From 678e0fb3e538e75c141c554aecaaaf2f3ac3a0f1 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Fri, 14 Jun 2024 07:49:05 +0200 Subject: [PATCH 01/35] psa: allow to use static key buffers instead of dynamic ones This helps reducing heap memory usage and, if heap memory is not used anywhere else in an embedded device, it also reduces code footprint since there is no need for heap management code in this case. A new build symbol is added for this purpose, named MBEDTLS_PSA_STATIC_KEY_SLOTS. It's disabled by default so that normal usage of Mbed TLS library is not affected. Signed-off-by: Valerio Setti --- include/mbedtls/mbedtls_config.h | 33 ++++++++++++++++++++++++ scripts/config.py | 2 ++ tf-psa-crypto/core/psa_crypto.c | 33 ++++++++++++++++++++++-- tf-psa-crypto/core/psa_crypto_core.h | 11 ++++++++ tf-psa-crypto/drivers/builtin/src/pk.c | 4 --- tf-psa-crypto/include/psa/crypto_sizes.h | 25 ++++++++++++++++++ 6 files changed, 102 insertions(+), 6 deletions(-) diff --git a/include/mbedtls/mbedtls_config.h b/include/mbedtls/mbedtls_config.h index 80009c043b..02b66344a8 100644 --- a/include/mbedtls/mbedtls_config.h +++ b/include/mbedtls/mbedtls_config.h @@ -3066,6 +3066,39 @@ */ #define MBEDTLS_PSA_ITS_FILE_C +/** + * \def MBEDTLS_PSA_STATIC_KEY_SLOTS + * + * Statically preallocate all key slot buffers to store volatile keys in PSA + * instead of allocating them dynamically when required. This helps reducing + * heap memory usage as well as heap management code's footprint in embedded + * devices. + * + * \note This feature comes with a (potentially) higher RAM usage since: + * - All the key slots are allocated no matter if they are used of not. + * - Each key slot's length is as large as the largest key type supported + * in the build. + * + * Requires: MBEDTLS_PSA_CRYPTO_C + * + */ +//#define MBEDTLS_PSA_STATIC_KEY_SLOTS + +/** + * \def MBEDTLS_PSA_STATIC_KEY_SLOTS + * + * Optionally define the size (in bytes) of each static key slot. If not + * explicitly defined then it's automatically set to hold the maximum + * asymmetric PSA key enabled in the build (through PSA_WANT_xxx symbols). + * If required by the application this parameter can be set to higher values + * in order to store larger objects (ex: raw keys), but please note that this + * will increase RAM usage. + * + * Requires: MBEDTLS_PSA_STATIC_KEY_SLOTS + * + */ +//#define MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE 256 + /** * \def MBEDTLS_RIPEMD160_C * diff --git a/scripts/config.py b/scripts/config.py index beeb5e27e0..9667f4d727 100755 --- a/scripts/config.py +++ b/scripts/config.py @@ -110,6 +110,8 @@ EXCLUDE_FROM_FULL = frozenset([ 'MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN', # build dependency (clang+memsan) 'MBEDTLS_TEST_CONSTANT_FLOW_VALGRIND', # build dependency (valgrind headers) 'MBEDTLS_X509_REMOVE_INFO', # removes a feature + 'MBEDTLS_PSA_STATIC_KEY_SLOTS', # only relevant for embedded devices + 'MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE', # only relevant for embedded devices *PSA_UNSUPPORTED_FEATURE, *PSA_DEPRECATED_FEATURE, *PSA_UNSTABLE_FEATURE diff --git a/tf-psa-crypto/core/psa_crypto.c b/tf-psa-crypto/core/psa_crypto.c index d1c93fd215..fcc342fea9 100644 --- a/tf-psa-crypto/core/psa_crypto.c +++ b/tf-psa-crypto/core/psa_crypto.c @@ -705,6 +705,17 @@ MBEDTLS_STATIC_TESTABLE psa_status_t psa_mac_key_can_do( psa_status_t psa_allocate_buffer_to_slot(psa_key_slot_t *slot, size_t buffer_length) { +#if defined(MBEDTLS_PSA_STATIC_KEY_SLOTS) + if (slot->key.in_use) { + return PSA_ERROR_ALREADY_EXISTS; + } + + if (buffer_length > ((size_t) MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE)) { + return PSA_ERROR_NOT_SUPPORTED; + } + + slot->key.in_use = 1; +#else if (slot->key.data != NULL) { return PSA_ERROR_ALREADY_EXISTS; } @@ -713,6 +724,7 @@ psa_status_t psa_allocate_buffer_to_slot(psa_key_slot_t *slot, if (slot->key.data == NULL) { return PSA_ERROR_INSUFFICIENT_MEMORY; } +#endif slot->key.bytes = buffer_length; return PSA_SUCCESS; @@ -1177,11 +1189,16 @@ static psa_status_t psa_get_and_lock_transparent_key_slot_with_policy( psa_status_t psa_remove_key_data_from_memory(psa_key_slot_t *slot) { +#if defined(MBEDTLS_PSA_STATIC_KEY_SLOTS) + slot->key.in_use = 0; +#else /* MBEDTLS_PSA_STATIC_KEY_SLOTS */ if (slot->key.data != NULL) { mbedtls_zeroize_and_free(slot->key.data, slot->key.bytes); } slot->key.data = NULL; +#endif /* MBEDTLS_PSA_STATIC_KEY_SLOTS */ + slot->key.bytes = 0; return PSA_SUCCESS; @@ -2096,7 +2113,13 @@ psa_status_t psa_import_key(const psa_key_attributes_t *attributes, * storage ( thus not in the case of importing a key in a secure element * with storage ( MBEDTLS_PSA_CRYPTO_SE_C ) ),we have to allocate a * buffer to hold the imported key material. */ - if (slot->key.data == NULL) { +#if defined(MBEDTLS_PSA_STATIC_KEY_SLOTS) + int is_slot_unused = (slot->key.in_use == 0); +#else + int is_slot_unused = (slot->key.data == NULL); +#endif + + if (is_slot_unused) { if (psa_key_lifetime_is_external(attributes->lifetime)) { status = psa_driver_wrapper_get_key_buffer_size_from_key_data( attributes, data, data_length, &storage_size); @@ -8030,7 +8053,13 @@ psa_status_t psa_generate_key_custom(const psa_key_attributes_t *attributes, * storage ( thus not in the case of generating a key in a secure element * with storage ( MBEDTLS_PSA_CRYPTO_SE_C ) ),we have to allocate a * buffer to hold the generated key material. */ - if (slot->key.data == NULL) { +#if defined(MBEDTLS_PSA_STATIC_KEY_SLOTS) + int is_slot_unused = (slot->key.in_use == 0); +#else + int is_slot_unused = (slot->key.data == NULL); +#endif + + if (is_slot_unused) { if (PSA_KEY_LIFETIME_GET_LOCATION(attributes->lifetime) == PSA_KEY_LOCATION_LOCAL_STORAGE) { status = psa_validate_key_type_and_size_for_key_generation( diff --git a/tf-psa-crypto/core/psa_crypto_core.h b/tf-psa-crypto/core/psa_crypto_core.h index 21e7559f01..5f59697612 100644 --- a/tf-psa-crypto/core/psa_crypto_core.h +++ b/tf-psa-crypto/core/psa_crypto_core.h @@ -55,6 +55,12 @@ typedef enum { PSA_SLOT_PENDING_DELETION, } psa_key_slot_state_t; +/* If the size of static key slots is not explicitly defined by the user, then + * set it to PSA_EXPORT_KEY_PAIR_OR_PUBLIC_MAX_SIZE. */ +#if !defined(MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE) +#define MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE (PSA_EXPORT_KEY_PAIR_OR_PUBLIC_MAX_SIZE) +#endif /* !MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE*/ + /** The data structure representing a key slot, containing key material * and metadata for one key. */ @@ -155,7 +161,12 @@ typedef struct { /* Dynamically allocated key data buffer. * Format as specified in psa_export_key(). */ struct key_data { +#if defined(MBEDTLS_PSA_STATIC_KEY_SLOTS) + int in_use; + uint8_t data[MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE]; +#else /* MBEDTLS_PSA_STATIC_KEY_SLOTS */ uint8_t *data; +#endif /* MBEDTLS_PSA_STATIC_KEY_SLOTS */ size_t bytes; } key; } psa_key_slot_t; diff --git a/tf-psa-crypto/drivers/builtin/src/pk.c b/tf-psa-crypto/drivers/builtin/src/pk.c index 28b4e7a65a..44760d080e 100644 --- a/tf-psa-crypto/drivers/builtin/src/pk.c +++ b/tf-psa-crypto/drivers/builtin/src/pk.c @@ -35,10 +35,6 @@ #include #include -#define PSA_EXPORT_KEY_PAIR_OR_PUBLIC_MAX_SIZE \ - (PSA_EXPORT_KEY_PAIR_MAX_SIZE > PSA_EXPORT_PUBLIC_KEY_MAX_SIZE) ? \ - PSA_EXPORT_KEY_PAIR_MAX_SIZE : PSA_EXPORT_PUBLIC_KEY_MAX_SIZE - /* * Initialise a mbedtls_pk_context */ diff --git a/tf-psa-crypto/include/psa/crypto_sizes.h b/tf-psa-crypto/include/psa/crypto_sizes.h index 635ee98f80..892bfa3e7f 100644 --- a/tf-psa-crypto/include/psa/crypto_sizes.h +++ b/tf-psa-crypto/include/psa/crypto_sizes.h @@ -1038,6 +1038,10 @@ PSA_KEY_EXPORT_FFDH_PUBLIC_KEY_MAX_SIZE(PSA_VENDOR_FFDH_MAX_KEY_BITS) #endif +#define PSA_EXPORT_KEY_PAIR_OR_PUBLIC_MAX_SIZE \ + (PSA_EXPORT_KEY_PAIR_MAX_SIZE > PSA_EXPORT_PUBLIC_KEY_MAX_SIZE) ? \ + PSA_EXPORT_KEY_PAIR_MAX_SIZE : PSA_EXPORT_PUBLIC_KEY_MAX_SIZE + /** Sufficient output buffer size for psa_raw_key_agreement(). * * This macro returns a compile-time constant if its arguments are @@ -1085,6 +1089,27 @@ #define PSA_RAW_KEY_AGREEMENT_OUTPUT_MAX_SIZE PSA_BITS_TO_BYTES(PSA_VENDOR_FFDH_MAX_KEY_BITS) #endif +/** Maximum key length for ciphers. + * + * Since there is no additional PSA_WANT_xxx symbol to specifiy the size of + * the key once a cipher is enabled (as it happens for asymmetric keys for + * example), the maximum key length is taken into account for each cipher. + * The resulting value will be the maximum cipher's key length given depending + * on which ciphers are enabled. + * + * Note: max value for AES used below would be doubled if XTS were enabled, but + * this mode is currently not supported in Mbed TLS implementation of PSA + * APIs. + */ +#if (defined(PSA_WANT_KEY_TYPE_AES) || defined(PSA_WANT_KEY_TYPE_ARIA) || \ + defined(PSA_WANT_KEY_TYPE_CAMELLIA) || defined(PSA_WANT_KEY_TYPE_CHACHA20)) +#define PSA_CIPHER_MAX_KEY_LENGTH 32u +#elif defined(PSA_WANT_KEY_TYPE_DES) +#define PSA_CIPHER_MAX_KEY_LENGTH 24u +#else +#define PSA_CIPHER_MAX_KEY_LENGTH 0u +#endif + /** The default IV size for a cipher algorithm, in bytes. * * The IV that is generated as part of a call to #psa_cipher_encrypt() is always From dbb646b99ac254f970b0082c5ffaa773db27e08b Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Thu, 20 Jun 2024 14:40:54 +0200 Subject: [PATCH 02/35] test: add new component to test MBEDTLS_PSA_STATIC_KEY_SLOTS This commit also fixes related errors in test suites. In all cases those failures are related to the use of raw keys whose size cannot be determined a-priori. Signed-off-by: Valerio Setti --- tests/scripts/components-configuration-crypto.sh | 10 ++++++++-- tf-psa-crypto/tests/suites/test_suite_psa_crypto.data | 6 +++--- .../tests/suites/test_suite_psa_crypto.function | 2 +- .../suites/test_suite_psa_crypto_persistent_key.data | 10 +++++++++- 4 files changed, 21 insertions(+), 7 deletions(-) diff --git a/tests/scripts/components-configuration-crypto.sh b/tests/scripts/components-configuration-crypto.sh index 68de6bbc20..de9f0e78bc 100644 --- a/tests/scripts/components-configuration-crypto.sh +++ b/tests/scripts/components-configuration-crypto.sh @@ -31,6 +31,14 @@ component_test_psa_assume_exclusive_buffers () { make test } +component_test_crypto_with_static_key_slots() { + msg "build: crypto full + MBEDTLS_PSA_STATIC_KEY_SLOTS" + scripts/config.py crypto_full + scripts/config.py set MBEDTLS_PSA_STATIC_KEY_SLOTS + + make test +} + # check_renamed_symbols HEADER LIB # Check that if HEADER contains '#define MACRO ...' then MACRO is not a symbol # name in LIB. @@ -2713,5 +2721,3 @@ component_test_min_mpi_window_size () { msg "test: MBEDTLS_MPI_WINDOW_SIZE=1 - main suites (inc. selftests) (ASan build)" # ~ 10s make test } - - diff --git a/tf-psa-crypto/tests/suites/test_suite_psa_crypto.data b/tf-psa-crypto/tests/suites/test_suite_psa_crypto.data index e921c112da..548f4b4e85 100644 --- a/tf-psa-crypto/tests/suites/test_suite_psa_crypto.data +++ b/tf-psa-crypto/tests/suites/test_suite_psa_crypto.data @@ -7158,7 +7158,7 @@ derive_key:PSA_ALG_PBKDF2_AES_CMAC_PRF_128:"706173737764":"01":"73616c74":PSA_KE # and not expected to be raised any time soon) is less than the maximum # output from HKDF-SHA512 (255*64 = 16320 bytes). PSA key derivation: largest possible key -depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_512 +depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_512:!MBEDTLS_PSA_STATIC_KEY_SLOTS derive_key:PSA_ALG_HKDF(PSA_ALG_SHA_512):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":PSA_KEY_TYPE_RAW_DATA:PSA_MAX_KEY_BITS:PSA_SUCCESS:1 PSA key derivation: key too large @@ -7408,6 +7408,7 @@ PSA generate key: raw data, (2 * MBEDTLS_CTR_DRBG_MAX_REQUEST + 1) * 8 bits generate_key:PSA_KEY_TYPE_RAW_DATA:(2 * MBEDTLS_CTR_DRBG_MAX_REQUEST + 1) * 8:PSA_KEY_USAGE_EXPORT:0:PSA_SUCCESS:0 PSA generate key: raw data, 65528 bits (large key, ok if it fits) +depends_on:!MBEDTLS_PSA_STATIC_KEY_SLOTS generate_key:PSA_KEY_TYPE_RAW_DATA:65528:PSA_KEY_USAGE_EXPORT:0:PSA_SUCCESS:1 PSA generate key: raw data, 65536 bits (not supported) @@ -7627,7 +7628,7 @@ depends_on:MBEDTLS_THREADING_PTHREAD concurrently_generate_keys:PSA_KEY_TYPE_RAW_DATA:(2 * MBEDTLS_CTR_DRBG_MAX_REQUEST + 1) * 8:PSA_KEY_USAGE_EXPORT:0:PSA_SUCCESS:0:8:5 PSA concurrent key generation: raw data, 65528 bits (large key, ok if it fits) -depends_on:MBEDTLS_THREADING_PTHREAD +depends_on:MBEDTLS_THREADING_PTHREAD:!MBEDTLS_PSA_STATIC_KEY_SLOTS concurrently_generate_keys:PSA_KEY_TYPE_RAW_DATA:65528:PSA_KEY_USAGE_EXPORT:0:PSA_SUCCESS:1:8:5 PSA concurrent key generation: raw data, 65536 bits (not supported) @@ -7835,4 +7836,3 @@ ecc_conversion_functions:MBEDTLS_ECP_DP_NONE:0:0 ECP group ID <-> PSA family - Wrong values ecc_conversion_functions_fail - diff --git a/tf-psa-crypto/tests/suites/test_suite_psa_crypto.function b/tf-psa-crypto/tests/suites/test_suite_psa_crypto.function index cee73b0861..e29d16c9de 100644 --- a/tf-psa-crypto/tests/suites/test_suite_psa_crypto.function +++ b/tf-psa-crypto/tests/suites/test_suite_psa_crypto.function @@ -1615,7 +1615,7 @@ exit: } /* END_CASE */ -/* BEGIN_CASE */ +/* BEGIN_CASE depends_on: !MBEDTLS_PSA_STATIC_KEY_SLOTS*/ /* Construct and attempt to import a large unstructured key. */ void import_large_key(int type_arg, int byte_size_arg, int expected_status_arg) diff --git a/tf-psa-crypto/tests/suites/test_suite_psa_crypto_persistent_key.data b/tf-psa-crypto/tests/suites/test_suite_psa_crypto_persistent_key.data index 133e726aec..05dc0c3ee8 100644 --- a/tf-psa-crypto/tests/suites/test_suite_psa_crypto_persistent_key.data +++ b/tf-psa-crypto/tests/suites/test_suite_psa_crypto_persistent_key.data @@ -35,12 +35,20 @@ parse_storage_data_check:"505341004b45590000000000010000000170000001000000000000 # Not specific to files, but only run this test in an environment where the maximum size could be reached. Save maximum-size persistent raw key -depends_on:MBEDTLS_PSA_ITS_FILE_C +depends_on:MBEDTLS_PSA_ITS_FILE_C:!MBEDTLS_PSA_STATIC_KEY_SLOTS save_large_persistent_key:PSA_CRYPTO_MAX_STORAGE_SIZE:PSA_SUCCESS +Save maximum-size persistent raw key - static key slot size +depends_on:MBEDTLS_PSA_ITS_FILE_C:MBEDTLS_PSA_STATIC_KEY_SLOTS +save_large_persistent_key:MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE:PSA_SUCCESS + Save larger than maximum-size persistent raw key save_large_persistent_key:PSA_CRYPTO_MAX_STORAGE_SIZE + 1:PSA_ERROR_NOT_SUPPORTED +Save larger than maximum-size persistent raw key - static key slot size +depends_on:MBEDTLS_PSA_STATIC_KEY_SLOTS +save_large_persistent_key:MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE + 1:PSA_ERROR_NOT_SUPPORTED + Persistent key destroy depends_on:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT persistent_key_destroy:2:1:0:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_TYPE_RAW_DATA:"deadbeef" From a47b045a68fd8bbe1732739d49fe40a3fba53592 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Tue, 25 Jun 2024 18:31:36 +0200 Subject: [PATCH 03/35] test: add new component to test core library without calloc/free This commit also fixes issues found in test suites function/data files. Signed-off-by: Valerio Setti --- .../components-configuration-crypto.sh | 86 +++++++++++++++++++ .../tests/suites/test_suite_psa_crypto.data | 2 + .../suites/test_suite_psa_crypto.function | 4 +- ...test_suite_psa_crypto_driver_wrappers.data | 16 ++-- ..._suite_psa_crypto_driver_wrappers.function | 12 ++- .../test_suite_psa_crypto_entropy.function | 4 + .../test_suite_psa_crypto_init.function | 3 + 7 files changed, 114 insertions(+), 13 deletions(-) diff --git a/tests/scripts/components-configuration-crypto.sh b/tests/scripts/components-configuration-crypto.sh index de9f0e78bc..cbebd16b37 100644 --- a/tests/scripts/components-configuration-crypto.sh +++ b/tests/scripts/components-configuration-crypto.sh @@ -64,6 +64,92 @@ component_build_psa_crypto_spm () { check_renamed_symbols tests/include/spe/crypto_spe.h library/libmbedcrypto.a } +# The goal of this component is to build a configuration where: +# - test code and libtestdriver1 can make use of calloc/free and +# - core library (including PSA core) cannot use calloc/free. +component_test_psa_crypto_without_heap() { + # Disable PSA features that cannot be accelerated and whose builtin support + # requires calloc/free. + scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE + scripts/config.py -f $CRYPTO_CONFIG_H unset-all PSA_WANT_ALG_HKDF* + scripts/config.py -f $CRYPTO_CONFIG_H unset-all PSA_WANT_ALG_PBKDF2* + scripts/config.py -f $CRYPTO_CONFIG_H unset-all PSA_WANT_ALG_TLS12* + # RSA key support requires ASN1 parse/write support for testing, but ASN1 + # is disabled below. + scripts/config.py -f $CRYPTO_CONFIG_H unset-all PSA_WANT_KEY_TYPE_RSA_* + scripts/config.py -f $CRYPTO_CONFIG_H unset-all PSA_WANT_ALG_RSA_* + # DES requires built-in support for key generation (parity check) so it + # cannot be accelerated + scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_KEY_TYPE_DES + # EC-JPAKE use calloc/free in PSA core + scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_JPAKE + + # Accelerate all PSA features (which are still enabled in CRYPTO_CONFIG_H). + PSA_SYM_LIST=$(./scripts/config.py -f $CRYPTO_CONFIG_H get-all-enabled PSA_WANT) + loc_accel_list=$(echo $PSA_SYM_LIST | sed 's/PSA_WANT_//g') + + msg "build: libtestdriver1" + helper_libtestdriver1_adjust_config crypto + helper_libtestdriver1_make_drivers "$loc_accel_list" + + msg "build: main library" + # Enable fully-static key slots in PSA core. + scripts/config.py set MBEDTLS_PSA_STATIC_KEY_SLOTS + # Prevent PSA core from creating a copy of input/output buffers + scripts/config.py set MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS + # Prevent PSA core from using CTR-DRBG or HMAC-DRBG for random generation. + scripts/config.py set MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG + # Set cmalloc/free as null pointer functions. Calling them would crash + # the program so we can use this as a "sentinel" for being sure no module + # is making use of these functions in the library. + scripts/config.py set MBEDTLS_PLATFORM_MEMORY + scripts/config.py set MBEDTLS_PLATFORM_STD_CALLOC NULL + scripts/config.py set MBEDTLS_PLATFORM_STD_FREE NULL + + # Disable all the modules/features that use cmalloc directly + scripts/config.py unset-all MBEDTLS_ASN1_ + scripts/config.py unset MBEDTLS_BIGNUM_C + scripts/config.py unset MBEDTLS_CIPHER_C + scripts/config.py unset MBEDTLS_CMAC_C + scripts/config.py unset MBEDTLS_DHM_C + scripts/config.py unset MBEDTLS_ECDSA_C + scripts/config.py unset MBEDTLS_ECP_RESTARTABLE + scripts/config.py unset MBEDTLS_ECP_C + scripts/config.py unset-all MBEDTLS_LMS_ + scripts/config.py unset MBEDTLS_MD_C + scripts/config.py unset MBEDTLS_OID_C + scripts/config.py unset-all MBEDTLS_PEM_ + scripts/config.py unset MBEDTLS_PKCS7_C + scripts/config.py unset-all MBEDTLS_PK_ + scripts/config.py unset MBEDTLS_RSA_C + scripts/config.py unset MBEDTLS_PSA_CRYPTO_STORAGE_C + # Disable all modules that depend on the the previous ones + scripts/config.py unset MBEDTLS_NIST_KW_C + scripts/config.py unset MBEDTLS_ECDH_C + scripts/config.py unset MBEDTLS_ECJPAKE_C + scripts/config.py unset-all MBEDTLS_PKCS1_ + scripts/config.py unset-all MBEDTLS_ENTROPY_ + scripts/config.py unset-all MBEDTLS_SHA + scripts/config.py unset MBEDTLS_PLATFORM_NV_SEED_ALT + scripts/config.py unset MBEDTLS_HKDF_C + scripts/config.py unset MBEDTLS_PKCS5_C + scripts/config.py unset MBEDTLS_PKCS12_C + scripts/config.py unset MBEDTLS_HMAC_DRBG_C + scripts/config.py unset MBEDTLS_ECDSA_DETERMINISTIC + helper_libtestdriver1_make_main "$loc_accel_list" lib + + msg "build: test suites and helpers" + # Reset cmalloc/free functions to normal operations so that test code can + # freely use them. + scripts/config.py unset MBEDTLS_PLATFORM_MEMORY + scripts/config.py unset MBEDTLS_PLATFORM_STD_CALLOC + scripts/config.py unset MBEDTLS_PLATFORM_STD_FREE + helper_libtestdriver1_make_main "$loc_accel_list" tests + + msg "run tests" + make test +} + component_test_no_rsa_key_pair_generation () { msg "build: default config minus PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE" scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG diff --git a/tf-psa-crypto/tests/suites/test_suite_psa_crypto.data b/tf-psa-crypto/tests/suites/test_suite_psa_crypto.data index 548f4b4e85..8ddd6d7543 100644 --- a/tf-psa-crypto/tests/suites/test_suite_psa_crypto.data +++ b/tf-psa-crypto/tests/suites/test_suite_psa_crypto.data @@ -7402,9 +7402,11 @@ PSA generate key: raw data, 9 bits: invalid argument generate_key:PSA_KEY_TYPE_RAW_DATA:9:PSA_KEY_USAGE_EXPORT:0:PSA_ERROR_INVALID_ARGUMENT:0 PSA generate key: raw data, (MBEDTLS_CTR_DRBG_MAX_REQUEST + 1) * 8 bits +depends_on:!MBEDTLS_PSA_STATIC_KEY_SLOTS generate_key:PSA_KEY_TYPE_RAW_DATA:(MBEDTLS_CTR_DRBG_MAX_REQUEST + 1) * 8:PSA_KEY_USAGE_EXPORT:0:PSA_SUCCESS:0 PSA generate key: raw data, (2 * MBEDTLS_CTR_DRBG_MAX_REQUEST + 1) * 8 bits +depends_on:!MBEDTLS_PSA_STATIC_KEY_SLOTS generate_key:PSA_KEY_TYPE_RAW_DATA:(2 * MBEDTLS_CTR_DRBG_MAX_REQUEST + 1) * 8:PSA_KEY_USAGE_EXPORT:0:PSA_SUCCESS:0 PSA generate key: raw data, 65528 bits (large key, ok if it fits) diff --git a/tf-psa-crypto/tests/suites/test_suite_psa_crypto.function b/tf-psa-crypto/tests/suites/test_suite_psa_crypto.function index e29d16c9de..b1c662f493 100644 --- a/tf-psa-crypto/tests/suites/test_suite_psa_crypto.function +++ b/tf-psa-crypto/tests/suites/test_suite_psa_crypto.function @@ -1236,7 +1236,7 @@ static void interruptible_signverify_get_minmax_completes(uint32_t max_ops, } #endif /* MBEDTLS_ECP_RESTARTABLE */ -#if defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE) +#if defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE) && defined(MBEDTLS_ASN1_PARSE_C) static int rsa_test_e(mbedtls_svc_key_id_t key, size_t bits, const data_t *e_arg) @@ -10180,7 +10180,7 @@ void generate_key_custom(int type_arg, TEST_EQUAL(psa_get_key_type(&got_attributes), type); TEST_EQUAL(psa_get_key_bits(&got_attributes), bits); -#if defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE) +#if defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE) && defined(MBEDTLS_ASN1_PARSE_C) if (type == PSA_KEY_TYPE_RSA_KEY_PAIR) { TEST_ASSERT(rsa_test_e(key, bits, custom_data)); } diff --git a/tf-psa-crypto/tests/suites/test_suite_psa_crypto_driver_wrappers.data b/tf-psa-crypto/tests/suites/test_suite_psa_crypto_driver_wrappers.data index fb2da8c3c2..632a4b6f0b 100644 --- a/tf-psa-crypto/tests/suites/test_suite_psa_crypto_driver_wrappers.data +++ b/tf-psa-crypto/tests/suites/test_suite_psa_crypto_driver_wrappers.data @@ -256,35 +256,35 @@ generate_ec_key through transparent driver: error generate_ec_key:PSA_ERROR_GENERIC_ERROR:"":PSA_ERROR_GENERIC_ERROR validate key through transparent driver: good private key -depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT:PSA_WANT_ECC_SECP_R1_256 +depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_PSA_CRYPTO_STORAGE_C validate_key:PSA_SUCCESS:PSA_KEY_LOCATION_LOCAL_STORAGE:130:1:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_SUCCESS validate key through transparent driver: good public key -depends_on:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:PSA_WANT_ECC_SECP_R1_256 +depends_on:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_PSA_CRYPTO_STORAGE_C validate_key:PSA_SUCCESS:PSA_KEY_LOCATION_LOCAL_STORAGE:131:1:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1):"04dea5e45d0ea37fc566232a508f4ad20ea13d47e4bf5fa4d54a57a0ba012042087097496efc583fed8b24a5b9be9a51de063f5a00a8b698a16fd7f29b5485f320":PSA_SUCCESS validate key through transparent driver: fallback private key -depends_on:MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_BASIC:MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_IMPORT:MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_EXPORT:MBEDTLS_PSA_BUILTIN_ECC_SECP_R1_256 +depends_on:MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_BASIC:MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_IMPORT:MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_EXPORT:MBEDTLS_PSA_BUILTIN_ECC_SECP_R1_256:MBEDTLS_PSA_CRYPTO_STORAGE_C validate_key:PSA_ERROR_NOT_SUPPORTED:PSA_KEY_LOCATION_LOCAL_STORAGE:132:1:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_SUCCESS validate key through transparent driver: fallback public key -depends_on:MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_PSA_BUILTIN_ECC_SECP_R1_256 +depends_on:MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_PSA_BUILTIN_ECC_SECP_R1_256:MBEDTLS_PSA_CRYPTO_STORAGE_C validate_key:PSA_ERROR_NOT_SUPPORTED:PSA_KEY_LOCATION_LOCAL_STORAGE:133:1:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1):"04dea5e45d0ea37fc566232a508f4ad20ea13d47e4bf5fa4d54a57a0ba012042087097496efc583fed8b24a5b9be9a51de063f5a00a8b698a16fd7f29b5485f320":PSA_SUCCESS validate key through transparent driver: error -depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT +depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT:MBEDTLS_PSA_CRYPTO_STORAGE_C