bytes, + alg, hash, hash_length, + signature, signature_size, signature_length ); + } + else if( operation == PSA_SIGN_HASH ) + { + + status = psa_driver_wrapper_sign_hash( + &attributes, slot->key.data, slot->key.bytes, + alg, input, input_length, + signature, signature_size, signature_length ); } - status = psa_driver_wrapper_sign_hash( - &attributes, slot->key.data, slot->key.bytes, - alg, hash, hash_length, - signature, signature_size, signature_length ); - - memset( hash, 0, hash_length ); exit: /* Fill the unused part of the output buffer (the whole buffer on error, @@ -2541,28 +2579,42 @@ exit: return( ( status == PSA_SUCCESS ) ? unlock_status : status ); } -psa_status_t psa_verify_message( mbedtls_svc_key_id_t key, - psa_algorithm_t alg, - const uint8_t * input, - size_t input_length, - const uint8_t * signature, - size_t signature_length ) +static psa_status_t psa_verify_internal( mbedtls_svc_key_id_t key, + psa_verify_operation_t operation, + psa_algorithm_t alg, + const uint8_t * input, + size_t input_length, + const uint8_t * signature, + size_t signature_length ) { psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED; psa_key_slot_t *slot; - size_t hash_length; - uint8_t hash[PSA_HASH_MAX_SIZE]; - if( ! PSA_ALG_IS_SIGN_MESSAGE( alg ) ) + if( operation == PSA_VERIFY_MESSAGE ) + { + if( ! PSA_ALG_IS_SIGN_MESSAGE( alg ) ) + return( PSA_ERROR_INVALID_ARGUMENT ); + + if ( PSA_ALG_IS_HASH_AND_SIGN( alg ) ) + { + if( ! PSA_ALG_IS_HASH( PSA_ALG_SIGN_GET_HASH( alg ) ) ) + return( PSA_ERROR_INVALID_ARGUMENT ); + } + /* Curently only hash-then-sign algorithms are supported. */ + else + return( PSA_ERROR_INVALID_ARGUMENT ); + } + + else if( operation == PSA_VERIFY_INVALID ) return( PSA_ERROR_INVALID_ARGUMENT ); - if ( ! PSA_ALG_IS_HASH( PSA_ALG_SIGN_GET_HASH( alg ) ) ) - return( PSA_ERROR_INVALID_ARGUMENT ); + status = psa_get_and_lock_key_slot_with_policy( + key, &slot, + operation == PSA_VERIFY_HASH ? PSA_KEY_USAGE_VERIFY_HASH : + PSA_KEY_USAGE_VERIFY_MESSAGE, + alg ); - status = psa_get_and_lock_key_slot_with_policy( key, &slot, - PSA_KEY_USAGE_VERIFY_MESSAGE, - alg ); if( status != PSA_SUCCESS ) return( status ); @@ -2570,28 +2622,62 @@ psa_status_t psa_verify_message( mbedtls_svc_key_id_t key, .core = slot->attr }; - status = psa_driver_wrapper_hash_compute( PSA_ALG_SIGN_GET_HASH( alg ), - input, input_length, - hash, sizeof( hash ), - &hash_length ); - - if( status != PSA_SUCCESS ) + if( operation == PSA_VERIFY_MESSAGE ) { - memset( hash, 0, sizeof( hash ) ); - goto exit; + size_t hash_length; + uint8_t hash[PSA_HASH_MAX_SIZE]; + + status = psa_driver_wrapper_hash_compute( PSA_ALG_SIGN_GET_HASH( alg ), + input, input_length, + hash, sizeof( hash ), + &hash_length ); + + if( status != PSA_SUCCESS ) + goto exit; + + status = psa_driver_wrapper_verify_hash( + &attributes, slot->key.data, slot->key.bytes, + alg, hash, hash_length, + signature, signature_length ); + } + else if( operation == PSA_VERIFY_HASH ) + { + status = psa_driver_wrapper_verify_hash( + &attributes, slot->key.data, slot->key.bytes, + alg, input, input_length, + signature, signature_length ); } - - status = psa_driver_wrapper_verify_hash( - &attributes, slot->key.data, slot->key.bytes, - alg, hash, hash_length, - signature, signature_length ); - - memset( hash, 0, hash_length ); exit: unlock_status = psa_unlock_key_slot( slot ); return( ( status == PSA_SUCCESS ) ? unlock_status : status ); + +} + +psa_status_t psa_sign_message( mbedtls_svc_key_id_t key, + psa_algorithm_t alg, + const uint8_t * input, + size_t input_length, + uint8_t * signature, + size_t signature_size, + size_t * signature_length ) +{ + return psa_sign_internal( + key, PSA_SIGN_MESSAGE, alg, input, input_length, + signature, signature_size, signature_length ); +} + +psa_status_t psa_verify_message( mbedtls_svc_key_id_t key, + psa_algorithm_t alg, + const uint8_t * input, + size_t input_length, + const uint8_t * signature, + size_t signature_length ) +{ + return psa_verify_internal( + key, PSA_VERIFY_MESSAGE, alg, input, input_length, + signature, signature_length ); } psa_status_t psa_sign_hash_internal( @@ -2660,54 +2746,9 @@ psa_status_t psa_sign_hash( mbedtls_svc_key_id_t key, size_t signature_size, size_t *signature_length ) { - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED; - psa_key_slot_t *slot; - - *signature_length = signature_size; - /* Immediately reject a zero-length signature buffer. This guarantees - * that signature must be a valid pointer. (On the other hand, the hash - * buffer can in principle be empty since it doesn't actually have - * to be a hash.) */ - if( signature_size == 0 ) - return( PSA_ERROR_BUFFER_TOO_SMALL ); - - status = psa_get_and_lock_key_slot_with_policy( key, &slot, - PSA_KEY_USAGE_SIGN_HASH, - alg ); - if( status != PSA_SUCCESS ) - goto exit; - if( ! PSA_KEY_TYPE_IS_KEY_PAIR( slot->attr.type ) ) - { - status = PSA_ERROR_INVALID_ARGUMENT; - goto exit; - } - - psa_key_attributes_t attributes = { - .core = slot->attr - }; - - status = psa_driver_wrapper_sign_hash( - &attributes, slot->key.data, slot->key.bytes, - alg, hash, hash_length, + return psa_sign_internal( + key, PSA_SIGN_HASH, alg, hash, hash_length, signature, signature_size, signature_length ); - -exit: - /* Fill the unused part of the output buffer (the whole buffer on error, - * the trailing part on success) with something that isn't a valid mac - * (barring an attack on the mac and deliberately-crafted input), - * in case the caller doesn't check the return status properly. */ - if( status == PSA_SUCCESS ) - memset( signature + *signature_length, '!', - signature_size - *signature_length ); - else - memset( signature, '!', signature_size ); - /* If signature_size is 0 then we have nothing to do. We must not call - * memset because signature may be NULL in this case. */ - - unlock_status = psa_unlock_key_slot( slot ); - - return( ( status == PSA_SUCCESS ) ? unlock_status : status ); } psa_status_t psa_verify_hash_internal( @@ -2774,28 +2815,9 @@ psa_status_t psa_verify_hash( mbedtls_svc_key_id_t key, const uint8_t *signature, size_t signature_length ) { - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED; - psa_key_slot_t *slot; - - status = psa_get_and_lock_key_slot_with_policy( key, &slot, - PSA_KEY_USAGE_VERIFY_HASH, - alg ); - if( status != PSA_SUCCESS ) - return( status ); - - psa_key_attributes_t attributes = { - .core = slot->attr - }; - - status = psa_driver_wrapper_verify_hash( - &attributes, slot->key.data, slot->key.bytes, - alg, hash, hash_length, + return psa_verify_internal( + key, PSA_VERIFY_HASH, alg, hash, hash_length, signature, signature_length ); - - unlock_status = psa_unlock_key_slot( slot ); - - return( ( status == PSA_SUCCESS ) ? unlock_status : status ); } #if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP) From 38cbaf2881ba29e13406cc8cc7e948e4aef63917 Mon Sep 17 00:00:00 2001 From: gabor-mezei-arm Date: Thu, 22 Apr 2021 11:27:47 +0200 Subject: [PATCH 106/188] Typo Signed-off-by: gabor-mezei-arm --- include/psa/crypto.h | 20 ++++++++++---------- library/psa_crypto_core.h | 2 -- 2 files changed, 10 insertions(+), 12 deletions(-) diff --git a/include/psa/crypto.h b/include/psa/crypto.h index eedf5f52d1..c45ad844bd 100644 --- a/include/psa/crypto.h +++ b/include/psa/crypto.h @@ -2898,17 +2898,17 @@ psa_status_t psa_aead_abort(psa_aead_operation_t *operation); * psa_sign_hash(). PSA_ALG_GET_HASH(\p alg) can be used to determine the * hash algorithm to use. * - * \param[in] key Identifier of the key to use for the operation. + * \param[in] key Identifier of the key to use for the operation. * It must be an asymmetric key pair. The key must * allow the usage #PSA_KEY_USAGE_SIGN_MESSAGE. - * \param[in] alg An asymmetric signature algorithm (PSA_ALG_XXX + * \param[in] alg An asymmetric signature algorithm (PSA_ALG_XXX * value such that #PSA_ALG_IS_SIGN_MESSAGE(\p alg) * is true), that is compatible with the type of * \p key. - * \param[in] input The input message to sign. - * \param[in] input_length Size of the \p input buffer in bytes. + * \param[in] input The input message to sign. + * \param[in] input_length Size of the \p input buffer in bytes. * \param[out] signature Buffer where the signature is to be written. - * \param[in] signature_size Size of the \p signature buffer in bytes. This + * \param[in] signature_size Size of the \p signature buffer in bytes. This * must be appropriate for the selected * algorithm and key: * - The required signature size is @@ -2964,18 +2964,18 @@ psa_status_t psa_sign_message( mbedtls_svc_key_id_t key, * PSA_ALG_GET_HASH(\p alg) can be used to determine the hash algorithm * to use. * - * \param[in] key Identifier of the key to use for the operation. + * \param[in] key Identifier of the key to use for the operation. * It must be a public key or an asymmetric key * pair. The key must allow the usage * #PSA_KEY_USAGE_VERIFY_MESSAGE. - * \param[in] alg An asymmetric signature algorithm (PSA_ALG_XXX + * \param[in] alg An asymmetric signature algorithm (PSA_ALG_XXX * value such that #PSA_ALG_IS_SIGN_MESSAGE(\p alg) * is true), that is compatible with the type of * \p key. - * \param[in] input The message whose signature is to be verified. - * \param[in] input_length Size of the \p input buffer in bytes. + * \param[in] input The message whose signature is to be verified. + * \param[in] input_length Size of the \p input buffer in bytes. * \param[out] signature Buffer containing the signature to verify. - * \param[in] signature_length Size of the \p signature buffer in bytes. + * \param[in] signature_length Size of the \p signature buffer in bytes. * * \retval #PSA_SUCCESS * \retval #PSA_ERROR_INVALID_HANDLE diff --git a/library/psa_crypto_core.h b/library/psa_crypto_core.h index b75e59a819..21464a426e 100644 --- a/library/psa_crypto_core.h +++ b/library/psa_crypto_core.h @@ -388,7 +388,6 @@ psa_status_t psa_generate_key_internal( const psa_key_attributes_t *attributes, * \param[in] attributes The attributes of the key to use for the * operation. * \param[in] key_buffer The buffer containing the key context. - * format. * \param[in] key_buffer_size Size of the \p key_buffer buffer in bytes. * \param[in] alg A signature algorithm that is compatible with * the type of the key. @@ -429,7 +428,6 @@ psa_status_t psa_sign_hash_internal( * \param[in] attributes The attributes of the key to use for the * operation. * \param[in] key_buffer The buffer containing the key context. - * format. * \param[in] key_buffer_size Size of the \p key_buffer buffer in bytes. * \param[in] alg A signature algorithm that is compatible with * the type of the key. From 50eac35d58f1fd9f0d4c03a707a0472c388f10d9 Mon Sep 17 00:00:00 2001 From: gabor-mezei-arm Date: Thu, 22 Apr 2021 11:32:19 +0200 Subject: [PATCH 107/188] Dispatch sign/verify funtions through the driver interface Signed-off-by: gabor-mezei-arm --- library/psa_crypto.c | 88 +++++--- library/psa_crypto_core.h | 73 +++++++ library/psa_crypto_driver_wrappers.c | 204 ++++++++++++++++++ library/psa_crypto_driver_wrappers.h | 21 ++ tests/include/test/drivers/signature.h | 42 ++++ tests/src/drivers/test_driver_signature.c | 251 +++++++++++++++++----- 6 files changed, 602 insertions(+), 77 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 3f35868f8a..33b97079cf 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -2535,20 +2535,9 @@ static psa_status_t psa_sign_internal( mbedtls_svc_key_id_t key, if( operation == PSA_SIGN_MESSAGE ) { - size_t hash_length; - uint8_t hash[PSA_HASH_MAX_SIZE]; - - status = psa_driver_wrapper_hash_compute( PSA_ALG_SIGN_GET_HASH( alg ), - input, input_length, - hash, sizeof( hash ), - &hash_length ); - - if( status != PSA_SUCCESS ) - goto exit; - - status = psa_driver_wrapper_sign_hash( + status = psa_driver_wrapper_sign_message( &attributes, slot->key.data, slot->key.bytes, - alg, hash, hash_length, + alg, input, input_length, signature, signature_size, signature_length ); } else if( operation == PSA_SIGN_HASH ) @@ -2624,20 +2613,9 @@ static psa_status_t psa_verify_internal( mbedtls_svc_key_id_t key, if( operation == PSA_VERIFY_MESSAGE ) { - size_t hash_length; - uint8_t hash[PSA_HASH_MAX_SIZE]; - - status = psa_driver_wrapper_hash_compute( PSA_ALG_SIGN_GET_HASH( alg ), - input, input_length, - hash, sizeof( hash ), - &hash_length ); - - if( status != PSA_SUCCESS ) - goto exit; - - status = psa_driver_wrapper_verify_hash( + status = psa_driver_wrapper_verify_message( &attributes, slot->key.data, slot->key.bytes, - alg, hash, hash_length, + alg, input, input_length, signature, signature_length ); } else if( operation == PSA_VERIFY_HASH ) @@ -2648,13 +2626,41 @@ static psa_status_t psa_verify_internal( mbedtls_svc_key_id_t key, signature, signature_length ); } -exit: unlock_status = psa_unlock_key_slot( slot ); return( ( status == PSA_SUCCESS ) ? unlock_status : status ); } +psa_status_t psa_sign_message_internal( + const psa_key_attributes_t *attributes, + const uint8_t *key_buffer, + size_t key_buffer_size, + psa_algorithm_t alg, + const uint8_t *input, + size_t input_length, + uint8_t *signature, + size_t signature_size, + size_t *signature_length ) +{ + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + size_t hash_length; + uint8_t hash[PSA_HASH_MAX_SIZE]; + + status = psa_driver_wrapper_hash_compute( PSA_ALG_SIGN_GET_HASH( alg ), + input, input_length, + hash, sizeof( hash ), + &hash_length ); + + if( status != PSA_SUCCESS ) + return status; + + return psa_sign_hash_internal( + attributes, key_buffer, key_buffer_size, + alg, hash, hash_length, + signature, signature_size, signature_length ); +} + psa_status_t psa_sign_message( mbedtls_svc_key_id_t key, psa_algorithm_t alg, const uint8_t * input, @@ -2668,6 +2674,34 @@ psa_status_t psa_sign_message( mbedtls_svc_key_id_t key, signature, signature_size, signature_length ); } +psa_status_t psa_verify_message_internal( + const psa_key_attributes_t *attributes, + const uint8_t *key_buffer, + size_t key_buffer_size, + psa_algorithm_t alg, + const uint8_t *input, + size_t input_length, + const uint8_t *signature, + size_t signature_length ) +{ + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + size_t hash_length; + uint8_t hash[PSA_HASH_MAX_SIZE]; + + status = psa_driver_wrapper_hash_compute( PSA_ALG_SIGN_GET_HASH( alg ), + input, input_length, + hash, sizeof( hash ), + &hash_length ); + + if( status != PSA_SUCCESS ) + return status; + + return psa_verify_hash_internal( + attributes, key_buffer, key_buffer_size, + alg, hash, hash_length, + signature, signature_length ); +} + psa_status_t psa_verify_message( mbedtls_svc_key_id_t key, psa_algorithm_t alg, const uint8_t * input, diff --git a/library/psa_crypto_core.h b/library/psa_crypto_core.h index 21464a426e..d28b18eac8 100644 --- a/library/psa_crypto_core.h +++ b/library/psa_crypto_core.h @@ -377,6 +377,79 @@ psa_status_t psa_generate_key_internal( const psa_key_attributes_t *attributes, uint8_t *key_buffer, size_t key_buffer_size, size_t *key_buffer_length ); +/** Sign a message with a private key. For hash-and-sign algorithms, + * this includes the hashing step. + * + * \note The signature of this function is that of a PSA driver + * sign_message entry point. This function behaves as a sign_message + * entry point as defined in the PSA driver interface specification for + * transparent drivers. + * + * \param[in] attributes The attributes of the key to use for the + * operation. + * \param[in] key_buffer The buffer containing the key context. + * \param[in] key_buffer_size Size of the \p key_buffer buffer in bytes. + * \param[in] alg A signature algorithm that is compatible with + * the type of the key. + * \param[in] input The input message to sign. + * \param[in] input_length Size of the \p input buffer in bytes. + * \param[out] signature Buffer where the signature is to be written. + * \param[in] signature_size Size of the \p signature buffer in bytes. + * \param[out] signature_length On success, the number of bytes + * that make up the returned signature value. + * + * \retval #PSA_SUCCESS + * \retval #PSA_ERROR_BUFFER_TOO_SMALL + * The size of the \p signature buffer is too small. You can + * determine a sufficient buffer size by calling + * #PSA_SIGN_OUTPUT_SIZE(\c key_type, \c key_bits, \p alg) + * where \c key_type and \c key_bits are the type and bit-size + * respectively of the key. + * \retval #PSA_ERROR_NOT_SUPPORTED + * \retval #PSA_ERROR_INVALID_ARGUMENT + * \retval #PSA_ERROR_INSUFFICIENT_MEMORY + * \retval #PSA_ERROR_CORRUPTION_DETECTED + * \retval #PSA_ERROR_INSUFFICIENT_ENTROPY + */ +psa_status_t psa_sign_message_internal( + const psa_key_attributes_t *attributes, + const uint8_t *key_buffer, size_t key_buffer_size, + psa_algorithm_t alg, const uint8_t *input, size_t input_length, + uint8_t *signature, size_t signature_size, size_t *signature_length ); + +/** Verify the signature of a message with a public key, using + * a hash-and-sign verification algorithm. + * + * \note The signature of this function is that of a PSA driver + * verify_message entry point. This function behaves as a verify_message + * entry point as defined in the PSA driver interface specification for + * transparent drivers. + * + * \param[in] attributes The attributes of the key to use for the + * operation. + * \param[in] key_buffer The buffer containing the key context. + * \param[in] key_buffer_size Size of the \p key_buffer buffer in bytes. + * \param[in] alg A signature algorithm that is compatible with + * the type of the key. + * \param[in] input The message whose signature is to be verified. + * \param[in] input_length Size of the \p input buffer in bytes. + * \param[in] signature Buffer containing the signature to verify. + * \param[in] signature_length Size of the \p signature buffer in bytes. + * + * \retval #PSA_SUCCESS + * The signature is valid. + * \retval #PSA_ERROR_INVALID_SIGNATURE + * The calculation was performed successfully, but the passed + * signature is not a valid signature. + * \retval #PSA_ERROR_NOT_SUPPORTED + * \retval #PSA_ERROR_INVALID_ARGUMENT + * \retval #PSA_ERROR_INSUFFICIENT_MEMORY + */ +psa_status_t psa_verify_message_internal( + const psa_key_attributes_t *attributes, + const uint8_t *key_buffer, size_t key_buffer_size, + psa_algorithm_t alg, const uint8_t *input, size_t input_length, + const uint8_t *signature, size_t signature_length ); /** Sign an already-calculated hash with a private key. * diff --git a/library/psa_crypto_driver_wrappers.c b/library/psa_crypto_driver_wrappers.c index 795e424894..1f204ccfd9 100644 --- a/library/psa_crypto_driver_wrappers.c +++ b/library/psa_crypto_driver_wrappers.c @@ -65,6 +65,210 @@ #endif /* Start delegation functions */ +psa_status_t psa_driver_wrapper_sign_message( + const psa_key_attributes_t *attributes, + const uint8_t *key_buffer, + size_t key_buffer_size, + psa_algorithm_t alg, + const uint8_t *input, + size_t input_length, + uint8_t *signature, + size_t signature_size, + size_t *signature_length ) +{ + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + + /* Try dynamically-registered SE interface first */ +#if defined(MBEDTLS_PSA_CRYPTO_SE_C) + const psa_drv_se_t *drv; + psa_drv_se_context_t *drv_context; + + if( psa_get_se_driver( attributes->core.lifetime, &drv, &drv_context ) ) + { + if( drv->asymmetric == NULL || + drv->asymmetric->p_sign == NULL ) + { + /* Key is defined in SE, but we have no way to exercise it */ + return( PSA_ERROR_NOT_SUPPORTED ); + } + + size_t hash_length; + uint8_t hash[PSA_HASH_MAX_SIZE]; + + status = psa_driver_wrapper_hash_compute( PSA_ALG_SIGN_GET_HASH( alg ), + input, input_length, + hash, sizeof( hash ), + &hash_length ); + + if( status != PSA_ERROR_NOT_SUPPORTED ) + return( status ); + + return( drv->asymmetric->p_sign( + drv_context, *( (psa_key_slot_number_t *)key_buffer ), + alg, hash, hash_length, + signature, signature_size, signature_length ) ); + } +#endif /* PSA_CRYPTO_SE_C */ + + psa_key_location_t location = + PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime ); + + switch( location ) + { + case PSA_KEY_LOCATION_LOCAL_STORAGE: + /* Key is stored in the slot in export representation, so + * cycle through all known transparent accelerators */ +#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) +#if defined(PSA_CRYPTO_DRIVER_TEST) + status = mbedtls_test_transparent_signature_sign_message( + attributes, + key_buffer, + key_buffer_size, + alg, + input, + input_length, + signature, + signature_size, + signature_length ); + /* Declared with fallback == true */ + if( status != PSA_ERROR_NOT_SUPPORTED ) + return( status ); +#endif /* PSA_CRYPTO_DRIVER_TEST */ +#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ + /* Fell through, meaning no accelerator supports this operation */ + return( psa_sign_message_internal( attributes, + key_buffer, + key_buffer_size, + alg, + input, + input_length, + signature, + signature_size, + signature_length ) ); + + /* Add cases for opaque driver here */ +#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) +#if defined(PSA_CRYPTO_DRIVER_TEST) + case PSA_CRYPTO_TEST_DRIVER_LIFETIME: + return( mbedtls_test_opaque_signature_sign_message( + attributes, + key_buffer, + key_buffer_size, + alg, + input, + input_length, + signature, + signature_size, + signature_length ) ); +#endif /* PSA_CRYPTO_DRIVER_TEST */ +#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ + default: + /* Key is declared with a lifetime not known to us */ + (void)status; + return( PSA_ERROR_INVALID_ARGUMENT ); + } +} + +psa_status_t psa_driver_wrapper_verify_message( + const psa_key_attributes_t *attributes, + const uint8_t *key_buffer, + size_t key_buffer_size, + psa_algorithm_t alg, + const uint8_t *input, + size_t input_length, + const uint8_t *signature, + size_t signature_length ) +{ + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + + /* Try dynamically-registered SE interface first */ +#if defined(MBEDTLS_PSA_CRYPTO_SE_C) + const psa_drv_se_t *drv; + psa_drv_se_context_t *drv_context; + + if( psa_get_se_driver( attributes->core.lifetime, &drv, &drv_context ) ) + { + if( drv->asymmetric == NULL || + drv->asymmetric->p_verify == NULL ) + { + /* Key is defined in SE, but we have no way to exercise it */ + return( PSA_ERROR_NOT_SUPPORTED ); + } + + size_t hash_length; + uint8_t hash[PSA_HASH_MAX_SIZE]; + + status = psa_driver_wrapper_hash_compute( PSA_ALG_SIGN_GET_HASH( alg ), + input, input_length, + hash, sizeof( hash ), + &hash_length ); + + if( status != PSA_ERROR_NOT_SUPPORTED ) + return( status ); + + return( drv->asymmetric->p_verify( + drv_context, *( (psa_key_slot_number_t *)key_buffer ), + alg, hash, hash_length, + signature, signature_length ) ); + } +#endif /* PSA_CRYPTO_SE_C */ + + psa_key_location_t location = + PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime ); + + switch( location ) + { + case PSA_KEY_LOCATION_LOCAL_STORAGE: + /* Key is stored in the slot in export representation, so + * cycle through all known transparent accelerators */ +#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) +#if defined(PSA_CRYPTO_DRIVER_TEST) + status = mbedtls_test_transparent_signature_verify_message( + attributes, + key_buffer, + key_buffer_size, + alg, + input, + input_length, + signature, + signature_length ); + /* Declared with fallback == true */ + if( status != PSA_ERROR_NOT_SUPPORTED ) + return( status ); +#endif /* PSA_CRYPTO_DRIVER_TEST */ +#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ + + return( psa_verify_message_internal( attributes, + key_buffer, + key_buffer_size, + alg, + input, + input_length, + signature, + signature_length ) ); + + /* Add cases for opaque driver here */ +#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) +#if defined(PSA_CRYPTO_DRIVER_TEST) + case PSA_CRYPTO_TEST_DRIVER_LIFETIME: + return( mbedtls_test_opaque_signature_verify_message( + attributes, + key_buffer, + key_buffer_size, + alg, + input, + input_length, + signature, + signature_length ) ); +#endif /* PSA_CRYPTO_DRIVER_TEST */ +#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ + default: + /* Key is declared with a lifetime not known to us */ + (void)status; + return( PSA_ERROR_INVALID_ARGUMENT ); + } +} + psa_status_t psa_driver_wrapper_sign_hash( const psa_key_attributes_t *attributes, const uint8_t *key_buffer, size_t key_buffer_size, diff --git a/library/psa_crypto_driver_wrappers.h b/library/psa_crypto_driver_wrappers.h index 37d5a9a1c0..732ed2a7fa 100644 --- a/library/psa_crypto_driver_wrappers.h +++ b/library/psa_crypto_driver_wrappers.h @@ -28,6 +28,27 @@ /* * Signature functions */ +psa_status_t psa_driver_wrapper_sign_message( + const psa_key_attributes_t *attributes, + const uint8_t *key_buffer, + size_t key_buffer_size, + psa_algorithm_t alg, + const uint8_t *input, + size_t input_length, + uint8_t *signature, + size_t signature_size, + size_t *signature_length ); + +psa_status_t psa_driver_wrapper_verify_message( + const psa_key_attributes_t *attributes, + const uint8_t *key_buffer, + size_t key_buffer_size, + psa_algorithm_t alg, + const uint8_t *input, + size_t input_length, + const uint8_t *signature, + size_t signature_length ); + psa_status_t psa_driver_wrapper_sign_hash( const psa_key_attributes_t *attributes, const uint8_t *key_buffer, size_t key_buffer_size, diff --git a/tests/include/test/drivers/signature.h b/tests/include/test/drivers/signature.h index 1586ce9bcb..5e64edc3c8 100644 --- a/tests/include/test/drivers/signature.h +++ b/tests/include/test/drivers/signature.h @@ -54,6 +54,48 @@ extern mbedtls_test_driver_signature_hooks_t extern mbedtls_test_driver_signature_hooks_t mbedtls_test_driver_signature_verify_hooks; +psa_status_t mbedtls_test_transparent_signature_sign_message( + const psa_key_attributes_t *attributes, + const uint8_t *key, + size_t key_length, + psa_algorithm_t alg, + const uint8_t *input, + size_t input_length, + uint8_t *signature, + size_t signature_size, + size_t *signature_length ); + +psa_status_t mbedtls_test_opaque_signature_sign_message( + const psa_key_attributes_t *attributes, + const uint8_t *key, + size_t key_length, + psa_algorithm_t alg, + const uint8_t *input, + size_t input_length, + uint8_t *signature, + size_t signature_size, + size_t *signature_length ); + +psa_status_t mbedtls_test_transparent_signature_verify_message( + const psa_key_attributes_t *attributes, + const uint8_t *key, + size_t key_length, + psa_algorithm_t alg, + const uint8_t *input, + size_t input_length, + const uint8_t *signature, + size_t signature_length ); + +psa_status_t mbedtls_test_opaque_signature_verify_message( + const psa_key_attributes_t *attributes, + const uint8_t *key, + size_t key_length, + psa_algorithm_t alg, + const uint8_t *input, + size_t input_length, + const uint8_t *signature, + size_t signature_length ); + psa_status_t mbedtls_test_transparent_signature_sign_hash( const psa_key_attributes_t *attributes, const uint8_t *key, size_t key_length, diff --git a/tests/src/drivers/test_driver_signature.c b/tests/src/drivers/test_driver_signature.c index be8c1792bc..14de8318e9 100644 --- a/tests/src/drivers/test_driver_signature.c +++ b/tests/src/drivers/test_driver_signature.c @@ -29,6 +29,7 @@ #include "psa/crypto.h" #include "psa_crypto_core.h" #include "psa_crypto_ecp.h" +#include "psa_crypto_hash.h" #include "psa_crypto_rsa.h" #include "mbedtls/ecp.h" @@ -46,30 +47,17 @@ mbedtls_test_driver_signature_hooks_t mbedtls_test_driver_signature_hooks_t mbedtls_test_driver_signature_verify_hooks = MBEDTLS_TEST_DRIVER_SIGNATURE_INIT; -psa_status_t mbedtls_test_transparent_signature_sign_hash( +psa_status_t sign_hash( const psa_key_attributes_t *attributes, - const uint8_t *key_buffer, size_t key_buffer_size, + const uint8_t *key_buffer, + size_t key_buffer_size, psa_algorithm_t alg, - const uint8_t *hash, size_t hash_length, - uint8_t *signature, size_t signature_size, size_t *signature_length ) + const uint8_t *hash, + size_t hash_length, + uint8_t *signature, + size_t signature_size, + size_t *signature_length ) { - ++mbedtls_test_driver_signature_sign_hooks.hits; - - if( mbedtls_test_driver_signature_sign_hooks.forced_status != PSA_SUCCESS ) - return( mbedtls_test_driver_signature_sign_hooks.forced_status ); - - if( mbedtls_test_driver_signature_sign_hooks.forced_output != NULL ) - { - if( mbedtls_test_driver_signature_sign_hooks.forced_output_length > - signature_size ) - return( PSA_ERROR_BUFFER_TOO_SMALL ); - memcpy( signature, - mbedtls_test_driver_signature_sign_hooks.forced_output, - mbedtls_test_driver_signature_sign_hooks.forced_output_length ); - *signature_length = mbedtls_test_driver_signature_sign_hooks.forced_output_length; - return( PSA_SUCCESS ); - } - #if defined(MBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_SIGN) || \ defined(MBEDTLS_PSA_ACCEL_ALG_RSA_PSS) if( attributes->core.type == PSA_KEY_TYPE_RSA_KEY_PAIR ) @@ -124,38 +112,16 @@ psa_status_t mbedtls_test_transparent_signature_sign_hash( } } -psa_status_t mbedtls_test_opaque_signature_sign_hash( +psa_status_t verify_hash( const psa_key_attributes_t *attributes, - const uint8_t *key, size_t key_length, + const uint8_t *key_buffer, + size_t key_buffer_size, psa_algorithm_t alg, - const uint8_t *hash, size_t hash_length, - uint8_t *signature, size_t signature_size, size_t *signature_length ) + const uint8_t *hash, + size_t hash_length, + const uint8_t *signature, + size_t signature_length ) { - (void) attributes; - (void) key; - (void) key_length; - (void) alg; - (void) hash; - (void) hash_length; - (void) signature; - (void) signature_size; - (void) signature_length; - - return( PSA_ERROR_NOT_SUPPORTED ); -} - -psa_status_t mbedtls_test_transparent_signature_verify_hash( - const psa_key_attributes_t *attributes, - const uint8_t *key_buffer, size_t key_buffer_size, - psa_algorithm_t alg, - const uint8_t *hash, size_t hash_length, - const uint8_t *signature, size_t signature_length ) -{ - ++mbedtls_test_driver_signature_verify_hooks.hits; - - if( mbedtls_test_driver_signature_verify_hooks.forced_status != PSA_SUCCESS ) - return( mbedtls_test_driver_signature_verify_hooks.forced_status ); - #if defined(MBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_SIGN) || \ defined(MBEDTLS_PSA_ACCEL_ALG_RSA_PSS) if( PSA_KEY_TYPE_IS_RSA( attributes->core.type ) ) @@ -204,6 +170,191 @@ psa_status_t mbedtls_test_transparent_signature_verify_hash( } } +psa_status_t mbedtls_test_transparent_signature_sign_message( + const psa_key_attributes_t *attributes, + const uint8_t *key_buffer, + size_t key_buffer_size, + psa_algorithm_t alg, + const uint8_t *input, + size_t input_length, + uint8_t *signature, + size_t signature_size, + size_t *signature_length ) +{ + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + size_t hash_length; + uint8_t hash[PSA_HASH_MAX_SIZE]; + + ++mbedtls_test_driver_signature_sign_hooks.hits; + + if( mbedtls_test_driver_signature_sign_hooks.forced_status != PSA_SUCCESS ) + return( mbedtls_test_driver_signature_sign_hooks.forced_status ); + + if( mbedtls_test_driver_signature_sign_hooks.forced_output != NULL ) + { + if( mbedtls_test_driver_signature_sign_hooks.forced_output_length > signature_size ) + return( PSA_ERROR_BUFFER_TOO_SMALL ); + + memcpy( signature, mbedtls_test_driver_signature_sign_hooks.forced_output, + mbedtls_test_driver_signature_sign_hooks.forced_output_length ); + *signature_length = mbedtls_test_driver_signature_sign_hooks.forced_output_length; + + return( PSA_SUCCESS ); + } + + status = mbedtls_transparent_test_driver_hash_compute( + PSA_ALG_SIGN_GET_HASH( alg ), input, input_length, + hash, sizeof( hash ), &hash_length ); + + if( status != PSA_SUCCESS ) + return status; + + return sign_hash( attributes, key_buffer, key_buffer_size, + alg, hash, hash_length, + signature, signature_size, signature_length ); +} + +psa_status_t mbedtls_test_opaque_signature_sign_message( + const psa_key_attributes_t *attributes, + const uint8_t *key, + size_t key_length, + psa_algorithm_t alg, + const uint8_t *input, + size_t input_length, + uint8_t *signature, + size_t signature_size, + size_t *signature_length ) +{ + (void) attributes; + (void) key; + (void) key_length; + (void) alg; + (void) input; + (void) input_length; + (void) signature; + (void) signature_size; + (void) signature_length; + + return( PSA_ERROR_NOT_SUPPORTED ); +} + +psa_status_t mbedtls_test_transparent_signature_verify_message( + const psa_key_attributes_t *attributes, + const uint8_t *key_buffer, + size_t key_buffer_size, + psa_algorithm_t alg, + const uint8_t *input, + size_t input_length, + const uint8_t *signature, + size_t signature_length ) +{ + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + size_t hash_length; + uint8_t hash[PSA_HASH_MAX_SIZE]; + + ++mbedtls_test_driver_signature_verify_hooks.hits; + + if( mbedtls_test_driver_signature_verify_hooks.forced_status != PSA_SUCCESS ) + return( mbedtls_test_driver_signature_verify_hooks.forced_status ); + + status = mbedtls_transparent_test_driver_hash_compute( + PSA_ALG_SIGN_GET_HASH( alg ), input, input_length, + hash, sizeof( hash ), &hash_length ); + + if( status != PSA_SUCCESS ) + return status; + + return verify_hash( attributes, key_buffer, key_buffer_size, + alg, hash, hash_length, + signature, signature_length ); +} + +psa_status_t mbedtls_test_opaque_signature_verify_message( + const psa_key_attributes_t *attributes, + const uint8_t *key, + size_t key_length, + psa_algorithm_t alg, + const uint8_t *input, + size_t input_length, + const uint8_t *signature, + size_t signature_length ) +{ + (void) attributes; + (void) key; + (void) key_length; + (void) alg; + (void) input; + (void) input_length; + (void) signature; + (void) signature_length; + + return( PSA_ERROR_NOT_SUPPORTED ); +} + +psa_status_t mbedtls_test_transparent_signature_sign_hash( + const psa_key_attributes_t *attributes, + const uint8_t *key_buffer, size_t key_buffer_size, + psa_algorithm_t alg, + const uint8_t *hash, size_t hash_length, + uint8_t *signature, size_t signature_size, size_t *signature_length ) +{ + ++mbedtls_test_driver_signature_sign_hooks.hits; + + if( mbedtls_test_driver_signature_sign_hooks.forced_status != PSA_SUCCESS ) + return( mbedtls_test_driver_signature_sign_hooks.forced_status ); + + if( mbedtls_test_driver_signature_sign_hooks.forced_output != NULL ) + { + if( mbedtls_test_driver_signature_sign_hooks.forced_output_length > signature_size ) + return( PSA_ERROR_BUFFER_TOO_SMALL ); + memcpy( signature, mbedtls_test_driver_signature_sign_hooks.forced_output, + mbedtls_test_driver_signature_sign_hooks.forced_output_length ); + *signature_length = mbedtls_test_driver_signature_sign_hooks.forced_output_length; + return( PSA_SUCCESS ); + } + + return sign_hash( attributes, key_buffer, key_buffer_size, + alg, hash, hash_length, + signature, signature_size, signature_length ); +} + +psa_status_t mbedtls_test_opaque_signature_sign_hash( + const psa_key_attributes_t *attributes, + const uint8_t *key, size_t key_length, + psa_algorithm_t alg, + const uint8_t *hash, size_t hash_length, + uint8_t *signature, size_t signature_size, size_t *signature_length ) +{ + (void) attributes; + (void) key; + (void) key_length; + (void) alg; + (void) hash; + (void) hash_length; + (void) signature; + (void) signature_size; + (void) signature_length; + + return( PSA_ERROR_NOT_SUPPORTED ); +} + +psa_status_t mbedtls_test_transparent_signature_verify_hash( + const psa_key_attributes_t *attributes, + const uint8_t *key_buffer, size_t key_buffer_size, + psa_algorithm_t alg, + const uint8_t *hash, size_t hash_length, + const uint8_t *signature, size_t signature_length ) +{ + ++mbedtls_test_driver_signature_verify_hooks.hits; + + if( mbedtls_test_driver_signature_verify_hooks.forced_status != PSA_SUCCESS ) + return( mbedtls_test_driver_signature_verify_hooks.forced_status ); + + return verify_hash( attributes, key_buffer, key_buffer_size, + alg, hash, hash_length, + signature, signature_length ); +} + psa_status_t mbedtls_test_opaque_signature_verify_hash( const psa_key_attributes_t *attributes, const uint8_t *key, size_t key_length, From 2fcb393ebda09957d23209c82491fade60471397 Mon Sep 17 00:00:00 2001 From: gabor-mezei-arm Date: Fri, 23 Apr 2021 12:49:00 +0200 Subject: [PATCH 108/188] Rename driver test funtions and test cases Modify function and test case names that testing psa_sign_hash and psa_verify_hash funtions to be less confusing with the newly introduced function and test case names which tests psa_sign_message and psa_verify_message functions. Signed-off-by: gabor-mezei-arm --- ...test_suite_psa_crypto_driver_wrappers.data | 20 ++++++++-------- ..._suite_psa_crypto_driver_wrappers.function | 24 +++++++++---------- 2 files changed, 22 insertions(+), 22 deletions(-) diff --git a/tests/suites/test_suite_psa_crypto_driver_wrappers.data b/tests/suites/test_suite_psa_crypto_driver_wrappers.data index 95ab688bea..c52ad51c0e 100644 --- a/tests/suites/test_suite_psa_crypto_driver_wrappers.data +++ b/tests/suites/test_suite_psa_crypto_driver_wrappers.data @@ -1,35 +1,35 @@ sign_hash through transparent driver: calculate in driver -ecdsa_sign:PSA_SUCCESS:"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"6a3399f69421ffe1490377adf2ea1f117d81a63cf5bf22e918d51175eb259151ce95d7c26cc04e25503e2f7a1ec3573e3c2412534bb4a19b3a7811742f49f50f":0:PSA_SUCCESS +ecdsa_sign_hash:PSA_SUCCESS:"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"6a3399f69421ffe1490377adf2ea1f117d81a63cf5bf22e918d51175eb259151ce95d7c26cc04e25503e2f7a1ec3573e3c2412534bb4a19b3a7811742f49f50f":0:PSA_SUCCESS sign_hash through transparent driver: fallback depends_on:MBEDTLS_PSA_BUILTIN_ALG_ECDSA -ecdsa_sign:PSA_ERROR_NOT_SUPPORTED:"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"6a3399f69421ffe1490377adf2ea1f117d81a63cf5bf22e918d51175eb259151ce95d7c26cc04e25503e2f7a1ec3573e3c2412534bb4a19b3a7811742f49f50f":0:PSA_SUCCESS +ecdsa_sign_hash:PSA_ERROR_NOT_SUPPORTED:"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"6a3399f69421ffe1490377adf2ea1f117d81a63cf5bf22e918d51175eb259151ce95d7c26cc04e25503e2f7a1ec3573e3c2412534bb4a19b3a7811742f49f50f":0:PSA_SUCCESS sign_hash through transparent driver: error -ecdsa_sign:PSA_ERROR_GENERIC_ERROR:"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"6a3399f69421ffe1490377adf2ea1f117d81a63cf5bf22e918d51175eb259151ce95d7c26cc04e25503e2f7a1ec3573e3c2412534bb4a19b3a7811742f49f50f":0:PSA_ERROR_GENERIC_ERROR +ecdsa_sign_hash:PSA_ERROR_GENERIC_ERROR:"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"6a3399f69421ffe1490377adf2ea1f117d81a63cf5bf22e918d51175eb259151ce95d7c26cc04e25503e2f7a1ec3573e3c2412534bb4a19b3a7811742f49f50f":0:PSA_ERROR_GENERIC_ERROR sign_hash through transparent driver: fake -ecdsa_sign:PSA_SUCCESS:"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"000102030405060708090A0B0C0D0E0F":1:PSA_SUCCESS +ecdsa_sign_hash:PSA_SUCCESS:"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"000102030405060708090A0B0C0D0E0F":1:PSA_SUCCESS verify_hash using private key through transparent driver: calculate in driver -ecdsa_verify:PSA_SUCCESS:0:"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"6a3399f69421ffe1490377adf2ea1f117d81a63cf5bf22e918d51175eb259151ce95d7c26cc04e25503e2f7a1ec3573e3c2412534bb4a19b3a7811742f49f50f":PSA_SUCCESS +ecdsa_verify_hash:PSA_SUCCESS:0:"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"6a3399f69421ffe1490377adf2ea1f117d81a63cf5bf22e918d51175eb259151ce95d7c26cc04e25503e2f7a1ec3573e3c2412534bb4a19b3a7811742f49f50f":PSA_SUCCESS verify_hash using private key through transparent driver: fallback depends_on:MBEDTLS_PSA_BUILTIN_ALG_ECDSA -ecdsa_verify:PSA_ERROR_NOT_SUPPORTED:0:"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"6a3399f69421ffe1490377adf2ea1f117d81a63cf5bf22e918d51175eb259151ce95d7c26cc04e25503e2f7a1ec3573e3c2412534bb4a19b3a7811742f49f50f":PSA_SUCCESS +ecdsa_verify_hash:PSA_ERROR_NOT_SUPPORTED:0:"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"6a3399f69421ffe1490377adf2ea1f117d81a63cf5bf22e918d51175eb259151ce95d7c26cc04e25503e2f7a1ec3573e3c2412534bb4a19b3a7811742f49f50f":PSA_SUCCESS verify_hash using private key through transparent driver: error -ecdsa_verify:PSA_ERROR_GENERIC_ERROR:0:"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"6a3399f69421ffe1490377adf2ea1f117d81a63cf5bf22e918d51175eb259151ce95d7c26cc04e25503e2f7a1ec3573e3c2412534bb4a19b3a7811742f49f50f":PSA_ERROR_GENERIC_ERROR +ecdsa_verify_hash:PSA_ERROR_GENERIC_ERROR:0:"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"6a3399f69421ffe1490377adf2ea1f117d81a63cf5bf22e918d51175eb259151ce95d7c26cc04e25503e2f7a1ec3573e3c2412534bb4a19b3a7811742f49f50f":PSA_ERROR_GENERIC_ERROR verify_hash using public key through transparent driver: calculate in driver -ecdsa_verify:PSA_SUCCESS:1:"04dea5e45d0ea37fc566232a508f4ad20ea13d47e4bf5fa4d54a57a0ba012042087097496efc583fed8b24a5b9be9a51de063f5a00a8b698a16fd7f29b5485f320":"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"6a3399f69421ffe1490377adf2ea1f117d81a63cf5bf22e918d51175eb259151ce95d7c26cc04e25503e2f7a1ec3573e3c2412534bb4a19b3a7811742f49f50f":PSA_SUCCESS +ecdsa_verify_hash:PSA_SUCCESS:1:"04dea5e45d0ea37fc566232a508f4ad20ea13d47e4bf5fa4d54a57a0ba012042087097496efc583fed8b24a5b9be9a51de063f5a00a8b698a16fd7f29b5485f320":"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"6a3399f69421ffe1490377adf2ea1f117d81a63cf5bf22e918d51175eb259151ce95d7c26cc04e25503e2f7a1ec3573e3c2412534bb4a19b3a7811742f49f50f":PSA_SUCCESS verify_hash using public key through transparent driver: fallback depends_on:MBEDTLS_PSA_BUILTIN_ALG_ECDSA -ecdsa_verify:PSA_ERROR_NOT_SUPPORTED:1:"04dea5e45d0ea37fc566232a508f4ad20ea13d47e4bf5fa4d54a57a0ba012042087097496efc583fed8b24a5b9be9a51de063f5a00a8b698a16fd7f29b5485f320":"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"6a3399f69421ffe1490377adf2ea1f117d81a63cf5bf22e918d51175eb259151ce95d7c26cc04e25503e2f7a1ec3573e3c2412534bb4a19b3a7811742f49f50f":PSA_SUCCESS +ecdsa_verify_hash:PSA_ERROR_NOT_SUPPORTED:1:"04dea5e45d0ea37fc566232a508f4ad20ea13d47e4bf5fa4d54a57a0ba012042087097496efc583fed8b24a5b9be9a51de063f5a00a8b698a16fd7f29b5485f320":"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"6a3399f69421ffe1490377adf2ea1f117d81a63cf5bf22e918d51175eb259151ce95d7c26cc04e25503e2f7a1ec3573e3c2412534bb4a19b3a7811742f49f50f":PSA_SUCCESS verify_hash using public key through transparent driver: error -ecdsa_verify:PSA_ERROR_GENERIC_ERROR:1:"04dea5e45d0ea37fc566232a508f4ad20ea13d47e4bf5fa4d54a57a0ba012042087097496efc583fed8b24a5b9be9a51de063f5a00a8b698a16fd7f29b5485f320":"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"6a3399f69421ffe1490377adf2ea1f117d81a63cf5bf22e918d51175eb259151ce95d7c26cc04e25503e2f7a1ec3573e3c2412534bb4a19b3a7811742f49f50f":PSA_ERROR_GENERIC_ERROR +ecdsa_verify_hash:PSA_ERROR_GENERIC_ERROR:1:"04dea5e45d0ea37fc566232a508f4ad20ea13d47e4bf5fa4d54a57a0ba012042087097496efc583fed8b24a5b9be9a51de063f5a00a8b698a16fd7f29b5485f320":"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"6a3399f69421ffe1490377adf2ea1f117d81a63cf5bf22e918d51175eb259151ce95d7c26cc04e25503e2f7a1ec3573e3c2412534bb4a19b3a7811742f49f50f":PSA_ERROR_GENERIC_ERROR generate_key through transparent driver: fake generate_key:PSA_SUCCESS:"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_SUCCESS diff --git a/tests/suites/test_suite_psa_crypto_driver_wrappers.function b/tests/suites/test_suite_psa_crypto_driver_wrappers.function index ac241f5ad4..85e2b08d26 100644 --- a/tests/suites/test_suite_psa_crypto_driver_wrappers.function +++ b/tests/suites/test_suite_psa_crypto_driver_wrappers.function @@ -8,12 +8,12 @@ */ /* BEGIN_CASE depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECDSA_DETERMINISTIC:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C */ -void ecdsa_sign( int force_status_arg, - data_t *key_input, - data_t *data_input, - data_t *expected_output, - int fake_output, - int expected_status_arg ) +void ecdsa_sign_hash( int force_status_arg, + data_t *key_input, + data_t *data_input, + data_t *expected_output, + int fake_output, + int expected_status_arg ) { psa_status_t force_status = force_status_arg; psa_status_t expected_status = expected_status_arg; @@ -66,12 +66,12 @@ exit: /* END_CASE */ /* BEGIN_CASE depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECDSA_DETERMINISTIC:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C */ -void ecdsa_verify( int force_status_arg, - int register_public_key, - data_t *key_input, - data_t *data_input, - data_t *signature_input, - int expected_status_arg ) +void ecdsa_verify_hash( int force_status_arg, + int register_public_key, + data_t *key_input, + data_t *data_input, + data_t *signature_input, + int expected_status_arg ) { psa_status_t force_status = force_status_arg; psa_status_t expected_status = expected_status_arg; From 816886c8f356374b23b476fc1582e6af1bec52ae Mon Sep 17 00:00:00 2001 From: gabor-mezei-arm Date: Fri, 23 Apr 2021 12:38:33 +0200 Subject: [PATCH 109/188] Add driver tests for sign/verify_message Adopting the tests for sign/verify_hash. The expected ouput data was created with python-ecdsa. Signed-off-by: gabor-mezei-arm --- ...test_suite_psa_crypto_driver_wrappers.data | 33 +++++ ..._suite_psa_crypto_driver_wrappers.function | 114 ++++++++++++++++++ 2 files changed, 147 insertions(+) diff --git a/tests/suites/test_suite_psa_crypto_driver_wrappers.data b/tests/suites/test_suite_psa_crypto_driver_wrappers.data index c52ad51c0e..dbc5b1f204 100644 --- a/tests/suites/test_suite_psa_crypto_driver_wrappers.data +++ b/tests/suites/test_suite_psa_crypto_driver_wrappers.data @@ -31,6 +31,39 @@ ecdsa_verify_hash:PSA_ERROR_NOT_SUPPORTED:1:"04dea5e45d0ea37fc566232a508f4ad20ea verify_hash using public key through transparent driver: error ecdsa_verify_hash:PSA_ERROR_GENERIC_ERROR:1:"04dea5e45d0ea37fc566232a508f4ad20ea13d47e4bf5fa4d54a57a0ba012042087097496efc583fed8b24a5b9be9a51de063f5a00a8b698a16fd7f29b5485f320":"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"6a3399f69421ffe1490377adf2ea1f117d81a63cf5bf22e918d51175eb259151ce95d7c26cc04e25503e2f7a1ec3573e3c2412534bb4a19b3a7811742f49f50f":PSA_ERROR_GENERIC_ERROR +sign_message through transparent driver: calculate in driver +ecdsa_sign_message:PSA_SUCCESS:"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":"616263":"36e5b5a7da1c9c265dc447de3a5a704fcb8c03f7a3749dde48d84c9bf736fc1ed48d8b3660e7d3cbc6b1870730b7ce2a043f69e37ccb340b98d1e65184e03548":0:PSA_SUCCESS + +sign_message through transparent driver: fallback +depends_on:MBEDTLS_PSA_BUILTIN_ALG_ECDSA +ecdsa_sign_message:PSA_ERROR_NOT_SUPPORTED:"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":"616263":"36e5b5a7da1c9c265dc447de3a5a704fcb8c03f7a3749dde48d84c9bf736fc1ed48d8b3660e7d3cbc6b1870730b7ce2a043f69e37ccb340b98d1e65184e03548":0:PSA_SUCCESS + +sign_message through transparent driver: error +ecdsa_sign_message:PSA_ERROR_GENERIC_ERROR:"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":"616263":"36e5b5a7da1c9c265dc447de3a5a704fcb8c03f7a3749dde48d84c9bf736fc1ed48d8b3660e7d3cbc6b1870730b7ce2a043f69e37ccb340b98d1e65184e03548":0:PSA_ERROR_GENERIC_ERROR + +sign_message through transparent driver: fake +ecdsa_sign_message:PSA_SUCCESS:"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":"616263":"000102030405060708090A0B0C0D0E0F":1:PSA_SUCCESS + +verify_message using private key through transparent driver: calculate in driver +ecdsa_verify_message:PSA_SUCCESS:0:"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":"616263":"36e5b5a7da1c9c265dc447de3a5a704fcb8c03f7a3749dde48d84c9bf736fc1ed48d8b3660e7d3cbc6b1870730b7ce2a043f69e37ccb340b98d1e65184e03548":PSA_SUCCESS + +verify_message using private key through transparent driver: fallback +depends_on:MBEDTLS_PSA_BUILTIN_ALG_ECDSA +ecdsa_verify_message:PSA_ERROR_NOT_SUPPORTED:0:"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":"616263":"36e5b5a7da1c9c265dc447de3a5a704fcb8c03f7a3749dde48d84c9bf736fc1ed48d8b3660e7d3cbc6b1870730b7ce2a043f69e37ccb340b98d1e65184e03548":PSA_SUCCESS + +verify_message using private key through transparent driver: error +ecdsa_verify_message:PSA_ERROR_GENERIC_ERROR:0:"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":"616263":"36e5b5a7da1c9c265dc447de3a5a704fcb8c03f7a3749dde48d84c9bf736fc1ed48d8b3660e7d3cbc6b1870730b7ce2a043f69e37ccb340b98d1e65184e03548":PSA_ERROR_GENERIC_ERROR + +verify_message using public key through transparent driver: calculate in driver +ecdsa_verify_message:PSA_SUCCESS:1:"04dea5e45d0ea37fc566232a508f4ad20ea13d47e4bf5fa4d54a57a0ba012042087097496efc583fed8b24a5b9be9a51de063f5a00a8b698a16fd7f29b5485f320":"616263":"36e5b5a7da1c9c265dc447de3a5a704fcb8c03f7a3749dde48d84c9bf736fc1ed48d8b3660e7d3cbc6b1870730b7ce2a043f69e37ccb340b98d1e65184e03548":PSA_SUCCESS + +verify_message using public key through transparent driver: fallback +depends_on:MBEDTLS_PSA_BUILTIN_ALG_ECDSA +ecdsa_verify_message:PSA_ERROR_NOT_SUPPORTED:1:"04dea5e45d0ea37fc566232a508f4ad20ea13d47e4bf5fa4d54a57a0ba012042087097496efc583fed8b24a5b9be9a51de063f5a00a8b698a16fd7f29b5485f320":"616263":"36e5b5a7da1c9c265dc447de3a5a704fcb8c03f7a3749dde48d84c9bf736fc1ed48d8b3660e7d3cbc6b1870730b7ce2a043f69e37ccb340b98d1e65184e03548":PSA_SUCCESS + +verify_message using public key through transparent driver: error +ecdsa_verify_message:PSA_ERROR_GENERIC_ERROR:1:"04dea5e45d0ea37fc566232a508f4ad20ea13d47e4bf5fa4d54a57a0ba012042087097496efc583fed8b24a5b9be9a51de063f5a00a8b698a16fd7f29b5485f320":"616263":"36e5b5a7da1c9c265dc447de3a5a704fcb8c03f7a3749dde48d84c9bf736fc1ed48d8b3660e7d3cbc6b1870730b7ce2a043f69e37ccb340b98d1e65184e03548":PSA_ERROR_GENERIC_ERROR + generate_key through transparent driver: fake generate_key:PSA_SUCCESS:"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_SUCCESS diff --git a/tests/suites/test_suite_psa_crypto_driver_wrappers.function b/tests/suites/test_suite_psa_crypto_driver_wrappers.function index 85e2b08d26..5cc5a32b7b 100644 --- a/tests/suites/test_suite_psa_crypto_driver_wrappers.function +++ b/tests/suites/test_suite_psa_crypto_driver_wrappers.function @@ -121,6 +121,120 @@ exit: } /* END_CASE */ +/* BEGIN_CASE depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECDSA_DETERMINISTIC:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C */ +void ecdsa_sign_message( int force_status_arg, + data_t *key_input, + data_t *data_input, + data_t *expected_output, + int fake_output, + int expected_status_arg ) +{ + psa_status_t force_status = force_status_arg; + psa_status_t expected_status = expected_status_arg; + mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; + psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; + psa_algorithm_t alg = PSA_ALG_DETERMINISTIC_ECDSA( PSA_ALG_SHA_256 ); + uint8_t signature[64]; + size_t signature_length = 0xdeadbeef; + psa_status_t actual_status; + mbedtls_test_driver_signature_sign_hooks = + mbedtls_test_driver_signature_hooks_init(); + + PSA_ASSERT( psa_crypto_init( ) ); + psa_set_key_type( &attributes, + PSA_KEY_TYPE_ECC_KEY_PAIR( PSA_ECC_CURVE_SECP_R1 ) ); + psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_SIGN_MESSAGE ); + psa_set_key_algorithm( &attributes, alg ); + psa_import_key( &attributes, + key_input->x, key_input->len, + &key ); + + mbedtls_test_driver_signature_sign_hooks.forced_status = force_status; + if( fake_output == 1 ) + { + mbedtls_test_driver_signature_sign_hooks.forced_output = + expected_output->x; + mbedtls_test_driver_signature_sign_hooks.forced_output_length = + expected_output->len; + } + + actual_status = psa_sign_message( key, alg, + data_input->x, data_input->len, + signature, sizeof( signature ), + &signature_length ); + TEST_EQUAL( actual_status, expected_status ); + if( expected_status == PSA_SUCCESS ) + { + ASSERT_COMPARE( signature, signature_length, + expected_output->x, expected_output->len ); + } + TEST_EQUAL( mbedtls_test_driver_signature_sign_hooks.hits, 1 ); + +exit: + psa_reset_key_attributes( &attributes ); + psa_destroy_key( key ); + PSA_DONE( ); + mbedtls_test_driver_signature_sign_hooks = + mbedtls_test_driver_signature_hooks_init(); +} +/* END_CASE */ + +/* BEGIN_CASE depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECDSA_DETERMINISTIC:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C */ +void ecdsa_verify_message( int force_status_arg, + int register_public_key, + data_t *key_input, + data_t *data_input, + data_t *signature_input, + int expected_status_arg ) +{ + psa_status_t force_status = force_status_arg; + psa_status_t expected_status = expected_status_arg; + mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; + psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; + psa_algorithm_t alg = PSA_ALG_DETERMINISTIC_ECDSA( PSA_ALG_SHA_256 ); + psa_status_t actual_status; + mbedtls_test_driver_signature_verify_hooks = + mbedtls_test_driver_signature_hooks_init(); + + PSA_ASSERT( psa_crypto_init( ) ); + if( register_public_key ) + { + psa_set_key_type( &attributes, + PSA_KEY_TYPE_ECC_PUBLIC_KEY( PSA_ECC_CURVE_SECP_R1 ) ); + psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_VERIFY_MESSAGE ); + psa_set_key_algorithm( &attributes, alg ); + psa_import_key( &attributes, + key_input->x, key_input->len, + &key ); + } + else + { + psa_set_key_type( &attributes, + PSA_KEY_TYPE_ECC_KEY_PAIR( PSA_ECC_CURVE_SECP_R1 ) ); + psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_VERIFY_MESSAGE ); + psa_set_key_algorithm( &attributes, alg ); + psa_import_key( &attributes, + key_input->x, key_input->len, + &key ); + } + + mbedtls_test_driver_signature_verify_hooks.forced_status = force_status; + + actual_status = psa_verify_message( key, alg, + data_input->x, data_input->len, + signature_input->x, signature_input->len ); + TEST_EQUAL( actual_status, expected_status ); + TEST_EQUAL( mbedtls_test_driver_signature_verify_hooks.hits, 1 ); + +exit: + psa_reset_key_attributes( &attributes ); + psa_destroy_key( key ); + PSA_DONE( ); + mbedtls_test_driver_signature_verify_hooks = + mbedtls_test_driver_signature_hooks_init(); +} +/* END_CASE */ + /* BEGIN_CASE depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED */ void generate_key( int force_status_arg, data_t *fake_output, From 4c6a47a8332a66f9816e82dcd56ffd5f7db13d73 Mon Sep 17 00:00:00 2001 From: gabor-mezei-arm Date: Mon, 26 Apr 2021 20:12:17 +0200 Subject: [PATCH 110/188] Add test for sign/verify message key policies Update the mbedtls_test_psa_exercise_key to handle and use PSA_KEY_USAGE_SIGN_MESSAGE and PSA_KEY_USAGE_VERIFY_MESSAGE key policies. Add new tests for PSA_KEY_USAGE_SIGN_MESSAGE and PSA_KEY_USAGE_VERIFY_MESSAGE policies. Signed-off-by: gabor-mezei-arm --- tests/src/psa_exercise_key.c | 114 ++++++++++++++++-------- tests/suites/test_suite_psa_crypto.data | 52 ++++++++++- 2 files changed, 126 insertions(+), 40 deletions(-) diff --git a/tests/src/psa_exercise_key.c b/tests/src/psa_exercise_key.c index e7e68631ad..197e31a349 100644 --- a/tests/src/psa_exercise_key.c +++ b/tests/src/psa_exercise_key.c @@ -297,46 +297,77 @@ static int exercise_signature_key( mbedtls_svc_key_id_t key, psa_key_usage_t usage, psa_algorithm_t alg ) { - unsigned char payload[PSA_HASH_MAX_SIZE] = {1}; - size_t payload_length = 16; - unsigned char signature[PSA_SIGNATURE_MAX_SIZE] = {0}; - size_t signature_length = sizeof( signature ); - psa_algorithm_t hash_alg = PSA_ALG_SIGN_GET_HASH( alg ); - - /* If the policy allows signing with any hash, just pick one. */ - if( PSA_ALG_IS_HASH_AND_SIGN( alg ) && hash_alg == PSA_ALG_ANY_HASH ) + if( usage & ( PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH ) ) { -#if defined(KNOWN_SUPPORTED_HASH_ALG) - hash_alg = KNOWN_SUPPORTED_HASH_ALG; - alg ^= PSA_ALG_ANY_HASH ^ hash_alg; -#else - TEST_ASSERT( ! "No hash algorithm for hash-and-sign testing" ); -#endif + unsigned char payload[PSA_HASH_MAX_SIZE] = {1}; + size_t payload_length = 16; + unsigned char signature[PSA_SIGNATURE_MAX_SIZE] = {0}; + size_t signature_length = sizeof( signature ); + psa_algorithm_t hash_alg = PSA_ALG_SIGN_GET_HASH( alg ); + + /* If the policy allows signing with any hash, just pick one. */ + if( PSA_ALG_IS_HASH_AND_SIGN( alg ) && hash_alg == PSA_ALG_ANY_HASH ) + { + #if defined(KNOWN_SUPPORTED_HASH_ALG) + hash_alg = KNOWN_SUPPORTED_HASH_ALG; + alg ^= PSA_ALG_ANY_HASH ^ hash_alg; + #else + TEST_ASSERT( ! "No hash algorithm for hash-and-sign testing" ); + #endif + } + + if( usage & PSA_KEY_USAGE_SIGN_HASH ) + { + /* Some algorithms require the payload to have the size of + * the hash encoded in the algorithm. Use this input size + * even for algorithms that allow other input sizes. */ + if( hash_alg != 0 ) + payload_length = PSA_HASH_LENGTH( hash_alg ); + PSA_ASSERT( psa_sign_hash( key, alg, + payload, payload_length, + signature, sizeof( signature ), + &signature_length ) ); + } + + if( usage & PSA_KEY_USAGE_VERIFY_HASH ) + { + psa_status_t verify_status = + ( usage & PSA_KEY_USAGE_SIGN_HASH ? + PSA_SUCCESS : + PSA_ERROR_INVALID_SIGNATURE ); + TEST_EQUAL( psa_verify_hash( key, alg, + payload, payload_length, + signature, signature_length ), + verify_status ); + } } - if( usage & PSA_KEY_USAGE_SIGN_HASH ) + if( usage & ( PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE ) ) { - /* Some algorithms require the payload to have the size of - * the hash encoded in the algorithm. Use this input size - * even for algorithms that allow other input sizes. */ - if( hash_alg != 0 ) - payload_length = PSA_HASH_LENGTH( hash_alg ); - PSA_ASSERT( psa_sign_hash( key, alg, - payload, payload_length, - signature, sizeof( signature ), - &signature_length ) ); - } + unsigned char message[256] = "Hello, world..."; + unsigned char signature[PSA_SIGNATURE_MAX_SIZE] = {0}; + size_t message_length = 16; + size_t signature_length = sizeof( signature ); - if( usage & PSA_KEY_USAGE_VERIFY_HASH ) - { - psa_status_t verify_status = - ( usage & PSA_KEY_USAGE_SIGN_HASH ? - PSA_SUCCESS : - PSA_ERROR_INVALID_SIGNATURE ); - TEST_EQUAL( psa_verify_hash( key, alg, - payload, payload_length, - signature, signature_length ), - verify_status ); + if( usage & PSA_KEY_USAGE_SIGN_MESSAGE ) + { + PSA_ASSERT( psa_sign_message( key, alg, + message, message_length, + signature, sizeof( signature ), + &signature_length ) ); + } + + if( usage & PSA_KEY_USAGE_VERIFY_MESSAGE ) + { + psa_status_t verify_status = + ( usage & PSA_KEY_USAGE_SIGN_MESSAGE ? + PSA_SUCCESS : + PSA_ERROR_INVALID_SIGNATURE ); + TEST_EQUAL( psa_verify_message( key, alg, + message, message_length, + signature, signature_length ), + verify_status ); + } } return( 1 ); @@ -893,9 +924,16 @@ psa_key_usage_t mbedtls_test_psa_usage_to_exercise( psa_key_type_t type, { if( PSA_ALG_IS_MAC( alg ) || PSA_ALG_IS_SIGN( alg ) ) { - return( PSA_KEY_TYPE_IS_PUBLIC_KEY( type ) ? - PSA_KEY_USAGE_VERIFY_HASH : - PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH ); + if( PSA_ALG_SIGN_GET_HASH( alg ) ) + return( PSA_KEY_TYPE_IS_PUBLIC_KEY( type ) ? + PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE: + PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | + PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE ); + + else + return( PSA_KEY_TYPE_IS_PUBLIC_KEY( type ) ? + PSA_KEY_USAGE_VERIFY_HASH: + PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH ); } else if( PSA_ALG_IS_CIPHER( alg ) || PSA_ALG_IS_AEAD( alg ) || PSA_ALG_IS_ASYMMETRIC_ENCRYPTION( alg ) ) diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data index d745ae3e59..8f4f5525b8 100644 --- a/tests/suites/test_suite_psa_crypto.data +++ b/tests/suites/test_suite_psa_crypto.data @@ -373,6 +373,14 @@ PSA key policy: ECC SECP256R1, sign+verify depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256 check_key_policy:PSA_KEY_TYPE_ECC_KEY_PAIR( PSA_ECC_FAMILY_SECP_R1 ):256:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_ECDSA_ANY +PSA key policy: ECC SECP256R1, sign message +depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256 +check_key_policy:PSA_KEY_TYPE_ECC_KEY_PAIR( PSA_ECC_FAMILY_SECP_R1 ):256:PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_ECDSA(PSA_ALG_SHA_256) + +PSA key policy: ECC SECP256R1, sign+verify message +depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256 +check_key_policy:PSA_KEY_TYPE_ECC_KEY_PAIR( PSA_ECC_FAMILY_SECP_R1 ):256:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_ECDSA(PSA_ALG_SHA_256) + Key attributes initializers zero properly key_attributes_init: @@ -648,6 +656,42 @@ PSA key policy: asymmetric signature, neither sign nor verify depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_MD_C asymmetric_signature_key_policy:0:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082013b020100024100ee2b131d6b1818a94ca8e91c42387eb15a7c271f57b89e7336b144d4535b16c83097ecdefbbb92d1b5313b5a37214d0e8f25922dca778b424b25295fc8a1a7070203010001024100978ac8eadb0dc6035347d6aba8671215ff21283385396f7897c04baf5e2a835f3b53ef80a82ed36ae687a925380b55a0c73eb85656e989dcf0ed7fb4887024e1022100fdad8e1c6853563f8b921d2d112462ae7d6b176082d2ba43e87e1a37fc1a8b33022100f0592cf4c55ba44307b18981bcdbda376c51e590ffa5345ba866f6962dca94dd02201995f1a967d44ff4a4cd1de837bc65bf97a2bf7eda730a9a62cea53254591105022027f96cf4b8ee68ff8d04062ec1ce7f18c0b74e4b3379b29f9bfea3fc8e592731022100cefa6d220496b43feb83194255d8fb930afcf46f36606e3aa0eb7a93ad88c10c":PSA_ALG_RSA_PKCS1V15_SIGN_RAW:1 +PSA key policy: asymmetric signature for message, sign | verify +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_MD_C +asymmetric_signature_key_policy:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):PSA_KEY_TYPE_RSA_KEY_PAIR:"3082013b020100024100ee2b131d6b1818a94ca8e91c42387eb15a7c271f57b89e7336b144d4535b16c83097ecdefbbb92d1b5313b5a37214d0e8f25922dca778b424b25295fc8a1a7070203010001024100978ac8eadb0dc6035347d6aba8671215ff21283385396f7897c04baf5e2a835f3b53ef80a82ed36ae687a925380b55a0c73eb85656e989dcf0ed7fb4887024e1022100fdad8e1c6853563f8b921d2d112462ae7d6b176082d2ba43e87e1a37fc1a8b33022100f0592cf4c55ba44307b18981bcdbda376c51e590ffa5345ba866f6962dca94dd02201995f1a967d44ff4a4cd1de837bc65bf97a2bf7eda730a9a62cea53254591105022027f96cf4b8ee68ff8d04062ec1ce7f18c0b74e4b3379b29f9bfea3fc8e592731022100cefa6d220496b43feb83194255d8fb930afcf46f36606e3aa0eb7a93ad88c10c":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):1 + +PSA key policy: asymmetric signature for message, wrong algorithm family +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR +asymmetric_signature_key_policy:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):PSA_KEY_TYPE_RSA_KEY_PAIR:"3082013b020100024100ee2b131d6b1818a94ca8e91c42387eb15a7c271f57b89e7336b144d4535b16c83097ecdefbbb92d1b5313b5a37214d0e8f25922dca778b424b25295fc8a1a7070203010001024100978ac8eadb0dc6035347d6aba8671215ff21283385396f7897c04baf5e2a835f3b53ef80a82ed36ae687a925380b55a0c73eb85656e989dcf0ed7fb4887024e1022100fdad8e1c6853563f8b921d2d112462ae7d6b176082d2ba43e87e1a37fc1a8b33022100f0592cf4c55ba44307b18981bcdbda376c51e590ffa5345ba866f6962dca94dd02201995f1a967d44ff4a4cd1de837bc65bf97a2bf7eda730a9a62cea53254591105022027f96cf4b8ee68ff8d04062ec1ce7f18c0b74e4b3379b29f9bfea3fc8e592731022100cefa6d220496b43feb83194255d8fb930afcf46f36606e3aa0eb7a93ad88c10c":PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):0 + +PSA key policy: asymmetric signature for message, wildcard in policy, wrong algorithm family +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR +asymmetric_signature_key_policy:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):PSA_KEY_TYPE_RSA_KEY_PAIR:"3082013b020100024100ee2b131d6b1818a94ca8e91c42387eb15a7c271f57b89e7336b144d4535b16c83097ecdefbbb92d1b5313b5a37214d0e8f25922dca778b424b25295fc8a1a7070203010001024100978ac8eadb0dc6035347d6aba8671215ff21283385396f7897c04baf5e2a835f3b53ef80a82ed36ae687a925380b55a0c73eb85656e989dcf0ed7fb4887024e1022100fdad8e1c6853563f8b921d2d112462ae7d6b176082d2ba43e87e1a37fc1a8b33022100f0592cf4c55ba44307b18981bcdbda376c51e590ffa5345ba866f6962dca94dd02201995f1a967d44ff4a4cd1de837bc65bf97a2bf7eda730a9a62cea53254591105022027f96cf4b8ee68ff8d04062ec1ce7f18c0b74e4b3379b29f9bfea3fc8e592731022100cefa6d220496b43feb83194255d8fb930afcf46f36606e3aa0eb7a93ad88c10c":PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):0 + +PSA key policy: asymmetric signature for message, wildcard in policy, ECDSA SHA-256 +depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256 +asymmetric_signature_key_policy:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_ALG_ECDSA(PSA_ALG_SHA_256):32 + +PSA key policy: asymmetric signature for message, wildcard in policy, PKCS#1v1.5 SHA-256 +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_MD_C +asymmetric_signature_key_policy:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):PSA_KEY_TYPE_RSA_KEY_PAIR:"3082013b020100024100ee2b131d6b1818a94ca8e91c42387eb15a7c271f57b89e7336b144d4535b16c83097ecdefbbb92d1b5313b5a37214d0e8f25922dca778b424b25295fc8a1a7070203010001024100978ac8eadb0dc6035347d6aba8671215ff21283385396f7897c04baf5e2a835f3b53ef80a82ed36ae687a925380b55a0c73eb85656e989dcf0ed7fb4887024e1022100fdad8e1c6853563f8b921d2d112462ae7d6b176082d2ba43e87e1a37fc1a8b33022100f0592cf4c55ba44307b18981bcdbda376c51e590ffa5345ba866f6962dca94dd02201995f1a967d44ff4a4cd1de837bc65bf97a2bf7eda730a9a62cea53254591105022027f96cf4b8ee68ff8d04062ec1ce7f18c0b74e4b3379b29f9bfea3fc8e592731022100cefa6d220496b43feb83194255d8fb930afcf46f36606e3aa0eb7a93ad88c10c":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):32 + +PSA key policy: asymmetric signature for message, wrong hash algorithm +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR +asymmetric_signature_key_policy:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):PSA_KEY_TYPE_RSA_KEY_PAIR:"3082013b020100024100ee2b131d6b1818a94ca8e91c42387eb15a7c271f57b89e7336b144d4535b16c83097ecdefbbb92d1b5313b5a37214d0e8f25922dca778b424b25295fc8a1a7070203010001024100978ac8eadb0dc6035347d6aba8671215ff21283385396f7897c04baf5e2a835f3b53ef80a82ed36ae687a925380b55a0c73eb85656e989dcf0ed7fb4887024e1022100fdad8e1c6853563f8b921d2d112462ae7d6b176082d2ba43e87e1a37fc1a8b33022100f0592cf4c55ba44307b18981bcdbda376c51e590ffa5345ba866f6962dca94dd02201995f1a967d44ff4a4cd1de837bc65bf97a2bf7eda730a9a62cea53254591105022027f96cf4b8ee68ff8d04062ec1ce7f18c0b74e4b3379b29f9bfea3fc8e592731022100cefa6d220496b43feb83194255d8fb930afcf46f36606e3aa0eb7a93ad88c10c":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0 + +PSA key policy: asymmetric signature for message, alg=0 in policy +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_MD_C +asymmetric_signature_key_policy:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE:0:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082013b020100024100ee2b131d6b1818a94ca8e91c42387eb15a7c271f57b89e7336b144d4535b16c83097ecdefbbb92d1b5313b5a37214d0e8f25922dca778b424b25295fc8a1a7070203010001024100978ac8eadb0dc6035347d6aba8671215ff21283385396f7897c04baf5e2a835f3b53ef80a82ed36ae687a925380b55a0c73eb85656e989dcf0ed7fb4887024e1022100fdad8e1c6853563f8b921d2d112462ae7d6b176082d2ba43e87e1a37fc1a8b33022100f0592cf4c55ba44307b18981bcdbda376c51e590ffa5345ba866f6962dca94dd02201995f1a967d44ff4a4cd1de837bc65bf97a2bf7eda730a9a62cea53254591105022027f96cf4b8ee68ff8d04062ec1ce7f18c0b74e4b3379b29f9bfea3fc8e592731022100cefa6d220496b43feb83194255d8fb930afcf46f36606e3aa0eb7a93ad88c10c":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0 + +PSA key policy: asymmetric signature for message, sign but not verify +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_MD_C +asymmetric_signature_key_policy:PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):PSA_KEY_TYPE_RSA_KEY_PAIR:"3082013b020100024100ee2b131d6b1818a94ca8e91c42387eb15a7c271f57b89e7336b144d4535b16c83097ecdefbbb92d1b5313b5a37214d0e8f25922dca778b424b25295fc8a1a7070203010001024100978ac8eadb0dc6035347d6aba8671215ff21283385396f7897c04baf5e2a835f3b53ef80a82ed36ae687a925380b55a0c73eb85656e989dcf0ed7fb4887024e1022100fdad8e1c6853563f8b921d2d112462ae7d6b176082d2ba43e87e1a37fc1a8b33022100f0592cf4c55ba44307b18981bcdbda376c51e590ffa5345ba866f6962dca94dd02201995f1a967d44ff4a4cd1de837bc65bf97a2bf7eda730a9a62cea53254591105022027f96cf4b8ee68ff8d04062ec1ce7f18c0b74e4b3379b29f9bfea3fc8e592731022100cefa6d220496b43feb83194255d8fb930afcf46f36606e3aa0eb7a93ad88c10c":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):1 + +PSA key policy: asymmetric signature for message, verify but not sign +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_MD_C +asymmetric_signature_key_policy:PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):PSA_KEY_TYPE_RSA_KEY_PAIR:"3082013b020100024100ee2b131d6b1818a94ca8e91c42387eb15a7c271f57b89e7336b144d4535b16c83097ecdefbbb92d1b5313b5a37214d0e8f25922dca778b424b25295fc8a1a7070203010001024100978ac8eadb0dc6035347d6aba8671215ff21283385396f7897c04baf5e2a835f3b53ef80a82ed36ae687a925380b55a0c73eb85656e989dcf0ed7fb4887024e1022100fdad8e1c6853563f8b921d2d112462ae7d6b176082d2ba43e87e1a37fc1a8b33022100f0592cf4c55ba44307b18981bcdbda376c51e590ffa5345ba866f6962dca94dd02201995f1a967d44ff4a4cd1de837bc65bf97a2bf7eda730a9a62cea53254591105022027f96cf4b8ee68ff8d04062ec1ce7f18c0b74e4b3379b29f9bfea3fc8e592731022100cefa6d220496b43feb83194255d8fb930afcf46f36606e3aa0eb7a93ad88c10c":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):1 + PSA key policy: derive via HKDF, permitted depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256 derive_key_policy:PSA_KEY_USAGE_DERIVE:PSA_ALG_HKDF(PSA_ALG_SHA_256):PSA_KEY_TYPE_DERIVE:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_ALG_HKDF(PSA_ALG_SHA_256) @@ -720,6 +764,10 @@ PSA key policy algorithm2: ECDH, ECDSA depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256 key_policy_alg2:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_KEY_USAGE_DERIVE | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_ECDH:PSA_ALG_ECDSA_ANY +PSA key policy algorithm2 with message signature: ECDH, ECDSA +depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256 +key_policy_alg2:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_KEY_USAGE_DERIVE | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_ECDH:PSA_ALG_ECDSA(PSA_ALG_SHA_256) + Copy key: raw, 1 byte copy_success:PSA_KEY_USAGE_COPY:0:0:PSA_KEY_TYPE_RAW_DATA:"2a":1:-1:-1:0:PSA_KEY_USAGE_COPY:0:0 @@ -2103,8 +2151,8 @@ depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLI import_and_exercise_key:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_KEY_TYPE_RSA_PUBLIC_KEY:1024:PSA_ALG_RSA_PSS(PSA_ALG_SHA_256) PSA import/exercise: ECP SECP256R1 keypair, ECDSA -depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256 -import_and_exercise_key:"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):256:PSA_ALG_ECDSA_ANY +depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256 +import_and_exercise_key:"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):256:PSA_ALG_ECDSA( PSA_ALG_SHA_256 ) PSA import/exercise: ECP SECP256R1 keypair, deterministic ECDSA depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_MD_C From 2522c0b1cd4a0c4782ebac9df7a88bc650908223 Mon Sep 17 00:00:00 2001 From: gabor-mezei-arm Date: Tue, 27 Apr 2021 18:52:51 +0200 Subject: [PATCH 111/188] Update macro names Signed-off-by: gabor-mezei-arm --- library/psa_crypto_driver_wrappers.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/library/psa_crypto_driver_wrappers.c b/library/psa_crypto_driver_wrappers.c index 1f204ccfd9..dd9f165775 100644 --- a/library/psa_crypto_driver_wrappers.c +++ b/library/psa_crypto_driver_wrappers.c @@ -149,7 +149,7 @@ psa_status_t psa_driver_wrapper_sign_message( /* Add cases for opaque driver here */ #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) #if defined(PSA_CRYPTO_DRIVER_TEST) - case PSA_CRYPTO_TEST_DRIVER_LIFETIME: + case PSA_CRYPTO_TEST_DRIVER_LOCATION: return( mbedtls_test_opaque_signature_sign_message( attributes, key_buffer, @@ -250,7 +250,7 @@ psa_status_t psa_driver_wrapper_verify_message( /* Add cases for opaque driver here */ #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) #if defined(PSA_CRYPTO_DRIVER_TEST) - case PSA_CRYPTO_TEST_DRIVER_LIFETIME: + case PSA_CRYPTO_TEST_DRIVER_LOCATION: return( mbedtls_test_opaque_signature_verify_message( attributes, key_buffer, From 46c23a051cb0a1f92d7ead1393a1a3c3c63daf80 Mon Sep 17 00:00:00 2001 From: gabor-mezei-arm Date: Thu, 29 Apr 2021 16:44:59 +0200 Subject: [PATCH 112/188] Fix error checking Signed-off-by: gabor-mezei-arm --- library/psa_crypto.c | 32 ++++++++++++++++++-------------- 1 file changed, 18 insertions(+), 14 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 33b97079cf..5b9d8cb511 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -2489,24 +2489,26 @@ static psa_status_t psa_sign_internal( mbedtls_svc_key_id_t key, *signature_length = 0; - if( operation == PSA_SIGN_MESSAGE ) + if( operation == PSA_SIGN_INVALID ) + return( PSA_ERROR_INVALID_ARGUMENT ); + else { if( ! PSA_ALG_IS_SIGN_MESSAGE( alg ) ) return( PSA_ERROR_INVALID_ARGUMENT ); - if ( PSA_ALG_IS_HASH_AND_SIGN( alg ) ) + if( operation == PSA_SIGN_MESSAGE ) { - if( ! PSA_ALG_IS_HASH( PSA_ALG_SIGN_GET_HASH( alg ) ) ) - return( PSA_ERROR_INVALID_ARGUMENT ); + if ( PSA_ALG_IS_HASH_AND_SIGN( alg ) ) + { + if( ! PSA_ALG_IS_HASH( PSA_ALG_SIGN_GET_HASH( alg ) ) ) + return( PSA_ERROR_INVALID_ARGUMENT ); + } } /* Curently only hash-then-sign algorithms are supported. */ else return( PSA_ERROR_INVALID_ARGUMENT ); } - else if( operation == PSA_SIGN_INVALID ) - return( PSA_ERROR_INVALID_ARGUMENT ); - /* Immediately reject a zero-length signature buffer. This guarantees * that signature must be a valid pointer. (On the other hand, the hash * buffer can in principle be empty since it doesn't actually have @@ -2580,24 +2582,26 @@ static psa_status_t psa_verify_internal( mbedtls_svc_key_id_t key, psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED; psa_key_slot_t *slot; - if( operation == PSA_VERIFY_MESSAGE ) + if( operation == PSA_VERIFY_INVALID ) + return( PSA_ERROR_INVALID_ARGUMENT ); + else { if( ! PSA_ALG_IS_SIGN_MESSAGE( alg ) ) return( PSA_ERROR_INVALID_ARGUMENT ); - if ( PSA_ALG_IS_HASH_AND_SIGN( alg ) ) + if( operation == PSA_VERIFY_MESSAGE ) { - if( ! PSA_ALG_IS_HASH( PSA_ALG_SIGN_GET_HASH( alg ) ) ) - return( PSA_ERROR_INVALID_ARGUMENT ); + if ( PSA_ALG_IS_HASH_AND_SIGN( alg ) ) + { + if( ! PSA_ALG_IS_HASH( PSA_ALG_SIGN_GET_HASH( alg ) ) ) + return( PSA_ERROR_INVALID_ARGUMENT ); + } } /* Curently only hash-then-sign algorithms are supported. */ else return( PSA_ERROR_INVALID_ARGUMENT ); } - else if( operation == PSA_VERIFY_INVALID ) - return( PSA_ERROR_INVALID_ARGUMENT ); - status = psa_get_and_lock_key_slot_with_policy( key, &slot, operation == PSA_VERIFY_HASH ? PSA_KEY_USAGE_VERIFY_HASH : From 0f622409425776c2495c1e48e227beed0d9d1113 Mon Sep 17 00:00:00 2001 From: gabor-mezei-arm Date: Thu, 29 Apr 2021 16:48:44 +0200 Subject: [PATCH 113/188] Enable algorithms other than hash-then-sign For psa_hash/verify_message other algorithms than hash-then-sign is enabled like PureEdDSA. Signed-off-by: gabor-mezei-arm --- library/psa_crypto.c | 36 ++++++++++++++++++------------------ 1 file changed, 18 insertions(+), 18 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 5b9d8cb511..533963ebfe 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -2504,9 +2504,6 @@ static psa_status_t psa_sign_internal( mbedtls_svc_key_id_t key, return( PSA_ERROR_INVALID_ARGUMENT ); } } - /* Curently only hash-then-sign algorithms are supported. */ - else - return( PSA_ERROR_INVALID_ARGUMENT ); } /* Immediately reject a zero-length signature buffer. This guarantees @@ -2597,9 +2594,6 @@ static psa_status_t psa_verify_internal( mbedtls_svc_key_id_t key, return( PSA_ERROR_INVALID_ARGUMENT ); } } - /* Curently only hash-then-sign algorithms are supported. */ - else - return( PSA_ERROR_INVALID_ARGUMENT ); } status = psa_get_and_lock_key_slot_with_policy( @@ -2651,13 +2645,16 @@ psa_status_t psa_sign_message_internal( size_t hash_length; uint8_t hash[PSA_HASH_MAX_SIZE]; - status = psa_driver_wrapper_hash_compute( PSA_ALG_SIGN_GET_HASH( alg ), - input, input_length, - hash, sizeof( hash ), - &hash_length ); + if ( PSA_ALG_IS_HASH_AND_SIGN( alg ) ) + { + status = psa_driver_wrapper_hash_compute( + PSA_ALG_SIGN_GET_HASH( alg ), + input, input_length, + hash, sizeof( hash ), &hash_length ); - if( status != PSA_SUCCESS ) - return status; + if( status != PSA_SUCCESS ) + return status; + } return psa_sign_hash_internal( attributes, key_buffer, key_buffer_size, @@ -2692,13 +2689,16 @@ psa_status_t psa_verify_message_internal( size_t hash_length; uint8_t hash[PSA_HASH_MAX_SIZE]; - status = psa_driver_wrapper_hash_compute( PSA_ALG_SIGN_GET_HASH( alg ), - input, input_length, - hash, sizeof( hash ), - &hash_length ); + if ( PSA_ALG_IS_HASH_AND_SIGN( alg ) ) + { + status = psa_driver_wrapper_hash_compute( + PSA_ALG_SIGN_GET_HASH( alg ), + input, input_length, + hash, sizeof( hash ), &hash_length ); - if( status != PSA_SUCCESS ) - return status; + if( status != PSA_SUCCESS ) + return status; + } return psa_verify_hash_internal( attributes, key_buffer, key_buffer_size, From df0f23076229fa20b94312518d460341d069024b Mon Sep 17 00:00:00 2001 From: gabor-mezei-arm Date: Thu, 29 Apr 2021 16:53:31 +0200 Subject: [PATCH 114/188] Typo Signed-off-by: gabor-mezei-arm --- library/psa_crypto_core.h | 1 + 1 file changed, 1 insertion(+) diff --git a/library/psa_crypto_core.h b/library/psa_crypto_core.h index d28b18eac8..a742b6dbbc 100644 --- a/library/psa_crypto_core.h +++ b/library/psa_crypto_core.h @@ -377,6 +377,7 @@ psa_status_t psa_generate_key_internal( const psa_key_attributes_t *attributes, uint8_t *key_buffer, size_t key_buffer_size, size_t *key_buffer_length ); + /** Sign a message with a private key. For hash-and-sign algorithms, * this includes the hashing step. * From b5c1e37affc726c3e0b890a32715b8c12c753cd0 Mon Sep 17 00:00:00 2001 From: gabor-mezei-arm Date: Thu, 29 Apr 2021 16:53:58 +0200 Subject: [PATCH 115/188] Use driver-wrapper functions for psa_sign/verify_message To avoid code duplication of the old-style SE interface usage call psa_driver_wrapper_sign/verify_hash function instead of the direct internal functions. Signed-off-by: gabor-mezei-arm --- library/psa_crypto.c | 4 +- library/psa_crypto_driver_wrappers.c | 66 ---------------------------- 2 files changed, 2 insertions(+), 68 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 533963ebfe..b6353c4c01 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -2656,7 +2656,7 @@ psa_status_t psa_sign_message_internal( return status; } - return psa_sign_hash_internal( + return psa_driver_wrapper_sign_hash( attributes, key_buffer, key_buffer_size, alg, hash, hash_length, signature, signature_size, signature_length ); @@ -2700,7 +2700,7 @@ psa_status_t psa_verify_message_internal( return status; } - return psa_verify_hash_internal( + return psa_driver_wrapper_verify_hash( attributes, key_buffer, key_buffer_size, alg, hash, hash_length, signature, signature_length ); diff --git a/library/psa_crypto_driver_wrappers.c b/library/psa_crypto_driver_wrappers.c index dd9f165775..5c36daf6f2 100644 --- a/library/psa_crypto_driver_wrappers.c +++ b/library/psa_crypto_driver_wrappers.c @@ -77,39 +77,6 @@ psa_status_t psa_driver_wrapper_sign_message( size_t *signature_length ) { psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - - /* Try dynamically-registered SE interface first */ -#if defined(MBEDTLS_PSA_CRYPTO_SE_C) - const psa_drv_se_t *drv; - psa_drv_se_context_t *drv_context; - - if( psa_get_se_driver( attributes->core.lifetime, &drv, &drv_context ) ) - { - if( drv->asymmetric == NULL || - drv->asymmetric->p_sign == NULL ) - { - /* Key is defined in SE, but we have no way to exercise it */ - return( PSA_ERROR_NOT_SUPPORTED ); - } - - size_t hash_length; - uint8_t hash[PSA_HASH_MAX_SIZE]; - - status = psa_driver_wrapper_hash_compute( PSA_ALG_SIGN_GET_HASH( alg ), - input, input_length, - hash, sizeof( hash ), - &hash_length ); - - if( status != PSA_ERROR_NOT_SUPPORTED ) - return( status ); - - return( drv->asymmetric->p_sign( - drv_context, *( (psa_key_slot_number_t *)key_buffer ), - alg, hash, hash_length, - signature, signature_size, signature_length ) ); - } -#endif /* PSA_CRYPTO_SE_C */ - psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime ); @@ -180,39 +147,6 @@ psa_status_t psa_driver_wrapper_verify_message( size_t signature_length ) { psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - - /* Try dynamically-registered SE interface first */ -#if defined(MBEDTLS_PSA_CRYPTO_SE_C) - const psa_drv_se_t *drv; - psa_drv_se_context_t *drv_context; - - if( psa_get_se_driver( attributes->core.lifetime, &drv, &drv_context ) ) - { - if( drv->asymmetric == NULL || - drv->asymmetric->p_verify == NULL ) - { - /* Key is defined in SE, but we have no way to exercise it */ - return( PSA_ERROR_NOT_SUPPORTED ); - } - - size_t hash_length; - uint8_t hash[PSA_HASH_MAX_SIZE]; - - status = psa_driver_wrapper_hash_compute( PSA_ALG_SIGN_GET_HASH( alg ), - input, input_length, - hash, sizeof( hash ), - &hash_length ); - - if( status != PSA_ERROR_NOT_SUPPORTED ) - return( status ); - - return( drv->asymmetric->p_verify( - drv_context, *( (psa_key_slot_number_t *)key_buffer ), - alg, hash, hash_length, - signature, signature_length ) ); - } -#endif /* PSA_CRYPTO_SE_C */ - psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime ); From f9820f92cf6fe9090c8e70809cbc5fbe374069c0 Mon Sep 17 00:00:00 2001 From: gabor-mezei-arm Date: Mon, 3 May 2021 16:26:20 +0200 Subject: [PATCH 116/188] Fix for algorithms other than hash-then-sign Signed-off-by: gabor-mezei-arm --- library/psa_crypto.c | 24 ++++++++++++++++++------ 1 file changed, 18 insertions(+), 6 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index b6353c4c01..778ef1bad4 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -2642,11 +2642,12 @@ psa_status_t psa_sign_message_internal( size_t *signature_length ) { psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - size_t hash_length; - uint8_t hash[PSA_HASH_MAX_SIZE]; if ( PSA_ALG_IS_HASH_AND_SIGN( alg ) ) { + size_t hash_length; + uint8_t hash[PSA_HASH_MAX_SIZE]; + status = psa_driver_wrapper_hash_compute( PSA_ALG_SIGN_GET_HASH( alg ), input, input_length, @@ -2654,11 +2655,16 @@ psa_status_t psa_sign_message_internal( if( status != PSA_SUCCESS ) return status; + + return psa_driver_wrapper_sign_hash( + attributes, key_buffer, key_buffer_size, + alg, hash, hash_length, + signature, signature_size, signature_length ); } return psa_driver_wrapper_sign_hash( attributes, key_buffer, key_buffer_size, - alg, hash, hash_length, + alg, input, input_length, signature, signature_size, signature_length ); } @@ -2686,11 +2692,12 @@ psa_status_t psa_verify_message_internal( size_t signature_length ) { psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - size_t hash_length; - uint8_t hash[PSA_HASH_MAX_SIZE]; if ( PSA_ALG_IS_HASH_AND_SIGN( alg ) ) { + size_t hash_length; + uint8_t hash[PSA_HASH_MAX_SIZE]; + status = psa_driver_wrapper_hash_compute( PSA_ALG_SIGN_GET_HASH( alg ), input, input_length, @@ -2698,11 +2705,16 @@ psa_status_t psa_verify_message_internal( if( status != PSA_SUCCESS ) return status; + + return psa_driver_wrapper_verify_hash( + attributes, key_buffer, key_buffer_size, + alg, hash, hash_length, + signature, signature_length ); } return psa_driver_wrapper_verify_hash( attributes, key_buffer, key_buffer_size, - alg, hash, hash_length, + alg, input, input_length, signature, signature_length ); } From 6dcaa3b5a1fb14767e9438cc07e77d1f69c5dd33 Mon Sep 17 00:00:00 2001 From: gabor-mezei-arm Date: Mon, 3 May 2021 16:29:54 +0200 Subject: [PATCH 117/188] Update driver tests for psa_hash/verify_message Signed-off-by: gabor-mezei-arm --- .../suites/test_suite_psa_crypto_driver_wrappers.function | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/tests/suites/test_suite_psa_crypto_driver_wrappers.function b/tests/suites/test_suite_psa_crypto_driver_wrappers.function index 5cc5a32b7b..2041588857 100644 --- a/tests/suites/test_suite_psa_crypto_driver_wrappers.function +++ b/tests/suites/test_suite_psa_crypto_driver_wrappers.function @@ -168,7 +168,9 @@ void ecdsa_sign_message( int force_status_arg, ASSERT_COMPARE( signature, signature_length, expected_output->x, expected_output->len ); } - TEST_EQUAL( mbedtls_test_driver_signature_sign_hooks.hits, 1 ); + /* In the builtin algorithm the driver is called twice. */ + TEST_EQUAL( mbedtls_test_driver_signature_sign_hooks.hits, + force_status == PSA_ERROR_NOT_SUPPORTED ? 2 : 1 ); exit: psa_reset_key_attributes( &attributes ); @@ -224,7 +226,9 @@ void ecdsa_verify_message( int force_status_arg, data_input->x, data_input->len, signature_input->x, signature_input->len ); TEST_EQUAL( actual_status, expected_status ); - TEST_EQUAL( mbedtls_test_driver_signature_verify_hooks.hits, 1 ); + /* In the builtin algorithm the driver is called twice. */ + TEST_EQUAL( mbedtls_test_driver_signature_verify_hooks.hits, + force_status == PSA_ERROR_NOT_SUPPORTED ? 