Merge branch 'development' into convert_NO_SHA384_to_positive

Conflicts: library/version_features.c programs/test/query_config.c Files were removed in development branch and modified by current branch. Conflicts fixes by removing them.
2025-08-08 17:42:09 +03:00 · 2021-05-20 14:18:12 +02:00
parent 3489cc1433 085e94f4f7
commit 17011a3185
168 changed files with 5718 additions and 18419 deletions
--- a/scripts/assemble_changelog.py
+++ b/scripts/assemble_changelog.py
@@ -63,15 +63,15 @@ class LostContent(Exception):
 # The category names we use in the changelog.
 # If you edit this, update ChangeLog.d/README.md.
 STANDARD_CATEGORIES = (
-    b'API changes',
-    b'Default behavior changes',
-    b'Requirement changes',
-    b'New deprecations',
-    b'Removals',
-    b'Features',
-    b'Security',
-    b'Bugfix',
-    b'Changes',
+    'API changes',
+    'Default behavior changes',
+    'Requirement changes',
+    'New deprecations',
+    'Removals',
+    'Features',
+    'Security',
+    'Bugfix',
+    'Changes',
 )

 # The maximum line length for an entry
@@ -122,13 +122,13 @@ class ChangelogFormat:
 class TextChangelogFormat(ChangelogFormat):
    """The traditional Mbed TLS changelog format."""

-    _unreleased_version_text = b'= mbed TLS x.x.x branch released xxxx-xx-xx'
+    _unreleased_version_text = '= mbed TLS x.x.x branch released xxxx-xx-xx'
    @classmethod
    def is_released_version(cls, title):
        # Look for an incomplete release date
-        return not re.search(br'[0-9x]{4}-[0-9x]{2}-[0-9x]?x', title)
+        return not re.search(r'[0-9x]{4}-[0-9x]{2}-[0-9x]?x', title)

-    _top_version_re = re.compile(br'(?:\A|\n)(=[^\n]*\n+)(.*?\n)(?:=|$)',
+    _top_version_re = re.compile(r'(?:\A|\n)(=[^\n]*\n+)(.*?\n)(?:=|$)',
                                 re.DOTALL)
    @classmethod
    def extract_top_version(cls, changelog_file_content):
@@ -140,17 +140,17 @@ class TextChangelogFormat(ChangelogFormat):
        top_version_body = m.group(2)
        if cls.is_released_version(top_version_title):
            top_version_end = top_version_start
-            top_version_title = cls._unreleased_version_text + b'\n\n'
-            top_version_body = b''
+            top_version_title = cls._unreleased_version_text + '\n\n'
+            top_version_body = ''
        return (changelog_file_content[:top_version_start],
                top_version_title, top_version_body,
                changelog_file_content[top_version_end:])

    @classmethod
    def version_title_text(cls, version_title):
-        return re.sub(br'\n.*', version_title, re.DOTALL)
+        return re.sub(r'\n.*', version_title, re.DOTALL)

-    _category_title_re = re.compile(br'(^\w.*)\n+', re.MULTILINE)
+    _category_title_re = re.compile(r'(^\w.*)\n+', re.MULTILINE)
    @classmethod
    def split_categories(cls, version_body):
        """A category title is a line with the title in column 0."""
@@ -163,10 +163,10 @@ class TextChangelogFormat(ChangelogFormat):
        title_starts = [m.start(1) for m in title_matches]
        body_starts = [m.end(0) for m in title_matches]
        body_ends = title_starts[1:] + [len(version_body)]
-        bodies = [version_body[body_start:body_end].rstrip(b'\n') + b'\n'
+        bodies = [version_body[body_start:body_end].rstrip('\n') + '\n'
                  for (body_start, body_end) in zip(body_starts, body_ends)]
-        title_lines = [version_body[:pos].count(b'\n') for pos in title_starts]
-        body_lines = [version_body[:pos].count(b'\n') for pos in body_starts]
+        title_lines = [version_body[:pos].count('\n') for pos in title_starts]
+        body_lines = [version_body[:pos].count('\n') for pos in body_starts]
        return [CategoryContent(title_match.group(1), title_line,
                                body, body_line)
                for title_match, title_line, body, body_line
@@ -176,9 +176,9 @@ class TextChangelogFormat(ChangelogFormat):
    def format_category(cls, title, body):
        # `split_categories` ensures that each body ends with a newline.
        # Make sure that there is additionally a blank line between categories.
-        if not body.endswith(b'\n\n'):
-            body += b'\n'
-        return title + b'\n' + body
+        if not body.endswith('\n\n'):
+            body += '\n'
+        return title + '\n' + body