validate_key:PSA_ERROR_GENERIC_ERROR:PSA_KEY_LOCATION_LOCAL_STORAGE:134:1:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_ERROR_GENERIC_ERROR validate key through opaque driver: good private key -depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT:PSA_WANT_ECC_SECP_R1_256 +depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_PSA_CRYPTO_STORAGE_C validate_key:PSA_SUCCESS:PSA_CRYPTO_TEST_DRIVER_LOCATION:130:1:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_SUCCESS validate key through opaque driver: good public key -depends_on:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:PSA_WANT_ECC_SECP_R1_256 +depends_on:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_PSA_CRYPTO_STORAGE_C validate_key:PSA_SUCCESS:PSA_CRYPTO_TEST_DRIVER_LOCATION:131:1:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1):"04dea5e45d0ea37fc566232a508f4ad20ea13d47e4bf5fa4d54a57a0ba012042087097496efc583fed8b24a5b9be9a51de063f5a00a8b698a16fd7f29b5485f320":PSA_SUCCESS validate key through opaque driver: error -depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT +depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT:MBEDTLS_PSA_CRYPTO_STORAGE_C validate_key:PSA_ERROR_GENERIC_ERROR:PSA_CRYPTO_TEST_DRIVER_LOCATION:134:1:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_ERROR_GENERIC_ERROR export_key private to public through driver: fake diff --git a/tf-psa-crypto/tests/suites/test_suite_psa_crypto_driver_wrappers.function b/tf-psa-crypto/tests/suites/test_suite_psa_crypto_driver_wrappers.function index 84611faddd..14fc644d9a 100644 --- a/tf-psa-crypto/tests/suites/test_suite_psa_crypto_driver_wrappers.function +++ b/tf-psa-crypto/tests/suites/test_suite_psa_crypto_driver_wrappers.function @@ -6,13 +6,14 @@ size_t pake_expected_hit_count = 0; int pake_in_driver = 0; +#if defined(PSA_WANT_ALG_JPAKE) && \ + defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC) && \ + defined(PSA_WANT_ECC_SECP_R1_256) && defined(PSA_WANT_ALG_SHA_256) + /* The only two JPAKE user/peer identifiers supported for the time being. */ static const uint8_t jpake_server_id[] = { 's', 'e', 'r', 'v', 'e', 'r' }; static const uint8_t jpake_client_id[] = { 'c', 'l', 'i', 'e', 'n', 't' }; -#if defined(PSA_WANT_ALG_JPAKE) && \ - defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC) && \ - defined(PSA_WANT_ECC_SECP_R1_256) && defined(PSA_WANT_ALG_SHA_256) static void ecjpake_do_round(psa_algorithm_t alg, unsigned int primitive, psa_pake_operation_t *server, psa_pake_operation_t *client, @@ -437,6 +438,11 @@ static int sanity_check_rsa_encryption_result( mbedtls_mpi_init(&D); mbedtls_mpi_init(&C); mbedtls_mpi_init(&X); +#else /* MBEDTLS_BIGNUM_C */ + (void) alg; + (void) private_exponent; + (void) input_data; + (void) buf; #endif /* MBEDTLS_BIGNUM_C */ int ok = 0; diff --git a/tf-psa-crypto/tests/suites/test_suite_psa_crypto_entropy.function b/tf-psa-crypto/tests/suites/test_suite_psa_crypto_entropy.function index 4d5eda2baf..24081638d6 100644 --- a/tf-psa-crypto/tests/suites/test_suite_psa_crypto_entropy.function +++ b/tf-psa-crypto/tests/suites/test_suite_psa_crypto_entropy.function @@ -8,6 +8,10 @@ #include "entropy_poll.h" /* Calculating the minimum allowed entropy size in bytes */ +#if !defined(MBEDTLS_ENTROPY_BLOCK_SIZE) +#define MBEDTLS_ENTROPY_BLOCK_SIZE MBEDTLS_ENTROPY_MIN_PLATFORM +#endif + #define MBEDTLS_PSA_INJECT_ENTROPY_MIN_SIZE MAX(MBEDTLS_ENTROPY_MIN_PLATFORM, \ MBEDTLS_ENTROPY_BLOCK_SIZE) diff --git a/tf-psa-crypto/tests/suites/test_suite_psa_crypto_init.function b/tf-psa-crypto/tests/suites/test_suite_psa_crypto_init.function index 954560a24e..c9a1e077d6 100644 --- a/tf-psa-crypto/tests/suites/test_suite_psa_crypto_init.function +++ b/tf-psa-crypto/tests/suites/test_suite_psa_crypto_init.function @@ -24,6 +24,9 @@ static int check_stats(void) exit: return 0; } +#if !defined(MBEDTLS_ENTROPY_BLOCK_SIZE) +#define MBEDTLS_ENTROPY_BLOCK_SIZE MBEDTLS_ENTROPY_MIN_PLATFORM +#endif #define ENTROPY_MIN_NV_SEED_SIZE \ MAX(MBEDTLS_ENTROPY_MIN_PLATFORM, MBEDTLS_ENTROPY_BLOCK_SIZE) From a7ce589fbc992a8591d4ed46d8e4df695cb6e2a2 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Tue, 13 Aug 2024 10:44:02 +0200 Subject: [PATCH 04/35] mbedtls_config: move MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE to the correct place Signed-off-by: Valerio Setti --- include/mbedtls/mbedtls_config.h | 30 +++++++++++++++--------------- 1 file changed, 15 insertions(+), 15 deletions(-) diff --git a/include/mbedtls/mbedtls_config.h b/include/mbedtls/mbedtls_config.h index 02b66344a8..63945f09dd 100644 --- a/include/mbedtls/mbedtls_config.h +++ b/include/mbedtls/mbedtls_config.h @@ -3084,21 +3084,6 @@ */ //#define MBEDTLS_PSA_STATIC_KEY_SLOTS -/** - * \def MBEDTLS_PSA_STATIC_KEY_SLOTS - * - * Optionally define the size (in bytes) of each static key slot. If not - * explicitly defined then it's automatically set to hold the maximum - * asymmetric PSA key enabled in the build (through PSA_WANT_xxx symbols). - * If required by the application this parameter can be set to higher values - * in order to store larger objects (ex: raw keys), but please note that this - * will increase RAM usage. - * - * Requires: MBEDTLS_PSA_STATIC_KEY_SLOTS - * - */ -//#define MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE 256 - /** * \def MBEDTLS_RIPEMD160_C * @@ -3900,6 +3885,21 @@ */ //#define MBEDTLS_PSA_KEY_SLOT_COUNT 32 +/** + * \def MBEDTLS_PSA_STATIC_KEY_SLOTS + * + * Optionally define the size (in bytes) of each static key slot. If not + * explicitly defined then it's automatically set to hold the maximum + * asymmetric PSA key enabled in the build (through PSA_WANT_xxx symbols). + * If required by the application this parameter can be set to higher values + * in order to store larger objects (ex: raw keys), but please note that this + * will increase RAM usage. + * + * Requires: MBEDTLS_PSA_STATIC_KEY_SLOTS + * + */ +//#define MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE 256 + /* RSA OPTIONS */ //#define MBEDTLS_RSA_GEN_KEY_MIN_BITS 1024 /**< Minimum RSA key size that can be generated in bits (Minimum possible value is 128 bits) */ From 933b7693f40875449bff45d0f6fbb521a257bc10 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Tue, 13 Aug 2024 11:08:26 +0200 Subject: [PATCH 05/35] mbedtls_config: fix descriptions for PSA static key slots Signed-off-by: Valerio Setti --- include/mbedtls/mbedtls_config.h | 22 +++++++++++----------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/include/mbedtls/mbedtls_config.h b/include/mbedtls/mbedtls_config.h index 63945f09dd..55a7fe7879 100644 --- a/include/mbedtls/mbedtls_config.h +++ b/include/mbedtls/mbedtls_config.h @@ -3069,15 +3069,17 @@ /** * \def MBEDTLS_PSA_STATIC_KEY_SLOTS * - * Statically preallocate all key slot buffers to store volatile keys in PSA - * instead of allocating them dynamically when required. This helps reducing - * heap memory usage as well as heap management code's footprint in embedded - * devices. + * Statically preallocate memory to store keys' material in PSA instead + * of allocating it dynamically when required. This allows builds without a + * heap, if none of the enabled cryptographic implementations or other features + * require it. + * This feature affects both volatile and persistent keys which means that + * it's not possible to persistently store a key which is larger than + * MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE. * * \note This feature comes with a (potentially) higher RAM usage since: * - All the key slots are allocated no matter if they are used of not. - * - Each key slot's length is as large as the largest key type supported - * in the build. + * - Each key buffer's length is MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE bytes. * * Requires: MBEDTLS_PSA_CRYPTO_C * @@ -3886,17 +3888,15 @@ //#define MBEDTLS_PSA_KEY_SLOT_COUNT 32 /** - * \def MBEDTLS_PSA_STATIC_KEY_SLOTS + * \def MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE * - * Optionally define the size (in bytes) of each static key slot. If not + * Define the size (in bytes) of each static key slot when + * MBEDTLS_PSA_STATIC_KEY_SLOTS is set. If not * explicitly defined then it's automatically set to hold the maximum * asymmetric PSA key enabled in the build (through PSA_WANT_xxx symbols). * If required by the application this parameter can be set to higher values * in order to store larger objects (ex: raw keys), but please note that this * will increase RAM usage. - * - * Requires: MBEDTLS_PSA_STATIC_KEY_SLOTS - * */ //#define MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE 256 From 13aadd7981a240298c8f26425e5d50c2516a84ba Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Tue, 13 Aug 2024 13:13:23 +0200 Subject: [PATCH 06/35] test: minor fixes to test_psa_crypto_without_heap and test_crypto_with_static_key_slots Signed-off-by: Valerio Setti --- .../components-configuration-crypto.sh | 37 ++++++++++--------- 1 file changed, 19 insertions(+), 18 deletions(-) diff --git a/tests/scripts/components-configuration-crypto.sh b/tests/scripts/components-configuration-crypto.sh index cbebd16b37..ae470deafa 100644 --- a/tests/scripts/components-configuration-crypto.sh +++ b/tests/scripts/components-configuration-crypto.sh @@ -36,6 +36,7 @@ component_test_crypto_with_static_key_slots() { scripts/config.py crypto_full scripts/config.py set MBEDTLS_PSA_STATIC_KEY_SLOTS + msg "test: crypto full + MBEDTLS_PSA_STATIC_KEY_SLOTS" make test } @@ -68,16 +69,17 @@ component_build_psa_crypto_spm () { # - test code and libtestdriver1 can make use of calloc/free and # - core library (including PSA core) cannot use calloc/free. component_test_psa_crypto_without_heap() { + msg "crypto without heap: build libtestdriver1" # Disable PSA features that cannot be accelerated and whose builtin support # requires calloc/free. scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE - scripts/config.py -f $CRYPTO_CONFIG_H unset-all PSA_WANT_ALG_HKDF* - scripts/config.py -f $CRYPTO_CONFIG_H unset-all PSA_WANT_ALG_PBKDF2* - scripts/config.py -f $CRYPTO_CONFIG_H unset-all PSA_WANT_ALG_TLS12* + scripts/config.py -f $CRYPTO_CONFIG_H unset-all "^PSA_WANT_ALG_HKDF" + scripts/config.py -f $CRYPTO_CONFIG_H unset-all "^PSA_WANT_ALG_PBKDF2_" + scripts/config.py -f $CRYPTO_CONFIG_H unset-all "^PSA_WANT_ALG_TLS12_" # RSA key support requires ASN1 parse/write support for testing, but ASN1 # is disabled below. - scripts/config.py -f $CRYPTO_CONFIG_H unset-all PSA_WANT_KEY_TYPE_RSA_* - scripts/config.py -f $CRYPTO_CONFIG_H unset-all PSA_WANT_ALG_RSA_* + scripts/config.py -f $CRYPTO_CONFIG_H unset-all "^PSA_WANT_KEY_TYPE_RSA_" + scripts/config.py -f $CRYPTO_CONFIG_H unset-all "^PSA_WANT_ALG_RSA_" # DES requires built-in support for key generation (parity check) so it # cannot be accelerated scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_KEY_TYPE_DES @@ -88,25 +90,24 @@ component_test_psa_crypto_without_heap() { PSA_SYM_LIST=$(./scripts/config.py -f $CRYPTO_CONFIG_H get-all-enabled PSA_WANT) loc_accel_list=$(echo $PSA_SYM_LIST | sed 's/PSA_WANT_//g') - msg "build: libtestdriver1" helper_libtestdriver1_adjust_config crypto helper_libtestdriver1_make_drivers "$loc_accel_list" - msg "build: main library" + msg "crypto without heap: build main library" # Enable fully-static key slots in PSA core. scripts/config.py set MBEDTLS_PSA_STATIC_KEY_SLOTS # Prevent PSA core from creating a copy of input/output buffers scripts/config.py set MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS # Prevent PSA core from using CTR-DRBG or HMAC-DRBG for random generation. scripts/config.py set MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG - # Set cmalloc/free as null pointer functions. Calling them would crash + # Set calloc/free as null pointer functions. Calling them would crash # the program so we can use this as a "sentinel" for being sure no module # is making use of these functions in the library. scripts/config.py set MBEDTLS_PLATFORM_MEMORY scripts/config.py set MBEDTLS_PLATFORM_STD_CALLOC NULL scripts/config.py set MBEDTLS_PLATFORM_STD_FREE NULL - # Disable all the modules/features that use cmalloc directly + # Disable all the modules/features that use calloc directly scripts/config.py unset-all MBEDTLS_ASN1_ scripts/config.py unset MBEDTLS_BIGNUM_C scripts/config.py unset MBEDTLS_CIPHER_C @@ -115,21 +116,21 @@ component_test_psa_crypto_without_heap() { scripts/config.py unset MBEDTLS_ECDSA_C scripts/config.py unset MBEDTLS_ECP_RESTARTABLE scripts/config.py unset MBEDTLS_ECP_C - scripts/config.py unset-all MBEDTLS_LMS_ + scripts/config.py unset-all "^MBEDTLS_LMS_" scripts/config.py unset MBEDTLS_MD_C scripts/config.py unset MBEDTLS_OID_C - scripts/config.py unset-all MBEDTLS_PEM_ + scripts/config.py unset-all "^MBEDTLS_PEM_" scripts/config.py unset MBEDTLS_PKCS7_C - scripts/config.py unset-all MBEDTLS_PK_ + scripts/config.py unset-all "^MBEDTLS_PK_" scripts/config.py unset MBEDTLS_RSA_C scripts/config.py unset MBEDTLS_PSA_CRYPTO_STORAGE_C # Disable all modules that depend on the the previous ones scripts/config.py unset MBEDTLS_NIST_KW_C scripts/config.py unset MBEDTLS_ECDH_C scripts/config.py unset MBEDTLS_ECJPAKE_C - scripts/config.py unset-all MBEDTLS_PKCS1_ - scripts/config.py unset-all MBEDTLS_ENTROPY_ - scripts/config.py unset-all MBEDTLS_SHA + scripts/config.py unset-all "^MBEDTLS_PKCS1_" + scripts/config.py unset-all "^MBEDTLS_ENTROPY_" + scripts/config.py unset-all "^MBEDTLS_SHA" scripts/config.py unset MBEDTLS_PLATFORM_NV_SEED_ALT scripts/config.py unset MBEDTLS_HKDF_C scripts/config.py unset MBEDTLS_PKCS5_C @@ -138,15 +139,15 @@ component_test_psa_crypto_without_heap() { scripts/config.py unset MBEDTLS_ECDSA_DETERMINISTIC helper_libtestdriver1_make_main "$loc_accel_list" lib - msg "build: test suites and helpers" - # Reset cmalloc/free functions to normal operations so that test code can + msg "crypto without heap: build test suites and helpers" + # Reset calloc/free functions to normal operations so that test code can # freely use them. scripts/config.py unset MBEDTLS_PLATFORM_MEMORY scripts/config.py unset MBEDTLS_PLATFORM_STD_CALLOC scripts/config.py unset MBEDTLS_PLATFORM_STD_FREE helper_libtestdriver1_make_main "$loc_accel_list" tests - msg "run tests" + msg "crypto without heap: test" make test } From 35b0b02e4ac6ce577d2f90f71b2aa3b319f9661e Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Tue, 13 Aug 2024 13:36:50 +0200 Subject: [PATCH 07/35] test: disable all legacy symbols in test_psa_crypto_without_heap Disable all MBEDTLS_xxx symbols (keeping only the relevant ones enabled) when building the main library. Signed-off-by: Valerio Setti --- .../components-configuration-crypto.sh | 38 ++++--------------- 1 file changed, 7 insertions(+), 31 deletions(-) diff --git a/tests/scripts/components-configuration-crypto.sh b/tests/scripts/components-configuration-crypto.sh index ae470deafa..bbbd1a45e0 100644 --- a/tests/scripts/components-configuration-crypto.sh +++ b/tests/scripts/components-configuration-crypto.sh @@ -94,49 +94,25 @@ component_test_psa_crypto_without_heap() { helper_libtestdriver1_make_drivers "$loc_accel_list" msg "crypto without heap: build main library" + # Disable all legacy MBEDTLS_xxx symbols. + scripts/config.py unset-all "^MBEDTLS_" + # Build the PSA core using the proper config file. + scripts/config.py set MBEDTLS_PSA_CRYPTO_C + scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG # Enable fully-static key slots in PSA core. scripts/config.py set MBEDTLS_PSA_STATIC_KEY_SLOTS - # Prevent PSA core from creating a copy of input/output buffers + # Prevent PSA core from creating a copy of input/output buffers. scripts/config.py set MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS # Prevent PSA core from using CTR-DRBG or HMAC-DRBG for random generation. scripts/config.py set MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG # Set calloc/free as null pointer functions. Calling them would crash # the program so we can use this as a "sentinel" for being sure no module # is making use of these functions in the library. + scripts/config.py set MBEDTLS_PLATFORM_C scripts/config.py set MBEDTLS_PLATFORM_MEMORY scripts/config.py set MBEDTLS_PLATFORM_STD_CALLOC NULL scripts/config.py set MBEDTLS_PLATFORM_STD_FREE NULL - # Disable all the modules/features that use calloc directly - scripts/config.py unset-all MBEDTLS_ASN1_ - scripts/config.py unset MBEDTLS_BIGNUM_C - scripts/config.py unset MBEDTLS_CIPHER_C - scripts/config.py unset MBEDTLS_CMAC_C - scripts/config.py unset MBEDTLS_DHM_C - scripts/config.py unset MBEDTLS_ECDSA_C - scripts/config.py unset MBEDTLS_ECP_RESTARTABLE - scripts/config.py unset MBEDTLS_ECP_C - scripts/config.py unset-all "^MBEDTLS_LMS_" - scripts/config.py unset MBEDTLS_MD_C - scripts/config.py unset MBEDTLS_OID_C - scripts/config.py unset-all "^MBEDTLS_PEM_" - scripts/config.py unset MBEDTLS_PKCS7_C - scripts/config.py unset-all "^MBEDTLS_PK_" - scripts/config.py unset MBEDTLS_RSA_C - scripts/config.py unset MBEDTLS_PSA_CRYPTO_STORAGE_C - # Disable all modules that depend on the the previous ones - scripts/config.py unset MBEDTLS_NIST_KW_C - scripts/config.py unset MBEDTLS_ECDH_C - scripts/config.py unset MBEDTLS_ECJPAKE_C - scripts/config.py unset-all "^MBEDTLS_PKCS1_" - scripts/config.py unset-all "^MBEDTLS_ENTROPY_" - scripts/config.py unset-all "^MBEDTLS_SHA" - scripts/config.py unset MBEDTLS_PLATFORM_NV_SEED_ALT - scripts/config.py unset MBEDTLS_HKDF_C - scripts/config.py unset MBEDTLS_PKCS5_C - scripts/config.py unset MBEDTLS_PKCS12_C - scripts/config.py unset MBEDTLS_HMAC_DRBG_C - scripts/config.py unset MBEDTLS_ECDSA_DETERMINISTIC helper_libtestdriver1_make_main "$loc_accel_list" lib msg "crypto without heap: build test suites and helpers" From 261baa8e9fd995da50c6c2fbd3d53ab7ceca7c2c Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Tue, 13 Aug 2024 14:35:30 +0200 Subject: [PATCH 08/35] psa-core: properly set PSA_CRYPTO_MAX_STORAGE_SIZE If MBEDTLS_PSA_STATIC_KEY_SLOTS is set then limit PSA_CRYPTO_MAX_STORAGE_SIZE to MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE, otherwise keep the previous PSA_BITS_TO_BYTES(PSA_MAX_KEY_BITS) size. This commit also removes changes to test_suite_psa_crypto_persistent_key.data done previously since MBEDTLS_PSA_STATIC_KEY_SLOTS is always up to date with key buffer size. Signed-off-by: Valerio Setti --- tf-psa-crypto/core/psa_crypto_storage.h | 12 ++++++++++-- .../suites/test_suite_psa_crypto_persistent_key.data | 10 +--------- 2 files changed, 11 insertions(+), 11 deletions(-) diff --git a/tf-psa-crypto/core/psa_crypto_storage.h b/tf-psa-crypto/core/psa_crypto_storage.h index d7f5b18953..809fd72249 100644 --- a/tf-psa-crypto/core/psa_crypto_storage.h +++ b/tf-psa-crypto/core/psa_crypto_storage.h @@ -17,13 +17,21 @@ extern "C" { #include "psa/crypto.h" #include "psa/crypto_se_driver.h" +#include "psa_crypto_core.h" #include #include -/* Limit the maximum key size in storage. This should have no effect - * since the key size is limited in memory. */ +/* Limit the maximum key size in storage. */ +#if defined(MBEDTLS_PSA_STATIC_KEY_SLOTS) +/* Reflect the maximum size for the key buffer. */ +#define PSA_CRYPTO_MAX_STORAGE_SIZE (MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE) +#else +/* Just set an upper boundary but it should have no effect since the key size + * is limited in memory. */ #define PSA_CRYPTO_MAX_STORAGE_SIZE (PSA_BITS_TO_BYTES(PSA_MAX_KEY_BITS)) +#endif + /* Sanity check: a file size must fit in 32 bits. Allow a generous * 64kB of metadata. */ #if PSA_CRYPTO_MAX_STORAGE_SIZE > 0xffff0000 diff --git a/tf-psa-crypto/tests/suites/test_suite_psa_crypto_persistent_key.data b/tf-psa-crypto/tests/suites/test_suite_psa_crypto_persistent_key.data index 05dc0c3ee8..133e726aec 100644 --- a/tf-psa-crypto/tests/suites/test_suite_psa_crypto_persistent_key.data +++ b/tf-psa-crypto/tests/suites/test_suite_psa_crypto_persistent_key.data @@ -35,20 +35,12 @@ parse_storage_data_check:"505341004b45590000000000010000000170000001000000000000 # Not specific to files, but only run this test in an environment where the maximum size could be reached. Save maximum-size persistent raw key -depends_on:MBEDTLS_PSA_ITS_FILE_C:!MBEDTLS_PSA_STATIC_KEY_SLOTS +depends_on:MBEDTLS_PSA_ITS_FILE_C save_large_persistent_key:PSA_CRYPTO_MAX_STORAGE_SIZE:PSA_SUCCESS -Save maximum-size persistent raw key - static key slot size -depends_on:MBEDTLS_PSA_ITS_FILE_C:MBEDTLS_PSA_STATIC_KEY_SLOTS -save_large_persistent_key:MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE:PSA_SUCCESS - Save larger than maximum-size persistent raw key save_large_persistent_key:PSA_CRYPTO_MAX_STORAGE_SIZE + 1:PSA_ERROR_NOT_SUPPORTED -Save larger than maximum-size persistent raw key - static key slot size -depends_on:MBEDTLS_PSA_STATIC_KEY_SLOTS -save_large_persistent_key:MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE + 1:PSA_ERROR_NOT_SUPPORTED - Persistent key destroy depends_on:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT persistent_key_destroy:2:1:0:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_TYPE_RAW_DATA:"deadbeef" From 31cca13779f015c59ca3c4acb646487f0fed0f52 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Tue, 13 Aug 2024 15:25:08 +0200 Subject: [PATCH 09/35] test_suite_psa_crypto_driver_wrappers: revert changes and fix validate_key() Use only volatile keys in order to remove dependency on storage. Signed-off-by: Valerio Setti --- .../test_suite_psa_crypto_driver_wrappers.data | 16 ++++++++-------- ...est_suite_psa_crypto_driver_wrappers.function | 2 +- 2 files changed, 9 insertions(+), 9 deletions(-) diff --git a/tf-psa-crypto/tests/suites/test_suite_psa_crypto_driver_wrappers.data b/tf-psa-crypto/tests/suites/test_suite_psa_crypto_driver_wrappers.data index 632a4b6f0b..fb2da8c3c2 100644 --- a/tf-psa-crypto/tests/suites/test_suite_psa_crypto_driver_wrappers.data +++ b/tf-psa-crypto/tests/suites/test_suite_psa_crypto_driver_wrappers.data @@ -256,35 +256,35 @@ generate_ec_key through transparent driver: error generate_ec_key:PSA_ERROR_GENERIC_ERROR:"":PSA_ERROR_GENERIC_ERROR validate key through transparent driver: good private key -depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_PSA_CRYPTO_STORAGE_C +depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT:PSA_WANT_ECC_SECP_R1_256 validate_key:PSA_SUCCESS:PSA_KEY_LOCATION_LOCAL_STORAGE:130:1:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_SUCCESS validate key through transparent driver: good public key -depends_on:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_PSA_CRYPTO_STORAGE_C +depends_on:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:PSA_WANT_ECC_SECP_R1_256 validate_key:PSA_SUCCESS:PSA_KEY_LOCATION_LOCAL_STORAGE:131:1:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1):"04dea5e45d0ea37fc566232a508f4ad20ea13d47e4bf5fa4d54a57a0ba012042087097496efc583fed8b24a5b9be9a51de063f5a00a8b698a16fd7f29b5485f320":PSA_SUCCESS validate key through transparent driver: fallback private key -depends_on:MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_BASIC:MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_IMPORT:MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_EXPORT:MBEDTLS_PSA_BUILTIN_ECC_SECP_R1_256:MBEDTLS_PSA_CRYPTO_STORAGE_C +depends_on:MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_BASIC:MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_IMPORT:MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_EXPORT:MBEDTLS_PSA_BUILTIN_ECC_SECP_R1_256 validate_key:PSA_ERROR_NOT_SUPPORTED:PSA_KEY_LOCATION_LOCAL_STORAGE:132:1:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_SUCCESS validate key through transparent driver: fallback public key -depends_on:MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_PSA_BUILTIN_ECC_SECP_R1_256:MBEDTLS_PSA_CRYPTO_STORAGE_C +depends_on:MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_PSA_BUILTIN_ECC_SECP_R1_256 validate_key:PSA_ERROR_NOT_SUPPORTED:PSA_KEY_LOCATION_LOCAL_STORAGE:133:1:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1):"04dea5e45d0ea37fc566232a508f4ad20ea13d47e4bf5fa4d54a57a0ba012042087097496efc583fed8b24a5b9be9a51de063f5a00a8b698a16fd7f29b5485f320":PSA_SUCCESS validate key through transparent driver: error -depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT:MBEDTLS_PSA_CRYPTO_STORAGE_C +depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT validate_key:PSA_ERROR_GENERIC_ERROR:PSA_KEY_LOCATION_LOCAL_STORAGE:134:1:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_ERROR_GENERIC_ERROR validate key through opaque driver: good private key -depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_PSA_CRYPTO_STORAGE_C +depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT:PSA_WANT_ECC_SECP_R1_256 validate_key:PSA_SUCCESS:PSA_CRYPTO_TEST_DRIVER_LOCATION:130:1:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_SUCCESS validate key through opaque driver: good public key -depends_on:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_PSA_CRYPTO_STORAGE_C +depends_on:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:PSA_WANT_ECC_SECP_R1_256 validate_key:PSA_SUCCESS:PSA_CRYPTO_TEST_DRIVER_LOCATION:131:1:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1):"04dea5e45d0ea37fc566232a508f4ad20ea13d47e4bf5fa4d54a57a0ba012042087097496efc583fed8b24a5b9be9a51de063f5a00a8b698a16fd7f29b5485f320":PSA_SUCCESS