lib/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-07-30 22:43:08 +03:00
Code Activity

Merge branch 'development' into md-light

Browse Source 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
This commit is contained in:
Dave Rodgman
2023-03-03 14:28:13 +00:00
committed by GitHub
parent 1e57abd3ec 1f39a62ce6
commit 45cef61fa4
107 changed files with 6916 additions and 1422 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
tests/.gitignore vendored
View File

@ -13,6 +13,8 @@ data_files/hmac_drbg_seed
data_files/ctr_drbg_seed
data_files/entropy_seed
include/alt-extra/psa/crypto_platform_alt.h
include/alt-extra/psa/crypto_struct_alt.h
include/test/instrument_record_status.h
src/*.o

5
tests/Makefile
View File

@ -219,6 +219,7 @@ ifndef WINDOWS
rm -rf $(BINARIES) *.c *.datax
rm -f src/*.o src/drivers/*.o src/libmbed*
rm -f include/test/instrument_record_status.h
rm -f include/alt-extra/*/*_alt.h
rm -rf libtestdriver1
rm -f ../library/libtestdriver1.a
else
@ -244,6 +245,10 @@ check: $(BINARIES)
test: check
# Generate variants of some headers for testing
include/alt-extra/%_alt.h: ../include/%.h
perl -p -e 's/^(# *(define|ifndef) +\w+_)H\b/$${1}ALT_H/' $< >$@
# Generate test library
# Perl code that is executed to transform each original line from a library

19
tests/compat.sh
View File

@ -534,6 +534,16 @@ add_mbedtls_ciphersuites()
esac
}
# o_check_ciphersuite STANDARD_CIPHER_SUITE
o_check_ciphersuite()
{
if [ "${O_SUPPORT_ECDH}" = "NO" ]; then
case "$1" in
*ECDH_*) SKIP_NEXT="YES"
esac
fi
}
setup_arguments()
{
O_MODE=""
@ -603,6 +613,11 @@ setup_arguments()
;;
esac
case $($OPENSSL ciphers ALL) in
*ECDH-ECDSA*|*ECDH-RSA*) O_SUPPORT_ECDH="YES";;
*) O_SUPPORT_ECDH="NO";;
esac
if [ "X$VERIFY" = "XYES" ];
then
M_SERVER_ARGS="$M_SERVER_ARGS ca_file=data_files/test-ca_cat12.crt auth_mode=required"
@ -819,7 +834,7 @@ run_client() {
if [ $EXIT -eq 0 ]; then
RESULT=0
else
# If the cipher isn't supported...
# If it is NULL cipher ...
if grep 'Cipher is (NONE)' $CLI_OUT >/dev/null; then
RESULT=1
else
@ -1033,6 +1048,7 @@ for MODE in $MODES; do
start_server "OpenSSL"
translate_ciphers m $M_CIPHERS
for i in $ciphers; do
o_check_ciphersuite "${i%%=*}"
run_client mbedTLS ${i%%=*} ${i#*=}
done
stop_server
@ -1042,6 +1058,7 @@ for MODE in $MODES; do
start_server "mbedTLS"
translate_ciphers o $O_CIPHERS
for i in $ciphers; do
o_check_ciphersuite "${i%%=*}"
run_client OpenSSL ${i%%=*} ${i#*=}
done
stop_server

2
tests/configs/tls13-only.h
View File

@ -29,10 +29,12 @@
/* Disable TLS 1.2 and 1.2-specific features */
#undef MBEDTLS_SSL_ENCRYPT_THEN_MAC
#undef MBEDTLS_SSL_EXTENDED_MASTER_SECRET
#undef MBEDTLS_SSL_RENEGOTIATION
#undef MBEDTLS_SSL_PROTO_TLS1_2
#undef MBEDTLS_SSL_PROTO_DTLS
#undef MBEDTLS_SSL_DTLS_ANTI_REPLAY
#undef MBEDTLS_SSL_DTLS_HELLO_VERIFY
#undef MBEDTLS_SSL_DTLS_SRTP
#undef MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE
#undef MBEDTLS_SSL_DTLS_CONNECTION_ID
#undef MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT

44
tests/data_files/Makefile
View File

@ -140,6 +140,9 @@ test_csr_v3_all_malformed_attributes_extension_request_sequence_len1.csr.der: te
test_csr_v3_all_malformed_attributes_extension_request_sequence_len2.csr.der: test_csr_v3_all.csr.der
(hexdump -ve '1/1 "%.2X"' $< | sed "s/3051300B0603551D0F04/3050300B0603551D0F04/" | xxd -r -p ) > $@
test_cert_rfc822name.crt.der: cert_example_multi.csr
$(OPENSSL) x509 -req -CA $(test_ca_crt) -CAkey $(test_ca_key_file_rsa) -extfile $(test_ca_config_file) -outform DER -extensions rfc822name_names -passin "pass:$(test_ca_pwd_rsa)" -set_serial 17 -days 3653 -sha256 -in $< > $@
$(test_ca_key_file_rsa_alt):test-ca.opensslconf
$(OPENSSL) genrsa -out $@ 2048
test-ca-alt.csr: $(test_ca_key_file_rsa_alt) $(test_ca_config_file)
@ -336,6 +339,12 @@ server5-tricky-ip-san.crt: server5.key
$(OPENSSL) req -x509 -new -subj "/C=UK/O=Mbed TLS/CN=Mbed TLS Tricky IP SAN" -set_serial 77 -config $(test_ca_config_file) -extensions tricky_ip_san -days 3650 -sha256 -key server5.key -out $@
all_final += server5-tricky-ip-san.crt
rsa_single_san_uri.crt.der: rsa_single_san_uri.key
$(OPENSSL) req -x509 -outform der -nodes -days 7300 -newkey rsa:2048 -key $< -out $@ -addext "subjectAltName = URI:urn:example.com:5ff40f78-9210-494f-8206-c2c082f0609c" -extensions 'v3_req' -subj "/C=UK/O=Mbed TLS/CN=Mbed TLS URI SAN"
rsa_multiple_san_uri.crt.der: rsa_multiple_san_uri.key
$(OPENSSL) req -x509 -outform der -nodes -days 7300 -newkey rsa:2048 -key $< -out $@ -addext "subjectAltName = URI:urn:example.com:5ff40f78-9210-494f-8206-c2c082f0609c, URI:urn:example.com:5ff40f78-9210-494f-8206-abcde1234567" -extensions 'v3_req' -subj "/C=UK/O=Mbed TLS/CN=Mbed TLS URI SAN"
server10-badsign.crt: server10.crt
{ head -n-2 $<; tail -n-2 $< | sed -e '1s/0\(=*\)$$/_\1/' -e '1s/[^_=]\(=*\)$$/0\1/' -e '1s/_/1/'; } > $@
all_final += server10-badsign.crt
@ -1266,11 +1275,15 @@ pkcs7_test_cert_3 = pkcs7-rsa-sha256-3.crt
pkcs7_test_file = pkcs7_data.bin
$(pkcs7_test_file):
echo -e "Hello\xd" > $@
printf "Hello\15\n" > $@
all_final += $(pkcs7_test_file)
pkcs7_zerolendata.bin:
printf '' > $@
all_final += pkcs7_zerolendata.bin
pkcs7_data_1.bin:
echo -e "2\xd" > $@
printf "2\15\n" > $@
all_final += pkcs7_data_1.bin
# Generate signing cert
@ -1302,6 +1315,11 @@ pkcs7-rsa-sha256-2.der: $(pkcs7_test_cert_2)
$(OPENSSL) x509 -in pkcs7-rsa-sha256-2.crt -out $@ -outform DER
all_final += pkcs7-rsa-sha256-2.der
# pkcs7 signature file over zero-len data
pkcs7_zerolendata_detached.der: pkcs7_zerolendata.bin pkcs7-rsa-sha256-1.key pkcs7-rsa-sha256-1.crt
$(OPENSSL) smime -sign -md sha256 -nocerts -noattr -in pkcs7_zerolendata.bin -inkey pkcs7-rsa-sha256-1.key -outform DER -binary -signer pkcs7-rsa-sha256-1.crt -out pkcs7_zerolendata_detached.der
all_final += pkcs7_zerolendata_detached.der
# pkcs7 signature file with CERT
pkcs7_data_cert_signed_sha256.der: $(pkcs7_test_file) $(pkcs7_test_cert_1)
$(OPENSSL) smime -sign -binary -in pkcs7_data.bin -out $@ -md sha256 -signer pkcs7-rsa-sha256-1.pem -noattr -outform DER -out $@
@ -1345,19 +1363,31 @@ all_final += pkcs7_data_multiple_certs_signed.der
# pkcs7 signature file with corrupted CERT
pkcs7_data_signed_badcert.der: pkcs7_data_cert_signed_sha256.der
cp pkcs7_data_cert_signed_sha256.der $@
echo -en '\xa1' | dd of=$@ bs=1 seek=547 conv=notrunc
echo 'a1' | xxd -r -p | dd of=$@ bs=1 seek=547 conv=notrunc
all_final += pkcs7_data_signed_badcert.der
# pkcs7 signature file with corrupted signer info
pkcs7_data_signed_badsigner.der: pkcs7_data_cert_signed_sha256.der
cp pkcs7_data_cert_signed_sha256.der $@
echo -en '\xa1' | dd of=$@ bs=1 seek=918 conv=notrunc
echo 'a1' | xxd -r -p | dd of=$@ bs=1 seek=918 conv=notrunc
all_final += pkcs7_data_signed_badsigner.der
# pkcs7 signature file with invalid tag in signerInfo[1].serial after long issuer name
pkcs7_signerInfo_1_serial_invalid_tag_after_long_name.der: pkcs7_data_multiple_signed.der
cp $< $@
echo 'a1' | xxd -r -p | dd of=$@ bs=1 seek=498 conv=notrunc
all_final += pkcs7_signerInfo_1_serial_invalid_tag_after_long_name.der
# pkcs7 signature file with invalid tag in signerInfo[2]
pkcs7_signerInfo_2_invalid_tag.der: pkcs7_data_3_signed.der
cp $< $@
echo 'a1' | xxd -r -p | dd of=$@ bs=1 seek=810 conv=notrunc
all_final += pkcs7_signerInfo_2_invalid_tag.der
# pkcs7 file with version 2
pkcs7_data_cert_signed_v2.der: pkcs7_data_cert_signed_sha256.der
cp pkcs7_data_cert_signed_sha256.der $@
echo -en '\x02' | dd of=$@ bs=1 seek=25 conv=notrunc
echo '02' | xxd -r -p | dd of=$@ bs=1 seek=25 conv=notrunc
all_final += pkcs7_data_cert_signed_v2.der
pkcs7_data_cert_encrypted.der: $(pkcs7_test_file) $(pkcs7_test_cert_1)
@ -1368,12 +1398,12 @@ all_final += pkcs7_data_cert_encrypted.der
# For some interesting sizes, what happens if we make them off-by-one?
pkcs7_signerInfo_issuer_invalid_size.der: pkcs7_data_cert_signed_sha256.der
cp $< $@
echo -en '\x35' | dd of=$@ seek=919 bs=1 conv=notrunc
echo '35' | xxd -r -p | dd of=$@ seek=919 bs=1 conv=notrunc
all_final += pkcs7_signerInfo_issuer_invalid_size.der
pkcs7_signerInfo_serial_invalid_size.der: pkcs7_data_cert_signed_sha256.der
cp $< $@
echo -en '\x15' | dd of=$@ seek=973 bs=1 conv=notrunc
echo '15' | xxd -r -p | dd of=$@ seek=973 bs=1 conv=notrunc
all_final += pkcs7_signerInfo_serial_invalid_size.der
# pkcs7 signature file just with signed data

BIN
tests/data_files/pkcs7_get_signers_info_set-leak-fuzz_pkcs7-4541044530479104.der
View File

Binary file not shown.

