From 3766a3225bc7303778416dde11acadc23b67a9aa Mon Sep 17 00:00:00 2001 From: Daan Timmer <8293597+daantimmer@users.noreply.github.com> Date: Wed, 18 Oct 2023 16:15:58 +0200 Subject: [PATCH 001/429] Use CMAKE_C_SIMULATE_ID when available to determine compiler Signed-off-by: Daan Timmer <8293597+daantimmer@users.noreply.github.com> --- CMakeLists.txt | 16 ++++++++++------ 1 file changed, 10 insertions(+), 6 deletions(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index cbe57486fc..7bc0cbb402 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -67,10 +67,16 @@ endif() option(DISABLE_PACKAGE_CONFIG_AND_INSTALL "Disable package configuration, target export and installation" ${MBEDTLS_AS_SUBPROJECT}) -string(REGEX MATCH "Clang" CMAKE_COMPILER_IS_CLANG "${CMAKE_C_COMPILER_ID}") -string(REGEX MATCH "GNU" CMAKE_COMPILER_IS_GNU "${CMAKE_C_COMPILER_ID}") -string(REGEX MATCH "IAR" CMAKE_COMPILER_IS_IAR "${CMAKE_C_COMPILER_ID}") -string(REGEX MATCH "MSVC" CMAKE_COMPILER_IS_MSVC "${CMAKE_C_COMPILER_ID}") +if (CMAKE_C_SIMULATE_ID) + set(COMPILER_ID ${CMAKE_C_SIMULATE_ID}) +else() + set(COMPILER_ID ${CMAKE_C_COMPILER_ID}) +endif(CMAKE_C_SIMULATE_ID) + +string(REGEX MATCH "Clang" CMAKE_COMPILER_IS_CLANG "${COMPILER_ID}") +string(REGEX MATCH "GNU" CMAKE_COMPILER_IS_GNU "${COMPILER_ID}") +string(REGEX MATCH "IAR" CMAKE_COMPILER_IS_IAR "${COMPILER_ID}") +string(REGEX MATCH "MSVC" CMAKE_COMPILER_IS_MSVC "${COMPILER_ID}") # the test suites currently have compile errors with MSVC if(CMAKE_COMPILER_IS_MSVC) @@ -173,8 +179,6 @@ function(get_name_without_last_ext dest_var full_name) set(${dest_var} ${no_ext_name} PARENT_SCOPE) endfunction(get_name_without_last_ext) -string(REGEX MATCH "Clang" CMAKE_COMPILER_IS_CLANG "${CMAKE_C_COMPILER_ID}") - include(CheckCCompilerFlag) set(CMAKE_C_EXTENSIONS OFF) From ac5b32b8944485bfb1a517d09a6e77f4181effb9 Mon Sep 17 00:00:00 2001 From: Ryan Everett Date: Wed, 15 Nov 2023 16:26:01 +0000 Subject: [PATCH 002/429] Fix error handling for secure element keys in `psa_start_key_creation` Signed-off-by: Ryan Everett --- library/psa_crypto.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index bbd6b24ed4..4beda81124 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -1841,6 +1841,9 @@ static psa_status_t psa_start_key_creation( status = psa_copy_key_material_into_slot( slot, (uint8_t *) (&slot_number), sizeof(slot_number)); + if (status != PSA_SUCCESS) { + return status; + } } if (*p_drv == NULL && method == PSA_KEY_CREATION_REGISTER) { From ca159a11024f898232a7a46e3bd7bfd688b73295 Mon Sep 17 00:00:00 2001 From: Ryan Everett Date: Wed, 15 Nov 2023 16:36:54 +0000 Subject: [PATCH 003/429] Add changelog Signed-off-by: Ryan Everett --- ChangeLog.d/fix-secure-element-key-creation.txt | 3 +++ 1 file changed, 3 insertions(+) create mode 100644 ChangeLog.d/fix-secure-element-key-creation.txt diff --git a/ChangeLog.d/fix-secure-element-key-creation.txt b/ChangeLog.d/fix-secure-element-key-creation.txt new file mode 100644 index 0000000000..12441ae83d --- /dev/null +++ b/ChangeLog.d/fix-secure-element-key-creation.txt @@ -0,0 +1,3 @@ +Bugfix + * Fix the error handling in psa_start_key_creation so that + out of memory issues are properly handled. Fixes #8537. From 460f457ecbdc1cf001c8c892193e06dac58974bb Mon Sep 17 00:00:00 2001 From: Ryan Everett Date: Thu, 16 Nov 2023 15:21:08 +0000 Subject: [PATCH 004/429] Rewrite changelog Signed-off-by: Ryan Everett --- ChangeLog.d/fix-secure-element-key-creation.txt | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/ChangeLog.d/fix-secure-element-key-creation.txt b/ChangeLog.d/fix-secure-element-key-creation.txt index 12441ae83d..23a46c068d 100644 --- a/ChangeLog.d/fix-secure-element-key-creation.txt +++ b/ChangeLog.d/fix-secure-element-key-creation.txt @@ -1,3 +1,5 @@ Bugfix - * Fix the error handling in psa_start_key_creation so that - out of memory issues are properly handled. Fixes #8537. + * Fix error handling when creating a key in a dynamic secure element + (feature enabled by MBEDTLS_PSA_CRYPTO_SE_C). In a low memory condition, + the creation could return PSA_SUCCESS but using or destroying the key + would not work. Fixes #8537. From c6d2df8a67c23e9e6b22cdae0d5cb7f458f1e85f Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 18 Dec 2023 20:38:38 +0100 Subject: [PATCH 005/429] Guard configuration-specific code A large block of code is only reachable if MBEDTLS_PK_USE_PSA_EC_DATA is enabled, i.e. if MBEDTLS_USE_PSA_CRYPTO is enabled with driver-only ECC. Compilers are likely to figure it out, but still, for clarity and robustness, do guard that block of code with the appropriate conditional compilation guard. Signed-off-by: Gilles Peskine --- library/ssl_tls12_server.c | 21 +++++++++++++-------- 1 file changed, 13 insertions(+), 8 deletions(-) diff --git a/library/ssl_tls12_server.c b/library/ssl_tls12_server.c index 923b093af9..e9a095eb33 100644 --- a/library/ssl_tls12_server.c +++ b/library/ssl_tls12_server.c @@ -2635,13 +2635,8 @@ static int ssl_get_ecdh_params_from_cert(mbedtls_ssl_context *ssl) ssl->handshake->xxdh_psa_type = psa_get_key_type(&key_attributes); ssl->handshake->xxdh_psa_bits = psa_get_key_bits(&key_attributes); - if (pk_type == MBEDTLS_PK_OPAQUE) { - /* Opaque key is created by the user (externally from Mbed TLS) - * so we assume it already has the right algorithm and flags - * set. Just copy its ID as reference. */ - ssl->handshake->xxdh_psa_privkey = pk->priv_id; - ssl->handshake->xxdh_psa_privkey_is_external = 1; - } else { +#if defined(MBEDTLS_PK_USE_PSA_EC_DATA) + if (pk_type != MBEDTLS_PK_OPAQUE) { /* PK_ECKEY[_DH] and PK_ECDSA instead as parsed from the PK * module and only have ECDSA capabilities. Since we need * them for ECDH later, we export and then re-import them with @@ -2669,10 +2664,20 @@ static int ssl_get_ecdh_params_from_cert(mbedtls_ssl_context *ssl) /* Set this key as owned by the TLS library: it will be its duty * to clear it exit. */ ssl->handshake->xxdh_psa_privkey_is_external = 0; - } + ret = 0; + break; + } +#endif /* MBEDTLS_PK_USE_PSA_EC_DATA */ + + /* Opaque key is created by the user (externally from Mbed TLS) + * so we assume it already has the right algorithm and flags + * set. Just copy its ID as reference. */ + ssl->handshake->xxdh_psa_privkey = pk->priv_id; + ssl->handshake->xxdh_psa_privkey_is_external = 1; ret = 0; break; + #if !defined(MBEDTLS_PK_USE_PSA_EC_DATA) case MBEDTLS_PK_ECKEY: case MBEDTLS_PK_ECKEY_DH: From bcfed5091740423870d7fbfac91d2c503389b4a7 Mon Sep 17 00:00:00 2001 From: "Signed-off-by: Steven WdV" Date: Thu, 29 Feb 2024 15:12:36 +0100 Subject: [PATCH 006/429] Fix compilation on macOS without apple-clang Signed-off-by: Steven WdV --- library/CMakeLists.txt | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/library/CMakeLists.txt b/library/CMakeLists.txt index 47ecf17be6..33e8d238b5 100644 --- a/library/CMakeLists.txt +++ b/library/CMakeLists.txt @@ -219,11 +219,11 @@ if(WIN32) set(libs ${libs} ws2_32 bcrypt) endif(WIN32) -if(${CMAKE_SYSTEM_NAME} MATCHES "Darwin") - SET(CMAKE_C_ARCHIVE_CREATE " Scr ") - SET(CMAKE_CXX_ARCHIVE_CREATE " Scr ") - SET(CMAKE_C_ARCHIVE_FINISH " -no_warning_for_no_symbols -c ") - SET(CMAKE_CXX_ARCHIVE_FINISH " -no_warning_for_no_symbols -c ") +if(CMAKE_C_COMPILER_ID MATCHES "AppleClang") + set(CMAKE_C_ARCHIVE_CREATE " Scr ") + set(CMAKE_CXX_ARCHIVE_CREATE " Scr ") + set(CMAKE_C_ARCHIVE_FINISH " -no_warning_for_no_symbols -c ") + set(CMAKE_CXX_ARCHIVE_FINISH " -no_warning_for_no_symbols -c ") endif() if(HAIKU) From 7d08983cb265c13e21c5a23fd4e14613307f5e47 Mon Sep 17 00:00:00 2001 From: Mingjie Shen Date: Tue, 5 Mar 2024 18:13:28 -0500 Subject: [PATCH 007/429] ssl_mail_client: Fix unbounded write of sprintf() These calls to sprintf may overflow buf because opt.mail_from and opt.mail_to are controlled by users. Fix by replacing sprintf with snprintf. Signed-off-by: Mingjie Shen --- programs/ssl/ssl_mail_client.c | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) diff --git a/programs/ssl/ssl_mail_client.c b/programs/ssl/ssl_mail_client.c index febb881c80..f26a23ba4f 100644 --- a/programs/ssl/ssl_mail_client.c +++ b/programs/ssl/ssl_mail_client.c @@ -727,7 +727,7 @@ usage: mbedtls_printf(" > Write MAIL FROM to server:"); fflush(stdout); - len = sprintf((char *) buf, "MAIL FROM:<%s>\r\n", opt.mail_from); + len = snprintf((char *) buf, sizeof(buf), "MAIL FROM:<%s>\r\n", opt.mail_from); ret = write_ssl_and_get_response(&ssl, buf, len); if (ret < 200 || ret > 299) { mbedtls_printf(" failed\n ! server responded with %d\n\n", ret); @@ -739,7 +739,7 @@ usage: mbedtls_printf(" > Write RCPT TO to server:"); fflush(stdout); - len = sprintf((char *) buf, "RCPT TO:<%s>\r\n", opt.mail_to); + len = snprintf((char *) buf, sizeof(buf), "RCPT TO:<%s>\r\n", opt.mail_to); ret = write_ssl_and_get_response(&ssl, buf, len); if (ret < 200 || ret > 299) { mbedtls_printf(" failed\n ! server responded with %d\n\n", ret); @@ -763,11 +763,12 @@ usage: mbedtls_printf(" > Write content to server:"); fflush(stdout); - len = sprintf((char *) buf, "From: %s\r\nSubject: Mbed TLS Test mail\r\n\r\n" - "This is a simple test mail from the " - "Mbed TLS mail client example.\r\n" - "\r\n" - "Enjoy!", opt.mail_from); + len = snprintf((char *) buf, sizeof(buf), + "From: %s\r\nSubject: Mbed TLS Test mail\r\n\r\n" + "This is a simple test mail from the " + "Mbed TLS mail client example.\r\n" + "\r\n" + "Enjoy!", opt.mail_from); ret = write_ssl_data(&ssl, buf, len); len = sprintf((char *) buf, "\r\n.\r\n"); From 0fc20cd44708caa860e1cf6864bc17cb3401d4a5 Mon Sep 17 00:00:00 2001 From: Mingjie Shen Date: Tue, 12 Mar 2024 16:00:28 -0400 Subject: [PATCH 008/429] ssl_mail_client: Replace snprintf with mbedtls_snprintf Signed-off-by: Mingjie Shen --- programs/ssl/ssl_mail_client.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/programs/ssl/ssl_mail_client.c b/programs/ssl/ssl_mail_client.c index f26a23ba4f..ccd9dc9345 100644 --- a/programs/ssl/ssl_mail_client.c +++ b/programs/ssl/ssl_mail_client.c @@ -727,7 +727,7 @@ usage: mbedtls_printf(" > Write MAIL FROM to server:"); fflush(stdout); - len = snprintf((char *) buf, sizeof(buf), "MAIL FROM:<%s>\r\n", opt.mail_from); + len = mbedtls_snprintf((char *) buf, sizeof(buf), "MAIL FROM:<%s>\r\n", opt.mail_from); ret = write_ssl_and_get_response(&ssl, buf, len); if (ret < 200 || ret > 299) { mbedtls_printf(" failed\n ! server responded with %d\n\n", ret); @@ -739,7 +739,7 @@ usage: mbedtls_printf(" > Write RCPT TO to server:"); fflush(stdout); - len = snprintf((char *) buf, sizeof(buf), "RCPT TO:<%s>\r\n", opt.mail_to); + len = mbedtls_snprintf((char *) buf, sizeof(buf), "RCPT TO:<%s>\r\n", opt.mail_to); ret = write_ssl_and_get_response(&ssl, buf, len); if (ret < 200 || ret > 299) { mbedtls_printf(" failed\n ! server responded with %d\n\n", ret); @@ -763,7 +763,7 @@ usage: mbedtls_printf(" > Write content to server:"); fflush(stdout); - len = snprintf((char *) buf, sizeof(buf), + len = mbedtls_snprintf((char *) buf, sizeof(buf), "From: %s\r\nSubject: Mbed TLS Test mail\r\n\r\n" "This is a simple test mail from the " "Mbed TLS mail client example.\r\n" From 8e35d9605715cc063c1c059f4561acc788ef5c7a Mon Sep 17 00:00:00 2001 From: Mingjie Shen Date: Tue, 12 Mar 2024 16:23:41 -0400 Subject: [PATCH 009/429] ssl_mail_client: Check return value of mbedtls_snprintf The return value of snprintf() is the number of characters (excluding the null terminator) which would have been written to the buffer if enough space had been available. Thus, a return value of size or more means the output was truncated. Signed-off-by: Mingjie Shen --- programs/ssl/ssl_mail_client.c | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/programs/ssl/ssl_mail_client.c b/programs/ssl/ssl_mail_client.c index ccd9dc9345..01d69d7b91 100644 --- a/programs/ssl/ssl_mail_client.c +++ b/programs/ssl/ssl_mail_client.c @@ -728,6 +728,10 @@ usage: fflush(stdout); len = mbedtls_snprintf((char *) buf, sizeof(buf), "MAIL FROM:<%s>\r\n", opt.mail_from); + if (len < 0 || (size_t)len >= sizeof(buf)) { + mbedtls_printf(" failed\n ! mbedtls_snprintf encountered error or truncated output\n\n"); + goto exit; + } ret = write_ssl_and_get_response(&ssl, buf, len); if (ret < 200 || ret > 299) { mbedtls_printf(" failed\n ! server responded with %d\n\n", ret); @@ -740,6 +744,10 @@ usage: fflush(stdout); len = mbedtls_snprintf((char *) buf, sizeof(buf), "RCPT TO:<%s>\r\n", opt.mail_to); + if (len < 0 || (size_t)len >= sizeof(buf)) { + mbedtls_printf(" failed\n ! mbedtls_snprintf encountered error or truncated output\n\n"); + goto exit; + } ret = write_ssl_and_get_response(&ssl, buf, len); if (ret < 200 || ret > 299) { mbedtls_printf(" failed\n ! server responded with %d\n\n", ret); @@ -769,6 +777,10 @@ usage: "Mbed TLS mail client example.\r\n" "\r\n" "Enjoy!", opt.mail_from); + if (len < 0 || (size_t)len >= sizeof(buf)) { + mbedtls_printf(" failed\n ! mbedtls_snprintf encountered error or truncated output\n\n"); + goto exit; + } ret = write_ssl_data(&ssl, buf, len); len = sprintf((char *) buf, "\r\n.\r\n"); From d97b96f2ecf59dc12f4fe1d906421bf206565de8 Mon Sep 17 00:00:00 2001 From: Mingjie Shen Date: Mon, 18 Mar 2024 14:30:06 -0400 Subject: [PATCH 010/429] ssl_mail_client: Fix code style issue Signed-off-by: Mingjie Shen --- programs/ssl/ssl_mail_client.c | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/programs/ssl/ssl_mail_client.c b/programs/ssl/ssl_mail_client.c index 01d69d7b91..e3ed697fad 100644 --- a/programs/ssl/ssl_mail_client.c +++ b/programs/ssl/ssl_mail_client.c @@ -728,7 +728,7 @@ usage: fflush(stdout); len = mbedtls_snprintf((char *) buf, sizeof(buf), "MAIL FROM:<%s>\r\n", opt.mail_from); - if (len < 0 || (size_t)len >= sizeof(buf)) { + if (len < 0 || (size_t) len >= sizeof(buf)) { mbedtls_printf(" failed\n ! mbedtls_snprintf encountered error or truncated output\n\n"); goto exit; } @@ -744,7 +744,7 @@ usage: fflush(stdout); len = mbedtls_snprintf((char *) buf, sizeof(buf), "RCPT TO:<%s>\r\n", opt.mail_to); - if (len < 0 || (size_t)len >= sizeof(buf)) { + if (len < 0 || (size_t) len >= sizeof(buf)) { mbedtls_printf(" failed\n ! mbedtls_snprintf encountered error or truncated output\n\n"); goto exit; } @@ -772,12 +772,12 @@ usage: fflush(stdout); len = mbedtls_snprintf((char *) buf, sizeof(buf), - "From: %s\r\nSubject: Mbed TLS Test mail\r\n\r\n" - "This is a simple test mail from the " - "Mbed TLS mail client example.\r\n" - "\r\n" - "Enjoy!", opt.mail_from); - if (len < 0 || (size_t)len >= sizeof(buf)) { + "From: %s\r\nSubject: Mbed TLS Test mail\r\n\r\n" + "This is a simple test mail from the " + "Mbed TLS mail client example.\r\n" + "\r\n" + "Enjoy!", opt.mail_from); + if (len < 0 || (size_t) len >= sizeof(buf)) { mbedtls_printf(" failed\n ! mbedtls_snprintf encountered error or truncated output\n\n"); goto exit; } From 9f0858db3034c7319d4ddf36da0f1681c4b4fb2a Mon Sep 17 00:00:00 2001 From: Steven WdV Date: Tue, 19 Mar 2024 11:39:22 +0100 Subject: [PATCH 011/429] Check C/C++ compilers separately for AppleClang ranlib Signed-off-by: Steven WdV --- library/CMakeLists.txt | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/library/CMakeLists.txt b/library/CMakeLists.txt index 33e8d238b5..eda377e708 100644 --- a/library/CMakeLists.txt +++ b/library/CMakeLists.txt @@ -221,8 +221,10 @@ endif(WIN32) if(CMAKE_C_COMPILER_ID MATCHES "AppleClang") set(CMAKE_C_ARCHIVE_CREATE " Scr ") - set(CMAKE_CXX_ARCHIVE_CREATE " Scr ") set(CMAKE_C_ARCHIVE_FINISH " -no_warning_for_no_symbols -c ") +endif() +if(CMAKE_CXX_COMPILER_ID MATCHES "AppleClang") + set(CMAKE_CXX_ARCHIVE_CREATE " Scr ") set(CMAKE_CXX_ARCHIVE_FINISH " -no_warning_for_no_symbols -c ") endif() From f5a6e220323f5abfe3d789b9be8bdb9a2a7a8ea8 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Mon, 18 Mar 2024 11:06:44 +0100 Subject: [PATCH 012/429] pk: fix documentation for mbedtls_pk_setup_opaque() Signed-off-by: Valerio Setti --- include/mbedtls/pk.h | 30 +++++++++++++++++------------- 1 file changed, 17 insertions(+), 13 deletions(-) diff --git a/include/mbedtls/pk.h b/include/mbedtls/pk.h index fde302f872..97af0a1714 100644 --- a/include/mbedtls/pk.h +++ b/include/mbedtls/pk.h @@ -361,24 +361,28 @@ int mbedtls_pk_setup(mbedtls_pk_context *ctx, const mbedtls_pk_info_t *info); /** * \brief Initialize a PK context to wrap a PSA key. * - * \note This function replaces mbedtls_pk_setup() for contexts - * that wrap a (possibly opaque) PSA key instead of - * storing and manipulating the key material directly. + * This function helps creating a PK context which wraps a + * PSA key. The PSA wrapped key must: + * * remain valid as long as the wrapping PK context is in use, + * that is at least between the point this function is + * called and the point mbedtls_pk_free() is called on this + * context; + * * be a key pair; + * * be an EC or RSA type (DH is not suported in PK module). + * + * Under the hood PSA functions are used to perform the required + * operations and, based on the key type, used algorithms will be: + * * EC: + * * verify: #PSA_ALG_ECDSA_ANY; + * * sign: try both deterministic and non-deterministic ECDSA. + * * RSA: + * * sign: #PSA_ALG_RSA_PKCS1V15_SIGN(); + * * decrypt: #PSA_ALG_RSA_PKCS1V15_CRYPT. * * \param ctx The context to initialize. It must be empty (type NONE). * \param key The PSA key to wrap, which must hold an ECC or RSA key * pair (see notes below). * - * \note The wrapped key must remain valid as long as the - * wrapping PK context is in use, that is at least between - * the point this function is called and the point - * mbedtls_pk_free() is called on this context. The wrapped - * key might then be independently used or destroyed. - * - * \note This function is currently only available for ECC or RSA - * key pairs (that is, keys containing private key material). - * Support for other key types may be added later. - * * \return \c 0 on success. * \return #MBEDTLS_ERR_PK_BAD_INPUT_DATA on invalid input * (context already used, invalid key identifier). From 622f90597ecc21435aa48698eca0ff93220e8dbf Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Mon, 18 Mar 2024 17:12:49 +0100 Subject: [PATCH 013/429] pk: improve documentation of mbedtls_pk_setup_opaque() Signed-off-by: Valerio Setti --- include/mbedtls/pk.h | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) diff --git a/include/mbedtls/pk.h b/include/mbedtls/pk.h index 97af0a1714..41138950ca 100644 --- a/include/mbedtls/pk.h +++ b/include/mbedtls/pk.h @@ -374,10 +374,19 @@ int mbedtls_pk_setup(mbedtls_pk_context *ctx, const mbedtls_pk_info_t *info); * operations and, based on the key type, used algorithms will be: * * EC: * * verify: #PSA_ALG_ECDSA_ANY; - * * sign: try both deterministic and non-deterministic ECDSA. + * * sign: try #PSA_ALG_DETERMINISTIC_ECDSA() first and, in + * case it fails, try with #PSA_ALG_ECDSA(). * * RSA: * * sign: #PSA_ALG_RSA_PKCS1V15_SIGN(); - * * decrypt: #PSA_ALG_RSA_PKCS1V15_CRYPT. + * * sign_ext: use the algorithm associated with the wrapped + * PSA key; + * * verify: not supported; + * * verify_ext: not supported; + * * decrypt: #PSA_ALG_RSA_PKCS1V15_CRYPT; + * * encrypt: not supported. + * In order to have above mentioned operations to succeed it is + * mandatory that the wrapped PSA key allows the specified + * algorithm in its policy. * * \param ctx The context to initialize. It must be empty (type NONE). * \param key The PSA key to wrap, which must hold an ECC or RSA key From 55ed91e0aa45d96fb676551d761076a0bc7c6c48 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Tue, 19 Mar 2024 11:32:51 +0100 Subject: [PATCH 014/429] pk: fix documentation for mbedtls_pk_setup_opaque() Signed-off-by: Valerio Setti --- include/mbedtls/pk.h | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) diff --git a/include/mbedtls/pk.h b/include/mbedtls/pk.h index 41138950ca..60942d7efa 100644 --- a/include/mbedtls/pk.h +++ b/include/mbedtls/pk.h @@ -373,9 +373,9 @@ int mbedtls_pk_setup(mbedtls_pk_context *ctx, const mbedtls_pk_info_t *info); * Under the hood PSA functions are used to perform the required * operations and, based on the key type, used algorithms will be: * * EC: - * * verify: #PSA_ALG_ECDSA_ANY; - * * sign: try #PSA_ALG_DETERMINISTIC_ECDSA() first and, in - * case it fails, try with #PSA_ALG_ECDSA(). + * * verify, verify_ext: #PSA_ALG_ECDSA_ANY; + * * sign, sign_ext: try #PSA_ALG_DETERMINISTIC_ECDSA() + * first and, in case it fails, try with #PSA_ALG_ECDSA(). * * RSA: * * sign: #PSA_ALG_RSA_PKCS1V15_SIGN(); * * sign_ext: use the algorithm associated with the wrapped @@ -384,9 +384,8 @@ int mbedtls_pk_setup(mbedtls_pk_context *ctx, const mbedtls_pk_info_t *info); * * verify_ext: not supported; * * decrypt: #PSA_ALG_RSA_PKCS1V15_CRYPT; * * encrypt: not supported. - * In order to have above mentioned operations to succeed it is - * mandatory that the wrapped PSA key allows the specified - * algorithm in its policy. + * In order for the above operations to succeed, the policy of + * the wrapped PSA key must allow the specified algorithm. * * \param ctx The context to initialize. It must be empty (type NONE). * \param key The PSA key to wrap, which must hold an ECC or RSA key From 18702d980f23049ad7c91b17d6abb2a1ec1f15c3 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Tue, 19 Mar 2024 16:38:57 +0100 Subject: [PATCH 015/429] pk: update documentation of mbedtls_pk_setup_opaque() based on #8951 Signed-off-by: Valerio Setti --- include/mbedtls/pk.h | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/include/mbedtls/pk.h b/include/mbedtls/pk.h index 60942d7efa..3b9d18dbba 100644 --- a/include/mbedtls/pk.h +++ b/include/mbedtls/pk.h @@ -377,9 +377,8 @@ int mbedtls_pk_setup(mbedtls_pk_context *ctx, const mbedtls_pk_info_t *info); * * sign, sign_ext: try #PSA_ALG_DETERMINISTIC_ECDSA() * first and, in case it fails, try with #PSA_ALG_ECDSA(). * * RSA: - * * sign: #PSA_ALG_RSA_PKCS1V15_SIGN(); - * * sign_ext: use the algorithm associated with the wrapped - * PSA key; + * * sign, sign_ext: use the algorithm associated with the + * wrapped PSA key; * * verify: not supported; * * verify_ext: not supported; * * decrypt: #PSA_ALG_RSA_PKCS1V15_CRYPT; From 80cd479fe0f50cd0c5abf1801e574441d5748bcf Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Wed, 20 Mar 2024 15:58:54 +0100 Subject: [PATCH 016/429] pk: fix description of mbedtls_pk_setup_opaque() Signed-off-by: Valerio Setti --- include/mbedtls/pk.h | 31 +++++++++++++------------------ 1 file changed, 13 insertions(+), 18 deletions(-) diff --git a/include/mbedtls/pk.h b/include/mbedtls/pk.h index 3b9d18dbba..ebd898ea82 100644 --- a/include/mbedtls/pk.h +++ b/include/mbedtls/pk.h @@ -362,33 +362,28 @@ int mbedtls_pk_setup(mbedtls_pk_context *ctx, const mbedtls_pk_info_t *info); * \brief Initialize a PK context to wrap a PSA key. * * This function helps creating a PK context which wraps a - * PSA key. The PSA wrapped key must: - * * remain valid as long as the wrapping PK context is in use, - * that is at least between the point this function is - * called and the point mbedtls_pk_free() is called on this - * context; - * * be a key pair; - * * be an EC or RSA type (DH is not suported in PK module). + * PSA key. The PSA wrapped key must be an EC or RSA key pair + * (DH is not suported in PK module). * * Under the hood PSA functions are used to perform the required * operations and, based on the key type, used algorithms will be: * * EC: - * * verify, verify_ext: #PSA_ALG_ECDSA_ANY; - * * sign, sign_ext: try #PSA_ALG_DETERMINISTIC_ECDSA() - * first and, in case it fails, try with #PSA_ALG_ECDSA(). + * * verify, verify_ext, sign, sign_ext: ECDSA. * * RSA: - * * sign, sign_ext: use the algorithm associated with the - * wrapped PSA key; - * * verify: not supported; - * * verify_ext: not supported; - * * decrypt: #PSA_ALG_RSA_PKCS1V15_CRYPT; - * * encrypt: not supported. + * * sign, sign_ext, decrypt: use the primary algorithm in + * the wrapped PSA key; + * * verify, verify_ext, encrypt: not supported. + * * In order for the above operations to succeed, the policy of * the wrapped PSA key must allow the specified algorithm. * + * \warning The PSA wrapped key must remain valid as long as the wrapping + * PK context is in use, that is at least between the point this + * function is called and the point mbedtls_pk_free() is called + * on this context. + * * \param ctx The context to initialize. It must be empty (type NONE). - * \param key The PSA key to wrap, which must hold an ECC or RSA key - * pair (see notes below). + * \param key The PSA key to wrap, which must hold an ECC or RSA key pair. * * \return \c 0 on success. * \return #MBEDTLS_ERR_PK_BAD_INPUT_DATA on invalid input From fc6b22c95ca4d6c3a8f13c4c96b6873903cbf19a Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Wed, 20 Mar 2024 16:08:08 +0100 Subject: [PATCH 017/429] pk: fix indentation in description of mbedtls_pk_setup_opaque() Signed-off-by: Valerio Setti --- include/mbedtls/pk.h | 48 ++++++++++++++++++++------------------------ 1 file changed, 22 insertions(+), 26 deletions(-) diff --git a/include/mbedtls/pk.h b/include/mbedtls/pk.h index ebd898ea82..86ab7d6ac2 100644 --- a/include/mbedtls/pk.h +++ b/include/mbedtls/pk.h @@ -359,38 +359,34 @@ int mbedtls_pk_setup(mbedtls_pk_context *ctx, const mbedtls_pk_info_t *info); #if defined(MBEDTLS_USE_PSA_CRYPTO) /** - * \brief Initialize a PK context to wrap a PSA key. + * \brief Initialize a PK context to wrap a PSA key. * - * This function helps creating a PK context which wraps a - * PSA key. The PSA wrapped key must be an EC or RSA key pair - * (DH is not suported in PK module). + * This function helps creating a PK context which wraps a PSA key. The PSA wrapped + * key must be an EC or RSA key pair (DH is not suported in PK module). * - * Under the hood PSA functions are used to perform the required - * operations and, based on the key type, used algorithms will be: - * * EC: - * * verify, verify_ext, sign, sign_ext: ECDSA. - * * RSA: - * * sign, sign_ext, decrypt: use the primary algorithm in - * the wrapped PSA key; - * * verify, verify_ext, encrypt: not supported. + * Under the hood PSA functions are used to perform the required + * operations and, based on the key type, used algorithms will be: + * * EC: + * * verify, verify_ext, sign, sign_ext: ECDSA. + * * RSA: + * * sign, sign_ext, decrypt: use the primary algorithm in the wrapped PSA key; + * * verify, verify_ext, encrypt: not supported. * - * In order for the above operations to succeed, the policy of - * the wrapped PSA key must allow the specified algorithm. + * In order for the above operations to succeed, the policy of the wrapped PSA + * key must allow the specified algorithm. * - * \warning The PSA wrapped key must remain valid as long as the wrapping - * PK context is in use, that is at least between the point this - * function is called and the point mbedtls_pk_free() is called - * on this context. + * \warning The PSA wrapped key must remain valid as long as the wrapping PK + * context is in use, that is at least between the point this function + * is called and the point mbedtls_pk_free() is called on this context. * - * \param ctx The context to initialize. It must be empty (type NONE). - * \param key The PSA key to wrap, which must hold an ECC or RSA key pair. + * \param ctx The context to initialize. It must be empty (type NONE). + * \param key The PSA key to wrap, which must hold an ECC or RSA key pair. * - * \return \c 0 on success. - * \return #MBEDTLS_ERR_PK_BAD_INPUT_DATA on invalid input - * (context already used, invalid key identifier). - * \return #MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE if the key is not an - * ECC key pair. - * \return #MBEDTLS_ERR_PK_ALLOC_FAILED on allocation failure. + * \return \c 0 on success. + * \return #MBEDTLS_ERR_PK_BAD_INPUT_DATA on invalid input (context already + * used, invalid key identifier). + * \return #MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE if the key is not an ECC key pair. + * \return #MBEDTLS_ERR_PK_ALLOC_FAILED on allocation failure. */ int mbedtls_pk_setup_opaque(mbedtls_pk_context *ctx, const mbedtls_svc_key_id_t key); From 42a3954cd394f35d1238d63a56610ff69975c153 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Thu, 21 Mar 2024 16:22:24 +0100 Subject: [PATCH 018/429] pk: fix description of mbedtls_pk_setup_opaque for sign_ext() Signed-off-by: Valerio Setti --- include/mbedtls/pk.h | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/include/mbedtls/pk.h b/include/mbedtls/pk.h index 86ab7d6ac2..e33702fe86 100644 --- a/include/mbedtls/pk.h +++ b/include/mbedtls/pk.h @@ -369,7 +369,9 @@ int mbedtls_pk_setup(mbedtls_pk_context *ctx, const mbedtls_pk_info_t *info); * * EC: * * verify, verify_ext, sign, sign_ext: ECDSA. * * RSA: - * * sign, sign_ext, decrypt: use the primary algorithm in the wrapped PSA key; + * * sign, decrypt: use the primary algorithm in the wrapped PSA key; + * * sign_ext: RSA PSS if the pk_type is #MBEDTLS_PK_RSASSA_PSS, otherwise + * it falls back to the sign() case; * * verify, verify_ext, encrypt: not supported. * * In order for the above operations to succeed, the policy of the wrapped PSA From afa6d51442a701babf43f6ffae0b8ad845fd991b Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Thu, 21 Mar 2024 16:23:34 +0100 Subject: [PATCH 019/429] pk: simplify mbedtls_pk_sign_ext() In case of opaque keys skip the check of the supported primary/enrollment algorithms. Just try to perfom the signature and if the wrapped key does not support RSA PSS the operation will fail automatically. Signed-off-by: Valerio Setti --- library/pk.c | 42 +++++++++--------------------------------- 1 file changed, 9 insertions(+), 33 deletions(-) diff --git a/library/pk.c b/library/pk.c index 097777f2c0..c29318dd97 100644 --- a/library/pk.c +++ b/library/pk.c @@ -1327,43 +1327,19 @@ int mbedtls_pk_sign_ext(mbedtls_pk_type_t pk_type, } if (mbedtls_pk_get_type(ctx) == MBEDTLS_PK_OPAQUE) { - psa_key_attributes_t key_attr = PSA_KEY_ATTRIBUTES_INIT; - psa_algorithm_t psa_alg, sign_alg; -#if defined(MBEDTLS_PSA_CRYPTO_C) - psa_algorithm_t psa_enrollment_alg; -#endif /* MBEDTLS_PSA_CRYPTO_C */ psa_status_t status; - status = psa_get_key_attributes(ctx->priv_id, &key_attr); - if (status != PSA_SUCCESS) { - return PSA_PK_RSA_TO_MBEDTLS_ERR(status); - } - psa_alg = psa_get_key_algorithm(&key_attr); -#if defined(MBEDTLS_PSA_CRYPTO_C) - psa_enrollment_alg = psa_get_key_enrollment_algorithm(&key_attr); -#endif /* MBEDTLS_PSA_CRYPTO_C */ - psa_reset_key_attributes(&key_attr); - - /* Since we're PK type is MBEDTLS_PK_RSASSA_PSS at least one between - * alg and enrollment alg should be of type RSA_PSS. */ - if (PSA_ALG_IS_RSA_PSS(psa_alg)) { - sign_alg = psa_alg; - } -#if defined(MBEDTLS_PSA_CRYPTO_C) - else if (PSA_ALG_IS_RSA_PSS(psa_enrollment_alg)) { - sign_alg = psa_enrollment_alg; - } -#endif /* MBEDTLS_PSA_CRYPTO_C */ - else { - /* The opaque key has no RSA PSS algorithm associated. */ - return MBEDTLS_ERR_PK_BAD_INPUT_DATA; - } - /* Adjust the hashing algorithm. */ - sign_alg = (sign_alg & ~PSA_ALG_HASH_MASK) | PSA_ALG_GET_HASH(psa_md_alg); - - status = psa_sign_hash(ctx->priv_id, sign_alg, + /* PSA_ALG_RSA_PSS() behaves the same as PSA_ALG_RSA_PSS_ANY_SALT() when + * performing a signature, but they are encoded differently. Instead of + * extracting the proper one from the wrapped key policy, just try both. */ + status = psa_sign_hash(ctx->priv_id, PSA_ALG_RSA_PSS(psa_md_alg), hash, hash_len, sig, sig_size, sig_len); + if (status == PSA_ERROR_NOT_PERMITTED) { + status = psa_sign_hash(ctx->priv_id, PSA_ALG_RSA_PSS_ANY_SALT(psa_md_alg), + hash, hash_len, + sig, sig_size, sig_len); + } return PSA_PK_RSA_TO_MBEDTLS_ERR(status); } From f0d4c9a7e209205d2d34210e75292a8b2fd505c0 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Thu, 21 Mar 2024 16:26:11 +0100 Subject: [PATCH 020/429] test_suite_pk: add failing check for sign_ext() in pk_psa_wrap_sign_ext() If the wrapped key has a PKCS1 v1.5 signature algorithm, then try to call sign_ext() to perform PSA RSS. Of course this will fail because it's not supported by the wrapped key. Signed-off-by: Valerio Setti --- tests/suites/test_suite_pk.function | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/tests/suites/test_suite_pk.function b/tests/suites/test_suite_pk.function index 388879d1a1..2ee81a34a0 100644 --- a/tests/suites/test_suite_pk.function +++ b/tests/suites/test_suite_pk.function @@ -2082,6 +2082,19 @@ void pk_psa_wrap_sign_ext(int pk_type, int key_bits, int key_pk_type, int md_alg memset(hash, 0x2a, sizeof(hash)); memset(sig, 0, sizeof(sig)); +#if defined(MBEDTLS_PKCS1_V21) + /* Check that trying to use the wrong pk_type in sign_ext() results in a failure. + * The PSA key was setup to use PKCS1 v1.5 signature algorithm, but here we try + * to use it for PSS (PKCS1 v2.1) and it should fail. */ + if (key_pk_type == MBEDTLS_PK_RSA) { + TEST_EQUAL(mbedtls_pk_sign_ext(MBEDTLS_PK_RSASSA_PSS, &pk, md_alg, hash, hash_len, + sig, sizeof(sig), &sig_len, + mbedtls_test_rnd_std_rand, NULL), + MBEDTLS_ERR_RSA_BAD_INPUT_DATA); + } +#endif /* MBEDTLS_PKCS1_V21 */ + + /* Perform sign_ext() with the correct pk_type. */ TEST_EQUAL(mbedtls_pk_sign_ext(key_pk_type, &pk, md_alg, hash, hash_len, sig, sizeof(sig), &sig_len, mbedtls_test_rnd_std_rand, NULL), 0); From ac81e23c33189c3d65c03233a71d6724eae03616 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Thu, 21 Mar 2024 16:49:02 +0100 Subject: [PATCH 021/429] pk: add check_pair info to mbedtls_pk_setup_opaque() documentation This also updates use-psa-crypto.md accordingly. Signed-off-by: Valerio Setti --- docs/use-psa-crypto.md | 9 ++------- include/mbedtls/pk.h | 3 +++ 2 files changed, 5 insertions(+), 7 deletions(-) diff --git a/docs/use-psa-crypto.md b/docs/use-psa-crypto.md index 92d0985249..f2983bd37a 100644 --- a/docs/use-psa-crypto.md +++ b/docs/use-psa-crypto.md @@ -75,13 +75,8 @@ operations and its public part can be exported. **Benefits:** isolation of long-term secrets, use of PSA Crypto drivers. -**Limitations:** can only wrap a key pair, can only use it for private key -operations. (That is, signature generation, and for RSA decryption too.) -Note: for ECDSA, currently this uses randomized ECDSA while Mbed TLS uses -deterministic ECDSA by default. The following operations are not supported -with a context set this way, while they would be available with a normal -context: `mbedtls_pk_check_pair()`, `mbedtls_pk_debug()`, all public key -operations. +**Limitations:** please refer to the documentation of `mbedtls_pk_setup_opaque()` +for a full list of supported operations and limitations. **Use in X.509 and TLS:** opt-in. The application needs to construct the PK context using the new API in order to get the benefits; it can then pass the diff --git a/include/mbedtls/pk.h b/include/mbedtls/pk.h index e33702fe86..a3b13633d4 100644 --- a/include/mbedtls/pk.h +++ b/include/mbedtls/pk.h @@ -377,6 +377,9 @@ int mbedtls_pk_setup(mbedtls_pk_context *ctx, const mbedtls_pk_info_t *info); * In order for the above operations to succeed, the policy of the wrapped PSA * key must allow the specified algorithm. * + * Opaque PK contexts wrapping an EC keys also support \c mbedtls_pk_check_pair(), + * whereas RSA ones do not. + * * \warning The PSA wrapped key must remain valid as long as the wrapping PK * context is in use, that is at least between the point this function * is called and the point mbedtls_pk_free() is called on this context. From 9ac3e23f5dff2787bb82c504166b60d03f0a94c1 Mon Sep 17 00:00:00 2001 From: Troy-Butler Date: Fri, 22 Mar 2024 14:46:04 -0400 Subject: [PATCH 022/429] Fix NULL argument handling in mbedtls_xxx_free() functions Signed-off-by: Troy-Butler --- library/block_cipher.c | 4 ++++ library/entropy.c | 4 ++++ library/lmots.c | 8 ++++++++ library/lms.c | 8 ++++++++ library/net_sockets.c | 2 +- library/nist_kw.c | 4 ++++ library/pem.c | 4 ++++ library/ssl_cookie.c | 4 ++++ library/ssl_ticket.c | 4 ++++ library/x509write_crt.c | 4 ++++ library/x509write_csr.c | 4 ++++ 11 files changed, 49 insertions(+), 1 deletion(-) diff --git a/library/block_cipher.c b/library/block_cipher.c index 04cd7fb444..51cdcdf46b 100644 --- a/library/block_cipher.c +++ b/library/block_cipher.c @@ -51,6 +51,10 @@ static int mbedtls_cipher_error_from_psa(psa_status_t status) void mbedtls_block_cipher_free(mbedtls_block_cipher_context_t *ctx) { + if (ctx == NULL) { + return; + } + #if defined(MBEDTLS_BLOCK_CIPHER_SOME_PSA) if (ctx->engine == MBEDTLS_BLOCK_CIPHER_ENGINE_PSA) { psa_destroy_key(ctx->psa_key_id); diff --git a/library/entropy.c b/library/entropy.c index e3bc8516e2..7dcf067a52 100644 --- a/library/entropy.c +++ b/library/entropy.c @@ -61,6 +61,10 @@ void mbedtls_entropy_init(mbedtls_entropy_context *ctx) void mbedtls_entropy_free(mbedtls_entropy_context *ctx) { + if (ctx == NULL) { + return; + } + /* If the context was already free, don't call free() again. * This is important for mutexes which don't allow double-free. */ if (ctx->accumulator_started == -1) { diff --git a/library/lmots.c b/library/lmots.c index c7091b49e1..c51cb41ece 100644 --- a/library/lmots.c +++ b/library/lmots.c @@ -387,6 +387,10 @@ void mbedtls_lmots_public_init(mbedtls_lmots_public_t *ctx) void mbedtls_lmots_public_free(mbedtls_lmots_public_t *ctx) { + if (ctx == NULL) { + return; + } + mbedtls_platform_zeroize(ctx, sizeof(*ctx)); } @@ -556,6 +560,10 @@ void mbedtls_lmots_private_init(mbedtls_lmots_private_t *ctx) void mbedtls_lmots_private_free(mbedtls_lmots_private_t *ctx) { + if (ctx == NULL) { + return; + } + mbedtls_platform_zeroize(ctx, sizeof(*ctx)); } diff --git a/library/lms.c b/library/lms.c index 8d3cae0524..7f7bec068b 100644 --- a/library/lms.c +++ b/library/lms.c @@ -229,6 +229,10 @@ void mbedtls_lms_public_init(mbedtls_lms_public_t *ctx) void mbedtls_lms_public_free(mbedtls_lms_public_t *ctx) { + if (ctx == NULL) { + return; + } + mbedtls_platform_zeroize(ctx, sizeof(*ctx)); } @@ -528,6 +532,10 @@ void mbedtls_lms_private_init(mbedtls_lms_private_t *ctx) void mbedtls_lms_private_free(mbedtls_lms_private_t *ctx) { + if (ctx == NULL) { + return; + } + unsigned int idx; if (ctx->have_private_key) { diff --git a/library/net_sockets.c b/library/net_sockets.c index edec5876ad..ef89a88ef0 100644 --- a/library/net_sockets.c +++ b/library/net_sockets.c @@ -683,7 +683,7 @@ void mbedtls_net_close(mbedtls_net_context *ctx) */ void mbedtls_net_free(mbedtls_net_context *ctx) { - if (ctx->fd == -1) { + if (ctx == NULL || ctx->fd == -1) { return; } diff --git a/library/nist_kw.c b/library/nist_kw.c index f15425b8bd..8faafe43f1 100644 --- a/library/nist_kw.c +++ b/library/nist_kw.c @@ -102,6 +102,10 @@ int mbedtls_nist_kw_setkey(mbedtls_nist_kw_context *ctx, */ void mbedtls_nist_kw_free(mbedtls_nist_kw_context *ctx) { + if (ctx == NULL) { + return; + } + mbedtls_cipher_free(&ctx->cipher_ctx); mbedtls_platform_zeroize(ctx, sizeof(mbedtls_nist_kw_context)); } diff --git a/library/pem.c b/library/pem.c index 0fee5df43a..0207601456 100644 --- a/library/pem.c +++ b/library/pem.c @@ -481,6 +481,10 @@ int mbedtls_pem_read_buffer(mbedtls_pem_context *ctx, const char *header, const void mbedtls_pem_free(mbedtls_pem_context *ctx) { + if (ctx == NULL) { + return; + } + if (ctx->buf != NULL) { mbedtls_zeroize_and_free(ctx->buf, ctx->buflen); } diff --git a/library/ssl_cookie.c b/library/ssl_cookie.c index 2772cac4be..acc9e8c080 100644 --- a/library/ssl_cookie.c +++ b/library/ssl_cookie.c @@ -84,6 +84,10 @@ void mbedtls_ssl_cookie_set_timeout(mbedtls_ssl_cookie_ctx *ctx, unsigned long d void mbedtls_ssl_cookie_free(mbedtls_ssl_cookie_ctx *ctx) { + if (ctx == NULL) { + return; + } + #if defined(MBEDTLS_USE_PSA_CRYPTO) psa_destroy_key(ctx->psa_hmac_key); #else diff --git a/library/ssl_ticket.c b/library/ssl_ticket.c index 6a31b0bee6..bfb656cf62 100644 --- a/library/ssl_ticket.c +++ b/library/ssl_ticket.c @@ -534,6 +534,10 @@ cleanup: */ void mbedtls_ssl_ticket_free(mbedtls_ssl_ticket_context *ctx) { + if (ctx == NULL) { + return; + } + #if defined(MBEDTLS_USE_PSA_CRYPTO) psa_destroy_key(ctx->keys[0].key); psa_destroy_key(ctx->keys[1].key); diff --git a/library/x509write_crt.c b/library/x509write_crt.c index 72f5a10a17..56f23c9fab 100644 --- a/library/x509write_crt.c +++ b/library/x509write_crt.c @@ -46,6 +46,10 @@ void mbedtls_x509write_crt_init(mbedtls_x509write_cert *ctx) void mbedtls_x509write_crt_free(mbedtls_x509write_cert *ctx) { + if (ctx == NULL) { + return; + } + mbedtls_asn1_free_named_data_list(&ctx->subject); mbedtls_asn1_free_named_data_list(&ctx->issuer); mbedtls_asn1_free_named_data_list(&ctx->extensions); diff --git a/library/x509write_csr.c b/library/x509write_csr.c index d3ddbcc03d..0d6f6bb1d3 100644 --- a/library/x509write_csr.c +++ b/library/x509write_csr.c @@ -43,6 +43,10 @@ void mbedtls_x509write_csr_init(mbedtls_x509write_csr *ctx) void mbedtls_x509write_csr_free(mbedtls_x509write_csr *ctx) { + if (ctx == NULL) { + return; + } + mbedtls_asn1_free_named_data_list(&ctx->subject); mbedtls_asn1_free_named_data_list(&ctx->extensions); From f9f63edbe4fb3f5c239a78153041ddfee057f397 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Mon, 25 Mar 2024 09:37:47 +0100 Subject: [PATCH 023/429] pk: fix typos in description of mbedtls_pk_setup_opaque() Signed-off-by: Valerio Setti --- include/mbedtls/pk.h | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/include/mbedtls/pk.h b/include/mbedtls/pk.h index a3b13633d4..a23927088c 100644 --- a/include/mbedtls/pk.h +++ b/include/mbedtls/pk.h @@ -361,10 +361,10 @@ int mbedtls_pk_setup(mbedtls_pk_context *ctx, const mbedtls_pk_info_t *info); /** * \brief Initialize a PK context to wrap a PSA key. * - * This function helps creating a PK context which wraps a PSA key. The PSA wrapped - * key must be an EC or RSA key pair (DH is not suported in PK module). + * This function creates a PK context which wraps a PSA key. The PSA wrapped + * key must be an EC or RSA key pair (DH is not suported in the PK module). * - * Under the hood PSA functions are used to perform the required + * Under the hood PSA functions will be used to perform the required * operations and, based on the key type, used algorithms will be: * * EC: * * verify, verify_ext, sign, sign_ext: ECDSA. From ec2cfb042c4cd02a2c555a51d6d6407b36d43b0d Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Mon, 25 Mar 2024 14:12:38 +0100 Subject: [PATCH 024/429] test_suite_pk: test check_pair() also with opaque RSA keys check_pair() is not supported by opaque RSA keys, but we want to be sure that calling this functions fails nicely instead for crashing. Signed-off-by: Valerio Setti --- tests/suites/test_suite_pk.function | 23 +++++++++++++++-------- 1 file changed, 15 insertions(+), 8 deletions(-) diff --git a/tests/suites/test_suite_pk.function b/tests/suites/test_suite_pk.function index ddcbd83820..73d27fed3e 100644 --- a/tests/suites/test_suite_pk.function +++ b/tests/suites/test_suite_pk.function @@ -1021,6 +1021,7 @@ void mbedtls_pk_check_pair(char *pub_file, char *prv_file, int ret) #if defined(MBEDTLS_USE_PSA_CRYPTO) mbedtls_svc_key_id_t opaque_key_id = MBEDTLS_SVC_KEY_ID_INIT; psa_key_attributes_t opaque_key_attr = PSA_KEY_ATTRIBUTES_INIT; + int is_ec_key = 0; #endif /* MBEDTLS_USE_PSA_CRYPTO */ mbedtls_pk_init(&pub); @@ -1057,16 +1058,22 @@ void mbedtls_pk_check_pair(char *pub_file, char *prv_file, int ret) } #endif #if defined(MBEDTLS_USE_PSA_CRYPTO) - if (mbedtls_pk_get_type(&prv) == MBEDTLS_PK_ECKEY) { - /* Turn the prv PK context into an opaque one.*/ - TEST_EQUAL(mbedtls_pk_get_psa_attributes(&prv, PSA_KEY_USAGE_SIGN_HASH, - &opaque_key_attr), 0); - TEST_EQUAL(mbedtls_pk_import_into_psa(&prv, &opaque_key_attr, &opaque_key_id), 0); - mbedtls_pk_free(&prv); - mbedtls_pk_init(&prv); - TEST_EQUAL(mbedtls_pk_setup_opaque(&prv, opaque_key_id), 0); + is_ec_key = (mbedtls_pk_get_type(&prv) == MBEDTLS_PK_ECKEY); + /* Turn the prv PK context into an opaque one.*/ + TEST_EQUAL(mbedtls_pk_get_psa_attributes(&prv, PSA_KEY_USAGE_SIGN_HASH, + &opaque_key_attr), 0); + TEST_EQUAL(mbedtls_pk_import_into_psa(&prv, &opaque_key_attr, &opaque_key_id), 0); + mbedtls_pk_free(&prv); + mbedtls_pk_init(&prv); + TEST_EQUAL(mbedtls_pk_setup_opaque(&prv, opaque_key_id), 0); + /* Test check_pair() between the opaque key we just created and the public PK counterpart. + * Note: opaque EC keys support check_pair(), whereas RSA ones do not. */ + if (is_ec_key) { TEST_EQUAL(mbedtls_pk_check_pair(&pub, &prv, mbedtls_test_rnd_std_rand, NULL), ret); + } else { + TEST_EQUAL(mbedtls_pk_check_pair(&pub, &prv, mbedtls_test_rnd_std_rand, + NULL), MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE); } #endif From 96eed725e1f6f2558fc4eb8af4c3fb0ae099aa18 Mon Sep 17 00:00:00 2001 From: Norbert Fabritius Date: Mon, 23 Jan 2023 15:24:59 +0100 Subject: [PATCH 025/429] Guard ticket specific TLS 1.3 function with macro Guard ssl_tls13_write_new_session_ticket_coordinate with MBEDTLS_SSL_SESSION_TICKETS macro. Signed-off-by: Norbert Fabritius --- library/ssl_tls13_server.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c index e8afe4509b..5c5ef5d5fd 100644 --- a/library/ssl_tls13_server.c +++ b/library/ssl_tls13_server.c @@ -3103,6 +3103,7 @@ static int ssl_tls13_handshake_wrapup(mbedtls_ssl_context *ssl) return 0; } +#if defined(MBEDTLS_SSL_SESSION_TICKETS) /* * Handler for MBEDTLS_SSL_TLS1_3_NEW_SESSION_TICKET */ @@ -3132,7 +3133,6 @@ static int ssl_tls13_write_new_session_ticket_coordinate(mbedtls_ssl_context *ss return SSL_NEW_SESSION_TICKET_WRITE; } -#if defined(MBEDTLS_SSL_SESSION_TICKETS) MBEDTLS_CHECK_RETURN_CRITICAL static int ssl_tls13_prepare_new_session_ticket(mbedtls_ssl_context *ssl, unsigned char *ticket_nonce, From 1f045f3a0ce6a471fbe9968b5ffb2eda8b7bd99a Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Mon, 25 Mar 2024 13:37:07 +0100 Subject: [PATCH 026/429] tls13: srv: Fix guards of _is_psk_(ephemeral_)available Signed-off-by: Ronald Cron --- library/ssl_tls13_server.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c index 5c5ef5d5fd..92e8add6c2 100644 --- a/library/ssl_tls13_server.c +++ b/library/ssl_tls13_server.c @@ -172,12 +172,12 @@ static int ssl_tls13_parse_key_exchange_modes_ext(mbedtls_ssl_context *ssl, #define SSL_TLS1_3_PSK_IDENTITY_MATCH_BUT_PSK_NOT_USABLE 1 #define SSL_TLS1_3_PSK_IDENTITY_MATCH 0 -#if defined(MBEDTLS_SSL_SESSION_TICKETS) MBEDTLS_CHECK_RETURN_CRITICAL static int ssl_tls13_key_exchange_is_psk_available(mbedtls_ssl_context *ssl); MBEDTLS_CHECK_RETURN_CRITICAL static int ssl_tls13_key_exchange_is_psk_ephemeral_available(mbedtls_ssl_context *ssl); +#if defined(MBEDTLS_SSL_SESSION_TICKETS) MBEDTLS_CHECK_RETURN_CRITICAL static int ssl_tls13_offered_psks_check_identity_match_ticket( mbedtls_ssl_context *ssl, From d60aef0f1b949278e386875402b13f8f638052e2 Mon Sep 17 00:00:00 2001 From: Norbert Fabritius Date: Tue, 24 Jan 2023 17:38:22 +0100 Subject: [PATCH 027/429] Unconditionally define session variable Signed-off-by: Norbert Fabritius --- library/ssl_tls13_server.c | 2 -- 1 file changed, 2 deletions(-) diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c index 92e8add6c2..8a76fbd32e 100644 --- a/library/ssl_tls13_server.c +++ b/library/ssl_tls13_server.c @@ -569,10 +569,8 @@ static int ssl_tls13_parse_pre_shared_key_ext( psa_algorithm_t psk_hash_alg; int allowed_key_exchange_modes; -#if defined(MBEDTLS_SSL_SESSION_TICKETS) mbedtls_ssl_session session; mbedtls_ssl_session_init(&session); -#endif MBEDTLS_SSL_CHK_BUF_READ_PTR(p_identity_len, identities_end, 2 + 1 + 4); identity_len = MBEDTLS_GET_UINT16_BE(p_identity_len, 0); From 8ceeff95e977f41e5fe5affd1f3a39c6c92ad3b6 Mon Sep 17 00:00:00 2001 From: Norbert Fabritius Date: Tue, 24 Jan 2023 17:58:13 +0100 Subject: [PATCH 028/429] Enable ssl_tls13_get_ciphersuite_hash_alg only if macro is active Signed-off-by: Norbert Fabritius --- library/ssl_tls13_client.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c index 7fcc394319..162e3a3146 100644 --- a/library/ssl_tls13_client.c +++ b/library/ssl_tls13_client.c @@ -666,6 +666,7 @@ static int ssl_tls13_write_psk_key_exchange_modes_ext(mbedtls_ssl_context *ssl, return 0; } +#if defined(MBEDTLS_SSL_SESSION_TICKETS) static psa_algorithm_t ssl_tls13_get_ciphersuite_hash_alg(int ciphersuite) { const mbedtls_ssl_ciphersuite_t *ciphersuite_info = NULL; @@ -678,7 +679,6 @@ static psa_algorithm_t ssl_tls13_get_ciphersuite_hash_alg(int ciphersuite) return PSA_ALG_NONE; } -#if defined(MBEDTLS_SSL_SESSION_TICKETS) static int ssl_tls13_has_configured_ticket(mbedtls_ssl_context *ssl) { mbedtls_ssl_session *session = ssl->session_negotiate; From d36913a58f4dc057450ca89bdba58d3e65bd7832 Mon Sep 17 00:00:00 2001 From: Norbert Fabritius Date: Tue, 24 Jan 2023 17:48:29 +0100 Subject: [PATCH 029/429] Constify parameter of ssl_tls13_session_load Signed-off-by: Norbert Fabritius --- library/ssl_tls.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index ac53853a5b..ff8a384e20 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -4048,7 +4048,7 @@ static int ssl_tls13_session_save(const mbedtls_ssl_session *session, } static int ssl_tls13_session_load(const mbedtls_ssl_session *session, - unsigned char *buf, + const unsigned char *buf, size_t buf_len) { ((void) session); From 18b92a1aec447a7d4b6f01ab853f35dd780ce977 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Tue, 26 Mar 2024 10:15:08 +0100 Subject: [PATCH 030/429] tests: ssl: Fix session field guards Signed-off-by: Ronald Cron --- tests/src/test_helpers/ssl_helpers.c | 40 +++++++++++++++++----------- tests/suites/test_suite_ssl.function | 26 +++++++++++------- 2 files changed, 41 insertions(+), 25 deletions(-) diff --git a/tests/src/test_helpers/ssl_helpers.c b/tests/src/test_helpers/ssl_helpers.c index 55201c0b78..d4d82f6ed7 100644 --- a/tests/src/test_helpers/ssl_helpers.c +++ b/tests/src/test_helpers/ssl_helpers.c @@ -1791,30 +1791,33 @@ int mbedtls_test_ssl_tls13_populate_session(mbedtls_ssl_session *session, session->endpoint = endpoint_type == MBEDTLS_SSL_IS_CLIENT ? MBEDTLS_SSL_IS_CLIENT : MBEDTLS_SSL_IS_SERVER; session->ciphersuite = 0xabcd; + +#if defined(MBEDTLS_SSL_SESSION_TICKETS) session->ticket_age_add = 0x87654321; session->ticket_flags = 0x7; - session->resumption_key_len = 32; memset(session->resumption_key, 0x99, sizeof(session->resumption_key)); - -#if defined(MBEDTLS_SSL_EARLY_DATA) - session->max_early_data_size = 0x87654321; -#if defined(MBEDTLS_SSL_ALPN) && defined(MBEDTLS_SSL_SRV_C) - int ret = mbedtls_ssl_session_set_ticket_alpn(session, "ALPNExample"); - if (ret != 0) { - return -1; - } -#endif /* MBEDTLS_SSL_ALPN && MBEDTLS_SSL_SRV_C */ -#endif /* MBEDTLS_SSL_EARLY_DATA */ - -#if defined(MBEDTLS_HAVE_TIME) && defined(MBEDTLS_SSL_SRV_C) - if (session->endpoint == MBEDTLS_SSL_IS_SERVER) { - session->ticket_creation_time = mbedtls_ms_time() - 42; - } #endif +#if defined(MBEDTLS_SSL_SRV_C) + if (session->endpoint == MBEDTLS_SSL_IS_SERVER) { +#if defined(MBEDTLS_SSL_SESSION_TICKETS) +#if defined(MBEDTLS_SSL_EARLY_DATA) && defined(MBEDTLS_SSL_ALPN) + int ret = mbedtls_ssl_session_set_ticket_alpn(session, "ALPNExample"); + if (ret != 0) { + return -1; + } +#endif +#if defined(MBEDTLS_HAVE_TIME) + session->ticket_creation_time = mbedtls_ms_time() - 42; +#endif +#endif /* MBEDTLS_SSL_SESSION_TICKETS */ + } +#endif /* MBEDTLS_SSL_SRV_C */ + #if defined(MBEDTLS_SSL_CLI_C) if (session->endpoint == MBEDTLS_SSL_IS_CLIENT) { +#if defined(MBEDTLS_SSL_SESSION_TICKETS) #if defined(MBEDTLS_HAVE_TIME) session->ticket_reception_time = mbedtls_ms_time() - 40; #endif @@ -1828,9 +1831,14 @@ int mbedtls_test_ssl_tls13_populate_session(mbedtls_ssl_session *session, } memset(session->ticket, 33, ticket_len); } +#endif /* MBEDTLS_SSL_SESSION_TICKETS */ } #endif /* MBEDTLS_SSL_CLI_C */ +#if defined(MBEDTLS_SSL_EARLY_DATA) + session->max_early_data_size = 0x87654321; +#endif /* MBEDTLS_SSL_EARLY_DATA */ + #if defined(MBEDTLS_SSL_RECORD_SIZE_LIMIT) session->record_size_limit = 2048; #endif diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index 67d97e47ce..b41a2513f4 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -2094,6 +2094,7 @@ void ssl_serialize_session_save_load(int ticket_len, char *crt_file, #if defined(MBEDTLS_SSL_PROTO_TLS1_3) if (tls_version == MBEDTLS_SSL_VERSION_TLS1_3) { TEST_ASSERT(original.ciphersuite == restored.ciphersuite); +#if defined(MBEDTLS_SSL_SESSION_TICKETS) TEST_ASSERT(original.ticket_age_add == restored.ticket_age_add); TEST_ASSERT(original.ticket_flags == restored.ticket_flags); TEST_ASSERT(original.resumption_key_len == restored.resumption_key_len); @@ -2104,22 +2105,24 @@ void ssl_serialize_session_save_load(int ticket_len, char *crt_file, restored.resumption_key, original.resumption_key_len) == 0); } +#endif /* MBEDTLS_SSL_SESSION_TICKETS */ -#if defined(MBEDTLS_SSL_EARLY_DATA) - TEST_ASSERT( - original.max_early_data_size == restored.max_early_data_size); -#if defined(MBEDTLS_SSL_ALPN) && defined(MBEDTLS_SSL_SRV_C) +#if defined(MBEDTLS_SSL_SRV_C) if (endpoint_type == MBEDTLS_SSL_IS_SERVER) { +#if defined(MBEDTLS_SSL_SESSION_TICKETS) +#if defined(MBEDTLS_SSL_EARLY_DATA) && defined(MBEDTLS_SSL_ALPN) TEST_ASSERT(original.ticket_alpn != NULL); TEST_ASSERT(restored.ticket_alpn != NULL); TEST_MEMORY_COMPARE(original.ticket_alpn, strlen(original.ticket_alpn), restored.ticket_alpn, strlen(restored.ticket_alpn)); +#endif +#endif /* MBEDTLS_SSL_SESSION_TICKETS */ } -#endif -#endif +#endif /* MBEDTLS_SSL_SRV_C */ -#if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_CLI_C) +#if defined(MBEDTLS_SSL_CLI_C) if (endpoint_type == MBEDTLS_SSL_IS_CLIENT) { +#if defined(MBEDTLS_SSL_SESSION_TICKETS) #if defined(MBEDTLS_HAVE_TIME) TEST_ASSERT(original.ticket_reception_time == restored.ticket_reception_time); #endif @@ -2132,12 +2135,17 @@ void ssl_serialize_session_save_load(int ticket_len, char *crt_file, restored.ticket, original.ticket_len) == 0); } - +#endif /* MBEDTLS_SSL_SESSION_TICKETS */ } -#endif +#endif /* MBEDTLS_SSL_CLI_C */ } #endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ +#if defined(MBEDTLS_SSL_EARLY_DATA) + TEST_ASSERT( + original.max_early_data_size == restored.max_early_data_size); +#endif + #if defined(MBEDTLS_SSL_RECORD_SIZE_LIMIT) TEST_ASSERT(original.record_size_limit == restored.record_size_limit); #endif From ad0ee1a7c4657a7bad949e8eb23f01b888a24326 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Wed, 27 Mar 2024 09:18:04 +0100 Subject: [PATCH 031/429] tests: ssl: Remove redundant test Signed-off-by: Ronald Cron --- tests/suites/test_suite_ssl.function | 1 - 1 file changed, 1 deletion(-) diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index b41a2513f4..b5367f59c0 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -2093,7 +2093,6 @@ void ssl_serialize_session_save_load(int ticket_len, char *crt_file, #if defined(MBEDTLS_SSL_PROTO_TLS1_3) if (tls_version == MBEDTLS_SSL_VERSION_TLS1_3) { - TEST_ASSERT(original.ciphersuite == restored.ciphersuite); #if defined(MBEDTLS_SSL_SESSION_TICKETS) TEST_ASSERT(original.ticket_age_add == restored.ticket_age_add); TEST_ASSERT(original.ticket_flags == restored.ticket_flags); From 8d15e0114b40a6933650425c2267f8fa56f3a3f1 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Wed, 27 Mar 2024 09:30:13 +0100 Subject: [PATCH 032/429] tests: ssl: Add hostname checks in session serialization tests Signed-off-by: Ronald Cron --- tests/src/test_helpers/ssl_helpers.c | 8 ++++++++ tests/suites/test_suite_ssl.function | 6 ++++++ 2 files changed, 14 insertions(+) diff --git a/tests/src/test_helpers/ssl_helpers.c b/tests/src/test_helpers/ssl_helpers.c index d4d82f6ed7..255849fdc2 100644 --- a/tests/src/test_helpers/ssl_helpers.c +++ b/tests/src/test_helpers/ssl_helpers.c @@ -1831,6 +1831,14 @@ int mbedtls_test_ssl_tls13_populate_session(mbedtls_ssl_session *session, } memset(session->ticket, 33, ticket_len); } +#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) + char hostname[] = "hostname example"; + session->hostname = mbedtls_calloc(1, sizeof(hostname)); + if (session->hostname == NULL) { + return -1; + } + memcpy(session->hostname, hostname, sizeof(hostname)); +#endif #endif /* MBEDTLS_SSL_SESSION_TICKETS */ } #endif /* MBEDTLS_SSL_CLI_C */ diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index b5367f59c0..840af7d2d9 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -2134,6 +2134,12 @@ void ssl_serialize_session_save_load(int ticket_len, char *crt_file, restored.ticket, original.ticket_len) == 0); } +#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) + TEST_ASSERT(original.hostname != NULL); + TEST_ASSERT(restored.hostname != NULL); + TEST_MEMORY_COMPARE(original.hostname, strlen(original.hostname), + restored.hostname, strlen(restored.hostname)); +#endif #endif /* MBEDTLS_SSL_SESSION_TICKETS */ } #endif /* MBEDTLS_SSL_CLI_C */ From 161e14faf6a3d254b6afcad540f71572a03c58d2 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Tue, 26 Mar 2024 10:21:06 +0100 Subject: [PATCH 033/429] tests: ssl: Fix dependencies of TLS 1.3 session serialization tests Signed-off-by: Ronald Cron --- tests/suites/test_suite_ssl.data | 22 +++++++++++----------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/tests/suites/test_suite_ssl.data b/tests/suites/test_suite_ssl.data index 734b945148..c4498ce14a 100644 --- a/tests/suites/test_suite_ssl.data +++ b/tests/suites/test_suite_ssl.data @@ -930,35 +930,35 @@ depends_on:MBEDTLS_SSL_PROTO_TLS1_2 ssl_session_serialize_version_check:0:0:0:1:0:MBEDTLS_SSL_VERSION_TLS1_2 TLS 1.3: CLI: session serialization: Wrong major version -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_CLI_C +depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_CLI_C:MBEDTLS_SSL_SESSION_TICKETS ssl_session_serialize_version_check:1:0:0:0:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_VERSION_TLS1_3 TLS 1.3: CLI: session serialization: Wrong minor version -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_CLI_C +depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_CLI_C:MBEDTLS_SSL_SESSION_TICKETS ssl_session_serialize_version_check:0:1:0:0:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_VERSION_TLS1_3 TLS 1.3: CLI: session serialization: Wrong patch version -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_CLI_C +depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_CLI_C:MBEDTLS_SSL_SESSION_TICKETS ssl_session_serialize_version_check:0:0:1:0:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_VERSION_TLS1_3 TLS 1.3: CLI: session serialization: Wrong config -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_CLI_C +depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_CLI_C:MBEDTLS_SSL_SESSION_TICKETS ssl_session_serialize_version_check:0:0:0:1:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_VERSION_TLS1_3 TLS 1.3: SRV: session serialization: Wrong major version -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_SRV_C +depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_CLI_C:MBEDTLS_SSL_SESSION_TICKETS ssl_session_serialize_version_check:1:0:0:0:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_VERSION_TLS1_3 TLS 1.3: SRV: session serialization: Wrong minor version -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_SRV_C +depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_CLI_C:MBEDTLS_SSL_SESSION_TICKETS ssl_session_serialize_version_check:0:1:0:0:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_VERSION_TLS1_3 TLS 1.3: SRV: session serialization: Wrong patch version -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_SRV_C +depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_CLI_C:MBEDTLS_SSL_SESSION_TICKETS ssl_session_serialize_version_check:0:0:1:0:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_VERSION_TLS1_3 TLS 1.3: SRV: session serialization: Wrong config -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_SRV_C +depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_CLI_C:MBEDTLS_SSL_SESSION_TICKETS ssl_session_serialize_version_check:0:0:0:1:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_VERSION_TLS1_3 Test Session id & Ciphersuite accessors TLS 1.2 @@ -2971,7 +2971,7 @@ depends_on:MBEDTLS_SSL_SESSION_TICKETS:MBEDTLS_SSL_CLI_C:MBEDTLS_X509_USE_C:MBED ssl_serialize_session_save_load:1023:"data_files/server5.crt":0:MBEDTLS_SSL_VERSION_TLS1_2 TLS 1.3: CLI: Session serialization, save-load: no ticket -depends_on:MBEDTLS_SSL_PROTO_TLS1_3 +depends_on:MBEDTLS_SSL_SESSION_TICKETS:MBEDTLS_SSL_CLI_C:MBEDTLS_SSL_PROTO_TLS1_3 ssl_serialize_session_save_load:0:"":MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_VERSION_TLS1_3 TLS 1.3: CLI: Session serialization, save-load: small ticket @@ -3091,7 +3091,7 @@ depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_SESSION_TICKETS:MBEDTLS_SSL_CLI_ ssl_serialize_session_load_buf_size:1023:"data_files/server5.crt":0:MBEDTLS_SSL_VERSION_TLS1_2 TLS 1.3: CLI: Session serialization, load buffer size: no ticket -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_CLI_C +depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_SESSION_TICKETS:MBEDTLS_SSL_CLI_C ssl_serialize_session_load_buf_size:0:"":MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_VERSION_TLS1_3 TLS 1.3: CLI: Session serialization, load buffer size: small ticket @@ -3103,7 +3103,7 @@ depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_SESSION_TICKETS:MBEDTLS_SSL_CLI_ ssl_serialize_session_load_buf_size:1023:"":MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_VERSION_TLS1_3 TLS 1.3: SRV: Session serialization, load buffer size -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_SRV_C +depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_SESSION_TICKETS:MBEDTLS_SSL_SRV_C ssl_serialize_session_load_buf_size:0:"":MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_VERSION_TLS1_3 Test configuration of groups for DHE through mbedtls_ssl_conf_curves() From d30e91150e1a61e604a91da83d08d5214c6b4f65 Mon Sep 17 00:00:00 2001 From: Norbert Fabritius Date: Tue, 11 Apr 2023 15:40:05 +0200 Subject: [PATCH 034/429] all.sh: Add component testing default minus session tickets Signed-off-by: Norbert Fabritius Signed-off-by: Ronald Cron --- tests/scripts/all.sh | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index e17d5ac9b9..d811dd7888 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -6050,6 +6050,17 @@ component_test_tls13_no_compatibility_mode () { tests/ssl-opt.sh } +component_test_default_minus_session_tickets() { + msg "build: default config without session tickets" + scripts/config.py unset MBEDTLS_SSL_SESSION_TICKETS + CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . + make + msg "test: default config without session tickets" + make test + msg "ssl-opt.sh (default config without session tickets)" + tests/ssl-opt.sh +} + component_build_mingw () { msg "build: Windows cross build - mingw64, make (Link Library)" # ~ 30s make CC=i686-w64-mingw32-gcc AR=i686-w64-mingw32-ar LD=i686-w64-minggw32-ld CFLAGS='-Werror -Wall -Wextra -maes -msse2 -mpclmul' WINDOWS_BUILD=1 lib programs From 4f1c9278cca6bdb76cbe950fd8ba6d60e966b9fb Mon Sep 17 00:00:00 2001 From: Norbert Fabritius Date: Wed, 12 Apr 2023 09:50:30 +0200 Subject: [PATCH 035/429] ssl-opt.sh: Add missing MBEDTLS_SSL_SESSION_TICKETS dependencies Signed-off-by: Norbert Fabritius Signed-off-by: Jerry Yu Signed-off-by: Ronald Cron --- tests/opt-testcases/tls13-misc.sh | 3 ++ tests/ssl-opt.sh | 54 +++++++++++++++++++++++++++++++ 2 files changed, 57 insertions(+) diff --git a/tests/opt-testcases/tls13-misc.sh b/tests/opt-testcases/tls13-misc.sh index 5e43921710..5c7be7feca 100755 --- a/tests/opt-testcases/tls13-misc.sh +++ b/tests/opt-testcases/tls13-misc.sh @@ -813,6 +813,7 @@ run_test "TLS 1.3 m->m: resumption, cli/tkt kex modes psk_all/psk_all" \ requires_openssl_tls1_3_with_compatible_ephemeral requires_all_configs_enabled MBEDTLS_SSL_CLI_C \ + MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \ MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED \ @@ -858,6 +859,7 @@ run_test "TLS 1.3 m->O: resumption with early data" \ requires_gnutls_tls1_3 requires_all_configs_enabled MBEDTLS_SSL_CLI_C \ + MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \ MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED \ @@ -873,6 +875,7 @@ run_test "TLS 1.3 m->G: resumption" \ requires_gnutls_tls1_3 requires_all_configs_enabled MBEDTLS_SSL_CLI_C \ + MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \ MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED \ diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 3377f151b6..91666f1c6e 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -3731,6 +3731,7 @@ run_test "CBC Record splitting: TLS 1.2, no splitting" \ # Tests for Session Tickets +requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS run_test "Session resume using tickets: basic" \ "$P_SRV debug_level=3 tickets=1" \ "$P_CLI force_version=tls12 debug_level=3 tickets=1 reconnect=1" \ @@ -3745,6 +3746,7 @@ run_test "Session resume using tickets: basic" \ -s "a session has been resumed" \ -c "a session has been resumed" +requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS run_test "Session resume using tickets: manual rotation" \ "$P_SRV debug_level=3 tickets=1 ticket_rotate=1" \ "$P_CLI force_version=tls12 debug_level=3 tickets=1 reconnect=1" \ @@ -3759,6 +3761,7 @@ run_test "Session resume using tickets: manual rotation" \ -s "a session has been resumed" \ -c "a session has been resumed" +requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS run_test "Session resume using tickets: cache disabled" \ "$P_SRV debug_level=3 tickets=1 cache_max=0" \ "$P_CLI force_version=tls12 debug_level=3 tickets=1 reconnect=1" \ @@ -3773,6 +3776,7 @@ run_test "Session resume using tickets: cache disabled" \ -s "a session has been resumed" \ -c "a session has been resumed" +requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS run_test "Session resume using tickets: timeout" \ "$P_SRV debug_level=3 tickets=1 cache_max=0 ticket_timeout=1" \ "$P_CLI force_version=tls12 debug_level=3 tickets=1 reconnect=1 reco_delay=2000" \ @@ -3787,6 +3791,7 @@ run_test "Session resume using tickets: timeout" \ -S "a session has been resumed" \ -C "a session has been resumed" +requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS run_test "Session resume using tickets: session copy" \ "$P_SRV debug_level=3 tickets=1 cache_max=0" \ "$P_CLI force_version=tls12 debug_level=3 tickets=1 reconnect=1 reco_mode=0" \ @@ -3802,6 +3807,7 @@ run_test "Session resume using tickets: session copy" \ -c "a session has been resumed" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS run_test "Session resume using tickets: openssl server" \ "$O_SRV -tls1_2" \ "$P_CLI debug_level=3 tickets=1 reconnect=1" \ @@ -3812,6 +3818,7 @@ run_test "Session resume using tickets: openssl server" \ -c "a session has been resumed" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS run_test "Session resume using tickets: openssl client" \ "$P_SRV debug_level=3 tickets=1" \ "( $O_CLI -sess_out $SESSION; \ @@ -3825,6 +3832,7 @@ run_test "Session resume using tickets: openssl client" \ -s "a session has been resumed" requires_cipher_enabled "AES" "GCM" +requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS run_test "Session resume using tickets: AES-128-GCM" \ "$P_SRV debug_level=3 tickets=1 ticket_aead=AES-128-GCM" \ "$P_CLI force_version=tls12 debug_level=3 tickets=1 reconnect=1" \ @@ -3840,6 +3848,7 @@ run_test "Session resume using tickets: AES-128-GCM" \ -c "a session has been resumed" requires_cipher_enabled "AES" "GCM" +requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS run_test "Session resume using tickets: AES-192-GCM" \ "$P_SRV debug_level=3 tickets=1 ticket_aead=AES-192-GCM" \ "$P_CLI force_version=tls12 debug_level=3 tickets=1 reconnect=1" \ @@ -3855,6 +3864,7 @@ run_test "Session resume using tickets: AES-192-GCM" \ -c "a session has been resumed" requires_cipher_enabled "AES" "CCM" +requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS run_test "Session resume using tickets: AES-128-CCM" \ "$P_SRV debug_level=3 tickets=1 ticket_aead=AES-128-CCM" \ "$P_CLI force_version=tls12 debug_level=3 tickets=1 reconnect=1" \ @@ -3870,6 +3880,7 @@ run_test "Session resume using tickets: AES-128-CCM" \ -c "a session has been resumed" requires_cipher_enabled "AES" "CCM" +requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS run_test "Session resume using tickets: AES-192-CCM" \ "$P_SRV debug_level=3 tickets=1 ticket_aead=AES-192-CCM" \ "$P_CLI force_version=tls12 debug_level=3 tickets=1 reconnect=1" \ @@ -3885,6 +3896,7 @@ run_test "Session resume using tickets: AES-192-CCM" \ -c "a session has been resumed" requires_cipher_enabled "AES" "CCM" +requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS run_test "Session resume using tickets: AES-256-CCM" \ "$P_SRV debug_level=3 tickets=1 ticket_aead=AES-256-CCM" \ "$P_CLI force_version=tls12 debug_level=3 tickets=1 reconnect=1" \ @@ -3900,6 +3912,7 @@ run_test "Session resume using tickets: AES-256-CCM" \ -c "a session has been resumed" requires_cipher_enabled "CAMELLIA" "CCM" +requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS run_test "Session resume using tickets: CAMELLIA-128-CCM" \ "$P_SRV debug_level=3 tickets=1 ticket_aead=CAMELLIA-128-CCM" \ "$P_CLI force_version=tls12 debug_level=3 tickets=1 reconnect=1" \ @@ -3915,6 +3928,7 @@ run_test "Session resume using tickets: CAMELLIA-128-CCM" \ -c "a session has been resumed" requires_cipher_enabled "CAMELLIA" "CCM" +requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS run_test "Session resume using tickets: CAMELLIA-192-CCM" \ "$P_SRV debug_level=3 tickets=1 ticket_aead=CAMELLIA-192-CCM" \ "$P_CLI force_version=tls12 debug_level=3 tickets=1 reconnect=1" \ @@ -3930,6 +3944,7 @@ run_test "Session resume using tickets: CAMELLIA-192-CCM" \ -c "a session has been resumed" requires_cipher_enabled "CAMELLIA" "CCM" +requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS run_test "Session resume using tickets: CAMELLIA-256-CCM" \ "$P_SRV debug_level=3 tickets=1 ticket_aead=CAMELLIA-256-CCM" \ "$P_CLI force_version=tls12 debug_level=3 tickets=1 reconnect=1" \ @@ -3945,6 +3960,7 @@ run_test "Session resume using tickets: CAMELLIA-256-CCM" \ -c "a session has been resumed" requires_cipher_enabled "ARIA" "GCM" +requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS run_test "Session resume using tickets: ARIA-128-GCM" \ "$P_SRV debug_level=3 tickets=1 ticket_aead=ARIA-128-GCM" \ "$P_CLI force_version=tls12 debug_level=3 tickets=1 reconnect=1" \ @@ -3960,6 +3976,7 @@ run_test "Session resume using tickets: ARIA-128-GCM" \ -c "a session has been resumed" requires_cipher_enabled "ARIA" "GCM" +requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS run_test "Session resume using tickets: ARIA-192-GCM" \ "$P_SRV debug_level=3 tickets=1 ticket_aead=ARIA-192-GCM" \ "$P_CLI force_version=tls12 debug_level=3 tickets=1 reconnect=1" \ @@ -3975,6 +3992,7 @@ run_test "Session resume using tickets: ARIA-192-GCM" \ -c "a session has been resumed" requires_cipher_enabled "ARIA" "GCM" +requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS run_test "Session resume using tickets: ARIA-256-GCM" \ "$P_SRV debug_level=3 tickets=1 ticket_aead=ARIA-256-GCM" \ "$P_CLI force_version=tls12 debug_level=3 tickets=1 reconnect=1" \ @@ -3990,6 +4008,7 @@ run_test "Session resume using tickets: ARIA-256-GCM" \ -c "a session has been resumed" requires_cipher_enabled "ARIA" "CCM" +requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS run_test "Session resume using tickets: ARIA-128-CCM" \ "$P_SRV debug_level=3 tickets=1 ticket_aead=ARIA-128-CCM" \ "$P_CLI force_version=tls12 debug_level=3 tickets=1 reconnect=1" \ @@ -4005,6 +4024,7 @@ run_test "Session resume using tickets: ARIA-128-CCM" \ -c "a session has been resumed" requires_cipher_enabled "ARIA" "CCM" +requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS run_test "Session resume using tickets: ARIA-192-CCM" \ "$P_SRV debug_level=3 tickets=1 ticket_aead=ARIA-192-CCM" \ "$P_CLI force_version=tls12 debug_level=3 tickets=1 reconnect=1" \ @@ -4020,6 +4040,7 @@ run_test "Session resume using tickets: ARIA-192-CCM" \ -c "a session has been resumed" requires_cipher_enabled "ARIA" "CCM" +requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS run_test "Session resume using tickets: ARIA-256-CCM" \ "$P_SRV debug_level=3 tickets=1 ticket_aead=ARIA-256-CCM" \ "$P_CLI force_version=tls12 debug_level=3 tickets=1 reconnect=1" \ @@ -4035,6 +4056,7 @@ run_test "Session resume using tickets: ARIA-256-CCM" \ -c "a session has been resumed" requires_cipher_enabled "CHACHA20" +requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS run_test "Session resume using tickets: CHACHA20-POLY1305" \ "$P_SRV debug_level=3 tickets=1 ticket_aead=CHACHA20-POLY1305" \ "$P_CLI force_version=tls12 debug_level=3 tickets=1 reconnect=1" \ @@ -4052,6 +4074,7 @@ run_test "Session resume using tickets: CHACHA20-POLY1305" \ # Tests for Session Tickets with DTLS requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS run_test "Session resume using tickets, DTLS: basic" \ "$P_SRV debug_level=3 dtls=1 tickets=1" \ "$P_CLI debug_level=3 dtls=1 tickets=1 reconnect=1 skip_close_notify=1" \ @@ -4067,6 +4090,7 @@ run_test "Session resume using tickets, DTLS: basic" \ -c "a session has been resumed" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS run_test "Session resume using tickets, DTLS: cache disabled" \ "$P_SRV debug_level=3 dtls=1 tickets=1 cache_max=0" \ "$P_CLI debug_level=3 dtls=1 tickets=1 reconnect=1 skip_close_notify=1" \ @@ -4082,6 +4106,7 @@ run_test "Session resume using tickets, DTLS: cache disabled" \ -c "a session has been resumed" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS run_test "Session resume using tickets, DTLS: timeout" \ "$P_SRV debug_level=3 dtls=1 tickets=1 cache_max=0 ticket_timeout=1" \ "$P_CLI debug_level=3 dtls=1 tickets=1 reconnect=1 skip_close_notify=1 reco_delay=2000" \ @@ -4097,6 +4122,7 @@ run_test "Session resume using tickets, DTLS: timeout" \ -C "a session has been resumed" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS run_test "Session resume using tickets, DTLS: session copy" \ "$P_SRV debug_level=3 dtls=1 tickets=1 cache_max=0" \ "$P_CLI debug_level=3 dtls=1 tickets=1 reconnect=1 skip_close_notify=1 reco_mode=0" \ @@ -4112,6 +4138,7 @@ run_test "Session resume using tickets, DTLS: session copy" \ -c "a session has been resumed" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS run_test "Session resume using tickets, DTLS: openssl server" \ "$O_SRV -dtls" \ "$P_CLI dtls=1 debug_level=3 tickets=1 reconnect=1" \ @@ -4125,6 +4152,7 @@ run_test "Session resume using tickets, DTLS: openssl server" \ # probability with OpenSSL 1.0.2g on the CI, see #5012. requires_openssl_next requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS run_test "Session resume using tickets, DTLS: openssl client" \ "$P_SRV dtls=1 debug_level=3 tickets=1" \ "( $O_NEXT_CLI -dtls -sess_out $SESSION; \ @@ -4140,6 +4168,7 @@ run_test "Session resume using tickets, DTLS: openssl client" \ # Tests for Session Resume based on session-ID and cache requires_config_enabled MBEDTLS_SSL_CACHE_C +requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS run_test "Session resume using cache: tickets enabled on client" \ "$P_SRV debug_level=3 tickets=0" \ "$P_CLI force_version=tls12 debug_level=3 tickets=1 reconnect=1" \ @@ -4155,6 +4184,7 @@ run_test "Session resume using cache: tickets enabled on client" \ -c "a session has been resumed" requires_config_enabled MBEDTLS_SSL_CACHE_C +requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS run_test "Session resume using cache: tickets enabled on server" \ "$P_SRV debug_level=3 tickets=1" \ "$P_CLI force_version=tls12 debug_level=3 tickets=0 reconnect=1" \ @@ -4246,6 +4276,7 @@ run_test "Session resume using cache: session copy" \ -c "a session has been resumed" requires_config_enabled MBEDTLS_SSL_CACHE_C +requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS run_test "Session resume using cache: openssl client" \ "$P_SRV force_version=tls12 debug_level=3 tickets=0" \ "( $O_CLI -sess_out $SESSION; \ @@ -4295,6 +4326,7 @@ run_test "Session resume and connection ID" \ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_SSL_CACHE_C +requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS run_test "Session resume using cache, DTLS: tickets enabled on client" \ "$P_SRV dtls=1 debug_level=3 tickets=0" \ "$P_CLI dtls=1 debug_level=3 tickets=1 reconnect=1 skip_close_notify=1" \ @@ -4311,6 +4343,7 @@ run_test "Session resume using cache, DTLS: tickets enabled on client" \ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_SSL_CACHE_C +requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS run_test "Session resume using cache, DTLS: tickets enabled on server" \ "$P_SRV dtls=1 debug_level=3 tickets=1" \ "$P_CLI dtls=1 debug_level=3 tickets=0 reconnect=1 skip_close_notify=1" \ @@ -4396,6 +4429,7 @@ run_test "Session resume using cache, DTLS: session copy" \ requires_openssl_next requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_SSL_CACHE_C +requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS run_test "Session resume using cache, DTLS: openssl client" \ "$P_SRV dtls=1 debug_level=3 tickets=0" \ "( $O_NEXT_CLI -dtls -sess_out $SESSION; \ @@ -6656,6 +6690,7 @@ run_test "Non-blocking I/O: client auth" \ -c "Read from server: .* bytes read" requires_key_exchange_with_cert_in_tls12_or_tls13_enabled +requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS run_test "Non-blocking I/O: ticket" \ "$P_SRV nbio=2 tickets=1 auth_mode=none" \ "$P_CLI nbio=2 tickets=1" \ @@ -6665,6 +6700,7 @@ run_test "Non-blocking I/O: ticket" \ -c "Read from server: .* bytes read" requires_key_exchange_with_cert_in_tls12_or_tls13_enabled +requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS run_test "Non-blocking I/O: ticket + client auth" \ "$P_SRV nbio=2 tickets=1 auth_mode=required" \ "$P_CLI nbio=2 tickets=1" \ @@ -6674,6 +6710,7 @@ run_test "Non-blocking I/O: ticket + client auth" \ -c "Read from server: .* bytes read" requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT +requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS run_test "Non-blocking I/O: TLS 1.2 + ticket + client auth + resume" \ "$P_SRV nbio=2 tickets=1 auth_mode=required" \ "$P_CLI force_version=tls12 nbio=2 tickets=1 reconnect=1" \ @@ -6685,6 +6722,7 @@ run_test "Non-blocking I/O: TLS 1.2 + ticket + client auth + resume" \ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED +requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS run_test "Non-blocking I/O: TLS 1.3 + ticket + client auth + resume" \ "$P_SRV nbio=2 tickets=1 auth_mode=required" \ "$P_CLI nbio=2 tickets=1 reconnect=1" \ @@ -6694,6 +6732,7 @@ run_test "Non-blocking I/O: TLS 1.3 + ticket + client auth + resume" \ -c "Read from server: .* bytes read" requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT +requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS run_test "Non-blocking I/O: TLS 1.2 + ticket + resume" \ "$P_SRV nbio=2 tickets=1 auth_mode=none" \ "$P_CLI force_version=tls12 nbio=2 tickets=1 reconnect=1" \ @@ -6705,6 +6744,7 @@ run_test "Non-blocking I/O: TLS 1.2 + ticket + resume" \ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED +requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS run_test "Non-blocking I/O: TLS 1.3 + ticket + resume" \ "$P_SRV nbio=2 tickets=1 auth_mode=none" \ "$P_CLI nbio=2 tickets=1 reconnect=1" \ @@ -6743,6 +6783,7 @@ run_test "Event-driven I/O: client auth" \ -c "Read from server: .* bytes read" requires_key_exchange_with_cert_in_tls12_or_tls13_enabled +requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS run_test "Event-driven I/O: ticket" \ "$P_SRV event=1 tickets=1 auth_mode=none" \ "$P_CLI event=1 tickets=1" \ @@ -6752,6 +6793,7 @@ run_test "Event-driven I/O: ticket" \ -c "Read from server: .* bytes read" requires_key_exchange_with_cert_in_tls12_or_tls13_enabled +requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS run_test "Event-driven I/O: ticket + client auth" \ "$P_SRV event=1 tickets=1 auth_mode=required" \ "$P_CLI event=1 tickets=1" \ @@ -6761,6 +6803,7 @@ run_test "Event-driven I/O: ticket + client auth" \ -c "Read from server: .* bytes read" requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT +requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS run_test "Event-driven I/O: TLS 1.2 + ticket + client auth + resume" \ "$P_SRV event=1 tickets=1 auth_mode=required" \ "$P_CLI force_version=tls12 event=1 tickets=1 reconnect=1" \ @@ -6772,6 +6815,7 @@ run_test "Event-driven I/O: TLS 1.2 + ticket + client auth + resume" \ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED +requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS run_test "Event-driven I/O: TLS 1.3 + ticket + client auth + resume" \ "$P_SRV event=1 tickets=1 auth_mode=required" \ "$P_CLI event=1 tickets=1 reconnect=1" \ @@ -6781,6 +6825,7 @@ run_test "Event-driven I/O: TLS 1.3 + ticket + client auth + resume" \ -c "Read from server: .* bytes read" requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT +requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS run_test "Event-driven I/O: TLS 1.2 + ticket + resume" \ "$P_SRV event=1 tickets=1 auth_mode=none" \ "$P_CLI force_version=tls12 event=1 tickets=1 reconnect=1" \ @@ -6792,6 +6837,7 @@ run_test "Event-driven I/O: TLS 1.2 + ticket + resume" \ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED +requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS run_test "Event-driven I/O: TLS 1.3 + ticket + resume" \ "$P_SRV event=1 tickets=1 auth_mode=none" \ "$P_CLI event=1 tickets=1 reconnect=1" \ @@ -6824,6 +6870,7 @@ run_test "Event-driven I/O, DTLS: client auth" \ -c "Read from server: .* bytes read" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS run_test "Event-driven I/O, DTLS: ticket" \ "$P_SRV dtls=1 event=1 tickets=1 auth_mode=none" \ "$P_CLI dtls=1 event=1 tickets=1" \ @@ -6831,6 +6878,7 @@ run_test "Event-driven I/O, DTLS: ticket" \ -c "Read from server: .* bytes read" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS run_test "Event-driven I/O, DTLS: ticket + client auth" \ "$P_SRV dtls=1 event=1 tickets=1 auth_mode=required" \ "$P_CLI dtls=1 event=1 tickets=1" \ @@ -6838,6 +6886,7 @@ run_test "Event-driven I/O, DTLS: ticket + client auth" \ -c "Read from server: .* bytes read" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS run_test "Event-driven I/O, DTLS: ticket + client auth + resume" \ "$P_SRV dtls=1 event=1 tickets=1 auth_mode=required" \ "$P_CLI dtls=1 event=1 tickets=1 reconnect=1 skip_close_notify=1" \ @@ -6845,6 +6894,7 @@ run_test "Event-driven I/O, DTLS: ticket + client auth + resume" \ -c "Read from server: .* bytes read" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS run_test "Event-driven I/O, DTLS: ticket + resume" \ "$P_SRV dtls=1 event=1 tickets=1 auth_mode=none" \ "$P_CLI dtls=1 event=1 tickets=1 reconnect=1 skip_close_notify=1" \ @@ -11797,6 +11847,7 @@ run_test "DTLS reordering: Buffer out-of-order handshake message on server" \ requires_certificate_authentication requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS run_test "DTLS reordering: Buffer out-of-order CCS message on client"\ -p "$P_PXY delay_srv=NewSessionTicket" \ "$P_SRV dgram_packing=0 cookies=0 dtls=1 debug_level=2 \ @@ -11917,6 +11968,7 @@ run_test "DTLS proxy: 3d, FS, client auth" \ client_needs_more_time 2 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS run_test "DTLS proxy: 3d, FS, ticket" \ -p "$P_PXY drop=5 delay=5 duplicate=5" \ "$P_SRV dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=1 auth_mode=none" \ @@ -11927,6 +11979,7 @@ run_test "DTLS proxy: 3d, FS, ticket" \ client_needs_more_time 2 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS run_test "DTLS proxy: 3d, max handshake (FS, ticket + client auth)" \ -p "$P_PXY drop=5 delay=5 duplicate=5" \ "$P_SRV dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=1 auth_mode=required" \ @@ -11937,6 +11990,7 @@ run_test "DTLS proxy: 3d, max handshake (FS, ticket + client auth)" \ client_needs_more_time 2 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS run_test "DTLS proxy: 3d, max handshake, nbio" \ -p "$P_PXY drop=5 delay=5 duplicate=5" \ "$P_SRV dtls=1 dgram_packing=0 hs_timeout=500-10000 nbio=2 tickets=1 \ From 7df18bc21018ab548e8d22096af769ab467ea02f Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Mon, 25 Mar 2024 13:42:07 +0100 Subject: [PATCH 036/429] tls13: cli: Ignore tickets if not supported If a TLS 1.3 client receives a ticket and the feature is not enabled, ignore it. Signed-off-by: Ronald Cron --- library/ssl_msg.c | 32 ++++++++++++++++++-------------- 1 file changed, 18 insertions(+), 14 deletions(-) diff --git a/library/ssl_msg.c b/library/ssl_msg.c index b07cd96f1b..a9b94e6f0a 100644 --- a/library/ssl_msg.c +++ b/library/ssl_msg.c @@ -5570,25 +5570,19 @@ static int ssl_check_ctr_renegotiate(mbedtls_ssl_context *ssl) #if defined(MBEDTLS_SSL_PROTO_TLS1_3) -#if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_CLI_C) +#if defined(MBEDTLS_SSL_CLI_C) MBEDTLS_CHECK_RETURN_CRITICAL static int ssl_tls13_check_new_session_ticket(mbedtls_ssl_context *ssl) { if ((ssl->in_hslen == mbedtls_ssl_hs_hdr_len(ssl)) || (ssl->in_msg[0] != MBEDTLS_SSL_HS_NEW_SESSION_TICKET)) { - return 0; + return -1; } - ssl->keep_current_message = 1; - - MBEDTLS_SSL_DEBUG_MSG(3, ("NewSessionTicket received")); - mbedtls_ssl_handshake_set_state(ssl, - MBEDTLS_SSL_TLS1_3_NEW_SESSION_TICKET); - - return MBEDTLS_ERR_SSL_WANT_READ; + return 0; } -#endif /* MBEDTLS_SSL_SESSION_TICKETS && MBEDTLS_SSL_CLI_C */ +#endif /* MBEDTLS_SSL_CLI_C */ MBEDTLS_CHECK_RETURN_CRITICAL static int ssl_tls13_handle_hs_message_post_handshake(mbedtls_ssl_context *ssl) @@ -5596,14 +5590,24 @@ static int ssl_tls13_handle_hs_message_post_handshake(mbedtls_ssl_context *ssl) MBEDTLS_SSL_DEBUG_MSG(3, ("received post-handshake message")); -#if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_CLI_C) +#if defined(MBEDTLS_SSL_CLI_C) if (ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT) { int ret = ssl_tls13_check_new_session_ticket(ssl); - if (ret != 0) { - return ret; + if (ret == 0) { +#if defined(MBEDTLS_SSL_SESSION_TICKETS) + MBEDTLS_SSL_DEBUG_MSG(3, ("NewSessionTicket received")); + ssl->keep_current_message = 1; + + mbedtls_ssl_handshake_set_state(ssl, + MBEDTLS_SSL_TLS1_3_NEW_SESSION_TICKET); + return MBEDTLS_ERR_SSL_WANT_READ; +#else + MBEDTLS_SSL_DEBUG_MSG(3, ("Ignore NewSessionTicket, not supported.")); + return 0; +#endif } } -#endif /* MBEDTLS_SSL_SESSION_TICKETS && MBEDTLS_SSL_CLI_C */ +#endif /* MBEDTLS_SSL_CLI_C */ /* Fail in all other cases. */ return MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE; From ceae4f85ea6a71be8e7bbdf17a6bdcd57613815e Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Tue, 26 Mar 2024 11:17:10 +0100 Subject: [PATCH 037/429] ssl-opt.sh: Add tests where tickets are ignored Add tests where we explicitely check that tickets are ignored on client side when the support is not enabled. Signed-off-by: Ronald Cron --- tests/opt-testcases/tls13-misc.sh | 28 ++++++++++++++++++++++++++++ 1 file changed, 28 insertions(+) diff --git a/tests/opt-testcases/tls13-misc.sh b/tests/opt-testcases/tls13-misc.sh index 5c7be7feca..10bbf19d74 100755 --- a/tests/opt-testcases/tls13-misc.sh +++ b/tests/opt-testcases/tls13-misc.sh @@ -827,6 +827,20 @@ run_test "TLS 1.3 m->O: resumption" \ -c "Reconnecting with saved session... ok" \ -c "HTTP/1.0 200 ok" +requires_openssl_tls1_3_with_compatible_ephemeral +requires_all_configs_enabled MBEDTLS_SSL_CLI_C \ + MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ + MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED +requires_config_disabled MBEDTLS_SSL_SESSION_TICKETS +run_test "TLS 1.3 m->O: resumption fails, no ticket support" \ + "$O_NEXT_SRV -msg -tls1_3 -no_resume_ephemeral -no_cache --num_tickets 1" \ + "$P_CLI debug_level=3 reco_mode=1 reconnect=1" \ + 1 \ + -c "Protocol is TLSv1.3" \ + -C "Saving session for reuse... ok" \ + -C "Reconnecting with saved session... ok" \ + -c "Ignore NewSessionTicket, not supported." + # No early data m->O tests for the time being. The option -early_data is needed # to enable early data on OpenSSL server and it is not compatible with the # -www option we usually use for testing with OpenSSL server (see @@ -873,6 +887,20 @@ run_test "TLS 1.3 m->G: resumption" \ -c "Reconnecting with saved session... ok" \ -c "HTTP/1.0 200 OK" +requires_gnutls_tls1_3 +requires_all_configs_enabled MBEDTLS_SSL_CLI_C \ + MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ + MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED +requires_config_disabled MBEDTLS_SSL_SESSION_TICKETS +run_test "TLS 1.3 m->G: resumption fails, no ticket support" \ + "$G_NEXT_SRV -d 5 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 --disable-client-cert" \ + "$P_CLI debug_level=3 reco_mode=1 reconnect=1" \ + 1 \ + -c "Protocol is TLSv1.3" \ + -C "Saving session for reuse... ok" \ + -C "Reconnecting with saved session... ok" \ + -c "Ignore NewSessionTicket, not supported." + requires_gnutls_tls1_3 requires_all_configs_enabled MBEDTLS_SSL_CLI_C \ MBEDTLS_SSL_SESSION_TICKETS MBEDTLS_HAVE_TIME \ From 561e29e5da850c4ac532c97554cba61359151acc Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Thu, 21 Mar 2024 10:48:30 +0100 Subject: [PATCH 038/429] test-data: add predefined RSA and EC keys Automatically generated with the following bash script: ``` LIST="secp521r1 brainpoolP512r1 secp384r1 brainpoolP384r1 secp256r1 secp256k1 brainpoolP256r1 secp224r1 secp224k1 secp192r1 secp192k1 x25519 x448" for item in $LIST; do ./programs/pkey/gen_key type=ec ec_curve=$item filename="tests/data_files/ec_$item.der" format=der done LIST="1024 1026 1028 1030 2048 4096" for item in $LIST; do ./programs/pkey/gen_key type=rsa rsa_keysize=$item filename="tests/data_files/rsa_$item.der" format=der done ``` Signed-off-by: Valerio Setti --- tests/data_files/Makefile | 51 ++++++++++++++++++++++++ tests/data_files/ec_brainpoolP256r1.der | Bin 0 -> 122 bytes tests/data_files/ec_brainpoolP384r1.der | Bin 0 -> 171 bytes tests/data_files/ec_brainpoolP512r1.der | Bin 0 -> 221 bytes tests/data_files/ec_secp192k1.der | Bin 0 -> 94 bytes tests/data_files/ec_secp192r1.der | Bin 0 -> 97 bytes tests/data_files/ec_secp224k1.der | Bin 0 -> 107 bytes tests/data_files/ec_secp224r1.der | Bin 0 -> 106 bytes tests/data_files/ec_secp256k1.der | Bin 0 -> 118 bytes tests/data_files/ec_secp256r1.der | Bin 0 -> 121 bytes tests/data_files/ec_secp384r1.der | Bin 0 -> 167 bytes tests/data_files/ec_secp521r1.der | Bin 0 -> 223 bytes tests/data_files/ec_x25519.der | Bin 0 -> 48 bytes tests/data_files/ec_x448.der | Bin 0 -> 72 bytes tests/data_files/rsa_1024.der | Bin 0 -> 607 bytes tests/data_files/rsa_1026.der | Bin 0 -> 609 bytes tests/data_files/rsa_1028.der | Bin 0 -> 611 bytes tests/data_files/rsa_1030.der | Bin 0 -> 610 bytes tests/data_files/rsa_2048.der | Bin 0 -> 1191 bytes tests/data_files/rsa_4096.der | Bin 0 -> 2347 bytes 20 files changed, 51 insertions(+) create mode 100644 tests/data_files/ec_brainpoolP256r1.der create mode 100644 tests/data_files/ec_brainpoolP384r1.der create mode 100644 tests/data_files/ec_brainpoolP512r1.der create mode 100644 tests/data_files/ec_secp192k1.der create mode 100644 tests/data_files/ec_secp192r1.der create mode 100644 tests/data_files/ec_secp224k1.der create mode 100644 tests/data_files/ec_secp224r1.der create mode 100644 tests/data_files/ec_secp256k1.der create mode 100644 tests/data_files/ec_secp256r1.der create mode 100644 tests/data_files/ec_secp384r1.der create mode 100644 tests/data_files/ec_secp521r1.der create mode 100644 tests/data_files/ec_x25519.der create mode 100644 tests/data_files/ec_x448.der create mode 100644 tests/data_files/rsa_1024.der create mode 100644 tests/data_files/rsa_1026.der create mode 100644 tests/data_files/rsa_1028.der create mode 100644 tests/data_files/rsa_1030.der create mode 100644 tests/data_files/rsa_2048.der create mode 100644 tests/data_files/rsa_4096.der diff --git a/tests/data_files/Makefile b/tests/data_files/Makefile index d6df19c20c..3191270563 100644 --- a/tests/data_files/Makefile +++ b/tests/data_files/Makefile @@ -17,6 +17,7 @@ FAKETIME ?= faketime TOP_DIR = ../.. MBEDTLS_CERT_WRITE ?= $(TOP_DIR)/programs/x509/cert_write MBEDTLS_CERT_REQ ?= $(TOP_DIR)/programs/x509/cert_req +MBEDTLS_GEN_KEY ?= $(TOP_DIR)/programs/pkey/gen_key ## Build the generated test data. Note that since the final outputs @@ -718,6 +719,21 @@ rsa_pkcs1_4096_clear.pem: $(OPENSSL) genrsa -out $@ 4096 all_final += rsa_pkcs1_4096_clear.pem +### RSA keys in DER format used in test_suite_pk. +rsa_1024.der: $(MBEDTLS_GEN_KEY) + $(MBEDTLS_GEN_KEY) type=rsa rsa_keysize=1024 format=der filename="$@" +rsa_1026.der: $(MBEDTLS_GEN_KEY) + $(MBEDTLS_GEN_KEY) type=rsa rsa_keysize=1026 format=der filename="$@" +rsa_1028.der: $(MBEDTLS_GEN_KEY) + $(MBEDTLS_GEN_KEY) type=rsa rsa_keysize=1028 format=der filename="$@" +rsa_1030.der: $(MBEDTLS_GEN_KEY) + $(MBEDTLS_GEN_KEY) type=rsa rsa_keysize=1030 format=der filename="$@" +rsa_2048.der: $(MBEDTLS_GEN_KEY) + $(MBEDTLS_GEN_KEY) type=rsa rsa_keysize=2048 format=der filename="$@" +rsa_4096.der: $(MBEDTLS_GEN_KEY) + $(MBEDTLS_GEN_KEY) type=rsa rsa_keysize=4096 format=der filename="$@" +all_final += rsa_1024.der rsa_1026.der rsa_1028.der rsa_1030.der rsa_2048.der rsa_4096.der + ### ### PKCS1-encoded, encrypted RSA keys ### @@ -1189,6 +1205,41 @@ keys_rsa_all: keys_rsa_unenc keys_rsa_enc_basic keys_rsa_enc_pkcs8_v1 keys_rsa_e #### Generate various EC keys ################################################################ +### EC keys in DER format to be used in test_suite_pk. +seedfile: + ln -s $(TOP_DIR)/seedfile ./seedfile + +ec_brainpoolP256r1.der: seedfile + $(MBEDTLS_GEN_KEY) type=ec ec_curve=brainpoolP256r1 format=der filename="$@" +ec_brainpoolP384r1.der: seedfile + $(MBEDTLS_GEN_KEY) type=ec ec_curve=brainpoolP384r1 format=der filename="$@" +ec_brainpoolP512r1.der: seedfile + $(MBEDTLS_GEN_KEY) type=ec ec_curve=brainpoolP512r1 format=der filename="$@" +ec_secp192k1.der: seedfile + $(MBEDTLS_GEN_KEY) type=ec ec_curve=secp192k1 format=der filename="$@" +ec_secp192r1.der: seedfile + $(MBEDTLS_GEN_KEY) type=ec ec_curve=secp192r1 format=der filename="$@" +ec_secp224k1.der: seedfile + $(MBEDTLS_GEN_KEY) type=ec ec_curve=secp224k1 format=der filename="$@" +ec_secp224r1.der: seedfile + $(MBEDTLS_GEN_KEY) type=ec ec_curve=secp224r1 format=der filename="$@" +ec_secp256k1.der: seedfile + $(MBEDTLS_GEN_KEY) type=ec ec_curve=secp256k1 format=der filename="$@" +ec_secp256r1.der: seedfile + $(MBEDTLS_GEN_KEY) type=ec ec_curve=secp256r1 format=der filename="$@" +ec_secp384r1.der: seedfile + $(MBEDTLS_GEN_KEY) type=ec ec_curve=secp384r1 format=der filename="$@" +ec_secp521r1.der: seedfile + $(MBEDTLS_GEN_KEY) type=ec ec_curve=secp521r1 format=der filename="$@" +ec_x25519.der: seedfile + $(MBEDTLS_GEN_KEY) type=ec ec_curve=x25519 format=der filename="$@" +ec_x448.der: seedfile + $(MBEDTLS_GEN_KEY) type=ec ec_curve=x448 format=der filename="$@" +all_final += ec_brainpoolP256r1.der ec_brainpoolP384r1.der ec_brainpoolP512r1.der \ + ec_secp192k1.der ec_secp192r1.der ec_secp224k1.der ec_secp224r1.der \ + ec_secp256k1.der ec_secp256r1.der ec_secp384r1.der ec_secp521r1.der \ + ec_x25519.der ec_x448.der + ### ### PKCS8 encoded ### diff --git a/tests/data_files/ec_brainpoolP256r1.der b/tests/data_files/ec_brainpoolP256r1.der new file mode 100644 index 0000000000000000000000000000000000000000..5c9ce38a1392bc75c3b1ee1f9a5630ddcc7ba1e2 GIT binary patch literal 122 zcmV-=0EPcBcme?d1RyFTie)40l9gt(bJ2;`Ggz*wDL7nK#O+f4<-fl6a9^Mc1_>)9 z0|NpG0Rac0L<2$q1YmCorA!ZPQvVEeDXj=oGST2ZU^fibr?gBO6=shp&lKZdBr4^{ cs|c23-beUAxksn}ODl4yAfOXrRMy7GdJQQt2LJ#7 literal 0 HcmV?d00001 diff --git a/tests/data_files/ec_brainpoolP384r1.der b/tests/data_files/ec_brainpoolP384r1.der new file mode 100644 index 0000000000000000000000000000000000000000..11e393d0a7de01cee151d41051a06f745f221cd9 GIT binary patch literal 171 zcmV;c095}lfv5rj0R%7_O`^ucV#e_m^Qj#AUzn-i!^xMS ztN>)yf%7XknYufm3kC@*Bm)Bi2mt{Lp=1MM00b>g(rhZajeJSfE*@+9<~CSABIOLp zOk_kT5%mPypBN*=G$-$0zL-XYDrTo3p%99}J0I{`U2zIgqByLH&W}XE6Pus!O)M#o ZE*N|B!{r{pTQah7mDq%_X12%!K%D)iOFIAn literal 0 HcmV?d00001 diff --git a/tests/data_files/ec_brainpoolP512r1.der b/tests/data_files/ec_brainpoolP512r1.der new file mode 100644 index 0000000000000000000000000000000000000000..84fce0aa885a87cea5eb23ef2011444ffa4331b2 GIT binary patch literal 221 zcmV<303!b|f!YEA0R%vACosnfHG+RykMIJIeB-i=`OG)S)z}_Y@Z#KTTzY1Xzn^Cdo{Oh8%Tl*3_`z=5-OI(h;}pA7nau5L7j{OmZr+PZLab9kj`B@!A`7EcjiETEi0x#eC4A*o|O~hgsE5yJj XMQwy>^d1$v{{=?6$WKn+KTp8J^UY&e literal 0 HcmV?d00001 diff --git a/tests/data_files/ec_secp192k1.der b/tests/data_files/ec_secp192k1.der new file mode 100644 index 0000000000000000000000000000000000000000..2d7c72848b47718971c91ecb84696800446a6405 GIT binary patch literal 94 zcmV-k0HOadTmk_B1Q==orCh@eckh{EcaM0lJiAj z12O;vd)qa_asqcj)`zY!0D4Z@HX{{QbbRya7Klx@u#D{Gq>?=8WVpQ1m9X_b0nxd{ DNFXY= literal 0 HcmV?d00001 diff --git a/tests/data_files/ec_secp224k1.der b/tests/data_files/ec_secp224k1.der new file mode 100644 index 0000000000000000000000000000000000000000..108b52bc13b28db639babcbc4f304d3f4638a0bb GIT binary patch literal 107 zcmV-x0F?hQX#xQO1RVh7L(2ST01Xh*5%y9q8z1daQ^BYxF4qRNAy2L=Tzfdl{` zp*#aR00een`FSl>Y%}s5Q$Q0fmT>e+fN}p&YJG@$52QH6V`{Rx-Nak4N^wL_y)~3_ NDirqJ4Kz5K3Ur(~V?-ox|8qe;o9RrxTMha!etC(2z6sDvU5S)OJf0iO8$ bn=nw%kj{+zQ6<|%d?CD6cm~s+NwI+eJFYRN literal 0 HcmV?d00001 diff --git a/tests/data_files/ec_secp384r1.der b/tests/data_files/ec_secp384r1.der new file mode 100644 index 0000000000000000000000000000000000000000..29860a463bb2f6f126420ec25bb2ad1a6b2be25c GIT binary patch literal 167 zcmV;Y09gMpfusTf0R%7`HbB{}qL@ouLk z(=CbUQ{%T}P5-N)2L=Tzfdl{|p=1MM00c7?#?&WninO;&Kxw;rKtD=i;)%b%-O?R% zVuaHk0fKIz|f!A+#BLLZGpN zQy9ga$4;xg0LM&A@&uH?QG)>@Dc?P$6jf(3Gs`lEe+EXjZ^vFua?IRd<<7Qn?M=dW ZITmw{B`~A){VWvhQ6X{W-ghm+94B8?UuXaT literal 0 HcmV?d00001 diff --git a/tests/data_files/ec_x25519.der b/tests/data_files/ec_x25519.der new file mode 100644 index 0000000000000000000000000000000000000000..5c1c32d6b40c8a6b1d0ef64a74845dc63889c78c GIT binary patch literal 48 zcmV-00MGw0E&>4nFa-t!D`jp3A_O3?sJ%b_v*M@9p%jl)1|YKCNk6ag(aoksh$07c GMa_75UlQ#A literal 0 HcmV?d00001 diff --git a/tests/data_files/ec_x448.der b/tests/data_files/ec_x448.der new file mode 100644 index 0000000000000000000000000000000000000000..849d4b83add45af0868d0c6354773208d09ff429 GIT binary patch literal 72 zcmV-O0Jr}zMgjo$l0e;NV=PGVU)^DbB%i*Sl}*^uApVYPxuH z7lOF(aPQwpQ`huN<&KGkT9TkAOaOk(A>Mczw615Umvqr!7F!?y?hgV30RRC4fq*6! zsj*zt1ltopMF-f#hPNYiJZ7k(k?`TlQxn=|EHn&y*IJm?Gk=S(Y?I>BVe_7foX-*1 zJ~iy(V9{}>!gk#9itoLoSNg#}$XyjfC9N}^divtT-}yS#g;3i*eBBG`pC3;7YE}=F zDI~zLmw=}Nv`LW4t!X1h^}j_aP>}*b0LcsE@h0G;xU5zS%9-=Mm=ieGK-s2N^8JaFr(kQL`1^Ul72O zJ<#RoFpDl%siyZ8gRCIdT@t@P3uCBm`J~{JH*B3q?yD?$^wyz7|3ffI68L~>;+#WY z0zgedZGl0+cx2$PW7W_S~=y6-UsMOnLHaTn+g6QHjCtbW;}wLAF4l z4uwVp5rm*g7p?%`JP28V0zhq$;`kqY_B4+haq3J;e##|`3r8%w2Cz(IBO%h{!z1jR z3p=%Asg6<$7!z!Des|@SVJO4t#FlvCQKHsMWiZ v(*ObthOo|`!YN}1m70GCu7#YG>E(S<8`+Ww4vL~bUVE2E#4Ek1Z#-`XO~V_P literal 0 HcmV?d00001 diff --git a/tests/data_files/rsa_1028.der b/tests/data_files/rsa_1028.der new file mode 100644 index 0000000000000000000000000000000000000000..97c658c54e3164280aca63bd664ad2b1f41b04e1 GIT binary patch literal 611 zcmV-p0-XIYf&yOx0RRGlfeNIW5x!InbRJPQA@iLc&2p!(Ak_kL)%*Whwm5eWO1kdM zGC;`q`rgkPElMNQd#3{R$t|%{JA+(yjtx0nLz5kKCB9z=~}EbYnxT+ znBKYrb6mK_k0aUShiqwfDz;?42Gm&$Di(|p zfai;-cySQ@VekYy*^&mZ)H|b^6u#*KK?8n7#wFPsbv%ZEOBnJfQMSr2P}unHalcd1 zj)=R}s-Mft%G0zJ@fD+uniyCx2ZJ;^;Ec_xWV)*~{H7PGFgpT40}J;3LZeRt6MtB5)s`ct>YR2dTnSPE_WF2r&;j|qGhH0tlM4^oF4}2;CtR$(9 ziS{^cTE46|4w<6)J^{KR0zm=ndmjA-s_c;238^q#=uLeE1iAzDDYT0v>&4o@G?qx4 z!!%^QkFg#25ts`SKf=;z-K5FQCUL`&{ago}H)6E{K?7qbna06d?sFJ5#mY)`@*{4B xq4xp488~f17}G|>al*O4i7>15Bdnv_@#o6-p3UlNre}42ea=`?`tMo%{4Z#NC;0#X literal 0 HcmV?d00001 diff --git a/tests/data_files/rsa_1030.der b/tests/data_files/rsa_1030.der new file mode 100644 index 0000000000000000000000000000000000000000..754109d80fe4a705e27ed009405ccf3ba4062200 GIT binary patch literal 610 zcmV-o0-gOZf&yLw0RRGlfiAvGO)6~BW$V0ZOSL`Gyq4OrY1YF|zFKJW!?M$bQ!qu4 z9kAd0n(OgAM5d~;s2^hv(r)6^v76MIyzloj9N%whu3&Xz8}}kM|9(_raHzOkt3X(u z$H!+8N~%5G8#Vr!k%RIapeysJKte7X2B#za(8XMR`k*vkFOi6Z-MIn-0RRC4fq?;U zC#TqVkMZMmMpvk*%M~VT9kp*F{Y_jrb<>$H;qcs2&J?pE$&!otytmUZrAGkvGoHBh z?-plNb0eqi<($9l+Ca3IXO*tCH!1LxRlSD9|7<0F{)*7nKGCLMeW-jo&A;M&%tALg zg`0*BqKohZ^9$wiR5DYgazmxGCfR`kK?eh~TT&s_V(@b*0m-&~F6YBMiQqhS4+>d$ zhkK{O6r2#}PV+fX1vag|7~yb)y!BU6JMb@)HxvF)Wwwwg?^yyt2C4GD@`;#znL8(? zLF(oj9n;S=%@<6uNcEo%aKELn>KNuuRU>(+EixWA%^IE67fmmOuh=(uLwjwWzF$K1 zVFEx_+k6#L@u6Xa5Pi3%4ipf*&eha(*et9Od({EdF?|uYcbLcr1F78QHio&7*}Bpj zF(9`Sb_sd>86$FAGQY6`K?4qqlWu>V+UKH@A|<8DUFw$6^CzuqdE31Rbcj{)e8Dy# z*N6z1^LY;kdy{j8IZe_NT`P#>ksoV}GKiy$M4^vK@BF7yGkBM-J1O5MEgfCPNmWzOIgf_z-%HX6PdA#X!0=r&tM(_INmG;q zOpcD_uD0;nlmzRHcR!2lYB8A@e%66i+Re$q+b?t9-a&5WKZkg2qs)|J9-^(PF@^l$ zEF1-8o?6|i{Hq&ugs3CU`r5e%DkaWH$i2RZE3Z9UOv(X`WJurIc`C!fN(wE`k@{rYuyCSy)qi4MV z2*Fxeg+qbqwC(?Sb>?|6jN=YrsM4orNR87zCU>BJ)kmD2K?<8tiEHy>(Hz z6 zOw6C-ql2x{mQEADTMh^xqyZIKIF>7VBp`qfE=eZJSNAnBwX7TKBKnxHCP40I#y-s@ z4wI*6k->PMlbegqvL?dhJB<~P)B%E>gWp$4bU-oHgPwY+gFPR*)ujY=uY)>?0)c@5 z!|*f0QPap*?z-YNNB-Y60Rzb&dZkIjecs7n18Ev%EK{+%M%`#}7qg}Sf5Sk;YS9pl zZCnXzedzOdI>=@t^YhRl*tKz+(wN8fo`YC3l!4`v z1=6tQDC9O8PNX+lgr^*hYZ7MMVAw#^Hh^&s86X5NC~re7}*?3#^x#lX|Ky~A8H&N&WLll`!Lhv@hC4Q z;9cM!)L-$J-{pkST*Z&}j*(QVtY=94>rg|5Po1!N3Ai%Iy4cQs8sRV_Q0>Ut-hbNB z0)c=++{p~umxh{KAoA#QwF$m3rgjg5?z@RLe!KxgsIC<-S1%&{N)0)s|+zn+Zo}Di(8)GJl-fsI+2E* zw&nafcz0b>KJ6!U2As_b&ujA!_jd3*kFW6pfq-E!5#z(b>3-1Ez+Yt4YjfzyKlX8} zE5w(o->x>;1HPqID}Z2iHoXAu7Gd( zWK$S4TeULBs)fEC!-eo?GB<(e zFOjIBfQKROO*WlXA6&hv-JKCJtyWU+aoHQ@=K+N(*Ux5dw}xu!Rcb^Ce|DnE5)7q3 z^{e)G7=-o(M%gzrD905GL4tAz%ESBOmE<-bOmROj8sL@L%u*e}pol0k3--N#W6}4x z7XtKijB2NuDjGCZ3PH+wLnh*kojO^U`md0Cy@M()a7^a-XWH5@jM9n*vv?VxPkdMV z5UoT{af$zArHbSkv0^upa80;si*@Q<>aLb}H+6Vpv9vo?qI=;1*A&M00h(huM*~S? zD=NjhW+jh}wYU%crn0bjxp8f9PmLPAkgzsHbi^IIXKA13Q})ApiI|7L>vs6tha)NS zB@8f;bzvkbWV`c0XPON@5_`91&AOTj20fIVE`DNbRQjj4a0kbBsTrm5Xgn6b-2BUmyH4S~_ z=GST<3kRm6VZBL8HXOrK3DbSa@>TY7@gEV!_q^=8+!phhT!-bjK>Mh+S|kKN#@!E& z93->Lut)W169+qMxEYrBlv3;}sqL9t)zH@dN&^)xtd37C>we^}&SzkP4-R;Jn!2+R zq&3?3+&(B0UiNVZgiX2uHlo$kx6W_J)fJQ()0yi+#pi*GLwp??9Ys+!iq+-ZDs_IJ z9}?agF0^B}NVdbR0)hbn0O5--S2o!-{qN&o~xxV3dy|%MU=sRl)7+@mM4|=d=Xb-$>q`VF1~{ z2u`zEac?hfz3cIO6gdA{C}g%F=bIZS=l0^~i9fob#Tosgevl7)74!T2>5O|_tWJh- z6Go-Ggr)K`24T`?e2?^dWrZGDV>IN@SHt1Hz~2EeIT`kfAgn*bxZht=?rtHuX^sDa z(c8m&FPyO;HsaS{B>#F?V<*)gt&4menHD%F%I>F0j!T)UHkG_M2FL0-`K&6((6GkKk8wp4kB@^LX$ z4GXkbF?`P$LGaU<{S?Pr^?m2opq6ASm}KIxeo{!W^n(U3+NOi3dXTCGyUe0tRuWof3`!tFu;YuuM zj1%Mp_fhnUJS}>iNz>XeAo$W)PcM!9lGkS-Z&2XRNt%I=C72pEhj zoCesX?eYdb<%s;1#+E)wYuCb-`K)Nr##IElUfKykzqrQdK)T!`17U_?+XQH~nF(D% z!$P!c0zpE#eql+wudJK6i=L0cc#iOec8Ow9?2uaGb|w;5b-Sy1ge8 z*uGom7)&zMMo-fz81PaOeLF3BT!Lm}OMrk|5G*lYO{UN&@m}jLciz>)PCZG-Nljk+ z7jP*jf5oKy#y`7LSu+BH0RU)|D5$r_-dhnFGTHz|UM z28n+aeOJ&UGu$jzs7C83WD-X^tD3fr6ib;JI{E(MD97rMO=~*uEVSlR9Zx_rcEB^8 z=ktbtBVey@zyy5AQ(0!4kQHh%s{S-r555yZ`Q>yyMPzELa0$0Oo@2M9Si~dqxZZ)t zJ>{_eV7q!FU40sp9LiLNIqgnjlZMCMnAn61qP(yziriV@d9r#(1wv~vG?&CWs?3!- R=`3(6@d_=a+nWZ6#2-xyg4h56 literal 0 HcmV?d00001 From 414daf1d07571e268ddc315b91899468da017427 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Thu, 21 Mar 2024 10:53:44 +0100 Subject: [PATCH 039/429] test_suite_pk: modify pk_genkey() in order to use predefined keys Signed-off-by: Valerio Setti --- tests/suites/test_suite_pk.function | 136 +++++++--------------------- 1 file changed, 34 insertions(+), 102 deletions(-) diff --git a/tests/suites/test_suite_pk.function b/tests/suites/test_suite_pk.function index ddcbd83820..46b65527fe 100644 --- a/tests/suites/test_suite_pk.function +++ b/tests/suites/test_suite_pk.function @@ -26,9 +26,6 @@ /* Needed for the definition of MBEDTLS_PK_WRITE_PUBKEY_MAX_SIZE. */ #include "pkwrite.h" -/* Used for properly sizing the key buffer in pk_genkey_ec() */ -#include "psa_util_internal.h" - #define RSA_KEY_SIZE MBEDTLS_RSA_GEN_KEY_MIN_BITS #define RSA_KEY_LEN (MBEDTLS_RSA_GEN_KEY_MIN_BITS/8) @@ -185,120 +182,55 @@ #define MBEDTLS_MD_ALG_FOR_TEST MBEDTLS_MD_SHA512 #endif -#if defined(MBEDTLS_PK_USE_PSA_EC_DATA) -static int pk_genkey_ec(mbedtls_pk_context *pk, mbedtls_ecp_group_id grp_id) -{ - psa_status_t status; - psa_key_attributes_t key_attr = PSA_KEY_ATTRIBUTES_INIT; - size_t curve_bits; - psa_ecc_family_t curve = mbedtls_ecc_group_to_psa(grp_id, &curve_bits); - int ret; +const char *curve_names_lut[] = { + [MBEDTLS_ECP_DP_SECP192R1] = "secp192r1", + [MBEDTLS_ECP_DP_SECP256R1] = "secp256r1", + [MBEDTLS_ECP_DP_SECP384R1] = "secp384r1", + [MBEDTLS_ECP_DP_SECP521R1] = "secp521r1", + [MBEDTLS_ECP_DP_BP256R1] = "brainpoolP256r1", + [MBEDTLS_ECP_DP_BP384R1] = "brainpoolP384r1", + [MBEDTLS_ECP_DP_BP512R1] = "brainpoolP512r1", + [MBEDTLS_ECP_DP_CURVE25519] = "x25519", + [MBEDTLS_ECP_DP_SECP192K1] = "secp192k1", + [MBEDTLS_ECP_DP_SECP256K1] = "secp256k1", + [MBEDTLS_ECP_DP_CURVE448] = "x448", +}; - if (curve == 0) { - return MBEDTLS_ERR_PK_BAD_INPUT_DATA; - } - - psa_set_key_type(&key_attr, PSA_KEY_TYPE_ECC_KEY_PAIR(curve)); - psa_set_key_bits(&key_attr, curve_bits); - psa_key_usage_t usage = PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_COPY; - psa_algorithm_t sign_alg = 0; - psa_algorithm_t derive_alg = 0; - if (mbedtls_pk_get_type(pk) != MBEDTLS_PK_ECDSA) { - usage |= PSA_KEY_USAGE_DERIVE; - derive_alg = PSA_ALG_ECDH; - } - if (mbedtls_pk_get_type(pk) != MBEDTLS_PK_ECKEY_DH && - curve != PSA_ECC_FAMILY_MONTGOMERY) { - usage |= PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE; -#if defined(MBEDTLS_ECDSA_DETERMINISTIC) - sign_alg = PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_ANY_HASH); -#else - sign_alg = PSA_ALG_ECDSA(PSA_ALG_ANY_HASH); -#endif - } - if (derive_alg != 0) { - psa_set_key_algorithm(&key_attr, derive_alg); - if (sign_alg != 0) { - psa_set_key_enrollment_algorithm(&key_attr, sign_alg); - } - } else { - psa_set_key_algorithm(&key_attr, sign_alg); - } - psa_set_key_usage_flags(&key_attr, usage); - - status = psa_generate_key(&key_attr, &pk->priv_id); - if (status != PSA_SUCCESS) { - return MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE; - } - - status = psa_export_public_key(pk->priv_id, pk->pub_raw, sizeof(pk->pub_raw), - &pk->pub_raw_len); - if (status != PSA_SUCCESS) { - ret = MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE; - goto exit; - } - - pk->ec_family = curve; - pk->ec_bits = curve_bits; - - return 0; - -exit: - status = psa_destroy_key(pk->priv_id); - return (ret != 0) ? ret : psa_pk_status_to_mbedtls(status); -} -#endif /* MBEDTLS_PK_USE_PSA_EC_DATA */ - -/** Generate a key of the desired type. +/** Fill the provided PK context with a proper key. + * + * Instead of generating a new key every time, use predefined ones to speed up + * testing. + * This function assumes that the PK context has already been setup + * (mbedtls_pk_setup() has been called on the PK context ) so that it + * can determine the key type to be loaded from the PK context itself. * * \param pk The PK object to fill. It must have been initialized * with mbedtls_pk_setup(). * \param curve_or_keybits - For RSA keys, the key size in bits. * - For EC keys, the curve (\c MBEDTLS_ECP_DP_xxx). * - * \return The status from the underlying type-specific key - * generation function. - * \return -1 if the key type is not recognized. + * \return 0 on success or a negative value otherwise. */ static int pk_genkey(mbedtls_pk_context *pk, int curve_or_keybits) { - (void) pk; - (void) curve_or_keybits; + char file_name[128] = { 0 }; + int ret; + /* Dump pk_info since this is overridden by mbedtls_pk_parse_keyfile(). */ + const mbedtls_pk_info_t *original_pk_info = pk->pk_info; -#if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_GENPRIME) if (mbedtls_pk_get_type(pk) == MBEDTLS_PK_RSA) { - return mbedtls_rsa_gen_key(mbedtls_pk_rsa(*pk), - mbedtls_test_rnd_std_rand, NULL, - curve_or_keybits, 3); + sprintf(file_name, "data_files/rsa_%d.der", curve_or_keybits); + } else if (mbedtls_pk_get_type(pk) == MBEDTLS_PK_ECKEY || + mbedtls_pk_get_type(pk) == MBEDTLS_PK_ECKEY_DH || + mbedtls_pk_get_type(pk) == MBEDTLS_PK_ECDSA) { + sprintf(file_name, "data_files/ec_%s.der", curve_names_lut[curve_or_keybits]); } -#endif -#if defined(MBEDTLS_PK_HAVE_ECC_KEYS) - if (mbedtls_pk_get_type(pk) == MBEDTLS_PK_ECKEY || - mbedtls_pk_get_type(pk) == MBEDTLS_PK_ECKEY_DH || - mbedtls_pk_get_type(pk) == MBEDTLS_PK_ECDSA) { - int ret; -#if defined(MBEDTLS_PK_USE_PSA_EC_DATA) - ret = pk_genkey_ec(pk, curve_or_keybits); - if (ret != 0) { - return ret; - } + ret = mbedtls_pk_parse_keyfile(pk, file_name, NULL, mbedtls_test_rnd_std_rand, NULL); + /* Restore pk_info. */ + pk->pk_info = original_pk_info; - return 0; -#else - ret = mbedtls_ecp_group_load(&mbedtls_pk_ec_rw(*pk)->grp, curve_or_keybits); - if (ret != 0) { - return ret; - } - return mbedtls_ecp_gen_keypair(&mbedtls_pk_ec_rw(*pk)->grp, - &mbedtls_pk_ec_rw(*pk)->d, - &mbedtls_pk_ec_rw(*pk)->Q, - mbedtls_test_rnd_std_rand, NULL); -#endif /* MBEDTLS_PK_USE_PSA_EC_DATA */ - - } -#endif /* MBEDTLS_PK_HAVE_ECC_KEYS */ - return -1; + return ret; } #if defined(MBEDTLS_PSA_CRYPTO_C) From c43a7a522e274d8824f0a465f5a8fd55aae577e8 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Fri, 22 Mar 2024 12:06:44 +0100 Subject: [PATCH 040/429] test_suite_pk: use a single helper function to generate PSA keys Signed-off-by: Valerio Setti --- tests/suites/test_suite_pk.function | 117 ++++++++++------------------ 1 file changed, 42 insertions(+), 75 deletions(-) diff --git a/tests/suites/test_suite_pk.function b/tests/suites/test_suite_pk.function index 46b65527fe..afeeb3d0c4 100644 --- a/tests/suites/test_suite_pk.function +++ b/tests/suites/test_suite_pk.function @@ -539,9 +539,11 @@ psa_status_t pk_psa_import_key(unsigned char *key_data, size_t key_len, return status; } -psa_status_t pk_psa_genkey_generic(psa_key_type_t type, size_t bits, - psa_key_usage_t usage, psa_algorithm_t alg, - mbedtls_svc_key_id_t *key) +psa_status_t pk_psa_genkey(psa_key_type_t type, size_t bits, + psa_key_usage_t usage, psa_algorithm_t alg, + psa_algorithm_t enrollment_alg, + mbedtls_svc_key_id_t persistent_key_id, + mbedtls_svc_key_id_t *key) { psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; psa_status_t status; @@ -550,42 +552,16 @@ psa_status_t pk_psa_genkey_generic(psa_key_type_t type, size_t bits, psa_set_key_usage_flags(&attributes, usage); psa_set_key_algorithm(&attributes, alg); + psa_set_key_enrollment_algorithm(&attributes, enrollment_alg); psa_set_key_type(&attributes, type); psa_set_key_bits(&attributes, bits); + if (!mbedtls_svc_key_id_is_null(persistent_key_id)) { + psa_set_key_id(&attributes, persistent_key_id); + } status = psa_generate_key(&attributes, key); return status; } - -/* - * Generate an ECC key using PSA and return the key identifier of that key, - * or 0 if the key generation failed. - * The key uses NIST P-256 and is usable for signing with SHA-256. - */ -mbedtls_svc_key_id_t pk_psa_genkey_ecc(void) -{ - mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; - - pk_psa_genkey_generic(PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1), 256, - PSA_KEY_USAGE_SIGN_HASH, PSA_ALG_ECDSA(PSA_ALG_SHA_256), - &key); - - return key; -} - -/* - * Generate an RSA key using PSA and return the key identifier of that key, - * or 0 if the key generation failed. - */ -mbedtls_svc_key_id_t pk_psa_genkey_rsa(void) -{ - mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; - - pk_psa_genkey_generic(PSA_KEY_TYPE_RSA_KEY_PAIR, 1024, PSA_KEY_USAGE_SIGN_HASH, - PSA_ALG_RSA_PKCS1V15_SIGN_RAW, &key); - - return key; -} #endif /* MBEDTLS_PSA_CRYPTO_C */ /* END_HEADER */ @@ -620,11 +596,15 @@ void pk_psa_utils(int key_is_rsa) mbedtls_pk_init(&pk); if (key_is_rsa) { - bitlen = 1024; /* hardcoded in genkey() */ - key = pk_psa_genkey_rsa(); + bitlen = 1024; + key = pk_psa_genkey(PSA_KEY_TYPE_RSA_KEY_PAIR, 1024, PSA_KEY_USAGE_SIGN_HASH, + PSA_ALG_RSA_PKCS1V15_SIGN_RAW, PSA_ALG_NONE, + PSA_KEY_ID_NULL, &key); } else { - bitlen = 256; /* hardcoded in genkey() */ - key = pk_psa_genkey_ecc(); + bitlen = 256; + key = pk_psa_genkey(PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1), 256, + PSA_KEY_USAGE_SIGN_HASH, PSA_ALG_ECDSA(PSA_ALG_SHA_256), + PSA_ALG_NONE, PSA_KEY_ID_NULL, &key); } if (mbedtls_svc_key_id_is_null(key)) { goto exit; @@ -709,16 +689,8 @@ void pk_can_do_ext(int opaque_key, int key_type, int key_usage, int key_alg, USE_PSA_INIT(); if (opaque_key == 1) { - psa_set_key_usage_flags(&attributes, key_usage); - psa_set_key_algorithm(&attributes, key_alg); - if (key_alg2 != 0) { - psa_set_key_enrollment_algorithm(&attributes, key_alg2); - } - psa_set_key_type(&attributes, key_type); - psa_set_key_bits(&attributes, curve_or_keybits); - - PSA_ASSERT(psa_generate_key(&attributes, &key)); - + PSA_ASSERT(pk_psa_genkey(key_type, curve_or_keybits, key_usage, + key_alg, key_alg2, PSA_KEY_ID_NULL, &key)); if (mbedtls_svc_key_id_is_null(key)) { goto exit; } @@ -2214,17 +2186,18 @@ void pk_import_into_psa_lifetime(int from_opaque, #if defined(MBEDTLS_USE_PSA_CRYPTO) psa_key_type_t from_psa_type = PSA_KEY_TYPE_ECC_KEY_PAIR(MBEDTLS_TEST_PSA_ECC_ONE_FAMILY); - psa_set_key_type(&attributes, from_psa_type); - psa_set_key_bits(&attributes, MBEDTLS_TEST_PSA_ECC_ONE_CURVE_BITS); - psa_set_key_usage_flags( - &attributes, + psa_key_usage_t psa_key_usage = (from_exportable ? PSA_KEY_USAGE_EXPORT : PSA_KEY_USAGE_COPY) | - PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH); - psa_set_key_algorithm(&attributes, PSA_ALG_ECDH); + PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH; + mbedtls_svc_key_id_t persistent_key_id = MBEDTLS_SVC_KEY_ID_INIT; + if (from_persistent) { - psa_set_key_id(&attributes, mbedtls_svc_key_id_make(0, 1)); + persistent_key_id = mbedtls_svc_key_id_make(0, 1); } - PSA_ASSERT(psa_generate_key(&attributes, &old_key_id)); + + PSA_ASSERT(pk_psa_genkey(from_psa_type, MBEDTLS_TEST_PSA_ECC_ONE_CURVE_BITS, + psa_key_usage, PSA_ALG_ECDH, PSA_ALG_NONE, + persistent_key_id, &old_key_id)); TEST_EQUAL(mbedtls_pk_setup_opaque(&pk, old_key_id), 0); psa_reset_key_attributes(&attributes); #else @@ -2300,12 +2273,8 @@ void pk_get_psa_attributes_opaque(int from_type_arg, int from_bits_arg, PSA_INIT(); - psa_set_key_type(&attributes, from_type); - psa_set_key_bits(&attributes, bits); - psa_set_key_usage_flags(&attributes, from_usage); - psa_set_key_algorithm(&attributes, alg); - psa_set_key_enrollment_algorithm(&attributes, 42); - PSA_ASSERT(psa_generate_key(&attributes, &old_key_id)); + PSA_ASSERT(pk_psa_genkey(from_type, bits, from_usage, alg, 42, + PSA_KEY_ID_NULL, &old_key_id)); TEST_EQUAL(mbedtls_pk_setup_opaque(&pk, old_key_id), 0); psa_key_type_t expected_psa_type = @@ -2397,11 +2366,8 @@ void pk_import_into_psa_opaque(int from_type, int from_bits, PSA_INIT(); - psa_set_key_type(&from_attributes, from_type); - psa_set_key_bits(&from_attributes, from_bits); - psa_set_key_usage_flags(&from_attributes, from_usage); - psa_set_key_algorithm(&from_attributes, from_alg); - PSA_ASSERT(psa_generate_key(&from_attributes, &from_key_id)); + PSA_ASSERT(pk_psa_genkey(from_type, from_bits, from_usage, from_alg, PSA_ALG_NONE, + PSA_KEY_ID_NULL, &from_key_id)); TEST_EQUAL(mbedtls_pk_setup_opaque(&pk, from_key_id), 0); psa_set_key_type(&to_attributes, to_type); @@ -2468,8 +2434,9 @@ void pk_copy_from_psa_fail(void) #if defined(PSA_WANT_KEY_TYPE_DH_KEY_PAIR_GENERATE) /* Generate a key type that is not handled by the PK module. */ - PSA_ASSERT(pk_psa_genkey_generic(PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919), 2048, - PSA_KEY_USAGE_EXPORT, PSA_ALG_NONE, &key_id)); + PSA_ASSERT(pk_psa_genkey(PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919), 2048, + PSA_KEY_USAGE_EXPORT, PSA_ALG_NONE, PSA_ALG_NONE, + PSA_KEY_ID_NULL, &key_id)); TEST_EQUAL(mbedtls_pk_copy_from_psa(key_id, &pk_ctx), MBEDTLS_ERR_PK_BAD_INPUT_DATA); TEST_EQUAL(mbedtls_pk_copy_public_from_psa(key_id, &pk_ctx), MBEDTLS_ERR_PK_BAD_INPUT_DATA); psa_destroy_key(key_id); @@ -2478,8 +2445,8 @@ void pk_copy_from_psa_fail(void) #if defined(MBEDTLS_PK_HAVE_ECC_KEYS) && defined(PSA_WANT_ECC_SECP_R1_256) && \ defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE) /* Generate an EC key which cannot be exported. */ - PSA_ASSERT(pk_psa_genkey_generic(PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1), 256, - 0, PSA_ALG_NONE, &key_id)); + PSA_ASSERT(pk_psa_genkey(PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1), 256, + 0, PSA_ALG_NONE, PSA_ALG_NONE, PSA_KEY_ID_NULL, &key_id)); TEST_EQUAL(mbedtls_pk_copy_from_psa(key_id, &pk_ctx), MBEDTLS_ERR_PK_TYPE_MISMATCH); psa_destroy_key(key_id); #endif /* MBEDTLS_PK_HAVE_ECC_KEYS && PSA_WANT_ECC_SECP_R1_256 && @@ -2501,11 +2468,11 @@ void pk_copy_from_psa_builtin_fail() mbedtls_pk_init(&pk_ctx); PSA_INIT(); - PSA_ASSERT(pk_psa_genkey_generic(PSA_KEY_TYPE_RSA_KEY_PAIR, - PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS, - PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_EXPORT, - PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256), - &key_id)); + PSA_ASSERT(pk_psa_genkey(PSA_KEY_TYPE_RSA_KEY_PAIR, + PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS, + PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_EXPORT, + PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256), + PSA_KEY_ID_NULL, &key_id)); TEST_EQUAL(mbedtls_pk_copy_from_psa(key_id, &pk_ctx), MBEDTLS_ERR_PK_BAD_INPUT_DATA); exit: mbedtls_pk_free(&pk_ctx); From d44f99a8a5e2c5431537571f2472a411882395d6 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Mon, 25 Mar 2024 13:00:51 +0100 Subject: [PATCH 041/429] test_suite_pk: modify pk_psa_genkey() in order to use predefined keys Use predefined keys instead of generating them at runtime as already done for pk_genkey(). Signed-off-by: Valerio Setti --- tests/suites/test_suite_pk.function | 145 +++++++++++++++++++++------- 1 file changed, 109 insertions(+), 36 deletions(-) diff --git a/tests/suites/test_suite_pk.function b/tests/suites/test_suite_pk.function index afeeb3d0c4..74e8876f9a 100644 --- a/tests/suites/test_suite_pk.function +++ b/tests/suites/test_suite_pk.function @@ -21,6 +21,8 @@ #include "psa/crypto.h" #include "mbedtls/psa_util.h" +#include "pkwrite.h" + #include /* Needed for the definition of MBEDTLS_PK_WRITE_PUBKEY_MAX_SIZE. */ @@ -184,6 +186,7 @@ const char *curve_names_lut[] = { [MBEDTLS_ECP_DP_SECP192R1] = "secp192r1", + [MBEDTLS_ECP_DP_SECP224R1] = "secp224r1", [MBEDTLS_ECP_DP_SECP256R1] = "secp256r1", [MBEDTLS_ECP_DP_SECP384R1] = "secp384r1", [MBEDTLS_ECP_DP_SECP521R1] = "secp521r1", @@ -196,10 +199,11 @@ const char *curve_names_lut[] = { [MBEDTLS_ECP_DP_CURVE448] = "x448", }; +#if defined(MBEDTLS_PK_PARSE_C) /** Fill the provided PK context with a proper key. * - * Instead of generating a new key every time, use predefined ones to speed up - * testing. + * This is a fake implementation of key generation because instead of generating + * a new key every time, we use predefined ones to speed up testing. * This function assumes that the PK context has already been setup * (mbedtls_pk_setup() has been called on the PK context ) so that it * can determine the key type to be loaded from the PK context itself. @@ -233,6 +237,94 @@ static int pk_genkey(mbedtls_pk_context *pk, int curve_or_keybits) return ret; } +/** Create a PSA key of the desired type and properties. + * + * This is similar to pk_genkey() above in the sense that it does not really + * generates a key every time, but it takes the key from a file instead in + * order to speedup testing. + * + * \param type PSA key type. Only RSA and EC keys are supported. + * \param bits PSA key bit size. + * \param usage PSA key usage flags. + * \param alg PSA key primary algorithm. + * \param enrollment_alg PSA key enrollment algorithm. + * \param persistent_key_id PSA key ID for persistent keys. Set to PSA_KEY_ID_NULL + * for volatile keys. + * \param[out] key Identifier of the "generated" (actually imported) PSA key. + */ +psa_status_t pk_psa_genkey(psa_key_type_t type, size_t bits, + psa_key_usage_t usage, psa_algorithm_t alg, + psa_algorithm_t enrollment_alg, + mbedtls_svc_key_id_t persistent_key_id, + mbedtls_svc_key_id_t *key) +{ + psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; + psa_status_t status = PSA_ERROR_GENERIC_ERROR; + mbedtls_pk_context pk; + char file_name[128] = { 0 }; + unsigned char key_data[MBEDTLS_PK_WRITE_PUBKEY_MAX_SIZE] = { 0 }; + size_t key_data_len; + unsigned char *key_data_start; + int ret; + + mbedtls_pk_init(&pk); + + /* Get the name of the key file to load. */ + if (PSA_KEY_TYPE_IS_RSA(type)) { + sprintf(file_name, "data_files/rsa_%lu.der", bits); + } else if (PSA_KEY_TYPE_IS_ECC(type)) { + psa_ecc_family_t ec_family = PSA_KEY_TYPE_ECC_GET_FAMILY(type); + mbedtls_ecp_group_id grp_id = mbedtls_ecc_group_from_psa(ec_family, bits); + sprintf(file_name, "data_files/ec_%s.der", curve_names_lut[grp_id]); + } else { + TEST_FAIL("Only EC or RSA key type is supported."); + } + /* Parse the key file and write the key material to the key_data buffer. */ + TEST_EQUAL(mbedtls_pk_parse_keyfile(&pk, file_name, NULL, mbedtls_test_rnd_std_rand, NULL), 0); + if (mbedtls_pk_get_type(&pk) == MBEDTLS_PK_RSA) { +#if defined(MBEDTLS_PK_WRITE_C) + ret = mbedtls_pk_write_key_der(&pk, key_data, sizeof(key_data)); + TEST_ASSERT(ret > 0); + key_data_len = (size_t) ret; +#else + TEST_FAIL("RSA is unsupported"); +#endif /* MBEDTLS_PK_WRITE_C */ + } else if (mbedtls_pk_get_type(&pk) == MBEDTLS_PK_ECKEY) { +#if defined(MBEDTLS_PK_USE_EC_DATA) + PSA_ASSERT(psa_export_key(pk->priv_id, key_data, sizeof(key_data), &key_data_len)); +#elif defined(MBEDTLS_PK_HAVE_ECC_KEYS) + const mbedtls_ecp_keypair *ec_ctx = mbedtls_pk_ec_ro(pk); + TEST_EQUAL(mbedtls_mpi_write_binary(&(ec_ctx->d), key_data, sizeof(key_data)), 0); + key_data_len = PSA_BITS_TO_BYTES(mbedtls_mpi_bitlen(&(ec_ctx->d))); +#else /* !MBEDTLS_PK_USE_EC_DATA && !MBEDTLS_PK_HAVE_ECC_KEYS */ + TEST_FAIL("EC is unsupported"); +#endif /* */ + } else { + TEST_FAIL("Unknown key type"); + } + /* Data was written to the end of the key_data buffer so we shift that to + * the beginnig. */ + key_data_start = key_data + sizeof(key_data) - key_data_len; + memmove(key_data, key_data_start, key_data_len); + + /* Import the key into PSA. */ + *key = MBEDTLS_SVC_KEY_ID_INIT; + psa_set_key_usage_flags(&attributes, usage); + psa_set_key_algorithm(&attributes, alg); + psa_set_key_enrollment_algorithm(&attributes, enrollment_alg); + psa_set_key_type(&attributes, type); + psa_set_key_bits(&attributes, bits); + if (!mbedtls_svc_key_id_is_null(persistent_key_id)) { + psa_set_key_id(&attributes, persistent_key_id); + } + status = psa_import_key(&attributes, key_data, key_data_len, key); + +exit: + mbedtls_pk_free(&pk); + return status; +} +#endif /* MBEDTLS_PK_PARSE_C */ + #if defined(MBEDTLS_PSA_CRYPTO_C) static psa_key_usage_t pk_get_psa_attributes_implied_usage( psa_key_usage_t expected_usage) @@ -538,30 +630,6 @@ psa_status_t pk_psa_import_key(unsigned char *key_data, size_t key_len, return status; } - -psa_status_t pk_psa_genkey(psa_key_type_t type, size_t bits, - psa_key_usage_t usage, psa_algorithm_t alg, - psa_algorithm_t enrollment_alg, - mbedtls_svc_key_id_t persistent_key_id, - mbedtls_svc_key_id_t *key) -{ - psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; - psa_status_t status; - - *key = MBEDTLS_SVC_KEY_ID_INIT; - - psa_set_key_usage_flags(&attributes, usage); - psa_set_key_algorithm(&attributes, alg); - psa_set_key_enrollment_algorithm(&attributes, enrollment_alg); - psa_set_key_type(&attributes, type); - psa_set_key_bits(&attributes, bits); - if (!mbedtls_svc_key_id_is_null(persistent_key_id)) { - psa_set_key_id(&attributes, persistent_key_id); - } - status = psa_generate_key(&attributes, key); - - return status; -} #endif /* MBEDTLS_PSA_CRYPTO_C */ /* END_HEADER */ @@ -597,14 +665,14 @@ void pk_psa_utils(int key_is_rsa) if (key_is_rsa) { bitlen = 1024; - key = pk_psa_genkey(PSA_KEY_TYPE_RSA_KEY_PAIR, 1024, PSA_KEY_USAGE_SIGN_HASH, - PSA_ALG_RSA_PKCS1V15_SIGN_RAW, PSA_ALG_NONE, - PSA_KEY_ID_NULL, &key); + PSA_ASSERT(pk_psa_genkey(PSA_KEY_TYPE_RSA_KEY_PAIR, 1024, PSA_KEY_USAGE_SIGN_HASH, + PSA_ALG_RSA_PKCS1V15_SIGN_RAW, PSA_ALG_NONE, + PSA_KEY_ID_NULL, &key)); } else { bitlen = 256; - key = pk_psa_genkey(PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1), 256, - PSA_KEY_USAGE_SIGN_HASH, PSA_ALG_ECDSA(PSA_ALG_SHA_256), - PSA_ALG_NONE, PSA_KEY_ID_NULL, &key); + PSA_ASSERT(pk_psa_genkey(PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1), 256, + PSA_KEY_USAGE_SIGN_HASH, PSA_ALG_ECDSA(PSA_ALG_SHA_256), + PSA_ALG_NONE, PSA_KEY_ID_NULL, &key)); } if (mbedtls_svc_key_id_is_null(key)) { goto exit; @@ -2433,10 +2501,15 @@ void pk_copy_from_psa_fail(void) MBEDTLS_ERR_PK_BAD_INPUT_DATA); #if defined(PSA_WANT_KEY_TYPE_DH_KEY_PAIR_GENERATE) - /* Generate a key type that is not handled by the PK module. */ - PSA_ASSERT(pk_psa_genkey(PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919), 2048, - PSA_KEY_USAGE_EXPORT, PSA_ALG_NONE, PSA_ALG_NONE, - PSA_KEY_ID_NULL, &key_id)); + /* Generate a key type that is not handled by the PK module. + * Note: we cannot use pk_psa_genkey() in this case because that function relies + * on PK module functionality and PK module does not support DH keys. */ + psa_key_attributes_t key_attr = PSA_KEY_ATTRIBUTES_INIT; + + psa_set_key_type(&key_attr, PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919)); + psa_set_key_bits(&key_attr, 2048); + psa_set_key_usage_flags(&key_attr, PSA_KEY_USAGE_EXPORT); + psa_generate_key(&key_attr, &key_id); TEST_EQUAL(mbedtls_pk_copy_from_psa(key_id, &pk_ctx), MBEDTLS_ERR_PK_BAD_INPUT_DATA); TEST_EQUAL(mbedtls_pk_copy_public_from_psa(key_id, &pk_ctx), MBEDTLS_ERR_PK_BAD_INPUT_DATA); psa_destroy_key(key_id); From 5b94a0253504d76a0a2a6488e53a4e7e894762d5 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Mon, 25 Mar 2024 13:10:13 +0100 Subject: [PATCH 042/429] test_suite_pk: remove PSA_WANT_KEY_TYPE_[ECC/RSA]_KEY_PAIR_GENERATE dependencies EC and RSA keys are now loaded from a file so there is no need to generate them at runtime. Signed-off-by: Valerio Setti --- tests/suites/test_suite_pk.data | 88 ++++++++++++++--------------- tests/suites/test_suite_pk.function | 8 +-- 2 files changed, 47 insertions(+), 49 deletions(-) diff --git a/tests/suites/test_suite_pk.data b/tests/suites/test_suite_pk.data index a929c82f4f..3ec488ec81 100644 --- a/tests/suites/test_suite_pk.data +++ b/tests/suites/test_suite_pk.data @@ -1152,51 +1152,51 @@ depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME pk_get_psa_attributes_opaque:PSA_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_RSA_GEN_KEY_MIN_BITS:PSA_KEY_USAGE_ENCRYPT:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_KEY_USAGE_ENCRYPT:0:0:PSA_KEY_USAGE_ENCRYPT PSA attributes for pk: opaque ECC pair, 0 & SIGN_MESSAGE (bad policy) -depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE:PSA_WANT_ECC_SECP_R1_256 +depends_on:PSA_WANT_ECC_SECP_R1_256 pk_get_psa_attributes_opaque:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):256:0:PSA_ALG_ECDSA_ANY:PSA_KEY_USAGE_SIGN_MESSAGE:MBEDTLS_ERR_PK_TYPE_MISMATCH:1:0 PSA attributes for pk: opaque ECC pair, SIGN_MESSAGE & SIGN_MESSAGE -depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE:PSA_WANT_ECC_SECP_R1_256 +depends_on:PSA_WANT_ECC_SECP_R1_256 pk_get_psa_attributes_opaque:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):256:PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_ECDSA_ANY:PSA_KEY_USAGE_SIGN_MESSAGE:0:1:PSA_KEY_USAGE_SIGN_MESSAGE PSA attributes for pk: opaque ECC pair, SIGN|VERIFY & SIGN_MESSAGE -depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE:PSA_WANT_ECC_SECP_R1_256 +depends_on:PSA_WANT_ECC_SECP_R1_256 pk_get_psa_attributes_opaque:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):256:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_ECDSA_ANY:PSA_KEY_USAGE_SIGN_MESSAGE:0:1:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE PSA attributes for pk: opaque ECC pair, SIGN|DECRYPT & SIGN_MESSAGE -depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE:PSA_WANT_ECC_SECP_R1_256 +depends_on:PSA_WANT_ECC_SECP_R1_256 pk_get_psa_attributes_opaque:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):256:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_DECRYPT:PSA_ALG_ECDSA_ANY:PSA_KEY_USAGE_SIGN_MESSAGE:0:1:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_DECRYPT PSA attributes for pk: opaque ECC pair, SIGN|... & SIGN_MESSAGE -depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE:PSA_WANT_ECC_SECP_R1_256 +depends_on:PSA_WANT_ECC_SECP_R1_256 pk_get_psa_attributes_opaque:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):256:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_ENCRYPT:PSA_ALG_ECDSA_ANY:PSA_KEY_USAGE_SIGN_MESSAGE:0:1:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_ENCRYPT PSA attributes for pk: opaque ECC pair, SIGN_HASH & SIGN_HASH -depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE:PSA_WANT_ECC_SECP_R1_256 +depends_on:PSA_WANT_ECC_SECP_R1_256 pk_get_psa_attributes_opaque:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):256:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_ECDSA_ANY:PSA_KEY_USAGE_SIGN_HASH:0:1:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE PSA attributes for pk: opaque ECC pair, ... & DERIVE -depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE:PSA_WANT_ECC_SECP_R1_256 +depends_on:PSA_WANT_ECC_SECP_R1_256 pk_get_psa_attributes_opaque:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):256:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDH:PSA_KEY_USAGE_DERIVE:0:1:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DERIVE PSA attributes for pk: opaque ECC pair, ... & DECRYPT (bad) -depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE:PSA_WANT_ECC_SECP_R1_256 +depends_on:PSA_WANT_ECC_SECP_R1_256 pk_get_psa_attributes_opaque:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):256:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDH:PSA_KEY_USAGE_DECRYPT:MBEDTLS_ERR_PK_TYPE_MISMATCH:1:0 PSA attributes for pk: opaque ECC pair, ... & EXPORT (bad) -depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE:PSA_WANT_ECC_SECP_R1_256 +depends_on:PSA_WANT_ECC_SECP_R1_256 pk_get_psa_attributes_opaque:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):256:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_ENCRYPT:PSA_ALG_ECDH:PSA_KEY_USAGE_EXPORT:MBEDTLS_ERR_PK_TYPE_MISMATCH:1:0 PSA attributes for pk: opaque ECC pair->public, VERIFY_MESSAGE & VERIFY_MESSAGE -depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE:PSA_WANT_ECC_SECP_R1_256 +depends_on:PSA_WANT_ECC_SECP_R1_256 pk_get_psa_attributes_opaque:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):256:PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_ECDSA_ANY:PSA_KEY_USAGE_VERIFY_MESSAGE:0:0:PSA_KEY_USAGE_VERIFY_MESSAGE PSA attributes for pk: opaque ECC pair->public, VERIFY_HASH & VERIFY_HASH -depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE:PSA_WANT_ECC_SECP_R1_256 +depends_on:PSA_WANT_ECC_SECP_R1_256 pk_get_psa_attributes_opaque:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):256:PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_ECDSA_ANY:PSA_KEY_USAGE_VERIFY_HASH:0:0:PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE PSA attributes for pk: opaque ECC pair->public, ENCRYPT & ENCRYPT (bad) -depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE:PSA_WANT_ECC_SECP_R1_256 +depends_on:PSA_WANT_ECC_SECP_R1_256 pk_get_psa_attributes_opaque:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):256:PSA_KEY_USAGE_ENCRYPT:PSA_ALG_ECDSA_ANY:PSA_KEY_USAGE_ENCRYPT:MBEDTLS_ERR_PK_TYPE_MISMATCH:0:0 PSA import into PSA: RSA pair to ECC (bad) @@ -1395,149 +1395,149 @@ depends_on:MBEDTLS_USE_PSA_CRYPTO pk_import_into_psa_lifetime:1:1:0:1:1 PSA import into PSA: opaque RSA, COPY (ok) -depends_on:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE:PSA_WANT_ALG_RSA_PKCS1V15_SIGN +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN pk_import_into_psa_opaque:PSA_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_RSA_GEN_KEY_MIN_BITS:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_RSA_GEN_KEY_MIN_BITS:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:0 PSA import into PSA: opaque RSA, EXPORT (ok) -depends_on:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE:PSA_WANT_ALG_RSA_PKCS1V15_SIGN +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN pk_import_into_psa_opaque:PSA_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_RSA_GEN_KEY_MIN_BITS:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_RSA_GEN_KEY_MIN_BITS:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:0 PSA import into PSA: opaque RSA, no COPY/EXPORT (bad) -depends_on:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE:PSA_WANT_ALG_RSA_PKCS1V15_SIGN +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN pk_import_into_psa_opaque:PSA_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_RSA_GEN_KEY_MIN_BITS:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_RSA_GEN_KEY_MIN_BITS:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:MBEDTLS_ERR_PK_TYPE_MISMATCH # Detail that isn't precisely documented: since this copies the key, # the new key has the intersection of the usage flags. PSA import into PSA: opaque RSA, COPY|EXPORT, different usage (restricted) -depends_on:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE:PSA_WANT_ALG_RSA_PKCS1V15_SIGN +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN pk_import_into_psa_opaque:PSA_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_RSA_GEN_KEY_MIN_BITS:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_RSA_GEN_KEY_MIN_BITS:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:0 # Detail that isn't precisely documented: since this copies the key, # the new key has the intersection of the usage flags. PSA import into PSA: opaque RSA, COPY, different usage (restricted) -depends_on:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE:PSA_WANT_ALG_RSA_PKCS1V15_SIGN +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN pk_import_into_psa_opaque:PSA_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_RSA_GEN_KEY_MIN_BITS:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_RSA_GEN_KEY_MIN_BITS:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:0 # Detail that isn't precisely documented: since this exports the key, # the new key has all the requested usage flags. PSA import into PSA: opaque RSA, EXPORT, different usage (ok) -depends_on:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE:PSA_WANT_ALG_RSA_PKCS1V15_SIGN +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN pk_import_into_psa_opaque:PSA_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_RSA_GEN_KEY_MIN_BITS:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_RSA_GEN_KEY_MIN_BITS:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:0 PSA import into PSA: opaque RSA, COPY|EXPORT, different algorithm (ok) -depends_on:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE:PSA_WANT_ALG_RSA_PKCS1V15_SIGN +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN pk_import_into_psa_opaque:PSA_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_RSA_GEN_KEY_MIN_BITS:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_RSA_GEN_KEY_MIN_BITS:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0 PSA import into PSA: opaque RSA, COPY, different algorithm (bad) -depends_on:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE:PSA_WANT_ALG_RSA_PKCS1V15_SIGN +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN pk_import_into_psa_opaque:PSA_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_RSA_GEN_KEY_MIN_BITS:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_RSA_GEN_KEY_MIN_BITS:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):MBEDTLS_ERR_PK_TYPE_MISMATCH PSA import into PSA: opaque RSA, EXPORT, different algorithm (ok) -depends_on:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE:PSA_WANT_ALG_RSA_PKCS1V15_SIGN +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN pk_import_into_psa_opaque:PSA_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_RSA_GEN_KEY_MIN_BITS:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_RSA_GEN_KEY_MIN_BITS:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0 PSA import into PSA: opaque RSA, implicit bits (ok) -depends_on:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE:PSA_WANT_ALG_RSA_PKCS1V15_SIGN +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN pk_import_into_psa_opaque:PSA_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_RSA_GEN_KEY_MIN_BITS:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_TYPE_RSA_KEY_PAIR:0:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:0 PSA import into PSA: opaque RSA, different bits (bad) -depends_on:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE:PSA_WANT_ALG_RSA_PKCS1V15_SIGN +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN pk_import_into_psa_opaque:PSA_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_RSA_GEN_KEY_MIN_BITS:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_RSA_GEN_KEY_MIN_BITS + 8:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:MBEDTLS_ERR_PK_TYPE_MISMATCH PSA import into PSA: opaque RSA, different type (bad) -depends_on:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE:PSA_WANT_ALG_RSA_PKCS1V15_SIGN +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN pk_import_into_psa_opaque:PSA_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_RSA_GEN_KEY_MIN_BITS:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:0:PSA_KEY_TYPE_HMAC:MBEDTLS_RSA_GEN_KEY_MIN_BITS:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:0:MBEDTLS_ERR_PK_TYPE_MISMATCH PSA import into PSA: opaque RSA to public (ok) -depends_on:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE:PSA_WANT_ALG_RSA_PKCS1V15_SIGN +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN pk_import_into_psa_opaque:PSA_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_RSA_GEN_KEY_MIN_BITS:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_RSA_GEN_KEY_MIN_BITS:PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:0 PSA import into PSA: opaque RSA to public, implicit bits (ok) -depends_on:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE:PSA_WANT_ALG_RSA_PKCS1V15_SIGN +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN pk_import_into_psa_opaque:PSA_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_RSA_GEN_KEY_MIN_BITS:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_TYPE_RSA_PUBLIC_KEY:0:PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:0 # MBEDTLS_ERR_PK_INVALID_ALG is the error that results from our translation # of PSA errors. In this case MBEDTLS_ERR_PK_TYPE_MISMATCH would probably # be more appropriate. PSA import into PSA: opaque RSA to public, different bits (bad) -depends_on:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE:PSA_WANT_ALG_RSA_PKCS1V15_SIGN +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN pk_import_into_psa_opaque:PSA_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_RSA_GEN_KEY_MIN_BITS:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_RSA_GEN_KEY_MIN_BITS + 8:PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:MBEDTLS_ERR_PK_INVALID_ALG PSA import into PSA: opaque ECC, COPY (ok) -depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE:PSA_WANT_ALG_ECDSA +depends_on:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE:PSA_WANT_ALG_ECDSA pk_import_into_psa_opaque:PSA_KEY_TYPE_ECC_KEY_PAIR(MBEDTLS_TEST_PSA_ECC_ONE_FAMILY):MBEDTLS_TEST_PSA_ECC_ONE_CURVE_BITS:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):PSA_KEY_TYPE_ECC_KEY_PAIR(MBEDTLS_TEST_PSA_ECC_ONE_FAMILY):MBEDTLS_TEST_PSA_ECC_ONE_CURVE_BITS:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):0 PSA import into PSA: opaque ECC, EXPORT (ok) -depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE:PSA_WANT_ALG_ECDSA +depends_on:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE:PSA_WANT_ALG_ECDSA pk_import_into_psa_opaque:PSA_KEY_TYPE_ECC_KEY_PAIR(MBEDTLS_TEST_PSA_ECC_ONE_FAMILY):MBEDTLS_TEST_PSA_ECC_ONE_CURVE_BITS:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):PSA_KEY_TYPE_ECC_KEY_PAIR(MBEDTLS_TEST_PSA_ECC_ONE_FAMILY):MBEDTLS_TEST_PSA_ECC_ONE_CURVE_BITS:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):0 PSA import into PSA: opaque ECC, no COPY/EXPORT (bad) -depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE:PSA_WANT_ALG_ECDSA +depends_on:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE:PSA_WANT_ALG_ECDSA pk_import_into_psa_opaque:PSA_KEY_TYPE_ECC_KEY_PAIR(MBEDTLS_TEST_PSA_ECC_ONE_FAMILY):MBEDTLS_TEST_PSA_ECC_ONE_CURVE_BITS:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):PSA_KEY_TYPE_ECC_KEY_PAIR(MBEDTLS_TEST_PSA_ECC_ONE_FAMILY):MBEDTLS_TEST_PSA_ECC_ONE_CURVE_BITS:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):MBEDTLS_ERR_PK_TYPE_MISMATCH # Detail that isn't precisely documented: since this copies the key, # the new key has the intersection of the usage flags. PSA import into PSA: opaque ECC, COPY|EXPORT, different usage (restricted) -depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE:PSA_WANT_ALG_ECDSA +depends_on:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE:PSA_WANT_ALG_ECDSA pk_import_into_psa_opaque:PSA_KEY_TYPE_ECC_KEY_PAIR(MBEDTLS_TEST_PSA_ECC_ONE_FAMILY):MBEDTLS_TEST_PSA_ECC_ONE_CURVE_BITS:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):PSA_KEY_TYPE_ECC_KEY_PAIR(MBEDTLS_TEST_PSA_ECC_ONE_FAMILY):MBEDTLS_TEST_PSA_ECC_ONE_CURVE_BITS:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):0 # Detail that isn't precisely documented: since this copies the key, # the new key has the intersection of the usage flags. PSA import into PSA: opaque ECC, COPY, different usage (restricted) -depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE:PSA_WANT_ALG_ECDSA +depends_on:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE:PSA_WANT_ALG_ECDSA pk_import_into_psa_opaque:PSA_KEY_TYPE_ECC_KEY_PAIR(MBEDTLS_TEST_PSA_ECC_ONE_FAMILY):MBEDTLS_TEST_PSA_ECC_ONE_CURVE_BITS:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):PSA_KEY_TYPE_ECC_KEY_PAIR(MBEDTLS_TEST_PSA_ECC_ONE_FAMILY):MBEDTLS_TEST_PSA_ECC_ONE_CURVE_BITS:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):0 # Detail that isn't precisely documented: since this exports the key, # the new key has all the requested usage flags. PSA import into PSA: opaque ECC, EXPORT, different usage (ok) -depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE:PSA_WANT_ALG_ECDSA +depends_on:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE:PSA_WANT_ALG_ECDSA pk_import_into_psa_opaque:PSA_KEY_TYPE_ECC_KEY_PAIR(MBEDTLS_TEST_PSA_ECC_ONE_FAMILY):MBEDTLS_TEST_PSA_ECC_ONE_CURVE_BITS:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):PSA_KEY_TYPE_ECC_KEY_PAIR(MBEDTLS_TEST_PSA_ECC_ONE_FAMILY):MBEDTLS_TEST_PSA_ECC_ONE_CURVE_BITS:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):0 PSA import into PSA: opaque ECC, COPY|EXPORT, different algorithm (ok) -depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE:PSA_WANT_ALG_ECDSA +depends_on:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE:PSA_WANT_ALG_ECDSA pk_import_into_psa_opaque:PSA_KEY_TYPE_ECC_KEY_PAIR(MBEDTLS_TEST_PSA_ECC_ONE_FAMILY):MBEDTLS_TEST_PSA_ECC_ONE_CURVE_BITS:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):PSA_KEY_TYPE_ECC_KEY_PAIR(MBEDTLS_TEST_PSA_ECC_ONE_FAMILY):MBEDTLS_TEST_PSA_ECC_ONE_CURVE_BITS:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_SHA_256):0 PSA import into PSA: opaque ECC, COPY, different algorithm (bad) -depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE:PSA_WANT_ALG_ECDSA +depends_on:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE:PSA_WANT_ALG_ECDSA pk_import_into_psa_opaque:PSA_KEY_TYPE_ECC_KEY_PAIR(MBEDTLS_TEST_PSA_ECC_ONE_FAMILY):MBEDTLS_TEST_PSA_ECC_ONE_CURVE_BITS:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):PSA_KEY_TYPE_ECC_KEY_PAIR(MBEDTLS_TEST_PSA_ECC_ONE_FAMILY):MBEDTLS_TEST_PSA_ECC_ONE_CURVE_BITS:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_SHA_256):MBEDTLS_ERR_PK_TYPE_MISMATCH PSA import into PSA: opaque ECC, EXPORT, different algorithm (ok) -depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE:PSA_WANT_ALG_ECDSA +depends_on:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE:PSA_WANT_ALG_ECDSA pk_import_into_psa_opaque:PSA_KEY_TYPE_ECC_KEY_PAIR(MBEDTLS_TEST_PSA_ECC_ONE_FAMILY):MBEDTLS_TEST_PSA_ECC_ONE_CURVE_BITS:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):PSA_KEY_TYPE_ECC_KEY_PAIR(MBEDTLS_TEST_PSA_ECC_ONE_FAMILY):MBEDTLS_TEST_PSA_ECC_ONE_CURVE_BITS:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_SHA_256):0 PSA import into PSA: opaque ECC, implicit bits (ok) -depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE:PSA_WANT_ALG_ECDSA +depends_on:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE:PSA_WANT_ALG_ECDSA pk_import_into_psa_opaque:PSA_KEY_TYPE_ECC_KEY_PAIR(MBEDTLS_TEST_PSA_ECC_ONE_FAMILY):MBEDTLS_TEST_PSA_ECC_ONE_CURVE_BITS:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):PSA_KEY_TYPE_ECC_KEY_PAIR(MBEDTLS_TEST_PSA_ECC_ONE_FAMILY):0:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):0 PSA import into PSA: opaque ECC, different bits (bad) -depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE:PSA_WANT_ALG_ECDSA +depends_on:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE:PSA_WANT_ALG_ECDSA pk_import_into_psa_opaque:PSA_KEY_TYPE_ECC_KEY_PAIR(MBEDTLS_TEST_PSA_ECC_ONE_FAMILY):MBEDTLS_TEST_PSA_ECC_ONE_CURVE_BITS:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):PSA_KEY_TYPE_ECC_KEY_PAIR(MBEDTLS_TEST_PSA_ECC_ONE_FAMILY):MBEDTLS_TEST_PSA_ECC_ONE_CURVE_BITS + 8:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):MBEDTLS_ERR_PK_TYPE_MISMATCH PSA import into PSA: opaque ECC, different type (bad) -depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE:PSA_WANT_ALG_ECDSA +depends_on:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE:PSA_WANT_ALG_ECDSA pk_import_into_psa_opaque:PSA_KEY_TYPE_ECC_KEY_PAIR(MBEDTLS_TEST_PSA_ECC_ONE_FAMILY):MBEDTLS_TEST_PSA_ECC_ONE_CURVE_BITS:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:0:PSA_KEY_TYPE_HMAC:MBEDTLS_TEST_PSA_ECC_ONE_CURVE_BITS:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:0:MBEDTLS_ERR_PK_TYPE_MISMATCH PSA import into PSA: opaque ECC, different family (bad) -depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE:MBEDTLS_TEST_PSA_ECC_HAVE_TWO_FAMILIES:PSA_WANT_ALG_ECDSA +depends_on:MBEDTLS_TEST_PSA_ECC_HAVE_TWO_FAMILIES:PSA_WANT_ALG_ECDSA pk_import_into_psa_opaque:PSA_KEY_TYPE_ECC_KEY_PAIR(MBEDTLS_TEST_PSA_ECC_ONE_FAMILY):MBEDTLS_TEST_PSA_ECC_ONE_CURVE_BITS:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:0:PSA_KEY_TYPE_ECC_KEY_PAIR(MBEDTLS_TEST_PSA_ECC_ANOTHER_FAMILY):MBEDTLS_TEST_PSA_ECC_ONE_CURVE_BITS:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:0:MBEDTLS_ERR_PK_TYPE_MISMATCH PSA import into PSA: opaque ECC to public (ok) -depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE:PSA_WANT_ALG_ECDSA +depends_on:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE:PSA_WANT_ALG_ECDSA pk_import_into_psa_opaque:PSA_KEY_TYPE_ECC_KEY_PAIR(MBEDTLS_TEST_PSA_ECC_ONE_FAMILY):MBEDTLS_TEST_PSA_ECC_ONE_CURVE_BITS:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):PSA_KEY_TYPE_ECC_PUBLIC_KEY(MBEDTLS_TEST_PSA_ECC_ONE_FAMILY):MBEDTLS_TEST_PSA_ECC_ONE_CURVE_BITS:PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):0 PSA import into PSA: opaque ECC to public, implicit bits (ok) -depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE:PSA_WANT_ALG_ECDSA +depends_on:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE:PSA_WANT_ALG_ECDSA pk_import_into_psa_opaque:PSA_KEY_TYPE_ECC_KEY_PAIR(MBEDTLS_TEST_PSA_ECC_ONE_FAMILY):MBEDTLS_TEST_PSA_ECC_ONE_CURVE_BITS:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):PSA_KEY_TYPE_ECC_PUBLIC_KEY(MBEDTLS_TEST_PSA_ECC_ONE_FAMILY):0:PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):0 # MBEDTLS_ERR_PK_INVALID_ALG is the error that results from our translation # of PSA errors. In this case MBEDTLS_ERR_PK_TYPE_MISMATCH would probably # be more appropriate. PSA import into PSA: opaque ECC to public, different bits (bad) -depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE:PSA_WANT_ALG_ECDSA +depends_on:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE:PSA_WANT_ALG_ECDSA pk_import_into_psa_opaque:PSA_KEY_TYPE_ECC_KEY_PAIR(MBEDTLS_TEST_PSA_ECC_ONE_FAMILY):MBEDTLS_TEST_PSA_ECC_ONE_CURVE_BITS:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):PSA_KEY_TYPE_ECC_PUBLIC_KEY(MBEDTLS_TEST_PSA_ECC_ONE_FAMILY):MBEDTLS_TEST_PSA_ECC_ONE_CURVE_BITS + 8:PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):MBEDTLS_ERR_PK_INVALID_ALG PSA import into PSA: opaque ECC to public, different family (bad) -depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE:MBEDTLS_TEST_PSA_ECC_HAVE_TWO_FAMILIES:PSA_WANT_ALG_ECDSA +depends_on:MBEDTLS_TEST_PSA_ECC_HAVE_TWO_FAMILIES:PSA_WANT_ALG_ECDSA pk_import_into_psa_opaque:PSA_KEY_TYPE_ECC_KEY_PAIR(MBEDTLS_TEST_PSA_ECC_ONE_FAMILY):MBEDTLS_TEST_PSA_ECC_ONE_CURVE_BITS:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:0:PSA_KEY_TYPE_ECC_PUBLIC_KEY(MBEDTLS_TEST_PSA_ECC_ANOTHER_FAMILY):MBEDTLS_TEST_PSA_ECC_ONE_CURVE_BITS:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:0:MBEDTLS_ERR_PK_TYPE_MISMATCH Copy from PSA: use wrong parameters diff --git a/tests/suites/test_suite_pk.function b/tests/suites/test_suite_pk.function index 74e8876f9a..1eb03ff27d 100644 --- a/tests/suites/test_suite_pk.function +++ b/tests/suites/test_suite_pk.function @@ -2233,7 +2233,7 @@ exit: } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_PSA_CRYPTO_C:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE:MBEDTLS_PSA_CRYPTO_STORAGE_C */ +/* BEGIN_CASE depends_on:MBEDTLS_PSA_CRYPTO_C:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE:MBEDTLS_PSA_CRYPTO_STORAGE_C */ void pk_import_into_psa_lifetime(int from_opaque, int from_persistent, /* when from opaque */ int from_exportable, /* when from opaque */ @@ -2515,15 +2515,13 @@ void pk_copy_from_psa_fail(void) psa_destroy_key(key_id); #endif /* PSA_WANT_KEY_TYPE_DH_KEY_PAIR_GENERATE */ -#if defined(MBEDTLS_PK_HAVE_ECC_KEYS) && defined(PSA_WANT_ECC_SECP_R1_256) && \ - defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE) +#if defined(MBEDTLS_PK_HAVE_ECC_KEYS) && defined(PSA_WANT_ECC_SECP_R1_256) /* Generate an EC key which cannot be exported. */ PSA_ASSERT(pk_psa_genkey(PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1), 256, 0, PSA_ALG_NONE, PSA_ALG_NONE, PSA_KEY_ID_NULL, &key_id)); TEST_EQUAL(mbedtls_pk_copy_from_psa(key_id, &pk_ctx), MBEDTLS_ERR_PK_TYPE_MISMATCH); psa_destroy_key(key_id); -#endif /* MBEDTLS_PK_HAVE_ECC_KEYS && PSA_WANT_ECC_SECP_R1_256 && - PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE */ +#endif /* MBEDTLS_PK_HAVE_ECC_KEYS && PSA_WANT_ECC_SECP_R1_256 */ exit: mbedtls_pk_free(&pk_ctx); From 56708133eaf258e28ac21a24b172cf42e876ad4f Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Wed, 27 Mar 2024 11:19:50 +0100 Subject: [PATCH 043/429] test_suite_pk: use look-up table instead of file for the predefined keys This helps dropping dependency on FS_IO. This commit also removes DER files that were previusly added and which are not more needed/used. Signed-off-by: Valerio Setti --- tests/data_files/Makefile | 51 ---- tests/data_files/ec_brainpoolP256r1.der | Bin 122 -> 0 bytes tests/data_files/ec_brainpoolP384r1.der | Bin 171 -> 0 bytes tests/data_files/ec_brainpoolP512r1.der | Bin 221 -> 0 bytes tests/data_files/ec_secp192k1.der | Bin 94 -> 0 bytes tests/data_files/ec_secp192r1.der | Bin 97 -> 0 bytes tests/data_files/ec_secp224k1.der | Bin 107 -> 0 bytes tests/data_files/ec_secp224r1.der | Bin 106 -> 0 bytes tests/data_files/ec_secp256k1.der | Bin 118 -> 0 bytes tests/data_files/ec_secp256r1.der | Bin 121 -> 0 bytes tests/data_files/ec_secp384r1.der | Bin 167 -> 0 bytes tests/data_files/ec_secp521r1.der | Bin 223 -> 0 bytes tests/data_files/ec_x25519.der | Bin 48 -> 0 bytes tests/data_files/ec_x448.der | Bin 72 -> 0 bytes tests/data_files/rsa_1024.der | Bin 607 -> 0 bytes tests/data_files/rsa_1026.der | Bin 609 -> 0 bytes tests/data_files/rsa_1028.der | Bin 611 -> 0 bytes tests/data_files/rsa_1030.der | Bin 610 -> 0 bytes tests/data_files/rsa_2048.der | Bin 1191 -> 0 bytes tests/data_files/rsa_4096.der | Bin 2347 -> 0 bytes tests/src/test_keys.h | 311 ++++++++++++++++++++++++ tests/suites/test_suite_pk.function | 127 ++++++---- 22 files changed, 391 insertions(+), 98 deletions(-) delete mode 100644 tests/data_files/ec_brainpoolP256r1.der delete mode 100644 tests/data_files/ec_brainpoolP384r1.der delete mode 100644 tests/data_files/ec_brainpoolP512r1.der delete mode 100644 tests/data_files/ec_secp192k1.der delete mode 100644 tests/data_files/ec_secp192r1.der delete mode 100644 tests/data_files/ec_secp224k1.der delete mode 100644 tests/data_files/ec_secp224r1.der delete mode 100644 tests/data_files/ec_secp256k1.der delete mode 100644 tests/data_files/ec_secp256r1.der delete mode 100644 tests/data_files/ec_secp384r1.der delete mode 100644 tests/data_files/ec_secp521r1.der delete mode 100644 tests/data_files/ec_x25519.der delete mode 100644 tests/data_files/ec_x448.der delete mode 100644 tests/data_files/rsa_1024.der delete mode 100644 tests/data_files/rsa_1026.der delete mode 100644 tests/data_files/rsa_1028.der delete mode 100644 tests/data_files/rsa_1030.der delete mode 100644 tests/data_files/rsa_2048.der delete mode 100644 tests/data_files/rsa_4096.der create mode 100644 tests/src/test_keys.h diff --git a/tests/data_files/Makefile b/tests/data_files/Makefile index 3191270563..d6df19c20c 100644 --- a/tests/data_files/Makefile +++ b/tests/data_files/Makefile @@ -17,7 +17,6 @@ FAKETIME ?= faketime TOP_DIR = ../.. MBEDTLS_CERT_WRITE ?= $(TOP_DIR)/programs/x509/cert_write MBEDTLS_CERT_REQ ?= $(TOP_DIR)/programs/x509/cert_req -MBEDTLS_GEN_KEY ?= $(TOP_DIR)/programs/pkey/gen_key ## Build the generated test data. Note that since the final outputs @@ -719,21 +718,6 @@ rsa_pkcs1_4096_clear.pem: $(OPENSSL) genrsa -out $@ 4096 all_final += rsa_pkcs1_4096_clear.pem -### RSA keys in DER format used in test_suite_pk. -rsa_1024.der: $(MBEDTLS_GEN_KEY) - $(MBEDTLS_GEN_KEY) type=rsa rsa_keysize=1024 format=der filename="$@" -rsa_1026.der: $(MBEDTLS_GEN_KEY) - $(MBEDTLS_GEN_KEY) type=rsa rsa_keysize=1026 format=der filename="$@" -rsa_1028.der: $(MBEDTLS_GEN_KEY) - $(MBEDTLS_GEN_KEY) type=rsa rsa_keysize=1028 format=der filename="$@" -rsa_1030.der: $(MBEDTLS_GEN_KEY) - $(MBEDTLS_GEN_KEY) type=rsa rsa_keysize=1030 format=der filename="$@" -rsa_2048.der: $(MBEDTLS_GEN_KEY) - $(MBEDTLS_GEN_KEY) type=rsa rsa_keysize=2048 format=der filename="$@" -rsa_4096.der: $(MBEDTLS_GEN_KEY) - $(MBEDTLS_GEN_KEY) type=rsa rsa_keysize=4096 format=der filename="$@" -all_final += rsa_1024.der rsa_1026.der rsa_1028.der rsa_1030.der rsa_2048.der rsa_4096.der - ### ### PKCS1-encoded, encrypted RSA keys ### @@ -1205,41 +1189,6 @@ keys_rsa_all: keys_rsa_unenc keys_rsa_enc_basic keys_rsa_enc_pkcs8_v1 keys_rsa_e #### Generate various EC keys ################################################################ -### EC keys in DER format to be used in test_suite_pk. -seedfile: - ln -s $(TOP_DIR)/seedfile ./seedfile - -ec_brainpoolP256r1.der: seedfile - $(MBEDTLS_GEN_KEY) type=ec ec_curve=brainpoolP256r1 format=der filename="$@" -ec_brainpoolP384r1.der: seedfile - $(MBEDTLS_GEN_KEY) type=ec ec_curve=brainpoolP384r1 format=der filename="$@" -ec_brainpoolP512r1.der: seedfile - $(MBEDTLS_GEN_KEY) type=ec ec_curve=brainpoolP512r1 format=der filename="$@" -ec_secp192k1.der: seedfile - $(MBEDTLS_GEN_KEY) type=ec ec_curve=secp192k1 format=der filename="$@" -ec_secp192r1.der: seedfile - $(MBEDTLS_GEN_KEY) type=ec ec_curve=secp192r1 format=der filename="$@" -ec_secp224k1.der: seedfile - $(MBEDTLS_GEN_KEY) type=ec ec_curve=secp224k1 format=der filename="$@" -ec_secp224r1.der: seedfile - $(MBEDTLS_GEN_KEY) type=ec ec_curve=secp224r1 format=der filename="$@" -ec_secp256k1.der: seedfile - $(MBEDTLS_GEN_KEY) type=ec ec_curve=secp256k1 format=der filename="$@" -ec_secp256r1.der: seedfile - $(MBEDTLS_GEN_KEY) type=ec ec_curve=secp256r1 format=der filename="$@" -ec_secp384r1.der: seedfile - $(MBEDTLS_GEN_KEY) type=ec ec_curve=secp384r1 format=der filename="$@" -ec_secp521r1.der: seedfile - $(MBEDTLS_GEN_KEY) type=ec ec_curve=secp521r1 format=der filename="$@" -ec_x25519.der: seedfile - $(MBEDTLS_GEN_KEY) type=ec ec_curve=x25519 format=der filename="$@" -ec_x448.der: seedfile - $(MBEDTLS_GEN_KEY) type=ec ec_curve=x448 format=der filename="$@" -all_final += ec_brainpoolP256r1.der ec_brainpoolP384r1.der ec_brainpoolP512r1.der \ - ec_secp192k1.der ec_secp192r1.der ec_secp224k1.der ec_secp224r1.der \ - ec_secp256k1.der ec_secp256r1.der ec_secp384r1.der ec_secp521r1.der \ - ec_x25519.der ec_x448.der - ### ### PKCS8 encoded ### diff --git a/tests/data_files/ec_brainpoolP256r1.der b/tests/data_files/ec_brainpoolP256r1.der deleted file mode 100644 index 5c9ce38a1392bc75c3b1ee1f9a5630ddcc7ba1e2..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 122 zcmV-=0EPcBcme?d1RyFTie)40l9gt(bJ2;`Ggz*wDL7nK#O+f4<-fl6a9^Mc1_>)9 z0|NpG0Rac0L<2$q1YmCorA!ZPQvVEeDXj=oGST2ZU^fibr?gBO6=shp&lKZdBr4^{ cs|c23-beUAxksn}ODl4yAfOXrRMy7GdJQQt2LJ#7 diff --git a/tests/data_files/ec_brainpoolP384r1.der b/tests/data_files/ec_brainpoolP384r1.der deleted file mode 100644 index 11e393d0a7de01cee151d41051a06f745f221cd9..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 171 zcmV;c095}lfv5rj0R%7_O`^ucV#e_m^Qj#AUzn-i!^xMS ztN>)yf%7XknYufm3kC@*Bm)Bi2mt{Lp=1MM00b>g(rhZajeJSfE*@+9<~CSABIOLp zOk_kT5%mPypBN*=G$-$0zL-XYDrTo3p%99}J0I{`U2zIgqByLH&W}XE6Pus!O)M#o ZE*N|B!{r{pTQah7mDq%_X12%!K%D)iOFIAn diff --git a/tests/data_files/ec_brainpoolP512r1.der b/tests/data_files/ec_brainpoolP512r1.der deleted file mode 100644 index 84fce0aa885a87cea5eb23ef2011444ffa4331b2..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 221 zcmV<303!b|f!YEA0R%vACosnfHG+RykMIJIeB-i=`OG)S)z}_Y@Z#KTTzY1Xzn^Cdo{Oh8%Tl*3_`z=5-OI(h;}pA7nau5L7j{OmZr+PZLab9kj`B@!A`7EcjiETEi0x#eC4A*o|O~hgsE5yJj XMQwy>^d1$v{{=?6$WKn+KTp8J^UY&e diff --git a/tests/data_files/ec_secp192k1.der b/tests/data_files/ec_secp192k1.der deleted file mode 100644 index 2d7c72848b47718971c91ecb84696800446a6405..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 94 zcmV-k0HOadTmk_B1Q==orCh@eckh{EcaM0lJiAj z12O;vd)qa_asqcj)`zY!0D4Z@HX{{QbbRya7Klx@u#D{Gq>?=8WVpQ1m9X_b0nxd{ DNFXY= diff --git a/tests/data_files/ec_secp224k1.der b/tests/data_files/ec_secp224k1.der deleted file mode 100644 index 108b52bc13b28db639babcbc4f304d3f4638a0bb..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 107 zcmV-x0F?hQX#xQO1RVh7L(2ST01Xh*5%y9q8z1daQ^BYxF4qRNAy2L=Tzfdl{` zp*#aR00een`FSl>Y%}s5Q$Q0fmT>e+fN}p&YJG@$52QH6V`{Rx-Nak4N^wL_y)~3_ NDirqJ4Kz5K3Ur(~V?-ox|8qe;o9RrxTMha!etC(2z6sDvU5S)OJf0iO8$ bn=nw%kj{+zQ6<|%d?CD6cm~s+NwI+eJFYRN diff --git a/tests/data_files/ec_secp384r1.der b/tests/data_files/ec_secp384r1.der deleted file mode 100644 index 29860a463bb2f6f126420ec25bb2ad1a6b2be25c..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 167 zcmV;Y09gMpfusTf0R%7`HbB{}qL@ouLk z(=CbUQ{%T}P5-N)2L=Tzfdl{|p=1MM00c7?#?&WninO;&Kxw;rKtD=i;)%b%-O?R% zVuaHk0fKIz|f!A+#BLLZGpN zQy9ga$4;xg0LM&A@&uH?QG)>@Dc?P$6jf(3Gs`lEe+EXjZ^vFua?IRd<<7Qn?M=dW ZITmw{B`~A){VWvhQ6X{W-ghm+94B8?UuXaT diff --git a/tests/data_files/ec_x25519.der b/tests/data_files/ec_x25519.der deleted file mode 100644 index 5c1c32d6b40c8a6b1d0ef64a74845dc63889c78c..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 48 zcmV-00MGw0E&>4nFa-t!D`jp3A_O3?sJ%b_v*M@9p%jl)1|YKCNk6ag(aoksh$07c GMa_75UlQ#A diff --git a/tests/data_files/ec_x448.der b/tests/data_files/ec_x448.der deleted file mode 100644 index 849d4b83add45af0868d0c6354773208d09ff429..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 72 zcmV-O0Jr}zMgjo$l0e;NV=PGVU)^DbB%i*Sl}*^uApVYPxuH z7lOF(aPQwpQ`huN<&KGkT9TkAOaOk(A>Mczw615Umvqr!7F!?y?hgV30RRC4fq*6! zsj*zt1ltopMF-f#hPNYiJZ7k(k?`TlQxn=|EHn&y*IJm?Gk=S(Y?I>BVe_7foX-*1 zJ~iy(V9{}>!gk#9itoLoSNg#}$XyjfC9N}^divtT-}yS#g;3i*eBBG`pC3;7YE}=F zDI~zLmw=}Nv`LW4t!X1h^}j_aP>}*b0LcsE@h0G;xU5zS%9-=Mm=ieGK-s2N^8JaFr(kQL`1^Ul72O zJ<#RoFpDl%siyZ8gRCIdT@t@P3uCBm`J~{JH*B3q?yD?$^wyz7|3ffI68L~>;+#WY z0zgedZGl0+cx2$PW7W_S~=y6-UsMOnLHaTn+g6QHjCtbW;}wLAF4l z4uwVp5rm*g7p?%`JP28V0zhq$;`kqY_B4+haq3J;e##|`3r8%w2Cz(IBO%h{!z1jR z3p=%Asg6<$7!z!Des|@SVJO4t#FlvCQKHsMWiZ v(*ObthOo|`!YN}1m70GCu7#YG>E(S<8`+Ww4vL~bUVE2E#4Ek1Z#-`XO~V_P diff --git a/tests/data_files/rsa_1028.der b/tests/data_files/rsa_1028.der deleted file mode 100644 index 97c658c54e3164280aca63bd664ad2b1f41b04e1..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 611 zcmV-p0-XIYf&yOx0RRGlfeNIW5x!InbRJPQA@iLc&2p!(Ak_kL)%*Whwm5eWO1kdM zGC;`q`rgkPElMNQd#3{R$t|%{JA+(yjtx0nLz5kKCB9z=~}EbYnxT+ znBKYrb6mK_k0aUShiqwfDz;?42Gm&$Di(|p zfai;-cySQ@VekYy*^&mZ)H|b^6u#*KK?8n7#wFPsbv%ZEOBnJfQMSr2P}unHalcd1 zj)=R}s-Mft%G0zJ@fD+uniyCx2ZJ;^;Ec_xWV)*~{H7PGFgpT40}J;3LZeRt6MtB5)s`ct>YR2dTnSPE_WF2r&;j|qGhH0tlM4^oF4}2;CtR$(9 ziS{^cTE46|4w<6)J^{KR0zm=ndmjA-s_c;238^q#=uLeE1iAzDDYT0v>&4o@G?qx4 z!!%^QkFg#25ts`SKf=;z-K5FQCUL`&{ago}H)6E{K?7qbna06d?sFJ5#mY)`@*{4B xq4xp488~f17}G|>al*O4i7>15Bdnv_@#o6-p3UlNre}42ea=`?`tMo%{4Z#NC;0#X diff --git a/tests/data_files/rsa_1030.der b/tests/data_files/rsa_1030.der deleted file mode 100644 index 754109d80fe4a705e27ed009405ccf3ba4062200..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 610 zcmV-o0-gOZf&yLw0RRGlfiAvGO)6~BW$V0ZOSL`Gyq4OrY1YF|zFKJW!?M$bQ!qu4 z9kAd0n(OgAM5d~;s2^hv(r)6^v76MIyzloj9N%whu3&Xz8}}kM|9(_raHzOkt3X(u z$H!+8N~%5G8#Vr!k%RIapeysJKte7X2B#za(8XMR`k*vkFOi6Z-MIn-0RRC4fq?;U zC#TqVkMZMmMpvk*%M~VT9kp*F{Y_jrb<>$H;qcs2&J?pE$&!otytmUZrAGkvGoHBh z?-plNb0eqi<($9l+Ca3IXO*tCH!1LxRlSD9|7<0F{)*7nKGCLMeW-jo&A;M&%tALg zg`0*BqKohZ^9$wiR5DYgazmxGCfR`kK?eh~TT&s_V(@b*0m-&~F6YBMiQqhS4+>d$ zhkK{O6r2#}PV+fX1vag|7~yb)y!BU6JMb@)HxvF)Wwwwg?^yyt2C4GD@`;#znL8(? zLF(oj9n;S=%@<6uNcEo%aKELn>KNuuRU>(+EixWA%^IE67fmmOuh=(uLwjwWzF$K1 zVFEx_+k6#L@u6Xa5Pi3%4ipf*&eha(*et9Od({EdF?|uYcbLcr1F78QHio&7*}Bpj zF(9`Sb_sd>86$FAGQY6`K?4qqlWu>V+UKH@A|<8DUFw$6^CzuqdE31Rbcj{)e8Dy# z*N6z1^LY;kdy{j8IZe_NT`P#>ksoV}GKiy$M4^vK@BF7yGkBM-J1O5MEgfCPNmWzOIgf_z-%HX6PdA#X!0=r&tM(_INmG;q zOpcD_uD0;nlmzRHcR!2lYB8A@e%66i+Re$q+b?t9-a&5WKZkg2qs)|J9-^(PF@^l$ zEF1-8o?6|i{Hq&ugs3CU`r5e%DkaWH$i2RZE3Z9UOv(X`WJurIc`C!fN(wE`k@{rYuyCSy)qi4MV z2*Fxeg+qbqwC(?Sb>?|6jN=YrsM4orNR87zCU>BJ)kmD2K?<8tiEHy>(Hz z6 zOw6C-ql2x{mQEADTMh^xqyZIKIF>7VBp`qfE=eZJSNAnBwX7TKBKnxHCP40I#y-s@ z4wI*6k->PMlbegqvL?dhJB<~P)B%E>gWp$4bU-oHgPwY+gFPR*)ujY=uY)>?0)c@5 z!|*f0QPap*?z-YNNB-Y60Rzb&dZkIjecs7n18Ev%EK{+%M%`#}7qg}Sf5Sk;YS9pl zZCnXzedzOdI>=@t^YhRl*tKz+(wN8fo`YC3l!4`v z1=6tQDC9O8PNX+lgr^*hYZ7MMVAw#^Hh^&s86X5NC~re7}*?3#^x#lX|Ky~A8H&N&WLll`!Lhv@hC4Q z;9cM!)L-$J-{pkST*Z&}j*(QVtY=94>rg|5Po1!N3Ai%Iy4cQs8sRV_Q0>Ut-hbNB z0)c=++{p~umxh{KAoA#QwF$m3rgjg5?z@RLe!KxgsIC<-S1%&{N)0)s|+zn+Zo}Di(8)GJl-fsI+2E* zw&nafcz0b>KJ6!U2As_b&ujA!_jd3*kFW6pfq-E!5#z(b>3-1Ez+Yt4YjfzyKlX8} zE5w(o->x>;1HPqID}Z2iHoXAu7Gd( zWK$S4TeULBs)fEC!-eo?GB<(e zFOjIBfQKROO*WlXA6&hv-JKCJtyWU+aoHQ@=K+N(*Ux5dw}xu!Rcb^Ce|DnE5)7q3 z^{e)G7=-o(M%gzrD905GL4tAz%ESBOmE<-bOmROj8sL@L%u*e}pol0k3--N#W6}4x z7XtKijB2NuDjGCZ3PH+wLnh*kojO^U`md0Cy@M()a7^a-XWH5@jM9n*vv?VxPkdMV z5UoT{af$zArHbSkv0^upa80;si*@Q<>aLb}H+6Vpv9vo?qI=;1*A&M00h(huM*~S? zD=NjhW+jh}wYU%crn0bjxp8f9PmLPAkgzsHbi^IIXKA13Q})ApiI|7L>vs6tha)NS zB@8f;bzvkbWV`c0XPON@5_`91&AOTj20fIVE`DNbRQjj4a0kbBsTrm5Xgn6b-2BUmyH4S~_ z=GST<3kRm6VZBL8HXOrK3DbSa@>TY7@gEV!_q^=8+!phhT!-bjK>Mh+S|kKN#@!E& z93->Lut)W169+qMxEYrBlv3;}sqL9t)zH@dN&^)xtd37C>we^}&SzkP4-R;Jn!2+R zq&3?3+&(B0UiNVZgiX2uHlo$kx6W_J)fJQ()0yi+#pi*GLwp??9Ys+!iq+-ZDs_IJ z9}?agF0^B}NVdbR0)hbn0O5--S2o!-{qN&o~xxV3dy|%MU=sRl)7+@mM4|=d=Xb-$>q`VF1~{ z2u`zEac?hfz3cIO6gdA{C}g%F=bIZS=l0^~i9fob#Tosgevl7)74!T2>5O|_tWJh- z6Go-Ggr)K`24T`?e2?^dWrZGDV>IN@SHt1Hz~2EeIT`kfAgn*bxZht=?rtHuX^sDa z(c8m&FPyO;HsaS{B>#F?V<*)gt&4menHD%F%I>F0j!T)UHkG_M2FL0-`K&6((6GkKk8wp4kB@^LX$ z4GXkbF?`P$LGaU<{S?Pr^?m2opq6ASm}KIxeo{!W^n(U3+NOi3dXTCGyUe0tRuWof3`!tFu;YuuM zj1%Mp_fhnUJS}>iNz>XeAo$W)PcM!9lGkS-Z&2XRNt%I=C72pEhj zoCesX?eYdb<%s;1#+E)wYuCb-`K)Nr##IElUfKykzqrQdK)T!`17U_?+XQH~nF(D% z!$P!c0zpE#eql+wudJK6i=L0cc#iOec8Ow9?2uaGb|w;5b-Sy1ge8 z*uGom7)&zMMo-fz81PaOeLF3BT!Lm}OMrk|5G*lYO{UN&@m}jLciz>)PCZG-Nljk+ z7jP*jf5oKy#y`7LSu+BH0RU)|D5$r_-dhnFGTHz|UM z28n+aeOJ&UGu$jzs7C83WD-X^tD3fr6ib;JI{E(MD97rMO=~*uEVSlR9Zx_rcEB^8 z=ktbtBVey@zyy5AQ(0!4kQHh%s{S-r555yZ`Q>yyMPzELa0$0Oo@2M9Si~dqxZZ)t zJ>{_eV7q!FU40sp9LiLNIqgnjlZMCMnAn61qP(yziriV@d9r#(1wv~vG?&CWs?3!- R=`3(6@d_=a+nWZ6#2-xyg4h56 diff --git a/tests/src/test_keys.h b/tests/src/test_keys.h new file mode 100644 index 0000000000..21737b247a --- /dev/null +++ b/tests/src/test_keys.h @@ -0,0 +1,311 @@ +/** + * Predefined keys to be used in test_suite_pk. + * + * They were automatically generated with the following bash script: + * + * ``` + * LIST="secp521r1 brainpoolP512r1 secp384r1 brainpoolP384r1 secp256r1 secp256k1 + * brainpoolP256r1 secp224r1 secp224k1 secp192r1 secp192k1 x25519 x448" + * + * for item in $LIST; do + * ./programs/pkey/gen_key type=ec ec_curve=$item filename="tests/data_files/ec_$item.der" format=der + * done + * + * LIST="1024 1026 1028 1030 2048 4096" + * + * for item in $LIST; do + * ./programs/pkey/gen_key type=rsa rsa_keysize=$item filename="tests/data_files/rsa_$item.der" format=der + * done + * ``` + */ + +struct rsa_key { + int bits; + const char *key; +}; + +struct rsa_key rsa_key_data_lut[] = { + { 1024, + "3082025b020100028181009a1c55b1d24441a3a752f8e9d08b3392f2e95b" + "741468627cce9eee9c089928b98f77a1f3b0e4abb35552838071e4f853a5" + "b9dd04ca939240dd66632c48f15fdd6186249fc0043ef52a97d7bb6fecf4" + "be5d0e6aba78731782b8f070efdf4853d7f44ce58e89855a92a0274c007e" + "cd21de781ab4ae67a89774d160165b2000ee0f02030100010281802616a9" + "b15cd404db13404507d8c486b723753c66a8a291f0e1ca5313da662c340c" + "7ad75a98d6337f8baf6c93e2d261f39e8a9ccf11d83e35ece260d171a7c2" + "76dcf28aefbda457fac13fc85d154325ad339d7afae2c4dff93ad58550db" + "3e7cdd0bea9f1f4ef96a560f942924c0b19780a702b44990caad692346f5" + "bf45295091024100c90be3f126e0a4b8ac560bca99f3bd980842de6f90fa" + "f1e32bc9b029efd7ae8a5f6defa8195e3d3c70ebaa91d2cee080a93d4e7e" + "7f89dea09623dc7ce7aa8351024100c43c242651b315de5f10c0923dd0e5" + "e8308b2e57a9a6f71583ac20d65d12bf3f0b63a86ef9a4e093376c9d48ee" + "ab2c79f4d6a144ff43304912f8806ae29c435f02404d426d8141c0786ca3" + "8599986d1b36d3d2f0e78c1639e974b4621879b53abc4f5ea6dfbf48a867" + "7defa310f462ffaf54a234f61234aee5c7ee8aaf73ac8f6151024019076e" + "b8f07cbe1251dfca201d005302ad86630fcd54bd792205475ef01a1f0884" + "845e8c610d1593d162ea20ce4848f0f93892f340f7a9e5f8247804aa08b2" + "5302405f19b2ef1b2452e9a5edb032b673bd3e277ebc3f777a922b22c913" + "7d4028626b0445db61f42a99b4e5f28c3faf9a774604db172092eee0fdef" + "9526f7aec8a856" }, + { 1026, + "3082025d0201000281810344ca3e3712ee43d1ea5d493baa485d94fee503" + "323d37dc49b907b11b6b534669b2e572123ab6b5b8223b87e22d60c3be86" + "19f6a39f1d76f581f4dda46701628a6dff5316c6efb81bdcbe2cc20173cd" + "75c076b7ec84a61b6b80cffc16fa045cf68346013ed639e93708bf264072" + "63bc6a39ace26cf0eb24e2c0e6597fbab1f9bb0203010001028181010d06" + "b085e8522dffb90790d9dbdf342708e3fbe915017693452791eb2cd0331d" + "1c64e40db44eb591a37fdc29fd48d4e5d61b56ce3803b3112f5cd83d58d8" + "7b22b818641bba62adf3d5ca44f8523221b1068639ad865e7a7e6fc69aa2" + "1091fdf1a325d1b2c6a0ddd1f27883f01aa15b0b193311d357776b6ce52c" + "51ac1d8c0601024101ec7ae8715bbda8d4db6636396c1582e8e234275dc9" + "d272b0c31848f96dd201f4cc01ac857e25ce2b316ae1798c83a9786c2f8c" + "f71d3cbf2db13861814c9ea481024101b2fa7cd232925b355dda2d5f10a2" + "f0a05aa91ba74be5c088444d681e1dc0b2c85acfec84c1470233aa4bb5c9" + "db0b48853a410eb7d58b07afda91c54012da103b02410169dcc9ccf986fb" + "76241c0f7dd3f05e777636b23254e88083676701bfdd34f1610941b59d85" + "1a8c49ea8ec94c41b640a10e8546041184a04917ae00df3c08598102406d" + "90e2f81f7cf6348f1b71ea4c4a7eca258c0b472cbb06b04c642321d2e4c3" + "23ec9c0b3bb563a98e520b18136c757f22eff58b3b8b32a61109c1462a49" + "955c1902401e737a46f09dbc770e7c6ee0b1cce304a8d5bb93d300020c86" + "b0ce9fc2296307959a7f07ae859c94e9e57d511bd992080e8aa23f5e7b97" + "47c42bbda86f3c6f06" }, + { 1028, + "3082025f0201000281810aa49a11be540d741e513621f39d1ecd72a7b020" + "d50272d5fbff59b638770f4abaeecc3240c8f8fadecf1a2d4a23d47ba702" + "f5c92db1533b835c768e0d395c43931d7525c56aa71266a5dbd7b4c87c96" + "52536cd520e61762573274897f3ad77b83f43584660caee3fe3a9fa27b3f" + "50d71409feb01956faf9b966e1b08464f0210702030100010281810105c9" + "cbf4a6acd840657b370dea45e065a8d9127e850ab5a6cde537cdfb1a9c0a" + "941148aed2e0a172312209c1fae95aac346b9b55e998deba03735cb8c68f" + "27ea64e6f99d86428a80176115b2d6f5e12d7b9dce5cb68570968f876c69" + "762ab664be06d4590c2a168c1180e78ba8787110fd61f0043bd99206b0d4" + "3ba39a14bee90241037e44c625d91b753c86804b18f22851b6ca2f50d8f8" + "ee71bf53d18e88bbd5aa9fcbcbcad3b415f115a38d9a1858300783343ae0" + "8ccdaa64baab34fca617aa303b0241030bf6fd42a34f02155a61667a6482" + "33a3d683288b36c7530ed1bff81f2ae2e55ccd7c9d28c968568bbbd2b0ff" + "5701335abf1f9785395b136b539a4ecefc8f71a50241031d89986e08c244" + "3c46780481aaf5ea6a6ac6e803997e8e53641d7050e1b41d078669a9ea44" + "a18cf10f7c2a01ac24a98e89f6386d5abeac370e99a2f93e01ba21024101" + "ec7b1efd05aaec90d909a9305ce84d7d0504ba03f529b48b25ebc5dac034" + "96489bc33464bd8fb11df811980b123fc2d268dda4c9cd2671c391fd5c07" + "9c3762b5024103632899c6c15aee731835c5ca4a75f2236e86a1f701be19" + "386d4218d346c371c2b9c08930abf423aca3dbf1e7caf79ecdea6aa66775" + "7e7dce5852faef59fcfc2f" }, + { 1030, + "3082025e0201000281812ebe4c4d2a6cd165ebbc6a4bb53dd1bc96dab169" + "d6c34ebe5a68f3c3b2d385533045901db0dffc9aebf13c44a6aab2a81f63" + "0ed26ee2d4b19bd49abceff7331cdf6f6aae6075631bf72236ff7e546270" + "a8b85cab40589ec7c767114aaa3ddd1b35fe999183f21ca02bf3a840422e" + "1b06a723fdd0c55c7dfaa0345e2f918884ddb90203010001028181016f27" + "a7d8778ff1e3754657a8a9cb15266b1db56f22fd4d5c3875d3992ee1f0dc" + "52ce14b322c9928bf9bcb7d330a54700f6339eb8f5ef1667547323a7ede5" + "9cbfecda40b4976795aeb53729f09455bd86c4ff6c257dfe8ad0d63ed1a6" + "5f7da87c3acdbfe27ccc423739859b860ea28bf004f30be5f1543253a572" + "43a5b426d98102410703b35b5221d562f0732901c9b67d2ee7c33c89e03c" + "750f0a5978877ba7c2149c10e74ef339500536adbe18e17084bcf557513b" + "f02f933713fe5065b69028ef59024106a9f2bff289987d993b27a541eae6" + "1a1dd3cf34cd174cb148f59f0e70bfa5b0ea18e64e552379a92d321e37cd" + "1a9dd5174d2f84afd83778437b6d9ebe5f42f561024056db7c1552f1a161" + "84107db7a60e1410bdced5d474d82cac117bd501d4317d11b77798c80703" + "a9dce53686b990d9bad21b3120b713760979fc1923725b32bfb10241030e" + "8c936e7f9ddae7a2922225a5ca5dea96d1f327ad6b79dbbd08748855f17c" + "c13620d7880898f3790f077b937385394dd2135d2b88e4911f6b8c3288a3" + "8c44a1024101e712867c169a6f391cd8f3ce6d7672ed7e90e6590647ebb8" + "9bf55924c8cc487a91307b0cbd6f6a5e781dd5b160ac7efe0aba5b2757b3" + "b7b00881c25070dda042" }, + { 2048, + "308204a302010002820101009912d469d8864df984bd8ea0d1a4e9bef9b3" + "d3ee7249801cd28195d1f3cd71b12aed430dba25012f69effca752337897" + "ae3b29df272d1d5dc6495553d0398f86eddf4bd2084f379aaac0f05d33ab" + "f6279d495394034c8e8ee5aeb6f0da9404eb8c773f8bec6a3199187ed681" + "55dacdc9c1db2f73dfde416ee63f87786da3cc94631ea2adaa3185fce12c" + "1c05659e5addaafcab1b7484a823cdfadab90f8555da052bb92c61a96bb6" + "2c2b6acbb06e0b01e65605905e42a64def5cc29fc2c04275f4a0a07bcf7a" + "49978c820a4710b605ef15c8aa0678636f73f99d79f235548856c8bbf104" + "344b209e46bc14acca95050cb4aac1cfc0a28c9d9dc05ab3ee0cf40d0203" + "01000102820100156455048cc2aa2b7c723c383bcc12f18236701ff2df54" + "34d2f352a37271abd99150f28dbccd96969074be2788fc91f60a9e9089b3" + "d121793d307ae8f960cdeed297e1e1f290d589bb22b704a367bd0108c15a" + "59854381e9b4edff7975e679308ce30e61a8d2a767488dd33ee4676d5a6c" + "89cbde22f34dcc2887c8d01aec68f6bd7551b8155dfc8cf10a3f43c8ecdc" + "e55ade57f0041d58878bf7420e8d945bbe858829f55d86b6fe466ce135cd" + "34db478a16125a989978266ed38b8f8c204f3873cee95191c41549296ee5" + "6e8e7300f9b35700f8aed9c0a1a545ecb9f4d09bfa5c9044bc307ad30ac0" + "c6e27b6ce9ffbeed6213110a9aa821d0c7e85cb5ad349902818100c7feea" + "fc0076c99dd4b4259fc84c12f4290a6f468e538b6fd8d8aeea4ccc9fe3a3" + "83add1964e13bf5b0e081fa401155938962b7a2420800f2e4926ca57f735" + "31b5ac1beb22fa98b02640ee67c63ecd250e93a76791c1789f939b8bceb2" + "26c2e43b8d1590d401829d83df5749744031d5839e7aa9833d1fbad5a504" + "75af833a8902818100c3f033c251d3c857eebae23547fedf350103c91f7a" + "a549c37ddec96003691a652c53b1ba46dd687117b3a6007fc340c46ad110" + "8d6d5c096a7de8f3773ac866352888f17a7502cf45f3f3d021d8b5719bd2" + "98c7f59e3f4f675052800c653be810ec4c4d7c9481e59205d2b0e628e436" + "1a4ea4375a84a71c8de549ef546a68fc65028181009883e43b4d3749459d" + "81cbf76fcde3de62b5dc6a17fbca27ff5c2ef7ea9d5989459713a4f35493" + "66a84fa90e4809b37818d91c4ac6e62a0269afcb6f1f6a1c1cce8873b9fb" + "30d3e3f1282f26e05de01fd45ff197dfe584d15cc58ff68e9154aaac6748" + "fceb5043854f9db07909b832c8bad8ce7e1ae1302350edc8dade7fdad102" + "818042dcc90cda97869a5b20f2e873b509be30a6760f83eebb89367ebc01" + "43a8ae1530572f22fde3b82c3f8652738125c40842db2ce6d616be2fd4df" + "95956e3dcc82ff5e1be949dcb7968b74fbe550ea39e68eab0c3148db19e1" + "8b8b5b9edf3cde28483a91869db6e5fc3a78775d533eed2775069ccd0acf" + "6bf30ff776f03b8faff1028180613011e3c3c1e97ed0d4c05f64d46b73e8" + "c93ff671ab2bc497aadfae36d803c3e2d7e2ae6a99c36ceebeb86dd5ccd5" + "d6f3304821b44e2ee2bb5540f9104d02e7cee6315024096120fb12a98bc1" + "1f4f08acf31e6f0cf75ec44b046382344eb1a299a3996ca9b63f71b9fc96" + "9f9c76846382c7b026c57cdfdeb53eff85b4f6b373" }, + { 4096, + "3082092702010002820201009ffa9b03aab78e5980223bed1811991bf244" + "20e7a277efc45fb01e9d756eba9e57b17b7f198d03e5731f7c8adbcecd6c" + "c75c1185228aa3eb650e3df03d10b8c4ee4794be04d48f304a3884589789" + "8baa4aae806ff9645318345bb532c7aa85be1de3e4d87873fb709a9af4ed" + "984fc2d8f42a98a233204eb50ecce01fef9eaf0ff82324dea54ea7cc909b" + "164a58c71f8b47edb097099cb27ee2ba1cd7c37dfbf28e0685a418b1cb5f" + "e6cea64d0d3f8b713a628fa9afc385f067323781e72f91a8a1808721ee4d" + "369d551f5cbdaadd9d1131ad5652ef71d91be6e701852ad7cf666eb7866a" + "ea556a44087f76a2ca120ca53ff5abf6771884f60546d9373328c7150b41" + "827207cac3fbe295e4361f4c713f301ae095d9cc521dc1a08828320bf6bd" + "7f63d1f7b81702f4738c6aa7992a1a34550a41ca794326e28c9d3a5997fa" + "af907bbd832a2e704ce6f867dada308cd28a06b37819a04f7c57fb10ad44" + "4f7189ff64a58ae419b1623792704db86a8b75ea5deaae967837757863b1" + "b43b55a27be101d714c6f7019a6339470349632b2ac5ba66258f8db5b80f" + "fda6b2b078b9716d704f8d1abd90b0364474c41dbb67699fe753f6c37a89" + "9887c0eb76f8db872329f2250c30917561242a64bbf341679a0d3e127bb7" + "66cdba9a0ae4f15e6220571a083fb9c487c9deff3b029653783a3c205e3d" + "5e9aaed05e4ee8b0e13a03a9fac502030100010282020010fdfc531261f6" + "c3b8e169fe0fed6696da4fb4330645b8f8e1b5023b754ab295b8f8c80642" + "ff806771a7e98192414ffe7ada639e01823a50f965dedc5290212001b326" + "b05c30fb988479a64d06a37c6b350d7de4e6d76a200b07a6a26324d099d5" + "f0ebd0b65293656d7682076e83224e0af92f4723290e531ae455f5ee6cab" + "6985d0adccdc4013809de76b21b0764dfa6c4469da51120cbf7f738736bf" + "b3f4fbd96c05ebdd179d636d4f8bc8695cd381ce52c3b1a152a23a5babb0" + "cba273a204084b6f8f0211bf784c9f4d2974299fd240b58992bb8e1b2264" + "8f2ad12b30cafdb54ad7032a2ab263d1874061a016f4b2e4ad427ba640bb" + "76aa2ed14994ac8320a4d81ba570d35184956f049be8c6c7da7938cc5105" + "c07bfba6b990687b94066def18ac3525c139707ae781c1e66931241137c1" + "0854ee00a74c9c52dc67f1964721891b8302dc4719c60f10af993d69ddce" + "b128da65a36f4d0829e84c74f3570d8db747a6db352c22061c2603f255f6" + "72f11f11c6f7bcecbbdc16f3995c87e5b840fba8b65a24043fc6dd0f8e1c" + "24b3cbb047f56813073b6bb81996f79452ec2aa9ed995bd5d0d6fe4a0315" + "2eac8e4f2ceb7ee4aece6760820f0e787d9abab312a435daf8dc3e28125e" + "f67107844dba0136a2d5d4b7ce6fc7d5159419d399eb42c5e7818b437c1d" + "1a1d4551358ad5e5dc2a757e9f1f12de1a2eb463b748b6c3ad0282010100" + "e18b2f5736dccd61f604efd0c1921186d188c54849c6f78aff4964d1fe27" + "c0727f057d8bb2e5b86efcc1121e4a791d84acd643c38a75fdcf38167260" + "948f23cb0f40c555c1edebf1582439e7b404d9df48de9e6100d9c0084eb3" + "59716f2f6ebdebf17c1438ff5a2864b621e79b1b28e7f6e2e7893fbaa1c5" + "19fda27e900f7b15f3fbfce98c7b5dac4e86701346a5bb84a5f2330661d2" + "677c8ff47b65851e596334e4d057c3e1bec0df01313919f68a20ac3fc3b8" + "df5f52ee6e21b9698dff82d1dbc37b2f9cb12036e2d76024ff7a586327d5" + "1fad8b7c1d99163827caee7b61e908b0fcf51d3264b8a11abd121993676c" + "10d715a345c197d0f4f42e85f74647b30282010100b594e9e77eed5cbb93" + "8234af03d2415ed0f8cd99e86033799d68b6547986f27131550d0bb45831" + "7ccf1841f0d398fd14c75bf57de7d6a096642b9864e2b07e5248b1f48306" + "2fdaa683a87a90aa05e3bbacc4b8eed9929b73eaec5ece7424af6e751afb" + "348a28e14a3218e700f0069d1330324b71ee9ba0cf516586c8f0a139f022" + "b612173276b40646b2f3d1063ddebee38daa61248ee58594da0168c4382f" + "2fff763cdfd69c5765d6f75f7d1d6a1db6cfd894118451fe58ded97f54db" + "703e6ed770452e70c6988238ec0ed599bd5cc550874344873e1040374c6d" + "373a485c2d2adeac3b89a7615542e0833433c119b1c0c784c76446f68e8b" + "9a2fb7d20f77a7028201007f3f96bafef1fe52298a497f1ee6f94a760753" + "3ee09907ea7cf37c95596e360ea30986f67d3d4c1c1a3017b7cd4e9dcfcf" + "efa715b895af57ed0e0503e66d07c5b5da563b770973d79b61fce573d454" + "d3bbfa15a326e6b3883c56c5bcd0fd12dec6325d4dcf8689e84641d7c922" + "e264e6d28cdc12bc48e0a22272cdedd7fb53f763cb24bae38e6aa01f418c" + "13e404f751f48a3c2d7a9d49d3a6284a4251a378cd16f78d7026ccc3616f" + "afed8488d866bfde4eaf6f2b5f4d9bc5b8f331d17279ed4aaef45e3d6a55" + "8181e3ff93802c179801ce256c3549162ddbb25d090a19c478c4758e9200" + "22015f854d5fa4c997377f69d4df99596ecae7927bfd8f899e362f028201" + "000a34532cca4a4692d80852339fb05a321ce64e8f9eaa815a0d498c2d95" + "22cb4f272993711bf274dd81b9e842c3716e8f93608c9c45c21f06349cea" + "9488d4c854917746b97248902e196a077147cccaee8a1808188c2b9c06d8" + "a5edf2063ee588fc95c6963e496bd7c296f9ac68d0c65504b95eda0941bf" + "b8c6e740badc2303618661db0468b699095d41c347f4e4d736bd0d020d31" + "83c24c4e802de2185cdbf203963e7789d501685cbb4c2778d6b4d2c83d70" + "9cc765e0385855babd2713d8be5be7184c32d4464fd32918f052127d3b2d" + "7a5c8266634b80805b102c315f4da6d028f15eeb2e77ded5c24e3d49c749" + "4d5efb177029277fc5a4fcc63fbb53593302820100689328a8b7c6de5b11" + "1934790c4152320c1a63a090bbb5d243517fe1f0203729828806897f157d" + "57d02333dc2c56a846eb286412473bab9ab68d144b991a3af9fee228c7ea" + "904d6b3aef2e42245abf4d777385b877c86a9b16b5d7c9cab1221576d88d" + "ee4993f130236744acbbf45c6bbd2dcaafc00f2cf36537e54e8a99ea8084" + "801d4f403376c0339de7f3867f2360af6fc0047cc85359669b90156a31aa" + "fe34570fbe1342f9e5743d45646aab7009b73c9e63b7a458c423f3b8de81" + "c83de5b0fe60bb7a235d7d1a931cca548639ed4e629386c7de98d8840ba2" + "bcb02d8adc59e179b27a4705426b313497c43aaacc953ae92c702af10a2d" + "a5db9b0688c41f" }, +}; + +const char *ec_key_data_lut[] = { + [MBEDTLS_ECP_DP_SECP192R1] = + "305f020101041856ceb8c9bc8e6562242362d5176916c8cad73cefde6242" + "faa00a06082a8648ce3d030101a134033200047bdb35c272027741d687ae" + "31007a4ed936231556747cf3e916884db6b08cece5a4923ce964b8bcd195" + "b0f53e01d1b9c4", + [MBEDTLS_ECP_DP_SECP224R1] = + "3068020101041cab5caf66f71236bd1c4c4825588c531682b8019882a025" + "ed3814e32fa00706052b81040021a13c033a0004260e79423142a44ce9e5" + "b78144c39e3d2b5b2670af673868083416745e57be42319d8ee6d034ef9c" + "535c7f6cc45ed5026fae66c0dd1298a5", + [MBEDTLS_ECP_DP_SECP256R1] = + "30770201010420b52b83eb4cf15f4fb2bdef164f521b92a4c7329ce83dd2" + "b24fc4080980603b07a00a06082a8648ce3d030107a14403420004dd40ad" + "3c112abb3e7beed40ca349c9a755f930968722865c27ca5d0ca884220b59" + "9e6620019ef8fc9b3050cf90ce8cfb5125db447c21bc567806d39e49b181" + "01", + [MBEDTLS_ECP_DP_SECP384R1] = + "3081a402010104301b3640d9ada2984b5c4406c339fa859c374aa1692990" + "547b0897429689d4b226d20b1ca20fd32d89e853e3b7644dffaba0070605" + "2b81040022a164036200043315c6d4276e8ab4b74b4069bb7a403f4a62e2" + "89bfbfe39738dee4064d7ae22ff32520316f7230302db8fa7b0434ada5ac" + "3f39acd252b5ec2eadbebf55ba7edb2265026a33bae2dbf59314ce081277" + "3f08faef9fb4786d610a8c1c1f348e9627", + [MBEDTLS_ECP_DP_SECP521R1] = + "3081dc020101044201300db372ffd5307db8016608a097cb4ac8440e7419" + "589566518a9b8b4506aa00ddd21d736284d31e02ae3064a0d2b1c3de08ec" + "b6285534e13fefe456fde0337572a00706052b81040023a1818903818600" + "040183a4329055ced8534460a22f00271dc55b9857aad6886355bcac683d" + "461a2281190546929a8e64cdfc1242fb6e3a460b0821b4197b42a0b18253" + "18c59dc74eabbd00c74c4bf20494c05183012229df3da41455673233cb32" + "877f0646b66fc75e4d72ccdc60e5ceb670ed4dc2773916738e2530a3f5fd" + "2c14ec512171e6de772dc21c27", + [MBEDTLS_ECP_DP_BP256R1] = + "307802010104202a248a6523ec929566b473d189d63358aeaa29385c56c4" + "ed52fee5bfbef6705fa00b06092b2403030208010107a14403420004606f" + "09a54c0f6d52ff0c7429ad085332d1e03e60370cd6a7b44c1a15668f28cf" + "14e35f242ae5c7ab089663de47f840b947a7ff4b2b72a820a0136154d6c6" + "c87a", + [MBEDTLS_ECP_DP_BP384R1] = + "3081a802010104301a4da2c6c462c6f115f3a91cfa6006bdb549e4935364" + "b2199d7bc872f1eb9bfcfcc3c997a1ac0064d581f32b3899ba3ba00b0609" + "2b240303020801010ba164036200042d4ed26c2aba8d7c49d52e1e6bfbe6" + "36583f22e50cc94c64442811f504db9f1823c43427ef5fbe9846842a66a7" + "20a1108ac13b1ff05a5d710a51a238ac89ce8f44c0139b9fef4d2c298f2e" + "187bf3c3e51ec05b32b27195d884b166b6c803409c", + [MBEDTLS_ECP_DP_BP512R1] = + "3081da02010104406f2730c70a35827f5a8ff0028f7ce3b28cf9d2711ad2" + "269130c5c72eace8d12efb0afd2f099548afa55bd94dd7361ab63ba1bea0" + "c7d295a67498107cf89acfb3a00b06092b240303020801010da181850381" + "82000464615aa207894e1059a28fc36c9f1d955b518dc668ee3a257b35b7" + "6d1b48820a0c42bf91122a96c5887633d71796d6d541a098534ad09f1f1b" + "0ebaece479e8e0284a7bb28efd1185a77a3ab8715e6e99f9591d44f92ca7" + "b4896d36a9022fdffa0cd7744f4dc462172bc4c027456d8469f41e15bbff" + "0546bac84f4edf3f4fc0c3", + [MBEDTLS_ECP_DP_CURVE25519] = + "302e020100300506032b656e04220420b0a8bd3ffeb3e2a7caa1148f5406" + "20b2dd493faff1d1cda6458822077445cd78", + [MBEDTLS_ECP_DP_SECP192K1] = + "305c02010104186a01a55cc30d77ef9962778f78af3cbb5c7fc7dd1aa9a7" + "b6a00706052b8104001fa1340332000435aa842c4bef314c579910674cf3" + "cb426ce001bdd5ca0586398634776957b1e3afa9473e5b69648ffaa65a1f" + "052be658", + [MBEDTLS_ECP_DP_SECP256K1] = + "30740201010420282608d1c6067366c22ef6ed5aa3b6e31107e6fa535f2b" + "6def935626517883c7a00706052b8104000aa14403420004163f1a8038d1" + "11cd2da34a98b8524180de6c56268cd8b2d315201778d1e7c09da090c2c8" + "da4667bd3e831f444103606875069c222bd1cc9beb84cf2989ad37ec", + [MBEDTLS_ECP_DP_CURVE448] = + "3046020100300506032b656f043a043858ab68f1e135d8d38514774a63a3" + "4c659b3ed783f8cf87531f49927c5e97f459cb324a32ab3dd2f1613ad931" + "cb3df24d5244bc7e4691f1f4", +}; diff --git a/tests/suites/test_suite_pk.function b/tests/suites/test_suite_pk.function index 1eb03ff27d..0082fd55e8 100644 --- a/tests/suites/test_suite_pk.function +++ b/tests/suites/test_suite_pk.function @@ -184,22 +184,41 @@ #define MBEDTLS_MD_ALG_FOR_TEST MBEDTLS_MD_SHA512 #endif -const char *curve_names_lut[] = { - [MBEDTLS_ECP_DP_SECP192R1] = "secp192r1", - [MBEDTLS_ECP_DP_SECP224R1] = "secp224r1", - [MBEDTLS_ECP_DP_SECP256R1] = "secp256r1", - [MBEDTLS_ECP_DP_SECP384R1] = "secp384r1", - [MBEDTLS_ECP_DP_SECP521R1] = "secp521r1", - [MBEDTLS_ECP_DP_BP256R1] = "brainpoolP256r1", - [MBEDTLS_ECP_DP_BP384R1] = "brainpoolP384r1", - [MBEDTLS_ECP_DP_BP512R1] = "brainpoolP512r1", - [MBEDTLS_ECP_DP_CURVE25519] = "x25519", - [MBEDTLS_ECP_DP_SECP192K1] = "secp192k1", - [MBEDTLS_ECP_DP_SECP256K1] = "secp256k1", - [MBEDTLS_ECP_DP_CURVE448] = "x448", -}; - #if defined(MBEDTLS_PK_PARSE_C) + +#include <../src/test_keys.h> +static int get_predefined_key_data(int is_rsa, int curve_or_keybits, + unsigned char **outbuf, size_t *out_buf_size) +{ + const char *key_data_hex = NULL; + size_t out_buf_len = 0; + + if (is_rsa) { + size_t i; + for (i = 0; i < ARRAY_LENGTH(rsa_key_data_lut); i++) { + if (curve_or_keybits == rsa_key_data_lut[i].bits) { + key_data_hex = rsa_key_data_lut[i].key; + break; + } + } + } else { + key_data_hex = ec_key_data_lut[curve_or_keybits]; + } + + if (key_data_hex == NULL) { + return MBEDTLS_ERR_PK_BAD_INPUT_DATA; + } + + *out_buf_size = strlen(key_data_hex)/2; + *outbuf = mbedtls_calloc(*out_buf_size, sizeof(unsigned char)); + if (*outbuf == NULL) { + return MBEDTLS_ERR_PK_ALLOC_FAILED; + } + mbedtls_test_unhexify(*outbuf, *out_buf_size, key_data_hex, &out_buf_len); + + return 0; +} + /** Fill the provided PK context with a proper key. * * This is a fake implementation of key generation because instead of generating @@ -217,26 +236,27 @@ const char *curve_names_lut[] = { */ static int pk_genkey(mbedtls_pk_context *pk, int curve_or_keybits) { - char file_name[128] = { 0 }; - int ret; + unsigned char *key_data = NULL; + size_t key_data_len = 0; + int ret = MBEDTLS_ERR_PK_BAD_INPUT_DATA; + int is_rsa = (mbedtls_pk_get_type(pk) == MBEDTLS_PK_RSA); + /* Dump pk_info since this is overridden by mbedtls_pk_parse_keyfile(). */ const mbedtls_pk_info_t *original_pk_info = pk->pk_info; - if (mbedtls_pk_get_type(pk) == MBEDTLS_PK_RSA) { - sprintf(file_name, "data_files/rsa_%d.der", curve_or_keybits); - } else if (mbedtls_pk_get_type(pk) == MBEDTLS_PK_ECKEY || - mbedtls_pk_get_type(pk) == MBEDTLS_PK_ECKEY_DH || - mbedtls_pk_get_type(pk) == MBEDTLS_PK_ECDSA) { - sprintf(file_name, "data_files/ec_%s.der", curve_names_lut[curve_or_keybits]); - } - - ret = mbedtls_pk_parse_keyfile(pk, file_name, NULL, mbedtls_test_rnd_std_rand, NULL); + TEST_EQUAL(get_predefined_key_data(is_rsa, curve_or_keybits, &key_data, &key_data_len), 0); + TEST_EQUAL(mbedtls_pk_parse_key(pk, key_data, key_data_len, NULL, 0, + mbedtls_test_rnd_std_rand, NULL), 0); /* Restore pk_info. */ pk->pk_info = original_pk_info; + ret = 0; +exit: + mbedtls_free(key_data); return ret; } +#if defined(MBEDTLS_PSA_CRYPTO_CLIENT) /** Create a PSA key of the desired type and properties. * * This is similar to pk_genkey() above in the sense that it does not really @@ -261,51 +281,61 @@ psa_status_t pk_psa_genkey(psa_key_type_t type, size_t bits, psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; psa_status_t status = PSA_ERROR_GENERIC_ERROR; mbedtls_pk_context pk; - char file_name[128] = { 0 }; - unsigned char key_data[MBEDTLS_PK_WRITE_PUBKEY_MAX_SIZE] = { 0 }; - size_t key_data_len; + unsigned char *key_data = NULL; + size_t key_data_size = 0; /* Overall size of key_data in bytes. It includes leading + * zeros (if any). */ + size_t key_data_len = 0; /* Length of valid bytes in key_data. */ unsigned char *key_data_start; int ret; mbedtls_pk_init(&pk); - /* Get the name of the key file to load. */ + /* Get the predefined key (in DER format) and parse it. */ if (PSA_KEY_TYPE_IS_RSA(type)) { - sprintf(file_name, "data_files/rsa_%lu.der", bits); - } else if (PSA_KEY_TYPE_IS_ECC(type)) { - psa_ecc_family_t ec_family = PSA_KEY_TYPE_ECC_GET_FAMILY(type); - mbedtls_ecp_group_id grp_id = mbedtls_ecc_group_from_psa(ec_family, bits); - sprintf(file_name, "data_files/ec_%s.der", curve_names_lut[grp_id]); + TEST_EQUAL(get_predefined_key_data(1, bits, &key_data, &key_data_size), 0); } else { - TEST_FAIL("Only EC or RSA key type is supported."); + mbedtls_ecp_group_id grp_id; + grp_id = mbedtls_ecc_group_from_psa(PSA_KEY_TYPE_ECC_GET_FAMILY(type), bits); + TEST_EQUAL(get_predefined_key_data(0, grp_id, &key_data, &key_data_size), 0); } - /* Parse the key file and write the key material to the key_data buffer. */ - TEST_EQUAL(mbedtls_pk_parse_keyfile(&pk, file_name, NULL, mbedtls_test_rnd_std_rand, NULL), 0); + TEST_EQUAL(mbedtls_pk_parse_key(&pk, key_data, key_data_size, NULL, 0, + mbedtls_test_rnd_std_rand, NULL), 0); + /* Resize key_data buffer. */ + mbedtls_free(key_data); + key_data = NULL; + TEST_CALLOC(key_data, MBEDTLS_PK_WRITE_PUBKEY_MAX_SIZE); + key_data_size = MBEDTLS_PK_WRITE_PUBKEY_MAX_SIZE; + + /* Export only the key data material in a PSA friendly format. + * + * Note: mbedtls_pk_write_key_der() and mbedtls_mpi_write_binary() write + * key data at the end of the provided buffer, whereas psa_export_key() + * writes the key at the beginning. + */ if (mbedtls_pk_get_type(&pk) == MBEDTLS_PK_RSA) { #if defined(MBEDTLS_PK_WRITE_C) - ret = mbedtls_pk_write_key_der(&pk, key_data, sizeof(key_data)); + ret = mbedtls_pk_write_key_der(&pk, key_data, key_data_size); TEST_ASSERT(ret > 0); key_data_len = (size_t) ret; + key_data_start = key_data + key_data_size - key_data_len; #else TEST_FAIL("RSA is unsupported"); #endif /* MBEDTLS_PK_WRITE_C */ } else if (mbedtls_pk_get_type(&pk) == MBEDTLS_PK_ECKEY) { -#if defined(MBEDTLS_PK_USE_EC_DATA) - PSA_ASSERT(psa_export_key(pk->priv_id, key_data, sizeof(key_data), &key_data_len)); +#if defined(MBEDTLS_PK_USE_PSA_EC_DATA) + PSA_ASSERT(psa_export_key(pk.priv_id, key_data, key_data_size, &key_data_len)); + key_data_start = key_data; #elif defined(MBEDTLS_PK_HAVE_ECC_KEYS) const mbedtls_ecp_keypair *ec_ctx = mbedtls_pk_ec_ro(pk); - TEST_EQUAL(mbedtls_mpi_write_binary(&(ec_ctx->d), key_data, sizeof(key_data)), 0); + TEST_EQUAL(mbedtls_mpi_write_binary(&(ec_ctx->d), key_data, key_data_size), 0); key_data_len = PSA_BITS_TO_BYTES(mbedtls_mpi_bitlen(&(ec_ctx->d))); + key_data_start = key_data + key_data_size - key_data_len; #else /* !MBEDTLS_PK_USE_EC_DATA && !MBEDTLS_PK_HAVE_ECC_KEYS */ TEST_FAIL("EC is unsupported"); #endif /* */ } else { TEST_FAIL("Unknown key type"); } - /* Data was written to the end of the key_data buffer so we shift that to - * the beginnig. */ - key_data_start = key_data + sizeof(key_data) - key_data_len; - memmove(key_data, key_data_start, key_data_len); /* Import the key into PSA. */ *key = MBEDTLS_SVC_KEY_ID_INIT; @@ -317,12 +347,14 @@ psa_status_t pk_psa_genkey(psa_key_type_t type, size_t bits, if (!mbedtls_svc_key_id_is_null(persistent_key_id)) { psa_set_key_id(&attributes, persistent_key_id); } - status = psa_import_key(&attributes, key_data, key_data_len, key); + status = psa_import_key(&attributes, key_data_start, key_data_len, key); exit: + mbedtls_free(key_data); mbedtls_pk_free(&pk); return status; } +#endif /* MBEDTLS_PSA_CRYPTO_CLIENT */ #endif /* MBEDTLS_PK_PARSE_C */ #if defined(MBEDTLS_PSA_CRYPTO_C) @@ -2543,6 +2575,7 @@ void pk_copy_from_psa_builtin_fail() PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS, PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_EXPORT, PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256), + PSA_ALG_NONE, PSA_KEY_ID_NULL, &key_id)); TEST_EQUAL(mbedtls_pk_copy_from_psa(key_id, &pk_ctx), MBEDTLS_ERR_PK_BAD_INPUT_DATA); exit: From fdef82c9de08fcd97bf790fa8924a58c1ef4a0bc Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Wed, 27 Mar 2024 14:18:25 +0100 Subject: [PATCH 044/429] test_suite_pk: fix key_id initialization value Signed-off-by: Valerio Setti --- tests/suites/test_suite_pk.function | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/tests/suites/test_suite_pk.function b/tests/suites/test_suite_pk.function index 0082fd55e8..6edf660c08 100644 --- a/tests/suites/test_suite_pk.function +++ b/tests/suites/test_suite_pk.function @@ -699,12 +699,12 @@ void pk_psa_utils(int key_is_rsa) bitlen = 1024; PSA_ASSERT(pk_psa_genkey(PSA_KEY_TYPE_RSA_KEY_PAIR, 1024, PSA_KEY_USAGE_SIGN_HASH, PSA_ALG_RSA_PKCS1V15_SIGN_RAW, PSA_ALG_NONE, - PSA_KEY_ID_NULL, &key)); + MBEDTLS_SVC_KEY_ID_INIT, &key)); } else { bitlen = 256; PSA_ASSERT(pk_psa_genkey(PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1), 256, PSA_KEY_USAGE_SIGN_HASH, PSA_ALG_ECDSA(PSA_ALG_SHA_256), - PSA_ALG_NONE, PSA_KEY_ID_NULL, &key)); + PSA_ALG_NONE, MBEDTLS_SVC_KEY_ID_INIT, &key)); } if (mbedtls_svc_key_id_is_null(key)) { goto exit; @@ -790,7 +790,7 @@ void pk_can_do_ext(int opaque_key, int key_type, int key_usage, int key_alg, if (opaque_key == 1) { PSA_ASSERT(pk_psa_genkey(key_type, curve_or_keybits, key_usage, - key_alg, key_alg2, PSA_KEY_ID_NULL, &key)); + key_alg, key_alg2, MBEDTLS_SVC_KEY_ID_INIT, &key)); if (mbedtls_svc_key_id_is_null(key)) { goto exit; } @@ -2374,7 +2374,7 @@ void pk_get_psa_attributes_opaque(int from_type_arg, int from_bits_arg, PSA_INIT(); PSA_ASSERT(pk_psa_genkey(from_type, bits, from_usage, alg, 42, - PSA_KEY_ID_NULL, &old_key_id)); + MBEDTLS_SVC_KEY_ID_INIT, &old_key_id)); TEST_EQUAL(mbedtls_pk_setup_opaque(&pk, old_key_id), 0); psa_key_type_t expected_psa_type = @@ -2467,7 +2467,7 @@ void pk_import_into_psa_opaque(int from_type, int from_bits, PSA_INIT(); PSA_ASSERT(pk_psa_genkey(from_type, from_bits, from_usage, from_alg, PSA_ALG_NONE, - PSA_KEY_ID_NULL, &from_key_id)); + MBEDTLS_SVC_KEY_ID_INIT, &from_key_id)); TEST_EQUAL(mbedtls_pk_setup_opaque(&pk, from_key_id), 0); psa_set_key_type(&to_attributes, to_type); @@ -2550,7 +2550,7 @@ void pk_copy_from_psa_fail(void) #if defined(MBEDTLS_PK_HAVE_ECC_KEYS) && defined(PSA_WANT_ECC_SECP_R1_256) /* Generate an EC key which cannot be exported. */ PSA_ASSERT(pk_psa_genkey(PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1), 256, - 0, PSA_ALG_NONE, PSA_ALG_NONE, PSA_KEY_ID_NULL, &key_id)); + 0, PSA_ALG_NONE, PSA_ALG_NONE, MBEDTLS_SVC_KEY_ID_INIT, &key_id)); TEST_EQUAL(mbedtls_pk_copy_from_psa(key_id, &pk_ctx), MBEDTLS_ERR_PK_TYPE_MISMATCH); psa_destroy_key(key_id); #endif /* MBEDTLS_PK_HAVE_ECC_KEYS && PSA_WANT_ECC_SECP_R1_256 */ @@ -2576,7 +2576,7 @@ void pk_copy_from_psa_builtin_fail() PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_EXPORT, PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256), PSA_ALG_NONE, - PSA_KEY_ID_NULL, &key_id)); + MBEDTLS_SVC_KEY_ID_INIT, &key_id)); TEST_EQUAL(mbedtls_pk_copy_from_psa(key_id, &pk_ctx), MBEDTLS_ERR_PK_BAD_INPUT_DATA); exit: mbedtls_pk_free(&pk_ctx); From d8896d650f7ef4a49313c305a19433b462f177d3 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Fri, 29 Mar 2024 09:50:20 +0100 Subject: [PATCH 045/429] test_suite_pk: simplify pk_genkey() Add pk_info parameter in order to ease the requirements on the provided PK context. Now it can simply be initialized, but not setup. Signed-off-by: Valerio Setti --- tests/suites/test_suite_pk.function | 47 +++++++++++------------------ 1 file changed, 17 insertions(+), 30 deletions(-) diff --git a/tests/suites/test_suite_pk.function b/tests/suites/test_suite_pk.function index 6edf660c08..4df8145ad1 100644 --- a/tests/suites/test_suite_pk.function +++ b/tests/suites/test_suite_pk.function @@ -227,28 +227,26 @@ static int get_predefined_key_data(int is_rsa, int curve_or_keybits, * (mbedtls_pk_setup() has been called on the PK context ) so that it * can determine the key type to be loaded from the PK context itself. * - * \param pk The PK object to fill. It must have been initialized - * with mbedtls_pk_setup(). + * \param pk The PK object to fill. It must have been initialized + * (mbedtls_pk_init()), but not setup (mbedtls_pk_setup()). + * \param pk_info mbedtls_pk_info_t to use in the generated PK context. * \param curve_or_keybits - For RSA keys, the key size in bits. * - For EC keys, the curve (\c MBEDTLS_ECP_DP_xxx). * * \return 0 on success or a negative value otherwise. */ -static int pk_genkey(mbedtls_pk_context *pk, int curve_or_keybits) +static int pk_genkey(mbedtls_pk_context *pk, const mbedtls_pk_info_t *pk_info, int curve_or_keybits) { unsigned char *key_data = NULL; size_t key_data_len = 0; int ret = MBEDTLS_ERR_PK_BAD_INPUT_DATA; - int is_rsa = (mbedtls_pk_get_type(pk) == MBEDTLS_PK_RSA); - - /* Dump pk_info since this is overridden by mbedtls_pk_parse_keyfile(). */ - const mbedtls_pk_info_t *original_pk_info = pk->pk_info; + int is_rsa = (curve_or_keybits >= 1024); TEST_EQUAL(get_predefined_key_data(is_rsa, curve_or_keybits, &key_data, &key_data_len), 0); TEST_EQUAL(mbedtls_pk_parse_key(pk, key_data, key_data_len, NULL, 0, mbedtls_test_rnd_std_rand, NULL), 0); - /* Restore pk_info. */ - pk->pk_info = original_pk_info; + /* Override pk_info. */ + pk->pk_info = pk_info; ret = 0; exit: @@ -311,7 +309,7 @@ psa_status_t pk_psa_genkey(psa_key_type_t type, size_t bits, * Note: mbedtls_pk_write_key_der() and mbedtls_mpi_write_binary() write * key data at the end of the provided buffer, whereas psa_export_key() * writes the key at the beginning. - */ + */ if (mbedtls_pk_get_type(&pk) == MBEDTLS_PK_RSA) { #if defined(MBEDTLS_PK_WRITE_C) ret = mbedtls_pk_write_key_der(&pk, key_data, key_data_size); @@ -499,12 +497,12 @@ static int pk_setup_for_type(mbedtls_pk_type_t pk_type, int want_pair, if (pk_type == MBEDTLS_PK_NONE) { return 0; } - TEST_EQUAL(mbedtls_pk_setup(pk, mbedtls_pk_info_from_type(pk_type)), 0); switch (pk_type) { #if defined(MBEDTLS_RSA_C) case MBEDTLS_PK_RSA: { + TEST_EQUAL(mbedtls_pk_setup(pk, mbedtls_pk_info_from_type(pk_type)), 0); *psa_type = PSA_KEY_TYPE_RSA_KEY_PAIR; mbedtls_rsa_context *rsa = mbedtls_pk_rsa(*pk); if (want_pair) { @@ -538,7 +536,7 @@ static int pk_setup_for_type(mbedtls_pk_type_t pk_type, int want_pair, mbedtls_ecp_group_id grp_id = MBEDTLS_TEST_ECP_DP_ONE_CURVE; size_t bits; *psa_type = PSA_KEY_TYPE_ECC_KEY_PAIR(mbedtls_ecc_group_to_psa(grp_id, &bits)); - TEST_EQUAL(pk_genkey(pk, grp_id), 0); + TEST_EQUAL(pk_genkey(pk, mbedtls_pk_info_from_type(pk_type), grp_id), 0); if (!want_pair) { #if defined(MBEDTLS_PK_USE_PSA_EC_DATA) psa_key_attributes_t pub_attributes = PSA_KEY_ATTRIBUTES_INIT; @@ -799,9 +797,7 @@ void pk_can_do_ext(int opaque_key, int key_type, int key_usage, int key_alg, TEST_EQUAL(mbedtls_pk_get_type(&pk), MBEDTLS_PK_OPAQUE); } else { - TEST_EQUAL(mbedtls_pk_setup(&pk, - mbedtls_pk_info_from_type(key_type)), 0); - TEST_EQUAL(pk_genkey(&pk, curve_or_keybits), 0); + TEST_EQUAL(pk_genkey(&pk, mbedtls_pk_info_from_type(key_type), curve_or_keybits), 0); TEST_EQUAL(mbedtls_pk_get_type(&pk), key_type); } @@ -1003,8 +999,7 @@ void pk_utils(int type, int curve_or_keybits, int bitlen, int len, char *name) mbedtls_pk_init(&pk); USE_PSA_INIT(); - TEST_ASSERT(mbedtls_pk_setup(&pk, mbedtls_pk_info_from_type(type)) == 0); - TEST_ASSERT(pk_genkey(&pk, curve_or_keybits) == 0); + TEST_ASSERT(pk_genkey(&pk, mbedtls_pk_info_from_type(type), curve_or_keybits) == 0); TEST_ASSERT((int) mbedtls_pk_get_type(&pk) == type); TEST_ASSERT(mbedtls_pk_can_do(&pk, type)); @@ -1365,8 +1360,7 @@ void pk_sign_verify(int type, int curve_or_keybits, int rsa_padding, int rsa_md_ memset(hash, 0x2a, sizeof(hash)); memset(sig, 0, sizeof(sig)); - TEST_ASSERT(mbedtls_pk_setup(&pk, mbedtls_pk_info_from_type(type)) == 0); - TEST_ASSERT(pk_genkey(&pk, curve_or_keybits) == 0); + TEST_ASSERT(pk_genkey(&pk, mbedtls_pk_info_from_type(type), curve_or_keybits) == 0); #if defined(MBEDTLS_RSA_C) if (type == MBEDTLS_PK_RSA) { @@ -1759,9 +1753,7 @@ void pk_rsa_alt() memset(test, 0, sizeof(test)); /* Initialize PK RSA context with random key */ - TEST_ASSERT(mbedtls_pk_setup(&rsa, - mbedtls_pk_info_from_type(MBEDTLS_PK_RSA)) == 0); - TEST_ASSERT(pk_genkey(&rsa, RSA_KEY_SIZE) == 0); + TEST_ASSERT(pk_genkey(&rsa, mbedtls_pk_info_from_type(MBEDTLS_PK_RSA), RSA_KEY_SIZE) == 0); /* Extract key to the raw rsa context */ TEST_ASSERT(mbedtls_rsa_copy(&raw, mbedtls_pk_rsa(rsa)) == 0); @@ -1862,9 +1854,7 @@ void pk_psa_sign(int psa_type, int bits, int rsa_padding) /* Create the legacy EC/RSA PK context. */ #if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_GENPRIME) if (PSA_KEY_TYPE_IS_RSA(psa_type)) { - TEST_ASSERT(mbedtls_pk_setup(&pk, - mbedtls_pk_info_from_type(MBEDTLS_PK_RSA)) == 0); - TEST_EQUAL(pk_genkey(&pk, bits), 0); + TEST_EQUAL(pk_genkey(&pk, mbedtls_pk_info_from_type(MBEDTLS_PK_RSA), bits), 0); TEST_EQUAL(mbedtls_rsa_set_padding(mbedtls_pk_rsa(pk), rsa_padding, MBEDTLS_MD_NONE), 0); } #else /* MBEDTLS_RSA_C && MBEDTLS_GENPRIME */ @@ -1873,8 +1863,7 @@ void pk_psa_sign(int psa_type, int bits, int rsa_padding) #if defined(MBEDTLS_PK_CAN_ECDSA_SIGN) if (PSA_KEY_TYPE_IS_ECC_KEY_PAIR(psa_type)) { ecp_grp_id = mbedtls_ecc_group_from_psa(psa_type, bits); - TEST_ASSERT(mbedtls_pk_setup(&pk, mbedtls_pk_info_from_type(MBEDTLS_PK_ECKEY)) == 0); - TEST_ASSERT(pk_genkey(&pk, ecp_grp_id) == 0); + TEST_ASSERT(pk_genkey(&pk, mbedtls_pk_info_from_type(MBEDTLS_PK_ECKEY), ecp_grp_id) == 0); } #endif /* MBEDTLS_PK_CAN_ECDSA_SIGN */ @@ -2012,9 +2001,7 @@ void pk_sign_ext(int pk_type, int curve_or_keybits, int key_pk_type, int md_alg) mbedtls_pk_init(&pk); MD_OR_USE_PSA_INIT(); - TEST_EQUAL(mbedtls_pk_setup(&pk, - mbedtls_pk_info_from_type(pk_type)), 0); - TEST_EQUAL(pk_genkey(&pk, curve_or_keybits), 0); + TEST_EQUAL(pk_genkey(&pk, mbedtls_pk_info_from_type(pk_type), curve_or_keybits), 0); TEST_EQUAL(mbedtls_pk_sign_ext(key_pk_type, &pk, md_alg, hash, hash_len, sig, sizeof(sig), &sig_len, From 28c41ad2e945850d79d4fc5bd25e9644a3ff2d24 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Fri, 29 Mar 2024 11:37:09 +0100 Subject: [PATCH 046/429] test_suite_pk: simplify pk_psa_genkey() Instead of using PK module to import/export the key in a PSA friendly format: - for RSA keys we use the DER input data directly; - for EC keys we extract the private key manually. This helps avoiding dependencies from PK_WRITE and PK_PARSE. Signed-off-by: Valerio Setti --- tests/suites/test_suite_pk.function | 62 +++++++++-------------------- 1 file changed, 19 insertions(+), 43 deletions(-) diff --git a/tests/suites/test_suite_pk.function b/tests/suites/test_suite_pk.function index 4df8145ad1..d1fb85eff2 100644 --- a/tests/suites/test_suite_pk.function +++ b/tests/suites/test_suite_pk.function @@ -278,61 +278,38 @@ psa_status_t pk_psa_genkey(psa_key_type_t type, size_t bits, { psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; psa_status_t status = PSA_ERROR_GENERIC_ERROR; - mbedtls_pk_context pk; unsigned char *key_data = NULL; size_t key_data_size = 0; /* Overall size of key_data in bytes. It includes leading * zeros (if any). */ size_t key_data_len = 0; /* Length of valid bytes in key_data. */ unsigned char *key_data_start; - int ret; - mbedtls_pk_init(&pk); - - /* Get the predefined key (in DER format) and parse it. */ + /* Get the predefined key: + * - RSA keys are already in a valid format to be imported into PSA. + * - EC ones instead would require some adaptation. However instead of going + * through the PK module for import/export, we can directly skip the + * unrelevant data and go directly to the private key. + */ if (PSA_KEY_TYPE_IS_RSA(type)) { TEST_EQUAL(get_predefined_key_data(1, bits, &key_data, &key_data_size), 0); + key_data_start = key_data; + key_data_len = key_data_size; } else { mbedtls_ecp_group_id grp_id; grp_id = mbedtls_ecc_group_from_psa(PSA_KEY_TYPE_ECC_GET_FAMILY(type), bits); TEST_EQUAL(get_predefined_key_data(0, grp_id, &key_data, &key_data_size), 0); - } - TEST_EQUAL(mbedtls_pk_parse_key(&pk, key_data, key_data_size, NULL, 0, - mbedtls_test_rnd_std_rand, NULL), 0); - /* Resize key_data buffer. */ - mbedtls_free(key_data); - key_data = NULL; - TEST_CALLOC(key_data, MBEDTLS_PK_WRITE_PUBKEY_MAX_SIZE); - key_data_size = MBEDTLS_PK_WRITE_PUBKEY_MAX_SIZE; - /* Export only the key data material in a PSA friendly format. - * - * Note: mbedtls_pk_write_key_der() and mbedtls_mpi_write_binary() write - * key data at the end of the provided buffer, whereas psa_export_key() - * writes the key at the beginning. - */ - if (mbedtls_pk_get_type(&pk) == MBEDTLS_PK_RSA) { -#if defined(MBEDTLS_PK_WRITE_C) - ret = mbedtls_pk_write_key_der(&pk, key_data, key_data_size); - TEST_ASSERT(ret > 0); - key_data_len = (size_t) ret; - key_data_start = key_data + key_data_size - key_data_len; -#else - TEST_FAIL("RSA is unsupported"); -#endif /* MBEDTLS_PK_WRITE_C */ - } else if (mbedtls_pk_get_type(&pk) == MBEDTLS_PK_ECKEY) { -#if defined(MBEDTLS_PK_USE_PSA_EC_DATA) - PSA_ASSERT(psa_export_key(pk.priv_id, key_data, key_data_size, &key_data_len)); - key_data_start = key_data; -#elif defined(MBEDTLS_PK_HAVE_ECC_KEYS) - const mbedtls_ecp_keypair *ec_ctx = mbedtls_pk_ec_ro(pk); - TEST_EQUAL(mbedtls_mpi_write_binary(&(ec_ctx->d), key_data, key_data_size), 0); - key_data_len = PSA_BITS_TO_BYTES(mbedtls_mpi_bitlen(&(ec_ctx->d))); - key_data_start = key_data + key_data_size - key_data_len; -#else /* !MBEDTLS_PK_USE_EC_DATA && !MBEDTLS_PK_HAVE_ECC_KEYS */ - TEST_FAIL("EC is unsupported"); -#endif /* */ - } else { - TEST_FAIL("Unknown key type"); + unsigned char *p = key_data; + unsigned char *end = key_data + key_data_size; + size_t len; + int version; + + TEST_EQUAL(mbedtls_asn1_get_tag(&p, end, &len, MBEDTLS_ASN1_SEQUENCE | + MBEDTLS_ASN1_CONSTRUCTED), 0); + TEST_EQUAL(mbedtls_asn1_get_int(&p, end, &version), 0); + TEST_EQUAL(mbedtls_asn1_get_tag(&p, end, &len, MBEDTLS_ASN1_OCTET_STRING), 0); + key_data_start = p; + key_data_len = len; } /* Import the key into PSA. */ @@ -349,7 +326,6 @@ psa_status_t pk_psa_genkey(psa_key_type_t type, size_t bits, exit: mbedtls_free(key_data); - mbedtls_pk_free(&pk); return status; } #endif /* MBEDTLS_PSA_CRYPTO_CLIENT */ From 7126ba52e0af4b80dcf6f02e433f73d968b65132 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Fri, 29 Mar 2024 16:59:40 +0100 Subject: [PATCH 047/429] test_suite_pk: add python script to generate predefined keys This commit adds "generate_test_keys.py" script to generate predefined keys used in test_suite_pk. Keys are generated with "programs/pkey/gen_key" tool and converted to C array using the python script. tests/src/test_keys.h is automatically generated using the above mentioned script. test_suite_pk is updated in order to use the new format. Signed-off-by: Valerio Setti --- tests/scripts/generate_test_keys.py | 103 +++ tests/src/test_keys.h | 1043 +++++++++++++++++++-------- tests/suites/test_suite_pk.function | 83 ++- 3 files changed, 885 insertions(+), 344 deletions(-) create mode 100755 tests/scripts/generate_test_keys.py diff --git a/tests/scripts/generate_test_keys.py b/tests/scripts/generate_test_keys.py new file mode 100755 index 0000000000..c2d23c91e1 --- /dev/null +++ b/tests/scripts/generate_test_keys.py @@ -0,0 +1,103 @@ +#!/usr/bin/env python3 + +# Copyright The Mbed TLS Contributors +# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + +"""Module generating EC and RSA keys to be used in test_suite_pk instead of +generating the required key at run time. This helps speeding up testing.""" + +import os +import sys +import subprocess + +KEY_GEN = "./programs/pkey/gen_key" +TMP_DER_FILE = "tmp_key.der" +OUTPUT_HEADER_FILE = "./tests/src/test_keys.h" +BYTES_PER_LINE = 12 + +KEYS = { + # RSA keys + 'test_rsa_1024': ['rsa', '1024'], + 'test_rsa_1026': ['rsa', '1026'], + 'test_rsa_1028': ['rsa', '1028'], + 'test_rsa_1030': ['rsa', '1030'], + 'test_rsa_2048': ['rsa', '2048'], + 'test_rsa_4096': ['rsa', '4096'], + # EC keys + 'test_ec_secp192r1': ['ec', 'secp192r1'], + 'test_ec_secp224r1': ['ec', 'secp224r1'], + 'test_ec_secp256r1': ['ec', 'secp256r1'], + 'test_ec_secp384r1': ['ec', 'secp384r1'], + 'test_ec_secp521r1': ['ec', 'secp521r1'], + 'test_ec_bp256r1': ['ec', 'brainpoolP256r1'], + 'test_ec_bp384r1': ['ec', 'brainpoolP384r1'], + 'test_ec_bp512r1': ['ec', 'brainpoolP512r1'], + 'test_ec_curve25519': ['ec', 'x25519'], + 'test_ec_secp192k1': ['ec', 'secp192k1'], + 'test_ec_secp256k1': ['ec', 'secp256k1'], + 'test_ec_curve448': ['ec', 'x448'], +} + +def generate_der_file(curve_type: str, curve_or_bits: str): + if not os.path.exists(KEY_GEN): + raise Exception("Key generation program does not exist.") + if curve_type == 'ec': + cob_param = 'ec_curve=' + curve_or_bits + else: + cob_param = 'rsa_keysize=' + curve_or_bits + + subprocess.run([KEY_GEN, 'type=' + curve_type, cob_param, + 'format=der', 'filename=' + TMP_DER_FILE], check=True) + +def convert_der_to_c(array_name: str) -> str: + """Convert a DER file content to a C array. The name of such array is + provided as input parameter. The file to be converted is the temporary + TMP_DER_FILE.""" + output_text = "const unsigned char {}[] = {{\n".format(array_name) + + with open(TMP_DER_FILE, 'rb') as input_file: + data_block = input_file.read(BYTES_PER_LINE) + while data_block: + new_line = ' ' + ', '.join(['{:#04x}'.format(b) for b in data_block]) + output_text = output_text + new_line + ",\n" + data_block = input_file.read(BYTES_PER_LINE) + + output_text = output_text + "};\n" + + return output_text + +def write_header(macro_name: str): + return ("/* This macro was generated from tests/scripts/generate_test_keys.py */\n" + + "/* BEGIN FILE string macro {} */\n".format(macro_name)) + +def write_footer(): + return "/* END FILE */\n" + +def main(): + # Remove intermediate and output files if already existing. + if os.path.exists(OUTPUT_HEADER_FILE): + os.remove(OUTPUT_HEADER_FILE) + if os.path.exists(TMP_DER_FILE): + os.remove(TMP_DER_FILE) + + output_file = open(OUTPUT_HEADER_FILE, 'at') + + add_newline = False + for key in KEYS: + # Use gen_key tool to generate the desired key (in DER format) and save + # it into a temporary file. + generate_der_file(KEYS[key][0], KEYS[key][1]) + # Convert the key from binary format to a C array and append the result + # to the output header file. + if add_newline: + output_file.write("\n") + output_file.write(write_header(key)) + c_data = convert_der_to_c(key) + output_file.write(c_data) + output_file.write(write_footer()) + # Remove the temporary key file. + os.remove(TMP_DER_FILE) + add_newline = True + +if __name__ == '__main__': + sys.exit(main()) diff --git a/tests/src/test_keys.h b/tests/src/test_keys.h index 21737b247a..0c9fc6edaf 100644 --- a/tests/src/test_keys.h +++ b/tests/src/test_keys.h @@ -1,311 +1,742 @@ -/** - * Predefined keys to be used in test_suite_pk. - * - * They were automatically generated with the following bash script: - * - * ``` - * LIST="secp521r1 brainpoolP512r1 secp384r1 brainpoolP384r1 secp256r1 secp256k1 - * brainpoolP256r1 secp224r1 secp224k1 secp192r1 secp192k1 x25519 x448" - * - * for item in $LIST; do - * ./programs/pkey/gen_key type=ec ec_curve=$item filename="tests/data_files/ec_$item.der" format=der - * done - * - * LIST="1024 1026 1028 1030 2048 4096" - * - * for item in $LIST; do - * ./programs/pkey/gen_key type=rsa rsa_keysize=$item filename="tests/data_files/rsa_$item.der" format=der - * done - * ``` - */ - -struct rsa_key { - int bits; - const char *key; +/* This macro was generated from tests/scripts/generate_test_keys.py */ +/* BEGIN FILE string macro test_rsa_1024 */ +const unsigned char test_rsa_1024[] = { + 0x30, 0x82, 0x02, 0x5d, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x00, 0xa3, + 0x41, 0xeb, 0xfb, 0x42, 0x66, 0xcb, 0x43, 0x5d, 0xa1, 0x0a, 0x6f, 0xdc, + 0x66, 0x35, 0x71, 0x49, 0x6c, 0x03, 0x09, 0x0b, 0x3b, 0x02, 0x2e, 0xeb, + 0x8b, 0x9c, 0xed, 0x0a, 0x9b, 0xc4, 0x80, 0xa4, 0xf3, 0x80, 0x2d, 0xa0, + 0x22, 0x22, 0x4c, 0x84, 0x81, 0x13, 0x05, 0x0c, 0xdc, 0x62, 0xe0, 0xd3, + 0x19, 0x4a, 0x1e, 0x47, 0x16, 0x44, 0x4b, 0xc8, 0x61, 0x30, 0x13, 0x2c, + 0x8c, 0xa6, 0x31, 0x6e, 0x2b, 0xbe, 0x17, 0x64, 0x60, 0xbe, 0xb5, 0x7c, + 0xea, 0xbe, 0xe1, 0xb3, 0x20, 0x9f, 0x13, 0x71, 0x97, 0x12, 0x3c, 0x2c, + 0x09, 0xd8, 0x95, 0x88, 0x6b, 0x01, 0x10, 0x12, 0x6d, 0x18, 0xd3, 0xf7, + 0x2d, 0xab, 0x10, 0x2a, 0xd1, 0x32, 0x72, 0x52, 0x4b, 0xd9, 0x21, 0xea, + 0x14, 0x93, 0xac, 0x9a, 0x18, 0x80, 0x02, 0x54, 0x42, 0x6a, 0xfc, 0xed, + 0x0f, 0xec, 0xb3, 0xdf, 0x2b, 0x54, 0x31, 0x02, 0x03, 0x01, 0x00, 0x01, + 0x02, 0x81, 0x80, 0x01, 0x1f, 0xc4, 0xd3, 0x71, 0xd1, 0x59, 0xe0, 0x70, + 0x9e, 0x59, 0x7f, 0x4c, 0x2d, 0xf2, 0xfb, 0xc0, 0xf4, 0xea, 0xaf, 0x6f, + 0x01, 0x9c, 0xc1, 0xfc, 0x72, 0xb5, 0x65, 0xa7, 0x6f, 0x4b, 0xa2, 0xd4, + 0x1f, 0xee, 0x17, 0xc2, 0x54, 0xc1, 0xd6, 0x33, 0x8a, 0x5c, 0xfa, 0x69, + 0xac, 0x81, 0xcc, 0xc8, 0xff, 0x51, 0x54, 0x94, 0x8a, 0x39, 0x75, 0xa9, + 0x1f, 0x4c, 0x30, 0xb1, 0x9b, 0x95, 0x50, 0x5a, 0x7f, 0x9e, 0xc7, 0xd1, + 0x4c, 0x92, 0x20, 0x55, 0x4f, 0xe6, 0x8e, 0xb0, 0xfc, 0x77, 0xc3, 0x79, + 0x81, 0x9e, 0xda, 0xae, 0xed, 0xfd, 0x05, 0xd9, 0x37, 0xaa, 0x4b, 0xd4, + 0x9b, 0xa0, 0x3c, 0xd0, 0x86, 0xe1, 0xa5, 0x6f, 0x19, 0xe1, 0x59, 0x57, + 0xcb, 0xbf, 0x37, 0x0d, 0xbe, 0x17, 0xf5, 0xab, 0x13, 0x76, 0x9a, 0xef, + 0x8c, 0x7e, 0xca, 0xc4, 0x78, 0x20, 0x20, 0x10, 0x90, 0x4a, 0x81, 0x02, + 0x41, 0x00, 0xd6, 0x08, 0x58, 0x09, 0xc8, 0xba, 0x06, 0xa9, 0xf0, 0x0f, + 0x9e, 0x62, 0x0a, 0xde, 0xe3, 0x15, 0x87, 0xac, 0x19, 0x6f, 0x5b, 0x65, + 0x77, 0x77, 0x41, 0xf2, 0xf9, 0x2d, 0xb1, 0x10, 0x50, 0x9e, 0xa2, 0xe9, + 0xa2, 0xe1, 0x0d, 0xf4, 0xa9, 0x31, 0x43, 0x7f, 0xe8, 0xbd, 0xbd, 0xab, + 0x9c, 0x3d, 0xb6, 0x11, 0x20, 0xcb, 0x93, 0xbe, 0xc0, 0x0e, 0xa7, 0x91, + 0xf9, 0x77, 0xe9, 0x5a, 0xdf, 0x21, 0x02, 0x41, 0x00, 0xc3, 0x44, 0xda, + 0x87, 0x88, 0xfe, 0x44, 0xef, 0x5c, 0x80, 0x6e, 0x4f, 0x69, 0x31, 0xd9, + 0x86, 0x57, 0x5a, 0xf4, 0x16, 0xd4, 0x84, 0x11, 0xc9, 0x77, 0xac, 0xec, + 0xcc, 0x2a, 0xec, 0xd3, 0x4d, 0xff, 0xc4, 0x49, 0xd0, 0x3b, 0x2d, 0x1f, + 0x77, 0x27, 0x6c, 0x7b, 0x7f, 0x00, 0xc9, 0x02, 0xea, 0x1e, 0x87, 0x7b, + 0x5a, 0x67, 0xc4, 0xdb, 0x6d, 0xc4, 0xc5, 0xcd, 0xaf, 0x04, 0x81, 0x23, + 0x11, 0x02, 0x41, 0x00, 0xc1, 0x1d, 0x6e, 0x32, 0x05, 0xc6, 0xb3, 0x54, + 0x89, 0xa1, 0xce, 0x0a, 0x30, 0x3c, 0xc3, 0x30, 0x1d, 0xe6, 0x0e, 0x5d, + 0x07, 0x5e, 0x19, 0xd8, 0xa4, 0xcc, 0x92, 0x3f, 0xc3, 0xcf, 0x30, 0xae, + 0xb1, 0xd7, 0x94, 0x7a, 0xf3, 0x98, 0x99, 0x40, 0x35, 0xe3, 0x27, 0x20, + 0x6c, 0x0e, 0x77, 0x3e, 0xc7, 0x13, 0xd5, 0x3f, 0x59, 0xe3, 0x76, 0x6e, + 0xc2, 0x8b, 0x57, 0x47, 0xf6, 0x69, 0x63, 0x81, 0x02, 0x40, 0x78, 0x14, + 0xa9, 0x86, 0x5b, 0xba, 0x71, 0xcd, 0xf8, 0xc6, 0x8a, 0x0f, 0x8f, 0x93, + 0x36, 0x3f, 0xa5, 0x0c, 0xab, 0xba, 0x36, 0x6a, 0x19, 0x3e, 0x19, 0xb8, + 0x5f, 0xce, 0x96, 0x3f, 0x19, 0x1a, 0x88, 0x44, 0xbf, 0x57, 0xac, 0x6c, + 0x6d, 0x43, 0x2b, 0x1d, 0x4d, 0x3c, 0xa6, 0xd0, 0xf6, 0x57, 0xde, 0xfa, + 0x55, 0xe3, 0x1c, 0x99, 0x34, 0x8f, 0x66, 0x48, 0x75, 0xda, 0x41, 0x1c, + 0xe0, 0xe1, 0x02, 0x41, 0x00, 0xa1, 0x87, 0x23, 0x89, 0x69, 0x7e, 0x0b, + 0x69, 0x03, 0xac, 0x76, 0x05, 0xad, 0x42, 0xe9, 0x3f, 0xfc, 0xe7, 0x03, + 0x49, 0x8e, 0x0a, 0xcf, 0x74, 0x82, 0x7f, 0x00, 0x43, 0x14, 0x7e, 0x0c, + 0xce, 0xe7, 0x8b, 0xcb, 0x94, 0xf1, 0xae, 0x0b, 0xf2, 0x53, 0xfc, 0xa9, + 0xd1, 0x45, 0x95, 0x43, 0x0f, 0x16, 0x67, 0x52, 0x3f, 0xb9, 0x0b, 0x3d, + 0xc3, 0xce, 0x82, 0x69, 0x90, 0x35, 0xa6, 0x15, 0xef, }; +/* END FILE */ -struct rsa_key rsa_key_data_lut[] = { - { 1024, - "3082025b020100028181009a1c55b1d24441a3a752f8e9d08b3392f2e95b" - "741468627cce9eee9c089928b98f77a1f3b0e4abb35552838071e4f853a5" - "b9dd04ca939240dd66632c48f15fdd6186249fc0043ef52a97d7bb6fecf4" - "be5d0e6aba78731782b8f070efdf4853d7f44ce58e89855a92a0274c007e" - "cd21de781ab4ae67a89774d160165b2000ee0f02030100010281802616a9" - "b15cd404db13404507d8c486b723753c66a8a291f0e1ca5313da662c340c" - "7ad75a98d6337f8baf6c93e2d261f39e8a9ccf11d83e35ece260d171a7c2" - "76dcf28aefbda457fac13fc85d154325ad339d7afae2c4dff93ad58550db" - "3e7cdd0bea9f1f4ef96a560f942924c0b19780a702b44990caad692346f5" - "bf45295091024100c90be3f126e0a4b8ac560bca99f3bd980842de6f90fa" - "f1e32bc9b029efd7ae8a5f6defa8195e3d3c70ebaa91d2cee080a93d4e7e" - "7f89dea09623dc7ce7aa8351024100c43c242651b315de5f10c0923dd0e5" - "e8308b2e57a9a6f71583ac20d65d12bf3f0b63a86ef9a4e093376c9d48ee" - "ab2c79f4d6a144ff43304912f8806ae29c435f02404d426d8141c0786ca3" - "8599986d1b36d3d2f0e78c1639e974b4621879b53abc4f5ea6dfbf48a867" - "7defa310f462ffaf54a234f61234aee5c7ee8aaf73ac8f6151024019076e" - "b8f07cbe1251dfca201d005302ad86630fcd54bd792205475ef01a1f0884" - "845e8c610d1593d162ea20ce4848f0f93892f340f7a9e5f8247804aa08b2" - "5302405f19b2ef1b2452e9a5edb032b673bd3e277ebc3f777a922b22c913" - "7d4028626b0445db61f42a99b4e5f28c3faf9a774604db172092eee0fdef" - "9526f7aec8a856" }, - { 1026, - "3082025d0201000281810344ca3e3712ee43d1ea5d493baa485d94fee503" - "323d37dc49b907b11b6b534669b2e572123ab6b5b8223b87e22d60c3be86" - "19f6a39f1d76f581f4dda46701628a6dff5316c6efb81bdcbe2cc20173cd" - "75c076b7ec84a61b6b80cffc16fa045cf68346013ed639e93708bf264072" - "63bc6a39ace26cf0eb24e2c0e6597fbab1f9bb0203010001028181010d06" - "b085e8522dffb90790d9dbdf342708e3fbe915017693452791eb2cd0331d" - "1c64e40db44eb591a37fdc29fd48d4e5d61b56ce3803b3112f5cd83d58d8" - "7b22b818641bba62adf3d5ca44f8523221b1068639ad865e7a7e6fc69aa2" - "1091fdf1a325d1b2c6a0ddd1f27883f01aa15b0b193311d357776b6ce52c" - "51ac1d8c0601024101ec7ae8715bbda8d4db6636396c1582e8e234275dc9" - "d272b0c31848f96dd201f4cc01ac857e25ce2b316ae1798c83a9786c2f8c" - "f71d3cbf2db13861814c9ea481024101b2fa7cd232925b355dda2d5f10a2" - "f0a05aa91ba74be5c088444d681e1dc0b2c85acfec84c1470233aa4bb5c9" - "db0b48853a410eb7d58b07afda91c54012da103b02410169dcc9ccf986fb" - "76241c0f7dd3f05e777636b23254e88083676701bfdd34f1610941b59d85" - "1a8c49ea8ec94c41b640a10e8546041184a04917ae00df3c08598102406d" - "90e2f81f7cf6348f1b71ea4c4a7eca258c0b472cbb06b04c642321d2e4c3" - "23ec9c0b3bb563a98e520b18136c757f22eff58b3b8b32a61109c1462a49" - "955c1902401e737a46f09dbc770e7c6ee0b1cce304a8d5bb93d300020c86" - "b0ce9fc2296307959a7f07ae859c94e9e57d511bd992080e8aa23f5e7b97" - "47c42bbda86f3c6f06" }, - { 1028, - "3082025f0201000281810aa49a11be540d741e513621f39d1ecd72a7b020" - "d50272d5fbff59b638770f4abaeecc3240c8f8fadecf1a2d4a23d47ba702" - "f5c92db1533b835c768e0d395c43931d7525c56aa71266a5dbd7b4c87c96" - "52536cd520e61762573274897f3ad77b83f43584660caee3fe3a9fa27b3f" - "50d71409feb01956faf9b966e1b08464f0210702030100010281810105c9" - "cbf4a6acd840657b370dea45e065a8d9127e850ab5a6cde537cdfb1a9c0a" - "941148aed2e0a172312209c1fae95aac346b9b55e998deba03735cb8c68f" - "27ea64e6f99d86428a80176115b2d6f5e12d7b9dce5cb68570968f876c69" - "762ab664be06d4590c2a168c1180e78ba8787110fd61f0043bd99206b0d4" - "3ba39a14bee90241037e44c625d91b753c86804b18f22851b6ca2f50d8f8" - "ee71bf53d18e88bbd5aa9fcbcbcad3b415f115a38d9a1858300783343ae0" - "8ccdaa64baab34fca617aa303b0241030bf6fd42a34f02155a61667a6482" - "33a3d683288b36c7530ed1bff81f2ae2e55ccd7c9d28c968568bbbd2b0ff" - "5701335abf1f9785395b136b539a4ecefc8f71a50241031d89986e08c244" - "3c46780481aaf5ea6a6ac6e803997e8e53641d7050e1b41d078669a9ea44" - "a18cf10f7c2a01ac24a98e89f6386d5abeac370e99a2f93e01ba21024101" - "ec7b1efd05aaec90d909a9305ce84d7d0504ba03f529b48b25ebc5dac034" - "96489bc33464bd8fb11df811980b123fc2d268dda4c9cd2671c391fd5c07" - "9c3762b5024103632899c6c15aee731835c5ca4a75f2236e86a1f701be19" - "386d4218d346c371c2b9c08930abf423aca3dbf1e7caf79ecdea6aa66775" - "7e7dce5852faef59fcfc2f" }, - { 1030, - "3082025e0201000281812ebe4c4d2a6cd165ebbc6a4bb53dd1bc96dab169" - "d6c34ebe5a68f3c3b2d385533045901db0dffc9aebf13c44a6aab2a81f63" - "0ed26ee2d4b19bd49abceff7331cdf6f6aae6075631bf72236ff7e546270" - "a8b85cab40589ec7c767114aaa3ddd1b35fe999183f21ca02bf3a840422e" - "1b06a723fdd0c55c7dfaa0345e2f918884ddb90203010001028181016f27" - "a7d8778ff1e3754657a8a9cb15266b1db56f22fd4d5c3875d3992ee1f0dc" - "52ce14b322c9928bf9bcb7d330a54700f6339eb8f5ef1667547323a7ede5" - "9cbfecda40b4976795aeb53729f09455bd86c4ff6c257dfe8ad0d63ed1a6" - "5f7da87c3acdbfe27ccc423739859b860ea28bf004f30be5f1543253a572" - "43a5b426d98102410703b35b5221d562f0732901c9b67d2ee7c33c89e03c" - "750f0a5978877ba7c2149c10e74ef339500536adbe18e17084bcf557513b" - "f02f933713fe5065b69028ef59024106a9f2bff289987d993b27a541eae6" - "1a1dd3cf34cd174cb148f59f0e70bfa5b0ea18e64e552379a92d321e37cd" - "1a9dd5174d2f84afd83778437b6d9ebe5f42f561024056db7c1552f1a161" - "84107db7a60e1410bdced5d474d82cac117bd501d4317d11b77798c80703" - "a9dce53686b990d9bad21b3120b713760979fc1923725b32bfb10241030e" - "8c936e7f9ddae7a2922225a5ca5dea96d1f327ad6b79dbbd08748855f17c" - "c13620d7880898f3790f077b937385394dd2135d2b88e4911f6b8c3288a3" - "8c44a1024101e712867c169a6f391cd8f3ce6d7672ed7e90e6590647ebb8" - "9bf55924c8cc487a91307b0cbd6f6a5e781dd5b160ac7efe0aba5b2757b3" - "b7b00881c25070dda042" }, - { 2048, - "308204a302010002820101009912d469d8864df984bd8ea0d1a4e9bef9b3" - "d3ee7249801cd28195d1f3cd71b12aed430dba25012f69effca752337897" - "ae3b29df272d1d5dc6495553d0398f86eddf4bd2084f379aaac0f05d33ab" - "f6279d495394034c8e8ee5aeb6f0da9404eb8c773f8bec6a3199187ed681" - "55dacdc9c1db2f73dfde416ee63f87786da3cc94631ea2adaa3185fce12c" - "1c05659e5addaafcab1b7484a823cdfadab90f8555da052bb92c61a96bb6" - "2c2b6acbb06e0b01e65605905e42a64def5cc29fc2c04275f4a0a07bcf7a" - "49978c820a4710b605ef15c8aa0678636f73f99d79f235548856c8bbf104" - "344b209e46bc14acca95050cb4aac1cfc0a28c9d9dc05ab3ee0cf40d0203" - "01000102820100156455048cc2aa2b7c723c383bcc12f18236701ff2df54" - "34d2f352a37271abd99150f28dbccd96969074be2788fc91f60a9e9089b3" - "d121793d307ae8f960cdeed297e1e1f290d589bb22b704a367bd0108c15a" - "59854381e9b4edff7975e679308ce30e61a8d2a767488dd33ee4676d5a6c" - "89cbde22f34dcc2887c8d01aec68f6bd7551b8155dfc8cf10a3f43c8ecdc" - "e55ade57f0041d58878bf7420e8d945bbe858829f55d86b6fe466ce135cd" - "34db478a16125a989978266ed38b8f8c204f3873cee95191c41549296ee5" - "6e8e7300f9b35700f8aed9c0a1a545ecb9f4d09bfa5c9044bc307ad30ac0" - "c6e27b6ce9ffbeed6213110a9aa821d0c7e85cb5ad349902818100c7feea" - "fc0076c99dd4b4259fc84c12f4290a6f468e538b6fd8d8aeea4ccc9fe3a3" - "83add1964e13bf5b0e081fa401155938962b7a2420800f2e4926ca57f735" - "31b5ac1beb22fa98b02640ee67c63ecd250e93a76791c1789f939b8bceb2" - "26c2e43b8d1590d401829d83df5749744031d5839e7aa9833d1fbad5a504" - "75af833a8902818100c3f033c251d3c857eebae23547fedf350103c91f7a" - "a549c37ddec96003691a652c53b1ba46dd687117b3a6007fc340c46ad110" - "8d6d5c096a7de8f3773ac866352888f17a7502cf45f3f3d021d8b5719bd2" - "98c7f59e3f4f675052800c653be810ec4c4d7c9481e59205d2b0e628e436" - "1a4ea4375a84a71c8de549ef546a68fc65028181009883e43b4d3749459d" - "81cbf76fcde3de62b5dc6a17fbca27ff5c2ef7ea9d5989459713a4f35493" - "66a84fa90e4809b37818d91c4ac6e62a0269afcb6f1f6a1c1cce8873b9fb" - "30d3e3f1282f26e05de01fd45ff197dfe584d15cc58ff68e9154aaac6748" - "fceb5043854f9db07909b832c8bad8ce7e1ae1302350edc8dade7fdad102" - "818042dcc90cda97869a5b20f2e873b509be30a6760f83eebb89367ebc01" - "43a8ae1530572f22fde3b82c3f8652738125c40842db2ce6d616be2fd4df" - "95956e3dcc82ff5e1be949dcb7968b74fbe550ea39e68eab0c3148db19e1" - "8b8b5b9edf3cde28483a91869db6e5fc3a78775d533eed2775069ccd0acf" - "6bf30ff776f03b8faff1028180613011e3c3c1e97ed0d4c05f64d46b73e8" - "c93ff671ab2bc497aadfae36d803c3e2d7e2ae6a99c36ceebeb86dd5ccd5" - "d6f3304821b44e2ee2bb5540f9104d02e7cee6315024096120fb12a98bc1" - "1f4f08acf31e6f0cf75ec44b046382344eb1a299a3996ca9b63f71b9fc96" - "9f9c76846382c7b026c57cdfdeb53eff85b4f6b373" }, - { 4096, - "3082092702010002820201009ffa9b03aab78e5980223bed1811991bf244" - "20e7a277efc45fb01e9d756eba9e57b17b7f198d03e5731f7c8adbcecd6c" - "c75c1185228aa3eb650e3df03d10b8c4ee4794be04d48f304a3884589789" - "8baa4aae806ff9645318345bb532c7aa85be1de3e4d87873fb709a9af4ed" - "984fc2d8f42a98a233204eb50ecce01fef9eaf0ff82324dea54ea7cc909b" - "164a58c71f8b47edb097099cb27ee2ba1cd7c37dfbf28e0685a418b1cb5f" - "e6cea64d0d3f8b713a628fa9afc385f067323781e72f91a8a1808721ee4d" - "369d551f5cbdaadd9d1131ad5652ef71d91be6e701852ad7cf666eb7866a" - "ea556a44087f76a2ca120ca53ff5abf6771884f60546d9373328c7150b41" - "827207cac3fbe295e4361f4c713f301ae095d9cc521dc1a08828320bf6bd" - "7f63d1f7b81702f4738c6aa7992a1a34550a41ca794326e28c9d3a5997fa" - "af907bbd832a2e704ce6f867dada308cd28a06b37819a04f7c57fb10ad44" - "4f7189ff64a58ae419b1623792704db86a8b75ea5deaae967837757863b1" - "b43b55a27be101d714c6f7019a6339470349632b2ac5ba66258f8db5b80f" - "fda6b2b078b9716d704f8d1abd90b0364474c41dbb67699fe753f6c37a89" - "9887c0eb76f8db872329f2250c30917561242a64bbf341679a0d3e127bb7" - "66cdba9a0ae4f15e6220571a083fb9c487c9deff3b029653783a3c205e3d" - "5e9aaed05e4ee8b0e13a03a9fac502030100010282020010fdfc531261f6" - "c3b8e169fe0fed6696da4fb4330645b8f8e1b5023b754ab295b8f8c80642" - "ff806771a7e98192414ffe7ada639e01823a50f965dedc5290212001b326" - "b05c30fb988479a64d06a37c6b350d7de4e6d76a200b07a6a26324d099d5" - "f0ebd0b65293656d7682076e83224e0af92f4723290e531ae455f5ee6cab" - "6985d0adccdc4013809de76b21b0764dfa6c4469da51120cbf7f738736bf" - "b3f4fbd96c05ebdd179d636d4f8bc8695cd381ce52c3b1a152a23a5babb0" - "cba273a204084b6f8f0211bf784c9f4d2974299fd240b58992bb8e1b2264" - "8f2ad12b30cafdb54ad7032a2ab263d1874061a016f4b2e4ad427ba640bb" - "76aa2ed14994ac8320a4d81ba570d35184956f049be8c6c7da7938cc5105" - "c07bfba6b990687b94066def18ac3525c139707ae781c1e66931241137c1" - "0854ee00a74c9c52dc67f1964721891b8302dc4719c60f10af993d69ddce" - "b128da65a36f4d0829e84c74f3570d8db747a6db352c22061c2603f255f6" - "72f11f11c6f7bcecbbdc16f3995c87e5b840fba8b65a24043fc6dd0f8e1c" - "24b3cbb047f56813073b6bb81996f79452ec2aa9ed995bd5d0d6fe4a0315" - "2eac8e4f2ceb7ee4aece6760820f0e787d9abab312a435daf8dc3e28125e" - "f67107844dba0136a2d5d4b7ce6fc7d5159419d399eb42c5e7818b437c1d" - "1a1d4551358ad5e5dc2a757e9f1f12de1a2eb463b748b6c3ad0282010100" - "e18b2f5736dccd61f604efd0c1921186d188c54849c6f78aff4964d1fe27" - "c0727f057d8bb2e5b86efcc1121e4a791d84acd643c38a75fdcf38167260" - "948f23cb0f40c555c1edebf1582439e7b404d9df48de9e6100d9c0084eb3" - "59716f2f6ebdebf17c1438ff5a2864b621e79b1b28e7f6e2e7893fbaa1c5" - "19fda27e900f7b15f3fbfce98c7b5dac4e86701346a5bb84a5f2330661d2" - "677c8ff47b65851e596334e4d057c3e1bec0df01313919f68a20ac3fc3b8" - "df5f52ee6e21b9698dff82d1dbc37b2f9cb12036e2d76024ff7a586327d5" - "1fad8b7c1d99163827caee7b61e908b0fcf51d3264b8a11abd121993676c" - "10d715a345c197d0f4f42e85f74647b30282010100b594e9e77eed5cbb93" - "8234af03d2415ed0f8cd99e86033799d68b6547986f27131550d0bb45831" - "7ccf1841f0d398fd14c75bf57de7d6a096642b9864e2b07e5248b1f48306" - "2fdaa683a87a90aa05e3bbacc4b8eed9929b73eaec5ece7424af6e751afb" - "348a28e14a3218e700f0069d1330324b71ee9ba0cf516586c8f0a139f022" - "b612173276b40646b2f3d1063ddebee38daa61248ee58594da0168c4382f" - "2fff763cdfd69c5765d6f75f7d1d6a1db6cfd894118451fe58ded97f54db" - "703e6ed770452e70c6988238ec0ed599bd5cc550874344873e1040374c6d" - "373a485c2d2adeac3b89a7615542e0833433c119b1c0c784c76446f68e8b" - "9a2fb7d20f77a7028201007f3f96bafef1fe52298a497f1ee6f94a760753" - "3ee09907ea7cf37c95596e360ea30986f67d3d4c1c1a3017b7cd4e9dcfcf" - "efa715b895af57ed0e0503e66d07c5b5da563b770973d79b61fce573d454" - "d3bbfa15a326e6b3883c56c5bcd0fd12dec6325d4dcf8689e84641d7c922" - "e264e6d28cdc12bc48e0a22272cdedd7fb53f763cb24bae38e6aa01f418c" - "13e404f751f48a3c2d7a9d49d3a6284a4251a378cd16f78d7026ccc3616f" - "afed8488d866bfde4eaf6f2b5f4d9bc5b8f331d17279ed4aaef45e3d6a55" - "8181e3ff93802c179801ce256c3549162ddbb25d090a19c478c4758e9200" - "22015f854d5fa4c997377f69d4df99596ecae7927bfd8f899e362f028201" - "000a34532cca4a4692d80852339fb05a321ce64e8f9eaa815a0d498c2d95" - "22cb4f272993711bf274dd81b9e842c3716e8f93608c9c45c21f06349cea" - "9488d4c854917746b97248902e196a077147cccaee8a1808188c2b9c06d8" - "a5edf2063ee588fc95c6963e496bd7c296f9ac68d0c65504b95eda0941bf" - "b8c6e740badc2303618661db0468b699095d41c347f4e4d736bd0d020d31" - "83c24c4e802de2185cdbf203963e7789d501685cbb4c2778d6b4d2c83d70" - "9cc765e0385855babd2713d8be5be7184c32d4464fd32918f052127d3b2d" - "7a5c8266634b80805b102c315f4da6d028f15eeb2e77ded5c24e3d49c749" - "4d5efb177029277fc5a4fcc63fbb53593302820100689328a8b7c6de5b11" - "1934790c4152320c1a63a090bbb5d243517fe1f0203729828806897f157d" - "57d02333dc2c56a846eb286412473bab9ab68d144b991a3af9fee228c7ea" - "904d6b3aef2e42245abf4d777385b877c86a9b16b5d7c9cab1221576d88d" - "ee4993f130236744acbbf45c6bbd2dcaafc00f2cf36537e54e8a99ea8084" - "801d4f403376c0339de7f3867f2360af6fc0047cc85359669b90156a31aa" - "fe34570fbe1342f9e5743d45646aab7009b73c9e63b7a458c423f3b8de81" - "c83de5b0fe60bb7a235d7d1a931cca548639ed4e629386c7de98d8840ba2" - "bcb02d8adc59e179b27a4705426b313497c43aaacc953ae92c702af10a2d" - "a5db9b0688c41f" }, +/* This macro was generated from tests/scripts/generate_test_keys.py */ +/* BEGIN FILE string macro test_rsa_1026 */ +const unsigned char test_rsa_1026[] = { + 0x30, 0x82, 0x02, 0x5e, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x03, 0x17, + 0x5c, 0xd2, 0x6b, 0x55, 0xf6, 0x1a, 0x0b, 0x42, 0x33, 0xc8, 0x18, 0x08, + 0x26, 0x31, 0x35, 0x04, 0x0a, 0xdb, 0xab, 0x0b, 0xd9, 0x49, 0x70, 0x59, + 0xcb, 0x51, 0xce, 0xc7, 0x14, 0x7c, 0xd6, 0xdf, 0xaf, 0x26, 0x71, 0xac, + 0x1f, 0xf9, 0xae, 0xa8, 0xe4, 0xc5, 0xde, 0xfe, 0x84, 0xbb, 0x68, 0x07, + 0xa9, 0x48, 0x82, 0x83, 0x5b, 0xbc, 0x2b, 0x75, 0x32, 0x51, 0xb5, 0x98, + 0xe0, 0x9b, 0xa2, 0xbd, 0x0f, 0x29, 0x96, 0x58, 0x5d, 0xbc, 0x80, 0xeb, + 0x9b, 0xda, 0xae, 0x8c, 0xf4, 0xea, 0x3e, 0xa1, 0xf4, 0x7a, 0x97, 0x13, + 0x42, 0x74, 0x74, 0x47, 0x83, 0xff, 0x31, 0xf8, 0x82, 0x92, 0xe3, 0xb1, + 0x38, 0x30, 0xea, 0x17, 0x67, 0x4b, 0xb6, 0x69, 0xdc, 0x5f, 0x17, 0xf2, + 0x94, 0x3f, 0xc8, 0x07, 0x1b, 0x10, 0x81, 0x8b, 0xd0, 0x2f, 0xfc, 0x8f, + 0xfb, 0xab, 0xa0, 0xa9, 0x02, 0x3b, 0x79, 0x02, 0x03, 0x01, 0x00, 0x01, + 0x02, 0x81, 0x80, 0x04, 0x29, 0x3b, 0x62, 0xcf, 0xe5, 0xe6, 0x60, 0xc1, + 0xfa, 0x28, 0x20, 0x30, 0x39, 0x2e, 0x63, 0x0e, 0x60, 0x95, 0xd6, 0xb5, + 0x67, 0xd7, 0x48, 0x6a, 0x26, 0xdb, 0x55, 0xdd, 0x34, 0xea, 0x92, 0x54, + 0x44, 0xc5, 0x4c, 0xc7, 0x50, 0x51, 0x53, 0xfa, 0x61, 0x5e, 0x5e, 0x95, + 0x9a, 0x05, 0x77, 0xd8, 0x5d, 0xaa, 0xe7, 0xbc, 0xc7, 0x15, 0x4e, 0x69, + 0x31, 0x25, 0x8a, 0xd7, 0x81, 0x25, 0x3d, 0x22, 0xdf, 0xd1, 0x91, 0x78, + 0xd2, 0xd1, 0x24, 0xb9, 0xa6, 0x9a, 0x12, 0xc5, 0xe1, 0xfe, 0xe7, 0x94, + 0xad, 0xbd, 0x9e, 0x6b, 0xe0, 0x97, 0x32, 0x33, 0x6a, 0xae, 0x98, 0x66, + 0xd7, 0x96, 0x7a, 0x72, 0xc7, 0xb4, 0x69, 0xef, 0x3d, 0x20, 0x37, 0x48, + 0xad, 0xd4, 0x92, 0x8a, 0xc0, 0x3f, 0x08, 0xfc, 0x8f, 0x61, 0xcc, 0x60, + 0x60, 0x49, 0xa7, 0xe4, 0xa0, 0x62, 0xf5, 0x7e, 0x19, 0xb5, 0x81, 0x02, + 0x41, 0x01, 0xe7, 0x1d, 0x98, 0x00, 0xc1, 0x36, 0xa4, 0x3e, 0x84, 0x3f, + 0xd1, 0x43, 0x9c, 0x4e, 0xa2, 0x62, 0xb2, 0x6b, 0x5d, 0x93, 0x5d, 0x41, + 0x51, 0x46, 0x6a, 0x75, 0x76, 0x97, 0xcc, 0x38, 0xa9, 0xeb, 0xbf, 0xae, + 0xcb, 0xd8, 0xac, 0x6b, 0x7b, 0xfa, 0xc7, 0x37, 0x6d, 0xc0, 0x7f, 0xb2, + 0x84, 0xaa, 0x6a, 0x54, 0x6f, 0xd7, 0xd0, 0xf6, 0x0c, 0xe6, 0x11, 0xc9, + 0xcc, 0xce, 0xa6, 0xb8, 0x66, 0x69, 0x02, 0x41, 0x01, 0x9f, 0xe5, 0x0e, + 0x78, 0x9f, 0xb4, 0x44, 0xba, 0x29, 0x74, 0xe7, 0xdb, 0x98, 0x44, 0xd2, + 0xa6, 0x03, 0xa6, 0xe7, 0xb4, 0x00, 0x6e, 0xe1, 0xcf, 0xa7, 0xcd, 0xe4, + 0xa8, 0x8e, 0xa7, 0xb8, 0xcd, 0x68, 0x23, 0x07, 0x6f, 0x47, 0xb9, 0xcd, + 0x59, 0x34, 0xc2, 0x9e, 0xc0, 0xb2, 0xed, 0x7a, 0x9b, 0xc2, 0x3d, 0xab, + 0x64, 0x36, 0xdd, 0xf9, 0xf2, 0x2d, 0xc1, 0x42, 0x4f, 0x11, 0x4b, 0x2a, + 0x91, 0x02, 0x41, 0x01, 0x73, 0xdd, 0x4c, 0xc0, 0x2e, 0xc0, 0x37, 0x0c, + 0x9e, 0xcb, 0x55, 0x46, 0xe7, 0x19, 0xc4, 0xaf, 0xd2, 0x03, 0x52, 0xd1, + 0x80, 0x1c, 0xb0, 0x1e, 0x30, 0x81, 0x71, 0xc2, 0x9a, 0x9e, 0x1b, 0x62, + 0x24, 0xd8, 0x1d, 0x38, 0x51, 0x10, 0x50, 0xfa, 0x76, 0x81, 0x23, 0x21, + 0x14, 0x9b, 0x44, 0xda, 0x10, 0x08, 0x5b, 0xc5, 0x86, 0xf9, 0x7f, 0x89, + 0x57, 0xc5, 0x15, 0xbc, 0x20, 0xdc, 0x9f, 0x19, 0x02, 0x41, 0x00, 0xd1, + 0xcd, 0xb6, 0x98, 0x29, 0x50, 0xc2, 0x5e, 0xfb, 0x6c, 0xeb, 0x4e, 0x3f, + 0x29, 0x70, 0xee, 0xa8, 0xe6, 0xf8, 0xfa, 0x38, 0x41, 0xb7, 0x8e, 0x8f, + 0x03, 0x71, 0xf7, 0x8a, 0x47, 0x98, 0x15, 0x9f, 0x14, 0x14, 0xbb, 0x11, + 0x7e, 0xec, 0xd5, 0xb4, 0xa4, 0xfd, 0x7b, 0x0e, 0x88, 0x78, 0x92, 0xbc, + 0xd1, 0x69, 0x75, 0xdb, 0xab, 0xed, 0x5c, 0x3b, 0xb2, 0xc3, 0xa5, 0xa9, + 0x7e, 0xb6, 0xd1, 0x02, 0x41, 0x01, 0x5e, 0x54, 0x53, 0x64, 0x9d, 0x04, + 0xe9, 0xb8, 0x6c, 0x96, 0x61, 0x85, 0xfe, 0x7c, 0x5b, 0x81, 0x46, 0x7b, + 0x92, 0xb7, 0xb7, 0x0a, 0x84, 0x9a, 0x1b, 0xcf, 0x9e, 0x56, 0xcb, 0x25, + 0xd6, 0xe2, 0x7d, 0xb9, 0xf1, 0x7e, 0x25, 0x34, 0x2a, 0x9c, 0xc7, 0x78, + 0xe8, 0x0b, 0xea, 0x04, 0xf8, 0x2e, 0xb0, 0xd5, 0xed, 0xb9, 0xdc, 0x71, + 0xdb, 0x9f, 0xba, 0xe6, 0xe5, 0xbb, 0xbd, 0xc0, 0x7c, 0xd7, }; +/* END FILE */ -const char *ec_key_data_lut[] = { - [MBEDTLS_ECP_DP_SECP192R1] = - "305f020101041856ceb8c9bc8e6562242362d5176916c8cad73cefde6242" - "faa00a06082a8648ce3d030101a134033200047bdb35c272027741d687ae" - "31007a4ed936231556747cf3e916884db6b08cece5a4923ce964b8bcd195" - "b0f53e01d1b9c4", - [MBEDTLS_ECP_DP_SECP224R1] = - "3068020101041cab5caf66f71236bd1c4c4825588c531682b8019882a025" - "ed3814e32fa00706052b81040021a13c033a0004260e79423142a44ce9e5" - "b78144c39e3d2b5b2670af673868083416745e57be42319d8ee6d034ef9c" - "535c7f6cc45ed5026fae66c0dd1298a5", - [MBEDTLS_ECP_DP_SECP256R1] = - "30770201010420b52b83eb4cf15f4fb2bdef164f521b92a4c7329ce83dd2" - "b24fc4080980603b07a00a06082a8648ce3d030107a14403420004dd40ad" - "3c112abb3e7beed40ca349c9a755f930968722865c27ca5d0ca884220b59" - "9e6620019ef8fc9b3050cf90ce8cfb5125db447c21bc567806d39e49b181" - "01", - [MBEDTLS_ECP_DP_SECP384R1] = - "3081a402010104301b3640d9ada2984b5c4406c339fa859c374aa1692990" - "547b0897429689d4b226d20b1ca20fd32d89e853e3b7644dffaba0070605" - "2b81040022a164036200043315c6d4276e8ab4b74b4069bb7a403f4a62e2" - "89bfbfe39738dee4064d7ae22ff32520316f7230302db8fa7b0434ada5ac" - "3f39acd252b5ec2eadbebf55ba7edb2265026a33bae2dbf59314ce081277" - "3f08faef9fb4786d610a8c1c1f348e9627", - [MBEDTLS_ECP_DP_SECP521R1] = - "3081dc020101044201300db372ffd5307db8016608a097cb4ac8440e7419" - "589566518a9b8b4506aa00ddd21d736284d31e02ae3064a0d2b1c3de08ec" - "b6285534e13fefe456fde0337572a00706052b81040023a1818903818600" - "040183a4329055ced8534460a22f00271dc55b9857aad6886355bcac683d" - "461a2281190546929a8e64cdfc1242fb6e3a460b0821b4197b42a0b18253" - "18c59dc74eabbd00c74c4bf20494c05183012229df3da41455673233cb32" - "877f0646b66fc75e4d72ccdc60e5ceb670ed4dc2773916738e2530a3f5fd" - "2c14ec512171e6de772dc21c27", - [MBEDTLS_ECP_DP_BP256R1] = - "307802010104202a248a6523ec929566b473d189d63358aeaa29385c56c4" - "ed52fee5bfbef6705fa00b06092b2403030208010107a14403420004606f" - "09a54c0f6d52ff0c7429ad085332d1e03e60370cd6a7b44c1a15668f28cf" - "14e35f242ae5c7ab089663de47f840b947a7ff4b2b72a820a0136154d6c6" - "c87a", - [MBEDTLS_ECP_DP_BP384R1] = - "3081a802010104301a4da2c6c462c6f115f3a91cfa6006bdb549e4935364" - "b2199d7bc872f1eb9bfcfcc3c997a1ac0064d581f32b3899ba3ba00b0609" - "2b240303020801010ba164036200042d4ed26c2aba8d7c49d52e1e6bfbe6" - "36583f22e50cc94c64442811f504db9f1823c43427ef5fbe9846842a66a7" - "20a1108ac13b1ff05a5d710a51a238ac89ce8f44c0139b9fef4d2c298f2e" - "187bf3c3e51ec05b32b27195d884b166b6c803409c", - [MBEDTLS_ECP_DP_BP512R1] = - "3081da02010104406f2730c70a35827f5a8ff0028f7ce3b28cf9d2711ad2" - "269130c5c72eace8d12efb0afd2f099548afa55bd94dd7361ab63ba1bea0" - "c7d295a67498107cf89acfb3a00b06092b240303020801010da181850381" - "82000464615aa207894e1059a28fc36c9f1d955b518dc668ee3a257b35b7" - "6d1b48820a0c42bf91122a96c5887633d71796d6d541a098534ad09f1f1b" - "0ebaece479e8e0284a7bb28efd1185a77a3ab8715e6e99f9591d44f92ca7" - "b4896d36a9022fdffa0cd7744f4dc462172bc4c027456d8469f41e15bbff" - "0546bac84f4edf3f4fc0c3", - [MBEDTLS_ECP_DP_CURVE25519] = - "302e020100300506032b656e04220420b0a8bd3ffeb3e2a7caa1148f5406" - "20b2dd493faff1d1cda6458822077445cd78", - [MBEDTLS_ECP_DP_SECP192K1] = - "305c02010104186a01a55cc30d77ef9962778f78af3cbb5c7fc7dd1aa9a7" - "b6a00706052b8104001fa1340332000435aa842c4bef314c579910674cf3" - "cb426ce001bdd5ca0586398634776957b1e3afa9473e5b69648ffaa65a1f" - "052be658", - [MBEDTLS_ECP_DP_SECP256K1] = - "30740201010420282608d1c6067366c22ef6ed5aa3b6e31107e6fa535f2b" - "6def935626517883c7a00706052b8104000aa14403420004163f1a8038d1" - "11cd2da34a98b8524180de6c56268cd8b2d315201778d1e7c09da090c2c8" - "da4667bd3e831f444103606875069c222bd1cc9beb84cf2989ad37ec", - [MBEDTLS_ECP_DP_CURVE448] = - "3046020100300506032b656f043a043858ab68f1e135d8d38514774a63a3" - "4c659b3ed783f8cf87531f49927c5e97f459cb324a32ab3dd2f1613ad931" - "cb3df24d5244bc7e4691f1f4", +/* This macro was generated from tests/scripts/generate_test_keys.py */ +/* BEGIN FILE string macro test_rsa_1028 */ +const unsigned char test_rsa_1028[] = { + 0x30, 0x82, 0x02, 0x5f, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x0f, 0x16, + 0x99, 0x9c, 0x0c, 0xc7, 0xb5, 0x63, 0x2d, 0xec, 0xdc, 0x12, 0x15, 0x15, + 0x12, 0x47, 0x26, 0xcc, 0xa9, 0xba, 0x8d, 0x31, 0x82, 0x63, 0x3e, 0xa9, + 0xdc, 0xa0, 0xa8, 0x7f, 0x02, 0x22, 0x4e, 0x5e, 0xa3, 0x77, 0xee, 0x13, + 0x94, 0x04, 0x76, 0x04, 0x8e, 0x98, 0xab, 0x7c, 0x82, 0xdd, 0x68, 0x5a, + 0xf6, 0xa8, 0x14, 0x5e, 0xf7, 0x43, 0xef, 0x04, 0xb5, 0x3f, 0x6a, 0x31, + 0x93, 0xd6, 0x1a, 0xfa, 0xcd, 0x20, 0x7b, 0x0e, 0xc3, 0x18, 0x39, 0x5f, + 0x7e, 0x1b, 0xa0, 0xe5, 0x85, 0x3e, 0xf7, 0x44, 0x51, 0xcc, 0xf7, 0xf1, + 0xc2, 0xf6, 0x79, 0x15, 0x0e, 0x0b, 0x50, 0x32, 0x35, 0xda, 0xeb, 0xe4, + 0x7d, 0x32, 0x6d, 0x21, 0x9e, 0xb2, 0xa0, 0x99, 0x0c, 0xc6, 0x17, 0xee, + 0xcd, 0xb5, 0xa6, 0x81, 0xa9, 0x91, 0x1b, 0x09, 0xfd, 0x32, 0xf9, 0xa1, + 0x8b, 0x1b, 0xf7, 0x99, 0xaf, 0xd6, 0xf7, 0x02, 0x03, 0x01, 0x00, 0x01, + 0x02, 0x81, 0x81, 0x03, 0x21, 0xe8, 0x06, 0x33, 0xc9, 0x0a, 0x69, 0x6a, + 0xd1, 0x6f, 0xe6, 0xf9, 0x25, 0x84, 0xc3, 0xec, 0xd4, 0x34, 0xb0, 0x9c, + 0x3b, 0x99, 0x1c, 0x4d, 0x98, 0x2a, 0x4b, 0xd8, 0x6f, 0x75, 0xdb, 0xf5, + 0x75, 0x44, 0x6e, 0xd3, 0xa8, 0x90, 0xe4, 0x54, 0x34, 0x21, 0xfe, 0xa4, + 0x2b, 0x97, 0x67, 0xac, 0x10, 0xa6, 0x80, 0xc2, 0xa9, 0xec, 0x9f, 0xd7, + 0xf1, 0x9c, 0x47, 0x6c, 0x1e, 0x9a, 0xd8, 0xa8, 0xe8, 0x5f, 0x76, 0x57, + 0x95, 0x26, 0xc0, 0x97, 0x5e, 0x56, 0x6d, 0x0c, 0x6c, 0xc5, 0x20, 0xd8, + 0x8f, 0xd7, 0xfd, 0xf4, 0x39, 0x97, 0xc2, 0x3b, 0xaa, 0x97, 0xd5, 0xea, + 0xaf, 0xdf, 0x23, 0x27, 0xf3, 0xea, 0x67, 0xd8, 0x52, 0x0a, 0x1f, 0xc2, + 0x5c, 0x3f, 0x56, 0x8f, 0x96, 0xc6, 0x3b, 0xa1, 0x12, 0xaf, 0xd3, 0x07, + 0xb4, 0x67, 0x37, 0x0d, 0xb2, 0x00, 0x80, 0x7b, 0xef, 0x4b, 0x58, 0x51, + 0x02, 0x41, 0x03, 0xe3, 0x05, 0x9f, 0xf4, 0x8d, 0xb5, 0x19, 0x32, 0x73, + 0xf1, 0xe7, 0x65, 0x49, 0xbb, 0xb4, 0xe0, 0x4a, 0x71, 0x23, 0x52, 0x69, + 0xd8, 0x06, 0x78, 0x8c, 0xde, 0x8a, 0x95, 0xfb, 0x70, 0x78, 0x6b, 0x20, + 0xcd, 0xfe, 0x2f, 0x3a, 0x56, 0xc6, 0x77, 0x44, 0xa8, 0x69, 0x32, 0xe6, + 0x1e, 0x58, 0xff, 0x6e, 0xd8, 0xe6, 0x54, 0x9a, 0xcd, 0x4e, 0xe9, 0xe2, + 0x44, 0x2d, 0x44, 0x27, 0x7d, 0x19, 0xdd, 0x02, 0x41, 0x03, 0xe1, 0xc5, + 0xcb, 0x94, 0x19, 0x26, 0x92, 0xdf, 0xf4, 0x81, 0xf1, 0x45, 0xb2, 0x69, + 0x5c, 0xfa, 0x06, 0x79, 0x2e, 0xc7, 0x71, 0xca, 0x94, 0x1e, 0x8b, 0xa8, + 0x2c, 0x93, 0x6b, 0xc2, 0x0d, 0xd0, 0x5e, 0xca, 0x57, 0x12, 0xee, 0x7f, + 0x64, 0xc2, 0x08, 0xaf, 0x6b, 0xa0, 0xdc, 0x2b, 0xe9, 0x40, 0xc9, 0xb8, + 0x49, 0xb2, 0x89, 0xd9, 0x8a, 0x08, 0x46, 0xc7, 0xd8, 0x60, 0xbd, 0x0f, + 0x08, 0xe3, 0x02, 0x41, 0x00, 0x88, 0x3b, 0xc3, 0xeb, 0xca, 0xdf, 0x29, + 0xc5, 0x03, 0xa4, 0xf2, 0x46, 0xa6, 0xf2, 0xc1, 0x50, 0x18, 0x41, 0x27, + 0x51, 0xe8, 0x56, 0x00, 0x84, 0xce, 0xdc, 0xc5, 0x62, 0xc5, 0x9b, 0x5f, + 0x91, 0x63, 0x5b, 0x70, 0xda, 0xec, 0x84, 0xe7, 0x05, 0x7b, 0x6c, 0x07, + 0x83, 0x45, 0x88, 0x90, 0x2c, 0xe0, 0xf3, 0x67, 0x8d, 0xdb, 0xe8, 0x12, + 0x4e, 0xe9, 0x80, 0xe6, 0x25, 0xb7, 0xb6, 0x64, 0x2d, 0x02, 0x41, 0x03, + 0x79, 0x4f, 0xa0, 0x56, 0xf0, 0x0a, 0xec, 0xf5, 0x2d, 0xc1, 0xfb, 0x3f, + 0xfb, 0xe0, 0xfe, 0x2b, 0x61, 0x0f, 0xa1, 0x25, 0x2a, 0x57, 0xb7, 0x25, + 0x7e, 0xa5, 0x08, 0xff, 0x04, 0x37, 0xac, 0x55, 0x03, 0xfe, 0xde, 0xdd, + 0x3a, 0x41, 0x16, 0xd1, 0xed, 0x23, 0xce, 0x95, 0x2d, 0x72, 0xbe, 0x52, + 0x14, 0x32, 0xaf, 0x00, 0xef, 0x0b, 0x95, 0xd2, 0xc2, 0x44, 0xa5, 0x06, + 0x2d, 0x29, 0xff, 0x31, 0x02, 0x41, 0x02, 0xc6, 0xb7, 0xac, 0x1d, 0x3b, + 0x80, 0xc4, 0x46, 0x4a, 0xff, 0xdd, 0x3f, 0xbb, 0x17, 0x4a, 0xf2, 0x19, + 0x3a, 0x74, 0x61, 0xa2, 0xd7, 0xc7, 0xd5, 0x85, 0xa3, 0x72, 0xfe, 0x86, + 0x20, 0x85, 0x5a, 0xa9, 0xb2, 0x84, 0x19, 0xcf, 0x41, 0x4a, 0x62, 0x11, + 0x07, 0x33, 0x82, 0xb2, 0x5f, 0x9f, 0x81, 0xfe, 0x1e, 0x8b, 0x26, 0x32, + 0xaa, 0x3c, 0x75, 0xa7, 0xb3, 0xbc, 0xc5, 0x92, 0x71, 0x88, 0x58, }; +/* END FILE */ + +/* This macro was generated from tests/scripts/generate_test_keys.py */ +/* BEGIN FILE string macro test_rsa_1030 */ +const unsigned char test_rsa_1030[] = { + 0x30, 0x82, 0x02, 0x5e, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x29, 0x80, + 0x16, 0x41, 0x52, 0x5b, 0x45, 0xb0, 0xcf, 0x21, 0xf3, 0x1e, 0xcf, 0x61, + 0x78, 0x6b, 0xb7, 0x90, 0x12, 0x9b, 0x2c, 0xdb, 0xfa, 0x5a, 0x36, 0x78, + 0xcc, 0xa9, 0xcf, 0x90, 0x3d, 0x76, 0xcd, 0x22, 0x41, 0xb2, 0x24, 0x32, + 0x87, 0xb8, 0x32, 0x88, 0x28, 0xed, 0x69, 0xe9, 0x3d, 0x88, 0x8c, 0x40, + 0xfb, 0x41, 0x59, 0x6e, 0x78, 0x05, 0x5a, 0xa2, 0x5a, 0xb0, 0xba, 0x12, + 0x7e, 0x49, 0x30, 0x2d, 0xc7, 0x87, 0xda, 0xb2, 0xbd, 0xf9, 0x44, 0x61, + 0xd4, 0x9a, 0x3c, 0x8f, 0xb9, 0xac, 0x95, 0xec, 0xc4, 0xe7, 0xed, 0xbc, + 0xf1, 0xed, 0xea, 0xdc, 0xa9, 0x8b, 0x1e, 0x73, 0x09, 0x25, 0xf2, 0xff, + 0xea, 0xf4, 0x4f, 0xfd, 0x14, 0xe8, 0xab, 0x65, 0x80, 0xeb, 0xa4, 0x91, + 0xfa, 0x45, 0x8e, 0xf0, 0x84, 0xff, 0x59, 0x36, 0x40, 0xef, 0xaf, 0x63, + 0x23, 0x51, 0xcf, 0xb5, 0x2b, 0x9d, 0x35, 0x02, 0x03, 0x01, 0x00, 0x01, + 0x02, 0x81, 0x81, 0x08, 0x9c, 0xdf, 0xe1, 0x8a, 0x27, 0x4d, 0xa1, 0x1a, + 0x77, 0xd4, 0x06, 0x60, 0xa9, 0x3c, 0xad, 0xf4, 0x50, 0x77, 0x00, 0x13, + 0xf1, 0x0a, 0x75, 0xe7, 0x08, 0xae, 0x87, 0x0e, 0x80, 0x03, 0xb5, 0x90, + 0x70, 0xab, 0xdc, 0x3e, 0x05, 0x6b, 0xa3, 0xd7, 0x7e, 0xe9, 0x29, 0x8e, + 0x99, 0xbc, 0xae, 0xc6, 0x56, 0xe5, 0x1e, 0x44, 0xa2, 0x77, 0xcf, 0xba, + 0xa5, 0xe7, 0xb6, 0xf6, 0x43, 0x08, 0xc9, 0x02, 0x84, 0xef, 0x41, 0xb5, + 0x04, 0xc5, 0x6f, 0xd8, 0x9a, 0xa0, 0x71, 0xaa, 0x1a, 0x7e, 0xac, 0x57, + 0xb9, 0x73, 0x5a, 0x02, 0xbf, 0x7c, 0xbe, 0x05, 0xf7, 0x7a, 0xa8, 0xf1, + 0x83, 0x1a, 0x58, 0xe1, 0x85, 0xbb, 0x40, 0x87, 0xff, 0x83, 0xbd, 0x9c, + 0x5a, 0x5e, 0xe5, 0x88, 0xe0, 0x88, 0x27, 0xe2, 0xef, 0xbb, 0xb1, 0x23, + 0x33, 0x31, 0x7f, 0x2d, 0x58, 0x14, 0x31, 0xac, 0x36, 0x08, 0xb9, 0x69, + 0x02, 0x41, 0x06, 0xb1, 0xe8, 0x8e, 0xfe, 0x4a, 0x77, 0x67, 0xa0, 0xdd, + 0xb6, 0xb0, 0x94, 0x58, 0xbf, 0x68, 0x67, 0x9d, 0x31, 0xd8, 0x49, 0x55, + 0xf0, 0xc9, 0x50, 0x7b, 0x5f, 0x1d, 0x0d, 0x1b, 0x16, 0x78, 0x5d, 0xe3, + 0x11, 0x9c, 0x58, 0x20, 0xa6, 0xd9, 0xbc, 0x2b, 0x03, 0xb5, 0x2d, 0x99, + 0xaa, 0x67, 0x27, 0x2f, 0x16, 0x45, 0x3c, 0xf6, 0x3d, 0x0b, 0x76, 0xe8, + 0x73, 0x8b, 0x94, 0x38, 0xd1, 0x43, 0x9d, 0x02, 0x41, 0x06, 0x32, 0xe1, + 0x2a, 0xb9, 0x61, 0x5f, 0xa4, 0x5c, 0x67, 0x33, 0x71, 0xaf, 0xa0, 0xa6, + 0xef, 0x95, 0x63, 0x3a, 0x49, 0xef, 0xa6, 0xe6, 0x63, 0x39, 0x54, 0x80, + 0xef, 0x44, 0x49, 0xe0, 0x69, 0x6b, 0xf9, 0xbc, 0x89, 0x60, 0x1c, 0x03, + 0xce, 0x92, 0x53, 0x0d, 0x33, 0x88, 0x64, 0x9b, 0x77, 0xd3, 0x22, 0xec, + 0x1d, 0x94, 0xb5, 0x43, 0x0b, 0xb7, 0x69, 0xd1, 0x1d, 0xfc, 0x70, 0x30, + 0xc8, 0x79, 0x02, 0x41, 0x02, 0xb1, 0x63, 0x02, 0xc9, 0x64, 0x38, 0x9d, + 0x35, 0x46, 0x99, 0x2a, 0x73, 0xb1, 0x32, 0xe4, 0x92, 0xf0, 0xd6, 0xd0, + 0xd1, 0xc6, 0xc0, 0xc0, 0xa9, 0x1f, 0xc6, 0xc5, 0x4f, 0xb5, 0x3a, 0x97, + 0x95, 0xe4, 0x34, 0xfc, 0x37, 0x32, 0x83, 0x0a, 0x87, 0xb6, 0xa1, 0x9a, + 0x29, 0xca, 0x6a, 0x91, 0x6d, 0x60, 0x72, 0x4b, 0xcd, 0x56, 0x9a, 0x7d, + 0x57, 0x09, 0xef, 0x18, 0x10, 0xb9, 0xbd, 0xea, 0xbd, 0x02, 0x40, 0x77, + 0xdb, 0x55, 0xf4, 0xc6, 0x8c, 0x08, 0xc8, 0x09, 0xeb, 0x72, 0xcc, 0xc7, + 0x1f, 0x94, 0xbc, 0xfd, 0xcf, 0xab, 0x41, 0xf4, 0xa3, 0x36, 0x1f, 0x60, + 0x68, 0x94, 0xa9, 0xdd, 0xc2, 0x9b, 0x73, 0xd2, 0x5b, 0x11, 0x2d, 0x37, + 0x30, 0x7a, 0x6b, 0xc6, 0xe6, 0x1a, 0x5c, 0x54, 0xed, 0x01, 0x31, 0xeb, + 0x53, 0x56, 0x30, 0xa3, 0x38, 0x3b, 0x2c, 0x51, 0x4b, 0xc0, 0x2e, 0x0e, + 0xf3, 0x40, 0x51, 0x02, 0x41, 0x03, 0x26, 0x57, 0x0d, 0xf5, 0xdf, 0x3f, + 0x5e, 0x31, 0x00, 0x9b, 0xf0, 0x92, 0x04, 0xfd, 0x97, 0x3e, 0x04, 0x7f, + 0x23, 0xd7, 0x79, 0x3c, 0xd7, 0xe8, 0xe1, 0x0e, 0xf0, 0xc4, 0x9f, 0xdb, + 0x4b, 0x5a, 0x42, 0xd7, 0x63, 0x4f, 0x95, 0x85, 0x35, 0xb9, 0x37, 0x24, + 0x34, 0xeb, 0xa3, 0xc7, 0x27, 0x49, 0x18, 0x78, 0x68, 0x05, 0x45, 0x6c, + 0x9b, 0xa7, 0x60, 0x07, 0x9d, 0x7e, 0x63, 0xad, 0xb7, 0x0c, +}; +/* END FILE */ + +/* This macro was generated from tests/scripts/generate_test_keys.py */ +/* BEGIN FILE string macro test_rsa_2048 */ +const unsigned char test_rsa_2048[] = { + 0x30, 0x82, 0x04, 0xa5, 0x02, 0x01, 0x00, 0x02, 0x82, 0x01, 0x01, 0x00, + 0xaa, 0x20, 0x13, 0x4a, 0x30, 0x6e, 0x42, 0xaf, 0xcb, 0x0a, 0xb9, 0x31, + 0x8e, 0x5d, 0x85, 0x75, 0xfb, 0x48, 0x35, 0xbe, 0xc0, 0x77, 0x93, 0xcd, + 0x51, 0xf4, 0x22, 0x0d, 0x72, 0x1a, 0xc1, 0x87, 0xf5, 0x6c, 0xb6, 0x68, + 0xb8, 0xc3, 0x63, 0x90, 0xa7, 0x38, 0x86, 0x44, 0xc0, 0xfb, 0x03, 0x0a, + 0x69, 0xc2, 0xb0, 0x3a, 0x15, 0xa5, 0xa0, 0xe9, 0x5a, 0xab, 0x32, 0xbb, + 0xd1, 0x73, 0x88, 0x34, 0x77, 0xc5, 0xae, 0xc9, 0x7d, 0x0d, 0x33, 0x78, + 0x31, 0x57, 0xc0, 0x43, 0xa1, 0x61, 0x90, 0x7f, 0xfc, 0xd9, 0x02, 0x71, + 0x76, 0x96, 0x4e, 0xe5, 0x55, 0xe8, 0x6e, 0x34, 0x1c, 0xd7, 0x8c, 0xab, + 0x7f, 0xec, 0xc2, 0x36, 0xba, 0x4a, 0x04, 0xac, 0xfb, 0x78, 0x74, 0xf1, + 0xc3, 0xff, 0x4d, 0xac, 0x53, 0x27, 0x7a, 0x0d, 0xdc, 0x49, 0xbe, 0x8d, + 0x8f, 0xaa, 0x24, 0x9b, 0xbc, 0x94, 0x6c, 0xfe, 0x23, 0x18, 0xad, 0x80, + 0x9b, 0x68, 0x0e, 0xf6, 0xc7, 0x66, 0xf2, 0xca, 0x64, 0xc6, 0xb5, 0x68, + 0x89, 0xf2, 0xac, 0x93, 0xa8, 0x57, 0x2f, 0xd4, 0xd6, 0xc3, 0xee, 0x84, + 0x7b, 0x20, 0xcb, 0x5a, 0x9f, 0xd5, 0x03, 0x9b, 0x57, 0x44, 0xf3, 0x86, + 0x64, 0x88, 0x79, 0xf5, 0xe9, 0xb9, 0x4b, 0xf8, 0x74, 0x70, 0xea, 0x77, + 0x98, 0x4b, 0x36, 0xc2, 0xa8, 0x63, 0xe8, 0x56, 0x52, 0xae, 0x67, 0xf3, + 0x7c, 0x78, 0x0a, 0x0f, 0x9c, 0xd7, 0xc9, 0xc9, 0x89, 0x8f, 0x47, 0xe7, + 0x3a, 0xb8, 0x0f, 0x85, 0x66, 0xb0, 0x42, 0x2a, 0x55, 0x3c, 0x9c, 0x3c, + 0xcc, 0xc0, 0xf5, 0xc0, 0x20, 0x8b, 0x2f, 0xe4, 0xd1, 0x36, 0xc1, 0x2e, + 0x54, 0x97, 0xa4, 0xe8, 0x6f, 0xac, 0x94, 0x10, 0x43, 0xb8, 0xb9, 0x17, + 0x20, 0x09, 0x45, 0x70, 0x44, 0x0f, 0x47, 0xe2, 0x80, 0x33, 0x30, 0x05, + 0xd0, 0xd2, 0x62, 0x4f, 0x02, 0x03, 0x01, 0x00, 0x01, 0x02, 0x82, 0x01, + 0x00, 0x13, 0x66, 0x73, 0xfc, 0xae, 0x58, 0x2c, 0x87, 0xa2, 0x76, 0x57, + 0x17, 0x15, 0x1e, 0x8a, 0x15, 0x21, 0xb2, 0x22, 0xda, 0xdd, 0x54, 0xe5, + 0x88, 0x70, 0xf3, 0x8f, 0x9c, 0x8b, 0xea, 0x0c, 0x2e, 0xc6, 0x68, 0x7e, + 0xc6, 0xa3, 0x67, 0x38, 0xa7, 0xea, 0xc1, 0xd1, 0xe1, 0xee, 0x45, 0xd1, + 0x9b, 0x72, 0xe3, 0x0e, 0x38, 0x99, 0x76, 0x59, 0x4a, 0xb3, 0x19, 0xb9, + 0xbf, 0xdc, 0x4b, 0x39, 0xf9, 0x8d, 0xbc, 0xff, 0xc9, 0x1f, 0x57, 0x0d, + 0x8b, 0x03, 0xc9, 0x77, 0x75, 0xde, 0xe5, 0xe2, 0xd6, 0x0d, 0x8d, 0xeb, + 0xae, 0xe7, 0xb0, 0x8d, 0x4f, 0xae, 0xc3, 0xc2, 0x29, 0x74, 0x2e, 0x8a, + 0x6e, 0x96, 0x38, 0x78, 0x0f, 0x48, 0xa0, 0x1f, 0x37, 0x60, 0xb7, 0xe4, + 0x52, 0x1b, 0xa1, 0x36, 0x08, 0xd4, 0x34, 0xb8, 0xc0, 0xf2, 0xe1, 0x7f, + 0xf6, 0xe1, 0xae, 0xab, 0xdd, 0x0c, 0x9c, 0xba, 0x6e, 0xf2, 0xfd, 0xee, + 0x92, 0x22, 0x68, 0x8d, 0x78, 0xb4, 0xc3, 0x67, 0x97, 0xce, 0xae, 0xc5, + 0x3f, 0x9c, 0x41, 0x62, 0xbf, 0xf0, 0xab, 0x1d, 0xe9, 0x62, 0xf9, 0x2e, + 0x63, 0xa7, 0xd5, 0x2d, 0x49, 0xbe, 0x67, 0x4c, 0x76, 0xb6, 0x81, 0x63, + 0xb6, 0x94, 0x86, 0xa7, 0x6a, 0x5a, 0xd8, 0xe4, 0x85, 0xe3, 0x61, 0x0d, + 0xb3, 0x5a, 0x52, 0x5b, 0x6f, 0x59, 0x81, 0xc0, 0x8d, 0xd7, 0xee, 0x0c, + 0xa3, 0xa3, 0xe1, 0x95, 0x5a, 0x09, 0x89, 0x71, 0x4d, 0xe2, 0x97, 0xec, + 0x9b, 0x6a, 0x76, 0x5a, 0xc6, 0x92, 0x61, 0x4b, 0x1d, 0x42, 0xc1, 0x55, + 0x25, 0x29, 0x61, 0x84, 0x75, 0x06, 0xfd, 0x6f, 0xb0, 0xe2, 0xba, 0x8a, + 0xa3, 0x6c, 0x89, 0x6b, 0x57, 0xf6, 0x59, 0x35, 0x9c, 0xef, 0x1d, 0x0b, + 0xb6, 0xe0, 0x0e, 0xcc, 0x31, 0x7a, 0x99, 0x20, 0x6f, 0x4c, 0xa2, 0x9c, + 0xcc, 0x58, 0xc1, 0xb4, 0x65, 0x02, 0x81, 0x81, 0x00, 0xde, 0x2d, 0x72, + 0xf5, 0xad, 0x7b, 0x26, 0xec, 0x59, 0x28, 0x10, 0x87, 0x2c, 0xfe, 0xee, + 0x63, 0x2f, 0xe2, 0xa2, 0xc7, 0xa7, 0x1f, 0xcc, 0xa0, 0x8d, 0xf1, 0x27, + 0x6c, 0xd5, 0xfd, 0x98, 0xe1, 0x5f, 0x85, 0x5b, 0xc0, 0xd3, 0x5b, 0x6b, + 0xbf, 0x3e, 0xa6, 0x2a, 0x28, 0xa4, 0xbf, 0x17, 0xed, 0x68, 0xc1, 0x72, + 0xaa, 0xb2, 0x57, 0x4d, 0x33, 0x24, 0xf8, 0x3b, 0x92, 0x85, 0xa7, 0x6d, + 0xa5, 0x89, 0xfe, 0x32, 0x27, 0x8d, 0x9a, 0xbb, 0x47, 0xf6, 0xa4, 0x6c, + 0x07, 0x44, 0xb0, 0xd3, 0x04, 0x67, 0xae, 0x1d, 0x6e, 0x1a, 0x0e, 0xf3, + 0x4a, 0x3a, 0xe4, 0xae, 0x91, 0xf9, 0x1e, 0x90, 0xbc, 0x84, 0x61, 0x0e, + 0x39, 0x09, 0x92, 0xbf, 0x68, 0x6c, 0xb9, 0xee, 0x6e, 0xbf, 0x20, 0x16, + 0xe9, 0x7f, 0x3c, 0x33, 0x87, 0x4f, 0x1f, 0x7a, 0xcc, 0x93, 0x4e, 0x8f, + 0xea, 0xc2, 0xd1, 0xac, 0x7b, 0x02, 0x81, 0x81, 0x00, 0xc4, 0x06, 0x14, + 0xfb, 0x02, 0xa8, 0xf7, 0x8c, 0x92, 0x72, 0xde, 0xa8, 0x99, 0xf3, 0x62, + 0xb6, 0x09, 0x23, 0x08, 0x3a, 0x27, 0x07, 0xfe, 0x6d, 0x82, 0xa4, 0x74, + 0x10, 0xbc, 0x36, 0xaa, 0xa8, 0x65, 0x52, 0x50, 0x9f, 0xdb, 0x11, 0xa6, + 0xe1, 0xc5, 0xc6, 0x7f, 0xca, 0xb9, 0xc2, 0x56, 0xc0, 0x15, 0x54, 0x7c, + 0x53, 0x3e, 0x3c, 0x78, 0xaf, 0x75, 0x22, 0x0f, 0x65, 0xa2, 0xdd, 0x22, + 0x38, 0xb1, 0x0f, 0x40, 0xc1, 0x45, 0x30, 0x97, 0xf0, 0xc8, 0xc1, 0x32, + 0xde, 0x89, 0x80, 0x4c, 0xdc, 0xe5, 0x2f, 0x69, 0x2c, 0x73, 0xf3, 0xa7, + 0x52, 0x16, 0x50, 0xe2, 0xad, 0x2b, 0xc6, 0x9e, 0x6d, 0x53, 0x4f, 0xb3, + 0x56, 0x0e, 0x3d, 0x78, 0xbf, 0x19, 0xfa, 0x5f, 0x67, 0x91, 0xa5, 0xd8, + 0x2e, 0xd5, 0xb7, 0xd7, 0x3d, 0x6b, 0x06, 0x68, 0x6a, 0x23, 0x27, 0xae, + 0x3c, 0xac, 0x69, 0x0b, 0x3d, 0x02, 0x81, 0x81, 0x00, 0x8f, 0xbb, 0xdb, + 0x69, 0x71, 0x08, 0x01, 0x10, 0x5a, 0x45, 0x7f, 0x1b, 0xd4, 0x52, 0x40, + 0xaa, 0xce, 0x69, 0xd2, 0x61, 0x53, 0x8f, 0x50, 0xf4, 0x75, 0x9f, 0x93, + 0x9f, 0xe7, 0x78, 0x9e, 0x94, 0xff, 0x14, 0xe9, 0x5c, 0xff, 0xdf, 0x5e, + 0xff, 0x64, 0x6a, 0x5f, 0x4f, 0xd7, 0xf5, 0x00, 0x67, 0xc8, 0xa3, 0x8d, + 0xa9, 0x3c, 0xa3, 0x1a, 0x00, 0x82, 0x64, 0x4d, 0x35, 0xe7, 0x5d, 0x7f, + 0xa3, 0xde, 0x78, 0x22, 0xbe, 0x4f, 0xef, 0xd0, 0x45, 0x28, 0x1d, 0x0a, + 0xfe, 0x50, 0xc4, 0x0c, 0x60, 0x07, 0x2b, 0x2f, 0x42, 0xf1, 0x7c, 0xc6, + 0x8c, 0x39, 0x39, 0x84, 0x6e, 0x4f, 0x3a, 0x24, 0xec, 0xb0, 0xbf, 0x91, + 0x51, 0xf9, 0x0d, 0x84, 0xe2, 0xeb, 0xa4, 0x05, 0xca, 0x83, 0xbf, 0x20, + 0xd3, 0x82, 0x4a, 0xd2, 0x13, 0x31, 0x6e, 0xee, 0x24, 0xb7, 0x0f, 0xd6, + 0x2f, 0x4c, 0x46, 0x15, 0x4d, 0x02, 0x81, 0x81, 0x00, 0x8b, 0xa2, 0x39, + 0x77, 0xc4, 0xa1, 0x50, 0x15, 0x96, 0x8c, 0xb5, 0x07, 0x2d, 0x03, 0x2e, + 0xa1, 0xb5, 0x48, 0x7b, 0x27, 0xd1, 0x7d, 0xe4, 0x43, 0x65, 0xf8, 0x77, + 0xa5, 0x24, 0x2d, 0x5c, 0xcb, 0xaf, 0xc1, 0x3f, 0x25, 0x60, 0x0b, 0xe6, + 0xf0, 0x94, 0xcd, 0x9d, 0x62, 0x6f, 0x88, 0x7b, 0xfb, 0x40, 0x36, 0x7a, + 0x89, 0x61, 0x9f, 0xf9, 0xe8, 0x22, 0x6c, 0x2c, 0xc3, 0x9d, 0x8c, 0x20, + 0x40, 0x79, 0xff, 0xff, 0x84, 0xad, 0x20, 0xbc, 0x5b, 0x0c, 0xe6, 0x72, + 0xb2, 0x0b, 0x08, 0x95, 0xb8, 0x14, 0x99, 0xfd, 0x35, 0x69, 0x33, 0x7b, + 0x51, 0x02, 0x0c, 0x84, 0x2c, 0x0f, 0x2e, 0xe0, 0xd3, 0xc7, 0xb0, 0xd2, + 0x72, 0xce, 0x9a, 0x03, 0x55, 0x3d, 0xd0, 0x17, 0xfd, 0xd2, 0xc6, 0x6c, + 0x84, 0x90, 0x40, 0xf0, 0xd6, 0x13, 0x52, 0xf1, 0x36, 0x09, 0xec, 0xce, + 0x34, 0xf2, 0x2b, 0xb1, 0x91, 0x02, 0x81, 0x81, 0x00, 0xc5, 0xf8, 0xda, + 0xdb, 0x52, 0xa6, 0x7b, 0x9a, 0x38, 0x1d, 0xb6, 0x5f, 0x8f, 0x08, 0x54, + 0x17, 0x60, 0xe0, 0x99, 0x06, 0x6b, 0xf9, 0xac, 0xe9, 0x71, 0x38, 0x60, + 0x0d, 0x79, 0x12, 0xe7, 0xd4, 0x47, 0x48, 0xfc, 0x12, 0x5b, 0x73, 0x4a, + 0x9a, 0xca, 0xda, 0x54, 0xaa, 0xb7, 0x4e, 0xf4, 0x2d, 0x70, 0xd5, 0x22, + 0x9f, 0xa0, 0x51, 0x62, 0x2b, 0x7f, 0xa7, 0x14, 0x7d, 0xd4, 0x1e, 0x3e, + 0xfd, 0x26, 0x97, 0x71, 0xaf, 0x01, 0x9d, 0x3b, 0x7a, 0x0f, 0x4d, 0xab, + 0xfb, 0xe8, 0xff, 0xf4, 0x4d, 0xd0, 0xf3, 0x22, 0x5a, 0x37, 0x51, 0xe3, + 0x85, 0x3a, 0x3f, 0x78, 0x36, 0x66, 0xaa, 0x57, 0x69, 0x6a, 0xe9, 0x7a, + 0x55, 0x7c, 0x1c, 0xeb, 0x8c, 0x5f, 0x17, 0x15, 0x9a, 0xd2, 0xa1, 0x21, + 0xbe, 0xd5, 0x6d, 0xb1, 0xaa, 0x3f, 0xc7, 0xbc, 0x36, 0xf6, 0xea, 0x78, + 0x98, 0x26, 0x94, 0xb2, 0x58, +}; +/* END FILE */ + +/* This macro was generated from tests/scripts/generate_test_keys.py */ +/* BEGIN FILE string macro test_rsa_4096 */ +const unsigned char test_rsa_4096[] = { + 0x30, 0x82, 0x09, 0x29, 0x02, 0x01, 0x00, 0x02, 0x82, 0x02, 0x01, 0x00, + 0xca, 0xd0, 0xd9, 0x1e, 0xae, 0x27, 0x25, 0x04, 0x53, 0xb5, 0x7f, 0x0a, + 0x56, 0x80, 0xd2, 0xf5, 0xd4, 0x9c, 0x59, 0x33, 0x0e, 0xae, 0x70, 0xe0, + 0x35, 0xb7, 0x65, 0x6b, 0x3a, 0xbf, 0x45, 0x65, 0x1f, 0xfb, 0x86, 0x6b, + 0x9c, 0x3e, 0x33, 0x6c, 0xff, 0xc2, 0x03, 0x3d, 0x25, 0x0a, 0x6b, 0xbe, + 0xd7, 0x03, 0x97, 0xdd, 0xea, 0x5b, 0x80, 0xb7, 0x8b, 0x3c, 0xad, 0xaf, + 0x88, 0x53, 0x64, 0x30, 0x90, 0xb3, 0xf3, 0x5e, 0x82, 0x8b, 0x0b, 0x59, + 0x29, 0x11, 0x32, 0xf1, 0x50, 0xce, 0xd1, 0x89, 0x4a, 0x88, 0xdb, 0x14, + 0x52, 0xbd, 0x5b, 0x67, 0x13, 0x1e, 0x60, 0x89, 0xd9, 0x53, 0xf4, 0x34, + 0x5e, 0xfe, 0x3d, 0xd4, 0xae, 0xf5, 0x97, 0x7a, 0xe4, 0x66, 0xd5, 0xb0, + 0x74, 0x72, 0xd9, 0x13, 0x02, 0x3a, 0x42, 0xc3, 0x91, 0xdb, 0xd1, 0x41, + 0x6f, 0x46, 0x06, 0x51, 0xd2, 0x0c, 0xb9, 0x6b, 0x8b, 0x72, 0xa0, 0x0e, + 0xcc, 0x05, 0x95, 0x5c, 0xa0, 0xbd, 0x57, 0xda, 0xb8, 0x33, 0x87, 0x85, + 0xc7, 0xee, 0xd1, 0x06, 0xcc, 0x78, 0x90, 0x39, 0xd4, 0x96, 0x24, 0x89, + 0xda, 0xff, 0xb0, 0xe4, 0xd2, 0x39, 0x58, 0x45, 0xf5, 0x2a, 0x45, 0x44, + 0xc3, 0xca, 0x54, 0xa7, 0xd7, 0x32, 0x8f, 0x3e, 0x56, 0x30, 0x14, 0xef, + 0x20, 0x3d, 0x96, 0xe1, 0xdf, 0x75, 0xa7, 0x99, 0x5c, 0xdd, 0x98, 0x21, + 0xf1, 0xac, 0x8f, 0x0c, 0x6b, 0xf0, 0x79, 0x55, 0x27, 0xc1, 0x00, 0xa3, + 0xec, 0x49, 0xb4, 0x0d, 0x02, 0x92, 0xba, 0xa0, 0x7f, 0x53, 0xaf, 0xd0, + 0x41, 0x33, 0x73, 0xb4, 0xc4, 0xfd, 0x1f, 0xf7, 0x54, 0xa5, 0xd2, 0x71, + 0xb1, 0x6c, 0x4c, 0x1f, 0x45, 0xce, 0xf0, 0xd0, 0x8d, 0xe2, 0xaa, 0x02, + 0xa6, 0xce, 0x4b, 0xac, 0xeb, 0xd0, 0xb7, 0x4a, 0x56, 0xf0, 0xc6, 0x0f, + 0x0f, 0x95, 0xcb, 0x11, 0xf3, 0x62, 0xee, 0x60, 0xcf, 0xca, 0x80, 0x24, + 0x11, 0xaa, 0x25, 0x04, 0xce, 0xa8, 0xae, 0x3d, 0x38, 0xec, 0xab, 0xa5, + 0x13, 0xd4, 0xca, 0xf7, 0x2d, 0x52, 0xfb, 0x16, 0x10, 0x88, 0xdf, 0x8f, + 0xa0, 0xcc, 0xf6, 0xa1, 0xb8, 0x4d, 0xaa, 0x18, 0x9c, 0x1f, 0xcf, 0x0a, + 0xe6, 0x13, 0xde, 0x21, 0x60, 0xee, 0xa4, 0x50, 0x97, 0x81, 0x28, 0x6f, + 0xc3, 0xc4, 0xdc, 0xe2, 0x73, 0xf4, 0x42, 0x40, 0x8b, 0x28, 0x79, 0xcc, + 0x5f, 0x9d, 0xe6, 0x3c, 0x42, 0xfb, 0x54, 0x5c, 0x9c, 0xb5, 0xad, 0xbd, + 0xc7, 0x6d, 0x04, 0xc3, 0x6e, 0xa3, 0x25, 0x90, 0x16, 0x79, 0xd0, 0x8a, + 0xa4, 0xe6, 0x6c, 0x9e, 0x63, 0x61, 0x20, 0xb9, 0x06, 0x1e, 0xc9, 0x3b, + 0x44, 0x61, 0x80, 0x9f, 0xb8, 0xbd, 0x78, 0xa5, 0x06, 0xfd, 0xec, 0x10, + 0x4a, 0xed, 0x31, 0xc5, 0xb6, 0x19, 0xff, 0xa2, 0xd6, 0xba, 0xb4, 0xd9, + 0x86, 0x40, 0x7f, 0x24, 0x47, 0x48, 0xf4, 0xa0, 0x66, 0x66, 0xe5, 0xa4, + 0x51, 0xc1, 0xa3, 0x25, 0x2e, 0x34, 0x58, 0x61, 0x85, 0x51, 0x75, 0x49, + 0x18, 0xf4, 0xa6, 0xd8, 0x83, 0x28, 0x7e, 0xcc, 0x56, 0x27, 0xc6, 0x79, + 0xda, 0x8e, 0x3e, 0x36, 0x23, 0xe2, 0xa7, 0x6d, 0x11, 0xcb, 0x91, 0x05, + 0x59, 0xdf, 0x0f, 0x40, 0x27, 0x25, 0x7c, 0x13, 0x8c, 0xbe, 0x1c, 0x9c, + 0x54, 0x0f, 0x57, 0xe3, 0x8f, 0x46, 0xcf, 0xa3, 0xfc, 0x4a, 0x31, 0xf8, + 0xe2, 0x32, 0x9a, 0x73, 0x21, 0x04, 0x44, 0x8a, 0xe8, 0x2d, 0x77, 0x2e, + 0xad, 0xa4, 0xbd, 0xc8, 0x14, 0x85, 0xb1, 0x8a, 0x72, 0x79, 0x69, 0x24, + 0x97, 0x04, 0x7b, 0x56, 0xf5, 0xc4, 0xd9, 0xdb, 0x4f, 0x91, 0x40, 0x60, + 0xf0, 0xda, 0x0a, 0xd7, 0x12, 0xf0, 0x09, 0x21, 0xbd, 0x7c, 0x2f, 0x01, + 0x73, 0x66, 0x69, 0xd7, 0x92, 0x6a, 0xa6, 0x1b, 0x02, 0x03, 0x01, 0x00, + 0x01, 0x02, 0x82, 0x02, 0x00, 0x38, 0xe9, 0x3d, 0xe3, 0xc4, 0x0e, 0xab, + 0xee, 0x78, 0xe6, 0xd7, 0x0d, 0x39, 0x94, 0xd0, 0x9d, 0xb6, 0xd9, 0x60, + 0x96, 0x59, 0x2a, 0x4d, 0xf6, 0x3c, 0x5c, 0x88, 0x12, 0xfc, 0xdb, 0x2b, + 0x47, 0xe3, 0x1f, 0x9b, 0x6a, 0x9a, 0xdf, 0x41, 0x62, 0xf6, 0xa9, 0xa4, + 0x6b, 0x05, 0xf7, 0xd4, 0xa0, 0x2a, 0x89, 0x91, 0x95, 0xed, 0xeb, 0x5b, + 0x45, 0x25, 0xc7, 0x13, 0x1d, 0xcc, 0x6d, 0x4a, 0x11, 0xee, 0xa8, 0xf0, + 0x43, 0xb6, 0xf1, 0xf9, 0x6f, 0x3d, 0x7c, 0xdc, 0x04, 0xa7, 0x1e, 0x41, + 0xe1, 0xfa, 0x8e, 0x48, 0x9b, 0x7d, 0x54, 0x31, 0x4f, 0xcd, 0x27, 0x9b, + 0x03, 0x53, 0x7e, 0xa1, 0x6a, 0x08, 0xb5, 0xe2, 0xf7, 0xc9, 0x58, 0x94, + 0xf7, 0x21, 0x1c, 0x52, 0x1e, 0x3f, 0xae, 0xf2, 0x86, 0xc8, 0xfb, 0x3c, + 0x3c, 0xd0, 0xb3, 0x14, 0x16, 0xfe, 0x78, 0x71, 0xd1, 0x87, 0xd5, 0x96, + 0x3a, 0x3d, 0x59, 0x1e, 0xdc, 0xc8, 0x17, 0x51, 0x00, 0x3b, 0x02, 0xa6, + 0xa2, 0x73, 0x49, 0xd2, 0x5f, 0x91, 0xe8, 0xcb, 0xb2, 0xd2, 0xb1, 0x8a, + 0x17, 0x10, 0x36, 0x49, 0x6e, 0x7d, 0x8b, 0x7e, 0x41, 0xd7, 0x53, 0xcc, + 0x17, 0x65, 0x62, 0x45, 0x29, 0xb4, 0x9f, 0x13, 0xfe, 0x3c, 0xfe, 0xac, + 0xff, 0x5b, 0x04, 0x06, 0xfb, 0xca, 0xda, 0x3d, 0x7a, 0x88, 0x4f, 0xe5, + 0x85, 0xbd, 0x6f, 0x58, 0xff, 0x3d, 0x67, 0xa4, 0x84, 0x61, 0xcd, 0x8a, + 0xde, 0x80, 0x57, 0x42, 0x2c, 0xbd, 0x63, 0x39, 0x28, 0xe5, 0x6d, 0xf2, + 0xfc, 0x92, 0x7e, 0x13, 0x39, 0xa6, 0xf2, 0x1f, 0x27, 0xbc, 0x97, 0x22, + 0xdf, 0x2e, 0x5b, 0x91, 0x9f, 0xe1, 0x9f, 0x78, 0x04, 0xd6, 0x7b, 0xe9, + 0x4b, 0x3c, 0x65, 0x3c, 0x3b, 0x9e, 0x3f, 0x09, 0x31, 0x2e, 0xc2, 0xd4, + 0x8c, 0x01, 0xb5, 0x72, 0x7e, 0x4b, 0x6b, 0x47, 0x1d, 0xf3, 0xb2, 0xaa, + 0x9c, 0xd0, 0x1a, 0x11, 0x24, 0xad, 0xeb, 0x0e, 0x9e, 0xe1, 0xa9, 0xfc, + 0x4c, 0xf0, 0xd0, 0xc5, 0x4d, 0xd0, 0xef, 0x45, 0xa2, 0x64, 0xce, 0x08, + 0x60, 0x55, 0xaf, 0x11, 0xbd, 0xad, 0xda, 0x20, 0x04, 0x97, 0x1f, 0x9f, + 0x99, 0x4a, 0x44, 0x6d, 0x94, 0x57, 0xd8, 0x4d, 0x80, 0xb0, 0x2a, 0xf3, + 0x32, 0xd8, 0x62, 0x2b, 0xbb, 0x28, 0xa5, 0x8e, 0x7f, 0x55, 0xfa, 0xe1, + 0xb6, 0x34, 0x27, 0x80, 0xa9, 0x63, 0x6b, 0xa7, 0x1b, 0x00, 0x6f, 0x47, + 0x51, 0xf2, 0x4d, 0x8a, 0xa2, 0x6b, 0xf8, 0x3f, 0xe0, 0x07, 0x06, 0x58, + 0x87, 0x8d, 0x42, 0x5b, 0x81, 0x2f, 0xba, 0x8b, 0xec, 0xfd, 0x5e, 0xad, + 0xd5, 0x22, 0xac, 0xb8, 0xb8, 0xa9, 0x51, 0x10, 0x1d, 0x08, 0x78, 0xf4, + 0xc8, 0xff, 0xfc, 0x25, 0x85, 0xe1, 0xe1, 0x5a, 0xb7, 0x9c, 0x53, 0xc1, + 0x50, 0x7b, 0xfa, 0x48, 0xf4, 0x84, 0x2c, 0x1b, 0x10, 0xd4, 0x31, 0x0b, + 0x6f, 0x0d, 0x35, 0x36, 0xf2, 0xbb, 0x70, 0xfb, 0x18, 0xf6, 0x22, 0x8e, + 0x87, 0x39, 0xd2, 0x5d, 0x8c, 0xef, 0x42, 0xe4, 0x36, 0x8b, 0x44, 0xac, + 0x3c, 0xab, 0x09, 0xf9, 0x26, 0xb3, 0x3d, 0x85, 0x57, 0x75, 0x0a, 0x76, + 0x69, 0x14, 0x53, 0x0c, 0x28, 0xd9, 0x28, 0x57, 0x4b, 0x60, 0xea, 0xcf, + 0x83, 0xac, 0x9a, 0x05, 0xd4, 0x54, 0x46, 0xd3, 0xfd, 0xb4, 0x5d, 0xcb, + 0x45, 0x5a, 0xda, 0x1b, 0xcf, 0x71, 0x03, 0xd9, 0xc7, 0x1b, 0xd8, 0xb6, + 0x45, 0x17, 0x45, 0x01, 0x3e, 0x75, 0xf1, 0x48, 0x5c, 0x7a, 0xec, 0x58, + 0xe3, 0x71, 0xfb, 0xfe, 0x66, 0xcf, 0x99, 0x1e, 0xf7, 0xa1, 0x79, 0x74, + 0xb0, 0x99, 0x9d, 0xe5, 0x93, 0x3f, 0xa3, 0x31, 0x06, 0xb3, 0x16, 0x71, + 0x27, 0x36, 0xb0, 0xc0, 0x64, 0xe8, 0x07, 0x5e, 0xf0, 0x4a, 0x76, 0x04, + 0x91, 0x02, 0x82, 0x01, 0x01, 0x00, 0xff, 0x09, 0x0d, 0x15, 0xda, 0xbd, + 0xa7, 0xe9, 0x79, 0x20, 0x59, 0x05, 0xc1, 0xea, 0x20, 0xa9, 0xb9, 0x47, + 0x16, 0x42, 0xeb, 0x3f, 0x26, 0xa4, 0x8b, 0xfd, 0x48, 0x4b, 0xdf, 0x06, + 0x35, 0x8b, 0x32, 0xe3, 0xf7, 0x1f, 0xb1, 0x92, 0x96, 0xbf, 0x48, 0x04, + 0x32, 0xb2, 0x4e, 0x83, 0x9a, 0x1f, 0x4b, 0x11, 0x75, 0xb8, 0xbf, 0x4d, + 0x2e, 0xe0, 0x8a, 0x22, 0xde, 0x94, 0xb1, 0x98, 0xc0, 0xec, 0x8a, 0x49, + 0x73, 0x07, 0xf5, 0x69, 0x4c, 0x9a, 0x2f, 0xab, 0xf6, 0xdd, 0x93, 0x26, + 0x6c, 0x79, 0x2c, 0xac, 0xbc, 0x7d, 0x67, 0xad, 0x3e, 0x46, 0xdd, 0xf2, + 0xef, 0x14, 0x8a, 0x10, 0x9c, 0x11, 0x9b, 0x4a, 0xd5, 0x27, 0x87, 0x52, + 0x79, 0x1a, 0xb3, 0x67, 0xe3, 0x29, 0x35, 0x97, 0x57, 0xa7, 0x7f, 0xab, + 0xed, 0xe2, 0xa4, 0xa8, 0x94, 0x01, 0x7c, 0x85, 0x5e, 0x47, 0x67, 0xb5, + 0xae, 0xf0, 0x2b, 0x9a, 0xa6, 0xb1, 0x4c, 0xd7, 0x84, 0xae, 0x24, 0x1e, + 0x28, 0x77, 0x63, 0x69, 0x38, 0x6b, 0xab, 0xe0, 0x4f, 0x90, 0x78, 0x4a, + 0x31, 0x30, 0xe8, 0x95, 0xbc, 0xcb, 0x95, 0x9c, 0xd5, 0x34, 0x7c, 0x4c, + 0x07, 0xa7, 0x23, 0x66, 0x6b, 0xd6, 0x59, 0x93, 0x69, 0x22, 0xb3, 0xda, + 0x47, 0x66, 0xf8, 0xee, 0x4a, 0x38, 0x5e, 0xab, 0x2d, 0xf7, 0xe0, 0xab, + 0x9f, 0x65, 0x1a, 0x90, 0x04, 0xaa, 0x71, 0xc5, 0x59, 0xf2, 0x0c, 0xb3, + 0xbe, 0xd5, 0xcf, 0x17, 0xcd, 0x70, 0x4c, 0xa6, 0xb7, 0xb5, 0x19, 0xc2, + 0x2b, 0xa8, 0x6b, 0x0c, 0x5f, 0x81, 0xb6, 0x18, 0x7b, 0x2e, 0x74, 0x6f, + 0xcb, 0x37, 0x15, 0x71, 0x4f, 0x7e, 0xac, 0xbf, 0x66, 0xf5, 0xb6, 0x72, + 0xf7, 0xe9, 0xc7, 0x99, 0xa5, 0x31, 0xf9, 0x27, 0x74, 0x4d, 0x68, 0xd6, + 0x60, 0xc7, 0x83, 0xe7, 0xd4, 0xa0, 0xc0, 0x09, 0x7a, 0x0f, 0x02, 0x82, + 0x01, 0x01, 0x00, 0xcb, 0x95, 0x3b, 0xb3, 0x52, 0xf2, 0x44, 0x4c, 0x50, + 0xe0, 0xee, 0xaf, 0xf2, 0xec, 0x68, 0x73, 0x70, 0x16, 0x6c, 0x1d, 0x54, + 0xeb, 0xa2, 0xaf, 0x4e, 0xb9, 0x53, 0x5f, 0x73, 0x07, 0x72, 0x68, 0x70, + 0xce, 0xf0, 0xc5, 0x1b, 0x94, 0xb3, 0x48, 0xb5, 0x8e, 0x58, 0xb5, 0x81, + 0x96, 0x7b, 0xbb, 0x83, 0x33, 0x95, 0x06, 0x1a, 0x01, 0x69, 0xe1, 0x59, + 0xf9, 0x6d, 0x3d, 0x13, 0x5f, 0x52, 0xdf, 0xb6, 0x66, 0x68, 0x2b, 0xd8, + 0x06, 0x4a, 0xf8, 0xf9, 0x69, 0xed, 0xdd, 0x1e, 0x39, 0x93, 0x10, 0xe5, + 0x1b, 0x0b, 0xfe, 0x52, 0xd2, 0x9b, 0x64, 0x6c, 0xb3, 0xdc, 0x8a, 0x30, + 0x63, 0x56, 0x1c, 0x57, 0x39, 0x30, 0xfb, 0x89, 0x12, 0xd0, 0xbc, 0x00, + 0xd8, 0x4c, 0x0d, 0xcb, 0x17, 0x3e, 0x80, 0xad, 0x87, 0xc2, 0xd9, 0x28, + 0xe1, 0xbe, 0x69, 0x2b, 0x6b, 0x11, 0x7f, 0x8d, 0xb7, 0xc0, 0x2f, 0x9c, + 0x10, 0xe7, 0xd5, 0x12, 0xc0, 0x10, 0xec, 0x43, 0x9d, 0xe7, 0x30, 0x4b, + 0x5d, 0xec, 0x05, 0x22, 0xf3, 0x71, 0xab, 0x6e, 0xba, 0x99, 0x9a, 0xc7, + 0xe2, 0x95, 0x2b, 0xa4, 0xdc, 0xf0, 0x18, 0xa7, 0x91, 0x76, 0x5e, 0xf2, + 0x3b, 0x46, 0x51, 0xb9, 0xa2, 0x3e, 0xe1, 0xac, 0x7b, 0x18, 0x49, 0x15, + 0x2b, 0x01, 0xd6, 0xeb, 0x38, 0x90, 0xe4, 0x76, 0x1e, 0xc2, 0xd7, 0x7a, + 0x28, 0x0a, 0x05, 0x68, 0xbd, 0x59, 0xeb, 0xdf, 0x2b, 0x39, 0x58, 0x4b, + 0xa8, 0xf9, 0x92, 0x4c, 0xf2, 0xbf, 0xe6, 0x12, 0x6f, 0x13, 0x03, 0xa3, + 0xf5, 0xa1, 0xd2, 0x2b, 0x68, 0xf4, 0x8b, 0xac, 0x14, 0xb1, 0x3d, 0x05, + 0x4a, 0xea, 0x5a, 0x13, 0x29, 0x47, 0x36, 0x95, 0x7d, 0xf4, 0xed, 0x06, + 0x23, 0x3c, 0xf1, 0x4c, 0xf0, 0x95, 0xf9, 0xc7, 0x7e, 0x41, 0x85, 0x84, + 0xbf, 0x53, 0xfc, 0xa4, 0x5a, 0x8f, 0x35, 0x02, 0x82, 0x01, 0x00, 0x4e, + 0x64, 0xc8, 0xd9, 0xeb, 0xe8, 0x1a, 0x62, 0x20, 0xf2, 0x79, 0x8a, 0xd4, + 0x85, 0x94, 0x4e, 0xb7, 0x7e, 0x0b, 0x70, 0xbc, 0x81, 0x27, 0xee, 0xb2, + 0x7d, 0x43, 0xa8, 0xd6, 0xc0, 0x40, 0xdb, 0x2d, 0xe4, 0x77, 0x05, 0x0d, + 0xff, 0x62, 0x49, 0x1f, 0xe8, 0xf2, 0x70, 0x6e, 0xc3, 0xf3, 0x2f, 0x25, + 0x53, 0x13, 0x9d, 0x9b, 0x68, 0x2d, 0x3d, 0xa6, 0x18, 0x7b, 0xd4, 0xb7, + 0x16, 0x9e, 0x4e, 0xd7, 0x5f, 0x26, 0x75, 0xce, 0xd0, 0xf4, 0x53, 0xfc, + 0xcd, 0x5e, 0x4f, 0xd3, 0xb8, 0x9e, 0xe5, 0x4c, 0x7f, 0x38, 0x5d, 0x4f, + 0xee, 0x27, 0xd3, 0x7e, 0xcb, 0xfb, 0x03, 0x94, 0x40, 0xf0, 0xc8, 0x54, + 0xb4, 0xd6, 0xfa, 0x94, 0x95, 0x1c, 0x56, 0xc1, 0xc8, 0xf0, 0x41, 0xad, + 0x90, 0x7c, 0xc8, 0x26, 0xed, 0x81, 0x6d, 0x06, 0x72, 0x2f, 0x34, 0x99, + 0xc3, 0x21, 0x2c, 0xcf, 0xcb, 0x40, 0x1f, 0xe1, 0x37, 0x63, 0x7f, 0xe2, + 0x7f, 0xe8, 0xef, 0xe2, 0x78, 0x46, 0xb6, 0x14, 0x1f, 0xb6, 0xd1, 0x19, + 0xff, 0x14, 0x55, 0xf3, 0x33, 0xd3, 0x15, 0x16, 0x99, 0x58, 0x74, 0x37, + 0xe4, 0x02, 0x81, 0x64, 0xa7, 0xb6, 0x3e, 0x81, 0x1a, 0x2d, 0x91, 0xb0, + 0xed, 0x28, 0x07, 0x1b, 0xc3, 0xbf, 0xe8, 0xfe, 0x21, 0xb9, 0x3c, 0xc4, + 0x94, 0xd7, 0xc7, 0x77, 0x0f, 0x2a, 0x2a, 0xd8, 0xd4, 0x66, 0x2a, 0xc2, + 0x58, 0x08, 0x82, 0xe7, 0xb6, 0xa4, 0xb5, 0x72, 0x37, 0xfd, 0xd5, 0x44, + 0x2a, 0x87, 0x13, 0xaa, 0xfc, 0x4d, 0x91, 0x32, 0x7e, 0x96, 0x28, 0xf8, + 0x01, 0x64, 0x73, 0xee, 0x24, 0xa3, 0x11, 0xa6, 0x8c, 0xb3, 0x03, 0xdc, + 0x33, 0xe5, 0x81, 0x27, 0xf9, 0x05, 0x0d, 0x9e, 0x66, 0x33, 0x2a, 0x3e, + 0x4d, 0x0b, 0x69, 0xf4, 0x0c, 0xd9, 0xa8, 0xda, 0x79, 0xfb, 0x99, 0x02, + 0x0e, 0xa7, 0xaf, 0x02, 0x82, 0x01, 0x01, 0x00, 0x80, 0xff, 0xab, 0xd7, + 0xa2, 0x2c, 0x7f, 0x18, 0x78, 0x7b, 0x3e, 0xe3, 0x60, 0xa3, 0x6a, 0x40, + 0x13, 0x7b, 0x31, 0xc0, 0x98, 0x49, 0xc3, 0x49, 0x20, 0x32, 0x10, 0x61, + 0x3f, 0xeb, 0x2d, 0x14, 0x7e, 0xbe, 0xb2, 0x13, 0xc3, 0xb9, 0x42, 0xad, + 0x44, 0xd5, 0xd0, 0xe2, 0x1a, 0x1d, 0xf7, 0x83, 0x46, 0xcc, 0x8d, 0x96, + 0x53, 0x2e, 0x28, 0x20, 0x32, 0x39, 0xf9, 0x7d, 0x24, 0xe4, 0x57, 0x08, + 0x08, 0x74, 0xf5, 0x77, 0x2a, 0xa8, 0x3a, 0x23, 0x6f, 0x2f, 0x2f, 0x18, + 0xd8, 0x89, 0x14, 0xe6, 0x34, 0xb6, 0x21, 0xb0, 0x62, 0x5c, 0xaf, 0x38, + 0x40, 0x24, 0xec, 0x0e, 0xe8, 0x40, 0x59, 0x95, 0x15, 0xb3, 0xd8, 0x94, + 0xda, 0x33, 0x80, 0xee, 0x4f, 0xfe, 0xbe, 0x9a, 0x52, 0xe1, 0x04, 0xaa, + 0xd6, 0xca, 0x5a, 0xad, 0xed, 0xd8, 0xb5, 0x25, 0xc0, 0xec, 0x54, 0x27, + 0x25, 0xee, 0x94, 0x29, 0xd6, 0xd3, 0x63, 0x83, 0x41, 0x21, 0x50, 0xd7, + 0xd4, 0xb4, 0x9e, 0x84, 0x9c, 0x8d, 0x03, 0xfb, 0xf1, 0x3c, 0x9e, 0xff, + 0x48, 0xe7, 0x96, 0x63, 0x5c, 0x5a, 0xf7, 0xb8, 0xb2, 0xfb, 0x88, 0x6b, + 0xa6, 0xea, 0x66, 0x3e, 0x1d, 0x71, 0x6f, 0xca, 0x63, 0x3d, 0x2a, 0x69, + 0x27, 0x38, 0xcc, 0x97, 0xaa, 0x81, 0x18, 0xe6, 0x4d, 0x20, 0x07, 0xb7, + 0xac, 0x1d, 0x2b, 0xcb, 0x0b, 0xcd, 0x89, 0x24, 0x0a, 0x4d, 0x49, 0x48, + 0x4b, 0x9e, 0x00, 0xf5, 0x30, 0xe3, 0xfe, 0x58, 0x34, 0xc7, 0xf0, 0xce, + 0xe1, 0x49, 0x5e, 0x9c, 0x04, 0xed, 0xa5, 0x3f, 0x1e, 0x60, 0x9f, 0xec, + 0x4c, 0xfa, 0xc3, 0x9f, 0xed, 0xd5, 0x9d, 0x8f, 0xbb, 0xea, 0x81, 0x04, + 0x56, 0x4f, 0x7c, 0xbe, 0x20, 0x10, 0x7e, 0x12, 0x4c, 0x75, 0x7a, 0x22, + 0xce, 0xc4, 0xf2, 0xd1, 0x9e, 0xde, 0xf9, 0x61, 0xf1, 0xe6, 0xac, 0x2d, + 0x02, 0x82, 0x01, 0x01, 0x00, 0xd7, 0x32, 0x63, 0x0a, 0x84, 0xda, 0x7e, + 0x7e, 0xc5, 0xdf, 0xff, 0xbc, 0x82, 0x36, 0x8d, 0x83, 0x5b, 0x79, 0xa2, + 0x25, 0x88, 0xeb, 0xeb, 0x4e, 0xb8, 0xa1, 0x29, 0xbe, 0x9d, 0x81, 0x80, + 0x4b, 0x63, 0x67, 0xcc, 0x0a, 0x0d, 0xe9, 0xee, 0x84, 0x03, 0xf7, 0x2a, + 0x04, 0xe5, 0xa6, 0x0d, 0x8e, 0x0d, 0x34, 0x9f, 0x7c, 0xc1, 0xa0, 0xad, + 0x32, 0x59, 0xf8, 0x94, 0xb2, 0x4c, 0xca, 0x70, 0x68, 0xa3, 0x4b, 0xa8, + 0x58, 0xad, 0x46, 0x36, 0x08, 0xcd, 0x94, 0x10, 0x66, 0x5b, 0xbb, 0x38, + 0x16, 0x47, 0xb9, 0x2a, 0xe9, 0xe7, 0xf1, 0x4d, 0xb5, 0xb1, 0x77, 0x13, + 0xd7, 0x4f, 0xea, 0x53, 0x5f, 0xde, 0x8e, 0x0d, 0x6c, 0x88, 0x86, 0x79, + 0x0a, 0xa7, 0x2b, 0xaa, 0xe2, 0x3b, 0xb4, 0xa6, 0xd9, 0x2e, 0x57, 0xe4, + 0x76, 0x67, 0xa2, 0x4e, 0x24, 0x93, 0x2b, 0xfb, 0x7f, 0x30, 0x89, 0x66, + 0x16, 0x02, 0xe8, 0x6a, 0x2f, 0x75, 0x9e, 0xc1, 0xec, 0x7c, 0x72, 0x18, + 0xbe, 0xf1, 0x4a, 0x87, 0xc9, 0x8c, 0xcb, 0xb6, 0xa2, 0x02, 0x6e, 0x97, + 0x88, 0x4a, 0xba, 0x4a, 0xb2, 0xd8, 0x8c, 0x4a, 0xf5, 0x9c, 0x87, 0x2d, + 0x4b, 0x3d, 0x8c, 0x08, 0xdf, 0x31, 0xe7, 0x51, 0xc8, 0x4a, 0x3c, 0xf8, + 0x19, 0xb6, 0x3f, 0x6f, 0x6b, 0xe9, 0x8a, 0xed, 0x42, 0x54, 0x58, 0x96, + 0x2d, 0x00, 0x4a, 0x5f, 0xba, 0xf6, 0xf2, 0x87, 0x86, 0xc8, 0x11, 0xaf, + 0xc5, 0x31, 0x59, 0x24, 0x96, 0x76, 0xcc, 0xa0, 0xda, 0xe9, 0x3d, 0x40, + 0x0e, 0x2b, 0x64, 0xa4, 0xb2, 0x91, 0x0c, 0x04, 0x5e, 0xa9, 0x86, 0x3c, + 0xfc, 0x03, 0x8f, 0x07, 0x09, 0x52, 0x05, 0xb3, 0x9d, 0x08, 0xa7, 0xbf, + 0x1a, 0x47, 0xbb, 0x81, 0x39, 0xf1, 0xdf, 0x39, 0x65, 0x5e, 0x6b, 0x35, + 0x8d, 0x53, 0x67, 0x9f, 0x43, 0x59, 0x38, 0x45, 0xb4, +}; +/* END FILE */ + +/* This macro was generated from tests/scripts/generate_test_keys.py */ +/* BEGIN FILE string macro test_ec_secp192r1 */ +const unsigned char test_ec_secp192r1[] = { + 0x30, 0x5f, 0x02, 0x01, 0x01, 0x04, 0x18, 0xf2, 0xb2, 0x0b, 0x3a, 0xce, + 0x36, 0x72, 0xcd, 0xb2, 0xe2, 0x37, 0x80, 0x0a, 0x5e, 0x1a, 0x8e, 0x20, + 0xa4, 0x55, 0xe3, 0x53, 0xfc, 0x98, 0xeb, 0xa0, 0x0a, 0x06, 0x08, 0x2a, + 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x01, 0xa1, 0x34, 0x03, 0x32, 0x00, + 0x04, 0x32, 0x24, 0xf9, 0x2a, 0x4b, 0x53, 0x29, 0x16, 0x22, 0xa6, 0xd7, + 0x35, 0xb8, 0xc8, 0xd4, 0x16, 0x22, 0x5e, 0xfd, 0xce, 0x34, 0xf7, 0x1c, + 0xd3, 0x0c, 0xea, 0xf3, 0x71, 0xbe, 0x2e, 0x40, 0x61, 0x2b, 0x31, 0x85, + 0xcb, 0x6b, 0xec, 0x59, 0xfc, 0x19, 0x31, 0xb0, 0x45, 0x04, 0x41, 0xea, + 0xf9, +}; +/* END FILE */ + +/* This macro was generated from tests/scripts/generate_test_keys.py */ +/* BEGIN FILE string macro test_ec_secp224r1 */ +const unsigned char test_ec_secp224r1[] = { + 0x30, 0x68, 0x02, 0x01, 0x01, 0x04, 0x1c, 0x74, 0x02, 0x38, 0xee, 0x23, + 0x01, 0xa0, 0x11, 0x8c, 0xfe, 0xd1, 0xfb, 0x66, 0x6e, 0x04, 0x92, 0x9e, + 0xe9, 0x75, 0x9b, 0xaf, 0x5a, 0xf2, 0x9a, 0x64, 0x16, 0x83, 0x08, 0xa0, + 0x07, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x21, 0xa1, 0x3c, 0x03, 0x3a, + 0x00, 0x04, 0xd3, 0xe3, 0x0e, 0x63, 0x84, 0x9d, 0xbb, 0x5e, 0xb2, 0xb4, + 0x2d, 0x28, 0xe6, 0x45, 0x5d, 0xea, 0xae, 0x4e, 0x17, 0x8a, 0x88, 0xe8, + 0x68, 0xce, 0x44, 0xc5, 0xd2, 0xf9, 0xef, 0x10, 0x20, 0xe6, 0x07, 0x08, + 0x47, 0xde, 0xaa, 0xb4, 0xda, 0x38, 0x5e, 0xf2, 0x2e, 0xc4, 0x94, 0x01, + 0xba, 0xc4, 0x57, 0xf1, 0xee, 0x51, 0xba, 0x38, 0x13, 0x30, +}; +/* END FILE */ + +/* This macro was generated from tests/scripts/generate_test_keys.py */ +/* BEGIN FILE string macro test_ec_secp256r1 */ +const unsigned char test_ec_secp256r1[] = { + 0x30, 0x77, 0x02, 0x01, 0x01, 0x04, 0x20, 0x9e, 0x24, 0x0a, 0x03, 0x94, + 0x40, 0x32, 0xf9, 0x9b, 0x41, 0xfd, 0x83, 0x4d, 0xa9, 0x31, 0x98, 0xaf, + 0xa3, 0x09, 0x6e, 0xc3, 0x05, 0x39, 0xb6, 0x67, 0xb0, 0x32, 0x83, 0x22, + 0xd1, 0xe2, 0x93, 0xa0, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, + 0x03, 0x01, 0x07, 0xa1, 0x44, 0x03, 0x42, 0x00, 0x04, 0x78, 0xfa, 0x74, + 0x37, 0x63, 0x6d, 0xda, 0x49, 0xa5, 0x6b, 0x33, 0x0d, 0x5b, 0xc1, 0x39, + 0x67, 0x83, 0x1a, 0x18, 0x9c, 0x31, 0xf4, 0x83, 0xc3, 0xfe, 0xc1, 0x96, + 0x7d, 0x22, 0x21, 0x51, 0x52, 0x78, 0x46, 0x50, 0xdc, 0x92, 0xb9, 0x0b, + 0xf0, 0xe5, 0x80, 0x00, 0xc4, 0x07, 0x7d, 0x16, 0xe0, 0x09, 0x55, 0x29, + 0x9d, 0x3c, 0x53, 0x42, 0xf4, 0x58, 0xff, 0x93, 0xc1, 0xaa, 0x23, 0xd5, + 0x3e, +}; +/* END FILE */ + +/* This macro was generated from tests/scripts/generate_test_keys.py */ +/* BEGIN FILE string macro test_ec_secp384r1 */ +const unsigned char test_ec_secp384r1[] = { + 0x30, 0x81, 0xa4, 