validate key through opaque driver: error -depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT:MBEDTLS_PSA_CRYPTO_STORAGE_C +depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT validate_key:PSA_ERROR_GENERIC_ERROR:PSA_CRYPTO_TEST_DRIVER_LOCATION:134:1:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_ERROR_GENERIC_ERROR export_key private to public through driver: fake diff --git a/tf-psa-crypto/tests/suites/test_suite_psa_crypto_driver_wrappers.function b/tf-psa-crypto/tests/suites/test_suite_psa_crypto_driver_wrappers.function index 14fc644d9a..49b1c15b77 100644 --- a/tf-psa-crypto/tests/suites/test_suite_psa_crypto_driver_wrappers.function +++ b/tf-psa-crypto/tests/suites/test_suite_psa_crypto_driver_wrappers.function @@ -849,7 +849,7 @@ void validate_key(int force_status_arg, { psa_key_lifetime_t lifetime = PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( \ - PSA_KEY_PERSISTENCE_DEFAULT, location); + PSA_KEY_PERSISTENCE_VOLATILE, location); mbedtls_svc_key_id_t id = mbedtls_svc_key_id_make(owner_id_arg, id_arg); psa_status_t force_status = force_status_arg; psa_status_t expected_status = expected_status_arg; From 5278ebd186271d9fad4631975033e6727876ae50 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Tue, 13 Aug 2024 15:36:02 +0200 Subject: [PATCH 10/35] test: revert fixes for PSA entropy Signed-off-by: Valerio Setti --- .../tests/suites/test_suite_psa_crypto_entropy.function | 4 ---- .../tests/suites/test_suite_psa_crypto_init.function | 3 --- 2 files changed, 7 deletions(-) diff --git a/tf-psa-crypto/tests/suites/test_suite_psa_crypto_entropy.function b/tf-psa-crypto/tests/suites/test_suite_psa_crypto_entropy.function index 24081638d6..4d5eda2baf 100644 --- a/tf-psa-crypto/tests/suites/test_suite_psa_crypto_entropy.function +++ b/tf-psa-crypto/tests/suites/test_suite_psa_crypto_entropy.function @@ -8,10 +8,6 @@ #include "entropy_poll.h" /* Calculating the minimum allowed entropy size in bytes */ -#if !defined(MBEDTLS_ENTROPY_BLOCK_SIZE) -#define MBEDTLS_ENTROPY_BLOCK_SIZE MBEDTLS_ENTROPY_MIN_PLATFORM -#endif - #define MBEDTLS_PSA_INJECT_ENTROPY_MIN_SIZE MAX(MBEDTLS_ENTROPY_MIN_PLATFORM, \ MBEDTLS_ENTROPY_BLOCK_SIZE) diff --git a/tf-psa-crypto/tests/suites/test_suite_psa_crypto_init.function b/tf-psa-crypto/tests/suites/test_suite_psa_crypto_init.function index c9a1e077d6..954560a24e 100644 --- a/tf-psa-crypto/tests/suites/test_suite_psa_crypto_init.function +++ b/tf-psa-crypto/tests/suites/test_suite_psa_crypto_init.function @@ -24,9 +24,6 @@ static int check_stats(void) exit: return 0; } -#if !defined(MBEDTLS_ENTROPY_BLOCK_SIZE) -#define MBEDTLS_ENTROPY_BLOCK_SIZE MBEDTLS_ENTROPY_MIN_PLATFORM -#endif #define ENTROPY_MIN_NV_SEED_SIZE \ MAX(MBEDTLS_ENTROPY_MIN_PLATFORM, MBEDTLS_ENTROPY_BLOCK_SIZE) From 7d7867fb44778262a6b14674d03c11e29bcc5768 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Tue, 13 Aug 2024 16:02:08 +0200 Subject: [PATCH 11/35] psa_crypto_core: take also cipher's key length into account when sizing static key buffer Signed-off-by: Valerio Setti --- tf-psa-crypto/core/psa_crypto_core.h | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/tf-psa-crypto/core/psa_crypto_core.h b/tf-psa-crypto/core/psa_crypto_core.h index 5f59697612..a3c0fd6f19 100644 --- a/tf-psa-crypto/core/psa_crypto_core.h +++ b/tf-psa-crypto/core/psa_crypto_core.h @@ -56,9 +56,12 @@ typedef enum { } psa_key_slot_state_t; /* If the size of static key slots is not explicitly defined by the user, then - * set it to PSA_EXPORT_KEY_PAIR_OR_PUBLIC_MAX_SIZE. */ + * set it to the maximum between PSA_EXPORT_KEY_PAIR_OR_PUBLIC_MAX_SIZE and + * PSA_CIPHER_MAX_KEY_LENGTH. */ #if !defined(MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE) -#define MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE (PSA_EXPORT_KEY_PAIR_OR_PUBLIC_MAX_SIZE) +#define MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE \ + (PSA_EXPORT_KEY_PAIR_OR_PUBLIC_MAX_SIZE > PSA_CIPHER_MAX_KEY_LENGTH) ? \ + PSA_EXPORT_KEY_PAIR_OR_PUBLIC_MAX_SIZE : PSA_CIPHER_MAX_KEY_LENGTH #endif /* !MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE*/ /** The data structure representing a key slot, containing key material From 8321ac7bc157ee299897027635ccda4f103f093f Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Wed, 14 Aug 2024 05:12:45 +0200 Subject: [PATCH 12/35] psa-core: remove unnecessary element in psa_key_slot_t Instead of checking for "in_use" to be true/false or "key.data" to be not NULL, simply check that "key.bytes" is 0/not-0. psa_allocate_buffer_to_slot() will update this value whenever a new slot is allocated (for the fully static case "allocated" actually mean "taken"). Signed-off-by: Valerio Setti --- tf-psa-crypto/core/psa_crypto.c | 26 +++----------------------- tf-psa-crypto/core/psa_crypto_core.h | 1 - 2 files changed, 3 insertions(+), 24 deletions(-) diff --git a/tf-psa-crypto/core/psa_crypto.c b/tf-psa-crypto/core/psa_crypto.c index fcc342fea9..b2e33fc77e 100644 --- a/tf-psa-crypto/core/psa_crypto.c +++ b/tf-psa-crypto/core/psa_crypto.c @@ -706,15 +706,9 @@ psa_status_t psa_allocate_buffer_to_slot(psa_key_slot_t *slot, size_t buffer_length) { #if defined(MBEDTLS_PSA_STATIC_KEY_SLOTS) - if (slot->key.in_use) { - return PSA_ERROR_ALREADY_EXISTS; - } - if (buffer_length > ((size_t) MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE)) { return PSA_ERROR_NOT_SUPPORTED; } - - slot->key.in_use = 1; #else if (slot->key.data != NULL) { return PSA_ERROR_ALREADY_EXISTS; @@ -1189,9 +1183,7 @@ static psa_status_t psa_get_and_lock_transparent_key_slot_with_policy( psa_status_t psa_remove_key_data_from_memory(psa_key_slot_t *slot) { -#if defined(MBEDTLS_PSA_STATIC_KEY_SLOTS) - slot->key.in_use = 0; -#else /* MBEDTLS_PSA_STATIC_KEY_SLOTS */ +#if !defined(MBEDTLS_PSA_STATIC_KEY_SLOTS) if (slot->key.data != NULL) { mbedtls_zeroize_and_free(slot->key.data, slot->key.bytes); } @@ -2113,13 +2105,7 @@ psa_status_t psa_import_key(const psa_key_attributes_t *attributes, * storage ( thus not in the case of importing a key in a secure element * with storage ( MBEDTLS_PSA_CRYPTO_SE_C ) ),we have to allocate a * buffer to hold the imported key material. */ -#if defined(MBEDTLS_PSA_STATIC_KEY_SLOTS) - int is_slot_unused = (slot->key.in_use == 0); -#else - int is_slot_unused = (slot->key.data == NULL); -#endif - - if (is_slot_unused) { + if (slot->key.bytes == 0) { if (psa_key_lifetime_is_external(attributes->lifetime)) { status = psa_driver_wrapper_get_key_buffer_size_from_key_data( attributes, data, data_length, &storage_size); @@ -8053,13 +8039,7 @@ psa_status_t psa_generate_key_custom(const psa_key_attributes_t *attributes, * storage ( thus not in the case of generating a key in a secure element * with storage ( MBEDTLS_PSA_CRYPTO_SE_C ) ),we have to allocate a * buffer to hold the generated key material. */ -#if defined(MBEDTLS_PSA_STATIC_KEY_SLOTS) - int is_slot_unused = (slot->key.in_use == 0); -#else - int is_slot_unused = (slot->key.data == NULL); -#endif - - if (is_slot_unused) { + if (slot->key.bytes == 0) { if (PSA_KEY_LIFETIME_GET_LOCATION(attributes->lifetime) == PSA_KEY_LOCATION_LOCAL_STORAGE) { status = psa_validate_key_type_and_size_for_key_generation( diff --git a/tf-psa-crypto/core/psa_crypto_core.h b/tf-psa-crypto/core/psa_crypto_core.h index a3c0fd6f19..7832001d8c 100644 --- a/tf-psa-crypto/core/psa_crypto_core.h +++ b/tf-psa-crypto/core/psa_crypto_core.h @@ -165,7 +165,6 @@ typedef struct { * Format as specified in psa_export_key(). */ struct key_data { #if defined(MBEDTLS_PSA_STATIC_KEY_SLOTS) - int in_use; uint8_t data[MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE]; #else /* MBEDTLS_PSA_STATIC_KEY_SLOTS */ uint8_t *data; From 2a3c9b347c0598e3c435c0bb0e8261426cac62c4 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Wed, 14 Aug 2024 06:37:02 +0200 Subject: [PATCH 13/35] test: extend component_test_crypto_with_static_key_slots Intentionally set MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE slightly smaller than the maximum RSA key pair size for an RSA key of 4096 bits. Also add a test in test_suite_psa_crypto to verify this condition. Signed-off-by: Valerio Setti --- tests/scripts/components-configuration-crypto.sh | 6 +++++- tf-psa-crypto/tests/suites/test_suite_psa_crypto.data | 4 ++++ 2 files changed, 9 insertions(+), 1 deletion(-) diff --git a/tests/scripts/components-configuration-crypto.sh b/tests/scripts/components-configuration-crypto.sh index bbbd1a45e0..26bb5e7340 100644 --- a/tests/scripts/components-configuration-crypto.sh +++ b/tests/scripts/components-configuration-crypto.sh @@ -35,9 +35,13 @@ component_test_crypto_with_static_key_slots() { msg "build: crypto full + MBEDTLS_PSA_STATIC_KEY_SLOTS" scripts/config.py crypto_full scripts/config.py set MBEDTLS_PSA_STATIC_KEY_SLOTS + # Intentionally set MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE slightly smaller + # than PSA_EXPORT_KEY_PAIR_OR_PUBLIC_MAX_SIZE where the latter would be 2364 + # bytes for an RSA key pair of 4096 bits. + scripts/config.py set MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE 2362 msg "test: crypto full + MBEDTLS_PSA_STATIC_KEY_SLOTS" - make test + make CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS" test } # check_renamed_symbols HEADER LIB diff --git a/tf-psa-crypto/tests/suites/test_suite_psa_crypto.data b/tf-psa-crypto/tests/suites/test_suite_psa_crypto.data index 8ddd6d7543..b088ebf9e1 100644 --- a/tf-psa-crypto/tests/suites/test_suite_psa_crypto.data +++ b/tf-psa-crypto/tests/suites/test_suite_psa_crypto.data @@ -7481,6 +7481,10 @@ PSA generate key: RSA, maximum size exceeded depends_on:PSA_WANT_ALG_RSA_PKCS1V15_CRYPT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE generate_key:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_VENDOR_RSA_MAX_KEY_BITS+8:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_ERROR_NOT_SUPPORTED:0 +PSA generate key: RSA, key pair size does not fit in static key buffer +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_CRYPT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE:MBEDTLS_PSA_STATIC_KEY_SLOTS:MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE<2364 +generate_key:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_VENDOR_RSA_MAX_KEY_BITS:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_ERROR_NOT_SUPPORTED:0 + PSA generate key: ECC, SECP256R1, good depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE:PSA_WANT_ECC_SECP_R1_256 generate_key:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):256:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_ECDSA_ANY:PSA_SUCCESS:0 From c975d5e602c171d0d82b2ccbb480ffbe8d7e38cc Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Wed, 14 Aug 2024 09:16:23 +0200 Subject: [PATCH 14/35] test: add test with persitent key whose length is larger than MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE Signed-off-by: Valerio Setti --- ...t_suite_psa_crypto_storage_format.function | 32 +++++++++++++++++-- ..._suite_psa_crypto_storage_format.misc.data | 6 ++++ 2 files changed, 36 insertions(+), 2 deletions(-) diff --git a/tf-psa-crypto/tests/suites/test_suite_psa_crypto_storage_format.function b/tf-psa-crypto/tests/suites/test_suite_psa_crypto_storage_format.function index efaaba58a3..ca70d20f67 100644 --- a/tf-psa-crypto/tests/suites/test_suite_psa_crypto_storage_format.function +++ b/tf-psa-crypto/tests/suites/test_suite_psa_crypto_storage_format.function @@ -1,14 +1,16 @@ /* BEGIN_HEADER */ #include +#include #include #include #include -#define TEST_FLAG_EXERCISE 0x00000001 -#define TEST_FLAG_READ_ONLY 0x00000002 +#define TEST_FLAG_EXERCISE 0x00000001 +#define TEST_FLAG_READ_ONLY 0x00000002 +#define TEST_FLAG_OVERSIZED_KEY 0x00000004 /** Write a key with the given attributes and key material to storage. * Test that it has the expected representation. @@ -158,6 +160,12 @@ static int test_read_key(const psa_key_attributes_t *expected_attributes, /* Prime the storage with a key file. */ PSA_ASSERT(psa_its_set(uid, representation->len, representation->x, 0)); + if (flags & TEST_FLAG_OVERSIZED_KEY) { + TEST_EQUAL(psa_get_key_attributes(key_id, &actual_attributes), PSA_ERROR_DATA_INVALID); + ok = 1; + goto exit; + } + /* Check that the injected key exists and looks as expected. */ PSA_ASSERT(psa_get_key_attributes(key_id, &actual_attributes)); TEST_ASSERT(mbedtls_svc_key_id_equal(key_id, @@ -281,6 +289,7 @@ void key_storage_read(int lifetime_arg, int type_arg, int bits_arg, mbedtls_svc_key_id_t key_id = mbedtls_svc_key_id_make(0, 1); psa_storage_uid_t uid = 1; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; + uint8_t *custom_key_data = NULL, *custom_storage_data = NULL; PSA_INIT(); TEST_USES_KEY_ID(key_id); @@ -293,6 +302,23 @@ void key_storage_read(int lifetime_arg, int type_arg, int bits_arg, psa_set_key_algorithm(&attributes, alg); psa_set_key_enrollment_algorithm(&attributes, alg2); + /* Create a persistent key which is intentionally larger than the specified + * bit size. */ + if (flags & TEST_FLAG_OVERSIZED_KEY) { + TEST_CALLOC(custom_key_data, PSA_BITS_TO_BYTES(bits) + 1); + memset(custom_key_data, 0xAA, PSA_BITS_TO_BYTES(bits) + 1); + material->len = PSA_BITS_TO_BYTES(bits) + 1; + material->x = custom_key_data; + + /* 36 bytes are the overhead of psa_persistent_key_storage_format */ + TEST_CALLOC(custom_storage_data, PSA_BITS_TO_BYTES(bits) + 1 + 36); + representation->len = PSA_BITS_TO_BYTES(bits) + 1 + 36; + representation->x = custom_storage_data; + + psa_format_key_data_for_storage(custom_key_data, PSA_BITS_TO_BYTES(bits) + 1, + &attributes, custom_storage_data); + } + /* Test that we can use a key with the given representation. This * guarantees backward compatibility with keys that were stored by * past versions of Mbed TLS. */ @@ -300,6 +326,8 @@ void key_storage_read(int lifetime_arg, int type_arg, int bits_arg, uid, representation, flags)); exit: + mbedtls_free(custom_key_data); + mbedtls_free(custom_storage_data); psa_reset_key_attributes(&attributes); PSA_DONE(); } diff --git a/tf-psa-crypto/tests/suites/test_suite_psa_crypto_storage_format.misc.data b/tf-psa-crypto/tests/suites/test_suite_psa_crypto_storage_format.misc.data index 48e3804b42..8aabe4cb2c 100644 --- a/tf-psa-crypto/tests/suites/test_suite_psa_crypto_storage_format.misc.data +++ b/tf-psa-crypto/tests/suites/test_suite_psa_crypto_storage_format.misc.data @@ -9,3 +9,9 @@ key_storage_read:PSA_KEY_LIFETIME_PERSISTENT:PSA_KEY_TYPE_AES:128:PSA_KEY_USAGE_ PSA storage save: AES-GCM+CTR depends_on:PSA_WANT_KEY_TYPE_AES key_storage_save:PSA_KEY_LIFETIME_PERSISTENT:PSA_KEY_TYPE_AES:128:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_ENCRYPT:PSA_ALG_GCM:PSA_ALG_CTR:"404142434445464748494a4b4c4d4e4f":"505341004b45590000000000010000000024800001010000000250050010c00410000000404142434445464748494a4b4c4d4e4f" + +# Create a persistent key which is larger than MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE +# so that when psa_get_key_attributes() tries to load it from the storage it will fail. +PSA storage read: key larger than MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE +depends_on:PSA_WANT_KEY_TYPE_RAW_DATA:MBEDTLS_PSA_STATIC_KEY_SLOTS +key_storage_read:PSA_KEY_LIFETIME_PERSISTENT:PSA_KEY_TYPE_RAW_DATA:MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE*8:PSA_KEY_USAGE_EXPORT:PSA_ALG_NONE:PSA_ALG_NONE:"":"":TEST_FLAG_OVERSIZED_KEY From d813e6dd3c4cdeb80d7bd1bd35ac2fe7ff342186 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Fri, 16 Aug 2024 07:46:06 +0200 Subject: [PATCH 15/35] psa: fix some macro definition Signed-off-by: Valerio Setti --- tf-psa-crypto/core/psa_crypto_core.h | 4 ++-- tf-psa-crypto/include/psa/crypto_sizes.h | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/tf-psa-crypto/core/psa_crypto_core.h b/tf-psa-crypto/core/psa_crypto_core.h index 7832001d8c..6dd00730ce 100644 --- a/tf-psa-crypto/core/psa_crypto_core.h +++ b/tf-psa-crypto/core/psa_crypto_core.h @@ -60,8 +60,8 @@ typedef enum { * PSA_CIPHER_MAX_KEY_LENGTH. */ #if !defined(MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE) #define MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE \ - (PSA_EXPORT_KEY_PAIR_OR_PUBLIC_MAX_SIZE > PSA_CIPHER_MAX_KEY_LENGTH) ? \ - PSA_EXPORT_KEY_PAIR_OR_PUBLIC_MAX_SIZE : PSA_CIPHER_MAX_KEY_LENGTH + ((PSA_EXPORT_KEY_PAIR_OR_PUBLIC_MAX_SIZE > PSA_CIPHER_MAX_KEY_LENGTH) ? \ + PSA_EXPORT_KEY_PAIR_OR_PUBLIC_MAX_SIZE : PSA_CIPHER_MAX_KEY_LENGTH) #endif /* !MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE*/ /** The data structure representing a key slot, containing key material diff --git a/tf-psa-crypto/include/psa/crypto_sizes.h b/tf-psa-crypto/include/psa/crypto_sizes.h index 892bfa3e7f..87b8c39fa6 100644 --- a/tf-psa-crypto/include/psa/crypto_sizes.h +++ b/tf-psa-crypto/include/psa/crypto_sizes.h @@ -1039,8 +1039,8 @@ #endif #define PSA_EXPORT_KEY_PAIR_OR_PUBLIC_MAX_SIZE \ - (PSA_EXPORT_KEY_PAIR_MAX_SIZE > PSA_EXPORT_PUBLIC_KEY_MAX_SIZE) ? \ - PSA_EXPORT_KEY_PAIR_MAX_SIZE : PSA_EXPORT_PUBLIC_KEY_MAX_SIZE + ((PSA_EXPORT_KEY_PAIR_MAX_SIZE > PSA_EXPORT_PUBLIC_KEY_MAX_SIZE) ? \ + PSA_EXPORT_KEY_PAIR_MAX_SIZE : PSA_EXPORT_PUBLIC_KEY_MAX_SIZE) /** Sufficient output buffer size for psa_raw_key_agreement(). * From c2a6e8b3a95b942a93d39df790fe957a50e41511 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Fri, 16 Aug 2024 07:58:02 +0200 Subject: [PATCH 16/35] mbedtls_config: fix/improve descriptions of PSA_STATIC_KEY_SLOT symbols Signed-off-by: Valerio Setti --- include/mbedtls/mbedtls_config.h | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/include/mbedtls/mbedtls_config.h b/include/mbedtls/mbedtls_config.h index 55a7fe7879..46ea878cad 100644 --- a/include/mbedtls/mbedtls_config.h +++ b/include/mbedtls/mbedtls_config.h @@ -3075,11 +3075,11 @@ * require it. * This feature affects both volatile and persistent keys which means that * it's not possible to persistently store a key which is larger than - * MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE. + * #MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE. * * \note This feature comes with a (potentially) higher RAM usage since: * - All the key slots are allocated no matter if they are used of not. - * - Each key buffer's length is MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE bytes. + * - Each key buffer's length is #MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE bytes. * * Requires: MBEDTLS_PSA_CRYPTO_C * @@ -3890,10 +3890,10 @@ /** * \def MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE * - * Define the size (in bytes) of each static key slot when - * MBEDTLS_PSA_STATIC_KEY_SLOTS is set. If not - * explicitly defined then it's automatically set to hold the maximum - * asymmetric PSA key enabled in the build (through PSA_WANT_xxx symbols). + * Define the size (in bytes) of each static key buffer when + * #MBEDTLS_PSA_STATIC_KEY_SLOTS is set. If not + * explicitly defined then it's automatically guessed from available PSA keys + * enabled in the build through PSA_WANT_xxx symbols. * If required by the application this parameter can be set to higher values * in order to store larger objects (ex: raw keys), but please note that this * will increase RAM usage. From 4d9a8219ac5d20070ee158c1effa69671547bf97 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Fri, 16 Aug 2024 12:35:24 +0200 Subject: [PATCH 17/35] test: properly select MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE value This value should be: - OK for all EC/FFDH key pairs/public keys; - OK for all supported public RSA keys; - OK for RSA key pairs up to 2048 bits; - FAIL for RSA key pairs above 2048 bits. Signed-off-by: Valerio Setti --- tests/include/test/psa_crypto_helpers.h | 22 +++ .../components-configuration-crypto.sh | 11 +- .../tests/suites/test_suite_pkparse.data | 146 +++++++++--------- .../tests/suites/test_suite_pkwrite.data | 10 +- .../tests/suites/test_suite_psa_crypto.data | 15 +- 5 files changed, 118 insertions(+), 86 deletions(-) diff --git a/tests/include/test/psa_crypto_helpers.h b/tests/include/test/psa_crypto_helpers.h index 30f2e0f535..e151e3a400 100644 --- a/tests/include/test/psa_crypto_helpers.h +++ b/tests/include/test/psa_crypto_helpers.h @@ -461,4 +461,26 @@ uint64_t mbedtls_test_parse_binary_string(data_t *bin_string); #define MBEDTLS_TEST_PSA_INTERNAL_KEYS \ MBEDTLS_TEST_PSA_INTERNAL_KEYS_FOR_DRBG +/* Some helper macros to verify if MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE is + * large enough to contain an RSA key pair of the given size. This is meant to be + * used in test cases where MBEDTLS_PSA_STATIC_KEY_SLOTS is enabled. */ +#if defined(MBEDTLS_PSA_CRYPTO_C) +#if (MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE >= PSA_KEY_EXPORT_RSA_KEY_PAIR_MAX_SIZE(4096)) +#define STATIC_KEY_SLOTS_SUPPORT_RSA_4096 +#endif + +#if (MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE >= PSA_KEY_EXPORT_RSA_KEY_PAIR_MAX_SIZE(2048)) +#define STATIC_KEY_SLOTS_SUPPORT_RSA_2048 +#endif + +#if !defined(MBEDTLS_PSA_STATIC_KEY_SLOTS) || defined(STATIC_KEY_SLOTS_SUPPORT_RSA_4096) +#define MBEDTLS_TEST_ALLOW_RSA_4096 +#endif + +#else /* MBEDTLS_PSA_CRYPTO_C */ + +#define MBEDTLS_TEST_ALLOW_RSA_4096 + +#endif /* MBEDTLS_PSA_CRYPTO_C */ + #endif /* PSA_CRYPTO_HELPERS_H */ diff --git a/tests/scripts/components-configuration-crypto.sh b/tests/scripts/components-configuration-crypto.sh index 26bb5e7340..3473725e4e 100644 --- a/tests/scripts/components-configuration-crypto.sh +++ b/tests/scripts/components-configuration-crypto.sh @@ -35,10 +35,13 @@ component_test_crypto_with_static_key_slots() { msg "build: crypto full + MBEDTLS_PSA_STATIC_KEY_SLOTS" scripts/config.py crypto_full scripts/config.py set MBEDTLS_PSA_STATIC_KEY_SLOTS - # Intentionally set MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE slightly smaller - # than PSA_EXPORT_KEY_PAIR_OR_PUBLIC_MAX_SIZE where the latter would be 2364 - # bytes for an RSA key pair of 4096 bits. - scripts/config.py set MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE 2362 + # Intentionally set MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE to a value that + # is enough to contain: + # - all RSA public keys up to 4096 bits (max of PSA_VENDOR_RSA_MAX_KEY_BITS). + # - RSA key pairs up to 1024 bits, but not 2048 or larger. + # - all FFDH key pairs and public keys up to 8192 bits (max of PSA_VENDOR_FFDH_MAX_KEY_BITS). + # - all EC key pairs and public keys up to 521 bits (max of PSA_VENDOR_ECC_MAX_CURVE_BITS). + scripts/config.py set MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE 1212 msg "test: crypto full + MBEDTLS_PSA_STATIC_KEY_SLOTS" make CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS" test diff --git a/tf-psa-crypto/tests/suites/test_suite_pkparse.data b/tf-psa-crypto/tests/suites/test_suite_pkparse.data index f896dd4d36..028686c7d7 100644 --- a/tf-psa-crypto/tests/suites/test_suite_pkparse.data +++ b/tf-psa-crypto/tests/suites/test_suite_pkparse.data @@ -51,23 +51,23 @@ depends_on:PSA_WANT_ALG_MD5:MBEDTLS_AES_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_CIPHER_MOD pk_parse_keyfile_rsa:"../../framework/data_files/rsa_pkcs1_2048_aes256.pem":"testkey":0 Parse RSA Key #14 (4096-bit, DES Encrypted) -depends_on:PSA_WANT_ALG_MD5:MBEDTLS_DES_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_CIPHER_MODE_CBC +depends_on:PSA_WANT_ALG_MD5:MBEDTLS_DES_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_TEST_ALLOW_RSA_4096 pk_parse_keyfile_rsa:"../../framework/data_files/rsa_pkcs1_4096_des.pem":"testkey":0 Parse RSA Key #15 (4096-bit, 3DES Encrypted) -depends_on:PSA_WANT_ALG_MD5:MBEDTLS_DES_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_CIPHER_MODE_CBC +depends_on:PSA_WANT_ALG_MD5:MBEDTLS_DES_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_TEST_ALLOW_RSA_4096 pk_parse_keyfile_rsa:"../../framework/data_files/rsa_pkcs1_4096_3des.pem":"testkey":0 Parse RSA Key #16 (4096-bit, AES-128 Encrypted) -depends_on:PSA_WANT_ALG_MD5:MBEDTLS_AES_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_CIPHER_MODE_CBC +depends_on:PSA_WANT_ALG_MD5:MBEDTLS_AES_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_TEST_ALLOW_RSA_4096 pk_parse_keyfile_rsa:"../../framework/data_files/rsa_pkcs1_4096_aes128.pem":"testkey":0 Parse RSA Key #17 (4096-bit, AES-192 Encrypted) -depends_on:PSA_WANT_ALG_MD5:MBEDTLS_AES_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_CIPHER_MODE_CBC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:PSA_WANT_ALG_MD5:MBEDTLS_AES_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_CIPHER_MODE_CBC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:MBEDTLS_TEST_ALLOW_RSA_4096 pk_parse_keyfile_rsa:"../../framework/data_files/rsa_pkcs1_4096_aes192.pem":"testkey":0 Parse RSA Key #18 (4096-bit, AES-256 Encrypted) -depends_on:PSA_WANT_ALG_MD5:MBEDTLS_AES_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_CIPHER_MODE_CBC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:PSA_WANT_ALG_MD5:MBEDTLS_AES_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_CIPHER_MODE_CBC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:MBEDTLS_TEST_ALLOW_RSA_4096 pk_parse_keyfile_rsa:"../../framework/data_files/rsa_pkcs1_4096_aes256.pem":"testkey":0 Parse RSA Key #19 (PKCS#8 wrapped) @@ -99,15 +99,15 @@ depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_1:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS12_C pk_parse_keyfile_rsa:"../../framework/data_files/rsa_pkcs8_pbe_sha1_2048_3des.