BIN
tests/data_files/pkcs7_get_signers_info_set-missing_free-fuzz_pkcs7-6213931373035520.der
View File

Binary file not shown.

BIN
tests/data_files/pkcs7_signerInfo_1_serial_invalid_tag_after_long_name.der Normal file
View File

Binary file not shown.

BIN
tests/data_files/pkcs7_signerInfo_2_invalid_tag.der Normal file
View File

Binary file not shown.

0
tests/data_files/pkcs7_zerolendata.bin Normal file
View File

BIN
tests/data_files/pkcs7_zerolendata_detached.der Normal file
View File

Binary file not shown.

BIN
tests/data_files/rsa_multiple_san_uri.crt.der Normal file
View File

Binary file not shown.

28
tests/data_files/rsa_multiple_san_uri.key Normal file
View File

@ -0,0 +1,28 @@
-----BEGIN PRIVATE KEY-----
MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCxc5q8z8XR6vH2
1Ko29Mk3dOKpSOrX9Tb5HtmCQMoKIxnTUQrNkVeOQtiQt6XZo05cbA6Z87kWDgGJ
P/5Lxofrx13Rp1xZzZ+0AAPfvUCY5tzZwmicQWvu9st6JwTyaLTCzSt0cPTUs5Hi
hJt9RzSW6GTk5ANjjgoewOMhwh5f84JRURJ2INZjz4namBGe/9f14ZHxKWuxl5in
+z582rSEhLXrPLbaKjT3Jphff51xsusC+pP0xNqkAcrGJ+/Jk0Vk6ClRCd40ZcTB
4SkOqsZ8/uGWnradkrN74PoMMnSKKOuxlsVMPfzMkrlMbuazO4nK/osTAnoSqMUv
COBdXkTtAgMBAAECggEANVlTIQa6K3UeD546GlGXmQOcDVbtu8VuJJFgxScjVs7c
uco4nDrg/tUb9M4xn2/YZDLcZO6AK6BEV/YURsXGIV2L2DcfraQDKoOCpqZoIE/v
/8vR1YBZqbsqy2ulshdGmPZD5Tr8cGIYLui9MnnQ1rnBc4sVdb3DTyGgZ4rLxP6X
0BoHw+LQA0wwSbE/NW71qmeDSEDkSkUQISVg6Rp06U0PZaJAWtYoBNKGAsDGAhjc
vVTXE5B9d+3yOM0InCWFsM/bUvaUv/yxxTcZnVq9Lji3KwDhy63F99pUaFnV6Rf2
3CKO3VHegWSwMcnYaBbufDqWPHuEDSlZ0nRhrbrKRQKBgQD6dQd0xPHfxIz5l+AC
1kPHIsUKPEirrJKTVHlxQwT0yVpD+yUkF95HY6NgHVHKnRP9qicqr3raIfA01VQc
y+lhXo6xUAqYsKvB9m4njERFWMTCVSVU30Klhic/s4R/1abKlvkax1SiQFIRStqC
onsZ0M1Isw69/I8Yha3mzv/gvwKBgQC1YPXnd5dZmdbe0UibBWjU5X6AQGt+oxL+
+6EP3EfuRmYI3i3r2bdbB3ELd95f8tgV0UagmjQfFoigBsuRfbhrQEPSHMBWYpAV
+TZKxUvmpJXwLEgxcPv7VTTvxw0qL1u1s/dX6WBfEOUgVzPgcp+IJGEr1MZekTqt
P65coDpZUwKBgAmrLuiBGd1Lly2jgVBauS8c1oJ4pU2LUfVCE5Ydwjk49LUfIuXr
zfbvj8UMHLY3rifiw7RQJev5124StjaOYKoTnmqV7nLKjzbjroj0T0ZmEOJ3qwNF
wyrkrOs2oOzWcKPthBxWiZvh48krHJhicWIjv2kJEI6hC10k+/unDhW9AoGAZyRg
MeRb+OP2wHaapy0IVCi9Kwl3F2h8oOtOx8ooTWNTGq/dxUTlc6pjqnXbyww5vQ5o
72NBSHxz7SxwDqhDexnsd0tKRNV/wj8ZlKNlah8l9JH568OoR2BI3iF/ZwHPUSCq
Ax//YZAl+6IbKgOEnNKzP02cEKLdjy+rY5jqFWkCgYEAmEl4mg1IGoVDM6d3iIPP
JLz5DghV8kP++99vFrJx07D6e/uhzojR73Ye+fq69Vy0yjGXpaRPwwHfvPzDA1hm
ir7rJWsbbskR+iTn2yKvIpB1wBI1u0SQ4lnJ1ZIVJPVlh4yA29JvPT7/7/2nQ/s6
v0N2oKrfaiKc7BjCz3eYW4Q=
-----END PRIVATE KEY-----

BIN
tests/data_files/rsa_single_san_uri.crt.der Normal file
View File

Binary file not shown.

28
tests/data_files/rsa_single_san_uri.key Normal file
View File

@ -0,0 +1,28 @@
-----BEGIN PRIVATE KEY-----
MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCng06zdlkhYiBK
43H+cK+vkHYvvRA2RtWbLMw+9rV9IrdGQ+iQQ/X1SZfDl2hWUiKTpabcuGYzY38H
lXW4UXwTB36KEe7G3yF/fbvYzNsdUCAVOzNs/0EMvXJeD/Dm5CBMEsG6V0ovHmkc
c80fQYQiSxgjpWyRpKdP+z/2imGph9onuu7EWOpAXGArozlLL5OixQ2dmutsc5ap
hfgwq6za00uKsFifolRtAhiH86N0vjiAJkzZR83uBlI285sj5+EzRrtjVv+kgsLW
gLDlj3bgsuKQDfxWhe+mpy2PIJ41kqktCz1qew3wyHI2ysE+6htHYQMNbCtkRMdX
/4t1yx95AgMBAAECggEAIIhn6IK7nLgp/WFe6kOIW1h7G5pkY6YuJgz1PeU8Kilr
3sGhkSMhyZmZV+s34EvjWzl4xrUpZCGWsipcyodIyYlTEg2ZihYbs17/9IMUqwS8
tmLhAfIw+ABzDcGaz7zOaPfbmA0L40rMrzHuTHu05dQfxAyEoWSQ+f+Z1I/bl8jy
GdXQVtqZzqJcWXbXt+3+B4f2/d7K5xzb7lv/8zhAf/zoG9srMByPa6/Do5rVas5Q
NmzJPwXngxE5dJcHsWU4FkHbSbJj0khW858MJ4o5Ddw5ZOPimqlcmpClb01wCdXf
13o2ozKGE/xq3InU7MA4ad0tLMdEM8R7yhUZ9Xe/gQKBgQDYXt4BhiamnSl1tHR8
MiiyzkcZuVH04/A6FsnUhcbQF9iCqO9szw50k0z7DVIGS9dSY9kmMdEcpsX6m2XC
XfEsxHBm0wmJqLUGq3UzM6oDsyZG1fkTg+eMzbVO0sv4xdhJLPpmsck5yJ8t0TxB
8gIS9yNEw7+w6rZhgSRsMT+WhQKBgQDGMZ0qIdFi1Ae7ueTcBCe+cjgmTG9nXq6+
qRokU63rPP9y8XTVD6hRmviMRl4skt0F39yGJ7janIQnOBrf2DVEX4Mcf0sY4vDJ
msDV5jkbzgbAEas0ejO4h+dpRqa4mUiU1JR/Pb1jZHNOg7ZfTw45WPqBGsLTEpAt
OsKVUgbZZQKBgCIe+8WjwS6fNC2SspfvVQm1i/Lbjbgfxf9zHor8ObkROZyJRZCU
KoRpwkcI97l0dlVQ16q1SnPJPQljPi3joKfdppggia2CxGFz4nybliEVPGEJV0kj
kP1cZ04x4eauVIhdpnNRcBlDsQ6Jo4YGwxr4jEBI2k7tBKvlsLe7IHr9AoGAeJmi
IAwaBIAvAH16lKL2qD2Ki0uBkq4buSrfHHHK59TjQEdLJ4byjk21pm3/SjJHyhZR
c1TieCw7gj3ypHlE2IkiGAohYVBe4t6HLuF7qL6yfteBjVo69LPGDdqPAs9LSj0c
61xfTQbH32PoapCJgD3zmPH20Ud/cfZKh2A1iL0CgYEAwQgGxHVo+/d3BhLQvQHt
64fE+qrZA5oWWwBh8EzR+98eOnDCF3Gm6chrEs9boOzlwxr9LU4TgiBnpyYrQCEw
AdOA9dhYz91d+chJZjKo635Y9byN9rutr3/EfqZLxWL73k1y5LNAYL+jyAab0Jsw
l2xG6PNj5rItkgO3j50qA7s=
-----END PRIVATE KEY-----

3
tests/data_files/test-ca.opensslconf
View File

@ -24,6 +24,9 @@ subjectAltName=otherName:1.2.3.4;UTF8:some other identifier
[dns_alt_names]
subjectAltName=DNS:example.com, DNS:example.net, DNS:*.example.org
[rfc822name_names]
subjectAltName=email:my@other.address,email:second@other.address
[alt_names]
DNS.1=example.com
otherName.1=1.3.6.1.5.5.7.8.4;SEQ:hw_module_name

BIN
tests/data_files/test_cert_rfc822name.crt.der Normal file
View File

Binary file not shown.

7
tests/include/alt-extra/psa/crypto.h Normal file
View File

@ -0,0 +1,7 @@
/* The goal of the include/alt-extra directory is to test what happens
* if certain files come _after_ the normal include directory.
* Make sure that if the alt-extra directory comes before the normal
* directory (so we wouldn't be achieving our test objective), the build
* will fail.
*/
#error "The normal include directory must come first in the include path"