0x02, 0x01, 0x01, 0x04, 0x30, 0x59, 0x92, 0x61, 0x10, + 0xdd, 0x83, 0x76, 0x99, 0xb5, 0xc4, 0x08, 0xe3, 0x3d, 0xb8, 0x8c, 0xac, + 0x5d, 0x46, 0x7f, 0x96, 0x9f, 0x7c, 0x40, 0xa0, 0xbf, 0xe8, 0xf0, 0x6b, + 0xcf, 0x1d, 0x2a, 0xe8, 0xb1, 0x90, 0xb1, 0x6c, 0xc3, 0xcf, 0x01, 0x9f, + 0xc4, 0x2c, 0x0e, 0x9b, 0x05, 0x07, 0xce, 0xed, 0xa0, 0x07, 0x06, 0x05, + 0x2b, 0x81, 0x04, 0x00, 0x22, 0xa1, 0x64, 0x03, 0x62, 0x00, 0x04, 0x90, + 0x73, 0x8b, 0xcc, 0x2a, 0x0d, 0x1e, 0xcc, 0x6e, 0x4e, 0x14, 0xbc, 0x51, + 0x2c, 0xb6, 0xce, 0xdb, 0xb2, 0xc2, 0xdd, 0x20, 0xf6, 0xf5, 0x20, 0xa7, + 0xff, 0x98, 0x37, 0x2a, 0x8c, 0x35, 0xe2, 0xf8, 0x3e, 0xf1, 0xd6, 0x5e, + 0x79, 0x84, 0xe8, 0x43, 0x04, 0x9c, 0xc3, 0xe0, 0xfe, 0x2f, 0x4f, 0x82, + 0xb1, 0xee, 0xec, 0x2b, 0x11, 0x49, 0x8f, 0xb4, 0x77, 0xce, 0x74, 0x11, + 0xbb, 0x16, 0x6b, 0x69, 0xd2, 0xee, 0x01, 0xff, 0x99, 0xd1, 0x0f, 0x57, + 0x46, 0x2d, 0x83, 0xfe, 0x17, 0x4d, 0xcc, 0x59, 0x7d, 0xa5, 0x4a, 0x52, + 0x39, 0x4f, 0x6a, 0xe1, 0xb6, 0x21, 0xbe, 0x74, 0x72, 0xd2, 0x51, +}; +/* END FILE */ + +/* This macro was generated from tests/scripts/generate_test_keys.py */ +/* BEGIN FILE string macro test_ec_secp521r1 */ +const unsigned char test_ec_secp521r1[] = { + 0x30, 0x81, 0xdc, 0x02, 0x01, 0x01, 0x04, 0x42, 0x00, 0x51, 0xcf, 0xff, + 0x6d, 0x27, 0x46, 0x89, 0x81, 0x7e, 0x9d, 0x99, 0x5a, 0x28, 0x6b, 0x2b, + 0x69, 0x55, 0xdb, 0x5b, 0xde, 0x1c, 0x47, 0x69, 0x05, 0x99, 0x9e, 0xa3, + 0x81, 0x5b, 0x5c, 0x4c, 0xe8, 0x7e, 0xde, 0x0a, 0x58, 0x52, 0x05, 0x0a, + 0x26, 0xac, 0x4b, 0xb0, 0x55, 0x2d, 0xdf, 0xab, 0x0e, 0x3e, 0x17, 0x27, + 0xca, 0x8c, 0xc1, 0x5b, 0x2b, 0xf1, 0x51, 0x5f, 0x33, 0xee, 0x91, 0xb8, + 0x68, 0x28, 0xa0, 0x07, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x23, 0xa1, + 0x81, 0x89, 0x03, 0x81, 0x86, 0x00, 0x04, 0x01, 0xcf, 0xdb, 0xee, 0xaf, + 0xc1, 0x2a, 0xa1, 0x07, 0x67, 0x1d, 0x48, 0xea, 0x61, 0x17, 0xd0, 0x16, + 0x7e, 0x91, 0x41, 0x59, 0x67, 0x53, 0x86, 0x4d, 0xe5, 0xc8, 0xfe, 0xc5, + 0x0d, 0x17, 0xab, 0x8d, 0x30, 0xff, 0x00, 0xf9, 0x52, 0x2e, 0x87, 0x49, + 0xc2, 0xe1, 0x37, 0x10, 0x9a, 0xd5, 0x78, 0xbe, 0x41, 0x0f, 0x28, 0xbe, + 0x2b, 0x13, 0x69, 0x1f, 0xb2, 0xbc, 0xde, 0x26, 0x41, 0x58, 0xe7, 0x1b, + 0x23, 0x00, 0x37, 0xe9, 0x1d, 0x15, 0x23, 0x0b, 0x52, 0xfb, 0x4b, 0xb7, + 0x8e, 0xa7, 0x19, 0x5b, 0x0d, 0x63, 0x60, 0xaf, 0x55, 0xd5, 0xba, 0xed, + 0xe2, 0xfb, 0x06, 0x8b, 0xd5, 0x45, 0xd3, 0x1e, 0x40, 0x99, 0xba, 0x3a, + 0x2a, 0xa2, 0x54, 0x2a, 0x28, 0x6b, 0x7c, 0xe6, 0x4c, 0x61, 0xf6, 0x2c, + 0x3c, 0x3c, 0xda, 0xc4, 0x28, 0xf8, 0x1d, 0x99, 0x6e, 0xc3, 0x10, 0x25, + 0x23, 0xe5, 0x75, 0x57, 0x6e, 0x70, 0xff, +}; +/* END FILE */ + +/* This macro was generated from tests/scripts/generate_test_keys.py */ +/* BEGIN FILE string macro test_ec_bp256r1 */ +const unsigned char test_ec_bp256r1[] = { + 0x30, 0x78, 0x02, 0x01, 0x01, 0x04, 0x20, 0x53, 0xd7, 0x10, 0x63, 0x7f, + 0x58, 0x46, 0x73, 0xcc, 0x4c, 0x8f, 0xdb, 0x43, 0xc5, 0xc5, 0x17, 0x9e, + 0x07, 0xe4, 0x87, 0xc6, 0x80, 0xd5, 0x9e, 0x5e, 0xc8, 0x38, 0x70, 0xc2, + 0x4c, 0xb4, 0xf7, 0xa0, 0x0b, 0x06, 0x09, 0x2b, 0x24, 0x03, 0x03, 0x02, + 0x08, 0x01, 0x01, 0x07, 0xa1, 0x44, 0x03, 0x42, 0x00, 0x04, 0x49, 0xcd, + 0x94, 0xf2, 0x2b, 0x12, 0xff, 0x6e, 0xdf, 0x5f, 0x1a, 0xab, 0xf1, 0x49, + 0xaa, 0x46, 0x1d, 0x18, 0xb5, 0xa1, 0x4e, 0xd3, 0x88, 0x62, 0x01, 0x42, + 0x9b, 0x9e, 0xa0, 0xc1, 0x38, 0x24, 0x3f, 0x64, 0x8c, 0xf6, 0x65, 0xd7, + 0x7c, 0x4a, 0xad, 0x86, 0xe4, 0x2f, 0xf8, 0x20, 0x21, 0xb7, 0x7b, 0x50, + 0x9e, 0xf6, 0xa2, 0x44, 0x41, 0x63, 0xae, 0xd9, 0xd3, 0xaf, 0x35, 0x97, + 0xc7, 0x02, +}; +/* END FILE */ + +/* This macro was generated from tests/scripts/generate_test_keys.py */ +/* BEGIN FILE string macro test_ec_bp384r1 */ +const unsigned char test_ec_bp384r1[] = { + 0x30, 0x81, 0xa8, 0x02, 0x01, 0x01, 0x04, 0x30, 0x4a, 0x28, 0x9c, 0xc2, + 0xf0, 0xfd, 0x7c, 0xdb, 0xe3, 0xd1, 0x03, 0xb9, 0xf1, 0x3c, 0xb5, 0xaa, + 0x8e, 0xb6, 0x4d, 0x93, 0xa3, 0xac, 0x1f, 0x4f, 0x1d, 0x67, 0x41, 0x75, + 0x8d, 0x86, 0xd5, 0xd8, 0x19, 0x9e, 0xb8, 0x6a, 0xf9, 0x29, 0x51, 0x26, + 0xbf, 0x70, 0xfc, 0x3e, 0x6f, 0xcf, 0x1e, 0xcc, 0xa0, 0x0b, 0x06, 0x09, + 0x2b, 0x24, 0x03, 0x03, 0x02, 0x08, 0x01, 0x01, 0x0b, 0xa1, 0x64, 0x03, + 0x62, 0x00, 0x04, 0x3d, 0x98, 0x26, 0x32, 0x82, 0xbb, 0xc5, 0x0b, 0x3f, + 0x77, 0x76, 0x91, 0xeb, 0x63, 0xab, 0xa8, 0x4f, 0x13, 0x69, 0x6e, 0x73, + 0x0f, 0x86, 0x23, 0x19, 0x0d, 0xec, 0x85, 0xe9, 0xea, 0xe3, 0x30, 0xfd, + 0x53, 0xef, 0xd2, 0xa1, 0x9c, 0x4d, 0x23, 0xf7, 0x26, 0x02, 0x98, 0x01, + 0x99, 0x95, 0x53, 0x87, 0x16, 0x11, 0x09, 0x8c, 0x34, 0xa9, 0x11, 0xcb, + 0x75, 0x1a, 0x72, 0xa8, 0x82, 0xc5, 0xdb, 0x92, 0x17, 0x59, 0xa6, 0xc0, + 0x16, 0x97, 0xf5, 0xba, 0x6c, 0x5b, 0x87, 0x4d, 0xa4, 0xff, 0x59, 0xeb, + 0xe9, 0xf4, 0x3f, 0x78, 0x6e, 0x5e, 0xff, 0x18, 0x36, 0x4e, 0x06, 0x27, + 0x5b, 0x00, 0x6a, +}; +/* END FILE */ + +/* This macro was generated from tests/scripts/generate_test_keys.py */ +/* BEGIN FILE string macro test_ec_bp512r1 */ +const unsigned char test_ec_bp512r1[] = { + 0x30, 0x81, 0xda, 0x02, 0x01, 0x01, 0x04, 0x40, 0x35, 0x8e, 0xa9, 0xb9, + 0xe1, 0x55, 0xf3, 0x9e, 0x8a, 0x26, 0x8a, 0x9c, 0x29, 0xb1, 0x47, 0xc5, + 0x3e, 0x0e, 0x16, 0x7f, 0x6d, 0x3f, 0x8d, 0x5c, 0x05, 0xe9, 0xc1, 0x52, + 0x76, 0xa2, 0x47, 0x6a, 0x42, 0xd8, 0x30, 0xc2, 0x41, 0x14, 0xf9, 0x05, + 0x3e, 0x9c, 0xfa, 0xa6, 0x49, 0xfe, 0xb4, 0x9d, 0xfb, 0x9c, 0x45, 0x68, + 0x03, 0xb7, 0xae, 0x51, 0xcf, 0x61, 0x41, 0x10, 0x7f, 0xa7, 0xf4, 0x2b, + 0xa0, 0x0b, 0x06, 0x09, 0x2b, 0x24, 0x03, 0x03, 0x02, 0x08, 0x01, 0x01, + 0x0d, 0xa1, 0x81, 0x85, 0x03, 0x81, 0x82, 0x00, 0x04, 0xa7, 0xbf, 0xf3, + 0xd0, 0xa8, 0x3d, 0xad, 0xfc, 0x50, 0x65, 0xbf, 0x30, 0x61, 0x79, 0x39, + 0x64, 0x36, 0xa9, 0x62, 0x74, 0x97, 0x82, 0xc8, 0xba, 0x1b, 0x6a, 0xaa, + 0x48, 0x0f, 0x7f, 0x56, 0x4c, 0xad, 0x47, 0x13, 0x5a, 0x14, 0x50, 0x60, + 0x54, 0xa8, 0x3e, 0x6d, 0xa7, 0x87, 0xfe, 0x1d, 0x41, 0x2b, 0x0a, 0x7e, + 0xaf, 0x0e, 0xe9, 0xcc, 0xce, 0x44, 0x5f, 0x51, 0x88, 0x22, 0x22, 0xf9, + 0x63, 0x6e, 0xdd, 0x99, 0xbb, 0xd5, 0x14, 0x9b, 0x10, 0x30, 0xa3, 0xe6, + 0x60, 0x9a, 0xa9, 0xa4, 0x42, 0x79, 0xa8, 0xd2, 0x74, 0x7e, 0xf9, 0x02, + 0x71, 0x8d, 0xd6, 0xed, 0x52, 0xb1, 0x1b, 0xdb, 0x0d, 0x6f, 0x49, 0xda, + 0x70, 0x5b, 0xf4, 0x70, 0x98, 0x11, 0xa4, 0xec, 0x4c, 0x9d, 0x67, 0x5f, + 0x3b, 0xea, 0x1c, 0x02, 0x46, 0x89, 0xff, 0xc2, 0x33, 0xa3, 0xa9, 0x57, + 0x36, 0xd8, 0x10, 0x0e, 0xf6, +}; +/* END FILE */ + +/* This macro was generated from tests/scripts/generate_test_keys.py */ +/* BEGIN FILE string macro test_ec_curve25519 */ +const unsigned char test_ec_curve25519[] = { + 0x30, 0x2e, 0x02, 0x01, 0x00, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, 0x6e, + 0x04, 0x22, 0x04, 0x20, 0xd0, 0x40, 0x4f, 0x5d, 0xf9, 0x7e, 0x1c, 0x24, + 0xd6, 0x68, 0x08, 0x29, 0x5b, 0xfd, 0x49, 0xaa, 0xd0, 0x6f, 0x8e, 0x44, + 0x13, 0x52, 0x84, 0x07, 0x79, 0x8a, 0xda, 0x69, 0xa2, 0xa0, 0xf6, 0x52, +}; +/* END FILE */ + +/* This macro was generated from tests/scripts/generate_test_keys.py */ +/* BEGIN FILE string macro test_ec_secp192k1 */ +const unsigned char test_ec_secp192k1[] = { + 0x30, 0x5c, 0x02, 0x01, 0x01, 0x04, 0x18, 0xca, 0xa6, 0x5e, 0x57, 0x3d, + 0xb3, 0x0f, 0x12, 0x29, 0x4f, 0x5e, 0xc8, 0xb3, 0x3f, 0x6a, 0x1a, 0x8d, + 0x32, 0xb9, 0x9d, 0xbe, 0x0f, 0x7b, 0x95, 0xa0, 0x07, 0x06, 0x05, 0x2b, + 0x81, 0x04, 0x00, 0x1f, 0xa1, 0x34, 0x03, 0x32, 0x00, 0x04, 0x31, 0x24, + 0xcf, 0x44, 0xb3, 0x62, 0x5a, 0x1d, 0xb6, 0xfd, 0xf7, 0xee, 0x5c, 0x65, + 0x8c, 0x43, 0x6b, 0x05, 0x17, 0xe5, 0x12, 0x75, 0xf8, 0xe2, 0xbd, 0xb1, + 0xf2, 0x0e, 0x66, 0xae, 0x39, 0xad, 0xc6, 0x6d, 0xb8, 0x02, 0xb2, 0x72, + 0x4a, 0xd5, 0x37, 0xdc, 0x23, 0x00, 0x28, 0x6e, 0x1b, 0x98, +}; +/* END FILE */ + +/* This macro was generated from tests/scripts/generate_test_keys.py */ +/* BEGIN FILE string macro test_ec_secp256k1 */ +const unsigned char test_ec_secp256k1[] = { + 0x30, 0x74, 0x02, 0x01, 0x01, 0x04, 0x20, 0x3a, 0x18, 0xe9, 0x5c, 0x8e, + 0xde, 0xb5, 0x8e, 0x1b, 0xd5, 0x36, 0xa6, 0x01, 0xb6, 0x3d, 0x4c, 0xe1, + 0x86, 0x65, 0x3b, 0x77, 0xb5, 0xfd, 0x3c, 0xc8, 0x6f, 0x15, 0x16, 0x0b, + 0x16, 0x88, 0x80, 0xa0, 0x07, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x0a, + 0xa1, 0x44, 0x03, 0x42, 0x00, 0x04, 0x0f, 0x63, 0x3a, 0x58, 0xa9, 0xc1, + 0xbb, 0x56, 0x12, 0xe1, 0x3d, 0xff, 0x91, 0x27, 0x06, 0xca, 0x4e, 0x46, + 0xbb, 0xdb, 0x9b, 0xb8, 0x62, 0xec, 0xd9, 0x39, 0xa8, 0x02, 0x08, 0x1c, + 0x1c, 0xb8, 0x0d, 0xe1, 0x28, 0xeb, 0x06, 0xca, 0xb6, 0x50, 0x5e, 0x99, + 0xe0, 0x24, 0x20, 0xef, 0x72, 0xe6, 0x5d, 0x27, 0x96, 0x25, 0x7f, 0x6e, + 0xf6, 0x65, 0x43, 0xe1, 0xaf, 0x6c, 0x71, 0x86, 0x29, 0xb8, +}; +/* END FILE */ + +/* This macro was generated from tests/scripts/generate_test_keys.py */ +/* BEGIN FILE string macro test_ec_curve448 */ +const unsigned char test_ec_curve448[] = { + 0x30, 0x46, 0x02, 0x01, 0x00, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, 0x6f, + 0x04, 0x3a, 0x04, 0x38, 0x74, 0xe8, 0x0c, 0xd1, 0xf3, 0x1d, 0x38, 0xae, + 0x1d, 0x57, 0x6e, 0xfd, 0x8a, 0x5f, 0xc2, 0xf0, 0x48, 0x95, 0x41, 0xc9, + 0x75, 0x31, 0x6f, 0x80, 0xea, 0xc2, 0xdf, 0x0f, 0x86, 0xc6, 0xda, 0x0a, + 0x6f, 0x6e, 0xeb, 0x45, 0xc0, 0x03, 0xbf, 0x13, 0xb3, 0x43, 0xa1, 0xb2, + 0x57, 0x27, 0xd4, 0xc7, 0xc7, 0x7a, 0xf7, 0x29, 0xa7, 0x78, 0xe1, 0xe9, +}; +/* END FILE */ diff --git a/tests/suites/test_suite_pk.function b/tests/suites/test_suite_pk.function index d1fb85eff2..2fa1244ce3 100644 --- a/tests/suites/test_suite_pk.function +++ b/tests/suites/test_suite_pk.function @@ -187,36 +187,46 @@ #if defined(MBEDTLS_PK_PARSE_C) #include <../src/test_keys.h> -static int get_predefined_key_data(int is_rsa, int curve_or_keybits, - unsigned char **outbuf, size_t *out_buf_size) +struct key_lut_element { + int curve_or_keybits; + const unsigned char *key; + size_t key_len; +}; + +struct key_lut_element keys_lut[] = { + { 1024, test_rsa_1024, sizeof(test_rsa_1024) }, + { 1026, test_rsa_1026, sizeof(test_rsa_1026) }, + { 1028, test_rsa_1028, sizeof(test_rsa_1028) }, + { 1030, test_rsa_1030, sizeof(test_rsa_1030) }, + { 2048, test_rsa_2048, sizeof(test_rsa_2048) }, + { 4096, test_rsa_4096, sizeof(test_rsa_4096) }, + { MBEDTLS_ECP_DP_SECP192R1, test_ec_secp192r1, sizeof(test_ec_secp192r1) }, + { MBEDTLS_ECP_DP_SECP224R1, test_ec_secp224r1, sizeof(test_ec_secp224r1) }, + { MBEDTLS_ECP_DP_SECP256R1, test_ec_secp256r1, sizeof(test_ec_secp256r1) }, + { MBEDTLS_ECP_DP_SECP384R1, test_ec_secp384r1, sizeof(test_ec_secp384r1) }, + { MBEDTLS_ECP_DP_SECP521R1, test_ec_secp521r1, sizeof(test_ec_secp521r1) }, + { MBEDTLS_ECP_DP_BP256R1, test_ec_bp256r1, sizeof(test_ec_bp256r1) }, + { MBEDTLS_ECP_DP_BP384R1, test_ec_bp384r1, sizeof(test_ec_bp384r1) }, + { MBEDTLS_ECP_DP_BP512R1, test_ec_bp512r1, sizeof(test_ec_bp512r1) }, + { MBEDTLS_ECP_DP_CURVE25519, test_ec_curve25519, sizeof(test_ec_curve25519) }, + { MBEDTLS_ECP_DP_SECP192K1, test_ec_secp192k1, sizeof(test_ec_secp192k1) }, + { MBEDTLS_ECP_DP_SECP256K1, test_ec_secp256k1, sizeof(test_ec_secp256k1) }, + { MBEDTLS_ECP_DP_CURVE448, test_ec_curve448, sizeof(test_ec_curve448) }, +}; + +static int get_predefined_key_data(int curve_or_keybits, + const unsigned char **key, size_t *key_len) { - const char *key_data_hex = NULL; - size_t out_buf_len = 0; - - if (is_rsa) { - size_t i; - for (i = 0; i < ARRAY_LENGTH(rsa_key_data_lut); i++) { - if (curve_or_keybits == rsa_key_data_lut[i].bits) { - key_data_hex = rsa_key_data_lut[i].key; - break; - } + size_t i; + for (i = 0; i < ARRAY_LENGTH(keys_lut); i++) { + if (curve_or_keybits == keys_lut[i].curve_or_keybits) { + *key = keys_lut[i].key; + *key_len = keys_lut[i].key_len; + return 0; } - } else { - key_data_hex = ec_key_data_lut[curve_or_keybits]; } - if (key_data_hex == NULL) { - return MBEDTLS_ERR_PK_BAD_INPUT_DATA; - } - - *out_buf_size = strlen(key_data_hex)/2; - *outbuf = mbedtls_calloc(*out_buf_size, sizeof(unsigned char)); - if (*outbuf == NULL) { - return MBEDTLS_ERR_PK_ALLOC_FAILED; - } - mbedtls_test_unhexify(*outbuf, *out_buf_size, key_data_hex, &out_buf_len); - - return 0; + return MBEDTLS_ERR_PK_BAD_INPUT_DATA; } /** Fill the provided PK context with a proper key. @@ -237,12 +247,11 @@ static int get_predefined_key_data(int is_rsa, int curve_or_keybits, */ static int pk_genkey(mbedtls_pk_context *pk, const mbedtls_pk_info_t *pk_info, int curve_or_keybits) { - unsigned char *key_data = NULL; + const unsigned char *key_data = NULL; size_t key_data_len = 0; int ret = MBEDTLS_ERR_PK_BAD_INPUT_DATA; - int is_rsa = (curve_or_keybits >= 1024); - TEST_EQUAL(get_predefined_key_data(is_rsa, curve_or_keybits, &key_data, &key_data_len), 0); + TEST_EQUAL(get_predefined_key_data(curve_or_keybits, &key_data, &key_data_len), 0); TEST_EQUAL(mbedtls_pk_parse_key(pk, key_data, key_data_len, NULL, 0, mbedtls_test_rnd_std_rand, NULL), 0); /* Override pk_info. */ @@ -250,7 +259,6 @@ static int pk_genkey(mbedtls_pk_context *pk, const mbedtls_pk_info_t *pk_info, i ret = 0; exit: - mbedtls_free(key_data); return ret; } @@ -278,11 +286,11 @@ psa_status_t pk_psa_genkey(psa_key_type_t type, size_t bits, { psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; psa_status_t status = PSA_ERROR_GENERIC_ERROR; - unsigned char *key_data = NULL; + const unsigned char *key_data = NULL; size_t key_data_size = 0; /* Overall size of key_data in bytes. It includes leading * zeros (if any). */ size_t key_data_len = 0; /* Length of valid bytes in key_data. */ - unsigned char *key_data_start; + const unsigned char *key_data_start; /* Get the predefined key: * - RSA keys are already in a valid format to be imported into PSA. @@ -291,16 +299,16 @@ psa_status_t pk_psa_genkey(psa_key_type_t type, size_t bits, * unrelevant data and go directly to the private key. */ if (PSA_KEY_TYPE_IS_RSA(type)) { - TEST_EQUAL(get_predefined_key_data(1, bits, &key_data, &key_data_size), 0); - key_data_start = key_data; + TEST_EQUAL(get_predefined_key_data(bits, &key_data, &key_data_size), 0); + key_data_start = (unsigned char *) key_data; key_data_len = key_data_size; } else { mbedtls_ecp_group_id grp_id; grp_id = mbedtls_ecc_group_from_psa(PSA_KEY_TYPE_ECC_GET_FAMILY(type), bits); - TEST_EQUAL(get_predefined_key_data(0, grp_id, &key_data, &key_data_size), 0); + TEST_EQUAL(get_predefined_key_data(grp_id, &key_data, &key_data_size), 0); - unsigned char *p = key_data; - unsigned char *end = key_data + key_data_size; + unsigned char *p = (unsigned char *) key_data; + unsigned char *end = (unsigned char *) key_data + key_data_size; size_t len; int version; @@ -325,7 +333,6 @@ psa_status_t pk_psa_genkey(psa_key_type_t type, size_t bits, status = psa_import_key(&attributes, key_data_start, key_data_len, key); exit: - mbedtls_free(key_data); return status; } #endif /* MBEDTLS_PSA_CRYPTO_CLIENT */ From 390f276822081164ffd05f5abf5e3b2f419462e2 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Tue, 2 Apr 2024 11:31:33 +0200 Subject: [PATCH 048/429] pk: fix unused variable in copy_from_psa() key_bits is unused when neither MBEDTLS_RSA_C or MBEDTLS_PK_HAVE_ECC_KEYS are defined. Signed-off-by: Valerio Setti --- library/pk.c | 1 + 1 file changed, 1 insertion(+) diff --git a/library/pk.c b/library/pk.c index 097777f2c0..fb27cb5e51 100644 --- a/library/pk.c +++ b/library/pk.c @@ -968,6 +968,7 @@ static int copy_from_psa(mbedtls_svc_key_id_t key_id, } else #endif /* MBEDTLS_PK_HAVE_ECC_KEYS */ { + (void) key_bits; return MBEDTLS_ERR_PK_BAD_INPUT_DATA; } From d64fcee58ca57bc3e8fe0203633dfbbfab2afd54 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Tue, 2 Apr 2024 12:25:56 +0200 Subject: [PATCH 049/429] tests: ssl: Fix dependencies of SRV TLS 1.3 session serialization tests Signed-off-by: Ronald Cron --- tests/suites/test_suite_ssl.data | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/tests/suites/test_suite_ssl.data b/tests/suites/test_suite_ssl.data index c4498ce14a..d6bf16a673 100644 --- a/tests/suites/test_suite_ssl.data +++ b/tests/suites/test_suite_ssl.data @@ -946,19 +946,19 @@ depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_CLI_C:MBEDTLS_SSL_SESSION_TICKET ssl_session_serialize_version_check:0:0:0:1:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_VERSION_TLS1_3 TLS 1.3: SRV: session serialization: Wrong major version -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_CLI_C:MBEDTLS_SSL_SESSION_TICKETS +depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_SRV_C:MBEDTLS_SSL_SESSION_TICKETS ssl_session_serialize_version_check:1:0:0:0:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_VERSION_TLS1_3 TLS 1.3: SRV: session serialization: Wrong minor version -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_CLI_C:MBEDTLS_SSL_SESSION_TICKETS +depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_SRV_C:MBEDTLS_SSL_SESSION_TICKETS ssl_session_serialize_version_check:0:1:0:0:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_VERSION_TLS1_3 TLS 1.3: SRV: session serialization: Wrong patch version -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_CLI_C:MBEDTLS_SSL_SESSION_TICKETS +depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_SRV_C:MBEDTLS_SSL_SESSION_TICKETS ssl_session_serialize_version_check:0:0:1:0:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_VERSION_TLS1_3 TLS 1.3: SRV: session serialization: Wrong config -depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_CLI_C:MBEDTLS_SSL_SESSION_TICKETS +depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_SRV_C:MBEDTLS_SSL_SESSION_TICKETS ssl_session_serialize_version_check:0:0:0:1:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_VERSION_TLS1_3 Test Session id & Ciphersuite accessors TLS 1.2 From 9785cf1821dc180661dbbfbbdef8a6298b3fb18a Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Wed, 27 Mar 2024 14:14:12 +0100 Subject: [PATCH 050/429] Add RSA key certificates Add RSA key certificates using SHA256 instead of SHA1 for the signature algorithm. Those are needed for some TLS 1.3 compatibility tests with OpenSSL 3 to avoid having to enable in OpenSSL 3 the support for the deprecated SHA-1 based signature algorithms. Signed-off-by: Ronald Cron --- tests/data_files/Makefile | 16 ++++++++++++++++ tests/data_files/server2-sha256.ku-ds.crt | 20 ++++++++++++++++++++ tests/data_files/server2-sha256.ku-ds_ke.crt | 20 ++++++++++++++++++++ tests/data_files/server2-sha256.ku-ka.crt | 20 ++++++++++++++++++++ tests/data_files/server2-sha256.ku-ke.crt | 20 ++++++++++++++++++++ 5 files changed, 96 insertions(+) create mode 100644 tests/data_files/server2-sha256.ku-ds.crt create mode 100644 tests/data_files/server2-sha256.ku-ds_ke.crt create mode 100644 tests/data_files/server2-sha256.ku-ka.crt create mode 100644 tests/data_files/server2-sha256.ku-ke.crt diff --git a/tests/data_files/Makefile b/tests/data_files/Makefile index d6df19c20c..01d2379d1e 100644 --- a/tests/data_files/Makefile +++ b/tests/data_files/Makefile @@ -1765,6 +1765,22 @@ server2-sha256.crt: server2.req.sha256 $(MBEDTLS_CERT_WRITE) request_file=server2.req.sha256 serial=2 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20190210144406 not_after=20290210144406 md=SHA256 version=3 output_file=$@ all_final += server2-sha256.crt +server2-sha256.ku-ka.crt: SERVER2_CRT_SERIAL=22 +server2-sha256.ku-ka.crt: SERVER2_KEY_USAGE=key_agreement +server2-sha256.ku-ke.crt: SERVER2_CRT_SERIAL=23 +server2-sha256.ku-ke.crt: SERVER2_KEY_USAGE=key_encipherment +server2-sha256.ku-ds.crt: SERVER2_CRT_SERIAL=24 +server2-sha256.ku-ds.crt: SERVER2_KEY_USAGE=digital_signature +server2-sha256.ku-ds_ke.crt: SERVER2_CRT_SERIAL=28 +server2-sha256.ku-ds_ke.crt: SERVER2_KEY_USAGE=digital_signature,key_encipherment +server2-sha256.ku-%.crt: server2.req.sha256 + $(MBEDTLS_CERT_WRITE) request_file=server2.req.sha256 serial=$(SERVER2_CRT_SERIAL) \ + issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) \ + key_usage="$(SERVER2_KEY_USAGE)" \ + not_before=20190210144406 not_after=20290210144406 md=SHA256 version=3 output_file=$@ +all_final += server2-sha256.ku-ka.crt server2-sha256.ku-ke.crt server2-sha256.ku-ds.crt server2-sha256.ku-ds_ke.crt + +all_final += server2.ku-ka.crt server2.ku-ke.crt server2.ku-ds.crt server2.ku-ds_ke.crt server2.ku-ka.crt: SERVER2_CRT_SERIAL=42 server2.ku-ka.crt: SERVER2_KEY_USAGE=key_agreement server2.ku-ke.crt: SERVER2_CRT_SERIAL=43 diff --git a/tests/data_files/server2-sha256.ku-ds.crt b/tests/data_files/server2-sha256.ku-ds.crt new file mode 100644 index 0000000000..0d4866c5cb --- /dev/null +++ b/tests/data_files/server2-sha256.ku-ds.crt @@ -0,0 +1,20 @@ +-----BEGIN CERTIFICATE----- +MIIDRzCCAi+gAwIBAgIBGDANBgkqhkiG9w0BAQsFADA7MQswCQYDVQQGEwJOTDER +MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN +MTkwMjEwMTQ0NDA2WhcNMjkwMjEwMTQ0NDA2WjA0MQswCQYDVQQGEwJOTDERMA8G +A1UECgwIUG9sYXJTU0wxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcN +AQEBBQADggEPADCCAQoCggEBAMFNo93nzR3RBNdJcriZrA545Do8Ss86ExbQWuTN +owCIp+4ea5anUrSQ7y1yej4kmvy2NKwk9XfgJmSMnLAofaHa6ozmyRyWvP7BBFKz +NtSj+uGxdtiQwWG0ZlI2oiZTqqt0Xgd9GYLbKtgfoNkNHC1JZvdbJXNG6AuKT2kM +tQCQ4dqCEGZ9rlQri2V5kaHiYcPNQEkI7mgM8YuG0ka/0LiqEQMef1aoGh5EGA8P +hYvai0Re4hjGYi/HZo36Xdh98yeJKQHFkA4/J/EwyEoO79bex8cna8cFPXrEAjya +HT4P6DSYW8tzS1KW2BGiLICIaTla0w+w3lkvEcf36hIBMJcCAwEAAaNdMFswCQYD +VR0TBAIwADAdBgNVHQ4EFgQUpQXoZLjc32APUBJNYKhkr02LQ5MwHwYDVR0jBBgw +FoAUtFrkpbPe0lL2udWmlQ/rPrzH/f8wDgYDVR0PAQH/BAQDAgeAMA0GCSqGSIb3 +DQEBCwUAA4IBAQAtKutVrQunnzOQg3TP2vnOT8Qr5LrbvsSBaPEm21Oxkpr0gJcC +/BgON5WrBdfpEDZ5jOMGgqdF3AxFzh/Zw1EBr2y2wIcleodtzV5j2fTQV9MPYJ9z +XYfhNsr9idt/i4YCqJSe6lB/+GG/p+9jtMLGMjfSkNnG7ppa7Sv6NVsAxgbKskTw +WU/z7T7Y/afK5omAPpHfWddzCl5o+o9VFi5scYyjv2iNPkRiTMDh4bE8RVm9vxcf +TMH14TSa1Y6OkaTuzJLbU3V8yJZ67s2SK89Trd75SQ+B62nZYe+0NG+6b2s+D97y +ex2x2EbfK/nxEL2Gv7/xG4gcpzxmKObhPpsS +-----END CERTIFICATE----- diff --git a/tests/data_files/server2-sha256.ku-ds_ke.crt b/tests/data_files/server2-sha256.ku-ds_ke.crt new file mode 100644 index 0000000000..e89e17dda2 --- /dev/null +++ b/tests/data_files/server2-sha256.ku-ds_ke.crt @@ -0,0 +1,20 @@ +-----BEGIN CERTIFICATE----- +MIIDRzCCAi+gAwIBAgIBHDANBgkqhkiG9w0BAQsFADA7MQswCQYDVQQGEwJOTDER +MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN +MTkwMjEwMTQ0NDA2WhcNMjkwMjEwMTQ0NDA2WjA0MQswCQYDVQQGEwJOTDERMA8G +A1UECgwIUG9sYXJTU0wxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcN +AQEBBQADggEPADCCAQoCggEBAMFNo93nzR3RBNdJcriZrA545Do8Ss86ExbQWuTN +owCIp+4ea5anUrSQ7y1yej4kmvy2NKwk9XfgJmSMnLAofaHa6ozmyRyWvP7BBFKz +NtSj+uGxdtiQwWG0ZlI2oiZTqqt0Xgd9GYLbKtgfoNkNHC1JZvdbJXNG6AuKT2kM +tQCQ4dqCEGZ9rlQri2V5kaHiYcPNQEkI7mgM8YuG0ka/0LiqEQMef1aoGh5EGA8P +hYvai0Re4hjGYi/HZo36Xdh98yeJKQHFkA4/J/EwyEoO79bex8cna8cFPXrEAjya +HT4P6DSYW8tzS1KW2BGiLICIaTla0w+w3lkvEcf36hIBMJcCAwEAAaNdMFswCQYD +VR0TBAIwADAdBgNVHQ4EFgQUpQXoZLjc32APUBJNYKhkr02LQ5MwHwYDVR0jBBgw +FoAUtFrkpbPe0lL2udWmlQ/rPrzH/f8wDgYDVR0PAQH/BAQDAgWgMA0GCSqGSIb3 +DQEBCwUAA4IBAQBZBDKh6TRkGh9ro5l/Rv6/LE9slTLCrAAjCA6fT2dig6WsijmK +OLwjjuWRdKT+SPrm+42db4j++KcPVk/HwPNkbcXF7sAHy13DGi47mi7ySKqCiOZ8 +RVnpBWjZJpMzXi5l8RgXGK10v2C4iPX3E7iRw+CYTZjOWfjnzHUWqQ93eu3s6OU3 +3FobrPFKYkS9CvqvbGBIqpv8TTAoAvUAsjUbQHY2SlqlJLw2DUmewmeBzS2ItNyp +BO367lTm03z+nG77pZYOhgxch8EA2RcIuoEExj0tHZcG3JLOz60ijqqG1lxjrTXV +qMDRttuL8jisekj4gZD90T9JdMHpz8goNhO7 +-----END CERTIFICATE----- diff --git a/tests/data_files/server2-sha256.ku-ka.crt b/tests/data_files/server2-sha256.ku-ka.crt new file mode 100644 index 0000000000..326876be58 --- /dev/null +++ b/tests/data_files/server2-sha256.ku-ka.crt @@ -0,0 +1,20 @@ +-----BEGIN CERTIFICATE----- +MIIDRzCCAi+gAwIBAgIBFjANBgkqhkiG9w0BAQsFADA7MQswCQYDVQQGEwJOTDER +MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN +MTkwMjEwMTQ0NDA2WhcNMjkwMjEwMTQ0NDA2WjA0MQswCQYDVQQGEwJOTDERMA8G +A1UECgwIUG9sYXJTU0wxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcN +AQEBBQADggEPADCCAQoCggEBAMFNo93nzR3RBNdJcriZrA545Do8Ss86ExbQWuTN +owCIp+4ea5anUrSQ7y1yej4kmvy2NKwk9XfgJmSMnLAofaHa6ozmyRyWvP7BBFKz +NtSj+uGxdtiQwWG0ZlI2oiZTqqt0Xgd9GYLbKtgfoNkNHC1JZvdbJXNG6AuKT2kM +tQCQ4dqCEGZ9rlQri2V5kaHiYcPNQEkI7mgM8YuG0ka/0LiqEQMef1aoGh5EGA8P +hYvai0Re4hjGYi/HZo36Xdh98yeJKQHFkA4/J/EwyEoO79bex8cna8cFPXrEAjya +HT4P6DSYW8tzS1KW2BGiLICIaTla0w+w3lkvEcf36hIBMJcCAwEAAaNdMFswCQYD +VR0TBAIwADAdBgNVHQ4EFgQUpQXoZLjc32APUBJNYKhkr02LQ5MwHwYDVR0jBBgw +FoAUtFrkpbPe0lL2udWmlQ/rPrzH/f8wDgYDVR0PAQH/BAQDAgMIMA0GCSqGSIb3 +DQEBCwUAA4IBAQBsd9wHhcSkcO/AyrHRw33RVgdydoUIcopGHCnl+6ThQj9lM2cF +eh7Zdu2GVyd2yyIeI7c+N1w1NOLxXYk4vviU6J/Jol706UefflMEMHIwgJqakWdj +uq8o7CTOEhMpzSE6AfNj02jLb3qrkoJGB+STIwgx2IYdDzTrIr2Cb2T9zbDJCQBd +l2PTVR5id/+Uy4h+2KNJzgRgOUIPc0eFN0aE5a7IHRx3q7h5h/DbBaQU4tVmaAYF +o/6XlBvwVxan87w+hLfnFHUO7eMe0jnLvH2O+MW4ZeYh4VP2Jq7cLJQgTfCbFK9L +PNG8gfhW71rcMRTxwKM5qziJ8h6PeomSglsO +-----END CERTIFICATE----- diff --git a/tests/data_files/server2-sha256.ku-ke.crt b/tests/data_files/server2-sha256.ku-ke.crt new file mode 100644 index 0000000000..ca5c3c76b2 --- /dev/null +++ b/tests/data_files/server2-sha256.ku-ke.crt @@ -0,0 +1,20 @@ +-----BEGIN CERTIFICATE----- +MIIDRzCCAi+gAwIBAgIBFzANBgkqhkiG9w0BAQsFADA7MQswCQYDVQQGEwJOTDER +MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN +MTkwMjEwMTQ0NDA2WhcNMjkwMjEwMTQ0NDA2WjA0MQswCQYDVQQGEwJOTDERMA8G +A1UECgwIUG9sYXJTU0wxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcN +AQEBBQADggEPADCCAQoCggEBAMFNo93nzR3RBNdJcriZrA545Do8Ss86ExbQWuTN +owCIp+4ea5anUrSQ7y1yej4kmvy2NKwk9XfgJmSMnLAofaHa6ozmyRyWvP7BBFKz +NtSj+uGxdtiQwWG0ZlI2oiZTqqt0Xgd9GYLbKtgfoNkNHC1JZvdbJXNG6AuKT2kM +tQCQ4dqCEGZ9rlQri2V5kaHiYcPNQEkI7mgM8YuG0ka/0LiqEQMef1aoGh5EGA8P +hYvai0Re4hjGYi/HZo36Xdh98yeJKQHFkA4/J/EwyEoO79bex8cna8cFPXrEAjya +HT4P6DSYW8tzS1KW2BGiLICIaTla0w+w3lkvEcf36hIBMJcCAwEAAaNdMFswCQYD +VR0TBAIwADAdBgNVHQ4EFgQUpQXoZLjc32APUBJNYKhkr02LQ5MwHwYDVR0jBBgw +FoAUtFrkpbPe0lL2udWmlQ/rPrzH/f8wDgYDVR0PAQH/BAQDAgUgMA0GCSqGSIb3 +DQEBCwUAA4IBAQAuR/fgNifvtW6ukLxp+VFlYael3kAGJpKhe271fjkaqiyBB9Qt +NfFX1HDq1hJe8c8uf+SgFnY6rg1BjdctrEU92avPYjhpsyYEuSjt9LAtLfpeMaWD +ltem8PNh/lkR+v0xqeYsDcHTv/oR9NfCIqoPFWOPlH7CvLowNbI06D8KkKiWAlL1 +tC62db6T5sOrmcmyjLoKUyerBqCWC+MM4G+AXMdfp54/xLOvkTq/K1cu1oRIGIYL +SSAtVeRQXqwgaH2M2EkN79joF6XnjGG27TN8rCS7gxJm87vZjtZiSFugwhFFHFhX +Gmp9IkBVZKQci1NbTY18l/2wxFYICv486sAV +-----END CERTIFICATE----- From ceea3e26c68011074157150a22cb6ef184d08a92 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Wed, 27 Mar 2024 14:16:40 +0100 Subject: [PATCH 051/429] ssl-opt.sh: Adapt tests to OpenSSL 3 Signed-off-by: Ronald Cron --- tests/ssl-opt.sh | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 3377f151b6..ea1d3cb51f 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -7666,7 +7666,7 @@ requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED run_test "keyUsage cli 1.3: DigitalSignature+KeyEncipherment, RSA: OK" \ "$O_NEXT_SRV_NO_CERT -tls1_3 -num_tickets=0 -key data_files/server2.key \ - -cert data_files/server2.ku-ds_ke.crt" \ + -cert data_files/server2-sha256.ku-ds_ke.crt" \ "$P_CLI debug_level=3" \ 0 \ -C "bad certificate (usage extensions)" \ @@ -7678,7 +7678,7 @@ requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED run_test "keyUsage cli 1.3: KeyEncipherment, RSA: fail" \ "$O_NEXT_SRV_NO_CERT -tls1_3 -num_tickets=0 -key data_files/server2.key \ - -cert data_files/server2.ku-ke.crt" \ + -cert data_files/server2-sha256.ku-ke.crt" \ "$P_CLI debug_level=1" \ 1 \ -c "bad certificate (usage extensions)" \ @@ -7690,7 +7690,7 @@ requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED run_test "keyUsage cli 1.3: KeyAgreement, RSA: fail" \ "$O_NEXT_SRV_NO_CERT -tls1_3 -num_tickets=0 -key data_files/server2.key \ - -cert data_files/server2.ku-ka.crt" \ + -cert data_files/server2-sha256.ku-ka.crt" \ "$P_CLI debug_level=1" \ 1 \ -c "bad certificate (usage extensions)" \ @@ -7789,7 +7789,7 @@ requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ run_test "keyUsage cli-auth 1.3: RSA, DigitalSignature: OK" \ "$P_SRV debug_level=1 force_version=tls13 auth_mode=optional" \ "$O_NEXT_CLI_NO_CERT -key data_files/server2.key \ - -cert data_files/server2.ku-ds.crt" \ + -cert data_files/server2-sha256.ku-ds.crt" \ 0 \ -s "Verifying peer X.509 certificate... ok" \ -S "bad certificate (usage extensions)" \ @@ -7801,7 +7801,7 @@ requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ run_test "keyUsage cli-auth 1.3: RSA, KeyEncipherment: fail (soft)" \ "$P_SRV debug_level=1 force_version=tls13 auth_mode=optional" \ "$O_NEXT_CLI_NO_CERT -key data_files/server2.key \ - -cert data_files/server2.ku-ke.crt" \ + -cert data_files/server2-sha256.ku-ke.crt" \ 0 \ -s "bad certificate (usage extensions)" \ -S "Processing of the Certificate handshake message failed" From c5e81d2e64023fc36fa0711c1fdb955a14d3222a Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Tue, 2 Apr 2024 14:39:53 +0200 Subject: [PATCH 052/429] Use latest installed OpenSSL 3 as OPENSSL_NEXT Signed-off-by: Ronald Cron --- tests/scripts/all.sh | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index e17d5ac9b9..74921dce29 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -44,7 +44,7 @@ # * GNUTLS_{CLI,SERV} = 3.4.10 # * GNUTLS_NEXT_{CLI,SERV} = 3.7.2 # * OPENSSL = 1.0.2g (without Debian/Ubuntu patches) -# * OPENSSL_NEXT = 1.1.1a +# * OPENSSL_NEXT = 3.1.2 # See the invocation of check_tools below for details. # # This script must be invoked from the toplevel directory of a git @@ -195,6 +195,10 @@ pre_initialize_variables () { export CC="clang" fi + if [ -n "${OPENSSL_3+set}" ]; then + export OPENSSL_NEXT="$OPENSSL_3" + fi + # Include more verbose output for failing tests run by CMake or make export CTEST_OUTPUT_ON_FAILURE=1 From 26bc9c2fb83a69c9ddd77ac4d0a1034ab61a74d3 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Tue, 2 Apr 2024 11:33:22 +0200 Subject: [PATCH 053/429] test_suite_pk: fix guards Now that key generation has been replaced with parsing predefined keys, guards for MBEDTLS_PK_PARSE_C need to be added in test code. This commits also removes remaining usage of GENPRIME. Signed-off-by: Valerio Setti --- tests/suites/test_suite_pk.data | 244 ++++++++++++++-------------- tests/suites/test_suite_pk.function | 78 ++++----- 2 files changed, 162 insertions(+), 160 deletions(-) diff --git a/tests/suites/test_suite_pk.data b/tests/suites/test_suite_pk.data index 3ec488ec81..e93c764542 100644 --- a/tests/suites/test_suite_pk.data +++ b/tests/suites/test_suite_pk.data @@ -9,21 +9,21 @@ depends_on:MBEDTLS_RSA_C valid_parameters_pkwrite:"308204a20201000282010100a9021f3d406ad555538bfd36ee82652e15615e89bfb8e84590dbee881652d3f143504796125964876bfd2be046f973beddcf92e1915bed66a06f8929794580d0836ad54143775f397c09044782b0573970eda3ec15191ea8330847c10542a9fd4cc3b4dfdd061f4d1051406773130f40f86d81255f0ab153c6307e1539acf95aee7f929ea6055be7139785b52392d9d42406d50925897507dda61a8f3f0919bead652c64eb959bdcfe415e17a6da6c5b69cc02ba142c16249c4adccdd0f7526773f12da023fd7ef431ca2d70ca890b04db2ea64f706e9ecebd5889e253599e6e5a9265e2883f0c9419a3dde5e89d9513ed29dbab7012dc5aca6b17ab528254b10203010001028201001689f5e89142ae18a6ffb0513715a4b0b4a13b9e5b3729a2bd62d738c6e15cea7bf3a4d85ab2193a0628c9452bb1f0c1af8b132789df1c95e72778bf5330f5b0d915d242d5e0818e85001ed5fa93d1ce13455deb0a15438562e8e3c8d60ec1e4c9ebff9f2b36b9cde9332cc79f0d17a7ae79cc1353cd75409ad9b4b6d7ee3d82af6f3207656cf2ac98947c15c398db0cebf8dc3eef5398269480cdd09411b960273ae3f364da09af849f24aa87346c58618ea91d9d6cd1d3932c80dbfc1f0a4166a9036911999ca27761079f0ce02db02c1c909ff9b4278578d7bb1b54b2b7082fc9e864b6b394e331c0d11a9a68255565b6dd477f4119c5809839520700711102818100d7db987ad86de6a9b0749fb5da80bacde3bebd72dcc83f60a27db74f927ac3661386577bfce5b4a00ad024682401d6aad29713c8e223b53415305ca07559821099b187fdd1bad3dc4dec9da96f5fa6128331e8f7d89f1e1a788698d1a27256dc7cd392f04e531a9e38e7265bf4fd7eec01e7835e9b1a0dd8923e440381be1c2702818100c87025fff7a493c623404966fbc8b32ed164ca620ad1a0ad11ef42fd12118456017856a8b42e5d4ad36104e9dc9f8a2f3003c3957ffddb20e2f4e3fc3cf2cdddae01f57a56de4fd24b91ab6d3e5cc0e8af0473659594a6bbfdaacf958f19c8d508eac12d8977616af6877106288093d37904a139220c1bc278ea56edc086976702818043e708685c7cf5fa9b4f948e1856366d5e1f3a694f9a8e954f884c89f3823ac5798ee12657bfcaba2dac9c47464c6dc2fecc17a531be19da706fee336bb6e47b645dbc71d3eff9856bddeb1ac9b644ffbdd58d7ba9e1240f1faaf797ba8a4d58becbaf85789e1bd979fcfccc209d3db7f0416bc9eef09b3a6d86b8ce8199d4310281804f4b86ccffe49d0d8ace98fb63ea9f708b284ba483d130b6a75cb76cb4e4372d6b41774f20912319420ca4cbfc1b25a8cb5f01d6381f6ebc50ed3ef08010327f5ba2acc1ac7220b3fa6f7399314db2879b0db0b5647abd87abb01295815a5b086491b2c0d81c616ed67ef8a8ce0727f446711d7323d4147b5828a52143c43b4b028180540756beba83c20a0bda11d6dec706a71744ff28090cec079dffb507d82828038fe657f61496a20317f779cb683ce8196c29a6fe28839a282eef4de57773be56808b0c3e2ac7747e2b200b2fbf20b55258cd24622a1ce0099de098ab0855106ae087f08b0c8c346d81619400c1b4838e33ed9ff90f05db8fccf8fb7ab881ca12" PK utils: RSA Minimum key -depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME +depends_on:MBEDTLS_RSA_C pk_utils:MBEDTLS_PK_RSA:MBEDTLS_RSA_GEN_KEY_MIN_BITS:MBEDTLS_RSA_GEN_KEY_MIN_BITS:(MBEDTLS_RSA_GEN_KEY_MIN_BITS + 7) / 8:"RSA" # mbedtls_rsa_gen_key() only supports even sizes, so we don't test min+1, # min+3, etc. PK utils: RSA Minimum key + 2 bits -depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME +depends_on:MBEDTLS_RSA_C pk_utils:MBEDTLS_PK_RSA:MBEDTLS_RSA_GEN_KEY_MIN_BITS + 2:MBEDTLS_RSA_GEN_KEY_MIN_BITS + 2:(MBEDTLS_RSA_GEN_KEY_MIN_BITS + 2 + 7) / 8:"RSA" PK utils: RSA Minimum key + 4 bits -depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME +depends_on:MBEDTLS_RSA_C pk_utils:MBEDTLS_PK_RSA:MBEDTLS_RSA_GEN_KEY_MIN_BITS + 4:MBEDTLS_RSA_GEN_KEY_MIN_BITS + 4:(MBEDTLS_RSA_GEN_KEY_MIN_BITS + 4 + 7) / 8:"RSA" PK utils: RSA Minimum key + 6 bits -depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME +depends_on:MBEDTLS_RSA_C pk_utils:MBEDTLS_PK_RSA:MBEDTLS_RSA_GEN_KEY_MIN_BITS + 6:MBEDTLS_RSA_GEN_KEY_MIN_BITS + 6:(MBEDTLS_RSA_GEN_KEY_MIN_BITS + 6 + 7) / 8:"RSA" PK utils: ECKEY SECP192R1 @@ -63,7 +63,7 @@ depends_on:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_HAV pk_psa_utils:0 PK PSA utilities: RSA setup/free, info functions, unsupported operations -depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME +depends_on:MBEDTLS_RSA_C pk_psa_utils:1 PK can do ext: ECDSA(ANY)/NONE, invalid check STREAM_CIPHER @@ -159,147 +159,147 @@ depends_on:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_HAVE_SECP256R1 pk_can_do_ext:1:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):PSA_KEY_USAGE_DERIVE|PSA_KEY_USAGE_SIGN_HASH:PSA_ALG_ECDH:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):256:PSA_ALG_ECDSA(PSA_ALG_SHA_256):PSA_KEY_USAGE_DERIVE:1 PK can do ext: RSA_PKCS1V15_SIGN(ANY)/NONE, check not allowed COPY usage -depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME +depends_on:MBEDTLS_RSA_C pk_can_do_ext:1:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_SIGN_HASH:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):PSA_ALG_NONE:1024:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):PSA_KEY_USAGE_COPY:0 PK can do ext: RSA_PKCS1V15_SIGN(ANY)/NONE, invalid check STREAM_CIPHER -depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME +depends_on:MBEDTLS_RSA_C pk_can_do_ext:1:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_SIGN_HASH:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):PSA_ALG_NONE:1024:PSA_ALG_STREAM_CIPHER:PSA_KEY_USAGE_SIGN_HASH:0 PK can do ext: RSA_PKCS1V15_SIGN(ANY)/NONE, invalid check ECDSA(SHA256) -depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME +depends_on:MBEDTLS_RSA_C pk_can_do_ext:1:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_SIGN_HASH:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):PSA_ALG_NONE:1024:PSA_ALG_ECDSA(PSA_ALG_SHA_256):PSA_KEY_USAGE_SIGN_HASH:0 PK can do ext: RSA_PKCS1V15_SIGN(ANY)/NONE, invalid check ECDH -depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME +depends_on:MBEDTLS_RSA_C pk_can_do_ext:1:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_SIGN_HASH:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):PSA_ALG_NONE:1024:PSA_ALG_ECDH:PSA_KEY_USAGE_SIGN_HASH:0 PK can do ext: RSA_PKCS1V15_SIGN(ANY)/NONE, invalid check RSA_PKCS1V15_CRYPT -depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME +depends_on:MBEDTLS_RSA_C pk_can_do_ext:1:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_SIGN_HASH:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):PSA_ALG_NONE:1024:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_KEY_USAGE_SIGN_HASH:0 PK can do ext: RSA_PKCS1V15_SIGN(ANY)/NONE, invalid check RSA_PSS(SHA256) -depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME +depends_on:MBEDTLS_RSA_C pk_can_do_ext:1:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_SIGN_HASH:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):PSA_ALG_NONE:1024:PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):PSA_KEY_USAGE_SIGN_HASH:0 PK can do ext: RSA_PKCS1V15_SIGN(ANY)/NONE, check RSA_PKCS1V15_SIGN(SHA256) -depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME +depends_on:MBEDTLS_RSA_C pk_can_do_ext:1:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_SIGN_HASH:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):PSA_ALG_NONE:1024:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):PSA_KEY_USAGE_SIGN_HASH:1 PK can do ext: RSA_PKCS1V15_SIGN(ANY)/NONE, check non-present usage -depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME +depends_on:MBEDTLS_RSA_C pk_can_do_ext:1:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_SIGN_HASH:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):PSA_ALG_NONE:1024:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):PSA_KEY_USAGE_DERIVE:0 PK can do ext: RSA_PKCS1V15_SIGN(SHA256)/NONE, check RSA_PKCS1V15_SIGN(SHA256) -depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME +depends_on:MBEDTLS_RSA_C pk_can_do_ext:1:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_SIGN_HASH:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):PSA_ALG_NONE:1024:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):PSA_KEY_USAGE_SIGN_HASH:1 PK can do ext: NONE, RSA_PKCS1V15_SIGN(ANY), check RSA_PKCS1V15_SIGN(SHA256) -depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME +depends_on:MBEDTLS_RSA_C pk_can_do_ext:1:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_SIGN_HASH:PSA_ALG_NONE:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):1024:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):PSA_KEY_USAGE_SIGN_HASH:1 PK can do ext: NONE, RSA_PKCS1V15_SIGN(SHA256), check RSA_PKCS1V15_SIGN(SHA256) -depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME +depends_on:MBEDTLS_RSA_C pk_can_do_ext:1:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_SIGN_HASH:PSA_ALG_NONE:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):1024:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):PSA_KEY_USAGE_SIGN_HASH:1 PK can do ext: RSA_PKCS1V15_SIGN(SHA256)/NONE, invalid check RSA_PKCS1V15_SIGN(ANY) -depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME +depends_on:MBEDTLS_RSA_C pk_can_do_ext:1:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_SIGN_HASH:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):PSA_ALG_NONE:1024:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):PSA_KEY_USAGE_SIGN_HASH:0 PK can do ext: RSA_PKCS1V15_SIGN(SHA1)/NONE, invalid check RSA_PKCS1V15_SIGN(SHA256) -depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME +depends_on:MBEDTLS_RSA_C pk_can_do_ext:1:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_SIGN_HASH:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_1):PSA_ALG_NONE:1024:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):PSA_KEY_USAGE_SIGN_HASH:0 PK can do ext: RSA_PSS(ANY)/NONE, invalid check STREAM_CIPHER -depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME +depends_on:MBEDTLS_RSA_C pk_can_do_ext:1:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_SIGN_HASH:PSA_ALG_RSA_PSS(PSA_ALG_ANY_HASH):PSA_ALG_NONE:1024:PSA_ALG_STREAM_CIPHER:PSA_KEY_USAGE_SIGN_HASH:0 PK can do ext: RSA_PSS(ANY)/NONE, invalid check ECDSA(SHA256) -depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME +depends_on:MBEDTLS_RSA_C pk_can_do_ext:1:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_SIGN_HASH:PSA_ALG_RSA_PSS(PSA_ALG_ANY_HASH):PSA_ALG_NONE:1024:PSA_ALG_ECDSA(PSA_ALG_SHA_256):PSA_KEY_USAGE_SIGN_HASH:0 PK can do ext: RSA_PSS(ANY)/NONE, invalid check RSA_PKCS1V15_CRYPT -depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME +depends_on:MBEDTLS_RSA_C pk_can_do_ext:1:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_SIGN_HASH:PSA_ALG_RSA_PSS(PSA_ALG_ANY_HASH):PSA_ALG_NONE:1024:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_KEY_USAGE_SIGN_HASH:0 PK can do ext: RSA_PSS(ANY)/NONE, invalid check RSA_PKCS1V15_SIGN(SHA256) -depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME +depends_on:MBEDTLS_RSA_C pk_can_do_ext:1:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_SIGN_HASH:PSA_ALG_RSA_PSS(PSA_ALG_ANY_HASH):PSA_ALG_NONE:1024:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):PSA_KEY_USAGE_SIGN_HASH:0 PK can do ext: RSA_PSS(ANY)/NONE, check RSA_PSS(SHA256) -depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME +depends_on:MBEDTLS_RSA_C pk_can_do_ext:1:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_SIGN_HASH:PSA_ALG_RSA_PSS(PSA_ALG_ANY_HASH):PSA_ALG_NONE:1024:PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):PSA_KEY_USAGE_SIGN_HASH:1 PK can do ext: RSA_PSS(SHA256)/NONE, check RSA_PSS(SHA256) -depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME +depends_on:MBEDTLS_RSA_C pk_can_do_ext:1:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_SIGN_HASH:PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):PSA_ALG_NONE:1024:PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):PSA_KEY_USAGE_SIGN_HASH:1 PK can do ext: NONE, RSA_PSS(ANY), check RSA_PSS(SHA256) -depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME +depends_on:MBEDTLS_RSA_C pk_can_do_ext:1:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_SIGN_HASH:PSA_ALG_NONE:PSA_ALG_RSA_PSS(PSA_ALG_ANY_HASH):1024:PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):PSA_KEY_USAGE_SIGN_HASH:1 PK can do ext: NONE, RSA_PSS(SHA256), check RSA_PSS(SHA256) -depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME +depends_on:MBEDTLS_RSA_C pk_can_do_ext:1:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_SIGN_HASH:PSA_ALG_NONE:PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):1024:PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):PSA_KEY_USAGE_SIGN_HASH:1 PK can do ext: RSA_PSS(SHA256)/NONE, invalid check RSA_PSS(ANY) -depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME +depends_on:MBEDTLS_RSA_C pk_can_do_ext:1:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_SIGN_HASH:PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):PSA_ALG_NONE:1024:PSA_ALG_RSA_PSS(PSA_ALG_ANY_HASH):PSA_KEY_USAGE_SIGN_HASH:0 PK can do ext: RSA_PSS(SHA1)/NONE, invalid check RSA_PSS(SHA256) -depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME +depends_on:MBEDTLS_RSA_C pk_can_do_ext:1:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_SIGN_HASH:PSA_ALG_RSA_PSS(PSA_ALG_SHA_1):PSA_ALG_NONE:1024:PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):PSA_KEY_USAGE_SIGN_HASH:0 PK can do ext: RSA_PKCS1V15_SIGN_RAW/NONE, check RSA_PKCS1V15_SIGN_RAW -depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME +depends_on:MBEDTLS_RSA_C pk_can_do_ext:1:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_SIGN_HASH:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_ALG_NONE:1024:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_USAGE_SIGN_HASH:1 PK can do ext: RSA_PKCS1V15_SIGN_RAW/NONE, invalid check RSA_PKCS1V15_SIGN(SHA256) -depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME +depends_on:MBEDTLS_RSA_C pk_can_do_ext:1:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_SIGN_HASH:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_ALG_NONE:1024:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):PSA_KEY_USAGE_SIGN_HASH:0 PK can do ext: RSA_PKCS1V15_CRYPT/NONE, invalid check STREAM_CIPHER -depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME +depends_on:MBEDTLS_RSA_C pk_can_do_ext:1:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_ENCRYPT|PSA_KEY_USAGE_DECRYPT:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_ALG_NONE:1024:PSA_ALG_STREAM_CIPHER:PSA_KEY_USAGE_ENCRYPT|PSA_KEY_USAGE_DECRYPT:0 PK can do ext: RSA_PKCS1V15_CRYPT/NONE, invalid check ECDSA(SHA256) -depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME +depends_on:MBEDTLS_RSA_C pk_can_do_ext:1:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_ENCRYPT|PSA_KEY_USAGE_DECRYPT:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_ALG_NONE:1024:PSA_ALG_ECDSA(PSA_ALG_SHA_256):PSA_KEY_USAGE_ENCRYPT|PSA_KEY_USAGE_DECRYPT:0 PK can do ext: RSA_PKCS1V15_CRYPT/NONE, invalid check ECDH -depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME +depends_on:MBEDTLS_RSA_C pk_can_do_ext:1:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_ENCRYPT|PSA_KEY_USAGE_DECRYPT:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_ALG_NONE:1024:PSA_ALG_ECDH:PSA_KEY_USAGE_ENCRYPT|PSA_KEY_USAGE_DECRYPT:0 PK can do ext: RSA_PKCS1V15_CRYPT/NONE, invalid check RSA_PSS(SHA256) -depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME +depends_on:MBEDTLS_RSA_C pk_can_do_ext:1:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_ENCRYPT|PSA_KEY_USAGE_DECRYPT:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_ALG_NONE:1024:PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):PSA_KEY_USAGE_ENCRYPT|PSA_KEY_USAGE_DECRYPT:0 PK can do ext: RSA_PKCS1V15_CRYPT/NONE, invalid check RSA_PKCS1V15_SIGN(SHA256) -depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME +depends_on:MBEDTLS_RSA_C pk_can_do_ext:1:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_ENCRYPT|PSA_KEY_USAGE_DECRYPT:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_ALG_NONE:1024:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):PSA_KEY_USAGE_ENCRYPT|PSA_KEY_USAGE_DECRYPT:0 PK can do ext: RSA_PKCS1V15_CRYPT/NONE, check RSA_PKCS1V15_CRYPT -depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME +depends_on:MBEDTLS_RSA_C pk_can_do_ext:1:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_ENCRYPT|PSA_KEY_USAGE_DECRYPT:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_ALG_NONE:1024:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_KEY_USAGE_DECRYPT:1 PK can do ext: RSA_PKCS1V15_CRYPT/RSA_PSS(ANY), check RSA_PKCS1V15_CRYPT -depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME +depends_on:MBEDTLS_RSA_C pk_can_do_ext:1:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_ENCRYPT|PSA_KEY_USAGE_DECRYPT|PSA_KEY_USAGE_SIGN_HASH:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_ALG_RSA_PSS(PSA_ALG_ANY_HASH):1024:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_KEY_USAGE_DECRYPT:1 PK can do ext: RSA_PKCS1V15_CRYPT/RSA_PSS(ANY), check RSA_PSS(SHA256) -depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME +depends_on:MBEDTLS_RSA_C pk_can_do_ext:1:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_ENCRYPT|PSA_KEY_USAGE_DECRYPT|PSA_KEY_USAGE_SIGN_HASH:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_ALG_RSA_PSS(PSA_ALG_ANY_HASH):1024:PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):PSA_KEY_USAGE_DECRYPT:1 PK can do ext: RSA_PKCS1V15_CRYPT/RSA_PSS(ANY), check non allowed ENCRYPT usage -depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME +depends_on:MBEDTLS_RSA_C pk_can_do_ext:1:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_ENCRYPT|PSA_KEY_USAGE_DECRYPT|PSA_KEY_USAGE_SIGN_HASH:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_ALG_RSA_PSS(PSA_ALG_ANY_HASH):1024:PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):PSA_KEY_USAGE_ENCRYPT:0 PK can do ext: RSA_PKCS1V15_SIGN(ANY)/RSA_PSS(ANY), check RSA_PSS(SHA256) -depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME +depends_on:MBEDTLS_RSA_C pk_can_do_ext:1:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_SIGN_HASH:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):PSA_ALG_RSA_PSS(PSA_ALG_ANY_HASH):1024:PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):PSA_KEY_USAGE_SIGN_HASH:1 PK can do ext: RSA_PKCS1V15_SIGN(ANY)/RSA_PSS(ANY), check RSA_PKCS1V15_SIGN(SHA256) -depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME +depends_on:MBEDTLS_RSA_C pk_can_do_ext:1:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_SIGN_HASH:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):PSA_ALG_RSA_PSS(PSA_ALG_ANY_HASH):1024:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):PSA_KEY_USAGE_SIGN_HASH:1 PK can do ext: MBEDTLS_PK_ECKEY, check ECDSA(SHA256) @@ -311,19 +311,19 @@ depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_HAVE_SECP256R1 pk_can_do_ext:0:MBEDTLS_PK_ECKEY:0:0:0:MBEDTLS_ECP_DP_SECP256R1:PSA_ALG_ECDH:PSA_KEY_USAGE_DERIVE:1 PK can do ext: MBEDTLS_PK_RSA, check RSA_PKCS1V15_SIGN(SHA256) -depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME +depends_on:MBEDTLS_RSA_C pk_can_do_ext:0:MBEDTLS_PK_RSA:0:0:0:1024:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):PSA_KEY_USAGE_SIGN_HASH:1 PK can do ext: MBEDTLS_PK_RSA, check PSA_ALG_RSA_PKCS1V15_CRYPT -depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME +depends_on:MBEDTLS_RSA_C pk_can_do_ext:0:MBEDTLS_PK_RSA:0:0:0:1024:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_KEY_USAGE_DECRYPT:1 PK can do ext: MBEDTLS_PK_RSA, check invalid PSA_KEY_USAGE_ENCRYPT -depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME +depends_on:MBEDTLS_RSA_C pk_can_do_ext:0:MBEDTLS_PK_RSA:0:0:0:1024:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_KEY_USAGE_ENCRYPT:0 PK can do ext: MBEDTLS_PK_RSA, check RSA_PSS(SHA256) -depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME +depends_on:MBEDTLS_RSA_C pk_can_do_ext:0:MBEDTLS_PK_RSA:0:0:0:1024:PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):PSA_KEY_USAGE_SIGN_HASH:1 RSA verify test vector: PKCS1v1.5 (explicit), SHA1, good @@ -435,19 +435,19 @@ depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_HAVE_SECP192R1 pk_sign_verify:MBEDTLS_PK_ECKEY_DH:MBEDTLS_ECP_DP_SECP192R1:0:0:MBEDTLS_ERR_PK_TYPE_MISMATCH:MBEDTLS_ERR_PK_TYPE_MISMATCH RSA sign-verify, PKCS1v1.5, SHA1 -depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_GENPRIME:MBEDTLS_RSA_GEN_KEY_MIN_BITS >= 512:MBEDTLS_MD_CAN_SHA1 +depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_RSA_GEN_KEY_MIN_BITS >= 512:MBEDTLS_MD_CAN_SHA1 pk_sign_verify:MBEDTLS_PK_RSA:MBEDTLS_RSA_GEN_KEY_MIN_BITS:MBEDTLS_RSA_PKCS_V15:MBEDTLS_MD_SHA1:0:0 RSA sign-verify, PKCS1v2.1, SHA1 -depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V21:MBEDTLS_GENPRIME:MBEDTLS_RSA_GEN_KEY_MIN_BITS >= 512:MBEDTLS_MD_CAN_SHA1 +depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V21:MBEDTLS_RSA_GEN_KEY_MIN_BITS >= 512:MBEDTLS_MD_CAN_SHA1 pk_sign_verify:MBEDTLS_PK_RSA:MBEDTLS_RSA_GEN_KEY_MIN_BITS:MBEDTLS_RSA_PKCS_V21:MBEDTLS_MD_SHA1:0:0 RSA sign-verify, PKCS1v1.5, SHA256 -depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_GENPRIME:MBEDTLS_RSA_GEN_KEY_MIN_BITS >= 512:MBEDTLS_MD_CAN_SHA256 +depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_RSA_GEN_KEY_MIN_BITS >= 512:MBEDTLS_MD_CAN_SHA256 pk_sign_verify:MBEDTLS_PK_RSA:MBEDTLS_RSA_GEN_KEY_MIN_BITS:MBEDTLS_RSA_PKCS_V15:MBEDTLS_MD_SHA256:0:0 RSA sign-verify, PKCS1v2.1, SHA256 -depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V21:MBEDTLS_GENPRIME:MBEDTLS_RSA_GEN_KEY_MIN_BITS >= 512:MBEDTLS_MD_CAN_SHA256 +depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V21:MBEDTLS_RSA_GEN_KEY_MIN_BITS >= 512:MBEDTLS_MD_CAN_SHA256 pk_sign_verify:MBEDTLS_PK_RSA:MBEDTLS_RSA_GEN_KEY_MIN_BITS:MBEDTLS_RSA_PKCS_V21:MBEDTLS_MD_SHA256:0:0 RSA encrypt-decrypt test PKCS1 v1.5 @@ -507,7 +507,7 @@ depends_on:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_PK_CAN_ECDSA_SIGN pk_ec_nocrypt:MBEDTLS_PK_ECDSA RSA_ALT consistency -depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_GENPRIME:MBEDTLS_RSA_GEN_KEY_MIN_BITS >= 512 +depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_RSA_GEN_KEY_MIN_BITS >= 512 pk_rsa_alt: Verify ext RSA #1 (PKCS1 v2.1, salt_len = ANY, OK) @@ -688,11 +688,11 @@ depends_on:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_HAVE_BP512R1 pk_psa_sign:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_BRAINPOOL_P_R1):512:0 PSA wrapped sign: RSA PKCS1 v1.5 -depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_GENPRIME +depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 pk_psa_sign:PSA_KEY_TYPE_RSA_KEY_PAIR:1024:MBEDTLS_RSA_PKCS_V15 PSA wrapped sign: RSA PKCS1 v2.1 -depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V21:MBEDTLS_GENPRIME +depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V21 pk_psa_sign:PSA_KEY_TYPE_RSA_KEY_PAIR:1024:MBEDTLS_RSA_PKCS_V21 PK sign ext: RSA2048, PK_RSA, MD_SHA256 @@ -762,136 +762,136 @@ pk_get_psa_attributes_fail:MBEDTLS_PK_NONE:FROM_PUBLIC:PSA_KEY_USAGE_SIGN_MESSAG # Bad usage due to not specifying sign/crypt/derive. PSA attributes for pk: RSA usage=0 (bad) -depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME:MBEDTLS_PKCS1_V15 +depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 pk_get_psa_attributes_fail:MBEDTLS_PK_RSA:FROM_PAIR:0:MBEDTLS_ERR_PK_TYPE_MISMATCH # Bad usage due to not specifying sign/crypt/derive. PSA attributes for pk: RSA usage=EXPORT (bad) -depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME:MBEDTLS_PKCS1_V15 +depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 pk_get_psa_attributes_fail:MBEDTLS_PK_RSA:FROM_PAIR:PSA_KEY_USAGE_EXPORT:MBEDTLS_ERR_PK_TYPE_MISMATCH # This usage could make sense, but is not currently supported. PSA attributes for pk: RSA usage=DECRYPT|EXPORT (bad) -depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME:MBEDTLS_PKCS1_V15 +depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 pk_get_psa_attributes_fail:MBEDTLS_PK_RSA:FROM_PAIR:PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_EXPORT:MBEDTLS_ERR_PK_TYPE_MISMATCH # Bad usage due to specifying more than one of sign/crypt/derive. PSA attributes for pk: RSA usage=DECRYPT|SIGN_MESSAGE (bad) -depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME:MBEDTLS_PKCS1_V15 +depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 pk_get_psa_attributes_fail:MBEDTLS_PK_RSA:FROM_PAIR:PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_SIGN_MESSAGE:MBEDTLS_ERR_PK_TYPE_MISMATCH # This usage could make sense, but is not currently supported. PSA attributes for pk: RSA usage=SIGN_MESSAGE|SIGN_HASH (bad) -depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME:MBEDTLS_PKCS1_V15 +depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 pk_get_psa_attributes_fail:MBEDTLS_PK_RSA:FROM_PAIR:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_SIGN_HASH:MBEDTLS_ERR_PK_TYPE_MISMATCH # This usage could make sense, but is not currently supported. PSA attributes for pk: RSA usage=SIGN_MESSAGE|VERIFY_MESSAGE (bad) -depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME:MBEDTLS_PKCS1_V15 +depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 pk_get_psa_attributes_fail:MBEDTLS_PK_RSA:FROM_PAIR:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE:MBEDTLS_ERR_PK_TYPE_MISMATCH PSA attributes for pk: RSA v15 pair DECRYPT -depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME:MBEDTLS_PKCS1_V15 +depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 pk_get_psa_attributes:MBEDTLS_PK_RSA:FROM_PAIR:PSA_KEY_USAGE_DECRYPT:1:PSA_ALG_RSA_PKCS1V15_CRYPT PSA attributes for pk: RSA v21 SHA-256 pair DECRYPT -depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME:MBEDTLS_PKCS1_V21:MBEDTLS_MD_CAN_SHA256 +depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V21:MBEDTLS_MD_CAN_SHA256 pk_rsa_v21_get_psa_attributes:MBEDTLS_MD_SHA256:FROM_PAIR:PSA_KEY_USAGE_DECRYPT:1:PSA_ALG_RSA_OAEP(PSA_ALG_SHA_256) PSA attributes for pk: RSA v21 SHA-512 pair DECRYPT -depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME:MBEDTLS_PKCS1_V21:MBEDTLS_MD_CAN_SHA512 +depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V21:MBEDTLS_MD_CAN_SHA512 pk_rsa_v21_get_psa_attributes:MBEDTLS_MD_SHA512:FROM_PAIR:PSA_KEY_USAGE_DECRYPT:1:PSA_ALG_RSA_OAEP(PSA_ALG_SHA_512) PSA attributes for pk: RSA v15 pair->public ENCRYPT -depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME:MBEDTLS_PKCS1_V15 +depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 pk_get_psa_attributes:MBEDTLS_PK_RSA:FROM_PAIR:PSA_KEY_USAGE_ENCRYPT:0:PSA_ALG_RSA_PKCS1V15_CRYPT PSA attributes for pk: RSA v21 SHA-256 pair->public ENCRYPT -depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME:MBEDTLS_PKCS1_V21:MBEDTLS_MD_CAN_SHA256 +depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V21:MBEDTLS_MD_CAN_SHA256 pk_rsa_v21_get_psa_attributes:MBEDTLS_MD_SHA256:FROM_PAIR:PSA_KEY_USAGE_ENCRYPT:0:PSA_ALG_RSA_OAEP(PSA_ALG_SHA_256) PSA attributes for pk: RSA v21 SHA-512 pair->public ENCRYPT -depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME:MBEDTLS_PKCS1_V21:MBEDTLS_MD_CAN_SHA512 +depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V21:MBEDTLS_MD_CAN_SHA512 pk_rsa_v21_get_psa_attributes:MBEDTLS_MD_SHA512:FROM_PAIR:PSA_KEY_USAGE_ENCRYPT:0:PSA_ALG_RSA_OAEP(PSA_ALG_SHA_512) PSA attributes for pk: RSA v15 public ENCRYPT -depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME:MBEDTLS_PKCS1_V15 +depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 pk_get_psa_attributes:MBEDTLS_PK_RSA:FROM_PUBLIC:PSA_KEY_USAGE_ENCRYPT:0:PSA_ALG_RSA_PKCS1V15_CRYPT PSA attributes for pk: RSA v21 SHA-256 public ENCRYPT -depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME:MBEDTLS_PKCS1_V21:MBEDTLS_MD_CAN_SHA256 +depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V21:MBEDTLS_MD_CAN_SHA256 pk_rsa_v21_get_psa_attributes:MBEDTLS_MD_SHA256:FROM_PUBLIC:PSA_KEY_USAGE_ENCRYPT:0:PSA_ALG_RSA_OAEP(PSA_ALG_SHA_256) PSA attributes for pk: RSA v21 SHA-512 public ENCRYPT -depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME:MBEDTLS_PKCS1_V21:MBEDTLS_MD_CAN_SHA512 +depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V21:MBEDTLS_MD_CAN_SHA512 pk_rsa_v21_get_psa_attributes:MBEDTLS_MD_SHA512:FROM_PUBLIC:PSA_KEY_USAGE_ENCRYPT:0:PSA_ALG_RSA_OAEP(PSA_ALG_SHA_512) PSA attributes for pk: RSA v15 public DECRYPT (bad) -depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME:MBEDTLS_PKCS1_V15 +depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 pk_get_psa_attributes_fail:MBEDTLS_PK_RSA:FROM_PUBLIC:PSA_KEY_USAGE_DECRYPT:MBEDTLS_ERR_PK_TYPE_MISMATCH PSA attributes for pk: RSA v15 pair SIGN_MESSAGE -depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME:MBEDTLS_PKCS1_V15 +depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 pk_get_psa_attributes:MBEDTLS_PK_RSA:FROM_PAIR:PSA_KEY_USAGE_SIGN_MESSAGE:1:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH) PSA attributes for pk: RSA v21 SHA-256 pair SIGN_MESSAGE -depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME:MBEDTLS_PKCS1_V21 +depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V21 pk_rsa_v21_get_psa_attributes:MBEDTLS_MD_NONE:FROM_PAIR:PSA_KEY_USAGE_SIGN_MESSAGE:1:PSA_ALG_RSA_PSS_ANY_SALT(PSA_ALG_ANY_HASH) PSA attributes for pk: RSA v15 pair SIGN_HASH -depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME:MBEDTLS_PKCS1_V15 +depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 pk_get_psa_attributes:MBEDTLS_PK_RSA:FROM_PAIR:PSA_KEY_USAGE_SIGN_HASH:1:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH) PSA attributes for pk: RSA v21 SHA-256 pair SIGN_HASH -depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME:MBEDTLS_PKCS1_V21 +depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V21 pk_rsa_v21_get_psa_attributes:MBEDTLS_MD_NONE:FROM_PAIR:PSA_KEY_USAGE_SIGN_HASH:1:PSA_ALG_RSA_PSS_ANY_SALT(PSA_ALG_ANY_HASH) PSA attributes for pk: RSA v15 pair->public VERIFY_MESSAGE -depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME:MBEDTLS_PKCS1_V15 +depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 pk_get_psa_attributes:MBEDTLS_PK_RSA:FROM_PAIR:PSA_KEY_USAGE_VERIFY_MESSAGE:0:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH) PSA attributes for pk: RSA v21 SHA-256 pair->public VERIFY_MESSAGE -depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME:MBEDTLS_PKCS1_V21 +depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V21 pk_rsa_v21_get_psa_attributes:MBEDTLS_MD_NONE:FROM_PAIR:PSA_KEY_USAGE_VERIFY_MESSAGE:0:PSA_ALG_RSA_PSS_ANY_SALT(PSA_ALG_ANY_HASH) PSA attributes for pk: RSA v15 pair->public VERIFY_HASH -depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME:MBEDTLS_PKCS1_V15 +depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 pk_get_psa_attributes:MBEDTLS_PK_RSA:FROM_PAIR:PSA_KEY_USAGE_VERIFY_HASH:0:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH) PSA attributes for pk: RSA v21 SHA-256 pair->public VERIFY_HASH -depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME:MBEDTLS_PKCS1_V21 +depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V21 pk_rsa_v21_get_psa_attributes:MBEDTLS_MD_NONE:FROM_PAIR:PSA_KEY_USAGE_VERIFY_HASH:0:PSA_ALG_RSA_PSS_ANY_SALT(PSA_ALG_ANY_HASH) PSA attributes for pk: RSA v15 public VERIFY_MESSAGE -depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME:MBEDTLS_PKCS1_V15 +depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 pk_get_psa_attributes:MBEDTLS_PK_RSA:FROM_PUBLIC:PSA_KEY_USAGE_VERIFY_MESSAGE:0:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH) PSA attributes for pk: RSA v21 SHA-256 public VERIFY_MESSAGE -depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME:MBEDTLS_PKCS1_V21 +depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V21 pk_rsa_v21_get_psa_attributes:MBEDTLS_MD_NONE:FROM_PUBLIC:PSA_KEY_USAGE_VERIFY_MESSAGE:0:PSA_ALG_RSA_PSS_ANY_SALT(PSA_ALG_ANY_HASH) PSA attributes for pk: RSA v15 public VERIFY_HASH -depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME:MBEDTLS_PKCS1_V15 +depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 pk_get_psa_attributes:MBEDTLS_PK_RSA:FROM_PUBLIC:PSA_KEY_USAGE_VERIFY_HASH:0:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH) PSA attributes for pk: RSA v21 SHA-256 public VERIFY_HASH -depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME:MBEDTLS_PKCS1_V21 +depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V21 pk_rsa_v21_get_psa_attributes:MBEDTLS_MD_NONE:FROM_PUBLIC:PSA_KEY_USAGE_VERIFY_HASH:0:PSA_ALG_RSA_PSS_ANY_SALT(PSA_ALG_ANY_HASH) PSA attributes for pk: RSA v15 public SIGN_MESSAGE (bad) -depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME:MBEDTLS_PKCS1_V15 +depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 pk_get_psa_attributes_fail:MBEDTLS_PK_RSA:FROM_PUBLIC:PSA_KEY_USAGE_SIGN_MESSAGE:MBEDTLS_ERR_PK_TYPE_MISMATCH PSA attributes for pk: RSA v15 public SIGN_HASH (bad) -depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME:MBEDTLS_PKCS1_V15 +depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 pk_get_psa_attributes_fail:MBEDTLS_PK_RSA:FROM_PUBLIC:PSA_KEY_USAGE_SIGN_HASH:MBEDTLS_ERR_PK_TYPE_MISMATCH PSA attributes for pk: RSA v15 pair DERIVE (bad) -depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME:MBEDTLS_PKCS1_V15 +depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 pk_get_psa_attributes_fail:MBEDTLS_PK_RSA:FROM_PAIR:PSA_KEY_USAGE_DERIVE:MBEDTLS_ERR_PK_TYPE_MISMATCH PSA attributes for pk: RSA v15 public DERIVE (bad) -depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME:MBEDTLS_PKCS1_V15 +depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 pk_get_psa_attributes_fail:MBEDTLS_PK_RSA:FROM_PUBLIC:PSA_KEY_USAGE_DERIVE:MBEDTLS_ERR_PK_TYPE_MISMATCH PSA attributes for pk: ECKEY pair DECRYPT (bad) @@ -1063,163 +1063,163 @@ depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE pk_get_psa_attributes_fail:MBEDTLS_PK_ECKEY_DH:FROM_PUBLIC:PSA_KEY_USAGE_VERIFY_HASH:MBEDTLS_ERR_PK_TYPE_MISMATCH PSA attributes for pk: opaque RSA pair, 0 & SIGN_MESSAGE (bad policy) -depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME +depends_on:MBEDTLS_RSA_C pk_get_psa_attributes_opaque:PSA_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_RSA_GEN_KEY_MIN_BITS:0:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_USAGE_SIGN_MESSAGE:MBEDTLS_ERR_PK_TYPE_MISMATCH:1:0 PSA attributes for pk: opaque RSA pair, SIGN_MESSAGE & SIGN_MESSAGE -depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME +depends_on:MBEDTLS_RSA_C pk_get_psa_attributes_opaque:PSA_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_RSA_GEN_KEY_MIN_BITS:PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_USAGE_SIGN_MESSAGE:0:1:PSA_KEY_USAGE_SIGN_MESSAGE PSA attributes for pk: opaque RSA pair, SIGN|VERIFY & SIGN_MESSAGE -depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME +depends_on:MBEDTLS_RSA_C pk_get_psa_attributes_opaque:PSA_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_RSA_GEN_KEY_MIN_BITS:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_USAGE_SIGN_MESSAGE:0:1:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE PSA attributes for pk: opaque RSA pair, SIGN|DECRYPT & SIGN_MESSAGE -depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME +depends_on:MBEDTLS_RSA_C pk_get_psa_attributes_opaque:PSA_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_RSA_GEN_KEY_MIN_BITS:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_DECRYPT:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_USAGE_SIGN_MESSAGE:0:1:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_DECRYPT # For a PK_OPAQUE key with a key pair type output, # mbedtls_pk_import_into_psa() requires the key to be copyable or exportable. # Try all combinations of COPY/not, EXPORT/not. PSA attributes for pk: opaque RSA pair, SIGN|... & SIGN_MESSAGE -depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME +depends_on:MBEDTLS_RSA_C pk_get_psa_attributes_opaque:PSA_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_RSA_GEN_KEY_MIN_BITS:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_ENCRYPT:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_USAGE_SIGN_MESSAGE:0:1:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_ENCRYPT PSA attributes for pk: opaque RSA pair, SIGN|EXPORT|... & SIGN_MESSAGE -depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME +depends_on:MBEDTLS_RSA_C pk_get_psa_attributes_opaque:PSA_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_RSA_GEN_KEY_MIN_BITS:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_ENCRYPT:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_USAGE_SIGN_MESSAGE:0:1:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_ENCRYPT PSA attributes for pk: opaque RSA pair, SIGN|COPY|... & SIGN_MESSAGE -depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME +depends_on:MBEDTLS_RSA_C pk_get_psa_attributes_opaque:PSA_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_RSA_GEN_KEY_MIN_BITS:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_ENCRYPT:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_USAGE_SIGN_MESSAGE:0:1:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_ENCRYPT PSA attributes for pk: opaque RSA pair, SIGN|COPY|EXPORT... & SIGN_MESSAGE -depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME +depends_on:MBEDTLS_RSA_C pk_get_psa_attributes_opaque:PSA_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_RSA_GEN_KEY_MIN_BITS:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_ENCRYPT:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_USAGE_SIGN_MESSAGE:0:1:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_ENCRYPT PSA attributes for pk: opaque RSA pair, SIGN_MESSAGE & SIGN_HASH (bad policy) -depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME +depends_on:MBEDTLS_RSA_C pk_get_psa_attributes_opaque:PSA_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_RSA_GEN_KEY_MIN_BITS:PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_USAGE_SIGN_HASH:MBEDTLS_ERR_PK_TYPE_MISMATCH:1:0 # For a PK_OPAQUE key, mbedtls_pk_get_psa_attributes() ignores the input # key's algorithm policy. Just this time, test with a few different algorithms. PSA attributes for pk: opaque RSA pair, SIGN_HASH & SIGN_HASH [0] -depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME +depends_on:MBEDTLS_RSA_C pk_get_psa_attributes_opaque:PSA_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_RSA_GEN_KEY_MIN_BITS:PSA_KEY_USAGE_SIGN_HASH:PSA_ALG_NONE:PSA_KEY_USAGE_SIGN_HASH:0:1:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE PSA attributes for pk: opaque RSA pair, SIGN_HASH & SIGN_HASH [raw] -depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME +depends_on:MBEDTLS_RSA_C pk_get_psa_attributes_opaque:PSA_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_RSA_GEN_KEY_MIN_BITS:PSA_KEY_USAGE_SIGN_HASH:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_USAGE_SIGN_HASH:0:1:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE PSA attributes for pk: opaque RSA pair, SIGN_HASH & SIGN_HASH [v15] -depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME +depends_on:MBEDTLS_RSA_C pk_get_psa_attributes_opaque:PSA_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_RSA_GEN_KEY_MIN_BITS:PSA_KEY_USAGE_SIGN_HASH:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_USAGE_SIGN_HASH:0:1:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE PSA attributes for pk: opaque RSA pair, SIGN_HASH & SIGN_HASH [PSS] -depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME +depends_on:MBEDTLS_RSA_C pk_get_psa_attributes_opaque:PSA_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_RSA_GEN_KEY_MIN_BITS:PSA_KEY_USAGE_SIGN_HASH:PSA_ALG_RSA_PSS_ANY_SALT(PSA_ALG_SHA_256):PSA_KEY_USAGE_SIGN_HASH:0:1:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE PSA attributes for pk: opaque RSA pair, 0 & DECRYPT (bad policy) -depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME +depends_on:MBEDTLS_RSA_C pk_get_psa_attributes_opaque:PSA_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_RSA_GEN_KEY_MIN_BITS:0:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_KEY_USAGE_DECRYPT:MBEDTLS_ERR_PK_TYPE_MISMATCH:1:0 PSA attributes for pk: opaque RSA pair, DECRYPT & DECRYPT -depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME +depends_on:MBEDTLS_RSA_C pk_get_psa_attributes_opaque:PSA_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_RSA_GEN_KEY_MIN_BITS:PSA_KEY_USAGE_DECRYPT:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_KEY_USAGE_DECRYPT:0:1:PSA_KEY_USAGE_DECRYPT PSA attributes for pk: opaque RSA pair, DECRYPT|... & DECRYPT -depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME +depends_on:MBEDTLS_RSA_C pk_get_psa_attributes_opaque:PSA_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_RSA_GEN_KEY_MIN_BITS:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_ENCRYPT:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_KEY_USAGE_DECRYPT:0:1:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_ENCRYPT PSA attributes for pk: opaque RSA pair, ... & DERIVE (bad) -depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME +depends_on:MBEDTLS_RSA_C pk_get_psa_attributes_opaque:PSA_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_RSA_GEN_KEY_MIN_BITS:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_ENCRYPT:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_KEY_USAGE_DERIVE:MBEDTLS_ERR_PK_TYPE_MISMATCH:1:0 PSA attributes for pk: opaque RSA pair, ... & EXPORT (bad) -depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME +depends_on:MBEDTLS_RSA_C pk_get_psa_attributes_opaque:PSA_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_RSA_GEN_KEY_MIN_BITS:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_ENCRYPT:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_KEY_USAGE_EXPORT:MBEDTLS_ERR_PK_TYPE_MISMATCH:1:0 PSA attributes for pk: opaque RSA pair->public, VERIFY_MESSAGE & VERIFY_MESSAGE -depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME +depends_on:MBEDTLS_RSA_C pk_get_psa_attributes_opaque:PSA_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_RSA_GEN_KEY_MIN_BITS:PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_USAGE_VERIFY_MESSAGE:0:0:PSA_KEY_USAGE_VERIFY_MESSAGE PSA attributes for pk: opaque RSA pair->public, VERIFY_HASH & VERIFY_HASH -depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME +depends_on:MBEDTLS_RSA_C pk_get_psa_attributes_opaque:PSA_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_RSA_GEN_KEY_MIN_BITS:PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_USAGE_VERIFY_HASH:0:0:PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE PSA attributes for pk: opaque RSA pair->public, ENCRYPT & ENCRYPT -depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME +depends_on:MBEDTLS_RSA_C pk_get_psa_attributes_opaque:PSA_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_RSA_GEN_KEY_MIN_BITS:PSA_KEY_USAGE_ENCRYPT:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_KEY_USAGE_ENCRYPT:0:0:PSA_KEY_USAGE_ENCRYPT PSA attributes for pk: opaque ECC pair, 0 & SIGN_MESSAGE (bad policy) -depends_on:PSA_WANT_ECC_SECP_R1_256 +depends_on:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_PK_HAVE_ECC_KEYS pk_get_psa_attributes_opaque:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):256:0:PSA_ALG_ECDSA_ANY:PSA_KEY_USAGE_SIGN_MESSAGE:MBEDTLS_ERR_PK_TYPE_MISMATCH:1:0 PSA attributes for pk: opaque ECC pair, SIGN_MESSAGE & SIGN_MESSAGE -depends_on:PSA_WANT_ECC_SECP_R1_256 +depends_on:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_PK_HAVE_ECC_KEYS pk_get_psa_attributes_opaque:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):256:PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_ECDSA_ANY:PSA_KEY_USAGE_SIGN_MESSAGE:0:1:PSA_KEY_USAGE_SIGN_MESSAGE PSA attributes for pk: opaque ECC pair, SIGN|VERIFY & SIGN_MESSAGE -depends_on:PSA_WANT_ECC_SECP_R1_256 +depends_on:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_PK_HAVE_ECC_KEYS pk_get_psa_attributes_opaque:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):256:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_ECDSA_ANY:PSA_KEY_USAGE_SIGN_MESSAGE:0:1:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE PSA attributes for pk: opaque ECC pair, SIGN|DECRYPT & SIGN_MESSAGE -depends_on:PSA_WANT_ECC_SECP_R1_256 +depends_on:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_PK_HAVE_ECC_KEYS pk_get_psa_attributes_opaque:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):256:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_DECRYPT:PSA_ALG_ECDSA_ANY:PSA_KEY_USAGE_SIGN_MESSAGE:0:1:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_DECRYPT PSA attributes for pk: opaque ECC pair, SIGN|... & SIGN_MESSAGE -depends_on:PSA_WANT_ECC_SECP_R1_256 +depends_on:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_PK_HAVE_ECC_KEYS pk_get_psa_attributes_opaque:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):256:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_ENCRYPT:PSA_ALG_ECDSA_ANY:PSA_KEY_USAGE_SIGN_MESSAGE:0:1:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_ENCRYPT PSA attributes for pk: opaque ECC pair, SIGN_HASH & SIGN_HASH -depends_on:PSA_WANT_ECC_SECP_R1_256 +depends_on:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_PK_HAVE_ECC_KEYS pk_get_psa_attributes_opaque:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):256:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_ECDSA_ANY:PSA_KEY_USAGE_SIGN_HASH:0:1:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE PSA attributes for pk: opaque ECC pair, ... & DERIVE -depends_on:PSA_WANT_ECC_SECP_R1_256 +depends_on:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_PK_HAVE_ECC_KEYS pk_get_psa_attributes_opaque:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):256:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDH:PSA_KEY_USAGE_DERIVE:0:1:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DERIVE PSA attributes for pk: opaque ECC pair, ... & DECRYPT (bad) -depends_on:PSA_WANT_ECC_SECP_R1_256 +depends_on:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_PK_HAVE_ECC_KEYS pk_get_psa_attributes_opaque:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):256:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDH:PSA_KEY_USAGE_DECRYPT:MBEDTLS_ERR_PK_TYPE_MISMATCH:1:0 PSA attributes for pk: opaque ECC pair, ... & EXPORT (bad) -depends_on:PSA_WANT_ECC_SECP_R1_256 +depends_on:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_PK_HAVE_ECC_KEYS pk_get_psa_attributes_opaque:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):256:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_ENCRYPT:PSA_ALG_ECDH:PSA_KEY_USAGE_EXPORT:MBEDTLS_ERR_PK_TYPE_MISMATCH:1:0 PSA attributes for pk: opaque ECC pair->public, VERIFY_MESSAGE & VERIFY_MESSAGE -depends_on:PSA_WANT_ECC_SECP_R1_256 +depends_on:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_PK_HAVE_ECC_KEYS pk_get_psa_attributes_opaque:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):256:PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_ECDSA_ANY:PSA_KEY_USAGE_VERIFY_MESSAGE:0:0:PSA_KEY_USAGE_VERIFY_MESSAGE PSA attributes for pk: opaque ECC pair->public, VERIFY_HASH & VERIFY_HASH -depends_on:PSA_WANT_ECC_SECP_R1_256 +depends_on:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_PK_HAVE_ECC_KEYS pk_get_psa_attributes_opaque:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):256:PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_ECDSA_ANY:PSA_KEY_USAGE_VERIFY_HASH:0:0:PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE PSA attributes for pk: opaque ECC pair->public, ENCRYPT & ENCRYPT (bad) -depends_on:PSA_WANT_ECC_SECP_R1_256 +depends_on:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_PK_HAVE_ECC_KEYS pk_get_psa_attributes_opaque:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):256:PSA_KEY_USAGE_ENCRYPT:PSA_ALG_ECDSA_ANY:PSA_KEY_USAGE_ENCRYPT:MBEDTLS_ERR_PK_TYPE_MISMATCH:0:0 PSA import into PSA: RSA pair to ECC (bad) -depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME +depends_on:MBEDTLS_RSA_C pk_import_into_psa_fail:MBEDTLS_PK_RSA:FROM_PAIR:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):0:MBEDTLS_ERR_PK_TYPE_MISMATCH PSA import into PSA: RSA public to RSA pair (bad) -depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME +depends_on:MBEDTLS_RSA_C pk_import_into_psa_fail:MBEDTLS_PK_RSA:FROM_PUBLIC:PSA_KEY_TYPE_RSA_KEY_PAIR:0:MBEDTLS_ERR_RSA_BAD_INPUT_DATA # MBEDTLS_ERR_PK_INVALID_ALG is the error that results from our translation # of PSA errors. In this case MBEDTLS_ERR_PK_TYPE_MISMATCH would probably # be more appropriate. (Applies to all the RSA "different bits" test cases.) PSA import into PSA: RSA pair to different bits (bad) -depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME +depends_on:MBEDTLS_RSA_C pk_import_into_psa_fail:MBEDTLS_PK_RSA:FROM_PAIR:PSA_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_RSA_GEN_KEY_MIN_BITS + 8:MBEDTLS_ERR_PK_INVALID_ALG PSA import into PSA: RSA public to different bits (bad) -depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME +depends_on:MBEDTLS_RSA_C pk_import_into_psa_fail:MBEDTLS_PK_RSA:FROM_PUBLIC:PSA_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_RSA_GEN_KEY_MIN_BITS + 8:MBEDTLS_ERR_PK_INVALID_ALG PSA import into PSA: RSA private to public, different bits (bad) -depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME +depends_on:MBEDTLS_RSA_C pk_import_into_psa_fail:MBEDTLS_PK_RSA:FROM_PAIR:PSA_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_RSA_GEN_KEY_MIN_BITS + 8:MBEDTLS_ERR_PK_INVALID_ALG PSA import into PSA: ECKEY pair to RSA (bad) diff --git a/tests/suites/test_suite_pk.function b/tests/suites/test_suite_pk.function index 2fa1244ce3..53eeea931a 100644 --- a/tests/suites/test_suite_pk.function +++ b/tests/suites/test_suite_pk.function @@ -184,8 +184,6 @@ #define MBEDTLS_MD_ALG_FOR_TEST MBEDTLS_MD_SHA512 #endif -#if defined(MBEDTLS_PK_PARSE_C) - #include <../src/test_keys.h> struct key_lut_element { int curve_or_keybits; @@ -229,6 +227,7 @@ static int get_predefined_key_data(int curve_or_keybits, return MBEDTLS_ERR_PK_BAD_INPUT_DATA; } +#if defined(MBEDTLS_PK_PARSE_C) /** Fill the provided PK context with a proper key. * * This is a fake implementation of key generation because instead of generating @@ -239,13 +238,13 @@ static int get_predefined_key_data(int curve_or_keybits, * * \param pk The PK object to fill. It must have been initialized * (mbedtls_pk_init()), but not setup (mbedtls_pk_setup()). - * \param pk_info mbedtls_pk_info_t to use in the generated PK context. + * \param pk_type mbedtls_pk_type_t to use in the PK context. * \param curve_or_keybits - For RSA keys, the key size in bits. * - For EC keys, the curve (\c MBEDTLS_ECP_DP_xxx). * * \return 0 on success or a negative value otherwise. */ -static int pk_genkey(mbedtls_pk_context *pk, const mbedtls_pk_info_t *pk_info, int curve_or_keybits) +static int pk_genkey(mbedtls_pk_context *pk, mbedtls_pk_type_t pk_type, int curve_or_keybits) { const unsigned char *key_data = NULL; size_t key_data_len = 0; @@ -255,12 +254,13 @@ static int pk_genkey(mbedtls_pk_context *pk, const mbedtls_pk_info_t *pk_info, i TEST_EQUAL(mbedtls_pk_parse_key(pk, key_data, key_data_len, NULL, 0, mbedtls_test_rnd_std_rand, NULL), 0); /* Override pk_info. */ - pk->pk_info = pk_info; + pk->pk_info = mbedtls_pk_info_from_type(pk_type); ret = 0; exit: return ret; } +#endif /* MBEDTLS_PK_PARSE_C */ #if defined(MBEDTLS_PSA_CRYPTO_CLIENT) /** Create a PSA key of the desired type and properties. @@ -303,6 +303,7 @@ psa_status_t pk_psa_genkey(psa_key_type_t type, size_t bits, key_data_start = (unsigned char *) key_data; key_data_len = key_data_size; } else { +#if defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) mbedtls_ecp_group_id grp_id; grp_id = mbedtls_ecc_group_from_psa(PSA_KEY_TYPE_ECC_GET_FAMILY(type), bits); TEST_EQUAL(get_predefined_key_data(grp_id, &key_data, &key_data_size), 0); @@ -315,9 +316,16 @@ psa_status_t pk_psa_genkey(psa_key_type_t type, size_t bits, TEST_EQUAL(mbedtls_asn1_get_tag(&p, end, &len, MBEDTLS_ASN1_SEQUENCE | MBEDTLS_ASN1_CONSTRUCTED), 0); TEST_EQUAL(mbedtls_asn1_get_int(&p, end, &version), 0); + if ((grp_id == MBEDTLS_ECP_DP_CURVE25519) || (grp_id == MBEDTLS_ECP_DP_CURVE448)) { + TEST_EQUAL(mbedtls_asn1_get_tag(&p, end, &len, MBEDTLS_ASN1_SEQUENCE | + MBEDTLS_ASN1_CONSTRUCTED), 0); + p += len; + TEST_EQUAL(mbedtls_asn1_get_tag(&p, end, &len, MBEDTLS_ASN1_OCTET_STRING), 0); + } TEST_EQUAL(mbedtls_asn1_get_tag(&p, end, &len, MBEDTLS_ASN1_OCTET_STRING), 0); key_data_start = p; key_data_len = len; +#endif /* PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY */ } /* Import the key into PSA. */ @@ -336,9 +344,9 @@ exit: return status; } #endif /* MBEDTLS_PSA_CRYPTO_CLIENT */ -#endif /* MBEDTLS_PK_PARSE_C */ #if defined(MBEDTLS_PSA_CRYPTO_C) +#if defined(MBEDTLS_PK_PARSE_C) static psa_key_usage_t pk_get_psa_attributes_implied_usage( psa_key_usage_t expected_usage) { @@ -362,6 +370,7 @@ static psa_key_usage_t pk_get_psa_attributes_implied_usage( expected_usage |= PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_COPY; return expected_usage; } +#endif /* MBEDTLS_PK_PARSE_C */ #define RSA_WRITE_PUBKEY_MAX_SIZE \ PSA_KEY_EXPORT_RSA_PUBLIC_KEY_MAX_SIZE(PSA_VENDOR_RSA_MAX_KEY_BITS) @@ -473,7 +482,7 @@ typedef enum { FROM_PAIR = 1 } from_pair_t; -#if defined(MBEDTLS_PSA_CRYPTO_C) +#if defined(MBEDTLS_PSA_CRYPTO_C) && defined(MBEDTLS_PK_PARSE_C) static int pk_setup_for_type(mbedtls_pk_type_t pk_type, int want_pair, mbedtls_pk_context *pk, psa_key_type_t *psa_type) { @@ -487,20 +496,13 @@ static int pk_setup_for_type(mbedtls_pk_type_t pk_type, int want_pair, { TEST_EQUAL(mbedtls_pk_setup(pk, mbedtls_pk_info_from_type(pk_type)), 0); *psa_type = PSA_KEY_TYPE_RSA_KEY_PAIR; - mbedtls_rsa_context *rsa = mbedtls_pk_rsa(*pk); if (want_pair) { -#if defined(MBEDTLS_GENPRIME) - TEST_EQUAL(mbedtls_rsa_gen_key( - rsa, - mbedtls_test_rnd_std_rand, NULL, - MBEDTLS_RSA_GEN_KEY_MIN_BITS, 65537), 0); -#else - TEST_FAIL("I don't know how to create an RSA key pair in this configuration."); -#endif + TEST_EQUAL(pk_genkey(pk, pk_type, MBEDTLS_RSA_GEN_KEY_MIN_BITS), 0); } else { unsigned char N[PSA_BITS_TO_BYTES(MBEDTLS_RSA_GEN_KEY_MIN_BITS)] = { 0xff }; N[sizeof(N) - 1] = 0x03; const unsigned char E[1] = { 0x03 }; + mbedtls_rsa_context *rsa = mbedtls_pk_rsa(*pk); TEST_EQUAL(mbedtls_rsa_import_raw(rsa, N, sizeof(N), NULL, 0, NULL, 0, NULL, 0, @@ -519,7 +521,7 @@ static int pk_setup_for_type(mbedtls_pk_type_t pk_type, int want_pair, mbedtls_ecp_group_id grp_id = MBEDTLS_TEST_ECP_DP_ONE_CURVE; size_t bits; *psa_type = PSA_KEY_TYPE_ECC_KEY_PAIR(mbedtls_ecc_group_to_psa(grp_id, &bits)); - TEST_EQUAL(pk_genkey(pk, mbedtls_pk_info_from_type(pk_type), grp_id), 0); + TEST_EQUAL(pk_genkey(pk, pk_type, grp_id), 0); if (!want_pair) { #if defined(MBEDTLS_PK_USE_PSA_EC_DATA) psa_key_attributes_t pub_attributes = PSA_KEY_ATTRIBUTES_INIT; @@ -555,7 +557,7 @@ static int pk_setup_for_type(mbedtls_pk_type_t pk_type, int want_pair, exit: return MBEDTLS_ERR_ERROR_GENERIC_ERROR; } -#endif +#endif /* MBEDTLS_PSA_CRYPTO_C && MBEDTLS_PK_PARSE_C */ #if defined(MBEDTLS_PSA_CRYPTO_C) /* Create a new PSA key which will contain only the public part of the private @@ -757,7 +759,7 @@ exit: } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_USE_PSA_CRYPTO */ +/* BEGIN_CASE depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PK_PARSE_C */ void pk_can_do_ext(int opaque_key, int key_type, int key_usage, int key_alg, int key_alg2, int curve_or_keybits, int alg_check, int usage_check, int result) @@ -780,7 +782,7 @@ void pk_can_do_ext(int opaque_key, int key_type, int key_usage, int key_alg, TEST_EQUAL(mbedtls_pk_get_type(&pk), MBEDTLS_PK_OPAQUE); } else { - TEST_EQUAL(pk_genkey(&pk, mbedtls_pk_info_from_type(key_type), curve_or_keybits), 0); + TEST_EQUAL(pk_genkey(&pk, key_type, curve_or_keybits), 0); TEST_EQUAL(mbedtls_pk_get_type(&pk), key_type); } @@ -974,7 +976,7 @@ exit: } /* END_CASE */ -/* BEGIN_CASE */ +/* BEGIN_CASE depends_on:MBEDTLS_PK_PARSE_C */ void pk_utils(int type, int curve_or_keybits, int bitlen, int len, char *name) { mbedtls_pk_context pk; @@ -982,7 +984,7 @@ void pk_utils(int type, int curve_or_keybits, int bitlen, int len, char *name) mbedtls_pk_init(&pk); USE_PSA_INIT(); - TEST_ASSERT(pk_genkey(&pk, mbedtls_pk_info_from_type(type), curve_or_keybits) == 0); + TEST_ASSERT(pk_genkey(&pk, type, curve_or_keybits) == 0); TEST_ASSERT((int) mbedtls_pk_get_type(&pk) == type); TEST_ASSERT(mbedtls_pk_can_do(&pk, type)); @@ -1316,7 +1318,7 @@ exit: } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_MD_CAN_SHA256:PK_CAN_SIGN_SOME */ +/* BEGIN_CASE depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_CAN_SHA256:PK_CAN_SIGN_SOME */ void pk_sign_verify(int type, int curve_or_keybits, int rsa_padding, int rsa_md_alg, int sign_ret, int verify_ret) { @@ -1343,7 +1345,7 @@ void pk_sign_verify(int type, int curve_or_keybits, int rsa_padding, int rsa_md_ memset(hash, 0x2a, sizeof(hash)); memset(sig, 0, sizeof(sig)); - TEST_ASSERT(pk_genkey(&pk, mbedtls_pk_info_from_type(type), curve_or_keybits) == 0); + TEST_ASSERT(pk_genkey(&pk, type, curve_or_keybits) == 0); #if defined(MBEDTLS_RSA_C) if (type == MBEDTLS_PK_RSA) { @@ -1708,7 +1710,7 @@ exit: } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_RSA_C:MBEDTLS_PK_RSA_ALT_SUPPORT */ +/* BEGIN_CASE depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PK_RSA_ALT_SUPPORT */ void pk_rsa_alt() { /* @@ -1736,7 +1738,7 @@ void pk_rsa_alt() memset(test, 0, sizeof(test)); /* Initialize PK RSA context with random key */ - TEST_ASSERT(pk_genkey(&rsa, mbedtls_pk_info_from_type(MBEDTLS_PK_RSA), RSA_KEY_SIZE) == 0); + TEST_ASSERT(pk_genkey(&rsa, MBEDTLS_PK_RSA, RSA_KEY_SIZE) == 0); /* Extract key to the raw rsa context */ TEST_ASSERT(mbedtls_rsa_copy(&raw, mbedtls_pk_rsa(rsa)) == 0); @@ -1804,7 +1806,7 @@ exit: } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_PK_PSA_SIGN */ +/* BEGIN_CASE depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_CAN_SHA256:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_TEST_PK_PSA_SIGN */ void pk_psa_sign(int psa_type, int bits, int rsa_padding) { mbedtls_pk_context pk; @@ -1835,18 +1837,18 @@ void pk_psa_sign(int psa_type, int bits, int rsa_padding) USE_PSA_INIT(); /* Create the legacy EC/RSA PK context. */ -#if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_GENPRIME) +#if defined(MBEDTLS_RSA_C) if (PSA_KEY_TYPE_IS_RSA(psa_type)) { - TEST_EQUAL(pk_genkey(&pk, mbedtls_pk_info_from_type(MBEDTLS_PK_RSA), bits), 0); + TEST_EQUAL(pk_genkey(&pk, MBEDTLS_PK_RSA, bits), 0); TEST_EQUAL(mbedtls_rsa_set_padding(mbedtls_pk_rsa(pk), rsa_padding, MBEDTLS_MD_NONE), 0); } -#else /* MBEDTLS_RSA_C && MBEDTLS_GENPRIME */ +#else /* MBEDTLS_RSA_C && MBEDTLS_PK_PARSE_C */ (void) rsa_padding; #endif /* MBEDTLS_RSA_C && MBEDTLS_GENPRIME */ #if defined(MBEDTLS_PK_CAN_ECDSA_SIGN) if (PSA_KEY_TYPE_IS_ECC_KEY_PAIR(psa_type)) { ecp_grp_id = mbedtls_ecc_group_from_psa(psa_type, bits); - TEST_ASSERT(pk_genkey(&pk, mbedtls_pk_info_from_type(MBEDTLS_PK_ECKEY), ecp_grp_id) == 0); + TEST_ASSERT(pk_genkey(&pk, MBEDTLS_PK_ECKEY, ecp_grp_id) == 0); } #endif /* MBEDTLS_PK_CAN_ECDSA_SIGN */ @@ -1968,7 +1970,7 @@ exit: } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_GENPRIME */ +/* BEGIN_CASE depends_on:MBEDTLS_PK_PARSE_C */ void pk_sign_ext(int pk_type, int curve_or_keybits, int key_pk_type, int md_alg) { mbedtls_pk_context pk; @@ -1984,7 +1986,7 @@ void pk_sign_ext(int pk_type, int curve_or_keybits, int key_pk_type, int md_alg) mbedtls_pk_init(&pk); MD_OR_USE_PSA_INIT(); - TEST_EQUAL(pk_genkey(&pk, mbedtls_pk_info_from_type(pk_type), curve_or_keybits), 0); + TEST_EQUAL(pk_genkey(&pk, pk_type, curve_or_keybits), 0); TEST_EQUAL(mbedtls_pk_sign_ext(key_pk_type, &pk, md_alg, hash, hash_len, sig, sizeof(sig), &sig_len, @@ -2098,7 +2100,7 @@ exit: } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_PSA_CRYPTO_C */ +/* BEGIN_CASE depends_on:MBEDTLS_PSA_CRYPTO_C:MBEDTLS_PK_PARSE_C */ void pk_get_psa_attributes(int pk_type, int from_pair, int usage_arg, int to_pair, int expected_alg) @@ -2161,7 +2163,7 @@ exit: } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_PSA_CRYPTO_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V21:MBEDTLS_GENPRIME */ +/* BEGIN_CASE depends_on:MBEDTLS_PSA_CRYPTO_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V21:MBEDTLS_PK_PARSE_C */ void pk_rsa_v21_get_psa_attributes(int md_type, int from_pair, int usage_arg, int to_pair, int expected_alg) @@ -2209,7 +2211,7 @@ exit: } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_PSA_CRYPTO_C */ +/* BEGIN_CASE depends_on:MBEDTLS_PSA_CRYPTO_C:MBEDTLS_PK_PARSE_C */ void pk_get_psa_attributes_fail(int pk_type, int from_pair, int usage_arg, int expected_ret) @@ -2235,7 +2237,7 @@ exit: } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_PSA_CRYPTO_C:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE:MBEDTLS_PSA_CRYPTO_STORAGE_C */ +/* BEGIN_CASE depends_on:MBEDTLS_PSA_CRYPTO_C:MBEDTLS_PK_PARSE_C:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE:MBEDTLS_PSA_CRYPTO_STORAGE_C */ void pk_import_into_psa_lifetime(int from_opaque, int from_persistent, /* when from opaque */ int from_exportable, /* when from opaque */ @@ -2386,7 +2388,7 @@ exit: } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_PSA_CRYPTO_C */ +/* BEGIN_CASE depends_on:MBEDTLS_PSA_CRYPTO_C:MBEDTLS_PK_PARSE_C */ void pk_import_into_psa_fail(int pk_type, int from_pair, int type_arg, int bits_arg, int expected_ret) From a2c45dc713b842906fbd8361692d4513d1a3e41b Mon Sep 17 00:00:00 2001 From: Tom Cosgrove Date: Tue, 2 Apr 2024 14:26:13 +0100 Subject: [PATCH 054/429] Fix compilation of ssl_tls13_generic.c when memcpy() is a function-like macro Fixes #8994 Signed-off-by: Tom Cosgrove --- .../fix-compilation-when-memcpy-is-function-like-macro.txt | 2 ++ library/ssl_tls13_generic.c | 6 ++++-- 2 files changed, 6 insertions(+), 2 deletions(-) create mode 100644 ChangeLog.d/fix-compilation-when-memcpy-is-function-like-macro.txt diff --git a/ChangeLog.d/fix-compilation-when-memcpy-is-function-like-macro.txt b/ChangeLog.d/fix-compilation-when-memcpy-is-function-like-macro.txt new file mode 100644 index 0000000000..11e7d25392 --- /dev/null +++ b/ChangeLog.d/fix-compilation-when-memcpy-is-function-like-macro.txt @@ -0,0 +1,2 @@ +Bugfix + * Fix compilation error when memcpy() is a function-like macros. Fixes #8994. diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c index d448a054a9..3be6db78fc 100644 --- a/library/ssl_tls13_generic.c +++ b/library/ssl_tls13_generic.c @@ -193,10 +193,12 @@ static void ssl_tls13_create_verify_structure(const unsigned char *transcript_ha idx = 64; if (from == MBEDTLS_SSL_IS_CLIENT) { - memcpy(verify_buffer + idx, MBEDTLS_SSL_TLS1_3_LBL_WITH_LEN(client_cv)); + memcpy(verify_buffer + idx, mbedtls_ssl_tls13_labels.client_cv, + MBEDTLS_SSL_TLS1_3_LBL_LEN(client_cv)); idx += MBEDTLS_SSL_TLS1_3_LBL_LEN(client_cv); } else { /* from == MBEDTLS_SSL_IS_SERVER */ - memcpy(verify_buffer + idx, MBEDTLS_SSL_TLS1_3_LBL_WITH_LEN(server_cv)); + memcpy(verify_buffer + idx, mbedtls_ssl_tls13_labels.server_cv, + MBEDTLS_SSL_TLS1_3_LBL_LEN(server_cv)); idx += MBEDTLS_SSL_TLS1_3_LBL_LEN(server_cv); } From 3d0f182a41892257f0c3d1b3b153d15ab70deede Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Tue, 2 Apr 2024 17:03:53 +0200 Subject: [PATCH 055/429] ssl-opt.sh: Fix some test dependencies Signed-off-by: Ronald Cron --- tests/opt-testcases/tls13-kex-modes.sh | 43 +++++++++++++++++--------- 1 file changed, 28 insertions(+), 15 deletions(-) diff --git a/tests/opt-testcases/tls13-kex-modes.sh b/tests/opt-testcases/tls13-kex-modes.sh index 49f06e0715..bd4f877d0e 100755 --- a/tests/opt-testcases/tls13-kex-modes.sh +++ b/tests/opt-testcases/tls13-kex-modes.sh @@ -1460,8 +1460,10 @@ run_test "TLS 1.3: O->m: all/psk_or_ephemeral, fail, key material mismatch" \ -S "key exchange mode: ephemeral" requires_openssl_tls1_3_with_compatible_ephemeral -requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED +requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ + MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C \ + MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED \ + PSA_WANT_ALG_ECDH PSA_WANT_ECC_SECP_R1_256 run_test "TLS 1.3: O->m: psk_ephemeral group(secp256r1) check, good" \ "$P_SRV tls13_kex_modes=psk_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ "$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex -groups P-256 \ @@ -1473,8 +1475,10 @@ run_test "TLS 1.3: O->m: psk_ephemeral group(secp256r1) check, good" \ -S "key exchange mode: ephemeral" requires_openssl_tls1_3_with_compatible_ephemeral -requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED +requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ + MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C \ + MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED \ + PSA_WANT_ALG_ECDH PSA_WANT_ECC_SECP_R1_384 run_test "TLS 1.3: O->m: psk_ephemeral group(secp384r1) check, good" \ "$P_SRV tls13_kex_modes=psk_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ "$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex -groups secp384r1 \ @@ -1486,8 +1490,10 @@ run_test "TLS 1.3: O->m: psk_ephemeral group(secp384r1) check, good" \ -S "key exchange mode: ephemeral" requires_openssl_tls1_3_with_compatible_ephemeral -requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED +requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ + MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C \ + MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED \ + PSA_WANT_ALG_ECDH PSA_WANT_ECC_SECP_R1_521 run_test "TLS 1.3: O->m: psk_ephemeral group(secp521r1) check, good" \ "$P_SRV tls13_kex_modes=psk_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ "$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex -groups secp521r1 \ @@ -1499,8 +1505,10 @@ run_test "TLS 1.3: O->m: psk_ephemeral group(secp521r1) check, good" \ -S "key exchange mode: ephemeral" requires_openssl_tls1_3_with_compatible_ephemeral -requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED +requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ + MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C \ + MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED \ + PSA_WANT_ALG_ECDH PSA_WANT_ECC_MONTGOMERY_255 run_test "TLS 1.3: O->m: psk_ephemeral group(x25519) check, good" \ "$P_SRV tls13_kex_modes=psk_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ "$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex -groups X25519 \ @@ -1512,8 +1520,10 @@ run_test "TLS 1.3: O->m: psk_ephemeral group(x25519) check, good" \ -S "key exchange mode: ephemeral" requires_openssl_tls1_3_with_compatible_ephemeral -requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED +requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ + MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C \ + MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED \ + PSA_WANT_ALG_ECDH PSA_WANT_ECC_MONTGOMERY_448 run_test "TLS 1.3: O->m: psk_ephemeral group(x448) check, good" \ "$P_SRV tls13_kex_modes=psk_ephemeral debug_level=5 psk_identity=Client_identity psk=6162636465666768696a6b6c6d6e6f70" \ "$O_NEXT_CLI -tls1_3 -msg -allow_no_dhe_kex -groups X448 \ @@ -1524,9 +1534,11 @@ run_test "TLS 1.3: O->m: psk_ephemeral group(x448) check, good" \ -s "key exchange mode: psk_ephemeral" \ -S "key exchange mode: ephemeral" -requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C requires_openssl_tls1_3_with_compatible_ephemeral -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED +requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ + MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C \ + MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED \ + PSA_WANT_ALG_ECDH PSA_WANT_ECC_SECP_R1_384 run_test "TLS 1.3 O->m: psk_ephemeral group(secp256r1->secp384r1) check, good" \ "$P_SRV tls13_kex_modes=psk_ephemeral debug_level=5 psk_list=Client_identity,6162636465666768696a6b6c6d6e6f70,abc,dead,def,beef groups=secp384r1" \ "$O_NEXT_CLI_NO_CERT -tls1_3 -msg -allow_no_dhe_kex -psk_identity Client_identity -psk 6162636465666768696a6b6c6d6e6f70 -groups P-256:P-384" \ @@ -1537,12 +1549,13 @@ run_test "TLS 1.3 O->m: psk_ephemeral group(secp256r1->secp384r1) check, good" \ -s "key exchange mode: psk_ephemeral" \ -S "key exchange mode: ephemeral" -requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C requires_gnutls_tls1_3 requires_gnutls_next_no_ticket requires_gnutls_next_disable_tls13_compat -requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -requires_config_enabled PSA_WANT_ALG_ECDH +requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ + MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C \ + MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED \ + PSA_WANT_ALG_ECDH PSA_WANT_ECC_SECP_R1_384 run_test "TLS 1.3 G->m: psk_ephemeral group(secp256r1->secp384r1) check, good" \ "$P_SRV tls13_kex_modes=psk_ephemeral debug_level=5 psk_list=Client_identity,6162636465666768696a6b6c6d6e6f70,abc,dead,def,beef groups=secp384r1" \ "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --priority NORMAL:-VERS-ALL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK:+VERS-TLS1.3:-GROUP-ALL:+GROUP-SECP256R1:+GROUP-SECP384R1 --pskusername Client_identity --pskkey 6162636465666768696a6b6c6d6e6f70 localhost" \ From dd96c0a2df84942c69ec2240ec8efe6a7129f16f Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Tue, 2 Apr 2024 12:34:24 +0200 Subject: [PATCH 056/429] all.sh: Use full instead of default as the base for the new component Signed-off-by: Ronald Cron --- tests/scripts/all.sh | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index d811dd7888..8f0b54768e 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -6050,14 +6050,16 @@ component_test_tls13_no_compatibility_mode () { tests/ssl-opt.sh } -component_test_default_minus_session_tickets() { - msg "build: default config without session tickets" +component_test_full_minus_session_tickets() { + msg "build: full config without session tickets" + scripts/config.py full scripts/config.py unset MBEDTLS_SSL_SESSION_TICKETS + scripts/config.py unset MBEDTLS_SSL_EARLY_DATA CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . make - msg "test: default config without session tickets" + msg "test: full config without session tickets" make test - msg "ssl-opt.sh (default config without session tickets)" + msg "ssl-opt.sh (full config without session tickets)" tests/ssl-opt.sh } From cf47a15e960d279d9e18d6728a9961942843a5d7 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Tue, 2 Apr 2024 13:19:57 +0200 Subject: [PATCH 057/429] ssl_msg.c: Rename _check_new_session_ticket to _is_new_session_ticket Signed-off-by: Ronald Cron --- library/ssl_msg.c | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/library/ssl_msg.c b/library/ssl_msg.c index a9b94e6f0a..2bdad848a9 100644 --- a/library/ssl_msg.c +++ b/library/ssl_msg.c @@ -5572,15 +5572,15 @@ static int ssl_check_ctr_renegotiate(mbedtls_ssl_context *ssl) #if defined(MBEDTLS_SSL_CLI_C) MBEDTLS_CHECK_RETURN_CRITICAL -static int ssl_tls13_check_new_session_ticket(mbedtls_ssl_context *ssl) +static int ssl_tls13_is_new_session_ticket(mbedtls_ssl_context *ssl) { if ((ssl->in_hslen == mbedtls_ssl_hs_hdr_len(ssl)) || (ssl->in_msg[0] != MBEDTLS_SSL_HS_NEW_SESSION_TICKET)) { - return -1; + return 0; } - return 0; + return 1; } #endif /* MBEDTLS_SSL_CLI_C */ @@ -5592,8 +5592,7 @@ static int ssl_tls13_handle_hs_message_post_handshake(mbedtls_ssl_context *ssl) #if defined(MBEDTLS_SSL_CLI_C) if (ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT) { - int ret = ssl_tls13_check_new_session_ticket(ssl); - if (ret == 0) { + if (ssl_tls13_is_new_session_ticket(ssl)) { #if defined(MBEDTLS_SSL_SESSION_TICKETS) MBEDTLS_SSL_DEBUG_MSG(3, ("NewSessionTicket received")); ssl->keep_current_message = 1; From da73abc8d7bee646b97ce39ac2295c5795d17d7d Mon Sep 17 00:00:00 2001 From: Troy-Butler Date: Tue, 2 Apr 2024 13:37:31 -0400 Subject: [PATCH 058/429] Fix NULL handling in mbedtls_ssl_config.free() function Signed-off-by: Troy-Butler --- library/ssl_tls.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index ac53853a5b..32fa8e3d36 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -6029,6 +6029,10 @@ int mbedtls_ssl_config_defaults(mbedtls_ssl_config *conf, */ void mbedtls_ssl_config_free(mbedtls_ssl_config *conf) { + if (conf == NULL) { + return; + } + #if defined(MBEDTLS_DHM_C) mbedtls_mpi_free(&conf->dhm_P); mbedtls_mpi_free(&conf->dhm_G); From 3e22bf2a3150cdf372121dac07da6ed5be671f78 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Wed, 3 Apr 2024 13:42:20 +0200 Subject: [PATCH 059/429] generate_test_keys.py: minor improvements - remove BEGIN_FILE/END_FILE lines from output header file. - add single disclaimer at the beginning of the file instead of having it repeated for every array. - improved exception message for missing key generation program. This commits also regenerates "test_keys.h" in order to fully comply with the new format. Signed-off-by: Valerio Setti --- tests/scripts/generate_test_keys.py | 18 +- tests/src/test_keys.h | 1315 +++++++++++++-------------- 2 files changed, 641 insertions(+), 692 deletions(-) diff --git a/tests/scripts/generate_test_keys.py b/tests/scripts/generate_test_keys.py index c2d23c91e1..23bc9a19e8 100755 --- a/tests/scripts/generate_test_keys.py +++ b/tests/scripts/generate_test_keys.py @@ -40,7 +40,7 @@ KEYS = { def generate_der_file(curve_type: str, curve_or_bits: str): if not os.path.exists(KEY_GEN): - raise Exception("Key generation program does not exist.") + raise Exception(KEY_GEN + " does not exist. Please build it before running this script.") if curve_type == 'ec': cob_param = 'ec_curve=' + curve_or_bits else: @@ -66,13 +66,6 @@ def convert_der_to_c(array_name: str) -> str: return output_text -def write_header(macro_name: str): - return ("/* This macro was generated from tests/scripts/generate_test_keys.py */\n" + - "/* BEGIN FILE string macro {} */\n".format(macro_name)) - -def write_footer(): - return "/* END FILE */\n" - def main(): # Remove intermediate and output files if already existing. if os.path.exists(OUTPUT_HEADER_FILE): @@ -81,6 +74,13 @@ def main(): os.remove(TMP_DER_FILE) output_file = open(OUTPUT_HEADER_FILE, 'at') + output_file.write( + "/*********************************************************************************\n" + + " * This file was automatically generated from tests/scripts/generate_test_keys.py.\n" + + " * Please do not edit it manually.\n" + + " *********************************************************************************/\n" + + "\n" + ) add_newline = False for key in KEYS: @@ -91,10 +91,8 @@ def main(): # to the output header file. if add_newline: output_file.write("\n") - output_file.write(write_header(key)) c_data = convert_der_to_c(key) output_file.write(c_data) - output_file.write(write_footer()) # Remove the temporary key file. os.remove(TMP_DER_FILE) add_newline = True diff --git a/tests/src/test_keys.h b/tests/src/test_keys.h index 0c9fc6edaf..197e142ddd 100644 --- a/tests/src/test_keys.h +++ b/tests/src/test_keys.h @@ -1,742 +1,693 @@ -/* This macro was generated from tests/scripts/generate_test_keys.py */ -/* BEGIN FILE string macro test_rsa_1024 */ +/********************************************************************************* + * This file was automatically generated from tests/scripts/generate_test_keys.py. + * Please do not edit it manually. + *********************************************************************************/ + const unsigned char test_rsa_1024[] = { - 0x30, 0x82, 0x02, 0x5d, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x00, 0xa3, - 0x41, 0xeb, 0xfb, 0x42, 0x66, 0xcb, 0x43, 0x5d, 0xa1, 0x0a, 0x6f, 0xdc, - 0x66, 0x35, 0x71, 0x49, 0x6c, 0x03, 0x09, 0x0b, 0x3b, 0x02, 0x2e, 0xeb, - 0x8b, 0x9c, 0xed, 0x0a, 0x9b, 0xc4, 0x80, 0xa4, 0xf3, 0x80, 0x2d, 0xa0, - 0x22, 0x22, 0x4c, 0x84, 0x81, 0x13, 0x05, 0x0c, 0xdc, 0x62, 0xe0, 0xd3, - 0x19, 0x4a, 0x1e, 0x47, 0x16, 0x44, 0x4b, 0xc8, 0x61, 0x30, 0x13, 0x2c, - 0x8c, 0xa6, 0x31, 0x6e, 0x2b, 0xbe, 0x17, 0x64, 0x60, 0xbe, 0xb5, 0x7c, - 0xea, 0xbe, 0xe1, 0xb3, 0x20, 0x9f, 0x13, 0x71, 0x97, 0x12, 0x3c, 0x2c, - 0x09, 0xd8, 0x95, 0x88, 0x6b, 0x01, 0x10, 0x12, 0x6d, 0x18, 0xd3, 0xf7, - 0x2d, 0xab, 0x10, 0x2a, 0xd1, 0x32, 0x72, 0x52, 0x4b, 0xd9, 0x21, 0xea, - 0x14, 0x93, 0xac, 0x9a, 0x18, 0x80, 0x02, 0x54, 0x42, 0x6a, 0xfc, 0xed, - 0x0f, 0xec, 0xb3, 0xdf, 0x2b, 0x54, 0x31, 0x02, 0x03, 0x01, 0x00, 0x01, - 0x02, 0x81, 0x80, 0x01, 0x1f, 0xc4, 0xd3, 0x71, 0xd1, 0x59, 0xe0, 0x70, - 0x9e, 0x59, 0x7f, 0x4c, 0x2d, 0xf2, 0xfb, 0xc0, 0xf4, 0xea, 0xaf, 0x6f, - 0x01, 0x9c, 0xc1, 0xfc, 0x72, 0xb5, 0x65, 0xa7, 0x6f, 0x4b, 0xa2, 0xd4, - 0x1f, 0xee, 0x17, 0xc2, 0x54, 0xc1, 0xd6, 0x33, 0x8a, 0x5c, 0xfa, 0x69, - 0xac, 0x81, 0xcc, 0xc8, 0xff, 0x51, 0x54, 0x94, 0x8a, 0x39, 0x75, 0xa9, - 0x1f, 0x4c, 0x30, 0xb1, 0x9b, 0x95, 0x50, 0x5a, 0x7f, 0x9e, 0xc7, 0xd1, - 0x4c, 0x92, 0x20, 0x55, 0x4f, 0xe6, 0x8e, 0xb0, 0xfc, 0x77, 0xc3, 0x79, - 0x81, 0x9e, 0xda, 0xae, 0xed, 0xfd, 0x05, 0xd9, 0x37, 0xaa, 0x4b, 0xd4, - 0x9b, 0xa0, 0x3c, 0xd0, 0x86, 0xe1, 0xa5, 0x6f, 0x19, 0xe1, 0x59, 0x57, - 0xcb, 0xbf, 0x37, 0x0d, 0xbe, 0x17, 0xf5, 0xab, 0x13, 0x76, 0x9a, 0xef, - 0x8c, 0x7e, 0xca, 0xc4, 0x78, 0x20, 0x20, 0x10, 0x90, 0x4a, 0x81, 0x02, - 0x41, 0x00, 0xd6, 0x08, 0x58, 0x09, 0xc8, 0xba, 0x06, 0xa9, 0xf0, 0x0f, - 0x9e, 0x62, 0x0a, 0xde, 0xe3, 0x15, 0x87, 0xac, 0x19, 0x6f, 0x5b, 0x65, - 0x77, 0x77, 0x41, 0xf2, 0xf9, 0x2d, 0xb1, 0x10, 0x50, 0x9e, 0xa2, 0xe9, - 0xa2, 0xe1, 0x0d, 0xf4, 0xa9, 0x31, 0x43, 0x7f, 0xe8, 0xbd, 0xbd, 0xab, - 0x9c, 0x3d, 0xb6, 0x11, 0x20, 0xcb, 0x93, 0xbe, 0xc0, 0x0e, 0xa7, 0x91, - 0xf9, 0x77, 0xe9, 0x5a, 0xdf, 0x21, 0x02, 0x41, 0x00, 0xc3, 0x44, 0xda, - 0x87, 0x88, 0xfe, 0x44, 0xef, 0x5c, 0x80, 0x6e, 0x4f, 0x69, 0x31, 0xd9, - 0x86, 0x57, 0x5a, 0xf4, 0x16, 0xd4, 0x84, 0x11, 0xc9, 0x77, 0xac, 0xec, - 0xcc, 0x2a, 0xec, 0xd3, 0x4d, 0xff, 0xc4, 0x49, 0xd0, 0x3b, 0x2d, 0x1f, - 0x77, 0x27, 0x6c, 0x7b, 0x7f, 0x00, 0xc9, 0x02, 0xea, 0x1e, 0x87, 0x7b, - 0x5a, 0x67, 0xc4, 0xdb, 0x6d, 0xc4, 0xc5, 0xcd, 0xaf, 0x04, 0x81, 0x23, - 0x11, 0x02, 0x41, 0x00, 0xc1, 0x1d, 0x6e, 0x32, 0x05, 0xc6, 0xb3, 0x54, - 0x89, 0xa1, 0xce, 0x0a, 0x30, 0x3c, 0xc3, 0x30, 0x1d, 0xe6, 0x0e, 0x5d, - 0x07, 0x5e, 0x19, 0xd8, 0xa4, 0xcc, 0x92, 0x3f, 0xc3, 0xcf, 0x30, 0xae, - 0xb1, 0xd7, 0x94, 0x7a, 0xf3, 0x98, 0x99, 0x40, 0x35, 0xe3, 0x27, 0x20, - 0x6c, 0x0e, 0x77, 0x3e, 0xc7, 0x13, 0xd5, 0x3f, 0x59, 0xe3, 0x76, 0x6e, - 0xc2, 0x8b, 0x57, 0x47, 0xf6, 0x69, 0x63, 0x81, 0x02, 0x40, 0x78, 0x14, - 0xa9, 0x86, 0x5b, 0xba, 0x71, 0xcd, 0xf8, 0xc6, 0x8a, 0x0f, 0x8f, 0x93, - 0x36, 0x3f, 0xa5, 0x0c, 0xab, 0xba, 0x36, 0x6a, 0x19, 0x3e, 0x19, 0xb8, - 0x5f, 0xce, 0x96, 0x3f, 0x19, 0x1a, 0x88, 0x44, 0xbf, 0x57, 0xac, 0x6c, - 0x6d, 0x43, 0x2b, 0x1d, 0x4d, 0x3c, 0xa6, 0xd0, 0xf6, 0x57, 0xde, 0xfa, - 0x55, 0xe3, 0x1c, 0x99, 0x34, 0x8f, 0x66, 0x48, 0x75, 0xda, 0x41, 0x1c, - 0xe0, 0xe1, 0x02, 0x41, 0x00, 0xa1, 0x87, 0x23, 0x89, 0x69, 0x7e, 0x0b, - 0x69, 0x03, 0xac, 0x76, 0x05, 0xad, 0x42, 0xe9, 0x3f, 0xfc, 0xe7, 0x03, - 0x49, 0x8e, 0x0a, 0xcf, 0x74, 0x82, 0x7f, 0x00, 0x43, 0x14, 0x7e, 0x0c, - 0xce, 0xe7, 0x8b, 0xcb, 0x94, 0xf1, 0xae, 0x0b, 0xf2, 0x53, 0xfc, 0xa9, - 0xd1, 0x45, 0x95, 0x43, 0x0f, 0x16, 0x67, 0x52, 0x3f, 0xb9, 0x0b, 0x3d, - 0xc3, 0xce, 0x82, 0x69, 0x90, 0x35, 0xa6, 0x15, 0xef, + 0x30, 0x82, 0x02, 0x5b, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x00, 0x96, + 0xbf, 0x20, 0x0e, 0x0b, 0xab, 0xff, 0x46, 0x3d, 0xd8, 0xc4, 0x25, 0x71, + 0x78, 0x27, 0xe4, 0x27, 0xfd, 0x9c, 0x38, 0x26, 0x25, 0xc2, 0x05, 0xb2, + 0x9a, 0x73, 0x04, 0x99, 0xa8, 0x75, 0x00, 0x98, 0x6b, 0x28, 0xec, 0xe9, + 0x87, 0x6c, 0x92, 0xf8, 0xdd, 0x6e, 0x3b, 0x0a, 0xae, 0x79, 0x79, 0xa1, + 0xbc, 0x39, 0xc2, 0x3e, 0x2d, 0x46, 0xad, 0x09, 0xff, 0xec, 0x3a, 0x2b, + 0xf5, 0xaf, 0x87, 0xaa, 0x69, 0x25, 0xa3, 0x71, 0xa1, 0xe0, 0x43, 0x13, + 0x63, 0xac, 0x0d, 0x54, 0x62, 0x5b, 0xd3, 0x1b, 0x36, 0x0e, 0x6d, 0x26, + 0x80, 0x56, 0xd3, 0x10, 0xf2, 0x21, 0xd4, 0xac, 0x96, 0x3e, 0xe6, 0x66, + 0x7a, 0xea, 0x02, 0x14, 0x02, 0x28, 0x0f, 0x92, 0x46, 0x82, 0x23, 0x06, + 0xd6, 0xef, 0xcc, 0x69, 0x3b, 0x58, 0x82, 0xb0, 0xd7, 0x26, 0x9f, 0x10, + 0x7c, 0x68, 0x5c, 0x4c, 0x91, 0x0c, 0x27, 0x02, 0x03, 0x01, 0x00, 0x01, + 0x02, 0x81, 0x80, 0x15, 0xb8, 0x8f, 0x62, 0xb1, 0x62, 0xd9, 0xf8, 0x61, + 0xe3, 0xfb, 0x36, 0x01, 0x4e, 0x14, 0xc2, 0xbc, 0x27, 0xbf, 0xb1, 0x45, + 0x7f, 0x38, 0xf5, 0x94, 0xe1, 0x20, 0x03, 0xeb, 0x2c, 0xc9, 0xed, 0xc9, + 0x33, 0x33, 0xa5, 0x43, 0x6c, 0x57, 0x2e, 0xd6, 0xe6, 0x22, 0x6d, 0x26, + 0x77, 0xb2, 0x70, 0x33, 0x67, 0x9e, 0xe8, 0xf2, 0xb2, 0xed, 0x15, 0x4a, + 0x34, 0xbd, 0x47, 0x3a, 0x85, 0xff, 0x01, 0xc9, 0x8e, 0xa9, 0x3d, 0x65, + 0xaa, 0x62, 0xcb, 0xf7, 0x33, 0xdd, 0xfb, 0x69, 0x67, 0xa4, 0xc6, 0xda, + 0x3e, 0xc9, 0x5a, 0x00, 0xaa, 0xb7, 0xde, 0x01, 0x45, 0x15, 0xfb, 0x8b, + 0x87, 0x68, 0x40, 0xa7, 0xf1, 0xe3, 0xc2, 0xeb, 0xa1, 0x9a, 0xcd, 0x49, + 0xf8, 0x19, 0xae, 0x61, 0x5a, 0x8e, 0x2d, 0x8f, 0x49, 0x85, 0x09, 0x64, + 0x48, 0x29, 0x4a, 0x2c, 0x1a, 0x12, 0x51, 0x33, 0xbe, 0xc0, 0x0d, 0x02, + 0x41, 0x00, 0xc7, 0x67, 0x6c, 0xc0, 0xb8, 0x44, 0x65, 0x5c, 0xd1, 0xfd, + 0xb3, 0x36, 0x91, 0xf5, 0xb4, 0xf9, 0x51, 0x55, 0x18, 0x9a, 0x42, 0x68, + 0xe5, 0xd0, 0x73, 0xe9, 0xdd, 0xf0, 0x91, 0x49, 0xa8, 0x2b, 0x3f, 0x8a, + 0xfc, 0xc5, 0x43, 0x9a, 0xa8, 0x4a, 0xe7, 0xe8, 0xf3, 0xdd, 0x3d, 0x9f, + 0x9c, 0xb8, 0xa7, 0xab, 0xeb, 0xd8, 0xc0, 0xa3, 0xae, 0xde, 0x1d, 0x46, + 0x38, 0x87, 0x2d, 0x96, 0x3b, 0x4d, 0x02, 0x41, 0x00, 0xc1, 0x88, 0x48, + 0x0c, 0xb2, 0x5e, 0x24, 0x09, 0x11, 0x93, 0xbc, 0xaa, 0x8d, 0x27, 0x14, + 0x47, 0x4e, 0x59, 0xae, 0x53, 0xfc, 0x75, 0x02, 0x56, 0xa5, 0x10, 0x33, + 0x92, 0x72, 0xa5, 0xbe, 0x95, 0xbc, 0x4e, 0x19, 0x85, 0x89, 0xd1, 0xc2, + 0xe4, 0xf4, 0x64, 0x1d, 0xe0, 0x7e, 0xa7, 0x2d, 0x7b, 0x6d, 0xb0, 0xb0, + 0x2a, 0x1b, 0xad, 0xc6, 0x6c, 0xf5, 0x64, 0x53, 0x31, 0xaa, 0xb4, 0x23, + 0x43, 0x02, 0x40, 0x64, 0xb0, 0x77, 0xfc, 0xf4, 0xcf, 0x2c, 0xb3, 0xeb, + 0x21, 0x85, 0x8e, 0x47, 0xb3, 0xdf, 0xb7, 0x89, 0x77, 0x43, 0xde, 0x19, + 0x2c, 0xa8, 0xe7, 0x52, 0xb0, 0xc4, 0x2e, 0x46, 0xde, 0xff, 0xb9, 0x1e, + 0xf4, 0x0a, 0xe1, 0x7d, 0x5a, 0xaa, 0x22, 0x70, 0xea, 0x73, 0xc1, 0xc2, + 0xed, 0x47, 0x11, 0x03, 0x31, 0xcf, 0xfc, 0xfa, 0x81, 0x6c, 0xba, 0xa1, + 0xe3, 0xa4, 0x85, 0xb5, 0xe2, 0x47, 0x7d, 0x02, 0x40, 0x13, 0xcb, 0x4b, + 0x8b, 0x38, 0xe7, 0x16, 0x0a, 0x73, 0x68, 0xc7, 0xe0, 0x2d, 0xc5, 0xb4, + 0x76, 0x42, 0x96, 0x3b, 0x95, 0x4d, 0x79, 0xee, 0x3e, 0x4c, 0x6d, 0xa6, + 0xc8, 0xb0, 0xbf, 0x31, 0x0a, 0x01, 0x93, 0x7f, 0x5a, 0xc0, 0x28, 0xdb, + 0x25, 0x2d, 0xb5, 0xdb, 0xb4, 0x6d, 0x5f, 0xcd, 0xf0, 0x14, 0xdd, 0x00, + 0x77, 0x9e, 0x13, 0x1c, 0xfb, 0x61, 0xf1, 0xdb, 0xec, 0x75, 0x88, 0x2d, + 0x1f, 0x02, 0x40, 0x21, 0x0a, 0xa0, 0x87, 0x82, 0x23, 0x01, 0xe9, 0x8b, + 0xcc, 0x29, 0xb3, 0x47, 0x69, 0xfe, 0x37, 0x65, 0x90, 0x79, 0xaa, 0x36, + 0x9b, 0x6c, 0x58, 0xd4, 0x62, 0x08, 0x6c, 0xfe, 0x1f, 0xec, 0x89, 0xbb, + 0x85, 0x9e, 0x27, 0xd2, 0x0d, 0x97, 0xaa, 0x3d, 0x2c, 0x00, 0xee, 0x60, + 0x95, 0x77, 0x6e, 0x5d, 0xc4, 0xe2, 0x49, 0x3f, 0x79, 0x38, 0x78, 0xc8, + 0x48, 0xa3, 0xe3, 0x80, 0x46, 0xcb, 0x22, }; -/* END FILE */ -/* This macro was generated from tests/scripts/generate_test_keys.py */ -/* BEGIN FILE string macro test_rsa_1026 */ const unsigned char test_rsa_1026[] = { - 0x30, 0x82, 0x02, 0x5e, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x03, 0x17, - 0x5c, 0xd2, 0x6b, 0x55, 0xf6, 0x1a, 0x0b, 0x42, 0x33, 0xc8, 0x18, 0x08, - 0x26, 0x31, 0x35, 0x04, 0x0a, 0xdb, 0xab, 0x0b, 0xd9, 0x49, 0x70, 0x59, - 0xcb, 0x51, 0xce, 0xc7, 0x14, 0x7c, 0xd6, 0xdf, 0xaf, 0x26, 0x71, 0xac, - 0x1f, 0xf9, 0xae, 0xa8, 0xe4, 0xc5, 0xde, 0xfe, 0x84, 0xbb, 0x68, 0x07, - 0xa9, 0x48, 0x82, 0x83, 0x5b, 0xbc, 0x2b, 0x75, 0x32, 0x51, 0xb5, 0x98, - 0xe0, 0x9b, 0xa2, 0xbd, 0x0f, 0x29, 0x96, 0x58, 0x5d, 0xbc, 0x80, 0xeb, - 0x9b, 0xda, 0xae, 0x8c, 0xf4, 0xea, 0x3e, 0xa1, 0xf4, 0x7a, 0x97, 0x13, - 0x42, 0x74, 0x74, 0x47, 0x83, 0xff, 0x31, 0xf8, 0x82, 0x92, 0xe3, 0xb1, - 0x38, 0x30, 0xea, 0x17, 0x67, 0x4b, 0xb6, 0x69, 0xdc, 0x5f, 0x17, 0xf2, - 0x94, 0x3f, 0xc8, 0x07, 0x1b, 0x10, 0x81, 0x8b, 0xd0, 0x2f, 0xfc, 0x8f, - 0xfb, 0xab, 0xa0, 0xa9, 0x02, 0x3b, 0x79, 0x02, 0x03, 0x01, 0x00, 0x01, - 0x02, 0x81, 0x80, 0x04, 0x29, 0x3b, 0x62, 0xcf, 0xe5, 0xe6, 0x60, 0xc1, - 0xfa, 0x28, 0x20, 0x30, 0x39, 0x2e, 0x63, 0x0e, 0x60, 0x95, 0xd6, 0xb5, - 0x67, 0xd7, 0x48, 0x6a, 0x26, 0xdb, 0x55, 0xdd, 0x34, 0xea, 0x92, 0x54, - 0x44, 0xc5, 0x4c, 0xc7, 0x50, 0x51, 0x53, 0xfa, 0x61, 0x5e, 0x5e, 0x95, - 0x9a, 0x05, 0x77, 0xd8, 0x5d, 0xaa, 0xe7, 0xbc, 0xc7, 0x15, 0x4e, 0x69, - 0x31, 0x25, 0x8a, 0xd7, 0x81, 0x25, 0x3d, 0x22, 0xdf, 0xd1, 0x91, 0x78, - 0xd2, 0xd1, 0x24, 0xb9, 0xa6, 0x9a, 0x12, 0xc5, 0xe1, 0xfe, 0xe7, 0x94, - 0xad, 0xbd, 0x9e, 0x6b, 0xe0, 0x97, 0x32, 0x33, 0x6a, 0xae, 0x98, 0x66, - 0xd7, 0x96, 0x7a, 0x72, 0xc7, 0xb4, 0x69, 0xef, 0x3d, 0x20, 0x37, 0x48, - 0xad, 0xd4, 0x92, 0x8a, 0xc0, 0x3f, 0x08, 0xfc, 0x8f, 0x61, 0xcc, 0x60, - 0x60, 0x49, 0xa7, 0xe4, 0xa0, 0x62, 0xf5, 0x7e, 0x19, 0xb5, 0x81, 0x02, - 0x41, 0x01, 0xe7, 0x1d, 0x98, 0x00, 0xc1, 0x36, 0xa4, 0x3e, 0x84, 0x3f, - 0xd1, 0x43, 0x9c, 0x4e, 0xa2, 0x62, 0xb2, 0x6b, 0x5d, 0x93, 0x5d, 0x41, - 0x51, 0x46, 0x6a, 0x75, 0x76, 0x97, 0xcc, 0x38, 0xa9, 0xeb, 0xbf, 0xae, - 0xcb, 0xd8, 0xac, 0x6b, 0x7b, 0xfa, 0xc7, 0x37, 0x6d, 0xc0, 0x7f, 0xb2, - 0x84, 0xaa, 0x6a, 0x54, 0x6f, 0xd7, 0xd0, 0xf6, 0x0c, 0xe6, 0x11, 0xc9, - 0xcc, 0xce, 0xa6, 0xb8, 0x66, 0x69, 0x02, 0x41, 0x01, 0x9f, 0xe5, 0x0e, - 0x78, 0x9f, 0xb4, 0x44, 0xba, 0x29, 0x74, 0xe7, 0xdb, 0x98, 0x44, 0xd2, - 0xa6, 0x03, 0xa6, 0xe7, 0xb4, 0x00, 0x6e, 0xe1, 0xcf, 0xa7, 0xcd, 0xe4, - 0xa8, 0x8e, 0xa7, 0xb8, 0xcd, 0x68, 0x23, 0x07, 0x6f, 0x47, 0xb9, 0xcd, - 0x59, 0x34, 0xc2, 0x9e, 0xc0, 0xb2, 0xed, 0x7a, 0x9b, 0xc2, 0x3d, 0xab, - 0x64, 0x36, 0xdd, 0xf9, 0xf2, 0x2d, 0xc1, 0x42, 0x4f, 0x11, 0x4b, 0x2a, - 0x91, 0x02, 0x41, 0x01, 0x73, 0xdd, 0x4c, 0xc0, 0x2e, 0xc0, 0x37, 0x0c, - 0x9e, 0xcb, 0x55, 0x46, 0xe7, 0x19, 0xc4, 0xaf, 0xd2, 0x03, 0x52, 0xd1, - 0x80, 0x1c, 0xb0, 0x1e, 0x30, 0x81, 0x71, 0xc2, 0x9a, 0x9e, 0x1b, 0x62, - 0x24, 0xd8, 0x1d, 0x38, 0x51, 0x10, 0x50, 0xfa, 0x76, 0x81, 0x23, 0x21, - 0x14, 0x9b, 0x44, 0xda, 0x10, 0x08, 0x5b, 0xc5, 0x86, 0xf9, 0x7f, 0x89, - 0x57, 0xc5, 0x15, 0xbc, 0x20, 0xdc, 0x9f, 0x19, 0x02, 0x41, 0x00, 0xd1, - 0xcd, 0xb6, 0x98, 0x29, 0x50, 0xc2, 0x5e, 0xfb, 0x6c, 0xeb, 0x4e, 0x3f, - 0x29, 0x70, 0xee, 0xa8, 0xe6, 0xf8, 0xfa, 0x38, 0x41, 0xb7, 0x8e, 0x8f, - 0x03, 0x71, 0xf7, 0x8a, 0x47, 0x98, 0x15, 0x9f, 0x14, 0x14, 0xbb, 0x11, - 0x7e, 0xec, 0xd5, 0xb4, 0xa4, 0xfd, 0x7b, 0x0e, 0x88, 0x78, 0x92, 0xbc, - 0xd1, 0x69, 0x75, 0xdb, 0xab, 0xed, 0x5c, 0x3b, 0xb2, 0xc3, 0xa5, 0xa9, - 0x7e, 0xb6, 0xd1, 0x02, 0x41, 0x01, 0x5e, 0x54, 0x53, 0x64, 0x9d, 0x04, - 0xe9, 0xb8, 0x6c, 0x96, 0x61, 0x85, 0xfe, 0x7c, 0x5b, 0x81, 0x46, 0x7b, - 0x92, 0xb7, 0xb7, 0x0a, 0x84, 0x9a, 0x1b, 0xcf, 0x9e, 0x56, 0xcb, 0x25, - 0xd6, 0xe2, 0x7d, 0xb9, 0xf1, 0x7e, 0x25, 0x34, 0x2a, 0x9c, 0xc7, 0x78, - 0xe8, 0x0b, 0xea, 0x04, 0xf8, 0x2e, 0xb0, 0xd5, 0xed, 0xb9, 0xdc, 0x71, - 0xdb, 0x9f, 0xba, 0xe6, 0xe5, 0xbb, 0xbd, 0xc0, 0x7c, 0xd7, + 0x30, 0x82, 0x02, 0x5e, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x02, 0xae, + 0x9a, 0x65, 0x51, 0x54, 0x10, 0x29, 0xa3, 0x7a, 0x5f, 0xa3, 0x1b, 0x9d, + 0xf3, 0x0e, 0x24, 0xdb, 0x1f, 0xd8, 0x4e, 0x12, 0x43, 0x49, 0x00, 0x31, + 0xf8, 0x03, 0x88, 0x04, 0x87, 0x8f, 0xc9, 0x95, 0x66, 0x34, 0xb3, 0xcf, + 0x0a, 0xf1, 0x2e, 0x47, 0xd3, 0x8c, 0x3b, 0x41, 0xff, 0x32, 0x60, 0xd8, + 0x17, 0x7e, 0xad, 0x83, 0x4c, 0x37, 0x6d, 0x6b, 0xc5, 0x49, 0x6f, 0x36, + 0x84, 0xb8, 0x59, 0xa5, 0x5a, 0x03, 0xbf, 0xd7, 0xbe, 0xca, 0x9c, 0x09, + 0x1c, 0xf5, 0x20, 0xd3, 0x3a, 0x0e, 0x2f, 0xd3, 0x08, 0xa3, 0x9a, 0x65, + 0x54, 0x26, 0xa6, 0x78, 0x35, 0x7a, 0xd9, 0x70, 0x0d, 0x4d, 0xb9, 0xf7, + 0x76, 0xfd, 0x6e, 0xf5, 0xe4, 0x00, 0xe6, 0xcb, 0x60, 0xec, 0xc6, 0x38, + 0x24, 0x9e, 0x9b, 0xe6, 0x69, 0x81, 0xe0, 0xc3, 0xc9, 0x10, 0xef, 0x73, + 0xe4, 0x22, 0x52, 0x3d, 0x8c, 0x16, 0xc3, 0x02, 0x03, 0x01, 0x00, 0x01, + 0x02, 0x81, 0x80, 0x54, 0x28, 0x86, 0x9c, 0xb6, 0x62, 0x18, 0xc8, 0x79, + 0xfa, 0x79, 0x02, 0xac, 0x94, 0x9b, 0x3a, 0x37, 0x45, 0xaa, 0xfc, 0xbe, + 0xce, 0x52, 0x87, 0x5c, 0x98, 0x9a, 0xce, 0x34, 0x47, 0xed, 0x7e, 0xf6, + 0xfa, 0x05, 0x21, 0xb9, 0x12, 0x0d, 0x47, 0xef, 0xf3, 0xe5, 0x2f, 0x6a, + 0x42, 0x7e, 0x89, 0x52, 0x53, 0x66, 0xea, 0x9b, 0xba, 0x5e, 0xdc, 0xe1, + 0xa5, 0xd7, 0xff, 0x72, 0xbe, 0x47, 0xde, 0x06, 0x0b, 0x48, 0xf9, 0xf4, + 0xb7, 0xa8, 0x06, 0x76, 0xfd, 0xd2, 0x4c, 0xbf, 0xe4, 0x4a, 0x1c, 0x7f, + 0xf8, 0x71, 0xc6, 0x9f, 0x80, 0xfa, 0x97, 0xca, 0xc3, 0xf6, 0x70, 0xe3, + 0x5e, 0x8c, 0x2d, 0x02, 0xe0, 0x3a, 0x91, 0xbd, 0xa2, 0x12, 0xa4, 0xa5, + 0x7c, 0x9d, 0x6a, 0xdd, 0x00, 0xfe, 0x28, 0x60, 0xbf, 0x7e, 0x5f, 0x4f, + 0xb3, 0xf5, 0xd2, 0x0f, 0x8c, 0x69, 0x0b, 0xf0, 0x2c, 0x60, 0x81, 0x02, + 0x41, 0x01, 0xc4, 0x95, 0xb4, 0x0c, 0xf6, 0xfe, 0x28, 0xe5, 0xdc, 0x63, + 0xeb, 0x33, 0x06, 0xc1, 0xe6, 0x34, 0xa9, 0x68, 0x73, 0x2d, 0xff, 0x72, + 0x3c, 0xde, 0x74, 0xf7, 0xbb, 0x79, 0xde, 0x85, 0x20, 0x55, 0xa4, 0xe4, + 0x8b, 0x94, 0x82, 0x5b, 0x63, 0xe0, 0xdc, 0xba, 0x3d, 0x95, 0x43, 0x86, + 0xe6, 0xfd, 0x9b, 0x13, 0x75, 0xf7, 0xd2, 0xf1, 0xf5, 0x99, 0xd5, 0x9c, + 0xdf, 0x38, 0x93, 0xdc, 0x4e, 0x03, 0x02, 0x41, 0x01, 0x84, 0x5e, 0xbe, + 0xe1, 0x62, 0x47, 0x50, 0xfc, 0x17, 0xff, 0xc7, 0x15, 0x16, 0x25, 0xef, + 0x6b, 0xd0, 0xb6, 0xdb, 0x13, 0xcb, 0x65, 0x7e, 0xce, 0x4f, 0xab, 0x76, + 0xe0, 0x8b, 0xe8, 0xc0, 0xe4, 0xc0, 0x49, 0xac, 0xb7, 0x2a, 0x97, 0xad, + 0xaa, 0xe1, 0x31, 0xba, 0xd7, 0x02, 0x52, 0xfa, 0xfa, 0x03, 0xd3, 0xc3, + 0x9b, 0x3e, 0x2d, 0x32, 0xea, 0x9f, 0xb2, 0x8b, 0x66, 0x1b, 0xc4, 0x18, + 0x41, 0x02, 0x41, 0x01, 0xa3, 0x23, 0xd9, 0x69, 0xa0, 0x5c, 0xe5, 0x57, + 0x6b, 0x72, 0x05, 0xe2, 0x6d, 0xc1, 0xa9, 0x06, 0xe0, 0x55, 0x61, 0x46, + 0x1a, 0x2a, 0x9c, 0x00, 0x91, 0x66, 0xd4, 0x73, 0x1b, 0x07, 0x43, 0x58, + 0xcd, 0xaa, 0xf3, 0x31, 0x88, 0x40, 0x47, 0x11, 0x7a, 0x99, 0xe8, 0x6a, + 0x91, 0xed, 0x1f, 0x83, 0x82, 0xd8, 0xd5, 0x09, 0xbc, 0x8c, 0x64, 0x9e, + 0x21, 0x5c, 0x74, 0xc6, 0x1a, 0xf9, 0x8e, 0x2d, 0x02, 0x41, 0x00, 0xd1, + 0x4f, 0xa2, 0xfe, 0xa3, 0xd2, 0x1d, 0xe2, 0x90, 0x28, 0xa9, 0x2a, 0x43, + 0x32, 0x94, 0xd3, 0xfd, 0xbb, 0xdf, 0x5c, 0xce, 0xbd, 0x57, 0xd7, 0x67, + 0x76, 0xd8, 0xed, 0xf2, 0x59, 0xb2, 0x44, 0x57, 0x22, 0x1d, 0xf4, 0xe5, + 0xfe, 0xb3, 0x79, 0xaa, 0x3e, 0xfc, 0x1c, 0xcf, 0x42, 0xdb, 0xc3, 0x0d, + 0x76, 0xff, 0x30, 0x57, 0x15, 0x53, 0x20, 0xc2, 0x8b, 0x1e, 0xb8, 0x1c, + 0x74, 0xd6, 0x41, 0x02, 0x41, 0x00, 0x94, 0x24, 0x23, 0x0b, 0x45, 0x3a, + 0xef, 0xf3, 0x41, 0x19, 0x11, 0xba, 0xf6, 0xca, 0xab, 0x72, 0x9e, 0xc0, + 0xa4, 0xc2, 0x9e, 0x52, 0xf8, 0x36, 0xf4, 0xe8, 0xed, 0x5d, 0xa7, 0x5f, + 0x68, 0x46, 0xf4, 0x91, 0x17, 0x9c, 0xe8, 0x1b, 0x31, 0x50, 0xd7, 0x42, + 0x25, 0xc5, 0x67, 0x6a, 0xf8, 0xc2, 0x1f, 0x28, 0xe3, 0xdc, 0x52, 0x79, + 0x7b, 0xf6, 0x68, 0xdc, 0x60, 0xc6, 0xdc, 0xcc, 0xcd, 0x1d, }; -/* END FILE */ -/* This macro was generated from tests/scripts/generate_test_keys.py */ -/* BEGIN FILE string macro test_rsa_1028 */ const unsigned char test_rsa_1028[] = { - 0x30, 0x82, 0x02, 0x5f, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x0f, 0x16, - 0x99, 0x9c, 0x0c, 0xc7, 0xb5, 0x63, 0x2d, 0xec, 0xdc, 0x12, 0x15, 0x15, - 0x12, 0x47, 0x26, 0xcc, 0xa9, 0xba, 0x8d, 0x31, 0x82, 0x63, 0x3e, 0xa9, - 0xdc, 0xa0, 0xa8, 0x7f, 0x02, 0x22, 0x4e, 0x5e, 0xa3, 0x77, 0xee, 0x13, - 0x94, 0x04, 0x76, 0x04, 0x8e, 0x98, 0xab, 0x7c, 0x82, 0xdd, 0x68, 0x5a, - 0xf6, 0xa8, 0x14, 0x5e, 0xf7, 0x43, 0xef, 0x04, 0xb5, 0x3f, 0x6a, 0x31, - 0x93, 0xd6, 0x1a, 0xfa, 0xcd, 0x20, 0x7b, 0x0e, 0xc3, 0x18, 0x39, 0x5f, - 0x7e, 0x1b, 0xa0, 0xe5, 0x85, 0x3e, 0xf7, 0x44, 0x51, 0xcc, 0xf7, 0xf1, - 0xc2, 0xf6, 0x79, 0x15, 0x0e, 0x0b, 0x50, 0x32, 0x35, 0xda, 0xeb, 0xe4, - 0x7d, 0x32, 0x6d, 0x21, 0x9e, 0xb2, 0xa0, 0x99, 0x0c, 0xc6, 0x17, 0xee, - 0xcd, 0xb5, 0xa6, 0x81, 0xa9, 0x91, 0x1b, 0x09, 0xfd, 0x32, 0xf9, 0xa1, - 0x8b, 0x1b, 0xf7, 0x99, 0xaf, 0xd6, 0xf7, 0x02, 0x03, 0x01, 0x00, 0x01, - 0x02, 0x81, 0x81, 0x03, 0x21, 0xe8, 0x06, 0x33, 0xc9, 0x0a, 0x69, 0x6a, - 0xd1, 0x6f, 0xe6, 0xf9, 0x25, 0x84, 0xc3, 0xec, 0xd4, 0x34, 0xb0, 0x9c, - 0x3b, 0x99, 0x1c, 0x4d, 0x98, 0x2a, 0x4b, 0xd8, 0x6f, 0x75, 0xdb, 0xf5, - 0x75, 0x44, 0x6e, 0xd3, 0xa8, 0x90, 0xe4, 0x54, 0x34, 0x21, 0xfe, 0xa4, - 0x2b, 0x97, 0x67, 0xac, 0x10, 0xa6, 0x80, 0xc2, 0xa9, 0xec, 0x9f, 0xd7, - 0xf1, 0x9c, 0x47, 0x6c, 0x1e, 0x9a, 0xd8, 0xa8, 0xe8, 0x5f, 0x76, 0x57, - 0x95, 0x26, 0xc0, 0x97, 0x5e, 0x56, 0x6d, 0x0c, 0x6c, 0xc5, 0x20, 0xd8, - 0x8f, 0xd7, 0xfd, 0xf4, 0x39, 0x97, 0xc2, 0x3b, 0xaa, 0x97, 0xd5, 0xea, - 0xaf, 0xdf, 0x23, 0x27, 0xf3, 0xea, 0x67, 0xd8, 0x52, 0x0a, 0x1f, 0xc2, - 0x5c, 0x3f, 0x56, 0x8f, 0x96, 0xc6, 0x3b, 0xa1, 0x12, 0xaf, 0xd3, 0x07, - 0xb4, 0x67, 0x37, 0x0d, 0xb2, 0x00, 0x80, 0x7b, 0xef, 0x4b, 0x58, 0x51, - 0x02, 0x41, 0x03, 0xe3, 0x05, 0x9f, 0xf4, 0x8d, 0xb5, 0x19, 0x32, 0x73, - 0xf1, 0xe7, 0x65, 0x49, 0xbb, 0xb4, 0xe0, 0x4a, 0x71, 0x23, 0x52, 0x69, - 0xd8, 0x06, 0x78, 0x8c, 0xde, 0x8a, 0x95, 0xfb, 0x70, 0x78, 0x6b, 0x20, - 0xcd, 0xfe, 0x2f, 0x3a, 0x56, 0xc6, 0x77, 0x44, 0xa8, 0x69, 0x32, 0xe6, - 0x1e, 0x58, 0xff, 0x6e, 0xd8, 0xe6, 0x54, 0x9a, 0xcd, 0x4e, 0xe9, 0xe2, - 0x44, 0x2d, 0x44, 0x27, 0x7d, 0x19, 0xdd, 0x02, 0x41, 0x03, 0xe1, 0xc5, - 0xcb, 0x94, 0x19, 0x26, 0x92, 0xdf, 0xf4, 0x81, 0xf1, 0x45, 0xb2, 0x69, - 0x5c, 0xfa, 0x06, 0x79, 0x2e, 0xc7, 0x71, 0xca, 0x94, 0x1e, 0x8b, 0xa8, - 0x2c, 0x93, 0x6b, 0xc2, 0x0d, 0xd0, 0x5e, 0xca, 0x57, 0x12, 0xee, 0x7f, - 0x64, 0xc2, 0x08, 0xaf, 0x6b, 0xa0, 0xdc, 0x2b, 0xe9, 0x40, 0xc9, 0xb8, - 0x49, 0xb2, 0x89, 0xd9, 0x8a, 0x08, 0x46, 0xc7, 0xd8, 0x60, 0xbd, 0x0f, - 0x08, 0xe3, 0x02, 0x41, 0x00, 0x88, 0x3b, 0xc3, 0xeb, 0xca, 0xdf, 0x29, - 0xc5, 0x03, 0xa4, 0xf2, 0x46, 0xa6, 0xf2, 0xc1, 0x50, 0x18, 0x41, 0x27, - 0x51, 0xe8, 0x56, 0x00, 0x84, 0xce, 0xdc, 0xc5, 0x62, 0xc5, 0x9b, 0x5f, - 0x91, 0x63, 0x5b, 0x70, 0xda, 0xec, 0x84, 0xe7, 0x05, 0x7b, 0x6c, 0x07, - 0x83, 0x45, 0x88, 0x90, 0x2c, 0xe0, 0xf3, 0x67, 0x8d, 0xdb, 0xe8, 0x12, - 0x4e, 0xe9, 0x80, 0xe6, 0x25, 0xb7, 0xb6, 0x64, 0x2d, 0x02, 0x41, 0x03, - 0x79, 0x4f, 0xa0, 0x56, 0xf0, 0x0a, 0xec, 0xf5, 0x2d, 0xc1, 0xfb, 0x3f, - 0xfb, 0xe0, 0xfe, 0x2b, 0x61, 0x0f, 0xa1, 0x25, 0x2a, 0x57, 0xb7, 0x25, - 0x7e, 0xa5, 0x08, 0xff, 0x04, 0x37, 0xac, 0x55, 0x03, 0xfe, 0xde, 0xdd, - 0x3a, 0x41, 0x16, 0xd1, 0xed, 0x23, 0xce, 0x95, 0x2d, 0x72, 0xbe, 0x52, - 0x14, 0x32, 0xaf, 0x00, 0xef, 0x0b, 0x95, 0xd2, 0xc2, 0x44, 0xa5, 0x06, - 0x2d, 0x29, 0xff, 0x31, 0x02, 0x41, 0x02, 0xc6, 0xb7, 0xac, 0x1d, 0x3b, - 0x80, 0xc4, 0x46, 0x4a, 0xff, 0xdd, 0x3f, 0xbb, 0x17, 0x4a, 0xf2, 0x19, - 0x3a, 0x74, 0x61, 0xa2, 0xd7, 0xc7, 0xd5, 0x85, 0xa3, 0x72, 0xfe, 0x86, - 0x20, 0x85, 0x5a, 0xa9, 0xb2, 0x84, 0x19, 0xcf, 0x41, 0x4a, 0x62, 0x11, - 0x07, 0x33, 0x82, 0xb2, 0x5f, 0x9f, 0x81, 0xfe, 0x1e, 0x8b, 0x26, 0x32, - 0xaa, 0x3c, 0x75, 0xa7, 0xb3, 0xbc, 0xc5, 0x92, 0x71, 0x88, 0x58, + 0x30, 0x82, 0x02, 0x5f, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x0c, 0x48, + 0x52, 0xeb, 0x3d, 0x96, 0x7a, 0x6c, 0x68, 0xa7, 0x10, 0x15, 0x4b, 0xc4, + 0x8b, 0x32, 0xa8, 0xb1, 0xd5, 0xdf, 0xbf, 0xb1, 0x11, 0xfd, 0x50, 0xac, + 0xc9, 0x27, 0x99, 0xd6, 0xfe, 0x34, 0x6d, 0x0c, 0xd2, 0x2b, 0x4e, 0xc7, + 0x1b, 0xbf, 0xc2, 0x85, 0x04, 0x99, 0x50, 0x13, 0xa2, 0x60, 0x02, 0x67, + 0x94, 0xcf, 0xe7, 0x84, 0xc7, 0xb2, 0x03, 0x81, 0xb8, 0x60, 0xfa, 0xaf, + 0xc0, 0xcd, 0x30, 0xf0, 0xe6, 0xdb, 0xd0, 0x3a, 0x3d, 0x1d, 0x3c, 0x8e, + 0x0d, 0xb1, 0x86, 0xc3, 0xba, 0xa1, 0x35, 0x47, 0xae, 0x6e, 0x43, 0x23, + 0x4a, 0x61, 0xfc, 0xc5, 0x1e, 0xa6, 0xe8, 0x74, 0x38, 0x3b, 0x4c, 0x79, + 0x4a, 0x94, 0x66, 0x1a, 0x44, 0x23, 0x0a, 0x96, 0x86, 0x5d, 0xf6, 0x43, + 0x5a, 0xa7, 0x03, 0x46, 0x81, 0x9f, 0xe9, 0xf4, 0xaa, 0xa3, 0x03, 0xe1, + 0xea, 0x21, 0xf1, 0xae, 0x2d, 0x06, 0xf7, 0x02, 0x03, 0x01, 0x00, 0x01, + 0x02, 0x81, 0x81, 0x01, 0x1f, 0xa6, 0xb2, 0x4d, 0x9e, 0x94, 0x11, 0x91, + 0xdb, 0x62, 0xbd, 0xc8, 0x02, 0x31, 0x87, 0xcf, 0x66, 0x01, 0x7e, 0x68, + 0x2f, 0x7f, 0x49, 0x50, 0xd5, 0x95, 0xcb, 0x71, 0x27, 0xf9, 0x76, 0x7b, + 0x59, 0x76, 0x6a, 0xae, 0xd8, 0xc9, 0x41, 0x98, 0x3e, 0x8a, 0x06, 0xaa, + 0x8c, 0x39, 0x49, 0x16, 0x3f, 0x3a, 0x9e, 0x70, 0x7c, 0x35, 0xb6, 0xa3, + 0xda, 0x7c, 0xaf, 0x26, 0x8f, 0xe8, 0x8f, 0xfc, 0x5b, 0x7c, 0xda, 0x94, + 0x57, 0x8d, 0x03, 0x5c, 0xed, 0x66, 0xfe, 0x9c, 0x6e, 0xaa, 0xcc, 0xa1, + 0x05, 0x48, 0xc4, 0x11, 0xbc, 0xf7, 0xdf, 0xaa, 0xeb, 0x65, 0xb6, 0xaf, + 0xce, 0x45, 0x0c, 0x7f, 0x3a, 0x84, 0x0a, 0x85, 0x28, 0xf0, 0xa4, 0xd6, + 0x39, 0x9e, 0xc3, 0xc6, 0x47, 0x24, 0x6f, 0xbe, 0x20, 0x45, 0x19, 0x84, + 0x29, 0x0d, 0x12, 0x9a, 0x12, 0xc9, 0x03, 0x96, 0xf0, 0x26, 0x11, 0x49, + 0x02, 0x41, 0x03, 0x9a, 0xb4, 0xe9, 0x07, 0xe1, 0xe0, 0x69, 0xc7, 0x0c, + 0x5c, 0x71, 0x1b, 0x21, 0x31, 0x66, 0x5b, 0x5d, 0x0d, 0x3c, 0x51, 0x64, + 0xda, 0xb4, 0xfe, 0x14, 0xb1, 0x27, 0xa6, 0x97, 0x36, 0x58, 0xb2, 0xa0, + 0x17, 0xa9, 0x28, 0x33, 0x19, 0x6b, 0xee, 0x6f, 0x6c, 0x17, 0x50, 0x8c, + 0x01, 0x78, 0xfb, 0xfe, 0xed, 0xab, 0xf6, 0x71, 0xd9, 0x85, 0xc8, 0x96, + 0x63, 0x7c, 0x10, 0x3c, 0xf0, 0x54, 0x09, 0x02, 0x41, 0x03, 0x68, 0x60, + 0x30, 0x2c, 0xc9, 0xcc, 0x20, 0x7e, 0x1e, 0xd3, 0xb0, 0x04, 0x3f, 0xde, + 0xef, 0x53, 0x2f, 0x3b, 0xf6, 0x77, 0x01, 0x41, 0x41, 0xa8, 0xc1, 0x5a, + 0x21, 0x30, 0xf4, 0xdc, 0x5c, 0xeb, 0xbe, 0x75, 0x3f, 0xf2, 0x8a, 0xa0, + 0x35, 0xd2, 0xed, 0x23, 0xbc, 0xfc, 0x24, 0x53, 0xde, 0x64, 0x88, 0x72, + 0xef, 0x43, 0xbd, 0x2d, 0x0f, 0x2d, 0x71, 0xb1, 0xe2, 0xbf, 0xe9, 0xe7, + 0x42, 0xff, 0x02, 0x41, 0x03, 0x3c, 0xb3, 0x36, 0x87, 0xa9, 0xca, 0x4f, + 0xb6, 0x41, 0xd7, 0xd4, 0x8d, 0xb5, 0x26, 0x14, 0xf4, 0x01, 0x82, 0x9d, + 0xa5, 0xcc, 0x9a, 0xd0, 0xeb, 0x51, 0xd2, 0x39, 0xf6, 0x58, 0xe0, 0xaa, + 0x90, 0xe3, 0x4f, 0xdc, 0xd1, 0x09, 0xf3, 0xcf, 0x07, 0xfa, 0x72, 0x6e, + 0x0e, 0x1d, 0x70, 0x45, 0x24, 0xae, 0x34, 0xef, 0xb9, 0x0b, 0x4f, 0x7d, + 0xe4, 0x45, 0x8d, 0x5c, 0x23, 0x89, 0x57, 0x9f, 0x61, 0x02, 0x41, 0x02, + 0xa7, 0xde, 0x86, 0xcc, 0xf0, 0xfb, 0xff, 0xba, 0xaa, 0xc5, 0xa9, 0x60, + 0xb6, 0x72, 0x44, 0xab, 0xdc, 0x9c, 0xeb, 0xa8, 0xb5, 0x36, 0xa9, 0x38, + 0x1e, 0x6f, 0xe2, 0x7c, 0x27, 0xe8, 0x71, 0x16, 0x5c, 0x99, 0x3e, 0x1c, + 0x04, 0xc3, 0x75, 0x0f, 0x0c, 0x37, 0x14, 0xfa, 0xa0, 0x49, 0x28, 0x81, + 0xcb, 0x01, 0x5f, 0xcc, 0xb7, 0xeb, 0x1c, 0xef, 0xfa, 0xb2, 0x7a, 0x97, + 0xbc, 0x6f, 0xb9, 0xfb, 0x02, 0x41, 0x01, 0x60, 0x60, 0x57, 0x31, 0x7d, + 0xbe, 0xac, 0xd2, 0x64, 0xb9, 0x26, 0x52, 0x4f, 0x20, 0xda, 0xde, 0xd3, + 0x27, 0x38, 0x97, 0xea, 0xb4, 0xf4, 0xcd, 0x83, 0xfa, 0xeb, 0x51, 0x47, + 0x5b, 0x78, 0x24, 0x53, 0x17, 0xf8, 0x26, 0xee, 0xf7, 0x92, 0x25, 0x14, + 0xcd, 0xb6, 0x86, 0xe7, 0x06, 0xb3, 0xd7, 0xee, 0x8b, 0x42, 0x31, 0xb4, + 0x49, 0x95, 0x4e, 0x8c, 0x11, 0x57, 0x7f, 0x44, 0x36, 0x22, 0x64, }; -/* END FILE */ -/* This macro was generated from tests/scripts/generate_test_keys.py */ -/* BEGIN FILE string macro test_rsa_1030 */ const unsigned char test_rsa_1030[] = { - 0x30, 0x82, 0x02, 0x5e, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x29, 0x80, - 0x16, 0x41, 0x52, 0x5b, 0x45, 0xb0, 0xcf, 0x21, 0xf3, 0x1e, 0xcf, 0x61, - 0x78, 0x6b, 0xb7, 0x90, 0x12, 0x9b, 0x2c, 0xdb, 0xfa, 0x5a, 0x36, 0x78, - 0xcc, 0xa9, 0xcf, 0x90, 0x3d, 0x76, 0xcd, 0x22, 0x41, 0xb2, 0x24, 0x32, - 0x87, 0xb8, 0x32, 0x88, 0x28, 0xed, 0x69, 0xe9, 0x3d, 0x88, 0x8c, 0x40, - 0xfb, 0x41, 0x59, 0x6e, 0x78, 0x05, 0x5a, 0xa2, 0x5a, 0xb0, 0xba, 0x12, - 0x7e, 0x49, 0x30, 0x2d, 0xc7, 0x87, 0xda, 0xb2, 0xbd, 0xf9, 0x44, 0x61, - 0xd4, 0x9a, 0x3c, 0x8f, 0xb9, 0xac, 0x95, 0xec, 0xc4, 0xe7, 0xed, 0xbc, - 0xf1, 0xed, 0xea, 0xdc, 0xa9, 0x8b, 0x1e, 0x73, 0x09, 0x25, 0xf2, 0xff, - 0xea, 0xf4, 0x4f, 0xfd, 0x14, 0xe8, 0xab, 0x65, 0x80, 0xeb, 0xa4, 0x91, - 0xfa, 0x45, 0x8e, 0xf0, 0x84, 0xff, 0x59, 0x36, 0x40, 0xef, 0xaf, 0x63, - 0x23, 0x51, 0xcf, 0xb5, 0x2b, 0x9d, 0x35, 0x02, 0x03, 0x01, 0x00, 0x01, - 0x02, 0x81, 0x81, 0x08, 0x9c, 0xdf, 0xe1, 0x8a, 0x27, 0x4d, 0xa1, 0x1a, - 0x77, 0xd4, 0x06, 0x60, 0xa9, 0x3c, 0xad, 0xf4, 0x50, 0x77, 0x00, 0x13, - 0xf1, 0x0a, 0x75, 0xe7, 0x08, 0xae, 0x87, 0x0e, 0x80, 0x03, 0xb5, 0x90, - 0x70, 0xab, 0xdc, 0x3e, 0x05, 0x6b, 0xa3, 0xd7, 0x7e, 0xe9, 0x29, 0x8e, - 0x99, 0xbc, 0xae, 0xc6, 0x56, 0xe5, 0x1e, 0x44, 0xa2, 0x77, 0xcf, 0xba, - 0xa5, 0xe7, 0xb6, 0xf6, 0x43, 0x08, 0xc9, 0x02, 0x84, 0xef, 0x41, 0xb5, - 0x04, 0xc5, 0x6f, 0xd8, 0x9a, 0xa0, 0x71, 0xaa, 0x1a, 0x7e, 0xac, 0x57, - 0xb9, 0x73, 0x5a, 0x02, 0xbf, 0x7c, 0xbe, 0x05, 0xf7, 0x7a, 0xa8, 0xf1, - 0x83, 0x1a, 0x58, 0xe1, 0x85, 0xbb, 0x40, 0x87, 0xff, 0x83, 0xbd, 0x9c, - 0x5a, 0x5e, 0xe5, 0x88, 0xe0, 0x88, 0x27, 0xe2, 0xef, 0xbb, 0xb1, 0x23, - 0x33, 0x31, 0x7f, 0x2d, 0x58, 0x14, 0x31, 0xac, 0x36, 0x08, 0xb9, 0x69, - 0x02, 0x41, 0x06, 0xb1, 0xe8, 0x8e, 0xfe, 0x4a, 0x77, 0x67, 0xa0, 0xdd, - 0xb6, 0xb0, 0x94, 0x58, 0xbf, 0x68, 0x67, 0x9d, 0x31, 0xd8, 0x49, 0x55, - 0xf0, 0xc9, 0x50, 0x7b, 0x5f, 0x1d, 0x0d, 0x1b, 0x16, 0x78, 0x5d, 0xe3, - 0x11, 0x9c, 0x58, 0x20, 0xa6, 0xd9, 0xbc, 0x2b, 0x03, 0xb5, 0x2d, 0x99, - 0xaa, 0x67, 0x27, 0x2f, 0x16, 0x45, 0x3c, 0xf6, 0x3d, 0x0b, 0x76, 0xe8, - 0x73, 0x8b, 0x94, 0x38, 0xd1, 0x43, 0x9d, 0x02, 0x41, 0x06, 0x32, 0xe1, - 0x2a, 0xb9, 0x61, 0x5f, 0xa4, 0x5c, 0x67, 0x33, 0x71, 0xaf, 0xa0, 0xa6, - 0xef, 0x95, 0x63, 0x3a, 0x49, 0xef, 0xa6, 0xe6, 0x63, 0x39, 0x54, 0x80, - 0xef, 0x44, 0x49, 0xe0, 0x69, 0x6b, 0xf9, 0xbc, 0x89, 0x60, 0x1c, 0x03, - 0xce, 0x92, 0x53, 0x0d, 0x33, 0x88, 0x64, 0x9b, 0x77, 0xd3, 0x22, 0xec, - 0x1d, 0x94, 0xb5, 0x43, 0x0b, 0xb7, 0x69, 0xd1, 0x1d, 0xfc, 0x70, 0x30, - 0xc8, 0x79, 0x02, 0x41, 0x02, 0xb1, 0x63, 0x02, 0xc9, 0x64, 0x38, 0x9d, - 0x35, 0x46, 0x99, 0x2a, 0x73, 0xb1, 0x32, 0xe4, 0x92, 0xf0, 0xd6, 0xd0, - 0xd1, 0xc6, 0xc0, 0xc0, 0xa9, 0x1f, 0xc6, 0xc5, 0x4f, 0xb5, 0x3a, 0x97, - 0x95, 0xe4, 0x34, 0xfc, 0x37, 0x32, 0x83, 0x0a, 0x87, 0xb6, 0xa1, 0x9a, - 0x29, 0xca, 0x6a, 0x91, 0x6d, 0x60, 0x72, 0x4b, 0xcd, 0x56, 0x9a, 0x7d, - 0x57, 0x09, 0xef, 0x18, 0x10, 0xb9, 0xbd, 0xea, 0xbd, 0x02, 0x40, 0x77, - 0xdb, 0x55, 0xf4, 0xc6, 0x8c, 0x08, 0xc8, 0x09, 0xeb, 0x72, 0xcc, 0xc7, - 0x1f, 0x94, 0xbc, 0xfd, 0xcf, 0xab, 0x41, 0xf4, 0xa3, 0x36, 0x1f, 0x60, - 0x68, 0x94, 0xa9, 0xdd, 0xc2, 0x9b, 0x73, 0xd2, 0x5b, 0x11, 0x2d, 0x37, - 0x30, 0x7a, 0x6b, 0xc6, 0xe6, 0x1a, 0x5c, 0x54, 0xed, 0x01, 0x31, 0xeb, - 0x53, 0x56, 0x30, 0xa3, 0x38, 0x3b, 0x2c, 0x51, 0x4b, 0xc0, 0x2e, 0x0e, - 0xf3, 0x40, 0x51, 0x02, 0x41, 0x03, 0x26, 0x57, 0x0d, 0xf5, 0xdf, 0x3f, - 0x5e, 0x31, 0x00, 0x9b, 0xf0, 0x92, 0x04, 0xfd, 0x97, 0x3e, 0x04, 0x7f, - 0x23, 0xd7, 0x79, 0x3c, 0xd7, 0xe8, 0xe1, 0x0e, 0xf0, 0xc4, 0x9f, 0xdb, - 0x4b, 0x5a, 0x42, 0xd7, 0x63, 0x4f, 0x95, 0x85, 0x35, 0xb9, 0x37, 0x24, - 0x34, 0xeb, 0xa3, 0xc7, 0x27, 0x49, 0x18, 0x78, 0x68, 0x05, 0x45, 0x6c, - 0x9b, 0xa7, 0x60, 0x07, 0x9d, 0x7e, 0x63, 0xad, 0xb7, 0x0c, + 0x30, 0x82, 0x02, 0x5f, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x29, 0x32, + 0x4b, 0xbf, 0x78, 0x5a, 0xf5, 0x4f, 0x0a, 0x61, 0xd5, 0x99, 0x29, 0xf2, + 0x3d, 0x39, 0x68, 0x3b, 0xab, 0x41, 0x30, 0x1e, 0x2c, 0x87, 0xca, 0x33, + 0xa3, 0x2f, 0x31, 0x23, 0x9a, 0xe1, 0xca, 0x5b, 0x75, 0xf0, 0xc3, 0x84, + 0x9c, 0x52, 0xe7, 0xf9, 0x67, 0xa8, 0xa6, 0x2b, 0x7c, 0x43, 0xa9, 0x5f, + 0xd7, 0x25, 0x64, 0x43, 0xa9, 0x02, 0xa7, 0x7d, 0x97, 0x24, 0x26, 0x7d, + 0x89, 0x5d, 0x20, 0x8a, 0xb8, 0x6c, 0xcc, 0xcb, 0x18, 0x65, 0x9c, 0xbe, + 0x1a, 0xd8, 0x47, 0xa2, 0xeb, 0xc2, 0xe2, 0x88, 0x26, 0x4f, 0xfc, 0x77, + 0x08, 0x6c, 0x5a, 0x82, 0x30, 0xbe, 0x84, 0xa6, 0xaa, 0x67, 0x41, 0xbd, + 0xe5, 0x1e, 0x87, 0x23, 0x33, 0xbd, 0x59, 0x6d, 0x41, 0xb5, 0x94, 0xc8, + 0xcb, 0xc3, 0xc6, 0x4d, 0xe7, 0x3e, 0x79, 0x6e, 0x9a, 0x8e, 0x54, 0xa7, + 0x1c, 0x64, 0x97, 0x69, 0xc8, 0xc2, 0xdf, 0x02, 0x03, 0x01, 0x00, 0x01, + 0x02, 0x81, 0x81, 0x05, 0x40, 0xdf, 0x5d, 0x50, 0xab, 0xc8, 0xbc, 0x86, + 0x46, 0x68, 0xf1, 0x59, 0xe2, 0xaf, 0x8c, 0x07, 0xe4, 0x14, 0x0d, 0x56, + 0xba, 0xd7, 0xa8, 0x39, 0x50, 0xd1, 0xc3, 0xcd, 0x85, 0xb7, 0x7f, 0xde, + 0x48, 0xeb, 0x86, 0xad, 0xbd, 0x80, 0xc7, 0x27, 0x18, 0x81, 0x9a, 0x30, + 0x16, 0x90, 0xdc, 0xd0, 0x01, 0xe3, 0x73, 0x11, 0x3b, 0x7a, 0x42, 0x01, + 0xb9, 0xdc, 0xf1, 0x99, 0xe1, 0x9d, 0xb2, 0xbb, 0x89, 0xc5, 0xbe, 0x87, + 0x6c, 0x5e, 0xcd, 0xc3, 0xaf, 0x18, 0x4e, 0x42, 0x69, 0xac, 0x26, 0x5b, + 0x24, 0x15, 0xdb, 0x69, 0x88, 0x6d, 0x74, 0x91, 0xe3, 0x4a, 0xb7, 0x5f, + 0x64, 0xa7, 0xdf, 0xc3, 0xff, 0x12, 0xac, 0x29, 0xc0, 0x9d, 0x8a, 0x13, + 0x56, 0xdc, 0xec, 0x8c, 0x77, 0xad, 0xa3, 0xf7, 0xcb, 0x28, 0x06, 0x90, + 0x59, 0x6e, 0x2f, 0x22, 0x14, 0xa7, 0x1a, 0xc0, 0xc0, 0x19, 0xc2, 0x81, + 0x02, 0x41, 0x06, 0xf9, 0x78, 0x16, 0xa4, 