 class ChangeLog:
    """An Mbed TLS changelog.
@@ -199,10 +199,10 @@ class ChangeLog:
    # Only accept dotted version numbers (e.g. "3.1", not "3").
    # Refuse ".x" in a version number where x is a letter: this indicates
    # a version that is not yet released. Something like "3.1a" is accepted.
-    _version_number_re = re.compile(br'[0-9]+\.[0-9A-Za-z.]+')
-    _incomplete_version_number_re = re.compile(br'.*\.[A-Za-z]')
-    _only_url_re = re.compile(br'^\s*\w+://\S+\s*$')
-    _has_url_re = re.compile(br'.*://.*')
+    _version_number_re = re.compile(r'[0-9]+\.[0-9A-Za-z.]+')
+    _incomplete_version_number_re = re.compile(r'.*\.[A-Za-z]')
+    _only_url_re = re.compile(r'^\s*\w+://\S+\s*$')
+    _has_url_re = re.compile(r'.*://.*')

    def add_categories_from_text(self, filename, line_offset,
                                 text, allow_unknown_category):
@@ -218,7 +218,7 @@ class ChangeLog:
                raise InputFormatError(filename,
                                       line_offset + category.title_line,
                                       'Unknown category: "{}"',
-                                       category.name.decode('utf8'))
+                                       category.name)

            body_split = category.body.splitlines()

@@ -250,8 +250,8 @@ class ChangeLog:
        # Split the top version section into categories.
        self.categories = OrderedDict()
        for category in STANDARD_CATEGORIES:
-            self.categories[category] = b''
-        offset = (self.header + self.top_version_title).count(b'\n') + 1
+            self.categories[category] = ''
+        offset = (self.header + self.top_version_title).count('\n') + 1
        self.add_categories_from_text(input_stream.name, offset,
                                      top_version_body, True)

@@ -264,7 +264,7 @@ class ChangeLog:
    def write(self, filename):
        """Write the changelog to the specified file.
        """
-        with open(filename, 'wb') as out:
+        with open(filename, 'w', encoding='utf-8') as out:
            out.write(self.header)
            out.write(self.top_version_title)
            for title, body in self.categories.items():
@@ -303,7 +303,7 @@ class EntryFileSortKey:
        hashes = subprocess.check_output(['git', 'log', '--format=%H',
                                          '--follow',
                                          '--', filename])
-        m = re.search(b'(.+)$', hashes)
+        m = re.search('(.+)$', hashes.decode('ascii'))
        if not m:
            # The git output is empty. This means that the file was
            # never checked in.
@@ -320,8 +320,8 @@ class EntryFileSortKey:
        """
        text = subprocess.check_output(['git', 'rev-list',
                                        '--merges', *options,
-                                        b'..'.join([some_hash, target])])
-        return text.rstrip(b'\n').split(b'\n')
+                                        '..'.join([some_hash, target])])
+        return text.decode('ascii').rstrip('\n').split('\n')

    @classmethod
    def merge_hash(cls, some_hash):
@@ -329,7 +329,7 @@ class EntryFileSortKey:

        Return None if the given commit was never merged.
        """
-        target = b'HEAD'
+        target = 'HEAD'
        # List the merges from some_hash to the target in two ways.
        # The ancestry list is the ones that are both descendants of
        # some_hash and ancestors of the target.
@@ -407,12 +407,12 @@ def check_output(generated_output_file, main_input_file, merged_files):
    is also present in an output file. This is not perfect but good enough
    for now.
    """
-    generated_output = set(open(generated_output_file, 'rb'))
-    for line in open(main_input_file, 'rb'):
+    generated_output = set(open(generated_output_file, 'r', encoding='utf-8'))
+    for line in open(main_input_file, 'r', encoding='utf-8'):
        if line not in generated_output:
            raise LostContent('original file', line)
    for merged_file in merged_files:
-        for line in open(merged_file, 'rb'):
+        for line in open(merged_file, 'r', encoding='utf-8'):
            if line not in generated_output:
                raise LostContent(merged_file, line)