35
tests/scripts/all.sh
View File

@ -388,7 +388,7 @@ armc6_build_test()
msg "build: ARM Compiler 6 ($FLAGS)"
ARM_TOOL_VARIANT="ult" CC="$ARMC6_CC" AR="$ARMC6_AR" CFLAGS="$FLAGS" \
WARNING_CFLAGS='-xc -std=c99' make lib
WARNING_CFLAGS='-Werror -xc -std=c99' make lib
msg "size: ARM Compiler 6 ($FLAGS)"
"$ARMC6_FROMELF" -z library/*.o
@ -1978,6 +1978,7 @@ component_build_module_alt () {
# aesni.c and padlock.c reference mbedtls_aes_context fields directly.
scripts/config.py unset MBEDTLS_AESNI_C
scripts/config.py unset MBEDTLS_PADLOCK_C
scripts/config.py unset MBEDTLS_AESCE_C
# MBEDTLS_ECP_RESTARTABLE is documented as incompatible.
scripts/config.py unset MBEDTLS_ECP_RESTARTABLE
# You can only have one threading implementation: alt or pthread, not both.
@ -3263,6 +3264,27 @@ component_build_psa_config_file () {
rm -f psa_test_config.h psa_user_config.h
}
component_build_psa_alt_headers () {
msg "build: make with PSA alt headers" # ~20s
# Generate alternative versions of the substitutable headers with the
# same content except different include guards.
make -C tests include/alt-extra/psa/crypto_platform_alt.h include/alt-extra/psa/crypto_struct_alt.h
# Build the library and some programs.
# Don't build the fuzzers to avoid having to go through hoops to set
# a correct include path for programs/fuzz/Makefile.
make CFLAGS="-I ../tests/include/alt-extra -DMBEDTLS_PSA_CRYPTO_PLATFORM_FILE='\"psa/crypto_platform_alt.h\"' -DMBEDTLS_PSA_CRYPTO_STRUCT_FILE='\"psa/crypto_struct_alt.h\"'" lib
make -C programs -o fuzz CFLAGS="-I ../tests/include/alt-extra -DMBEDTLS_PSA_CRYPTO_PLATFORM_FILE='\"psa/crypto_platform_alt.h\"' -DMBEDTLS_PSA_CRYPTO_STRUCT_FILE='\"psa/crypto_struct_alt.h\"'"
# Check that we're getting the alternative include guards and not the
# original include guards.
programs/test/query_included_headers | grep -x PSA_CRYPTO_PLATFORM_ALT_H
programs/test/query_included_headers | grep -x PSA_CRYPTO_STRUCT_ALT_H
programs/test/query_included_headers | not grep -x PSA_CRYPTO_PLATFORM_H
programs/test/query_included_headers | not grep -x PSA_CRYPTO_STRUCT_H
}
component_test_m32_o0 () {
# Build without optimization, so as to use portable C code (in a 32-bit
# build) and not the i386-specific inline assembly.
@ -3346,6 +3368,7 @@ component_test_have_int32 () {
scripts/config.py unset MBEDTLS_HAVE_ASM
scripts/config.py unset MBEDTLS_AESNI_C
scripts/config.py unset MBEDTLS_PADLOCK_C
scripts/config.py unset MBEDTLS_AESCE_C
make CC=gcc CFLAGS='-Werror -Wall -Wextra -DMBEDTLS_HAVE_INT32'
msg "test: gcc, force 32-bit bignum limbs"
@ -3357,6 +3380,7 @@ component_test_have_int64 () {
scripts/config.py unset MBEDTLS_HAVE_ASM
scripts/config.py unset MBEDTLS_AESNI_C
scripts/config.py unset MBEDTLS_PADLOCK_C
scripts/config.py unset MBEDTLS_AESCE_C
make CC=gcc CFLAGS='-Werror -Wall -Wextra -DMBEDTLS_HAVE_INT64'
msg "test: gcc, force 64-bit bignum limbs"
@ -3481,6 +3505,15 @@ component_build_armcc () {
scripts/config.py baremetal
# armc[56] don't support SHA-512 intrinsics
scripts/config.py unset MBEDTLS_SHA512_USE_A64_CRYPTO_IF_PRESENT
# Stop armclang warning about feature detection for A64_CRYPTO.
# With this enabled, the library does build correctly under armclang,
# but in baremetal builds (as tested here), feature detection is
# unavailable, and the user is notified via a #warning. So enabling
# this feature would prevent us from building with -Werror on
# armclang. Tracked in #7198.
scripts/config.py unset MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT
scripts/config.py set MBEDTLS_HAVE_ASM
make CC="$ARMC5_CC" AR="$ARMC5_AR" WARNING_CFLAGS='--strict --c99' lib

95
tests/scripts/depends.py
View File

@ -23,7 +23,7 @@ Test Mbed TLS with a subset of algorithms.
This script can be divided into several steps:
First, include/mbedtls/mbedtls_config.h or a different config file passed
in the arguments is parsed to extract any configuration options (collect_config_symbols).
in the arguments is parsed to extract any configuration options (using config.py).
Then, test domains (groups of jobs, tests) are built based on predefined data
collected in the DomainData class. Here, each domain has five major traits:
@ -65,6 +65,11 @@ import shutil
import subprocess
import sys
import traceback
from typing import Union
# Add the Mbed TLS Python library directory to the module search path
import scripts_path # pylint: disable=unused-import
import config
class Colors: # pylint: disable=too-few-public-methods
"""Minimalistic support for colored output.
@ -74,6 +79,7 @@ that outputting start switches the text color to the desired color and
stop switches the text color back to the default."""
red = None
green = None
cyan = None
bold_red = None
bold_green = None
def __init__(self, options=None):
@ -89,6 +95,7 @@ stop switches the text color back to the default."""
normal = '\033[0m'
self.red = ('\033[31m', normal)
self.green = ('\033[32m', normal)
self.cyan = ('\033[36m', normal)
self.bold_red = ('\033[1;31m', normal)
self.bold_green = ('\033[1;32m', normal)
NO_COLORS = Colors(None)
@ -124,34 +131,38 @@ Remove the backup file if it was saved earlier."""
else:
shutil.copy(options.config_backup, options.config)
def run_config_py(options, args):
"""Run scripts/config.py with the specified arguments."""
cmd = ['scripts/config.py']
if options.config != 'include/mbedtls/mbedtls_config.h':
cmd += ['--file', options.config]
cmd += args
log_command(cmd)
subprocess.check_call(cmd)
def option_exists(conf, option):
return option in conf.settings
def set_reference_config(options):
def set_config_option_value(conf, option, colors, value: Union[bool, str]):
"""Set/unset a configuration option, optionally specifying a value.
value can be either True/False (set/unset config option), or a string,
which will make a symbol defined with a certain value."""
if not option_exists(conf, option):
log_line('Symbol {} was not found in {}'.format(option, conf.filename), color=colors.red)
return False
if value is False:
log_command(['config.py', 'unset', option])
conf.unset(option)
elif value is True:
log_command(['config.py', 'set', option])
conf.set(option)
else:
log_command(['config.py', 'set', option, value])
conf.set(option, value)
return True
def set_reference_config(conf, options, colors):
"""Change the library configuration file (mbedtls_config.h) to the reference state.
The reference state is the one from which the tested configurations are
derived."""
# Turn off options that are not relevant to the tests and slow them down.
run_config_py(options, ['full'])
run_config_py(options, ['unset', 'MBEDTLS_TEST_HOOKS'])
log_command(['config.py', 'full'])
conf.adapt(config.full_adapter)
set_config_option_value(conf, 'MBEDTLS_TEST_HOOKS', colors, False)
if options.unset_use_psa:
run_config_py(options, ['unset', 'MBEDTLS_USE_PSA_CRYPTO'])
def collect_config_symbols(options):
"""Read the list of settings from mbedtls_config.h.
Return them in a generator."""
with open(options.config, encoding="utf-8") as config_file:
rx = re.compile(r'\s*(?://\s*)?#define\s+(\w+)\s*(?:$|/[/*])')
for line in config_file:
m = re.match(rx, line)
if m:
yield m.group(1)
set_config_option_value(conf, 'MBEDTLS_USE_PSA_CRYPTO', colors, False)
class Job:
"""A job builds the library in a specific configuration and runs some tests."""
@ -179,19 +190,16 @@ If what is False, announce that the job has failed.'''
elif what is False:
log_line(self.name + ' FAILED', color=colors.red)
else:
log_line('starting ' + self.name)
log_line('starting ' + self.name, color=colors.cyan)
def configure(self, options):
def configure(self, conf, options, colors):
'''Set library configuration options as required for the job.'''
set_reference_config(options)
set_reference_config(conf, options, colors)
for key, value in sorted(self.config_settings.items()):
if value is True:
args = ['set', key]
elif value is False:
args = ['unset', key]
else:
args = ['set', key, value]
run_config_py(options, args)
ret = set_config_option_value(conf, key, colors, value)
if ret is False:
return False
return True
def test(self, options):
'''Run the job's build and test commands.
@ -382,11 +390,11 @@ class DomainData:
return [symbol for symbol in self.all_config_symbols
if re.match(regexp, symbol)]
def __init__(self, options):
def __init__(self, options, conf):
"""Gather data about the library and establish a list of domains to test."""
build_command = [options.make_command, 'CFLAGS=-Werror']
build_and_test = [build_command, [options.make_command, 'test']]
self.all_config_symbols = set(collect_config_symbols(options))
self.all_config_symbols = set(conf.settings.keys())
# Find hash modules by name.
hash_symbols = self.config_symbols_matching(r'MBEDTLS_(MD|RIPEMD|SHA)[0-9]+_C\Z')
# Find elliptic curve enabling macros by name.
@ -442,16 +450,19 @@ A name can either be the name of a domain or the name of one specific job."""
else:
return [self.jobs[name]]
def run(options, job, colors=NO_COLORS):
def run(options, job, conf, colors=NO_COLORS):
"""Run the specified job (a Job instance)."""
subprocess.check_call([options.make_command, 'clean'])
job.announce(colors, None)
job.configure(options)
if not job.configure(conf, options, colors):
job.announce(colors, False)
return False
conf.write()
success = job.test(options)
job.announce(colors, success)
return success
def run_tests(options, domain_data):
def run_tests(options, domain_data, conf):
"""Run the desired jobs.
domain_data should be a DomainData instance that describes the available
domains and jobs.
@ -467,7 +478,7 @@ Run the jobs listed in options.tasks."""
backup_config(options)
try:
for job in jobs:
success = run(options, job, colors=colors)
success = run(options, job, conf, colors=colors)
if not success:
if options.keep_going:
failures.append(job.name)
@ -533,7 +544,9 @@ def main():
default=True)
options = parser.parse_args()
os.chdir(options.directory)
domain_data = DomainData(options)
conf = config.ConfigFile(options.config)
domain_data = DomainData(options, conf)
if options.tasks is True:
options.tasks = sorted(domain_data.domains.keys())
if options.list:
@ -542,7 +555,7 @@ def main():
print(domain_name)
sys.exit(0)
else:
sys.exit(0 if run_tests(options, domain_data) else 1)
sys.exit(0 if run_tests(options, domain_data, conf) else 1)
except Exception: # pylint: disable=broad-except
traceback.print_exc()
sys.exit(3)

2
tests/suites/test_suite_constant_time.function
View File

@ -18,7 +18,7 @@
/* BEGIN_CASE */
void mbedtls_ct_memcmp_null()
{
uint32_t x;
uint32_t x = 0;
TEST_ASSERT(mbedtls_ct_memcmp(&x, NULL, 0) == 0);
TEST_ASSERT(mbedtls_ct_memcmp(NULL, &x, 0) == 0);
TEST_ASSERT(mbedtls_ct_memcmp(NULL, NULL, 0) == 0);