0xf4, 0xd3, 0x30, 0x26, 0xbe, + 0x99, 0xa1, 0xe1, 0x2a, 0x8d, 0x07, 0xb2, 0xf7, 0x2a, 0xfc, 0x76, 0x6a, + 0x4c, 0x2d, 0x97, 0x48, 0x70, 0x64, 0xda, 0xb4, 0x62, 0xb6, 0x3f, 0xa7, + 0x1a, 0x95, 0x78, 0xb4, 0xab, 0xfd, 0xd2, 0x84, 0xbf, 0x98, 0x22, 0xfe, + 0xbe, 0x34, 0x26, 0x1d, 0x96, 0x06, 0x20, 0x6b, 0x19, 0x31, 0xb9, 0x08, + 0x8c, 0x8e, 0x21, 0x6d, 0x19, 0xe2, 0xf3, 0x02, 0x41, 0x05, 0xe8, 0x1f, + 0xe6, 0x01, 0xed, 0x9a, 0xd4, 0xab, 0x84, 0x1e, 0xc8, 0x1f, 0xd0, 0xa2, + 0x33, 0xb1, 0x49, 0xe2, 0xac, 0x40, 0x80, 0x06, 0x04, 0x4b, 0xe3, 0x6e, + 0xd4, 0x35, 0x42, 0x45, 0x98, 0x77, 0x42, 0xb2, 0x56, 0xd9, 0x1b, 0xce, + 0x28, 0xdf, 0x96, 0xd0, 0xc1, 0x2e, 0x06, 0x5a, 0x7a, 0x62, 0x76, 0x3e, + 0xb4, 0xe7, 0xcc, 0x7e, 0xa6, 0x1d, 0xb5, 0x7a, 0x9e, 0x2f, 0x3e, 0x09, + 0x23, 0x65, 0x02, 0x41, 0x06, 0x97, 0x5d, 0x56, 0x89, 0x2e, 0x97, 0x27, + 0xba, 0x76, 0x06, 0xdb, 0x65, 0xe0, 0xc0, 0xc7, 0xb5, 0xea, 0xc1, 0x45, + 0x36, 0xe3, 0xde, 0x7a, 0x77, 0xae, 0x8e, 0x09, 0xc2, 0x67, 0x17, 0xa3, + 0x05, 0x24, 0xf7, 0x8a, 0xab, 0x38, 0x94, 0x12, 0x9d, 0x11, 0xb7, 0xc0, + 0x1f, 0xd2, 0x80, 0x0e, 0xe8, 0xb6, 0xad, 0x41, 0xbd, 0x01, 0x7a, 0x1d, + 0xf3, 0xb0, 0x90, 0xa5, 0x02, 0x12, 0x09, 0x94, 0xe1, 0x02, 0x41, 0x04, + 0xdc, 0x69, 0x13, 0xf2, 0xd6, 0x45, 0xab, 0x6b, 0x93, 0x89, 0x79, 0x8c, + 0xa5, 0x38, 0x37, 0x6e, 0x59, 0xad, 0xcf, 0xb0, 0x2d, 0x2b, 0xc6, 0x71, + 0x65, 0xb4, 0x19, 0xb3, 0xd2, 0xdc, 0x4f, 0x83, 0x26, 0x42, 0x7a, 0x32, + 0xa6, 0x2d, 0x5d, 0x79, 0xd4, 0x35, 0xec, 0x25, 0x22, 0x59, 0x67, 0x8a, + 0x8c, 0x61, 0x42, 0xa3, 0xd8, 0xa9, 0x09, 0xb0, 0x3d, 0x5f, 0xb1, 0xba, + 0x93, 0x45, 0x15, 0xf9, 0x02, 0x41, 0x06, 0x5e, 0x0f, 0x28, 0x69, 0x63, + 0x78, 0xfa, 0x87, 0xbf, 0x45, 0x62, 0x02, 0xca, 0x84, 0x34, 0xea, 0x1b, + 0x30, 0xb2, 0x3b, 0x04, 0xb3, 0x1c, 0xb4, 0x61, 0xfd, 0x9f, 0xba, 0xb5, + 0xdb, 0x88, 0x65, 0x6b, 0x4c, 0x36, 0xc5, 0x6c, 0x2d, 0x9a, 0xce, 0x06, + 0x8d, 0x4c, 0xc2, 0x64, 0x48, 0x74, 0x4e, 0x6e, 0xb6, 0x09, 0xa8, 0x18, + 0x25, 0xce, 0x86, 0x27, 0x61, 0x02, 0x16, 0x32, 0xe2, 0xae, 0x41, }; -/* END FILE */ -/* This macro was generated from tests/scripts/generate_test_keys.py */ -/* BEGIN FILE string macro test_rsa_2048 */ const unsigned char test_rsa_2048[] = { - 0x30, 0x82, 0x04, 0xa5, 0x02, 0x01, 0x00, 0x02, 0x82, 0x01, 0x01, 0x00, - 0xaa, 0x20, 0x13, 0x4a, 0x30, 0x6e, 0x42, 0xaf, 0xcb, 0x0a, 0xb9, 0x31, - 0x8e, 0x5d, 0x85, 0x75, 0xfb, 0x48, 0x35, 0xbe, 0xc0, 0x77, 0x93, 0xcd, - 0x51, 0xf4, 0x22, 0x0d, 0x72, 0x1a, 0xc1, 0x87, 0xf5, 0x6c, 0xb6, 0x68, - 0xb8, 0xc3, 0x63, 0x90, 0xa7, 0x38, 0x86, 0x44, 0xc0, 0xfb, 0x03, 0x0a, - 0x69, 0xc2, 0xb0, 0x3a, 0x15, 0xa5, 0xa0, 0xe9, 0x5a, 0xab, 0x32, 0xbb, - 0xd1, 0x73, 0x88, 0x34, 0x77, 0xc5, 0xae, 0xc9, 0x7d, 0x0d, 0x33, 0x78, - 0x31, 0x57, 0xc0, 0x43, 0xa1, 0x61, 0x90, 0x7f, 0xfc, 0xd9, 0x02, 0x71, - 0x76, 0x96, 0x4e, 0xe5, 0x55, 0xe8, 0x6e, 0x34, 0x1c, 0xd7, 0x8c, 0xab, - 0x7f, 0xec, 0xc2, 0x36, 0xba, 0x4a, 0x04, 0xac, 0xfb, 0x78, 0x74, 0xf1, - 0xc3, 0xff, 0x4d, 0xac, 0x53, 0x27, 0x7a, 0x0d, 0xdc, 0x49, 0xbe, 0x8d, - 0x8f, 0xaa, 0x24, 0x9b, 0xbc, 0x94, 0x6c, 0xfe, 0x23, 0x18, 0xad, 0x80, - 0x9b, 0x68, 0x0e, 0xf6, 0xc7, 0x66, 0xf2, 0xca, 0x64, 0xc6, 0xb5, 0x68, - 0x89, 0xf2, 0xac, 0x93, 0xa8, 0x57, 0x2f, 0xd4, 0xd6, 0xc3, 0xee, 0x84, - 0x7b, 0x20, 0xcb, 0x5a, 0x9f, 0xd5, 0x03, 0x9b, 0x57, 0x44, 0xf3, 0x86, - 0x64, 0x88, 0x79, 0xf5, 0xe9, 0xb9, 0x4b, 0xf8, 0x74, 0x70, 0xea, 0x77, - 0x98, 0x4b, 0x36, 0xc2, 0xa8, 0x63, 0xe8, 0x56, 0x52, 0xae, 0x67, 0xf3, - 0x7c, 0x78, 0x0a, 0x0f, 0x9c, 0xd7, 0xc9, 0xc9, 0x89, 0x8f, 0x47, 0xe7, - 0x3a, 0xb8, 0x0f, 0x85, 0x66, 0xb0, 0x42, 0x2a, 0x55, 0x3c, 0x9c, 0x3c, - 0xcc, 0xc0, 0xf5, 0xc0, 0x20, 0x8b, 0x2f, 0xe4, 0xd1, 0x36, 0xc1, 0x2e, - 0x54, 0x97, 0xa4, 0xe8, 0x6f, 0xac, 0x94, 0x10, 0x43, 0xb8, 0xb9, 0x17, - 0x20, 0x09, 0x45, 0x70, 0x44, 0x0f, 0x47, 0xe2, 0x80, 0x33, 0x30, 0x05, - 0xd0, 0xd2, 0x62, 0x4f, 0x02, 0x03, 0x01, 0x00, 0x01, 0x02, 0x82, 0x01, - 0x00, 0x13, 0x66, 0x73, 0xfc, 0xae, 0x58, 0x2c, 0x87, 0xa2, 0x76, 0x57, - 0x17, 0x15, 0x1e, 0x8a, 0x15, 0x21, 0xb2, 0x22, 0xda, 0xdd, 0x54, 0xe5, - 0x88, 0x70, 0xf3, 0x8f, 0x9c, 0x8b, 0xea, 0x0c, 0x2e, 0xc6, 0x68, 0x7e, - 0xc6, 0xa3, 0x67, 0x38, 0xa7, 0xea, 0xc1, 0xd1, 0xe1, 0xee, 0x45, 0xd1, - 0x9b, 0x72, 0xe3, 0x0e, 0x38, 0x99, 0x76, 0x59, 0x4a, 0xb3, 0x19, 0xb9, - 0xbf, 0xdc, 0x4b, 0x39, 0xf9, 0x8d, 0xbc, 0xff, 0xc9, 0x1f, 0x57, 0x0d, - 0x8b, 0x03, 0xc9, 0x77, 0x75, 0xde, 0xe5, 0xe2, 0xd6, 0x0d, 0x8d, 0xeb, - 0xae, 0xe7, 0xb0, 0x8d, 0x4f, 0xae, 0xc3, 0xc2, 0x29, 0x74, 0x2e, 0x8a, - 0x6e, 0x96, 0x38, 0x78, 0x0f, 0x48, 0xa0, 0x1f, 0x37, 0x60, 0xb7, 0xe4, - 0x52, 0x1b, 0xa1, 0x36, 0x08, 0xd4, 0x34, 0xb8, 0xc0, 0xf2, 0xe1, 0x7f, - 0xf6, 0xe1, 0xae, 0xab, 0xdd, 0x0c, 0x9c, 0xba, 0x6e, 0xf2, 0xfd, 0xee, - 0x92, 0x22, 0x68, 0x8d, 0x78, 0xb4, 0xc3, 0x67, 0x97, 0xce, 0xae, 0xc5, - 0x3f, 0x9c, 0x41, 0x62, 0xbf, 0xf0, 0xab, 0x1d, 0xe9, 0x62, 0xf9, 0x2e, - 0x63, 0xa7, 0xd5, 0x2d, 0x49, 0xbe, 0x67, 0x4c, 0x76, 0xb6, 0x81, 0x63, - 0xb6, 0x94, 0x86, 0xa7, 0x6a, 0x5a, 0xd8, 0xe4, 0x85, 0xe3, 0x61, 0x0d, - 0xb3, 0x5a, 0x52, 0x5b, 0x6f, 0x59, 0x81, 0xc0, 0x8d, 0xd7, 0xee, 0x0c, - 0xa3, 0xa3, 0xe1, 0x95, 0x5a, 0x09, 0x89, 0x71, 0x4d, 0xe2, 0x97, 0xec, - 0x9b, 0x6a, 0x76, 0x5a, 0xc6, 0x92, 0x61, 0x4b, 0x1d, 0x42, 0xc1, 0x55, - 0x25, 0x29, 0x61, 0x84, 0x75, 0x06, 0xfd, 0x6f, 0xb0, 0xe2, 0xba, 0x8a, - 0xa3, 0x6c, 0x89, 0x6b, 0x57, 0xf6, 0x59, 0x35, 0x9c, 0xef, 0x1d, 0x0b, - 0xb6, 0xe0, 0x0e, 0xcc, 0x31, 0x7a, 0x99, 0x20, 0x6f, 0x4c, 0xa2, 0x9c, - 0xcc, 0x58, 0xc1, 0xb4, 0x65, 0x02, 0x81, 0x81, 0x00, 0xde, 0x2d, 0x72, - 0xf5, 0xad, 0x7b, 0x26, 0xec, 0x59, 0x28, 0x10, 0x87, 0x2c, 0xfe, 0xee, - 0x63, 0x2f, 0xe2, 0xa2, 0xc7, 0xa7, 0x1f, 0xcc, 0xa0, 0x8d, 0xf1, 0x27, - 0x6c, 0xd5, 0xfd, 0x98, 0xe1, 0x5f, 0x85, 0x5b, 0xc0, 0xd3, 0x5b, 0x6b, - 0xbf, 0x3e, 0xa6, 0x2a, 0x28, 0xa4, 0xbf, 0x17, 0xed, 0x68, 0xc1, 0x72, - 0xaa, 0xb2, 0x57, 0x4d, 0x33, 0x24, 0xf8, 0x3b, 0x92, 0x85, 0xa7, 0x6d, - 0xa5, 0x89, 0xfe, 0x32, 0x27, 0x8d, 0x9a, 0xbb, 0x47, 0xf6, 0xa4, 0x6c, - 0x07, 0x44, 0xb0, 0xd3, 0x04, 0x67, 0xae, 0x1d, 0x6e, 0x1a, 0x0e, 0xf3, - 0x4a, 0x3a, 0xe4, 0xae, 0x91, 0xf9, 0x1e, 0x90, 0xbc, 0x84, 0x61, 0x0e, - 0x39, 0x09, 0x92, 0xbf, 0x68, 0x6c, 0xb9, 0xee, 0x6e, 0xbf, 0x20, 0x16, - 0xe9, 0x7f, 0x3c, 0x33, 0x87, 0x4f, 0x1f, 0x7a, 0xcc, 0x93, 0x4e, 0x8f, - 0xea, 0xc2, 0xd1, 0xac, 0x7b, 0x02, 0x81, 0x81, 0x00, 0xc4, 0x06, 0x14, - 0xfb, 0x02, 0xa8, 0xf7, 0x8c, 0x92, 0x72, 0xde, 0xa8, 0x99, 0xf3, 0x62, - 0xb6, 0x09, 0x23, 0x08, 0x3a, 0x27, 0x07, 0xfe, 0x6d, 0x82, 0xa4, 0x74, - 0x10, 0xbc, 0x36, 0xaa, 0xa8, 0x65, 0x52, 0x50, 0x9f, 0xdb, 0x11, 0xa6, - 0xe1, 0xc5, 0xc6, 0x7f, 0xca, 0xb9, 0xc2, 0x56, 0xc0, 0x15, 0x54, 0x7c, - 0x53, 0x3e, 0x3c, 0x78, 0xaf, 0x75, 0x22, 0x0f, 0x65, 0xa2, 0xdd, 0x22, - 0x38, 0xb1, 0x0f, 0x40, 0xc1, 0x45, 0x30, 0x97, 0xf0, 0xc8, 0xc1, 0x32, - 0xde, 0x89, 0x80, 0x4c, 0xdc, 0xe5, 0x2f, 0x69, 0x2c, 0x73, 0xf3, 0xa7, - 0x52, 0x16, 0x50, 0xe2, 0xad, 0x2b, 0xc6, 0x9e, 0x6d, 0x53, 0x4f, 0xb3, - 0x56, 0x0e, 0x3d, 0x78, 0xbf, 0x19, 0xfa, 0x5f, 0x67, 0x91, 0xa5, 0xd8, - 0x2e, 0xd5, 0xb7, 0xd7, 0x3d, 0x6b, 0x06, 0x68, 0x6a, 0x23, 0x27, 0xae, - 0x3c, 0xac, 0x69, 0x0b, 0x3d, 0x02, 0x81, 0x81, 0x00, 0x8f, 0xbb, 0xdb, - 0x69, 0x71, 0x08, 0x01, 0x10, 0x5a, 0x45, 0x7f, 0x1b, 0xd4, 0x52, 0x40, - 0xaa, 0xce, 0x69, 0xd2, 0x61, 0x53, 0x8f, 0x50, 0xf4, 0x75, 0x9f, 0x93, - 0x9f, 0xe7, 0x78, 0x9e, 0x94, 0xff, 0x14, 0xe9, 0x5c, 0xff, 0xdf, 0x5e, - 0xff, 0x64, 0x6a, 0x5f, 0x4f, 0xd7, 0xf5, 0x00, 0x67, 0xc8, 0xa3, 0x8d, - 0xa9, 0x3c, 0xa3, 0x1a, 0x00, 0x82, 0x64, 0x4d, 0x35, 0xe7, 0x5d, 0x7f, - 0xa3, 0xde, 0x78, 0x22, 0xbe, 0x4f, 0xef, 0xd0, 0x45, 0x28, 0x1d, 0x0a, - 0xfe, 0x50, 0xc4, 0x0c, 0x60, 0x07, 0x2b, 0x2f, 0x42, 0xf1, 0x7c, 0xc6, - 0x8c, 0x39, 0x39, 0x84, 0x6e, 0x4f, 0x3a, 0x24, 0xec, 0xb0, 0xbf, 0x91, - 0x51, 0xf9, 0x0d, 0x84, 0xe2, 0xeb, 0xa4, 0x05, 0xca, 0x83, 0xbf, 0x20, - 0xd3, 0x82, 0x4a, 0xd2, 0x13, 0x31, 0x6e, 0xee, 0x24, 0xb7, 0x0f, 0xd6, - 0x2f, 0x4c, 0x46, 0x15, 0x4d, 0x02, 0x81, 0x81, 0x00, 0x8b, 0xa2, 0x39, - 0x77, 0xc4, 0xa1, 0x50, 0x15, 0x96, 0x8c, 0xb5, 0x07, 0x2d, 0x03, 0x2e, - 0xa1, 0xb5, 0x48, 0x7b, 0x27, 0xd1, 0x7d, 0xe4, 0x43, 0x65, 0xf8, 0x77, - 0xa5, 0x24, 0x2d, 0x5c, 0xcb, 0xaf, 0xc1, 0x3f, 0x25, 0x60, 0x0b, 0xe6, - 0xf0, 0x94, 0xcd, 0x9d, 0x62, 0x6f, 0x88, 0x7b, 0xfb, 0x40, 0x36, 0x7a, - 0x89, 0x61, 0x9f, 0xf9, 0xe8, 0x22, 0x6c, 0x2c, 0xc3, 0x9d, 0x8c, 0x20, - 0x40, 0x79, 0xff, 0xff, 0x84, 0xad, 0x20, 0xbc, 0x5b, 0x0c, 0xe6, 0x72, - 0xb2, 0x0b, 0x08, 0x95, 0xb8, 0x14, 0x99, 0xfd, 0x35, 0x69, 0x33, 0x7b, - 0x51, 0x02, 0x0c, 0x84, 0x2c, 0x0f, 0x2e, 0xe0, 0xd3, 0xc7, 0xb0, 0xd2, - 0x72, 0xce, 0x9a, 0x03, 0x55, 0x3d, 0xd0, 0x17, 0xfd, 0xd2, 0xc6, 0x6c, - 0x84, 0x90, 0x40, 0xf0, 0xd6, 0x13, 0x52, 0xf1, 0x36, 0x09, 0xec, 0xce, - 0x34, 0xf2, 0x2b, 0xb1, 0x91, 0x02, 0x81, 0x81, 0x00, 0xc5, 0xf8, 0xda, - 0xdb, 0x52, 0xa6, 0x7b, 0x9a, 0x38, 0x1d, 0xb6, 0x5f, 0x8f, 0x08, 0x54, - 0x17, 0x60, 0xe0, 0x99, 0x06, 0x6b, 0xf9, 0xac, 0xe9, 0x71, 0x38, 0x60, - 0x0d, 0x79, 0x12, 0xe7, 0xd4, 0x47, 0x48, 0xfc, 0x12, 0x5b, 0x73, 0x4a, - 0x9a, 0xca, 0xda, 0x54, 0xaa, 0xb7, 0x4e, 0xf4, 0x2d, 0x70, 0xd5, 0x22, - 0x9f, 0xa0, 0x51, 0x62, 0x2b, 0x7f, 0xa7, 0x14, 0x7d, 0xd4, 0x1e, 0x3e, - 0xfd, 0x26, 0x97, 0x71, 0xaf, 0x01, 0x9d, 0x3b, 0x7a, 0x0f, 0x4d, 0xab, - 0xfb, 0xe8, 0xff, 0xf4, 0x4d, 0xd0, 0xf3, 0x22, 0x5a, 0x37, 0x51, 0xe3, - 0x85, 0x3a, 0x3f, 0x78, 0x36, 0x66, 0xaa, 0x57, 0x69, 0x6a, 0xe9, 0x7a, - 0x55, 0x7c, 0x1c, 0xeb, 0x8c, 0x5f, 0x17, 0x15, 0x9a, 0xd2, 0xa1, 0x21, - 0xbe, 0xd5, 0x6d, 0xb1, 0xaa, 0x3f, 0xc7, 0xbc, 0x36, 0xf6, 0xea, 0x78, - 0x98, 0x26, 0x94, 0xb2, 0x58, + 0x30, 0x82, 0x04, 0xa4, 0x02, 0x01, 0x00, 0x02, 0x82, 0x01, 0x01, 0x00, + 0xd3, 0x67, 0x70, 0x8d, 0x0a, 0x25, 0x6c, 0x81, 0xb1, 0x25, 0xae, 0xf9, + 0xcb, 0x57, 0x0f, 0xb5, 0xb1, 0x14, 0xa3, 0xc7, 0x91, 0xfd, 0xee, 0x13, + 0x63, 0x96, 0xd5, 0x56, 0x17, 0x2b, 0xa1, 0xea, 0xf1, 0x25, 0x29, 0xb1, + 0xac, 0x7f, 0x56, 0xcb, 0xdc, 0x6d, 0x1b, 0x21, 0x2b, 0x4d, 0xee, 0x0d, + 0xd0, 0xff, 0x3b, 0xdc, 0x5d, 0x08, 0x37, 0x5e, 0xf0, 0x33, 0x84, 0x11, + 0x0e, 0x0d, 0xe9, 0x3a, 0xda, 0x65, 0xfa, 0xd6, 0xd7, 0x22, 0x4a, 0x6e, + 0xa8, 0xf7, 0x49, 0x4b, 0x6f, 0xbe, 0xc2, 0x2f, 0xb8, 0xa0, 0x86, 0xdc, + 0x7a, 0xe6, 0xcf, 0x9b, 0x9e, 0x9a, 0xa3, 0xbd, 0x25, 0x29, 0x38, 0x17, + 0x60, 0x31, 0x81, 0x84, 0x3b, 0xbb, 0x6d, 0xa6, 0x62, 0xf8, 0xee, 0x8f, + 0x27, 0xd3, 0x26, 0x29, 0xb8, 0xc0, 0xef, 0x84, 0x18, 0x5a, 0xaa, 0x5a, + 0x35, 0x80, 0x9a, 0x78, 0x8c, 0x3a, 0x45, 0x32, 0xd0, 0x67, 0xcf, 0x0c, + 0x02, 0xdb, 0x26, 0x15, 0x66, 0x97, 0x78, 0x68, 0xe1, 0x28, 0x7c, 0x15, + 0xb5, 0xe9, 0x73, 0x38, 0xf3, 0x5c, 0x9f, 0xcc, 0xf7, 0x5b, 0x76, 0xef, + 0x77, 0xa0, 0xbf, 0xd2, 0x1c, 0x06, 0x91, 0xd2, 0xaf, 0x1d, 0xa2, 0x1f, + 0x27, 0xd4, 0xd9, 0x8d, 0x59, 0x13, 0x7e, 0xed, 0xe3, 0x04, 0x50, 0xb9, + 0xb2, 0x53, 0x90, 0x8b, 0xaa, 0x73, 0xc1, 0x1e, 0x5e, 0x7b, 0x76, 0x3a, + 0x3e, 0x5c, 0xf4, 0x5e, 0xbb, 0xc4, 0xb8, 0x41, 0xb5, 0x22, 0x79, 0x42, + 0x76, 0x6b, 0x04, 0xee, 0x70, 0x6e, 0x6d, 0xfd, 0x1a, 0x34, 0x96, 0x9b, + 0xc4, 0x8f, 0x19, 0xd1, 0xc3, 0xcd, 0x9e, 0x57, 0xfd, 0x08, 0x83, 0xbb, + 0xe1, 0x9f, 0x76, 0xa7, 0x17, 0xa6, 0x3c, 0x74, 0x63, 0x90, 0x4c, 0x77, + 0xb8, 0x7f, 0xa0, 0x50, 0xbc, 0x3c, 0xfe, 0x51, 0x6e, 0xd0, 0x3d, 0x39, + 0x0e, 0xe4, 0x07, 0x3f, 0x02, 0x03, 0x01, 0x00, 0x01, 0x02, 0x82, 0x01, + 0x00, 0x13, 0x5c, 0x5b, 0xd0, 0x6e, 0xe7, 0x72, 0x82, 0x86, 0x28, 0xbf, + 0x57, 0x9d, 0x29, 0xc2, 0x04, 0x8f, 0xcd, 0x26, 0x1a, 0xb6, 0xe2, 0x1c, + 0x95, 0xa5, 0xff, 0x40, 0x56, 0x7c, 0x14, 0xc0, 0xe5, 0x75, 0x64, 0x43, + 0xe7, 0x43, 0xb6, 0xfd, 0xc9, 0xf9, 0xcb, 0xfc, 0x3a, 0x13, 0x6f, 0x35, + 0xa8, 0x0a, 0x45, 0xf5, 0xc3, 0x7e, 0xb9, 0xab, 0xe8, 0x83, 0xf3, 0x13, + 0xdb, 0x44, 0x00, 0x3e, 0x25, 0xe7, 0xae, 0x83, 0x44, 0x7d, 0xbb, 0x64, + 0x39, 0xb2, 0x3b, 0xc3, 0x78, 0xa7, 0x29, 0x3f, 0x3b, 0x83, 0x9b, 0x1f, + 0xfe, 0xbd, 0x3a, 0xba, 0x34, 0xb4, 0x57, 0xd1, 0x3b, 0x17, 0x56, 0x29, + 0x0e, 0xea, 0xfe, 0x5d, 0xb0, 0x30, 0x90, 0x3f, 0xc0, 0x87, 0x3b, 0xe9, + 0x0d, 0x2f, 0x46, 0x85, 0x2e, 0x38, 0xff, 0x62, 0x70, 0x24, 0x92, 0xd9, + 0x1b, 0x1d, 0xdf, 0x43, 0x46, 0x5b, 0x01, 0x53, 0x28, 0xe3, 0x86, 0x4a, + 0xfc, 0x50, 0x65, 0xe5, 0xa1, 0x41, 0x5b, 0xef, 0x0c, 0xf5, 0xd1, 0x82, + 0x81, 0xa4, 0xbb, 0x07, 0xf7, 0x34, 0xbe, 0x94, 0xaa, 0x84, 0x38, 0x13, + 0x28, 0x86, 0xc0, 0x61, 0x9d, 0xd9, 0xc0, 0xc0, 0x62, 0x23, 0x3b, 0x1c, + 0x2e, 0x8e, 0x2e, 0x00, 0xc4, 0x73, 0xc3, 0x7d, 0xa7, 0xb4, 0xae, 0xc1, + 0x97, 0x60, 0x36, 0x38, 0xa5, 0xe9, 0xae, 0xe6, 0xef, 0x44, 0x69, 0x47, + 0x28, 0xd9, 0x44, 0xe5, 0x14, 0x5a, 0xd9, 0x2a, 0x03, 0xb0, 0x71, 0x14, + 0x28, 0x28, 0x0d, 0x43, 0x97, 0x90, 0x35, 0xaf, 0x23, 0xca, 0x7a, 0x5f, + 0x5f, 0x4b, 0xe9, 0x1c, 0xc6, 0xbe, 0x86, 0x04, 0x1c, 0xa5, 0x23, 0x44, + 0x91, 0xa2, 0xec, 0x6d, 0xcb, 0x95, 0x18, 0x75, 0x6d, 0xf5, 0xe4, 0xa7, + 0x33, 0x7a, 0xa0, 0x9b, 0x5c, 0x0b, 0xcf, 0x10, 0x85, 0x30, 0xbd, 0xa6, + 0xcc, 0x35, 0x6d, 0x6e, 0xf1, 0x02, 0x81, 0x81, 0x00, 0xf4, 0xf2, 0xbf, + 0xf3, 0x44, 0xa0, 0x29, 0x23, 0xe7, 0x07, 0x5c, 0x81, 0x46, 0xb5, 0x6a, + 0xbc, 0xf9, 0x1c, 0x8e, 0x16, 0x70, 0x21, 0x5d, 0x27, 0xe1, 0x46, 0x12, + 0x09, 0x12, 0x46, 0xea, 0x52, 0x35, 0xbf, 0x9c, 0x50, 0xab, 0xe5, 0x0f, + 0xc4, 0x6b, 0xb0, 0x17, 0x5d, 0x35, 0x8c, 0x8e, 0x9e, 0x91, 0xd4, 0xe5, + 0xfe, 0xae, 0x95, 0x0c, 0xd7, 0xd5, 0xc8, 0xfd, 0x8a, 0x19, 0x2c, 0xba, + 0xe9, 0x7f, 0x9f, 0x15, 0x33, 0xbf, 0xec, 0x2f, 0xe9, 0x45, 0x5f, 0x80, + 0xa9, 0xf4, 0x96, 0xf5, 0x89, 0xbb, 0x94, 0x42, 0x10, 0x00, 0x46, 0x2a, + 0x6e, 0x1f, 0xee, 0xfd, 0xe8, 0x78, 0xae, 0xf7, 0x2a, 0xa5, 0x22, 0x5f, + 0x77, 0xae, 0x1a, 0x08, 0xd6, 0x35, 0x5e, 0xdb, 0x38, 0x4a, 0xd1, 0x60, + 0xb5, 0xf9, 0xd9, 0x95, 0x00, 0x26, 0x6f, 0xf7, 0x12, 0x52, 0x5b, 0x1d, + 0x09, 0x28, 0xdd, 0x21, 0xbb, 0x02, 0x81, 0x81, 0x00, 0xdc, 0xf1, 0x3d, + 0xbb, 0x87, 0xf7, 0xae, 0x69, 0xe8, 0x18, 0x94, 0x51, 0x2c, 0x78, 0xaf, + 0x1c, 0x8b, 0x77, 0x22, 0x49, 0xce, 0xd2, 0x1a, 0xc2, 0xbc, 0x0f, 0xca, + 0x63, 0x1d, 0x92, 0x1e, 0x98, 0x94, 0x5b, 0xda, 0x57, 0xcd, 0x98, 0xa6, + 0x6a, 0x54, 0x8f, 0x43, 0x93, 0x7f, 0x0f, 0xca, 0xe5, 0x2e, 0xf5, 0x50, + 0x06, 0x43, 0x0e, 0xbf, 0xec, 0x08, 0x53, 0xba, 0x04, 0x8f, 0x54, 0x35, + 0xa3, 0x21, 0x9e, 0xf9, 0xfc, 0x53, 0x37, 0xf3, 0xb5, 0x3a, 0x95, 0x7a, + 0x60, 0x89, 0xc9, 0x53, 0xaf, 0xf4, 0x2e, 0x39, 0x83, 0x15, 0x67, 0x38, + 0x7f, 0x65, 0x4f, 0xce, 0xcd, 0x42, 0x0b, 0x84, 0x83, 0xdf, 0xe0, 0xf3, + 0x59, 0x1f, 0x62, 0xef, 0x64, 0xc3, 0xbc, 0xe8, 0x56, 0xff, 0x20, 0xcd, + 0xe4, 0xfb, 0xa3, 0x50, 0xa3, 0xca, 0xfb, 0xd8, 0xbe, 0x96, 0x94, 0x06, + 0x9a, 0x02, 0x1b, 0x86, 0x4d, 0x02, 0x81, 0x81, 0x00, 0xa0, 0xb7, 0x05, + 0xaa, 0x9f, 0xc4, 0x56, 0x39, 0xf0, 0x43, 0xac, 0x36, 0x46, 0x26, 0x92, + 0x3a, 0x1b, 0x58, 0xd9, 0x01, 0x6f, 0xe0, 0xf4, 0x36, 0x4e, 0x60, 0xa3, + 0x44, 0xc0, 0x71, 0x37, 0x1d, 0x69, 0x96, 0xa7, 0x01, 0x67, 0x47, 0x8b, + 0xe8, 0xdc, 0x9f, 0x55, 0x35, 0x1b, 0x05, 0x76, 0x2e, 0x24, 0x91, 0x03, + 0xb6, 0xee, 0xe5, 0x6c, 0xdf, 0xd0, 0xad, 0x67, 0x6d, 0x4c, 0xc7, 0x44, + 0x7c, 0x1f, 0xf8, 0x48, 0xf9, 0x03, 0x5b, 0xfc, 0xb3, 0x99, 0x88, 0xe7, + 0xea, 0x9b, 0x48, 0xd1, 0x21, 0xe5, 0xa9, 0x89, 0x0e, 0xe6, 0x9f, 0x23, + 0x07, 0xce, 0x7c, 0x08, 0xac, 0x97, 0x42, 0x75, 0x79, 0xcd, 0x8f, 0x98, + 0x03, 0xf6, 0x7f, 0xae, 0x7c, 0x9d, 0xd7, 0xf7, 0x0e, 0x20, 0x48, 0xf0, + 0xa3, 0x75, 0xa3, 0x85, 0x57, 0xeb, 0xe0, 0x5a, 0xc3, 0xf2, 0xb5, 0x45, + 0x7f, 0xd5, 0x08, 0x02, 0x31, 0x02, 0x81, 0x80, 0x6b, 0x9f, 0xc7, 0xe6, + 0x75, 0xd1, 0x1c, 0xd0, 0xd2, 0x12, 0x47, 0x0d, 0x53, 0x90, 0x66, 0x1c, + 0x8d, 0x83, 0x36, 0xdc, 0xa5, 0x36, 0x8b, 0x7a, 0x98, 0x89, 0x48, 0x99, + 0x07, 0x6a, 0x8a, 0x24, 0xe0, 0xff, 0xed, 0x58, 0x1f, 0xfa, 0x5f, 0xf6, + 0x23, 0xc2, 0xb5, 0xb4, 0x3f, 0x8c, 0xbd, 0xd4, 0xee, 0x0e, 0xe9, 0x30, + 0x63, 0xb1, 0xe7, 0xa3, 0x5e, 0x5b, 0x0a, 0x9d, 0xf6, 0x03, 0x9b, 0x2d, + 0x1f, 0xcf, 0x85, 0x0e, 0x78, 0xab, 0x24, 0xb7, 0xff, 0x15, 0x99, 0x4b, + 0x35, 0x53, 0x30, 0xc4, 0xe1, 0x39, 0x33, 0x22, 0xbb, 0x66, 0x50, 0x8b, + 0x1e, 0x1a, 0xc6, 0x2e, 0x0e, 0x21, 0xf6, 0x27, 0x17, 0x03, 0x49, 0x06, + 0xfc, 0xd7, 0x00, 0xae, 0x20, 0xfb, 0x00, 0x62, 0x80, 0x5c, 0xc6, 0x6e, + 0xe8, 0x75, 0x21, 0x6e, 0xe8, 0x0d, 0xce, 0x02, 0xe8, 0xee, 0xaa, 0x58, + 0x92, 0xf6, 0x3d, 0x71, 0x02, 0x81, 0x81, 0x00, 0x84, 0x6e, 0x5b, 0x4e, + 0x97, 0xdd, 0xef, 0xaa, 0x17, 0x06, 0xe8, 0xa0, 0x9b, 0x00, 0x49, 0x1f, + 0xaa, 0x50, 0x28, 0x35, 0x04, 0xae, 0xf1, 0x74, 0xdf, 0xcc, 0x60, 0xfc, + 0xe2, 0x97, 0x7d, 0x81, 0xdc, 0x91, 0x11, 0xbc, 0xb4, 0x9e, 0x84, 0x87, + 0xf7, 0xd8, 0xf7, 0x4f, 0xa4, 0x76, 0x5f, 0x86, 0xec, 0x26, 0x7f, 0xb3, + 0x3c, 0x37, 0x15, 0xc4, 0x43, 0xda, 0x51, 0x54, 0xf7, 0x10, 0x05, 0x25, + 0x24, 0x11, 0x92, 0xa8, 0xb9, 0x41, 0x1a, 0xd2, 0x01, 0xd5, 0x52, 0xac, + 0x99, 0x07, 0x59, 0xdc, 0xcf, 0x8d, 0x7f, 0x7d, 0x5f, 0x01, 0xa6, 0x77, + 0xe5, 0x83, 0xfd, 0x6a, 0x1f, 0x7b, 0xcb, 0x38, 0x29, 0xfc, 0xd0, 0x6f, + 0x6b, 0x86, 0xd5, 0xcd, 0x1c, 0x63, 0x7f, 0xb0, 0x58, 0xda, 0x43, 0xc7, + 0x2f, 0x81, 0xd0, 0x3f, 0xd5, 0x8f, 0xa1, 0xda, 0xf1, 0x75, 0xda, 0x4c, + 0x5b, 0x4f, 0x2c, 0x20, }; -/* END FILE */ -/* This macro was generated from tests/scripts/generate_test_keys.py */ -/* BEGIN FILE string macro test_rsa_4096 */ const unsigned char test_rsa_4096[] = { 0x30, 0x82, 0x09, 0x29, 0x02, 0x01, 0x00, 0x02, 0x82, 0x02, 0x01, 0x00, - 0xca, 0xd0, 0xd9, 0x1e, 0xae, 0x27, 0x25, 0x04, 0x53, 0xb5, 0x7f, 0x0a, - 0x56, 0x80, 0xd2, 0xf5, 0xd4, 0x9c, 0x59, 0x33, 0x0e, 0xae, 0x70, 0xe0, - 0x35, 0xb7, 0x65, 0x6b, 0x3a, 0xbf, 0x45, 0x65, 0x1f, 0xfb, 0x86, 0x6b, - 0x9c, 0x3e, 0x33, 0x6c, 0xff, 0xc2, 0x03, 0x3d, 0x25, 0x0a, 0x6b, 0xbe, - 0xd7, 0x03, 0x97, 0xdd, 0xea, 0x5b, 0x80, 0xb7, 0x8b, 0x3c, 0xad, 0xaf, - 0x88, 0x53, 0x64, 0x30, 0x90, 0xb3, 0xf3, 0x5e, 0x82, 0x8b, 0x0b, 0x59, - 0x29, 0x11, 0x32, 0xf1, 0x50, 0xce, 0xd1, 0x89, 0x4a, 0x88, 0xdb, 0x14, - 0x52, 0xbd, 0x5b, 0x67, 0x13, 0x1e, 0x60, 0x89, 0xd9, 0x53, 0xf4, 0x34, - 0x5e, 0xfe, 0x3d, 0xd4, 0xae, 0xf5, 0x97, 0x7a, 0xe4, 0x66, 0xd5, 0xb0, - 0x74, 0x72, 0xd9, 0x13, 0x02, 0x3a, 0x42, 0xc3, 0x91, 0xdb, 0xd1, 0x41, - 0x6f, 0x46, 0x06, 0x51, 0xd2, 0x0c, 0xb9, 0x6b, 0x8b, 0x72, 0xa0, 0x0e, - 0xcc, 0x05, 0x95, 0x5c, 0xa0, 0xbd, 0x57, 0xda, 0xb8, 0x33, 0x87, 0x85, - 0xc7, 0xee, 0xd1, 0x06, 0xcc, 0x78, 0x90, 0x39, 0xd4, 0x96, 0x24, 0x89, - 0xda, 0xff, 0xb0, 0xe4, 0xd2, 0x39, 0x58, 0x45, 0xf5, 0x2a, 0x45, 0x44, - 0xc3, 0xca, 0x54, 0xa7, 0xd7, 0x32, 0x8f, 0x3e, 0x56, 0x30, 0x14, 0xef, - 0x20, 0x3d, 0x96, 0xe1, 0xdf, 0x75, 0xa7, 0x99, 0x5c, 0xdd, 0x98, 0x21, - 0xf1, 0xac, 0x8f, 0x0c, 0x6b, 0xf0, 0x79, 0x55, 0x27, 0xc1, 0x00, 0xa3, - 0xec, 0x49, 0xb4, 0x0d, 0x02, 0x92, 0xba, 0xa0, 0x7f, 0x53, 0xaf, 0xd0, - 0x41, 0x33, 0x73, 0xb4, 0xc4, 0xfd, 0x1f, 0xf7, 0x54, 0xa5, 0xd2, 0x71, - 0xb1, 0x6c, 0x4c, 0x1f, 0x45, 0xce, 0xf0, 0xd0, 0x8d, 0xe2, 0xaa, 0x02, - 0xa6, 0xce, 0x4b, 0xac, 0xeb, 0xd0, 0xb7, 0x4a, 0x56, 0xf0, 0xc6, 0x0f, - 0x0f, 0x95, 0xcb, 0x11, 0xf3, 0x62, 0xee, 0x60, 0xcf, 0xca, 0x80, 0x24, - 0x11, 0xaa, 0x25, 0x04, 0xce, 0xa8, 0xae, 0x3d, 0x38, 0xec, 0xab, 0xa5, - 0x13, 0xd4, 0xca, 0xf7, 0x2d, 0x52, 0xfb, 0x16, 0x10, 0x88, 0xdf, 0x8f, - 0xa0, 0xcc, 0xf6, 0xa1, 0xb8, 0x4d, 0xaa, 0x18, 0x9c, 0x1f, 0xcf, 0x0a, - 0xe6, 0x13, 0xde, 0x21, 0x60, 0xee, 0xa4, 0x50, 0x97, 0x81, 0x28, 0x6f, - 0xc3, 0xc4, 0xdc, 0xe2, 0x73, 0xf4, 0x42, 0x40, 0x8b, 0x28, 0x79, 0xcc, - 0x5f, 0x9d, 0xe6, 0x3c, 0x42, 0xfb, 0x54, 0x5c, 0x9c, 0xb5, 0xad, 0xbd, - 0xc7, 0x6d, 0x04, 0xc3, 0x6e, 0xa3, 0x25, 0x90, 0x16, 0x79, 0xd0, 0x8a, - 0xa4, 0xe6, 0x6c, 0x9e, 0x63, 0x61, 0x20, 0xb9, 0x06, 0x1e, 0xc9, 0x3b, - 0x44, 0x61, 0x80, 0x9f, 0xb8, 0xbd, 0x78, 0xa5, 0x06, 0xfd, 0xec, 0x10, - 0x4a, 0xed, 0x31, 0xc5, 0xb6, 0x19, 0xff, 0xa2, 0xd6, 0xba, 0xb4, 0xd9, - 0x86, 0x40, 0x7f, 0x24, 0x47, 0x48, 0xf4, 0xa0, 0x66, 0x66, 0xe5, 0xa4, - 0x51, 0xc1, 0xa3, 0x25, 0x2e, 0x34, 0x58, 0x61, 0x85, 0x51, 0x75, 0x49, - 0x18, 0xf4, 0xa6, 0xd8, 0x83, 0x28, 0x7e, 0xcc, 0x56, 0x27, 0xc6, 0x79, - 0xda, 0x8e, 0x3e, 0x36, 0x23, 0xe2, 0xa7, 0x6d, 0x11, 0xcb, 0x91, 0x05, - 0x59, 0xdf, 0x0f, 0x40, 0x27, 0x25, 0x7c, 0x13, 0x8c, 0xbe, 0x1c, 0x9c, - 0x54, 0x0f, 0x57, 0xe3, 0x8f, 0x46, 0xcf, 0xa3, 0xfc, 0x4a, 0x31, 0xf8, - 0xe2, 0x32, 0x9a, 0x73, 0x21, 0x04, 0x44, 0x8a, 0xe8, 0x2d, 0x77, 0x2e, - 0xad, 0xa4, 0xbd, 0xc8, 0x14, 0x85, 0xb1, 0x8a, 0x72, 0x79, 0x69, 0x24, - 0x97, 0x04, 0x7b, 0x56, 0xf5, 0xc4, 0xd9, 0xdb, 0x4f, 0x91, 0x40, 0x60, - 0xf0, 0xda, 0x0a, 0xd7, 0x12, 0xf0, 0x09, 0x21, 0xbd, 0x7c, 0x2f, 0x01, - 0x73, 0x66, 0x69, 0xd7, 0x92, 0x6a, 0xa6, 0x1b, 0x02, 0x03, 0x01, 0x00, - 0x01, 0x02, 0x82, 0x02, 0x00, 0x38, 0xe9, 0x3d, 0xe3, 0xc4, 0x0e, 0xab, - 0xee, 0x78, 0xe6, 0xd7, 0x0d, 0x39, 0x94, 0xd0, 0x9d, 0xb6, 0xd9, 0x60, - 0x96, 0x59, 0x2a, 0x4d, 0xf6, 0x3c, 0x5c, 0x88, 0x12, 0xfc, 0xdb, 0x2b, - 0x47, 0xe3, 0x1f, 0x9b, 0x6a, 0x9a, 0xdf, 0x41, 0x62, 0xf6, 0xa9, 0xa4, - 0x6b, 0x05, 0xf7, 0xd4, 0xa0, 0x2a, 0x89, 0x91, 0x95, 0xed, 0xeb, 0x5b, - 0x45, 0x25, 0xc7, 0x13, 0x1d, 0xcc, 0x6d, 0x4a, 0x11, 0xee, 0xa8, 0xf0, - 0x43, 0xb6, 0xf1, 0xf9, 0x6f, 0x3d, 0x7c, 0xdc, 0x04, 0xa7, 0x1e, 0x41, - 0xe1, 0xfa, 0x8e, 0x48, 0x9b, 0x7d, 0x54, 0x31, 0x4f, 0xcd, 0x27, 0x9b, - 0x03, 0x53, 0x7e, 0xa1, 0x6a, 0x08, 0xb5, 0xe2, 0xf7, 0xc9, 0x58, 0x94, - 0xf7, 0x21, 0x1c, 0x52, 0x1e, 0x3f, 0xae, 0xf2, 0x86, 0xc8, 0xfb, 0x3c, - 0x3c, 0xd0, 0xb3, 0x14, 0x16, 0xfe, 0x78, 0x71, 0xd1, 0x87, 0xd5, 0x96, - 0x3a, 0x3d, 0x59, 0x1e, 0xdc, 0xc8, 0x17, 0x51, 0x00, 0x3b, 0x02, 0xa6, - 0xa2, 0x73, 0x49, 0xd2, 0x5f, 0x91, 0xe8, 0xcb, 0xb2, 0xd2, 0xb1, 0x8a, - 0x17, 0x10, 0x36, 0x49, 0x6e, 0x7d, 0x8b, 0x7e, 0x41, 0xd7, 0x53, 0xcc, - 0x17, 0x65, 0x62, 0x45, 0x29, 0xb4, 0x9f, 0x13, 0xfe, 0x3c, 0xfe, 0xac, - 0xff, 0x5b, 0x04, 0x06, 0xfb, 0xca, 0xda, 0x3d, 0x7a, 0x88, 0x4f, 0xe5, - 0x85, 0xbd, 0x6f, 0x58, 0xff, 0x3d, 0x67, 0xa4, 0x84, 0x61, 0xcd, 0x8a, - 0xde, 0x80, 0x57, 0x42, 0x2c, 0xbd, 0x63, 0x39, 0x28, 0xe5, 0x6d, 0xf2, - 0xfc, 0x92, 0x7e, 0x13, 0x39, 0xa6, 0xf2, 0x1f, 0x27, 0xbc, 0x97, 0x22, - 0xdf, 0x2e, 0x5b, 0x91, 0x9f, 0xe1, 0x9f, 0x78, 0x04, 0xd6, 0x7b, 0xe9, - 0x4b, 0x3c, 0x65, 0x3c, 0x3b, 0x9e, 0x3f, 0x09, 0x31, 0x2e, 0xc2, 0xd4, - 0x8c, 0x01, 0xb5, 0x72, 0x7e, 0x4b, 0x6b, 0x47, 0x1d, 0xf3, 0xb2, 0xaa, - 0x9c, 0xd0, 0x1a, 0x11, 0x24, 0xad, 0xeb, 0x0e, 0x9e, 0xe1, 0xa9, 0xfc, - 0x4c, 0xf0, 0xd0, 0xc5, 0x4d, 0xd0, 0xef, 0x45, 0xa2, 0x64, 0xce, 0x08, - 0x60, 0x55, 0xaf, 0x11, 0xbd, 0xad, 0xda, 0x20, 0x04, 0x97, 0x1f, 0x9f, - 0x99, 0x4a, 0x44, 0x6d, 0x94, 0x57, 0xd8, 0x4d, 0x80, 0xb0, 0x2a, 0xf3, - 0x32, 0xd8, 0x62, 0x2b, 0xbb, 0x28, 0xa5, 0x8e, 0x7f, 0x55, 0xfa, 0xe1, - 0xb6, 0x34, 0x27, 0x80, 0xa9, 0x63, 0x6b, 0xa7, 0x1b, 0x00, 0x6f, 0x47, - 0x51, 0xf2, 0x4d, 0x8a, 0xa2, 0x6b, 0xf8, 0x3f, 0xe0, 0x07, 0x06, 0x58, - 0x87, 0x8d, 0x42, 0x5b, 0x81, 0x2f, 0xba, 0x8b, 0xec, 0xfd, 0x5e, 0xad, - 0xd5, 0x22, 0xac, 0xb8, 0xb8, 0xa9, 0x51, 0x10, 0x1d, 0x08, 0x78, 0xf4, - 0xc8, 0xff, 0xfc, 0x25, 0x85, 0xe1, 0xe1, 0x5a, 0xb7, 0x9c, 0x53, 0xc1, - 0x50, 0x7b, 0xfa, 0x48, 0xf4, 0x84, 0x2c, 0x1b, 0x10, 0xd4, 0x31, 0x0b, - 0x6f, 0x0d, 0x35, 0x36, 0xf2, 0xbb, 0x70, 0xfb, 0x18, 0xf6, 0x22, 0x8e, - 0x87, 0x39, 0xd2, 0x5d, 0x8c, 0xef, 0x42, 0xe4, 0x36, 0x8b, 0x44, 0xac, - 0x3c, 0xab, 0x09, 0xf9, 0x26, 0xb3, 0x3d, 0x85, 0x57, 0x75, 0x0a, 0x76, - 0x69, 0x14, 0x53, 0x0c, 0x28, 0xd9, 0x28, 0x57, 0x4b, 0x60, 0xea, 0xcf, - 0x83, 0xac, 0x9a, 0x05, 0xd4, 0x54, 0x46, 0xd3, 0xfd, 0xb4, 0x5d, 0xcb, - 0x45, 0x5a, 0xda, 0x1b, 0xcf, 0x71, 0x03, 0xd9, 0xc7, 0x1b, 0xd8, 0xb6, - 0x45, 0x17, 0x45, 0x01, 0x3e, 0x75, 0xf1, 0x48, 0x5c, 0x7a, 0xec, 0x58, - 0xe3, 0x71, 0xfb, 0xfe, 0x66, 0xcf, 0x99, 0x1e, 0xf7, 0xa1, 0x79, 0x74, - 0xb0, 0x99, 0x9d, 0xe5, 0x93, 0x3f, 0xa3, 0x31, 0x06, 0xb3, 0x16, 0x71, - 0x27, 0x36, 0xb0, 0xc0, 0x64, 0xe8, 0x07, 0x5e, 0xf0, 0x4a, 0x76, 0x04, - 0x91, 0x02, 0x82, 0x01, 0x01, 0x00, 0xff, 0x09, 0x0d, 0x15, 0xda, 0xbd, - 0xa7, 0xe9, 0x79, 0x20, 0x59, 0x05, 0xc1, 0xea, 0x20, 0xa9, 0xb9, 0x47, - 0x16, 0x42, 0xeb, 0x3f, 0x26, 0xa4, 0x8b, 0xfd, 0x48, 0x4b, 0xdf, 0x06, - 0x35, 0x8b, 0x32, 0xe3, 0xf7, 0x1f, 0xb1, 0x92, 0x96, 0xbf, 0x48, 0x04, - 0x32, 0xb2, 0x4e, 0x83, 0x9a, 0x1f, 0x4b, 0x11, 0x75, 0xb8, 0xbf, 0x4d, - 0x2e, 0xe0, 0x8a, 0x22, 0xde, 0x94, 0xb1, 0x98, 0xc0, 0xec, 0x8a, 0x49, - 0x73, 0x07, 0xf5, 0x69, 0x4c, 0x9a, 0x2f, 0xab, 0xf6, 0xdd, 0x93, 0x26, - 0x6c, 0x79, 0x2c, 0xac, 0xbc, 0x7d, 0x67, 0xad, 0x3e, 0x46, 0xdd, 0xf2, - 0xef, 0x14, 0x8a, 0x10, 0x9c, 0x11, 0x9b, 0x4a, 0xd5, 0x27, 0x87, 0x52, - 0x79, 0x1a, 0xb3, 0x67, 0xe3, 0x29, 0x35, 0x97, 0x57, 0xa7, 0x7f, 0xab, - 0xed, 0xe2, 0xa4, 0xa8, 0x94, 0x01, 0x7c, 0x85, 0x5e, 0x47, 0x67, 0xb5, - 0xae, 0xf0, 0x2b, 0x9a, 0xa6, 0xb1, 0x4c, 0xd7, 0x84, 0xae, 0x24, 0x1e, - 0x28, 0x77, 0x63, 0x69, 0x38, 0x6b, 0xab, 0xe0, 0x4f, 0x90, 0x78, 0x4a, - 0x31, 0x30, 0xe8, 0x95, 0xbc, 0xcb, 0x95, 0x9c, 0xd5, 0x34, 0x7c, 0x4c, - 0x07, 0xa7, 0x23, 0x66, 0x6b, 0xd6, 0x59, 0x93, 0x69, 0x22, 0xb3, 0xda, - 0x47, 0x66, 0xf8, 0xee, 0x4a, 0x38, 0x5e, 0xab, 0x2d, 0xf7, 0xe0, 0xab, - 0x9f, 0x65, 0x1a, 0x90, 0x04, 0xaa, 0x71, 0xc5, 0x59, 0xf2, 0x0c, 0xb3, - 0xbe, 0xd5, 0xcf, 0x17, 0xcd, 0x70, 0x4c, 0xa6, 0xb7, 0xb5, 0x19, 0xc2, - 0x2b, 0xa8, 0x6b, 0x0c, 0x5f, 0x81, 0xb6, 0x18, 0x7b, 0x2e, 0x74, 0x6f, - 0xcb, 0x37, 0x15, 0x71, 0x4f, 0x7e, 0xac, 0xbf, 0x66, 0xf5, 0xb6, 0x72, - 0xf7, 0xe9, 0xc7, 0x99, 0xa5, 0x31, 0xf9, 0x27, 0x74, 0x4d, 0x68, 0xd6, - 0x60, 0xc7, 0x83, 0xe7, 0xd4, 0xa0, 0xc0, 0x09, 0x7a, 0x0f, 0x02, 0x82, - 0x01, 0x01, 0x00, 0xcb, 0x95, 0x3b, 0xb3, 0x52, 0xf2, 0x44, 0x4c, 0x50, - 0xe0, 0xee, 0xaf, 0xf2, 0xec, 0x68, 0x73, 0x70, 0x16, 0x6c, 0x1d, 0x54, - 0xeb, 0xa2, 0xaf, 0x4e, 0xb9, 0x53, 0x5f, 0x73, 0x07, 0x72, 0x68, 0x70, - 0xce, 0xf0, 0xc5, 0x1b, 0x94, 0xb3, 0x48, 0xb5, 0x8e, 0x58, 0xb5, 0x81, - 0x96, 0x7b, 0xbb, 0x83, 0x33, 0x95, 0x06, 0x1a, 0x01, 0x69, 0xe1, 0x59, - 0xf9, 0x6d, 0x3d, 0x13, 0x5f, 0x52, 0xdf, 0xb6, 0x66, 0x68, 0x2b, 0xd8, - 0x06, 0x4a, 0xf8, 0xf9, 0x69, 0xed, 0xdd, 0x1e, 0x39, 0x93, 0x10, 0xe5, - 0x1b, 0x0b, 0xfe, 0x52, 0xd2, 0x9b, 0x64, 0x6c, 0xb3, 0xdc, 0x8a, 0x30, - 0x63, 0x56, 0x1c, 0x57, 0x39, 0x30, 0xfb, 0x89, 0x12, 0xd0, 0xbc, 0x00, - 0xd8, 0x4c, 0x0d, 0xcb, 0x17, 0x3e, 0x80, 0xad, 0x87, 0xc2, 0xd9, 0x28, - 0xe1, 0xbe, 0x69, 0x2b, 0x6b, 0x11, 0x7f, 0x8d, 0xb7, 0xc0, 0x2f, 0x9c, - 0x10, 0xe7, 0xd5, 0x12, 0xc0, 0x10, 0xec, 0x43, 0x9d, 0xe7, 0x30, 0x4b, - 0x5d, 0xec, 0x05, 0x22, 0xf3, 0x71, 0xab, 0x6e, 0xba, 0x99, 0x9a, 0xc7, - 0xe2, 0x95, 0x2b, 0xa4, 0xdc, 0xf0, 0x18, 0xa7, 0x91, 0x76, 0x5e, 0xf2, - 0x3b, 0x46, 0x51, 0xb9, 0xa2, 0x3e, 0xe1, 0xac, 0x7b, 0x18, 0x49, 0x15, - 0x2b, 0x01, 0xd6, 0xeb, 0x38, 0x90, 0xe4, 0x76, 0x1e, 0xc2, 0xd7, 0x7a, - 0x28, 0x0a, 0x05, 0x68, 0xbd, 0x59, 0xeb, 0xdf, 0x2b, 0x39, 0x58, 0x4b, - 0xa8, 0xf9, 0x92, 0x4c, 0xf2, 0xbf, 0xe6, 0x12, 0x6f, 0x13, 0x03, 0xa3, - 0xf5, 0xa1, 0xd2, 0x2b, 0x68, 0xf4, 0x8b, 0xac, 0x14, 0xb1, 0x3d, 0x05, - 0x4a, 0xea, 0x5a, 0x13, 0x29, 0x47, 0x36, 0x95, 0x7d, 0xf4, 0xed, 0x06, - 0x23, 0x3c, 0xf1, 0x4c, 0xf0, 0x95, 0xf9, 0xc7, 0x7e, 0x41, 0x85, 0x84, - 0xbf, 0x53, 0xfc, 0xa4, 0x5a, 0x8f, 0x35, 0x02, 0x82, 0x01, 0x00, 0x4e, - 0x64, 0xc8, 0xd9, 0xeb, 0xe8, 0x1a, 0x62, 0x20, 0xf2, 0x79, 0x8a, 0xd4, - 0x85, 0x94, 0x4e, 0xb7, 0x7e, 0x0b, 0x70, 0xbc, 0x81, 0x27, 0xee, 0xb2, - 0x7d, 0x43, 0xa8, 0xd6, 0xc0, 0x40, 0xdb, 0x2d, 0xe4, 0x77, 0x05, 0x0d, - 0xff, 0x62, 0x49, 0x1f, 0xe8, 0xf2, 0x70, 0x6e, 0xc3, 0xf3, 0x2f, 0x25, - 0x53, 0x13, 0x9d, 0x9b, 0x68, 0x2d, 0x3d, 0xa6, 0x18, 0x7b, 0xd4, 0xb7, - 0x16, 0x9e, 0x4e, 0xd7, 0x5f, 0x26, 0x75, 0xce, 0xd0, 0xf4, 0x53, 0xfc, - 0xcd, 0x5e, 0x4f, 0xd3, 0xb8, 0x9e, 0xe5, 0x4c, 0x7f, 0x38, 0x5d, 0x4f, - 0xee, 0x27, 0xd3, 0x7e, 0xcb, 0xfb, 0x03, 0x94, 0x40, 0xf0, 0xc8, 0x54, - 0xb4, 0xd6, 0xfa, 0x94, 0x95, 0x1c, 0x56, 0xc1, 0xc8, 0xf0, 0x41, 0xad, - 0x90, 0x7c, 0xc8, 0x26, 0xed, 0x81, 0x6d, 0x06, 0x72, 0x2f, 0x34, 0x99, - 0xc3, 0x21, 0x2c, 0xcf, 0xcb, 0x40, 0x1f, 0xe1, 0x37, 0x63, 0x7f, 0xe2, - 0x7f, 0xe8, 0xef, 0xe2, 0x78, 0x46, 0xb6, 0x14, 0x1f, 0xb6, 0xd1, 0x19, - 0xff, 0x14, 0x55, 0xf3, 0x33, 0xd3, 0x15, 0x16, 0x99, 0x58, 0x74, 0x37, - 0xe4, 0x02, 0x81, 0x64, 0xa7, 0xb6, 0x3e, 0x81, 0x1a, 0x2d, 0x91, 0xb0, - 0xed, 0x28, 0x07, 0x1b, 0xc3, 0xbf, 0xe8, 0xfe, 0x21, 0xb9, 0x3c, 0xc4, - 0x94, 0xd7, 0xc7, 0x77, 0x0f, 0x2a, 0x2a, 0xd8, 0xd4, 0x66, 0x2a, 0xc2, - 0x58, 0x08, 0x82, 0xe7, 0xb6, 0xa4, 0xb5, 0x72, 0x37, 0xfd, 0xd5, 0x44, - 0x2a, 0x87, 0x13, 0xaa, 0xfc, 0x4d, 0x91, 0x32, 0x7e, 0x96, 0x28, 0xf8, - 0x01, 0x64, 0x73, 0xee, 0x24, 0xa3, 0x11, 0xa6, 0x8c, 0xb3, 0x03, 0xdc, - 0x33, 0xe5, 0x81, 0x27, 0xf9, 0x05, 0x0d, 0x9e, 0x66, 0x33, 0x2a, 0x3e, - 0x4d, 0x0b, 0x69, 0xf4, 0x0c, 0xd9, 0xa8, 0xda, 0x79, 0xfb, 0x99, 0x02, - 0x0e, 0xa7, 0xaf, 0x02, 0x82, 0x01, 0x01, 0x00, 0x80, 0xff, 0xab, 0xd7, - 0xa2, 0x2c, 0x7f, 0x18, 0x78, 0x7b, 0x3e, 0xe3, 0x60, 0xa3, 0x6a, 0x40, - 0x13, 0x7b, 0x31, 0xc0, 0x98, 0x49, 0xc3, 0x49, 0x20, 0x32, 0x10, 0x61, - 0x3f, 0xeb, 0x2d, 0x14, 0x7e, 0xbe, 0xb2, 0x13, 0xc3, 0xb9, 0x42, 0xad, - 0x44, 0xd5, 0xd0, 0xe2, 0x1a, 0x1d, 0xf7, 0x83, 0x46, 0xcc, 0x8d, 0x96, - 0x53, 0x2e, 0x28, 0x20, 0x32, 0x39, 0xf9, 0x7d, 0x24, 0xe4, 0x57, 0x08, - 0x08, 0x74, 0xf5, 0x77, 0x2a, 0xa8, 0x3a, 0x23, 0x6f, 0x2f, 0x2f, 0x18, - 0xd8, 0x89, 0x14, 0xe6, 0x34, 0xb6, 0x21, 0xb0, 0x62, 0x5c, 0xaf, 0x38, - 0x40, 0x24, 0xec, 0x0e, 0xe8, 0x40, 0x59, 0x95, 0x15, 0xb3, 0xd8, 0x94, - 0xda, 0x33, 0x80, 0xee, 0x4f, 0xfe, 0xbe, 0x9a, 0x52, 0xe1, 0x04, 0xaa, - 0xd6, 0xca, 0x5a, 0xad, 0xed, 0xd8, 0xb5, 0x25, 0xc0, 0xec, 0x54, 0x27, - 0x25, 0xee, 0x94, 0x29, 0xd6, 0xd3, 0x63, 0x83, 0x41, 0x21, 0x50, 0xd7, - 0xd4, 0xb4, 0x9e, 0x84, 0x9c, 0x8d, 0x03, 0xfb, 0xf1, 0x3c, 0x9e, 0xff, - 0x48, 0xe7, 0x96, 0x63, 0x5c, 0x5a, 0xf7, 0xb8, 0xb2, 0xfb, 0x88, 0x6b, - 0xa6, 0xea, 0x66, 0x3e, 0x1d, 0x71, 0x6f, 0xca, 0x63, 0x3d, 0x2a, 0x69, - 0x27, 0x38, 0xcc, 0x97, 0xaa, 0x81, 0x18, 0xe6, 0x4d, 0x20, 0x07, 0xb7, - 0xac, 0x1d, 0x2b, 0xcb, 0x0b, 0xcd, 0x89, 0x24, 0x0a, 0x4d, 0x49, 0x48, - 0x4b, 0x9e, 0x00, 0xf5, 0x30, 0xe3, 0xfe, 0x58, 0x34, 0xc7, 0xf0, 0xce, - 0xe1, 0x49, 0x5e, 0x9c, 0x04, 0xed, 0xa5, 0x3f, 0x1e, 0x60, 0x9f, 0xec, - 0x4c, 0xfa, 0xc3, 0x9f, 0xed, 0xd5, 0x9d, 0x8f, 0xbb, 0xea, 0x81, 0x04, - 0x56, 0x4f, 0x7c, 0xbe, 0x20, 0x10, 0x7e, 0x12, 0x4c, 0x75, 0x7a, 0x22, - 0xce, 0xc4, 0xf2, 0xd1, 0x9e, 0xde, 0xf9, 0x61, 0xf1, 0xe6, 0xac, 0x2d, - 0x02, 0x82, 0x01, 0x01, 0x00, 0xd7, 0x32, 0x63, 0x0a, 0x84, 0xda, 0x7e, - 0x7e, 0xc5, 0xdf, 0xff, 0xbc, 0x82, 0x36, 0x8d, 0x83, 0x5b, 0x79, 0xa2, - 0x25, 0x88, 0xeb, 0xeb, 0x4e, 0xb8, 0xa1, 0x29, 0xbe, 0x9d, 0x81, 0x80, - 0x4b, 0x63, 0x67, 0xcc, 0x0a, 0x0d, 0xe9, 0xee, 0x84, 0x03, 0xf7, 0x2a, - 0x04, 0xe5, 0xa6, 0x0d, 0x8e, 0x0d, 0x34, 0x9f, 0x7c, 0xc1, 0xa0, 0xad, - 0x32, 0x59, 0xf8, 0x94, 0xb2, 0x4c, 0xca, 0x70, 0x68, 0xa3, 0x4b, 0xa8, - 0x58, 0xad, 0x46, 0x36, 0x08, 0xcd, 0x94, 0x10, 0x66, 0x5b, 0xbb, 0x38, - 0x16, 0x47, 0xb9, 0x2a, 0xe9, 0xe7, 0xf1, 0x4d, 0xb5, 0xb1, 0x77, 0x13, - 0xd7, 0x4f, 0xea, 0x53, 0x5f, 0xde, 0x8e, 0x0d, 0x6c, 0x88, 0x86, 0x79, - 0x0a, 0xa7, 0x2b, 0xaa, 0xe2, 0x3b, 0xb4, 0xa6, 0xd9, 0x2e, 0x57, 0xe4, - 0x76, 0x67, 0xa2, 0x4e, 0x24, 0x93, 0x2b, 0xfb, 0x7f, 0x30, 0x89, 0x66, - 0x16, 0x02, 0xe8, 0x6a, 0x2f, 0x75, 0x9e, 0xc1, 0xec, 0x7c, 0x72, 0x18, - 0xbe, 0xf1, 0x4a, 0x87, 0xc9, 0x8c, 0xcb, 0xb6, 0xa2, 0x02, 0x6e, 0x97, - 0x88, 0x4a, 0xba, 0x4a, 0xb2, 0xd8, 0x8c, 0x4a, 0xf5, 0x9c, 0x87, 0x2d, - 0x4b, 0x3d, 0x8c, 0x08, 0xdf, 0x31, 0xe7, 0x51, 0xc8, 0x4a, 0x3c, 0xf8, - 0x19, 0xb6, 0x3f, 0x6f, 0x6b, 0xe9, 0x8a, 0xed, 0x42, 0x54, 0x58, 0x96, - 0x2d, 0x00, 0x4a, 0x5f, 0xba, 0xf6, 0xf2, 0x87, 0x86, 0xc8, 0x11, 0xaf, - 0xc5, 0x31, 0x59, 0x24, 0x96, 0x76, 0xcc, 0xa0, 0xda, 0xe9, 0x3d, 0x40, - 0x0e, 0x2b, 0x64, 0xa4, 0xb2, 0x91, 0x0c, 0x04, 0x5e, 0xa9, 0x86, 0x3c, - 0xfc, 0x03, 0x8f, 0x07, 0x09, 0x52, 0x05, 0xb3, 0x9d, 0x08, 0xa7, 0xbf, - 0x1a, 0x47, 0xbb, 0x81, 0x39, 0xf1, 0xdf, 0x39, 0x65, 0x5e, 0x6b, 0x35, - 0x8d, 0x53, 0x67, 0x9f, 0x43, 0x59, 0x38, 0x45, 0xb4, + 0xf2, 0x60, 0xe5, 0x99, 0x5a, 0xb8, 0xcf, 0xbc, 0xd2, 0x19, 0xf9, 0x31, + 0x3a, 0x3f, 0x2a, 0xda, 0x81, 0xe1, 0x19, 0x3f, 0x21, 0x44, 0x12, 0x88, + 0x1d, 0x29, 0xa9, 0xdb, 0x33, 0x9b, 0x64, 0x11, 0x25, 0xb3, 0x6a, 0x51, + 0x66, 0xfd, 0x08, 0x29, 0xa4, 0x08, 0x2d, 0x93, 0xe8, 0x5f, 0xe8, 0xb4, + 0xc7, 0x9b, 0xac, 0x6a, 0x76, 0xfb, 0xaa, 0x28, 0x7f, 0x8c, 0xd6, 0xc9, + 0x2a, 0x45, 0x6d, 0x38, 0x1a, 0xf2, 0x31, 0xf5, 0xb4, 0xd6, 0x94, 0x6c, + 0x22, 0xee, 0x9d, 0xcf, 0x39, 0x97, 0xe0, 0x72, 0x29, 0x9b, 0x46, 0x95, + 0x1a, 0x44, 0x5f, 0xd5, 0xf2, 0x69, 0xa7, 0x0d, 0xcd, 0xab, 0x00, 0x0c, + 0xa5, 0xe4, 0xee, 0x43, 0x73, 0x05, 0x98, 0x6f, 0x0b, 0x37, 0x52, 0x33, + 0x31, 0x87, 0x9c, 0x7d, 0x1c, 0xfa, 0xf1, 0x96, 0x4a, 0x2a, 0x2d, 0xd4, + 0x0c, 0x50, 0x0e, 0x49, 0x8d, 0x21, 0x2a, 0xbf, 0x19, 0x98, 0xfb, 0x68, + 0x3f, 0x06, 0x61, 0xce, 0x6c, 0x5a, 0x8b, 0xbe, 0x2b, 0x45, 0x00, 0xb3, + 0x3f, 0xc1, 0x9e, 0xca, 0xa1, 0x13, 0xa6, 0x2b, 0x2a, 0xf2, 0x59, 0xdf, + 0xb0, 0x7d, 0xcc, 0xfd, 0x39, 0x19, 0xfc, 0xd1, 0x7e, 0xdc, 0xe0, 0x07, + 0x44, 0xd4, 0xf3, 0x63, 0x88, 0x58, 0x3d, 0xd4, 0xe3, 0x64, 0x46, 0x08, + 0x7c, 0xc1, 0x19, 0x5a, 0xab, 0x56, 0xea, 0xd0, 0x6f, 0x6f, 0xf0, 0x6b, + 0x26, 0x64, 0x15, 0x39, 0xfb, 0xff, 0x36, 0xce, 0xd6, 0x3c, 0x4b, 0xba, + 0xda, 0x62, 0x3a, 0x03, 0x22, 0x0e, 0x2b, 0xe1, 0xf4, 0xa5, 0xbd, 0x9d, + 0x99, 0x2d, 0x57, 0xbc, 0xf7, 0x3f, 0x44, 0x70, 0xf2, 0xd5, 0xa8, 0x5c, + 0x08, 0xea, 0x68, 0x99, 0xaf, 0xe5, 0xc2, 0xc7, 0xeb, 0x51, 0x2f, 0x5b, + 0x53, 0xd4, 0xbd, 0x87, 0x67, 0xc1, 0xb7, 0xa8, 0xeb, 0x64, 0x67, 0x03, + 0xd5, 0x00, 0xd2, 0xd6, 0xa7, 0x42, 0x43, 0x7f, 0x0e, 0xdd, 0x2c, 0x11, + 0x0a, 0x25, 0xc9, 0xd3, 0xc6, 0x40, 0x79, 0x20, 0x0c, 0x27, 0xea, 0x70, + 0xfe, 0x3a, 0x17, 0x22, 0xa9, 0x07, 0x77, 0x6a, 0x1f, 0x4d, 0x9d, 0x85, + 0x46, 0xba, 0xad, 0x92, 0x4e, 0x2a, 0x23, 0xc8, 0x26, 0x0d, 0x8c, 0xb8, + 0xbc, 0xaf, 0x88, 0x3a, 0xe2, 0x92, 0x94, 0xe5, 0x7d, 0x23, 0xd1, 0x42, + 0xd3, 0x6b, 0xff, 0x6e, 0x07, 0xc5, 0xde, 0xb2, 0x2c, 0x07, 0xfc, 0x15, + 0xef, 0xd8, 0x86, 0x1e, 0xee, 0x7f, 0x85, 0x10, 0x08, 0x29, 0x7a, 0xd1, + 0xd0, 0x6f, 0x22, 0xc8, 0x3e, 0x17, 0xef, 0xe5, 0xf8, 0x27, 0x97, 0x40, + 0xeb, 0x75, 0xd6, 0xe3, 0x00, 0xde, 0x80, 0xd1, 0x69, 0xe7, 0x2b, 0xe1, + 0xb1, 0x81, 0xbd, 0x8e, 0x47, 0x2d, 0x47, 0xd5, 0xea, 0x48, 0x4c, 0x05, + 0xda, 0x52, 0x68, 0xc3, 0x36, 0xe6, 0x45, 0xff, 0x84, 0x3e, 0xd6, 0x9d, + 0xa9, 0x4e, 0xf8, 0xc2, 0x43, 0x80, 0x7d, 0xa9, 0x1d, 0x68, 0xa8, 0x3a, + 0xf2, 0x93, 0x4c, 0x08, 0x56, 0x44, 0x4a, 0xf4, 0xce, 0xb8, 0xa2, 0x05, + 0x18, 0x2b, 0xf6, 0x86, 0x29, 0x0e, 0x25, 0x8f, 0x7b, 0x7a, 0x01, 0xfa, + 0xd8, 0x81, 0xcc, 0x7b, 0x9c, 0x38, 0x81, 0xc1, 0xc7, 0x3f, 0x2c, 0x4e, + 0xb0, 0x86, 0x4c, 0xca, 0xdb, 0xaf, 0x49, 0x1c, 0x14, 0x15, 0x50, 0x98, + 0x29, 0x50, 0xeb, 0x3f, 0xbe, 0x20, 0x96, 0x3f, 0x7c, 0xd3, 0x5c, 0xdc, + 0x58, 0xa9, 0x00, 0x70, 0x0f, 0x7b, 0x2b, 0xf0, 0xfa, 0x26, 0x9c, 0x2b, + 0x52, 0x3f, 0x0c, 0x0b, 0xb3, 0xc6, 0xe1, 0xa4, 0xb0, 0xee, 0xa1, 0x4f, + 0x95, 0x17, 0x5d, 0xf2, 0xda, 0x2a, 0xe5, 0xd1, 0x8f, 0xf1, 0x68, 0x8e, + 0x50, 0x29, 0x20, 0xfe, 0xa8, 0x34, 0xf3, 0x99, 0x4f, 0xce, 0x0b, 0x78, + 0xb4, 0xad, 0x51, 0xe2, 0x85, 0xeb, 0xfd, 0xe1, 0x02, 0x03, 0x01, 0x00, + 0x01, 0x02, 0x82, 0x02, 0x00, 0x1a, 0x49, 0x73, 0x85, 0x49, 0x0f, 0x53, + 0xaa, 0x6f, 0x1f, 0xf5, 0x84, 0x87, 0x04, 0x6c, 0x4d, 0xa3, 0xf9, 0xe9, + 0x8e, 0xcc, 0xf9, 0x10, 0xc8, 0x75, 0xdf, 0x3b, 0xa6, 0x84, 0x27, 0x95, + 0x77, 0xfd, 0x9e, 0x82, 0x88, 0x9f, 0x12, 0x90, 0xc4, 0xd1, 0x5f, 0x38, + 0xb0, 0x3a, 0xaa, 0xd2, 0x36, 0x6f, 0x12, 0x9d, 0x65, 0xb3, 0x8f, 0x52, + 0x52, 0x4f, 0x99, 0x12, 0xff, 0x60, 0xc8, 0x04, 0x53, 0x2a, 0x2a, 0xfb, + 0xcb, 0xa1, 0xe8, 0x06, 0xd3, 0x5e, 0x8b, 0x82, 0x0e, 0x84, 0x38, 0xca, + 0x55, 0x1f, 0x59, 0x91, 0x93, 0x60, 0xb4, 0xab, 0x2f, 0x2d, 0x3a, 0x13, + 0xad, 0xdd, 0xd1, 0x2e, 0xb1, 0x70, 0x79, 0x8e, 0x74, 0xbe, 0xc0, 0x0b, + 0xda, 0xf9, 0x3c, 0xaf, 0xfb, 0xd0, 0xe2, 0x9c, 0x10, 0x7e, 0xa8, 0xe1, + 0xb4, 0x32, 0xc9, 0x75, 0xcc, 0x72, 0x64, 0x69, 0x54, 0x45, 0x4b, 0xe4, + 0x52, 0xb3, 0x00, 0x42, 0x3d, 0xf9, 0x5d, 0xe4, 0x14, 0x2a, 0xf0, 0xbc, + 0x08, 0xad, 0x31, 0x2f, 0xe5, 0x00, 0xe4, 0x6b, 0x28, 0x1f, 0x45, 0x9e, + 0x07, 0x3f, 0x02, 0x67, 0x48, 0x69, 0x20, 0x0f, 0xb0, 0x23, 0xf6, 0x03, + 0x53, 0x26, 0x3e, 0xe6, 0xc6, 0x2b, 0x0b, 0x2c, 0x75, 0x6e, 0x47, 0x61, + 0xb7, 0x59, 0xcd, 0x19, 0x82, 0x58, 0xa3, 0x69, 0xb0, 0x49, 0x76, 0x65, + 0x03, 0xa3, 0x9e, 0x60, 0x95, 0x02, 0x66, 0x26, 0xde, 0x31, 0xcc, 0x29, + 0x61, 0xcf, 0xde, 0xdc, 0xb8, 0xc0, 0x70, 0x18, 0x4a, 0x18, 0x32, 0xb0, + 0xc4, 0x32, 0x10, 0x1a, 0xab, 0x41, 0xbe, 0x66, 0xee, 0x5d, 0xe3, 0x5c, + 0xf5, 0x22, 0x05, 0x15, 0x9c, 0x1b, 0xb4, 0x6e, 0x91, 0x42, 0x80, 0x38, + 0xfa, 0x8d, 0x35, 0x32, 0x1d, 0x65, 0xcf, 0x64, 0x19, 0xd0, 0x21, 0x34, + 0x9d, 0xcb, 0x9f, 0xc9, 0x43, 0x63, 0x61, 0xd2, 0x3b, 0xd3, 0x01, 0x7f, + 0xae, 0x3f, 0x77, 0xd5, 0x5f, 0x45, 0x52, 0x9a, 0x71, 0xe8, 0xa8, 0x41, + 0xc4, 0x95, 0x96, 0xdf, 0x42, 0x3d, 0xcb, 0xb7, 0x38, 0x28, 0x73, 0x8c, + 0x11, 0xa8, 0x1f, 0xd9, 0xe3, 0x8d, 0xe1, 0x97, 0xa0, 0x74, 0xc4, 0xbe, + 0x45, 0x3e, 0x61, 0x77, 0xdd, 0x19, 0xdd, 0xcc, 0x2f, 0x75, 0xeb, 0xa7, + 0x07, 0xbe, 0x58, 0xc4, 0x41, 0x54, 0x0f, 0xd3, 0x8e, 0xcf, 0x36, 0xe7, + 0x43, 0xdc, 0xc9, 0x9a, 0xdf, 0x6e, 0x58, 0x64, 0xe0, 0xce, 0x40, 0x1f, + 0xcc, 0x43, 0x38, 0x25, 0xac, 0x4c, 0x64, 0xc8, 0xcf, 0xd3, 0x05, 0x89, + 0x34, 0x41, 0x12, 0x2b, 0xb2, 0xf5, 0x57, 0x3f, 0xe7, 0x0e, 0xf5, 0x6a, + 0x7f, 0x90, 0xdb, 0xfa, 0x97, 0xf8, 0xc2, 0xf5, 0xd9, 0xa4, 0xce, 0x07, + 0x5b, 0x09, 0xb0, 0x71, 0x17, 0xf3, 0x76, 0xc6, 0x5b, 0xc9, 0xb7, 0x73, + 0xd1, 0x07, 0xb2, 0x72, 0x71, 0xe0, 0xdc, 0x5d, 0x50, 0xa0, 0x38, 0x89, + 0xfa, 0x82, 0xb8, 0x62, 0x69, 0xcf, 0x81, 0xa1, 0x60, 0x9c, 0x33, 0x4e, + 0x5a, 0xa5, 0x9a, 0x76, 0x54, 0x1a, 0x40, 0xa1, 0xba, 0x63, 0xd0, 0xde, + 0x1c, 0x23, 0xbf, 0xed, 0x9b, 0x12, 0xc8, 0xc1, 0x41, 0x3e, 0x07, 0xe0, + 0xc8, 0xbf, 0x04, 0x73, 0xe3, 0x3a, 0xce, 0xbe, 0x54, 0x5d, 0x9d, 0x97, + 0xb9, 0xe8, 0xc9, 0x69, 0xd3, 0xc2, 0x0a, 0x1e, 0x65, 0x80, 0xa2, 0xeb, + 0x0c, 0x11, 0x77, 0x07, 0xe8, 0x09, 0xba, 0x92, 0x3d, 0xe9, 0x10, 0x77, + 0xf4, 0x8b, 0x7b, 0x8f, 0x9e, 0x1d, 0xe9, 0x97, 0x76, 0x94, 0x6a, 0x91, + 0x13, 0xb7, 0x42, 0x2d, 0xdf, 0x70, 0x3c, 0x5c, 0xb6, 0x8f, 0xb5, 0x7c, + 0x21, 0x55, 0x23, 0x72, 0xe7, 0x45, 0xba, 0xb2, 0xf6, 0x3a, 0x30, 0x0f, + 0x51, 0x52, 0x08, 0x13, 0x56, 0x1e, 0x7c, 0x4d, 0x52, 0x60, 0x1c, 0x79, + 0xd5, 0x02, 0x82, 0x01, 0x01, 0x00, 0xfb, 0xfe, 0x82, 0xfc, 0x4e, 0x1f, + 0x85, 0x7e, 0x0f, 0xf0, 0x55, 0x93, 0x9c, 0xf9, 0x0c, 0x64, 0xc9, 0xe1, + 0xbb, 0xa9, 0x69, 0xae, 0x17, 0x07, 0x72, 0x25, 0x8d, 0x99, 0x19, 0x43, + 0xc1, 0x29, 0x96, 0xcf, 0x27, 0x01, 0x85, 0x55, 0xca, 0x10, 0xcb, 0xf6, + 0xfe, 0x31, 0x82, 0x66, 0x23, 0xfb, 0xf0, 0xf7, 0xb1, 0x2c, 0x07, 0x5f, + 0xeb, 0x9c, 0xf0, 0xb8, 0xf1, 0x01, 0xc8, 0x7b, 0xde, 0xa2, 0x5e, 0x7f, + 0x03, 0x25, 0x73, 0x49, 0x27, 0x57, 0x30, 0x7f, 0x55, 0x55, 0x58, 0x15, + 0x16, 0x13, 0x70, 0x75, 0x69, 0x86, 0xc0, 0xf9, 0x5c, 0xd7, 0x35, 0x38, + 0xf9, 0xa2, 0xed, 0x0a, 0xa4, 0xe1, 0x57, 0xcf, 0x1c, 0x1c, 0x75, 0x78, + 0xbc, 0xb0, 0x88, 0x13, 0x35, 0x19, 0x7c, 0x58, 0x1a, 0xec, 0x7a, 0x0f, + 0x8b, 0x77, 0xf3, 0x4f, 0xaa, 0xa8, 0xcc, 0xd8, 0x06, 0x5c, 0x1e, 0x9a, + 0x3f, 0x52, 0x66, 0x96, 0x44, 0x0c, 0xfd, 0x9c, 0xdd, 0xc7, 0xef, 0x87, + 0x4c, 0xb4, 0xa3, 0xd3, 0xf0, 0xaf, 0x0b, 0x02, 0x5a, 0xcb, 0xc0, 0xce, + 0xda, 0xd3, 0xba, 0xdc, 0x7e, 0xca, 0xd8, 0xfa, 0x80, 0xf1, 0xe5, 0x40, + 0xcd, 0x42, 0xa6, 0x32, 0x81, 0x49, 0x3f, 0x81, 0x02, 0xab, 0xa1, 0x6d, + 0x3a, 0x33, 0x04, 0x89, 0xb9, 0x48, 0xff, 0xa1, 0x02, 0x1b, 0x6c, 0x75, + 0x50, 0x47, 0x30, 0x51, 0x56, 0x27, 0x8b, 0xec, 0x17, 0x8f, 0x13, 0x9e, + 0x99, 0x18, 0x32, 0x54, 0x35, 0x2c, 0xd1, 0xc3, 0x6b, 0x96, 0xed, 0xcb, + 0xc0, 0x86, 0xeb, 0x68, 0x3e, 0xf5, 0x4b, 0x6a, 0x85, 0xf2, 0xcc, 0x3e, + 0x87, 0x0c, 0x24, 0x94, 0x34, 0x76, 0xe0, 0xee, 0x90, 0x30, 0x00, 0xdc, + 0x41, 0xf4, 0x1b, 0xad, 0x81, 0x08, 0xf7, 0x05, 0x06, 0x6e, 0x4b, 0x5b, + 0x7b, 0xc3, 0x2d, 0xaa, 0x1f, 0x37, 0xb1, 0xe1, 0x5a, 0x65, 0x02, 0x82, + 0x01, 0x01, 0x00, 0xf6, 0x3b, 0x41, 0x17, 0x76, 0x3a, 0x48, 0xca, 0x82, + 0x34, 0x61, 0xc8, 0x4f, 0x98, 0x5b, 0x90, 0xea, 0xc1, 0x1d, 0x43, 0x22, + 0x7b, 0x85, 0xa7, 0x29, 0x50, 0x8e, 0x91, 0xab, 0xf3, 0x5e, 0x1f, 0x34, + 0x72, 0xc9, 0x8b, 0xe6, 0x21, 0x94, 0x1b, 0xfa, 0x5f, 0xce, 0x7b, 0xa3, + 0xd1, 0xf9, 0xab, 0xd4, 0x13, 0x75, 0x53, 0xb7, 0x63, 0x4b, 0xb5, 0x33, + 0x09, 0xf1, 0x6e, 0xe9, 0x63, 0xca, 0x06, 0xd0, 0x92, 0x16, 0x84, 0x5f, + 0xa5, 0x09, 0x12, 0x0f, 0x06, 0x07, 0x49, 0x45, 0x03, 0x68, 0x08, 0x3c, + 0x02, 0x6e, 0xb0, 0x0a, 0x3d, 0x39, 0xce, 0x58, 0x17, 0x1d, 0xb9, 0x9e, + 0x10, 0xd1, 0xe2, 0x4b, 0x68, 0x64, 0x9b, 0xc4, 0x1a, 0x9b, 0x3e, 0x1d, + 0x7c, 0x4e, 0x36, 0x83, 0x67, 0x9d, 0x68, 0x9c, 0xe4, 0x7d, 0x39, 0x6e, + 0x6f, 0x82, 0xea, 0x7b, 0x5f, 0x06, 0x4a, 0x71, 0x89, 0xd3, 0x42, 0x76, + 0x22, 0xd5, 0x2d, 0x83, 0xb9, 0x75, 0x9c, 0xa1, 0xb4, 0xb1, 0x0c, 0x8e, + 0x11, 0x4a, 0x6e, 0x1e, 0x36, 0x59, 0x01, 0xf3, 0x4d, 0x3b, 0x88, 0xd4, + 0x34, 0x03, 0xb1, 0x6c, 0xae, 0xd7, 0xd2, 0x90, 0x5b, 0xf7, 0xb2, 0x97, + 0x40, 0xee, 0x38, 0x08, 0x98, 0x3d, 0x85, 0xa5, 0x44, 0xa7, 0x84, 0xee, + 0xfc, 0xfe, 0x94, 0xfa, 0x44, 0x3c, 0x8e, 0xbb, 0x83, 0x46, 0x07, 0xb3, + 0x68, 0xae, 0xb0, 0x72, 0xa9, 0x0e, 0xaf, 0x87, 0x32, 0x1a, 0xa5, 0x52, + 0xc3, 0x67, 0x40, 0xc7, 0xe9, 0x13, 0x73, 0x98, 0x77, 0x61, 0x3d, 0xae, + 0x19, 0xa9, 0x86, 0x07, 0x5c, 0x95, 0x62, 0x4d, 0x36, 0x8c, 0xa6, 0x36, + 0x57, 0xd1, 0x41, 0x1b, 0x47, 0x73, 0x98, 0x46, 0x5c, 0xf5, 0x4e, 0x1a, + 0xf2, 0xa7, 0x7b, 0x1e, 0xee, 0x03, 0xdc, 0xf2, 0x68, 0x1f, 0x05, 0xd7, + 0xbf, 0x5b, 0x98, 0x20, 0xfc, 0xff, 0xcd, 0x02, 0x82, 0x01, 0x01, 0x00, + 0x99, 0x2a, 0x17, 0x3f, 0x77, 0xd4, 0x9c, 0xf5, 0x04, 0x87, 0x15, 0xdc, + 0xc4, 0xfa, 0x73, 0x58, 0x07, 0x85, 0x16, 0xe5, 0x60, 0x00, 0x9a, 0xaa, + 0xc1, 0xec, 0xa5, 0x66, 0x3a, 0xfe, 0xfd, 0xb7, 0x63, 0x9c, 0xc1, 0x9e, + 0xa1, 0x06, 0x85, 0xed, 0x33, 0xac, 0x0a, 0xd0, 0xd8, 0xeb, 0x70, 0x4f, + 0xc0, 0x25, 0x2d, 0x21, 0x0f, 0xd2, 0x73, 0x89, 0x4e, 0x9f, 0x7a, 0x8d, + 0x94, 0xe8, 0x05, 0x68, 0x37, 0x7b, 0x87, 0xd4, 0x09, 0x80, 0x9b, 0x52, + 0xd9, 0x7d, 0x6b, 0xc6, 0x95, 0xe5, 0x2b, 0x27, 0xe1, 0xa0, 0xdb, 0xe5, + 0x36, 0x01, 0xdb, 0x36, 0x4b, 0x79, 0x37, 0xf2, 0x99, 0x95, 0x70, 0xa6, + 0x2f, 0x13, 0x09, 0x89, 0x1a, 0xb5, 0xaa, 0x2a, 0xba, 0x6a, 0xc2, 0x49, + 0x9d, 0x54, 0x87, 0xf8, 0xd8, 0x2f, 0xfe, 0x9b, 0x87, 0xde, 0x12, 0x62, + 0xcb, 0x2f, 0x3a, 0x9e, 0x5f, 0x53, 0x6d, 0xcd, 0x8d, 0xe1, 0x23, 0xb7, + 0xa9, 0xa6, 0xe0, 0xfe, 0x97, 0x4e, 0x6b, 0x87, 0x18, 0x54, 0xc7, 0xe3, + 0xfd, 0x13, 0x0f, 0x50, 0xec, 0xfe, 0x4d, 0xef, 0x87, 0x92, 0x61, 0xd6, + 0xb5, 0x8f, 0x7d, 0x34, 0x8a, 0x1d, 0x9b, 0x25, 0x39, 0x93, 0x55, 0x15, + 0xca, 0x6d, 0x85, 0xcc, 0x00, 0x30, 0x3d, 0xc1, 0xa8, 0xae, 0x75, 0x5a, + 0x33, 0x56, 0x0f, 0xcb, 0xcf, 0x5e, 0x76, 0xce, 0xee, 0x45, 0x61, 0xd2, + 0x63, 0xaf, 0xba, 0x9a, 0x12, 0x58, 0xc1, 0xc0, 0xfd, 0x46, 0x45, 0x93, + 0xda, 0x63, 0xa7, 0x4f, 0x73, 0x75, 0xf6, 0xad, 0x8b, 0x04, 0x2f, 0xd0, + 0x34, 0x68, 0xa8, 0xc5, 0xec, 0xf2, 0xcc, 0x6e, 0xcb, 0x04, 0xf1, 0xe6, + 0x97, 0xcd, 0x29, 0x02, 0xa4, 0x63, 0x3c, 0x0b, 0x3d, 0x8f, 0x75, 0xf0, + 0x97, 0x04, 0x0c, 0xe6, 0x99, 0x13, 0x1f, 0xe4, 0x80, 0x2a, 0xf9, 0x12, + 0x87, 0x21, 0xec, 0x29, 0x02, 0x82, 0x01, 0x00, 0x57, 0xc6, 0x33, 0xa3, + 0xeb, 0x6f, 0x47, 0x77, 0x79, 0x06, 0xb7, 0x3c, 0xb2, 0xb2, 0xfb, 0x21, + 0x23, 0xae, 0x07, 0x82, 0x61, 0x0e, 0x6b, 0x4c, 0x75, 0x7b, 0xd3, 0xf6, + 0xb5, 0xb7, 0x21, 0x7c, 0x3a, 0x34, 0x19, 0x08, 0x97, 0xd6, 0xac, 0x77, + 0x74, 0xbf, 0x26, 0x5a, 0x08, 0xc1, 0xd7, 0x20, 0x9b, 0x8e, 0xfc, 0x2a, + 0x05, 0x9b, 0x8d, 0xe7, 0x5f, 0xf4, 0x51, 0x6e, 0x5a, 0x20, 0x4a, 0x6a, + 0x37, 0x7b, 0x7c, 0x2f, 0x5f, 0xf0, 0xf2, 0xd4, 0xcf, 0x2a, 0x34, 0xfa, + 0xb7, 0x71, 0x49, 0x6a, 0x76, 0x09, 0xdf, 0xef, 0x3d, 0x17, 0x2a, 0x3e, + 0x16, 0x44, 0xd7, 0x41, 0xcd, 0xc8, 0xed, 0x28, 0x9f, 0xfc, 0xec, 0xb0, + 0x62, 0x2d, 0xa1, 0xdd, 0x78, 0xa1, 0x51, 0x38, 0x39, 0x8b, 0x7c, 0x1f, + 0x48, 0x9e, 0x62, 0xcd, 0x50, 0x42, 0xcc, 0x06, 0x4e, 0x48, 0x47, 0x73, + 0xce, 0x19, 0x75, 0x87, 0xa1, 0x99, 0x35, 0x28, 0xee, 0x65, 0xf4, 0x39, + 0x0b, 0xa3, 0xdf, 0xe1, 0x3b, 0xdb, 0x8a, 0x0e, 0xcb, 0x12, 0x50, 0x94, + 0x53, 0x68, 0xda, 0xaa, 0x22, 0x0b, 0x10, 0xad, 0xf4, 0xb2, 0x37, 0x19, + 0x46, 0x80, 0xa2, 0x41, 0xb5, 0x8d, 0x5d, 0xdd, 0xf7, 0xa2, 0x5d, 0x7c, + 0x00, 0xb8, 0x02, 0x87, 0x6e, 0xb2, 0x1d, 0x06, 0x7a, 0x58, 0x4c, 0xc6, + 0x0c, 0xad, 0xf5, 0x0e, 0xd5, 0xb3, 0xa1, 0x62, 0x20, 0xdd, 0x86, 0xf0, + 0xa7, 0x5f, 0x03, 0x04, 0xa0, 0x06, 0x2c, 0x0e, 0x79, 0xb4, 0xea, 0x4c, + 0x30, 0xb3, 0x8d, 0xa4, 0x71, 0x25, 0x90, 0xba, 0xc8, 0x71, 0x06, 0x87, + 0x6e, 0x42, 0xdd, 0xcc, 0x7a, 0x5e, 0xbf, 0xa7, 0x57, 0xd4, 0x16, 0xae, + 0xd7, 0x96, 0x57, 0x93, 0xaa, 0x23, 0x89, 0xf4, 0x67, 0xc8, 0x2c, 0xf4, + 0x5c, 0x2d, 0x25, 0xb1, 0xed, 0x80, 0xb7, 0x63, 0xf9, 0x8e, 0x76, 0x99, + 0x02, 0x82, 0x01, 0x01, 0x00, 0xb9, 0xf8, 0x0f, 0x4d, 0xbb, 0xd4, 0xe4, + 0x25, 0x05, 0xa3, 0x17, 0x4c, 0x37, 0x62, 0x02, 0x14, 0x3e, 0xc0, 0x72, + 0xe8, 0xea, 0x3d, 0x8a, 0x1a, 0xc1, 0x6e, 0x6a, 0xdd, 0x27, 0xc6, 0xc2, + 0x4c, 0xd6, 0x1a, 0x09, 0xe6, 0x08, 0xc9, 0xf1, 0x5f, 0x91, 0x32, 0x66, + 0x97, 0xbb, 0x3d, 0xaf, 0x19, 0x57, 0x9f, 0x7b, 0x49, 0x99, 0x2f, 0x46, + 0x62, 0xb7, 0xcc, 0xde, 0xec, 0x8f, 0x30, 0x2d, 0xe1, 0x21, 0xad, 0x8e, + 0xf4, 0x38, 0xf6, 0xc0, 0x1f, 0x45, 0x60, 0x5e, 0x5f, 0xac, 0x65, 0x9c, + 0x8e, 0xc6, 0xa0, 0xd2, 0xa6, 0x4f, 0xf8, 0x67, 0xc0, 0x1f, 0x70, 0xcc, + 0x9f, 0x29, 0x5f, 0x9c, 0x42, 0x9c, 0xa9, 0x1e, 0x5e, 0x97, 0x61, 0x11, + 0x11, 0xd3, 0x88, 0x4a, 0xd8, 0xc2, 0xee, 0xab, 0x6a, 0xde, 0x6c, 0x20, + 0xbb, 0x1d, 0xa4, 0xc5, 0x49, 0xdb, 0xb4, 0x7c, 0x8f, 0x1f, 0xad, 0x4d, + 0xc3, 0x24, 0x7d, 0x77, 0x0b, 0x2e, 0x9f, 0x94, 0xe5, 0x48, 0xe1, 0x69, + 0x15, 0xac, 0xc6, 0x96, 0x9a, 0x5b, 0x62, 0xcb, 0x73, 0x45, 0x27, 0x43, + 0xd3, 0xd4, 0x49, 0x99, 0x3e, 0x69, 0xfd, 0x63, 0x59, 0x2b, 0x73, 0x94, + 0x56, 0x20, 0x39, 0x0c, 0x97, 0xbc, 0x85, 0x8d, 0xfe, 0xe6, 0x4b, 0x84, + 0xf7, 0x6d, 0x9d, 0x64, 0x34, 0x06, 0xee, 0x4c, 0x4f, 0x61, 0x66, 0x9c, + 0xaf, 0xd0, 0x98, 0x4d, 0x19, 0x66, 0xa6, 0x67, 0x25, 0x8d, 0xa3, 0x93, + 0xe3, 0xe5, 0x45, 0x10, 0xf5, 0x88, 0xb6, 0xd8, 0x53, 0x68, 0x77, 0x99, + 0xd0, 0x84, 0x9c, 0x78, 0x69, 0x85, 0xe2, 0xb6, 0x15, 0x3c, 0xdc, 0xff, + 0x52, 0xd6, 0x44, 0xfe, 0xa7, 0x9e, 0x83, 0x60, 0x7f, 0x63, 0xde, 0x59, + 0xe2, 0x7c, 0xf9, 0xfd, 0x9a, 0xb3, 0x38, 0xf0, 0xfb, 0x26, 0x6a, 0x67, + 0xcb, 0xab, 0xc9, 0x9e, 0xac, 0xb0, 0x1e, 0x0b, 0x5e, }; -/* END FILE */ -/* This macro was generated from tests/scripts/generate_test_keys.py */ -/* BEGIN FILE string macro test_ec_secp192r1 */ const unsigned char test_ec_secp192r1[] = { - 0x30, 0x5f, 0x02, 0x01, 0x01, 0x04, 0x18, 0xf2, 0xb2, 0x0b, 0x3a, 0xce, - 0x36, 0x72, 0xcd, 0xb2, 0xe2, 0x37, 0x80, 0x0a, 0x5e, 0x1a, 0x8e, 0x20, - 0xa4, 0x55, 0xe3, 0x53, 0xfc, 0x98, 0xeb, 0xa0, 0x0a, 0x06, 0x08, 0x2a, + 0x30, 0x5f, 0x02, 0x01, 0x01, 0x04, 0x18, 0xeb, 0x6a, 0x83, 0xe7, 0x5b, + 0xa1, 0x5e, 0x13, 0x8b, 0xea, 0x23, 0x89, 0x4a, 0xf9, 0xa6, 0xd9, 0x9e, + 0x1b, 0xba, 0x51, 0xf7, 0xa9, 0xf3, 0xa8, 0xa0, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x01, 0xa1, 0x34, 0x03, 0x32, 0x00, - 0x04, 0x32, 0x24, 0xf9, 0x2a, 0x4b, 0x53, 0x29, 0x16, 0x22, 0xa6, 0xd7, - 0x35, 0xb8, 0xc8, 0xd4, 0x16, 0x22, 0x5e, 0xfd, 0xce, 0x34, 0xf7, 0x1c, - 0xd3, 0x0c, 0xea, 0xf3, 0x71, 0xbe, 0x2e, 0x40, 0x61, 0x2b, 0x31, 0x85, - 0xcb, 0x6b, 0xec, 0x59, 0xfc, 0x19, 0x31, 0xb0, 0x45, 0x04, 0x41, 0xea, - 0xf9, + 0x04, 0xb4, 0x64, 0x38, 0xcb, 0xf9, 0x1b, 0x96, 0x35, 0x67, 0xbd, 0x99, + 0x1b, 0xc0, 0x57, 0xf8, 0xb8, 0xc9, 0x53, 0xa5, 0x81, 0x04, 0xe4, 0x69, + 0xec, 0x55, 0xdd, 0x0e, 0x25, 0x90, 0xa4, 0xe7, 0x47, 0x66, 0x94, 0x3b, + 0x98, 0x68, 0xb8, 0x1b, 0xd9, 0x8e, 0x92, 0x2f, 0x48, 0x56, 0x60, 0x07, + 0xea, }; -/* END FILE */ -/* This macro was generated from tests/scripts/generate_test_keys.py */ -/* BEGIN FILE string macro test_ec_secp224r1 */ const unsigned char test_ec_secp224r1[] = { - 0x30, 0x68, 0x02, 0x01, 0x01, 0x04, 0x1c, 0x74, 0x02, 0x38, 0xee, 0x23, - 0x01, 0xa0, 0x11, 0x8c, 0xfe, 0xd1, 0xfb, 0x66, 0x6e, 0x04, 0x92, 0x9e, - 0xe9, 0x75, 0x9b, 0xaf, 0x5a, 0xf2, 0x9a, 0x64, 0x16, 0x83, 0x08, 0xa0, + 0x30, 0x68, 0x02, 0x01, 0x01, 0x04, 0x1c, 0x1e, 0xec, 0x90, 0x48, 0xba, + 0x1e, 0x64, 0xf1, 0x21, 0x61, 0x28, 0xb7, 0x96, 0xa5, 0xd8, 0x5a, 0x4e, + 0x1c, 0x99, 0x6b, 0xd8, 0x2a, 0xcd, 0x8d, 0x04, 0x52, 0x08, 0xcc, 0xa0, 0x07, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x21, 0xa1, 0x3c, 0x03, 0x3a, - 0x00, 0x04, 0xd3, 0xe3, 0x0e, 0x63, 0x84, 0x9d, 0xbb, 0x5e, 0xb2, 0xb4, - 0x2d, 0x28, 0xe6, 0x45, 0x5d, 0xea, 0xae, 0x4e, 0x17, 0x8a, 0x88, 0xe8, - 0x68, 0xce, 0x44, 0xc5, 0xd2, 0xf9, 0xef, 0x10, 0x20, 0xe6, 0x07, 0x08, - 0x47, 0xde, 0xaa, 0xb4, 0xda, 0x38, 0x5e, 0xf2, 0x2e, 0xc4, 0x94, 0x01, - 0xba, 0xc4, 0x57, 0xf1, 0xee, 0x51, 0xba, 0x38, 0x13, 0x30, + 0x00, 0x04, 0xc2, 0xf0, 0x4f, 0x21, 0x05, 0xb4, 0x59, 0xa2, 0xba, 0x90, + 0x37, 0x4f, 0x7b, 0x1d, 0x63, 0x96, 0xb4, 0x39, 0xa0, 0x6f, 0x00, 0x44, + 0xdc, 0xc5, 0xe1, 0x85, 0x05, 0x3b, 0x58, 0xde, 0xbf, 0x9e, 0xb6, 0xe4, + 0x1e, 0x25, 0x96, 0xef, 0x90, 0x53, 0x1e, 0x86, 0x42, 0xa0, 0x64, 0x55, + 0x42, 0x3a, 0x76, 0x05, 0xfc, 0x6c, 0x01, 0xc3, 0x98, 0xbb, }; -/* END FILE */ -/* This macro was generated from tests/scripts/generate_test_keys.py */ -/* BEGIN FILE string macro test_ec_secp256r1 */ const unsigned char test_ec_secp256r1[] = { - 0x30, 0x77, 0x02, 0x01, 0x01, 0x04, 0x20, 0x9e, 0x24, 0x0a, 0x03, 0x94, - 0x40, 0x32, 0xf9, 0x9b, 0x41, 0xfd, 0x83, 0x4d, 0xa9, 0x31, 0x98, 0xaf, - 0xa3, 0x09, 0x6e, 0xc3, 0x05, 0x39, 0xb6, 0x67, 0xb0, 0x32, 0x83, 0x22, - 0xd1, 0xe2, 0x93, 0xa0, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, - 0x03, 0x01, 0x07, 0xa1, 0x44, 0x03, 0x42, 0x00, 0x04, 0x78, 0xfa, 0x74, - 0x37, 0x63, 0x6d, 0xda, 0x49, 0xa5, 0x6b, 0x33, 0x0d, 0x5b, 0xc1, 0x39, - 0x67, 0x83, 0x1a, 0x18, 0x9c, 0x31, 0xf4, 0x83, 0xc3, 0xfe, 0xc1, 0x96, - 0x7d, 0x22, 0x21, 0x51, 0x52, 0x78, 0x46, 0x50, 0xdc, 0x92, 0xb9, 0x0b, - 0xf0, 0xe5, 0x80, 0x00, 0xc4, 0x07, 0x7d, 0x16, 0xe0, 0x09, 0x55, 0x29, - 0x9d, 0x3c, 0x53, 0x42, 0xf4, 0x58, 0xff, 0x93, 0xc1, 0xaa, 0x23, 0xd5, - 0x3e, + 0x30, 0x77, 0x02, 0x01, 0x01, 0x04, 0x20, 0xed, 0x96, 0xc5, 0x3c, 0x6c, + 0xde, 0x36, 0x87, 0x3c, 0xfa, 0x5c, 0xe5, 0xa7, 0x0d, 0x52, 0x05, 0x66, + 0x9d, 0xf5, 0xf0, 0x59, 0x40, 0x68, 0x9a, 0x6a, 0xe6, 0x6e, 0x04, 0xa9, + 0x15, 0x30, 0x36, 0xa0, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, + 0x03, 0x01, 0x07, 0xa1, 0x44, 0x03, 0x42, 0x00, 0x04, 0x2c, 0x8d, 0x41, + 0xbf, 0x8b, 0xfc, 0xde, 0x64, 0xd9, 0xa7, 0x06, 0x4c, 0xe9, 0xe0, 0xe8, + 0xe7, 0x50, 0x62, 0x51, 0x9c, 0x68, 0xc3, 0x26, 0x2e, 0xd4, 0x86, 0xc2, + 0xbc, 0xc2, 0xa8, 0x44, 0x4b, 0x4e, 0xcb, 0xde, 0x33, 0xe1, 0xd3, 0x72, + 0x87, 0xe1, 0x18, 0xaa, 0x32, 0x36, 0xa3, 0x05, 0x4f, 0x2c, 0x47, 0x27, + 0x17, 0x60, 0x37, 0x31, 0x60, 0x28, 0x19, 0x8a, 0xeb, 0x05, 0x1e, 0x7b, + 0x60, }; -/* END FILE */ -/* This macro was generated from tests/scripts/generate_test_keys.py */ -/* BEGIN FILE string macro test_ec_secp384r1 */ const unsigned char test_ec_secp384r1[] = { - 0x30, 0x81, 0xa4, 0x02, 0x01, 0x01, 0x04, 0x30, 0x59, 0x92, 0x61, 0x10, - 0xdd, 0x83, 0x76, 0x99, 0xb5, 0xc4, 0x08, 0xe3, 0x3d, 0xb8, 0x8c, 0xac, - 0x5d, 0x46, 0x7f, 0x96, 0x9f, 0x7c, 0x40, 0xa0, 0xbf, 0xe8, 0xf0, 0x6b, - 0xcf, 0x1d, 0x2a, 0xe8, 0xb1, 0x90, 0xb1, 0x6c, 0xc3, 0xcf, 0x01, 0x9f, - 0xc4, 0x2c, 0x0e, 0x9b, 0x05, 0x07, 0xce, 0xed, 0xa0, 0x07, 0x06, 0x05, - 0x2b, 0x81, 0x04, 0x00, 0x22, 0xa1, 0x64, 0x03, 0x62, 0x00, 0x04, 0x90, - 0x73, 0x8b, 0xcc, 0x2a, 0x0d, 0x1e, 0xcc, 0x6e, 0x4e, 0x14, 0xbc, 0x51, - 0x2c, 0xb6, 0xce, 0xdb, 0xb2, 0xc2, 0xdd, 0x20, 0xf6, 0xf5, 0x20, 0xa7, - 0xff, 0x98, 0x37, 0x2a, 0x8c, 0x35, 0xe2, 0xf8, 0x3e, 0xf1, 0xd6, 0x5e, - 0x79, 0x84, 0xe8, 0x43, 0x04, 0x9c, 0xc3, 0xe0, 0xfe, 0x2f, 0x4f, 0x82, - 0xb1, 0xee, 0xec, 0x2b, 0x11, 0x49, 0x8f, 0xb4, 0x77, 0xce, 0x74, 0x11, - 0xbb, 0x16, 0x6b, 0x69, 0xd2, 0xee, 0x01, 0xff, 0x99, 0xd1, 0x0f, 0x57, - 0x46, 0x2d, 0x83, 0xfe, 0x17, 0x4d, 0xcc, 0x59, 0x7d, 0xa5, 0x4a, 0x52, - 0x39, 0x4f, 0x6a, 0xe1, 0xb6, 0x21, 0xbe, 0x74, 0x72, 0xd2, 0x51, + 0x30, 0x81, 0xa4, 0x02, 0x01, 0x01, 0x04, 0x30, 0xa8, 0x88, 0x45, 0xb7, + 0x52, 0x1d, 0x21, 0x2c, 0x2c, 0x20, 0x48, 0x48, 0x51, 0x19, 0xf1, 0x09, + 0x5d, 0x1a, 0x55, 0x78, 0x06, 0x59, 0x71, 0xea, 0xfd, 0x17, 0x41, 0x82, + 0x49, 0x63, 0x9e, 0x62, 0xe1, 0x9c, 0xcc, 0x22, 0x69, 0xeb, 0xbb, 0x90, + 0x7e, 0xa0, 0x50, 0x65, 0xfd, 0x4b, 0xa1, 0x0c, 0xa0, 0x07, 0x06, 0x05, + 0x2b, 0x81, 0x04, 0x00, 0x22, 0xa1, 0x64, 0x03, 0x62, 0x00, 0x04, 0x74, + 0xa4, 0x5a, 0xa5, 0xb2, 0xfb, 0xb9, 0x21, 0x79, 0x0f, 0xa5, 0x91, 0xe5, + 0x31, 0x36, 0x28, 0x9d, 0xbf, 0x7e, 0x10, 0xae, 0x1b, 0x71, 0xd5, 0x84, + 0xd4, 0x5b, 0xb4, 0xca, 0x84, 0xa3, 0x7d, 0xbd, 0x0a, 0xa5, 0x71, 0xda, + 0x24, 0xad, 0x87, 0xa9, 0xaf, 0x72, 0x3c, 0xb7, 0x8e, 0x51, 0xa5, 0x15, + 0x8d, 0x9b, 0x92, 0xa8, 0xd1, 0x86, 0x86, 0xd2, 0x1a, 0x5a, 0x68, 0x4c, + 0x0a, 0x9c, 0x36, 0x04, 0x9e, 0xba, 0xa1, 0xc5, 0x98, 0x86, 0x07, 0x59, + 0xec, 0x63, 0xbe, 0x8f, 0x2a, 0x3a, 0xde, 0x15, 0x59, 0xfa, 0x55, 0xc7, + 0x92, 0xcd, 0x4f, 0xa4, 0x8a, 0xcc, 0x1e, 0xa7, 0x14, 0x9b, 0x73, }; -/* END FILE */ -/* This macro was generated from tests/scripts/generate_test_keys.py */ -/* BEGIN FILE string macro test_ec_secp521r1 */ const unsigned char test_ec_secp521r1[] = { - 0x30, 0x81, 0xdc, 0x02, 0x01, 0x01, 0x04, 0x42, 0x00, 0x51, 0xcf, 0xff, - 0x6d, 0x27, 0x46, 0x89, 0x81, 0x7e, 0x9d, 0x99, 0x5a, 0x28, 0x6b, 0x2b, - 0x69, 0x55, 0xdb, 0x5b, 0xde, 0x1c, 0x47, 0x69, 0x05, 0x99, 0x9e, 0xa3, - 0x81, 0x5b, 0x5c, 0x4c, 0xe8, 0x7e, 0xde, 0x0a, 0x58, 0x52, 0x05, 0x0a, - 0x26, 0xac, 0x4b, 0xb0, 0x55, 0x2d, 0xdf, 0xab, 0x0e, 0x3e, 0x17, 0x27, - 0xca, 0x8c, 0xc1, 0x5b, 0x2b, 0xf1, 0x51, 0x5f, 0x33, 0xee, 0x91, 0xb8, - 0x68, 0x28, 0xa0, 0x07, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x23, 0xa1, - 0x81, 0x89, 0x03, 0x81, 0x86, 0x00, 0x04, 0x01, 0xcf, 0xdb, 0xee, 0xaf, - 0xc1, 0x2a, 0xa1, 0x07, 0x67, 0x1d, 0x48, 0xea, 0x61, 0x17, 0xd0, 0x16, - 0x7e, 0x91, 0x41, 0x59, 0x67, 0x53, 0x86, 0x4d, 0xe5, 0xc8, 0xfe, 0xc5, - 0x0d, 0x17, 0xab, 0x8d, 0x30, 0xff, 0x00, 0xf9, 0x52, 0x2e, 0x87, 0x49, - 0xc2, 0xe1, 0x37, 0x10, 0x9a, 0xd5, 0x78, 0xbe, 0x41, 0x0f, 0x28, 0xbe, - 0x2b, 0x13, 0x69, 0x1f, 0xb2, 0xbc, 0xde, 0x26, 0x41, 0x58, 0xe7, 0x1b, - 0x23, 0x00, 0x37, 0xe9, 0x1d, 0x15, 0x23, 0x0b, 0x52, 0xfb, 0x4b, 0xb7, - 0x8e, 0xa7, 0x19, 0x5b, 0x0d, 0x63, 0x60, 0xaf, 0x55, 0xd5, 0xba, 0xed, - 0xe2, 0xfb, 0x06, 0x8b, 0xd5, 0x45, 0xd3, 0x1e, 0x40, 0x99, 0xba, 0x3a, - 0x2a, 0xa2, 0x54, 0x2a, 0x28, 0x6b, 0x7c, 0xe6, 0x4c, 0x61, 0xf6, 0x2c, - 0x3c, 0x3c, 0xda, 0xc4, 0x28, 0xf8, 0x1d, 0x99, 0x6e, 0xc3, 0x10, 0x25, - 0x23, 0xe5, 0x75, 0x57, 0x6e, 0x70, 0xff, + 0x30, 0x81, 0xdc, 0x02, 0x01, 0x01, 0x04, 0x42, 0x00, 0x13, 0x96, 0x0c, + 0x56, 0xec, 0x80, 0x5d, 0x78, 0x63, 0x67, 0x4c, 0xbd, 0xdc, 0xef, 0x69, + 0xc8, 0x74, 0xd6, 0xbe, 0x94, 0xb4, 0x36, 0x2f, 0xe5, 0x7b, 0x67, 0x1e, + 0x09, 0x74, 0xc4, 0x2b, 0xfd, 0x5a, 0xd7, 0xca, 0xec, 0xb7, 0x8e, 0xb1, + 0x09, 0xb8, 0xe1, 0xcf, 0x57, 0xd7, 0xe3, 0x6a, 0x57, 0xef, 0x84, 0xd7, + 0xf7, 0x4d, 0xaa, 0xf4, 0xd3, 0x53, 0x78, 0x1c, 0x95, 0xf7, 0x63, 0x1f, + 0xb1, 0x98, 0xa0, 0x07, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x23, 0xa1, + 0x81, 0x89, 0x03, 0x81, 0x86, 0x00, 0x04, 0x01, 0x20, 0xa9, 0xc9, 0x35, + 0x18, 0x71, 0x4b, 0x54, 0xb0, 0xd7, 0x2f, 0xcc, 0xdd, 0x7d, 0xec, 0x25, + 0x04, 0xa7, 0x2e, 0xda, 0x76, 0x8f, 0xb3, 0x77, 0xd6, 0xa5, 0xf8, 0x9e, + 0xea, 0x10, 0x58, 0xc4, 0x2c, 0xdb, 0xae, 0x78, 0xc3, 0x79, 0x04, 0x91, + 0xb4, 0x35, 0xa5, 0x26, 0xa5, 0x93, 0x2b, 0xda, 0x7a, 0xb1, 0xcf, 0x2f, + 0xc9, 0x66, 0xc7, 0xad, 0x89, 0x22, 0x49, 0xc6, 0x95, 0xcd, 0x66, 0xea, + 0x36, 0x01, 0xc5, 0x06, 0x75, 0xb0, 0xc7, 0x27, 0xa7, 0xa7, 0x89, 0xdc, + 0x97, 0x53, 0xa3, 0x74, 0xf8, 0xb7, 0xa7, 0xba, 0x25, 0x0d, 0x45, 0xa7, + 0x82, 0x5d, 0x8a, 0xb9, 0x3e, 0x43, 0x22, 0x34, 0xdf, 0x49, 0x23, 0x06, + 0xc3, 0xa5, 0x55, 0x45, 0xef, 0xdf, 0xaf, 0x68, 0x70, 0x69, 0x4f, 0x65, + 0x0a, 0xfb, 0xe8, 0xa8, 0xd9, 0xd1, 0x4c, 0x8b, 0x13, 0x7d, 0x43, 0xc5, + 0x8a, 0x87, 0x3d, 0x93, 0x5a, 0x66, 0xd5, }; -/* END FILE */ -/* This macro was generated from tests/scripts/generate_test_keys.py */ -/* BEGIN FILE string macro test_ec_bp256r1 */ const unsigned char test_ec_bp256r1[] = { - 0x30, 0x78, 0x02, 0x01, 0x01, 0x04, 0x20, 0x53, 0xd7, 0x10, 0x63, 0x7f, - 0x58, 0x46, 0x73, 0xcc, 0x4c, 0x8f, 0xdb, 0x43, 0xc5, 0xc5, 0x17, 0x9e, - 0x07, 0xe4, 0x87, 0xc6, 0x80, 0xd5, 0x9e, 0x5e, 0xc8, 0x38, 0x70, 0xc2, - 0x4c, 0xb4, 0xf7, 0xa0, 0x0b, 0x06, 0x09, 0x2b, 0x24, 0x03, 0x03, 0x02, - 0x08, 0x01, 0x01, 0x07, 0xa1, 0x44, 0x03, 0x42, 0x00, 0x04, 0x49, 0xcd, - 0x94, 0xf2, 0x2b, 0x12, 0xff, 0x6e, 0xdf, 0x5f, 0x1a, 0xab, 0xf1, 0x49, - 0xaa, 0x46, 0x1d, 0x18, 0xb5, 0xa1, 0x4e, 0xd3, 0x88, 0x62, 0x01, 0x42, - 0x9b, 0x9e, 0xa0, 0xc1, 0x38, 0x24, 0x3f, 0x64, 0x8c, 0xf6, 0x65, 0xd7, - 0x7c, 0x4a, 0xad, 0x86, 0xe4, 0x2f, 0xf8, 0x20, 0x21, 0xb7, 0x7b, 0x50, - 0x9e, 0xf6, 0xa2, 0x44, 0x41, 0x63, 0xae, 0xd9, 0xd3, 0xaf, 0x35, 0x97, - 0xc7, 0x02, + 0x30, 0x78, 0x02, 0x01, 0x01, 0x04, 0x20, 0x4c, 0xb1, 0x0d, 0x0f, 0x90, + 0xe3, 0xae, 0x71, 0x43, 0x7a, 0xc8, 0x3a, 0x6d, 0x6f, 0x51, 0x35, 0x19, + 0xa4, 0x42, 0xe2, 0x47, 0x61, 0x4d, 0xfe, 0x1f, 0xe8, 0xf9, 0x61, 0x56, + 0x88, 0x87, 0x82, 0xa0, 0x0b, 0x06, 0x09, 0x2b, 0x24, 0x03, 0x03, 0x02, + 0x08, 0x01, 0x01, 0x07, 0xa1, 0x44, 0x03, 0x42, 0x00, 0x04, 0x04, 0x7e, + 0xaa, 0x53, 0x65, 0x4c, 0x1b, 0x46, 0x7c, 0x10, 0x89, 0x58, 0xb8, 0xd8, + 0xd7, 0xaa, 0x09, 0x4f, 0xe4, 0x65, 0xc8, 0x03, 0xa0, 0x6f, 0x1a, 0xf0, + 0x4e, 0x95, 0xa4, 0xe0, 0x6c, 0xaf, 0x82, 0x8f, 0x2b, 0xa7, 0x32, 0xca, + 0x77, 0x7c, 0x60, 0xed, 0xc1, 0x02, 0x33, 0x35, 0xec, 0x0f, 0x7b, 0x92, + 0x0b, 0xfa, 0x8e, 0x4f, 0x25, 0xd4, 0x6d, 0xd9, 0x5c, 0xa9, 0x65, 0x22, + 0x3d, 0x38, }; -/* END FILE */ -/* This macro was generated from tests/scripts/generate_test_keys.py */ -/* BEGIN FILE string macro test_ec_bp384r1 */ const unsigned char test_ec_bp384r1[] = { - 0x30, 0x81, 0xa8, 0x02, 0x01, 0x01, 0x04, 0x30, 0x4a, 0x28, 0x9c, 0xc2, - 0xf0, 0xfd, 0x7c, 0xdb, 0xe3, 0xd1, 0x03, 0xb9, 0xf1, 0x3c, 0xb5, 0xaa, - 0x8e, 0xb6, 0x4d, 0x93, 0xa3, 0xac, 0x1f, 0x4f, 0x1d, 0x67, 0x41, 0x75, - 0x8d, 0x86, 0xd5, 0xd8, 0x19, 0x9e, 0xb8, 0x6a, 0xf9, 0x29, 0x51, 0x26, - 0xbf, 0x70, 0xfc, 0x3e, 0x6f, 0xcf, 0x1e, 0xcc, 0xa0, 0x0b, 0x06, 0x09, + 0x30, 0x81, 0xa8, 0x02, 0x01, 0x01, 0x04, 0x30, 0x25, 0xe5, 0x2b, 0x86, + 0xfe, 0xd0, 0x4b, 0xac, 0x1e, 0x91, 0x10, 0x8e, 0xe4, 0xb7, 0x22, 0xe5, + 0xa8, 0xcc, 0x9a, 0x3a, 0xe7, 0x54, 0x04, 0x08, 0xda, 0x45, 0x0b, 0xf4, + 0x2f, 0x7a, 0x9b, 0x04, 0xa9, 0xcf, 0x37, 0x1b, 0xf4, 0x6c, 0x98, 0x79, + 0xd6, 0x8e, 0x8c, 0x8e, 0x39, 0x9d, 0x09, 0x31, 0xa0, 0x0b, 0x06, 0x09, 0x2b, 0x24, 0x03, 0x03, 0x02, 0x08, 0x01, 0x01, 0x0b, 0xa1, 0x64, 0x03, - 0x62, 0x00, 0x04, 0x3d, 0x98, 0x26, 0x32, 0x82, 0xbb, 0xc5, 0x0b, 0x3f, - 0x77, 0x76, 0x91, 0xeb, 0x63, 0xab, 0xa8, 0x4f, 0x13, 0x69, 0x6e, 0x73, - 0x0f, 0x86, 0x23, 0x19, 0x0d, 0xec, 0x85, 0xe9, 0xea, 0xe3, 0x30, 0xfd, - 0x53, 0xef, 0xd2, 0xa1, 0x9c, 0x4d, 0x23, 0xf7, 0x26, 0x02, 0x98, 0x01, - 0x99, 0x95, 0x53, 0x87, 0x16, 0x11, 0x09, 0x8c, 0x34, 0xa9, 0x11, 0xcb, - 0x75, 0x1a, 0x72, 0xa8, 0x82, 0xc5, 0xdb, 0x92, 0x17, 0x59, 0xa6, 0xc0, - 0x16, 0x97, 0xf5, 0xba, 0x6c, 0x5b, 0x87, 0x4d, 0xa4, 0xff, 0x59, 0xeb, - 0xe9, 0xf4, 0x3f, 0x78, 0x6e, 0x5e, 0xff, 0x18, 0x36, 0x4e, 0x06, 0x27, - 0x5b, 0x00, 0x6a, + 0x62, 0x00, 0x04, 0x1f, 0xf8, 0x30, 0xb5, 0x6e, 0x08, 0xa2, 0xf8, 0xc1, + 0x19, 0x86, 0xb1, 0x64, 0x9b, 0xd0, 0x68, 0x84, 0x3c, 0x7a, 0x40, 0xe3, + 0x56, 0x95, 0xa1, 0x24, 0x49, 0x7a, 0x36, 0xb8, 0x6a, 0x4d, 0x55, 0x61, + 0x04, 0x82, 0x5b, 0xfd, 0xe0, 0xf1, 0x2c, 0x88, 0x84, 0xed, 0xfb, 0x37, + 0x8a, 0x07, 0xf7, 0x89, 0xfa, 0x95, 0x07, 0x21, 0xbb, 0x66, 0x44, 0x46, + 0x63, 0x80, 0x61, 0x09, 0x06, 0xfd, 0x7e, 0xfd, 0x41, 0xae, 0x86, 0x98, + 0xa9, 0x05, 0xb2, 0x31, 0x49, 0xca, 0xad, 0x14, 0x8b, 0xb5, 0x8c, 0x7c, + 0x2b, 0x16, 0x66, 0x1e, 0x18, 0x7b, 0xa3, 0x52, 0xbc, 0x5d, 0x26, 0x1e, + 0x70, 0xdb, 0x11, }; -/* END FILE */ -/* This macro was generated from tests/scripts/generate_test_keys.py */ -/* BEGIN FILE string macro test_ec_bp512r1 */ const unsigned char test_ec_bp512r1[] = { - 0x30, 0x81, 0xda, 0x02, 0x01, 0x01, 0x04, 0x40, 0x35, 0x8e, 0xa9, 0xb9, - 0xe1, 0x55, 0xf3, 0x9e, 0x8a, 0x26, 0x8a, 0x9c, 0x29, 0xb1, 0x47, 0xc5, - 0x3e, 0x0e, 0x16, 0x7f, 0x6d, 0x3f, 0x8d, 0x5c, 0x05, 0xe9, 0xc1, 0x52, - 0x76, 0xa2, 0x47, 0x6a, 0x42, 0xd8, 0x30, 0xc2, 0x41, 0x14, 0xf9, 0x05, - 0x3e, 0x9c, 0xfa, 0xa6, 0x49, 0xfe, 0xb4, 0x9d, 0xfb, 0x9c, 0x45, 0x68, - 0x03, 0xb7, 0xae, 0x51, 0xcf, 0x61, 0x41, 0x10, 0x7f, 0xa7, 0xf4, 0x2b, + 0x30, 0x81, 0xda, 0x02, 0x01, 0x01, 0x04, 0x40, 0x92, 0xcd, 0x27, 0xe6, + 0x7a, 0xdc, 0x76, 0x4e, 0xb0, 0x70, 0xb5, 0xae, 0x1e, 0xf2, 0x2a, 0x0e, + 0x8b, 0xc0, 0xa6, 0x42, 0x2e, 0x23, 0xd8, 0xc1, 0x65, 0x3b, 0x45, 0x95, + 0xf2, 0xd0, 0xed, 0xeb, 0x48, 0x8a, 0x9c, 0x32, 0xcf, 0xb0, 0x03, 0x66, + 0x65, 0xf9, 0xed, 0x60, 0x39, 0x06, 0xff, 0x8e, 0x9d, 0xd3, 0x39, 0xa7, + 0x49, 0x7e, 0xf7, 0xd1, 0xe2, 0xb9, 0xb0, 0x6c, 0x48, 0x76, 0x01, 0xb8, 0xa0, 0x0b, 0x06, 0x09, 0x2b, 0x24, 0x03, 0x03, 0x02, 0x08, 0x01, 0x01, - 0x0d, 0xa1, 0x81, 0x85, 0x03, 0x81, 0x82, 0x00, 0x04, 0xa7, 0xbf, 0xf3, - 0xd0, 0xa8, 0x3d, 0xad, 0xfc, 0x50, 0x65, 0xbf, 0x30, 0x61, 0x79, 0x39, - 0x64, 0x36, 0xa9, 0x62, 0x74, 0x97, 0x82, 0xc8, 0xba, 0x1b, 0x6a, 0xaa, - 0x48, 0x0f, 0x7f, 0x56, 0x4c, 0xad, 0x47, 0x13, 0x5a, 0x14, 0x50, 0x60, - 0x54, 0xa8, 0x3e, 0x6d, 0xa7, 0x87, 0xfe, 0x1d, 0x41, 0x2b, 0x0a, 0x7e, - 0xaf, 0x0e, 0xe9, 0xcc, 0xce, 0x44, 0x5f, 0x51, 0x88, 0x22, 0x22, 0xf9, - 0x63, 0x6e, 0xdd, 0x99, 0xbb, 0xd5, 0x14, 0x9b, 0x10, 0x30, 0xa3, 0xe6, - 0x60, 0x9a, 0xa9, 0xa4, 0x42, 0x79, 0xa8, 0xd2, 0x74, 0x7e, 0xf9, 0x02, - 0x71, 0x8d, 0xd6, 0xed, 0x52, 0xb1, 0x1b, 0xdb, 0x0d, 0x6f, 0x49, 0xda, - 0x70, 0x5b, 0xf4, 0x70, 0x98, 0x11, 0xa4, 0xec, 0x4c, 0x9d, 0x67, 0x5f, - 0x3b, 0xea, 0x1c, 0x02, 0x46, 0x89, 0xff, 0xc2, 0x33, 0xa3, 0xa9, 0x57, - 0x36, 0xd8, 0x10, 0x0e, 0xf6, + 0x0d, 0xa1, 0x81, 0x85, 0x03, 0x81, 0x82, 0x00, 0x04, 0x30, 0xb4, 0xb1, + 0x4d, 0xea, 0xed, 0xf9, 0x32, 0xff, 0xe1, 0xdb, 0x96, 0xd7, 0x34, 0xd4, + 0x6b, 0x3e, 0xad, 0xf5, 0xfa, 0x0b, 0xdd, 0x5d, 0x41, 0x56, 0xfd, 0x2d, + 0x8e, 0x2b, 0x84, 0x2f, 0xc0, 0xe4, 0xba, 0xed, 0x53, 0x2c, 0x4c, 0xeb, + 0x14, 0xe3, 0x89, 0x92, 0x66, 0xdc, 0x61, 0x3a, 0xda, 0xb9, 0xb9, 0x8c, + 0xc7, 0x41, 0x74, 0xba, 0x40, 0x54, 0xef, 0xce, 0x38, 0xc9, 0x0a, 0xeb, + 0x70, 0x01, 0x30, 0xf8, 0x18, 0x7e, 0x8c, 0x39, 0x16, 0xfc, 0xef, 0x10, + 0x7f, 0x16, 0xe2, 0x52, 0xba, 0x8f, 0x37, 0xdf, 0x23, 0x72, 0xe2, 0xd9, + 0x90, 0x7a, 0x51, 0xc3, 0x44, 0x8a, 0x6e, 0x92, 0x79, 0x7b, 0x66, 0x22, + 0xa9, 0x7e, 0xef, 0xef, 0x8d, 0x10, 0x23, 0x95, 0x97, 0xd7, 0x28, 0x28, + 0x4c, 0x89, 0xcb, 0x14, 0xe2, 0x89, 0x09, 0xe8, 0x05, 0x07, 0x0f, 0x6a, + 0x3f, 0xad, 0x84, 0xb3, 0x0b, }; -/* END FILE */ -/* This macro was generated from tests/scripts/generate_test_keys.py */ -/* BEGIN FILE string macro test_ec_curve25519 */ const unsigned char test_ec_curve25519[] = { 0x30, 0x2e, 0x02, 0x01, 0x00, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, 0x6e, - 0x04, 0x22, 0x04, 0x20, 0xd0, 0x40, 0x4f, 0x5d, 0xf9, 0x7e, 0x1c, 0x24, - 0xd6, 0x68, 0x08, 0x29, 0x5b, 0xfd, 0x49, 0xaa, 0xd0, 0x6f, 0x8e, 0x44, - 0x13, 0x52, 0x84, 0x07, 0x79, 0x8a, 0xda, 0x69, 0xa2, 0xa0, 0xf6, 0x52, + 0x04, 0x22, 0x04, 0x20, 0xf0, 0x29, 0x67, 0x44, 0x79, 0x87, 0xc0, 0x63, + 0xe1, 0x20, 0xd5, 0x6f, 0x45, 0xc5, 0x94, 0x3a, 0xd1, 0x75, 0x2a, 0x77, + 0xa1, 0x86, 0x98, 0x65, 0xdd, 0xab, 0x63, 0x88, 0xe1, 0x2a, 0x66, 0x6e, }; -/* END FILE */ -/* This macro was generated from tests/scripts/generate_test_keys.py */ -/* BEGIN FILE string macro test_ec_secp192k1 */ const unsigned char test_ec_secp192k1[] = { - 0x30, 0x5c, 0x02, 0x01, 0x01, 0x04, 0x18, 0xca, 0xa6, 0x5e, 0x57, 0x3d, - 0xb3, 0x0f, 0x12, 0x29, 0x4f, 0x5e, 0xc8, 0xb3, 0x3f, 0x6a, 0x1a, 0x8d, - 0x32, 0xb9, 0x9d, 0xbe, 0x0f, 0x7b, 0x95, 0xa0, 0x07, 0x06, 0x05, 0x2b, - 0x81, 0x04, 0x00, 0x1f, 0xa1, 0x34, 0x03, 0x32, 0x00, 0x04, 0x31, 0x24, - 0xcf, 0x44, 0xb3, 0x62, 0x5a, 0x1d, 0xb6, 0xfd, 0xf7, 0xee, 0x5c, 0x65, - 0x8c, 0x43, 0x6b, 0x05, 0x17, 0xe5, 0x12, 0x75, 0xf8, 0xe2, 0xbd, 0xb1, - 0xf2, 0x0e, 0x66, 0xae, 0x39, 0xad, 0xc6, 0x6d, 0xb8, 0x02, 0xb2, 0x72, - 0x4a, 0xd5, 0x37, 0xdc, 0x23, 0x00, 0x28, 0x6e, 0x1b, 0x98, + 0x30, 0x5c, 0x02, 0x01, 0x01, 0x04, 0x18, 0x30, 0xaa, 0xb8, 0xb2, 0x51, + 0x9e, 0xf6, 0x8e, 0xf5, 0xbe, 0x41, 0xbc, 0x2d, 0x2d, 0x1f, 0x96, 0x30, + 0xd8, 0x5f, 0x62, 0x9c, 0xca, 0x51, 0xca, 0xa0, 0x07, 0x06, 0x05, 0x2b, + 0x81, 0x04, 0x00, 0x1f, 0xa1, 0x34, 0x03, 0x32, 0x00, 0x04, 0xf5, 0x88, + 0xa8, 0x31, 0x0c, 0x1f, 0xf2, 0xdf, 0xeb, 0x70, 0x69, 0xd7, 0x8c, 0x42, + 0xe1, 0xaa, 0x20, 0x66, 0x5e, 0x49, 0x74, 0x7f, 0xb5, 0xa5, 0x6b, 0x96, + 0x75, 0xc6, 0xa2, 0xda, 0xf0, 0x5d, 0xa2, 0x8e, 0xbd, 0x54, 0x94, 0xf5, + 0x4d, 0x31, 0x1e, 0x6c, 0x70, 0xa3, 0xd2, 0x29, 0xda, 0x4d, }; -/* END FILE */ -/* This macro was generated from tests/scripts/generate_test_keys.py */ -/* BEGIN FILE string macro test_ec_secp256k1 */ const unsigned char test_ec_secp256k1[] = { - 0x30, 0x74, 0x02, 0x01, 0x01, 0x04, 0x20, 0x3a, 0x18, 0xe9, 0x5c, 0x8e, - 0xde, 0xb5, 0x8e, 0x1b, 0xd5, 0x36, 0xa6, 0x01, 0xb6, 0x3d, 0x4c, 0xe1, - 0x86, 0x65, 0x3b, 0x77, 0xb5, 0xfd, 0x3c, 0xc8, 0x6f, 0x15, 0x16, 0x0b, - 0x16, 0x88, 0x80, 0xa0, 0x07, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x0a, - 0xa1, 0x44, 0x03, 0x42, 0x00, 0x04, 0x0f, 0x63, 0x3a, 0x58, 0xa9, 0xc1, - 0xbb, 0x56, 0x12, 0xe1, 0x3d, 0xff, 0x91, 0x27, 0x06, 0xca, 0x4e, 0x46, - 0xbb, 0xdb, 0x9b, 0xb8, 0x62, 0xec, 0xd9, 0x39, 0xa8, 0x02, 0x08, 0x1c, - 0x1c, 0xb8, 0x0d, 0xe1, 0x28, 0xeb, 0x06, 0xca, 0xb6, 0x50, 0x5e, 0x99, - 0xe0, 0x24, 0x20, 0xef, 0x72, 0xe6, 0x5d, 0x27, 0x96, 0x25, 0x7f, 0x6e, - 0xf6, 0x65, 0x43, 0xe1, 0xaf, 0x6c, 0x71, 0x86, 0x29, 0xb8, + 0x30, 0x74, 0x02, 0x01, 0x01, 0x04, 0x20, 0xda, 0x1f, 0xf8, 0xe8, 0xb9, + 0x1f, 0x45, 0xd8, 0xc3, 0xfe, 0x3e, 0x5d, 0x50, 0x56, 0xc3, 0xe8, 0xad, + 0x87, 0xb0, 0x91, 0x71, 0xcd, 0xca, 0x80, 0xa7, 0xdf, 0x49, 0xd6, 0xa5, + 0xc6, 0x9f, 0x97, 0xa0, 0x07, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x0a, + 0xa1, 0x44, 0x03, 0x42, 0x00, 0x04, 0xef, 0x76, 0x2f, 0x4f, 0x6a, 0x7d, + 0x0a, 0xec, 0xef, 0x78, 0x0b, 0xa1, 0xba, 0x57, 0x0f, 0x41, 0x76, 0x76, + 0xf1, 0x4f, 0x7e, 0x91, 0x8b, 0x18, 0xba, 0xab, 0xd9, 0xd7, 0xcc, 0x2c, + 0xe2, 0x1e, 0x92, 0x6d, 0xfd, 0x53, 0xcc, 0xa4, 0x62, 0xab, 0xe4, 0xc0, + 0xaf, 0xaf, 0xc9, 0xd0, 0x10, 0x1a, 0x89, 0x86, 0x6d, 0x6f, 0x24, 0x71, + 0xa3, 0xe2, 0x70, 0xe2, 0x02, 0xe5, 0x96, 0x48, 0xd5, 0x03, }; -/* END FILE */ -/* This macro was generated from tests/scripts/generate_test_keys.py */ -/* BEGIN FILE string macro test_ec_curve448 */ const unsigned char test_ec_curve448[] = { 0x30, 0x46, 0x02, 0x01, 0x00, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, 0x6f, - 0x04, 0x3a, 0x04, 0x38, 0x74, 0xe8, 0x0c, 0xd1, 0xf3, 0x1d, 0x38, 0xae, - 0x1d, 0x57, 0x6e, 0xfd, 0x8a, 0x5f, 0xc2, 0xf0, 0x48, 0x95, 0x41, 0xc9, - 0x75, 0x31, 0x6f, 0x80, 0xea, 0xc2, 0xdf, 0x0f, 0x86, 0xc6, 0xda, 0x0a, - 0x6f, 0x6e, 0xeb, 0x45, 0xc0, 0x03, 0xbf, 0x13, 0xb3, 0x43, 0xa1, 0xb2, - 0x57, 0x27, 0xd4, 0xc7, 0xc7, 0x7a, 0xf7, 0x29, 0xa7, 0x78, 0xe1, 0xe9, + 0x04, 0x3a, 0x04, 0x38, 0xe4, 0xd9, 0x04, 0xba, 0x83, 0x93, 0xa5, 0x69, + 0x14, 0x17, 0xab, 0x9d, 0xfd, 0xc9, 0xf2, 0x0d, 0x57, 0x6f, 0xe7, 0x1a, + 0xe6, 0xac, 0xb7, 0x76, 0xdc, 0xe2, 0x76, 0x68, 0x34, 0xd9, 0x45, 0x11, + 0xff, 0x73, 0x24, 0x03, 0xe1, 0x49, 0x6a, 0x65, 0x1d, 0x89, 0xd3, 0x2f, + 0xbc, 0xfe, 0x49, 0xa8, 0xc1, 0xba, 0xbf, 0x46, 0x4b, 0x4c, 0x25, 0xef, }; -/* END FILE */ From ab38fc7c1132c30ad8a262d7ea0c242b5c549dd7 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Wed, 3 Apr 2024 13:50:26 +0200 Subject: [PATCH 060/429] test_suite_pk: minor code fixes and comments improvements Signed-off-by: Valerio Setti --- tests/suites/test_suite_pk.function | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/tests/suites/test_suite_pk.function b/tests/suites/test_suite_pk.function index 53eeea931a..c08c145f77 100644 --- a/tests/suites/test_suite_pk.function +++ b/tests/suites/test_suite_pk.function @@ -232,9 +232,11 @@ static int get_predefined_key_data(int curve_or_keybits, * * This is a fake implementation of key generation because instead of generating * a new key every time, we use predefined ones to speed up testing. - * This function assumes that the PK context has already been setup - * (mbedtls_pk_setup() has been called on the PK context ) so that it - * can determine the key type to be loaded from the PK context itself. + * + * These keys are taken from "test/src/test_keys.h" which is automatically + * generated using "tests/scripts/generate_test_keys.py". Therefore if new + * EC curves or RSA key bits need to be tested, please update "test_keys.h" + * using this script. * * \param pk The PK object to fill. It must have been initialized * (mbedtls_pk_init()), but not setup (mbedtls_pk_setup()). @@ -309,7 +311,7 @@ psa_status_t pk_psa_genkey(psa_key_type_t type, size_t bits, TEST_EQUAL(get_predefined_key_data(grp_id, &key_data, &key_data_size), 0); unsigned char *p = (unsigned char *) key_data; - unsigned char *end = (unsigned char *) key_data + key_data_size; + const unsigned char *end = key_data + key_data_size; size_t len; int version; @@ -1842,9 +1844,9 @@ void pk_psa_sign(int psa_type, int bits, int rsa_padding) TEST_EQUAL(pk_genkey(&pk, MBEDTLS_PK_RSA, bits), 0); TEST_EQUAL(mbedtls_rsa_set_padding(mbedtls_pk_rsa(pk), rsa_padding, MBEDTLS_MD_NONE), 0); } -#else /* MBEDTLS_RSA_C && MBEDTLS_PK_PARSE_C */ +#else /* MBEDTLS_RSA_C */ (void) rsa_padding; -#endif /* MBEDTLS_RSA_C && MBEDTLS_GENPRIME */ +#endif /* MBEDTLS_RSA_C */ #if defined(MBEDTLS_PK_CAN_ECDSA_SIGN) if (PSA_KEY_TYPE_IS_ECC_KEY_PAIR(psa_type)) { ecp_grp_id = mbedtls_ecc_group_from_psa(psa_type, bits); From 1c7f5dea8b9442e14d907dc81c014d675c054478 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Thu, 4 Apr 2024 09:39:12 +0200 Subject: [PATCH 061/429] pk: fix documentation of mbedtls_pk_setup_opaque() Signed-off-by: Valerio Setti --- include/mbedtls/pk.h | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/include/mbedtls/pk.h b/include/mbedtls/pk.h index a23927088c..52f4cc6c9e 100644 --- a/include/mbedtls/pk.h +++ b/include/mbedtls/pk.h @@ -390,7 +390,8 @@ int mbedtls_pk_setup(mbedtls_pk_context *ctx, const mbedtls_pk_info_t *info); * \return \c 0 on success. * \return #MBEDTLS_ERR_PK_BAD_INPUT_DATA on invalid input (context already * used, invalid key identifier). - * \return #MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE if the key is not an ECC key pair. + * \return #MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE if the key is not an ECC or + * RSA key pair. * \return #MBEDTLS_ERR_PK_ALLOC_FAILED on allocation failure. */ int mbedtls_pk_setup_opaque(mbedtls_pk_context *ctx, From b76573c6626a162b9ec1ef95fe32ace27a2ae340 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Thu, 4 Apr 2024 10:44:18 +0200 Subject: [PATCH 062/429] We now have two LTS branches to backport to. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Manuel Pégourié-Gonnard --- .github/pull_request_template.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/pull_request_template.md b/.github/pull_request_template.md index 9d30412fd8..892ed28ce1 100644 --- a/.github/pull_request_template.md +++ b/.github/pull_request_template.md @@ -9,7 +9,8 @@ Please write a few sentences describing the overall goals of the pull request's Please tick as appropriate and edit the reasons (e.g.: "backport: not needed because this is a new feature") - [ ] **changelog** provided, or not required -- [ ] **backport** done, or not required +- [ ] **3.6 backport** done, or not required +- [ ] **2.28 backport** done, or not required - [ ] **tests** provided, or not required From 9314df617ba1d5dac972909eadf000ff9de345c7 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Thu, 4 Apr 2024 09:53:07 +0200 Subject: [PATCH 063/429] tls: Fix doc of mbedtls_ssl_session_save() Fix documentation of mbedtls_ssl_session_save() regarding its dependency on MBEDTLS_SSL_SESSION_TICKETS in TLS 1.3 session case. Signed-off-by: Ronald Cron --- include/mbedtls/ssl.h | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index 172d4693b2..f788208101 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -3309,8 +3309,16 @@ int mbedtls_ssl_session_load(mbedtls_ssl_session *session, * to determine the necessary size by calling this function * with \p buf set to \c NULL and \p buf_len to \c 0. * + * \note For TLS 1.3 sessions, this feature is supported only if the + * MBEDTLS_SSL_SESSION_TICKETS configuration option is enabled, + * as in TLS 1.3 session resumption is possible only with + * tickets. + * * \return \c 0 if successful. * \return #MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL if \p buf is too small. + * \return #MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE if the + * MBEDTLS_SSL_SESSION_TICKETS configuration option is disabled + * and the session is a TLS 1.3 session. */ int mbedtls_ssl_session_save(const mbedtls_ssl_session *session, unsigned char *buf, From 81bb589090f9ee1e0a83a5d3711a4c6f3e6760d4 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Thu, 4 Apr 2024 15:30:55 +0200 Subject: [PATCH 064/429] tls13: Fix doc of mbedtls_ssl_session_get() - 1 The API has eventually not been changed to return multiple tickets through multiple subsequent call to it. Signed-off-by: Ronald Cron --- include/mbedtls/ssl.h | 15 ++------------- 1 file changed, 2 insertions(+), 13 deletions(-) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index f788208101..4064ab28c5 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -4845,23 +4845,12 @@ const mbedtls_x509_crt *mbedtls_ssl_get_peer_cert(const mbedtls_ssl_context *ssl * \note This function can handle a variety of mechanisms for session * resumption: For TLS 1.2, both session ID-based resumption and * ticket-based resumption will be considered. For TLS 1.3, - * once implemented, sessions equate to tickets, and calling - * this function multiple times will export the available - * tickets one a time until no further tickets are available, - * in which case MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE will - * be returned. - * - * \note Calling this function multiple times will only be useful - * once TLS 1.3 is supported. For TLS 1.2 connections, this - * function should be called at most once. + * sessions equate to tickets, and this function exports the + * last received ticket. * * \return \c 0 if successful. In this case, \p session can be used for * session resumption by passing it to mbedtls_ssl_set_session(), * and serialized for storage via mbedtls_ssl_session_save(). - * \return #MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE if no further session - * is available for export. - * This error is a non-fatal, and has no observable effect on - * the SSL context or the destination session. * \return Another negative error code on other kinds of failure. * * \sa mbedtls_ssl_set_session() From 66a206c26ca3bd23512a11088552ba6ebc19ffe7 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Thu, 4 Apr 2024 15:34:22 +0200 Subject: [PATCH 065/429] tls13: Fix doc of mbedtls_ssl_session_get() - 2 Fix documentation of mbedtls_ssl_session_get() regarding its interaction with session ticket enablement. Signed-off-by: Ronald Cron --- include/mbedtls/ssl.h | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index 4064ab28c5..02737cb13d 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -4845,8 +4845,12 @@ const mbedtls_x509_crt *mbedtls_ssl_get_peer_cert(const mbedtls_ssl_context *ssl * \note This function can handle a variety of mechanisms for session * resumption: For TLS 1.2, both session ID-based resumption and * ticket-based resumption will be considered. For TLS 1.3, - * sessions equate to tickets, and this function exports the - * last received ticket. + * sessions equate to tickets, and if session tickets are + * enabled (see #MBEDTLS_SSL_SESSION_TICKETS configuration + * option), this function exports the last received ticket and + * the exported session may be used to resume the TLS 1.3 + * session. If session tickets are disabled, exported sessions + * cannot be used to resume a TLS 1.3 session. * * \return \c 0 if successful. In this case, \p session can be used for * session resumption by passing it to mbedtls_ssl_set_session(), From d85eeae7400fdeae62af303ba3f033939304127f Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Thu, 4 Apr 2024 10:34:21 +0200 Subject: [PATCH 066/429] tls13: Fix doc of mbedtls_ssl_session_set() - 1 It was eventually decided to not support multiple tickets in TLS 1.3 ClientHello messages thus removing the parts in mbedtls_ssl_session_set() documentation that were anticipating that. Signed-off-by: Ronald Cron --- include/mbedtls/ssl.h | 22 +++++++++------------- 1 file changed, 9 insertions(+), 13 deletions(-) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index 02737cb13d..11e447ba82 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -3216,16 +3216,11 @@ void mbedtls_ssl_conf_session_cache(mbedtls_ssl_config *conf, * a full handshake. * * \note This function can handle a variety of mechanisms for session - * resumption: For TLS 1.2, both session ID-based resumption and - * ticket-based resumption will be considered. For TLS 1.3, - * once implemented, sessions equate to tickets, and loading - * one or more sessions via this call will lead to their - * corresponding tickets being advertised as resumption PSKs - * by the client. - * - * \note Calling this function multiple times will only be useful - * once TLS 1.3 is supported. For TLS 1.2 connections, this - * function should be called at most once. + * resumption: For TLS 1.2, both session ID-based resumption + * and ticket-based resumption will be considered. For TLS 1.3, + * sessions equate to tickets, and loading one session by + * calling this function will lead to its corresponding ticket + * being advertised as resumption PSK by the client. * * \param ssl The SSL context representing the connection which should * be attempted to be setup using session resumption. This @@ -3240,9 +3235,10 @@ void mbedtls_ssl_conf_session_cache(mbedtls_ssl_config *conf, * * \return \c 0 if successful. * \return \c MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE if the session - * could not be loaded because of an implementation limitation. - * This error is non-fatal, and has no observable effect on - * the SSL context or the session that was attempted to be loaded. + * could not be loaded because one session has already been + * loaded. This error is non-fatal, and has no observable + * effect on the SSL context or the session that was attempted + * to be loaded. * \return Another negative error code on other kinds of failure. * * \sa mbedtls_ssl_get_session() From fe15d90f72dbf2cbcca31407d24aadaa5ac3fd53 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Thu, 4 Apr 2024 13:40:11 +0200 Subject: [PATCH 067/429] tls13: Fix doc of mbedtls_ssl_session_set() - 2 Fix documentation of mbedtls_ssl_session_set() regarding its dependency on MBEDTLS_SSL_SESSION_TICKETS in TLS 1.3 case. Signed-off-by: Ronald Cron --- include/mbedtls/ssl.h | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index 11e447ba82..ca130a3fbd 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -3220,7 +3220,12 @@ void mbedtls_ssl_conf_session_cache(mbedtls_ssl_config *conf, * and ticket-based resumption will be considered. For TLS 1.3, * sessions equate to tickets, and loading one session by * calling this function will lead to its corresponding ticket - * being advertised as resumption PSK by the client. + * being advertised as resumption PSK by the client. This + * depends on session tickets being enabled (see + * #MBEDTLS_SSL_SESSION_TICKETS configuration option) though. + * If session tickets are disabled, a call to this function + * with a TLS 1.3 session, will not have any effect on the next + * handshake for the SSL context \p ssl. * * \param ssl The SSL context representing the connection which should * be attempted to be setup using session resumption. This From 233fcaadbfc1357a7f647c446c9f5cae35a4b796 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Thu, 4 Apr 2024 14:05:21 +0200 Subject: [PATCH 068/429] tls13: Do not initiate at all resumption if tickets not supported Signed-off-by: Ronald Cron --- library/ssl_tls.c | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index ff8a384e20..f39aba4b89 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -1759,6 +1759,7 @@ int mbedtls_ssl_set_session(mbedtls_ssl_context *ssl, const mbedtls_ssl_session #if defined(MBEDTLS_SSL_PROTO_TLS1_3) if (session->tls_version == MBEDTLS_SSL_VERSION_TLS1_3) { +#if defined(MBEDTLS_SSL_SESSION_TICKETS) const mbedtls_ssl_ciphersuite_t *ciphersuite_info = mbedtls_ssl_ciphersuite_from_id(session->ciphersuite); @@ -1769,6 +1770,14 @@ int mbedtls_ssl_set_session(mbedtls_ssl_context *ssl, const mbedtls_ssl_session session->ciphersuite)); return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; } +#else + /* + * If session tickets are not enabled, it is not possible to resume a + * TLS 1.3 session, thus do not make any change to the SSL context in + * the first place. + */ + return 0; +#endif } #endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ From 527a2eb8c4c9112d0b2318a4f87baa0b230e958e Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Thu, 4 Apr 2024 14:49:09 +0200 Subject: [PATCH 069/429] Add change log Signed-off-by: Ronald Cron --- ChangeLog.d/tls13-without-tickets.txt | 3 +++ 1 file changed, 3 insertions(+) create mode 100644 ChangeLog.d/tls13-without-tickets.txt diff --git a/ChangeLog.d/tls13-without-tickets.txt b/ChangeLog.d/tls13-without-tickets.txt new file mode 100644 index 0000000000..8ceef21ee5 --- /dev/null +++ b/ChangeLog.d/tls13-without-tickets.txt @@ -0,0 +1,3 @@ +Bugfix + * Fix TLS 1.3 client build and runtime when support for session tickets is + disabled (MBEDTLS_SSL_SESSION_TICKETS configuration option). Fixes #6395. From e2776d16ef724834ff827e7ca6771ee25c70ff0e Mon Sep 17 00:00:00 2001 From: Pengyu Lv Date: Mon, 4 Dec 2023 12:34:41 +0800 Subject: [PATCH 070/429] Correct dependancy on `MBEDTLS_X509_INFO` for x509parse Signed-off-by: Pengyu Lv --- tests/suites/test_suite_x509parse.data | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/tests/suites/test_suite_x509parse.data b/tests/suites/test_suite_x509parse.data index 754660c56f..89d4578af5 100644 --- a/tests/suites/test_suite_x509parse.data +++ b/tests/suites/test_suite_x509parse.data @@ -330,8 +330,8 @@ X509 CSR Information RSA with SHA224 depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD_CAN_SHA224:MBEDTLS_RSA_C:!MBEDTLS_X509_REMOVE_INFO mbedtls_x509_csr_info:"data_files/parse_input/server1.req.sha224":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Server 1\nsigned using \: RSA with SHA-224\nRSA key size \: 2048 bits\n" -X509 CSR Information RSA with SHA-256 -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD_CAN_SHA256:MBEDTLS_RSA_C:MBEDTS_X509_INFO +X509 CSR Information RSA with SHA256 +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD_CAN_SHA256:MBEDTLS_RSA_C:!MBEDTLS_X509_REMOVE_INFO mbedtls_x509_csr_info:"data_files/parse_input/server1.req.sha256":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Server 1\nsigned using \: RSA with SHA-256\nRSA key size \: 2048 bits\n" X509 CSR Information RSA with SHA384 @@ -342,8 +342,8 @@ X509 CSR Information RSA with SHA512 depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD_CAN_SHA512:MBEDTLS_RSA_C:!MBEDTLS_X509_REMOVE_INFO mbedtls_x509_csr_info:"data_files/parse_input/server1.req.sha512":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Server 1\nsigned using \: RSA with SHA-512\nRSA key size \: 2048 bits\n" -X509 CSR Information RSA with SHA-256, containing commas -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD_CAN_SHA256:MBEDTLS_RSA_C:MBEDTS_X509_INFO +X509 CSR Information RSA with SHA256, containing commas +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD_CAN_SHA256:MBEDTLS_RSA_C:!MBEDTLS_X509_REMOVE_INFO mbedtls_x509_csr_info:"data_files/parse_input/server1.req.commas.sha256":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL\\, Commas, CN=PolarSSL Server 1\nsigned using \: RSA with SHA-256\nRSA key size \: 2048 bits\n" X509 CSR Information EC with SHA1 @@ -386,8 +386,8 @@ X509 CSR Information RSA-PSS with SHA512 depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_MD_CAN_SHA512:!MBEDTLS_X509_REMOVE_INFO mbedtls_x509_csr_info:"data_files/parse_input/server9.req.sha512":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nsigned using \: RSASSA-PSS (SHA512, MGF1-SHA512, 0x3E)\nRSA key size \: 1024 bits\n\nkey usage \: Digital Signature, Non Repudiation, Key Encipherment\n" -X509 CSR Information RSA with SHA-256 - Microsoft header -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD_CAN_SHA256:MBEDTLS_RSA_C +X509 CSR Information RSA with SHA256 - Microsoft header +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD_CAN_SHA256:MBEDTLS_RSA_C:!MBEDTLS_X509_REMOVE_INFO mbedtls_x509_csr_info:"data_files/parse_input/server1-ms.req.sha256":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Server 1\nsigned using \: RSA with SHA-256\nRSA key size \: 2048 bits\n" X509 CSR Information v3 extensions #1 (all) From 7ee283362b302b18a2359b2d6610b5c8ce3dc420 Mon Sep 17 00:00:00 2001 From: Pengyu Lv Date: Mon, 4 Dec 2023 13:56:15 +0800 Subject: [PATCH 071/429] Fix typo in ssl test suite Signed-off-by: Pengyu Lv --- tests/suites/test_suite_ssl.data | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/suites/test_suite_ssl.data b/tests/suites/test_suite_ssl.data index d6bf16a673..c96b4adad8 100644 --- a/tests/suites/test_suite_ssl.data +++ b/tests/suites/test_suite_ssl.data @@ -117,7 +117,7 @@ depends_on:MBEDTLS_SSL_PROTO_TLS1_2 move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_VERSION_TLS1_2:MBEDTLS_SSL_SERVER_HELLO:1 TLS 1.2:Move client handshake to SERVER_CERTIFICATE -depends_on:MBEDTLS_SSP_PROTO_TLS1_2:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY +depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_VERSION_TLS1_2:MBEDTLS_SSL_SERVER_CERTIFICATE:1 TLS 1.2:Move client handshake to SERVER_KEY_EXCHANGE From b482a471d411a7fc76daa1f75079622d2ed21fde Mon Sep 17 00:00:00 2001 From: Pengyu Lv Date: Mon, 4 Dec 2023 14:00:09 +0800 Subject: [PATCH 072/429] Fix wrong dependency in psa_crypto_pake suite Signed-off-by: Pengyu Lv --- tests/suites/test_suite_psa_crypto_pake.data | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/tests/suites/test_suite_psa_crypto_pake.data b/tests/suites/test_suite_psa_crypto_pake.data index baebded38f..49e97a9ab2 100644 --- a/tests/suites/test_suite_psa_crypto_pake.data +++ b/tests/suites/test_suite_psa_crypto_pake.data @@ -211,19 +211,19 @@ depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE:PSA_WANT_ECC_SECP_R1_256:PSA_WA ecjpake_rounds_inject:PSA_ALG_JPAKE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:0:"abcdef":ERR_INJECT_ROUND2_SERVER_ZK_PROOF:PSA_ERROR_DATA_INVALID:1 PSA PAKE: inject ERR_INJECT_EXTRA_OUTPUT -depends_on:MBEDTLS_PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 +depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 ecjpake_rounds_inject:PSA_ALG_JPAKE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:0:"abcdef":ERR_INJECT_EXTRA_OUTPUT:PSA_ERROR_BAD_STATE:0 PSA PAKE: inject ERR_INJECT_EXTRA_INPUT -depends_on:MBEDTLS_PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 +depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 ecjpake_rounds_inject:PSA_ALG_JPAKE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:1:"abcdef":ERR_INJECT_EXTRA_INPUT:PSA_ERROR_BAD_STATE:0 PSA PAKE: inject ERR_INJECT_EXTRA_OUTPUT_AT_END -depends_on:MBEDTLS_PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 +depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 ecjpake_rounds_inject:PSA_ALG_JPAKE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:1:"abcdef":ERR_INJECT_EXTRA_OUTPUT_AT_END:PSA_ERROR_BAD_STATE:1 PSA PAKE: inject ERR_INJECT_EXTRA_INPUT_AT_END -depends_on:MBEDTLS_PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 +depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 ecjpake_rounds_inject:PSA_ALG_JPAKE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:0:"abcdef":ERR_INJECT_EXTRA_INPUT_AT_END:PSA_ERROR_BAD_STATE:1 PSA PAKE: ecjpake size macros From 7cca290120434d4551d3885a19857ecf8342ef51 Mon Sep 17 00:00:00 2001 From: Pengyu Lv Date: Mon, 4 Dec 2023 14:08:47 +0800 Subject: [PATCH 073/429] Fix wrong dependency in psa_crypto_driver_wrappers suite Signed-off-by: Pengyu Lv --- tests/suites/test_suite_psa_crypto_driver_wrappers.function | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/suites/test_suite_psa_crypto_driver_wrappers.function b/tests/suites/test_suite_psa_crypto_driver_wrappers.function index a788827232..da3a44e666 100644 --- a/tests/suites/test_suite_psa_crypto_driver_wrappers.function +++ b/tests/suites/test_suite_psa_crypto_driver_wrappers.function @@ -748,7 +748,7 @@ exit: } /* END_CASE */ -/* BEGIN_CASE depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE */ +/* BEGIN_CASE depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE */ void generate_ec_key(int force_status_arg, data_t *fake_output, int expected_status_arg) From 03fe253533e9370087bd5abc96ac6a33a6258269 Mon Sep 17 00:00:00 2001 From: Pengyu Lv Date: Mon, 4 Dec 2023 14:22:09 +0800 Subject: [PATCH 074/429] Add missing definition of AT_LEAST_ONE_BUILTIN_KDF Signed-off-by: Pengyu Lv --- ...st_suite_psa_crypto_se_driver_hal.function | 19 +++++++++++++++++-- 1 file changed, 17 insertions(+), 2 deletions(-) diff --git a/tests/suites/test_suite_psa_crypto_se_driver_hal.function b/tests/suites/test_suite_psa_crypto_se_driver_hal.function index e3681ba6e7..439a4606d5 100644 --- a/tests/suites/test_suite_psa_crypto_se_driver_hal.function +++ b/tests/suites/test_suite_psa_crypto_se_driver_hal.function @@ -13,6 +13,19 @@ #include "psa/internal_trusted_storage.h" #endif +/* Same in library/psa_crypto.c */ +#if defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF) || \ + defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF_EXTRACT) || \ + defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF_EXPAND) +#define BUILTIN_ALG_ANY_HKDF 1 +#endif +#if defined(BUILTIN_ALG_ANY_HKDF) || \ + defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_PRF) || \ + defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_PSK_TO_MS) || \ + defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_ECJPAKE_TO_PMS) || \ + defined(PSA_HAVE_SOFT_PBKDF2) +#define AT_LEAST_ONE_BUILTIN_KDF +#endif /****************************************************************/ /* Test driver helpers */ @@ -720,7 +733,7 @@ static int smoke_test_key(mbedtls_svc_key_id_t key) buffer, sizeof(buffer), NULL, 0, buffer, sizeof(buffer), &length)); -#if defined(PSA_WANT_ALG_SHA_256) +#if defined(PSA_WANT_ALG_SHA_256) & defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF) /* Try the key in a plain key derivation. */ PSA_ASSERT(psa_key_derivation_setup(&derivation_operation, PSA_ALG_HKDF(PSA_ALG_SHA_256))); @@ -753,7 +766,9 @@ static int smoke_test_key(mbedtls_svc_key_id_t key) alg, key, buffer, length, buffer, sizeof(buffer), &length)); } -#endif /* PSA_WANT_ALG_SHA_256 */ +#else + (void) derivation_operation; +#endif /* PSA_WANT_ALG_SHA_256 & PSA_WANT_ALG_HKDF */ ok = 1; From 057ceb281ced153c817f3fe84ff441f2159f35bd Mon Sep 17 00:00:00 2001 From: Pengyu Lv Date: Tue, 5 Dec 2023 15:14:12 +0800 Subject: [PATCH 075/429] Add missing dependency of fallback test in driver wrappers suite To pass a fallback test, we need a dependency on built-in implementation. Signed-off-by: Pengyu Lv --- tests/suites/test_suite_psa_crypto_driver_wrappers.data | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/suites/test_suite_psa_crypto_driver_wrappers.data b/tests/suites/test_suite_psa_crypto_driver_wrappers.data index 37c15ee38c..7ddb49eed6 100644 --- a/tests/suites/test_suite_psa_crypto_driver_wrappers.data +++ b/tests/suites/test_suite_psa_crypto_driver_wrappers.data @@ -241,7 +241,7 @@ generate_ec_key through transparent driver: in-driver generate_ec_key:PSA_SUCCESS:"":PSA_SUCCESS generate_ec_key through transparent driver: fallback -depends_on:MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_GENERATE +depends_on:MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_GENERATE:MBEDTLS_PSA_BUILTIN_ECC_SECP_R1_256 generate_ec_key:PSA_ERROR_NOT_SUPPORTED:"":PSA_SUCCESS generate_ec_key through transparent driver: fallback not available From ebdca796a195f9ea22d96578872d2e660e2495a7 Mon Sep 17 00:00:00 2001 From: Pengyu Lv Date: Thu, 7 Dec 2023 16:11:53 +0800 Subject: [PATCH 076/429] Fix failures in psa_cryto_driver_wrappers suite - "in-driver" test should depend on the present of a driver. - add new counter in key manangement driver test hook which counts the calls of generate_key. - We only care about the hits when processing `psa_generate_key`. Signed-off-by: Pengyu Lv --- tests/include/test/drivers/key_management.h | 6 ++++-- tests/src/drivers/test_driver_key_management.c | 1 + tests/suites/test_suite_psa_crypto_driver_wrappers.data | 1 + .../test_suite_psa_crypto_driver_wrappers.function | 9 +++++---- 4 files changed, 11 insertions(+), 6 deletions(-) diff --git a/tests/include/test/drivers/key_management.h b/tests/include/test/drivers/key_management.h index 7b5c4c7bf1..1d9bc43985 100644 --- a/tests/include/test/drivers/key_management.h +++ b/tests/include/test/drivers/key_management.h @@ -26,8 +26,10 @@ typedef struct { /* Count the amount of times one of the key management driver functions * is called. */ unsigned long hits; - /* Subset of hits which only counts key operations with EC key */ + /* Subset of hits which only counts public key export operations */ unsigned long hits_export_public_key; + /* Subset of hits which only counts key generation operations */ + unsigned long hits_generate_key; /* Location of the last key management driver called to import a key. */ psa_key_location_t location; } mbedtls_test_driver_key_management_hooks_t; @@ -36,7 +38,7 @@ typedef struct { * sense that no PSA specification will assign a meaning to this location * (stated first in version 1.0.1 of the specification) and that it is not * used as a location of an opaque test drivers. */ -#define MBEDTLS_TEST_DRIVER_KEY_MANAGEMENT_INIT { NULL, 0, PSA_SUCCESS, 0, 0, 0x800000 } +#define MBEDTLS_TEST_DRIVER_KEY_MANAGEMENT_INIT { NULL, 0, PSA_SUCCESS, 0, 0, 0, 0x800000 } static inline mbedtls_test_driver_key_management_hooks_t mbedtls_test_driver_key_management_hooks_init(void) { diff --git a/tests/src/drivers/test_driver_key_management.c b/tests/src/drivers/test_driver_key_management.c index 866b31edee..2a878994c2 100644 --- a/tests/src/drivers/test_driver_key_management.c +++ b/tests/src/drivers/test_driver_key_management.c @@ -193,6 +193,7 @@ psa_status_t mbedtls_test_transparent_generate_key( uint8_t *key, size_t key_size, size_t *key_length) { ++mbedtls_test_driver_key_management_hooks.hits; + ++mbedtls_test_driver_key_management_hooks.hits_generate_key; if (mbedtls_test_driver_key_management_hooks.forced_status != PSA_SUCCESS) { return mbedtls_test_driver_key_management_hooks.forced_status; diff --git a/tests/suites/test_suite_psa_crypto_driver_wrappers.data b/tests/suites/test_suite_psa_crypto_driver_wrappers.data index 7ddb49eed6..54e0892004 100644 --- a/tests/suites/test_suite_psa_crypto_driver_wrappers.data +++ b/tests/suites/test_suite_psa_crypto_driver_wrappers.data @@ -238,6 +238,7 @@ generate_ec_key through transparent driver: fake generate_ec_key:PSA_SUCCESS:"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_SUCCESS generate_ec_key through transparent driver: in-driver +depends_on:MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_GENERATE generate_ec_key:PSA_SUCCESS:"":PSA_SUCCESS generate_ec_key through transparent driver: fallback diff --git a/tests/suites/test_suite_psa_crypto_driver_wrappers.function b/tests/suites/test_suite_psa_crypto_driver_wrappers.function index da3a44e666..e7925dd694 100644 --- a/tests/suites/test_suite_psa_crypto_driver_wrappers.function +++ b/tests/suites/test_suite_psa_crypto_driver_wrappers.function @@ -782,13 +782,14 @@ void generate_ec_key(int force_status_arg, fake_output->len; } - mbedtls_test_driver_key_management_hooks.hits = 0; - mbedtls_test_driver_key_management_hooks.forced_status = force_status; - PSA_ASSERT(psa_crypto_init()); + mbedtls_test_driver_key_management_hooks.hits = 0; + mbedtls_test_driver_key_management_hooks.hits_generate_key = 0; + mbedtls_test_driver_key_management_hooks.forced_status = force_status; + actual_status = psa_generate_key(&attributes, &key); - TEST_EQUAL(mbedtls_test_driver_key_management_hooks.hits, 1); + TEST_EQUAL(mbedtls_test_driver_key_management_hooks.hits_generate_key, 1); TEST_EQUAL(actual_status, expected_status); if (actual_status == PSA_SUCCESS) { From 0a4ffa4c3efdbc945a524ac0018cb2e6ec9d7bd5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 2 Apr 2024 12:12:40 +0200 Subject: [PATCH 077/429] Fix style of preprocessor expression MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit We use logical '&&' everywhere, let's be consistent. (Unless I'm mistaken, binary '&' happens to give the same results for booleans so this wasn't an actual bug, just style/readability issue.) Signed-off-by: Manuel Pégourié-Gonnard --- tests/suites/test_suite_psa_crypto_se_driver_hal.function | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/suites/test_suite_psa_crypto_se_driver_hal.function b/tests/suites/test_suite_psa_crypto_se_driver_hal.function index 439a4606d5..e37cace4ed 100644 --- a/tests/suites/test_suite_psa_crypto_se_driver_hal.function +++ b/tests/suites/test_suite_psa_crypto_se_driver_hal.function @@ -733,7 +733,7 @@ static int smoke_test_key(mbedtls_svc_key_id_t key) buffer, sizeof(buffer), NULL, 0, buffer, sizeof(buffer), &length)); -#if defined(PSA_WANT_ALG_SHA_256) & defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF) +#if defined(PSA_WANT_ALG_SHA_256) && defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF) /* Try the key in a plain key derivation. */ PSA_ASSERT(psa_key_derivation_setup(&derivation_operation, PSA_ALG_HKDF(PSA_ALG_SHA_256))); @@ -768,7 +768,7 @@ static int smoke_test_key(mbedtls_svc_key_id_t key) } #else (void) derivation_operation; -#endif /* PSA_WANT_ALG_SHA_256 & PSA_WANT_ALG_HKDF */ +#endif /* PSA_WANT_ALG_SHA_256 && PSA_WANT_ALG_HKDF */ ok = 1; From f53112e98b38d17e9eb07ff89fcce1c22b85b859 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Wed, 3 Apr 2024 10:06:10 +0200 Subject: [PATCH 078/429] Fix closing comment to match opening guard MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Manuel Pégourié-Gonnard --- tests/suites/test_suite_psa_crypto_se_driver_hal.function | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/suites/test_suite_psa_crypto_se_driver_hal.function b/tests/suites/test_suite_psa_crypto_se_driver_hal.function index e37cace4ed..37a72d9d75 100644 --- a/tests/suites/test_suite_psa_crypto_se_driver_hal.function +++ b/tests/suites/test_suite_psa_crypto_se_driver_hal.function @@ -768,7 +768,7 @@ static int smoke_test_key(mbedtls_svc_key_id_t key) } #else (void) derivation_operation; -#endif /* PSA_WANT_ALG_SHA_256 && PSA_WANT_ALG_HKDF */ +#endif /* PSA_WANT_ALG_SHA_256 && MBEDTLS_PSA_BUILTIN_ALG_HKDF */ ok = 1; From 6bda5f5717f1a3867bc0bf885f4d483dcdb4ce3a Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Tue, 9 Apr 2024 12:28:39 +0200 Subject: [PATCH 079/429] generate_test_keys: use keys from asymmetric_key_data.py asymmetric_key_data.py already provides EC/RSA key pair values that are suitable for generate_test_keys.py. So instead of re-generating the keys using gen_key program, we use those keys. This commit also: - extends asymmetric_key_data.py to introduce RSA bit sizes that are used in test_suite_pk but were missing from asymmetric_key_data.py. - updates test_keys.h with new keys. Signed-off-by: Valerio Setti --- scripts/mbedtls_dev/asymmetric_key_data.py | 80 ++ tests/scripts/check-python-files.sh | 1 + tests/scripts/generate_test_keys.py | 115 +- tests/src/test_keys.h | 1319 ++++++++++---------- tests/suites/test_suite_pk.function | 172 +-- 5 files changed, 905 insertions(+), 782 deletions(-) diff --git a/scripts/mbedtls_dev/asymmetric_key_data.py b/scripts/mbedtls_dev/asymmetric_key_data.py index 8ca6758782..4287be2d49 100644 --- a/scripts/mbedtls_dev/asymmetric_key_data.py +++ b/scripts/mbedtls_dev/asymmetric_key_data.py @@ -136,6 +136,54 @@ ASYMMETRIC_KEY_DATA = construct_asymmetric_key_data({ 308189 02818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3 0203010001 +"""), + 1026: (""" +3082025e + 020100 + 02818102d09661fc74224ba7be7907abef4f5e8bcc264a802c978f7eaa5855ada05436d75db768d20f68595dbcc3d725b138e80b247e44a4163a0542fab612acbbde45f2e93894aa253bddef6a7becdc9cc29a99bacf48dc6e38db7a33e9ac924c520fc6be7d6e5646c1d67fb8b2b97ac60beecc3bb8e75bed8315aa3fe46f748a66d6ef + 0203010001 + 0281806a4a346beba97f655fe834647d2944f5f40815e7302caf02ed179893c2d989395d5e877cacbf24a77a079d3db71580ccdbf63023d00f80e52f5c1a0716b323b7bfcbdc8a1781c44c4153e3da228d17b2dc78eb1f44cff60fe1150808a6e38ba2470aee2e948a6898ddadea56d9470927aca8d94a0338c11a8e95715b5f94e011 + 024101f5418534c36236fc9fd38934d7c06dfed3829151ccab56b6330c641f7796a71924cf8119ca26e186ecd3068d6607a05260db4857651980436891adde9eb92ab7 + 02410170042fbdbaba1e102b7f7f1dc9d940cfdcd85dd0ea65f543c6432e9c5480724bb49b1e5f80ca2b9f84cd6644bfb2e3d0968090b89f534dc2951e606db909dd89 + 0241014b6c1aeb1c14a04ec04e5975fb015cb914984c054dd22bef24299939c514733f88bb3a9d16b04685b3a883b8923190ab672715d9d31add57b4983de1e8087e59 + 02410117bf76f308b0560e00a2c864427dcd50b5161c2aa523a00f46f4e6c79b4c90958fd2a282028aac227477169888085a38c34f33b3c41934f1071db23b75ff53d1 + 02410120a428b4e0c4a6f202920fd49cc9886e6b6719d40a3ad0604f5d5efd5ef6973a573ab324f38ecb8e669a69341597081e240b6ae4e2714887dd78dadaeb0b9216 +""", """ +308189 + 02818102d09661fc74224ba7be7907abef4f5e8bcc264a802c978f7eaa5855ada05436d75db768d20f68595dbcc3d725b138e80b247e44a4163a0542fab612acbbde45f2e93894aa253bddef6a7becdc9cc29a99bacf48dc6e38db7a33e9ac924c520fc6be7d6e5646c1d67fb8b2b97ac60beecc3bb8e75bed8315aa3fe46f748a66d6ef + 0203010001 +"""), + 1028: (""" +3082025e + 020100 + 0281810e62a76f0e0b59683a7ebf7cbfd37b1d1781d8f1b900604b507f0f04c72a3d340d067bcd53bea3caff4e4ae694f0b6d8f591a4167fbf7f372ab57e83a69a3f26f447bcf582bc9621a30a3b44d6b43e986d1a867b07489e4f9bfcadaa82a2782dc2729a631fb1fb9ffb794b4e53c76239e04d4a8f80352588db29462dde18237cf5 + 0203010001 + 02818101cfa0422e3bb60c15ef2e96db4499e789f5d634ea64567b2cdd6e2bdd121f85edccdee9b4ed178c5f33816101a7c371518b3e23f9fdc71b90242cd310b6b31428b0b64eb9596be0cc044cc85048982f90b706e66ccdd39ad5a1a7b64cf034eac0c35d7ace93f2bcd3ce243bd8f83b46f509ca2f805063002af2bb2d88b6ee36a9 + 024103f0886d2977526f3f3f6a075600232ce3008517276dd3721dee08fd6c999fc976b9e8dd2bc143385fa4b48735ce81c66b501d7129ee7860cfbef23b5da91e6c2d + 024103a6c8734aace59d5f386f97de450f8a12d63ae6ac15d336e010c9fcf03a32f0611881ac6cd8b3f989925c0f025af26cf26aebd7d9b04eb503048dca2f503c28e9 + 0241019b300451c3b47866f113e9a9c6a490c87c8dc6c2eca42902caea1f6907b97e0a4a02072aafc1185ae66c34345bddcd683361cda1aaf8a98009f9f8fa56d97081 + 02401bcca849173d38e1e50ec48872ab54a2dcc621a80a7a1e8ea951287988718d5e85d90d64ab4926e9a575a168a385c421ad765813fc3f4af8cd00de7b6bba6e49 + 0241036dcf69f6e548c8acfb536fb6cd186f8b8f20d313361d0447c1b5e380f4113e578b31e867dda47d44ad3761e793f725031b8d379f389de277a9a0137651df548a +""", """ +308189 + 0281810e62a76f0e0b59683a7ebf7cbfd37b1d1781d8f1b900604b507f0f04c72a3d340d067bcd53bea3caff4e4ae694f0b6d8f591a4167fbf7f372ab57e83a69a3f26f447bcf582bc9621a30a3b44d6b43e986d1a867b07489e4f9bfcadaa82a2782dc2729a631fb1fb9ffb794b4e53c76239e04d4a8f80352588db29462dde18237cf5 + 0203010001 +"""), + 1030: (""" +3082025f + 020100 + 0281812b7cd197f5796d1f8e576b2b37723fd9210814ef1c1995f9899d50058f379d239c66878e922f34c6ae3672c8598fcd5d47b764d2ec156e134d03cf6a94d38d2ea8bc76dbbc60c4b974219090eaf287497d7dcf7f119cfa867496f7e91c12b5d552e1d1461a80dbe9a59db3b016c6c0141c3b2a0e226089b855cb88ef656408bd89 + 0203010001 + 0281810210d5ff531cacb22f8cf7dd1fd9fb0376f3647f2e9ab3df9c89b9ad3c98e68b89adeb29901dd2f2cf2ac1f817726278830ec8a8d0fdd19d496ec6bc683671174786b7d6a8e822fa71d65ad35abbdf0e6e55ff2c1821b62bc630192160e5c9b3dcafc65ae6b2a088fbc5591da58a45dd7a30960f7d3def75b80cdf73247360e8fb + 0241072e371a3ba861e78e3eb9313065faab0a97216e9544bfc2d5b403844b43273705755a85aa0baf7114770cfeca20bca17ac19bc4cbba106a33b3dddca0fb535f33 + 0241060e6af37ab4ea11f52b9344e7160eb2a53f1075e1229a7f10a301de3359f53e981ea0e17df0fb380f089e5c37dd40daa29eefd205f5c87b38f8fef636b57ba053 + 0241023a5dd09ef83540b30b554d24f64f9c28d212068cfc62ffe26d53b605e05557a632ee9e90cfc56531f36aadd82be63bb8aa405a04d8bbe5281bc45883fed7b4af + 0241041de6dbad4caf5417a9504965201c4b99827de8f369f7456a84b3ef5c4ec9238c7a3d782a8915ebec643a698b5bee0af0c243592bce0042aadeaf49a4b4c6dd9b + 024105d32dee952b503b536fcecf19ec08236a9cd945c49551bf99f15b674fc21aa199f4c4211f0f0007c417c1fb4155326a2142fca454bbd38d6dbc6caa7ac335a17c +""", """ +308189 + 0281812b7cd197f5796d1f8e576b2b37723fd9210814ef1c1995f9899d50058f379d239c66878e922f34c6ae3672c8598fcd5d47b764d2ec156e134d03cf6a94d38d2ea8bc76dbbc60c4b974219090eaf287497d7dcf7f119cfa867496f7e91c12b5d552e1d1461a80dbe9a59db3b016c6c0141c3b2a0e226089b855cb88ef656408bd89 + 0203010001 """), 1536: (""" 3082037b @@ -152,6 +200,38 @@ ASYMMETRIC_KEY_DATA = construct_asymmetric_key_data({ 3081c9 0281c100c870feb6ca6b1d2bd9f2dd99e20f1fe2d7e5192de662229dbe162bd1ba66336a7182903ca0b72796cd441c83d24bcdc3e9a2f5e4399c8a043f1c3ddf04754a66d4cfe7b3671a37dd31a9b4c13bfe06ee90f9d94ddaa06de67a52ac863e68f756736ceb014405a6160579640f831dddccc34ad0b05070e3f9954a58d1815813e1b83bcadba814789c87f1ef2ba5d738b793ec456a67360eea1b5faf1c7cc7bf24f3b2a9d0f8958b1096e0f0c335f8888d0c63a51c3c0337214fa3f5efdf6dcc35 0203010001 +"""), + 2048: (""" +308204a3 + 020100 + 0282010100f7bb6b8eab40491cd64455ec04d4ed8db5051a9738fc7af73ff3b097511cce40aaf76537b1353504427986b7b2b53a964a6937b558ec0d1dea274af2b8fff2f094c243fa577266a79db0c26ffe30416d23ef05dd5fecab413ebbb4f8526ae720a94584226b37d92ef463fc736cb38e530e7488d9162f5726807bc543138a2d258adb4d680221c2532381ccfa81bc89bc3d7b84039c2df41ce3ec8db91c2380e781ba3aa9e23b74ed9973d4908efca47aa8d9b7b0a4423297a404427c3f3cd6e0782e4553880f06ba39a64f4a7b0eef921a6050a207cefadcf07394a3e18ea915dc8497e7ae61fc3162f62f5065a692af077266f7360c2076cebeaf14cb22c1ed + 0203010001 + 0282010000b8962dce604bc62e7678f48ca80cfff456ad36e2f6d329cc911a42ba7cf5b9b8f5aae1005e4a06f6e591279038d8508f2b62badfa5223da3cc94fa8360d5556f6d6852be75ea08135cac1834da719a4e7837e166d1d2c6c816b64661c10766b02f705cc4489f947428255835a909214341c21335ae12181dd81e611d59b1db70667bebd7e92b71e1d388318d3ec14d616f72c231f6727a183e6818285bd65f6572cadc9012248821b2d0ae6cedd30ca440d4d34cd77e2cf6b40ed2c7d856b30d474733fce0fb695c3e6530c079aed955e4073055f2655d4b671e291fde400f2f06d0b33f87d261e0ad3dae48a913841b34cfed03790fcaee00de2e90fb9621 + 02818100fcbe89cd1aa319e49ef4f72149bf06da57dcc64d3de605e9ff3e76fc66f4b1e2878245ffd71990511b17e97f33818889a8c21b5527fd181327affe88f9bba670c4e6f1e6309bd0323074e4cbcf23dce3c19b8d5495f56a93059ba7414f28ed1ec906ad18c63de1148abcfe9be7986000f425e580b70e43e48e24fa9d51aaae4d + 02818100faec5a7bed2e53cfca1e167db4641db5a00fe2c328125423d594789f3ec072c623e7afbdee0089fd26307651f6d3611a88af28c34585d5cb713a650c35933f58944db9bd15ba9fc28b07e6705b7b3ef1ccb48d21a53569c8b84c444b61ea5c6e67b54f0afd852ffb8c92a111fab8677263eeb80cf1a3403b4a9a209776947221 + 0281802ff99afeabc7b9ea83a1cc272d706d4494d8fb6b3e0ca3a2bf28843d74ed8db68a3258472ff5524792f4ff057e296059810717591ab61813cabcc57c0aab6bf48bebaa8f1f3af45212909dbd721c449996ee87ed3e69cf49090f7ab812e699dbf61ca64ec592895ef4d6db1d8ce08798a6bf6ac8fbf6613cc91e8bd3c0e4bd21 + 02818100b29b34590bddb308afecb4c3ab78abf1114add755e7b956aa0677b6896a933c937db7dabaad2b565fd1df7caa5ef9629e5eb100fd6d7c9f372d846fee6cfb6025e25e934df57a4ca3c5e5637d9d6235ac80428852f6c92acae0a937e38e731fde0521d3e4c70d653ae9edc89c8b623e4379fbf606f4b6db8068528f7c70f2921 + 0281800ed47ae05b275a23a7dfe3ffb727e3a268e626a59d401d2d846de26954ff54fc9ed93a9af33fac2c967a18e0f86145083e39923454bc10da5f4937e836b99851956bffb301ce9e06789786693213fcde6d5f2933d52bb29dc340ea011257788d3c5775eb6569230aafbf08752d40a8419de71b01d4927e27c1079caada0568b1 + """, """ +3081010a + 0282010100f7bb6b8eab40491cd64455ec04d4ed8db5051a9738fc7af73ff3b097511cce40aaf76537b1353504427986b7b2b53a964a6937b558ec0d1dea274af2b8fff2f094c243fa577266a79db0c26ffe30416d23ef05dd5fecab413ebbb4f8526ae720a94584226b37d92ef463fc736cb38e530e7488d9162f5726807bc543138a2d258adb4d680221c2532381ccfa81bc89bc3d7b84039c2df41ce3ec8db91c2380e781ba3aa9e23b74ed9973d4908efca47aa8d9b7b0a4423297a404427c3f3cd6e0782e4553880f06ba39a64f4a7b0eef921a6050a207cefadcf07394a3e18ea915dc8497e7ae61fc3162f62f5065a692af077266f7360c2076cebeaf14cb22c1ed + 0203010001 +"""), + 4096: (""" +30820929 + 020100 + 0282020100cc8725f6b38d5d01aeeb07d36e03de4d31a0261ce74fe11a895ecfd13d168aee932af135ffbb849877273897081f3f7593c14ae82bc266c10544f726ae1ccf133d8a4018d380dfa25251c011107b7513a943346aa0e0dec11d8d7fa25644653c118daabce6d41f066f6621768801478055780e91b68ea3c95856d172a89032b39c824e8b7dc1a3f8aee4f6b368baa3cd68f50d52680117e9b913d7f8c852a0d1008e8b87a5c97e37afc11a080550557b8b4dcbd8e192ed3366d83a09d27c77e150f66855b5dcfdb2df151bd7f444250eaf6fe3f236826c81fa848101bfaad535ffb522d6ff97c9dd1e43b82cce2921d153c15450c4724ffd3efdca578e013650a03a5cf501fc58600fb5c860c0ef0cfe0ac0712d441313dca41a4d7d411e6c83b2151749d28be4692f62373db07e4a79051c5682ec20d491c4cfc7bc140f35fa15e5a1fa756d65b8ef93addf4c47c4a35b184f22a1ef089948f946f6faeb6470f26746e658cf9b4177417842e6d373558089aff721b930e9ec61b4f6a02c052c6924d39a5bbb15ed1106c4010f4dd69c79d042c8b31661b1ee486bc69db5f2f07a50d85b20699d601315625bb869629c7f4c5d48b211d097f438acec95973a38d421090af0f13484e4e94b8cb5efc18507f4b931df39987ffb2830293e4da381aaf70b3292952ef934e2b40fdebba3d9701b76e1be548274b2602d888537482d + 0203010001 + 028202001a943e9c0089f0aa0116048a96abb486321a86916f82fb352460789fcfb1400550853e5afedc9ad6e877259cc4feb093c24b968534f89abb5f48aed8ad3c4bb1cba7cd7c1c724d3dae36770010b5068a334f2b3ee720c9f9ed320001f3f587f5662f939e605df519343d60c0635ccd32b188bc55f5d434173c9e6db2199341af833990e50246f99cddf79dd2c35babe14c103a76b8d2d98d73528f98c249b0a1f09155b31f599fc833542422a2342623bbbef4ac7ee605e2cdecf01fea25683bd4f66ca924ccef00418adff730c4714f66ffa2af0da3e5df7f539c634289fc12bc24093ec8f0ec180af0907cec1ebec911fa180fb5f3c80ed852896ad6e6b3eccb44de62193d52118cab2b171071d5fdaa7c4288fc7766d57774f4be46151bb90ace7c10c215f62ed26e52e6122436f532bd54fc08272adb216a2db433d5699c40ad58faa2660898ffccfc98002f8bb0361b4cf9ed6e93c1ca96d34a1ef40460f85918cfde4a8193b51ecea4b3903cae924a8fad5f8308954c9f19a7597bf0a75126a557e49f8bbd31fc4e8556f230640bf36204c6cf3d56dca5a41d860307ba6705a698681100a327f91739c486c470ba71d03d285314b0d7d04008e03f2a2b85e7c243d6fd9b97a02168c069ec572d3f0ca15ebcb1739f3a0b3c147a88e0b74f45a007ae927d6f822bf50b87b1e93fe7d9180bc6bc12bde6c8070d10c97331 + 0282010100f50ebceac9d3c64482a8c265d6365461aa4a31a6a7633a24c8e34794ecdfcab1d6b52fb6a5f38055cc32d6a61b889550de27b3d0bd68b6d4fda041598ab98887143988576806b1c48720794902952ebe1bf0def65a0e6f94067056e6864fa2882e3a16f246282093d037639078182dd0a6eb21d3bad0637901a268b14c632c9d0b1690ed88abdde03f528247aa2e41557d0865ad34e53ff53ae0e5dea195d93fe65c25871f6f23adf34b6e960c2978f2b7475dafce6cbb26a53934d26c193d67f32de91035eeb89022beb7d5df784ac20ca6ab91bf6b775b6c9416f605b4841736cbfbd22ad98ab2e8428457e0793f5af40e550b48765d59e6e1b4a4a1f571f1 + 0282010100d5a91d4d44bb9b73c1fe0248925e2c0ec1de51390bd8a73b453da51ae29325ae7657089fd4ee4a2fd96e345b57f672d7d484fde99189ab0a6365bf2b38680d6bb947f4b217be660323c26b86d643ae686d82e36ec00cfd038942443caa04a0f91e68ec717935b45e790311be56440d7176949594688ed1dd5c9103c57c158d05e4c37b98d81898030744a64f6ebdbf750aab79757e34dac422163ea7c0f42b97710c861978b24100385aad727e5f3836a74ea4bf1d36ef2a5edf9c9e8f996ef3191348450ea9f1d4a63db29cb06f63e5badb18e4d40f5112b658d1cc23cb65388aca03d141a6bc5fbd9429fe33d340d3e85bfa848908d60b562f894e8a337dfd + 0282010100c4950f0d95dc51d791ad094d223b3113abc49af1e2a361f83242c8a07a28c8744315d3f1c44c82edd0c21398eacb75648ae1f48885f92379d6ffa08cd11126a99d9acd79b8946e3486659185f511718ec5e1432b02714426cdc77e9eacade36735161a643dcd60dcd2922c47af5f4e196c5d8124555f67fca148048dfe062cbaca334f0d8daeb96d73be9f8e17c1c55d6bd0b9a7e99fe1dfba5cc16a07dbaa8c6d220c64c9dda114a0f029052b3a75b0d73fe3b2ed7821e5cd7307a1a95fd1f7ba8760c8454b7c38fbf65c88b01cd273ba2c55c3b477e426ae025a2cffc4a095f2ba4e0779a24b765b85489f2a0e79b95fc0c38e2a91f12ef65ca749ce369431 + 028201002aa48e0c95e33bab66d4637048863314deec9819629be30499552c56a951e4fb64f309ed9c79d2a4aa28ac9a6e7be97fda1290fac4e94d11cdb4c8eabf5f450e72f4418a29e2fe493221e3840dcf8447a353b440ae63e93b83718e5ced31ef4ec91af7d5cdf3420478f27be019278be7515b665f305f10d3b55ddbfad64116dc4e4415aef3b234e4a5d6b5bab4c77a26c9f25f536bd4f0b4a478fc184f126c80d53742ac62c270e6b258a6b56b3365ecc28797a9ed12c1b91b265603ef751807bcc1747313f22729e1e3fe79f75cc3fb5dc7ccb81efacf9b847945a6109ecf9cf156505cbb55a3d317eb325661d18fe6bb416046837318053b365199334c03a1 + 0282010100ee63706030a4ece9fe3bddcfc49f5a83f37f63ebcb29dbdc999f6ff54b596f115cf1eca09990108a439518e996f689fdde89b2c67edc04bf8e366734c2ae3017ec14e042050e7c656840146ca048394dcebe90dd2195349bbad306569031b2ef6e9171d2ae7797c8844e548394ca3b768d8496e99ef63abb59b0ff7fc70eb53153dd0f59018a275acba701f2c76a15c894f53461fedf65bc25c2c5cec396e556a1a919bc7a056393d50644126dcdef9256642e65a6043cbce9497e192cf2cb33648e117f41dbf01900acb93b0c78ddf31f381f4db3f9ccbbb69093dabf2e89dbbc0cb72f20c005a2519e3a874146495d7aacf3416a422e560986f22f39456e7f + """, """ +3082020a + 0282020100cc8725f6b38d5d01aeeb07d36e03de4d31a0261ce74fe11a895ecfd13d168aee932af135ffbb849877273897081f3f7593c14ae82bc266c10544f726ae1ccf133d8a4018d380dfa25251c011107b7513a943346aa0e0dec11d8d7fa25644653c118daabce6d41f066f6621768801478055780e91b68ea3c95856d172a89032b39c824e8b7dc1a3f8aee4f6b368baa3cd68f50d52680117e9b913d7f8c852a0d1008e8b87a5c97e37afc11a080550557b8b4dcbd8e192ed3366d83a09d27c77e150f66855b5dcfdb2df151bd7f444250eaf6fe3f236826c81fa848101bfaad535ffb522d6ff97c9dd1e43b82cce2921d153c15450c4724ffd3efdca578e013650a03a5cf501fc58600fb5c860c0ef0cfe0ac0712d441313dca41a4d7d411e6c83b2151749d28be4692f62373db07e4a79051c5682ec20d491c4cfc7bc140f35fa15e5a1fa756d65b8ef93addf4c47c4a35b184f22a1ef089948f946f6faeb6470f26746e658cf9b4177417842e6d373558089aff721b930e9ec61b4f6a02c052c6924d39a5bbb15ed1106c4010f4dd69c79d042c8b31661b1ee486bc69db5f2f07a50d85b20699d601315625bb869629c7f4c5d48b211d097f438acec95973a38d421090af0f13484e4e94b8cb5efc18507f4b931df39987ffb2830293e4da381aaf70b3292952ef934e2b40fdebba3d9701b76e1be548274b2602d888537482d + 0203010001 """), }, }) diff --git a/tests/scripts/check-python-files.sh b/tests/scripts/check-python-files.sh index 51e80792b0..cf1f87ab12 100755 --- a/tests/scripts/check-python-files.sh +++ b/tests/scripts/check-python-files.sh @@ -62,6 +62,7 @@ $PYTHON -m pylint scripts/mbedtls_dev/*.py scripts/*.py tests/scripts/*.py || { echo echo 'Running mypy ...' +export MYPYPATH="../../scripts" $PYTHON -m mypy scripts/*.py tests/scripts/*.py || ret=1 diff --git a/tests/scripts/generate_test_keys.py b/tests/scripts/generate_test_keys.py index 23bc9a19e8..630ab05ac1 100755 --- a/tests/scripts/generate_test_keys.py +++ b/tests/scripts/generate_test_keys.py @@ -8,94 +8,85 @@ generating the required key at run time. This helps speeding up testing.""" import os import sys -import subprocess +# pylint: disable=wrong-import-position +SCRIPT_DIR = os.path.dirname(os.path.abspath(__file__)) + "/" +sys.path.append(SCRIPT_DIR + "../../scripts/") +from mbedtls_dev.asymmetric_key_data import ASYMMETRIC_KEY_DATA -KEY_GEN = "./programs/pkey/gen_key" -TMP_DER_FILE = "tmp_key.der" -OUTPUT_HEADER_FILE = "./tests/src/test_keys.h" +OUTPUT_HEADER_FILE = SCRIPT_DIR + "../src/test_keys.h" BYTES_PER_LINE = 12 KEYS = { # RSA keys - 'test_rsa_1024': ['rsa', '1024'], - 'test_rsa_1026': ['rsa', '1026'], - 'test_rsa_1028': ['rsa', '1028'], - 'test_rsa_1030': ['rsa', '1030'], - 'test_rsa_2048': ['rsa', '2048'], - 'test_rsa_4096': ['rsa', '4096'], + 'test_rsa_1024': ['PSA_KEY_TYPE_RSA_KEY_PAIR', 1024], + 'test_rsa_1026': ['PSA_KEY_TYPE_RSA_KEY_PAIR', 1026], + 'test_rsa_1028': ['PSA_KEY_TYPE_RSA_KEY_PAIR', 1028], + 'test_rsa_1030': ['PSA_KEY_TYPE_RSA_KEY_PAIR', 1030], + 'test_rsa_2048': ['PSA_KEY_TYPE_RSA_KEY_PAIR', 2048], + 'test_rsa_4096': ['PSA_KEY_TYPE_RSA_KEY_PAIR', 4096], # EC keys - 'test_ec_secp192r1': ['ec', 'secp192r1'], - 'test_ec_secp224r1': ['ec', 'secp224r1'], - 'test_ec_secp256r1': ['ec', 'secp256r1'], - 'test_ec_secp384r1': ['ec', 'secp384r1'], - 'test_ec_secp521r1': ['ec', 'secp521r1'], - 'test_ec_bp256r1': ['ec', 'brainpoolP256r1'], - 'test_ec_bp384r1': ['ec', 'brainpoolP384r1'], - 'test_ec_bp512r1': ['ec', 'brainpoolP512r1'], - 'test_ec_curve25519': ['ec', 'x25519'], - 'test_ec_secp192k1': ['ec', 'secp192k1'], - 'test_ec_secp256k1': ['ec', 'secp256k1'], - 'test_ec_curve448': ['ec', 'x448'], + 'test_ec_secp192r1_priv': ['PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1)', 192], + 'test_ec_secp192r1_pub': ['PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1)', 192], + 'test_ec_secp224r1_priv': ['PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1)', 224], + 'test_ec_secp224r1_pub': ['PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1)', 224], + 'test_ec_secp256r1_priv': ['PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1)', 256], + 'test_ec_secp256r1_pub': ['PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1)', 256], + 'test_ec_secp384r1_priv': ['PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1)', 384], + 'test_ec_secp384r1_pub': ['PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1)', 384], + 'test_ec_secp521r1_priv': ['PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1)', 521], + 'test_ec_secp521r1_pub': ['PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1)', 521], + 'test_ec_bp256r1_priv': ['PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_BRAINPOOL_P_R1)', 256], + 'test_ec_bp256r1_pub': ['PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_BRAINPOOL_P_R1)', 256], + 'test_ec_bp384r1_priv': ['PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_BRAINPOOL_P_R1)', 384], + 'test_ec_bp384r1_pub': ['PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_BRAINPOOL_P_R1)', 384], + 'test_ec_bp512r1_priv': ['PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_BRAINPOOL_P_R1)', 512], + 'test_ec_bp512r1_pub': ['PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_BRAINPOOL_P_R1)', 512], + 'test_ec_secp192k1_priv': ['PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_K1)', 192], + 'test_ec_secp192k1_pub': ['PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_K1)', 192], + 'test_ec_secp256k1_priv': ['PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_K1)', 256], + 'test_ec_secp256k1_pub': ['PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_K1)', 256], + 'test_ec_curve25519_priv': ['PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_MONTGOMERY)', 255], + 'test_ec_curve25519_pub': ['PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_MONTGOMERY)', 255], + 'test_ec_curve448_priv': ['PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_MONTGOMERY)', 448], + 'test_ec_curve448_pub': ['PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_MONTGOMERY)', 448], } -def generate_der_file(curve_type: str, curve_or_bits: str): - if not os.path.exists(KEY_GEN): - raise Exception(KEY_GEN + " does not exist. Please build it before running this script.") - if curve_type == 'ec': - cob_param = 'ec_curve=' + curve_or_bits - else: - cob_param = 'rsa_keysize=' + curve_or_bits - - subprocess.run([KEY_GEN, 'type=' + curve_type, cob_param, - 'format=der', 'filename=' + TMP_DER_FILE], check=True) - -def convert_der_to_c(array_name: str) -> str: - """Convert a DER file content to a C array. The name of such array is - provided as input parameter. The file to be converted is the temporary - TMP_DER_FILE.""" +def convert_der_to_c(array_name: str, key_data: bytearray) -> str: + """Convert a DER content to a C array.""" output_text = "const unsigned char {}[] = {{\n".format(array_name) - with open(TMP_DER_FILE, 'rb') as input_file: - data_block = input_file.read(BYTES_PER_LINE) - while data_block: - new_line = ' ' + ', '.join(['{:#04x}'.format(b) for b in data_block]) - output_text = output_text + new_line + ",\n" - data_block = input_file.read(BYTES_PER_LINE) + def get_data_chunk(data): + for index in range(0, len(data), BYTES_PER_LINE): + yield data[index : index + BYTES_PER_LINE] - output_text = output_text + "};\n" + for bytes_chunk in get_data_chunk(key_data): + new_line = ' ' + ', '.join(['{:#04x}'.format(b) for b in bytes_chunk]) + output_text = output_text + new_line + ",\n" + + output_text = output_text + "};" return output_text def main(): - # Remove intermediate and output files if already existing. + # Remove output file if already existing. if os.path.exists(OUTPUT_HEADER_FILE): os.remove(OUTPUT_HEADER_FILE) - if os.path.exists(TMP_DER_FILE): - os.remove(TMP_DER_FILE) output_file = open(OUTPUT_HEADER_FILE, 'at') output_file.write( "/*********************************************************************************\n" + " * This file was automatically generated from tests/scripts/generate_test_keys.py.\n" + " * Please do not edit it manually.