@@ -455,14 +455,14 @@ def merge_entries(options):
    Write the new changelog to options.output.
    Remove the merged entries if options.keep_entries is false.
    """
-    with open(options.input, 'rb') as input_file:
+    with open(options.input, 'r', encoding='utf-8') as input_file:
        changelog = ChangeLog(input_file, TextChangelogFormat)
    files_to_merge = list_files_to_merge(options)
    if not files_to_merge:
        sys.stderr.write('There are no pending changelog entries.\n')
        return
    for filename in files_to_merge:
-        with open(filename, 'rb') as input_file:
+        with open(filename, 'r', encoding='utf-8') as input_file:
            changelog.add_file(input_file)
    finish_output(changelog, options.output, options.input, files_to_merge)
    if not options.keep_entries:
--- a/scripts/config.py
+++ b/scripts/config.py
@@ -193,7 +193,6 @@ EXCLUDE_FROM_FULL = frozenset([
    'MBEDTLS_RSA_NO_CRT', # influences the use of RSA in X.509 and TLS
    'MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN', # build dependency (clang+memsan)
    'MBEDTLS_TEST_CONSTANT_FLOW_VALGRIND', # build dependency (valgrind headers)
-    'MBEDTLS_TEST_NULL_ENTROPY', # removes a feature
    'MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION', # influences the use of X.509 in TLS
    'MBEDTLS_X509_REMOVE_INFO', # removes a feature
 ])
--- a/scripts/generate_errors.pl
+++ b/scripts/generate_errors.pl
@@ -56,7 +56,7 @@ my @high_level_modules = qw( CIPHER DHM ECP MD
 my $line_separator = $/;
 undef $/;

-open(FORMAT_FILE, "$error_format_file") or die "Opening error format file '$error_format_file': $!";
+open(FORMAT_FILE, '<:crlf', "$error_format_file") or die "Opening error format file '$error_format_file': $!";
 my $error_format = <FORMAT_FILE>;
 close(FORMAT_FILE);

@@ -66,7 +66,7 @@ my @files = <$include_dir/*.h>;
 my @necessary_include_files;
 my @matches;
 foreach my $file (@files) {
-    open(FILE, "$file");
+    open(FILE, '<:crlf', "$file");
    my @grep_res = grep(/^\s*#define\s+MBEDTLS_ERR_\w+\s+\-0x[0-9A-Fa-f]+/, <FILE>);
    push(@matches, @grep_res);
    close FILE;
--- a/scripts/generate_features.pl
+++ b/scripts/generate_features.pl
@@ -45,13 +45,13 @@ my @sections = ( "System support", "mbed TLS modules",
 my $line_separator = $/;
 undef $/;

-open(FORMAT_FILE, "$feature_format_file") or die "Opening feature format file '$feature_format_file': $!";
+open(FORMAT_FILE, '<:crlf', "$feature_format_file") or die "Opening feature format file '$feature_format_file': $!";
 my $feature_format = <FORMAT_FILE>;
 close(FORMAT_FILE);

 $/ = $line_separator;

-open(CONFIG_H, "$include_dir/config.h") || die("Failure when opening config.h: $!");
+open(CONFIG_H, '<:crlf', "$include_dir/config.h") || die("Failure when opening config.h: $!");

 my $feature_defines = "";
 my $in_section = 0;
--- a/scripts/generate_psa_constants.py
+++ b/scripts/generate_psa_constants.py
@@ -29,6 +29,7 @@ file is written:
 import os
 import sys

+from mbedtls_dev import build_tree
 from mbedtls_dev import macro_collector

 OUTPUT_TEMPLATE = '''\
@@ -335,8 +336,7 @@ def generate_psa_constants(header_file_names, output_file_name):
    os.replace(temp_file_name, output_file_name)

 if __name__ == '__main__':
-    if not os.path.isdir('programs') and os.path.isdir('../programs'):
-        os.chdir('..')
+    build_tree.chdir_to_root()
    # Allow to change the directory where psa_constant_names_generated.c is written to.
    OUTPUT_FILE_DIR = sys.argv[1] if len(sys.argv) == 2 else "programs/psa"
    generate_psa_constants(['include/psa/crypto_values.h',
--- a/scripts/generate_query_config.pl
+++ b/scripts/generate_query_config.pl
@@ -38,6 +38,12 @@ my $config_file = "./include/mbedtls/config.h";
 my $query_config_format_file = "./scripts/data_files/query_config.fmt";
 my $query_config_file = "./programs/test/query_config.c";