112
tests/suites/test_suite_ecp.data
View File

@ -1038,3 +1038,115 @@ ecp_check_order:MBEDTLS_ECP_DP_SECP256K1:"fffffffffffffffffffffffffffffffebaaedc
ECP check order for CURVE448
depends_on:MBEDTLS_ECP_DP_CURVE448_ENABLED
ecp_check_order:MBEDTLS_ECP_DP_CURVE448:"3fffffffffffffffffffffffffffffffffffffffffffffffffffffff7cca23e9c44edb49aed63690216cc2728dc58f552378c292ab5844f3"
ecp_setup #1 MBEDTLS_ECP_MOD_COORDINATE(MBEDTLS_ECP_DP_SECP192R1)
depends_on:MBEDTLS_ECP_DP_SECP192R1_ENABLED
ecp_mod_setup:"fffffffffffffffffffffffffffffffeffffffffffffffff":MBEDTLS_ECP_DP_SECP192R1:MBEDTLS_ECP_MOD_COORDINATE:0
ecp_setup #2 MBEDTLS_ECP_MOD_COORDINATE(MBEDTLS_ECP_DP_SECP224R1)
depends_on:MBEDTLS_ECP_DP_SECP224R1_ENABLED
ecp_mod_setup:"00000000ffffffffffffffffffffffffffffffff000000000000000000000001":MBEDTLS_ECP_DP_SECP224R1:MBEDTLS_ECP_MOD_COORDINATE:0
ecp_setup #3 MBEDTLS_ECP_MOD_COORDINATE(MBEDTLS_ECP_DP_SECP256R1)
depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED
ecp_mod_setup:"ffffffff00000001000000000000000000000000ffffffffffffffffffffffff":MBEDTLS_ECP_DP_SECP256R1:MBEDTLS_ECP_MOD_COORDINATE:0
ecp_setup #4 MBEDTLS_ECP_MOD_COORDINATE(MBEDTLS_ECP_DP_SECP384R1)
depends_on:MBEDTLS_ECP_DP_SECP384R1_ENABLED
ecp_mod_setup:"fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffeffffffff0000000000000000ffffffff":MBEDTLS_ECP_DP_SECP384R1:MBEDTLS_ECP_MOD_COORDINATE:0
ecp_setup #5 MBEDTLS_ECP_MOD_COORDINATE(MBEDTLS_ECP_DP_SECP521R1)
depends_on:MBEDTLS_ECP_DP_SECP521R1_ENABLED
ecp_mod_setup:"1ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff":MBEDTLS_ECP_DP_SECP521R1:MBEDTLS_ECP_MOD_COORDINATE:0
ecp_setup #6 MBEDTLS_ECP_MOD_COORDINATE(MBEDTLS_ECP_DP_BP256R1)
depends_on:MBEDTLS_ECP_DP_BP256R1_ENABLED
ecp_mod_setup:"a9fb57dba1eea9bc3e660a909d838d726e3bf623d52620282013481d1f6e5377":MBEDTLS_ECP_DP_BP256R1:MBEDTLS_ECP_MOD_COORDINATE:0
ecp_setup #7 MBEDTLS_ECP_MOD_COORDINATE(MBEDTLS_ECP_DP_BP384R1)
depends_on:MBEDTLS_ECP_DP_BP384R1_ENABLED
ecp_mod_setup:"8cb91e82a3386d280f5d6f7e50e641df152f7109ed5456b412b1da197fb71123acd3a729901d1a71874700133107ec53":MBEDTLS_ECP_DP_BP384R1:MBEDTLS_ECP_MOD_COORDINATE:0
ecp_setup #8 MBEDTLS_ECP_MOD_COORDINATE(MBEDTLS_ECP_DP_BP512R1)
depends_on:MBEDTLS_ECP_DP_BP512R1_ENABLED
ecp_mod_setup:"aadd9db8dbe9c48b3fd4e6ae33c9fc07cb308db3b3c9d20ed6639cca703308717d4d9b009bc66842aecda12ae6a380e62881ff2f2d82c68528aa6056583a48f3":MBEDTLS_ECP_DP_BP512R1:MBEDTLS_ECP_MOD_COORDINATE:0
ecp_setup #9 MBEDTLS_ECP_MOD_COORDINATE(MBEDTLS_ECP_DP_CURVE25519)
depends_on:MBEDTLS_ECP_DP_CURVE25519_ENABLED
ecp_mod_setup:"7fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffed":MBEDTLS_ECP_DP_CURVE25519:MBEDTLS_ECP_MOD_COORDINATE:0
ecp_setup #10 MBEDTLS_ECP_MOD_COORDINATE(MBEDTLS_ECP_DP_SECP192K1)
depends_on:MBEDTLS_ECP_DP_SECP192K1_ENABLED
ecp_mod_setup:"fffffffffffffffffffffffffffffffffffffffeffffee37":MBEDTLS_ECP_DP_SECP192K1:MBEDTLS_ECP_MOD_COORDINATE:0
ecp_setup #11 MBEDTLS_ECP_MOD_COORDINATE(MBEDTLS_ECP_DP_SECP224K1)
depends_on:MBEDTLS_ECP_DP_SECP224K1_ENABLED
ecp_mod_setup:"fffffffffffffffffffffffffffffffffffffffffffffffeffffe56d":MBEDTLS_ECP_DP_SECP224K1:MBEDTLS_ECP_MOD_COORDINATE:0
ecp_setup #12 MBEDTLS_ECP_MOD_COORDINATE(MBEDTLS_ECP_DP_SECP256K1)
depends_on:MBEDTLS_ECP_DP_SECP256K1_ENABLED
ecp_mod_setup:"fffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc2f":MBEDTLS_ECP_DP_SECP256K1:MBEDTLS_ECP_MOD_COORDINATE:0
ecp_setup #13 MBEDTLS_ECP_MOD_COORDINATE(MBEDTLS_ECP_DP_CURVE448)
depends_on:MBEDTLS_ECP_DP_CURVE448_ENABLED
ecp_mod_setup:"000000000000000fffffffffffffffffffffffffffffffffffffffffffffffffffffffeffffffffffffffffffffffffffffffffffffffffffffffffffffffff":MBEDTLS_ECP_DP_CURVE448:MBEDTLS_ECP_MOD_COORDINATE:0
ecp_setup #14 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_SECP192R1)
depends_on:MBEDTLS_ECP_DP_SECP192R1_ENABLED
ecp_mod_setup:"ffffffffffffffffffffffff99def836146bc9b1b4d22831":MBEDTLS_ECP_DP_SECP192R1:MBEDTLS_ECP_MOD_SCALAR:0
ecp_setup #15 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_SECP224R1)
depends_on:MBEDTLS_ECP_DP_SECP224R1_ENABLED
ecp_mod_setup:"ffffffffffffffffffffffffffff16a2e0b8f03e13dd29455c5c2a3d":MBEDTLS_ECP_DP_SECP224R1:MBEDTLS_ECP_MOD_SCALAR:0
ecp_setup #16 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_SECP256R1)
depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED
ecp_mod_setup:"ffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632551":MBEDTLS_ECP_DP_SECP256R1:MBEDTLS_ECP_MOD_SCALAR:0
ecp_setup #17 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_SECP384R1)
depends_on:MBEDTLS_ECP_DP_SECP384R1_ENABLED
ecp_mod_setup:"ffffffffffffffffffffffffffffffffffffffffffffffffc7634d81f4372ddf581a0db248b0a77aecec196accc52973":MBEDTLS_ECP_DP_SECP384R1:MBEDTLS_ECP_MOD_SCALAR:0
ecp_setup #18 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_SECP521R1)
depends_on:MBEDTLS_ECP_DP_SECP521R1_ENABLED
ecp_mod_setup:"1fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffa51868783bf2f966b7fcc0148f709a5d03bb5c9b8899c47aebb6fb71e91386409":MBEDTLS_ECP_DP_SECP521R1:MBEDTLS_ECP_MOD_SCALAR:0
ecp_setup #19 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_BP256R1)
depends_on:MBEDTLS_ECP_DP_BP256R1_ENABLED
ecp_mod_setup:"a9fb57dba1eea9bc3e660a909d838d718c397aa3b561a6f7901e0e82974856a7":MBEDTLS_ECP_DP_BP256R1:MBEDTLS_ECP_MOD_SCALAR:0
ecp_setup #20 MBEDTLS_ECP_MOD_COORDINATE(MBEDTLS_ECP_DP_BP384R1)
depends_on:MBEDTLS_ECP_DP_BP384R1_ENABLED
ecp_mod_setup:"8cb91e82a3386d280f5d6f7e50e641df152f7109ed5456b412b1da197fb71123acd3a729901d1a71874700133107ec53":MBEDTLS_ECP_DP_BP384R1:MBEDTLS_ECP_MOD_COORDINATE:0
ecp_setup #21 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_BP512R1)
depends_on:MBEDTLS_ECP_DP_BP512R1_ENABLED
ecp_mod_setup:"aadd9db8dbe9c48b3fd4e6ae33c9fc07cb308db3b3c9d20ed6639cca70330870553e5c414ca92619418661197fac10471db1d381085ddaddb58796829ca90069":MBEDTLS_ECP_DP_BP512R1:MBEDTLS_ECP_MOD_SCALAR:0
ecp_setup #22 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_CURVE25519)
depends_on:MBEDTLS_ECP_DP_CURVE25519_ENABLED
ecp_mod_setup:"1000000000000000000000000000000014def9dea2f79cd65812631a5cf5d3ed":MBEDTLS_ECP_DP_CURVE25519:MBEDTLS_ECP_MOD_SCALAR:0
ecp_setup #23 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_SECP192K1)
depends_on:MBEDTLS_ECP_DP_SECP192K1_ENABLED
ecp_mod_setup:"fffffffffffffffffffffffe26f2fc170f69466a74defd8d":MBEDTLS_ECP_DP_SECP192K1:MBEDTLS_ECP_MOD_SCALAR:0
ecp_setup #24 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_SECP224K1)
depends_on:MBEDTLS_ECP_DP_SECP224K1_ENABLED
ecp_mod_setup:"000000010000000000000000000000000001dce8d2ec6184caf0a971769fb1f7":MBEDTLS_ECP_DP_SECP224K1:MBEDTLS_ECP_MOD_SCALAR:0
ecp_setup #25 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_SECP256K1)
depends_on:MBEDTLS_ECP_DP_SECP256K1_ENABLED
ecp_mod_setup:"fffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364141":MBEDTLS_ECP_DP_SECP256K1:MBEDTLS_ECP_MOD_SCALAR:0
ecp_setup #26 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_CURVE448)
depends_on:MBEDTLS_ECP_DP_CURVE448_ENABLED
ecp_mod_setup:"0000000000000003fffffffffffffffffffffffffffffffffffffffffffffffffffffff7cca23e9c44edb49aed63690216cc2728dc58f552378c292ab5844f3":MBEDTLS_ECP_DP_CURVE448:MBEDTLS_ECP_MOD_SCALAR:0
ecp_setup_negative_test #27 Invalid Moduli Type
depends_on:MBEDTLS_ECP_DP_CURVE448_ENABLED
ecp_mod_setup:"fffffffffffffffffffffffe26f2fc17f69466a74defd8d":MBEDTLS_ECP_DP_CURVE448:MBEDTLS_ECP_MOD_NONE:MBEDTLS_ERR_ECP_BAD_INPUT_DATA
ecp_setup_negative_test #28 Invalid Curve Type
depends_on:MBEDTLS_ECP_DP_CURVE448_ENABLED
ecp_mod_setup:"fffffffffffffffffffffffe26f2fc17f69466a74defd8d":MBEDTLS_ECP_DP_NONE:MBEDTLS_ECP_MOD_SCALAR:MBEDTLS_ERR_ECP_BAD_INPUT_DATA