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED Parse RSA Key #22 (PKCS#8 encrypted SHA1-3DES, 4096-bit) -depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_1:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS12_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC +depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_1:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS12_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_TEST_ALLOW_RSA_4096 pk_parse_keyfile_rsa:"../../framework/data_files/rsa_pkcs8_pbe_sha1_4096_3des.pem":"PolarSSLTest":0 Parse RSA Key #22.1 (PKCS#8 encrypted SHA1-3DES, 4096-bit, wrong PW) -depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_1:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS12_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_1:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS12_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7:MBEDTLS_TEST_ALLOW_RSA_4096 pk_parse_keyfile_rsa:"../../framework/data_files/rsa_pkcs8_pbe_sha1_4096_3des.pem":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH Parse RSA Key #22.2 (PKCS#8 encrypted SHA1-3DES, 4096-bit, no PW) -depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_1:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS12_C:MBEDTLS_CIPHER_C +depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_1:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS12_C:MBEDTLS_CIPHER_C:MBEDTLS_TEST_ALLOW_RSA_4096 pk_parse_keyfile_rsa:"../../framework/data_files/rsa_pkcs8_pbe_sha1_4096_3des.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED Parse RSA Key #23 (PKCS#8 encrypted SHA1-3DES DER) @@ -119,7 +119,7 @@ depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_1:MBEDTLS_PKCS12_C:MBEDTLS_CIPHER_C:MB pk_parse_keyfile_rsa:"../../framework/data_files/rsa_pkcs8_pbe_sha1_2048_3des.der":"PolarSSLTest":0 Parse RSA Key #25 (PKCS#8 encrypted SHA1-3DES DER, 4096-bit) -depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_1:MBEDTLS_PKCS12_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC +depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_1:MBEDTLS_PKCS12_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_TEST_ALLOW_RSA_4096 pk_parse_keyfile_rsa:"../../framework/data_files/rsa_pkcs8_pbe_sha1_4096_3des.der":"PolarSSLTest":0 Parse RSA Key #26 (PKCS#8 encrypted SHA1-2DES) @@ -147,15 +147,15 @@ depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_1:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS12_C pk_parse_keyfile_rsa:"../../framework/data_files/rsa_pkcs8_pbe_sha1_2048_2des.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED Parse RSA Key #28 (PKCS#8 encrypted SHA1-2DES, 4096-bit) -depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_1:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS12_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC +depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_1:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS12_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_TEST_ALLOW_RSA_4096 pk_parse_keyfile_rsa:"../../framework/data_files/rsa_pkcs8_pbe_sha1_4096_2des.pem":"PolarSSLTest":0 Parse RSA Key #28.1 (PKCS#8 encrypted SHA1-2DES, 4096-bit, wrong PW) -depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_1:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS12_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_1:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS12_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7:MBEDTLS_TEST_ALLOW_RSA_4096 pk_parse_keyfile_rsa:"../../framework/data_files/rsa_pkcs8_pbe_sha1_4096_2des.pem":"PolarSLTest":MBEDTLS_ERR_PK_PASSWORD_MISMATCH Parse RSA Key #28.2 (PKCS#8 encrypted SHA1-2DES, 4096-bit, no PW) -depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_1:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS12_C:MBEDTLS_CIPHER_C +depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_1:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS12_C:MBEDTLS_CIPHER_C:MBEDTLS_TEST_ALLOW_RSA_4096 pk_parse_keyfile_rsa:"../../framework/data_files/rsa_pkcs8_pbe_sha1_4096_2des.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED Parse RSA Key #29 (PKCS#8 encrypted SHA1-2DES DER) @@ -167,7 +167,7 @@ depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_1:MBEDTLS_PKCS12_C:MBEDTLS_CIPHER_C:MB pk_parse_keyfile_rsa:"../../framework/data_files/rsa_pkcs8_pbe_sha1_2048_2des.der":"PolarSSLTest":0 Parse RSA Key #31 (PKCS#8 encrypted SHA1-2DES DER, 4096-bit) -depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_1:MBEDTLS_PKCS12_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC +depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_1:MBEDTLS_PKCS12_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_TEST_ALLOW_RSA_4096 pk_parse_keyfile_rsa:"../../framework/data_files/rsa_pkcs8_pbe_sha1_4096_2des.der":"PolarSSLTest":0 Parse RSA Key #38 (PKCS#8 encrypted v2 PBKDF2 3DES) @@ -195,15 +195,15 @@ depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_1:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C: pk_parse_keyfile_rsa:"../../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED Parse RSA Key #40 (PKCS#8 encrypted v2 PBKDF2 3DES, 4096-bit) -depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_1:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC +depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_1:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_TEST_ALLOW_RSA_4096 pk_parse_keyfile_rsa:"../../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des.pem":"PolarSSLTest":0 Parse RSA Key #40.1 (PKCS#8 encrypted v2 PBKDF2 3DES, 4096-bit, wrong PW) -depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_1:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_1:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7:MBEDTLS_TEST_ALLOW_RSA_4096 pk_parse_keyfile_rsa:"../../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des.pem":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH Parse RSA Key #40.2 (PKCS#8 encrypted v2 PBKDF2 3DES, 4096-bit, no PW) -depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_1:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C +depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_1:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_TEST_ALLOW_RSA_4096 pk_parse_keyfile_rsa:"../../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED Parse RSA Key #41 (PKCS#8 encrypted v2 PBKDF2 3DES DER) @@ -231,15 +231,15 @@ depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_1:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C pk_parse_keyfile_rsa:"../../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT Parse RSA Key #43 (PKCS#8 encrypted v2 PBKDF2 3DES DER, 4096-bit) -depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_1:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC +depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_1:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_TEST_ALLOW_RSA_4096 pk_parse_keyfile_rsa:"../../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des.der":"PolarSSLTest":0 Parse RSA Key #43.1 (PKCS#8 encrypted v2 PBKDF2 3DES DER, 4096-bit, wrong PW) -depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_1:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_1:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7:MBEDTLS_TEST_ALLOW_RSA_4096 pk_parse_keyfile_rsa:"../../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des.der":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH Parse RSA Key #43.2 (PKCS#8 encrypted v2 PBKDF2 3DES DER, 4096-bit, no PW) -depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_1:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C +depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_1:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_TEST_ALLOW_RSA_4096 pk_parse_keyfile_rsa:"../../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT Parse RSA Key #44 (PKCS#8 encrypted v2 PBKDF2 DES) @@ -267,15 +267,15 @@ depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_1:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C: pk_parse_keyfile_rsa:"../../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_des.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED Parse RSA Key #46 (PKCS#8 encrypted v2 PBKDF2 DES, 4096-bit) -depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_1:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC +depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_1:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_TEST_ALLOW_RSA_4096 pk_parse_keyfile_rsa:"../../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des.pem":"PolarSSLTest":0 Parse RSA Key #46.1 (PKCS#8 encrypted v2 PBKDF2 DES, 4096-bit, wrong PW) -depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_1:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_1:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7:MBEDTLS_TEST_ALLOW_RSA_4096 pk_parse_keyfile_rsa:"../../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des.pem":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH Parse RSA Key #46.2 (PKCS#8 encrypted v2 PBKDF2 DES, 4096-bit, no PW) -depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_1:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C +depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_1:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_TEST_ALLOW_RSA_4096 pk_parse_keyfile_rsa:"../../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED Parse RSA Key #47 (PKCS#8 encrypted v2 PBKDF2 DES DER) @@ -303,15 +303,15 @@ depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_1:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C pk_parse_keyfile_rsa:"../../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_des.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT Parse RSA Key #49 (PKCS#8 encrypted v2 PBKDF2 DES DER, 4096-bit) -depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_1:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC +depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_1:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_TEST_ALLOW_RSA_4096 pk_parse_keyfile_rsa:"../../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des.der":"PolarSSLTest":0 Parse RSA Key #49.1 (PKCS#8 encrypted v2 PBKDF2 DES DER, 4096-bit, wrong PW) -depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_1:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_1:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7:MBEDTLS_TEST_ALLOW_RSA_4096 pk_parse_keyfile_rsa:"../../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des.der":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH Parse RSA Key #49.2 (PKCS#8 encrypted v2 PBKDF2 DES DER, 4096-bit, no PW) -depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_1:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C +depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_1:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_TEST_ALLOW_RSA_4096 pk_parse_keyfile_rsa:"../../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT Parse RSA Key #50 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA224) @@ -339,15 +339,15 @@ depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_224:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_ pk_parse_keyfile_rsa:"../../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha224.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED Parse RSA Key #52 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA224, 4096-bit) -depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_224:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC +depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_224:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_TEST_ALLOW_RSA_4096 pk_parse_keyfile_rsa:"../../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha224.pem":"PolarSSLTest":0 Parse RSA Key #52.1 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA224, 4096-bit, wrong PW) -depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_224:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_224:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7:MBEDTLS_TEST_ALLOW_RSA_4096 pk_parse_keyfile_rsa:"../../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha224.pem":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH Parse RSA Key #52.2 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA224, 4096-bit, no PW) -depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_224:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C +depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_224:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_TEST_ALLOW_RSA_4096 pk_parse_keyfile_rsa:"../../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha224.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED Parse RSA Key #53 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA224 DER) @@ -375,15 +375,15 @@ depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_224:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C pk_parse_keyfile_rsa:"../../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha224.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT Parse RSA Key #55 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA224 DER, 4096-bit) -depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_224:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC +depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_224:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_TEST_ALLOW_RSA_4096 pk_parse_keyfile_rsa:"../../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha224.der":"PolarSSLTest":0 Parse RSA Key #55.1 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA224 DER, 4096-bit, wrong PW) -depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_224:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_224:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7:MBEDTLS_TEST_ALLOW_RSA_4096 pk_parse_keyfile_rsa:"../../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha224.der":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH Parse RSA Key #55.2 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA224 DER, 4096-bit, no PW) -depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_224:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C +depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_224:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_TEST_ALLOW_RSA_4096 pk_parse_keyfile_rsa:"../../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha224.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT Parse RSA Key #56 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA224) @@ -411,15 +411,15 @@ depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_224:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_ pk_parse_keyfile_rsa:"../../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_des_sha224.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED Parse RSA Key #58 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA224, 4096-bit) -depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_224:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC +depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_224:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_TEST_ALLOW_RSA_4096 pk_parse_keyfile_rsa:"../../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha224.pem":"PolarSSLTest":0 Parse RSA Key #58.1 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA224, 4096-bit, wrong PW) -depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_224:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_224:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7:MBEDTLS_TEST_ALLOW_RSA_4096 pk_parse_keyfile_rsa:"../../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha224.pem":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH Parse RSA Key #58.2 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA224, 4096-bit, no PW) -depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_224:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C +depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_224:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_TEST_ALLOW_RSA_4096 pk_parse_keyfile_rsa:"../../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha224.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED Parse RSA Key #59 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA224 DER) @@ -447,15 +447,15 @@ depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_224:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C pk_parse_keyfile_rsa:"../../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_des_sha224.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT Parse RSA Key #61 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA224 DER, 4096-bit) -depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_224:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC +depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_224:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_TEST_ALLOW_RSA_4096 pk_parse_keyfile_rsa:"../../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha224.der":"PolarSSLTest":0 Parse RSA Key #61.1 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA224 DER, 4096-bit, wrong PW) -depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_224:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_224:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7:MBEDTLS_TEST_ALLOW_RSA_4096 pk_parse_keyfile_rsa:"../../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha224.der":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH Parse RSA Key #61.2 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA224 DER, 4096-bit, no PW) -depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_224:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C +depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_224:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_TEST_ALLOW_RSA_4096 pk_parse_keyfile_rsa:"../../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha224.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT Parse RSA Key #62 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA256) @@ -483,15 +483,15 @@ depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_256:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_ pk_parse_keyfile_rsa:"../../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha256.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED Parse RSA Key #64 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA256, 4096-bit) -depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_256:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC +depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_256:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_TEST_ALLOW_RSA_4096 pk_parse_keyfile_rsa:"../../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha256.pem":"PolarSSLTest":0 Parse RSA Key #64.1 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA256, 4096-bit, wrong PW) -depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_256:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_256:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7:MBEDTLS_TEST_ALLOW_RSA_4096 pk_parse_keyfile_rsa:"../../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha256.pem":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH Parse RSA Key #64.2 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA256, 4096-bit, no PW) -depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_256:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C +depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_256:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_TEST_ALLOW_RSA_4096 pk_parse_keyfile_rsa:"../../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha256.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED Parse RSA Key #65 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA256 DER) @@ -519,15 +519,15 @@ depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_256:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C pk_parse_keyfile_rsa:"../../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha256.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT Parse RSA Key #67 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA256 DER, 4096-bit) -depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_256:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC +depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_256:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_TEST_ALLOW_RSA_4096 pk_parse_keyfile_rsa:"../../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha256.der":"PolarSSLTest":0 Parse RSA Key #68.1 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA256 DER, 4096-bit, wrong PW) -depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_256:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_256:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7:MBEDTLS_TEST_ALLOW_RSA_4096 pk_parse_keyfile_rsa:"../../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha256.der":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH Parse RSA Key #68.2 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA256 DER, 4096-bit, no PW) -depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_256:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C +depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_256:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_TEST_ALLOW_RSA_4096 pk_parse_keyfile_rsa:"../../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha256.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT Parse RSA Key #69 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA256) @@ -555,15 +555,15 @@ depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_256:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_ pk_parse_keyfile_rsa:"../../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_des_sha256.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED Parse RSA Key #71 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA256, 4096-bit) -depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_256:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC +depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_256:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_TEST_ALLOW_RSA_4096 pk_parse_keyfile_rsa:"../../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha256.pem":"PolarSSLTest":0 Parse RSA Key #71.1 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA256, 4096-bit, wrong PW) -depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_256:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_256:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7:MBEDTLS_TEST_ALLOW_RSA_4096 pk_parse_keyfile_rsa:"../../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha256.pem":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH Parse RSA Key #71.2 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA256, 4096-bit, no PW) -depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_256:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C +depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_256:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_TEST_ALLOW_RSA_4096 pk_parse_keyfile_rsa:"../../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha256.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED Parse RSA Key #72 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA256 DER) @@ -591,15 +591,15 @@ depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_256:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C pk_parse_keyfile_rsa:"../../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_des_sha256.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT Parse RSA Key #74 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA256 DER, 4096-bit) -depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_256:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC +depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_256:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_TEST_ALLOW_RSA_4096 pk_parse_keyfile_rsa:"../../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha256.der":"PolarSSLTest":0 Parse RSA Key #74.1 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA256 DER, 4096-bit, wrong PW) -depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_256:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_256:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7:MBEDTLS_TEST_ALLOW_RSA_4096 pk_parse_keyfile_rsa:"../../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha256.der":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH Parse RSA Key #74.2 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA256 DER, 4096-bit, no PW) -depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_256:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C +depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_256:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_TEST_ALLOW_RSA_4096 pk_parse_keyfile_rsa:"../../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha256.