+unless( -f $config_file && -f $query_config_format_file ) {
+    chdir '..' or die;
+    -f $config_file && -f $query_config_format_file
+      or die "Without arguments, must be run from root or a subdirectory\n";
+}
+
 # Excluded macros from the generated query_config.c. For example, macros that
 # have commas or function-like macros cannot be transformed into strings easily
 # using the preprocessor, so they should be excluded or the preprocessor will
--- a/scripts/generate_visualc_files.pl
+++ b/scripts/generate_visualc_files.pl
@@ -79,31 +79,30 @@ my @excluded_files = qw(
 my %excluded_files = ();
 foreach (@excluded_files) { $excluded_files{$_} = 1 }

-# Need windows line endings!
 my $vsx_hdr_tpl = <<EOT;
-    <ClInclude Include="..\\..\\{NAME}" />\r
+    <ClInclude Include="..\\..\\{NAME}" />
 EOT
 my $vsx_src_tpl = <<EOT;
-    <ClCompile Include="..\\..\\{NAME}" />\r
+    <ClCompile Include="..\\..\\{NAME}" />
 EOT

 my $vsx_sln_app_entry_tpl = <<EOT;
-Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "{APPNAME}", "{APPNAME}.vcxproj", "{GUID}"\r
-	ProjectSection(ProjectDependencies) = postProject\r
-		{46CF2D25-6A36-4189-B59C-E4815388E554} = {46CF2D25-6A36-4189-B59C-E4815388E554}\r
-	EndProjectSection\r
-EndProject\r
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "{APPNAME}", "{APPNAME}.vcxproj", "{GUID}"
+	ProjectSection(ProjectDependencies) = postProject
+		{46CF2D25-6A36-4189-B59C-E4815388E554} = {46CF2D25-6A36-4189-B59C-E4815388E554}
+	EndProjectSection
+EndProject
 EOT

 my $vsx_sln_conf_entry_tpl = <<EOT;
-		{GUID}.Debug|Win32.ActiveCfg = Debug|Win32\r
-		{GUID}.Debug|Win32.Build.0 = Debug|Win32\r
-		{GUID}.Debug|x64.ActiveCfg = Debug|x64\r
-		{GUID}.Debug|x64.Build.0 = Debug|x64\r
-		{GUID}.Release|Win32.ActiveCfg = Release|Win32\r
-		{GUID}.Release|Win32.Build.0 = Release|Win32\r
-		{GUID}.Release|x64.ActiveCfg = Release|x64\r
-		{GUID}.Release|x64.Build.0 = Release|x64\r
+		{GUID}.Debug|Win32.ActiveCfg = Debug|Win32
+		{GUID}.Debug|Win32.Build.0 = Debug|Win32
+		{GUID}.Debug|x64.ActiveCfg = Debug|x64
+		{GUID}.Debug|x64.Build.0 = Debug|x64
+		{GUID}.Release|Win32.ActiveCfg = Release|Win32
+		{GUID}.Release|Win32.Build.0 = Release|Win32
+		{GUID}.Release|x64.ActiveCfg = Release|x64
+		{GUID}.Release|x64.Build.0 = Release|x64
 EOT

 exit( main() );
@@ -127,7 +126,7 @@ sub slurp_file {
    my ($filename) = @_;

    local $/ = undef;
-    open my $fh, '<', $filename or die "Could not read $filename\n";
+    open my $fh, '<:crlf', $filename or die "Could not read $filename\n";
    my $content = <$fh>;
    close $fh;

@@ -137,7 +136,7 @@ sub slurp_file {
 sub content_to_file {
    my ($content, $filename) = @_;