86
tests/suites/test_suite_ecp.function
View File

@ -1,11 +1,12 @@
/* BEGIN_HEADER */
#include "mbedtls/ecp.h"
#include "ecp_invasive.h"
#include "mbedtls/ecdsa.h"
#include "mbedtls/ecdh.h"
#include "bignum_core.h"
#include "bignum_mod_raw_invasive.h"
#include "ecp_invasive.h"
#include "bignum_mod_raw_invasive.h"
#if defined(MBEDTLS_TEST_HOOKS) && \
(defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED) || \
@ -1344,3 +1345,86 @@ exit:
mbedtls_free(N);
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_TEST_HOOKS */
void ecp_mod_p521_raw(char *input_N,
char *input_X,
char *result)
{
mbedtls_mpi_uint *X = NULL;
mbedtls_mpi_uint *N = NULL;
mbedtls_mpi_uint *res = NULL;
size_t limbs_X;
size_t limbs_N;
size_t limbs_res;
mbedtls_mpi_mod_modulus m;
mbedtls_mpi_mod_modulus_init(&m);
TEST_EQUAL(mbedtls_test_read_mpi_core(&X, &limbs_X, input_X), 0);
TEST_EQUAL(mbedtls_test_read_mpi_core(&N, &limbs_N, input_N), 0);
TEST_EQUAL(mbedtls_test_read_mpi_core(&res, &limbs_res, result), 0);
size_t limbs = limbs_N;
size_t bytes = limbs * sizeof(mbedtls_mpi_uint);
TEST_EQUAL(limbs_X, 2 * limbs);
TEST_EQUAL(limbs_res, limbs);
TEST_EQUAL(mbedtls_mpi_mod_modulus_setup(
&m, N, limbs,
MBEDTLS_MPI_MOD_REP_MONTGOMERY), 0);
TEST_EQUAL(mbedtls_ecp_mod_p521_raw(X, limbs_X), 0);
TEST_LE_U(mbedtls_mpi_core_bitlen(X, limbs_X), 522);
mbedtls_mpi_mod_raw_fix_quasi_reduction(X, &m);
ASSERT_COMPARE(X, bytes, res, bytes);
exit:
mbedtls_free(X);
mbedtls_free(res);
mbedtls_mpi_mod_modulus_free(&m);
mbedtls_free(N);
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_TEST_HOOKS */
void ecp_mod_setup(char *input_A, int id, int ctype, int iret)
{
int ret;
mbedtls_mpi_mod_modulus m;
mbedtls_mpi_mod_modulus_init(&m);
mbedtls_mpi_uint *p = NULL;
size_t p_limbs;
size_t bytes;
TEST_EQUAL(mbedtls_test_read_mpi_core(&p, &p_limbs, input_A), 0);
ret = mbedtls_ecp_modulus_setup(&m, id, ctype);
TEST_EQUAL(ret, iret);
if (ret == 0) {
/* Test for limb sizes */
TEST_EQUAL(m.limbs, p_limbs);
bytes = p_limbs * sizeof(mbedtls_mpi_uint);
/* Test for validity of moduli by the presence of Montgomery consts */
TEST_ASSERT(m.rep.mont.mm != 0);
TEST_ASSERT(m.rep.mont.rr != NULL);
/* Compare output byte-by-byte */
ASSERT_COMPARE(p, bytes, m.p, bytes);
/* Test for user free-ing allocated memory */
mbedtls_mpi_mod_modulus_free(&m);
}
exit:
mbedtls_mpi_mod_modulus_free(&m);
mbedtls_free(p);
}
/* END_CASE */

30
tests/suites/test_suite_oid.data
View File

@ -89,3 +89,33 @@ oid_get_md_alg_id:"2b24030201":MBEDTLS_MD_RIPEMD160
OID hash id - invalid oid
oid_get_md_alg_id:"2B864886f70d0204":-1
OID get numeric string - hardware module name
oid_get_numeric_string:"2B06010505070804":0:"1.3.6.1.5.5.7.8.4"
OID get numeric string - multi-byte subidentifier
oid_get_numeric_string:"29903C":0:"1.1.2108"
OID get numeric string - second component greater than 39
oid_get_numeric_string:"81010000863A00":0:"2.49.0.0.826.0"
OID get numeric string - multi-byte first subidentifier
oid_get_numeric_string:"8837":0:"2.999"
OID get numeric string - empty oid buffer
oid_get_numeric_string:"":MBEDTLS_ERR_ASN1_OUT_OF_DATA:""
OID get numeric string - no final / all bytes have top bit set
oid_get_numeric_string:"818181":MBEDTLS_ERR_ASN1_OUT_OF_DATA:""
# Encodes the number 0x0400000000 as a subidentifier which overflows 32-bits
OID get numeric string - 32-bit overflow
oid_get_numeric_string:"C080808000":MBEDTLS_ERR_ASN1_INVALID_DATA:""
OID get numeric string - 32-bit overflow, second subidentifier
oid_get_numeric_string:"2BC080808000":MBEDTLS_ERR_ASN1_INVALID_DATA:""
OID get numeric string - overlong encoding
oid_get_numeric_string:"8001":MBEDTLS_ERR_ASN1_INVALID_DATA:""
OID get numeric string - overlong encoding, second subidentifier
oid_get_numeric_string:"2B8001":MBEDTLS_ERR_ASN1_INVALID_DATA:""

21
tests/suites/test_suite_oid.function
View File

@ -96,3 +96,24 @@ void oid_get_md_alg_id(data_t *oid, int exp_md_id)
}
}
/* END_CASE */
/* BEGIN_CASE */
void oid_get_numeric_string(data_t *oid, int error_ret, char *result_str)
{
char buf[256];
mbedtls_asn1_buf input_oid = { 0, 0, NULL };
int ret;
input_oid.tag = MBEDTLS_ASN1_OID;
input_oid.p = oid->x;
input_oid.len = oid->len;
ret = mbedtls_oid_get_numeric_string(buf, sizeof(buf), &input_oid);
if (error_ret == 0) {
TEST_ASSERT(strcmp(buf, result_str) == 0);
} else {
TEST_EQUAL(ret, error_ret);
}
}
/* END_CASE */

2
tests/suites/test_suite_pk.data
View File

@ -618,7 +618,7 @@ depends_on:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_DP_BP512R1_ENABLED
pk_psa_sign:MBEDTLS_ECP_DP_BP512R1:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_BRAINPOOL_P_R1):512
PSA wrapped sign: RSA PKCS1 v1.5
depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_GENPRIME
depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_GENPRIME:MBEDTLS_PK_WRITE_C
pk_psa_sign:1024:PSA_KEY_TYPE_RSA_KEY_PAIR:1024
PK Sign ext:RSA2048,PK_RSA,MD_SHA256

39
tests/suites/test_suite_pk.function
View File

@ -1238,12 +1238,22 @@ void pk_psa_sign(int parameter_arg,
}
/* Export underlying public key for re-importing in a legacy context. */
#if defined(MBEDTLS_PK_WRITE_C)
ret = mbedtls_pk_write_pubkey_der(&pk, pkey_legacy,
sizeof(pkey_legacy));
TEST_ASSERT(ret >= 0);
klen_legacy = (size_t) ret;
/* mbedtls_pk_write_pubkey_der() writes backwards in the data buffer. */
pkey_legacy_start = pkey_legacy + sizeof(pkey_legacy) - klen_legacy;
#else
ret = mbedtls_ecp_point_write_binary(&(mbedtls_pk_ec(pk)->grp),
&(mbedtls_pk_ec(pk)->Q),
MBEDTLS_ECP_PF_UNCOMPRESSED,
&klen_legacy, pkey_legacy,
sizeof(pkey_legacy));
TEST_EQUAL(ret, 0);
pkey_legacy_start = pkey_legacy;
#endif /* MBEDTLS_PK_WRITE_C */
/* Turn PK context into an opaque one. */
TEST_ASSERT(mbedtls_pk_wrap_as_opaque(&pk, &key_id, alg_psa,
@ -1264,12 +1274,21 @@ void pk_psa_sign(int parameter_arg,
NULL, NULL) == 0);
/* Export underlying public key for re-importing in a psa context. */
#if defined(MBEDTLS_PK_WRITE_C)
ret = mbedtls_pk_write_pubkey_der(&pk, pkey_psa,
sizeof(pkey_psa));
TEST_ASSERT(ret >= 0);
klen_psa = (size_t) ret;
/* mbedtls_pk_write_pubkey_der() writes backwards in the data buffer. */
pkey_psa_start = pkey_psa + sizeof(pkey_psa) - klen_psa;
#else
psa_status_t status;
status = psa_export_public_key(key_id, pkey_psa, sizeof(pkey_psa),
&klen_psa);
TEST_EQUAL(status, PSA_SUCCESS);
pkey_psa_start = pkey_psa;
#endif /* MBEDTLS_PK_WRITE_C */
TEST_ASSERT(klen_psa == klen_legacy);
TEST_ASSERT(memcmp(pkey_psa_start, pkey_legacy_start, klen_psa) == 0);
@ -1278,8 +1297,24 @@ void pk_psa_sign(int parameter_arg,
TEST_ASSERT(PSA_SUCCESS == psa_destroy_key(key_id));
mbedtls_pk_init(&pk);
TEST_ASSERT(mbedtls_pk_parse_public_key(&pk, pkey_legacy_start,
klen_legacy) == 0);
/* If we used "pk_write" previously, then we go for a "pk_parse" here;
* otherwise if we went for "ecp_point_write_binary" then we'll go
* for a "ecp_point_read_binary" here. This allows to drop dependencies
* on "PK_WRITE" and "PK_PARSE" if required */
#if defined(MBEDTLS_PK_WRITE_C) && defined(MBEDTLS_PK_PARSE_C)
TEST_EQUAL(mbedtls_pk_parse_public_key(&pk, pkey_legacy_start,
klen_legacy), 0);
#else
TEST_EQUAL(mbedtls_pk_setup(&pk,
mbedtls_pk_info_from_type(MBEDTLS_PK_ECKEY)), 0);
TEST_EQUAL(mbedtls_ecp_group_load(
&(mbedtls_pk_ec(pk)->grp),
(mbedtls_ecp_group_id) parameter_arg), 0);
TEST_EQUAL(mbedtls_ecp_point_read_binary(&(mbedtls_pk_ec(pk)->grp),
&(mbedtls_pk_ec(pk)->Q),
pkey_legacy_start, klen_legacy), 0);
#endif
TEST_ASSERT(mbedtls_pk_verify(&pk, MBEDTLS_MD_SHA256,
hash, sizeof(hash), sig, sig_len) == 0);

20
tests/suites/test_suite_pkcs7.data
View File

@ -38,6 +38,14 @@ PKCS7 Signed Data Parse Fail Encrypted Content #8
depends_on:MBEDTLS_SHA256_C
pkcs7_parse:"data_files/pkcs7_data_cert_encrypted.der":MBEDTLS_ERR_PKCS7_FEATURE_UNAVAILABLE
PKCS7 Signed Data Verification Pass zero-len data
depends_on:MBEDTLS_SHA1_C:MBEDTLS_SHA256_C
pkcs7_verify:"data_files/pkcs7_zerolendata_detached.der":"data_files/pkcs7-rsa-sha256-1.der":"data_files/pkcs7_zerolendata.bin":0:0
PKCS7 Signed Data Verification Fail zero-len data
depends_on:MBEDTLS_SHA1_C:MBEDTLS_SHA256_C
pkcs7_verify:"data_files/pkcs7_zerolendata_detached.der":"data_files/pkcs7-rsa-sha256-2.der":"data_files/pkcs7_zerolendata.bin":0:MBEDTLS_ERR_RSA_VERIFY_FAILED
PKCS7 Signed Data Verification Pass SHA256 #9
depends_on:MBEDTLS_SHA256_C
pkcs7_verify:"data_files/pkcs7_data_cert_signed_sha256.der":"data_files/pkcs7-rsa-sha256-1.der":"data_files/pkcs7_data.bin":0:0
@ -70,13 +78,13 @@ PKCS7 Signed Data Parse Failure Corrupt signerInfo.serial #15.2
depends_on:MBEDTLS_SHA256_C
pkcs7_parse:"data_files/pkcs7_signerInfo_serial_invalid_size.der":MBEDTLS_ERR_PKCS7_INVALID_SIGNER_INFO
pkcs7_get_signers_info_set error handling (6213931373035520)
depends_on:MBEDTLS_RIPEMD160_C
pkcs7_parse:"data_files/pkcs7_get_signers_info_set-missing_free-fuzz_pkcs7-6213931373035520.der":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PKCS7_INVALID_CONTENT_INFO, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG)
PKCS7 Signed Data Parse Fail Corrupt signerInfos[2] (6213931373035520)
depends_on:MBEDTLS_SHA256_C
pkcs7_parse:"data_files/pkcs7_signerInfo_2_invalid_tag.der":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PKCS7_INVALID_SIGNER_INFO, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG)
pkcs7_get_signers_info_set error handling (4541044530479104)
depends_on:MBEDTLS_RIPEMD160_C
pkcs7_parse:"data_files/pkcs7_get_signers_info_set-leak-fuzz_pkcs7-4541044530479104.der": MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PKCS7_INVALID_CONTENT_INFO, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG)
PKCS7 Signed Data Parse Fail Corrupt signerInfos[1].issuerAndSerialNumber.serialNumber, after multi-element .name (4541044530479104)
depends_on:MBEDTLS_SHA256_C
pkcs7_parse:"data_files/pkcs7_signerInfo_1_serial_invalid_tag_after_long_name.der":MBEDTLS_ERR_PKCS7_INVALID_SIGNER_INFO
PKCS7 Only Signed Data Parse Pass #15
depends_on:MBEDTLS_SHA256_C:MBEDTLS_RSA_C