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT Parse RSA Key #75 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA384) @@ -627,15 +627,15 @@ depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_384:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_ pk_parse_keyfile_rsa:"../../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha384.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED Parse RSA Key #77 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA384, 4096-bit) -depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_384:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC +depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_384:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_TEST_ALLOW_RSA_4096 pk_parse_keyfile_rsa:"../../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha384.pem":"PolarSSLTest":0 Parse RSA Key #77.1 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA384, 4096-bit, wrong PW) -depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_384:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_384:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7:MBEDTLS_TEST_ALLOW_RSA_4096 pk_parse_keyfile_rsa:"../../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha384.pem":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH Parse RSA Key #77.2 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA384, 4096-bit, no PW) -depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_384:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C +depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_384:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_TEST_ALLOW_RSA_4096 pk_parse_keyfile_rsa:"../../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha384.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED Parse RSA Key #78 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA384 DER) @@ -663,15 +663,15 @@ depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_384:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C pk_parse_keyfile_rsa:"../../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha384.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT Parse RSA Key #80 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA384 DER, 4096-bit) -depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_384:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC +depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_384:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_TEST_ALLOW_RSA_4096 pk_parse_keyfile_rsa:"../../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha384.der":"PolarSSLTest":0 Parse RSA Key #80.1 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA384 DER, 4096-bit, wrong PW) -depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_384:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_384:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7:MBEDTLS_TEST_ALLOW_RSA_4096 pk_parse_keyfile_rsa:"../../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha384.der":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH Parse RSA Key #80.2 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA384 DER, 4096-bit, no PW) -depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_384:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C +depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_384:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_TEST_ALLOW_RSA_4096 pk_parse_keyfile_rsa:"../../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha384.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT Parse RSA Key #81 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA384) @@ -699,15 +699,15 @@ depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_384:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_ pk_parse_keyfile_rsa:"../../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_des_sha384.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED Parse RSA Key #83 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA384, 4096-bit) -depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_384:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC +depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_384:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_TEST_ALLOW_RSA_4096 pk_parse_keyfile_rsa:"../../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha384.pem":"PolarSSLTest":0 Parse RSA Key #83.1 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA384, 4096-bit, wrong PW) -depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_384:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_384:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7:MBEDTLS_TEST_ALLOW_RSA_4096 pk_parse_keyfile_rsa:"../../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha384.pem":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH Parse RSA Key #83.2 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA384, 4096-bit, no PW) -depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_384:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C +depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_384:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_TEST_ALLOW_RSA_4096 pk_parse_keyfile_rsa:"../../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha384.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED Parse RSA Key #84 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA384 DER) @@ -735,15 +735,15 @@ depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_384:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C pk_parse_keyfile_rsa:"../../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_des_sha384.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT Parse RSA Key #87 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA384 DER, 4096-bit) -depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_384:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC +depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_384:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_TEST_ALLOW_RSA_4096 pk_parse_keyfile_rsa:"../../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha384.der":"PolarSSLTest":0 Parse RSA Key #87.1 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA384 DER, 4096-bit, wrong PW) -depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_384:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_384:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7:MBEDTLS_TEST_ALLOW_RSA_4096 pk_parse_keyfile_rsa:"../../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha384.der":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH Parse RSA Key #87.2 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA384 DER, 4096-bit, no PW) -depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_384:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C +depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_384:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_TEST_ALLOW_RSA_4096 pk_parse_keyfile_rsa:"../../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha384.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT Parse RSA Key #88 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA512) @@ -771,15 +771,15 @@ depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_512:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_ pk_parse_keyfile_rsa:"../../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha512.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED Parse RSA Key #90 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA512, 4096-bit) -depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_512:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC +depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_512:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_TEST_ALLOW_RSA_4096 pk_parse_keyfile_rsa:"../../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha512.pem":"PolarSSLTest":0 Parse RSA Key #90.1 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA512, 4096-bit, wrong PW) -depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_512:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_512:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7:MBEDTLS_TEST_ALLOW_RSA_4096 pk_parse_keyfile_rsa:"../../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha512.pem":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH Parse RSA Key #90.2 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA512, 4096-bit, no PW) -depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_512:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C +depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_512:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_TEST_ALLOW_RSA_4096 pk_parse_keyfile_rsa:"../../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha512.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED Parse RSA Key #91 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA512 DER) @@ -807,15 +807,15 @@ depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_512:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C pk_parse_keyfile_rsa:"../../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha512.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT Parse RSA Key #93 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA512 DER, 4096-bit) -depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_512:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC +depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_512:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_TEST_ALLOW_RSA_4096 pk_parse_keyfile_rsa:"../../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha512.der":"PolarSSLTest":0 Parse RSA Key #93.1 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA512 DER, 4096-bit, wrong PW) -depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_512:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_512:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7:MBEDTLS_TEST_ALLOW_RSA_4096 pk_parse_keyfile_rsa:"../../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha512.der":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH Parse RSA Key #93.2 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA512 DER, 4096-bit, no PW) -depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_512:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C +depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_512:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_TEST_ALLOW_RSA_4096 pk_parse_keyfile_rsa:"../../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha512.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT Parse RSA Key #94 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA512) @@ -843,15 +843,15 @@ depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_512:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_ pk_parse_keyfile_rsa:"../../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_des_sha512.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED Parse RSA Key #96 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA512, 4096-bit) -depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_512:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC +depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_512:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_TEST_ALLOW_RSA_4096 pk_parse_keyfile_rsa:"../../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha512.pem":"PolarSSLTest":0 Parse RSA Key #96.1 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA512, 4096-bit, wrong PW) -depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_512:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_512:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7:MBEDTLS_TEST_ALLOW_RSA_4096 pk_parse_keyfile_rsa:"../../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha512.pem":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH Parse RSA Key #96.2 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA512, 4096-bit, no PW) -depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_512:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C +depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_512:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_TEST_ALLOW_RSA_4096 pk_parse_keyfile_rsa:"../../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha512.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED Parse RSA Key #97 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA512 DER) @@ -879,15 +879,15 @@ depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_512:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C pk_parse_keyfile_rsa:"../../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_des_sha512.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT Parse RSA Key #99 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA512 DER, 4096-bit) -depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_512:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC +depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_512:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_TEST_ALLOW_RSA_4096 pk_parse_keyfile_rsa:"../../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha512.der":"PolarSSLTest":0 Parse RSA Key #99.1 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA512 DER, 4096-bit, wrong PW) -depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_512:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_512:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7:MBEDTLS_TEST_ALLOW_RSA_4096 pk_parse_keyfile_rsa:"../../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha512.der":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH Parse RSA Key #99.2 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA512 DER, 4096-bit, no PW) -depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_512:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C +depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_512:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_TEST_ALLOW_RSA_4096 pk_parse_keyfile_rsa:"../../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha512.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT Parse RSA Key #99.3 (PKCS#8 encrypted v2 PBKDF2 AES-128-CBC hmacWithSHA384, 2048-bit) diff --git a/tf-psa-crypto/tests/suites/test_suite_pkwrite.data b/tf-psa-crypto/tests/suites/test_suite_pkwrite.data index d895d39d3a..f55eb760ee 100644 --- a/tf-psa-crypto/tests/suites/test_suite_pkwrite.data +++ b/tf-psa-crypto/tests/suites/test_suite_pkwrite.data @@ -7,11 +7,11 @@ depends_on:MBEDTLS_RSA_C pk_write_pubkey_check:"../../framework/data_files/server1.pubkey.der":TEST_DER Public key write check RSA 4096 -depends_on:MBEDTLS_RSA_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PEM_WRITE_C +depends_on:MBEDTLS_RSA_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PEM_WRITE_C:MBEDTLS_TEST_ALLOW_RSA_4096 pk_write_pubkey_check:"../../framework/data_files/rsa4096_pub.pem":TEST_PEM Public key write check RSA 4096 (DER) -depends_on:MBEDTLS_RSA_C +depends_on:MBEDTLS_RSA_C:MBEDTLS_TEST_ALLOW_RSA_4096 pk_write_pubkey_check:"../../framework/data_files/rsa4096_pub.der":TEST_DER Public key write check EC 192 bits @@ -66,11 +66,11 @@ depends_on:MBEDTLS_RSA_C pk_write_key_check:"../../framework/data_files/server1.key.der":TEST_DER Private key write check RSA 4096 -depends_on:MBEDTLS_RSA_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PEM_WRITE_C +depends_on:MBEDTLS_RSA_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PEM_WRITE_C:MBEDTLS_TEST_ALLOW_RSA_4096 pk_write_key_check:"../../framework/data_files/rsa4096_prv.pem":TEST_PEM Private key write check RSA 4096 (DER) -depends_on:MBEDTLS_RSA_C +depends_on:MBEDTLS_RSA_C:MBEDTLS_TEST_ALLOW_RSA_4096 pk_write_key_check:"../../framework/data_files/rsa4096_prv.der":TEST_DER Private key write check EC 192 bits @@ -134,7 +134,7 @@ depends_on:MBEDTLS_RSA_C pk_write_public_from_private:"../../framework/data_files/server1.key.der":"../../framework/data_files/server1.pubkey.der" Derive public key RSA 4096 -depends_on:MBEDTLS_RSA_C +depends_on:MBEDTLS_RSA_C:MBEDTLS_TEST_ALLOW_RSA_4096 pk_write_public_from_private:"../../framework/data_files/rsa4096_prv.der":"../../framework/data_files/rsa4096_pub.der" Derive public key EC 192 bits diff --git a/tf-psa-crypto/tests/suites/test_suite_psa_crypto.data b/tf-psa-crypto/tests/suites/test_suite_psa_crypto.data index b088ebf9e1..198770ad90 100644 --- a/tf-psa-crypto/tests/suites/test_suite_psa_crypto.data +++ b/tf-psa-crypto/tests/suites/test_suite_psa_crypto.data @@ -7481,9 +7481,16 @@ PSA generate key: RSA, maximum size exceeded depends_on:PSA_WANT_ALG_RSA_PKCS1V15_CRYPT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE generate_key:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_VENDOR_RSA_MAX_KEY_BITS+8:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_ERROR_NOT_SUPPORTED:0 +# Following 2 tests are meant to be tested from the component_test_crypto_with_static_key_slots() +# test component. There MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE is intentionally set to a value +# that is OK for all public RSA key bit sizes, but only valid up to 2048 bits for key pairs. PSA generate key: RSA, key pair size does not fit in static key buffer -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_CRYPT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE:MBEDTLS_PSA_STATIC_KEY_SLOTS:MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE<2364 -generate_key:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_VENDOR_RSA_MAX_KEY_BITS:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_ERROR_NOT_SUPPORTED:0 +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_CRYPT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE:MBEDTLS_PSA_STATIC_KEY_SLOTS:!STATIC_KEY_SLOTS_SUPPORT_RSA_4096:PSA_VENDOR_RSA_MAX_KEY_BITS>=4096 +generate_key:PSA_KEY_TYPE_RSA_KEY_PAIR:4096:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_ERROR_NOT_SUPPORTED:0 + +PSA generate key: RSA, key pair size fits in static key buffer +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_CRYPT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE:MBEDTLS_PSA_STATIC_KEY_SLOTS:STATIC_KEY_SLOTS_SUPPORT_RSA_2048:PSA_VENDOR_RSA_MAX_KEY_BITS>=2048 +generate_key:PSA_KEY_TYPE_RSA_KEY_PAIR:2048:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_SUCCESS:0 PSA generate key: ECC, SECP256R1, good depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE:PSA_WANT_ECC_SECP_R1_256 @@ -7626,11 +7633,11 @@ depends_on:MBEDTLS_THREADING_PTHREAD concurrently_generate_keys:PSA_KEY_TYPE_RAW_DATA:9:PSA_KEY_USAGE_EXPORT:0:PSA_ERROR_INVALID_ARGUMENT:0:8:5 PSA concurrent key generation: raw data, (MBEDTLS_CTR_DRBG_MAX_REQUEST + 1) * 8 bits -depends_on:MBEDTLS_THREADING_PTHREAD +depends_on:MBEDTLS_THREADING_PTHREAD:!MBEDTLS_PSA_STATIC_KEY_SLOTS concurrently_generate_keys:PSA_KEY_TYPE_RAW_DATA:(MBEDTLS_CTR_DRBG_MAX_REQUEST + 1) * 8:PSA_KEY_USAGE_EXPORT:0:PSA_SUCCESS:0:8:5 PSA concurrent key generation: raw data, (2 * MBEDTLS_CTR_DRBG_MAX_REQUEST + 1) * 8 bits -depends_on:MBEDTLS_THREADING_PTHREAD +depends_on:MBEDTLS_THREADING_PTHREAD:!MBEDTLS_PSA_STATIC_KEY_SLOTS concurrently_generate_keys:PSA_KEY_TYPE_RAW_DATA:(2 * MBEDTLS_CTR_DRBG_MAX_REQUEST + 1) * 8:PSA_KEY_USAGE_EXPORT:0:PSA_SUCCESS:0:8:5 PSA concurrent key generation: raw data, 65528 bits (large key, ok if it fits) From 2b9d180f8e548ed577b9faa5596e2a7fa302f64f Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Fri, 16 Aug 2024 12:43:47 +0200 Subject: [PATCH 18/35] test_suite_psa_crypto_storage_format: improve input bit length specification for static key buffer Signed-off-by: Valerio Setti --- .../test_suite_psa_crypto_storage_format.function | 12 ++++++------ .../test_suite_psa_crypto_storage_format.misc.data | 2 +- 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/tf-psa-crypto/tests/suites/test_suite_psa_crypto_storage_format.function b/tf-psa-crypto/tests/suites/test_suite_psa_crypto_storage_format.function index ca70d20f67..5788742aa5 100644 --- a/tf-psa-crypto/tests/suites/test_suite_psa_crypto_storage_format.function +++ b/tf-psa-crypto/tests/suites/test_suite_psa_crypto_storage_format.function @@ -305,17 +305,17 @@ void key_storage_read(int lifetime_arg, int type_arg, int bits_arg, /* Create a persistent key which is intentionally larger than the specified * bit size. */ if (flags & TEST_FLAG_OVERSIZED_KEY) { - TEST_CALLOC(custom_key_data, PSA_BITS_TO_BYTES(bits) + 1); - memset(custom_key_data, 0xAA, PSA_BITS_TO_BYTES(bits) + 1); - material->len = PSA_BITS_TO_BYTES(bits) + 1; + TEST_CALLOC(custom_key_data, PSA_BITS_TO_BYTES(bits)); + memset(custom_key_data, 0xAA, PSA_BITS_TO_BYTES(bits)); + material->len = PSA_BITS_TO_BYTES(bits); material->x = custom_key_data; /* 36 bytes are the overhead of psa_persistent_key_storage_format */ - TEST_CALLOC(custom_storage_data, PSA_BITS_TO_BYTES(bits) + 1 + 36); - representation->len = PSA_BITS_TO_BYTES(bits) + 1 + 36; + TEST_CALLOC(custom_storage_data, PSA_BITS_TO_BYTES(bits) + 36); + representation->len = PSA_BITS_TO_BYTES(bits) + 36; representation->x = custom_storage_data; - psa_format_key_data_for_storage(custom_key_data, PSA_BITS_TO_BYTES(bits) + 1, + psa_format_key_data_for_storage(custom_key_data, PSA_BITS_TO_BYTES(bits), &attributes, custom_storage_data); } diff --git a/tf-psa-crypto/tests/suites/test_suite_psa_crypto_storage_format.misc.data b/tf-psa-crypto/tests/suites/test_suite_psa_crypto_storage_format.misc.data index 8aabe4cb2c..359053ec0d 100644 --- a/tf-psa-crypto/tests/suites/test_suite_psa_crypto_storage_format.misc.data +++ b/tf-psa-crypto/tests/suites/test_suite_psa_crypto_storage_format.misc.data @@ -14,4 +14,4 @@ key_storage_save:PSA_KEY_LIFETIME_PERSISTENT:PSA_KEY_TYPE_AES:128:PSA_KEY_USAGE_ # so that when psa_get_key_attributes() tries to load it from the storage it will fail. PSA storage read: key larger than MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE depends_on:PSA_WANT_KEY_TYPE_RAW_DATA:MBEDTLS_PSA_STATIC_KEY_SLOTS -key_storage_read:PSA_KEY_LIFETIME_PERSISTENT:PSA_KEY_TYPE_RAW_DATA:MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE*8:PSA_KEY_USAGE_EXPORT:PSA_ALG_NONE:PSA_ALG_NONE:"":"":TEST_FLAG_OVERSIZED_KEY +key_storage_read:PSA_KEY_LIFETIME_PERSISTENT:PSA_KEY_TYPE_RAW_DATA:PSA_BYTES_TO_BITS(MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE + 1):PSA_KEY_USAGE_EXPORT:PSA_ALG_NONE:PSA_ALG_NONE:"":"":TEST_FLAG_OVERSIZED_KEY From 731013033374f7d6b00e188764828c64ff565434 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Fri, 16 Aug 2024 12:52:19 +0200 Subject: [PATCH 19/35] psa: zeroize static key buffer content when key slot is freed Signed-off-by: Valerio Setti --- tf-psa-crypto/core/psa_crypto.