From 725e3f1daa5d2d494fe553761dabbeeb0b9ee64e Mon Sep 17 00:00:00 2001
From: Valerio Setti <valerio.setti@nordicsemi.no>
Date: Fri, 28 Nov 2025 09:50:20 +0100
Subject: [PATCH] tests: x509parse: replace certificates using secp192 with
 those using secp256

This replacement is either:
- "server5-rsa-signed.crt": if a generic secp256r1 EC key is enough, i.e.
	any EC key is fine as it's not secp192 since this support is being
	removed from TF-PSA-Crypto.
- "server11-rsa-signed.crt": if an EC key which does not belong to "suite-b"
	is required. For this case "secp256r1" wouldn't be good, so we use
	a "secp256k1" key.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
---
 tests/suites/test_suite_x509parse.data | 16 ++++++++--------
 1 file changed, 8 insertions(+), 8 deletions(-)

diff --git a/tests/suites/test_suite_x509parse.data b/tests/suites/test_suite_x509parse.data
index e90f6b96fb..0ca27a9d68 100644
--- a/tests/suites/test_suite_x509parse.data
+++ b/tests/suites/test_suite_x509parse.data
@@ -179,8 +179,8 @@ depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256:PSA_HAVE_ALG_S
 x509_cert_info:"../framework/data_files/parse_input/server4.crt":"cert. version     \: 3\nserial number     \: 08\nissuer name       \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nsubject name      \: C=NL, O=PolarSSL, CN=localhost\nissued  on        \: 2013-09-24 15\:52\:04\nexpires on        \: 2023-09-22 15\:52\:04\nsigned using      \: ECDSA with SHA256\nRSA key size      \: 2048 bits\nbasic constraints \: CA=false\n"
 
 X509 CRT information EC signed by RSA
-depends_on:MBEDTLS_PEM_PARSE_C:PSA_HAVE_ALG_SOME_ECDSA:PSA_WANT_ECC_SECP_R1_192:PSA_WANT_ALG_SHA_1:MBEDTLS_RSA_C
-x509_cert_info:"../framework/data_files/parse_input/server3.crt":"cert. version     \: 3\nserial number     \: 0D\nissuer name       \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name      \: C=NL, O=PolarSSL, CN=localhost\nissued  on        \: 2013-08-09 09\:17\:03\nexpires on        \: 2023-08-07 09\:17\:03\nsigned using      \: RSA with SHA1\nEC key size       \: 192 bits\nbasic constraints \: CA=false\n"
+depends_on:MBEDTLS_PEM_PARSE_C:PSA_HAVE_ALG_SOME_ECDSA:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C
+x509_cert_info:"../framework/data_files/parse_input/server5-rsa-signed.crt":"cert. version     \: 3\nserial number     \: 0D\nissuer name       \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name      \: C=NL, O=PolarSSL, CN=localhost\nissued  on        \: 2025-12-01 10\:15\:30\nexpires on        \: 2035-12-01 10\:15\:30\nsigned using      \: RSA with SHA-256\nEC key size       \: 256 bits\nbasic constraints \: CA=false\n"
 
 X509 CRT information Bitstring in subject name
 depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_1
@@ -752,8 +752,8 @@ depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_1:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V1
 x509_verify:"../framework/data_files/cert_example_multi_nocn.crt":"../framework/data_files/test-ca.crt":"../framework/data_files/crl.pem":"www.example.net":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_CN_MISMATCH + MBEDTLS_X509_BADCERT_NOT_TRUSTED:"compat":"NULL"
 
 X509 CRT verification #32 (Valid, EC cert, RSA CA)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_WANT_ECC_SECP_R1_192:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:PSA_WANT_ALG_SHA_1
-x509_verify:"../framework/data_files/server3.crt":"../framework/data_files/test-ca.crt":"../framework/data_files/crl.pem":"NULL":0:0:"compat":"NULL"
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:PSA_WANT_ALG_SHA_1:PSA_WANT_ALG_SHA_256
+x509_verify:"../framework/data_files/server5-rsa-signed.crt":"../framework/data_files/test-ca.crt":"../framework/data_files/crl.pem":"NULL":0:0:"compat":"NULL"
 
 X509 CRT verification #33 (Valid, RSA cert, EC CA)
 depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_WANT_ALG_SHA_256:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:PSA_WANT_ECC_SECP_R1_384
@@ -1000,8 +1000,8 @@ depends_on:MBEDTLS_PEM_PARSE_C:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_WANT_ALG_SHA_256:PS
 x509_verify:"../framework/data_files/server5.crt":"../framework/data_files/test-ca2.crt":"../framework/data_files/crl-ec-sha256.pem":"globalhost":0:0:"":"verify_all"
 
 X509 CRT verification #93 (Suite B invalid, EC cert, RSA CA)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_WANT_ECC_SECP_R1_192:MBEDTLS_PKCS1_V15:PSA_WANT_ALG_SHA_1
-x509_verify:"../framework/data_files/server3.crt":"../framework/data_files/test-ca.crt":"../framework/data_files/crl.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_BAD_MD|MBEDTLS_X509_BADCERT_BAD_PK|MBEDTLS_X509_BADCERT_BAD_KEY|MBEDTLS_X509_BADCRL_BAD_MD|MBEDTLS_X509_BADCRL_BAD_PK:"suite_b":"NULL"
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_WANT_ECC_SECP_K1_256:MBEDTLS_PKCS1_V15:PSA_WANT_ALG_SHA_1
+x509_verify:"../framework/data_files/server11-rsa-signed.crt":"../framework/data_files/test-ca.crt":"../framework/data_files/crl.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_BAD_MD|MBEDTLS_X509_BADCERT_BAD_PK|MBEDTLS_X509_BADCERT_BAD_KEY|MBEDTLS_X509_BADCRL_BAD_MD|MBEDTLS_X509_BADCRL_BAD_PK:"suite_b":"NULL"
 
 X509 CRT verification #94 (Suite B invalid, RSA cert, EC CA)
 depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_WANT_ALG_SHA_256:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_PKCS1_V15:PSA_WANT_ECC_SECP_R1_384
@@ -2674,8 +2674,8 @@ depends_on:PSA_WANT_ALG_SHA_256:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_WANT_ECC_SECP_R1_2
 mbedtls_x509_crt_verify_chain:"../framework/data_files/dir4/cert92.crt":"../framework/data_files/dir4/cert91.crt":-1:MBEDTLS_ERR_X509_BAD_INPUT_DATA:"nonesuch":0
 
 X509 CRT verify chain #12 (suiteb profile, RSA root)
-depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_WANT_ECC_SECP_R1_192:PSA_WANT_ALG_SHA_1
-mbedtls_x509_crt_verify_chain:"../framework/data_files/server3.crt":"../framework/data_files/test-ca.crt":MBEDTLS_X509_BADCERT_BAD_MD|MBEDTLS_X509_BADCERT_BAD_PK|MBEDTLS_X509_BADCERT_BAD_KEY:MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:"suiteb":0
+depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_WANT_ECC_SECP_K1_256:PSA_WANT_ALG_SHA_1
+mbedtls_x509_crt_verify_chain:"../framework/data_files/server11-rsa-signed.crt":"../framework/data_files/test-ca.crt":MBEDTLS_X509_BADCERT_BAD_MD|MBEDTLS_X509_BADCERT_BAD_PK|MBEDTLS_X509_BADCERT_BAD_KEY:MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:"suiteb":0
 
 X509 CRT verify chain #13 (RSA only profile, EC root)
 depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_WANT_ECC_SECP_R1_384