3
tests/suites/test_suite_pkcs7.function
View File

@ -125,7 +125,8 @@ void pkcs7_verify(char *pkcs7_file,
TEST_ASSERT(file != NULL);
datalen = st.st_size;
ASSERT_ALLOC(data, datalen);
/* Special-case for zero-length input so that data will be non-NULL */
ASSERT_ALLOC(data, datalen == 0 ? 1 : datalen);
buflen = fread((void *) data, sizeof(unsigned char), datalen, file);
TEST_EQUAL(buflen, datalen);

170
tests/suites/test_suite_psa_crypto.data
View File

@ -4145,6 +4145,30 @@ PSA sign hash: deterministic ECDSA SECP384R1 SHA-256
depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_384
sign_hash_deterministic:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"3f5d8d9be280b5696cc5cc9f94cf8af7e6b61dd6592b2ab2b3a4c607450417ec327dcdcaed7c10053d719a0574f0a76a":PSA_ALG_DETERMINISTIC_ECDSA( PSA_ALG_SHA_256 ):"2cf24dba5fb0a30e26e83b2ac5b9e29e1b161e5c1fa7425e73043362938b9824":"52d92aac1fcc0fea3ecce01a9ed4bc9ac342f92470fd3f54d0d6d2fa5d2940405057a9d49a817c2b193322f05fc93ac1c7a055edac93bec0ade6814ab27b86b5295ac1ddb323818200f00c3d94d959f714f128b64a2e19628037ac009b14774f"
PSA sign hash int (ops=inf): det ECDSA SECP256R1 SHA-256
depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256
sign_hash_interruptible:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_SHA_256):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"6a3399f69421ffe1490377adf2ea1f117d81a63cf5bf22e918d51175eb259151ce95d7c26cc04e25503e2f7a1ec3573e3c2412534bb4a19b3a7811742f49f50f":PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED
PSA sign hash int (ops=min): det ECDSA SECP256R1 SHA-256
depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256
sign_hash_interruptible:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_SHA_256):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"6a3399f69421ffe1490377adf2ea1f117d81a63cf5bf22e918d51175eb259151ce95d7c26cc04e25503e2f7a1ec3573e3c2412534bb4a19b3a7811742f49f50f":0
PSA sign hash int (ops=inf) det ECDSA SECP256R1 SHA-384
depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_PSA_BUILTIN_ALG_SHA_384
sign_hash_interruptible:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_SHA_384):"59e1748777448c69de6b800d7a33bbfb9ff1b463e44354c3553bcdb9c666fa90125a3c79f90397bdf5f6a13de828684f":"cd40ba1b555ca5994d30ddffc4ad734b1f5c604675b0f249814aa5de3992ef3ddf4d5dc5d2aab1979ce210b560754df671363d99795475882894c048e3b986ca":PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED
PSA sign hash int (ops=min): det ECDSA SECP256R1 SHA-384
depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_PSA_BUILTIN_ALG_SHA_384
sign_hash_interruptible:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_SHA_384):"59e1748777448c69de6b800d7a33bbfb9ff1b463e44354c3553bcdb9c666fa90125a3c79f90397bdf5f6a13de828684f":"cd40ba1b555ca5994d30ddffc4ad734b1f5c604675b0f249814aa5de3992ef3ddf4d5dc5d2aab1979ce210b560754df671363d99795475882894c048e3b986ca":0
PSA sign hash int (ops=inf): det ECDSA SECP384R1 SHA-256
depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_384
sign_hash_interruptible:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"3f5d8d9be280b5696cc5cc9f94cf8af7e6b61dd6592b2ab2b3a4c607450417ec327dcdcaed7c10053d719a0574f0a76a":PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_SHA_256):"2cf24dba5fb0a30e26e83b2ac5b9e29e1b161e5c1fa7425e73043362938b9824":"52d92aac1fcc0fea3ecce01a9ed4bc9ac342f92470fd3f54d0d6d2fa5d2940405057a9d49a817c2b193322f05fc93ac1c7a055edac93bec0ade6814ab27b86b5295ac1ddb323818200f00c3d94d959f714f128b64a2e19628037ac009b14774f":PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED
PSA sign hash int (ops=min): det ECDSA SECP384R1 SHA-256
depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_384
sign_hash_interruptible:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"3f5d8d9be280b5696cc5cc9f94cf8af7e6b61dd6592b2ab2b3a4c607450417ec327dcdcaed7c10053d719a0574f0a76a":PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_SHA_256):"2cf24dba5fb0a30e26e83b2ac5b9e29e1b161e5c1fa7425e73043362938b9824":"52d92aac1fcc0fea3ecce01a9ed4bc9ac342f92470fd3f54d0d6d2fa5d2940405057a9d49a817c2b193322f05fc93ac1c7a055edac93bec0ade6814ab27b86b5295ac1ddb323818200f00c3d94d959f714f128b64a2e19628037ac009b14774f":0
PSA sign hash: RSA PKCS#1 v1.5 SHA-256, wrong hash size
depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C
sign_hash_fail:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015":128:PSA_ERROR_INVALID_ARGUMENT
@ -4206,9 +4230,53 @@ depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_P
sign_hash_fail:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":72:PSA_ERROR_INVALID_ARGUMENT
PSA sign hash: deterministic ECDSA not supported
depends_on:!PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED
depends_on:!PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_384
sign_hash_fail:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"3f5d8d9be280b5696cc5cc9f94cf8af7e6b61dd6592b2ab2b3a4c607450417ec327dcdcaed7c10053d719a0574f0a76a":PSA_ALG_DETERMINISTIC_ECDSA( PSA_ALG_SHA_256 ):"2cf24dba5fb0a30e26e83b2ac5b9e29e1b161e5c1fa7425e73043362938b9824":96:PSA_ERROR_NOT_SUPPORTED
PSA sign hash int (ops=inf): det ECDSA SECP256R1 SHA-256, out buf too small
depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256
sign_hash_fail_interruptible:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_DETERMINISTIC_ECDSA( PSA_ALG_SHA_256 ):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":63:PSA_SUCCESS:PSA_ERROR_BUFFER_TOO_SMALL:PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED
PSA sign hash int (ops=min): det ECDSA SECP256R1 SHA-256, out buf too small
depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256
sign_hash_fail_interruptible:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_DETERMINISTIC_ECDSA( PSA_ALG_SHA_256 ):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":63:PSA_SUCCESS:PSA_ERROR_BUFFER_TOO_SMALL:0
PSA sign hash int (ops=inf): det ECDSA SECP256R1 SHA-256, empty out buf
depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256
sign_hash_fail_interruptible:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_DETERMINISTIC_ECDSA( PSA_ALG_SHA_256 ):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":0:PSA_SUCCESS:PSA_ERROR_BUFFER_TOO_SMALL:PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED
PSA sign hash int (ops=min): det ECDSA SECP256R1 SHA-256, empty out buf
depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256
sign_hash_fail_interruptible:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_DETERMINISTIC_ECDSA( PSA_ALG_SHA_256 ):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":0:PSA_SUCCESS:PSA_ERROR_BUFFER_TOO_SMALL:0
PSA sign hash int (ops=inf): det ECDSA SECP256R1, invld hash alg (0)
depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256
sign_hash_fail_interruptible:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_DETERMINISTIC_ECDSA( 0 ):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":72:PSA_SUCCESS:PSA_ERROR_INVALID_ARGUMENT:PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED
PSA sign hash int (ops=min): det ECDSA SECP256R1, invld hash alg (0)
depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256
sign_hash_fail_interruptible:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_DETERMINISTIC_ECDSA( 0 ):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":72:PSA_SUCCESS:PSA_ERROR_INVALID_ARGUMENT:0
PSA sign hash int: det ECDSA SECP256R1, invld hash alg (wildcard)
depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256
sign_hash_fail_interruptible:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_DETERMINISTIC_ECDSA( PSA_ALG_ANY_HASH ):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":72:PSA_ERROR_INVALID_ARGUMENT:PSA_ERROR_BAD_STATE:PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED
PSA sign hash int: invld alg for ECC key
depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_PK_PARSE_C
sign_hash_fail_interruptible:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":72:PSA_ERROR_NOT_SUPPORTED:PSA_ERROR_BAD_STATE:PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED
PSA sign hash int: ECDSA not supported
depends_on:!PSA_WANT_ALG_DETERMINISTIC_ECDSA:!PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_384
sign_hash_fail_interruptible:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"3f5d8d9be280b5696cc5cc9f94cf8af7e6b61dd6592b2ab2b3a4c607450417ec327dcdcaed7c10053d719a0574f0a76a":PSA_ALG_DETERMINISTIC_ECDSA( PSA_ALG_SHA_256 ):"2cf24dba5fb0a30e26e83b2ac5b9e29e1b161e5c1fa7425e73043362938b9824":96:PSA_ERROR_NOT_SUPPORTED:PSA_ERROR_BAD_STATE:PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED
PSA sign hash int (ops=inf): det ECDSA not supported
depends_on:!PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_384
sign_hash_fail_interruptible:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"3f5d8d9be280b5696cc5cc9f94cf8af7e6b61dd6592b2ab2b3a4c607450417ec327dcdcaed7c10053d719a0574f0a76a":PSA_ALG_DETERMINISTIC_ECDSA( PSA_ALG_SHA_256 ):"2cf24dba5fb0a30e26e83b2ac5b9e29e1b161e5c1fa7425e73043362938b9824":96:PSA_SUCCESS:PSA_ERROR_NOT_SUPPORTED:PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED
PSA sign hash int (ops=min): det ECDSA not supported
depends_on:!PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_384
sign_hash_fail_interruptible:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"3f5d8d9be280b5696cc5cc9f94cf8af7e6b61dd6592b2ab2b3a4c607450417ec327dcdcaed7c10053d719a0574f0a76a":PSA_ALG_DETERMINISTIC_ECDSA( PSA_ALG_SHA_256 ):"2cf24dba5fb0a30e26e83b2ac5b9e29e1b161e5c1fa7425e73043362938b9824":96:PSA_SUCCESS:PSA_ERROR_NOT_SUPPORTED:0
PSA sign/verify hash: RSA PKCS#1 v1.5, raw
depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C
sign_verify_hash:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_PKCS1V15_SIGN_RAW:"616263"
@ -4249,6 +4317,54 @@ PSA sign/verify hash: deterministic ECDSA SECP384R1 SHA-256
depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_384
sign_verify_hash:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"3f5d8d9be280b5696cc5cc9f94cf8af7e6b61dd6592b2ab2b3a4c607450417ec327dcdcaed7c10053d719a0574f0a76a":PSA_ALG_DETERMINISTIC_ECDSA( PSA_ALG_SHA_256 ):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b"
PSA sign/vrfy hash int (ops=inf): rand ECDSA SECP256R1 SHA-256
depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256
sign_verify_hash_interruptible:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_ECDSA(PSA_ALG_SHA_256):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED
PSA sign/vrfy hash int (ops=min): rand ECDSA SECP256R1 SHA-256
depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256
sign_verify_hash_interruptible:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_ECDSA(PSA_ALG_SHA_256):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":0
PSA sign/vrfy hash int (ops=inf): det ECDSA SECP256R1 SHA-256
depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256
sign_verify_hash_interruptible:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_SHA_256):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED
PSA sign/vrfy hash int (ops=min): det ECDSA SECP256R1 SHA-256
depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256
sign_verify_hash_interruptible:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_SHA_256):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":0
PSA sign/vrfy hash int (ops=inf): rand ECDSA SECP256R1 SHA-384
depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA
sign_verify_hash_interruptible:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_ECDSA(PSA_ALG_SHA_384):"59e1748777448c69de6b800d7a33bbfb9ff1b463e44354c3553bcdb9c666fa90125a3c79f90397bdf5f6a13de828684f":PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED