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/tf-psa-crypto/core/psa_crypto.c b/tf-psa-crypto/core/psa_crypto.c index b2e33fc77e..0bd58206ff 100644 --- a/tf-psa-crypto/core/psa_crypto.c +++ b/tf-psa-crypto/core/psa_crypto.c @@ -1183,7 +1183,11 @@ static psa_status_t psa_get_and_lock_transparent_key_slot_with_policy( psa_status_t psa_remove_key_data_from_memory(psa_key_slot_t *slot) { -#if !defined(MBEDTLS_PSA_STATIC_KEY_SLOTS) +#if defined(MBEDTLS_PSA_STATIC_KEY_SLOTS) + if (slot->key.bytes > 0) { + mbedtls_platform_zeroize(slot->key.data, MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE); + } +#else if (slot->key.data != NULL) { mbedtls_zeroize_and_free(slot->key.data, slot->key.bytes); } From a006b8f6c1b73a0fc524d5562a90348cc7f4f012 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Fri, 16 Aug 2024 13:32:58 +0200 Subject: [PATCH 20/35] check_config: prevent fully dynamic and static key stores to be enabled simultaneously Signed-off-by: Valerio Setti --- include/mbedtls/check_config.h | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h index 20b0ed610e..a710208505 100644 --- a/include/mbedtls/check_config.h +++ b/include/mbedtls/check_config.h @@ -694,6 +694,11 @@ #error "MBEDTLS_PSA_INJECT_ENTROPY is not compatible with MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG" #endif +#if defined(MBEDTLS_PSA_KEY_STORE_DYNAMIC) && \ + defined(MBEDTLS_PSA_STATIC_KEY_SLOTS) +#error "MBEDTLS_PSA_KEY_STORE_DYNAMIC and MBEDTLS_PSA_STATIC_KEY_SLOTS cannot be defined simultaneously" +#endif + #if defined(MBEDTLS_PSA_ITS_FILE_C) && \ !defined(MBEDTLS_FS_IO) #error "MBEDTLS_PSA_ITS_FILE_C defined, but not all prerequisites" From 8bc8172c4abc896da138b13aef612331417995eb Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Wed, 28 Aug 2024 05:50:45 +0200 Subject: [PATCH 21/35] test: disable dynamic key store in test_crypto_with_static_key_slots Signed-off-by: Valerio Setti --- tests/scripts/components-configuration-crypto.sh | 3 +++ 1 file changed, 3 insertions(+) diff --git a/tests/scripts/components-configuration-crypto.sh b/tests/scripts/components-configuration-crypto.sh index 3473725e4e..5ce69b527a 100644 --- a/tests/scripts/components-configuration-crypto.sh +++ b/tests/scripts/components-configuration-crypto.sh @@ -42,6 +42,9 @@ component_test_crypto_with_static_key_slots() { # - all FFDH key pairs and public keys up to 8192 bits (max of PSA_VENDOR_FFDH_MAX_KEY_BITS). # - all EC key pairs and public keys up to 521 bits (max of PSA_VENDOR_ECC_MAX_CURVE_BITS). scripts/config.py set MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE 1212 + # Disable the fully dynamic key store (default on) since it conflicts + # with the static behavior that we're testing here. + scripts/config.py unset MBEDTLS_PSA_KEY_STORE_DYNAMIC msg "test: crypto full + MBEDTLS_PSA_STATIC_KEY_SLOTS" make CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS" test From f9face436a3cb1fc553576fdc2b98550daba4692 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Thu, 29 Aug 2024 15:02:47 +0200 Subject: [PATCH 22/35] psa: move default definition of MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE Move the default definition of MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE from psa_crypto_core.h to the public header crypto_extra.h in order to solve documentation build issues. Signed-off-by: Valerio Setti --- tf-psa-crypto/core/psa_crypto_core.h | 9 --------- tf-psa-crypto/core/psa_crypto_storage.h | 1 - tf-psa-crypto/include/psa/crypto_extra.h | 10 ++++++++++ 3 files changed, 10 insertions(+), 10 deletions(-) diff --git a/tf-psa-crypto/core/psa_crypto_core.h b/tf-psa-crypto/core/psa_crypto_core.h index 6dd00730ce..f2d849876c 100644 --- a/tf-psa-crypto/core/psa_crypto_core.h +++ b/tf-psa-crypto/core/psa_crypto_core.h @@ -55,15 +55,6 @@ typedef enum { PSA_SLOT_PENDING_DELETION, } psa_key_slot_state_t; -/* If the size of static key slots is not explicitly defined by the user, then - * set it to the maximum between PSA_EXPORT_KEY_PAIR_OR_PUBLIC_MAX_SIZE and - * PSA_CIPHER_MAX_KEY_LENGTH. */ -#if !defined(MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE) -#define MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE \ - ((PSA_EXPORT_KEY_PAIR_OR_PUBLIC_MAX_SIZE > PSA_CIPHER_MAX_KEY_LENGTH) ? \ - PSA_EXPORT_KEY_PAIR_OR_PUBLIC_MAX_SIZE : PSA_CIPHER_MAX_KEY_LENGTH) -#endif /* !MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE*/ - /** The data structure representing a key slot, containing key material * and metadata for one key. */ diff --git a/tf-psa-crypto/core/psa_crypto_storage.h b/tf-psa-crypto/core/psa_crypto_storage.h index 809fd72249..433ecdca51 100644 --- a/tf-psa-crypto/core/psa_crypto_storage.h +++ b/tf-psa-crypto/core/psa_crypto_storage.h @@ -17,7 +17,6 @@ extern "C" { #include "psa/crypto.h" #include "psa/crypto_se_driver.h" -#include "psa_crypto_core.h" #include #include diff --git a/tf-psa-crypto/include/psa/crypto_extra.h b/tf-psa-crypto/include/psa/crypto_extra.h index 0cf42c6055..f48c0873b5 100644 --- a/tf-psa-crypto/include/psa/crypto_extra.h +++ b/tf-psa-crypto/include/psa/crypto_extra.h @@ -32,6 +32,16 @@ extern "C" { #define MBEDTLS_PSA_KEY_SLOT_COUNT 32 #endif +/* If the size of static key slots is not explicitly defined by the user, then + * set it to the maximum between PSA_EXPORT_KEY_PAIR_OR_PUBLIC_MAX_SIZE and + * PSA_CIPHER_MAX_KEY_LENGTH. + * See mbedtls_config.h for the definition. */ +#if !defined(MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE) +#define MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE \ + ((PSA_EXPORT_KEY_PAIR_OR_PUBLIC_MAX_SIZE > PSA_CIPHER_MAX_KEY_LENGTH) ? \ + PSA_EXPORT_KEY_PAIR_OR_PUBLIC_MAX_SIZE : PSA_CIPHER_MAX_KEY_LENGTH) +#endif /* !MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE*/ + /** \addtogroup attributes * @{ */ From 69d19e7bdda51e2e4af98b694915884bef1243be Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Thu, 26 Sep 2024 13:01:53 +0200 Subject: [PATCH 23/35] psa_crypto_helpers: add MBEDTLS_TEST_ prefix to newly created symbols Signed-off-by: Valerio Setti --- tests/include/test/psa_crypto_helpers.h | 7 ++++--- tf-psa-crypto/tests/suites/test_suite_psa_crypto.data | 4 ++-- 2 files changed, 6 insertions(+), 5 deletions(-) diff --git a/tests/include/test/psa_crypto_helpers.h b/tests/include/test/psa_crypto_helpers.h index e151e3a400..981f234f12 100644 --- a/tests/include/test/psa_crypto_helpers.h +++ b/tests/include/test/psa_crypto_helpers.h @@ -466,14 +466,15 @@ uint64_t mbedtls_test_parse_binary_string(data_t *bin_string); * used in test cases where MBEDTLS_PSA_STATIC_KEY_SLOTS is enabled. */ #if defined(MBEDTLS_PSA_CRYPTO_C) #if (MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE >= PSA_KEY_EXPORT_RSA_KEY_PAIR_MAX_SIZE(4096)) -#define STATIC_KEY_SLOTS_SUPPORT_RSA_4096 +#define MBEDTLS_TEST_STATIC_KEY_SLOTS_SUPPORT_RSA_4096 #endif #if (MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE >= PSA_KEY_EXPORT_RSA_KEY_PAIR_MAX_SIZE(2048)) -#define STATIC_KEY_SLOTS_SUPPORT_RSA_2048 +#define MBEDTLS_TEST_STATIC_KEY_SLOTS_SUPPORT_RSA_2048 #endif -#if !defined(MBEDTLS_PSA_STATIC_KEY_SLOTS) || defined(STATIC_KEY_SLOTS_SUPPORT_RSA_4096) +#if !defined(MBEDTLS_PSA_STATIC_KEY_SLOTS) || \ + defined(MBEDTLS_TEST_STATIC_KEY_SLOTS_SUPPORT_RSA_4096) #define MBEDTLS_TEST_ALLOW_RSA_4096 #endif diff --git a/tf-psa-crypto/tests/suites/test_suite_psa_crypto.data b/tf-psa-crypto/tests/suites/test_suite_psa_crypto.data index 198770ad90..fffe49851d 100644 --- a/tf-psa-crypto/tests/suites/test_suite_psa_crypto.data +++ b/tf-psa-crypto/tests/suites/test_suite_psa_crypto.data @@ -7485,11 +7485,11 @@ generate_key:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_VENDOR_RSA_MAX_KEY_BITS+8:PSA_KEY_USA # test component. There MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE is intentionally set to a value # that is OK for all public RSA key bit sizes, but only valid up to 2048 bits for key pairs. PSA generate key: RSA, key pair size does not fit in static key buffer -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_CRYPT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE:MBEDTLS_PSA_STATIC_KEY_SLOTS:!STATIC_KEY_SLOTS_SUPPORT_RSA_4096:PSA_VENDOR_RSA_MAX_KEY_BITS>=4096 +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_CRYPT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE:MBEDTLS_PSA_STATIC_KEY_SLOTS:!MBEDTLS_TEST_STATIC_KEY_SLOTS_SUPPORT_RSA_4096:PSA_VENDOR_RSA_MAX_KEY_BITS>=4096 generate_key:PSA_KEY_TYPE_RSA_KEY_PAIR:4096:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_ERROR_NOT_SUPPORTED:0 PSA generate key: RSA, key pair size fits in static key buffer -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_CRYPT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE:MBEDTLS_PSA_STATIC_KEY_SLOTS:STATIC_KEY_SLOTS_SUPPORT_RSA_2048:PSA_VENDOR_RSA_MAX_KEY_BITS>=2048 +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_CRYPT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE:MBEDTLS_PSA_STATIC_KEY_SLOTS:MBEDTLS_TEST_STATIC_KEY_SLOTS_SUPPORT_RSA_2048:PSA_VENDOR_RSA_MAX_KEY_BITS>=2048 generate_key:PSA_KEY_TYPE_RSA_KEY_PAIR:2048:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_SUCCESS:0 PSA generate key: ECC, SECP256R1, good From 175a494d01df4f1a65664acfd5ba7e3503f5cf7d Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Thu, 26 Sep 2024 13:51:39 +0200 Subject: [PATCH 24/35] psa_crypto_helpers: enhance definitions for static key slot related test symbols - MBEDTLS_TEST_STATIC_KEY_SLOTS_SUPPORT_RSA_[2048/4096] are always defined because they are only used in test_suite_psa_crypto tests. - MBEDTLS_TEST_ALLOW_RSA_4096 was renamed as MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096 because this is only used in PK related test suites. Signed-off-by: Valerio Setti --- tests/include/test/psa_crypto_helpers.h | 17 +- .../tests/suites/test_suite_pkparse.data | 146 +++++++++--------- .../tests/suites/test_suite_pkwrite.data | 10 +- 3 files changed, 89 insertions(+), 84 deletions(-) diff --git a/tests/include/test/psa_crypto_helpers.h b/tests/include/test/psa_crypto_helpers.h index 981f234f12..fd7248514a 100644 --- a/tests/include/test/psa_crypto_helpers.h +++ b/tests/include/test/psa_crypto_helpers.h @@ -461,10 +461,9 @@ uint64_t mbedtls_test_parse_binary_string(data_t *bin_string); #define MBEDTLS_TEST_PSA_INTERNAL_KEYS \ MBEDTLS_TEST_PSA_INTERNAL_KEYS_FOR_DRBG -/* Some helper macros to verify if MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE is +/* A couple of helper macros to verify if MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE is * large enough to contain an RSA key pair of the given size. This is meant to be * used in test cases where MBEDTLS_PSA_STATIC_KEY_SLOTS is enabled. */ -#if defined(MBEDTLS_PSA_CRYPTO_C) #if (MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE >= PSA_KEY_EXPORT_RSA_KEY_PAIR_MAX_SIZE(4096)) #define MBEDTLS_TEST_STATIC_KEY_SLOTS_SUPPORT_RSA_4096 #endif @@ -473,15 +472,21 @@ uint64_t mbedtls_test_parse_binary_string(data_t *bin_string); #define MBEDTLS_TEST_STATIC_KEY_SLOTS_SUPPORT_RSA_2048 #endif +/* Helper macro for the PK module to check whether MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE + * is large enough to contain 4096 bits RSA key pairs. Of course this check is only + * necessary if PK relies on PSA (i.e. MBEDTLS_USE_PSA_CRYPTO) to store and manage + * the key. */ +#if defined(MBEDTLS_USE_PSA_CRYPTO) + #if !defined(MBEDTLS_PSA_STATIC_KEY_SLOTS) || \ defined(MBEDTLS_TEST_STATIC_KEY_SLOTS_SUPPORT_RSA_4096) -#define MBEDTLS_TEST_ALLOW_RSA_4096 +#define MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096 #endif -#else /* MBEDTLS_PSA_CRYPTO_C */ +#else /* MBEDTLS_USE_PSA_CRYPTO */ -#define MBEDTLS_TEST_ALLOW_RSA_4096 +#define MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096 -#endif /* MBEDTLS_PSA_CRYPTO_C */ +#endif /* MBEDTLS_USE_PSA_CRYPTO */ #endif /* PSA_CRYPTO_HELPERS_H */ diff --git a/tf-psa-crypto/tests/suites/test_suite_pkparse.data b/tf-psa-crypto/tests/suites/test_suite_pkparse.data index 028686c7d7..17a253dbbd 100644 --- a/tf-psa-crypto/tests/suites/test_suite_pkparse.data +++ b/tf-psa-crypto/tests/suites/test_suite_pkparse.data @@ -51,23 +51,23 @@ depends_on:PSA_WANT_ALG_MD5:MBEDTLS_AES_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_CIPHER_MOD pk_parse_keyfile_rsa:"../../framework/data_files/rsa_pkcs1_2048_aes256.pem":"testkey":0 Parse RSA Key #14 (4096-bit, DES Encrypted) -depends_on:PSA_WANT_ALG_MD5:MBEDTLS_DES_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_TEST_ALLOW_RSA_4096 +depends_on:PSA_WANT_ALG_MD5:MBEDTLS_DES_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096 pk_parse_keyfile_rsa:"../../framework/data_files/rsa_pkcs1_4096_des.pem":"testkey":0 Parse RSA Key #15 (4096-bit, 3DES Encrypted) -depends_on:PSA_WANT_ALG_MD5:MBEDTLS_DES_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_TEST_ALLOW_RSA_4096 +depends_on:PSA_WANT_ALG_MD5:MBEDTLS_DES_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096 pk_parse_keyfile_rsa:"../../framework/data_files/rsa_pkcs1_4096_3des.pem":"testkey":0 Parse RSA Key #16 (4096-bit, AES-128 Encrypted) -depends_on:PSA_WANT_ALG_MD5:MBEDTLS_AES_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_TEST_ALLOW_RSA_4096 +depends_on:PSA_WANT_ALG_MD5:MBEDTLS_AES_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096 pk_parse_keyfile_rsa:"../../framework/data_files/rsa_pkcs1_4096_aes128.pem":"testkey":0 Parse RSA Key #17 (4096-bit, AES-192 Encrypted) -depends_on:PSA_WANT_ALG_MD5:MBEDTLS_AES_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_CIPHER_MODE_CBC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:MBEDTLS_TEST_ALLOW_RSA_4096 +depends_on:PSA_WANT_ALG_MD5:MBEDTLS_AES_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_CIPHER_MODE_CBC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096 pk_parse_keyfile_rsa:"../../framework/data_files/rsa_pkcs1_4096_aes192.pem":"testkey":0 Parse RSA Key #18 (4096-bit, AES-256 Encrypted) -depends_on:PSA_WANT_ALG_MD5:MBEDTLS_AES_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_CIPHER_MODE_CBC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:MBEDTLS_TEST_ALLOW_RSA_4096 +depends_on:PSA_WANT_ALG_MD5:MBEDTLS_AES_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_CIPHER_MODE_CBC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096 pk_parse_keyfile_rsa:"../../framework/data_files/rsa_pkcs1_4096_aes256.pem":"testkey":0 Parse RSA Key #19 (PKCS#8 wrapped) @@ -99,15 +99,15 @@ depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_1:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS12_C pk_parse_keyfile_rsa:"../../framework/data_files/rsa_pkcs8_pbe_sha1_2048_3des.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED Parse RSA Key #22 (PKCS#8 encrypted SHA1-3DES, 4096-bit) -depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_1:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS12_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_TEST_ALLOW_RSA_4096 +depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_1:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS12_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096 pk_parse_keyfile_rsa:"../../framework/data_files/rsa_pkcs8_pbe_sha1_4096_3des.pem":"PolarSSLTest":0 Parse RSA Key #22.1 (PKCS#8 encrypted SHA1-3DES, 4096-bit, wrong PW) -depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_1:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS12_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7:MBEDTLS_TEST_ALLOW_RSA_4096 +depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_1:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS12_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096 pk_parse_keyfile_rsa:"../../framework/data_files/rsa_pkcs8_pbe_sha1_4096_3des.pem":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH Parse RSA Key #22.2 (PKCS#8 encrypted SHA1-3DES, 4096-bit, no PW) -depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_1:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS12_C:MBEDTLS_CIPHER_C:MBEDTLS_TEST_ALLOW_RSA_4096 +depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_1:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS12_C:MBEDTLS_CIPHER_C:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096 pk_parse_keyfile_rsa:"../../framework/data_files/rsa_pkcs8_pbe_sha1_4096_3des.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED Parse RSA Key #23 (PKCS#8 encrypted SHA1-3DES DER) @@ -119,7 +119,7 @@ depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_1:MBEDTLS_PKCS12_C:MBEDTLS_CIPHER_C:MB pk_parse_keyfile_rsa:"../../framework/data_files/rsa_pkcs8_pbe_sha1_2048_3des.der":"PolarSSLTest":0 Parse RSA Key #25 (PKCS#8 encrypted SHA1-3DES DER, 4096-bit) -depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_1:MBEDTLS_PKCS12_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_TEST_ALLOW_RSA_4096 +depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_1:MBEDTLS_PKCS12_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096 pk_parse_keyfile_rsa:"../../framework/data_files/rsa_pkcs8_pbe_sha1_4096_3des.der":"PolarSSLTest":0 Parse RSA Key #26 (PKCS#8 encrypted SHA1-2DES) @@ -147,15 +147,15 @@ depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_1:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS12_C pk_parse_keyfile_rsa:"../../framework/data_files/rsa_pkcs8_pbe_sha1_2048_2des.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED Parse RSA Key #28 (PKCS#8 encrypted SHA1-2DES, 4096-bit) -depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_1:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS12_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_TEST_ALLOW_RSA_4096 +depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_1:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS12_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096 pk_parse_keyfile_rsa:"../../framework/data_files/rsa_pkcs8_pbe_sha1_4096_2des.pem":"PolarSSLTest":0 Parse RSA Key #28.1 (PKCS#8 encrypted SHA1-2DES, 4096-bit, wrong PW) -depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_1:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS12_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7:MBEDTLS_TEST_ALLOW_RSA_4096 +depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_1:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS12_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096 pk_parse_keyfile_rsa:"../../framework/data_files/rsa_pkcs8_pbe_sha1_4096_2des.pem":"PolarSLTest":MBEDTLS_ERR_PK_PASSWORD_MISMATCH Parse RSA Key #28.2 (PKCS#8 encrypted SHA1-2DES, 4096-bit, no PW) -depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_1:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS12_C:MBEDTLS_CIPHER_C:MBEDTLS_TEST_ALLOW_RSA_4096 +depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_1:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS12_C:MBEDTLS_CIPHER_C:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096 pk_parse_keyfile_rsa:"../../framework/data_files/rsa_pkcs8_pbe_sha1_4096_2des.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED Parse RSA Key #29 (PKCS#8 encrypted SHA1-2DES DER) @@ -167,7 +167,7 @@ depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_1:MBEDTLS_PKCS12_C:MBEDTLS_CIPHER_C:MB pk_parse_keyfile_rsa:"../../framework/data_files/rsa_pkcs8_pbe_sha1_2048_2des.der":"PolarSSLTest":0 Parse RSA Key #31 (PKCS#8 encrypted SHA1-2DES DER, 4096-bit) -depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_1:MBEDTLS_PKCS12_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_TEST_ALLOW_RSA_4096 +depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_1:MBEDTLS_PKCS12_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096 pk_parse_keyfile_rsa:"../../framework/data_files/rsa_pkcs8_pbe_sha1_4096_2des.der":"PolarSSLTest":0 Parse RSA Key #38 (PKCS#8 encrypted v2 PBKDF2 3DES) @@ -195,15 +195,15 @@ depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_1:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C: pk_parse_keyfile_rsa:"../../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED Parse RSA Key #40 (PKCS#8 encrypted v2 PBKDF2 3DES, 4096-bit) -depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_1:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_TEST_ALLOW_RSA_4096 +depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_1:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096 pk_parse_keyfile_rsa:"../../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des.pem":"PolarSSLTest":0 Parse RSA Key #40.1 (PKCS#8 encrypted v2 PBKDF2 3DES, 4096-bit, wrong PW) -depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_1:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7:MBEDTLS_TEST_ALLOW_RSA_4096 +depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_1:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096 pk_parse_keyfile_rsa:"../../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des.pem":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH Parse RSA Key #40.2 (PKCS#8 encrypted v2 PBKDF2 3DES, 4096-bit, no PW) -depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_1:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_TEST_ALLOW_RSA_4096 +depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_1:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096 pk_parse_keyfile_rsa:"../../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED Parse RSA Key #41 (PKCS#8 encrypted v2 PBKDF2 3DES DER) @@ -231,15 +231,15 @@ depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_1:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C pk_parse_keyfile_rsa:"../../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT Parse RSA Key #43 (PKCS#8 encrypted v2 PBKDF2 3DES DER, 4096-bit) -depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_1:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_TEST_ALLOW_RSA_4096 +depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_1:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096 pk_parse_keyfile_rsa:"../../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des.der":"PolarSSLTest":0 Parse RSA Key #43.1 (PKCS#8 encrypted v2 PBKDF2 3DES DER, 4096-bit, wrong PW) -depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_1:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7:MBEDTLS_TEST_ALLOW_RSA_4096 +depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_1:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096 pk_parse_keyfile_rsa:"../../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des.der":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH Parse RSA Key #43.2 (PKCS#8 encrypted v2 PBKDF2 3DES DER, 4096-bit, no PW) -depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_1:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_TEST_ALLOW_RSA_4096 +depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_1:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096 pk_parse_keyfile_rsa:"../../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT Parse RSA Key #44 (PKCS#8 encrypted v2 PBKDF2 DES) @@ -267,15 +267,15 @@ depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_1:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C: pk_parse_keyfile_rsa:"../../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_des.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED Parse RSA Key #46 (PKCS#8 encrypted v2 PBKDF2 DES, 4096-bit) -depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_1:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_TEST_ALLOW_RSA_4096 +depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_1:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096 pk_parse_keyfile_rsa:"../../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des.pem":"PolarSSLTest":0 Parse RSA Key #46.1 (PKCS#8 encrypted v2 PBKDF2 DES, 4096-bit, wrong PW) -depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_1:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7:MBEDTLS_TEST_ALLOW_RSA_4096 +depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_1:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096 pk_parse_keyfile_rsa:"../../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des.pem":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH Parse RSA Key #46.2 (PKCS#8 encrypted v2 PBKDF2 DES, 4096-bit, no PW) -depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_1:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_TEST_ALLOW_RSA_4096 +depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_1:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096 pk_parse_keyfile_rsa:"../../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED Parse RSA Key #47 (PKCS#8 encrypted v2 PBKDF2 DES DER) @@ -303,15 +303,15 @@ depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_1:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C pk_parse_keyfile_rsa:"../../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_des.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT Parse RSA Key #49 (PKCS#8 encrypted v2 PBKDF2 DES DER, 4096-bit) -depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_1:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_TEST_ALLOW_RSA_4096 +depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_1:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096 pk_parse_keyfile_rsa:"../../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des.der":"PolarSSLTest":0 Parse RSA Key #49.1 (PKCS#8 encrypted v2 PBKDF2 DES DER, 4096-bit, wrong PW) -depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_1:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7:MBEDTLS_TEST_ALLOW_RSA_4096 +depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_1:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096 pk_parse_keyfile_rsa:"../../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des.der":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH Parse RSA Key #49.2 (PKCS#8 encrypted v2 PBKDF2 DES DER, 4096-bit, no PW) -depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_1:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_TEST_ALLOW_RSA_4096 +depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_1:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096 pk_parse_keyfile_rsa:"../../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT Parse RSA Key #50 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA224) @@ -339,15 +339,15 @@ depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_224:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_ pk_parse_keyfile_rsa:"../../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha224.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED Parse RSA Key #52 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA224, 4096-bit) -depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_224:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_TEST_ALLOW_RSA_4096 +depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_224:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096 pk_parse_keyfile_rsa:"../../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha224.pem":"PolarSSLTest":0 Parse RSA Key #52.1 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA224, 4096-bit, wrong PW) -depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_224:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7:MBEDTLS_TEST_ALLOW_RSA_4096 +depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_224:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096 pk_parse_keyfile_rsa:"../../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha224.pem":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH Parse RSA Key #52.2 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA224, 4096-bit, no PW) -depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_224:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_TEST_ALLOW_RSA_4096 +depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_224:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096 pk_parse_keyfile_rsa:"../../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha224.