-    open my $fh, '>', $filename or die "Could not write to $filename\n";
+    open my $fh, '>:crlf', $filename or die "Could not write to $filename\n";
    print $fh $content;
    close $fh;
 }
@@ -161,26 +160,26 @@ sub gen_app {
    my $srcs = "<ClCompile Include=\"..\\..\\programs\\$path.c\" \/>";
    if( $appname eq "ssl_client2" or $appname eq "ssl_server2" or
        $appname eq "query_compile_time_config" ) {
-        $srcs .= "\r\n    <ClCompile Include=\"..\\..\\programs\\test\\query_config.c\" \/>";
+        $srcs .= "\n    <ClCompile Include=\"..\\..\\programs\\test\\query_config.c\" \/>";
    }
    if( $appname eq "ssl_client2" or $appname eq "ssl_server2" ) {
-        $srcs .= "\r\n    <ClCompile Include=\"..\\..\\programs\\ssl\\ssl_test_lib.c\" \/>";
+        $srcs .= "\n    <ClCompile Include=\"..\\..\\programs\\ssl\\ssl_test_lib.c\" \/>";
    }

    my $content = $template;
    $content =~ s/<SOURCES>/$srcs/g;
    $content =~ s/<APPNAME>/$appname/g;
    $content =~ s/<GUID>/$guid/g;
-    $content =~ s/INCLUDE_DIRECTORIES\r\n/$include_directories/g;
+    $content =~ s/INCLUDE_DIRECTORIES\n/$include_directories/g;

    content_to_file( $content, "$dir/$appname.$ext" );
 }

 sub get_app_list {
-    my $app_list = `cd $programs_dir && make list`;
-    die "make list failed: $!\n" if $?;
-
-    return split /\s+/, $app_list;
+    my $makefile_contents = slurp_file('programs/Makefile');
+    $makefile_contents =~ /\n\s*APPS\s*=[\\\s]*(.*?)(?<!\\)[\#\n]/s
+      or die "Cannot find APPS = ... in programs/Makefile\n";
+    return split /(?:\s|\\)+/, $1;
 }

 sub gen_app_files {
@@ -214,9 +213,9 @@ sub gen_main_file {
    my $source_entries = gen_entry_list( $src_tpl, @$sources );

    my $out = slurp_file( $main_tpl );
-    $out =~ s/SOURCE_ENTRIES\r\n/$source_entries/m;
-    $out =~ s/HEADER_ENTRIES\r\n/$header_entries/m;
-    $out =~ s/INCLUDE_DIRECTORIES\r\n/$library_include_directories/g;
+    $out =~ s/SOURCE_ENTRIES\n/$source_entries/m;
+    $out =~ s/HEADER_ENTRIES\n/$header_entries/m;
+    $out =~ s/INCLUDE_DIRECTORIES\n/$library_include_directories/g;

    content_to_file( $out, $main_out );
 }
@@ -242,8 +241,8 @@ sub gen_vsx_solution {
    }

    my $out = slurp_file( $vsx_sln_tpl_file );
-    $out =~ s/APP_ENTRIES\r\n/$app_entries/m;
-    $out =~ s/CONF_ENTRIES\r\n/$conf_entries/m;
+    $out =~ s/APP_ENTRIES\n/$app_entries/m;
+    $out =~ s/CONF_ENTRIES\n/$conf_entries/m;