PSA sign/vrfy hash int (ops=min): rand ECDSA SECP256R1 SHA-384
depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA
sign_verify_hash_interruptible:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_ECDSA(PSA_ALG_SHA_384):"59e1748777448c69de6b800d7a33bbfb9ff1b463e44354c3553bcdb9c666fa90125a3c79f90397bdf5f6a13de828684f":0
PSA sign/vrfy hash int (ops=inf): det ECDSA SECP256R1 SHA-384
depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA
sign_verify_hash_interruptible:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_SHA_384):"59e1748777448c69de6b800d7a33bbfb9ff1b463e44354c3553bcdb9c666fa90125a3c79f90397bdf5f6a13de828684f":PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED
PSA sign/vrfy hash int (ops=min): det ECDSA SECP256R1 SHA-384
depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA
sign_verify_hash_interruptible:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_SHA_384):"59e1748777448c69de6b800d7a33bbfb9ff1b463e44354c3553bcdb9c666fa90125a3c79f90397bdf5f6a13de828684f":0
PSA sign/vrfy hash int (ops=inf): rand ECDSA SECP384R1 SHA-256
depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_384
sign_verify_hash_interruptible:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"3f5d8d9be280b5696cc5cc9f94cf8af7e6b61dd6592b2ab2b3a4c607450417ec327dcdcaed7c10053d719a0574f0a76a":PSA_ALG_ECDSA(PSA_ALG_SHA_256):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED
PSA sign/vrfy hash int (ops=min): rand ECDSA SECP384R1 SHA-256
depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_384
sign_verify_hash_interruptible:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"3f5d8d9be280b5696cc5cc9f94cf8af7e6b61dd6592b2ab2b3a4c607450417ec327dcdcaed7c10053d719a0574f0a76a":PSA_ALG_ECDSA(PSA_ALG_SHA_256):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":0
PSA sign/vrfy hash int (ops=inf): det ECDSA SECP384R1 SHA-256
depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_384
sign_verify_hash_interruptible:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"3f5d8d9be280b5696cc5cc9f94cf8af7e6b61dd6592b2ab2b3a4c607450417ec327dcdcaed7c10053d719a0574f0a76a":PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_SHA_256):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED
PSA sign/vrfy hash int (ops=min): det ECDSA SECP384R1 SHA-256
depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_384
sign_verify_hash_interruptible:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"3f5d8d9be280b5696cc5cc9f94cf8af7e6b61dd6592b2ab2b3a4c607450417ec327dcdcaed7c10053d719a0574f0a76a":PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_SHA_256):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":0
PSA verify hash: RSA PKCS#1 v1.5 SHA-256, good signature
depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C
verify_hash:PSA_KEY_TYPE_RSA_PUBLIC_KEY:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad":"a73664d55b39c7ea6c1e5b5011724a11e1d7073d3a68f48c836fad153a1d91b6abdbc8f69da13b206cc96af6363b114458b026af14b24fab8929ed634c6a2acace0bcc62d9bb6a984afbcbfcd3a0608d32a2bae535b9cd1ecdf9dd281db1e0025c3bfb5512963ec3b98ddaa69e38bc3c84b1b61a04e5648640856aacc6fc7311"
@ -4369,6 +4485,14 @@ PSA verify hash with keypair: ECDSA SECP256R1, good
depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256
verify_hash:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_ECDSA_ANY:"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"6a3399f69421ffe1490377adf2ea1f117d81a63cf5bf22e918d51175eb259151ce95d7c26cc04e25503e2f7a1ec3573e3c2412534bb4a19b3a7811742f49f50f"
PSA vrfy hash int: ECDSA SECP256R1, good
depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256
verify_hash_interruptible:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1):"04dea5e45d0ea37fc566232a508f4ad20ea13d47e4bf5fa4d54a57a0ba012042087097496efc583fed8b24a5b9be9a51de063f5a00a8b698a16fd7f29b5485f320":PSA_ALG_ECDSA_ANY:"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"6a3399f69421ffe1490377adf2ea1f117d81a63cf5bf22e918d51175eb259151ce95d7c26cc04e25503e2f7a1ec3573e3c2412534bb4a19b3a7811742f49f50f":PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED
PSA vrfy hash int w/keypair: ECDSA SECP256R1, good
depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256
verify_hash_interruptible:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_ECDSA_ANY:"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"6a3399f69421ffe1490377adf2ea1f117d81a63cf5bf22e918d51175eb259151ce95d7c26cc04e25503e2f7a1ec3573e3c2412534bb4a19b3a7811742f49f50f":PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED
PSA verify hash: ECDSA SECP256R1, wrong signature size (correct but ASN1-encoded)
depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256
verify_hash_fail:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1):"04dea5e45d0ea37fc566232a508f4ad20ea13d47e4bf5fa4d54a57a0ba012042087097496efc583fed8b24a5b9be9a51de063f5a00a8b698a16fd7f29b5485f320":PSA_ALG_ECDSA_ANY:"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"304502206a3399f69421ffe1490377adf2ea1f117d81a63cf5bf22e918d51175eb259151022100ce95d7c26cc04e25503e2f7a1ec3573e3c2412534bb4a19b3a7811742f49f50f":PSA_ERROR_INVALID_SIGNATURE
@ -4397,6 +4521,50 @@ PSA verify hash: invalid algorithm for ECC key
depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256
verify_hash_fail:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):"":"":PSA_ERROR_INVALID_ARGUMENT
PSA vrfy hash int: ECDSA SECP256R1, wrong sig size (correct but ASN1-encoded)
depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256
verify_hash_fail_interruptible:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1):"04dea5e45d0ea37fc566232a508f4ad20ea13d47e4bf5fa4d54a57a0ba012042087097496efc583fed8b24a5b9be9a51de063f5a00a8b698a16fd7f29b5485f320":PSA_ALG_ECDSA_ANY:"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"304502206a3399f69421ffe1490377adf2ea1f117d81a63cf5bf22e918d51175eb259151022100ce95d7c26cc04e25503e2f7a1ec3573e3c2412534bb4a19b3a7811742f49f50f":PSA_ERROR_INVALID_SIGNATURE:PSA_ERROR_BAD_STATE:PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED
PSA vrfy hash int (ops=inf): ECDSA SECP256R1, wrong sig of correct size
depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256
verify_hash_fail_interruptible:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1):"04dea5e45d0ea37fc566232a508f4ad20ea13d47e4bf5fa4d54a57a0ba012042087097496efc583fed8b24a5b9be9a51de063f5a00a8b698a16fd7f29b5485f320":PSA_ALG_ECDSA_ANY:"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"6a3399f69421ffe1490377adf2ea1f117d81a63cf5bf22e918d51175eb259151ce95d7c26cc04e25503e2f7a1ec3573e3c2412534bb4a19b3a7811742f49f50e":PSA_SUCCESS:PSA_ERROR_INVALID_SIGNATURE:PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED
PSA vrfy hash int (ops=min): ECDSA SECP256R1, wrong sig of correct size
depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256
verify_hash_fail_interruptible:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1):"04dea5e45d0ea37fc566232a508f4ad20ea13d47e4bf5fa4d54a57a0ba012042087097496efc583fed8b24a5b9be9a51de063f5a00a8b698a16fd7f29b5485f320":PSA_ALG_ECDSA_ANY:"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"6a3399f69421ffe1490377adf2ea1f117d81a63cf5bf22e918d51175eb259151ce95d7c26cc04e25503e2f7a1ec3573e3c2412534bb4a19b3a7811742f49f50e":PSA_SUCCESS:PSA_ERROR_INVALID_SIGNATURE:0
PSA vrfy hash int: ECDSA SECP256R1, wrong sig (empty)
depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256
verify_hash_fail_interruptible:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1):"04dea5e45d0ea37fc566232a508f4ad20ea13d47e4bf5fa4d54a57a0ba012042087097496efc583fed8b24a5b9be9a51de063f5a00a8b698a16fd7f29b5485f320":PSA_ALG_ECDSA_ANY:"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"":PSA_ERROR_INVALID_SIGNATURE:PSA_ERROR_BAD_STATE:PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED
PSA vrfy hash int: ECDSA SECP256R1, wrong sig (truncated)
depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256
verify_hash_fail_interruptible:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1):"04dea5e45d0ea37fc566232a508f4ad20ea13d47e4bf5fa4d54a57a0ba012042087097496efc583fed8b24a5b9be9a51de063f5a00a8b698a16fd7f29b5485f320":PSA_ALG_ECDSA_ANY:"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"6a3399f69421ffe1490377adf2ea1f117d81a63cf5bf22e918d51175eb259151ce95d7c26cc04e25503e2f7a1ec3573e3c2412534bb4a19b3a7811742f49f5":PSA_ERROR_INVALID_SIGNATURE:PSA_ERROR_BAD_STATE:PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED
PSA vrfy hash int: ECDSA SECP256R1, wrong sig (trailing junk)
depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256
verify_hash_fail_interruptible:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1):"04dea5e45d0ea37fc566232a508f4ad20ea13d47e4bf5fa4d54a57a0ba012042087097496efc583fed8b24a5b9be9a51de063f5a00a8b698a16fd7f29b5485f320":PSA_ALG_ECDSA_ANY:"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"6a3399f69421ffe1490377adf2ea1f117d81a63cf5bf22e918d51175eb259151ce95d7c26cc04e25503e2f7a1ec3573e3c2412534bb4a19b3a7811742f49f50f21":PSA_ERROR_INVALID_SIGNATURE:PSA_ERROR_BAD_STATE:PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED
PSA vrfy hash int: ECDSA SECP256R1, wrong sig (leading junk)
depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256
verify_hash_fail_interruptible:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1):"04dea5e45d0ea37fc566232a508f4ad20ea13d47e4bf5fa4d54a57a0ba012042087097496efc583fed8b24a5b9be9a51de063f5a00a8b698a16fd7f29b5485f320":PSA_ALG_ECDSA_ANY:"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"216a3399f69421ffe1490377adf2ea1f117d81a63cf5bf22e918d51175eb259151ce95d7c26cc04e25503e2f7a1ec3573e3c2412534bb4a19b3a7811742f49f50f":PSA_ERROR_INVALID_SIGNATURE:PSA_ERROR_BAD_STATE:PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED
PSA vrfy hash int: invld alg for ECC key
depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256
verify_hash_fail_interruptible:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):"":"":PSA_ERROR_NOT_SUPPORTED:PSA_ERROR_BAD_STATE:PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED
PSA sign/vrfy hash int state test: randomized ECDSA SECP256R1 SHA-256
depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256
interruptible_signverify_hash_state_test:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_ECDSA(PSA_ALG_SHA_256):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b"
PSA sign/vrfy hash int edge case tests: randomized ECDSA SECP256R1 SHA-256
depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256
interruptible_signverify_hash_edgecase_tests:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_ECDSA(PSA_ALG_SHA_256):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b"
PSA sign/vrfy hash int ops tests: randomized ECDSA SECP256R1 SHA-256
depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256
interruptible_signverify_hash_ops_tests:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_ECDSA(PSA_ALG_SHA_256):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b"
PSA sign message: RSA PKCS#1 v1.5 SHA-256
depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C
sign_message_deterministic:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):"616263":"a73664d55b39c7ea6c1e5b5011724a11e1d7073d3a68f48c836fad153a1d91b6abdbc8f69da13b206cc96af6363b114458b026af14b24fab8929ed634c6a2acace0bcc62d9bb6a984afbcbfcd3a0608d32a2bae535b9cd1ecdf9dd281db1e0025c3bfb5512963ec3b98ddaa69e38bc3c84b1b61a04e5648640856aacc6fc7311"