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED Parse RSA Key #53 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA224 DER) @@ -375,15 +375,15 @@ depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_224:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C pk_parse_keyfile_rsa:"../../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha224.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT Parse RSA Key #55 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA224 DER, 4096-bit) -depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_224:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_TEST_ALLOW_RSA_4096 +depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_224:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096 pk_parse_keyfile_rsa:"../../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha224.der":"PolarSSLTest":0 Parse RSA Key #55.1 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA224 DER, 4096-bit, wrong PW) -depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_224:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7:MBEDTLS_TEST_ALLOW_RSA_4096 +depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_224:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096 pk_parse_keyfile_rsa:"../../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha224.der":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH Parse RSA Key #55.2 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA224 DER, 4096-bit, no PW) -depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_224:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_TEST_ALLOW_RSA_4096 +depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_224:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096 pk_parse_keyfile_rsa:"../../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha224.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT Parse RSA Key #56 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA224) @@ -411,15 +411,15 @@ depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_224:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_ pk_parse_keyfile_rsa:"../../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_des_sha224.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED Parse RSA Key #58 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA224, 4096-bit) -depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_224:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_TEST_ALLOW_RSA_4096 +depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_224:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096 pk_parse_keyfile_rsa:"../../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha224.pem":"PolarSSLTest":0 Parse RSA Key #58.1 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA224, 4096-bit, wrong PW) -depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_224:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7:MBEDTLS_TEST_ALLOW_RSA_4096 +depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_224:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096 pk_parse_keyfile_rsa:"../../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha224.pem":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH Parse RSA Key #58.2 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA224, 4096-bit, no PW) -depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_224:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_TEST_ALLOW_RSA_4096 +depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_224:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096 pk_parse_keyfile_rsa:"../../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha224.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED Parse RSA Key #59 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA224 DER) @@ -447,15 +447,15 @@ depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_224:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C pk_parse_keyfile_rsa:"../../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_des_sha224.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT Parse RSA Key #61 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA224 DER, 4096-bit) -depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_224:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_TEST_ALLOW_RSA_4096 +depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_224:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096 pk_parse_keyfile_rsa:"../../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha224.der":"PolarSSLTest":0 Parse RSA Key #61.1 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA224 DER, 4096-bit, wrong PW) -depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_224:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7:MBEDTLS_TEST_ALLOW_RSA_4096 +depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_224:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096 pk_parse_keyfile_rsa:"../../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha224.der":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH Parse RSA Key #61.2 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA224 DER, 4096-bit, no PW) -depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_224:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_TEST_ALLOW_RSA_4096 +depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_224:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096 pk_parse_keyfile_rsa:"../../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha224.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT Parse RSA Key #62 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA256) @@ -483,15 +483,15 @@ depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_256:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_ pk_parse_keyfile_rsa:"../../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha256.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED Parse RSA Key #64 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA256, 4096-bit) -depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_256:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_TEST_ALLOW_RSA_4096 +depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_256:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096 pk_parse_keyfile_rsa:"../../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha256.pem":"PolarSSLTest":0 Parse RSA Key #64.1 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA256, 4096-bit, wrong PW) -depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_256:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7:MBEDTLS_TEST_ALLOW_RSA_4096 +depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_256:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096 pk_parse_keyfile_rsa:"../../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha256.pem":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH Parse RSA Key #64.2 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA256, 4096-bit, no PW) -depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_256:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_TEST_ALLOW_RSA_4096 +depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_256:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096 pk_parse_keyfile_rsa:"../../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha256.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED Parse RSA Key #65 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA256 DER) @@ -519,15 +519,15 @@ depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_256:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C pk_parse_keyfile_rsa:"../../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha256.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT Parse RSA Key #67 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA256 DER, 4096-bit) -depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_256:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_TEST_ALLOW_RSA_4096 +depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_256:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096 pk_parse_keyfile_rsa:"../../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha256.der":"PolarSSLTest":0 Parse RSA Key #68.1 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA256 DER, 4096-bit, wrong PW) -depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_256:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7:MBEDTLS_TEST_ALLOW_RSA_4096 +depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_256:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096 pk_parse_keyfile_rsa:"../../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha256.der":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH Parse RSA Key #68.2 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA256 DER, 4096-bit, no PW) -depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_256:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_TEST_ALLOW_RSA_4096 +depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_256:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096 pk_parse_keyfile_rsa:"../../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha256.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT Parse RSA Key #69 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA256) @@ -555,15 +555,15 @@ depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_256:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_ pk_parse_keyfile_rsa:"../../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_des_sha256.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED Parse RSA Key #71 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA256, 4096-bit) -depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_256:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_TEST_ALLOW_RSA_4096 +depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_256:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096 pk_parse_keyfile_rsa:"../../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha256.pem":"PolarSSLTest":0 Parse RSA Key #71.1 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA256, 4096-bit, wrong PW) -depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_256:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7:MBEDTLS_TEST_ALLOW_RSA_4096 +depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_256:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096 pk_parse_keyfile_rsa:"../../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha256.pem":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH Parse RSA Key #71.2 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA256, 4096-bit, no PW) -depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_256:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_TEST_ALLOW_RSA_4096 +depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_256:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096 pk_parse_keyfile_rsa:"../../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha256.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED Parse RSA Key #72 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA256 DER) @@ -591,15 +591,15 @@ depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_256:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C pk_parse_keyfile_rsa:"../../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_des_sha256.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT Parse RSA Key #74 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA256 DER, 4096-bit) -depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_256:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_TEST_ALLOW_RSA_4096 +depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_256:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096 pk_parse_keyfile_rsa:"../../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha256.der":"PolarSSLTest":0 Parse RSA Key #74.1 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA256 DER, 4096-bit, wrong PW) -depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_256:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7:MBEDTLS_TEST_ALLOW_RSA_4096 +depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_256:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096 pk_parse_keyfile_rsa:"../../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha256.der":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH Parse RSA Key #74.2 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA256 DER, 4096-bit, no PW) -depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_256:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_TEST_ALLOW_RSA_4096 +depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_256:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096 pk_parse_keyfile_rsa:"../../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha256.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT Parse RSA Key #75 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA384) @@ -627,15 +627,15 @@ depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_384:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_ pk_parse_keyfile_rsa:"../../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha384.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED Parse RSA Key #77 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA384, 4096-bit) -depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_384:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_TEST_ALLOW_RSA_4096 +depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_384:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096 pk_parse_keyfile_rsa:"../../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha384.pem":"PolarSSLTest":0 Parse RSA Key #77.1 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA384, 4096-bit, wrong PW) -depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_384:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7:MBEDTLS_TEST_ALLOW_RSA_4096 +depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_384:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096 pk_parse_keyfile_rsa:"../../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha384.pem":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH Parse RSA Key #77.2 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA384, 4096-bit, no PW) -depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_384:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_TEST_ALLOW_RSA_4096 +depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_384:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096 pk_parse_keyfile_rsa:"../../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha384.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED Parse RSA Key #78 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA384 DER) @@ -663,15 +663,15 @@ depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_384:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C pk_parse_keyfile_rsa:"../../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha384.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT Parse RSA Key #80 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA384 DER, 4096-bit) -depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_384:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_TEST_ALLOW_RSA_4096 +depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_384:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096 pk_parse_keyfile_rsa:"../../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha384.der":"PolarSSLTest":0 Parse RSA Key #80.1 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA384 DER, 4096-bit, wrong PW) -depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_384:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7:MBEDTLS_TEST_ALLOW_RSA_4096 +depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_384:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096 pk_parse_keyfile_rsa:"../../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha384.der":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH Parse RSA Key #80.2 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA384 DER, 4096-bit, no PW) -depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_384:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_TEST_ALLOW_RSA_4096 +depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_384:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096 pk_parse_keyfile_rsa:"../../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha384.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT Parse RSA Key #81 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA384) @@ -699,15 +699,15 @@ depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_384:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_ pk_parse_keyfile_rsa:"../../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_des_sha384.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED Parse RSA Key #83 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA384, 4096-bit) -depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_384:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_TEST_ALLOW_RSA_4096 +depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_384:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096 pk_parse_keyfile_rsa:"../../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha384.pem":"PolarSSLTest":0 Parse RSA Key #83.1 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA384, 4096-bit, wrong PW) -depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_384:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7:MBEDTLS_TEST_ALLOW_RSA_4096 +depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_384:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096 pk_parse_keyfile_rsa:"../../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha384.pem":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH Parse RSA Key #83.2 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA384, 4096-bit, no PW) -depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_384:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_TEST_ALLOW_RSA_4096 +depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_384:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096 pk_parse_keyfile_rsa:"../../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha384.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED Parse RSA Key #84 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA384 DER) @@ -735,15 +735,15 @@ depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_384:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C pk_parse_keyfile_rsa:"../../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_des_sha384.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT Parse RSA Key #87 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA384 DER, 4096-bit) -depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_384:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_TEST_ALLOW_RSA_4096 +depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_384:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096 pk_parse_keyfile_rsa:"../../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha384.der":"PolarSSLTest":0 Parse RSA Key #87.1 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA384 DER, 4096-bit, wrong PW) -depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_384:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7:MBEDTLS_TEST_ALLOW_RSA_4096 +depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_384:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096 pk_parse_keyfile_rsa:"../../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha384.der":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH Parse RSA Key #87.2 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA384 DER, 4096-bit, no PW) -depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_384:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_TEST_ALLOW_RSA_4096 +depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_384:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096 pk_parse_keyfile_rsa:"../../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha384.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT Parse RSA Key #88 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA512) @@ -771,15 +771,15 @@ depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_512:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_ pk_parse_keyfile_rsa:"../../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha512.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED Parse RSA Key #90 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA512, 4096-bit) -depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_512:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_TEST_ALLOW_RSA_4096 +depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_512:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096 pk_parse_keyfile_rsa:"../../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha512.pem":"PolarSSLTest":0 Parse RSA Key #90.1 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA512, 4096-bit, wrong PW) -depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_512:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7:MBEDTLS_TEST_ALLOW_RSA_4096 +depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_512:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096 pk_parse_keyfile_rsa:"../../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha512.pem":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH Parse RSA Key #90.2 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA512, 4096-bit, no PW) -depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_512:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_TEST_ALLOW_RSA_4096 +depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_512:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096 pk_parse_keyfile_rsa:"../../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha512.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED Parse RSA Key #91 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA512 DER) @@ -807,15 +807,15 @@ depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_512:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C pk_parse_keyfile_rsa:"../../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha512.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT Parse RSA Key #93 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA512 DER, 4096-bit) -depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_512:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_TEST_ALLOW_RSA_4096 +depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_512:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096 pk_parse_keyfile_rsa:"../../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha512.der":"PolarSSLTest":0 Parse RSA Key #93.1 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA512 DER, 4096-bit, wrong PW) -depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_512:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7:MBEDTLS_TEST_ALLOW_RSA_4096 +depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_512:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096 pk_parse_keyfile_rsa:"../../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha512.der":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH Parse RSA Key #93.2 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA512 DER, 4096-bit, no PW) -depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_512:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_TEST_ALLOW_RSA_4096 +depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_512:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096 pk_parse_keyfile_rsa:"../../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha512.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT Parse RSA Key #94 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA512) @@ -843,15 +843,15 @@ depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_512:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_ pk_parse_keyfile_rsa:"../../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_des_sha512.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED Parse RSA Key #96 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA512, 4096-bit) -depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_512:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_TEST_ALLOW_RSA_4096 +depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_512:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096 pk_parse_keyfile_rsa:"../../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha512.pem":"PolarSSLTest":0 Parse RSA Key #96.1 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA512, 4096-bit, wrong PW) -depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_512:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7:MBEDTLS_TEST_ALLOW_RSA_4096 +depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_512:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096 pk_parse_keyfile_rsa:"../../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha512.pem":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH Parse RSA Key #96.2 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA512, 4096-bit, no PW) -depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_512:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_TEST_ALLOW_RSA_4096 +depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_512:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096 pk_parse_keyfile_rsa:"../../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha512.