\n" + - " *********************************************************************************/\n" + - "\n" + " *********************************************************************************/\n" ) - add_newline = False for key in KEYS: - # Use gen_key tool to generate the desired key (in DER format) and save - # it into a temporary file. - generate_der_file(KEYS[key][0], KEYS[key][1]) - # Convert the key from binary format to a C array and append the result - # to the output header file. - if add_newline: - output_file.write("\n") - c_data = convert_der_to_c(key) - output_file.write(c_data) - # Remove the temporary key file. - os.remove(TMP_DER_FILE) - add_newline = True + key_type = KEYS[key][0] + key_bitsize = KEYS[key][1] + c_array = convert_der_to_c(key, ASYMMETRIC_KEY_DATA[key_type][key_bitsize]) + output_file.write("\n") + output_file.write(c_array) + output_file.write("\n") if __name__ == '__main__': sys.exit(main()) diff --git a/tests/src/test_keys.h b/tests/src/test_keys.h index 197e142ddd..694bee55fb 100644 --- a/tests/src/test_keys.h +++ b/tests/src/test_keys.h @@ -4,690 +4,717 @@ *********************************************************************************/ const unsigned char test_rsa_1024[] = { - 0x30, 0x82, 0x02, 0x5b, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x00, 0x96, - 0xbf, 0x20, 0x0e, 0x0b, 0xab, 0xff, 0x46, 0x3d, 0xd8, 0xc4, 0x25, 0x71, - 0x78, 0x27, 0xe4, 0x27, 0xfd, 0x9c, 0x38, 0x26, 0x25, 0xc2, 0x05, 0xb2, - 0x9a, 0x73, 0x04, 0x99, 0xa8, 0x75, 0x00, 0x98, 0x6b, 0x28, 0xec, 0xe9, - 0x87, 0x6c, 0x92, 0xf8, 0xdd, 0x6e, 0x3b, 0x0a, 0xae, 0x79, 0x79, 0xa1, - 0xbc, 0x39, 0xc2, 0x3e, 0x2d, 0x46, 0xad, 0x09, 0xff, 0xec, 0x3a, 0x2b, - 0xf5, 0xaf, 0x87, 0xaa, 0x69, 0x25, 0xa3, 0x71, 0xa1, 0xe0, 0x43, 0x13, - 0x63, 0xac, 0x0d, 0x54, 0x62, 0x5b, 0xd3, 0x1b, 0x36, 0x0e, 0x6d, 0x26, - 0x80, 0x56, 0xd3, 0x10, 0xf2, 0x21, 0xd4, 0xac, 0x96, 0x3e, 0xe6, 0x66, - 0x7a, 0xea, 0x02, 0x14, 0x02, 0x28, 0x0f, 0x92, 0x46, 0x82, 0x23, 0x06, - 0xd6, 0xef, 0xcc, 0x69, 0x3b, 0x58, 0x82, 0xb0, 0xd7, 0x26, 0x9f, 0x10, - 0x7c, 0x68, 0x5c, 0x4c, 0x91, 0x0c, 0x27, 0x02, 0x03, 0x01, 0x00, 0x01, - 0x02, 0x81, 0x80, 0x15, 0xb8, 0x8f, 0x62, 0xb1, 0x62, 0xd9, 0xf8, 0x61, - 0xe3, 0xfb, 0x36, 0x01, 0x4e, 0x14, 0xc2, 0xbc, 0x27, 0xbf, 0xb1, 0x45, - 0x7f, 0x38, 0xf5, 0x94, 0xe1, 0x20, 0x03, 0xeb, 0x2c, 0xc9, 0xed, 0xc9, - 0x33, 0x33, 0xa5, 0x43, 0x6c, 0x57, 0x2e, 0xd6, 0xe6, 0x22, 0x6d, 0x26, - 0x77, 0xb2, 0x70, 0x33, 0x67, 0x9e, 0xe8, 0xf2, 0xb2, 0xed, 0x15, 0x4a, - 0x34, 0xbd, 0x47, 0x3a, 0x85, 0xff, 0x01, 0xc9, 0x8e, 0xa9, 0x3d, 0x65, - 0xaa, 0x62, 0xcb, 0xf7, 0x33, 0xdd, 0xfb, 0x69, 0x67, 0xa4, 0xc6, 0xda, - 0x3e, 0xc9, 0x5a, 0x00, 0xaa, 0xb7, 0xde, 0x01, 0x45, 0x15, 0xfb, 0x8b, - 0x87, 0x68, 0x40, 0xa7, 0xf1, 0xe3, 0xc2, 0xeb, 0xa1, 0x9a, 0xcd, 0x49, - 0xf8, 0x19, 0xae, 0x61, 0x5a, 0x8e, 0x2d, 0x8f, 0x49, 0x85, 0x09, 0x64, - 0x48, 0x29, 0x4a, 0x2c, 0x1a, 0x12, 0x51, 0x33, 0xbe, 0xc0, 0x0d, 0x02, - 0x41, 0x00, 0xc7, 0x67, 0x6c, 0xc0, 0xb8, 0x44, 0x65, 0x5c, 0xd1, 0xfd, - 0xb3, 0x36, 0x91, 0xf5, 0xb4, 0xf9, 0x51, 0x55, 0x18, 0x9a, 0x42, 0x68, - 0xe5, 0xd0, 0x73, 0xe9, 0xdd, 0xf0, 0x91, 0x49, 0xa8, 0x2b, 0x3f, 0x8a, - 0xfc, 0xc5, 0x43, 0x9a, 0xa8, 0x4a, 0xe7, 0xe8, 0xf3, 0xdd, 0x3d, 0x9f, - 0x9c, 0xb8, 0xa7, 0xab, 0xeb, 0xd8, 0xc0, 0xa3, 0xae, 0xde, 0x1d, 0x46, - 0x38, 0x87, 0x2d, 0x96, 0x3b, 0x4d, 0x02, 0x41, 0x00, 0xc1, 0x88, 0x48, - 0x0c, 0xb2, 0x5e, 0x24, 0x09, 0x11, 0x93, 0xbc, 0xaa, 0x8d, 0x27, 0x14, - 0x47, 0x4e, 0x59, 0xae, 0x53, 0xfc, 0x75, 0x02, 0x56, 0xa5, 0x10, 0x33, - 0x92, 0x72, 0xa5, 0xbe, 0x95, 0xbc, 0x4e, 0x19, 0x85, 0x89, 0xd1, 0xc2, - 0xe4, 0xf4, 0x64, 0x1d, 0xe0, 0x7e, 0xa7, 0x2d, 0x7b, 0x6d, 0xb0, 0xb0, - 0x2a, 0x1b, 0xad, 0xc6, 0x6c, 0xf5, 0x64, 0x53, 0x31, 0xaa, 0xb4, 0x23, - 0x43, 0x02, 0x40, 0x64, 0xb0, 0x77, 0xfc, 0xf4, 0xcf, 0x2c, 0xb3, 0xeb, - 0x21, 0x85, 0x8e, 0x47, 0xb3, 0xdf, 0xb7, 0x89, 0x77, 0x43, 0xde, 0x19, - 0x2c, 0xa8, 0xe7, 0x52, 0xb0, 0xc4, 0x2e, 0x46, 0xde, 0xff, 0xb9, 0x1e, - 0xf4, 0x0a, 0xe1, 0x7d, 0x5a, 0xaa, 0x22, 0x70, 0xea, 0x73, 0xc1, 0xc2, - 0xed, 0x47, 0x11, 0x03, 0x31, 0xcf, 0xfc, 0xfa, 0x81, 0x6c, 0xba, 0xa1, - 0xe3, 0xa4, 0x85, 0xb5, 0xe2, 0x47, 0x7d, 0x02, 0x40, 0x13, 0xcb, 0x4b, - 0x8b, 0x38, 0xe7, 0x16, 0x0a, 0x73, 0x68, 0xc7, 0xe0, 0x2d, 0xc5, 0xb4, - 0x76, 0x42, 0x96, 0x3b, 0x95, 0x4d, 0x79, 0xee, 0x3e, 0x4c, 0x6d, 0xa6, - 0xc8, 0xb0, 0xbf, 0x31, 0x0a, 0x01, 0x93, 0x7f, 0x5a, 0xc0, 0x28, 0xdb, - 0x25, 0x2d, 0xb5, 0xdb, 0xb4, 0x6d, 0x5f, 0xcd, 0xf0, 0x14, 0xdd, 0x00, - 0x77, 0x9e, 0x13, 0x1c, 0xfb, 0x61, 0xf1, 0xdb, 0xec, 0x75, 0x88, 0x2d, - 0x1f, 0x02, 0x40, 0x21, 0x0a, 0xa0, 0x87, 0x82, 0x23, 0x01, 0xe9, 0x8b, - 0xcc, 0x29, 0xb3, 0x47, 0x69, 0xfe, 0x37, 0x65, 0x90, 0x79, 0xaa, 0x36, - 0x9b, 0x6c, 0x58, 0xd4, 0x62, 0x08, 0x6c, 0xfe, 0x1f, 0xec, 0x89, 0xbb, - 0x85, 0x9e, 0x27, 0xd2, 0x0d, 0x97, 0xaa, 0x3d, 0x2c, 0x00, 0xee, 0x60, - 0x95, 0x77, 0x6e, 0x5d, 0xc4, 0xe2, 0x49, 0x3f, 0x79, 0x38, 0x78, 0xc8, - 0x48, 0xa3, 0xe3, 0x80, 0x46, 0xcb, 0x22, + 0x30, 0x82, 0x02, 0x5e, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x00, 0xaf, + 0x05, 0x7d, 0x39, 0x6e, 0xe8, 0x4f, 0xb7, 0x5f, 0xdb, 0xb5, 0xc2, 0xb1, + 0x3c, 0x7f, 0xe5, 0xa6, 0x54, 0xaa, 0x8a, 0xa2, 0x47, 0x0b, 0x54, 0x1e, + 0xe1, 0xfe, 0xb0, 0xb1, 0x2d, 0x25, 0xc7, 0x97, 0x11, 0x53, 0x12, 0x49, + 0xe1, 0x12, 0x96, 0x28, 0x04, 0x2d, 0xbb, 0xb6, 0xc1, 0x20, 0xd1, 0x44, + 0x35, 0x24, 0xef, 0x4c, 0x0e, 0x6e, 0x1d, 0x89, 0x56, 0xee, 0xb2, 0x07, + 0x7a, 0xf1, 0x23, 0x49, 0xdd, 0xee, 0xe5, 0x44, 0x83, 0xbc, 0x06, 0xc2, + 0xc6, 0x19, 0x48, 0xcd, 0x02, 0xb2, 0x02, 0xe7, 0x96, 0xae, 0xbd, 0x94, + 0xd3, 0xa7, 0xcb, 0xf8, 0x59, 0xc2, 0xc1, 0x81, 0x9c, 0x32, 0x4c, 0xb8, + 0x2b, 0x9c, 0xd3, 0x4e, 0xde, 0x26, 0x3a, 0x2a, 0xbf, 0xfe, 0x47, 0x33, + 0xf0, 0x77, 0x86, 0x9e, 0x86, 0x60, 0xf7, 0xd6, 0x83, 0x4d, 0xa5, 0x3d, + 0x69, 0x0e, 0xf7, 0x98, 0x5f, 0x6b, 0xc3, 0x02, 0x03, 0x01, 0x00, 0x01, + 0x02, 0x81, 0x81, 0x00, 0x87, 0x4b, 0xf0, 0xff, 0xc2, 0xf2, 0xa7, 0x1d, + 0x14, 0x67, 0x1d, 0xdd, 0x01, 0x71, 0xc9, 0x54, 0xd7, 0xfd, 0xbf, 0x50, + 0x28, 0x1e, 0x4f, 0x6d, 0x99, 0xea, 0x0e, 0x1e, 0xbc, 0xf8, 0x2f, 0xaa, + 0x58, 0xe7, 0xb5, 0x95, 0xff, 0xb2, 0x93, 0xd1, 0xab, 0xe1, 0x7f, 0x11, + 0x0b, 0x37, 0xc4, 0x8c, 0xc0, 0xf3, 0x6c, 0x37, 0xe8, 0x4d, 0x87, 0x66, + 0x21, 0xd3, 0x27, 0xf6, 0x4b, 0xbe, 0x08, 0x45, 0x7d, 0x3e, 0xc4, 0x09, + 0x8b, 0xa2, 0xfa, 0x0a, 0x31, 0x9f, 0xba, 0x41, 0x1c, 0x28, 0x41, 0xed, + 0x7b, 0xe8, 0x31, 0x96, 0xa8, 0xcd, 0xf9, 0xda, 0xa5, 0xd0, 0x06, 0x94, + 0xbc, 0x33, 0x5f, 0xc4, 0xc3, 0x22, 0x17, 0xfe, 0x04, 0x88, 0xbc, 0xe9, + 0xcb, 0x72, 0x02, 0xe5, 0x94, 0x68, 0xb1, 0xea, 0xd1, 0x19, 0x00, 0x04, + 0x77, 0xdb, 0x2c, 0xa7, 0x97, 0xfa, 0xc1, 0x9e, 0xda, 0x3f, 0x58, 0xc1, + 0x02, 0x41, 0x00, 0xe2, 0xab, 0x76, 0x08, 0x41, 0xbb, 0x9d, 0x30, 0xa8, + 0x1d, 0x22, 0x2d, 0xe1, 0xeb, 0x73, 0x81, 0xd8, 0x22, 0x14, 0x40, 0x7f, + 0x1b, 0x97, 0x5c, 0xbb, 0xfe, 0x4e, 0x1a, 0x94, 0x67, 0xfd, 0x98, 0xad, + 0xbd, 0x78, 0xf6, 0x07, 0x83, 0x6c, 0xa5, 0xbe, 0x19, 0x28, 0xb9, 0xd1, + 0x60, 0xd9, 0x7f, 0xd4, 0x5c, 0x12, 0xd6, 0xb5, 0x2e, 0x2c, 0x98, 0x71, + 0xa1, 0x74, 0xc6, 0x6b, 0x48, 0x81, 0x13, 0x02, 0x41, 0x00, 0xc5, 0xab, + 0x27, 0x60, 0x21, 0x59, 0xae, 0x7d, 0x6f, 0x20, 0xc3, 0xc2, 0xee, 0x85, + 0x1e, 0x46, 0xdc, 0x11, 0x2e, 0x68, 0x9e, 0x28, 0xd5, 0xfc, 0xbb, 0xf9, + 0x90, 0xa9, 0x9e, 0xf8, 0xa9, 0x0b, 0x8b, 0xb4, 0x4f, 0xd3, 0x64, 0x67, + 0xe7, 0xfc, 0x17, 0x89, 0xce, 0xb6, 0x63, 0xab, 0xda, 0x33, 0x86, 0x52, + 0xc3, 0xc7, 0x3f, 0x11, 0x17, 0x74, 0x90, 0x2e, 0x84, 0x05, 0x65, 0x92, + 0x70, 0x91, 0x02, 0x41, 0x00, 0xb6, 0xcd, 0xbd, 0x35, 0x4f, 0x7d, 0xf5, + 0x79, 0xa6, 0x3b, 0x48, 0xb3, 0x64, 0x3e, 0x35, 0x3b, 0x84, 0x89, 0x87, + 0x77, 0xb4, 0x8b, 0x15, 0xf9, 0x4e, 0x0b, 0xfc, 0x05, 0x67, 0xa6, 0xae, + 0x59, 0x11, 0xd5, 0x7a, 0xd6, 0x40, 0x9c, 0xf7, 0x64, 0x7b, 0xf9, 0x62, + 0x64, 0xe9, 0xbd, 0x87, 0xeb, 0x95, 0xe2, 0x63, 0xb7, 0x11, 0x0b, 0x9a, + 0x1f, 0x9f, 0x94, 0xac, 0xce, 0xd0, 0xfa, 0xfa, 0x4d, 0x02, 0x40, 0x71, + 0x19, 0x5e, 0xec, 0x37, 0xe8, 0xd2, 0x57, 0xde, 0xcf, 0xc6, 0x72, 0xb0, + 0x7a, 0xe6, 0x39, 0xf1, 0x0c, 0xbb, 0x9b, 0x0c, 0x73, 0x9d, 0x0c, 0x80, + 0x99, 0x68, 0xd6, 0x44, 0xa9, 0x4e, 0x3f, 0xd6, 0xed, 0x92, 0x87, 0x07, + 0x7a, 0x14, 0x58, 0x3f, 0x37, 0x90, 0x58, 0xf7, 0x6a, 0x8a, 0xec, 0xd4, + 0x3c, 0x62, 0xdc, 0x8c, 0x0f, 0x41, 0x76, 0x66, 0x50, 0xd7, 0x25, 0x27, + 0x5a, 0xc4, 0xa1, 0x02, 0x41, 0x00, 0xbb, 0x32, 0xd1, 0x33, 0xed, 0xc2, + 0xe0, 0x48, 0xd4, 0x63, 0x38, 0x8b, 0x7b, 0xe9, 0xcb, 0x4b, 0xe2, 0x9f, + 0x4b, 0x62, 0x50, 0xbe, 0x60, 0x3e, 0x70, 0xe3, 0x64, 0x75, 0x01, 0xc9, + 0x7d, 0xdd, 0xe2, 0x0a, 0x4e, 0x71, 0xbe, 0x95, 0xfd, 0x5e, 0x71, 0x78, + 0x4e, 0x25, 0xac, 0xa4, 0xba, 0xf2, 0x5b, 0xe5, 0x73, 0x8a, 0xae, 0x59, + 0xbb, 0xfe, 0x1c, 0x99, 0x77, 0x81, 0x44, 0x7a, 0x2b, 0x24, }; const unsigned char test_rsa_1026[] = { - 0x30, 0x82, 0x02, 0x5e, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x02, 0xae, - 0x9a, 0x65, 0x51, 0x54, 0x10, 0x29, 0xa3, 0x7a, 0x5f, 0xa3, 0x1b, 0x9d, - 0xf3, 0x0e, 0x24, 0xdb, 0x1f, 0xd8, 0x4e, 0x12, 0x43, 0x49, 0x00, 0x31, - 0xf8, 0x03, 0x88, 0x04, 0x87, 0x8f, 0xc9, 0x95, 0x66, 0x34, 0xb3, 0xcf, - 0x0a, 0xf1, 0x2e, 0x47, 0xd3, 0x8c, 0x3b, 0x41, 0xff, 0x32, 0x60, 0xd8, - 0x17, 0x7e, 0xad, 0x83, 0x4c, 0x37, 0x6d, 0x6b, 0xc5, 0x49, 0x6f, 0x36, - 0x84, 0xb8, 0x59, 0xa5, 0x5a, 0x03, 0xbf, 0xd7, 0xbe, 0xca, 0x9c, 0x09, - 0x1c, 0xf5, 0x20, 0xd3, 0x3a, 0x0e, 0x2f, 0xd3, 0x08, 0xa3, 0x9a, 0x65, - 0x54, 0x26, 0xa6, 0x78, 0x35, 0x7a, 0xd9, 0x70, 0x0d, 0x4d, 0xb9, 0xf7, - 0x76, 0xfd, 0x6e, 0xf5, 0xe4, 0x00, 0xe6, 0xcb, 0x60, 0xec, 0xc6, 0x38, - 0x24, 0x9e, 0x9b, 0xe6, 0x69, 0x81, 0xe0, 0xc3, 0xc9, 0x10, 0xef, 0x73, - 0xe4, 0x22, 0x52, 0x3d, 0x8c, 0x16, 0xc3, 0x02, 0x03, 0x01, 0x00, 0x01, - 0x02, 0x81, 0x80, 0x54, 0x28, 0x86, 0x9c, 0xb6, 0x62, 0x18, 0xc8, 0x79, - 0xfa, 0x79, 0x02, 0xac, 0x94, 0x9b, 0x3a, 0x37, 0x45, 0xaa, 0xfc, 0xbe, - 0xce, 0x52, 0x87, 0x5c, 0x98, 0x9a, 0xce, 0x34, 0x47, 0xed, 0x7e, 0xf6, - 0xfa, 0x05, 0x21, 0xb9, 0x12, 0x0d, 0x47, 0xef, 0xf3, 0xe5, 0x2f, 0x6a, - 0x42, 0x7e, 0x89, 0x52, 0x53, 0x66, 0xea, 0x9b, 0xba, 0x5e, 0xdc, 0xe1, - 0xa5, 0xd7, 0xff, 0x72, 0xbe, 0x47, 0xde, 0x06, 0x0b, 0x48, 0xf9, 0xf4, - 0xb7, 0xa8, 0x06, 0x76, 0xfd, 0xd2, 0x4c, 0xbf, 0xe4, 0x4a, 0x1c, 0x7f, - 0xf8, 0x71, 0xc6, 0x9f, 0x80, 0xfa, 0x97, 0xca, 0xc3, 0xf6, 0x70, 0xe3, - 0x5e, 0x8c, 0x2d, 0x02, 0xe0, 0x3a, 0x91, 0xbd, 0xa2, 0x12, 0xa4, 0xa5, - 0x7c, 0x9d, 0x6a, 0xdd, 0x00, 0xfe, 0x28, 0x60, 0xbf, 0x7e, 0x5f, 0x4f, - 0xb3, 0xf5, 0xd2, 0x0f, 0x8c, 0x69, 0x0b, 0xf0, 0x2c, 0x60, 0x81, 0x02, - 0x41, 0x01, 0xc4, 0x95, 0xb4, 0x0c, 0xf6, 0xfe, 0x28, 0xe5, 0xdc, 0x63, - 0xeb, 0x33, 0x06, 0xc1, 0xe6, 0x34, 0xa9, 0x68, 0x73, 0x2d, 0xff, 0x72, - 0x3c, 0xde, 0x74, 0xf7, 0xbb, 0x79, 0xde, 0x85, 0x20, 0x55, 0xa4, 0xe4, - 0x8b, 0x94, 0x82, 0x5b, 0x63, 0xe0, 0xdc, 0xba, 0x3d, 0x95, 0x43, 0x86, - 0xe6, 0xfd, 0x9b, 0x13, 0x75, 0xf7, 0xd2, 0xf1, 0xf5, 0x99, 0xd5, 0x9c, - 0xdf, 0x38, 0x93, 0xdc, 0x4e, 0x03, 0x02, 0x41, 0x01, 0x84, 0x5e, 0xbe, - 0xe1, 0x62, 0x47, 0x50, 0xfc, 0x17, 0xff, 0xc7, 0x15, 0x16, 0x25, 0xef, - 0x6b, 0xd0, 0xb6, 0xdb, 0x13, 0xcb, 0x65, 0x7e, 0xce, 0x4f, 0xab, 0x76, - 0xe0, 0x8b, 0xe8, 0xc0, 0xe4, 0xc0, 0x49, 0xac, 0xb7, 0x2a, 0x97, 0xad, - 0xaa, 0xe1, 0x31, 0xba, 0xd7, 0x02, 0x52, 0xfa, 0xfa, 0x03, 0xd3, 0xc3, - 0x9b, 0x3e, 0x2d, 0x32, 0xea, 0x9f, 0xb2, 0x8b, 0x66, 0x1b, 0xc4, 0x18, - 0x41, 0x02, 0x41, 0x01, 0xa3, 0x23, 0xd9, 0x69, 0xa0, 0x5c, 0xe5, 0x57, - 0x6b, 0x72, 0x05, 0xe2, 0x6d, 0xc1, 0xa9, 0x06, 0xe0, 0x55, 0x61, 0x46, - 0x1a, 0x2a, 0x9c, 0x00, 0x91, 0x66, 0xd4, 0x73, 0x1b, 0x07, 0x43, 0x58, - 0xcd, 0xaa, 0xf3, 0x31, 0x88, 0x40, 0x47, 0x11, 0x7a, 0x99, 0xe8, 0x6a, - 0x91, 0xed, 0x1f, 0x83, 0x82, 0xd8, 0xd5, 0x09, 0xbc, 0x8c, 0x64, 0x9e, - 0x21, 0x5c, 0x74, 0xc6, 0x1a, 0xf9, 0x8e, 0x2d, 0x02, 0x41, 0x00, 0xd1, - 0x4f, 0xa2, 0xfe, 0xa3, 0xd2, 0x1d, 0xe2, 0x90, 0x28, 0xa9, 0x2a, 0x43, - 0x32, 0x94, 0xd3, 0xfd, 0xbb, 0xdf, 0x5c, 0xce, 0xbd, 0x57, 0xd7, 0x67, - 0x76, 0xd8, 0xed, 0xf2, 0x59, 0xb2, 0x44, 0x57, 0x22, 0x1d, 0xf4, 0xe5, - 0xfe, 0xb3, 0x79, 0xaa, 0x3e, 0xfc, 0x1c, 0xcf, 0x42, 0xdb, 0xc3, 0x0d, - 0x76, 0xff, 0x30, 0x57, 0x15, 0x53, 0x20, 0xc2, 0x8b, 0x1e, 0xb8, 0x1c, - 0x74, 0xd6, 0x41, 0x02, 0x41, 0x00, 0x94, 0x24, 0x23, 0x0b, 0x45, 0x3a, - 0xef, 0xf3, 0x41, 0x19, 0x11, 0xba, 0xf6, 0xca, 0xab, 0x72, 0x9e, 0xc0, - 0xa4, 0xc2, 0x9e, 0x52, 0xf8, 0x36, 0xf4, 0xe8, 0xed, 0x5d, 0xa7, 0x5f, - 0x68, 0x46, 0xf4, 0x91, 0x17, 0x9c, 0xe8, 0x1b, 0x31, 0x50, 0xd7, 0x42, - 0x25, 0xc5, 0x67, 0x6a, 0xf8, 0xc2, 0x1f, 0x28, 0xe3, 0xdc, 0x52, 0x79, - 0x7b, 0xf6, 0x68, 0xdc, 0x60, 0xc6, 0xdc, 0xcc, 0xcd, 0x1d, + 0x30, 0x82, 0x02, 0x5e, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x02, 0xd0, + 0x96, 0x61, 0xfc, 0x74, 0x22, 0x4b, 0xa7, 0xbe, 0x79, 0x07, 0xab, 0xef, + 0x4f, 0x5e, 0x8b, 0xcc, 0x26, 0x4a, 0x80, 0x2c, 0x97, 0x8f, 0x7e, 0xaa, + 0x58, 0x55, 0xad, 0xa0, 0x54, 0x36, 0xd7, 0x5d, 0xb7, 0x68, 0xd2, 0x0f, + 0x68, 0x59, 0x5d, 0xbc, 0xc3, 0xd7, 0x25, 0xb1, 0x38, 0xe8, 0x0b, 0x24, + 0x7e, 0x44, 0xa4, 0x16, 0x3a, 0x05, 0x42, 0xfa, 0xb6, 0x12, 0xac, 0xbb, + 0xde, 0x45, 0xf2, 0xe9, 0x38, 0x94, 0xaa, 0x25, 0x3b, 0xdd, 0xef, 0x6a, + 0x7b, 0xec, 0xdc, 0x9c, 0xc2, 0x9a, 0x99, 0xba, 0xcf, 0x48, 0xdc, 0x6e, + 0x38, 0xdb, 0x7a, 0x33, 0xe9, 0xac, 0x92, 0x4c, 0x52, 0x0f, 0xc6, 0xbe, + 0x7d, 0x6e, 0x56, 0x46, 0xc1, 0xd6, 0x7f, 0xb8, 0xb2, 0xb9, 0x7a, 0xc6, + 0x0b, 0xee, 0xcc, 0x3b, 0xb8, 0xe7, 0x5b, 0xed, 0x83, 0x15, 0xaa, 0x3f, + 0xe4, 0x6f, 0x74, 0x8a, 0x66, 0xd6, 0xef, 0x02, 0x03, 0x01, 0x00, 0x01, + 0x02, 0x81, 0x80, 0x6a, 0x4a, 0x34, 0x6b, 0xeb, 0xa9, 0x7f, 0x65, 0x5f, + 0xe8, 0x34, 0x64, 0x7d, 0x29, 0x44, 0xf5, 0xf4, 0x08, 0x15, 0xe7, 0x30, + 0x2c, 0xaf, 0x02, 0xed, 0x17, 0x98, 0x93, 0xc2, 0xd9, 0x89, 0x39, 0x5d, + 0x5e, 0x87, 0x7c, 0xac, 0xbf, 0x24, 0xa7, 0x7a, 0x07, 0x9d, 0x3d, 0xb7, + 0x15, 0x80, 0xcc, 0xdb, 0xf6, 0x30, 0x23, 0xd0, 0x0f, 0x80, 0xe5, 0x2f, + 0x5c, 0x1a, 0x07, 0x16, 0xb3, 0x23, 0xb7, 0xbf, 0xcb, 0xdc, 0x8a, 0x17, + 0x81, 0xc4, 0x4c, 0x41, 0x53, 0xe3, 0xda, 0x22, 0x8d, 0x17, 0xb2, 0xdc, + 0x78, 0xeb, 0x1f, 0x44, 0xcf, 0xf6, 0x0f, 0xe1, 0x15, 0x08, 0x08, 0xa6, + 0xe3, 0x8b, 0xa2, 0x47, 0x0a, 0xee, 0x2e, 0x94, 0x8a, 0x68, 0x98, 0xdd, + 0xad, 0xea, 0x56, 0xd9, 0x47, 0x09, 0x27, 0xac, 0xa8, 0xd9, 0x4a, 0x03, + 0x38, 0xc1, 0x1a, 0x8e, 0x95, 0x71, 0x5b, 0x5f, 0x94, 0xe0, 0x11, 0x02, + 0x41, 0x01, 0xf5, 0x41, 0x85, 0x34, 0xc3, 0x62, 0x36, 0xfc, 0x9f, 0xd3, + 0x89, 0x34, 0xd7, 0xc0, 0x6d, 0xfe, 0xd3, 0x82, 0x91, 0x51, 0xcc, 0xab, + 0x56, 0xb6, 0x33, 0x0c, 0x64, 0x1f, 0x77, 0x96, 0xa7, 0x19, 0x24, 0xcf, + 0x81, 0x19, 0xca, 0x26, 0xe1, 0x86, 0xec, 0xd3, 0x06, 0x8d, 0x66, 0x07, + 0xa0, 0x52, 0x60, 0xdb, 0x48, 0x57, 0x65, 0x19, 0x80, 0x43, 0x68, 0x91, + 0xad, 0xde, 0x9e, 0xb9, 0x2a, 0xb7, 0x02, 0x41, 0x01, 0x70, 0x04, 0x2f, + 0xbd, 0xba, 0xba, 0x1e, 0x10, 0x2b, 0x7f, 0x7f, 0x1d, 0xc9, 0xd9, 0x40, + 0xcf, 0xdc, 0xd8, 0x5d, 0xd0, 0xea, 0x65, 0xf5, 0x43, 0xc6, 0x43, 0x2e, + 0x9c, 0x54, 0x80, 0x72, 0x4b, 0xb4, 0x9b, 0x1e, 0x5f, 0x80, 0xca, 0x2b, + 0x9f, 0x84, 0xcd, 0x66, 0x44, 0xbf, 0xb2, 0xe3, 0xd0, 0x96, 0x80, 0x90, + 0xb8, 0x9f, 0x53, 0x4d, 0xc2, 0x95, 0x1e, 0x60, 0x6d, 0xb9, 0x09, 0xdd, + 0x89, 0x02, 0x41, 0x01, 0x4b, 0x6c, 0x1a, 0xeb, 0x1c, 0x14, 0xa0, 0x4e, + 0xc0, 0x4e, 0x59, 0x75, 0xfb, 0x01, 0x5c, 0xb9, 0x14, 0x98, 0x4c, 0x05, + 0x4d, 0xd2, 0x2b, 0xef, 0x24, 0x29, 0x99, 0x39, 0xc5, 0x14, 0x73, 0x3f, + 0x88, 0xbb, 0x3a, 0x9d, 0x16, 0xb0, 0x46, 0x85, 0xb3, 0xa8, 0x83, 0xb8, + 0x92, 0x31, 0x90, 0xab, 0x67, 0x27, 0x15, 0xd9, 0xd3, 0x1a, 0xdd, 0x57, + 0xb4, 0x98, 0x3d, 0xe1, 0xe8, 0x08, 0x7e, 0x59, 0x02, 0x41, 0x01, 0x17, + 0xbf, 0x76, 0xf3, 0x08, 0xb0, 0x56, 0x0e, 0x00, 0xa2, 0xc8, 0x64, 0x42, + 0x7d, 0xcd, 0x50, 0xb5, 0x16, 0x1c, 0x2a, 0xa5, 0x23, 0xa0, 0x0f, 0x46, + 0xf4, 0xe6, 0xc7, 0x9b, 0x4c, 0x90, 0x95, 0x8f, 0xd2, 0xa2, 0x82, 0x02, + 0x8a, 0xac, 0x22, 0x74, 0x77, 0x16, 0x98, 0x88, 0x08, 0x5a, 0x38, 0xc3, + 0x4f, 0x33, 0xb3, 0xc4, 0x19, 0x34, 0xf1, 0x07, 0x1d, 0xb2, 0x3b, 0x75, + 0xff, 0x53, 0xd1, 0x02, 0x41, 0x01, 0x20, 0xa4, 0x28, 0xb4, 0xe0, 0xc4, + 0xa6, 0xf2, 0x02, 0x92, 0x0f, 0xd4, 0x9c, 0xc9, 0x88, 0x6e, 0x6b, 0x67, + 0x19, 0xd4, 0x0a, 0x3a, 0xd0, 0x60, 0x4f, 0x5d, 0x5e, 0xfd, 0x5e, 0xf6, + 0x97, 0x3a, 0x57, 0x3a, 0xb3, 0x24, 0xf3, 0x8e, 0xcb, 0x8e, 0x66, 0x9a, + 0x69, 0x34, 0x15, 0x97, 0x08, 0x1e, 0x24, 0x0b, 0x6a, 0xe4, 0xe2, 0x71, + 0x48, 0x87, 0xdd, 0x78, 0xda, 0xda, 0xeb, 0x0b, 0x92, 0x16, }; const unsigned char test_rsa_1028[] = { - 0x30, 0x82, 0x02, 0x5f, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x0c, 0x48, - 0x52, 0xeb, 0x3d, 0x96, 0x7a, 0x6c, 0x68, 0xa7, 0x10, 0x15, 0x4b, 0xc4, - 0x8b, 0x32, 0xa8, 0xb1, 0xd5, 0xdf, 0xbf, 0xb1, 0x11, 0xfd, 0x50, 0xac, - 0xc9, 0x27, 0x99, 0xd6, 0xfe, 0x34, 0x6d, 0x0c, 0xd2, 0x2b, 0x4e, 0xc7, - 0x1b, 0xbf, 0xc2, 0x85, 0x04, 0x99, 0x50, 0x13, 0xa2, 0x60, 0x02, 0x67, - 0x94, 0xcf, 0xe7, 0x84, 0xc7, 0xb2, 0x03, 0x81, 0xb8, 0x60, 0xfa, 0xaf, - 0xc0, 0xcd, 0x30, 0xf0, 0xe6, 0xdb, 0xd0, 0x3a, 0x3d, 0x1d, 0x3c, 0x8e, - 0x0d, 0xb1, 0x86, 0xc3, 0xba, 0xa1, 0x35, 0x47, 0xae, 0x6e, 0x43, 0x23, - 0x4a, 0x61, 0xfc, 0xc5, 0x1e, 0xa6, 0xe8, 0x74, 0x38, 0x3b, 0x4c, 0x79, - 0x4a, 0x94, 0x66, 0x1a, 0x44, 0x23, 0x0a, 0x96, 0x86, 0x5d, 0xf6, 0x43, - 0x5a, 0xa7, 0x03, 0x46, 0x81, 0x9f, 0xe9, 0xf4, 0xaa, 0xa3, 0x03, 0xe1, - 0xea, 0x21, 0xf1, 0xae, 0x2d, 0x06, 0xf7, 0x02, 0x03, 0x01, 0x00, 0x01, - 0x02, 0x81, 0x81, 0x01, 0x1f, 0xa6, 0xb2, 0x4d, 0x9e, 0x94, 0x11, 0x91, - 0xdb, 0x62, 0xbd, 0xc8, 0x02, 0x31, 0x87, 0xcf, 0x66, 0x01, 0x7e, 0x68, - 0x2f, 0x7f, 0x49, 0x50, 0xd5, 0x95, 0xcb, 0x71, 0x27, 0xf9, 0x76, 0x7b, - 0x59, 0x76, 0x6a, 0xae, 0xd8, 0xc9, 0x41, 0x98, 0x3e, 0x8a, 0x06, 0xaa, - 0x8c, 0x39, 0x49, 0x16, 0x3f, 0x3a, 0x9e, 0x70, 0x7c, 0x35, 0xb6, 0xa3, - 0xda, 0x7c, 0xaf, 0x26, 0x8f, 0xe8, 0x8f, 0xfc, 0x5b, 0x7c, 0xda, 0x94, - 0x57, 0x8d, 0x03, 0x5c, 0xed, 0x66, 0xfe, 0x9c, 0x6e, 0xaa, 0xcc, 0xa1, - 0x05, 0x48, 0xc4, 0x11, 0xbc, 0xf7, 0xdf, 0xaa, 0xeb, 0x65, 0xb6, 0xaf, - 0xce, 0x45, 0x0c, 0x7f, 0x3a, 0x84, 0x0a, 0x85, 0x28, 0xf0, 0xa4, 0xd6, - 0x39, 0x9e, 0xc3, 0xc6, 0x47, 0x24, 0x6f, 0xbe, 0x20, 0x45, 0x19, 0x84, - 0x29, 0x0d, 0x12, 0x9a, 0x12, 0xc9, 0x03, 0x96, 0xf0, 0x26, 0x11, 0x49, - 0x02, 0x41, 0x03, 0x9a, 0xb4, 0xe9, 0x07, 0xe1, 0xe0, 0x69, 0xc7, 0x0c, - 0x5c, 0x71, 0x1b, 0x21, 0x31, 0x66, 0x5b, 0x5d, 0x0d, 0x3c, 0x51, 0x64, - 0xda, 0xb4, 0xfe, 0x14, 0xb1, 0x27, 0xa6, 0x97, 0x36, 0x58, 0xb2, 0xa0, - 0x17, 0xa9, 0x28, 0x33, 0x19, 0x6b, 0xee, 0x6f, 0x6c, 0x17, 0x50, 0x8c, - 0x01, 0x78, 0xfb, 0xfe, 0xed, 0xab, 0xf6, 0x71, 0xd9, 0x85, 0xc8, 0x96, - 0x63, 0x7c, 0x10, 0x3c, 0xf0, 0x54, 0x09, 0x02, 0x41, 0x03, 0x68, 0x60, - 0x30, 0x2c, 0xc9, 0xcc, 0x20, 0x7e, 0x1e, 0xd3, 0xb0, 0x04, 0x3f, 0xde, - 0xef, 0x53, 0x2f, 0x3b, 0xf6, 0x77, 0x01, 0x41, 0x41, 0xa8, 0xc1, 0x5a, - 0x21, 0x30, 0xf4, 0xdc, 0x5c, 0xeb, 0xbe, 0x75, 0x3f, 0xf2, 0x8a, 0xa0, - 0x35, 0xd2, 0xed, 0x23, 0xbc, 0xfc, 0x24, 0x53, 0xde, 0x64, 0x88, 0x72, - 0xef, 0x43, 0xbd, 0x2d, 0x0f, 0x2d, 0x71, 0xb1, 0xe2, 0xbf, 0xe9, 0xe7, - 0x42, 0xff, 0x02, 0x41, 0x03, 0x3c, 0xb3, 0x36, 0x87, 0xa9, 0xca, 0x4f, - 0xb6, 0x41, 0xd7, 0xd4, 0x8d, 0xb5, 0x26, 0x14, 0xf4, 0x01, 0x82, 0x9d, - 0xa5, 0xcc, 0x9a, 0xd0, 0xeb, 0x51, 0xd2, 0x39, 0xf6, 0x58, 0xe0, 0xaa, - 0x90, 0xe3, 0x4f, 0xdc, 0xd1, 0x09, 0xf3, 0xcf, 0x07, 0xfa, 0x72, 0x6e, - 0x0e, 0x1d, 0x70, 0x45, 0x24, 0xae, 0x34, 0xef, 0xb9, 0x0b, 0x4f, 0x7d, - 0xe4, 0x45, 0x8d, 0x5c, 0x23, 0x89, 0x57, 0x9f, 0x61, 0x02, 0x41, 0x02, - 0xa7, 0xde, 0x86, 0xcc, 0xf0, 0xfb, 0xff, 0xba, 0xaa, 0xc5, 0xa9, 0x60, - 0xb6, 0x72, 0x44, 0xab, 0xdc, 0x9c, 0xeb, 0xa8, 0xb5, 0x36, 0xa9, 0x38, - 0x1e, 0x6f, 0xe2, 0x7c, 0x27, 0xe8, 0x71, 0x16, 0x5c, 0x99, 0x3e, 0x1c, - 0x04, 0xc3, 0x75, 0x0f, 0x0c, 0x37, 0x14, 0xfa, 0xa0, 0x49, 0x28, 0x81, - 0xcb, 0x01, 0x5f, 0xcc, 0xb7, 0xeb, 0x1c, 0xef, 0xfa, 0xb2, 0x7a, 0x97, - 0xbc, 0x6f, 0xb9, 0xfb, 0x02, 0x41, 0x01, 0x60, 0x60, 0x57, 0x31, 0x7d, - 0xbe, 0xac, 0xd2, 0x64, 0xb9, 0x26, 0x52, 0x4f, 0x20, 0xda, 0xde, 0xd3, - 0x27, 0x38, 0x97, 0xea, 0xb4, 0xf4, 0xcd, 0x83, 0xfa, 0xeb, 0x51, 0x47, - 0x5b, 0x78, 0x24, 0x53, 0x17, 0xf8, 0x26, 0xee, 0xf7, 0x92, 0x25, 0x14, - 0xcd, 0xb6, 0x86, 0xe7, 0x06, 0xb3, 0xd7, 0xee, 0x8b, 0x42, 0x31, 0xb4, - 0x49, 0x95, 0x4e, 0x8c, 0x11, 0x57, 0x7f, 0x44, 0x36, 0x22, 0x64, + 0x30, 0x82, 0x02, 0x5e, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x0e, 0x62, + 0xa7, 0x6f, 0x0e, 0x0b, 0x59, 0x68, 0x3a, 0x7e, 0xbf, 0x7c, 0xbf, 0xd3, + 0x7b, 0x1d, 0x17, 0x81, 0xd8, 0xf1, 0xb9, 0x00, 0x60, 0x4b, 0x50, 0x7f, + 0x0f, 0x04, 0xc7, 0x2a, 0x3d, 0x34, 0x0d, 0x06, 0x7b, 0xcd, 0x53, 0xbe, + 0xa3, 0xca, 0xff, 0x4e, 0x4a, 0xe6, 0x94, 0xf0, 0xb6, 0xd8, 0xf5, 0x91, + 0xa4, 0x16, 0x7f, 0xbf, 0x7f, 0x37, 0x2a, 0xb5, 0x7e, 0x83, 0xa6, 0x9a, + 0x3f, 0x26, 0xf4, 0x47, 0xbc, 0xf5, 0x82, 0xbc, 0x96, 0x21, 0xa3, 0x0a, + 0x3b, 0x44, 0xd6, 0xb4, 0x3e, 0x98, 0x6d, 0x1a, 0x86, 0x7b, 0x07, 0x48, + 0x9e, 0x4f, 0x9b, 0xfc, 0xad, 0xaa, 0x82, 0xa2, 0x78, 0x2d, 0xc2, 0x72, + 0x9a, 0x63, 0x1f, 0xb1, 0xfb, 0x9f, 0xfb, 0x79, 0x4b, 0x4e, 0x53, 0xc7, + 0x62, 0x39, 0xe0, 0x4d, 0x4a, 0x8f, 0x80, 0x35, 0x25, 0x88, 0xdb, 0x29, + 0x46, 0x2d, 0xde, 0x18, 0x23, 0x7c, 0xf5, 0x02, 0x03, 0x01, 0x00, 0x01, + 0x02, 0x81, 0x81, 0x01, 0xcf, 0xa0, 0x42, 0x2e, 0x3b, 0xb6, 0x0c, 0x15, + 0xef, 0x2e, 0x96, 0xdb, 0x44, 0x99, 0xe7, 0x89, 0xf5, 0xd6, 0x34, 0xea, + 0x64, 0x56, 0x7b, 0x2c, 0xdd, 0x6e, 0x2b, 0xdd, 0x12, 0x1f, 0x85, 0xed, + 0xcc, 0xde, 0xe9, 0xb4, 0xed, 0x17, 0x8c, 0x5f, 0x33, 0x81, 0x61, 0x01, + 0xa7, 0xc3, 0x71, 0x51, 0x8b, 0x3e, 0x23, 0xf9, 0xfd, 0xc7, 0x1b, 0x90, + 0x24, 0x2c, 0xd3, 0x10, 0xb6, 0xb3, 0x14, 0x28, 0xb0, 0xb6, 0x4e, 0xb9, + 0x59, 0x6b, 0xe0, 0xcc, 0x04, 0x4c, 0xc8, 0x50, 0x48, 0x98, 0x2f, 0x90, + 0xb7, 0x06, 0xe6, 0x6c, 0xcd, 0xd3, 0x9a, 0xd5, 0xa1, 0xa7, 0xb6, 0x4c, + 0xf0, 0x34, 0xea, 0xc0, 0xc3, 0x5d, 0x7a, 0xce, 0x93, 0xf2, 0xbc, 0xd3, + 0xce, 0x24, 0x3b, 0xd8, 0xf8, 0x3b, 0x46, 0xf5, 0x09, 0xca, 0x2f, 0x80, + 0x50, 0x63, 0x00, 0x2a, 0xf2, 0xbb, 0x2d, 0x88, 0xb6, 0xee, 0x36, 0xa9, + 0x02, 0x41, 0x03, 0xf0, 0x88, 0x6d, 0x29, 0x77, 0x52, 0x6f, 0x3f, 0x3f, + 0x6a, 0x07, 0x56, 0x00, 0x23, 0x2c, 0xe3, 0x00, 0x85, 0x17, 0x27, 0x6d, + 0xd3, 0x72, 0x1d, 0xee, 0x08, 0xfd, 0x6c, 0x99, 0x9f, 0xc9, 0x76, 0xb9, + 0xe8, 0xdd, 0x2b, 0xc1, 0x43, 0x38, 0x5f, 0xa4, 0xb4, 0x87, 0x35, 0xce, + 0x81, 0xc6, 0x6b, 0x50, 0x1d, 0x71, 0x29, 0xee, 0x78, 0x60, 0xcf, 0xbe, + 0xf2, 0x3b, 0x5d, 0xa9, 0x1e, 0x6c, 0x2d, 0x02, 0x41, 0x03, 0xa6, 0xc8, + 0x73, 0x4a, 0xac, 0xe5, 0x9d, 0x5f, 0x38, 0x6f, 0x97, 0xde, 0x45, 0x0f, + 0x8a, 0x12, 0xd6, 0x3a, 0xe6, 0xac, 0x15, 0xd3, 0x36, 0xe0, 0x10, 0xc9, + 0xfc, 0xf0, 0x3a, 0x32, 0xf0, 0x61, 0x18, 0x81, 0xac, 0x6c, 0xd8, 0xb3, + 0xf9, 0x89, 0x92, 0x5c, 0x0f, 0x02, 0x5a, 0xf2, 0x6c, 0xf2, 0x6a, 0xeb, + 0xd7, 0xd9, 0xb0, 0x4e, 0xb5, 0x03, 0x04, 0x8d, 0xca, 0x2f, 0x50, 0x3c, + 0x28, 0xe9, 0x02, 0x41, 0x01, 0x9b, 0x30, 0x04, 0x51, 0xc3, 0xb4, 0x78, + 0x66, 0xf1, 0x13, 0xe9, 0xa9, 0xc6, 0xa4, 0x90, 0xc8, 0x7c, 0x8d, 0xc6, + 0xc2, 0xec, 0xa4, 0x29, 0x02, 0xca, 0xea, 0x1f, 0x69, 0x07, 0xb9, 0x7e, + 0x0a, 0x4a, 0x02, 0x07, 0x2a, 0xaf, 0xc1, 0x18, 0x5a, 0xe6, 0x6c, 0x34, + 0x34, 0x5b, 0xdd, 0xcd, 0x68, 0x33, 0x61, 0xcd, 0xa1, 0xaa, 0xf8, 0xa9, + 0x80, 0x09, 0xf9, 0xf8, 0xfa, 0x56, 0xd9, 0x70, 0x81, 0x02, 0x40, 0x1b, + 0xcc, 0xa8, 0x49, 0x17, 0x3d, 0x38, 0xe1, 0xe5, 0x0e, 0xc4, 0x88, 0x72, + 0xab, 0x54, 0xa2, 0xdc, 0xc6, 0x21, 0xa8, 0x0a, 0x7a, 0x1e, 0x8e, 0xa9, + 0x51, 0x28, 0x79, 0x88, 0x71, 0x8d, 0x5e, 0x85, 0xd9, 0x0d, 0x64, 0xab, + 0x49, 0x26, 0xe9, 0xa5, 0x75, 0xa1, 0x68, 0xa3, 0x85, 0xc4, 0x21, 0xad, + 0x76, 0x58, 0x13, 0xfc, 0x3f, 0x4a, 0xf8, 0xcd, 0x00, 0xde, 0x7b, 0x6b, + 0xba, 0x6e, 0x49, 0x02, 0x41, 0x03, 0x6d, 0xcf, 0x69, 0xf6, 0xe5, 0x48, + 0xc8, 0xac, 0xfb, 0x53, 0x6f, 0xb6, 0xcd, 0x18, 0x6f, 0x8b, 0x8f, 0x20, + 0xd3, 0x13, 0x36, 0x1d, 0x04, 0x47, 0xc1, 0xb5, 0xe3, 0x80, 0xf4, 0x11, + 0x3e, 0x57, 0x8b, 0x31, 0xe8, 0x67, 0xdd, 0xa4, 0x7d, 0x44, 0xad, 0x37, + 0x61, 0xe7, 0x93, 0xf7, 0x25, 0x03, 0x1b, 0x8d, 0x37, 0x9f, 0x38, 0x9d, + 0xe2, 0x77, 0xa9, 0xa0, 0x13, 0x76, 0x51, 0xdf, 0x54, 0x8a, }; const unsigned char test_rsa_1030[] = { - 0x30, 0x82, 0x02, 0x5f, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x29, 0x32, - 0x4b, 0xbf, 0x78, 0x5a, 0xf5, 0x4f, 0x0a, 0x61, 0xd5, 0x99, 0x29, 0xf2, - 0x3d, 0x39, 0x68, 0x3b, 0xab, 0x41, 0x30, 0x1e, 0x2c, 0x87, 0xca, 0x33, - 0xa3, 0x2f, 0x31, 0x23, 0x9a, 0xe1, 0xca, 0x5b, 0x75, 0xf0, 0xc3, 0x84, - 0x9c, 0x52, 0xe7, 0xf9, 0x67, 0xa8, 0xa6, 0x2b, 0x7c, 0x43, 0xa9, 0x5f, - 0xd7, 0x25, 0x64, 0x43, 0xa9, 0x02, 0xa7, 0x7d, 0x97, 0x24, 0x26, 0x7d, - 0x89, 0x5d, 0x20, 0x8a, 0xb8, 0x6c, 0xcc, 0xcb, 0x18, 0x65, 0x9c, 0xbe, - 0x1a, 0xd8, 0x47, 0xa2, 0xeb, 0xc2, 0xe2, 0x88, 0x26, 0x4f, 0xfc, 0x77, - 0x08, 0x6c, 0x5a, 0x82, 0x30, 0xbe, 0x84, 0xa6, 0xaa, 0x67, 0x41, 0xbd, - 0xe5, 0x1e, 0x87, 0x23, 0x33, 0xbd, 0x59, 0x6d, 0x41, 0xb5, 0x94, 0xc8, - 0xcb, 0xc3, 0xc6, 0x4d, 0xe7, 0x3e, 0x79, 0x6e, 0x9a, 0x8e, 0x54, 0xa7, - 0x1c, 0x64, 0x97, 0x69, 0xc8, 0xc2, 0xdf, 0x02, 0x03, 0x01, 0x00, 0x01, - 0x02, 0x81, 0x81, 0x05, 0x40, 0xdf, 0x5d, 0x50, 0xab, 0xc8, 0xbc, 0x86, - 0x46, 0x68, 0xf1, 0x59, 0xe2, 0xaf, 0x8c, 0x07, 0xe4, 0x14, 0x0d, 0x56, - 0xba, 0xd7, 0xa8, 0x39, 0x50, 0xd1, 0xc3, 0xcd, 0x85, 0xb7, 0x7f, 0xde, - 0x48, 0xeb, 0x86, 0xad, 0xbd, 0x80, 0xc7, 0x27, 0x18, 0x81, 0x9a, 0x30, - 0x16, 0x90, 0xdc, 0xd0, 0x01, 0xe3, 0x73, 0x11, 0x3b, 0x7a, 0x42, 0x01, - 0xb9, 0xdc, 0xf1, 0x99, 0xe1, 0x9d, 0xb2, 0xbb, 0x89, 0xc5, 0xbe, 0x87, - 0x6c, 0x5e, 0xcd, 0xc3, 0xaf, 0x18, 0x4e, 0x42, 0x69, 0xac, 0x26, 0x5b, - 0x24, 0x15, 0xdb, 0x69, 0x88, 0x6d, 0x74, 0x91, 0xe3, 0x4a, 0xb7, 0x5f, - 0x64, 0xa7, 0xdf, 0xc3, 0xff, 0x12, 0xac, 0x29, 0xc0, 0x9d, 0x8a, 0x13, - 0x56, 0xdc, 0xec, 0x8c, 0x77, 0xad, 0xa3, 0xf7, 0xcb, 0x28, 0x06, 0x90, - 0x59, 0x6e, 0x2f, 0x22, 0x14, 0xa7, 0x1a, 0xc0, 0xc0, 0x19, 0xc2, 0x81, - 0x02, 0x41, 0x06, 0xf9, 0x78, 0x16, 0xa4, 0xf4, 0xd3, 0x30, 0x26, 0xbe, - 0x99, 0xa1, 0xe1, 0x2a, 0x8d, 0x07, 0xb2, 0xf7, 0x2a, 0xfc, 0x76, 0x6a, - 0x4c, 0x2d, 0x97, 0x48, 0x70, 0x64, 0xda, 0xb4, 0x62, 0xb6, 0x3f, 0xa7, - 0x1a, 0x95, 0x78, 0xb4, 0xab, 0xfd, 0xd2, 0x84, 0xbf, 0x98, 0x22, 0xfe, - 0xbe, 0x34, 0x26, 0x1d, 0x96, 0x06, 0x20, 0x6b, 0x19, 0x31, 0xb9, 0x08, - 0x8c, 0x8e, 0x21, 0x6d, 0x19, 0xe2, 0xf3, 0x02, 0x41, 0x05, 0xe8, 0x1f, - 0xe6, 0x01, 0xed, 0x9a, 0xd4, 0xab, 0x84, 0x1e, 0xc8, 0x1f, 0xd0, 0xa2, - 0x33, 0xb1, 0x49, 0xe2, 0xac, 0x40, 0x80, 0x06, 0x04, 0x4b, 0xe3, 0x6e, - 0xd4, 0x35, 0x42, 0x45, 0x98, 0x77, 0x42, 0xb2, 0x56, 0xd9, 0x1b, 0xce, - 0x28, 0xdf, 0x96, 0xd0, 0xc1, 0x2e, 0x06, 0x5a, 0x7a, 0x62, 0x76, 0x3e, - 0xb4, 0xe7, 0xcc, 0x7e, 0xa6, 0x1d, 0xb5, 0x7a, 0x9e, 0x2f, 0x3e, 0x09, - 0x23, 0x65, 0x02, 0x41, 0x06, 0x97, 0x5d, 0x56, 0x89, 0x2e, 0x97, 0x27, - 0xba, 0x76, 0x06, 0xdb, 0x65, 0xe0, 0xc0, 0xc7, 0xb5, 0xea, 0xc1, 0x45, - 0x36, 0xe3, 0xde, 0x7a, 0x77, 0xae, 0x8e, 0x09, 0xc2, 0x67, 0x17, 0xa3, - 0x05, 0x24, 0xf7, 0x8a, 0xab, 0x38, 0x94, 0x12, 0x9d, 0x11, 0xb7, 0xc0, - 0x1f, 0xd2, 0x80, 0x0e, 0xe8, 0xb6, 0xad, 0x41, 0xbd, 0x01, 0x7a, 0x1d, - 0xf3, 0xb0, 0x90, 0xa5, 0x02, 0x12, 0x09, 0x94, 0xe1, 0x02, 0x41, 0x04, - 0xdc, 0x69, 0x13, 0xf2, 0xd6, 0x45, 0xab, 0x6b, 0x93, 0x89, 0x79, 0x8c, - 0xa5, 0x38, 0x37, 0x6e, 0x59, 0xad, 0xcf, 0xb0, 0x2d, 0x2b, 0xc6, 0x71, - 0x65, 0xb4, 0x19, 0xb3, 0xd2, 0xdc, 0x4f, 0x83, 0x26, 0x42, 0x7a, 0x32, - 0xa6, 0x2d, 0x5d, 0x79, 0xd4, 0x35, 0xec, 0x25, 0x22, 0x59, 0x67, 0x8a, - 0x8c, 0x61, 0x42, 0xa3, 0xd8, 0xa9, 0x09, 0xb0, 0x3d, 0x5f, 0xb1, 0xba, - 0x93, 0x45, 0x15, 0xf9, 0x02, 0x41, 0x06, 0x5e, 0x0f, 0x28, 0x69, 0x63, - 0x78, 0xfa, 0x87, 0xbf, 0x45, 0x62, 0x02, 0xca, 0x84, 0x34, 0xea, 0x1b, - 0x30, 0xb2, 0x3b, 0x04, 0xb3, 0x1c, 0xb4, 0x61, 0xfd, 0x9f, 0xba, 0xb5, - 0xdb, 0x88, 0x65, 0x6b, 0x4c, 0x36, 0xc5, 0x6c, 0x2d, 0x9a, 0xce, 0x06, - 0x8d, 0x4c, 0xc2, 0x64, 0x48, 0x74, 0x4e, 0x6e, 0xb6, 0x09, 0xa8, 0x18, - 0x25, 0xce, 0x86, 0x27, 0x61, 0x02, 0x16, 0x32, 0xe2, 0xae, 0x41, + 0x30, 0x82, 0x02, 0x5f, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x2b, 0x7c, + 0xd1, 0x97, 0xf5, 0x79, 0x6d, 0x1f, 0x8e, 0x57, 0x6b, 0x2b, 0x37, 0x72, + 0x3f, 0xd9, 0x21, 0x08, 0x14, 0xef, 0x1c, 0x19, 0x95, 0xf9, 0x89, 0x9d, + 0x50, 0x05, 0x8f, 0x37, 0x9d, 0x23, 0x9c, 0x66, 0x87, 0x8e, 0x92, 0x2f, + 0x34, 0xc6, 0xae, 0x36, 0x72, 0xc8, 0x59, 0x8f, 0xcd, 0x5d, 0x47, 0xb7, + 0x64, 0xd2, 0xec, 0x15, 0x6e, 0x13, 0x4d, 0x03, 0xcf, 0x6a, 0x94, 0xd3, + 0x8d, 0x2e, 0xa8, 0xbc, 0x76, 0xdb, 0xbc, 0x60, 0xc4, 0xb9, 0x74, 0x21, + 0x90, 0x90, 0xea, 0xf2, 0x87, 0x49, 0x7d, 0x7d, 0xcf, 0x7f, 0x11, 0x9c, + 0xfa, 0x86, 0x74, 0x96, 0xf7, 0xe9, 0x1c, 0x12, 0xb5, 0xd5, 0x52, 0xe1, + 0xd1, 0x46, 0x1a, 0x80, 0xdb, 0xe9, 0xa5, 0x9d, 0xb3, 0xb0, 0x16, 0xc6, + 0xc0, 0x14, 0x1c, 0x3b, 0x2a, 0x0e, 0x22, 0x60, 0x89, 0xb8, 0x55, 0xcb, + 0x88, 0xef, 0x65, 0x64, 0x08, 0xbd, 0x89, 0x02, 0x03, 0x01, 0x00, 0x01, + 0x02, 0x81, 0x81, 0x02, 0x10, 0xd5, 0xff, 0x53, 0x1c, 0xac, 0xb2, 0x2f, + 0x8c, 0xf7, 0xdd, 0x1f, 0xd9, 0xfb, 0x03, 0x76, 0xf3, 0x64, 0x7f, 0x2e, + 0x9a, 0xb3, 0xdf, 0x9c, 0x89, 0xb9, 0xad, 0x3c, 0x98, 0xe6, 0x8b, 0x89, + 0xad, 0xeb, 0x29, 0x90, 0x1d, 0xd2, 0xf2, 0xcf, 0x2a, 0xc1, 0xf8, 0x17, + 0x72, 0x62, 0x78, 0x83, 0x0e, 0xc8, 0xa8, 0xd0, 0xfd, 0xd1, 0x9d, 0x49, + 0x6e, 0xc6, 0xbc, 0x68, 0x36, 0x71, 0x17, 0x47, 0x86, 0xb7, 0xd6, 0xa8, + 0xe8, 0x22, 0xfa, 0x71, 0xd6, 0x5a, 0xd3, 0x5a, 0xbb, 0xdf, 0x0e, 0x6e, + 0x55, 0xff, 0x2c, 0x18, 0x21, 0xb6, 0x2b, 0xc6, 0x30, 0x19, 0x21, 0x60, + 0xe5, 0xc9, 0xb3, 0xdc, 0xaf, 0xc6, 0x5a, 0xe6, 0xb2, 0xa0, 0x88, 0xfb, + 0xc5, 0x59, 0x1d, 0xa5, 0x8a, 0x45, 0xdd, 0x7a, 0x30, 0x96, 0x0f, 0x7d, + 0x3d, 0xef, 0x75, 0xb8, 0x0c, 0xdf, 0x73, 0x24, 0x73, 0x60, 0xe8, 0xfb, + 0x02, 0x41, 0x07, 0x2e, 0x37, 0x1a, 0x3b, 0xa8, 0x61, 0xe7, 0x8e, 0x3e, + 0xb9, 0x31, 0x30, 0x65, 0xfa, 0xab, 0x0a, 0x97, 0x21, 0x6e, 0x95, 0x44, + 0xbf, 0xc2, 0xd5, 0xb4, 0x03, 0x84, 0x4b, 0x43, 0x27, 0x37, 0x05, 0x75, + 0x5a, 0x85, 0xaa, 0x0b, 0xaf, 0x71, 0x14, 0x77, 0x0c, 0xfe, 0xca, 0x20, + 0xbc, 0xa1, 0x7a, 0xc1, 0x9b, 0xc4, 0xcb, 0xba, 0x10, 0x6a, 0x33, 0xb3, + 0xdd, 0xdc, 0xa0, 0xfb, 0x53, 0x5f, 0x33, 0x02, 0x41, 0x06, 0x0e, 0x6a, + 0xf3, 0x7a, 0xb4, 0xea, 0x11, 0xf5, 0x2b, 0x93, 0x44, 0xe7, 0x16, 0x0e, + 0xb2, 0xa5, 0x3f, 0x10, 0x75, 0xe1, 0x22, 0x9a, 0x7f, 0x10, 0xa3, 0x01, + 0xde, 0x33, 0x59, 0xf5, 0x3e, 0x98, 0x1e, 0xa0, 0xe1, 0x7d, 0xf0, 0xfb, + 0x38, 0x0f, 0x08, 0x9e, 0x5c, 0x37, 0xdd, 0x40, 0xda, 0xa2, 0x9e, 0xef, + 0xd2, 0x05, 0xf5, 0xc8, 0x7b, 0x38, 0xf8, 0xfe, 0xf6, 0x36, 0xb5, 0x7b, + 0xa0, 0x53, 0x02, 0x41, 0x02, 0x3a, 0x5d, 0xd0, 0x9e, 0xf8, 0x35, 0x40, + 0xb3, 0x0b, 0x55, 0x4d, 0x24, 0xf6, 0x4f, 0x9c, 0x28, 0xd2, 0x12, 0x06, + 0x8c, 0xfc, 0x62, 0xff, 0xe2, 0x6d, 0x53, 0xb6, 0x05, 0xe0, 0x55, 0x57, + 0xa6, 0x32, 0xee, 0x9e, 0x90, 0xcf, 0xc5, 0x65, 0x31, 0xf3, 0x6a, 0xad, + 0xd8, 0x2b, 0xe6, 0x3b, 0xb8, 0xaa, 0x40, 0x5a, 0x04, 0xd8, 0xbb, 0xe5, + 0x28, 0x1b, 0xc4, 0x58, 0x83, 0xfe, 0xd7, 0xb4, 0xaf, 0x02, 0x41, 0x04, + 0x1d, 0xe6, 0xdb, 0xad, 0x4c, 0xaf, 0x54, 0x17, 0xa9, 0x50, 0x49, 0x65, + 0x20, 0x1c, 0x4b, 0x99, 0x82, 0x7d, 0xe8, 0xf3, 0x69, 0xf7, 0x45, 0x6a, + 0x84, 0xb3, 0xef, 0x5c, 0x4e, 0xc9, 0x23, 0x8c, 0x7a, 0x3d, 0x78, 0x2a, + 0x89, 0x15, 0xeb, 0xec, 0x64, 0x3a, 0x69, 0x8b, 0x5b, 0xee, 0x0a, 0xf0, + 0xc2, 0x43, 0x59, 0x2b, 0xce, 0x00, 0x42, 0xaa, 0xde, 0xaf, 0x49, 0xa4, + 0xb4, 0xc6, 0xdd, 0x9b, 0x02, 0x41, 0x05, 0xd3, 0x2d, 0xee, 0x95, 0x2b, + 0x50, 0x3b, 0x53, 0x6f, 0xce, 0xcf, 0x19, 0xec, 0x08, 0x23, 0x6a, 0x9c, + 0xd9, 0x45, 0xc4, 0x95, 0x51, 0xbf, 0x99, 0xf1, 0x5b, 0x67, 0x4f, 0xc2, + 0x1a, 0xa1, 0x99, 0xf4, 0xc4, 0x21, 0x1f, 0x0f, 0x00, 0x07, 0xc4, 0x17, + 0xc1, 0xfb, 0x41, 0x55, 0x32, 0x6a, 0x21, 0x42, 0xfc, 0xa4, 0x54, 0xbb, + 0xd3, 0x8d, 0x6d, 0xbc, 0x6c, 0xaa, 0x7a, 0xc3, 0x35, 0xa1, 0x7c, }; const unsigned char test_rsa_2048[] = { - 0x30, 0x82, 0x04, 0xa4, 0x02, 0x01, 0x00, 0x02, 0x82, 0x01, 0x01, 0x00, - 0xd3, 0x67, 0x70, 0x8d, 0x0a, 0x25, 0x6c, 0x81, 0xb1, 0x25, 0xae, 0xf9, - 0xcb, 0x57, 0x0f, 0xb5, 0xb1, 0x14, 0xa3, 0xc7, 0x91, 0xfd, 0xee, 0x13, - 0x63, 0x96, 0xd5, 0x56, 0x17, 0x2b, 0xa1, 0xea, 0xf1, 0x25, 0x29, 0xb1, - 0xac, 0x7f, 0x56, 0xcb, 0xdc, 0x6d, 0x1b, 0x21, 0x2b, 0x4d, 0xee, 0x0d, - 0xd0, 0xff, 0x3b, 0xdc, 0x5d, 0x08, 0x37, 0x5e, 0xf0, 0x33, 0x84, 0x11, - 0x0e, 0x0d, 0xe9, 0x3a, 0xda, 0x65, 0xfa, 0xd6, 0xd7, 0x22, 0x4a, 0x6e, - 0xa8, 0xf7, 0x49, 0x4b, 0x6f, 0xbe, 0xc2, 0x2f, 0xb8, 0xa0, 0x86, 0xdc, - 0x7a, 0xe6, 0xcf, 0x9b, 0x9e, 0x9a, 0xa3, 0xbd, 0x25, 0x29, 0x38, 0x17, - 0x60, 0x31, 0x81, 0x84, 0x3b, 0xbb, 0x6d, 0xa6, 0x62, 0xf8, 0xee, 0x8f, - 0x27, 0xd3, 0x26, 0x29, 0xb8, 0xc0, 0xef, 0x84, 0x18, 0x5a, 0xaa, 0x5a, - 0x35, 0x80, 0x9a, 0x78, 0x8c, 0x3a, 0x45, 0x32, 0xd0, 0x67, 0xcf, 0x0c, - 0x02, 0xdb, 0x26, 0x15, 0x66, 0x97, 0x78, 0x68, 0xe1, 0x28, 0x7c, 0x15, - 0xb5, 0xe9, 0x73, 0x38, 0xf3, 0x5c, 0x9f, 0xcc, 0xf7, 0x5b, 0x76, 0xef, - 0x77, 0xa0, 0xbf, 0xd2, 0x1c, 0x06, 0x91, 0xd2, 0xaf, 0x1d, 0xa2, 0x1f, - 0x27, 0xd4, 0xd9, 0x8d, 0x59, 0x13, 0x7e, 0xed, 0xe3, 0x04, 0x50, 0xb9, - 0xb2, 0x53, 0x90, 0x8b, 0xaa, 0x73, 0xc1, 0x1e, 0x5e, 0x7b, 0x76, 0x3a, - 0x3e, 0x5c, 0xf4, 0x5e, 0xbb, 0xc4, 0xb8, 0x41, 0xb5, 0x22, 0x79, 0x42, - 0x76, 0x6b, 0x04, 0xee, 0x70, 0x6e, 0x6d, 0xfd, 0x1a, 0x34, 0x96, 0x9b, - 0xc4, 0x8f, 0x19, 0xd1, 0xc3, 0xcd, 0x9e, 0x57, 0xfd, 0x08, 0x83, 0xbb, - 0xe1, 0x9f, 0x76, 0xa7, 0x17, 0xa6, 0x3c, 0x74, 0x63, 0x90, 0x4c, 0x77, - 0xb8, 0x7f, 0xa0, 0x50, 0xbc, 0x3c, 0xfe, 0x51, 0x6e, 0xd0, 0x3d, 0x39, - 0x0e, 0xe4, 0x07, 0x3f, 0x02, 0x03, 0x01, 0x00, 0x01, 0x02, 0x82, 0x01, - 0x00, 0x13, 0x5c, 0x5b, 0xd0, 0x6e, 0xe7, 0x72, 0x82, 0x86, 0x28, 0xbf, - 0x57, 0x9d, 0x29, 0xc2, 0x04, 0x8f, 0xcd, 0x26, 0x1a, 0xb6, 0xe2, 0x1c, - 0x95, 0xa5, 0xff, 0x40, 0x56, 0x7c, 0x14, 0xc0, 0xe5, 0x75, 0x64, 0x43, - 0xe7, 0x43, 0xb6, 0xfd, 0xc9, 0xf9, 0xcb, 0xfc, 0x3a, 0x13, 0x6f, 0x35, - 0xa8, 0x0a, 0x45, 0xf5, 0xc3, 0x7e, 0xb9, 0xab, 0xe8, 0x83, 0xf3, 0x13, - 0xdb, 0x44, 0x00, 0x3e, 0x25, 0xe7, 0xae, 0x83, 0x44, 0x7d, 0xbb, 0x64, - 0x39, 0xb2, 0x3b, 0xc3, 0x78, 0xa7, 0x29, 0x3f, 0x3b, 0x83, 0x9b, 0x1f, - 0xfe, 0xbd, 0x3a, 0xba, 0x34, 0xb4, 0x57, 0xd1, 0x3b, 0x17, 0x56, 0x29, - 0x0e, 0xea, 0xfe, 0x5d, 0xb0, 0x30, 0x90, 0x3f, 0xc0, 0x87, 0x3b, 0xe9, - 0x0d, 0x2f, 0x46, 0x85, 0x2e, 0x38, 0xff, 0x62, 0x70, 0x24, 0x92, 0xd9, - 0x1b, 0x1d, 0xdf, 0x43, 0x46, 0x5b, 0x01, 0x53, 0x28, 0xe3, 0x86, 0x4a, - 0xfc, 0x50, 0x65, 0xe5, 0xa1, 0x41, 0x5b, 0xef, 0x0c, 0xf5, 0xd1, 0x82, - 0x81, 0xa4, 0xbb, 0x07, 0xf7, 0x34, 0xbe, 0x94, 0xaa, 0x84, 0x38, 0x13, - 0x28, 0x86, 0xc0, 0x61, 0x9d, 0xd9, 0xc0, 0xc0, 0x62, 0x23, 0x3b, 0x1c, - 0x2e, 0x8e, 0x2e, 0x00, 0xc4, 0x73, 0xc3, 0x7d, 0xa7, 0xb4, 0xae, 0xc1, - 0x97, 0x60, 0x36, 0x38, 0xa5, 0xe9, 0xae, 0xe6, 0xef, 0x44, 0x69, 0x47, - 0x28, 0xd9, 0x44, 0xe5, 0x14, 0x5a, 0xd9, 0x2a, 0x03, 0xb0, 0x71, 0x14, - 0x28, 0x28, 0x0d, 0x43, 0x97, 0x90, 0x35, 0xaf, 0x23, 0xca, 0x7a, 0x5f, - 0x5f, 0x4b, 0xe9, 0x1c, 0xc6, 0xbe, 0x86, 0x04, 0x1c, 0xa5, 0x23, 0x44, - 0x91, 0xa2, 0xec, 0x6d, 0xcb, 0x95, 0x18, 0x75, 0x6d, 0xf5, 0xe4, 0xa7, - 0x33, 0x7a, 0xa0, 0x9b, 0x5c, 0x0b, 0xcf, 0x10, 0x85, 0x30, 0xbd, 0xa6, - 0xcc, 0x35, 0x6d, 0x6e, 0xf1, 0x02, 0x81, 0x81, 0x00, 0xf4, 0xf2, 0xbf, - 0xf3, 0x44, 0xa0, 0x29, 0x23, 0xe7, 0x07, 0x5c, 0x81, 0x46, 0xb5, 0x6a, - 0xbc, 0xf9, 0x1c, 0x8e, 0x16, 0x70, 0x21, 0x5d, 0x27, 0xe1, 0x46, 0x12, - 0x09, 0x12, 0x46, 0xea, 0x52, 0x35, 0xbf, 0x9c, 0x50, 0xab, 0xe5, 0x0f, - 0xc4, 0x6b, 0xb0, 0x17, 0x5d, 0x35, 0x8c, 0x8e, 0x9e, 0x91, 0xd4, 0xe5, - 0xfe, 0xae, 0x95, 0x0c, 0xd7, 0xd5, 0xc8, 0xfd, 0x8a, 0x19, 0x2c, 0xba, - 0xe9, 0x7f, 0x9f, 0x15, 0x33, 0xbf, 0xec, 0x2f, 0xe9, 0x45, 0x5f, 0x80, - 0xa9, 0xf4, 0x96, 0xf5, 0x89, 0xbb, 0x94, 0x42, 0x10, 0x00, 0x46, 0x2a, - 0x6e, 0x1f, 0xee, 0xfd, 0xe8, 0x78, 0xae, 0xf7, 0x2a, 0xa5, 0x22, 0x5f, - 0x77, 0xae, 0x1a, 0x08, 0xd6, 0x35, 0x5e, 0xdb, 0x38, 0x4a, 0xd1, 0x60, - 0xb5, 0xf9, 0xd9, 0x95, 0x00, 0x26, 0x6f, 0xf7, 0x12, 0x52, 0x5b, 0x1d, - 0x09, 0x28, 0xdd, 0x21, 0xbb, 0x02, 0x81, 0x81, 0x00, 0xdc, 0xf1, 0x3d, - 0xbb, 0x87, 0xf7, 0xae, 0x69, 0xe8, 0x18, 0x94, 0x51, 0x2c, 0x78, 0xaf, - 0x1c, 0x8b, 0x77, 0x22, 0x49, 0xce, 0xd2, 0x1a, 0xc2, 0xbc, 0x0f, 0xca, - 0x63, 0x1d, 0x92, 0x1e, 0x98, 0x94, 0x5b, 0xda, 0x57, 0xcd, 0x98, 0xa6, - 0x6a, 0x54, 0x8f, 0x43, 0x93, 0x7f, 0x0f, 0xca, 0xe5, 0x2e, 0xf5, 0x50, - 0x06, 0x43, 0x0e, 0xbf, 0xec, 0x08, 0x53, 0xba, 0x04, 0x8f, 0x54, 0x35, - 0xa3, 0x21, 0x9e, 0xf9, 0xfc, 0x53, 0x37, 0xf3, 0xb5, 0x3a, 0x95, 0x7a, - 0x60, 0x89, 0xc9, 0x53, 0xaf, 0xf4, 0x2e, 0x39, 0x83, 0x15, 0x67, 0x38, - 0x7f, 0x65, 0x4f, 0xce, 0xcd, 0x42, 0x0b, 0x84, 0x83, 0xdf, 0xe0, 0xf3, - 0x59, 0x1f, 0x62, 0xef, 0x64, 0xc3, 0xbc, 0xe8, 0x56, 0xff, 0x20, 0xcd, - 0xe4, 0xfb, 0xa3, 0x50, 0xa3, 0xca, 0xfb, 0xd8, 0xbe, 0x96, 0x94, 0x06, - 0x9a, 0x02, 0x1b, 0x86, 0x4d, 0x02, 0x81, 0x81, 0x00, 0xa0, 0xb7, 0x05, - 0xaa, 0x9f, 0xc4, 0x56, 0x39, 0xf0, 0x43, 0xac, 0x36, 0x46, 0x26, 0x92, - 0x3a, 0x1b, 0x58, 0xd9, 0x01, 0x6f, 0xe0, 0xf4, 0x36, 0x4e, 0x60, 0xa3, - 0x44, 0xc0, 0x71, 0x37, 0x1d, 0x69, 0x96, 0xa7, 0x01, 0x67, 0x47, 0x8b, - 0xe8, 0xdc, 0x9f, 0x55, 0x35, 0x1b, 0x05, 0x76, 0x2e, 0x24, 0x91, 0x03, - 0xb6, 0xee, 0xe5, 0x6c, 0xdf, 0xd0, 0xad, 0x67, 0x6d, 0x4c, 0xc7, 0x44, - 0x7c, 0x1f, 0xf8, 0x48, 0xf9, 0x03, 0x5b, 0xfc, 0xb3, 0x99, 0x88, 0xe7, - 0xea, 0x9b, 0x48, 0xd1, 0x21, 0xe5, 0xa9, 0x89, 0x0e, 0xe6, 0x9f, 0x23, - 0x07, 0xce, 0x7c, 0x08, 0xac, 0x97, 0x42, 0x75, 0x79, 0xcd, 0x8f, 0x98, - 0x03, 0xf6, 0x7f, 0xae, 0x7c, 0x9d, 0xd7, 0xf7, 0x0e, 0x20, 0x48, 0xf0, - 0xa3, 0x75, 0xa3, 0x85, 0x57, 0xeb, 0xe0, 0x5a, 0xc3, 0xf2, 0xb5, 0x45, - 0x7f, 0xd5, 0x08, 0x02, 0x31, 0x02, 0x81, 0x80, 0x6b, 0x9f, 0xc7, 0xe6, - 0x75, 0xd1, 0x1c, 0xd0, 0xd2, 0x12, 0x47, 0x0d, 0x53, 0x90, 0x66, 0x1c, - 0x8d, 0x83, 0x36, 0xdc, 0xa5, 0x36, 0x8b, 0x7a, 0x98, 0x89, 0x48, 0x99, - 0x07, 0x6a, 0x8a, 0x24, 0xe0, 0xff, 0xed, 0x58, 0x1f, 0xfa, 0x5f, 0xf6, - 0x23, 0xc2, 0xb5, 0xb4, 0x3f, 0x8c, 0xbd, 0xd4, 0xee, 0x0e, 0xe9, 0x30, - 0x63, 0xb1, 0xe7, 0xa3, 0x5e, 0x5b, 0x0a, 0x9d, 0xf6, 0x03, 0x9b, 0x2d, - 0x1f, 0xcf, 0x85, 0x0e, 0x78, 0xab, 0x24, 0xb7, 0xff, 0x15, 0x99, 0x4b, - 0x35, 0x53, 0x30, 0xc4, 0xe1, 0x39, 0x33, 0x22, 0xbb, 0x66, 0x50, 0x8b, - 0x1e, 0x1a, 0xc6, 0x2e, 0x0e, 0x21, 0xf6, 0x27, 0x17, 0x03, 0x49, 0x06, - 0xfc, 0xd7, 0x00, 0xae, 0x20, 0xfb, 0x00, 0x62, 0x80, 0x5c, 0xc6, 0x6e, - 0xe8, 0x75, 0x21, 0x6e, 0xe8, 0x0d, 0xce, 0x02, 0xe8, 0xee, 0xaa, 0x58, - 0x92, 0xf6, 0x3d, 0x71, 0x02, 0x81, 0x81, 0x00, 0x84, 0x6e, 0x5b, 0x4e, - 0x97, 0xdd, 0xef, 0xaa, 0x17, 0x06, 0xe8, 0xa0, 0x9b, 0x00, 0x49, 0x1f, - 0xaa, 0x50, 0x28, 0x35, 0x04, 0xae, 0xf1, 0x74, 0xdf, 0xcc, 0x60, 0xfc, - 0xe2, 0x97, 0x7d, 0x81, 0xdc, 0x91, 0x11, 0xbc, 0xb4, 0x9e, 0x84, 0x87, - 0xf7, 0xd8, 0xf7, 0x4f, 0xa4, 0x76, 0x5f, 0x86, 0xec, 0x26, 0x7f, 0xb3, - 0x3c, 0x37, 0x15, 0xc4, 0x43, 0xda, 0x51, 0x54, 0xf7, 0x10, 0x05, 0x25, - 0x24, 0x11, 0x92, 0xa8, 0xb9, 0x41, 0x1a, 0xd2, 0x01, 0xd5, 0x52, 0xac, - 0x99, 0x07, 0x59, 0xdc, 0xcf, 0x8d, 0x7f, 0x7d, 0x5f, 0x01, 0xa6, 0x77, - 0xe5, 0x83, 0xfd, 0x6a, 0x1f, 0x7b, 0xcb, 0x38, 0x29, 0xfc, 0xd0, 0x6f, - 0x6b, 0x86, 0xd5, 0xcd, 0x1c, 0x63, 0x7f, 0xb0, 0x58, 0xda, 0x43, 0xc7, - 0x2f, 0x81, 0xd0, 0x3f, 0xd5, 0x8f, 0xa1, 0xda, 0xf1, 0x75, 0xda, 0x4c, - 0x5b, 0x4f, 0x2c, 0x20, + 0x30, 0x82, 0x04, 0xa3, 0x02, 0x01, 0x00, 0x02, 0x82, 0x01, 0x01, 0x00, + 0xf7, 0xbb, 0x6b, 0x8e, 0xab, 0x40, 0x49, 0x1c, 0xd6, 0x44, 0x55, 0xec, + 0x04, 0xd4, 0xed, 0x8d, 0xb5, 0x05, 0x1a, 0x97, 0x38, 0xfc, 0x7a, 0xf7, + 0x3f, 0xf3, 0xb0, 0x97, 0x51, 0x1c, 0xce, 0x40, 0xaa, 0xf7, 0x65, 0x37, + 0xb1, 0x35, 0x35, 0x04, 0x42, 0x79, 0x86, 0xb7, 0xb2, 0xb5, 0x3a, 0x96, + 0x4a, 0x69, 0x37, 0xb5, 0x58, 0xec, 0x0d, 0x1d, 0xea, 0x27, 0x4a, 0xf2, + 0xb8, 0xff, 0xf2, 0xf0, 0x94, 0xc2, 0x43, 0xfa, 0x57, 0x72, 0x66, 0xa7, + 0x9d, 0xb0, 0xc2, 0x6f, 0xfe, 0x30, 0x41, 0x6d, 0x23, 0xef, 0x05, 0xdd, + 0x5f, 0xec, 0xab, 0x41, 0x3e, 0xbb, 0xb4, 0xf8, 0x52, 0x6a, 0xe7, 0x20, + 0xa9, 0x45, 0x84, 0x22, 0x6b, 0x37, 0xd9, 0x2e, 0xf4, 0x63, 0xfc, 0x73, + 0x6c, 0xb3, 0x8e, 0x53, 0x0e, 0x74, 0x88, 0xd9, 0x16, 0x2f, 0x57, 0x26, + 0x80, 0x7b, 0xc5, 0x43, 0x13, 0x8a, 0x2d, 0x25, 0x8a, 0xdb, 0x4d, 0x68, + 0x02, 0x21, 0xc2, 0x53, 0x23, 0x81, 0xcc, 0xfa, 0x81, 0xbc, 0x89, 0xbc, + 0x3d, 0x7b, 0x84, 0x03, 0x9c, 0x2d, 0xf4, 0x1c, 0xe3, 0xec, 0x8d, 0xb9, + 0x1c, 0x23, 0x80, 0xe7, 0x81, 0xba, 0x3a, 0xa9, 0xe2, 0x3b, 0x74, 0xed, + 0x99, 0x73, 0xd4, 0x90, 0x8e, 0xfc, 0xa4, 0x7a, 0xa8, 0xd9, 0xb7, 0xb0, + 0xa4, 0x42, 0x32, 0x97, 0xa4, 0x04, 0x42, 0x7c, 0x3f, 0x3c, 0xd6, 0xe0, + 0x78, 0x2e, 0x45, 0x53, 0x88, 0x0f, 0x06, 0xba, 0x39, 0xa6, 0x4f, 0x4a, + 0x7b, 0x0e, 0xef, 0x92, 0x1a, 0x60, 0x50, 0xa2, 0x07, 0xce, 0xfa, 0xdc, + 0xf0, 0x73, 0x94, 0xa3, 0xe1, 0x8e, 0xa9, 0x15, 0xdc, 0x84, 0x97, 0xe7, + 0xae, 0x61, 0xfc, 0x31, 0x62, 0xf6, 0x2f, 0x50, 0x65, 0xa6, 0x92, 0xaf, + 0x07, 0x72, 0x66, 0xf7, 0x36, 0x0c, 0x20, 0x76, 0xce, 0xbe, 0xaf, 0x14, + 0xcb, 0x22, 0xc1, 0xed, 0x02, 0x03, 0x01, 0x00, 0x01, 0x02, 0x82, 0x01, + 0x00, 0x00, 0xb8, 0x96, 0x2d, 0xce, 0x60, 0x4b, 0xc6, 0x2e, 0x76, 0x78, + 0xf4, 0x8c, 0xa8, 0x0c, 0xff, 0xf4, 0x56, 0xad, 0x36, 0xe2, 0xf6, 0xd3, + 0x29, 0xcc, 0x91, 0x1a, 0x42, 0xba, 0x7c, 0xf5, 0xb9, 0xb8, 0xf5, 0xaa, + 0xe1, 0x00, 0x5e, 0x4a, 0x06, 0xf6, 0xe5, 0x91, 0x27, 0x90, 0x38, 0xd8, + 0x50, 0x8f, 0x2b, 0x62, 0xba, 0xdf, 0xa5, 0x22, 0x3d, 0xa3, 0xcc, 0x94, + 0xfa, 0x83, 0x60, 0xd5, 0x55, 0x6f, 0x6d, 0x68, 0x52, 0xbe, 0x75, 0xea, + 0x08, 0x13, 0x5c, 0xac, 0x18, 0x34, 0xda, 0x71, 0x9a, 0x4e, 0x78, 0x37, + 0xe1, 0x66, 0xd1, 0xd2, 0xc6, 0xc8, 0x16, 0xb6, 0x46, 0x61, 0xc1, 0x07, + 0x66, 0xb0, 0x2f, 0x70, 0x5c, 0xc4, 0x48, 0x9f, 0x94, 0x74, 0x28, 0x25, + 0x58, 0x35, 0xa9, 0x09, 0x21, 0x43, 0x41, 0xc2, 0x13, 0x35, 0xae, 0x12, + 0x18, 0x1d, 0xd8, 0x1e, 0x61, 0x1d, 0x59, 0xb1, 0xdb, 0x70, 0x66, 0x7b, + 0xeb, 0xd7, 0xe9, 0x2b, 0x71, 0xe1, 0xd3, 0x88, 0x31, 0x8d, 0x3e, 0xc1, + 0x4d, 0x61, 0x6f, 0x72, 0xc2, 0x31, 0xf6, 0x72, 0x7a, 0x18, 0x3e, 0x68, + 0x18, 0x28, 0x5b, 0xd6, 0x5f, 0x65, 0x72, 0xca, 0xdc, 0x90, 0x12, 0x24, + 0x88, 0x21, 0xb2, 0xd0, 0xae, 0x6c, 0xed, 0xd3, 0x0c, 0xa4, 0x40, 0xd4, + 0xd3, 0x4c, 0xd7, 0x7e, 0x2c, 0xf6, 0xb4, 0x0e, 0xd2, 0xc7, 0xd8, 0x56, + 0xb3, 0x0d, 0x47, 0x47, 0x33, 0xfc, 0xe0, 0xfb, 0x69, 0x5c, 0x3e, 0x65, + 0x30, 0xc0, 0x79, 0xae, 0xd9, 0x55, 0xe4, 0x07, 0x30, 0x55, 0xf2, 0x65, + 0x5d, 0x4b, 0x67, 0x1e, 0x29, 0x1f, 0xde, 0x40, 0x0f, 0x2f, 0x06, 0xd0, + 0xb3, 0x3f, 0x87, 0xd2, 0x61, 0xe0, 0xad, 0x3d, 0xae, 0x48, 0xa9, 0x13, + 0x84, 0x1b, 0x34, 0xcf, 0xed, 0x03, 0x79, 0x0f, 0xca, 0xee, 0x00, 0xde, + 0x2e, 0x90, 0xfb, 0x96, 0x21, 0x02, 0x81, 0x81, 0x00, 0xfc, 0xbe, 0x89, + 0xcd, 0x1a, 0xa3, 0x19, 0xe4, 0x9e, 0xf4, 0xf7, 0x21, 0x49, 0xbf, 0x06, + 0xda, 0x57, 0xdc, 0xc6, 0x4d, 0x3d, 0xe6, 0x05, 0xe9, 0xff, 0x3e, 0x76, + 0xfc, 0x66, 0xf4, 0xb1, 0xe2, 0x87, 0x82, 0x45, 0xff, 0xd7, 0x19, 0x90, + 0x51, 0x1b, 0x17, 0xe9, 0x7f, 0x33, 0x81, 0x88, 0x89, 0xa8, 0xc2, 0x1b, + 0x55, 0x27, 0xfd, 0x18, 0x13, 0x27, 0xaf, 0xfe, 0x88, 0xf9, 0xbb, 0xa6, + 0x70, 0xc4, 0xe6, 0xf1, 0xe6, 0x30, 0x9b, 0xd0, 0x32, 0x30, 0x74, 0xe4, + 0xcb, 0xcf, 0x23, 0xdc, 0xe3, 0xc1, 0x9b, 0x8d, 0x54, 0x95, 0xf5, 0x6a, + 0x93, 0x05, 0x9b, 0xa7, 0x41, 0x4f, 0x28, 0xed, 0x1e, 0xc9, 0x06, 0xad, + 0x18, 0xc6, 0x3d, 0xe1, 0x14, 0x8a, 0xbc, 0xfe, 0x9b, 0xe7, 0x98, 0x60, + 0x00, 0xf4, 0x25, 0xe5, 0x80, 0xb7, 0x0e, 0x43, 0xe4, 0x8e, 0x24, 0xfa, + 0x9d, 0x51, 0xaa, 0xae, 0x4d, 0x02, 0x81, 0x81, 0x00, 0xfa, 0xec, 0x5a, + 0x7b, 0xed, 0x2e, 0x53, 0xcf, 0xca, 0x1e, 0x16, 0x7d, 0xb4, 0x64, 0x1d, + 0xb5, 0xa0, 0x0f, 0xe2, 0xc3, 0x28, 0x12, 0x54, 0x23, 0xd5, 0x94, 0x78, + 0x9f, 0x3e, 0xc0, 0x72, 0xc6, 0x23, 0xe7, 0xaf, 0xbd, 0xee, 0x00, 0x89, + 0xfd, 0x26, 0x30, 0x76, 0x51, 0xf6, 0xd3, 0x61, 0x1a, 0x88, 0xaf, 0x28, + 0xc3, 0x45, 0x85, 0xd5, 0xcb, 0x71, 0x3a, 0x65, 0x0c, 0x35, 0x93, 0x3f, + 0x58, 0x94, 0x4d, 0xb9, 0xbd, 0x15, 0xba, 0x9f, 0xc2, 0x8b, 0x07, 0xe6, + 0x70, 0x5b, 0x7b, 0x3e, 0xf1, 0xcc, 0xb4, 0x8d, 0x21, 0xa5, 0x35, 0x69, + 0xc8, 0xb8, 0x4c, 0x44, 0x4b, 0x61, 0xea, 0x5c, 0x6e, 0x67, 0xb5, 0x4f, + 0x0a, 0xfd, 0x85, 0x2f, 0xfb, 0x8c, 0x92, 0xa1, 0x11, 0xfa, 0xb8, 0x67, + 0x72, 0x63, 0xee, 0xb8, 0x0c, 0xf1, 0xa3, 0x40, 0x3b, 0x4a, 0x9a, 0x20, + 0x97, 0x76, 0x94, 0x72, 0x21, 0x02, 0x81, 0x80, 0x2f, 0xf9, 0x9a, 0xfe, + 0xab, 0xc7, 0xb9, 0xea, 0x83, 0xa1, 0xcc, 0x27, 0x2d, 0x70, 0x6d, 0x44, + 0x94, 0xd8, 0xfb, 0x6b, 0x3e, 0x0c, 0xa3, 0xa2, 0xbf, 0x28, 0x84, 0x3d, + 0x74, 0xed, 0x8d, 0xb6, 0x8a, 0x32, 0x58, 0x47, 0x2f, 0xf5, 0x52, 0x47, + 0x92, 0xf4, 0xff, 0x05, 0x7e, 0x29, 0x60, 0x59, 0x81, 0x07, 0x17, 0x59, + 0x1a, 0xb6, 0x18, 0x13, 0xca, 0xbc, 0xc5, 0x7c, 0x0a, 0xab, 0x6b, 0xf4, + 0x8b, 0xeb, 0xaa, 0x8f, 0x1f, 0x3a, 0xf4, 0x52, 0x12, 0x90, 0x9d, 0xbd, + 0x72, 0x1c, 0x44, 0x99, 0x96, 0xee, 0x87, 0xed, 0x3e, 0x69, 0xcf, 0x49, + 0x09, 0x0f, 0x7a, 0xb8, 0x12, 0xe6, 0x99, 0xdb, 0xf6, 0x1c, 0xa6, 0x4e, + 0xc5, 0x92, 0x89, 0x5e, 0xf4, 0xd6, 0xdb, 0x1d, 0x8c, 0xe0, 0x87, 0x98, + 0xa6, 0xbf, 0x6a, 0xc8, 0xfb, 0xf6, 0x61, 0x3c, 0xc9, 0x1e, 0x8b, 0xd3, + 0xc0, 0xe4, 0xbd, 0x21, 0x02, 0x81, 0x81, 0x00, 0xb2, 0x9b, 0x34, 0x59, + 0x0b, 0xdd, 0xb3, 0x08, 0xaf, 0xec, 0xb4, 0xc3, 0xab, 0x78, 0xab, 0xf1, + 0x11, 0x4a, 0xdd, 0x75, 0x5e, 0x7b, 0x95, 0x6a, 0xa0, 0x67, 0x7b, 0x68, + 0x96, 0xa9, 0x33, 0xc9, 0x37, 0xdb, 0x7d, 0xab, 0xaa, 0xd2, 0xb5, 0x65, + 0xfd, 0x1d, 0xf7, 0xca, 0xa5, 0xef, 0x96, 0x29, 0xe5, 0xeb, 0x10, 0x0f, + 0xd6, 0xd7, 0xc9, 0xf3, 0x72, 0xd8, 0x46, 0xfe, 0xe6, 0xcf, 0xb6, 0x02, + 0x5e, 0x25, 0xe9, 0x34, 0xdf, 0x57, 0xa4, 0xca, 0x3c, 0x5e, 0x56, 0x37, + 0xd9, 0xd6, 0x23, 0x5a, 0xc8, 0x04, 0x28, 0x85, 0x2f, 0x6c, 0x92, 0xac, + 0xae, 0x0a, 0x93, 0x7e, 0x38, 0xe7, 0x31, 0xfd, 0xe0, 0x52, 0x1d, 0x3e, + 0x4c, 0x70, 0xd6, 0x53, 0xae, 0x9e, 0xdc, 0x89, 0xc8, 0xb6, 0x23, 0xe4, + 0x37, 0x9f, 0xbf, 0x60, 0x6f, 0x4b, 0x6d, 0xb8, 0x06, 0x85, 0x28, 0xf7, + 0xc7, 0x0f, 0x29, 0x21, 0x02, 0x81, 0x80, 0x0e, 0xd4, 0x7a, 0xe0, 0x5b, + 0x27, 0x5a, 0x23, 0xa7, 0xdf, 0xe3, 0xff, 0xb7, 0x27, 0xe3, 0xa2, 0x68, + 0xe6, 0x26, 0xa5, 0x9d, 0x40, 0x1d, 0x2d, 0x84, 0x6d, 0xe2, 0x69, 0x54, + 0xff, 0x54, 0xfc, 0x9e, 0xd9, 0x3a, 0x9a, 0xf3, 0x3f, 0xac, 0x2c, 0x96, + 0x7a, 0x18, 0xe0, 0xf8, 0x61, 0x45, 0x08, 0x3e, 0x39, 0x92, 0x34, 0x54, + 0xbc, 0x10, 0xda, 0x5f, 0x49, 0x37, 0xe8, 0x36, 0xb9, 0x98, 0x51, 0x95, + 0x6b, 0xff, 0xb3, 0x01, 0xce, 0x9e, 0x06, 0x78, 0x97, 0x86, 0x69, 0x32, + 0x13, 0xfc, 0xde, 0x6d, 0x5f, 0x29, 0x33, 0xd5, 0x2b, 0xb2, 0x9d, 0xc3, + 0x40, 0xea, 0x01, 0x12, 0x57, 0x78, 0x8d, 0x3c, 0x57, 0x75, 0xeb, 0x65, + 0x69, 0x23, 0x0a, 0xaf, 0xbf, 0x08, 0x75, 0x2d, 0x40, 0xa8, 0x41, 0x9d, + 0xe7, 0x1b, 0x01, 0xd4, 0x92, 0x7e, 0x27, 0xc1, 0x07, 0x9c, 0xaa, 0xda, + 0x05, 0x68, 0xb1, }; const unsigned char test_rsa_4096[] = { 0x30, 0x82, 0x09, 0x29, 0x02, 0x01, 0x00, 0x02, 0x82, 0x02, 0x01, 0x00, - 0xf2, 0x60, 0xe5, 0x99, 0x5a, 0xb8, 0xcf, 0xbc, 0xd2, 0x19, 0xf9, 0x31, - 0x3a, 0x3f, 0x2a, 0xda, 0x81, 0xe1, 0x19, 0x3f, 0x21, 0x44, 0x12, 0x88, - 0x1d, 0x29, 0xa9, 0xdb, 0x33, 0x9b, 0x64, 0x11, 0x25, 0xb3, 0x6a, 0x51, - 0x66, 0xfd, 0x08, 0x29, 0xa4, 0x08, 0x2d, 0x93, 0xe8, 0x5f, 0xe8, 0xb4, - 0xc7, 0x9b, 0xac, 0x6a, 0x76, 0xfb, 0xaa, 0x28, 0x7f, 0x8c, 0xd6, 0xc9, - 0x2a, 0x45, 0x6d, 0x38, 0x1a, 0xf2, 0x31, 0xf5, 0xb4, 0xd6, 0x94, 0x6c, - 0x22, 0xee, 0x9d, 0xcf, 0x39, 0x97, 0xe0, 0x72, 0x29, 0x9b, 0x46, 0x95, - 0x1a, 0x44, 0x5f, 0xd5, 0xf2, 0x69, 0xa7, 0x0d, 0xcd, 0xab, 0x00, 0x0c, - 0xa5, 0xe4, 0xee, 0x43, 0x73, 0x05, 0x98, 0x6f, 0x0b, 0x37, 0x52, 0x33, - 0x31, 0x87, 0x9c, 0x7d, 0x1c, 0xfa, 0xf1, 0x96, 0x4a, 0x2a, 0x2d, 0xd4, - 0x0c, 0x50, 0x0e, 0x49, 0x8d, 0x21, 0x2a, 0xbf, 0x19, 0x98, 0xfb, 0x68, - 0x3f, 0x06, 0x61, 0xce, 0x6c, 0x5a, 0x8b, 0xbe, 0x2b, 0x45, 0x00, 0xb3, - 0x3f, 0xc1, 0x9e, 0xca, 0xa1, 0x13, 0xa6, 0x2b, 0x2a, 0xf2, 0x59, 0xdf, - 0xb0, 0x7d, 0xcc, 0xfd, 0x39, 0x19, 0xfc, 0xd1, 0x7e, 0xdc, 0xe0, 0x07, - 0x44, 0xd4, 0xf3, 0x63, 0x88, 0x58, 0x3d, 0xd4, 0xe3, 0x64, 0x46, 0x08, - 0x7c, 0xc1, 0x19, 0x5a, 0xab, 0x56, 0xea, 0xd0, 0x6f, 0x6f, 0xf0, 0x6b, - 0x26, 0x64, 0x15, 0x39, 0xfb, 0xff, 0x36, 0xce, 0xd6, 0x3c, 0x4b, 0xba, - 0xda, 0x62, 0x3a, 0x03, 0x22, 0x0e, 0x2b, 0xe1, 0xf4, 0xa5, 0xbd, 0x9d, - 0x99, 0x2d, 0x57, 0xbc, 0xf7, 0x3f, 0x44, 0x70, 0xf2, 0xd5, 0xa8, 0x5c, - 0x08, 0xea, 0x68, 0x99, 0xaf, 0xe5, 0xc2, 0xc7, 0xeb, 0x51, 0x2f, 0x5b, - 0x53, 0xd4, 0xbd, 0x87, 0x67, 0xc1, 0xb7, 0xa8, 0xeb, 0x64, 0x67, 0x03, - 0xd5, 0x00, 0xd2, 0xd6, 0xa7, 0x42, 0x43, 0x7f, 0x0e, 0xdd, 0x2c, 0x11, - 0x0a, 0x25, 0xc9, 0xd3, 0xc6, 0x40, 0x79, 0x20, 0x0c, 0x27, 0xea, 0x70, - 0xfe, 0x3a, 0x17, 0x22, 0xa9, 0x07, 0x77, 0x6a, 0x1f, 0x4d, 0x9d, 0x85, - 0x46, 0xba, 0xad, 0x92, 0x4e, 0x2a, 0x23, 0xc8, 0x26, 0x0d, 0x8c, 0xb8, - 0xbc, 0xaf, 0x88, 0x3a, 0xe2, 0x92, 0x94, 0xe5, 0x7d, 0x23, 0xd1, 0x42, - 0xd3, 0x6b, 0xff, 0x6e, 0x07, 0xc5, 0xde, 0xb2, 0x2c, 0x07, 0xfc, 0x15, - 0xef, 0xd8, 0x86, 0x1e, 0xee, 0x7f, 0x85, 0x10, 0x08, 0x29, 0x7a, 0xd1, - 0xd0, 0x6f, 0x22, 0xc8, 0x3e, 0x17, 0xef, 0xe5, 0xf8, 0x27, 0x97, 0x40, - 0xeb, 0x75, 0xd6, 0xe3, 0x00, 0xde, 0x80, 0xd1, 0x69, 0xe7, 0x2b, 0xe1, - 0xb1, 0x81, 0xbd, 0x8e, 0x47, 0x2d, 0x47, 0xd5, 0xea, 0x48, 0x4c, 0x05, - 0xda, 0x52, 0x68, 0xc3, 0x36, 0xe6, 0x45, 0xff, 0x84, 0x3e, 0xd6, 0x9d, - 0xa9, 0x4e, 0xf8, 0xc2, 0x43, 0x80, 0x7d, 0xa9, 0x1d, 0x68, 0xa8, 0x3a, - 0xf2, 0x93, 0x4c, 0x08, 0x56, 0x44, 0x4a, 0xf4, 0xce, 0xb8, 0xa2, 0x05, - 0x18, 0x2b, 0xf6, 0x86, 0x29, 0x0e, 0x25, 0x8f, 0x7b, 0x7a, 0x01, 0xfa, - 0xd8, 0x81, 0xcc, 0x7b, 0x9c, 0x38, 0x81, 0xc1, 0xc7, 0x3f, 0x2c, 0x4e, - 0xb0, 0x86, 0x4c, 0xca, 0xdb, 0xaf, 0x49, 0x1c, 0x14, 0x15, 0x50, 0x98, - 0x29, 0x50, 0xeb, 0x3f, 0xbe, 0x20, 0x96, 0x3f, 0x7c, 0xd3, 0x5c, 0xdc, - 0x58, 0xa9, 0x00, 0x70, 0x0f, 0x7b, 0x2b, 0xf0, 0xfa, 0x26, 0x9c, 0x2b, - 0x52, 0x3f, 0x0c, 0x0b, 0xb3, 0xc6, 0xe1, 0xa4, 0xb0, 0xee, 0xa1, 0x4f, - 0x95, 0x17, 0x5d, 0xf2, 0xda, 0x2a, 0xe5, 0xd1, 0x8f, 0xf1, 0x68, 0x8e, - 0x50, 0x29, 0x20, 0xfe, 0xa8, 0x34, 0xf3, 0x99, 0x4f, 0xce, 0x0b, 0x78, - 0xb4, 0xad, 0x51, 0xe2, 0x85, 0xeb, 0xfd, 0xe1, 0x02, 0x03, 0x01, 0x00, - 0x01, 0x02, 0x82, 0x02, 0x00, 0x1a, 0x49, 0x73, 0x85, 0x49, 0x0f, 0x53, - 0xaa, 0x6f, 0x1f, 0xf5, 0x84, 0x87, 0x04, 0x6c, 0x4d, 0xa3, 0xf9, 0xe9, - 0x8e, 0xcc, 0xf9, 0x10, 0xc8, 0x75, 0xdf, 0x3b, 0xa6, 0x84, 0x27, 0x95, - 0x77, 0xfd, 0x9e, 0x82, 0x88, 0x9f, 0x12, 0x90, 0xc4, 0xd1, 0x5f, 0x38, - 0xb0, 0x3a, 0xaa, 0xd2, 0x36, 0x6f, 0x12, 0x9d, 0x65, 0xb3, 0x8f, 0x52, - 0x52, 0x4f, 0x99, 0x12, 0xff, 0x60, 0xc8, 0x04, 0x53, 0x2a, 0x2a, 0xfb, - 0xcb, 0xa1, 0xe8, 0x06, 0xd3, 0x5e, 0x8b, 0x82, 0x0e, 0x84, 0x38, 0xca, - 0x55, 0x1f, 0x59, 0x91, 0x93, 0x60, 0xb4, 0xab, 0x2f, 0x2d, 0x3a, 0x13, - 0xad, 0xdd, 0xd1, 0x2e, 0xb1, 0x70, 0x79, 0x8e, 0x74, 0xbe, 0xc0, 0x0b, - 0xda, 0xf9, 0x3c, 0xaf, 0xfb, 0xd0, 0xe2, 0x9c, 0x10, 0x7e, 0xa8, 0xe1, - 0xb4, 0x32, 0xc9, 0x75, 0xcc, 0x72, 0x64, 0x69, 0x54, 0x45, 0x4b, 0xe4, - 0x52, 0xb3, 0x00, 0x42, 0x3d, 0xf9, 0x5d, 0xe4, 0x14, 0x2a, 0xf0, 0xbc, - 0x08, 0xad, 0x31, 0x2f, 0xe5, 0x00, 0xe4, 0x6b, 0x28, 0x1f, 0x45, 0x9e, - 0x07, 0x3f, 0x02, 0x67, 0x48, 0x69, 0x20, 0x0f, 0xb0, 0x23, 0xf6, 0x03, - 0x53, 0x26, 0x3e, 0xe6, 0xc6, 0x2b, 0x0b, 0x2c, 0x75, 0x6e, 0x47, 0x61, - 0xb7, 0x59, 0xcd, 0x19, 0x82, 0x58, 0xa3, 0x69, 0xb0, 0x49, 0x76, 0x65, - 0x03, 0xa3, 0x9e, 0x60, 0x95, 0x02, 0x66, 0x26, 0xde, 0x31, 0xcc, 0x29, - 0x61, 0xcf, 0xde, 0xdc, 0xb8, 0xc0, 0x70, 0x18, 0x4a, 0x18, 0x32, 0xb0, - 0xc4, 0x32, 0x10, 0x1a, 0xab, 0x41, 0xbe, 0x66, 0xee, 0x5d, 0xe3, 0x5c, - 0xf5, 0x22, 0x05, 0x15, 0x9c, 0x1b, 0xb4, 0x6e, 0x91, 0x42, 0x80, 0x38, - 0xfa, 0x8d, 0x35, 0x32, 0x1d, 0x65, 0xcf, 0x64, 0x19, 0xd0, 0x21, 0x34, - 0x9d, 0xcb, 0x9f, 0xc9, 0x43, 0x63, 0x61, 0xd2, 0x3b, 0xd3, 0x01, 0x7f, - 0xae, 0x3f, 0x77, 0xd5, 0x5f, 0x45, 0x52, 0x9a, 0x71, 0xe8, 0xa8, 0x41, - 0xc4, 0x95, 0x96, 0xdf, 0x42, 0x3d, 0xcb, 0xb7, 0x38, 0x28, 0x73, 0x8c, - 0x11, 0xa8, 0x1f, 0xd9, 0xe3, 0x8d, 0xe1, 0x97, 0xa0, 0x74, 0xc4, 0xbe, - 0x45, 0x3e, 0x61, 0x77, 0xdd, 0x19, 0xdd, 0xcc, 0x2f, 0x75, 0xeb, 0xa7, - 0x07, 0xbe, 0x58, 0xc4, 0x41, 0x54, 0x0f, 0xd3, 0x8e, 0xcf, 0x36, 0xe7, - 0x43, 0xdc, 0xc9, 0x9a, 0xdf, 0x6e, 0x58, 0x64, 0xe0, 0xce, 0x40, 0x1f, - 0xcc, 0x43, 0x38, 0x25, 0xac, 0x4c, 0x64, 0xc8, 0xcf, 0xd3, 0x05, 0x89, - 0x34, 0x41, 0x12, 0x2b, 0xb2, 0xf5, 0x57, 0x3f, 0xe7, 0x0e, 0xf5, 0x6a, - 0x7f, 0x90, 0xdb, 0xfa, 0x97, 0xf8, 0xc2, 0xf5, 0xd9, 0xa4, 0xce, 0x07, - 0x5b, 0x09, 0xb0, 0x71, 0x17, 0xf3, 0x76, 0xc6, 0x5b, 0xc9, 0xb7, 0x73, - 0xd1, 0x07, 0xb2, 0x72, 0x71, 0xe0, 0xdc, 0x5d, 0x50, 0xa0, 0x38, 0x89, - 0xfa, 0x82, 0xb8, 0x62, 0x69, 0xcf, 0x81, 0xa1, 0x60, 0x9c, 0x33, 0x4e, - 0x5a, 0xa5, 0x9a, 0x76, 0x54, 0x1a, 0x40, 0xa1, 0xba, 0x63, 0xd0, 0xde, - 0x1c, 0x23, 0xbf, 0xed, 0x9b, 0x12, 0xc8, 0xc1, 0x41, 0x3e, 0x07, 0xe0, - 0xc8, 0xbf, 0x04, 0x73, 0xe3, 0x3a, 0xce, 0xbe, 0x54, 0x5d, 0x9d, 0x97, - 0xb9, 0xe8, 0xc9, 0x69, 0xd3, 0xc2, 0x0a, 0x1e, 0x65, 0x80, 0xa2, 0xeb, - 0x0c, 0x11, 0x77, 0x07, 0xe8, 0x09, 0xba, 0x92, 0x3d, 0xe9, 0x10, 0x77, - 0xf4, 0x8b, 0x7b, 0x8f, 0x9e, 0x1d, 0xe9, 0x97, 0x76, 0x94, 0x6a, 0x91, - 0x13, 0xb7, 0x42, 0x2d, 0xdf, 0x70, 0x3c, 0x5c, 0xb6, 0x8f, 0xb5, 0x7c, - 0x21, 0x55, 0x23, 0x72, 0xe7, 0x45, 0xba, 0xb2, 0xf6, 0x3a, 0x30, 0x0f, - 0x51, 0x52, 0x08, 0x13, 0x56, 0x1e, 0x7c, 0x4d, 0x52, 0x60, 0x1c, 0x79, - 0xd5, 0x02, 0x82, 0x01, 0x01, 0x00, 0xfb, 0xfe, 0x82, 0xfc, 0x4e, 0x1f, - 0x85, 0x7e, 0x0f, 0xf0, 0x55, 0x93, 0x9c, 0xf9, 0x0c, 0x64, 0xc9, 0xe1, - 0xbb, 0xa9, 0x69, 0xae, 0x17, 0x07, 0x72, 0x25, 0x8d, 0x99, 0x19, 0x43, - 0xc1, 0x29, 0x96, 0xcf, 0x27, 0x01, 0x85, 0x55, 0xca, 0x10, 0xcb, 0xf6, - 0xfe, 0x31, 0x82, 0x66, 0x23, 0xfb, 0xf0, 0xf7, 0xb1, 0x2c, 0x07, 0x5f, - 0xeb, 0x9c, 0xf0, 0xb8, 0xf1, 0x01, 0xc8, 0x7b, 0xde, 0xa2, 0x5e, 0x7f, - 0x03, 0x25, 0x73, 0x49, 0x27, 0x57, 0x30, 0x7f, 0x55, 0x55, 0x58, 0x15, - 0x16, 0x13, 0x70, 0x75, 0x69, 0x86, 0xc0, 0xf9, 0x5c, 0xd7, 0x35, 0x38, - 0xf9, 0xa2, 0xed, 0x0a, 0xa4, 0xe1, 0x57, 0xcf, 0x1c, 0x1c, 0x75, 0x78, - 0xbc, 0xb0, 0x88, 0x13, 0x35, 0x19, 0x7c, 0x58, 0x1a, 0xec, 0x7a, 0x0f, - 0x8b, 0x77, 0xf3, 0x4f, 0xaa, 0xa8, 0xcc, 0xd8, 0x06, 0x5c, 0x1e, 0x9a, - 0x3f, 0x52, 0x66, 0x96, 0x44, 0x0c, 0xfd, 0x9c, 0xdd, 0xc7, 0xef, 0x87, - 0x4c, 0xb4, 0xa3, 0xd3, 0xf0, 0xaf, 0x0b, 0x02, 0x5a, 0xcb, 0xc0, 0xce, - 0xda, 0xd3, 0xba, 0xdc, 0x7e, 0xca, 0xd8, 0xfa, 0x80, 0xf1, 0xe5, 0x40, - 0xcd, 0x42, 0xa6, 0x32, 0x81, 0x49, 0x3f, 0x81, 0x02, 0xab, 0xa1, 0x6d, - 0x3a, 0x33, 0x04, 0x89, 0xb9, 0x48, 0xff, 0xa1, 0x02, 0x1b, 0x6c, 0x75, - 0x50, 0x47, 0x30, 0x51, 0x56, 0x27, 0x8b, 0xec, 0x17, 0x8f, 0x13, 0x9e, - 0x99, 0x18, 0x32, 0x54, 0x35, 0x2c, 0xd1, 0xc3, 0x6b, 0x96, 0xed, 0xcb, - 0xc0, 0x86, 0xeb, 0x68, 0x3e, 0xf5, 0x4b, 0x6a, 0x85, 0xf2, 0xcc, 0x3e, - 0x87, 0x0c, 0x24, 0x94, 0x34, 0x76, 0xe0, 0xee, 0x90, 0x30, 0x00, 0xdc, - 0x41, 0xf4, 0x1b, 0xad, 0x81, 0x08, 0xf7, 0x05, 0x06, 0x6e, 0x4b, 0x5b, - 0x7b, 0xc3, 0x2d, 0xaa, 0x1f, 0x37, 0xb1, 0xe1, 0x5a, 0x65, 0x02, 0x82, - 0x01, 0x01, 0x00, 0xf6, 0x3b, 0x41, 0x17, 0x76, 0x3a, 0x48, 0xca, 0x82, - 0x34, 0x61, 0xc8, 0x4f, 0x98, 0x5b, 0x90, 0xea, 0xc1, 0x1d, 0x43, 0x22, - 0x7b, 0x85, 0xa7, 0x29, 0x50, 0x8e, 0x91, 0xab, 0xf3, 0x5e, 0x1f, 0x34, - 0x72, 0xc9, 0x8b, 0xe6, 0x21, 0x94, 0x1b, 0xfa, 0x5f, 0xce, 0x7b, 0xa3, - 0xd1, 0xf9, 0xab, 0xd4, 0x13, 0x75, 0x53, 0xb7, 0x63, 0x4b, 0xb5, 0x33, - 0x09, 0xf1, 0x6e, 0xe9, 0x63, 0xca, 0x06, 0xd0, 0x92, 0x16, 0x84, 0x5f, - 0xa5, 0x09, 0x12, 0x0f, 0x06, 0x07, 0x49, 0x45, 0x03, 0x68, 0x08, 0x3c, - 0x02, 0x6e, 0xb0, 0x0a, 0x3d, 0x39, 0xce, 0x58, 0x17, 0x1d, 0xb9, 0x9e, - 0x10, 0xd1, 0xe2, 0x4b, 0x68, 0x64, 0x9b, 0xc4, 0x1a, 0x9b, 0x3e, 0x1d, - 0x7c, 0x4e, 0x36, 0x83, 0x67, 0x9d, 0x68, 0x9c, 0xe4, 0x7d, 0x39, 0x6e, - 0x6f, 0x82, 0xea, 0x7b, 0x5f, 0x06, 0x4a, 0x71, 0x89, 0xd3, 0x42, 0x76, - 0x22, 0xd5, 0x2d, 0x83, 0xb9, 0x75, 0x9c, 0xa1, 0xb4, 0xb1, 0x0c, 0x8e, - 0x11, 0x4a, 0x6e, 0x1e, 0x36, 0x59, 0x01, 0xf3, 0x4d, 0x3b, 0x88, 0xd4, - 0x34, 0x03, 0xb1, 0x6c, 0xae, 0xd7, 0xd2, 0x90, 0x5b, 0xf7, 0xb2, 0x97, - 0x40, 0xee, 0x38, 0x08, 0x98, 0x3d, 0x85, 0xa5, 0x44, 0xa7, 0x84, 0xee, - 0xfc, 0xfe, 0x94, 0xfa, 0x44, 0x3c, 0x8e, 0xbb, 0x83, 0x46, 0x07, 0xb3, - 0x68, 0xae, 0xb0, 0x72, 0xa9, 0x0e, 0xaf, 0x87, 0x32, 0x1a, 0xa5, 0x52, - 0xc3, 0x67, 0x40, 0xc7, 0xe9, 0x13, 0x73, 0x98, 0x77, 0x61, 0x3d, 0xae, - 0x19, 0xa9, 0x86, 0x07, 0x5c, 0x95, 0x62, 0x4d, 0x36, 0x8c, 0xa6, 0x36, - 0x57, 0xd1, 0x41, 0x1b, 0x47, 0x73, 0x98, 0x46, 0x5c, 0xf5, 0x4e, 0x1a, - 0xf2, 0xa7, 0x7b, 0x1e, 0xee, 0x03, 0xdc, 0xf2, 0x68, 0x1f, 0x05, 0xd7, - 0xbf, 0x5b, 0x98, 0x20, 0xfc, 0xff, 0xcd, 0x02, 0x82, 0x01, 0x01, 0x00, - 0x99, 0x2a, 0x17, 0x3f, 0x77, 0xd4, 0x9c, 0xf5, 0x04, 0x87, 0x15, 0xdc, - 0xc4, 0xfa, 0x73, 0x58, 0x07, 0x85, 0x16, 0xe5, 0x60, 0x00, 0x9a, 0xaa, - 0xc1, 0xec, 0xa5, 0x66, 0x3a, 0xfe, 0xfd, 0xb7, 0x63, 0x9c, 0xc1, 0x9e, - 0xa1, 0x06, 0x85, 0xed, 0x33, 0xac, 0x0a, 0xd0, 0xd8, 0xeb, 0x70, 0x4f, - 0xc0, 0x25, 0x2d, 0x21, 0x0f, 0xd2, 0x73, 0x89, 0x4e, 0x9f, 0x7a, 0x8d, - 0x94, 0xe8, 0x05, 0x68, 0x37, 0x7b, 0x87, 0xd4, 0x09, 0x80, 0x9b, 0x52, - 0xd9, 0x7d, 0x6b, 0xc6, 0x95, 0xe5, 0x2b, 0x27, 0xe1, 0xa0, 0xdb, 0xe5, - 0x36, 0x01, 0xdb, 0x36, 0x4b, 0x79, 0x37, 0xf2, 0x99, 0x95, 0x70, 0xa6, - 0x2f, 0x13, 0x09, 0x89, 0x1a, 0xb5, 0xaa, 0x2a, 0xba, 0x6a, 0xc2, 0x49, - 0x9d, 0x54, 0x87, 0xf8, 0xd8, 0x2f, 0xfe, 0x9b, 0x87, 0xde, 0x12, 0x62, - 0xcb, 0x2f, 0x3a, 0x9e, 0x5f, 0x53, 0x6d, 0xcd, 0x8d, 0xe1, 0x23, 0xb7, - 0xa9, 0xa6, 0xe0, 0xfe, 0x97, 0x4e, 0x6b, 0x87, 0x18, 0x54, 0xc7, 0xe3, - 0xfd, 0x13, 0x0f, 0x50, 0xec, 0xfe, 0x4d, 0xef, 0x87, 0x92, 0x61, 0xd6, - 0xb5, 0x8f, 0x7d, 0x34, 0x8a, 0x1d, 0x9b, 0x25, 0x39, 0x93, 0x55, 0x15, - 0xca, 0x6d, 0x85, 0xcc, 0x00, 0x30, 0x3d, 0xc1, 0xa8, 0xae, 0x75, 0x5a, - 0x33, 0x56, 0x0f, 0xcb, 0xcf, 0x5e, 0x76, 0xce, 0xee, 0x45, 0x61, 0xd2, - 0x63, 0xaf, 0xba, 0x9a, 0x12, 0x58, 0xc1, 0xc0, 0xfd, 0x46, 0x45, 0x93, - 0xda, 0x63, 0xa7, 0x4f, 0x73, 0x75, 0xf6, 0xad, 0x8b, 0x04, 0x2f, 0xd0, - 0x34, 0x68, 0xa8, 0xc5, 0xec, 0xf2, 0xcc, 0x6e, 0xcb, 0x04, 0xf1, 0xe6, - 0x97, 0xcd, 0x29, 0x02, 0xa4, 0x63, 0x3c, 0x0b, 0x3d, 0x8f, 0x75, 0xf0, - 0x97, 0x04, 0x0c, 0xe6, 0x99, 0x13, 0x1f, 0xe4, 0x80, 0x2a, 0xf9, 0x12, - 0x87, 0x21, 0xec, 0x29, 0x02, 0x82, 0x01, 0x00, 0x57, 0xc6, 0x33, 0xa3, - 0xeb, 0x6f, 0x47, 0x77, 0x79, 0x06, 0xb7, 0x3c, 0xb2, 0xb2, 0xfb, 0x21, - 0x23, 0xae, 0x07, 0x82, 0x61, 0x0e, 0x6b, 0x4c, 0x75, 0x7b, 0xd3, 0xf6, - 0xb5, 0xb7, 0x21, 0x7c, 0x3a, 0x34, 0x19, 0x08, 0x97, 0xd6, 0xac, 0x77, - 0x74, 0xbf, 0x26, 0x5a, 0x08, 0xc1, 0xd7, 0x20, 0x9b, 0x8e, 0xfc, 0x2a, - 0x05, 0x9b, 0x8d, 0xe7, 0x5f, 0xf4, 0x51, 0x6e, 0x5a, 0x20, 0x4a, 0x6a, - 0x37, 0x7b, 0x7c, 0x2f, 0x5f, 0xf0, 0xf2, 0xd4, 0xcf, 0x2a, 0x34, 0xfa, - 0xb7, 0x71, 0x49, 0x6a, 0x76, 0x09, 0xdf, 0xef, 0x3d, 0x17, 0x2a, 0x3e, - 0x16, 0x44, 0xd7, 0x41, 0xcd, 0xc8, 0xed, 0x28, 0x9f, 0xfc, 0xec, 0xb0, - 0x62, 0x2d, 0xa1, 0xdd, 0x78, 0xa1, 0x51, 0x38, 0x39, 0x8b, 0x7c, 0x1f, - 0x48, 0x9e, 0x62, 0xcd, 0x50, 0x42, 0xcc, 0x06, 0x4e, 0x48, 0x47, 0x73, - 0xce, 0x19, 0x75, 0x87, 0xa1, 0x99, 0x35, 0x28, 0xee, 0x65, 0xf4, 0x39, - 0x0b, 0xa3, 0xdf, 0xe1, 0x3b, 0xdb, 0x8a, 0x0e, 0xcb, 0x12, 0x50, 0x94, - 0x53, 0x68, 0xda, 0xaa, 0x22, 0x0b, 0x10, 0xad, 0xf4, 0xb2, 0x37, 0x19, - 0x46, 0x80, 0xa2, 0x41, 0xb5, 0x8d, 0x5d, 0xdd, 0xf7, 0xa2, 0x5d, 0x7c, - 0x00, 0xb8, 0x02, 0x87, 0x6e, 0xb2, 0x1d, 0x06, 0x7a, 0x58, 0x4c, 0xc6, - 0x0c, 0xad, 0xf5, 0x0e, 0xd5, 0xb3, 0xa1, 0x62, 0x20, 0xdd, 0x86, 0xf0, - 0xa7, 0x5f, 0x03, 0x04, 0xa0, 0x06, 0x2c, 0x0e, 0x79, 0xb4, 0xea, 0x4c, - 0x30, 0xb3, 0x8d, 0xa4, 0x71, 0x25, 0x90, 0xba, 0xc8, 0x71, 0x06, 0x87, - 0x6e, 0x42, 0xdd, 0xcc, 0x7a, 0x5e, 0xbf, 0xa7, 0x57, 0xd4, 0x16, 0xae, - 0xd7, 0x96, 0x57, 0x93, 0xaa, 0x23, 0x89, 0xf4, 0x67, 0xc8, 0x2c, 0xf4, - 0x5c, 0x2d, 0x25, 0xb1, 0xed, 0x80, 0xb7, 0x63, 0xf9, 0x8e, 0x76, 0x99, - 0x02, 0x82, 0x01, 0x01, 0x00, 0xb9, 0xf8, 0x0f, 0x4d, 0xbb, 0xd4, 0xe4, - 0x25, 0x05, 0xa3, 0x17, 0x4c, 0x37, 0x62, 0x02, 0x14, 0x3e, 0xc0, 0x72, - 0xe8, 0xea, 0x3d, 0x8a, 0x1a, 0xc1, 0x6e, 0x6a, 0xdd, 0x27, 0xc6, 0xc2, - 0x4c, 0xd6, 0x1a, 0x09, 0xe6, 0x08, 0xc9, 0xf1, 0x5f, 0x91, 0x32, 0x66, - 0x97, 0xbb, 0x3d, 0xaf, 0x19, 0x57, 0x9f, 0x7b, 0x49, 0x99, 0x2f, 0x46, - 0x62, 0xb7, 0xcc, 0xde, 0xec, 0x8f, 0x30, 0x2d, 0xe1, 0x21, 0xad, 0x8e, - 0xf4, 0x38, 0xf6, 0xc0, 0x1f, 0x45, 0x60, 0x5e, 0x5f, 0xac, 0x65, 0x9c, - 0x8e, 0xc6, 0xa0, 0xd2, 0xa6, 0x4f, 0xf8, 0x67, 0xc0, 0x1f, 0x70, 0xcc, - 0x9f, 0x29, 0x5f, 0x9c, 0x42, 0x9c, 0xa9, 0x1e, 0x5e, 0x97, 0x61, 0x11, - 0x11, 0xd3, 0x88, 0x4a, 0xd8, 0xc2, 0xee, 0xab, 0x6a, 0xde, 0x6c, 0x20, - 0xbb, 0x1d, 0xa4, 0xc5, 0x49, 0xdb, 0xb4, 0x7c, 0x8f, 0x1f, 0xad, 0x4d, - 0xc3, 0x24, 0x7d, 0x77, 0x0b, 0x2e, 0x9f, 0x94, 0xe5, 0x48, 0xe1, 0x69, - 0x15, 0xac, 0xc6, 0x96, 0x9a, 0x5b, 0x62, 0xcb, 0x73, 0x45, 0x27, 0x43, - 0xd3, 0xd4, 0x49, 0x99, 0x3e, 0x69, 0xfd, 0x63, 0x59, 0x2b, 0x73, 0x94, - 0x56, 0x20, 0x39, 0x0c, 0x97, 0xbc, 0x85, 0x8d, 0xfe, 0xe6, 0x4b, 0x84, - 0xf7, 0x6d, 0x9d, 0x64, 0x34, 0x06, 0xee, 0x4c, 0x4f, 0x61, 0x66, 0x9c, - 0xaf, 0xd0, 0x98, 0x4d, 0x19, 0x66, 0xa6, 0x67, 0x25, 0x8d, 0xa3, 0x93, - 0xe3, 0xe5, 0x45, 0x10, 0xf5, 0x88, 0xb6, 0xd8, 0x53, 0x68, 0x77, 0x99, - 0xd0, 0x84, 0x9c, 0x78, 0x69, 0x85, 0xe2, 0xb6, 0x15, 0x3c, 0xdc, 0xff, - 0x52, 0xd6, 0x44, 0xfe, 0xa7, 0x9e, 0x83, 0x60, 0x7f, 0x63, 0xde, 0x59, - 0xe2, 0x7c, 0xf9, 0xfd, 0x9a, 0xb3, 0x38, 0xf0, 0xfb, 0x26, 0x6a, 0x67, - 0xcb, 0xab, 0xc9, 0x9e, 0xac, 0xb0, 0x1e, 0x0b, 0x5e, + 0xcc, 0x87, 0x25, 0xf6, 0xb3, 0x8d, 0x5d, 0x01, 0xae, 0xeb, 0x07, 0xd3, + 0x6e, 0x03, 0xde, 0x4d, 0x31, 0xa0, 0x26, 0x1c, 0xe7, 0x4f, 0xe1, 0x1a, + 0x89, 0x5e, 0xcf, 0xd1, 0x3d, 0x16, 0x8a, 0xee, 0x93, 0x2a, 0xf1, 0x35, + 0xff, 0xbb, 0x84, 0x98, 0x77, 0x27, 0x38, 0x97, 0x08, 0x1f, 0x3f, 0x75, + 0x93, 0xc1, 0x4a, 0xe8, 0x2b, 0xc2, 0x66, 0xc1, 0x05, 0x44, 0xf7, 0x26, + 0xae, 0x1c, 0xcf, 0x13, 0x3d, 0x8a, 0x40, 0x18, 0xd3, 0x80, 0xdf, 0xa2, + 0x52, 0x51, 0xc0, 0x11, 0x10, 0x7b, 0x75, 0x13, 0xa9, 0x43, 0x34, 0x6a, + 0xa0, 0xe0, 0xde, 0xc1, 0x1d, 0x8d, 0x7f, 0xa2, 0x56, 0x44, 0x65, 0x3c, + 0x11, 0x8d, 0xaa, 0xbc, 0xe6, 0xd4, 0x1f, 0x06, 0x6f, 0x66, 0x21, 0x76, + 0x88, 0x01, 0x47, 0x80, 0x55, 0x78, 0x0e, 0x91, 0xb6, 0x8e, 0xa3, 0xc9, + 0x58, 0x56, 0xd1, 0x72, 0xa8, 0x90, 0x32, 0xb3, 0x9c, 0x82, 0x4e, 0x8b, + 0x7d, 0xc1, 0xa3, 0xf8, 0xae, 0xe4, 0xf6, 0xb3, 0x68, 0xba, 0xa3, 0xcd, + 0x68, 0xf5, 0x0d, 0x52, 0x68, 0x01, 0x17, 0xe9, 0xb9, 0x13, 0xd7, 0xf8, + 0xc8, 0x52, 0xa0, 0xd1, 0x00, 0x8e, 0x8b, 0x87, 0xa5, 0xc9, 0x7e, 0x37, + 0xaf, 0xc1, 0x1a, 0x08, 0x05, 0x50, 0x55, 0x7b, 0x8b, 0x4d, 0xcb, 0xd8, + 0xe1, 0x92, 0xed, 0x33, 0x66, 0xd8, 0x3a, 0x09, 0xd2, 0x7c, 0x77, 0xe1, + 0x50, 0xf6, 0x68, 0x55, 0xb5, 0xdc, 0xfd, 0xb2, 0xdf, 0x15, 0x1b, 0xd7, + 0xf4, 0x44, 0x25, 0x0e, 0xaf, 0x6f, 0xe3, 0xf2, 0x36, 0x82, 0x6c, 0x81, + 0xfa, 0x84, 0x81, 0x01, 0xbf, 0xaa, 0xd5, 0x35, 0xff, 0xb5, 0x22, 0xd6, + 0xff, 0x97, 0xc9, 0xdd, 0x1e, 0x43, 0xb8, 0x2c, 0xce, 0x29, 0x21, 0xd1, + 0x53, 0xc1, 0x54, 0x50, 0xc4, 0x72, 0x4f, 0xfd, 0x3e, 0xfd, 0xca, 0x57, + 0x8e, 0x01, 0x36, 0x50, 0xa0, 0x3a, 0x5c, 0xf5, 0x01, 0xfc, 0x58, 0x60, + 0x0f, 0xb5, 0xc8, 0x60, 0xc0, 0xef, 0x0c, 0xfe, 0x0a, 0xc0, 0x71, 0x2d, + 0x44, 0x13, 0x13, 0xdc, 0xa4, 0x1a, 0x4d, 0x7d, 0x41, 0x1e, 0x6c, 0x83, + 0xb2, 0x15, 0x17, 0x49, 0xd2, 0x8b, 0xe4, 0x69, 0x2f, 0x62, 0x37, 0x3d, + 0xb0, 0x7e, 0x4a, 0x79, 0x05, 0x1c, 0x56, 0x82, 0xec, 0x20, 0xd4, 0x91, + 0xc4, 0xcf, 0xc7, 0xbc, 0x14, 0x0f, 0x35, 0xfa, 0x15, 0xe5, 0xa1, 0xfa, + 0x75, 0x6d, 0x65, 0xb8, 0xef, 0x93, 0xad, 0xdf, 0x4c, 0x47, 0xc4, 0xa3, + 0x5b, 0x18, 0x4f, 0x22, 0xa1, 0xef, 0x08, 0x99, 0x48, 0xf9, 0x46, 0xf6, + 0xfa, 0xeb, 0x64, 0x70, 0xf2, 0x67, 0x46, 0xe6, 0x58, 0xcf, 0x9b, 0x41, + 0x77, 0x41, 0x78, 0x42, 0xe6, 0xd3, 0x73, 0x55, 0x80, 0x89, 0xaf, 0xf7, + 0x21, 0xb9, 0x30, 0xe9, 0xec, 0x61, 0xb4, 0xf6, 0xa0, 0x2c, 0x05, 0x2c, + 0x69, 0x24, 0xd3, 0x9a, 0x5b, 0xbb, 0x15, 0xed, 0x11, 0x06, 0xc4, 0x01, + 0x0f, 0x4d, 0xd6, 0x9c, 0x79, 0xd0, 0x42, 0xc8, 0xb3, 0x16, 0x61, 0xb1, + 0xee, 0x48, 0x6b, 0xc6, 0x9d, 0xb5, 0xf2, 0xf0, 0x7a, 0x50, 0xd8, 0x5b, + 0x20, 0x69, 0x9d, 0x60, 0x13, 0x15, 0x62, 0x5b, 0xb8, 0x69, 0x62, 0x9c, + 0x7f, 0x4c, 0x5d, 0x48, 0xb2, 0x11, 0xd0, 0x97, 0xf4, 0x38, 0xac, 0xec, + 0x95, 0x97, 0x3a, 0x38, 0xd4, 0x21, 0x09, 0x0a, 0xf0, 0xf1, 0x34, 0x84, + 0xe4, 0xe9, 0x4b, 0x8c, 0xb5, 0xef, 0xc1, 0x85, 0x07, 0xf4, 0xb9, 0x31, + 0xdf, 0x39, 0x98, 0x7f, 0xfb, 0x28, 0x30, 0x29, 0x3e, 0x4d, 0xa3, 0x81, + 0xaa, 0xf7, 0x0b, 0x32, 0x92, 0x95, 0x2e, 0xf9, 0x34, 0xe2, 0xb4, 0x0f, + 0xde, 0xbb, 0xa3, 0xd9, 0x70, 0x1b, 0x76, 0xe1, 0xbe, 0x54, 0x82, 0x74, + 0xb2, 0x60, 0x2d, 0x88, 0x85, 0x37, 0x48, 0x2d, 0x02, 0x03, 0x01, 0x00, + 0x01, 0x02, 0x82, 0x02, 0x00, 0x1a, 0x94, 0x3e, 0x9c, 0x00, 0x89, 0xf0, + 0xaa, 0x01, 0x16, 0x04, 0x8a, 0x96, 0xab, 0xb4, 0x86, 0x32, 0x1a, 0x86, + 0x91, 0x6f, 0x82, 0xfb, 0x35, 0x24, 0x60, 0x78, 0x9f, 0xcf, 0xb1, 0x40, + 0x05, 0x50, 0x85, 0x3e, 0x5a, 0xfe, 0xdc, 0x9a, 0xd6, 0xe8, 0x77, 0x25, + 0x9c, 0xc4, 0xfe, 0xb0, 0x93, 0xc2, 0x4b, 0x96, 0x85, 0x34, 0xf8, 0x9a, + 0xbb, 0x5f, 0x48, 0xae, 0xd8, 0xad, 0x3c, 0x4b, 0xb1, 0xcb, 0xa7, 0xcd, + 0x7c, 0x1c, 0x72, 0x4d, 0x3d, 0xae, 0x36, 0x77, 0x00, 0x10, 0xb5, 0x06, + 0x8a, 0x33, 0x4f, 0x2b, 0x3e, 0xe7, 0x20, 0xc9, 0xf9, 0xed, 0x32, 0x00, + 0x01, 0xf3, 0xf5, 0x87, 0xf5, 0x66, 0x2f, 0x93, 0x9e, 0x60, 0x5d, 0xf5, + 0x19, 0x34, 0x3d, 0x60, 0xc0, 0x63, 0x5c, 0xcd, 0x32, 0xb1, 0x88, 0xbc, + 0x55, 0xf5, 0xd4, 0x34, 0x17, 0x3c, 0x9e, 0x6d, 0xb2, 0x19, 0x93, 0x41, + 0xaf, 0x83, 0x39, 0x90, 0xe5, 0x02, 0x46, 0xf9, 0x9c, 0xdd, 0xf7, 0x9d, + 0xd2, 0xc3, 0x5b, 0xab, 0xe1, 0x4c, 0x10, 0x3a, 0x76, 0xb8, 0xd2, 0xd9, + 0x8d, 0x73, 0x52, 0x8f, 0x98, 0xc2, 0x49, 0xb0, 0xa1, 0xf0, 0x91, 0x55, + 0xb3, 0x1f, 0x59, 0x9f, 0xc8, 0x33, 0x54, 0x24, 0x22, 0xa2, 0x34, 0x26, + 0x23, 0xbb, 0xbe, 0xf4, 0xac, 0x7e, 0xe6, 0x05, 0xe2, 0xcd, 0xec, 0xf0, + 0x1f, 0xea, 0x25, 0x68, 0x3b, 0xd4, 0xf6, 0x6c, 0xa9, 0x24, 0xcc, 0xef, + 0x00, 0x41, 0x8a, 0xdf, 0xf7, 0x30, 0xc4, 0x71, 0x4f, 0x66, 0xff, 0xa2, + 0xaf, 0x0d, 0xa3, 0xe5, 0xdf, 0x7f, 0x53, 0x9c, 0x63, 0x42, 0x89, 0xfc, + 0x12, 0xbc, 0x24, 0x09, 0x3e, 0xc8, 0xf0, 0xec, 0x18, 0x0a, 0xf0, 0x90, + 0x7c, 0xec, 0x1e, 0xbe, 0xc9, 0x11, 0xfa, 0x18, 0x0f, 0xb5, 0xf3, 0xc8, + 0x0e, 0xd8, 0x52, 0x89, 0x6a, 0xd6, 0xe6, 0xb3, 0xec, 0xcb, 0x44, 0xde, + 0x62, 0x19, 0x3d, 0x52, 0x11, 0x8c, 0xab, 0x2b, 0x17, 0x10, 0x71, 0xd5, + 0xfd, 0xaa, 0x7c, 0x42, 0x88, 0xfc, 0x77, 0x66, 0xd5, 0x77, 0x74, 0xf4, + 0xbe, 0x46, 0x15, 0x1b, 0xb9, 0x0a, 0xce, 0x7c, 0x10, 0xc2, 0x15, 0xf6, + 0x2e, 0xd2, 0x6e, 0x52, 0xe6, 0x12, 0x24, 0x36, 0xf5, 0x32, 0xbd, 0x54, + 0xfc, 0x08, 0x27, 0x2a, 0xdb, 0x21, 0x6a, 0x2d, 0xb4, 0x33, 0xd5, 0x69, + 0x9c, 0x40, 0xad, 0x58, 0xfa, 0xa2, 0x66, 0x08, 0x98, 0xff, 0xcc, 0xfc, + 0x98, 0x00, 0x2f, 0x8b, 0xb0, 0x36, 0x1b, 0x4c, 0xf9, 0xed, 0x6e, 0x93, + 0xc1, 0xca, 0x96, 0xd3, 0x4a, 0x1e, 0xf4, 0x04, 0x60, 0xf8, 0x59, 0x18, + 0xcf, 0xde, 0x4a, 0x81, 0x93, 0xb5, 0x1e, 0xce, 0xa4, 0xb3, 0x90, 0x3c, + 0xae, 0x92, 0x4a, 0x8f, 0xad, 0x5f, 0x83, 0x08, 0x95, 0x4c, 0x9f, 0x19, + 0xa7, 0x59, 0x7b, 0xf0, 0xa7, 0x51, 0x26, 0xa5, 0x57, 0xe4, 0x9f, 0x8b, + 0xbd, 0x31, 0xfc, 0x4e, 0x85, 0x56, 0xf2, 0x30, 0x64, 0x0b, 0xf3, 0x62, + 0x04, 0xc6, 0xcf, 0x3d, 0x56, 0xdc, 0xa5, 0xa4, 0x1d, 0x86, 0x03, 0x07, + 0xba, 0x67, 0x05, 0xa6, 0x98, 0x68, 0x11, 0x00, 0xa3, 0x27, 0xf9, 0x17, + 0x39, 0xc4, 0x86, 0xc4, 0x70, 0xba, 0x71, 0xd0, 0x3d, 0x28, 0x53, 0x14, + 0xb0, 0xd7, 0xd0, 0x40, 0x08, 0xe0, 0x3f, 0x2a, 0x2b, 0x85, 0xe7, 0xc2, + 0x43, 0xd6, 0xfd, 0x9b, 0x97, 0xa0, 0x21, 0x68, 0xc0, 0x69, 0xec, 0x57, + 0x2d, 0x3f, 0x0c, 0xa1, 0x5e, 0xbc, 0xb1, 0x73, 0x9f, 0x3a, 0x0b, 0x3c, + 0x14, 0x7a, 0x88, 0xe0, 0xb7, 0x4f, 0x45, 0xa0, 0x07, 0xae, 0x92, 0x7d, + 0x6f, 0x82, 0x2b, 0xf5, 0x0b, 0x87, 0xb1, 0xe9, 0x3f, 0xe7, 0xd9, 0x18, + 0x0b, 0xc6, 0xbc, 0x12, 0xbd, 0xe6, 0xc8, 0x07, 0x0d, 0x10, 0xc9, 0x73, + 0x31, 0x02, 0x82, 0x01, 0x01, 0x00, 0xf5, 0x0e, 0xbc, 0xea, 0xc9, 0xd3, + 0xc6, 0x44, 0x82, 0xa8, 0xc2, 0x65, 0xd6, 0x36, 0x54, 0x61, 0xaa, 0x4a, + 0x31, 0xa6, 0xa7, 0x63, 0x3a, 0x24, 0xc8, 0xe3, 0x47, 0x94, 0xec, 0xdf, + 0xca, 0xb1, 0xd6, 0xb5, 0x2f, 0xb6, 0xa5, 0xf3, 0x80, 0x55, 0xcc, 0x32, + 0xd6, 0xa6, 0x1b, 0x88, 0x95, 0x50, 0xde, 0x27, 0xb3, 0xd0, 0xbd, 0x68, + 0xb6, 0xd4, 0xfd, 0xa0, 0x41, 0x59, 0x8a, 0xb9, 0x88, 0x87, 0x14, 0x39, + 0x88, 0x57, 0x68, 0x06, 0xb1, 0xc4, 0x87, 0x20, 0x79, 0x49, 0x02, 0x95, + 0x2e, 0xbe, 0x1b, 0xf0, 0xde, 0xf6, 0x5a, 0x0e, 0x6f, 0x94, 0x06, 0x70, + 0x56, 0xe6, 0x86, 0x4f, 0xa2, 0x88, 0x2e, 0x3a, 0x16, 0xf2, 0x46, 0x28, + 0x20, 0x93, 0xd0, 0x37, 0x63, 0x90, 0x78, 0x18, 0x2d, 0xd0, 0xa6, 0xeb, + 0x21, 0xd3, 0xba, 0xd0, 0x63, 0x79, 0x01, 0xa2, 0x68, 0xb1, 0x4c, 0x63, + 0x2c, 0x9d, 0x0b, 0x16, 0x90, 0xed, 0x88, 0xab, 0xdd, 0xe0, 0x3f, 0x52, + 0x82, 0x47, 0xaa, 0x2e, 0x41, 0x55, 0x7d, 0x08, 0x65, 0xad, 0x34, 0xe5, + 0x3f, 0xf5, 0x3a, 0xe0, 0xe5, 0xde, 0xa1, 0x95, 0xd9, 0x3f, 0xe6, 0x5c, + 0x25, 0x87, 0x1f, 0x6f, 0x23, 0xad, 0xf3, 0x4b, 0x6e, 0x96, 0x0c, 0x29, + 0x78, 0xf2, 0xb7, 0x47, 0x5d, 0xaf, 0xce, 0x6c, 0xbb, 0x26, 0xa5, 0x39, + 0x34, 0xd2, 0x6c, 0x19, 0x3d, 0x67, 0xf3, 0x2d, 0xe9, 0x10, 0x35, 0xee, + 0xb8, 0x90, 0x22, 0xbe, 0xb7, 0xd5, 0xdf, 0x78, 0x4a, 0xc2, 0x0c, 0xa6, + 0xab, 0x91, 0xbf, 0x6b, 0x77, 0x5b, 0x6c, 0x94, 0x16, 0xf6, 0x05, 0xb4, + 0x84, 0x17, 0x36, 0xcb, 0xfb, 0xd2, 0x2a, 0xd9, 0x8a, 0xb2, 0xe8, 0x42, + 0x84, 0x57, 0xe0, 0x79, 0x3f, 0x5a, 0xf4, 0x0e, 0x55, 0x0b, 0x48, 0x76, + 0x5d, 0x59, 0xe6, 0xe1, 0xb4, 0xa4, 0xa1, 0xf5, 0x71, 0xf1, 0x02, 0x82, + 0x01, 0x01, 0x00, 0xd5, 0xa9, 0x1d, 0x4d, 0x44, 0xbb, 0x9b, 0x73, 0xc1, + 0xfe, 0x02, 0x48, 0x92, 0x5e, 0x2c, 0x0e, 0xc1, 0xde, 0x51, 0x39, 0x0b, + 0xd8, 0xa7, 0x3b, 0x45, 0x3d, 0xa5, 0x1a, 0xe2, 0x93, 0x25, 0xae, 0x76, + 0x57, 0x08, 0x9f, 0xd4, 0xee, 0x4a, 0x2f, 0xd9, 0x6e, 0x34, 0x5b, 0x57, + 0xf6, 0x72, 0xd7, 0xd4, 0x84, 0xfd, 0xe9, 0x91, 0x89, 0xab, 0x0a, 0x63, + 0x65, 0xbf, 0x2b, 0x38, 0x68, 0x0d, 0x6b, 0xb9, 0x47, 0xf4, 0xb2, 0x17, + 0xbe, 0x66, 0x03, 0x23, 0xc2, 0x6b, 0x86, 0xd6, 0x43, 0xae, 0x68, 0x6d, + 0x82, 0xe3, 0x6e, 0xc0, 0x0c, 0xfd, 0x03, 0x89, 0x42, 0x44, 0x3c, 0xaa, + 0x04, 0xa0, 0xf9, 0x1e, 0x68, 0xec, 0x71, 0x79, 0x35, 0xb4, 0x5e, 0x79, + 0x03, 0x11, 0xbe, 0x56, 0x44, 0x0d, 0x71, 0x76, 0x94, 0x95, 0x94, 0x68, + 0x8e, 0xd1, 0xdd, 0x5c, 0x91, 0x03, 0xc5, 0x7c, 0x15, 0x8d, 0x05, 0xe4, + 0xc3, 0x7b, 0x98, 0xd8, 0x18, 0x98, 0x03, 0x07, 0x44, 0xa6, 0x4f, 0x6e, + 0xbd, 0xbf, 0x75, 0x0a, 0xab, 0x79, 0x75, 0x7e, 0x34, 0xda, 0xc4, 0x22, + 0x16, 0x3e, 0xa7, 0xc0, 0xf4, 0x2b, 0x97, 0x71, 0x0c, 0x86, 0x19, 0x78, + 0xb2, 0x41, 0x00, 0x38, 0x5a, 0xad, 0x72, 0x7e, 0x5f, 0x38, 0x36, 0xa7, + 0x4e, 0xa4, 0xbf, 0x1d, 0x36, 0xef, 0x2a, 0x5e, 0xdf, 0x9c, 0x9e, 0x8f, + 0x99, 0x6e, 0xf3, 0x19, 0x13, 0x48, 0x45, 0x0e, 0xa9, 0xf1, 0xd4, 0xa6, + 0x3d, 0xb2, 0x9c, 0xb0, 0x6f, 0x63, 0xe5, 0xba, 0xdb, 0x18, 0xe4, 0xd4, + 0x0f, 0x51, 0x12, 0xb6, 0x58, 0xd1, 0xcc, 0x23, 0xcb, 0x65, 0x38, 0x8a, + 0xca, 0x03, 0xd1, 0x41, 0xa6, 0xbc, 0x5f, 0xbd, 0x94, 0x29, 0xfe, 0x33, + 0xd3, 0x40, 0xd3, 0xe8, 0x5b, 0xfa, 0x84, 0x89, 0x08, 0xd6, 0x0b, 0x56, + 0x2f, 0x89, 0x4e, 0x8a, 0x33, 0x7d, 0xfd, 0x02, 0x82, 0x01, 0x01, 0x00, + 0xc4, 0x95, 0x0f, 0x0d, 0x95, 0xdc, 0x51, 0xd7, 0x91, 0xad, 0x09, 0x4d, + 0x22, 0x3b, 0x31, 0x13, 0xab, 0xc4, 0x9a, 0xf1, 0xe2, 0xa3, 0x61, 0xf8, + 0x32, 0x42, 0xc8, 0xa0, 0x7a, 0x28, 0xc8, 0x74, 0x43, 0x15, 0xd3, 0xf1, + 0xc4, 0x4c, 0x82, 0xed, 0xd0, 0xc2, 0x13, 0x98, 0xea, 0xcb, 0x75, 0x64, + 0x8a, 0xe1, 0xf4, 0x88, 0x85, 0xf9, 0x23, 0x79, 0xd6, 0xff, 0xa0, 0x8c, + 0xd1, 0x11, 0x26, 0xa9, 0x9d, 0x9a, 0xcd, 0x79, 0xb8, 0x94, 0x6e, 0x34, + 0x86, 0x65, 0x91, 0x85, 0xf5, 0x11, 0x71, 0x8e, 0xc5, 0xe1, 0x43, 0x2b, + 0x02, 0x71, 0x44, 0x26, 0xcd, 0xc7, 0x7e, 0x9e, 0xac, 0xad, 0xe3, 0x67, + 0x35, 0x16, 0x1a, 0x64, 0x3d, 0xcd, 0x60, 0xdc, 0xd2, 0x92, 0x2c, 0x47, + 0xaf, 0x5f, 0x4e, 0x19, 0x6c, 0x5d, 0x81, 0x24, 0x55, 0x5f, 0x67, 0xfc, + 0xa1, 0x48, 0x04, 0x8d, 0xfe, 0x06, 0x2c, 0xba, 0xca, 0x33, 0x4f, 0x0d, + 0x8d, 0xae, 0xb9, 0x6d, 0x73, 0xbe, 0x9f, 0x8e, 0x17, 0xc1, 0xc5, 0x5d, + 0x6b, 0xd0, 0xb9, 0xa7, 0xe9, 0x9f, 0xe1, 0xdf, 0xba, 0x5c, 0xc1, 0x6a, + 0x07, 0xdb, 0xaa, 0x8c, 0x6d, 0x22, 0x0c, 0x64, 0xc9, 0xdd, 0xa1, 0x14, + 0xa0, 0xf0, 0x29, 0x05, 0x2b, 0x3a, 0x75, 0xb0, 0xd7, 0x3f, 0xe3, 0xb2, + 0xed, 0x78, 0x21, 0xe5, 0xcd, 0x73, 0x07, 0xa1, 0xa9, 0x5f, 0xd1, 0xf7, + 0xba, 0x87, 0x60, 0xc8, 0x45, 0x4b, 0x7c, 0x38, 0xfb, 0xf6, 0x5c, 0x88, + 0xb0, 0x1c, 0xd2, 0x73, 0xba, 0x2c, 0x55, 0xc3, 0xb4, 0x77, 0xe4, 0x26, + 0xae, 0x02, 0x5a, 0x2c, 0xff, 0xc4, 0xa0, 0x95, 0xf2, 0xba, 0x4e, 0x07, + 0x79, 0xa2, 0x4b, 0x76, 0x5b, 0x85, 0x48, 0x9f, 0x2a, 0x0e, 0x79, 0xb9, + 0x5f, 0xc0, 0xc3, 0x8e, 0x2a, 0x91, 0xf1, 0x2e, 0xf6, 0x5c, 0xa7, 0x49, + 0xce, 0x36, 0x94, 0x31, 0x02, 0x82, 0x01, 0x00, 0x2a, 0xa4, 0x8e, 0x0c, + 0x95, 0xe3, 0x3b, 0xab, 0x66, 0xd4, 0x63, 0x70, 0x48, 0x86, 0x33, 0x14, + 0xde, 0xec, 0x98, 0x19, 0x62, 0x9b, 0xe3, 0x04, 0x99, 0x55, 0x2c, 0x56, + 0xa9, 0x51, 0xe4, 0xfb, 0x64, 0xf3, 0x09, 0xed, 0x9c, 0x79, 0xd2, 0xa4, + 0xaa, 0x28, 0xac, 0x9a, 0x6e, 0x7b, 0xe9, 0x7f, 0xda, 0x12, 0x90, 0xfa, + 0xc4, 0xe9, 0x4d, 0x11, 0xcd, 0xb4, 0xc8, 0xea, 0xbf, 0x5f, 0x45, 0x0e, + 0x72, 0xf4, 0x41, 0x8a, 0x29, 0xe2, 0xfe, 0x49, 0x32, 0x21, 0xe3, 0x84, + 0x0d, 0xcf, 0x84, 0x47, 0xa3, 0x53, 0xb4, 0x40, 0xae, 0x63, 0xe9, 0x3b, + 0x83, 0x71, 0x8e, 0x5c, 0xed, 0x31, 0xef, 0x4e, 0xc9, 0x1a, 0xf7, 0xd5, + 0xcd, 0xf3, 0x42, 0x04, 0x78, 0xf2, 0x7b, 0xe0, 0x19, 0x27, 0x8b, 0xe7, + 0x51, 0x5b, 0x66, 0x5f, 0x30, 0x5f, 0x10, 0xd3, 0xb5, 0x5d, 0xdb, 0xfa, + 0xd6, 0x41, 0x16, 0xdc, 0x4e, 0x44, 0x15, 0xae, 0xf3, 0xb2, 0x34, 0xe4, + 0xa5, 0xd6, 0xb5, 0xba, 0xb4, 0xc7, 0x7a, 0x26, 0xc9, 0xf2, 0x5f, 0x53, + 0x6b, 0xd4, 0xf0, 0xb4, 0xa4, 0x78, 0xfc, 0x18, 0x4f, 0x12, 0x6c, 0x80, + 0xd5, 0x37, 0x42, 0xac, 0x62, 0xc2, 0x70, 0xe6, 0xb2, 0x58, 0xa6, 0xb5, + 0x6b, 0x33, 0x65, 0xec, 0xc2, 0x87, 0x97, 0xa9, 0xed, 0x12, 0xc1, 0xb9, + 0x1b, 0x26, 0x56, 0x03, 0xef, 0x75, 0x18, 0x07, 0xbc, 0xc1, 0x74, 0x73, + 0x13, 0xf2, 0x27, 0x29, 0xe1, 0xe3, 0xfe, 0x79, 0xf7, 0x5c, 0xc3, 0xfb, + 0x5d, 0xc7, 0xcc, 0xb8, 0x1e, 0xfa, 0xcf, 0x9b, 0x84, 0x79, 0x45, 0xa6, + 0x10, 0x9e, 0xcf, 0x9c, 0xf1, 0x56, 0x50, 0x5c, 0xbb, 0x55, 0xa3, 0xd3, + 0x17, 0xeb, 0x32, 0x56, 0x61, 0xd1, 0x8f, 0xe6, 0xbb, 0x41, 0x60, 0x46, + 0x83, 0x73, 0x18, 0x05, 0x3b, 0x36, 0x51, 0x99, 0x33, 0x4c, 0x03, 0xa1, + 0x02, 0x82, 0x01, 0x01, 0x00, 0xee, 0x63, 0x70, 0x60, 0x30, 0xa4, 0xec, + 0xe9, 0xfe, 0x3b, 0xdd, 0xcf, 0xc4, 0x9f, 0x5a, 0x83, 0xf3, 0x7f, 0x63, + 0xeb, 0xcb, 0x29, 0xdb, 0xdc, 0x99, 0x9f, 0x6f, 0xf5, 0x4b, 0x59, 0x6f, + 0x11, 0x5c, 0xf1, 0xec, 0xa0, 0x99, 0x90, 0x10, 0x8a, 0x43, 0x95, 0x18, + 0xe9, 0x96, 0xf6, 0x89, 0xfd, 0xde, 0x89, 0xb2, 0xc6, 0x7e, 0xdc, 0x04, + 0xbf, 0x8e, 0x36, 0x67, 0x34, 0xc2, 0xae, 0x30, 0x17, 0xec, 0x14, 0xe0, + 0x42, 0x05, 0x0e, 0x7c, 0x65, 0x68, 0x40, 0x14, 0x6c, 0xa0, 0x48, 0x39, + 0x4d, 0xce, 0xbe, 0x90, 0xdd, 0x21, 0x95, 0x34, 0x9b, 0xba, 0xd3, 0x06, + 0x56, 0x90, 0x31, 0xb2, 0xef, 0x6e, 0x91, 0x71, 0xd2, 0xae, 0x77, 0x97, + 0xc8, 0x84, 0x4e, 0x54, 0x83, 0x94, 0xca, 0x3b, 0x76, 0x8d, 0x84, 0x96, + 0xe9, 0x9e, 0xf6, 0x3a, 0xbb, 0x59, 0xb0, 0xff, 0x7f, 0xc7, 0x0e, 0xb5, + 0x31, 0x53, 0xdd, 0x0f, 0x59, 0x01, 0x8a, 0x27, 0x5a, 0xcb, 0xa7, 0x01, + 0xf2, 0xc7, 0x6a, 0x15, 0xc8, 0x94, 0xf5, 0x34, 0x61, 0xfe, 0xdf, 0x65, + 0xbc, 0x25, 0xc2, 0xc5, 0xce, 0xc3, 0x96, 0xe5, 0x56, 0xa1, 0xa9, 0x19, + 0xbc, 0x7a, 0x05, 0x63, 0x93, 0xd5, 0x06, 0x44, 0x12, 0x6d, 0xcd, 0xef, + 0x92, 0x56, 0x64, 0x2e, 0x65, 0xa6, 0x04, 0x3c, 0xbc, 0xe9, 0x49, 0x7e, + 0x19, 0x2c, 0xf2, 0xcb, 0x33, 0x64, 0x8e, 0x11, 0x7f, 0x41, 0xdb, 0xf0, + 0x19, 0x00, 0xac, 0xb9, 0x3b, 0x0c, 0x78, 0xdd, 0xf3, 0x1f, 0x38, 0x1f, + 0x4d, 0xb3, 0xf9, 0xcc, 0xbb, 0xb6, 0x90, 0x93, 0xda, 0xbf, 0x2e, 0x89, + 0xdb, 0xbc, 0x0c, 0xb7, 0x2f, 0x20, 0xc0, 0x05, 0xa2, 0x51, 0x9e, 0x3a, + 0x87, 0x41, 0x46, 0x49, 0x5d, 0x7a, 0xac, 0xf3, 0x41, 0x6a, 0x42, 0x2e, + 0x56, 0x09, 0x86, 0xf2, 0x2f, 0x39, 0x45, 0x6e, 0x7f, }; -const unsigned char test_ec_secp192r1[] = { - 0x30, 0x5f, 0x02, 0x01, 0x01, 0x04, 0x18, 0xeb, 0x6a, 0x83, 0xe7, 0x5b, - 0xa1, 0x5e, 0x13, 0x8b, 0xea, 0x23, 0x89, 0x4a, 0xf9, 0xa6, 0xd9, 0x9e, - 0x1b, 0xba, 0x51, 0xf7, 0xa9, 0xf3, 0xa8, 0xa0, 0x0a, 0x06, 0x08, 0x2a, - 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x01, 0xa1, 0x34, 0x03, 0x32, 0x00, - 0x04, 0xb4, 0x64, 0x38, 0xcb, 0xf9, 0x1b, 0x96, 0x35, 0x67, 0xbd, 0x99, - 0x1b, 0xc0, 0x57, 0xf8, 0xb8, 0xc9, 0x53, 0xa5, 0x81, 0x04, 0xe4, 0x69, - 0xec, 0x55, 0xdd, 0x0e, 0x25, 0x90, 0xa4, 0xe7, 0x47, 0x66, 0x94, 0x3b, - 0x98, 0x68, 0xb8, 0x1b, 0xd9, 0x8e, 0x92, 0x2f, 0x48, 0x56, 0x60, 0x07, - 0xea, +const unsigned char test_ec_secp192r1_priv[] = { + 0xd8, 0x3b, 0x57, 0xa5, 0x9c, 0x51, 0x35, 0x8d, 0x9c, 0x8b, 0xbb, 0x89, + 0x8a, 0xff, 0x50, 0x7f, 0x44, 0xdd, 0x14, 0xcf, 0x16, 0x91, 0x71, 0x90, }; -const unsigned char test_ec_secp224r1[] = { - 0x30, 0x68, 0x02, 0x01, 0x01, 0x04, 0x1c, 0x1e, 0xec, 0x90, 0x48, 0xba, - 0x1e, 0x64, 0xf1, 0x21, 0x61, 0x28, 0xb7, 0x96, 0xa5, 0xd8, 0x5a, 0x4e, - 0x1c, 0x99, 0x6b, 0xd8, 0x2a, 0xcd, 0x8d, 0x04, 0x52, 0x08, 0xcc, 0xa0, - 0x07, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x21, 0xa1, 0x3c, 0x03, 0x3a, - 0x00, 0x04, 0xc2, 0xf0, 0x4f, 0x21, 0x05, 0xb4, 0x59, 0xa2, 0xba, 0x90, - 0x37, 0x4f, 0x7b, 0x1d, 0x63, 0x96, 0xb4, 0x39, 0xa0, 0x6f, 0x00, 0x44, - 0xdc, 0xc5, 0xe1, 0x85, 0x05, 0x3b, 0x58, 0xde, 0xbf, 0x9e, 0xb6, 0xe4, - 0x1e, 0x25, 0x96, 0xef, 0x90, 0x53, 0x1e, 0x86, 0x42, 0xa0, 0x64, 0x55, - 0x42, 0x3a, 0x76, 0x05, 0xfc, 0x6c, 0x01, 0xc3, 0x98, 0xbb, +const unsigned char test_ec_secp192r1_pub[] = { + 0x04, 0xe3, 0x5f, 0xcb, 0xee, 0x11, 0xce, 0xc3, 0x15, 0x4f, 0x80, 0xa1, + 0xa6, 0x1d, 0xf7, 0xd7, 0x61, 0x2d, 0xe4, 0xf2, 0xfd, 0x70, 0xc5, 0x60, + 0x8d, 0x0e, 0xe3, 0xa4, 0xa1, 0xa5, 0x71, 0x94, 0x71, 0xad, 0xb3, 0x39, + 0x66, 0xdd, 0x9b, 0x03, 0x5f, 0xdb, 0x77, 0x4f, 0xee, 0xba, 0x94, 0xb0, + 0x4c, }; -const unsigned char test_ec_secp256r1[] = { - 0x30, 0x77, 0x02, 0x01, 0x01, 0x04, 0x20, 0xed, 0x96, 0xc5, 0x3c, 0x6c, - 0xde, 0x36, 0x87, 0x3c, 0xfa, 0x5c, 0xe5, 0xa7, 0x0d, 0x52, 0x05, 0x66, - 0x9d, 0xf5, 0xf0, 0x59, 0x40, 0x68, 0x9a, 0x6a, 0xe6, 0x6e, 0x04, 0xa9, - 0x15, 0x30, 0x36, 0xa0, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, - 0x03, 0x01, 0x07, 0xa1, 0x44, 0x03, 0x42, 0x00, 0x04, 0x2c, 0x8d, 0x41, - 0xbf, 0x8b, 0xfc, 0xde, 0x64, 0xd9, 0xa7, 0x06, 0x4c, 0xe9, 0xe0, 0xe8, - 0xe7, 0x50, 0x62, 0x51, 0x9c, 0x68, 0xc3, 0x26, 0x2e, 0xd4, 0x86, 0xc2, - 0xbc, 0xc2, 0xa8, 0x44, 0x4b, 0x4e, 0xcb, 0xde, 0x33, 0xe1, 0xd3, 0x72, - 0x87, 0xe1, 0x18, 0xaa, 0x32, 0x36, 0xa3, 0x05, 0x4f, 0x2c, 0x47, 0x27, - 0x17, 0x60, 0x37, 0x31, 0x60, 0x28, 0x19, 0x8a, 0xeb, 0x05, 0x1e, 0x7b, - 0x60, +const unsigned char test_ec_secp224r1_priv[] = { + 0x87, 0x2f, 0x20, 0x3b, 0x3a, 0xd3, 0x5b, 0x7f, 0x2e, 0xcc, 0x80, 0x3c, + 0x3a, 0x0e, 0x1e, 0x0b, 0x1e, 0xd6, 0x1c, 0xc1, 0xaf, 0xe7, 0x1b, 0x18, + 0x9c, 0xd4, 0xc9, 0x95, }; -const unsigned char test_ec_secp384r1[] = { - 0x30, 0x81, 0xa4, 0x02, 0x01, 0x01, 0x04, 0x30, 0xa8, 0x88, 0x45, 0xb7, - 0x52, 0x1d, 0x21, 0x2c, 0x2c, 0x20, 0x48, 0x48, 0x51, 0x19, 0xf1, 0x09, - 0x5d, 0x1a, 0x55, 0x78, 0x06, 0x59, 0x71, 0xea, 0xfd, 0x17, 0x41, 0x82, - 0x49, 0x63, 0x9e, 0x62, 0xe1, 0x9c, 0xcc, 0x22, 0x69, 0xeb, 0xbb, 0x90, - 0x7e, 0xa0, 0x50, 0x65, 0xfd, 0x4b, 0xa1, 0x0c, 0xa0, 0x07, 0x06, 0x05, - 0x2b, 0x81, 0x04, 0x00, 0x22, 0xa1, 0x64, 0x03, 0x62, 0x00, 0x04, 0x74, - 0xa4, 0x5a, 0xa5, 0xb2, 0xfb, 0xb9, 0x21, 0x79, 0x0f, 0xa5, 0x91, 0xe5, - 0x31, 0x36, 0x28, 0x9d, 0xbf, 0x7e, 0x10, 0xae, 0x1b, 0x71, 0xd5, 0x84, - 0xd4, 0x5b, 0xb4, 0xca, 0x84, 0xa3, 0x7d, 0xbd, 0x0a, 0xa5, 0x71, 0xda, - 0x24, 0xad, 0x87, 0xa9, 0xaf, 0x72, 0x3c, 0xb7, 0x8e, 0x51, 0xa5, 0x15, - 0x8d, 0x9b, 0x92, 0xa8, 0xd1, 0x86, 0x86, 0xd2, 0x1a, 0x5a, 0x68, 0x4c, - 0x0a, 0x9c, 0x36, 0x04, 0x9e, 0xba, 0xa1, 0xc5, 0x98, 0x86, 0x07, 0x59, - 0xec, 0x63, 0xbe, 0x8f, 0x2a, 0x3a, 0xde, 0x15, 0x59, 0xfa, 0x55, 0xc7, - 0x92, 0xcd, 0x4f, 0xa4, 0x8a, 0xcc, 0x1e, 0xa7, 0x14, 0x9b, 0x73, +const unsigned char test_ec_secp224r1_pub[] = { + 0x04, 0x6f, 0x00, 0xea, 0xda, 0xa9, 0x49, 0xfe, 0xe3, 0xe9, 0xe1, 0xc7, + 0xfa, 0x12, 0x47, 0xee, 0xce, 0xc8, 0x6a, 0x0d, 0xce, 0x46, 0x41, 0x8b, + 0x9b, 0xd3, 0x11, 0x7b, 0x98, 0x1d, 0x4b, 0xd0, 0xae, 0x7a, 0x99, 0x0d, + 0xe9, 0x12, 0xf9, 0xd0, 0x60, 0xd6, 0xcb, 0x53, 0x1a, 0x42, 0xd2, 0x2e, + 0x39, 0x4a, 0xc2, 0x9e, 0x81, 0x80, 0x4b, 0xf1, 0x60, }; -const unsigned char test_ec_secp521r1[] = { - 0x30, 0x81, 0xdc, 0x02, 0x01, 0x01, 0x04, 0x42, 0x00, 0x13, 0x96, 0x0c, - 0x56, 0xec, 0x80, 0x5d, 0x78, 0x63, 0x67, 0x4c, 0xbd, 0xdc, 0xef, 0x69, - 0xc8, 0x74, 0xd6, 0xbe, 0x94, 0xb4, 0x36, 0x2f, 0xe5, 0x7b, 0x67, 0x1e, - 0x09, 0x74, 0xc4, 0x2b, 0xfd, 0x5a, 0xd7, 0xca, 0xec, 0xb7, 0x8e, 0xb1, - 0x09, 0xb8, 0xe1, 0xcf, 0x57, 0xd7, 0xe3, 0x6a, 0x57, 0xef, 0x84, 0xd7, - 0xf7, 0x4d, 0xaa, 0xf4, 0xd3, 0x53, 0x78, 0x1c, 0x95, 0xf7, 0x63, 0x1f, - 0xb1, 0x98, 0xa0, 0x07, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x23, 0xa1, - 0x81, 0x89, 0x03, 0x81, 0x86, 0x00, 0x04, 0x01, 0x20, 0xa9, 0xc9, 0x35, - 0x18, 0x71, 0x4b, 0x54, 0xb0, 0xd7, 0x2f, 0xcc, 0xdd, 0x7d, 0xec, 0x25, - 0x04, 0xa7, 0x2e, 0xda, 0x76, 0x8f, 0xb3, 0x77, 0xd6, 0xa5, 0xf8, 0x9e, - 0xea, 0x10, 0x58, 0xc4, 0x2c, 0xdb, 0xae, 0x78, 0xc3, 0x79, 0x04, 0x91, - 0xb4, 0x35, 0xa5, 0x26, 0xa5, 0x93, 0x2b, 0xda, 0x7a, 0xb1, 0xcf, 0x2f, - 0xc9, 0x66, 0xc7, 0xad, 0x89, 0x22, 0x49, 0xc6, 0x95, 0xcd, 0x66, 0xea, - 0x36, 0x01, 0xc5, 0x06, 0x75, 0xb0, 0xc7, 0x27, 0xa7, 0xa7, 0x89, 0xdc, - 0x97, 0x53, 0xa3, 0x74, 0xf8, 0xb7, 0xa7, 0xba, 0x25, 0x0d, 0x45, 0xa7, - 0x82, 0x5d, 0x8a, 0xb9, 0x3e, 0x43, 0x22, 0x34, 0xdf, 0x49, 0x23, 0x06, - 0xc3, 0xa5, 0x55, 0x45, 0xef, 0xdf, 0xaf, 0x68, 0x70, 0x69, 0x4f, 0x65, - 0x0a, 0xfb, 0xe8, 0xa8, 0xd9, 0xd1, 0x4c, 0x8b, 0x13, 0x7d, 0x43, 0xc5, - 0x8a, 0x87, 0x3d, 0x93, 0x5a, 0x66, 0xd5, +const unsigned char test_ec_secp256r1_priv[] = { + 0x49, 0xc9, 0xa8, 0xc1, 0x8c, 0x4b, 0x88, 0x56, 0x38, 0xc4, 0x31, 0xcf, + 0x1d, 0xf1, 0xc9, 0x94, 0x13, 0x16, 0x09, 0xb5, 0x80, 0xd4, 0xfd, 0x43, + 0xa0, 0xca, 0xb1, 0x7d, 0xb2, 0xf1, 0x3e, 0xee, }; -const unsigned char test_ec_bp256r1[] = { - 0x30, 0x78, 0x02, 0x01, 0x01, 0x04, 0x20, 0x4c, 0xb1, 0x0d, 0x0f, 0x90, - 0xe3, 0xae, 0x71, 0x43, 0x7a, 0xc8, 0x3a, 0x6d, 0x6f, 0x51, 0x35, 0x19, - 0xa4, 0x42, 0xe2, 0x47, 0x61, 0x4d, 0xfe, 0x1f, 0xe8, 0xf9, 0x61, 0x56, - 0x88, 0x87, 0x82, 0xa0, 0x0b, 0x06, 0x09, 0x2b, 0x24, 0x03, 0x03, 0x02, - 0x08, 0x01, 0x01, 0x07, 0xa1, 0x44, 0x03, 0x42, 0x00, 0x04, 0x04, 0x7e, - 0xaa, 0x53, 0x65, 0x4c, 0x1b, 0x46, 0x7c, 0x10, 0x89, 0x58, 0xb8, 0xd8, - 0xd7, 0xaa, 0x09, 0x4f, 0xe4, 0x65, 0xc8, 0x03, 0xa0, 0x6f, 0x1a, 0xf0, - 0x4e, 0x95, 0xa4, 0xe0, 0x6c, 0xaf, 0x82, 0x8f, 0x2b, 0xa7, 0x32, 0xca, - 0x77, 0x7c, 0x60, 0xed, 0xc1, 0x02, 0x33, 0x35, 0xec, 0x0f, 0x7b, 0x92, - 0x0b, 0xfa, 0x8e, 0x4f, 0x25, 0xd4, 0x6d, 0xd9, 0x5c, 0xa9, 0x65, 0x22, - 0x3d, 0x38, +const unsigned char test_ec_secp256r1_pub[] = { + 0x04, 0x77, 0x72, 0x65, 0x6f, 0x81, 0x4b, 0x39, 0x92, 0x79, 0xd5, 0xe1, + 0xf1, 0x78, 0x1f, 0xac, 0x6f, 0x09, 0x9a, 0x3c, 0x5c, 0xa1, 0xb0, 0xe3, + 0x53, 0x51, 0x83, 0x4b, 0x08, 0xb6, 0x5e, 0x0b, 0x57, 0x25, 0x90, 0xcd, + 0xaf, 0x8f, 0x76, 0x93, 0x61, 0xbc, 0xf3, 0x4a, 0xcf, 0xc1, 0x1e, 0x5e, + 0x07, 0x4e, 0x84, 0x26, 0xbd, 0xde, 0x04, 0xbe, 0x6e, 0x65, 0x39, 0x45, + 0x44, 0x96, 0x17, 0xde, 0x45, }; -const unsigned char test_ec_bp384r1[] = { - 0x30, 0x81, 0xa8, 0x02, 0x01, 0x01, 0x04, 0x30, 0x25, 0xe5, 0x2b, 0x86, - 0xfe, 0xd0, 0x4b, 0xac, 0x1e, 0x91, 0x10, 0x8e, 0xe4, 0xb7, 0x22, 0xe5, - 0xa8, 0xcc, 0x9a, 0x3a, 0xe7, 0x54, 0x04, 0x08, 0xda, 0x45, 0x0b, 0xf4, - 0x2f, 0x7a, 0x9b, 0x04, 0xa9, 0xcf, 0x37, 0x1b, 0xf4, 0x6c, 0x98, 0x79, - 0xd6, 0x8e, 0x8c, 0x8e, 0x39, 0x9d, 0x09, 0x31, 0xa0, 0x0b, 0x06, 0x09, - 0x2b, 0x24, 0x03, 0x03, 0x02, 0x08, 0x01, 0x01, 0x0b, 0xa1, 0x64, 0x03, - 0x62, 0x00, 0x04, 0x1f, 0xf8, 0x30, 0xb5, 0x6e, 0x08, 0xa2, 0xf8, 0xc1, - 0x19, 0x86, 0xb1, 0x64, 0x9b, 0xd0, 0x68, 0x84, 0x3c, 0x7a, 0x40, 0xe3, - 0x56, 0x95, 0xa1, 0x24, 0x49, 0x7a, 0x36, 0xb8, 0x6a, 0x4d, 0x55, 0x61, - 0x04, 0x82, 0x5b, 0xfd, 0xe0, 0xf1, 0x2c, 0x88, 0x84, 0xed, 0xfb, 0x37, - 0x8a, 0x07, 0xf7, 0x89, 0xfa, 0x95, 0x07, 0x21, 0xbb, 0x66, 0x44, 0x46, - 0x63, 0x80, 0x61, 0x09, 0x06, 0xfd, 0x7e, 0xfd, 0x41, 0xae, 0x86, 0x98, - 0xa9, 0x05, 0xb2, 0x31, 0x49, 0xca, 0xad, 0x14, 0x8b, 0xb5, 0x8c, 0x7c, - 0x2b, 0x16, 0x66, 0x1e, 0x18, 0x7b, 0xa3, 0x52, 0xbc, 0x5d, 0x26, 0x1e, - 0x70, 0xdb, 0x11, +const unsigned char test_ec_secp384r1_priv[] = { + 0x3f, 0x5d, 0x8d, 0x9b, 0xe2, 0x80, 0xb5, 0x69, 0x6c, 0xc5, 0xcc, 0x9f, + 0x94, 0xcf, 0x8a, 0xf7, 0xe6, 0xb6, 0x1d, 0xd6, 0x59, 0x2b, 0x2a, 0xb2, + 0xb3, 0xa4, 0xc6, 0x07, 0x45, 0x04, 0x17, 0xec, 0x32, 0x7d, 0xcd, 0xca, + 0xed, 0x7c, 0x10, 0x05, 0x3d, 0x71, 0x9a, 0x05, 0x74, 0xf0, 0xa7, 0x6a, }; -const unsigned char test_ec_bp512r1[] = { - 0x30, 0x81, 0xda, 0x02, 0x01, 0x01, 0x04, 0x40, 0x92, 0xcd, 0x27, 0xe6, - 0x7a, 0xdc, 0x76, 0x4e, 0xb0, 0x70, 0xb5, 0xae, 0x1e, 0xf2, 0x2a, 0x0e, - 0x8b, 0xc0, 0xa6, 0x42, 0x2e, 0x23, 0xd8, 0xc1, 0x65, 0x3b, 0x45, 0x95, - 0xf2, 0xd0, 0xed, 0xeb, 0x48, 0x8a, 0x9c, 0x32, 0xcf, 0xb0, 0x03, 0x66, - 0x65, 0xf9, 0xed, 0x60, 0x39, 0x06, 0xff, 0x8e, 0x9d, 0xd3, 0x39, 0xa7, - 0x49, 0x7e, 0xf7, 0xd1, 0xe2, 0xb9, 0xb0, 0x6c, 0x48, 0x76, 0x01, 0xb8, - 0xa0, 0x0b, 0x06, 0x09, 0x2b, 0x24, 0x03, 0x03, 0x02, 0x08, 0x01, 0x01, - 0x0d, 0xa1, 0x81, 0x85, 0x03, 0x81, 0x82, 0x00, 0x04, 0x30, 0xb4, 0xb1, - 0x4d, 0xea, 0xed, 0xf9, 0x32, 0xff, 0xe1, 0xdb, 0x96, 0xd7, 0x34, 0xd4, - 0x6b, 0x3e, 0xad, 0xf5, 0xfa, 0x0b, 0xdd, 0x5d, 0x41, 0x56, 0xfd, 0x2d, - 0x8e, 0x2b, 0x84, 0x2f, 0xc0, 0xe4, 0xba, 0xed, 0x53, 0x2c, 0x4c, 0xeb, - 0x14, 0xe3, 0x89, 0x92, 0x66, 0xdc, 0x61, 0x3a, 0xda, 0xb9, 0xb9, 0x8c, - 0xc7, 0x41, 0x74, 0xba, 0x40, 0x54, 0xef, 0xce, 0x38, 0xc9, 0x0a, 0xeb, - 0x70, 0x01, 0x30, 0xf8, 0x18, 0x7e, 0x8c, 0x39, 0x16, 0xfc, 0xef, 0x10, - 0x7f, 0x16, 0xe2, 0x52, 0xba, 0x8f, 0x37, 0xdf, 0x23, 0x72, 0xe2, 0xd9, - 0x90, 0x7a, 0x51, 0xc3, 0x44, 0x8a, 0x6e, 0x92, 0x79, 0x7b, 0x66, 0x22, - 0xa9, 0x7e, 0xef, 0xef, 0x8d, 0x10, 0x23, 0x95, 0x97, 0xd7, 0x28, 0x28, - 0x4c, 0x89, 0xcb, 0x14, 0xe2, 0x89, 0x09, 0xe8, 0x05, 0x07, 0x0f, 0x6a, - 0x3f, 0xad, 0x84, 0xb3, 0x0b, +const unsigned char test_ec_secp384r1_pub[] = { + 0x04, 0xd9, 0xc6, 0x62, 0xb5, 0x0b, 0xa2, 0x9c, 0xa4, 0x79, 0x90, 0x45, + 0x0e, 0x04, 0x3a, 0xea, 0xf4, 0xf0, 0xc6, 0x9b, 0x15, 0x67, 0x6d, 0x11, + 0x2f, 0x62, 0x2a, 0x71, 0xc9, 0x30, 0x59, 0xaf, 0x99, 0x96, 0x91, 0xc5, + 0x68, 0x0d, 0x2b, 0x44, 0xd1, 0x11, 0x57, 0x9d, 0xb1, 0x2f, 0x4a, 0x41, + 0x3a, 0x2e, 0xd5, 0xc4, 0x5f, 0xcf, 0xb6, 0x7b, 0x5b, 0x63, 0xe0, 0x0b, + 0x91, 0xeb, 0xe5, 0x9d, 0x09, 0xa6, 0xb1, 0xac, 0x2c, 0x0c, 0x42, 0x82, + 0xaa, 0x12, 0x31, 0x7e, 0xd5, 0x91, 0x4f, 0x99, 0x9b, 0xc4, 0x88, 0xbb, + 0x13, 0x2e, 0x83, 0x42, 0xcc, 0x36, 0xf2, 0xca, 0x5e, 0x33, 0x79, 0xc7, + 0x47, }; -const unsigned char test_ec_curve25519[] = { - 0x30, 0x2e, 0x02, 0x01, 0x00, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, 0x6e, - 0x04, 0x22, 0x04, 0x20, 0xf0, 0x29, 0x67, 0x44, 0x79, 0x87, 0xc0, 0x63, - 0xe1, 0x20, 0xd5, 0x6f, 0x45, 0xc5, 0x94, 0x3a, 0xd1, 0x75, 0x2a, 0x77, - 0xa1, 0x86, 0x98, 0x65, 0xdd, 0xab, 0x63, 0x88, 0xe1, 0x2a, 0x66, 0x6e, +const unsigned char test_ec_secp521r1_priv[] = { + 0x01, 0xb1, 0xb6, 0xad, 0x07, 0xbb, 0x79, 0xe7, 0x32, 0x0d, 0xa5, 0x98, + 0x60, 0xea, 0x28, 0xe0, 0x55, 0x28, 0x4f, 0x60, 0x58, 0xf2, 0x79, 0xde, + 0x66, 0x6e, 0x06, 0xd4, 0x35, 0xd2, 0xaf, 0x7b, 0xda, 0x28, 0xd9, 0x9f, + 0xa4, 0x7b, 0x7d, 0xd0, 0x96, 0x3e, 0x16, 0xb0, 0x07, 0x30, 0x78, 0xee, + 0x8b, 0x8a, 0x38, 0xd9, 0x66, 0xa5, 0x82, 0xf4, 0x6d, 0x19, 0xff, 0x95, + 0xdf, 0x3a, 0xd9, 0x68, 0x5a, 0xae, }; -const unsigned char test_ec_secp192k1[] = { - 0x30, 0x5c, 0x02, 0x01, 0x01, 0x04, 0x18, 0x30, 0xaa, 0xb8, 0xb2, 0x51, - 0x9e, 0xf6, 0x8e, 0xf5, 0xbe, 0x41, 0xbc, 0x2d, 0x2d, 0x1f, 0x96, 0x30, - 0xd8, 0x5f, 0x62, 0x9c, 0xca, 0x51, 0xca, 0xa0, 0x07, 0x06, 0x05, 0x2b, - 0x81, 0x04, 0x00, 0x1f, 0xa1, 0x34, 0x03, 0x32, 0x00, 0x04, 0xf5, 0x88, - 0xa8, 0x31, 0x0c, 0x1f, 0xf2, 0xdf, 0xeb, 0x70, 0x69, 0xd7, 0x8c, 0x42, - 0xe1, 0xaa, 0x20, 0x66, 0x5e, 0x49, 0x74, 0x7f, 0xb5, 0xa5, 0x6b, 0x96, - 0x75, 0xc6, 0xa2, 0xda, 0xf0, 0x5d, 0xa2, 0x8e, 0xbd, 0x54, 0x94, 0xf5, - 0x4d, 0x31, 0x1e, 0x6c, 0x70, 0xa3, 0xd2, 0x29, 0xda, 0x4d, +const unsigned char test_ec_secp521r1_pub[] = { + 0x04, 0x00, 0x1d, 0xe1, 0x42, 0xd5, 0x4f, 0x69, 0xeb, 0x03, 0x8e, 0xe4, + 0xb7, 0xaf, 0x9d, 0x3c, 0xa0, 0x77, 0x36, 0xfd, 0x9c, 0xf7, 0x19, 0xeb, + 0x35, 0x4d, 0x69, 0x87, 0x9e, 0xe7, 0xf3, 0xc1, 0x36, 0xfb, 0x0f, 0xbf, + 0x9f, 0x08, 0xf8, 0x6b, 0xe5, 0xfa, 0x12, 0x8e, 0xc1, 0xa0, 0x51, 0xd3, + 0xe6, 0xc6, 0x43, 0xe8, 0x5a, 0xda, 0x8f, 0xfa, 0xcf, 0x36, 0x63, 0xc2, + 0x60, 0xbd, 0x2c, 0x84, 0x4b, 0x6f, 0x56, 0x00, 0xce, 0xe8, 0xe4, 0x8a, + 0x9e, 0x65, 0xd0, 0x9c, 0xad, 0xd8, 0x9f, 0x23, 0x5d, 0xee, 0x05, 0xf3, + 0xb8, 0xa6, 0x46, 0xbe, 0x71, 0x5f, 0x1f, 0x67, 0xd5, 0xb4, 0x34, 0xe0, + 0xff, 0x23, 0xa1, 0xfc, 0x07, 0xef, 0x77, 0x40, 0x19, 0x3e, 0x40, 0xee, + 0xff, 0x6f, 0x3b, 0xcd, 0xfd, 0x76, 0x5a, 0xa9, 0x15, 0x50, 0x33, 0x52, + 0x4f, 0xe4, 0xf2, 0x05, 0xf5, 0x44, 0x4e, 0x29, 0x2c, 0x4c, 0x2f, 0x6a, + 0xc1, }; -const unsigned char test_ec_secp256k1[] = { - 0x30, 0x74, 0x02, 0x01, 0x01, 0x04, 0x20, 0xda, 0x1f, 0xf8, 0xe8, 0xb9, - 0x1f, 0x45, 0xd8, 0xc3, 0xfe, 0x3e, 0x5d, 0x50, 0x56, 0xc3, 0xe8, 0xad, - 0x87, 0xb0, 0x91, 0x71, 0xcd, 0xca, 0x80, 0xa7, 0xdf, 0x49, 0xd6, 0xa5, - 0xc6, 0x9f, 0x97, 0xa0, 0x07, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x0a, - 0xa1, 0x44, 0x03, 0x42, 0x00, 0x04, 0xef, 0x76, 0x2f, 0x4f, 0x6a, 0x7d, - 0x0a, 0xec, 0xef, 0x78, 0x0b, 0xa1, 0xba, 0x57, 0x0f, 0x41, 0x76, 0x76, - 0xf1, 0x4f, 0x7e, 0x91, 0x8b, 0x18, 0xba, 0xab, 0xd9, 0xd7, 0xcc, 0x2c, - 0xe2, 0x1e, 0x92, 0x6d, 0xfd, 0x53, 0xcc, 0xa4, 0x62, 0xab, 0xe4, 0xc0, - 0xaf, 0xaf, 0xc9, 0xd0, 0x10, 0x1a, 0x89, 0x86, 0x6d, 0x6f, 0x24, 0x71, - 0xa3, 0xe2, 0x70, 0xe2, 0x02, 0xe5, 0x96, 0x48, 0xd5, 0x03, +const unsigned char test_ec_bp256r1_priv[] = { + 0x21, 0x61, 0xd6, 0xf2, 0xdb, 0x76, 0x52, 0x6f, 0xa6, 0x2c, 0x16, 0xf3, + 0x56, 0xa8, 0x0f, 0x01, 0xf3, 0x2f, 0x77, 0x67, 0x84, 0xb3, 0x6a, 0xa9, + 0x97, 0x99, 0xa8, 0xb7, 0x66, 0x20, 0x80, 0xff, }; -const unsigned char test_ec_curve448[] = { - 0x30, 0x46, 0x02, 0x01, 0x00, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, 0x6f, - 0x04, 0x3a, 0x04, 0x38, 0xe4, 0xd9, 0x04, 0xba, 0x83, 0x93, 0xa5, 0x69, - 0x14, 0x17, 0xab, 0x9d, 0xfd, 0xc9, 0xf2, 0x0d, 0x57, 0x6f, 0xe7, 0x1a, - 0xe6, 0xac, 0xb7, 0x76, 0xdc, 0xe2, 0x76, 0x68, 0x34, 0xd9, 0x45, 0x11, - 0xff, 0x73, 0x24, 0x03, 0xe1, 0x49, 0x6a, 0x65, 0x1d, 0x89, 0xd3, 0x2f, - 0xbc, 0xfe, 0x49, 0xa8, 0xc1, 0xba, 0xbf, 0x46, 0x4b, 0x4c, 0x25, 0xef, +const unsigned char test_ec_bp256r1_pub[] = { + 0x04, 0x76, 0x8c, 0x8c, 0xae, 0x4a, 0xbc, 0xa6, 0x30, 0x6d, 0xb0, 0xed, + 0x81, 0xb0, 0xc4, 0xa6, 0x21, 0x5c, 0x37, 0x80, 0x66, 0xec, 0x6d, 0x61, + 0x6c, 0x14, 0x6e, 0x13, 0xf1, 0xc7, 0xdf, 0x80, 0x9b, 0x96, 0xab, 0x69, + 0x11, 0xc2, 0x7d, 0x8a, 0x02, 0x33, 0x9f, 0x09, 0x26, 0x84, 0x0e, 0x55, + 0x23, 0x6d, 0x3d, 0x1e, 0xfb, 0xe2, 0x66, 0x9d, 0x09, 0x0e, 0x4c, 0x4c, + 0x66, 0x0f, 0xad, 0xa9, 0x1d, +}; + +const unsigned char test_ec_bp384r1_priv[] = { + 0x3d, 0xd9, 0x2e, 0x75, 0x0d, 0x90, 0xd7, 0xd3, 0x9f, 0xc1, 0x88, 0x5c, + 0xd8, 0xad, 0x12, 0xea, 0x94, 0x41, 0xf2, 0x2b, 0x93, 0x34, 0xb4, 0xd9, + 0x65, 0x20, 0x2a, 0xdb, 0x14, 0x48, 0xce, 0x24, 0xc5, 0x80, 0x8a, 0x85, + 0xdd, 0x9a, 0xfc, 0x22, 0x9a, 0xf0, 0xa3, 0x12, 0x4f, 0x75, 0x5b, 0xcb, +}; + +const unsigned char test_ec_bp384r1_pub[] = { + 0x04, 0x71, 0x9f, 0x9d, 0x09, 0x3a, 0x62, 0x7e, 0x0d, 0x35, 0x03, 0x85, + 0xc6, 0x61, 0xce, 0xbf, 0x00, 0xc6, 0x19, 0x23, 0x56, 0x6f, 0xe9, 0x00, + 0x6a, 0x31, 0x07, 0xaf, 0x1d, 0x87, 0x1b, 0xc6, 0xbb, 0x68, 0x98, 0x5f, + 0xd7, 0x22, 0xea, 0x32, 0xbe, 0x31, 0x6f, 0x8e, 0x78, 0x3b, 0x7c, 0xd1, + 0x95, 0x77, 0x85, 0xf6, 0x6c, 0xfc, 0x0c, 0xb1, 0x95, 0xdd, 0x5c, 0x99, + 0xa8, 0xe7, 0xab, 0xaa, 0x84, 0x85, 0x53, 0xa5, 0x84, 0xdf, 0xd2, 0xb4, + 0x8e, 0x76, 0xd4, 0x45, 0xfe, 0x00, 0xdd, 0x8b, 0xe5, 0x90, 0x96, 0xd8, + 0x77, 0xd4, 0x69, 0x6d, 0x23, 0xb4, 0xbc, 0x8d, 0xb1, 0x47, 0x24, 0xe6, + 0x6a, +}; + +const unsigned char test_ec_bp512r1_priv[] = { + 0x37, 0x2c, 0x97, 0x78, 0xf6, 0x9f, 0x72, 0x6c, 0xbc, 0xa3, 0xf4, 0xa2, + 0x68, 0xf1, 0x6b, 0x4d, 0x61, 0x7d, 0x10, 0x28, 0x0d, 0x79, 0xa6, 0xa0, + 0x29, 0xcd, 0x51, 0x87, 0x9f, 0xe1, 0x01, 0x29, 0x34, 0xdf, 0xe5, 0x39, + 0x54, 0x55, 0x33, 0x7d, 0xf6, 0x90, 0x6d, 0xc7, 0xd6, 0xd2, 0xee, 0xa4, + 0xdb, 0xb2, 0x06, 0x5c, 0x02, 0x28, 0xf7, 0x3b, 0x3e, 0xd7, 0x16, 0x48, + 0x0e, 0x7d, 0x71, 0xd2, +}; + +const unsigned char test_ec_bp512r1_pub[] = { + 0x04, 0x38, 0xb7, 0xec, 0x92, 0xb6, 0x1c, 0x5c, 0x6c, 0x7f, 0xbc, 0x28, + 0xa4, 0xec, 0x75, 0x9d, 0x48, 0xfc, 0xd4, 0xe2, 0xe3, 0x74, 0xde, 0xfd, + 0x5c, 0x49, 0x68, 0xa5, 0x4d, 0xbe, 0xf7, 0x51, 0x0e, 0x51, 0x78, 0x86, + 0xfb, 0xfc, 0x38, 0xea, 0x39, 0xaa, 0x52, 0x93, 0x59, 0xd7, 0x0a, 0x71, + 0x56, 0xc3, 0x5d, 0x3c, 0xba, 0xc7, 0xce, 0x77, 0x6b, 0xdb, 0x25, 0x1d, + 0xd6, 0x4b, 0xce, 0x71, 0x23, 0x44, 0x24, 0xee, 0x70, 0x49, 0xee, 0xd0, + 0x72, 0xf0, 0xdb, 0xc4, 0xd7, 0x99, 0x96, 0xe1, 0x75, 0xd5, 0x57, 0xe2, + 0x63, 0x76, 0x3a, 0xe9, 0x70, 0x95, 0xc0, 0x81, 0xe7, 0x3e, 0x7d, 0xb2, + 0xe3, 0x8a, 0xdc, 0x3d, 0x4c, 0x9a, 0x04, 0x87, 0xb1, 0xed, 0xe8, 0x76, + 0xdc, 0x1f, 0xca, 0x61, 0xc9, 0x02, 0xe9, 0xa1, 0xd8, 0x72, 0x2b, 0x86, + 0x12, 0x92, 0x8f, 0x18, 0xa2, 0x48, 0x45, 0x59, 0x1a, +}; + +const unsigned char test_ec_secp192k1_priv[] = { + 0x29, 0x7a, 0xc1, 0x72, 0x2c, 0xca, 0xc7, 0x58, 0x9e, 0xcb, 0x24, 0x0d, + 0xc7, 0x19, 0x84, 0x25, 0x38, 0xca, 0x97, 0x4b, 0xeb, 0x79, 0xf2, 0x28, +}; + +const unsigned char test_ec_secp192k1_pub[] = { + 0x04, 0x26, 0xb7, 0xbb, 0x38, 0xda, 0x64, 0x9a, 0xc2, 0x13, 0x8f, 0xc0, + 0x50, 0xc6, 0x54, 0x8b, 0x32, 0x55, 0x3d, 0xab, 0x68, 0xaf, 0xeb, 0xc3, + 0x61, 0x05, 0xd3, 0x25, 0xb7, 0x55, 0x38, 0xc1, 0x23, 0x23, 0xcb, 0x07, + 0x64, 0x78, 0x9e, 0xcb, 0x99, 0x26, 0x71, 0xbe, 0xb2, 0xb6, 0xbe, 0xf2, + 0xf5, +}; + +const unsigned char test_ec_secp256k1_priv[] = { + 0x7f, 0xa0, 0x6f, 0xa0, 0x2d, 0x0e, 0x91, 0x1b, 0x9a, 0x47, 0xfd, 0xc1, + 0x7d, 0x2d, 0x96, 0x2c, 0xa0, 0x1e, 0x2f, 0x31, 0xd6, 0x0c, 0x62, 0x12, + 0xd0, 0xed, 0x7e, 0x3b, 0xba, 0x23, 0xa7, 0xb9, +}; + +const unsigned char test_ec_secp256k1_pub[] = { + 0x04, 0x5c, 0x39, 0x15, 0x45, 0x79, 0xef, 0xd6, 0x67, 0xad, 0xc7, 0x3a, + 0x81, 0x01, 0x5a, 0x79, 0x7d, 0x2c, 0x86, 0x82, 0xcd, 0xfb, 0xd3, 0xc3, + 0x55, 0x3c, 0x4a, 0x18, 0x5d, 0x48, 0x1c, 0xdc, 0x50, 0xe4, 0x2a, 0x0e, + 0x1c, 0xbc, 0x3c, 0xa2, 0x9a, 0x32, 0xa6, 0x45, 0xe9, 0x27, 0xf5, 0x4b, + 0xea, 0xed, 0x14, 0xc9, 0xdb, 0xbf, 0x82, 0x79, 0xd7, 0x25, 0xf5, 0x49, + 0x5c, 0xa9, 0x24, 0xb2, 0x4d, +}; + +const unsigned char test_ec_curve25519_priv[] = { + 0x70, 0x07, 0x6d, 0x0a, 0x73, 0x18, 0xa5, 0x7d, 0x3c, 0x16, 0xc1, 0x72, + 0x51, 0xb2, 0x66, 0x45, 0xdf, 0x4c, 0x2f, 0x87, 0xeb, 0xc0, 0x99, 0x2a, + 0xb1, 0x77, 0xfb, 0xa5, 0x1d, 0xb9, 0x2c, 0x6a, +}; + +const unsigned char test_ec_curve25519_pub[] = { + 0x85, 0x20, 0xf0, 0x09, 0x89, 0x30, 0xa7, 0x54, 0x74, 0x8b, 0x7d, 0xdc, + 0xb4, 0x3e, 0xf7, 0x5a, 0x0d, 0xbf, 0x3a, 0x0d, 0x26, 0x38, 0x1a, 0xf4, + 0xeb, 0xa4, 0xa9, 0x8e, 0xaa, 0x9b, 0x4e, 0x6a, +}; + +const unsigned char test_ec_curve448_priv[] = { + 0xe4, 0xe4, 0x9f, 0x52, 0x68, 0x6f, 0x9e, 0xe3, 0xb6, 0x38, 0x52, 0x8f, + 0x72, 0x1f, 0x15, 0x96, 0x19, 0x6f, 0xfd, 0x0a, 0x1c, 0xdd, 0xb6, 0x4c, + 0x3f, 0x21, 0x6f, 0x06, 0x54, 0x18, 0x05, 0xcf, 0xeb, 0x1a, 0x28, 0x6d, + 0xc7, 0x80, 0x18, 0x09, 0x5c, 0xdf, 0xec, 0x05, 0x0e, 0x80, 0x07, 0xb5, + 0xf4, 0x90, 0x89, 0x62, 0xba, 0x20, 0xd6, 0xc1, +}; + +const unsigned char test_ec_curve448_pub[] = { + 0xc0, 0xd3, 0xa5, 0xa2, 0xb4, 0x16, 0xa5, 0x73, 0xdc, 0x99, 0x09, 0xf9, + 0x2f, 0x13, 0x4a, 0xc0, 0x13, 0x23, 0xab, 0x8f, 0x8e, 0x36, 0x80, 0x4e, + 0x57, 0x85, 0x88, 0xba, 0x2d, 0x09, 0xfe, 0x7c, 0x3e, 0x73, 0x7f, 0x77, + 0x1c, 0xa1, 0x12, 0x82, 0x5b, 0x54, 0x8a, 0x0f, 0xfd, 0xed, 0x6d, 0x6a, + 0x2f, 0xd0, 0x9a, 0x3e, 0x77, 0xde, 0xc3, 0x0e, }; diff --git a/tests/suites/test_suite_pk.function b/tests/suites/test_suite_pk.function index c08c145f77..b67bbb8252 100644 --- a/tests/suites/test_suite_pk.function +++ b/tests/suites/test_suite_pk.function @@ -189,37 +189,56 @@ struct key_lut_element { int curve_or_keybits; const unsigned char *key; size_t key_len; + const unsigned char *pub_key; + size_t pub_key_len; }; struct key_lut_element keys_lut[] = { - { 1024, test_rsa_1024, sizeof(test_rsa_1024) }, - { 1026, test_rsa_1026, sizeof(test_rsa_1026) }, - { 1028, test_rsa_1028, sizeof(test_rsa_1028) }, - { 1030, test_rsa_1030, sizeof(test_rsa_1030) }, - { 2048, test_rsa_2048, sizeof(test_rsa_2048) }, - { 4096, test_rsa_4096, sizeof(test_rsa_4096) }, - { MBEDTLS_ECP_DP_SECP192R1, test_ec_secp192r1, sizeof(test_ec_secp192r1) }, - { MBEDTLS_ECP_DP_SECP224R1, test_ec_secp224r1, sizeof(test_ec_secp224r1) }, - { MBEDTLS_ECP_DP_SECP256R1, test_ec_secp256r1, sizeof(test_ec_secp256r1) }, - { MBEDTLS_ECP_DP_SECP384R1, test_ec_secp384r1, sizeof(test_ec_secp384r1) }, - { MBEDTLS_ECP_DP_SECP521R1, test_ec_secp521r1, sizeof(test_ec_secp521r1) }, - { MBEDTLS_ECP_DP_BP256R1, test_ec_bp256r1, sizeof(test_ec_bp256r1) }, - { MBEDTLS_ECP_DP_BP384R1, test_ec_bp384r1, sizeof(test_ec_bp384r1) }, - { MBEDTLS_ECP_DP_BP512R1, test_ec_bp512r1, sizeof(test_ec_bp512r1) }, - { MBEDTLS_ECP_DP_CURVE25519, test_ec_curve25519, sizeof(test_ec_curve25519) }, - { MBEDTLS_ECP_DP_SECP192K1, test_ec_secp192k1, sizeof(test_ec_secp192k1) }, - { MBEDTLS_ECP_DP_SECP256K1, test_ec_secp256k1, sizeof(test_ec_secp256k1) }, - { MBEDTLS_ECP_DP_CURVE448, test_ec_curve448, sizeof(test_ec_curve448) }, + { 1024, test_rsa_1024, sizeof(test_rsa_1024), NULL, 0 }, + { 1026, test_rsa_1026, sizeof(test_rsa_1026), NULL, 0 }, + { 1028, test_rsa_1028, sizeof(test_rsa_1028), NULL, 0 }, + { 1030, test_rsa_1030, sizeof(test_rsa_1030), NULL, 0 }, + { 2048, test_rsa_2048, sizeof(test_rsa_2048), NULL, 0 }, + { 4096, test_rsa_4096, sizeof(test_rsa_4096), NULL, 0 }, + { MBEDTLS_ECP_DP_SECP192R1, test_ec_secp192r1_priv, sizeof(test_ec_secp192r1_priv), + test_ec_secp192r1_pub, sizeof(test_ec_secp192r1_pub) }, + { MBEDTLS_ECP_DP_SECP224R1, test_ec_secp224r1_priv, sizeof(test_ec_secp224r1_priv), + test_ec_secp224r1_pub, sizeof(test_ec_secp224r1_pub) }, + { MBEDTLS_ECP_DP_SECP256R1, test_ec_secp256r1_priv, sizeof(test_ec_secp256r1_priv), + test_ec_secp256r1_pub, sizeof(test_ec_secp256r1_pub) }, + { MBEDTLS_ECP_DP_SECP384R1, test_ec_secp384r1_priv, sizeof(test_ec_secp384r1_priv), + test_ec_secp384r1_pub, sizeof(test_ec_secp384r1_pub) }, + { MBEDTLS_ECP_DP_SECP521R1, test_ec_secp521r1_priv, sizeof(test_ec_secp521r1_priv), + test_ec_secp521r1_pub, sizeof(test_ec_secp521r1_pub) }, + { MBEDTLS_ECP_DP_BP256R1, test_ec_bp256r1_priv, sizeof(test_ec_bp256r1_priv), + test_ec_bp256r1_pub, sizeof(test_ec_bp256r1_pub) }, + { MBEDTLS_ECP_DP_BP384R1, test_ec_bp384r1_priv, sizeof(test_ec_bp384r1_priv), + test_ec_bp384r1_pub, sizeof(test_ec_bp384r1_pub) }, + { MBEDTLS_ECP_DP_BP512R1, test_ec_bp512r1_priv, sizeof(test_ec_bp512r1_priv), + test_ec_bp512r1_pub, sizeof(test_ec_bp512r1_pub) }, + { MBEDTLS_ECP_DP_CURVE25519, test_ec_curve25519_priv, sizeof(test_ec_curve25519_priv), + test_ec_curve25519_pub, sizeof(test_ec_curve25519_pub) }, + { MBEDTLS_ECP_DP_SECP192K1, test_ec_secp192k1_priv, sizeof(test_ec_secp192k1_priv), + test_ec_secp192k1_pub, sizeof(test_ec_secp192k1_pub) }, + { MBEDTLS_ECP_DP_SECP256K1, test_ec_secp256k1_priv, sizeof(test_ec_secp256k1_priv), + test_ec_secp256k1_pub, sizeof(test_ec_secp256k1_pub) }, + { MBEDTLS_ECP_DP_CURVE448, test_ec_curve448_priv, sizeof(test_ec_curve448_priv), + test_ec_curve448_pub, sizeof(test_ec_curve448_pub) }, }; static int get_predefined_key_data(int curve_or_keybits, - const unsigned char **key, size_t *key_len) + const unsigned char **key, size_t *key_len, + const unsigned char **pub_key, size_t *pub_key_len) { size_t i; for (i = 0; i < ARRAY_LENGTH(keys_lut); i++) { if (curve_or_keybits == keys_lut[i].curve_or_keybits) { *key = keys_lut[i].key; *key_len = keys_lut[i].key_len; + if (pub_key != NULL) { + *pub_key = keys_lut[i].pub_key; + *pub_key_len = keys_lut[i].pub_key_len; + } return 0; } } @@ -227,6 +246,27 @@ static int get_predefined_key_data(int curve_or_keybits, return MBEDTLS_ERR_PK_BAD_INPUT_DATA; } +#if defined(MBEDTLS_PSA_CRYPTO_C) +psa_status_t pk_psa_import_key(const unsigned char *key_data, size_t key_len, + psa_key_type_t type, psa_key_usage_t usage, + psa_algorithm_t alg, mbedtls_svc_key_id_t *key) +{ + psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; + psa_status_t status; + + *key = MBEDTLS_SVC_KEY_ID_INIT; + + /* Note: psa_import_key() automatically determines the key's bit length + * from the provided key data. That's why psa_set_key_bits() is not used below. */ + psa_set_key_usage_flags(&attributes, usage); + psa_set_key_algorithm(&attributes, alg); + psa_set_key_type(&attributes, type); + status = psa_import_key(&attributes, key_data, key_len, key); + + return status; +} +#endif /* MBEDTLS_PSA_CRYPTO_C */ + #if defined(MBEDTLS_PK_PARSE_C) /** Fill the provided PK context with a proper key. * @@ -249,12 +289,42 @@ static int get_predefined_key_data(int curve_or_keybits, static int pk_genkey(mbedtls_pk_context *pk, mbedtls_pk_type_t pk_type, int curve_or_keybits) { const unsigned char *key_data = NULL; + const unsigned char *pub_key_data = NULL; size_t key_data_len = 0; + size_t pub_key_data_len = 0; int ret = MBEDTLS_ERR_PK_BAD_INPUT_DATA; - TEST_EQUAL(get_predefined_key_data(curve_or_keybits, &key_data, &key_data_len), 0); - TEST_EQUAL(mbedtls_pk_parse_key(pk, key_data, key_data_len, NULL, 0, - mbedtls_test_rnd_std_rand, NULL), 0); + if (pk_type == MBEDTLS_PK_RSA) { + TEST_EQUAL(get_predefined_key_data(curve_or_keybits, &key_data, &key_data_len, + NULL, 0), 0); + TEST_EQUAL(mbedtls_pk_parse_key(pk, key_data, key_data_len, NULL, 0, + mbedtls_test_rnd_std_rand, NULL), 0); + } else { + TEST_EQUAL(get_predefined_key_data(curve_or_keybits, &key_data, &key_data_len, + &pub_key_data, &pub_key_data_len), 0); + TEST_EQUAL(mbedtls_pk_setup(pk, mbedtls_pk_info_from_type(pk_type)), 0); +#if defined(MBEDTLS_PK_USE_PSA_EC_DATA) + pk->ec_family = mbedtls_ecc_group_to_psa(curve_or_keybits, &pk->ec_bits); + TEST_EQUAL(pk_psa_import_key(key_data, key_data_len, + PSA_KEY_TYPE_ECC_KEY_PAIR(pk->ec_family), + PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | + PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE | + PSA_KEY_USAGE_DERIVE | PSA_KEY_USAGE_COPY | + PSA_KEY_USAGE_EXPORT, + MBEDTLS_PK_PSA_ALG_ECDSA_MAYBE_DET(PSA_ALG_ANY_HASH), + &pk->priv_id), 0); + memcpy(pk->pub_raw, pub_key_data, pub_key_data_len); + pk->pub_raw_len = pub_key_data_len; +#elif defined(MBEDTLS_ECP_C) + TEST_EQUAL(mbedtls_ecp_read_key(curve_or_keybits, mbedtls_pk_ec_rw(*pk), + key_data, key_data_len), 0); + TEST_EQUAL(mbedtls_ecp_point_read_binary(&(mbedtls_pk_ec_rw(*pk)->grp), + &(mbedtls_pk_ec_rw(*pk)->Q), + pub_key_data, pub_key_data_len), 0); +#else /* MBEDTLS_PK_USE_PSA_EC_DATA || MBEDTLS_ECP_C */ + TEST_FAIL("EC keys not supported."); +#endif /* MBEDTLS_PK_USE_PSA_EC_DATA || MBEDTLS_ECP_C */ + } /* Override pk_info. */ pk->pk_info = mbedtls_pk_info_from_type(pk_type); ret = 0; @@ -289,44 +359,17 @@ psa_status_t pk_psa_genkey(psa_key_type_t type, size_t bits, psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; psa_status_t status = PSA_ERROR_GENERIC_ERROR; const unsigned char *key_data = NULL; - size_t key_data_size = 0; /* Overall size of key_data in bytes. It includes leading - * zeros (if any). */ - size_t key_data_len = 0; /* Length of valid bytes in key_data. */ - const unsigned char *key_data_start; + size_t key_data_size = 0; - /* Get the predefined key: - * - RSA keys are already in a valid format to be imported into PSA. - * - EC ones instead would require some adaptation. However instead of going - * through the PK module for import/export, we can directly skip the - * unrelevant data and go directly to the private key. - */ if (PSA_KEY_TYPE_IS_RSA(type)) { - TEST_EQUAL(get_predefined_key_data(bits, &key_data, &key_data_size), 0); - key_data_start = (unsigned char *) key_data; - key_data_len = key_data_size; + TEST_EQUAL(get_predefined_key_data(bits, &key_data, &key_data_size, NULL, 0), 0); } else { #if defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) mbedtls_ecp_group_id grp_id; grp_id = mbedtls_ecc_group_from_psa(PSA_KEY_TYPE_ECC_GET_FAMILY(type), bits); - TEST_EQUAL(get_predefined_key_data(grp_id, &key_data, &key_data_size), 0); - - unsigned char *p = (unsigned char *) key_data; - const unsigned char *end = key_data + key_data_size; - size_t len; - int version; - - TEST_EQUAL(mbedtls_asn1_get_tag(&p, end, &len, MBEDTLS_ASN1_SEQUENCE | - MBEDTLS_ASN1_CONSTRUCTED), 0); - TEST_EQUAL(mbedtls_asn1_get_int(&p, end, &version), 0); - if ((grp_id == MBEDTLS_ECP_DP_CURVE25519) || (grp_id == MBEDTLS_ECP_DP_CURVE448)) { - TEST_EQUAL(mbedtls_asn1_get_tag(&p, end, &len, MBEDTLS_ASN1_SEQUENCE | - MBEDTLS_ASN1_CONSTRUCTED), 0); - p += len; - TEST_EQUAL(mbedtls_asn1_get_tag(&p, end, &len, MBEDTLS_ASN1_OCTET_STRING), 0); - } - TEST_EQUAL(mbedtls_asn1_get_tag(&p, end, &len, MBEDTLS_ASN1_OCTET_STRING), 0); - key_data_start = p; - key_data_len = len; + TEST_EQUAL(get_predefined_key_data(grp_id, &key_data, &key_data_size, NULL, 0), 0); +#else /* PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY */ + TEST_FAIL("EC keys are not supported"); #endif /* PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY */ } @@ -340,7 +383,7 @@ psa_status_t pk_psa_genkey(psa_key_type_t type, size_t bits, if (!mbedtls_svc_key_id_is_null(persistent_key_id)) { psa_set_key_id(&attributes, persistent_key_id); } - status = psa_import_key(&attributes, key_data_start, key_data_len, key); + status = psa_import_key(&attributes, key_data, key_data_size, key); exit: return status; @@ -628,25 +671,6 @@ exit: psa_reset_key_attributes(&new_attr); return new_key_id; } - -psa_status_t pk_psa_import_key(unsigned char *key_data, size_t key_len, - psa_key_type_t type, psa_key_usage_t usage, - psa_algorithm_t alg, mbedtls_svc_key_id_t *key) -{ - psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; - psa_status_t status; - - *key = MBEDTLS_SVC_KEY_ID_INIT; - - /* Note: psa_import_key() automatically determines the key's bit length - * from the provided key data. That's why psa_set_key_bits() is not used below. */ - psa_set_key_usage_flags(&attributes, usage); - psa_set_key_algorithm(&attributes, alg); - psa_set_key_type(&attributes, type); - status = psa_import_key(&attributes, key_data, key_len, key); - - return status; -} #endif /* MBEDTLS_PSA_CRYPTO_C */ /* END_HEADER */ From 0dd6ca4175ca5e8955dc93a223e590870d26cd94 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Wed, 10 Apr 2024 12:26:24 +0200 Subject: [PATCH 080/429] compat.sh: properly report skipped tests MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Don't just silently continue. Signed-off-by: Manuel Pégourié-Gonnard --- tests/compat.sh | 34 ++++++++++++++++++---------------- 1 file changed, 18 insertions(+), 16 deletions(-) diff --git a/tests/compat.sh b/tests/compat.sh index d7a91b47e9..320d0c57c1 100755 --- a/tests/compat.sh +++ b/tests/compat.sh @@ -588,7 +588,22 @@ add_mbedtls_ciphersuites() # o_check_ciphersuite STANDARD_CIPHER_SUITE o_check_ciphersuite() { - if [ "${O_SUPPORT_ECDH}" = "NO" ]; then + # skip DTLS when lack of support was declared + if test "$OSSL_NO_DTLS" -gt 0 && is_dtls "$MODE"; then + SKIP_NEXT_="YES" + fi + + # OpenSSL <1.0.2 doesn't support DTLS 1.2. Check if OpenSSL + # supports $O_MODE from the s_server help. (The s_client + # help isn't accurate as of 1.0.2g: it supports DTLS 1.2 + # but doesn't list it. But the s_server help seems to be + # accurate.) + if ! $OPENSSL s_server -help 2>&1 | grep -q "^ *-$O_MODE "; then + SKIP_NEXT_="YES" + fi + + # skip static ECDH when OpenSSL doesn't support it + if [ "${O_SUPPORT_STATIC_ECDH}" = "NO" ]; then case "$1" in *ECDH_*) SKIP_NEXT="YES" esac @@ -665,8 +680,8 @@ setup_arguments() esac case $($OPENSSL ciphers ALL) in - *ECDH-ECDSA*|*ECDH-RSA*) O_SUPPORT_ECDH="YES";; - *) O_SUPPORT_ECDH="NO";; + *ECDH-ECDSA*|*ECDH-RSA*) O_SUPPORT_STATIC_ECDH="YES";; + *) O_SUPPORT_STATIC_ECDH="NO";; esac if [ "X$VERIFY" = "XYES" ]; @@ -1109,19 +1124,6 @@ for MODE in $MODES; do [Oo]pen*) - if test "$OSSL_NO_DTLS" -gt 0 && is_dtls "$MODE"; then - continue; - fi - - # OpenSSL <1.0.2 doesn't support DTLS 1.2. Check if OpenSSL - # supports $O_MODE from the s_server help. (The s_client - # help isn't accurate as of 1.0.2g: it supports DTLS 1.2 - # but doesn't list it. But the s_server help seems to be - # accurate.) - if ! $OPENSSL s_server -help 2>&1 | grep -q "^ *-$O_MODE "; then - continue; - fi - reset_ciphersuites add_common_ciphersuites add_openssl_ciphersuites From cb424097be3b779cb50dfeb741b1ac0c5f2d55dd Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Wed, 10 Apr 2024 22:11:20 +0200 Subject: [PATCH 081/429] compat.sh: properly skip unsupported DTLS 1.2 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Skipping DTLS 1.2 with old versions was already done, but now properly test support only once and use the results. Note that historically, this script's policy was that it's the user's job to find the right value of -e (EXCLUDE) for their version for OpenSSL & config. Now it's a weird mix of that and the script doing some detection and skipping. Signed-off-by: Manuel Pégourié-Gonnard --- tests/compat.sh | 25 ++++++++++++++++++------- 1 file changed, 18 insertions(+), 7 deletions(-) diff --git a/tests/compat.sh b/tests/compat.sh index 320d0c57c1..20f2dbda61 100755 --- a/tests/compat.sh +++ b/tests/compat.sh @@ -593,13 +593,9 @@ o_check_ciphersuite() SKIP_NEXT_="YES" fi - # OpenSSL <1.0.2 doesn't support DTLS 1.2. Check if OpenSSL - # supports $O_MODE from the s_server help. (The s_client - # help isn't accurate as of 1.0.2g: it supports DTLS 1.2 - # but doesn't list it. But the s_server help seems to be - # accurate.) - if ! $OPENSSL s_server -help 2>&1 | grep -q "^ *-$O_MODE "; then - SKIP_NEXT_="YES" + # skip DTLS 1.2 is support was not detected + if [ "$O_SUPPORT_DTLS12" = "NO" -a "$MODE" = "dtls12" ]; then + SKIP_NEXT="YES" fi # skip static ECDH when OpenSSL doesn't support it @@ -684,6 +680,21 @@ setup_arguments() *) O_SUPPORT_STATIC_ECDH="NO";; esac + case $($OPENSSL ciphers ALL) in + *DES-CBC-*) O_SUPPORT_SINGLE_DES="YES";; + *) O_SUPPORT_SINGLE_DES="NO";; + esac + + # OpenSSL <1.0.2 doesn't support DTLS 1.2. Check if OpenSSL + # supports -dtls1_2 from the s_server help. (The s_client + # help isn't accurate as of 1.0.2g: it supports DTLS 1.2 + # but doesn't list it. But the s_server help seems to be + # accurate.) + O_SUPPORT_DTLS12="NO" + if $OPENSSL s_server -help 2>&1 | grep -q "^ *-dtls1_2 "; then + O_SUPPORT_DTLS12="YES" + fi + if [ "X$VERIFY" = "XYES" ]; then M_SERVER_ARGS="$M_SERVER_ARGS ca_file=data_files/test-ca_cat12.crt auth_mode=required" From 1a827a342219f84e55adb24ca5facfef517952f3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Mon, 13 Nov 2023 10:01:21 +0100 Subject: [PATCH 082/429] Start documenting test-driver framework. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Manuel Pégourié-Gonnard --- .../testing/driver-interface-test-strategy.md | 105 +++++++++++++++++- 1 file changed, 103 insertions(+), 2 deletions(-) diff --git a/docs/architecture/testing/driver-interface-test-strategy.md b/docs/architecture/testing/driver-interface-test-strategy.md index 380fd39c43..707b6a64a3 100644 --- a/docs/architecture/testing/driver-interface-test-strategy.md +++ b/docs/architecture/testing/driver-interface-test-strategy.md @@ -114,7 +114,7 @@ We should have at least one driver that covers the whole interface: A PKCS#11 driver would be a good candidate. It would be useful as part of our product offering. -## Transparent driver interface testing +## Unified driver interface testing The [unified driver interface](../../proposed/psa-driver-interface.md) defines interfaces for accelerators. @@ -128,6 +128,107 @@ Every cryptographic mechanism for which a transparent driver interface exists (k The driver interface includes a fallback mechanism so that a driver can reject a request at runtime and let another driver handle the request. For each entry point, there must be at least three test runs with two or more drivers available with driver A configured to fall back to driver B, with one run where A returns `PSA_SUCCESS`, one where A returns `PSA_ERROR_NOT_SUPPORTED` and B is invoked, and one where A returns a different error and B is not invoked. -## Entropy and randomness interface testing +### Test framework + +We have test drivers that are enabled by `PSA_CRYPTO_DRIVER_TEST` (not present +in the usual config files, must be defined on the command line or in a custom +config file). Those test drivers are implemented in `tests/src/drivers/*.c` +and their API is declared in `tests/include/test/drivers/*.h`. + +We have two test driver registered: `mbedtls_test_opaque_driver` and +`mbedtls_test_transparent_driver`. These are described in +`scripts/data_files/driver_jsons/mbedtls_test_xxx_driver.json` (as much as our +JSON support currently allows). Each of the drivers can potentially implement +support for several mechanism; conversely, each of the file mentioned in the +previous paragraph can potentially contribute to both the opaque and the +transparent test driver. + +Each entry point is instrumented to record the number of hits for each part of +the driver (same division as the files) and the status of the last call. It is +also possible to force the next call to return a specified status. See the +various `mbedtls_test_driver_XXX_hooks_t` structures declared by each driver. + +The drivers can use one of two back-ends: +- internal: this requires the built-in implementation to be present. +- libtestdriver1: this allows the built-in implementation to be omitted from + the build. + +Historical note: internal was initially the only back-end; then support for +libtestdriver1 was added gradually. + +Question: if/when we have complete libtestdriver1 support, do we still need +internal? Thoughts: +- It's useful to have builds with both a driver and the built-in, in +order to test fallback to built-in, but this could be achieved with +libtestdriver1 too. + - Performance might be better with internal though? +- The instrumentation works the same with both back-ends. + +Our implementation of PSA Crypto is structured in a way that the built-in +implementation of each operation follows the driver API, see +[`../architecture/psa-crypto-implementation-structure.md`](../architecture/psa-crypto-implementation-structure.html). +This makes implementing the test drivers very easy: each entry point has a +corresponding `mbedtls_psa_xxx()` function that it can call as its +implementation - with the `libtestdriver1` back-end the function is called +`libtestdriver1_mbedtls_psa_xxx()` instead. + +The renaming process for `libtestdriver1` is implemented as a few Perl regexes +applied to a copy of the library code, see the `libtestdriver1.a` target in +`tests/Makefile`. Another modification that's done to this copy is appending +`tests/include/test/drivers/crypto_config_test_driver_extension.h` to +`psa/crypto_config.h`. This file reverses the `ACCEL`/`BUILTIN` macros so that +`libtestdriver1` includes as built-in what the main `libmbedcrypto.a` will +have accelerated; see that file's initial comment for details. See also +`helper_libtestdriver1_` functions and the preceding comment in `all.sh` for +how libtestdriver is used in practice. + +This general framework needs specific code for each family of operations. At a +given point in time, not all operations have the same level of support. The +following sub-sections describe the status of the test driver support, mostly +following the structure and order of sections 9.6 and 10.2 to 10.10 of the +[PSA Crypto standard](https://arm-software.github.io/psa-api/crypto/1.1/) as +that is also a natural division for implementing test drivers (that's how the +code is divided into files). It should be noted that the implementation +strategy ensures that when and entry point has test-driver support, it +automatically works for all algorithms and key types supported by the library, +thanks to the implementation strategy mentioned above. + +#### Key management + +TODO + +#### Message digests (Hashes) + +TODO + +#### Message authentication codes (MAC) + +TODO + +#### Unauthenticated ciphers + +TODO + +#### Authenticated encryption with associated data (AEAD) + +TODO + +#### Key derivation + +TODO + +#### Asymmetric signature + +TODO + +#### Asymmetric encryption + +TODO + +#### Key agreement + +TODO + +#### Other cryptographic services (Random number generation) TODO From b66f9dba119e6860e95020e3fd8ada4bd496286d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Mon, 13 Nov 2023 11:32:37 +0100 Subject: [PATCH 083/429] Document test-driver status per family MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Manuel Pégourié-Gonnard --- .../testing/driver-interface-test-strategy.md | 214 ++++++++++++++++-- 1 file changed, 197 insertions(+), 17 deletions(-) diff --git a/docs/architecture/testing/driver-interface-test-strategy.md b/docs/architecture/testing/driver-interface-test-strategy.md index 707b6a64a3..7c43a4feba 100644 --- a/docs/architecture/testing/driver-interface-test-strategy.md +++ b/docs/architecture/testing/driver-interface-test-strategy.md @@ -128,7 +128,7 @@ Every cryptographic mechanism for which a transparent driver interface exists (k The driver interface includes a fallback mechanism so that a driver can reject a request at runtime and let another driver handle the request. For each entry point, there must be at least three test runs with two or more drivers available with driver A configured to fall back to driver B, with one run where A returns `PSA_SUCCESS`, one where A returns `PSA_ERROR_NOT_SUPPORTED` and B is invoked, and one where A returns a different error and B is not invoked. -### Test framework +### Test drivers We have test drivers that are enabled by `PSA_CRYPTO_DRIVER_TEST` (not present in the usual config files, must be defined on the command line or in a custom @@ -145,8 +145,9 @@ transparent test driver. Each entry point is instrumented to record the number of hits for each part of the driver (same division as the files) and the status of the last call. It is -also possible to force the next call to return a specified status. See the -various `mbedtls_test_driver_XXX_hooks_t` structures declared by each driver. +also possible to force the next call to return a specified status, and +sometimes more things can be forced: see the various +`mbedtls_test_driver_XXX_hooks_t` structures declared by each driver. The drivers can use one of two back-ends: - internal: this requires the built-in implementation to be present. @@ -172,6 +173,12 @@ corresponding `mbedtls_psa_xxx()` function that it can call as its implementation - with the `libtestdriver1` back-end the function is called `libtestdriver1_mbedtls_psa_xxx()` instead. +A nice consequence of that strategy is that when an entry point has +test-driver support, most of the time, it automatically works for all +algorithms and key types supported by the library. (The exception being when +the driver needs to call a different function for different key types, as is +the case with some asymmetric key management operations.) + The renaming process for `libtestdriver1` is implemented as a few Perl regexes applied to a copy of the library code, see the `libtestdriver1.a` target in `tests/Makefile`. Another modification that's done to this copy is appending @@ -188,47 +195,220 @@ following sub-sections describe the status of the test driver support, mostly following the structure and order of sections 9.6 and 10.2 to 10.10 of the [PSA Crypto standard](https://arm-software.github.io/psa-api/crypto/1.1/) as that is also a natural division for implementing test drivers (that's how the -code is divided into files). It should be noted that the implementation -strategy ensures that when and entry point has test-driver support, it -automatically works for all algorithms and key types supported by the library, -thanks to the implementation strategy mentioned above. +code is divided into files). #### Key management -TODO +The following entry points are declared in `test/drivers/key_management.h`: + +- `"init"` (transparent and opaque) +- `"generate_key"` (transparent and opaque) +- `"export_public_key"` (transparent and opaque) +- `"import_key"` (transparent and opaque) +- `"export_key"` (opaque only) +- `"get_builtin_key"` (opaque only) +- `"copy_key"` (opaque only) + +The transparent driver fully implements the declared entry points, and can use +any backend: internal or libtestdriver1. + +The opaque's driver implementation status is as follows: +- `"generate_key"`: not implemented, always returns `NOT_SUPPORTED`. +- `"export_public_key"`: implemented only for ECC and RSA keys, both backends. +- `"import_key"`: implemented except for DH keys, both backends. +- `"export_key"`: implemented for built-in keys (ECC and AES), and for + non-builtin keys except DH keys. (Backend not relevant.) +- `"get_builtin_key"`: implemented - provisioned keys: AES-128 and ECC + secp2456r1. (Backend not relevant.) +- `"copy_key"`: implemented - emulates a SE without storage. (Backend not + relevant.) + +Note: the `"init"` entry point is not part of the "key management" family, but +listed here as it's declared and implemented in the same file. With the +transparent driver and the libtestdriver1 backend, it calls +`libtestdriver1_psa_crypto_init()`, which partially but not fully ensures +that this entry point is called before other entry points in the test drivers. +With the opaque driver, this entry point just does nothing an returns success. + +The following entry points are defined by the driver interface but missing +from our test drivers: +- `"allocate_key"`, `"destroy_key"`: this is for opaque drivers that store the + key material internally. + +Note: the instrumentation also allows forcing the output and its length. #### Message digests (Hashes) -TODO +The following entry points are declared (transparent only): +- `"hash_compute"` +- `"hash_setup"` +- `"hash_clone"` +- `"hash_update"` +- `"hash_finish"` +- `"hash_abort"` + +The transparent driver fully implements the declared entry points, and can use +any backend: internal or libtestdriver1. + +This familly is not part of the opaque driver as it doesn't use keys. #### Message authentication codes (MAC) -TODO +The following entry points are declared (transparent and opaque): +- `"mac_compute"` +- `"mac_sign_setup"` +- `"mac_verify_setup"` +- `"mac_update"` +- `"mac_sign_finish"` +- `"mac_verify_finish"` +- `"mac_abort"` + +The transparent driver fully implements the declared entry points, and can use +any backend: internal or libtestdriver1. + +The opaque driver only implements the instrumentation but not the actual +operations: entry points will always return `NOT_SUPPORTED`, unless another +status is forced. + +The following entry points are not implemented: +- `mac_verify`: this mostly makes sense for opaque drivers; the code will fall + back to using `"mac_compute"` if this is not implemented. So, perhaps +ideally we should test both with `"mac_verify"` implemented and with it not +implemented? Anyway, we have a test gap here. #### Unauthenticated ciphers -TODO +The following entry points are declared (transparent and opaque): +- `"cipher_encrypt"` +- `"cipher_decrypt"` +- `"cipher_encrypt_setup"` +- `"cipher_decrypt_setup"` +- `"cipher_set_iv"` +- `"cipher_update"` +- `"cipher_finish"` +- `"cipher_abort"` + +The transparent driver fully implements the declared entry points, and can use +any backend: internal or libtestdriver1. + +The opaque driver is not implemented at all, neither instumentation nor the +operation: entry points always return `NOT_SUPPORTED`. + +Note: the instrumentation also allows forcing a specific output and output +length. #### Authenticated encryption with associated data (AEAD) -TODO +The following entry points are declared (transparent only): +- `"aead_encrypt"` +- `"aead_decrypt"` +- `"aead_encrypt_setup"` +- `"aead_decrypt_setup"` +- `"aead_set_nonce"` +- `"aead_set_lengths"` +- `"aead_update_ad"` +- `"aead_update"` +- `"aead_finish"` +- `"aead_verify"` +- `"aead_abort"` + +The transparent driver fully implements the declared entry points, and can use +any backend: internal or libtestdriver1. + +The opaque driver does not implement or even declare entry points for this +family. + +Note: the instrumentation records the number of hits per entry point, not just +the total number of hits for this family. #### Key derivation -TODO +Not covered at all by the test drivers. + +That's a gap in our testing, as the driver interface does define a key +derivation family of entry points. This gap is probably related to the fact +that our internal code structure doesn't obey the guidelines and is not +aligned with the driver interface, see #5488 and related issues. #### Asymmetric signature -TODO +The following entry points are declared (transparent and opaque): + +- `"sign_message"` +- `"verify_message"` +- `"sign_hash"` +- `"verify_hash"` + +The transparent driver fully implements the declared entry points, and can use +any backend: internal or libtestdriver1. + +The opaque driver is not implemented at all, neither instumentation nor the +operation: entry points always return `NOT_SUPPORTED`. + +Note: the instrumentation also allows forcing a specific output and output +length, and has two instance of the hooks structure: one for sign, the other +for verify. + +Note: when a driver implements only the `"xxx_hash"` entry points, the core is +supposed to implement the `psa_xxx_message()` functions by computing the hash +itself before calling the `"xxx_hash"` entry point. Since the test driver does +implement the `"xxx_message"` entry point, it's not exercising that part of +the core's expected behaviour. #### Asymmetric encryption -TODO +The following entry points are declared (transparent and opaque): + +- `"asymmetric_encrypt"` +- `"asymmetric_decrypt"` + +The transparent driver fully implements the declared entry points, and can use +any backend: internal or libtestdriver1. + +The opaque driver is not implemented at all, neither instumentation nor the +operation: entry points always return `NOT_SUPPORTED`. + +Note: the instrumentation also allows forcing a specific output and output +length. #### Key agreement -TODO +The following entry points are declared (transparent and opaque): + +- `"key_agreement"` + +The transparent driver fully implements the declared entry points, and can use +any backend: internal or libtestdriver1. + +The opaque driver is not implemented at all, neither instumentation nor the +operation: entry points always return `NOT_SUPPORTED`. + +Note: the instrumentation also allows forcing a specific output and output +length. #### Other cryptographic services (Random number generation) -TODO +Not covered at all by the test drivers. + +The driver interface defines a `"get_entropy"` entry point, as well as a +"Random generation" family of entry points. None of those are currently +implemented in the library. Part of it will be planned for 4.0, see #8150. + +#### PAKE extension + +The following entry points are declared (transparent only): +- `"pake_setup"` +- `"pake_output"` +- `"pake_input"` +- `"pake_get_implicit_key"` +- `"pake_abort"` + +Note: the instrumentation records hits per entry point and allows forcing the +output and its length, as well as forcing the status of setup independently +from the others. + +The transparent driver fully implements the declared entry points, and can use +any backend: internal or libtestdriver1. + +The opaque driver does not implement or even declare entry points for this +family. From 733a67bb9a232674a44dbb8f016611e8921276b1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Wed, 15 Nov 2023 12:32:17 +0100 Subject: [PATCH 084/429] all.sh: group helper functions in sections MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Manuel Pégourié-Gonnard --- tests/scripts/all.sh | 62 +++++++++++++++++++++++--------------------- 1 file changed, 33 insertions(+), 29 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 3aabec41d4..698841b4b4 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -912,6 +912,39 @@ helper_libtestdriver1_adjust_config() { fi } +# Build the drivers library libtestdriver1.a (with ASan). +# +# Parameters: +# 1. a space-separated list of things to accelerate; +# 2. optional: a space-separate list of things to also support. +# Here "things" are PSA_WANT_ symbols but with PSA_WANT_ removed. +helper_libtestdriver1_make_drivers() { + loc_accel_flags=$( echo "$1 ${2-}" | sed 's/[^ ]* */-DLIBTESTDRIVER1_MBEDTLS_PSA_ACCEL_&/g' ) + make CC=$ASAN_CC -C tests libtestdriver1.a CFLAGS=" $ASAN_CFLAGS $loc_accel_flags" LDFLAGS="$ASAN_CFLAGS" +} + +# Build the main libraries, programs and tests, +# linking to the drivers library (with ASan). +# +# Parameters: +# 1. a space-separated list of things to accelerate; +# *. remaining arguments if any are passed directly to make +# (examples: lib, -C tests test_suite_xxx, etc.) +# Here "things" are PSA_WANT_ symbols but with PSA_WANT_ removed. +helper_libtestdriver1_make_main() { + loc_accel_list=$1 + shift + + # we need flags both with and without the LIBTESTDRIVER1_ prefix + loc_accel_flags=$( echo "$loc_accel_list" | sed 's/[^ ]* */-DLIBTESTDRIVER1_MBEDTLS_PSA_ACCEL_&/g' ) + loc_accel_flags="$loc_accel_flags $( echo "$loc_accel_list" | sed 's/[^ ]* */-DMBEDTLS_PSA_ACCEL_&/g' )" + make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -I../tests/include -I../tests -I../../tests -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_TEST_LIBTESTDRIVER1 $loc_accel_flags" LDFLAGS="-ltestdriver1 $ASAN_CFLAGS" "$@" +} + +################################################################ +#### Configuration helpers +################################################################ + # When called with no parameter this function disables all builtin curves. # The function optionally accepts 1 parameter: a space-separated list of the # curves that should be kept enabled. @@ -965,35 +998,6 @@ helper_get_psa_key_type_list() { echo "$loc_list" } -# Build the drivers library libtestdriver1.a (with ASan). -# -# Parameters: -# 1. a space-separated list of things to accelerate; -# 2. optional: a space-separate list of things to also support. -# Here "things" are PSA_WANT_ symbols but with PSA_WANT_ removed. -helper_libtestdriver1_make_drivers() { - loc_accel_flags=$( echo "$1 ${2-}" | sed 's/[^ ]* */-DLIBTESTDRIVER1_MBEDTLS_PSA_ACCEL_&/g' ) - make CC=$ASAN_CC -C tests libtestdriver1.a CFLAGS=" $ASAN_CFLAGS $loc_accel_flags" LDFLAGS="$ASAN_CFLAGS" -} - -# Build the main libraries, programs and tests, -# linking to the drivers library (with ASan). -# -# Parameters: -# 1. a space-separated list of things to accelerate; -# *. remaining arguments if any are passed directly to make -# (examples: lib, -C tests test_suite_xxx, etc.) -# Here "things" are PSA_WANT_ symbols but with PSA_WANT_ removed. -helper_libtestdriver1_make_main() { - loc_accel_list=$1 - shift - - # we need flags both with and without the LIBTESTDRIVER1_ prefix - loc_accel_flags=$( echo "$loc_accel_list" | sed 's/[^ ]* */-DLIBTESTDRIVER1_MBEDTLS_PSA_ACCEL_&/g' ) - loc_accel_flags="$loc_accel_flags $( echo "$loc_accel_list" | sed 's/[^ ]* */-DMBEDTLS_PSA_ACCEL_&/g' )" - make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -I../tests/include -I../tests -I../../tests -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_TEST_LIBTESTDRIVER1 $loc_accel_flags" LDFLAGS="-ltestdriver1 $ASAN_CFLAGS" "$@" -} - ################################################################ #### Basic checks ################################################################ From 3dbd236b133674c5ede52ad569b513dbbd4d12a4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Wed, 15 Nov 2023 12:32:49 +0100 Subject: [PATCH 085/429] Update user-config-for-tests MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Was missing several key types and algs. Also, list those that are not implemented, but comment them out, to make it clearer what's not implemented yet. Signed-off-by: Manuel Pégourié-Gonnard --- tests/configs/user-config-for-test.h | 56 ++++++++++++++++++++++++---- 1 file changed, 49 insertions(+), 7 deletions(-) diff --git a/tests/configs/user-config-for-test.h b/tests/configs/user-config-for-test.h index 639496be60..479a153067 100644 --- a/tests/configs/user-config-for-test.h +++ b/tests/configs/user-config-for-test.h @@ -37,24 +37,61 @@ #endif /* Use the accelerator driver for all cryptographic mechanisms for which - * the test driver implemented. */ + * the test driver is implemented. This is copied from psa/crypto_config.h + * with the parts not implmented by the test driver commented out. */ +#define MBEDTLS_PSA_ACCEL_KEY_TYPE_DERIVE +#define MBEDTLS_PSA_ACCEL_KEY_TYPE_PASSWORD +#define MBEDTLS_PSA_ACCEL_KEY_TYPE_PASSWORD_HASH +#define MBEDTLS_PSA_ACCEL_KEY_TYPE_HMAC #define MBEDTLS_PSA_ACCEL_KEY_TYPE_AES +#define MBEDTLS_PSA_ACCEL_KEY_TYPE_ARIA #define MBEDTLS_PSA_ACCEL_KEY_TYPE_CAMELLIA +#define MBEDTLS_PSA_ACCEL_KEY_TYPE_CHACHA20 +#define MBEDTLS_PSA_ACCEL_KEY_TYPE_DES #define MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY #define MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_BASIC #define MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_IMPORT #define MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_EXPORT #define MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_GENERATE -#define MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR +//#define MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_DERIVE +#define MBEDTLS_PSA_ACCEL_KEY_TYPE_DH_PUBLIC_KEY +#define MBEDTLS_PSA_ACCEL_KEY_TYPE_DH_KEY_PAIR_BASIC +#define MBEDTLS_PSA_ACCEL_KEY_TYPE_DH_KEY_PAIR_IMPORT +#define MBEDTLS_PSA_ACCEL_KEY_TYPE_DH_KEY_PAIR_EXPORT +#define MBEDTLS_PSA_ACCEL_KEY_TYPE_DH_KEY_PAIR_GENERATE +#define MBEDTLS_PSA_ACCEL_KEY_TYPE_RAW_DATA +#define MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR_BASIC +#define MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR_IMPORT +#define MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR_EXPORT +#define MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR_GENERATE +#define MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_PUBLIC_KEY + #define MBEDTLS_PSA_ACCEL_ALG_CBC_NO_PADDING #define MBEDTLS_PSA_ACCEL_ALG_CBC_PKCS7 -#define MBEDTLS_PSA_ACCEL_ALG_CTR +#define MBEDTLS_PSA_ACCEL_ALG_CCM +#define MBEDTLS_PSA_ACCEL_ALG_CCM_STAR_NO_TAG +#define MBEDTLS_PSA_ACCEL_ALG_CMAC #define MBEDTLS_PSA_ACCEL_ALG_CFB -#define MBEDTLS_PSA_ACCEL_ALG_ECDSA +#define MBEDTLS_PSA_ACCEL_ALG_CHACHA20_POLY1305 +#define MBEDTLS_PSA_ACCEL_ALG_CTR #define MBEDTLS_PSA_ACCEL_ALG_DETERMINISTIC_ECDSA +#define MBEDTLS_PSA_ACCEL_ALG_ECB_NO_PADDING +#define MBEDTLS_PSA_ACCEL_ALG_ECDH +#define MBEDTLS_PSA_ACCEL_ALG_FFDH +#define MBEDTLS_PSA_ACCEL_ALG_ECDSA +#define MBEDTLS_PSA_ACCEL_ALG_JPAKE +#define MBEDTLS_PSA_ACCEL_ALG_GCM +//#define MBEDTLS_PSA_ACCEL_ALG_HKDF +//#define MBEDTLS_PSA_ACCEL_ALG_HKDF_EXTRACT +//#define MBEDTLS_PSA_ACCEL_ALG_HKDF_EXPAND +#define MBEDTLS_PSA_ACCEL_ALG_HMAC #define MBEDTLS_PSA_ACCEL_ALG_MD5 #define MBEDTLS_PSA_ACCEL_ALG_OFB +//#define MBEDTLS_PSA_ACCEL_ALG_PBKDF2_HMAC +//#define MBEDTLS_PSA_ACCEL_ALG_PBKDF2_AES_CMAC_PRF_128 #define MBEDTLS_PSA_ACCEL_ALG_RIPEMD160 +#define MBEDTLS_PSA_ACCEL_ALG_RSA_OAEP +#define MBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_CRYPT #define MBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_SIGN #define MBEDTLS_PSA_ACCEL_ALG_RSA_PSS #define MBEDTLS_PSA_ACCEL_ALG_SHA_1 @@ -62,9 +99,14 @@ #define MBEDTLS_PSA_ACCEL_ALG_SHA_256 #define MBEDTLS_PSA_ACCEL_ALG_SHA_384 #define MBEDTLS_PSA_ACCEL_ALG_SHA_512 -#define MBEDTLS_PSA_ACCEL_ALG_XTS -#define MBEDTLS_PSA_ACCEL_ALG_CMAC -#define MBEDTLS_PSA_ACCEL_ALG_HMAC +#define MBEDTLS_PSA_ACCEL_ALG_SHA3_224 +#define MBEDTLS_PSA_ACCEL_ALG_SHA3_256 +#define MBEDTLS_PSA_ACCEL_ALG_SHA3_384 +#define MBEDTLS_PSA_ACCEL_ALG_SHA3_512 +#define MBEDTLS_PSA_ACCEL_ALG_STREAM_CIPHER +//#define MBEDTLS_PSA_ACCEL_ALG_TLS12_PRF +//#define MBEDTLS_PSA_ACCEL_ALG_TLS12_PSK_TO_MS +//#define MBEDTLS_PSA_ACCEL_ALG_TLS12_ECJPAKE_TO_PMS #endif /* PSA_CRYPTO_DRIVER_TEST_ALL */ From 6a96f42051861d60ce8639377ca35d1d5f9a644d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Thu, 16 Nov 2023 13:01:22 +0100 Subject: [PATCH 086/429] Document driver wrapper suite & tested configs MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The coverage data for the test drivers was generated using the following patch: diff --git a/scripts/lcov.sh b/scripts/lcov.sh index 9258ba788874..1ef071a65c06 100755 --- a/scripts/lcov.sh +++ b/scripts/lcov.sh @@ -63,8 +63,8 @@ if [ $# -gt 0 ] && [ "$1" = "--help" ]; then fi if in_mbedtls_build_dir; then - library_dir='library' - title='Mbed TLS' + library_dir='tests/src/drivers' + title='Mbed TLS test drivers' else library_dir='core' title='TF-PSA-Crypto' diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 734d8323ca73..f6b17ca5692b 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -4795,14 +4795,17 @@ component_test_psa_crypto_drivers () { msg "build: full + test drivers dispatching to builtins" scripts/config.py full scripts/config.py unset MBEDTLS_PSA_CRYPTO_CONFIG - loc_cflags="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST_ALL" + loc_cflags="--coverage -DPSA_CRYPTO_DRIVER_TEST_ALL" loc_cflags="${loc_cflags} '-DMBEDTLS_USER_CONFIG_FILE=\"../tests/configs/user-config-for-test.h\"'" - loc_cflags="${loc_cflags} -I../tests/include -O2" + loc_cflags="${loc_cflags} -I../tests/include -Og -g3" - make CC=gcc CFLAGS="${loc_cflags}" LDFLAGS="$ASAN_CFLAGS" + make CC=gcc CFLAGS="${loc_cflags}" LDFLAGS="--coverage" -C tests test_suite_psa_crypto_driver_wrappers msg "test: full + test drivers dispatching to builtins" - make test + (cd tests && ./test_suite_psa_crypto_driver_wrappers --verbose) + #make test + + scripts/lcov.sh } component_test_make_shared () { Signed-off-by: Manuel Pégourié-Gonnard --- .../testing/driver-interface-test-strategy.md | 149 ++++++++++++++++++ 1 file changed, 149 insertions(+) diff --git a/docs/architecture/testing/driver-interface-test-strategy.md b/docs/architecture/testing/driver-interface-test-strategy.md index 7c43a4feba..2551fd6735 100644 --- a/docs/architecture/testing/driver-interface-test-strategy.md +++ b/docs/architecture/testing/driver-interface-test-strategy.md @@ -412,3 +412,152 @@ any backend: internal or libtestdriver1. The opaque driver does not implement or even declare entry points for this family. + +### Driver wrapper test suite + +We have a test suite dedicated to driver dispatch, which takes advantage of the +instrumentation in the test drivers described in the previous section, in +order to check that drivers are called when they're supposed to, and that the +core behaves as expected when they return errors (in particular, that we fall +back to the built-in implementation when the driver returns `NOT_SUPPORTED). + +This is `test_suite_psa_crypto_driver_wrappers`, which is maintained manually +(that is, the test cases in the `.data` files are not auto-generated). The +entire test suite depends on the test drivers being enabled +(`PSA_CRYPTO_DRIVER_TEST`), which is not the case in the default or full +config. + +#### Configurations coverage + +The driver wrappers test suite has cases that expect both the driver and the +built-in to be present, and also cases that expect the driver to be present +but not the built-in. As such, it's impossible for a single configuration to +run all test cases, and we need at least two: driver+built-in, and +driver-only. + +- The driver+built-in case is covered by `test_psa_crypto_drivers` in `all.sh`. +This covers all areas (key types and algs) at once. +- The driver-only case is split into multiple `all.sh` components whose names + start with `test_psa_crypto_config_accel`; we have one or more component per +area, see below. + +Here's a summary of driver-only coverage, grouped by families of key types. + +Hash (key types: none) +- `test_psa_crypto_config_accel_hash`: all algs, default config, no parity + testing. +- `test_psa_crypto_config_accel_hash_use_psa`: all algs, full config, with + parity testing. + +HMAC (key type: HMAC) +- No driver-only testing here, see #8564. + +Cipher, AEAD and CMAC (key types: DES, AES, ARIA, CHACHA20, CAMELLIA): +- `test_psa_crypto_config_accel_cipher_aead`: all key types and algs, full + config with a few exclusions (PKCS5, PKCS12, NIST-KW), with parity testing. +- `test_psa_crypto_config_accel_cipher`: only DES (with all algs), full + config, no parity testing. +- `test_psa_crypto_config_accel_aead`: only AEAD algs (with all relevant key + types), full config, no parity testing. + +Key derivation (key types: `DERIVE`, `RAW_DATA`, `PASSWORD`, `PEPPER`, +`PASSWORD_HASH`): +- No testing as we don't have test driver support yet (see previous section). + +RSA (key types: `RSA_KEY_PAIR_xxx`, `RSA_PUBLIC_KEY`): +- `test_psa_crypto_config_accel_rsa_signature`: only signature algorithms, + default config, no parity testing. +- No testing of driver-only encryption yet, see #8553. + +DH (key types: `DH_KEY_PAIR_xxx`, `DH_PUBLIC_KEY`): +- `test_psa_crypto_config_accel_ffdh`: all key types and algs, full config, + with parity testing. +- `test_psa_crypto_config_accel_ecc_ffdh_no_bignum`: with also bignum removed. + +ECC (key types: `ECC_KEY_PAIR_xxx`, `ECC_PUBLIC_KEY`): +- Single algorithm accelerated (both key types, all curves): + - `test_psa_crypto_config_accel_ecdh`: default config, no parity testing. + - `test_psa_crypto_config_accel_ecdsa`: default config, no parity testing. + - `test_psa_crypto_config_accel_pake`: full config, no parity testing. +- All key types, algs and curves accelerated (full config with exceptions, + with parity testing): + - `test_psa_crypto_config_accel_ecc_ecp_light_only`: `ECP_C` mostly disabled + - `test_psa_crypto_config_accel_ecc_no_ecp_at_all`: `ECP_C` fully disabled + - `test_psa_crypto_config_accel_ecc_no_bignum`: `BIGNUM_C` disabled (DH disabled) + - `test_psa_crypto_config_accel_ecc_ffdh_no_bignum`: `BIGNUM_C` disabled (DH accelerated) +- Other - all algs accelerated but only some algs/curves (full config with + exceptions, no parity testing): + - `test_psa_crypto_config_accel_ecc_some_key_types` + - `test_psa_crypto_config_accel_ecc_non_weierstrass_curves` + - `test_psa_crypto_config_accel_ecc_weierstrass_curves` + +Note: `analyze_outcomes.py` provides a list of test cases that are not +executed in any configuration tested on the CI. Currently it flags some RSA +"fallback not available" tests, which is consistent with the fact that we're +missing testing driver-only RSA-encrypt testing. However, we're also missing +driver-only HMAC testing, but no test is flagged as never executed there; this +reveals we don't have "fallback not available" cases for MAC, see #8565. + +#### Test case coverage + +Since `test_suite_psa_crypto_driver_wrappers.data` is maintained manually, +we need to make sure it exercises all the cases that need to be tested. + +One way to evaluate this is to look at line coverage in test driver +implementaitons - this doesn't reveal all gaps, but it does reveal cases where +we thought about something when writing the test driver, but not when writing +test functions/data. + +Key management: +- `mbedtls_test_opaque_unwrap_key()` is never called. +- `mbedtls_test_transparent_generate_key()` is not tested with RSA keys. +- `mbedtls_test_transparent_import_key()` is not tested with DH keys. +- `mbedtls_test_opaque_import_key()` is not tested with unstructured keys nor + with RSA keys (nor DH keys since that's not implemented). +- `mbedtls_test_opaque_export_key()` is not tested with non-built-in keys. +- `mbedtls_test_transparent_export_public_key()` is not tested with RSA or DH keys. +- `mbedtls_test_opaque_export_public_key()` is not tested with non-built-in keys. +- `mbedtls_test_opaque_copy_key()` is not tested at all. + +Hash: +- `mbedtls_test_transparent_hash_finish()` is not tested with a forced status. + +MAC: +- The following are not tested with a forced status: + - `mbedtls_test_transparent_mac_sign_setup()` + - `mbedtls_test_transparent_mac_verify_setup()` + - `mbedtls_test_transparent_mac_update()` + - `mbedtls_test_transparent_mac_verify_finish()` + - `mbedtls_test_transparent_mac_abort()` +- No opaque entry point is tested (they're not implemented either). + +Cipher: +- The following are not tested with a forced status nor with a forced output: + - `mbedtls_test_transparent_cipher_encrypt()` + - `mbedtls_test_transparent_cipher_finish()` +- No opaque entry point is tested (they're not implemented either). + +AEAD: +- The following are not tested with a forced status: + - `mbedtls_test_transparent_aead_set_nonce()` + - `mbedtls_test_transparent_aead_set_lengths()` + - `mbedtls_test_transparent_aead_update_ad()` + - `mbedtls_test_transparent_aead_update()` + - `mbedtls_test_transparent_aead_finish()` + - `mbedtls_test_transparent_aead_verify()` +- `mbedtls_test_transparent_aead_verify()` is not tested with an invalid tag + (though it might be in another test suite). + +Signature: +- `sign_hash()` is not tested with RSA-PSS +- No opaque entry point is tested (they're not implemented either). + +Asymmetric encryption: +- No opaque entry point is tested (they're not implemented either). + +Key agreement: +- `mbedtls_test_transparent_key_agreement()` is not tested with FFDH. +- No opaque entry point is tested (they're not implemented either). + +PAKE: +- All lines are covered. From 1ad29c818be8ba78bfffee2ff32d2c602034e940 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Fri, 24 Nov 2023 11:30:28 +0100 Subject: [PATCH 087/429] Rm redundant driver+built-in all.sh component MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit As the comment says, this component's only goal was to make sure the legacy+driver test cases in test_suite_md.psa were executed. But actually these are already executed in component_test_psa_crypto_drivers which tests with everything having both a driver and the built-in, as can be seen in the outcomes file. Signed-off-by: Manuel Pégourié-Gonnard --- tests/scripts/all.sh | 20 -------------------- 1 file changed, 20 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 698841b4b4..104adb135b 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -3705,26 +3705,6 @@ component_test_psa_crypto_config_accel_hash () { make test } -component_test_psa_crypto_config_accel_hash_keep_builtins () { - msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated+builtin hash" - # This component ensures that all the test cases for - # md_psa_dynamic_dispatch with legacy+driver in test_suite_md are run. - - loc_accel_list="ALG_MD5 ALG_RIPEMD160 ALG_SHA_1 \ - ALG_SHA_224 ALG_SHA_256 ALG_SHA_384 ALG_SHA_512 \ - ALG_SHA3_224 ALG_SHA3_256 ALG_SHA3_384 ALG_SHA3_512" - - # Start from