1226
tests/suites/test_suite_psa_crypto.function
View File

File diff suppressed because it is too large Load Diff

21
tests/suites/test_suite_psa_crypto_op_fail.function
View File

@ -221,6 +221,13 @@ void sign_fail(int key_type_arg, data_t *key_data,
uint8_t input[1] = { 'A' };
uint8_t output[PSA_SIGNATURE_MAX_SIZE] = { 0 };
size_t length = SIZE_MAX;
psa_sign_hash_interruptible_operation_t sign_operation =
psa_sign_hash_interruptible_operation_init();
psa_verify_hash_interruptible_operation_t verify_operation =
psa_verify_hash_interruptible_operation_init();
PSA_INIT();
@ -237,6 +244,13 @@ void sign_fail(int key_type_arg, data_t *key_data,
psa_sign_hash(key_id, alg,
input, sizeof(input),
output, sizeof(output), &length));
TEST_STATUS(expected_status,
psa_sign_hash_start(&sign_operation, key_id, alg,
input, sizeof(input)));
PSA_ASSERT(psa_sign_hash_abort(&sign_operation));
if (!private_only) {
/* Determine a plausible signature size to avoid an INVALID_SIGNATURE
* error based on this. */
@ -253,6 +267,13 @@ void sign_fail(int key_type_arg, data_t *key_data,
psa_verify_hash(key_id, alg,
input, sizeof(input),
output, output_length));
TEST_STATUS(expected_status,
psa_verify_hash_start(&verify_operation, key_id, alg,
input, sizeof(input),
output, output_length));
PSA_ASSERT(psa_verify_hash_abort(&verify_operation));
}
exit:

16
tests/suites/test_suite_x509parse.data
View File

@ -122,6 +122,14 @@ X509 CRT information, Subject Alt Name + Key Usage
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA_BASED_ON_USE_PSA
x509_cert_info:"data_files/cert_example_multi_nocn.crt":"cert. version \: 3\nserial number \: F7\:C6\:7F\:F8\:E9\:A9\:63\:F9\nissuer name \: C=NL\nsubject name \: C=NL\nissued on \: 2014-01-22 10\:04\:33\nexpires on \: 2024-01-22 10\:04\:33\nsigned using \: RSA with SHA1\nRSA key size \: 1024 bits\nbasic constraints \: CA=false\nsubject alt name \:\n dNSName \: www.shotokan-braunschweig.de\n dNSName \: www.massimo-abate.eu\n <unsupported>\n <unsupported>\nkey usage \: Digital Signature, Non Repudiation, Key Encipherment\n"
X509 CRT information, Subject Alt Name with uniformResourceIdentifier
depends_on:MBEDTLS_RSA_C:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA
x509_cert_info:"data_files/rsa_single_san_uri.crt.der":"cert. version \: 3\nserial number \: 6F\:75\:EB\:E9\:6D\:25\:BC\:88\:82\:62\:A3\:E0\:68\:A7\:37\:3B\:EC\:75\:8F\:9C\nissuer name \: C=UK, O=Mbed TLS, CN=Mbed TLS URI SAN\nsubject name \: C=UK, O=Mbed TLS, CN=Mbed TLS URI SAN\nissued on \: 2023-02-14 10\:38\:05\nexpires on \: 2043-02-09 10\:38\:05\nsigned using \: RSA with SHA-256\nRSA key size \: 2048 bits\nbasic constraints \: CA=false\nsubject alt name \:\n uniformResourceIdentifier \: urn\:example.com\:5ff40f78-9210-494f-8206-c2c082f0609c\nkey usage \: Digital Signature, Non Repudiation, Key Encipherment\n"
X509 CRT information, Subject Alt Name with two uniformResourceIdentifiers
depends_on:MBEDTLS_RSA_C:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA
x509_cert_info:"data_files/rsa_multiple_san_uri.crt.der":"cert. version \: 3\nserial number \: 08\:E2\:93\:18\:91\:26\:D8\:46\:88\:90\:10\:4F\:B5\:86\:CB\:C4\:78\:E6\:EA\:0D\nissuer name \: C=UK, O=Mbed TLS, CN=Mbed TLS URI SAN\nsubject name \: C=UK, O=Mbed TLS, CN=Mbed TLS URI SAN\nissued on \: 2023-02-14 10\:37\:50\nexpires on \: 2043-02-09 10\:37\:50\nsigned using \: RSA with SHA-256\nRSA key size \: 2048 bits\nbasic constraints \: CA=false\nsubject alt name \:\n uniformResourceIdentifier \: urn\:example.com\:5ff40f78-9210-494f-8206-c2c082f0609c\n uniformResourceIdentifier \: urn\:example.com\:5ff40f78-9210-494f-8206-abcde1234567\nkey usage \: Digital Signature, Non Repudiation, Key Encipherment\n"
X509 CRT information, RSA Certificate Policy any
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA
x509_cert_info:"data_files/test-ca-any_policy.crt":"cert. version \: 3\nserial number \: 00\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nissued on \: 2019-03-21 16\:40\:59\nexpires on \: 2029-03-21 16\:40\:59\nsigned using \: RSA with SHA-256\nRSA key size \: 2048 bits\nbasic constraints \: CA=true\ncertificate policies \: Any Policy\n"
@ -168,7 +176,7 @@ x509_cert_info:"data_files/server3.crt":"cert. version \: 3\nserial number
X509 CRT information Bitstring in subject name
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA_BASED_ON_USE_PSA
x509_cert_info:"data_files/bitstring-in-dn.pem":"cert. version \: 3\nserial number \: 02\nissuer name \: CN=Test CA 01, ST=Ecnivorp, C=XX, emailAddress=tca@example.com, O=Test CA Authority\nsubject name \: C=XX, O=tca, ST=Ecnivorp, OU=TCA, CN=Client, emailAddress=client@example.com, serialNumber=7101012255, uniqueIdentifier=?7101012255\nissued on \: 2015-03-11 12\:06\:51\nexpires on \: 2025-03-08 12\:06\:51\nsigned using \: RSA with SHA1\nRSA key size \: 2048 bits\nbasic constraints \: CA=false\nsubject alt name \:\n <unsupported>\next key usage \: TLS Web Client Authentication\n"
x509_cert_info:"data_files/bitstring-in-dn.pem":"cert. version \: 3\nserial number \: 02\nissuer name \: CN=Test CA 01, ST=Ecnivorp, C=XX, emailAddress=tca@example.com, O=Test CA Authority\nsubject name \: C=XX, O=tca, ST=Ecnivorp, OU=TCA, CN=Client, emailAddress=client@example.com, serialNumber=7101012255, uniqueIdentifier=?7101012255\nissued on \: 2015-03-11 12\:06\:51\nexpires on \: 2025-03-08 12\:06\:51\nsigned using \: RSA with SHA1\nRSA key size \: 2048 bits\nbasic constraints \: CA=false\nsubject alt name \:\n rfc822Name \: client@example.com\next key usage \: TLS Web Client Authentication\n"
X509 CRT information Non-ASCII string in issuer name and subject name
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA
@ -198,6 +206,10 @@ X509 SAN parsing, unsupported otherName name
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA
x509_parse_san:"data_files/server5-unsupported_othername.crt":""
X509 SAN parsing rfc822Name
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA
x509_parse_san:"data_files/test_cert_rfc822name.crt.der":"type \: 1\nrfc822Name \: my@other.address\ntype \: 1\nrfc822Name \: second@other.address\n"
X509 CRL information #1
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA_BASED_ON_USE_PSA:MBEDTLS_RSA_C:!MBEDTLS_X509_REMOVE_INFO
mbedtls_x509_crl_info:"data_files/crl_expired.pem":"CRL version \: 1\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2011-02-20 10\:24\:19\nnext update \: 2011-02-20 11\:24\:19\nRevoked certificates\:\nserial number\: 01 revocation date\: 2011-02-12 14\:44\:07\nserial number\: 03 revocation date\: 2011-02-12 14\:44\:07\nsigned using \: RSA with SHA1\n"
@ -2550,7 +2562,7 @@ X509 OID numstring #4 (larger number)
x509_oid_numstr:"2a864886f70d":"1.2.840.113549":15:14
X509 OID numstring #5 (arithmetic overflow)
x509_oid_numstr:"2a8648f9f8f7f6f5f4f3f2f1f001":"":100:MBEDTLS_ERR_OID_BUF_TOO_SMALL
x509_oid_numstr:"2a8648f9f8f7f6f5f4f3f2f1f001":"":100:MBEDTLS_ERR_ASN1_INVALID_DATA
X509 CRT keyUsage #1 (no extension, expected KU)
depends_on:MBEDTLS_RSA_C:MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA_BASED_ON_USE_PSA

13
tests/suites/test_suite_x509parse.function
View File

@ -279,7 +279,18 @@ int verify_parse_san(mbedtls_x509_subject_alternative_name *san,
*p++ = san->san.unstructured_name.p[i];
}
break;/* MBEDTLS_X509_SAN_DNS_NAME */
case (MBEDTLS_X509_SAN_RFC822_NAME):
ret = mbedtls_snprintf(p, n, "\nrfc822Name : ");
MBEDTLS_X509_SAFE_SNPRINTF;
if (san->san.unstructured_name.len >= n) {
*p = '\0';
return MBEDTLS_ERR_X509_BUFFER_TOO_SMALL;
}
n -= san->san.unstructured_name.len;
for (i = 0; i < san->san.unstructured_name.len; i++) {
*p++ = san->san.unstructured_name.p[i];
}
break;/* MBEDTLS_X509_SAN_RFC822_NAME */
default:
/*
* Should not happen.