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED Parse RSA Key #97 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA512 DER) @@ -879,15 +879,15 @@ depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_512:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C pk_parse_keyfile_rsa:"../../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_des_sha512.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT Parse RSA Key #99 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA512 DER, 4096-bit) -depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_512:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_TEST_ALLOW_RSA_4096 +depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_512:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096 pk_parse_keyfile_rsa:"../../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha512.der":"PolarSSLTest":0 Parse RSA Key #99.1 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA512 DER, 4096-bit, wrong PW) -depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_512:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7:MBEDTLS_TEST_ALLOW_RSA_4096 +depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_512:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096 pk_parse_keyfile_rsa:"../../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha512.der":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH Parse RSA Key #99.2 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA512 DER, 4096-bit, no PW) -depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_512:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_TEST_ALLOW_RSA_4096 +depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_512:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096 pk_parse_keyfile_rsa:"../../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha512.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT Parse RSA Key #99.3 (PKCS#8 encrypted v2 PBKDF2 AES-128-CBC hmacWithSHA384, 2048-bit) diff --git a/tf-psa-crypto/tests/suites/test_suite_pkwrite.data b/tf-psa-crypto/tests/suites/test_suite_pkwrite.data index f55eb760ee..c896f2d273 100644 --- a/tf-psa-crypto/tests/suites/test_suite_pkwrite.data +++ b/tf-psa-crypto/tests/suites/test_suite_pkwrite.data @@ -7,11 +7,11 @@ depends_on:MBEDTLS_RSA_C pk_write_pubkey_check:"../../framework/data_files/server1.pubkey.der":TEST_DER Public key write check RSA 4096 -depends_on:MBEDTLS_RSA_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PEM_WRITE_C:MBEDTLS_TEST_ALLOW_RSA_4096 +depends_on:MBEDTLS_RSA_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PEM_WRITE_C:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096 pk_write_pubkey_check:"../../framework/data_files/rsa4096_pub.pem":TEST_PEM Public key write check RSA 4096 (DER) -depends_on:MBEDTLS_RSA_C:MBEDTLS_TEST_ALLOW_RSA_4096 +depends_on:MBEDTLS_RSA_C:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096 pk_write_pubkey_check:"../../framework/data_files/rsa4096_pub.der":TEST_DER Public key write check EC 192 bits @@ -66,11 +66,11 @@ depends_on:MBEDTLS_RSA_C pk_write_key_check:"../../framework/data_files/server1.key.der":TEST_DER Private key write check RSA 4096 -depends_on:MBEDTLS_RSA_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PEM_WRITE_C:MBEDTLS_TEST_ALLOW_RSA_4096 +depends_on:MBEDTLS_RSA_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PEM_WRITE_C:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096 pk_write_key_check:"../../framework/data_files/rsa4096_prv.pem":TEST_PEM Private key write check RSA 4096 (DER) -depends_on:MBEDTLS_RSA_C:MBEDTLS_TEST_ALLOW_RSA_4096 +depends_on:MBEDTLS_RSA_C:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096 pk_write_key_check:"../../framework/data_files/rsa4096_prv.der":TEST_DER Private key write check EC 192 bits @@ -134,7 +134,7 @@ depends_on:MBEDTLS_RSA_C pk_write_public_from_private:"../../framework/data_files/server1.key.der":"../../framework/data_files/server1.pubkey.der" Derive public key RSA 4096 -depends_on:MBEDTLS_RSA_C:MBEDTLS_TEST_ALLOW_RSA_4096 +depends_on:MBEDTLS_RSA_C:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096 pk_write_public_from_private:"../../framework/data_files/rsa4096_prv.der":"../../framework/data_files/rsa4096_pub.der" Derive public key EC 192 bits From a35c8a0a7e0470e749c30cb39d63b09a76243b7d Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Thu, 26 Sep 2024 17:26:02 +0200 Subject: [PATCH 25/35] test_suite_psa_crypto: use finer grained checks on the key slot buffer size Instead of skipping some tests when !MBEDTLS_PSA_STATIC_KEY_SLOTS, add a proper check in the depends_on to verify if MBEDTLS_PSA_KEY_BUFFER_MAX_SIZE is actually large enough to contain the key used in such test. Signed-off-by: Valerio Setti --- tf-psa-crypto/include/psa/crypto_extra.h | 7 +++++++ .../tests/suites/test_suite_psa_crypto.data | 14 +++++++------- 2 files changed, 14 insertions(+), 7 deletions(-) diff --git a/tf-psa-crypto/include/psa/crypto_extra.h b/tf-psa-crypto/include/psa/crypto_extra.h index f48c0873b5..9bc68f6a26 100644 --- a/tf-psa-crypto/include/psa/crypto_extra.h +++ b/tf-psa-crypto/include/psa/crypto_extra.h @@ -42,6 +42,13 @@ extern "C" { PSA_EXPORT_KEY_PAIR_OR_PUBLIC_MAX_SIZE : PSA_CIPHER_MAX_KEY_LENGTH) #endif /* !MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE*/ +/* Define the size of the each key slot buffer. */ +#if defined(MBEDTLS_PSA_STATIC_KEY_SLOTS) +#define MBEDTLS_PSA_KEY_BUFFER_MAX_SIZE MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE +#else +#define MBEDTLS_PSA_KEY_BUFFER_MAX_SIZE SIZE_MAX +#endif + /** \addtogroup attributes * @{ */ diff --git a/tf-psa-crypto/tests/suites/test_suite_psa_crypto.data b/tf-psa-crypto/tests/suites/test_suite_psa_crypto.data index fffe49851d..f67961f3f3 100644 --- a/tf-psa-crypto/tests/suites/test_suite_psa_crypto.data +++ b/tf-psa-crypto/tests/suites/test_suite_psa_crypto.data @@ -7158,7 +7158,7 @@ derive_key:PSA_ALG_PBKDF2_AES_CMAC_PRF_128:"706173737764":"01":"73616c74":PSA_KE # and not expected to be raised any time soon) is less than the maximum # output from HKDF-SHA512 (255*64 = 16320 bytes). PSA key derivation: largest possible key -depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_512:!MBEDTLS_PSA_STATIC_KEY_SLOTS +depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_512:MBEDTLS_PSA_KEY_BUFFER_MAX_SIZE >= 16320 derive_key:PSA_ALG_HKDF(PSA_ALG_SHA_512):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":PSA_KEY_TYPE_RAW_DATA:PSA_MAX_KEY_BITS:PSA_SUCCESS:1 PSA key derivation: key too large @@ -7402,15 +7402,15 @@ PSA generate key: raw data, 9 bits: invalid argument generate_key:PSA_KEY_TYPE_RAW_DATA:9:PSA_KEY_USAGE_EXPORT:0:PSA_ERROR_INVALID_ARGUMENT:0 PSA generate key: raw data, (MBEDTLS_CTR_DRBG_MAX_REQUEST + 1) * 8 bits -depends_on:!MBEDTLS_PSA_STATIC_KEY_SLOTS +depends_on:MBEDTLS_PSA_KEY_BUFFER_MAX_SIZE >= (MBEDTLS_CTR_DRBG_MAX_REQUEST + 1) generate_key:PSA_KEY_TYPE_RAW_DATA:(MBEDTLS_CTR_DRBG_MAX_REQUEST + 1) * 8:PSA_KEY_USAGE_EXPORT:0:PSA_SUCCESS:0 PSA generate key: raw data, (2 * MBEDTLS_CTR_DRBG_MAX_REQUEST + 1) * 8 bits -depends_on:!MBEDTLS_PSA_STATIC_KEY_SLOTS +depends_on:MBEDTLS_PSA_KEY_BUFFER_MAX_SIZE >= (2 * MBEDTLS_CTR_DRBG_MAX_REQUEST + 1) generate_key:PSA_KEY_TYPE_RAW_DATA:(2 * MBEDTLS_CTR_DRBG_MAX_REQUEST + 1) * 8:PSA_KEY_USAGE_EXPORT:0:PSA_SUCCESS:0 PSA generate key: raw data, 65528 bits (large key, ok if it fits) -depends_on:!MBEDTLS_PSA_STATIC_KEY_SLOTS +depends_on:MBEDTLS_PSA_KEY_BUFFER_MAX_SIZE >= 65528 generate_key:PSA_KEY_TYPE_RAW_DATA:65528:PSA_KEY_USAGE_EXPORT:0:PSA_SUCCESS:1 PSA generate key: raw data, 65536 bits (not supported) @@ -7633,15 +7633,15 @@ depends_on:MBEDTLS_THREADING_PTHREAD concurrently_generate_keys:PSA_KEY_TYPE_RAW_DATA:9:PSA_KEY_USAGE_EXPORT:0:PSA_ERROR_INVALID_ARGUMENT:0:8:5 PSA concurrent key generation: raw data, (MBEDTLS_CTR_DRBG_MAX_REQUEST + 1) * 8 bits -depends_on:MBEDTLS_THREADING_PTHREAD:!MBEDTLS_PSA_STATIC_KEY_SLOTS +depends_on:MBEDTLS_THREADING_PTHREAD:MBEDTLS_PSA_KEY_BUFFER_MAX_SIZE >= (MBEDTLS_CTR_DRBG_MAX_REQUEST + 1) concurrently_generate_keys:PSA_KEY_TYPE_RAW_DATA:(MBEDTLS_CTR_DRBG_MAX_REQUEST + 1) * 8:PSA_KEY_USAGE_EXPORT:0:PSA_SUCCESS:0:8:5 PSA concurrent key generation: raw data, (2 * MBEDTLS_CTR_DRBG_MAX_REQUEST + 1) * 8 bits -depends_on:MBEDTLS_THREADING_PTHREAD:!MBEDTLS_PSA_STATIC_KEY_SLOTS +depends_on:MBEDTLS_THREADING_PTHREAD:MBEDTLS_PSA_KEY_BUFFER_MAX_SIZE >= (2 * MBEDTLS_CTR_DRBG_MAX_REQUEST + 1) concurrently_generate_keys:PSA_KEY_TYPE_RAW_DATA:(2 * MBEDTLS_CTR_DRBG_MAX_REQUEST + 1) * 8:PSA_KEY_USAGE_EXPORT:0:PSA_SUCCESS:0:8:5 PSA concurrent key generation: raw data, 65528 bits (large key, ok if it fits) -depends_on:MBEDTLS_THREADING_PTHREAD:!MBEDTLS_PSA_STATIC_KEY_SLOTS +depends_on:MBEDTLS_THREADING_PTHREAD:MBEDTLS_PSA_KEY_BUFFER_MAX_SIZE > 65528 concurrently_generate_keys:PSA_KEY_TYPE_RAW_DATA:65528:PSA_KEY_USAGE_EXPORT:0:PSA_SUCCESS:1:8:5 PSA concurrent key generation: raw data, 65536 bits (not supported) From 7213fbc2e220a8fe630951ac00444c10e018e420 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Fri, 27 Sep 2024 09:35:20 +0200 Subject: [PATCH 26/35] components-basic-checks: add new exception for MBEDTLS_CTR_DRBG_MAX_REQUEST Signed-off-by: Valerio Setti --- tests/scripts/components-basic-checks.sh | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/tests/scripts/components-basic-checks.sh b/tests/scripts/components-basic-checks.sh index 5ecd02954c..e9bfe5c15c 100644 --- a/tests/scripts/components-basic-checks.sh +++ b/tests/scripts/components-basic-checks.sh @@ -109,6 +109,9 @@ component_check_test_dependencies () { # the test code and that's probably the most convenient way of achieving # the test's goal. echo "MBEDTLS_ASN1_WRITE_C" >> $expected + # No PSA equivalent - used in test_suite_psa_crypto to get some "known" size + # for raw key generation. + echo "MBEDTLS_CTR_DRBG_MAX_REQUEST" >> $expected # No PSA equivalent - we should probably have one in the future. echo "MBEDTLS_ECP_RESTARTABLE" >> $expected # No PSA equivalent - needed by some init tests @@ -162,4 +165,3 @@ component_check_test_helpers () { msg "unit test: translate_ciphers.py" python3 -m unittest framework/scripts/translate_ciphers.py 2>&1 } - From 3a0a8aee7e37fcf2e61a7a29d72a420e4a6e0fe5 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Fri, 27 Sep 2024 09:55:26 +0200 Subject: [PATCH 27/35] psa_crypto_helpers: add guard for MBEDTLS_TEST_STATIC_KEY_SLOTS_SUPPORT_RSA_xxx PSA_KEY_EXPORT_RSA_KEY_PAIR_MAX_SIZE() is not defined when there is no MBEDTLS_PSA_CRYPTO_CLIENT so we need this guard to define MBEDTLS_TEST_STATIC_KEY_SLOTS_SUPPORT_RSA_[2048/4096]. Signed-off-by: Valerio Setti --- tests/include/test/psa_crypto_helpers.h | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/tests/include/test/psa_crypto_helpers.h b/tests/include/test/psa_crypto_helpers.h index fd7248514a..5ee491e328 100644 --- a/tests/include/test/psa_crypto_helpers.h +++ b/tests/include/test/psa_crypto_helpers.h @@ -464,6 +464,8 @@ uint64_t mbedtls_test_parse_binary_string(data_t *bin_string); /* A couple of helper macros to verify if MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE is * large enough to contain an RSA key pair of the given size. This is meant to be * used in test cases where MBEDTLS_PSA_STATIC_KEY_SLOTS is enabled. */ +#if defined(MBEDTLS_PSA_CRYPTO_CLIENT) + #if (MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE >= PSA_KEY_EXPORT_RSA_KEY_PAIR_MAX_SIZE(4096)) #define MBEDTLS_TEST_STATIC_KEY_SLOTS_SUPPORT_RSA_4096 #endif @@ -472,6 +474,8 @@ uint64_t mbedtls_test_parse_binary_string(data_t *bin_string); #define MBEDTLS_TEST_STATIC_KEY_SLOTS_SUPPORT_RSA_2048 #endif +#endif /* MBEDTLS_PSA_CRYPTO_CLIENT */ + /* Helper macro for the PK module to check whether MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE * is large enough to contain 4096 bits RSA key pairs. Of course this check is only * necessary if PK relies on PSA (i.e. MBEDTLS_USE_PSA_CRYPTO) to store and manage From cac061f1d4c5858878e0c0096cdfacc30b873208 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Fri, 4 Oct 2024 07:09:16 +0200 Subject: [PATCH 28/35] test_suite_psa_crypto.data: fix some depends_on Signed-off-by: Valerio Setti --- tf-psa-crypto/tests/suites/test_suite_psa_crypto.data | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/tf-psa-crypto/tests/suites/test_suite_psa_crypto.data b/tf-psa-crypto/tests/suites/test_suite_psa_crypto.data index f67961f3f3..87fec19f64 100644 --- a/tf-psa-crypto/tests/suites/test_suite_psa_crypto.data +++ b/tf-psa-crypto/tests/suites/test_suite_psa_crypto.data @@ -7158,7 +7158,7 @@ derive_key:PSA_ALG_PBKDF2_AES_CMAC_PRF_128:"706173737764":"01":"73616c74":PSA_KE # and not expected to be raised any time soon) is less than the maximum # output from HKDF-SHA512 (255*64 = 16320 bytes). PSA key derivation: largest possible key -depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_512:MBEDTLS_PSA_KEY_BUFFER_MAX_SIZE >= 16320 +depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_512:MBEDTLS_PSA_KEY_BUFFER_MAX_SIZE >= PSA_BITS_TO_BYTES(PSA_MAX_KEY_BITS) derive_key:PSA_ALG_HKDF(PSA_ALG_SHA_512):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":PSA_KEY_TYPE_RAW_DATA:PSA_MAX_KEY_BITS:PSA_SUCCESS:1 PSA key derivation: key too large @@ -7410,7 +7410,7 @@ depends_on:MBEDTLS_PSA_KEY_BUFFER_MAX_SIZE >= (2 * MBEDTLS_CTR_DRBG_MAX_REQUEST generate_key:PSA_KEY_TYPE_RAW_DATA:(2 * MBEDTLS_CTR_DRBG_MAX_REQUEST + 1) * 8:PSA_KEY_USAGE_EXPORT:0:PSA_SUCCESS:0 PSA generate key: raw data, 65528 bits (large key, ok if it fits) -depends_on:MBEDTLS_PSA_KEY_BUFFER_MAX_SIZE >= 65528 +depends_on:MBEDTLS_PSA_KEY_BUFFER_MAX_SIZE >= PSA_BITS_TO_BYTES(65528) generate_key:PSA_KEY_TYPE_RAW_DATA:65528:PSA_KEY_USAGE_EXPORT:0:PSA_SUCCESS:1 PSA generate key: raw data, 65536 bits (not supported) @@ -7641,7 +7641,7 @@ depends_on:MBEDTLS_THREADING_PTHREAD:MBEDTLS_PSA_KEY_BUFFER_MAX_SIZE >= (2 * MBE concurrently_generate_keys:PSA_KEY_TYPE_RAW_DATA:(2 * MBEDTLS_CTR_DRBG_MAX_REQUEST + 1) * 8:PSA_KEY_USAGE_EXPORT:0:PSA_SUCCESS:0:8:5 PSA concurrent key generation: raw data, 65528 bits (large key, ok if it fits) -depends_on:MBEDTLS_THREADING_PTHREAD:MBEDTLS_PSA_KEY_BUFFER_MAX_SIZE > 65528 +depends_on:MBEDTLS_THREADING_PTHREAD:MBEDTLS_PSA_KEY_BUFFER_MAX_SIZE > PSA_BITS_TO_BYTES(65528) concurrently_generate_keys:PSA_KEY_TYPE_RAW_DATA:65528:PSA_KEY_USAGE_EXPORT:0:PSA_SUCCESS:1:8:5 PSA concurrent key generation: raw data, 65536 bits (not supported) From 4cfec6ffbe88dbe82cb205d9817ff57574538df1 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Fri, 4 Oct 2024 07:14:35 +0200 Subject: [PATCH 29/35] psa: move definition of MBEDTLS_PSA_KEY_BUFFER_MAX_SIZE MBEDTLS_PSA_KEY_BUFFER_MAX_SIZE is only used in tests so it should not be defined in a public header such as "crypto_extra.h". "psa_crypto_helpers.h" is a better option. Signed-off-by: Valerio Setti --- tests/include/test/psa_crypto_helpers.h | 7 +++++++ tf-psa-crypto/include/psa/crypto_extra.h | 7 ------- 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/tests/include/test/psa_crypto_helpers.h b/tests/include/test/psa_crypto_helpers.h index 5ee491e328..f214394f30 100644 --- a/tests/include/test/psa_crypto_helpers.h +++ b/tests/include/test/psa_crypto_helpers.h @@ -476,6 +476,13 @@ uint64_t mbedtls_test_parse_binary_string(data_t *bin_string); #endif /* MBEDTLS_PSA_CRYPTO_CLIENT */ +/* Helper macro to get the size of the each key slot buffer. */ +#if defined(MBEDTLS_PSA_STATIC_KEY_SLOTS) +#define MBEDTLS_PSA_KEY_BUFFER_MAX_SIZE MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE +#else +#define MBEDTLS_PSA_KEY_BUFFER_MAX_SIZE SIZE_MAX +#endif + /* Helper macro for the PK module to check whether MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE * is large enough to contain 4096 bits RSA key pairs. Of course this check is only * necessary if PK relies on PSA (i.e. MBEDTLS_USE_PSA_CRYPTO) to store and manage diff --git a/tf-psa-crypto/include/psa/crypto_extra.h b/tf-psa-crypto/include/psa/crypto_extra.h index 9bc68f6a26..f48c0873b5 100644 --- a/tf-psa-crypto/include/psa/crypto_extra.h +++ b/tf-psa-crypto/include/psa/crypto_extra.h @@ -42,13 +42,6 @@ extern "C" { PSA_EXPORT_KEY_PAIR_OR_PUBLIC_MAX_SIZE : PSA_CIPHER_MAX_KEY_LENGTH) #endif /* !MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE*/ -/* Define the size of the each key slot buffer. */ -#if defined(MBEDTLS_PSA_STATIC_KEY_SLOTS) -#define MBEDTLS_PSA_KEY_BUFFER_MAX_SIZE MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE -#else -#define MBEDTLS_PSA_KEY_BUFFER_MAX_SIZE SIZE_MAX -#endif - /** \addtogroup attributes * @{ */ From 83778d7aa99c7b0e1fe2768bc57e2ed6d309e9b7 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Fri, 4 Oct 2024 13:46:37 +0200 Subject: [PATCH 30/35] Documentation: fix some nits Signed-off-by: Valerio Setti --- include/mbedtls/mbedtls_config.h | 2 +- tests/include/test/psa_crypto_helpers.h | 2 +- tf-psa-crypto/core/psa_crypto_core.h | 4 ++-- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/include/mbedtls/mbedtls_config.h b/include/mbedtls/mbedtls_config.h index 46ea878cad..02dc8fd8c8 100644 --- a/include/mbedtls/mbedtls_config.h +++ b/include/mbedtls/mbedtls_config.h @@ -3078,7 +3078,7 @@ * #MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE. * * \note This feature comes with a (potentially) higher RAM usage since: - * - All the key slots are allocated no matter if they are used of not. + * - All the key slots are allocated no matter if they are used or not. * - Each key buffer's length is #MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE bytes. * * Requires: MBEDTLS_PSA_CRYPTO_C diff --git a/tests/include/test/psa_crypto_helpers.h b/tests/include/test/psa_crypto_helpers.h index f214394f30..a54e125ce4 100644 --- a/tests/include/test/psa_crypto_helpers.h +++ b/tests/include/test/psa_crypto_helpers.h @@ -484,7 +484,7 @@ uint64_t mbedtls_test_parse_binary_string(data_t *bin_string); #endif /* Helper macro for the PK module to check whether MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE - * is large enough to contain 4096 bits RSA key pairs. Of course this check is only + * is large enough to contain 4096-bit RSA key pairs. Of course this check is only * necessary if PK relies on PSA (i.e. MBEDTLS_USE_PSA_CRYPTO) to store and manage * the key. */ #if defined(MBEDTLS_USE_PSA_CRYPTO) diff --git a/tf-psa-crypto/core/psa_crypto_core.h b/tf-psa-crypto/core/psa_crypto_core.h index f2d849876c..df0ee501ab 100644 --- a/tf-psa-crypto/core/psa_crypto_core.h +++ b/tf-psa-crypto/core/psa_crypto_core.h @@ -157,9 +157,9 @@ typedef struct { struct key_data { #if defined(MBEDTLS_PSA_STATIC_KEY_SLOTS) uint8_t data[MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE]; -#else /* MBEDTLS_PSA_STATIC_KEY_SLOTS */ +#else uint8_t *data; -#endif /* MBEDTLS_PSA_STATIC_KEY_SLOTS */ +#endif size_t bytes; } key; } psa_key_slot_t; From d47d98777eeb9dd745062ff993edfe0d3946050c Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Fri, 4 Oct 2024 16:50:24 +0200 Subject: [PATCH 31/35] changelog: describe support for static key slot buffers Signed-off-by: Valerio Setti --- ChangeLog.d/9302.txt | 8 ++++++++ 1 file changed, 8 insertions(+) create mode 100644 ChangeLog.d/9302.txt diff --git a/ChangeLog.d/9302.txt b/ChangeLog.d/9302.txt new file mode 100644 index 0000000000..bc121de0c9 --- /dev/null +++ b/ChangeLog.d/9302.txt @@ -0,0 +1,8 @@ +Features + * When the new compilation option MBEDTLS_PSA_STATIC_KEY_SLOTS is enabled, + key store uses static key slot buffers instead of dynamically allocated + ones. + * The size of each static key slot buffer is determined by + MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE. If not set, its default value + is set to accomodate for the largest PSA asymmetric/symmetric key enabled + in the build. From 2b52e769c6547893f51e6ff7b7042f245b5d2b16 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Fri, 4 Oct 2024 17:45:21 +0200 Subject: [PATCH 32/35] changelog: updated description Signed-off-by: Valerio Setti --- ChangeLog.d/9302.txt | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/ChangeLog.d/9302.txt b/ChangeLog.d/9302.txt index bc121de0c9..f2389bf820 100644 --- a/ChangeLog.d/9302.txt +++ b/ChangeLog.d/9302.txt @@ -1,8 +1,8 @@ Features * When the new compilation option MBEDTLS_PSA_STATIC_KEY_SLOTS is enabled, - key store uses static key slot buffers instead of dynamically allocated - ones. - * The size of each static key slot buffer is determined by - MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE. If not set, its default value - is set to accomodate for the largest PSA asymmetric/symmetric key enabled - in the build. + key store uses statically allocated key slot's buffers instead of + dynamically allocating them on heap memory at runtime (through malloc/free + calls). + The size of each buffer is given by the option + MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE. By default it accomodates the + largest PSA key enabled in the build. From bed5d1b1eafc7972016336f09a8d3ff3b508054f Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Mon, 7 Oct 2024 09:52:44 +0200 Subject: [PATCH 33/35] changelog: updated description Signed-off-by: Valerio Setti --- ChangeLog.d/9302.txt | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/ChangeLog.d/9302.txt b/ChangeLog.d/9302.txt index f2389bf820..6f56ece021 100644 --- a/ChangeLog.d/9302.txt +++ b/ChangeLog.d/9302.txt @@ -1,8 +1,6 @@ Features - * When the new compilation option MBEDTLS_PSA_STATIC_KEY_SLOTS is enabled, - key store uses statically allocated key slot's buffers instead of - dynamically allocating them on heap memory at runtime (through malloc/free - calls). + * Added new configuration option MBEDTLS_PSA_STATIC_KEY_SLOTS, which + uses static storage for keys, enabling malloc-less use of key slots. The size of each buffer is given by the option MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE. By default it accomodates the largest PSA key enabled in the build. From 12bccc7be83ac80704b69b42c95fcfb47b05d713 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Mon, 7 Oct 2024 11:21:02 +0200 Subject: [PATCH 34/35] changelog: fix typo Signed-off-by: Valerio Setti --- ChangeLog.d/9302.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ChangeLog.d/9302.txt b/ChangeLog.d/9302.txt index 6f56ece021..d61ba19632 100644 --- a/ChangeLog.d/9302.txt +++ b/ChangeLog.d/9302.txt @@ -2,5 +2,5 @@ Features * Added new configuration option MBEDTLS_PSA_STATIC_KEY_SLOTS, which uses static storage for keys, enabling malloc-less use of key slots. The size of each buffer is given by the option - MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE. By default it accomodates the + MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE. By default it accommodates the largest PSA key enabled in the build. From ec028d84519fe72a5e7cd145980d13e25c7c0389 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Tue, 22 Oct 2024 17:43:37 +0200 Subject: [PATCH 35/35] analyze_outcomes.py: allow test with PSA_WANT_ALG_TLS12_PRF disabled Do not assume that tests with !PSA_WANT_ALG_TLS12_PRF will not be executed in AnalyzeCoverage task. Signed-off-by: Valerio Setti --- tests/scripts/analyze_outcomes.py | 11 ----------- 1 file changed, 11 deletions(-) diff --git a/tests/scripts/analyze_outcomes.py b/tests/scripts/analyze_outcomes.py index 43982ce810..c2ec34e482 100755 --- a/tests/scripts/analyze_outcomes.py +++ b/tests/scripts/analyze_outcomes.py @@ -140,9 +140,6 @@ class CoverageTask(outcome_analysis.CoverageTask): # We don't test with HMAC disabled. # https://github.com/Mbed-TLS/mbedtls/issues/9591 'Config: !PSA_WANT_ALG_HMAC', - # We don't test with HMAC disabled. - # https://github.com/Mbed-TLS/mbedtls/issues/9591 - 'Config: !PSA_WANT_ALG_TLS12_PRF', # The DERIVE key type is always enabled. 'Config: !PSA_WANT_KEY_TYPE_DERIVE', # More granularity of key pair type enablement macros @@ -256,14 +253,6 @@ class CoverageTask(outcome_analysis.CoverageTask): # "PSA test case generation: dependency inference class: operation fail" # from https://github.com/Mbed-TLS/mbedtls/pull/9025 . re.compile(r'.* with (?:DH|ECC)_(?:KEY_PAIR|PUBLIC_KEY)\(.*'), - # We never test with TLS12_PRF or TLS12_PSK_TO_MS disabled - # but certain other things enabled. - # https://github.com/Mbed-TLS/mbedtls/issues/9577 - re.compile(r'PSA key_derivation TLS12_PRF\(\w+\): !TLS12_PRF'), - re.compile(r'PSA key_derivation TLS12_PSK_TO_MS' - r'\((?!SHA_256|SHA_384|SHA_512)\w+\): !TLS12_PSK_TO_MS'), - 'PSA key_derivation KEY_AGREEMENT(ECDH,TLS12_PRF(SHA_256)): !TLS12_PRF', - 'PSA key_derivation KEY_AGREEMENT(ECDH,TLS12_PRF(SHA_384)): !TLS12_PRF', # We never test with the HMAC algorithm enabled but the HMAC # key type disabled. Those dependencies don't really make sense.