default config (no USE_PSA) - helper_libtestdriver1_adjust_config "default" - - helper_libtestdriver1_make_drivers "$loc_accel_list" - - helper_libtestdriver1_make_main "$loc_accel_list" - - msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated+builtin hash" - make test -} - # Auxiliary function to build config for hashes with and without drivers config_psa_crypto_hash_use_psa () { driver_only="$1" From 1f4c9051cd1726ae2cea20cacb1ddb8cbc3e7d55 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Fri, 24 Nov 2023 11:36:44 +0100 Subject: [PATCH 088/429] all.s: Rm redundant build-only accel components MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Most of them (2 exceptions, see below) are of the "driver + built-in" type, so they're all a subset of test_psa_crypto_driver which tests everything with driver + built-in at once. Furthermore, all those components were build-only, while test_psa_crypto_driver runs the test suites. Special cases: two of the components looked like they were trying to go for driver-only (ecdh disabling ECDH_C and hkdf disabling HKDF_C). For ECDH, built-in would actually be re-enabled because not enough was accelerated: you also need ECC key types and curves - see component_test_psa_crypto_config_accel_ecdh which does this correctly. For HKDF, we don't have test driver support for key derivation yet. I guess that shows how little testing value these build-only components really had. Signed-off-by: Manuel Pégourié-Gonnard --- tests/scripts/all.sh | 248 ------------------------------------------- 1 file changed, 248 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 104adb135b..a49d1c65fe 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -4158,254 +4158,6 @@ component_test_ccm_aes_sha256() { make test } -# This should be renamed to test and updated once the accelerator ECDH code is in place and ready to test. -component_build_psa_accel_alg_ecdh() { - msg "build: full - MBEDTLS_USE_PSA_CRYPTO + PSA_WANT_ALG_ECDH without MBEDTLS_ECDH_C" - scripts/config.py full - scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO - scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3 - scripts/config.py unset MBEDTLS_ECDH_C - scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED - scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED - scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED - scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED - scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED - # Need to define the correct symbol and include the test driver header path in order to build with the test driver - make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_ECDH -I../tests/include" LDFLAGS="$ASAN_CFLAGS" -} - -# This should be renamed to test and updated once the accelerator HMAC code is in place and ready to test. -component_build_psa_accel_alg_hmac() { - msg "build: full - MBEDTLS_USE_PSA_CRYPTO + PSA_WANT_ALG_HMAC" - scripts/config.py full - scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO - scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3 - # Need to define the correct symbol and include the test driver header path in order to build with the test driver - make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_HMAC -I../tests/include" LDFLAGS="$ASAN_CFLAGS" -} - -# This should be renamed to test and updated once the accelerator HKDF code is in place and ready to test. -component_build_psa_accel_alg_hkdf() { - msg "build: full - MBEDTLS_USE_PSA_CRYPTO + PSA_WANT_ALG_HKDF without MBEDTLS_HKDF_C" - scripts/config.py full - scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO - scripts/config.py unset MBEDTLS_HKDF_C - # Make sure to unset TLS1_3 since it requires HKDF_C and will not build properly without it. - scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3 - # Need to define the correct symbol and include the test driver header path in order to build with the test driver - make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_HKDF -I../tests/include" LDFLAGS="$ASAN_CFLAGS" -} - -# This should be renamed to test and updated once the accelerator MD5 code is in place and ready to test. -component_build_psa_accel_alg_md5() { - msg "build: full - MBEDTLS_USE_PSA_CRYPTO + PSA_WANT_ALG_MD5 - other hashes" - scripts/config.py full - scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO - scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3 - scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_RIPEMD160 - scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_SHA_1 - scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_SHA_224 - scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_SHA_256 - scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_SHA_384 - scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_SHA_512 - scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_TLS12_ECJPAKE_TO_PMS - scripts/config.py unset MBEDTLS_LMS_C - scripts/config.py unset MBEDTLS_LMS_PRIVATE - # Need to define the correct symbol and include the test driver header path in order to build with the test driver - make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_MD5 -I../tests/include" LDFLAGS="$ASAN_CFLAGS" -} - -# This should be renamed to test and updated once the accelerator RIPEMD160 code is in place and ready to test. -component_build_psa_accel_alg_ripemd160() { - msg "build: full - MBEDTLS_USE_PSA_CRYPTO + PSA_WANT_ALG_RIPEMD160 - other hashes" - scripts/config.py full - scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO - scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3 - scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_MD5 - scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_SHA_1 - scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_SHA_224 - scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_SHA_256 - scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_SHA_384 - scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_SHA_512 - scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_TLS12_ECJPAKE_TO_PMS - scripts/config.py unset MBEDTLS_LMS_C - scripts/config.py unset MBEDTLS_LMS_PRIVATE - # Need to define the correct symbol and include the test driver header path in order to build with the test driver - make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_RIPEMD160 -I../tests/include" LDFLAGS="$ASAN_CFLAGS" -} - -# This should be renamed to test and updated once the accelerator SHA1 code is in place and ready to test. -component_build_psa_accel_alg_sha1() { - msg "build: full - MBEDTLS_USE_PSA_CRYPTO + PSA_WANT_ALG_SHA_1 - other hashes" - scripts/config.py full - scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO - scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3 - scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_MD5 - scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_RIPEMD160 - scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_SHA_224 - scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_SHA_256 - scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_SHA_384 - scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_SHA_512 - scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_TLS12_ECJPAKE_TO_PMS - scripts/config.py unset MBEDTLS_LMS_C - scripts/config.py unset MBEDTLS_LMS_PRIVATE - # Need to define the correct symbol and include the test driver header path in order to build with the test driver - make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_SHA_1 -I../tests/include" LDFLAGS="$ASAN_CFLAGS" -} - -# This should be renamed to test and updated once the accelerator SHA224 code is in place and ready to test. -component_build_psa_accel_alg_sha224() { - msg "build: full - MBEDTLS_USE_PSA_CRYPTO + PSA_WANT_ALG_SHA_224 - other hashes" - scripts/config.py full - scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO - scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3 - scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_MD5 - scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_RIPEMD160 - scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_SHA_1 - scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_SHA_384 - scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_SHA_512 - scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_TLS12_ECJPAKE_TO_PMS - # Need to define the correct symbol and include the test driver header path in order to build with the test driver - make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_SHA_224 -I../tests/include" LDFLAGS="$ASAN_CFLAGS" -} - -# This should be renamed to test and updated once the accelerator SHA256 code is in place and ready to test. -component_build_psa_accel_alg_sha256() { - msg "build: full - MBEDTLS_USE_PSA_CRYPTO + PSA_WANT_ALG_SHA_256 - other hashes" - scripts/config.py full - scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO - scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3 - scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_MD5 - scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_RIPEMD160 - scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_SHA_1 - scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_SHA_224 - scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_SHA_384 - scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_SHA_512 - # Need to define the correct symbol and include the test driver header path in order to build with the test driver - make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_SHA_256 -I../tests/include" LDFLAGS="$ASAN_CFLAGS" -} - -# This should be renamed to test and updated once the accelerator SHA384 code is in place and ready to test. -component_build_psa_accel_alg_sha384() { - msg "build: full - MBEDTLS_USE_PSA_CRYPTO + PSA_WANT_ALG_SHA_384 - other hashes" - scripts/config.py full - scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO - scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3 - scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_MD5 - scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_RIPEMD160 - scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_SHA_1 - scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_SHA_224 - scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_SHA_256 - scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_TLS12_ECJPAKE_TO_PMS - scripts/config.py unset MBEDTLS_LMS_C - scripts/config.py unset MBEDTLS_LMS_PRIVATE - # Need to define the correct symbol and include the test driver header path in order to build with the test driver - make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_SHA_384 -I../tests/include" LDFLAGS="$ASAN_CFLAGS" -} - -# This should be renamed to test and updated once the accelerator SHA512 code is in place and ready to test. -component_build_psa_accel_alg_sha512() { - msg "build: full - MBEDTLS_USE_PSA_CRYPTO + PSA_WANT_ALG_SHA_512 - other hashes" - scripts/config.py full - scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO - scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3 - scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_MD5 - scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_RIPEMD160 - scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_SHA_1 - scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_SHA_224 - scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_SHA_256 - scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_SHA_384 - scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_TLS12_ECJPAKE_TO_PMS - scripts/config.py unset MBEDTLS_LMS_C - scripts/config.py unset MBEDTLS_LMS_PRIVATE - # Need to define the correct symbol and include the test driver header path in order to build with the test driver - make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_SHA_512 -I../tests/include" LDFLAGS="$ASAN_CFLAGS" -} - -# This should be renamed to test and updated once the accelerator RSA code is in place and ready to test. -component_build_psa_accel_alg_rsa_pkcs1v15_crypt() { - msg "build: full - MBEDTLS_USE_PSA_CRYPTO + PSA_WANT_ALG_RSA_PKCS1V15_CRYPT + PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY" - scripts/config.py full - scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO - scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3 - scripts/config.py -f "$CRYPTO_CONFIG_H" set PSA_WANT_ALG_RSA_PKCS1V15_CRYPT 1 - scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_RSA_PKCS1V15_SIGN - scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_RSA_OAEP - scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_RSA_PSS - # Need to define the correct symbol and include the test driver header path in order to build with the test driver - make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_CRYPT -I../tests/include" LDFLAGS="$ASAN_CFLAGS" -} - -# This should be renamed to test and updated once the accelerator RSA code is in place and ready to test. -component_build_psa_accel_alg_rsa_pkcs1v15_sign() { - msg "build: full - MBEDTLS_USE_PSA_CRYPTO + PSA_WANT_ALG_RSA_PKCS1V15_SIGN + PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY" - scripts/config.py full - scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO - scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3 - scripts/config.py -f "$CRYPTO_CONFIG_H" set PSA_WANT_ALG_RSA_PKCS1V15_SIGN 1 - scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_RSA_PKCS1V15_CRYPT - scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_RSA_OAEP - scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_RSA_PSS - # Need to define the correct symbol and include the test driver header path in order to build with the test driver - make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_SIGN -I../tests/include" LDFLAGS="$ASAN_CFLAGS" -} - -# This should be renamed to test and updated once the accelerator RSA code is in place and ready to test. -component_build_psa_accel_alg_rsa_oaep() { - msg "build: full - MBEDTLS_USE_PSA_CRYPTO + PSA_WANT_ALG_RSA_OAEP + PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY" - scripts/config.py full - scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO - scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3 - scripts/config.py -f "$CRYPTO_CONFIG_H" set PSA_WANT_ALG_RSA_OAEP 1 - scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_RSA_PKCS1V15_CRYPT - scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_RSA_PKCS1V15_SIGN - scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_RSA_PSS - # Need to define the correct symbol and include the test driver header path in order to build with the test driver - make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_RSA_OAEP -I../tests/include" LDFLAGS="$ASAN_CFLAGS" -} - -# This should be renamed to test and updated once the accelerator RSA code is in place and ready to test. -component_build_psa_accel_alg_rsa_pss() { - msg "build: full - MBEDTLS_USE_PSA_CRYPTO + PSA_WANT_ALG_RSA_PSS + PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY" - scripts/config.py full - scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO - scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3 - scripts/config.py -f "$CRYPTO_CONFIG_H" set PSA_WANT_ALG_RSA_PSS 1 - scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_RSA_PKCS1V15_CRYPT - scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_RSA_PKCS1V15_SIGN - scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_RSA_OAEP - # Need to define the correct symbol and include the test driver header path in order to build with the test driver - make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_RSA_PSS -I../tests/include" LDFLAGS="$ASAN_CFLAGS" -} - -# This should be renamed to test and updated once the accelerator RSA code is in place and ready to test. -component_build_psa_accel_key_type_rsa_key_pair() { - msg "build: full - MBEDTLS_USE_PSA_CRYPTO + PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_xxx + PSA_WANT_ALG_RSA_PSS" - scripts/config.py full - scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO - scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3 - scripts/config.py -f "$CRYPTO_CONFIG_H" set PSA_WANT_ALG_RSA_PSS 1 - scripts/config.py -f "$CRYPTO_CONFIG_H" set PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC 1 - scripts/config.py -f "$CRYPTO_CONFIG_H" set PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT 1 - scripts/config.py -f "$CRYPTO_CONFIG_H" set PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_EXPORT 1 - scripts/config.py -f "$CRYPTO_CONFIG_H" set PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE 1 - # Need to define the correct symbol and include the test driver header path in order to build with the test driver - make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR -I../tests/include" LDFLAGS="$ASAN_CFLAGS" -} - -# This should be renamed to test and updated once the accelerator RSA code is in place and ready to test. -component_build_psa_accel_key_type_rsa_public_key() { - msg "build: full - MBEDTLS_USE_PSA_CRYPTO + PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY + PSA_WANT_ALG_RSA_PSS" - scripts/config.py full - scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO - scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3 - scripts/config.py -f "$CRYPTO_CONFIG_H" set PSA_WANT_ALG_RSA_PSS 1 - scripts/config.py -f "$CRYPTO_CONFIG_H" set PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY 1 - # Need to define the correct symbol and include the test driver header path in order to build with the test driver - make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_PUBLIC_KEY -I../tests/include" LDFLAGS="$ASAN_CFLAGS" -} - - support_build_tfm_armcc () { support_build_armcc } From b18bc8013324aa3c1684518361d0edff1e6f626c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Fri, 24 Nov 2023 11:59:25 +0100 Subject: [PATCH 089/429] Add note about fallback to other entry points MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Manuel Pégourié-Gonnard --- .../testing/driver-interface-test-strategy.md | 21 ++++++++++++++++++- 1 file changed, 20 insertions(+), 1 deletion(-) diff --git a/docs/architecture/testing/driver-interface-test-strategy.md b/docs/architecture/testing/driver-interface-test-strategy.md index 2551fd6735..d9a92d1ff7 100644 --- a/docs/architecture/testing/driver-interface-test-strategy.md +++ b/docs/architecture/testing/driver-interface-test-strategy.md @@ -165,6 +165,25 @@ libtestdriver1 too. - Performance might be better with internal though? - The instrumentation works the same with both back-ends. +Note: our test drivers tend to provide all possible entry points (with a few +exceptions that may not be intentional, see the next sections). However, in +some cases, when an entry point is not available, the core is supposed to +implement it using other entry points, for example: +- `mac_verify` may use `mac_compute` if the driver does no provide verify; +- for things that have both one-shot and multi-part API, the driver can + provide only the multi-part entry points, and the core is supposed to +implement one-shot on top of it (but still call the one-shot entry points when +they're available); +- `sign/verify_message` can be implemented on top of `sign/verify_hash` for + some algorithms; +- (not sure if the list is exhaustive). + +Ideally, we'd want build options for the test drivers so that we can test with +different combinations of entry points present, and make sure the core behaves +appropriately when some entry points are absent but other entry points allow +implementing the operation. This is currently not supported by our test +drivers. + Our implementation of PSA Crypto is structured in a way that the built-in implementation of each operation follows the driver API, see [`../architecture/psa-crypto-implementation-structure.md`](../architecture/psa-crypto-implementation-structure.html). @@ -271,7 +290,7 @@ operations: entry points will always return `NOT_SUPPORTED`, unless another status is forced. The following entry points are not implemented: -- `mac_verify`: this mostly makes sense for opaque drivers; the code will fall +- `mac_verify`: this mostly makes sense for opaque drivers; the core will fall back to using `"mac_compute"` if this is not implemented. So, perhaps ideally we should test both with `"mac_verify"` implemented and with it not implemented? Anyway, we have a test gap here. From 4c81c343acc6214b995281f348f5737ae28eb3e7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Fri, 24 Nov 2023 12:00:15 +0100 Subject: [PATCH 090/429] Fix copy-pasta in top-of-file comment MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Manuel Pégourié-Gonnard --- tests/src/drivers/test_driver_pake.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/src/drivers/test_driver_pake.c b/tests/src/drivers/test_driver_pake.c index a0b6c1cb0c..52395e4d0e 100644 --- a/tests/src/drivers/test_driver_pake.c +++ b/tests/src/drivers/test_driver_pake.c @@ -1,5 +1,5 @@ /* - * Test driver for MAC entry points. + * Test driver for PAKE entry points. */ /* Copyright The Mbed TLS Contributors * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later From 70cd911405d576456004aae89950033a703c9c6b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Fri, 24 Nov 2023 12:06:48 +0100 Subject: [PATCH 091/429] Improve comment in a header file MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Manuel Pégourié-Gonnard --- .../crypto_config_test_driver_extension.h | 25 +++++++++++++++---- 1 file changed, 20 insertions(+), 5 deletions(-) diff --git a/tests/include/test/drivers/crypto_config_test_driver_extension.h b/tests/include/test/drivers/crypto_config_test_driver_extension.h index dac07acd33..66378e7def 100644 --- a/tests/include/test/drivers/crypto_config_test_driver_extension.h +++ b/tests/include/test/drivers/crypto_config_test_driver_extension.h @@ -1,9 +1,24 @@ /** - * This file is intended to be used to build PSA test driver libraries. It is - * intended to be appended by the test build system to the crypto_config.h file - * of the Mbed TLS library the test library will be linked to. It mirrors the - * PSA_ACCEL_* macros defining the cryptographic operations the test library - * supports. + * This file is intended to be used to build PSA external test driver + * libraries (libtestdriver1). + * + * It is intended to be appended by the test build system to the + * crypto_config.h file of the Mbed TLS library the test library will be + * linked to (see `tests/Makefile` libtestdriver1 target). This is done in + * order to insert it at the right time: after the main configuration + * (PSA_WANT) but before the logic that determines what built-ins to enable + * based on PSA_WANT and MBEDTLS_PSA_ACCEL macros. + * + * It reverses the PSA_ACCEL_* macros defining the cryptographic operations + * that will be accelerated in the main library: + * - When something is accelerated in the main library, we need it supported + * in libtestdriver1, so we disable the accel macro in order to the built-in + * to be enabled. + * - When something is NOT accelerated in the main library, we don't need it + * in libtestdriver1, so we enable its accel macro in order to the built-in + * to be disabled, to keep libtestdriver1 minimal. (We can't adjust the + * PSA_WANT macros as they need to be the same between libtestdriver1 and + * the main library, since they determine the ABI between the two.) */ #include "psa/crypto_legacy.h" From f2089dab5ed8d742d9115aa4d9cb696ce4c00044 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Mon, 18 Dec 2023 11:36:26 +0100 Subject: [PATCH 092/429] Update status of RSA testing MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Improved by https://github.com/Mbed-TLS/mbedtls/pull/8616/ - closing 8553. Signed-off-by: Manuel Pégourié-Gonnard --- .../testing/driver-interface-test-strategy.md | 14 ++++++-------- 1 file changed, 6 insertions(+), 8 deletions(-) diff --git a/docs/architecture/testing/driver-interface-test-strategy.md b/docs/architecture/testing/driver-interface-test-strategy.md index d9a92d1ff7..73200aee9d 100644 --- a/docs/architecture/testing/driver-interface-test-strategy.md +++ b/docs/architecture/testing/driver-interface-test-strategy.md @@ -484,9 +484,9 @@ Key derivation (key types: `DERIVE`, `RAW_DATA`, `PASSWORD`, `PEPPER`, - No testing as we don't have test driver support yet (see previous section). RSA (key types: `RSA_KEY_PAIR_xxx`, `RSA_PUBLIC_KEY`): -- `test_psa_crypto_config_accel_rsa_signature`: only signature algorithms, - default config, no parity testing. -- No testing of driver-only encryption yet, see #8553. +- `test_psa_crypto_config_accel_rsa_crypto`: all 4 algs (encryption & + signature, v1.5 & v2.1), config `crypto_full`, with parity testing excluding +PK. DH (key types: `DH_KEY_PAIR_xxx`, `DH_PUBLIC_KEY`): - `test_psa_crypto_config_accel_ffdh`: all key types and algs, full config, @@ -511,11 +511,9 @@ ECC (key types: `ECC_KEY_PAIR_xxx`, `ECC_PUBLIC_KEY`): - `test_psa_crypto_config_accel_ecc_weierstrass_curves` Note: `analyze_outcomes.py` provides a list of test cases that are not -executed in any configuration tested on the CI. Currently it flags some RSA -"fallback not available" tests, which is consistent with the fact that we're -missing testing driver-only RSA-encrypt testing. However, we're also missing -driver-only HMAC testing, but no test is flagged as never executed there; this -reveals we don't have "fallback not available" cases for MAC, see #8565. +executed in any configuration tested on the CI. We're missing driver-only HMAC +testing, but no test is flagged as never executed there; this reveals we don't +have "fallback not available" cases for MAC, see #8565. #### Test case coverage From 45fe86db99fc9d453059981df32a1c94aed1bcc5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Wed, 20 Dec 2023 12:43:13 +0100 Subject: [PATCH 093/429] Fix a typo in a comment MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Manuel Pégourié-Gonnard --- tests/configs/user-config-for-test.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/configs/user-config-for-test.h b/tests/configs/user-config-for-test.h index 479a153067..f40f83895f 100644 --- a/tests/configs/user-config-for-test.h +++ b/tests/configs/user-config-for-test.h @@ -38,7 +38,7 @@ /* Use the accelerator driver for all cryptographic mechanisms for which * the test driver is implemented. This is copied from psa/crypto_config.h - * with the parts not implmented by the test driver commented out. */ + * with the parts not implemented by the test driver commented out. */ #define MBEDTLS_PSA_ACCEL_KEY_TYPE_DERIVE #define MBEDTLS_PSA_ACCEL_KEY_TYPE_PASSWORD #define MBEDTLS_PSA_ACCEL_KEY_TYPE_PASSWORD_HASH From 98f8da1b1ad1b3a4291634a60be5f3ddfc8d3609 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Wed, 10 Jan 2024 12:53:58 +0100 Subject: [PATCH 094/429] Update names of components renamed in the meantime MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Manuel Pégourié-Gonnard --- docs/architecture/testing/driver-interface-test-strategy.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/docs/architecture/testing/driver-interface-test-strategy.md b/docs/architecture/testing/driver-interface-test-strategy.md index 73200aee9d..5bf1375f32 100644 --- a/docs/architecture/testing/driver-interface-test-strategy.md +++ b/docs/architecture/testing/driver-interface-test-strategy.md @@ -472,9 +472,9 @@ HMAC (key type: HMAC) - No driver-only testing here, see #8564. Cipher, AEAD and CMAC (key types: DES, AES, ARIA, CHACHA20, CAMELLIA): -- `test_psa_crypto_config_accel_cipher_aead`: all key types and algs, full - config with a few exclusions (PKCS5, PKCS12, NIST-KW), with parity testing. -- `test_psa_crypto_config_accel_cipher`: only DES (with all algs), full +- `test_psa_crypto_config_accel_cipher_aead_cmac`: all key types and algs, full + config with a few exclusions (NIST-KW), with parity testing. +- `test_psa_crypto_config_accel_des`: only DES (with all algs), full config, no parity testing. - `test_psa_crypto_config_accel_aead`: only AEAD algs (with all relevant key types), full config, no parity testing. From 6c45361a9c8f927b25e2448bbb5e66ee85b6d9e0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Mon, 18 Mar 2024 10:12:49 +0100 Subject: [PATCH 095/429] Update for HMAC testing MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Been merged in the meantime. Signed-off-by: Manuel Pégourié-Gonnard --- docs/architecture/testing/driver-interface-test-strategy.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/docs/architecture/testing/driver-interface-test-strategy.md b/docs/architecture/testing/driver-interface-test-strategy.md index 5bf1375f32..f4f224b85e 100644 --- a/docs/architecture/testing/driver-interface-test-strategy.md +++ b/docs/architecture/testing/driver-interface-test-strategy.md @@ -469,7 +469,9 @@ Hash (key types: none) parity testing. HMAC (key type: HMAC) -- No driver-only testing here, see #8564. +- `test_psa_crypto_config_accel_hmac`: all algs, full config except a few + exclusions (PKCS5, PKCS7, HMAC-DRBG, legacy HKDF, deterministic ECDSA), with +parity testing. Cipher, AEAD and CMAC (key types: DES, AES, ARIA, CHACHA20, CAMELLIA): - `test_psa_crypto_config_accel_cipher_aead_cmac`: all key types and algs, full From dde1abd5724edd5ef5bd915a3d191b69a3ab25ba Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 9 Apr 2024 12:12:48 +0200 Subject: [PATCH 096/429] Update of opaque asymmetric encrypt/decrypt MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit https://github.com/Mbed-TLS/mbedtls/pull/8700 merged in the meantime. Signed-off-by: Manuel Pégourié-Gonnard --- .../testing/driver-interface-test-strategy.md | 10 ++++------ 1 file changed, 4 insertions(+), 6 deletions(-) diff --git a/docs/architecture/testing/driver-interface-test-strategy.md b/docs/architecture/testing/driver-interface-test-strategy.md index f4f224b85e..dfec4b3781 100644 --- a/docs/architecture/testing/driver-interface-test-strategy.md +++ b/docs/architecture/testing/driver-interface-test-strategy.md @@ -384,8 +384,10 @@ The following entry points are declared (transparent and opaque): The transparent driver fully implements the declared entry points, and can use any backend: internal or libtestdriver1. -The opaque driver is not implemented at all, neither instumentation nor the -operation: entry points always return `NOT_SUPPORTED`. +The opaque driver implements the declared entry points, and can use any +backend: internal or libtestdriver1. However it does not implement the +instrumentation (hits, forced output/status), as this [was not an immediate +priority](https://github.com/Mbed-TLS/mbedtls/pull/8700#issuecomment-1892466159). Note: the instrumentation also allows forcing a specific output and output length. @@ -528,7 +530,6 @@ we thought about something when writing the test driver, but not when writing test functions/data. Key management: -- `mbedtls_test_opaque_unwrap_key()` is never called. - `mbedtls_test_transparent_generate_key()` is not tested with RSA keys. - `mbedtls_test_transparent_import_key()` is not tested with DH keys. - `mbedtls_test_opaque_import_key()` is not tested with unstructured keys nor @@ -571,9 +572,6 @@ Signature: - `sign_hash()` is not tested with RSA-PSS - No opaque entry point is tested (they're not implemented either). -Asymmetric encryption: -- No opaque entry point is tested (they're not implemented either). - Key agreement: - `mbedtls_test_transparent_key_agreement()` is not tested with FFDH. - No opaque entry point is tested (they're not implemented either). From 0ca2fd0e2b18ae353e996ce48bb367d45c27eee0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Fri, 12 Apr 2024 10:14:17 +0200 Subject: [PATCH 097/429] Update libtestdriver1 vs internal MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Manuel Pégourié-Gonnard --- .../testing/driver-interface-test-strategy.md | 14 +++++--------- 1 file changed, 5 insertions(+), 9 deletions(-) diff --git a/docs/architecture/testing/driver-interface-test-strategy.md b/docs/architecture/testing/driver-interface-test-strategy.md index dfec4b3781..89f3c9b843 100644 --- a/docs/architecture/testing/driver-interface-test-strategy.md +++ b/docs/architecture/testing/driver-interface-test-strategy.md @@ -155,15 +155,11 @@ The drivers can use one of two back-ends: the build. Historical note: internal was initially the only back-end; then support for -libtestdriver1 was added gradually. - -Question: if/when we have complete libtestdriver1 support, do we still need -internal? Thoughts: -- It's useful to have builds with both a driver and the built-in, in -order to test fallback to built-in, but this could be achieved with -libtestdriver1 too. - - Performance might be better with internal though? -- The instrumentation works the same with both back-ends. +libtestdriver1 was added gradually. Support for libtestdriver1 is now complete +(see following sub-sections), so we could remove internal now. Note it's +useful to have builds with both a driver and the built-in, in order to test +fallback to built-in, which is currently done only with internal, but this can +be achieved with libtestdriver1 just as well. Note: our test drivers tend to provide all possible entry points (with a few exceptions that may not be intentional, see the next sections). However, in From ae22f04769b754904a0b6fc188a54319381b702b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Fri, 12 Apr 2024 10:18:27 +0200 Subject: [PATCH 098/429] Refine paragraphs about incomplete entry points MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Manuel Pégourié-Gonnard --- docs/architecture/testing/driver-interface-test-strategy.md | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/docs/architecture/testing/driver-interface-test-strategy.md b/docs/architecture/testing/driver-interface-test-strategy.md index 89f3c9b843..ecd13a5dc3 100644 --- a/docs/architecture/testing/driver-interface-test-strategy.md +++ b/docs/architecture/testing/driver-interface-test-strategy.md @@ -177,8 +177,10 @@ they're available); Ideally, we'd want build options for the test drivers so that we can test with different combinations of entry points present, and make sure the core behaves appropriately when some entry points are absent but other entry points allow -implementing the operation. This is currently not supported by our test -drivers. +implementing the operation. This will remain hard to test until we have proper +support for JSON-defined drivers with auto-generation of dispatch code. +(The `MBEDTLS_PSA_ACCEL_xxx` macros we currently use are not expressive enough +to specify which entry points are support for a given mechanism.) Our implementation of PSA Crypto is structured in a way that the built-in implementation of each operation follows the driver API, see From a47a3c4e13cab525cf075a5c83229460273ddc31 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Fri, 12 Apr 2024 10:21:42 +0200 Subject: [PATCH 099/429] Rephrase description of the KDF situation MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Manuel Pégourié-Gonnard --- .../testing/driver-interface-test-strategy.md | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/docs/architecture/testing/driver-interface-test-strategy.md b/docs/architecture/testing/driver-interface-test-strategy.md index ecd13a5dc3..3c0e068fdd 100644 --- a/docs/architecture/testing/driver-interface-test-strategy.md +++ b/docs/architecture/testing/driver-interface-test-strategy.md @@ -342,10 +342,9 @@ the total number of hits for this family. Not covered at all by the test drivers. -That's a gap in our testing, as the driver interface does define a key -derivation family of entry points. This gap is probably related to the fact -that our internal code structure doesn't obey the guidelines and is not -aligned with the driver interface, see #5488 and related issues. +That's a test gap which reflects a feature gap: the driver interface does +define a key derivation family of entry points, but we don't currently +implement that part of the driver interface, see #5488 and related issues. #### Asymmetric signature @@ -483,7 +482,7 @@ Cipher, AEAD and CMAC (key types: DES, AES, ARIA, CHACHA20, CAMELLIA): Key derivation (key types: `DERIVE`, `RAW_DATA`, `PASSWORD`, `PEPPER`, `PASSWORD_HASH`): -- No testing as we don't have test driver support yet (see previous section). +- No testing as we don't have driver support yet (see previous section). RSA (key types: `RSA_KEY_PAIR_xxx`, `RSA_PUBLIC_KEY`): - `test_psa_crypto_config_accel_rsa_crypto`: all 4 algs (encryption & From 432e3b41989c8b934a34bd209e2c67ed7baaf774 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Fri, 12 Apr 2024 10:25:25 +0200 Subject: [PATCH 100/429] Misc fixes & improvements to driver testing doc MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Manuel Pégourié-Gonnard --- .../testing/driver-interface-test-strategy.md | 24 +++++++++++++------ 1 file changed, 17 insertions(+), 7 deletions(-) diff --git a/docs/architecture/testing/driver-interface-test-strategy.md b/docs/architecture/testing/driver-interface-test-strategy.md index 3c0e068fdd..e9ac02e1e9 100644 --- a/docs/architecture/testing/driver-interface-test-strategy.md +++ b/docs/architecture/testing/driver-interface-test-strategy.md @@ -194,7 +194,10 @@ A nice consequence of that strategy is that when an entry point has test-driver support, most of the time, it automatically works for all algorithms and key types supported by the library. (The exception being when the driver needs to call a different function for different key types, as is -the case with some asymmetric key management operations.) +the case with some asymmetric key management operations.) (Note: it's still +useful to test drivers in configurations with partial algorithm support, and +that can still be done by configuring libtestdriver1 and the main library as +desired.) The renaming process for `libtestdriver1` is implemented as a few Perl regexes applied to a copy of the library code, see the `libtestdriver1.a` target in @@ -437,7 +440,7 @@ We have a test suite dedicated to driver dispatch, which takes advantage of the instrumentation in the test drivers described in the previous section, in order to check that drivers are called when they're supposed to, and that the core behaves as expected when they return errors (in particular, that we fall -back to the built-in implementation when the driver returns `NOT_SUPPORTED). +back to the built-in implementation when the driver returns `NOT_SUPPORTED`). This is `test_suite_psa_crypto_driver_wrappers`, which is maintained manually (that is, the test cases in the `.data` files are not auto-generated). The @@ -445,6 +448,12 @@ entire test suite depends on the test drivers being enabled (`PSA_CRYPTO_DRIVER_TEST`), which is not the case in the default or full config. +The test suite is focused on driver usage (mostly by checking the expected +number of hits) but also does some validation of the results: for +deterministic algorithms, known-answers tests are used, and for the rest, some +consistency checks are done (more or less detailled depending on the algorithm +and build configuration). + #### Configurations coverage The driver wrappers test suite has cases that expect both the driver and the @@ -519,12 +528,13 @@ have "fallback not available" cases for MAC, see #8565. #### Test case coverage Since `test_suite_psa_crypto_driver_wrappers.data` is maintained manually, -we need to make sure it exercises all the cases that need to be tested. +we need to make sure it exercises all the cases that need to be tested. In the +future, this file should be generated in order to ensure exhaustiveness. -One way to evaluate this is to look at line coverage in test driver -implementaitons - this doesn't reveal all gaps, but it does reveal cases where -we thought about something when writing the test driver, but not when writing -test functions/data. +In the meantime, one way to observe (lack of) completeness is to look at line +coverage in test driver implementaitons - this doesn't reveal all gaps, but it +does reveal cases where we thought about something when writing the test +driver, but not when writing test functions/data. Key management: - `mbedtls_test_transparent_generate_key()` is not tested with RSA keys. From 4575d230bf76928d955827b93b3608f4ef9a70b7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Mon, 15 Apr 2024 10:54:49 +0200 Subject: [PATCH 101/429] Add a note on hits usefulness MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit And fix a typo while at it. Signed-off-by: Manuel Pégourié-Gonnard --- .../testing/driver-interface-test-strategy.md | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/docs/architecture/testing/driver-interface-test-strategy.md b/docs/architecture/testing/driver-interface-test-strategy.md index e9ac02e1e9..5fc5e18e6d 100644 --- a/docs/architecture/testing/driver-interface-test-strategy.md +++ b/docs/architecture/testing/driver-interface-test-strategy.md @@ -147,7 +147,8 @@ Each entry point is instrumented to record the number of hits for each part of the driver (same division as the files) and the status of the last call. It is also possible to force the next call to return a specified status, and sometimes more things can be forced: see the various -`mbedtls_test_driver_XXX_hooks_t` structures declared by each driver. +`mbedtls_test_driver_XXX_hooks_t` structures declared by each driver (and +subsections below). The drivers can use one of two back-ends: - internal: this requires the built-in implementation to be present. @@ -161,6 +162,15 @@ useful to have builds with both a driver and the built-in, in order to test fallback to built-in, which is currently done only with internal, but this can be achieved with libtestdriver1 just as well. +Note on instrumentation: originally, when only the internal backend was +available, hits were how we knew that the driver was called, as opposed to +directly calling the built-in code. With libtestdriver1, we can check that by +ensuring that the built-in code is not present, so if the operation gives the +correct result, only a driver call can have calculated that result. So, +nowadays there is low value in checking the hit count. There is still some +value for hit counts, e.g. checking that we don't call a multipart entry point +when we intended to call the one-shot entry point, but it's limited. + Note: our test drivers tend to provide all possible entry points (with a few exceptions that may not be intentional, see the next sections). However, in some cases, when an entry point is not available, the core is supposed to @@ -180,7 +190,7 @@ appropriately when some entry points are absent but other entry points allow implementing the operation. This will remain hard to test until we have proper support for JSON-defined drivers with auto-generation of dispatch code. (The `MBEDTLS_PSA_ACCEL_xxx` macros we currently use are not expressive enough -to specify which entry points are support for a given mechanism.) +to specify which entry points are supported for a given mechanism.) Our implementation of PSA Crypto is structured in a way that the built-in implementation of each operation follows the driver API, see From 8f40460b2b506f556d95f1f58fec6f87dc37f9ec Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Mon, 15 Apr 2024 15:09:10 +0200 Subject: [PATCH 102/429] generate_test_keys: fix mypy issue for imported path Signed-off-by: Valerio Setti --- tests/scripts/check-python-files.sh | 1 - tests/scripts/generate_test_keys.py | 1 + 2 files changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/scripts/check-python-files.sh b/tests/scripts/check-python-files.sh index cf1f87ab12..51e80792b0 100755 --- a/tests/scripts/check-python-files.sh +++ b/tests/scripts/check-python-files.sh @@ -62,7 +62,6 @@ $PYTHON -m pylint scripts/mbedtls_dev/*.py scripts/*.py tests/scripts/*.py || { echo echo 'Running mypy ...' -export MYPYPATH="../../scripts" $PYTHON -m mypy scripts/*.py tests/scripts/*.py || ret=1 diff --git a/tests/scripts/generate_test_keys.py b/tests/scripts/generate_test_keys.py index 630ab05ac1..0e5137ff52 100755 --- a/tests/scripts/generate_test_keys.py +++ b/tests/scripts/generate_test_keys.py @@ -12,6 +12,7 @@ import sys SCRIPT_DIR = os.path.dirname(os.path.abspath(__file__)) + "/" sys.path.append(SCRIPT_DIR + "../../scripts/") from mbedtls_dev.asymmetric_key_data import ASYMMETRIC_KEY_DATA +import scripts_path # pylint: disable=unused-import OUTPUT_HEADER_FILE = SCRIPT_DIR + "../src/test_keys.h" BYTES_PER_LINE = 12 From 776dce51d3699bd5f0ba40ea494abe447c0a74c0 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Mon, 15 Apr 2024 17:41:21 +0200 Subject: [PATCH 103/429] asymmetric_key_data: fix public RSA-2048 key Signed-off-by: Valerio Setti --- scripts/mbedtls_dev/asymmetric_key_data.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/mbedtls_dev/asymmetric_key_data.py b/scripts/mbedtls_dev/asymmetric_key_data.py index 4287be2d49..175bc9f03f 100644 --- a/scripts/mbedtls_dev/asymmetric_key_data.py +++ b/scripts/mbedtls_dev/asymmetric_key_data.py @@ -213,7 +213,7 @@ ASYMMETRIC_KEY_DATA = construct_asymmetric_key_data({ 02818100b29b34590bddb308afecb4c3ab78abf1114add755e7b956aa0677b6896a933c937db7dabaad2b565fd1df7caa5ef9629e5eb100fd6d7c9f372d846fee6cfb6025e25e934df57a4ca3c5e5637d9d6235ac80428852f6c92acae0a937e38e731fde0521d3e4c70d653ae9edc89c8b623e4379fbf606f4b6db8068528f7c70f2921 0281800ed47ae05b275a23a7dfe3ffb727e3a268e626a59d401d2d846de26954ff54fc9ed93a9af33fac2c967a18e0f86145083e39923454bc10da5f4937e836b99851956bffb301ce9e06789786693213fcde6d5f2933d52bb29dc340ea011257788d3c5775eb6569230aafbf08752d40a8419de71b01d4927e27c1079caada0568b1 """, """ -3081010a +3082010a 0282010100f7bb6b8eab40491cd64455ec04d4ed8db5051a9738fc7af73ff3b097511cce40aaf76537b1353504427986b7b2b53a964a6937b558ec0d1dea274af2b8fff2f094c243fa577266a79db0c26ffe30416d23ef05dd5fecab413ebbb4f8526ae720a94584226b37d92ef463fc736cb38e530e7488d9162f5726807bc543138a2d258adb4d680221c2532381ccfa81bc89bc3d7b84039c2df41ce3ec8db91c2380e781ba3aa9e23b74ed9973d4908efca47aa8d9b7b0a4423297a404427c3f3cd6e0782e4553880f06ba39a64f4a7b0eef921a6050a207cefadcf07394a3e18ea915dc8497e7ae61fc3162f62f5065a692af077266f7360c2076cebeaf14cb22c1ed 0203010001 """), From 862d14e694a1693bd221b40e6be57a3433f640aa Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Mon, 15 Apr 2024 17:58:43 +0200 Subject: [PATCH 104/429] generate_test_keys: minor improvements Signed-off-by: Valerio Setti --- tests/scripts/generate_test_keys.py | 32 +- tests/src/test_keys.h | 1088 ++++++++++++--------------- 2 files changed, 484 insertions(+), 636 deletions(-) diff --git a/tests/scripts/generate_test_keys.py b/tests/scripts/generate_test_keys.py index 0e5137ff52..d48b0268f3 100755 --- a/tests/scripts/generate_test_keys.py +++ b/tests/scripts/generate_test_keys.py @@ -8,6 +8,7 @@ generating the required key at run time. This helps speeding up testing.""" import os import sys +from typing import Iterator # pylint: disable=wrong-import-position SCRIPT_DIR = os.path.dirname(os.path.abspath(__file__)) + "/" sys.path.append(SCRIPT_DIR + "../../scripts/") @@ -15,7 +16,7 @@ from mbedtls_dev.asymmetric_key_data import ASYMMETRIC_KEY_DATA import scripts_path # pylint: disable=unused-import OUTPUT_HEADER_FILE = SCRIPT_DIR + "../src/test_keys.h" -BYTES_PER_LINE = 12 +BYTES_PER_LINE = 16 KEYS = { # RSA keys @@ -52,23 +53,20 @@ KEYS = { 'test_ec_curve448_pub': ['PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_MONTGOMERY)', 448], } +def c_byte_array_literal_content(array_name: str, key_data: bytes) -> Iterator[str]: + yield 'const unsigned char ' + yield array_name + yield '[] = {' + for index in range(0, len(key_data), BYTES_PER_LINE): + yield '\n ' + for b in key_data[index:index + BYTES_PER_LINE]: + yield ' {:#04x},'.format(b) + yield '\n};' + def convert_der_to_c(array_name: str, key_data: bytearray) -> str: - """Convert a DER content to a C array.""" - output_text = "const unsigned char {}[] = {{\n".format(array_name) + return ''.join(c_byte_array_literal_content(array_name, key_data)) - def get_data_chunk(data): - for index in range(0, len(data), BYTES_PER_LINE): - yield data[index : index + BYTES_PER_LINE] - - for bytes_chunk in get_data_chunk(key_data): - new_line = ' ' + ', '.join(['{:#04x}'.format(b) for b in bytes_chunk]) - output_text = output_text + new_line + ",\n" - - output_text = output_text + "};" - - return output_text - -def main(): +def main() -> None: # Remove output file if already existing. if os.path.exists(OUTPUT_HEADER_FILE): os.remove(OUTPUT_HEADER_FILE) @@ -90,4 +88,4 @@ def main(): output_file.write("\n") if __name__ == '__main__': - sys.exit(main()) + main() diff --git a/tests/src/test_keys.h b/tests/src/test_keys.h index 694bee55fb..63b5251309 100644 --- a/tests/src/test_keys.h +++ b/tests/src/test_keys.h @@ -4,717 +4,567 @@ *********************************************************************************/ const unsigned char test_rsa_1024[] = { - 0x30, 0x82, 0x02, 0x5e, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x00, 0xaf, - 0x05, 0x7d, 0x39, 0x6e, 0xe8, 0x4f, 0xb7, 0x5f, 0xdb, 0xb5, 0xc2, 0xb1, - 0x3c, 0x7f, 0xe5, 0xa6, 0x54, 0xaa, 0x8a, 0xa2, 0x47, 0x0b, 0x54, 0x1e, - 0xe1, 0xfe, 0xb0, 0xb1, 0x2d, 0x25, 0xc7, 0x97, 0x11, 0x53, 0x12, 0x49, - 0xe1, 0x12, 0x96, 0x28, 0x04, 0x2d, 0xbb, 0xb6, 0xc1, 0x20, 0xd1, 0x44, - 0x35, 0x24, 0xef, 0x4c, 0x0e, 0x6e, 0x1d, 0x89, 0x56, 0xee, 0xb2, 0x07, - 0x7a, 0xf1, 0x23, 0x49, 0xdd, 0xee, 0xe5, 0x44, 0x83, 0xbc, 0x06, 0xc2, - 0xc6, 0x19, 0x48, 0xcd, 0x02, 0xb2, 0x02, 0xe7, 0x96, 0xae, 0xbd, 0x94, - 0xd3, 0xa7, 0xcb, 0xf8, 0x59, 0xc2, 0xc1, 0x81, 0x9c, 0x32, 0x4c, 0xb8, - 0x2b, 0x9c, 0xd3, 0x4e, 0xde, 0x26, 0x3a, 0x2a, 0xbf, 0xfe, 0x47, 0x33, - 0xf0, 0x77, 0x86, 0x9e, 0x86, 0x60, 0xf7, 0xd6, 0x83, 0x4d, 0xa5, 0x3d, - 0x69, 0x0e, 0xf7, 0x98, 0x5f, 0x6b, 0xc3, 0x02, 0x03, 0x01, 0x00, 0x01, - 0x02, 0x81, 0x81, 0x00, 0x87, 0x4b, 0xf0, 0xff, 0xc2, 0xf2, 0xa7, 0x1d, - 0x14, 0x67, 0x1d, 0xdd, 0x01, 0x71, 0xc9, 0x54, 0xd7, 0xfd, 0xbf, 0x50, - 0x28, 0x1e, 0x4f, 0x6d, 0x99, 0xea, 0x0e, 0x1e, 0xbc, 0xf8, 0x2f, 0xaa, - 0x58, 0xe7, 0xb5, 0x95, 0xff, 0xb2, 0x93, 0xd1, 0xab, 0xe1, 0x7f, 0x11, - 0x0b, 0x37, 0xc4, 0x8c, 0xc0, 0xf3, 0x6c, 0x37, 0xe8, 0x4d, 0x87, 0x66, - 0x21, 0xd3, 0x27, 0xf6, 0x4b, 0xbe, 0x08, 0x45, 0x7d, 0x3e, 0xc4, 0x09, - 0x8b, 0xa2, 0xfa, 0x0a, 0x31, 0x9f, 0xba, 0x41, 0x1c, 0x28, 0x41, 0xed, - 0x7b, 0xe8, 0x31, 0x96, 0xa8, 0xcd, 0xf9, 0xda, 0xa5, 0xd0, 0x06, 0x94, - 0xbc, 0x33, 0x5f, 0xc4, 0xc3, 0x22, 0x17, 0xfe, 0x04, 0x88, 0xbc, 0xe9, - 0xcb, 0x72, 0x02, 0xe5, 0x94, 0x68, 0xb1, 0xea, 0xd1, 0x19, 0x00, 0x04, - 0x77, 0xdb, 0x2c, 0xa7, 0x97, 0xfa, 0xc1, 0x9e, 0xda, 0x3f, 0x58, 0xc1, - 0x02, 0x41, 0x00, 0xe2, 0xab, 0x76, 0x08, 0x41, 0xbb, 0x9d, 0x30, 0xa8, - 0x1d, 0x22, 0x2d, 0xe1, 0xeb, 0x73, 0x81, 0xd8, 0x22, 0x14, 0x40, 0x7f, - 0x1b, 0x97, 0x5c, 0xbb, 0xfe, 0x4e, 0x1a, 0x94, 0x67, 0xfd, 0x98, 0xad, - 0xbd, 0x78, 0xf6, 0x07, 0x83, 0x6c, 0xa5, 0xbe, 0x19, 0x28, 0xb9, 0xd1, - 0x60, 0xd9, 0x7f, 0xd4, 0x5c, 0x12, 0xd6, 0xb5, 0x2e, 0x2c, 0x98, 0x71, - 0xa1, 0x74, 0xc6, 0x6b, 0x48, 0x81, 0x13, 0x02, 0x41, 0x00, 0xc5, 0xab, - 0x27, 0x60, 0x21, 0x59, 0xae, 0x7d, 0x6f, 0x20, 0xc3, 0xc2, 0xee, 0x85, - 0x1e, 0x46, 0xdc, 0x11, 0x2e, 0x68, 0x9e, 0x28, 0xd5, 0xfc, 0xbb, 0xf9, - 0x90, 0xa9, 0x9e, 0xf8, 0xa9, 0x0b, 0x8b, 0xb4, 0x4f, 0xd3, 0x64, 0x67, - 0xe7, 0xfc, 0x17, 0x89, 0xce, 0xb6, 0x63, 0xab, 0xda, 0x33, 0x86, 0x52, - 0xc3, 0xc7, 0x3f, 0x11, 0x17, 0x74, 0x90, 0x2e, 0x84, 0x05, 0x65, 0x92, - 0x70, 0x91, 0x02, 0x41, 0x00, 0xb6, 0xcd, 0xbd, 0x35, 0x4f, 0x7d, 0xf5, - 0x79, 0xa6, 0x3b, 0x48, 0xb3, 0x64, 0x3e, 0x35, 0x3b, 0x84, 0x89, 0x87, - 0x77, 0xb4, 0x8b, 0x15, 0xf9, 0x4e, 0x0b, 0xfc, 0x05, 0x67, 0xa6, 0xae, - 0x59, 0x11, 0xd5, 0x7a, 0xd6, 0x40, 0x9c, 0xf7, 0x64, 0x7b, 0xf9, 0x62, - 0x64, 0xe9, 0xbd, 0x87, 0xeb, 0x95, 0xe2, 0x63, 0xb7, 0x11, 0x0b, 0x9a, - 0x1f, 0x9f, 0x94, 0xac, 0xce, 0xd0, 0xfa, 0xfa, 0x4d, 0x02, 0x40, 0x71, - 0x19, 0x5e, 0xec, 0x37, 0xe8, 0xd2, 0x57, 0xde, 0xcf, 0xc6, 0x72, 0xb0, - 0x7a, 0xe6, 0x39, 0xf1, 0x0c, 0xbb, 0x9b, 0x0c, 0x73, 0x9d, 0x0c, 0x80, - 0x99, 0x68, 0xd6, 0x44, 0xa9, 0x4e, 0x3f, 0xd6, 0xed, 0x92, 0x87, 0x07, - 0x7a, 0x14, 0x58, 0x3f, 0x37, 0x90, 0x58, 0xf7, 0x6a, 0x8a, 0xec, 0xd4, - 0x3c, 0x62, 0xdc, 0x8c, 0x0f, 0x41, 0x76, 0x66, 0x50, 0xd7, 0x25, 0x27, - 0x5a, 0xc4, 0xa1, 0x02, 0x41, 0x00, 0xbb, 0x32, 0xd1, 0x33, 0xed, 0xc2, - 0xe0, 0x48, 0xd4, 0x63, 0x38, 0x8b, 0x7b, 0xe9, 0xcb, 0x4b, 0xe2, 0x9f, - 0x4b, 0x62, 0x50, 0xbe, 0x60, 0x3e, 0x70, 0xe3, 0x64, 0x75, 0x01, 0xc9, - 0x7d, 0xdd, 0xe2, 0x0a, 0x4e, 0x71, 0xbe, 0x95, 0xfd, 0x5e, 0x71, 0x78, - 0x4e, 0x25, 0xac, 0xa4, 0xba, 0xf2, 0x5b, 0xe5, 0x73, 0x8a, 0xae, 0x59, - 0xbb, 0xfe, 0x1c, 0x99, 0x77, 0x81, 0x44, 0x7a, 0x2b, 0x24, + 0x30, 0x82, 0x02, 0x5e, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x00, 0xaf, 0x05, 0x7d, 0x39, 0x6e, + 0xe8, 0x4f, 0xb7, 0x5f, 0xdb, 0xb5, 0xc2, 0xb1, 0x3c, 0x7f, 0xe5, 0xa6, 0x54, 0xaa, 0x8a, 0xa2, + 0x47, 0x0b, 0x54, 0x1e, 0xe1, 0xfe, 0xb0, 0xb1, 0x2d, 0x25, 0xc7, 0x97, 0x11, 0x53, 0x12, 0x49, + 0xe1, 0x12, 0x96, 0x28, 0x04, 0x2d, 0xbb, 0xb6, 0xc1, 0x20, 0xd1, 0x44, 0x35, 0x24, 0xef, 0x4c, + 0x0e, 0x6e, 0x1d, 0x89, 0x56, 0xee, 0xb2, 0x07, 0x7a, 0xf1, 0x23, 0x49, 0xdd, 0xee, 0xe5, 0x44, + 0x83, 0xbc, 0x06, 0xc2, 0xc6, 0x19, 0x48, 0xcd, 0x02, 0xb2, 0x02, 0xe7, 0x96, 0xae, 0xbd, 0x94, + 0xd3, 0xa7, 0xcb, 0xf8, 0x59, 0xc2, 0xc1, 0x81, 0x9c, 0x32, 0x4c, 0xb8, 0x2b, 0x9c, 0xd3, 0x4e, + 0xde, 0x26, 0x3a, 0x2a, 0xbf, 0xfe, 0x47, 0x33, 0xf0, 0x77, 0x86, 0x9e, 0x86, 0x60, 0xf7, 0xd6, + 0x83, 0x4d, 0xa5, 0x3d, 0x69, 0x0e, 0xf7, 0x98, 0x5f, 0x6b, 0xc3, 0x02, 0x03, 0x01, 0x00, 0x01, + 0x02, 0x81, 0x81, 0x00, 0x87, 0x4b, 0xf0, 0xff, 0xc2, 0xf2, 0xa7, 0x1d, 0x14, 0x67, 0x1d, 0xdd, + 0x01, 0x71, 0xc9, 0x54, 0xd7, 0xfd, 0xbf, 0x50, 0x28, 0x1e, 0x4f, 0x6d, 0x99, 0xea, 0x0e, 0x1e, + 0xbc, 0xf8, 0x2f, 0xaa, 0x58, 0xe7, 0xb5, 0x95, 0xff, 0xb2, 0x93, 0xd1, 0xab, 0xe1, 0x7f, 0x11, + 0x0b, 0x37, 0xc4, 0x8c, 0xc0, 0xf3, 0x6c, 0x37, 0xe8, 0x4d, 0x87, 0x66, 0x21, 0xd3, 0x27, 0xf6, + 0x4b, 0xbe, 0x08, 0x45, 0x7d, 0x3e, 0xc4, 0x09, 0x8b, 0xa2, 0xfa, 0x0a, 0x31, 0x9f, 0xba, 0x41, + 0x1c, 0x28, 0x41, 0xed, 0x7b, 0xe8, 0x31, 0x96, 0xa8, 0xcd, 0xf9, 0xda, 0xa5, 0xd0, 0x06, 0x94, + 0xbc, 0x33, 0x5f, 0xc4, 0xc3, 0x22, 0x17, 0xfe, 0x04, 0x88, 0xbc, 0xe9, 0xcb, 0x72, 0x02, 0xe5, + 0x94, 0x68, 0xb1, 0xea, 0xd1, 0x19, 0x00, 0x04, 0x77, 0xdb, 0x2c, 0xa7, 0x97, 0xfa, 0xc1, 0x9e, + 0xda, 0x3f, 0x58, 0xc1, 0x02, 0x41, 0x00, 0xe2, 0xab, 0x76, 0x08, 0x41, 0xbb, 0x9d, 0x30, 0xa8, + 0x1d, 0x22, 0x2d, 0xe1, 0xeb, 0x73, 0x81, 0xd8, 0x22, 0x14, 0x40, 0x7f, 0x1b, 0x97, 0x5c, 0xbb, + 0xfe, 0x4e, 0x1a, 0x94, 0x67, 0xfd, 0x98, 0xad, 0xbd, 0x78, 0xf6, 0x07, 0x83, 0x6c, 0xa5, 0xbe, + 0x19, 0x28, 0xb9, 0xd1, 0x60, 0xd9, 0x7f, 0xd4, 0x5c, 0x12, 0xd6, 0xb5, 0x2e, 0x2c, 0x98, 0x71, + 0xa1, 0x74, 0xc6, 0x6b, 0x48, 0x81, 0x13, 0x02, 0x41, 0x00, 0xc5, 0xab, 0x27, 0x60, 0x21, 0x59, + 0xae, 0x7d, 0x6f, 0x20, 0xc3, 0xc2, 0xee, 0x85, 0x1e, 0x46, 0xdc, 0x11, 0x2e, 0x68, 0x9e, 0x28, + 0xd5, 0xfc, 0xbb, 0xf9, 0x90, 0xa9, 0x9e, 0xf8, 0xa9, 0x0b, 0x8b, 0xb4, 0x4f, 0xd3, 0x64, 0x67, + 0xe7, 0xfc, 0x17, 0x89, 0xce, 0xb6, 0x63, 0xab, 0xda, 0x33, 0x86, 0x52, 0xc3, 0xc7, 0x3f, 0x11, + 0x17, 0x74, 0x90, 0x2e, 0x84, 0x05, 0x65, 0x92, 0x70, 0x91, 0x02, 0x41, 0x00, 0xb6, 0xcd, 0xbd, + 0x35, 0x4f, 0x7d, 0xf5, 0x79, 0xa6, 0x3b, 0x48, 0xb3, 0x64, 0x3e, 0x35, 0x3b, 0x84, 0x89, 0x87, + 0x77, 0xb4, 0x8b, 0x15, 0xf9, 0x4e, 0x0b, 0xfc, 0x05, 0x67, 0xa6, 0xae, 0x59, 0x11, 0xd5, 0x7a, + 0xd6, 0x40, 0x9c, 0xf7, 0x64, 0x7b, 0xf9, 0x62, 0x64, 0xe9, 0xbd, 0x87, 0xeb, 0x95, 0xe2, 0x63, + 0xb7, 0x11, 0x0b, 0x9a, 0x1f, 0x9f, 0x94, 0xac, 0xce, 0xd0, 0xfa, 0xfa, 0x4d, 0x02, 0x40, 0x71, + 0x19, 0x5e, 0xec, 0x37, 0xe8, 0xd2, 0x57, 0xde, 0xcf, 0xc6, 0x72, 0xb0, 0x7a, 0xe6, 0x39, 0xf1, + 0x0c, 0xbb, 0x9b, 0x0c, 0x73, 0x9d, 0x0c, 0x80, 0x99, 0x68, 0xd6, 0x44, 0xa9, 0x4e, 0x3f, 0xd6, + 0xed, 0x92, 0x87, 0x07, 0x7a, 0x14, 0x58, 0x3f, 0x37, 0x90, 0x58, 0xf7, 0x6a, 0x8a, 0xec, 0xd4, + 0x3c, 0x62, 0xdc, 0x8c, 0x0f, 0x41, 0x76, 0x66, 0x50, 0xd7, 0x25, 0x27, 0x5a, 0xc4, 0xa1, 0x02, + 0x41, 0x00, 0xbb, 0x32, 0xd1, 0x33, 0xed, 0xc2, 0xe0, 0x48, 0xd4, 0x63, 0x38, 0x8b, 0x7b, 0xe9, + 0xcb, 0x4b, 0xe2, 0x9f, 0x4b, 0x62, 0x50, 0xbe, 0x60, 0x3e, 0x70, 0xe3, 0x64, 0x75, 0x01, 0xc9, + 0x7d, 0xdd, 0xe2, 0x0a, 0x4e, 0x71, 0xbe, 0x95, 0xfd, 0x5e, 0x71, 0x78, 0x4e, 0x25, 0xac, 0xa4, + 0xba, 0xf2, 0x5b, 0xe5, 0x73, 0x8a, 0xae, 0x59, 0xbb, 0xfe, 0x1c, 0x99, 0x77, 0x81, 0x44, 0x7a, + 0x2b, 0x24, }; const unsigned char test_rsa_1026[] = { - 0x30, 0x82, 0x02, 0x5e, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x02, 0xd0, - 0x96, 0x61, 0xfc, 0x74, 0x22, 0x4b, 0xa7, 0xbe, 0x79, 0x07, 0xab, 0xef, - 0x4f, 0x5e, 0x8b, 0xcc, 0x26, 0x4a, 0x80, 0x2c, 0x97, 0x8f, 0x7e, 0xaa, - 0x58, 0x55, 0xad, 0xa0, 0x54, 0x36, 0xd7, 0x5d, 0xb7, 0x68, 0xd2, 0x0f, - 0x68, 0x59, 0x5d, 0xbc, 0xc3, 0xd7, 0x25, 0xb1, 0x38, 0xe8, 0x0b, 0x24, - 0x7e, 0x44, 0xa4, 0x16, 0x3a, 0x05, 0x42, 0xfa, 0xb6, 0x12, 0xac, 0xbb, - 0xde, 0x45, 0xf2, 0xe9, 0x38, 0x94, 0xaa, 0x25, 0x3b, 0xdd, 0xef, 0x6a, - 0x7b, 0xec, 0xdc, 0x9c, 0xc2, 0x9a, 0x99, 0xba, 0xcf, 0x48, 0xdc, 0x6e, - 0x38, 0xdb, 0x7a, 0x33, 0xe9, 0xac, 0x92, 0x4c, 0x52, 0x0f, 0xc6, 0xbe, - 0x7d, 0x6e, 0x56, 0x46, 0xc1, 0xd6, 0x7f, 0xb8, 0xb2, 0xb9, 0x7a, 0xc6, - 0x0b, 0xee, 0xcc, 0x3b, 0xb8, 0xe7, 0x5b, 0xed, 0x83, 0x15, 0xaa, 0x3f, - 0xe4, 0x6f, 0x74, 0x8a, 0x66, 0xd6, 0xef, 0x02, 0x03, 0x01, 0x00, 0x01, - 0x02, 0x81, 0x80, 0x6a, 0x4a, 0x34, 0x6b, 0xeb, 0xa9, 0x7f, 0x65, 0x5f, - 0xe8, 0x34, 0x64, 0x7d, 0x29, 0x44, 0xf5, 0xf4, 0x08, 0x15, 0xe7, 0x30, - 0x2c, 0xaf, 0x02, 0xed, 0x17, 0x98, 0x93, 0xc2, 0xd9, 0x89, 0x39, 0x5d, - 0x5e, 0x87, 0x7c, 0xac, 0xbf, 0x24, 0xa7, 0x7a, 0x07, 0x9d, 0x3d, 0xb7, - 0x15, 0x80, 0xcc, 0xdb, 0xf6, 0x30, 0x23, 0xd0, 0x0f, 0x80, 0xe5, 0x2f, - 0x5c, 0x1a, 0x07, 0x16, 0xb3, 0x23, 0xb7, 0xbf, 0xcb, 0xdc, 0x8a, 0x17, - 0x81, 0xc4, 0x4c, 0x41, 0x53, 0xe3, 0xda, 0x22, 0x8d, 0x17, 0xb2, 0xdc, - 0x78, 0xeb, 0x1f, 0x44, 0xcf, 0xf6, 0x0f, 0xe1, 0x15, 0x08, 0x08, 0xa6, - 0xe3, 0x8b, 0xa2, 0x47, 0x0a, 0xee, 0x2e, 0x94, 0x8a, 0x68, 0x98, 0xdd, - 0xad, 0xea, 0x56, 0xd9, 0x47, 0x09, 0x27, 0xac, 0xa8, 0xd9, 0x4a, 0x03, - 0x38, 0xc1, 0x1a, 0x8e, 0x95, 0x71, 0x5b, 0x5f, 0x94, 0xe0, 0x11, 0x02, - 0x41, 0x01, 0xf5, 0x41, 0x85, 0x34, 0xc3, 0x62, 0x36, 0xfc, 0x9f, 0xd3, - 0x89, 0x34, 0xd7, 0xc0, 0x6d, 0xfe, 0xd3, 0x82, 0x91, 0x51, 0xcc, 0xab, - 0x56, 0xb6, 0x33, 0x0c, 0x64, 0x1f, 0x77, 0x96, 0xa7, 0x19, 0x24, 0xcf, - 0x81, 0x19, 0xca, 0x26, 0xe1, 0x86, 0xec, 0xd3, 0x06, 0x8d, 0x66, 0x07, - 0xa0, 0x52, 0x60, 0xdb, 0x48, 0x57, 0x65, 0x19, 0x80, 0x43, 0x68, 0x91, - 0xad, 0xde, 0x9e, 0xb9, 0x2a, 0xb7, 0x02, 0x41, 0x01, 0x70, 0x04, 0x2f, - 0xbd, 0xba, 0xba, 0x1e, 0x10, 0x2b, 0x7f, 0x7f, 0x1d, 0xc9, 0xd9, 0x40, - 0xcf, 0xdc, 0xd8, 0x5d, 0xd0, 0xea, 0x65, 0xf5, 0x43, 0xc6, 0x43, 0x2e, - 0x9c, 0x54, 0x80, 0x72, 0x4b, 0xb4, 0x9b, 0x1e, 0x5f, 0x80, 0xca, 0x2b, - 0x9f, 0x84, 0xcd, 0x66, 0x44, 0xbf, 0xb2, 0xe3, 0xd0, 0x96, 0x80, 0x90, - 0xb8, 0x9f, 0x53, 0x4d, 0xc2, 0x95, 0x1e, 0x60, 0x6d, 0xb9, 0x09, 0xdd, - 0x89, 0x02, 0x41, 0x01, 0x4b, 0x6c, 0x1a, 0xeb, 0x1c, 0x14, 0xa0, 0x4e, - 0xc0, 0x4e, 0x59, 0x75, 0xfb, 0x01, 0x5c, 0xb9, 0x14, 0x98, 0x4c, 0x05, - 0x4d, 0xd2, 0x2b, 0xef, 0x24, 0x29, 0x99, 0x39, 0xc5, 0x14, 0x73, 0x3f, - 0x88, 0xbb, 0x3a, 0x9d, 0x16, 0xb0, 0x46, 0x85, 0xb3, 0xa8, 0x83, 0xb8, - 0x92, 0x31, 0x90, 0xab, 0x67, 0x27, 0x15, 0xd9, 0xd3, 0x1a, 0xdd, 0x57, - 0xb4, 0x98, 0x3d, 0xe1, 0xe8, 0x08, 0x7e, 0x59, 0x02, 0x41, 0x01, 0x17, - 0xbf, 0x76, 0xf3, 0x08, 0xb0, 0x56, 0x0e, 0x00, 0xa2, 0xc8, 0x64, 0x42, - 0x7d, 0xcd, 0x50, 0xb5, 0x16, 0x1c, 0x2a, 0xa5, 0x23, 0xa0, 0x0f, 0x46, - 0xf4, 0xe6, 0xc7, 0x9b, 0x4c, 0x90, 0x95, 0x8f, 0xd2, 0xa2, 0x82, 0x02, - 0x8a, 0xac, 0x22, 0x74, 0x77, 0x16, 0x98, 0x88, 0x08, 0x5a, 0x38, 0xc3, - 0x4f, 0x33, 0xb3, 0xc4, 0x19, 0x34, 0xf1, 0x07, 0x1d, 0xb2, 0x3b, 0x75, - 0xff, 0x53, 0xd1, 0x02, 0x41, 0x01, 0x20, 0xa4, 0x28, 0xb4, 0xe0, 0xc4, - 0xa6, 0xf2, 0x02, 0x92, 0x0f, 0xd4, 0x9c, 0xc9, 0x88, 0x6e, 0x6b, 0x67, - 0x19, 0xd4, 0x0a, 0x3a, 0xd0, 0x60, 0x4f, 0x5d, 0x5e, 0xfd, 0x5e, 0xf6, - 0x97, 0x3a, 0x57, 0x3a, 0xb3, 0x24, 0xf3, 0x8e, 0xcb, 0x8e, 0x66, 0x9a, - 0x69, 0x34, 0x15, 0x97, 0x08, 0x1e, 0x24, 0x0b, 0x6a, 0xe4, 0xe2, 0x71, - 0x48, 0x87, 0xdd, 0x78, 0xda, 0xda, 0xeb, 0x0b, 0x92, 0x16, + 0x30, 0x82, 0x02, 0x5e, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x02, 0xd0, 0x96, 0x61, 0xfc, 0x74, + 0x22, 0x4b, 0xa7, 0xbe, 0x79, 0x07, 0xab, 0xef, 0x4f, 0x5e, 0x8b, 0xcc, 0x26, 0x4a, 0x80, 0x2c, + 0x97, 0x8f, 0x7e, 0xaa, 0x58, 0x55, 0xad, 0xa0, 0x54, 0x36, 0xd7, 0x5d, 0xb7, 0x68, 0xd2, 0x0f, + 0x68, 0x59, 0x5d, 0xbc, 0xc3, 0xd7, 0x25, 0xb1, 0x38, 0xe8, 0x0b, 0x24, 0x7e, 0x44, 0xa4, 0x16, + 0x3a, 0x05, 0x42, 0xfa, 0xb6, 0x12, 0xac, 0xbb, 0xde, 0x45, 0xf2, 0xe9, 0x38, 0x94, 0xaa, 0x25, + 0x3b, 0xdd, 0xef, 0x6a, 0x7b, 0xec, 0xdc, 0x9c, 0xc2, 0x9a, 0x99, 0xba, 0xcf, 0x48, 0xdc, 0x6e, + 0x38, 0xdb, 0x7a, 0x33, 0xe9, 0xac, 0x92, 0x4c, 0x52, 0x0f, 0xc6, 0xbe, 0x7d, 0x6e, 0x56, 0x46, + 0xc1, 0xd6, 0x7f, 0xb8, 0xb2, 0xb9, 0x7a, 0xc6, 0x0b, 0xee, 0xcc, 0x3b, 0xb8, 0xe7, 0x5b, 0xed, + 0x83, 0x15, 0xaa, 0x3f, 0xe4, 0x6f, 0x74, 0x8a, 0x66, 0xd6, 0xef, 0x02, 0x03, 0x01, 0x00, 0x01, + 0x02, 0x81, 0x80, 0x6a, 0x4a, 0x34, 0x6b, 0xeb, 0xa9, 0x7f, 0x65, 0x5f, 0xe8, 0x34, 0x64, 0x7d, + 0x29, 0x44, 0xf5, 0xf4, 0x08, 0x15, 0xe7, 0x30, 0x2c, 0xaf, 0x02, 0xed, 0x17, 0x98, 0x93, 0xc2, + 0xd9, 0x89, 0x39, 0x5d, 0x5e, 0x87, 0x7c, 0xac, 0xbf, 0x24, 0xa7, 0x7a, 0x07, 0x9d, 0x3d, 0xb7, + 0x15, 0x80, 0xcc, 0xdb, 0xf6, 0x30, 0x23, 0xd0, 0x0f, 0x80, 0xe5, 0x2f, 0x5c, 0x1a, 0x07, 0x16, + 0xb3, 0x23, 0xb7, 0xbf, 0xcb, 0xdc, 0x8a, 0x17, 0x81, 0xc4, 0x4c, 0x41, 0x53, 0xe3, 0xda, 0x22, + 0x8d, 0x17, 0xb2, 0xdc, 0x78, 0xeb, 0x1f, 0x44, 0xcf, 0xf6, 0x0f, 0xe1, 0x15, 0x08, 0x08, 0xa6, + 0xe3, 0x8b, 0xa2, 0x47, 0x0a, 0xee, 0x2e, 0x94, 0x8a, 0x68, 0x98, 0xdd, 0xad, 0xea, 0x56, 0xd9, + 0x47, 0x09, 0x27, 0xac, 0xa8, 0xd9, 0x4a, 0x03, 0x38, 0xc1, 0x1a, 0x8e, 0x95, 0x71, 0x5b, 0x5f, + 0x94, 0xe0, 0x11, 0x02, 0x41, 0x01, 0xf5, 0x41, 0x85, 0x34, 0xc3, 0x62, 0x36, 0xfc, 0x9f, 0xd3, + 0x89, 0x34, 0xd7, 0xc0, 0x6d, 0xfe, 0xd3, 0x82, 0x91, 0x51, 0xcc, 0xab, 0x56, 0xb6, 0x33, 0x0c, + 0x64, 0x1f, 0x77, 0x96, 0xa7, 0x19, 0x24, 0xcf, 0x81, 0x19, 0xca, 0x26, 0xe1, 0x86, 0xec, 0xd3, + 0x06, 0x8d, 0x66, 0x07, 0xa0, 0x52, 0x60, 0xdb, 0x48, 0x57, 0x65, 0x19, 0x80, 0x43, 0x68, 0x91, + 0xad, 0xde, 0x9e, 0xb9, 0x2a, 0xb7, 0x02, 0x41, 0x01, 0x70, 0x04, 0x2f, 0xbd, 0xba, 0xba, 0x1e, + 0x10, 0x2b, 0x7f, 0x7f, 0x1d, 0xc9, 0xd9, 0x40, 0xcf, 0xdc, 0xd8, 0x5d, 0xd0, 0xea, 0x65, 0xf5, + 0x43, 0xc6, 0x43, 0x2e, 0x9c, 0x54, 0x80, 0x72, 0x4b, 0xb4, 0x9b, 0x1e, 0x5f, 0x80, 0xca, 0x2b, + 0x9f, 0x84, 0xcd, 0x66, 0x44, 0xbf, 0xb2, 0xe3, 0xd0, 0x96, 0x80, 0x90, 0xb8, 0x9f, 0x53, 0x4d, + 0xc2, 0x95, 0x1e, 0x60, 0x6d, 0xb9, 0x09, 0xdd, 0x89, 0x02, 0x41, 0x01, 0x4b, 0x6c, 0x1a, 0xeb, + 0x1c, 0x14, 0xa0, 0x4e, 0xc0, 0x4e, 0x59, 0x75, 0xfb, 0x01, 0x5c, 0xb9, 0x14, 0x98, 0x4c, 0x05, + 0x4d, 0xd2, 0x2b, 0xef, 0x24, 0x29, 0x99, 0x39, 0xc5, 0x14, 0x73, 0x3f, 0x88, 0xbb, 0x3a, 0x9d, + 0x16, 0xb0, 0x46, 0x85, 0xb3, 0xa8, 0x83, 0xb8, 0x92, 0x31, 0x90, 0xab, 0x67, 0x27, 0x15, 0xd9, + 0xd3, 0x1a, 0xdd, 0x57, 0xb4, 0x98, 0x3d, 0xe1, 0xe8, 0x08, 0x7e, 0x59, 0x02, 0x41, 0x01, 0x17, + 0xbf, 0x76, 0xf3, 0x08, 0xb0, 0x56, 0x0e, 0x00, 0xa2, 0xc8, 0x64, 0x42, 0x7d, 0xcd, 0x50, 0xb5, + 0x16, 0x1c, 0x2a, 0xa5, 0x23, 0xa0, 0x0f, 0x46, 0xf4, 0xe6, 0xc7, 0x9b, 0x4c, 0x90, 0x95, 0x8f, + 0xd2, 0xa2, 0x82, 0x02, 0x8a, 0xac, 0x22, 0x74, 0x77, 0x16, 0x98, 0x88, 0x08, 0x5a, 0x38, 0xc3, + 0x4f, 0x33, 0xb3, 0xc4, 0x19, 0x34, 0xf1, 0x07, 0x1d, 0xb2, 0x3b, 0x75, 0xff, 0x53, 0xd1, 0x02, + 0x41, 0x01, 0x20, 0xa4, 0x28, 0xb4, 0xe0, 0xc4, 0xa6, 0xf2, 0x02, 0x92, 0x0f, 0xd4, 0x9c, 0xc9, + 0x88, 0x6e, 0x6b, 0x67, 0x19, 0xd4, 0x0a, 0x3a, 0xd0, 0x60, 0x4f, 0x5d, 0x5e, 0xfd, 0x5e, 0xf6, + 0x97, 0x3a, 0x57, 0x3a, 0xb3, 0x24, 0xf3, 0x8e, 0xcb, 0x8e, 0x66, 0x9a, 0x69, 0x34, 0x15, 0x97, + 0x08, 0x1e, 0x24, 0x0b, 0x6a, 0xe4, 0xe2, 0x71, 0x48, 0x87, 0xdd, 0x78, 0xda, 0xda, 0xeb, 0x0b, + 0x92, 0x16, }; const unsigned char test_rsa_1028[] = { - 0x30, 0x82, 0x02, 0x5e, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x0e, 0x62, - 0xa7, 0x6f, 0x0e, 0x0b, 0x59, 0x68, 0x3a, 0x7e, 0xbf, 0x7c, 0xbf, 0xd3, - 0x7b, 0x1d, 0x17, 0x81, 0xd8, 0xf1, 0xb9, 0x00, 0x60, 0x4b, 0x50, 0x7f, - 0x0f, 0x04, 0xc7, 0x2a, 0x3d, 0x34, 0x0d, 0x06, 0x7b, 0xcd, 0x53, 0xbe, - 0xa3, 0xca, 0xff, 0x4e, 0x4a, 0xe6, 0x94, 0xf0, 0xb6, 0xd8, 0xf5, 0x91, - 0xa4, 0x16, 0x7f, 0xbf, 0x7f, 0x37, 0x2a, 0xb5, 0x7e, 0x83, 0xa6, 0x9a, - 0x3f, 0x26, 0xf4, 0x47, 0xbc, 0xf5, 0x82, 0xbc, 0x96, 0x21, 0xa3, 0x0a, - 0x3b, 0x44, 0xd6, 0xb4, 0x3e, 0x98, 0x6d, 0x1a, 0x86, 0x7b, 0x07, 0x48, - 0x9e, 0x4f, 0x9b, 0xfc, 0xad, 0xaa, 0x82, 0xa2, 0x78, 0x2d, 0xc2, 0x72, - 0x9a, 0x63, 0x1f, 0xb1, 0xfb, 0x9f, 0xfb, 0x79, 0x4b, 0x4e, 0x53, 0xc7, - 0x62, 0x39, 0xe0, 0x4d, 0x4a, 0x8f, 0x80, 0x35, 0x25, 0x88, 0xdb, 0x29, - 0x46, 0x2d, 0xde, 0x18, 0x23, 0x7c, 0xf5, 0x02, 0x03, 0x01, 0x00, 0x01, - 0x02, 0x81, 0x81, 0x01, 0xcf, 0xa0, 0x42, 0x2e, 0x3b, 0xb6, 0x0c, 0x15, - 0xef, 0x2e, 0x96, 0xdb, 0x44, 0x99, 0xe7, 0x89, 0xf5, 0xd6, 0x34, 0xea, - 0x64, 0x56, 0x7b, 0x2c, 0xdd, 0x6e, 0x2b, 0xdd, 0x12, 0x1f, 0x85, 0xed, - 0xcc, 0xde, 0xe9, 0xb4, 0xed, 0x17, 0x8c, 0x5f, 0x33, 0x81, 0x61, 0x01, - 0xa7, 0xc3, 0x71, 0x51, 0x8b, 0x3e, 0x23, 0xf9, 0xfd, 0xc7, 0x1b, 0x90, - 0x24, 0x2c, 0xd3, 0x10, 0xb6, 0xb3, 0x14, 0x28, 0xb0, 0xb6, 0x4e, 0xb9, - 0x59, 0x6b, 0xe0, 0xcc, 0x04, 0x4c, 0xc8, 0x50, 0x48, 0x98, 0x2f, 0x90, - 0xb7, 0x06, 0xe6, 0x6c, 0xcd, 0xd3, 0x9a, 0xd5, 0xa1, 0xa7, 0xb6, 0x4c, - 0xf0, 0x34, 0xea, 0xc0, 0xc3, 0x5d, 0x7a, 0xce, 0x93, 0xf2, 0xbc, 0xd3, - 0xce, 0x24, 0x3b, 0xd8, 0xf8, 0x3b, 0x46, 0xf5, 0x09, 0xca, 0x2f, 0x80, - 0x50, 0x63, 0x00, 0x2a, 0xf2, 0xbb, 0x2d, 0x88, 0xb6, 0xee, 0x36, 0xa9, - 0x02, 0x41, 0x03, 0xf0, 0x88, 0x6d, 0x29, 0x77, 0x52, 0x6f, 0x3f, 0x3f, - 0x6a, 0x07, 0x56, 0x00, 0x23, 0x2c, 0xe3, 0x00, 0x85, 0x17, 0x27, 0x6d, - 0xd3, 0x72, 0x1d, 0xee, 0x08, 0xfd, 0x6c, 0x99, 0x9f, 0xc9, 0x76, 0xb9, - 0xe8, 0xdd, 0x2b, 0xc1, 0x43, 0x38, 0x5f, 0xa4, 0xb4, 0x87, 0x35, 0xce, - 0x81, 0xc6, 0x6b, 0x50, 0x1d, 0x71, 0x29, 0xee, 0x78, 0x60, 0xcf, 0xbe, - 0xf2, 0x3b, 0x5d, 0xa9, 0x1e, 0x6c, 0x2d, 0x02, 0x41, 0x03, 0xa6, 0xc8, - 0x73, 0x4a, 0xac, 0xe5, 0x9d, 0x5f, 0x38, 0x6f, 0x97, 0xde, 0x45, 0x0f, - 0x8a, 0x12, 0xd6, 0x3a, 0xe6, 0xac, 0x15, 0xd3, 0x36, 0xe0, 0x10, 0xc9, - 0xfc, 0xf0, 0x3a, 0x32, 0xf0, 0x61, 0x18, 0x81, 0xac, 0x6c, 0xd8, 0xb3, - 0xf9, 0x89, 0x92, 0x5c, 0x0f, 0x02, 0x5a, 0xf2, 0x6c, 0xf2, 0x6a, 0xeb, - 0xd7, 0xd9, 0xb0, 0x4e, 0xb5, 0x03, 0x04, 0x8d, 0xca, 0x2f, 0x50, 0x3c, - 0x28, 0xe9, 0x02, 0x41, 0x01, 0x9b, 0x30, 0x04, 0x51, 0xc3, 0xb4, 0x78, - 0x66, 0xf1, 0x13, 0xe9, 0xa9, 0xc6, 0xa4, 0x90, 0xc8, 0x7c, 0x8d, 0xc6, - 0xc2, 0xec, 0xa4, 0x29, 0x02, 0xca, 0xea, 0x1f, 0x69, 0x07, 0xb9, 0x7e, - 0x0a, 0x4a, 0x02, 0x07, 0x2a, 0xaf, 0xc1, 0x18, 0x5a, 0xe6, 0x6c, 0x34, - 0x34, 0x5b, 0xdd, 0xcd, 0x68, 0x33, 0x61, 0xcd, 0xa1, 0xaa, 0xf8, 0xa9, - 0x80, 0x09, 0xf9, 0xf8, 0xfa, 0x56, 0xd9, 0x70, 0x81, 0x02, 0x40, 0x1b, - 0xcc, 0xa8, 0x49, 0x17, 0x3d, 0x38, 0xe1, 0xe5, 0x0e, 0xc4, 0x88, 0x72, - 0xab, 0x54, 0xa2, 0xdc, 0xc6, 0x21, 0xa8, 0x0a, 0x7a, 0x1e, 0x8e, 0xa9, - 0x51, 0x28, 0x79, 0x88, 0x71, 0x8d, 0x5e, 0x85, 0xd9, 0x0d, 0x64, 0xab, - 0x49, 0x26, 0xe9, 0xa5, 0x75, 0xa1, 0x68, 0xa3, 0x85, 0xc4, 0x21, 0xad, - 0x76, 0x58, 0x13, 0xfc, 0x3f, 0x4a, 0xf8, 0xcd, 0x00, 0xde, 0x7b, 0x6b, - 0xba, 0x6e, 0x49, 0x02, 0x41, 0x03, 0x6d, 0xcf, 0x69, 0xf6, 0xe5, 0x48, - 0xc8, 0xac, 0xfb, 0x53, 0x6f, 0xb6, 0xcd, 0x18, 0x6f, 0x8b, 0x8f, 0x20, - 0xd3, 0x13, 0x36, 0x1d, 0x04, 0x47, 0xc1, 0xb5, 0xe3, 0x80, 0xf4, 0x11, - 0x3e, 0x57, 0x8b, 0x31, 0xe8, 0x67, 0xdd, 0xa4, 0x7d, 0x44, 0xad, 0x37, - 0x61, 0xe7, 0x93, 0xf7, 0x25, 0x03, 0x1b, 0x8d, 0x37, 0x9f, 0x38, 0x9d, - 0xe2, 0x77, 0xa9, 0xa0, 0x13, 0x76, 0x51, 0xdf, 0x54, 0x8a, + 0x30, 0x82, 0x02, 0x5e, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x0e, 0x62, 0xa7, 0x6f, 0x0e, 0x0b, + 0x59, 0x68, 0x3a, 0x7e, 0xbf, 0x7c, 0xbf, 0xd3, 0x7b, 0x1d, 0x17, 0x81, 0xd8, 0xf1, 0xb9, 0x00, + 0x60, 0x4b, 0x50, 0x7f, 0x0f, 0x04, 0xc7, 0x2a, 0x3d, 0x34, 0x0d, 0x06, 0x7b, 0xcd, 0x53, 0xbe, + 0xa3, 0xca, 0xff, 0x4e, 0x4a, 0xe6, 0x94, 0xf0, 0xb6, 0xd8, 0xf5, 0x91, 0xa4, 0x16, 0x7f, 0xbf, + 0x7f, 0x37, 0x2a, 0xb5, 0x7e, 0x83, 0xa6, 0x9a, 0x3f, 0x26, 0xf4, 0x47, 0xbc, 0xf5, 0x82, 0xbc, + 0x96, 0x21, 0xa3, 0x0a, 0x3b, 0x44, 0xd6, 0xb4, 0x3e, 0x98, 0x6d, 0x1a, 0x86, 0x7b, 0x07, 0x48, + 0x9e, 0x4f, 0x9b, 0xfc, 0xad, 0xaa, 0x82, 0xa2, 0x78, 0x2d, 0xc2, 0x72, 0x9a, 0x63, 0x1f, 0xb1, + 0xfb, 0x9f, 0xfb, 0x79, 0x4b, 0x4e, 0x53, 0xc7, 0x62, 0x39, 0xe0, 0x4d, 0x4a, 0x8f, 0x80, 0x35, + 0x25, 0x88, 0xdb, 0x29, 0x46, 0x2d, 0xde, 0x18, 0x23, 0x7c, 0xf5, 0x02, 0x03, 0x01, 0x00, 0x01, + 0x02, 0x81, 0x81, 0x01, 0xcf, 0xa0, 0x42, 0x2e, 0x3b, 0xb6, 0x0c, 0x15, 0xef, 0x2e, 0x96, 0xdb, + 0x44, 0x99, 0xe7, 0x89, 0xf5, 0xd6, 0x34, 0xea, 0x64, 0x56, 0x7b, 0x2c, 0xdd, 0x6e, 0x2b, 0xdd, + 0x12, 0x1f, 0x85, 0xed, 0xcc, 0xde, 0xe9, 0xb4, 0xed, 0x17, 0x8c, 0x5f, 0x33, 0x81, 0x61, 0x01, + 0xa7, 0xc3, 0x71, 0x51, 0x8b, 0x3e, 0x23, 0xf9, 0xfd, 0xc7, 0x1b, 0x90, 0x24, 0x2c, 0xd3, 0x10, + 0xb6, 0xb3, 0x14, 0x28, 0xb0, 0xb6, 0x4e, 0xb9, 0x59, 0x6b, 0xe0, 0xcc, 0x04, 0x4c, 0xc8, 0x50, + 0x48, 0x98, 0x2f, 0x90, 0xb7, 0x06, 0xe6, 0x6c, 0xcd, 0xd3, 0x9a, 0xd5, 0xa1, 0xa7, 0xb6, 0x4c, + 0xf0, 0x34, 0xea, 0xc0, 0xc3, 0x5d, 0x7a, 0xce, 0x93, 0xf2, 0xbc, 0xd3, 0xce, 0x24, 0x3b, 0xd8, + 0xf8, 0x3b, 0x46, 0xf5, 0x09, 0xca, 0x2f, 0x80, 0x50, 0x63, 0x00, 0x2a, 0xf2, 0xbb, 0x2d, 0x88, + 0xb6, 0xee, 0x36, 0xa9, 0x02, 0x41, 0x03, 0xf0, 0x88, 0x6d, 0x29, 0x77, 0x52, 0x6f, 0x3f, 0x3f, + 0x6a, 0x07, 0x56, 0x00, 0x23, 0x2c, 0xe3, 0x00, 0x85, 0x17, 0x27, 0x6d, 0xd3, 0x72, 0x1d, 0xee, + 0x08, 0xfd, 0x6c, 0x99, 0x9f, 0xc9, 0x76, 0xb9, 0xe8, 0xdd, 0x2b, 0xc1, 0x43, 0x38, 0x5f, 0xa4, + 0xb4, 0x87, 0x35, 0xce, 0x81, 0xc6, 0x6b, 0x50, 0x1d, 0x71, 0x29, 0xee, 0x78, 0x60, 0xcf, 0xbe, + 0xf2, 0x3b, 0x5d, 0xa9, 0x1e, 0x6c, 0x2d, 0x02, 0x41, 0x03, 0xa6, 0xc8, 0x73, 0x4a, 0xac, 0xe5, + 0x9d, 0x5f, 0x38, 0x6f, 0x97, 0xde, 0x45, 0x0f, 0x8a, 0x12, 0xd6, 0x3a, 0xe6, 0xac, 0x15, 0xd3, + 0x36, 0xe0, 0x10, 0xc9, 0xfc, 0xf0, 0x3a, 0x32, 0xf0, 0x61, 0x18, 0x81, 0xac, 0x6c, 0xd8, 0xb3, + 0xf9, 0x89, 0x92, 0x5c, 0x0f, 0x02, 0x5a, 0xf2, 0x6c, 0xf2, 0x6a, 0xeb, 0xd7, 0xd9, 0xb0, 0x4e, + 0xb5, 0x03, 0x04, 0x8d, 0xca, 0x2f, 0x50, 0x3c, 0x28, 0xe9, 0x02, 0x41, 0x01, 0x9b, 0x30, 0x04, + 0x51, 0xc3, 0xb4, 0x78, 0x66, 0xf1, 0x13, 0xe9, 0xa9, 0xc6, 0xa4, 0x90, 0xc8, 0x7c, 0x8d, 0xc6, + 0xc2, 0xec, 0xa4, 0x29, 0x02, 0xca, 0xea, 0x1f, 0x69, 0x07, 0xb9, 0x7e, 0x0a, 0x4a, 0x02, 0x07, + 0x2a, 0xaf, 0xc1, 0x18, 0x5a, 0xe6, 0x6c, 0x34, 0x34, 0x5b, 0xdd, 0xcd, 0x68, 0x33, 0x61, 0xcd, + 0xa1, 0xaa, 0xf8, 0xa9, 0x80, 0x09, 0xf9, 0xf8, 0xfa, 0x56, 0xd9, 0x70, 0x81, 0x02, 0x40, 0x1b, + 0xcc, 0xa8, 0x49, 0x17, 0x3d, 0x38, 0xe1, 0xe5, 0x0e, 0xc4, 0x88, 0x72, 0xab, 0x54, 0xa2, 0xdc, + 0xc6, 0x21, 0xa8, 0x0a, 0x7a, 0x1e, 0x8e, 0xa9, 0x51, 0x28, 0x79, 0x88, 0x71, 0x8d, 0x5e, 0x85, + 0xd9, 0x0d, 0x64, 0xab, 0x49, 0x26, 0xe9, 0xa5, 0x75, 0xa1, 0x68, 0xa3, 0x85, 0xc4, 0x21, 0xad, + 0x76, 0x58, 0x13, 0xfc, 0x3f, 0x4a, 0xf8, 0xcd, 0x00, 0xde, 0x7b, 0x6b, 0xba, 0x6e, 0x49, 0x02, + 0x41, 0x03, 0x6d, 0xcf, 0x69, 0xf6, 0xe5, 0x48, 0xc8, 0xac, 0xfb, 0x53, 0x6f, 0xb6, 0xcd, 0x18, + 0x6f, 0x8b, 0x8f, 0x20, 0xd3, 0x13, 0x36, 0x1d, 0x04, 0x47, 0xc1, 0xb5, 0xe3, 0x80, 0xf4, 0x11, + 0x3e, 0x57, 0x8b, 0x31, 0xe8, 0x67, 0xdd, 0xa4, 0x7d, 0x44, 0xad, 0x37, 0x61, 0xe7, 0x93, 0xf7, + 0x25, 0x03, 0x1b, 0x8d, 0x37, 0x9f, 0x38, 0x9d, 0xe2, 0x77, 0xa9, 0xa0, 0x13, 0x76, 0x51, 0xdf, + 0x54, 0x8a, }; const unsigned char test_rsa_1030[] = { - 0x30, 0x82, 0x02, 0x5f, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x2b, 0x7c, - 0xd1, 0x97, 0xf5, 0x79, 0x6d, 0x1f, 0x8e, 0x57, 0x6b, 0x2b, 0x37, 0x72, - 0x3f, 0xd9, 0x21, 0x08, 0x14, 0xef, 0x1c, 0x19, 0x95, 0xf9, 0x89, 0x9d, - 0x50, 0x05, 0x8f, 0x37, 0x9d, 0x23, 0x9c, 0x66, 0x87, 0x8e, 0x92, 0x2f, - 0x34, 0xc6, 0xae, 0x36, 0x72, 0xc8, 0x59, 0x8f, 0xcd, 0x5d, 0x47, 0xb7, - 0x64, 0xd2, 0xec, 0x15, 0x6e, 0x13, 0x4d, 0x03, 0xcf, 0x6a, 0x94, 0xd3, - 0x8d, 0x2e, 0xa8, 0xbc, 0x76, 0xdb, 0xbc, 0x60, 0xc4, 0xb9, 0x74, 0x21, - 0x90, 0x90, 0xea, 0xf2, 0x87, 0x49, 0x7d, 0x7d, 0xcf, 0x7f, 0x11, 0x9c, - 0xfa, 0x86, 0x74, 0x96, 0xf7, 0xe9, 0x1c, 0x12, 0xb5, 0xd5, 0x52, 0xe1, - 0xd1, 0x46, 0x1a, 0x80, 0xdb, 0xe9, 0xa5, 0x9d, 0xb3, 0xb0, 0x16, 0xc6, - 0xc0, 0x14, 0x1c, 0x3b, 0x2a, 0x0e, 0x22, 0x60, 0x89, 0xb8, 0x55, 0xcb, - 0x88, 0xef, 0x65, 0x64, 0x08, 0xbd, 0x89, 0x02, 0x03, 0x01, 0x00, 0x01, - 0x02, 0x81, 0x81, 0x02, 0x10, 0xd5, 0xff, 0x53, 0x1c, 0xac, 0xb2, 0x2f, - 0x8c, 0xf7, 0xdd, 0x1f, 0xd9, 0xfb, 0x03, 0x76, 0xf3, 0x64, 0x7f, 0x2e, - 0x9a, 0xb3, 0xdf, 0x9c, 0x89, 0xb9, 0xad, 0x3c, 0x98, 0xe6, 0x8b, 0x89, - 0xad, 0xeb, 0x29, 0x90, 0x1d, 0xd2, 0xf2, 0xcf, 0x2a, 0xc1, 0xf8, 0x17, - 0x72, 0x62, 0x78, 0x83, 0x0e, 0xc8, 0xa8, 0xd0, 0xfd, 0xd1, 0x9d, 0x49, - 0x6e, 0xc6, 0xbc, 0x68, 0x36, 0x71, 0x17, 0x47, 0x86, 0xb7, 0xd6, 0xa8, - 0xe8, 0x22, 0xfa, 0x71, 0xd6, 0x5a, 0xd3, 0x5a, 0xbb, 0xdf, 0x0e, 0x6e, - 0x55, 0xff, 0x2c, 0x18, 0x21, 0xb6, 0x2b, 0xc6, 0x30, 0x19, 0x21, 0x60, - 0xe5, 0xc9, 0xb3, 0xdc, 0xaf, 0xc6, 0x5a, 0xe6, 0xb2, 0xa0, 0x88, 0xfb, - 0xc5, 0x59, 0x1d, 0xa5, 0x8a, 0x45, 0xdd, 0x7a, 0x30, 0x96, 0x0f, 0x7d, - 0x3d, 0xef, 0x75, 0xb8, 0x0c, 0xdf, 0x73, 0x24, 0x73, 0x60, 0xe8, 0xfb, - 0x02, 0x41, 0x07, 0x2e, 0x37, 0x1a, 0x3b, 0xa8, 0x61, 0xe7, 0x8e, 0x3e, - 0xb9, 0x31, 0x30, 0x65, 0xfa, 0xab, 0x0a, 0x97, 0x21, 0x6e, 0x95, 0x44, - 0xbf, 0xc2, 0xd5, 0xb4, 0x03, 0x84, 0x4b, 0x43, 0x27, 0x37, 0x05, 0x75, - 0x5a, 0x85, 0xaa, 0x0b, 0xaf, 0x71, 0x14, 0x77, 0x0c, 0xfe, 0xca, 0x20, - 0xbc, 0xa1, 0x7a, 0xc1, 0x9b, 0xc4, 0xcb, 0xba, 0x10, 0x6a, 0x33, 0xb3, - 0xdd, 0xdc, 0xa0, 0xfb, 0x53, 0x5f, 0x33, 0x02, 0x41, 0x06, 0x0e, 0x6a, - 0xf3, 0x7a, 0xb4, 0xea, 0x11, 0xf5, 0x2b, 0x93, 0x44, 0xe7, 0x16, 0x0e, - 0xb2, 0xa5, 0x3f, 0x10, 0x75, 0xe1, 0x22, 0x9a, 0x7f, 0x10, 0xa3, 0x01, - 0xde, 0x33, 0x59, 0xf5, 0x3e, 0x98, 0x1e, 0xa0, 0xe1, 0x7d, 0xf0, 0xfb, - 0x38, 0x0f, 0x08, 0x9e, 0x5c, 0x37, 0xdd, 0x40, 0xda, 0xa2, 0x9e, 0xef, - 0xd2, 0x05, 0xf5, 0xc8, 0x7b, 0x38, 0xf8, 0xfe, 0xf6, 0x36, 0xb5, 0x7b, - 0xa0, 0x53, 0x02, 0x41, 0x02, 0x3a, 0x5d, 0xd0, 0x9e, 0xf8, 0x35, 0x40, - 0xb3, 0x0b, 0x55, 0x4d, 0x24, 0xf6, 0x4f, 0x9c, 0x28, 0xd2, 0x12, 0x06, - 0x8c, 0xfc, 0x62, 0xff, 0xe2, 0x6d, 0x53, 0xb6, 0x05, 0xe0, 0x55, 0x57, - 0xa6, 0x32, 0xee, 0x9e, 0x90, 0xcf, 0xc5, 0x65, 0x31, 0xf3, 0x6a, 0xad, - 0xd8, 0x2b, 0xe6, 0x3b, 0xb8, 0xaa, 0x40, 0x5a, 0x04, 0xd8, 0xbb, 0xe5, - 0x28, 0x1b, 0xc4, 0x58, 0x83, 0xfe, 0xd7, 0xb4, 0xaf, 0x02, 0x41, 0x04, - 0x1d, 0xe6, 0xdb, 0xad, 0x4c, 0xaf, 0x54, 0x17, 0xa9, 0x50, 0x49, 0x65, - 0x20, 0x1c, 0x4b, 0x99, 0x82, 0x7d, 0xe8, 0xf3, 0x69, 0xf7, 0x45, 0x6a, - 0x84, 0xb3, 0xef, 0x5c, 0x4e, 0xc9, 0x23, 0x8c, 0x7a, 0x3d, 0x78, 0x2a, - 0x89, 0x15, 0xeb, 0xec, 0x64, 0x3a, 0x69, 0x8b, 0x5b, 0xee, 0x0a, 0xf0, - 0xc2, 0x43, 0x59, 0x2b, 0xce, 0x00, 0x42, 0xaa, 0xde, 0xaf, 0x49, 0xa4, - 0xb4, 0xc6, 0xdd, 0x9b, 0x02, 0x41, 0x05, 0xd3, 0x2d, 0xee, 0x95, 0x2b, - 0x50, 0x3b, 0x53, 0x6f, 0xce, 0xcf, 0x19, 0xec, 0x08, 0x23, 0x6a, 0x9c, - 0xd9, 0x45, 0xc4, 0x95, 0x51, 0xbf, 0x99, 0xf1, 0x5b, 0x67, 0x4f, 0xc2, - 0x1a, 0xa1, 0x99, 0xf4, 0xc4, 0x21, 0x1f, 0x0f, 0x00, 0x07, 0xc4, 0x17, - 0xc1, 0xfb, 0x41, 0x55, 0x32, 0x6a, 0x21, 0x42, 0xfc, 0xa4, 0x54, 0xbb, - 0xd3, 0x8d, 0x6d, 0xbc, 0x6c, 0xaa, 0x7a, 0xc3, 0x35, 0xa1, 0x7c, + 0x30, 0x82, 0x02, 0x5f, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x2b, 0x7c, 0xd1, 0x97, 0xf5, 0x79, + 0x6d, 0x1f, 0x8e, 0x57, 0x6b, 0x2b, 0x37, 0x72, 0x3f, 0xd9, 0x21, 0x08, 0x14, 0xef, 0x1c, 0x19, + 0x95, 0xf9, 0x89, 0x9d, 0x50, 0x05, 0x8f, 0x37, 0x9d, 0x23, 0x9c, 0x66, 0x87, 0x8e, 0x92, 0x2f, + 0x34, 0xc6, 0xae, 0x36, 0x72, 0xc8, 0x59, 0x8f, 0xcd, 0x5d, 0x47, 0xb7, 0x64, 0xd2, 0xec, 0x15, + 0x6e, 0x13, 0x4d, 0x03, 0xcf, 0x6a, 0x94, 0xd3, 0x8d, 0x2e, 0xa8, 0xbc, 0x76, 0xdb, 0xbc, 0x60, + 0xc4, 0xb9, 0x74, 0x21, 0x90, 0x90, 0xea, 0xf2, 0x87, 0x49, 0x7d, 0x7d, 0xcf, 0x7f, 0x11, 0x9c, + 0xfa, 0x86, 0x74, 0x96, 0xf7, 0xe9, 0x1c, 0x12, 0xb5, 0xd5, 0x52, 0xe1, 0xd1, 0x46, 0x1a, 0x80, + 0xdb, 0xe9, 0xa5, 0x9d, 0xb3, 0xb0, 0x16, 0xc6, 0xc0, 0x14, 0x1c, 0x3b, 0x2a, 0x0e, 0x22, 0x60, + 0x89, 0xb8, 0x55, 0xcb, 0x88, 0xef, 0x65, 0x64, 0x08, 0xbd, 0x89, 0x02, 0x03, 0x01, 0x00, 0x01, + 0x02, 0x81, 0x81, 0x02, 0x10, 0xd5, 0xff, 0x53, 0x1c, 0xac, 0xb2, 0x2f, 0x8c, 0xf7, 0xdd, 0x1f, + 0xd9, 0xfb, 0x03, 0x76, 0xf3, 0x64, 0x7f, 0x2e, 0x9a, 0xb3, 0xdf, 0x9c, 0x89, 0xb9, 0xad, 0x3c, + 0x98, 0xe6, 0x8b, 0x89, 0xad, 0xeb, 0x29, 0x90, 0x1d, 0xd2, 0xf2, 0xcf, 0x2a, 0xc1, 0xf8, 0x17, + 0x72, 0x62, 0x78, 0x83, 0x0e, 0xc8, 0xa8, 0xd0, 0xfd, 0xd1, 0x9d, 0x49, 0x6e, 0xc6, 0xbc, 0x68, + 0x36, 0x71, 0x17, 0x47, 0x86, 0xb7, 0xd6, 0xa8, 0xe8, 0x22, 0xfa, 0x71, 0xd6, 0x5a, 0xd3, 0x5a, + 0xbb, 0xdf, 0x0e, 0x6e, 0x55, 0xff, 0x2c, 0x18, 0x21, 0xb6, 0x2b, 0xc6, 0x30, 0x19, 0x21, 0x60, + 0xe5, 0xc9, 0xb3, 0xdc, 0xaf, 0xc6, 0x5a, 0xe6, 0xb2, 0xa0, 0x88, 0xfb, 0xc5, 0x59, 0x1d, 0xa5, + 0x8a, 0x45, 0xdd, 0x7a, 0x30, 0x96, 0x0f, 0x7d, 0x3d, 0xef, 0x75, 0xb8, 0x0c, 0xdf, 0x73, 0x24, + 0x73, 0x60, 0xe8, 0xfb, 0x02, 0x41, 0x07, 0x2e, 0x37, 0x1a, 0x3b, 0xa8, 0x61, 0xe7, 0x8e, 0x3e, + 0xb9, 0x31, 0x30, 0x65, 0xfa, 0xab, 0x0a, 0x97, 0x21, 0x6e, 0x95, 0x44, 0xbf, 0xc2, 0xd5, 0xb4, + 0x03, 0x84, 0x4b, 0x43, 0x27, 0x37, 0x05, 0x75, 0x5a, 0x85, 0xaa, 0x0b, 0xaf, 0x71, 0x14, 0x77, + 0x0c, 0xfe, 0xca, 0x20, 0xbc, 0xa1, 0x7a, 0xc1, 0x9b, 0xc4, 0xcb, 0xba, 0x10, 0x6a, 0x33, 0xb3, + 0xdd, 0xdc, 0xa0, 0xfb, 0x53, 0x5f, 0x33, 0x02, 0x41, 0x06, 0x0e, 0x6a, 0xf3, 0x7a, 0xb4, 0xea, + 0x11, 0xf5, 0x2b, 0x93, 0x44, 0xe7, 0x16, 0x0e, 0xb2, 0xa5, 0x3f, 0x10, 0x75, 0xe1, 0x22, 0x9a, + 0x7f, 0x10, 0xa3, 0x01, 0xde, 0x33, 0x59, 0xf5, 0x3e, 0x98, 0x1e, 0xa0, 0xe1, 0x7d, 0xf0, 0xfb, + 0x38, 0x0f, 0x08, 0x9e, 0x5c, 0x37, 0xdd, 0x40, 0xda, 0xa2, 0x9e, 0xef, 0xd2, 0x05, 0xf5, 0xc8, + 0x7b, 0x38, 0xf8, 0xfe, 0xf6, 0x36, 0xb5, 0x7b, 0xa0, 0x53, 0x02, 0x41, 0x02, 0x3a, 0x5d, 0xd0, + 0x9e, 0xf8, 0x35, 0x40, 0xb3, 0x0b, 0x55, 0x4d, 0x24, 0xf6, 0x4f, 0x9c, 0x28, 0xd2, 0x12, 0x06, + 0x8c, 0xfc, 0x62, 0xff, 0xe2, 0x6d, 0x53, 0xb6, 0x05, 0xe0, 0x55, 0x57, 0xa6, 0x32, 0xee, 0x9e, + 0x90, 0xcf, 0xc5, 0x65, 0x31, 0xf3, 0x6a, 0xad, 0xd8, 0x2b, 0xe6, 0x3b, 0xb8, 0xaa, 0x40, 0x5a, + 0x04, 0xd8, 0xbb, 0xe5, 0x28, 0x1b, 0xc4, 0x58, 0x83, 0xfe, 0xd7, 0xb4, 0xaf, 0x02, 0x41, 0x04, + 0x1d, 0xe6, 0xdb, 0xad, 0x4c, 0xaf, 0x54, 0x17, 0xa9, 0x50, 0x49, 0x65, 0x20, 0x1c, 0x4b, 0x99, + 0x82, 0x7d, 0xe8, 0xf3, 0x69, 0xf7, 0x45, 0x6a, 0x84, 0xb3, 0xef, 0x5c, 0x4e, 0xc9, 0x23, 0x8c, + 0x7a, 0x3d, 0x78, 0x2a, 0x89, 0x15, 0xeb, 0xec, 0x64, 0x3a, 0x69, 0x8b, 0x5b, 0xee, 0x0a, 0xf0, + 0xc2, 0x43, 0x59, 0x2b, 0xce, 0x00, 0x42, 0xaa, 0xde, 0xaf, 0x49, 0xa4, 0xb4, 0xc6, 0xdd, 0x9b, + 0x02, 0x41, 0x05, 0xd3, 0x2d, 0xee, 0x95, 0x2b, 0x50, 0x3b, 0x53, 0x6f, 0xce, 0xcf, 0x19, 0xec, + 0x08, 0x23, 0x6a, 0x9c, 0xd9, 0x45, 0xc4, 0x95, 0x51, 0xbf, 0x99, 0xf1, 0x5b, 0x67, 0x4f, 0xc2, + 0x1a, 0xa1, 0x99, 0xf4, 0xc4, 0x21, 0x1f, 0x0f, 0x00, 0x07, 0xc4, 0x17, 0xc1, 0xfb, 0x41, 0x55, + 0x32, 0x6a, 0x21, 0x42, 0xfc, 0xa4, 0x54, 0xbb, 0xd3, 0x8d, 0x6d, 0xbc, 0x6c, 0xaa, 0x7a, 0xc3, + 0x35, 0xa1, 0x7c, }; const unsigned char test_rsa_2048[] = { - 0x30, 0x82, 0x04, 0xa3, 0x02, 0x01, 0x00, 0x02, 0x82, 0x01, 0x01, 0x00, - 0xf7, 0xbb, 0x6b, 0x8e, 0xab, 0x40, 0x49, 0x1c, 0xd6, 0x44, 0x55, 0xec, - 0x04, 0xd4, 0xed, 0x8d, 0xb5, 0x05, 0x1a, 0x97, 0x38, 0xfc, 0x7a, 0xf7, - 0x3f, 0xf3, 0xb0, 0x97, 0x51, 0x1c, 0xce, 0x40, 0xaa, 0xf7, 0x65, 0x37, - 0xb1, 0x35, 0x35, 0x04, 0x42, 0x79, 0x86, 0xb7, 0xb2, 0xb5, 0x3a, 0x96, - 0x4a, 0x69, 0x37, 0xb5, 0x58, 0xec, 0x0d, 0x1d, 0xea, 0x27, 0x4a, 0xf2, - 0xb8, 0xff, 0xf2, 0xf0, 0x94, 0xc2, 0x43, 0xfa, 0x57, 0x72, 0x66, 0xa7, - 0x9d, 0xb0, 0xc2, 0x6f, 0xfe, 0x30, 0x41, 0x6d, 0x23, 0xef, 0x05, 0xdd, - 0x5f, 0xec, 0xab, 0x41, 0x3e, 0xbb, 0xb4, 0xf8, 0x52, 0x6a, 0xe7, 0x20, - 0xa9, 0x45, 0x84, 0x22, 0x6b, 0x37, 0xd9, 0x2e, 0xf4, 0x63, 0xfc, 0x73, - 0x6c, 0xb3, 0x8e, 0x53, 0x0e, 0x74, 0x88, 0xd9, 0x16, 0x2f, 0x57, 0x26, - 0x80, 0x7b, 0xc5, 0x43, 0x13, 0x8a, 0x2d, 0x25, 0x8a, 0xdb, 0x4d, 0x68, - 0x02, 0x21, 0xc2, 0x53, 0x23, 0x81, 0xcc, 0xfa, 0x81, 0xbc, 0x89, 0xbc, - 0x3d, 0x7b, 0x84, 0x03, 0x9c, 0x2d, 0xf4, 0x1c, 0xe3, 0xec, 0x8d, 0xb9, - 0x1c, 0x23, 0x80, 0xe7, 0x81, 0xba, 0x3a, 0xa9, 0xe2, 0x3b, 0x74, 0xed, - 0x99, 0x73, 0xd4, 0x90, 0x8e, 0xfc, 0xa4, 0x7a, 0xa8, 0xd9, 0xb7, 0xb0, - 0xa4, 0x42, 0x32, 0x97, 0xa4, 0x04, 0x42, 0x7c, 0x3f, 0x3c, 0xd6, 0xe0, - 0x78, 0x2e, 0x45, 0x53, 0x88, 0x0f, 0x06, 0xba, 0x39, 0xa6, 0x4f, 0x4a, - 0x7b, 0x0e, 0xef, 0x92, 0x1a, 0x60, 0x50, 0xa2, 0x07, 0xce, 0xfa, 0xdc, - 0xf0, 0x73, 0x94, 0xa3, 0xe1, 0x8e, 0xa9, 0x15, 0xdc, 0x84, 0x97, 0xe7, - 0xae, 0x61, 0xfc, 0x31, 0x62, 0xf6, 0x2f, 0x50, 0x65, 0xa6, 0x92, 0xaf, - 0x07, 0x72, 0x66, 0xf7, 0x36, 0x0c, 0x20, 0x76, 0xce, 0xbe, 0xaf, 0x14, - 0xcb, 0x22, 0xc1, 0xed, 0x02, 0x03, 0x01, 0x00, 0x01, 0x02, 0x82, 0x01, - 0x00, 0x00, 0xb8, 0x96, 0x2d, 0xce, 0x60, 0x4b, 0xc6, 0x2e, 0x76, 0x78, - 0xf4, 0x8c, 0xa8, 0x0c, 0xff, 0xf4, 0x56, 0xad, 0x36, 0xe2, 0xf6, 0xd3, - 0x29, 0xcc, 0x91, 0x1a, 0x42, 0xba, 0x7c, 0xf5, 0xb9, 0xb8, 0xf5, 0xaa, - 0xe1, 0x00, 0x5e, 0x4a, 0x06, 0xf6, 0xe5, 0x91, 0x27, 0x90, 0x38, 0xd8, - 0x50, 0x8f, 0x2b, 0x62, 0xba, 0xdf, 0xa5, 0x22, 0x3d, 0xa3, 0xcc, 0x94, - 0xfa, 0x83, 0x60, 0xd5, 0x55, 0x6f, 0x6d, 0x68, 0x52, 0xbe, 0x75, 0xea, - 0x08, 0x13, 0x5c, 0xac, 0x18, 0x34, 0xda, 0x71, 0x9a, 0x4e, 0x78, 0x37, - 0xe1, 0x66, 0xd1, 0xd2, 0xc6, 0xc8, 0x16, 0xb6, 0x46, 0x61, 0xc1, 0x07, - 0x66, 0xb0, 0x2f, 0x70, 0x5c, 0xc4, 0x48, 0x9f, 0x94, 0x74, 0x28, 0x25, - 0x58, 0x35, 0xa9, 0x09, 0x21, 0x43, 0x41, 0xc2, 0x13, 0x35, 0xae, 0x12, - 0x18, 0x1d, 0xd8, 0x1e, 0x61, 0x1d, 0x59, 0xb1, 0xdb, 0x70, 0x66, 0x7b, - 0xeb, 0xd7, 0xe9, 0x2b, 0x71, 0xe1, 0xd3, 0x88, 0x31, 0x8d, 0x3e, 0xc1, - 0x4d, 0x61, 0x6f, 0x72, 0xc2, 0x31, 0xf6, 0x72, 0x7a, 0x18, 0x3e, 0x68, - 0x18, 0x28, 0x5b, 0xd6, 0x5f, 0x65, 0x72, 0xca, 0xdc, 0x90, 0x12, 0x24, - 0x88, 0x21, 0xb2, 0xd0, 0xae, 0x6c, 0xed, 0xd3, 0x0c, 0xa4, 0x40, 0xd4, - 0xd3, 0x4c, 0xd7, 0x7e, 0x2c, 0xf6, 0xb4, 0x0e, 0xd2, 0xc7, 0xd8, 0x56, - 0xb3, 0x0d, 0x47, 0x47, 0x33, 0xfc, 0xe0, 0xfb, 0x69, 0x5c, 0x3e, 0x65, - 0x30, 0xc0, 0x79, 0xae, 0xd9, 0x55, 0xe4, 0x07, 0x30, 0x55, 0xf2, 0x65, - 0x5d, 0x4b, 0x67, 0x1e, 0x29, 0x1f, 0xde, 0x40, 0x0f, 0x2f, 0x06, 0xd0, - 0xb3, 0x3f, 0x87, 0xd2, 0x61, 0xe0, 0xad, 0x3d, 0xae, 0x48, 0xa9, 0x13, - 0x84, 0x1b, 0x34, 0xcf, 0xed, 0x03, 0x79, 0x0f, 0xca, 0xee, 0x00, 0xde, - 0x2e, 0x90, 0xfb, 0x96, 0x21, 0x02, 0x81, 0x81, 0x00, 0xfc, 0xbe, 0x89, - 0xcd, 0x1a, 0xa3, 0x19, 0xe4, 0x9e, 0xf4, 0xf7, 0x21, 0x49, 0xbf, 0x06, - 0xda, 0x57, 0xdc, 0xc6, 0x4d, 0x3d, 0xe6, 0x05, 0xe9, 0xff, 0x3e, 0x76, - 0xfc, 0x66, 0xf4, 0xb1, 0xe2, 0x87, 0x82, 0x45, 0xff, 0xd7, 0x19, 0x90, - 0x51, 0x1b, 0x17, 0xe9, 0x7f, 0x33, 0x81, 0x88, 0x89, 0xa8, 0xc2, 0x1b, - 0x55, 0x27, 0xfd, 0x18, 0x13, 0x27, 0xaf, 0xfe, 0x88, 0xf9, 0xbb, 0xa6, - 0x70, 0xc4, 0xe6, 0xf1, 0xe6, 0x30, 0x9b, 0xd0, 0x32, 0x30, 0x74, 0xe4, - 0xcb, 0xcf, 0x23, 0xdc, 0xe3, 0xc1, 0x9b, 0x8d, 0x54, 0x95, 0xf5, 0x6a, - 0x93, 0x05, 0x9b, 0xa7, 0x41, 0x4f, 0x28, 0xed, 0x1e, 0xc9, 0x06, 0xad, - 0x18, 0xc6, 0x3d, 0xe1, 0x14, 0x8a, 0xbc, 0xfe, 0x9b, 0xe7, 0x98, 0x60, - 0x00, 0xf4, 0x25, 0xe5, 0x80, 0xb7, 0x0e, 0x43, 0xe4, 0x8e, 0x24, 0xfa, - 0x9d, 0x51, 0xaa, 0xae, 0x4d, 0x02, 0x81, 0x81, 0x00, 0xfa, 0xec, 0x5a, - 0x7b, 0xed, 0x2e, 0x53, 0xcf, 0xca, 0x1e, 0x16, 0x7d, 0xb4, 0x64, 0x1d, - 0xb5, 0xa0, 0x0f, 0xe2, 0xc3, 0x28, 0x12, 0x54, 0x23, 0xd5, 0x94, 0x78, - 0x9f, 0x3e, 0xc0, 0x72, 0xc6, 0x23, 0xe7, 0xaf, 0xbd, 0xee, 0x00, 0x89, - 0xfd, 0x26, 0x30, 0x76, 0x51, 0xf6, 0xd3, 0x61, 0x1a, 0x88, 0xaf, 0x28, - 0xc3, 0x45, 0x85, 0xd5, 0xcb, 0x71, 0x3a, 0x65, 0x0c, 0x35, 0x93, 0x3f, - 0x58, 0x94, 0x4d, 0xb9, 0xbd, 0x15, 0xba, 0x9f, 0xc2, 0x8b, 0x07, 0xe6, - 0x70, 0x5b, 0x7b, 0x3e, 0xf1, 0xcc, 0xb4, 0x8d, 0x21, 0xa5, 0x35, 0x69, - 0xc8, 0xb8, 0x4c, 0x44, 0x4b, 0x61, 0xea, 0x5c, 0x6e, 0x67, 0xb5, 0x4f, - 0x0a, 0xfd, 0x85, 0x2f, 0xfb, 0x8c, 0x92, 0xa1, 0x11, 0xfa, 0xb8, 0x67, - 0x72, 0x63, 0xee, 0xb8, 0x0c, 0xf1, 0xa3, 0x40, 0x3b, 0x4a, 0x9a, 0x20, - 0x97, 0x76, 0x94, 0x72, 0x21, 0x02, 0x81, 0x80, 0x2f, 0xf9, 0x9a, 0xfe, - 0xab, 0xc7, 0xb9, 0xea, 0x83, 0xa1, 0xcc, 0x27, 0x2d, 0x70, 0x6d, 0x44, - 0x94, 0xd8, 0xfb, 0x6b, 0x3e, 0x0c, 0xa3, 0xa2, 0xbf, 0x28, 0x84, 0x3d, - 0x74, 0xed, 0x8d, 0xb6, 0x8a, 0x32, 0x58, 0x47, 0x2f, 0xf5, 0x52, 0x47, - 0x92, 0xf4, 0xff, 0x05, 0x7e, 0x29, 0x60, 0x59, 0x81, 0x07, 0x17, 0x59, - 0x1a, 0xb6, 0x18, 0x13, 0xca, 0xbc, 0xc5, 0x7c, 0x0a, 0xab, 0x6b, 0xf4, - 0x8b, 0xeb, 0xaa, 0x8f, 0x1f, 0x3a, 0xf4, 0x52, 0x12, 0x90, 0x9d, 0xbd, - 0x72, 0x1c, 0x44, 0x99, 0x96, 0xee, 0x87, 0xed, 0x3e, 0x69, 0xcf, 0x49, - 0x09, 0x0f, 0x7a, 0xb8, 0x12, 0xe6, 0x99, 0xdb, 0xf6, 0x1c, 0xa6, 0x4e, - 0xc5, 0x92, 0x89, 0x5e, 0xf4, 0xd6, 0xdb, 0x1d, 0x8c, 0xe0, 0x87, 0x98, - 0xa6, 0xbf, 0x6a, 0xc8, 0xfb, 0xf6, 0x61, 0x3c, 0xc9, 0x1e, 0x8b, 0xd3, - 0xc0, 0xe4, 0xbd, 0x21, 0x02, 0x81, 0x81, 0x00, 0xb2, 0x9b, 0x34, 0x59, - 0x0b, 0xdd, 0xb3, 0x08, 0xaf, 0xec, 0xb4, 0xc3, 0xab, 0x78, 0xab, 0xf1, - 0x11, 0x4a, 0xdd, 0x75, 0x5e, 0x7b, 0x95, 0x6a, 0xa0, 0x67, 0x7b, 0x68, - 0x96, 0xa9, 0x33, 0xc9, 0x37, 0xdb, 0x7d, 0xab, 0xaa, 0xd2, 0xb5, 0x65, - 0xfd, 0x1d, 0xf7, 0xca, 0xa5, 0xef, 0x96, 0x29, 0xe5, 0xeb, 0x10, 0x0f, - 0xd6, 0xd7, 0xc9, 0xf3, 0x72, 0xd8, 0x46, 0xfe, 0xe6, 0xcf, 0xb6, 0x02, - 0x5e, 0x25, 0xe9, 0x34, 0xdf, 0x57, 0xa4, 0xca, 0x3c, 0x5e, 0x56, 0x37, - 0xd9, 0xd6, 0x23, 0x5a, 0xc8, 0x04, 0x28, 0x85, 0x2f, 0x6c, 0x92, 0xac, - 0xae, 0x0a, 0x93, 0x7e, 0x38, 0xe7, 0x31, 0xfd, 0xe0, 0x52, 0x1d, 0x3e, - 0x4c, 0x70, 0xd6, 0x53, 0xae, 0x9e, 0xdc, 0x89, 0xc8, 0xb6, 0x23, 0xe4, - 0x37, 0x9f, 0xbf, 0x60, 0x6f, 0x4b, 0x6d, 0xb8, 0x06, 0x85, 0x28, 0xf7, - 0xc7, 0x0f, 0x29, 0x21, 0x02, 0x81, 0x80, 0x0e, 0xd4, 0x7a, 0xe0, 0x5b, - 0x27, 0x5a, 0x23, 0xa7, 0xdf, 0xe3, 0xff, 0xb7, 0x27, 0xe3, 0xa2, 0x68, - 0xe6, 0x26, 0xa5, 0x9d, 0x40, 0x1d, 0x2d, 0x84, 0x6d, 0xe2, 0x69, 0x54, - 0xff, 0x54, 0xfc, 0x9e, 0xd9, 0x3a, 0x9a, 0xf3, 0x3f, 0xac, 0x2c, 0x96, - 0x7a, 0x18, 0xe0, 0xf8, 0x61, 0x45, 0x08, 0x3e, 0x39, 0x92, 0x34, 0x54, - 0xbc, 0x10, 0xda, 0x5f, 0x49, 0x37, 0xe8, 0x36, 0xb9, 0x98, 0x51, 0x95, - 0x6b, 0xff, 0xb3, 0x01, 0xce, 0x9e, 0x06, 0x78, 0x97, 0x86, 0x69, 0x32, - 0x13, 0xfc, 0xde, 0x6d, 0x5f, 0x29, 0x33, 0xd5, 0x2b, 0xb2, 0x9d, 0xc3, - 0x40, 0xea, 0x01, 0x12, 0x57, 0x78, 0x8d, 0x3c, 0x57, 0x75, 0xeb, 0x65, - 0x69, 0x23, 0x0a, 0xaf, 0xbf, 0x08, 0x75, 0x2d, 0x40, 0xa8, 0x41, 0x9d, - 0xe7, 0x1b, 0x01, 0xd4, 0x92, 0x7e, 0x27, 0xc1, 0x07, 0x9c, 0xaa, 0xda, - 0x05, 0x68, 0xb1, + 0x30, 0x82, 0x04, 0xa3, 0x02, 0x01, 0x00, 0x02, 0x82, 0x01, 0x01, 0x00, 0xf7, 0xbb, 0x6b, 0x8e, + 0xab, 0x40, 0x49, 0x1c, 0xd6, 0x44, 0x55, 0xec, 0x04, 0xd4, 0xed, 0x8d, 0xb5, 0x05, 0x1a, 0x97, + 0x38, 0xfc, 0x7a, 0xf7, 0x3f, 0xf3, 0xb0, 0x97, 0x51, 0x1c, 0xce, 0x40, 0xaa, 0xf7, 0x65, 0x37, + 0xb1, 0x35, 0x35, 0x04, 0x42, 0x79, 0x86, 0xb7, 0xb2, 0xb5, 0x3a, 0x96, 0x4a, 0x69, 0x37, 0xb5, + 0x58, 0xec, 0x0d, 0x1d, 0xea, 0x27, 0x4a, 0xf2, 0xb8, 0xff, 0xf2, 0xf0, 0x94, 0xc2, 0x43, 0xfa, + 0x57, 0x72, 0x66, 0xa7, 0x9d, 0xb0, 0xc2, 0x6f, 0xfe, 0x30, 0x41, 0x6d, 0x23, 0xef, 0x05, 0xdd, + 0x5f, 0xec, 0xab, 0x41, 0x3e, 0xbb, 0xb4, 0xf8, 0x52, 0x6a, 0xe7, 0x20, 0xa9, 0x45, 0x84, 0x22, + 0x6b, 0x37, 0xd9, 0x2e, 0xf4, 0x63, 0xfc, 0x73, 0x6c, 0xb3, 0x8e, 0x53, 0x0e, 0x74, 0x88, 0xd9, + 0x16, 0x2f, 0x57, 0x26, 0x80, 0x7b, 0xc5, 0x43, 0x13, 0x8a, 0x2d, 0x25, 0x8a, 0xdb, 0x4d, 0x68, + 0x02, 0x21, 0xc2, 0x53, 0x23, 0x81, 0xcc, 0xfa, 0x81, 0xbc, 0x89, 0xbc, 0x3d, 0x7b, 0x84, 0x03, + 0x9c, 0x2d, 0xf4, 0x1c, 0xe3, 0xec, 0x8d, 0xb9, 0x1c, 0x23, 0x80, 0xe7, 0x81, 0xba, 0x3a, 0xa9, + 0xe2, 0x3b, 0x74, 0xed, 0x99, 0x73, 0xd4, 0x90, 0x8e, 0xfc, 0xa4, 0x7a, 0xa8, 0xd9, 0xb7, 0xb0, + 0xa4, 0x42, 0x32, 0x97, 0xa4, 0x04, 0x42, 0x7c, 0x3f, 0x3c, 0xd6, 0xe0, 0x78, 0x2e, 0x45, 0x53, + 0x88, 0x0f, 0x06, 0xba, 0x39, 0xa6, 0x4f, 0x4a, 0x7b, 0x0e, 0xef, 0x92, 0x1a, 0x60, 0x50, 0xa2, + 0x07, 0xce, 0xfa, 0xdc, 0xf0, 0x73, 0x94, 0xa3, 0xe1, 0x8e, 0xa9, 0x15, 0xdc, 0x84, 0x97, 0xe7, + 0xae, 0x61, 0xfc, 0x31, 0x62, 0xf6, 0x2f, 0x50, 0x65, 0xa6, 0x92, 0xaf, 0x07, 0x72, 0x66, 0xf7, + 0x36, 0x0c, 0x20, 0x76, 0xce, 0xbe, 0xaf, 0x14, 0xcb, 0x22, 0xc1, 0xed, 0x02, 0x03, 0x01, 0x00, + 0x01, 0x02, 0x82, 0x01, 0x00, 0x00, 0xb8, 0x96, 0x2d, 0xce, 0x60, 0x4b, 0xc6, 0x2e, 0x76, 0x78, + 0xf4, 0x8c, 0xa8, 0x0c, 0xff, 0xf4, 0x56, 0xad, 0x36, 0xe2, 0xf6, 0xd3, 0x29, 0xcc, 0x91, 0x1a, + 0x42, 0xba, 0x7c, 0xf5, 0xb9, 0xb8, 0xf5, 0xaa, 0xe1, 0x00, 0x5e, 0x4a, 0x06, 0xf6, 0xe5, 0x91, + 0x27, 0x90, 0x38, 0xd8, 0x50, 0x8f, 0x2b, 0x62, 0xba, 0xdf, 0xa5, 0x22, 0x3d, 0xa3, 0xcc, 0x94, + 0xfa, 0x83, 0x60, 0xd5, 0x55, 0x6f, 0x6d, 0x68, 0x52, 0xbe, 0x75, 0xea, 0x08, 0x13, 0x5c, 0xac, + 0x18, 0x34, 0xda, 0x71, 0x9a, 0x4e, 0x78, 0x37, 0xe1, 0x66, 0xd1, 0xd2, 0xc6, 0xc8, 0x16, 0xb6, + 0x46, 0x61, 0xc1, 0x07, 0x66, 0xb0, 0x2f, 0x70, 0x5c, 0xc4, 0x48, 0x9f, 0x94, 0x74, 0x28, 0x25, + 0x58, 0x35, 0xa9, 0x09, 0x21, 0x43, 0x41, 0xc2, 0x13, 0x35, 0xae, 0x12, 0x18, 0x1d, 0xd8, 0x1e, + 0x61, 0x1d, 0x59, 0xb1, 0xdb, 0x70, 0x66, 0x7b, 0xeb, 0xd7, 0xe9, 0x2b, 0x71, 0xe1, 0xd3, 0x88, + 0x31, 0x8d, 0x3e, 0xc1, 0x4d, 0x61, 0x6f, 0x72, 0xc2, 0x31, 0xf6, 0x72, 0x7a, 0x18, 0x3e, 0x68, + 0x18, 0x28, 0x5b, 0xd6, 0x5f, 0x65, 0x72, 0xca, 0xdc, 0x90, 0x12, 0x24, 0x88, 0x21, 0xb2, 0xd0, + 0xae, 0x6c, 0xed, 0xd3, 0x0c, 0xa4, 0x40, 0xd4, 0xd3, 0x4c, 0xd7, 0x7e, 0x2c, 0xf6, 0xb4, 0x0e, + 0xd2, 0xc7, 0xd8, 0x56, 0xb3, 0x0d, 0x47, 0x47, 0x33, 0xfc, 0xe0, 0xfb, 0x69, 0x5c, 0x3e, 0x65, + 0x30, 0xc0, 0x79, 0xae, 0xd9, 0x55, 0xe4, 0x07, 0x30, 0x55, 0xf2, 0x65, 0x5d, 0x4b, 0x67, 0x1e, + 0x29, 0x1f, 0xde, 0x40, 0x0f, 0x2f, 0x06, 0xd0, 0xb3, 0x3f, 0x87, 0xd2, 0x61, 0xe0, 0xad, 0x3d, + 0xae, 0x48, 0xa9, 0x13, 0x84, 0x1b, 0x34, 0xcf, 0xed, 0x03, 0x79, 0x0f, 0xca, 0xee, 0x00, 0xde, + 0x2e, 0x90, 0xfb, 0x96, 0x21, 0x02, 0x81, 0x81, 0x00, 0xfc, 0xbe, 0x89, 0xcd, 0x1a, 0xa3, 0x19, + 0xe4, 0x9e, 0xf4, 0xf7, 0x21, 0x49, 0xbf, 0x06, 0xda, 0x57, 0xdc, 0xc6, 0x4d, 0x3d, 0xe6, 0x05, + 0xe9, 0xff, 0x3e, 0x76, 0xfc, 0x66, 0xf4, 0xb1, 0xe2, 0x87, 0x82, 0x45, 0xff, 0xd7, 0x19, 0x90, + 0x51, 0x1b, 0x17, 0xe9, 0x7f, 0x33, 0x81, 0x88, 0x89, 0xa8, 0xc2, 0x1b, 0x55, 0x27, 0xfd, 0x18, + 0x13, 0x27, 0xaf, 0xfe, 0x88, 0xf9, 0xbb, 0xa6, 0x70, 0xc4, 0xe6, 0xf1, 0xe6, 0x30, 0x9b, 0xd0, + 0x32, 0x30, 0x74, 0xe4, 0xcb, 0xcf, 0x23, 0xdc, 0xe3, 0xc1, 0x9b, 0x8d, 0x54, 0x95, 0xf5, 0x6a, + 0x93, 0x05, 0x9b, 0xa7, 0x41, 0x4f, 0x28, 0xed, 0x1e, 0xc9, 0x06, 0xad, 0x18, 0xc6, 0x3d, 0xe1, + 0x14, 0x8a, 0xbc, 0xfe, 0x9b, 0xe7, 0x98, 0x60, 0x00, 0xf4, 0x25, 0xe5, 0x80, 0xb7, 0x0e, 0x43, + 0xe4, 0x8e, 0x24, 0xfa, 0x9d, 0x51, 0xaa, 0xae, 0x4d, 0x02, 0x81, 0x81, 0x00, 0xfa, 0xec, 0x5a, + 0x7b, 0xed, 0x2e, 0x53, 0xcf, 0xca, 0x1e, 0x16, 0x7d, 0xb4, 0x64, 0x1d, 0xb5, 0xa0, 0x0f, 0xe2, + 0xc3, 0x28, 0x12, 0x54, 0x23, 0xd5, 0x94, 0x78, 0x9f, 0x3e, 0xc0, 0x72, 0xc6, 0x23, 0xe7, 0xaf, + 0xbd, 0xee, 0x00, 0x89, 0xfd, 0x26, 0x30, 0x76, 0x51, 0xf6, 0xd3, 0x61, 0x1a, 0x88, 0xaf, 0x28, + 0xc3, 0x45, 0x85, 0xd5, 0xcb, 0x71, 0x3a, 0x65, 0x0c, 0x35, 0x93, 0x3f, 0x58, 0x94, 0x4d, 0xb9, + 0xbd, 0x15, 0xba, 0x9f, 0xc2, 0x8b, 0x07, 0xe6, 0x70, 0x5b, 0x7b, 0x3e, 0xf1, 0xcc, 0xb4, 0x8d, + 0x21, 0xa5, 0x35, 0x69, 0xc8, 0xb8, 0x4c, 0x44, 0x4b, 0x61, 0xea, 0x5c, 0x6e, 0x67, 0xb5, 0x4f, + 0x0a, 0xfd, 0x85, 0x2f, 0xfb, 0x8c, 0x92, 0xa1, 0x11, 0xfa, 0xb8, 0x67, 0x72, 0x63, 0xee, 0xb8, + 0x0c, 0xf1, 0xa3, 0x40, 0x3b, 0x4a, 0x9a, 0x20, 0x97, 0x76, 0x94, 0x72, 0x21, 0x02, 0x81, 0x80, + 0x2f, 0xf9, 0x9a, 0xfe, 0xab, 0xc7, 0xb9, 0xea, 0x83, 0xa1, 0xcc, 0x27, 0x2d, 0x70, 0x6d, 0x44, + 0x94, 0xd8, 0xfb, 0x6b, 0x3e, 0x0c, 0xa3, 0xa2, 0xbf, 0x28, 0x84, 0x3d, 0x74, 0xed, 0x8d, 0xb6, + 0x8a, 0x32, 0x58, 0x47, 0x2f, 0xf5, 0x52, 0x47, 0x92, 0xf4, 0xff, 0x05, 0x7e, 0x29, 0x60, 0x59, + 0x81, 0x07, 0x17, 0x59, 0x1a, 0xb6, 0x18, 0x13, 0xca, 0xbc, 0xc5, 0x7c, 0x0a, 0xab, 0x6b, 0xf4, + 0x8b, 0xeb, 0xaa, 0x8f, 0x1f, 0x3a, 0xf4, 0x52, 0x12, 0x90, 0x9d, 0xbd, 0x72, 0x1c, 0x44, 0x99, + 0x96, 0xee, 0x87, 0xed, 0x3e, 0x69, 0xcf, 0x49, 0x09, 0x0f, 0x7a, 0xb8, 0x12, 0xe6, 0x99, 0xdb, + 0xf6, 0x1c, 0xa6, 0x4e, 0xc5, 0x92, 0x89, 0x5e, 0xf4, 0xd6, 0xdb, 0x1d, 0x8c, 0xe0, 0x87, 0x98, + 0xa6, 0xbf, 0x6a, 0xc8, 0xfb, 0xf6, 0x61, 0x3c, 0xc9, 0x1e, 0x8b, 0xd3, 0xc0, 0xe4, 0xbd, 0x21, + 0x02, 0x81, 0x81, 0x00, 0xb2, 0x9b, 0x34, 0x59, 0x0b, 0xdd, 0xb3, 0x08, 0xaf, 0xec, 0xb4, 0xc3, + 0xab, 0x78, 0xab, 0xf1, 0x11, 0x4a, 0xdd, 0x75, 0x5e, 0x7b, 0x95, 0x6a, 0xa0, 0x67, 0x7b, 0x68, + 0x96, 0xa9, 0x33, 0xc9, 0x37, 0xdb, 0x7d, 0xab, 0xaa, 0xd2, 0xb5, 0x65, 0xfd, 0x1d, 0xf7, 0xca, + 0xa5, 0xef, 0x96, 0x29, 0xe5, 0xeb, 0x10, 0x0f, 0xd6, 0xd7, 0xc9, 0xf3, 0x72, 0xd8, 0x46, 0xfe, + 0xe6, 0xcf, 0xb6, 0x02, 0x5e, 0x25, 0xe9, 0x34, 0xdf, 0x57, 0xa4, 0xca, 0x3c, 0x5e, 0x56, 0x37, + 0xd9, 0xd6, 0x23, 0x5a, 0xc8, 0x04, 0x28, 0x85, 0x2f, 0x6c, 0x92, 0xac, 0xae, 0x0a, 0x93, 0x7e, + 0x38, 0xe7, 0x31, 0xfd, 0xe0, 0x52, 0x1d, 0x3e, 0x4c, 0x70, 0xd6, 0x53, 0xae, 0x9e, 0xdc, 0x89, + 0xc8, 0xb6, 0x23, 0xe4, 0x37, 0x9f, 0xbf, 0x60, 0x6f, 0x4b, 0x6d, 0xb8, 0x06, 0x85, 0x28, 0xf7, + 0xc7, 0x0f, 0x29, 0x21, 0x02, 0x81, 0x80, 0x0e, 0xd4, 0x7a, 0xe0, 0x5b, 0x27, 0x5a, 0x23, 0xa7, + 0xdf, 0xe3, 0xff, 0xb7, 0x27, 0xe3, 0xa2, 0x68, 0xe6, 0x26, 0xa5, 0x9d, 0x40, 0x1d, 0x2d, 0x84, + 0x6d, 0xe2, 0x69, 0x54, 0xff, 0x54, 0xfc, 0x9e, 0xd9, 0x3a, 0x9a, 0xf3, 0x3f, 0xac, 0x2c, 0x96, + 0x7a, 0x18, 0xe0, 0xf8, 0x61, 0x45, 0x08, 0x3e, 0x39, 0x92, 0x34, 0x54, 0xbc, 0x10, 0xda, 0x5f, + 0x49, 0x37, 0xe8, 0x36, 0xb9, 0x98, 0x51, 0x95, 0x6b, 0xff, 0xb3, 0x01, 0xce, 0x9e, 0x06, 0x78, + 0x97, 0x86, 0x69, 0x32, 0x13, 0xfc, 0xde, 0x6d, 0x5f, 0x29, 0x33, 0xd5, 0x2b, 0xb2, 0x9d, 0xc3, + 0x40, 0xea, 0x01, 0x12, 0x57, 0x78, 0x8d, 0x3c, 0x57, 0x75, 0xeb, 0x65, 0x69, 0x23, 0x0a, 0xaf, + 0xbf, 0x08, 0x75, 0x2d, 0x40, 0xa8, 0x41, 0x9d, 0xe7, 0x1b, 0x01, 0xd4, 0x92, 0x7e, 0x27, 0xc1, + 0x07, 0x9c, 0xaa, 0xda, 0x05, 0x68, 0xb1, }; const unsigned char test_rsa_4096[] = { - 0x30, 0x82, 0x09, 0x29, 0x02, 0x01, 0x00, 0x02, 0x82, 0x02, 0x01, 0x00, - 0xcc, 0x87, 0x25, 0xf6, 0xb3, 0x8d, 0x5d, 0x01, 0xae, 0xeb, 0x07, 0xd3, - 0x6e, 0x03, 0xde, 0x4d, 0x31, 0xa0, 0x26, 0x1c, 0xe7, 0x4f, 0xe1, 0x1a, - 0x89, 0x5e, 0xcf, 0xd1, 0x3d, 0x16, 0x8a, 0xee, 0x93, 0x2a, 0xf1, 0x35, - 0xff, 0xbb, 0x84, 0x98, 0x77, 0x27, 0x38, 0x97, 0x08, 0x1f, 0x3f, 0x75, - 0x93, 0xc1, 0x4a, 0xe8, 0x2b, 0xc2, 0x66, 0xc1, 0x05, 0x44, 0xf7, 0x26, - 0xae, 0x1c, 0xcf, 0x13, 0x3d, 0x8a, 0x40, 0x18, 0xd3, 0x80, 0xdf, 0xa2, - 0x52, 0x51, 0xc0, 0x11, 0x10, 0x7b, 0x75, 0x13, 0xa9, 0x43, 0x34, 0x6a, - 0xa0, 0xe0, 0xde, 0xc1, 0x1d, 0x8d, 0x7f, 0xa2, 0x56, 0x44, 0x65, 0x3c, - 0x11, 0x8d, 0xaa, 0xbc, 0xe6, 0xd4, 0x1f, 0x06, 0x6f, 0x66, 0x21, 0x76, - 0x88, 0x01, 0x47, 0x80, 0x55, 0x78, 0x0e, 0x91, 0xb6, 0x8e, 0xa3, 0xc9, - 0x58, 0x56, 0xd1, 0x72, 0xa8, 0x90, 0x32, 0xb3, 0x9c, 0x82, 0x4e, 0x8b, - 0x7d, 0xc1, 0xa3, 0xf8, 0xae, 0xe4, 0xf6, 0xb3, 0x68, 0xba, 0xa3, 0xcd, - 0x68, 0xf5, 0x0d, 0x52, 0x68, 0x01, 0x17, 0xe9, 0xb9, 0x13, 0xd7, 0xf8, - 0xc8, 0x52, 0xa0, 0xd1, 0x00, 0x8e, 0x8b, 0x87, 0xa5, 0xc9, 0x7e, 0x37, - 0xaf, 0xc1, 0x1a, 0x08, 0x05, 0x50, 0x55, 0x7b, 0x8b, 0x4d, 0xcb, 0xd8, - 0xe1, 0x92, 0xed, 0x33, 0x66, 0xd8, 0x3a, 0x09, 0xd2, 0x7c, 0x77, 0xe1, - 0x50, 0xf6, 0x68, 0x55, 0xb5, 0xdc, 0xfd, 0xb2, 0xdf, 0x15, 0x1b, 0xd7, - 0xf4, 0x44, 0x25, 0x0e, 0xaf, 0x6f, 0xe3, 0xf2, 0x36, 0x82, 0x6c, 0x81, - 0xfa, 0x84, 0x81, 0x01, 0xbf, 0xaa, 0xd5, 0x35, 0xff, 0xb5, 0x22, 0xd6, - 0xff, 0x97, 0xc9, 0xdd, 0x1e, 0x43, 0xb8, 0x2c, 0xce, 0x29, 0x21, 0xd1, - 0x53, 0xc1, 0x54, 0x50, 0xc4, 0x72, 0x4f, 0xfd, 0x3e, 0xfd, 0xca, 0x57, - 0x8e, 0x01, 0x36, 0x50, 0xa0, 0x3a, 0x5c, 0xf5, 0x01, 0xfc, 0x58, 0x60, - 0x0f, 0xb5, 0xc8, 0x60, 0xc0, 0xef, 0x0c, 0xfe, 0x0a, 0xc0, 0x71, 0x2d, - 0x44, 0x13, 0x13, 0xdc, 0xa4, 0x1a, 0x4d, 0x7d, 0x41, 0x1e, 0x6c, 0x83, - 0xb2, 0x15, 0x17, 0x49, 0xd2, 0x8b, 0xe4, 0x69, 0x2f, 0x62, 0x37, 0x3d, - 0xb0, 0x7e, 0x4a, 0x79, 0x05, 0x1c, 0x56, 0x82, 0xec, 0x20, 0xd4, 0x91, - 0xc4, 0xcf, 0xc7, 0xbc, 0x14, 0x0f, 0x35, 0xfa, 0x15, 0xe5, 0xa1, 0xfa, - 0x75, 0x6d, 0x65, 0xb8, 0xef, 0x93, 0xad, 0xdf, 0x4c, 0x47, 0xc4, 0xa3, - 0x5b, 0x18, 0x4f, 0x22, 0xa1, 0xef, 0x08, 0x99, 0x48, 0xf9, 0x46, 0xf6, - 0xfa, 0xeb, 0x64, 0x70, 0xf2, 0x67, 0x46, 0xe6, 0x58, 0xcf, 0x9b, 0x41, - 0x77, 0x41, 0x78, 0x42, 0xe6, 0xd3, 0x73, 0x55, 0x80, 0x89, 0xaf, 0xf7, - 0x21, 0xb9, 0x30, 0xe9, 0xec, 0x61, 0xb4, 0xf6, 0xa0, 0x2c, 0x05, 0x2c, - 0x69, 0x24, 0xd3, 0x9a, 0x5b, 0xbb, 0x15, 0xed, 0x11, 0x06, 0xc4, 0x01, - 0x0f, 0x4d, 0xd6, 0x9c, 0x79, 0xd0, 0x42, 0xc8, 0xb3, 0x16, 0x61, 0xb1, - 0xee, 0x48, 0x6b, 0xc6, 0x9d, 0xb5, 0xf2, 0xf0, 0x7a, 0x50, 0xd8, 0x5b, - 0x20, 0x69, 0x9d, 0x60, 0x13, 0x15, 0x62, 0x5b, 0xb8, 0x69, 0x62, 0x9c, - 0x7f, 0x4c, 0x5d, 0x48, 0xb2, 0x11, 0xd0, 0x97, 0xf4, 0x38, 0xac, 0xec, - 0x95, 0x97, 0x3a, 0x38, 0xd4, 0x21, 0x09, 0x0a, 0xf0, 0xf1, 0x34, 0x84, - 0xe4, 0xe9, 0x4b, 0x8c, 0xb5, 0xef, 0xc1, 0x85, 0x07, 0xf4, 0xb9, 0x31, - 0xdf, 0x39, 0x98, 0x7f, 0xfb, 0x28, 0x30, 0x29, 0x3e, 0x4d, 0xa3, 0x81, - 0xaa, 0xf7, 0x0b, 0x32, 0x92, 0x95, 0x2e, 0xf9, 0x34, 0xe2, 0xb4, 0x0f, - 0xde, 0xbb, 0xa3, 0xd9, 0x70, 0x1b, 0x76, 0xe1, 0xbe, 0x54, 0x82, 0x74, - 0xb2, 0x60, 0x2d, 0x88, 0x85, 0x37, 0x48, 0x2d, 0x02, 0x03, 0x01, 0x00, - 0x01, 0x02, 0x82, 0x02, 0x00, 0x1a, 0x94, 0x3e, 0x9c, 0x00, 0x89, 0xf0, - 0xaa, 0x01, 0x16, 0x04, 0x8a, 0x96, 0xab, 0xb4, 0x86, 0x32, 0x1a, 0x86, - 0x91, 0x6f, 0x82, 0xfb, 0x35, 0x24, 0x60, 0x78, 0x9f, 0xcf, 0xb1, 0x40, - 0x05, 0x50, 0x85, 0x3e, 0x5a, 0xfe, 0xdc, 0x9a, 0xd6, 0xe8, 0x77, 0x25, - 0x9c, 0xc4, 0xfe, 0xb0, 0x93, 0xc2, 0x4b, 0x96, 0x85, 0x34, 0xf8, 0x9a, - 0xbb, 0x5f, 0x48, 0xae, 0xd8, 0xad, 0x3c, 0x4b, 0xb1, 0xcb, 0xa7, 0xcd, - 0x7c, 0x1c, 0x72, 0x4d, 0x3d, 0xae, 0x36, 0x77, 0x00, 0x10, 0xb5, 0x06, - 0x8a, 0x33, 0x4f, 0x2b, 0x3e, 0xe7, 0x20, 0xc9, 0xf9, 0xed, 0x32, 0x00, - 0x01, 0xf3, 0xf5, 0x87, 0xf5, 0x66, 0x2f, 0x93, 0x9e, 0x60, 0x5d, 0xf5, - 0x19, 0x34, 0x3d, 0x60, 0xc0, 0x63, 0x5c, 0xcd, 0x32, 0xb1, 0x88, 0xbc, - 0x55, 0xf5, 0xd4, 0x34, 0x17, 0x3c, 0x9e, 0x6d, 0xb2, 0x19, 0x93, 0x41, - 0xaf, 0x83, 0x39, 0x90, 0xe5, 0x02, 0x46, 0xf9, 0x9c, 0xdd, 0xf7, 0x9d, - 0xd2, 0xc3, 0x5b, 0xab, 0xe1, 0x4c, 0x10, 0x3a, 0x76, 0xb8, 0xd2, 0xd9, - 0x8d, 0x73, 0x52, 0x8f, 0x98, 0xc2, 0x49, 0xb0, 0xa1, 0xf0, 0x91, 0x55, - 0xb3, 0x1f, 0x59, 0x9f, 0xc8, 0x33, 0x54, 0x24, 0x22, 0xa2, 0x34, 0x26, - 0x23, 0xbb, 0xbe, 0xf4, 0xac, 0x7e, 0xe6, 0x05, 0xe2, 0xcd, 0xec, 0xf0, - 0x1f, 0xea, 0x25, 0x68, 0x3b, 0xd4, 0xf6, 0x6c, 0xa9, 0x24, 0xcc, 0xef, - 0x00, 0x41, 0x8a, 0xdf, 0xf7, 0x30, 0xc4, 0x71, 0x4f, 0x66, 0xff, 0xa2, - 0xaf, 0x0d, 0xa3, 0xe5, 0xdf, 0x7f, 0x53, 0x9c, 0x63, 0x42, 0x89, 0xfc, - 0x12, 0xbc, 0x24, 0x09, 0x3e, 0xc8, 0xf0, 0xec, 0x18, 0x0a, 0xf0, 0x90, - 0x7c, 0xec, 0x1e, 0xbe, 0xc9, 0x11, 0xfa, 0x18, 0x0f, 0xb5, 0xf3, 0xc8, - 0x0e, 0xd8, 0x52, 0x89, 0x6a, 0xd6, 0xe6, 0xb3, 0xec, 0xcb, 0x44, 0xde, - 0x62, 0x19, 0x3d, 0x52, 0x11, 0x8c, 0xab, 0x2b, 0x17, 0x10, 0x71, 0xd5, - 0xfd, 0xaa, 0x7c, 0x42, 0x88, 0xfc, 0x77, 0x66, 0xd5, 0x77, 0x74, 0xf4, - 0xbe, 0x46, 0x15, 0x1b, 0xb9, 0x0a, 0xce, 0x7c, 0x10, 0xc2, 0x15, 0xf6, - 0x2e, 0xd2, 0x6e, 0x52, 0xe6, 0x12, 0x24, 0x36, 0xf5, 0x32, 0xbd, 0x54, - 0xfc, 0x08, 0x27, 0x2a, 0xdb, 0x21, 0x6a, 0x2d, 0xb4, 0x33, 0xd5, 0x69, - 0x9c, 0x40, 0xad, 0x58, 0xfa, 0xa2, 0x66, 0x08, 0x98, 0xff, 0xcc, 0xfc, - 0x98, 0x00, 0x2f, 0x8b, 0xb0, 0x36, 0x1b, 0x4c, 0xf9, 0xed, 0x6e, 0x93, - 0xc1, 0xca, 0x96, 0xd3, 0x4a, 0x1e, 0xf4, 0x04, 0x60, 0xf8, 0x59, 0x18, - 0xcf, 0xde, 0x4a, 0x81, 0x93, 0xb5, 0x1e, 0xce, 0xa4, 0xb3, 0x90, 0x3c, - 0xae, 0x92, 0x4a, 0x8f, 0xad, 0x5f, 0x83, 0x08, 0x95, 0x4c, 0x9f, 0x19, - 0xa7, 0x59, 0x7b, 0xf0, 0xa7, 0x51, 0x26, 0xa5, 0x57, 0xe4, 0x9f, 0x8b, - 0xbd, 0x31, 0xfc, 0x4e, 0x85, 0x56, 0xf2, 0x30, 0x64, 0x0b, 0xf3, 0x62, - 0x04, 0xc6, 0xcf, 0x3d, 0x56, 0xdc, 0xa5, 0xa4, 0x1d, 0x86, 0x03, 0x07, - 0xba, 0x67, 0x05, 0xa6, 0x98, 0x68, 0x11, 0x00, 0xa3, 0x27, 0xf9, 0x17, - 0x39, 0xc4, 0x86, 0xc4, 0x70, 0xba, 0x71, 0xd0, 0x3d, 0x28, 0x53, 0x14, - 0xb0, 0xd7, 0xd0, 0x40, 0x08, 0xe0, 0x3f, 0x2a, 0x2b, 0x85, 0xe7, 0xc2, - 0x43, 0xd6, 0xfd, 0x9b, 0x97, 0xa0, 0x21, 0x68, 0xc0, 0x69, 0xec, 0x57, - 0x2d, 0x3f, 0x0c, 0xa1, 0x5e, 0xbc, 0xb1, 0x73, 0x9f, 0x3a, 0x0b, 0x3c, - 0x14, 0x7a, 0x88, 0xe0, 0xb7, 0x4f, 0x45, 0xa0, 0x07, 0xae, 0x92, 0x7d, - 0x6f, 0x82, 0x2b, 0xf5, 0x0b, 0x87, 0xb1, 0xe9, 0x3f, 0xe7, 0xd9, 0x18, - 0x0b, 0xc6, 0xbc, 0x12, 0xbd, 0xe6, 0xc8, 0x07, 0x0d, 0x10, 0xc9, 0x73, - 0x31, 0x02, 0x82, 0x01, 0x01, 0x00, 0xf5, 0x0e, 0xbc, 0xea, 0xc9, 0xd3, - 0xc6, 0x44, 0x82, 0xa8, 0xc2, 0x65, 0xd6, 0x36, 0x54, 0x61, 0xaa, 0x4a, - 0x31, 0xa6, 0xa7, 0x63, 0x3a, 0x24, 0xc8, 0xe3, 0x47, 0x94, 0xec, 0xdf, - 0xca, 0xb1, 0xd6, 0xb5, 0x2f, 0xb6, 0xa5, 0xf3, 0x80, 0x55, 0xcc, 0x32, - 0xd6, 0xa6, 0x1b, 0x88, 0x95, 0x50, 0xde, 0x27, 0xb3, 0xd0, 0xbd, 0x68, - 0xb6, 0xd4, 0xfd, 0xa0, 0x41, 0x59, 0x8a, 0xb9, 0x88, 0x87, 0x14, 0x39, - 0x88, 0x57, 0x68, 0x06, 0xb1, 0xc4, 0x87, 0x20, 0x79, 0x49, 0x02, 0x95, - 0x2e, 0xbe, 0x1b, 0xf0, 0xde, 0xf6, 0x5a, 0x0e, 0x6f, 0x94, 0x06, 0x70, - 0x56, 0xe6, 0x86, 0x4f, 0xa2, 0x88, 0x2e, 0x3a, 0x16, 0xf2, 0x46, 0x28, - 0x20, 0x93, 0xd0, 0x37, 0x63, 0x90, 0x78, 0x18, 0x2d, 0xd0, 0xa6, 0xeb, - 0x21, 0xd3, 0xba, 0xd0, 0x63, 0x79, 0x01, 0xa2, 0x68, 0xb1, 0x4c, 0x63, - 0x2c, 0x9d, 0x0b, 0x16, 0x90, 0xed, 0x88, 0xab, 0xdd, 0xe0, 0x3f, 0x52, - 0x82, 0x47, 0xaa, 0x2e, 0x41, 0x55, 0x7d, 0x08, 0x65, 0xad, 0x34, 0xe5, - 0x3f, 0xf5, 0x3a, 0xe0, 0xe5, 0xde, 0xa1, 0x95, 0xd9, 0x3f, 0xe6, 0x5c, - 0x25, 0x87, 0x1f, 0x6f, 0x23, 0xad, 0xf3, 0x4b, 0x6e, 0x96, 0x0c, 0x29, - 0x78, 0xf2, 0xb7, 0x47, 0x5d, 0xaf, 0xce, 0x6c, 0xbb, 0x26, 0xa5, 0x39, - 0x34, 0xd2, 0x6c, 0x19, 0x3d, 0x67, 0xf3, 0x2d, 0xe9, 0x10, 0x35, 0xee, - 0xb8, 0x90, 0x22, 0xbe, 0xb7, 0xd5, 0xdf, 0x78, 0x4a, 0xc2, 0x0c, 0xa6, - 0xab, 0x91, 0xbf, 0x6b, 0x77, 0x5b, 0x6c, 0x94, 0x16, 0xf6, 0x05, 0xb4, - 0x84, 0x17, 0x36, 0xcb, 0xfb, 0xd2, 0x2a, 0xd9, 0x8a, 0xb2, 0xe8, 0x42, - 0x84, 0x57, 0xe0, 0x79, 0x3f, 0x5a, 0xf4, 0x0e, 0x55, 0x0b, 0x48, 0x76, - 0x5d, 0x59, 0xe6, 0xe1, 0xb4, 0xa4, 0xa1, 0xf5, 0x71, 0xf1, 0x02, 0x82, - 0x01, 0x01, 0x00, 0xd5, 0xa9, 0x1d, 0x4d, 0x44, 0xbb, 0x9b, 0x73, 0xc1, - 0xfe, 0x02, 0x48, 0x92, 0x5e, 0x2c, 0x0e, 0xc1, 0xde, 0x51, 0x39, 0x0b, - 0xd8, 0xa7, 0x3b, 0x45, 0x3d, 0xa5, 0x1a, 0xe2, 0x93, 0x25, 0xae, 0x76, - 0x57, 0x08, 0x9f, 0xd4, 0xee, 0x4a, 0x2f, 0xd9, 0x6e, 0x34, 0x5b, 0x57, - 0xf6, 0x72, 0xd7, 0xd4, 0x84, 0xfd, 0xe9, 0x91, 0x89, 0xab, 0x0a, 0x63, - 0x65, 0xbf, 0x2b, 0x38, 0x68, 0x0d, 0x6b, 0xb9, 0x47, 0xf4, 0xb2, 0x17, - 0xbe, 0x66, 0x03, 0x23, 0xc2, 0x6b, 0x86, 0xd6, 0x43, 0xae, 0x68, 0x6d, - 0x82, 0xe3, 0x6e, 0xc0, 0x0c, 0xfd, 0x03, 0x89, 0x42, 0x44, 0x3c, 0xaa, - 0x04, 0xa0, 0xf9, 0x1e, 0x68, 0xec, 0x71, 0x79, 0x35, 0xb4, 0x5e, 0x79, - 0x03, 0x11, 0xbe, 0x56, 0x44, 0x0d, 0x71, 0x76, 0x94, 0x95, 0x94, 0x68, - 0x8e, 0xd1, 0xdd, 0x5c, 0x91, 0x03, 0xc5, 0x7c, 0x15, 0x8d, 0x05, 0xe4, - 0xc3, 0x7b, 0x98, 0xd8, 0x18, 0x98, 0x03, 0x07, 0x44, 0xa6, 0x4f, 0x6e, - 0xbd, 0xbf, 0x75, 0x0a, 0xab, 0x79, 0x75, 0x7e, 0x34, 0xda, 0xc4, 0x22, - 0x16, 0x3e, 0xa7, 0xc0, 0xf4, 0x2b, 0x97, 0x71, 0x0c, 0x86, 0x19, 0x78, - 0xb2, 0x41, 0x00, 0x38, 0x5a, 0xad, 0x72, 0x7e, 0x5f, 0x38, 0x36, 0xa7, - 0x4e, 0xa4, 0xbf, 0x1d, 0x36, 0xef, 0x2a, 0x5e, 0xdf, 0x9c, 0x9e, 0x8f, - 0x99, 0x6e, 0xf3, 0x19, 0x13, 0x48, 0x45, 0x0e, 0xa9, 0xf1, 0xd4, 0xa6, - 0x3d, 0xb2, 0x9c, 0xb0, 0x6f, 0x63, 0xe5, 0xba, 0xdb, 0x18, 0xe4, 0xd4, - 0x0f, 0x51, 0x12, 0xb6, 0x58, 0xd1, 0xcc, 0x23, 0xcb, 0x65, 0x38, 0x8a, - 0xca, 0x03, 0xd1, 0x41, 0xa6, 0xbc, 0x5f, 0xbd, 0x94, 0x29, 0xfe, 0x33, - 0xd3, 0x40, 0xd3, 0xe8, 0x5b, 0xfa, 0x84, 0x89, 0x08, 0xd6, 0x0b, 0x56, - 0x2f, 0x89, 0x4e, 0x8a, 0x33, 0x7d, 0xfd, 0x02, 0x82, 0x01, 0x01, 0x00, - 0xc4, 0x95, 0x0f, 0x0d, 0x95, 0xdc, 0x51, 0xd7, 0x91, 0xad, 0x09, 0x4d, - 0x22, 0x3b, 0x31, 0x13, 0xab, 0xc4, 0x9a, 0xf1, 0xe2, 0xa3, 0x61, 0xf8, - 0x32, 0x42, 0xc8, 0xa0, 0x7a, 0x28, 0xc8, 0x74, 0x43, 0x15, 0xd3, 0xf1, - 0xc4, 0x4c, 0x82, 0xed, 0xd0, 0xc2, 0x13, 0x98, 0xea, 0xcb, 0x75, 0x64, - 0x8a, 0xe1, 0xf4, 0x88, 0x85, 0xf9, 0x23, 0x79, 0xd6, 0xff, 0xa0, 0x8c, - 0xd1, 0x11, 0x26, 0xa9, 0x9d, 0x9a, 0xcd, 0x79, 0xb8, 0x94, 0x6e, 0x34, - 0x86, 0x65, 0x91, 0x85, 0xf5, 0x11, 0x71, 0x8e, 0xc5, 0xe1, 0x43, 0x2b, - 0x02, 0x71, 0x44, 0x26, 0xcd, 0xc7, 0x7e, 0x9e, 0xac, 0xad, 0xe3, 0x67, - 0x35, 0x16, 0x1a, 0x64, 0x3d, 0xcd, 0x60, 0xdc, 0xd2, 0x92, 0x2c, 0x47, - 0xaf, 0x5f, 0x4e, 0x19, 0x6c, 0x5d, 0x81, 0x24, 0x55, 0x5f, 0x67, 0xfc, - 0xa1, 0x48, 0x04, 0x8d, 0xfe, 0x06, 0x2c, 0xba, 0xca, 0x33, 0x4f, 0x0d, - 0x8d, 0xae, 0xb9, 0x6d, 0x73, 0xbe, 0x9f, 0x8e, 0x17, 0xc1, 0xc5, 0x5d, - 0x6b, 0xd0, 0xb9, 0xa7, 0xe9, 0x9f, 0xe1, 0xdf, 0xba, 0x5c, 0xc1, 0x6a, - 0x07, 0xdb, 0xaa, 0x8c, 0x6d, 0x22, 0x0c, 0x64, 0xc9, 0xdd, 0xa1, 0x14, - 0xa0, 0xf0, 0x29, 0x05, 0x2b, 0x3a, 0x75, 0xb0, 0xd7, 0x3f, 0xe3, 0xb2, - 0xed, 0x78, 0x21, 0xe5, 0xcd, 0x73, 0x07, 0xa1, 0xa9, 0x5f, 0xd1, 0xf7, - 0xba, 0x87, 0x60, 0xc8, 0x45, 0x4b, 0x7c, 0x38, 0xfb, 0xf6, 0x5c, 0x88, - 0xb0, 0x1c, 0xd2, 0x73, 0xba, 0x2c, 0x55, 0xc3, 0xb4, 0x77, 0xe4, 0x26, - 0xae, 0x02, 0x5a, 0x2c, 0xff, 0xc4, 0xa0, 0x95, 0xf2, 0xba, 0x4e, 0x07, - 0x79, 0xa2, 0x4b, 0x76, 0x5b, 0x85, 0x48, 0x9f, 0x2a, 0x0e, 0x79, 0xb9, - 0x5f, 0xc0, 0xc3, 0x8e, 0x2a, 0x91, 0xf1, 0x2e, 0xf6, 0x5c, 0xa7, 0x49, - 0xce, 0x36, 0x94, 0x31, 0x02, 0x82, 0x01, 0x00, 0x2a, 0xa4, 0x8e, 0x0c, - 0x95, 0xe3, 0x3b, 0xab, 0x66, 0xd4, 0x63, 0x70, 0x48, 0x86, 0x33, 0x14, - 0xde, 0xec, 0x98, 0x19, 0x62, 0x9b, 0xe3, 0x04, 0x99, 0x55, 0x2c, 0x56, - 0xa9, 0x51, 0xe4, 0xfb, 0x64, 0xf3, 0x09, 0xed, 0x9c, 0x79, 0xd2, 0xa4, - 0xaa, 0x28, 0xac, 0x9a, 0x6e, 0x7b, 0xe9, 0x7f, 0xda, 0x12, 0x90, 0xfa, - 0xc4, 0xe9, 0x4d, 0x11, 0xcd, 0xb4, 0xc8, 0xea, 0xbf, 0x5f, 0x45, 0x0e, - 0x72, 0xf4, 0x41, 0x8a, 0x29, 0xe2, 0xfe, 0x49, 0x32, 0x21, 0xe3, 0x84, - 0x0d, 0xcf, 0x84, 0x47, 0xa3, 0x53, 0xb4, 0x40, 0xae, 0x63, 0xe9, 0x3b, - 0x83, 0x71, 0x8e, 0x5c, 0xed, 0x31, 0xef, 0x4e, 0xc9, 0x1a, 0xf7, 0xd5, - 0xcd, 0xf3, 0x42, 0x04, 0x78, 0xf2, 0x7b, 0xe0, 0x19, 0x27, 0x8b, 0xe7, - 0x51, 0x5b, 0x66, 0x5f, 0x30, 0x5f, 0x10, 0xd3, 0xb5, 0x5d, 0xdb, 0xfa, - 0xd6, 0x41, 0x16, 0xdc, 0x4e, 0x44, 0x15, 0xae, 0xf3, 0xb2, 0x34, 0xe4, - 0xa5, 0xd6, 0xb5, 0xba, 0xb4, 0xc7, 0x7a, 0x26, 0xc9, 0xf2, 0x5f, 0x53, - 0x6b, 0xd4, 0xf0, 0xb4, 0xa4, 0x78, 0xfc, 0x18, 0x4f, 0x12, 0x6c, 0x80, - 0xd5, 0x37, 0x42, 0xac, 0x62, 0xc2, 0x70, 0xe6, 0xb2, 0x58, 0xa6, 0xb5, - 0x6b, 0x33, 0x65, 0xec, 0xc2, 0x87, 0x97, 0xa9, 0xed, 0x12, 0xc1, 0xb9, - 0x1b, 0x26, 0x56, 0x03, 0xef, 0x75, 0x18, 0x07, 0xbc, 0xc1, 0x74, 0x73, - 0x13, 0xf2, 0x27, 0x29, 0xe1, 0xe3, 0xfe, 0x79, 0xf7, 0x5c, 0xc3, 0xfb, - 0x5d, 0xc7, 0xcc, 0xb8, 0x1e, 0xfa, 0xcf, 0x9b, 0x84, 0x79, 0x45, 0xa6, - 0x10, 0x9e, 0xcf, 0x9c, 0xf1, 0x56, 0x50, 0x5c, 0xbb, 0x55, 0xa3, 0xd3, - 0x17, 0xeb, 0x32, 0x56, 0x61, 0xd1, 0x8f, 0xe6, 0xbb, 0x41, 0x60, 0x46, - 0x83, 0x73, 0x18, 0x05, 0x3b, 0x36, 0x51, 0x99, 0x33, 0x4c, 0x03, 0xa1, - 0x02, 0x82, 0x01, 0x01, 0x00, 0xee, 0x63, 0x70, 0x60, 0x30, 0xa4, 0xec, - 0xe9, 0xfe, 0x3b, 0xdd, 0xcf, 0xc4, 0x9f, 0x5a, 0x83, 0xf3, 0x7f, 0x63, - 0xeb, 0xcb, 0x29, 0xdb, 0xdc, 0x99, 0x9f, 0x6f, 0xf5, 0x4b, 0x59, 0x6f, - 0x11, 0x5c, 0xf1, 0xec, 0xa0, 0x99, 0x90, 0x10, 0x8a, 0x43, 0x95, 0x18, - 0xe9, 0x96, 0xf6, 0x89, 0xfd, 0xde, 0x89, 0xb2, 0xc6, 0x7e, 0xdc, 0x04, - 0xbf, 0x8e, 0x36, 0x67, 0x34, 0xc2, 0xae, 0x30, 0x17, 0xec, 0x14, 0xe0, - 0x42, 0x05, 0x0e, 0x7c, 0x65, 0x68, 0x40, 0x14, 0x6c, 0xa0, 0x48, 0x39, - 0x4d, 0xce, 0xbe, 0x90, 0xdd, 0x21, 0x95, 0x34, 0x9b, 0xba, 0xd3, 0x06, - 0x56, 0x90, 0x31, 0xb2, 0xef, 0x6e, 0x91, 0x71, 0xd2, 0xae, 0x77, 0x97, - 0xc8, 0x84, 0x4e, 0x54, 0x83, 0x94, 0xca, 0x3b, 0x76, 0x8d, 0x84, 0x96, - 0xe9, 0x9e, 0xf6, 0x3a, 0xbb, 0x59, 0xb0, 0xff, 0x7f, 0xc7, 0x0e, 0xb5, - 0x31, 0x53, 0xdd, 0x0f, 0x59, 0x01, 0x8a, 0x27, 0x5a, 0xcb, 0xa7, 0x01, - 0xf2, 0xc7, 0x6a, 0x15, 0xc8, 0x94, 0xf5, 0x34, 0x61, 0xfe, 0xdf, 0x65, - 0xbc, 0x25, 0xc2, 0xc5, 0xce, 0xc3, 0x96, 0xe5, 0x56, 0xa1, 0xa9, 0x19, - 0xbc, 0x7a, 0x05, 0x63, 0x93, 0xd5, 0x06, 0x44, 0x12, 0x6d, 0xcd, 0xef, - 0x92, 0x56, 0x64, 0x2e, 0x65, 0xa6, 0x04, 0x3c, 0xbc, 0xe9, 0x49, 0x7e, - 0x19, 0x2c, 0xf2, 0xcb, 0x33, 0x64, 0x8e, 0x11, 0x7f, 0x41, 0xdb, 0xf0, - 0x19, 0x00, 0xac, 0xb9, 0x3b, 0x0c, 0x78, 0xdd, 0xf3, 0x1f, 0x38, 0x1f, - 0x4d, 0xb3, 0xf9, 0xcc, 0xbb, 0xb6, 0x90, 0x93, 0xda, 0xbf, 0x2e, 0x89, - 0xdb, 0xbc, 0x0c, 0xb7, 0x2f, 0x20, 0xc0, 0x05, 0xa2, 0x51, 0x9e, 0x3a, - 0x87, 0x41, 0x46, 0x49, 0x5d, 0x7a, 0xac, 0xf3, 0x41, 0x6a, 0x42, 0x2e, - 0x56, 0x09, 0x86, 0xf2, 0x2f, 0x39, 0x45, 0x6e, 0x7f, + 0x30, 0x82, 0x09, 0x29, 0x02, 0x01, 0x00, 0x02, 0x82, 0x02, 0x01, 0x00, 0xcc, 0x87, 0x25, 0xf6, + 0xb3, 0x8d, 0x5d, 0x01, 0xae, 0xeb, 0x07, 0xd3, 0x6e, 0x03, 0xde, 0x4d, 0x31, 0xa0, 0x26, 0x1c, + 0xe7, 0x4f, 0xe1, 0x1a, 0x89, 0x5e, 0xcf, 0xd1, 0x3d, 0x16, 0x8a, 0xee, 0x93, 0x2a, 0xf1, 0x35, + 0xff, 0xbb, 0x84, 0x98, 0x77, 0x27, 0x38, 0x97, 0x08, 0x1f, 0x3f, 0x75, 0x93, 0xc1, 0x4a, 0xe8, + 0x2b, 0xc2, 0x66, 0xc1, 0x05, 0x44, 0xf7, 0x26, 0xae, 0x1c, 0xcf, 0x13, 0x3d, 0x8a, 0x40, 0x18, + 0xd3, 0x80, 0xdf, 0xa2, 0x52, 0x51, 0xc0, 0x11, 0x10, 0x7b, 0x75, 0x13, 0xa9, 0x43, 0x34, 0x6a, + 0xa0, 0xe0, 0xde, 0xc1, 0x1d, 0x8d, 0x7f, 0xa2, 0x56, 0x44, 0x65, 0x3c, 0x11, 0x8d, 0xaa, 0xbc, + 0xe6, 0xd4, 0x1f, 0x06, 0x6f, 0x66, 0x21, 0x76, 0x88, 0x01, 0x47, 0x80, 0x55, 0x78, 0x0e, 0x91, + 0xb6, 0x8e, 0xa3, 0xc9, 0x58, 0x56, 0xd1, 0x72, 0xa8, 0x90, 0x32, 0xb3, 0x9c, 0x82, 0x4e, 0x8b, + 0x7d, 0xc1, 0xa3, 0xf8, 0xae, 0xe4, 0xf6, 0xb3, 0x68, 0xba, 0xa3, 0xcd, 0x68, 0xf5, 0x0d, 0x52, + 0x68, 0x01, 0x17, 0xe9, 0xb9, 0x13, 0xd7, 0xf8, 0xc8, 0x52, 0xa0, 0xd1, 0x00, 0x8e, 0x8b, 0x87, + 0xa5, 0xc9, 0x7e, 0x37, 0xaf, 0xc1, 0x1a, 0x08, 0x05, 0x50, 0x55, 0x7b, 0x8b, 0x4d, 0xcb, 0xd8, + 0xe1, 0x92, 0xed, 0x33, 0x66, 0xd8, 0x3a, 0x09, 0xd2, 0x7c, 0x77, 0xe1, 0x50, 0xf6, 0x68, 0x55, + 0xb5, 0xdc, 0xfd, 0xb2, 0xdf, 0x15, 0x1b, 0xd7, 0xf4, 0x44, 0x25, 0x0e, 0xaf, 0x6f, 0xe3, 0xf2, + 0x36, 0x82, 0x6c, 0x81, 0xfa, 0x84, 0x81, 0x01, 0xbf, 0xaa, 0xd5, 0x35, 0xff, 0xb5, 0x22, 0xd6, + 0xff, 0x97, 0xc9, 0xdd, 0x1e, 0x43, 0xb8, 0x2c, 0xce, 0x29, 0x21, 0xd1, 0x53, 0xc1, 0x54, 0x50, + 0xc4, 0x72, 0x4f, 0xfd, 0x3e, 0xfd, 0xca, 0x57, 0x8e, 0x01, 0x36, 0x50, 0xa0, 0x3a, 0x5c, 0xf5, + 0x01, 0xfc, 0x58, 0x60, 0x0f, 0xb5, 0xc8, 0x60, 0xc0, 0xef, 0x0c, 0xfe, 0x0a, 0xc0, 0x71, 0x2d, + 0x44, 0x13, 0x13, 0xdc, 0xa4, 0x1a, 0x4d, 0x7d, 0x41, 0x1e, 0x6c, 0x83, 0xb2, 0x15, 0x17, 0x49, + 0xd2, 0x8b, 0xe4, 0x69, 0x2f, 0x62, 0x37, 0x3d, 0xb0, 0x7e, 0x4a, 0x79, 0x05, 0x1c, 0x56, 0x82, + 0xec, 0x20, 0xd4, 0x91, 0xc4, 0xcf, 0xc7, 0xbc, 0x14, 0x0f, 0x35, 0xfa, 0x15, 0xe5, 0xa1, 0xfa, + 0x75, 0x6d, 0x65, 0xb8, 0xef, 0x93, 0xad, 0xdf, 0x4c, 0x47, 0xc4, 0xa3, 0x5b, 0x18, 0x4f, 0x22, + 0xa1, 0xef, 0x08, 0x99, 0x48, 0xf9, 0x46, 0xf6, 0xfa, 0xeb, 0x64, 0x70, 0xf2, 0x67, 0x46, 0xe6, + 0x58, 0xcf, 0x9b, 0x41, 0x77, 0x41, 0x78, 0x42, 0xe6, 0xd3, 0x73, 0x55, 0x80, 0x89, 0xaf, 0xf7, + 0x21, 0xb9, 0x30, 0xe9, 0xec, 0x61, 0xb4, 0xf6, 0xa0, 0x2c, 0x05, 0x2c, 0x69, 0x24, 0xd3, 0x9a, + 0x5b, 0xbb, 0x15, 0xed, 0x11, 0x06, 0xc4, 0x01, 0x0f, 0x4d, 0xd6, 0x9c, 0x79, 0xd0, 0x42, 0xc8, + 0xb3, 0x16, 0x61, 0xb1, 0xee, 0x48, 0x6b, 0xc6, 0x9d, 0xb5, 0xf2, 0xf0, 0x7a, 0x50, 0xd8, 0x5b, + 0x20, 0x69, 0x9d, 0x60, 0x13, 0x15, 0x62, 0x5b, 0xb8, 0x69, 0x62, 0x9c, 0x7f, 0x4c, 0x5d, 0x48, + 0xb2, 0x11, 0xd0, 0x97, 0xf4, 0x38, 0xac, 0xec, 0x95, 0x97, 0x3a, 0x38, 0xd4, 0x21, 0x09, 0x0a, + 0xf0, 0xf1, 0x34, 0x84, 0xe4, 0xe9, 0x4b, 0x8c, 0xb5, 0xef, 0xc1, 0x85, 0x07, 0xf4, 0xb9, 0x31, + 0xdf, 0x39, 0x98, 0x7f, 0xfb, 0x28, 0x30, 0x29, 0x3e, 0x4d, 0xa3, 0x81, 0xaa, 0xf7, 0x0b, 0x32, + 0x92, 0x95, 0x2e, 0xf9, 0x34, 0xe2, 0xb4, 0x0f, 0xde, 0xbb, 0xa3, 0xd9, 0x70, 0x1b, 0x76, 0xe1, + 0xbe, 0x54, 0x82, 0x74, 0xb2, 0x60, 0x2d, 0x88, 0x85, 0x37, 0x48, 0x2d, 0x02, 0x03, 0x01, 0x00, + 0x01, 0x02, 0x82, 0x02, 0x00, 0x1a, 0x94, 0x3e, 0x9c, 0x00, 0x89, 0xf0, 0xaa, 0x01, 0x16, 0x04, + 0x8a, 0x96, 0xab, 0xb4, 0x86, 0x32, 0x1a, 0x86, 0x91, 0x6f, 0x82, 0xfb, 0x35, 0x24, 0x60, 0x78, + 0x9f, 0xcf, 0xb1, 0x40, 0x05, 0x50, 0x85, 0x3e, 0x5a, 0xfe, 0xdc, 0x9a, 0xd6, 0xe8, 0x77, 0x25, + 0x9c, 0xc4, 0xfe, 0xb0, 0x93, 0xc2, 0x4b, 0x96, 0x85, 0x34, 0xf8, 0x9a, 0xbb, 0x5f, 0x48, 0xae, + 0xd8, 0xad, 0x3c, 0x4b, 0xb1, 0xcb, 0xa7, 0xcd, 0x7c, 0x1c, 0x72, 0x4d, 0x3d, 0xae, 0x36, 0x77, + 0x00, 0x10, 0xb5, 0x06, 0x8a, 0x33, 0x4f, 0x2b, 0x3e, 0xe7, 0x20, 0xc9, 0xf9, 0xed, 0x32, 0x00, + 0x01, 0xf3, 0xf5, 0x87, 0xf5, 0x66, 0x2f, 0x93, 0x9e, 0x60, 0x5d, 0xf5, 0x19, 0x34, 0x3d, 0x60, + 0xc0, 0x63, 0x5c, 0xcd, 0x32, 0xb1, 0x88, 0xbc, 0x55, 0xf5, 0xd4, 0x34, 0x17, 0x3c, 0x9e, 0x6d, + 0xb2, 0x19, 0x93, 0x41, 0xaf, 0x83, 0x39, 0x90, 0xe5, 0x02, 0x46, 0xf9, 0x9c, 0xdd, 0xf7, 0x9d, + 0xd2, 0xc3, 0x5b, 0xab, 0xe1, 0x4c, 0x10, 0x3a, 0x76, 0xb8, 0xd2, 0xd9, 0x8d, 0x73, 0x52, 0x8f, + 0x98, 0xc2, 0x49, 0xb0, 0xa1, 0xf0, 0x91, 0x55, 0xb3, 0x1f, 0x59, 0x9f, 0xc8, 0x33, 0x54, 0x24, + 0x22, 0xa2, 0x34, 0x26, 0x23, 0xbb, 0xbe, 0xf4, 0xac, 0x7e, 0xe6, 0x05, 0xe2, 0xcd, 0xec, 0xf0, + 0x1f, 0xea, 0x25, 0x68, 0x3b, 0xd4, 0xf6, 0x6c, 0xa9, 0x24, 0xcc, 0xef, 0x00, 0x41, 0x8a, 0xdf, + 0xf7, 0x30, 0xc4, 0x71, 0x4f, 0x66, 0xff, 0xa2, 0xaf, 0x0d, 0xa3, 0xe5, 0xdf, 0x7f, 0x53, 0x9c, + 0x63, 0x42, 0x89, 0xfc, 0x12, 0xbc, 0x24, 0x09, 0x3e, 0xc8, 0xf0, 0xec, 0x18, 0x0a, 0xf0, 0x90, + 0x7c, 0xec, 0x1e, 0xbe, 0xc9, 0x11, 0xfa, 0x18, 0x0f, 0xb5, 0xf3, 0xc8, 0x0e, 0xd8, 0x52, 0x89, + 0x6a, 0xd6, 0xe6, 0xb3, 0xec, 0xcb, 0x44, 0xde, 0x62, 0x19, 0x3d, 0x52, 0x11, 0x8c, 0xab, 0x2b, + 0x17, 0x10, 0x71, 0xd5, 0xfd, 0xaa, 0x7c, 0x42, 0x88, 0xfc, 0x77, 0x66, 0xd5, 0x77, 0x74, 0xf4, + 0xbe, 0x46, 0x15, 0x1b, 0xb9, 0x0a, 0xce, 0x7c, 0x10, 0xc2, 0x15, 0xf6, 0x2e, 0xd2, 0x6e, 0x52, + 0xe6, 0x12, 0x24, 0x36, 0xf5, 0x32, 0xbd, 0x54, 0xfc, 0x08, 0x27, 0x2a, 0xdb, 0x21, 0x6a, 0x2d, + 0xb4, 0x33, 0xd5, 0x69, 0x9c, 0x40, 0xad, 0x58, 0xfa, 0xa2, 0x66, 0x08, 0x98, 0xff, 0xcc, 0xfc, + 0x98, 0x00, 0x2f, 0x8b, 0xb0, 0x36, 0x1b, 0x4c, 0xf9, 0xed, 0x6e, 0x93, 0xc1, 0xca, 0x96, 0xd3, + 0x4a, 0x1e, 0xf4, 0x04, 0x60, 0xf8, 0x59, 0x18, 0xcf, 0xde, 0x4a, 0x81, 0x93, 0xb5, 0x1e, 0xce, + 0xa4, 0xb3, 0x90, 0x3c, 0xae, 0x92, 0x4a, 0x8f, 0xad, 0x5f, 0x83, 0x08, 0x95, 0x4c, 0x9f, 0x19, + 0xa7, 0x59, 0x7b, 0xf0, 0xa7, 0x51, 0x26, 0xa5, 0x57, 0xe4, 0x9f, 0x8b, 0xbd, 0x31, 0xfc, 0x4e, + 0x85, 0x56, 0xf2, 0x30, 0x64, 0x0b, 0xf3, 0x62, 0x04, 0xc6, 0xcf, 0x3d, 0x56, 0xdc, 0xa5, 0xa4, + 0x1d, 0x86, 0x03, 0x07, 0xba, 0x67, 0x05, 0xa6, 0x98, 0x68, 0x11, 0x00, 0xa3, 0x27, 0xf9, 0x17, + 0x39, 0xc4, 0x86, 0xc4, 0x70, 0xba, 0x71, 0xd0, 0x3d, 0x28, 0x53, 0x14, 0xb0, 0xd7, 0xd0, 0x40, + 0x08, 0xe0, 0x3f, 0x2a, 0x2b, 0x85, 0xe7, 0xc2, 0x43, 0xd6, 0xfd, 0x9b, 0x97, 0xa0, 0x21, 0x68, + 0xc0, 0x69, 0xec, 0x57, 0x2d, 0x3f, 0x0c, 0xa1, 0x5e, 0xbc, 0xb1, 0x73, 0x9f, 0x3a, 0x0b, 0x3c, + 0x14, 0x7a, 0x88, 0xe0, 0xb7, 0x4f, 0x45, 0xa0, 0x07, 0xae, 0x92, 0x7d, 0x6f, 0x82, 0x2b, 0xf5, + 0x0b, 0x87, 0xb1, 0xe9, 0x3f, 0xe7, 0xd9, 0x18, 0x0b, 0xc6, 0xbc, 0x12, 0xbd, 0xe6, 0xc8, 0x07, + 0x0d, 0x10, 0xc9, 0x73, 0x31, 0x02, 0x82, 0x01, 0x01, 0x00, 0xf5, 0x0e, 0xbc, 0xea, 0xc9, 0xd3, + 0xc6, 0x44, 0x82, 0xa8, 0xc2, 0x65, 0xd6, 0x36, 0x54, 0x61, 0xaa, 0x4a, 0x31, 0xa6, 0xa7, 0x63, + 0x3a, 0x24, 0xc8, 0xe3, 0x47, 0x94, 0xec, 0xdf, 0xca, 0xb1, 0xd6, 0xb5, 0x2f, 0xb6, 0xa5, 0xf3, + 0x80, 0x55, 0xcc, 0x32, 0xd6, 0xa6, 0x1b, 0x88, 0x95, 0x50, 0xde, 0x27, 0xb3, 0xd0, 0xbd, 0x68, + 0xb6, 0xd4, 0xfd, 0xa0, 0x41, 0x59, 0x8a, 0xb9, 0x88, 0x87, 0x14, 0x39, 0x88, 0x57, 0x68, 0x06, + 0xb1, 0xc4, 0x87, 0x20, 0x79, 0x49, 0x02, 0x95, 0x2e, 0xbe, 0x1b, 0xf0, 0xde, 0xf6, 0x5a, 0x0e, + 0x6f, 0x94, 0x06, 0x70, 0x56, 0xe6, 0x86, 0x4f, 0xa2, 0x88, 0x2e, 0x3a, 0x16, 0xf2, 0x46, 0x28, + 0x20, 0x93, 0xd0, 0x37, 0x63, 0x90, 0x78, 0x18, 0x2d, 0xd0, 0xa6, 0xeb, 0x21, 0xd3, 0xba, 0xd0, + 0x63, 0x79, 0x01, 0xa2, 0x68, 0xb1, 0x4c, 0x63, 0x2c, 0x9d, 0x0b, 0x16, 0x90, 0xed, 0x88, 0xab, + 0xdd, 0xe0, 0x3f, 0x52, 0x82, 0x47, 0xaa, 0x2e, 0x41, 0x55, 0x7d, 0x08, 0x65, 0xad, 0x34, 0xe5, + 0x3f, 0xf5, 0x3a, 0xe0, 0xe5, 0xde, 0xa1, 0x95, 0xd9, 0x3f, 0xe6, 0x5c, 0x25, 0x87, 0x1f, 0x6f, + 0x23, 0xad, 0xf3, 0x4b, 0x6e, 0x96, 0x0c, 0x29, 0x78, 0xf2, 0xb7, 0x47, 0x5d, 0xaf, 0xce, 0x6c, + 0xbb, 0x26, 0xa5, 0x39, 0x34, 0xd2, 0x6c, 0x19, 0x3d, 0x67, 0xf3, 0x2d, 0xe9, 0x10, 0x35, 0xee, + 0xb8, 0x90, 0x22, 0xbe, 0xb7, 0xd5, 0xdf, 0x78, 0x4a, 0xc2, 0x0c, 0xa6, 0xab, 0x91, 0xbf, 0x6b, + 0x77, 0x5b, 0x6c, 0x94, 0x16, 0xf6, 0x05, 0xb4, 0x84, 0x17, 0x36, 0xcb, 0xfb, 0xd2, 0x2a, 0xd9, + 0x8a, 0xb2, 0xe8, 0x42, 0x84, 0x57, 0xe0, 0x79, 0x3f, 0x5a, 0xf4, 0x0e, 0x55, 0x0b, 0x48, 0x76, + 0x5d, 0x59, 0xe6, 0xe1, 0xb4, 0xa4, 0xa1, 0xf5, 0x71, 0xf1, 0x02, 0x82, 0x01, 0x01, 0x00, 0xd5, + 0xa9, 0x1d, 0x4d, 0x44, 0xbb, 0x9b, 0x73, 0xc1, 0xfe, 0x02, 0x48, 0x92, 0x5e, 0x2c, 0x0e, 0xc1, + 0xde, 0x51, 0x39, 0x0b, 0xd8, 0xa7, 0x3b, 0x45, 0x3d, 0xa5, 0x1a, 0xe2, 0x93, 0x25, 0xae, 0x76, + 0x57, 0x08, 0x9f, 0xd4, 0xee, 0x4a, 0x2f, 0xd9, 0x6e, 0x34, 0x5b, 0x57, 0xf6, 0x72, 0xd7, 0xd4, + 0x84, 0xfd, 0xe9, 0x91, 0x89, 0xab, 0x0a, 0x63, 0x65, 0xbf, 0x2b, 0x38, 0x68, 0x0d, 0x6b, 0xb9, + 0x47, 0xf4, 0xb2, 0x17, 0xbe, 0x66, 0x03, 0x23, 0xc2, 0x6b, 0x86, 0xd6, 0x43, 0xae, 0x68, 0x6d, + 0x82, 0xe3, 0x6e, 0xc0, 0x0c, 0xfd, 0x03, 0x89, 0x42, 0x44, 0x3c, 0xaa, 0x04, 0xa0, 0xf9, 0x1e, + 0x68, 0xec, 0x71, 0x79, 0x35, 0xb4, 0x5e, 0x79, 0x03, 0x11, 0xbe, 0x56, 0x44, 0x0d, 0x71, 0x76, + 0x94, 0x95, 0x94, 0x68, 0x8e, 0xd1, 0xdd, 0x5c, 0x91, 0x03, 0xc5, 0x7c, 0x15, 0x8d, 0x05, 0xe4, + 0xc3, 0x7b, 0x98, 0xd8, 0x18, 0x98, 0x03, 0x07, 0x44, 0xa6, 0x4f, 0x6e, 0xbd, 0xbf, 0x75, 0x0a, + 0xab, 0x79, 0x75, 0x7e, 0x34, 0xda, 0xc4, 0x22, 0x16, 0x3e, 0xa7, 0xc0, 0xf4, 0x2b, 0x97, 0x71, + 0x0c, 0x86, 0x19, 0x78, 0xb2, 0x41, 0x00, 0x38, 0x5a, 0xad, 0x72, 0x7e, 0x5f, 0x38, 0x36, 0xa7, + 0x4e, 0xa4, 0xbf, 0x1d, 0x36, 0xef, 0x2a, 0x5e, 0xdf, 0x9c, 0x9e, 0x8f, 0x99, 0x6e, 0xf3, 0x19, + 0x13, 0x48, 0x45, 0x0e, 0xa9, 0xf1, 0xd4, 0xa6, 0x3d, 0xb2, 0x9c, 0xb0, 0x6f, 0x63, 0xe5, 0xba, + 0xdb, 0x18, 0xe4, 0xd4, 0x0f, 0x51, 0x12, 0xb6, 0x58, 0xd1, 0xcc, 0x23, 0xcb, 0x65, 0x38, 0x8a, + 0xca, 0x03, 0xd1, 0x41, 0xa6, 0xbc, 0x5f, 0xbd, 0x94, 0x29, 0xfe, 0x33, 0xd3, 0x40, 0xd3, 0xe8, + 0x5b, 0xfa, 0x84, 0x89, 0x08, 0xd6, 0x0b, 0x56, 0x2f, 0x89, 0x4e, 0x8a, 0x33, 0x7d, 0xfd, 0x02, + 0x82, 0x01, 0x01, 0x00, 0xc4, 0x95, 0x0f, 0x0d, 0x95, 0xdc, 0x51, 0xd7, 0x91, 0xad, 0x09, 0x4d, + 0x22, 0x3b, 0x31, 0x13, 0xab, 0xc4, 0x9a, 0xf1, 0xe2, 0xa3, 0x61, 0xf8, 0x32, 0x42, 0xc8, 0xa0, + 0x7a, 0x28, 0xc8, 0x74, 0x43, 0x15, 0xd3, 0xf1, 0xc4, 0x4c, 0x82, 0xed, 0xd0, 0xc2, 0x13, 0x98, + 0xea, 0xcb, 0x75, 0x64, 0x8a, 0xe1, 0xf4, 0x88, 0x85, 0xf9, 0x23, 0x79, 0xd6, 0xff, 0xa0, 0x8c, + 0xd1, 0x11, 0x26, 0xa9, 0x9d, 0x9a, 0xcd, 0x79, 0xb8, 0x94, 0x6e, 0x34, 0x86, 0x65, 0x91, 0x85, + 0xf5, 0x11, 0x71, 0x8e, 0xc5, 0xe1, 0x43, 0x2b, 0x02, 0x71, 0x44, 0x26, 0xcd, 0xc7, 0x7e, 0x9e, + 0xac, 0xad, 0xe3, 0x67, 0x35, 0x16, 0x1a, 0x64, 0x3d, 0xcd, 0x60, 0xdc, 0xd2, 0x92, 0x2c, 0x47, + 0xaf, 0x5f, 0x4e, 0x19, 0x6c, 0x5d, 0x81, 0x24, 0x55, 0x5f, 0x67, 0xfc, 0xa1, 0x48, 0x04, 0x8d, + 0xfe, 0x06, 0x2c, 0xba, 0xca, 0x33, 0x4f, 0x0d, 0x8d, 0xae, 0xb9, 0x6d, 0x73, 0xbe, 0x9f, 0x8e, + 0x17, 0xc1, 0xc5, 0x5d, 0x6b, 0xd0, 0xb9, 0xa7, 0xe9, 0x9f, 0xe1, 0xdf, 0xba, 0x5c, 0xc1, 0x6a, + 0x07, 0xdb, 0xaa, 0x8c, 0x6d, 0x22, 0x0c, 0x64, 0xc9, 0xdd, 0xa1, 0x14, 0xa0, 0xf0, 0x29, 0x05, + 0x2b, 0x3a, 0x75, 0xb0, 0xd7, 0x3f, 0xe3, 0xb2, 0xed, 0x78, 0x21, 0xe5, 0xcd, 0x73, 0x07, 0xa1, + 0xa9, 0x5f, 0xd1, 0xf7, 0xba, 0x87, 0x60, 0xc8, 0x45, 0x4b, 0x7c, 0x38, 0xfb, 0xf6, 0x5c, 0x88, + 0xb0, 0x1c, 0xd2, 0x73, 0xba, 0x2c, 0x55, 0xc3, 0xb4, 0x77, 0xe4, 0x26, 0xae, 0x02, 0x5a, 0x2c, + 0xff, 0xc4, 0xa0, 0x95, 0xf2, 0xba, 0x4e, 0x07, 0x79, 0xa2, 0x4b, 0x76, 0x5b, 0x85, 0x48, 0x9f, + 0x2a, 0x0e, 0x79, 0xb9, 0x5f, 0xc0, 0xc3, 0x8e, 0x2a, 0x91, 0xf1, 0x2e, 0xf6, 0x5c, 0xa7, 0x49, + 0xce, 0x36, 0x94, 0x31, 0x02, 0x82, 0x01, 0x00, 0x2a, 0xa4, 0x8e, 0x0c, 0x95, 0xe3, 0x3b, 0xab, + 0x66, 0xd4, 0x63, 0x70, 0x48, 0x86, 0x33, 0x14, 0xde, 0xec, 0x98, 0x19, 0x62, 0x9b, 0xe3, 0x04, + 0x99, 0x55, 0x2c, 0x56, 0xa9, 0x51, 0xe4, 0xfb, 0x64, 0xf3, 0x09, 0xed, 0x9c, 0x79, 0xd2, 0xa4, + 0xaa, 0x28, 0xac, 0x9a, 0x6e, 0x7b, 0xe9, 0x7f, 0xda, 0x12, 0x90, 0xfa, 0xc4, 0xe9, 0x4d, 0x11, + 0xcd, 0xb4, 0xc8, 0xea, 0xbf, 0x5f, 0x45, 0x0e, 0x72, 0xf4, 0x41, 0x8a, 0x29, 0xe2, 0xfe, 0x49, + 0x32, 0x21, 0xe3, 0x84, 0x0d, 0xcf, 0x84, 0x47, 0xa3, 0x53, 0xb4, 0x40, 0xae, 0x63, 0xe9, 0x3b, + 0x83, 0x71, 0x8e, 0x5c, 0xed, 0x31, 0xef, 0x4e, 0xc9, 0x1a, 0xf7, 0xd5, 0xcd, 0xf3, 0x42, 0x04, + 0x78, 0xf2, 0x7b, 0xe0, 0x19, 0x27, 0x8b, 0xe7, 0x51, 0x5b, 0x66, 0x5f, 0x30, 0x5f, 0x10, 0xd3, + 0xb5, 0x5d, 0xdb, 0xfa, 0xd6, 0x41, 0x16, 0xdc, 0x4e, 0x44, 0x15, 0xae, 0xf3, 0xb2, 0x34, 0xe4, + 0xa5, 0xd6, 0xb5, 0xba, 0xb4, 0xc7, 0x7a, 0x26, 0xc9, 0xf2, 0x5f, 0x53, 0x6b, 0xd4, 0xf0, 0xb4, + 0xa4, 0x78, 0xfc, 0x18, 0x4f, 0x12, 0x6c, 0x80, 0xd5, 0x37, 0x42, 0xac, 0x62, 0xc2, 0x70, 0xe6, + 0xb2, 0x58, 0xa6, 0xb5, 0x6b, 0x33, 0x65, 0xec, 0xc2, 0x87, 0x97, 0xa9, 0xed, 0x12, 0xc1, 0xb9, + 0x1b, 0x26, 0x56, 0x03, 0xef, 0x75, 0x18, 0x07, 0xbc, 0xc1, 0x74, 0x73, 0x13, 0xf2, 0x27, 0x29, + 0xe1, 0xe3, 0xfe, 0x79, 0xf7, 0x5c, 0xc3, 0xfb, 0x5d, 0xc7, 0xcc, 0xb8, 0x1e, 0xfa, 0xcf, 0x9b, + 0x84, 0x79, 0x45, 0xa6, 0x10, 0x9e, 0xcf, 0x9c, 0xf1, 0x56, 0x50, 0x5c, 0xbb, 0x55, 0xa3, 0xd3, + 0x17, 0xeb, 0x32, 0x56, 0x61, 0xd1, 0x8f, 0xe6, 0xbb, 0x41, 0x60, 0x46, 0x83, 0x73, 0x18, 0x05, + 0x3b, 0x36, 0x51, 0x99, 0x33, 0x4c, 0x03, 0xa1, 0x02, 0x82, 0x01, 0x01, 0x00, 0xee, 0x63, 0x70, + 0x60, 0x30, 0xa4, 0xec, 0xe9, 0xfe, 0x3b, 0xdd, 0xcf, 0xc4, 0x9f, 0x5a, 0x83, 0xf3, 0x7f, 0x63, + 0xeb, 0xcb, 0x29, 0xdb, 0xdc, 0x99, 0x9f, 0x6f, 0xf5, 0x4b, 0x59, 0x6f, 0x11, 0x5c, 0xf1, 0xec, + 0xa0, 0x99, 0x90, 0x10, 0x8a, 0x43, 0x95, 0x18, 0xe9, 0x96, 0xf6, 0x89, 0xfd, 0xde, 0x89, 0xb2, + 0xc6, 0x7e, 0xdc, 0x04, 0xbf, 0x8e, 0x36, 0x67, 0x34, 0xc2, 0xae, 0x30, 0x17, 0xec, 0x14, 0xe0, + 0x42, 0x05, 0x0e, 0x7c, 0x65, 0x68, 0x40, 0x14, 0x6c, 0xa0, 0x48, 0x39, 0x4d, 0xce, 0xbe, 0x90, + 0xdd, 0x21, 0x95, 0x34, 0x9b, 0xba, 0xd3, 0x06, 0x56, 0x90, 0x31, 0xb2, 0xef, 0x6e, 0x91, 0x71, + 0xd2, 0xae, 0x77, 0x97, 0xc8, 0x84, 0x4e, 0x54, 0x83, 0x94, 0xca, 0x3b, 0x76, 0x8d, 0x84, 0x96, + 0xe9, 0x9e, 0xf6, 0x3a, 0xbb, 0x59, 0xb0, 0xff, 0x7f, 0xc7, 0x0e, 0xb5, 0x31, 0x53, 0xdd, 0x0f, + 0x59, 0x01, 0x8a, 0x27, 0x5a, 0xcb, 0xa7, 0x01, 0xf2, 0xc7, 0x6a, 0x15, 0xc8, 0x94, 0xf5, 0x34, + 0x61, 0xfe, 0xdf, 0x65, 0xbc, 0x25, 0xc2, 0xc5, 0xce, 0xc3, 0x96, 0xe5, 0x56, 0xa1, 0xa9, 0x19, + 0xbc, 0x7a, 0x05, 0x63, 0x93, 0xd5, 0x06, 0x44, 0x12, 0x6d, 0xcd, 0xef, 0x92, 0x56, 0x64, 0x2e, + 0x65, 0xa6, 0x04, 0x3c, 0xbc, 0xe9, 0x49, 0x7e, 0x19, 0x2c, 0xf2, 0xcb, 0x33, 0x64, 0x8e, 0x11, + 0x7f, 0x41, 0xdb, 0xf0, 0x19, 0x00, 0xac, 0xb9, 0x3b, 0x0c, 0x78, 0xdd, 0xf3, 0x1f, 0x38, 0x1f, + 0x4d, 0xb3, 0xf9, 0xcc, 0xbb, 0xb6, 0x90, 0x93, 0xda, 0xbf, 0x2e, 0x89, 0xdb, 0xbc, 0x0c, 0xb7, + 0x2f, 0x20, 0xc0, 0x05, 0xa2, 0x51, 0x9e, 0x3a, 0x87, 0x41, 0x46, 0x49, 0x5d, 0x7a, 0xac, 0xf3, + 0x41, 0x6a, 0x42, 0x2e, 0x56, 0x09, 0x86, 0xf2, 0x2f, 0x39, 0x45, 0x6e, 0x7f, }; const unsigned char test_ec_secp192r1_priv[] = { - 0xd8, 0x3b, 0x57, 0xa5, 0x9c, 0x51, 0x35, 0x8d, 0x9c, 0x8b, 0xbb, 0x89, - 0x8a, 0xff, 0x50, 0x7f, 0x44, 0xdd, 0x14, 0xcf, 0x16, 0x91, 0x71, 0x90, + 0xd8, 0x3b, 0x57, 0xa5, 0x9c, 0x51, 0x35, 0x8d, 0x9c, 0x8b, 0xbb, 0x89, 0x8a, 0xff, 0x50, 0x7f, + 0x44, 0xdd, 0x14, 0xcf, 0x16, 0x91, 0x71, 0x90, }; const unsigned char test_ec_secp192r1_pub[] = { - 0x04, 0xe3, 0x5f, 0xcb, 0xee, 0x11, 0xce, 0xc3, 0x15, 0x4f, 0x80, 0xa1, - 0xa6, 0x1d, 0xf7, 0xd7, 0x61, 0x2d, 0xe4, 0xf2, 0xfd, 0x70, 0xc5, 0x60, - 0x8d, 0x0e, 0xe3, 0xa4, 0xa1, 0xa5, 0x71, 0x94, 0x71, 0xad, 0xb3, 0x39, - 0x66, 0xdd, 0x9b, 0x03, 0x5f, 0xdb, 0x77, 0x4f, 0xee, 0xba, 0x94, 0xb0, + 0x04, 0xe3, 0x5f, 0xcb, 0xee, 0x11, 0xce, 0xc3, 0x15, 0x4f, 0x80, 0xa1, 0xa6, 0x1d, 0xf7, 0xd7, + 0x61, 0x2d, 0xe4, 0xf2, 0xfd, 0x70, 0xc5, 0x60, 0x8d, 0x0e, 0xe3, 0xa4, 0xa1, 0xa5, 0x71, 0x94, + 0x71, 0xad, 0xb3, 0x39, 0x66, 0xdd, 0x9b, 0x03, 0x5f, 0xdb, 0x77, 0x4f, 0xee, 0xba, 0x94, 0xb0, 0x4c, }; const unsigned char test_ec_secp224r1_priv[] = { - 0x87, 0x2f, 0x20, 0x3b, 0x3a, 0xd3, 0x5b, 0x7f, 0x2e, 0xcc, 0x80, 0x3c, - 0x3a, 0x0e, 0x1e, 0x0b, 0x1e, 0xd6, 0x1c, 0xc1, 0xaf, 0xe7, 0x1b, 0x18, - 0x9c, 0xd4, 0xc9, 0x95, + 0x87, 0x2f, 0x20, 0x3b, 0x3a, 0xd3, 0x5b, 0x7f, 0x2e, 0xcc, 0x80, 0x3c, 0x3a, 0x0e, 0x1e, 0x0b, + 0x1e, 0xd6, 0x1c, 0xc1, 0xaf, 0xe7, 0x1b, 0x18, 0x9c, 0xd4, 0xc9, 0x95, }; const unsigned char test_ec_secp224r1_pub[] = { - 0x04, 0x6f, 0x00, 0xea, 0xda, 0xa9, 0x49, 0xfe, 0xe3, 0xe9, 0xe1, 0xc7, - 0xfa, 0x12, 0x47, 0xee, 0xce, 0xc8, 0x6a, 0x0d, 0xce, 0x46, 0x41, 0x8b, - 0x9b, 0xd3, 0x11, 0x7b, 0x98, 0x1d, 0x4b, 0xd0, 0xae, 0x7a, 0x99, 0x0d, - 0xe9, 0x12, 0xf9, 0xd0, 0x60, 0xd6, 0xcb, 0x53, 0x1a, 0x42, 0xd2, 0x2e, + 0x04, 0x6f, 0x00, 0xea, 0xda, 0xa9, 0x49, 0xfe, 0xe3, 0xe9, 0xe1, 0xc7, 0xfa, 0x12, 0x47, 0xee, + 0xce, 0xc8, 0x6a, 0x0d, 0xce, 0x46, 0x41, 0x8b, 0x9b, 0xd3, 0x11, 0x7b, 0x98, 0x1d, 0x4b, 0xd0, + 0xae, 0x7a, 0x99, 0x0d, 0xe9, 0x12, 0xf9, 0xd0, 0x60, 0xd6, 0xcb, 0x53, 0x1a, 0x42, 0xd2, 0x2e, 0x39, 0x4a, 0xc2, 0x9e, 0x81, 0x80, 0x4b, 0xf1, 0x60, }; const unsigned char test_ec_secp256r1_priv[] = { - 0x49, 0xc9, 0xa8, 0xc1, 0x8c, 0x4b, 0x88, 0x56, 0x38, 0xc4, 0x31, 0xcf, - 0x1d, 0xf1, 0xc9, 0x94, 0x13, 0x16, 0x09, 0xb5, 0x80, 0xd4, 0xfd, 0x43, - 0xa0, 0xca, 0xb1, 0x7d, 0xb2, 0xf1, 0x3e, 0xee, + 0x49, 0xc9, 0xa8, 0xc1, 0x8c, 0x4b, 0x88, 0x56, 0x38, 0xc4, 0x31, 0xcf, 0x1d, 0xf1, 0xc9, 0x94, + 0x13, 0x16, 0x09, 0xb5, 0x80, 0xd4, 0xfd, 0x43, 0xa0, 0xca, 0xb1, 0x7d, 0xb2, 0xf1, 0x3e, 0xee, }; const unsigned char test_ec_secp256r1_pub[] = { - 0x04, 0x77, 0x72, 0x65, 0x6f, 0x81, 0x4b, 0x39, 0x92, 0x79, 0xd5, 0xe1, - 0xf1, 0x78, 0x1f, 0xac, 0x6f, 0x09, 0x9a, 0x3c, 0x5c, 0xa1, 0xb0, 0xe3, - 0x53, 0x51, 0x83, 0x4b, 0x08, 0xb6, 0x5e, 0x0b, 0x57, 0x25, 0x90, 0xcd, - 0xaf, 0x8f, 0x76, 0x93, 0x61, 0xbc, 0xf3, 0x4a, 0xcf, 0xc1, 0x1e, 0x5e, - 0x07, 0x4e, 0x84, 0x26, 0xbd, 0xde, 0x04, 0xbe, 0x6e, 0x65, 0x39, 0x45, - 0x44, 0x96, 0x17, 0xde, 0x45, + 0x04, 0x77, 0x72, 0x65, 0x6f, 0x81, 0x4b, 0x39, 0x92, 0x79, 0xd5, 0xe1, 0xf1, 0x78, 0x1f, 0xac, + 0x6f, 0x09, 0x9a, 0x3c, 0x5c, 0xa1, 0xb0, 0xe3, 0x53, 0x51, 0x83, 0x4b, 0x08, 0xb6, 0x5e, 0x0b, + 0x57, 0x25, 0x90, 0xcd, 0xaf, 0x8f, 0x76, 0x93, 0x61, 0xbc, 0xf3, 0x4a, 0xcf, 0xc1, 0x1e, 0x5e, + 0x07, 0x4e, 0x84, 0x26, 0xbd, 0xde, 0x04, 0xbe, 0x6e, 0x65, 0x39, 0x45, 0x44, 0x96, 0x17, 0xde, + 0x45, }; const unsigned char test_ec_secp384r1_priv[] = { - 0x3f, 0x5d, 0x8d, 0x9b, 0xe2, 0x80, 0xb5, 0x69, 0x6c, 0xc5, 0xcc, 0x9f, - 0x94, 0xcf, 0x8a, 0xf7, 0xe6, 0xb6, 0x1d, 0xd6, 0x59, 0x2b, 0x2a, 0xb2, - 0xb3, 0xa4, 0xc6, 0x07, 0x45, 0x04, 0x17, 0xec, 0x32, 0x7d, 0xcd, 0xca, - 0xed, 0x7c, 0x10, 0x05, 0x3d, 0x71, 0x9a, 0x05, 0x74, 0xf0, 0xa7, 0x6a, + 0x3f, 0x5d, 0x8d, 0x9b, 0xe2, 0x80, 0xb5, 0x69, 0x6c, 0xc5, 0xcc, 0x9f, 0x94, 0xcf, 0x8a, 0xf7, + 0xe6, 0xb6, 0x1d, 0xd6, 0x59, 0x2b, 0x2a, 0xb2, 0xb3, 0xa4, 0xc6, 0x07, 0x45, 0x04, 0x17, 0xec, + 0x32, 0x7d, 0xcd, 0xca, 0xed, 0x7c, 0x10, 0x05, 0x3d, 0x71, 0x9a, 0x05, 0x74, 0xf0, 0xa7, 0x6a, }; const unsigned char test_ec_secp384r1_pub[] = { - 0x04, 0xd9, 0xc6, 0x62, 0xb5, 0x0b, 0xa2, 0x9c, 0xa4, 0x79, 0x90, 0x45, - 0x0e, 0x04, 0x3a, 0xea, 0xf4, 0xf0, 0xc6, 0x9b, 0x15, 0x67, 0x6d, 0x11, - 0x2f, 0x62, 0x2a, 0x71, 0xc9, 0x30, 0x59, 0xaf, 0x99, 0x96, 0x91, 0xc5, - 0x68, 0x0d, 0x2b, 0x44, 0xd1, 0x11, 0x57, 0x9d, 0xb1, 0x2f, 0x4a, 0x41, - 0x3a, 0x2e, 0xd5, 0xc4, 0x5f, 0xcf, 0xb6, 0x7b, 0x5b, 0x63, 0xe0, 0x0b, - 0x91, 0xeb, 0xe5, 0x9d, 0x09, 0xa6, 0xb1, 0xac, 0x2c, 0x0c, 0x42, 0x82, - 0xaa, 0x12, 0x31, 0x7e, 0xd5, 0x91, 0x4f, 0x99, 0x9b, 0xc4, 0x88, 0xbb, - 0x13, 0x2e, 0x83, 0x42, 0xcc, 0x36, 0xf2, 0xca, 0x5e, 0x33, 0x79, 0xc7, + 0x04, 0xd9, 0xc6, 0x62, 0xb5, 0x0b, 0xa2, 0x9c, 0xa4, 0x79, 0x90, 0x45, 0x0e, 0x04, 0x3a, 0xea, + 0xf4, 0xf0, 0xc6, 0x9b, 0x15, 0x67, 0x6d, 0x11, 0x2f, 0x62, 0x2a, 0x71, 0xc9, 0x30, 0x59, 0xaf, + 0x99, 0x96, 0x91, 0xc5, 0x68, 0x0d, 0x2b, 0x44, 0xd1, 0x11, 0x57, 0x9d, 0xb1, 0x2f, 0x4a, 0x41, + 0x3a, 0x2e, 0xd5, 0xc4, 0x5f, 0xcf, 0xb6, 0x7b, 0x5b, 0x63, 0xe0, 0x0b, 0x91, 0xeb, 0xe5, 0x9d, + 0x09, 0xa6, 0xb1, 0xac, 0x2c, 0x0c, 0x42, 0x82, 0xaa, 0x12, 0x31, 0x7e, 0xd5, 0x91, 0x4f, 0x99, + 0x9b, 0xc4, 0x88, 0xbb, 0x13, 0x2e, 0x83, 0x42, 0xcc, 0x36, 0xf2, 0xca, 0x5e, 0x33, 0x79, 0xc7, 0x47, }; const unsigned char test_ec_secp521r1_priv[] = { - 0x01, 0xb1, 0xb6, 0xad, 0x07, 0xbb, 0x79, 0xe7, 0x32, 0x0d, 0xa5, 0x98, - 0x60, 0xea, 0x28, 0xe0, 0x55, 0x28, 0x4f, 0x60, 0x58, 0xf2, 0x79, 0xde, - 0x66, 0x6e, 0x06, 0xd4, 0x35, 0xd2, 0xaf, 0x7b, 0xda, 0x28, 0xd9, 0x9f, - 0xa4, 0x7b, 0x7d, 0xd0, 0x96, 0x3e, 0x16, 0xb0, 0x07, 0x30, 0x78, 0xee, - 0x8b, 0x8a, 0x38, 0xd9, 0x66, 0xa5, 0x82, 0xf4, 0x6d, 0x19, 0xff, 0x95, - 0xdf, 0x3a, 0xd9, 0x68, 0x5a, 0xae, + 0x01, 0xb1, 0xb6, 0xad, 0x07, 0xbb, 0x79, 0xe7, 0x32, 0x0d, 0xa5, 0x98, 0x60, 0xea, 0x28, 0xe0, + 0x55, 0x28, 0x4f, 0x60, 0x58, 0xf2, 0x79, 0xde, 0x66, 0x6e, 0x06, 0xd4, 0x35, 0xd2, 0xaf, 0x7b, + 0xda, 0x28, 0xd9, 0x9f, 0xa4, 0x7b, 0x7d, 0xd0, 0x96, 0x3e, 0x16, 0xb0, 0x07, 0x30, 0x78, 0xee, + 0x8b, 0x8a, 0x38, 0xd9, 0x66, 0xa5, 0x82, 0xf4, 0x6d, 0x19, 0xff, 0x95, 0xdf, 0x3a, 0xd9, 0x68, + 0x5a, 0xae, }; const unsigned char test_ec_secp521r1_pub[] = { - 0x04, 0x00, 0x1d, 0xe1, 0x42, 0xd5, 0x4f, 0x69, 0xeb, 0x03, 0x8e, 0xe4, - 0xb7, 0xaf, 0x9d, 0x3c, 0xa0, 0x77, 0x36, 0xfd, 0x9c, 0xf7, 0x19, 0xeb, - 0x35, 0x4d, 0x69, 0x87, 0x9e, 0xe7, 0xf3, 0xc1, 0x36, 0xfb, 0x0f, 0xbf, - 0x9f, 0x08, 0xf8, 0x6b, 0xe5, 0xfa, 0x12, 0x8e, 0xc1, 0xa0, 0x51, 0xd3, - 0xe6, 0xc6, 0x43, 0xe8, 0x5a, 0xda, 0x8f, 0xfa, 0xcf, 0x36, 0x63, 0xc2, - 0x60, 0xbd, 0x2c, 0x84, 0x4b, 0x6f, 0x56, 0x00, 0xce, 0xe8, 0xe4, 0x8a, - 0x9e, 0x65, 0xd0, 0x9c, 0xad, 0xd8, 0x9f, 0x23, 0x5d, 0xee, 0x05, 0xf3, - 0xb8, 0xa6, 0x46, 0xbe, 0x71, 0x5f, 0x1f, 0x67, 0xd5, 0xb4, 0x34, 0xe0, - 0xff, 0x23, 0xa1, 0xfc, 0x07, 0xef, 0x77, 0x40, 0x19, 0x3e, 0x40, 0xee, - 0xff, 0x6f, 0x3b, 0xcd, 0xfd, 0x76, 0x5a, 0xa9, 0x15, 0x50, 0x33, 0x52, - 0x4f, 0xe4, 0xf2, 0x05, 0xf5, 0x44, 0x4e, 0x29, 0x2c, 0x4c, 0x2f, 0x6a, - 0xc1, + 0x04, 0x00, 0x1d, 0xe1, 0x42, 0xd5, 0x4f, 0x69, 0xeb, 0x03, 0x8e, 0xe4, 0xb7, 0xaf, 0x9d, 0x3c, + 0xa0, 0x77, 0x36, 0xfd, 0x9c, 0xf7, 0x19, 0xeb, 0x35, 0x4d, 0x69, 0x87, 0x9e, 0xe7, 0xf3, 0xc1, + 0x36, 0xfb, 0x0f, 0xbf, 0x9f, 0x08, 0xf8, 0x6b, 0xe5, 0xfa, 0x12, 0x8e, 0xc1, 0xa0, 0x51, 0xd3, + 0xe6, 0xc6, 0x43, 0xe8, 0x5a, 0xda, 0x8f, 0xfa, 0xcf, 0x36, 0x63, 0xc2, 0x60, 0xbd, 0x2c, 0x84, + 0x4b, 0x6f, 0x56, 0x00, 0xce, 0xe8, 0xe4, 0x8a, 0x9e, 0x65, 0xd0, 0x9c, 0xad, 0xd8, 0x9f, 0x23, + 0x5d, 0xee, 0x05, 0xf3, 0xb8, 0xa6, 0x46, 0xbe, 0x71, 0x5f, 0x1f, 0x67, 0xd5, 0xb4, 0x34, 0xe0, + 0xff, 0x23, 0xa1, 0xfc, 0x07, 0xef, 0x77, 0x40, 0x19, 0x3e, 0x40, 0xee, 0xff, 0x6f, 0x3b, 0xcd, + 0xfd, 0x76, 0x5a, 0xa9, 0x15, 0x50, 0x33, 0x52, 0x4f, 0xe4, 0xf2, 0x05, 0xf5, 0x44, 0x4e, 0x29, + 0x2c, 0x4c, 0x2f, 0x6a, 0xc1, }; const unsigned char test_ec_bp256r1_priv[] = { - 0x21, 0x61, 0xd6, 0xf2, 0xdb, 0x76, 0x52, 0x6f, 0xa6, 0x2c, 0x16, 0xf3, - 0x56, 0xa8, 0x0f, 0x01, 0xf3, 0x2f, 0x77, 0x67, 0x84, 0xb3, 0x6a, 0xa9, - 0x97, 0x99, 0xa8, 0xb7, 0x66, 0x20, 0x80, 0xff, + 0x21, 0x61, 0xd6, 0xf2, 0xdb, 0x76, 0x52, 0x6f, 0xa6, 0x2c, 0x16, 0xf3, 0x56, 0xa8, 0x0f, 0x01, + 0xf3, 0x2f, 0x77, 0x67, 0x84, 0xb3, 0x6a, 0xa9, 0x97, 0x99, 0xa8, 0xb7, 0x66, 0x20, 0x80, 0xff, }; const unsigned char test_ec_bp256r1_pub[] = { - 0x04, 0x76, 0x8c, 0x8c, 0xae, 0x4a, 0xbc, 0xa6, 0x30, 0x6d, 0xb0, 0xed, - 0x81, 0xb0, 0xc4, 0xa6, 0x21, 0x5c, 0x37, 0x80, 0x66, 0xec, 0x6d, 0x61, - 0x6c, 0x14, 0x6e, 0x13, 0xf1, 0xc7, 0xdf, 0x80, 0x9b, 0x96, 0xab, 0x69, - 0x11, 0xc2, 0x7d, 0x8a, 0x02, 0x33, 0x9f, 0x09, 0x26, 0x84, 0x0e, 0x55, - 0x23, 0x6d, 0x3d, 0x1e, 0xfb, 0xe2, 0x66, 0x9d, 0x09, 0x0e, 0x4c, 0x4c, - 0x66, 0x0f, 0xad, 0xa9, 0x1d, + 0x04, 0x76, 0x8c, 0x8c, 0xae, 0x4a, 0xbc, 0xa6, 0x30, 0x6d, 0xb0, 0xed, 0x81, 0xb0, 0xc4, 0xa6, + 0x21, 0x5c, 0x37, 0x80, 0x66, 0xec, 0x6d, 0x61, 0x6c, 0x14, 0x6e, 0x13, 0xf1, 0xc7, 0xdf, 0x80, + 0x9b, 0x96, 0xab, 0x69, 0x11, 0xc2, 0x7d, 0x8a, 0x02, 0x33, 0x9f, 0x09, 0x26, 0x84, 0x0e, 0x55, + 0x23, 0x6d, 0x3d, 0x1e, 0xfb, 0xe2, 0x66, 0x9d, 0x09, 0x0e, 0x4c, 0x4c, 0x66, 0x0f, 0xad, 0xa9, + 0x1d, }; const unsigned char test_ec_bp384r1_priv[] = { - 0x3d, 0xd9, 0x2e, 0x75, 0x0d, 0x90, 0xd7, 0xd3, 0x9f, 0xc1, 0x88, 0x5c, - 0xd8, 0xad, 0x12, 0xea, 0x94, 0x41, 0xf2, 0x2b, 0x93, 0x34, 0xb4, 0xd9, - 0x65, 0x20, 0x2a, 0xdb, 0x14, 0x48, 0xce, 0x24, 0xc5, 0x80, 0x8a, 0x85, - 0xdd, 0x9a, 0xfc, 0x22, 0x9a, 0xf0, 0xa3, 0x12, 0x4f, 0x75, 0x5b, 0xcb, + 0x3d, 0xd9, 0x2e, 0x75, 0x0d, 0x90, 0xd7, 0xd3, 0x9f, 0xc1, 0x88, 0x5c, 0xd8, 0xad, 0x12, 0xea, + 0x94, 0x41, 0xf2, 0x2b, 0x93, 0x34, 0xb4, 0xd9, 0x65, 0x20, 0x2a, 0xdb, 0x14, 0x48, 0xce, 0x24, + 0xc5, 0x80, 0x8a, 0x85, 0xdd, 0x9a, 0xfc, 0x22, 0x9a, 0xf0, 0xa3, 0x12, 0x4f, 0x75, 0x5b, 0xcb, }; const unsigned char test_ec_bp384r1_pub[] = { - 0x04, 0x71, 0x9f, 0x9d, 0x09, 0x3a, 0x62, 0x7e, 0x0d, 0x35, 0x03, 0x85, - 0xc6, 0x61, 0xce, 0xbf, 0x00, 0xc6, 0x19, 0x23, 0x56, 0x6f, 0xe9, 0x00, - 0x6a, 0x31, 0x07, 0xaf, 0x1d, 0x87, 0x1b, 0xc6, 0xbb, 0x68, 0x98, 0x5f, - 0xd7, 0x22, 0xea, 0x32, 0xbe, 0x31, 0x6f, 0x8e, 0x78, 0x3b, 0x7c, 0xd1, - 0x95, 0x77, 0x85, 0xf6, 0x6c, 0xfc, 0x0c, 0xb1, 0x95, 0xdd, 0x5c, 0x99, - 0xa8, 0xe7, 0xab, 0xaa, 0x84, 0x85, 0x53, 0xa5, 0x84, 0xdf, 0xd2, 0xb4, - 0x8e, 0x76, 0xd4, 0x45, 0xfe, 0x00, 0xdd, 0x8b, 0xe5, 0x90, 0x96, 0xd8, - 0x77, 0xd4, 0x69, 0x6d, 0x23, 0xb4, 0xbc, 0x8d, 0xb1, 0x47, 0x24, 0xe6, + 0x04, 0x71, 0x9f, 0x9d, 0x09, 0x3a, 0x62, 0x7e, 0x0d, 0x35, 0x03, 0x85, 0xc6, 0x61, 0xce, 0xbf, + 0x00, 0xc6, 0x19, 0x23, 0x56, 0x6f, 0xe9, 0x00, 0x6a, 0x31, 0x07, 0xaf, 0x1d, 0x87, 0x1b, 0xc6, + 0xbb, 0x68, 0x98, 0x5f, 0xd7, 0x22, 0xea, 0x32, 0xbe, 0x31, 0x6f, 0x8e, 0x78, 0x3b, 0x7c, 0xd1, + 0x95, 0x77, 0x85, 0xf6, 0x6c, 0xfc, 0x0c, 0xb1, 0x95, 0xdd, 0x5c, 0x99, 0xa8, 0xe7, 0xab, 0xaa, + 0x84, 0x85, 0x53, 0xa5, 0x84, 0xdf, 0xd2, 0xb4, 0x8e, 0x76, 0xd4, 0x45, 0xfe, 0x00, 0xdd, 0x8b, + 0xe5, 0x90, 0x96, 0xd8, 0x77, 0xd4, 0x69, 0x6d, 0x23, 0xb4, 0xbc, 0x8d, 0xb1, 