2 : 1 ); exit: psa_reset_key_attributes( &attributes ); From 6cdf637f881f8507b72566ec944eb63ffeaca8f7 Mon Sep 17 00:00:00 2001 From: gabor-mezei-arm Date: Mon, 3 May 2021 16:30:53 +0200 Subject: [PATCH 118/188] Use switch-case for error handling Signed-off-by: gabor-mezei-arm --- library/psa_crypto.c | 42 ++++++++++++++++++++++++++---------------- 1 file changed, 26 insertions(+), 16 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 778ef1bad4..991c169707 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -2489,21 +2489,26 @@ static psa_status_t psa_sign_internal( mbedtls_svc_key_id_t key, *signature_length = 0; - if( operation == PSA_SIGN_INVALID ) - return( PSA_ERROR_INVALID_ARGUMENT ); - else + switch( operation ) { - if( ! PSA_ALG_IS_SIGN_MESSAGE( alg ) ) - return( PSA_ERROR_INVALID_ARGUMENT ); + case PSA_SIGN_HASH: + if( ! PSA_ALG_IS_HASH_AND_SIGN( alg ) ) + return( PSA_ERROR_INVALID_ARGUMENT ); + break; + + case PSA_SIGN_MESSAGE: + if( ! PSA_ALG_IS_SIGN_MESSAGE( alg ) ) + return( PSA_ERROR_INVALID_ARGUMENT ); - if( operation == PSA_SIGN_MESSAGE ) - { if ( PSA_ALG_IS_HASH_AND_SIGN( alg ) ) { if( ! PSA_ALG_IS_HASH( PSA_ALG_SIGN_GET_HASH( alg ) ) ) return( PSA_ERROR_INVALID_ARGUMENT ); } - } + break; + + default: + return( PSA_ERROR_INVALID_ARGUMENT ); } /* Immediately reject a zero-length signature buffer. This guarantees @@ -2579,21 +2584,26 @@ static psa_status_t psa_verify_internal( mbedtls_svc_key_id_t key, psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED; psa_key_slot_t *slot; - if( operation == PSA_VERIFY_INVALID ) - return( PSA_ERROR_INVALID_ARGUMENT ); - else + switch( operation ) { - if( ! PSA_ALG_IS_SIGN_MESSAGE( alg ) ) - return( PSA_ERROR_INVALID_ARGUMENT ); + case PSA_VERIFY_HASH: + if( ! PSA_ALG_IS_HASH_AND_SIGN( alg ) ) + return( PSA_ERROR_INVALID_ARGUMENT ); + break; + + case PSA_VERIFY_MESSAGE: + if( ! PSA_ALG_IS_SIGN_MESSAGE( alg ) ) + return( PSA_ERROR_INVALID_ARGUMENT ); - if( operation == PSA_VERIFY_MESSAGE ) - { if ( PSA_ALG_IS_HASH_AND_SIGN( alg ) ) { if( ! PSA_ALG_IS_HASH( PSA_ALG_SIGN_GET_HASH( alg ) ) ) return( PSA_ERROR_INVALID_ARGUMENT ); } - } + break; + + default: + return( PSA_ERROR_INVALID_ARGUMENT ); } status = psa_get_and_lock_key_slot_with_policy( From 12b4f34fff2132b8d079dd39263434c76010f636 Mon Sep 17 00:00:00 2001 From: gabor-mezei-arm Date: Wed, 5 May 2021 13:54:55 +0200 Subject: [PATCH 119/188] Fix documentation Signed-off-by: gabor-mezei-arm --- include/psa/crypto.h | 4 ++-- library/psa_crypto.c | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/include/psa/crypto.h b/include/psa/crypto.h index c45ad844bd..6aa7ccc924 100644 --- a/include/psa/crypto.h +++ b/include/psa/crypto.h @@ -2912,8 +2912,8 @@ psa_status_t psa_aead_abort(psa_aead_operation_t *operation); * must be appropriate for the selected * algorithm and key: * - The required signature size is - * #PSA_SIGN_OUTPUT_SIZE(key_type, key_bits, \p alg) - * where key_type and key_bits are the type and + * #PSA_SIGN_OUTPUT_SIZE(\c key_type, \c key_bits, \p alg) + * where \c key_type and \c key_bits are the type and * bit-size respectively of key. * - #PSA_SIGNATURE_MAX_SIZE evaluates to the * maximum signature size of any supported diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 991c169707..4f2cdb3950 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -2512,7 +2512,7 @@ static psa_status_t psa_sign_internal( mbedtls_svc_key_id_t key, } /* Immediately reject a zero-length signature buffer. This guarantees - * that signature must be a valid pointer. (On the other hand, the hash + * that signature must be a valid pointer. (On the other hand, the input * buffer can in principle be empty since it doesn't actually have * to be a hash.) */ if( signature_size == 0 ) From 8b3e88614cec3d07da74546abe04d338c51061d7 Mon Sep 17 00:00:00 2001 From: gabor-mezei-arm Date: Wed, 5 May 2021 13:56:27 +0200 Subject: [PATCH 120/188] Use bool variable instead of enum values Signed-off-by: gabor-mezei-arm --- library/psa_crypto.c | 112 ++++++++++++++++--------------------------- 1 file changed, 41 insertions(+), 71 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 4f2cdb3950..575853981d 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -2460,22 +2460,31 @@ cleanup: /* Asymmetric cryptography */ /****************************************************************/ -typedef enum +static psa_status_t psa_sign_verify_check_alg( uint8_t do_hash, + psa_algorithm_t alg ) { - PSA_SIGN_INVALID = 0, - PSA_SIGN_HASH = 1, - PSA_SIGN_MESSAGE -} psa_sign_operation_t; + if( do_hash ) + { + if( ! PSA_ALG_IS_SIGN_MESSAGE( alg ) ) + return( PSA_ERROR_INVALID_ARGUMENT ); -typedef enum -{ - PSA_VERIFY_INVALID = 0, - PSA_VERIFY_HASH = 1, - PSA_VERIFY_MESSAGE -} psa_verify_operation_t; + if ( PSA_ALG_IS_HASH_AND_SIGN( alg ) ) + { + if( ! PSA_ALG_IS_HASH( PSA_ALG_SIGN_GET_HASH( alg ) ) ) + return( PSA_ERROR_INVALID_ARGUMENT ); + } + } + else + { + if( ! PSA_ALG_IS_HASH_AND_SIGN( alg ) ) + return( PSA_ERROR_INVALID_ARGUMENT ); + } + + return( PSA_SUCCESS ); +} static psa_status_t psa_sign_internal( mbedtls_svc_key_id_t key, - psa_sign_operation_t operation, + uint8_t do_hash, psa_algorithm_t alg, const uint8_t * input, size_t input_length, @@ -2489,27 +2498,9 @@ static psa_status_t psa_sign_internal( mbedtls_svc_key_id_t key, *signature_length = 0; - switch( operation ) - { - case PSA_SIGN_HASH: - if( ! PSA_ALG_IS_HASH_AND_SIGN( alg ) ) - return( PSA_ERROR_INVALID_ARGUMENT ); - break; - - case PSA_SIGN_MESSAGE: - if( ! PSA_ALG_IS_SIGN_MESSAGE( alg ) ) - return( PSA_ERROR_INVALID_ARGUMENT ); - - if ( PSA_ALG_IS_HASH_AND_SIGN( alg ) ) - { - if( ! PSA_ALG_IS_HASH( PSA_ALG_SIGN_GET_HASH( alg ) ) ) - return( PSA_ERROR_INVALID_ARGUMENT ); - } - break; - - default: - return( PSA_ERROR_INVALID_ARGUMENT ); - } + status = psa_sign_verify_check_alg( do_hash, alg ); + if( status != PSA_SUCCESS ) + return status; /* Immediately reject a zero-length signature buffer. This guarantees * that signature must be a valid pointer. (On the other hand, the input @@ -2520,8 +2511,8 @@ static psa_status_t psa_sign_internal( mbedtls_svc_key_id_t key, status = psa_get_and_lock_key_slot_with_policy( key, &slot, - operation == PSA_SIGN_HASH ? PSA_KEY_USAGE_SIGN_HASH : - PSA_KEY_USAGE_SIGN_MESSAGE, + do_hash ? PSA_KEY_USAGE_SIGN_MESSAGE : + PSA_KEY_USAGE_SIGN_HASH, alg ); if( status != PSA_SUCCESS ) @@ -2537,14 +2528,14 @@ static psa_status_t psa_sign_internal( mbedtls_svc_key_id_t key, .core = slot->attr }; - if( operation == PSA_SIGN_MESSAGE ) + if( do_hash ) { status = psa_driver_wrapper_sign_message( &attributes, slot->key.data, slot->key.bytes, alg, input, input_length, signature, signature_size, signature_length ); } - else if( operation == PSA_SIGN_HASH ) + else { status = psa_driver_wrapper_sign_hash( @@ -2573,7 +2564,7 @@ exit: } static psa_status_t psa_verify_internal( mbedtls_svc_key_id_t key, - psa_verify_operation_t operation, + uint8_t do_hash, psa_algorithm_t alg, const uint8_t * input, size_t input_length, @@ -2584,32 +2575,14 @@ static psa_status_t psa_verify_internal( mbedtls_svc_key_id_t key, psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED; psa_key_slot_t *slot; - switch( operation ) - { - case PSA_VERIFY_HASH: - if( ! PSA_ALG_IS_HASH_AND_SIGN( alg ) ) - return( PSA_ERROR_INVALID_ARGUMENT ); - break; - - case PSA_VERIFY_MESSAGE: - if( ! PSA_ALG_IS_SIGN_MESSAGE( alg ) ) - return( PSA_ERROR_INVALID_ARGUMENT ); - - if ( PSA_ALG_IS_HASH_AND_SIGN( alg ) ) - { - if( ! PSA_ALG_IS_HASH( PSA_ALG_SIGN_GET_HASH( alg ) ) ) - return( PSA_ERROR_INVALID_ARGUMENT ); - } - break; - - default: - return( PSA_ERROR_INVALID_ARGUMENT ); - } + status = psa_sign_verify_check_alg( do_hash, alg ); + if( status != PSA_SUCCESS ) + return status; status = psa_get_and_lock_key_slot_with_policy( key, &slot, - operation == PSA_VERIFY_HASH ? PSA_KEY_USAGE_VERIFY_HASH : - PSA_KEY_USAGE_VERIFY_MESSAGE, + do_hash ? PSA_KEY_USAGE_VERIFY_MESSAGE : + PSA_KEY_USAGE_VERIFY_HASH, alg ); if( status != PSA_SUCCESS ) @@ -2619,14 +2592,14 @@ static psa_status_t psa_verify_internal( mbedtls_svc_key_id_t key, .core = slot->attr }; - if( operation == PSA_VERIFY_MESSAGE ) + if( do_hash ) { status = psa_driver_wrapper_verify_message( &attributes, slot->key.data, slot->key.bytes, alg, input, input_length, signature, signature_length ); } - else if( operation == PSA_VERIFY_HASH ) + else { status = psa_driver_wrapper_verify_hash( &attributes, slot->key.data, slot->key.bytes, @@ -2672,10 +2645,7 @@ psa_status_t psa_sign_message_internal( signature, signature_size, signature_length ); } - return psa_driver_wrapper_sign_hash( - attributes, key_buffer, key_buffer_size, - alg, input, input_length, - signature, signature_size, signature_length ); + return( PSA_ERROR_NOT_SUPPORTED ); } psa_status_t psa_sign_message( mbedtls_svc_key_id_t key, @@ -2687,7 +2657,7 @@ psa_status_t psa_sign_message( mbedtls_svc_key_id_t key, size_t * signature_length ) { return psa_sign_internal( - key, PSA_SIGN_MESSAGE, alg, input, input_length, + key, 1, alg, input, input_length, signature, signature_size, signature_length ); } @@ -2736,7 +2706,7 @@ psa_status_t psa_verify_message( mbedtls_svc_key_id_t key, size_t signature_length ) { return psa_verify_internal( - key, PSA_VERIFY_MESSAGE, alg, input, input_length, + key, 1, alg, input, input_length, signature, signature_length ); } @@ -2807,7 +2777,7 @@ psa_status_t psa_sign_hash( mbedtls_svc_key_id_t key, size_t *signature_length ) { return psa_sign_internal( - key, PSA_SIGN_HASH, alg, hash, hash_length, + key, 0, alg, hash, hash_length, signature, signature_size, signature_length ); } @@ -2876,7 +2846,7 @@ psa_status_t psa_verify_hash( mbedtls_svc_key_id_t key, size_t signature_length ) { return psa_verify_internal( - key, PSA_VERIFY_HASH, alg, hash, hash_length, + key, 0, alg, hash, hash_length, signature, signature_length ); } From 474a35f635409561d86de1fd3bff3a8c07361153 Mon Sep 17 00:00:00 2001 From: gabor-mezei-arm Date: Wed, 5 May 2021 13:59:01 +0200 Subject: [PATCH 121/188] Return error if algorithm is not hash-then-sign for psa_sign_message Signed-off-by: gabor-mezei-arm --- library/psa_crypto.c | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 575853981d..519c70aa6b 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -2692,10 +2692,7 @@ psa_status_t psa_verify_message_internal( signature, signature_length ); } - return psa_driver_wrapper_verify_hash( - attributes, key_buffer, key_buffer_size, - alg, input, input_length, - signature, signature_length ); + return( PSA_ERROR_NOT_SUPPORTED ); } psa_status_t psa_verify_message( mbedtls_svc_key_id_t key, From 4fabc5666b8682cec2bb559f46ba16cf0bd5b951 Mon Sep 17 00:00:00 2001 From: gabor-mezei-arm Date: Thu, 6 May 2021 11:47:31 +0200 Subject: [PATCH 122/188] Use non-deterministic ecdsa algorithm for verify_hash/message tests Signed-off-by: gabor-mezei-arm --- .../suites/test_suite_psa_crypto_driver_wrappers.function | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/tests/suites/test_suite_psa_crypto_driver_wrappers.function b/tests/suites/test_suite_psa_crypto_driver_wrappers.function index 2041588857..db495c2c27 100644 --- a/tests/suites/test_suite_psa_crypto_driver_wrappers.function +++ b/tests/suites/test_suite_psa_crypto_driver_wrappers.function @@ -65,7 +65,7 @@ exit: } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECDSA_DETERMINISTIC:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C */ +/* BEGIN_CASE depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 */ void ecdsa_verify_hash( int force_status_arg, int register_public_key, data_t *key_input, @@ -77,7 +77,7 @@ void ecdsa_verify_hash( int force_status_arg, psa_status_t expected_status = expected_status_arg; mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; - psa_algorithm_t alg = PSA_ALG_DETERMINISTIC_ECDSA( PSA_ALG_SHA_256 ); + psa_algorithm_t alg = PSA_ALG_ECDSA( PSA_ALG_SHA_256 ); psa_status_t actual_status; mbedtls_test_driver_signature_verify_hooks = mbedtls_test_driver_signature_hooks_init(); @@ -181,7 +181,7 @@ exit: } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECDSA_DETERMINISTIC:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C */ +/* BEGIN_CASE depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 */ void ecdsa_verify_message( int force_status_arg, int register_public_key, data_t *key_input, @@ -193,7 +193,7 @@ void ecdsa_verify_message( int force_status_arg, psa_status_t expected_status = expected_status_arg; mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; - psa_algorithm_t alg = PSA_ALG_DETERMINISTIC_ECDSA( PSA_ALG_SHA_256 ); + psa_algorithm_t alg = PSA_ALG_ECDSA( PSA_ALG_SHA_256 ); psa_status_t actual_status; mbedtls_test_driver_signature_verify_hooks = mbedtls_test_driver_signature_hooks_init(); From ce8804fd6e7fa7c0f5711277ebc06da92d63a18c Mon Sep 17 00:00:00 2001 From: gabor-mezei-arm Date: Thu, 6 May 2021 11:56:20 +0200 Subject: [PATCH 123/188] Update tests dependencies Signed-off-by: gabor-mezei-arm --- tests/suites/test_suite_psa_crypto.data | 10 +++++----- .../test_suite_psa_crypto_driver_wrappers.function | 10 +++++----- 2 files changed, 10 insertions(+), 10 deletions(-) diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data index 8f4f5525b8..1812bf1bf4 100644 --- a/tests/suites/test_suite_psa_crypto.data +++ b/tests/suites/test_suite_psa_crypto.data @@ -657,7 +657,7 @@ depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS asymmetric_signature_key_policy:0:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082013b020100024100ee2b131d6b1818a94ca8e91c42387eb15a7c271f57b89e7336b144d4535b16c83097ecdefbbb92d1b5313b5a37214d0e8f25922dca778b424b25295fc8a1a7070203010001024100978ac8eadb0dc6035347d6aba8671215ff21283385396f7897c04baf5e2a835f3b53ef80a82ed36ae687a925380b55a0c73eb85656e989dcf0ed7fb4887024e1022100fdad8e1c6853563f8b921d2d112462ae7d6b176082d2ba43e87e1a37fc1a8b33022100f0592cf4c55ba44307b18981bcdbda376c51e590ffa5345ba866f6962dca94dd02201995f1a967d44ff4a4cd1de837bc65bf97a2bf7eda730a9a62cea53254591105022027f96cf4b8ee68ff8d04062ec1ce7f18c0b74e4b3379b29f9bfea3fc8e592731022100cefa6d220496b43feb83194255d8fb930afcf46f36606e3aa0eb7a93ad88c10c":PSA_ALG_RSA_PKCS1V15_SIGN_RAW:1 PSA key policy: asymmetric signature for message, sign | verify -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_MD_C +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR asymmetric_signature_key_policy:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):PSA_KEY_TYPE_RSA_KEY_PAIR:"3082013b020100024100ee2b131d6b1818a94ca8e91c42387eb15a7c271f57b89e7336b144d4535b16c83097ecdefbbb92d1b5313b5a37214d0e8f25922dca778b424b25295fc8a1a7070203010001024100978ac8eadb0dc6035347d6aba8671215ff21283385396f7897c04baf5e2a835f3b53ef80a82ed36ae687a925380b55a0c73eb85656e989dcf0ed7fb4887024e1022100fdad8e1c6853563f8b921d2d112462ae7d6b176082d2ba43e87e1a37fc1a8b33022100f0592cf4c55ba44307b18981bcdbda376c51e590ffa5345ba866f6962dca94dd02201995f1a967d44ff4a4cd1de837bc65bf97a2bf7eda730a9a62cea53254591105022027f96cf4b8ee68ff8d04062ec1ce7f18c0b74e4b3379b29f9bfea3fc8e592731022100cefa6d220496b43feb83194255d8fb930afcf46f36606e3aa0eb7a93ad88c10c":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):1 PSA key policy: asymmetric signature for message, wrong algorithm family @@ -673,7 +673,7 @@ depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAI asymmetric_signature_key_policy:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_ALG_ECDSA(PSA_ALG_SHA_256):32 PSA key policy: asymmetric signature for message, wildcard in policy, PKCS#1v1.5 SHA-256 -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_MD_C +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR asymmetric_signature_key_policy:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):PSA_KEY_TYPE_RSA_KEY_PAIR:"3082013b020100024100ee2b131d6b1818a94ca8e91c42387eb15a7c271f57b89e7336b144d4535b16c83097ecdefbbb92d1b5313b5a37214d0e8f25922dca778b424b25295fc8a1a7070203010001024100978ac8eadb0dc6035347d6aba8671215ff21283385396f7897c04baf5e2a835f3b53ef80a82ed36ae687a925380b55a0c73eb85656e989dcf0ed7fb4887024e1022100fdad8e1c6853563f8b921d2d112462ae7d6b176082d2ba43e87e1a37fc1a8b33022100f0592cf4c55ba44307b18981bcdbda376c51e590ffa5345ba866f6962dca94dd02201995f1a967d44ff4a4cd1de837bc65bf97a2bf7eda730a9a62cea53254591105022027f96cf4b8ee68ff8d04062ec1ce7f18c0b74e4b3379b29f9bfea3fc8e592731022100cefa6d220496b43feb83194255d8fb930afcf46f36606e3aa0eb7a93ad88c10c":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):32 PSA key policy: asymmetric signature for message, wrong hash algorithm @@ -681,15 +681,15 @@ depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE asymmetric_signature_key_policy:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):PSA_KEY_TYPE_RSA_KEY_PAIR:"3082013b020100024100ee2b131d6b1818a94ca8e91c42387eb15a7c271f57b89e7336b144d4535b16c83097ecdefbbb92d1b5313b5a37214d0e8f25922dca778b424b25295fc8a1a7070203010001024100978ac8eadb0dc6035347d6aba8671215ff21283385396f7897c04baf5e2a835f3b53ef80a82ed36ae687a925380b55a0c73eb85656e989dcf0ed7fb4887024e1022100fdad8e1c6853563f8b921d2d112462ae7d6b176082d2ba43e87e1a37fc1a8b33022100f0592cf4c55ba44307b18981bcdbda376c51e590ffa5345ba866f6962dca94dd02201995f1a967d44ff4a4cd1de837bc65bf97a2bf7eda730a9a62cea53254591105022027f96cf4b8ee68ff8d04062ec1ce7f18c0b74e4b3379b29f9bfea3fc8e592731022100cefa6d220496b43feb83194255d8fb930afcf46f36606e3aa0eb7a93ad88c10c":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0 PSA key policy: asymmetric signature for message, alg=0 in policy -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_MD_C +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR asymmetric_signature_key_policy:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE:0:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082013b020100024100ee2b131d6b1818a94ca8e91c42387eb15a7c271f57b89e7336b144d4535b16c83097ecdefbbb92d1b5313b5a37214d0e8f25922dca778b424b25295fc8a1a7070203010001024100978ac8eadb0dc6035347d6aba8671215ff21283385396f7897c04baf5e2a835f3b53ef80a82ed36ae687a925380b55a0c73eb85656e989dcf0ed7fb4887024e1022100fdad8e1c6853563f8b921d2d112462ae7d6b176082d2ba43e87e1a37fc1a8b33022100f0592cf4c55ba44307b18981bcdbda376c51e590ffa5345ba866f6962dca94dd02201995f1a967d44ff4a4cd1de837bc65bf97a2bf7eda730a9a62cea53254591105022027f96cf4b8ee68ff8d04062ec1ce7f18c0b74e4b3379b29f9bfea3fc8e592731022100cefa6d220496b43feb83194255d8fb930afcf46f36606e3aa0eb7a93ad88c10c":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0 PSA key policy: asymmetric signature for message, sign but not verify -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_MD_C +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR asymmetric_signature_key_policy:PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):PSA_KEY_TYPE_RSA_KEY_PAIR:"3082013b020100024100ee2b131d6b1818a94ca8e91c42387eb15a7c271f57b89e7336b144d4535b16c83097ecdefbbb92d1b5313b5a37214d0e8f25922dca778b424b25295fc8a1a7070203010001024100978ac8eadb0dc6035347d6aba8671215ff21283385396f7897c04baf5e2a835f3b53ef80a82ed36ae687a925380b55a0c73eb85656e989dcf0ed7fb4887024e1022100fdad8e1c6853563f8b921d2d112462ae7d6b176082d2ba43e87e1a37fc1a8b33022100f0592cf4c55ba44307b18981bcdbda376c51e590ffa5345ba866f6962dca94dd02201995f1a967d44ff4a4cd1de837bc65bf97a2bf7eda730a9a62cea53254591105022027f96cf4b8ee68ff8d04062ec1ce7f18c0b74e4b3379b29f9bfea3fc8e592731022100cefa6d220496b43feb83194255d8fb930afcf46f36606e3aa0eb7a93ad88c10c":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):1 PSA key policy: asymmetric signature for message, verify but not sign -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_MD_C +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR asymmetric_signature_key_policy:PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):PSA_KEY_TYPE_RSA_KEY_PAIR:"3082013b020100024100ee2b131d6b1818a94ca8e91c42387eb15a7c271f57b89e7336b144d4535b16c83097ecdefbbb92d1b5313b5a37214d0e8f25922dca778b424b25295fc8a1a7070203010001024100978ac8eadb0dc6035347d6aba8671215ff21283385396f7897c04baf5e2a835f3b53ef80a82ed36ae687a925380b55a0c73eb85656e989dcf0ed7fb4887024e1022100fdad8e1c6853563f8b921d2d112462ae7d6b176082d2ba43e87e1a37fc1a8b33022100f0592cf4c55ba44307b18981bcdbda376c51e590ffa5345ba866f6962dca94dd02201995f1a967d44ff4a4cd1de837bc65bf97a2bf7eda730a9a62cea53254591105022027f96cf4b8ee68ff8d04062ec1ce7f18c0b74e4b3379b29f9bfea3fc8e592731022100cefa6d220496b43feb83194255d8fb930afcf46f36606e3aa0eb7a93ad88c10c":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):1 PSA key policy: derive via HKDF, permitted diff --git a/tests/suites/test_suite_psa_crypto_driver_wrappers.function b/tests/suites/test_suite_psa_crypto_driver_wrappers.function index db495c2c27..5123def4af 100644 --- a/tests/suites/test_suite_psa_crypto_driver_wrappers.function +++ b/tests/suites/test_suite_psa_crypto_driver_wrappers.function @@ -7,7 +7,7 @@ * END_DEPENDENCIES */ -/* BEGIN_CASE depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECDSA_DETERMINISTIC:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C */ +/* BEGIN_CASE depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 */ void ecdsa_sign_hash( int force_status_arg, data_t *key_input, data_t *data_input, @@ -121,7 +121,7 @@ exit: } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECDSA_DETERMINISTIC:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C */ +/* BEGIN_CASE depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 */ void ecdsa_sign_message( int force_status_arg, data_t *key_input, data_t *data_input, @@ -239,7 +239,7 @@ exit: } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED */ +/* BEGIN_CASE depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_ECC_SECP_R1_256 */ void generate_key( int force_status_arg, data_t *fake_output, int expected_status_arg ) @@ -312,7 +312,7 @@ exit: } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED */ +/* BEGIN_CASE depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_ECC_SECP_R1_256 */ void validate_key( int force_status_arg, int key_type_arg, data_t *key_input, @@ -348,7 +348,7 @@ exit: } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED */ +/* BEGIN_CASE depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_ECC_SECP_R1_256 */ void export_key( int force_status_arg, data_t *fake_output, int key_in_type_arg, From e088985496a91741bafb10bfc75c3c244609f16d Mon Sep 17 00:00:00 2001 From: gabor-mezei-arm Date: Wed, 5 May 2021 14:02:59 +0200 Subject: [PATCH 124/188] Fix test names Signed-off-by: gabor-mezei-arm --- tests/suites/test_suite_psa_crypto.data | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data index 1812bf1bf4..ef56d2c28c 100644 --- a/tests/suites/test_suite_psa_crypto.data +++ b/tests/suites/test_suite_psa_crypto.data @@ -2438,11 +2438,11 @@ PSA sign/verify message: RSA PSS SHA-256, 0 bytes depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C sign_verify_message:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):"" -PSA sign/verify message: RSA PSS SHA-256, 32 bytes (hash size) +PSA sign/verify message: RSA PSS SHA-256, 32 bytes depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C sign_verify_message:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" -PSA sign/verify message: RSA PSS SHA-256, 128 bytes (signature size) +PSA sign/verify message: RSA PSS SHA-256, 128 bytes depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C sign_verify_message:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" @@ -2458,11 +2458,11 @@ PSA sign/verify message: randomized ECDSA SECP256R1 SHA-256, 0 bytes depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256 sign_verify_message:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_ECDSA(PSA_ALG_SHA_256):"" -PSA sign/verify message: randomized ECDSA SECP256R1 SHA-256, 32 bytes (hash size) +PSA sign/verify message: randomized ECDSA SECP256R1 SHA-256, 32 bytes depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256 sign_verify_message:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_ECDSA(PSA_ALG_SHA_256):"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" -PSA sign/verify message: randomized ECDSA SECP256R1 SHA-256, 64 bytes (signature size) +PSA sign/verify message: randomized ECDSA SECP256R1 SHA-256, 64 bytes depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256 sign_verify_message:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_ECDSA(PSA_ALG_SHA_256):"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" @@ -2514,11 +2514,11 @@ PSA verify message: RSA PSS SHA-256, good signature, 129 bytes depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C verify_message:PSA_KEY_TYPE_RSA_PUBLIC_KEY:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":"43286cc0fc599603fbb0cd1fd70c3a17b08d2adf4f90202dddfa4b9d74be8c720bbb1c714665466de6452d401ca061b68225785ff387c2615f03c81351cc3838cd3014a031a4f4c9f70bba06f504c6a9942ac2dbfed2329e590d526a9be26b4025a6d7c4151b4e795cfe756c9a8a5e8fa9228a6f5f6f427a5a070e5c0ea69830" -PSA verify message ECDSA SECP256R1, good +PSA verify message: ECDSA SECP256R1 SHA-256, good depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:PSA_WANT_ALG_SHA_256:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256 verify_message:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1):"04dea5e45d0ea37fc566232a508f4ad20ea13d47e4bf5fa4d54a57a0ba012042087097496efc583fed8b24a5b9be9a51de063f5a00a8b698a16fd7f29b5485f320":PSA_ALG_ECDSA(PSA_ALG_SHA_256):"616263":"0f8c19f5affea6d593a33e176aa52717bff8d5875165fc63e80a2d65580d295789db5ffb5397ba4c67834e2731ee268ea6f7e83846fbb02145b35442db18cf0b" -PSA verify message with keypair: ECDSA SECP256R1, good +PSA verify message with keypair: ECDSA SECP256R1 SHA-256, good depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ALG_SHA_256:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256 verify_message:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_ECDSA(PSA_ALG_SHA_256):"616263":"0f8c19f5affea6d593a33e176aa52717bff8d5875165fc63e80a2d65580d295789db5ffb5397ba4c67834e2731ee268ea6f7e83846fbb02145b35442db18cf0b" From d785a79477afd4e1aa1eedd0dfcf09fb7adf2de4 Mon Sep 17 00:00:00 2001 From: gabor-mezei-arm Date: Wed, 5 May 2021 14:03:48 +0200 Subject: [PATCH 125/188] Fix test Signed-off-by: gabor-mezei-arm --- tests/suites/test_suite_psa_crypto.data | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data index ef56d2c28c..2898dda05d 100644 --- a/tests/suites/test_suite_psa_crypto.data +++ b/tests/suites/test_suite_psa_crypto.data @@ -2151,8 +2151,8 @@ depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLI import_and_exercise_key:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_KEY_TYPE_RSA_PUBLIC_KEY:1024:PSA_ALG_RSA_PSS(PSA_ALG_SHA_256) PSA import/exercise: ECP SECP256R1 keypair, ECDSA -depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256 -import_and_exercise_key:"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):256:PSA_ALG_ECDSA( PSA_ALG_SHA_256 ) +depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256 +import_and_exercise_key:"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):256:PSA_ALG_ECDSA_ANY PSA import/exercise: ECP SECP256R1 keypair, deterministic ECDSA depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_MD_C From 6e2a8daef450748f4c7d925515501cc72ca01ea5 Mon Sep 17 00:00:00 2001 From: gabor-mezei-arm Date: Wed, 5 May 2021 14:04:07 +0200 Subject: [PATCH 126/188] Add new tests for psa_sign/verify_message Signed-off-by: gabor-mezei-arm --- tests/suites/test_suite_psa_crypto.data | 18 +++++++++++++++++- 1 file changed, 17 insertions(+), 1 deletion(-) diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data index 2898dda05d..6101a765e6 100644 --- a/tests/suites/test_suite_psa_crypto.data +++ b/tests/suites/test_suite_psa_crypto.data @@ -2394,6 +2394,10 @@ PSA sign message: RSA PKCS#1 v1.5 SHA-256, empty output buffer depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C sign_message_fail:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):"616263":0:PSA_ERROR_BUFFER_TOO_SMALL +PSA sign message: RSA PKCS#1 v1.5 without hash +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C +sign_message_fail:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_PKCS1V15_SIGN_RAW:"616263":0:PSA_ERROR_INVALID_ARGUMENT + PSA sign message: RSA PKCS#1 v1.5 SHA-256, invalid key type depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_CHACHA20:MBEDTLS_MD_C sign_message_fail:PSA_KEY_TYPE_CHACHA20:"4bddc98c551a95395ef719557f813656b566bc45aac04eca3866324cc75489f2":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):"616263":128:PSA_ERROR_INVALID_ARGUMENT @@ -2426,6 +2430,10 @@ PSA sign message: deterministic ECDSA not supported depends_on:!PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_MD_C sign_message_fail:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"3f5d8d9be280b5696cc5cc9f94cf8af7e6b61dd6592b2ab2b3a4c607450417ec327dcdcaed7c10053d719a0574f0a76a":PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_SHA_256):"616263":96:PSA_ERROR_NOT_SUPPORTED +PSA sign message: ECDSA without hash +depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_MD_C +sign_message_fail:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_ECDSA_ANY:"616263":96:PSA_ERROR_INVALID_ARGUMENT + PSA sign/verify message: RSA PKCS#1 v1.5 SHA-256 depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C sign_verify_message:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):"616263" @@ -2542,6 +2550,10 @@ PSA verify message: RSA PKCS#1 v1.5 SHA-256, wrong signature (leading junk) depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C verify_message_fail:PSA_KEY_TYPE_RSA_PUBLIC_KEY:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):"616263":"21a73664d55b39c7ea6c1e5b5011724a11e1d7073d3a68f48c836fad153a1d91b6abdbc8f69da13b206cc96af6363b114458b026af14b24fab8929ed634c6a2acace0bcc62d9bb6a984afbcbfcd3a0608d32a2bae535b9cd1ecdf9dd281db1e0025c3bfb5512963ec3b98ddaa69e38bc3c84b1b61a04e5648640856aacc6fc7311":PSA_ERROR_INVALID_SIGNATURE +PSA verify message: RSA PKCS#1 v1.5 without hash +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C +verify_message_fail:PSA_KEY_TYPE_RSA_PUBLIC_KEY:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_ALG_RSA_PKCS1V15_SIGN_RAW:"616263":"21a73664d55b39c7ea6c1e5b5011724a11e1d7073d3a68f48c836fad153a1d91b6abdbc8f69da13b206cc96af6363b114458b026af14b24fab8929ed634c6a2acace0bcc62d9bb6a984afbcbfcd3a0608d32a2bae535b9cd1ecdf9dd281db1e0025c3bfb5512963ec3b98ddaa69e38bc3c84b1b61a04e5648640856aacc6fc7311":PSA_ERROR_INVALID_ARGUMENT + PSA verify message: ECDSA SECP256R1, wrong signature size (correct but ASN1-encoded) depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256 verify_message_fail:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1):"04dea5e45d0ea37fc566232a508f4ad20ea13d47e4bf5fa4d54a57a0ba012042087097496efc583fed8b24a5b9be9a51de063f5a00a8b698a16fd7f29b5485f320":PSA_ALG_ECDSA(PSA_ALG_SHA_256):"616263":"304502200b295f3dc3ac2bde92f550b7e73a2de15a753b4ebc761c521a32d1ed9bf5800a022100fe7301254058347c3dec7768f62dfc63f7c049d28bfdd1d6712126fd888e9f04":PSA_ERROR_INVALID_SIGNATURE @@ -2570,7 +2582,11 @@ PSA verify message: invalid algorithm for ECC key depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_MD_C verify_message_fail:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):"":"":PSA_ERROR_INVALID_ARGUMENT -PSA encrypt: RSA PKCS#1 v1.5, good +PSA verify message: ECDSA without hash +depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256 +verify_message_fail:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1):"04dea5e45d0ea37fc566232a508f4ad20ea13d47e4bf5fa4d54a57a0ba012042087097496efc583fed8b24a5b9be9a51de063f5a00a8b698a16fd7f29b5485f320":PSA_ALG_ECDSA_ANY:"":"":PSA_ERROR_INVALID_ARGUMENT + +PPSA encrypt: RSA PKCS#1 v1.5, good depends_on:PSA_WANT_ALG_RSA_PKCS1V15_CRYPT:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C asymmetric_encrypt:PSA_KEY_TYPE_RSA_PUBLIC_KEY:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_ALG_RSA_PKCS1V15_CRYPT:"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad":"":128:PSA_SUCCESS From 6883fd248d0e2d1b072cc58b06f450f34d9dc40b Mon Sep 17 00:00:00 2001 From: gabor-mezei-arm Date: Wed, 5 May 2021 14:18:36 +0200 Subject: [PATCH 127/188] Rename sign/verify builtin functions called by driver wrapper functions Signed-off-by: gabor-mezei-arm --- library/psa_crypto.c | 8 ++-- library/psa_crypto_core.h | 8 ++-- library/psa_crypto_driver_wrappers.c | 68 ++++++++++++++-------------- 3 files changed, 42 insertions(+), 42 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 519c70aa6b..077b294388 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -2613,7 +2613,7 @@ static psa_status_t psa_verify_internal( mbedtls_svc_key_id_t key, } -psa_status_t psa_sign_message_internal( +psa_status_t psa_sign_message_builtin( const psa_key_attributes_t *attributes, const uint8_t *key_buffer, size_t key_buffer_size, @@ -2661,7 +2661,7 @@ psa_status_t psa_sign_message( mbedtls_svc_key_id_t key, signature, signature_size, signature_length ); } -psa_status_t psa_verify_message_internal( +psa_status_t psa_verify_message_builtin( const psa_key_attributes_t *attributes, const uint8_t *key_buffer, size_t key_buffer_size, @@ -2707,7 +2707,7 @@ psa_status_t psa_verify_message( mbedtls_svc_key_id_t key, signature, signature_length ); } -psa_status_t psa_sign_hash_internal( +psa_status_t psa_sign_hash_builtin( const psa_key_attributes_t *attributes, const uint8_t *key_buffer, size_t key_buffer_size, psa_algorithm_t alg, const uint8_t *hash, size_t hash_length, @@ -2778,7 +2778,7 @@ psa_status_t psa_sign_hash( mbedtls_svc_key_id_t key, signature, signature_size, signature_length ); } -psa_status_t psa_verify_hash_internal( +psa_status_t psa_verify_hash_builtin( const psa_key_attributes_t *attributes, const uint8_t *key_buffer, size_t key_buffer_size, psa_algorithm_t alg, const uint8_t *hash, size_t hash_length, diff --git a/library/psa_crypto_core.h b/library/psa_crypto_core.h index a742b6dbbc..356d5489e3 100644 --- a/library/psa_crypto_core.h +++ b/library/psa_crypto_core.h @@ -412,7 +412,7 @@ psa_status_t psa_generate_key_internal( const psa_key_attributes_t *attributes, * \retval #PSA_ERROR_CORRUPTION_DETECTED * \retval #PSA_ERROR_INSUFFICIENT_ENTROPY */ -psa_status_t psa_sign_message_internal( +psa_status_t psa_sign_message_builtin( const psa_key_attributes_t *attributes, const uint8_t *key_buffer, size_t key_buffer_size, psa_algorithm_t alg, const uint8_t *input, size_t input_length, @@ -446,7 +446,7 @@ psa_status_t psa_sign_message_internal( * \retval #PSA_ERROR_INVALID_ARGUMENT * \retval #PSA_ERROR_INSUFFICIENT_MEMORY */ -psa_status_t psa_verify_message_internal( +psa_status_t psa_verify_message_builtin( const psa_key_attributes_t *attributes, const uint8_t *key_buffer, size_t key_buffer_size, psa_algorithm_t alg, const uint8_t *input, size_t input_length, @@ -485,7 +485,7 @@ psa_status_t psa_verify_message_internal( * \retval #PSA_ERROR_CORRUPTION_DETECTED * \retval #PSA_ERROR_INSUFFICIENT_ENTROPY */ -psa_status_t psa_sign_hash_internal( +psa_status_t psa_sign_hash_builtin( const psa_key_attributes_t *attributes, const uint8_t *key_buffer, size_t key_buffer_size, psa_algorithm_t alg, const uint8_t *hash, size_t hash_length, @@ -520,7 +520,7 @@ psa_status_t psa_sign_hash_internal( * \retval #PSA_ERROR_INVALID_ARGUMENT * \retval #PSA_ERROR_INSUFFICIENT_MEMORY */ -psa_status_t psa_verify_hash_internal( +psa_status_t psa_verify_hash_builtin( const psa_key_attributes_t *attributes, const uint8_t *key_buffer, size_t key_buffer_size, psa_algorithm_t alg, const uint8_t *hash, size_t hash_length, diff --git a/library/psa_crypto_driver_wrappers.c b/library/psa_crypto_driver_wrappers.c index 5c36daf6f2..0b7bd559f5 100644 --- a/library/psa_crypto_driver_wrappers.c +++ b/library/psa_crypto_driver_wrappers.c @@ -103,15 +103,15 @@ psa_status_t psa_driver_wrapper_sign_message( #endif /* PSA_CRYPTO_DRIVER_TEST */ #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ /* Fell through, meaning no accelerator supports this operation */ - return( psa_sign_message_internal( attributes, - key_buffer, - key_buffer_size, - alg, - input, - input_length, - signature, - signature_size, - signature_length ) ); + return( psa_sign_message_builtin( attributes, + key_buffer, + key_buffer_size, + alg, + input, + input_length, + signature, + signature_size, + signature_length ) ); /* Add cases for opaque driver here */ #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) @@ -172,14 +172,14 @@ psa_status_t psa_driver_wrapper_verify_message( #endif /* PSA_CRYPTO_DRIVER_TEST */ #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ - return( psa_verify_message_internal( attributes, - key_buffer, - key_buffer_size, - alg, - input, - input_length, - signature, - signature_length ) ); + return( psa_verify_message_builtin( attributes, + key_buffer, + key_buffer_size, + alg, + input, + input_length, + signature, + signature_length ) ); /* Add cases for opaque driver here */ #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) @@ -255,15 +255,15 @@ psa_status_t psa_driver_wrapper_sign_hash( #endif /* PSA_CRYPTO_DRIVER_TEST */ #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ /* Fell through, meaning no accelerator supports this operation */ - return( psa_sign_hash_internal( attributes, - key_buffer, - key_buffer_size, - alg, - hash, - hash_length, - signature, - signature_size, - signature_length ) ); + return( psa_sign_hash_builtin( attributes, + key_buffer, + key_buffer_size, + alg, + hash, + hash_length, + signature, + signature_size, + signature_length ) ); /* Add cases for opaque driver here */ #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) @@ -339,14 +339,14 @@ psa_status_t psa_driver_wrapper_verify_hash( #endif /* PSA_CRYPTO_DRIVER_TEST */ #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ - return( psa_verify_hash_internal( attributes, - key_buffer, - key_buffer_size, - alg, - hash, - hash_length, - signature, - signature_length ) ); + return( psa_verify_hash_builtin( attributes, + key_buffer, + key_buffer_size, + alg, + hash, + hash_length, + signature, + signature_length ) ); /* Add cases for opaque driver here */ #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) From 256443e64e5318f0041b9ef5831b0a653f6ea576 Mon Sep 17 00:00:00 2001 From: gabor-mezei-arm Date: Fri, 7 May 2021 15:16:34 +0200 Subject: [PATCH 128/188] Change the driver calling logic for psa_sign/verify_messsage The changed logic is to try a sign-message driver (opaque or transparent); if there isn't one, fallback to builtin sofware and do the hashing, then try a sign-hash driver. This will enable to the opaque driver to fallback to software. Signed-off-by: gabor-mezei-arm --- library/psa_crypto_driver_wrappers.c | 50 ++++++++++++++++------------ 1 file changed, 29 insertions(+), 21 deletions(-) diff --git a/library/psa_crypto_driver_wrappers.c b/library/psa_crypto_driver_wrappers.c index 0b7bd559f5..95daf80328 100644 --- a/library/psa_crypto_driver_wrappers.c +++ b/library/psa_crypto_driver_wrappers.c @@ -102,22 +102,13 @@ psa_status_t psa_driver_wrapper_sign_message( return( status ); #endif /* PSA_CRYPTO_DRIVER_TEST */ #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ - /* Fell through, meaning no accelerator supports this operation */ - return( psa_sign_message_builtin( attributes, - key_buffer, - key_buffer_size, - alg, - input, - input_length, - signature, - signature_size, - signature_length ) ); + break; /* Add cases for opaque driver here */ #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) #if defined(PSA_CRYPTO_DRIVER_TEST) case PSA_CRYPTO_TEST_DRIVER_LOCATION: - return( mbedtls_test_opaque_signature_sign_message( + status = mbedtls_test_opaque_signature_sign_message( attributes, key_buffer, key_buffer_size, @@ -126,7 +117,10 @@ psa_status_t psa_driver_wrapper_sign_message( input_length, signature, signature_size, - signature_length ) ); + signature_length ); + if( status != PSA_ERROR_NOT_SUPPORTED ) + return( status ); + break; #endif /* PSA_CRYPTO_DRIVER_TEST */ #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ default: @@ -134,6 +128,16 @@ psa_status_t psa_driver_wrapper_sign_message( (void)status; return( PSA_ERROR_INVALID_ARGUMENT ); } + + return( psa_sign_message_builtin( attributes, + key_buffer, + key_buffer_size, + alg, + input, + input_length, + signature, + signature_size, + signature_length ) ); } psa_status_t psa_driver_wrapper_verify_message( @@ -171,15 +175,7 @@ psa_status_t psa_driver_wrapper_verify_message( return( status ); #endif /* PSA_CRYPTO_DRIVER_TEST */ #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ - - return( psa_verify_message_builtin( attributes, - key_buffer, - key_buffer_size, - alg, - input, - input_length, - signature, - signature_length ) ); + break; /* Add cases for opaque driver here */ #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) @@ -194,6 +190,9 @@ psa_status_t psa_driver_wrapper_verify_message( input_length, signature, signature_length ) ); + if( status != PSA_ERROR_NOT_SUPPORTED ) + return( status ); + break; #endif /* PSA_CRYPTO_DRIVER_TEST */ #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ default: @@ -201,6 +200,15 @@ psa_status_t psa_driver_wrapper_verify_message( (void)status; return( PSA_ERROR_INVALID_ARGUMENT ); } + + return( psa_verify_message_builtin( attributes, + key_buffer, + key_buffer_size, + alg, + input, + input_length, + signature, + signature_length ) ); } psa_status_t psa_driver_wrapper_sign_hash( From 4a6fcda03100659bf0ca573b824a064abb2114be Mon Sep 17 00:00:00 2001 From: gabor-mezei-arm Date: Tue, 11 May 2021 13:28:50 +0200 Subject: [PATCH 129/188] Typo Signed-off-by: gabor-mezei-arm --- include/psa/crypto_values.h | 1 - 1 file changed, 1 deletion(-) diff --git a/include/psa/crypto_values.h b/include/psa/crypto_values.h index 5fc868814d..497bd8f01f 100644 --- a/include/psa/crypto_values.h +++ b/include/psa/crypto_values.h @@ -1549,7 +1549,6 @@ PSA_ALG_IS_ECDSA(alg) || PSA_ALG_IS_HASH_EDDSA(alg) || \ PSA_ALG_IS_VENDOR_HASH_AND_SIGN(alg)) - /** Whether the specified algorithm is a signature algorithm that can be used * with psa_sign_message() and psa_verify_message(). * From 041887bfc30578a54fc646a57e969c15166b80a0 Mon Sep 17 00:00:00 2001 From: gabor-mezei-arm Date: Tue, 11 May 2021 13:29:24 +0200 Subject: [PATCH 130/188] Update key usage determination for exercise key tests Signed-off-by: gabor-mezei-arm --- tests/src/psa_exercise_key.c | 20 +++++++++++++------- 1 file changed, 13 insertions(+), 7 deletions(-) diff --git a/tests/src/psa_exercise_key.c b/tests/src/psa_exercise_key.c index 197e31a349..f48a64e947 100644 --- a/tests/src/psa_exercise_key.c +++ b/tests/src/psa_exercise_key.c @@ -924,16 +924,22 @@ psa_key_usage_t mbedtls_test_psa_usage_to_exercise( psa_key_type_t type, { if( PSA_ALG_IS_MAC( alg ) || PSA_ALG_IS_SIGN( alg ) ) { - if( PSA_ALG_SIGN_GET_HASH( alg ) ) + if( PSA_ALG_IS_HASH_AND_SIGN( alg ) ) + { + if( PSA_ALG_SIGN_GET_HASH( alg ) ) + return( PSA_KEY_TYPE_IS_PUBLIC_KEY( type ) ? + PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE: + PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | + PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE ); + } + else if( PSA_ALG_IS_SIGN_MESSAGE( alg) ) return( PSA_KEY_TYPE_IS_PUBLIC_KEY( type ) ? - PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE: - PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | + PSA_KEY_USAGE_VERIFY_MESSAGE : PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE ); - else - return( PSA_KEY_TYPE_IS_PUBLIC_KEY( type ) ? - PSA_KEY_USAGE_VERIFY_HASH: - PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH ); + return( PSA_KEY_TYPE_IS_PUBLIC_KEY( type ) ? + PSA_KEY_USAGE_VERIFY_HASH : + PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH ); } else if( PSA_ALG_IS_CIPHER( alg ) || PSA_ALG_IS_AEAD( alg ) || PSA_ALG_IS_ASYMMETRIC_ENCRYPTION( alg ) ) From 4bc0edb919a7e52cf2b8e985c5c1c0f79755fb1c Mon Sep 17 00:00:00 2001 From: gabor-mezei-arm Date: Wed, 12 May 2021 10:48:55 +0200 Subject: [PATCH 131/188] Typo Signed-off-by: gabor-mezei-arm --- tests/suites/test_suite_psa_crypto.data | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data index 6101a765e6..cb0cb9cd44 100644 --- a/tests/suites/test_suite_psa_crypto.data +++ b/tests/suites/test_suite_psa_crypto.data @@ -2586,7 +2586,7 @@ PSA verify message: ECDSA without hash depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256 verify_message_fail:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1):"04dea5e45d0ea37fc566232a508f4ad20ea13d47e4bf5fa4d54a57a0ba012042087097496efc583fed8b24a5b9be9a51de063f5a00a8b698a16fd7f29b5485f320":PSA_ALG_ECDSA_ANY:"":"":PSA_ERROR_INVALID_ARGUMENT -PPSA encrypt: RSA PKCS#1 v1.5, good +PSA encrypt: RSA PKCS#1 v1.5, good depends_on:PSA_WANT_ALG_RSA_PKCS1V15_CRYPT:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C asymmetric_encrypt:PSA_KEY_TYPE_RSA_PUBLIC_KEY:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_ALG_RSA_PKCS1V15_CRYPT:"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad":"":128:PSA_SUCCESS From 2b8373f8567e457ce59b1d5b68b87e4c1f3f24e8 Mon Sep 17 00:00:00 2001 From: gabor-mezei-arm Date: Wed, 12 May 2021 10:49:27 +0200 Subject: [PATCH 132/188] Update documentation Signed-off-by: gabor-mezei-arm --- library/psa_crypto_core.h | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/library/psa_crypto_core.h b/library/psa_crypto_core.h index 356d5489e3..4420ec2569 100644 --- a/library/psa_crypto_core.h +++ b/library/psa_crypto_core.h @@ -386,6 +386,9 @@ psa_status_t psa_generate_key_internal( const psa_key_attributes_t *attributes, * entry point as defined in the PSA driver interface specification for * transparent drivers. * + * \note This function will call the driver for psa_sign_hash + * and go through driver dispatch again. + * * \param[in] attributes The attributes of the key to use for the * operation. * \param[in] key_buffer The buffer containing the key context. @@ -426,6 +429,9 @@ psa_status_t psa_sign_message_builtin( * entry point as defined in the PSA driver interface specification for * transparent drivers. * + * \note This function will call the driver for psa_verify_hash + * and go through driver dispatch again. + * * \param[in] attributes The attributes of the key to use for the * operation. * \param[in] key_buffer The buffer containing the key context. From f048618b43f74e7383ba62b94c65b4bfdf73d6ac Mon Sep 17 00:00:00 2001 From: gabor-mezei-arm Date: Wed, 12 May 2021 11:03:09 +0200 Subject: [PATCH 133/188] Unify variable type and rename to be unambiguous Signed-off-by: gabor-mezei-arm --- library/psa_crypto.c | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 077b294388..1ecab4e077 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -2460,10 +2460,10 @@ cleanup: /* Asymmetric cryptography */ /****************************************************************/ -static psa_status_t psa_sign_verify_check_alg( uint8_t do_hash, +static psa_status_t psa_sign_verify_check_alg( int input_is_message, psa_algorithm_t alg ) { - if( do_hash ) + if( input_is_message ) { if( ! PSA_ALG_IS_SIGN_MESSAGE( alg ) ) return( PSA_ERROR_INVALID_ARGUMENT ); @@ -2484,7 +2484,7 @@ static psa_status_t psa_sign_verify_check_alg( uint8_t do_hash, } static psa_status_t psa_sign_internal( mbedtls_svc_key_id_t key, - uint8_t do_hash, + int input_is_message, psa_algorithm_t alg, const uint8_t * input, size_t input_length, @@ -2498,7 +2498,7 @@ static psa_status_t psa_sign_internal( mbedtls_svc_key_id_t key, *signature_length = 0; - status = psa_sign_verify_check_alg( do_hash, alg ); + status = psa_sign_verify_check_alg( input_is_message, alg ); if( status != PSA_SUCCESS ) return status; @@ -2511,8 +2511,8 @@ static psa_status_t psa_sign_internal( mbedtls_svc_key_id_t key, status = psa_get_and_lock_key_slot_with_policy( key, &slot, - do_hash ? PSA_KEY_USAGE_SIGN_MESSAGE : - PSA_KEY_USAGE_SIGN_HASH, + input_is_message ? PSA_KEY_USAGE_SIGN_MESSAGE : + PSA_KEY_USAGE_SIGN_HASH, alg ); if( status != PSA_SUCCESS ) @@ -2528,7 +2528,7 @@ static psa_status_t psa_sign_internal( mbedtls_svc_key_id_t key, .core = slot->attr }; - if( do_hash ) + if( input_is_message ) { status = psa_driver_wrapper_sign_message( &attributes, slot->key.data, slot->key.bytes, @@ -2564,7 +2564,7 @@ exit: } static psa_status_t psa_verify_internal( mbedtls_svc_key_id_t key, - uint8_t do_hash, + int input_is_message, psa_algorithm_t alg, const uint8_t * input, size_t input_length, @@ -2575,14 +2575,14 @@ static psa_status_t psa_verify_internal( mbedtls_svc_key_id_t key, psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED; psa_key_slot_t *slot; - status = psa_sign_verify_check_alg( do_hash, alg ); + status = psa_sign_verify_check_alg( input_is_message, alg ); if( status != PSA_SUCCESS ) return status; status = psa_get_and_lock_key_slot_with_policy( key, &slot, - do_hash ? PSA_KEY_USAGE_VERIFY_MESSAGE : - PSA_KEY_USAGE_VERIFY_HASH, + input_is_message ? PSA_KEY_USAGE_VERIFY_MESSAGE : + PSA_KEY_USAGE_VERIFY_HASH, alg ); if( status != PSA_SUCCESS ) @@ -2592,7 +2592,7 @@ static psa_status_t psa_verify_internal( mbedtls_svc_key_id_t key, .core = slot->attr }; - if( do_hash ) + if( input_is_message ) { status = psa_driver_wrapper_verify_message( &attributes, slot->key.data, slot->key.bytes, From d5218df572159b80fbc31adb88062a0532032ccc Mon Sep 17 00:00:00 2001 From: gabor-mezei-arm Date: Wed, 12 May 2021 11:12:25 +0200 Subject: [PATCH 134/188] Enable fallback to software implementation in psa_sign/verify_message driver Signed-off-by: gabor-mezei-arm --- library/psa_crypto_driver_wrappers.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/library/psa_crypto_driver_wrappers.c b/library/psa_crypto_driver_wrappers.c index 95daf80328..aab66ab20f 100644 --- a/library/psa_crypto_driver_wrappers.c +++ b/library/psa_crypto_driver_wrappers.c @@ -126,7 +126,7 @@ psa_status_t psa_driver_wrapper_sign_message( default: /* Key is declared with a lifetime not known to us */ (void)status; - return( PSA_ERROR_INVALID_ARGUMENT ); + break; } return( psa_sign_message_builtin( attributes, @@ -198,7 +198,7 @@ psa_status_t psa_driver_wrapper_verify_message( default: /* Key is declared with a lifetime not known to us */ (void)status; - return( PSA_ERROR_INVALID_ARGUMENT ); + break; } return( psa_verify_message_builtin( attributes, From 07a35f68ee469d8d79ecef9184d76c789f362186 Mon Sep 17 00:00:00 2001 From: gabor-mezei-arm Date: Thu, 13 May 2021 16:27:46 +0200 Subject: [PATCH 135/188] Update key type name Signed-off-by: gabor-mezei-arm --- tests/suites/test_suite_psa_crypto_driver_wrappers.function | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/tests/suites/test_suite_psa_crypto_driver_wrappers.function b/tests/suites/test_suite_psa_crypto_driver_wrappers.function index 5123def4af..e86309b065 100644 --- a/tests/suites/test_suite_psa_crypto_driver_wrappers.function +++ b/tests/suites/test_suite_psa_crypto_driver_wrappers.function @@ -142,7 +142,7 @@ void ecdsa_sign_message( int force_status_arg, PSA_ASSERT( psa_crypto_init( ) ); psa_set_key_type( &attributes, - PSA_KEY_TYPE_ECC_KEY_PAIR( PSA_ECC_CURVE_SECP_R1 ) ); + PSA_KEY_TYPE_ECC_KEY_PAIR( PSA_ECC_FAMILY_SECP_R1 ) ); psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_SIGN_MESSAGE ); psa_set_key_algorithm( &attributes, alg ); psa_import_key( &attributes, @@ -202,7 +202,7 @@ void ecdsa_verify_message( int force_status_arg, if( register_public_key ) { psa_set_key_type( &attributes, - PSA_KEY_TYPE_ECC_PUBLIC_KEY( PSA_ECC_CURVE_SECP_R1 ) ); + PSA_KEY_TYPE_ECC_PUBLIC_KEY( PSA_ECC_FAMILY_SECP_R1 ) ); psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_VERIFY_MESSAGE ); psa_set_key_algorithm( &attributes, alg ); psa_import_key( &attributes, @@ -212,7 +212,7 @@ void ecdsa_verify_message( int force_status_arg, else { psa_set_key_type( &attributes, - PSA_KEY_TYPE_ECC_KEY_PAIR( PSA_ECC_CURVE_SECP_R1 ) ); + PSA_KEY_TYPE_ECC_KEY_PAIR( PSA_ECC_FAMILY_SECP_R1 ) ); psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_VERIFY_MESSAGE ); psa_set_key_algorithm( &attributes, alg ); psa_import_key( &attributes, From 95f8f22c2701218c1d24ef568c8e1632f19dcd41 Mon Sep 17 00:00:00 2001 From: TRodziewicz Date: Fri, 14 May 2021 14:07:51 +0200 Subject: [PATCH 136/188] Migration guide added and ChangeLog clarified Signed-off-by: TRodziewicz --- ChangeLog.d/issue4361.txt | 3 ++- .../remove_ssl_record_checking.md | 13 +++++++++++++ 2 files changed, 15 insertions(+), 1 deletion(-) create mode 100644 docs/3.0-migration-guide.d/remove_ssl_record_checking.md diff --git a/ChangeLog.d/issue4361.txt b/ChangeLog.d/issue4361.txt index 670c8a6580..f1dbb3f195 100644 --- a/ChangeLog.d/issue4361.txt +++ b/ChangeLog.d/issue4361.txt @@ -1,2 +1,3 @@ Removals - * Remove the MBEDTLS_SSL_RECORD_CHECKING option. Fixes #4361. + * Remove the MBEDTLS_SSL_RECORD_CHECKING option and enable by default its + previous action. Fixes #4361. diff --git a/docs/3.0-migration-guide.d/remove_ssl_record_checking.md b/docs/3.0-migration-guide.d/remove_ssl_record_checking.md new file mode 100644 index 0000000000..a1b8a5757b --- /dev/null +++ b/docs/3.0-migration-guide.d/remove_ssl_record_checking.md @@ -0,0 +1,13 @@ +Remove MBEDTLS_SSL_RECORD_CHECKING option and enable its action by default +-------------------------------------------------------------------------- + +This change does not affects users who use the default config.h, as the +option MBEDTLS_SSL_RECORD_CHECKING was already on by default. + +This option was added only to controls compilation of one function +(mbedtls_ssl_check_record()) used in DTLS to check a buffer's validity and +authenticity. Switching it off poses a security risk. + +For users who changed the default setting of the option there is no real path +of migration. + From 1cf33bf94d173343da7e94a4ee56eb08c6e8f936 Mon Sep 17 00:00:00 2001 From: TRodziewicz Date: Fri, 14 May 2021 14:35:26 +0200 Subject: [PATCH 137/188] Corrections o the migration guide Signed-off-by: TRodziewicz --- docs/3.0-migration-guide.d/remove_ssl_record_checking.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/3.0-migration-guide.d/remove_ssl_record_checking.md b/docs/3.0-migration-guide.d/remove_ssl_record_checking.md index a1b8a5757b..91f6f7e88b 100644 --- a/docs/3.0-migration-guide.d/remove_ssl_record_checking.md +++ b/docs/3.0-migration-guide.d/remove_ssl_record_checking.md @@ -1,10 +1,10 @@ Remove MBEDTLS_SSL_RECORD_CHECKING option and enable its action by default -------------------------------------------------------------------------- -This change does not affects users who use the default config.h, as the +This change does not affect users who use the default config.h, as the option MBEDTLS_SSL_RECORD_CHECKING was already on by default. -This option was added only to controls compilation of one function +This option was added only to control compilation of one function (mbedtls_ssl_check_record()) used in DTLS to check a buffer's validity and authenticity. Switching it off poses a security risk. From 541af8575ea00cd95c405937de0e81c2efb4b8bd Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Fri, 14 May 2021 16:49:01 +0100 Subject: [PATCH 138/188] Use -1 instead of 1 as failure return value in internal SSL function Signed-off-by: Hanno Becker --- library/ssl_tls.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index fd77dc3d3a..1c54b5f77b 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -6999,14 +6999,14 @@ int mbedtls_ssl_set_calc_verify_md( mbedtls_ssl_context *ssl, int md ) { #if defined(MBEDTLS_SSL_PROTO_TLS1_2) if( ssl->minor_ver != MBEDTLS_SSL_MINOR_VERSION_3 ) - return( 1 ); + return( -1 ); switch( md ) { #if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1) #if defined(MBEDTLS_MD5_C) case MBEDTLS_SSL_HASH_MD5: - return( 1 ); + return( -1 ); #endif #if defined(MBEDTLS_SHA1_C) case MBEDTLS_SSL_HASH_SHA1: @@ -7025,7 +7025,7 @@ int mbedtls_ssl_set_calc_verify_md( mbedtls_ssl_context *ssl, int md ) break; #endif default: - return( 1 ); + return( -1 ); } return 0; @@ -7033,7 +7033,7 @@ int mbedtls_ssl_set_calc_verify_md( mbedtls_ssl_context *ssl, int md ) (void) ssl; (void) md; - return( 1 ); + return( -1 ); #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ } From a808ec3f0d9de3ec8d4789abf1119905d4ea7b8c Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Fri, 14 May 2021 17:10:15 +0100 Subject: [PATCH 139/188] Add ChangeLog entry Signed-off-by: Hanno Becker --- ChangeLog.d/ssl-error-code-cleanup.txt | 7 +++++++ 1 file changed, 7 insertions(+) create mode 100644 ChangeLog.d/ssl-error-code-cleanup.txt diff --git a/ChangeLog.d/ssl-error-code-cleanup.txt b/ChangeLog.d/ssl-error-code-cleanup.txt new file mode 100644 index 0000000000..0438aa2f6b --- /dev/null +++ b/ChangeLog.d/ssl-error-code-cleanup.txt @@ -0,0 +1,7 @@ +API changes + * Remove SSL error codes `MBEDTLS_ERR_SSL_CERTIFICATE_REQUIRED` + and `MBEDTLS_ERR_SSL_INVALID_VERIFY_HASH` which are never + returned from the public SSL API. + * Remove `MBEDTLS_ERR_SSL_CERTIFICATE_TOO_LARGE` and return + `MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL` instead. + ` From 8e184e2debf4e0d26f4324c4debd36d6a4844bea Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Fri, 14 May 2021 17:10:27 +0100 Subject: [PATCH 140/188] Add migration guide Signed-off-by: Hanno Becker --- .../ssl-error-code-cleanup.md | 20 +++++++++++++++++++ 1 file changed, 20 insertions(+) create mode 100644 docs/3.0-migration-guide.d/ssl-error-code-cleanup.md diff --git a/docs/3.0-migration-guide.d/ssl-error-code-cleanup.md b/docs/3.0-migration-guide.d/ssl-error-code-cleanup.md new file mode 100644 index 0000000000..49d1a0f223 --- /dev/null +++ b/docs/3.0-migration-guide.d/ssl-error-code-cleanup.md @@ -0,0 +1,20 @@ +Removal of some SSL error codes +----------------------------------------------------------------- + +This affects users manually checking for the following error codes: +- `MBEDTLS_ERR_SSL_CERTIFICATE_REQUIRED` +- `MBEDTLS_ERR_SSL_INVALID_VERIFY_HASH` +- `MBEDTLS_ERR_SSL_CERTIFICATE_TOO_LARGE` + +Migration paths: +- `MBEDTLS_ERR_SSL_CERTIFICATE_REQUIRED` and `MBEDTLS_ERR_SSL_INVALID_VERIFY_HASH` + should never be returned from Mbed TLS, and there is no need to check for it. + Users should simply remove manual checks for those codes, and let the Mbed TLS + team know if -- contrary to the team's understanding -- there is in fact a situation + where one of them was ever returned. +- `MBEDTLS_ERR_SSL_CERTIFICATE_TOO_LARGE` has been removed, and + `MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL` is returned instead if the user's own certificate + is too large to fit into the output buffers. Users should check for + `MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL` instead, and potentially compare the size of their + own certificate against the configured size of the output buffer to understand if + the error is due to an overly large certificate. From 59b97bbe065ce04f716624795081f898ecc21a9e Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Fri, 14 May 2021 17:12:15 +0100 Subject: [PATCH 141/188] Fixup glitch in ChangeLog entry Signed-off-by: Hanno Becker --- ChangeLog.d/ssl-error-code-cleanup.txt | 1 - 1 file changed, 1 deletion(-) diff --git a/ChangeLog.d/ssl-error-code-cleanup.txt b/ChangeLog.d/ssl-error-code-cleanup.txt index 0438aa2f6b..768d1905ad 100644 --- a/ChangeLog.d/ssl-error-code-cleanup.txt +++ b/ChangeLog.d/ssl-error-code-cleanup.txt @@ -4,4 +4,3 @@ API changes returned from the public SSL API. * Remove `MBEDTLS_ERR_SSL_CERTIFICATE_TOO_LARGE` and return `MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL` instead. - ` From fd86ca8626388cd2f0e5cb1a3fe35b3262a41953 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Mon, 30 Nov 2020 08:54:23 +0000 Subject: [PATCH 142/188] Rename SOME_MODES_USE_MAC -> SOME_SUITES_USE_MAC Signed-off-by: Hanno Becker --- library/ssl_misc.h | 12 ++++++------ library/ssl_msg.c | 12 ++++++------ library/ssl_tls.c | 24 ++++++++++++------------ tests/suites/test_suite_ssl.function | 6 +++--- 4 files changed, 27 insertions(+), 27 deletions(-) diff --git a/library/ssl_misc.h b/library/ssl_misc.h index 9ac48c757c..8a006620cc 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -149,10 +149,10 @@ #if defined(MBEDTLS_CIPHER_NULL_CIPHER) || \ defined(MBEDTLS_SSL_SOME_SUITES_USE_CBC) -#define MBEDTLS_SSL_SOME_MODES_USE_MAC +#define MBEDTLS_SSL_SOME_SUITES_USE_MAC #endif -#if defined(MBEDTLS_SSL_SOME_MODES_USE_MAC) +#if defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC) /* Ciphersuites using HMAC */ #if defined(MBEDTLS_SHA512_C) #define MBEDTLS_SSL_MAC_ADD 48 /* SHA-384 used for HMAC */ @@ -161,7 +161,7 @@ #else #define MBEDTLS_SSL_MAC_ADD 20 /* SHA-1 used for HMAC */ #endif -#else /* MBEDTLS_SSL_SOME_MODES_USE_MAC */ +#else /* MBEDTLS_SSL_SOME_SUITES_USE_MAC */ /* AEAD ciphersuites: GCM and CCM use a 128 bits tag */ #define MBEDTLS_SSL_MAC_ADD 16 #endif @@ -711,7 +711,7 @@ struct mbedtls_ssl_transform unsigned char iv_enc[16]; /*!< IV (encryption) */ unsigned char iv_dec[16]; /*!< IV (decryption) */ -#if defined(MBEDTLS_SSL_SOME_MODES_USE_MAC) +#if defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC) mbedtls_md_context_t md_ctx_enc; /*!< MAC (encryption) */ mbedtls_md_context_t md_ctx_dec; /*!< MAC (decryption) */ @@ -720,7 +720,7 @@ struct mbedtls_ssl_transform int encrypt_then_mac; /*!< flag for EtM activation */ #endif -#endif /* MBEDTLS_SSL_SOME_MODES_USE_MAC */ +#endif /* MBEDTLS_SSL_SOME_SUITES_USE_MAC */ mbedtls_cipher_context_t cipher_ctx_enc; /*!< encryption context */ mbedtls_cipher_context_t cipher_ctx_dec; /*!< decryption context */ @@ -747,7 +747,7 @@ struct mbedtls_ssl_transform static inline int mbedtls_ssl_transform_uses_aead( const mbedtls_ssl_transform *transform ) { -#if defined(MBEDTLS_SSL_SOME_MODES_USE_MAC) +#if defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC) return( transform->maclen == 0 && transform->taglen != 0 ); #else (void) transform; diff --git a/library/ssl_msg.c b/library/ssl_msg.c index 3956a67d27..10ddf0d65f 100644 --- a/library/ssl_msg.c +++ b/library/ssl_msg.c @@ -633,7 +633,7 @@ int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl, /* * Add MAC before if needed */ -#if defined(MBEDTLS_SSL_SOME_MODES_USE_MAC) +#if defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC) if( mode == MBEDTLS_MODE_STREAM || ( mode == MBEDTLS_MODE_CBC #if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) @@ -678,7 +678,7 @@ int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl, post_avail -= transform->maclen; auth_done++; } -#endif /* MBEDTLS_SSL_SOME_MODES_USE_MAC */ +#endif /* MBEDTLS_SSL_SOME_SUITES_USE_MAC */ /* * Encrypt @@ -1209,7 +1209,7 @@ int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context const *ssl, size_t olen; mbedtls_cipher_mode_t mode; int ret, auth_done = 0; -#if defined(MBEDTLS_SSL_SOME_MODES_USE_MAC) +#if defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC) size_t padlen = 0, correct = 1; #endif unsigned char* data; @@ -1636,7 +1636,7 @@ int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context const *ssl, * Authenticate if not done yet. * Compute the MAC regardless of the padding result (RFC4346, CBCTIME). */ -#if defined(MBEDTLS_SSL_SOME_MODES_USE_MAC) +#if defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC) if( auth_done == 0 ) { unsigned char mac_expect[MBEDTLS_SSL_MAC_ADD]; @@ -1712,7 +1712,7 @@ int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context const *ssl, */ if( correct == 0 ) return( MBEDTLS_ERR_SSL_INVALID_MAC ); -#endif /* MBEDTLS_SSL_SOME_MODES_USE_MAC */ +#endif /* MBEDTLS_SSL_SOME_SUITES_USE_MAC */ /* Make extra sure authentication was performed, exactly once */ if( auth_done != 1 ) @@ -5628,7 +5628,7 @@ void mbedtls_ssl_transform_free( mbedtls_ssl_transform *transform ) mbedtls_cipher_free( &transform->cipher_ctx_enc ); mbedtls_cipher_free( &transform->cipher_ctx_dec ); -#if defined(MBEDTLS_SSL_SOME_MODES_USE_MAC) +#if defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC) mbedtls_md_free( &transform->md_ctx_enc ); mbedtls_md_free( &transform->md_ctx_dec ); #endif diff --git a/library/ssl_tls.c b/library/ssl_tls.c index bc2f269a9c..a503b0ee47 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -806,14 +806,14 @@ typedef int ssl_tls_prf_t(const unsigned char *, size_t, const char *, static int ssl_populate_transform( mbedtls_ssl_transform *transform, int ciphersuite, const unsigned char master[48], -#if defined(MBEDTLS_SSL_SOME_MODES_USE_MAC) +#if defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC) #if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) int encrypt_then_mac, #endif /* MBEDTLS_SSL_ENCRYPT_THEN_MAC */ #if defined(MBEDTLS_SSL_TRUNCATED_HMAC) int trunc_hmac, #endif /* MBEDTLS_SSL_TRUNCATED_HMAC */ -#endif /* MBEDTLS_SSL_SOME_MODES_USE_MAC */ +#endif /* MBEDTLS_SSL_SOME_SUITES_USE_MAC */ ssl_tls_prf_t tls_prf, const unsigned char randbytes[64], int minor_ver, @@ -846,7 +846,7 @@ static int ssl_populate_transform( mbedtls_ssl_transform *transform, * Some data just needs copying into the structure */ #if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) && \ - defined(MBEDTLS_SSL_SOME_MODES_USE_MAC) + defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC) transform->encrypt_then_mac = encrypt_then_mac; #endif transform->minor_ver = minor_ver; @@ -967,7 +967,7 @@ static int ssl_populate_transform( mbedtls_ssl_transform *transform, } else #endif /* MBEDTLS_GCM_C || MBEDTLS_CCM_C || MBEDTLS_CHACHAPOLY_C */ -#if defined(MBEDTLS_SSL_SOME_MODES_USE_MAC) +#if defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC) if( cipher_info->mode == MBEDTLS_MODE_STREAM || cipher_info->mode == MBEDTLS_MODE_CBC ) { @@ -1044,7 +1044,7 @@ static int ssl_populate_transform( mbedtls_ssl_transform *transform, } } else -#endif /* MBEDTLS_SSL_SOME_MODES_USE_MAC */ +#endif /* MBEDTLS_SSL_SOME_SUITES_USE_MAC */ { MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); @@ -1105,7 +1105,7 @@ static int ssl_populate_transform( mbedtls_ssl_transform *transform, goto end; } -#if defined(MBEDTLS_SSL_SOME_MODES_USE_MAC) +#if defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC) #if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1) || \ defined(MBEDTLS_SSL_PROTO_TLS1_2) if( minor_ver >= MBEDTLS_SSL_MINOR_VERSION_1 ) @@ -1125,7 +1125,7 @@ static int ssl_populate_transform( mbedtls_ssl_transform *transform, ret = MBEDTLS_ERR_SSL_INTERNAL_ERROR; goto end; } -#endif /* MBEDTLS_SSL_SOME_MODES_USE_MAC */ +#endif /* MBEDTLS_SSL_SOME_SUITES_USE_MAC */ ((void) mac_dec); ((void) mac_enc); @@ -1518,14 +1518,14 @@ int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl ) ret = ssl_populate_transform( ssl->transform_negotiate, ssl->session_negotiate->ciphersuite, ssl->session_negotiate->master, -#if defined(MBEDTLS_SSL_SOME_MODES_USE_MAC) +#if defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC) #if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) ssl->session_negotiate->encrypt_then_mac, #endif /* MBEDTLS_SSL_ENCRYPT_THEN_MAC */ #if defined(MBEDTLS_SSL_TRUNCATED_HMAC) ssl->session_negotiate->trunc_hmac, #endif /* MBEDTLS_SSL_TRUNCATED_HMAC */ -#endif /* MBEDTLS_SSL_SOME_MODES_USE_MAC */ +#endif /* MBEDTLS_SSL_SOME_SUITES_USE_MAC */ ssl->handshake->tls_prf, ssl->handshake->randbytes, ssl->minor_ver, @@ -3322,7 +3322,7 @@ void mbedtls_ssl_transform_init( mbedtls_ssl_transform *transform ) mbedtls_cipher_init( &transform->cipher_ctx_enc ); mbedtls_cipher_init( &transform->cipher_ctx_dec ); -#if defined(MBEDTLS_SSL_SOME_MODES_USE_MAC) +#if defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC) mbedtls_md_init( &transform->md_ctx_enc ); mbedtls_md_init( &transform->md_ctx_dec ); #endif @@ -6161,14 +6161,14 @@ static int ssl_context_load( mbedtls_ssl_context *ssl, ret = ssl_populate_transform( ssl->transform, ssl->session->ciphersuite, ssl->session->master, -#if defined(MBEDTLS_SSL_SOME_MODES_USE_MAC) +#if defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC) #if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) ssl->session->encrypt_then_mac, #endif #if defined(MBEDTLS_SSL_TRUNCATED_HMAC) ssl->session->trunc_hmac, #endif -#endif /* MBEDTLS_SSL_SOME_MODES_USE_MAC */ +#endif /* MBEDTLS_SSL_SOME_SUITES_USE_MAC */ ssl_tls12prf_from_cs( ssl->session->ciphersuite ), p, /* currently pointing to randbytes */ MBEDTLS_SSL_MINOR_VERSION_3, /* (D)TLS 1.2 is forced */ diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index 2f59afea4f..ef8d3b269d 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -1254,7 +1254,7 @@ static int build_transforms( mbedtls_ssl_transform *t_in, keylen << 3, MBEDTLS_DECRYPT ) == 0 ); /* Setup MAC contexts */ -#if defined(MBEDTLS_SSL_SOME_MODES_USE_MAC) +#if defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC) if( cipher_info->mode == MBEDTLS_MODE_CBC || cipher_info->mode == MBEDTLS_MODE_STREAM ) { @@ -1287,7 +1287,7 @@ static int build_transforms( mbedtls_ssl_transform *t_in, } #else ((void) hash_id); -#endif /* MBEDTLS_SSL_SOME_MODES_USE_MAC */ +#endif /* MBEDTLS_SSL_SOME_SUITES_USE_MAC */ /* Pick IV's (regardless of whether they @@ -1301,7 +1301,7 @@ static int build_transforms( mbedtls_ssl_transform *t_in, */ #if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) && \ - defined(MBEDTLS_SSL_SOME_MODES_USE_MAC) + defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC) t_out->encrypt_then_mac = etm; t_in->encrypt_then_mac = etm; #else From 0cc4661365db14e0bf9e5c2e529b5acd2bf1aef4 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Mon, 30 Nov 2020 08:56:52 +0000 Subject: [PATCH 143/188] Introduce helper macro for presence of stream ciphersuites Signed-off-by: Hanno Becker --- library/ssl_misc.h | 19 ++++++++++++++++++- library/ssl_msg.c | 8 ++++---- 2 files changed, 22 insertions(+), 5 deletions(-) diff --git a/library/ssl_misc.h b/library/ssl_misc.h index 8a006620cc..402da8db9f 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -130,6 +130,15 @@ * counter (8) + header (5) + IV(16) + MAC (16-48) + padding (0-256). */ +#if defined(MBEDTLS_SSL_PROTO_SSL3) || \ + defined(MBEDTLS_SSL_PROTO_TLS1) || \ + defined(MBEDTLS_SSL_PROTO_TLS1_1) || \ + defined(MBEDTLS_SSL_PROTO_TLS1_2) +#define MBEDTLS_SSL_PROTO_TLS1_2_OR_EARLIER +#endif + +#if defined(MBEDTLS_SSL_PROTO_TLS1_2_OR_EARLIER) + /* This macro determines whether CBC is supported. */ #if defined(MBEDTLS_CIPHER_MODE_CBC) && \ ( defined(MBEDTLS_AES_C) || \ @@ -139,6 +148,12 @@ #define MBEDTLS_SSL_SOME_SUITES_USE_CBC #endif +/* This macro determines whether a ciphersuite using a + * stream cipher can be used. */ +#if defined(MBEDTLS_CIPHER_NULL_CIPHER) +#define MBEDTLS_SSL_SOME_SUITES_USE_STREAM +#endif + /* This macro determines whether the CBC construct used in TLS 1.0-1.2 is supported. */ #if defined(MBEDTLS_SSL_SOME_SUITES_USE_CBC) && \ ( defined(MBEDTLS_SSL_PROTO_TLS1) || \ @@ -147,11 +162,13 @@ #define MBEDTLS_SSL_SOME_SUITES_USE_TLS_CBC #endif -#if defined(MBEDTLS_CIPHER_NULL_CIPHER) || \ +#if defined(MBEDTLS_SSL_SOME_SUITES_USE_STREAM) || defined(MBEDTLS_SSL_SOME_SUITES_USE_CBC) #define MBEDTLS_SSL_SOME_SUITES_USE_MAC #endif +#endif /* MBEDTLS_SSL_PROTO_TLS1_2_OR_EARLIER */ + #if defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC) /* Ciphersuites using HMAC */ #if defined(MBEDTLS_SHA512_C) diff --git a/library/ssl_msg.c b/library/ssl_msg.c index 10ddf0d65f..f3cf8f5dd8 100644 --- a/library/ssl_msg.c +++ b/library/ssl_msg.c @@ -683,7 +683,7 @@ int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl, /* * Encrypt */ -#if defined(MBEDTLS_CIPHER_NULL_CIPHER) +#if defined(MBEDTLS_SSL_SOME_MODES_USE_STREAM) if( mode == MBEDTLS_MODE_STREAM ) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; @@ -708,7 +708,7 @@ int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl, } } else -#endif /* MBEDTLS_CIPHER_NULL_CIPHER */ +#endif /* MBEDTLS_SSL_SOME_MODES_USE_STREAM */ #if defined(MBEDTLS_GCM_C) || \ defined(MBEDTLS_CCM_C) || \ @@ -1245,7 +1245,7 @@ int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context const *ssl, } #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ -#if defined(MBEDTLS_CIPHER_NULL_CIPHER) +#if defined(MBEDTLS_SSL_SOME_MODES_USE_STREAM) if( mode == MBEDTLS_MODE_STREAM ) { padlen = 0; @@ -1266,7 +1266,7 @@ int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context const *ssl, } } else -#endif /* MBEDTLS_CIPHER_NULL_CIPHER */ +#endif /* MBEDTLS_SSL_SOME_MODES_USE_STREAM */ #if defined(MBEDTLS_GCM_C) || \ defined(MBEDTLS_CCM_C) || \ defined(MBEDTLS_CHACHAPOLY_C) From 31351cef6fa9b2c62c00140be8f43b511c8b6f0f Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Mon, 22 Mar 2021 11:05:58 +0000 Subject: [PATCH 144/188] Add missing escape character in multi-line preprocessor directive Signed-off-by: Hanno Becker --- library/ssl_misc.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/ssl_misc.h b/library/ssl_misc.h index 402da8db9f..13c331fc2f 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -162,7 +162,7 @@ #define MBEDTLS_SSL_SOME_SUITES_USE_TLS_CBC #endif -#if defined(MBEDTLS_SSL_SOME_SUITES_USE_STREAM) || +#if defined(MBEDTLS_SSL_SOME_SUITES_USE_STREAM) || \ defined(MBEDTLS_SSL_SOME_SUITES_USE_CBC) #define MBEDTLS_SSL_SOME_SUITES_USE_MAC #endif From d086bf0c629b9e0d9436cabbb71d3d48af16c6b6 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Mon, 22 Mar 2021 13:01:27 +0000 Subject: [PATCH 145/188] Fix typo Signed-off-by: Hanno Becker --- library/ssl_msg.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/library/ssl_msg.c b/library/ssl_msg.c index f3cf8f5dd8..faafaba857 100644 --- a/library/ssl_msg.c +++ b/library/ssl_msg.c @@ -683,7 +683,7 @@ int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl, /* * Encrypt */ -#if defined(MBEDTLS_SSL_SOME_MODES_USE_STREAM) +#if defined(MBEDTLS_SSL_SOME_SUITES_USE_STREAM) if( mode == MBEDTLS_MODE_STREAM ) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; @@ -708,7 +708,7 @@ int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl, } } else -#endif /* MBEDTLS_SSL_SOME_MODES_USE_STREAM */ +#endif /* MBEDTLS_SSL_SOME_SUITES_USE_STREAM */ #if defined(MBEDTLS_GCM_C) || \ defined(MBEDTLS_CCM_C) || \ @@ -1245,7 +1245,7 @@ int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context const *ssl, } #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ -#if defined(MBEDTLS_SSL_SOME_MODES_USE_STREAM) +#if defined(MBEDTLS_SSL_SOME_SUITES_USE_STREAM) if( mode == MBEDTLS_MODE_STREAM ) { padlen = 0; @@ -1266,7 +1266,7 @@ int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context const *ssl, } } else -#endif /* MBEDTLS_SSL_SOME_MODES_USE_STREAM */ +#endif /* MBEDTLS_SSL_SOME_SUITES_USE_STREAM */ #if defined(MBEDTLS_GCM_C) || \ defined(MBEDTLS_CCM_C) || \ defined(MBEDTLS_CHACHAPOLY_C) From 8cce50d7262201bc5e0475826d62c57b3131448d Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Sat, 15 May 2021 06:15:52 +0100 Subject: [PATCH 146/188] Remove reference to SSLv3 Signed-off-by: Hanno Becker --- library/ssl_misc.h | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/library/ssl_misc.h b/library/ssl_misc.h index 13c331fc2f..b6124fc2ee 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -130,8 +130,7 @@ * counter (8) + header (5) + IV(16) + MAC (16-48) + padding (0-256). */ -#if defined(MBEDTLS_SSL_PROTO_SSL3) || \ - defined(MBEDTLS_SSL_PROTO_TLS1) || \ +#if defined(MBEDTLS_SSL_PROTO_TLS1) || \ defined(MBEDTLS_SSL_PROTO_TLS1_1) || \ defined(MBEDTLS_SSL_PROTO_TLS1_2) #define MBEDTLS_SSL_PROTO_TLS1_2_OR_EARLIER From 57d7ab72fb9952a86bf88c5730ac8ef0534a2e4f Mon Sep 17 00:00:00 2001 From: TRodziewicz Date: Mon, 17 May 2021 10:43:41 +0200 Subject: [PATCH 147/188] Correction to migration guide entry wording Signed-off-by: TRodziewicz --- .../remove_ssl_record_checking.md | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/docs/3.0-migration-guide.d/remove_ssl_record_checking.md b/docs/3.0-migration-guide.d/remove_ssl_record_checking.md index 91f6f7e88b..203e740240 100644 --- a/docs/3.0-migration-guide.d/remove_ssl_record_checking.md +++ b/docs/3.0-migration-guide.d/remove_ssl_record_checking.md @@ -4,10 +4,10 @@ Remove MBEDTLS_SSL_RECORD_CHECKING option and enable its action by default This change does not affect users who use the default config.h, as the option MBEDTLS_SSL_RECORD_CHECKING was already on by default. -This option was added only to control compilation of one function -(mbedtls_ssl_check_record()) used in DTLS to check a buffer's validity and -authenticity. Switching it off poses a security risk. - -For users who changed the default setting of the option there is no real path -of migration. +This option was added only to control compilation of one function, +mbedtls_ssl_check_record(), which is only useful in some specific cases, so it +was made optional to allow users who don't need it to save some code space. +However, the same effect can be achieve by using link-time garbage collection. +Users who changed the default setting of the option need to change the config/ +build system to remove that change. \ No newline at end of file From 0fdd8d297a2d0374571fb0c8b026c83cfcfe2c81 Mon Sep 17 00:00:00 2001 From: Thomas Daubney Date: Mon, 17 May 2021 09:58:05 +0100 Subject: [PATCH 148/188] Adding correction to documentation As picked up in review, this commit modifies the documentation by removing some wording that is now superfluous given the removal of the mode parameter. Signed-off-by: Thomas Daubney --- include/mbedtls/rsa.h | 13 ------------- 1 file changed, 13 deletions(-) diff --git a/include/mbedtls/rsa.h b/include/mbedtls/rsa.h index a4ef488609..a54ac4dd09 100644 --- a/include/mbedtls/rsa.h +++ b/include/mbedtls/rsa.h @@ -714,11 +714,6 @@ int mbedtls_rsa_rsaes_oaep_encrypt( mbedtls_rsa_context *ctx, * hold the decryption of the particular ciphertext provided, * the function returns \c MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE. * - * - * \note Alternative implementations of RSA need not support - * mode being set to #MBEDTLS_RSA_PUBLIC and might instead - * return #MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED. - * * \param ctx The initialized RSA context to use. * \param f_rng The RNG function. This is used for blinding and should * be provided; see mbedtls_rsa_private() for more. @@ -755,10 +750,6 @@ int mbedtls_rsa_pkcs1_decrypt( mbedtls_rsa_context *ctx, * hold the decryption of the particular ciphertext provided, * the function returns #MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE. * - * \note Alternative implementations of RSA need not support - * mode being set to #MBEDTLS_RSA_PUBLIC and might instead - * return #MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED. - * * \param ctx The initialized RSA context to use. * \param f_rng The RNG function. This is used for blinding and should * be provided; see mbedtls_rsa_private() for more. @@ -797,10 +788,6 @@ int mbedtls_rsa_rsaes_pkcs1_v15_decrypt( mbedtls_rsa_context *ctx, * ciphertext provided, the function returns * #MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE. * - * \note Alternative implementations of RSA need not support - * mode being set to #MBEDTLS_RSA_PUBLIC and might instead - * return #MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED. - * * \param ctx The initialized RSA context to use. * \param f_rng The RNG function. This is used for blinding and should * be provided; see mbedtls_rsa_private() for more. From e13a23b4394454943605ddeaeea892c420178290 Mon Sep 17 00:00:00 2001 From: TRodziewicz Date: Mon, 17 May 2021 11:16:52 +0200 Subject: [PATCH 149/188] New line added at the end of the migration guide entry Signed-off-by: TRodziewicz --- docs/3.0-migration-guide.d/remove_ssl_record_checking.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/3.0-migration-guide.d/remove_ssl_record_checking.md b/docs/3.0-migration-guide.d/remove_ssl_record_checking.md index 203e740240..7550f7b5a5 100644 --- a/docs/3.0-migration-guide.d/remove_ssl_record_checking.md +++ b/docs/3.0-migration-guide.d/remove_ssl_record_checking.md @@ -10,4 +10,4 @@ was made optional to allow users who don't need it to save some code space. However, the same effect can be achieve by using link-time garbage collection. Users who changed the default setting of the option need to change the config/ -build system to remove that change. \ No newline at end of file +build system to remove that change. From 3eac6126505ad5a62a189961bdbb8fa4f3146c3f Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 17 May 2021 22:16:26 +0200 Subject: [PATCH 150/188] Add changelog entry for #4510 Signed-off-by: Gilles Peskine --- ChangeLog.d/psa_sign_message.txt | 2 ++ 1 file changed, 2 insertions(+) create mode 100644 ChangeLog.d/psa_sign_message.txt diff --git a/ChangeLog.d/psa_sign_message.txt b/ChangeLog.d/psa_sign_message.txt new file mode 100644 index 0000000000..2d77ec054e --- /dev/null +++ b/ChangeLog.d/psa_sign_message.txt @@ -0,0 +1,2 @@ +Features + * Implement psa_sign_message() and psa_verify_message(). From c86f20af985b397db5aefdee925cec014af22349 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 22 Apr 2021 00:20:47 +0200 Subject: [PATCH 151/188] Allow running source file generators from a subdirectory Signed-off-by: Gilles Peskine --- scripts/generate_psa_constants.py | 4 +-- scripts/generate_query_config.pl | 6 +++++ scripts/mbedtls_dev/build_tree.py | 38 +++++++++++++++++++++++++++++ tests/scripts/generate_psa_tests.py | 10 ++++++-- 4 files changed, 54 insertions(+), 4 deletions(-) create mode 100644 scripts/mbedtls_dev/build_tree.py diff --git a/scripts/generate_psa_constants.py b/scripts/generate_psa_constants.py index 71afd02c89..960a07986f 100755 --- a/scripts/generate_psa_constants.py +++ b/scripts/generate_psa_constants.py @@ -29,6 +29,7 @@ file is written: import os import sys +from mbedtls_dev import build_tree from mbedtls_dev import macro_collector OUTPUT_TEMPLATE = '''\ @@ -335,8 +336,7 @@ def generate_psa_constants(header_file_names, output_file_name): os.replace(temp_file_name, output_file_name) if __name__ == '__main__': - if not os.path.isdir('programs') and os.path.isdir('../programs'): - os.chdir('..') + build_tree.chdir_to_root() # Allow to change the directory where psa_constant_names_generated.c is written to. OUTPUT_FILE_DIR = sys.argv[1] if len(sys.argv) == 2 else "programs/psa" generate_psa_constants(['include/psa/crypto_values.h', diff --git a/scripts/generate_query_config.pl b/scripts/generate_query_config.pl index 3cef101e3a..8c8c1880e2 100755 --- a/scripts/generate_query_config.pl +++ b/scripts/generate_query_config.pl @@ -38,6 +38,12 @@ my $config_file = "./include/mbedtls/config.h"; my $query_config_format_file = "./scripts/data_files/query_config.fmt"; my $query_config_file = "./programs/test/query_config.c"; +unless( -f $config_file && -f $query_config_format_file ) { + chdir '..' or die; + -f $config_file && -f $query_config_format_file + or die "Without arguments, must be run from root or a subdirectory\n"; +} + # Excluded macros from the generated query_config.c. For example, macros that # have commas or function-like macros cannot be transformed into strings easily # using the preprocessor, so they should be excluded or the preprocessor will diff --git a/scripts/mbedtls_dev/build_tree.py b/scripts/mbedtls_dev/build_tree.py new file mode 100644 index 0000000000..772410473d --- /dev/null +++ b/scripts/mbedtls_dev/build_tree.py @@ -0,0 +1,38 @@ +"""Mbed TLS build tree information and manipulation. +""" + +# Copyright The Mbed TLS Contributors +# SPDX-License-Identifier: Apache-2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +import os + +def looks_like_mbedtls_root(path: str) -> bool: + """Whether the given directory looks like the root of the Mbed TLS source tree.""" + return all(os.path.isdir(os.path.join(path, subdir)) + for subdir in ['include', 'library', 'programs', 'tests']) + +def chdir_to_root() -> None: + """Detect the root of the Mbed TLS source tree and change to it. + + The current directory must be up to two levels deep inside an Mbed TLS + source tree. + """ + for d in [os.path.curdir, + os.path.pardir, + os.path.join(os.path.pardir, os.path.pardir)]: + if looks_like_mbedtls_root(d): + os.chdir(d) + return + raise Exception('Mbed TLS source tree not found') diff --git a/tests/scripts/generate_psa_tests.py b/tests/scripts/generate_psa_tests.py index 669c75da91..ab8ebffe44 100755 --- a/tests/scripts/generate_psa_tests.py +++ b/tests/scripts/generate_psa_tests.py @@ -27,6 +27,7 @@ import sys from typing import Callable, Dict, FrozenSet, Iterable, Iterator, List, Optional, TypeVar import scripts_path # pylint: disable=unused-import +from mbedtls_dev import build_tree from mbedtls_dev import crypto_knowledge from mbedtls_dev import macro_collector from mbedtls_dev import psa_storage @@ -79,9 +80,13 @@ def read_implemented_dependencies(filename: str) -> FrozenSet[str]: return frozenset(symbol for line in open(filename) for symbol in re.findall(r'\bPSA_WANT_\w+\b', line)) -IMPLEMENTED_DEPENDENCIES = read_implemented_dependencies('include/psa/crypto_config.h') +_implemented_dependencies = None #type: Optional[FrozenSet[str]] #pylint: disable=invalid-name def hack_dependencies_not_implemented(dependencies: List[str]) -> None: - if not all(dep.lstrip('!') in IMPLEMENTED_DEPENDENCIES + global _implemented_dependencies #pylint: disable=global-statement,invalid-name + if _implemented_dependencies is None: + _implemented_dependencies = \ + read_implemented_dependencies('include/psa/crypto_config.h') + if not all(dep.lstrip('!') in _implemented_dependencies for dep in dependencies): dependencies.append('DEPENDENCY_NOT_IMPLEMENTED_YET') @@ -426,6 +431,7 @@ def main(args): parser.add_argument('targets', nargs='*', metavar='TARGET', help='Target file to generate (default: all; "-": none)') options = parser.parse_args(args) + build_tree.chdir_to_root() generator = TestGenerator(options) if options.list: for name in sorted(generator.TARGETS): From b61a614cdb85255ce0629246ca1d934af48a5d86 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 22 Apr 2021 00:21:58 +0200 Subject: [PATCH 152/188] Use Python 3 instead of Python 2 to generate test files Python 2 is no longer officially supported, but we were still using it to generate test suite .c files from .function files when using GNU make. Switch to looking for Python 3. This change was done for CMake a long time ago. Signed-off-by: Gilles Peskine --- tests/Makefile | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/tests/Makefile b/tests/Makefile index 53f64b93df..7afd0f59f6 100644 --- a/tests/Makefile +++ b/tests/Makefile @@ -53,8 +53,7 @@ else DLEXT ?= so EXEXT= SHARED_SUFFIX= -# python2 for POSIX since FreeBSD has only python2 as default. -PYTHON ?= python2 +PYTHON ?= $(shell if type python3 >/dev/null 2>/dev/null; then echo python3; else echo python; fi) endif # A test application is built for each suites/test_suite_*.data file. From 687d1ab7146f1abbc0b8bf218d876cee68278cd0 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 22 Apr 2021 01:01:56 +0200 Subject: [PATCH 153/188] Makefile targets for automatically generated files Run `make generated_files` to generate the automatically generated C source files and build scripts. Run `make neat` to remove all automatically generated files, even C source files and build scripts. Signed-off-by: Gilles Peskine --- Makefile | 42 +++++++++++++++++++++++++++++++++++++++++- library/Makefile | 27 +++++++++++++++++++++++++++ programs/Makefile | 28 ++++++++++++++++++++++++++++ tests/Makefile | 29 ++++++++++++++++++++++++++++- 4 files changed, 124 insertions(+), 2 deletions(-) diff --git a/Makefile b/Makefile index 6a8b230077..a0c4386764 100644 --- a/Makefile +++ b/Makefile @@ -1,5 +1,6 @@ DESTDIR=/usr/local PREFIX=mbedtls_ +PERL ?= perl .SILENT: @@ -22,6 +23,32 @@ tests: lib mbedtls_test mbedtls_test: $(MAKE) -C tests mbedtls_test +library/%: + $(MAKE) -C library $* +programs/%: + $(MAKE) -C programs $* +tests/%: + $(MAKE) -C tests $* + +.PHONY: generated_files +generated_files: library/generated_files +generated_files: programs/generated_files +generated_files: tests/generated_files +generated_files: visualc_files + +.PHONY: visualc_files +VISUALC_FILES = visualc/VS2010/mbedTLS.sln visualc/VS2010/mbedTLS.vcxproj +# TODO: $(app).vcxproj for each $(app) in programs/ +visualc_files: $(VISUALC_FILES) +$(VISUALC_FILES): scripts/generate_visualc_files.pl +$(VISUALC_FILES): scripts/data_files/vs2010-app-template.vcxproj +$(VISUALC_FILES): scripts/data_files/vs2010-main-template.vcxproj +$(VISUALC_FILES): scripts/data_files/vs2010-sln-template.sln +# TODO: also the list of .c and .h source files, but not their content +$(VISUALC_FILES): + echo " Gen $@ ..." + $(PERL) scripts/generate_visualc_files.pl + ifndef WINDOWS install: no_test mkdir -p $(DESTDIR)/include/mbedtls @@ -86,14 +113,27 @@ ifndef WINDOWS echo '$(NULL_ENTROPY_WARNING)' endif -clean: +clean: clean_more_on_top $(MAKE) -C library clean $(MAKE) -C programs clean $(MAKE) -C tests clean + +clean_more_on_top: ifndef WINDOWS find . \( -name \*.gcno -o -name \*.gcda -o -name \*.info \) -exec rm {} + endif +neat: clean_more_on_top + $(MAKE) -C library neat + $(MAKE) -C programs neat + $(MAKE) -C tests neat +ifndef WINDOWS + rm -f visualc/VS2010/*.vcxproj visualc/VS2010/mbedTLS.sln +else + if exist visualc\VS2010\*.vcxproj del /Q /F visualc\VS2010\*.vcxproj + if exist visualc\VS2010\mbedTLS.sln del /Q /F visualc\VS2010\mbedTLS.sln +endif + check: lib tests $(MAKE) -C tests check diff --git a/library/Makefile b/library/Makefile index d7fa4d9275..aff814d00d 100644 --- a/library/Makefile +++ b/library/Makefile @@ -22,6 +22,8 @@ endif # To compile on Plan9: # CFLAGS += -D_BSD_EXTENSION +PERL ?= perl + # if were running on Windows build for Windows ifdef WINDOWS WINDOWS_BUILD=1 @@ -271,6 +273,24 @@ libmbedcrypto.dll: $(OBJS_CRYPTO) echo " CC $<" $(CC) $(LOCAL_CFLAGS) $(CFLAGS) -o $@ -c $< +.PHONY: generated_files +GENERATED_FILES = error.c version_features.c +generated_files: $(GENERATED_FILES) + +error.c: ../scripts/generate_errors.pl +error.c: ../scripts/data_files/error.fmt +error.c: $(wildcard ../include/mbedtls/*.h) +error.c: + echo " Gen $@" + $(PERL) ../scripts/generate_errors.pl + +version_features.c: ../scripts/generate_features.pl +version_features.c: ../scripts/data_files/version_features.fmt +version_features.c: ../include/mbedtls/config.h +version_features.c: + echo " Gen $@" + $(PERL) ../scripts/generate_features.pl + clean: ifndef WINDOWS rm -f *.o libmbed* @@ -280,3 +300,10 @@ else if exist libmbed* del /Q /F libmbed* del /Q /F del_errors_out_if_the_file_list_is_empty_but_not_if_a_file_does_not_exist $(subst /,\,$(THIRDPARTY_CRYPTO_OBJECTS)) endif + +neat: clean +ifndef WINDOWS + rm -f $(GENERATED_FILES) +else + for %f in ($(subst /,\,$(GENERATED_FILES))) if exist %f del /Q /F %f +endif diff --git a/programs/Makefile b/programs/Makefile index 0f1356e76a..b2ba08e135 100644 --- a/programs/Makefile +++ b/programs/Makefile @@ -43,10 +43,12 @@ LOCAL_LDFLAGS += -lws2_32 ifdef SHARED SHARED_SUFFIX=.$(DLEXT) endif +PYTHON ?= python else DLEXT ?= so EXEXT= SHARED_SUFFIX= +PYTHON ?= $(shell if type python3 >/dev/null 2>/dev/null; then echo python3; else echo python; fi) endif APPS = \ @@ -131,6 +133,25 @@ $(MBEDLIBS): ${MBEDTLS_TEST_OBJS}: $(MAKE) -C ../tests mbedtls_test +.PHONY: generated_files +GENERATED_FILES = psa/psa_constant_names_generated.c test/query_config.c +generated_files: $(GENERATED_FILES) + +psa/psa_constant_names_generated.c: ../scripts/generate_psa_constants.py +psa/psa_constant_names_generated.c: ../include/psa/crypto_values.h +psa/psa_constant_names_generated.c: ../include/psa/crypto_extra.h +psa/psa_constant_names_generated.c: ../tests/suites/test_suite_psa_crypto_metadata.data +psa/psa_constant_names_generated.c: + echo " Gen $@" + $(PYTHON) ../scripts/generate_psa_constants.py + +test/query_config.c: ../scripts/generate_query_config.pl +test/query_config.c: ../include/mbedtls/config.h +test/query_config.c: ../scripts/data_files/query_config.fmt +test/query_config.c: + echo " Gen $@" + $(PERL) ../scripts/generate_query_config.pl + aes/crypt_and_hash$(EXEXT): aes/crypt_and_hash.c $(DEP) echo " CC aes/crypt_and_hash.c" $(CC) $(LOCAL_CFLAGS) $(CFLAGS) aes/crypt_and_hash.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ @@ -365,5 +386,12 @@ else endif $(MAKE) -C fuzz clean +neat: clean +ifndef WINDOWS + rm -f $(GENERATED_FILES) +else + for %f in ($(subst /,\,$(GENERATED_FILES))) if exist %f del /Q /F %f +endif + list: echo $(APPS) diff --git a/tests/Makefile b/tests/Makefile index 7afd0f59f6..ef571698c3 100644 --- a/tests/Makefile +++ b/tests/Makefile @@ -5,6 +5,8 @@ CFLAGS ?= -O2 WARNING_CFLAGS ?= -Wall -Wextra -Wformat=2 -Wno-format-nonliteral LDFLAGS ?= +default: all + # Include public header files from ../include, test-specific header files # from ./include, and private header files (used by some invasive tests) # from ../library. @@ -56,10 +58,28 @@ SHARED_SUFFIX= PYTHON ?= $(shell if type python3 >/dev/null 2>/dev/null; then echo python3; else echo python; fi) endif +.PHONY: generated_files +GENERATED_DATA_FILES := $(patsubst tests/%,%,$(shell $(PYTHON) scripts/generate_psa_tests.py --list)) +GENERATED_FILES := $(GENERATED_DATA_FILES) +generated_files: $(GENERATED_FILES) + +$(GENERATED_DATA_FILES): scripts/generate_psa_tests.py +$(GENERATED_DATA_FILES): ../include/psa/crypto_config.h +$(GENERATED_DATA_FILES): ../include/psa/crypto_values.h +$(GENERATED_DATA_FILES): ../include/psa/crypto_extra.h +$(GENERATED_DATA_FILES): suites/test_suite_psa_crypto_metadata.data +$(GENERATED_DATA_FILES): + echo " Gen $@ ..." + $(PYTHON) scripts/generate_psa_tests.py + # A test application is built for each suites/test_suite_*.data file. # Application name is same as .data file's base name and can be # constructed by stripping path 'suites/' and extension .data. -APPS = $(basename $(subst suites/,,$(wildcard suites/test_suite_*.data))) +DATA_FILES := $(wildcard suites/test_suite_*.data) +# Make sure that generated data files are included even if they don't +# exist yet when the makefile is parsed. +DATA_FILES += $(filter-out $(DATA_FILES),$(GENERATED_DATA_FILES)) +APPS = $(basename $(subst suites/,,$(DATA_FILES))) # Construct executable name by adding OS specific suffix $(EXEXT). BINARIES := $(addsuffix $(EXEXT),$(APPS)) @@ -144,6 +164,13 @@ ifneq ($(wildcard TESTS/.*),) endif endif +neat: clean +ifndef WINDOWS + rm -f $(GENERATED_FILES) +else + for %f in ($(subst /,\,$(GENERATED_FILES))) if exist %f del /Q /F %f +endif + # Test suites caught by SKIP_TEST_SUITES are built but not executed. check: $(BINARIES) perl scripts/run-test-suites.pl --skip=$(SKIP_TEST_SUITES) From 9c58274484de6ea34e4c0b17044e86a547734b25 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 22 Apr 2021 01:03:15 +0200 Subject: [PATCH 154/188] Remove automatically generated source files Signed-off-by: Gilles Peskine --- library/error.c | 855 ------ library/version_features.c | 842 ----- programs/psa/psa_constant_names_generated.c | 449 --- programs/test/query_config.c | 2724 ----------------- ...te_psa_crypto_not_supported.generated.data | 1078 ------- ...ite_psa_crypto_storage_format.current.data | 775 ----- ...st_suite_psa_crypto_storage_format.v0.data | 775 ----- visualc/VS2010/benchmark.vcxproj | 167 - visualc/VS2010/cert_app.vcxproj | 167 - visualc/VS2010/cert_req.vcxproj | 167 - visualc/VS2010/cert_write.vcxproj | 167 - visualc/VS2010/crl_app.vcxproj | 167 - visualc/VS2010/crypt_and_hash.vcxproj | 167 - visualc/VS2010/crypto_examples.vcxproj | 167 - visualc/VS2010/dh_client.vcxproj | 167 - visualc/VS2010/dh_genprime.vcxproj | 167 - visualc/VS2010/dh_server.vcxproj | 167 - visualc/VS2010/dtls_client.vcxproj | 167 - visualc/VS2010/dtls_server.vcxproj | 167 - visualc/VS2010/ecdh_curve25519.vcxproj | 167 - visualc/VS2010/ecdsa.vcxproj | 167 - visualc/VS2010/gen_entropy.vcxproj | 167 - visualc/VS2010/gen_key.vcxproj | 167 - visualc/VS2010/gen_random_ctr_drbg.vcxproj | 167 - visualc/VS2010/generic_sum.vcxproj | 167 - visualc/VS2010/hello.vcxproj | 167 - visualc/VS2010/key_app.vcxproj | 167 - visualc/VS2010/key_app_writer.vcxproj | 167 - visualc/VS2010/key_ladder_demo.vcxproj | 167 - visualc/VS2010/mbedTLS.sln | 676 ---- visualc/VS2010/mbedTLS.vcxproj | 400 --- visualc/VS2010/mini_client.vcxproj | 167 - visualc/VS2010/mpi_demo.vcxproj | 167 - visualc/VS2010/pem2der.vcxproj | 167 - visualc/VS2010/pk_decrypt.vcxproj | 167 - visualc/VS2010/pk_encrypt.vcxproj | 167 - visualc/VS2010/pk_sign.vcxproj | 167 - visualc/VS2010/pk_verify.vcxproj | 167 - visualc/VS2010/psa_constant_names.vcxproj | 167 - .../VS2010/query_compile_time_config.vcxproj | 168 - visualc/VS2010/req_app.vcxproj | 167 - visualc/VS2010/rsa_decrypt.vcxproj | 167 - visualc/VS2010/rsa_encrypt.vcxproj | 167 - visualc/VS2010/rsa_genkey.vcxproj | 167 - visualc/VS2010/rsa_sign.vcxproj | 167 - visualc/VS2010/rsa_sign_pss.vcxproj | 167 - visualc/VS2010/rsa_verify.vcxproj | 167 - visualc/VS2010/rsa_verify_pss.vcxproj | 167 - visualc/VS2010/selftest.vcxproj | 167 - visualc/VS2010/ssl_client1.vcxproj | 167 - visualc/VS2010/ssl_client2.vcxproj | 169 - visualc/VS2010/ssl_context_info.vcxproj | 167 - visualc/VS2010/ssl_fork_server.vcxproj | 167 - visualc/VS2010/ssl_mail_client.vcxproj | 167 - visualc/VS2010/ssl_server.vcxproj | 167 - visualc/VS2010/ssl_server2.vcxproj | 169 - visualc/VS2010/strerror.vcxproj | 167 - visualc/VS2010/udp_proxy.vcxproj | 167 - visualc/VS2010/zeroize.vcxproj | 167 - 59 files changed, 16929 deletions(-) delete mode 100644 library/error.c delete mode 100644 library/version_features.c delete mode 100644 programs/psa/psa_constant_names_generated.c delete mode 100644 programs/test/query_config.c delete mode 100644 tests/suites/test_suite_psa_crypto_not_supported.generated.data delete mode 100644 tests/suites/test_suite_psa_crypto_storage_format.current.data delete mode 100644 tests/suites/test_suite_psa_crypto_storage_format.v0.data delete mode 100644 visualc/VS2010/benchmark.vcxproj delete mode 100644 visualc/VS2010/cert_app.vcxproj delete mode 100644 visualc/VS2010/cert_req.vcxproj delete mode 100644 visualc/VS2010/cert_write.vcxproj delete mode 100644 visualc/VS2010/crl_app.vcxproj delete mode 100644 visualc/VS2010/crypt_and_hash.vcxproj delete mode 100644 visualc/VS2010/crypto_examples.vcxproj delete mode 100644 visualc/VS2010/dh_client.vcxproj delete mode 100644 visualc/VS2010/dh_genprime.vcxproj delete mode 100644 visualc/VS2010/dh_server.vcxproj delete mode 100644 visualc/VS2010/dtls_client.vcxproj delete mode 100644 visualc/VS2010/dtls_server.vcxproj delete mode 100644 visualc/VS2010/ecdh_curve25519.vcxproj delete mode 100644 visualc/VS2010/ecdsa.vcxproj delete mode 100644 visualc/VS2010/gen_entropy.vcxproj delete mode 100644 visualc/VS2010/gen_key.vcxproj delete mode 100644 visualc/VS2010/gen_random_ctr_drbg.vcxproj delete mode 100644 visualc/VS2010/generic_sum.vcxproj delete mode 100644 visualc/VS2010/hello.vcxproj delete mode 100644 visualc/VS2010/key_app.vcxproj delete mode 100644 visualc/VS2010/key_app_writer.vcxproj delete mode 100644 visualc/VS2010/key_ladder_demo.vcxproj delete mode 100644 visualc/VS2010/mbedTLS.sln delete mode 100644 visualc/VS2010/mbedTLS.vcxproj delete mode 100644 visualc/VS2010/mini_client.vcxproj delete mode 100644 visualc/VS2010/mpi_demo.vcxproj delete mode 100644 visualc/VS2010/pem2der.vcxproj delete mode 100644 visualc/VS2010/pk_decrypt.vcxproj delete mode 100644 visualc/VS2010/pk_encrypt.vcxproj delete mode 100644 visualc/VS2010/pk_sign.vcxproj delete mode 100644 visualc/VS2010/pk_verify.vcxproj delete mode 100644 visualc/VS2010/psa_constant_names.vcxproj delete mode 100644 visualc/VS2010/query_compile_time_config.vcxproj delete mode 100644 visualc/VS2010/req_app.vcxproj delete mode 100644 visualc/VS2010/rsa_decrypt.vcxproj delete mode 100644 visualc/VS2010/rsa_encrypt.vcxproj delete mode 100644 visualc/VS2010/rsa_genkey.vcxproj delete mode 100644 visualc/VS2010/rsa_sign.vcxproj delete mode 100644 visualc/VS2010/rsa_sign_pss.vcxproj delete mode 100644 visualc/VS2010/rsa_verify.vcxproj delete mode 100644 visualc/VS2010/rsa_verify_pss.vcxproj delete mode 100644 visualc/VS2010/selftest.vcxproj delete mode 100644 visualc/VS2010/ssl_client1.vcxproj delete mode 100644 visualc/VS2010/ssl_client2.vcxproj delete mode 100644 visualc/VS2010/ssl_context_info.vcxproj delete mode 100644 visualc/VS2010/ssl_fork_server.vcxproj delete mode 100644 visualc/VS2010/ssl_mail_client.vcxproj delete mode 100644 visualc/VS2010/ssl_server.vcxproj delete mode 100644 visualc/VS2010/ssl_server2.vcxproj delete mode 100644 visualc/VS2010/strerror.vcxproj delete mode 100644 visualc/VS2010/udp_proxy.vcxproj delete mode 100644 visualc/VS2010/zeroize.vcxproj diff --git a/library/error.c b/library/error.c deleted file mode 100644 index 3a84366327..0000000000 --- a/library/error.c +++ /dev/null @@ -1,855 +0,0 @@ -/* - * Error message information - * - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#include "common.h" - -#include "mbedtls/error.h" - -#if defined(MBEDTLS_ERROR_C) || defined(MBEDTLS_ERROR_STRERROR_DUMMY) - -#if defined(MBEDTLS_ERROR_C) - -#if defined(MBEDTLS_PLATFORM_C) -#include "mbedtls/platform.h" -#else -#define mbedtls_snprintf snprintf -#endif - -#include -#include - -#if defined(MBEDTLS_AES_C) -#include "mbedtls/aes.h" -#endif - -#if defined(MBEDTLS_ARIA_C) -#include "mbedtls/aria.h" -#endif - -#if defined(MBEDTLS_ASN1_PARSE_C) -#include "mbedtls/asn1.h" -#endif - -#if defined(MBEDTLS_BASE64_C) -#include "mbedtls/base64.h" -#endif - -#if defined(MBEDTLS_BIGNUM_C) -#include "mbedtls/bignum.h" -#endif - -#if defined(MBEDTLS_BLOWFISH_C) -#include "mbedtls/blowfish.h" -#endif - -#if defined(MBEDTLS_CAMELLIA_C) -#include "mbedtls/camellia.h" -#endif - -#if defined(MBEDTLS_CCM_C) -#include "mbedtls/ccm.h" -#endif - -#if defined(MBEDTLS_CHACHA20_C) -#include "mbedtls/chacha20.h" -#endif - -#if defined(MBEDTLS_CHACHAPOLY_C) -#include "mbedtls/chachapoly.h" -#endif - -#if defined(MBEDTLS_CIPHER_C) -#include "mbedtls/cipher.h" -#endif - -#if defined(MBEDTLS_CTR_DRBG_C) -#include "mbedtls/ctr_drbg.h" -#endif - -#if defined(MBEDTLS_DES_C) -#include "mbedtls/des.h" -#endif - -#if defined(MBEDTLS_DHM_C) -#include "mbedtls/dhm.h" -#endif - -#if defined(MBEDTLS_ECP_C) -#include "mbedtls/ecp.h" -#endif - -#if defined(MBEDTLS_ENTROPY_C) -#include "mbedtls/entropy.h" -#endif - -#if defined(MBEDTLS_ERROR_C) -#include "mbedtls/error.h" -#endif - -#if defined(MBEDTLS_PLATFORM_C) -#include "mbedtls/platform.h" -#endif - -#if defined(MBEDTLS_GCM_C) -#include "mbedtls/gcm.h" -#endif - -#if defined(MBEDTLS_HKDF_C) -#include "mbedtls/hkdf.h" -#endif - -#if defined(MBEDTLS_HMAC_DRBG_C) -#include "mbedtls/hmac_drbg.h" -#endif - -#if defined(MBEDTLS_MD_C) -#include "mbedtls/md.h" -#endif - -#if defined(MBEDTLS_NET_C) -#include "mbedtls/net_sockets.h" -#endif - -#if defined(MBEDTLS_OID_C) -#include "mbedtls/oid.h" -#endif - -#if defined(MBEDTLS_PEM_PARSE_C) || defined(MBEDTLS_PEM_WRITE_C) -#include "mbedtls/pem.h" -#endif - -#if defined(MBEDTLS_PK_C) -#include "mbedtls/pk.h" -#endif - -#if defined(MBEDTLS_PKCS12_C) -#include "mbedtls/pkcs12.h" -#endif - -#if defined(MBEDTLS_PKCS5_C) -#include "mbedtls/pkcs5.h" -#endif - -#if defined(MBEDTLS_POLY1305_C) -#include "mbedtls/poly1305.h" -#endif - -#if defined(MBEDTLS_RSA_C) -#include "mbedtls/rsa.h" -#endif - -#if defined(MBEDTLS_SHA1_C) -#include "mbedtls/sha1.h" -#endif - -#if defined(MBEDTLS_SHA256_C) -#include "mbedtls/sha256.h" -#endif - -#if defined(MBEDTLS_SHA512_C) -#include "mbedtls/sha512.h" -#endif - -#if defined(MBEDTLS_SSL_TLS_C) -#include "mbedtls/ssl.h" -#endif - -#if defined(MBEDTLS_THREADING_C) -#include "mbedtls/threading.h" -#endif - -#if defined(MBEDTLS_X509_USE_C) || defined(MBEDTLS_X509_CREATE_C) -#include "mbedtls/x509.h" -#endif - -#if defined(MBEDTLS_XTEA_C) -#include "mbedtls/xtea.h" -#endif - - -const char * mbedtls_high_level_strerr( int error_code ) -{ - int high_level_error_code; - - if( error_code < 0 ) - error_code = -error_code; - - /* Extract the high-level part from the error code. */ - high_level_error_code = error_code & 0xFF80; - - switch( high_level_error_code ) - { - /* Begin Auto-Generated Code. */ -#if defined(MBEDTLS_CIPHER_C) - case -(MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE): - return( "CIPHER - The selected feature is not available" ); - case -(MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA): - return( "CIPHER - Bad input parameters" ); - case -(MBEDTLS_ERR_CIPHER_ALLOC_FAILED): - return( "CIPHER - Failed to allocate memory" ); - case -(MBEDTLS_ERR_CIPHER_INVALID_PADDING): - return( "CIPHER - Input data contains invalid padding and is rejected" ); - case -(MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED): - return( "CIPHER - Decryption of block requires a full block" ); - case -(MBEDTLS_ERR_CIPHER_AUTH_FAILED): - return( "CIPHER - Authentication failed (for AEAD modes)" ); - case -(MBEDTLS_ERR_CIPHER_INVALID_CONTEXT): - return( "CIPHER - The context is invalid. For example, because it was freed" ); -#endif /* MBEDTLS_CIPHER_C */ - -#if defined(MBEDTLS_DHM_C) - case -(MBEDTLS_ERR_DHM_BAD_INPUT_DATA): - return( "DHM - Bad input parameters" ); - case -(MBEDTLS_ERR_DHM_READ_PARAMS_FAILED): - return( "DHM - Reading of the DHM parameters failed" ); - case -(MBEDTLS_ERR_DHM_MAKE_PARAMS_FAILED): - return( "DHM - Making of the DHM parameters failed" ); - case -(MBEDTLS_ERR_DHM_READ_PUBLIC_FAILED): - return( "DHM - Reading of the public values failed" ); - case -(MBEDTLS_ERR_DHM_MAKE_PUBLIC_FAILED): - return( "DHM - Making of the public value failed" ); - case -(MBEDTLS_ERR_DHM_CALC_SECRET_FAILED): - return( "DHM - Calculation of the DHM secret failed" ); - case -(MBEDTLS_ERR_DHM_INVALID_FORMAT): - return( "DHM - The ASN.1 data is not formatted correctly" ); - case -(MBEDTLS_ERR_DHM_ALLOC_FAILED): - return( "DHM - Allocation of memory failed" ); - case -(MBEDTLS_ERR_DHM_FILE_IO_ERROR): - return( "DHM - Read or write of file failed" ); - case -(MBEDTLS_ERR_DHM_SET_GROUP_FAILED): - return( "DHM - Setting the modulus and generator failed" ); -#endif /* MBEDTLS_DHM_C */ - -#if defined(MBEDTLS_ECP_C) - case -(MBEDTLS_ERR_ECP_BAD_INPUT_DATA): - return( "ECP - Bad input parameters to function" ); - case -(MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL): - return( "ECP - The buffer is too small to write to" ); - case -(MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE): - return( "ECP - The requested feature is not available, for example, the requested curve is not supported" ); - case -(MBEDTLS_ERR_ECP_VERIFY_FAILED): - return( "ECP - The signature is not valid" ); - case -(MBEDTLS_ERR_ECP_ALLOC_FAILED): - return( "ECP - Memory allocation failed" ); - case -(MBEDTLS_ERR_ECP_RANDOM_FAILED): - return( "ECP - Generation of random value, such as ephemeral key, failed" ); - case -(MBEDTLS_ERR_ECP_INVALID_KEY): - return( "ECP - Invalid private or public key" ); - case -(MBEDTLS_ERR_ECP_SIG_LEN_MISMATCH): - return( "ECP - The buffer contains a valid signature followed by more data" ); - case -(MBEDTLS_ERR_ECP_IN_PROGRESS): - return( "ECP - Operation in progress, call again with the same parameters to continue" ); -#endif /* MBEDTLS_ECP_C */ - -#if defined(MBEDTLS_MD_C) - case -(MBEDTLS_ERR_MD_FEATURE_UNAVAILABLE): - return( "MD - The selected feature is not available" ); - case -(MBEDTLS_ERR_MD_BAD_INPUT_DATA): - return( "MD - Bad input parameters to function" ); - case -(MBEDTLS_ERR_MD_ALLOC_FAILED): - return( "MD - Failed to allocate memory" ); - case -(MBEDTLS_ERR_MD_FILE_IO_ERROR): - return( "MD - Opening or reading of file failed" ); -#endif /* MBEDTLS_MD_C */ - -#if defined(MBEDTLS_PEM_PARSE_C) || defined(MBEDTLS_PEM_WRITE_C) - case -(MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT): - return( "PEM - No PEM header or footer found" ); - case -(MBEDTLS_ERR_PEM_INVALID_DATA): - return( "PEM - PEM string is not as expected" ); - case -(MBEDTLS_ERR_PEM_ALLOC_FAILED): - return( "PEM - Failed to allocate memory" ); - case -(MBEDTLS_ERR_PEM_INVALID_ENC_IV): - return( "PEM - RSA IV is not in hex-format" ); - case -(MBEDTLS_ERR_PEM_UNKNOWN_ENC_ALG): - return( "PEM - Unsupported key encryption algorithm" ); - case -(MBEDTLS_ERR_PEM_PASSWORD_REQUIRED): - return( "PEM - Private key password can't be empty" ); - case -(MBEDTLS_ERR_PEM_PASSWORD_MISMATCH): - return( "PEM - Given private key password does not allow for correct decryption" ); - case -(MBEDTLS_ERR_PEM_FEATURE_UNAVAILABLE): - return( "PEM - Unavailable feature, e.g. hashing/encryption combination" ); - case -(MBEDTLS_ERR_PEM_BAD_INPUT_DATA): - return( "PEM - Bad input parameters to function" ); -#endif /* MBEDTLS_PEM_PARSE_C || MBEDTLS_PEM_WRITE_C */ - -#if defined(MBEDTLS_PK_C) - case -(MBEDTLS_ERR_PK_ALLOC_FAILED): - return( "PK - Memory allocation failed" ); - case -(MBEDTLS_ERR_PK_TYPE_MISMATCH): - return( "PK - Type mismatch, eg attempt to encrypt with an ECDSA key" ); - case -(MBEDTLS_ERR_PK_BAD_INPUT_DATA): - return( "PK - Bad input parameters to function" ); - case -(MBEDTLS_ERR_PK_FILE_IO_ERROR): - return( "PK - Read/write of file failed" ); - case -(MBEDTLS_ERR_PK_KEY_INVALID_VERSION): - return( "PK - Unsupported key version" ); - case -(MBEDTLS_ERR_PK_KEY_INVALID_FORMAT): - return( "PK - Invalid key tag or value" ); - case -(MBEDTLS_ERR_PK_UNKNOWN_PK_ALG): - return( "PK - Key algorithm is unsupported (only RSA and EC are supported)" ); - case -(MBEDTLS_ERR_PK_PASSWORD_REQUIRED): - return( "PK - Private key password can't be empty" ); - case -(MBEDTLS_ERR_PK_PASSWORD_MISMATCH): - return( "PK - Given private key password does not allow for correct decryption" ); - case -(MBEDTLS_ERR_PK_INVALID_PUBKEY): - return( "PK - The pubkey tag or value is invalid (only RSA and EC are supported)" ); - case -(MBEDTLS_ERR_PK_INVALID_ALG): - return( "PK - The algorithm tag or value is invalid" ); - case -(MBEDTLS_ERR_PK_UNKNOWN_NAMED_CURVE): - return( "PK - Elliptic curve is unsupported (only NIST curves are supported)" ); - case -(MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE): - return( "PK - Unavailable feature, e.g. RSA disabled for RSA key" ); - case -(MBEDTLS_ERR_PK_SIG_LEN_MISMATCH): - return( "PK - The buffer contains a valid signature followed by more data" ); -#endif /* MBEDTLS_PK_C */ - -#if defined(MBEDTLS_PKCS12_C) - case -(MBEDTLS_ERR_PKCS12_BAD_INPUT_DATA): - return( "PKCS12 - Bad input parameters to function" ); - case -(MBEDTLS_ERR_PKCS12_FEATURE_UNAVAILABLE): - return( "PKCS12 - Feature not available, e.g. unsupported encryption scheme" ); - case -(MBEDTLS_ERR_PKCS12_PBE_INVALID_FORMAT): - return( "PKCS12 - PBE ASN.1 data not as expected" ); - case -(MBEDTLS_ERR_PKCS12_PASSWORD_MISMATCH): - return( "PKCS12 - Given private key password does not allow for correct decryption" ); -#endif /* MBEDTLS_PKCS12_C */ - -#if defined(MBEDTLS_PKCS5_C) - case -(MBEDTLS_ERR_PKCS5_BAD_INPUT_DATA): - return( "PKCS5 - Bad input parameters to function" ); - case -(MBEDTLS_ERR_PKCS5_INVALID_FORMAT): - return( "PKCS5 - Unexpected ASN.1 data" ); - case -(MBEDTLS_ERR_PKCS5_FEATURE_UNAVAILABLE): - return( "PKCS5 - Requested encryption or digest alg not available" ); - case -(MBEDTLS_ERR_PKCS5_PASSWORD_MISMATCH): - return( "PKCS5 - Given private key password does not allow for correct decryption" ); -#endif /* MBEDTLS_PKCS5_C */ - -#if defined(MBEDTLS_RSA_C) - case -(MBEDTLS_ERR_RSA_BAD_INPUT_DATA): - return( "RSA - Bad input parameters to function" ); - case -(MBEDTLS_ERR_RSA_INVALID_PADDING): - return( "RSA - Input data contains invalid padding and is rejected" ); - case -(MBEDTLS_ERR_RSA_KEY_GEN_FAILED): - return( "RSA - Something failed during generation of a key" ); - case -(MBEDTLS_ERR_RSA_KEY_CHECK_FAILED): - return( "RSA - Key failed to pass the validity check of the library" ); - case -(MBEDTLS_ERR_RSA_PUBLIC_FAILED): - return( "RSA - The public key operation failed" ); - case -(MBEDTLS_ERR_RSA_PRIVATE_FAILED): - return( "RSA - The private key operation failed" ); - case -(MBEDTLS_ERR_RSA_VERIFY_FAILED): - return( "RSA - The PKCS#1 verification failed" ); - case -(MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE): - return( "RSA - The output buffer for decryption is not large enough" ); - case -(MBEDTLS_ERR_RSA_RNG_FAILED): - return( "RSA - The random generator failed to generate non-zeros" ); -#endif /* MBEDTLS_RSA_C */ - -#if defined(MBEDTLS_SSL_TLS_C) - case -(MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE): - return( "SSL - The requested feature is not available" ); - case -(MBEDTLS_ERR_SSL_BAD_INPUT_DATA): - return( "SSL - Bad input parameters to function" ); - case -(MBEDTLS_ERR_SSL_INVALID_MAC): - return( "SSL - Verification of the message MAC failed" ); - case -(MBEDTLS_ERR_SSL_INVALID_RECORD): - return( "SSL - An invalid SSL record was received" ); - case -(MBEDTLS_ERR_SSL_CONN_EOF): - return( "SSL - The connection indicated an EOF" ); - case -(MBEDTLS_ERR_SSL_NO_CIPHER_CHOSEN): - return( "SSL - The server has no ciphersuites in common with the client" ); - case -(MBEDTLS_ERR_SSL_NO_RNG): - return( "SSL - No RNG was provided to the SSL module" ); - case -(MBEDTLS_ERR_SSL_NO_CLIENT_CERTIFICATE): - return( "SSL - No client certification received from the client, but required by the authentication mode" ); - case -(MBEDTLS_ERR_SSL_PRIVATE_KEY_REQUIRED): - return( "SSL - The own private key or pre-shared key is not set, but needed" ); - case -(MBEDTLS_ERR_SSL_CA_CHAIN_REQUIRED): - return( "SSL - No CA Chain is set, but required to operate" ); - case -(MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE): - return( "SSL - An unexpected message was received from our peer" ); - case -(MBEDTLS_ERR_SSL_FATAL_ALERT_MESSAGE): - return( "SSL - A fatal alert message was received from our peer" ); - case -(MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY): - return( "SSL - The peer notified us that the connection is going to be closed" ); - case -(MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO): - return( "SSL - Processing of the ClientHello handshake message failed" ); - case -(MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO): - return( "SSL - Processing of the ServerHello handshake message failed" ); - case -(MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE): - return( "SSL - Processing of the Certificate handshake message failed" ); - case -(MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE_REQUEST): - return( "SSL - Processing of the CertificateRequest handshake message failed" ); - case -(MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE): - return( "SSL - Processing of the ServerKeyExchange handshake message failed" ); - case -(MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO_DONE): - return( "SSL - Processing of the ServerHelloDone handshake message failed" ); - case -(MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE): - return( "SSL - Processing of the ClientKeyExchange handshake message failed" ); - case -(MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE_RP): - return( "SSL - Processing of the ClientKeyExchange handshake message failed in DHM / ECDH Read Public" ); - case -(MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE_CS): - return( "SSL - Processing of the ClientKeyExchange handshake message failed in DHM / ECDH Calculate Secret" ); - case -(MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE_VERIFY): - return( "SSL - Processing of the CertificateVerify handshake message failed" ); - case -(MBEDTLS_ERR_SSL_BAD_HS_CHANGE_CIPHER_SPEC): - return( "SSL - Processing of the ChangeCipherSpec handshake message failed" ); - case -(MBEDTLS_ERR_SSL_BAD_HS_FINISHED): - return( "SSL - Processing of the Finished handshake message failed" ); - case -(MBEDTLS_ERR_SSL_ALLOC_FAILED): - return( "SSL - Memory allocation failed" ); - case -(MBEDTLS_ERR_SSL_HW_ACCEL_FAILED): - return( "SSL - Hardware acceleration function returned with error" ); - case -(MBEDTLS_ERR_SSL_HW_ACCEL_FALLTHROUGH): - return( "SSL - Hardware acceleration function skipped / left alone data" ); - case -(MBEDTLS_ERR_SSL_BAD_HS_PROTOCOL_VERSION): - return( "SSL - Handshake protocol not within min/max boundaries" ); - case -(MBEDTLS_ERR_SSL_BAD_HS_NEW_SESSION_TICKET): - return( "SSL - Processing of the NewSessionTicket handshake message failed" ); - case -(MBEDTLS_ERR_SSL_SESSION_TICKET_EXPIRED): - return( "SSL - Session ticket has expired" ); - case -(MBEDTLS_ERR_SSL_PK_TYPE_MISMATCH): - return( "SSL - Public key type mismatch (eg, asked for RSA key exchange and presented EC key)" ); - case -(MBEDTLS_ERR_SSL_UNKNOWN_IDENTITY): - return( "SSL - Unknown identity received (eg, PSK identity)" ); - case -(MBEDTLS_ERR_SSL_INTERNAL_ERROR): - return( "SSL - Internal error (eg, unexpected failure in lower-level module)" ); - case -(MBEDTLS_ERR_SSL_COUNTER_WRAPPING): - return( "SSL - A counter would wrap (eg, too many messages exchanged)" ); - case -(MBEDTLS_ERR_SSL_WAITING_SERVER_HELLO_RENEGO): - return( "SSL - Unexpected message at ServerHello in renegotiation" ); - case -(MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED): - return( "SSL - DTLS client must retry for hello verification" ); - case -(MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL): - return( "SSL - A buffer is too small to receive or write a message" ); - case -(MBEDTLS_ERR_SSL_NO_USABLE_CIPHERSUITE): - return( "SSL - None of the common ciphersuites is usable (eg, no suitable certificate, see debug messages)" ); - case -(MBEDTLS_ERR_SSL_WANT_READ): - return( "SSL - No data of requested type currently available on underlying transport" ); - case -(MBEDTLS_ERR_SSL_WANT_WRITE): - return( "SSL - Connection requires a write call" ); - case -(MBEDTLS_ERR_SSL_TIMEOUT): - return( "SSL - The operation timed out" ); - case -(MBEDTLS_ERR_SSL_CLIENT_RECONNECT): - return( "SSL - The client initiated a reconnect from the same port" ); - case -(MBEDTLS_ERR_SSL_UNEXPECTED_RECORD): - return( "SSL - Record header looks valid but is not expected" ); - case -(MBEDTLS_ERR_SSL_NON_FATAL): - return( "SSL - The alert message received indicates a non-fatal error" ); - case -(MBEDTLS_ERR_SSL_CONTINUE_PROCESSING): - return( "SSL - Internal-only message signaling that further message-processing should be done" ); - case -(MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS): - return( "SSL - The asynchronous operation is not completed yet" ); - case -(MBEDTLS_ERR_SSL_EARLY_MESSAGE): - return( "SSL - Internal-only message signaling that a message arrived early" ); - case -(MBEDTLS_ERR_SSL_UNEXPECTED_CID): - return( "SSL - An encrypted DTLS-frame with an unexpected CID was received" ); - case -(MBEDTLS_ERR_SSL_VERSION_MISMATCH): - return( "SSL - An operation failed due to an unexpected version or configuration" ); - case -(MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS): - return( "SSL - A cryptographic operation is in progress. Try again later" ); - case -(MBEDTLS_ERR_SSL_BAD_CONFIG): - return( "SSL - Invalid value in SSL config" ); -#endif /* MBEDTLS_SSL_TLS_C */ - -#if defined(MBEDTLS_X509_USE_C) || defined(MBEDTLS_X509_CREATE_C) - case -(MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE): - return( "X509 - Unavailable feature, e.g. RSA hashing/encryption combination" ); - case -(MBEDTLS_ERR_X509_UNKNOWN_OID): - return( "X509 - Requested OID is unknown" ); - case -(MBEDTLS_ERR_X509_INVALID_FORMAT): - return( "X509 - The CRT/CRL/CSR format is invalid, e.g. different type expected" ); - case -(MBEDTLS_ERR_X509_INVALID_VERSION): - return( "X509 - The CRT/CRL/CSR version element is invalid" ); - case -(MBEDTLS_ERR_X509_INVALID_SERIAL): - return( "X509 - The serial tag or value is invalid" ); - case -(MBEDTLS_ERR_X509_INVALID_ALG): - return( "X509 - The algorithm tag or value is invalid" ); - case -(MBEDTLS_ERR_X509_INVALID_NAME): - return( "X509 - The name tag or value is invalid" ); - case -(MBEDTLS_ERR_X509_INVALID_DATE): - return( "X509 - The date tag or value is invalid" ); - case -(MBEDTLS_ERR_X509_INVALID_SIGNATURE): - return( "X509 - The signature tag or value invalid" ); - case -(MBEDTLS_ERR_X509_INVALID_EXTENSIONS): - return( "X509 - The extension tag or value is invalid" ); - case -(MBEDTLS_ERR_X509_UNKNOWN_VERSION): - return( "X509 - CRT/CRL/CSR has an unsupported version number" ); - case -(MBEDTLS_ERR_X509_UNKNOWN_SIG_ALG): - return( "X509 - Signature algorithm (oid) is unsupported" ); - case -(MBEDTLS_ERR_X509_SIG_MISMATCH): - return( "X509 - Signature algorithms do not match. (see \\c ::mbedtls_x509_crt sig_oid)" ); - case -(MBEDTLS_ERR_X509_CERT_VERIFY_FAILED): - return( "X509 - Certificate verification failed, e.g. CRL, CA or signature check failed" ); - case -(MBEDTLS_ERR_X509_CERT_UNKNOWN_FORMAT): - return( "X509 - Format not recognized as DER or PEM" ); - case -(MBEDTLS_ERR_X509_BAD_INPUT_DATA): - return( "X509 - Input invalid" ); - case -(MBEDTLS_ERR_X509_ALLOC_FAILED): - return( "X509 - Allocation of memory failed" ); - case -(MBEDTLS_ERR_X509_FILE_IO_ERROR): - return( "X509 - Read/write of file failed" ); - case -(MBEDTLS_ERR_X509_BUFFER_TOO_SMALL): - return( "X509 - Destination buffer is too small" ); - case -(MBEDTLS_ERR_X509_FATAL_ERROR): - return( "X509 - A fatal error occurred, eg the chain is too long or the vrfy callback failed" ); -#endif /* MBEDTLS_X509_USE_C || MBEDTLS_X509_CREATE_C */ - /* End Auto-Generated Code. */ - - default: - break; - } - - return( NULL ); -} - -const char * mbedtls_low_level_strerr( int error_code ) -{ - int low_level_error_code; - - if( error_code < 0 ) - error_code = -error_code; - - /* Extract the low-level part from the error code. */ - low_level_error_code = error_code & ~0xFF80; - - switch( low_level_error_code ) - { - /* Begin Auto-Generated Code. */ -#if defined(MBEDTLS_AES_C) - case -(MBEDTLS_ERR_AES_INVALID_KEY_LENGTH): - return( "AES - Invalid key length" ); - case -(MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH): - return( "AES - Invalid data input length" ); - case -(MBEDTLS_ERR_AES_BAD_INPUT_DATA): - return( "AES - Invalid input data" ); -#endif /* MBEDTLS_AES_C */ - -#if defined(MBEDTLS_ARIA_C) - case -(MBEDTLS_ERR_ARIA_BAD_INPUT_DATA): - return( "ARIA - Bad input data" ); - case -(MBEDTLS_ERR_ARIA_INVALID_INPUT_LENGTH): - return( "ARIA - Invalid data input length" ); -#endif /* MBEDTLS_ARIA_C */ - -#if defined(MBEDTLS_ASN1_PARSE_C) - case -(MBEDTLS_ERR_ASN1_OUT_OF_DATA): - return( "ASN1 - Out of data when parsing an ASN1 data structure" ); - case -(MBEDTLS_ERR_ASN1_UNEXPECTED_TAG): - return( "ASN1 - ASN1 tag was of an unexpected value" ); - case -(MBEDTLS_ERR_ASN1_INVALID_LENGTH): - return( "ASN1 - Error when trying to determine the length or invalid length" ); - case -(MBEDTLS_ERR_ASN1_LENGTH_MISMATCH): - return( "ASN1 - Actual length differs from expected length" ); - case -(MBEDTLS_ERR_ASN1_INVALID_DATA): - return( "ASN1 - Data is invalid" ); - case -(MBEDTLS_ERR_ASN1_ALLOC_FAILED): - return( "ASN1 - Memory allocation failed" ); - case -(MBEDTLS_ERR_ASN1_BUF_TOO_SMALL): - return( "ASN1 - Buffer too small when writing ASN.1 data structure" ); -#endif /* MBEDTLS_ASN1_PARSE_C */ - -#if defined(MBEDTLS_BASE64_C) - case -(MBEDTLS_ERR_BASE64_BUFFER_TOO_SMALL): - return( "BASE64 - Output buffer too small" ); - case -(MBEDTLS_ERR_BASE64_INVALID_CHARACTER): - return( "BASE64 - Invalid character in input" ); -#endif /* MBEDTLS_BASE64_C */ - -#if defined(MBEDTLS_BIGNUM_C) - case -(MBEDTLS_ERR_MPI_FILE_IO_ERROR): - return( "BIGNUM - An error occurred while reading from or writing to a file" ); - case -(MBEDTLS_ERR_MPI_BAD_INPUT_DATA): - return( "BIGNUM - Bad input parameters to function" ); - case -(MBEDTLS_ERR_MPI_INVALID_CHARACTER): - return( "BIGNUM - There is an invalid character in the digit string" ); - case -(MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL): - return( "BIGNUM - The buffer is too small to write to" ); - case -(MBEDTLS_ERR_MPI_NEGATIVE_VALUE): - return( "BIGNUM - The input arguments are negative or result in illegal output" ); - case -(MBEDTLS_ERR_MPI_DIVISION_BY_ZERO): - return( "BIGNUM - The input argument for division is zero, which is not allowed" ); - case -(MBEDTLS_ERR_MPI_NOT_ACCEPTABLE): - return( "BIGNUM - The input arguments are not acceptable" ); - case -(MBEDTLS_ERR_MPI_ALLOC_FAILED): - return( "BIGNUM - Memory allocation failed" ); -#endif /* MBEDTLS_BIGNUM_C */ - -#if defined(MBEDTLS_BLOWFISH_C) - case -(MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA): - return( "BLOWFISH - Bad input data" ); - case -(MBEDTLS_ERR_BLOWFISH_INVALID_INPUT_LENGTH): - return( "BLOWFISH - Invalid data input length" ); -#endif /* MBEDTLS_BLOWFISH_C */ - -#if defined(MBEDTLS_CAMELLIA_C) - case -(MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA): - return( "CAMELLIA - Bad input data" ); - case -(MBEDTLS_ERR_CAMELLIA_INVALID_INPUT_LENGTH): - return( "CAMELLIA - Invalid data input length" ); -#endif /* MBEDTLS_CAMELLIA_C */ - -#if defined(MBEDTLS_CCM_C) - case -(MBEDTLS_ERR_CCM_BAD_INPUT): - return( "CCM - Bad input parameters to the function" ); - case -(MBEDTLS_ERR_CCM_AUTH_FAILED): - return( "CCM - Authenticated decryption failed" ); -#endif /* MBEDTLS_CCM_C */ - -#if defined(MBEDTLS_CHACHA20_C) - case -(MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA): - return( "CHACHA20 - Invalid input parameter(s)" ); -#endif /* MBEDTLS_CHACHA20_C */ - -#if defined(MBEDTLS_CHACHAPOLY_C) - case -(MBEDTLS_ERR_CHACHAPOLY_BAD_STATE): - return( "CHACHAPOLY - The requested operation is not permitted in the current state" ); - case -(MBEDTLS_ERR_CHACHAPOLY_AUTH_FAILED): - return( "CHACHAPOLY - Authenticated decryption failed: data was not authentic" ); -#endif /* MBEDTLS_CHACHAPOLY_C */ - -#if defined(MBEDTLS_CTR_DRBG_C) - case -(MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED): - return( "CTR_DRBG - The entropy source failed" ); - case -(MBEDTLS_ERR_CTR_DRBG_REQUEST_TOO_BIG): - return( "CTR_DRBG - The requested random buffer length is too big" ); - case -(MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG): - return( "CTR_DRBG - The input (entropy + additional data) is too large" ); - case -(MBEDTLS_ERR_CTR_DRBG_FILE_IO_ERROR): - return( "CTR_DRBG - Read or write error in file" ); -#endif /* MBEDTLS_CTR_DRBG_C */ - -#if defined(MBEDTLS_DES_C) - case -(MBEDTLS_ERR_DES_INVALID_INPUT_LENGTH): - return( "DES - The data input has an invalid length" ); -#endif /* MBEDTLS_DES_C */ - -#if defined(MBEDTLS_ENTROPY_C) - case -(MBEDTLS_ERR_ENTROPY_SOURCE_FAILED): - return( "ENTROPY - Critical entropy source failure" ); - case -(MBEDTLS_ERR_ENTROPY_MAX_SOURCES): - return( "ENTROPY - No more sources can be added" ); - case -(MBEDTLS_ERR_ENTROPY_NO_SOURCES_DEFINED): - return( "ENTROPY - No sources have been added to poll" ); - case -(MBEDTLS_ERR_ENTROPY_NO_STRONG_SOURCE): - return( "ENTROPY - No strong sources have been added to poll" ); - case -(MBEDTLS_ERR_ENTROPY_FILE_IO_ERROR): - return( "ENTROPY - Read/write error in file" ); -#endif /* MBEDTLS_ENTROPY_C */ - -#if defined(MBEDTLS_ERROR_C) - case -(MBEDTLS_ERR_ERROR_GENERIC_ERROR): - return( "ERROR - Generic error" ); - case -(MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED): - return( "ERROR - This is a bug in the library" ); -#endif /* MBEDTLS_ERROR_C */ - -#if defined(MBEDTLS_PLATFORM_C) - case -(MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED): - return( "PLATFORM - Hardware accelerator failed" ); - case -(MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED): - return( "PLATFORM - The requested feature is not supported by the platform" ); -#endif /* MBEDTLS_PLATFORM_C */ - -#if defined(MBEDTLS_GCM_C) - case -(MBEDTLS_ERR_GCM_AUTH_FAILED): - return( "GCM - Authenticated decryption failed" ); - case -(MBEDTLS_ERR_GCM_BAD_INPUT): - return( "GCM - Bad input parameters to function" ); -#endif /* MBEDTLS_GCM_C */ - -#if defined(MBEDTLS_HKDF_C) - case -(MBEDTLS_ERR_HKDF_BAD_INPUT_DATA): - return( "HKDF - Bad input parameters to function" ); -#endif /* MBEDTLS_HKDF_C */ - -#if defined(MBEDTLS_HMAC_DRBG_C) - case -(MBEDTLS_ERR_HMAC_DRBG_REQUEST_TOO_BIG): - return( "HMAC_DRBG - Too many random requested in single call" ); - case -(MBEDTLS_ERR_HMAC_DRBG_INPUT_TOO_BIG): - return( "HMAC_DRBG - Input too large (Entropy + additional)" ); - case -(MBEDTLS_ERR_HMAC_DRBG_FILE_IO_ERROR): - return( "HMAC_DRBG - Read/write error in file" ); - case -(MBEDTLS_ERR_HMAC_DRBG_ENTROPY_SOURCE_FAILED): - return( "HMAC_DRBG - The entropy source failed" ); -#endif /* MBEDTLS_HMAC_DRBG_C */ - -#if defined(MBEDTLS_NET_C) - case -(MBEDTLS_ERR_NET_SOCKET_FAILED): - return( "NET - Failed to open a socket" ); - case -(MBEDTLS_ERR_NET_CONNECT_FAILED): - return( "NET - The connection to the given server / port failed" ); - case -(MBEDTLS_ERR_NET_BIND_FAILED): - return( "NET - Binding of the socket failed" ); - case -(MBEDTLS_ERR_NET_LISTEN_FAILED): - return( "NET - Could not listen on the socket" ); - case -(MBEDTLS_ERR_NET_ACCEPT_FAILED): - return( "NET - Could not accept the incoming connection" ); - case -(MBEDTLS_ERR_NET_RECV_FAILED): - return( "NET - Reading information from the socket failed" ); - case -(MBEDTLS_ERR_NET_SEND_FAILED): - return( "NET - Sending information through the socket failed" ); - case -(MBEDTLS_ERR_NET_CONN_RESET): - return( "NET - Connection was reset by peer" ); - case -(MBEDTLS_ERR_NET_UNKNOWN_HOST): - return( "NET - Failed to get an IP address for the given hostname" ); - case -(MBEDTLS_ERR_NET_BUFFER_TOO_SMALL): - return( "NET - Buffer is too small to hold the data" ); - case -(MBEDTLS_ERR_NET_INVALID_CONTEXT): - return( "NET - The context is invalid, eg because it was free()ed" ); - case -(MBEDTLS_ERR_NET_POLL_FAILED): - return( "NET - Polling the net context failed" ); - case -(MBEDTLS_ERR_NET_BAD_INPUT_DATA): - return( "NET - Input invalid" ); -#endif /* MBEDTLS_NET_C */ - -#if defined(MBEDTLS_OID_C) - case -(MBEDTLS_ERR_OID_NOT_FOUND): - return( "OID - OID is not found" ); - case -(MBEDTLS_ERR_OID_BUF_TOO_SMALL): - return( "OID - output buffer is too small" ); -#endif /* MBEDTLS_OID_C */ - -#if defined(MBEDTLS_POLY1305_C) - case -(MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA): - return( "POLY1305 - Invalid input parameter(s)" ); -#endif /* MBEDTLS_POLY1305_C */ - -#if defined(MBEDTLS_SHA1_C) - case -(MBEDTLS_ERR_SHA1_BAD_INPUT_DATA): - return( "SHA1 - SHA-1 input data was malformed" ); -#endif /* MBEDTLS_SHA1_C */ - -#if defined(MBEDTLS_SHA256_C) - case -(MBEDTLS_ERR_SHA256_BAD_INPUT_DATA): - return( "SHA256 - SHA-256 input data was malformed" ); -#endif /* MBEDTLS_SHA256_C */ - -#if defined(MBEDTLS_SHA512_C) - case -(MBEDTLS_ERR_SHA512_BAD_INPUT_DATA): - return( "SHA512 - SHA-512 input data was malformed" ); -#endif /* MBEDTLS_SHA512_C */ - -#if defined(MBEDTLS_THREADING_C) - case -(MBEDTLS_ERR_THREADING_BAD_INPUT_DATA): - return( "THREADING - Bad input parameters to function" ); - case -(MBEDTLS_ERR_THREADING_MUTEX_ERROR): - return( "THREADING - Locking / unlocking / free failed with error code" ); -#endif /* MBEDTLS_THREADING_C */ - -#if defined(MBEDTLS_XTEA_C) - case -(MBEDTLS_ERR_XTEA_INVALID_INPUT_LENGTH): - return( "XTEA - The data input has an invalid length" ); -#endif /* MBEDTLS_XTEA_C */ - /* End Auto-Generated Code. */ - - default: - break; - } - - return( NULL ); -} - -void mbedtls_strerror( int ret, char *buf, size_t buflen ) -{ - size_t len; - int use_ret; - const char * high_level_error_description = NULL; - const char * low_level_error_description = NULL; - - if( buflen == 0 ) - return; - - memset( buf, 0x00, buflen ); - - if( ret < 0 ) - ret = -ret; - - if( ret & 0xFF80 ) - { - use_ret = ret & 0xFF80; - - // Translate high level error code. - high_level_error_description = mbedtls_high_level_strerr( ret ); - - if( high_level_error_description == NULL ) - mbedtls_snprintf( buf, buflen, "UNKNOWN ERROR CODE (%04X)", (unsigned int) use_ret ); - else - mbedtls_snprintf( buf, buflen, "%s", high_level_error_description ); - -#if defined(MBEDTLS_SSL_TLS_C) - // Early return in case of a fatal error - do not try to translate low - // level code. - if(use_ret == -(MBEDTLS_ERR_SSL_FATAL_ALERT_MESSAGE)) - return; -#endif /* MBEDTLS_SSL_TLS_C */ - } - - use_ret = ret & ~0xFF80; - - if( use_ret == 0 ) - return; - - // If high level code is present, make a concatenation between both - // error strings. - // - len = strlen( buf ); - - if( len > 0 ) - { - if( buflen - len < 5 ) - return; - - mbedtls_snprintf( buf + len, buflen - len, " : " ); - - buf += len + 3; - buflen -= len + 3; - } - - // Translate low level error code. - low_level_error_description = mbedtls_low_level_strerr( ret ); - - if( low_level_error_description == NULL ) - mbedtls_snprintf( buf, buflen, "UNKNOWN ERROR CODE (%04X)", (unsigned int) use_ret ); - else - mbedtls_snprintf( buf, buflen, "%s", low_level_error_description ); -} - -#else /* MBEDTLS_ERROR_C */ - -/* - * Provide an non-function in case MBEDTLS_ERROR_C is not defined - */ -void mbedtls_strerror( int ret, char *buf, size_t buflen ) -{ - ((void) ret); - - if( buflen > 0 ) - buf[0] = '\0'; -} - -#endif /* MBEDTLS_ERROR_C */ - -#if defined(MBEDTLS_TEST_HOOKS) -void (*mbedtls_test_hook_error_add)( int, int, const char *, int ); -#endif - -#endif /* MBEDTLS_ERROR_C || MBEDTLS_ERROR_STRERROR_DUMMY */ diff --git a/library/version_features.c b/library/version_features.c deleted file mode 100644 index d2de8957d2..0000000000 --- a/library/version_features.c +++ /dev/null @@ -1,842 +0,0 @@ -/* - * Version feature information - * - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#include "common.h" - -#if defined(MBEDTLS_VERSION_C) - -#include "mbedtls/version.h" - -#include - -static const char * const features[] = { -#if defined(MBEDTLS_VERSION_FEATURES) -#if defined(MBEDTLS_HAVE_ASM) - "MBEDTLS_HAVE_ASM", -#endif /* MBEDTLS_HAVE_ASM */ -#if defined(MBEDTLS_NO_UDBL_DIVISION) - "MBEDTLS_NO_UDBL_DIVISION", -#endif /* MBEDTLS_NO_UDBL_DIVISION */ -#if defined(MBEDTLS_NO_64BIT_MULTIPLICATION) - "MBEDTLS_NO_64BIT_MULTIPLICATION", -#endif /* MBEDTLS_NO_64BIT_MULTIPLICATION */ -#if defined(MBEDTLS_HAVE_SSE2) - "MBEDTLS_HAVE_SSE2", -#endif /* MBEDTLS_HAVE_SSE2 */ -#if defined(MBEDTLS_HAVE_TIME) - "MBEDTLS_HAVE_TIME", -#endif /* MBEDTLS_HAVE_TIME */ -#if defined(MBEDTLS_HAVE_TIME_DATE) - "MBEDTLS_HAVE_TIME_DATE", -#endif /* MBEDTLS_HAVE_TIME_DATE */ -#if defined(MBEDTLS_PLATFORM_MEMORY) - "MBEDTLS_PLATFORM_MEMORY", -#endif /* MBEDTLS_PLATFORM_MEMORY */ -#if defined(MBEDTLS_PLATFORM_NO_STD_FUNCTIONS) - "MBEDTLS_PLATFORM_NO_STD_FUNCTIONS", -#endif /* MBEDTLS_PLATFORM_NO_STD_FUNCTIONS */ -#if defined(MBEDTLS_PLATFORM_EXIT_ALT) - "MBEDTLS_PLATFORM_EXIT_ALT", -#endif /* MBEDTLS_PLATFORM_EXIT_ALT */ -#if defined(MBEDTLS_PLATFORM_TIME_ALT) - "MBEDTLS_PLATFORM_TIME_ALT", -#endif /* MBEDTLS_PLATFORM_TIME_ALT */ -#if defined(MBEDTLS_PLATFORM_FPRINTF_ALT) - "MBEDTLS_PLATFORM_FPRINTF_ALT", -#endif /* MBEDTLS_PLATFORM_FPRINTF_ALT */ -#if defined(MBEDTLS_PLATFORM_PRINTF_ALT) - "MBEDTLS_PLATFORM_PRINTF_ALT", -#endif /* MBEDTLS_PLATFORM_PRINTF_ALT */ -#if defined(MBEDTLS_PLATFORM_SNPRINTF_ALT) - "MBEDTLS_PLATFORM_SNPRINTF_ALT", -#endif /* MBEDTLS_PLATFORM_SNPRINTF_ALT */ -#if defined(MBEDTLS_PLATFORM_VSNPRINTF_ALT) - "MBEDTLS_PLATFORM_VSNPRINTF_ALT", -#endif /* MBEDTLS_PLATFORM_VSNPRINTF_ALT */ -#if defined(MBEDTLS_PLATFORM_NV_SEED_ALT) - "MBEDTLS_PLATFORM_NV_SEED_ALT", -#endif /* MBEDTLS_PLATFORM_NV_SEED_ALT */ -#if defined(MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT) - "MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT", -#endif /* MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT */ -#if defined(MBEDTLS_DEPRECATED_WARNING) - "MBEDTLS_DEPRECATED_WARNING", -#endif /* MBEDTLS_DEPRECATED_WARNING */ -#if defined(MBEDTLS_DEPRECATED_REMOVED) - "MBEDTLS_DEPRECATED_REMOVED", -#endif /* MBEDTLS_DEPRECATED_REMOVED */ -#if defined(MBEDTLS_CHECK_PARAMS) - "MBEDTLS_CHECK_PARAMS", -#endif /* MBEDTLS_CHECK_PARAMS */ -#if defined(MBEDTLS_CHECK_PARAMS_ASSERT) - "MBEDTLS_CHECK_PARAMS_ASSERT", -#endif /* MBEDTLS_CHECK_PARAMS_ASSERT */ -#if defined(MBEDTLS_TIMING_ALT) - "MBEDTLS_TIMING_ALT", -#endif /* MBEDTLS_TIMING_ALT */ -#if defined(MBEDTLS_AES_ALT) - "MBEDTLS_AES_ALT", -#endif /* MBEDTLS_AES_ALT */ -#if defined(MBEDTLS_ARC4_ALT) - "MBEDTLS_ARC4_ALT", -#endif /* MBEDTLS_ARC4_ALT */ -#if defined(MBEDTLS_ARIA_ALT) - "MBEDTLS_ARIA_ALT", -#endif /* MBEDTLS_ARIA_ALT */ -#if defined(MBEDTLS_BLOWFISH_ALT) - "MBEDTLS_BLOWFISH_ALT", -#endif /* MBEDTLS_BLOWFISH_ALT */ -#if defined(MBEDTLS_CAMELLIA_ALT) - "MBEDTLS_CAMELLIA_ALT", -#endif /* MBEDTLS_CAMELLIA_ALT */ -#if defined(MBEDTLS_CCM_ALT) - "MBEDTLS_CCM_ALT", -#endif /* MBEDTLS_CCM_ALT */ -#if defined(MBEDTLS_CHACHA20_ALT) - "MBEDTLS_CHACHA20_ALT", -#endif /* MBEDTLS_CHACHA20_ALT */ -#if defined(MBEDTLS_CHACHAPOLY_ALT) - "MBEDTLS_CHACHAPOLY_ALT", -#endif /* MBEDTLS_CHACHAPOLY_ALT */ -#if defined(MBEDTLS_CMAC_ALT) - "MBEDTLS_CMAC_ALT", -#endif /* MBEDTLS_CMAC_ALT */ -#if defined(MBEDTLS_DES_ALT) - "MBEDTLS_DES_ALT", -#endif /* MBEDTLS_DES_ALT */ -#if defined(MBEDTLS_DHM_ALT) - "MBEDTLS_DHM_ALT", -#endif /* MBEDTLS_DHM_ALT */ -#if defined(MBEDTLS_ECJPAKE_ALT) - "MBEDTLS_ECJPAKE_ALT", -#endif /* MBEDTLS_ECJPAKE_ALT */ -#if defined(MBEDTLS_GCM_ALT) - "MBEDTLS_GCM_ALT", -#endif /* MBEDTLS_GCM_ALT */ -#if defined(MBEDTLS_NIST_KW_ALT) - "MBEDTLS_NIST_KW_ALT", -#endif /* MBEDTLS_NIST_KW_ALT */ -#if defined(MBEDTLS_MD2_ALT) - "MBEDTLS_MD2_ALT", -#endif /* MBEDTLS_MD2_ALT */ -#if defined(MBEDTLS_MD4_ALT) - "MBEDTLS_MD4_ALT", -#endif /* MBEDTLS_MD4_ALT */ -#if defined(MBEDTLS_MD5_ALT) - "MBEDTLS_MD5_ALT", -#endif /* MBEDTLS_MD5_ALT */ -#if defined(MBEDTLS_POLY1305_ALT) - "MBEDTLS_POLY1305_ALT", -#endif /* MBEDTLS_POLY1305_ALT */ -#if defined(MBEDTLS_RIPEMD160_ALT) - "MBEDTLS_RIPEMD160_ALT", -#endif /* MBEDTLS_RIPEMD160_ALT */ -#if defined(MBEDTLS_RSA_ALT) - "MBEDTLS_RSA_ALT", -#endif /* MBEDTLS_RSA_ALT */ -#if defined(MBEDTLS_SHA1_ALT) - "MBEDTLS_SHA1_ALT", -#endif /* MBEDTLS_SHA1_ALT */ -#if defined(MBEDTLS_SHA256_ALT) - "MBEDTLS_SHA256_ALT", -#endif /* MBEDTLS_SHA256_ALT */ -#if defined(MBEDTLS_SHA512_ALT) - "MBEDTLS_SHA512_ALT", -#endif /* MBEDTLS_SHA512_ALT */ -#if defined(MBEDTLS_XTEA_ALT) - "MBEDTLS_XTEA_ALT", -#endif /* MBEDTLS_XTEA_ALT */ -#if defined(MBEDTLS_ECP_ALT) - "MBEDTLS_ECP_ALT", -#endif /* MBEDTLS_ECP_ALT */ -#if defined(MBEDTLS_MD2_PROCESS_ALT) - "MBEDTLS_MD2_PROCESS_ALT", -#endif /* MBEDTLS_MD2_PROCESS_ALT */ -#if defined(MBEDTLS_MD4_PROCESS_ALT) - "MBEDTLS_MD4_PROCESS_ALT", -#endif /* MBEDTLS_MD4_PROCESS_ALT */ -#if defined(MBEDTLS_MD5_PROCESS_ALT) - "MBEDTLS_MD5_PROCESS_ALT", -#endif /* MBEDTLS_MD5_PROCESS_ALT */ -#if defined(MBEDTLS_RIPEMD160_PROCESS_ALT) - "MBEDTLS_RIPEMD160_PROCESS_ALT", -#endif /* MBEDTLS_RIPEMD160_PROCESS_ALT */ -#if defined(MBEDTLS_SHA1_PROCESS_ALT) - "MBEDTLS_SHA1_PROCESS_ALT", -#endif /* MBEDTLS_SHA1_PROCESS_ALT */ -#if defined(MBEDTLS_SHA256_PROCESS_ALT) - "MBEDTLS_SHA256_PROCESS_ALT", -#endif /* MBEDTLS_SHA256_PROCESS_ALT */ -#if defined(MBEDTLS_SHA512_PROCESS_ALT) - "MBEDTLS_SHA512_PROCESS_ALT", -#endif /* MBEDTLS_SHA512_PROCESS_ALT */ -#if defined(MBEDTLS_DES_SETKEY_ALT) - "MBEDTLS_DES_SETKEY_ALT", -#endif /* MBEDTLS_DES_SETKEY_ALT */ -#if defined(MBEDTLS_DES_CRYPT_ECB_ALT) - "MBEDTLS_DES_CRYPT_ECB_ALT", -#endif /* MBEDTLS_DES_CRYPT_ECB_ALT */ -#if defined(MBEDTLS_DES3_CRYPT_ECB_ALT) - "MBEDTLS_DES3_CRYPT_ECB_ALT", -#endif /* MBEDTLS_DES3_CRYPT_ECB_ALT */ -#if defined(MBEDTLS_AES_SETKEY_ENC_ALT) - "MBEDTLS_AES_SETKEY_ENC_ALT", -#endif /* MBEDTLS_AES_SETKEY_ENC_ALT */ -#if defined(MBEDTLS_AES_SETKEY_DEC_ALT) - "MBEDTLS_AES_SETKEY_DEC_ALT", -#endif /* MBEDTLS_AES_SETKEY_DEC_ALT */ -#if defined(MBEDTLS_AES_ENCRYPT_ALT) - "MBEDTLS_AES_ENCRYPT_ALT", -#endif /* MBEDTLS_AES_ENCRYPT_ALT */ -#if defined(MBEDTLS_AES_DECRYPT_ALT) - "MBEDTLS_AES_DECRYPT_ALT", -#endif /* MBEDTLS_AES_DECRYPT_ALT */ -#if defined(MBEDTLS_ECDH_GEN_PUBLIC_ALT) - "MBEDTLS_ECDH_GEN_PUBLIC_ALT", -#endif /* MBEDTLS_ECDH_GEN_PUBLIC_ALT */ -#if defined(MBEDTLS_ECDH_COMPUTE_SHARED_ALT) - "MBEDTLS_ECDH_COMPUTE_SHARED_ALT", -#endif /* MBEDTLS_ECDH_COMPUTE_SHARED_ALT */ -#if defined(MBEDTLS_ECDSA_VERIFY_ALT) - "MBEDTLS_ECDSA_VERIFY_ALT", -#endif /* MBEDTLS_ECDSA_VERIFY_ALT */ -#if defined(MBEDTLS_ECDSA_SIGN_ALT) - "MBEDTLS_ECDSA_SIGN_ALT", -#endif /* MBEDTLS_ECDSA_SIGN_ALT */ -#if defined(MBEDTLS_ECDSA_GENKEY_ALT) - "MBEDTLS_ECDSA_GENKEY_ALT", -#endif /* MBEDTLS_ECDSA_GENKEY_ALT */ -#if defined(MBEDTLS_ECP_INTERNAL_ALT) - "MBEDTLS_ECP_INTERNAL_ALT", -#endif /* MBEDTLS_ECP_INTERNAL_ALT */ -#if defined(MBEDTLS_ECP_NO_FALLBACK) - "MBEDTLS_ECP_NO_FALLBACK", -#endif /* MBEDTLS_ECP_NO_FALLBACK */ -#if defined(MBEDTLS_ECP_RANDOMIZE_JAC_ALT) - "MBEDTLS_ECP_RANDOMIZE_JAC_ALT", -#endif /* MBEDTLS_ECP_RANDOMIZE_JAC_ALT */ -#if defined(MBEDTLS_ECP_ADD_MIXED_ALT) - "MBEDTLS_ECP_ADD_MIXED_ALT", -#endif /* MBEDTLS_ECP_ADD_MIXED_ALT */ -#if defined(MBEDTLS_ECP_DOUBLE_JAC_ALT) - "MBEDTLS_ECP_DOUBLE_JAC_ALT", -#endif /* MBEDTLS_ECP_DOUBLE_JAC_ALT */ -#if defined(MBEDTLS_ECP_NORMALIZE_JAC_MANY_ALT) - "MBEDTLS_ECP_NORMALIZE_JAC_MANY_ALT", -#endif /* MBEDTLS_ECP_NORMALIZE_JAC_MANY_ALT */ -#if defined(MBEDTLS_ECP_NORMALIZE_JAC_ALT) - "MBEDTLS_ECP_NORMALIZE_JAC_ALT", -#endif /* MBEDTLS_ECP_NORMALIZE_JAC_ALT */ -#if defined(MBEDTLS_ECP_DOUBLE_ADD_MXZ_ALT) - "MBEDTLS_ECP_DOUBLE_ADD_MXZ_ALT", -#endif /* MBEDTLS_ECP_DOUBLE_ADD_MXZ_ALT */ -#if defined(MBEDTLS_ECP_RANDOMIZE_MXZ_ALT) - "MBEDTLS_ECP_RANDOMIZE_MXZ_ALT", -#endif /* MBEDTLS_ECP_RANDOMIZE_MXZ_ALT */ -#if defined(MBEDTLS_ECP_NORMALIZE_MXZ_ALT) - "MBEDTLS_ECP_NORMALIZE_MXZ_ALT", -#endif /* MBEDTLS_ECP_NORMALIZE_MXZ_ALT */ -#if defined(MBEDTLS_TEST_NULL_ENTROPY) - "MBEDTLS_TEST_NULL_ENTROPY", -#endif /* MBEDTLS_TEST_NULL_ENTROPY */ -#if defined(MBEDTLS_ENTROPY_HARDWARE_ALT) - "MBEDTLS_ENTROPY_HARDWARE_ALT", -#endif /* MBEDTLS_ENTROPY_HARDWARE_ALT */ -#if defined(MBEDTLS_AES_ROM_TABLES) - "MBEDTLS_AES_ROM_TABLES", -#endif /* MBEDTLS_AES_ROM_TABLES */ -#if defined(MBEDTLS_AES_FEWER_TABLES) - "MBEDTLS_AES_FEWER_TABLES", -#endif /* MBEDTLS_AES_FEWER_TABLES */ -#if defined(MBEDTLS_CAMELLIA_SMALL_MEMORY) - "MBEDTLS_CAMELLIA_SMALL_MEMORY", -#endif /* MBEDTLS_CAMELLIA_SMALL_MEMORY */ -#if defined(MBEDTLS_CIPHER_MODE_CBC) - "MBEDTLS_CIPHER_MODE_CBC", -#endif /* MBEDTLS_CIPHER_MODE_CBC */ -#if defined(MBEDTLS_CIPHER_MODE_CFB) - "MBEDTLS_CIPHER_MODE_CFB", -#endif /* MBEDTLS_CIPHER_MODE_CFB */ -#if defined(MBEDTLS_CIPHER_MODE_CTR) - "MBEDTLS_CIPHER_MODE_CTR", -#endif /* MBEDTLS_CIPHER_MODE_CTR */ -#if defined(MBEDTLS_CIPHER_MODE_OFB) - "MBEDTLS_CIPHER_MODE_OFB", -#endif /* MBEDTLS_CIPHER_MODE_OFB */ -#if defined(MBEDTLS_CIPHER_MODE_XTS) - "MBEDTLS_CIPHER_MODE_XTS", -#endif /* MBEDTLS_CIPHER_MODE_XTS */ -#if defined(MBEDTLS_CIPHER_NULL_CIPHER) - "MBEDTLS_CIPHER_NULL_CIPHER", -#endif /* MBEDTLS_CIPHER_NULL_CIPHER */ -#if defined(MBEDTLS_CIPHER_PADDING_PKCS7) - "MBEDTLS_CIPHER_PADDING_PKCS7", -#endif /* MBEDTLS_CIPHER_PADDING_PKCS7 */ -#if defined(MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS) - "MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS", -#endif /* MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS */ -#if defined(MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN) - "MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN", -#endif /* MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN */ -#if defined(MBEDTLS_CIPHER_PADDING_ZEROS) - "MBEDTLS_CIPHER_PADDING_ZEROS", -#endif /* MBEDTLS_CIPHER_PADDING_ZEROS */ -#if defined(MBEDTLS_CTR_DRBG_USE_128_BIT_KEY) - "MBEDTLS_CTR_DRBG_USE_128_BIT_KEY", -#endif /* MBEDTLS_CTR_DRBG_USE_128_BIT_KEY */ -#if defined(MBEDTLS_REMOVE_3DES_CIPHERSUITES) - "MBEDTLS_REMOVE_3DES_CIPHERSUITES", -#endif /* MBEDTLS_REMOVE_3DES_CIPHERSUITES */ -#if defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED) - "MBEDTLS_ECP_DP_SECP192R1_ENABLED", -#endif /* MBEDTLS_ECP_DP_SECP192R1_ENABLED */ -#if defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED) - "MBEDTLS_ECP_DP_SECP224R1_ENABLED", -#endif /* MBEDTLS_ECP_DP_SECP224R1_ENABLED */ -#if defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED) - "MBEDTLS_ECP_DP_SECP256R1_ENABLED", -#endif /* MBEDTLS_ECP_DP_SECP256R1_ENABLED */ -#if defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED) - "MBEDTLS_ECP_DP_SECP384R1_ENABLED", -#endif /* MBEDTLS_ECP_DP_SECP384R1_ENABLED */ -#if defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED) - "MBEDTLS_ECP_DP_SECP521R1_ENABLED", -#endif /* MBEDTLS_ECP_DP_SECP521R1_ENABLED */ -#if defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED) - "MBEDTLS_ECP_DP_SECP192K1_ENABLED", -#endif /* MBEDTLS_ECP_DP_SECP192K1_ENABLED */ -#if defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED) - "MBEDTLS_ECP_DP_SECP224K1_ENABLED", -#endif /* MBEDTLS_ECP_DP_SECP224K1_ENABLED */ -#if defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED) - "MBEDTLS_ECP_DP_SECP256K1_ENABLED", -#endif /* MBEDTLS_ECP_DP_SECP256K1_ENABLED */ -#if defined(MBEDTLS_ECP_DP_BP256R1_ENABLED) - "MBEDTLS_ECP_DP_BP256R1_ENABLED", -#endif /* MBEDTLS_ECP_DP_BP256R1_ENABLED */ -#if defined(MBEDTLS_ECP_DP_BP384R1_ENABLED) - "MBEDTLS_ECP_DP_BP384R1_ENABLED", -#endif /* MBEDTLS_ECP_DP_BP384R1_ENABLED */ -#if defined(MBEDTLS_ECP_DP_BP512R1_ENABLED) - "MBEDTLS_ECP_DP_BP512R1_ENABLED", -#endif /* MBEDTLS_ECP_DP_BP512R1_ENABLED */ -#if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED) - "MBEDTLS_ECP_DP_CURVE25519_ENABLED", -#endif /* MBEDTLS_ECP_DP_CURVE25519_ENABLED */ -#if defined(MBEDTLS_ECP_DP_CURVE448_ENABLED) - "MBEDTLS_ECP_DP_CURVE448_ENABLED", -#endif /* MBEDTLS_ECP_DP_CURVE448_ENABLED */ -#if defined(MBEDTLS_ECP_NIST_OPTIM) - "MBEDTLS_ECP_NIST_OPTIM", -#endif /* MBEDTLS_ECP_NIST_OPTIM */ -#if defined(MBEDTLS_ECP_NO_INTERNAL_RNG) - "MBEDTLS_ECP_NO_INTERNAL_RNG", -#endif /* MBEDTLS_ECP_NO_INTERNAL_RNG */ -#if defined(MBEDTLS_ECP_RESTARTABLE) - "MBEDTLS_ECP_RESTARTABLE", -#endif /* MBEDTLS_ECP_RESTARTABLE */ -#if defined(MBEDTLS_ECDH_LEGACY_CONTEXT) - "MBEDTLS_ECDH_LEGACY_CONTEXT", -#endif /* MBEDTLS_ECDH_LEGACY_CONTEXT */ -#if defined(MBEDTLS_ECDSA_DETERMINISTIC) - "MBEDTLS_ECDSA_DETERMINISTIC", -#endif /* MBEDTLS_ECDSA_DETERMINISTIC */ -#if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED) - "MBEDTLS_KEY_EXCHANGE_PSK_ENABLED", -#endif /* MBEDTLS_KEY_EXCHANGE_PSK_ENABLED */ -#if defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED) - "MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED", -#endif /* MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED */ -#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED) - "MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED", -#endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED */ -#if defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED) - "MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED", -#endif /* MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED */ -#if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) - "MBEDTLS_KEY_EXCHANGE_RSA_ENABLED", -#endif /* MBEDTLS_KEY_EXCHANGE_RSA_ENABLED */ -#if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) - "MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED", -#endif /* MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED */ -#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) - "MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED", -#endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED */ -#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) - "MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED", -#endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED */ -#if defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED) - "MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED", -#endif /* MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED */ -#if defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) - "MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED", -#endif /* MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED */ -#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) - "MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED", -#endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ -#if defined(MBEDTLS_PK_PARSE_EC_EXTENDED) - "MBEDTLS_PK_PARSE_EC_EXTENDED", -#endif /* MBEDTLS_PK_PARSE_EC_EXTENDED */ -#if defined(MBEDTLS_ERROR_STRERROR_DUMMY) - "MBEDTLS_ERROR_STRERROR_DUMMY", -#endif /* MBEDTLS_ERROR_STRERROR_DUMMY */ -#if defined(MBEDTLS_GENPRIME) - "MBEDTLS_GENPRIME", -#endif /* MBEDTLS_GENPRIME */ -#if defined(MBEDTLS_FS_IO) - "MBEDTLS_FS_IO", -#endif /* MBEDTLS_FS_IO */ -#if defined(MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES) - "MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES", -#endif /* MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES */ -#if defined(MBEDTLS_NO_PLATFORM_ENTROPY) - "MBEDTLS_NO_PLATFORM_ENTROPY", -#endif /* MBEDTLS_NO_PLATFORM_ENTROPY */ -#if defined(MBEDTLS_ENTROPY_FORCE_SHA256) - "MBEDTLS_ENTROPY_FORCE_SHA256", -#endif /* MBEDTLS_ENTROPY_FORCE_SHA256 */ -#if defined(MBEDTLS_ENTROPY_NV_SEED) - "MBEDTLS_ENTROPY_NV_SEED", -#endif /* MBEDTLS_ENTROPY_NV_SEED */ -#if defined(MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER) - "MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER", -#endif /* MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER */ -#if defined(MBEDTLS_MEMORY_DEBUG) - "MBEDTLS_MEMORY_DEBUG", -#endif /* MBEDTLS_MEMORY_DEBUG */ -#if defined(MBEDTLS_MEMORY_BACKTRACE) - "MBEDTLS_MEMORY_BACKTRACE", -#endif /* MBEDTLS_MEMORY_BACKTRACE */ -#if defined(MBEDTLS_PK_RSA_ALT_SUPPORT) - "MBEDTLS_PK_RSA_ALT_SUPPORT", -#endif /* MBEDTLS_PK_RSA_ALT_SUPPORT */ -#if defined(MBEDTLS_PKCS1_V15) - "MBEDTLS_PKCS1_V15", -#endif /* MBEDTLS_PKCS1_V15 */ -#if defined(MBEDTLS_PKCS1_V21) - "MBEDTLS_PKCS1_V21", -#endif /* MBEDTLS_PKCS1_V21 */ -#if defined(MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS) - "MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS", -#endif /* MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS */ -#if defined(MBEDTLS_PSA_CRYPTO_CLIENT) - "MBEDTLS_PSA_CRYPTO_CLIENT", -#endif /* MBEDTLS_PSA_CRYPTO_CLIENT */ -#if defined(MBEDTLS_PSA_CRYPTO_DRIVERS) - "MBEDTLS_PSA_CRYPTO_DRIVERS", -#endif /* MBEDTLS_PSA_CRYPTO_DRIVERS */ -#if defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG) - "MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG", -#endif /* MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG */ -#if defined(MBEDTLS_PSA_CRYPTO_SPM) - "MBEDTLS_PSA_CRYPTO_SPM", -#endif /* MBEDTLS_PSA_CRYPTO_SPM */ -#if defined(MBEDTLS_PSA_INJECT_ENTROPY) - "MBEDTLS_PSA_INJECT_ENTROPY", -#endif /* MBEDTLS_PSA_INJECT_ENTROPY */ -#if defined(MBEDTLS_RSA_NO_CRT) - "MBEDTLS_RSA_NO_CRT", -#endif /* MBEDTLS_RSA_NO_CRT */ -#if defined(MBEDTLS_SELF_TEST) - "MBEDTLS_SELF_TEST", -#endif /* MBEDTLS_SELF_TEST */ -#if defined(MBEDTLS_SHA256_SMALLER) - "MBEDTLS_SHA256_SMALLER", -#endif /* MBEDTLS_SHA256_SMALLER */ -#if defined(MBEDTLS_SHA512_SMALLER) - "MBEDTLS_SHA512_SMALLER", -#endif /* MBEDTLS_SHA512_SMALLER */ -#if defined(MBEDTLS_SHA512_NO_SHA384) - "MBEDTLS_SHA512_NO_SHA384", -#endif /* MBEDTLS_SHA512_NO_SHA384 */ -#if defined(MBEDTLS_SSL_ALL_ALERT_MESSAGES) - "MBEDTLS_SSL_ALL_ALERT_MESSAGES", -#endif /* MBEDTLS_SSL_ALL_ALERT_MESSAGES */ -#if defined(MBEDTLS_SSL_RECORD_CHECKING) - "MBEDTLS_SSL_RECORD_CHECKING", -#endif /* MBEDTLS_SSL_RECORD_CHECKING */ -#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) - "MBEDTLS_SSL_DTLS_CONNECTION_ID", -#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ -#if defined(MBEDTLS_SSL_ASYNC_PRIVATE) - "MBEDTLS_SSL_ASYNC_PRIVATE", -#endif /* MBEDTLS_SSL_ASYNC_PRIVATE */ -#if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION) - "MBEDTLS_SSL_CONTEXT_SERIALIZATION", -#endif /* MBEDTLS_SSL_CONTEXT_SERIALIZATION */ -#if defined(MBEDTLS_SSL_DEBUG_ALL) - "MBEDTLS_SSL_DEBUG_ALL", -#endif /* MBEDTLS_SSL_DEBUG_ALL */ -#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) - "MBEDTLS_SSL_ENCRYPT_THEN_MAC", -#endif /* MBEDTLS_SSL_ENCRYPT_THEN_MAC */ -#if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET) - "MBEDTLS_SSL_EXTENDED_MASTER_SECRET", -#endif /* MBEDTLS_SSL_EXTENDED_MASTER_SECRET */ -#if defined(MBEDTLS_SSL_FALLBACK_SCSV) - "MBEDTLS_SSL_FALLBACK_SCSV", -#endif /* MBEDTLS_SSL_FALLBACK_SCSV */ -#if defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE) - "MBEDTLS_SSL_KEEP_PEER_CERTIFICATE", -#endif /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */ -#if defined(MBEDTLS_SSL_CBC_RECORD_SPLITTING) - "MBEDTLS_SSL_CBC_RECORD_SPLITTING", -#endif /* MBEDTLS_SSL_CBC_RECORD_SPLITTING */ -#if defined(MBEDTLS_SSL_RENEGOTIATION) - "MBEDTLS_SSL_RENEGOTIATION", -#endif /* MBEDTLS_SSL_RENEGOTIATION */ -#if defined(MBEDTLS_SSL_SRV_RESPECT_CLIENT_PREFERENCE) - "MBEDTLS_SSL_SRV_RESPECT_CLIENT_PREFERENCE", -#endif /* MBEDTLS_SSL_SRV_RESPECT_CLIENT_PREFERENCE */ -#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH) - "MBEDTLS_SSL_MAX_FRAGMENT_LENGTH", -#endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */ -#if defined(MBEDTLS_SSL_PROTO_TLS1) - "MBEDTLS_SSL_PROTO_TLS1", -#endif /* MBEDTLS_SSL_PROTO_TLS1 */ -#if defined(MBEDTLS_SSL_PROTO_TLS1_1) - "MBEDTLS_SSL_PROTO_TLS1_1", -#endif /* MBEDTLS_SSL_PROTO_TLS1_1 */ -#if defined(MBEDTLS_SSL_PROTO_TLS1_2) - "MBEDTLS_SSL_PROTO_TLS1_2", -#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ -#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL) - "MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL", -#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */ -#if defined(MBEDTLS_SSL_PROTO_DTLS) - "MBEDTLS_SSL_PROTO_DTLS", -#endif /* MBEDTLS_SSL_PROTO_DTLS */ -#if defined(MBEDTLS_SSL_ALPN) - "MBEDTLS_SSL_ALPN", -#endif /* MBEDTLS_SSL_ALPN */ -#if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY) - "MBEDTLS_SSL_DTLS_ANTI_REPLAY", -#endif /* MBEDTLS_SSL_DTLS_ANTI_REPLAY */ -#if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY) - "MBEDTLS_SSL_DTLS_HELLO_VERIFY", -#endif /* MBEDTLS_SSL_DTLS_HELLO_VERIFY */ -#if defined(MBEDTLS_SSL_DTLS_SRTP) - "MBEDTLS_SSL_DTLS_SRTP", -#endif /* MBEDTLS_SSL_DTLS_SRTP */ -#if defined(MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE) - "MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE", -#endif /* MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE */ -#if defined(MBEDTLS_SSL_DTLS_BADMAC_LIMIT) - "MBEDTLS_SSL_DTLS_BADMAC_LIMIT", -#endif /* MBEDTLS_SSL_DTLS_BADMAC_LIMIT */ -#if defined(MBEDTLS_SSL_SESSION_TICKETS) - "MBEDTLS_SSL_SESSION_TICKETS", -#endif /* MBEDTLS_SSL_SESSION_TICKETS */ -#if defined(MBEDTLS_SSL_EXPORT_KEYS) - "MBEDTLS_SSL_EXPORT_KEYS", -#endif /* MBEDTLS_SSL_EXPORT_KEYS */ -#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) - "MBEDTLS_SSL_SERVER_NAME_INDICATION", -#endif /* MBEDTLS_SSL_SERVER_NAME_INDICATION */ -#if defined(MBEDTLS_SSL_TRUNCATED_HMAC) - "MBEDTLS_SSL_TRUNCATED_HMAC", -#endif /* MBEDTLS_SSL_TRUNCATED_HMAC */ -#if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH) - "MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH", -#endif /* MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH */ -#if defined(MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN) - "MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN", -#endif /* MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN */ -#if defined(MBEDTLS_TEST_CONSTANT_FLOW_VALGRIND) - "MBEDTLS_TEST_CONSTANT_FLOW_VALGRIND", -#endif /* MBEDTLS_TEST_CONSTANT_FLOW_VALGRIND */ -#if defined(MBEDTLS_TEST_HOOKS) - "MBEDTLS_TEST_HOOKS", -#endif /* MBEDTLS_TEST_HOOKS */ -#if defined(MBEDTLS_THREADING_ALT) - "MBEDTLS_THREADING_ALT", -#endif /* MBEDTLS_THREADING_ALT */ -#if defined(MBEDTLS_THREADING_PTHREAD) - "MBEDTLS_THREADING_PTHREAD", -#endif /* MBEDTLS_THREADING_PTHREAD */ -#if defined(MBEDTLS_USE_PSA_CRYPTO) - "MBEDTLS_USE_PSA_CRYPTO", -#endif /* MBEDTLS_USE_PSA_CRYPTO */ -#if defined(MBEDTLS_PSA_CRYPTO_CONFIG) - "MBEDTLS_PSA_CRYPTO_CONFIG", -#endif /* MBEDTLS_PSA_CRYPTO_CONFIG */ -#if defined(MBEDTLS_VERSION_FEATURES) - "MBEDTLS_VERSION_FEATURES", -#endif /* MBEDTLS_VERSION_FEATURES */ -#if defined(MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3) - "MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3", -#endif /* MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3 */ -#if defined(MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION) - "MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION", -#endif /* MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION */ -#if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK) - "MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK", -#endif /* MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK */ -#if defined(MBEDTLS_X509_CHECK_KEY_USAGE) - "MBEDTLS_X509_CHECK_KEY_USAGE", -#endif /* MBEDTLS_X509_CHECK_KEY_USAGE */ -#if defined(MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE) - "MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE", -#endif /* MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE */ -#if defined(MBEDTLS_X509_REMOVE_INFO) - "MBEDTLS_X509_REMOVE_INFO", -#endif /* MBEDTLS_X509_REMOVE_INFO */ -#if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT) - "MBEDTLS_X509_RSASSA_PSS_SUPPORT", -#endif /* MBEDTLS_X509_RSASSA_PSS_SUPPORT */ -#if defined(MBEDTLS_AESNI_C) - "MBEDTLS_AESNI_C", -#endif /* MBEDTLS_AESNI_C */ -#if defined(MBEDTLS_AES_C) - "MBEDTLS_AES_C", -#endif /* MBEDTLS_AES_C */ -#if defined(MBEDTLS_ARC4_C) - "MBEDTLS_ARC4_C", -#endif /* MBEDTLS_ARC4_C */ -#if defined(MBEDTLS_ASN1_PARSE_C) - "MBEDTLS_ASN1_PARSE_C", -#endif /* MBEDTLS_ASN1_PARSE_C */ -#if defined(MBEDTLS_ASN1_WRITE_C) - "MBEDTLS_ASN1_WRITE_C", -#endif /* MBEDTLS_ASN1_WRITE_C */ -#if defined(MBEDTLS_BASE64_C) - "MBEDTLS_BASE64_C", -#endif /* MBEDTLS_BASE64_C */ -#if defined(MBEDTLS_BIGNUM_C) - "MBEDTLS_BIGNUM_C", -#endif /* MBEDTLS_BIGNUM_C */ -#if defined(MBEDTLS_BLOWFISH_C) - "MBEDTLS_BLOWFISH_C", -#endif /* MBEDTLS_BLOWFISH_C */ -#if defined(MBEDTLS_CAMELLIA_C) - "MBEDTLS_CAMELLIA_C", -#endif /* MBEDTLS_CAMELLIA_C */ -#if defined(MBEDTLS_ARIA_C) - "MBEDTLS_ARIA_C", -#endif /* MBEDTLS_ARIA_C */ -#if defined(MBEDTLS_CCM_C) - "MBEDTLS_CCM_C", -#endif /* MBEDTLS_CCM_C */ -#if defined(MBEDTLS_CHACHA20_C) - "MBEDTLS_CHACHA20_C", -#endif /* MBEDTLS_CHACHA20_C */ -#if defined(MBEDTLS_CHACHAPOLY_C) - "MBEDTLS_CHACHAPOLY_C", -#endif /* MBEDTLS_CHACHAPOLY_C */ -#if defined(MBEDTLS_CIPHER_C) - "MBEDTLS_CIPHER_C", -#endif /* MBEDTLS_CIPHER_C */ -#if defined(MBEDTLS_CMAC_C) - "MBEDTLS_CMAC_C", -#endif /* MBEDTLS_CMAC_C */ -#if defined(MBEDTLS_CTR_DRBG_C) - "MBEDTLS_CTR_DRBG_C", -#endif /* MBEDTLS_CTR_DRBG_C */ -#if defined(MBEDTLS_DEBUG_C) - "MBEDTLS_DEBUG_C", -#endif /* MBEDTLS_DEBUG_C */ -#if defined(MBEDTLS_DES_C) - "MBEDTLS_DES_C", -#endif /* MBEDTLS_DES_C */ -#if defined(MBEDTLS_DHM_C) - "MBEDTLS_DHM_C", -#endif /* MBEDTLS_DHM_C */ -#if defined(MBEDTLS_ECDH_C) - "MBEDTLS_ECDH_C", -#endif /* MBEDTLS_ECDH_C */ -#if defined(MBEDTLS_ECDSA_C) - "MBEDTLS_ECDSA_C", -#endif /* MBEDTLS_ECDSA_C */ -#if defined(MBEDTLS_ECJPAKE_C) - "MBEDTLS_ECJPAKE_C", -#endif /* MBEDTLS_ECJPAKE_C */ -#if defined(MBEDTLS_ECP_C) - "MBEDTLS_ECP_C", -#endif /* MBEDTLS_ECP_C */ -#if defined(MBEDTLS_ENTROPY_C) - "MBEDTLS_ENTROPY_C", -#endif /* MBEDTLS_ENTROPY_C */ -#if defined(MBEDTLS_ERROR_C) - "MBEDTLS_ERROR_C", -#endif /* MBEDTLS_ERROR_C */ -#if defined(MBEDTLS_GCM_C) - "MBEDTLS_GCM_C", -#endif /* MBEDTLS_GCM_C */ -#if defined(MBEDTLS_HKDF_C) - "MBEDTLS_HKDF_C", -#endif /* MBEDTLS_HKDF_C */ -#if defined(MBEDTLS_HMAC_DRBG_C) - "MBEDTLS_HMAC_DRBG_C", -#endif /* MBEDTLS_HMAC_DRBG_C */ -#if defined(MBEDTLS_NIST_KW_C) - "MBEDTLS_NIST_KW_C", -#endif /* MBEDTLS_NIST_KW_C */ -#if defined(MBEDTLS_MD_C) - "MBEDTLS_MD_C", -#endif /* MBEDTLS_MD_C */ -#if defined(MBEDTLS_MD2_C) - "MBEDTLS_MD2_C", -#endif /* MBEDTLS_MD2_C */ -#if defined(MBEDTLS_MD4_C) - "MBEDTLS_MD4_C", -#endif /* MBEDTLS_MD4_C */ -#if defined(MBEDTLS_MD5_C) - "MBEDTLS_MD5_C", -#endif /* MBEDTLS_MD5_C */ -#if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C) - "MBEDTLS_MEMORY_BUFFER_ALLOC_C", -#endif /* MBEDTLS_MEMORY_BUFFER_ALLOC_C */ -#if defined(MBEDTLS_NET_C) - "MBEDTLS_NET_C", -#endif /* MBEDTLS_NET_C */ -#if defined(MBEDTLS_OID_C) - "MBEDTLS_OID_C", -#endif /* MBEDTLS_OID_C */ -#if defined(MBEDTLS_PADLOCK_C) - "MBEDTLS_PADLOCK_C", -#endif /* MBEDTLS_PADLOCK_C */ -#if defined(MBEDTLS_PEM_PARSE_C) - "MBEDTLS_PEM_PARSE_C", -#endif /* MBEDTLS_PEM_PARSE_C */ -#if defined(MBEDTLS_PEM_WRITE_C) - "MBEDTLS_PEM_WRITE_C", -#endif /* MBEDTLS_PEM_WRITE_C */ -#if defined(MBEDTLS_PK_C) - "MBEDTLS_PK_C", -#endif /* MBEDTLS_PK_C */ -#if defined(MBEDTLS_PK_PARSE_C) - "MBEDTLS_PK_PARSE_C", -#endif /* MBEDTLS_PK_PARSE_C */ -#if defined(MBEDTLS_PK_WRITE_C) - "MBEDTLS_PK_WRITE_C", -#endif /* MBEDTLS_PK_WRITE_C */ -#if defined(MBEDTLS_PKCS5_C) - "MBEDTLS_PKCS5_C", -#endif /* MBEDTLS_PKCS5_C */ -#if defined(MBEDTLS_PKCS12_C) - "MBEDTLS_PKCS12_C", -#endif /* MBEDTLS_PKCS12_C */ -#if defined(MBEDTLS_PLATFORM_C) - "MBEDTLS_PLATFORM_C", -#endif /* MBEDTLS_PLATFORM_C */ -#if defined(MBEDTLS_POLY1305_C) - "MBEDTLS_POLY1305_C", -#endif /* MBEDTLS_POLY1305_C */ -#if defined(MBEDTLS_PSA_CRYPTO_C) - "MBEDTLS_PSA_CRYPTO_C", -#endif /* MBEDTLS_PSA_CRYPTO_C */ -#if defined(MBEDTLS_PSA_CRYPTO_SE_C) - "MBEDTLS_PSA_CRYPTO_SE_C", -#endif /* MBEDTLS_PSA_CRYPTO_SE_C */ -#if defined(MBEDTLS_PSA_CRYPTO_STORAGE_C) - "MBEDTLS_PSA_CRYPTO_STORAGE_C", -#endif /* MBEDTLS_PSA_CRYPTO_STORAGE_C */ -#if defined(MBEDTLS_PSA_ITS_FILE_C) - "MBEDTLS_PSA_ITS_FILE_C", -#endif /* MBEDTLS_PSA_ITS_FILE_C */ -#if defined(MBEDTLS_RIPEMD160_C) - "MBEDTLS_RIPEMD160_C", -#endif /* MBEDTLS_RIPEMD160_C */ -#if defined(MBEDTLS_RSA_C) - "MBEDTLS_RSA_C", -#endif /* MBEDTLS_RSA_C */ -#if defined(MBEDTLS_SHA1_C) - "MBEDTLS_SHA1_C", -#endif /* MBEDTLS_SHA1_C */ -#if defined(MBEDTLS_SHA256_C) - "MBEDTLS_SHA256_C", -#endif /* MBEDTLS_SHA256_C */ -#if defined(MBEDTLS_SHA512_C) - "MBEDTLS_SHA512_C", -#endif /* MBEDTLS_SHA512_C */ -#if defined(MBEDTLS_SSL_CACHE_C) - "MBEDTLS_SSL_CACHE_C", -#endif /* MBEDTLS_SSL_CACHE_C */ -#if defined(MBEDTLS_SSL_COOKIE_C) - "MBEDTLS_SSL_COOKIE_C", -#endif /* MBEDTLS_SSL_COOKIE_C */ -#if defined(MBEDTLS_SSL_TICKET_C) - "MBEDTLS_SSL_TICKET_C", -#endif /* MBEDTLS_SSL_TICKET_C */ -#if defined(MBEDTLS_SSL_CLI_C) - "MBEDTLS_SSL_CLI_C", -#endif /* MBEDTLS_SSL_CLI_C */ -#if defined(MBEDTLS_SSL_SRV_C) - "MBEDTLS_SSL_SRV_C", -#endif /* MBEDTLS_SSL_SRV_C */ -#if defined(MBEDTLS_SSL_TLS_C) - "MBEDTLS_SSL_TLS_C", -#endif /* MBEDTLS_SSL_TLS_C */ -#if defined(MBEDTLS_THREADING_C) - "MBEDTLS_THREADING_C", -#endif /* MBEDTLS_THREADING_C */ -#if defined(MBEDTLS_TIMING_C) - "MBEDTLS_TIMING_C", -#endif /* MBEDTLS_TIMING_C */ -#if defined(MBEDTLS_VERSION_C) - "MBEDTLS_VERSION_C", -#endif /* MBEDTLS_VERSION_C */ -#if defined(MBEDTLS_X509_USE_C) - "MBEDTLS_X509_USE_C", -#endif /* MBEDTLS_X509_USE_C */ -#if defined(MBEDTLS_X509_CRT_PARSE_C) - "MBEDTLS_X509_CRT_PARSE_C", -#endif /* MBEDTLS_X509_CRT_PARSE_C */ -#if defined(MBEDTLS_X509_CRL_PARSE_C) - "MBEDTLS_X509_CRL_PARSE_C", -#endif /* MBEDTLS_X509_CRL_PARSE_C */ -#if defined(MBEDTLS_X509_CSR_PARSE_C) - "MBEDTLS_X509_CSR_PARSE_C", -#endif /* MBEDTLS_X509_CSR_PARSE_C */ -#if defined(MBEDTLS_X509_CREATE_C) - "MBEDTLS_X509_CREATE_C", -#endif /* MBEDTLS_X509_CREATE_C */ -#if defined(MBEDTLS_X509_CRT_WRITE_C) - "MBEDTLS_X509_CRT_WRITE_C", -#endif /* MBEDTLS_X509_CRT_WRITE_C */ -#if defined(MBEDTLS_X509_CSR_WRITE_C) - "MBEDTLS_X509_CSR_WRITE_C", -#endif /* MBEDTLS_X509_CSR_WRITE_C */ -#if defined(MBEDTLS_XTEA_C) - "MBEDTLS_XTEA_C", -#endif /* MBEDTLS_XTEA_C */ -#endif /* MBEDTLS_VERSION_FEATURES */ - NULL -}; - -int mbedtls_version_check_feature( const char *feature ) -{ - const char * const *idx = features; - - if( *idx == NULL ) - return( -2 ); - - if( feature == NULL ) - return( -1 ); - - while( *idx != NULL ) - { - if( !strcmp( *idx, feature ) ) - return( 0 ); - idx++; - } - return( -1 ); -} - -#endif /* MBEDTLS_VERSION_C */ diff --git a/programs/psa/psa_constant_names_generated.c b/programs/psa/psa_constant_names_generated.c deleted file mode 100644 index 0b256a272d..0000000000 --- a/programs/psa/psa_constant_names_generated.c +++ /dev/null @@ -1,449 +0,0 @@ -/* Automatically generated by generate_psa_constant.py. DO NOT EDIT. */ - -static const char *psa_strerror(psa_status_t status) -{ - switch (status) { - case PSA_ERROR_ALREADY_EXISTS: return "PSA_ERROR_ALREADY_EXISTS"; - case PSA_ERROR_BAD_STATE: return "PSA_ERROR_BAD_STATE"; - case PSA_ERROR_BUFFER_TOO_SMALL: return "PSA_ERROR_BUFFER_TOO_SMALL"; - case PSA_ERROR_COMMUNICATION_FAILURE: return "PSA_ERROR_COMMUNICATION_FAILURE"; - case PSA_ERROR_CORRUPTION_DETECTED: return "PSA_ERROR_CORRUPTION_DETECTED"; - case PSA_ERROR_DATA_CORRUPT: return "PSA_ERROR_DATA_CORRUPT"; - case PSA_ERROR_DATA_INVALID: return "PSA_ERROR_DATA_INVALID"; - case PSA_ERROR_DOES_NOT_EXIST: return "PSA_ERROR_DOES_NOT_EXIST"; - case PSA_ERROR_GENERIC_ERROR: return "PSA_ERROR_GENERIC_ERROR"; - case PSA_ERROR_HARDWARE_FAILURE: return "PSA_ERROR_HARDWARE_FAILURE"; - case PSA_ERROR_INSUFFICIENT_DATA: return "PSA_ERROR_INSUFFICIENT_DATA"; - case PSA_ERROR_INSUFFICIENT_ENTROPY: return "PSA_ERROR_INSUFFICIENT_ENTROPY"; - case PSA_ERROR_INSUFFICIENT_MEMORY: return "PSA_ERROR_INSUFFICIENT_MEMORY"; - case PSA_ERROR_INSUFFICIENT_STORAGE: return "PSA_ERROR_INSUFFICIENT_STORAGE"; - case PSA_ERROR_INVALID_ARGUMENT: return "PSA_ERROR_INVALID_ARGUMENT"; - case PSA_ERROR_INVALID_HANDLE: return "PSA_ERROR_INVALID_HANDLE"; - case PSA_ERROR_INVALID_PADDING: return "PSA_ERROR_INVALID_PADDING"; - case PSA_ERROR_INVALID_SIGNATURE: return "PSA_ERROR_INVALID_SIGNATURE"; - case PSA_ERROR_NOT_PERMITTED: return "PSA_ERROR_NOT_PERMITTED"; - case PSA_ERROR_NOT_SUPPORTED: return "PSA_ERROR_NOT_SUPPORTED"; - case PSA_ERROR_STORAGE_FAILURE: return "PSA_ERROR_STORAGE_FAILURE"; - case PSA_SUCCESS: return "PSA_SUCCESS"; - default: return NULL; - } -} - -static const char *psa_ecc_family_name(psa_ecc_family_t curve) -{ - switch (curve) { - case PSA_ECC_FAMILY_BRAINPOOL_P_R1: return "PSA_ECC_FAMILY_BRAINPOOL_P_R1"; - case PSA_ECC_FAMILY_MONTGOMERY: return "PSA_ECC_FAMILY_MONTGOMERY"; - case PSA_ECC_FAMILY_SECP_K1: return "PSA_ECC_FAMILY_SECP_K1"; - case PSA_ECC_FAMILY_SECP_R1: return "PSA_ECC_FAMILY_SECP_R1"; - case PSA_ECC_FAMILY_SECP_R2: return "PSA_ECC_FAMILY_SECP_R2"; - case PSA_ECC_FAMILY_SECT_K1: return "PSA_ECC_FAMILY_SECT_K1"; - case PSA_ECC_FAMILY_SECT_R1: return "PSA_ECC_FAMILY_SECT_R1"; - case PSA_ECC_FAMILY_SECT_R2: return "PSA_ECC_FAMILY_SECT_R2"; - case PSA_ECC_FAMILY_TWISTED_EDWARDS: return "PSA_ECC_FAMILY_TWISTED_EDWARDS"; - default: return NULL; - } -} - -static const char *psa_dh_family_name(psa_dh_family_t group) -{ - switch (group) { - case PSA_DH_FAMILY_CUSTOM: return "PSA_DH_FAMILY_CUSTOM"; - case PSA_DH_FAMILY_RFC7919: return "PSA_DH_FAMILY_RFC7919"; - default: return NULL; - } -} - -static const char *psa_hash_algorithm_name(psa_algorithm_t hash_alg) -{ - switch (hash_alg) { - case PSA_ALG_ANY_HASH: return "PSA_ALG_ANY_HASH"; - case PSA_ALG_CATEGORY_HASH: return "PSA_ALG_CATEGORY_HASH"; - case PSA_ALG_MD2: return "PSA_ALG_MD2"; - case PSA_ALG_MD4: return "PSA_ALG_MD4"; - case PSA_ALG_MD5: return "PSA_ALG_MD5"; - case PSA_ALG_RIPEMD160: return "PSA_ALG_RIPEMD160"; - case PSA_ALG_SHA3_224: return "PSA_ALG_SHA3_224"; - case PSA_ALG_SHA3_256: return "PSA_ALG_SHA3_256"; - case PSA_ALG_SHA3_384: return "PSA_ALG_SHA3_384"; - case PSA_ALG_SHA3_512: return "PSA_ALG_SHA3_512"; - case PSA_ALG_SHAKE256_512: return "PSA_ALG_SHAKE256_512"; - case PSA_ALG_SHA_1: return "PSA_ALG_SHA_1"; - case PSA_ALG_SHA_224: return "PSA_ALG_SHA_224"; - case PSA_ALG_SHA_256: return "PSA_ALG_SHA_256"; - case PSA_ALG_SHA_384: return "PSA_ALG_SHA_384"; - case PSA_ALG_SHA_512: return "PSA_ALG_SHA_512"; - case PSA_ALG_SHA_512_224: return "PSA_ALG_SHA_512_224"; - case PSA_ALG_SHA_512_256: return "PSA_ALG_SHA_512_256"; - default: return NULL; - } -} - -static const char *psa_ka_algorithm_name(psa_algorithm_t ka_alg) -{ - switch (ka_alg) { - case PSA_ALG_CATEGORY_KEY_AGREEMENT: return "PSA_ALG_CATEGORY_KEY_AGREEMENT"; - case PSA_ALG_ECDH: return "PSA_ALG_ECDH"; - case PSA_ALG_FFDH: return "PSA_ALG_FFDH"; - default: return NULL; - } -} - -static int psa_snprint_key_type(char *buffer, size_t buffer_size, - psa_key_type_t type) -{ - size_t required_size = 0; - switch (type) { - case PSA_KEY_TYPE_AES: append(&buffer, buffer_size, &required_size, "PSA_KEY_TYPE_AES", 16); break; - case PSA_KEY_TYPE_ARC4: append(&buffer, buffer_size, &required_size, "PSA_KEY_TYPE_ARC4", 17); break; - case PSA_KEY_TYPE_CAMELLIA: append(&buffer, buffer_size, &required_size, "PSA_KEY_TYPE_CAMELLIA", 21); break; - case PSA_KEY_TYPE_CATEGORY_FLAG_PAIR: append(&buffer, buffer_size, &required_size, "PSA_KEY_TYPE_CATEGORY_FLAG_PAIR", 31); break; - case PSA_KEY_TYPE_CATEGORY_KEY_PAIR: append(&buffer, buffer_size, &required_size, "PSA_KEY_TYPE_CATEGORY_KEY_PAIR", 30); break; - case PSA_KEY_TYPE_CATEGORY_PUBLIC_KEY: append(&buffer, buffer_size, &required_size, "PSA_KEY_TYPE_CATEGORY_PUBLIC_KEY", 32); break; - case PSA_KEY_TYPE_CATEGORY_RAW: append(&buffer, buffer_size, &required_size, "PSA_KEY_TYPE_CATEGORY_RAW", 25); break; - case PSA_KEY_TYPE_CATEGORY_SYMMETRIC: append(&buffer, buffer_size, &required_size, "PSA_KEY_TYPE_CATEGORY_SYMMETRIC", 31); break; - case PSA_KEY_TYPE_CHACHA20: append(&buffer, buffer_size, &required_size, "PSA_KEY_TYPE_CHACHA20", 21); break; - case PSA_KEY_TYPE_DERIVE: append(&buffer, buffer_size, &required_size, "PSA_KEY_TYPE_DERIVE", 19); break; - case PSA_KEY_TYPE_DES: append(&buffer, buffer_size, &required_size, "PSA_KEY_TYPE_DES", 16); break; - case PSA_KEY_TYPE_DH_KEY_PAIR_BASE: append(&buffer, buffer_size, &required_size, "PSA_KEY_TYPE_DH_KEY_PAIR_BASE", 29); break; - case PSA_KEY_TYPE_DH_PUBLIC_KEY_BASE: append(&buffer, buffer_size, &required_size, "PSA_KEY_TYPE_DH_PUBLIC_KEY_BASE", 31); break; - case PSA_KEY_TYPE_DSA_KEY_PAIR: append(&buffer, buffer_size, &required_size, "PSA_KEY_TYPE_DSA_KEY_PAIR", 25); break; - case PSA_KEY_TYPE_DSA_PUBLIC_KEY: append(&buffer, buffer_size, &required_size, "PSA_KEY_TYPE_DSA_PUBLIC_KEY", 27); break; - case PSA_KEY_TYPE_ECC_KEY_PAIR_BASE: append(&buffer, buffer_size, &required_size, "PSA_KEY_TYPE_ECC_KEY_PAIR_BASE", 30); break; - case PSA_KEY_TYPE_ECC_PUBLIC_KEY_BASE: append(&buffer, buffer_size, &required_size, "PSA_KEY_TYPE_ECC_PUBLIC_KEY_BASE", 32); break; - case PSA_KEY_TYPE_HMAC: append(&buffer, buffer_size, &required_size, "PSA_KEY_TYPE_HMAC", 17); break; - case PSA_KEY_TYPE_NONE: append(&buffer, buffer_size, &required_size, "PSA_KEY_TYPE_NONE", 17); break; - case PSA_KEY_TYPE_PASSWORD: append(&buffer, buffer_size, &required_size, "PSA_KEY_TYPE_PASSWORD", 21); break; - case PSA_KEY_TYPE_PASSWORD_HASH: append(&buffer, buffer_size, &required_size, "PSA_KEY_TYPE_PASSWORD_HASH", 26); break; - case PSA_KEY_TYPE_PEPPER: append(&buffer, buffer_size, &required_size, "PSA_KEY_TYPE_PEPPER", 19); break; - case PSA_KEY_TYPE_RAW_DATA: append(&buffer, buffer_size, &required_size, "PSA_KEY_TYPE_RAW_DATA", 21); break; - case PSA_KEY_TYPE_RSA_KEY_PAIR: append(&buffer, buffer_size, &required_size, "PSA_KEY_TYPE_RSA_KEY_PAIR", 25); break; - case PSA_KEY_TYPE_RSA_PUBLIC_KEY: append(&buffer, buffer_size, &required_size, "PSA_KEY_TYPE_RSA_PUBLIC_KEY", 27); break; - default: - if (PSA_KEY_TYPE_IS_ECC_KEY_PAIR(type)) { - append_with_curve(&buffer, buffer_size, &required_size, - "PSA_KEY_TYPE_ECC_KEY_PAIR", 25, - PSA_KEY_TYPE_ECC_GET_FAMILY(type)); - } else if (PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY(type)) { - append_with_curve(&buffer, buffer_size, &required_size, - "PSA_KEY_TYPE_ECC_PUBLIC_KEY", 27, - PSA_KEY_TYPE_ECC_GET_FAMILY(type)); - } else if (PSA_KEY_TYPE_IS_DH_KEY_PAIR(type)) { - append_with_group(&buffer, buffer_size, &required_size, - "PSA_KEY_TYPE_DH_KEY_PAIR", 24, - PSA_KEY_TYPE_DH_GET_FAMILY(type)); - } else if (PSA_KEY_TYPE_IS_DH_PUBLIC_KEY(type)) { - append_with_group(&buffer, buffer_size, &required_size, - "PSA_KEY_TYPE_DH_PUBLIC_KEY", 26, - PSA_KEY_TYPE_DH_GET_FAMILY(type)); - } else { - return snprintf(buffer, buffer_size, - "0x%04x", (unsigned) type); - } - break; - } - buffer[0] = 0; - return (int) required_size; -} - -#define NO_LENGTH_MODIFIER 0xfffffffflu -static int psa_snprint_algorithm(char *buffer, size_t buffer_size, - psa_algorithm_t alg) -{ - size_t required_size = 0; - psa_algorithm_t core_alg = alg; - unsigned long length_modifier = NO_LENGTH_MODIFIER; - if (PSA_ALG_IS_MAC(alg)) { - core_alg = PSA_ALG_TRUNCATED_MAC(alg, 0); - if (alg & PSA_ALG_MAC_AT_LEAST_THIS_LENGTH_FLAG) { - append(&buffer, buffer_size, &required_size, - "PSA_ALG_AT_LEAST_THIS_LENGTH_MAC(", 33); - length_modifier = PSA_MAC_TRUNCATED_LENGTH(alg); - } else if (core_alg != alg) { - append(&buffer, buffer_size, &required_size, - "PSA_ALG_TRUNCATED_MAC(", 22); - length_modifier = PSA_MAC_TRUNCATED_LENGTH(alg); - } - } else if (PSA_ALG_IS_AEAD(alg)) { - core_alg = PSA_ALG_AEAD_WITH_DEFAULT_LENGTH_TAG(alg); - if (core_alg == 0) { - /* For unknown AEAD algorithms, there is no "default tag length". */ - core_alg = alg; - } else if (alg & PSA_ALG_AEAD_AT_LEAST_THIS_LENGTH_FLAG) { - append(&buffer, buffer_size, &required_size, - "PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG(", 43); - length_modifier = PSA_ALG_AEAD_GET_TAG_LENGTH(alg); - } else if (core_alg != alg) { - append(&buffer, buffer_size, &required_size, - "PSA_ALG_AEAD_WITH_SHORTENED_TAG(", 32); - length_modifier = PSA_ALG_AEAD_GET_TAG_LENGTH(alg); - } - } else if (PSA_ALG_IS_KEY_AGREEMENT(alg) && - !PSA_ALG_IS_RAW_KEY_AGREEMENT(alg)) { - core_alg = PSA_ALG_KEY_AGREEMENT_GET_KDF(alg); - append(&buffer, buffer_size, &required_size, - "PSA_ALG_KEY_AGREEMENT(", 22); - append_with_alg(&buffer, buffer_size, &required_size, - psa_ka_algorithm_name, - PSA_ALG_KEY_AGREEMENT_GET_BASE(alg)); - append(&buffer, buffer_size, &required_size, ", ", 2); - } - switch (core_alg) { - case PSA_ALG_ANY_HASH: append(&buffer, buffer_size, &required_size, "PSA_ALG_ANY_HASH", 16); break; - case PSA_ALG_CATEGORY_AEAD: append(&buffer, buffer_size, &required_size, "PSA_ALG_CATEGORY_AEAD", 21); break; - case PSA_ALG_CATEGORY_ASYMMETRIC_ENCRYPTION: append(&buffer, buffer_size, &required_size, "PSA_ALG_CATEGORY_ASYMMETRIC_ENCRYPTION", 38); break; - case PSA_ALG_CATEGORY_CIPHER: append(&buffer, buffer_size, &required_size, "PSA_ALG_CATEGORY_CIPHER", 23); break; - case PSA_ALG_CATEGORY_HASH: append(&buffer, buffer_size, &required_size, "PSA_ALG_CATEGORY_HASH", 21); break; - case PSA_ALG_CATEGORY_KEY_AGREEMENT: append(&buffer, buffer_size, &required_size, "PSA_ALG_CATEGORY_KEY_AGREEMENT", 30); break; - case PSA_ALG_CATEGORY_KEY_DERIVATION: append(&buffer, buffer_size, &required_size, "PSA_ALG_CATEGORY_KEY_DERIVATION", 31); break; - case PSA_ALG_CATEGORY_MAC: append(&buffer, buffer_size, &required_size, "PSA_ALG_CATEGORY_MAC", 20); break; - case PSA_ALG_CATEGORY_SIGN: append(&buffer, buffer_size, &required_size, "PSA_ALG_CATEGORY_SIGN", 21); break; - case PSA_ALG_CBC_MAC: append(&buffer, buffer_size, &required_size, "PSA_ALG_CBC_MAC", 15); break; - case PSA_ALG_CBC_NO_PADDING: append(&buffer, buffer_size, &required_size, "PSA_ALG_CBC_NO_PADDING", 22); break; - case PSA_ALG_CBC_PKCS7: append(&buffer, buffer_size, &required_size, "PSA_ALG_CBC_PKCS7", 17); break; - case PSA_ALG_CCM: append(&buffer, buffer_size, &required_size, "PSA_ALG_CCM", 11); break; - case PSA_ALG_CFB: append(&buffer, buffer_size, &required_size, "PSA_ALG_CFB", 11); break; - case PSA_ALG_CHACHA20_POLY1305: append(&buffer, buffer_size, &required_size, "PSA_ALG_CHACHA20_POLY1305", 25); break; - case PSA_ALG_CIPHER_MAC_BASE: append(&buffer, buffer_size, &required_size, "PSA_ALG_CIPHER_MAC_BASE", 23); break; - case PSA_ALG_CMAC: append(&buffer, buffer_size, &required_size, "PSA_ALG_CMAC", 12); break; - case PSA_ALG_CTR: append(&buffer, buffer_size, &required_size, "PSA_ALG_CTR", 11); break; - case PSA_ALG_DETERMINISTIC_DSA_BASE: append(&buffer, buffer_size, &required_size, "PSA_ALG_DETERMINISTIC_DSA_BASE", 30); break; - case PSA_ALG_DETERMINISTIC_ECDSA_BASE: append(&buffer, buffer_size, &required_size, "PSA_ALG_DETERMINISTIC_ECDSA_BASE", 32); break; - case PSA_ALG_DSA_BASE: append(&buffer, buffer_size, &required_size, "PSA_ALG_DSA_BASE", 16); break; - case PSA_ALG_ECB_NO_PADDING: append(&buffer, buffer_size, &required_size, "PSA_ALG_ECB_NO_PADDING", 22); break; - case PSA_ALG_ECDH: append(&buffer, buffer_size, &required_size, "PSA_ALG_ECDH", 12); break; - case PSA_ALG_ECDSA_ANY: append(&buffer, buffer_size, &required_size, "PSA_ALG_ECDSA_ANY", 17); break; - case PSA_ALG_ED25519PH: append(&buffer, buffer_size, &required_size, "PSA_ALG_ED25519PH", 17); break; - case PSA_ALG_ED448PH: append(&buffer, buffer_size, &required_size, "PSA_ALG_ED448PH", 15); break; - case PSA_ALG_FFDH: append(&buffer, buffer_size, &required_size, "PSA_ALG_FFDH", 12); break; - case PSA_ALG_GCM: append(&buffer, buffer_size, &required_size, "PSA_ALG_GCM", 11); break; - case PSA_ALG_HASH_EDDSA_BASE: append(&buffer, buffer_size, &required_size, "PSA_ALG_HASH_EDDSA_BASE", 23); break; - case PSA_ALG_HKDF_BASE: append(&buffer, buffer_size, &required_size, "PSA_ALG_HKDF_BASE", 17); break; - case PSA_ALG_HMAC_BASE: append(&buffer, buffer_size, &required_size, "PSA_ALG_HMAC_BASE", 17); break; - case PSA_ALG_MD2: append(&buffer, buffer_size, &required_size, "PSA_ALG_MD2", 11); break; - case PSA_ALG_MD4: append(&buffer, buffer_size, &required_size, "PSA_ALG_MD4", 11); break; - case PSA_ALG_MD5: append(&buffer, buffer_size, &required_size, "PSA_ALG_MD5", 11); break; - case PSA_ALG_OFB: append(&buffer, buffer_size, &required_size, "PSA_ALG_OFB", 11); break; - case PSA_ALG_PBKDF2_AES_CMAC_PRF_128: append(&buffer, buffer_size, &required_size, "PSA_ALG_PBKDF2_AES_CMAC_PRF_128", 31); break; - case PSA_ALG_PBKDF2_HMAC_BASE: append(&buffer, buffer_size, &required_size, "PSA_ALG_PBKDF2_HMAC_BASE", 24); break; - case PSA_ALG_PURE_EDDSA: append(&buffer, buffer_size, &required_size, "PSA_ALG_PURE_EDDSA", 18); break; - case PSA_ALG_RIPEMD160: append(&buffer, buffer_size, &required_size, "PSA_ALG_RIPEMD160", 17); break; - case PSA_ALG_RSA_OAEP_BASE: append(&buffer, buffer_size, &required_size, "PSA_ALG_RSA_OAEP_BASE", 21); break; - case PSA_ALG_RSA_PKCS1V15_CRYPT: append(&buffer, buffer_size, &required_size, "PSA_ALG_RSA_PKCS1V15_CRYPT", 26); break; - case PSA_ALG_RSA_PKCS1V15_SIGN_RAW: append(&buffer, buffer_size, &required_size, "PSA_ALG_RSA_PKCS1V15_SIGN_RAW", 29); break; - case PSA_ALG_RSA_PSS_BASE: append(&buffer, buffer_size, &required_size, "PSA_ALG_RSA_PSS_BASE", 20); break; - case PSA_ALG_SHA3_224: append(&buffer, buffer_size, &required_size, "PSA_ALG_SHA3_224", 16); break; - case PSA_ALG_SHA3_256: append(&buffer, buffer_size, &required_size, "PSA_ALG_SHA3_256", 16); break; - case PSA_ALG_SHA3_384: append(&buffer, buffer_size, &required_size, "PSA_ALG_SHA3_384", 16); break; - case PSA_ALG_SHA3_512: append(&buffer, buffer_size, &required_size, "PSA_ALG_SHA3_512", 16); break; - case PSA_ALG_SHAKE256_512: append(&buffer, buffer_size, &required_size, "PSA_ALG_SHAKE256_512", 20); break; - case PSA_ALG_SHA_1: append(&buffer, buffer_size, &required_size, "PSA_ALG_SHA_1", 13); break; - case PSA_ALG_SHA_224: append(&buffer, buffer_size, &required_size, "PSA_ALG_SHA_224", 15); break; - case PSA_ALG_SHA_256: append(&buffer, buffer_size, &required_size, "PSA_ALG_SHA_256", 15); break; - case PSA_ALG_SHA_384: append(&buffer, buffer_size, &required_size, "PSA_ALG_SHA_384", 15); break; - case PSA_ALG_SHA_512: append(&buffer, buffer_size, &required_size, "PSA_ALG_SHA_512", 15); break; - case PSA_ALG_SHA_512_224: append(&buffer, buffer_size, &required_size, "PSA_ALG_SHA_512_224", 19); break; - case PSA_ALG_SHA_512_256: append(&buffer, buffer_size, &required_size, "PSA_ALG_SHA_512_256", 19); break; - case PSA_ALG_STREAM_CIPHER: append(&buffer, buffer_size, &required_size, "PSA_ALG_STREAM_CIPHER", 21); break; - case PSA_ALG_TLS12_PRF_BASE: append(&buffer, buffer_size, &required_size, "PSA_ALG_TLS12_PRF_BASE", 22); break; - case PSA_ALG_TLS12_PSK_TO_MS_BASE: append(&buffer, buffer_size, &required_size, "PSA_ALG_TLS12_PSK_TO_MS_BASE", 28); break; - case PSA_ALG_XTS: append(&buffer, buffer_size, &required_size, "PSA_ALG_XTS", 11); break; - default: - if (PSA_ALG_IS_DETERMINISTIC_DSA(core_alg)) { - append(&buffer, buffer_size, &required_size, - "PSA_ALG_DETERMINISTIC_DSA(", 25 + 1); - append_with_alg(&buffer, buffer_size, &required_size, - psa_hash_algorithm_name, - PSA_ALG_GET_HASH(core_alg)); - append(&buffer, buffer_size, &required_size, ")", 1); - } else if (PSA_ALG_IS_DETERMINISTIC_ECDSA(core_alg)) { - append(&buffer, buffer_size, &required_size, - "PSA_ALG_DETERMINISTIC_ECDSA(", 27 + 1); - append_with_alg(&buffer, buffer_size, &required_size, - psa_hash_algorithm_name, - PSA_ALG_GET_HASH(core_alg)); - append(&buffer, buffer_size, &required_size, ")", 1); - } else if (PSA_ALG_IS_RANDOMIZED_DSA(core_alg)) { - append(&buffer, buffer_size, &required_size, - "PSA_ALG_DSA(", 11 + 1); - append_with_alg(&buffer, buffer_size, &required_size, - psa_hash_algorithm_name, - PSA_ALG_GET_HASH(core_alg)); - append(&buffer, buffer_size, &required_size, ")", 1); - } else if (PSA_ALG_IS_RANDOMIZED_ECDSA(core_alg)) { - append(&buffer, buffer_size, &required_size, - "PSA_ALG_ECDSA(", 13 + 1); - append_with_alg(&buffer, buffer_size, &required_size, - psa_hash_algorithm_name, - PSA_ALG_GET_HASH(core_alg)); - append(&buffer, buffer_size, &required_size, ")", 1); - } else if (PSA_ALG_IS_HKDF(core_alg)) { - append(&buffer, buffer_size, &required_size, - "PSA_ALG_HKDF(", 12 + 1); - append_with_alg(&buffer, buffer_size, &required_size, - psa_hash_algorithm_name, - PSA_ALG_GET_HASH(core_alg)); - append(&buffer, buffer_size, &required_size, ")", 1); - } else if (PSA_ALG_IS_HMAC(core_alg)) { - append(&buffer, buffer_size, &required_size, - "PSA_ALG_HMAC(", 12 + 1); - append_with_alg(&buffer, buffer_size, &required_size, - psa_hash_algorithm_name, - PSA_ALG_GET_HASH(core_alg)); - append(&buffer, buffer_size, &required_size, ")", 1); - } else if (PSA_ALG_IS_PBKDF2_HMAC(core_alg)) { - append(&buffer, buffer_size, &required_size, - "PSA_ALG_PBKDF2_HMAC(", 19 + 1); - append_with_alg(&buffer, buffer_size, &required_size, - psa_hash_algorithm_name, - PSA_ALG_GET_HASH(core_alg)); - append(&buffer, buffer_size, &required_size, ")", 1); - } else if (PSA_ALG_IS_RSA_OAEP(core_alg)) { - append(&buffer, buffer_size, &required_size, - "PSA_ALG_RSA_OAEP(", 16 + 1); - append_with_alg(&buffer, buffer_size, &required_size, - psa_hash_algorithm_name, - PSA_ALG_GET_HASH(core_alg)); - append(&buffer, buffer_size, &required_size, ")", 1); - } else if (PSA_ALG_IS_RSA_PKCS1V15_SIGN(core_alg)) { - append(&buffer, buffer_size, &required_size, - "PSA_ALG_RSA_PKCS1V15_SIGN(", 25 + 1); - append_with_alg(&buffer, buffer_size, &required_size, - psa_hash_algorithm_name, - PSA_ALG_GET_HASH(core_alg)); - append(&buffer, buffer_size, &required_size, ")", 1); - } else if (PSA_ALG_IS_RSA_PSS(core_alg)) { - append(&buffer, buffer_size, &required_size, - "PSA_ALG_RSA_PSS(", 15 + 1); - append_with_alg(&buffer, buffer_size, &required_size, - psa_hash_algorithm_name, - PSA_ALG_GET_HASH(core_alg)); - append(&buffer, buffer_size, &required_size, ")", 1); - } else if (PSA_ALG_IS_TLS12_PRF(core_alg)) { - append(&buffer, buffer_size, &required_size, - "PSA_ALG_TLS12_PRF(", 17 + 1); - append_with_alg(&buffer, buffer_size, &required_size, - psa_hash_algorithm_name, - PSA_ALG_GET_HASH(core_alg)); - append(&buffer, buffer_size, &required_size, ")", 1); - } else if (PSA_ALG_IS_TLS12_PSK_TO_MS(core_alg)) { - append(&buffer, buffer_size, &required_size, - "PSA_ALG_TLS12_PSK_TO_MS(", 23 + 1); - append_with_alg(&buffer, buffer_size, &required_size, - psa_hash_algorithm_name, - PSA_ALG_GET_HASH(core_alg)); - append(&buffer, buffer_size, &required_size, ")", 1); - } else { - append_integer(&buffer, buffer_size, &required_size, - "0x%08lx", (unsigned long) core_alg); - } - break; - } - if (core_alg != alg) { - if (length_modifier != NO_LENGTH_MODIFIER) { - append(&buffer, buffer_size, &required_size, ", ", 2); - append_integer(&buffer, buffer_size, &required_size, - "%lu", length_modifier); - } - append(&buffer, buffer_size, &required_size, ")", 1); - } - buffer[0] = 0; - return (int) required_size; -} - -static int psa_snprint_key_usage(char *buffer, size_t buffer_size, - psa_key_usage_t usage) -{ - size_t required_size = 0; - if (usage == 0) { - if (buffer_size > 1) { - buffer[0] = '0'; - buffer[1] = 0; - } else if (buffer_size == 1) { - buffer[0] = 0; - } - return 1; - } - if (usage & PSA_KEY_USAGE_COPY) { - if (required_size != 0) { - append(&buffer, buffer_size, &required_size, " | ", 3); - } - append(&buffer, buffer_size, &required_size, "PSA_KEY_USAGE_COPY", 18); - usage ^= PSA_KEY_USAGE_COPY; - } - if (usage & PSA_KEY_USAGE_DECRYPT) { - if (required_size != 0) { - append(&buffer, buffer_size, &required_size, " | ", 3); - } - append(&buffer, buffer_size, &required_size, "PSA_KEY_USAGE_DECRYPT", 21); - usage ^= PSA_KEY_USAGE_DECRYPT; - } - if (usage & PSA_KEY_USAGE_DERIVE) { - if (required_size != 0) { - append(&buffer, buffer_size, &required_size, " | ", 3); - } - append(&buffer, buffer_size, &required_size, "PSA_KEY_USAGE_DERIVE", 20); - usage ^= PSA_KEY_USAGE_DERIVE; - } - if (usage & PSA_KEY_USAGE_ENCRYPT) { - if (required_size != 0) { - append(&buffer, buffer_size, &required_size, " | ", 3); - } - append(&buffer, buffer_size, &required_size, "PSA_KEY_USAGE_ENCRYPT", 21); - usage ^= PSA_KEY_USAGE_ENCRYPT; - } - if (usage & PSA_KEY_USAGE_EXPORT) { - if (required_size != 0) { - append(&buffer, buffer_size, &required_size, " | ", 3); - } - append(&buffer, buffer_size, &required_size, "PSA_KEY_USAGE_EXPORT", 20); - usage ^= PSA_KEY_USAGE_EXPORT; - } - if (usage & PSA_KEY_USAGE_SIGN_HASH) { - if (required_size != 0) { - append(&buffer, buffer_size, &required_size, " | ", 3); - } - append(&buffer, buffer_size, &required_size, "PSA_KEY_USAGE_SIGN_HASH", 23); - usage ^= PSA_KEY_USAGE_SIGN_HASH; - } - if (usage & PSA_KEY_USAGE_SIGN_MESSAGE) { - if (required_size != 0) { - append(&buffer, buffer_size, &required_size, " | ", 3); - } - append(&buffer, buffer_size, &required_size, "PSA_KEY_USAGE_SIGN_MESSAGE", 26); - usage ^= PSA_KEY_USAGE_SIGN_MESSAGE; - } - if (usage & PSA_KEY_USAGE_VERIFY_DERIVATION) { - if (required_size != 0) { - append(&buffer, buffer_size, &required_size, " | ", 3); - } - append(&buffer, buffer_size, &required_size, "PSA_KEY_USAGE_VERIFY_DERIVATION", 31); - usage ^= PSA_KEY_USAGE_VERIFY_DERIVATION; - } - if (usage & PSA_KEY_USAGE_VERIFY_HASH) { - if (required_size != 0) { - append(&buffer, buffer_size, &required_size, " | ", 3); - } - append(&buffer, buffer_size, &required_size, "PSA_KEY_USAGE_VERIFY_HASH", 25); - usage ^= PSA_KEY_USAGE_VERIFY_HASH; - } - if (usage & PSA_KEY_USAGE_VERIFY_MESSAGE) { - if (required_size != 0) { - append(&buffer, buffer_size, &required_size, " | ", 3); - } - append(&buffer, buffer_size, &required_size, "PSA_KEY_USAGE_VERIFY_MESSAGE", 28); - usage ^= PSA_KEY_USAGE_VERIFY_MESSAGE; - } - if (usage != 0) { - if (required_size != 0) { - append(&buffer, buffer_size, &required_size, " | ", 3); - } - append_integer(&buffer, buffer_size, &required_size, - "0x%08lx", (unsigned long) usage); - } else { - buffer[0] = 0; - } - return (int) required_size; -} - -/* End of automatically generated file. */ diff --git a/programs/test/query_config.c b/programs/test/query_config.c deleted file mode 100644 index c6c4d1f04f..0000000000 --- a/programs/test/query_config.c +++ /dev/null @@ -1,2724 +0,0 @@ -/* - * Query Mbed TLS compile time configurations from config.h - * - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#if !defined(MBEDTLS_CONFIG_FILE) -#include "mbedtls/config.h" -#else -#include MBEDTLS_CONFIG_FILE -#endif - -#include "query_config.h" - -#if defined(MBEDTLS_PLATFORM_C) -#include "mbedtls/platform.h" -#else -#include -#define mbedtls_printf printf -#endif /* MBEDTLS_PLATFORM_C */ - -/* - * Include all the headers with public APIs in case they define a macro to its - * default value when that configuration is not set in the config.h. - */ -#include "mbedtls/aes.h" -#include "mbedtls/arc4.h" -#include "mbedtls/aria.h" -#include "mbedtls/asn1.h" -#include "mbedtls/asn1write.h" -#include "mbedtls/base64.h" -#include "mbedtls/bignum.h" -#include "mbedtls/blowfish.h" -#include "mbedtls/camellia.h" -#include "mbedtls/ccm.h" -#include "mbedtls/chacha20.h" -#include "mbedtls/chachapoly.h" -#include "mbedtls/cipher.h" -#include "mbedtls/cmac.h" -#include "mbedtls/ctr_drbg.h" -#include "mbedtls/debug.h" -#include "mbedtls/des.h" -#include "mbedtls/dhm.h" -#include "mbedtls/ecdh.h" -#include "mbedtls/ecdsa.h" -#include "mbedtls/ecjpake.h" -#include "mbedtls/ecp.h" -#include "mbedtls/entropy.h" -#include "mbedtls/error.h" -#include "mbedtls/gcm.h" -#include "mbedtls/hkdf.h" -#include "mbedtls/hmac_drbg.h" -#include "mbedtls/md.h" -#include "mbedtls/md2.h" -#include "mbedtls/md4.h" -#include "mbedtls/md5.h" -#include "mbedtls/memory_buffer_alloc.h" -#include "mbedtls/net_sockets.h" -#include "mbedtls/nist_kw.h" -#include "mbedtls/oid.h" -#include "mbedtls/pem.h" -#include "mbedtls/pk.h" -#include "mbedtls/pkcs12.h" -#include "mbedtls/pkcs5.h" -#include "mbedtls/platform_time.h" -#include "mbedtls/platform_util.h" -#include "mbedtls/poly1305.h" -#include "mbedtls/ripemd160.h" -#include "mbedtls/rsa.h" -#include "mbedtls/sha1.h" -#include "mbedtls/sha256.h" -#include "mbedtls/sha512.h" -#include "mbedtls/ssl.h" -#include "mbedtls/ssl_cache.h" -#include "mbedtls/ssl_ciphersuites.h" -#include "mbedtls/ssl_cookie.h" -#include "mbedtls/ssl_ticket.h" -#include "mbedtls/threading.h" -#include "mbedtls/timing.h" -#include "mbedtls/version.h" -#include "mbedtls/x509.h" -#include "mbedtls/x509_crl.h" -#include "mbedtls/x509_crt.h" -#include "mbedtls/x509_csr.h" -#include "mbedtls/xtea.h" - -#include - -/* - * Helper macros to convert a macro or its expansion into a string - * WARNING: This does not work for expanding function-like macros. However, - * Mbed TLS does not currently have configuration options used in this fashion. - */ -#define MACRO_EXPANSION_TO_STR(macro) MACRO_NAME_TO_STR(macro) -#define MACRO_NAME_TO_STR(macro) \ - mbedtls_printf( "%s", strlen( #macro "" ) > 0 ? #macro "\n" : "" ) - -#if defined(_MSC_VER) -/* - * Visual Studio throws the warning 4003 because many Mbed TLS feature macros - * are defined empty. This means that from the preprocessor's point of view - * the macro MBEDTLS_EXPANSION_TO_STR is being invoked without arguments as - * some macros expand to nothing. We suppress that specific warning to get a - * clean build and to ensure that tests treating warnings as errors do not - * fail. - */ -#pragma warning(push) -#pragma warning(disable:4003) -#endif /* _MSC_VER */ - -int query_config( const char *config ) -{ -#if defined(MBEDTLS_HAVE_ASM) - if( strcmp( "MBEDTLS_HAVE_ASM", config ) == 0 ) - { - MACRO_EXPANSION_TO_STR( MBEDTLS_HAVE_ASM ); - return( 0 ); - } -#endif /* MBEDTLS_HAVE_ASM */ - -#if defined(MBEDTLS_NO_UDBL_DIVISION) - if( strcmp( "MBEDTLS_NO_UDBL_DIVISION", config ) == 0 ) - { - MACRO_EXPANSION_TO_STR( MBEDTLS_NO_UDBL_DIVISION ); - return( 0 ); - } -#endif /* MBEDTLS_NO_UDBL_DIVISION */ - -#if defined(MBEDTLS_NO_64BIT_MULTIPLICATION) - if( strcmp( "MBEDTLS_NO_64BIT_MULTIPLICATION", config ) == 0 ) - { - MACRO_EXPANSION_TO_STR( MBEDTLS_NO_64BIT_MULTIPLICATION ); - return( 0 ); - } -#endif /* MBEDTLS_NO_64BIT_MULTIPLICATION */ - -#if defined(MBEDTLS_HAVE_SSE2) - if( strcmp( "MBEDTLS_HAVE_SSE2", config ) == 0 ) - { - MACRO_EXPANSION_TO_STR( MBEDTLS_HAVE_SSE2 ); - return( 0 ); - } -#endif /* MBEDTLS_HAVE_SSE2 */ - -#if defined(MBEDTLS_HAVE_TIME) - if( strcmp( "MBEDTLS_HAVE_TIME", config ) == 0 ) - { - MACRO_EXPANSION_TO_STR( MBEDTLS_HAVE_TIME ); - return( 0 ); - } -#endif /* MBEDTLS_HAVE_TIME */ - -#if defined(MBEDTLS_HAVE_TIME_DATE) - if( strcmp( "MBEDTLS_HAVE_TIME_DATE", config ) == 0 ) - { - MACRO_EXPANSION_TO_STR( MBEDTLS_HAVE_TIME_DATE ); - return( 0 ); - } -#endif /* MBEDTLS_HAVE_TIME_DATE */ - -#if defined(MBEDTLS_PLATFORM_MEMORY) - if( strcmp( "MBEDTLS_PLATFORM_MEMORY", config ) == 0 ) - { - MACRO_EXPANSION_TO_STR( MBEDTLS_PLATFORM_MEMORY ); - return( 0 ); - } -#endif /* MBEDTLS_PLATFORM_MEMORY */ - -#if defined(MBEDTLS_PLATFORM_NO_STD_FUNCTIONS) - if( strcmp( "MBEDTLS_PLATFORM_NO_STD_FUNCTIONS", config ) == 0 ) - { - MACRO_EXPANSION_TO_STR( MBEDTLS_PLATFORM_NO_STD_FUNCTIONS ); - return( 0 ); - } -#endif /* MBEDTLS_PLATFORM_NO_STD_FUNCTIONS */ - -#if defined(MBEDTLS_PLATFORM_EXIT_ALT) - if( strcmp( "MBEDTLS_PLATFORM_EXIT_ALT", config ) == 0 ) - { - MACRO_EXPANSION_TO_STR( MBEDTLS_PLATFORM_EXIT_ALT ); - return( 0 ); - } -#endif /* MBEDTLS_PLATFORM_EXIT_ALT */ - -#if defined(MBEDTLS_PLATFORM_TIME_ALT) - if( strcmp( "MBEDTLS_PLATFORM_TIME_ALT", config ) == 0 ) - { - MACRO_EXPANSION_TO_STR( MBEDTLS_PLATFORM_TIME_ALT ); - return( 0 ); - } -#endif /* MBEDTLS_PLATFORM_TIME_ALT */ - -#if defined(MBEDTLS_PLATFORM_FPRINTF_ALT) - if( strcmp( "MBEDTLS_PLATFORM_FPRINTF_ALT", config ) == 0 ) - { - MACRO_EXPANSION_TO_STR( MBEDTLS_PLATFORM_FPRINTF_ALT ); - return( 0 ); - } -#endif /* MBEDTLS_PLATFORM_FPRINTF_ALT */ - -#if defined(MBEDTLS_PLATFORM_PRINTF_ALT) - if( strcmp( "MBEDTLS_PLATFORM_PRINTF_ALT", config ) == 0 ) - { - MACRO_EXPANSION_TO_STR( MBEDTLS_PLATFORM_PRINTF_ALT ); - return( 0 ); - } -#endif /* MBEDTLS_PLATFORM_PRINTF_ALT */ - -#if defined(MBEDTLS_PLATFORM_SNPRINTF_ALT) - if( strcmp( "MBEDTLS_PLATFORM_SNPRINTF_ALT", config ) == 0 ) - { - MACRO_EXPANSION_TO_STR( MBEDTLS_PLATFORM_SNPRINTF_ALT ); - return( 0 ); - } -#endif /* MBEDTLS_PLATFORM_SNPRINTF_ALT */ - -#if defined(MBEDTLS_PLATFORM_VSNPRINTF_ALT) - if( strcmp( "MBEDTLS_PLATFORM_VSNPRINTF_ALT", config ) == 0 ) - { - MACRO_EXPANSION_TO_STR( MBEDTLS_PLATFORM_VSNPRINTF_ALT ); - return( 0 ); - } -#endif /* MBEDTLS_PLATFORM_VSNPRINTF_ALT */ - -#if defined(MBEDTLS_PLATFORM_NV_SEED_ALT) - if( strcmp( "MBEDTLS_PLATFORM_NV_SEED_ALT", config ) == 0 ) - { - MACRO_EXPANSION_TO_STR( MBEDTLS_PLATFORM_NV_SEED_ALT ); - return( 0 ); - } -#endif /* MBEDTLS_PLATFORM_NV_SEED_ALT */ - -#if defined(MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT) - if( strcmp( "MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT", config ) == 0 ) - { - MACRO_EXPANSION_TO_STR( MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT ); - return( 0 ); - } -#endif /* MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT */ - -#if defined(MBEDTLS_DEPRECATED_WARNING) - if( strcmp( "MBEDTLS_DEPRECATED_WARNING", config ) == 0 ) - { - MACRO_EXPANSION_TO_STR( MBEDTLS_DEPRECATED_WARNING ); - return( 0 ); - } -#endif /* MBEDTLS_DEPRECATED_WARNING */ - -#if defined(MBEDTLS_DEPRECATED_REMOVED) - if( strcmp( "MBEDTLS_DEPRECATED_REMOVED", config ) == 0 ) - { - MACRO_EXPANSION_TO_STR( MBEDTLS_DEPRECATED_REMOVED ); - return( 0 ); - } -#endif /* MBEDTLS_DEPRECATED_REMOVED */ - -#if defined(MBEDTLS_CHECK_PARAMS) - if( strcmp( "MBEDTLS_CHECK_PARAMS", config ) == 0 ) - { - MACRO_EXPANSION_TO_STR( MBEDTLS_CHECK_PARAMS ); - return( 0 ); - } -#endif /* MBEDTLS_CHECK_PARAMS */ - -#if defined(MBEDTLS_CHECK_PARAMS_ASSERT) - if( strcmp( "MBEDTLS_CHECK_PARAMS_ASSERT", config ) == 0 ) - { - MACRO_EXPANSION_TO_STR( MBEDTLS_CHECK_PARAMS_ASSERT ); - return( 0 ); - } -#endif /* MBEDTLS_CHECK_PARAMS_ASSERT */ - -#if defined(MBEDTLS_TIMING_ALT) - if( strcmp( "MBEDTLS_TIMING_ALT", config ) == 0 ) - { - MACRO_EXPANSION_TO_STR( MBEDTLS_TIMING_ALT ); - return( 0 ); - } -#endif /* MBEDTLS_TIMING_ALT */ - -#if defined(MBEDTLS_AES_ALT) - if( strcmp( "MBEDTLS_AES_ALT", config ) == 0 ) - { - MACRO_EXPANSION_TO_STR( MBEDTLS_AES_ALT ); - return( 0 ); - } -#endif /* MBEDTLS_AES_ALT */ - -#if defined(MBEDTLS_ARC4_ALT) - if( strcmp( "MBEDTLS_ARC4_ALT", config ) == 0 ) - { - MACRO_EXPANSION_TO_STR( MBEDTLS_ARC4_ALT ); - return( 0 ); - } -#endif /* MBEDTLS_ARC4_ALT */ - -#if defined(MBEDTLS_ARIA_ALT) - if( strcmp( "MBEDTLS_ARIA_ALT", config ) == 0 ) - { - MACRO_EXPANSION_TO_STR( MBEDTLS_ARIA_ALT ); - return( 0 ); - } -#endif /* MBEDTLS_ARIA_ALT */ - -#if defined(MBEDTLS_BLOWFISH_ALT) - if( strcmp( "MBEDTLS_BLOWFISH_ALT", config ) == 0 ) - { - MACRO_EXPANSION_TO_STR( MBEDTLS_BLOWFISH_ALT ); - return( 0 ); - } -#endif /* MBEDTLS_BLOWFISH_ALT */ - -#if defined(MBEDTLS_CAMELLIA_ALT) - if( strcmp( "MBEDTLS_CAMELLIA_ALT", config ) == 0 ) - { - MACRO_EXPANSION_TO_STR( MBEDTLS_CAMELLIA_ALT ); - return( 0 ); - } -#endif /* MBEDTLS_CAMELLIA_ALT */ - -#if defined(MBEDTLS_CCM_ALT) - if( strcmp( "MBEDTLS_CCM_ALT", config ) == 0 ) - { - MACRO_EXPANSION_TO_STR( MBEDTLS_CCM_ALT ); - return( 0 ); - } -#endif /* MBEDTLS_CCM_ALT */ - -#if defined(MBEDTLS_CHACHA20_ALT) - if( strcmp( "MBEDTLS_CHACHA20_ALT", config ) == 0 ) - { - MACRO_EXPANSION_TO_STR( MBEDTLS_CHACHA20_ALT ); - return( 0 ); - } -#endif /* MBEDTLS_CHACHA20_ALT */ - -#if defined(MBEDTLS_CHACHAPOLY_ALT) - if( strcmp( "MBEDTLS_CHACHAPOLY_ALT", config ) == 0 ) - { - MACRO_EXPANSION_TO_STR( MBEDTLS_CHACHAPOLY_ALT ); - return( 0 ); - } -#endif /* MBEDTLS_CHACHAPOLY_ALT */ - -#if defined(MBEDTLS_CMAC_ALT) - if( strcmp( "MBEDTLS_CMAC_ALT", config ) == 0 ) - { - MACRO_EXPANSION_TO_STR( MBEDTLS_CMAC_ALT ); - return( 0 ); - } -#endif /* MBEDTLS_CMAC_ALT */ - -#if defined(MBEDTLS_DES_ALT) - if( strcmp( "MBEDTLS_DES_ALT", config ) == 0 ) - { - MACRO_EXPANSION_TO_STR( MBEDTLS_DES_ALT ); - return( 0 ); - } -#endif /* MBEDTLS_DES_ALT */ - -#if defined(MBEDTLS_DHM_ALT) - if( strcmp( "MBEDTLS_DHM_ALT", config ) == 0 ) - { - MACRO_EXPANSION_TO_STR( MBEDTLS_DHM_ALT ); - return( 0 ); - } -#endif /* MBEDTLS_DHM_ALT */ - -#if defined(MBEDTLS_ECJPAKE_ALT) - if( strcmp( "MBEDTLS_ECJPAKE_ALT", config ) == 0 ) - { - MACRO_EXPANSION_TO_STR( MBEDTLS_ECJPAKE_ALT ); - return( 0 ); - } -#endif /* MBEDTLS_ECJPAKE_ALT */ - -#if defined(MBEDTLS_GCM_ALT) - if( strcmp( "MBEDTLS_GCM_ALT", config ) == 0 ) - { - MACRO_EXPANSION_TO_STR( MBEDTLS_GCM_ALT ); - return( 0 ); - } -#endif /* MBEDTLS_GCM_ALT */ - -#if defined(MBEDTLS_NIST_KW_ALT) - if( strcmp( "MBEDTLS_NIST_KW_ALT", config ) == 0 ) - { - MACRO_EXPANSION_TO_STR( MBEDTLS_NIST_KW_ALT ); - return( 0 ); - } -#endif /* MBEDTLS_NIST_KW_ALT */ - -#if defined(MBEDTLS_MD2_ALT) - if( strcmp( "MBEDTLS_MD2_ALT", config ) == 0 ) - { - MACRO_EXPANSION_TO_STR( MBEDTLS_MD2_ALT ); - return( 0 ); - } -#endif /* MBEDTLS_MD2_ALT */ - -#if defined(MBEDTLS_MD4_ALT) - if( strcmp( "MBEDTLS_MD4_ALT", config ) == 0 ) - { - MACRO_EXPANSION_TO_STR( MBEDTLS_MD4_ALT ); - return( 0 ); - } -#endif /* MBEDTLS_MD4_ALT */ - -#if defined(MBEDTLS_MD5_ALT) - if( strcmp( "MBEDTLS_MD5_ALT", config ) == 0 ) - { - MACRO_EXPANSION_TO_STR( MBEDTLS_MD5_ALT ); - return( 0 ); - } -#endif /* MBEDTLS_MD5_ALT */ - -#if defined(MBEDTLS_POLY1305_ALT) - if( strcmp( "MBEDTLS_POLY1305_ALT", config ) == 0 ) - { - MACRO_EXPANSION_TO_STR( MBEDTLS_POLY1305_ALT ); - return( 0 ); - } -#endif /* MBEDTLS_POLY1305_ALT */ - -#if defined(MBEDTLS_RIPEMD160_ALT) - if( strcmp( "MBEDTLS_RIPEMD160_ALT", config ) == 0 ) - { - MACRO_EXPANSION_TO_STR( MBEDTLS_RIPEMD160_ALT ); - return( 0 ); - } -#endif /* MBEDTLS_RIPEMD160_ALT */ - -#if defined(MBEDTLS_RSA_ALT) - if( strcmp( "MBEDTLS_RSA_ALT", config ) == 0 ) - { - MACRO_EXPANSION_TO_STR( MBEDTLS_RSA_ALT ); - return( 0 ); - } -#endif /* MBEDTLS_RSA_ALT */ - -#if defined(MBEDTLS_SHA1_ALT) - if( strcmp( "MBEDTLS_SHA1_ALT", config ) == 0 ) - { - MACRO_EXPANSION_TO_STR( MBEDTLS_SHA1_ALT ); - return( 0 ); - } -#endif /* MBEDTLS_SHA1_ALT */ - -#if defined(MBEDTLS_SHA256_ALT) - if( strcmp( "MBEDTLS_SHA256_ALT", config ) == 0 ) - { - MACRO_EXPANSION_TO_STR( MBEDTLS_SHA256_ALT ); - return( 0 ); - } -#endif /* MBEDTLS_SHA256_ALT */ - -#if defined(MBEDTLS_SHA512_ALT) - if( strcmp( "MBEDTLS_SHA512_ALT", config ) == 0 ) - { - MACRO_EXPANSION_TO_STR( MBEDTLS_SHA512_ALT ); - return( 0 ); - } -#endif /* MBEDTLS_SHA512_ALT */ - -#if defined(MBEDTLS_XTEA_ALT) - if( strcmp( "MBEDTLS_XTEA_ALT", config ) == 0 ) - { - MACRO_EXPANSION_TO_STR( MBEDTLS_XTEA_ALT ); - return( 0 ); - } -#endif /* MBEDTLS_XTEA_ALT */ - -#if defined(MBEDTLS_ECP_ALT) - if( strcmp( "MBEDTLS_ECP_ALT", config ) == 0 ) - { - MACRO_EXPANSION_TO_STR( MBEDTLS_ECP_ALT ); - return( 0 ); - } -#endif /* MBEDTLS_ECP_ALT */ - -#if defined(MBEDTLS_MD2_PROCESS_ALT) - if( strcmp( "MBEDTLS_MD2_PROCESS_ALT", config ) == 0 ) - { - MACRO_EXPANSION_TO_STR( MBEDTLS_MD2_PROCESS_ALT ); - return( 0 ); - } -#endif /* MBEDTLS_MD2_PROCESS_ALT */ - -#if defined(MBEDTLS_MD4_PROCESS_ALT) - if( strcmp( "MBEDTLS_MD4_PROCESS_ALT", config ) == 0 ) - { - MACRO_EXPANSION_TO_STR( MBEDTLS_MD4_PROCESS_ALT ); - return( 0 ); - } -#endif /* MBEDTLS_MD4_PROCESS_ALT */ - -#if defined(MBEDTLS_MD5_PROCESS_ALT) - if( strcmp( "MBEDTLS_MD5_PROCESS_ALT", config ) == 0 ) - { - MACRO_EXPANSION_TO_STR( MBEDTLS_MD5_PROCESS_ALT ); - return( 0 ); - } -#endif /* MBEDTLS_MD5_PROCESS_ALT */ - -#if defined(MBEDTLS_RIPEMD160_PROCESS_ALT) - if( strcmp( "MBEDTLS_RIPEMD160_PROCESS_ALT", config ) == 0 ) - { - MACRO_EXPANSION_TO_STR( MBEDTLS_RIPEMD160_PROCESS_ALT ); - return( 0 ); - } -#endif /* MBEDTLS_RIPEMD160_PROCESS_ALT */ - -#if defined(MBEDTLS_SHA1_PROCESS_ALT) - if( strcmp( "MBEDTLS_SHA1_PROCESS_ALT", config ) == 0 ) - { - MACRO_EXPANSION_TO_STR( MBEDTLS_SHA1_PROCESS_ALT ); - return( 0 ); - } -#endif /* MBEDTLS_SHA1_PROCESS_ALT */ - -#if defined(MBEDTLS_SHA256_PROCESS_ALT) - if( strcmp( "MBEDTLS_SHA256_PROCESS_ALT", config ) == 0 ) - { - MACRO_EXPANSION_TO_STR( MBEDTLS_SHA256_PROCESS_ALT ); - return( 0 ); - } -#endif /* MBEDTLS_SHA256_PROCESS_ALT */ - -#if defined(MBEDTLS_SHA512_PROCESS_ALT) - if( strcmp( "MBEDTLS_SHA512_PROCESS_ALT", config ) == 0 ) - { - MACRO_EXPANSION_TO_STR( MBEDTLS_SHA512_PROCESS_ALT ); - return( 0 ); - } -#endif /* MBEDTLS_SHA512_PROCESS_ALT */ - -#if defined(MBEDTLS_DES_SETKEY_ALT) - if( strcmp( "MBEDTLS_DES_SETKEY_ALT", config ) == 0 ) - { - MACRO_EXPANSION_TO_STR( MBEDTLS_DES_SETKEY_ALT ); - return( 0 ); - } -#endif /* MBEDTLS_DES_SETKEY_ALT */ - -#if defined(MBEDTLS_DES_CRYPT_ECB_ALT) - if( strcmp( "MBEDTLS_DES_CRYPT_ECB_ALT", config ) == 0 ) - { - MACRO_EXPANSION_TO_STR( MBEDTLS_DES_CRYPT_ECB_ALT ); - return( 0 ); - } -#endif /* MBEDTLS_DES_CRYPT_ECB_ALT */ - -#if defined(MBEDTLS_DES3_CRYPT_ECB_ALT) - if( strcmp( "MBEDTLS_DES3_CRYPT_ECB_ALT", config ) == 0 ) - { - MACRO_EXPANSION_TO_STR( MBEDTLS_DES3_CRYPT_ECB_ALT ); - return( 0 ); - } -#endif /* MBEDTLS_DES3_CRYPT_ECB_ALT */ - -#if defined(MBEDTLS_AES_SETKEY_ENC_ALT) - if( strcmp( "MBEDTLS_AES_SETKEY_ENC_ALT", config ) == 0 ) - { - MACRO_EXPANSION_TO_STR( MBEDTLS_AES_SETKEY_ENC_ALT ); - return( 0 ); - } -#endif /* MBEDTLS_AES_SETKEY_ENC_ALT */ - -#if defined(MBEDTLS_AES_SETKEY_DEC_ALT) - if( strcmp( "MBEDTLS_AES_SETKEY_DEC_ALT", config ) == 0 ) - { - MACRO_EXPANSION_TO_STR( MBEDTLS_AES_SETKEY_DEC_ALT ); - return( 0 ); - } -#endif /* MBEDTLS_AES_SETKEY_DEC_ALT */ - -#if defined(MBEDTLS_AES_ENCRYPT_ALT) - if( strcmp( "MBEDTLS_AES_ENCRYPT_ALT", config ) == 0 ) - { - MACRO_EXPANSION_TO_STR( MBEDTLS_AES_ENCRYPT_ALT ); - return( 0 ); - } -#endif /* MBEDTLS_AES_ENCRYPT_ALT */ - -#if defined(MBEDTLS_AES_DECRYPT_ALT) - if( strcmp( "MBEDTLS_AES_DECRYPT_ALT", config ) == 0 ) - { - MACRO_EXPANSION_TO_STR( MBEDTLS_AES_DECRYPT_ALT ); - return( 0 ); - } -#endif /* MBEDTLS_AES_DECRYPT_ALT */ - -#if defined(MBEDTLS_ECDH_GEN_PUBLIC_ALT) - if( strcmp( "MBEDTLS_ECDH_GEN_PUBLIC_ALT", config ) == 0 ) - { - MACRO_EXPANSION_TO_STR( MBEDTLS_ECDH_GEN_PUBLIC_ALT ); - return( 0 ); - } -#endif /* MBEDTLS_ECDH_GEN_PUBLIC_ALT */ - -#if defined(MBEDTLS_ECDH_COMPUTE_SHARED_ALT) - if( strcmp( "MBEDTLS_ECDH_COMPUTE_SHARED_ALT", config ) == 0 ) - { - MACRO_EXPANSION_TO_STR( MBEDTLS_ECDH_COMPUTE_SHARED_ALT ); - return( 0 ); - } -#endif /* MBEDTLS_ECDH_COMPUTE_SHARED_ALT */ - -#if defined(MBEDTLS_ECDSA_VERIFY_ALT) - if( strcmp( "MBEDTLS_ECDSA_VERIFY_ALT", config ) == 0 ) - { - MACRO_EXPANSION_TO_STR( MBEDTLS_ECDSA_VERIFY_ALT ); - return( 0 ); - } -#endif /* MBEDTLS_ECDSA_VERIFY_ALT */ - -#if defined(MBEDTLS_ECDSA_SIGN_ALT) - if( strcmp( "MBEDTLS_ECDSA_SIGN_ALT", config ) == 0 ) - { - MACRO_EXPANSION_TO_STR( MBEDTLS_ECDSA_SIGN_ALT ); - return( 0 ); - } -#endif /* MBEDTLS_ECDSA_SIGN_ALT */ - -#if defined(MBEDTLS_ECDSA_GENKEY_ALT) - if( strcmp( "MBEDTLS_ECDSA_GENKEY_ALT", config ) == 0 ) - { - MACRO_EXPANSION_TO_STR( MBEDTLS_ECDSA_GENKEY_ALT ); - return( 0 ); - } -#endif /* MBEDTLS_ECDSA_GENKEY_ALT */ - -#if defined(MBEDTLS_ECP_INTERNAL_ALT) - if( strcmp( "MBEDTLS_ECP_INTERNAL_ALT", config ) == 0 ) - { - MACRO_EXPANSION_TO_STR( MBEDTLS_ECP_INTERNAL_ALT ); - return( 0 ); - } -#endif /* MBEDTLS_ECP_INTERNAL_ALT */ - -#if defined(MBEDTLS_ECP_NO_FALLBACK) - if( strcmp( "MBEDTLS_ECP_NO_FALLBACK", config ) == 0 ) - { - MACRO_EXPANSION_TO_STR( MBEDTLS_ECP_NO_FALLBACK ); - return( 0 ); - } -#endif /* MBEDTLS_ECP_NO_FALLBACK */ - -#if defined(MBEDTLS_ECP_RANDOMIZE_JAC_ALT) - if( strcmp( "MBEDTLS_ECP_RANDOMIZE_JAC_ALT", config ) == 0 ) - { - MACRO_EXPANSION_TO_STR( MBEDTLS_ECP_RANDOMIZE_JAC_ALT ); - return( 0 ); - } -#endif /* MBEDTLS_ECP_RANDOMIZE_JAC_ALT */ - -#if defined(MBEDTLS_ECP_ADD_MIXED_ALT) - if( strcmp( "MBEDTLS_ECP_ADD_MIXED_ALT", config ) == 0 ) - { - MACRO_EXPANSION_TO_STR( MBEDTLS_ECP_ADD_MIXED_ALT ); - return( 0 ); - } -#endif /* MBEDTLS_ECP_ADD_MIXED_ALT */ - -#if defined(MBEDTLS_ECP_DOUBLE_JAC_ALT) - if( strcmp( "MBEDTLS_ECP_DOUBLE_JAC_ALT", config ) == 0 ) - { - MACRO_EXPANSION_TO_STR( MBEDTLS_ECP_DOUBLE_JAC_ALT ); - return( 0 ); - } -#endif /* MBEDTLS_ECP_DOUBLE_JAC_ALT */ - -#if defined(MBEDTLS_ECP_NORMALIZE_JAC_MANY_ALT) - if( strcmp( "MBEDTLS_ECP_NORMALIZE_JAC_MANY_ALT", config ) == 0 ) - { - MACRO_EXPANSION_TO_STR( MBEDTLS_ECP_NORMALIZE_JAC_MANY_ALT ); - return( 0 ); - } -#endif /* MBEDTLS_ECP_NORMALIZE_JAC_MANY_ALT */ - -#if defined(MBEDTLS_ECP_NORMALIZE_JAC_ALT) - if( strcmp( "MBEDTLS_ECP_NORMALIZE_JAC_ALT", config ) == 0 ) - { - MACRO_EXPANSION_TO_STR( MBEDTLS_ECP_NORMALIZE_JAC_ALT ); - return( 0 ); - } -#endif /* MBEDTLS_ECP_NORMALIZE_JAC_ALT */ - -#if defined(MBEDTLS_ECP_DOUBLE_ADD_MXZ_ALT) - if( strcmp( "MBEDTLS_ECP_DOUBLE_ADD_MXZ_ALT", config ) == 0 ) - { - MACRO_EXPANSION_TO_STR( MBEDTLS_ECP_DOUBLE_ADD_MXZ_ALT ); - return( 0 ); - } -#endif /* MBEDTLS_ECP_DOUBLE_ADD_MXZ_ALT */ - -#if defined(MBEDTLS_ECP_RANDOMIZE_MXZ_ALT) - if( strcmp( "MBEDTLS_ECP_RANDOMIZE_MXZ_ALT", config ) == 0 ) - { - MACRO_EXPANSION_TO_STR( MBEDTLS_ECP_RANDOMIZE_MXZ_ALT ); - return( 0 ); - } -#endif /* MBEDTLS_ECP_RANDOMIZE_MXZ_ALT */ - -#if defined(MBEDTLS_ECP_NORMALIZE_MXZ_ALT) - if( strcmp( "MBEDTLS_ECP_NORMALIZE_MXZ_ALT", config ) == 0 ) - { - MACRO_EXPANSION_TO_STR( MBEDTLS_ECP_NORMALIZE_MXZ_ALT ); - return( 0 ); - } -#endif /* MBEDTLS_ECP_NORMALIZE_MXZ_ALT */ - -#if defined(MBEDTLS_TEST_NULL_ENTROPY) - if( strcmp( "MBEDTLS_TEST_NULL_ENTROPY", config ) == 0 ) - { - MACRO_EXPANSION_TO_STR( MBEDTLS_TEST_NULL_ENTROPY ); - return( 0 ); - } -#endif /* MBEDTLS_TEST_NULL_ENTROPY */ - -#if defined(MBEDTLS_ENTROPY_HARDWARE_ALT) - if( strcmp( "MBEDTLS_ENTROPY_HARDWARE_ALT", config ) == 0 ) - { - MACRO_EXPANSION_TO_STR( MBEDTLS_ENTROPY_HARDWARE_ALT ); - return( 0 ); - } -#endif /* MBEDTLS_ENTROPY_HARDWARE_ALT */ - -#if defined(MBEDTLS_AES_ROM_TABLES) - if( strcmp( "MBEDTLS_AES_ROM_TABLES", config ) == 0 ) - { - MACRO_EXPANSION_TO_STR( MBEDTLS_AES_ROM_TABLES ); - return( 0 ); - } -#endif /* MBEDTLS_AES_ROM_TABLES */ - -#if defined(MBEDTLS_AES_FEWER_TABLES) - if( strcmp( "MBEDTLS_AES_FEWER_TABLES", config ) == 0 ) - { - MACRO_EXPANSION_TO_STR( MBEDTLS_AES_FEWER_TABLES ); - return( 0 ); - } -#endif /* MBEDTLS_AES_FEWER_TABLES */ - -#if defined(MBEDTLS_CAMELLIA_SMALL_MEMORY) - if( strcmp( "MBEDTLS_CAMELLIA_SMALL_MEMORY", config ) == 0 ) - { - MACRO_EXPANSION_TO_STR( MBEDTLS_CAMELLIA_SMALL_MEMORY ); - return( 0 ); - } -#endif /* MBEDTLS_CAMELLIA_SMALL_MEMORY */ - -#if defined(MBEDTLS_CIPHER_MODE_CBC) - if( strcmp( "MBEDTLS_CIPHER_MODE_CBC", config ) == 0 ) - { - MACRO_EXPANSION_TO_STR( MBEDTLS_CIPHER_MODE_CBC ); - return( 0 ); - } -#endif /* MBEDTLS_CIPHER_MODE_CBC */ - -#if defined(MBEDTLS_CIPHER_MODE_CFB) - if( strcmp( "MBEDTLS_CIPHER_MODE_CFB", config ) == 0 ) - { - MACRO_EXPANSION_TO_STR( MBEDTLS_CIPHER_MODE_CFB ); - return( 0 ); - } -#endif /* MBEDTLS_CIPHER_MODE_CFB */ - -#if defined(MBEDTLS_CIPHER_MODE_CTR) - if( strcmp( "MBEDTLS_CIPHER_MODE_CTR", config ) == 0 ) - { - MACRO_EXPANSION_TO_STR( MBEDTLS_CIPHER_MODE_CTR ); - return( 0 ); - } -#endif /* MBEDTLS_CIPHER_MODE_CTR */ - -#if defined(MBEDTLS_CIPHER_MODE_OFB) - if( strcmp( "MBEDTLS_CIPHER_MODE_OFB", config ) == 0 ) - { - MACRO_EXPANSION_TO_STR( MBEDTLS_CIPHER_MODE_OFB ); - return( 0 ); - } -#endif /* MBEDTLS_CIPHER_MODE_OFB */ - -#if defined(MBEDTLS_CIPHER_MODE_XTS) - if( strcmp( "MBEDTLS_CIPHER_MODE_XTS", config ) == 0 ) - { - MACRO_EXPANSION_TO_STR( MBEDTLS_CIPHER_MODE_XTS ); - return( 0 ); - } -#endif /* MBEDTLS_CIPHER_MODE_XTS */ - -#if defined(MBEDTLS_CIPHER_NULL_CIPHER) - if( strcmp( "MBEDTLS_CIPHER_NULL_CIPHER", config ) == 0 ) - { - MACRO_EXPANSION_TO_STR( MBEDTLS_CIPHER_NULL_CIPHER ); - return( 0 ); - } -#endif /* MBEDTLS_CIPHER_NULL_CIPHER */ - -#if defined(MBEDTLS_CIPHER_PADDING_PKCS7) - if( strcmp( "MBEDTLS_CIPHER_PADDING_PKCS7", config ) == 0 ) - { - MACRO_EXPANSION_TO_STR( MBEDTLS_CIPHER_PADDING_PKCS7 ); - return( 0 ); - } -#endif /* MBEDTLS_CIPHER_PADDING_PKCS7 */ - -#if defined(MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS) - if( strcmp( "MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS", config ) == 0 ) - { - MACRO_EXPANSION_TO_STR( MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS ); - return( 0 ); - } -#endif /* MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS */ - -#if defined(MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN) - if( strcmp( "MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN", config ) == 0 ) - { - MACRO_EXPANSION_TO_STR( MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN ); - return( 0 ); - } -#endif /* MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN */ - -#if defined(MBEDTLS_CIPHER_PADDING_ZEROS) - if( strcmp( "MBEDTLS_CIPHER_PADDING_ZEROS", config ) == 0 ) - { - MACRO_EXPANSION_TO_STR( MBEDTLS_CIPHER_PADDING_ZEROS ); - return( 0 ); - } -#endif /* MBEDTLS_CIPHER_PADDING_ZEROS */ - -#if defined(MBEDTLS_CTR_DRBG_USE_128_BIT_KEY) - if( strcmp( "MBEDTLS_CTR_DRBG_USE_128_BIT_KEY", config ) == 0 ) - { - MACRO_EXPANSION_TO_STR( MBEDTLS_CTR_DRBG_USE_128_BIT_KEY ); - return( 0 ); - } -#endif /* MBEDTLS_CTR_DRBG_USE_128_BIT_KEY */ - -#if defined(MBEDTLS_REMOVE_3DES_CIPHERSUITES) - if( strcmp( "MBEDTLS_REMOVE_3DES_CIPHERSUITES", config ) == 0 ) - { - MACRO_EXPANSION_TO_STR( MBEDTLS_REMOVE_3DES_CIPHERSUITES ); - return( 0 ); - } -#endif /* MBEDTLS_REMOVE_3DES_CIPHERSUITES */ - -#if defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED) - if( strcmp( "MBEDTLS_ECP_DP_SECP192R1_ENABLED", config ) == 0 ) - { - MACRO_EXPANSION_TO_STR( MBEDTLS_ECP_DP_SECP192R1_ENABLED ); - return( 0 ); - } -#endif /* MBEDTLS_ECP_DP_SECP192R1_ENABLED */ - -#if defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED) - if( strcmp( "MBEDTLS_ECP_DP_SECP224R1_ENABLED", config ) == 0 ) - { - MACRO_EXPANSION_TO_STR( MBEDTLS_ECP_DP_SECP224R1_ENABLED ); - return( 0 ); - } -#endif /* MBEDTLS_ECP_DP_SECP224R1_ENABLED */ - -#if defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED) - if( strcmp( "MBEDTLS_ECP_DP_SECP256R1_ENABLED", config ) == 0 ) - { - MACRO_EXPANSION_TO_STR( MBEDTLS_ECP_DP_SECP256R1_ENABLED ); - return( 0 ); - } -#endif /* MBEDTLS_ECP_DP_SECP256R1_ENABLED */ - -#if defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED) - if( strcmp( "MBEDTLS_ECP_DP_SECP384R1_ENABLED", config ) == 0 ) - { - MACRO_EXPANSION_TO_STR( MBEDTLS_ECP_DP_SECP384R1_ENABLED ); - return( 0 ); - } -#endif /* MBEDTLS_ECP_DP_SECP384R1_ENABLED */ - -#if defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED) - if( strcmp( "MBEDTLS_ECP_DP_SECP521R1_ENABLED", config ) == 0 ) - { - MACRO_EXPANSION_TO_STR( MBEDTLS_ECP_DP_SECP521R1_ENABLED ); - return( 0 ); - } -#endif /* MBEDTLS_ECP_DP_SECP521R1_ENABLED */ - -#if defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED) - if( strcmp( "MBEDTLS_ECP_DP_SECP192K1_ENABLED", config ) == 0 ) - { - MACRO_EXPANSION_TO_STR( MBEDTLS_ECP_DP_SECP192K1_ENABLED ); - return( 0 ); - } -#endif /* MBEDTLS_ECP_DP_SECP192K1_ENABLED */ - -#if defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED) - if( strcmp( "MBEDTLS_ECP_DP_SECP224K1_ENABLED", config ) == 0 ) - { - MACRO_EXPANSION_TO_STR( MBEDTLS_ECP_DP_SECP224K1_ENABLED ); - return( 0 ); - } -#endif /* MBEDTLS_ECP_DP_SECP224K1_ENABLED */ - -#if defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED) - if( strcmp( "MBEDTLS_ECP_DP_SECP256K1_ENABLED", config ) == 0 ) - { - MACRO_EXPANSION_TO_STR( MBEDTLS_ECP_DP_SECP256K1_ENABLED ); - return( 0 ); - } -#endif /* MBEDTLS_ECP_DP_SECP256K1_ENABLED */ - -#if defined(MBEDTLS_ECP_DP_BP256R1_ENABLED) - if( strcmp( "MBEDTLS_ECP_DP_BP256R1_ENABLED", config ) == 0 ) - { - MACRO_EXPANSION_TO_STR( MBEDTLS_ECP_DP_BP256R1_ENABLED ); - return( 0 ); - } -#endif /* MBEDTLS_ECP_DP_BP256R1_ENABLED */ - -#if defined(MBEDTLS_ECP_DP_BP384R1_ENABLED) - if( strcmp( "MBEDTLS_ECP_DP_BP384R1_ENABLED", config ) == 0 ) - { - MACRO_EXPANSION_TO_STR( MBEDTLS_ECP_DP_BP384R1_ENABLED ); - return( 0 ); - } -#endif /* MBEDTLS_ECP_DP_BP384R1_ENABLED */ - -#if defined(MBEDTLS_ECP_DP_BP512R1_ENABLED) - if( strcmp( "MBEDTLS_ECP_DP_BP512R1_ENABLED", config ) == 0 ) - { - MACRO_EXPANSION_TO_STR( MBEDTLS_ECP_DP_BP512R1_ENABLED ); - return( 0 ); - } -#endif /* MBEDTLS_ECP_DP_BP512R1_ENABLED */ - -#if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED) - if( strcmp( "MBEDTLS_ECP_DP_CURVE25519_ENABLED", config ) == 0 ) - { - MACRO_EXPANSION_TO_STR( MBEDTLS_ECP_DP_CURVE25519_ENABLED ); - return( 0 ); - } -#endif /* MBEDTLS_ECP_DP_CURVE25519_ENABLED */ - -#if defined(MBEDTLS_ECP_DP_CURVE448_ENABLED) - if( strcmp( "MBEDTLS_ECP_DP_CURVE448_ENABLED", config ) == 0 ) - { - MACRO_EXPANSION_TO_STR( MBEDTLS_ECP_DP_CURVE448_ENABLED ); - return( 0 ); - } -#endif /* MBEDTLS_ECP_DP_CURVE448_ENABLED */ - -#if defined(MBEDTLS_ECP_NIST_OPTIM) - if( strcmp( "MBEDTLS_ECP_NIST_OPTIM", config ) == 0 ) - { - MACRO_EXPANSION_TO_STR( MBEDTLS_ECP_NIST_OPTIM ); - return( 0 ); - } -#endif /* MBEDTLS_ECP_NIST_OPTIM */ - -#if defined(MBEDTLS_ECP_NO_INTERNAL_RNG) - if( strcmp( "MBEDTLS_ECP_NO_INTERNAL_RNG", config ) == 0 ) - { - MACRO_EXPANSION_TO_STR( MBEDTLS_ECP_NO_INTERNAL_RNG ); - return( 0 ); - } -#endif /* MBEDTLS_ECP_NO_INTERNAL_RNG */ - -#if defined(MBEDTLS_ECP_RESTARTABLE) - if( strcmp( "MBEDTLS_ECP_RESTARTABLE", config ) == 0 ) - { - MACRO_EXPANSION_TO_STR( MBEDTLS_ECP_RESTARTABLE ); - return( 0 ); - } -#endif /* MBEDTLS_ECP_RESTARTABLE */ - -#if defined(MBEDTLS_ECDH_LEGACY_CONTEXT) - if( strcmp( "MBEDTLS_ECDH_LEGACY_CONTEXT", config ) == 0 ) - { - MACRO_EXPANSION_TO_STR( MBEDTLS_ECDH_LEGACY_CONTEXT ); - return( 0 ); - } -#endif /* MBEDTLS_ECDH_LEGACY_CONTEXT */ - -#if defined(MBEDTLS_ECDSA_DETERMINISTIC) - if( strcmp( "MBEDTLS_ECDSA_DETERMINISTIC", config ) == 0 ) - { - MACRO_EXPANSION_TO_STR( MBEDTLS_ECDSA_DETERMINISTIC ); - return( 0 ); - } -#endif /* MBEDTLS_ECDSA_DETERMINISTIC */ - -#if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED) - if( strcmp( "MBEDTLS_KEY_EXCHANGE_PSK_ENABLED", config ) == 0 ) - { - MACRO_EXPANSION_TO_STR( MBEDTLS_KEY_EXCHANGE_PSK_ENABLED ); - return( 0 ); - } -#endif /* MBEDTLS_KEY_EXCHANGE_PSK_ENABLED */ - -#if defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED) - if( strcmp( "MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED", config ) == 0 ) - { - MACRO_EXPANSION_TO_STR( MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED ); - return( 0 ); - } -#endif /* MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED */ - -#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED) - if( strcmp( "MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED", config ) == 0 ) - { - MACRO_EXPANSION_TO_STR( MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED ); - return( 0 ); - } -#endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED */ - -#if defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED) - if( strcmp( "MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED", config ) == 0 ) - { - MACRO_EXPANSION_TO_STR( MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED ); - return( 0 ); - } -#endif /* MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED */ - -#if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) - if( strcmp( "MBEDTLS_KEY_EXCHANGE_RSA_ENABLED", config ) == 0 ) - { - MACRO_EXPANSION_TO_STR( MBEDTLS_KEY_EXCHANGE_RSA_ENABLED ); - return( 0 ); - } -#endif /* MBEDTLS_KEY_EXCHANGE_RSA_ENABLED */ - -#if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) - if( strcmp( "MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED", config ) == 0 ) - { - MACRO_EXPANSION_TO_STR( MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED ); - return( 0 ); - } -#endif /* MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED */ - -#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) - if( strcmp( "MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED", config ) == 0 ) - { - MACRO_EXPANSION_TO_STR( MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED ); - return( 0 ); - } -#endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED */ - -#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) - if( strcmp( "MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED", config ) == 0 ) - { - MACRO_EXPANSION_TO_STR( MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED ); - return( 0 ); - } -#endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED */ - -#if defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED) - if( strcmp( "MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED", config ) == 0 ) - { - MACRO_EXPANSION_TO_STR( MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED ); - return( 0 ); - } -#endif /* MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED */ - -#if defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) - if( strcmp( "MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED", config ) == 0 ) - { - MACRO_EXPANSION_TO_STR( MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED ); - return( 0 ); - } -#endif /* MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED */ - -#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) - if( strcmp( "MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED", config ) == 0 ) - { - MACRO_EXPANSION_TO_STR( MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED ); - return( 0 ); - } -#endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ - -#if defined(MBEDTLS_PK_PARSE_EC_EXTENDED) - if( strcmp( "MBEDTLS_PK_PARSE_EC_EXTENDED", config ) == 0 ) - { - MACRO_EXPANSION_TO_STR( MBEDTLS_PK_PARSE_EC_EXTENDED ); - return( 0 ); - } -#endif /* MBEDTLS_PK_PARSE_EC_EXTENDED */ - -#if defined(MBEDTLS_ERROR_STRERROR_DUMMY) - if( strcmp( "MBEDTLS_ERROR_STRERROR_DUMMY", config ) == 0 ) - { - MACRO_EXPANSION_TO_STR( MBEDTLS_ERROR_STRERROR_DUMMY ); - return( 0 ); - } -#endif /* MBEDTLS_ERROR_STRERROR_DUMMY */ - -#if defined(MBEDTLS_GENPRIME) - if( strcmp( "MBEDTLS_GENPRIME", config ) == 0 ) - { - MACRO_EXPANSION_TO_STR( MBEDTLS_GENPRIME ); - return( 0 ); - } -#endif /* MBEDTLS_GENPRIME */ - -#if defined(MBEDTLS_FS_IO) - if( strcmp( "MBEDTLS_FS_IO", config ) == 0 ) - { - MACRO_EXPANSION_TO_STR( MBEDTLS_FS_IO ); - return( 0 ); - } -#endif /* MBEDTLS_FS_IO */ - -#if defined(MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES) - if( strcmp( "MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES", config ) == 0 ) - { - MACRO_EXPANSION_TO_STR( MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES ); - return( 0 ); - } -#endif /* MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES */ - -#if defined(MBEDTLS_NO_PLATFORM_ENTROPY) - if( strcmp( "MBEDTLS_NO_PLATFORM_ENTROPY", config ) == 0 ) - { - MACRO_EXPANSION_TO_STR( MBEDTLS_NO_PLATFORM_ENTROPY ); - return( 0 ); - } -#endif /* MBEDTLS_NO_PLATFORM_ENTROPY */ - -#if defined(MBEDTLS_ENTROPY_FORCE_SHA256) - if( strcmp( "MBEDTLS_ENTROPY_FORCE_SHA256", config ) == 0 ) - { - MACRO_EXPANSION_TO_STR( MBEDTLS_ENTROPY_FORCE_SHA256 ); - return( 0 ); - } -#endif /* MBEDTLS_ENTROPY_FORCE_SHA256 */ - -#if defined(MBEDTLS_ENTROPY_NV_SEED) - if( strcmp( "MBEDTLS_ENTROPY_NV_SEED", config ) == 0 ) - { - MACRO_EXPANSION_TO_STR( MBEDTLS_ENTROPY_NV_SEED ); - return( 0 ); - } -#endif /* MBEDTLS_ENTROPY_NV_SEED */ - -#if defined(MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER) - if( strcmp( "MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER", config ) == 0 ) - { - MACRO_EXPANSION_TO_STR( MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER ); - return( 0 ); - } -#endif /* MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER */ - -#if defined(MBEDTLS_MEMORY_DEBUG) - if( strcmp( "MBEDTLS_MEMORY_DEBUG", config ) == 0 ) - { - MACRO_EXPANSION_TO_STR( MBEDTLS_MEMORY_DEBUG ); - return( 0 ); - } -#endif /* MBEDTLS_MEMORY_DEBUG */ - -#if defined(MBEDTLS_MEMORY_BACKTRACE) - if( strcmp( "MBEDTLS_MEMORY_BACKTRACE", config ) == 0 ) - { - MACRO_EXPANSION_TO_STR( MBEDTLS_MEMORY_BACKTRACE ); - return( 0 ); - } -#endif /* MBEDTLS_MEMORY_BACKTRACE */ - -#if defined(MBEDTLS_PK_RSA_ALT_SUPPORT) - if( strcmp( "MBEDTLS_PK_RSA_ALT_SUPPORT", config ) == 0 ) - { - MACRO_EXPANSION_TO_STR( MBEDTLS_PK_RSA_ALT_SUPPORT ); - return( 0 ); - } -#endif /* MBEDTLS_PK_RSA_ALT_SUPPORT */ - -#if defined(MBEDTLS_PKCS1_V15) - if( strcmp( "MBEDTLS_PKCS1_V15", config ) == 0 ) - { - MACRO_EXPANSION_TO_STR( MBEDTLS_PKCS1_V15 ); - return( 0 ); - } -#endif /* MBEDTLS_PKCS1_V15 */ - -#if defined(MBEDTLS_PKCS1_V21) - if( strcmp( "MBEDTLS_PKCS1_V21", config ) == 0 ) - { - MACRO_EXPANSION_TO_STR( MBEDTLS_PKCS1_V21 ); - return( 0 ); - } -#endif /* MBEDTLS_PKCS1_V21 */ - -#if defined(MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS) - if( strcmp( "MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS", config ) == 0 ) - { - MACRO_EXPANSION_TO_STR( MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS ); - return( 0 ); - } -#endif /* MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS */ - -#if defined(MBEDTLS_PSA_CRYPTO_CLIENT) - if( strcmp( "MBEDTLS_PSA_CRYPTO_CLIENT", config ) == 0 ) - { - MACRO_EXPANSION_TO_STR( MBEDTLS_PSA_CRYPTO_CLIENT ); - return( 0 ); - } -#endif /* MBEDTLS_PSA_CRYPTO_CLIENT */ - -#if defined(MBEDTLS_PSA_CRYPTO_DRIVERS) - if( strcmp( "MBEDTLS_PSA_CRYPTO_DRIVERS", config ) == 0 ) - { - MACRO_EXPANSION_TO_STR( MBEDTLS_PSA_CRYPTO_DRIVERS ); - return( 0 ); - } -#endif /* MBEDTLS_PSA_CRYPTO_DRIVERS */ - -#if defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG) - if( strcmp( "MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG", config ) == 0 ) - { - MACRO_EXPANSION_TO_STR( MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG ); - return( 0 ); - } -#endif /* MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG */ - -#if defined(MBEDTLS_PSA_CRYPTO_SPM) - if( strcmp( "MBEDTLS_PSA_CRYPTO_SPM", config ) == 0 ) - { - MACRO_EXPANSION_TO_STR( MBEDTLS_PSA_CRYPTO_SPM ); - return( 0 ); - } -#endif /* MBEDTLS_PSA_CRYPTO_SPM */ - -#if defined(MBEDTLS_PSA_INJECT_ENTROPY) - if( strcmp( "MBEDTLS_PSA_INJECT_ENTROPY", config ) == 0 ) - { - MACRO_EXPANSION_TO_STR( MBEDTLS_PSA_INJECT_ENTROPY ); - return( 0 ); - } -#endif /* MBEDTLS_PSA_INJECT_ENTROPY */ - -#if defined(MBEDTLS_RSA_NO_CRT) - if( strcmp( "MBEDTLS_RSA_NO_CRT", config ) == 0 ) - { - MACRO_EXPANSION_TO_STR( MBEDTLS_RSA_NO_CRT ); - return( 0 ); - } -#endif /* MBEDTLS_RSA_NO_CRT */ - -#if defined(MBEDTLS_SELF_TEST) - if( strcmp( "MBEDTLS_SELF_TEST", config ) == 0 ) - { - MACRO_EXPANSION_TO_STR( MBEDTLS_SELF_TEST ); - return( 0 ); - } -#endif /* MBEDTLS_SELF_TEST */ - -#if defined(MBEDTLS_SHA256_SMALLER) - if( strcmp( "MBEDTLS_SHA256_SMALLER", config ) == 0 ) - { - MACRO_EXPANSION_TO_STR( MBEDTLS_SHA256_SMALLER ); - return( 0 ); - } -#endif /* MBEDTLS_SHA256_SMALLER */ - -#if defined(MBEDTLS_SHA512_SMALLER) - if( strcmp( "MBEDTLS_SHA512_SMALLER", config ) == 0 ) - { - MACRO_EXPANSION_TO_STR( MBEDTLS_SHA512_SMALLER ); - return( 0 ); - } -#endif /* MBEDTLS_SHA512_SMALLER */ - -#if defined(MBEDTLS_SHA512_NO_SHA384) - if( strcmp( "MBEDTLS_SHA512_NO_SHA384", config ) == 0 ) - { - MACRO_EXPANSION_TO_STR( MBEDTLS_SHA512_NO_SHA384 ); - return( 0 ); - } -#endif /* MBEDTLS_SHA512_NO_SHA384 */ - -#if defined(MBEDTLS_SSL_ALL_ALERT_MESSAGES) - if( strcmp( "MBEDTLS_SSL_ALL_ALERT_MESSAGES", config ) == 0 ) - { - MACRO_EXPANSION_TO_STR( MBEDTLS_SSL_ALL_ALERT_MESSAGES ); - return( 0 ); - } -#endif /* MBEDTLS_SSL_ALL_ALERT_MESSAGES */ - -#if defined(MBEDTLS_SSL_RECORD_CHECKING) - if( strcmp( "MBEDTLS_SSL_RECORD_CHECKING", config ) == 0 ) - { - MACRO_EXPANSION_TO_STR( MBEDTLS_SSL_RECORD_CHECKING ); - return( 0 ); - } -#endif /* MBEDTLS_SSL_RECORD_CHECKING */ - -#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) - if( strcmp( "MBEDTLS_SSL_DTLS_CONNECTION_ID", config ) == 0 ) - { - MACRO_EXPANSION_TO_STR( MBEDTLS_SSL_DTLS_CONNECTION_ID ); - return( 0 ); - } -#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ - -#if defined(MBEDTLS_SSL_ASYNC_PRIVATE) - if( strcmp( "MBEDTLS_SSL_ASYNC_PRIVATE", config ) == 0 ) - { - MACRO_EXPANSION_TO_STR( MBEDTLS_SSL_ASYNC_PRIVATE ); - return( 0 ); - } -#endif /* MBEDTLS_SSL_ASYNC_PRIVATE */ - -#if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION) - if( strcmp( "MBEDTLS_SSL_CONTEXT_SERIALIZATION", config ) == 0 ) - { - MACRO_EXPANSION_TO_STR( MBEDTLS_SSL_CONTEXT_SERIALIZATION ); - return( 0 ); - } -#endif /* MBEDTLS_SSL_CONTEXT_SERIALIZATION */ - -#if defined(MBEDTLS_SSL_DEBUG_ALL) - if( strcmp( "MBEDTLS_SSL_DEBUG_ALL", config ) == 0 ) - { - MACRO_EXPANSION_TO_STR( MBEDTLS_SSL_DEBUG_ALL ); - return( 0 ); - } -#endif /* MBEDTLS_SSL_DEBUG_ALL */ - -#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) - if( strcmp( "MBEDTLS_SSL_ENCRYPT_THEN_MAC", config ) == 0 ) - { - MACRO_EXPANSION_TO_STR( MBEDTLS_SSL_ENCRYPT_THEN_MAC ); - return( 0 ); - } -#endif /* MBEDTLS_SSL_ENCRYPT_THEN_MAC */ - -#if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET) - if( strcmp( "MBEDTLS_SSL_EXTENDED_MASTER_SECRET", config ) == 0 ) - { - MACRO_EXPANSION_TO_STR( MBEDTLS_SSL_EXTENDED_MASTER_SECRET ); - return( 0 ); - } -#endif /* MBEDTLS_SSL_EXTENDED_MASTER_SECRET */ - -#if defined(MBEDTLS_SSL_FALLBACK_SCSV) - if( strcmp( "MBEDTLS_SSL_FALLBACK_SCSV", config ) == 0 ) - { - MACRO_EXPANSION_TO_STR( MBEDTLS_SSL_FALLBACK_SCSV ); - return( 0 ); - } -#endif /* MBEDTLS_SSL_FALLBACK_SCSV */ - -#if defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE) - if( strcmp( "MBEDTLS_SSL_KEEP_PEER_CERTIFICATE", config ) == 0 ) - { - MACRO_EXPANSION_TO_STR( MBEDTLS_SSL_KEEP_PEER_CERTIFICATE ); - return( 0 ); - } -#endif /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */ - -#if defined(MBEDTLS_SSL_CBC_RECORD_SPLITTING) - if( strcmp( "MBEDTLS_SSL_CBC_RECORD_SPLITTING", config ) == 0 ) - { - MACRO_EXPANSION_TO_STR( MBEDTLS_SSL_CBC_RECORD_SPLITTING ); - return( 0 ); - } -#endif /* MBEDTLS_SSL_CBC_RECORD_SPLITTING */ - -#if defined(MBEDTLS_SSL_RENEGOTIATION) - if( strcmp( "MBEDTLS_SSL_RENEGOTIATION", config ) == 0 ) - { - MACRO_EXPANSION_TO_STR( MBEDTLS_SSL_RENEGOTIATION ); - return( 0 ); - } -#endif /* MBEDTLS_SSL_RENEGOTIATION */ - -#if defined(MBEDTLS_SSL_SRV_RESPECT_CLIENT_PREFERENCE) - if( strcmp( "MBEDTLS_SSL_SRV_RESPECT_CLIENT_PREFERENCE", config ) == 0 ) - { - MACRO_EXPANSION_TO_STR( MBEDTLS_SSL_SRV_RESPECT_CLIENT_PREFERENCE ); - return( 0 ); - } -#endif /* MBEDTLS_SSL_SRV_RESPECT_CLIENT_PREFERENCE */ - -#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH) - if( strcmp( "MBEDTLS_SSL_MAX_FRAGMENT_LENGTH", config ) == 0 ) - { - MACRO_EXPANSION_TO_STR( MBEDTLS_SSL_MAX_FRAGMENT_LENGTH ); - return( 0 ); - } -#endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */ - -#if defined(MBEDTLS_SSL_PROTO_TLS1) - if( strcmp( "MBEDTLS_SSL_PROTO_TLS1", config ) == 0 ) - { - MACRO_EXPANSION_TO_STR( MBEDTLS_SSL_PROTO_TLS1 ); - return( 0 ); - } -#endif /* MBEDTLS_SSL_PROTO_TLS1 */ - -#if defined(MBEDTLS_SSL_PROTO_TLS1_1) - if( strcmp( "MBEDTLS_SSL_PROTO_TLS1_1", config ) == 0 ) - { - MACRO_EXPANSION_TO_STR( MBEDTLS_SSL_PROTO_TLS1_1 ); - return( 0 ); - } -#endif /* MBEDTLS_SSL_PROTO_TLS1_1 */ - -#if defined(MBEDTLS_SSL_PROTO_TLS1_2) - if( strcmp( "MBEDTLS_SSL_PROTO_TLS1_2", config ) == 0 ) - { - MACRO_EXPANSION_TO_STR( MBEDTLS_SSL_PROTO_TLS1_2 ); - return( 0 ); - } -#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ - -#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL) - if( strcmp( "MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL", config ) == 0 ) - { - MACRO_EXPANSION_TO_STR( MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL ); - return( 0 ); - } -#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */ - -#if defined(MBEDTLS_SSL_PROTO_DTLS) - if( strcmp( "MBEDTLS_SSL_PROTO_DTLS", config ) == 0 ) - { - MACRO_EXPANSION_TO_STR( MBEDTLS_SSL_PROTO_DTLS ); - return( 0 ); - } -#endif /* MBEDTLS_SSL_PROTO_DTLS */ - -#if defined(MBEDTLS_SSL_ALPN) - if( strcmp( "MBEDTLS_SSL_ALPN", config ) == 0 ) - { - MACRO_EXPANSION_TO_STR( MBEDTLS_SSL_ALPN ); - return( 0 ); - } -#endif /* MBEDTLS_SSL_ALPN */ - -#if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY) - if( strcmp( "MBEDTLS_SSL_DTLS_ANTI_REPLAY", config ) == 0 ) - { - MACRO_EXPANSION_TO_STR( MBEDTLS_SSL_DTLS_ANTI_REPLAY ); - return( 0 ); - } -#endif /* MBEDTLS_SSL_DTLS_ANTI_REPLAY */ - -#if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY) - if( strcmp( "MBEDTLS_SSL_DTLS_HELLO_VERIFY", config ) == 0 ) - { - MACRO_EXPANSION_TO_STR( MBEDTLS_SSL_DTLS_HELLO_VERIFY ); - return( 0 ); - } -#endif /* MBEDTLS_SSL_DTLS_HELLO_VERIFY */ - -#if defined(MBEDTLS_SSL_DTLS_SRTP) - if( strcmp( "MBEDTLS_SSL_DTLS_SRTP", config ) == 0 ) - { - MACRO_EXPANSION_TO_STR( MBEDTLS_SSL_DTLS_SRTP ); - return( 0 ); - } -#endif /* MBEDTLS_SSL_DTLS_SRTP */ - -#if defined(MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE) - if( strcmp( "MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE", config ) == 0 ) - { - MACRO_EXPANSION_TO_STR( MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE ); - return( 0 ); - } -#endif /* MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE */ - -#if defined(MBEDTLS_SSL_DTLS_BADMAC_LIMIT) - if( strcmp( "MBEDTLS_SSL_DTLS_BADMAC_LIMIT", config ) == 0 ) - { - MACRO_EXPANSION_TO_STR( MBEDTLS_SSL_DTLS_BADMAC_LIMIT ); - return( 0 ); - } -#endif /* MBEDTLS_SSL_DTLS_BADMAC_LIMIT */ - -#if defined(MBEDTLS_SSL_SESSION_TICKETS) - if( strcmp( "MBEDTLS_SSL_SESSION_TICKETS", config ) == 0 ) - { - MACRO_EXPANSION_TO_STR( MBEDTLS_SSL_SESSION_TICKETS ); - return( 0 ); - } -#endif /* MBEDTLS_SSL_SESSION_TICKETS */ - -#if defined(MBEDTLS_SSL_EXPORT_KEYS) - if( strcmp( "MBEDTLS_SSL_EXPORT_KEYS", config ) == 0 ) - { - MACRO_EXPANSION_TO_STR( MBEDTLS_SSL_EXPORT_KEYS ); - return( 0 ); - } -#endif /* MBEDTLS_SSL_EXPORT_KEYS */ - -#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) - if( strcmp( "MBEDTLS_SSL_SERVER_NAME_INDICATION", config ) == 0 ) - { - MACRO_EXPANSION_TO_STR( MBEDTLS_SSL_SERVER_NAME_INDICATION ); - return( 0 ); - } -#endif /* MBEDTLS_SSL_SERVER_NAME_INDICATION */ - -#if defined(MBEDTLS_SSL_TRUNCATED_HMAC) - if( strcmp( "MBEDTLS_SSL_TRUNCATED_HMAC", config ) == 0 ) - { - MACRO_EXPANSION_TO_STR( MBEDTLS_SSL_TRUNCATED_HMAC ); - return( 0 ); - } -#endif /* MBEDTLS_SSL_TRUNCATED_HMAC */ - -#if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH) - if( strcmp( "MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH", config ) == 0 ) - { - MACRO_EXPANSION_TO_STR( MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH ); - return( 0 ); - } -#endif /* MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH */ - -#if defined(MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN) - if( strcmp( "MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN", config ) == 0 ) - { - MACRO_EXPANSION_TO_STR( MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN ); - return( 0 ); - } -#endif /* MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN */ - -#if defined(MBEDTLS_TEST_CONSTANT_FLOW_VALGRIND) - if( strcmp( "MBEDTLS_TEST_CONSTANT_FLOW_VALGRIND", config ) == 0 ) - { - MACRO_EXPANSION_TO_STR( MBEDTLS_TEST_CONSTANT_FLOW_VALGRIND ); - return( 0 ); - } -#endif /* MBEDTLS_TEST_CONSTANT_FLOW_VALGRIND */ - -#if defined(MBEDTLS_TEST_HOOKS) - if( strcmp( "MBEDTLS_TEST_HOOKS", config ) == 0 ) - { - MACRO_EXPANSION_TO_STR( MBEDTLS_TEST_HOOKS ); - return( 0 ); - } -#endif /* MBEDTLS_TEST_HOOKS */ - -#if defined(MBEDTLS_THREADING_ALT) - if( strcmp( "MBEDTLS_THREADING_ALT", config ) == 0 ) - { - MACRO_EXPANSION_TO_STR( MBEDTLS_THREADING_ALT ); - return( 0 ); - } -#endif /* MBEDTLS_THREADING_ALT */ - -#if defined(MBEDTLS_THREADING_PTHREAD) - if( strcmp( "MBEDTLS_THREADING_PTHREAD", config ) == 0 ) - { - MACRO_EXPANSION_TO_STR( MBEDTLS_THREADING_PTHREAD ); - return( 0 ); - } -#endif /* MBEDTLS_THREADING_PTHREAD */ - -#if defined(MBEDTLS_USE_PSA_CRYPTO) - if( strcmp( "MBEDTLS_USE_PSA_CRYPTO", config ) == 0 ) - { - MACRO_EXPANSION_TO_STR( MBEDTLS_USE_PSA_CRYPTO ); - return( 0 ); - } -#endif /* MBEDTLS_USE_PSA_CRYPTO */ - -#if defined(MBEDTLS_PSA_CRYPTO_CONFIG) - if( strcmp( "MBEDTLS_PSA_CRYPTO_CONFIG", config ) == 0 ) - { - MACRO_EXPANSION_TO_STR( MBEDTLS_PSA_CRYPTO_CONFIG ); - return( 0 ); - } -#endif /* MBEDTLS_PSA_CRYPTO_CONFIG */ - -#if defined(MBEDTLS_VERSION_FEATURES) - if( strcmp( "MBEDTLS_VERSION_FEATURES", config ) == 0 ) - { - MACRO_EXPANSION_TO_STR( MBEDTLS_VERSION_FEATURES ); - return( 0 ); - } -#endif /* MBEDTLS_VERSION_FEATURES */ - -#if defined(MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3) - if( strcmp( "MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3", config ) == 0 ) - { - MACRO_EXPANSION_TO_STR( MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3 ); - return( 0 ); - } -#endif /* MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3 */ - -#if defined(MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION) - if( strcmp( "MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION", config ) == 0 ) - { - MACRO_EXPANSION_TO_STR( MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION ); - return( 0 ); - } -#endif /* MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION */ - -#if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK) - if( strcmp( "MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK", config ) == 0 ) - { - MACRO_EXPANSION_TO_STR( MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK ); - return( 0 ); - } -#endif /* MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK */ - -#if defined(MBEDTLS_X509_CHECK_KEY_USAGE) - if( strcmp( "MBEDTLS_X509_CHECK_KEY_USAGE", config ) == 0 ) - { - MACRO_EXPANSION_TO_STR( MBEDTLS_X509_CHECK_KEY_USAGE ); - return( 0 ); - } -#endif /* MBEDTLS_X509_CHECK_KEY_USAGE */ - -#if defined(MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE) - if( strcmp( "MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE", config ) == 0 ) - { - MACRO_EXPANSION_TO_STR( MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE ); - return( 0 ); - } -#endif /* MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE */ - -#if defined(MBEDTLS_X509_REMOVE_INFO) - if( strcmp( "MBEDTLS_X509_REMOVE_INFO", config ) == 0 ) - { - MACRO_EXPANSION_TO_STR( MBEDTLS_X509_REMOVE_INFO ); - return( 0 ); - } -#endif /* MBEDTLS_X509_REMOVE_INFO */ - -#if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT) - if( strcmp( "MBEDTLS_X509_RSASSA_PSS_SUPPORT", config ) == 0 ) - { - MACRO_EXPANSION_TO_STR( MBEDTLS_X509_RSASSA_PSS_SUPPORT ); - return( 0 ); - } -#endif /* MBEDTLS_X509_RSASSA_PSS_SUPPORT */ - -#if defined(MBEDTLS_AESNI_C) - if( strcmp( "MBEDTLS_AESNI_C", config ) == 0 ) - { - MACRO_EXPANSION_TO_STR( MBEDTLS_AESNI_C ); - return( 0 ); - } -#endif /* MBEDTLS_AESNI_C */ - -#if defined(MBEDTLS_AES_C) - if( strcmp( "MBEDTLS_AES_C", config ) == 0 ) - { - MACRO_EXPANSION_TO_STR( MBEDTLS_AES_C ); - return( 0 ); - } -#endif /* MBEDTLS_AES_C */ - -#if defined(MBEDTLS_ARC4_C) - if( strcmp( "MBEDTLS_ARC4_C", config ) == 0 ) - { - MACRO_EXPANSION_TO_STR( MBEDTLS_ARC4_C ); - return( 0 ); - } -#endif /* MBEDTLS_ARC4_C */ - -#if defined(MBEDTLS_ASN1_PARSE_C) - if( strcmp( "MBEDTLS_ASN1_PARSE_C", config ) == 0 ) - { - MACRO_EXPANSION_TO_STR( MBEDTLS_ASN1_PARSE_C ); - return( 0 ); - } -#endif /* MBEDTLS_ASN1_PARSE_C */ - -#if defined(MBEDTLS_ASN1_WRITE_C) - if( strcmp( "MBEDTLS_ASN1_WRITE_C", config ) == 0 ) - { - MACRO_EXPANSION_TO_STR( MBEDTLS_ASN1_WRITE_C ); - return( 0 ); - } -#endif /* MBEDTLS_ASN1_WRITE_C */ - -#if defined(MBEDTLS_BASE64_C) - if( strcmp( "MBEDTLS_BASE64_C", config ) == 0 ) - { - MACRO_EXPANSION_TO_STR( MBEDTLS_BASE64_C ); - return( 0 ); - } -#endif /* MBEDTLS_BASE64_C */ - -#if defined(MBEDTLS_BIGNUM_C) - if( strcmp( "MBEDTLS_BIGNUM_C", config ) == 0 ) - { - MACRO_EXPANSION_TO_STR( MBEDTLS_BIGNUM_C ); - return( 0 ); - } -#endif /* MBEDTLS_BIGNUM_C */ - -#if defined(MBEDTLS_BLOWFISH_C) - if( strcmp( "MBEDTLS_BLOWFISH_C", config ) == 0 ) - { - MACRO_EXPANSION_TO_STR( MBEDTLS_BLOWFISH_C ); - return( 0 ); - } -#endif /* MBEDTLS_BLOWFISH_C */ - -#if defined(MBEDTLS_CAMELLIA_C) - if( strcmp( "MBEDTLS_CAMELLIA_C", config ) == 0 ) - { - MACRO_EXPANSION_TO_STR( MBEDTLS_CAMELLIA_C ); - return( 0 ); - } -#endif /* MBEDTLS_CAMELLIA_C */ - -#if defined(MBEDTLS_ARIA_C) - if( strcmp( "MBEDTLS_ARIA_C", config ) == 0 ) - { - MACRO_EXPANSION_TO_STR( MBEDTLS_ARIA_C ); - return( 0 ); - } -#endif /* MBEDTLS_ARIA_C */ - -#if defined(MBEDTLS_CCM_C) - if( strcmp( "MBEDTLS_CCM_C", config ) == 0 ) - { - MACRO_EXPANSION_TO_STR( MBEDTLS_CCM_C ); - return( 0 ); - } -#endif /* MBEDTLS_CCM_C */ - -#if defined(MBEDTLS_CHACHA20_C) - if( strcmp( "MBEDTLS_CHACHA20_C", config ) == 0 ) - { - MACRO_EXPANSION_TO_STR( MBEDTLS_CHACHA20_C ); - return( 0 ); - } -#endif /* MBEDTLS_CHACHA20_C */ - -#if defined(MBEDTLS_CHACHAPOLY_C) - if( strcmp( "MBEDTLS_CHACHAPOLY_C", config ) == 0 ) - { - MACRO_EXPANSION_TO_STR( MBEDTLS_CHACHAPOLY_C ); - return( 0 ); - } -#endif /* MBEDTLS_CHACHAPOLY_C */ - -#if defined(MBEDTLS_CIPHER_C) - if( strcmp( "MBEDTLS_CIPHER_C", config ) == 0 ) - { - MACRO_EXPANSION_TO_STR( MBEDTLS_CIPHER_C ); - return( 0 ); - } -#endif /* MBEDTLS_CIPHER_C */ - -#if defined(MBEDTLS_CMAC_C) - if( strcmp( "MBEDTLS_CMAC_C", config ) == 0 ) - { - MACRO_EXPANSION_TO_STR( MBEDTLS_CMAC_C ); - return( 0 ); - } -#endif /* MBEDTLS_CMAC_C */ - -#if defined(MBEDTLS_CTR_DRBG_C) - if( strcmp( "MBEDTLS_CTR_DRBG_C", config ) == 0 ) - { - MACRO_EXPANSION_TO_STR( MBEDTLS_CTR_DRBG_C ); - return( 0 ); - } -#endif /* MBEDTLS_CTR_DRBG_C */ - -#if defined(MBEDTLS_DEBUG_C) - if( strcmp( "MBEDTLS_DEBUG_C", config ) == 0 ) - { - MACRO_EXPANSION_TO_STR( MBEDTLS_DEBUG_C ); - return( 0 ); - } -#endif /* MBEDTLS_DEBUG_C */ - -#if defined(MBEDTLS_DES_C) - if( strcmp( "MBEDTLS_DES_C", config ) == 0 ) - { - MACRO_EXPANSION_TO_STR( MBEDTLS_DES_C ); - return( 0 ); - } -#endif /* MBEDTLS_DES_C */ - -#if defined(MBEDTLS_DHM_C) - if( strcmp( "MBEDTLS_DHM_C", config ) == 0 ) - { - MACRO_EXPANSION_TO_STR( MBEDTLS_DHM_C ); - return( 0 ); - } -#endif /* MBEDTLS_DHM_C */ - -#if defined(MBEDTLS_ECDH_C) - if( strcmp( "MBEDTLS_ECDH_C", config ) == 0 ) - { - MACRO_EXPANSION_TO_STR( MBEDTLS_ECDH_C ); - return( 0 ); - } -#endif /* MBEDTLS_ECDH_C */ - -#if defined(MBEDTLS_ECDSA_C) - if( strcmp( "MBEDTLS_ECDSA_C", config ) == 0 ) - { - MACRO_EXPANSION_TO_STR( MBEDTLS_ECDSA_C ); - return( 0 ); - } -#endif /* MBEDTLS_ECDSA_C */ - -#if defined(MBEDTLS_ECJPAKE_C) - if( strcmp( "MBEDTLS_ECJPAKE_C", config ) == 0 ) - { - MACRO_EXPANSION_TO_STR( MBEDTLS_ECJPAKE_C ); - return( 0 ); - } -#endif /* MBEDTLS_ECJPAKE_C */ - -#if defined(MBEDTLS_ECP_C) - if( strcmp( "MBEDTLS_ECP_C", config ) == 0 ) - { - MACRO_EXPANSION_TO_STR( MBEDTLS_ECP_C ); - return( 0 ); - } -#endif /* MBEDTLS_ECP_C */ - -#if defined(MBEDTLS_ENTROPY_C) - if( strcmp( "MBEDTLS_ENTROPY_C", config ) == 0 ) - { - MACRO_EXPANSION_TO_STR( MBEDTLS_ENTROPY_C ); - return( 0 ); - } -#endif /* MBEDTLS_ENTROPY_C */ - -#if defined(MBEDTLS_ERROR_C) - if( strcmp( "MBEDTLS_ERROR_C", config ) == 0 ) - { - MACRO_EXPANSION_TO_STR( MBEDTLS_ERROR_C ); - return( 0 ); - } -#endif /* MBEDTLS_ERROR_C */ - -#if defined(MBEDTLS_GCM_C) - if( strcmp( "MBEDTLS_GCM_C", config ) == 0 ) - { - MACRO_EXPANSION_TO_STR( MBEDTLS_GCM_C ); - return( 0 ); - } -#endif /* MBEDTLS_GCM_C */ - -#if defined(MBEDTLS_HKDF_C) - if( strcmp( "MBEDTLS_HKDF_C", config ) == 0 ) - { - MACRO_EXPANSION_TO_STR( MBEDTLS_HKDF_C ); - return( 0 ); - } -#endif /* MBEDTLS_HKDF_C */ - -#if defined(MBEDTLS_HMAC_DRBG_C) - if( strcmp( "MBEDTLS_HMAC_DRBG_C", config ) == 0 ) - { - MACRO_EXPANSION_TO_STR( MBEDTLS_HMAC_DRBG_C ); - return( 0 ); - } -#endif /* MBEDTLS_HMAC_DRBG_C */ - -#if defined(MBEDTLS_NIST_KW_C) - if( strcmp( "MBEDTLS_NIST_KW_C", config ) == 0 ) - { - MACRO_EXPANSION_TO_STR( MBEDTLS_NIST_KW_C ); - return( 0 ); - } -#endif /* MBEDTLS_NIST_KW_C */ - -#if defined(MBEDTLS_MD_C) - if( strcmp( "MBEDTLS_MD_C", config ) == 0 ) - { - MACRO_EXPANSION_TO_STR( MBEDTLS_MD_C ); - return( 0 ); - } -#endif /* MBEDTLS_MD_C */ - -#if defined(MBEDTLS_MD2_C) - if( strcmp( "MBEDTLS_MD2_C", config ) == 0 ) - { - MACRO_EXPANSION_TO_STR( MBEDTLS_MD2_C ); - return( 0 ); - } -#endif /* MBEDTLS_MD2_C */ - -#if defined(MBEDTLS_MD4_C) - if( strcmp( "MBEDTLS_MD4_C", config ) == 0 ) - { - MACRO_EXPANSION_TO_STR( MBEDTLS_MD4_C ); - return( 0 ); - } -#endif /* MBEDTLS_MD4_C */ - -#if defined(MBEDTLS_MD5_C) - if( strcmp( "MBEDTLS_MD5_C", config ) == 0 ) - { - MACRO_EXPANSION_TO_STR( MBEDTLS_MD5_C ); - return( 0 ); - } -#endif /* MBEDTLS_MD5_C */ - -#if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C) - if( strcmp( "MBEDTLS_MEMORY_BUFFER_ALLOC_C", config ) == 0 ) - { - MACRO_EXPANSION_TO_STR( MBEDTLS_MEMORY_BUFFER_ALLOC_C ); - return( 0 ); - } -#endif /* MBEDTLS_MEMORY_BUFFER_ALLOC_C */ - -#if defined(MBEDTLS_NET_C) - if( strcmp( "MBEDTLS_NET_C", config ) == 0 ) - { - MACRO_EXPANSION_TO_STR( MBEDTLS_NET_C ); - return( 0 ); - } -#endif /* MBEDTLS_NET_C */ - -#if defined(MBEDTLS_OID_C) - if( strcmp( "MBEDTLS_OID_C", config ) == 0 ) - { - MACRO_EXPANSION_TO_STR( MBEDTLS_OID_C ); - return( 0 ); - } -#endif /* MBEDTLS_OID_C */ - -#if defined(MBEDTLS_PADLOCK_C) - if( strcmp( "MBEDTLS_PADLOCK_C", config ) == 0 ) - { - MACRO_EXPANSION_TO_STR( MBEDTLS_PADLOCK_C ); - return( 0 ); - } -#endif /* MBEDTLS_PADLOCK_C */ - -#if defined(MBEDTLS_PEM_PARSE_C) - if( strcmp( "MBEDTLS_PEM_PARSE_C", config ) == 0 ) - { - MACRO_EXPANSION_TO_STR( MBEDTLS_PEM_PARSE_C ); - return( 0 ); - } -#endif /* MBEDTLS_PEM_PARSE_C */ - -#if defined(MBEDTLS_PEM_WRITE_C) - if( strcmp( "MBEDTLS_PEM_WRITE_C", config ) == 0 ) - { - MACRO_EXPANSION_TO_STR( MBEDTLS_PEM_WRITE_C ); - return( 0 ); - } -#endif /* MBEDTLS_PEM_WRITE_C */ - -#if defined(MBEDTLS_PK_C) - if( strcmp( "MBEDTLS_PK_C", config ) == 0 ) - { - MACRO_EXPANSION_TO_STR( MBEDTLS_PK_C ); - return( 0 ); - } -#endif /* MBEDTLS_PK_C */ - -#if defined(MBEDTLS_PK_PARSE_C) - if( strcmp( "MBEDTLS_PK_PARSE_C", config ) == 0 ) - { - MACRO_EXPANSION_TO_STR( MBEDTLS_PK_PARSE_C ); - return( 0 ); - } -#endif /* MBEDTLS_PK_PARSE_C */ - -#if defined(MBEDTLS_PK_WRITE_C) - if( strcmp( "MBEDTLS_PK_WRITE_C", config ) == 0 ) - { - MACRO_EXPANSION_TO_STR( MBEDTLS_PK_WRITE_C ); - return( 0 ); - } -#endif /* MBEDTLS_PK_WRITE_C */ - -#if defined(MBEDTLS_PKCS5_C) - if( strcmp( "MBEDTLS_PKCS5_C", config ) == 0 ) - { - MACRO_EXPANSION_TO_STR( MBEDTLS_PKCS5_C ); - return( 0 ); - } -#endif /* MBEDTLS_PKCS5_C */ - -#if defined(MBEDTLS_PKCS12_C) - if( strcmp( "MBEDTLS_PKCS12_C", config ) == 0 ) - { - MACRO_EXPANSION_TO_STR( MBEDTLS_PKCS12_C ); - return( 0 ); - } -#endif /* MBEDTLS_PKCS12_C */ - -#if defined(MBEDTLS_PLATFORM_C) - if( strcmp( "MBEDTLS_PLATFORM_C", config ) == 0 ) - { - MACRO_EXPANSION_TO_STR( MBEDTLS_PLATFORM_C ); - return( 0 ); - } -#endif /* MBEDTLS_PLATFORM_C */ - -#if defined(MBEDTLS_POLY1305_C) - if( strcmp( "MBEDTLS_POLY1305_C", config ) == 0 ) - { - MACRO_EXPANSION_TO_STR( MBEDTLS_POLY1305_C ); - return( 0 ); - } -#endif /* MBEDTLS_POLY1305_C */ - -#if defined(MBEDTLS_PSA_CRYPTO_C) - if( strcmp( "MBEDTLS_PSA_CRYPTO_C", config ) == 0 ) - { - MACRO_EXPANSION_TO_STR( MBEDTLS_PSA_CRYPTO_C ); - return( 0 ); - } -#endif /* MBEDTLS_PSA_CRYPTO_C */ - -#if defined(MBEDTLS_PSA_CRYPTO_SE_C) - if( strcmp( "MBEDTLS_PSA_CRYPTO_SE_C", config ) == 0 ) - { - MACRO_EXPANSION_TO_STR( MBEDTLS_PSA_CRYPTO_SE_C ); - return( 0 ); - } -#endif /* MBEDTLS_PSA_CRYPTO_SE_C */ - -#if defined(MBEDTLS_PSA_CRYPTO_STORAGE_C) - if( strcmp( "MBEDTLS_PSA_CRYPTO_STORAGE_C", config ) == 0 ) - { - MACRO_EXPANSION_TO_STR( MBEDTLS_PSA_CRYPTO_STORAGE_C ); - return( 0 ); - } -#endif /* MBEDTLS_PSA_CRYPTO_STORAGE_C */ - -#if defined(MBEDTLS_PSA_ITS_FILE_C) - if( strcmp( "MBEDTLS_PSA_ITS_FILE_C", config ) == 0 ) - { - MACRO_EXPANSION_TO_STR( MBEDTLS_PSA_ITS_FILE_C ); - return( 0 ); - } -#endif /* MBEDTLS_PSA_ITS_FILE_C */ - -#if defined(MBEDTLS_RIPEMD160_C) - if( strcmp( "MBEDTLS_RIPEMD160_C", config ) == 0 ) - { - MACRO_EXPANSION_TO_STR( MBEDTLS_RIPEMD160_C ); - return( 0 ); - } -#endif /* MBEDTLS_RIPEMD160_C */ - -#if defined(MBEDTLS_RSA_C) - if( strcmp( "MBEDTLS_RSA_C", config ) == 0 ) - { - MACRO_EXPANSION_TO_STR( MBEDTLS_RSA_C ); - return( 0 ); - } -#endif /* MBEDTLS_RSA_C */ - -#if defined(MBEDTLS_SHA1_C) - if( strcmp( "MBEDTLS_SHA1_C", config ) == 0 ) - { - MACRO_EXPANSION_TO_STR( MBEDTLS_SHA1_C ); - return( 0 ); - } -#endif /* MBEDTLS_SHA1_C */ - -#if defined(MBEDTLS_SHA256_C) - if( strcmp( "MBEDTLS_SHA256_C", config ) == 0 ) - { - MACRO_EXPANSION_TO_STR( MBEDTLS_SHA256_C ); - return( 0 ); - } -#endif /* MBEDTLS_SHA256_C */ - -#if defined(MBEDTLS_SHA512_C) - if( strcmp( "MBEDTLS_SHA512_C", config ) == 0 ) - { - MACRO_EXPANSION_TO_STR( MBEDTLS_SHA512_C ); - return( 0 ); - } -#endif /* MBEDTLS_SHA512_C */ - -#if defined(MBEDTLS_SSL_CACHE_C) - if( strcmp( "MBEDTLS_SSL_CACHE_C", config ) == 0 ) - { - MACRO_EXPANSION_TO_STR( MBEDTLS_SSL_CACHE_C ); - return( 0 ); - } -#endif /* MBEDTLS_SSL_CACHE_C */ - -#if defined(MBEDTLS_SSL_COOKIE_C) - if( strcmp( "MBEDTLS_SSL_COOKIE_C", config ) == 0 ) - { - MACRO_EXPANSION_TO_STR( MBEDTLS_SSL_COOKIE_C ); - return( 0 ); - } -#endif /* MBEDTLS_SSL_COOKIE_C */ - -#if defined(MBEDTLS_SSL_TICKET_C) - if( strcmp( "MBEDTLS_SSL_TICKET_C", config ) == 0 ) - { - MACRO_EXPANSION_TO_STR( MBEDTLS_SSL_TICKET_C ); - return( 0 ); - } -#endif /* MBEDTLS_SSL_TICKET_C */ - -#if defined(MBEDTLS_SSL_CLI_C) - if( strcmp( "MBEDTLS_SSL_CLI_C", config ) == 0 ) - { - MACRO_EXPANSION_TO_STR( MBEDTLS_SSL_CLI_C ); - return( 0 ); - } -#endif /* MBEDTLS_SSL_CLI_C */ - -#if defined(MBEDTLS_SSL_SRV_C) - if( strcmp( "MBEDTLS_SSL_SRV_C", config ) == 0 ) - { - MACRO_EXPANSION_TO_STR( MBEDTLS_SSL_SRV_C ); - return( 0 ); - } -#endif /* MBEDTLS_SSL_SRV_C */ - -#if defined(MBEDTLS_SSL_TLS_C) - if( strcmp( "MBEDTLS_SSL_TLS_C", config ) == 0 ) - { - MACRO_EXPANSION_TO_STR( MBEDTLS_SSL_TLS_C ); - return( 0 ); - } -#endif /* MBEDTLS_SSL_TLS_C */ - -#if defined(MBEDTLS_THREADING_C) - if( strcmp( "MBEDTLS_THREADING_C", config ) == 0 ) - { - MACRO_EXPANSION_TO_STR( MBEDTLS_THREADING_C ); - return( 0 ); - } -#endif /* MBEDTLS_THREADING_C */ - -#if defined(MBEDTLS_TIMING_C) - if( strcmp( "MBEDTLS_TIMING_C", config ) == 0 ) - { - MACRO_EXPANSION_TO_STR( MBEDTLS_TIMING_C ); - return( 0 ); - } -#endif /* MBEDTLS_TIMING_C */ - -#if defined(MBEDTLS_VERSION_C) - if( strcmp( "MBEDTLS_VERSION_C", config ) == 0 ) - { - MACRO_EXPANSION_TO_STR( MBEDTLS_VERSION_C ); - return( 0 ); - } -#endif /* MBEDTLS_VERSION_C */ - -#if defined(MBEDTLS_X509_USE_C) - if( strcmp( "MBEDTLS_X509_USE_C", config ) == 0 ) - { - MACRO_EXPANSION_TO_STR( MBEDTLS_X509_USE_C ); - return( 0 ); - } -#endif /* MBEDTLS_X509_USE_C */ - -#if defined(MBEDTLS_X509_CRT_PARSE_C) - if( strcmp( "MBEDTLS_X509_CRT_PARSE_C", config ) == 0 ) - { - MACRO_EXPANSION_TO_STR( MBEDTLS_X509_CRT_PARSE_C ); - return( 0 ); - } -#endif /* MBEDTLS_X509_CRT_PARSE_C */ - -#if defined(MBEDTLS_X509_CRL_PARSE_C) - if( strcmp( "MBEDTLS_X509_CRL_PARSE_C", config ) == 0 ) - { - MACRO_EXPANSION_TO_STR( MBEDTLS_X509_CRL_PARSE_C ); - return( 0 ); - } -#endif /* MBEDTLS_X509_CRL_PARSE_C */ - -#if defined(MBEDTLS_X509_CSR_PARSE_C) - if( strcmp( "MBEDTLS_X509_CSR_PARSE_C", config ) == 0 ) - { - MACRO_EXPANSION_TO_STR( MBEDTLS_X509_CSR_PARSE_C ); - return( 0 ); - } -#endif /* MBEDTLS_X509_CSR_PARSE_C */ - -#if defined(MBEDTLS_X509_CREATE_C) - if( strcmp( "MBEDTLS_X509_CREATE_C", config ) == 0 ) - { - MACRO_EXPANSION_TO_STR( MBEDTLS_X509_CREATE_C ); - return( 0 ); - } -#endif /* MBEDTLS_X509_CREATE_C */ - -#if defined(MBEDTLS_X509_CRT_WRITE_C) - if( strcmp( "MBEDTLS_X509_CRT_WRITE_C", config ) == 0 ) - { - MACRO_EXPANSION_TO_STR( MBEDTLS_X509_CRT_WRITE_C ); - return( 0 ); - } -#endif /* MBEDTLS_X509_CRT_WRITE_C */ - -#if defined(MBEDTLS_X509_CSR_WRITE_C) - if( strcmp( "MBEDTLS_X509_CSR_WRITE_C", config ) == 0 ) - { - MACRO_EXPANSION_TO_STR( MBEDTLS_X509_CSR_WRITE_C ); - return( 0 ); - } -#endif /* MBEDTLS_X509_CSR_WRITE_C */ - -#if defined(MBEDTLS_XTEA_C) - if( strcmp( "MBEDTLS_XTEA_C", config ) == 0 ) - { - MACRO_EXPANSION_TO_STR( MBEDTLS_XTEA_C ); - return( 0 ); - } -#endif /* MBEDTLS_XTEA_C */ - -#if defined(MBEDTLS_MPI_WINDOW_SIZE) - if( strcmp( "MBEDTLS_MPI_WINDOW_SIZE", config ) == 0 ) - { - MACRO_EXPANSION_TO_STR( MBEDTLS_MPI_WINDOW_SIZE ); - return( 0 ); - } -#endif /* MBEDTLS_MPI_WINDOW_SIZE */ - -#if defined(MBEDTLS_MPI_MAX_SIZE) - if( strcmp( "MBEDTLS_MPI_MAX_SIZE", config ) == 0 ) - { - MACRO_EXPANSION_TO_STR( MBEDTLS_MPI_MAX_SIZE ); - return( 0 ); - } -#endif /* MBEDTLS_MPI_MAX_SIZE */ - -#if defined(MBEDTLS_CTR_DRBG_ENTROPY_LEN) - if( strcmp( "MBEDTLS_CTR_DRBG_ENTROPY_LEN", config ) == 0 ) - { - MACRO_EXPANSION_TO_STR( MBEDTLS_CTR_DRBG_ENTROPY_LEN ); - return( 0 ); - } -#endif /* MBEDTLS_CTR_DRBG_ENTROPY_LEN */ - -#if defined(MBEDTLS_CTR_DRBG_RESEED_INTERVAL) - if( strcmp( "MBEDTLS_CTR_DRBG_RESEED_INTERVAL", config ) == 0 ) - { - MACRO_EXPANSION_TO_STR( MBEDTLS_CTR_DRBG_RESEED_INTERVAL ); - return( 0 ); - } -#endif /* MBEDTLS_CTR_DRBG_RESEED_INTERVAL */ - -#if defined(MBEDTLS_CTR_DRBG_MAX_INPUT) - if( strcmp( "MBEDTLS_CTR_DRBG_MAX_INPUT", config ) == 0 ) - { - MACRO_EXPANSION_TO_STR( MBEDTLS_CTR_DRBG_MAX_INPUT ); - return( 0 ); - } -#endif /* MBEDTLS_CTR_DRBG_MAX_INPUT */ - -#if defined(MBEDTLS_CTR_DRBG_MAX_REQUEST) - if( strcmp( "MBEDTLS_CTR_DRBG_MAX_REQUEST", config ) == 0 ) - { - MACRO_EXPANSION_TO_STR( MBEDTLS_CTR_DRBG_MAX_REQUEST ); - return( 0 ); - } -#endif /* MBEDTLS_CTR_DRBG_MAX_REQUEST */ - -#if defined(MBEDTLS_CTR_DRBG_MAX_SEED_INPUT) - if( strcmp( "MBEDTLS_CTR_DRBG_MAX_SEED_INPUT", config ) == 0 ) - { - MACRO_EXPANSION_TO_STR( MBEDTLS_CTR_DRBG_MAX_SEED_INPUT ); - return( 0 ); - } -#endif /* MBEDTLS_CTR_DRBG_MAX_SEED_INPUT */ - -#if defined(MBEDTLS_HMAC_DRBG_RESEED_INTERVAL) - if( strcmp( "MBEDTLS_HMAC_DRBG_RESEED_INTERVAL", config ) == 0 ) - { - MACRO_EXPANSION_TO_STR( MBEDTLS_HMAC_DRBG_RESEED_INTERVAL ); - return( 0 ); - } -#endif /* MBEDTLS_HMAC_DRBG_RESEED_INTERVAL */ - -#if defined(MBEDTLS_HMAC_DRBG_MAX_INPUT) - if( strcmp( "MBEDTLS_HMAC_DRBG_MAX_INPUT", config ) == 0 ) - { - MACRO_EXPANSION_TO_STR( MBEDTLS_HMAC_DRBG_MAX_INPUT ); - return( 0 ); - } -#endif /* MBEDTLS_HMAC_DRBG_MAX_INPUT */ - -#if defined(MBEDTLS_HMAC_DRBG_MAX_REQUEST) - if( strcmp( "MBEDTLS_HMAC_DRBG_MAX_REQUEST", config ) == 0 ) - { - MACRO_EXPANSION_TO_STR( MBEDTLS_HMAC_DRBG_MAX_REQUEST ); - return( 0 ); - } -#endif /* MBEDTLS_HMAC_DRBG_MAX_REQUEST */ - -#if defined(MBEDTLS_HMAC_DRBG_MAX_SEED_INPUT) - if( strcmp( "MBEDTLS_HMAC_DRBG_MAX_SEED_INPUT", config ) == 0 ) - { - MACRO_EXPANSION_TO_STR( MBEDTLS_HMAC_DRBG_MAX_SEED_INPUT ); - return( 0 ); - } -#endif /* MBEDTLS_HMAC_DRBG_MAX_SEED_INPUT */ - -#if defined(MBEDTLS_ECP_MAX_BITS) - if( strcmp( "MBEDTLS_ECP_MAX_BITS", config ) == 0 ) - { - MACRO_EXPANSION_TO_STR( MBEDTLS_ECP_MAX_BITS ); - return( 0 ); - } -#endif /* MBEDTLS_ECP_MAX_BITS */ - -#if defined(MBEDTLS_ECP_WINDOW_SIZE) - if( strcmp( "MBEDTLS_ECP_WINDOW_SIZE", config ) == 0 ) - { - MACRO_EXPANSION_TO_STR( MBEDTLS_ECP_WINDOW_SIZE ); - return( 0 ); - } -#endif /* MBEDTLS_ECP_WINDOW_SIZE */ - -#if defined(MBEDTLS_ECP_FIXED_POINT_OPTIM) - if( strcmp( "MBEDTLS_ECP_FIXED_POINT_OPTIM", config ) == 0 ) - { - MACRO_EXPANSION_TO_STR( MBEDTLS_ECP_FIXED_POINT_OPTIM ); - return( 0 ); - } -#endif /* MBEDTLS_ECP_FIXED_POINT_OPTIM */ - -#if defined(MBEDTLS_ENTROPY_MAX_SOURCES) - if( strcmp( "MBEDTLS_ENTROPY_MAX_SOURCES", config ) == 0 ) - { - MACRO_EXPANSION_TO_STR( MBEDTLS_ENTROPY_MAX_SOURCES ); - return( 0 ); - } -#endif /* MBEDTLS_ENTROPY_MAX_SOURCES */ - -#if defined(MBEDTLS_ENTROPY_MAX_GATHER) - if( strcmp( "MBEDTLS_ENTROPY_MAX_GATHER", config ) == 0 ) - { - MACRO_EXPANSION_TO_STR( MBEDTLS_ENTROPY_MAX_GATHER ); - return( 0 ); - } -#endif /* MBEDTLS_ENTROPY_MAX_GATHER */ - -#if defined(MBEDTLS_ENTROPY_MIN_HARDWARE) - if( strcmp( "MBEDTLS_ENTROPY_MIN_HARDWARE", config ) == 0 ) - { - MACRO_EXPANSION_TO_STR( MBEDTLS_ENTROPY_MIN_HARDWARE ); - return( 0 ); - } -#endif /* MBEDTLS_ENTROPY_MIN_HARDWARE */ - -#if defined(MBEDTLS_MEMORY_ALIGN_MULTIPLE) - if( strcmp( "MBEDTLS_MEMORY_ALIGN_MULTIPLE", config ) == 0 ) - { - MACRO_EXPANSION_TO_STR( MBEDTLS_MEMORY_ALIGN_MULTIPLE ); - return( 0 ); - } -#endif /* MBEDTLS_MEMORY_ALIGN_MULTIPLE */ - -#if defined(MBEDTLS_PLATFORM_STD_MEM_HDR) - if( strcmp( "MBEDTLS_PLATFORM_STD_MEM_HDR", config ) == 0 ) - { - MACRO_EXPANSION_TO_STR( MBEDTLS_PLATFORM_STD_MEM_HDR ); - return( 0 ); - } -#endif /* MBEDTLS_PLATFORM_STD_MEM_HDR */ - -#if defined(MBEDTLS_PLATFORM_STD_CALLOC) - if( strcmp( "MBEDTLS_PLATFORM_STD_CALLOC", config ) == 0 ) - { - MACRO_EXPANSION_TO_STR( MBEDTLS_PLATFORM_STD_CALLOC ); - return( 0 ); - } -#endif /* MBEDTLS_PLATFORM_STD_CALLOC */ - -#if defined(MBEDTLS_PLATFORM_STD_FREE) - if( strcmp( "MBEDTLS_PLATFORM_STD_FREE", config ) == 0 ) - { - MACRO_EXPANSION_TO_STR( MBEDTLS_PLATFORM_STD_FREE ); - return( 0 ); - } -#endif /* MBEDTLS_PLATFORM_STD_FREE */ - -#if defined(MBEDTLS_PLATFORM_STD_EXIT) - if( strcmp( "MBEDTLS_PLATFORM_STD_EXIT", config ) == 0 ) - { - MACRO_EXPANSION_TO_STR( MBEDTLS_PLATFORM_STD_EXIT ); - return( 0 ); - } -#endif /* MBEDTLS_PLATFORM_STD_EXIT */ - -#if defined(MBEDTLS_PLATFORM_STD_TIME) - if( strcmp( "MBEDTLS_PLATFORM_STD_TIME", config ) == 0 ) - { - MACRO_EXPANSION_TO_STR( MBEDTLS_PLATFORM_STD_TIME ); - return( 0 ); - } -#endif /* MBEDTLS_PLATFORM_STD_TIME */ - -#if defined(MBEDTLS_PLATFORM_STD_FPRINTF) - if( strcmp( "MBEDTLS_PLATFORM_STD_FPRINTF", config ) == 0 ) - { - MACRO_EXPANSION_TO_STR( MBEDTLS_PLATFORM_STD_FPRINTF ); - return( 0 ); - } -#endif /* MBEDTLS_PLATFORM_STD_FPRINTF */ - -#if defined(MBEDTLS_PLATFORM_STD_PRINTF) - if( strcmp( "MBEDTLS_PLATFORM_STD_PRINTF", config ) == 0 ) - { - MACRO_EXPANSION_TO_STR( MBEDTLS_PLATFORM_STD_PRINTF ); - return( 0 ); - } -#endif /* MBEDTLS_PLATFORM_STD_PRINTF */ - -#if defined(MBEDTLS_PLATFORM_STD_SNPRINTF) - if( strcmp( "MBEDTLS_PLATFORM_STD_SNPRINTF", config ) == 0 ) - { - MACRO_EXPANSION_TO_STR( MBEDTLS_PLATFORM_STD_SNPRINTF ); - return( 0 ); - } -#endif /* MBEDTLS_PLATFORM_STD_SNPRINTF */ - -#if defined(MBEDTLS_PLATFORM_STD_EXIT_SUCCESS) - if( strcmp( "MBEDTLS_PLATFORM_STD_EXIT_SUCCESS", config ) == 0 ) - { - MACRO_EXPANSION_TO_STR( MBEDTLS_PLATFORM_STD_EXIT_SUCCESS ); - return( 0 ); - } -#endif /* MBEDTLS_PLATFORM_STD_EXIT_SUCCESS */ - -#if defined(MBEDTLS_PLATFORM_STD_EXIT_FAILURE) - if( strcmp( "MBEDTLS_PLATFORM_STD_EXIT_FAILURE", config ) == 0 ) - { - MACRO_EXPANSION_TO_STR( MBEDTLS_PLATFORM_STD_EXIT_FAILURE ); - return( 0 ); - } -#endif /* MBEDTLS_PLATFORM_STD_EXIT_FAILURE */ - -#if defined(MBEDTLS_PLATFORM_STD_NV_SEED_READ) - if( strcmp( "MBEDTLS_PLATFORM_STD_NV_SEED_READ", config ) == 0 ) - { - MACRO_EXPANSION_TO_STR( MBEDTLS_PLATFORM_STD_NV_SEED_READ ); - return( 0 ); - } -#endif /* MBEDTLS_PLATFORM_STD_NV_SEED_READ */ - -#if defined(MBEDTLS_PLATFORM_STD_NV_SEED_WRITE) - if( strcmp( "MBEDTLS_PLATFORM_STD_NV_SEED_WRITE", config ) == 0 ) - { - MACRO_EXPANSION_TO_STR( MBEDTLS_PLATFORM_STD_NV_SEED_WRITE ); - return( 0 ); - } -#endif /* MBEDTLS_PLATFORM_STD_NV_SEED_WRITE */ - -#if defined(MBEDTLS_PLATFORM_STD_NV_SEED_FILE) - if( strcmp( "MBEDTLS_PLATFORM_STD_NV_SEED_FILE", config ) == 0 ) - { - MACRO_EXPANSION_TO_STR( MBEDTLS_PLATFORM_STD_NV_SEED_FILE ); - return( 0 ); - } -#endif /* MBEDTLS_PLATFORM_STD_NV_SEED_FILE */ - -#if defined(MBEDTLS_PLATFORM_CALLOC_MACRO) - if( strcmp( "MBEDTLS_PLATFORM_CALLOC_MACRO", config ) == 0 ) - { - MACRO_EXPANSION_TO_STR( MBEDTLS_PLATFORM_CALLOC_MACRO ); - return( 0 ); - } -#endif /* MBEDTLS_PLATFORM_CALLOC_MACRO */ - -#if defined(MBEDTLS_PLATFORM_FREE_MACRO) - if( strcmp( "MBEDTLS_PLATFORM_FREE_MACRO", config ) == 0 ) - { - MACRO_EXPANSION_TO_STR( MBEDTLS_PLATFORM_FREE_MACRO ); - return( 0 ); - } -#endif /* MBEDTLS_PLATFORM_FREE_MACRO */ - -#if defined(MBEDTLS_PLATFORM_EXIT_MACRO) - if( strcmp( "MBEDTLS_PLATFORM_EXIT_MACRO", config ) == 0 ) - { - MACRO_EXPANSION_TO_STR( MBEDTLS_PLATFORM_EXIT_MACRO ); - return( 0 ); - } -#endif /* MBEDTLS_PLATFORM_EXIT_MACRO */ - -#if defined(MBEDTLS_PLATFORM_TIME_MACRO) - if( strcmp( "MBEDTLS_PLATFORM_TIME_MACRO", config ) == 0 ) - { - MACRO_EXPANSION_TO_STR( MBEDTLS_PLATFORM_TIME_MACRO ); - return( 0 ); - } -#endif /* MBEDTLS_PLATFORM_TIME_MACRO */ - -#if defined(MBEDTLS_PLATFORM_TIME_TYPE_MACRO) - if( strcmp( "MBEDTLS_PLATFORM_TIME_TYPE_MACRO", config ) == 0 ) - { - MACRO_EXPANSION_TO_STR( MBEDTLS_PLATFORM_TIME_TYPE_MACRO ); - return( 0 ); - } -#endif /* MBEDTLS_PLATFORM_TIME_TYPE_MACRO */ - -#if defined(MBEDTLS_PLATFORM_FPRINTF_MACRO) - if( strcmp( "MBEDTLS_PLATFORM_FPRINTF_MACRO", config ) == 0 ) - { - MACRO_EXPANSION_TO_STR( MBEDTLS_PLATFORM_FPRINTF_MACRO ); - return( 0 ); - } -#endif /* MBEDTLS_PLATFORM_FPRINTF_MACRO */ - -#if defined(MBEDTLS_PLATFORM_PRINTF_MACRO) - if( strcmp( "MBEDTLS_PLATFORM_PRINTF_MACRO", config ) == 0 ) - { - MACRO_EXPANSION_TO_STR( MBEDTLS_PLATFORM_PRINTF_MACRO ); - return( 0 ); - } -#endif /* MBEDTLS_PLATFORM_PRINTF_MACRO */ - -#if defined(MBEDTLS_PLATFORM_SNPRINTF_MACRO) - if( strcmp( "MBEDTLS_PLATFORM_SNPRINTF_MACRO", config ) == 0 ) - { - MACRO_EXPANSION_TO_STR( MBEDTLS_PLATFORM_SNPRINTF_MACRO ); - return( 0 ); - } -#endif /* MBEDTLS_PLATFORM_SNPRINTF_MACRO */ - -#if defined(MBEDTLS_PLATFORM_VSNPRINTF_MACRO) - if( strcmp( "MBEDTLS_PLATFORM_VSNPRINTF_MACRO", config ) == 0 ) - { - MACRO_EXPANSION_TO_STR( MBEDTLS_PLATFORM_VSNPRINTF_MACRO ); - return( 0 ); - } -#endif /* MBEDTLS_PLATFORM_VSNPRINTF_MACRO */ - -#if defined(MBEDTLS_PLATFORM_NV_SEED_READ_MACRO) - if( strcmp( "MBEDTLS_PLATFORM_NV_SEED_READ_MACRO", config ) == 0 ) - { - MACRO_EXPANSION_TO_STR( MBEDTLS_PLATFORM_NV_SEED_READ_MACRO ); - return( 0 ); - } -#endif /* MBEDTLS_PLATFORM_NV_SEED_READ_MACRO */ - -#if defined(MBEDTLS_PLATFORM_NV_SEED_WRITE_MACRO) - if( strcmp( "MBEDTLS_PLATFORM_NV_SEED_WRITE_MACRO", config ) == 0 ) - { - MACRO_EXPANSION_TO_STR( MBEDTLS_PLATFORM_NV_SEED_WRITE_MACRO ); - return( 0 ); - } -#endif /* MBEDTLS_PLATFORM_NV_SEED_WRITE_MACRO */ - -#if defined(MBEDTLS_PSA_HMAC_DRBG_MD_TYPE) - if( strcmp( "MBEDTLS_PSA_HMAC_DRBG_MD_TYPE", config ) == 0 ) - { - MACRO_EXPANSION_TO_STR( MBEDTLS_PSA_HMAC_DRBG_MD_TYPE ); - return( 0 ); - } -#endif /* MBEDTLS_PSA_HMAC_DRBG_MD_TYPE */ - -#if defined(MBEDTLS_PSA_KEY_SLOT_COUNT) - if( strcmp( "MBEDTLS_PSA_KEY_SLOT_COUNT", config ) == 0 ) - { - MACRO_EXPANSION_TO_STR( MBEDTLS_PSA_KEY_SLOT_COUNT ); - return( 0 ); - } -#endif /* MBEDTLS_PSA_KEY_SLOT_COUNT */ - -#if defined(MBEDTLS_SSL_CACHE_DEFAULT_TIMEOUT) - if( strcmp( "MBEDTLS_SSL_CACHE_DEFAULT_TIMEOUT", config ) == 0 ) - { - MACRO_EXPANSION_TO_STR( MBEDTLS_SSL_CACHE_DEFAULT_TIMEOUT ); - return( 0 ); - } -#endif /* MBEDTLS_SSL_CACHE_DEFAULT_TIMEOUT */ - -#if defined(MBEDTLS_SSL_CACHE_DEFAULT_MAX_ENTRIES) - if( strcmp( "MBEDTLS_SSL_CACHE_DEFAULT_MAX_ENTRIES", config ) == 0 ) - { - MACRO_EXPANSION_TO_STR( MBEDTLS_SSL_CACHE_DEFAULT_MAX_ENTRIES ); - return( 0 ); - } -#endif /* MBEDTLS_SSL_CACHE_DEFAULT_MAX_ENTRIES */ - -#if defined(MBEDTLS_SSL_IN_CONTENT_LEN) - if( strcmp( "MBEDTLS_SSL_IN_CONTENT_LEN", config ) == 0 ) - { - MACRO_EXPANSION_TO_STR( MBEDTLS_SSL_IN_CONTENT_LEN ); - return( 0 ); - } -#endif /* MBEDTLS_SSL_IN_CONTENT_LEN */ - -#if defined(MBEDTLS_SSL_CID_IN_LEN_MAX) - if( strcmp( "MBEDTLS_SSL_CID_IN_LEN_MAX", config ) == 0 ) - { - MACRO_EXPANSION_TO_STR( MBEDTLS_SSL_CID_IN_LEN_MAX ); - return( 0 ); - } -#endif /* MBEDTLS_SSL_CID_IN_LEN_MAX */ - -#if defined(MBEDTLS_SSL_CID_OUT_LEN_MAX) - if( strcmp( "MBEDTLS_SSL_CID_OUT_LEN_MAX", config ) == 0 ) - { - MACRO_EXPANSION_TO_STR( MBEDTLS_SSL_CID_OUT_LEN_MAX ); - return( 0 ); - } -#endif /* MBEDTLS_SSL_CID_OUT_LEN_MAX */ - -#if defined(MBEDTLS_SSL_CID_PADDING_GRANULARITY) - if( strcmp( "MBEDTLS_SSL_CID_PADDING_GRANULARITY", config ) == 0 ) - { - MACRO_EXPANSION_TO_STR( MBEDTLS_SSL_CID_PADDING_GRANULARITY ); - return( 0 ); - } -#endif /* MBEDTLS_SSL_CID_PADDING_GRANULARITY */ - -#if defined(MBEDTLS_SSL_TLS1_3_PADDING_GRANULARITY) - if( strcmp( "MBEDTLS_SSL_TLS1_3_PADDING_GRANULARITY", config ) == 0 ) - { - MACRO_EXPANSION_TO_STR( MBEDTLS_SSL_TLS1_3_PADDING_GRANULARITY ); - return( 0 ); - } -#endif /* MBEDTLS_SSL_TLS1_3_PADDING_GRANULARITY */ - -#if defined(MBEDTLS_SSL_OUT_CONTENT_LEN) - if( strcmp( "MBEDTLS_SSL_OUT_CONTENT_LEN", config ) == 0 ) - { - MACRO_EXPANSION_TO_STR( MBEDTLS_SSL_OUT_CONTENT_LEN ); - return( 0 ); - } -#endif /* MBEDTLS_SSL_OUT_CONTENT_LEN */ - -#if defined(MBEDTLS_SSL_DTLS_MAX_BUFFERING) - if( strcmp( "MBEDTLS_SSL_DTLS_MAX_BUFFERING", config ) == 0 ) - { - MACRO_EXPANSION_TO_STR( MBEDTLS_SSL_DTLS_MAX_BUFFERING ); - return( 0 ); - } -#endif /* MBEDTLS_SSL_DTLS_MAX_BUFFERING */ - -#if defined(MBEDTLS_PSK_MAX_LEN) - if( strcmp( "MBEDTLS_PSK_MAX_LEN", config ) == 0 ) - { - MACRO_EXPANSION_TO_STR( MBEDTLS_PSK_MAX_LEN ); - return( 0 ); - } -#endif /* MBEDTLS_PSK_MAX_LEN */ - -#if defined(MBEDTLS_SSL_COOKIE_TIMEOUT) - if( strcmp( "MBEDTLS_SSL_COOKIE_TIMEOUT", config ) == 0 ) - { - MACRO_EXPANSION_TO_STR( MBEDTLS_SSL_COOKIE_TIMEOUT ); - return( 0 ); - } -#endif /* MBEDTLS_SSL_COOKIE_TIMEOUT */ - -#if defined(MBEDTLS_X509_MAX_INTERMEDIATE_CA) - if( strcmp( "MBEDTLS_X509_MAX_INTERMEDIATE_CA", config ) == 0 ) - { - MACRO_EXPANSION_TO_STR( MBEDTLS_X509_MAX_INTERMEDIATE_CA ); - return( 0 ); - } -#endif /* MBEDTLS_X509_MAX_INTERMEDIATE_CA */ - -#if defined(MBEDTLS_X509_MAX_FILE_PATH_LEN) - if( strcmp( "MBEDTLS_X509_MAX_FILE_PATH_LEN", config ) == 0 ) - { - MACRO_EXPANSION_TO_STR( MBEDTLS_X509_MAX_FILE_PATH_LEN ); - return( 0 ); - } -#endif /* MBEDTLS_X509_MAX_FILE_PATH_LEN */ - -#if defined(MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_KEY_EXCHANGE) - if( strcmp( "MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_KEY_EXCHANGE", config ) == 0 ) - { - MACRO_EXPANSION_TO_STR( MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_KEY_EXCHANGE ); - return( 0 ); - } -#endif /* MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_KEY_EXCHANGE */ - -#if defined(MBEDTLS_PLATFORM_ZEROIZE_ALT) - if( strcmp( "MBEDTLS_PLATFORM_ZEROIZE_ALT", config ) == 0 ) - { - MACRO_EXPANSION_TO_STR( MBEDTLS_PLATFORM_ZEROIZE_ALT ); - return( 0 ); - } -#endif /* MBEDTLS_PLATFORM_ZEROIZE_ALT */ - -#if defined(MBEDTLS_PLATFORM_GMTIME_R_ALT) - if( strcmp( "MBEDTLS_PLATFORM_GMTIME_R_ALT", config ) == 0 ) - { - MACRO_EXPANSION_TO_STR( MBEDTLS_PLATFORM_GMTIME_R_ALT ); - return( 0 ); - } -#endif /* MBEDTLS_PLATFORM_GMTIME_R_ALT */ - -#if defined(MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED) - if( strcmp( "MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED", config ) == 0 ) - { - MACRO_EXPANSION_TO_STR( MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED ); - return( 0 ); - } -#endif /* MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED */ - - /* If the symbol is not found, return an error */ - return( 1 ); -} - -#if defined(_MSC_VER) -#pragma warning(pop) -#endif /* _MSC_VER */ diff --git a/tests/suites/test_suite_psa_crypto_not_supported.generated.data b/tests/suites/test_suite_psa_crypto_not_supported.generated.data deleted file mode 100644 index 23ce19ff14..0000000000 --- a/tests/suites/test_suite_psa_crypto_not_supported.generated.data +++ /dev/null @@ -1,1078 +0,0 @@ -# Automatically generated by generate_psa_tests.py. Do not edit! - -PSA import AES 128-bit not supported -depends_on:!PSA_WANT_KEY_TYPE_AES -import_not_supported:PSA_KEY_TYPE_AES:"48657265006973206b6579a064617461" - -PSA generate AES 128-bit not supported -depends_on:!PSA_WANT_KEY_TYPE_AES -generate_not_supported:PSA_KEY_TYPE_AES:128 - -PSA import AES 192-bit not supported -depends_on:!PSA_WANT_KEY_TYPE_AES -import_not_supported:PSA_KEY_TYPE_AES:"48657265006973206b6579a0646174614865726500697320" - -PSA generate AES 192-bit not supported -depends_on:!PSA_WANT_KEY_TYPE_AES -generate_not_supported:PSA_KEY_TYPE_AES:192 - -PSA import AES 256-bit not supported -depends_on:!PSA_WANT_KEY_TYPE_AES -import_not_supported:PSA_KEY_TYPE_AES:"48657265006973206b6579a06461746148657265006973206b6579a064617461" - -PSA generate AES 256-bit not supported -depends_on:!PSA_WANT_KEY_TYPE_AES -generate_not_supported:PSA_KEY_TYPE_AES:256 - -PSA import ARC4 8-bit not supported -depends_on:!PSA_WANT_KEY_TYPE_ARC4 -import_not_supported:PSA_KEY_TYPE_ARC4:"48" - -PSA generate ARC4 8-bit not supported -depends_on:!PSA_WANT_KEY_TYPE_ARC4 -generate_not_supported:PSA_KEY_TYPE_ARC4:8 - -PSA import ARC4 128-bit not supported -depends_on:!PSA_WANT_KEY_TYPE_ARC4 -import_not_supported:PSA_KEY_TYPE_ARC4:"48657265006973206b6579a064617461" - -PSA generate ARC4 128-bit not supported -depends_on:!PSA_WANT_KEY_TYPE_ARC4 -generate_not_supported:PSA_KEY_TYPE_ARC4:128 - -PSA import ARC4 2048-bit not supported -depends_on:!PSA_WANT_KEY_TYPE_ARC4 -import_not_supported:PSA_KEY_TYPE_ARC4:"48657265006973206b6579a06461746148657265006973206b6579a06461746148657265006973206b6579a06461746148657265006973206b6579a06461746148657265006973206b6579a06461746148657265006973206b6579a06461746148657265006973206b6579a06461746148657265006973206b6579a06461746148657265006973206b6579a06461746148657265006973206b6579a06461746148657265006973206b6579a06461746148657265006973206b6579a06461746148657265006973206b6579a06461746148657265006973206b6579a06461746148657265006973206b6579a06461746148657265006973206b6579a064617461" - -PSA generate ARC4 2048-bit not supported -depends_on:!PSA_WANT_KEY_TYPE_ARC4 -generate_not_supported:PSA_KEY_TYPE_ARC4:2048 - -PSA import CAMELLIA 128-bit not supported -depends_on:!PSA_WANT_KEY_TYPE_CAMELLIA -import_not_supported:PSA_KEY_TYPE_CAMELLIA:"48657265006973206b6579a064617461" - -PSA generate CAMELLIA 128-bit not supported -depends_on:!PSA_WANT_KEY_TYPE_CAMELLIA -generate_not_supported:PSA_KEY_TYPE_CAMELLIA:128 - -PSA import CAMELLIA 192-bit not supported -depends_on:!PSA_WANT_KEY_TYPE_CAMELLIA -import_not_supported:PSA_KEY_TYPE_CAMELLIA:"48657265006973206b6579a0646174614865726500697320" - -PSA generate CAMELLIA 192-bit not supported -depends_on:!PSA_WANT_KEY_TYPE_CAMELLIA -generate_not_supported:PSA_KEY_TYPE_CAMELLIA:192 - -PSA import CAMELLIA 256-bit not supported -depends_on:!PSA_WANT_KEY_TYPE_CAMELLIA -import_not_supported:PSA_KEY_TYPE_CAMELLIA:"48657265006973206b6579a06461746148657265006973206b6579a064617461" - -PSA generate CAMELLIA 256-bit not supported -depends_on:!PSA_WANT_KEY_TYPE_CAMELLIA -generate_not_supported:PSA_KEY_TYPE_CAMELLIA:256 - -PSA import CHACHA20 256-bit not supported -depends_on:!PSA_WANT_KEY_TYPE_CHACHA20 -import_not_supported:PSA_KEY_TYPE_CHACHA20:"48657265006973206b6579a06461746148657265006973206b6579a064617461" - -PSA generate CHACHA20 256-bit not supported -depends_on:!PSA_WANT_KEY_TYPE_CHACHA20 -generate_not_supported:PSA_KEY_TYPE_CHACHA20:256 - -PSA import DES 64-bit not supported -depends_on:!PSA_WANT_KEY_TYPE_DES -import_not_supported:PSA_KEY_TYPE_DES:"644573206b457901" - -PSA generate DES 64-bit not supported -depends_on:!PSA_WANT_KEY_TYPE_DES -generate_not_supported:PSA_KEY_TYPE_DES:64 - -PSA import DES 128-bit not supported -depends_on:!PSA_WANT_KEY_TYPE_DES -import_not_supported:PSA_KEY_TYPE_DES:"644573206b457901644573206b457902" - -PSA generate DES 128-bit not supported -depends_on:!PSA_WANT_KEY_TYPE_DES -generate_not_supported:PSA_KEY_TYPE_DES:128 - -PSA import DES 192-bit not supported -depends_on:!PSA_WANT_KEY_TYPE_DES -import_not_supported:PSA_KEY_TYPE_DES:"644573206b457901644573206b457902644573206b457904" - -PSA generate DES 192-bit not supported -depends_on:!PSA_WANT_KEY_TYPE_DES -generate_not_supported:PSA_KEY_TYPE_DES:192 - -PSA import HMAC 128-bit not supported -depends_on:!PSA_WANT_KEY_TYPE_HMAC -import_not_supported:PSA_KEY_TYPE_HMAC:"48657265006973206b6579a064617461" - -PSA generate HMAC 128-bit not supported -depends_on:!PSA_WANT_KEY_TYPE_HMAC -generate_not_supported:PSA_KEY_TYPE_HMAC:128 - -PSA import HMAC 160-bit not supported -depends_on:!PSA_WANT_KEY_TYPE_HMAC -import_not_supported:PSA_KEY_TYPE_HMAC:"48657265006973206b6579a06461746148657265" - -PSA generate HMAC 160-bit not supported -depends_on:!PSA_WANT_KEY_TYPE_HMAC -generate_not_supported:PSA_KEY_TYPE_HMAC:160 - -PSA import HMAC 224-bit not supported -depends_on:!PSA_WANT_KEY_TYPE_HMAC -import_not_supported:PSA_KEY_TYPE_HMAC:"48657265006973206b6579a06461746148657265006973206b6579a0" - -PSA generate HMAC 224-bit not supported -depends_on:!PSA_WANT_KEY_TYPE_HMAC -generate_not_supported:PSA_KEY_TYPE_HMAC:224 - -PSA import HMAC 256-bit not supported -depends_on:!PSA_WANT_KEY_TYPE_HMAC -import_not_supported:PSA_KEY_TYPE_HMAC:"48657265006973206b6579a06461746148657265006973206b6579a064617461" - -PSA generate HMAC 256-bit not supported -depends_on:!PSA_WANT_KEY_TYPE_HMAC -generate_not_supported:PSA_KEY_TYPE_HMAC:256 - -PSA import HMAC 384-bit not supported -depends_on:!PSA_WANT_KEY_TYPE_HMAC -import_not_supported:PSA_KEY_TYPE_HMAC:"48657265006973206b6579a06461746148657265006973206b6579a06461746148657265006973206b6579a064617461" - -PSA generate HMAC 384-bit not supported -depends_on:!PSA_WANT_KEY_TYPE_HMAC -generate_not_supported:PSA_KEY_TYPE_HMAC:384 - -PSA import HMAC 512-bit not supported -depends_on:!PSA_WANT_KEY_TYPE_HMAC -import_not_supported:PSA_KEY_TYPE_HMAC:"48657265006973206b6579a06461746148657265006973206b6579a06461746148657265006973206b6579a06461746148657265006973206b6579a064617461" - -PSA generate HMAC 512-bit not supported -depends_on:!PSA_WANT_KEY_TYPE_HMAC -generate_not_supported:PSA_KEY_TYPE_HMAC:512 - -PSA import PASSWORD 48-bit not supported -depends_on:!PSA_WANT_KEY_TYPE_PASSWORD:DEPENDENCY_NOT_IMPLEMENTED_YET -import_not_supported:PSA_KEY_TYPE_PASSWORD:"486572650069" - -PSA generate PASSWORD 48-bit not supported -depends_on:!PSA_WANT_KEY_TYPE_PASSWORD:DEPENDENCY_NOT_IMPLEMENTED_YET -generate_not_supported:PSA_KEY_TYPE_PASSWORD:48 - -PSA import PASSWORD 168-bit not supported -depends_on:!PSA_WANT_KEY_TYPE_PASSWORD:DEPENDENCY_NOT_IMPLEMENTED_YET -import_not_supported:PSA_KEY_TYPE_PASSWORD:"48657265006973206b6579a0646174614865726500" - -PSA generate PASSWORD 168-bit not supported -depends_on:!PSA_WANT_KEY_TYPE_PASSWORD:DEPENDENCY_NOT_IMPLEMENTED_YET -generate_not_supported:PSA_KEY_TYPE_PASSWORD:168 - -PSA import PASSWORD 336-bit not supported -depends_on:!PSA_WANT_KEY_TYPE_PASSWORD:DEPENDENCY_NOT_IMPLEMENTED_YET -import_not_supported:PSA_KEY_TYPE_PASSWORD:"48657265006973206b6579a06461746148657265006973206b6579a06461746148657265006973206b65" - -PSA generate PASSWORD 336-bit not supported -depends_on:!PSA_WANT_KEY_TYPE_PASSWORD:DEPENDENCY_NOT_IMPLEMENTED_YET -generate_not_supported:PSA_KEY_TYPE_PASSWORD:336 - -PSA import PASSWORD_HASH 128-bit not supported -depends_on:!PSA_WANT_KEY_TYPE_PASSWORD_HASH:DEPENDENCY_NOT_IMPLEMENTED_YET -import_not_supported:PSA_KEY_TYPE_PASSWORD_HASH:"48657265006973206b6579a064617461" - -PSA generate PASSWORD_HASH 128-bit not supported -depends_on:!PSA_WANT_KEY_TYPE_PASSWORD_HASH:DEPENDENCY_NOT_IMPLEMENTED_YET -generate_not_supported:PSA_KEY_TYPE_PASSWORD_HASH:128 - -PSA import PASSWORD_HASH 256-bit not supported -depends_on:!PSA_WANT_KEY_TYPE_PASSWORD_HASH:DEPENDENCY_NOT_IMPLEMENTED_YET -import_not_supported:PSA_KEY_TYPE_PASSWORD_HASH:"48657265006973206b6579a06461746148657265006973206b6579a064617461" - -PSA generate PASSWORD_HASH 256-bit not supported -depends_on:!PSA_WANT_KEY_TYPE_PASSWORD_HASH:DEPENDENCY_NOT_IMPLEMENTED_YET -generate_not_supported:PSA_KEY_TYPE_PASSWORD_HASH:256 - -PSA import PEPPER 128-bit not supported -depends_on:!PSA_WANT_KEY_TYPE_PEPPER:DEPENDENCY_NOT_IMPLEMENTED_YET -import_not_supported:PSA_KEY_TYPE_PEPPER:"48657265006973206b6579a064617461" - -PSA generate PEPPER 128-bit not supported -depends_on:!PSA_WANT_KEY_TYPE_PEPPER:DEPENDENCY_NOT_IMPLEMENTED_YET -generate_not_supported:PSA_KEY_TYPE_PEPPER:128 - -PSA import PEPPER 256-bit not supported -depends_on:!PSA_WANT_KEY_TYPE_PEPPER:DEPENDENCY_NOT_IMPLEMENTED_YET -import_not_supported:PSA_KEY_TYPE_PEPPER:"48657265006973206b6579a06461746148657265006973206b6579a064617461" - -PSA generate PEPPER 256-bit not supported -depends_on:!PSA_WANT_KEY_TYPE_PEPPER:DEPENDENCY_NOT_IMPLEMENTED_YET -generate_not_supported:PSA_KEY_TYPE_PEPPER:256 - -PSA import RSA_KEY_PAIR 1024-bit not supported -depends_on:!PSA_WANT_KEY_TYPE_RSA_KEY_PAIR -import_not_supported:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24" - -PSA generate RSA_KEY_PAIR 1024-bit not supported -depends_on:!PSA_WANT_KEY_TYPE_RSA_KEY_PAIR -generate_not_supported:PSA_KEY_TYPE_RSA_KEY_PAIR:1024 - -PSA import RSA_KEY_PAIR 1536-bit not supported -depends_on:!PSA_WANT_KEY_TYPE_RSA_KEY_PAIR -import_not_supported:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082037b0201000281c100c870feb6ca6b1d2bd9f2dd99e20f1fe2d7e5192de662229dbe162bd1ba66336a7182903ca0b72796cd441c83d24bcdc3e9a2f5e4399c8a043f1c3ddf04754a66d4cfe7b3671a37dd31a9b4c13bfe06ee90f9d94ddaa06de67a52ac863e68f756736ceb014405a6160579640f831dddccc34ad0b05070e3f9954a58d1815813e1b83bcadba814789c87f1ef2ba5d738b793ec456a67360eea1b5faf1c7cc7bf24f3b2a9d0f8958b1096e0f0c335f8888d0c63a51c3c0337214fa3f5efdf6dcc3502030100010281c06d2d670047973a87752a9d5bc14f3dae00acb01f593aa0e24cf4a49f932931de4bbfb332e2d38083da80bc0b6d538edba479f7f77d0deffb4a28e6e67ff6273585bb4cd862535c946605ab0809d65f0e38f76e4ec2c3d9b8cd6e14bcf667943892cd4b34cc6420a439abbf3d7d35ef73976dd6f9cbde35a51fa5213f0107f83e3425835d16d3c9146fc9e36ce75a09bb66cdff21dd5a776899f1cb07e282cca27be46510e9c799f0d8db275a6be085d9f3f803218ee3384265bfb1a3640e8ca1026100e6848c31d466fffefc547e3a3b0d3785de6f78b0dd12610843512e495611a0675509b1650b27415009838dd8e68eec6e7530553b637d602424643b33e8bc5b762e1799bc79d56b13251d36d4f201da2182416ce13574e88278ff04467ad602d9026100de994fdf181f02be2bf9e5f5e4e517a94993b827d1eaf609033e3a6a6f2396ae7c44e9eb594cf1044cb3ad32ea258f0c82963b27bb650ed200cde82cb993374be34be5b1c7ead5446a2b82a4486e8c1810a0b01551609fb0841d474bada802bd026076ddae751b73a959d0bfb8ff49e7fcd378e9be30652ecefe35c82cb8003bc29cc60ae3809909baf20c95db9516fe680865417111d8b193dbcf30281f1249de57c858bf1ba32f5bb1599800e8398a9ef25c7a642c95261da6f9c17670e97265b10260732482b837d5f2a9443e23c1aa0106d83e82f6c3424673b5fdc3769c0f992d1c5c93991c7038e882fcda04414df4d7a5f4f698ead87851ce37344b60b72d7b70f9c60cae8566e7a257f8e1bef0e89df6e4c2f9d24d21d9f8889e4c7eccf91751026009050d94493da8f00a4ddbe9c800afe3d44b43f78a48941a79b2814a1f0b81a18a8b2347642a03b27998f5a18de9abc9ae0e54ab8294feac66dc87e854cce6f7278ac2710cb5878b592ffeb1f4f0a1853e4e8d1d0561b6efcc831a296cf7eeaf" - -PSA generate RSA_KEY_PAIR 1536-bit not supported -depends_on:!PSA_WANT_KEY_TYPE_RSA_KEY_PAIR -generate_not_supported:PSA_KEY_TYPE_RSA_KEY_PAIR:1536 - -PSA import RSA_PUBLIC_KEY 1024-bit not supported -depends_on:!PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY -import_not_supported:PSA_KEY_TYPE_RSA_PUBLIC_KEY:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001" - -PSA generate RSA_PUBLIC_KEY 1024-bit never supported -generate_not_supported:PSA_KEY_TYPE_RSA_PUBLIC_KEY:1024 - -PSA import RSA_PUBLIC_KEY 1536-bit not supported -depends_on:!PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY -import_not_supported:PSA_KEY_TYPE_RSA_PUBLIC_KEY:"3081c90281c100c870feb6ca6b1d2bd9f2dd99e20f1fe2d7e5192de662229dbe162bd1ba66336a7182903ca0b72796cd441c83d24bcdc3e9a2f5e4399c8a043f1c3ddf04754a66d4cfe7b3671a37dd31a9b4c13bfe06ee90f9d94ddaa06de67a52ac863e68f756736ceb014405a6160579640f831dddccc34ad0b05070e3f9954a58d1815813e1b83bcadba814789c87f1ef2ba5d738b793ec456a67360eea1b5faf1c7cc7bf24f3b2a9d0f8958b1096e0f0c335f8888d0c63a51c3c0337214fa3f5efdf6dcc350203010001" - -PSA generate RSA_PUBLIC_KEY 1536-bit never supported -generate_not_supported:PSA_KEY_TYPE_RSA_PUBLIC_KEY:1536 - -PSA import ECC_KEY_PAIR(BRAINPOOL_P_R1) 160-bit type not supported -depends_on:!PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_BRAINPOOL_P_R1_160:DEPENDENCY_NOT_IMPLEMENTED_YET -import_not_supported:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_BRAINPOOL_P_R1):"69502c4fdaf48d4fa617bdd24498b0406d0eeaac" - -PSA generate ECC_KEY_PAIR(BRAINPOOL_P_R1) 160-bit type not supported -depends_on:!PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_BRAINPOOL_P_R1_160:DEPENDENCY_NOT_IMPLEMENTED_YET -generate_not_supported:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_BRAINPOOL_P_R1):160 - -PSA import ECC_KEY_PAIR(BRAINPOOL_P_R1) 192-bit type not supported -depends_on:!PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_BRAINPOOL_P_R1_192:DEPENDENCY_NOT_IMPLEMENTED_YET -import_not_supported:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_BRAINPOOL_P_R1):"1688a2c5fbf4a3c851d76a98c3ec88f445a97996283db59f" - -PSA generate ECC_KEY_PAIR(BRAINPOOL_P_R1) 192-bit type not supported -depends_on:!PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_BRAINPOOL_P_R1_192:DEPENDENCY_NOT_IMPLEMENTED_YET -generate_not_supported:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_BRAINPOOL_P_R1):192 - -PSA import ECC_KEY_PAIR(BRAINPOOL_P_R1) 224-bit type not supported -depends_on:!PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_BRAINPOOL_P_R1_224:DEPENDENCY_NOT_IMPLEMENTED_YET -import_not_supported:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_BRAINPOOL_P_R1):"a69835dafeb5da5ab89c59860dddebcfd80b529a99f59b880882923c" - -PSA generate ECC_KEY_PAIR(BRAINPOOL_P_R1) 224-bit type not supported -depends_on:!PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_BRAINPOOL_P_R1_224:DEPENDENCY_NOT_IMPLEMENTED_YET -generate_not_supported:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_BRAINPOOL_P_R1):224 - -PSA import ECC_KEY_PAIR(BRAINPOOL_P_R1) 256-bit type not supported -depends_on:!PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_BRAINPOOL_P_R1_256 -import_not_supported:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_BRAINPOOL_P_R1):"2161d6f2db76526fa62c16f356a80f01f32f776784b36aa99799a8b7662080ff" - -PSA generate ECC_KEY_PAIR(BRAINPOOL_P_R1) 256-bit type not supported -depends_on:!PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_BRAINPOOL_P_R1_256 -generate_not_supported:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_BRAINPOOL_P_R1):256 - -PSA import ECC_KEY_PAIR(BRAINPOOL_P_R1) 320-bit type not supported -depends_on:!PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_BRAINPOOL_P_R1_320:DEPENDENCY_NOT_IMPLEMENTED_YET -import_not_supported:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_BRAINPOOL_P_R1):"61b8daa7a6e5aa9fccf1ef504220b2e5a5b8c6dc7475d16d3172d7db0b2778414e4f6e8fa2032ead" - -PSA generate ECC_KEY_PAIR(BRAINPOOL_P_R1) 320-bit type not supported -depends_on:!PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_BRAINPOOL_P_R1_320:DEPENDENCY_NOT_IMPLEMENTED_YET -generate_not_supported:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_BRAINPOOL_P_R1):320 - -PSA import ECC_KEY_PAIR(BRAINPOOL_P_R1) 384-bit type not supported -depends_on:!PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_BRAINPOOL_P_R1_384 -import_not_supported:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_BRAINPOOL_P_R1):"3dd92e750d90d7d39fc1885cd8ad12ea9441f22b9334b4d965202adb1448ce24c5808a85dd9afc229af0a3124f755bcb" - -PSA generate ECC_KEY_PAIR(BRAINPOOL_P_R1) 384-bit type not supported -depends_on:!PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_BRAINPOOL_P_R1_384 -generate_not_supported:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_BRAINPOOL_P_R1):384 - -PSA import ECC_KEY_PAIR(BRAINPOOL_P_R1) 512-bit type not supported -depends_on:!PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_BRAINPOOL_P_R1_512 -import_not_supported:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_BRAINPOOL_P_R1):"372c9778f69f726cbca3f4a268f16b4d617d10280d79a6a029cd51879fe1012934dfe5395455337df6906dc7d6d2eea4dbb2065c0228f73b3ed716480e7d71d2" - -PSA generate ECC_KEY_PAIR(BRAINPOOL_P_R1) 512-bit type not supported -depends_on:!PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_BRAINPOOL_P_R1_512 -generate_not_supported:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_BRAINPOOL_P_R1):512 - -PSA import ECC_KEY_PAIR(BRAINPOOL_P_R1) 160-bit curve not supported -depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:!PSA_WANT_ECC_BRAINPOOL_P_R1_160:DEPENDENCY_NOT_IMPLEMENTED_YET -import_not_supported:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_BRAINPOOL_P_R1):"69502c4fdaf48d4fa617bdd24498b0406d0eeaac" - -PSA generate ECC_KEY_PAIR(BRAINPOOL_P_R1) 160-bit curve not supported -depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:!PSA_WANT_ECC_BRAINPOOL_P_R1_160:DEPENDENCY_NOT_IMPLEMENTED_YET -generate_not_supported:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_BRAINPOOL_P_R1):160 - -PSA import ECC_KEY_PAIR(BRAINPOOL_P_R1) 192-bit curve not supported -depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:!PSA_WANT_ECC_BRAINPOOL_P_R1_192:DEPENDENCY_NOT_IMPLEMENTED_YET -import_not_supported:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_BRAINPOOL_P_R1):"1688a2c5fbf4a3c851d76a98c3ec88f445a97996283db59f" - -PSA generate ECC_KEY_PAIR(BRAINPOOL_P_R1) 192-bit curve not supported -depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:!PSA_WANT_ECC_BRAINPOOL_P_R1_192:DEPENDENCY_NOT_IMPLEMENTED_YET -generate_not_supported:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_BRAINPOOL_P_R1):192 - -PSA import ECC_KEY_PAIR(BRAINPOOL_P_R1) 224-bit curve not supported -depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:!PSA_WANT_ECC_BRAINPOOL_P_R1_224:DEPENDENCY_NOT_IMPLEMENTED_YET -import_not_supported:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_BRAINPOOL_P_R1):"a69835dafeb5da5ab89c59860dddebcfd80b529a99f59b880882923c" - -PSA generate ECC_KEY_PAIR(BRAINPOOL_P_R1) 224-bit curve not supported -depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:!PSA_WANT_ECC_BRAINPOOL_P_R1_224:DEPENDENCY_NOT_IMPLEMENTED_YET -generate_not_supported:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_BRAINPOOL_P_R1):224 - -PSA import ECC_KEY_PAIR(BRAINPOOL_P_R1) 256-bit curve not supported -depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:!PSA_WANT_ECC_BRAINPOOL_P_R1_256 -import_not_supported:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_BRAINPOOL_P_R1):"2161d6f2db76526fa62c16f356a80f01f32f776784b36aa99799a8b7662080ff" - -PSA generate ECC_KEY_PAIR(BRAINPOOL_P_R1) 256-bit curve not supported -depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:!PSA_WANT_ECC_BRAINPOOL_P_R1_256 -generate_not_supported:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_BRAINPOOL_P_R1):256 - -PSA import ECC_KEY_PAIR(BRAINPOOL_P_R1) 320-bit curve not supported -depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:!PSA_WANT_ECC_BRAINPOOL_P_R1_320:DEPENDENCY_NOT_IMPLEMENTED_YET -import_not_supported:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_BRAINPOOL_P_R1):"61b8daa7a6e5aa9fccf1ef504220b2e5a5b8c6dc7475d16d3172d7db0b2778414e4f6e8fa2032ead" - -PSA generate ECC_KEY_PAIR(BRAINPOOL_P_R1) 320-bit curve not supported -depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:!PSA_WANT_ECC_BRAINPOOL_P_R1_320:DEPENDENCY_NOT_IMPLEMENTED_YET -generate_not_supported:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_BRAINPOOL_P_R1):320 - -PSA import ECC_KEY_PAIR(BRAINPOOL_P_R1) 384-bit curve not supported -depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:!PSA_WANT_ECC_BRAINPOOL_P_R1_384 -import_not_supported:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_BRAINPOOL_P_R1):"3dd92e750d90d7d39fc1885cd8ad12ea9441f22b9334b4d965202adb1448ce24c5808a85dd9afc229af0a3124f755bcb" - -PSA generate ECC_KEY_PAIR(BRAINPOOL_P_R1) 384-bit curve not supported -depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:!PSA_WANT_ECC_BRAINPOOL_P_R1_384 -generate_not_supported:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_BRAINPOOL_P_R1):384 - -PSA import ECC_KEY_PAIR(BRAINPOOL_P_R1) 512-bit curve not supported -depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:!PSA_WANT_ECC_BRAINPOOL_P_R1_512 -import_not_supported:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_BRAINPOOL_P_R1):"372c9778f69f726cbca3f4a268f16b4d617d10280d79a6a029cd51879fe1012934dfe5395455337df6906dc7d6d2eea4dbb2065c0228f73b3ed716480e7d71d2" - -PSA generate ECC_KEY_PAIR(BRAINPOOL_P_R1) 512-bit curve not supported -depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:!PSA_WANT_ECC_BRAINPOOL_P_R1_512 -generate_not_supported:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_BRAINPOOL_P_R1):512 - -PSA import ECC_PUBLIC_KEY(BRAINPOOL_P_R1) 160-bit type not supported -depends_on:!PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:PSA_WANT_ECC_BRAINPOOL_P_R1_160:DEPENDENCY_NOT_IMPLEMENTED_YET -import_not_supported:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_BRAINPOOL_P_R1):"04d4b9186816358e2f9c59cf70748cb70641b22fbab65473db4b4e22a361ed7e3de7e8a8ddc4130c5c" - -PSA generate ECC_PUBLIC_KEY(BRAINPOOL_P_R1) 160-bit type never supported -generate_not_supported:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_BRAINPOOL_P_R1):160 - -PSA import ECC_PUBLIC_KEY(BRAINPOOL_P_R1) 192-bit type not supported -depends_on:!PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:PSA_WANT_ECC_BRAINPOOL_P_R1_192:DEPENDENCY_NOT_IMPLEMENTED_YET -import_not_supported:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_BRAINPOOL_P_R1):"043fdd168c179ff5363dd71dcd58de9617caad791ae0c37328be9ca0bfc79cebabf6a95d1c52df5b5f3c8b1a2441cf6c88" - -PSA generate ECC_PUBLIC_KEY(BRAINPOOL_P_R1) 192-bit type never supported -generate_not_supported:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_BRAINPOOL_P_R1):192 - -PSA import ECC_PUBLIC_KEY(BRAINPOOL_P_R1) 224-bit type not supported -depends_on:!PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:PSA_WANT_ECC_BRAINPOOL_P_R1_224:DEPENDENCY_NOT_IMPLEMENTED_YET -import_not_supported:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_BRAINPOOL_P_R1):"045fbea378fc8583b3837e3f21a457c31eaf20a54e18eb11d104b3adc47f9d1c97eb9ea4ac21740d70d88514b98bf0bc31addac1d19c4ab3cc" - -PSA generate ECC_PUBLIC_KEY(BRAINPOOL_P_R1) 224-bit type never supported -generate_not_supported:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_BRAINPOOL_P_R1):224 - -PSA import ECC_PUBLIC_KEY(BRAINPOOL_P_R1) 256-bit type not supported -depends_on:!PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:PSA_WANT_ECC_BRAINPOOL_P_R1_256 -import_not_supported:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_BRAINPOOL_P_R1):"04768c8cae4abca6306db0ed81b0c4a6215c378066ec6d616c146e13f1c7df809b96ab6911c27d8a02339f0926840e55236d3d1efbe2669d090e4c4c660fada91d" - -PSA generate ECC_PUBLIC_KEY(BRAINPOOL_P_R1) 256-bit type never supported -generate_not_supported:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_BRAINPOOL_P_R1):256 - -PSA import ECC_PUBLIC_KEY(BRAINPOOL_P_R1) 320-bit type not supported -depends_on:!PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:PSA_WANT_ECC_BRAINPOOL_P_R1_320:DEPENDENCY_NOT_IMPLEMENTED_YET -import_not_supported:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_BRAINPOOL_P_R1):"049caed8fb4742956cc2ad12a9a1c995e21759ef26a07bc2054136d3d2f28bb331a70e26c4c687275ab1f434be7871e115d2350c0c5f61d4d06d2bcdb67f5cb63fdb794e5947c87dc6849a58694e37e6cd" - -PSA generate ECC_PUBLIC_KEY(BRAINPOOL_P_R1) 320-bit type never supported -generate_not_supported:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_BRAINPOOL_P_R1):320 - -PSA import ECC_PUBLIC_KEY(BRAINPOOL_P_R1) 384-bit type not supported -depends_on:!PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:PSA_WANT_ECC_BRAINPOOL_P_R1_384 -import_not_supported:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_BRAINPOOL_P_R1):"04719f9d093a627e0d350385c661cebf00c61923566fe9006a3107af1d871bc6bb68985fd722ea32be316f8e783b7cd1957785f66cfc0cb195dd5c99a8e7abaa848553a584dfd2b48e76d445fe00dd8be59096d877d4696d23b4bc8db14724e66a" - -PSA generate ECC_PUBLIC_KEY(BRAINPOOL_P_R1) 384-bit type never supported -generate_not_supported:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_BRAINPOOL_P_R1):384 - -PSA import ECC_PUBLIC_KEY(BRAINPOOL_P_R1) 512-bit type not supported -depends_on:!PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:PSA_WANT_ECC_BRAINPOOL_P_R1_512 -import_not_supported:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_BRAINPOOL_P_R1):"0438b7ec92b61c5c6c7fbc28a4ec759d48fcd4e2e374defd5c4968a54dbef7510e517886fbfc38ea39aa529359d70a7156c35d3cbac7ce776bdb251dd64bce71234424ee7049eed072f0dbc4d79996e175d557e263763ae97095c081e73e7db2e38adc3d4c9a0487b1ede876dc1fca61c902e9a1d8722b8612928f18a24845591a" - -PSA generate ECC_PUBLIC_KEY(BRAINPOOL_P_R1) 512-bit type never supported -generate_not_supported:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_BRAINPOOL_P_R1):512 - -PSA import ECC_PUBLIC_KEY(BRAINPOOL_P_R1) 160-bit curve not supported -depends_on:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:!PSA_WANT_ECC_BRAINPOOL_P_R1_160:DEPENDENCY_NOT_IMPLEMENTED_YET -import_not_supported:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_BRAINPOOL_P_R1):"04d4b9186816358e2f9c59cf70748cb70641b22fbab65473db4b4e22a361ed7e3de7e8a8ddc4130c5c" - -PSA import ECC_PUBLIC_KEY(BRAINPOOL_P_R1) 192-bit curve not supported -depends_on:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:!PSA_WANT_ECC_BRAINPOOL_P_R1_192:DEPENDENCY_NOT_IMPLEMENTED_YET -import_not_supported:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_BRAINPOOL_P_R1):"043fdd168c179ff5363dd71dcd58de9617caad791ae0c37328be9ca0bfc79cebabf6a95d1c52df5b5f3c8b1a2441cf6c88" - -PSA import ECC_PUBLIC_KEY(BRAINPOOL_P_R1) 224-bit curve not supported -depends_on:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:!PSA_WANT_ECC_BRAINPOOL_P_R1_224:DEPENDENCY_NOT_IMPLEMENTED_YET -import_not_supported:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_BRAINPOOL_P_R1):"045fbea378fc8583b3837e3f21a457c31eaf20a54e18eb11d104b3adc47f9d1c97eb9ea4ac21740d70d88514b98bf0bc31addac1d19c4ab3cc" - -PSA import ECC_PUBLIC_KEY(BRAINPOOL_P_R1) 256-bit curve not supported -depends_on:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:!PSA_WANT_ECC_BRAINPOOL_P_R1_256 -import_not_supported:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_BRAINPOOL_P_R1):"04768c8cae4abca6306db0ed81b0c4a6215c378066ec6d616c146e13f1c7df809b96ab6911c27d8a02339f0926840e55236d3d1efbe2669d090e4c4c660fada91d" - -PSA import ECC_PUBLIC_KEY(BRAINPOOL_P_R1) 320-bit curve not supported -depends_on:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:!PSA_WANT_ECC_BRAINPOOL_P_R1_320:DEPENDENCY_NOT_IMPLEMENTED_YET -import_not_supported:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_BRAINPOOL_P_R1):"049caed8fb4742956cc2ad12a9a1c995e21759ef26a07bc2054136d3d2f28bb331a70e26c4c687275ab1f434be7871e115d2350c0c5f61d4d06d2bcdb67f5cb63fdb794e5947c87dc6849a58694e37e6cd" - -PSA import ECC_PUBLIC_KEY(BRAINPOOL_P_R1) 384-bit curve not supported -depends_on:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:!PSA_WANT_ECC_BRAINPOOL_P_R1_384 -import_not_supported:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_BRAINPOOL_P_R1):"04719f9d093a627e0d350385c661cebf00c61923566fe9006a3107af1d871bc6bb68985fd722ea32be316f8e783b7cd1957785f66cfc0cb195dd5c99a8e7abaa848553a584dfd2b48e76d445fe00dd8be59096d877d4696d23b4bc8db14724e66a" - -PSA import ECC_PUBLIC_KEY(BRAINPOOL_P_R1) 512-bit curve not supported -depends_on:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:!PSA_WANT_ECC_BRAINPOOL_P_R1_512 -import_not_supported:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_BRAINPOOL_P_R1):"0438b7ec92b61c5c6c7fbc28a4ec759d48fcd4e2e374defd5c4968a54dbef7510e517886fbfc38ea39aa529359d70a7156c35d3cbac7ce776bdb251dd64bce71234424ee7049eed072f0dbc4d79996e175d557e263763ae97095c081e73e7db2e38adc3d4c9a0487b1ede876dc1fca61c902e9a1d8722b8612928f18a24845591a" - -PSA import ECC_KEY_PAIR(MONTGOMERY) 255-bit type not supported -depends_on:!PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_MONTGOMERY_255 -import_not_supported:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_MONTGOMERY):"70076d0a7318a57d3c16c17251b26645df4c2f87ebc0992ab177fba51db92c6a" - -PSA generate ECC_KEY_PAIR(MONTGOMERY) 255-bit type not supported -depends_on:!PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_MONTGOMERY_255 -generate_not_supported:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_MONTGOMERY):255 - -PSA import ECC_KEY_PAIR(MONTGOMERY) 448-bit type not supported -depends_on:!PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_MONTGOMERY_448 -import_not_supported:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_MONTGOMERY):"e4e49f52686f9ee3b638528f721f1596196ffd0a1cddb64c3f216f06541805cfeb1a286dc78018095cdfec050e8007b5f4908962ba20d6c1" - -PSA generate ECC_KEY_PAIR(MONTGOMERY) 448-bit type not supported -depends_on:!PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_MONTGOMERY_448 -generate_not_supported:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_MONTGOMERY):448 - -PSA import ECC_KEY_PAIR(MONTGOMERY) 255-bit curve not supported -depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:!PSA_WANT_ECC_MONTGOMERY_255 -import_not_supported:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_MONTGOMERY):"70076d0a7318a57d3c16c17251b26645df4c2f87ebc0992ab177fba51db92c6a" - -PSA generate ECC_KEY_PAIR(MONTGOMERY) 255-bit curve not supported -depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:!PSA_WANT_ECC_MONTGOMERY_255 -generate_not_supported:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_MONTGOMERY):255 - -PSA import ECC_KEY_PAIR(MONTGOMERY) 448-bit curve not supported -depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:!PSA_WANT_ECC_MONTGOMERY_448 -import_not_supported:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_MONTGOMERY):"e4e49f52686f9ee3b638528f721f1596196ffd0a1cddb64c3f216f06541805cfeb1a286dc78018095cdfec050e8007b5f4908962ba20d6c1" - -PSA generate ECC_KEY_PAIR(MONTGOMERY) 448-bit curve not supported -depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:!PSA_WANT_ECC_MONTGOMERY_448 -generate_not_supported:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_MONTGOMERY):448 - -PSA import ECC_PUBLIC_KEY(MONTGOMERY) 255-bit type not supported -depends_on:!PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:PSA_WANT_ECC_MONTGOMERY_255 -import_not_supported:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_MONTGOMERY):"8520f0098930a754748b7ddcb43ef75a0dbf3a0d26381af4eba4a98eaa9b4e6a" - -PSA generate ECC_PUBLIC_KEY(MONTGOMERY) 255-bit type never supported -generate_not_supported:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_MONTGOMERY):255 - -PSA import ECC_PUBLIC_KEY(MONTGOMERY) 448-bit type not supported -depends_on:!PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:PSA_WANT_ECC_MONTGOMERY_448 -import_not_supported:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_MONTGOMERY):"c0d3a5a2b416a573dc9909f92f134ac01323ab8f8e36804e578588ba2d09fe7c3e737f771ca112825b548a0ffded6d6a2fd09a3e77dec30e" - -PSA generate ECC_PUBLIC_KEY(MONTGOMERY) 448-bit type never supported -generate_not_supported:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_MONTGOMERY):448 - -PSA import ECC_PUBLIC_KEY(MONTGOMERY) 255-bit curve not supported -depends_on:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:!PSA_WANT_ECC_MONTGOMERY_255 -import_not_supported:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_MONTGOMERY):"8520f0098930a754748b7ddcb43ef75a0dbf3a0d26381af4eba4a98eaa9b4e6a" - -PSA import ECC_PUBLIC_KEY(MONTGOMERY) 448-bit curve not supported -depends_on:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:!PSA_WANT_ECC_MONTGOMERY_448 -import_not_supported:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_MONTGOMERY):"c0d3a5a2b416a573dc9909f92f134ac01323ab8f8e36804e578588ba2d09fe7c3e737f771ca112825b548a0ffded6d6a2fd09a3e77dec30e" - -PSA import ECC_KEY_PAIR(SECP_K1) 192-bit type not supported -depends_on:!PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_K1_192 -import_not_supported:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_K1):"297ac1722ccac7589ecb240dc719842538ca974beb79f228" - -PSA generate ECC_KEY_PAIR(SECP_K1) 192-bit type not supported -depends_on:!PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_K1_192 -generate_not_supported:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_K1):192 - -PSA import ECC_KEY_PAIR(SECP_K1) 224-bit type not supported -depends_on:!PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_K1_224 -import_not_supported:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_K1):"0024122bf020fa113f6c0ac978dfbd41f749257a9468febdbe0dc9f7e8" - -PSA generate ECC_KEY_PAIR(SECP_K1) 224-bit type not supported -depends_on:!PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_K1_224 -generate_not_supported:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_K1):224 - -PSA import ECC_KEY_PAIR(SECP_K1) 256-bit type not supported -depends_on:!PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_K1_256 -import_not_supported:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_K1):"7fa06fa02d0e911b9a47fdc17d2d962ca01e2f31d60c6212d0ed7e3bba23a7b9" - -PSA generate ECC_KEY_PAIR(SECP_K1) 256-bit type not supported -depends_on:!PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_K1_256 -generate_not_supported:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_K1):256 - -PSA import ECC_KEY_PAIR(SECP_K1) 192-bit curve not supported -depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:!PSA_WANT_ECC_SECP_K1_192 -import_not_supported:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_K1):"297ac1722ccac7589ecb240dc719842538ca974beb79f228" - -PSA generate ECC_KEY_PAIR(SECP_K1) 192-bit curve not supported -depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:!PSA_WANT_ECC_SECP_K1_192 -generate_not_supported:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_K1):192 - -PSA import ECC_KEY_PAIR(SECP_K1) 224-bit curve not supported -depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:!PSA_WANT_ECC_SECP_K1_224 -import_not_supported:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_K1):"0024122bf020fa113f6c0ac978dfbd41f749257a9468febdbe0dc9f7e8" - -PSA generate ECC_KEY_PAIR(SECP_K1) 224-bit curve not supported -depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:!PSA_WANT_ECC_SECP_K1_224 -generate_not_supported:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_K1):224 - -PSA import ECC_KEY_PAIR(SECP_K1) 256-bit curve not supported -depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:!PSA_WANT_ECC_SECP_K1_256 -import_not_supported:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_K1):"7fa06fa02d0e911b9a47fdc17d2d962ca01e2f31d60c6212d0ed7e3bba23a7b9" - -PSA generate ECC_KEY_PAIR(SECP_K1) 256-bit curve not supported -depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:!PSA_WANT_ECC_SECP_K1_256 -generate_not_supported:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_K1):256 - -PSA import ECC_PUBLIC_KEY(SECP_K1) 192-bit type not supported -depends_on:!PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:PSA_WANT_ECC_SECP_K1_192 -import_not_supported:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_K1):"0426b7bb38da649ac2138fc050c6548b32553dab68afebc36105d325b75538c12323cb0764789ecb992671beb2b6bef2f5" - -PSA generate ECC_PUBLIC_KEY(SECP_K1) 192-bit type never supported -generate_not_supported:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_K1):192 - -PSA import ECC_PUBLIC_KEY(SECP_K1) 224-bit type not supported -depends_on:!PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:PSA_WANT_ECC_SECP_K1_224 -import_not_supported:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_K1):"042cc7335f4b76042bed44ef45959a62aa215f7a5ff0c8111b8c44ed654ee71c1918326ad485b2d599fe2a6eab096ee26d977334d2bac6d61d" - -PSA generate ECC_PUBLIC_KEY(SECP_K1) 224-bit type never supported -generate_not_supported:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_K1):224 - -PSA import ECC_PUBLIC_KEY(SECP_K1) 256-bit type not supported -depends_on:!PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:PSA_WANT_ECC_SECP_K1_256 -import_not_supported:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_K1):"045c39154579efd667adc73a81015a797d2c8682cdfbd3c3553c4a185d481cdc50e42a0e1cbc3ca29a32a645e927f54beaed14c9dbbf8279d725f5495ca924b24d" - -PSA generate ECC_PUBLIC_KEY(SECP_K1) 256-bit type never supported -generate_not_supported:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_K1):256 - -PSA import ECC_PUBLIC_KEY(SECP_K1) 192-bit curve not supported -depends_on:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:!PSA_WANT_ECC_SECP_K1_192 -import_not_supported:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_K1):"0426b7bb38da649ac2138fc050c6548b32553dab68afebc36105d325b75538c12323cb0764789ecb992671beb2b6bef2f5" - -PSA import ECC_PUBLIC_KEY(SECP_K1) 224-bit curve not supported -depends_on:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:!PSA_WANT_ECC_SECP_K1_224 -import_not_supported:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_K1):"042cc7335f4b76042bed44ef45959a62aa215f7a5ff0c8111b8c44ed654ee71c1918326ad485b2d599fe2a6eab096ee26d977334d2bac6d61d" - -PSA import ECC_PUBLIC_KEY(SECP_K1) 256-bit curve not supported -depends_on:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:!PSA_WANT_ECC_SECP_K1_256 -import_not_supported:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_K1):"045c39154579efd667adc73a81015a797d2c8682cdfbd3c3553c4a185d481cdc50e42a0e1cbc3ca29a32a645e927f54beaed14c9dbbf8279d725f5495ca924b24d" - -PSA import ECC_KEY_PAIR(SECP_R1) 225-bit type not supported -depends_on:!PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_225:DEPENDENCY_NOT_IMPLEMENTED_YET -import_not_supported:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"872f203b3ad35b7f2ecc803c3a0e1e0b1ed61cc1afe71b189cd4c995" - -PSA generate ECC_KEY_PAIR(SECP_R1) 225-bit type not supported -depends_on:!PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_225:DEPENDENCY_NOT_IMPLEMENTED_YET -generate_not_supported:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):225 - -PSA import ECC_KEY_PAIR(SECP_R1) 256-bit type not supported -depends_on:!PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256 -import_not_supported:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee" - -PSA generate ECC_KEY_PAIR(SECP_R1) 256-bit type not supported -depends_on:!PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256 -generate_not_supported:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):256 - -PSA import ECC_KEY_PAIR(SECP_R1) 384-bit type not supported -depends_on:!PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_384 -import_not_supported:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"3f5d8d9be280b5696cc5cc9f94cf8af7e6b61dd6592b2ab2b3a4c607450417ec327dcdcaed7c10053d719a0574f0a76a" - -PSA generate ECC_KEY_PAIR(SECP_R1) 384-bit type not supported -depends_on:!PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_384 -generate_not_supported:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):384 - -PSA import ECC_KEY_PAIR(SECP_R1) 521-bit type not supported -depends_on:!PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_521 -import_not_supported:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"01b1b6ad07bb79e7320da59860ea28e055284f6058f279de666e06d435d2af7bda28d99fa47b7dd0963e16b0073078ee8b8a38d966a582f46d19ff95df3ad9685aae" - -PSA generate ECC_KEY_PAIR(SECP_R1) 521-bit type not supported -depends_on:!PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_521 -generate_not_supported:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):521 - -PSA import ECC_KEY_PAIR(SECP_R1) 225-bit curve not supported -depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:!PSA_WANT_ECC_SECP_R1_225:DEPENDENCY_NOT_IMPLEMENTED_YET -import_not_supported:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"872f203b3ad35b7f2ecc803c3a0e1e0b1ed61cc1afe71b189cd4c995" - -PSA generate ECC_KEY_PAIR(SECP_R1) 225-bit curve not supported -depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:!PSA_WANT_ECC_SECP_R1_225:DEPENDENCY_NOT_IMPLEMENTED_YET -generate_not_supported:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):225 - -PSA import ECC_KEY_PAIR(SECP_R1) 256-bit curve not supported -depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:!PSA_WANT_ECC_SECP_R1_256 -import_not_supported:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee" - -PSA generate ECC_KEY_PAIR(SECP_R1) 256-bit curve not supported -depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:!PSA_WANT_ECC_SECP_R1_256 -generate_not_supported:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):256 - -PSA import ECC_KEY_PAIR(SECP_R1) 384-bit curve not supported -depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:!PSA_WANT_ECC_SECP_R1_384 -import_not_supported:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"3f5d8d9be280b5696cc5cc9f94cf8af7e6b61dd6592b2ab2b3a4c607450417ec327dcdcaed7c10053d719a0574f0a76a" - -PSA generate ECC_KEY_PAIR(SECP_R1) 384-bit curve not supported -depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:!PSA_WANT_ECC_SECP_R1_384 -generate_not_supported:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):384 - -PSA import ECC_KEY_PAIR(SECP_R1) 521-bit curve not supported -depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:!PSA_WANT_ECC_SECP_R1_521 -import_not_supported:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"01b1b6ad07bb79e7320da59860ea28e055284f6058f279de666e06d435d2af7bda28d99fa47b7dd0963e16b0073078ee8b8a38d966a582f46d19ff95df3ad9685aae" - -PSA generate ECC_KEY_PAIR(SECP_R1) 521-bit curve not supported -depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:!PSA_WANT_ECC_SECP_R1_521 -generate_not_supported:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):521 - -PSA import ECC_PUBLIC_KEY(SECP_R1) 225-bit type not supported -depends_on:!PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:PSA_WANT_ECC_SECP_R1_225:DEPENDENCY_NOT_IMPLEMENTED_YET -import_not_supported:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1):"046f00eadaa949fee3e9e1c7fa1247eecec86a0dce46418b9bd3117b981d4bd0ae7a990de912f9d060d6cb531a42d22e394ac29e81804bf160" - -PSA generate ECC_PUBLIC_KEY(SECP_R1) 225-bit type never supported -generate_not_supported:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1):225 - -PSA import ECC_PUBLIC_KEY(SECP_R1) 256-bit type not supported -depends_on:!PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:PSA_WANT_ECC_SECP_R1_256 -import_not_supported:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1):"047772656f814b399279d5e1f1781fac6f099a3c5ca1b0e35351834b08b65e0b572590cdaf8f769361bcf34acfc11e5e074e8426bdde04be6e653945449617de45" - -PSA generate ECC_PUBLIC_KEY(SECP_R1) 256-bit type never supported -generate_not_supported:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1):256 - -PSA import ECC_PUBLIC_KEY(SECP_R1) 384-bit type not supported -depends_on:!PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:PSA_WANT_ECC_SECP_R1_384 -import_not_supported:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1):"04d9c662b50ba29ca47990450e043aeaf4f0c69b15676d112f622a71c93059af999691c5680d2b44d111579db12f4a413a2ed5c45fcfb67b5b63e00b91ebe59d09a6b1ac2c0c4282aa12317ed5914f999bc488bb132e8342cc36f2ca5e3379c747" - -PSA generate ECC_PUBLIC_KEY(SECP_R1) 384-bit type never supported -generate_not_supported:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1):384 - -PSA import ECC_PUBLIC_KEY(SECP_R1) 521-bit type not supported -depends_on:!PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:PSA_WANT_ECC_SECP_R1_521 -import_not_supported:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1):"04001de142d54f69eb038ee4b7af9d3ca07736fd9cf719eb354d69879ee7f3c136fb0fbf9f08f86be5fa128ec1a051d3e6c643e85ada8ffacf3663c260bd2c844b6f5600cee8e48a9e65d09cadd89f235dee05f3b8a646be715f1f67d5b434e0ff23a1fc07ef7740193e40eeff6f3bcdfd765aa9155033524fe4f205f5444e292c4c2f6ac1" - -PSA generate ECC_PUBLIC_KEY(SECP_R1) 521-bit type never supported -generate_not_supported:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1):521 - -PSA import ECC_PUBLIC_KEY(SECP_R1) 225-bit curve not supported -depends_on:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:!PSA_WANT_ECC_SECP_R1_225:DEPENDENCY_NOT_IMPLEMENTED_YET -import_not_supported:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1):"046f00eadaa949fee3e9e1c7fa1247eecec86a0dce46418b9bd3117b981d4bd0ae7a990de912f9d060d6cb531a42d22e394ac29e81804bf160" - -PSA import ECC_PUBLIC_KEY(SECP_R1) 256-bit curve not supported -depends_on:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:!PSA_WANT_ECC_SECP_R1_256 -import_not_supported:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1):"047772656f814b399279d5e1f1781fac6f099a3c5ca1b0e35351834b08b65e0b572590cdaf8f769361bcf34acfc11e5e074e8426bdde04be6e653945449617de45" - -PSA import ECC_PUBLIC_KEY(SECP_R1) 384-bit curve not supported -depends_on:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:!PSA_WANT_ECC_SECP_R1_384 -import_not_supported:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1):"04d9c662b50ba29ca47990450e043aeaf4f0c69b15676d112f622a71c93059af999691c5680d2b44d111579db12f4a413a2ed5c45fcfb67b5b63e00b91ebe59d09a6b1ac2c0c4282aa12317ed5914f999bc488bb132e8342cc36f2ca5e3379c747" - -PSA import ECC_PUBLIC_KEY(SECP_R1) 521-bit curve not supported -depends_on:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:!PSA_WANT_ECC_SECP_R1_521 -import_not_supported:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1):"04001de142d54f69eb038ee4b7af9d3ca07736fd9cf719eb354d69879ee7f3c136fb0fbf9f08f86be5fa128ec1a051d3e6c643e85ada8ffacf3663c260bd2c844b6f5600cee8e48a9e65d09cadd89f235dee05f3b8a646be715f1f67d5b434e0ff23a1fc07ef7740193e40eeff6f3bcdfd765aa9155033524fe4f205f5444e292c4c2f6ac1" - -PSA import ECC_KEY_PAIR(SECP_R2) 160-bit type not supported -depends_on:!PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R2_160:DEPENDENCY_NOT_IMPLEMENTED_YET -import_not_supported:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R2):"00bf539a1cdda0d7f71a50a3f98aec0a2e8e4ced1e" - -PSA generate ECC_KEY_PAIR(SECP_R2) 160-bit type not supported -depends_on:!PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R2_160:DEPENDENCY_NOT_IMPLEMENTED_YET -generate_not_supported:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R2):160 - -PSA import ECC_KEY_PAIR(SECP_R2) 160-bit curve not supported -depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:!PSA_WANT_ECC_SECP_R2_160:DEPENDENCY_NOT_IMPLEMENTED_YET -import_not_supported:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R2):"00bf539a1cdda0d7f71a50a3f98aec0a2e8e4ced1e" - -PSA generate ECC_KEY_PAIR(SECP_R2) 160-bit curve not supported -depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:!PSA_WANT_ECC_SECP_R2_160:DEPENDENCY_NOT_IMPLEMENTED_YET -generate_not_supported:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R2):160 - -PSA import ECC_PUBLIC_KEY(SECP_R2) 160-bit type not supported -depends_on:!PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:PSA_WANT_ECC_SECP_R2_160:DEPENDENCY_NOT_IMPLEMENTED_YET -import_not_supported:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R2):"049570d541398665adb5cfa16f5af73b3196926bbd4b876bdb80f8eab20d0f540c22f4de9c140f6d7b" - -PSA generate ECC_PUBLIC_KEY(SECP_R2) 160-bit type never supported -generate_not_supported:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R2):160 - -PSA import ECC_PUBLIC_KEY(SECP_R2) 160-bit curve not supported -depends_on:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:!PSA_WANT_ECC_SECP_R2_160:DEPENDENCY_NOT_IMPLEMENTED_YET -import_not_supported:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R2):"049570d541398665adb5cfa16f5af73b3196926bbd4b876bdb80f8eab20d0f540c22f4de9c140f6d7b" - -PSA import ECC_KEY_PAIR(SECT_K1) 163-bit type not supported -depends_on:!PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECT_K1_163:DEPENDENCY_NOT_IMPLEMENTED_YET -import_not_supported:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECT_K1):"03ebc8fcded2d6ab72ec0f75bdb4fd080481273e71" - -PSA generate ECC_KEY_PAIR(SECT_K1) 163-bit type not supported -depends_on:!PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECT_K1_163:DEPENDENCY_NOT_IMPLEMENTED_YET -generate_not_supported:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECT_K1):163 - -PSA import ECC_KEY_PAIR(SECT_K1) 233-bit type not supported -depends_on:!PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECT_K1_233:DEPENDENCY_NOT_IMPLEMENTED_YET -import_not_supported:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECT_K1):"41f08485ce587b06061c087e76e247c359de2ba9927ee013b2f1ed9ca8" - -PSA generate ECC_KEY_PAIR(SECT_K1) 233-bit type not supported -depends_on:!PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECT_K1_233:DEPENDENCY_NOT_IMPLEMENTED_YET -generate_not_supported:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECT_K1):233 - -PSA import ECC_KEY_PAIR(SECT_K1) 239-bit type not supported -depends_on:!PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECT_K1_239:DEPENDENCY_NOT_IMPLEMENTED_YET -import_not_supported:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECT_K1):"1a8069ce2c2c8bdd7087f2a6ab49588797e6294e979495602ab9650b9c61" - -PSA generate ECC_KEY_PAIR(SECT_K1) 239-bit type not supported -depends_on:!PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECT_K1_239:DEPENDENCY_NOT_IMPLEMENTED_YET -generate_not_supported:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECT_K1):239 - -PSA import ECC_KEY_PAIR(SECT_K1) 283-bit type not supported -depends_on:!PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECT_K1_283:DEPENDENCY_NOT_IMPLEMENTED_YET -import_not_supported:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECT_K1):"006d627885dd48b9ec6facb5b3865377d755b75a5d51440e45211c1f600e15eff8a881a0" - -PSA generate ECC_KEY_PAIR(SECT_K1) 283-bit type not supported -depends_on:!PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECT_K1_283:DEPENDENCY_NOT_IMPLEMENTED_YET -generate_not_supported:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECT_K1):283 - -PSA import ECC_KEY_PAIR(SECT_K1) 409-bit type not supported -depends_on:!PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECT_K1_409:DEPENDENCY_NOT_IMPLEMENTED_YET -import_not_supported:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECT_K1):"3ff5e74d932fa77db139b7c948c81e4069c72c24845574064beea8976b70267f1c6f9a503e3892ea1dcbb71fcea423faa370a8" - -PSA generate ECC_KEY_PAIR(SECT_K1) 409-bit type not supported -depends_on:!PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECT_K1_409:DEPENDENCY_NOT_IMPLEMENTED_YET -generate_not_supported:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECT_K1):409 - -PSA import ECC_KEY_PAIR(SECT_K1) 571-bit type not supported -depends_on:!PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECT_K1_571:DEPENDENCY_NOT_IMPLEMENTED_YET -import_not_supported:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECT_K1):"005008c97b4a161c0db1bac6452c72846d57337aa92d8ecb4a66eb01d2f29555ffb61a5317225dcc8ca6917d91789e227efc0bfe9eeda7ee21998cd11c3c9885056b0e55b4f75d51" - -PSA generate ECC_KEY_PAIR(SECT_K1) 571-bit type not supported -depends_on:!PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECT_K1_571:DEPENDENCY_NOT_IMPLEMENTED_YET -generate_not_supported:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECT_K1):571 - -PSA import ECC_KEY_PAIR(SECT_K1) 163-bit curve not supported -depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:!PSA_WANT_ECC_SECT_K1_163:DEPENDENCY_NOT_IMPLEMENTED_YET -import_not_supported:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECT_K1):"03ebc8fcded2d6ab72ec0f75bdb4fd080481273e71" - -PSA generate ECC_KEY_PAIR(SECT_K1) 163-bit curve not supported -depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:!PSA_WANT_ECC_SECT_K1_163:DEPENDENCY_NOT_IMPLEMENTED_YET -generate_not_supported:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECT_K1):163 - -PSA import ECC_KEY_PAIR(SECT_K1) 233-bit curve not supported -depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:!PSA_WANT_ECC_SECT_K1_233:DEPENDENCY_NOT_IMPLEMENTED_YET -import_not_supported:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECT_K1):"41f08485ce587b06061c087e76e247c359de2ba9927ee013b2f1ed9ca8" - -PSA generate ECC_KEY_PAIR(SECT_K1) 233-bit curve not supported -depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:!PSA_WANT_ECC_SECT_K1_233:DEPENDENCY_NOT_IMPLEMENTED_YET -generate_not_supported:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECT_K1):233 - -PSA import ECC_KEY_PAIR(SECT_K1) 239-bit curve not supported -depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:!PSA_WANT_ECC_SECT_K1_239:DEPENDENCY_NOT_IMPLEMENTED_YET -import_not_supported:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECT_K1):"1a8069ce2c2c8bdd7087f2a6ab49588797e6294e979495602ab9650b9c61" - -PSA generate ECC_KEY_PAIR(SECT_K1) 239-bit curve not supported -depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:!PSA_WANT_ECC_SECT_K1_239:DEPENDENCY_NOT_IMPLEMENTED_YET -generate_not_supported:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECT_K1):239 - -PSA import ECC_KEY_PAIR(SECT_K1) 283-bit curve not supported -depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:!PSA_WANT_ECC_SECT_K1_283:DEPENDENCY_NOT_IMPLEMENTED_YET -import_not_supported:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECT_K1):"006d627885dd48b9ec6facb5b3865377d755b75a5d51440e45211c1f600e15eff8a881a0" - -PSA generate ECC_KEY_PAIR(SECT_K1) 283-bit curve not supported -depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:!PSA_WANT_ECC_SECT_K1_283:DEPENDENCY_NOT_IMPLEMENTED_YET -generate_not_supported:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECT_K1):283 - -PSA import ECC_KEY_PAIR(SECT_K1) 409-bit curve not supported -depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:!PSA_WANT_ECC_SECT_K1_409:DEPENDENCY_NOT_IMPLEMENTED_YET -import_not_supported:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECT_K1):"3ff5e74d932fa77db139b7c948c81e4069c72c24845574064beea8976b70267f1c6f9a503e3892ea1dcbb71fcea423faa370a8" - -PSA generate ECC_KEY_PAIR(SECT_K1) 409-bit curve not supported -depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:!PSA_WANT_ECC_SECT_K1_409:DEPENDENCY_NOT_IMPLEMENTED_YET -generate_not_supported:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECT_K1):409 - -PSA import ECC_KEY_PAIR(SECT_K1) 571-bit curve not supported -depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:!PSA_WANT_ECC_SECT_K1_571:DEPENDENCY_NOT_IMPLEMENTED_YET -import_not_supported:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECT_K1):"005008c97b4a161c0db1bac6452c72846d57337aa92d8ecb4a66eb01d2f29555ffb61a5317225dcc8ca6917d91789e227efc0bfe9eeda7ee21998cd11c3c9885056b0e55b4f75d51" - -PSA generate ECC_KEY_PAIR(SECT_K1) 571-bit curve not supported -depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:!PSA_WANT_ECC_SECT_K1_571:DEPENDENCY_NOT_IMPLEMENTED_YET -generate_not_supported:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECT_K1):571 - -PSA import ECC_PUBLIC_KEY(SECT_K1) 163-bit type not supported -depends_on:!PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:PSA_WANT_ECC_SECT_K1_163:DEPENDENCY_NOT_IMPLEMENTED_YET -import_not_supported:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECT_K1):"0406f88f90b4b65950f06ce433afdb097e320f433dc2062b8a65db8fafd3c110f46bc45663fbf021ee7eb9" - -PSA generate ECC_PUBLIC_KEY(SECT_K1) 163-bit type never supported -generate_not_supported:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECT_K1):163 - -PSA import ECC_PUBLIC_KEY(SECT_K1) 233-bit type not supported -depends_on:!PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:PSA_WANT_ECC_SECT_K1_233:DEPENDENCY_NOT_IMPLEMENTED_YET -import_not_supported:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECT_K1):"0401e9d7189189f773bd8f71be2c10774ba18842434dfa9312595ea545104400f45a9d5675647513ba75b079fe66a29daac2ec86a6a5d4e75c5f290c1f" - -PSA generate ECC_PUBLIC_KEY(SECT_K1) 233-bit type never supported -generate_not_supported:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECT_K1):233 - -PSA import ECC_PUBLIC_KEY(SECT_K1) 239-bit type not supported -depends_on:!PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:PSA_WANT_ECC_SECT_K1_239:DEPENDENCY_NOT_IMPLEMENTED_YET -import_not_supported:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECT_K1):"04068d76b9f4508762c2379db9ee8b87ad8d86d9535132ffba3b5680440cfa28eb133d4232faf1c9aba96af11aefe634a551440800d5f8185105d3072d" - -PSA generate ECC_PUBLIC_KEY(SECT_K1) 239-bit type never supported -generate_not_supported:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECT_K1):239 - -PSA import ECC_PUBLIC_KEY(SECT_K1) 283-bit type not supported -depends_on:!PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:PSA_WANT_ECC_SECT_K1_283:DEPENDENCY_NOT_IMPLEMENTED_YET -import_not_supported:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECT_K1):"0405f48374debceaadb46ba385fd92048fcc5b9af1a1c90408bf94a68b9378df1cbfdfb6fb026a96bea06d8f181bf10c020adbcc88b6ecff96bdc564a9649c247cede601c4be63afc3" - -PSA generate ECC_PUBLIC_KEY(SECT_K1) 283-bit type never supported -generate_not_supported:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECT_K1):283 - -PSA import ECC_PUBLIC_KEY(SECT_K1) 409-bit type not supported -depends_on:!PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:PSA_WANT_ECC_SECT_K1_409:DEPENDENCY_NOT_IMPLEMENTED_YET -import_not_supported:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECT_K1):"04012c587f69f68b308ba6dcb238797f4e22290ca939ae806604e2b5ab4d9caef5a74a98fd87c4f88d292dd39d92e556e16c6ecc3c019a105826eef507cd9a04119f54d5d850b3720b3792d5d03410e9105610f7e4b420166ed45604a7a1f229d80975ba6be2060e8b" - -PSA generate ECC_PUBLIC_KEY(SECT_K1) 409-bit type never supported -generate_not_supported:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECT_K1):409 - -PSA import ECC_PUBLIC_KEY(SECT_K1) 571-bit type not supported -depends_on:!PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:PSA_WANT_ECC_SECT_K1_571:DEPENDENCY_NOT_IMPLEMENTED_YET -import_not_supported:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECT_K1):"04050172a7fd7adf98e4e2ed2742faa5cd12731a15fb0dbbdf75b1c3cc771a4369af6f2fa00e802735650881735759ea9c79961ded18e0daa0ac59afb1d513b5bbda9962e435f454fc020b4afe1445c2302ada07d295ec2580f8849b2dfa7f956b09b4cbe4c88d3b1c217049f75d3900d36df0fa12689256b58dd2ef784ebbeb0564600cf47a841485f8cf897a68accd5a" - -PSA generate ECC_PUBLIC_KEY(SECT_K1) 571-bit type never supported -generate_not_supported:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECT_K1):571 - -PSA import ECC_PUBLIC_KEY(SECT_K1) 163-bit curve not supported -depends_on:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:!PSA_WANT_ECC_SECT_K1_163:DEPENDENCY_NOT_IMPLEMENTED_YET -import_not_supported:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECT_K1):"0406f88f90b4b65950f06ce433afdb097e320f433dc2062b8a65db8fafd3c110f46bc45663fbf021ee7eb9" - -PSA import ECC_PUBLIC_KEY(SECT_K1) 233-bit curve not supported -depends_on:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:!PSA_WANT_ECC_SECT_K1_233:DEPENDENCY_NOT_IMPLEMENTED_YET -import_not_supported:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECT_K1):"0401e9d7189189f773bd8f71be2c10774ba18842434dfa9312595ea545104400f45a9d5675647513ba75b079fe66a29daac2ec86a6a5d4e75c5f290c1f" - -PSA import ECC_PUBLIC_KEY(SECT_K1) 239-bit curve not supported -depends_on:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:!PSA_WANT_ECC_SECT_K1_239:DEPENDENCY_NOT_IMPLEMENTED_YET -import_not_supported:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECT_K1):"04068d76b9f4508762c2379db9ee8b87ad8d86d9535132ffba3b5680440cfa28eb133d4232faf1c9aba96af11aefe634a551440800d5f8185105d3072d" - -PSA import ECC_PUBLIC_KEY(SECT_K1) 283-bit curve not supported -depends_on:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:!PSA_WANT_ECC_SECT_K1_283:DEPENDENCY_NOT_IMPLEMENTED_YET -import_not_supported:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECT_K1):"0405f48374debceaadb46ba385fd92048fcc5b9af1a1c90408bf94a68b9378df1cbfdfb6fb026a96bea06d8f181bf10c020adbcc88b6ecff96bdc564a9649c247cede601c4be63afc3" - -PSA import ECC_PUBLIC_KEY(SECT_K1) 409-bit curve not supported -depends_on:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:!PSA_WANT_ECC_SECT_K1_409:DEPENDENCY_NOT_IMPLEMENTED_YET -import_not_supported:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECT_K1):"04012c587f69f68b308ba6dcb238797f4e22290ca939ae806604e2b5ab4d9caef5a74a98fd87c4f88d292dd39d92e556e16c6ecc3c019a105826eef507cd9a04119f54d5d850b3720b3792d5d03410e9105610f7e4b420166ed45604a7a1f229d80975ba6be2060e8b" - -PSA import ECC_PUBLIC_KEY(SECT_K1) 571-bit curve not supported -depends_on:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:!PSA_WANT_ECC_SECT_K1_571:DEPENDENCY_NOT_IMPLEMENTED_YET -import_not_supported:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECT_K1):"04050172a7fd7adf98e4e2ed2742faa5cd12731a15fb0dbbdf75b1c3cc771a4369af6f2fa00e802735650881735759ea9c79961ded18e0daa0ac59afb1d513b5bbda9962e435f454fc020b4afe1445c2302ada07d295ec2580f8849b2dfa7f956b09b4cbe4c88d3b1c217049f75d3900d36df0fa12689256b58dd2ef784ebbeb0564600cf47a841485f8cf897a68accd5a" - -PSA import ECC_KEY_PAIR(SECT_R1) 163-bit type not supported -depends_on:!PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECT_R1_163:DEPENDENCY_NOT_IMPLEMENTED_YET -import_not_supported:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECT_R1):"009b05dc82d46d64a04a22e6e5ca70ca1231e68c50" - -PSA generate ECC_KEY_PAIR(SECT_R1) 163-bit type not supported -depends_on:!PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECT_R1_163:DEPENDENCY_NOT_IMPLEMENTED_YET -generate_not_supported:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECT_R1):163 - -PSA import ECC_KEY_PAIR(SECT_R1) 233-bit type not supported -depends_on:!PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECT_R1_233:DEPENDENCY_NOT_IMPLEMENTED_YET -import_not_supported:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECT_R1):"00e5e42834e3c78758088b905deea975f28dc20ef6173e481f96e88afe7f" - -PSA generate ECC_KEY_PAIR(SECT_R1) 233-bit type not supported -depends_on:!PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECT_R1_233:DEPENDENCY_NOT_IMPLEMENTED_YET -generate_not_supported:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECT_R1):233 - -PSA import ECC_KEY_PAIR(SECT_R1) 283-bit type not supported -depends_on:!PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECT_R1_283:DEPENDENCY_NOT_IMPLEMENTED_YET -import_not_supported:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECT_R1):"004cecad915f6f3c9bbbd92d1eb101eda23f16c7dad60a57c87c7e1fd2b29b22f6d666ad" - -PSA generate ECC_KEY_PAIR(SECT_R1) 283-bit type not supported -depends_on:!PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECT_R1_283:DEPENDENCY_NOT_IMPLEMENTED_YET -generate_not_supported:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECT_R1):283 - -PSA import ECC_KEY_PAIR(SECT_R1) 409-bit type not supported -depends_on:!PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECT_R1_409:DEPENDENCY_NOT_IMPLEMENTED_YET -import_not_supported:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECT_R1):"00c22422d265721a3ae2b3b2baeb77bee50416e19877af97b5fc1c700a0a88916ecb9050135883accb5e64edc77a3703f4f67a64" - -PSA generate ECC_KEY_PAIR(SECT_R1) 409-bit type not supported -depends_on:!PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECT_R1_409:DEPENDENCY_NOT_IMPLEMENTED_YET -generate_not_supported:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECT_R1):409 - -PSA import ECC_KEY_PAIR(SECT_R1) 571-bit type not supported -depends_on:!PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECT_R1_571:DEPENDENCY_NOT_IMPLEMENTED_YET -import_not_supported:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECT_R1):"026ac1cdf92a13a1b8d282da9725847908745138f5c6706b52d164e3675fcfbf86fc3e6ab2de732193267db029dd35a0599a94a118f480231cfc6ccca2ebfc1d8f54176e0f5656a1" - -PSA generate ECC_KEY_PAIR(SECT_R1) 571-bit type not supported -depends_on:!PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECT_R1_571:DEPENDENCY_NOT_IMPLEMENTED_YET -generate_not_supported:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECT_R1):571 - -PSA import ECC_KEY_PAIR(SECT_R1) 163-bit curve not supported -depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:!PSA_WANT_ECC_SECT_R1_163:DEPENDENCY_NOT_IMPLEMENTED_YET -import_not_supported:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECT_R1):"009b05dc82d46d64a04a22e6e5ca70ca1231e68c50" - -PSA generate ECC_KEY_PAIR(SECT_R1) 163-bit curve not supported -depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:!PSA_WANT_ECC_SECT_R1_163:DEPENDENCY_NOT_IMPLEMENTED_YET -generate_not_supported:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECT_R1):163 - -PSA import ECC_KEY_PAIR(SECT_R1) 233-bit curve not supported -depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:!PSA_WANT_ECC_SECT_R1_233:DEPENDENCY_NOT_IMPLEMENTED_YET -import_not_supported:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECT_R1):"00e5e42834e3c78758088b905deea975f28dc20ef6173e481f96e88afe7f" - -PSA generate ECC_KEY_PAIR(SECT_R1) 233-bit curve not supported -depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:!PSA_WANT_ECC_SECT_R1_233:DEPENDENCY_NOT_IMPLEMENTED_YET -generate_not_supported:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECT_R1):233 - -PSA import ECC_KEY_PAIR(SECT_R1) 283-bit curve not supported -depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:!PSA_WANT_ECC_SECT_R1_283:DEPENDENCY_NOT_IMPLEMENTED_YET -import_not_supported:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECT_R1):"004cecad915f6f3c9bbbd92d1eb101eda23f16c7dad60a57c87c7e1fd2b29b22f6d666ad" - -PSA generate ECC_KEY_PAIR(SECT_R1) 283-bit curve not supported -depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:!PSA_WANT_ECC_SECT_R1_283:DEPENDENCY_NOT_IMPLEMENTED_YET -generate_not_supported:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECT_R1):283 - -PSA import ECC_KEY_PAIR(SECT_R1) 409-bit curve not supported -depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:!PSA_WANT_ECC_SECT_R1_409:DEPENDENCY_NOT_IMPLEMENTED_YET -import_not_supported:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECT_R1):"00c22422d265721a3ae2b3b2baeb77bee50416e19877af97b5fc1c700a0a88916ecb9050135883accb5e64edc77a3703f4f67a64" - -PSA generate ECC_KEY_PAIR(SECT_R1) 409-bit curve not supported -depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:!PSA_WANT_ECC_SECT_R1_409:DEPENDENCY_NOT_IMPLEMENTED_YET -generate_not_supported:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECT_R1):409 - -PSA import ECC_KEY_PAIR(SECT_R1) 571-bit curve not supported -depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:!PSA_WANT_ECC_SECT_R1_571:DEPENDENCY_NOT_IMPLEMENTED_YET -import_not_supported:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECT_R1):"026ac1cdf92a13a1b8d282da9725847908745138f5c6706b52d164e3675fcfbf86fc3e6ab2de732193267db029dd35a0599a94a118f480231cfc6ccca2ebfc1d8f54176e0f5656a1" - -PSA generate ECC_KEY_PAIR(SECT_R1) 571-bit curve not supported -depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:!PSA_WANT_ECC_SECT_R1_571:DEPENDENCY_NOT_IMPLEMENTED_YET -generate_not_supported:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECT_R1):571 - -PSA import ECC_PUBLIC_KEY(SECT_R1) 163-bit type not supported -depends_on:!PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:PSA_WANT_ECC_SECT_R1_163:DEPENDENCY_NOT_IMPLEMENTED_YET -import_not_supported:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECT_R1):"0400465eeb9e7258b11e33c02266bfe834b20bcb118700772796ee4704ec67651bd447e3011959a79a04cb" - -PSA generate ECC_PUBLIC_KEY(SECT_R1) 163-bit type never supported -generate_not_supported:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECT_R1):163 - -PSA import ECC_PUBLIC_KEY(SECT_R1) 233-bit type not supported -depends_on:!PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:PSA_WANT_ECC_SECT_R1_233:DEPENDENCY_NOT_IMPLEMENTED_YET -import_not_supported:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECT_R1):"0400cd68c8af4430c92ec7a7048becfdf00a6bae8d1b4c37286f2d336f2a0e017eca3748f4ad6d435c85867aa014eea1bd6d9d005bbd8319cab629001d" - -PSA generate ECC_PUBLIC_KEY(SECT_R1) 233-bit type never supported -generate_not_supported:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECT_R1):233 - -PSA import ECC_PUBLIC_KEY(SECT_R1) 283-bit type not supported -depends_on:!PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:PSA_WANT_ECC_SECT_R1_283:DEPENDENCY_NOT_IMPLEMENTED_YET -import_not_supported:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECT_R1):"04052f9ff887254c2d1440ba9e30f13e2185ba53c373b2c410dae21cf8c167f796c08134f601cbc4c570bffbc2433082cf4d9eb5ba173ecb8caec15d66a02673f60807b2daa729b765" - -PSA generate ECC_PUBLIC_KEY(SECT_R1) 283-bit type never supported -generate_not_supported:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECT_R1):283 - -PSA import ECC_PUBLIC_KEY(SECT_R1) 409-bit type not supported -depends_on:!PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:PSA_WANT_ECC_SECT_R1_409:DEPENDENCY_NOT_IMPLEMENTED_YET -import_not_supported:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECT_R1):"0401aa25466b1d291846db365957b25431591e50d9c109fe2106e93bb369775896925b15a7bfec397406ab4fe6f6b1a13bf8fdcb9300fa5500a813228676b0a6c572ed96b0f4aec7e87832e7e20f17ca98ecdfd36f59c82bddb8665f1f357a73900e827885ec9e1f22" - -PSA generate ECC_PUBLIC_KEY(SECT_R1) 409-bit type never supported -generate_not_supported:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECT_R1):409 - -PSA import ECC_PUBLIC_KEY(SECT_R1) 571-bit type not supported -depends_on:!PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:PSA_WANT_ECC_SECT_R1_571:DEPENDENCY_NOT_IMPLEMENTED_YET -import_not_supported:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECT_R1):"040708f3403ee9948114855c17572152a08f8054d486defef5f29cbffcfb7cfd9280746a1ac5f751a6ad902ec1e0525120e9be56f03437af196fbe60ee7856e3542ab2cf87880632d80290e39b1a2bd03c6bbf6225511c567bd2ff41d2325dc58346f2b60b1feee4dc8b2af2296c2dc52b153e0556b5d24152b07f690c3fa24e4d1d19efbdeb1037833a733654d2366c74" - -PSA generate ECC_PUBLIC_KEY(SECT_R1) 571-bit type never supported -generate_not_supported:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECT_R1):571 - -PSA import ECC_PUBLIC_KEY(SECT_R1) 163-bit curve not supported -depends_on:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:!PSA_WANT_ECC_SECT_R1_163:DEPENDENCY_NOT_IMPLEMENTED_YET -import_not_supported:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECT_R1):"0400465eeb9e7258b11e33c02266bfe834b20bcb118700772796ee4704ec67651bd447e3011959a79a04cb" - -PSA import ECC_PUBLIC_KEY(SECT_R1) 233-bit curve not supported -depends_on:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:!PSA_WANT_ECC_SECT_R1_233:DEPENDENCY_NOT_IMPLEMENTED_YET -import_not_supported:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECT_R1):"0400cd68c8af4430c92ec7a7048becfdf00a6bae8d1b4c37286f2d336f2a0e017eca3748f4ad6d435c85867aa014eea1bd6d9d005bbd8319cab629001d" - -PSA import ECC_PUBLIC_KEY(SECT_R1) 283-bit curve not supported -depends_on:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:!PSA_WANT_ECC_SECT_R1_283:DEPENDENCY_NOT_IMPLEMENTED_YET -import_not_supported:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECT_R1):"04052f9ff887254c2d1440ba9e30f13e2185ba53c373b2c410dae21cf8c167f796c08134f601cbc4c570bffbc2433082cf4d9eb5ba173ecb8caec15d66a02673f60807b2daa729b765" - -PSA import ECC_PUBLIC_KEY(SECT_R1) 409-bit curve not supported -depends_on:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:!PSA_WANT_ECC_SECT_R1_409:DEPENDENCY_NOT_IMPLEMENTED_YET -import_not_supported:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECT_R1):"0401aa25466b1d291846db365957b25431591e50d9c109fe2106e93bb369775896925b15a7bfec397406ab4fe6f6b1a13bf8fdcb9300fa5500a813228676b0a6c572ed96b0f4aec7e87832e7e20f17ca98ecdfd36f59c82bddb8665f1f357a73900e827885ec9e1f22" - -PSA import ECC_PUBLIC_KEY(SECT_R1) 571-bit curve not supported -depends_on:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:!PSA_WANT_ECC_SECT_R1_571:DEPENDENCY_NOT_IMPLEMENTED_YET -import_not_supported:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECT_R1):"040708f3403ee9948114855c17572152a08f8054d486defef5f29cbffcfb7cfd9280746a1ac5f751a6ad902ec1e0525120e9be56f03437af196fbe60ee7856e3542ab2cf87880632d80290e39b1a2bd03c6bbf6225511c567bd2ff41d2325dc58346f2b60b1feee4dc8b2af2296c2dc52b153e0556b5d24152b07f690c3fa24e4d1d19efbdeb1037833a733654d2366c74" - -PSA import ECC_KEY_PAIR(SECT_R2) 163-bit type not supported -depends_on:!PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECT_R2_163:DEPENDENCY_NOT_IMPLEMENTED_YET -import_not_supported:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECT_R2):"0210b482a458b4822d0cb21daa96819a67c8062d34" - -PSA generate ECC_KEY_PAIR(SECT_R2) 163-bit type not supported -depends_on:!PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECT_R2_163:DEPENDENCY_NOT_IMPLEMENTED_YET -generate_not_supported:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECT_R2):163 - -PSA import ECC_KEY_PAIR(SECT_R2) 163-bit curve not supported -depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:!PSA_WANT_ECC_SECT_R2_163:DEPENDENCY_NOT_IMPLEMENTED_YET -import_not_supported:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECT_R2):"0210b482a458b4822d0cb21daa96819a67c8062d34" - -PSA generate ECC_KEY_PAIR(SECT_R2) 163-bit curve not supported -depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:!PSA_WANT_ECC_SECT_R2_163:DEPENDENCY_NOT_IMPLEMENTED_YET -generate_not_supported:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECT_R2):163 - -PSA import ECC_PUBLIC_KEY(SECT_R2) 163-bit type not supported -depends_on:!PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:PSA_WANT_ECC_SECT_R2_163:DEPENDENCY_NOT_IMPLEMENTED_YET -import_not_supported:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECT_R2):"0403692601144c32a6cfa369ae20ae5d43c1c764678c037bafe80c6fd2e42b7ced96171d9c5367fd3dca6f" - -PSA generate ECC_PUBLIC_KEY(SECT_R2) 163-bit type never supported -generate_not_supported:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECT_R2):163 - -PSA import ECC_PUBLIC_KEY(SECT_R2) 163-bit curve not supported -depends_on:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:!PSA_WANT_ECC_SECT_R2_163:DEPENDENCY_NOT_IMPLEMENTED_YET -import_not_supported:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECT_R2):"0403692601144c32a6cfa369ae20ae5d43c1c764678c037bafe80c6fd2e42b7ced96171d9c5367fd3dca6f" - -PSA import ECC_KEY_PAIR(TWISTED_EDWARDS) 255-bit type not supported -depends_on:!PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_TWISTED_EDWARDS_255:DEPENDENCY_NOT_IMPLEMENTED_YET -import_not_supported:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_TWISTED_EDWARDS):"9d61b19deffd5a60ba844af492ec2cc44449c5697b326919703bac031cae7f60" - -PSA generate ECC_KEY_PAIR(TWISTED_EDWARDS) 255-bit type not supported -depends_on:!PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_TWISTED_EDWARDS_255:DEPENDENCY_NOT_IMPLEMENTED_YET -generate_not_supported:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_TWISTED_EDWARDS):255 - -PSA import ECC_KEY_PAIR(TWISTED_EDWARDS) 448-bit type not supported -depends_on:!PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_TWISTED_EDWARDS_448:DEPENDENCY_NOT_IMPLEMENTED_YET -import_not_supported:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_TWISTED_EDWARDS):"6c82a562cb808d10d632be89c8513ebf6c929f34ddfa8c9f63c9960ef6e348a3528c8a3fcc2f044e39a3fc5b94492f8f032e7549a20098f95b" - -PSA generate ECC_KEY_PAIR(TWISTED_EDWARDS) 448-bit type not supported -depends_on:!PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_TWISTED_EDWARDS_448:DEPENDENCY_NOT_IMPLEMENTED_YET -generate_not_supported:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_TWISTED_EDWARDS):448 - -PSA import ECC_KEY_PAIR(TWISTED_EDWARDS) 255-bit curve not supported -depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:!PSA_WANT_ECC_TWISTED_EDWARDS_255:DEPENDENCY_NOT_IMPLEMENTED_YET -import_not_supported:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_TWISTED_EDWARDS):"9d61b19deffd5a60ba844af492ec2cc44449c5697b326919703bac031cae7f60" - -PSA generate ECC_KEY_PAIR(TWISTED_EDWARDS) 255-bit curve not supported -depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:!PSA_WANT_ECC_TWISTED_EDWARDS_255:DEPENDENCY_NOT_IMPLEMENTED_YET -generate_not_supported:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_TWISTED_EDWARDS):255 - -PSA import ECC_KEY_PAIR(TWISTED_EDWARDS) 448-bit curve not supported -depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:!PSA_WANT_ECC_TWISTED_EDWARDS_448:DEPENDENCY_NOT_IMPLEMENTED_YET -import_not_supported:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_TWISTED_EDWARDS):"6c82a562cb808d10d632be89c8513ebf6c929f34ddfa8c9f63c9960ef6e348a3528c8a3fcc2f044e39a3fc5b94492f8f032e7549a20098f95b" - -PSA generate ECC_KEY_PAIR(TWISTED_EDWARDS) 448-bit curve not supported -depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:!PSA_WANT_ECC_TWISTED_EDWARDS_448:DEPENDENCY_NOT_IMPLEMENTED_YET -generate_not_supported:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_TWISTED_EDWARDS):448 - -PSA import ECC_PUBLIC_KEY(TWISTED_EDWARDS) 255-bit type not supported -depends_on:!PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:PSA_WANT_ECC_TWISTED_EDWARDS_255:DEPENDENCY_NOT_IMPLEMENTED_YET -import_not_supported:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_TWISTED_EDWARDS):"d75a980182b10ab7d54bfed3c964073a0ee172f3daa62325af021a68f707511a" - -PSA generate ECC_PUBLIC_KEY(TWISTED_EDWARDS) 255-bit type never supported -generate_not_supported:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_TWISTED_EDWARDS):255 - -PSA import ECC_PUBLIC_KEY(TWISTED_EDWARDS) 448-bit type not supported -depends_on:!PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:PSA_WANT_ECC_TWISTED_EDWARDS_448:DEPENDENCY_NOT_IMPLEMENTED_YET -import_not_supported:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_TWISTED_EDWARDS):"5fd7449b59b461fd2ce787ec616ad46a1da1342485a70e1f8a0ea75d80e96778edf124769b46c7061bd6783df1e50f6cd1fa1abeafe8256180" - -PSA generate ECC_PUBLIC_KEY(TWISTED_EDWARDS) 448-bit type never supported -generate_not_supported:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_TWISTED_EDWARDS):448 - -PSA import ECC_PUBLIC_KEY(TWISTED_EDWARDS) 255-bit curve not supported -depends_on:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:!PSA_WANT_ECC_TWISTED_EDWARDS_255:DEPENDENCY_NOT_IMPLEMENTED_YET -import_not_supported:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_TWISTED_EDWARDS):"d75a980182b10ab7d54bfed3c964073a0ee172f3daa62325af021a68f707511a" - -PSA import ECC_PUBLIC_KEY(TWISTED_EDWARDS) 448-bit curve not supported -depends_on:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:!PSA_WANT_ECC_TWISTED_EDWARDS_448:DEPENDENCY_NOT_IMPLEMENTED_YET -import_not_supported:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_TWISTED_EDWARDS):"5fd7449b59b461fd2ce787ec616ad46a1da1342485a70e1f8a0ea75d80e96778edf124769b46c7061bd6783df1e50f6cd1fa1abeafe8256180" - -# End of automatically generated file. diff --git a/tests/suites/test_suite_psa_crypto_storage_format.current.data b/tests/suites/test_suite_psa_crypto_storage_format.current.data deleted file mode 100644 index 732b80b6b9..0000000000 --- a/tests/suites/test_suite_psa_crypto_storage_format.current.data +++ /dev/null @@ -1,775 +0,0 @@ -# Automatically generated by generate_psa_tests.py. Do not edit! - -PSA storage save: usage: 0 -depends_on:PSA_WANT_KEY_TYPE_RAW_DATA -key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:0:0x0000:0x0000:"4b":"505341004b455900000000000100000001100800000000000000000000000000010000004b" - -PSA storage save: usage: COPY -depends_on:PSA_WANT_KEY_TYPE_RAW_DATA -key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_COPY:0x0000:0x0000:"4b":"505341004b455900000000000100000001100800020000000000000000000000010000004b" - -PSA storage save: usage: DECRYPT -depends_on:PSA_WANT_KEY_TYPE_RAW_DATA -key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_DECRYPT:0x0000:0x0000:"4b":"505341004b455900000000000100000001100800000200000000000000000000010000004b" - -PSA storage save: usage: DERIVE -depends_on:PSA_WANT_KEY_TYPE_RAW_DATA -key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_DERIVE:0x0000:0x0000:"4b":"505341004b455900000000000100000001100800004000000000000000000000010000004b" - -PSA storage save: usage: ENCRYPT -depends_on:PSA_WANT_KEY_TYPE_RAW_DATA -key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_ENCRYPT:0x0000:0x0000:"4b":"505341004b455900000000000100000001100800000100000000000000000000010000004b" - -PSA storage save: usage: EXPORT -depends_on:PSA_WANT_KEY_TYPE_RAW_DATA -key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"4b":"505341004b455900000000000100000001100800010000000000000000000000010000004b" - -PSA storage save: usage: SIGN_HASH -depends_on:PSA_WANT_KEY_TYPE_RAW_DATA -key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_SIGN_HASH:0x0000:0x0000:"4b":"505341004b455900000000000100000001100800001000000000000000000000010000004b" - -PSA storage save: usage: VERIFY_DERIVATION -depends_on:PSA_WANT_KEY_TYPE_RAW_DATA -key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_VERIFY_DERIVATION:0x0000:0x0000:"4b":"505341004b455900000000000100000001100800008000000000000000000000010000004b" - -PSA storage save: usage: VERIFY_HASH -depends_on:PSA_WANT_KEY_TYPE_RAW_DATA -key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_VERIFY_HASH:0x0000:0x0000:"4b":"505341004b455900000000000100000001100800002000000000000000000000010000004b" - -PSA storage save: usage: COPY | DECRYPT -depends_on:PSA_WANT_KEY_TYPE_RAW_DATA -key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_DECRYPT:0x0000:0x0000:"4b":"505341004b455900000000000100000001100800020200000000000000000000010000004b" - -PSA storage save: usage: DECRYPT | DERIVE -depends_on:PSA_WANT_KEY_TYPE_RAW_DATA -key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_DERIVE:0x0000:0x0000:"4b":"505341004b455900000000000100000001100800004200000000000000000000010000004b" - -PSA storage save: usage: DERIVE | ENCRYPT -depends_on:PSA_WANT_KEY_TYPE_RAW_DATA -key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_DERIVE | PSA_KEY_USAGE_ENCRYPT:0x0000:0x0000:"4b":"505341004b455900000000000100000001100800004100000000000000000000010000004b" - -PSA storage save: usage: ENCRYPT | EXPORT -depends_on:PSA_WANT_KEY_TYPE_RAW_DATA -key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"4b":"505341004b455900000000000100000001100800010100000000000000000000010000004b" - -PSA storage save: usage: EXPORT | SIGN_HASH -depends_on:PSA_WANT_KEY_TYPE_RAW_DATA -key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH:0x0000:0x0000:"4b":"505341004b455900000000000100000001100800011000000000000000000000010000004b" - -PSA storage save: usage: SIGN_HASH | VERIFY_DERIVATION -depends_on:PSA_WANT_KEY_TYPE_RAW_DATA -key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_DERIVATION:0x0000:0x0000:"4b":"505341004b455900000000000100000001100800009000000000000000000000010000004b" - -PSA storage save: usage: VERIFY_DERIVATION | VERIFY_HASH -depends_on:PSA_WANT_KEY_TYPE_RAW_DATA -key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_VERIFY_DERIVATION | PSA_KEY_USAGE_VERIFY_HASH:0x0000:0x0000:"4b":"505341004b45590000000000010000000110080000a000000000000000000000010000004b" - -PSA storage save: usage: VERIFY_HASH | COPY -depends_on:PSA_WANT_KEY_TYPE_RAW_DATA -key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_COPY:0x0000:0x0000:"4b":"505341004b455900000000000100000001100800022000000000000000000000010000004b" - -PSA storage save: usage: all known -depends_on:PSA_WANT_KEY_TYPE_RAW_DATA -key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_DERIVE | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_DERIVATION | PSA_KEY_USAGE_VERIFY_HASH:0x0000:0x0000:"4b":"505341004b45590000000000010000000110080003f300000000000000000000010000004b" - -PSA storage save: type: AES 128-bit -depends_on:PSA_WANT_KEY_TYPE_AES -key_storage_save:0x0001:PSA_KEY_TYPE_AES:128:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"48657265006973206b6579a064617461":"505341004b4559000000000001000000002480000100000000000000000000001000000048657265006973206b6579a064617461" - -PSA storage save: type: AES 192-bit -depends_on:PSA_WANT_KEY_TYPE_AES -key_storage_save:0x0001:PSA_KEY_TYPE_AES:192:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"48657265006973206b6579a0646174614865726500697320":"505341004b45590000000000010000000024c0000100000000000000000000001800000048657265006973206b6579a0646174614865726500697320" - -PSA storage save: type: AES 256-bit -depends_on:PSA_WANT_KEY_TYPE_AES -key_storage_save:0x0001:PSA_KEY_TYPE_AES:256:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"48657265006973206b6579a06461746148657265006973206b6579a064617461":"505341004b4559000000000001000000002400010100000000000000000000002000000048657265006973206b6579a06461746148657265006973206b6579a064617461" - -PSA storage save: type: ARC4 8-bit -depends_on:PSA_WANT_KEY_TYPE_ARC4 -key_storage_save:0x0001:PSA_KEY_TYPE_ARC4:8:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"48":"505341004b4559000000000001000000022008000100000000000000000000000100000048" - -PSA storage save: type: ARC4 128-bit -depends_on:PSA_WANT_KEY_TYPE_ARC4 -key_storage_save:0x0001:PSA_KEY_TYPE_ARC4:128:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"48657265006973206b6579a064617461":"505341004b4559000000000001000000022080000100000000000000000000001000000048657265006973206b6579a064617461" - -PSA storage save: type: ARC4 2048-bit -depends_on:PSA_WANT_KEY_TYPE_ARC4 -key_storage_save:0x0001:PSA_KEY_TYPE_ARC4:2048:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"48657265006973206b6579a06461746148657265006973206b6579a06461746148657265006973206b6579a06461746148657265006973206b6579a06461746148657265006973206b6579a06461746148657265006973206b6579a06461746148657265006973206b6579a06461746148657265006973206b6579a06461746148657265006973206b6579a06461746148657265006973206b6579a06461746148657265006973206b6579a06461746148657265006973206b6579a06461746148657265006973206b6579a06461746148657265006973206b6579a06461746148657265006973206b6579a06461746148657265006973206b6579a064617461":"505341004b4559000000000001000000022000080100000000000000000000000001000048657265006973206b6579a06461746148657265006973206b6579a06461746148657265006973206b6579a06461746148657265006973206b6579a06461746148657265006973206b6579a06461746148657265006973206b6579a06461746148657265006973206b6579a06461746148657265006973206b6579a06461746148657265006973206b6579a06461746148657265006973206b6579a06461746148657265006973206b6579a06461746148657265006973206b6579a06461746148657265006973206b6579a06461746148657265006973206b6579a06461746148657265006973206b6579a06461746148657265006973206b6579a064617461" - -PSA storage save: type: CAMELLIA 128-bit -depends_on:PSA_WANT_KEY_TYPE_CAMELLIA -key_storage_save:0x0001:PSA_KEY_TYPE_CAMELLIA:128:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"48657265006973206b6579a064617461":"505341004b4559000000000001000000032480000100000000000000000000001000000048657265006973206b6579a064617461" - -PSA storage save: type: CAMELLIA 192-bit -depends_on:PSA_WANT_KEY_TYPE_CAMELLIA -key_storage_save:0x0001:PSA_KEY_TYPE_CAMELLIA:192:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"48657265006973206b6579a0646174614865726500697320":"505341004b45590000000000010000000324c0000100000000000000000000001800000048657265006973206b6579a0646174614865726500697320" - -PSA storage save: type: CAMELLIA 256-bit -depends_on:PSA_WANT_KEY_TYPE_CAMELLIA -key_storage_save:0x0001:PSA_KEY_TYPE_CAMELLIA:256:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"48657265006973206b6579a06461746148657265006973206b6579a064617461":"505341004b4559000000000001000000032400010100000000000000000000002000000048657265006973206b6579a06461746148657265006973206b6579a064617461" - -PSA storage save: type: CHACHA20 256-bit -depends_on:PSA_WANT_KEY_TYPE_CHACHA20 -key_storage_save:0x0001:PSA_KEY_TYPE_CHACHA20:256:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"48657265006973206b6579a06461746148657265006973206b6579a064617461":"505341004b4559000000000001000000042000010100000000000000000000002000000048657265006973206b6579a06461746148657265006973206b6579a064617461" - -PSA storage save: type: DERIVE 120-bit -depends_on:PSA_WANT_KEY_TYPE_DERIVE -key_storage_save:0x0001:PSA_KEY_TYPE_DERIVE:120:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"48657265006973206b6579a0646174":"505341004b4559000000000001000000001278000100000000000000000000000f00000048657265006973206b6579a0646174" - -PSA storage save: type: DERIVE 128-bit -depends_on:PSA_WANT_KEY_TYPE_DERIVE -key_storage_save:0x0001:PSA_KEY_TYPE_DERIVE:128:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"48657265006973206b6579a064617461":"505341004b4559000000000001000000001280000100000000000000000000001000000048657265006973206b6579a064617461" - -PSA storage save: type: DES 64-bit -depends_on:PSA_WANT_KEY_TYPE_DES -key_storage_save:0x0001:PSA_KEY_TYPE_DES:64:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"644573206b457901":"505341004b45590000000000010000000123400001000000000000000000000008000000644573206b457901" - -PSA storage save: type: DES 128-bit -depends_on:PSA_WANT_KEY_TYPE_DES -key_storage_save:0x0001:PSA_KEY_TYPE_DES:128:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"644573206b457901644573206b457902":"505341004b45590000000000010000000123800001000000000000000000000010000000644573206b457901644573206b457902" - -PSA storage save: type: DES 192-bit -depends_on:PSA_WANT_KEY_TYPE_DES -key_storage_save:0x0001:PSA_KEY_TYPE_DES:192:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"644573206b457901644573206b457902644573206b457904":"505341004b45590000000000010000000123c00001000000000000000000000018000000644573206b457901644573206b457902644573206b457904" - -PSA storage save: type: HMAC 128-bit -depends_on:PSA_WANT_KEY_TYPE_HMAC -key_storage_save:0x0001:PSA_KEY_TYPE_HMAC:128:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"48657265006973206b6579a064617461":"505341004b4559000000000001000000001180000100000000000000000000001000000048657265006973206b6579a064617461" - -PSA storage save: type: HMAC 160-bit -depends_on:PSA_WANT_KEY_TYPE_HMAC -key_storage_save:0x0001:PSA_KEY_TYPE_HMAC:160:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"48657265006973206b6579a06461746148657265":"505341004b45590000000000010000000011a0000100000000000000000000001400000048657265006973206b6579a06461746148657265" - -PSA storage save: type: HMAC 224-bit -depends_on:PSA_WANT_KEY_TYPE_HMAC -key_storage_save:0x0001:PSA_KEY_TYPE_HMAC:224:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"48657265006973206b6579a06461746148657265006973206b6579a0":"505341004b45590000000000010000000011e0000100000000000000000000001c00000048657265006973206b6579a06461746148657265006973206b6579a0" - -PSA storage save: type: HMAC 256-bit -depends_on:PSA_WANT_KEY_TYPE_HMAC -key_storage_save:0x0001:PSA_KEY_TYPE_HMAC:256:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"48657265006973206b6579a06461746148657265006973206b6579a064617461":"505341004b4559000000000001000000001100010100000000000000000000002000000048657265006973206b6579a06461746148657265006973206b6579a064617461" - -PSA storage save: type: HMAC 384-bit -depends_on:PSA_WANT_KEY_TYPE_HMAC -key_storage_save:0x0001:PSA_KEY_TYPE_HMAC:384:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"48657265006973206b6579a06461746148657265006973206b6579a06461746148657265006973206b6579a064617461":"505341004b4559000000000001000000001180010100000000000000000000003000000048657265006973206b6579a06461746148657265006973206b6579a06461746148657265006973206b6579a064617461" - -PSA storage save: type: HMAC 512-bit -depends_on:PSA_WANT_KEY_TYPE_HMAC -key_storage_save:0x0001:PSA_KEY_TYPE_HMAC:512:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"48657265006973206b6579a06461746148657265006973206b6579a06461746148657265006973206b6579a06461746148657265006973206b6579a064617461":"505341004b4559000000000001000000001100020100000000000000000000004000000048657265006973206b6579a06461746148657265006973206b6579a06461746148657265006973206b6579a06461746148657265006973206b6579a064617461" - -PSA storage save: type: PASSWORD 48-bit -depends_on:PSA_WANT_KEY_TYPE_PASSWORD -key_storage_save:0x0001:PSA_KEY_TYPE_PASSWORD:48:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"486572650069":"505341004b45590000000000010000000312300001000000000000000000000006000000486572650069" - -PSA storage save: type: PASSWORD 168-bit -depends_on:PSA_WANT_KEY_TYPE_PASSWORD -key_storage_save:0x0001:PSA_KEY_TYPE_PASSWORD:168:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"48657265006973206b6579a0646174614865726500":"505341004b45590000000000010000000312a8000100000000000000000000001500000048657265006973206b6579a0646174614865726500" - -PSA storage save: type: PASSWORD 336-bit -depends_on:PSA_WANT_KEY_TYPE_PASSWORD -key_storage_save:0x0001:PSA_KEY_TYPE_PASSWORD:336:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"48657265006973206b6579a06461746148657265006973206b6579a06461746148657265006973206b65":"505341004b4559000000000001000000031250010100000000000000000000002a00000048657265006973206b6579a06461746148657265006973206b6579a06461746148657265006973206b65" - -PSA storage save: type: PASSWORD_HASH 128-bit -depends_on:PSA_WANT_KEY_TYPE_PASSWORD_HASH -key_storage_save:0x0001:PSA_KEY_TYPE_PASSWORD_HASH:128:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"48657265006973206b6579a064617461":"505341004b4559000000000001000000051280000100000000000000000000001000000048657265006973206b6579a064617461" - -PSA storage save: type: PASSWORD_HASH 256-bit -depends_on:PSA_WANT_KEY_TYPE_PASSWORD_HASH -key_storage_save:0x0001:PSA_KEY_TYPE_PASSWORD_HASH:256:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"48657265006973206b6579a06461746148657265006973206b6579a064617461":"505341004b4559000000000001000000051200010100000000000000000000002000000048657265006973206b6579a06461746148657265006973206b6579a064617461" - -PSA storage save: type: PEPPER 128-bit -depends_on:PSA_WANT_KEY_TYPE_PEPPER -key_storage_save:0x0001:PSA_KEY_TYPE_PEPPER:128:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"48657265006973206b6579a064617461":"505341004b4559000000000001000000061280000100000000000000000000001000000048657265006973206b6579a064617461" - -PSA storage save: type: PEPPER 256-bit -depends_on:PSA_WANT_KEY_TYPE_PEPPER -key_storage_save:0x0001:PSA_KEY_TYPE_PEPPER:256:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"48657265006973206b6579a06461746148657265006973206b6579a064617461":"505341004b4559000000000001000000061200010100000000000000000000002000000048657265006973206b6579a06461746148657265006973206b6579a064617461" - -PSA storage save: type: RAW_DATA 8-bit -depends_on:PSA_WANT_KEY_TYPE_RAW_DATA -key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"48":"505341004b4559000000000001000000011008000100000000000000000000000100000048" - -PSA storage save: type: RAW_DATA 40-bit -depends_on:PSA_WANT_KEY_TYPE_RAW_DATA -key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:40:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"4865726500":"505341004b455900000000000100000001102800010000000000000000000000050000004865726500" - -PSA storage save: type: RAW_DATA 128-bit -depends_on:PSA_WANT_KEY_TYPE_RAW_DATA -key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:128:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"48657265006973206b6579a064617461":"505341004b4559000000000001000000011080000100000000000000000000001000000048657265006973206b6579a064617461" - -PSA storage save: type: RSA_KEY_PAIR 1024-bit -depends_on:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR -key_storage_save:0x0001:PSA_KEY_TYPE_RSA_KEY_PAIR:1024:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":"505341004b455900000000000100000001700004010000000000000000000000620200003082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24" - -PSA storage save: type: RSA_KEY_PAIR 1536-bit -depends_on:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR -key_storage_save:0x0001:PSA_KEY_TYPE_RSA_KEY_PAIR:1536:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"3082037b0201000281c100c870feb6ca6b1d2bd9f2dd99e20f1fe2d7e5192de662229dbe162bd1ba66336a7182903ca0b72796cd441c83d24bcdc3e9a2f5e4399c8a043f1c3ddf04754a66d4cfe7b3671a37dd31a9b4c13bfe06ee90f9d94ddaa06de67a52ac863e68f756736ceb014405a6160579640f831dddccc34ad0b05070e3f9954a58d1815813e1b83bcadba814789c87f1ef2ba5d738b793ec456a67360eea1b5faf1c7cc7bf24f3b2a9d0f8958b1096e0f0c335f8888d0c63a51c3c0337214fa3f5efdf6dcc3502030100010281c06d2d670047973a87752a9d5bc14f3dae00acb01f593aa0e24cf4a49f932931de4bbfb332e2d38083da80bc0b6d538edba479f7f77d0deffb4a28e6e67ff6273585bb4cd862535c946605ab0809d65f0e38f76e4ec2c3d9b8cd6e14bcf667943892cd4b34cc6420a439abbf3d7d35ef73976dd6f9cbde35a51fa5213f0107f83e3425835d16d3c9146fc9e36ce75a09bb66cdff21dd5a776899f1cb07e282cca27be46510e9c799f0d8db275a6be085d9f3f803218ee3384265bfb1a3640e8ca1026100e6848c31d466fffefc547e3a3b0d3785de6f78b0dd12610843512e495611a0675509b1650b27415009838dd8e68eec6e7530553b637d602424643b33e8bc5b762e1799bc79d56b13251d36d4f201da2182416ce13574e88278ff04467ad602d9026100de994fdf181f02be2bf9e5f5e4e517a94993b827d1eaf609033e3a6a6f2396ae7c44e9eb594cf1044cb3ad32ea258f0c82963b27bb650ed200cde82cb993374be34be5b1c7ead5446a2b82a4486e8c1810a0b01551609fb0841d474bada802bd026076ddae751b73a959d0bfb8ff49e7fcd378e9be30652ecefe35c82cb8003bc29cc60ae3809909baf20c95db9516fe680865417111d8b193dbcf30281f1249de57c858bf1ba32f5bb1599800e8398a9ef25c7a642c95261da6f9c17670e97265b10260732482b837d5f2a9443e23c1aa0106d83e82f6c3424673b5fdc3769c0f992d1c5c93991c7038e882fcda04414df4d7a5f4f698ead87851ce37344b60b72d7b70f9c60cae8566e7a257f8e1bef0e89df6e4c2f9d24d21d9f8889e4c7eccf91751026009050d94493da8f00a4ddbe9c800afe3d44b43f78a48941a79b2814a1f0b81a18a8b2347642a03b27998f5a18de9abc9ae0e54ab8294feac66dc87e854cce6f7278ac2710cb5878b592ffeb1f4f0a1853e4e8d1d0561b6efcc831a296cf7eeaf":"505341004b4559000000000001000000017000060100000000000000000000007f0300003082037b0201000281c100c870feb6ca6b1d2bd9f2dd99e20f1fe2d7e5192de662229dbe162bd1ba66336a7182903ca0b72796cd441c83d24bcdc3e9a2f5e4399c8a043f1c3ddf04754a66d4cfe7b3671a37dd31a9b4c13bfe06ee90f9d94ddaa06de67a52ac863e68f756736ceb014405a6160579640f831dddccc34ad0b05070e3f9954a58d1815813e1b83bcadba814789c87f1ef2ba5d738b793ec456a67360eea1b5faf1c7cc7bf24f3b2a9d0f8958b1096e0f0c335f8888d0c63a51c3c0337214fa3f5efdf6dcc3502030100010281c06d2d670047973a87752a9d5bc14f3dae00acb01f593aa0e24cf4a49f932931de4bbfb332e2d38083da80bc0b6d538edba479f7f77d0deffb4a28e6e67ff6273585bb4cd862535c946605ab0809d65f0e38f76e4ec2c3d9b8cd6e14bcf667943892cd4b34cc6420a439abbf3d7d35ef73976dd6f9cbde35a51fa5213f0107f83e3425835d16d3c9146fc9e36ce75a09bb66cdff21dd5a776899f1cb07e282cca27be46510e9c799f0d8db275a6be085d9f3f803218ee3384265bfb1a3640e8ca1026100e6848c31d466fffefc547e3a3b0d3785de6f78b0dd12610843512e495611a0675509b1650b27415009838dd8e68eec6e7530553b637d602424643b33e8bc5b762e1799bc79d56b13251d36d4f201da2182416ce13574e88278ff04467ad602d9026100de994fdf181f02be2bf9e5f5e4e517a94993b827d1eaf609033e3a6a6f2396ae7c44e9eb594cf1044cb3ad32ea258f0c82963b27bb650ed200cde82cb993374be34be5b1c7ead5446a2b82a4486e8c1810a0b01551609fb0841d474bada802bd026076ddae751b73a959d0bfb8ff49e7fcd378e9be30652ecefe35c82cb8003bc29cc60ae3809909baf20c95db9516fe680865417111d8b193dbcf30281f1249de57c858bf1ba32f5bb1599800e8398a9ef25c7a642c95261da6f9c17670e97265b10260732482b837d5f2a9443e23c1aa0106d83e82f6c3424673b5fdc3769c0f992d1c5c93991c7038e882fcda04414df4d7a5f4f698ead87851ce37344b60b72d7b70f9c60cae8566e7a257f8e1bef0e89df6e4c2f9d24d21d9f8889e4c7eccf91751026009050d94493da8f00a4ddbe9c800afe3d44b43f78a48941a79b2814a1f0b81a18a8b2347642a03b27998f5a18de9abc9ae0e54ab8294feac66dc87e854cce6f7278ac2710cb5878b592ffeb1f4f0a1853e4e8d1d0561b6efcc831a296cf7eeaf" - -PSA storage save: type: RSA_PUBLIC_KEY 1024-bit -depends_on:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY -key_storage_save:0x0001:PSA_KEY_TYPE_RSA_PUBLIC_KEY:1024:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":"505341004b4559000000000001000000014000040100000000000000000000008c00000030818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001" - -PSA storage save: type: RSA_PUBLIC_KEY 1536-bit -depends_on:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY -key_storage_save:0x0001:PSA_KEY_TYPE_RSA_PUBLIC_KEY:1536:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"3081c90281c100c870feb6ca6b1d2bd9f2dd99e20f1fe2d7e5192de662229dbe162bd1ba66336a7182903ca0b72796cd441c83d24bcdc3e9a2f5e4399c8a043f1c3ddf04754a66d4cfe7b3671a37dd31a9b4c13bfe06ee90f9d94ddaa06de67a52ac863e68f756736ceb014405a6160579640f831dddccc34ad0b05070e3f9954a58d1815813e1b83bcadba814789c87f1ef2ba5d738b793ec456a67360eea1b5faf1c7cc7bf24f3b2a9d0f8958b1096e0f0c335f8888d0c63a51c3c0337214fa3f5efdf6dcc350203010001":"505341004b455900000000000100000001400006010000000000000000000000cc0000003081c90281c100c870feb6ca6b1d2bd9f2dd99e20f1fe2d7e5192de662229dbe162bd1ba66336a7182903ca0b72796cd441c83d24bcdc3e9a2f5e4399c8a043f1c3ddf04754a66d4cfe7b3671a37dd31a9b4c13bfe06ee90f9d94ddaa06de67a52ac863e68f756736ceb014405a6160579640f831dddccc34ad0b05070e3f9954a58d1815813e1b83bcadba814789c87f1ef2ba5d738b793ec456a67360eea1b5faf1c7cc7bf24f3b2a9d0f8958b1096e0f0c335f8888d0c63a51c3c0337214fa3f5efdf6dcc350203010001" - -PSA storage save: type: ECC_KEY_PAIR(BRAINPOOL_P_R1) 160-bit -depends_on:PSA_WANT_ECC_BRAINPOOL_P_R1_160:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR -key_storage_save:0x0001:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_BRAINPOOL_P_R1):160:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"69502c4fdaf48d4fa617bdd24498b0406d0eeaac":"505341004b45590000000000010000003071a0000100000000000000000000001400000069502c4fdaf48d4fa617bdd24498b0406d0eeaac" - -PSA storage save: type: ECC_KEY_PAIR(BRAINPOOL_P_R1) 192-bit -depends_on:PSA_WANT_ECC_BRAINPOOL_P_R1_192:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR -key_storage_save:0x0001:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_BRAINPOOL_P_R1):192:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"1688a2c5fbf4a3c851d76a98c3ec88f445a97996283db59f":"505341004b45590000000000010000003071c000010000000000000000000000180000001688a2c5fbf4a3c851d76a98c3ec88f445a97996283db59f" - -PSA storage save: type: ECC_KEY_PAIR(BRAINPOOL_P_R1) 224-bit -depends_on:PSA_WANT_ECC_BRAINPOOL_P_R1_224:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR -key_storage_save:0x0001:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_BRAINPOOL_P_R1):224:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"a69835dafeb5da5ab89c59860dddebcfd80b529a99f59b880882923c":"505341004b45590000000000010000003071e0000100000000000000000000001c000000a69835dafeb5da5ab89c59860dddebcfd80b529a99f59b880882923c" - -PSA storage save: type: ECC_KEY_PAIR(BRAINPOOL_P_R1) 256-bit -depends_on:PSA_WANT_ECC_BRAINPOOL_P_R1_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR -key_storage_save:0x0001:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_BRAINPOOL_P_R1):256:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"2161d6f2db76526fa62c16f356a80f01f32f776784b36aa99799a8b7662080ff":"505341004b455900000000000100000030710001010000000000000000000000200000002161d6f2db76526fa62c16f356a80f01f32f776784b36aa99799a8b7662080ff" - -PSA storage save: type: ECC_KEY_PAIR(BRAINPOOL_P_R1) 320-bit -depends_on:PSA_WANT_ECC_BRAINPOOL_P_R1_320:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR -key_storage_save:0x0001:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_BRAINPOOL_P_R1):320:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"61b8daa7a6e5aa9fccf1ef504220b2e5a5b8c6dc7475d16d3172d7db0b2778414e4f6e8fa2032ead":"505341004b4559000000000001000000307140010100000000000000000000002800000061b8daa7a6e5aa9fccf1ef504220b2e5a5b8c6dc7475d16d3172d7db0b2778414e4f6e8fa2032ead" - -PSA storage save: type: ECC_KEY_PAIR(BRAINPOOL_P_R1) 384-bit -depends_on:PSA_WANT_ECC_BRAINPOOL_P_R1_384:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR -key_storage_save:0x0001:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_BRAINPOOL_P_R1):384:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"3dd92e750d90d7d39fc1885cd8ad12ea9441f22b9334b4d965202adb1448ce24c5808a85dd9afc229af0a3124f755bcb":"505341004b455900000000000100000030718001010000000000000000000000300000003dd92e750d90d7d39fc1885cd8ad12ea9441f22b9334b4d965202adb1448ce24c5808a85dd9afc229af0a3124f755bcb" - -PSA storage save: type: ECC_KEY_PAIR(BRAINPOOL_P_R1) 512-bit -depends_on:PSA_WANT_ECC_BRAINPOOL_P_R1_512:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR -key_storage_save:0x0001:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_BRAINPOOL_P_R1):512:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"372c9778f69f726cbca3f4a268f16b4d617d10280d79a6a029cd51879fe1012934dfe5395455337df6906dc7d6d2eea4dbb2065c0228f73b3ed716480e7d71d2":"505341004b45590000000000010000003071000201000000000000000000000040000000372c9778f69f726cbca3f4a268f16b4d617d10280d79a6a029cd51879fe1012934dfe5395455337df6906dc7d6d2eea4dbb2065c0228f73b3ed716480e7d71d2" - -PSA storage save: type: ECC_KEY_PAIR(MONTGOMERY) 255-bit -depends_on:PSA_WANT_ECC_MONTGOMERY_255:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR -key_storage_save:0x0001:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_MONTGOMERY):255:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"70076d0a7318a57d3c16c17251b26645df4c2f87ebc0992ab177fba51db92c6a":"505341004b45590000000000010000004171ff000100000000000000000000002000000070076d0a7318a57d3c16c17251b26645df4c2f87ebc0992ab177fba51db92c6a" - -PSA storage save: type: ECC_KEY_PAIR(MONTGOMERY) 448-bit -depends_on:PSA_WANT_ECC_MONTGOMERY_448:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR -key_storage_save:0x0001:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_MONTGOMERY):448:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"e4e49f52686f9ee3b638528f721f1596196ffd0a1cddb64c3f216f06541805cfeb1a286dc78018095cdfec050e8007b5f4908962ba20d6c1":"505341004b45590000000000010000004171c00101000000000000000000000038000000e4e49f52686f9ee3b638528f721f1596196ffd0a1cddb64c3f216f06541805cfeb1a286dc78018095cdfec050e8007b5f4908962ba20d6c1" - -PSA storage save: type: ECC_KEY_PAIR(SECP_K1) 192-bit -depends_on:PSA_WANT_ECC_SECP_K1_192:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR -key_storage_save:0x0001:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_K1):192:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"297ac1722ccac7589ecb240dc719842538ca974beb79f228":"505341004b45590000000000010000001771c00001000000000000000000000018000000297ac1722ccac7589ecb240dc719842538ca974beb79f228" - -PSA storage save: type: ECC_KEY_PAIR(SECP_K1) 224-bit -depends_on:PSA_WANT_ECC_SECP_K1_224:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR -key_storage_save:0x0001:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_K1):224:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"0024122bf020fa113f6c0ac978dfbd41f749257a9468febdbe0dc9f7e8":"505341004b45590000000000010000001771e0000100000000000000000000001d0000000024122bf020fa113f6c0ac978dfbd41f749257a9468febdbe0dc9f7e8" - -PSA storage save: type: ECC_KEY_PAIR(SECP_K1) 256-bit -depends_on:PSA_WANT_ECC_SECP_K1_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR -key_storage_save:0x0001:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_K1):256:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"7fa06fa02d0e911b9a47fdc17d2d962ca01e2f31d60c6212d0ed7e3bba23a7b9":"505341004b455900000000000100000017710001010000000000000000000000200000007fa06fa02d0e911b9a47fdc17d2d962ca01e2f31d60c6212d0ed7e3bba23a7b9" - -PSA storage save: type: ECC_KEY_PAIR(SECP_R1) 225-bit -depends_on:PSA_WANT_ECC_SECP_R1_225:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR -key_storage_save:0x0001:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):225:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"872f203b3ad35b7f2ecc803c3a0e1e0b1ed61cc1afe71b189cd4c995":"505341004b45590000000000010000001271e1000100000000000000000000001c000000872f203b3ad35b7f2ecc803c3a0e1e0b1ed61cc1afe71b189cd4c995" - -PSA storage save: type: ECC_KEY_PAIR(SECP_R1) 256-bit -depends_on:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR -key_storage_save:0x0001:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):256:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":"505341004b4559000000000001000000127100010100000000000000000000002000000049c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee" - -PSA storage save: type: ECC_KEY_PAIR(SECP_R1) 384-bit -depends_on:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR -key_storage_save:0x0001:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):384:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"3f5d8d9be280b5696cc5cc9f94cf8af7e6b61dd6592b2ab2b3a4c607450417ec327dcdcaed7c10053d719a0574f0a76a":"505341004b455900000000000100000012718001010000000000000000000000300000003f5d8d9be280b5696cc5cc9f94cf8af7e6b61dd6592b2ab2b3a4c607450417ec327dcdcaed7c10053d719a0574f0a76a" - -PSA storage save: type: ECC_KEY_PAIR(SECP_R1) 521-bit -depends_on:PSA_WANT_ECC_SECP_R1_521:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR -key_storage_save:0x0001:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):521:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"01b1b6ad07bb79e7320da59860ea28e055284f6058f279de666e06d435d2af7bda28d99fa47b7dd0963e16b0073078ee8b8a38d966a582f46d19ff95df3ad9685aae":"505341004b4559000000000001000000127109020100000000000000000000004200000001b1b6ad07bb79e7320da59860ea28e055284f6058f279de666e06d435d2af7bda28d99fa47b7dd0963e16b0073078ee8b8a38d966a582f46d19ff95df3ad9685aae" - -PSA storage save: type: ECC_KEY_PAIR(SECP_R2) 160-bit -depends_on:PSA_WANT_ECC_SECP_R2_160:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR -key_storage_save:0x0001:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R2):160:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"00bf539a1cdda0d7f71a50a3f98aec0a2e8e4ced1e":"505341004b45590000000000010000001b71a0000100000000000000000000001500000000bf539a1cdda0d7f71a50a3f98aec0a2e8e4ced1e" - -PSA storage save: type: ECC_KEY_PAIR(SECT_K1) 163-bit -depends_on:PSA_WANT_ECC_SECT_K1_163:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR -key_storage_save:0x0001:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECT_K1):163:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"03ebc8fcded2d6ab72ec0f75bdb4fd080481273e71":"505341004b45590000000000010000002771a3000100000000000000000000001500000003ebc8fcded2d6ab72ec0f75bdb4fd080481273e71" - -PSA storage save: type: ECC_KEY_PAIR(SECT_K1) 233-bit -depends_on:PSA_WANT_ECC_SECT_K1_233:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR -key_storage_save:0x0001:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECT_K1):233:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"41f08485ce587b06061c087e76e247c359de2ba9927ee013b2f1ed9ca8":"505341004b45590000000000010000002771e9000100000000000000000000001d00000041f08485ce587b06061c087e76e247c359de2ba9927ee013b2f1ed9ca8" - -PSA storage save: type: ECC_KEY_PAIR(SECT_K1) 239-bit -depends_on:PSA_WANT_ECC_SECT_K1_239:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR -key_storage_save:0x0001:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECT_K1):239:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"1a8069ce2c2c8bdd7087f2a6ab49588797e6294e979495602ab9650b9c61":"505341004b45590000000000010000002771ef000100000000000000000000001e0000001a8069ce2c2c8bdd7087f2a6ab49588797e6294e979495602ab9650b9c61" - -PSA storage save: type: ECC_KEY_PAIR(SECT_K1) 283-bit -depends_on:PSA_WANT_ECC_SECT_K1_283:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR -key_storage_save:0x0001:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECT_K1):283:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"006d627885dd48b9ec6facb5b3865377d755b75a5d51440e45211c1f600e15eff8a881a0":"505341004b455900000000000100000027711b0101000000000000000000000024000000006d627885dd48b9ec6facb5b3865377d755b75a5d51440e45211c1f600e15eff8a881a0" - -PSA storage save: type: ECC_KEY_PAIR(SECT_K1) 409-bit -depends_on:PSA_WANT_ECC_SECT_K1_409:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR -key_storage_save:0x0001:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECT_K1):409:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"3ff5e74d932fa77db139b7c948c81e4069c72c24845574064beea8976b70267f1c6f9a503e3892ea1dcbb71fcea423faa370a8":"505341004b455900000000000100000027719901010000000000000000000000330000003ff5e74d932fa77db139b7c948c81e4069c72c24845574064beea8976b70267f1c6f9a503e3892ea1dcbb71fcea423faa370a8" - -PSA storage save: type: ECC_KEY_PAIR(SECT_K1) 571-bit -depends_on:PSA_WANT_ECC_SECT_K1_571:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR -key_storage_save:0x0001:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECT_K1):571:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"005008c97b4a161c0db1bac6452c72846d57337aa92d8ecb4a66eb01d2f29555ffb61a5317225dcc8ca6917d91789e227efc0bfe9eeda7ee21998cd11c3c9885056b0e55b4f75d51":"505341004b455900000000000100000027713b0201000000000000000000000048000000005008c97b4a161c0db1bac6452c72846d57337aa92d8ecb4a66eb01d2f29555ffb61a5317225dcc8ca6917d91789e227efc0bfe9eeda7ee21998cd11c3c9885056b0e55b4f75d51" - -PSA storage save: type: ECC_KEY_PAIR(SECT_R1) 163-bit -depends_on:PSA_WANT_ECC_SECT_R1_163:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR -key_storage_save:0x0001:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECT_R1):163:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"009b05dc82d46d64a04a22e6e5ca70ca1231e68c50":"505341004b45590000000000010000002271a30001000000000000000000000015000000009b05dc82d46d64a04a22e6e5ca70ca1231e68c50" - -PSA storage save: type: ECC_KEY_PAIR(SECT_R1) 233-bit -depends_on:PSA_WANT_ECC_SECT_R1_233:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR -key_storage_save:0x0001:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECT_R1):233:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"00e5e42834e3c78758088b905deea975f28dc20ef6173e481f96e88afe7f":"505341004b45590000000000010000002271e9000100000000000000000000001e00000000e5e42834e3c78758088b905deea975f28dc20ef6173e481f96e88afe7f" - -PSA storage save: type: ECC_KEY_PAIR(SECT_R1) 283-bit -depends_on:PSA_WANT_ECC_SECT_R1_283:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR -key_storage_save:0x0001:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECT_R1):283:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"004cecad915f6f3c9bbbd92d1eb101eda23f16c7dad60a57c87c7e1fd2b29b22f6d666ad":"505341004b455900000000000100000022711b0101000000000000000000000024000000004cecad915f6f3c9bbbd92d1eb101eda23f16c7dad60a57c87c7e1fd2b29b22f6d666ad" - -PSA storage save: type: ECC_KEY_PAIR(SECT_R1) 409-bit -depends_on:PSA_WANT_ECC_SECT_R1_409:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR -key_storage_save:0x0001:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECT_R1):409:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"00c22422d265721a3ae2b3b2baeb77bee50416e19877af97b5fc1c700a0a88916ecb9050135883accb5e64edc77a3703f4f67a64":"505341004b4559000000000001000000227199010100000000000000000000003400000000c22422d265721a3ae2b3b2baeb77bee50416e19877af97b5fc1c700a0a88916ecb9050135883accb5e64edc77a3703f4f67a64" - -PSA storage save: type: ECC_KEY_PAIR(SECT_R1) 571-bit -depends_on:PSA_WANT_ECC_SECT_R1_571:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR -key_storage_save:0x0001:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECT_R1):571:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"026ac1cdf92a13a1b8d282da9725847908745138f5c6706b52d164e3675fcfbf86fc3e6ab2de732193267db029dd35a0599a94a118f480231cfc6ccca2ebfc1d8f54176e0f5656a1":"505341004b455900000000000100000022713b0201000000000000000000000048000000026ac1cdf92a13a1b8d282da9725847908745138f5c6706b52d164e3675fcfbf86fc3e6ab2de732193267db029dd35a0599a94a118f480231cfc6ccca2ebfc1d8f54176e0f5656a1" - -PSA storage save: type: ECC_KEY_PAIR(SECT_R2) 163-bit -depends_on:PSA_WANT_ECC_SECT_R2_163:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR -key_storage_save:0x0001:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECT_R2):163:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"0210b482a458b4822d0cb21daa96819a67c8062d34":"505341004b45590000000000010000002b71a300010000000000000000000000150000000210b482a458b4822d0cb21daa96819a67c8062d34" - -PSA storage save: type: ECC_KEY_PAIR(TWISTED_EDWARDS) 255-bit -depends_on:PSA_WANT_ECC_TWISTED_EDWARDS_255:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR -key_storage_save:0x0001:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_TWISTED_EDWARDS):255:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"9d61b19deffd5a60ba844af492ec2cc44449c5697b326919703bac031cae7f60":"505341004b45590000000000010000004271ff00010000000000000000000000200000009d61b19deffd5a60ba844af492ec2cc44449c5697b326919703bac031cae7f60" - -PSA storage save: type: ECC_KEY_PAIR(TWISTED_EDWARDS) 448-bit -depends_on:PSA_WANT_ECC_TWISTED_EDWARDS_448:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR -key_storage_save:0x0001:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_TWISTED_EDWARDS):448:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"6c82a562cb808d10d632be89c8513ebf6c929f34ddfa8c9f63c9960ef6e348a3528c8a3fcc2f044e39a3fc5b94492f8f032e7549a20098f95b":"505341004b45590000000000010000004271c001010000000000000000000000390000006c82a562cb808d10d632be89c8513ebf6c929f34ddfa8c9f63c9960ef6e348a3528c8a3fcc2f044e39a3fc5b94492f8f032e7549a20098f95b" - -PSA storage save: type: ECC_PUBLIC_KEY(BRAINPOOL_P_R1) 160-bit -depends_on:PSA_WANT_ECC_BRAINPOOL_P_R1_160:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY -key_storage_save:0x0001:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_BRAINPOOL_P_R1):160:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"04d4b9186816358e2f9c59cf70748cb70641b22fbab65473db4b4e22a361ed7e3de7e8a8ddc4130c5c":"505341004b45590000000000010000003041a0000100000000000000000000002900000004d4b9186816358e2f9c59cf70748cb70641b22fbab65473db4b4e22a361ed7e3de7e8a8ddc4130c5c" - -PSA storage save: type: ECC_PUBLIC_KEY(BRAINPOOL_P_R1) 192-bit -depends_on:PSA_WANT_ECC_BRAINPOOL_P_R1_192:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY -key_storage_save:0x0001:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_BRAINPOOL_P_R1):192:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"043fdd168c179ff5363dd71dcd58de9617caad791ae0c37328be9ca0bfc79cebabf6a95d1c52df5b5f3c8b1a2441cf6c88":"505341004b45590000000000010000003041c00001000000000000000000000031000000043fdd168c179ff5363dd71dcd58de9617caad791ae0c37328be9ca0bfc79cebabf6a95d1c52df5b5f3c8b1a2441cf6c88" - -PSA storage save: type: ECC_PUBLIC_KEY(BRAINPOOL_P_R1) 224-bit -depends_on:PSA_WANT_ECC_BRAINPOOL_P_R1_224:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY -key_storage_save:0x0001:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_BRAINPOOL_P_R1):224:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"045fbea378fc8583b3837e3f21a457c31eaf20a54e18eb11d104b3adc47f9d1c97eb9ea4ac21740d70d88514b98bf0bc31addac1d19c4ab3cc":"505341004b45590000000000010000003041e00001000000000000000000000039000000045fbea378fc8583b3837e3f21a457c31eaf20a54e18eb11d104b3adc47f9d1c97eb9ea4ac21740d70d88514b98bf0bc31addac1d19c4ab3cc" - -PSA storage save: type: ECC_PUBLIC_KEY(BRAINPOOL_P_R1) 256-bit -depends_on:PSA_WANT_ECC_BRAINPOOL_P_R1_256:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY -key_storage_save:0x0001:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_BRAINPOOL_P_R1):256:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"04768c8cae4abca6306db0ed81b0c4a6215c378066ec6d616c146e13f1c7df809b96ab6911c27d8a02339f0926840e55236d3d1efbe2669d090e4c4c660fada91d":"505341004b4559000000000001000000304100010100000000000000000000004100000004768c8cae4abca6306db0ed81b0c4a6215c378066ec6d616c146e13f1c7df809b96ab6911c27d8a02339f0926840e55236d3d1efbe2669d090e4c4c660fada91d" - -PSA storage save: type: ECC_PUBLIC_KEY(BRAINPOOL_P_R1) 320-bit -depends_on:PSA_WANT_ECC_BRAINPOOL_P_R1_320:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY -key_storage_save:0x0001:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_BRAINPOOL_P_R1):320:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"049caed8fb4742956cc2ad12a9a1c995e21759ef26a07bc2054136d3d2f28bb331a70e26c4c687275ab1f434be7871e115d2350c0c5f61d4d06d2bcdb67f5cb63fdb794e5947c87dc6849a58694e37e6cd":"505341004b45590000000000010000003041400101000000000000000000000051000000049caed8fb4742956cc2ad12a9a1c995e21759ef26a07bc2054136d3d2f28bb331a70e26c4c687275ab1f434be7871e115d2350c0c5f61d4d06d2bcdb67f5cb63fdb794e5947c87dc6849a58694e37e6cd" - -PSA storage save: type: ECC_PUBLIC_KEY(BRAINPOOL_P_R1) 384-bit -depends_on:PSA_WANT_ECC_BRAINPOOL_P_R1_384:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY -key_storage_save:0x0001:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_BRAINPOOL_P_R1):384:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"04719f9d093a627e0d350385c661cebf00c61923566fe9006a3107af1d871bc6bb68985fd722ea32be316f8e783b7cd1957785f66cfc0cb195dd5c99a8e7abaa848553a584dfd2b48e76d445fe00dd8be59096d877d4696d23b4bc8db14724e66a":"505341004b4559000000000001000000304180010100000000000000000000006100000004719f9d093a627e0d350385c661cebf00c61923566fe9006a3107af1d871bc6bb68985fd722ea32be316f8e783b7cd1957785f66cfc0cb195dd5c99a8e7abaa848553a584dfd2b48e76d445fe00dd8be59096d877d4696d23b4bc8db14724e66a" - -PSA storage save: type: ECC_PUBLIC_KEY(BRAINPOOL_P_R1) 512-bit -depends_on:PSA_WANT_ECC_BRAINPOOL_P_R1_512:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY -key_storage_save:0x0001:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_BRAINPOOL_P_R1):512:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"0438b7ec92b61c5c6c7fbc28a4ec759d48fcd4e2e374defd5c4968a54dbef7510e517886fbfc38ea39aa529359d70a7156c35d3cbac7ce776bdb251dd64bce71234424ee7049eed072f0dbc4d79996e175d557e263763ae97095c081e73e7db2e38adc3d4c9a0487b1ede876dc1fca61c902e9a1d8722b8612928f18a24845591a":"505341004b455900000000000100000030410002010000000000000000000000810000000438b7ec92b61c5c6c7fbc28a4ec759d48fcd4e2e374defd5c4968a54dbef7510e517886fbfc38ea39aa529359d70a7156c35d3cbac7ce776bdb251dd64bce71234424ee7049eed072f0dbc4d79996e175d557e263763ae97095c081e73e7db2e38adc3d4c9a0487b1ede876dc1fca61c902e9a1d8722b8612928f18a24845591a" - -PSA storage save: type: ECC_PUBLIC_KEY(MONTGOMERY) 255-bit -depends_on:PSA_WANT_ECC_MONTGOMERY_255:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY -key_storage_save:0x0001:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_MONTGOMERY):255:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"8520f0098930a754748b7ddcb43ef75a0dbf3a0d26381af4eba4a98eaa9b4e6a":"505341004b45590000000000010000004141ff00010000000000000000000000200000008520f0098930a754748b7ddcb43ef75a0dbf3a0d26381af4eba4a98eaa9b4e6a" - -PSA storage save: type: ECC_PUBLIC_KEY(MONTGOMERY) 448-bit -depends_on:PSA_WANT_ECC_MONTGOMERY_448:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY -key_storage_save:0x0001:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_MONTGOMERY):448:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"c0d3a5a2b416a573dc9909f92f134ac01323ab8f8e36804e578588ba2d09fe7c3e737f771ca112825b548a0ffded6d6a2fd09a3e77dec30e":"505341004b45590000000000010000004141c00101000000000000000000000038000000c0d3a5a2b416a573dc9909f92f134ac01323ab8f8e36804e578588ba2d09fe7c3e737f771ca112825b548a0ffded6d6a2fd09a3e77dec30e" - -PSA storage save: type: ECC_PUBLIC_KEY(SECP_K1) 192-bit -depends_on:PSA_WANT_ECC_SECP_K1_192:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY -key_storage_save:0x0001:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_K1):192:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"0426b7bb38da649ac2138fc050c6548b32553dab68afebc36105d325b75538c12323cb0764789ecb992671beb2b6bef2f5":"505341004b45590000000000010000001741c000010000000000000000000000310000000426b7bb38da649ac2138fc050c6548b32553dab68afebc36105d325b75538c12323cb0764789ecb992671beb2b6bef2f5" - -PSA storage save: type: ECC_PUBLIC_KEY(SECP_K1) 224-bit -depends_on:PSA_WANT_ECC_SECP_K1_224:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY -key_storage_save:0x0001:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_K1):224:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"042cc7335f4b76042bed44ef45959a62aa215f7a5ff0c8111b8c44ed654ee71c1918326ad485b2d599fe2a6eab096ee26d977334d2bac6d61d":"505341004b45590000000000010000001741e00001000000000000000000000039000000042cc7335f4b76042bed44ef45959a62aa215f7a5ff0c8111b8c44ed654ee71c1918326ad485b2d599fe2a6eab096ee26d977334d2bac6d61d" - -PSA storage save: type: ECC_PUBLIC_KEY(SECP_K1) 256-bit -depends_on:PSA_WANT_ECC_SECP_K1_256:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY -key_storage_save:0x0001:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_K1):256:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"045c39154579efd667adc73a81015a797d2c8682cdfbd3c3553c4a185d481cdc50e42a0e1cbc3ca29a32a645e927f54beaed14c9dbbf8279d725f5495ca924b24d":"505341004b45590000000000010000001741000101000000000000000000000041000000045c39154579efd667adc73a81015a797d2c8682cdfbd3c3553c4a185d481cdc50e42a0e1cbc3ca29a32a645e927f54beaed14c9dbbf8279d725f5495ca924b24d" - -PSA storage save: type: ECC_PUBLIC_KEY(SECP_R1) 225-bit -depends_on:PSA_WANT_ECC_SECP_R1_225:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY -key_storage_save:0x0001:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1):225:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"046f00eadaa949fee3e9e1c7fa1247eecec86a0dce46418b9bd3117b981d4bd0ae7a990de912f9d060d6cb531a42d22e394ac29e81804bf160":"505341004b45590000000000010000001241e10001000000000000000000000039000000046f00eadaa949fee3e9e1c7fa1247eecec86a0dce46418b9bd3117b981d4bd0ae7a990de912f9d060d6cb531a42d22e394ac29e81804bf160" - -PSA storage save: type: ECC_PUBLIC_KEY(SECP_R1) 256-bit -depends_on:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY -key_storage_save:0x0001:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1):256:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"047772656f814b399279d5e1f1781fac6f099a3c5ca1b0e35351834b08b65e0b572590cdaf8f769361bcf34acfc11e5e074e8426bdde04be6e653945449617de45":"505341004b45590000000000010000001241000101000000000000000000000041000000047772656f814b399279d5e1f1781fac6f099a3c5ca1b0e35351834b08b65e0b572590cdaf8f769361bcf34acfc11e5e074e8426bdde04be6e653945449617de45" - -PSA storage save: type: ECC_PUBLIC_KEY(SECP_R1) 384-bit -depends_on:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY -key_storage_save:0x0001:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1):384:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"04d9c662b50ba29ca47990450e043aeaf4f0c69b15676d112f622a71c93059af999691c5680d2b44d111579db12f4a413a2ed5c45fcfb67b5b63e00b91ebe59d09a6b1ac2c0c4282aa12317ed5914f999bc488bb132e8342cc36f2ca5e3379c747":"505341004b4559000000000001000000124180010100000000000000000000006100000004d9c662b50ba29ca47990450e043aeaf4f0c69b15676d112f622a71c93059af999691c5680d2b44d111579db12f4a413a2ed5c45fcfb67b5b63e00b91ebe59d09a6b1ac2c0c4282aa12317ed5914f999bc488bb132e8342cc36f2ca5e3379c747" - -PSA storage save: type: ECC_PUBLIC_KEY(SECP_R1) 521-bit -depends_on:PSA_WANT_ECC_SECP_R1_521:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY -key_storage_save:0x0001:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1):521:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"04001de142d54f69eb038ee4b7af9d3ca07736fd9cf719eb354d69879ee7f3c136fb0fbf9f08f86be5fa128ec1a051d3e6c643e85ada8ffacf3663c260bd2c844b6f5600cee8e48a9e65d09cadd89f235dee05f3b8a646be715f1f67d5b434e0ff23a1fc07ef7740193e40eeff6f3bcdfd765aa9155033524fe4f205f5444e292c4c2f6ac1":"505341004b4559000000000001000000124109020100000000000000000000008500000004001de142d54f69eb038ee4b7af9d3ca07736fd9cf719eb354d69879ee7f3c136fb0fbf9f08f86be5fa128ec1a051d3e6c643e85ada8ffacf3663c260bd2c844b6f5600cee8e48a9e65d09cadd89f235dee05f3b8a646be715f1f67d5b434e0ff23a1fc07ef7740193e40eeff6f3bcdfd765aa9155033524fe4f205f5444e292c4c2f6ac1" - -PSA storage save: type: ECC_PUBLIC_KEY(SECP_R2) 160-bit -depends_on:PSA_WANT_ECC_SECP_R2_160:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY -key_storage_save:0x0001:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R2):160:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"049570d541398665adb5cfa16f5af73b3196926bbd4b876bdb80f8eab20d0f540c22f4de9c140f6d7b":"505341004b45590000000000010000001b41a00001000000000000000000000029000000049570d541398665adb5cfa16f5af73b3196926bbd4b876bdb80f8eab20d0f540c22f4de9c140f6d7b" - -PSA storage save: type: ECC_PUBLIC_KEY(SECT_K1) 163-bit -depends_on:PSA_WANT_ECC_SECT_K1_163:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY -key_storage_save:0x0001:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECT_K1):163:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"0406f88f90b4b65950f06ce433afdb097e320f433dc2062b8a65db8fafd3c110f46bc45663fbf021ee7eb9":"505341004b45590000000000010000002741a3000100000000000000000000002b0000000406f88f90b4b65950f06ce433afdb097e320f433dc2062b8a65db8fafd3c110f46bc45663fbf021ee7eb9" - -PSA storage save: type: ECC_PUBLIC_KEY(SECT_K1) 233-bit -depends_on:PSA_WANT_ECC_SECT_K1_233:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY -key_storage_save:0x0001:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECT_K1):233:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"0401e9d7189189f773bd8f71be2c10774ba18842434dfa9312595ea545104400f45a9d5675647513ba75b079fe66a29daac2ec86a6a5d4e75c5f290c1f":"505341004b45590000000000010000002741e9000100000000000000000000003d0000000401e9d7189189f773bd8f71be2c10774ba18842434dfa9312595ea545104400f45a9d5675647513ba75b079fe66a29daac2ec86a6a5d4e75c5f290c1f" - -PSA storage save: type: ECC_PUBLIC_KEY(SECT_K1) 239-bit -depends_on:PSA_WANT_ECC_SECT_K1_239:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY -key_storage_save:0x0001:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECT_K1):239:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"04068d76b9f4508762c2379db9ee8b87ad8d86d9535132ffba3b5680440cfa28eb133d4232faf1c9aba96af11aefe634a551440800d5f8185105d3072d":"505341004b45590000000000010000002741ef000100000000000000000000003d00000004068d76b9f4508762c2379db9ee8b87ad8d86d9535132ffba3b5680440cfa28eb133d4232faf1c9aba96af11aefe634a551440800d5f8185105d3072d" - -PSA storage save: type: ECC_PUBLIC_KEY(SECT_K1) 283-bit -depends_on:PSA_WANT_ECC_SECT_K1_283:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY -key_storage_save:0x0001:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECT_K1):283:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"0405f48374debceaadb46ba385fd92048fcc5b9af1a1c90408bf94a68b9378df1cbfdfb6fb026a96bea06d8f181bf10c020adbcc88b6ecff96bdc564a9649c247cede601c4be63afc3":"505341004b455900000000000100000027411b01010000000000000000000000490000000405f48374debceaadb46ba385fd92048fcc5b9af1a1c90408bf94a68b9378df1cbfdfb6fb026a96bea06d8f181bf10c020adbcc88b6ecff96bdc564a9649c247cede601c4be63afc3" - -PSA storage save: type: ECC_PUBLIC_KEY(SECT_K1) 409-bit -depends_on:PSA_WANT_ECC_SECT_K1_409:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY -key_storage_save:0x0001:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECT_K1):409:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"04012c587f69f68b308ba6dcb238797f4e22290ca939ae806604e2b5ab4d9caef5a74a98fd87c4f88d292dd39d92e556e16c6ecc3c019a105826eef507cd9a04119f54d5d850b3720b3792d5d03410e9105610f7e4b420166ed45604a7a1f229d80975ba6be2060e8b":"505341004b4559000000000001000000274199010100000000000000000000006900000004012c587f69f68b308ba6dcb238797f4e22290ca939ae806604e2b5ab4d9caef5a74a98fd87c4f88d292dd39d92e556e16c6ecc3c019a105826eef507cd9a04119f54d5d850b3720b3792d5d03410e9105610f7e4b420166ed45604a7a1f229d80975ba6be2060e8b" - -PSA storage save: type: ECC_PUBLIC_KEY(SECT_K1) 571-bit -depends_on:PSA_WANT_ECC_SECT_K1_571:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY -key_storage_save:0x0001:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECT_K1):571:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"04050172a7fd7adf98e4e2ed2742faa5cd12731a15fb0dbbdf75b1c3cc771a4369af6f2fa00e802735650881735759ea9c79961ded18e0daa0ac59afb1d513b5bbda9962e435f454fc020b4afe1445c2302ada07d295ec2580f8849b2dfa7f956b09b4cbe4c88d3b1c217049f75d3900d36df0fa12689256b58dd2ef784ebbeb0564600cf47a841485f8cf897a68accd5a":"505341004b455900000000000100000027413b020100000000000000000000009100000004050172a7fd7adf98e4e2ed2742faa5cd12731a15fb0dbbdf75b1c3cc771a4369af6f2fa00e802735650881735759ea9c79961ded18e0daa0ac59afb1d513b5bbda9962e435f454fc020b4afe1445c2302ada07d295ec2580f8849b2dfa7f956b09b4cbe4c88d3b1c217049f75d3900d36df0fa12689256b58dd2ef784ebbeb0564600cf47a841485f8cf897a68accd5a" - -PSA storage save: type: ECC_PUBLIC_KEY(SECT_R1) 163-bit -depends_on:PSA_WANT_ECC_SECT_R1_163:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY -key_storage_save:0x0001:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECT_R1):163:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"0400465eeb9e7258b11e33c02266bfe834b20bcb118700772796ee4704ec67651bd447e3011959a79a04cb":"505341004b45590000000000010000002241a3000100000000000000000000002b0000000400465eeb9e7258b11e33c02266bfe834b20bcb118700772796ee4704ec67651bd447e3011959a79a04cb" - -PSA storage save: type: ECC_PUBLIC_KEY(SECT_R1) 233-bit -depends_on:PSA_WANT_ECC_SECT_R1_233:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY -key_storage_save:0x0001:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECT_R1):233:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"0400cd68c8af4430c92ec7a7048becfdf00a6bae8d1b4c37286f2d336f2a0e017eca3748f4ad6d435c85867aa014eea1bd6d9d005bbd8319cab629001d":"505341004b45590000000000010000002241e9000100000000000000000000003d0000000400cd68c8af4430c92ec7a7048becfdf00a6bae8d1b4c37286f2d336f2a0e017eca3748f4ad6d435c85867aa014eea1bd6d9d005bbd8319cab629001d" - -PSA storage save: type: ECC_PUBLIC_KEY(SECT_R1) 283-bit -depends_on:PSA_WANT_ECC_SECT_R1_283:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY -key_storage_save:0x0001:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECT_R1):283:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"04052f9ff887254c2d1440ba9e30f13e2185ba53c373b2c410dae21cf8c167f796c08134f601cbc4c570bffbc2433082cf4d9eb5ba173ecb8caec15d66a02673f60807b2daa729b765":"505341004b455900000000000100000022411b010100000000000000000000004900000004052f9ff887254c2d1440ba9e30f13e2185ba53c373b2c410dae21cf8c167f796c08134f601cbc4c570bffbc2433082cf4d9eb5ba173ecb8caec15d66a02673f60807b2daa729b765" - -PSA storage save: type: ECC_PUBLIC_KEY(SECT_R1) 409-bit -depends_on:PSA_WANT_ECC_SECT_R1_409:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY -key_storage_save:0x0001:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECT_R1):409:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"0401aa25466b1d291846db365957b25431591e50d9c109fe2106e93bb369775896925b15a7bfec397406ab4fe6f6b1a13bf8fdcb9300fa5500a813228676b0a6c572ed96b0f4aec7e87832e7e20f17ca98ecdfd36f59c82bddb8665f1f357a73900e827885ec9e1f22":"505341004b455900000000000100000022419901010000000000000000000000690000000401aa25466b1d291846db365957b25431591e50d9c109fe2106e93bb369775896925b15a7bfec397406ab4fe6f6b1a13bf8fdcb9300fa5500a813228676b0a6c572ed96b0f4aec7e87832e7e20f17ca98ecdfd36f59c82bddb8665f1f357a73900e827885ec9e1f22" - -PSA storage save: type: ECC_PUBLIC_KEY(SECT_R1) 571-bit -depends_on:PSA_WANT_ECC_SECT_R1_571:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY -key_storage_save:0x0001:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECT_R1):571:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"040708f3403ee9948114855c17572152a08f8054d486defef5f29cbffcfb7cfd9280746a1ac5f751a6ad902ec1e0525120e9be56f03437af196fbe60ee7856e3542ab2cf87880632d80290e39b1a2bd03c6bbf6225511c567bd2ff41d2325dc58346f2b60b1feee4dc8b2af2296c2dc52b153e0556b5d24152b07f690c3fa24e4d1d19efbdeb1037833a733654d2366c74":"505341004b455900000000000100000022413b0201000000000000000000000091000000040708f3403ee9948114855c17572152a08f8054d486defef5f29cbffcfb7cfd9280746a1ac5f751a6ad902ec1e0525120e9be56f03437af196fbe60ee7856e3542ab2cf87880632d80290e39b1a2bd03c6bbf6225511c567bd2ff41d2325dc58346f2b60b1feee4dc8b2af2296c2dc52b153e0556b5d24152b07f690c3fa24e4d1d19efbdeb1037833a733654d2366c74" - -PSA storage save: type: ECC_PUBLIC_KEY(SECT_R2) 163-bit -depends_on:PSA_WANT_ECC_SECT_R2_163:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY -key_storage_save:0x0001:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECT_R2):163:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"0403692601144c32a6cfa369ae20ae5d43c1c764678c037bafe80c6fd2e42b7ced96171d9c5367fd3dca6f":"505341004b45590000000000010000002b41a3000100000000000000000000002b0000000403692601144c32a6cfa369ae20ae5d43c1c764678c037bafe80c6fd2e42b7ced96171d9c5367fd3dca6f" - -PSA storage save: type: ECC_PUBLIC_KEY(TWISTED_EDWARDS) 255-bit -depends_on:PSA_WANT_ECC_TWISTED_EDWARDS_255:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY -key_storage_save:0x0001:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_TWISTED_EDWARDS):255:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"d75a980182b10ab7d54bfed3c964073a0ee172f3daa62325af021a68f707511a":"505341004b45590000000000010000004241ff0001000000000000000000000020000000d75a980182b10ab7d54bfed3c964073a0ee172f3daa62325af021a68f707511a" - -PSA storage save: type: ECC_PUBLIC_KEY(TWISTED_EDWARDS) 448-bit -depends_on:PSA_WANT_ECC_TWISTED_EDWARDS_448:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY -key_storage_save:0x0001:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_TWISTED_EDWARDS):448:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"5fd7449b59b461fd2ce787ec616ad46a1da1342485a70e1f8a0ea75d80e96778edf124769b46c7061bd6783df1e50f6cd1fa1abeafe8256180":"505341004b45590000000000010000004241c001010000000000000000000000390000005fd7449b59b461fd2ce787ec616ad46a1da1342485a70e1f8a0ea75d80e96778edf124769b46c7061bd6783df1e50f6cd1fa1abeafe8256180" - -PSA storage save: alg: PSA_ALG_ANY_HASH -depends_on:PSA_WANT_ALG_ANY_HASH:PSA_WANT_KEY_TYPE_RAW_DATA -key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_ANY_HASH:0x0000:"4b":"505341004b45590000000000010000000110080001000000ff00000200000000010000004b" - -PSA storage save: alg2: PSA_ALG_ANY_HASH -depends_on:PSA_WANT_ALG_ANY_HASH:PSA_WANT_KEY_TYPE_RAW_DATA -key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_ANY_HASH:"4c":"505341004b4559000000000001000000011008000100000000000000ff000002010000004c" - -PSA storage save: alg: PSA_ALG_CBC_MAC -depends_on:PSA_WANT_ALG_CBC_MAC:PSA_WANT_KEY_TYPE_RAW_DATA -key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_CBC_MAC:0x0000:"4b":"505341004b455900000000000100000001100800010000000001c00300000000010000004b" - -PSA storage save: alg2: PSA_ALG_CBC_MAC -depends_on:PSA_WANT_ALG_CBC_MAC:PSA_WANT_KEY_TYPE_RAW_DATA -key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_CBC_MAC:"4c":"505341004b45590000000000010000000110080001000000000000000001c003010000004c" - -PSA storage save: alg: PSA_ALG_CBC_NO_PADDING -depends_on:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_KEY_TYPE_RAW_DATA -key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_CBC_NO_PADDING:0x0000:"4b":"505341004b455900000000000100000001100800010000000040400400000000010000004b" - -PSA storage save: alg2: PSA_ALG_CBC_NO_PADDING -depends_on:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_KEY_TYPE_RAW_DATA -key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_CBC_NO_PADDING:"4c":"505341004b455900000000000100000001100800010000000000000000404004010000004c" - -PSA storage save: alg: PSA_ALG_CBC_PKCS7 -depends_on:PSA_WANT_ALG_CBC_PKCS7:PSA_WANT_KEY_TYPE_RAW_DATA -key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_CBC_PKCS7:0x0000:"4b":"505341004b455900000000000100000001100800010000000041400400000000010000004b" - -PSA storage save: alg2: PSA_ALG_CBC_PKCS7 -depends_on:PSA_WANT_ALG_CBC_PKCS7:PSA_WANT_KEY_TYPE_RAW_DATA -key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_CBC_PKCS7:"4c":"505341004b455900000000000100000001100800010000000000000000414004010000004c" - -PSA storage save: alg: PSA_ALG_CCM -depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_RAW_DATA -key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_CCM:0x0000:"4b":"505341004b455900000000000100000001100800010000000001500500000000010000004b" - -PSA storage save: alg2: PSA_ALG_CCM -depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_RAW_DATA -key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_CCM:"4c":"505341004b455900000000000100000001100800010000000000000000015005010000004c" - -PSA storage save: alg: PSA_ALG_CFB -depends_on:PSA_WANT_ALG_CFB:PSA_WANT_KEY_TYPE_RAW_DATA -key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_CFB:0x0000:"4b":"505341004b455900000000000100000001100800010000000011c00400000000010000004b" - -PSA storage save: alg2: PSA_ALG_CFB -depends_on:PSA_WANT_ALG_CFB:PSA_WANT_KEY_TYPE_RAW_DATA -key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_CFB:"4c":"505341004b45590000000000010000000110080001000000000000000011c004010000004c" - -PSA storage save: alg: PSA_ALG_CHACHA20_POLY1305 -depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_RAW_DATA -key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_CHACHA20_POLY1305:0x0000:"4b":"505341004b455900000000000100000001100800010000000005100500000000010000004b" - -PSA storage save: alg2: PSA_ALG_CHACHA20_POLY1305 -depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_RAW_DATA -key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_CHACHA20_POLY1305:"4c":"505341004b455900000000000100000001100800010000000000000000051005010000004c" - -PSA storage save: alg: PSA_ALG_CMAC -depends_on:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_RAW_DATA -key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_CMAC:0x0000:"4b":"505341004b455900000000000100000001100800010000000002c00300000000010000004b" - -PSA storage save: alg2: PSA_ALG_CMAC -depends_on:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_RAW_DATA -key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_CMAC:"4c":"505341004b45590000000000010000000110080001000000000000000002c003010000004c" - -PSA storage save: alg: PSA_ALG_CTR -depends_on:PSA_WANT_ALG_CTR:PSA_WANT_KEY_TYPE_RAW_DATA -key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_CTR:0x0000:"4b":"505341004b455900000000000100000001100800010000000010c00400000000010000004b" - -PSA storage save: alg2: PSA_ALG_CTR -depends_on:PSA_WANT_ALG_CTR:PSA_WANT_KEY_TYPE_RAW_DATA -key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_CTR:"4c":"505341004b45590000000000010000000110080001000000000000000010c004010000004c" - -PSA storage save: alg: PSA_ALG_ECB_NO_PADDING -depends_on:PSA_WANT_ALG_ECB_NO_PADDING:PSA_WANT_KEY_TYPE_RAW_DATA -key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_ECB_NO_PADDING:0x0000:"4b":"505341004b455900000000000100000001100800010000000044400400000000010000004b" - -PSA storage save: alg2: PSA_ALG_ECB_NO_PADDING -depends_on:PSA_WANT_ALG_ECB_NO_PADDING:PSA_WANT_KEY_TYPE_RAW_DATA -key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_ECB_NO_PADDING:"4c":"505341004b455900000000000100000001100800010000000000000000444004010000004c" - -PSA storage save: alg: PSA_ALG_ECDH -depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_KEY_TYPE_RAW_DATA -key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_ECDH:0x0000:"4b":"505341004b455900000000000100000001100800010000000000020900000000010000004b" - -PSA storage save: alg2: PSA_ALG_ECDH -depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_KEY_TYPE_RAW_DATA -key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_ECDH:"4c":"505341004b455900000000000100000001100800010000000000000000000209010000004c" - -PSA storage save: alg: PSA_ALG_ECDSA_ANY -depends_on:PSA_WANT_ALG_ECDSA_ANY:PSA_WANT_KEY_TYPE_RAW_DATA -key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_ECDSA_ANY:0x0000:"4b":"505341004b455900000000000100000001100800010000000006000600000000010000004b" - -PSA storage save: alg2: PSA_ALG_ECDSA_ANY -depends_on:PSA_WANT_ALG_ECDSA_ANY:PSA_WANT_KEY_TYPE_RAW_DATA -key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_ECDSA_ANY:"4c":"505341004b455900000000000100000001100800010000000000000000060006010000004c" - -PSA storage save: alg: PSA_ALG_ED25519PH -depends_on:PSA_WANT_ALG_ED25519PH:PSA_WANT_KEY_TYPE_RAW_DATA -key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_ED25519PH:0x0000:"4b":"505341004b455900000000000100000001100800010000000b09000600000000010000004b" - -PSA storage save: alg2: PSA_ALG_ED25519PH -depends_on:PSA_WANT_ALG_ED25519PH:PSA_WANT_KEY_TYPE_RAW_DATA -key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_ED25519PH:"4c":"505341004b45590000000000010000000110080001000000000000000b090006010000004c" - -PSA storage save: alg: PSA_ALG_ED448PH -depends_on:PSA_WANT_ALG_ED448PH:PSA_WANT_KEY_TYPE_RAW_DATA -key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_ED448PH:0x0000:"4b":"505341004b455900000000000100000001100800010000001509000600000000010000004b" - -PSA storage save: alg2: PSA_ALG_ED448PH -depends_on:PSA_WANT_ALG_ED448PH:PSA_WANT_KEY_TYPE_RAW_DATA -key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_ED448PH:"4c":"505341004b455900000000000100000001100800010000000000000015090006010000004c" - -PSA storage save: alg: PSA_ALG_FFDH -depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_RAW_DATA -key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_FFDH:0x0000:"4b":"505341004b455900000000000100000001100800010000000000010900000000010000004b" - -PSA storage save: alg2: PSA_ALG_FFDH -depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_RAW_DATA -key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_FFDH:"4c":"505341004b455900000000000100000001100800010000000000000000000109010000004c" - -PSA storage save: alg: PSA_ALG_GCM -depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_RAW_DATA -key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_GCM:0x0000:"4b":"505341004b455900000000000100000001100800010000000002500500000000010000004b" - -PSA storage save: alg2: PSA_ALG_GCM -depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_RAW_DATA -key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_GCM:"4c":"505341004b455900000000000100000001100800010000000000000000025005010000004c" - -PSA storage save: alg: PSA_ALG_MD2 -depends_on:PSA_WANT_ALG_MD2:PSA_WANT_KEY_TYPE_RAW_DATA -key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_MD2:0x0000:"4b":"505341004b455900000000000100000001100800010000000100000200000000010000004b" - -PSA storage save: alg2: PSA_ALG_MD2 -depends_on:PSA_WANT_ALG_MD2:PSA_WANT_KEY_TYPE_RAW_DATA -key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_MD2:"4c":"505341004b455900000000000100000001100800010000000000000001000002010000004c" - -PSA storage save: alg: PSA_ALG_MD4 -depends_on:PSA_WANT_ALG_MD4:PSA_WANT_KEY_TYPE_RAW_DATA -key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_MD4:0x0000:"4b":"505341004b455900000000000100000001100800010000000200000200000000010000004b" - -PSA storage save: alg2: PSA_ALG_MD4 -depends_on:PSA_WANT_ALG_MD4:PSA_WANT_KEY_TYPE_RAW_DATA -key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_MD4:"4c":"505341004b455900000000000100000001100800010000000000000002000002010000004c" - -PSA storage save: alg: PSA_ALG_MD5 -depends_on:PSA_WANT_ALG_MD5:PSA_WANT_KEY_TYPE_RAW_DATA -key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_MD5:0x0000:"4b":"505341004b455900000000000100000001100800010000000300000200000000010000004b" - -PSA storage save: alg2: PSA_ALG_MD5 -depends_on:PSA_WANT_ALG_MD5:PSA_WANT_KEY_TYPE_RAW_DATA -key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_MD5:"4c":"505341004b455900000000000100000001100800010000000000000003000002010000004c" - -PSA storage save: alg: PSA_ALG_OFB -depends_on:PSA_WANT_ALG_OFB:PSA_WANT_KEY_TYPE_RAW_DATA -key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_OFB:0x0000:"4b":"505341004b455900000000000100000001100800010000000012c00400000000010000004b" - -PSA storage save: alg2: PSA_ALG_OFB -depends_on:PSA_WANT_ALG_OFB:PSA_WANT_KEY_TYPE_RAW_DATA -key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_OFB:"4c":"505341004b45590000000000010000000110080001000000000000000012c004010000004c" - -PSA storage save: alg: PSA_ALG_PBKDF2_AES_CMAC_PRF_128 -depends_on:PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_WANT_KEY_TYPE_RAW_DATA -key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_PBKDF2_AES_CMAC_PRF_128:0x0000:"4b":"505341004b455900000000000100000001100800010000000002800800000000010000004b" - -PSA storage save: alg2: PSA_ALG_PBKDF2_AES_CMAC_PRF_128 -depends_on:PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_WANT_KEY_TYPE_RAW_DATA -key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_PBKDF2_AES_CMAC_PRF_128:"4c":"505341004b455900000000000100000001100800010000000000000000028008010000004c" - -PSA storage save: alg: PSA_ALG_PURE_EDDSA -depends_on:PSA_WANT_ALG_PURE_EDDSA:PSA_WANT_KEY_TYPE_RAW_DATA -key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_PURE_EDDSA:0x0000:"4b":"505341004b455900000000000100000001100800010000000008000600000000010000004b" - -PSA storage save: alg2: PSA_ALG_PURE_EDDSA -depends_on:PSA_WANT_ALG_PURE_EDDSA:PSA_WANT_KEY_TYPE_RAW_DATA -key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_PURE_EDDSA:"4c":"505341004b455900000000000100000001100800010000000000000000080006010000004c" - -PSA storage save: alg: PSA_ALG_RIPEMD160 -depends_on:PSA_WANT_ALG_RIPEMD160:PSA_WANT_KEY_TYPE_RAW_DATA -key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_RIPEMD160:0x0000:"4b":"505341004b455900000000000100000001100800010000000400000200000000010000004b" - -PSA storage save: alg2: PSA_ALG_RIPEMD160 -depends_on:PSA_WANT_ALG_RIPEMD160:PSA_WANT_KEY_TYPE_RAW_DATA -key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_RIPEMD160:"4c":"505341004b455900000000000100000001100800010000000000000004000002010000004c" - -PSA storage save: alg: PSA_ALG_RSA_PKCS1V15_CRYPT -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_CRYPT:PSA_WANT_KEY_TYPE_RAW_DATA -key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_CRYPT:0x0000:"4b":"505341004b455900000000000100000001100800010000000002000700000000010000004b" - -PSA storage save: alg2: PSA_ALG_RSA_PKCS1V15_CRYPT -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_CRYPT:PSA_WANT_KEY_TYPE_RAW_DATA -key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_RSA_PKCS1V15_CRYPT:"4c":"505341004b455900000000000100000001100800010000000000000000020007010000004c" - -PSA storage save: alg: PSA_ALG_RSA_PKCS1V15_SIGN_RAW -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_WANT_KEY_TYPE_RAW_DATA -key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:0x0000:"4b":"505341004b455900000000000100000001100800010000000002000600000000010000004b" - -PSA storage save: alg2: PSA_ALG_RSA_PKCS1V15_SIGN_RAW -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_WANT_KEY_TYPE_RAW_DATA -key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:"4c":"505341004b455900000000000100000001100800010000000000000000020006010000004c" - -PSA storage save: alg: PSA_ALG_SHA3_224 -depends_on:PSA_WANT_ALG_SHA3_224:PSA_WANT_KEY_TYPE_RAW_DATA -key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_SHA3_224:0x0000:"4b":"505341004b455900000000000100000001100800010000001000000200000000010000004b" - -PSA storage save: alg2: PSA_ALG_SHA3_224 -depends_on:PSA_WANT_ALG_SHA3_224:PSA_WANT_KEY_TYPE_RAW_DATA -key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_SHA3_224:"4c":"505341004b455900000000000100000001100800010000000000000010000002010000004c" - -PSA storage save: alg: PSA_ALG_SHA3_256 -depends_on:PSA_WANT_ALG_SHA3_256:PSA_WANT_KEY_TYPE_RAW_DATA -key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_SHA3_256:0x0000:"4b":"505341004b455900000000000100000001100800010000001100000200000000010000004b" - -PSA storage save: alg2: PSA_ALG_SHA3_256 -depends_on:PSA_WANT_ALG_SHA3_256:PSA_WANT_KEY_TYPE_RAW_DATA -key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_SHA3_256:"4c":"505341004b455900000000000100000001100800010000000000000011000002010000004c" - -PSA storage save: alg: PSA_ALG_SHA3_384 -depends_on:PSA_WANT_ALG_SHA3_384:PSA_WANT_KEY_TYPE_RAW_DATA -key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_SHA3_384:0x0000:"4b":"505341004b455900000000000100000001100800010000001200000200000000010000004b" - -PSA storage save: alg2: PSA_ALG_SHA3_384 -depends_on:PSA_WANT_ALG_SHA3_384:PSA_WANT_KEY_TYPE_RAW_DATA -key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_SHA3_384:"4c":"505341004b455900000000000100000001100800010000000000000012000002010000004c" - -PSA storage save: alg: PSA_ALG_SHA3_512 -depends_on:PSA_WANT_ALG_SHA3_512:PSA_WANT_KEY_TYPE_RAW_DATA -key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_SHA3_512:0x0000:"4b":"505341004b455900000000000100000001100800010000001300000200000000010000004b" - -PSA storage save: alg2: PSA_ALG_SHA3_512 -depends_on:PSA_WANT_ALG_SHA3_512:PSA_WANT_KEY_TYPE_RAW_DATA -key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_SHA3_512:"4c":"505341004b455900000000000100000001100800010000000000000013000002010000004c" - -PSA storage save: alg: PSA_ALG_SHAKE256_512 -depends_on:PSA_WANT_ALG_SHAKE256_512:PSA_WANT_KEY_TYPE_RAW_DATA -key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_SHAKE256_512:0x0000:"4b":"505341004b455900000000000100000001100800010000001500000200000000010000004b" - -PSA storage save: alg2: PSA_ALG_SHAKE256_512 -depends_on:PSA_WANT_ALG_SHAKE256_512:PSA_WANT_KEY_TYPE_RAW_DATA -key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_SHAKE256_512:"4c":"505341004b455900000000000100000001100800010000000000000015000002010000004c" - -PSA storage save: alg: PSA_ALG_SHA_1 -depends_on:PSA_WANT_ALG_SHA_1:PSA_WANT_KEY_TYPE_RAW_DATA -key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_SHA_1:0x0000:"4b":"505341004b455900000000000100000001100800010000000500000200000000010000004b" - -PSA storage save: alg2: PSA_ALG_SHA_1 -depends_on:PSA_WANT_ALG_SHA_1:PSA_WANT_KEY_TYPE_RAW_DATA -key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_SHA_1:"4c":"505341004b455900000000000100000001100800010000000000000005000002010000004c" - -PSA storage save: alg: PSA_ALG_SHA_224 -depends_on:PSA_WANT_ALG_SHA_224:PSA_WANT_KEY_TYPE_RAW_DATA -key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_SHA_224:0x0000:"4b":"505341004b455900000000000100000001100800010000000800000200000000010000004b" - -PSA storage save: alg2: PSA_ALG_SHA_224 -depends_on:PSA_WANT_ALG_SHA_224:PSA_WANT_KEY_TYPE_RAW_DATA -key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_SHA_224:"4c":"505341004b455900000000000100000001100800010000000000000008000002010000004c" - -PSA storage save: alg: PSA_ALG_SHA_256 -depends_on:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RAW_DATA -key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_SHA_256:0x0000:"4b":"505341004b455900000000000100000001100800010000000900000200000000010000004b" - -PSA storage save: alg2: PSA_ALG_SHA_256 -depends_on:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RAW_DATA -key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_SHA_256:"4c":"505341004b455900000000000100000001100800010000000000000009000002010000004c" - -PSA storage save: alg: PSA_ALG_SHA_384 -depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_RAW_DATA -key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_SHA_384:0x0000:"4b":"505341004b455900000000000100000001100800010000000a00000200000000010000004b" - -PSA storage save: alg2: PSA_ALG_SHA_384 -depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_RAW_DATA -key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_SHA_384:"4c":"505341004b45590000000000010000000110080001000000000000000a000002010000004c" - -PSA storage save: alg: PSA_ALG_SHA_512 -depends_on:PSA_WANT_ALG_SHA_512:PSA_WANT_KEY_TYPE_RAW_DATA -key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_SHA_512:0x0000:"4b":"505341004b455900000000000100000001100800010000000b00000200000000010000004b" - -PSA storage save: alg2: PSA_ALG_SHA_512 -depends_on:PSA_WANT_ALG_SHA_512:PSA_WANT_KEY_TYPE_RAW_DATA -key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_SHA_512:"4c":"505341004b45590000000000010000000110080001000000000000000b000002010000004c" - -PSA storage save: alg: PSA_ALG_SHA_512_224 -depends_on:PSA_WANT_ALG_SHA_512_224:PSA_WANT_KEY_TYPE_RAW_DATA -key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_SHA_512_224:0x0000:"4b":"505341004b455900000000000100000001100800010000000c00000200000000010000004b" - -PSA storage save: alg2: PSA_ALG_SHA_512_224 -depends_on:PSA_WANT_ALG_SHA_512_224:PSA_WANT_KEY_TYPE_RAW_DATA -key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_SHA_512_224:"4c":"505341004b45590000000000010000000110080001000000000000000c000002010000004c" - -PSA storage save: alg: PSA_ALG_SHA_512_256 -depends_on:PSA_WANT_ALG_SHA_512_256:PSA_WANT_KEY_TYPE_RAW_DATA -key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_SHA_512_256:0x0000:"4b":"505341004b455900000000000100000001100800010000000d00000200000000010000004b" - -PSA storage save: alg2: PSA_ALG_SHA_512_256 -depends_on:PSA_WANT_ALG_SHA_512_256:PSA_WANT_KEY_TYPE_RAW_DATA -key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_SHA_512_256:"4c":"505341004b45590000000000010000000110080001000000000000000d000002010000004c" - -PSA storage save: alg: PSA_ALG_STREAM_CIPHER -depends_on:PSA_WANT_ALG_STREAM_CIPHER:PSA_WANT_KEY_TYPE_RAW_DATA -key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_STREAM_CIPHER:0x0000:"4b":"505341004b455900000000000100000001100800010000000001800400000000010000004b" - -PSA storage save: alg2: PSA_ALG_STREAM_CIPHER -depends_on:PSA_WANT_ALG_STREAM_CIPHER:PSA_WANT_KEY_TYPE_RAW_DATA -key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_STREAM_CIPHER:"4c":"505341004b455900000000000100000001100800010000000000000000018004010000004c" - -PSA storage save: alg: PSA_ALG_XTS -depends_on:PSA_WANT_ALG_XTS:PSA_WANT_KEY_TYPE_RAW_DATA -key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_XTS:0x0000:"4b":"505341004b4559000000000001000000011008000100000000ff400400000000010000004b" - -PSA storage save: alg2: PSA_ALG_XTS -depends_on:PSA_WANT_ALG_XTS:PSA_WANT_KEY_TYPE_RAW_DATA -key_storage_save:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_XTS:"4c":"505341004b455900000000000100000001100800010000000000000000ff4004010000004c" - -# End of automatically generated file. diff --git a/tests/suites/test_suite_psa_crypto_storage_format.v0.data b/tests/suites/test_suite_psa_crypto_storage_format.v0.data deleted file mode 100644 index 82f55dd5da..0000000000 --- a/tests/suites/test_suite_psa_crypto_storage_format.v0.data +++ /dev/null @@ -1,775 +0,0 @@ -# Automatically generated by generate_psa_tests.py. Do not edit! - -PSA storage read: usage: 0 -depends_on:PSA_WANT_KEY_TYPE_RAW_DATA -key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:0:0x0000:0x0000:"4b":"505341004b455900000000000100000001100800000000000000000000000000010000004b":0 - -PSA storage read: usage: COPY -depends_on:PSA_WANT_KEY_TYPE_RAW_DATA -key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_COPY:0x0000:0x0000:"4b":"505341004b455900000000000100000001100800020000000000000000000000010000004b":0 - -PSA storage read: usage: DECRYPT -depends_on:PSA_WANT_KEY_TYPE_RAW_DATA -key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_DECRYPT:0x0000:0x0000:"4b":"505341004b455900000000000100000001100800000200000000000000000000010000004b":0 - -PSA storage read: usage: DERIVE -depends_on:PSA_WANT_KEY_TYPE_RAW_DATA -key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_DERIVE:0x0000:0x0000:"4b":"505341004b455900000000000100000001100800004000000000000000000000010000004b":0 - -PSA storage read: usage: ENCRYPT -depends_on:PSA_WANT_KEY_TYPE_RAW_DATA -key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_ENCRYPT:0x0000:0x0000:"4b":"505341004b455900000000000100000001100800000100000000000000000000010000004b":0 - -PSA storage read: usage: EXPORT -depends_on:PSA_WANT_KEY_TYPE_RAW_DATA -key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"4b":"505341004b455900000000000100000001100800010000000000000000000000010000004b":0 - -PSA storage read: usage: SIGN_HASH -depends_on:PSA_WANT_KEY_TYPE_RAW_DATA -key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_SIGN_HASH:0x0000:0x0000:"4b":"505341004b455900000000000100000001100800001000000000000000000000010000004b":0 - -PSA storage read: usage: VERIFY_DERIVATION -depends_on:PSA_WANT_KEY_TYPE_RAW_DATA -key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_VERIFY_DERIVATION:0x0000:0x0000:"4b":"505341004b455900000000000100000001100800008000000000000000000000010000004b":0 - -PSA storage read: usage: VERIFY_HASH -depends_on:PSA_WANT_KEY_TYPE_RAW_DATA -key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_VERIFY_HASH:0x0000:0x0000:"4b":"505341004b455900000000000100000001100800002000000000000000000000010000004b":0 - -PSA storage read: usage: COPY | DECRYPT -depends_on:PSA_WANT_KEY_TYPE_RAW_DATA -key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_DECRYPT:0x0000:0x0000:"4b":"505341004b455900000000000100000001100800020200000000000000000000010000004b":0 - -PSA storage read: usage: DECRYPT | DERIVE -depends_on:PSA_WANT_KEY_TYPE_RAW_DATA -key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_DERIVE:0x0000:0x0000:"4b":"505341004b455900000000000100000001100800004200000000000000000000010000004b":0 - -PSA storage read: usage: DERIVE | ENCRYPT -depends_on:PSA_WANT_KEY_TYPE_RAW_DATA -key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_DERIVE | PSA_KEY_USAGE_ENCRYPT:0x0000:0x0000:"4b":"505341004b455900000000000100000001100800004100000000000000000000010000004b":0 - -PSA storage read: usage: ENCRYPT | EXPORT -depends_on:PSA_WANT_KEY_TYPE_RAW_DATA -key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"4b":"505341004b455900000000000100000001100800010100000000000000000000010000004b":0 - -PSA storage read: usage: EXPORT | SIGN_HASH -depends_on:PSA_WANT_KEY_TYPE_RAW_DATA -key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH:0x0000:0x0000:"4b":"505341004b455900000000000100000001100800011000000000000000000000010000004b":0 - -PSA storage read: usage: SIGN_HASH | VERIFY_DERIVATION -depends_on:PSA_WANT_KEY_TYPE_RAW_DATA -key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_DERIVATION:0x0000:0x0000:"4b":"505341004b455900000000000100000001100800009000000000000000000000010000004b":0 - -PSA storage read: usage: VERIFY_DERIVATION | VERIFY_HASH -depends_on:PSA_WANT_KEY_TYPE_RAW_DATA -key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_VERIFY_DERIVATION | PSA_KEY_USAGE_VERIFY_HASH:0x0000:0x0000:"4b":"505341004b45590000000000010000000110080000a000000000000000000000010000004b":0 - -PSA storage read: usage: VERIFY_HASH | COPY -depends_on:PSA_WANT_KEY_TYPE_RAW_DATA -key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_COPY:0x0000:0x0000:"4b":"505341004b455900000000000100000001100800022000000000000000000000010000004b":0 - -PSA storage read: usage: all known -depends_on:PSA_WANT_KEY_TYPE_RAW_DATA -key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_DERIVE | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_DERIVATION | PSA_KEY_USAGE_VERIFY_HASH:0x0000:0x0000:"4b":"505341004b45590000000000010000000110080003f300000000000000000000010000004b":0 - -PSA storage read: type: AES 128-bit -depends_on:PSA_WANT_KEY_TYPE_AES -key_storage_read:0x0001:PSA_KEY_TYPE_AES:128:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"48657265006973206b6579a064617461":"505341004b4559000000000001000000002480000100000000000000000000001000000048657265006973206b6579a064617461":1 - -PSA storage read: type: AES 192-bit -depends_on:PSA_WANT_KEY_TYPE_AES -key_storage_read:0x0001:PSA_KEY_TYPE_AES:192:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"48657265006973206b6579a0646174614865726500697320":"505341004b45590000000000010000000024c0000100000000000000000000001800000048657265006973206b6579a0646174614865726500697320":1 - -PSA storage read: type: AES 256-bit -depends_on:PSA_WANT_KEY_TYPE_AES -key_storage_read:0x0001:PSA_KEY_TYPE_AES:256:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"48657265006973206b6579a06461746148657265006973206b6579a064617461":"505341004b4559000000000001000000002400010100000000000000000000002000000048657265006973206b6579a06461746148657265006973206b6579a064617461":1 - -PSA storage read: type: ARC4 8-bit -depends_on:PSA_WANT_KEY_TYPE_ARC4 -key_storage_read:0x0001:PSA_KEY_TYPE_ARC4:8:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"48":"505341004b4559000000000001000000022008000100000000000000000000000100000048":1 - -PSA storage read: type: ARC4 128-bit -depends_on:PSA_WANT_KEY_TYPE_ARC4 -key_storage_read:0x0001:PSA_KEY_TYPE_ARC4:128:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"48657265006973206b6579a064617461":"505341004b4559000000000001000000022080000100000000000000000000001000000048657265006973206b6579a064617461":1 - -PSA storage read: type: ARC4 2048-bit -depends_on:PSA_WANT_KEY_TYPE_ARC4 -key_storage_read:0x0001:PSA_KEY_TYPE_ARC4:2048:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"48657265006973206b6579a06461746148657265006973206b6579a06461746148657265006973206b6579a06461746148657265006973206b6579a06461746148657265006973206b6579a06461746148657265006973206b6579a06461746148657265006973206b6579a06461746148657265006973206b6579a06461746148657265006973206b6579a06461746148657265006973206b6579a06461746148657265006973206b6579a06461746148657265006973206b6579a06461746148657265006973206b6579a06461746148657265006973206b6579a06461746148657265006973206b6579a06461746148657265006973206b6579a064617461":"505341004b4559000000000001000000022000080100000000000000000000000001000048657265006973206b6579a06461746148657265006973206b6579a06461746148657265006973206b6579a06461746148657265006973206b6579a06461746148657265006973206b6579a06461746148657265006973206b6579a06461746148657265006973206b6579a06461746148657265006973206b6579a06461746148657265006973206b6579a06461746148657265006973206b6579a06461746148657265006973206b6579a06461746148657265006973206b6579a06461746148657265006973206b6579a06461746148657265006973206b6579a06461746148657265006973206b6579a06461746148657265006973206b6579a064617461":1 - -PSA storage read: type: CAMELLIA 128-bit -depends_on:PSA_WANT_KEY_TYPE_CAMELLIA -key_storage_read:0x0001:PSA_KEY_TYPE_CAMELLIA:128:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"48657265006973206b6579a064617461":"505341004b4559000000000001000000032480000100000000000000000000001000000048657265006973206b6579a064617461":1 - -PSA storage read: type: CAMELLIA 192-bit -depends_on:PSA_WANT_KEY_TYPE_CAMELLIA -key_storage_read:0x0001:PSA_KEY_TYPE_CAMELLIA:192:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"48657265006973206b6579a0646174614865726500697320":"505341004b45590000000000010000000324c0000100000000000000000000001800000048657265006973206b6579a0646174614865726500697320":1 - -PSA storage read: type: CAMELLIA 256-bit -depends_on:PSA_WANT_KEY_TYPE_CAMELLIA -key_storage_read:0x0001:PSA_KEY_TYPE_CAMELLIA:256:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"48657265006973206b6579a06461746148657265006973206b6579a064617461":"505341004b4559000000000001000000032400010100000000000000000000002000000048657265006973206b6579a06461746148657265006973206b6579a064617461":1 - -PSA storage read: type: CHACHA20 256-bit -depends_on:PSA_WANT_KEY_TYPE_CHACHA20 -key_storage_read:0x0001:PSA_KEY_TYPE_CHACHA20:256:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"48657265006973206b6579a06461746148657265006973206b6579a064617461":"505341004b4559000000000001000000042000010100000000000000000000002000000048657265006973206b6579a06461746148657265006973206b6579a064617461":1 - -PSA storage read: type: DERIVE 120-bit -depends_on:PSA_WANT_KEY_TYPE_DERIVE -key_storage_read:0x0001:PSA_KEY_TYPE_DERIVE:120:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"48657265006973206b6579a0646174":"505341004b4559000000000001000000001278000100000000000000000000000f00000048657265006973206b6579a0646174":1 - -PSA storage read: type: DERIVE 128-bit -depends_on:PSA_WANT_KEY_TYPE_DERIVE -key_storage_read:0x0001:PSA_KEY_TYPE_DERIVE:128:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"48657265006973206b6579a064617461":"505341004b4559000000000001000000001280000100000000000000000000001000000048657265006973206b6579a064617461":1 - -PSA storage read: type: DES 64-bit -depends_on:PSA_WANT_KEY_TYPE_DES -key_storage_read:0x0001:PSA_KEY_TYPE_DES:64:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"644573206b457901":"505341004b45590000000000010000000123400001000000000000000000000008000000644573206b457901":1 - -PSA storage read: type: DES 128-bit -depends_on:PSA_WANT_KEY_TYPE_DES -key_storage_read:0x0001:PSA_KEY_TYPE_DES:128:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"644573206b457901644573206b457902":"505341004b45590000000000010000000123800001000000000000000000000010000000644573206b457901644573206b457902":1 - -PSA storage read: type: DES 192-bit -depends_on:PSA_WANT_KEY_TYPE_DES -key_storage_read:0x0001:PSA_KEY_TYPE_DES:192:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"644573206b457901644573206b457902644573206b457904":"505341004b45590000000000010000000123c00001000000000000000000000018000000644573206b457901644573206b457902644573206b457904":1 - -PSA storage read: type: HMAC 128-bit -depends_on:PSA_WANT_KEY_TYPE_HMAC -key_storage_read:0x0001:PSA_KEY_TYPE_HMAC:128:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"48657265006973206b6579a064617461":"505341004b4559000000000001000000001180000100000000000000000000001000000048657265006973206b6579a064617461":1 - -PSA storage read: type: HMAC 160-bit -depends_on:PSA_WANT_KEY_TYPE_HMAC -key_storage_read:0x0001:PSA_KEY_TYPE_HMAC:160:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"48657265006973206b6579a06461746148657265":"505341004b45590000000000010000000011a0000100000000000000000000001400000048657265006973206b6579a06461746148657265":1 - -PSA storage read: type: HMAC 224-bit -depends_on:PSA_WANT_KEY_TYPE_HMAC -key_storage_read:0x0001:PSA_KEY_TYPE_HMAC:224:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"48657265006973206b6579a06461746148657265006973206b6579a0":"505341004b45590000000000010000000011e0000100000000000000000000001c00000048657265006973206b6579a06461746148657265006973206b6579a0":1 - -PSA storage read: type: HMAC 256-bit -depends_on:PSA_WANT_KEY_TYPE_HMAC -key_storage_read:0x0001:PSA_KEY_TYPE_HMAC:256:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"48657265006973206b6579a06461746148657265006973206b6579a064617461":"505341004b4559000000000001000000001100010100000000000000000000002000000048657265006973206b6579a06461746148657265006973206b6579a064617461":1 - -PSA storage read: type: HMAC 384-bit -depends_on:PSA_WANT_KEY_TYPE_HMAC -key_storage_read:0x0001:PSA_KEY_TYPE_HMAC:384:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"48657265006973206b6579a06461746148657265006973206b6579a06461746148657265006973206b6579a064617461":"505341004b4559000000000001000000001180010100000000000000000000003000000048657265006973206b6579a06461746148657265006973206b6579a06461746148657265006973206b6579a064617461":1 - -PSA storage read: type: HMAC 512-bit -depends_on:PSA_WANT_KEY_TYPE_HMAC -key_storage_read:0x0001:PSA_KEY_TYPE_HMAC:512:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"48657265006973206b6579a06461746148657265006973206b6579a06461746148657265006973206b6579a06461746148657265006973206b6579a064617461":"505341004b4559000000000001000000001100020100000000000000000000004000000048657265006973206b6579a06461746148657265006973206b6579a06461746148657265006973206b6579a06461746148657265006973206b6579a064617461":1 - -PSA storage read: type: PASSWORD 48-bit -depends_on:PSA_WANT_KEY_TYPE_PASSWORD -key_storage_read:0x0001:PSA_KEY_TYPE_PASSWORD:48:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"486572650069":"505341004b45590000000000010000000312300001000000000000000000000006000000486572650069":1 - -PSA storage read: type: PASSWORD 168-bit -depends_on:PSA_WANT_KEY_TYPE_PASSWORD -key_storage_read:0x0001:PSA_KEY_TYPE_PASSWORD:168:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"48657265006973206b6579a0646174614865726500":"505341004b45590000000000010000000312a8000100000000000000000000001500000048657265006973206b6579a0646174614865726500":1 - -PSA storage read: type: PASSWORD 336-bit -depends_on:PSA_WANT_KEY_TYPE_PASSWORD -key_storage_read:0x0001:PSA_KEY_TYPE_PASSWORD:336:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"48657265006973206b6579a06461746148657265006973206b6579a06461746148657265006973206b65":"505341004b4559000000000001000000031250010100000000000000000000002a00000048657265006973206b6579a06461746148657265006973206b6579a06461746148657265006973206b65":1 - -PSA storage read: type: PASSWORD_HASH 128-bit -depends_on:PSA_WANT_KEY_TYPE_PASSWORD_HASH -key_storage_read:0x0001:PSA_KEY_TYPE_PASSWORD_HASH:128:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"48657265006973206b6579a064617461":"505341004b4559000000000001000000051280000100000000000000000000001000000048657265006973206b6579a064617461":1 - -PSA storage read: type: PASSWORD_HASH 256-bit -depends_on:PSA_WANT_KEY_TYPE_PASSWORD_HASH -key_storage_read:0x0001:PSA_KEY_TYPE_PASSWORD_HASH:256:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"48657265006973206b6579a06461746148657265006973206b6579a064617461":"505341004b4559000000000001000000051200010100000000000000000000002000000048657265006973206b6579a06461746148657265006973206b6579a064617461":1 - -PSA storage read: type: PEPPER 128-bit -depends_on:PSA_WANT_KEY_TYPE_PEPPER -key_storage_read:0x0001:PSA_KEY_TYPE_PEPPER:128:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"48657265006973206b6579a064617461":"505341004b4559000000000001000000061280000100000000000000000000001000000048657265006973206b6579a064617461":1 - -PSA storage read: type: PEPPER 256-bit -depends_on:PSA_WANT_KEY_TYPE_PEPPER -key_storage_read:0x0001:PSA_KEY_TYPE_PEPPER:256:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"48657265006973206b6579a06461746148657265006973206b6579a064617461":"505341004b4559000000000001000000061200010100000000000000000000002000000048657265006973206b6579a06461746148657265006973206b6579a064617461":1 - -PSA storage read: type: RAW_DATA 8-bit -depends_on:PSA_WANT_KEY_TYPE_RAW_DATA -key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"48":"505341004b4559000000000001000000011008000100000000000000000000000100000048":0 - -PSA storage read: type: RAW_DATA 40-bit -depends_on:PSA_WANT_KEY_TYPE_RAW_DATA -key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:40:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"4865726500":"505341004b455900000000000100000001102800010000000000000000000000050000004865726500":0 - -PSA storage read: type: RAW_DATA 128-bit -depends_on:PSA_WANT_KEY_TYPE_RAW_DATA -key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:128:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"48657265006973206b6579a064617461":"505341004b4559000000000001000000011080000100000000000000000000001000000048657265006973206b6579a064617461":0 - -PSA storage read: type: RSA_KEY_PAIR 1024-bit -depends_on:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR -key_storage_read:0x0001:PSA_KEY_TYPE_RSA_KEY_PAIR:1024:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":"505341004b455900000000000100000001700004010000000000000000000000620200003082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":1 - -PSA storage read: type: RSA_KEY_PAIR 1536-bit -depends_on:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR -key_storage_read:0x0001:PSA_KEY_TYPE_RSA_KEY_PAIR:1536:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"3082037b0201000281c100c870feb6ca6b1d2bd9f2dd99e20f1fe2d7e5192de662229dbe162bd1ba66336a7182903ca0b72796cd441c83d24bcdc3e9a2f5e4399c8a043f1c3ddf04754a66d4cfe7b3671a37dd31a9b4c13bfe06ee90f9d94ddaa06de67a52ac863e68f756736ceb014405a6160579640f831dddccc34ad0b05070e3f9954a58d1815813e1b83bcadba814789c87f1ef2ba5d738b793ec456a67360eea1b5faf1c7cc7bf24f3b2a9d0f8958b1096e0f0c335f8888d0c63a51c3c0337214fa3f5efdf6dcc3502030100010281c06d2d670047973a87752a9d5bc14f3dae00acb01f593aa0e24cf4a49f932931de4bbfb332e2d38083da80bc0b6d538edba479f7f77d0deffb4a28e6e67ff6273585bb4cd862535c946605ab0809d65f0e38f76e4ec2c3d9b8cd6e14bcf667943892cd4b34cc6420a439abbf3d7d35ef73976dd6f9cbde35a51fa5213f0107f83e3425835d16d3c9146fc9e36ce75a09bb66cdff21dd5a776899f1cb07e282cca27be46510e9c799f0d8db275a6be085d9f3f803218ee3384265bfb1a3640e8ca1026100e6848c31d466fffefc547e3a3b0d3785de6f78b0dd12610843512e495611a0675509b1650b27415009838dd8e68eec6e7530553b637d602424643b33e8bc5b762e1799bc79d56b13251d36d4f201da2182416ce13574e88278ff04467ad602d9026100de994fdf181f02be2bf9e5f5e4e517a94993b827d1eaf609033e3a6a6f2396ae7c44e9eb594cf1044cb3ad32ea258f0c82963b27bb650ed200cde82cb993374be34be5b1c7ead5446a2b82a4486e8c1810a0b01551609fb0841d474bada802bd026076ddae751b73a959d0bfb8ff49e7fcd378e9be30652ecefe35c82cb8003bc29cc60ae3809909baf20c95db9516fe680865417111d8b193dbcf30281f1249de57c858bf1ba32f5bb1599800e8398a9ef25c7a642c95261da6f9c17670e97265b10260732482b837d5f2a9443e23c1aa0106d83e82f6c3424673b5fdc3769c0f992d1c5c93991c7038e882fcda04414df4d7a5f4f698ead87851ce37344b60b72d7b70f9c60cae8566e7a257f8e1bef0e89df6e4c2f9d24d21d9f8889e4c7eccf91751026009050d94493da8f00a4ddbe9c800afe3d44b43f78a48941a79b2814a1f0b81a18a8b2347642a03b27998f5a18de9abc9ae0e54ab8294feac66dc87e854cce6f7278ac2710cb5878b592ffeb1f4f0a1853e4e8d1d0561b6efcc831a296cf7eeaf":"505341004b4559000000000001000000017000060100000000000000000000007f0300003082037b0201000281c100c870feb6ca6b1d2bd9f2dd99e20f1fe2d7e5192de662229dbe162bd1ba66336a7182903ca0b72796cd441c83d24bcdc3e9a2f5e4399c8a043f1c3ddf04754a66d4cfe7b3671a37dd31a9b4c13bfe06ee90f9d94ddaa06de67a52ac863e68f756736ceb014405a6160579640f831dddccc34ad0b05070e3f9954a58d1815813e1b83bcadba814789c87f1ef2ba5d738b793ec456a67360eea1b5faf1c7cc7bf24f3b2a9d0f8958b1096e0f0c335f8888d0c63a51c3c0337214fa3f5efdf6dcc3502030100010281c06d2d670047973a87752a9d5bc14f3dae00acb01f593aa0e24cf4a49f932931de4bbfb332e2d38083da80bc0b6d538edba479f7f77d0deffb4a28e6e67ff6273585bb4cd862535c946605ab0809d65f0e38f76e4ec2c3d9b8cd6e14bcf667943892cd4b34cc6420a439abbf3d7d35ef73976dd6f9cbde35a51fa5213f0107f83e3425835d16d3c9146fc9e36ce75a09bb66cdff21dd5a776899f1cb07e282cca27be46510e9c799f0d8db275a6be085d9f3f803218ee3384265bfb1a3640e8ca1026100e6848c31d466fffefc547e3a3b0d3785de6f78b0dd12610843512e495611a0675509b1650b27415009838dd8e68eec6e7530553b637d602424643b33e8bc5b762e1799bc79d56b13251d36d4f201da2182416ce13574e88278ff04467ad602d9026100de994fdf181f02be2bf9e5f5e4e517a94993b827d1eaf609033e3a6a6f2396ae7c44e9eb594cf1044cb3ad32ea258f0c82963b27bb650ed200cde82cb993374be34be5b1c7ead5446a2b82a4486e8c1810a0b01551609fb0841d474bada802bd026076ddae751b73a959d0bfb8ff49e7fcd378e9be30652ecefe35c82cb8003bc29cc60ae3809909baf20c95db9516fe680865417111d8b193dbcf30281f1249de57c858bf1ba32f5bb1599800e8398a9ef25c7a642c95261da6f9c17670e97265b10260732482b837d5f2a9443e23c1aa0106d83e82f6c3424673b5fdc3769c0f992d1c5c93991c7038e882fcda04414df4d7a5f4f698ead87851ce37344b60b72d7b70f9c60cae8566e7a257f8e1bef0e89df6e4c2f9d24d21d9f8889e4c7eccf91751026009050d94493da8f00a4ddbe9c800afe3d44b43f78a48941a79b2814a1f0b81a18a8b2347642a03b27998f5a18de9abc9ae0e54ab8294feac66dc87e854cce6f7278ac2710cb5878b592ffeb1f4f0a1853e4e8d1d0561b6efcc831a296cf7eeaf":1 - -PSA storage read: type: RSA_PUBLIC_KEY 1024-bit -depends_on:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY -key_storage_read:0x0001:PSA_KEY_TYPE_RSA_PUBLIC_KEY:1024:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":"505341004b4559000000000001000000014000040100000000000000000000008c00000030818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":1 - -PSA storage read: type: RSA_PUBLIC_KEY 1536-bit -depends_on:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY -key_storage_read:0x0001:PSA_KEY_TYPE_RSA_PUBLIC_KEY:1536:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"3081c90281c100c870feb6ca6b1d2bd9f2dd99e20f1fe2d7e5192de662229dbe162bd1ba66336a7182903ca0b72796cd441c83d24bcdc3e9a2f5e4399c8a043f1c3ddf04754a66d4cfe7b3671a37dd31a9b4c13bfe06ee90f9d94ddaa06de67a52ac863e68f756736ceb014405a6160579640f831dddccc34ad0b05070e3f9954a58d1815813e1b83bcadba814789c87f1ef2ba5d738b793ec456a67360eea1b5faf1c7cc7bf24f3b2a9d0f8958b1096e0f0c335f8888d0c63a51c3c0337214fa3f5efdf6dcc350203010001":"505341004b455900000000000100000001400006010000000000000000000000cc0000003081c90281c100c870feb6ca6b1d2bd9f2dd99e20f1fe2d7e5192de662229dbe162bd1ba66336a7182903ca0b72796cd441c83d24bcdc3e9a2f5e4399c8a043f1c3ddf04754a66d4cfe7b3671a37dd31a9b4c13bfe06ee90f9d94ddaa06de67a52ac863e68f756736ceb014405a6160579640f831dddccc34ad0b05070e3f9954a58d1815813e1b83bcadba814789c87f1ef2ba5d738b793ec456a67360eea1b5faf1c7cc7bf24f3b2a9d0f8958b1096e0f0c335f8888d0c63a51c3c0337214fa3f5efdf6dcc350203010001":1 - -PSA storage read: type: ECC_KEY_PAIR(BRAINPOOL_P_R1) 160-bit -depends_on:PSA_WANT_ECC_BRAINPOOL_P_R1_160:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR -key_storage_read:0x0001:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_BRAINPOOL_P_R1):160:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"69502c4fdaf48d4fa617bdd24498b0406d0eeaac":"505341004b45590000000000010000003071a0000100000000000000000000001400000069502c4fdaf48d4fa617bdd24498b0406d0eeaac":1 - -PSA storage read: type: ECC_KEY_PAIR(BRAINPOOL_P_R1) 192-bit -depends_on:PSA_WANT_ECC_BRAINPOOL_P_R1_192:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR -key_storage_read:0x0001:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_BRAINPOOL_P_R1):192:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"1688a2c5fbf4a3c851d76a98c3ec88f445a97996283db59f":"505341004b45590000000000010000003071c000010000000000000000000000180000001688a2c5fbf4a3c851d76a98c3ec88f445a97996283db59f":1 - -PSA storage read: type: ECC_KEY_PAIR(BRAINPOOL_P_R1) 224-bit -depends_on:PSA_WANT_ECC_BRAINPOOL_P_R1_224:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR -key_storage_read:0x0001:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_BRAINPOOL_P_R1):224:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"a69835dafeb5da5ab89c59860dddebcfd80b529a99f59b880882923c":"505341004b45590000000000010000003071e0000100000000000000000000001c000000a69835dafeb5da5ab89c59860dddebcfd80b529a99f59b880882923c":1 - -PSA storage read: type: ECC_KEY_PAIR(BRAINPOOL_P_R1) 256-bit -depends_on:PSA_WANT_ECC_BRAINPOOL_P_R1_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR -key_storage_read:0x0001:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_BRAINPOOL_P_R1):256:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"2161d6f2db76526fa62c16f356a80f01f32f776784b36aa99799a8b7662080ff":"505341004b455900000000000100000030710001010000000000000000000000200000002161d6f2db76526fa62c16f356a80f01f32f776784b36aa99799a8b7662080ff":1 - -PSA storage read: type: ECC_KEY_PAIR(BRAINPOOL_P_R1) 320-bit -depends_on:PSA_WANT_ECC_BRAINPOOL_P_R1_320:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR -key_storage_read:0x0001:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_BRAINPOOL_P_R1):320:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"61b8daa7a6e5aa9fccf1ef504220b2e5a5b8c6dc7475d16d3172d7db0b2778414e4f6e8fa2032ead":"505341004b4559000000000001000000307140010100000000000000000000002800000061b8daa7a6e5aa9fccf1ef504220b2e5a5b8c6dc7475d16d3172d7db0b2778414e4f6e8fa2032ead":1 - -PSA storage read: type: ECC_KEY_PAIR(BRAINPOOL_P_R1) 384-bit -depends_on:PSA_WANT_ECC_BRAINPOOL_P_R1_384:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR -key_storage_read:0x0001:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_BRAINPOOL_P_R1):384:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"3dd92e750d90d7d39fc1885cd8ad12ea9441f22b9334b4d965202adb1448ce24c5808a85dd9afc229af0a3124f755bcb":"505341004b455900000000000100000030718001010000000000000000000000300000003dd92e750d90d7d39fc1885cd8ad12ea9441f22b9334b4d965202adb1448ce24c5808a85dd9afc229af0a3124f755bcb":1 - -PSA storage read: type: ECC_KEY_PAIR(BRAINPOOL_P_R1) 512-bit -depends_on:PSA_WANT_ECC_BRAINPOOL_P_R1_512:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR -key_storage_read:0x0001:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_BRAINPOOL_P_R1):512:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"372c9778f69f726cbca3f4a268f16b4d617d10280d79a6a029cd51879fe1012934dfe5395455337df6906dc7d6d2eea4dbb2065c0228f73b3ed716480e7d71d2":"505341004b45590000000000010000003071000201000000000000000000000040000000372c9778f69f726cbca3f4a268f16b4d617d10280d79a6a029cd51879fe1012934dfe5395455337df6906dc7d6d2eea4dbb2065c0228f73b3ed716480e7d71d2":1 - -PSA storage read: type: ECC_KEY_PAIR(MONTGOMERY) 255-bit -depends_on:PSA_WANT_ECC_MONTGOMERY_255:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR -key_storage_read:0x0001:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_MONTGOMERY):255:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"70076d0a7318a57d3c16c17251b26645df4c2f87ebc0992ab177fba51db92c6a":"505341004b45590000000000010000004171ff000100000000000000000000002000000070076d0a7318a57d3c16c17251b26645df4c2f87ebc0992ab177fba51db92c6a":1 - -PSA storage read: type: ECC_KEY_PAIR(MONTGOMERY) 448-bit -depends_on:PSA_WANT_ECC_MONTGOMERY_448:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR -key_storage_read:0x0001:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_MONTGOMERY):448:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"e4e49f52686f9ee3b638528f721f1596196ffd0a1cddb64c3f216f06541805cfeb1a286dc78018095cdfec050e8007b5f4908962ba20d6c1":"505341004b45590000000000010000004171c00101000000000000000000000038000000e4e49f52686f9ee3b638528f721f1596196ffd0a1cddb64c3f216f06541805cfeb1a286dc78018095cdfec050e8007b5f4908962ba20d6c1":1 - -PSA storage read: type: ECC_KEY_PAIR(SECP_K1) 192-bit -depends_on:PSA_WANT_ECC_SECP_K1_192:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR -key_storage_read:0x0001:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_K1):192:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"297ac1722ccac7589ecb240dc719842538ca974beb79f228":"505341004b45590000000000010000001771c00001000000000000000000000018000000297ac1722ccac7589ecb240dc719842538ca974beb79f228":1 - -PSA storage read: type: ECC_KEY_PAIR(SECP_K1) 224-bit -depends_on:PSA_WANT_ECC_SECP_K1_224:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR -key_storage_read:0x0001:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_K1):224:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"0024122bf020fa113f6c0ac978dfbd41f749257a9468febdbe0dc9f7e8":"505341004b45590000000000010000001771e0000100000000000000000000001d0000000024122bf020fa113f6c0ac978dfbd41f749257a9468febdbe0dc9f7e8":1 - -PSA storage read: type: ECC_KEY_PAIR(SECP_K1) 256-bit -depends_on:PSA_WANT_ECC_SECP_K1_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR -key_storage_read:0x0001:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_K1):256:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"7fa06fa02d0e911b9a47fdc17d2d962ca01e2f31d60c6212d0ed7e3bba23a7b9":"505341004b455900000000000100000017710001010000000000000000000000200000007fa06fa02d0e911b9a47fdc17d2d962ca01e2f31d60c6212d0ed7e3bba23a7b9":1 - -PSA storage read: type: ECC_KEY_PAIR(SECP_R1) 225-bit -depends_on:PSA_WANT_ECC_SECP_R1_225:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR -key_storage_read:0x0001:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):225:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"872f203b3ad35b7f2ecc803c3a0e1e0b1ed61cc1afe71b189cd4c995":"505341004b45590000000000010000001271e1000100000000000000000000001c000000872f203b3ad35b7f2ecc803c3a0e1e0b1ed61cc1afe71b189cd4c995":1 - -PSA storage read: type: ECC_KEY_PAIR(SECP_R1) 256-bit -depends_on:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR -key_storage_read:0x0001:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):256:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":"505341004b4559000000000001000000127100010100000000000000000000002000000049c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":1 - -PSA storage read: type: ECC_KEY_PAIR(SECP_R1) 384-bit -depends_on:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR -key_storage_read:0x0001:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):384:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"3f5d8d9be280b5696cc5cc9f94cf8af7e6b61dd6592b2ab2b3a4c607450417ec327dcdcaed7c10053d719a0574f0a76a":"505341004b455900000000000100000012718001010000000000000000000000300000003f5d8d9be280b5696cc5cc9f94cf8af7e6b61dd6592b2ab2b3a4c607450417ec327dcdcaed7c10053d719a0574f0a76a":1 - -PSA storage read: type: ECC_KEY_PAIR(SECP_R1) 521-bit -depends_on:PSA_WANT_ECC_SECP_R1_521:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR -key_storage_read:0x0001:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):521:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"01b1b6ad07bb79e7320da59860ea28e055284f6058f279de666e06d435d2af7bda28d99fa47b7dd0963e16b0073078ee8b8a38d966a582f46d19ff95df3ad9685aae":"505341004b4559000000000001000000127109020100000000000000000000004200000001b1b6ad07bb79e7320da59860ea28e055284f6058f279de666e06d435d2af7bda28d99fa47b7dd0963e16b0073078ee8b8a38d966a582f46d19ff95df3ad9685aae":1 - -PSA storage read: type: ECC_KEY_PAIR(SECP_R2) 160-bit -depends_on:PSA_WANT_ECC_SECP_R2_160:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR -key_storage_read:0x0001:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R2):160:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"00bf539a1cdda0d7f71a50a3f98aec0a2e8e4ced1e":"505341004b45590000000000010000001b71a0000100000000000000000000001500000000bf539a1cdda0d7f71a50a3f98aec0a2e8e4ced1e":1 - -PSA storage read: type: ECC_KEY_PAIR(SECT_K1) 163-bit -depends_on:PSA_WANT_ECC_SECT_K1_163:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR -key_storage_read:0x0001:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECT_K1):163:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"03ebc8fcded2d6ab72ec0f75bdb4fd080481273e71":"505341004b45590000000000010000002771a3000100000000000000000000001500000003ebc8fcded2d6ab72ec0f75bdb4fd080481273e71":1 - -PSA storage read: type: ECC_KEY_PAIR(SECT_K1) 233-bit -depends_on:PSA_WANT_ECC_SECT_K1_233:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR -key_storage_read:0x0001:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECT_K1):233:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"41f08485ce587b06061c087e76e247c359de2ba9927ee013b2f1ed9ca8":"505341004b45590000000000010000002771e9000100000000000000000000001d00000041f08485ce587b06061c087e76e247c359de2ba9927ee013b2f1ed9ca8":1 - -PSA storage read: type: ECC_KEY_PAIR(SECT_K1) 239-bit -depends_on:PSA_WANT_ECC_SECT_K1_239:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR -key_storage_read:0x0001:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECT_K1):239:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"1a8069ce2c2c8bdd7087f2a6ab49588797e6294e979495602ab9650b9c61":"505341004b45590000000000010000002771ef000100000000000000000000001e0000001a8069ce2c2c8bdd7087f2a6ab49588797e6294e979495602ab9650b9c61":1 - -PSA storage read: type: ECC_KEY_PAIR(SECT_K1) 283-bit -depends_on:PSA_WANT_ECC_SECT_K1_283:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR -key_storage_read:0x0001:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECT_K1):283:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"006d627885dd48b9ec6facb5b3865377d755b75a5d51440e45211c1f600e15eff8a881a0":"505341004b455900000000000100000027711b0101000000000000000000000024000000006d627885dd48b9ec6facb5b3865377d755b75a5d51440e45211c1f600e15eff8a881a0":1 - -PSA storage read: type: ECC_KEY_PAIR(SECT_K1) 409-bit -depends_on:PSA_WANT_ECC_SECT_K1_409:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR -key_storage_read:0x0001:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECT_K1):409:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"3ff5e74d932fa77db139b7c948c81e4069c72c24845574064beea8976b70267f1c6f9a503e3892ea1dcbb71fcea423faa370a8":"505341004b455900000000000100000027719901010000000000000000000000330000003ff5e74d932fa77db139b7c948c81e4069c72c24845574064beea8976b70267f1c6f9a503e3892ea1dcbb71fcea423faa370a8":1 - -PSA storage read: type: ECC_KEY_PAIR(SECT_K1) 571-bit -depends_on:PSA_WANT_ECC_SECT_K1_571:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR -key_storage_read:0x0001:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECT_K1):571:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"005008c97b4a161c0db1bac6452c72846d57337aa92d8ecb4a66eb01d2f29555ffb61a5317225dcc8ca6917d91789e227efc0bfe9eeda7ee21998cd11c3c9885056b0e55b4f75d51":"505341004b455900000000000100000027713b0201000000000000000000000048000000005008c97b4a161c0db1bac6452c72846d57337aa92d8ecb4a66eb01d2f29555ffb61a5317225dcc8ca6917d91789e227efc0bfe9eeda7ee21998cd11c3c9885056b0e55b4f75d51":1 - -PSA storage read: type: ECC_KEY_PAIR(SECT_R1) 163-bit -depends_on:PSA_WANT_ECC_SECT_R1_163:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR -key_storage_read:0x0001:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECT_R1):163:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"009b05dc82d46d64a04a22e6e5ca70ca1231e68c50":"505341004b45590000000000010000002271a30001000000000000000000000015000000009b05dc82d46d64a04a22e6e5ca70ca1231e68c50":1 - -PSA storage read: type: ECC_KEY_PAIR(SECT_R1) 233-bit -depends_on:PSA_WANT_ECC_SECT_R1_233:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR -key_storage_read:0x0001:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECT_R1):233:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"00e5e42834e3c78758088b905deea975f28dc20ef6173e481f96e88afe7f":"505341004b45590000000000010000002271e9000100000000000000000000001e00000000e5e42834e3c78758088b905deea975f28dc20ef6173e481f96e88afe7f":1 - -PSA storage read: type: ECC_KEY_PAIR(SECT_R1) 283-bit -depends_on:PSA_WANT_ECC_SECT_R1_283:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR -key_storage_read:0x0001:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECT_R1):283:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"004cecad915f6f3c9bbbd92d1eb101eda23f16c7dad60a57c87c7e1fd2b29b22f6d666ad":"505341004b455900000000000100000022711b0101000000000000000000000024000000004cecad915f6f3c9bbbd92d1eb101eda23f16c7dad60a57c87c7e1fd2b29b22f6d666ad":1 - -PSA storage read: type: ECC_KEY_PAIR(SECT_R1) 409-bit -depends_on:PSA_WANT_ECC_SECT_R1_409:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR -key_storage_read:0x0001:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECT_R1):409:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"00c22422d265721a3ae2b3b2baeb77bee50416e19877af97b5fc1c700a0a88916ecb9050135883accb5e64edc77a3703f4f67a64":"505341004b4559000000000001000000227199010100000000000000000000003400000000c22422d265721a3ae2b3b2baeb77bee50416e19877af97b5fc1c700a0a88916ecb9050135883accb5e64edc77a3703f4f67a64":1 - -PSA storage read: type: ECC_KEY_PAIR(SECT_R1) 571-bit -depends_on:PSA_WANT_ECC_SECT_R1_571:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR -key_storage_read:0x0001:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECT_R1):571:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"026ac1cdf92a13a1b8d282da9725847908745138f5c6706b52d164e3675fcfbf86fc3e6ab2de732193267db029dd35a0599a94a118f480231cfc6ccca2ebfc1d8f54176e0f5656a1":"505341004b455900000000000100000022713b0201000000000000000000000048000000026ac1cdf92a13a1b8d282da9725847908745138f5c6706b52d164e3675fcfbf86fc3e6ab2de732193267db029dd35a0599a94a118f480231cfc6ccca2ebfc1d8f54176e0f5656a1":1 - -PSA storage read: type: ECC_KEY_PAIR(SECT_R2) 163-bit -depends_on:PSA_WANT_ECC_SECT_R2_163:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR -key_storage_read:0x0001:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECT_R2):163:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"0210b482a458b4822d0cb21daa96819a67c8062d34":"505341004b45590000000000010000002b71a300010000000000000000000000150000000210b482a458b4822d0cb21daa96819a67c8062d34":1 - -PSA storage read: type: ECC_KEY_PAIR(TWISTED_EDWARDS) 255-bit -depends_on:PSA_WANT_ECC_TWISTED_EDWARDS_255:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR -key_storage_read:0x0001:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_TWISTED_EDWARDS):255:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"9d61b19deffd5a60ba844af492ec2cc44449c5697b326919703bac031cae7f60":"505341004b45590000000000010000004271ff00010000000000000000000000200000009d61b19deffd5a60ba844af492ec2cc44449c5697b326919703bac031cae7f60":1 - -PSA storage read: type: ECC_KEY_PAIR(TWISTED_EDWARDS) 448-bit -depends_on:PSA_WANT_ECC_TWISTED_EDWARDS_448:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR -key_storage_read:0x0001:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_TWISTED_EDWARDS):448:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"6c82a562cb808d10d632be89c8513ebf6c929f34ddfa8c9f63c9960ef6e348a3528c8a3fcc2f044e39a3fc5b94492f8f032e7549a20098f95b":"505341004b45590000000000010000004271c001010000000000000000000000390000006c82a562cb808d10d632be89c8513ebf6c929f34ddfa8c9f63c9960ef6e348a3528c8a3fcc2f044e39a3fc5b94492f8f032e7549a20098f95b":1 - -PSA storage read: type: ECC_PUBLIC_KEY(BRAINPOOL_P_R1) 160-bit -depends_on:PSA_WANT_ECC_BRAINPOOL_P_R1_160:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY -key_storage_read:0x0001:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_BRAINPOOL_P_R1):160:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"04d4b9186816358e2f9c59cf70748cb70641b22fbab65473db4b4e22a361ed7e3de7e8a8ddc4130c5c":"505341004b45590000000000010000003041a0000100000000000000000000002900000004d4b9186816358e2f9c59cf70748cb70641b22fbab65473db4b4e22a361ed7e3de7e8a8ddc4130c5c":1 - -PSA storage read: type: ECC_PUBLIC_KEY(BRAINPOOL_P_R1) 192-bit -depends_on:PSA_WANT_ECC_BRAINPOOL_P_R1_192:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY -key_storage_read:0x0001:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_BRAINPOOL_P_R1):192:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"043fdd168c179ff5363dd71dcd58de9617caad791ae0c37328be9ca0bfc79cebabf6a95d1c52df5b5f3c8b1a2441cf6c88":"505341004b45590000000000010000003041c00001000000000000000000000031000000043fdd168c179ff5363dd71dcd58de9617caad791ae0c37328be9ca0bfc79cebabf6a95d1c52df5b5f3c8b1a2441cf6c88":1 - -PSA storage read: type: ECC_PUBLIC_KEY(BRAINPOOL_P_R1) 224-bit -depends_on:PSA_WANT_ECC_BRAINPOOL_P_R1_224:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY -key_storage_read:0x0001:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_BRAINPOOL_P_R1):224:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"045fbea378fc8583b3837e3f21a457c31eaf20a54e18eb11d104b3adc47f9d1c97eb9ea4ac21740d70d88514b98bf0bc31addac1d19c4ab3cc":"505341004b45590000000000010000003041e00001000000000000000000000039000000045fbea378fc8583b3837e3f21a457c31eaf20a54e18eb11d104b3adc47f9d1c97eb9ea4ac21740d70d88514b98bf0bc31addac1d19c4ab3cc":1 - -PSA storage read: type: ECC_PUBLIC_KEY(BRAINPOOL_P_R1) 256-bit -depends_on:PSA_WANT_ECC_BRAINPOOL_P_R1_256:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY -key_storage_read:0x0001:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_BRAINPOOL_P_R1):256:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"04768c8cae4abca6306db0ed81b0c4a6215c378066ec6d616c146e13f1c7df809b96ab6911c27d8a02339f0926840e55236d3d1efbe2669d090e4c4c660fada91d":"505341004b4559000000000001000000304100010100000000000000000000004100000004768c8cae4abca6306db0ed81b0c4a6215c378066ec6d616c146e13f1c7df809b96ab6911c27d8a02339f0926840e55236d3d1efbe2669d090e4c4c660fada91d":1 - -PSA storage read: type: ECC_PUBLIC_KEY(BRAINPOOL_P_R1) 320-bit -depends_on:PSA_WANT_ECC_BRAINPOOL_P_R1_320:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY -key_storage_read:0x0001:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_BRAINPOOL_P_R1):320:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"049caed8fb4742956cc2ad12a9a1c995e21759ef26a07bc2054136d3d2f28bb331a70e26c4c687275ab1f434be7871e115d2350c0c5f61d4d06d2bcdb67f5cb63fdb794e5947c87dc6849a58694e37e6cd":"505341004b45590000000000010000003041400101000000000000000000000051000000049caed8fb4742956cc2ad12a9a1c995e21759ef26a07bc2054136d3d2f28bb331a70e26c4c687275ab1f434be7871e115d2350c0c5f61d4d06d2bcdb67f5cb63fdb794e5947c87dc6849a58694e37e6cd":1 - -PSA storage read: type: ECC_PUBLIC_KEY(BRAINPOOL_P_R1) 384-bit -depends_on:PSA_WANT_ECC_BRAINPOOL_P_R1_384:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY -key_storage_read:0x0001:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_BRAINPOOL_P_R1):384:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"04719f9d093a627e0d350385c661cebf00c61923566fe9006a3107af1d871bc6bb68985fd722ea32be316f8e783b7cd1957785f66cfc0cb195dd5c99a8e7abaa848553a584dfd2b48e76d445fe00dd8be59096d877d4696d23b4bc8db14724e66a":"505341004b4559000000000001000000304180010100000000000000000000006100000004719f9d093a627e0d350385c661cebf00c61923566fe9006a3107af1d871bc6bb68985fd722ea32be316f8e783b7cd1957785f66cfc0cb195dd5c99a8e7abaa848553a584dfd2b48e76d445fe00dd8be59096d877d4696d23b4bc8db14724e66a":1 - -PSA storage read: type: ECC_PUBLIC_KEY(BRAINPOOL_P_R1) 512-bit -depends_on:PSA_WANT_ECC_BRAINPOOL_P_R1_512:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY -key_storage_read:0x0001:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_BRAINPOOL_P_R1):512:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"0438b7ec92b61c5c6c7fbc28a4ec759d48fcd4e2e374defd5c4968a54dbef7510e517886fbfc38ea39aa529359d70a7156c35d3cbac7ce776bdb251dd64bce71234424ee7049eed072f0dbc4d79996e175d557e263763ae97095c081e73e7db2e38adc3d4c9a0487b1ede876dc1fca61c902e9a1d8722b8612928f18a24845591a":"505341004b455900000000000100000030410002010000000000000000000000810000000438b7ec92b61c5c6c7fbc28a4ec759d48fcd4e2e374defd5c4968a54dbef7510e517886fbfc38ea39aa529359d70a7156c35d3cbac7ce776bdb251dd64bce71234424ee7049eed072f0dbc4d79996e175d557e263763ae97095c081e73e7db2e38adc3d4c9a0487b1ede876dc1fca61c902e9a1d8722b8612928f18a24845591a":1 - -PSA storage read: type: ECC_PUBLIC_KEY(MONTGOMERY) 255-bit -depends_on:PSA_WANT_ECC_MONTGOMERY_255:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY -key_storage_read:0x0001:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_MONTGOMERY):255:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"8520f0098930a754748b7ddcb43ef75a0dbf3a0d26381af4eba4a98eaa9b4e6a":"505341004b45590000000000010000004141ff00010000000000000000000000200000008520f0098930a754748b7ddcb43ef75a0dbf3a0d26381af4eba4a98eaa9b4e6a":1 - -PSA storage read: type: ECC_PUBLIC_KEY(MONTGOMERY) 448-bit -depends_on:PSA_WANT_ECC_MONTGOMERY_448:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY -key_storage_read:0x0001:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_MONTGOMERY):448:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"c0d3a5a2b416a573dc9909f92f134ac01323ab8f8e36804e578588ba2d09fe7c3e737f771ca112825b548a0ffded6d6a2fd09a3e77dec30e":"505341004b45590000000000010000004141c00101000000000000000000000038000000c0d3a5a2b416a573dc9909f92f134ac01323ab8f8e36804e578588ba2d09fe7c3e737f771ca112825b548a0ffded6d6a2fd09a3e77dec30e":1 - -PSA storage read: type: ECC_PUBLIC_KEY(SECP_K1) 192-bit -depends_on:PSA_WANT_ECC_SECP_K1_192:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY -key_storage_read:0x0001:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_K1):192:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"0426b7bb38da649ac2138fc050c6548b32553dab68afebc36105d325b75538c12323cb0764789ecb992671beb2b6bef2f5":"505341004b45590000000000010000001741c000010000000000000000000000310000000426b7bb38da649ac2138fc050c6548b32553dab68afebc36105d325b75538c12323cb0764789ecb992671beb2b6bef2f5":1 - -PSA storage read: type: ECC_PUBLIC_KEY(SECP_K1) 224-bit -depends_on:PSA_WANT_ECC_SECP_K1_224:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY -key_storage_read:0x0001:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_K1):224:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"042cc7335f4b76042bed44ef45959a62aa215f7a5ff0c8111b8c44ed654ee71c1918326ad485b2d599fe2a6eab096ee26d977334d2bac6d61d":"505341004b45590000000000010000001741e00001000000000000000000000039000000042cc7335f4b76042bed44ef45959a62aa215f7a5ff0c8111b8c44ed654ee71c1918326ad485b2d599fe2a6eab096ee26d977334d2bac6d61d":1 - -PSA storage read: type: ECC_PUBLIC_KEY(SECP_K1) 256-bit -depends_on:PSA_WANT_ECC_SECP_K1_256:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY -key_storage_read:0x0001:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_K1):256:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"045c39154579efd667adc73a81015a797d2c8682cdfbd3c3553c4a185d481cdc50e42a0e1cbc3ca29a32a645e927f54beaed14c9dbbf8279d725f5495ca924b24d":"505341004b45590000000000010000001741000101000000000000000000000041000000045c39154579efd667adc73a81015a797d2c8682cdfbd3c3553c4a185d481cdc50e42a0e1cbc3ca29a32a645e927f54beaed14c9dbbf8279d725f5495ca924b24d":1 - -PSA storage read: type: ECC_PUBLIC_KEY(SECP_R1) 225-bit -depends_on:PSA_WANT_ECC_SECP_R1_225:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY -key_storage_read:0x0001:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1):225:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"046f00eadaa949fee3e9e1c7fa1247eecec86a0dce46418b9bd3117b981d4bd0ae7a990de912f9d060d6cb531a42d22e394ac29e81804bf160":"505341004b45590000000000010000001241e10001000000000000000000000039000000046f00eadaa949fee3e9e1c7fa1247eecec86a0dce46418b9bd3117b981d4bd0ae7a990de912f9d060d6cb531a42d22e394ac29e81804bf160":1 - -PSA storage read: type: ECC_PUBLIC_KEY(SECP_R1) 256-bit -depends_on:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY -key_storage_read:0x0001:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1):256:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"047772656f814b399279d5e1f1781fac6f099a3c5ca1b0e35351834b08b65e0b572590cdaf8f769361bcf34acfc11e5e074e8426bdde04be6e653945449617de45":"505341004b45590000000000010000001241000101000000000000000000000041000000047772656f814b399279d5e1f1781fac6f099a3c5ca1b0e35351834b08b65e0b572590cdaf8f769361bcf34acfc11e5e074e8426bdde04be6e653945449617de45":1 - -PSA storage read: type: ECC_PUBLIC_KEY(SECP_R1) 384-bit -depends_on:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY -key_storage_read:0x0001:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1):384:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"04d9c662b50ba29ca47990450e043aeaf4f0c69b15676d112f622a71c93059af999691c5680d2b44d111579db12f4a413a2ed5c45fcfb67b5b63e00b91ebe59d09a6b1ac2c0c4282aa12317ed5914f999bc488bb132e8342cc36f2ca5e3379c747":"505341004b4559000000000001000000124180010100000000000000000000006100000004d9c662b50ba29ca47990450e043aeaf4f0c69b15676d112f622a71c93059af999691c5680d2b44d111579db12f4a413a2ed5c45fcfb67b5b63e00b91ebe59d09a6b1ac2c0c4282aa12317ed5914f999bc488bb132e8342cc36f2ca5e3379c747":1 - -PSA storage read: type: ECC_PUBLIC_KEY(SECP_R1) 521-bit -depends_on:PSA_WANT_ECC_SECP_R1_521:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY -key_storage_read:0x0001:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1):521:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"04001de142d54f69eb038ee4b7af9d3ca07736fd9cf719eb354d69879ee7f3c136fb0fbf9f08f86be5fa128ec1a051d3e6c643e85ada8ffacf3663c260bd2c844b6f5600cee8e48a9e65d09cadd89f235dee05f3b8a646be715f1f67d5b434e0ff23a1fc07ef7740193e40eeff6f3bcdfd765aa9155033524fe4f205f5444e292c4c2f6ac1":"505341004b4559000000000001000000124109020100000000000000000000008500000004001de142d54f69eb038ee4b7af9d3ca07736fd9cf719eb354d69879ee7f3c136fb0fbf9f08f86be5fa128ec1a051d3e6c643e85ada8ffacf3663c260bd2c844b6f5600cee8e48a9e65d09cadd89f235dee05f3b8a646be715f1f67d5b434e0ff23a1fc07ef7740193e40eeff6f3bcdfd765aa9155033524fe4f205f5444e292c4c2f6ac1":1 - -PSA storage read: type: ECC_PUBLIC_KEY(SECP_R2) 160-bit -depends_on:PSA_WANT_ECC_SECP_R2_160:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY -key_storage_read:0x0001:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R2):160:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"049570d541398665adb5cfa16f5af73b3196926bbd4b876bdb80f8eab20d0f540c22f4de9c140f6d7b":"505341004b45590000000000010000001b41a00001000000000000000000000029000000049570d541398665adb5cfa16f5af73b3196926bbd4b876bdb80f8eab20d0f540c22f4de9c140f6d7b":1 - -PSA storage read: type: ECC_PUBLIC_KEY(SECT_K1) 163-bit -depends_on:PSA_WANT_ECC_SECT_K1_163:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY -key_storage_read:0x0001:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECT_K1):163:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"0406f88f90b4b65950f06ce433afdb097e320f433dc2062b8a65db8fafd3c110f46bc45663fbf021ee7eb9":"505341004b45590000000000010000002741a3000100000000000000000000002b0000000406f88f90b4b65950f06ce433afdb097e320f433dc2062b8a65db8fafd3c110f46bc45663fbf021ee7eb9":1 - -PSA storage read: type: ECC_PUBLIC_KEY(SECT_K1) 233-bit -depends_on:PSA_WANT_ECC_SECT_K1_233:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY -key_storage_read:0x0001:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECT_K1):233:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"0401e9d7189189f773bd8f71be2c10774ba18842434dfa9312595ea545104400f45a9d5675647513ba75b079fe66a29daac2ec86a6a5d4e75c5f290c1f":"505341004b45590000000000010000002741e9000100000000000000000000003d0000000401e9d7189189f773bd8f71be2c10774ba18842434dfa9312595ea545104400f45a9d5675647513ba75b079fe66a29daac2ec86a6a5d4e75c5f290c1f":1 - -PSA storage read: type: ECC_PUBLIC_KEY(SECT_K1) 239-bit -depends_on:PSA_WANT_ECC_SECT_K1_239:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY -key_storage_read:0x0001:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECT_K1):239:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"04068d76b9f4508762c2379db9ee8b87ad8d86d9535132ffba3b5680440cfa28eb133d4232faf1c9aba96af11aefe634a551440800d5f8185105d3072d":"505341004b45590000000000010000002741ef000100000000000000000000003d00000004068d76b9f4508762c2379db9ee8b87ad8d86d9535132ffba3b5680440cfa28eb133d4232faf1c9aba96af11aefe634a551440800d5f8185105d3072d":1 - -PSA storage read: type: ECC_PUBLIC_KEY(SECT_K1) 283-bit -depends_on:PSA_WANT_ECC_SECT_K1_283:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY -key_storage_read:0x0001:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECT_K1):283:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"0405f48374debceaadb46ba385fd92048fcc5b9af1a1c90408bf94a68b9378df1cbfdfb6fb026a96bea06d8f181bf10c020adbcc88b6ecff96bdc564a9649c247cede601c4be63afc3":"505341004b455900000000000100000027411b01010000000000000000000000490000000405f48374debceaadb46ba385fd92048fcc5b9af1a1c90408bf94a68b9378df1cbfdfb6fb026a96bea06d8f181bf10c020adbcc88b6ecff96bdc564a9649c247cede601c4be63afc3":1 - -PSA storage read: type: ECC_PUBLIC_KEY(SECT_K1) 409-bit -depends_on:PSA_WANT_ECC_SECT_K1_409:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY -key_storage_read:0x0001:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECT_K1):409:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"04012c587f69f68b308ba6dcb238797f4e22290ca939ae806604e2b5ab4d9caef5a74a98fd87c4f88d292dd39d92e556e16c6ecc3c019a105826eef507cd9a04119f54d5d850b3720b3792d5d03410e9105610f7e4b420166ed45604a7a1f229d80975ba6be2060e8b":"505341004b4559000000000001000000274199010100000000000000000000006900000004012c587f69f68b308ba6dcb238797f4e22290ca939ae806604e2b5ab4d9caef5a74a98fd87c4f88d292dd39d92e556e16c6ecc3c019a105826eef507cd9a04119f54d5d850b3720b3792d5d03410e9105610f7e4b420166ed45604a7a1f229d80975ba6be2060e8b":1 - -PSA storage read: type: ECC_PUBLIC_KEY(SECT_K1) 571-bit -depends_on:PSA_WANT_ECC_SECT_K1_571:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY -key_storage_read:0x0001:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECT_K1):571:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"04050172a7fd7adf98e4e2ed2742faa5cd12731a15fb0dbbdf75b1c3cc771a4369af6f2fa00e802735650881735759ea9c79961ded18e0daa0ac59afb1d513b5bbda9962e435f454fc020b4afe1445c2302ada07d295ec2580f8849b2dfa7f956b09b4cbe4c88d3b1c217049f75d3900d36df0fa12689256b58dd2ef784ebbeb0564600cf47a841485f8cf897a68accd5a":"505341004b455900000000000100000027413b020100000000000000000000009100000004050172a7fd7adf98e4e2ed2742faa5cd12731a15fb0dbbdf75b1c3cc771a4369af6f2fa00e802735650881735759ea9c79961ded18e0daa0ac59afb1d513b5bbda9962e435f454fc020b4afe1445c2302ada07d295ec2580f8849b2dfa7f956b09b4cbe4c88d3b1c217049f75d3900d36df0fa12689256b58dd2ef784ebbeb0564600cf47a841485f8cf897a68accd5a":1 - -PSA storage read: type: ECC_PUBLIC_KEY(SECT_R1) 163-bit -depends_on:PSA_WANT_ECC_SECT_R1_163:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY -key_storage_read:0x0001:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECT_R1):163:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"0400465eeb9e7258b11e33c02266bfe834b20bcb118700772796ee4704ec67651bd447e3011959a79a04cb":"505341004b45590000000000010000002241a3000100000000000000000000002b0000000400465eeb9e7258b11e33c02266bfe834b20bcb118700772796ee4704ec67651bd447e3011959a79a04cb":1 - -PSA storage read: type: ECC_PUBLIC_KEY(SECT_R1) 233-bit -depends_on:PSA_WANT_ECC_SECT_R1_233:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY -key_storage_read:0x0001:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECT_R1):233:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"0400cd68c8af4430c92ec7a7048becfdf00a6bae8d1b4c37286f2d336f2a0e017eca3748f4ad6d435c85867aa014eea1bd6d9d005bbd8319cab629001d":"505341004b45590000000000010000002241e9000100000000000000000000003d0000000400cd68c8af4430c92ec7a7048becfdf00a6bae8d1b4c37286f2d336f2a0e017eca3748f4ad6d435c85867aa014eea1bd6d9d005bbd8319cab629001d":1 - -PSA storage read: type: ECC_PUBLIC_KEY(SECT_R1) 283-bit -depends_on:PSA_WANT_ECC_SECT_R1_283:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY -key_storage_read:0x0001:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECT_R1):283:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"04052f9ff887254c2d1440ba9e30f13e2185ba53c373b2c410dae21cf8c167f796c08134f601cbc4c570bffbc2433082cf4d9eb5ba173ecb8caec15d66a02673f60807b2daa729b765":"505341004b455900000000000100000022411b010100000000000000000000004900000004052f9ff887254c2d1440ba9e30f13e2185ba53c373b2c410dae21cf8c167f796c08134f601cbc4c570bffbc2433082cf4d9eb5ba173ecb8caec15d66a02673f60807b2daa729b765":1 - -PSA storage read: type: ECC_PUBLIC_KEY(SECT_R1) 409-bit -depends_on:PSA_WANT_ECC_SECT_R1_409:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY -key_storage_read:0x0001:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECT_R1):409:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"0401aa25466b1d291846db365957b25431591e50d9c109fe2106e93bb369775896925b15a7bfec397406ab4fe6f6b1a13bf8fdcb9300fa5500a813228676b0a6c572ed96b0f4aec7e87832e7e20f17ca98ecdfd36f59c82bddb8665f1f357a73900e827885ec9e1f22":"505341004b455900000000000100000022419901010000000000000000000000690000000401aa25466b1d291846db365957b25431591e50d9c109fe2106e93bb369775896925b15a7bfec397406ab4fe6f6b1a13bf8fdcb9300fa5500a813228676b0a6c572ed96b0f4aec7e87832e7e20f17ca98ecdfd36f59c82bddb8665f1f357a73900e827885ec9e1f22":1 - -PSA storage read: type: ECC_PUBLIC_KEY(SECT_R1) 571-bit -depends_on:PSA_WANT_ECC_SECT_R1_571:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY -key_storage_read:0x0001:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECT_R1):571:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"040708f3403ee9948114855c17572152a08f8054d486defef5f29cbffcfb7cfd9280746a1ac5f751a6ad902ec1e0525120e9be56f03437af196fbe60ee7856e3542ab2cf87880632d80290e39b1a2bd03c6bbf6225511c567bd2ff41d2325dc58346f2b60b1feee4dc8b2af2296c2dc52b153e0556b5d24152b07f690c3fa24e4d1d19efbdeb1037833a733654d2366c74":"505341004b455900000000000100000022413b0201000000000000000000000091000000040708f3403ee9948114855c17572152a08f8054d486defef5f29cbffcfb7cfd9280746a1ac5f751a6ad902ec1e0525120e9be56f03437af196fbe60ee7856e3542ab2cf87880632d80290e39b1a2bd03c6bbf6225511c567bd2ff41d2325dc58346f2b60b1feee4dc8b2af2296c2dc52b153e0556b5d24152b07f690c3fa24e4d1d19efbdeb1037833a733654d2366c74":1 - -PSA storage read: type: ECC_PUBLIC_KEY(SECT_R2) 163-bit -depends_on:PSA_WANT_ECC_SECT_R2_163:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY -key_storage_read:0x0001:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECT_R2):163:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"0403692601144c32a6cfa369ae20ae5d43c1c764678c037bafe80c6fd2e42b7ced96171d9c5367fd3dca6f":"505341004b45590000000000010000002b41a3000100000000000000000000002b0000000403692601144c32a6cfa369ae20ae5d43c1c764678c037bafe80c6fd2e42b7ced96171d9c5367fd3dca6f":1 - -PSA storage read: type: ECC_PUBLIC_KEY(TWISTED_EDWARDS) 255-bit -depends_on:PSA_WANT_ECC_TWISTED_EDWARDS_255:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY -key_storage_read:0x0001:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_TWISTED_EDWARDS):255:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"d75a980182b10ab7d54bfed3c964073a0ee172f3daa62325af021a68f707511a":"505341004b45590000000000010000004241ff0001000000000000000000000020000000d75a980182b10ab7d54bfed3c964073a0ee172f3daa62325af021a68f707511a":1 - -PSA storage read: type: ECC_PUBLIC_KEY(TWISTED_EDWARDS) 448-bit -depends_on:PSA_WANT_ECC_TWISTED_EDWARDS_448:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY -key_storage_read:0x0001:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_TWISTED_EDWARDS):448:PSA_KEY_USAGE_EXPORT:0x0000:0x0000:"5fd7449b59b461fd2ce787ec616ad46a1da1342485a70e1f8a0ea75d80e96778edf124769b46c7061bd6783df1e50f6cd1fa1abeafe8256180":"505341004b45590000000000010000004241c001010000000000000000000000390000005fd7449b59b461fd2ce787ec616ad46a1da1342485a70e1f8a0ea75d80e96778edf124769b46c7061bd6783df1e50f6cd1fa1abeafe8256180":1 - -PSA storage read: alg: PSA_ALG_ANY_HASH -depends_on:PSA_WANT_ALG_ANY_HASH:PSA_WANT_KEY_TYPE_RAW_DATA -key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_ANY_HASH:0x0000:"4b":"505341004b45590000000000010000000110080001000000ff00000200000000010000004b":0 - -PSA storage read: alg2: PSA_ALG_ANY_HASH -depends_on:PSA_WANT_ALG_ANY_HASH:PSA_WANT_KEY_TYPE_RAW_DATA -key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_ANY_HASH:"4c":"505341004b4559000000000001000000011008000100000000000000ff000002010000004c":0 - -PSA storage read: alg: PSA_ALG_CBC_MAC -depends_on:PSA_WANT_ALG_CBC_MAC:PSA_WANT_KEY_TYPE_RAW_DATA -key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_CBC_MAC:0x0000:"4b":"505341004b455900000000000100000001100800010000000001c00300000000010000004b":0 - -PSA storage read: alg2: PSA_ALG_CBC_MAC -depends_on:PSA_WANT_ALG_CBC_MAC:PSA_WANT_KEY_TYPE_RAW_DATA -key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_CBC_MAC:"4c":"505341004b45590000000000010000000110080001000000000000000001c003010000004c":0 - -PSA storage read: alg: PSA_ALG_CBC_NO_PADDING -depends_on:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_KEY_TYPE_RAW_DATA -key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_CBC_NO_PADDING:0x0000:"4b":"505341004b455900000000000100000001100800010000000040400400000000010000004b":0 - -PSA storage read: alg2: PSA_ALG_CBC_NO_PADDING -depends_on:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_KEY_TYPE_RAW_DATA -key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_CBC_NO_PADDING:"4c":"505341004b455900000000000100000001100800010000000000000000404004010000004c":0 - -PSA storage read: alg: PSA_ALG_CBC_PKCS7 -depends_on:PSA_WANT_ALG_CBC_PKCS7:PSA_WANT_KEY_TYPE_RAW_DATA -key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_CBC_PKCS7:0x0000:"4b":"505341004b455900000000000100000001100800010000000041400400000000010000004b":0 - -PSA storage read: alg2: PSA_ALG_CBC_PKCS7 -depends_on:PSA_WANT_ALG_CBC_PKCS7:PSA_WANT_KEY_TYPE_RAW_DATA -key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_CBC_PKCS7:"4c":"505341004b455900000000000100000001100800010000000000000000414004010000004c":0 - -PSA storage read: alg: PSA_ALG_CCM -depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_RAW_DATA -key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_CCM:0x0000:"4b":"505341004b455900000000000100000001100800010000000001500500000000010000004b":0 - -PSA storage read: alg2: PSA_ALG_CCM -depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_RAW_DATA -key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_CCM:"4c":"505341004b455900000000000100000001100800010000000000000000015005010000004c":0 - -PSA storage read: alg: PSA_ALG_CFB -depends_on:PSA_WANT_ALG_CFB:PSA_WANT_KEY_TYPE_RAW_DATA -key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_CFB:0x0000:"4b":"505341004b455900000000000100000001100800010000000011c00400000000010000004b":0 - -PSA storage read: alg2: PSA_ALG_CFB -depends_on:PSA_WANT_ALG_CFB:PSA_WANT_KEY_TYPE_RAW_DATA -key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_CFB:"4c":"505341004b45590000000000010000000110080001000000000000000011c004010000004c":0 - -PSA storage read: alg: PSA_ALG_CHACHA20_POLY1305 -depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_RAW_DATA -key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_CHACHA20_POLY1305:0x0000:"4b":"505341004b455900000000000100000001100800010000000005100500000000010000004b":0 - -PSA storage read: alg2: PSA_ALG_CHACHA20_POLY1305 -depends_on:PSA_WANT_ALG_CHACHA20_POLY1305:PSA_WANT_KEY_TYPE_RAW_DATA -key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_CHACHA20_POLY1305:"4c":"505341004b455900000000000100000001100800010000000000000000051005010000004c":0 - -PSA storage read: alg: PSA_ALG_CMAC -depends_on:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_RAW_DATA -key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_CMAC:0x0000:"4b":"505341004b455900000000000100000001100800010000000002c00300000000010000004b":0 - -PSA storage read: alg2: PSA_ALG_CMAC -depends_on:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_RAW_DATA -key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_CMAC:"4c":"505341004b45590000000000010000000110080001000000000000000002c003010000004c":0 - -PSA storage read: alg: PSA_ALG_CTR -depends_on:PSA_WANT_ALG_CTR:PSA_WANT_KEY_TYPE_RAW_DATA -key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_CTR:0x0000:"4b":"505341004b455900000000000100000001100800010000000010c00400000000010000004b":0 - -PSA storage read: alg2: PSA_ALG_CTR -depends_on:PSA_WANT_ALG_CTR:PSA_WANT_KEY_TYPE_RAW_DATA -key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_CTR:"4c":"505341004b45590000000000010000000110080001000000000000000010c004010000004c":0 - -PSA storage read: alg: PSA_ALG_ECB_NO_PADDING -depends_on:PSA_WANT_ALG_ECB_NO_PADDING:PSA_WANT_KEY_TYPE_RAW_DATA -key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_ECB_NO_PADDING:0x0000:"4b":"505341004b455900000000000100000001100800010000000044400400000000010000004b":0 - -PSA storage read: alg2: PSA_ALG_ECB_NO_PADDING -depends_on:PSA_WANT_ALG_ECB_NO_PADDING:PSA_WANT_KEY_TYPE_RAW_DATA -key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_ECB_NO_PADDING:"4c":"505341004b455900000000000100000001100800010000000000000000444004010000004c":0 - -PSA storage read: alg: PSA_ALG_ECDH -depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_KEY_TYPE_RAW_DATA -key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_ECDH:0x0000:"4b":"505341004b455900000000000100000001100800010000000000020900000000010000004b":0 - -PSA storage read: alg2: PSA_ALG_ECDH -depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_KEY_TYPE_RAW_DATA -key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_ECDH:"4c":"505341004b455900000000000100000001100800010000000000000000000209010000004c":0 - -PSA storage read: alg: PSA_ALG_ECDSA_ANY -depends_on:PSA_WANT_ALG_ECDSA_ANY:PSA_WANT_KEY_TYPE_RAW_DATA -key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_ECDSA_ANY:0x0000:"4b":"505341004b455900000000000100000001100800010000000006000600000000010000004b":0 - -PSA storage read: alg2: PSA_ALG_ECDSA_ANY -depends_on:PSA_WANT_ALG_ECDSA_ANY:PSA_WANT_KEY_TYPE_RAW_DATA -key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_ECDSA_ANY:"4c":"505341004b455900000000000100000001100800010000000000000000060006010000004c":0 - -PSA storage read: alg: PSA_ALG_ED25519PH -depends_on:PSA_WANT_ALG_ED25519PH:PSA_WANT_KEY_TYPE_RAW_DATA -key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_ED25519PH:0x0000:"4b":"505341004b455900000000000100000001100800010000000b09000600000000010000004b":0 - -PSA storage read: alg2: PSA_ALG_ED25519PH -depends_on:PSA_WANT_ALG_ED25519PH:PSA_WANT_KEY_TYPE_RAW_DATA -key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_ED25519PH:"4c":"505341004b45590000000000010000000110080001000000000000000b090006010000004c":0 - -PSA storage read: alg: PSA_ALG_ED448PH -depends_on:PSA_WANT_ALG_ED448PH:PSA_WANT_KEY_TYPE_RAW_DATA -key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_ED448PH:0x0000:"4b":"505341004b455900000000000100000001100800010000001509000600000000010000004b":0 - -PSA storage read: alg2: PSA_ALG_ED448PH -depends_on:PSA_WANT_ALG_ED448PH:PSA_WANT_KEY_TYPE_RAW_DATA -key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_ED448PH:"4c":"505341004b455900000000000100000001100800010000000000000015090006010000004c":0 - -PSA storage read: alg: PSA_ALG_FFDH -depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_RAW_DATA -key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_FFDH:0x0000:"4b":"505341004b455900000000000100000001100800010000000000010900000000010000004b":0 - -PSA storage read: alg2: PSA_ALG_FFDH -depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_RAW_DATA -key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_FFDH:"4c":"505341004b455900000000000100000001100800010000000000000000000109010000004c":0 - -PSA storage read: alg: PSA_ALG_GCM -depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_RAW_DATA -key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_GCM:0x0000:"4b":"505341004b455900000000000100000001100800010000000002500500000000010000004b":0 - -PSA storage read: alg2: PSA_ALG_GCM -depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_RAW_DATA -key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_GCM:"4c":"505341004b455900000000000100000001100800010000000000000000025005010000004c":0 - -PSA storage read: alg: PSA_ALG_MD2 -depends_on:PSA_WANT_ALG_MD2:PSA_WANT_KEY_TYPE_RAW_DATA -key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_MD2:0x0000:"4b":"505341004b455900000000000100000001100800010000000100000200000000010000004b":0 - -PSA storage read: alg2: PSA_ALG_MD2 -depends_on:PSA_WANT_ALG_MD2:PSA_WANT_KEY_TYPE_RAW_DATA -key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_MD2:"4c":"505341004b455900000000000100000001100800010000000000000001000002010000004c":0 - -PSA storage read: alg: PSA_ALG_MD4 -depends_on:PSA_WANT_ALG_MD4:PSA_WANT_KEY_TYPE_RAW_DATA -key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_MD4:0x0000:"4b":"505341004b455900000000000100000001100800010000000200000200000000010000004b":0 - -PSA storage read: alg2: PSA_ALG_MD4 -depends_on:PSA_WANT_ALG_MD4:PSA_WANT_KEY_TYPE_RAW_DATA -key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_MD4:"4c":"505341004b455900000000000100000001100800010000000000000002000002010000004c":0 - -PSA storage read: alg: PSA_ALG_MD5 -depends_on:PSA_WANT_ALG_MD5:PSA_WANT_KEY_TYPE_RAW_DATA -key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_MD5:0x0000:"4b":"505341004b455900000000000100000001100800010000000300000200000000010000004b":0 - -PSA storage read: alg2: PSA_ALG_MD5 -depends_on:PSA_WANT_ALG_MD5:PSA_WANT_KEY_TYPE_RAW_DATA -key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_MD5:"4c":"505341004b455900000000000100000001100800010000000000000003000002010000004c":0 - -PSA storage read: alg: PSA_ALG_OFB -depends_on:PSA_WANT_ALG_OFB:PSA_WANT_KEY_TYPE_RAW_DATA -key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_OFB:0x0000:"4b":"505341004b455900000000000100000001100800010000000012c00400000000010000004b":0 - -PSA storage read: alg2: PSA_ALG_OFB -depends_on:PSA_WANT_ALG_OFB:PSA_WANT_KEY_TYPE_RAW_DATA -key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_OFB:"4c":"505341004b45590000000000010000000110080001000000000000000012c004010000004c":0 - -PSA storage read: alg: PSA_ALG_PBKDF2_AES_CMAC_PRF_128 -depends_on:PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_WANT_KEY_TYPE_RAW_DATA -key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_PBKDF2_AES_CMAC_PRF_128:0x0000:"4b":"505341004b455900000000000100000001100800010000000002800800000000010000004b":0 - -PSA storage read: alg2: PSA_ALG_PBKDF2_AES_CMAC_PRF_128 -depends_on:PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_WANT_KEY_TYPE_RAW_DATA -key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_PBKDF2_AES_CMAC_PRF_128:"4c":"505341004b455900000000000100000001100800010000000000000000028008010000004c":0 - -PSA storage read: alg: PSA_ALG_PURE_EDDSA -depends_on:PSA_WANT_ALG_PURE_EDDSA:PSA_WANT_KEY_TYPE_RAW_DATA -key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_PURE_EDDSA:0x0000:"4b":"505341004b455900000000000100000001100800010000000008000600000000010000004b":0 - -PSA storage read: alg2: PSA_ALG_PURE_EDDSA -depends_on:PSA_WANT_ALG_PURE_EDDSA:PSA_WANT_KEY_TYPE_RAW_DATA -key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_PURE_EDDSA:"4c":"505341004b455900000000000100000001100800010000000000000000080006010000004c":0 - -PSA storage read: alg: PSA_ALG_RIPEMD160 -depends_on:PSA_WANT_ALG_RIPEMD160:PSA_WANT_KEY_TYPE_RAW_DATA -key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_RIPEMD160:0x0000:"4b":"505341004b455900000000000100000001100800010000000400000200000000010000004b":0 - -PSA storage read: alg2: PSA_ALG_RIPEMD160 -depends_on:PSA_WANT_ALG_RIPEMD160:PSA_WANT_KEY_TYPE_RAW_DATA -key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_RIPEMD160:"4c":"505341004b455900000000000100000001100800010000000000000004000002010000004c":0 - -PSA storage read: alg: PSA_ALG_RSA_PKCS1V15_CRYPT -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_CRYPT:PSA_WANT_KEY_TYPE_RAW_DATA -key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_CRYPT:0x0000:"4b":"505341004b455900000000000100000001100800010000000002000700000000010000004b":0 - -PSA storage read: alg2: PSA_ALG_RSA_PKCS1V15_CRYPT -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_CRYPT:PSA_WANT_KEY_TYPE_RAW_DATA -key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_RSA_PKCS1V15_CRYPT:"4c":"505341004b455900000000000100000001100800010000000000000000020007010000004c":0 - -PSA storage read: alg: PSA_ALG_RSA_PKCS1V15_SIGN_RAW -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_WANT_KEY_TYPE_RAW_DATA -key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:0x0000:"4b":"505341004b455900000000000100000001100800010000000002000600000000010000004b":0 - -PSA storage read: alg2: PSA_ALG_RSA_PKCS1V15_SIGN_RAW -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_WANT_KEY_TYPE_RAW_DATA -key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:"4c":"505341004b455900000000000100000001100800010000000000000000020006010000004c":0 - -PSA storage read: alg: PSA_ALG_SHA3_224 -depends_on:PSA_WANT_ALG_SHA3_224:PSA_WANT_KEY_TYPE_RAW_DATA -key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_SHA3_224:0x0000:"4b":"505341004b455900000000000100000001100800010000001000000200000000010000004b":0 - -PSA storage read: alg2: PSA_ALG_SHA3_224 -depends_on:PSA_WANT_ALG_SHA3_224:PSA_WANT_KEY_TYPE_RAW_DATA -key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_SHA3_224:"4c":"505341004b455900000000000100000001100800010000000000000010000002010000004c":0 - -PSA storage read: alg: PSA_ALG_SHA3_256 -depends_on:PSA_WANT_ALG_SHA3_256:PSA_WANT_KEY_TYPE_RAW_DATA -key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_SHA3_256:0x0000:"4b":"505341004b455900000000000100000001100800010000001100000200000000010000004b":0 - -PSA storage read: alg2: PSA_ALG_SHA3_256 -depends_on:PSA_WANT_ALG_SHA3_256:PSA_WANT_KEY_TYPE_RAW_DATA -key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_SHA3_256:"4c":"505341004b455900000000000100000001100800010000000000000011000002010000004c":0 - -PSA storage read: alg: PSA_ALG_SHA3_384 -depends_on:PSA_WANT_ALG_SHA3_384:PSA_WANT_KEY_TYPE_RAW_DATA -key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_SHA3_384:0x0000:"4b":"505341004b455900000000000100000001100800010000001200000200000000010000004b":0 - -PSA storage read: alg2: PSA_ALG_SHA3_384 -depends_on:PSA_WANT_ALG_SHA3_384:PSA_WANT_KEY_TYPE_RAW_DATA -key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_SHA3_384:"4c":"505341004b455900000000000100000001100800010000000000000012000002010000004c":0 - -PSA storage read: alg: PSA_ALG_SHA3_512 -depends_on:PSA_WANT_ALG_SHA3_512:PSA_WANT_KEY_TYPE_RAW_DATA -key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_SHA3_512:0x0000:"4b":"505341004b455900000000000100000001100800010000001300000200000000010000004b":0 - -PSA storage read: alg2: PSA_ALG_SHA3_512 -depends_on:PSA_WANT_ALG_SHA3_512:PSA_WANT_KEY_TYPE_RAW_DATA -key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_SHA3_512:"4c":"505341004b455900000000000100000001100800010000000000000013000002010000004c":0 - -PSA storage read: alg: PSA_ALG_SHAKE256_512 -depends_on:PSA_WANT_ALG_SHAKE256_512:PSA_WANT_KEY_TYPE_RAW_DATA -key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_SHAKE256_512:0x0000:"4b":"505341004b455900000000000100000001100800010000001500000200000000010000004b":0 - -PSA storage read: alg2: PSA_ALG_SHAKE256_512 -depends_on:PSA_WANT_ALG_SHAKE256_512:PSA_WANT_KEY_TYPE_RAW_DATA -key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_SHAKE256_512:"4c":"505341004b455900000000000100000001100800010000000000000015000002010000004c":0 - -PSA storage read: alg: PSA_ALG_SHA_1 -depends_on:PSA_WANT_ALG_SHA_1:PSA_WANT_KEY_TYPE_RAW_DATA -key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_SHA_1:0x0000:"4b":"505341004b455900000000000100000001100800010000000500000200000000010000004b":0 - -PSA storage read: alg2: PSA_ALG_SHA_1 -depends_on:PSA_WANT_ALG_SHA_1:PSA_WANT_KEY_TYPE_RAW_DATA -key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_SHA_1:"4c":"505341004b455900000000000100000001100800010000000000000005000002010000004c":0 - -PSA storage read: alg: PSA_ALG_SHA_224 -depends_on:PSA_WANT_ALG_SHA_224:PSA_WANT_KEY_TYPE_RAW_DATA -key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_SHA_224:0x0000:"4b":"505341004b455900000000000100000001100800010000000800000200000000010000004b":0 - -PSA storage read: alg2: PSA_ALG_SHA_224 -depends_on:PSA_WANT_ALG_SHA_224:PSA_WANT_KEY_TYPE_RAW_DATA -key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_SHA_224:"4c":"505341004b455900000000000100000001100800010000000000000008000002010000004c":0 - -PSA storage read: alg: PSA_ALG_SHA_256 -depends_on:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RAW_DATA -key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_SHA_256:0x0000:"4b":"505341004b455900000000000100000001100800010000000900000200000000010000004b":0 - -PSA storage read: alg2: PSA_ALG_SHA_256 -depends_on:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RAW_DATA -key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_SHA_256:"4c":"505341004b455900000000000100000001100800010000000000000009000002010000004c":0 - -PSA storage read: alg: PSA_ALG_SHA_384 -depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_RAW_DATA -key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_SHA_384:0x0000:"4b":"505341004b455900000000000100000001100800010000000a00000200000000010000004b":0 - -PSA storage read: alg2: PSA_ALG_SHA_384 -depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_RAW_DATA -key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_SHA_384:"4c":"505341004b45590000000000010000000110080001000000000000000a000002010000004c":0 - -PSA storage read: alg: PSA_ALG_SHA_512 -depends_on:PSA_WANT_ALG_SHA_512:PSA_WANT_KEY_TYPE_RAW_DATA -key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_SHA_512:0x0000:"4b":"505341004b455900000000000100000001100800010000000b00000200000000010000004b":0 - -PSA storage read: alg2: PSA_ALG_SHA_512 -depends_on:PSA_WANT_ALG_SHA_512:PSA_WANT_KEY_TYPE_RAW_DATA -key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_SHA_512:"4c":"505341004b45590000000000010000000110080001000000000000000b000002010000004c":0 - -PSA storage read: alg: PSA_ALG_SHA_512_224 -depends_on:PSA_WANT_ALG_SHA_512_224:PSA_WANT_KEY_TYPE_RAW_DATA -key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_SHA_512_224:0x0000:"4b":"505341004b455900000000000100000001100800010000000c00000200000000010000004b":0 - -PSA storage read: alg2: PSA_ALG_SHA_512_224 -depends_on:PSA_WANT_ALG_SHA_512_224:PSA_WANT_KEY_TYPE_RAW_DATA -key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_SHA_512_224:"4c":"505341004b45590000000000010000000110080001000000000000000c000002010000004c":0 - -PSA storage read: alg: PSA_ALG_SHA_512_256 -depends_on:PSA_WANT_ALG_SHA_512_256:PSA_WANT_KEY_TYPE_RAW_DATA -key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_SHA_512_256:0x0000:"4b":"505341004b455900000000000100000001100800010000000d00000200000000010000004b":0 - -PSA storage read: alg2: PSA_ALG_SHA_512_256 -depends_on:PSA_WANT_ALG_SHA_512_256:PSA_WANT_KEY_TYPE_RAW_DATA -key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_SHA_512_256:"4c":"505341004b45590000000000010000000110080001000000000000000d000002010000004c":0 - -PSA storage read: alg: PSA_ALG_STREAM_CIPHER -depends_on:PSA_WANT_ALG_STREAM_CIPHER:PSA_WANT_KEY_TYPE_RAW_DATA -key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_STREAM_CIPHER:0x0000:"4b":"505341004b455900000000000100000001100800010000000001800400000000010000004b":0 - -PSA storage read: alg2: PSA_ALG_STREAM_CIPHER -depends_on:PSA_WANT_ALG_STREAM_CIPHER:PSA_WANT_KEY_TYPE_RAW_DATA -key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_STREAM_CIPHER:"4c":"505341004b455900000000000100000001100800010000000000000000018004010000004c":0 - -PSA storage read: alg: PSA_ALG_XTS -depends_on:PSA_WANT_ALG_XTS:PSA_WANT_KEY_TYPE_RAW_DATA -key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:PSA_ALG_XTS:0x0000:"4b":"505341004b4559000000000001000000011008000100000000ff400400000000010000004b":0 - -PSA storage read: alg2: PSA_ALG_XTS -depends_on:PSA_WANT_ALG_XTS:PSA_WANT_KEY_TYPE_RAW_DATA -key_storage_read:0x0001:PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0x0000:PSA_ALG_XTS:"4c":"505341004b455900000000000100000001100800010000000000000000ff4004010000004c":0 - -# End of automatically generated file. diff --git a/visualc/VS2010/benchmark.vcxproj b/visualc/VS2010/benchmark.vcxproj deleted file mode 100644 index 0be32fc5aa..0000000000 --- a/visualc/VS2010/benchmark.vcxproj +++ /dev/null @@ -1,167 +0,0 @@ - - - - - Debug - Win32 - - - Debug - x64 - - - Release - Win32 - - - Release - x64 - - - - - - - - {46cf2d25-6a36-4189-b59c-e4815388e554} - true - - - - {90EFD9A4-C6B0-3EE8-1F06-0A0E0D55AEDA} - Win32Proj - benchmark - - - - Application - true - Unicode - - - Application - true - Unicode - - - Application - false - true - Unicode - - - Application - false - true - Unicode - - - - - - - - - - - - - - - - - - - true - $(Configuration)\$(TargetName)\ - - - true - $(Configuration)\$(TargetName)\ - - - false - $(Configuration)\$(TargetName)\ - - - false - $(Configuration)\$(TargetName)\ - - - - Level3 - Disabled - %(PreprocessorDefinitions) - -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include - - - Console - true - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) - Debug - - - false - - - - - Level3 - Disabled - %(PreprocessorDefinitions) - -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include - - - Console - true - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) - Debug - - - false - - - - - Level3 - MaxSpeed - true - true - NDEBUG;%(PreprocessorDefinitions) - -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include - - - Console - true - true - true - Release - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) - - - - - Level3 - MaxSpeed - true - true - NDEBUG;%(PreprocessorDefinitions) - -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include - - - Console - true - true - true - Release - %(AdditionalDependencies); - - - - - - diff --git a/visualc/VS2010/cert_app.vcxproj b/visualc/VS2010/cert_app.vcxproj deleted file mode 100644 index 3fbcb52a52..0000000000 --- a/visualc/VS2010/cert_app.vcxproj +++ /dev/null @@ -1,167 +0,0 @@ - - - - - Debug - Win32 - - - Debug - x64 - - - Release - Win32 - - - Release - x64 - - - - - - - - {46cf2d25-6a36-4189-b59c-e4815388e554} - true - - - - {D4D691D4-137C-CBFA-735B-D46636D7E4D8} - Win32Proj - cert_app - - - - Application - true - Unicode - - - Application - true - Unicode - - - Application - false - true - Unicode - - - Application - false - true - Unicode - - - - - - - - - - - - - - - - - - - true - $(Configuration)\$(TargetName)\ - - - true - $(Configuration)\$(TargetName)\ - - - false - $(Configuration)\$(TargetName)\ - - - false - $(Configuration)\$(TargetName)\ - - - - Level3 - Disabled - %(PreprocessorDefinitions) - -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include - - - Console - true - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) - Debug - - - false - - - - - Level3 - Disabled - %(PreprocessorDefinitions) - -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include - - - Console - true - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) - Debug - - - false - - - - - Level3 - MaxSpeed - true - true - NDEBUG;%(PreprocessorDefinitions) - -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include - - - Console - true - true - true - Release - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) - - - - - Level3 - MaxSpeed - true - true - NDEBUG;%(PreprocessorDefinitions) - -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include - - - Console - true - true - true - Release - %(AdditionalDependencies); - - - - - - diff --git a/visualc/VS2010/cert_req.vcxproj b/visualc/VS2010/cert_req.vcxproj deleted file mode 100644 index 41fdf31a3b..0000000000 --- a/visualc/VS2010/cert_req.vcxproj +++ /dev/null @@ -1,167 +0,0 @@ - - - - - Debug - Win32 - - - Debug - x64 - - - Release - Win32 - - - Release - x64 - - - - - - - - {46cf2d25-6a36-4189-b59c-e4815388e554} - true - - - - {C9E2AB15-8AEF-DD48-60C3-557ECC5215BE} - Win32Proj - cert_req - - - - Application - true - Unicode - - - Application - true - Unicode - - - Application - false - true - Unicode - - - Application - false - true - Unicode - - - - - - - - - - - - - - - - - - - true - $(Configuration)\$(TargetName)\ - - - true - $(Configuration)\$(TargetName)\ - - - false - $(Configuration)\$(TargetName)\ - - - false - $(Configuration)\$(TargetName)\ - - - - Level3 - Disabled - %(PreprocessorDefinitions) - -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include - - - Console - true - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) - Debug - - - false - - - - - Level3 - Disabled - %(PreprocessorDefinitions) - -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include - - - Console - true - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) - Debug - - - false - - - - - Level3 - MaxSpeed - true - true - NDEBUG;%(PreprocessorDefinitions) - -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include - - - Console - true - true - true - Release - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) - - - - - Level3 - MaxSpeed - true - true - NDEBUG;%(PreprocessorDefinitions) - -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include - - - Console - true - true - true - Release - %(AdditionalDependencies); - - - - - - diff --git a/visualc/VS2010/cert_write.vcxproj b/visualc/VS2010/cert_write.vcxproj deleted file mode 100644 index f1f93ea371..0000000000 --- a/visualc/VS2010/cert_write.vcxproj +++ /dev/null @@ -1,167 +0,0 @@ - - - - - Debug - Win32 - - - Debug - x64 - - - Release - Win32 - - - Release - x64 - - - - - - - - {46cf2d25-6a36-4189-b59c-e4815388e554} - true - - - - {35E52E46-3BA9-4361-41D3-53663C2E9B8A} - Win32Proj - cert_write - - - - Application - true - Unicode - - - Application - true - Unicode - - - Application - false - true - Unicode - - - Application - false - true - Unicode - - - - - - - - - - - - - - - - - - - true - $(Configuration)\$(TargetName)\ - - - true - $(Configuration)\$(TargetName)\ - - - false - $(Configuration)\$(TargetName)\ - - - false - $(Configuration)\$(TargetName)\ - - - - Level3 - Disabled - %(PreprocessorDefinitions) - -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include - - - Console - true - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) - Debug - - - false - - - - - Level3 - Disabled - %(PreprocessorDefinitions) - -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include - - - Console - true - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) - Debug - - - false - - - - - Level3 - MaxSpeed - true - true - NDEBUG;%(PreprocessorDefinitions) - -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include - - - Console - true - true - true - Release - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) - - - - - Level3 - MaxSpeed - true - true - NDEBUG;%(PreprocessorDefinitions) - -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include - - - Console - true - true - true - Release - %(AdditionalDependencies); - - - - - - diff --git a/visualc/VS2010/crl_app.vcxproj b/visualc/VS2010/crl_app.vcxproj deleted file mode 100644 index 4b8b2168f4..0000000000 --- a/visualc/VS2010/crl_app.vcxproj +++ /dev/null @@ -1,167 +0,0 @@ - - - - - Debug - Win32 - - - Debug - x64 - - - Release - Win32 - - - Release - x64 - - - - - - - - {46cf2d25-6a36-4189-b59c-e4815388e554} - true - - - - {DB904B85-AD31-B7FB-114F-88760CC485F2} - Win32Proj - crl_app - - - - Application - true - Unicode - - - Application - true - Unicode - - - Application - false - true - Unicode - - - Application - false - true - Unicode - - - - - - - - - - - - - - - - - - - true - $(Configuration)\$(TargetName)\ - - - true - $(Configuration)\$(TargetName)\ - - - false - $(Configuration)\$(TargetName)\ - - - false - $(Configuration)\$(TargetName)\ - - - - Level3 - Disabled - %(PreprocessorDefinitions) - -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include - - - Console - true - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) - Debug - - - false - - - - - Level3 - Disabled - %(PreprocessorDefinitions) - -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include - - - Console - true - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) - Debug - - - false - - - - - Level3 - MaxSpeed - true - true - NDEBUG;%(PreprocessorDefinitions) - -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include - - - Console - true - true - true - Release - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) - - - - - Level3 - MaxSpeed - true - true - NDEBUG;%(PreprocessorDefinitions) - -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include - - - Console - true - true - true - Release - %(AdditionalDependencies); - - - - - - diff --git a/visualc/VS2010/crypt_and_hash.vcxproj b/visualc/VS2010/crypt_and_hash.vcxproj deleted file mode 100644 index 885935bdff..0000000000 --- a/visualc/VS2010/crypt_and_hash.vcxproj +++ /dev/null @@ -1,167 +0,0 @@ - - - - - Debug - Win32 - - - Debug - x64 - - - Release - Win32 - - - Release - x64 - - - - - - - - {46cf2d25-6a36-4189-b59c-e4815388e554} - true - - - - {5DBB9FC3-6FD6-CA8D-E0FA-35F1E75EFAE7} - Win32Proj - crypt_and_hash - - - - Application - true - Unicode - - - Application - true - Unicode - - - Application - false - true - Unicode - - - Application - false - true - Unicode - - - - - - - - - - - - - - - - - - - true - $(Configuration)\$(TargetName)\ - - - true - $(Configuration)\$(TargetName)\ - - - false - $(Configuration)\$(TargetName)\ - - - false - $(Configuration)\$(TargetName)\ - - - - Level3 - Disabled - %(PreprocessorDefinitions) - -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include - - - Console - true - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) - Debug - - - false - - - - - Level3 - Disabled - %(PreprocessorDefinitions) - -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include - - - Console - true - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) - Debug - - - false - - - - - Level3 - MaxSpeed - true - true - NDEBUG;%(PreprocessorDefinitions) - -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include - - - Console - true - true - true - Release - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) - - - - - Level3 - MaxSpeed - true - true - NDEBUG;%(PreprocessorDefinitions) - -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include - - - Console - true - true - true - Release - %(AdditionalDependencies); - - - - - - diff --git a/visualc/VS2010/crypto_examples.vcxproj b/visualc/VS2010/crypto_examples.vcxproj deleted file mode 100644 index 3899f0ec32..0000000000 --- a/visualc/VS2010/crypto_examples.vcxproj +++ /dev/null @@ -1,167 +0,0 @@ - - - - - Debug - Win32 - - - Debug - x64 - - - Release - Win32 - - - Release - x64 - - - - - - - - {46cf2d25-6a36-4189-b59c-e4815388e554} - true - - - - {020C31BD-C4DF-BABA-E537-F517C4E98537} - Win32Proj - crypto_examples - - - - Application - true - Unicode - - - Application - true - Unicode - - - Application - false - true - Unicode - - - Application - false - true - Unicode - - - - - - - - - - - - - - - - - - - true - $(Configuration)\$(TargetName)\ - - - true - $(Configuration)\$(TargetName)\ - - - false - $(Configuration)\$(TargetName)\ - - - false - $(Configuration)\$(TargetName)\ - - - - Level3 - Disabled - %(PreprocessorDefinitions) - -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include - - - Console - true - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) - Debug - - - false - - - - - Level3 - Disabled - %(PreprocessorDefinitions) - -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include - - - Console - true - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) - Debug - - - false - - - - - Level3 - MaxSpeed - true - true - NDEBUG;%(PreprocessorDefinitions) - -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include - - - Console - true - true - true - Release - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) - - - - - Level3 - MaxSpeed - true - true - NDEBUG;%(PreprocessorDefinitions) - -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include - - - Console - true - true - true - Release - %(AdditionalDependencies); - - - - - - diff --git a/visualc/VS2010/dh_client.vcxproj b/visualc/VS2010/dh_client.vcxproj deleted file mode 100644 index 043ab1afc1..0000000000 --- a/visualc/VS2010/dh_client.vcxproj +++ /dev/null @@ -1,167 +0,0 @@ - - - - - Debug - Win32 - - - Debug - x64 - - - Release - Win32 - - - Release - x64 - - - - - - - - {46cf2d25-6a36-4189-b59c-e4815388e554} - true - - - - {4D29BE4A-979C-C5AE-44B5-30FB37D8D4EE} - Win32Proj - dh_client - - - - Application - true - Unicode - - - Application - true - Unicode - - - Application - false - true - Unicode - - - Application - false - true - Unicode - - - - - - - - - - - - - - - - - - - true - $(Configuration)\$(TargetName)\ - - - true - $(Configuration)\$(TargetName)\ - - - false - $(Configuration)\$(TargetName)\ - - - false - $(Configuration)\$(TargetName)\ - - - - Level3 - Disabled - %(PreprocessorDefinitions) - -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include - - - Console - true - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) - Debug - - - false - - - - - Level3 - Disabled - %(PreprocessorDefinitions) - -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include - - - Console - true - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) - Debug - - - false - - - - - Level3 - MaxSpeed - true - true - NDEBUG;%(PreprocessorDefinitions) - -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include - - - Console - true - true - true - Release - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) - - - - - Level3 - MaxSpeed - true - true - NDEBUG;%(PreprocessorDefinitions) - -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include - - - Console - true - true - true - Release - %(AdditionalDependencies); - - - - - - diff --git a/visualc/VS2010/dh_genprime.vcxproj b/visualc/VS2010/dh_genprime.vcxproj deleted file mode 100644 index f0366cb248..0000000000 --- a/visualc/VS2010/dh_genprime.vcxproj +++ /dev/null @@ -1,167 +0,0 @@ - - - - - Debug - Win32 - - - Debug - x64 - - - Release - Win32 - - - Release - x64 - - - - - - - - {46cf2d25-6a36-4189-b59c-e4815388e554} - true - - - - {718960D9-5DA6-7B56-39AD-637E81076C71} - Win32Proj - dh_genprime - - - - Application - true - Unicode - - - Application - true - Unicode - - - Application - false - true - Unicode - - - Application - false - true - Unicode - - - - - - - - - - - - - - - - - - - true - $(Configuration)\$(TargetName)\ - - - true - $(Configuration)\$(TargetName)\ - - - false - $(Configuration)\$(TargetName)\ - - - false - $(Configuration)\$(TargetName)\ - - - - Level3 - Disabled - %(PreprocessorDefinitions) - -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include - - - Console - true - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) - Debug - - - false - - - - - Level3 - Disabled - %(PreprocessorDefinitions) - -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include - - - Console - true - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) - Debug - - - false - - - - - Level3 - MaxSpeed - true - true - NDEBUG;%(PreprocessorDefinitions) - -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include - - - Console - true - true - true - Release - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) - - - - - Level3 - MaxSpeed - true - true - NDEBUG;%(PreprocessorDefinitions) - -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include - - - Console - true - true - true - Release - %(AdditionalDependencies); - - - - - - diff --git a/visualc/VS2010/dh_server.vcxproj b/visualc/VS2010/dh_server.vcxproj deleted file mode 100644 index 5a986bc57c..0000000000 --- a/visualc/VS2010/dh_server.vcxproj +++ /dev/null @@ -1,167 +0,0 @@ - - - - - Debug - Win32 - - - Debug - x64 - - - Release - Win32 - - - Release - x64 - - - - - - - - {46cf2d25-6a36-4189-b59c-e4815388e554} - true - - - - {8D91B804-E2CE-142D-8E06-FBB037ED1F65} - Win32Proj - dh_server - - - - Application - true - Unicode - - - Application - true - Unicode - - - Application - false - true - Unicode - - - Application - false - true - Unicode - - - - - - - - - - - - - - - - - - - true - $(Configuration)\$(TargetName)\ - - - true - $(Configuration)\$(TargetName)\ - - - false - $(Configuration)\$(TargetName)\ - - - false - $(Configuration)\$(TargetName)\ - - - - Level3 - Disabled - %(PreprocessorDefinitions) - -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include - - - Console - true - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) - Debug - - - false - - - - - Level3 - Disabled - %(PreprocessorDefinitions) - -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include - - - Console - true - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) - Debug - - - false - - - - - Level3 - MaxSpeed - true - true - NDEBUG;%(PreprocessorDefinitions) - -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include - - - Console - true - true - true - Release - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) - - - - - Level3 - MaxSpeed - true - true - NDEBUG;%(PreprocessorDefinitions) - -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include - - - Console - true - true - true - Release - %(AdditionalDependencies); - - - - - - diff --git a/visualc/VS2010/dtls_client.vcxproj b/visualc/VS2010/dtls_client.vcxproj deleted file mode 100644 index 3fd65456de..0000000000 --- a/visualc/VS2010/dtls_client.vcxproj +++ /dev/null @@ -1,167 +0,0 @@ - - - - - Debug - Win32 - - - Debug - x64 - - - Release - Win32 - - - Release - x64 - - - - - - - - {46cf2d25-6a36-4189-b59c-e4815388e554} - true - - - - {FE7AB78F-DBF1-0721-3522-0D7C3011D2E5} - Win32Proj - dtls_client - - - - Application - true - Unicode - - - Application - true - Unicode - - - Application - false - true - Unicode - - - Application - false - true - Unicode - - - - - - - - - - - - - - - - - - - true - $(Configuration)\$(TargetName)\ - - - true - $(Configuration)\$(TargetName)\ - - - false - $(Configuration)\$(TargetName)\ - - - false - $(Configuration)\$(TargetName)\ - - - - Level3 - Disabled - %(PreprocessorDefinitions) - -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include - - - Console - true - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) - Debug - - - false - - - - - Level3 - Disabled - %(PreprocessorDefinitions) - -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include - - - Console - true - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) - Debug - - - false - - - - - Level3 - MaxSpeed - true - true - NDEBUG;%(PreprocessorDefinitions) - -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include - - - Console - true - true - true - Release - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) - - - - - Level3 - MaxSpeed - true - true - NDEBUG;%(PreprocessorDefinitions) - -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include - - - Console - true - true - true - Release - %(AdditionalDependencies); - - - - - - diff --git a/visualc/VS2010/dtls_server.vcxproj b/visualc/VS2010/dtls_server.vcxproj deleted file mode 100644 index b10ec4df5e..0000000000 --- a/visualc/VS2010/dtls_server.vcxproj +++ /dev/null @@ -1,167 +0,0 @@ - - - - - Debug - Win32 - - - Debug - x64 - - - Release - Win32 - - - Release - x64 - - - - - - - - {46cf2d25-6a36-4189-b59c-e4815388e554} - true - - - - {BFE89EAA-D98B-34E1-C5A4-4080F6FFE317} - Win32Proj - dtls_server - - - - Application - true - Unicode - - - Application - true - Unicode - - - Application - false - true - Unicode - - - Application - false - true - Unicode - - - - - - - - - - - - - - - - - - - true - $(Configuration)\$(TargetName)\ - - - true - $(Configuration)\$(TargetName)\ - - - false - $(Configuration)\$(TargetName)\ - - - false - $(Configuration)\$(TargetName)\ - - - - Level3 - Disabled - %(PreprocessorDefinitions) - -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include - - - Console - true - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) - Debug - - - false - - - - - Level3 - Disabled - %(PreprocessorDefinitions) - -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include - - - Console - true - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) - Debug - - - false - - - - - Level3 - MaxSpeed - true - true - NDEBUG;%(PreprocessorDefinitions) - -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include - - - Console - true - true - true - Release - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) - - - - - Level3 - MaxSpeed - true - true - NDEBUG;%(PreprocessorDefinitions) - -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include - - - Console - true - true - true - Release - %(AdditionalDependencies); - - - - - - diff --git a/visualc/VS2010/ecdh_curve25519.vcxproj b/visualc/VS2010/ecdh_curve25519.vcxproj deleted file mode 100644 index 578e43b626..0000000000 --- a/visualc/VS2010/ecdh_curve25519.vcxproj +++ /dev/null @@ -1,167 +0,0 @@ - - - - - Debug - Win32 - - - Debug - x64 - - - Release - Win32 - - - Release - x64 - - - - - - - - {46cf2d25-6a36-4189-b59c-e4815388e554} - true - - - - {82EE497E-12CC-7C5B-A072-665678ACB43E} - Win32Proj - ecdh_curve25519 - - - - Application - true - Unicode - - - Application - true - Unicode - - - Application - false - true - Unicode - - - Application - false - true - Unicode - - - - - - - - - - - - - - - - - - - true - $(Configuration)\$(TargetName)\ - - - true - $(Configuration)\$(TargetName)\ - - - false - $(Configuration)\$(TargetName)\ - - - false - $(Configuration)\$(TargetName)\ - - - - Level3 - Disabled - %(PreprocessorDefinitions) - -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include - - - Console - true - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) - Debug - - - false - - - - - Level3 - Disabled - %(PreprocessorDefinitions) - -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include - - - Console - true - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) - Debug - - - false - - - - - Level3 - MaxSpeed - true - true - NDEBUG;%(PreprocessorDefinitions) - -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include - - - Console - true - true - true - Release - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) - - - - - Level3 - MaxSpeed - true - true - NDEBUG;%(PreprocessorDefinitions) - -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include - - - Console - true - true - true - Release - %(AdditionalDependencies); - - - - - - diff --git a/visualc/VS2010/ecdsa.vcxproj b/visualc/VS2010/ecdsa.vcxproj deleted file mode 100644 index f7ad2e9227..0000000000 --- a/visualc/VS2010/ecdsa.vcxproj +++ /dev/null @@ -1,167 +0,0 @@ - - - - - Debug - Win32 - - - Debug - x64 - - - Release - Win32 - - - Release - x64 - - - - - - - - {46cf2d25-6a36-4189-b59c-e4815388e554} - true - - - - {F58142CC-0CC7-0B18-5A0F-53642CFBA18E} - Win32Proj - ecdsa - - - - Application - true - Unicode - - - Application - true - Unicode - - - Application - false - true - Unicode - - - Application - false - true - Unicode - - - - - - - - - - - - - - - - - - - true - $(Configuration)\$(TargetName)\ - - - true - $(Configuration)\$(TargetName)\ - - - false - $(Configuration)\$(TargetName)\ - - - false - $(Configuration)\$(TargetName)\ - - - - Level3 - Disabled - %(PreprocessorDefinitions) - -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include - - - Console - true - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) - Debug - - - false - - - - - Level3 - Disabled - %(PreprocessorDefinitions) - -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include - - - Console - true - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) - Debug - - - false - - - - - Level3 - MaxSpeed - true - true - NDEBUG;%(PreprocessorDefinitions) - -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include - - - Console - true - true - true - Release - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) - - - - - Level3 - MaxSpeed - true - true - NDEBUG;%(PreprocessorDefinitions) - -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include - - - Console - true - true - true - Release - %(AdditionalDependencies); - - - - - - diff --git a/visualc/VS2010/gen_entropy.vcxproj b/visualc/VS2010/gen_entropy.vcxproj deleted file mode 100644 index b7e45f9789..0000000000 --- a/visualc/VS2010/gen_entropy.vcxproj +++ /dev/null @@ -1,167 +0,0 @@ - - - - - Debug - Win32 - - - Debug - x64 - - - Release - Win32 - - - Release - x64 - - - - - - - - {46cf2d25-6a36-4189-b59c-e4815388e554} - true - - - - {DE695064-13C3-18B0-378D-8B22672BF3F4} - Win32Proj - gen_entropy - - - - Application - true - Unicode - - - Application - true - Unicode - - - Application - false - true - Unicode - - - Application - false - true - Unicode - - - - - - - - - - - - - - - - - - - true - $(Configuration)\$(TargetName)\ - - - true - $(Configuration)\$(TargetName)\ - - - false - $(Configuration)\$(TargetName)\ - - - false - $(Configuration)\$(TargetName)\ - - - - Level3 - Disabled - %(PreprocessorDefinitions) - -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include - - - Console - true - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) - Debug - - - false - - - - - Level3 - Disabled - %(PreprocessorDefinitions) - -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include - - - Console - true - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) - Debug - - - false - - - - - Level3 - MaxSpeed - true - true - NDEBUG;%(PreprocessorDefinitions) - -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include - - - Console - true - true - true - Release - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) - - - - - Level3 - MaxSpeed - true - true - NDEBUG;%(PreprocessorDefinitions) - -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include - - - Console - true - true - true - Release - %(AdditionalDependencies); - - - - - - diff --git a/visualc/VS2010/gen_key.vcxproj b/visualc/VS2010/gen_key.vcxproj deleted file mode 100644 index fa026141cf..0000000000 --- a/visualc/VS2010/gen_key.vcxproj +++ /dev/null @@ -1,167 +0,0 @@ - - - - - Debug - Win32 - - - Debug - x64 - - - Release - Win32 - - - Release - x64 - - - - - - - - {46cf2d25-6a36-4189-b59c-e4815388e554} - true - - - - {BF782A50-E9AE-00CC-C28A-C9DA8AAB4D52} - Win32Proj - gen_key - - - - Application - true - Unicode - - - Application - true - Unicode - - - Application - false - true - Unicode - - - Application - false - true - Unicode - - - - - - - - - - - - - - - - - - - true - $(Configuration)\$(TargetName)\ - - - true - $(Configuration)\$(TargetName)\ - - - false - $(Configuration)\$(TargetName)\ - - - false - $(Configuration)\$(TargetName)\ - - - - Level3 - Disabled - %(PreprocessorDefinitions) - -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include - - - Console - true - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) - Debug - - - false - - - - - Level3 - Disabled - %(PreprocessorDefinitions) - -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include - - - Console - true - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) - Debug - - - false - - - - - Level3 - MaxSpeed - true - true - NDEBUG;%(PreprocessorDefinitions) - -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include - - - Console - true - true - true - Release - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) - - - - - Level3 - MaxSpeed - true - true - NDEBUG;%(PreprocessorDefinitions) - -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include - - - Console - true - true - true - Release - %(AdditionalDependencies); - - - - - - diff --git a/visualc/VS2010/gen_random_ctr_drbg.vcxproj b/visualc/VS2010/gen_random_ctr_drbg.vcxproj deleted file mode 100644 index a385841a06..0000000000 --- a/visualc/VS2010/gen_random_ctr_drbg.vcxproj +++ /dev/null @@ -1,167 +0,0 @@ - - - - - Debug - Win32 - - - Debug - x64 - - - Release - Win32 - - - Release - x64 - - - - - - - - {46cf2d25-6a36-4189-b59c-e4815388e554} - true - - - - {5FCC71F6-FF33-EBCF-FBA2-8FC783D5318E} - Win32Proj - gen_random_ctr_drbg - - - - Application - true - Unicode - - - Application - true - Unicode - - - Application - false - true - Unicode - - - Application - false - true - Unicode - - - - - - - - - - - - - - - - - - - true - $(Configuration)\$(TargetName)\ - - - true - $(Configuration)\$(TargetName)\ - - - false - $(Configuration)\$(TargetName)\ - - - false - $(Configuration)\$(TargetName)\ - - - - Level3 - Disabled - %(PreprocessorDefinitions) - -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include - - - Console - true - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) - Debug - - - false - - - - - Level3 - Disabled - %(PreprocessorDefinitions) - -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include - - - Console - true - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) - Debug - - - false - - - - - Level3 - MaxSpeed - true - true - NDEBUG;%(PreprocessorDefinitions) - -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include - - - Console - true - true - true - Release - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) - - - - - Level3 - MaxSpeed - true - true - NDEBUG;%(PreprocessorDefinitions) - -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include - - - Console - true - true - true - Release - %(AdditionalDependencies); - - - - - - diff --git a/visualc/VS2010/generic_sum.vcxproj b/visualc/VS2010/generic_sum.vcxproj deleted file mode 100644 index faad77596a..0000000000 --- a/visualc/VS2010/generic_sum.vcxproj +++ /dev/null @@ -1,167 +0,0 @@ - - - - - Debug - Win32 - - - Debug - x64 - - - Release - Win32 - - - Release - x64 - - - - - - - - {46cf2d25-6a36-4189-b59c-e4815388e554} - true - - - - {D071CCF7-ACA0-21F8-D382-52A759AEA261} - Win32Proj - generic_sum - - - - Application - true - Unicode - - - Application - true - Unicode - - - Application - false - true - Unicode - - - Application - false - true - Unicode - - - - - - - - - - - - - - - - - - - true - $(Configuration)\$(TargetName)\ - - - true - $(Configuration)\$(TargetName)\ - - - false - $(Configuration)\$(TargetName)\ - - - false - $(Configuration)\$(TargetName)\ - - - - Level3 - Disabled - %(PreprocessorDefinitions) - -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include - - - Console - true - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) - Debug - - - false - - - - - Level3 - Disabled - %(PreprocessorDefinitions) - -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include - - - Console - true - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) - Debug - - - false - - - - - Level3 - MaxSpeed - true - true - NDEBUG;%(PreprocessorDefinitions) - -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include - - - Console - true - true - true - Release - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) - - - - - Level3 - MaxSpeed - true - true - NDEBUG;%(PreprocessorDefinitions) - -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include - - - Console - true - true - true - Release - %(AdditionalDependencies); - - - - - - diff --git a/visualc/VS2010/hello.vcxproj b/visualc/VS2010/hello.vcxproj deleted file mode 100644 index 6a81d914e9..0000000000 --- a/visualc/VS2010/hello.vcxproj +++ /dev/null @@ -1,167 +0,0 @@ - - - - - Debug - Win32 - - - Debug - x64 - - - Release - Win32 - - - Release - x64 - - - - - - - - {46cf2d25-6a36-4189-b59c-e4815388e554} - true - - - - {B02D4AE1-0218-1CD4-F44E-EFAE19B01B8D} - Win32Proj - hello - - - - Application - true - Unicode - - - Application - true - Unicode - - - Application - false - true - Unicode - - - Application - false - true - Unicode - - - - - - - - - - - - - - - - - - - true - $(Configuration)\$(TargetName)\ - - - true - $(Configuration)\$(TargetName)\ - - - false - $(Configuration)\$(TargetName)\ - - - false - $(Configuration)\$(TargetName)\ - - - - Level3 - Disabled - %(PreprocessorDefinitions) - -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include - - - Console - true - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) - Debug - - - false - - - - - Level3 - Disabled - %(PreprocessorDefinitions) - -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include - - - Console - true - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) - Debug - - - false - - - - - Level3 - MaxSpeed - true - true - NDEBUG;%(PreprocessorDefinitions) - -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include - - - Console - true - true - true - Release - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) - - - - - Level3 - MaxSpeed - true - true - NDEBUG;%(PreprocessorDefinitions) - -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include - - - Console - true - true - true - Release - %(AdditionalDependencies); - - - - - - diff --git a/visualc/VS2010/key_app.vcxproj b/visualc/VS2010/key_app.vcxproj deleted file mode 100644 index bba584170a..0000000000 --- a/visualc/VS2010/key_app.vcxproj +++ /dev/null @@ -1,167 +0,0 @@ - - - - - Debug - Win32 - - - Debug - x64 - - - Release - Win32 - - - Release - x64 - - - - - - - - {46cf2d25-6a36-4189-b59c-e4815388e554} - true - - - - {10AE376F-1A70-0297-0216-1FD01AD15D19} - Win32Proj - key_app - - - - Application - true - Unicode - - - Application - true - Unicode - - - Application - false - true - Unicode - - - Application - false - true - Unicode - - - - - - - - - - - - - - - - - - - true - $(Configuration)\$(TargetName)\ - - - true - $(Configuration)\$(TargetName)\ - - - false - $(Configuration)\$(TargetName)\ - - - false - $(Configuration)\$(TargetName)\ - - - - Level3 - Disabled - %(PreprocessorDefinitions) - -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include - - - Console - true - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) - Debug - - - false - - - - - Level3 - Disabled - %(PreprocessorDefinitions) - -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include - - - Console - true - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) - Debug - - - false - - - - - Level3 - MaxSpeed - true - true - NDEBUG;%(PreprocessorDefinitions) - -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include - - - Console - true - true - true - Release - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) - - - - - Level3 - MaxSpeed - true - true - NDEBUG;%(PreprocessorDefinitions) - -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include - - - Console - true - true - true - Release - %(AdditionalDependencies); - - - - - - diff --git a/visualc/VS2010/key_app_writer.vcxproj b/visualc/VS2010/key_app_writer.vcxproj deleted file mode 100644 index 0d7013796d..0000000000 --- a/visualc/VS2010/key_app_writer.vcxproj +++ /dev/null @@ -1,167 +0,0 @@ - - - - - Debug - Win32 - - - Debug - x64 - - - Release - Win32 - - - Release - x64 - - - - - - - - {46cf2d25-6a36-4189-b59c-e4815388e554} - true - - - - {E8ED79F9-8034-1B09-263E-D3F8C4C5C4A8} - Win32Proj - key_app_writer - - - - Application - true - Unicode - - - Application - true - Unicode - - - Application - false - true - Unicode - - - Application - false - true - Unicode - - - - - - - - - - - - - - - - - - - true - $(Configuration)\$(TargetName)\ - - - true - $(Configuration)\$(TargetName)\ - - - false - $(Configuration)\$(TargetName)\ - - - false - $(Configuration)\$(TargetName)\ - - - - Level3 - Disabled - %(PreprocessorDefinitions) - -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include - - - Console - true - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) - Debug - - - false - - - - - Level3 - Disabled - %(PreprocessorDefinitions) - -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include - - - Console - true - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) - Debug - - - false - - - - - Level3 - MaxSpeed - true - true - NDEBUG;%(PreprocessorDefinitions) - -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include - - - Console - true - true - true - Release - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) - - - - - Level3 - MaxSpeed - true - true - NDEBUG;%(PreprocessorDefinitions) - -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include - - - Console - true - true - true - Release - %(AdditionalDependencies); - - - - - - diff --git a/visualc/VS2010/key_ladder_demo.vcxproj b/visualc/VS2010/key_ladder_demo.vcxproj deleted file mode 100644 index 8584aee758..0000000000 --- a/visualc/VS2010/key_ladder_demo.vcxproj +++ /dev/null @@ -1,167 +0,0 @@ - - - - - Debug - Win32 - - - Debug - x64 - - - Release - Win32 - - - Release - x64 - - - - - - - - {46cf2d25-6a36-4189-b59c-e4815388e554} - true - - - - {778777A0-393D-45E8-83C1-EAF487236F1F} - Win32Proj - key_ladder_demo - - - - Application - true - Unicode - - - Application - true - Unicode - - - Application - false - true - Unicode - - - Application - false - true - Unicode - - - - - - - - - - - - - - - - - - - true - $(Configuration)\$(TargetName)\ - - - true - $(Configuration)\$(TargetName)\ - - - false - $(Configuration)\$(TargetName)\ - - - false - $(Configuration)\$(TargetName)\ - - - - Level3 - Disabled - %(PreprocessorDefinitions) - -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include - - - Console - true - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) - Debug - - - false - - - - - Level3 - Disabled - %(PreprocessorDefinitions) - -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include - - - Console - true - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) - Debug - - - false - - - - - Level3 - MaxSpeed - true - true - NDEBUG;%(PreprocessorDefinitions) - -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include - - - Console - true - true - true - Release - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) - - - - - Level3 - MaxSpeed - true - true - NDEBUG;%(PreprocessorDefinitions) - -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include - - - Console - true - true - true - Release - %(AdditionalDependencies); - - - - - - diff --git a/visualc/VS2010/mbedTLS.sln b/visualc/VS2010/mbedTLS.sln deleted file mode 100644 index dc3264451e..0000000000 --- a/visualc/VS2010/mbedTLS.sln +++ /dev/null @@ -1,676 +0,0 @@ - -Microsoft Visual Studio Solution File, Format Version 11.00 -# Visual C++ Express 2010 -Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "mbedTLS", "mbedTLS.vcxproj", "{46CF2D25-6A36-4189-B59C-E4815388E554}" -EndProject -Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "crypt_and_hash", "crypt_and_hash.vcxproj", "{5DBB9FC3-6FD6-CA8D-E0FA-35F1E75EFAE7}" - ProjectSection(ProjectDependencies) = postProject - {46CF2D25-6A36-4189-B59C-E4815388E554} = {46CF2D25-6A36-4189-B59C-E4815388E554} - EndProjectSection -EndProject -Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "generic_sum", "generic_sum.vcxproj", "{D071CCF7-ACA0-21F8-D382-52A759AEA261}" - ProjectSection(ProjectDependencies) = postProject - {46CF2D25-6A36-4189-B59C-E4815388E554} = {46CF2D25-6A36-4189-B59C-E4815388E554} - EndProjectSection -EndProject -Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "hello", "hello.vcxproj", "{B02D4AE1-0218-1CD4-F44E-EFAE19B01B8D}" - ProjectSection(ProjectDependencies) = postProject - {46CF2D25-6A36-4189-B59C-E4815388E554} = {46CF2D25-6A36-4189-B59C-E4815388E554} - EndProjectSection -EndProject -Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "dh_client", "dh_client.vcxproj", "{4D29BE4A-979C-C5AE-44B5-30FB37D8D4EE}" - ProjectSection(ProjectDependencies) = postProject - {46CF2D25-6A36-4189-B59C-E4815388E554} = {46CF2D25-6A36-4189-B59C-E4815388E554} - EndProjectSection -EndProject -Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "dh_genprime", "dh_genprime.vcxproj", "{718960D9-5DA6-7B56-39AD-637E81076C71}" - ProjectSection(ProjectDependencies) = postProject - {46CF2D25-6A36-4189-B59C-E4815388E554} = {46CF2D25-6A36-4189-B59C-E4815388E554} - EndProjectSection -EndProject -Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "dh_server", "dh_server.vcxproj", "{8D91B804-E2CE-142D-8E06-FBB037ED1F65}" - ProjectSection(ProjectDependencies) = postProject - {46CF2D25-6A36-4189-B59C-E4815388E554} = {46CF2D25-6A36-4189-B59C-E4815388E554} - EndProjectSection -EndProject -Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "ecdh_curve25519", "ecdh_curve25519.vcxproj", "{82EE497E-12CC-7C5B-A072-665678ACB43E}" - ProjectSection(ProjectDependencies) = postProject - {46CF2D25-6A36-4189-B59C-E4815388E554} = {46CF2D25-6A36-4189-B59C-E4815388E554} - EndProjectSection -EndProject -Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "ecdsa", "ecdsa.vcxproj", "{F58142CC-0CC7-0B18-5A0F-53642CFBA18E}" - ProjectSection(ProjectDependencies) = postProject - {46CF2D25-6A36-4189-B59C-E4815388E554} = {46CF2D25-6A36-4189-B59C-E4815388E554} - EndProjectSection -EndProject -Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "gen_key", "gen_key.vcxproj", "{BF782A50-E9AE-00CC-C28A-C9DA8AAB4D52}" - ProjectSection(ProjectDependencies) = postProject - {46CF2D25-6A36-4189-B59C-E4815388E554} = {46CF2D25-6A36-4189-B59C-E4815388E554} - EndProjectSection -EndProject -Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "key_app", "key_app.vcxproj", "{10AE376F-1A70-0297-0216-1FD01AD15D19}" - ProjectSection(ProjectDependencies) = postProject - {46CF2D25-6A36-4189-B59C-E4815388E554} = {46CF2D25-6A36-4189-B59C-E4815388E554} - EndProjectSection -EndProject -Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "key_app_writer", "key_app_writer.vcxproj", "{E8ED79F9-8034-1B09-263E-D3F8C4C5C4A8}" - ProjectSection(ProjectDependencies) = postProject - {46CF2D25-6A36-4189-B59C-E4815388E554} = {46CF2D25-6A36-4189-B59C-E4815388E554} - EndProjectSection -EndProject -Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "mpi_demo", "mpi_demo.vcxproj", "{A59FAA0B-9C34-1F99-794D-A365A3AA8CCE}" - ProjectSection(ProjectDependencies) = postProject - {46CF2D25-6A36-4189-B59C-E4815388E554} = {46CF2D25-6A36-4189-B59C-E4815388E554} - EndProjectSection -EndProject -Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "pk_decrypt", "pk_decrypt.vcxproj", "{1EC6CBA3-6187-D456-D9B7-A35399395D71}" - ProjectSection(ProjectDependencies) = postProject - {46CF2D25-6A36-4189-B59C-E4815388E554} = {46CF2D25-6A36-4189-B59C-E4815388E554} - EndProjectSection -EndProject -Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "pk_encrypt", "pk_encrypt.vcxproj", "{55007179-7746-9CFB-97EC-65102FB272C8}" - ProjectSection(ProjectDependencies) = postProject - {46CF2D25-6A36-4189-B59C-E4815388E554} = {46CF2D25-6A36-4189-B59C-E4815388E554} - EndProjectSection -EndProject -Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "pk_sign", "pk_sign.vcxproj", "{F2E8CA55-597F-7FDC-6456-D8650FB970A3}" - ProjectSection(ProjectDependencies) = postProject - {46CF2D25-6A36-4189-B59C-E4815388E554} = {46CF2D25-6A36-4189-B59C-E4815388E554} - EndProjectSection -EndProject -Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "pk_verify", "pk_verify.vcxproj", "{C429B336-1B30-119C-3B34-21A186D6744F}" - ProjectSection(ProjectDependencies) = postProject - {46CF2D25-6A36-4189-B59C-E4815388E554} = {46CF2D25-6A36-4189-B59C-E4815388E554} - EndProjectSection -EndProject -Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "rsa_decrypt", "rsa_decrypt.vcxproj", "{E0D71D72-8DF4-CCFC-EF60-741EADAB8BF9}" - ProjectSection(ProjectDependencies) = postProject - {46CF2D25-6A36-4189-B59C-E4815388E554} = {46CF2D25-6A36-4189-B59C-E4815388E554} - EndProjectSection -EndProject -Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "rsa_encrypt", "rsa_encrypt.vcxproj", "{D06CF12E-F222-9273-41BF-B8A052FA5527}" - ProjectSection(ProjectDependencies) = postProject - {46CF2D25-6A36-4189-B59C-E4815388E554} = {46CF2D25-6A36-4189-B59C-E4815388E554} - EndProjectSection -EndProject -Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "rsa_genkey", "rsa_genkey.vcxproj", "{F472475C-F677-0E7F-F127-45BF5B64F622}" - ProjectSection(ProjectDependencies) = postProject - {46CF2D25-6A36-4189-B59C-E4815388E554} = {46CF2D25-6A36-4189-B59C-E4815388E554} - EndProjectSection -EndProject -Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "rsa_sign", "rsa_sign.vcxproj", "{10790F49-6887-AAB6-2D86-BCBD516F8D26}" - ProjectSection(ProjectDependencies) = postProject - {46CF2D25-6A36-4189-B59C-E4815388E554} = {46CF2D25-6A36-4189-B59C-E4815388E554} - EndProjectSection -EndProject -Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "rsa_sign_pss", "rsa_sign_pss.vcxproj", "{DCD3A1B6-5EC1-8266-93EF-BD2B9BEFE12D}" - ProjectSection(ProjectDependencies) = postProject - {46CF2D25-6A36-4189-B59C-E4815388E554} = {46CF2D25-6A36-4189-B59C-E4815388E554} - EndProjectSection -EndProject -Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "rsa_verify", "rsa_verify.vcxproj", "{689E28CF-89ED-BA38-3A14-78A75D891D46}" - ProjectSection(ProjectDependencies) = postProject - {46CF2D25-6A36-4189-B59C-E4815388E554} = {46CF2D25-6A36-4189-B59C-E4815388E554} - EndProjectSection -EndProject -Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "rsa_verify_pss", "rsa_verify_pss.vcxproj", "{95C50864-854C-2A11-4C91-BCE654E344FB}" - ProjectSection(ProjectDependencies) = postProject - {46CF2D25-6A36-4189-B59C-E4815388E554} = {46CF2D25-6A36-4189-B59C-E4815388E554} - EndProjectSection -EndProject -Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "crypto_examples", "crypto_examples.vcxproj", "{020C31BD-C4DF-BABA-E537-F517C4E98537}" - ProjectSection(ProjectDependencies) = postProject - {46CF2D25-6A36-4189-B59C-E4815388E554} = {46CF2D25-6A36-4189-B59C-E4815388E554} - EndProjectSection -EndProject -Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "key_ladder_demo", "key_ladder_demo.vcxproj", "{778777A0-393D-45E8-83C1-EAF487236F1F}" - ProjectSection(ProjectDependencies) = postProject - {46CF2D25-6A36-4189-B59C-E4815388E554} = {46CF2D25-6A36-4189-B59C-E4815388E554} - EndProjectSection -EndProject -Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "psa_constant_names", "psa_constant_names.vcxproj", "{A0BAD8F0-69B5-8382-86ED-C36ACBE54117}" - ProjectSection(ProjectDependencies) = postProject - {46CF2D25-6A36-4189-B59C-E4815388E554} = {46CF2D25-6A36-4189-B59C-E4815388E554} - EndProjectSection -EndProject -Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "gen_entropy", "gen_entropy.vcxproj", "{DE695064-13C3-18B0-378D-8B22672BF3F4}" - ProjectSection(ProjectDependencies) = postProject - {46CF2D25-6A36-4189-B59C-E4815388E554} = {46CF2D25-6A36-4189-B59C-E4815388E554} - EndProjectSection -EndProject -Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "gen_random_ctr_drbg", "gen_random_ctr_drbg.vcxproj", "{5FCC71F6-FF33-EBCF-FBA2-8FC783D5318E}" - ProjectSection(ProjectDependencies) = postProject - {46CF2D25-6A36-4189-B59C-E4815388E554} = {46CF2D25-6A36-4189-B59C-E4815388E554} - EndProjectSection -EndProject -Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "dtls_client", "dtls_client.vcxproj", "{FE7AB78F-DBF1-0721-3522-0D7C3011D2E5}" - ProjectSection(ProjectDependencies) = postProject - {46CF2D25-6A36-4189-B59C-E4815388E554} = {46CF2D25-6A36-4189-B59C-E4815388E554} - EndProjectSection -EndProject -Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "dtls_server", "dtls_server.vcxproj", "{BFE89EAA-D98B-34E1-C5A4-4080F6FFE317}" - ProjectSection(ProjectDependencies) = postProject - {46CF2D25-6A36-4189-B59C-E4815388E554} = {46CF2D25-6A36-4189-B59C-E4815388E554} - EndProjectSection -EndProject -Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "mini_client", "mini_client.vcxproj", "{C4FE29EA-266D-5295-4840-976B9B5B3843}" - ProjectSection(ProjectDependencies) = postProject - {46CF2D25-6A36-4189-B59C-E4815388E554} = {46CF2D25-6A36-4189-B59C-E4815388E554} - EndProjectSection -EndProject -Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "ssl_client1", "ssl_client1.vcxproj", "{487A2F80-3CA3-678D-88D5-82194872CF08}" - ProjectSection(ProjectDependencies) = postProject - {46CF2D25-6A36-4189-B59C-E4815388E554} = {46CF2D25-6A36-4189-B59C-E4815388E554} - EndProjectSection -EndProject -Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "ssl_client2", "ssl_client2.vcxproj", "{4E590E9D-E28F-87FF-385B-D58736388231}" - ProjectSection(ProjectDependencies) = postProject - {46CF2D25-6A36-4189-B59C-E4815388E554} = {46CF2D25-6A36-4189-B59C-E4815388E554} - EndProjectSection -EndProject -Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "ssl_context_info", "ssl_context_info.vcxproj", "{017ECC7D-FB6D-46D8-076B-F64172E8E3BC}" - ProjectSection(ProjectDependencies) = postProject - {46CF2D25-6A36-4189-B59C-E4815388E554} = {46CF2D25-6A36-4189-B59C-E4815388E554} - EndProjectSection -EndProject -Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "ssl_fork_server", "ssl_fork_server.vcxproj", "{918CD402-047D-8467-E11C-E1132053F916}" - ProjectSection(ProjectDependencies) = postProject - {46CF2D25-6A36-4189-B59C-E4815388E554} = {46CF2D25-6A36-4189-B59C-E4815388E554} - EndProjectSection -EndProject -Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "ssl_mail_client", "ssl_mail_client.vcxproj", "{7C4863A1-941A-C5AE-E1F9-30F062E4B2FD}" - ProjectSection(ProjectDependencies) = postProject - {46CF2D25-6A36-4189-B59C-E4815388E554} = {46CF2D25-6A36-4189-B59C-E4815388E554} - EndProjectSection -EndProject -Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "ssl_server", "ssl_server.vcxproj", "{E08E0065-896A-7487-DEA5-D3B80B71F975}" - ProjectSection(ProjectDependencies) = postProject - {46CF2D25-6A36-4189-B59C-E4815388E554} = {46CF2D25-6A36-4189-B59C-E4815388E554} - EndProjectSection -EndProject -Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "ssl_server2", "ssl_server2.vcxproj", "{A4DA7463-1047-BDF5-E1B3-5632CB573F41}" - ProjectSection(ProjectDependencies) = postProject - {46CF2D25-6A36-4189-B59C-E4815388E554} = {46CF2D25-6A36-4189-B59C-E4815388E554} - EndProjectSection -EndProject -Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "benchmark", "benchmark.vcxproj", "{90EFD9A4-C6B0-3EE8-1F06-0A0E0D55AEDA}" - ProjectSection(ProjectDependencies) = postProject - {46CF2D25-6A36-4189-B59C-E4815388E554} = {46CF2D25-6A36-4189-B59C-E4815388E554} - EndProjectSection -EndProject -Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "query_compile_time_config", "query_compile_time_config.vcxproj", "{D6F58AF2-9D80-562A-E2B0-F743281522B9}" - ProjectSection(ProjectDependencies) = postProject - {46CF2D25-6A36-4189-B59C-E4815388E554} = {46CF2D25-6A36-4189-B59C-E4815388E554} - EndProjectSection -EndProject -Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "selftest", "selftest.vcxproj", "{7DBC5F77-3DA1-5F73-8421-E693D95FC66A}" - ProjectSection(ProjectDependencies) = postProject - {46CF2D25-6A36-4189-B59C-E4815388E554} = {46CF2D25-6A36-4189-B59C-E4815388E554} - EndProjectSection -EndProject -Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "udp_proxy", "udp_proxy.vcxproj", "{7E2C80FE-3CC3-82B4-0CAD-65DC233DE13A}" - ProjectSection(ProjectDependencies) = postProject - {46CF2D25-6A36-4189-B59C-E4815388E554} = {46CF2D25-6A36-4189-B59C-E4815388E554} - EndProjectSection -EndProject -Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "zeroize", "zeroize.vcxproj", "{10C01E94-4926-063E-9F56-C84ED190D349}" - ProjectSection(ProjectDependencies) = postProject - {46CF2D25-6A36-4189-B59C-E4815388E554} = {46CF2D25-6A36-4189-B59C-E4815388E554} - EndProjectSection -EndProject -Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "pem2der", "pem2der.vcxproj", "{D3C6FBD6-D78E-7180-8345-5E09B492DBEC}" - ProjectSection(ProjectDependencies) = postProject - {46CF2D25-6A36-4189-B59C-E4815388E554} = {46CF2D25-6A36-4189-B59C-E4815388E554} - EndProjectSection -EndProject -Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "strerror", "strerror.vcxproj", "{23EF735C-CC4C-3EC4-A75E-903DB340F04A}" - ProjectSection(ProjectDependencies) = postProject - {46CF2D25-6A36-4189-B59C-E4815388E554} = {46CF2D25-6A36-4189-B59C-E4815388E554} - EndProjectSection -EndProject -Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "cert_app", "cert_app.vcxproj", "{D4D691D4-137C-CBFA-735B-D46636D7E4D8}" - ProjectSection(ProjectDependencies) = postProject - {46CF2D25-6A36-4189-B59C-E4815388E554} = {46CF2D25-6A36-4189-B59C-E4815388E554} - EndProjectSection -EndProject -Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "cert_req", "cert_req.vcxproj", "{C9E2AB15-8AEF-DD48-60C3-557ECC5215BE}" - ProjectSection(ProjectDependencies) = postProject - {46CF2D25-6A36-4189-B59C-E4815388E554} = {46CF2D25-6A36-4189-B59C-E4815388E554} - EndProjectSection -EndProject -Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "cert_write", "cert_write.vcxproj", "{35E52E46-3BA9-4361-41D3-53663C2E9B8A}" - ProjectSection(ProjectDependencies) = postProject - {46CF2D25-6A36-4189-B59C-E4815388E554} = {46CF2D25-6A36-4189-B59C-E4815388E554} - EndProjectSection -EndProject -Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "crl_app", "crl_app.vcxproj", "{DB904B85-AD31-B7FB-114F-88760CC485F2}" - ProjectSection(ProjectDependencies) = postProject - {46CF2D25-6A36-4189-B59C-E4815388E554} = {46CF2D25-6A36-4189-B59C-E4815388E554} - EndProjectSection -EndProject -Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "req_app", "req_app.vcxproj", "{486B1375-5CFA-C2D2-DD89-C9F497BADCB3}" - ProjectSection(ProjectDependencies) = postProject - {46CF2D25-6A36-4189-B59C-E4815388E554} = {46CF2D25-6A36-4189-B59C-E4815388E554} - EndProjectSection -EndProject -Global - GlobalSection(SolutionConfigurationPlatforms) = preSolution - Debug|Win32 = Debug|Win32 - Debug|x64 = Debug|x64 - Release|Win32 = Release|Win32 - Release|x64 = Release|x64 - EndGlobalSection - GlobalSection(ProjectConfigurationPlatforms) = postSolution - {46CF2D25-6A36-4189-B59C-E4815388E554}.Debug|Win32.ActiveCfg = Debug|Win32 - {46CF2D25-6A36-4189-B59C-E4815388E554}.Debug|Win32.Build.0 = Debug|Win32 - {46CF2D25-6A36-4189-B59C-E4815388E554}.Debug|x64.ActiveCfg = Debug|x64 - {46CF2D25-6A36-4189-B59C-E4815388E554}.Debug|x64.Build.0 = Debug|x64 - {46CF2D25-6A36-4189-B59C-E4815388E554}.Release|Win32.ActiveCfg = Release|Win32 - {46CF2D25-6A36-4189-B59C-E4815388E554}.Release|Win32.Build.0 = Release|Win32 - {46CF2D25-6A36-4189-B59C-E4815388E554}.Release|x64.ActiveCfg = Release|x64 - {46CF2D25-6A36-4189-B59C-E4815388E554}.Release|x64.Build.0 = Release|x64 - {5DBB9FC3-6FD6-CA8D-E0FA-35F1E75EFAE7}.Debug|Win32.ActiveCfg = Debug|Win32 - {5DBB9FC3-6FD6-CA8D-E0FA-35F1E75EFAE7}.Debug|Win32.Build.0 = Debug|Win32 - {5DBB9FC3-6FD6-CA8D-E0FA-35F1E75EFAE7}.Debug|x64.ActiveCfg = Debug|x64 - {5DBB9FC3-6FD6-CA8D-E0FA-35F1E75EFAE7}.Debug|x64.Build.0 = Debug|x64 - {5DBB9FC3-6FD6-CA8D-E0FA-35F1E75EFAE7}.Release|Win32.ActiveCfg = Release|Win32 - {5DBB9FC3-6FD6-CA8D-E0FA-35F1E75EFAE7}.Release|Win32.Build.0 = Release|Win32 - {5DBB9FC3-6FD6-CA8D-E0FA-35F1E75EFAE7}.Release|x64.ActiveCfg = Release|x64 - {5DBB9FC3-6FD6-CA8D-E0FA-35F1E75EFAE7}.Release|x64.Build.0 = Release|x64 - {D071CCF7-ACA0-21F8-D382-52A759AEA261}.Debug|Win32.ActiveCfg = Debug|Win32 - {D071CCF7-ACA0-21F8-D382-52A759AEA261}.Debug|Win32.Build.0 = Debug|Win32 - {D071CCF7-ACA0-21F8-D382-52A759AEA261}.Debug|x64.ActiveCfg = Debug|x64 - {D071CCF7-ACA0-21F8-D382-52A759AEA261}.Debug|x64.Build.0 = Debug|x64 - {D071CCF7-ACA0-21F8-D382-52A759AEA261}.Release|Win32.ActiveCfg = Release|Win32 - {D071CCF7-ACA0-21F8-D382-52A759AEA261}.Release|Win32.Build.0 = Release|Win32 - {D071CCF7-ACA0-21F8-D382-52A759AEA261}.Release|x64.ActiveCfg = Release|x64 - {D071CCF7-ACA0-21F8-D382-52A759AEA261}.Release|x64.Build.0 = Release|x64 - {B02D4AE1-0218-1CD4-F44E-EFAE19B01B8D}.Debug|Win32.ActiveCfg = Debug|Win32 - {B02D4AE1-0218-1CD4-F44E-EFAE19B01B8D}.Debug|Win32.Build.0 = Debug|Win32 - {B02D4AE1-0218-1CD4-F44E-EFAE19B01B8D}.Debug|x64.ActiveCfg = Debug|x64 - {B02D4AE1-0218-1CD4-F44E-EFAE19B01B8D}.Debug|x64.Build.0 = Debug|x64 - {B02D4AE1-0218-1CD4-F44E-EFAE19B01B8D}.Release|Win32.ActiveCfg = Release|Win32 - {B02D4AE1-0218-1CD4-F44E-EFAE19B01B8D}.Release|Win32.Build.0 = Release|Win32 - {B02D4AE1-0218-1CD4-F44E-EFAE19B01B8D}.Release|x64.ActiveCfg = Release|x64 - {B02D4AE1-0218-1CD4-F44E-EFAE19B01B8D}.Release|x64.Build.0 = Release|x64 - {4D29BE4A-979C-C5AE-44B5-30FB37D8D4EE}.Debug|Win32.ActiveCfg = Debug|Win32 - {4D29BE4A-979C-C5AE-44B5-30FB37D8D4EE}.Debug|Win32.Build.0 = Debug|Win32 - {4D29BE4A-979C-C5AE-44B5-30FB37D8D4EE}.Debug|x64.ActiveCfg = Debug|x64 - {4D29BE4A-979C-C5AE-44B5-30FB37D8D4EE}.Debug|x64.Build.0 = Debug|x64 - {4D29BE4A-979C-C5AE-44B5-30FB37D8D4EE}.Release|Win32.ActiveCfg = Release|Win32 - {4D29BE4A-979C-C5AE-44B5-30FB37D8D4EE}.Release|Win32.Build.0 = Release|Win32 - {4D29BE4A-979C-C5AE-44B5-30FB37D8D4EE}.Release|x64.ActiveCfg = Release|x64 - {4D29BE4A-979C-C5AE-44B5-30FB37D8D4EE}.Release|x64.Build.0 = Release|x64 - {718960D9-5DA6-7B56-39AD-637E81076C71}.Debug|Win32.ActiveCfg = Debug|Win32 - {718960D9-5DA6-7B56-39AD-637E81076C71}.Debug|Win32.Build.0 = Debug|Win32 - {718960D9-5DA6-7B56-39AD-637E81076C71}.Debug|x64.ActiveCfg = Debug|x64 - {718960D9-5DA6-7B56-39AD-637E81076C71}.Debug|x64.Build.0 = Debug|x64 - {718960D9-5DA6-7B56-39AD-637E81076C71}.Release|Win32.ActiveCfg = Release|Win32 - {718960D9-5DA6-7B56-39AD-637E81076C71}.Release|Win32.Build.0 = Release|Win32 - {718960D9-5DA6-7B56-39AD-637E81076C71}.Release|x64.ActiveCfg = Release|x64 - {718960D9-5DA6-7B56-39AD-637E81076C71}.Release|x64.Build.0 = Release|x64 - {8D91B804-E2CE-142D-8E06-FBB037ED1F65}.Debug|Win32.ActiveCfg = Debug|Win32 - {8D91B804-E2CE-142D-8E06-FBB037ED1F65}.Debug|Win32.Build.0 = Debug|Win32 - {8D91B804-E2CE-142D-8E06-FBB037ED1F65}.Debug|x64.ActiveCfg = Debug|x64 - {8D91B804-E2CE-142D-8E06-FBB037ED1F65}.Debug|x64.Build.0 = Debug|x64 - {8D91B804-E2CE-142D-8E06-FBB037ED1F65}.Release|Win32.ActiveCfg = Release|Win32 - {8D91B804-E2CE-142D-8E06-FBB037ED1F65}.Release|Win32.Build.0 = Release|Win32 - {8D91B804-E2CE-142D-8E06-FBB037ED1F65}.Release|x64.ActiveCfg = Release|x64 - {8D91B804-E2CE-142D-8E06-FBB037ED1F65}.Release|x64.Build.0 = Release|x64 - {82EE497E-12CC-7C5B-A072-665678ACB43E}.Debug|Win32.ActiveCfg = Debug|Win32 - {82EE497E-12CC-7C5B-A072-665678ACB43E}.Debug|Win32.Build.0 = Debug|Win32 - {82EE497E-12CC-7C5B-A072-665678ACB43E}.Debug|x64.ActiveCfg = Debug|x64 - {82EE497E-12CC-7C5B-A072-665678ACB43E}.Debug|x64.Build.0 = Debug|x64 - {82EE497E-12CC-7C5B-A072-665678ACB43E}.Release|Win32.ActiveCfg = Release|Win32 - {82EE497E-12CC-7C5B-A072-665678ACB43E}.Release|Win32.Build.0 = Release|Win32 - {82EE497E-12CC-7C5B-A072-665678ACB43E}.Release|x64.ActiveCfg = Release|x64 - {82EE497E-12CC-7C5B-A072-665678ACB43E}.Release|x64.Build.0 = Release|x64 - {F58142CC-0CC7-0B18-5A0F-53642CFBA18E}.Debug|Win32.ActiveCfg = Debug|Win32 - {F58142CC-0CC7-0B18-5A0F-53642CFBA18E}.Debug|Win32.Build.0 = Debug|Win32 - {F58142CC-0CC7-0B18-5A0F-53642CFBA18E}.Debug|x64.ActiveCfg = Debug|x64 - {F58142CC-0CC7-0B18-5A0F-53642CFBA18E}.Debug|x64.Build.0 = Debug|x64 - {F58142CC-0CC7-0B18-5A0F-53642CFBA18E}.Release|Win32.ActiveCfg = Release|Win32 - {F58142CC-0CC7-0B18-5A0F-53642CFBA18E}.Release|Win32.Build.0 = Release|Win32 - {F58142CC-0CC7-0B18-5A0F-53642CFBA18E}.Release|x64.ActiveCfg = Release|x64 - {F58142CC-0CC7-0B18-5A0F-53642CFBA18E}.Release|x64.Build.0 = Release|x64 - {BF782A50-E9AE-00CC-C28A-C9DA8AAB4D52}.Debug|Win32.ActiveCfg = Debug|Win32 - {BF782A50-E9AE-00CC-C28A-C9DA8AAB4D52}.Debug|Win32.Build.0 = Debug|Win32 - {BF782A50-E9AE-00CC-C28A-C9DA8AAB4D52}.Debug|x64.ActiveCfg = Debug|x64 - {BF782A50-E9AE-00CC-C28A-C9DA8AAB4D52}.Debug|x64.Build.0 = Debug|x64 - {BF782A50-E9AE-00CC-C28A-C9DA8AAB4D52}.Release|Win32.ActiveCfg = Release|Win32 - {BF782A50-E9AE-00CC-C28A-C9DA8AAB4D52}.Release|Win32.Build.0 = Release|Win32 - {BF782A50-E9AE-00CC-C28A-C9DA8AAB4D52}.Release|x64.ActiveCfg = Release|x64 - {BF782A50-E9AE-00CC-C28A-C9DA8AAB4D52}.Release|x64.Build.0 = Release|x64 - {10AE376F-1A70-0297-0216-1FD01AD15D19}.Debug|Win32.ActiveCfg = Debug|Win32 - {10AE376F-1A70-0297-0216-1FD01AD15D19}.Debug|Win32.Build.0 = Debug|Win32 - {10AE376F-1A70-0297-0216-1FD01AD15D19}.Debug|x64.ActiveCfg = Debug|x64 - {10AE376F-1A70-0297-0216-1FD01AD15D19}.Debug|x64.Build.0 = Debug|x64 - {10AE376F-1A70-0297-0216-1FD01AD15D19}.Release|Win32.ActiveCfg = Release|Win32 - {10AE376F-1A70-0297-0216-1FD01AD15D19}.Release|Win32.Build.0 = Release|Win32 - {10AE376F-1A70-0297-0216-1FD01AD15D19}.Release|x64.ActiveCfg = Release|x64 - {10AE376F-1A70-0297-0216-1FD01AD15D19}.Release|x64.Build.0 = Release|x64 - {E8ED79F9-8034-1B09-263E-D3F8C4C5C4A8}.Debug|Win32.ActiveCfg = Debug|Win32 - {E8ED79F9-8034-1B09-263E-D3F8C4C5C4A8}.Debug|Win32.Build.0 = Debug|Win32 - {E8ED79F9-8034-1B09-263E-D3F8C4C5C4A8}.Debug|x64.ActiveCfg = Debug|x64 - {E8ED79F9-8034-1B09-263E-D3F8C4C5C4A8}.Debug|x64.Build.0 = Debug|x64 - {E8ED79F9-8034-1B09-263E-D3F8C4C5C4A8}.Release|Win32.ActiveCfg = Release|Win32 - {E8ED79F9-8034-1B09-263E-D3F8C4C5C4A8}.Release|Win32.Build.0 = Release|Win32 - {E8ED79F9-8034-1B09-263E-D3F8C4C5C4A8}.Release|x64.ActiveCfg = Release|x64 - {E8ED79F9-8034-1B09-263E-D3F8C4C5C4A8}.Release|x64.Build.0 = Release|x64 - {A59FAA0B-9C34-1F99-794D-A365A3AA8CCE}.Debug|Win32.ActiveCfg = Debug|Win32 - {A59FAA0B-9C34-1F99-794D-A365A3AA8CCE}.Debug|Win32.Build.0 = Debug|Win32 - {A59FAA0B-9C34-1F99-794D-A365A3AA8CCE}.Debug|x64.ActiveCfg = Debug|x64 - {A59FAA0B-9C34-1F99-794D-A365A3AA8CCE}.Debug|x64.Build.0 = Debug|x64 - {A59FAA0B-9C34-1F99-794D-A365A3AA8CCE}.Release|Win32.ActiveCfg = Release|Win32 - {A59FAA0B-9C34-1F99-794D-A365A3AA8CCE}.Release|Win32.Build.0 = Release|Win32 - {A59FAA0B-9C34-1F99-794D-A365A3AA8CCE}.Release|x64.ActiveCfg = Release|x64 - {A59FAA0B-9C34-1F99-794D-A365A3AA8CCE}.Release|x64.Build.0 = Release|x64 - {1EC6CBA3-6187-D456-D9B7-A35399395D71}.Debug|Win32.ActiveCfg = Debug|Win32 - {1EC6CBA3-6187-D456-D9B7-A35399395D71}.Debug|Win32.Build.0 = Debug|Win32 - {1EC6CBA3-6187-D456-D9B7-A35399395D71}.Debug|x64.ActiveCfg = Debug|x64 - {1EC6CBA3-6187-D456-D9B7-A35399395D71}.Debug|x64.Build.0 = Debug|x64 - {1EC6CBA3-6187-D456-D9B7-A35399395D71}.Release|Win32.ActiveCfg = Release|Win32 - {1EC6CBA3-6187-D456-D9B7-A35399395D71}.Release|Win32.Build.0 = Release|Win32 - {1EC6CBA3-6187-D456-D9B7-A35399395D71}.Release|x64.ActiveCfg = Release|x64 - {1EC6CBA3-6187-D456-D9B7-A35399395D71}.Release|x64.Build.0 = Release|x64 - {55007179-7746-9CFB-97EC-65102FB272C8}.Debug|Win32.ActiveCfg = Debug|Win32 - {55007179-7746-9CFB-97EC-65102FB272C8}.Debug|Win32.Build.0 = Debug|Win32 - {55007179-7746-9CFB-97EC-65102FB272C8}.Debug|x64.ActiveCfg = Debug|x64 - {55007179-7746-9CFB-97EC-65102FB272C8}.Debug|x64.Build.0 = Debug|x64 - {55007179-7746-9CFB-97EC-65102FB272C8}.Release|Win32.ActiveCfg = Release|Win32 - {55007179-7746-9CFB-97EC-65102FB272C8}.Release|Win32.Build.0 = Release|Win32 - {55007179-7746-9CFB-97EC-65102FB272C8}.Release|x64.ActiveCfg = Release|x64 - {55007179-7746-9CFB-97EC-65102FB272C8}.Release|x64.Build.0 = Release|x64 - {F2E8CA55-597F-7FDC-6456-D8650FB970A3}.Debug|Win32.ActiveCfg = Debug|Win32 - {F2E8CA55-597F-7FDC-6456-D8650FB970A3}.Debug|Win32.Build.0 = Debug|Win32 - {F2E8CA55-597F-7FDC-6456-D8650FB970A3}.Debug|x64.ActiveCfg = Debug|x64 - {F2E8CA55-597F-7FDC-6456-D8650FB970A3}.Debug|x64.Build.0 = Debug|x64 - {F2E8CA55-597F-7FDC-6456-D8650FB970A3}.Release|Win32.ActiveCfg = Release|Win32 - {F2E8CA55-597F-7FDC-6456-D8650FB970A3}.Release|Win32.Build.0 = Release|Win32 - {F2E8CA55-597F-7FDC-6456-D8650FB970A3}.Release|x64.ActiveCfg = Release|x64 - {F2E8CA55-597F-7FDC-6456-D8650FB970A3}.Release|x64.Build.0 = Release|x64 - {C429B336-1B30-119C-3B34-21A186D6744F}.Debug|Win32.ActiveCfg = Debug|Win32 - {C429B336-1B30-119C-3B34-21A186D6744F}.Debug|Win32.Build.0 = Debug|Win32 - {C429B336-1B30-119C-3B34-21A186D6744F}.Debug|x64.ActiveCfg = Debug|x64 - {C429B336-1B30-119C-3B34-21A186D6744F}.Debug|x64.Build.0 = Debug|x64 - {C429B336-1B30-119C-3B34-21A186D6744F}.Release|Win32.ActiveCfg = Release|Win32 - {C429B336-1B30-119C-3B34-21A186D6744F}.Release|Win32.Build.0 = Release|Win32 - {C429B336-1B30-119C-3B34-21A186D6744F}.Release|x64.ActiveCfg = Release|x64 - {C429B336-1B30-119C-3B34-21A186D6744F}.Release|x64.Build.0 = Release|x64 - {E0D71D72-8DF4-CCFC-EF60-741EADAB8BF9}.Debug|Win32.ActiveCfg = Debug|Win32 - {E0D71D72-8DF4-CCFC-EF60-741EADAB8BF9}.Debug|Win32.Build.0 = Debug|Win32 - {E0D71D72-8DF4-CCFC-EF60-741EADAB8BF9}.Debug|x64.ActiveCfg = Debug|x64 - {E0D71D72-8DF4-CCFC-EF60-741EADAB8BF9}.Debug|x64.Build.0 = Debug|x64 - {E0D71D72-8DF4-CCFC-EF60-741EADAB8BF9}.Release|Win32.ActiveCfg = Release|Win32 - {E0D71D72-8DF4-CCFC-EF60-741EADAB8BF9}.Release|Win32.Build.0 = Release|Win32 - {E0D71D72-8DF4-CCFC-EF60-741EADAB8BF9}.Release|x64.ActiveCfg = Release|x64 - {E0D71D72-8DF4-CCFC-EF60-741EADAB8BF9}.Release|x64.Build.0 = Release|x64 - {D06CF12E-F222-9273-41BF-B8A052FA5527}.Debug|Win32.ActiveCfg = Debug|Win32 - {D06CF12E-F222-9273-41BF-B8A052FA5527}.Debug|Win32.Build.0 = Debug|Win32 - {D06CF12E-F222-9273-41BF-B8A052FA5527}.Debug|x64.ActiveCfg = Debug|x64 - {D06CF12E-F222-9273-41BF-B8A052FA5527}.Debug|x64.Build.0 = Debug|x64 - {D06CF12E-F222-9273-41BF-B8A052FA5527}.Release|Win32.ActiveCfg = Release|Win32 - {D06CF12E-F222-9273-41BF-B8A052FA5527}.Release|Win32.Build.0 = Release|Win32 - {D06CF12E-F222-9273-41BF-B8A052FA5527}.Release|x64.ActiveCfg = Release|x64 - {D06CF12E-F222-9273-41BF-B8A052FA5527}.Release|x64.Build.0 = Release|x64 - {F472475C-F677-0E7F-F127-45BF5B64F622}.Debug|Win32.ActiveCfg = Debug|Win32 - {F472475C-F677-0E7F-F127-45BF5B64F622}.Debug|Win32.Build.0 = Debug|Win32 - {F472475C-F677-0E7F-F127-45BF5B64F622}.Debug|x64.ActiveCfg = Debug|x64 - {F472475C-F677-0E7F-F127-45BF5B64F622}.Debug|x64.Build.0 = Debug|x64 - {F472475C-F677-0E7F-F127-45BF5B64F622}.Release|Win32.ActiveCfg = Release|Win32 - {F472475C-F677-0E7F-F127-45BF5B64F622}.Release|Win32.Build.0 = Release|Win32 - {F472475C-F677-0E7F-F127-45BF5B64F622}.Release|x64.ActiveCfg = Release|x64 - {F472475C-F677-0E7F-F127-45BF5B64F622}.Release|x64.Build.0 = Release|x64 - {10790F49-6887-AAB6-2D86-BCBD516F8D26}.Debug|Win32.ActiveCfg = Debug|Win32 - {10790F49-6887-AAB6-2D86-BCBD516F8D26}.Debug|Win32.Build.0 = Debug|Win32 - {10790F49-6887-AAB6-2D86-BCBD516F8D26}.Debug|x64.ActiveCfg = Debug|x64 - {10790F49-6887-AAB6-2D86-BCBD516F8D26}.Debug|x64.Build.0 = Debug|x64 - {10790F49-6887-AAB6-2D86-BCBD516F8D26}.Release|Win32.ActiveCfg = Release|Win32 - {10790F49-6887-AAB6-2D86-BCBD516F8D26}.Release|Win32.Build.0 = Release|Win32 - {10790F49-6887-AAB6-2D86-BCBD516F8D26}.Release|x64.ActiveCfg = Release|x64 - {10790F49-6887-AAB6-2D86-BCBD516F8D26}.Release|x64.Build.0 = Release|x64 - {DCD3A1B6-5EC1-8266-93EF-BD2B9BEFE12D}.Debug|Win32.ActiveCfg = Debug|Win32 - {DCD3A1B6-5EC1-8266-93EF-BD2B9BEFE12D}.Debug|Win32.Build.0 = Debug|Win32 - {DCD3A1B6-5EC1-8266-93EF-BD2B9BEFE12D}.Debug|x64.ActiveCfg = Debug|x64 - {DCD3A1B6-5EC1-8266-93EF-BD2B9BEFE12D}.Debug|x64.Build.0 = Debug|x64 - {DCD3A1B6-5EC1-8266-93EF-BD2B9BEFE12D}.Release|Win32.ActiveCfg = Release|Win32 - {DCD3A1B6-5EC1-8266-93EF-BD2B9BEFE12D}.Release|Win32.Build.0 = Release|Win32 - {DCD3A1B6-5EC1-8266-93EF-BD2B9BEFE12D}.Release|x64.ActiveCfg = Release|x64 - {DCD3A1B6-5EC1-8266-93EF-BD2B9BEFE12D}.Release|x64.Build.0 = Release|x64 - {689E28CF-89ED-BA38-3A14-78A75D891D46}.Debug|Win32.ActiveCfg = Debug|Win32 - {689E28CF-89ED-BA38-3A14-78A75D891D46}.Debug|Win32.Build.0 = Debug|Win32 - {689E28CF-89ED-BA38-3A14-78A75D891D46}.Debug|x64.ActiveCfg = Debug|x64 - {689E28CF-89ED-BA38-3A14-78A75D891D46}.Debug|x64.Build.0 = Debug|x64 - {689E28CF-89ED-BA38-3A14-78A75D891D46}.Release|Win32.ActiveCfg = Release|Win32 - {689E28CF-89ED-BA38-3A14-78A75D891D46}.Release|Win32.Build.0 = Release|Win32 - {689E28CF-89ED-BA38-3A14-78A75D891D46}.Release|x64.ActiveCfg = Release|x64 - {689E28CF-89ED-BA38-3A14-78A75D891D46}.Release|x64.Build.0 = Release|x64 - {95C50864-854C-2A11-4C91-BCE654E344FB}.Debug|Win32.ActiveCfg = Debug|Win32 - {95C50864-854C-2A11-4C91-BCE654E344FB}.Debug|Win32.Build.0 = Debug|Win32 - {95C50864-854C-2A11-4C91-BCE654E344FB}.Debug|x64.ActiveCfg = Debug|x64 - {95C50864-854C-2A11-4C91-BCE654E344FB}.Debug|x64.Build.0 = Debug|x64 - {95C50864-854C-2A11-4C91-BCE654E344FB}.Release|Win32.ActiveCfg = Release|Win32 - {95C50864-854C-2A11-4C91-BCE654E344FB}.Release|Win32.Build.0 = Release|Win32 - {95C50864-854C-2A11-4C91-BCE654E344FB}.Release|x64.ActiveCfg = Release|x64 - {95C50864-854C-2A11-4C91-BCE654E344FB}.Release|x64.Build.0 = Release|x64 - {020C31BD-C4DF-BABA-E537-F517C4E98537}.Debug|Win32.ActiveCfg = Debug|Win32 - {020C31BD-C4DF-BABA-E537-F517C4E98537}.Debug|Win32.Build.0 = Debug|Win32 - {020C31BD-C4DF-BABA-E537-F517C4E98537}.Debug|x64.ActiveCfg = Debug|x64 - {020C31BD-C4DF-BABA-E537-F517C4E98537}.Debug|x64.Build.0 = Debug|x64 - {020C31BD-C4DF-BABA-E537-F517C4E98537}.Release|Win32.ActiveCfg = Release|Win32 - {020C31BD-C4DF-BABA-E537-F517C4E98537}.Release|Win32.Build.0 = Release|Win32 - {020C31BD-C4DF-BABA-E537-F517C4E98537}.Release|x64.ActiveCfg = Release|x64 - {020C31BD-C4DF-BABA-E537-F517C4E98537}.Release|x64.Build.0 = Release|x64 - {778777A0-393D-45E8-83C1-EAF487236F1F}.Debug|Win32.ActiveCfg = Debug|Win32 - {778777A0-393D-45E8-83C1-EAF487236F1F}.Debug|Win32.Build.0 = Debug|Win32 - {778777A0-393D-45E8-83C1-EAF487236F1F}.Debug|x64.ActiveCfg = Debug|x64 - {778777A0-393D-45E8-83C1-EAF487236F1F}.Debug|x64.Build.0 = Debug|x64 - {778777A0-393D-45E8-83C1-EAF487236F1F}.Release|Win32.ActiveCfg = Release|Win32 - {778777A0-393D-45E8-83C1-EAF487236F1F}.Release|Win32.Build.0 = Release|Win32 - {778777A0-393D-45E8-83C1-EAF487236F1F}.Release|x64.ActiveCfg = Release|x64 - {778777A0-393D-45E8-83C1-EAF487236F1F}.Release|x64.Build.0 = Release|x64 - {A0BAD8F0-69B5-8382-86ED-C36ACBE54117}.Debug|Win32.ActiveCfg = Debug|Win32 - {A0BAD8F0-69B5-8382-86ED-C36ACBE54117}.Debug|Win32.Build.0 = Debug|Win32 - {A0BAD8F0-69B5-8382-86ED-C36ACBE54117}.Debug|x64.ActiveCfg = Debug|x64 - {A0BAD8F0-69B5-8382-86ED-C36ACBE54117}.Debug|x64.Build.0 = Debug|x64 - {A0BAD8F0-69B5-8382-86ED-C36ACBE54117}.Release|Win32.ActiveCfg = Release|Win32 - {A0BAD8F0-69B5-8382-86ED-C36ACBE54117}.Release|Win32.Build.0 = Release|Win32 - {A0BAD8F0-69B5-8382-86ED-C36ACBE54117}.Release|x64.ActiveCfg = Release|x64 - {A0BAD8F0-69B5-8382-86ED-C36ACBE54117}.Release|x64.Build.0 = Release|x64 - {DE695064-13C3-18B0-378D-8B22672BF3F4}.Debug|Win32.ActiveCfg = Debug|Win32 - {DE695064-13C3-18B0-378D-8B22672BF3F4}.Debug|Win32.Build.0 = Debug|Win32 - {DE695064-13C3-18B0-378D-8B22672BF3F4}.Debug|x64.ActiveCfg = Debug|x64 - {DE695064-13C3-18B0-378D-8B22672BF3F4}.Debug|x64.Build.0 = Debug|x64 - {DE695064-13C3-18B0-378D-8B22672BF3F4}.Release|Win32.ActiveCfg = Release|Win32 - {DE695064-13C3-18B0-378D-8B22672BF3F4}.Release|Win32.Build.0 = Release|Win32 - {DE695064-13C3-18B0-378D-8B22672BF3F4}.Release|x64.ActiveCfg = Release|x64 - {DE695064-13C3-18B0-378D-8B22672BF3F4}.Release|x64.Build.0 = Release|x64 - {5FCC71F6-FF33-EBCF-FBA2-8FC783D5318E}.Debug|Win32.ActiveCfg = Debug|Win32 - {5FCC71F6-FF33-EBCF-FBA2-8FC783D5318E}.Debug|Win32.Build.0 = Debug|Win32 - {5FCC71F6-FF33-EBCF-FBA2-8FC783D5318E}.Debug|x64.ActiveCfg = Debug|x64 - {5FCC71F6-FF33-EBCF-FBA2-8FC783D5318E}.Debug|x64.Build.0 = Debug|x64 - {5FCC71F6-FF33-EBCF-FBA2-8FC783D5318E}.Release|Win32.ActiveCfg = Release|Win32 - {5FCC71F6-FF33-EBCF-FBA2-8FC783D5318E}.Release|Win32.Build.0 = Release|Win32 - {5FCC71F6-FF33-EBCF-FBA2-8FC783D5318E}.Release|x64.ActiveCfg = Release|x64 - {5FCC71F6-FF33-EBCF-FBA2-8FC783D5318E}.Release|x64.Build.0 = Release|x64 - {FE7AB78F-DBF1-0721-3522-0D7C3011D2E5}.Debug|Win32.ActiveCfg = Debug|Win32 - {FE7AB78F-DBF1-0721-3522-0D7C3011D2E5}.Debug|Win32.Build.0 = Debug|Win32 - {FE7AB78F-DBF1-0721-3522-0D7C3011D2E5}.Debug|x64.ActiveCfg = Debug|x64 - {FE7AB78F-DBF1-0721-3522-0D7C3011D2E5}.Debug|x64.Build.0 = Debug|x64 - {FE7AB78F-DBF1-0721-3522-0D7C3011D2E5}.Release|Win32.ActiveCfg = Release|Win32 - {FE7AB78F-DBF1-0721-3522-0D7C3011D2E5}.Release|Win32.Build.0 = Release|Win32 - {FE7AB78F-DBF1-0721-3522-0D7C3011D2E5}.Release|x64.ActiveCfg = Release|x64 - {FE7AB78F-DBF1-0721-3522-0D7C3011D2E5}.Release|x64.Build.0 = Release|x64 - {BFE89EAA-D98B-34E1-C5A4-4080F6FFE317}.Debug|Win32.ActiveCfg = Debug|Win32 - {BFE89EAA-D98B-34E1-C5A4-4080F6FFE317}.Debug|Win32.Build.0 = Debug|Win32 - {BFE89EAA-D98B-34E1-C5A4-4080F6FFE317}.Debug|x64.ActiveCfg = Debug|x64 - {BFE89EAA-D98B-34E1-C5A4-4080F6FFE317}.Debug|x64.Build.0 = Debug|x64 - {BFE89EAA-D98B-34E1-C5A4-4080F6FFE317}.Release|Win32.ActiveCfg = Release|Win32 - {BFE89EAA-D98B-34E1-C5A4-4080F6FFE317}.Release|Win32.Build.0 = Release|Win32 - {BFE89EAA-D98B-34E1-C5A4-4080F6FFE317}.Release|x64.ActiveCfg = Release|x64 - {BFE89EAA-D98B-34E1-C5A4-4080F6FFE317}.Release|x64.Build.0 = Release|x64 - {C4FE29EA-266D-5295-4840-976B9B5B3843}.Debug|Win32.ActiveCfg = Debug|Win32 - {C4FE29EA-266D-5295-4840-976B9B5B3843}.Debug|Win32.Build.0 = Debug|Win32 - {C4FE29EA-266D-5295-4840-976B9B5B3843}.Debug|x64.ActiveCfg = Debug|x64 - {C4FE29EA-266D-5295-4840-976B9B5B3843}.Debug|x64.Build.0 = Debug|x64 - {C4FE29EA-266D-5295-4840-976B9B5B3843}.Release|Win32.ActiveCfg = Release|Win32 - {C4FE29EA-266D-5295-4840-976B9B5B3843}.Release|Win32.Build.0 = Release|Win32 - {C4FE29EA-266D-5295-4840-976B9B5B3843}.Release|x64.ActiveCfg = Release|x64 - {C4FE29EA-266D-5295-4840-976B9B5B3843}.Release|x64.Build.0 = Release|x64 - {487A2F80-3CA3-678D-88D5-82194872CF08}.Debug|Win32.ActiveCfg = Debug|Win32 - {487A2F80-3CA3-678D-88D5-82194872CF08}.Debug|Win32.Build.0 = Debug|Win32 - {487A2F80-3CA3-678D-88D5-82194872CF08}.Debug|x64.ActiveCfg = Debug|x64 - {487A2F80-3CA3-678D-88D5-82194872CF08}.Debug|x64.Build.0 = Debug|x64 - {487A2F80-3CA3-678D-88D5-82194872CF08}.Release|Win32.ActiveCfg = Release|Win32 - {487A2F80-3CA3-678D-88D5-82194872CF08}.Release|Win32.Build.0 = Release|Win32 - {487A2F80-3CA3-678D-88D5-82194872CF08}.Release|x64.ActiveCfg = Release|x64 - {487A2F80-3CA3-678D-88D5-82194872CF08}.Release|x64.Build.0 = Release|x64 - {4E590E9D-E28F-87FF-385B-D58736388231}.Debug|Win32.ActiveCfg = Debug|Win32 - {4E590E9D-E28F-87FF-385B-D58736388231}.Debug|Win32.Build.0 = Debug|Win32 - {4E590E9D-E28F-87FF-385B-D58736388231}.Debug|x64.ActiveCfg = Debug|x64 - {4E590E9D-E28F-87FF-385B-D58736388231}.Debug|x64.Build.0 = Debug|x64 - {4E590E9D-E28F-87FF-385B-D58736388231}.Release|Win32.ActiveCfg = Release|Win32 - {4E590E9D-E28F-87FF-385B-D58736388231}.Release|Win32.Build.0 = Release|Win32 - {4E590E9D-E28F-87FF-385B-D58736388231}.Release|x64.ActiveCfg = Release|x64 - {4E590E9D-E28F-87FF-385B-D58736388231}.Release|x64.Build.0 = Release|x64 - {017ECC7D-FB6D-46D8-076B-F64172E8E3BC}.Debug|Win32.ActiveCfg = Debug|Win32 - {017ECC7D-FB6D-46D8-076B-F64172E8E3BC}.Debug|Win32.Build.0 = Debug|Win32 - {017ECC7D-FB6D-46D8-076B-F64172E8E3BC}.Debug|x64.ActiveCfg = Debug|x64 - {017ECC7D-FB6D-46D8-076B-F64172E8E3BC}.Debug|x64.Build.0 = Debug|x64 - {017ECC7D-FB6D-46D8-076B-F64172E8E3BC}.Release|Win32.ActiveCfg = Release|Win32 - {017ECC7D-FB6D-46D8-076B-F64172E8E3BC}.Release|Win32.Build.0 = Release|Win32 - {017ECC7D-FB6D-46D8-076B-F64172E8E3BC}.Release|x64.ActiveCfg = Release|x64 - {017ECC7D-FB6D-46D8-076B-F64172E8E3BC}.Release|x64.Build.0 = Release|x64 - {918CD402-047D-8467-E11C-E1132053F916}.Debug|Win32.ActiveCfg = Debug|Win32 - {918CD402-047D-8467-E11C-E1132053F916}.Debug|Win32.Build.0 = Debug|Win32 - {918CD402-047D-8467-E11C-E1132053F916}.Debug|x64.ActiveCfg = Debug|x64 - {918CD402-047D-8467-E11C-E1132053F916}.Debug|x64.Build.0 = Debug|x64 - {918CD402-047D-8467-E11C-E1132053F916}.Release|Win32.ActiveCfg = Release|Win32 - {918CD402-047D-8467-E11C-E1132053F916}.Release|Win32.Build.0 = Release|Win32 - {918CD402-047D-8467-E11C-E1132053F916}.Release|x64.ActiveCfg = Release|x64 - {918CD402-047D-8467-E11C-E1132053F916}.Release|x64.Build.0 = Release|x64 - {7C4863A1-941A-C5AE-E1F9-30F062E4B2FD}.Debug|Win32.ActiveCfg = Debug|Win32 - {7C4863A1-941A-C5AE-E1F9-30F062E4B2FD}.Debug|Win32.Build.0 = Debug|Win32 - {7C4863A1-941A-C5AE-E1F9-30F062E4B2FD}.Debug|x64.ActiveCfg = Debug|x64 - {7C4863A1-941A-C5AE-E1F9-30F062E4B2FD}.Debug|x64.Build.0 = Debug|x64 - {7C4863A1-941A-C5AE-E1F9-30F062E4B2FD}.Release|Win32.ActiveCfg = Release|Win32 - {7C4863A1-941A-C5AE-E1F9-30F062E4B2FD}.Release|Win32.Build.0 = Release|Win32 - {7C4863A1-941A-C5AE-E1F9-30F062E4B2FD}.Release|x64.ActiveCfg = Release|x64 - {7C4863A1-941A-C5AE-E1F9-30F062E4B2FD}.Release|x64.Build.0 = Release|x64 - {E08E0065-896A-7487-DEA5-D3B80B71F975}.Debug|Win32.ActiveCfg = Debug|Win32 - {E08E0065-896A-7487-DEA5-D3B80B71F975}.Debug|Win32.Build.0 = Debug|Win32 - {E08E0065-896A-7487-DEA5-D3B80B71F975}.Debug|x64.ActiveCfg = Debug|x64 - {E08E0065-896A-7487-DEA5-D3B80B71F975}.Debug|x64.Build.0 = Debug|x64 - {E08E0065-896A-7487-DEA5-D3B80B71F975}.Release|Win32.ActiveCfg = Release|Win32 - {E08E0065-896A-7487-DEA5-D3B80B71F975}.Release|Win32.Build.0 = Release|Win32 - {E08E0065-896A-7487-DEA5-D3B80B71F975}.Release|x64.ActiveCfg = Release|x64 - {E08E0065-896A-7487-DEA5-D3B80B71F975}.Release|x64.Build.0 = Release|x64 - {A4DA7463-1047-BDF5-E1B3-5632CB573F41}.Debug|Win32.ActiveCfg = Debug|Win32 - {A4DA7463-1047-BDF5-E1B3-5632CB573F41}.Debug|Win32.Build.0 = Debug|Win32 - {A4DA7463-1047-BDF5-E1B3-5632CB573F41}.Debug|x64.ActiveCfg = Debug|x64 - {A4DA7463-1047-BDF5-E1B3-5632CB573F41}.Debug|x64.Build.0 = Debug|x64 - {A4DA7463-1047-BDF5-E1B3-5632CB573F41}.Release|Win32.ActiveCfg = Release|Win32 - {A4DA7463-1047-BDF5-E1B3-5632CB573F41}.Release|Win32.Build.0 = Release|Win32 - {A4DA7463-1047-BDF5-E1B3-5632CB573F41}.Release|x64.ActiveCfg = Release|x64 - {A4DA7463-1047-BDF5-E1B3-5632CB573F41}.Release|x64.Build.0 = Release|x64 - {90EFD9A4-C6B0-3EE8-1F06-0A0E0D55AEDA}.Debug|Win32.ActiveCfg = Debug|Win32 - {90EFD9A4-C6B0-3EE8-1F06-0A0E0D55AEDA}.Debug|Win32.Build.0 = Debug|Win32 - {90EFD9A4-C6B0-3EE8-1F06-0A0E0D55AEDA}.Debug|x64.ActiveCfg = Debug|x64 - {90EFD9A4-C6B0-3EE8-1F06-0A0E0D55AEDA}.Debug|x64.Build.0 = Debug|x64 - {90EFD9A4-C6B0-3EE8-1F06-0A0E0D55AEDA}.Release|Win32.ActiveCfg = Release|Win32 - {90EFD9A4-C6B0-3EE8-1F06-0A0E0D55AEDA}.Release|Win32.Build.0 = Release|Win32 - {90EFD9A4-C6B0-3EE8-1F06-0A0E0D55AEDA}.Release|x64.ActiveCfg = Release|x64 - {90EFD9A4-C6B0-3EE8-1F06-0A0E0D55AEDA}.Release|x64.Build.0 = Release|x64 - {D6F58AF2-9D80-562A-E2B0-F743281522B9}.Debug|Win32.ActiveCfg = Debug|Win32 - {D6F58AF2-9D80-562A-E2B0-F743281522B9}.Debug|Win32.Build.0 = Debug|Win32 - {D6F58AF2-9D80-562A-E2B0-F743281522B9}.Debug|x64.ActiveCfg = Debug|x64 - {D6F58AF2-9D80-562A-E2B0-F743281522B9}.Debug|x64.Build.0 = Debug|x64 - {D6F58AF2-9D80-562A-E2B0-F743281522B9}.Release|Win32.ActiveCfg = Release|Win32 - {D6F58AF2-9D80-562A-E2B0-F743281522B9}.Release|Win32.Build.0 = Release|Win32 - {D6F58AF2-9D80-562A-E2B0-F743281522B9}.Release|x64.ActiveCfg = Release|x64 - {D6F58AF2-9D80-562A-E2B0-F743281522B9}.Release|x64.Build.0 = Release|x64 - {7DBC5F77-3DA1-5F73-8421-E693D95FC66A}.Debug|Win32.ActiveCfg = Debug|Win32 - {7DBC5F77-3DA1-5F73-8421-E693D95FC66A}.Debug|Win32.Build.0 = Debug|Win32 - {7DBC5F77-3DA1-5F73-8421-E693D95FC66A}.Debug|x64.ActiveCfg = Debug|x64 - {7DBC5F77-3DA1-5F73-8421-E693D95FC66A}.Debug|x64.Build.0 = Debug|x64 - {7DBC5F77-3DA1-5F73-8421-E693D95FC66A}.Release|Win32.ActiveCfg = Release|Win32 - {7DBC5F77-3DA1-5F73-8421-E693D95FC66A}.Release|Win32.Build.0 = Release|Win32 - {7DBC5F77-3DA1-5F73-8421-E693D95FC66A}.Release|x64.ActiveCfg = Release|x64 - {7DBC5F77-3DA1-5F73-8421-E693D95FC66A}.Release|x64.Build.0 = Release|x64 - {7E2C80FE-3CC3-82B4-0CAD-65DC233DE13A}.Debug|Win32.ActiveCfg = Debug|Win32 - {7E2C80FE-3CC3-82B4-0CAD-65DC233DE13A}.Debug|Win32.Build.0 = Debug|Win32 - {7E2C80FE-3CC3-82B4-0CAD-65DC233DE13A}.Debug|x64.ActiveCfg = Debug|x64 - {7E2C80FE-3CC3-82B4-0CAD-65DC233DE13A}.Debug|x64.Build.0 = Debug|x64 - {7E2C80FE-3CC3-82B4-0CAD-65DC233DE13A}.Release|Win32.ActiveCfg = Release|Win32 - {7E2C80FE-3CC3-82B4-0CAD-65DC233DE13A}.Release|Win32.Build.0 = Release|Win32 - {7E2C80FE-3CC3-82B4-0CAD-65DC233DE13A}.Release|x64.ActiveCfg = Release|x64 - {7E2C80FE-3CC3-82B4-0CAD-65DC233DE13A}.Release|x64.Build.0 = Release|x64 - {10C01E94-4926-063E-9F56-C84ED190D349}.Debug|Win32.ActiveCfg = Debug|Win32 - {10C01E94-4926-063E-9F56-C84ED190D349}.Debug|Win32.Build.0 = Debug|Win32 - {10C01E94-4926-063E-9F56-C84ED190D349}.Debug|x64.ActiveCfg = Debug|x64 - {10C01E94-4926-063E-9F56-C84ED190D349}.Debug|x64.Build.0 = Debug|x64 - {10C01E94-4926-063E-9F56-C84ED190D349}.Release|Win32.ActiveCfg = Release|Win32 - {10C01E94-4926-063E-9F56-C84ED190D349}.Release|Win32.Build.0 = Release|Win32 - {10C01E94-4926-063E-9F56-C84ED190D349}.Release|x64.ActiveCfg = Release|x64 - {10C01E94-4926-063E-9F56-C84ED190D349}.Release|x64.Build.0 = Release|x64 - {D3C6FBD6-D78E-7180-8345-5E09B492DBEC}.Debug|Win32.ActiveCfg = Debug|Win32 - {D3C6FBD6-D78E-7180-8345-5E09B492DBEC}.Debug|Win32.Build.0 = Debug|Win32 - {D3C6FBD6-D78E-7180-8345-5E09B492DBEC}.Debug|x64.ActiveCfg = Debug|x64 - {D3C6FBD6-D78E-7180-8345-5E09B492DBEC}.Debug|x64.Build.0 = Debug|x64 - {D3C6FBD6-D78E-7180-8345-5E09B492DBEC}.Release|Win32.ActiveCfg = Release|Win32 - {D3C6FBD6-D78E-7180-8345-5E09B492DBEC}.Release|Win32.Build.0 = Release|Win32 - {D3C6FBD6-D78E-7180-8345-5E09B492DBEC}.Release|x64.ActiveCfg = Release|x64 - {D3C6FBD6-D78E-7180-8345-5E09B492DBEC}.Release|x64.Build.0 = Release|x64 - {23EF735C-CC4C-3EC4-A75E-903DB340F04A}.Debug|Win32.ActiveCfg = Debug|Win32 - {23EF735C-CC4C-3EC4-A75E-903DB340F04A}.Debug|Win32.Build.0 = Debug|Win32 - {23EF735C-CC4C-3EC4-A75E-903DB340F04A}.Debug|x64.ActiveCfg = Debug|x64 - {23EF735C-CC4C-3EC4-A75E-903DB340F04A}.Debug|x64.Build.0 = Debug|x64 - {23EF735C-CC4C-3EC4-A75E-903DB340F04A}.Release|Win32.ActiveCfg = Release|Win32 - {23EF735C-CC4C-3EC4-A75E-903DB340F04A}.Release|Win32.Build.0 = Release|Win32 - {23EF735C-CC4C-3EC4-A75E-903DB340F04A}.Release|x64.ActiveCfg = Release|x64 - {23EF735C-CC4C-3EC4-A75E-903DB340F04A}.Release|x64.Build.0 = Release|x64 - {D4D691D4-137C-CBFA-735B-D46636D7E4D8}.Debug|Win32.ActiveCfg = Debug|Win32 - {D4D691D4-137C-CBFA-735B-D46636D7E4D8}.Debug|Win32.Build.0 = Debug|Win32 - {D4D691D4-137C-CBFA-735B-D46636D7E4D8}.Debug|x64.ActiveCfg = Debug|x64 - {D4D691D4-137C-CBFA-735B-D46636D7E4D8}.Debug|x64.Build.0 = Debug|x64 - {D4D691D4-137C-CBFA-735B-D46636D7E4D8}.Release|Win32.ActiveCfg = Release|Win32 - {D4D691D4-137C-CBFA-735B-D46636D7E4D8}.Release|Win32.Build.0 = Release|Win32 - {D4D691D4-137C-CBFA-735B-D46636D7E4D8}.Release|x64.ActiveCfg = Release|x64 - {D4D691D4-137C-CBFA-735B-D46636D7E4D8}.Release|x64.Build.0 = Release|x64 - {C9E2AB15-8AEF-DD48-60C3-557ECC5215BE}.Debug|Win32.ActiveCfg = Debug|Win32 - {C9E2AB15-8AEF-DD48-60C3-557ECC5215BE}.Debug|Win32.Build.0 = Debug|Win32 - {C9E2AB15-8AEF-DD48-60C3-557ECC5215BE}.Debug|x64.ActiveCfg = Debug|x64 - {C9E2AB15-8AEF-DD48-60C3-557ECC5215BE}.Debug|x64.Build.0 = Debug|x64 - {C9E2AB15-8AEF-DD48-60C3-557ECC5215BE}.Release|Win32.ActiveCfg = Release|Win32 - {C9E2AB15-8AEF-DD48-60C3-557ECC5215BE}.Release|Win32.Build.0 = Release|Win32 - {C9E2AB15-8AEF-DD48-60C3-557ECC5215BE}.Release|x64.ActiveCfg = Release|x64 - {C9E2AB15-8AEF-DD48-60C3-557ECC5215BE}.Release|x64.Build.0 = Release|x64 - {35E52E46-3BA9-4361-41D3-53663C2E9B8A}.Debug|Win32.ActiveCfg = Debug|Win32 - {35E52E46-3BA9-4361-41D3-53663C2E9B8A}.Debug|Win32.Build.0 = Debug|Win32 - {35E52E46-3BA9-4361-41D3-53663C2E9B8A}.Debug|x64.ActiveCfg = Debug|x64 - {35E52E46-3BA9-4361-41D3-53663C2E9B8A}.Debug|x64.Build.0 = Debug|x64 - {35E52E46-3BA9-4361-41D3-53663C2E9B8A}.Release|Win32.ActiveCfg = Release|Win32 - {35E52E46-3BA9-4361-41D3-53663C2E9B8A}.Release|Win32.Build.0 = Release|Win32 - {35E52E46-3BA9-4361-41D3-53663C2E9B8A}.Release|x64.ActiveCfg = Release|x64 - {35E52E46-3BA9-4361-41D3-53663C2E9B8A}.Release|x64.Build.0 = Release|x64 - {DB904B85-AD31-B7FB-114F-88760CC485F2}.Debug|Win32.ActiveCfg = Debug|Win32 - {DB904B85-AD31-B7FB-114F-88760CC485F2}.Debug|Win32.Build.0 = Debug|Win32 - {DB904B85-AD31-B7FB-114F-88760CC485F2}.Debug|x64.ActiveCfg = Debug|x64 - {DB904B85-AD31-B7FB-114F-88760CC485F2}.Debug|x64.Build.0 = Debug|x64 - {DB904B85-AD31-B7FB-114F-88760CC485F2}.Release|Win32.ActiveCfg = Release|Win32 - {DB904B85-AD31-B7FB-114F-88760CC485F2}.Release|Win32.Build.0 = Release|Win32 - {DB904B85-AD31-B7FB-114F-88760CC485F2}.Release|x64.ActiveCfg = Release|x64 - {DB904B85-AD31-B7FB-114F-88760CC485F2}.Release|x64.Build.0 = Release|x64 - {486B1375-5CFA-C2D2-DD89-C9F497BADCB3}.Debug|Win32.ActiveCfg = Debug|Win32 - {486B1375-5CFA-C2D2-DD89-C9F497BADCB3}.Debug|Win32.Build.0 = Debug|Win32 - {486B1375-5CFA-C2D2-DD89-C9F497BADCB3}.Debug|x64.ActiveCfg = Debug|x64 - {486B1375-5CFA-C2D2-DD89-C9F497BADCB3}.Debug|x64.Build.0 = Debug|x64 - {486B1375-5CFA-C2D2-DD89-C9F497BADCB3}.Release|Win32.ActiveCfg = Release|Win32 - {486B1375-5CFA-C2D2-DD89-C9F497BADCB3}.Release|Win32.Build.0 = Release|Win32 - {486B1375-5CFA-C2D2-DD89-C9F497BADCB3}.Release|x64.ActiveCfg = Release|x64 - {486B1375-5CFA-C2D2-DD89-C9F497BADCB3}.Release|x64.Build.0 = Release|x64 - EndGlobalSection - GlobalSection(SolutionProperties) = preSolution - HideSolutionNode = FALSE - EndGlobalSection -EndGlobal diff --git a/visualc/VS2010/mbedTLS.vcxproj b/visualc/VS2010/mbedTLS.vcxproj deleted file mode 100644 index c2f106373e..0000000000 --- a/visualc/VS2010/mbedTLS.vcxproj +++ /dev/null @@ -1,400 +0,0 @@ - - - - - Debug - Win32 - - - Debug - x64 - - - Release - Win32 - - - Release - x64 - - - - {46CF2D25-6A36-4189-B59C-E4815388E554} - Win32Proj - mbedTLS - - - - StaticLibrary - true - Unicode - - - StaticLibrary - true - Unicode - - - StaticLibrary - false - true - Unicode - - - StaticLibrary - false - true - Unicode - - - - - - - - - - - - - - - - - - - true - $(Configuration)\$(TargetName)\ - - - true - $(Configuration)\$(TargetName)\ - - - false - $(Configuration)\$(TargetName)\ - - - false - $(Configuration)\$(TargetName)\ - - - - Level3 - Disabled - _USRDLL;MBEDTLS_EXPORTS;KRML_VERIFIED_UINT128;%(PreprocessorDefinitions) - -../../library;../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include - CompileAsC - - - Windows - true - - - - - Level3 - Disabled - _USRDLL;MBEDTLS_EXPORTS;KRML_VERIFIED_UINT128;%(PreprocessorDefinitions) - -../../library;../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include - CompileAsC - - - Windows - true - - - - - Level3 - MaxSpeed - true - true - NDEBUG;_USRDLL;MBEDTLS_EXPORTS;KRML_VERIFIED_UINT128;%(PreprocessorDefinitions) - -../../library;../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include - - - Windows - true - true - true - - - - - Level3 - MaxSpeed - true - true - WIN64;NDEBUG;_WINDOWS;_USRDLL;MBEDTLS_EXPORTS;KRML_VERIFIED_UINT128;%(PreprocessorDefinitions) - -../../library;../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include - - - Windows - true - true - true - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/visualc/VS2010/mini_client.vcxproj b/visualc/VS2010/mini_client.vcxproj deleted file mode 100644 index e4ee166bf7..0000000000 --- a/visualc/VS2010/mini_client.vcxproj +++ /dev/null @@ -1,167 +0,0 @@ - - - - - Debug - Win32 - - - Debug - x64 - - - Release - Win32 - - - Release - x64 - - - - - - - - {46cf2d25-6a36-4189-b59c-e4815388e554} - true - - - - {C4FE29EA-266D-5295-4840-976B9B5B3843} - Win32Proj - mini_client - - - - Application - true - Unicode - - - Application - true - Unicode - - - Application - false - true - Unicode - - - Application - false - true - Unicode - - - - - - - - - - - - - - - - - - - true - $(Configuration)\$(TargetName)\ - - - true - $(Configuration)\$(TargetName)\ - - - false - $(Configuration)\$(TargetName)\ - - - false - $(Configuration)\$(TargetName)\ - - - - Level3 - Disabled - %(PreprocessorDefinitions) - -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include - - - Console - true - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) - Debug - - - false - - - - - Level3 - Disabled - %(PreprocessorDefinitions) - -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include - - - Console - true - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) - Debug - - - false - - - - - Level3 - MaxSpeed - true - true - NDEBUG;%(PreprocessorDefinitions) - -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include - - - Console - true - true - true - Release - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) - - - - - Level3 - MaxSpeed - true - true - NDEBUG;%(PreprocessorDefinitions) - -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include - - - Console - true - true - true - Release - %(AdditionalDependencies); - - - - - - diff --git a/visualc/VS2010/mpi_demo.vcxproj b/visualc/VS2010/mpi_demo.vcxproj deleted file mode 100644 index b0fee89c37..0000000000 --- a/visualc/VS2010/mpi_demo.vcxproj +++ /dev/null @@ -1,167 +0,0 @@ - - - - - Debug - Win32 - - - Debug - x64 - - - Release - Win32 - - - Release - x64 - - - - - - - - {46cf2d25-6a36-4189-b59c-e4815388e554} - true - - - - {A59FAA0B-9C34-1F99-794D-A365A3AA8CCE} - Win32Proj - mpi_demo - - - - Application - true - Unicode - - - Application - true - Unicode - - - Application - false - true - Unicode - - - Application - false - true - Unicode - - - - - - - - - - - - - - - - - - - true - $(Configuration)\$(TargetName)\ - - - true - $(Configuration)\$(TargetName)\ - - - false - $(Configuration)\$(TargetName)\ - - - false - $(Configuration)\$(TargetName)\ - - - - Level3 - Disabled - %(PreprocessorDefinitions) - -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include - - - Console - true - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) - Debug - - - false - - - - - Level3 - Disabled - %(PreprocessorDefinitions) - -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include - - - Console - true - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) - Debug - - - false - - - - - Level3 - MaxSpeed - true - true - NDEBUG;%(PreprocessorDefinitions) - -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include - - - Console - true - true - true - Release - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) - - - - - Level3 - MaxSpeed - true - true - NDEBUG;%(PreprocessorDefinitions) - -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include - - - Console - true - true - true - Release - %(AdditionalDependencies); - - - - - - diff --git a/visualc/VS2010/pem2der.vcxproj b/visualc/VS2010/pem2der.vcxproj deleted file mode 100644 index 84c2e8c0aa..0000000000 --- a/visualc/VS2010/pem2der.vcxproj +++ /dev/null @@ -1,167 +0,0 @@ - - - - - Debug - Win32 - - - Debug - x64 - - - Release - Win32 - - - Release - x64 - - - - - - - - {46cf2d25-6a36-4189-b59c-e4815388e554} - true - - - - {D3C6FBD6-D78E-7180-8345-5E09B492DBEC} - Win32Proj - pem2der - - - - Application - true - Unicode - - - Application - true - Unicode - - - Application - false - true - Unicode - - - Application - false - true - Unicode - - - - - - - - - - - - - - - - - - - true - $(Configuration)\$(TargetName)\ - - - true - $(Configuration)\$(TargetName)\ - - - false - $(Configuration)\$(TargetName)\ - - - false - $(Configuration)\$(TargetName)\ - - - - Level3 - Disabled - %(PreprocessorDefinitions) - -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include - - - Console - true - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) - Debug - - - false - - - - - Level3 - Disabled - %(PreprocessorDefinitions) - -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include - - - Console - true - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) - Debug - - - false - - - - - Level3 - MaxSpeed - true - true - NDEBUG;%(PreprocessorDefinitions) - -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include - - - Console - true - true - true - Release - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) - - - - - Level3 - MaxSpeed - true - true - NDEBUG;%(PreprocessorDefinitions) - -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include - - - Console - true - true - true - Release - %(AdditionalDependencies); - - - - - - diff --git a/visualc/VS2010/pk_decrypt.vcxproj b/visualc/VS2010/pk_decrypt.vcxproj deleted file mode 100644 index da3e8d8e09..0000000000 --- a/visualc/VS2010/pk_decrypt.vcxproj +++ /dev/null @@ -1,167 +0,0 @@ - - - - - Debug - Win32 - - - Debug - x64 - - - Release - Win32 - - - Release - x64 - - - - - - - - {46cf2d25-6a36-4189-b59c-e4815388e554} - true - - - - {1EC6CBA3-6187-D456-D9B7-A35399395D71} - Win32Proj - pk_decrypt - - - - Application - true - Unicode - - - Application - true - Unicode - - - Application - false - true - Unicode - - - Application - false - true - Unicode - - - - - - - - - - - - - - - - - - - true - $(Configuration)\$(TargetName)\ - - - true - $(Configuration)\$(TargetName)\ - - - false - $(Configuration)\$(TargetName)\ - - - false - $(Configuration)\$(TargetName)\ - - - - Level3 - Disabled - %(PreprocessorDefinitions) - -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include - - - Console - true - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) - Debug - - - false - - - - - Level3 - Disabled - %(PreprocessorDefinitions) - -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include - - - Console - true - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) - Debug - - - false - - - - - Level3 - MaxSpeed - true - true - NDEBUG;%(PreprocessorDefinitions) - -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include - - - Console - true - true - true - Release - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) - - - - - Level3 - MaxSpeed - true - true - NDEBUG;%(PreprocessorDefinitions) - -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include - - - Console - true - true - true - Release - %(AdditionalDependencies); - - - - - - diff --git a/visualc/VS2010/pk_encrypt.vcxproj b/visualc/VS2010/pk_encrypt.vcxproj deleted file mode 100644 index 829e072344..0000000000 --- a/visualc/VS2010/pk_encrypt.vcxproj +++ /dev/null @@ -1,167 +0,0 @@ - - - - - Debug - Win32 - - - Debug - x64 - - - Release - Win32 - - - Release - x64 - - - - - - - - {46cf2d25-6a36-4189-b59c-e4815388e554} - true - - - - {55007179-7746-9CFB-97EC-65102FB272C8} - Win32Proj - pk_encrypt - - - - Application - true - Unicode - - - Application - true - Unicode - - - Application - false - true - Unicode - - - Application - false - true - Unicode - - - - - - - - - - - - - - - - - - - true - $(Configuration)\$(TargetName)\ - - - true - $(Configuration)\$(TargetName)\ - - - false - $(Configuration)\$(TargetName)\ - - - false - $(Configuration)\$(TargetName)\ - - - - Level3 - Disabled - %(PreprocessorDefinitions) - -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include - - - Console - true - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) - Debug - - - false - - - - - Level3 - Disabled - %(PreprocessorDefinitions) - -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include - - - Console - true - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) - Debug - - - false - - - - - Level3 - MaxSpeed - true - true - NDEBUG;%(PreprocessorDefinitions) - -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include - - - Console - true - true - true - Release - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) - - - - - Level3 - MaxSpeed - true - true - NDEBUG;%(PreprocessorDefinitions) - -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include - - - Console - true - true - true - Release - %(AdditionalDependencies); - - - - - - diff --git a/visualc/VS2010/pk_sign.vcxproj b/visualc/VS2010/pk_sign.vcxproj deleted file mode 100644 index d93d11469f..0000000000 --- a/visualc/VS2010/pk_sign.vcxproj +++ /dev/null @@ -1,167 +0,0 @@ - - - - - Debug - Win32 - - - Debug - x64 - - - Release - Win32 - - - Release - x64 - - - - - - - - {46cf2d25-6a36-4189-b59c-e4815388e554} - true - - - - {F2E8CA55-597F-7FDC-6456-D8650FB970A3} - Win32Proj - pk_sign - - - - Application - true - Unicode - - - Application - true - Unicode - - - Application - false - true - Unicode - - - Application - false - true - Unicode - - - - - - - - - - - - - - - - - - - true - $(Configuration)\$(TargetName)\ - - - true - $(Configuration)\$(TargetName)\ - - - false - $(Configuration)\$(TargetName)\ - - - false - $(Configuration)\$(TargetName)\ - - - - Level3 - Disabled - %(PreprocessorDefinitions) - -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include - - - Console - true - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) - Debug - - - false - - - - - Level3 - Disabled - %(PreprocessorDefinitions) - -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include - - - Console - true - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) - Debug - - - false - - - - - Level3 - MaxSpeed - true - true - NDEBUG;%(PreprocessorDefinitions) - -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include - - - Console - true - true - true - Release - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) - - - - - Level3 - MaxSpeed - true - true - NDEBUG;%(PreprocessorDefinitions) - -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include - - - Console - true - true - true - Release - %(AdditionalDependencies); - - - - - - diff --git a/visualc/VS2010/pk_verify.vcxproj b/visualc/VS2010/pk_verify.vcxproj deleted file mode 100644 index 5933b92587..0000000000 --- a/visualc/VS2010/pk_verify.vcxproj +++ /dev/null @@ -1,167 +0,0 @@ - - - - - Debug - Win32 - - - Debug - x64 - - - Release - Win32 - - - Release - x64 - - - - - - - - {46cf2d25-6a36-4189-b59c-e4815388e554} - true - - - - {C429B336-1B30-119C-3B34-21A186D6744F} - Win32Proj - pk_verify - - - - Application - true - Unicode - - - Application - true - Unicode - - - Application - false - true - Unicode - - - Application - false - true - Unicode - - - - - - - - - - - - - - - - - - - true - $(Configuration)\$(TargetName)\ - - - true - $(Configuration)\$(TargetName)\ - - - false - $(Configuration)\$(TargetName)\ - - - false - $(Configuration)\$(TargetName)\ - - - - Level3 - Disabled - %(PreprocessorDefinitions) - -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include - - - Console - true - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) - Debug - - - false - - - - - Level3 - Disabled - %(PreprocessorDefinitions) - -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include - - - Console - true - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) - Debug - - - false - - - - - Level3 - MaxSpeed - true - true - NDEBUG;%(PreprocessorDefinitions) - -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include - - - Console - true - true - true - Release - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) - - - - - Level3 - MaxSpeed - true - true - NDEBUG;%(PreprocessorDefinitions) - -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include - - - Console - true - true - true - Release - %(AdditionalDependencies); - - - - - - diff --git a/visualc/VS2010/psa_constant_names.vcxproj b/visualc/VS2010/psa_constant_names.vcxproj deleted file mode 100644 index d35dd19a14..0000000000 --- a/visualc/VS2010/psa_constant_names.vcxproj +++ /dev/null @@ -1,167 +0,0 @@ - - - - - Debug - Win32 - - - Debug - x64 - - - Release - Win32 - - - Release - x64 - - - - - - - - {46cf2d25-6a36-4189-b59c-e4815388e554} - true - - - - {A0BAD8F0-69B5-8382-86ED-C36ACBE54117} - Win32Proj - psa_constant_names - - - - Application - true - Unicode - - - Application - true - Unicode - - - Application - false - true - Unicode - - - Application - false - true - Unicode - - - - - - - - - - - - - - - - - - - true - $(Configuration)\$(TargetName)\ - - - true - $(Configuration)\$(TargetName)\ - - - false - $(Configuration)\$(TargetName)\ - - - false - $(Configuration)\$(TargetName)\ - - - - Level3 - Disabled - %(PreprocessorDefinitions) - -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include - - - Console - true - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) - Debug - - - false - - - - - Level3 - Disabled - %(PreprocessorDefinitions) - -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include - - - Console - true - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) - Debug - - - false - - - - - Level3 - MaxSpeed - true - true - NDEBUG;%(PreprocessorDefinitions) - -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include - - - Console - true - true - true - Release - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) - - - - - Level3 - MaxSpeed - true - true - NDEBUG;%(PreprocessorDefinitions) - -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include - - - Console - true - true - true - Release - %(AdditionalDependencies); - - - - - - diff --git a/visualc/VS2010/query_compile_time_config.vcxproj b/visualc/VS2010/query_compile_time_config.vcxproj deleted file mode 100644 index d0e0a6df6f..0000000000 --- a/visualc/VS2010/query_compile_time_config.vcxproj +++ /dev/null @@ -1,168 +0,0 @@ - - - - - Debug - Win32 - - - Debug - x64 - - - Release - Win32 - - - Release - x64 - - - - - - - - - {46cf2d25-6a36-4189-b59c-e4815388e554} - true - - - - {D6F58AF2-9D80-562A-E2B0-F743281522B9} - Win32Proj - query_compile_time_config - - - - Application - true - Unicode - - - Application - true - Unicode - - - Application - false - true - Unicode - - - Application - false - true - Unicode - - - - - - - - - - - - - - - - - - - true - $(Configuration)\$(TargetName)\ - - - true - $(Configuration)\$(TargetName)\ - - - false - $(Configuration)\$(TargetName)\ - - - false - $(Configuration)\$(TargetName)\ - - - - Level3 - Disabled - %(PreprocessorDefinitions) - -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include - - - Console - true - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) - Debug - - - false - - - - - Level3 - Disabled - %(PreprocessorDefinitions) - -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include - - - Console - true - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) - Debug - - - false - - - - - Level3 - MaxSpeed - true - true - NDEBUG;%(PreprocessorDefinitions) - -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include - - - Console - true - true - true - Release - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) - - - - - Level3 - MaxSpeed - true - true - NDEBUG;%(PreprocessorDefinitions) - -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include - - - Console - true - true - true - Release - %(AdditionalDependencies); - - - - - - diff --git a/visualc/VS2010/req_app.vcxproj b/visualc/VS2010/req_app.vcxproj deleted file mode 100644 index 900e415fb1..0000000000 --- a/visualc/VS2010/req_app.vcxproj +++ /dev/null @@ -1,167 +0,0 @@ - - - - - Debug - Win32 - - - Debug - x64 - - - Release - Win32 - - - Release - x64 - - - - - - - - {46cf2d25-6a36-4189-b59c-e4815388e554} - true - - - - {486B1375-5CFA-C2D2-DD89-C9F497BADCB3} - Win32Proj - req_app - - - - Application - true - Unicode - - - Application - true - Unicode - - - Application - false - true - Unicode - - - Application - false - true - Unicode - - - - - - - - - - - - - - - - - - - true - $(Configuration)\$(TargetName)\ - - - true - $(Configuration)\$(TargetName)\ - - - false - $(Configuration)\$(TargetName)\ - - - false - $(Configuration)\$(TargetName)\ - - - - Level3 - Disabled - %(PreprocessorDefinitions) - -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include - - - Console - true - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) - Debug - - - false - - - - - Level3 - Disabled - %(PreprocessorDefinitions) - -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include - - - Console - true - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) - Debug - - - false - - - - - Level3 - MaxSpeed - true - true - NDEBUG;%(PreprocessorDefinitions) - -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include - - - Console - true - true - true - Release - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) - - - - - Level3 - MaxSpeed - true - true - NDEBUG;%(PreprocessorDefinitions) - -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include - - - Console - true - true - true - Release - %(AdditionalDependencies); - - - - - - diff --git a/visualc/VS2010/rsa_decrypt.vcxproj b/visualc/VS2010/rsa_decrypt.vcxproj deleted file mode 100644 index 188b17efda..0000000000 --- a/visualc/VS2010/rsa_decrypt.vcxproj +++ /dev/null @@ -1,167 +0,0 @@ - - - - - Debug - Win32 - - - Debug - x64 - - - Release - Win32 - - - Release - x64 - - - - - - - - {46cf2d25-6a36-4189-b59c-e4815388e554} - true - - - - {E0D71D72-8DF4-CCFC-EF60-741EADAB8BF9} - Win32Proj - rsa_decrypt - - - - Application - true - Unicode - - - Application - true - Unicode - - - Application - false - true - Unicode - - - Application - false - true - Unicode - - - - - - - - - - - - - - - - - - - true - $(Configuration)\$(TargetName)\ - - - true - $(Configuration)\$(TargetName)\ - - - false - $(Configuration)\$(TargetName)\ - - - false - $(Configuration)\$(TargetName)\ - - - - Level3 - Disabled - %(PreprocessorDefinitions) - -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include - - - Console - true - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) - Debug - - - false - - - - - Level3 - Disabled - %(PreprocessorDefinitions) - -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include - - - Console - true - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) - Debug - - - false - - - - - Level3 - MaxSpeed - true - true - NDEBUG;%(PreprocessorDefinitions) - -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include - - - Console - true - true - true - Release - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) - - - - - Level3 - MaxSpeed - true - true - NDEBUG;%(PreprocessorDefinitions) - -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include - - - Console - true - true - true - Release - %(AdditionalDependencies); - - - - - - diff --git a/visualc/VS2010/rsa_encrypt.vcxproj b/visualc/VS2010/rsa_encrypt.vcxproj deleted file mode 100644 index a44f676d70..0000000000 --- a/visualc/VS2010/rsa_encrypt.vcxproj +++ /dev/null @@ -1,167 +0,0 @@ - - - - - Debug - Win32 - - - Debug - x64 - - - Release - Win32 - - - Release - x64 - - - - - - - - {46cf2d25-6a36-4189-b59c-e4815388e554} - true - - - - {D06CF12E-F222-9273-41BF-B8A052FA5527} - Win32Proj - rsa_encrypt - - - - Application - true - Unicode - - - Application - true - Unicode - - - Application - false - true - Unicode - - - Application - false - true - Unicode - - - - - - - - - - - - - - - - - - - true - $(Configuration)\$(TargetName)\ - - - true - $(Configuration)\$(TargetName)\ - - - false - $(Configuration)\$(TargetName)\ - - - false - $(Configuration)\$(TargetName)\ - - - - Level3 - Disabled - %(PreprocessorDefinitions) - -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include - - - Console - true - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) - Debug - - - false - - - - - Level3 - Disabled - %(PreprocessorDefinitions) - -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include - - - Console - true - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) - Debug - - - false - - - - - Level3 - MaxSpeed - true - true - NDEBUG;%(PreprocessorDefinitions) - -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include - - - Console - true - true - true - Release - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) - - - - - Level3 - MaxSpeed - true - true - NDEBUG;%(PreprocessorDefinitions) - -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include - - - Console - true - true - true - Release - %(AdditionalDependencies); - - - - - - diff --git a/visualc/VS2010/rsa_genkey.vcxproj b/visualc/VS2010/rsa_genkey.vcxproj deleted file mode 100644 index 35b27b7a38..0000000000 --- a/visualc/VS2010/rsa_genkey.vcxproj +++ /dev/null @@ -1,167 +0,0 @@ - - - - - Debug - Win32 - - - Debug - x64 - - - Release - Win32 - - - Release - x64 - - - - - - - - {46cf2d25-6a36-4189-b59c-e4815388e554} - true - - - - {F472475C-F677-0E7F-F127-45BF5B64F622} - Win32Proj - rsa_genkey - - - - Application - true - Unicode - - - Application - true - Unicode - - - Application - false - true - Unicode - - - Application - false - true - Unicode - - - - - - - - - - - - - - - - - - - true - $(Configuration)\$(TargetName)\ - - - true - $(Configuration)\$(TargetName)\ - - - false - $(Configuration)\$(TargetName)\ - - - false - $(Configuration)\$(TargetName)\ - - - - Level3 - Disabled - %(PreprocessorDefinitions) - -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include - - - Console - true - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) - Debug - - - false - - - - - Level3 - Disabled - %(PreprocessorDefinitions) - -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include - - - Console - true - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) - Debug - - - false - - - - - Level3 - MaxSpeed - true - true - NDEBUG;%(PreprocessorDefinitions) - -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include - - - Console - true - true - true - Release - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) - - - - - Level3 - MaxSpeed - true - true - NDEBUG;%(PreprocessorDefinitions) - -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include - - - Console - true - true - true - Release - %(AdditionalDependencies); - - - - - - diff --git a/visualc/VS2010/rsa_sign.vcxproj b/visualc/VS2010/rsa_sign.vcxproj deleted file mode 100644 index 90a7ac8cb8..0000000000 --- a/visualc/VS2010/rsa_sign.vcxproj +++ /dev/null @@ -1,167 +0,0 @@ - - - - - Debug - Win32 - - - Debug - x64 - - - Release - Win32 - - - Release - x64 - - - - - - - - {46cf2d25-6a36-4189-b59c-e4815388e554} - true - - - - {10790F49-6887-AAB6-2D86-BCBD516F8D26} - Win32Proj - rsa_sign - - - - Application - true - Unicode - - - Application - true - Unicode - - - Application - false - true - Unicode - - - Application - false - true - Unicode - - - - - - - - - - - - - - - - - - - true - $(Configuration)\$(TargetName)\ - - - true - $(Configuration)\$(TargetName)\ - - - false - $(Configuration)\$(TargetName)\ - - - false - $(Configuration)\$(TargetName)\ - - - - Level3 - Disabled - %(PreprocessorDefinitions) - -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include - - - Console - true - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) - Debug - - - false - - - - - Level3 - Disabled - %(PreprocessorDefinitions) - -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include - - - Console - true - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) - Debug - - - false - - - - - Level3 - MaxSpeed - true - true - NDEBUG;%(PreprocessorDefinitions) - -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include - - - Console - true - true - true - Release - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) - - - - - Level3 - MaxSpeed - true - true - NDEBUG;%(PreprocessorDefinitions) - -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include - - - Console - true - true - true - Release - %(AdditionalDependencies); - - - - - - diff --git a/visualc/VS2010/rsa_sign_pss.vcxproj b/visualc/VS2010/rsa_sign_pss.vcxproj deleted file mode 100644 index 5d2ac82081..0000000000 --- a/visualc/VS2010/rsa_sign_pss.vcxproj +++ /dev/null @@ -1,167 +0,0 @@ - - - - - Debug - Win32 - - - Debug - x64 - - - Release - Win32 - - - Release - x64 - - - - - - - - {46cf2d25-6a36-4189-b59c-e4815388e554} - true - - - - {DCD3A1B6-5EC1-8266-93EF-BD2B9BEFE12D} - Win32Proj - rsa_sign_pss - - - - Application - true - Unicode - - - Application - true - Unicode - - - Application - false - true - Unicode - - - Application - false - true - Unicode - - - - - - - - - - - - - - - - - - - true - $(Configuration)\$(TargetName)\ - - - true - $(Configuration)\$(TargetName)\ - - - false - $(Configuration)\$(TargetName)\ - - - false - $(Configuration)\$(TargetName)\ - - - - Level3 - Disabled - %(PreprocessorDefinitions) - -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include - - - Console - true - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) - Debug - - - false - - - - - Level3 - Disabled - %(PreprocessorDefinitions) - -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include - - - Console - true - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) - Debug - - - false - - - - - Level3 - MaxSpeed - true - true - NDEBUG;%(PreprocessorDefinitions) - -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include - - - Console - true - true - true - Release - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) - - - - - Level3 - MaxSpeed - true - true - NDEBUG;%(PreprocessorDefinitions) - -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include - - - Console - true - true - true - Release - %(AdditionalDependencies); - - - - - - diff --git a/visualc/VS2010/rsa_verify.vcxproj b/visualc/VS2010/rsa_verify.vcxproj deleted file mode 100644 index a413ba8ca7..0000000000 --- a/visualc/VS2010/rsa_verify.vcxproj +++ /dev/null @@ -1,167 +0,0 @@ - - - - - Debug - Win32 - - - Debug - x64 - - - Release - Win32 - - - Release - x64 - - - - - - - - {46cf2d25-6a36-4189-b59c-e4815388e554} - true - - - - {689E28CF-89ED-BA38-3A14-78A75D891D46} - Win32Proj - rsa_verify - - - - Application - true - Unicode - - - Application - true - Unicode - - - Application - false - true - Unicode - - - Application - false - true - Unicode - - - - - - - - - - - - - - - - - - - true - $(Configuration)\$(TargetName)\ - - - true - $(Configuration)\$(TargetName)\ - - - false - $(Configuration)\$(TargetName)\ - - - false - $(Configuration)\$(TargetName)\ - - - - Level3 - Disabled - %(PreprocessorDefinitions) - -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include - - - Console - true - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) - Debug - - - false - - - - - Level3 - Disabled - %(PreprocessorDefinitions) - -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include - - - Console - true - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) - Debug - - - false - - - - - Level3 - MaxSpeed - true - true - NDEBUG;%(PreprocessorDefinitions) - -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include - - - Console - true - true - true - Release - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) - - - - - Level3 - MaxSpeed - true - true - NDEBUG;%(PreprocessorDefinitions) - -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include - - - Console - true - true - true - Release - %(AdditionalDependencies); - - - - - - diff --git a/visualc/VS2010/rsa_verify_pss.vcxproj b/visualc/VS2010/rsa_verify_pss.vcxproj deleted file mode 100644 index 369b14514c..0000000000 --- a/visualc/VS2010/rsa_verify_pss.vcxproj +++ /dev/null @@ -1,167 +0,0 @@ - - - - - Debug - Win32 - - - Debug - x64 - - - Release - Win32 - - - Release - x64 - - - - - - - - {46cf2d25-6a36-4189-b59c-e4815388e554} - true - - - - {95C50864-854C-2A11-4C91-BCE654E344FB} - Win32Proj - rsa_verify_pss - - - - Application - true - Unicode - - - Application - true - Unicode - - - Application - false - true - Unicode - - - Application - false - true - Unicode - - - - - - - - - - - - - - - - - - - true - $(Configuration)\$(TargetName)\ - - - true - $(Configuration)\$(TargetName)\ - - - false - $(Configuration)\$(TargetName)\ - - - false - $(Configuration)\$(TargetName)\ - - - - Level3 - Disabled - %(PreprocessorDefinitions) - -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include - - - Console - true - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) - Debug - - - false - - - - - Level3 - Disabled - %(PreprocessorDefinitions) - -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include - - - Console - true - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) - Debug - - - false - - - - - Level3 - MaxSpeed - true - true - NDEBUG;%(PreprocessorDefinitions) - -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include - - - Console - true - true - true - Release - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) - - - - - Level3 - MaxSpeed - true - true - NDEBUG;%(PreprocessorDefinitions) - -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include - - - Console - true - true - true - Release - %(AdditionalDependencies); - - - - - - diff --git a/visualc/VS2010/selftest.vcxproj b/visualc/VS2010/selftest.vcxproj deleted file mode 100644 index 6feb5936f3..0000000000 --- a/visualc/VS2010/selftest.vcxproj +++ /dev/null @@ -1,167 +0,0 @@ - - - - - Debug - Win32 - - - Debug - x64 - - - Release - Win32 - - - Release - x64 - - - - - - - - {46cf2d25-6a36-4189-b59c-e4815388e554} - true - - - - {7DBC5F77-3DA1-5F73-8421-E693D95FC66A} - Win32Proj - selftest - - - - Application - true - Unicode - - - Application - true - Unicode - - - Application - false - true - Unicode - - - Application - false - true - Unicode - - - - - - - - - - - - - - - - - - - true - $(Configuration)\$(TargetName)\ - - - true - $(Configuration)\$(TargetName)\ - - - false - $(Configuration)\$(TargetName)\ - - - false - $(Configuration)\$(TargetName)\ - - - - Level3 - Disabled - %(PreprocessorDefinitions) - -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include - - - Console - true - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) - Debug - - - false - - - - - Level3 - Disabled - %(PreprocessorDefinitions) - -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include - - - Console - true - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) - Debug - - - false - - - - - Level3 - MaxSpeed - true - true - NDEBUG;%(PreprocessorDefinitions) - -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include - - - Console - true - true - true - Release - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) - - - - - Level3 - MaxSpeed - true - true - NDEBUG;%(PreprocessorDefinitions) - -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include - - - Console - true - true - true - Release - %(AdditionalDependencies); - - - - - - diff --git a/visualc/VS2010/ssl_client1.vcxproj b/visualc/VS2010/ssl_client1.vcxproj deleted file mode 100644 index 860334e4a4..0000000000 --- a/visualc/VS2010/ssl_client1.vcxproj +++ /dev/null @@ -1,167 +0,0 @@ - - - - - Debug - Win32 - - - Debug - x64 - - - Release - Win32 - - - Release - x64 - - - - - - - - {46cf2d25-6a36-4189-b59c-e4815388e554} - true - - - - {487A2F80-3CA3-678D-88D5-82194872CF08} - Win32Proj - ssl_client1 - - - - Application - true - Unicode - - - Application - true - Unicode - - - Application - false - true - Unicode - - - Application - false - true - Unicode - - - - - - - - - - - - - - - - - - - true - $(Configuration)\$(TargetName)\ - - - true - $(Configuration)\$(TargetName)\ - - - false - $(Configuration)\$(TargetName)\ - - - false - $(Configuration)\$(TargetName)\ - - - - Level3 - Disabled - %(PreprocessorDefinitions) - -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include - - - Console - true - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) - Debug - - - false - - - - - Level3 - Disabled - %(PreprocessorDefinitions) - -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include - - - Console - true - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) - Debug - - - false - - - - - Level3 - MaxSpeed - true - true - NDEBUG;%(PreprocessorDefinitions) - -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include - - - Console - true - true - true - Release - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) - - - - - Level3 - MaxSpeed - true - true - NDEBUG;%(PreprocessorDefinitions) - -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include - - - Console - true - true - true - Release - %(AdditionalDependencies); - - - - - - diff --git a/visualc/VS2010/ssl_client2.vcxproj b/visualc/VS2010/ssl_client2.vcxproj deleted file mode 100644 index 9884f23702..0000000000 --- a/visualc/VS2010/ssl_client2.vcxproj +++ /dev/null @@ -1,169 +0,0 @@ - - - - - Debug - Win32 - - - Debug - x64 - - - Release - Win32 - - - Release - x64 - - - - - - - - - - {46cf2d25-6a36-4189-b59c-e4815388e554} - true - - - - {4E590E9D-E28F-87FF-385B-D58736388231} - Win32Proj - ssl_client2 - - - - Application - true - Unicode - - - Application - true - Unicode - - - Application - false - true - Unicode - - - Application - false - true - Unicode - - - - - - - - - - - - - - - - - - - true - $(Configuration)\$(TargetName)\ - - - true - $(Configuration)\$(TargetName)\ - - - false - $(Configuration)\$(TargetName)\ - - - false - $(Configuration)\$(TargetName)\ - - - - Level3 - Disabled - %(PreprocessorDefinitions) - -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include - - - Console - true - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) - Debug - - - false - - - - - Level3 - Disabled - %(PreprocessorDefinitions) - -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include - - - Console - true - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) - Debug - - - false - - - - - Level3 - MaxSpeed - true - true - NDEBUG;%(PreprocessorDefinitions) - -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include - - - Console - true - true - true - Release - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) - - - - - Level3 - MaxSpeed - true - true - NDEBUG;%(PreprocessorDefinitions) - -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include - - - Console - true - true - true - Release - %(AdditionalDependencies); - - - - - - diff --git a/visualc/VS2010/ssl_context_info.vcxproj b/visualc/VS2010/ssl_context_info.vcxproj deleted file mode 100644 index 1c98d34bf7..0000000000 --- a/visualc/VS2010/ssl_context_info.vcxproj +++ /dev/null @@ -1,167 +0,0 @@ - - - - - Debug - Win32 - - - Debug - x64 - - - Release - Win32 - - - Release - x64 - - - - - - - - {46cf2d25-6a36-4189-b59c-e4815388e554} - true - - - - {017ECC7D-FB6D-46D8-076B-F64172E8E3BC} - Win32Proj - ssl_context_info - - - - Application - true - Unicode - - - Application - true - Unicode - - - Application - false - true - Unicode - - - Application - false - true - Unicode - - - - - - - - - - - - - - - - - - - true - $(Configuration)\$(TargetName)\ - - - true - $(Configuration)\$(TargetName)\ - - - false - $(Configuration)\$(TargetName)\ - - - false - $(Configuration)\$(TargetName)\ - - - - Level3 - Disabled - %(PreprocessorDefinitions) - -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include - - - Console - true - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) - Debug - - - false - - - - - Level3 - Disabled - %(PreprocessorDefinitions) - -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include - - - Console - true - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) - Debug - - - false - - - - - Level3 - MaxSpeed - true - true - NDEBUG;%(PreprocessorDefinitions) - -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include - - - Console - true - true - true - Release - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) - - - - - Level3 - MaxSpeed - true - true - NDEBUG;%(PreprocessorDefinitions) - -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include - - - Console - true - true - true - Release - %(AdditionalDependencies); - - - - - - diff --git a/visualc/VS2010/ssl_fork_server.vcxproj b/visualc/VS2010/ssl_fork_server.vcxproj deleted file mode 100644 index 6d44ef0795..0000000000 --- a/visualc/VS2010/ssl_fork_server.vcxproj +++ /dev/null @@ -1,167 +0,0 @@ - - - - - Debug - Win32 - - - Debug - x64 - - - Release - Win32 - - - Release - x64 - - - - - - - - {46cf2d25-6a36-4189-b59c-e4815388e554} - true - - - - {918CD402-047D-8467-E11C-E1132053F916} - Win32Proj - ssl_fork_server - - - - Application - true - Unicode - - - Application - true - Unicode - - - Application - false - true - Unicode - - - Application - false - true - Unicode - - - - - - - - - - - - - - - - - - - true - $(Configuration)\$(TargetName)\ - - - true - $(Configuration)\$(TargetName)\ - - - false - $(Configuration)\$(TargetName)\ - - - false - $(Configuration)\$(TargetName)\ - - - - Level3 - Disabled - %(PreprocessorDefinitions) - -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include - - - Console - true - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) - Debug - - - false - - - - - Level3 - Disabled - %(PreprocessorDefinitions) - -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include - - - Console - true - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) - Debug - - - false - - - - - Level3 - MaxSpeed - true - true - NDEBUG;%(PreprocessorDefinitions) - -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include - - - Console - true - true - true - Release - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) - - - - - Level3 - MaxSpeed - true - true - NDEBUG;%(PreprocessorDefinitions) - -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include - - - Console - true - true - true - Release - %(AdditionalDependencies); - - - - - - diff --git a/visualc/VS2010/ssl_mail_client.vcxproj b/visualc/VS2010/ssl_mail_client.vcxproj deleted file mode 100644 index e2253c665e..0000000000 --- a/visualc/VS2010/ssl_mail_client.vcxproj +++ /dev/null @@ -1,167 +0,0 @@ - - - - - Debug - Win32 - - - Debug - x64 - - - Release - Win32 - - - Release - x64 - - - - - - - - {46cf2d25-6a36-4189-b59c-e4815388e554} - true - - - - {7C4863A1-941A-C5AE-E1F9-30F062E4B2FD} - Win32Proj - ssl_mail_client - - - - Application - true - Unicode - - - Application - true - Unicode - - - Application - false - true - Unicode - - - Application - false - true - Unicode - - - - - - - - - - - - - - - - - - - true - $(Configuration)\$(TargetName)\ - - - true - $(Configuration)\$(TargetName)\ - - - false - $(Configuration)\$(TargetName)\ - - - false - $(Configuration)\$(TargetName)\ - - - - Level3 - Disabled - %(PreprocessorDefinitions) - -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include - - - Console - true - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) - Debug - - - false - - - - - Level3 - Disabled - %(PreprocessorDefinitions) - -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include - - - Console - true - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) - Debug - - - false - - - - - Level3 - MaxSpeed - true - true - NDEBUG;%(PreprocessorDefinitions) - -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include - - - Console - true - true - true - Release - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) - - - - - Level3 - MaxSpeed - true - true - NDEBUG;%(PreprocessorDefinitions) - -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include - - - Console - true - true - true - Release - %(AdditionalDependencies); - - - - - - diff --git a/visualc/VS2010/ssl_server.vcxproj b/visualc/VS2010/ssl_server.vcxproj deleted file mode 100644 index 23ad7ecc87..0000000000 --- a/visualc/VS2010/ssl_server.vcxproj +++ /dev/null @@ -1,167 +0,0 @@ - - - - - Debug - Win32 - - - Debug - x64 - - - Release - Win32 - - - Release - x64 - - - - - - - - {46cf2d25-6a36-4189-b59c-e4815388e554} - true - - - - {E08E0065-896A-7487-DEA5-D3B80B71F975} - Win32Proj - ssl_server - - - - Application - true - Unicode - - - Application - true - Unicode - - - Application - false - true - Unicode - - - Application - false - true - Unicode - - - - - - - - - - - - - - - - - - - true - $(Configuration)\$(TargetName)\ - - - true - $(Configuration)\$(TargetName)\ - - - false - $(Configuration)\$(TargetName)\ - - - false - $(Configuration)\$(TargetName)\ - - - - Level3 - Disabled - %(PreprocessorDefinitions) - -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include - - - Console - true - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) - Debug - - - false - - - - - Level3 - Disabled - %(PreprocessorDefinitions) - -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include - - - Console - true - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) - Debug - - - false - - - - - Level3 - MaxSpeed - true - true - NDEBUG;%(PreprocessorDefinitions) - -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include - - - Console - true - true - true - Release - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) - - - - - Level3 - MaxSpeed - true - true - NDEBUG;%(PreprocessorDefinitions) - -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include - - - Console - true - true - true - Release - %(AdditionalDependencies); - - - - - - diff --git a/visualc/VS2010/ssl_server2.vcxproj b/visualc/VS2010/ssl_server2.vcxproj deleted file mode 100644 index d8f3e592dc..0000000000 --- a/visualc/VS2010/ssl_server2.vcxproj +++ /dev/null @@ -1,169 +0,0 @@ - - - - - Debug - Win32 - - - Debug - x64 - - - Release - Win32 - - - Release - x64 - - - - - - - - - - {46cf2d25-6a36-4189-b59c-e4815388e554} - true - - - - {A4DA7463-1047-BDF5-E1B3-5632CB573F41} - Win32Proj - ssl_server2 - - - - Application - true - Unicode - - - Application - true - Unicode - - - Application - false - true - Unicode - - - Application - false - true - Unicode - - - - - - - - - - - - - - - - - - - true - $(Configuration)\$(TargetName)\ - - - true - $(Configuration)\$(TargetName)\ - - - false - $(Configuration)\$(TargetName)\ - - - false - $(Configuration)\$(TargetName)\ - - - - Level3 - Disabled - %(PreprocessorDefinitions) - -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include - - - Console - true - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) - Debug - - - false - - - - - Level3 - Disabled - %(PreprocessorDefinitions) - -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include - - - Console - true - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) - Debug - - - false - - - - - Level3 - MaxSpeed - true - true - NDEBUG;%(PreprocessorDefinitions) - -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include - - - Console - true - true - true - Release - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) - - - - - Level3 - MaxSpeed - true - true - NDEBUG;%(PreprocessorDefinitions) - -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include - - - Console - true - true - true - Release - %(AdditionalDependencies); - - - - - - diff --git a/visualc/VS2010/strerror.vcxproj b/visualc/VS2010/strerror.vcxproj deleted file mode 100644 index 9e70decd97..0000000000 --- a/visualc/VS2010/strerror.vcxproj +++ /dev/null @@ -1,167 +0,0 @@ - - - - - Debug - Win32 - - - Debug - x64 - - - Release - Win32 - - - Release - x64 - - - - - - - - {46cf2d25-6a36-4189-b59c-e4815388e554} - true - - - - {23EF735C-CC4C-3EC4-A75E-903DB340F04A} - Win32Proj - strerror - - - - Application - true - Unicode - - - Application - true - Unicode - - - Application - false - true - Unicode - - - Application - false - true - Unicode - - - - - - - - - - - - - - - - - - - true - $(Configuration)\$(TargetName)\ - - - true - $(Configuration)\$(TargetName)\ - - - false - $(Configuration)\$(TargetName)\ - - - false - $(Configuration)\$(TargetName)\ - - - - Level3 - Disabled - %(PreprocessorDefinitions) - -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include - - - Console - true - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) - Debug - - - false - - - - - Level3 - Disabled - %(PreprocessorDefinitions) - -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include - - - Console - true - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) - Debug - - - false - - - - - Level3 - MaxSpeed - true - true - NDEBUG;%(PreprocessorDefinitions) - -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include - - - Console - true - true - true - Release - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) - - - - - Level3 - MaxSpeed - true - true - NDEBUG;%(PreprocessorDefinitions) - -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include - - - Console - true - true - true - Release - %(AdditionalDependencies); - - - - - - diff --git a/visualc/VS2010/udp_proxy.vcxproj b/visualc/VS2010/udp_proxy.vcxproj deleted file mode 100644 index 69678f635d..0000000000 --- a/visualc/VS2010/udp_proxy.vcxproj +++ /dev/null @@ -1,167 +0,0 @@ - - - - - Debug - Win32 - - - Debug - x64 - - - Release - Win32 - - - Release - x64 - - - - - - - - {46cf2d25-6a36-4189-b59c-e4815388e554} - true - - - - {7E2C80FE-3CC3-82B4-0CAD-65DC233DE13A} - Win32Proj - udp_proxy - - - - Application - true - Unicode - - - Application - true - Unicode - - - Application - false - true - Unicode - - - Application - false - true - Unicode - - - - - - - - - - - - - - - - - - - true - $(Configuration)\$(TargetName)\ - - - true - $(Configuration)\$(TargetName)\ - - - false - $(Configuration)\$(TargetName)\ - - - false - $(Configuration)\$(TargetName)\ - - - - Level3 - Disabled - %(PreprocessorDefinitions) - -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include - - - Console - true - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) - Debug - - - false - - - - - Level3 - Disabled - %(PreprocessorDefinitions) - -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include - - - Console - true - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) - Debug - - - false - - - - - Level3 - MaxSpeed - true - true - NDEBUG;%(PreprocessorDefinitions) - -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include - - - Console - true - true - true - Release - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) - - - - - Level3 - MaxSpeed - true - true - NDEBUG;%(PreprocessorDefinitions) - -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include - - - Console - true - true - true - Release - %(AdditionalDependencies); - - - - - - diff --git a/visualc/VS2010/zeroize.vcxproj b/visualc/VS2010/zeroize.vcxproj deleted file mode 100644 index 9e0746de9a..0000000000 --- a/visualc/VS2010/zeroize.vcxproj +++ /dev/null @@ -1,167 +0,0 @@ - - - - - Debug - Win32 - - - Debug - x64 - - - Release - Win32 - - - Release - x64 - - - - - - - - {46cf2d25-6a36-4189-b59c-e4815388e554} - true - - - - {10C01E94-4926-063E-9F56-C84ED190D349} - Win32Proj - zeroize - - - - Application - true - Unicode - - - Application - true - Unicode - - - Application - false - true - Unicode - - - Application - false - true - Unicode - - - - - - - - - - - - - - - - - - - true - $(Configuration)\$(TargetName)\ - - - true - $(Configuration)\$(TargetName)\ - - - false - $(Configuration)\$(TargetName)\ - - - false - $(Configuration)\$(TargetName)\ - - - - Level3 - Disabled - %(PreprocessorDefinitions) - -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include - - - Console - true - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) - Debug - - - false - - - - - Level3 - Disabled - %(PreprocessorDefinitions) - -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include - - - Console - true - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) - Debug - - - false - - - - - Level3 - MaxSpeed - true - true - NDEBUG;%(PreprocessorDefinitions) - -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include - - - Console - true - true - true - Release - kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) - - - - - Level3 - MaxSpeed - true - true - NDEBUG;%(PreprocessorDefinitions) - -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include - - - Console - true - true - true - Release - %(AdditionalDependencies); - - - - - - From ef80a9c5e0750be11155f976638368b7c55753da Mon Sep 17 00:00:00 2001 From: Mateusz Starzyk Date: Tue, 18 May 2021 15:19:54 +0200 Subject: [PATCH 155/188] Add migration guide for removed null entropy config option Signed-off-by: Mateusz Starzyk --- docs/3.0-migration-guide.d/remove-null-entropy.md | 9 +++++++++ 1 file changed, 9 insertions(+) create mode 100644 docs/3.0-migration-guide.d/remove-null-entropy.md diff --git a/docs/3.0-migration-guide.d/remove-null-entropy.md b/docs/3.0-migration-guide.d/remove-null-entropy.md new file mode 100644 index 0000000000..d6c39057f0 --- /dev/null +++ b/docs/3.0-migration-guide.d/remove-null-entropy.md @@ -0,0 +1,9 @@ +Remove the option to build the library without any entropy sources +------------------------------------------------------------------ + +This does not affect users who use the default `config.h`, as this option was +already off by default. + +If you were using the `MBEDTLS_TEST_NULL_ENTROPY` option, you can either use +`MBEDTLS_ENTROPY_NV_SEED` or create a fake entropy function. + From c1ae30a05e124569ce59c2dde60e71b3a8a3ce95 Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Tue, 18 May 2021 18:59:37 +0100 Subject: [PATCH 156/188] Fix docs for mbedtls_padlock_has_support Fix a slight inaccuracy in the docs for the return value of mbedtls_padlock_has_support. Signed-off-by: Dave Rodgman --- library/padlock.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/padlock.h b/library/padlock.h index 78dbeb60d2..4f4e400346 100644 --- a/library/padlock.h +++ b/library/padlock.h @@ -71,7 +71,7 @@ extern "C" { * * \param feature The feature to detect * - * \return 1 if CPU has support for the feature, 0 otherwise + * \return non-zero if CPU has support for the feature, 0 otherwise */ int mbedtls_padlock_has_support( int feature ); From 96d6e087175e650c90e93a2d686fbca1e4ec1194 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 18 May 2021 20:06:04 +0200 Subject: [PATCH 157/188] Make the formatting of numbers consistent Signed-off-by: Gilles Peskine --- include/mbedtls/sha256.h | 4 ++-- include/mbedtls/sha512.h | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/include/mbedtls/sha256.h b/include/mbedtls/sha256.h index 1100869520..22c2c7d7eb 100644 --- a/include/mbedtls/sha256.h +++ b/include/mbedtls/sha256.h @@ -128,7 +128,7 @@ int mbedtls_sha256_update_ret( mbedtls_sha256_context *ctx, * and have a hash operation started. * \param output The SHA-224 or SHA-256 checksum result. * This must be a writable buffer of length \c 32 bytes - * for SHA-256, 28 bytes for SHA-224. + * for SHA-256, \c 28 bytes for SHA-224. * * \return \c 0 on success. * \return A negative error code on failure. @@ -166,7 +166,7 @@ int mbedtls_internal_sha256_process( mbedtls_sha256_context *ctx, * \param ilen The length of the input data in Bytes. * \param output The SHA-224 or SHA-256 checksum result. * This must be a writable buffer of length \c 32 bytes - * for SHA-256, 28 bytes for SHA-224. + * for SHA-256, \c 28 bytes for SHA-224. * \param is224 Determines which function to use. This must be * either \c 0 for SHA-256, or \c 1 for SHA-224. */ diff --git a/include/mbedtls/sha512.h b/include/mbedtls/sha512.h index 2852273140..ef1fa22231 100644 --- a/include/mbedtls/sha512.h +++ b/include/mbedtls/sha512.h @@ -135,7 +135,7 @@ int mbedtls_sha512_update_ret( mbedtls_sha512_context *ctx, * and have a hash operation started. * \param output The SHA-384 or SHA-512 checksum result. * This must be a writable buffer of length \c 64 bytes - * for SHA-512, 48 bytes for SHA-384. + * for SHA-512, \c 48 bytes for SHA-384. * * \return \c 0 on success. * \return A negative error code on failure. @@ -173,7 +173,7 @@ int mbedtls_internal_sha512_process( mbedtls_sha512_context *ctx, * \param ilen The length of the input data in Bytes. * \param output The SHA-384 or SHA-512 checksum result. * This must be a writable buffer of length \c 64 bytes - * for SHA-512, 48 bytes for SHA-384. + * for SHA-512, \c 48 bytes for SHA-384. * \param is384 Determines which function to use. This must be either * \c 0 for SHA-512, or \c 1 for SHA-384. * From 2396b21f8015e58bfb9ef35f6a5da69eb46ab3bf Mon Sep 17 00:00:00 2001 From: Mateusz Starzyk Date: Wed, 19 May 2021 16:35:51 +0200 Subject: [PATCH 158/188] Provide more in-depth migration guide after removal of null entropy. Signed-off-by: Mateusz Starzyk --- docs/3.0-migration-guide.d/remove-null-entropy.md | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/docs/3.0-migration-guide.d/remove-null-entropy.md b/docs/3.0-migration-guide.d/remove-null-entropy.md index d6c39057f0..50e024a2a5 100644 --- a/docs/3.0-migration-guide.d/remove-null-entropy.md +++ b/docs/3.0-migration-guide.d/remove-null-entropy.md @@ -4,6 +4,8 @@ Remove the option to build the library without any entropy sources This does not affect users who use the default `config.h`, as this option was already off by default. -If you were using the `MBEDTLS_TEST_NULL_ENTROPY` option, you can either use -`MBEDTLS_ENTROPY_NV_SEED` or create a fake entropy function. - +If you were using the `MBEDTLS_TEST_NULL_ENTROPY` option and your platform +doesn't have any entropy source, you should use `MBEDTLS_ENTROPY_NV_SEED` +and make sure your device is provisioned with a strong random seed. +Alternatively, for testing purposes only, you can create and register a fake +entropy function. From b5e08637adc0d45df10f46531972d79b3a6c4cc0 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 22 Apr 2021 01:15:52 +0200 Subject: [PATCH 159/188] Ignore generated source files that are no longer checked in Signed-off-by: Gilles Peskine --- .gitignore | 4 ++++ library/.gitignore | 4 ++++ programs/.gitignore | 6 +++++- tests/.gitignore | 5 +++++ 4 files changed, 18 insertions(+), 1 deletion(-) diff --git a/.gitignore b/.gitignore index 39cdc4ea54..7665265e98 100644 --- a/.gitignore +++ b/.gitignore @@ -37,6 +37,10 @@ massif-* # Microsoft CMake extension for Visual Studio Code generates a build directory by default /build/ +# Visual Studio automatically generated files +/visualc/VS2010/mbedTLS.sln +/visualc/VS2010/*.vcxproj + # Visual Studio artifacts /visualc/VS2010/.localhistory/ /visualc/VS2010/.vs/ diff --git a/library/.gitignore b/library/.gitignore index 3a63a63a43..6fde1f5e77 100644 --- a/library/.gitignore +++ b/library/.gitignore @@ -2,3 +2,7 @@ libmbed* *.sln *.vcxproj + +# Automatically generated files +/error.c +/version_features.c diff --git a/programs/.gitignore b/programs/.gitignore index 4e66f4c0f8..83521a792b 100644 --- a/programs/.gitignore +++ b/programs/.gitignore @@ -5,6 +5,10 @@ *.sln *.vcxproj +# Generated source files +/psa/psa_constant_names_generated.c +/test/query_config.c + *.o *.exe @@ -66,5 +70,5 @@ x509/cert_write x509/crl_app x509/req_app -# generated files +# Generated data files pkey/keyfile.key diff --git a/tests/.gitignore b/tests/.gitignore index d9f4b51787..fa901cbe5b 100644 --- a/tests/.gitignore +++ b/tests/.gitignore @@ -1,6 +1,11 @@ *.sln *.vcxproj +# Generated source files +/suites/*.generated.data +/suites/test_suite_psa_crypto_storage_format.v[0-9]*.data +/suites/test_suite_psa_crypto_storage_format.current.data + *.log /test_suite* data_files/mpi_write From 76c5185dcd774a919c63dc66a7422724f2819ec0 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 18 May 2021 15:46:17 +0200 Subject: [PATCH 160/188] Move VS2010 Git ignore list to the VS2010 directory The main benefit is that this ensures that the directory always exists in a Git checkout. This way the maintenance scripts don't have to worry about the case where the directory doesn't exist. Also it unclutters `/.gitignore`. Signed-off-by: Gilles Peskine --- .gitignore | 12 ------------ visualc/VS2010/.gitignore | 14 ++++++++++++++ 2 files changed, 14 insertions(+), 12 deletions(-) create mode 100644 visualc/VS2010/.gitignore diff --git a/.gitignore b/.gitignore index 7665265e98..b209ffcd9f 100644 --- a/.gitignore +++ b/.gitignore @@ -37,18 +37,6 @@ massif-* # Microsoft CMake extension for Visual Studio Code generates a build directory by default /build/ -# Visual Studio automatically generated files -/visualc/VS2010/mbedTLS.sln -/visualc/VS2010/*.vcxproj - -# Visual Studio artifacts -/visualc/VS2010/.localhistory/ -/visualc/VS2010/.vs/ -/visualc/VS2010/Debug/ -/visualc/VS2010/Release/ -/visualc/VS2010/*.vcxproj.filters -/visualc/VS2010/*.vcxproj.user - # Generated documentation: /apidoc diff --git a/visualc/VS2010/.gitignore b/visualc/VS2010/.gitignore new file mode 100644 index 0000000000..d3da304f78 --- /dev/null +++ b/visualc/VS2010/.gitignore @@ -0,0 +1,14 @@ +# Files automatically generated by generate_visualc_files.pl +/mbedTLS.sln +/*.vcxproj + +# Files that may be left over from check-generated-files.sh +/*.bak + +# Visual Studio artifacts +/.localhistory/ +/.vs/ +/Debug/ +/Release/ +/*.vcxproj.filters +/*.vcxproj.user From 1570b59bcc46ffe989f62fcb76f564e8845d0c66 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 22 Apr 2021 01:10:12 +0200 Subject: [PATCH 161/188] Generate source files before running any components Now that generated source files are no longer checked in version control, they must be generated before running any tests. Do not check the generated files for freshness: it's no longer relevant. Signed-off-by: Gilles Peskine --- tests/scripts/all.sh | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 8b9d7d172d..30ecd315bc 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -650,6 +650,10 @@ pre_check_tools () { "$@" scripts/output_env.sh } +pre_generate_files() { + make generated_files +} + ################################################################ @@ -672,11 +676,6 @@ component_check_recursion () { record_status tests/scripts/recursion.pl library/*.c } -component_check_generated_files () { - msg "Check: freshness of generated source files" # < 1s - record_status tests/scripts/check-generated-files.sh -} - component_check_doxy_blocks () { msg "Check: doxygen markup outside doxygen blocks" # < 1s record_status tests/scripts/check-doxy-blocks.pl @@ -2740,6 +2739,7 @@ pre_prepare_outcome_file pre_print_configuration pre_check_tools cleanup +pre_generate_files # Run the requested tests. for component in $RUN_COMPONENTS; do From 0da63bec88d27e3032fd334e1f0416c21c7eee63 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 22 Apr 2021 11:55:13 +0200 Subject: [PATCH 162/188] Script to generate source files on Windows Signed-off-by: Gilles Peskine --- scripts/make_generated_files.bat | 9 +++++++++ 1 file changed, 9 insertions(+) create mode 100644 scripts/make_generated_files.bat diff --git a/scripts/make_generated_files.bat b/scripts/make_generated_files.bat new file mode 100644 index 0000000000..4c4b53eeab --- /dev/null +++ b/scripts/make_generated_files.bat @@ -0,0 +1,9 @@ +@rem Generate automatically-generated configuration-independent source files +@rem and build scripts. +@rem Perl and Python 3 must be on the PATH. +perl scripts\generate_errors.pl || exit /b +perl scripts\generate_query_config.pl || exit /b +perl scripts\generate_features.pl || exit /b +perl scripts\generate_visualc_files.pl || exit /b +python scripts\generate_psa_constants.py || exit /b +python tests\scripts\generate_psa_tests.py || exit /b From de7f1e0bc402e067a3551d8d8c67a16117055a0f Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 22 Apr 2021 11:55:48 +0200 Subject: [PATCH 163/188] Generate source files before doing builds on Travis On Linux, all.sh takes care of it. On Windows, run make_generated_files.bat. Perl is now required on Windows. Signed-off-by: Gilles Peskine --- .travis.yml | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/.travis.yml b/.travis.yml index 9b729ec071..542f705694 100644 --- a/.travis.yml +++ b/.travis.yml @@ -21,7 +21,7 @@ jobs: script: - tests/scripts/all.sh -k 'check_*' - tests/scripts/all.sh -k test_default_out_of_box - - tests/scripts/test-ref-configs.pl + - tests/scripts/all.sh -k test_ref_configs - tests/scripts/all.sh -k build_arm_none_eabi_gcc_arm5vte build_arm_none_eabi_gcc_m0plus - name: full configuration @@ -39,11 +39,12 @@ jobs: before_install: - choco install python --version=3.5.4 env: - # Add the directory where the Choco package goes + # Add the directory where the Choco packages go - PATH=/c/Python35:/c/Python35/Scripts:$PATH script: + - type perl; perl --version - type python; python --version - - python scripts/generate_psa_constants.py + - scripts/make_generated_files.bat # Logs appear out of sequence on Windows. Give time to catch up. - sleep 5 - scripts/windows_msbuild.bat v141 # Visual Studio 2017 From 1411c7c0d6ce956da378384ac634493e9c09972c Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 22 Apr 2021 14:50:16 +0200 Subject: [PATCH 164/188] Don't make configuration-independent files depend on config.h Don't regenerate configuration-independent files when config.h or crypto_config.h changes. These files only depend on the set of symbols present in the headers and not on which symbols are enabled. To avoid rebuilding the generated files whenever the configuration changes, don't declare the configuration as a dependency. In the rare event that a maintainer makes an edit to *config.h that affects the generated files, they'll have to remove the generated files. Signed-off-by: Gilles Peskine --- library/Makefile | 9 +++++++-- programs/Makefile | 7 ++++++- tests/Makefile | 7 ++++++- 3 files changed, 19 insertions(+), 4 deletions(-) diff --git a/library/Makefile b/library/Makefile index aff814d00d..90a477d431 100644 --- a/library/Makefile +++ b/library/Makefile @@ -279,14 +279,19 @@ generated_files: $(GENERATED_FILES) error.c: ../scripts/generate_errors.pl error.c: ../scripts/data_files/error.fmt -error.c: $(wildcard ../include/mbedtls/*.h) +error.c: $(filter-out %config%,$(wildcard ../include/mbedtls/*.h)) error.c: echo " Gen $@" $(PERL) ../scripts/generate_errors.pl version_features.c: ../scripts/generate_features.pl version_features.c: ../scripts/data_files/version_features.fmt -version_features.c: ../include/mbedtls/config.h +## The generated file only depends on the options that are present in config.h, +## not on which options are set. To avoid regenerating this file all the time +## when switching between configurations, don't declare config.h as a +## dependency. Remove this file from your working tree if you've just added or +## removed an option in config.h. +#version_features.c: ../include/mbedtls/config.h version_features.c: echo " Gen $@" $(PERL) ../scripts/generate_features.pl diff --git a/programs/Makefile b/programs/Makefile index b2ba08e135..5795cd6dac 100644 --- a/programs/Makefile +++ b/programs/Makefile @@ -146,7 +146,12 @@ psa/psa_constant_names_generated.c: $(PYTHON) ../scripts/generate_psa_constants.py test/query_config.c: ../scripts/generate_query_config.pl -test/query_config.c: ../include/mbedtls/config.h +## The generated file only depends on the options that are present in config.h, +## not on which options are set. To avoid regenerating this file all the time +## when switching between configurations, don't declare config.h as a +## dependency. Remove this file from your working tree if you've just added or +## removed an option in config.h. +#test/query_config.c: ../include/mbedtls/config.h test/query_config.c: ../scripts/data_files/query_config.fmt test/query_config.c: echo " Gen $@" diff --git a/tests/Makefile b/tests/Makefile index ef571698c3..c1620d6e72 100644 --- a/tests/Makefile +++ b/tests/Makefile @@ -64,7 +64,12 @@ GENERATED_FILES := $(GENERATED_DATA_FILES) generated_files: $(GENERATED_FILES) $(GENERATED_DATA_FILES): scripts/generate_psa_tests.py -$(GENERATED_DATA_FILES): ../include/psa/crypto_config.h +## The generated file only depends on the options that are present in +## crypto_config.h, not on which options are set. To avoid regenerating this +## file all the time when switching between configurations, don't declare +## crypto_config.h as a dependency. Remove this file from your working tree +## if you've just added or removed an option in crypto_config.h. +#$(GENERATED_DATA_FILES): ../include/psa/crypto_config.h $(GENERATED_DATA_FILES): ../include/psa/crypto_values.h $(GENERATED_DATA_FILES): ../include/psa/crypto_extra.h $(GENERATED_DATA_FILES): suites/test_suite_psa_crypto_metadata.data From b0fa9d209d96c429c22ef85f05e2094e32cefd04 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 22 Apr 2021 20:07:44 +0200 Subject: [PATCH 165/188] Don't require make to generate visualc files Don't run `make list` to obtain the list of programs in generate_visualc_files.pl. This doesn't work on Windows when a `make` command is not available. Instead, read the makefile. Signed-off-by: Gilles Peskine --- programs/Makefile | 117 ++++++++++++++++-------------- scripts/generate_visualc_files.pl | 8 +- 2 files changed, 66 insertions(+), 59 deletions(-) diff --git a/programs/Makefile b/programs/Makefile index 5795cd6dac..dcdb8f36db 100644 --- a/programs/Makefile +++ b/programs/Makefile @@ -51,72 +51,79 @@ SHARED_SUFFIX= PYTHON ?= $(shell if type python3 >/dev/null 2>/dev/null; then echo python3; else echo python; fi) endif +## The following assignment is the list of base names of applications that +## will be built on Windows. Extra Linux/Unix/POSIX-only applications can +## be declared by appending with `APPS += ...` afterwards. +## See the get_app_list function in scripts/generate_visualc_files.pl and +## make sure to check that it still works if you tweak the format here. APPS = \ - aes/crypt_and_hash$(EXEXT) \ - hash/generic_sum$(EXEXT) \ - hash/hello$(EXEXT) \ - pkey/dh_client$(EXEXT) \ - pkey/dh_genprime$(EXEXT) \ - pkey/dh_server$(EXEXT) \ - pkey/ecdh_curve25519$(EXEXT) \ - pkey/ecdsa$(EXEXT) \ - pkey/gen_key$(EXEXT) \ - pkey/key_app$(EXEXT) \ - pkey/key_app_writer$(EXEXT) \ - pkey/mpi_demo$(EXEXT) \ - pkey/pk_decrypt$(EXEXT) \ - pkey/pk_encrypt$(EXEXT) \ - pkey/pk_sign$(EXEXT) \ - pkey/pk_verify$(EXEXT) \ - pkey/rsa_decrypt$(EXEXT) \ - pkey/rsa_encrypt$(EXEXT) \ - pkey/rsa_genkey$(EXEXT) \ - pkey/rsa_sign$(EXEXT) \ - pkey/rsa_sign_pss$(EXEXT) \ - pkey/rsa_verify$(EXEXT) \ - pkey/rsa_verify_pss$(EXEXT) \ - psa/crypto_examples$(EXEXT) \ - psa/key_ladder_demo$(EXEXT) \ - psa/psa_constant_names$(EXEXT) \ - random/gen_entropy$(EXEXT) \ - random/gen_random_ctr_drbg$(EXEXT) \ - ssl/dtls_client$(EXEXT) \ - ssl/dtls_server$(EXEXT) \ - ssl/mini_client$(EXEXT) \ - ssl/ssl_client1$(EXEXT) \ - ssl/ssl_client2$(EXEXT) \ - ssl/ssl_context_info$(EXEXT) \ - ssl/ssl_fork_server$(EXEXT) \ - ssl/ssl_mail_client$(EXEXT) \ - ssl/ssl_server$(EXEXT) \ - ssl/ssl_server2$(EXEXT) \ - test/benchmark$(EXEXT) \ - test/query_compile_time_config$(EXEXT) \ - test/selftest$(EXEXT) \ - test/udp_proxy$(EXEXT) \ - test/zeroize$(EXEXT) \ - util/pem2der$(EXEXT) \ - util/strerror$(EXEXT) \ - x509/cert_app$(EXEXT) \ - x509/cert_req$(EXEXT) \ - x509/cert_write$(EXEXT) \ - x509/crl_app$(EXEXT) \ - x509/req_app$(EXEXT) \ + aes/crypt_and_hash \ + hash/generic_sum \ + hash/hello \ + pkey/dh_client \ + pkey/dh_genprime \ + pkey/dh_server \ + pkey/ecdh_curve25519 \ + pkey/ecdsa \ + pkey/gen_key \ + pkey/key_app \ + pkey/key_app_writer \ + pkey/mpi_demo \ + pkey/pk_decrypt \ + pkey/pk_encrypt \ + pkey/pk_sign \ + pkey/pk_verify \ + pkey/rsa_decrypt \ + pkey/rsa_encrypt \ + pkey/rsa_genkey \ + pkey/rsa_sign \ + pkey/rsa_sign_pss \ + pkey/rsa_verify \ + pkey/rsa_verify_pss \ + psa/crypto_examples \ + psa/key_ladder_demo \ + psa/psa_constant_names \ + random/gen_entropy \ + random/gen_random_ctr_drbg \ + ssl/dtls_client \ + ssl/dtls_server \ + ssl/mini_client \ + ssl/ssl_client1 \ + ssl/ssl_client2 \ + ssl/ssl_context_info \ + ssl/ssl_fork_server \ + ssl/ssl_mail_client \ + ssl/ssl_server \ + ssl/ssl_server2 \ + test/benchmark \ + test/query_compile_time_config \ + test/selftest \ + test/udp_proxy \ + test/zeroize \ + util/pem2der \ + util/strerror \ + x509/cert_app \ + x509/cert_req \ + x509/cert_write \ + x509/crl_app \ + x509/req_app \ # End of APPS ifdef PTHREAD -APPS += ssl/ssl_pthread_server$(EXEXT) +APPS += ssl/ssl_pthread_server endif ifdef TEST_CPP -APPS += test/cpp_dummy_build$(EXEXT) +APPS += test/cpp_dummy_build endif +EXES = $(patsubst %,%$(EXEXT),$(APPS)) + .SILENT: .PHONY: all clean list fuzz -all: $(APPS) +all: $(EXES) ifndef WINDOWS # APPS doesn't include the fuzzing programs, which aren't "normal" # sample or test programs, and don't build with MSVC which is @@ -382,7 +389,7 @@ psa/crypto_examples$(EXEXT): psa/crypto_examples.c $(DEP) clean: ifndef WINDOWS - rm -f $(APPS) + rm -f $(EXES) -rm -f ssl/ssl_pthread_server$(EXEXT) -rm -f test/cpp_dummy_build$(EXEXT) else @@ -399,4 +406,4 @@ else endif list: - echo $(APPS) + echo $(EXES) diff --git a/scripts/generate_visualc_files.pl b/scripts/generate_visualc_files.pl index d11041c318..f325e9a98d 100755 --- a/scripts/generate_visualc_files.pl +++ b/scripts/generate_visualc_files.pl @@ -177,10 +177,10 @@ sub gen_app { } sub get_app_list { - my $app_list = `cd $programs_dir && make list`; - die "make list failed: $!\n" if $?; - - return split /\s+/, $app_list; + my $makefile_contents = slurp_file('programs/Makefile'); + $makefile_contents =~ /\n\s*APPS\s*=[\\\s]*(.*?)(? Date: Thu, 22 Apr 2021 20:09:25 +0200 Subject: [PATCH 166/188] Simplify line ending management and make it work on Windows Instead of manipulating CR explicitly to cope with CRLF (Windows) line endings in input and produce output with CRLF line endings, just convert files from/to CRLF line endings when reading/writing. The minimum required Perl version remains 5.8, since this both the version that introduced Digest::MD5 (which was used before this patch) and the version that introduced open "<:crlf" (which this patch introduces). Signed-off-by: Gilles Peskine --- scripts/generate_visualc_files.pl | 51 +++++++++++++++---------------- 1 file changed, 25 insertions(+), 26 deletions(-) diff --git a/scripts/generate_visualc_files.pl b/scripts/generate_visualc_files.pl index f325e9a98d..5500c6fad9 100755 --- a/scripts/generate_visualc_files.pl +++ b/scripts/generate_visualc_files.pl @@ -79,31 +79,30 @@ my @excluded_files = qw( my %excluded_files = (); foreach (@excluded_files) { $excluded_files{$_} = 1 } -# Need windows line endings! my $vsx_hdr_tpl = <\r + EOT my $vsx_src_tpl = <\r + EOT my $vsx_sln_app_entry_tpl = <; close $fh; @@ -137,7 +136,7 @@ sub slurp_file { sub content_to_file { my ($content, $filename) = @_; - open my $fh, '>', $filename or die "Could not write to $filename\n"; + open my $fh, '>:crlf', $filename or die "Could not write to $filename\n"; print $fh $content; close $fh; } @@ -161,17 +160,17 @@ sub gen_app { my $srcs = ""; if( $appname eq "ssl_client2" or $appname eq "ssl_server2" or $appname eq "query_compile_time_config" ) { - $srcs .= "\r\n "; + $srcs .= "\n "; } if( $appname eq "ssl_client2" or $appname eq "ssl_server2" ) { - $srcs .= "\r\n "; + $srcs .= "\n "; } my $content = $template; $content =~ s//$srcs/g; $content =~ s//$appname/g; $content =~ s//$guid/g; - $content =~ s/INCLUDE_DIRECTORIES\r\n/$include_directories/g; + $content =~ s/INCLUDE_DIRECTORIES\n/$include_directories/g; content_to_file( $content, "$dir/$appname.$ext" ); } @@ -214,9 +213,9 @@ sub gen_main_file { my $source_entries = gen_entry_list( $src_tpl, @$sources ); my $out = slurp_file( $main_tpl ); - $out =~ s/SOURCE_ENTRIES\r\n/$source_entries/m; - $out =~ s/HEADER_ENTRIES\r\n/$header_entries/m; - $out =~ s/INCLUDE_DIRECTORIES\r\n/$library_include_directories/g; + $out =~ s/SOURCE_ENTRIES\n/$source_entries/m; + $out =~ s/HEADER_ENTRIES\n/$header_entries/m; + $out =~ s/INCLUDE_DIRECTORIES\n/$library_include_directories/g; content_to_file( $out, $main_out ); } @@ -242,8 +241,8 @@ sub gen_vsx_solution { } my $out = slurp_file( $vsx_sln_tpl_file ); - $out =~ s/APP_ENTRIES\r\n/$app_entries/m; - $out =~ s/CONF_ENTRIES\r\n/$conf_entries/m; + $out =~ s/APP_ENTRIES\n/$app_entries/m; + $out =~ s/CONF_ENTRIES\n/$conf_entries/m; content_to_file( $out, $vsx_sln_file ); } From a4d3273fc7a0a3a5f834b05fb293cb67de6eabf5 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 23 Apr 2021 09:44:59 +0200 Subject: [PATCH 167/188] Accept Windows line endings on inputs on any platform Accept Windows line endings in input files on any platform. This makes the scripts work even when running a Unix perl with a source tree that has Windows line endings, as happens for example on our Travis Windows instances. This change is harmless in the common case where the input has the platform's default line endings. Signed-off-by: Gilles Peskine --- scripts/generate_errors.pl | 4 ++-- scripts/generate_features.pl | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/scripts/generate_errors.pl b/scripts/generate_errors.pl index ed17a0dbdf..606714f991 100755 --- a/scripts/generate_errors.pl +++ b/scripts/generate_errors.pl @@ -56,7 +56,7 @@ my @high_level_modules = qw( CIPHER DHM ECP MD my $line_separator = $/; undef $/; -open(FORMAT_FILE, "$error_format_file") or die "Opening error format file '$error_format_file': $!"; +open(FORMAT_FILE, '<:crlf', "$error_format_file") or die "Opening error format file '$error_format_file': $!"; my $error_format = ; close(FORMAT_FILE); @@ -66,7 +66,7 @@ my @files = <$include_dir/*.h>; my @necessary_include_files; my @matches; foreach my $file (@files) { - open(FILE, "$file"); + open(FILE, '<:crlf', "$file"); my @grep_res = grep(/^\s*#define\s+MBEDTLS_ERR_\w+\s+\-0x[0-9A-Fa-f]+/, ); push(@matches, @grep_res); close FILE; diff --git a/scripts/generate_features.pl b/scripts/generate_features.pl index 74a95279be..6b1dcbf897 100755 --- a/scripts/generate_features.pl +++ b/scripts/generate_features.pl @@ -45,13 +45,13 @@ my @sections = ( "System support", "mbed TLS modules", my $line_separator = $/; undef $/; -open(FORMAT_FILE, "$feature_format_file") or die "Opening feature format file '$feature_format_file': $!"; +open(FORMAT_FILE, '<:crlf', "$feature_format_file") or die "Opening feature format file '$feature_format_file': $!"; my $feature_format = ; close(FORMAT_FILE); $/ = $line_separator; -open(CONFIG_H, "$include_dir/config.h") || die("Failure when opening config.h: $!"); +open(CONFIG_H, '<:crlf', "$include_dir/config.h") || die("Failure when opening config.h: $!"); my $feature_defines = ""; my $in_section = 0; From 9d1edb6224e257354d11ee99793315ead7673814 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 23 Apr 2021 22:07:25 +0200 Subject: [PATCH 168/188] If $CC looks like MSVC, use a compatible command line syntax Signed-off-by: Gilles Peskine --- scripts/mbedtls_dev/c_build_helper.py | 15 ++++++++++++--- 1 file changed, 12 insertions(+), 3 deletions(-) diff --git a/scripts/mbedtls_dev/c_build_helper.py b/scripts/mbedtls_dev/c_build_helper.py index 5c587a16bb..9215d648ca 100644 --- a/scripts/mbedtls_dev/c_build_helper.py +++ b/scripts/mbedtls_dev/c_build_helper.py @@ -108,6 +108,10 @@ def get_c_expression_values( * ``keep_c``: if true, keep the temporary C file (presumably for debugging purposes). + Use the C compiler specified by the ``CC`` environment variable, defaulting + to ``cc``. If ``CC`` looks like MSVC, use its command line syntax, + otherwise assume the compiler supports Unix traditional ``-I`` and ``-o``. + Return the list of values of the ``expressions``. """ if include_path is None: @@ -124,9 +128,14 @@ def get_c_expression_values( ) c_file.close() cc = os.getenv('CC', 'cc') - subprocess.check_call([cc] + - ['-I' + dir for dir in include_path] + - ['-o', exe_name, c_name]) + cc_is_msvc = ('\\' + cc).lower().endswith('\\cl.exe') + cmd = [cc] + cmd += ['-I' + dir for dir in include_path] + # MSVC doesn't support -o to specify the output file, but we use its + # default output file name. + if not cc_is_msvc: + cmd += ['-o', exe_name] + subprocess.check_call(cmd + [c_name]) if keep_c: sys.stderr.write('List of {} tests kept at {}\n' .format(caller, c_name)) From d2968bd12226f03c728bde3de06a396eeaeff1f8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bence=20Sz=C3=A9pk=C3=BAti?= Date: Thu, 6 May 2021 09:55:44 +0200 Subject: [PATCH 169/188] Explicitly specify exit code for "exit /b" MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit "exit /b" without an explicit exit value doesn't copy the value of the last command executed, causing issues on Jenkins. Signed-off-by: Bence Szépkúti --- scripts/make_generated_files.bat | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/scripts/make_generated_files.bat b/scripts/make_generated_files.bat index 4c4b53eeab..e4465d8f09 100644 --- a/scripts/make_generated_files.bat +++ b/scripts/make_generated_files.bat @@ -1,9 +1,9 @@ @rem Generate automatically-generated configuration-independent source files @rem and build scripts. @rem Perl and Python 3 must be on the PATH. -perl scripts\generate_errors.pl || exit /b -perl scripts\generate_query_config.pl || exit /b -perl scripts\generate_features.pl || exit /b -perl scripts\generate_visualc_files.pl || exit /b -python scripts\generate_psa_constants.py || exit /b -python tests\scripts\generate_psa_tests.py || exit /b +perl scripts\generate_errors.pl || exit /b 1 +perl scripts\generate_query_config.pl || exit /b 1 +perl scripts\generate_features.pl || exit /b 1 +perl scripts\generate_visualc_files.pl || exit /b 1 +python scripts\generate_psa_constants.py || exit /b 1 +python tests\scripts\generate_psa_tests.py || exit /b 1 From cabae3d29ee81536388fb411016997354359c509 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bence=20Sz=C3=A9pk=C3=BAti?= Date: Thu, 6 May 2021 15:14:16 +0200 Subject: [PATCH 170/188] Specify output name for MSVC as well MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The output file was being created in the working directory, instead of the temp directory. Signed-off-by: Bence Szépkúti --- scripts/mbedtls_dev/c_build_helper.py | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/scripts/mbedtls_dev/c_build_helper.py b/scripts/mbedtls_dev/c_build_helper.py index 9215d648ca..ddef10fbe2 100644 --- a/scripts/mbedtls_dev/c_build_helper.py +++ b/scripts/mbedtls_dev/c_build_helper.py @@ -95,7 +95,7 @@ def get_c_expression_values( caller=__name__, file_label='', header='', include_path=None, keep_c=False, -): # pylint: disable=too-many-arguments +): # pylint: disable=too-many-arguments, too-many-locals """Generate and run a program to print out numerical values for expressions. * ``cast_to``: a C type. @@ -131,10 +131,9 @@ def get_c_expression_values( cc_is_msvc = ('\\' + cc).lower().endswith('\\cl.exe') cmd = [cc] cmd += ['-I' + dir for dir in include_path] - # MSVC doesn't support -o to specify the output file, but we use its - # default output file name. - if not cc_is_msvc: - cmd += ['-o', exe_name] + # MSVC has deprecated using -o to specify the output file. + output_opt = '-Fe' if cc_is_msvc else '-o' + cmd += [output_opt + exe_name] subprocess.check_call(cmd + [c_name]) if keep_c: sys.stderr.write('List of {} tests kept at {}\n' From 9e84ec771192360c5c6db056285b784ea70883a6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bence=20Sz=C3=A9pk=C3=BAti?= Date: Fri, 7 May 2021 11:49:17 +0200 Subject: [PATCH 171/188] Always use posix semantics when joining paths MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The backslashes were causing issues with Makefile rules. Signed-off-by: Bence Szépkúti --- tests/scripts/generate_psa_tests.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/tests/scripts/generate_psa_tests.py b/tests/scripts/generate_psa_tests.py index ab8ebffe44..30f82db257 100755 --- a/tests/scripts/generate_psa_tests.py +++ b/tests/scripts/generate_psa_tests.py @@ -22,6 +22,7 @@ generate only the specified files. import argparse import os +import posixpath import re import sys from typing import Callable, Dict, FrozenSet, Iterable, Iterator, List, Optional, TypeVar @@ -399,7 +400,7 @@ class TestGenerator: def filename_for(self, basename: str) -> str: """The location of the data file with the specified base name.""" - return os.path.join(self.test_suite_directory, basename + '.data') + return posixpath.join(self.test_suite_directory, basename + '.data') def write_test_data_file(self, basename: str, test_cases: Iterable[test_case.TestCase]) -> None: From 3bd51b0bb11e4e3ff0c3b8b8c97e9c30093e1de5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bence=20Sz=C3=A9pk=C3=BAti?= Date: Fri, 7 May 2021 15:10:39 +0200 Subject: [PATCH 172/188] Improve MSVC detection MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Bence Szépkúti --- scripts/mbedtls_dev/c_build_helper.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/mbedtls_dev/c_build_helper.py b/scripts/mbedtls_dev/c_build_helper.py index ddef10fbe2..e9e65c30ac 100644 --- a/scripts/mbedtls_dev/c_build_helper.py +++ b/scripts/mbedtls_dev/c_build_helper.py @@ -128,7 +128,7 @@ def get_c_expression_values( ) c_file.close() cc = os.getenv('CC', 'cc') - cc_is_msvc = ('\\' + cc).lower().endswith('\\cl.exe') + cc_is_msvc = os.path.split(cc)[1].lower() in ('cl', 'cl.exe') cmd = [cc] cmd += ['-I' + dir for dir in include_path] # MSVC has deprecated using -o to specify the output file. From d05a588f19e9298794e08aecedc7cbe7bc52896e Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 17 May 2021 23:57:42 +0200 Subject: [PATCH 173/188] Document how to build the generated source files Signed-off-by: Gilles Peskine --- README.md | 25 +++++++++++++++++++++++-- 1 file changed, 23 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index ee6ad52a31..3f41a0d76d 100644 --- a/README.md +++ b/README.md @@ -51,8 +51,27 @@ You need the following tools to build the library with the provided makefiles: * GNU Make or a build tool that CMake supports. * A C99 toolchain (compiler, linker, archiver). We actively test with GCC 5.4, Clang 3.8, IAR8 and Visual Studio 2013. More recent versions should work. Slightly older versions may work. -* Python 3 to generate the test code. -* Perl to run the tests. +* Python 3 to generate the test code, and to generate sample programs in the development branch. +* Perl to run the tests, and to generate some source files in the development branch. + +### Generated source files in the development branch + +The source code of Mbed TLS includes some files that are automatically generated by scripts and whose content depends only on the Mbed TLS source, not on the platform or on the library configuration. These files are not included in the development branch of Mbed TLS, but the generated files are included in official releases. This section explains how to generate the missing files in the development branch. + +The following tools are required: + +* Perl, for some library source files and for Visual Studio build files. +* Python 3, for some sample programs and test data. +* A C compiler for the host platform, for some test data. + +If you are cross-compiling, you must set the `CC` environment variable to a C compiler for the host platform when generating the configuration-independent files. + +Any of the following methods are available to generate the configuration-independent files: + +* If not cross-compiling, running `make` with any target, or just `make`, will automatically generate required files. +* Run `make generated_files` to generate all the configuration-independent files. +* On Unix/POSIX systems, run `tests/scripts/check-generated-files.sh -u` to generate all the configuration-independent files. +* On Windows, run `scripts\make_generated_files.bat` to generate all the configuration-independent files. ### Make @@ -174,6 +193,8 @@ The build files for Microsoft Visual Studio are generated for Visual Studio 2010 The solution file `mbedTLS.sln` contains all the basic projects needed to build the library and all the programs. The files in tests are not generated and compiled, as these need Python and perl environments as well. However, the selftest program in `programs/test/` is still available. +In the development branch of Mbed TLS, the Visual Studio solution files need to be generated first as described in [“Generated source files in the development branch”](#generated-source-files-in-the-development-branch). + Example programs ---------------- From 383339c1f11ac250e5d8186f728ebcff057c52f2 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 17 May 2021 23:58:01 +0200 Subject: [PATCH 174/188] Changelog entry for the requirement to generate source files Signed-off-by: Gilles Peskine --- ChangeLog.d/no-generated-files.txt | 7 +++++++ 1 file changed, 7 insertions(+) create mode 100644 ChangeLog.d/no-generated-files.txt diff --git a/ChangeLog.d/no-generated-files.txt b/ChangeLog.d/no-generated-files.txt new file mode 100644 index 0000000000..0f9648a99e --- /dev/null +++ b/ChangeLog.d/no-generated-files.txt @@ -0,0 +1,7 @@ +Requirement changes + * If you build the development version of Mbed TLS, rather than an official + release, some configuration-independent files are now generated at build + time rather than checked into source control. This includes some library + source files as well as the Visual Studio solution. Perl, Python 3 and a + C compiler for the host platform are required. See “Generated source files + in the development branch” in README.md for more information. From 7261fff37b53fb7db25827af662010288929e1dc Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 18 May 2021 14:39:40 +0200 Subject: [PATCH 175/188] Switch assemble_changelog to using text strings MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Changelog contents should be UTF-8 text files. There's no need to be binary-safe. So switch to using text strings in Python (str, not bytes). This commit makes the following changes: * Bytes literals (b'…') to string literals ('…'). * Subprocess output (which is all git information) is decoded as ascii. * Inject text directly in exceptions rather than calling a decode method. This is enough to make the script work as desired in a UTF-8 locale. Signed-off-by: Gilles Peskine --- scripts/assemble_changelog.py | 78 +++++++++++++++++------------------ 1 file changed, 39 insertions(+), 39 deletions(-) diff --git a/scripts/assemble_changelog.py b/scripts/assemble_changelog.py index 56d6c37e19..1699955235 100755 --- a/scripts/assemble_changelog.py +++ b/scripts/assemble_changelog.py @@ -63,15 +63,15 @@ class LostContent(Exception): # The category names we use in the changelog. # If you edit this, update ChangeLog.d/README.md. STANDARD_CATEGORIES = ( - b'API changes', - b'Default behavior changes', - b'Requirement changes', - b'New deprecations', - b'Removals', - b'Features', - b'Security', - b'Bugfix', - b'Changes', + 'API changes', + 'Default behavior changes', + 'Requirement changes', + 'New deprecations', + 'Removals', + 'Features', + 'Security', + 'Bugfix', + 'Changes', ) # The maximum line length for an entry @@ -122,13 +122,13 @@ class ChangelogFormat: class TextChangelogFormat(ChangelogFormat): """The traditional Mbed TLS changelog format.""" - _unreleased_version_text = b'= mbed TLS x.x.x branch released xxxx-xx-xx' + _unreleased_version_text = '= mbed TLS x.x.x branch released xxxx-xx-xx' @classmethod def is_released_version(cls, title): # Look for an incomplete release date - return not re.search(br'[0-9x]{4}-[0-9x]{2}-[0-9x]?x', title) + return not re.search(r'[0-9x]{4}-[0-9x]{2}-[0-9x]?x', title) - _top_version_re = re.compile(br'(?:\A|\n)(=[^\n]*\n+)(.*?\n)(?:=|$)', + _top_version_re = re.compile(r'(?:\A|\n)(=[^\n]*\n+)(.*?\n)(?:=|$)', re.DOTALL) @classmethod def extract_top_version(cls, changelog_file_content): @@ -140,17 +140,17 @@ class TextChangelogFormat(ChangelogFormat): top_version_body = m.group(2) if cls.is_released_version(top_version_title): top_version_end = top_version_start - top_version_title = cls._unreleased_version_text + b'\n\n' - top_version_body = b'' + top_version_title = cls._unreleased_version_text + '\n\n' + top_version_body = '' return (changelog_file_content[:top_version_start], top_version_title, top_version_body, changelog_file_content[top_version_end:]) @classmethod def version_title_text(cls, version_title): - return re.sub(br'\n.*', version_title, re.DOTALL) + return re.sub(r'\n.*', version_title, re.DOTALL) - _category_title_re = re.compile(br'(^\w.*)\n+', re.MULTILINE) + _category_title_re = re.compile(r'(^\w.*)\n+', re.MULTILINE) @classmethod def split_categories(cls, version_body): """A category title is a line with the title in column 0.""" @@ -163,10 +163,10 @@ class TextChangelogFormat(ChangelogFormat): title_starts = [m.start(1) for m in title_matches] body_starts = [m.end(0) for m in title_matches] body_ends = title_starts[1:] + [len(version_body)] - bodies = [version_body[body_start:body_end].rstrip(b'\n') + b'\n' + bodies = [version_body[body_start:body_end].rstrip('\n') + '\n' for (body_start, body_end) in zip(body_starts, body_ends)] - title_lines = [version_body[:pos].count(b'\n') for pos in title_starts] - body_lines = [version_body[:pos].count(b'\n') for pos in body_starts] + title_lines = [version_body[:pos].count('\n') for pos in title_starts] + body_lines = [version_body[:pos].count('\n') for pos in body_starts] return [CategoryContent(title_match.group(1), title_line, body, body_line) for title_match, title_line, body, body_line @@ -176,9 +176,9 @@ class TextChangelogFormat(ChangelogFormat): def format_category(cls, title, body): # `split_categories` ensures that each body ends with a newline. # Make sure that there is additionally a blank line between categories. - if not body.endswith(b'\n\n'): - body += b'\n' - return title + b'\n' + body + if not body.endswith('\n\n'): + body += '\n' + return title + '\n' + body class ChangeLog: """An Mbed TLS changelog. @@ -199,10 +199,10 @@ class ChangeLog: # Only accept dotted version numbers (e.g. "3.1", not "3"). # Refuse ".x" in a version number where x is a letter: this indicates # a version that is not yet released. Something like "3.1a" is accepted. - _version_number_re = re.compile(br'[0-9]+\.[0-9A-Za-z.]+') - _incomplete_version_number_re = re.compile(br'.*\.[A-Za-z]') - _only_url_re = re.compile(br'^\s*\w+://\S+\s*$') - _has_url_re = re.compile(br'.*://.*') + _version_number_re = re.compile(r'[0-9]+\.[0-9A-Za-z.]+') + _incomplete_version_number_re = re.compile(r'.*\.[A-Za-z]') + _only_url_re = re.compile(r'^\s*\w+://\S+\s*$') + _has_url_re = re.compile(r'.*://.*') def add_categories_from_text(self, filename, line_offset, text, allow_unknown_category): @@ -218,7 +218,7 @@ class ChangeLog: raise InputFormatError(filename, line_offset + category.title_line, 'Unknown category: "{}"', - category.name.decode('utf8')) + category.name) body_split = category.body.splitlines() @@ -250,8 +250,8 @@ class ChangeLog: # Split the top version section into categories. self.categories = OrderedDict() for category in STANDARD_CATEGORIES: - self.categories[category] = b'' - offset = (self.header + self.top_version_title).count(b'\n') + 1 + self.categories[category] = '' + offset = (self.header + self.top_version_title).count('\n') + 1 self.add_categories_from_text(input_stream.name, offset, top_version_body, True) @@ -264,7 +264,7 @@ class ChangeLog: def write(self, filename): """Write the changelog to the specified file. """ - with open(filename, 'wb') as out: + with open(filename, 'w') as out: out.write(self.header) out.write(self.top_version_title) for title, body in self.categories.items(): @@ -303,7 +303,7 @@ class EntryFileSortKey: hashes = subprocess.check_output(['git', 'log', '--format=%H', '--follow', '--', filename]) - m = re.search(b'(.+)$', hashes) + m = re.search('(.+)$', hashes.decode('ascii')) if not m: # The git output is empty. This means that the file was # never checked in. @@ -320,8 +320,8 @@ class EntryFileSortKey: """ text = subprocess.check_output(['git', 'rev-list', '--merges', *options, - b'..'.join([some_hash, target])]) - return text.rstrip(b'\n').split(b'\n') + '..'.join([some_hash, target])]) + return text.decode('ascii').rstrip('\n').split('\n') @classmethod def merge_hash(cls, some_hash): @@ -329,7 +329,7 @@ class EntryFileSortKey: Return None if the given commit was never merged. """ - target = b'HEAD' + target = 'HEAD' # List the merges from some_hash to the target in two ways. # The ancestry list is the ones that are both descendants of # some_hash and ancestors of the target. @@ -407,12 +407,12 @@ def check_output(generated_output_file, main_input_file, merged_files): is also present in an output file. This is not perfect but good enough for now. """ - generated_output = set(open(generated_output_file, 'rb')) - for line in open(main_input_file, 'rb'): + generated_output = set(open(generated_output_file, 'r')) + for line in open(main_input_file, 'r'): if line not in generated_output: raise LostContent('original file', line) for merged_file in merged_files: - for line in open(merged_file, 'rb'): + for line in open(merged_file, 'r'): if line not in generated_output: raise LostContent(merged_file, line) @@ -455,14 +455,14 @@ def merge_entries(options): Write the new changelog to options.output. Remove the merged entries if options.keep_entries is false. """ - with open(options.input, 'rb') as input_file: + with open(options.input, 'r') as input_file: changelog = ChangeLog(input_file, TextChangelogFormat) files_to_merge = list_files_to_merge(options) if not files_to_merge: sys.stderr.write('There are no pending changelog entries.\n') return for filename in files_to_merge: - with open(filename, 'rb') as input_file: + with open(filename, 'r') as input_file: changelog.add_file(input_file) finish_output(changelog, options.output, options.input, files_to_merge) if not options.keep_entries: From e151e21ae34c3031b6b79b00d86f5d987c1eb2d8 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 18 May 2021 14:49:02 +0200 Subject: [PATCH 176/188] Explicitly use UTF-8 in assemble_changelog Changelog contents should be UTF-8 text files. So explicitly open all files as UTF-8. This makes the script independent of the ambient locale (except with respect to exception messages, but we can live with that). Signed-off-by: Gilles Peskine --- scripts/assemble_changelog.py | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/scripts/assemble_changelog.py b/scripts/assemble_changelog.py index 1699955235..b8a63c9e93 100755 --- a/scripts/assemble_changelog.py +++ b/scripts/assemble_changelog.py @@ -264,7 +264,7 @@ class ChangeLog: def write(self, filename): """Write the changelog to the specified file. """ - with open(filename, 'w') as out: + with open(filename, 'w', encoding='utf-8') as out: out.write(self.header) out.write(self.top_version_title) for title, body in self.categories.items(): @@ -407,12 +407,12 @@ def check_output(generated_output_file, main_input_file, merged_files): is also present in an output file. This is not perfect but good enough for now. """ - generated_output = set(open(generated_output_file, 'r')) - for line in open(main_input_file, 'r'): + generated_output = set(open(generated_output_file, 'r', encoding='utf-8')) + for line in open(main_input_file, 'r', encoding='utf-8'): if line not in generated_output: raise LostContent('original file', line) for merged_file in merged_files: - for line in open(merged_file, 'r'): + for line in open(merged_file, 'r', encoding='utf-8'): if line not in generated_output: raise LostContent(merged_file, line) @@ -455,14 +455,14 @@ def merge_entries(options): Write the new changelog to options.output. Remove the merged entries if options.keep_entries is false. """ - with open(options.input, 'r') as input_file: + with open(options.input, 'r', encoding='utf-8') as input_file: changelog = ChangeLog(input_file, TextChangelogFormat) files_to_merge = list_files_to_merge(options) if not files_to_merge: sys.stderr.write('There are no pending changelog entries.\n') return for filename in files_to_merge: - with open(filename, 'r') as input_file: + with open(filename, 'r', encoding='utf-8') as input_file: changelog.add_file(input_file) finish_output(changelog, options.output, options.input, files_to_merge) if not options.keep_entries: From b32966dd92cf9bf7ada5d4700570cbf55cef5243 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 18 May 2021 14:58:09 +0200 Subject: [PATCH 177/188] In update mode, create the files if they don't exist `check-generated-files -u` aborted if one of the generated files didn't exist. Now it treats a missing file as an out-of-date file. Signed-off-by: Gilles Peskine --- tests/scripts/check-generated-files.sh | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/tests/scripts/check-generated-files.sh b/tests/scripts/check-generated-files.sh index 23b3148a35..ea0aadd110 100755 --- a/tests/scripts/check-generated-files.sh +++ b/tests/scripts/check-generated-files.sh @@ -60,7 +60,11 @@ check() fi for FILE in $FILES; do - cp $FILE $FILE.bak + if [ -e "$FILE" ]; then + cp "$FILE" "$FILE.bak" + else + rm -f "$FILE.bak" + fi done $SCRIPT @@ -76,7 +80,7 @@ check() if [ -z "$UPDATE" ]; then mv $FILE.bak $FILE else - rm $FILE.bak + rm -f "$FILE.bak" fi if [ -d $TO_CHECK ]; then From fa6bf1e588377cfe77b025a3613cbbf6772bc70d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bence=20Sz=C3=A9pk=C3=BAti?= Date: Mon, 10 May 2021 20:50:07 +0200 Subject: [PATCH 178/188] Detect MSVC without relying on compiler filename MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Bence Szépkúti --- scripts/mbedtls_dev/c_build_helper.py | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/scripts/mbedtls_dev/c_build_helper.py b/scripts/mbedtls_dev/c_build_helper.py index e9e65c30ac..569ebf064a 100644 --- a/scripts/mbedtls_dev/c_build_helper.py +++ b/scripts/mbedtls_dev/c_build_helper.py @@ -89,6 +89,7 @@ int main(void) } ''') +_cc_is_msvc = None #pylint: disable=invalid-name def get_c_expression_values( cast_to, printf_format, expressions, @@ -128,11 +129,20 @@ def get_c_expression_values( ) c_file.close() cc = os.getenv('CC', 'cc') - cc_is_msvc = os.path.split(cc)[1].lower() in ('cl', 'cl.exe') cmd = [cc] + + global _cc_is_msvc #pylint: disable=global-statement,invalid-name + if _cc_is_msvc is None: + proc = subprocess.Popen(cmd, + stdout=subprocess.DEVNULL, + stderr=subprocess.PIPE, + universal_newlines=True) + _cc_is_msvc = 'Microsoft (R) C/C++ Optimizing Compiler' in \ + proc.communicate()[1] + cmd += ['-I' + dir for dir in include_path] # MSVC has deprecated using -o to specify the output file. - output_opt = '-Fe' if cc_is_msvc else '-o' + output_opt = '-Fe' if _cc_is_msvc else '-o' cmd += [output_opt + exe_name] subprocess.check_call(cmd + [c_name]) if keep_c: From 24c29fe7c3a8f5c32902ed0722bb97e1ddd50903 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bence=20Sz=C3=A9pk=C3=BAti?= Date: Mon, 10 May 2021 23:56:29 +0200 Subject: [PATCH 179/188] Clean up object files produced by MSVC MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Bence Szépkúti --- scripts/mbedtls_dev/c_build_helper.py | 17 ++++++++++++----- 1 file changed, 12 insertions(+), 5 deletions(-) diff --git a/scripts/mbedtls_dev/c_build_helper.py b/scripts/mbedtls_dev/c_build_helper.py index 569ebf064a..4ce96ebfaa 100644 --- a/scripts/mbedtls_dev/c_build_helper.py +++ b/scripts/mbedtls_dev/c_build_helper.py @@ -45,9 +45,11 @@ def create_c_file(file_label): suffix='.c') exe_suffix = '.exe' if platform.system() == 'Windows' else '' exe_name = c_name[:-2] + exe_suffix + obj_name = c_name[:-2] + '.obj' remove_file_if_exists(exe_name) + remove_file_if_exists(obj_name) c_file = os.fdopen(c_fd, 'w', encoding='ascii') - return c_file, c_name, exe_name + return c_file, c_name, exe_name, obj_name def generate_c_printf_expressions(c_file, cast_to, printf_format, expressions): """Generate C instructions to print the value of ``expressions``. @@ -120,7 +122,7 @@ def get_c_expression_values( c_name = None exe_name = None try: - c_file, c_name, exe_name = create_c_file(file_label) + c_file, c_name, exe_name, obj_name = create_c_file(file_label) generate_c_file( c_file, caller, header, lambda c_file: generate_c_printf_expressions(c_file, @@ -141,15 +143,20 @@ def get_c_expression_values( proc.communicate()[1] cmd += ['-I' + dir for dir in include_path] - # MSVC has deprecated using -o to specify the output file. - output_opt = '-Fe' if _cc_is_msvc else '-o' - cmd += [output_opt + exe_name] + if _cc_is_msvc: + # MSVC has deprecated using -o to specify the output file, + # and produces an object file in the working directory by default. + cmd += ['-Fe' + exe_name, '-Fo' + obj_name] + else: + cmd += ['-o' + exe_name] subprocess.check_call(cmd + [c_name]) if keep_c: sys.stderr.write('List of {} tests kept at {}\n' .format(caller, c_name)) else: os.remove(c_name) + if _cc_is_msvc: + os.remove(obj_name) output = subprocess.check_output([exe_name]) return output.decode('ascii').strip().split('\n') finally: From 0671dd31074e232bb8de05c9a5da357d71cd394f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bence=20Sz=C3=A9pk=C3=BAti?= Date: Wed, 12 May 2021 09:49:45 +0200 Subject: [PATCH 180/188] Add notice of caching whether the compiler is MSVC MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Bence Szépkúti --- scripts/mbedtls_dev/c_build_helper.py | 3 +++ 1 file changed, 3 insertions(+) diff --git a/scripts/mbedtls_dev/c_build_helper.py b/scripts/mbedtls_dev/c_build_helper.py index 4ce96ebfaa..d02deb35a4 100644 --- a/scripts/mbedtls_dev/c_build_helper.py +++ b/scripts/mbedtls_dev/c_build_helper.py @@ -115,6 +115,9 @@ def get_c_expression_values( to ``cc``. If ``CC`` looks like MSVC, use its command line syntax, otherwise assume the compiler supports Unix traditional ``-I`` and ``-o``. + NOTE: This function only checks the identity of the compiler referred to by + ``CC`` on its first invocation, and caches the result. + Return the list of values of the ``expressions``. """ if include_path is None: From 46d894925dfa4f06fbae719dc43d2eddf4aeed1c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bence=20Sz=C3=A9pk=C3=BAti?= Date: Wed, 12 May 2021 10:11:53 +0200 Subject: [PATCH 181/188] Move object file handling out of create_c_file() MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Bence Szépkúti --- scripts/mbedtls_dev/c_build_helper.py | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/scripts/mbedtls_dev/c_build_helper.py b/scripts/mbedtls_dev/c_build_helper.py index d02deb35a4..54c4e93d11 100644 --- a/scripts/mbedtls_dev/c_build_helper.py +++ b/scripts/mbedtls_dev/c_build_helper.py @@ -45,11 +45,9 @@ def create_c_file(file_label): suffix='.c') exe_suffix = '.exe' if platform.system() == 'Windows' else '' exe_name = c_name[:-2] + exe_suffix - obj_name = c_name[:-2] + '.obj' remove_file_if_exists(exe_name) - remove_file_if_exists(obj_name) c_file = os.fdopen(c_fd, 'w', encoding='ascii') - return c_file, c_name, exe_name, obj_name + return c_file, c_name, exe_name def generate_c_printf_expressions(c_file, cast_to, printf_format, expressions): """Generate C instructions to print the value of ``expressions``. @@ -124,8 +122,9 @@ def get_c_expression_values( include_path = [] c_name = None exe_name = None + obj_name = None try: - c_file, c_name, exe_name, obj_name = create_c_file(file_label) + c_file, c_name, exe_name = create_c_file(file_label) generate_c_file( c_file, caller, header, lambda c_file: generate_c_printf_expressions(c_file, @@ -149,6 +148,7 @@ def get_c_expression_values( if _cc_is_msvc: # MSVC has deprecated using -o to specify the output file, # and produces an object file in the working directory by default. + obj_name = exe_name[:-4] + '.obj' cmd += ['-Fe' + exe_name, '-Fo' + obj_name] else: cmd += ['-o' + exe_name] From 7c185503836057fc70af296d58572fd8143a9004 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bence=20Sz=C3=A9pk=C3=BAti?= Date: Wed, 12 May 2021 10:21:39 +0200 Subject: [PATCH 182/188] Remove object file in finally MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Bence Szépkúti --- scripts/mbedtls_dev/c_build_helper.py | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/scripts/mbedtls_dev/c_build_helper.py b/scripts/mbedtls_dev/c_build_helper.py index 54c4e93d11..833db465f2 100644 --- a/scripts/mbedtls_dev/c_build_helper.py +++ b/scripts/mbedtls_dev/c_build_helper.py @@ -158,9 +158,8 @@ def get_c_expression_values( .format(caller, c_name)) else: os.remove(c_name) - if _cc_is_msvc: - os.remove(obj_name) output = subprocess.check_output([exe_name]) return output.decode('ascii').strip().split('\n') finally: remove_file_if_exists(exe_name) + remove_file_if_exists(obj_name) From 539f1432cdc301e2f7b9c8109bcc25f5c38cad78 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bence=20Sz=C3=A9pk=C3=BAti?= Date: Wed, 12 May 2021 10:28:30 +0200 Subject: [PATCH 183/188] Remove caching of cc_is_msvc MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Bence Szépkúti --- scripts/mbedtls_dev/c_build_helper.py | 20 +++++++------------- 1 file changed, 7 insertions(+), 13 deletions(-) diff --git a/scripts/mbedtls_dev/c_build_helper.py b/scripts/mbedtls_dev/c_build_helper.py index 833db465f2..18c1e76067 100644 --- a/scripts/mbedtls_dev/c_build_helper.py +++ b/scripts/mbedtls_dev/c_build_helper.py @@ -89,7 +89,6 @@ int main(void) } ''') -_cc_is_msvc = None #pylint: disable=invalid-name def get_c_expression_values( cast_to, printf_format, expressions, @@ -113,9 +112,6 @@ def get_c_expression_values( to ``cc``. If ``CC`` looks like MSVC, use its command line syntax, otherwise assume the compiler supports Unix traditional ``-I`` and ``-o``. - NOTE: This function only checks the identity of the compiler referred to by - ``CC`` on its first invocation, and caches the result. - Return the list of values of the ``expressions``. """ if include_path is None: @@ -135,17 +131,15 @@ def get_c_expression_values( cc = os.getenv('CC', 'cc') cmd = [cc] - global _cc_is_msvc #pylint: disable=global-statement,invalid-name - if _cc_is_msvc is None: - proc = subprocess.Popen(cmd, - stdout=subprocess.DEVNULL, - stderr=subprocess.PIPE, - universal_newlines=True) - _cc_is_msvc = 'Microsoft (R) C/C++ Optimizing Compiler' in \ - proc.communicate()[1] + proc = subprocess.Popen(cmd, + stdout=subprocess.DEVNULL, + stderr=subprocess.PIPE, + universal_newlines=True) + cc_is_msvc = 'Microsoft (R) C/C++ Optimizing Compiler' in \ + proc.communicate()[1] cmd += ['-I' + dir for dir in include_path] - if _cc_is_msvc: + if cc_is_msvc: # MSVC has deprecated using -o to specify the output file, # and produces an object file in the working directory by default. obj_name = exe_name[:-4] + '.obj' From e2f476e0fd1563e151c38da15b5bc71105d4d07e Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 18 May 2021 15:47:55 +0200 Subject: [PATCH 184/188] Avoid creating visualc/VS2010/*.bak.bak files This could happen if a previous run of check-generated-files failed. Signed-off-by: Gilles Peskine --- tests/scripts/check-generated-files.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/tests/scripts/check-generated-files.sh b/tests/scripts/check-generated-files.sh index ea0aadd110..07974a23e2 100755 --- a/tests/scripts/check-generated-files.sh +++ b/tests/scripts/check-generated-files.sh @@ -52,6 +52,7 @@ check() FILES="" if [ -d $TO_CHECK ]; then + rm -f "$TO_CHECK"/*.bak for FILE in $TO_CHECK/*; do FILES="$FILE $FILES" done From 94230eaf4153dfac761d2dcabe81ab80017e2ab1 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 18 May 2021 15:48:56 +0200 Subject: [PATCH 185/188] Fix `make generated_files` generating broken visualc files Ensure that the .c files that generate_visualc_files.pl enumerates are present before it runs. Otherwise, depending on the order in which make builds targets, running `make generated_files` from a fresh checkout could end up missing `library/error.c` and `library/version_features.c`. Signed-off-by: Gilles Peskine --- Makefile | 6 ++++++ tests/scripts/check-generated-files.sh | 3 +++ 2 files changed, 9 insertions(+) diff --git a/Makefile b/Makefile index a0c4386764..786ad86faf 100644 --- a/Makefile +++ b/Makefile @@ -40,6 +40,12 @@ generated_files: visualc_files VISUALC_FILES = visualc/VS2010/mbedTLS.sln visualc/VS2010/mbedTLS.vcxproj # TODO: $(app).vcxproj for each $(app) in programs/ visualc_files: $(VISUALC_FILES) + +# Ensure that the .c files that generate_visualc_files.pl enumerates are +# present before it runs. List the files explicitly, not via the +# library/generated_files indirection, because otherwise running +# make visualc_files would always consider the visualc files out of date. +$(VISUALC_FILES): library/error.c library/version_features.c $(VISUALC_FILES): scripts/generate_visualc_files.pl $(VISUALC_FILES): scripts/data_files/vs2010-app-template.vcxproj $(VISUALC_FILES): scripts/data_files/vs2010-main-template.vcxproj diff --git a/tests/scripts/check-generated-files.sh b/tests/scripts/check-generated-files.sh index 07974a23e2..b480837866 100755 --- a/tests/scripts/check-generated-files.sh +++ b/tests/scripts/check-generated-files.sh @@ -109,6 +109,9 @@ check() check scripts/generate_errors.pl library/error.c check scripts/generate_query_config.pl programs/test/query_config.c check scripts/generate_features.pl library/version_features.c +# generate_visualc_files enumerates source files (library/*.c). It doesn't +# care about their content, but the files must exist. So it must run after +# the step that creates or updates these files. check scripts/generate_visualc_files.pl visualc/VS2010 check scripts/generate_psa_constants.py programs/psa/psa_constant_names_generated.c check tests/scripts/generate_psa_tests.py $(tests/scripts/generate_psa_tests.py --list) From 67debb616103c68f259857909062804623a4bf0a Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 18 May 2021 16:09:50 +0200 Subject: [PATCH 186/188] Test check-generated-files.sh Re-create a component check_generated_files. Unlike the old one, which checked that the generated files were up-to-date, the job of the new one is to check that tests/scripts/check-generated-files.sh works (at least to the extent of not errorring out). Signed-off-by: Gilles Peskine --- tests/scripts/all.sh | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 30ecd315bc..3cd945656d 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -676,6 +676,26 @@ component_check_recursion () { record_status tests/scripts/recursion.pl library/*.c } +component_check_generated_files () { + msg "Check: check-generated-files, files generated with make" # 2s + make generated_files + record_status tests/scripts/check-generated-files.sh + + msg "Check: check-generated-files -u, files present" # 2s + record_status tests/scripts/check-generated-files.sh -u + # Check that the generated files are considered up to date. + record_status tests/scripts/check-generated-files.sh + + msg "Check: check-generated-files -u, files absent" # 2s + command make neat + record_status tests/scripts/check-generated-files.sh -u + # Check that the generated files are considered up to date. + record_status tests/scripts/check-generated-files.sh + + # This component ends with the generated files present in the source tree. + # This is necessary for subsequent components! +} + component_check_doxy_blocks () { msg "Check: doxygen markup outside doxygen blocks" # < 1s record_status tests/scripts/check-doxy-blocks.pl From 7ca4ff677d78baba9c13bf34be4691eb9c9e85d9 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 18 May 2021 16:14:28 +0200 Subject: [PATCH 187/188] Remove Git pre-commit hook Since generated files are no longer stored in the repository, they don't need to be up-to-date before committing. Signed-off-by: Gilles Peskine --- tests/git-scripts/pre-commit.sh | 34 --------------------------------- 1 file changed, 34 deletions(-) delete mode 100755 tests/git-scripts/pre-commit.sh diff --git a/tests/git-scripts/pre-commit.sh b/tests/git-scripts/pre-commit.sh deleted file mode 100755 index fb28dad91f..0000000000 --- a/tests/git-scripts/pre-commit.sh +++ /dev/null @@ -1,34 +0,0 @@ -#!/bin/sh - -# pre-commit.sh -# -# Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# Purpose -# -# This script does quick sanity checks before commiting: -# - check that generated files are up-to-date. -# -# It is meant to be called as a git pre-commit hook, see README.md. -# -# From the git sample pre-commit hook: -# Called by "git commit" with no arguments. The hook should -# exit with non-zero status after issuing an appropriate message if -# it wants to stop the commit. - -set -eu - -tests/scripts/check-generated-files.sh From a13deaf98610c1d3c24549fb9d30476171501143 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 19 May 2021 14:26:37 +0200 Subject: [PATCH 188/188] Use an order-only dependency the presence matters but not the content Signed-off-by: Gilles Peskine --- Makefile | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/Makefile b/Makefile index 786ad86faf..ad82c0fbde 100644 --- a/Makefile +++ b/Makefile @@ -42,10 +42,9 @@ VISUALC_FILES = visualc/VS2010/mbedTLS.sln visualc/VS2010/mbedTLS.vcxproj visualc_files: $(VISUALC_FILES) # Ensure that the .c files that generate_visualc_files.pl enumerates are -# present before it runs. List the files explicitly, not via the -# library/generated_files indirection, because otherwise running -# make visualc_files would always consider the visualc files out of date. -$(VISUALC_FILES): library/error.c library/version_features.c +# present before it runs. It doesn't matter if the files aren't up-to-date, +# they just need to be present. +$(VISUALC_FILES): | library/generated_files $(VISUALC_FILES): scripts/generate_visualc_files.pl $(VISUALC_FILES): scripts/data_files/vs2010-app-template.vcxproj $(VISUALC_FILES): scripts/data_files/vs2010-main-template.vcxproj