    content_to_file( $out, $vsx_sln_file );
 }
--- a/scripts/make_generated_files.bat
+++ b/scripts/make_generated_files.bat
@@ -0,0 +1,9 @@
+@rem Generate automatically-generated configuration-independent source files
+@rem and build scripts.
+@rem Perl and Python 3 must be on the PATH.
+perl scripts\generate_errors.pl || exit /b 1
+perl scripts\generate_query_config.pl || exit /b 1
+perl scripts\generate_features.pl || exit /b 1
+perl scripts\generate_visualc_files.pl || exit /b 1
+python scripts\generate_psa_constants.py || exit /b 1
+python tests\scripts\generate_psa_tests.py || exit /b 1
--- a/scripts/mbedtls_dev/build_tree.py
+++ b/scripts/mbedtls_dev/build_tree.py
@@ -0,0 +1,38 @@
+"""Mbed TLS build tree information and manipulation.
+"""
+
+# Copyright The Mbed TLS Contributors
+# SPDX-License-Identifier: Apache-2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+import os
+
+def looks_like_mbedtls_root(path: str) -> bool:
+    """Whether the given directory looks like the root of the Mbed TLS source tree."""
+    return all(os.path.isdir(os.path.join(path, subdir))
+               for subdir in ['include', 'library', 'programs', 'tests'])
+
+def chdir_to_root() -> None:
+    """Detect the root of the Mbed TLS source tree and change to it.
+
+    The current directory must be up to two levels deep inside an Mbed TLS
+    source tree.
+    """
+    for d in [os.path.curdir,
+              os.path.pardir,
+              os.path.join(os.path.pardir, os.path.pardir)]:
+        if looks_like_mbedtls_root(d):
+            os.chdir(d)
+            return
+    raise Exception('Mbed TLS source tree not found')
--- a/scripts/mbedtls_dev/c_build_helper.py
+++ b/scripts/mbedtls_dev/c_build_helper.py
@@ -95,7 +95,7 @@ def get_c_expression_values(
        caller=__name__, file_label='',
        header='', include_path=None,
        keep_c=False,
-): # pylint: disable=too-many-arguments
+): # pylint: disable=too-many-arguments, too-many-locals
    """Generate and run a program to print out numerical values for expressions.

    * ``cast_to``: a C type.
@@ -108,12 +108,17 @@ def get_c_expression_values(
    * ``keep_c``: if true, keep the temporary C file (presumably for debugging
      purposes).

+    Use the C compiler specified by the ``CC`` environment variable, defaulting
+    to ``cc``. If ``CC`` looks like MSVC, use its command line syntax,
+    otherwise assume the compiler supports Unix traditional ``-I`` and ``-o``.
+
    Return the list of values of the ``expressions``.
    """
    if include_path is None:
        include_path = []
    c_name = None
    exe_name = None
+    obj_name = None
    try:
        c_file, c_name, exe_name = create_c_file(file_label)
        generate_c_file(
@@ -124,9 +129,24 @@ def get_c_expression_values(
        )
        c_file.close()
        cc = os.getenv('CC', 'cc')
-        subprocess.check_call([cc] +
-                              ['-I' + dir for dir in include_path] +
-                              ['-o', exe_name, c_name])
+        cmd = [cc]
+
+        proc = subprocess.Popen(cmd,
+                                stdout=subprocess.DEVNULL,
+                                stderr=subprocess.PIPE,
+                                universal_newlines=True)
+        cc_is_msvc = 'Microsoft (R) C/C++ Optimizing Compiler' in \
+                      proc.communicate()[1]
+
+        cmd += ['-I' + dir for dir in include_path]
+        if cc_is_msvc:
+            # MSVC has deprecated using -o to specify the output file,
+            # and produces an object file in the working directory by default.
+            obj_name = exe_name[:-4] + '.obj'
+            cmd += ['-Fe' + exe_name, '-Fo' + obj_name]
+        else:
+            cmd += ['-o' + exe_name]
+        subprocess.check_call(cmd + [c_name])
        if keep_c:
            sys.stderr.write('List of {} tests kept at {}\n'
                             .format(caller, c_name))
@@ -136,3 +156,4 @@ def get_c_expression_values(
        return output.decode('ascii').strip().split('\n')
    finally:
        remove_file_if_exists(exe_name)
+        remove_file_if_exists(obj_name)
--- a/scripts/mbedtls_dev/crypto_knowledge.py
+++ b/scripts/mbedtls_dev/crypto_knowledge.py
@@ -89,6 +89,9 @@ class KeyType:
        'PSA_KEY_TYPE_DERIVE': (120, 128), # sample
        'PSA_KEY_TYPE_DES': (64, 128, 192), # exhaustive
        'PSA_KEY_TYPE_HMAC': (128, 160, 224, 256, 384, 512), # standard size for each supported hash
+        'PSA_KEY_TYPE_PASSWORD': (48, 168, 336), # sample
+        'PSA_KEY_TYPE_PASSWORD_HASH': (128, 256), # sample
+        'PSA_KEY_TYPE_PEPPER': (128, 256), # sample
        'PSA_KEY_TYPE_RAW_DATA': (8, 40, 128), # sample
        'PSA_KEY_TYPE_RSA_KEY_PAIR': (1024, 1536), # small sample
    }