0x47, 0x24, 0xe6, 0x6a, }; const unsigned char test_ec_bp512r1_priv[] = { - 0x37, 0x2c, 0x97, 0x78, 0xf6, 0x9f, 0x72, 0x6c, 0xbc, 0xa3, 0xf4, 0xa2, - 0x68, 0xf1, 0x6b, 0x4d, 0x61, 0x7d, 0x10, 0x28, 0x0d, 0x79, 0xa6, 0xa0, - 0x29, 0xcd, 0x51, 0x87, 0x9f, 0xe1, 0x01, 0x29, 0x34, 0xdf, 0xe5, 0x39, - 0x54, 0x55, 0x33, 0x7d, 0xf6, 0x90, 0x6d, 0xc7, 0xd6, 0xd2, 0xee, 0xa4, - 0xdb, 0xb2, 0x06, 0x5c, 0x02, 0x28, 0xf7, 0x3b, 0x3e, 0xd7, 0x16, 0x48, - 0x0e, 0x7d, 0x71, 0xd2, + 0x37, 0x2c, 0x97, 0x78, 0xf6, 0x9f, 0x72, 0x6c, 0xbc, 0xa3, 0xf4, 0xa2, 0x68, 0xf1, 0x6b, 0x4d, + 0x61, 0x7d, 0x10, 0x28, 0x0d, 0x79, 0xa6, 0xa0, 0x29, 0xcd, 0x51, 0x87, 0x9f, 0xe1, 0x01, 0x29, + 0x34, 0xdf, 0xe5, 0x39, 0x54, 0x55, 0x33, 0x7d, 0xf6, 0x90, 0x6d, 0xc7, 0xd6, 0xd2, 0xee, 0xa4, + 0xdb, 0xb2, 0x06, 0x5c, 0x02, 0x28, 0xf7, 0x3b, 0x3e, 0xd7, 0x16, 0x48, 0x0e, 0x7d, 0x71, 0xd2, }; const unsigned char test_ec_bp512r1_pub[] = { - 0x04, 0x38, 0xb7, 0xec, 0x92, 0xb6, 0x1c, 0x5c, 0x6c, 0x7f, 0xbc, 0x28, - 0xa4, 0xec, 0x75, 0x9d, 0x48, 0xfc, 0xd4, 0xe2, 0xe3, 0x74, 0xde, 0xfd, - 0x5c, 0x49, 0x68, 0xa5, 0x4d, 0xbe, 0xf7, 0x51, 0x0e, 0x51, 0x78, 0x86, - 0xfb, 0xfc, 0x38, 0xea, 0x39, 0xaa, 0x52, 0x93, 0x59, 0xd7, 0x0a, 0x71, - 0x56, 0xc3, 0x5d, 0x3c, 0xba, 0xc7, 0xce, 0x77, 0x6b, 0xdb, 0x25, 0x1d, - 0xd6, 0x4b, 0xce, 0x71, 0x23, 0x44, 0x24, 0xee, 0x70, 0x49, 0xee, 0xd0, - 0x72, 0xf0, 0xdb, 0xc4, 0xd7, 0x99, 0x96, 0xe1, 0x75, 0xd5, 0x57, 0xe2, - 0x63, 0x76, 0x3a, 0xe9, 0x70, 0x95, 0xc0, 0x81, 0xe7, 0x3e, 0x7d, 0xb2, - 0xe3, 0x8a, 0xdc, 0x3d, 0x4c, 0x9a, 0x04, 0x87, 0xb1, 0xed, 0xe8, 0x76, - 0xdc, 0x1f, 0xca, 0x61, 0xc9, 0x02, 0xe9, 0xa1, 0xd8, 0x72, 0x2b, 0x86, - 0x12, 0x92, 0x8f, 0x18, 0xa2, 0x48, 0x45, 0x59, 0x1a, + 0x04, 0x38, 0xb7, 0xec, 0x92, 0xb6, 0x1c, 0x5c, 0x6c, 0x7f, 0xbc, 0x28, 0xa4, 0xec, 0x75, 0x9d, + 0x48, 0xfc, 0xd4, 0xe2, 0xe3, 0x74, 0xde, 0xfd, 0x5c, 0x49, 0x68, 0xa5, 0x4d, 0xbe, 0xf7, 0x51, + 0x0e, 0x51, 0x78, 0x86, 0xfb, 0xfc, 0x38, 0xea, 0x39, 0xaa, 0x52, 0x93, 0x59, 0xd7, 0x0a, 0x71, + 0x56, 0xc3, 0x5d, 0x3c, 0xba, 0xc7, 0xce, 0x77, 0x6b, 0xdb, 0x25, 0x1d, 0xd6, 0x4b, 0xce, 0x71, + 0x23, 0x44, 0x24, 0xee, 0x70, 0x49, 0xee, 0xd0, 0x72, 0xf0, 0xdb, 0xc4, 0xd7, 0x99, 0x96, 0xe1, + 0x75, 0xd5, 0x57, 0xe2, 0x63, 0x76, 0x3a, 0xe9, 0x70, 0x95, 0xc0, 0x81, 0xe7, 0x3e, 0x7d, 0xb2, + 0xe3, 0x8a, 0xdc, 0x3d, 0x4c, 0x9a, 0x04, 0x87, 0xb1, 0xed, 0xe8, 0x76, 0xdc, 0x1f, 0xca, 0x61, + 0xc9, 0x02, 0xe9, 0xa1, 0xd8, 0x72, 0x2b, 0x86, 0x12, 0x92, 0x8f, 0x18, 0xa2, 0x48, 0x45, 0x59, + 0x1a, }; const unsigned char test_ec_secp192k1_priv[] = { - 0x29, 0x7a, 0xc1, 0x72, 0x2c, 0xca, 0xc7, 0x58, 0x9e, 0xcb, 0x24, 0x0d, - 0xc7, 0x19, 0x84, 0x25, 0x38, 0xca, 0x97, 0x4b, 0xeb, 0x79, 0xf2, 0x28, + 0x29, 0x7a, 0xc1, 0x72, 0x2c, 0xca, 0xc7, 0x58, 0x9e, 0xcb, 0x24, 0x0d, 0xc7, 0x19, 0x84, 0x25, + 0x38, 0xca, 0x97, 0x4b, 0xeb, 0x79, 0xf2, 0x28, }; const unsigned char test_ec_secp192k1_pub[] = { - 0x04, 0x26, 0xb7, 0xbb, 0x38, 0xda, 0x64, 0x9a, 0xc2, 0x13, 0x8f, 0xc0, - 0x50, 0xc6, 0x54, 0x8b, 0x32, 0x55, 0x3d, 0xab, 0x68, 0xaf, 0xeb, 0xc3, - 0x61, 0x05, 0xd3, 0x25, 0xb7, 0x55, 0x38, 0xc1, 0x23, 0x23, 0xcb, 0x07, - 0x64, 0x78, 0x9e, 0xcb, 0x99, 0x26, 0x71, 0xbe, 0xb2, 0xb6, 0xbe, 0xf2, + 0x04, 0x26, 0xb7, 0xbb, 0x38, 0xda, 0x64, 0x9a, 0xc2, 0x13, 0x8f, 0xc0, 0x50, 0xc6, 0x54, 0x8b, + 0x32, 0x55, 0x3d, 0xab, 0x68, 0xaf, 0xeb, 0xc3, 0x61, 0x05, 0xd3, 0x25, 0xb7, 0x55, 0x38, 0xc1, + 0x23, 0x23, 0xcb, 0x07, 0x64, 0x78, 0x9e, 0xcb, 0x99, 0x26, 0x71, 0xbe, 0xb2, 0xb6, 0xbe, 0xf2, 0xf5, }; const unsigned char test_ec_secp256k1_priv[] = { - 0x7f, 0xa0, 0x6f, 0xa0, 0x2d, 0x0e, 0x91, 0x1b, 0x9a, 0x47, 0xfd, 0xc1, - 0x7d, 0x2d, 0x96, 0x2c, 0xa0, 0x1e, 0x2f, 0x31, 0xd6, 0x0c, 0x62, 0x12, - 0xd0, 0xed, 0x7e, 0x3b, 0xba, 0x23, 0xa7, 0xb9, + 0x7f, 0xa0, 0x6f, 0xa0, 0x2d, 0x0e, 0x91, 0x1b, 0x9a, 0x47, 0xfd, 0xc1, 0x7d, 0x2d, 0x96, 0x2c, + 0xa0, 0x1e, 0x2f, 0x31, 0xd6, 0x0c, 0x62, 0x12, 0xd0, 0xed, 0x7e, 0x3b, 0xba, 0x23, 0xa7, 0xb9, }; const unsigned char test_ec_secp256k1_pub[] = { - 0x04, 0x5c, 0x39, 0x15, 0x45, 0x79, 0xef, 0xd6, 0x67, 0xad, 0xc7, 0x3a, - 0x81, 0x01, 0x5a, 0x79, 0x7d, 0x2c, 0x86, 0x82, 0xcd, 0xfb, 0xd3, 0xc3, - 0x55, 0x3c, 0x4a, 0x18, 0x5d, 0x48, 0x1c, 0xdc, 0x50, 0xe4, 0x2a, 0x0e, - 0x1c, 0xbc, 0x3c, 0xa2, 0x9a, 0x32, 0xa6, 0x45, 0xe9, 0x27, 0xf5, 0x4b, - 0xea, 0xed, 0x14, 0xc9, 0xdb, 0xbf, 0x82, 0x79, 0xd7, 0x25, 0xf5, 0x49, - 0x5c, 0xa9, 0x24, 0xb2, 0x4d, + 0x04, 0x5c, 0x39, 0x15, 0x45, 0x79, 0xef, 0xd6, 0x67, 0xad, 0xc7, 0x3a, 0x81, 0x01, 0x5a, 0x79, + 0x7d, 0x2c, 0x86, 0x82, 0xcd, 0xfb, 0xd3, 0xc3, 0x55, 0x3c, 0x4a, 0x18, 0x5d, 0x48, 0x1c, 0xdc, + 0x50, 0xe4, 0x2a, 0x0e, 0x1c, 0xbc, 0x3c, 0xa2, 0x9a, 0x32, 0xa6, 0x45, 0xe9, 0x27, 0xf5, 0x4b, + 0xea, 0xed, 0x14, 0xc9, 0xdb, 0xbf, 0x82, 0x79, 0xd7, 0x25, 0xf5, 0x49, 0x5c, 0xa9, 0x24, 0xb2, + 0x4d, }; const unsigned char test_ec_curve25519_priv[] = { - 0x70, 0x07, 0x6d, 0x0a, 0x73, 0x18, 0xa5, 0x7d, 0x3c, 0x16, 0xc1, 0x72, - 0x51, 0xb2, 0x66, 0x45, 0xdf, 0x4c, 0x2f, 0x87, 0xeb, 0xc0, 0x99, 0x2a, - 0xb1, 0x77, 0xfb, 0xa5, 0x1d, 0xb9, 0x2c, 0x6a, + 0x70, 0x07, 0x6d, 0x0a, 0x73, 0x18, 0xa5, 0x7d, 0x3c, 0x16, 0xc1, 0x72, 0x51, 0xb2, 0x66, 0x45, + 0xdf, 0x4c, 0x2f, 0x87, 0xeb, 0xc0, 0x99, 0x2a, 0xb1, 0x77, 0xfb, 0xa5, 0x1d, 0xb9, 0x2c, 0x6a, }; const unsigned char test_ec_curve25519_pub[] = { - 0x85, 0x20, 0xf0, 0x09, 0x89, 0x30, 0xa7, 0x54, 0x74, 0x8b, 0x7d, 0xdc, - 0xb4, 0x3e, 0xf7, 0x5a, 0x0d, 0xbf, 0x3a, 0x0d, 0x26, 0x38, 0x1a, 0xf4, - 0xeb, 0xa4, 0xa9, 0x8e, 0xaa, 0x9b, 0x4e, 0x6a, + 0x85, 0x20, 0xf0, 0x09, 0x89, 0x30, 0xa7, 0x54, 0x74, 0x8b, 0x7d, 0xdc, 0xb4, 0x3e, 0xf7, 0x5a, + 0x0d, 0xbf, 0x3a, 0x0d, 0x26, 0x38, 0x1a, 0xf4, 0xeb, 0xa4, 0xa9, 0x8e, 0xaa, 0x9b, 0x4e, 0x6a, }; const unsigned char test_ec_curve448_priv[] = { - 0xe4, 0xe4, 0x9f, 0x52, 0x68, 0x6f, 0x9e, 0xe3, 0xb6, 0x38, 0x52, 0x8f, - 0x72, 0x1f, 0x15, 0x96, 0x19, 0x6f, 0xfd, 0x0a, 0x1c, 0xdd, 0xb6, 0x4c, - 0x3f, 0x21, 0x6f, 0x06, 0x54, 0x18, 0x05, 0xcf, 0xeb, 0x1a, 0x28, 0x6d, - 0xc7, 0x80, 0x18, 0x09, 0x5c, 0xdf, 0xec, 0x05, 0x0e, 0x80, 0x07, 0xb5, + 0xe4, 0xe4, 0x9f, 0x52, 0x68, 0x6f, 0x9e, 0xe3, 0xb6, 0x38, 0x52, 0x8f, 0x72, 0x1f, 0x15, 0x96, + 0x19, 0x6f, 0xfd, 0x0a, 0x1c, 0xdd, 0xb6, 0x4c, 0x3f, 0x21, 0x6f, 0x06, 0x54, 0x18, 0x05, 0xcf, + 0xeb, 0x1a, 0x28, 0x6d, 0xc7, 0x80, 0x18, 0x09, 0x5c, 0xdf, 0xec, 0x05, 0x0e, 0x80, 0x07, 0xb5, 0xf4, 0x90, 0x89, 0x62, 0xba, 0x20, 0xd6, 0xc1, }; const unsigned char test_ec_curve448_pub[] = { - 0xc0, 0xd3, 0xa5, 0xa2, 0xb4, 0x16, 0xa5, 0x73, 0xdc, 0x99, 0x09, 0xf9, - 0x2f, 0x13, 0x4a, 0xc0, 0x13, 0x23, 0xab, 0x8f, 0x8e, 0x36, 0x80, 0x4e, - 0x57, 0x85, 0x88, 0xba, 0x2d, 0x09, 0xfe, 0x7c, 0x3e, 0x73, 0x7f, 0x77, - 0x1c, 0xa1, 0x12, 0x82, 0x5b, 0x54, 0x8a, 0x0f, 0xfd, 0xed, 0x6d, 0x6a, + 0xc0, 0xd3, 0xa5, 0xa2, 0xb4, 0x16, 0xa5, 0x73, 0xdc, 0x99, 0x09, 0xf9, 0x2f, 0x13, 0x4a, 0xc0, + 0x13, 0x23, 0xab, 0x8f, 0x8e, 0x36, 0x80, 0x4e, 0x57, 0x85, 0x88, 0xba, 0x2d, 0x09, 0xfe, 0x7c, + 0x3e, 0x73, 0x7f, 0x77, 0x1c, 0xa1, 0x12, 0x82, 0x5b, 0x54, 0x8a, 0x0f, 0xfd, 0xed, 0x6d, 0x6a, 0x2f, 0xd0, 0x9a, 0x3e, 0x77, 0xde, 0xc3, 0x0e, }; From 59c614be3933b3e240092d162f734ebb4bbd468d Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Mon, 15 Apr 2024 18:44:39 +0200 Subject: [PATCH 105/429] generate_test_keys: generate also RSA public key arrays This is to manage RSA and EC keys in the same way in order to prepare for the following commits. Signed-off-by: Valerio Setti --- tests/scripts/generate_test_keys.py | 18 +++-- tests/src/test_keys.h | 116 ++++++++++++++++++++++++++-- tests/suites/test_suite_pk.function | 18 +++-- 3 files changed, 134 insertions(+), 18 deletions(-) diff --git a/tests/scripts/generate_test_keys.py b/tests/scripts/generate_test_keys.py index d48b0268f3..a1cb35677c 100755 --- a/tests/scripts/generate_test_keys.py +++ b/tests/scripts/generate_test_keys.py @@ -20,12 +20,18 @@ BYTES_PER_LINE = 16 KEYS = { # RSA keys - 'test_rsa_1024': ['PSA_KEY_TYPE_RSA_KEY_PAIR', 1024], - 'test_rsa_1026': ['PSA_KEY_TYPE_RSA_KEY_PAIR', 1026], - 'test_rsa_1028': ['PSA_KEY_TYPE_RSA_KEY_PAIR', 1028], - 'test_rsa_1030': ['PSA_KEY_TYPE_RSA_KEY_PAIR', 1030], - 'test_rsa_2048': ['PSA_KEY_TYPE_RSA_KEY_PAIR', 2048], - 'test_rsa_4096': ['PSA_KEY_TYPE_RSA_KEY_PAIR', 4096], + 'test_rsa_1024_priv': ['PSA_KEY_TYPE_RSA_KEY_PAIR', 1024], + 'test_rsa_1024_pub': ['PSA_KEY_TYPE_RSA_PUBLIC_KEY', 1024], + 'test_rsa_1026_priv': ['PSA_KEY_TYPE_RSA_KEY_PAIR', 1026], + 'test_rsa_1026_pub': ['PSA_KEY_TYPE_RSA_PUBLIC_KEY', 1026], + 'test_rsa_1028_priv': ['PSA_KEY_TYPE_RSA_KEY_PAIR', 1028], + 'test_rsa_1028_pub': ['PSA_KEY_TYPE_RSA_PUBLIC_KEY', 1028], + 'test_rsa_1030_priv': ['PSA_KEY_TYPE_RSA_KEY_PAIR', 1030], + 'test_rsa_1030_pub': ['PSA_KEY_TYPE_RSA_PUBLIC_KEY', 1030], + 'test_rsa_2048_priv': ['PSA_KEY_TYPE_RSA_KEY_PAIR', 2048], + 'test_rsa_2048_pub': ['PSA_KEY_TYPE_RSA_PUBLIC_KEY', 2048], + 'test_rsa_4096_priv': ['PSA_KEY_TYPE_RSA_KEY_PAIR', 4096], + 'test_rsa_4096_pub': ['PSA_KEY_TYPE_RSA_PUBLIC_KEY', 4096], # EC keys 'test_ec_secp192r1_priv': ['PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1)', 192], 'test_ec_secp192r1_pub': ['PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1)', 192], diff --git a/tests/src/test_keys.h b/tests/src/test_keys.h index 63b5251309..67e6e1e13a 100644 --- a/tests/src/test_keys.h +++ b/tests/src/test_keys.h @@ -3,7 +3,7 @@ * Please do not edit it manually. *********************************************************************************/ -const unsigned char test_rsa_1024[] = { +const unsigned char test_rsa_1024_priv[] = { 0x30, 0x82, 0x02, 0x5e, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x00, 0xaf, 0x05, 0x7d, 0x39, 0x6e, 0xe8, 0x4f, 0xb7, 0x5f, 0xdb, 0xb5, 0xc2, 0xb1, 0x3c, 0x7f, 0xe5, 0xa6, 0x54, 0xaa, 0x8a, 0xa2, 0x47, 0x0b, 0x54, 0x1e, 0xe1, 0xfe, 0xb0, 0xb1, 0x2d, 0x25, 0xc7, 0x97, 0x11, 0x53, 0x12, 0x49, @@ -45,7 +45,19 @@ const unsigned char test_rsa_1024[] = { 0x2b, 0x24, }; -const unsigned char test_rsa_1026[] = { +const unsigned char test_rsa_1024_pub[] = { + 0x30, 0x81, 0x89, 0x02, 0x81, 0x81, 0x00, 0xaf, 0x05, 0x7d, 0x39, 0x6e, 0xe8, 0x4f, 0xb7, 0x5f, + 0xdb, 0xb5, 0xc2, 0xb1, 0x3c, 0x7f, 0xe5, 0xa6, 0x54, 0xaa, 0x8a, 0xa2, 0x47, 0x0b, 0x54, 0x1e, + 0xe1, 0xfe, 0xb0, 0xb1, 0x2d, 0x25, 0xc7, 0x97, 0x11, 0x53, 0x12, 0x49, 0xe1, 0x12, 0x96, 0x28, + 0x04, 0x2d, 0xbb, 0xb6, 0xc1, 0x20, 0xd1, 0x44, 0x35, 0x24, 0xef, 0x4c, 0x0e, 0x6e, 0x1d, 0x89, + 0x56, 0xee, 0xb2, 0x07, 0x7a, 0xf1, 0x23, 0x49, 0xdd, 0xee, 0xe5, 0x44, 0x83, 0xbc, 0x06, 0xc2, + 0xc6, 0x19, 0x48, 0xcd, 0x02, 0xb2, 0x02, 0xe7, 0x96, 0xae, 0xbd, 0x94, 0xd3, 0xa7, 0xcb, 0xf8, + 0x59, 0xc2, 0xc1, 0x81, 0x9c, 0x32, 0x4c, 0xb8, 0x2b, 0x9c, 0xd3, 0x4e, 0xde, 0x26, 0x3a, 0x2a, + 0xbf, 0xfe, 0x47, 0x33, 0xf0, 0x77, 0x86, 0x9e, 0x86, 0x60, 0xf7, 0xd6, 0x83, 0x4d, 0xa5, 0x3d, + 0x69, 0x0e, 0xf7, 0x98, 0x5f, 0x6b, 0xc3, 0x02, 0x03, 0x01, 0x00, 0x01, +}; + +const unsigned char test_rsa_1026_priv[] = { 0x30, 0x82, 0x02, 0x5e, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x02, 0xd0, 0x96, 0x61, 0xfc, 0x74, 0x22, 0x4b, 0xa7, 0xbe, 0x79, 0x07, 0xab, 0xef, 0x4f, 0x5e, 0x8b, 0xcc, 0x26, 0x4a, 0x80, 0x2c, 0x97, 0x8f, 0x7e, 0xaa, 0x58, 0x55, 0xad, 0xa0, 0x54, 0x36, 0xd7, 0x5d, 0xb7, 0x68, 0xd2, 0x0f, @@ -87,7 +99,19 @@ const unsigned char test_rsa_1026[] = { 0x92, 0x16, }; -const unsigned char test_rsa_1028[] = { +const unsigned char test_rsa_1026_pub[] = { + 0x30, 0x81, 0x89, 0x02, 0x81, 0x81, 0x02, 0xd0, 0x96, 0x61, 0xfc, 0x74, 0x22, 0x4b, 0xa7, 0xbe, + 0x79, 0x07, 0xab, 0xef, 0x4f, 0x5e, 0x8b, 0xcc, 0x26, 0x4a, 0x80, 0x2c, 0x97, 0x8f, 0x7e, 0xaa, + 0x58, 0x55, 0xad, 0xa0, 0x54, 0x36, 0xd7, 0x5d, 0xb7, 0x68, 0xd2, 0x0f, 0x68, 0x59, 0x5d, 0xbc, + 0xc3, 0xd7, 0x25, 0xb1, 0x38, 0xe8, 0x0b, 0x24, 0x7e, 0x44, 0xa4, 0x16, 0x3a, 0x05, 0x42, 0xfa, + 0xb6, 0x12, 0xac, 0xbb, 0xde, 0x45, 0xf2, 0xe9, 0x38, 0x94, 0xaa, 0x25, 0x3b, 0xdd, 0xef, 0x6a, + 0x7b, 0xec, 0xdc, 0x9c, 0xc2, 0x9a, 0x99, 0xba, 0xcf, 0x48, 0xdc, 0x6e, 0x38, 0xdb, 0x7a, 0x33, + 0xe9, 0xac, 0x92, 0x4c, 0x52, 0x0f, 0xc6, 0xbe, 0x7d, 0x6e, 0x56, 0x46, 0xc1, 0xd6, 0x7f, 0xb8, + 0xb2, 0xb9, 0x7a, 0xc6, 0x0b, 0xee, 0xcc, 0x3b, 0xb8, 0xe7, 0x5b, 0xed, 0x83, 0x15, 0xaa, 0x3f, + 0xe4, 0x6f, 0x74, 0x8a, 0x66, 0xd6, 0xef, 0x02, 0x03, 0x01, 0x00, 0x01, +}; + +const unsigned char test_rsa_1028_priv[] = { 0x30, 0x82, 0x02, 0x5e, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x0e, 0x62, 0xa7, 0x6f, 0x0e, 0x0b, 0x59, 0x68, 0x3a, 0x7e, 0xbf, 0x7c, 0xbf, 0xd3, 0x7b, 0x1d, 0x17, 0x81, 0xd8, 0xf1, 0xb9, 0x00, 0x60, 0x4b, 0x50, 0x7f, 0x0f, 0x04, 0xc7, 0x2a, 0x3d, 0x34, 0x0d, 0x06, 0x7b, 0xcd, 0x53, 0xbe, @@ -129,7 +153,19 @@ const unsigned char test_rsa_1028[] = { 0x54, 0x8a, }; -const unsigned char test_rsa_1030[] = { +const unsigned char test_rsa_1028_pub[] = { + 0x30, 0x81, 0x89, 0x02, 0x81, 0x81, 0x0e, 0x62, 0xa7, 0x6f, 0x0e, 0x0b, 0x59, 0x68, 0x3a, 0x7e, + 0xbf, 0x7c, 0xbf, 0xd3, 0x7b, 0x1d, 0x17, 0x81, 0xd8, 0xf1, 0xb9, 0x00, 0x60, 0x4b, 0x50, 0x7f, + 0x0f, 0x04, 0xc7, 0x2a, 0x3d, 0x34, 0x0d, 0x06, 0x7b, 0xcd, 0x53, 0xbe, 0xa3, 0xca, 0xff, 0x4e, + 0x4a, 0xe6, 0x94, 0xf0, 0xb6, 0xd8, 0xf5, 0x91, 0xa4, 0x16, 0x7f, 0xbf, 0x7f, 0x37, 0x2a, 0xb5, + 0x7e, 0x83, 0xa6, 0x9a, 0x3f, 0x26, 0xf4, 0x47, 0xbc, 0xf5, 0x82, 0xbc, 0x96, 0x21, 0xa3, 0x0a, + 0x3b, 0x44, 0xd6, 0xb4, 0x3e, 0x98, 0x6d, 0x1a, 0x86, 0x7b, 0x07, 0x48, 0x9e, 0x4f, 0x9b, 0xfc, + 0xad, 0xaa, 0x82, 0xa2, 0x78, 0x2d, 0xc2, 0x72, 0x9a, 0x63, 0x1f, 0xb1, 0xfb, 0x9f, 0xfb, 0x79, + 0x4b, 0x4e, 0x53, 0xc7, 0x62, 0x39, 0xe0, 0x4d, 0x4a, 0x8f, 0x80, 0x35, 0x25, 0x88, 0xdb, 0x29, + 0x46, 0x2d, 0xde, 0x18, 0x23, 0x7c, 0xf5, 0x02, 0x03, 0x01, 0x00, 0x01, +}; + +const unsigned char test_rsa_1030_priv[] = { 0x30, 0x82, 0x02, 0x5f, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x2b, 0x7c, 0xd1, 0x97, 0xf5, 0x79, 0x6d, 0x1f, 0x8e, 0x57, 0x6b, 0x2b, 0x37, 0x72, 0x3f, 0xd9, 0x21, 0x08, 0x14, 0xef, 0x1c, 0x19, 0x95, 0xf9, 0x89, 0x9d, 0x50, 0x05, 0x8f, 0x37, 0x9d, 0x23, 0x9c, 0x66, 0x87, 0x8e, 0x92, 0x2f, @@ -171,7 +207,19 @@ const unsigned char test_rsa_1030[] = { 0x35, 0xa1, 0x7c, }; -const unsigned char test_rsa_2048[] = { +const unsigned char test_rsa_1030_pub[] = { + 0x30, 0x81, 0x89, 0x02, 0x81, 0x81, 0x2b, 0x7c, 0xd1, 0x97, 0xf5, 0x79, 0x6d, 0x1f, 0x8e, 0x57, + 0x6b, 0x2b, 0x37, 0x72, 0x3f, 0xd9, 0x21, 0x08, 0x14, 0xef, 0x1c, 0x19, 0x95, 0xf9, 0x89, 0x9d, + 0x50, 0x05, 0x8f, 0x37, 0x9d, 0x23, 0x9c, 0x66, 0x87, 0x8e, 0x92, 0x2f, 0x34, 0xc6, 0xae, 0x36, + 0x72, 0xc8, 0x59, 0x8f, 0xcd, 0x5d, 0x47, 0xb7, 0x64, 0xd2, 0xec, 0x15, 0x6e, 0x13, 0x4d, 0x03, + 0xcf, 0x6a, 0x94, 0xd3, 0x8d, 0x2e, 0xa8, 0xbc, 0x76, 0xdb, 0xbc, 0x60, 0xc4, 0xb9, 0x74, 0x21, + 0x90, 0x90, 0xea, 0xf2, 0x87, 0x49, 0x7d, 0x7d, 0xcf, 0x7f, 0x11, 0x9c, 0xfa, 0x86, 0x74, 0x96, + 0xf7, 0xe9, 0x1c, 0x12, 0xb5, 0xd5, 0x52, 0xe1, 0xd1, 0x46, 0x1a, 0x80, 0xdb, 0xe9, 0xa5, 0x9d, + 0xb3, 0xb0, 0x16, 0xc6, 0xc0, 0x14, 0x1c, 0x3b, 0x2a, 0x0e, 0x22, 0x60, 0x89, 0xb8, 0x55, 0xcb, + 0x88, 0xef, 0x65, 0x64, 0x08, 0xbd, 0x89, 0x02, 0x03, 0x01, 0x00, 0x01, +}; + +const unsigned char test_rsa_2048_priv[] = { 0x30, 0x82, 0x04, 0xa3, 0x02, 0x01, 0x00, 0x02, 0x82, 0x01, 0x01, 0x00, 0xf7, 0xbb, 0x6b, 0x8e, 0xab, 0x40, 0x49, 0x1c, 0xd6, 0x44, 0x55, 0xec, 0x04, 0xd4, 0xed, 0x8d, 0xb5, 0x05, 0x1a, 0x97, 0x38, 0xfc, 0x7a, 0xf7, 0x3f, 0xf3, 0xb0, 0x97, 0x51, 0x1c, 0xce, 0x40, 0xaa, 0xf7, 0x65, 0x37, @@ -249,7 +297,27 @@ const unsigned char test_rsa_2048[] = { 0x07, 0x9c, 0xaa, 0xda, 0x05, 0x68, 0xb1, }; -const unsigned char test_rsa_4096[] = { +const unsigned char test_rsa_2048_pub[] = { + 0x30, 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00, 0xf7, 0xbb, 0x6b, 0x8e, 0xab, 0x40, 0x49, + 0x1c, 0xd6, 0x44, 0x55, 0xec, 0x04, 0xd4, 0xed, 0x8d, 0xb5, 0x05, 0x1a, 0x97, 0x38, 0xfc, 0x7a, + 0xf7, 0x3f, 0xf3, 0xb0, 0x97, 0x51, 0x1c, 0xce, 0x40, 0xaa, 0xf7, 0x65, 0x37, 0xb1, 0x35, 0x35, + 0x04, 0x42, 0x79, 0x86, 0xb7, 0xb2, 0xb5, 0x3a, 0x96, 0x4a, 0x69, 0x37, 0xb5, 0x58, 0xec, 0x0d, + 0x1d, 0xea, 0x27, 0x4a, 0xf2, 0xb8, 0xff, 0xf2, 0xf0, 0x94, 0xc2, 0x43, 0xfa, 0x57, 0x72, 0x66, + 0xa7, 0x9d, 0xb0, 0xc2, 0x6f, 0xfe, 0x30, 0x41, 0x6d, 0x23, 0xef, 0x05, 0xdd, 0x5f, 0xec, 0xab, + 0x41, 0x3e, 0xbb, 0xb4, 0xf8, 0x52, 0x6a, 0xe7, 0x20, 0xa9, 0x45, 0x84, 0x22, 0x6b, 0x37, 0xd9, + 0x2e, 0xf4, 0x63, 0xfc, 0x73, 0x6c, 0xb3, 0x8e, 0x53, 0x0e, 0x74, 0x88, 0xd9, 0x16, 0x2f, 0x57, + 0x26, 0x80, 0x7b, 0xc5, 0x43, 0x13, 0x8a, 0x2d, 0x25, 0x8a, 0xdb, 0x4d, 0x68, 0x02, 0x21, 0xc2, + 0x53, 0x23, 0x81, 0xcc, 0xfa, 0x81, 0xbc, 0x89, 0xbc, 0x3d, 0x7b, 0x84, 0x03, 0x9c, 0x2d, 0xf4, + 0x1c, 0xe3, 0xec, 0x8d, 0xb9, 0x1c, 0x23, 0x80, 0xe7, 0x81, 0xba, 0x3a, 0xa9, 0xe2, 0x3b, 0x74, + 0xed, 0x99, 0x73, 0xd4, 0x90, 0x8e, 0xfc, 0xa4, 0x7a, 0xa8, 0xd9, 0xb7, 0xb0, 0xa4, 0x42, 0x32, + 0x97, 0xa4, 0x04, 0x42, 0x7c, 0x3f, 0x3c, 0xd6, 0xe0, 0x78, 0x2e, 0x45, 0x53, 0x88, 0x0f, 0x06, + 0xba, 0x39, 0xa6, 0x4f, 0x4a, 0x7b, 0x0e, 0xef, 0x92, 0x1a, 0x60, 0x50, 0xa2, 0x07, 0xce, 0xfa, + 0xdc, 0xf0, 0x73, 0x94, 0xa3, 0xe1, 0x8e, 0xa9, 0x15, 0xdc, 0x84, 0x97, 0xe7, 0xae, 0x61, 0xfc, + 0x31, 0x62, 0xf6, 0x2f, 0x50, 0x65, 0xa6, 0x92, 0xaf, 0x07, 0x72, 0x66, 0xf7, 0x36, 0x0c, 0x20, + 0x76, 0xce, 0xbe, 0xaf, 0x14, 0xcb, 0x22, 0xc1, 0xed, 0x02, 0x03, 0x01, 0x00, 0x01, +}; + +const unsigned char test_rsa_4096_priv[] = { 0x30, 0x82, 0x09, 0x29, 0x02, 0x01, 0x00, 0x02, 0x82, 0x02, 0x01, 0x00, 0xcc, 0x87, 0x25, 0xf6, 0xb3, 0x8d, 0x5d, 0x01, 0xae, 0xeb, 0x07, 0xd3, 0x6e, 0x03, 0xde, 0x4d, 0x31, 0xa0, 0x26, 0x1c, 0xe7, 0x4f, 0xe1, 0x1a, 0x89, 0x5e, 0xcf, 0xd1, 0x3d, 0x16, 0x8a, 0xee, 0x93, 0x2a, 0xf1, 0x35, @@ -399,6 +467,42 @@ const unsigned char test_rsa_4096[] = { 0x41, 0x6a, 0x42, 0x2e, 0x56, 0x09, 0x86, 0xf2, 0x2f, 0x39, 0x45, 0x6e, 0x7f, }; +const unsigned char test_rsa_4096_pub[] = { + 0x30, 0x82, 0x02, 0x0a, 0x02, 0x82, 0x02, 0x01, 0x00, 0xcc, 0x87, 0x25, 0xf6, 0xb3, 0x8d, 0x5d, + 0x01, 0xae, 0xeb, 0x07, 0xd3, 0x6e, 0x03, 0xde, 0x4d, 0x31, 0xa0, 0x26, 0x1c, 0xe7, 0x4f, 0xe1, + 0x1a, 0x89, 0x5e, 0xcf, 0xd1, 0x3d, 0x16, 0x8a, 0xee, 0x93, 0x2a, 0xf1, 0x35, 0xff, 0xbb, 0x84, + 0x98, 0x77, 0x27, 0x38, 0x97, 0x08, 0x1f, 0x3f, 0x75, 0x93, 0xc1, 0x4a, 0xe8, 0x2b, 0xc2, 0x66, + 0xc1, 0x05, 0x44, 0xf7, 0x26, 0xae, 0x1c, 0xcf, 0x13, 0x3d, 0x8a, 0x40, 0x18, 0xd3, 0x80, 0xdf, + 0xa2, 0x52, 0x51, 0xc0, 0x11, 0x10, 0x7b, 0x75, 0x13, 0xa9, 0x43, 0x34, 0x6a, 0xa0, 0xe0, 0xde, + 0xc1, 0x1d, 0x8d, 0x7f, 0xa2, 0x56, 0x44, 0x65, 0x3c, 0x11, 0x8d, 0xaa, 0xbc, 0xe6, 0xd4, 0x1f, + 0x06, 0x6f, 0x66, 0x21, 0x76, 0x88, 0x01, 0x47, 0x80, 0x55, 0x78, 0x0e, 0x91, 0xb6, 0x8e, 0xa3, + 0xc9, 0x58, 0x56, 0xd1, 0x72, 0xa8, 0x90, 0x32, 0xb3, 0x9c, 0x82, 0x4e, 0x8b, 0x7d, 0xc1, 0xa3, + 0xf8, 0xae, 0xe4, 0xf6, 0xb3, 0x68, 0xba, 0xa3, 0xcd, 0x68, 0xf5, 0x0d, 0x52, 0x68, 0x01, 0x17, + 0xe9, 0xb9, 0x13, 0xd7, 0xf8, 0xc8, 0x52, 0xa0, 0xd1, 0x00, 0x8e, 0x8b, 0x87, 0xa5, 0xc9, 0x7e, + 0x37, 0xaf, 0xc1, 0x1a, 0x08, 0x05, 0x50, 0x55, 0x7b, 0x8b, 0x4d, 0xcb, 0xd8, 0xe1, 0x92, 0xed, + 0x33, 0x66, 0xd8, 0x3a, 0x09, 0xd2, 0x7c, 0x77, 0xe1, 0x50, 0xf6, 0x68, 0x55, 0xb5, 0xdc, 0xfd, + 0xb2, 0xdf, 0x15, 0x1b, 0xd7, 0xf4, 0x44, 0x25, 0x0e, 0xaf, 0x6f, 0xe3, 0xf2, 0x36, 0x82, 0x6c, + 0x81, 0xfa, 0x84, 0x81, 0x01, 0xbf, 0xaa, 0xd5, 0x35, 0xff, 0xb5, 0x22, 0xd6, 0xff, 0x97, 0xc9, + 0xdd, 0x1e, 0x43, 0xb8, 0x2c, 0xce, 0x29, 0x21, 0xd1, 0x53, 0xc1, 0x54, 0x50, 0xc4, 0x72, 0x4f, + 0xfd, 0x3e, 0xfd, 0xca, 0x57, 0x8e, 0x01, 0x36, 0x50, 0xa0, 0x3a, 0x5c, 0xf5, 0x01, 0xfc, 0x58, + 0x60, 0x0f, 0xb5, 0xc8, 0x60, 0xc0, 0xef, 0x0c, 0xfe, 0x0a, 0xc0, 0x71, 0x2d, 0x44, 0x13, 0x13, + 0xdc, 0xa4, 0x1a, 0x4d, 0x7d, 0x41, 0x1e, 0x6c, 0x83, 0xb2, 0x15, 0x17, 0x49, 0xd2, 0x8b, 0xe4, + 0x69, 0x2f, 0x62, 0x37, 0x3d, 0xb0, 0x7e, 0x4a, 0x79, 0x05, 0x1c, 0x56, 0x82, 0xec, 0x20, 0xd4, + 0x91, 0xc4, 0xcf, 0xc7, 0xbc, 0x14, 0x0f, 0x35, 0xfa, 0x15, 0xe5, 0xa1, 0xfa, 0x75, 0x6d, 0x65, + 0xb8, 0xef, 0x93, 0xad, 0xdf, 0x4c, 0x47, 0xc4, 0xa3, 0x5b, 0x18, 0x4f, 0x22, 0xa1, 0xef, 0x08, + 0x99, 0x48, 0xf9, 0x46, 0xf6, 0xfa, 0xeb, 0x64, 0x70, 0xf2, 0x67, 0x46, 0xe6, 0x58, 0xcf, 0x9b, + 0x41, 0x77, 0x41, 0x78, 0x42, 0xe6, 0xd3, 0x73, 0x55, 0x80, 0x89, 0xaf, 0xf7, 0x21, 0xb9, 0x30, + 0xe9, 0xec, 0x61, 0xb4, 0xf6, 0xa0, 0x2c, 0x05, 0x2c, 0x69, 0x24, 0xd3, 0x9a, 0x5b, 0xbb, 0x15, + 0xed, 0x11, 0x06, 0xc4, 0x01, 0x0f, 0x4d, 0xd6, 0x9c, 0x79, 0xd0, 0x42, 0xc8, 0xb3, 0x16, 0x61, + 0xb1, 0xee, 0x48, 0x6b, 0xc6, 0x9d, 0xb5, 0xf2, 0xf0, 0x7a, 0x50, 0xd8, 0x5b, 0x20, 0x69, 0x9d, + 0x60, 0x13, 0x15, 0x62, 0x5b, 0xb8, 0x69, 0x62, 0x9c, 0x7f, 0x4c, 0x5d, 0x48, 0xb2, 0x11, 0xd0, + 0x97, 0xf4, 0x38, 0xac, 0xec, 0x95, 0x97, 0x3a, 0x38, 0xd4, 0x21, 0x09, 0x0a, 0xf0, 0xf1, 0x34, + 0x84, 0xe4, 0xe9, 0x4b, 0x8c, 0xb5, 0xef, 0xc1, 0x85, 0x07, 0xf4, 0xb9, 0x31, 0xdf, 0x39, 0x98, + 0x7f, 0xfb, 0x28, 0x30, 0x29, 0x3e, 0x4d, 0xa3, 0x81, 0xaa, 0xf7, 0x0b, 0x32, 0x92, 0x95, 0x2e, + 0xf9, 0x34, 0xe2, 0xb4, 0x0f, 0xde, 0xbb, 0xa3, 0xd9, 0x70, 0x1b, 0x76, 0xe1, 0xbe, 0x54, 0x82, + 0x74, 0xb2, 0x60, 0x2d, 0x88, 0x85, 0x37, 0x48, 0x2d, 0x02, 0x03, 0x01, 0x00, 0x01, +}; + const unsigned char test_ec_secp192r1_priv[] = { 0xd8, 0x3b, 0x57, 0xa5, 0x9c, 0x51, 0x35, 0x8d, 0x9c, 0x8b, 0xbb, 0x89, 0x8a, 0xff, 0x50, 0x7f, 0x44, 0xdd, 0x14, 0xcf, 0x16, 0x91, 0x71, 0x90, diff --git a/tests/suites/test_suite_pk.function b/tests/suites/test_suite_pk.function index b67bbb8252..c57c442d8d 100644 --- a/tests/suites/test_suite_pk.function +++ b/tests/suites/test_suite_pk.function @@ -194,12 +194,18 @@ struct key_lut_element { }; struct key_lut_element keys_lut[] = { - { 1024, test_rsa_1024, sizeof(test_rsa_1024), NULL, 0 }, - { 1026, test_rsa_1026, sizeof(test_rsa_1026), NULL, 0 }, - { 1028, test_rsa_1028, sizeof(test_rsa_1028), NULL, 0 }, - { 1030, test_rsa_1030, sizeof(test_rsa_1030), NULL, 0 }, - { 2048, test_rsa_2048, sizeof(test_rsa_2048), NULL, 0 }, - { 4096, test_rsa_4096, sizeof(test_rsa_4096), NULL, 0 }, + { 1024, test_rsa_1024_priv, sizeof(test_rsa_1024_priv), + test_rsa_1024_pub, sizeof(test_rsa_1024_pub) }, + { 1026, test_rsa_1026_priv, sizeof(test_rsa_1026_priv), + test_rsa_1026_pub, sizeof(test_rsa_1026_pub) }, + { 1028, test_rsa_1028_priv, sizeof(test_rsa_1028_priv), + test_rsa_1028_pub, sizeof(test_rsa_1028_pub) }, + { 1030, test_rsa_1030_priv, sizeof(test_rsa_1030_priv), + test_rsa_1030_pub, sizeof(test_rsa_1030_pub) }, + { 2048, test_rsa_2048_priv, sizeof(test_rsa_2048_priv), + test_rsa_2048_pub, sizeof(test_rsa_2048_pub) }, + { 4096, test_rsa_4096_priv, sizeof(test_rsa_4096_priv), + test_rsa_4096_pub, sizeof(test_rsa_4096_pub) }, { MBEDTLS_ECP_DP_SECP192R1, test_ec_secp192r1_priv, sizeof(test_ec_secp192r1_priv), test_ec_secp192r1_pub, sizeof(test_ec_secp192r1_pub) }, { MBEDTLS_ECP_DP_SECP224R1, test_ec_secp224r1_priv, sizeof(test_ec_secp224r1_priv), From 7031a4ebd854a2ec7362b141e1fd7b2702faf885 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Tue, 16 Apr 2024 10:31:15 +0200 Subject: [PATCH 106/429] generate_test_keys: generate arrays for all keys in asymmetric_key_data.py Only unused (from test_suite_pk point of view) EC curves are skipped. Signed-off-by: Valerio Setti --- tests/scripts/generate_test_keys.py | 106 ++--- tests/src/test_keys.h | 609 +++++++++++++++++----------- tests/suites/test_suite_pk.function | 4 +- 3 files changed, 432 insertions(+), 287 deletions(-) diff --git a/tests/scripts/generate_test_keys.py b/tests/scripts/generate_test_keys.py index a1cb35677c..75e85cefcc 100755 --- a/tests/scripts/generate_test_keys.py +++ b/tests/scripts/generate_test_keys.py @@ -9,6 +9,7 @@ generating the required key at run time. This helps speeding up testing.""" import os import sys from typing import Iterator +import re # pylint: disable=wrong-import-position SCRIPT_DIR = os.path.dirname(os.path.abspath(__file__)) + "/" sys.path.append(SCRIPT_DIR + "../../scripts/") @@ -18,47 +19,6 @@ import scripts_path # pylint: disable=unused-import OUTPUT_HEADER_FILE = SCRIPT_DIR + "../src/test_keys.h" BYTES_PER_LINE = 16 -KEYS = { - # RSA keys - 'test_rsa_1024_priv': ['PSA_KEY_TYPE_RSA_KEY_PAIR', 1024], - 'test_rsa_1024_pub': ['PSA_KEY_TYPE_RSA_PUBLIC_KEY', 1024], - 'test_rsa_1026_priv': ['PSA_KEY_TYPE_RSA_KEY_PAIR', 1026], - 'test_rsa_1026_pub': ['PSA_KEY_TYPE_RSA_PUBLIC_KEY', 1026], - 'test_rsa_1028_priv': ['PSA_KEY_TYPE_RSA_KEY_PAIR', 1028], - 'test_rsa_1028_pub': ['PSA_KEY_TYPE_RSA_PUBLIC_KEY', 1028], - 'test_rsa_1030_priv': ['PSA_KEY_TYPE_RSA_KEY_PAIR', 1030], - 'test_rsa_1030_pub': ['PSA_KEY_TYPE_RSA_PUBLIC_KEY', 1030], - 'test_rsa_2048_priv': ['PSA_KEY_TYPE_RSA_KEY_PAIR', 2048], - 'test_rsa_2048_pub': ['PSA_KEY_TYPE_RSA_PUBLIC_KEY', 2048], - 'test_rsa_4096_priv': ['PSA_KEY_TYPE_RSA_KEY_PAIR', 4096], - 'test_rsa_4096_pub': ['PSA_KEY_TYPE_RSA_PUBLIC_KEY', 4096], - # EC keys - 'test_ec_secp192r1_priv': ['PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1)', 192], - 'test_ec_secp192r1_pub': ['PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1)', 192], - 'test_ec_secp224r1_priv': ['PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1)', 224], - 'test_ec_secp224r1_pub': ['PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1)', 224], - 'test_ec_secp256r1_priv': ['PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1)', 256], - 'test_ec_secp256r1_pub': ['PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1)', 256], - 'test_ec_secp384r1_priv': ['PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1)', 384], - 'test_ec_secp384r1_pub': ['PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1)', 384], - 'test_ec_secp521r1_priv': ['PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1)', 521], - 'test_ec_secp521r1_pub': ['PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1)', 521], - 'test_ec_bp256r1_priv': ['PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_BRAINPOOL_P_R1)', 256], - 'test_ec_bp256r1_pub': ['PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_BRAINPOOL_P_R1)', 256], - 'test_ec_bp384r1_priv': ['PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_BRAINPOOL_P_R1)', 384], - 'test_ec_bp384r1_pub': ['PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_BRAINPOOL_P_R1)', 384], - 'test_ec_bp512r1_priv': ['PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_BRAINPOOL_P_R1)', 512], - 'test_ec_bp512r1_pub': ['PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_BRAINPOOL_P_R1)', 512], - 'test_ec_secp192k1_priv': ['PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_K1)', 192], - 'test_ec_secp192k1_pub': ['PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_K1)', 192], - 'test_ec_secp256k1_priv': ['PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_K1)', 256], - 'test_ec_secp256k1_pub': ['PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_K1)', 256], - 'test_ec_curve25519_priv': ['PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_MONTGOMERY)', 255], - 'test_ec_curve25519_pub': ['PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_MONTGOMERY)', 255], - 'test_ec_curve448_priv': ['PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_MONTGOMERY)', 448], - 'test_ec_curve448_pub': ['PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_MONTGOMERY)', 448], -} - def c_byte_array_literal_content(array_name: str, key_data: bytes) -> Iterator[str]: yield 'const unsigned char ' yield array_name @@ -69,9 +29,37 @@ def c_byte_array_literal_content(array_name: str, key_data: bytes) -> Iterator[s yield ' {:#04x},'.format(b) yield '\n};' -def convert_der_to_c(array_name: str, key_data: bytearray) -> str: +def convert_der_to_c(array_name: str, key_data: bytes) -> str: return ''.join(c_byte_array_literal_content(array_name, key_data)) +EC_NAME_CONVERSION = { + 'PSA_ECC_FAMILY_SECP_K1': ['secp', 'k1'], + 'PSA_ECC_FAMILY_SECP_R1': ['secp', 'r1'], + 'PSA_ECC_FAMILY_BRAINPOOL_P_R1': ['bp', 'r1'], + 'PSA_ECC_FAMILY_MONTGOMERY': ['curve', ''], +} + +def get_key_type(key: str) -> str: + if re.match('PSA_KEY_TYPE_RSA_.*', key): + return "rsa" + elif re.match('PSA_KEY_TYPE_ECC_.*', key): + return "ec" + else: + print("Unhandled key type {}".format(key)) + return "unknown" + +def get_ec_key_family(key: str) -> str: + match = re.search(r'.*\((.*)\)', key) + if match is None: + raise Exception("Unable to get EC family from {}".format(key)) + return match.group(1) + +def get_key_role(key_type: str) -> str: + if re.match('PSA_KEY_TYPE_.*_KEY_PAIR', key_type): + return "priv" + else: + return "pub" + def main() -> None: # Remove output file if already existing. if os.path.exists(OUTPUT_HEADER_FILE): @@ -85,13 +73,33 @@ def main() -> None: " *********************************************************************************/\n" ) - for key in KEYS: - key_type = KEYS[key][0] - key_bitsize = KEYS[key][1] - c_array = convert_der_to_c(key, ASYMMETRIC_KEY_DATA[key_type][key_bitsize]) - output_file.write("\n") - output_file.write(c_array) - output_file.write("\n") + for key in ASYMMETRIC_KEY_DATA: + key_type = get_key_type(key) + # Ignore keys which are not EC or RSA + if key_type == "unknown": + continue + # Ignore undesired EC keys + if key_type == "ec": + ec_family = get_ec_key_family(key) + if not ec_family in EC_NAME_CONVERSION: + continue + role = get_key_role(key) + + for bits in ASYMMETRIC_KEY_DATA[key]: + # Create output array name + if key_type == "rsa": + array_name = "_".join(["test", key_type, str(bits), role]) + else: + prefix = EC_NAME_CONVERSION[ec_family][0] + suffix = EC_NAME_CONVERSION[ec_family][1] + curve = "".join([prefix, str(bits), suffix]) + array_name = "_".join(["test", key_type, curve, role]) + # Convert bytearray to C array + c_array = convert_der_to_c(array_name, ASYMMETRIC_KEY_DATA[key][bits]) + # Write the C array to the output file + output_file.write("\n") + output_file.write(c_array) + output_file.write("\n") if __name__ == '__main__': main() diff --git a/tests/src/test_keys.h b/tests/src/test_keys.h index 67e6e1e13a..ca3416be90 100644 --- a/tests/src/test_keys.h +++ b/tests/src/test_keys.h @@ -3,6 +3,238 @@ * Please do not edit it manually. *********************************************************************************/ +const unsigned char test_ec_secp192k1_priv[] = { + 0x29, 0x7a, 0xc1, 0x72, 0x2c, 0xca, 0xc7, 0x58, 0x9e, 0xcb, 0x24, 0x0d, 0xc7, 0x19, 0x84, 0x25, + 0x38, 0xca, 0x97, 0x4b, 0xeb, 0x79, 0xf2, 0x28, +}; + +const unsigned char test_ec_secp225k1_priv[] = { + 0x00, 0x24, 0x12, 0x2b, 0xf0, 0x20, 0xfa, 0x11, 0x3f, 0x6c, 0x0a, 0xc9, 0x78, 0xdf, 0xbd, 0x41, + 0xf7, 0x49, 0x25, 0x7a, 0x94, 0x68, 0xfe, 0xbd, 0xbe, 0x0d, 0xc9, 0xf7, 0xe8, +}; + +const unsigned char test_ec_secp256k1_priv[] = { + 0x7f, 0xa0, 0x6f, 0xa0, 0x2d, 0x0e, 0x91, 0x1b, 0x9a, 0x47, 0xfd, 0xc1, 0x7d, 0x2d, 0x96, 0x2c, + 0xa0, 0x1e, 0x2f, 0x31, 0xd6, 0x0c, 0x62, 0x12, 0xd0, 0xed, 0x7e, 0x3b, 0xba, 0x23, 0xa7, 0xb9, +}; + +const unsigned char test_ec_secp192k1_pub[] = { + 0x04, 0x26, 0xb7, 0xbb, 0x38, 0xda, 0x64, 0x9a, 0xc2, 0x13, 0x8f, 0xc0, 0x50, 0xc6, 0x54, 0x8b, + 0x32, 0x55, 0x3d, 0xab, 0x68, 0xaf, 0xeb, 0xc3, 0x61, 0x05, 0xd3, 0x25, 0xb7, 0x55, 0x38, 0xc1, + 0x23, 0x23, 0xcb, 0x07, 0x64, 0x78, 0x9e, 0xcb, 0x99, 0x26, 0x71, 0xbe, 0xb2, 0xb6, 0xbe, 0xf2, + 0xf5, +}; + +const unsigned char test_ec_secp225k1_pub[] = { + 0x04, 0x2c, 0xc7, 0x33, 0x5f, 0x4b, 0x76, 0x04, 0x2b, 0xed, 0x44, 0xef, 0x45, 0x95, 0x9a, 0x62, + 0xaa, 0x21, 0x5f, 0x7a, 0x5f, 0xf0, 0xc8, 0x11, 0x1b, 0x8c, 0x44, 0xed, 0x65, 0x4e, 0xe7, 0x1c, + 0x19, 0x18, 0x32, 0x6a, 0xd4, 0x85, 0xb2, 0xd5, 0x99, 0xfe, 0x2a, 0x6e, 0xab, 0x09, 0x6e, 0xe2, + 0x6d, 0x97, 0x73, 0x34, 0xd2, 0xba, 0xc6, 0xd6, 0x1d, +}; + +const unsigned char test_ec_secp256k1_pub[] = { + 0x04, 0x5c, 0x39, 0x15, 0x45, 0x79, 0xef, 0xd6, 0x67, 0xad, 0xc7, 0x3a, 0x81, 0x01, 0x5a, 0x79, + 0x7d, 0x2c, 0x86, 0x82, 0xcd, 0xfb, 0xd3, 0xc3, 0x55, 0x3c, 0x4a, 0x18, 0x5d, 0x48, 0x1c, 0xdc, + 0x50, 0xe4, 0x2a, 0x0e, 0x1c, 0xbc, 0x3c, 0xa2, 0x9a, 0x32, 0xa6, 0x45, 0xe9, 0x27, 0xf5, 0x4b, + 0xea, 0xed, 0x14, 0xc9, 0xdb, 0xbf, 0x82, 0x79, 0xd7, 0x25, 0xf5, 0x49, 0x5c, 0xa9, 0x24, 0xb2, + 0x4d, +}; + +const unsigned char test_ec_secp192r1_priv[] = { + 0xd8, 0x3b, 0x57, 0xa5, 0x9c, 0x51, 0x35, 0x8d, 0x9c, 0x8b, 0xbb, 0x89, 0x8a, 0xff, 0x50, 0x7f, + 0x44, 0xdd, 0x14, 0xcf, 0x16, 0x91, 0x71, 0x90, +}; + +const unsigned char test_ec_secp224r1_priv[] = { + 0x87, 0x2f, 0x20, 0x3b, 0x3a, 0xd3, 0x5b, 0x7f, 0x2e, 0xcc, 0x80, 0x3c, 0x3a, 0x0e, 0x1e, 0x0b, + 0x1e, 0xd6, 0x1c, 0xc1, 0xaf, 0xe7, 0x1b, 0x18, 0x9c, 0xd4, 0xc9, 0x95, +}; + +const unsigned char test_ec_secp256r1_priv[] = { + 0x49, 0xc9, 0xa8, 0xc1, 0x8c, 0x4b, 0x88, 0x56, 0x38, 0xc4, 0x31, 0xcf, 0x1d, 0xf1, 0xc9, 0x94, + 0x13, 0x16, 0x09, 0xb5, 0x80, 0xd4, 0xfd, 0x43, 0xa0, 0xca, 0xb1, 0x7d, 0xb2, 0xf1, 0x3e, 0xee, +}; + +const unsigned char test_ec_secp384r1_priv[] = { + 0x3f, 0x5d, 0x8d, 0x9b, 0xe2, 0x80, 0xb5, 0x69, 0x6c, 0xc5, 0xcc, 0x9f, 0x94, 0xcf, 0x8a, 0xf7, + 0xe6, 0xb6, 0x1d, 0xd6, 0x59, 0x2b, 0x2a, 0xb2, 0xb3, 0xa4, 0xc6, 0x07, 0x45, 0x04, 0x17, 0xec, + 0x32, 0x7d, 0xcd, 0xca, 0xed, 0x7c, 0x10, 0x05, 0x3d, 0x71, 0x9a, 0x05, 0x74, 0xf0, 0xa7, 0x6a, +}; + +const unsigned char test_ec_secp521r1_priv[] = { + 0x01, 0xb1, 0xb6, 0xad, 0x07, 0xbb, 0x79, 0xe7, 0x32, 0x0d, 0xa5, 0x98, 0x60, 0xea, 0x28, 0xe0, + 0x55, 0x28, 0x4f, 0x60, 0x58, 0xf2, 0x79, 0xde, 0x66, 0x6e, 0x06, 0xd4, 0x35, 0xd2, 0xaf, 0x7b, + 0xda, 0x28, 0xd9, 0x9f, 0xa4, 0x7b, 0x7d, 0xd0, 0x96, 0x3e, 0x16, 0xb0, 0x07, 0x30, 0x78, 0xee, + 0x8b, 0x8a, 0x38, 0xd9, 0x66, 0xa5, 0x82, 0xf4, 0x6d, 0x19, 0xff, 0x95, 0xdf, 0x3a, 0xd9, 0x68, + 0x5a, 0xae, +}; + +const unsigned char test_ec_secp192r1_pub[] = { + 0x04, 0xe3, 0x5f, 0xcb, 0xee, 0x11, 0xce, 0xc3, 0x15, 0x4f, 0x80, 0xa1, 0xa6, 0x1d, 0xf7, 0xd7, + 0x61, 0x2d, 0xe4, 0xf2, 0xfd, 0x70, 0xc5, 0x60, 0x8d, 0x0e, 0xe3, 0xa4, 0xa1, 0xa5, 0x71, 0x94, + 0x71, 0xad, 0xb3, 0x39, 0x66, 0xdd, 0x9b, 0x03, 0x5f, 0xdb, 0x77, 0x4f, 0xee, 0xba, 0x94, 0xb0, + 0x4c, +}; + +const unsigned char test_ec_secp224r1_pub[] = { + 0x04, 0x6f, 0x00, 0xea, 0xda, 0xa9, 0x49, 0xfe, 0xe3, 0xe9, 0xe1, 0xc7, 0xfa, 0x12, 0x47, 0xee, + 0xce, 0xc8, 0x6a, 0x0d, 0xce, 0x46, 0x41, 0x8b, 0x9b, 0xd3, 0x11, 0x7b, 0x98, 0x1d, 0x4b, 0xd0, + 0xae, 0x7a, 0x99, 0x0d, 0xe9, 0x12, 0xf9, 0xd0, 0x60, 0xd6, 0xcb, 0x53, 0x1a, 0x42, 0xd2, 0x2e, + 0x39, 0x4a, 0xc2, 0x9e, 0x81, 0x80, 0x4b, 0xf1, 0x60, +}; + +const unsigned char test_ec_secp256r1_pub[] = { + 0x04, 0x77, 0x72, 0x65, 0x6f, 0x81, 0x4b, 0x39, 0x92, 0x79, 0xd5, 0xe1, 0xf1, 0x78, 0x1f, 0xac, + 0x6f, 0x09, 0x9a, 0x3c, 0x5c, 0xa1, 0xb0, 0xe3, 0x53, 0x51, 0x83, 0x4b, 0x08, 0xb6, 0x5e, 0x0b, + 0x57, 0x25, 0x90, 0xcd, 0xaf, 0x8f, 0x76, 0x93, 0x61, 0xbc, 0xf3, 0x4a, 0xcf, 0xc1, 0x1e, 0x5e, + 0x07, 0x4e, 0x84, 0x26, 0xbd, 0xde, 0x04, 0xbe, 0x6e, 0x65, 0x39, 0x45, 0x44, 0x96, 0x17, 0xde, + 0x45, +}; + +const unsigned char test_ec_secp384r1_pub[] = { + 0x04, 0xd9, 0xc6, 0x62, 0xb5, 0x0b, 0xa2, 0x9c, 0xa4, 0x79, 0x90, 0x45, 0x0e, 0x04, 0x3a, 0xea, + 0xf4, 0xf0, 0xc6, 0x9b, 0x15, 0x67, 0x6d, 0x11, 0x2f, 0x62, 0x2a, 0x71, 0xc9, 0x30, 0x59, 0xaf, + 0x99, 0x96, 0x91, 0xc5, 0x68, 0x0d, 0x2b, 0x44, 0xd1, 0x11, 0x57, 0x9d, 0xb1, 0x2f, 0x4a, 0x41, + 0x3a, 0x2e, 0xd5, 0xc4, 0x5f, 0xcf, 0xb6, 0x7b, 0x5b, 0x63, 0xe0, 0x0b, 0x91, 0xeb, 0xe5, 0x9d, + 0x09, 0xa6, 0xb1, 0xac, 0x2c, 0x0c, 0x42, 0x82, 0xaa, 0x12, 0x31, 0x7e, 0xd5, 0x91, 0x4f, 0x99, + 0x9b, 0xc4, 0x88, 0xbb, 0x13, 0x2e, 0x83, 0x42, 0xcc, 0x36, 0xf2, 0xca, 0x5e, 0x33, 0x79, 0xc7, + 0x47, +}; + +const unsigned char test_ec_secp521r1_pub[] = { + 0x04, 0x00, 0x1d, 0xe1, 0x42, 0xd5, 0x4f, 0x69, 0xeb, 0x03, 0x8e, 0xe4, 0xb7, 0xaf, 0x9d, 0x3c, + 0xa0, 0x77, 0x36, 0xfd, 0x9c, 0xf7, 0x19, 0xeb, 0x35, 0x4d, 0x69, 0x87, 0x9e, 0xe7, 0xf3, 0xc1, + 0x36, 0xfb, 0x0f, 0xbf, 0x9f, 0x08, 0xf8, 0x6b, 0xe5, 0xfa, 0x12, 0x8e, 0xc1, 0xa0, 0x51, 0xd3, + 0xe6, 0xc6, 0x43, 0xe8, 0x5a, 0xda, 0x8f, 0xfa, 0xcf, 0x36, 0x63, 0xc2, 0x60, 0xbd, 0x2c, 0x84, + 0x4b, 0x6f, 0x56, 0x00, 0xce, 0xe8, 0xe4, 0x8a, 0x9e, 0x65, 0xd0, 0x9c, 0xad, 0xd8, 0x9f, 0x23, + 0x5d, 0xee, 0x05, 0xf3, 0xb8, 0xa6, 0x46, 0xbe, 0x71, 0x5f, 0x1f, 0x67, 0xd5, 0xb4, 0x34, 0xe0, + 0xff, 0x23, 0xa1, 0xfc, 0x07, 0xef, 0x77, 0x40, 0x19, 0x3e, 0x40, 0xee, 0xff, 0x6f, 0x3b, 0xcd, + 0xfd, 0x76, 0x5a, 0xa9, 0x15, 0x50, 0x33, 0x52, 0x4f, 0xe4, 0xf2, 0x05, 0xf5, 0x44, 0x4e, 0x29, + 0x2c, 0x4c, 0x2f, 0x6a, 0xc1, +}; + +const unsigned char test_ec_bp160r1_priv[] = { + 0x69, 0x50, 0x2c, 0x4f, 0xda, 0xf4, 0x8d, 0x4f, 0xa6, 0x17, 0xbd, 0xd2, 0x44, 0x98, 0xb0, 0x40, + 0x6d, 0x0e, 0xea, 0xac, +}; + +const unsigned char test_ec_bp192r1_priv[] = { + 0x16, 0x88, 0xa2, 0xc5, 0xfb, 0xf4, 0xa3, 0xc8, 0x51, 0xd7, 0x6a, 0x98, 0xc3, 0xec, 0x88, 0xf4, + 0x45, 0xa9, 0x79, 0x96, 0x28, 0x3d, 0xb5, 0x9f, +}; + +const unsigned char test_ec_bp224r1_priv[] = { + 0xa6, 0x98, 0x35, 0xda, 0xfe, 0xb5, 0xda, 0x5a, 0xb8, 0x9c, 0x59, 0x86, 0x0d, 0xdd, 0xeb, 0xcf, + 0xd8, 0x0b, 0x52, 0x9a, 0x99, 0xf5, 0x9b, 0x88, 0x08, 0x82, 0x92, 0x3c, +}; + +const unsigned char test_ec_bp256r1_priv[] = { + 0x21, 0x61, 0xd6, 0xf2, 0xdb, 0x76, 0x52, 0x6f, 0xa6, 0x2c, 0x16, 0xf3, 0x56, 0xa8, 0x0f, 0x01, + 0xf3, 0x2f, 0x77, 0x67, 0x84, 0xb3, 0x6a, 0xa9, 0x97, 0x99, 0xa8, 0xb7, 0x66, 0x20, 0x80, 0xff, +}; + +const unsigned char test_ec_bp320r1_priv[] = { + 0x61, 0xb8, 0xda, 0xa7, 0xa6, 0xe5, 0xaa, 0x9f, 0xcc, 0xf1, 0xef, 0x50, 0x42, 0x20, 0xb2, 0xe5, + 0xa5, 0xb8, 0xc6, 0xdc, 0x74, 0x75, 0xd1, 0x6d, 0x31, 0x72, 0xd7, 0xdb, 0x0b, 0x27, 0x78, 0x41, + 0x4e, 0x4f, 0x6e, 0x8f, 0xa2, 0x03, 0x2e, 0xad, +}; + +const unsigned char test_ec_bp384r1_priv[] = { + 0x3d, 0xd9, 0x2e, 0x75, 0x0d, 0x90, 0xd7, 0xd3, 0x9f, 0xc1, 0x88, 0x5c, 0xd8, 0xad, 0x12, 0xea, + 0x94, 0x41, 0xf2, 0x2b, 0x93, 0x34, 0xb4, 0xd9, 0x65, 0x20, 0x2a, 0xdb, 0x14, 0x48, 0xce, 0x24, + 0xc5, 0x80, 0x8a, 0x85, 0xdd, 0x9a, 0xfc, 0x22, 0x9a, 0xf0, 0xa3, 0x12, 0x4f, 0x75, 0x5b, 0xcb, +}; + +const unsigned char test_ec_bp512r1_priv[] = { + 0x37, 0x2c, 0x97, 0x78, 0xf6, 0x9f, 0x72, 0x6c, 0xbc, 0xa3, 0xf4, 0xa2, 0x68, 0xf1, 0x6b, 0x4d, + 0x61, 0x7d, 0x10, 0x28, 0x0d, 0x79, 0xa6, 0xa0, 0x29, 0xcd, 0x51, 0x87, 0x9f, 0xe1, 0x01, 0x29, + 0x34, 0xdf, 0xe5, 0x39, 0x54, 0x55, 0x33, 0x7d, 0xf6, 0x90, 0x6d, 0xc7, 0xd6, 0xd2, 0xee, 0xa4, + 0xdb, 0xb2, 0x06, 0x5c, 0x02, 0x28, 0xf7, 0x3b, 0x3e, 0xd7, 0x16, 0x48, 0x0e, 0x7d, 0x71, 0xd2, +}; + +const unsigned char test_ec_bp160r1_pub[] = { + 0x04, 0xd4, 0xb9, 0x18, 0x68, 0x16, 0x35, 0x8e, 0x2f, 0x9c, 0x59, 0xcf, 0x70, 0x74, 0x8c, 0xb7, + 0x06, 0x41, 0xb2, 0x2f, 0xba, 0xb6, 0x54, 0x73, 0xdb, 0x4b, 0x4e, 0x22, 0xa3, 0x61, 0xed, 0x7e, + 0x3d, 0xe7, 0xe8, 0xa8, 0xdd, 0xc4, 0x13, 0x0c, 0x5c, +}; + +const unsigned char test_ec_bp192r1_pub[] = { + 0x04, 0x3f, 0xdd, 0x16, 0x8c, 0x17, 0x9f, 0xf5, 0x36, 0x3d, 0xd7, 0x1d, 0xcd, 0x58, 0xde, 0x96, + 0x17, 0xca, 0xad, 0x79, 0x1a, 0xe0, 0xc3, 0x73, 0x28, 0xbe, 0x9c, 0xa0, 0xbf, 0xc7, 0x9c, 0xeb, + 0xab, 0xf6, 0xa9, 0x5d, 0x1c, 0x52, 0xdf, 0x5b, 0x5f, 0x3c, 0x8b, 0x1a, 0x24, 0x41, 0xcf, 0x6c, + 0x88, +}; + +const unsigned char test_ec_bp224r1_pub[] = { + 0x04, 0x5f, 0xbe, 0xa3, 0x78, 0xfc, 0x85, 0x83, 0xb3, 0x83, 0x7e, 0x3f, 0x21, 0xa4, 0x57, 0xc3, + 0x1e, 0xaf, 0x20, 0xa5, 0x4e, 0x18, 0xeb, 0x11, 0xd1, 0x04, 0xb3, 0xad, 0xc4, 0x7f, 0x9d, 0x1c, + 0x97, 0xeb, 0x9e, 0xa4, 0xac, 0x21, 0x74, 0x0d, 0x70, 0xd8, 0x85, 0x14, 0xb9, 0x8b, 0xf0, 0xbc, + 0x31, 0xad, 0xda, 0xc1, 0xd1, 0x9c, 0x4a, 0xb3, 0xcc, +}; + +const unsigned char test_ec_bp256r1_pub[] = { + 0x04, 0x76, 0x8c, 0x8c, 0xae, 0x4a, 0xbc, 0xa6, 0x30, 0x6d, 0xb0, 0xed, 0x81, 0xb0, 0xc4, 0xa6, + 0x21, 0x5c, 0x37, 0x80, 0x66, 0xec, 0x6d, 0x61, 0x6c, 0x14, 0x6e, 0x13, 0xf1, 0xc7, 0xdf, 0x80, + 0x9b, 0x96, 0xab, 0x69, 0x11, 0xc2, 0x7d, 0x8a, 0x02, 0x33, 0x9f, 0x09, 0x26, 0x84, 0x0e, 0x55, + 0x23, 0x6d, 0x3d, 0x1e, 0xfb, 0xe2, 0x66, 0x9d, 0x09, 0x0e, 0x4c, 0x4c, 0x66, 0x0f, 0xad, 0xa9, + 0x1d, +}; + +const unsigned char test_ec_bp320r1_pub[] = { + 0x04, 0x9c, 0xae, 0xd8, 0xfb, 0x47, 0x42, 0x95, 0x6c, 0xc2, 0xad, 0x12, 0xa9, 0xa1, 0xc9, 0x95, + 0xe2, 0x17, 0x59, 0xef, 0x26, 0xa0, 0x7b, 0xc2, 0x05, 0x41, 0x36, 0xd3, 0xd2, 0xf2, 0x8b, 0xb3, + 0x31, 0xa7, 0x0e, 0x26, 0xc4, 0xc6, 0x87, 0x27, 0x5a, 0xb1, 0xf4, 0x34, 0xbe, 0x78, 0x71, 0xe1, + 0x15, 0xd2, 0x35, 0x0c, 0x0c, 0x5f, 0x61, 0xd4, 0xd0, 0x6d, 0x2b, 0xcd, 0xb6, 0x7f, 0x5c, 0xb6, + 0x3f, 0xdb, 0x79, 0x4e, 0x59, 0x47, 0xc8, 0x7d, 0xc6, 0x84, 0x9a, 0x58, 0x69, 0x4e, 0x37, 0xe6, + 0xcd, +}; + +const unsigned char test_ec_bp384r1_pub[] = { + 0x04, 0x71, 0x9f, 0x9d, 0x09, 0x3a, 0x62, 0x7e, 0x0d, 0x35, 0x03, 0x85, 0xc6, 0x61, 0xce, 0xbf, + 0x00, 0xc6, 0x19, 0x23, 0x56, 0x6f, 0xe9, 0x00, 0x6a, 0x31, 0x07, 0xaf, 0x1d, 0x87, 0x1b, 0xc6, + 0xbb, 0x68, 0x98, 0x5f, 0xd7, 0x22, 0xea, 0x32, 0xbe, 0x31, 0x6f, 0x8e, 0x78, 0x3b, 0x7c, 0xd1, + 0x95, 0x77, 0x85, 0xf6, 0x6c, 0xfc, 0x0c, 0xb1, 0x95, 0xdd, 0x5c, 0x99, 0xa8, 0xe7, 0xab, 0xaa, + 0x84, 0x85, 0x53, 0xa5, 0x84, 0xdf, 0xd2, 0xb4, 0x8e, 0x76, 0xd4, 0x45, 0xfe, 0x00, 0xdd, 0x8b, + 0xe5, 0x90, 0x96, 0xd8, 0x77, 0xd4, 0x69, 0x6d, 0x23, 0xb4, 0xbc, 0x8d, 0xb1, 0x47, 0x24, 0xe6, + 0x6a, +}; + +const unsigned char test_ec_bp512r1_pub[] = { + 0x04, 0x38, 0xb7, 0xec, 0x92, 0xb6, 0x1c, 0x5c, 0x6c, 0x7f, 0xbc, 0x28, 0xa4, 0xec, 0x75, 0x9d, + 0x48, 0xfc, 0xd4, 0xe2, 0xe3, 0x74, 0xde, 0xfd, 0x5c, 0x49, 0x68, 0xa5, 0x4d, 0xbe, 0xf7, 0x51, + 0x0e, 0x51, 0x78, 0x86, 0xfb, 0xfc, 0x38, 0xea, 0x39, 0xaa, 0x52, 0x93, 0x59, 0xd7, 0x0a, 0x71, + 0x56, 0xc3, 0x5d, 0x3c, 0xba, 0xc7, 0xce, 0x77, 0x6b, 0xdb, 0x25, 0x1d, 0xd6, 0x4b, 0xce, 0x71, + 0x23, 0x44, 0x24, 0xee, 0x70, 0x49, 0xee, 0xd0, 0x72, 0xf0, 0xdb, 0xc4, 0xd7, 0x99, 0x96, 0xe1, + 0x75, 0xd5, 0x57, 0xe2, 0x63, 0x76, 0x3a, 0xe9, 0x70, 0x95, 0xc0, 0x81, 0xe7, 0x3e, 0x7d, 0xb2, + 0xe3, 0x8a, 0xdc, 0x3d, 0x4c, 0x9a, 0x04, 0x87, 0xb1, 0xed, 0xe8, 0x76, 0xdc, 0x1f, 0xca, 0x61, + 0xc9, 0x02, 0xe9, 0xa1, 0xd8, 0x72, 0x2b, 0x86, 0x12, 0x92, 0x8f, 0x18, 0xa2, 0x48, 0x45, 0x59, + 0x1a, +}; + +const unsigned char test_ec_curve255_priv[] = { + 0x70, 0x07, 0x6d, 0x0a, 0x73, 0x18, 0xa5, 0x7d, 0x3c, 0x16, 0xc1, 0x72, 0x51, 0xb2, 0x66, 0x45, + 0xdf, 0x4c, 0x2f, 0x87, 0xeb, 0xc0, 0x99, 0x2a, 0xb1, 0x77, 0xfb, 0xa5, 0x1d, 0xb9, 0x2c, 0x6a, +}; + +const unsigned char test_ec_curve448_priv[] = { + 0xe4, 0xe4, 0x9f, 0x52, 0x68, 0x6f, 0x9e, 0xe3, 0xb6, 0x38, 0x52, 0x8f, 0x72, 0x1f, 0x15, 0x96, + 0x19, 0x6f, 0xfd, 0x0a, 0x1c, 0xdd, 0xb6, 0x4c, 0x3f, 0x21, 0x6f, 0x06, 0x54, 0x18, 0x05, 0xcf, + 0xeb, 0x1a, 0x28, 0x6d, 0xc7, 0x80, 0x18, 0x09, 0x5c, 0xdf, 0xec, 0x05, 0x0e, 0x80, 0x07, 0xb5, + 0xf4, 0x90, 0x89, 0x62, 0xba, 0x20, 0xd6, 0xc1, +}; + +const unsigned char test_ec_curve255_pub[] = { + 0x85, 0x20, 0xf0, 0x09, 0x89, 0x30, 0xa7, 0x54, 0x74, 0x8b, 0x7d, 0xdc, 0xb4, 0x3e, 0xf7, 0x5a, + 0x0d, 0xbf, 0x3a, 0x0d, 0x26, 0x38, 0x1a, 0xf4, 0xeb, 0xa4, 0xa9, 0x8e, 0xaa, 0x9b, 0x4e, 0x6a, +}; + +const unsigned char test_ec_curve448_pub[] = { + 0xc0, 0xd3, 0xa5, 0xa2, 0xb4, 0x16, 0xa5, 0x73, 0xdc, 0x99, 0x09, 0xf9, 0x2f, 0x13, 0x4a, 0xc0, + 0x13, 0x23, 0xab, 0x8f, 0x8e, 0x36, 0x80, 0x4e, 0x57, 0x85, 0x88, 0xba, 0x2d, 0x09, 0xfe, 0x7c, + 0x3e, 0x73, 0x7f, 0x77, 0x1c, 0xa1, 0x12, 0x82, 0x5b, 0x54, 0x8a, 0x0f, 0xfd, 0xed, 0x6d, 0x6a, + 0x2f, 0xd0, 0x9a, 0x3e, 0x77, 0xde, 0xc3, 0x0e, +}; + const unsigned char test_rsa_1024_priv[] = { 0x30, 0x82, 0x02, 0x5e, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x00, 0xaf, 0x05, 0x7d, 0x39, 0x6e, 0xe8, 0x4f, 0xb7, 0x5f, 0xdb, 0xb5, 0xc2, 0xb1, 0x3c, 0x7f, 0xe5, 0xa6, 0x54, 0xaa, 0x8a, 0xa2, @@ -45,18 +277,6 @@ const unsigned char test_rsa_1024_priv[] = { 0x2b, 0x24, }; -const unsigned char test_rsa_1024_pub[] = { - 0x30, 0x81, 0x89, 0x02, 0x81, 0x81, 0x00, 0xaf, 0x05, 0x7d, 0x39, 0x6e, 0xe8, 0x4f, 0xb7, 0x5f, - 0xdb, 0xb5, 0xc2, 0xb1, 0x3c, 0x7f, 0xe5, 0xa6, 0x54, 0xaa, 0x8a, 0xa2, 0x47, 0x0b, 0x54, 0x1e, - 0xe1, 0xfe, 0xb0, 0xb1, 0x2d, 0x25, 0xc7, 0x97, 0x11, 0x53, 0x12, 0x49, 0xe1, 0x12, 0x96, 0x28, - 0x04, 0x2d, 0xbb, 0xb6, 0xc1, 0x20, 0xd1, 0x44, 0x35, 0x24, 0xef, 0x4c, 0x0e, 0x6e, 0x1d, 0x89, - 0x56, 0xee, 0xb2, 0x07, 0x7a, 0xf1, 0x23, 0x49, 0xdd, 0xee, 0xe5, 0x44, 0x83, 0xbc, 0x06, 0xc2, - 0xc6, 0x19, 0x48, 0xcd, 0x02, 0xb2, 0x02, 0xe7, 0x96, 0xae, 0xbd, 0x94, 0xd3, 0xa7, 0xcb, 0xf8, - 0x59, 0xc2, 0xc1, 0x81, 0x9c, 0x32, 0x4c, 0xb8, 0x2b, 0x9c, 0xd3, 0x4e, 0xde, 0x26, 0x3a, 0x2a, - 0xbf, 0xfe, 0x47, 0x33, 0xf0, 0x77, 0x86, 0x9e, 0x86, 0x60, 0xf7, 0xd6, 0x83, 0x4d, 0xa5, 0x3d, - 0x69, 0x0e, 0xf7, 0x98, 0x5f, 0x6b, 0xc3, 0x02, 0x03, 0x01, 0x00, 0x01, -}; - const unsigned char test_rsa_1026_priv[] = { 0x30, 0x82, 0x02, 0x5e, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x02, 0xd0, 0x96, 0x61, 0xfc, 0x74, 0x22, 0x4b, 0xa7, 0xbe, 0x79, 0x07, 0xab, 0xef, 0x4f, 0x5e, 0x8b, 0xcc, 0x26, 0x4a, 0x80, 0x2c, @@ -99,18 +319,6 @@ const unsigned char test_rsa_1026_priv[] = { 0x92, 0x16, }; -const unsigned char test_rsa_1026_pub[] = { - 0x30, 0x81, 0x89, 0x02, 0x81, 0x81, 0x02, 0xd0, 0x96, 0x61, 0xfc, 0x74, 0x22, 0x4b, 0xa7, 0xbe, - 0x79, 0x07, 0xab, 0xef, 0x4f, 0x5e, 0x8b, 0xcc, 0x26, 0x4a, 0x80, 0x2c, 0x97, 0x8f, 0x7e, 0xaa, - 0x58, 0x55, 0xad, 0xa0, 0x54, 0x36, 0xd7, 0x5d, 0xb7, 0x68, 0xd2, 0x0f, 0x68, 0x59, 0x5d, 0xbc, - 0xc3, 0xd7, 0x25, 0xb1, 0x38, 0xe8, 0x0b, 0x24, 0x7e, 0x44, 0xa4, 0x16, 0x3a, 0x05, 0x42, 0xfa, - 0xb6, 0x12, 0xac, 0xbb, 0xde, 0x45, 0xf2, 0xe9, 0x38, 0x94, 0xaa, 0x25, 0x3b, 0xdd, 0xef, 0x6a, - 0x7b, 0xec, 0xdc, 0x9c, 0xc2, 0x9a, 0x99, 0xba, 0xcf, 0x48, 0xdc, 0x6e, 0x38, 0xdb, 0x7a, 0x33, - 0xe9, 0xac, 0x92, 0x4c, 0x52, 0x0f, 0xc6, 0xbe, 0x7d, 0x6e, 0x56, 0x46, 0xc1, 0xd6, 0x7f, 0xb8, - 0xb2, 0xb9, 0x7a, 0xc6, 0x0b, 0xee, 0xcc, 0x3b, 0xb8, 0xe7, 0x5b, 0xed, 0x83, 0x15, 0xaa, 0x3f, - 0xe4, 0x6f, 0x74, 0x8a, 0x66, 0xd6, 0xef, 0x02, 0x03, 0x01, 0x00, 0x01, -}; - const unsigned char test_rsa_1028_priv[] = { 0x30, 0x82, 0x02, 0x5e, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x0e, 0x62, 0xa7, 0x6f, 0x0e, 0x0b, 0x59, 0x68, 0x3a, 0x7e, 0xbf, 0x7c, 0xbf, 0xd3, 0x7b, 0x1d, 0x17, 0x81, 0xd8, 0xf1, 0xb9, 0x00, @@ -153,18 +361,6 @@ const unsigned char test_rsa_1028_priv[] = { 0x54, 0x8a, }; -const unsigned char test_rsa_1028_pub[] = { - 0x30, 0x81, 0x89, 0x02, 0x81, 0x81, 0x0e, 0x62, 0xa7, 0x6f, 0x0e, 0x0b, 0x59, 0x68, 0x3a, 0x7e, - 0xbf, 0x7c, 0xbf, 0xd3, 0x7b, 0x1d, 0x17, 0x81, 0xd8, 0xf1, 0xb9, 0x00, 0x60, 0x4b, 0x50, 0x7f, - 0x0f, 0x04, 0xc7, 0x2a, 0x3d, 0x34, 0x0d, 0x06, 0x7b, 0xcd, 0x53, 0xbe, 0xa3, 0xca, 0xff, 0x4e, - 0x4a, 0xe6, 0x94, 0xf0, 0xb6, 0xd8, 0xf5, 0x91, 0xa4, 0x16, 0x7f, 0xbf, 0x7f, 0x37, 0x2a, 0xb5, - 0x7e, 0x83, 0xa6, 0x9a, 0x3f, 0x26, 0xf4, 0x47, 0xbc, 0xf5, 0x82, 0xbc, 0x96, 0x21, 0xa3, 0x0a, - 0x3b, 0x44, 0xd6, 0xb4, 0x3e, 0x98, 0x6d, 0x1a, 0x86, 0x7b, 0x07, 0x48, 0x9e, 0x4f, 0x9b, 0xfc, - 0xad, 0xaa, 0x82, 0xa2, 0x78, 0x2d, 0xc2, 0x72, 0x9a, 0x63, 0x1f, 0xb1, 0xfb, 0x9f, 0xfb, 0x79, - 0x4b, 0x4e, 0x53, 0xc7, 0x62, 0x39, 0xe0, 0x4d, 0x4a, 0x8f, 0x80, 0x35, 0x25, 0x88, 0xdb, 0x29, - 0x46, 0x2d, 0xde, 0x18, 0x23, 0x7c, 0xf5, 0x02, 0x03, 0x01, 0x00, 0x01, -}; - const unsigned char test_rsa_1030_priv[] = { 0x30, 0x82, 0x02, 0x5f, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x2b, 0x7c, 0xd1, 0x97, 0xf5, 0x79, 0x6d, 0x1f, 0x8e, 0x57, 0x6b, 0x2b, 0x37, 0x72, 0x3f, 0xd9, 0x21, 0x08, 0x14, 0xef, 0x1c, 0x19, @@ -207,16 +403,63 @@ const unsigned char test_rsa_1030_priv[] = { 0x35, 0xa1, 0x7c, }; -const unsigned char test_rsa_1030_pub[] = { - 0x30, 0x81, 0x89, 0x02, 0x81, 0x81, 0x2b, 0x7c, 0xd1, 0x97, 0xf5, 0x79, 0x6d, 0x1f, 0x8e, 0x57, - 0x6b, 0x2b, 0x37, 0x72, 0x3f, 0xd9, 0x21, 0x08, 0x14, 0xef, 0x1c, 0x19, 0x95, 0xf9, 0x89, 0x9d, - 0x50, 0x05, 0x8f, 0x37, 0x9d, 0x23, 0x9c, 0x66, 0x87, 0x8e, 0x92, 0x2f, 0x34, 0xc6, 0xae, 0x36, - 0x72, 0xc8, 0x59, 0x8f, 0xcd, 0x5d, 0x47, 0xb7, 0x64, 0xd2, 0xec, 0x15, 0x6e, 0x13, 0x4d, 0x03, - 0xcf, 0x6a, 0x94, 0xd3, 0x8d, 0x2e, 0xa8, 0xbc, 0x76, 0xdb, 0xbc, 0x60, 0xc4, 0xb9, 0x74, 0x21, - 0x90, 0x90, 0xea, 0xf2, 0x87, 0x49, 0x7d, 0x7d, 0xcf, 0x7f, 0x11, 0x9c, 0xfa, 0x86, 0x74, 0x96, - 0xf7, 0xe9, 0x1c, 0x12, 0xb5, 0xd5, 0x52, 0xe1, 0xd1, 0x46, 0x1a, 0x80, 0xdb, 0xe9, 0xa5, 0x9d, - 0xb3, 0xb0, 0x16, 0xc6, 0xc0, 0x14, 0x1c, 0x3b, 0x2a, 0x0e, 0x22, 0x60, 0x89, 0xb8, 0x55, 0xcb, - 0x88, 0xef, 0x65, 0x64, 0x08, 0xbd, 0x89, 0x02, 0x03, 0x01, 0x00, 0x01, +const unsigned char test_rsa_1536_priv[] = { + 0x30, 0x82, 0x03, 0x7b, 0x02, 0x01, 0x00, 0x02, 0x81, 0xc1, 0x00, 0xc8, 0x70, 0xfe, 0xb6, 0xca, + 0x6b, 0x1d, 0x2b, 0xd9, 0xf2, 0xdd, 0x99, 0xe2, 0x0f, 0x1f, 0xe2, 0xd7, 0xe5, 0x19, 0x2d, 0xe6, + 0x62, 0x22, 0x9d, 0xbe, 0x16, 0x2b, 0xd1, 0xba, 0x66, 0x33, 0x6a, 0x71, 0x82, 0x90, 0x3c, 0xa0, + 0xb7, 0x27, 0x96, 0xcd, 0x44, 0x1c, 0x83, 0xd2, 0x4b, 0xcd, 0xc3, 0xe9, 0xa2, 0xf5, 0xe4, 0x39, + 0x9c, 0x8a, 0x04, 0x3f, 0x1c, 0x3d, 0xdf, 0x04, 0x75, 0x4a, 0x66, 0xd4, 0xcf, 0xe7, 0xb3, 0x67, + 0x1a, 0x37, 0xdd, 0x31, 0xa9, 0xb4, 0xc1, 0x3b, 0xfe, 0x06, 0xee, 0x90, 0xf9, 0xd9, 0x4d, 0xda, + 0xa0, 0x6d, 0xe6, 0x7a, 0x52, 0xac, 0x86, 0x3e, 0x68, 0xf7, 0x56, 0x73, 0x6c, 0xeb, 0x01, 0x44, + 0x05, 0xa6, 0x16, 0x05, 0x79, 0x64, 0x0f, 0x83, 0x1d, 0xdd, 0xcc, 0xc3, 0x4a, 0xd0, 0xb0, 0x50, + 0x70, 0xe3, 0xf9, 0x95, 0x4a, 0x58, 0xd1, 0x81, 0x58, 0x13, 0xe1, 0xb8, 0x3b, 0xca, 0xdb, 0xa8, + 0x14, 0x78, 0x9c, 0x87, 0xf1, 0xef, 0x2b, 0xa5, 0xd7, 0x38, 0xb7, 0x93, 0xec, 0x45, 0x6a, 0x67, + 0x36, 0x0e, 0xea, 0x1b, 0x5f, 0xaf, 0x1c, 0x7c, 0xc7, 0xbf, 0x24, 0xf3, 0xb2, 0xa9, 0xd0, 0xf8, + 0x95, 0x8b, 0x10, 0x96, 0xe0, 0xf0, 0xc3, 0x35, 0xf8, 0x88, 0x8d, 0x0c, 0x63, 0xa5, 0x1c, 0x3c, + 0x03, 0x37, 0x21, 0x4f, 0xa3, 0xf5, 0xef, 0xdf, 0x6d, 0xcc, 0x35, 0x02, 0x03, 0x01, 0x00, 0x01, + 0x02, 0x81, 0xc0, 0x6d, 0x2d, 0x67, 0x00, 0x47, 0x97, 0x3a, 0x87, 0x75, 0x2a, 0x9d, 0x5b, 0xc1, + 0x4f, 0x3d, 0xae, 0x00, 0xac, 0xb0, 0x1f, 0x59, 0x3a, 0xa0, 0xe2, 0x4c, 0xf4, 0xa4, 0x9f, 0x93, + 0x29, 0x31, 0xde, 0x4b, 0xbf, 0xb3, 0x32, 0xe2, 0xd3, 0x80, 0x83, 0xda, 0x80, 0xbc, 0x0b, 0x6d, + 0x53, 0x8e, 0xdb, 0xa4, 0x79, 0xf7, 0xf7, 0x7d, 0x0d, 0xef, 0xfb, 0x4a, 0x28, 0xe6, 0xe6, 0x7f, + 0xf6, 0x27, 0x35, 0x85, 0xbb, 0x4c, 0xd8, 0x62, 0x53, 0x5c, 0x94, 0x66, 0x05, 0xab, 0x08, 0x09, + 0xd6, 0x5f, 0x0e, 0x38, 0xf7, 0x6e, 0x4e, 0xc2, 0xc3, 0xd9, 0xb8, 0xcd, 0x6e, 0x14, 0xbc, 0xf6, + 0x67, 0x94, 0x38, 0x92, 0xcd, 0x4b, 0x34, 0xcc, 0x64, 0x20, 0xa4, 0x39, 0xab, 0xbf, 0x3d, 0x7d, + 0x35, 0xef, 0x73, 0x97, 0x6d, 0xd6, 0xf9, 0xcb, 0xde, 0x35, 0xa5, 0x1f, 0xa5, 0x21, 0x3f, 0x01, + 0x07, 0xf8, 0x3e, 0x34, 0x25, 0x83, 0x5d, 0x16, 0xd3, 0xc9, 0x14, 0x6f, 0xc9, 0xe3, 0x6c, 0xe7, + 0x5a, 0x09, 0xbb, 0x66, 0xcd, 0xff, 0x21, 0xdd, 0x5a, 0x77, 0x68, 0x99, 0xf1, 0xcb, 0x07, 0xe2, + 0x82, 0xcc, 0xa2, 0x7b, 0xe4, 0x65, 0x10, 0xe9, 0xc7, 0x99, 0xf0, 0xd8, 0xdb, 0x27, 0x5a, 0x6b, + 0xe0, 0x85, 0xd9, 0xf3, 0xf8, 0x03, 0x21, 0x8e, 0xe3, 0x38, 0x42, 0x65, 0xbf, 0xb1, 0xa3, 0x64, + 0x0e, 0x8c, 0xa1, 0x02, 0x61, 0x00, 0xe6, 0x84, 0x8c, 0x31, 0xd4, 0x66, 0xff, 0xfe, 0xfc, 0x54, + 0x7e, 0x3a, 0x3b, 0x0d, 0x37, 0x85, 0xde, 0x6f, 0x78, 0xb0, 0xdd, 0x12, 0x61, 0x08, 0x43, 0x51, + 0x2e, 0x49, 0x56, 0x11, 0xa0, 0x67, 0x55, 0x09, 0xb1, 0x65, 0x0b, 0x27, 0x41, 0x50, 0x09, 0x83, + 0x8d, 0xd8, 0xe6, 0x8e, 0xec, 0x6e, 0x75, 0x30, 0x55, 0x3b, 0x63, 0x7d, 0x60, 0x24, 0x24, 0x64, + 0x3b, 0x33, 0xe8, 0xbc, 0x5b, 0x76, 0x2e, 0x17, 0x99, 0xbc, 0x79, 0xd5, 0x6b, 0x13, 0x25, 0x1d, + 0x36, 0xd4, 0xf2, 0x01, 0xda, 0x21, 0x82, 0x41, 0x6c, 0xe1, 0x35, 0x74, 0xe8, 0x82, 0x78, 0xff, + 0x04, 0x46, 0x7a, 0xd6, 0x02, 0xd9, 0x02, 0x61, 0x00, 0xde, 0x99, 0x4f, 0xdf, 0x18, 0x1f, 0x02, + 0xbe, 0x2b, 0xf9, 0xe5, 0xf5, 0xe4, 0xe5, 0x17, 0xa9, 0x49, 0x93, 0xb8, 0x27, 0xd1, 0xea, 0xf6, + 0x09, 0x03, 0x3e, 0x3a, 0x6a, 0x6f, 0x23, 0x96, 0xae, 0x7c, 0x44, 0xe9, 0xeb, 0x59, 0x4c, 0xf1, + 0x04, 0x4c, 0xb3, 0xad, 0x32, 0xea, 0x25, 0x8f, 0x0c, 0x82, 0x96, 0x3b, 0x27, 0xbb, 0x65, 0x0e, + 0xd2, 0x00, 0xcd, 0xe8, 0x2c, 0xb9, 0x93, 0x37, 0x4b, 0xe3, 0x4b, 0xe5, 0xb1, 0xc7, 0xea, 0xd5, + 0x44, 0x6a, 0x2b, 0x82, 0xa4, 0x48, 0x6e, 0x8c, 0x18, 0x10, 0xa0, 0xb0, 0x15, 0x51, 0x60, 0x9f, + 0xb0, 0x84, 0x1d, 0x47, 0x4b, 0xad, 0xa8, 0x02, 0xbd, 0x02, 0x60, 0x76, 0xdd, 0xae, 0x75, 0x1b, + 0x73, 0xa9, 0x59, 0xd0, 0xbf, 0xb8, 0xff, 0x49, 0xe7, 0xfc, 0xd3, 0x78, 0xe9, 0xbe, 0x30, 0x65, + 0x2e, 0xce, 0xfe, 0x35, 0xc8, 0x2c, 0xb8, 0x00, 0x3b, 0xc2, 0x9c, 0xc6, 0x0a, 0xe3, 0x80, 0x99, + 0x09, 0xba, 0xf2, 0x0c, 0x95, 0xdb, 0x95, 0x16, 0xfe, 0x68, 0x08, 0x65, 0x41, 0x71, 0x11, 0xd8, + 0xb1, 0x93, 0xdb, 0xcf, 0x30, 0x28, 0x1f, 0x12, 0x49, 0xde, 0x57, 0xc8, 0x58, 0xbf, 0x1b, 0xa3, + 0x2f, 0x5b, 0xb1, 0x59, 0x98, 0x00, 0xe8, 0x39, 0x8a, 0x9e, 0xf2, 0x5c, 0x7a, 0x64, 0x2c, 0x95, + 0x26, 0x1d, 0xa6, 0xf9, 0xc1, 0x76, 0x70, 0xe9, 0x72, 0x65, 0xb1, 0x02, 0x60, 0x73, 0x24, 0x82, + 0xb8, 0x37, 0xd5, 0xf2, 0xa9, 0x44, 0x3e, 0x23, 0xc1, 0xaa, 0x01, 0x06, 0xd8, 0x3e, 0x82, 0xf6, + 0xc3, 0x42, 0x46, 0x73, 0xb5, 0xfd, 0xc3, 0x76, 0x9c, 0x0f, 0x99, 0x2d, 0x1c, 0x5c, 0x93, 0x99, + 0x1c, 0x70, 0x38, 0xe8, 0x82, 0xfc, 0xda, 0x04, 0x41, 0x4d, 0xf4, 0xd7, 0xa5, 0xf4, 0xf6, 0x98, + 0xea, 0xd8, 0x78, 0x51, 0xce, 0x37, 0x34, 0x4b, 0x60, 0xb7, 0x2d, 0x7b, 0x70, 0xf9, 0xc6, 0x0c, + 0xae, 0x85, 0x66, 0xe7, 0xa2, 0x57, 0xf8, 0xe1, 0xbe, 0xf0, 0xe8, 0x9d, 0xf6, 0xe4, 0xc2, 0xf9, + 0xd2, 0x4d, 0x21, 0xd9, 0xf8, 0x88, 0x9e, 0x4c, 0x7e, 0xcc, 0xf9, 0x17, 0x51, 0x02, 0x60, 0x09, + 0x05, 0x0d, 0x94, 0x49, 0x3d, 0xa8, 0xf0, 0x0a, 0x4d, 0xdb, 0xe9, 0xc8, 0x00, 0xaf, 0xe3, 0xd4, + 0x4b, 0x43, 0xf7, 0x8a, 0x48, 0x94, 0x1a, 0x79, 0xb2, 0x81, 0x4a, 0x1f, 0x0b, 0x81, 0xa1, 0x8a, + 0x8b, 0x23, 0x47, 0x64, 0x2a, 0x03, 0xb2, 0x79, 0x98, 0xf5, 0xa1, 0x8d, 0xe9, 0xab, 0xc9, 0xae, + 0x0e, 0x54, 0xab, 0x82, 0x94, 0xfe, 0xac, 0x66, 0xdc, 0x87, 0xe8, 0x54, 0xcc, 0xe6, 0xf7, 0x27, + 0x8a, 0xc2, 0x71, 0x0c, 0xb5, 0x87, 0x8b, 0x59, 0x2f, 0xfe, 0xb1, 0xf4, 0xf0, 0xa1, 0x85, 0x3e, + 0x4e, 0x8d, 0x1d, 0x05, 0x61, 0xb6, 0xef, 0xcc, 0x83, 0x1a, 0x29, 0x6c, 0xf7, 0xee, 0xaf, }; const unsigned char test_rsa_2048_priv[] = { @@ -297,26 +540,6 @@ const unsigned char test_rsa_2048_priv[] = { 0x07, 0x9c, 0xaa, 0xda, 0x05, 0x68, 0xb1, }; -const unsigned char test_rsa_2048_pub[] = { - 0x30, 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00, 0xf7, 0xbb, 0x6b, 0x8e, 0xab, 0x40, 0x49, - 0x1c, 0xd6, 0x44, 0x55, 0xec, 0x04, 0xd4, 0xed, 0x8d, 0xb5, 0x05, 0x1a, 0x97, 0x38, 0xfc, 0x7a, - 0xf7, 0x3f, 0xf3, 0xb0, 0x97, 0x51, 0x1c, 0xce, 0x40, 0xaa, 0xf7, 0x65, 0x37, 0xb1, 0x35, 0x35, - 0x04, 0x42, 0x79, 0x86, 0xb7, 0xb2, 0xb5, 0x3a, 0x96, 0x4a, 0x69, 0x37, 0xb5, 0x58, 0xec, 0x0d, - 0x1d, 0xea, 0x27, 0x4a, 0xf2, 0xb8, 0xff, 0xf2, 0xf0, 0x94, 0xc2, 0x43, 0xfa, 0x57, 0x72, 0x66, - 0xa7, 0x9d, 0xb0, 0xc2, 0x6f, 0xfe, 0x30, 0x41, 0x6d, 0x23, 0xef, 0x05, 0xdd, 0x5f, 0xec, 0xab, - 0x41, 0x3e, 0xbb, 0xb4, 0xf8, 0x52, 0x6a, 0xe7, 0x20, 0xa9, 0x45, 0x84, 0x22, 0x6b, 0x37, 0xd9, - 0x2e, 0xf4, 0x63, 0xfc, 0x73, 0x6c, 0xb3, 0x8e, 0x53, 0x0e, 0x74, 0x88, 0xd9, 0x16, 0x2f, 0x57, - 0x26, 0x80, 0x7b, 0xc5, 0x43, 0x13, 0x8a, 0x2d, 0x25, 0x8a, 0xdb, 0x4d, 0x68, 0x02, 0x21, 0xc2, - 0x53, 0x23, 0x81, 0xcc, 0xfa, 0x81, 0xbc, 0x89, 0xbc, 0x3d, 0x7b, 0x84, 0x03, 0x9c, 0x2d, 0xf4, - 0x1c, 0xe3, 0xec, 0x8d, 0xb9, 0x1c, 0x23, 0x80, 0xe7, 0x81, 0xba, 0x3a, 0xa9, 0xe2, 0x3b, 0x74, - 0xed, 0x99, 0x73, 0xd4, 0x90, 0x8e, 0xfc, 0xa4, 0x7a, 0xa8, 0xd9, 0xb7, 0xb0, 0xa4, 0x42, 0x32, - 0x97, 0xa4, 0x04, 0x42, 0x7c, 0x3f, 0x3c, 0xd6, 0xe0, 0x78, 0x2e, 0x45, 0x53, 0x88, 0x0f, 0x06, - 0xba, 0x39, 0xa6, 0x4f, 0x4a, 0x7b, 0x0e, 0xef, 0x92, 0x1a, 0x60, 0x50, 0xa2, 0x07, 0xce, 0xfa, - 0xdc, 0xf0, 0x73, 0x94, 0xa3, 0xe1, 0x8e, 0xa9, 0x15, 0xdc, 0x84, 0x97, 0xe7, 0xae, 0x61, 0xfc, - 0x31, 0x62, 0xf6, 0x2f, 0x50, 0x65, 0xa6, 0x92, 0xaf, 0x07, 0x72, 0x66, 0xf7, 0x36, 0x0c, 0x20, - 0x76, 0xce, 0xbe, 0xaf, 0x14, 0xcb, 0x22, 0xc1, 0xed, 0x02, 0x03, 0x01, 0x00, 0x01, -}; - const unsigned char test_rsa_4096_priv[] = { 0x30, 0x82, 0x09, 0x29, 0x02, 0x01, 0x00, 0x02, 0x82, 0x02, 0x01, 0x00, 0xcc, 0x87, 0x25, 0xf6, 0xb3, 0x8d, 0x5d, 0x01, 0xae, 0xeb, 0x07, 0xd3, 0x6e, 0x03, 0xde, 0x4d, 0x31, 0xa0, 0x26, 0x1c, @@ -467,6 +690,90 @@ const unsigned char test_rsa_4096_priv[] = { 0x41, 0x6a, 0x42, 0x2e, 0x56, 0x09, 0x86, 0xf2, 0x2f, 0x39, 0x45, 0x6e, 0x7f, }; +const unsigned char test_rsa_1024_pub[] = { + 0x30, 0x81, 0x89, 0x02, 0x81, 0x81, 0x00, 0xaf, 0x05, 0x7d, 0x39, 0x6e, 0xe8, 0x4f, 0xb7, 0x5f, + 0xdb, 0xb5, 0xc2, 0xb1, 0x3c, 0x7f, 0xe5, 0xa6, 0x54, 0xaa, 0x8a, 0xa2, 0x47, 0x0b, 0x54, 0x1e, + 0xe1, 0xfe, 0xb0, 0xb1, 0x2d, 0x25, 0xc7, 0x97, 0x11, 0x53, 0x12, 0x49, 0xe1, 0x12, 0x96, 0x28, + 0x04, 0x2d, 0xbb, 0xb6, 0xc1, 0x20, 0xd1, 0x44, 0x35, 0x24, 0xef, 0x4c, 0x0e, 0x6e, 0x1d, 0x89, + 0x56, 0xee, 0xb2, 0x07, 0x7a, 0xf1, 0x23, 0x49, 0xdd, 0xee, 0xe5, 0x44, 0x83, 0xbc, 0x06, 0xc2, + 0xc6, 0x19, 0x48, 0xcd, 0x02, 0xb2, 0x02, 0xe7, 0x96, 0xae, 0xbd, 0x94, 0xd3, 0xa7, 0xcb, 0xf8, + 0x59, 0xc2, 0xc1, 0x81, 0x9c, 0x32, 0x4c, 0xb8, 0x2b, 0x9c, 0xd3, 0x4e, 0xde, 0x26, 0x3a, 0x2a, + 0xbf, 0xfe, 0x47, 0x33, 0xf0, 0x77, 0x86, 0x9e, 0x86, 0x60, 0xf7, 0xd6, 0x83, 0x4d, 0xa5, 0x3d, + 0x69, 0x0e, 0xf7, 0x98, 0x5f, 0x6b, 0xc3, 0x02, 0x03, 0x01, 0x00, 0x01, +}; + +const unsigned char test_rsa_1026_pub[] = { + 0x30, 0x81, 0x89, 0x02, 0x81, 0x81, 0x02, 0xd0, 0x96, 0x61, 0xfc, 0x74, 0x22, 0x4b, 0xa7, 0xbe, + 0x79, 0x07, 0xab, 0xef, 0x4f, 0x5e, 0x8b, 0xcc, 0x26, 0x4a, 0x80, 0x2c, 0x97, 0x8f, 0x7e, 0xaa, + 0x58, 0x55, 0xad, 0xa0, 0x54, 0x36, 0xd7, 0x5d, 0xb7, 0x68, 0xd2, 0x0f, 0x68, 0x59, 0x5d, 0xbc, + 0xc3, 0xd7, 0x25, 0xb1, 0x38, 0xe8, 0x0b, 0x24, 0x7e, 0x44, 0xa4, 0x16, 0x3a, 0x05, 0x42, 0xfa, + 0xb6, 0x12, 0xac, 0xbb, 0xde, 0x45, 0xf2, 0xe9, 0x38, 0x94, 0xaa, 0x25, 0x3b, 0xdd, 0xef, 0x6a, + 0x7b, 0xec, 0xdc, 0x9c, 0xc2, 0x9a, 0x99, 0xba, 0xcf, 0x48, 0xdc, 0x6e, 0x38, 0xdb, 0x7a, 0x33, + 0xe9, 0xac, 0x92, 0x4c, 0x52, 0x0f, 0xc6, 0xbe, 0x7d, 0x6e, 0x56, 0x46, 0xc1, 0xd6, 0x7f, 0xb8, + 0xb2, 0xb9, 0x7a, 0xc6, 0x0b, 0xee, 0xcc, 0x3b, 0xb8, 0xe7, 0x5b, 0xed, 0x83, 0x15, 0xaa, 0x3f, + 0xe4, 0x6f, 0x74, 0x8a, 0x66, 0xd6, 0xef, 0x02, 0x03, 0x01, 0x00, 0x01, +}; + +const unsigned char test_rsa_1028_pub[] = { + 0x30, 0x81, 0x89, 0x02, 0x81, 0x81, 0x0e, 0x62, 0xa7, 0x6f, 0x0e, 0x0b, 0x59, 0x68, 0x3a, 0x7e, + 0xbf, 0x7c, 0xbf, 0xd3, 0x7b, 0x1d, 0x17, 0x81, 0xd8, 0xf1, 0xb9, 0x00, 0x60, 0x4b, 0x50, 0x7f, + 0x0f, 0x04, 0xc7, 0x2a, 0x3d, 0x34, 0x0d, 0x06, 0x7b, 0xcd, 0x53, 0xbe, 0xa3, 0xca, 0xff, 0x4e, + 0x4a, 0xe6, 0x94, 0xf0, 0xb6, 0xd8, 0xf5, 0x91, 0xa4, 0x16, 0x7f, 0xbf, 0x7f, 0x37, 0x2a, 0xb5, + 0x7e, 0x83, 0xa6, 0x9a, 0x3f, 0x26, 0xf4, 0x47, 0xbc, 0xf5, 0x82, 0xbc, 0x96, 0x21, 0xa3, 0x0a, + 0x3b, 0x44, 0xd6, 0xb4, 0x3e, 0x98, 0x6d, 0x1a, 0x86, 0x7b, 0x07, 0x48, 0x9e, 0x4f, 0x9b, 0xfc, + 0xad, 0xaa, 0x82, 0xa2, 0x78, 0x2d, 0xc2, 0x72, 0x9a, 0x63, 0x1f, 0xb1, 0xfb, 0x9f, 0xfb, 0x79, + 0x4b, 0x4e, 0x53, 0xc7, 0x62, 0x39, 0xe0, 0x4d, 0x4a, 0x8f, 0x80, 0x35, 0x25, 0x88, 0xdb, 0x29, + 0x46, 0x2d, 0xde, 0x18, 0x23, 0x7c, 0xf5, 0x02, 0x03, 0x01, 0x00, 0x01, +}; + +const unsigned char test_rsa_1030_pub[] = { + 0x30, 0x81, 0x89, 0x02, 0x81, 0x81, 0x2b, 0x7c, 0xd1, 0x97, 0xf5, 0x79, 0x6d, 0x1f, 0x8e, 0x57, + 0x6b, 0x2b, 0x37, 0x72, 0x3f, 0xd9, 0x21, 0x08, 0x14, 0xef, 0x1c, 0x19, 0x95, 0xf9, 0x89, 0x9d, + 0x50, 0x05, 0x8f, 0x37, 0x9d, 0x23, 0x9c, 0x66, 0x87, 0x8e, 0x92, 0x2f, 0x34, 0xc6, 0xae, 0x36, + 0x72, 0xc8, 0x59, 0x8f, 0xcd, 0x5d, 0x47, 0xb7, 0x64, 0xd2, 0xec, 0x15, 0x6e, 0x13, 0x4d, 0x03, + 0xcf, 0x6a, 0x94, 0xd3, 0x8d, 0x2e, 0xa8, 0xbc, 0x76, 0xdb, 0xbc, 0x60, 0xc4, 0xb9, 0x74, 0x21, + 0x90, 0x90, 0xea, 0xf2, 0x87, 0x49, 0x7d, 0x7d, 0xcf, 0x7f, 0x11, 0x9c, 0xfa, 0x86, 0x74, 0x96, + 0xf7, 0xe9, 0x1c, 0x12, 0xb5, 0xd5, 0x52, 0xe1, 0xd1, 0x46, 0x1a, 0x80, 0xdb, 0xe9, 0xa5, 0x9d, + 0xb3, 0xb0, 0x16, 0xc6, 0xc0, 0x14, 0x1c, 0x3b, 0x2a, 0x0e, 0x22, 0x60, 0x89, 0xb8, 0x55, 0xcb, + 0x88, 0xef, 0x65, 0x64, 0x08, 0xbd, 0x89, 0x02, 0x03, 0x01, 0x00, 0x01, +}; + +const unsigned char test_rsa_1536_pub[] = { + 0x30, 0x81, 0xc9, 0x02, 0x81, 0xc1, 0x00, 0xc8, 0x70, 0xfe, 0xb6, 0xca, 0x6b, 0x1d, 0x2b, 0xd9, + 0xf2, 0xdd, 0x99, 0xe2, 0x0f, 0x1f, 0xe2, 0xd7, 0xe5, 0x19, 0x2d, 0xe6, 0x62, 0x22, 0x9d, 0xbe, + 0x16, 0x2b, 0xd1, 0xba, 0x66, 0x33, 0x6a, 0x71, 0x82, 0x90, 0x3c, 0xa0, 0xb7, 0x27, 0x96, 0xcd, + 0x44, 0x1c, 0x83, 0xd2, 0x4b, 0xcd, 0xc3, 0xe9, 0xa2, 0xf5, 0xe4, 0x39, 0x9c, 0x8a, 0x04, 0x3f, + 0x1c, 0x3d, 0xdf, 0x04, 0x75, 0x4a, 0x66, 0xd4, 0xcf, 0xe7, 0xb3, 0x67, 0x1a, 0x37, 0xdd, 0x31, + 0xa9, 0xb4, 0xc1, 0x3b, 0xfe, 0x06, 0xee, 0x90, 0xf9, 0xd9, 0x4d, 0xda, 0xa0, 0x6d, 0xe6, 0x7a, + 0x52, 0xac, 0x86, 0x3e, 0x68, 0xf7, 0x56, 0x73, 0x6c, 0xeb, 0x01, 0x44, 0x05, 0xa6, 0x16, 0x05, + 0x79, 0x64, 0x0f, 0x83, 0x1d, 0xdd, 0xcc, 0xc3, 0x4a, 0xd0, 0xb0, 0x50, 0x70, 0xe3, 0xf9, 0x95, + 0x4a, 0x58, 0xd1, 0x81, 0x58, 0x13, 0xe1, 0xb8, 0x3b, 0xca, 0xdb, 0xa8, 0x14, 0x78, 0x9c, 0x87, + 0xf1, 0xef, 0x2b, 0xa5, 0xd7, 0x38, 0xb7, 0x93, 0xec, 0x45, 0x6a, 0x67, 0x36, 0x0e, 0xea, 0x1b, + 0x5f, 0xaf, 0x1c, 0x7c, 0xc7, 0xbf, 0x24, 0xf3, 0xb2, 0xa9, 0xd0, 0xf8, 0x95, 0x8b, 0x10, 0x96, + 0xe0, 0xf0, 0xc3, 0x35, 0xf8, 0x88, 0x8d, 0x0c, 0x63, 0xa5, 0x1c, 0x3c, 0x03, 0x37, 0x21, 0x4f, + 0xa3, 0xf5, 0xef, 0xdf, 0x6d, 0xcc, 0x35, 0x02, 0x03, 0x01, 0x00, 0x01, +}; + +const unsigned char test_rsa_2048_pub[] = { + 0x30, 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00, 0xf7, 0xbb, 0x6b, 0x8e, 0xab, 0x40, 0x49, + 0x1c, 0xd6, 0x44, 0x55, 0xec, 0x04, 0xd4, 0xed, 0x8d, 0xb5, 0x05, 0x1a, 0x97, 0x38, 0xfc, 0x7a, + 0xf7, 0x3f, 0xf3, 0xb0, 0x97, 0x51, 0x1c, 0xce, 0x40, 0xaa, 0xf7, 0x65, 0x37, 0xb1, 0x35, 0x35, + 0x04, 0x42, 0x79, 0x86, 0xb7, 0xb2, 0xb5, 0x3a, 0x96, 0x4a, 0x69, 0x37, 0xb5, 0x58, 0xec, 0x0d, + 0x1d, 0xea, 0x27, 0x4a, 0xf2, 0xb8, 0xff, 0xf2, 0xf0, 0x94, 0xc2, 0x43, 0xfa, 0x57, 0x72, 0x66, + 0xa7, 0x9d, 0xb0, 0xc2, 0x6f, 0xfe, 0x30, 0x41, 0x6d, 0x23, 0xef, 0x05, 0xdd, 0x5f, 0xec, 0xab, + 0x41, 0x3e, 0xbb, 0xb4, 0xf8, 0x52, 0x6a, 0xe7, 0x20, 0xa9, 0x45, 0x84, 0x22, 0x6b, 0x37, 0xd9, + 0x2e, 0xf4, 0x63, 0xfc, 0x73, 0x6c, 0xb3, 0x8e, 0x53, 0x0e, 0x74, 0x88, 0xd9, 0x16, 0x2f, 0x57, + 0x26, 0x80, 0x7b, 0xc5, 0x43, 0x13, 0x8a, 0x2d, 0x25, 0x8a, 0xdb, 0x4d, 0x68, 0x02, 0x21, 0xc2, + 0x53, 0x23, 0x81, 0xcc, 0xfa, 0x81, 0xbc, 0x89, 0xbc, 0x3d, 0x7b, 0x84, 0x03, 0x9c, 0x2d, 0xf4, + 0x1c, 0xe3, 0xec, 0x8d, 0xb9, 0x1c, 0x23, 0x80, 0xe7, 0x81, 0xba, 0x3a, 0xa9, 0xe2, 0x3b, 0x74, + 0xed, 0x99, 0x73, 0xd4, 0x90, 0x8e, 0xfc, 0xa4, 0x7a, 0xa8, 0xd9, 0xb7, 0xb0, 0xa4, 0x42, 0x32, + 0x97, 0xa4, 0x04, 0x42, 0x7c, 0x3f, 0x3c, 0xd6, 0xe0, 0x78, 0x2e, 0x45, 0x53, 0x88, 0x0f, 0x06, + 0xba, 0x39, 0xa6, 0x4f, 0x4a, 0x7b, 0x0e, 0xef, 0x92, 0x1a, 0x60, 0x50, 0xa2, 0x07, 0xce, 0xfa, + 0xdc, 0xf0, 0x73, 0x94, 0xa3, 0xe1, 0x8e, 0xa9, 0x15, 0xdc, 0x84, 0x97, 0xe7, 0xae, 0x61, 0xfc, + 0x31, 0x62, 0xf6, 0x2f, 0x50, 0x65, 0xa6, 0x92, 0xaf, 0x07, 0x72, 0x66, 0xf7, 0x36, 0x0c, 0x20, + 0x76, 0xce, 0xbe, 0xaf, 0x14, 0xcb, 0x22, 0xc1, 0xed, 0x02, 0x03, 0x01, 0x00, 0x01, +}; + const unsigned char test_rsa_4096_pub[] = { 0x30, 0x82, 0x02, 0x0a, 0x02, 0x82, 0x02, 0x01, 0x00, 0xcc, 0x87, 0x25, 0xf6, 0xb3, 0x8d, 0x5d, 0x01, 0xae, 0xeb, 0x07, 0xd3, 0x6e, 0x03, 0xde, 0x4d, 0x31, 0xa0, 0x26, 0x1c, 0xe7, 0x4f, 0xe1, @@ -502,173 +809,3 @@ const unsigned char test_rsa_4096_pub[] = { 0xf9, 0x34, 0xe2, 0xb4, 0x0f, 0xde, 0xbb, 0xa3, 0xd9, 0x70, 0x1b, 0x76, 0xe1, 0xbe, 0x54, 0x82, 0x74, 0xb2, 0x60, 0x2d, 0x88, 0x85, 0x37, 0x48, 0x2d, 0x02, 0x03, 0x01, 0x00, 0x01, }; - -const unsigned char test_ec_secp192r1_priv[] = { - 0xd8, 0x3b, 0x57, 0xa5, 0x9c, 0x51, 0x35, 0x8d, 0x9c, 0x8b, 0xbb, 0x89, 0x8a, 0xff, 0x50, 0x7f, - 0x44, 0xdd, 0x14, 0xcf, 0x16, 0x91, 0x71, 0x90, -}; - -const unsigned char test_ec_secp192r1_pub[] = { - 0x04, 0xe3, 0x5f, 0xcb, 0xee, 0x11, 0xce, 0xc3, 0x15, 0x4f, 0x80, 0xa1, 0xa6, 0x1d, 0xf7, 0xd7, - 0x61, 0x2d, 0xe4, 0xf2, 0xfd, 0x70, 0xc5, 0x60, 0x8d, 0x0e, 0xe3, 0xa4, 0xa1, 0xa5, 0x71, 0x94, - 0x71, 0xad, 0xb3, 0x39, 0x66, 0xdd, 0x9b, 0x03, 0x5f, 0xdb, 0x77, 0x4f, 0xee, 0xba, 0x94, 0xb0, - 0x4c, -}; - -const unsigned char test_ec_secp224r1_priv[] = { - 0x87, 0x2f, 0x20, 0x3b, 0x3a, 0xd3, 0x5b, 0x7f, 0x2e, 0xcc, 0x80, 0x3c, 0x3a, 0x0e, 0x1e, 0x0b, - 0x1e, 0xd6, 0x1c, 0xc1, 0xaf, 0xe7, 0x1b, 0x18, 0x9c, 0xd4, 0xc9, 0x95, -}; - -const unsigned char test_ec_secp224r1_pub[] = { - 0x04, 0x6f, 0x00, 0xea, 0xda, 0xa9, 0x49, 0xfe, 0xe3, 0xe9, 0xe1, 0xc7, 0xfa, 0x12, 0x47, 0xee, - 0xce, 0xc8, 0x6a, 0x0d, 0xce, 0x46, 0x41, 0x8b, 0x9b, 0xd3, 0x11, 0x7b, 0x98, 0x1d, 0x4b, 0xd0, - 0xae, 0x7a, 0x99, 0x0d, 0xe9, 0x12, 0xf9, 0xd0, 0x60, 0xd6, 0xcb, 0x53, 0x1a, 0x42, 0xd2, 0x2e, - 0x39, 0x4a, 0xc2, 0x9e, 0x81, 0x80, 0x4b, 0xf1, 0x60, -}; - -const unsigned char test_ec_secp256r1_priv[] = { - 0x49, 0xc9, 0xa8, 0xc1, 0x8c, 0x4b, 0x88, 0x56, 0x38, 0xc4, 0x31, 0xcf, 0x1d, 0xf1, 0xc9, 0x94, - 0x13, 0x16, 0x09, 0xb5, 0x80, 0xd4, 0xfd, 0x43, 0xa0, 0xca, 0xb1, 0x7d, 0xb2, 0xf1, 0x3e, 0xee, -}; - -const unsigned char test_ec_secp256r1_pub[] = { - 0x04, 0x77, 0x72, 0x65, 0x6f, 0x81, 0x4b, 0x39, 0x92, 0x79, 0xd5, 0xe1, 0xf1, 0x78, 0x1f, 0xac, - 0x6f, 0x09, 0x9a, 0x3c, 0x5c, 0xa1, 0xb0, 0xe3, 0x53, 0x51, 0x83, 0x4b, 0x08, 0xb6, 0x5e, 0x0b, - 0x57, 0x25, 0x90, 0xcd, 0xaf, 0x8f, 0x76, 0x93, 0x61, 0xbc, 0xf3, 0x4a, 0xcf, 0xc1, 0x1e, 0x5e, - 0x07, 0x4e, 0x84, 0x26, 0xbd, 0xde, 0x04, 0xbe, 0x6e, 0x65, 0x39, 0x45, 0x44, 0x96, 0x17, 0xde, - 0x45, -}; - -const unsigned char test_ec_secp384r1_priv[] = { - 0x3f, 0x5d, 0x8d, 0x9b, 0xe2, 0x80, 0xb5, 0x69, 0x6c, 0xc5, 0xcc, 0x9f, 0x94, 0xcf, 0x8a, 0xf7, - 0xe6, 0xb6, 0x1d, 0xd6, 0x59, 0x2b, 0x2a, 0xb2, 0xb3, 0xa4, 0xc6, 0x07, 0x45, 0x04, 0x17, 0xec, - 0x32, 0x7d, 0xcd, 0xca, 0xed, 0x7c, 0x10, 0x05, 0x3d, 0x71, 0x9a, 0x05, 0x74, 0xf0, 0xa7, 0x6a, -}; - -const unsigned char test_ec_secp384r1_pub[] = { - 0x04, 0xd9, 0xc6, 0x62, 0xb5, 0x0b, 0xa2, 0x9c, 0xa4, 0x79, 0x90, 0x45, 0x0e, 0x04, 0x3a, 0xea, - 0xf4, 0xf0, 0xc6, 0x9b, 0x15, 0x67, 0x6d, 0x11, 0x2f, 0x62, 0x2a, 0x71, 0xc9, 0x30, 0x59, 0xaf, - 0x99, 0x96, 0x91, 0xc5, 0x68, 0x0d, 0x2b, 0x44, 0xd1, 0x11, 0x57, 0x9d, 0xb1, 0x2f, 0x4a, 0x41, - 0x3a, 0x2e, 0xd5, 0xc4, 0x5f, 0xcf, 0xb6, 0x7b, 0x5b, 0x63, 0xe0, 0x0b, 0x91, 0xeb, 0xe5, 0x9d, - 0x09, 0xa6, 0xb1, 0xac, 0x2c, 0x0c, 0x42, 0x82, 0xaa, 0x12, 0x31, 0x7e, 0xd5, 0x91, 0x4f, 0x99, - 0x9b, 0xc4, 0x88, 0xbb, 0x13, 0x2e, 0x83, 0x42, 0xcc, 0x36, 0xf2, 0xca, 0x5e, 0x33, 0x79, 0xc7, - 0x47, -}; - -const unsigned char test_ec_secp521r1_priv[] = { - 0x01, 0xb1, 0xb6, 0xad, 0x07, 0xbb, 0x79, 0xe7, 0x32, 0x0d, 0xa5, 0x98, 0x60, 0xea, 0x28, 0xe0, - 0x55, 0x28, 0x4f, 0x60, 0x58, 0xf2, 0x79, 0xde, 0x66, 0x6e, 0x06, 0xd4, 0x35, 0xd2, 0xaf, 0x7b, - 0xda, 0x28, 0xd9, 0x9f, 0xa4, 0x7b, 0x7d, 0xd0, 0x96, 0x3e, 0x16, 0xb0, 0x07, 0x30, 0x78, 0xee, - 0x8b, 0x8a, 0x38, 0xd9, 0x66, 0xa5, 0x82, 0xf4, 0x6d, 0x19, 0xff, 0x95, 0xdf, 0x3a, 0xd9, 0x68, - 0x5a, 0xae, -}; - -const unsigned char test_ec_secp521r1_pub[] = { - 0x04, 0x00, 0x1d, 0xe1, 0x42, 0xd5, 0x4f, 0x69, 0xeb, 0x03, 0x8e, 0xe4, 0xb7, 0xaf, 0x9d, 0x3c, - 0xa0, 0x77, 0x36, 0xfd, 0x9c, 0xf7, 0x19, 0xeb, 0x35, 0x4d, 0x69, 0x87, 0x9e, 0xe7, 0xf3, 0xc1, - 0x36, 0xfb, 0x0f, 0xbf, 0x9f, 0x08, 0xf8, 0x6b, 0xe5, 0xfa, 0x12, 0x8e, 0xc1, 0xa0, 0x51, 0xd3, - 0xe6, 0xc6, 0x43, 0xe8, 0x5a, 0xda, 0x8f, 0xfa, 0xcf, 0x36, 0x63, 0xc2, 0x60, 0xbd, 0x2c, 0x84, - 0x4b, 0x6f, 0x56, 0x00, 0xce, 0xe8, 0xe4, 0x8a, 0x9e, 0x65, 0xd0, 0x9c, 0xad, 0xd8, 0x9f, 0x23, - 0x5d, 0xee, 0x05, 0xf3, 0xb8, 0xa6, 0x46, 0xbe, 0x71, 0x5f, 0x1f, 0x67, 0xd5, 0xb4, 0x34, 0xe0, - 0xff, 0x23, 0xa1, 0xfc, 0x07, 0xef, 0x77, 0x40, 0x19, 0x3e, 0x40, 0xee, 0xff, 0x6f, 0x3b, 0xcd, - 0xfd, 0x76, 0x5a, 0xa9, 0x15, 0x50, 0x33, 0x52, 0x4f, 0xe4, 0xf2, 0x05, 0xf5, 0x44, 0x4e, 0x29, - 0x2c, 0x4c, 0x2f, 0x6a, 0xc1, -}; - -const unsigned char test_ec_bp256r1_priv[] = { - 0x21, 0x61, 0xd6, 0xf2, 0xdb, 0x76, 0x52, 0x6f, 0xa6, 0x2c, 0x16, 0xf3, 0x56, 0xa8, 0x0f, 0x01, - 0xf3, 0x2f, 0x77, 0x67, 0x84, 0xb3, 0x6a, 0xa9, 0x97, 0x99, 0xa8, 0xb7, 0x66, 0x20, 0x80, 0xff, -}; - -const unsigned char test_ec_bp256r1_pub[] = { - 0x04, 0x76, 0x8c, 0x8c, 0xae, 0x4a, 0xbc, 0xa6, 0x30, 0x6d, 0xb0, 0xed, 0x81, 0xb0, 0xc4, 0xa6, - 0x21, 0x5c, 0x37, 0x80, 0x66, 0xec, 0x6d, 0x61, 0x6c, 0x14, 0x6e, 0x13, 0xf1, 0xc7, 0xdf, 0x80, - 0x9b, 0x96, 0xab, 0x69, 0x11, 0xc2, 0x7d, 0x8a, 0x02, 0x33, 0x9f, 0x09, 0x26, 0x84, 0x0e, 0x55, - 0x23, 0x6d, 0x3d, 0x1e, 0xfb, 0xe2, 0x66, 0x9d, 0x09, 0x0e, 0x4c, 0x4c, 0x66, 0x0f, 0xad, 0xa9, - 0x1d, -}; - -const unsigned char test_ec_bp384r1_priv[] = { - 0x3d, 0xd9, 0x2e, 0x75, 0x0d, 0x90, 0xd7, 0xd3, 0x9f, 0xc1, 0x88, 0x5c, 0xd8, 0xad, 0x12, 0xea, - 0x94, 0x41, 0xf2, 0x2b, 0x93, 0x34, 0xb4, 0xd9, 0x65, 0x20, 0x2a, 0xdb, 0x14, 0x48, 0xce, 0x24, - 0xc5, 0x80, 0x8a, 0x85, 0xdd, 0x9a, 0xfc, 0x22, 0x9a, 0xf0, 0xa3, 0x12, 0x4f, 0x75, 0x5b, 0xcb, -}; - -const unsigned char test_ec_bp384r1_pub[] = { - 0x04, 0x71, 0x9f, 0x9d, 0x09, 0x3a, 0x62, 0x7e, 0x0d, 0x35, 0x03, 0x85, 0xc6, 0x61, 0xce, 0xbf, - 0x00, 0xc6, 0x19, 0x23, 0x56, 0x6f, 0xe9, 0x00, 0x6a, 0x31, 0x07, 0xaf, 0x1d, 0x87, 0x1b, 0xc6, - 0xbb, 0x68, 0x98, 0x5f, 0xd7, 0x22, 0xea, 0x32, 0xbe, 0x31, 0x6f, 0x8e, 0x78, 0x3b, 0x7c, 0xd1, - 0x95, 0x77, 0x85, 0xf6, 0x6c, 0xfc, 0x0c, 0xb1, 0x95, 0xdd, 0x5c, 0x99, 0xa8, 0xe7, 0xab, 0xaa, - 0x84, 0x85, 0x53, 0xa5, 0x84, 0xdf, 0xd2, 0xb4, 0x8e, 0x76, 0xd4, 0x45, 0xfe, 0x00, 0xdd, 0x8b, - 0xe5, 0x90, 0x96, 0xd8, 0x77, 0xd4, 0x69, 0x6d, 0x23, 0xb4, 0xbc, 0x8d, 0xb1, 0x47, 0x24, 0xe6, - 0x6a, -}; - -const unsigned char test_ec_bp512r1_priv[] = { - 0x37, 0x2c, 0x97, 0x78, 0xf6, 0x9f, 0x72, 0x6c, 0xbc, 0xa3, 0xf4, 0xa2, 0x68, 0xf1, 0x6b, 0x4d, - 0x61, 0x7d, 0x10, 0x28, 0x0d, 0x79, 0xa6, 0xa0, 0x29, 0xcd, 0x51, 0x87, 0x9f, 0xe1, 0x01, 0x29, - 0x34, 0xdf, 0xe5, 0x39, 0x54, 0x55, 0x33, 0x7d, 0xf6, 0x90, 0x6d, 0xc7, 0xd6, 0xd2, 0xee, 0xa4, - 0xdb, 0xb2, 0x06, 0x5c, 0x02, 0x28, 0xf7, 0x3b, 0x3e, 0xd7, 0x16, 0x48, 0x0e, 0x7d, 0x71, 0xd2, -}; - -const unsigned char test_ec_bp512r1_pub[] = { - 0x04, 0x38, 0xb7, 0xec, 0x92, 0xb6, 0x1c, 0x5c, 0x6c, 0x7f, 0xbc, 0x28, 0xa4, 0xec, 0x75, 0x9d, - 0x48, 0xfc, 0xd4, 0xe2, 0xe3, 0x74, 0xde, 0xfd, 0x5c, 0x49, 0x68, 0xa5, 0x4d, 0xbe, 0xf7, 0x51, - 0x0e, 0x51, 0x78, 0x86, 0xfb, 0xfc, 0x38, 0xea, 0x39, 0xaa, 0x52, 0x93, 0x59, 0xd7, 0x0a, 0x71, - 0x56, 0xc3, 0x5d, 0x3c, 0xba, 0xc7, 0xce, 0x77, 0x6b, 0xdb, 0x25, 0x1d, 0xd6, 0x4b, 0xce, 0x71, - 0x23, 0x44, 0x24, 0xee, 0x70, 0x49, 0xee, 0xd0, 0x72, 0xf0, 0xdb, 0xc4, 0xd7, 0x99, 0x96, 0xe1, - 0x75, 0xd5, 0x57, 0xe2, 0x63, 0x76, 0x3a, 0xe9, 0x70, 0x95, 0xc0, 0x81, 0xe7, 0x3e, 0x7d, 0xb2, - 0xe3, 0x8a, 0xdc, 0x3d, 0x4c, 0x9a, 0x04, 0x87, 0xb1, 0xed, 0xe8, 0x76, 0xdc, 0x1f, 0xca, 0x61, - 0xc9, 0x02, 0xe9, 0xa1, 0xd8, 0x72, 0x2b, 0x86, 0x12, 0x92, 0x8f, 0x18, 0xa2, 0x48, 0x45, 0x59, - 0x1a, -}; - -const unsigned char test_ec_secp192k1_priv[] = { - 0x29, 0x7a, 0xc1, 0x72, 0x2c, 0xca, 0xc7, 0x58, 0x9e, 0xcb, 0x24, 0x0d, 0xc7, 0x19, 0x84, 0x25, - 0x38, 0xca, 0x97, 0x4b, 0xeb, 0x79, 0xf2, 0x28, -}; - -const unsigned char test_ec_secp192k1_pub[] = { - 0x04, 0x26, 0xb7, 0xbb, 0x38, 0xda, 0x64, 0x9a, 0xc2, 0x13, 0x8f, 0xc0, 0x50, 0xc6, 0x54, 0x8b, - 0x32, 0x55, 0x3d, 0xab, 0x68, 0xaf, 0xeb, 0xc3, 0x61, 0x05, 0xd3, 0x25, 0xb7, 0x55, 0x38, 0xc1, - 0x23, 0x23, 0xcb, 0x07, 0x64, 0x78, 0x9e, 0xcb, 0x99, 0x26, 0x71, 0xbe, 0xb2, 0xb6, 0xbe, 0xf2, - 0xf5, -}; - -const unsigned char test_ec_secp256k1_priv[] = { - 0x7f, 0xa0, 0x6f, 0xa0, 0x2d, 0x0e, 0x91, 0x1b, 0x9a, 0x47, 0xfd, 0xc1, 0x7d, 0x2d, 0x96, 0x2c, - 0xa0, 0x1e, 0x2f, 0x31, 0xd6, 0x0c, 0x62, 0x12, 0xd0, 0xed, 0x7e, 0x3b, 0xba, 0x23, 0xa7, 0xb9, -}; - -const unsigned char test_ec_secp256k1_pub[] = { - 0x04, 0x5c, 0x39, 0x15, 0x45, 0x79, 0xef, 0xd6, 0x67, 0xad, 0xc7, 0x3a, 0x81, 0x01, 0x5a, 0x79, - 0x7d, 0x2c, 0x86, 0x82, 0xcd, 0xfb, 0xd3, 0xc3, 0x55, 0x3c, 0x4a, 0x18, 0x5d, 0x48, 0x1c, 0xdc, - 0x50, 0xe4, 0x2a, 0x0e, 0x1c, 0xbc, 0x3c, 0xa2, 0x9a, 0x32, 0xa6, 0x45, 0xe9, 0x27, 0xf5, 0x4b, - 0xea, 0xed, 0x14, 0xc9, 0xdb, 0xbf, 0x82, 0x79, 0xd7, 0x25, 0xf5, 0x49, 0x5c, 0xa9, 0x24, 0xb2, - 0x4d, -}; - -const unsigned char test_ec_curve25519_priv[] = { - 0x70, 0x07, 0x6d, 0x0a, 0x73, 0x18, 0xa5, 0x7d, 0x3c, 0x16, 0xc1, 0x72, 0x51, 0xb2, 0x66, 0x45, - 0xdf, 0x4c, 0x2f, 0x87, 0xeb, 0xc0, 0x99, 0x2a, 0xb1, 0x77, 0xfb, 0xa5, 0x1d, 0xb9, 0x2c, 0x6a, -}; - -const unsigned char test_ec_curve25519_pub[] = { - 0x85, 0x20, 0xf0, 0x09, 0x89, 0x30, 0xa7, 0x54, 0x74, 0x8b, 0x7d, 0xdc, 0xb4, 0x3e, 0xf7, 0x5a, - 0x0d, 0xbf, 0x3a, 0x0d, 0x26, 0x38, 0x1a, 0xf4, 0xeb, 0xa4, 0xa9, 0x8e, 0xaa, 0x9b, 0x4e, 0x6a, -}; - -const unsigned char test_ec_curve448_priv[] = { - 0xe4, 0xe4, 0x9f, 0x52, 0x68, 0x6f, 0x9e, 0xe3, 0xb6, 0x38, 0x52, 0x8f, 0x72, 0x1f, 0x15, 0x96, - 0x19, 0x6f, 0xfd, 0x0a, 0x1c, 0xdd, 0xb6, 0x4c, 0x3f, 0x21, 0x6f, 0x06, 0x54, 0x18, 0x05, 0xcf, - 0xeb, 0x1a, 0x28, 0x6d, 0xc7, 0x80, 0x18, 0x09, 0x5c, 0xdf, 0xec, 0x05, 0x0e, 0x80, 0x07, 0xb5, - 0xf4, 0x90, 0x89, 0x62, 0xba, 0x20, 0xd6, 0xc1, -}; - -const unsigned char test_ec_curve448_pub[] = { - 0xc0, 0xd3, 0xa5, 0xa2, 0xb4, 0x16, 0xa5, 0x73, 0xdc, 0x99, 0x09, 0xf9, 0x2f, 0x13, 0x4a, 0xc0, - 0x13, 0x23, 0xab, 0x8f, 0x8e, 0x36, 0x80, 0x4e, 0x57, 0x85, 0x88, 0xba, 0x2d, 0x09, 0xfe, 0x7c, - 0x3e, 0x73, 0x7f, 0x77, 0x1c, 0xa1, 0x12, 0x82, 0x5b, 0x54, 0x8a, 0x0f, 0xfd, 0xed, 0x6d, 0x6a, - 0x2f, 0xd0, 0x9a, 0x3e, 0x77, 0xde, 0xc3, 0x0e, -}; diff --git a/tests/suites/test_suite_pk.function b/tests/suites/test_suite_pk.function index c57c442d8d..72bc0082e4 100644 --- a/tests/suites/test_suite_pk.function +++ b/tests/suites/test_suite_pk.function @@ -222,8 +222,8 @@ struct key_lut_element keys_lut[] = { test_ec_bp384r1_pub, sizeof(test_ec_bp384r1_pub) }, { MBEDTLS_ECP_DP_BP512R1, test_ec_bp512r1_priv, sizeof(test_ec_bp512r1_priv), test_ec_bp512r1_pub, sizeof(test_ec_bp512r1_pub) }, - { MBEDTLS_ECP_DP_CURVE25519, test_ec_curve25519_priv, sizeof(test_ec_curve25519_priv), - test_ec_curve25519_pub, sizeof(test_ec_curve25519_pub) }, + { MBEDTLS_ECP_DP_CURVE25519, test_ec_curve255_priv, sizeof(test_ec_curve255_priv), + test_ec_curve255_pub, sizeof(test_ec_curve255_pub) }, { MBEDTLS_ECP_DP_SECP192K1, test_ec_secp192k1_priv, sizeof(test_ec_secp192k1_priv), test_ec_secp192k1_pub, sizeof(test_ec_secp192k1_pub) }, { MBEDTLS_ECP_DP_SECP256K1, test_ec_secp256k1_priv, sizeof(test_ec_secp256k1_priv), From 9aa4fa95729efea27b57cbdd70aada4e0085e31e Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Tue, 16 Apr 2024 10:54:23 +0200 Subject: [PATCH 107/429] generate_test_keys: generate also look-up table in script Remove static declaration of look-up table from test_suite_pk and generate it automatically with Python. Signed-off-by: Valerio Setti --- tests/scripts/generate_test_keys.py | 118 ++++++--- tests/src/test_keys.h | 382 ++++++++++++++-------------- tests/suites/test_suite_pk.function | 69 +---- 3 files changed, 285 insertions(+), 284 deletions(-) diff --git a/tests/scripts/generate_test_keys.py b/tests/scripts/generate_test_keys.py index 75e85cefcc..9c5786d82e 100755 --- a/tests/scripts/generate_test_keys.py +++ b/tests/scripts/generate_test_keys.py @@ -32,13 +32,6 @@ def c_byte_array_literal_content(array_name: str, key_data: bytes) -> Iterator[s def convert_der_to_c(array_name: str, key_data: bytes) -> str: return ''.join(c_byte_array_literal_content(array_name, key_data)) -EC_NAME_CONVERSION = { - 'PSA_ECC_FAMILY_SECP_K1': ['secp', 'k1'], - 'PSA_ECC_FAMILY_SECP_R1': ['secp', 'r1'], - 'PSA_ECC_FAMILY_BRAINPOOL_P_R1': ['bp', 'r1'], - 'PSA_ECC_FAMILY_MONTGOMERY': ['curve', ''], -} - def get_key_type(key: str) -> str: if re.match('PSA_KEY_TYPE_RSA_.*', key): return "rsa" @@ -54,11 +47,49 @@ def get_ec_key_family(key: str) -> str: raise Exception("Unable to get EC family from {}".format(key)) return match.group(1) -def get_key_role(key_type: str) -> str: - if re.match('PSA_KEY_TYPE_.*_KEY_PAIR', key_type): - return "priv" - else: - return "pub" +# Legacy EC group ID do not support all the key types that PSA does, so the +# following dictionaries are used for: +# - getting prefix/suffix for legacy curve names +# - understand if the curve is supported in legacy symbols (MBEDTLS_ECP_DP_...) +EC_NAME_CONVERSION = { + 'PSA_ECC_FAMILY_SECP_K1': { + 192: ['secp', 'k1'], + 224: ['secp', 'k1'], + 256: ['secp', 'k1'] + }, + 'PSA_ECC_FAMILY_SECP_R1': { + 192: ['secp', 'r1'], + 224: ['secp', 'r1'], + 256: ['secp', 'r1'], + 384: ['secp', 'r1'], + 521: ['secp', 'r1'] + }, + 'PSA_ECC_FAMILY_BRAINPOOL_P_R1': { + 256: ['bp', 'r1'], + 384: ['bp', 'r1'], + 512: ['bp', 'r1'] + }, + 'PSA_ECC_FAMILY_MONTGOMERY': { + 255: ['curve', '19'], + 448: ['curve', ''] + } +} + +def get_ec_curve_name(priv_key: str, bits: int) -> str: + ec_family = get_ec_key_family(priv_key) + try: + prefix = EC_NAME_CONVERSION[ec_family][bits][0] + suffix = EC_NAME_CONVERSION[ec_family][bits][1] + except: # pylint: disable=bare-except + return "" + return prefix + str(bits) + suffix + +def get_look_up_table_entry(key_type: str, curve_or_keybits: str, + priv_array_name: str, pub_array_name: str) -> Iterator[str]: + yield "\n {{ {}, ".format("1" if key_type == "ec" else "0") + yield "{},\n".format(curve_or_keybits) + yield " {0}, sizeof({0}),\n".format(priv_array_name) + yield " {0}, sizeof({0}) }},".format(pub_array_name) def main() -> None: # Remove output file if already existing. @@ -73,33 +104,60 @@ def main() -> None: " *********************************************************************************/\n" ) - for key in ASYMMETRIC_KEY_DATA: - key_type = get_key_type(key) + look_up_table = "" + + # Get a list of private keys only in order to get a single item for every + # (key type, key bits) pair. We know that ASYMMETRIC_KEY_DATA + # contains also the public counterpart. + priv_keys = [key for key in ASYMMETRIC_KEY_DATA if re.match(r'.*_KEY_PAIR', key)] + + for priv_key in priv_keys: + key_type = get_key_type(priv_key) # Ignore keys which are not EC or RSA if key_type == "unknown": continue - # Ignore undesired EC keys - if key_type == "ec": - ec_family = get_ec_key_family(key) - if not ec_family in EC_NAME_CONVERSION: - continue - role = get_key_role(key) - for bits in ASYMMETRIC_KEY_DATA[key]: + pub_key = re.sub('_KEY_PAIR', '_PUBLIC_KEY', priv_key) + + for bits in ASYMMETRIC_KEY_DATA[priv_key]: + if key_type == "ec": + curve = get_ec_curve_name(priv_key, bits) + # Ignore EC curves unsupported in legacy symbols + if curve == "": + continue # Create output array name if key_type == "rsa": - array_name = "_".join(["test", key_type, str(bits), role]) + array_name_base = "_".join(["test", key_type, str(bits)]) else: - prefix = EC_NAME_CONVERSION[ec_family][0] - suffix = EC_NAME_CONVERSION[ec_family][1] - curve = "".join([prefix, str(bits), suffix]) - array_name = "_".join(["test", key_type, curve, role]) + array_name_base = "_".join(["test", key_type, curve]) + array_name_priv = array_name_base + "_priv" + array_name_pub = array_name_base + "_pub" # Convert bytearray to C array - c_array = convert_der_to_c(array_name, ASYMMETRIC_KEY_DATA[key][bits]) + c_array_priv = convert_der_to_c(array_name_priv, ASYMMETRIC_KEY_DATA[priv_key][bits]) + c_array_pub = convert_der_to_c(array_name_pub, ASYMMETRIC_KEY_DATA[pub_key][bits]) # Write the C array to the output file - output_file.write("\n") - output_file.write(c_array) - output_file.write("\n") + output_file.write(''.join(["\n", c_array_priv, "\n", c_array_pub, "\n"])) + # Update the lookup table + if key_type == "ec": + curve_or_keybits = "MBEDTLS_ECP_DP_" + curve.upper() + else: + curve_or_keybits = str(bits) + look_up_table = look_up_table + \ + ''.join(get_look_up_table_entry(key_type, curve_or_keybits, + array_name_priv, array_name_pub)) + # Write the lookup table: the struct containing pointers to all the arrays we created above. + output_file.write(""" +struct predefined_key_element { + int is_ec; // 1 for EC keys; 0 for RSA + int curve_or_keybits; + const unsigned char *priv_key; + size_t priv_key_len; + const unsigned char *pub_key; + size_t pub_key_len; +}; + +struct predefined_key_element predefined_keys[] = {""") + output_file.write("{}\n}};\n".format(look_up_table)) if __name__ == '__main__': main() diff --git a/tests/src/test_keys.h b/tests/src/test_keys.h index ca3416be90..7e8f773b66 100644 --- a/tests/src/test_keys.h +++ b/tests/src/test_keys.h @@ -7,17 +7,6 @@ const unsigned char test_ec_secp192k1_priv[] = { 0x29, 0x7a, 0xc1, 0x72, 0x2c, 0xca, 0xc7, 0x58, 0x9e, 0xcb, 0x24, 0x0d, 0xc7, 0x19, 0x84, 0x25, 0x38, 0xca, 0x97, 0x4b, 0xeb, 0x79, 0xf2, 0x28, }; - -const unsigned char test_ec_secp225k1_priv[] = { - 0x00, 0x24, 0x12, 0x2b, 0xf0, 0x20, 0xfa, 0x11, 0x3f, 0x6c, 0x0a, 0xc9, 0x78, 0xdf, 0xbd, 0x41, - 0xf7, 0x49, 0x25, 0x7a, 0x94, 0x68, 0xfe, 0xbd, 0xbe, 0x0d, 0xc9, 0xf7, 0xe8, -}; - -const unsigned char test_ec_secp256k1_priv[] = { - 0x7f, 0xa0, 0x6f, 0xa0, 0x2d, 0x0e, 0x91, 0x1b, 0x9a, 0x47, 0xfd, 0xc1, 0x7d, 0x2d, 0x96, 0x2c, - 0xa0, 0x1e, 0x2f, 0x31, 0xd6, 0x0c, 0x62, 0x12, 0xd0, 0xed, 0x7e, 0x3b, 0xba, 0x23, 0xa7, 0xb9, -}; - const unsigned char test_ec_secp192k1_pub[] = { 0x04, 0x26, 0xb7, 0xbb, 0x38, 0xda, 0x64, 0x9a, 0xc2, 0x13, 0x8f, 0xc0, 0x50, 0xc6, 0x54, 0x8b, 0x32, 0x55, 0x3d, 0xab, 0x68, 0xaf, 0xeb, 0xc3, 0x61, 0x05, 0xd3, 0x25, 0xb7, 0x55, 0x38, 0xc1, @@ -25,13 +14,10 @@ const unsigned char test_ec_secp192k1_pub[] = { 0xf5, }; -const unsigned char test_ec_secp225k1_pub[] = { - 0x04, 0x2c, 0xc7, 0x33, 0x5f, 0x4b, 0x76, 0x04, 0x2b, 0xed, 0x44, 0xef, 0x45, 0x95, 0x9a, 0x62, - 0xaa, 0x21, 0x5f, 0x7a, 0x5f, 0xf0, 0xc8, 0x11, 0x1b, 0x8c, 0x44, 0xed, 0x65, 0x4e, 0xe7, 0x1c, - 0x19, 0x18, 0x32, 0x6a, 0xd4, 0x85, 0xb2, 0xd5, 0x99, 0xfe, 0x2a, 0x6e, 0xab, 0x09, 0x6e, 0xe2, - 0x6d, 0x97, 0x73, 0x34, 0xd2, 0xba, 0xc6, 0xd6, 0x1d, +const unsigned char test_ec_secp256k1_priv[] = { + 0x7f, 0xa0, 0x6f, 0xa0, 0x2d, 0x0e, 0x91, 0x1b, 0x9a, 0x47, 0xfd, 0xc1, 0x7d, 0x2d, 0x96, 0x2c, + 0xa0, 0x1e, 0x2f, 0x31, 0xd6, 0x0c, 0x62, 0x12, 0xd0, 0xed, 0x7e, 0x3b, 0xba, 0x23, 0xa7, 0xb9, }; - const unsigned char test_ec_secp256k1_pub[] = { 0x04, 0x5c, 0x39, 0x15, 0x45, 0x79, 0xef, 0xd6, 0x67, 0xad, 0xc7, 0x3a, 0x81, 0x01, 0x5a, 0x79, 0x7d, 0x2c, 0x86, 0x82, 0xcd, 0xfb, 0xd3, 0xc3, 0x55, 0x3c, 0x4a, 0x18, 0x5d, 0x48, 0x1c, 0xdc, @@ -44,31 +30,6 @@ const unsigned char test_ec_secp192r1_priv[] = { 0xd8, 0x3b, 0x57, 0xa5, 0x9c, 0x51, 0x35, 0x8d, 0x9c, 0x8b, 0xbb, 0x89, 0x8a, 0xff, 0x50, 0x7f, 0x44, 0xdd, 0x14, 0xcf, 0x16, 0x91, 0x71, 0x90, }; - -const unsigned char test_ec_secp224r1_priv[] = { - 0x87, 0x2f, 0x20, 0x3b, 0x3a, 0xd3, 0x5b, 0x7f, 0x2e, 0xcc, 0x80, 0x3c, 0x3a, 0x0e, 0x1e, 0x0b, - 0x1e, 0xd6, 0x1c, 0xc1, 0xaf, 0xe7, 0x1b, 0x18, 0x9c, 0xd4, 0xc9, 0x95, -}; - -const unsigned char test_ec_secp256r1_priv[] = { - 0x49, 0xc9, 0xa8, 0xc1, 0x8c, 0x4b, 0x88, 0x56, 0x38, 0xc4, 0x31, 0xcf, 0x1d, 0xf1, 0xc9, 0x94, - 0x13, 0x16, 0x09, 0xb5, 0x80, 0xd4, 0xfd, 0x43, 0xa0, 0xca, 0xb1, 0x7d, 0xb2, 0xf1, 0x3e, 0xee, -}; - -const unsigned char test_ec_secp384r1_priv[] = { - 0x3f, 0x5d, 0x8d, 0x9b, 0xe2, 0x80, 0xb5, 0x69, 0x6c, 0xc5, 0xcc, 0x9f, 0x94, 0xcf, 0x8a, 0xf7, - 0xe6, 0xb6, 0x1d, 0xd6, 0x59, 0x2b, 0x2a, 0xb2, 0xb3, 0xa4, 0xc6, 0x07, 0x45, 0x04, 0x17, 0xec, - 0x32, 0x7d, 0xcd, 0xca, 0xed, 0x7c, 0x10, 0x05, 0x3d, 0x71, 0x9a, 0x05, 0x74, 0xf0, 0xa7, 0x6a, -}; - -const unsigned char test_ec_secp521r1_priv[] = { - 0x01, 0xb1, 0xb6, 0xad, 0x07, 0xbb, 0x79, 0xe7, 0x32, 0x0d, 0xa5, 0x98, 0x60, 0xea, 0x28, 0xe0, - 0x55, 0x28, 0x4f, 0x60, 0x58, 0xf2, 0x79, 0xde, 0x66, 0x6e, 0x06, 0xd4, 0x35, 0xd2, 0xaf, 0x7b, - 0xda, 0x28, 0xd9, 0x9f, 0xa4, 0x7b, 0x7d, 0xd0, 0x96, 0x3e, 0x16, 0xb0, 0x07, 0x30, 0x78, 0xee, - 0x8b, 0x8a, 0x38, 0xd9, 0x66, 0xa5, 0x82, 0xf4, 0x6d, 0x19, 0xff, 0x95, 0xdf, 0x3a, 0xd9, 0x68, - 0x5a, 0xae, -}; - const unsigned char test_ec_secp192r1_pub[] = { 0x04, 0xe3, 0x5f, 0xcb, 0xee, 0x11, 0xce, 0xc3, 0x15, 0x4f, 0x80, 0xa1, 0xa6, 0x1d, 0xf7, 0xd7, 0x61, 0x2d, 0xe4, 0xf2, 0xfd, 0x70, 0xc5, 0x60, 0x8d, 0x0e, 0xe3, 0xa4, 0xa1, 0xa5, 0x71, 0x94, @@ -76,6 +37,10 @@ const unsigned char test_ec_secp192r1_pub[] = { 0x4c, }; +const unsigned char test_ec_secp224r1_priv[] = { + 0x87, 0x2f, 0x20, 0x3b, 0x3a, 0xd3, 0x5b, 0x7f, 0x2e, 0xcc, 0x80, 0x3c, 0x3a, 0x0e, 0x1e, 0x0b, + 0x1e, 0xd6, 0x1c, 0xc1, 0xaf, 0xe7, 0x1b, 0x18, 0x9c, 0xd4, 0xc9, 0x95, +}; const unsigned char test_ec_secp224r1_pub[] = { 0x04, 0x6f, 0x00, 0xea, 0xda, 0xa9, 0x49, 0xfe, 0xe3, 0xe9, 0xe1, 0xc7, 0xfa, 0x12, 0x47, 0xee, 0xce, 0xc8, 0x6a, 0x0d, 0xce, 0x46, 0x41, 0x8b, 0x9b, 0xd3, 0x11, 0x7b, 0x98, 0x1d, 0x4b, 0xd0, @@ -83,6 +48,10 @@ const unsigned char test_ec_secp224r1_pub[] = { 0x39, 0x4a, 0xc2, 0x9e, 0x81, 0x80, 0x4b, 0xf1, 0x60, }; +const unsigned char test_ec_secp256r1_priv[] = { + 0x49, 0xc9, 0xa8, 0xc1, 0x8c, 0x4b, 0x88, 0x56, 0x38, 0xc4, 0x31, 0xcf, 0x1d, 0xf1, 0xc9, 0x94, + 0x13, 0x16, 0x09, 0xb5, 0x80, 0xd4, 0xfd, 0x43, 0xa0, 0xca, 0xb1, 0x7d, 0xb2, 0xf1, 0x3e, 0xee, +}; const unsigned char test_ec_secp256r1_pub[] = { 0x04, 0x77, 0x72, 0x65, 0x6f, 0x81, 0x4b, 0x39, 0x92, 0x79, 0xd5, 0xe1, 0xf1, 0x78, 0x1f, 0xac, 0x6f, 0x09, 0x9a, 0x3c, 0x5c, 0xa1, 0xb0, 0xe3, 0x53, 0x51, 0x83, 0x4b, 0x08, 0xb6, 0x5e, 0x0b, @@ -91,6 +60,11 @@ const unsigned char test_ec_secp256r1_pub[] = { 0x45, }; +const unsigned char test_ec_secp384r1_priv[] = { + 0x3f, 0x5d, 0x8d, 0x9b, 0xe2, 0x80, 0xb5, 0x69, 0x6c, 0xc5, 0xcc, 0x9f, 0x94, 0xcf, 0x8a, 0xf7, + 0xe6, 0xb6, 0x1d, 0xd6, 0x59, 0x2b, 0x2a, 0xb2, 0xb3, 0xa4, 0xc6, 0x07, 0x45, 0x04, 0x17, 0xec, + 0x32, 0x7d, 0xcd, 0xca, 0xed, 0x7c, 0x10, 0x05, 0x3d, 0x71, 0x9a, 0x05, 0x74, 0xf0, 0xa7, 0x6a, +}; const unsigned char test_ec_secp384r1_pub[] = { 0x04, 0xd9, 0xc6, 0x62, 0xb5, 0x0b, 0xa2, 0x9c, 0xa4, 0x79, 0x90, 0x45, 0x0e, 0x04, 0x3a, 0xea, 0xf4, 0xf0, 0xc6, 0x9b, 0x15, 0x67, 0x6d, 0x11, 0x2f, 0x62, 0x2a, 0x71, 0xc9, 0x30, 0x59, 0xaf, @@ -101,6 +75,13 @@ const unsigned char test_ec_secp384r1_pub[] = { 0x47, }; +const unsigned char test_ec_secp521r1_priv[] = { + 0x01, 0xb1, 0xb6, 0xad, 0x07, 0xbb, 0x79, 0xe7, 0x32, 0x0d, 0xa5, 0x98, 0x60, 0xea, 0x28, 0xe0, + 0x55, 0x28, 0x4f, 0x60, 0x58, 0xf2, 0x79, 0xde, 0x66, 0x6e, 0x06, 0xd4, 0x35, 0xd2, 0xaf, 0x7b, + 0xda, 0x28, 0xd9, 0x9f, 0xa4, 0x7b, 0x7d, 0xd0, 0x96, 0x3e, 0x16, 0xb0, 0x07, 0x30, 0x78, 0xee, + 0x8b, 0x8a, 0x38, 0xd9, 0x66, 0xa5, 0x82, 0xf4, 0x6d, 0x19, 0xff, 0x95, 0xdf, 0x3a, 0xd9, 0x68, + 0x5a, 0xae, +}; const unsigned char test_ec_secp521r1_pub[] = { 0x04, 0x00, 0x1d, 0xe1, 0x42, 0xd5, 0x4f, 0x69, 0xeb, 0x03, 0x8e, 0xe4, 0xb7, 0xaf, 0x9d, 0x3c, 0xa0, 0x77, 0x36, 0xfd, 0x9c, 0xf7, 0x19, 0xeb, 0x35, 0x4d, 0x69, 0x87, 0x9e, 0xe7, 0xf3, 0xc1, @@ -113,65 +94,10 @@ const unsigned char test_ec_secp521r1_pub[] = { 0x2c, 0x4c, 0x2f, 0x6a, 0xc1, }; -const unsigned char test_ec_bp160r1_priv[] = { - 0x69, 0x50, 0x2c, 0x4f, 0xda, 0xf4, 0x8d, 0x4f, 0xa6, 0x17, 0xbd, 0xd2, 0x44, 0x98, 0xb0, 0x40, - 0x6d, 0x0e, 0xea, 0xac, -}; - -const unsigned char test_ec_bp192r1_priv[] = { - 0x16, 0x88, 0xa2, 0xc5, 0xfb, 0xf4, 0xa3, 0xc8, 0x51, 0xd7, 0x6a, 0x98, 0xc3, 0xec, 0x88, 0xf4, - 0x45, 0xa9, 0x79, 0x96, 0x28, 0x3d, 0xb5, 0x9f, -}; - -const unsigned char test_ec_bp224r1_priv[] = { - 0xa6, 0x98, 0x35, 0xda, 0xfe, 0xb5, 0xda, 0x5a, 0xb8, 0x9c, 0x59, 0x86, 0x0d, 0xdd, 0xeb, 0xcf, - 0xd8, 0x0b, 0x52, 0x9a, 0x99, 0xf5, 0x9b, 0x88, 0x08, 0x82, 0x92, 0x3c, -}; - const unsigned char test_ec_bp256r1_priv[] = { 0x21, 0x61, 0xd6, 0xf2, 0xdb, 0x76, 0x52, 0x6f, 0xa6, 0x2c, 0x16, 0xf3, 0x56, 0xa8, 0x0f, 0x01, 0xf3, 0x2f, 0x77, 0x67, 0x84, 0xb3, 0x6a, 0xa9, 0x97, 0x99, 0xa8, 0xb7, 0x66, 0x20, 0x80, 0xff, }; - -const unsigned char test_ec_bp320r1_priv[] = { - 0x61, 0xb8, 0xda, 0xa7, 0xa6, 0xe5, 0xaa, 0x9f, 0xcc, 0xf1, 0xef, 0x50, 0x42, 0x20, 0xb2, 0xe5, - 0xa5, 0xb8, 0xc6, 0xdc, 0x74, 0x75, 0xd1, 0x6d, 0x31, 0x72, 0xd7, 0xdb, 0x0b, 0x27, 0x78, 0x41, - 0x4e, 0x4f, 0x6e, 0x8f, 0xa2, 0x03, 0x2e, 0xad, -}; - -const unsigned char test_ec_bp384r1_priv[] = { - 0x3d, 0xd9, 0x2e, 0x75, 0x0d, 0x90, 0xd7, 0xd3, 0x9f, 0xc1, 0x88, 0x5c, 0xd8, 0xad, 0x12, 0xea, - 0x94, 0x41, 0xf2, 0x2b, 0x93, 0x34, 0xb4, 0xd9, 0x65, 0x20, 0x2a, 0xdb, 0x14, 0x48, 0xce, 0x24, - 0xc5, 0x80, 0x8a, 0x85, 0xdd, 0x9a, 0xfc, 0x22, 0x9a, 0xf0, 0xa3, 0x12, 0x4f, 0x75, 0x5b, 0xcb, -}; - -const unsigned char test_ec_bp512r1_priv[] = { - 0x37, 0x2c, 0x97, 0x78, 0xf6, 0x9f, 0x72, 0x6c, 0xbc, 0xa3, 0xf4, 0xa2, 0x68, 0xf1, 0x6b, 0x4d, - 0x61, 0x7d, 0x10, 0x28, 0x0d, 0x79, 0xa6, 0xa0, 0x29, 0xcd, 0x51, 0x87, 0x9f, 0xe1, 0x01, 0x29, - 0x34, 0xdf, 0xe5, 0x39, 0x54, 0x55, 0x33, 0x7d, 0xf6, 0x90, 0x6d, 0xc7, 0xd6, 0xd2, 0xee, 0xa4, - 0xdb, 0xb2, 0x06, 0x5c, 0x02, 0x28, 0xf7, 0x3b, 0x3e, 0xd7, 0x16, 0x48, 0x0e, 0x7d, 0x71, 0xd2, -}; - -const unsigned char test_ec_bp160r1_pub[] = { - 0x04, 0xd4, 0xb9, 0x18, 0x68, 0x16, 0x35, 0x8e, 0x2f, 0x9c, 0x59, 0xcf, 0x70, 0x74, 0x8c, 0xb7, - 0x06, 0x41, 0xb2, 0x2f, 0xba, 0xb6, 0x54, 0x73, 0xdb, 0x4b, 0x4e, 0x22, 0xa3, 0x61, 0xed, 0x7e, - 0x3d, 0xe7, 0xe8, 0xa8, 0xdd, 0xc4, 0x13, 0x0c, 0x5c, -}; - -const unsigned char test_ec_bp192r1_pub[] = { - 0x04, 0x3f, 0xdd, 0x16, 0x8c, 0x17, 0x9f, 0xf5, 0x36, 0x3d, 0xd7, 0x1d, 0xcd, 0x58, 0xde, 0x96, - 0x17, 0xca, 0xad, 0x79, 0x1a, 0xe0, 0xc3, 0x73, 0x28, 0xbe, 0x9c, 0xa0, 0xbf, 0xc7, 0x9c, 0xeb, - 0xab, 0xf6, 0xa9, 0x5d, 0x1c, 0x52, 0xdf, 0x5b, 0x5f, 0x3c, 0x8b, 0x1a, 0x24, 0x41, 0xcf, 0x6c, - 0x88, -}; - -const unsigned char test_ec_bp224r1_pub[] = { - 0x04, 0x5f, 0xbe, 0xa3, 0x78, 0xfc, 0x85, 0x83, 0xb3, 0x83, 0x7e, 0x3f, 0x21, 0xa4, 0x57, 0xc3, - 0x1e, 0xaf, 0x20, 0xa5, 0x4e, 0x18, 0xeb, 0x11, 0xd1, 0x04, 0xb3, 0xad, 0xc4, 0x7f, 0x9d, 0x1c, - 0x97, 0xeb, 0x9e, 0xa4, 0xac, 0x21, 0x74, 0x0d, 0x70, 0xd8, 0x85, 0x14, 0xb9, 0x8b, 0xf0, 0xbc, - 0x31, 0xad, 0xda, 0xc1, 0xd1, 0x9c, 0x4a, 0xb3, 0xcc, -}; - const unsigned char test_ec_bp256r1_pub[] = { 0x04, 0x76, 0x8c, 0x8c, 0xae, 0x4a, 0xbc, 0xa6, 0x30, 0x6d, 0xb0, 0xed, 0x81, 0xb0, 0xc4, 0xa6, 0x21, 0x5c, 0x37, 0x80, 0x66, 0xec, 0x6d, 0x61, 0x6c, 0x14, 0x6e, 0x13, 0xf1, 0xc7, 0xdf, 0x80, @@ -180,15 +106,11 @@ const unsigned char test_ec_bp256r1_pub[] = { 0x1d, }; -const unsigned char test_ec_bp320r1_pub[] = { - 0x04, 0x9c, 0xae, 0xd8, 0xfb, 0x47, 0x42, 0x95, 0x6c, 0xc2, 0xad, 0x12, 0xa9, 0xa1, 0xc9, 0x95, - 0xe2, 0x17, 0x59, 0xef, 0x26, 0xa0, 0x7b, 0xc2, 0x05, 0x41, 0x36, 0xd3, 0xd2, 0xf2, 0x8b, 0xb3, - 0x31, 0xa7, 0x0e, 0x26, 0xc4, 0xc6, 0x87, 0x27, 0x5a, 0xb1, 0xf4, 0x34, 0xbe, 0x78, 0x71, 0xe1, - 0x15, 0xd2, 0x35, 0x0c, 0x0c, 0x5f, 0x61, 0xd4, 0xd0, 0x6d, 0x2b, 0xcd, 0xb6, 0x7f, 0x5c, 0xb6, - 0x3f, 0xdb, 0x79, 0x4e, 0x59, 0x47, 0xc8, 0x7d, 0xc6, 0x84, 0x9a, 0x58, 0x69, 0x4e, 0x37, 0xe6, - 0xcd, +const unsigned char test_ec_bp384r1_priv[] = { + 0x3d, 0xd9, 0x2e, 0x75, 0x0d, 0x90, 0xd7, 0xd3, 0x9f, 0xc1, 0x88, 0x5c, 0xd8, 0xad, 0x12, 0xea, + 0x94, 0x41, 0xf2, 0x2b, 0x93, 0x34, 0xb4, 0xd9, 0x65, 0x20, 0x2a, 0xdb, 0x14, 0x48, 0xce, 0x24, + 0xc5, 0x80, 0x8a, 0x85, 0xdd, 0x9a, 0xfc, 0x22, 0x9a, 0xf0, 0xa3, 0x12, 0x4f, 0x75, 0x5b, 0xcb, }; - const unsigned char test_ec_bp384r1_pub[] = { 0x04, 0x71, 0x9f, 0x9d, 0x09, 0x3a, 0x62, 0x7e, 0x0d, 0x35, 0x03, 0x85, 0xc6, 0x61, 0xce, 0xbf, 0x00, 0xc6, 0x19, 0x23, 0x56, 0x6f, 0xe9, 0x00, 0x6a, 0x31, 0x07, 0xaf, 0x1d, 0x87, 0x1b, 0xc6, @@ -199,6 +121,12 @@ const unsigned char test_ec_bp384r1_pub[] = { 0x6a, }; +const unsigned char test_ec_bp512r1_priv[] = { + 0x37, 0x2c, 0x97, 0x78, 0xf6, 0x9f, 0x72, 0x6c, 0xbc, 0xa3, 0xf4, 0xa2, 0x68, 0xf1, 0x6b, 0x4d, + 0x61, 0x7d, 0x10, 0x28, 0x0d, 0x79, 0xa6, 0xa0, 0x29, 0xcd, 0x51, 0x87, 0x9f, 0xe1, 0x01, 0x29, + 0x34, 0xdf, 0xe5, 0x39, 0x54, 0x55, 0x33, 0x7d, 0xf6, 0x90, 0x6d, 0xc7, 0xd6, 0xd2, 0xee, 0xa4, + 0xdb, 0xb2, 0x06, 0x5c, 0x02, 0x28, 0xf7, 0x3b, 0x3e, 0xd7, 0x16, 0x48, 0x0e, 0x7d, 0x71, 0xd2, +}; const unsigned char test_ec_bp512r1_pub[] = { 0x04, 0x38, 0xb7, 0xec, 0x92, 0xb6, 0x1c, 0x5c, 0x6c, 0x7f, 0xbc, 0x28, 0xa4, 0xec, 0x75, 0x9d, 0x48, 0xfc, 0xd4, 0xe2, 0xe3, 0x74, 0xde, 0xfd, 0x5c, 0x49, 0x68, 0xa5, 0x4d, 0xbe, 0xf7, 0x51, @@ -211,10 +139,14 @@ const unsigned char test_ec_bp512r1_pub[] = { 0x1a, }; -const unsigned char test_ec_curve255_priv[] = { +const unsigned char test_ec_curve25519_priv[] = { 0x70, 0x07, 0x6d, 0x0a, 0x73, 0x18, 0xa5, 0x7d, 0x3c, 0x16, 0xc1, 0x72, 0x51, 0xb2, 0x66, 0x45, 0xdf, 0x4c, 0x2f, 0x87, 0xeb, 0xc0, 0x99, 0x2a, 0xb1, 0x77, 0xfb, 0xa5, 0x1d, 0xb9, 0x2c, 0x6a, }; +const unsigned char test_ec_curve25519_pub[] = { + 0x85, 0x20, 0xf0, 0x09, 0x89, 0x30, 0xa7, 0x54, 0x74, 0x8b, 0x7d, 0xdc, 0xb4, 0x3e, 0xf7, 0x5a, + 0x0d, 0xbf, 0x3a, 0x0d, 0x26, 0x38, 0x1a, 0xf4, 0xeb, 0xa4, 0xa9, 0x8e, 0xaa, 0x9b, 0x4e, 0x6a, +}; const unsigned char test_ec_curve448_priv[] = { 0xe4, 0xe4, 0x9f, 0x52, 0x68, 0x6f, 0x9e, 0xe3, 0xb6, 0x38, 0x52, 0x8f, 0x72, 0x1f, 0x15, 0x96, @@ -222,12 +154,6 @@ const unsigned char test_ec_curve448_priv[] = { 0xeb, 0x1a, 0x28, 0x6d, 0xc7, 0x80, 0x18, 0x09, 0x5c, 0xdf, 0xec, 0x05, 0x0e, 0x80, 0x07, 0xb5, 0xf4, 0x90, 0x89, 0x62, 0xba, 0x20, 0xd6, 0xc1, }; - -const unsigned char test_ec_curve255_pub[] = { - 0x85, 0x20, 0xf0, 0x09, 0x89, 0x30, 0xa7, 0x54, 0x74, 0x8b, 0x7d, 0xdc, 0xb4, 0x3e, 0xf7, 0x5a, - 0x0d, 0xbf, 0x3a, 0x0d, 0x26, 0x38, 0x1a, 0xf4, 0xeb, 0xa4, 0xa9, 0x8e, 0xaa, 0x9b, 0x4e, 0x6a, -}; - const unsigned char test_ec_curve448_pub[] = { 0xc0, 0xd3, 0xa5, 0xa2, 0xb4, 0x16, 0xa5, 0x73, 0xdc, 0x99, 0x09, 0xf9, 0x2f, 0x13, 0x4a, 0xc0, 0x13, 0x23, 0xab, 0x8f, 0x8e, 0x36, 0x80, 0x4e, 0x57, 0x85, 0x88, 0xba, 0x2d, 0x09, 0xfe, 0x7c, @@ -276,6 +202,17 @@ const unsigned char test_rsa_1024_priv[] = { 0xba, 0xf2, 0x5b, 0xe5, 0x73, 0x8a, 0xae, 0x59, 0xbb, 0xfe, 0x1c, 0x99, 0x77, 0x81, 0x44, 0x7a, 0x2b, 0x24, }; +const unsigned char test_rsa_1024_pub[] = { + 0x30, 0x81, 0x89, 0x02, 0x81, 0x81, 0x00, 0xaf, 0x05, 0x7d, 0x39, 0x6e, 0xe8, 0x4f, 0xb7, 0x5f, + 0xdb, 0xb5, 0xc2, 0xb1, 0x3c, 0x7f, 0xe5, 0xa6, 0x54, 0xaa, 0x8a, 0xa2, 0x47, 0x0b, 0x54, 0x1e, + 0xe1, 0xfe, 0xb0, 0xb1, 0x2d, 0x25, 0xc7, 0x97, 0x11, 0x53, 0x12, 0x49, 0xe1, 0x12, 0x96, 0x28, + 0x04, 0x2d, 0xbb, 0xb6, 0xc1, 0x20, 0xd1, 0x44, 0x35, 0x24, 0xef, 0x4c, 0x0e, 0x6e, 0x1d, 0x89, + 0x56, 0xee, 0xb2, 0x07, 0x7a, 0xf1, 0x23, 0x49, 0xdd, 0xee, 0xe5, 0x44, 0x83, 0xbc, 0x06, 0xc2, + 0xc6, 0x19, 0x48, 0xcd, 0x02, 0xb2, 0x02, 0xe7, 0x96, 0xae, 0xbd, 0x94, 0xd3, 0xa7, 0xcb, 0xf8, + 0x59, 0xc2, 0xc1, 0x81, 0x9c, 0x32, 0x4c, 0xb8, 0x2b, 0x9c, 0xd3, 0x4e, 0xde, 0x26, 0x3a, 0x2a, + 0xbf, 0xfe, 0x47, 0x33, 0xf0, 0x77, 0x86, 0x9e, 0x86, 0x60, 0xf7, 0xd6, 0x83, 0x4d, 0xa5, 0x3d, + 0x69, 0x0e, 0xf7, 0x98, 0x5f, 0x6b, 0xc3, 0x02, 0x03, 0x01, 0x00, 0x01, +}; const unsigned char test_rsa_1026_priv[] = { 0x30, 0x82, 0x02, 0x5e, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x02, 0xd0, 0x96, 0x61, 0xfc, 0x74, @@ -318,6 +255,17 @@ const unsigned char test_rsa_1026_priv[] = { 0x08, 0x1e, 0x24, 0x0b, 0x6a, 0xe4, 0xe2, 0x71, 0x48, 0x87, 0xdd, 0x78, 0xda, 0xda, 0xeb, 0x0b, 0x92, 0x16, }; +const unsigned char test_rsa_1026_pub[] = { + 0x30, 0x81, 0x89, 0x02, 0x81, 0x81, 0x02, 0xd0, 0x96, 0x61, 0xfc, 0x74, 0x22, 0x4b, 0xa7, 0xbe, + 0x79, 0x07, 0xab, 0xef, 0x4f, 0x5e, 0x8b, 0xcc, 0x26, 0x4a, 0x80, 0x2c, 0x97, 0x8f, 0x7e, 0xaa, + 0x58, 0x55, 0xad, 0xa0, 0x54, 0x36, 0xd7, 0x5d, 0xb7, 0x68, 0xd2, 0x0f, 0x68, 0x59, 0x5d, 0xbc, + 0xc3, 0xd7, 0x25, 0xb1, 0x38, 0xe8, 0x0b, 0x24, 0x7e, 0x44, 0xa4, 0x16, 0x3a, 0x05, 0x42, 0xfa, + 0xb6, 0x12, 0xac, 0xbb, 0xde, 0x45, 0xf2, 0xe9, 0x38, 0x94, 0xaa, 0x25, 0x3b, 0xdd, 0xef, 0x6a, + 0x7b, 0xec, 0xdc, 0x9c, 0xc2, 0x9a, 0x99, 0xba, 0xcf, 0x48, 0xdc, 0x6e, 0x38, 0xdb, 0x7a, 0x33, + 0xe9, 0xac, 0x92, 0x4c, 0x52, 0x0f, 0xc6, 0xbe, 0x7d, 0x6e, 0x56, 0x46, 0xc1, 0xd6, 0x7f, 0xb8, + 0xb2, 0xb9, 0x7a, 0xc6, 0x0b, 0xee, 0xcc, 0x3b, 0xb8, 0xe7, 0x5b, 0xed, 0x83, 0x15, 0xaa, 0x3f, + 0xe4, 0x6f, 0x74, 0x8a, 0x66, 0xd6, 0xef, 0x02, 0x03, 0x01, 0x00, 0x01, +}; const unsigned char test_rsa_1028_priv[] = { 0x30, 0x82, 0x02, 0x5e, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x0e, 0x62, 0xa7, 0x6f, 0x0e, 0x0b, @@ -360,6 +308,17 @@ const unsigned char test_rsa_1028_priv[] = { 0x25, 0x03, 0x1b, 0x8d, 0x37, 0x9f, 0x38, 0x9d, 0xe2, 0x77, 0xa9, 0xa0, 0x13, 0x76, 0x51, 0xdf, 0x54, 0x8a, }; +const unsigned char test_rsa_1028_pub[] = { + 0x30, 0x81, 0x89, 0x02, 0x81, 0x81, 0x0e, 0x62, 0xa7, 0x6f, 0x0e, 0x0b, 0x59, 0x68, 0x3a, 0x7e, + 0xbf, 0x7c, 0xbf, 0xd3, 0x7b, 0x1d, 0x17, 0x81, 0xd8, 0xf1, 0xb9, 0x00, 0x60, 0x4b, 0x50, 0x7f, + 0x0f, 0x04, 0xc7, 0x2a, 0x3d, 0x34, 0x0d, 0x06, 0x7b, 0xcd, 0x53, 0xbe, 0xa3, 0xca, 0xff, 0x4e, + 0x4a, 0xe6, 0x94, 0xf0, 0xb6, 0xd8, 0xf5, 0x91, 0xa4, 0x16, 0x7f, 0xbf, 0x7f, 0x37, 0x2a, 0xb5, + 0x7e, 0x83, 0xa6, 0x9a, 0x3f, 0x26, 0xf4, 0x47, 0xbc, 0xf5, 0x82, 0xbc, 0x96, 0x21, 0xa3, 0x0a, + 0x3b, 0x44, 0xd6, 0xb4, 0x3e, 0x98, 0x6d, 0x1a, 0x86, 0x7b, 0x07, 0x48, 0x9e, 0x4f, 0x9b, 0xfc, + 0xad, 0xaa, 0x82, 0xa2, 0x78, 0x2d, 0xc2, 0x72, 0x9a, 0x63, 0x1f, 0xb1, 0xfb, 0x9f, 0xfb, 0x79, + 0x4b, 0x4e, 0x53, 0xc7, 0x62, 0x39, 0xe0, 0x4d, 0x4a, 0x8f, 0x80, 0x35, 0x25, 0x88, 0xdb, 0x29, + 0x46, 0x2d, 0xde, 0x18, 0x23, 0x7c, 0xf5, 0x02, 0x03, 0x01, 0x00, 0x01, +}; const unsigned char test_rsa_1030_priv[] = { 0x30, 0x82, 0x02, 0x5f, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x2b, 0x7c, 0xd1, 0x97, 0xf5, 0x79, @@ -402,6 +361,17 @@ const unsigned char test_rsa_1030_priv[] = { 0x32, 0x6a, 0x21, 0x42, 0xfc, 0xa4, 0x54, 0xbb, 0xd3, 0x8d, 0x6d, 0xbc, 0x6c, 0xaa, 0x7a, 0xc3, 0x35, 0xa1, 0x7c, }; +const unsigned char test_rsa_1030_pub[] = { + 0x30, 0x81, 0x89, 0x02, 0x81, 0x81, 0x2b, 0x7c, 0xd1, 0x97, 0xf5, 0x79, 0x6d, 0x1f, 0x8e, 0x57, + 0x6b, 0x2b, 0x37, 0x72, 0x3f, 0xd9, 0x21, 0x08, 0x14, 0xef, 0x1c, 0x19, 0x95, 0xf9, 0x89, 0x9d, + 0x50, 0x05, 0x8f, 0x37, 0x9d, 0x23, 0x9c, 0x66, 0x87, 0x8e, 0x92, 0x2f, 0x34, 0xc6, 0xae, 0x36, + 0x72, 0xc8, 0x59, 0x8f, 0xcd, 0x5d, 0x47, 0xb7, 0x64, 0xd2, 0xec, 0x15, 0x6e, 0x13, 0x4d, 0x03, + 0xcf, 0x6a, 0x94, 0xd3, 0x8d, 0x2e, 0xa8, 0xbc, 0x76, 0xdb, 0xbc, 0x60, 0xc4, 0xb9, 0x74, 0x21, + 0x90, 0x90, 0xea, 0xf2, 0x87, 0x49, 0x7d, 0x7d, 0xcf, 0x7f, 0x11, 0x9c, 0xfa, 0x86, 0x74, 0x96, + 0xf7, 0xe9, 0x1c, 0x12, 0xb5, 0xd5, 0x52, 0xe1, 0xd1, 0x46, 0x1a, 0x80, 0xdb, 0xe9, 0xa5, 0x9d, + 0xb3, 0xb0, 0x16, 0xc6, 0xc0, 0x14, 0x1c, 0x3b, 0x2a, 0x0e, 0x22, 0x60, 0x89, 0xb8, 0x55, 0xcb, + 0x88, 0xef, 0x65, 0x64, 0x08, 0xbd, 0x89, 0x02, 0x03, 0x01, 0x00, 0x01, +}; const unsigned char test_rsa_1536_priv[] = { 0x30, 0x82, 0x03, 0x7b, 0x02, 0x01, 0x00, 0x02, 0x81, 0xc1, 0x00, 0xc8, 0x70, 0xfe, 0xb6, 0xca, @@ -461,6 +431,21 @@ const unsigned char test_rsa_1536_priv[] = { 0x8a, 0xc2, 0x71, 0x0c, 0xb5, 0x87, 0x8b, 0x59, 0x2f, 0xfe, 0xb1, 0xf4, 0xf0, 0xa1, 0x85, 0x3e, 0x4e, 0x8d, 0x1d, 0x05, 0x61, 0xb6, 0xef, 0xcc, 0x83, 0x1a, 0x29, 0x6c, 0xf7, 0xee, 0xaf, }; +const unsigned char test_rsa_1536_pub[] = { + 0x30, 0x81, 0xc9, 0x02, 0x81, 0xc1, 0x00, 0xc8, 0x70, 0xfe, 0xb6, 0xca, 0x6b, 0x1d, 0x2b, 0xd9, + 0xf2, 0xdd, 0x99, 0xe2, 0x0f, 0x1f, 0xe2, 0xd7, 0xe5, 0x19, 0x2d, 0xe6, 0x62, 0x22, 0x9d, 0xbe, + 0x16, 0x2b, 0xd1, 0xba, 0x66, 0x33, 0x6a, 0x71, 0x82, 0x90, 0x3c, 0xa0, 0xb7, 0x27, 0x96, 0xcd, + 0x44, 0x1c, 0x83, 0xd2, 0x4b, 0xcd, 0xc3, 0xe9, 0xa2, 0xf5, 0xe4, 0x39, 0x9c, 0x8a, 0x04, 0x3f, + 0x1c, 0x3d, 0xdf, 0x04, 0x75, 0x4a, 0x66, 0xd4, 0xcf, 0xe7, 0xb3, 0x67, 0x1a, 0x37, 0xdd, 0x31, + 0xa9, 0xb4, 0xc1, 0x3b, 0xfe, 0x06, 0xee, 0x90, 0xf9, 0xd9, 0x4d, 0xda, 0xa0, 0x6d, 0xe6, 0x7a, + 0x52, 0xac, 0x86, 0x3e, 0x68, 0xf7, 0x56, 0x73, 0x6c, 0xeb, 0x01, 0x44, 0x05, 0xa6, 0x16, 0x05, + 0x79, 0x64, 0x0f, 0x83, 0x1d, 0xdd, 0xcc, 0xc3, 0x4a, 0xd0, 0xb0, 0x50, 0x70, 0xe3, 0xf9, 0x95, + 0x4a, 0x58, 0xd1, 0x81, 0x58, 0x13, 0xe1, 0xb8, 0x3b, 0xca, 0xdb, 0xa8, 0x14, 0x78, 0x9c, 0x87, + 0xf1, 0xef, 0x2b, 0xa5, 0xd7, 0x38, 0xb7, 0x93, 0xec, 0x45, 0x6a, 0x67, 0x36, 0x0e, 0xea, 0x1b, + 0x5f, 0xaf, 0x1c, 0x7c, 0xc7, 0xbf, 0x24, 0xf3, 0xb2, 0xa9, 0xd0, 0xf8, 0x95, 0x8b, 0x10, 0x96, + 0xe0, 0xf0, 0xc3, 0x35, 0xf8, 0x88, 0x8d, 0x0c, 0x63, 0xa5, 0x1c, 0x3c, 0x03, 0x37, 0x21, 0x4f, + 0xa3, 0xf5, 0xef, 0xdf, 0x6d, 0xcc, 0x35, 0x02, 0x03, 0x01, 0x00, 0x01, +}; const unsigned char test_rsa_2048_priv[] = { 0x30, 0x82, 0x04, 0xa3, 0x02, 0x01, 0x00, 0x02, 0x82, 0x01, 0x01, 0x00, 0xf7, 0xbb, 0x6b, 0x8e, @@ -539,6 +524,25 @@ const unsigned char test_rsa_2048_priv[] = { 0xbf, 0x08, 0x75, 0x2d, 0x40, 0xa8, 0x41, 0x9d, 0xe7, 0x1b, 0x01, 0xd4, 0x92, 0x7e, 0x27, 0xc1, 0x07, 0x9c, 0xaa, 0xda, 0x05, 0x68, 0xb1, }; +const unsigned char test_rsa_2048_pub[] = { + 0x30, 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00, 0xf7, 0xbb, 0x6b, 0x8e, 0xab, 0x40, 0x49, + 0x1c, 0xd6, 0x44, 0x55, 0xec, 0x04, 0xd4, 0xed, 0x8d, 0xb5, 0x05, 0x1a, 0x97, 0x38, 0xfc, 0x7a, + 0xf7, 0x3f, 0xf3, 0xb0, 0x97, 0x51, 0x1c, 0xce, 0x40, 0xaa, 0xf7, 0x65, 0x37, 0xb1, 0x35, 0x35, + 0x04, 0x42, 0x79, 0x86, 0xb7, 0xb2, 0xb5, 0x3a, 0x96, 0x4a, 0x69, 0x37, 0xb5, 0x58, 0xec, 0x0d, + 0x1d, 0xea, 0x27, 0x4a, 0xf2, 0xb8, 0xff, 0xf2, 0xf0, 0x94, 0xc2, 0x43, 0xfa, 0x57, 0x72, 0x66, + 0xa7, 0x9d, 0xb0, 0xc2, 0x6f, 0xfe, 0x30, 0x41, 0x6d, 0x23, 0xef, 0x05, 0xdd, 0x5f, 0xec, 0xab, + 0x41, 0x3e, 0xbb, 0xb4, 0xf8, 0x52, 0x6a, 0xe7, 0x20, 0xa9, 0x45, 0x84, 0x22, 0x6b, 0x37, 0xd9, + 0x2e, 0xf4, 0x63, 0xfc, 0x73, 0x6c, 0xb3, 0x8e, 0x53, 0x0e, 0x74, 0x88, 0xd9, 0x16, 0x2f, 0x57, + 0x26, 0x80, 0x7b, 0xc5, 0x43, 0x13, 0x8a, 0x2d, 0x25, 0x8a, 0xdb, 0x4d, 0x68, 0x02, 0x21, 0xc2, + 0x53, 0x23, 0x81, 0xcc, 0xfa, 0x81, 0xbc, 0x89, 0xbc, 0x3d, 0x7b, 0x84, 0x03, 0x9c, 0x2d, 0xf4, + 0x1c, 0xe3, 0xec, 0x8d, 0xb9, 0x1c, 0x23, 0x80, 0xe7, 0x81, 0xba, 0x3a, 0xa9, 0xe2, 0x3b, 0x74, + 0xed, 0x99, 0x73, 0xd4, 0x90, 0x8e, 0xfc, 0xa4, 0x7a, 0xa8, 0xd9, 0xb7, 0xb0, 0xa4, 0x42, 0x32, + 0x97, 0xa4, 0x04, 0x42, 0x7c, 0x3f, 0x3c, 0xd6, 0xe0, 0x78, 0x2e, 0x45, 0x53, 0x88, 0x0f, 0x06, + 0xba, 0x39, 0xa6, 0x4f, 0x4a, 0x7b, 0x0e, 0xef, 0x92, 0x1a, 0x60, 0x50, 0xa2, 0x07, 0xce, 0xfa, + 0xdc, 0xf0, 0x73, 0x94, 0xa3, 0xe1, 0x8e, 0xa9, 0x15, 0xdc, 0x84, 0x97, 0xe7, 0xae, 0x61, 0xfc, + 0x31, 0x62, 0xf6, 0x2f, 0x50, 0x65, 0xa6, 0x92, 0xaf, 0x07, 0x72, 0x66, 0xf7, 0x36, 0x0c, 0x20, + 0x76, 0xce, 0xbe, 0xaf, 0x14, 0xcb, 0x22, 0xc1, 0xed, 0x02, 0x03, 0x01, 0x00, 0x01, +}; const unsigned char test_rsa_4096_priv[] = { 0x30, 0x82, 0x09, 0x29, 0x02, 0x01, 0x00, 0x02, 0x82, 0x02, 0x01, 0x00, 0xcc, 0x87, 0x25, 0xf6, @@ -689,91 +693,6 @@ const unsigned char test_rsa_4096_priv[] = { 0x2f, 0x20, 0xc0, 0x05, 0xa2, 0x51, 0x9e, 0x3a, 0x87, 0x41, 0x46, 0x49, 0x5d, 0x7a, 0xac, 0xf3, 0x41, 0x6a, 0x42, 0x2e, 0x56, 0x09, 0x86, 0xf2, 0x2f, 0x39, 0x45, 0x6e, 0x7f, }; - -const unsigned char test_rsa_1024_pub[] = { - 0x30, 0x81, 0x89, 0x02, 0x81, 0x81, 0x00, 0xaf, 0x05, 0x7d, 0x39, 0x6e, 0xe8, 0x4f, 0xb7, 0x5f, - 0xdb, 0xb5, 0xc2, 0xb1, 0x3c, 0x7f, 0xe5, 0xa6, 0x54, 0xaa, 0x8a, 0xa2, 0x47, 0x0b, 0x54, 0x1e, - 0xe1, 0xfe, 0xb0, 0xb1, 0x2d, 0x25, 0xc7, 0x97, 0x11, 0x53, 0x12, 0x49, 0xe1, 0x12, 0x96, 0x28, - 0x04, 0x2d, 0xbb, 0xb6, 0xc1, 0x20, 0xd1, 0x44, 0x35, 0x24, 0xef, 0x4c, 0x0e, 0x6e, 0x1d, 0x89, - 0x56, 0xee, 0xb2, 0x07, 0x7a, 0xf1, 0x23, 0x49, 0xdd, 0xee, 0xe5, 0x44, 0x83, 0xbc, 0x06, 0xc2, - 0xc6, 0x19, 0x48, 0xcd, 0x02, 0xb2, 0x02, 0xe7, 0x96, 0xae, 0xbd, 0x94, 0xd3, 0xa7, 0xcb, 0xf8, - 0x59, 0xc2, 0xc1, 0x81, 0x9c, 0x32, 0x4c, 0xb8, 0x2b, 0x9c, 0xd3, 0x4e, 0xde, 0x26, 0x3a, 0x2a, - 0xbf, 0xfe, 0x47, 0x33, 0xf0, 0x77, 0x86, 0x9e, 0x86, 0x60, 0xf7, 0xd6, 0x83, 0x4d, 0xa5, 0x3d, - 0x69, 0x0e, 0xf7, 0x98, 0x5f, 0x6b, 0xc3, 0x02, 0x03, 0x01, 0x00, 0x01, -}; - -const unsigned char test_rsa_1026_pub[] = { - 0x30, 0x81, 0x89, 0x02, 0x81, 0x81, 0x02, 0xd0, 0x96, 0x61, 0xfc, 0x74, 0x22, 0x4b, 0xa7, 0xbe, - 0x79, 0x07, 0xab, 0xef, 0x4f, 0x5e, 0x8b, 0xcc, 0x26, 0x4a, 0x80, 0x2c, 0x97, 0x8f, 0x7e, 0xaa, - 0x58, 0x55, 0xad, 0xa0, 0x54, 0x36, 0xd7, 0x5d, 0xb7, 0x68, 0xd2, 0x0f, 0x68, 0x59, 0x5d, 0xbc, - 0xc3, 0xd7, 0x25, 0xb1, 0x38, 0xe8, 0x0b, 0x24, 0x7e, 0x44, 0xa4, 0x16, 0x3a, 0x05, 0x42, 0xfa, - 0xb6, 0x12, 0xac, 0xbb, 0xde, 0x45, 0xf2, 0xe9, 0x38, 0x94, 0xaa, 0x25, 0x3b, 0xdd, 0xef, 0x6a, - 0x7b, 0xec, 0xdc, 0x9c, 0xc2, 0x9a, 0x99, 0xba, 0xcf, 0x48, 0xdc, 0x6e, 0x38, 0xdb, 0x7a, 0x33, - 0xe9, 0xac, 0x92, 0x4c, 0x52, 0x0f, 0xc6, 0xbe, 0x7d, 0x6e, 0x56, 0x46, 0xc1, 0xd6, 0x7f, 0xb8, - 0xb2, 0xb9, 0x7a, 0xc6, 0x0b, 0xee, 0xcc, 0x3b, 0xb8, 0xe7, 0x5b, 0xed, 0x83, 0x15, 0xaa, 0x3f, - 0xe4, 0x6f, 0x74, 0x8a, 0x66, 0xd6, 0xef, 0x02, 0x03, 0x01, 0x00, 0x01, -}; - -const unsigned char test_rsa_1028_pub[] = { - 0x30, 0x81, 0x89, 0x02, 0x81, 0x81, 0x0e, 0x62, 0xa7, 0x6f, 0x0e, 0x0b, 0x59, 0x68, 0x3a, 0x7e, - 0xbf, 0x7c, 0xbf, 0xd3, 0x7b, 0x1d, 0x17, 0x81, 0xd8, 0xf1, 0xb9, 0x00, 0x60, 0x4b, 0x50, 0x7f, - 0x0f, 0x04, 0xc7, 0x2a, 0x3d, 0x34, 0x0d, 0x06, 0x7b, 0xcd, 0x53, 0xbe, 0xa3, 0xca, 0xff, 0x4e, - 0x4a, 0xe6, 0x94, 0xf0, 0xb6, 0xd8, 0xf5, 0x91, 0xa4, 0x16, 0x7f, 0xbf, 0x7f, 0x37, 0x2a, 0xb5, - 0x7e, 0x83, 0xa6, 0x9a, 0x3f, 0x26, 0xf4, 0x47, 0xbc, 0xf5, 0x82, 0xbc, 0x96, 0x21, 0xa3, 0x0a, - 0x3b, 0x44, 0xd6, 0xb4, 0x3e, 0x98, 0x6d, 0x1a, 0x86, 0x7b, 0x07, 0x48, 0x9e, 0x4f, 0x9b, 0xfc, - 0xad, 0xaa, 0x82, 0xa2, 0x78, 0x2d, 0xc2, 0x72, 0x9a, 0x63, 0x1f, 0xb1, 0xfb, 0x9f, 0xfb, 0x79, - 0x4b, 0x4e, 0x53, 0xc7, 0x62, 0x39, 0xe0, 0x4d, 0x4a, 0x8f, 0x80, 0x35, 0x25, 0x88, 0xdb, 0x29, - 0x46, 0x2d, 0xde, 0x18, 0x23, 0x7c, 0xf5, 0x02, 0x03, 0x01, 0x00, 0x01, -}; - -const unsigned char test_rsa_1030_pub[] = { - 0x30, 0x81, 0x89, 0x02, 0x81, 0x81, 0x2b, 0x7c, 0xd1, 0x97, 0xf5, 0x79, 0x6d, 0x1f, 0x8e, 0x57, - 0x6b, 0x2b, 0x37, 0x72, 0x3f, 0xd9, 0x21, 0x08, 0x14, 0xef, 0x1c, 0x19, 0x95, 0xf9, 0x89, 0x9d, - 0x50, 0x05, 0x8f, 0x37, 0x9d, 0x23, 0x9c, 0x66, 0x87, 0x8e, 0x92, 0x2f, 0x34, 0xc6, 0xae, 0x36, - 0x72, 0xc8, 0x59, 0x8f, 0xcd, 0x5d, 0x47, 0xb7, 0x64, 0xd2, 0xec, 0x15, 0x6e, 0x13, 0x4d, 0x03, - 0xcf, 0x6a, 0x94, 0xd3, 0x8d, 0x2e, 0xa8, 0xbc, 0x76, 0xdb, 0xbc, 0x60, 0xc4, 0xb9, 0x74, 0x21, - 0x90, 0x90, 0xea, 0xf2, 0x87, 0x49, 0x7d, 0x7d, 0xcf, 0x7f, 0x11, 0x9c, 0xfa, 0x86, 0x74, 0x96, - 0xf7, 0xe9, 0x1c, 0x12, 0xb5, 0xd5, 0x52, 0xe1, 0xd1, 0x46, 0x1a, 0x80, 0xdb, 0xe9, 0xa5, 0x9d, - 0xb3, 0xb0, 0x16, 0xc6, 0xc0, 0x14, 0x1c, 0x3b, 0x2a, 0x0e, 0x22, 0x60, 0x89, 0xb8, 0x55, 0xcb, - 0x88, 0xef, 0x65, 0x64, 0x08, 0xbd, 0x89, 0x02, 0x03, 0x01, 0x00, 0x01, -}; - -const unsigned char test_rsa_1536_pub[] = { - 0x30, 0x81, 0xc9, 0x02, 0x81, 0xc1, 0x00, 0xc8, 0x70, 0xfe, 0xb6, 0xca, 0x6b, 0x1d, 0x2b, 0xd9, - 0xf2, 0xdd, 0x99, 0xe2, 0x0f, 0x1f, 0xe2, 0xd7, 0xe5, 0x19, 0x2d, 0xe6, 0x62, 0x22, 0x9d, 0xbe, - 0x16, 0x2b, 0xd1, 0xba, 0x66, 0x33, 0x6a, 0x71, 0x82, 0x90, 0x3c, 0xa0, 0xb7, 0x27, 0x96, 0xcd, - 0x44, 0x1c, 0x83, 0xd2, 0x4b, 0xcd, 0xc3, 0xe9, 0xa2, 0xf5, 0xe4, 0x39, 0x9c, 0x8a, 0x04, 0x3f, - 0x1c, 0x3d, 0xdf, 0x04, 0x75, 0x4a, 0x66, 0xd4, 0xcf, 0xe7, 0xb3, 0x67, 0x1a, 0x37, 0xdd, 0x31, - 0xa9, 0xb4, 0xc1, 0x3b, 0xfe, 0x06, 0xee, 0x90, 0xf9, 0xd9, 0x4d, 0xda, 0xa0, 0x6d, 0xe6, 0x7a, - 0x52, 0xac, 0x86, 0x3e, 0x68, 0xf7, 0x56, 0x73, 0x6c, 0xeb, 0x01, 0x44, 0x05, 0xa6, 0x16, 0x05, - 0x79, 0x64, 0x0f, 0x83, 0x1d, 0xdd, 0xcc, 0xc3, 0x4a, 0xd0, 0xb0, 0x50, 0x70, 0xe3, 0xf9, 0x95, - 0x4a, 0x58, 0xd1, 0x81, 0x58, 0x13, 0xe1, 0xb8, 0x3b, 0xca, 0xdb, 0xa8, 0x14, 0x78, 0x9c, 0x87, - 0xf1, 0xef, 0x2b, 0xa5, 0xd7, 0x38, 0xb7, 0x93, 0xec, 0x45, 0x6a, 0x67, 0x36, 0x0e, 0xea, 0x1b, - 0x5f, 0xaf, 0x1c, 0x7c, 0xc7, 0xbf, 0x24, 0xf3, 0xb2, 0xa9, 0xd0, 0xf8, 0x95, 0x8b, 0x10, 0x96, - 0xe0, 0xf0, 0xc3, 0x35, 0xf8, 0x88, 0x8d, 0x0c, 0x63, 0xa5, 0x1c, 0x3c, 0x03, 0x37, 0x21, 0x4f, - 0xa3, 0xf5, 0xef, 0xdf, 0x6d, 0xcc, 0x35, 0x02, 0x03, 0x01, 0x00, 0x01, -}; - -const unsigned char test_rsa_2048_pub[] = { - 0x30, 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00, 0xf7, 0xbb, 0x6b, 0x8e, 0xab, 0x40, 0x49, - 0x1c, 0xd6, 0x44, 0x55, 0xec, 0x04, 0xd4, 0xed, 0x8d, 0xb5, 0x05, 0x1a, 0x97, 0x38, 0xfc, 0x7a, - 0xf7, 0x3f, 0xf3, 0xb0, 0x97, 0x51, 0x1c, 0xce, 0x40, 0xaa, 0xf7, 0x65, 0x37, 0xb1, 0x35, 0x35, - 0x04, 0x42, 0x79, 0x86, 0xb7, 0xb2, 0xb5, 0x3a, 0x96, 0x4a, 0x69, 0x37, 0xb5, 0x58, 0xec, 0x0d, - 0x1d, 0xea, 0x27, 0x4a, 0xf2, 0xb8, 0xff, 0xf2, 0xf0, 0x94, 0xc2, 0x43, 0xfa, 0x57, 0x72, 0x66, - 0xa7, 0x9d, 0xb0, 0xc2, 0x6f, 0xfe, 0x30, 0x41, 0x6d, 0x23, 0xef, 0x05, 0xdd, 0x5f, 0xec, 0xab, - 0x41, 0x3e, 0xbb, 0xb4, 0xf8, 0x52, 0x6a, 0xe7, 0x20, 0xa9, 0x45, 0x84, 0x22, 0x6b, 0x37, 0xd9, - 0x2e, 0xf4, 0x63, 0xfc, 0x73, 0x6c, 0xb3, 0x8e, 0x53, 0x0e, 0x74, 0x88, 0xd9, 0x16, 0x2f, 0x57, - 0x26, 0x80, 0x7b, 0xc5, 0x43, 0x13, 0x8a, 0x2d, 0x25, 0x8a, 0xdb, 0x4d, 0x68, 0x02, 0x21, 0xc2, - 0x53, 0x23, 0x81, 0xcc, 0xfa, 0x81, 0xbc, 0x89, 0xbc, 0x3d, 0x7b, 0x84, 0x03, 0x9c, 0x2d, 0xf4, - 0x1c, 0xe3, 0xec, 0x8d, 0xb9, 0x1c, 0x23, 0x80, 0xe7, 0x81, 0xba, 0x3a, 0xa9, 0xe2, 0x3b, 0x74, - 0xed, 0x99, 0x73, 0xd4, 0x90, 0x8e, 0xfc, 0xa4, 0x7a, 0xa8, 0xd9, 0xb7, 0xb0, 0xa4, 0x42, 0x32, - 0x97, 0xa4, 0x04, 0x42, 0x7c, 0x3f, 0x3c, 0xd6, 0xe0, 0x78, 0x2e, 0x45, 0x53, 0x88, 0x0f, 0x06, - 0xba, 0x39, 0xa6, 0x4f, 0x4a, 0x7b, 0x0e, 0xef, 0x92, 0x1a, 0x60, 0x50, 0xa2, 0x07, 0xce, 0xfa, - 0xdc, 0xf0, 0x73, 0x94, 0xa3, 0xe1, 0x8e, 0xa9, 0x15, 0xdc, 0x84, 0x97, 0xe7, 0xae, 0x61, 0xfc, - 0x31, 0x62, 0xf6, 0x2f, 0x50, 0x65, 0xa6, 0x92, 0xaf, 0x07, 0x72, 0x66, 0xf7, 0x36, 0x0c, 0x20, - 0x76, 0xce, 0xbe, 0xaf, 0x14, 0xcb, 0x22, 0xc1, 0xed, 0x02, 0x03, 0x01, 0x00, 0x01, -}; - const unsigned char test_rsa_4096_pub[] = { 0x30, 0x82, 0x02, 0x0a, 0x02, 0x82, 0x02, 0x01, 0x00, 0xcc, 0x87, 0x25, 0xf6, 0xb3, 0x8d, 0x5d, 0x01, 0xae, 0xeb, 0x07, 0xd3, 0x6e, 0x03, 0xde, 0x4d, 0x31, 0xa0, 0x26, 0x1c, 0xe7, 0x4f, 0xe1, @@ -809,3 +728,72 @@ const unsigned char test_rsa_4096_pub[] = { 0xf9, 0x34, 0xe2, 0xb4, 0x0f, 0xde, 0xbb, 0xa3, 0xd9, 0x70, 0x1b, 0x76, 0xe1, 0xbe, 0x54, 0x82, 0x74, 0xb2, 0x60, 0x2d, 0x88, 0x85, 0x37, 0x48, 0x2d, 0x02, 0x03, 0x01, 0x00, 0x01, }; + +struct predefined_key_element { + int is_ec; // 1 for EC keys; 0 for RSA + int curve_or_keybits; + const unsigned char *priv_key; + size_t priv_key_len; + const unsigned char *pub_key; + size_t pub_key_len; +}; + +struct predefined_key_element predefined_keys[] = { + { 1, MBEDTLS_ECP_DP_SECP192K1, + test_ec_secp192k1_priv, sizeof(test_ec_secp192k1_priv), + test_ec_secp192k1_pub, sizeof(test_ec_secp192k1_pub) }, + { 1, MBEDTLS_ECP_DP_SECP256K1, + test_ec_secp256k1_priv, sizeof(test_ec_secp256k1_priv), + test_ec_secp256k1_pub, sizeof(test_ec_secp256k1_pub) }, + { 1, MBEDTLS_ECP_DP_SECP192R1, + test_ec_secp192r1_priv, sizeof(test_ec_secp192r1_priv), + test_ec_secp192r1_pub, sizeof(test_ec_secp192r1_pub) }, + { 1, MBEDTLS_ECP_DP_SECP224R1, + test_ec_secp224r1_priv, sizeof(test_ec_secp224r1_priv), + test_ec_secp224r1_pub, sizeof(test_ec_secp224r1_pub) }, + { 1, MBEDTLS_ECP_DP_SECP256R1, + test_ec_secp256r1_priv, sizeof(test_ec_secp256r1_priv), + test_ec_secp256r1_pub, sizeof(test_ec_secp256r1_pub) }, + { 1, MBEDTLS_ECP_DP_SECP384R1, + test_ec_secp384r1_priv, sizeof(test_ec_secp384r1_priv), + test_ec_secp384r1_pub, sizeof(test_ec_secp384r1_pub) }, + { 1, MBEDTLS_ECP_DP_SECP521R1, + test_ec_secp521r1_priv, sizeof(test_ec_secp521r1_priv), + test_ec_secp521r1_pub, sizeof(test_ec_secp521r1_pub) }, + { 1, MBEDTLS_ECP_DP_BP256R1, + test_ec_bp256r1_priv, sizeof(test_ec_bp256r1_priv), + test_ec_bp256r1_pub, sizeof(test_ec_bp256r1_pub) }, + { 1, MBEDTLS_ECP_DP_BP384R1, + test_ec_bp384r1_priv, sizeof(test_ec_bp384r1_priv), + test_ec_bp384r1_pub, sizeof(test_ec_bp384r1_pub) }, + { 1, MBEDTLS_ECP_DP_BP512R1, + test_ec_bp512r1_priv, sizeof(test_ec_bp512r1_priv), + test_ec_bp512r1_pub, sizeof(test_ec_bp512r1_pub) }, + { 1, MBEDTLS_ECP_DP_CURVE25519, + test_ec_curve25519_priv, sizeof(test_ec_curve25519_priv), + test_ec_curve25519_pub, sizeof(test_ec_curve25519_pub) }, + { 1, MBEDTLS_ECP_DP_CURVE448, + test_ec_curve448_priv, sizeof(test_ec_curve448_priv), + test_ec_curve448_pub, sizeof(test_ec_curve448_pub) }, + { 0, 1024, + test_rsa_1024_priv, sizeof(test_rsa_1024_priv), + test_rsa_1024_pub, sizeof(test_rsa_1024_pub) }, + { 0, 1026, + test_rsa_1026_priv, sizeof(test_rsa_1026_priv), + test_rsa_1026_pub, sizeof(test_rsa_1026_pub) }, + { 0, 1028, + test_rsa_1028_priv, sizeof(test_rsa_1028_priv), + test_rsa_1028_pub, sizeof(test_rsa_1028_pub) }, + { 0, 1030, + test_rsa_1030_priv, sizeof(test_rsa_1030_priv), + test_rsa_1030_pub, sizeof(test_rsa_1030_pub) }, + { 0, 1536, + test_rsa_1536_priv, sizeof(test_rsa_1536_priv), + test_rsa_1536_pub, sizeof(test_rsa_1536_pub) }, + { 0, 2048, + test_rsa_2048_priv, sizeof(test_rsa_2048_priv), + test_rsa_2048_pub, sizeof(test_rsa_2048_pub) }, + { 0, 4096, + test_rsa_4096_priv, sizeof(test_rsa_4096_priv), + test_rsa_4096_pub, sizeof(test_rsa_4096_pub) }, +}; diff --git a/tests/suites/test_suite_pk.function b/tests/suites/test_suite_pk.function index 72bc0082e4..e853ca15ce 100644 --- a/tests/suites/test_suite_pk.function +++ b/tests/suites/test_suite_pk.function @@ -185,65 +185,20 @@ #endif #include <../src/test_keys.h> -struct key_lut_element { - int curve_or_keybits; - const unsigned char *key; - size_t key_len; - const unsigned char *pub_key; - size_t pub_key_len; -}; -struct key_lut_element keys_lut[] = { - { 1024, test_rsa_1024_priv, sizeof(test_rsa_1024_priv), - test_rsa_1024_pub, sizeof(test_rsa_1024_pub) }, - { 1026, test_rsa_1026_priv, sizeof(test_rsa_1026_priv), - test_rsa_1026_pub, sizeof(test_rsa_1026_pub) }, - { 1028, test_rsa_1028_priv, sizeof(test_rsa_1028_priv), - test_rsa_1028_pub, sizeof(test_rsa_1028_pub) }, - { 1030, test_rsa_1030_priv, sizeof(test_rsa_1030_priv), - test_rsa_1030_pub, sizeof(test_rsa_1030_pub) }, - { 2048, test_rsa_2048_priv, sizeof(test_rsa_2048_priv), - test_rsa_2048_pub, sizeof(test_rsa_2048_pub) }, - { 4096, test_rsa_4096_priv, sizeof(test_rsa_4096_priv), - test_rsa_4096_pub, sizeof(test_rsa_4096_pub) }, - { MBEDTLS_ECP_DP_SECP192R1, test_ec_secp192r1_priv, sizeof(test_ec_secp192r1_priv), - test_ec_secp192r1_pub, sizeof(test_ec_secp192r1_pub) }, - { MBEDTLS_ECP_DP_SECP224R1, test_ec_secp224r1_priv, sizeof(test_ec_secp224r1_priv), - test_ec_secp224r1_pub, sizeof(test_ec_secp224r1_pub) }, - { MBEDTLS_ECP_DP_SECP256R1, test_ec_secp256r1_priv, sizeof(test_ec_secp256r1_priv), - test_ec_secp256r1_pub, sizeof(test_ec_secp256r1_pub) }, - { MBEDTLS_ECP_DP_SECP384R1, test_ec_secp384r1_priv, sizeof(test_ec_secp384r1_priv), - test_ec_secp384r1_pub, sizeof(test_ec_secp384r1_pub) }, - { MBEDTLS_ECP_DP_SECP521R1, test_ec_secp521r1_priv, sizeof(test_ec_secp521r1_priv), - test_ec_secp521r1_pub, sizeof(test_ec_secp521r1_pub) }, - { MBEDTLS_ECP_DP_BP256R1, test_ec_bp256r1_priv, sizeof(test_ec_bp256r1_priv), - test_ec_bp256r1_pub, sizeof(test_ec_bp256r1_pub) }, - { MBEDTLS_ECP_DP_BP384R1, test_ec_bp384r1_priv, sizeof(test_ec_bp384r1_priv), - test_ec_bp384r1_pub, sizeof(test_ec_bp384r1_pub) }, - { MBEDTLS_ECP_DP_BP512R1, test_ec_bp512r1_priv, sizeof(test_ec_bp512r1_priv), - test_ec_bp512r1_pub, sizeof(test_ec_bp512r1_pub) }, - { MBEDTLS_ECP_DP_CURVE25519, test_ec_curve255_priv, sizeof(test_ec_curve255_priv), - test_ec_curve255_pub, sizeof(test_ec_curve255_pub) }, - { MBEDTLS_ECP_DP_SECP192K1, test_ec_secp192k1_priv, sizeof(test_ec_secp192k1_priv), - test_ec_secp192k1_pub, sizeof(test_ec_secp192k1_pub) }, - { MBEDTLS_ECP_DP_SECP256K1, test_ec_secp256k1_priv, sizeof(test_ec_secp256k1_priv), - test_ec_secp256k1_pub, sizeof(test_ec_secp256k1_pub) }, - { MBEDTLS_ECP_DP_CURVE448, test_ec_curve448_priv, sizeof(test_ec_curve448_priv), - test_ec_curve448_pub, sizeof(test_ec_curve448_pub) }, -}; - -static int get_predefined_key_data(int curve_or_keybits, +static int get_predefined_key_data(int is_ec, int curve_or_keybits, const unsigned char **key, size_t *key_len, const unsigned char **pub_key, size_t *pub_key_len) { size_t i; - for (i = 0; i < ARRAY_LENGTH(keys_lut); i++) { - if (curve_or_keybits == keys_lut[i].curve_or_keybits) { - *key = keys_lut[i].key; - *key_len = keys_lut[i].key_len; + for (i = 0; i < ARRAY_LENGTH(predefined_keys); i++) { + if ((is_ec == predefined_keys[i].is_ec) && + (curve_or_keybits == predefined_keys[i].curve_or_keybits)) { + *key = predefined_keys[i].priv_key; + *key_len = predefined_keys[i].priv_key_len; if (pub_key != NULL) { - *pub_key = keys_lut[i].pub_key; - *pub_key_len = keys_lut[i].pub_key_len; + *pub_key = predefined_keys[i].pub_key; + *pub_key_len = predefined_keys[i].pub_key_len; } return 0; } @@ -301,12 +256,12 @@ static int pk_genkey(mbedtls_pk_context *pk, mbedtls_pk_type_t pk_type, int curv int ret = MBEDTLS_ERR_PK_BAD_INPUT_DATA; if (pk_type == MBEDTLS_PK_RSA) { - TEST_EQUAL(get_predefined_key_data(curve_or_keybits, &key_data, &key_data_len, + TEST_EQUAL(get_predefined_key_data(0, curve_or_keybits, &key_data, &key_data_len, NULL, 0), 0); TEST_EQUAL(mbedtls_pk_parse_key(pk, key_data, key_data_len, NULL, 0, mbedtls_test_rnd_std_rand, NULL), 0); } else { - TEST_EQUAL(get_predefined_key_data(curve_or_keybits, &key_data, &key_data_len, + TEST_EQUAL(get_predefined_key_data(1, curve_or_keybits, &key_data, &key_data_len, &pub_key_data, &pub_key_data_len), 0); TEST_EQUAL(mbedtls_pk_setup(pk, mbedtls_pk_info_from_type(pk_type)), 0); #if defined(MBEDTLS_PK_USE_PSA_EC_DATA) @@ -368,12 +323,12 @@ psa_status_t pk_psa_genkey(psa_key_type_t type, size_t bits, size_t key_data_size = 0; if (PSA_KEY_TYPE_IS_RSA(type)) { - TEST_EQUAL(get_predefined_key_data(bits, &key_data, &key_data_size, NULL, 0), 0); + TEST_EQUAL(get_predefined_key_data(0, bits, &key_data, &key_data_size, NULL, 0), 0); } else { #if defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) mbedtls_ecp_group_id grp_id; grp_id = mbedtls_ecc_group_from_psa(PSA_KEY_TYPE_ECC_GET_FAMILY(type), bits); - TEST_EQUAL(get_predefined_key_data(grp_id, &key_data, &key_data_size, NULL, 0), 0); + TEST_EQUAL(get_predefined_key_data(1, grp_id, &key_data, &key_data_size, NULL, 0), 0); #else /* PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY */ TEST_FAIL("EC keys are not supported"); #endif /* PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY */ From 91fdff096e99da3542135353a5a0657b0cde309b Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Tue, 16 Apr 2024 14:22:31 +0200 Subject: [PATCH 108/429] test_suite_pk: fix get_predefined_key_data() return value Signed-off-by: Valerio Setti --- tests/suites/test_suite_pk.function | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/tests/suites/test_suite_pk.function b/tests/suites/test_suite_pk.function index e853ca15ce..81c0f02a35 100644 --- a/tests/suites/test_suite_pk.function +++ b/tests/suites/test_suite_pk.function @@ -204,7 +204,10 @@ static int get_predefined_key_data(int is_ec, int curve_or_keybits, } } - return MBEDTLS_ERR_PK_BAD_INPUT_DATA; + TEST_FAIL("Unsupported key"); + /* "exit" label is to make the compiler happy. */ +exit: + return MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE; } #if defined(MBEDTLS_PSA_CRYPTO_C) From 1f6dab7c24317842c4054ab49536f2129756b682 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Tue, 16 Apr 2024 14:44:36 +0200 Subject: [PATCH 109/429] test_suite_pk: rename pk_genkey() and pk_psa_genkey() - pk_genkey -> pk_setup - pk_psa_genkey -> pk_psa_setup Signed-off-by: Valerio Setti --- tests/suites/test_suite_pk.function | 95 ++++++++++++++--------------- 1 file changed, 45 insertions(+), 50 deletions(-) diff --git a/tests/suites/test_suite_pk.function b/tests/suites/test_suite_pk.function index 81c0f02a35..14e87ea476 100644 --- a/tests/suites/test_suite_pk.function +++ b/tests/suites/test_suite_pk.function @@ -232,15 +232,10 @@ psa_status_t pk_psa_import_key(const unsigned char *key_data, size_t key_len, #endif /* MBEDTLS_PSA_CRYPTO_C */ #if defined(MBEDTLS_PK_PARSE_C) -/** Fill the provided PK context with a proper key. +/** Setup the provided PK context. * - * This is a fake implementation of key generation because instead of generating - * a new key every time, we use predefined ones to speed up testing. - * - * These keys are taken from "test/src/test_keys.h" which is automatically - * generated using "tests/scripts/generate_test_keys.py". Therefore if new - * EC curves or RSA key bits need to be tested, please update "test_keys.h" - * using this script. + * Predefined keys used for the setup are taken from "test/src/test_keys.h" + * which is automatically generated using "tests/scripts/generate_test_keys.py". * * \param pk The PK object to fill. It must have been initialized * (mbedtls_pk_init()), but not setup (mbedtls_pk_setup()). @@ -250,7 +245,7 @@ psa_status_t pk_psa_import_key(const unsigned char *key_data, size_t key_len, * * \return 0 on success or a negative value otherwise. */ -static int pk_genkey(mbedtls_pk_context *pk, mbedtls_pk_type_t pk_type, int curve_or_keybits) +static int pk_setup(mbedtls_pk_context *pk, mbedtls_pk_type_t pk_type, int curve_or_keybits) { const unsigned char *key_data = NULL; const unsigned char *pub_key_data = NULL; @@ -301,9 +296,9 @@ exit: #if defined(MBEDTLS_PSA_CRYPTO_CLIENT) /** Create a PSA key of the desired type and properties. * - * This is similar to pk_genkey() above in the sense that it does not really - * generates a key every time, but it takes the key from a file instead in - * order to speedup testing. + * This is similar to pk_setup() above in the sense that it uses predefined + * keys, but in this case instead of setting up a PK context, the key is + * imported into PSA. * * \param type PSA key type. Only RSA and EC keys are supported. * \param bits PSA key bit size. @@ -314,11 +309,11 @@ exit: * for volatile keys. * \param[out] key Identifier of the "generated" (actually imported) PSA key. */ -psa_status_t pk_psa_genkey(psa_key_type_t type, size_t bits, - psa_key_usage_t usage, psa_algorithm_t alg, - psa_algorithm_t enrollment_alg, - mbedtls_svc_key_id_t persistent_key_id, - mbedtls_svc_key_id_t *key) +psa_status_t pk_psa_setup(psa_key_type_t type, size_t bits, + psa_key_usage_t usage, psa_algorithm_t alg, + psa_algorithm_t enrollment_alg, + mbedtls_svc_key_id_t persistent_key_id, + mbedtls_svc_key_id_t *key) { psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; psa_status_t status = PSA_ERROR_GENERIC_ERROR; @@ -506,7 +501,7 @@ static int pk_setup_for_type(mbedtls_pk_type_t pk_type, int want_pair, TEST_EQUAL(mbedtls_pk_setup(pk, mbedtls_pk_info_from_type(pk_type)), 0); *psa_type = PSA_KEY_TYPE_RSA_KEY_PAIR; if (want_pair) { - TEST_EQUAL(pk_genkey(pk, pk_type, MBEDTLS_RSA_GEN_KEY_MIN_BITS), 0); + TEST_EQUAL(pk_setup(pk, pk_type, MBEDTLS_RSA_GEN_KEY_MIN_BITS), 0); } else { unsigned char N[PSA_BITS_TO_BYTES(MBEDTLS_RSA_GEN_KEY_MIN_BITS)] = { 0xff }; N[sizeof(N) - 1] = 0x03; @@ -530,7 +525,7 @@ static int pk_setup_for_type(mbedtls_pk_type_t pk_type, int want_pair, mbedtls_ecp_group_id grp_id = MBEDTLS_TEST_ECP_DP_ONE_CURVE; size_t bits; *psa_type = PSA_KEY_TYPE_ECC_KEY_PAIR(mbedtls_ecc_group_to_psa(grp_id, &bits)); - TEST_EQUAL(pk_genkey(pk, pk_type, grp_id), 0); + TEST_EQUAL(pk_setup(pk, pk_type, grp_id), 0); if (!want_pair) { #if defined(MBEDTLS_PK_USE_PSA_EC_DATA) psa_key_attributes_t pub_attributes = PSA_KEY_ATTRIBUTES_INIT; @@ -670,14 +665,14 @@ void pk_psa_utils(int key_is_rsa) if (key_is_rsa) { bitlen = 1024; - PSA_ASSERT(pk_psa_genkey(PSA_KEY_TYPE_RSA_KEY_PAIR, 1024, PSA_KEY_USAGE_SIGN_HASH, - PSA_ALG_RSA_PKCS1V15_SIGN_RAW, PSA_ALG_NONE, - MBEDTLS_SVC_KEY_ID_INIT, &key)); + PSA_ASSERT(pk_psa_setup(PSA_KEY_TYPE_RSA_KEY_PAIR, 1024, PSA_KEY_USAGE_SIGN_HASH, + PSA_ALG_RSA_PKCS1V15_SIGN_RAW, PSA_ALG_NONE, + MBEDTLS_SVC_KEY_ID_INIT, &key)); } else { bitlen = 256; - PSA_ASSERT(pk_psa_genkey(PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1), 256, - PSA_KEY_USAGE_SIGN_HASH, PSA_ALG_ECDSA(PSA_ALG_SHA_256), - PSA_ALG_NONE, MBEDTLS_SVC_KEY_ID_INIT, &key)); + PSA_ASSERT(pk_psa_setup(PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1), 256, + PSA_KEY_USAGE_SIGN_HASH, PSA_ALG_ECDSA(PSA_ALG_SHA_256), + PSA_ALG_NONE, MBEDTLS_SVC_KEY_ID_INIT, &key)); } if (mbedtls_svc_key_id_is_null(key)) { goto exit; @@ -762,8 +757,8 @@ void pk_can_do_ext(int opaque_key, int key_type, int key_usage, int key_alg, USE_PSA_INIT(); if (opaque_key == 1) { - PSA_ASSERT(pk_psa_genkey(key_type, curve_or_keybits, key_usage, - key_alg, key_alg2, MBEDTLS_SVC_KEY_ID_INIT, &key)); + PSA_ASSERT(pk_psa_setup(key_type, curve_or_keybits, key_usage, + key_alg, key_alg2, MBEDTLS_SVC_KEY_ID_INIT, &key)); if (mbedtls_svc_key_id_is_null(key)) { goto exit; } @@ -772,7 +767,7 @@ void pk_can_do_ext(int opaque_key, int key_type, int key_usage, int key_alg, TEST_EQUAL(mbedtls_pk_get_type(&pk), MBEDTLS_PK_OPAQUE); } else { - TEST_EQUAL(pk_genkey(&pk, key_type, curve_or_keybits), 0); + TEST_EQUAL(pk_setup(&pk, key_type, curve_or_keybits), 0); TEST_EQUAL(mbedtls_pk_get_type(&pk), key_type); } @@ -974,7 +969,7 @@ void pk_utils(int type, int curve_or_keybits, int bitlen, int len, char *name) mbedtls_pk_init(&pk); USE_PSA_INIT(); - TEST_ASSERT(pk_genkey(&pk, type, curve_or_keybits) == 0); + TEST_ASSERT(pk_setup(&pk, type, curve_or_keybits) == 0); TEST_ASSERT((int) mbedtls_pk_get_type(&pk) == type); TEST_ASSERT(mbedtls_pk_can_do(&pk, type)); @@ -1335,7 +1330,7 @@ void pk_sign_verify(int type, int curve_or_keybits, int rsa_padding, int rsa_md_ memset(hash, 0x2a, sizeof(hash)); memset(sig, 0, sizeof(sig)); - TEST_ASSERT(pk_genkey(&pk, type, curve_or_keybits) == 0); + TEST_ASSERT(pk_setup(&pk, type, curve_or_keybits) == 0); #if defined(MBEDTLS_RSA_C) if (type == MBEDTLS_PK_RSA) { @@ -1728,7 +1723,7 @@ void pk_rsa_alt() memset(test, 0, sizeof(test)); /* Initialize PK RSA context with random key */ - TEST_ASSERT(pk_genkey(&rsa, MBEDTLS_PK_RSA, RSA_KEY_SIZE) == 0); + TEST_ASSERT(pk_setup(&rsa, MBEDTLS_PK_RSA, RSA_KEY_SIZE) == 0); /* Extract key to the raw rsa context */ TEST_ASSERT(mbedtls_rsa_copy(&raw, mbedtls_pk_rsa(rsa)) == 0); @@ -1829,7 +1824,7 @@ void pk_psa_sign(int psa_type, int bits, int rsa_padding) /* Create the legacy EC/RSA PK context. */ #if defined(MBEDTLS_RSA_C) if (PSA_KEY_TYPE_IS_RSA(psa_type)) { - TEST_EQUAL(pk_genkey(&pk, MBEDTLS_PK_RSA, bits), 0); + TEST_EQUAL(pk_setup(&pk, MBEDTLS_PK_RSA, bits), 0); TEST_EQUAL(mbedtls_rsa_set_padding(mbedtls_pk_rsa(pk), rsa_padding, MBEDTLS_MD_NONE), 0); } #else /* MBEDTLS_RSA_C */ @@ -1838,7 +1833,7 @@ void pk_psa_sign(int psa_type, int bits, int rsa_padding) #if defined(MBEDTLS_PK_CAN_ECDSA_SIGN) if (PSA_KEY_TYPE_IS_ECC_KEY_PAIR(psa_type)) { ecp_grp_id = mbedtls_ecc_group_from_psa(psa_type, bits); - TEST_ASSERT(pk_genkey(&pk, MBEDTLS_PK_ECKEY, ecp_grp_id) == 0); + TEST_ASSERT(pk_setup(&pk, MBEDTLS_PK_ECKEY, ecp_grp_id) == 0); } #endif /* MBEDTLS_PK_CAN_ECDSA_SIGN */ @@ -1976,7 +1971,7 @@ void pk_sign_ext(int pk_type, int curve_or_keybits, int key_pk_type, int md_alg) mbedtls_pk_init(&pk); MD_OR_USE_PSA_INIT(); - TEST_EQUAL(pk_genkey(&pk, pk_type, curve_or_keybits), 0); + TEST_EQUAL(pk_setup(&pk, pk_type, curve_or_keybits), 0); TEST_EQUAL(mbedtls_pk_sign_ext(key_pk_type, &pk, md_alg, hash, hash_len, sig, sizeof(sig), &sig_len, @@ -2257,9 +2252,9 @@ void pk_import_into_psa_lifetime(int from_opaque, persistent_key_id = mbedtls_svc_key_id_make(0, 1); } - PSA_ASSERT(pk_psa_genkey(from_psa_type, MBEDTLS_TEST_PSA_ECC_ONE_CURVE_BITS, - psa_key_usage, PSA_ALG_ECDH, PSA_ALG_NONE, - persistent_key_id, &old_key_id)); + PSA_ASSERT(pk_psa_setup(from_psa_type, MBEDTLS_TEST_PSA_ECC_ONE_CURVE_BITS, + psa_key_usage, PSA_ALG_ECDH, PSA_ALG_NONE, + persistent_key_id, &old_key_id)); TEST_EQUAL(mbedtls_pk_setup_opaque(&pk, old_key_id), 0); psa_reset_key_attributes(&attributes); #else @@ -2335,8 +2330,8 @@ void pk_get_psa_attributes_opaque(int from_type_arg, int from_bits_arg, PSA_INIT(); - PSA_ASSERT(pk_psa_genkey(from_type, bits, from_usage, alg, 42, - MBEDTLS_SVC_KEY_ID_INIT, &old_key_id)); + PSA_ASSERT(pk_psa_setup(from_type, bits, from_usage, alg, 42, + MBEDTLS_SVC_KEY_ID_INIT, &old_key_id)); TEST_EQUAL(mbedtls_pk_setup_opaque(&pk, old_key_id), 0); psa_key_type_t expected_psa_type = @@ -2428,8 +2423,8 @@ void pk_import_into_psa_opaque(int from_type, int from_bits, PSA_INIT(); - PSA_ASSERT(pk_psa_genkey(from_type, from_bits, from_usage, from_alg, PSA_ALG_NONE, - MBEDTLS_SVC_KEY_ID_INIT, &from_key_id)); + PSA_ASSERT(pk_psa_setup(from_type, from_bits, from_usage, from_alg, PSA_ALG_NONE, + MBEDTLS_SVC_KEY_ID_INIT, &from_key_id)); TEST_EQUAL(mbedtls_pk_setup_opaque(&pk, from_key_id), 0); psa_set_key_type(&to_attributes, to_type); @@ -2496,7 +2491,7 @@ void pk_copy_from_psa_fail(void) #if defined(PSA_WANT_KEY_TYPE_DH_KEY_PAIR_GENERATE) /* Generate a key type that is not handled by the PK module. - * Note: we cannot use pk_psa_genkey() in this case because that function relies + * Note: we cannot use pk_psa_setup() in this case because that function relies * on PK module functionality and PK module does not support DH keys. */ psa_key_attributes_t key_attr = PSA_KEY_ATTRIBUTES_INIT; @@ -2511,8 +2506,8 @@ void pk_copy_from_psa_fail(void) #if defined(MBEDTLS_PK_HAVE_ECC_KEYS) && defined(PSA_WANT_ECC_SECP_R1_256) /* Generate an EC key which cannot be exported. */ - PSA_ASSERT(pk_psa_genkey(PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1), 256, - 0, PSA_ALG_NONE, PSA_ALG_NONE, MBEDTLS_SVC_KEY_ID_INIT, &key_id)); + PSA_ASSERT(pk_psa_setup(PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1), 256, + 0, PSA_ALG_NONE, PSA_ALG_NONE, MBEDTLS_SVC_KEY_ID_INIT, &key_id)); TEST_EQUAL(mbedtls_pk_copy_from_psa(key_id, &pk_ctx), MBEDTLS_ERR_PK_TYPE_MISMATCH); psa_destroy_key(key_id); #endif /* MBEDTLS_PK_HAVE_ECC_KEYS && PSA_WANT_ECC_SECP_R1_256 */ @@ -2533,12 +2528,12 @@ void pk_copy_from_psa_builtin_fail() mbedtls_pk_init(&pk_ctx); PSA_INIT(); - PSA_ASSERT(pk_psa_genkey(PSA_KEY_TYPE_RSA_KEY_PAIR, - PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS, - PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_EXPORT, - PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256), - PSA_ALG_NONE, - MBEDTLS_SVC_KEY_ID_INIT, &key_id)); + PSA_ASSERT(pk_psa_setup(PSA_KEY_TYPE_RSA_KEY_PAIR, + PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS, + PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_EXPORT, + PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256), + PSA_ALG_NONE, + MBEDTLS_SVC_KEY_ID_INIT, &key_id)); TEST_EQUAL(mbedtls_pk_copy_from_psa(key_id, &pk_ctx), MBEDTLS_ERR_PK_BAD_INPUT_DATA); exit: mbedtls_pk_free(&pk_ctx); From 4d14581d87e50283b8311893785b4eb845ef0f8e Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Tue, 16 Apr 2024 15:00:52 +0200 Subject: [PATCH 110/429] test_suite_pk: use predefined RSA keys in pk_setup_for_type() Signed-off-by: Valerio Setti --- tests/suites/test_suite_pk.function | 17 +++++------------ 1 file changed, 5 insertions(+), 12 deletions(-) diff --git a/tests/suites/test_suite_pk.function b/tests/suites/test_suite_pk.function index 14e87ea476..88e3a2b006 100644 --- a/tests/suites/test_suite_pk.function +++ b/tests/suites/test_suite_pk.function @@ -498,20 +498,13 @@ static int pk_setup_for_type(mbedtls_pk_type_t pk_type, int want_pair, #if defined(MBEDTLS_RSA_C) case MBEDTLS_PK_RSA: { - TEST_EQUAL(mbedtls_pk_setup(pk, mbedtls_pk_info_from_type(pk_type)), 0); *psa_type = PSA_KEY_TYPE_RSA_KEY_PAIR; - if (want_pair) { - TEST_EQUAL(pk_setup(pk, pk_type, MBEDTLS_RSA_GEN_KEY_MIN_BITS), 0); - } else { - unsigned char N[PSA_BITS_TO_BYTES(MBEDTLS_RSA_GEN_KEY_MIN_BITS)] = { 0xff }; - N[sizeof(N) - 1] = 0x03; - const unsigned char E[1] = { 0x03 }; + TEST_EQUAL(pk_setup(pk, pk_type, MBEDTLS_RSA_GEN_KEY_MIN_BITS), 0); + if (!want_pair) { mbedtls_rsa_context *rsa = mbedtls_pk_rsa(*pk); - TEST_EQUAL(mbedtls_rsa_import_raw(rsa, - N, sizeof(N), - NULL, 0, NULL, 0, NULL, 0, - E, sizeof(E)), 0); - TEST_EQUAL(mbedtls_rsa_complete(rsa), 0); + mbedtls_mpi_free(&rsa->D); + mbedtls_mpi_free(&rsa->P); + mbedtls_mpi_free(&rsa->Q); } break; } From 42f2e2105454ea5c3b55f7ccd167bc16a1258b4a Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Tue, 16 Apr 2024 15:03:42 +0200 Subject: [PATCH 111/429] test_suite_pk: use pk_setup() instead of mbedtls_rsa_gen_key() in pk_psa_wrap_sign_ext() Signed-off-by: Valerio Setti --- tests/suites/test_suite_pk.function | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/tests/suites/test_suite_pk.function b/tests/suites/test_suite_pk.function index 88e3a2b006..e3ba6f95e2 100644 --- a/tests/suites/test_suite_pk.function +++ b/tests/suites/test_suite_pk.function @@ -2006,11 +2006,7 @@ void pk_psa_wrap_sign_ext(int pk_type, int key_bits, int key_pk_type, int md_alg /* Create legacy RSA public/private key in PK context. */ mbedtls_pk_init(&pk); - TEST_EQUAL(mbedtls_pk_setup(&pk, - mbedtls_pk_info_from_type(pk_type)), 0); - TEST_EQUAL(mbedtls_rsa_gen_key(mbedtls_pk_rsa(pk), - mbedtls_test_rnd_std_rand, NULL, - key_bits, 3), 0); + TEST_EQUAL(pk_setup(&pk, pk_type, key_bits), 0); if (key_pk_type == MBEDTLS_PK_RSASSA_PSS) { mbedtls_rsa_set_padding(mbedtls_pk_rsa(pk), MBEDTLS_RSA_PKCS_V21, MBEDTLS_MD_NONE); From 186f458d922e558d9ec340ad566924fe1331f99f Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Tue, 16 Apr 2024 15:37:47 +0200 Subject: [PATCH 112/429] test_suite_pk: enhance pk_psa_setup() to support all key types Signed-off-by: Valerio Setti --- tests/suites/test_suite_pk.function | 51 ++++++++++++++--------------- 1 file changed, 25 insertions(+), 26 deletions(-) diff --git a/tests/suites/test_suite_pk.function b/tests/suites/test_suite_pk.function index e3ba6f95e2..ab9ef7d494 100644 --- a/tests/suites/test_suite_pk.function +++ b/tests/suites/test_suite_pk.function @@ -296,11 +296,10 @@ exit: #if defined(MBEDTLS_PSA_CRYPTO_CLIENT) /** Create a PSA key of the desired type and properties. * - * This is similar to pk_setup() above in the sense that it uses predefined - * keys, but in this case instead of setting up a PK context, the key is - * imported into PSA. + * - For RSA and EC keys predefined key data is used (as in the pk_setup() above). + * - Other key types (ex: DH) are generated at runtime. * - * \param type PSA key type. Only RSA and EC keys are supported. + * \param type PSA key type. * \param bits PSA key bit size. * \param usage PSA key usage flags. * \param alg PSA key primary algorithm. @@ -320,19 +319,6 @@ psa_status_t pk_psa_setup(psa_key_type_t type, size_t bits, const unsigned char *key_data = NULL; size_t key_data_size = 0; - if (PSA_KEY_TYPE_IS_RSA(type)) { - TEST_EQUAL(get_predefined_key_data(0, bits, &key_data, &key_data_size, NULL, 0), 0); - } else { -#if defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) - mbedtls_ecp_group_id grp_id; - grp_id = mbedtls_ecc_group_from_psa(PSA_KEY_TYPE_ECC_GET_FAMILY(type), bits); - TEST_EQUAL(get_predefined_key_data(1, grp_id, &key_data, &key_data_size, NULL, 0), 0); -#else /* PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY */ - TEST_FAIL("EC keys are not supported"); -#endif /* PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY */ - } - - /* Import the key into PSA. */ *key = MBEDTLS_SVC_KEY_ID_INIT; psa_set_key_usage_flags(&attributes, usage); psa_set_key_algorithm(&attributes, alg); @@ -342,6 +328,25 @@ psa_status_t pk_psa_setup(psa_key_type_t type, size_t bits, if (!mbedtls_svc_key_id_is_null(persistent_key_id)) { psa_set_key_id(&attributes, persistent_key_id); } + + /* For EC and RSA keys we use predefined keys in order to: + * - speed up testing and + * - ease requirements/dependencies on test cases. + * For other keys (ex: DH) psa_generate_key() is used instead. */ + if (PSA_KEY_TYPE_IS_RSA(type)) { + TEST_EQUAL(get_predefined_key_data(0, bits, &key_data, &key_data_size, NULL, 0), 0); + } else if (PSA_KEY_TYPE_IS_ECC(type)) { +#if defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) + mbedtls_ecp_group_id grp_id; + grp_id = mbedtls_ecc_group_from_psa(PSA_KEY_TYPE_ECC_GET_FAMILY(type), bits); + TEST_EQUAL(get_predefined_key_data(1, grp_id, &key_data, &key_data_size, NULL, 0), 0); +#else /* PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY */ + TEST_FAIL("EC keys are not supported"); +#endif /* PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY */ + } else { + return psa_generate_key(&attributes, key); + } + status = psa_import_key(&attributes, key_data, key_data_size, key); exit: @@ -2479,15 +2484,9 @@ void pk_copy_from_psa_fail(void) MBEDTLS_ERR_PK_BAD_INPUT_DATA); #if defined(PSA_WANT_KEY_TYPE_DH_KEY_PAIR_GENERATE) - /* Generate a key type that is not handled by the PK module. - * Note: we cannot use pk_psa_setup() in this case because that function relies - * on PK module functionality and PK module does not support DH keys. */ - psa_key_attributes_t key_attr = PSA_KEY_ATTRIBUTES_INIT; - - psa_set_key_type(&key_attr, PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919)); - psa_set_key_bits(&key_attr, 2048); - psa_set_key_usage_flags(&key_attr, PSA_KEY_USAGE_EXPORT); - psa_generate_key(&key_attr, &key_id); + pk_psa_setup(PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919), 2048, + PSA_KEY_USAGE_EXPORT, PSA_ALG_NONE, PSA_ALG_NONE, + MBEDTLS_SVC_KEY_ID_INIT, &key_id); TEST_EQUAL(mbedtls_pk_copy_from_psa(key_id, &pk_ctx), MBEDTLS_ERR_PK_BAD_INPUT_DATA); TEST_EQUAL(mbedtls_pk_copy_public_from_psa(key_id, &pk_ctx), MBEDTLS_ERR_PK_BAD_INPUT_DATA); psa_destroy_key(key_id); From 50e59796802ab7b187fa6958c29eb41ca653bb8e Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Tue, 16 Apr 2024 16:00:35 +0200 Subject: [PATCH 113/429] test_suite_pk: remove RSA key generation/size dependencies - MBEDTLS_GENPRIME is removed because now we rely on predefined RSA keys. - MBEDTLS_RSA_GEN_KEY_MIN_BITS is replaced with RSA_KEY_SIZE which is set on top of test_suite_pk to a value which is supported in the predefined_keys[] array. Signed-off-by: Valerio Setti --- tests/suites/test_suite_pk.data | 116 ++++++++++++++-------------- tests/suites/test_suite_pk.function | 14 ++-- 2 files changed, 65 insertions(+), 65 deletions(-) diff --git a/tests/suites/test_suite_pk.data b/tests/suites/test_suite_pk.data index e93c764542..2ab36aa822 100644 --- a/tests/suites/test_suite_pk.data +++ b/tests/suites/test_suite_pk.data @@ -10,21 +10,21 @@ valid_parameters_pkwrite:"308204a20201000282010100a9021f3d406ad555538bfd36ee8265 PK utils: RSA Minimum key depends_on:MBEDTLS_RSA_C -pk_utils:MBEDTLS_PK_RSA:MBEDTLS_RSA_GEN_KEY_MIN_BITS:MBEDTLS_RSA_GEN_KEY_MIN_BITS:(MBEDTLS_RSA_GEN_KEY_MIN_BITS + 7) / 8:"RSA" +pk_utils:MBEDTLS_PK_RSA:RSA_KEY_SIZE:RSA_KEY_SIZE:(RSA_KEY_SIZE + 7) / 8:"RSA" # mbedtls_rsa_gen_key() only supports even sizes, so we don't test min+1, # min+3, etc. PK utils: RSA Minimum key + 2 bits depends_on:MBEDTLS_RSA_C -pk_utils:MBEDTLS_PK_RSA:MBEDTLS_RSA_GEN_KEY_MIN_BITS + 2:MBEDTLS_RSA_GEN_KEY_MIN_BITS + 2:(MBEDTLS_RSA_GEN_KEY_MIN_BITS + 2 + 7) / 8:"RSA" +pk_utils:MBEDTLS_PK_RSA:RSA_KEY_SIZE + 2:RSA_KEY_SIZE + 2:(RSA_KEY_SIZE + 2 + 7) / 8:"RSA" PK utils: RSA Minimum key + 4 bits depends_on:MBEDTLS_RSA_C -pk_utils:MBEDTLS_PK_RSA:MBEDTLS_RSA_GEN_KEY_MIN_BITS + 4:MBEDTLS_RSA_GEN_KEY_MIN_BITS + 4:(MBEDTLS_RSA_GEN_KEY_MIN_BITS + 4 + 7) / 8:"RSA" +pk_utils:MBEDTLS_PK_RSA:RSA_KEY_SIZE + 4:RSA_KEY_SIZE + 4:(RSA_KEY_SIZE + 4 + 7) / 8:"RSA" PK utils: RSA Minimum key + 6 bits depends_on:MBEDTLS_RSA_C -pk_utils:MBEDTLS_PK_RSA:MBEDTLS_RSA_GEN_KEY_MIN_BITS + 6:MBEDTLS_RSA_GEN_KEY_MIN_BITS + 6:(MBEDTLS_RSA_GEN_KEY_MIN_BITS + 6 + 7) / 8:"RSA" +pk_utils:MBEDTLS_PK_RSA:RSA_KEY_SIZE + 6:RSA_KEY_SIZE + 6:(RSA_KEY_SIZE + 6 + 7) / 8:"RSA" PK utils: ECKEY SECP192R1 depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_HAVE_SECP192R1 @@ -435,20 +435,20 @@ depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_HAVE_SECP192R1 pk_sign_verify:MBEDTLS_PK_ECKEY_DH:MBEDTLS_ECP_DP_SECP192R1:0:0:MBEDTLS_ERR_PK_TYPE_MISMATCH:MBEDTLS_ERR_PK_TYPE_MISMATCH RSA sign-verify, PKCS1v1.5, SHA1 -depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_RSA_GEN_KEY_MIN_BITS >= 512:MBEDTLS_MD_CAN_SHA1 -pk_sign_verify:MBEDTLS_PK_RSA:MBEDTLS_RSA_GEN_KEY_MIN_BITS:MBEDTLS_RSA_PKCS_V15:MBEDTLS_MD_SHA1:0:0 +depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_MD_CAN_SHA1 +pk_sign_verify:MBEDTLS_PK_RSA:RSA_KEY_SIZE:MBEDTLS_RSA_PKCS_V15:MBEDTLS_MD_SHA1:0:0 RSA sign-verify, PKCS1v2.1, SHA1 -depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V21:MBEDTLS_RSA_GEN_KEY_MIN_BITS >= 512:MBEDTLS_MD_CAN_SHA1 -pk_sign_verify:MBEDTLS_PK_RSA:MBEDTLS_RSA_GEN_KEY_MIN_BITS:MBEDTLS_RSA_PKCS_V21:MBEDTLS_MD_SHA1:0:0 +depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V21:MBEDTLS_MD_CAN_SHA1 +pk_sign_verify:MBEDTLS_PK_RSA:RSA_KEY_SIZE:MBEDTLS_RSA_PKCS_V21:MBEDTLS_MD_SHA1:0:0 RSA sign-verify, PKCS1v1.5, SHA256 -depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_RSA_GEN_KEY_MIN_BITS >= 512:MBEDTLS_MD_CAN_SHA256 -pk_sign_verify:MBEDTLS_PK_RSA:MBEDTLS_RSA_GEN_KEY_MIN_BITS:MBEDTLS_RSA_PKCS_V15:MBEDTLS_MD_SHA256:0:0 +depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_MD_CAN_SHA256 +pk_sign_verify:MBEDTLS_PK_RSA:RSA_KEY_SIZE:MBEDTLS_RSA_PKCS_V15:MBEDTLS_MD_SHA256:0:0 RSA sign-verify, PKCS1v2.1, SHA256 -depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V21:MBEDTLS_RSA_GEN_KEY_MIN_BITS >= 512:MBEDTLS_MD_CAN_SHA256 -pk_sign_verify:MBEDTLS_PK_RSA:MBEDTLS_RSA_GEN_KEY_MIN_BITS:MBEDTLS_RSA_PKCS_V21:MBEDTLS_MD_SHA256:0:0 +depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V21:MBEDTLS_MD_CAN_SHA256 +pk_sign_verify:MBEDTLS_PK_RSA:RSA_KEY_SIZE:MBEDTLS_RSA_PKCS_V21:MBEDTLS_MD_SHA256:0:0 RSA encrypt-decrypt test PKCS1 v1.5 depends_on:MBEDTLS_PKCS1_V15 @@ -507,7 +507,7 @@ depends_on:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_PK_CAN_ECDSA_SIGN pk_ec_nocrypt:MBEDTLS_PK_ECDSA RSA_ALT consistency -depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_RSA_GEN_KEY_MIN_BITS >= 512 +depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 pk_rsa_alt: Verify ext RSA #1 (PKCS1 v2.1, salt_len = ANY, OK) @@ -696,27 +696,27 @@ depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V21 pk_psa_sign:PSA_KEY_TYPE_RSA_KEY_PAIR:1024:MBEDTLS_RSA_PKCS_V21 PK sign ext: RSA2048, PK_RSA, MD_SHA256 -depends_on:MBEDTLS_PKCS1_V15:MBEDTLS_MD_CAN_SHA256:MBEDTLS_RSA_C:MBEDTLS_RSA_GEN_KEY_MIN_BITS <= 2048 +depends_on:MBEDTLS_PKCS1_V15:MBEDTLS_MD_CAN_SHA256:MBEDTLS_RSA_C pk_sign_ext:MBEDTLS_PK_RSA:2048:MBEDTLS_PK_RSA:MBEDTLS_MD_SHA256 PK sign ext: RSA2048, PK_RSASSA_PSS, MD_SHA256 -depends_on:MBEDTLS_PKCS1_V21:MBEDTLS_MD_CAN_SHA256:MBEDTLS_RSA_C:MBEDTLS_RSA_GEN_KEY_MIN_BITS <= 2048 +depends_on:MBEDTLS_PKCS1_V21:MBEDTLS_MD_CAN_SHA256:MBEDTLS_RSA_C pk_sign_ext:MBEDTLS_PK_RSA:2048:MBEDTLS_PK_RSASSA_PSS:MBEDTLS_MD_SHA256 PK sign ext: RSA2048, PK_RSA, MD_SHA384 -depends_on:MBEDTLS_PKCS1_V15:MBEDTLS_MD_CAN_SHA384:MBEDTLS_RSA_C:MBEDTLS_RSA_GEN_KEY_MIN_BITS <= 2048 +depends_on:MBEDTLS_PKCS1_V15:MBEDTLS_MD_CAN_SHA384:MBEDTLS_RSA_C pk_sign_ext:MBEDTLS_PK_RSA:2048:MBEDTLS_PK_RSA:MBEDTLS_MD_SHA384 PK sign ext: RSA2048, PK_RSASSA_PSS, MD_SHA384 -depends_on:MBEDTLS_PKCS1_V21:MBEDTLS_MD_CAN_SHA384:MBEDTLS_RSA_C:MBEDTLS_RSA_GEN_KEY_MIN_BITS <= 2048 +depends_on:MBEDTLS_PKCS1_V21:MBEDTLS_MD_CAN_SHA384:MBEDTLS_RSA_C pk_sign_ext:MBEDTLS_PK_RSA:2048:MBEDTLS_PK_RSASSA_PSS:MBEDTLS_MD_SHA384 PK sign ext: RSA2048, PK_RSA, MD_SHA512 -depends_on:MBEDTLS_PKCS1_V15:MBEDTLS_MD_CAN_SHA512:MBEDTLS_RSA_C:MBEDTLS_RSA_GEN_KEY_MIN_BITS <= 2048 +depends_on:MBEDTLS_PKCS1_V15:MBEDTLS_MD_CAN_SHA512:MBEDTLS_RSA_C pk_sign_ext:MBEDTLS_PK_RSA:2048:MBEDTLS_PK_RSA:MBEDTLS_MD_SHA512 PK sign ext: RSA2048, PK_RSASSA_PSS, MD_SHA512 -depends_on:MBEDTLS_PKCS1_V21:MBEDTLS_MD_CAN_SHA512:MBEDTLS_RSA_C:MBEDTLS_RSA_GEN_KEY_MIN_BITS <= 2048 +depends_on:MBEDTLS_PKCS1_V21:MBEDTLS_MD_CAN_SHA512:MBEDTLS_RSA_C pk_sign_ext:MBEDTLS_PK_RSA:2048:MBEDTLS_PK_RSASSA_PSS:MBEDTLS_MD_SHA512 PK sign ext: SECP256R1, PK_ECDSA, MD_SHA256 @@ -1064,92 +1064,92 @@ pk_get_psa_attributes_fail:MBEDTLS_PK_ECKEY_DH:FROM_PUBLIC:PSA_KEY_USAGE_VERIFY_ PSA attributes for pk: opaque RSA pair, 0 & SIGN_MESSAGE (bad policy) depends_on:MBEDTLS_RSA_C -pk_get_psa_attributes_opaque:PSA_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_RSA_GEN_KEY_MIN_BITS:0:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_USAGE_SIGN_MESSAGE:MBEDTLS_ERR_PK_TYPE_MISMATCH:1:0 +pk_get_psa_attributes_opaque:PSA_KEY_TYPE_RSA_KEY_PAIR:RSA_KEY_SIZE:0:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_USAGE_SIGN_MESSAGE:MBEDTLS_ERR_PK_TYPE_MISMATCH:1:0 PSA attributes for pk: opaque RSA pair, SIGN_MESSAGE & SIGN_MESSAGE depends_on:MBEDTLS_RSA_C -pk_get_psa_attributes_opaque:PSA_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_RSA_GEN_KEY_MIN_BITS:PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_USAGE_SIGN_MESSAGE:0:1:PSA_KEY_USAGE_SIGN_MESSAGE +pk_get_psa_attributes_opaque:PSA_KEY_TYPE_RSA_KEY_PAIR:RSA_KEY_SIZE:PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_USAGE_SIGN_MESSAGE:0:1:PSA_KEY_USAGE_SIGN_MESSAGE PSA attributes for pk: opaque RSA pair, SIGN|VERIFY & SIGN_MESSAGE depends_on:MBEDTLS_RSA_C -pk_get_psa_attributes_opaque:PSA_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_RSA_GEN_KEY_MIN_BITS:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_USAGE_SIGN_MESSAGE:0:1:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE +pk_get_psa_attributes_opaque:PSA_KEY_TYPE_RSA_KEY_PAIR:RSA_KEY_SIZE:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_USAGE_SIGN_MESSAGE:0:1:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE PSA attributes for pk: opaque RSA pair, SIGN|DECRYPT & SIGN_MESSAGE depends_on:MBEDTLS_RSA_C -pk_get_psa_attributes_opaque:PSA_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_RSA_GEN_KEY_MIN_BITS:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_DECRYPT:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_USAGE_SIGN_MESSAGE:0:1:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_DECRYPT +pk_get_psa_attributes_opaque:PSA_KEY_TYPE_RSA_KEY_PAIR:RSA_KEY_SIZE:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_DECRYPT:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_USAGE_SIGN_MESSAGE:0:1:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_DECRYPT # For a PK_OPAQUE key with a key pair type output, # mbedtls_pk_import_into_psa() requires the key to be copyable or exportable. # Try all combinations of COPY/not, EXPORT/not. PSA attributes for pk: opaque RSA pair, SIGN|... & SIGN_MESSAGE depends_on:MBEDTLS_RSA_C -pk_get_psa_attributes_opaque:PSA_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_RSA_GEN_KEY_MIN_BITS:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_ENCRYPT:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_USAGE_SIGN_MESSAGE:0:1:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_ENCRYPT +pk_get_psa_attributes_opaque:PSA_KEY_TYPE_RSA_KEY_PAIR:RSA_KEY_SIZE:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_ENCRYPT:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_USAGE_SIGN_MESSAGE:0:1:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_ENCRYPT PSA attributes for pk: opaque RSA pair, SIGN|EXPORT|... & SIGN_MESSAGE depends_on:MBEDTLS_RSA_C -pk_get_psa_attributes_opaque:PSA_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_RSA_GEN_KEY_MIN_BITS:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_ENCRYPT:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_USAGE_SIGN_MESSAGE:0:1:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_ENCRYPT +pk_get_psa_attributes_opaque:PSA_KEY_TYPE_RSA_KEY_PAIR:RSA_KEY_SIZE:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_ENCRYPT:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_USAGE_SIGN_MESSAGE:0:1:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_ENCRYPT PSA attributes for pk: opaque RSA pair, SIGN|COPY|... & SIGN_MESSAGE depends_on:MBEDTLS_RSA_C -pk_get_psa_attributes_opaque:PSA_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_RSA_GEN_KEY_MIN_BITS:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_ENCRYPT:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_USAGE_SIGN_MESSAGE:0:1:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_ENCRYPT +pk_get_psa_attributes_opaque:PSA_KEY_TYPE_RSA_KEY_PAIR:RSA_KEY_SIZE:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_ENCRYPT:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_USAGE_SIGN_MESSAGE:0:1:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_ENCRYPT PSA attributes for pk: opaque RSA pair, SIGN|COPY|EXPORT... & SIGN_MESSAGE depends_on:MBEDTLS_RSA_C -pk_get_psa_attributes_opaque:PSA_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_RSA_GEN_KEY_MIN_BITS:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_ENCRYPT:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_USAGE_SIGN_MESSAGE:0:1:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_ENCRYPT +pk_get_psa_attributes_opaque:PSA_KEY_TYPE_RSA_KEY_PAIR:RSA_KEY_SIZE:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_ENCRYPT:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_USAGE_SIGN_MESSAGE:0:1:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_ENCRYPT PSA attributes for pk: opaque RSA pair, SIGN_MESSAGE & SIGN_HASH (bad policy) depends_on:MBEDTLS_RSA_C -pk_get_psa_attributes_opaque:PSA_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_RSA_GEN_KEY_MIN_BITS:PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_USAGE_SIGN_HASH:MBEDTLS_ERR_PK_TYPE_MISMATCH:1:0 +pk_get_psa_attributes_opaque:PSA_KEY_TYPE_RSA_KEY_PAIR:RSA_KEY_SIZE:PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_USAGE_SIGN_HASH:MBEDTLS_ERR_PK_TYPE_MISMATCH:1:0 # For a PK_OPAQUE key, mbedtls_pk_get_psa_attributes() ignores the input # key's algorithm policy. Just this time, test with a few different algorithms. PSA attributes for pk: opaque RSA pair, SIGN_HASH & SIGN_HASH [0] depends_on:MBEDTLS_RSA_C -pk_get_psa_attributes_opaque:PSA_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_RSA_GEN_KEY_MIN_BITS:PSA_KEY_USAGE_SIGN_HASH:PSA_ALG_NONE:PSA_KEY_USAGE_SIGN_HASH:0:1:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE +pk_get_psa_attributes_opaque:PSA_KEY_TYPE_RSA_KEY_PAIR:RSA_KEY_SIZE:PSA_KEY_USAGE_SIGN_HASH:PSA_ALG_NONE:PSA_KEY_USAGE_SIGN_HASH:0:1:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE PSA attributes for pk: opaque RSA pair, SIGN_HASH & SIGN_HASH [raw] depends_on:MBEDTLS_RSA_C -pk_get_psa_attributes_opaque:PSA_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_RSA_GEN_KEY_MIN_BITS:PSA_KEY_USAGE_SIGN_HASH:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_USAGE_SIGN_HASH:0:1:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE +pk_get_psa_attributes_opaque:PSA_KEY_TYPE_RSA_KEY_PAIR:RSA_KEY_SIZE:PSA_KEY_USAGE_SIGN_HASH:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_USAGE_SIGN_HASH:0:1:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE PSA attributes for pk: opaque RSA pair, SIGN_HASH & SIGN_HASH [v15] depends_on:MBEDTLS_RSA_C -pk_get_psa_attributes_opaque:PSA_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_RSA_GEN_KEY_MIN_BITS:PSA_KEY_USAGE_SIGN_HASH:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_USAGE_SIGN_HASH:0:1:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE +pk_get_psa_attributes_opaque:PSA_KEY_TYPE_RSA_KEY_PAIR:RSA_KEY_SIZE:PSA_KEY_USAGE_SIGN_HASH:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_USAGE_SIGN_HASH:0:1:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE PSA attributes for pk: opaque RSA pair, SIGN_HASH & SIGN_HASH [PSS] depends_on:MBEDTLS_RSA_C -pk_get_psa_attributes_opaque:PSA_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_RSA_GEN_KEY_MIN_BITS:PSA_KEY_USAGE_SIGN_HASH:PSA_ALG_RSA_PSS_ANY_SALT(PSA_ALG_SHA_256):PSA_KEY_USAGE_SIGN_HASH:0:1:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE +pk_get_psa_attributes_opaque:PSA_KEY_TYPE_RSA_KEY_PAIR:RSA_KEY_SIZE:PSA_KEY_USAGE_SIGN_HASH:PSA_ALG_RSA_PSS_ANY_SALT(PSA_ALG_SHA_256):PSA_KEY_USAGE_SIGN_HASH:0:1:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE PSA attributes for pk: opaque RSA pair, 0 & DECRYPT (bad policy) depends_on:MBEDTLS_RSA_C -pk_get_psa_attributes_opaque:PSA_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_RSA_GEN_KEY_MIN_BITS:0:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_KEY_USAGE_DECRYPT:MBEDTLS_ERR_PK_TYPE_MISMATCH:1:0 +pk_get_psa_attributes_opaque:PSA_KEY_TYPE_RSA_KEY_PAIR:RSA_KEY_SIZE:0:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_KEY_USAGE_DECRYPT:MBEDTLS_ERR_PK_TYPE_MISMATCH:1:0 PSA attributes for pk: opaque RSA pair, DECRYPT & DECRYPT depends_on:MBEDTLS_RSA_C -pk_get_psa_attributes_opaque:PSA_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_RSA_GEN_KEY_MIN_BITS:PSA_KEY_USAGE_DECRYPT:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_KEY_USAGE_DECRYPT:0:1:PSA_KEY_USAGE_DECRYPT +pk_get_psa_attributes_opaque:PSA_KEY_TYPE_RSA_KEY_PAIR:RSA_KEY_SIZE:PSA_KEY_USAGE_DECRYPT:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_KEY_USAGE_DECRYPT:0:1:PSA_KEY_USAGE_DECRYPT PSA attributes for pk: opaque RSA pair, DECRYPT|... & DECRYPT depends_on:MBEDTLS_RSA_C -pk_get_psa_attributes_opaque:PSA_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_RSA_GEN_KEY_MIN_BITS:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_ENCRYPT:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_KEY_USAGE_DECRYPT:0:1:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_ENCRYPT +pk_get_psa_attributes_opaque:PSA_KEY_TYPE_RSA_KEY_PAIR:RSA_KEY_SIZE:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_ENCRYPT:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_KEY_USAGE_DECRYPT:0:1:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_ENCRYPT PSA attributes for pk: opaque RSA pair, ... & DERIVE (bad) depends_on:MBEDTLS_RSA_C -pk_get_psa_attributes_opaque:PSA_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_RSA_GEN_KEY_MIN_BITS:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_ENCRYPT:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_KEY_USAGE_DERIVE:MBEDTLS_ERR_PK_TYPE_MISMATCH:1:0 +pk_get_psa_attributes_opaque:PSA_KEY_TYPE_RSA_KEY_PAIR:RSA_KEY_SIZE:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_ENCRYPT:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_KEY_USAGE_DERIVE:MBEDTLS_ERR_PK_TYPE_MISMATCH:1:0 PSA attributes for pk: opaque RSA pair, ... & EXPORT (bad) depends_on:MBEDTLS_RSA_C -pk_get_psa_attributes_opaque:PSA_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_RSA_GEN_KEY_MIN_BITS:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_ENCRYPT:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_KEY_USAGE_EXPORT:MBEDTLS_ERR_PK_TYPE_MISMATCH:1:0 +pk_get_psa_attributes_opaque:PSA_KEY_TYPE_RSA_KEY_PAIR:RSA_KEY_SIZE:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_ENCRYPT:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_KEY_USAGE_EXPORT:MBEDTLS_ERR_PK_TYPE_MISMATCH:1:0 PSA attributes for pk: opaque RSA pair->public, VERIFY_MESSAGE & VERIFY_MESSAGE depends_on:MBEDTLS_RSA_C -pk_get_psa_attributes_opaque:PSA_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_RSA_GEN_KEY_MIN_BITS:PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_USAGE_VERIFY_MESSAGE:0:0:PSA_KEY_USAGE_VERIFY_MESSAGE +pk_get_psa_attributes_opaque:PSA_KEY_TYPE_RSA_KEY_PAIR:RSA_KEY_SIZE:PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_USAGE_VERIFY_MESSAGE:0:0:PSA_KEY_USAGE_VERIFY_MESSAGE PSA attributes for pk: opaque RSA pair->public, VERIFY_HASH & VERIFY_HASH depends_on:MBEDTLS_RSA_C -pk_get_psa_attributes_opaque:PSA_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_RSA_GEN_KEY_MIN_BITS:PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_USAGE_VERIFY_HASH:0:0:PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE +pk_get_psa_attributes_opaque:PSA_KEY_TYPE_RSA_KEY_PAIR:RSA_KEY_SIZE:PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_USAGE_VERIFY_HASH:0:0:PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE PSA attributes for pk: opaque RSA pair->public, ENCRYPT & ENCRYPT depends_on:MBEDTLS_RSA_C -pk_get_psa_attributes_opaque:PSA_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_RSA_GEN_KEY_MIN_BITS:PSA_KEY_USAGE_ENCRYPT:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_KEY_USAGE_ENCRYPT:0:0:PSA_KEY_USAGE_ENCRYPT +pk_get_psa_attributes_opaque:PSA_KEY_TYPE_RSA_KEY_PAIR:RSA_KEY_SIZE:PSA_KEY_USAGE_ENCRYPT:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_KEY_USAGE_ENCRYPT:0:0:PSA_KEY_USAGE_ENCRYPT PSA attributes for pk: opaque ECC pair, 0 & SIGN_MESSAGE (bad policy) depends_on:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_PK_HAVE_ECC_KEYS @@ -1212,15 +1212,15 @@ pk_import_into_psa_fail:MBEDTLS_PK_RSA:FROM_PUBLIC:PSA_KEY_TYPE_RSA_KEY_PAIR:0:M # be more appropriate. (Applies to all the RSA "different bits" test cases.) PSA import into PSA: RSA pair to different bits (bad) depends_on:MBEDTLS_RSA_C -pk_import_into_psa_fail:MBEDTLS_PK_RSA:FROM_PAIR:PSA_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_RSA_GEN_KEY_MIN_BITS + 8:MBEDTLS_ERR_PK_INVALID_ALG +pk_import_into_psa_fail:MBEDTLS_PK_RSA:FROM_PAIR:PSA_KEY_TYPE_RSA_KEY_PAIR:RSA_KEY_SIZE + 8:MBEDTLS_ERR_PK_INVALID_ALG PSA import into PSA: RSA public to different bits (bad) depends_on:MBEDTLS_RSA_C -pk_import_into_psa_fail:MBEDTLS_PK_RSA:FROM_PUBLIC:PSA_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_RSA_GEN_KEY_MIN_BITS + 8:MBEDTLS_ERR_PK_INVALID_ALG +pk_import_into_psa_fail:MBEDTLS_PK_RSA:FROM_PUBLIC:PSA_KEY_TYPE_RSA_PUBLIC_KEY:RSA_KEY_SIZE + 8:MBEDTLS_ERR_PK_INVALID_ALG PSA import into PSA: RSA private to public, different bits (bad) depends_on:MBEDTLS_RSA_C -pk_import_into_psa_fail:MBEDTLS_PK_RSA:FROM_PAIR:PSA_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_RSA_GEN_KEY_MIN_BITS + 8:MBEDTLS_ERR_PK_INVALID_ALG +pk_import_into_psa_fail:MBEDTLS_PK_RSA:FROM_PAIR:PSA_KEY_TYPE_RSA_PUBLIC_KEY:RSA_KEY_SIZE + 8:MBEDTLS_ERR_PK_INVALID_ALG PSA import into PSA: ECKEY pair to RSA (bad) depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE @@ -1396,72 +1396,72 @@ pk_import_into_psa_lifetime:1:1:0:1:1 PSA import into PSA: opaque RSA, COPY (ok) depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN -pk_import_into_psa_opaque:PSA_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_RSA_GEN_KEY_MIN_BITS:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_RSA_GEN_KEY_MIN_BITS:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:0 +pk_import_into_psa_opaque:PSA_KEY_TYPE_RSA_KEY_PAIR:RSA_KEY_SIZE:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_TYPE_RSA_KEY_PAIR:RSA_KEY_SIZE:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:0 PSA import into PSA: opaque RSA, EXPORT (ok) depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN -pk_import_into_psa_opaque:PSA_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_RSA_GEN_KEY_MIN_BITS:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_RSA_GEN_KEY_MIN_BITS:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:0 +pk_import_into_psa_opaque:PSA_KEY_TYPE_RSA_KEY_PAIR:RSA_KEY_SIZE:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_TYPE_RSA_KEY_PAIR:RSA_KEY_SIZE:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:0 PSA import into PSA: opaque RSA, no COPY/EXPORT (bad) depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN -pk_import_into_psa_opaque:PSA_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_RSA_GEN_KEY_MIN_BITS:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_RSA_GEN_KEY_MIN_BITS:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:MBEDTLS_ERR_PK_TYPE_MISMATCH +pk_import_into_psa_opaque:PSA_KEY_TYPE_RSA_KEY_PAIR:RSA_KEY_SIZE:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_TYPE_RSA_KEY_PAIR:RSA_KEY_SIZE:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:MBEDTLS_ERR_PK_TYPE_MISMATCH # Detail that isn't precisely documented: since this copies the key, # the new key has the intersection of the usage flags. PSA import into PSA: opaque RSA, COPY|EXPORT, different usage (restricted) depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN -pk_import_into_psa_opaque:PSA_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_RSA_GEN_KEY_MIN_BITS:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_RSA_GEN_KEY_MIN_BITS:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:0 +pk_import_into_psa_opaque:PSA_KEY_TYPE_RSA_KEY_PAIR:RSA_KEY_SIZE:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_TYPE_RSA_KEY_PAIR:RSA_KEY_SIZE:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:0 # Detail that isn't precisely documented: since this copies the key, # the new key has the intersection of the usage flags. PSA import into PSA: opaque RSA, COPY, different usage (restricted) depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN -pk_import_into_psa_opaque:PSA_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_RSA_GEN_KEY_MIN_BITS:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_RSA_GEN_KEY_MIN_BITS:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:0 +pk_import_into_psa_opaque:PSA_KEY_TYPE_RSA_KEY_PAIR:RSA_KEY_SIZE:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_TYPE_RSA_KEY_PAIR:RSA_KEY_SIZE:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:0 # Detail that isn't precisely documented: since this exports the key, # the new key has all the requested usage flags. PSA import into PSA: opaque RSA, EXPORT, different usage (ok) depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN -pk_import_into_psa_opaque:PSA_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_RSA_GEN_KEY_MIN_BITS:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_RSA_GEN_KEY_MIN_BITS:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:0 +pk_import_into_psa_opaque:PSA_KEY_TYPE_RSA_KEY_PAIR:RSA_KEY_SIZE:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_TYPE_RSA_KEY_PAIR:RSA_KEY_SIZE:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:0 PSA import into PSA: opaque RSA, COPY|EXPORT, different algorithm (ok) depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN -pk_import_into_psa_opaque:PSA_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_RSA_GEN_KEY_MIN_BITS:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_RSA_GEN_KEY_MIN_BITS:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0 +pk_import_into_psa_opaque:PSA_KEY_TYPE_RSA_KEY_PAIR:RSA_KEY_SIZE:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_TYPE_RSA_KEY_PAIR:RSA_KEY_SIZE:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0 PSA import into PSA: opaque RSA, COPY, different algorithm (bad) depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN -pk_import_into_psa_opaque:PSA_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_RSA_GEN_KEY_MIN_BITS:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_RSA_GEN_KEY_MIN_BITS:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):MBEDTLS_ERR_PK_TYPE_MISMATCH +pk_import_into_psa_opaque:PSA_KEY_TYPE_RSA_KEY_PAIR:RSA_KEY_SIZE:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_TYPE_RSA_KEY_PAIR:RSA_KEY_SIZE:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):MBEDTLS_ERR_PK_TYPE_MISMATCH PSA import into PSA: opaque RSA, EXPORT, different algorithm (ok) depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN -pk_import_into_psa_opaque:PSA_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_RSA_GEN_KEY_MIN_BITS:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_RSA_GEN_KEY_MIN_BITS:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0 +pk_import_into_psa_opaque:PSA_KEY_TYPE_RSA_KEY_PAIR:RSA_KEY_SIZE:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_TYPE_RSA_KEY_PAIR:RSA_KEY_SIZE:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0 PSA import into PSA: opaque RSA, implicit bits (ok) depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN -pk_import_into_psa_opaque:PSA_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_RSA_GEN_KEY_MIN_BITS:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_TYPE_RSA_KEY_PAIR:0:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:0 +pk_import_into_psa_opaque:PSA_KEY_TYPE_RSA_KEY_PAIR:RSA_KEY_SIZE:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_TYPE_RSA_KEY_PAIR:0:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:0 PSA import into PSA: opaque RSA, different bits (bad) depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN -pk_import_into_psa_opaque:PSA_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_RSA_GEN_KEY_MIN_BITS:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_RSA_GEN_KEY_MIN_BITS + 8:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:MBEDTLS_ERR_PK_TYPE_MISMATCH +pk_import_into_psa_opaque:PSA_KEY_TYPE_RSA_KEY_PAIR:RSA_KEY_SIZE:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_TYPE_RSA_KEY_PAIR:RSA_KEY_SIZE + 8:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:MBEDTLS_ERR_PK_TYPE_MISMATCH PSA import into PSA: opaque RSA, different type (bad) depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN -pk_import_into_psa_opaque:PSA_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_RSA_GEN_KEY_MIN_BITS:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:0:PSA_KEY_TYPE_HMAC:MBEDTLS_RSA_GEN_KEY_MIN_BITS:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:0:MBEDTLS_ERR_PK_TYPE_MISMATCH +pk_import_into_psa_opaque:PSA_KEY_TYPE_RSA_KEY_PAIR:RSA_KEY_SIZE:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:0:PSA_KEY_TYPE_HMAC:RSA_KEY_SIZE:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:0:MBEDTLS_ERR_PK_TYPE_MISMATCH PSA import into PSA: opaque RSA to public (ok) depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN -pk_import_into_psa_opaque:PSA_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_RSA_GEN_KEY_MIN_BITS:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_RSA_GEN_KEY_MIN_BITS:PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:0 +pk_import_into_psa_opaque:PSA_KEY_TYPE_RSA_KEY_PAIR:RSA_KEY_SIZE:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_TYPE_RSA_PUBLIC_KEY:RSA_KEY_SIZE:PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:0 PSA import into PSA: opaque RSA to public, implicit bits (ok) depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN -pk_import_into_psa_opaque:PSA_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_RSA_GEN_KEY_MIN_BITS:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_TYPE_RSA_PUBLIC_KEY:0:PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:0 +pk_import_into_psa_opaque:PSA_KEY_TYPE_RSA_KEY_PAIR:RSA_KEY_SIZE:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_TYPE_RSA_PUBLIC_KEY:0:PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:0 # MBEDTLS_ERR_PK_INVALID_ALG is the error that results from our translation # of PSA errors. In this case MBEDTLS_ERR_PK_TYPE_MISMATCH would probably # be more appropriate. PSA import into PSA: opaque RSA to public, different bits (bad) depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN -pk_import_into_psa_opaque:PSA_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_RSA_GEN_KEY_MIN_BITS:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_RSA_GEN_KEY_MIN_BITS + 8:PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:MBEDTLS_ERR_PK_INVALID_ALG +pk_import_into_psa_opaque:PSA_KEY_TYPE_RSA_KEY_PAIR:RSA_KEY_SIZE:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_TYPE_RSA_PUBLIC_KEY:RSA_KEY_SIZE + 8:PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:MBEDTLS_ERR_PK_INVALID_ALG PSA import into PSA: opaque ECC, COPY (ok) depends_on:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE:PSA_WANT_ALG_ECDSA diff --git a/tests/suites/test_suite_pk.function b/tests/suites/test_suite_pk.function index ab9ef7d494..dfea0a2404 100644 --- a/tests/suites/test_suite_pk.function +++ b/tests/suites/test_suite_pk.function @@ -28,9 +28,6 @@ /* Needed for the definition of MBEDTLS_PK_WRITE_PUBKEY_MAX_SIZE. */ #include "pkwrite.h" -#define RSA_KEY_SIZE MBEDTLS_RSA_GEN_KEY_MIN_BITS -#define RSA_KEY_LEN (MBEDTLS_RSA_GEN_KEY_MIN_BITS/8) - #if defined(MBEDTLS_RSA_C) || \ defined(MBEDTLS_PK_RSA_ALT_SUPPORT) || \ defined(MBEDTLS_ECDSA_C) || \ @@ -43,8 +40,7 @@ * - The build has built-in ECC and ECDSA signature. */ #if (defined(MBEDTLS_PK_PARSE_C) && defined(MBEDTLS_PK_WRITE_C) && \ - ((defined(MBEDTLS_RSA_C) && defined(MBEDTLS_GENPRIME)) || \ - defined(MBEDTLS_PK_CAN_ECDSA_SIGN))) || \ + (defined(MBEDTLS_RSA_C) || defined(MBEDTLS_PK_CAN_ECDSA_SIGN))) || \ (defined(MBEDTLS_ECP_C) && defined(MBEDTLS_PK_CAN_ECDSA_SIGN)) #define MBEDTLS_TEST_PK_PSA_SIGN #endif @@ -186,6 +182,10 @@ #include <../src/test_keys.h> +/* Define an RSA key size we know it's present in predefined_key[] array. */ +#define RSA_KEY_SIZE 1024 +#define RSA_KEY_LEN (RSA_KEY_SIZE/8) + static int get_predefined_key_data(int is_ec, int curve_or_keybits, const unsigned char **key, size_t *key_len, const unsigned char **pub_key, size_t *pub_key_len) @@ -504,7 +504,7 @@ static int pk_setup_for_type(mbedtls_pk_type_t pk_type, int want_pair, case MBEDTLS_PK_RSA: { *psa_type = PSA_KEY_TYPE_RSA_KEY_PAIR; - TEST_EQUAL(pk_setup(pk, pk_type, MBEDTLS_RSA_GEN_KEY_MIN_BITS), 0); + TEST_EQUAL(pk_setup(pk, pk_type, RSA_KEY_SIZE), 0); if (!want_pair) { mbedtls_rsa_context *rsa = mbedtls_pk_rsa(*pk); mbedtls_mpi_free(&rsa->D); @@ -1989,7 +1989,7 @@ exit: } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME:MBEDTLS_USE_PSA_CRYPTO */ +/* BEGIN_CASE depends_on:MBEDTLS_RSA_C:MBEDTLS_USE_PSA_CRYPTO */ void pk_psa_wrap_sign_ext(int pk_type, int key_bits, int key_pk_type, int md_alg) { mbedtls_pk_context pk; From 57d23e229cb778bdc7ef6a93c0ac5b463fdb7af5 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Tue, 16 Apr 2024 16:10:05 +0200 Subject: [PATCH 114/429] test_suite_pk: remove PK_PARSE_C unnecessary dependencies Signed-off-by: Valerio Setti --- tests/suites/test_suite_pk.function | 38 ++++++++++++++--------------- 1 file changed, 19 insertions(+), 19 deletions(-) diff --git a/tests/suites/test_suite_pk.function b/tests/suites/test_suite_pk.function index dfea0a2404..f12482fbce 100644 --- a/tests/suites/test_suite_pk.function +++ b/tests/suites/test_suite_pk.function @@ -231,7 +231,6 @@ psa_status_t pk_psa_import_key(const unsigned char *key_data, size_t key_len, } #endif /* MBEDTLS_PSA_CRYPTO_C */ -#if defined(MBEDTLS_PK_PARSE_C) /** Setup the provided PK context. * * Predefined keys used for the setup are taken from "test/src/test_keys.h" @@ -253,15 +252,19 @@ static int pk_setup(mbedtls_pk_context *pk, mbedtls_pk_type_t pk_type, int curve size_t pub_key_data_len = 0; int ret = MBEDTLS_ERR_PK_BAD_INPUT_DATA; + TEST_EQUAL(mbedtls_pk_setup(pk, mbedtls_pk_info_from_type(pk_type)), 0); + if (pk_type == MBEDTLS_PK_RSA) { +#if defined(MBEDTLS_RSA_C) TEST_EQUAL(get_predefined_key_data(0, curve_or_keybits, &key_data, &key_data_len, NULL, 0), 0); - TEST_EQUAL(mbedtls_pk_parse_key(pk, key_data, key_data_len, NULL, 0, - mbedtls_test_rnd_std_rand, NULL), 0); + TEST_EQUAL(mbedtls_rsa_parse_key(mbedtls_pk_rsa(*pk), key_data, key_data_len), 0); +#else /* MBEDTLS_RSA_C */ + TEST_FAIL("RSA keys not supported."); +#endif /* MBEDTLS_RSA_C */ } else { TEST_EQUAL(get_predefined_key_data(1, curve_or_keybits, &key_data, &key_data_len, &pub_key_data, &pub_key_data_len), 0); - TEST_EQUAL(mbedtls_pk_setup(pk, mbedtls_pk_info_from_type(pk_type)), 0); #if defined(MBEDTLS_PK_USE_PSA_EC_DATA) pk->ec_family = mbedtls_ecc_group_to_psa(curve_or_keybits, &pk->ec_bits); TEST_EQUAL(pk_psa_import_key(key_data, key_data_len, @@ -291,7 +294,6 @@ static int pk_setup(mbedtls_pk_context *pk, mbedtls_pk_type_t pk_type, int curve exit: return ret; } -#endif /* MBEDTLS_PK_PARSE_C */ #if defined(MBEDTLS_PSA_CRYPTO_CLIENT) /** Create a PSA key of the desired type and properties. @@ -355,7 +357,6 @@ exit: #endif /* MBEDTLS_PSA_CRYPTO_CLIENT */ #if defined(MBEDTLS_PSA_CRYPTO_C) -#if defined(MBEDTLS_PK_PARSE_C) static psa_key_usage_t pk_get_psa_attributes_implied_usage( psa_key_usage_t expected_usage) { @@ -379,7 +380,6 @@ static psa_key_usage_t pk_get_psa_attributes_implied_usage( expected_usage |= PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_COPY; return expected_usage; } -#endif /* MBEDTLS_PK_PARSE_C */ #define RSA_WRITE_PUBKEY_MAX_SIZE \ PSA_KEY_EXPORT_RSA_PUBLIC_KEY_MAX_SIZE(PSA_VENDOR_RSA_MAX_KEY_BITS) @@ -491,7 +491,7 @@ typedef enum { FROM_PAIR = 1 } from_pair_t; -#if defined(MBEDTLS_PSA_CRYPTO_C) && defined(MBEDTLS_PK_PARSE_C) +#if defined(MBEDTLS_PSA_CRYPTO_C) static int pk_setup_for_type(mbedtls_pk_type_t pk_type, int want_pair, mbedtls_pk_context *pk, psa_key_type_t *psa_type) { @@ -559,7 +559,7 @@ static int pk_setup_for_type(mbedtls_pk_type_t pk_type, int want_pair, exit: return MBEDTLS_ERR_ERROR_GENERIC_ERROR; } -#endif /* MBEDTLS_PSA_CRYPTO_C && MBEDTLS_PK_PARSE_C */ +#endif /* MBEDTLS_PSA_CRYPTO_C */ #if defined(MBEDTLS_PSA_CRYPTO_C) /* Create a new PSA key which will contain only the public part of the private @@ -742,7 +742,7 @@ exit: } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PK_PARSE_C */ +/* BEGIN_CASE depends_on:MBEDTLS_USE_PSA_CRYPTO */ void pk_can_do_ext(int opaque_key, int key_type, int key_usage, int key_alg, int key_alg2, int curve_or_keybits, int alg_check, int usage_check, int result) @@ -959,7 +959,7 @@ exit: } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_PK_PARSE_C */ +/* BEGIN_CASE */ void pk_utils(int type, int curve_or_keybits, int bitlen, int len, char *name) { mbedtls_pk_context pk; @@ -1301,7 +1301,7 @@ exit: } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_CAN_SHA256:PK_CAN_SIGN_SOME */ +/* BEGIN_CASE depends_on:MBEDTLS_MD_CAN_SHA256:PK_CAN_SIGN_SOME */ void pk_sign_verify(int type, int curve_or_keybits, int rsa_padding, int rsa_md_alg, int sign_ret, int verify_ret) { @@ -1693,7 +1693,7 @@ exit: } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PK_RSA_ALT_SUPPORT */ +/* BEGIN_CASE depends_on:MBEDTLS_RSA_C:MBEDTLS_PK_RSA_ALT_SUPPORT */ void pk_rsa_alt() { /* @@ -1953,7 +1953,7 @@ exit: } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_PK_PARSE_C */ +/* BEGIN_CASE */ void pk_sign_ext(int pk_type, int curve_or_keybits, int key_pk_type, int md_alg) { mbedtls_pk_context pk; @@ -2079,7 +2079,7 @@ exit: } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_PSA_CRYPTO_C:MBEDTLS_PK_PARSE_C */ +/* BEGIN_CASE depends_on:MBEDTLS_PSA_CRYPTO_C */ void pk_get_psa_attributes(int pk_type, int from_pair, int usage_arg, int to_pair, int expected_alg) @@ -2142,7 +2142,7 @@ exit: } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_PSA_CRYPTO_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V21:MBEDTLS_PK_PARSE_C */ +/* BEGIN_CASE depends_on:MBEDTLS_PSA_CRYPTO_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V21 */ void pk_rsa_v21_get_psa_attributes(int md_type, int from_pair, int usage_arg, int to_pair, int expected_alg) @@ -2190,7 +2190,7 @@ exit: } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_PSA_CRYPTO_C:MBEDTLS_PK_PARSE_C */ +/* BEGIN_CASE depends_on:MBEDTLS_PSA_CRYPTO_C */ void pk_get_psa_attributes_fail(int pk_type, int from_pair, int usage_arg, int expected_ret) @@ -2216,7 +2216,7 @@ exit: } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_PSA_CRYPTO_C:MBEDTLS_PK_PARSE_C:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE:MBEDTLS_PSA_CRYPTO_STORAGE_C */ +/* BEGIN_CASE depends_on:MBEDTLS_PSA_CRYPTO_C:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE:MBEDTLS_PSA_CRYPTO_STORAGE_C */ void pk_import_into_psa_lifetime(int from_opaque, int from_persistent, /* when from opaque */ int from_exportable, /* when from opaque */ @@ -2367,7 +2367,7 @@ exit: } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_PSA_CRYPTO_C:MBEDTLS_PK_PARSE_C */ +/* BEGIN_CASE depends_on:MBEDTLS_PSA_CRYPTO_C */ void pk_import_into_psa_fail(int pk_type, int from_pair, int type_arg, int bits_arg, int expected_ret) From 37bc93cbeb75d5a0ebb0ce3bd36ecf201a55e4c2 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Wed, 17 Apr 2024 05:25:40 +0200 Subject: [PATCH 115/429] test_suite_pk: fix guards for pk_psa_setup() Signed-off-by: Valerio Setti --- tests/suites/test_suite_pk.function | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/tests/suites/test_suite_pk.function b/tests/suites/test_suite_pk.function index f12482fbce..b77a9a88d8 100644 --- a/tests/suites/test_suite_pk.function +++ b/tests/suites/test_suite_pk.function @@ -295,7 +295,7 @@ exit: return ret; } -#if defined(MBEDTLS_PSA_CRYPTO_CLIENT) +#if defined(MBEDTLS_PSA_CRYPTO_C) /** Create a PSA key of the desired type and properties. * * - For RSA and EC keys predefined key data is used (as in the pk_setup() above). @@ -354,9 +354,7 @@ psa_status_t pk_psa_setup(psa_key_type_t type, size_t bits, exit: return status; } -#endif /* MBEDTLS_PSA_CRYPTO_CLIENT */ -#if defined(MBEDTLS_PSA_CRYPTO_C) static psa_key_usage_t pk_get_psa_attributes_implied_usage( psa_key_usage_t expected_usage) { From 62d0bb8f2cb4d78acee2f518610d45665e65fa22 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Wed, 17 Apr 2024 12:30:05 +0200 Subject: [PATCH 116/429] Simplify full invocation of compat.sh MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit We actually only need two invocations. This also moves all the default tests to OPENSSL_NEXT, which is good because OPENSSL is ancient. I have no idea why NULL doesn't work with OPENSSL_NEXT (1.1.1a) server, because according to the manpage [1], "ALL,COMPLEMENTOFALL" (which is what we are using) should do it, and indeed $OPENSSL_NEXT ciphers "ALL,COMPLEMENTOFALL" | tr ':' '\n' lists NULL ciphersuites, and also they work client-side with OPENSSL_NEXT... [1] https://www.openssl.org/docs/man1.1.1/man1/ciphers.html Also, while at it, remove partial invocation (only non-default) from one component, as we already have a full invocation in the same config (plus ASan) in another component. Signed-off-by: Manuel Pégourié-Gonnard --- tests/scripts/all.sh | 29 +++++++++++++---------------- tests/scripts/basic-build-test.sh | 10 +++------- 2 files changed, 16 insertions(+), 23 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 3aabec41d4..3f7ad957d4 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -1218,8 +1218,11 @@ component_test_full_cmake_gcc_asan () { msg "test: ssl-opt.sh (full config, ASan build)" tests/ssl-opt.sh - msg "test: compat.sh (full config, ASan build)" - tests/compat.sh + msg "test: compat.sh: NULL (full config, ASan build)" + tests/compat.sh -f 'NULL' + + msg "test: compat.sh next: all except NULL (full config, ASan build)" + env OPENSSL="$OPENSSL_NEXT" tests/compat.sh -e 'NULL' msg "test: context-info.sh (full config, ASan build)" # ~ 15 sec tests/context-info.sh @@ -1242,8 +1245,11 @@ component_test_full_cmake_gcc_asan_new_bignum () { msg "test: ssl-opt.sh (full config, ASan build)" tests/ssl-opt.sh - msg "test: compat.sh (full config, ASan build)" - tests/compat.sh + msg "test: compat.sh: NULL (full config, ASan build)" + tests/compat.sh -f 'NULL' + + msg "test: compat.sh next: all except NULL (full config, ASan build)" + env OPENSSL="$OPENSSL_NEXT" tests/compat.sh -e 'NULL' msg "test: context-info.sh (full config, ASan build)" # ~ 15 sec tests/context-info.sh @@ -2161,12 +2167,6 @@ component_test_full_cmake_clang () { msg "test: ssl-opt.sh default, ECJPAKE, SSL async (full config)" # ~ 1s tests/ssl-opt.sh -f 'Default\|ECJPAKE\|SSL async private' - - msg "test: compat.sh NULL (full config)" # ~ 2 min - tests/compat.sh -e '^$' -f 'NULL' - - msg "test: compat.sh ARIA + ChachaPoly" - env OPENSSL="$OPENSSL_NEXT" tests/compat.sh -e '^$' -f 'ARIA\|CHACHA' } skip_suites_without_constant_flow () { @@ -2610,14 +2610,11 @@ component_test_no_psa_crypto_full_cmake_asan() { msg "test: ssl-opt.sh (full minus PSA crypto)" tests/ssl-opt.sh - msg "test: compat.sh default (full minus PSA crypto)" - tests/compat.sh - - msg "test: compat.sh NULL (full minus PSA crypto)" + msg "test: compat.sh: NULL (full minus PSA crypto)" tests/compat.sh -f 'NULL' - msg "test: compat.sh ARIA + ChachaPoly (full minus PSA crypto)" - env OPENSSL="$OPENSSL_NEXT" tests/compat.sh -e '^$' -f 'ARIA\|CHACHA' + msg "test: compat.sh next: all except NULL (full minus PSA crypto)" + env OPENSSL="$OPENSSL_NEXT" tests/compat.sh -e 'NULL' } component_test_psa_crypto_config_accel_ecdsa () { diff --git a/tests/scripts/basic-build-test.sh b/tests/scripts/basic-build-test.sh index 52617541de..e365eeddc3 100755 --- a/tests/scripts/basic-build-test.sh +++ b/tests/scripts/basic-build-test.sh @@ -102,16 +102,12 @@ echo # Step 2c - Compatibility tests (keep going even if some tests fail) echo '################ compat.sh ################' { - echo '#### compat.sh: Default versions' - sh compat.sh - echo - - echo '#### compat.sh: null cipher' + echo '#### compat.sh: NULL ciphersuites' sh compat.sh -e '^$' -f 'NULL' echo - echo '#### compat.sh: next (ARIA, ChaCha)' - OPENSSL="$OPENSSL_NEXT" sh compat.sh -e '^$' -f 'ARIA\|CHACHA' + echo '#### compat.sh: next (all except NULL)' + OPENSSL="$OPENSSL_NEXT" sh compat.sh -e 'NULL' echo } | tee compat-test-$TEST_OUTPUT echo '^^^^^^^^^^^^^^^^ compat.sh ^^^^^^^^^^^^^^^^' From ee74339180e5409f4f18fd94c2b916b4b3845805 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Wed, 17 Apr 2024 15:12:49 +0200 Subject: [PATCH 117/429] generate_test_keys: minor improvements Signed-off-by: Valerio Setti --- tests/scripts/generate_test_keys.py | 53 ++++++++++++++--------------- 1 file changed, 25 insertions(+), 28 deletions(-) diff --git a/tests/scripts/generate_test_keys.py b/tests/scripts/generate_test_keys.py index 9c5786d82e..1236baa49f 100755 --- a/tests/scripts/generate_test_keys.py +++ b/tests/scripts/generate_test_keys.py @@ -7,16 +7,12 @@ generating the required key at run time. This helps speeding up testing.""" import os -import sys from typing import Iterator import re -# pylint: disable=wrong-import-position -SCRIPT_DIR = os.path.dirname(os.path.abspath(__file__)) + "/" -sys.path.append(SCRIPT_DIR + "../../scripts/") -from mbedtls_dev.asymmetric_key_data import ASYMMETRIC_KEY_DATA import scripts_path # pylint: disable=unused-import +from mbedtls_dev.asymmetric_key_data import ASYMMETRIC_KEY_DATA -OUTPUT_HEADER_FILE = SCRIPT_DIR + "../src/test_keys.h" +OUTPUT_HEADER_FILE = os.path.dirname(os.path.abspath(__file__)) + "/../src/test_keys.h" BYTES_PER_LINE = 16 def c_byte_array_literal_content(array_name: str, key_data: bytes) -> Iterator[str]: @@ -53,25 +49,25 @@ def get_ec_key_family(key: str) -> str: # - understand if the curve is supported in legacy symbols (MBEDTLS_ECP_DP_...) EC_NAME_CONVERSION = { 'PSA_ECC_FAMILY_SECP_K1': { - 192: ['secp', 'k1'], - 224: ['secp', 'k1'], - 256: ['secp', 'k1'] + 192: ('secp', 'k1'), + 224: ('secp', 'k1'), + 256: ('secp', 'k1') }, 'PSA_ECC_FAMILY_SECP_R1': { - 192: ['secp', 'r1'], - 224: ['secp', 'r1'], - 256: ['secp', 'r1'], - 384: ['secp', 'r1'], - 521: ['secp', 'r1'] + 192: ('secp', 'r1'), + 224: ('secp', 'r1'), + 256: ('secp', 'r1'), + 384: ('secp', 'r1'), + 521: ('secp', 'r1') }, 'PSA_ECC_FAMILY_BRAINPOOL_P_R1': { - 256: ['bp', 'r1'], - 384: ['bp', 'r1'], - 512: ['bp', 'r1'] + 256: ('bp', 'r1'), + 384: ('bp', 'r1'), + 512: ('bp', 'r1') }, 'PSA_ECC_FAMILY_MONTGOMERY': { - 255: ['curve', '19'], - 448: ['curve', ''] + 255: ('curve', '19'), + 448: ('curve', '') } } @@ -80,13 +76,13 @@ def get_ec_curve_name(priv_key: str, bits: int) -> str: try: prefix = EC_NAME_CONVERSION[ec_family][bits][0] suffix = EC_NAME_CONVERSION[ec_family][bits][1] - except: # pylint: disable=bare-except + except KeyError: return "" return prefix + str(bits) + suffix def get_look_up_table_entry(key_type: str, curve_or_keybits: str, priv_array_name: str, pub_array_name: str) -> Iterator[str]: - yield "\n {{ {}, ".format("1" if key_type == "ec" else "0") + yield " {{ {}, ".format("1" if key_type == "ec" else "0") yield "{},\n".format(curve_or_keybits) yield " {0}, sizeof({0}),\n".format(priv_array_name) yield " {0}, sizeof({0}) }},".format(pub_array_name) @@ -104,12 +100,12 @@ def main() -> None: " *********************************************************************************/\n" ) - look_up_table = "" + look_up_table = [] # Get a list of private keys only in order to get a single item for every # (key type, key bits) pair. We know that ASYMMETRIC_KEY_DATA # contains also the public counterpart. - priv_keys = [key for key in ASYMMETRIC_KEY_DATA if re.match(r'.*_KEY_PAIR', key)] + priv_keys = [key for key in ASYMMETRIC_KEY_DATA if '_KEY_PAIR' in key] for priv_key in priv_keys: key_type = get_key_type(priv_key) @@ -142,9 +138,8 @@ def main() -> None: curve_or_keybits = "MBEDTLS_ECP_DP_" + curve.upper() else: curve_or_keybits = str(bits) - look_up_table = look_up_table + \ - ''.join(get_look_up_table_entry(key_type, curve_or_keybits, - array_name_priv, array_name_pub)) + look_up_table.append(''.join(get_look_up_table_entry(key_type, curve_or_keybits, + array_name_priv, array_name_pub))) # Write the lookup table: the struct containing pointers to all the arrays we created above. output_file.write(""" struct predefined_key_element { @@ -156,8 +151,10 @@ struct predefined_key_element { size_t pub_key_len; }; -struct predefined_key_element predefined_keys[] = {""") - output_file.write("{}\n}};\n".format(look_up_table)) +struct predefined_key_element predefined_keys[] = { +""") + output_file.write("\n".join(look_up_table)) + output_file.write("\n};\n") if __name__ == '__main__': main() From 40eaf120af628461b812b365558a408ea4c80d79 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Wed, 17 Apr 2024 15:27:44 +0200 Subject: [PATCH 118/429] test_suite_pk: fix some descriptions in data file Signed-off-by: Valerio Setti --- tests/suites/test_suite_pk.data | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/tests/suites/test_suite_pk.data b/tests/suites/test_suite_pk.data index 2ab36aa822..9a3781f3a7 100644 --- a/tests/suites/test_suite_pk.data +++ b/tests/suites/test_suite_pk.data @@ -8,21 +8,21 @@ PK write valid parameters depends_on:MBEDTLS_RSA_C valid_parameters_pkwrite:"308204a20201000282010100a9021f3d406ad555538bfd36ee82652e15615e89bfb8e84590dbee881652d3f143504796125964876bfd2be046f973beddcf92e1915bed66a06f8929794580d0836ad54143775f397c09044782b0573970eda3ec15191ea8330847c10542a9fd4cc3b4dfdd061f4d1051406773130f40f86d81255f0ab153c6307e1539acf95aee7f929ea6055be7139785b52392d9d42406d50925897507dda61a8f3f0919bead652c64eb959bdcfe415e17a6da6c5b69cc02ba142c16249c4adccdd0f7526773f12da023fd7ef431ca2d70ca890b04db2ea64f706e9ecebd5889e253599e6e5a9265e2883f0c9419a3dde5e89d9513ed29dbab7012dc5aca6b17ab528254b10203010001028201001689f5e89142ae18a6ffb0513715a4b0b4a13b9e5b3729a2bd62d738c6e15cea7bf3a4d85ab2193a0628c9452bb1f0c1af8b132789df1c95e72778bf5330f5b0d915d242d5e0818e85001ed5fa93d1ce13455deb0a15438562e8e3c8d60ec1e4c9ebff9f2b36b9cde9332cc79f0d17a7ae79cc1353cd75409ad9b4b6d7ee3d82af6f3207656cf2ac98947c15c398db0cebf8dc3eef5398269480cdd09411b960273ae3f364da09af849f24aa87346c58618ea91d9d6cd1d3932c80dbfc1f0a4166a9036911999ca27761079f0ce02db02c1c909ff9b4278578d7bb1b54b2b7082fc9e864b6b394e331c0d11a9a68255565b6dd477f4119c5809839520700711102818100d7db987ad86de6a9b0749fb5da80bacde3bebd72dcc83f60a27db74f927ac3661386577bfce5b4a00ad024682401d6aad29713c8e223b53415305ca07559821099b187fdd1bad3dc4dec9da96f5fa6128331e8f7d89f1e1a788698d1a27256dc7cd392f04e531a9e38e7265bf4fd7eec01e7835e9b1a0dd8923e440381be1c2702818100c87025fff7a493c623404966fbc8b32ed164ca620ad1a0ad11ef42fd12118456017856a8b42e5d4ad36104e9dc9f8a2f3003c3957ffddb20e2f4e3fc3cf2cdddae01f57a56de4fd24b91ab6d3e5cc0e8af0473659594a6bbfdaacf958f19c8d508eac12d8977616af6877106288093d37904a139220c1bc278ea56edc086976702818043e708685c7cf5fa9b4f948e1856366d5e1f3a694f9a8e954f884c89f3823ac5798ee12657bfcaba2dac9c47464c6dc2fecc17a531be19da706fee336bb6e47b645dbc71d3eff9856bddeb1ac9b644ffbdd58d7ba9e1240f1faaf797ba8a4d58becbaf85789e1bd979fcfccc209d3db7f0416bc9eef09b3a6d86b8ce8199d4310281804f4b86ccffe49d0d8ace98fb63ea9f708b284ba483d130b6a75cb76cb4e4372d6b41774f20912319420ca4cbfc1b25a8cb5f01d6381f6ebc50ed3ef08010327f5ba2acc1ac7220b3fa6f7399314db2879b0db0b5647abd87abb01295815a5b086491b2c0d81c616ed67ef8a8ce0727f446711d7323d4147b5828a52143c43b4b028180540756beba83c20a0bda11d6dec706a71744ff28090cec079dffb507d82828038fe657f61496a20317f779cb683ce8196c29a6fe28839a282eef4de57773be56808b0c3e2ac7747e2b200b2fbf20b55258cd24622a1ce0099de098ab0855106ae087f08b0c8c346d81619400c1b4838e33ed9ff90f05db8fccf8fb7ab881ca12" -PK utils: RSA Minimum key +PK utils: RSA 1024-bit depends_on:MBEDTLS_RSA_C pk_utils:MBEDTLS_PK_RSA:RSA_KEY_SIZE:RSA_KEY_SIZE:(RSA_KEY_SIZE + 7) / 8:"RSA" -# mbedtls_rsa_gen_key() only supports even sizes, so we don't test min+1, -# min+3, etc. -PK utils: RSA Minimum key + 2 bits +# In the following 3 test cases we test a few different sizes that are not a +# multiple of 8 and for which we have test data. +PK utils: RSA 1026-bits depends_on:MBEDTLS_RSA_C pk_utils:MBEDTLS_PK_RSA:RSA_KEY_SIZE + 2:RSA_KEY_SIZE + 2:(RSA_KEY_SIZE + 2 + 7) / 8:"RSA" -PK utils: RSA Minimum key + 4 bits +PK utils: RSA 1028-bits depends_on:MBEDTLS_RSA_C pk_utils:MBEDTLS_PK_RSA:RSA_KEY_SIZE + 4:RSA_KEY_SIZE + 4:(RSA_KEY_SIZE + 4 + 7) / 8:"RSA" -PK utils: RSA Minimum key + 6 bits +PK utils: RSA 1030-bits depends_on:MBEDTLS_RSA_C pk_utils:MBEDTLS_PK_RSA:RSA_KEY_SIZE + 6:RSA_KEY_SIZE + 6:(RSA_KEY_SIZE + 6 + 7) / 8:"RSA" From 36188219fc5dd9c547cd4633f94fad6c29381561 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Wed, 17 Apr 2024 16:12:12 +0200 Subject: [PATCH 119/429] generate_test_keys: split group_id and key bitsize in the generated structure - group_id is only used for EC keys; - key bitsize only for RSA. Signed-off-by: Valerio Setti --- tests/scripts/generate_test_keys.py | 18 ++++++++++-------- tests/src/test_keys.h | 28 ++++++++++++++-------------- tests/suites/test_suite_pk.function | 27 ++++++++++++++++++--------- 3 files changed, 42 insertions(+), 31 deletions(-) diff --git a/tests/scripts/generate_test_keys.py b/tests/scripts/generate_test_keys.py index 1236baa49f..0a67a784cb 100755 --- a/tests/scripts/generate_test_keys.py +++ b/tests/scripts/generate_test_keys.py @@ -80,10 +80,12 @@ def get_ec_curve_name(priv_key: str, bits: int) -> str: return "" return prefix + str(bits) + suffix -def get_look_up_table_entry(key_type: str, curve_or_keybits: str, +def get_look_up_table_entry(key_type: str, group_id_or_keybits: str, priv_array_name: str, pub_array_name: str) -> Iterator[str]: - yield " {{ {}, ".format("1" if key_type == "ec" else "0") - yield "{},\n".format(curve_or_keybits) + if key_type == "ec": + yield " {{ {}, 0,\n".format(group_id_or_keybits) + else: + yield " {{ 0, {},\n".format(group_id_or_keybits) yield " {0}, sizeof({0}),\n".format(priv_array_name) yield " {0}, sizeof({0}) }},".format(pub_array_name) @@ -135,16 +137,16 @@ def main() -> None: output_file.write(''.join(["\n", c_array_priv, "\n", c_array_pub, "\n"])) # Update the lookup table if key_type == "ec": - curve_or_keybits = "MBEDTLS_ECP_DP_" + curve.upper() + group_id_or_keybits = "MBEDTLS_ECP_DP_" + curve.upper() else: - curve_or_keybits = str(bits) - look_up_table.append(''.join(get_look_up_table_entry(key_type, curve_or_keybits, + group_id_or_keybits = str(bits) + look_up_table.append(''.join(get_look_up_table_entry(key_type, group_id_or_keybits, array_name_priv, array_name_pub))) # Write the lookup table: the struct containing pointers to all the arrays we created above. output_file.write(""" struct predefined_key_element { - int is_ec; // 1 for EC keys; 0 for RSA - int curve_or_keybits; + int group_id; // EC group ID; 0 for RSA keys + int keybits; // bits size of RSA key; 0 for EC keys const unsigned char *priv_key; size_t priv_key_len; const unsigned char *pub_key; diff --git a/tests/src/test_keys.h b/tests/src/test_keys.h index 7e8f773b66..ec54fe480c 100644 --- a/tests/src/test_keys.h +++ b/tests/src/test_keys.h @@ -730,8 +730,8 @@ const unsigned char test_rsa_4096_pub[] = { }; struct predefined_key_element { - int is_ec; // 1 for EC keys; 0 for RSA - int curve_or_keybits; + int group_id; // EC group ID; 0 for RSA keys + int keybits; // bits size of RSA key; 0 for EC keys const unsigned char *priv_key; size_t priv_key_len; const unsigned char *pub_key; @@ -739,40 +739,40 @@ struct predefined_key_element { }; struct predefined_key_element predefined_keys[] = { - { 1, MBEDTLS_ECP_DP_SECP192K1, + { MBEDTLS_ECP_DP_SECP192K1, 0, test_ec_secp192k1_priv, sizeof(test_ec_secp192k1_priv), test_ec_secp192k1_pub, sizeof(test_ec_secp192k1_pub) }, - { 1, MBEDTLS_ECP_DP_SECP256K1, + { MBEDTLS_ECP_DP_SECP256K1, 0, test_ec_secp256k1_priv, sizeof(test_ec_secp256k1_priv), test_ec_secp256k1_pub, sizeof(test_ec_secp256k1_pub) }, - { 1, MBEDTLS_ECP_DP_SECP192R1, + { MBEDTLS_ECP_DP_SECP192R1, 0, test_ec_secp192r1_priv, sizeof(test_ec_secp192r1_priv), test_ec_secp192r1_pub, sizeof(test_ec_secp192r1_pub) }, - { 1, MBEDTLS_ECP_DP_SECP224R1, + { MBEDTLS_ECP_DP_SECP224R1, 0, test_ec_secp224r1_priv, sizeof(test_ec_secp224r1_priv), test_ec_secp224r1_pub, sizeof(test_ec_secp224r1_pub) }, - { 1, MBEDTLS_ECP_DP_SECP256R1, + { MBEDTLS_ECP_DP_SECP256R1, 0, test_ec_secp256r1_priv, sizeof(test_ec_secp256r1_priv), test_ec_secp256r1_pub, sizeof(test_ec_secp256r1_pub) }, - { 1, MBEDTLS_ECP_DP_SECP384R1, + { MBEDTLS_ECP_DP_SECP384R1, 0, test_ec_secp384r1_priv, sizeof(test_ec_secp384r1_priv), test_ec_secp384r1_pub, sizeof(test_ec_secp384r1_pub) }, - { 1, MBEDTLS_ECP_DP_SECP521R1, + { MBEDTLS_ECP_DP_SECP521R1, 0, test_ec_secp521r1_priv, sizeof(test_ec_secp521r1_priv), test_ec_secp521r1_pub, sizeof(test_ec_secp521r1_pub) }, - { 1, MBEDTLS_ECP_DP_BP256R1, + { MBEDTLS_ECP_DP_BP256R1, 0, test_ec_bp256r1_priv, sizeof(test_ec_bp256r1_priv), test_ec_bp256r1_pub, sizeof(test_ec_bp256r1_pub) }, - { 1, MBEDTLS_ECP_DP_BP384R1, + { MBEDTLS_ECP_DP_BP384R1, 0, test_ec_bp384r1_priv, sizeof(test_ec_bp384r1_priv), test_ec_bp384r1_pub, sizeof(test_ec_bp384r1_pub) }, - { 1, MBEDTLS_ECP_DP_BP512R1, + { MBEDTLS_ECP_DP_BP512R1, 0, test_ec_bp512r1_priv, sizeof(test_ec_bp512r1_priv), test_ec_bp512r1_pub, sizeof(test_ec_bp512r1_pub) }, - { 1, MBEDTLS_ECP_DP_CURVE25519, + { MBEDTLS_ECP_DP_CURVE25519, 0, test_ec_curve25519_priv, sizeof(test_ec_curve25519_priv), test_ec_curve25519_pub, sizeof(test_ec_curve25519_pub) }, - { 1, MBEDTLS_ECP_DP_CURVE448, + { MBEDTLS_ECP_DP_CURVE448, 0, test_ec_curve448_priv, sizeof(test_ec_curve448_priv), test_ec_curve448_pub, sizeof(test_ec_curve448_pub) }, { 0, 1024, diff --git a/tests/suites/test_suite_pk.function b/tests/suites/test_suite_pk.function index b77a9a88d8..ec7fac08e5 100644 --- a/tests/suites/test_suite_pk.function +++ b/tests/suites/test_suite_pk.function @@ -186,24 +186,33 @@ #define RSA_KEY_SIZE 1024 #define RSA_KEY_LEN (RSA_KEY_SIZE/8) -static int get_predefined_key_data(int is_ec, int curve_or_keybits, +static int get_predefined_key_data(int is_ec, int group_id_or_keybits, const unsigned char **key, size_t *key_len, const unsigned char **pub_key, size_t *pub_key_len) { size_t i; + struct predefined_key_element *predefined_key = NULL; + for (i = 0; i < ARRAY_LENGTH(predefined_keys); i++) { - if ((is_ec == predefined_keys[i].is_ec) && - (curve_or_keybits == predefined_keys[i].curve_or_keybits)) { - *key = predefined_keys[i].priv_key; - *key_len = predefined_keys[i].priv_key_len; - if (pub_key != NULL) { - *pub_key = predefined_keys[i].pub_key; - *pub_key_len = predefined_keys[i].pub_key_len; + if (is_ec) { + if (group_id_or_keybits == predefined_keys[i].group_id) { + predefined_key = &predefined_keys[i]; } - return 0; + } else if (group_id_or_keybits == predefined_keys[i].keybits) { + predefined_key = &predefined_keys[i]; } } + if (predefined_key != NULL) { + *key = predefined_key->priv_key; + *key_len = predefined_key->priv_key_len; + if (pub_key != NULL) { + *pub_key = predefined_key->pub_key; + *pub_key_len = predefined_key->pub_key_len; + } + return 0; + } + TEST_FAIL("Unsupported key"); /* "exit" label is to make the compiler happy. */ exit: From daa322a2de821343795da355ec122eef92bae8c3 Mon Sep 17 00:00:00 2001 From: Ryan Everett Date: Thu, 18 Apr 2024 16:48:55 +0100 Subject: [PATCH 120/429] Update component_test_psa_crypto_rsa_no_genprime Prepare this component for PSA_CRYPTO_CONFIG to be on by default. Rename it so that the name is still accurate when we remove legacy symbols Signed-off-by: Ryan Everett --- tests/scripts/all.sh | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 2c800ffb09..66150725b1 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -1366,12 +1366,13 @@ component_build_full_psa_crypto_client_without_crypto_provider () { grep mbedtls_pk_copy_from_psa library/libmbedcrypto.a } -component_test_psa_crypto_rsa_no_genprime() { - msg "build: default config minus MBEDTLS_GENPRIME" +component_test_no_rsa_key_pair_generation() { + msg "build: default config minus PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE" scripts/config.py unset MBEDTLS_GENPRIME + scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE make - msg "test: default config minus MBEDTLS_GENPRIME" + msg "test: default config minus PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE" make test } From 89f5af84affc07f01d2bae3797a2bd97dd3786b7 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Thu, 18 Apr 2024 06:54:32 +0200 Subject: [PATCH 121/429] adjust_legacy_crypto: enable ASN1_[PARSE|WRITE]_C when RSA_C RSA needs ASN1 functions to parse/write private and public keys, but there is no guards in the code for that. So we need to enable ASN1 support whenever RSA is enabled. Signed-off-by: Valerio Setti --- include/mbedtls/config_adjust_legacy_crypto.h | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/include/mbedtls/config_adjust_legacy_crypto.h b/include/mbedtls/config_adjust_legacy_crypto.h index 9b06041228..e477c0796a 100644 --- a/include/mbedtls/config_adjust_legacy_crypto.h +++ b/include/mbedtls/config_adjust_legacy_crypto.h @@ -293,6 +293,14 @@ #define MBEDTLS_ECP_LIGHT #endif +/* Backward compatibility: after #8740 the RSA module offers functions to parse + * and write RSA private/public keys without relying on the PK one. Of course + * this needs ASN1 support to do so, so we enable it here. */ +#if defined(MBEDTLS_RSA_C) +#define MBEDTLS_ASN1_PARSE_C +#define MBEDTLS_ASN1_WRITE_C +#endif + /* MBEDTLS_PK_PARSE_EC_COMPRESSED is introduced in Mbed TLS version 3.5, while * in previous version compressed points were automatically supported as long * as PK_PARSE_C and ECP_C were enabled. As a consequence, for backward From ce86865258cb4cafc56db21dfea9399774310bf0 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Fri, 19 Apr 2024 09:37:17 +0200 Subject: [PATCH 122/429] add changelog Signed-off-by: Valerio Setti --- ChangeLog.d/asn1-missing-guard-in-rsa.txt | 3 +++ 1 file changed, 3 insertions(+) create mode 100644 ChangeLog.d/asn1-missing-guard-in-rsa.txt diff --git a/ChangeLog.d/asn1-missing-guard-in-rsa.txt b/ChangeLog.d/asn1-missing-guard-in-rsa.txt new file mode 100644 index 0000000000..613bdc5d87 --- /dev/null +++ b/ChangeLog.d/asn1-missing-guard-in-rsa.txt @@ -0,0 +1,3 @@ +Bugfix + * MBEDTLS_ASN1_PARSE_C and MBEDTLS_ASN1_WRITE_C is automatically enabled + as soon as MBEDTLS_RSA_C is enabled. Fixes #9041. From ec3b90f34851cfb3918c563e822dbf18e5430c6a Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Fri, 19 Apr 2024 11:09:56 +0200 Subject: [PATCH 123/429] changelog: fix text Signed-off-by: Valerio Setti --- ChangeLog.d/asn1-missing-guard-in-rsa.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ChangeLog.d/asn1-missing-guard-in-rsa.txt b/ChangeLog.d/asn1-missing-guard-in-rsa.txt index 613bdc5d87..bb5b470881 100644 --- a/ChangeLog.d/asn1-missing-guard-in-rsa.txt +++ b/ChangeLog.d/asn1-missing-guard-in-rsa.txt @@ -1,3 +1,3 @@ Bugfix - * MBEDTLS_ASN1_PARSE_C and MBEDTLS_ASN1_WRITE_C is automatically enabled + * MBEDTLS_ASN1_PARSE_C and MBEDTLS_ASN1_WRITE_C are now automatically enabled as soon as MBEDTLS_RSA_C is enabled. Fixes #9041. From eb86b906d719c89bf19a3abb1ea92cadc7ab7289 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Mon, 22 Apr 2024 10:25:09 +0200 Subject: [PATCH 124/429] Fix full invocation of ssl-opt.sh MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The previous commit had: - one obvious mistake (-f NULL with default -e runs nothing) - one unforeseen issue: OPENSSL_NEXT skips static ECDH - arguably scope creep: the stated goal was to simplify the full invocation (in particular, make it obvious that everything is run without having to remember the default value of EXCLUDE), but it also made an unrelated change: running most tests with OPENSSL_NEXT (hence the previous point). This commit should fix all this, in particular it switches back to running most tests with OPENSSL and using OPENSSL_NEXT only when needed. Hopefully in the future we'll do the opposite: most tests will run with a recent OpenSSL, and only those that need an older one will use something older. But that will be another PR. Signed-off-by: Manuel Pégourié-Gonnard --- tests/scripts/all.sh | 40 ++++++++++++++++++------------- tests/scripts/basic-build-test.sh | 8 +++---- 2 files changed, 27 insertions(+), 21 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 3f7ad957d4..9a674ed732 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -1212,17 +1212,19 @@ component_test_full_cmake_gcc_asan () { msg "test: main suites (inc. selftests) (full config, ASan build)" make test - msg "test: selftest (ASan build)" # ~ 10s + msg "test: selftest (full config, ASan build)" # ~ 10s programs/test/selftest msg "test: ssl-opt.sh (full config, ASan build)" tests/ssl-opt.sh - msg "test: compat.sh: NULL (full config, ASan build)" - tests/compat.sh -f 'NULL' + # Note: the next two invocations cover all compat.sh test cases. + # We should use the same here and in basic-build-test.sh. + msg "test: compat.sh: default version (full config, ASan build)" + tests/compat.sh -e 'ARIA\|CHACHA' - msg "test: compat.sh next: all except NULL (full config, ASan build)" - env OPENSSL="$OPENSSL_NEXT" tests/compat.sh -e 'NULL' + msg "test: compat.sh: next: ARIA, Chacha (full config, ASan build)" + env OPENSSL="$OPENSSL_NEXT" tests/compat.sh -e '^$' -f 'ARIA\|CHACHA' msg "test: context-info.sh (full config, ASan build)" # ~ 15 sec tests/context-info.sh @@ -1236,22 +1238,24 @@ component_test_full_cmake_gcc_asan_new_bignum () { CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . make - msg "test: main suites (inc. selftests) (full config, ASan build)" + msg "test: main suites (inc. selftests) (full config, new bignum, ASan)" make test - msg "test: selftest (ASan build)" # ~ 10s + msg "test: selftest (full config, new bignum, ASan)" # ~ 10s programs/test/selftest - msg "test: ssl-opt.sh (full config, ASan build)" + msg "test: ssl-opt.sh (full config, new bignum, ASan)" tests/ssl-opt.sh - msg "test: compat.sh: NULL (full config, ASan build)" - tests/compat.sh -f 'NULL' + # Note: the next two invocations cover all compat.sh test cases. + # We should use the same here and in basic-build-test.sh. + msg "test: compat.sh: default version (full config, new bignum, ASan)" + tests/compat.sh -e 'ARIA\|CHACHA' - msg "test: compat.sh next: all except NULL (full config, ASan build)" - env OPENSSL="$OPENSSL_NEXT" tests/compat.sh -e 'NULL' + msg "test: compat.sh: next: ARIA, Chacha (full config, new bignum, ASan)" + env OPENSSL="$OPENSSL_NEXT" tests/compat.sh -e '^$' -f 'ARIA\|CHACHA' - msg "test: context-info.sh (full config, ASan build)" # ~ 15 sec + msg "test: context-info.sh (full config, new bignum, ASan)" # ~ 15 sec tests/context-info.sh } @@ -2610,11 +2614,13 @@ component_test_no_psa_crypto_full_cmake_asan() { msg "test: ssl-opt.sh (full minus PSA crypto)" tests/ssl-opt.sh - msg "test: compat.sh: NULL (full minus PSA crypto)" - tests/compat.sh -f 'NULL' + # Note: the next two invocations cover all compat.sh test cases. + # We should use the same here and in basic-build-test.sh. + msg "test: compat.sh: default version (full minus PSA crypto)" + tests/compat.sh -e 'ARIA\|CHACHA' - msg "test: compat.sh next: all except NULL (full minus PSA crypto)" - env OPENSSL="$OPENSSL_NEXT" tests/compat.sh -e 'NULL' + msg "test: compat.sh: next: ARIA, Chacha (full minus PSA crypto)" + env OPENSSL="$OPENSSL_NEXT" tests/compat.sh -e '^$' -f 'ARIA\|CHACHA' } component_test_psa_crypto_config_accel_ecdsa () { diff --git a/tests/scripts/basic-build-test.sh b/tests/scripts/basic-build-test.sh index e365eeddc3..d2e955f1eb 100755 --- a/tests/scripts/basic-build-test.sh +++ b/tests/scripts/basic-build-test.sh @@ -102,12 +102,12 @@ echo # Step 2c - Compatibility tests (keep going even if some tests fail) echo '################ compat.sh ################' { - echo '#### compat.sh: NULL ciphersuites' - sh compat.sh -e '^$' -f 'NULL' + echo '#### compat.sh: Default versions' + sh compat.sh -e 'ARIA\|CHACHA' echo - echo '#### compat.sh: next (all except NULL)' - OPENSSL="$OPENSSL_NEXT" sh compat.sh -e 'NULL' + echo '#### compat.sh: next (ARIA, ChaCha)' + OPENSSL="$OPENSSL_NEXT" sh compat.sh -e '^$' -f 'ARIA\|CHACHA' echo } | tee compat-test-$TEST_OUTPUT echo '^^^^^^^^^^^^^^^^ compat.sh ^^^^^^^^^^^^^^^^' From fcd744fe69053f82c0ce32be5974e00c1fe6d2eb Mon Sep 17 00:00:00 2001 From: Ryan Everett Date: Mon, 22 Apr 2024 10:44:24 +0100 Subject: [PATCH 125/429] Set MBEDTLS_PSA_CRYPTO_CONFIG in component_test_no_rsa_key_pair_gen Signed-off-by: Ryan Everett --- tests/scripts/all.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 66150725b1..985d14d39f 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -1368,6 +1368,7 @@ component_build_full_psa_crypto_client_without_crypto_provider () { component_test_no_rsa_key_pair_generation() { msg "build: default config minus PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE" + scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG scripts/config.py unset MBEDTLS_GENPRIME scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE make From 57a0b915fd4afe9f30a63649c52c38d9db4bcb60 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 22 Apr 2024 15:35:04 +0200 Subject: [PATCH 126/429] Remove redundant dependency In the test data, remove a dependency that is already present on the function. Signed-off-by: Gilles Peskine --- tests/suites/test_suite_x509parse.data | 34 +++++++++++++------------- 1 file changed, 17 insertions(+), 17 deletions(-) diff --git a/tests/suites/test_suite_x509parse.data b/tests/suites/test_suite_x509parse.data index 89d4578af5..500c6764d1 100644 --- a/tests/suites/test_suite_x509parse.data +++ b/tests/suites/test_suite_x509parse.data @@ -239,71 +239,71 @@ depends_on:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_MD_CAN_SHA256:MBEDTLS_ECP_HAVE_SE x509_parse_san:"data_files/server5-tricky-ip-san-malformed-len.crt.der":"":MBEDTLS_ERR_X509_BAD_INPUT_DATA X509 CRL information #1 -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_RSA_C:!MBEDTLS_X509_REMOVE_INFO +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_RSA_C mbedtls_x509_crl_info:"data_files/parse_input/crl_expired.pem":"CRL version \: 1\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2011-02-20 10\:24\:19\nnext update \: 2011-02-20 11\:24\:19\nRevoked certificates\:\nserial number\: 01 revocation date\: 2011-02-12 14\:44\:07\nserial number\: 03 revocation date\: 2011-02-12 14\:44\:07\nsigned using \: RSA with SHA1\n" X509 CRL Information MD5 Digest -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD_CAN_MD5:MBEDTLS_RSA_C:!MBEDTLS_X509_REMOVE_INFO +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD_CAN_MD5:MBEDTLS_RSA_C mbedtls_x509_crl_info:"data_files/parse_input/crl_md5.pem":"CRL version \: 1\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2011-02-12 14\:44\:07\nnext update \: 2011-04-13 14\:44\:07\nRevoked certificates\:\nserial number\: 01 revocation date\: 2011-02-12 14\:44\:07\nserial number\: 03 revocation date\: 2011-02-12 14\:44\:07\nsigned using \: RSA with MD5\n" X509 CRL Information SHA1 Digest -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_RSA_C:!MBEDTLS_X509_REMOVE_INFO +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_RSA_C mbedtls_x509_crl_info:"data_files/parse_input/crl_sha1.pem":"CRL version \: 1\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2011-02-12 14\:44\:07\nnext update \: 2011-04-13 14\:44\:07\nRevoked certificates\:\nserial number\: 01 revocation date\: 2011-02-12 14\:44\:07\nserial number\: 03 revocation date\: 2011-02-12 14\:44\:07\nsigned using \: RSA with SHA1\n" X509 CRL Information SHA224 Digest -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD_CAN_SHA224:MBEDTLS_RSA_C:!MBEDTLS_X509_REMOVE_INFO +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD_CAN_SHA224:MBEDTLS_RSA_C mbedtls_x509_crl_info:"data_files/parse_input/crl_sha224.pem":"CRL version \: 1\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2011-02-12 14\:44\:07\nnext update \: 2011-04-13 14\:44\:07\nRevoked certificates\:\nserial number\: 01 revocation date\: 2011-02-12 14\:44\:07\nserial number\: 03 revocation date\: 2011-02-12 14\:44\:07\nsigned using \: RSA with SHA-224\n" X509 CRL Information SHA256 Digest -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD_CAN_SHA256:MBEDTLS_RSA_C:!MBEDTLS_X509_REMOVE_INFO +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD_CAN_SHA256:MBEDTLS_RSA_C mbedtls_x509_crl_info:"data_files/parse_input/crl_sha256.pem":"CRL version \: 1\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2011-02-12 14\:44\:07\nnext update \: 2011-04-13 14\:44\:07\nRevoked certificates\:\nserial number\: 01 revocation date\: 2011-02-12 14\:44\:07\nserial number\: 03 revocation date\: 2011-02-12 14\:44\:07\nsigned using \: RSA with SHA-256\n" X509 CRL Information SHA384 Digest -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_RSA_C:!MBEDTLS_X509_REMOVE_INFO +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_RSA_C mbedtls_x509_crl_info:"data_files/parse_input/crl_sha384.pem":"CRL version \: 1\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2011-02-12 14\:44\:07\nnext update \: 2011-04-13 14\:44\:07\nRevoked certificates\:\nserial number\: 01 revocation date\: 2011-02-12 14\:44\:07\nserial number\: 03 revocation date\: 2011-02-12 14\:44\:07\nsigned using \: RSA with SHA-384\n" X509 CRL Information SHA512 Digest -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD_CAN_SHA512:MBEDTLS_RSA_C:!MBEDTLS_X509_REMOVE_INFO +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD_CAN_SHA512:MBEDTLS_RSA_C mbedtls_x509_crl_info:"data_files/parse_input/crl_sha512.pem":"CRL version \: 1\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2011-02-12 14\:44\:07\nnext update \: 2011-04-13 14\:44\:07\nRevoked certificates\:\nserial number\: 01 revocation date\: 2011-02-12 14\:44\:07\nserial number\: 03 revocation date\: 2011-02-12 14\:44\:07\nsigned using \: RSA with SHA-512\n" X509 CRL information RSA-PSS, SHA1 Digest -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_MD_CAN_SHA1:!MBEDTLS_X509_REMOVE_INFO +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_MD_CAN_SHA1 mbedtls_x509_crl_info:"data_files/parse_input/crl-rsa-pss-sha1.pem":"CRL version \: 2\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2014-01-20 13\:46\:35\nnext update \: 2024-01-18 13\:46\:35\nRevoked certificates\:\nserial number\: 0A revocation date\: 2013-09-24 16\:28\:38\nserial number\: 16 revocation date\: 2014-01-20 13\:43\:05\nsigned using \: RSASSA-PSS (SHA1, MGF1-SHA1, 0xEA)\n" X509 CRL information RSA-PSS, SHA224 Digest -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_MD_CAN_SHA224:!MBEDTLS_X509_REMOVE_INFO +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_MD_CAN_SHA224 mbedtls_x509_crl_info:"data_files/parse_input/crl-rsa-pss-sha224.pem":"CRL version \: 2\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2014-01-20 13\:56\:06\nnext update \: 2024-01-18 13\:56\:06\nRevoked certificates\:\nserial number\: 0A revocation date\: 2013-09-24 16\:28\:38\nserial number\: 16 revocation date\: 2014-01-20 13\:43\:05\nsigned using \: RSASSA-PSS (SHA224, MGF1-SHA224, 0xE2)\n" X509 CRL information RSA-PSS, SHA256 Digest -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_MD_CAN_SHA256:!MBEDTLS_X509_REMOVE_INFO +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_MD_CAN_SHA256 mbedtls_x509_crl_info:"data_files/parse_input/crl-rsa-pss-sha256.pem":"CRL version \: 2\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2014-01-20 13\:56\:16\nnext update \: 2024-01-18 13\:56\:16\nRevoked certificates\:\nserial number\: 0A revocation date\: 2013-09-24 16\:28\:38\nserial number\: 16 revocation date\: 2014-01-20 13\:43\:05\nsigned using \: RSASSA-PSS (SHA256, MGF1-SHA256, 0xDE)\n" X509 CRL information RSA-PSS, SHA384 Digest -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_MD_CAN_SHA384:!MBEDTLS_X509_REMOVE_INFO +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_MD_CAN_SHA384 mbedtls_x509_crl_info:"data_files/parse_input/crl-rsa-pss-sha384.pem":"CRL version \: 2\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2014-01-20 13\:56\:28\nnext update \: 2024-01-18 13\:56\:28\nRevoked certificates\:\nserial number\: 0A revocation date\: 2013-09-24 16\:28\:38\nserial number\: 16 revocation date\: 2014-01-20 13\:43\:05\nsigned using \: RSASSA-PSS (SHA384, MGF1-SHA384, 0xCE)\n" X509 CRL information RSA-PSS, SHA512 Digest -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_MD_CAN_SHA512:!MBEDTLS_X509_REMOVE_INFO +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_MD_CAN_SHA512 mbedtls_x509_crl_info:"data_files/parse_input/crl-rsa-pss-sha512.pem":"CRL version \: 2\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2014-01-20 13\:56\:38\nnext update \: 2024-01-18 13\:56\:38\nRevoked certificates\:\nserial number\: 0A revocation date\: 2013-09-24 16\:28\:38\nserial number\: 16 revocation date\: 2014-01-20 13\:43\:05\nsigned using \: RSASSA-PSS (SHA512, MGF1-SHA512, 0xBE)\n" X509 CRL Information EC, SHA1 Digest -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PK_CAN_ECDSA_SOME:!MBEDTLS_X509_REMOVE_INFO +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PK_CAN_ECDSA_SOME mbedtls_x509_crl_info:"data_files/parse_input/crl-ec-sha1.pem":"CRL version \: 2\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nthis update \: 2013-09-24 16\:31\:08\nnext update \: 2023-09-22 16\:31\:08\nRevoked certificates\:\nserial number\: 0A revocation date\: 2013-09-24 16\:28\:38\nsigned using \: ECDSA with SHA1\n" X509 CRL Information EC, SHA224 Digest -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD_CAN_SHA224:MBEDTLS_PK_CAN_ECDSA_SOME:!MBEDTLS_X509_REMOVE_INFO +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD_CAN_SHA224:MBEDTLS_PK_CAN_ECDSA_SOME mbedtls_x509_crl_info:"data_files/parse_input/crl-ec-sha224.pem":"CRL version \: 2\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nthis update \: 2013-09-24 16\:31\:08\nnext update \: 2023-09-22 16\:31\:08\nRevoked certificates\:\nserial number\: 0A revocation date\: 2013-09-24 16\:28\:38\nsigned using \: ECDSA with SHA224\n" X509 CRL Information EC, SHA256 Digest -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD_CAN_SHA256:MBEDTLS_PK_CAN_ECDSA_SOME:!MBEDTLS_X509_REMOVE_INFO +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD_CAN_SHA256:MBEDTLS_PK_CAN_ECDSA_SOME mbedtls_x509_crl_info:"data_files/parse_input/crl-ec-sha256.pem":"CRL version \: 2\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nthis update \: 2013-09-24 16\:31\:08\nnext update \: 2023-09-22 16\:31\:08\nRevoked certificates\:\nserial number\: 0A revocation date\: 2013-09-24 16\:28\:38\nsigned using \: ECDSA with SHA256\n" X509 CRL Information EC, SHA384 Digest -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PK_CAN_ECDSA_SOME:!MBEDTLS_X509_REMOVE_INFO +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PK_CAN_ECDSA_SOME mbedtls_x509_crl_info:"data_files/parse_input/crl-ec-sha384.pem":"CRL version \: 2\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nthis update \: 2013-09-24 16\:31\:08\nnext update \: 2023-09-22 16\:31\:08\nRevoked certificates\:\nserial number\: 0A revocation date\: 2013-09-24 16\:28\:38\nsigned using \: ECDSA with SHA384\n" X509 CRL Information EC, SHA512 Digest -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD_CAN_SHA512:MBEDTLS_PK_CAN_ECDSA_SOME:!MBEDTLS_X509_REMOVE_INFO +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD_CAN_SHA512:MBEDTLS_PK_CAN_ECDSA_SOME mbedtls_x509_crl_info:"data_files/parse_input/crl-ec-sha512.pem":"CRL version \: 2\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nthis update \: 2013-09-24 16\:31\:08\nnext update \: 2023-09-22 16\:31\:08\nRevoked certificates\:\nserial number\: 0A revocation date\: 2013-09-24 16\:28\:38\nsigned using \: ECDSA with SHA512\n" X509 CRL Malformed Input (trailing spaces at end of file) From 6b3a9ee2d80780acc79400816069c8511ecac813 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 22 Apr 2024 17:18:13 +0200 Subject: [PATCH 127/429] Allow PSA to not support RSA keys with non-byte-aligned sizes Work around https://github.com/Mbed-TLS/mbedtls/issues/9048 Signed-off-by: Gilles Peskine --- tests/suites/test_suite_pkparse.function | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/tests/suites/test_suite_pkparse.function b/tests/suites/test_suite_pkparse.function index a06fc30bc8..63ff092160 100644 --- a/tests/suites/test_suite_pkparse.function +++ b/tests/suites/test_suite_pkparse.function @@ -47,7 +47,19 @@ static int test_psa_bridge(const mbedtls_pk_context *ctx, int ok = 0; TEST_EQUAL(mbedtls_pk_get_psa_attributes(ctx, usage_flag, &attributes), 0); - TEST_EQUAL(mbedtls_pk_import_into_psa(ctx, &attributes, &psa_key), 0); + int ret = mbedtls_pk_import_into_psa(ctx, &attributes, &psa_key); + if (mbedtls_pk_get_type(ctx) == MBEDTLS_PK_RSA && + mbedtls_pk_get_bitlen(ctx) % 8 != 0 && + ret == MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE) { + /* There is a historical limitation with support for RSA keys in PSA: + * only byte-aligned sizes are supported. + * https://github.com/Mbed-TLS/mbedtls/issues/9048 + * For now, for such keys, treat not-supported from PSA as a success. + */ + ok = 1; + goto exit; + } + TEST_EQUAL(ret, 0); if (!mbedtls_test_key_consistency_psa_pk(psa_key, ctx)) { goto exit; } From 1f4e0390bd3fc0a6c2a84f34c5b87b16d0622e9a Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 22 Apr 2024 17:18:53 +0200 Subject: [PATCH 128/429] Fix misspelled dependency: there is no MBEDTLS_PEM_C Signed-off-by: Gilles Peskine --- tests/suites/test_suite_pkparse.data | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/tests/suites/test_suite_pkparse.data b/tests/suites/test_suite_pkparse.data index 1650f51b3a..bec6f4b901 100644 --- a/tests/suites/test_suite_pkparse.data +++ b/tests/suites/test_suite_pkparse.data @@ -915,19 +915,19 @@ depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C: pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_aes256cbc_sha384.der":"PolarSSLTest":0 Parse RSA Key #100.1 (512-bit) -depends_on:MBEDTLS_PEM_C +depends_on:MBEDTLS_PEM_PARSE_C pk_parse_keyfile_rsa:"data_files/rsa512.key":"":0 Parse RSA Key #100.1 (521-bit) -depends_on:MBEDTLS_PEM_C +depends_on:MBEDTLS_PEM_PARSE_C pk_parse_keyfile_rsa:"data_files/rsa521.key":"":0 Parse RSA Key #100.1 (522-bit) -depends_on:MBEDTLS_PEM_C +depends_on:MBEDTLS_PEM_PARSE_C pk_parse_keyfile_rsa:"data_files/rsa522.key":"":0 Parse RSA Key #100.1 (528-bit) -depends_on:MBEDTLS_PEM_C +depends_on:MBEDTLS_PEM_PARSE_C pk_parse_keyfile_rsa:"data_files/rsa528.key":"":0 Parse Public RSA Key #1 (PKCS#8 wrapped) From b612f9fe7cc7534135bf70c83404180fb5eb8514 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 24 Apr 2024 16:20:52 +0200 Subject: [PATCH 129/429] Cleartext RSA keys: also make DER formats available We can use DER keys in builds without PEM, so it's good to have them around. Signed-off-by: Gilles Peskine --- tests/data_files/Makefile | 23 +++++++++++++++------- tests/data_files/rsa_pkcs1_1024_clear.der | Bin 0 -> 634 bytes tests/data_files/rsa_pkcs1_2048_clear.der | Bin 0 -> 1218 bytes tests/data_files/rsa_pkcs1_4096_clear.der | Bin 0 -> 2374 bytes 4 files changed, 16 insertions(+), 7 deletions(-) create mode 100644 tests/data_files/rsa_pkcs1_1024_clear.der create mode 100644 tests/data_files/rsa_pkcs1_2048_clear.der create mode 100644 tests/data_files/rsa_pkcs1_4096_clear.der diff --git a/tests/data_files/Makefile b/tests/data_files/Makefile index 01d2379d1e..1fefc48fbb 100644 --- a/tests/data_files/Makefile +++ b/tests/data_files/Makefile @@ -710,13 +710,21 @@ keys_rsa_pkcs8_pwd = PolarSSLTest ### all other encrypted RSA keys are derived. rsa_pkcs1_1024_clear.pem: $(OPENSSL) genrsa -out $@ 1024 -all_final += rsa_pkcs1_1024_clear.pem +keys_rsa_base += rsa_pkcs1_1024_clear.pem rsa_pkcs1_2048_clear.pem: $(OPENSSL) genrsa -out $@ 2048 -all_final += rsa_pkcs1_2048_clear.pem +keys_rsa_base += rsa_pkcs1_2048_clear.pem rsa_pkcs1_4096_clear.pem: $(OPENSSL) genrsa -out $@ 4096 -all_final += rsa_pkcs1_4096_clear.pem +keys_rsa_base += rsa_pkcs1_4096_clear.pem + +all_final += $(keys_rsa_base) + +### PKCS1-encoded, plaintext RSA keys in derived forms + +rsa_pkcs1_%.der: rsa_pkcs1_%.pem + $(OPENSSL) rsa -inform PEM -in $< -outform DER -out $@ +all_final += $(keys_rsa_base:.pem=.der) ### ### PKCS1-encoded, encrypted RSA keys @@ -1170,8 +1178,8 @@ keys_rsa_enc_pkcs8_v2_4096_sha512: keys_rsa_enc_pkcs8_v2_4096_3des_sha512 keys_r ### Rules to generate all RSA keys from a particular class ### -### Generate basic unencrypted RSA keys -keys_rsa_unenc: rsa_pkcs1_1024_clear.pem rsa_pkcs1_2048_clear.pem rsa_pkcs1_4096_clear.pem +### Generate cleartext RSA keys in derived formats +keys_rsa_cleartext: $(keys_rsa_base) $(keys_rsa_base:.pem=.der) ### Generate PKCS1-encoded encrypted RSA keys keys_rsa_enc_basic: keys_rsa_enc_basic_1024 keys_rsa_enc_basic_2048 keys_rsa_enc_basic_4096 @@ -1183,7 +1191,8 @@ keys_rsa_enc_pkcs8_v1: keys_rsa_enc_pkcs8_v1_1024 keys_rsa_enc_pkcs8_v1_2048 key keys_rsa_enc_pkcs8_v2: keys_rsa_enc_pkcs8_v2_1024 keys_rsa_enc_pkcs8_v2_2048 keys_rsa_enc_pkcs8_v2_4096 keys_rsa_enc_pkcs8_v2_1024_sha224 keys_rsa_enc_pkcs8_v2_2048_sha224 keys_rsa_enc_pkcs8_v2_4096_sha224 keys_rsa_enc_pkcs8_v2_1024_sha256 keys_rsa_enc_pkcs8_v2_2048_sha256 keys_rsa_enc_pkcs8_v2_4096_sha256 keys_rsa_enc_pkcs8_v2_1024_sha384 keys_rsa_enc_pkcs8_v2_2048_sha384 keys_rsa_enc_pkcs8_v2_4096_sha384 keys_rsa_enc_pkcs8_v2_1024_sha512 keys_rsa_enc_pkcs8_v2_2048_sha512 keys_rsa_enc_pkcs8_v2_4096_sha512 ### Generate all RSA keys -keys_rsa_all: keys_rsa_unenc keys_rsa_enc_basic keys_rsa_enc_pkcs8_v1 keys_rsa_enc_pkcs8_v2 +keys_rsa_all: keys_rsa_base keys_rsa_cleartext +keys_rsa_all: keys_rsa_enc_basic keys_rsa_enc_pkcs8_v1 keys_rsa_enc_pkcs8_v2 ################################################################ #### Generate various EC keys @@ -2177,7 +2186,7 @@ all: $(all_intermediate) $(all_final) .PHONY: default all_final all .PHONY: keys_rsa_all -.PHONY: keys_rsa_unenc keys_rsa_enc_basic +.PHONY: keys_rsa_enc_basic .PHONY: keys_rsa_enc_pkcs8_v1 keys_rsa_enc_pkcs8_v2 .PHONY: keys_rsa_enc_basic_1024 keys_rsa_enc_basic_2048 keys_rsa_enc_basic_4096 .PHONY: keys_rsa_enc_pkcs8_v1_1024 keys_rsa_enc_pkcs8_v2_1024 diff --git a/tests/data_files/rsa_pkcs1_1024_clear.der b/tests/data_files/rsa_pkcs1_1024_clear.der new file mode 100644 index 0000000000000000000000000000000000000000..8dfb09fb8407c69ab2501c2b5738b754aa594704 GIT binary patch literal 634 zcmV-=0)_oBf&z8|0RS)!1_>&LNQUpU@(FLTmk_A0)c@5$2gM3!}M?v z2y6HgHSF^N9Ev3mm4Y@NsvedSRT`}Ldv!Ala91;&*_H84Ohh-xzQmwEpuB{xNx8 zX1)E7&I}Gm!xMF}XmsR=>fc+2kg}&j=keq-8GCM8!TM^lY{-&*Corqc;yCii%>qFH z`d9`?^Kw{rRufF!w>j?`m{=(DE)7J+&TU{#ohW+Fs*b)61KPvf)W#iEwG~q8>v>*I zDvI*MlDL;{A*+_-0zm-FxZ7SW$`E_oKyEC4?+;0WDk^giM+CSBU)<3imvWiLal_yO zzQyQ-d{C^k$T_&cjV?r?8Z#N^GhalCv3;)sKr&-nNPVxXJdRMVEe1a$@IP;-He)l2 ze^qx-W$xDj`0V|3C6EIRUpjbk*%@r4R^oJcRn=TbMza=jY*}2FF9JX}tt!snX2k%6 zm}Eod;Q-~29AyKO9!{*--y0)O;07Z8xFXj(2-aW7t&IZKS&n4x!shKfwnJA1_vJ=^ zJt*S>KnwyF2HC0K)eKyonyd_D1?l;XN4#g5BT8%D@JY<=);jVU(5ECPzjsnJx*{mw UpDewlX^JGbN)X4t0@RTXEm)x;3jhEB literal 0 HcmV?d00001 diff --git a/tests/data_files/rsa_pkcs1_2048_clear.der b/tests/data_files/rsa_pkcs1_2048_clear.der new file mode 100644 index 0000000000000000000000000000000000000000..137395e2a392d435aceb82d0983ab9ff9af5757d GIT binary patch literal 1218 zcmV;z1U>sOf&{(-0RS)!1_>&LNQUrs4#*Aqyhl|0)hbn0H{@G`LduK zG{zNW9`^IWFh&?+Vs`pVi*&4Y6)`Buh`@(Kmn|BKJ)<#@)THy;3 zIoarFf~mW88*VlZu4EEje8iDBm%zlxv3&eV$y!B&VIJA<=puk3ZEQ^b8r*D#cr3wN zjWd#ST!A`=qoQ{dyfpwrSc#+rd3uvO8n-Z2rqFZ+ppdvA(D~sQfJ7=g`l4R>s*D)? z2qQEET@nygR|ei&)bdp_O!{7dhW0y*-A1s4>|m(`7q#EBW+lcf?jPs_ht*6gf5z{X9123!=RO|u6UAw<}G?FCpet~ji=L2eJe;* zP{<+TjX@HANcn@=I!S;^!&HZ?+na8!$*6&yPCL2g1poh$JS5LdjvhP_x$<$YL}!~C zmrk40j@*Hurq48(0OwUgH$gbu!3kK_ksfIdg)#n?rThg;J1h^Sl9ll&R2c$+fdJC< zLM-dshAAItpr-;xfnr!^YfwnvXb)?To4_KjrJ^<}UG7E`(9Z$Sc^yseRUjn5NTdCP2G#5-i`6}v%%Oa(ZT$E zThkF{nTbOgrKj?w(jIaC)G)}qqLTuFfdI@$Pka3GOmzrSmI&bKL;NqM2yu=YaP3rX zQ6K}&IwkH7$VLV0P=Dd33g0|NG5H%l5iaH-IRXkfyG%zrAP>bG#2OK{Y!d?3m;LYS zW+l3iNGX>9J7r({pa9MUN}+$2Gr74yv^`Zz+{0eJnV~m{R%Ucm$x2-JcftwT_?H5K zfM8(+Qth`e23@&1oYUt{d6pJA>qbBOl>hl|nM=PbA%97~{Cd0B{c8gA|0G8MZpPKh5@;b#4Iaw>GA}{4Y(&>gM z;di-4dWV!EUL)QTk#dQH77Kt|0^v1GZIEhGvH1y$SujV{K+I60szP}1WB0UYHQJ!B z_qr5shiI;5J0IWi{5RH39*Y93L3uxB&b&88VGR9A^^%_0KQ0Yo8KKF7B0*>qtlKSf z-2#Du0L9c-e+Hz2C=J##PqzjB%)5zr&?2VJF=86+>nIx+`Ws3k_iTktU1k*_}zgW)UQ@sVz6GwZNnS0F(2}~ gZQJH(unKUZ;^V5;|NmZV@F&WNLW4zvPu$>5*v6|p)Bpeg literal 0 HcmV?d00001 diff --git a/tests/data_files/rsa_pkcs1_4096_clear.der b/tests/data_files/rsa_pkcs1_4096_clear.der new file mode 100644 index 0000000000000000000000000000000000000000..c65a2325b5363ff811ae440b3924e246e0efc7de GIT binary patch literal 2374 zcmV-M3Ay$#f(b$b0RS)!1_>&LNQUwEHHuzC;|Zh0)heo0M3Kwsfd5< zM8=uZR&mVg?{QZ9;onMaPj%vIi`8Xm0q>iH*@ivIWD0kS55vg;Vkk65!s!ccx)!Yt zZ5nwj5^IZDh@zdKrvjBrsth-ByuwTx4qk+C%0FfkvOEuCa*P}rlk_*5cIpC)ja1u2 z*LPA~^NdoJUmWePrV8AJquz$01<<5;hhWk-Tf+8U_NX0)BW z=XCrJb%u7EiZ$Nzp;u6+ccnRnwSOD;n>? zlwIs!wxlmVCHsLEL*CkOWHy3>=T0(U*_m@@R-+W z%J$&o20Cyrg8ckcMM%KgswHI#d@7L!VSej#fIhe&%(Mq#VQ%)1GwrrGK?hVu_J*&< zZq734qtHKvZ6RmAQn6vsRR~8+TF7b46XxZ_J&(uQ3EZkl*ntN2>2b7m-Y+~kjsUsy zi#WhibMYO6FZk@$*3DidkY;mEYV8Ty%Jc6Hmllm_xNKPUO9BG{009Dm0sv|J@{wfM z+K08V&hRI>w!Ny_tgTS*9>~x{qR=09OMOk=@Ib$h$YV;U?YruXr{o)?Fv#iH4?O%- zR{9acET&6=nlkX(n@{_gY1`c=JOH|DT38d5KU&>P<3R6dDsJeHr|4BjkVFM{#_fY9 zf#6zYSBZxlAL_SN^?Tx~`+JL`d+juUHF3siOdbO|UM zJ&;|=UD(Yv-|L&Lq5j`#LDu_H^~TLjk&xeN{qwAKaeJSPVr&akGcbcnbTA-3Y$ILZ zBO3@}lF#cMaqvtwv;HIF6<^3Ze@_Ue0sx&A0a>{2NQiS)pbDDqV4MJv`A}DF7DR6j z8)WzLCCpz}q;G+LtMHbEF#ORR&NeeNxXJ=~b$yaTflYdH-jzeFtVdwiM>AseQsRMP zSVS-WuY>P7GxSUzMTy>wwD1~{y?Oc9s!~Wm8n3`J=;=p1YK%-PySSeNpVshgm1O& znt3z&VNx(_sn{SX(~I$S)9;G}lg9-$gIn;`j()SDUKR#Z3(p?{++ZkNGY{X#i8tmY zchD)GRNq$rvc#c@q?Cfox5I)u`n6LGe8gp&(2364orD1u6&P30cF|&cl>YY+AIW6& z)&mKSd;82<&Bs4A)-8pQ4RsYxUqcmHSaC+NtU^#xD8Ax#%mfz#f&l>l*ni^IujpNH zEGO~Z2&G`*jom11*SgTnB;oMwM9(<~PFBAQ1E^xR;QG!)WiKIxV{MnJTp01Ew3TUN z`OtuE_n&l%4MPR<{H+Dnhx7CxoT#utamw$Y9)2yR{Yp;Q5WYyrJkVM<_f0S_?%h` zb>!A)*R3hv=kzj=uIc^mn9UwWlI*>lW*%iwn=LJQ?bjo&w5pYM^{ zpn%bfvyF(ZIL1P9^`L6{kuw>@B4=PP+L46l7`db23VfXf^_ra=AbHILJFL&G+bwJ9 z;bm*C-b|Bd@0;FDskN*k(WW`FsKHK=;&7?}bj3~8$wMtgoyzp@tcMLQ5;$HS_XXTt z=SF!ezB2=CmtuXdt2)9PO!V&FA`8aav=X-Rc%4osxVa-hNIy`}$f5za#P}>_hw2ca z>M#a`y$rKJ{1YCu;dK0AfFP0h9IaL~CdTl5=X{Ecs>hQll}=jeARILW`LZPzI1+v~ z!`6EDqLxDH4;+%mi#0jNVXF^BZyrp?2bRTNe*N(=D-jpVEr?HUX##=)01>Hqzju*| zGjAs_kePSF%7Q$G@{oKnSXx}r9q{7l89)UXw~-{v>-|P{|8oG8=X9yc zJ?1#x1fxw|&ur$|-G0~cOMoNXiPb!t83LxNQ}Zz;Vg$nO(3Xy1ESjG{f=QJO2g7Og zbcT}r4R!&&k34FRrSD_x{el?xefUB0jyF&BPa#Nnox%qnr$SDKj93iMSO&mofg1uj z@6MrxPK4sD5zvCw$~6jpvdQgaPyqU`ch{=Hg@(ul!CV|RIx5U%oK;ISJBH`ok<_W%F@ literal 0 HcmV?d00001 From 9c3ebe30b85cfa4558d769e7ff36e716334bb127 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 24 Apr 2024 16:21:59 +0200 Subject: [PATCH 130/429] Add some test RSA keys of sizes 768 and up These are sufficiently large for PKCS#1v1.5 signature with SHA-512 or SHA3-512. Cover some non-word-aligned sizes. Signed-off-by: Gilles Peskine --- tests/data_files/Makefile | 18 +++++++++++++++++- tests/data_files/rsa_pkcs1_768_clear.der | Bin 0 -> 489 bytes tests/data_files/rsa_pkcs1_768_clear.pem | 13 +++++++++++++ tests/data_files/rsa_pkcs1_769_clear.der | Bin 0 -> 490 bytes tests/data_files/rsa_pkcs1_769_clear.pem | 13 +++++++++++++ tests/data_files/rsa_pkcs1_770_clear.der | Bin 0 -> 491 bytes tests/data_files/rsa_pkcs1_770_clear.pem | 13 +++++++++++++ tests/data_files/rsa_pkcs1_776_clear.der | Bin 0 -> 492 bytes tests/data_files/rsa_pkcs1_776_clear.pem | 13 +++++++++++++ tests/data_files/rsa_pkcs1_784_clear.der | Bin 0 -> 497 bytes tests/data_files/rsa_pkcs1_784_clear.pem | 13 +++++++++++++ 11 files changed, 82 insertions(+), 1 deletion(-) create mode 100644 tests/data_files/rsa_pkcs1_768_clear.der create mode 100644 tests/data_files/rsa_pkcs1_768_clear.pem create mode 100644 tests/data_files/rsa_pkcs1_769_clear.der create mode 100644 tests/data_files/rsa_pkcs1_769_clear.pem create mode 100644 tests/data_files/rsa_pkcs1_770_clear.der create mode 100644 tests/data_files/rsa_pkcs1_770_clear.pem create mode 100644 tests/data_files/rsa_pkcs1_776_clear.der create mode 100644 tests/data_files/rsa_pkcs1_776_clear.pem create mode 100644 tests/data_files/rsa_pkcs1_784_clear.der create mode 100644 tests/data_files/rsa_pkcs1_784_clear.pem diff --git a/tests/data_files/Makefile b/tests/data_files/Makefile index 1fefc48fbb..0fbdfe513d 100644 --- a/tests/data_files/Makefile +++ b/tests/data_files/Makefile @@ -706,8 +706,24 @@ keys_rsa_basic_pwd = testkey ### Password used for PKCS8-encoded encrypted RSA keys keys_rsa_pkcs8_pwd = PolarSSLTest -### Basic 1024-, 2048- and 4096-bit unencrypted RSA keys from which +### Basic unencrypted RSA keys from which ### all other encrypted RSA keys are derived. +keys_rsa_base = +rsa_pkcs1_768_clear.pem: + $(OPENSSL) genrsa -out $@ 768 +keys_rsa_base += rsa_pkcs1_768_clear.pem +rsa_pkcs1_769_clear.pem: + $(OPENSSL) genrsa -out $@ 769 +keys_rsa_base += rsa_pkcs1_769_clear.pem +rsa_pkcs1_770_clear.pem: + $(OPENSSL) genrsa -out $@ 770 +keys_rsa_base += rsa_pkcs1_770_clear.pem +rsa_pkcs1_776_clear.pem: + $(OPENSSL) genrsa -out $@ 776 +keys_rsa_base += rsa_pkcs1_776_clear.pem +rsa_pkcs1_784_clear.pem: + $(OPENSSL) genrsa -out $@ 784 +keys_rsa_base += rsa_pkcs1_784_clear.pem rsa_pkcs1_1024_clear.pem: $(OPENSSL) genrsa -out $@ 1024 keys_rsa_base += rsa_pkcs1_1024_clear.pem diff --git a/tests/data_files/rsa_pkcs1_768_clear.der b/tests/data_files/rsa_pkcs1_768_clear.der new file mode 100644 index 0000000000000000000000000000000000000000..7fbd8b221f51a9fc3888347103dbd00bfb40d411 GIT binary patch literal 489 zcmV&LNQUo&oF`k%K`xa0$~8ziDRKp3|%Ox z0SO5z)5qttd?h@n9*w|VlB&94h7?5!hKz`(pluaF;*hb7YQr;VuEJ9?*$RoHgwjug zAThGI;qkkCc&Ye^L;g}geJcy+rb^Fr{kB>l;Za7)a!c0&0|5X50$~7*9X1l&J9c%B z1)#7>>4n7el5W|S-?t^iABW%UnA6R3$vP8z1eLxoWup}N0DB=Fi*`TfI?7hmP(^xX z5Vx2*m@&(cnSN;}Vr?a3qBXiho`h5l3 zzu()yxyPyGO;a(zD+iz&LNQUo&@h4l%mM)b0$~BQGpW|Qo$eGH zFuKs$4FP;!!e8a>epc4UFIfdjZpds&3I}lGu_fDIg&O$+0|5X50$~8v7z|YWcUqow zE=e#LO6`ew3Ri)XLp%aaZFhf5t2u`T2Ap5o!>6rjAojh{kf~tXmk8vAOmD&A9@(&{ zY+IOJJkIW3;FkBzq#~T0*5J#CWwWgXv6tk(qr9(NlCzpCv!)yk3bJGGb0Q;8;seY||r7$%gJpSsy z8V{4*iz+tGE#}@wxNAEC#v{`Z(@ycku#6g_@Pxn;g90#8OgNT9EdAqL@%Mu|E*~5Q zi147271)_3L8(17^jw$_Bd#Y6noxYXX#7eOxGi}CF#zMy%^cX09*MHjm%H;7{pee4 z$up>dLP&grk*s8;W(cSb3vpdeK8~aR#>PiqY9j(M0jxo06?vXF5~==Wgq~ltvlfYT g1k9tnrPHJ==c-SBb5#84&qBjwUH`L7CS&Fq9s?xawEzGB literal 0 HcmV?d00001 diff --git a/tests/data_files/rsa_pkcs1_769_clear.pem b/tests/data_files/rsa_pkcs1_769_clear.pem new file mode 100644 index 0000000000..a04b2c1b2e --- /dev/null +++ b/tests/data_files/rsa_pkcs1_769_clear.pem @@ -0,0 +1,13 @@ +-----BEGIN PRIVATE KEY----- +MIIB5gIBADANBgkqhkiG9w0BAQEFAASCAdAwggHMAgEAAmEBtTOp1rud7hQbMLrQ +2Q0BfF7CX+XtflbWxy9ZBUpuyGxJCgdw4+PXZGa64DaxHozNM3EHGxvnYc1uuWpl +g3kvTu5qfAzZuKjnGXVIVc3aneHMTYQeUzWcGrSxJdtfhRr5AgMBAAECYQDVGAxU +/HdannQuSTAYSu2JeApXgZNDPAJNbXd/S6s5hwYGnF/aw6etaSD2vdGQqWDblwjk +hUxvweEe2bCobFuYXTzO7l7glvfNpHn2VOy44SFW51YG1JGyJ3qpm6DQ+30CMQG8 +3YQ7tWfTExA+mE7AxHuG1XPHGwANEEeZL7WmmkIUs6nCpUM5tyeXelXDbAZ3c9MC +MQD7lwqpfq18pTA1Hzz+6sAaD5Pdiyo2zi3m3ke4azsCxiPTENNO8cSwjBqi8ITA +EoMCMFJMOJZDLP3jXPH3gzouHxwGiPCgkhXYmSZBqT009FyYECOuJw2aUHy5aPxK +E7gteQIxAOPRzRzYkh6JstKXu/MV/ehbbMkzqIFCSHyDkaxkpWYIqA4LcV1OPo6j +/8bGR19qIwIxAaxBZhV5njcSqf5lhJ5ftLMWiXQEzKO8pdOkLOeqT35zVPzpz0LD +ZF3/s0smY+YZHg== +-----END PRIVATE KEY----- diff --git a/tests/data_files/rsa_pkcs1_770_clear.der b/tests/data_files/rsa_pkcs1_770_clear.der new file mode 100644 index 0000000000000000000000000000000000000000..f9e6c8be95eb6918e631124c2db71e1fa10dfcf4 GIT binary patch literal 491 zcmV&LNQUo(J+Dm%>n@c0$~G7YukUw;P?$T z8Oe6{RT@|}h9C+lVEd7W7Z^rhKBV$vTGcc^Dx#u0pVA44E&$SBjqX-lcx7m`$p3Wq zH4QTsPfbm*LRW{5A#))1`-%F zV7gsNTdMw^iew#=8OHrMb?AA9PG z8oGalXQ;6_UEH?eVBfkmTRUM%ErfuHYlPW+E^5g8i2^YJ#Oq^D`^BRh3;o6{>nWZG zXuwxGlRHDiaI={5{OJ?5dePyAfbH#SOFmFllh~q(0xEHm8JvN_5lgnv0N)WMVTJY%tF#&jEzK*cq&!(s+x1?*rOvD9; hxw*7Z`z!2{3t=lURw6}Mg+{=LCnZh|%f&e^7t%Hb-v9sr literal 0 HcmV?d00001 diff --git a/tests/data_files/rsa_pkcs1_770_clear.pem b/tests/data_files/rsa_pkcs1_770_clear.pem new file mode 100644 index 0000000000..6e90126f86 --- /dev/null +++ b/tests/data_files/rsa_pkcs1_770_clear.pem @@ -0,0 +1,13 @@ +-----BEGIN PRIVATE KEY----- +MIIB5wIBADANBgkqhkiG9w0BAQEFAASCAdEwggHNAgEAAmEDS2vbf8jg+A02Gcl2 +91UaWDaGIAopYPuRhxcYRmA+pPJjWtU0Pyqiojuf0gmILgDSX43uVlx4ZWi0yP90 +9jUNMxZPTU2wQleHjuVAk10eGknKxnKh2YX43vWyy1zaLKcxAgMBAAECYQEY6b+d +/AYSGDRgul1JW6r+nopluXy2tJNv7x1Cs2OqBKFa65APSeAJMNq2Vj5pNBOnzaHK +NPv4S0Z/HOh8DylYdJXW6+4lVZqYrLwC1XVhejmVERnKNOB0nO4qPAjHTQECMQHh +c8/cL9618nOYJwJigr5NiNIJ1h0htUhllNHzGBqtQG7YrN50p9x1HQfzKSVGnGkC +MQHAd7y2zJenNtfwTR976ooaun+FZ6ixOF3ctuFg37o1WzthSS2EgIlrhNl8LmrI ++4kCMQHE62NO+8WjGwv9xizrKZ4HaMBXOpM7Q8Rws5jy/OkTtXrR4YaA7e1qSz5Q +VZPYookCMQCEIYMjZKIl7R2wOjjVfKPV/i7GMmVcWZwmBGfg7+ngAJI9Np9Hk8tp +N0oQsWha8OkCMQF4Y76OsODPpqgnt6RrwkzEBYe5ubRQ+yvskgthKzFWIkVYhUbA +iCclTg3LxTkuF9I= +-----END PRIVATE KEY----- diff --git a/tests/data_files/rsa_pkcs1_776_clear.der b/tests/data_files/rsa_pkcs1_776_clear.der new file mode 100644 index 0000000000000000000000000000000000000000..85118811e75c94eb94665191c3e764ac924969df GIT binary patch literal 492 zcmV&LNQUo(lCMn&H@1d0%8E!*F`~$>zBSH zfjIL&3-$a~h>F2|_l3%P1&SUegj&d!B;Whua!21KN5sY~?J?LYEPcPPJ;nR^vt7QU zr{1o2HO3egc%kfTjUC{>1Pci1&PUjE_eTxO2$R8+{Fj7V0s{d60Rmw^{9RdHy)C;c z8Pd{_C_z5AWH0TR#DvA}(6_r6CId`+-K6y8l+VkVwY2oe>3al>;pJr67*a}}Y$Sk_ z;&7rb9x^(ldOGs$A9hF)F})mNOBN&+CO0!sF;MMfo75R$0x=IgxhXzrjoH_k#ps`m zBeI!hDpglTjJ4D#?vS$CEQ3D4wX~iXq_aS*tkybJHw)7OF%C-s2%YRP5|D94zc9I| ztufQRUSh4Ht6?rc(e3+Vh`)n%L?*n}X*%^5l8iF|_*num2=8#*qd=1HLLFZZ@M+?U z)UP(?ZIWp4IRE}lO6^n8W;*E1iCcX`vIz$ i-lT+2ySwEV6W!zIX`2aukg$5`L$y&LNQUo*D!(s(*gki0%HKZvDvpMWVB1$ zSQl|?6(*SS>y-PqsceJ(<)Mb&W`YdWfSZ8ku#a~(Zb*}%&UcerB3_l!FE>cY@UOG9 z=Ju^-G&kOP)K(U2j>k)&fn#uW8ROZ93w`N?uGO&%6;jKIGLjeLZ0NwTKKcqaa4ptLn zU36D~8HDD2pw#sdhw*7nNOy-X}J zQYkHhy3X=IC{DJMBi?B4US zP9Mc7pvVVsx%g?&(!q!}CIC0VHvhO*rLrWvm6gbuB&J+R9|AEq%e-k;IkTsAw*Dhh nD*#qZ;_|yribGA{Kud4Ae1wyuar?_6&(ufCGN(ko2h9^bGPmq6 literal 0 HcmV?d00001 diff --git a/tests/data_files/rsa_pkcs1_784_clear.pem b/tests/data_files/rsa_pkcs1_784_clear.pem new file mode 100644 index 0000000000..03eb10e126 --- /dev/null +++ b/tests/data_files/rsa_pkcs1_784_clear.pem @@ -0,0 +1,13 @@ +-----BEGIN PRIVATE KEY----- +MIIB7QIBADANBgkqhkiG9w0BAQEFAASCAdcwggHTAgEAAmMAvbHZtyhktEvbWBdx +axUmmPLrlPu3qWyD/uWhht5mggzVgJuA5rCPdzZuSJOhzneTWyJeldIvN0jI8K+z +tOb2rWY0eLikyaI5T/j3BcpnMSvz6Igwdd8ZXHKxsixyH/Wb/JMCAwEAAQJiGxeb +kJ0kRNvQp/QxLqoGqTGIk+6ffIMTFwSU3T5GRayvkX6kGk59LvmHJrZvFZ3eXZbI +QDclNOS96CGaw7LdTM8L8iFAsYVg6xGDqJrJ+VRU5sOut2ZcvTKwjZXhrTvvQwEC +MgDd9eo/pDyuDlYTZF10V4AZhOZ9oNT1EYfx57jDSQhNNc6vbdYcSAhi6ykowHTW +C+D5AjIA2skwnxXPAl16rbwpIFMK1BrAsYeZfPOxpKIPXiGMQNCdVOQERYyG1vK5 +2bQ1eO446wIxePaABtb2ytS9TCwyUiktgrrO8kAoTraTI95o7uRqRcnBLhHp0dff +2ijWcYMRKWWn4QIyAMoS9yCIcRm7I1siJk4fxSmgyAdwufhp0NLBiDYmADfBNv+4 +VqWyJLyVlciZJKZcSR8CMTfLvGlWObOndbb+I1IrAFZM4vK7TopDTeBAS2+5fIST +o3H7yyLP1EfKMqdEvgfNEz0= +-----END PRIVATE KEY----- From cbb4507b44fe5da30658c9694567b91bd3e305b1 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 24 Apr 2024 16:23:06 +0200 Subject: [PATCH 131/429] Use large enough keys when testing parsing of non-word-aligned RSA sizes MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit When PSA is available, we exercise the parsed RSA key with PKCS#1v1.5 signature, which requires the modulus size in bytes to be at least tLen + 11 (per RFC 8017 §9.2) where tLen = hLen + oidLen + 6 and hLen = 32, oidLen = 9 for SHA-512 or SHA3-512. 10 is the DER overhead (3 ASN.1 type-length headers with lengths <128). Replace 512-bit test cases (good enough for SHA-256 but not SHA-384 and up) by 768-bit and up (good enough for SHA-512). Signed-off-by: Gilles Peskine --- tests/suites/test_suite_pkparse.data | 26 ++++++++++++++------------ 1 file changed, 14 insertions(+), 12 deletions(-) diff --git a/tests/suites/test_suite_pkparse.data b/tests/suites/test_suite_pkparse.data index bec6f4b901..d170e1e089 100644 --- a/tests/suites/test_suite_pkparse.data +++ b/tests/suites/test_suite_pkparse.data @@ -914,21 +914,23 @@ Parse RSA Key #99.8 (PKCS#8 encrypted v2 PBKDF2 AES-256-CBC hmacWithSHA384 DER, depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_aes256cbc_sha384.der":"PolarSSLTest":0 -Parse RSA Key #100.1 (512-bit) -depends_on:MBEDTLS_PEM_PARSE_C -pk_parse_keyfile_rsa:"data_files/rsa512.key":"":0 +# Test keys with non-word-aligned sizes. +# We use sizes that are large enough to exercise PKCS#1 v1.5 signature with +# the largest supported hashes (SHA-512 and SHA3-512.) +Parse RSA Key #100 (768-bit) +pk_parse_keyfile_rsa:"data_files/rsa_pkcs1_768_clear.der":"":0 -Parse RSA Key #100.1 (521-bit) -depends_on:MBEDTLS_PEM_PARSE_C -pk_parse_keyfile_rsa:"data_files/rsa521.key":"":0 +Parse RSA Key #100 (769-bit) +pk_parse_keyfile_rsa:"data_files/rsa_pkcs1_769_clear.der":"":0 -Parse RSA Key #100.1 (522-bit) -depends_on:MBEDTLS_PEM_PARSE_C -pk_parse_keyfile_rsa:"data_files/rsa522.key":"":0 +Parse RSA Key #100 (770-bit) +pk_parse_keyfile_rsa:"data_files/rsa_pkcs1_770_clear.der":"":0 -Parse RSA Key #100.1 (528-bit) -depends_on:MBEDTLS_PEM_PARSE_C -pk_parse_keyfile_rsa:"data_files/rsa528.key":"":0 +Parse RSA Key #100 (776-bit) +pk_parse_keyfile_rsa:"data_files/rsa_pkcs1_776_clear.der":"":0 + +Parse RSA Key #100 (784-bit) +pk_parse_keyfile_rsa:"data_files/rsa_pkcs1_784_clear.der":"":0 Parse Public RSA Key #1 (PKCS#8 wrapped) depends_on:MBEDTLS_PEM_PARSE_C From 0652b62d5e8a2992aa87324a9a14104bd4f1910f Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 25 Apr 2024 16:02:13 +0200 Subject: [PATCH 132/429] Fix rsa_pkcs1_*_clear.der to actually be PKCS#1 files With OpenSSL 3.0.2 (which I used to generate the previous set of "pkcs1" DER files), the output of `openssl rsa -outform DER` is actually a PKCS#8-encoded key, despite what the documentation says. This is a change from OpenSSL 1.x, where the output is a PKCS#1-encoded key. OpenSSL 3.0.8 documents the output as PKCS#8. Change to `openssl pkey`, which seems more reliable. The documentation states that the output is PKCS#8, but the output is actually consistently PKCS#1 at least from 1.0.2g to 3.3.0. Signed-off-by: Gilles Peskine --- tests/data_files/Makefile | 2 +- tests/data_files/rsa_pkcs1_1024_clear.der | Bin 634 -> 608 bytes tests/data_files/rsa_pkcs1_2048_clear.der | Bin 1218 -> 1192 bytes tests/data_files/rsa_pkcs1_4096_clear.der | Bin 2374 -> 2348 bytes tests/data_files/rsa_pkcs1_768_clear.der | Bin 489 -> 463 bytes tests/data_files/rsa_pkcs1_769_clear.der | Bin 490 -> 464 bytes tests/data_files/rsa_pkcs1_770_clear.der | Bin 491 -> 465 bytes tests/data_files/rsa_pkcs1_776_clear.der | Bin 492 -> 466 bytes tests/data_files/rsa_pkcs1_784_clear.der | Bin 497 -> 471 bytes 9 files changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/data_files/Makefile b/tests/data_files/Makefile index 0fbdfe513d..fa30cf57b0 100644 --- a/tests/data_files/Makefile +++ b/tests/data_files/Makefile @@ -739,7 +739,7 @@ all_final += $(keys_rsa_base) ### PKCS1-encoded, plaintext RSA keys in derived forms rsa_pkcs1_%.der: rsa_pkcs1_%.pem - $(OPENSSL) rsa -inform PEM -in $< -outform DER -out $@ + $(OPENSSL) pkey -inform PEM -in $< -outform DER -out $@ all_final += $(keys_rsa_base:.pem=.der) ### diff --git a/tests/data_files/rsa_pkcs1_1024_clear.der b/tests/data_files/rsa_pkcs1_1024_clear.der index 8dfb09fb8407c69ab2501c2b5738b754aa594704..cec2c30117d6e3ddc6492c5354bace376c84bd2c 100644 GIT binary patch delta 8 Pcmeyx@_=QdR00zK5gY>$ delta 34 pcmaFB@{2{vpoyuBiIKs8myJ`a&7CIFS!2l@a2 diff --git a/tests/data_files/rsa_pkcs1_2048_clear.der b/tests/data_files/rsa_pkcs1_2048_clear.der index 137395e2a392d435aceb82d0983ab9ff9af5757d..667051bd80aa77abb5164bfb2dd1d3d6527d2b62 100644 GIT binary patch delta 8 PcmX@axq@?})Cv{=4%!0r delta 34 qcmZ3%d5BZWpowK46C;BGFB_*;n@8JsUPeYnRtAmv_@#7lny5V4vPYp delta 34 pcmZ1@bWBLfpo!CoiIKs8myJ`a&7{EAu1po#Gr6C;BGFB_*;n@8JsUPeYnRtA Date: Fri, 26 Apr 2024 11:51:08 +0200 Subject: [PATCH 133/429] Convert recent RSA key files in PEM format from PKCS8 to PKCS1 Like `openssl rsa`, `openssl genrsa` changed its output format from PKCS8 to PKCS1 in OpenSSL 3.0. Note that the makefile instructions assume older OpenSSL. Convert the files that were generated with OpenSSL 3.x and hence were not in the intended format. The files are converted, not regenerated, so the key material is the same. Signed-off-by: Gilles Peskine --- tests/data_files/Makefile | 2 ++ tests/data_files/rsa_pkcs1_768_clear.pem | 25 ++++++++++++------------ tests/data_files/rsa_pkcs1_769_clear.pem | 25 ++++++++++++------------ tests/data_files/rsa_pkcs1_770_clear.pem | 25 ++++++++++++------------ tests/data_files/rsa_pkcs1_776_clear.pem | 25 ++++++++++++------------ tests/data_files/rsa_pkcs1_784_clear.pem | 25 ++++++++++++------------ 6 files changed, 62 insertions(+), 65 deletions(-) diff --git a/tests/data_files/Makefile b/tests/data_files/Makefile index fa30cf57b0..bbbfa9cd9c 100644 --- a/tests/data_files/Makefile +++ b/tests/data_files/Makefile @@ -709,6 +709,8 @@ keys_rsa_pkcs8_pwd = PolarSSLTest ### Basic unencrypted RSA keys from which ### all other encrypted RSA keys are derived. keys_rsa_base = +### TODO: the commands require OpenSSL 1.x to work as desired. With +### OpenSSL 3.x, they produce pkcs8 files. rsa_pkcs1_768_clear.pem: $(OPENSSL) genrsa -out $@ 768 keys_rsa_base += rsa_pkcs1_768_clear.pem diff --git a/tests/data_files/rsa_pkcs1_768_clear.pem b/tests/data_files/rsa_pkcs1_768_clear.pem index 0e2d52e05d..33140c3c71 100644 --- a/tests/data_files/rsa_pkcs1_768_clear.pem +++ b/tests/data_files/rsa_pkcs1_768_clear.pem @@ -1,13 +1,12 @@ ------BEGIN PRIVATE KEY----- -MIIB5QIBADANBgkqhkiG9w0BAQEFAASCAc8wggHLAgEAAmEA2YljoU8MXSipAQkJ -KtPH57N8JTyoHo3AXZKqumGGFEUJhoyIp6BtFUHikLGMasMzaK7CUzLZComjhNJP -gyAxsrjh8bt8eKn4iEP+UkB9KwvnpkrPdP22WiDhUUbKckvXAgMBAAECYQCMHTYS -3Dt2dY4FoLBK6YXE85Ju2ZbftyXEH4ff7JjTzXPJOhN7BJW+L2WjFPkAeyEdi3Y/ -5zrKVtRQRXpmELeYOpgxy5CZfmknYyForhNwKKGL14GFE4/O50nbsnHzjAECMQD0 -IqQbfR334+BtSn4qczFm5q8QbhTjkQMRQ4bn4xGBKdGU/PwmyJj5DpF54FoRmIEC -MQDkG9OgZo8VKRsVPUeJXjMQQNChes1Q7+W8A/qnt8IuHaedohEjC4fDFNSEbyl7 -eFcCMQDMokC2PeChySNz2G36fQXav9/bwLnHqeRNUzHAKwegIYJoBMoCZEA8+uYb -p183woECMBzA2TM92klbjhtmRw8svZkN4n6IYTsTkkzZ342mnyZ6/HblR+239VwE -0ykCbiMvLwIwcJxV2F1UXJ2wvwNJhGdYPzHW2fWelsB7KIwcHHKEMX0Q/WZ7usQe -8nhaXrUdJdA0 ------END PRIVATE KEY----- +-----BEGIN RSA PRIVATE KEY----- +MIIBywIBAAJhANmJY6FPDF0oqQEJCSrTx+ezfCU8qB6NwF2SqrphhhRFCYaMiKeg +bRVB4pCxjGrDM2iuwlMy2QqJo4TST4MgMbK44fG7fHip+IhD/lJAfSsL56ZKz3T9 +tlog4VFGynJL1wIDAQABAmEAjB02Etw7dnWOBaCwSumFxPOSbtmW37clxB+H3+yY +081zyToTewSVvi9loxT5AHshHYt2P+c6ylbUUEV6ZhC3mDqYMcuQmX5pJ2MhaK4T +cCihi9eBhROPzudJ27Jx84wBAjEA9CKkG30d9+PgbUp+KnMxZuavEG4U45EDEUOG +5+MRgSnRlPz8JsiY+Q6ReeBaEZiBAjEA5BvToGaPFSkbFT1HiV4zEEDQoXrNUO/l +vAP6p7fCLh2nnaIRIwuHwxTUhG8pe3hXAjEAzKJAtj3gockjc9ht+n0F2r/f28C5 +x6nkTVMxwCsHoCGCaATKAmRAPPrmG6dfN8KBAjAcwNkzPdpJW44bZkcPLL2ZDeJ+ +iGE7E5JM2d+Npp8mevx25Uftt/VcBNMpAm4jLy8CMHCcVdhdVFydsL8DSYRnWD8x +1tn1npbAeyiMHBxyhDF9EP1me7rEHvJ4Wl61HSXQNA== +-----END RSA PRIVATE KEY----- diff --git a/tests/data_files/rsa_pkcs1_769_clear.pem b/tests/data_files/rsa_pkcs1_769_clear.pem index a04b2c1b2e..25e12bde55 100644 --- a/tests/data_files/rsa_pkcs1_769_clear.pem +++ b/tests/data_files/rsa_pkcs1_769_clear.pem @@ -1,13 +1,12 @@ ------BEGIN PRIVATE KEY----- -MIIB5gIBADANBgkqhkiG9w0BAQEFAASCAdAwggHMAgEAAmEBtTOp1rud7hQbMLrQ -2Q0BfF7CX+XtflbWxy9ZBUpuyGxJCgdw4+PXZGa64DaxHozNM3EHGxvnYc1uuWpl -g3kvTu5qfAzZuKjnGXVIVc3aneHMTYQeUzWcGrSxJdtfhRr5AgMBAAECYQDVGAxU -/HdannQuSTAYSu2JeApXgZNDPAJNbXd/S6s5hwYGnF/aw6etaSD2vdGQqWDblwjk -hUxvweEe2bCobFuYXTzO7l7glvfNpHn2VOy44SFW51YG1JGyJ3qpm6DQ+30CMQG8 -3YQ7tWfTExA+mE7AxHuG1XPHGwANEEeZL7WmmkIUs6nCpUM5tyeXelXDbAZ3c9MC -MQD7lwqpfq18pTA1Hzz+6sAaD5Pdiyo2zi3m3ke4azsCxiPTENNO8cSwjBqi8ITA -EoMCMFJMOJZDLP3jXPH3gzouHxwGiPCgkhXYmSZBqT009FyYECOuJw2aUHy5aPxK -E7gteQIxAOPRzRzYkh6JstKXu/MV/ehbbMkzqIFCSHyDkaxkpWYIqA4LcV1OPo6j -/8bGR19qIwIxAaxBZhV5njcSqf5lhJ5ftLMWiXQEzKO8pdOkLOeqT35zVPzpz0LD -ZF3/s0smY+YZHg== ------END PRIVATE KEY----- +-----BEGIN RSA PRIVATE KEY----- +MIIBzAIBAAJhAbUzqda7ne4UGzC60NkNAXxewl/l7X5W1scvWQVKbshsSQoHcOPj +12RmuuA2sR6MzTNxBxsb52HNbrlqZYN5L07uanwM2bio5xl1SFXN2p3hzE2EHlM1 +nBq0sSXbX4Ua+QIDAQABAmEA1RgMVPx3Wp50LkkwGErtiXgKV4GTQzwCTW13f0ur +OYcGBpxf2sOnrWkg9r3RkKlg25cI5IVMb8HhHtmwqGxbmF08zu5e4Jb3zaR59lTs +uOEhVudWBtSRsid6qZug0Pt9AjEBvN2EO7Vn0xMQPphOwMR7htVzxxsADRBHmS+1 +pppCFLOpwqVDObcnl3pVw2wGd3PTAjEA+5cKqX6tfKUwNR88/urAGg+T3YsqNs4t +5t5HuGs7AsYj0xDTTvHEsIwaovCEwBKDAjBSTDiWQyz941zx94M6Lh8cBojwoJIV +2JkmQak9NPRcmBAjricNmlB8uWj8ShO4LXkCMQDj0c0c2JIeibLSl7vzFf3oW2zJ +M6iBQkh8g5GsZKVmCKgOC3FdTj6Oo//GxkdfaiMCMQGsQWYVeZ43Eqn+ZYSeX7Sz +Fol0BMyjvKXTpCznqk9+c1T86c9Cw2Rd/7NLJmPmGR4= +-----END RSA PRIVATE KEY----- diff --git a/tests/data_files/rsa_pkcs1_770_clear.pem b/tests/data_files/rsa_pkcs1_770_clear.pem index 6e90126f86..0a707a8b7e 100644 --- a/tests/data_files/rsa_pkcs1_770_clear.pem +++ b/tests/data_files/rsa_pkcs1_770_clear.pem @@ -1,13 +1,12 @@ ------BEGIN PRIVATE KEY----- -MIIB5wIBADANBgkqhkiG9w0BAQEFAASCAdEwggHNAgEAAmEDS2vbf8jg+A02Gcl2 -91UaWDaGIAopYPuRhxcYRmA+pPJjWtU0Pyqiojuf0gmILgDSX43uVlx4ZWi0yP90 -9jUNMxZPTU2wQleHjuVAk10eGknKxnKh2YX43vWyy1zaLKcxAgMBAAECYQEY6b+d -/AYSGDRgul1JW6r+nopluXy2tJNv7x1Cs2OqBKFa65APSeAJMNq2Vj5pNBOnzaHK -NPv4S0Z/HOh8DylYdJXW6+4lVZqYrLwC1XVhejmVERnKNOB0nO4qPAjHTQECMQHh -c8/cL9618nOYJwJigr5NiNIJ1h0htUhllNHzGBqtQG7YrN50p9x1HQfzKSVGnGkC -MQHAd7y2zJenNtfwTR976ooaun+FZ6ixOF3ctuFg37o1WzthSS2EgIlrhNl8LmrI -+4kCMQHE62NO+8WjGwv9xizrKZ4HaMBXOpM7Q8Rws5jy/OkTtXrR4YaA7e1qSz5Q -VZPYookCMQCEIYMjZKIl7R2wOjjVfKPV/i7GMmVcWZwmBGfg7+ngAJI9Np9Hk8tp -N0oQsWha8OkCMQF4Y76OsODPpqgnt6RrwkzEBYe5ubRQ+yvskgthKzFWIkVYhUbA -iCclTg3LxTkuF9I= ------END PRIVATE KEY----- +-----BEGIN RSA PRIVATE KEY----- +MIIBzQIBAAJhA0tr23/I4PgNNhnJdvdVGlg2hiAKKWD7kYcXGEZgPqTyY1rVND8q +oqI7n9IJiC4A0l+N7lZceGVotMj/dPY1DTMWT01NsEJXh47lQJNdHhpJysZyodmF ++N71sstc2iynMQIDAQABAmEBGOm/nfwGEhg0YLpdSVuq/p6KZbl8trSTb+8dQrNj +qgShWuuQD0ngCTDatlY+aTQTp82hyjT7+EtGfxzofA8pWHSV1uvuJVWamKy8AtV1 +YXo5lREZyjTgdJzuKjwIx00BAjEB4XPP3C/etfJzmCcCYoK+TYjSCdYdIbVIZZTR +8xgarUBu2KzedKfcdR0H8yklRpxpAjEBwHe8tsyXpzbX8E0fe+qKGrp/hWeosThd +3LbhYN+6NVs7YUkthICJa4TZfC5qyPuJAjEBxOtjTvvFoxsL/cYs6ymeB2jAVzqT +O0PEcLOY8vzpE7V60eGGgO3taks+UFWT2KKJAjEAhCGDI2SiJe0dsDo41Xyj1f4u +xjJlXFmcJgRn4O/p4ACSPTafR5PLaTdKELFoWvDpAjEBeGO+jrDgz6aoJ7eka8JM +xAWHubm0UPsr7JILYSsxViJFWIVGwIgnJU4Ny8U5LhfS +-----END RSA PRIVATE KEY----- diff --git a/tests/data_files/rsa_pkcs1_776_clear.pem b/tests/data_files/rsa_pkcs1_776_clear.pem index cbf421f2ef..e62f7b195b 100644 --- a/tests/data_files/rsa_pkcs1_776_clear.pem +++ b/tests/data_files/rsa_pkcs1_776_clear.pem @@ -1,13 +1,12 @@ ------BEGIN PRIVATE KEY----- -MIIB6AIBADANBgkqhkiG9w0BAQEFAASCAdIwggHOAgEAAmIA2ddFQYzrl74kgTjz -Pwv1/FaIisF994XKewWKHiWEWsiWJN/74nJH3yVHxMYs7THYKix9v689xfv5s12+ -o6fernc1xhgWeKHsa40d4L8ECwjpzkfYdPdHDcsIk8GT/JeEWwIDAQABAmE//F1Z -Xb0tuyoZ0tKQKEE+t2Qv7ZnEhMXu0Le7FyYDTHvdpPTllM/LmbW09MjpewSM4eVk -2RhSSp5sJICT4nCiLx4yOqR6OvLtH3ZIETG9HGFLFiQWJjczUDFQ7WSb1BlhAjEP -PbkpPmmN2deZxeifjCOymWYqVVdGjLXUKO6Qstksgz7AtbSeGKSzQKys1jpVNwvT -AjEOSwEInewxEpBxRb8wuaitMdO9XmKtoqthLkDR7ftjiL+DdUQmvNZpOvUWkowz -APhZAjEI73Dco0CS70IdXw/waeKL1K825m2SaPA4//5NSu1T0WY66MyJW31DsgkK -E1aDmxANAjEEyKfU6X53Qj5kGzMNrOY+6bFz7VZbxVlVEnURjnSYcNmgtywTRxsA -Z4JGhtAz9fwpAjEBs5I5adCIv7hC5jmtDTlbYEvepIRPu7vlFxPd4+dpmwl/kLB6 -6UO1U5XLxyraxdBb ------END PRIVATE KEY----- +-----BEGIN RSA PRIVATE KEY----- +MIIBzgIBAAJiANnXRUGM65e+JIE48z8L9fxWiIrBffeFynsFih4lhFrIliTf++Jy +R98lR8TGLO0x2Cosfb+vPcX7+bNdvqOn3q53NcYYFnih7GuNHeC/BAsI6c5H2HT3 +Rw3LCJPBk/yXhFsCAwEAAQJhP/xdWV29LbsqGdLSkChBPrdkL+2ZxITF7tC3uxcm +A0x73aT05ZTPy5m1tPTI6XsEjOHlZNkYUkqebCSAk+Jwoi8eMjqkejry7R92SBEx +vRxhSxYkFiY3M1AxUO1km9QZYQIxDz25KT5pjdnXmcXon4wjsplmKlVXRoy11Cju +kLLZLIM+wLW0nhiks0CsrNY6VTcL0wIxDksBCJ3sMRKQcUW/MLmorTHTvV5iraKr +YS5A0e37Y4i/g3VEJrzWaTr1FpKMMwD4WQIxCO9w3KNAku9CHV8P8Gnii9SvNuZt +kmjwOP/+TUrtU9FmOujMiVt9Q7IJChNWg5sQDQIxBMin1Ol+d0I+ZBszDazmPumx +c+1WW8VZVRJ1EY50mHDZoLcsE0cbAGeCRobQM/X8KQIxAbOSOWnQiL+4QuY5rQ05 +W2BL3qSET7u75RcT3ePnaZsJf5CweulDtVOVy8cq2sXQWw== +-----END RSA PRIVATE KEY----- diff --git a/tests/data_files/rsa_pkcs1_784_clear.pem b/tests/data_files/rsa_pkcs1_784_clear.pem index 03eb10e126..b7b424b02b 100644 --- a/tests/data_files/rsa_pkcs1_784_clear.pem +++ b/tests/data_files/rsa_pkcs1_784_clear.pem @@ -1,13 +1,12 @@ ------BEGIN PRIVATE KEY----- -MIIB7QIBADANBgkqhkiG9w0BAQEFAASCAdcwggHTAgEAAmMAvbHZtyhktEvbWBdx -axUmmPLrlPu3qWyD/uWhht5mggzVgJuA5rCPdzZuSJOhzneTWyJeldIvN0jI8K+z -tOb2rWY0eLikyaI5T/j3BcpnMSvz6Igwdd8ZXHKxsixyH/Wb/JMCAwEAAQJiGxeb -kJ0kRNvQp/QxLqoGqTGIk+6ffIMTFwSU3T5GRayvkX6kGk59LvmHJrZvFZ3eXZbI -QDclNOS96CGaw7LdTM8L8iFAsYVg6xGDqJrJ+VRU5sOut2ZcvTKwjZXhrTvvQwEC -MgDd9eo/pDyuDlYTZF10V4AZhOZ9oNT1EYfx57jDSQhNNc6vbdYcSAhi6ykowHTW -C+D5AjIA2skwnxXPAl16rbwpIFMK1BrAsYeZfPOxpKIPXiGMQNCdVOQERYyG1vK5 -2bQ1eO446wIxePaABtb2ytS9TCwyUiktgrrO8kAoTraTI95o7uRqRcnBLhHp0dff -2ijWcYMRKWWn4QIyAMoS9yCIcRm7I1siJk4fxSmgyAdwufhp0NLBiDYmADfBNv+4 -VqWyJLyVlciZJKZcSR8CMTfLvGlWObOndbb+I1IrAFZM4vK7TopDTeBAS2+5fIST -o3H7yyLP1EfKMqdEvgfNEz0= ------END PRIVATE KEY----- +-----BEGIN RSA PRIVATE KEY----- +MIIB0wIBAAJjAL2x2bcoZLRL21gXcWsVJpjy65T7t6lsg/7loYbeZoIM1YCbgOaw +j3c2bkiToc53k1siXpXSLzdIyPCvs7Tm9q1mNHi4pMmiOU/49wXKZzEr8+iIMHXf +GVxysbIsch/1m/yTAgMBAAECYhsXm5CdJETb0Kf0MS6qBqkxiJPun3yDExcElN0+ +RkWsr5F+pBpOfS75hya2bxWd3l2WyEA3JTTkveghmsOy3UzPC/IhQLGFYOsRg6ia +yflUVObDrrdmXL0ysI2V4a0770MBAjIA3fXqP6Q8rg5WE2RddFeAGYTmfaDU9RGH +8ee4w0kITTXOr23WHEgIYuspKMB01gvg+QIyANrJMJ8VzwJdeq28KSBTCtQawLGH +mXzzsaSiD14hjEDQnVTkBEWMhtbyudm0NXjuOOsCMXj2gAbW9srUvUwsMlIpLYK6 +zvJAKE62kyPeaO7kakXJwS4R6dHX39oo1nGDESllp+ECMgDKEvcgiHEZuyNbIiZO +H8UpoMgHcLn4adDSwYg2JgA3wTb/uFalsiS8lZXImSSmXEkfAjE3y7xpVjmzp3W2 +/iNSKwBWTOLyu06KQ03gQEtvuXyEk6Nx+8siz9RHyjKnRL4HzRM9 +-----END RSA PRIVATE KEY----- From b8cbbe7c9048ca2166219ad1bd4fdcfd9940f76a Mon Sep 17 00:00:00 2001 From: Thomas Daubney Date: Fri, 26 Apr 2024 16:32:48 +0100 Subject: [PATCH 134/429] Modify component_test_tls1_2_default_stream_cipher_only_use_psa Replace relevant Mbed TLS API config options with their PSA API equivalents. Signed-off-by: Thomas Daubney --- tests/scripts/all.sh | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 28009d56a8..8fbb0fb072 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -1899,14 +1899,16 @@ component_test_tls1_2_default_stream_cipher_only_use_psa () { msg "build: default with only stream cipher use psa" scripts/config.py set MBEDTLS_USE_PSA_CRYPTO + scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG # Disable AEAD (controlled by the presence of one of GCM_C, CCM_C, CHACHAPOLY_C) - scripts/config.py unset MBEDTLS_GCM_C - scripts/config.py unset MBEDTLS_CCM_C - scripts/config.py unset MBEDTLS_CHACHAPOLY_C + scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CCM + scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_GCM + scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CHACHA20_POLY1305 #Disable TLS 1.3 (as no AEAD) scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3 - # Disable CBC-legacy (controlled by MBEDTLS_CIPHER_MODE_CBC plus at least one block cipher (AES, ARIA, Camellia, DES)) - scripts/config.py unset MBEDTLS_CIPHER_MODE_CBC + # Disable CBC. Note: When implemented, PSA_WANT_ALG_CBC_MAC will also need to be unset here to fully disable CBC + scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CBC_NO_PADDING + scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CBC_PKCS7 # Disable CBC-EtM (controlled by the same as CBC-legacy plus MBEDTLS_SSL_ENCRYPT_THEN_MAC) scripts/config.py unset MBEDTLS_SSL_ENCRYPT_THEN_MAC # Enable stream (currently that's just the NULL pseudo-cipher (controlled by MBEDTLS_CIPHER_NULL_CIPHER)) From 6258621a0b41e9c980843799cb401de7c1613bad Mon Sep 17 00:00:00 2001 From: Thomas Daubney Date: Fri, 26 Apr 2024 17:01:16 +0100 Subject: [PATCH 135/429] Modify component_test_tls1_2_deafult_cbc_legacy_cipher_only_use_psa Replace relevant Mbed TLS API config options with their PSA API equivalents. Signed-off-by: Thomas Daubney --- tests/scripts/all.sh | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 8fbb0fb072..869fd039c9 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -1957,14 +1957,17 @@ component_test_tls1_2_deafult_cbc_legacy_cipher_only_use_psa () { msg "build: default with only CBC-legacy cipher use psa" scripts/config.py set MBEDTLS_USE_PSA_CRYPTO + scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG # Disable AEAD (controlled by the presence of one of GCM_C, CCM_C, CHACHAPOLY_C) - scripts/config.py unset MBEDTLS_GCM_C - scripts/config.py unset MBEDTLS_CCM_C - scripts/config.py unset MBEDTLS_CHACHAPOLY_C + scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CCM + scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_GCM + scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CHACHA20_POLY1305 #Disable TLS 1.3 (as no AEAD) scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3 # Enable CBC-legacy (controlled by MBEDTLS_CIPHER_MODE_CBC plus at least one block cipher (AES, ARIA, Camellia, DES)) - scripts/config.py set MBEDTLS_CIPHER_MODE_CBC + # Note: When implemented, PSA_WANT_ALG_CBC_MAC will also need to be set here to fully enable CBC + scripts/config.py -f $CRYPTO_CONFIG_H set PSA_WANT_ALG_CBC_NO_PADDING + scripts/config.py -f $CRYPTO_CONFIG_H set PSA_WANT_ALG_CBC_PKCS7 # Disable CBC-EtM (controlled by the same as CBC-legacy plus MBEDTLS_SSL_ENCRYPT_THEN_MAC) scripts/config.py unset MBEDTLS_SSL_ENCRYPT_THEN_MAC # Disable stream (currently that's just the NULL pseudo-cipher (controlled by MBEDTLS_CIPHER_NULL_CIPHER)) From ff33abd599674fb39b49c5d319dff4b3c363e030 Mon Sep 17 00:00:00 2001 From: Thomas Daubney Date: Fri, 26 Apr 2024 17:08:34 +0100 Subject: [PATCH 136/429] Modify component_test_tls1_2_default_cbc_legacy_cbc_etm_cipher_only_use_psa Replace relevant Mbed TLS API config options with their PSA API equivalents. Signed-off-by: Thomas Daubney --- tests/scripts/all.sh | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 869fd039c9..ecb15414bf 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -2017,14 +2017,17 @@ component_test_tls1_2_default_cbc_legacy_cbc_etm_cipher_only_use_psa () { msg "build: default with only CBC-legacy and CBC-EtM ciphers use psa" scripts/config.py set MBEDTLS_USE_PSA_CRYPTO + scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG # Disable AEAD (controlled by the presence of one of GCM_C, CCM_C, CHACHAPOLY_C) - scripts/config.py unset MBEDTLS_GCM_C - scripts/config.py unset MBEDTLS_CCM_C - scripts/config.py unset MBEDTLS_CHACHAPOLY_C + scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CCM + scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_GCM + scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CHACHA20_POLY1305 #Disable TLS 1.3 (as no AEAD) scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3 # Enable CBC-legacy (controlled by MBEDTLS_CIPHER_MODE_CBC plus at least one block cipher (AES, ARIA, Camellia, DES)) - scripts/config.py set MBEDTLS_CIPHER_MODE_CBC + # Note: When implemented, PSA_WANT_ALG_CBC_MAC will also need to be set here to fully enable CBC + scripts/config.py -f $CRYPTO_CONFIG_H set PSA_WANT_ALG_CBC_NO_PADDING + scripts/config.py -f $CRYPTO_CONFIG_H set PSA_WANT_ALG_CBC_PKCS7 # Enable CBC-EtM (controlled by the same as CBC-legacy plus MBEDTLS_SSL_ENCRYPT_THEN_MAC) scripts/config.py set MBEDTLS_SSL_ENCRYPT_THEN_MAC # Disable stream (currently that's just the NULL pseudo-cipher (controlled by MBEDTLS_CIPHER_NULL_CIPHER)) From a3daff47d8f53ff353741a1c939bc3f12eefcc3c Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Fri, 26 Apr 2024 18:30:11 +0100 Subject: [PATCH 137/429] Add early exit if zero length AEAD AD passed in. With multipart AEAD, if we attempt to add zero length additional data, then with the buffer sharing fixes this can now lead to undefined behaviour when using gcm. Fix this by returning early, as there is nothing to do if the input length is zero. Signed-off-by: Paul Elliott --- library/psa_crypto.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 969c695ac0..0a9011ad84 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -5194,6 +5194,12 @@ psa_status_t psa_aead_update_ad(psa_aead_operation_t *operation, goto exit; } + /* No input to add (zero length), nothing to do. */ + if (input_length == 0) { + status = PSA_SUCCESS; + goto exit; + } + if (operation->lengths_set) { if (operation->ad_remaining < input_length) { status = PSA_ERROR_INVALID_ARGUMENT; From 0f37a157a272a8b60fe045ec1301ebb0995c3d06 Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Fri, 26 Apr 2024 18:53:51 +0100 Subject: [PATCH 138/429] Add Changelog entry Signed-off-by: Paul Elliott --- ChangeLog.d/fix_ubsan_mp_aead_gcm.txt | 3 +++ 1 file changed, 3 insertions(+) create mode 100644 ChangeLog.d/fix_ubsan_mp_aead_gcm.txt diff --git a/ChangeLog.d/fix_ubsan_mp_aead_gcm.txt b/ChangeLog.d/fix_ubsan_mp_aead_gcm.txt new file mode 100644 index 0000000000..e4726a45d7 --- /dev/null +++ b/ChangeLog.d/fix_ubsan_mp_aead_gcm.txt @@ -0,0 +1,3 @@ +Bugfix + * Fix undefined behaviour (incrementing a NULL pointer by zero length) when + passing in zero length additional data to multipart AEAD. From e8553179572733788e47dbe56083a5c330497fa5 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 26 Apr 2024 21:28:49 +0200 Subject: [PATCH 139/429] Fix skipped tests in configurations without RSA Tighten the matching when detecting which certificates are in use to determine algorithm requirements. This fixes a bug whereby all tests were skipped in configurations without RSA except for an Mbed TLS client against a GnuTLS or OpenSSL server, due to *server2* matching ssl_server2. Fixes #8366. Signed-off-by: Gilles Peskine --- tests/ssl-opt.sh | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 3549a7b941..8e32a698f4 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -443,9 +443,9 @@ detect_required_features() { esac case "$CMD_LINE" in - *server5*|\ - *server7*|\ - *dir-maxpath*) + */server5*|\ + */server7*|\ + */dir-maxpath*) if [ "$TLS_VERSION" = "TLS13" ]; then # In case of TLS13 the support for ECDSA is enough requires_pk_alg "ECDSA" @@ -477,8 +477,8 @@ detect_required_features() { esac case "$CMD_LINE" in - *server2*|\ - *server7*) + */server2*|\ + */server7*) # server2 and server7 certificates use RSA encryption requires_config_enabled "MBEDTLS_RSA_C" esac From dde67bbb5aa0267417e184fd88f54ab8376ca0f1 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 29 Apr 2024 12:38:16 +0200 Subject: [PATCH 140/429] Fix a compilation warning in pk.c when PSA is enabled and RSA is disabled It isn't detected on the CI because we only test this with an ancient Clang that doesn't warn. Old GCC, modern GCC and modern Clang do warn (-Wunused-but-set-variable). Signed-off-by: Gilles Peskine --- ChangeLog.d/pk-norsa-warning.txt | 2 ++ library/pk.c | 3 +-- 2 files changed, 3 insertions(+), 2 deletions(-) create mode 100644 ChangeLog.d/pk-norsa-warning.txt diff --git a/ChangeLog.d/pk-norsa-warning.txt b/ChangeLog.d/pk-norsa-warning.txt new file mode 100644 index 0000000000..d00aa8a870 --- /dev/null +++ b/ChangeLog.d/pk-norsa-warning.txt @@ -0,0 +1,2 @@ +Bugfix + * Fix a compilation warning in pk.c when PSA is enabled and RSA is disabled. diff --git a/library/pk.c b/library/pk.c index c29318dd97..84af773768 100644 --- a/library/pk.c +++ b/library/pk.c @@ -868,7 +868,6 @@ static int copy_from_psa(mbedtls_svc_key_id_t key_id, psa_status_t status; psa_key_attributes_t key_attr = PSA_KEY_ATTRIBUTES_INIT; psa_key_type_t key_type; - psa_algorithm_t alg_type; size_t key_bits; /* Use a buffer size large enough to contain either a key pair or public key. */ unsigned char exp_key[PSA_EXPORT_KEY_PAIR_OR_PUBLIC_MAX_SIZE]; @@ -899,7 +898,6 @@ static int copy_from_psa(mbedtls_svc_key_id_t key_id, key_type = PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR(key_type); } key_bits = psa_get_key_bits(&key_attr); - alg_type = psa_get_key_algorithm(&key_attr); #if defined(MBEDTLS_RSA_C) if ((key_type == PSA_KEY_TYPE_RSA_KEY_PAIR) || @@ -919,6 +917,7 @@ static int copy_from_psa(mbedtls_svc_key_id_t key_id, goto exit; } + psa_algorithm_t alg_type = psa_get_key_algorithm(&key_attr); mbedtls_md_type_t md_type = MBEDTLS_MD_NONE; if (PSA_ALG_GET_HASH(alg_type) != PSA_ALG_ANY_HASH) { md_type = mbedtls_md_type_from_psa_alg(alg_type); From d00b93b6211b208aaeb45d7e33bbdf43ccb4fc5c Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 29 Apr 2024 16:03:02 +0200 Subject: [PATCH 141/429] Require RSA when using server1* key or certificate Signed-off-by: Gilles Peskine --- tests/ssl-opt.sh | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 8e32a698f4..b40e322113 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -477,9 +477,15 @@ detect_required_features() { esac case "$CMD_LINE" in + */server1*|\ */server2*|\ */server7*) - # server2 and server7 certificates use RSA encryption + # Certificates with an RSA key. The algorithm requirement is + # some subset of {PKCS#1v1.5 encryption, PKCS#1v1.5 signature, + # PSS signature}. We can't easily tell which subset works, and + # we aren't currently running ssl-opt.sh in configurations + # where partial RSA support is a problem, so generically, we + # just require RSA and it works out for our tests so far. requires_config_enabled "MBEDTLS_RSA_C" esac From 2776240af4eb0e6afd111a77c51a9076ccc73154 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 29 Apr 2024 16:05:38 +0200 Subject: [PATCH 142/429] Fix PSK invocation: OpenSSL client Only s_server has a -nocert option, s_client doesn't. Fixes OpenSSL client test cases in PSK-only builds. Signed-off-by: Gilles Peskine --- tests/ssl-opt.sh | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index b40e322113..031a9ce5b5 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -500,7 +500,8 @@ requires_certificate_authentication () { adapt_cmd_for_psk () { case "$2" in - *openssl*) s='-psk abc123 -nocert';; + *openssl*s_server*) s='-psk abc123 -nocert';; + *openssl*) s='-psk abc123';; *gnutls-*) s='--pskkey=abc123';; *) s='psk=abc123';; esac From c158fe6eb8dad8d8e137f0bfe9f8e8a2f33c2794 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 29 Apr 2024 16:05:54 +0200 Subject: [PATCH 143/429] Fix PSK invocation: GnuTLS prompting When given a PSK key but no username, gnutls-cli prompts for a password. Prevent that by passing --pskusername with the same identity that ssl_server2 uses by default. Signed-off-by: Gilles Peskine --- tests/ssl-opt.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 031a9ce5b5..e46ce5c266 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -502,7 +502,7 @@ adapt_cmd_for_psk () { case "$2" in *openssl*s_server*) s='-psk abc123 -nocert';; *openssl*) s='-psk abc123';; - *gnutls-*) s='--pskkey=abc123';; + *gnutls-*) s='--pskusername=Client_identity --pskkey=abc123';; *) s='psk=abc123';; esac eval $1='"$2 $s"' From 77c13e67d4d0f83e359d72683ca1c27cac89da3e Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 29 Apr 2024 16:09:52 +0200 Subject: [PATCH 144/429] Fix PSK invocation: GnuTLS PSK length ssl-opt.sh uses a 3-byte PSK in many test cases. Unfortunately GnuTLS >=3.4.0 rejects a PSK that is less than 4 bytes long: > Error setting the PSK credentials: The request is invalid. Use a longer PSK throughout ssl-opt. Only the test cases involving GnuTLS need to change, but it's easier to do a global search-and-replace, and it's easier to not have to worry about mismatches in constructed test cases later, so replace everything. Signed-off-by: Gilles Peskine --- tests/ssl-opt.sh | 202 +++++++++++++++++++++++------------------------ 1 file changed, 101 insertions(+), 101 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index e46ce5c266..63dc39d8f6 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -500,10 +500,10 @@ requires_certificate_authentication () { adapt_cmd_for_psk () { case "$2" in - *openssl*s_server*) s='-psk abc123 -nocert';; - *openssl*) s='-psk abc123';; - *gnutls-*) s='--pskusername=Client_identity --pskkey=abc123';; - *) s='psk=abc123';; + *openssl*s_server*) s='-psk 73776f726466697368 -nocert';; + *openssl*) s='-psk 73776f726466697368';; + *gnutls-*) s='--pskusername=Client_identity --pskkey=73776f726466697368';; + *) s='psk=73776f726466697368';; esac eval $1='"$2 $s"' unset s @@ -2456,9 +2456,9 @@ requires_config_enabled MBEDTLS_RSA_C requires_hash_alg SHA_256 run_test "Opaque key for server authentication: RSA-PSK" \ "$P_SRV debug_level=1 key_opaque=1 key_opaque_algs=rsa-decrypt,none \ - psk=abc123 psk_identity=foo" \ + psk=73776f726466697368 psk_identity=foo" \ "$P_CLI force_version=tls12 force_ciphersuite=TLS-RSA-PSK-WITH-AES-128-CBC-SHA256 \ - psk=abc123 psk_identity=foo" \ + psk=73776f726466697368 psk_identity=foo" \ 0 \ -c "Verifying peer X.509 certificate... ok" \ -c "Ciphersuite is TLS-RSA-PSK-" \ @@ -8190,9 +8190,9 @@ run_test "DHM size: server default, client 2049, rejected" \ # Tests for PSK callback run_test "PSK callback: psk, no callback" \ - "$P_SRV psk=abc123 psk_identity=foo" \ + "$P_SRV psk=73776f726466697368 psk_identity=foo" \ "$P_CLI force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \ - psk_identity=foo psk=abc123" \ + psk_identity=foo psk=73776f726466697368" \ 0 \ -S "SSL - The handshake negotiation failed" \ -S "SSL - Unknown identity received" \ @@ -8200,9 +8200,9 @@ run_test "PSK callback: psk, no callback" \ requires_config_enabled MBEDTLS_USE_PSA_CRYPTO run_test "PSK callback: opaque psk on client, no callback" \ - "$P_SRV extended_ms=0 debug_level=1 psk=abc123 psk_identity=foo" \ + "$P_SRV extended_ms=0 debug_level=1 psk=73776f726466697368 psk_identity=foo" \ "$P_CLI extended_ms=0 debug_level=1 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \ - psk_identity=foo psk=abc123 psk_opaque=1" \ + psk_identity=foo psk=73776f726466697368 psk_opaque=1" \ 0 \ -C "session hash for extended master secret"\ -S "session hash for extended master secret"\ @@ -8212,9 +8212,9 @@ run_test "PSK callback: opaque psk on client, no callback" \ requires_config_enabled MBEDTLS_USE_PSA_CRYPTO run_test "PSK callback: opaque psk on client, no callback, SHA-384" \ - "$P_SRV extended_ms=0 debug_level=1 psk=abc123 psk_identity=foo" \ + "$P_SRV extended_ms=0 debug_level=1 psk=73776f726466697368 psk_identity=foo" \ "$P_CLI extended_ms=0 debug_level=1 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-256-CBC-SHA384 \ - psk_identity=foo psk=abc123 psk_opaque=1" \ + psk_identity=foo psk=73776f726466697368 psk_opaque=1" \ 0 \ -C "session hash for extended master secret"\ -S "session hash for extended master secret"\ @@ -8224,9 +8224,9 @@ run_test "PSK callback: opaque psk on client, no callback, SHA-384" \ requires_config_enabled MBEDTLS_USE_PSA_CRYPTO run_test "PSK callback: opaque psk on client, no callback, EMS" \ - "$P_SRV extended_ms=1 debug_level=3 psk=abc123 psk_identity=foo" \ + "$P_SRV extended_ms=1 debug_level=3 psk=73776f726466697368 psk_identity=foo" \ "$P_CLI extended_ms=1 debug_level=3 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \ - psk_identity=foo psk=abc123 psk_opaque=1" \ + psk_identity=foo psk=73776f726466697368 psk_opaque=1" \ 0 \ -c "session hash for extended master secret"\ -s "session hash for extended master secret"\ @@ -8236,9 +8236,9 @@ run_test "PSK callback: opaque psk on client, no callback, EMS" \ requires_config_enabled MBEDTLS_USE_PSA_CRYPTO run_test "PSK callback: opaque psk on client, no callback, SHA-384, EMS" \ - "$P_SRV extended_ms=1 debug_level=3 psk=abc123 psk_identity=foo" \ + "$P_SRV extended_ms=1 debug_level=3 psk=73776f726466697368 psk_identity=foo" \ "$P_CLI extended_ms=1 debug_level=3 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-256-CBC-SHA384 \ - psk_identity=foo psk=abc123 psk_opaque=1" \ + psk_identity=foo psk=73776f726466697368 psk_opaque=1" \ 0 \ -c "session hash for extended master secret"\ -s "session hash for extended master secret"\ @@ -8248,9 +8248,9 @@ run_test "PSK callback: opaque psk on client, no callback, SHA-384, EMS" \ requires_config_enabled MBEDTLS_USE_PSA_CRYPTO run_test "PSK callback: opaque rsa-psk on client, no callback" \ - "$P_SRV extended_ms=0 debug_level=1 psk=abc123 psk_identity=foo" \ + "$P_SRV extended_ms=0 debug_level=1 psk=73776f726466697368 psk_identity=foo" \ "$P_CLI extended_ms=0 debug_level=1 min_version=tls12 force_ciphersuite=TLS-RSA-PSK-WITH-AES-128-CBC-SHA256 \ - psk_identity=foo psk=abc123 psk_opaque=1" \ + psk_identity=foo psk=73776f726466697368 psk_opaque=1" \ 0 \ -C "session hash for extended master secret"\ -S "session hash for extended master secret"\ @@ -8260,9 +8260,9 @@ run_test "PSK callback: opaque rsa-psk on client, no callback" \ requires_config_enabled MBEDTLS_USE_PSA_CRYPTO run_test "PSK callback: opaque rsa-psk on client, no callback, SHA-384" \ - "$P_SRV extended_ms=0 debug_level=1 psk=abc123 psk_identity=foo" \ + "$P_SRV extended_ms=0 debug_level=1 psk=73776f726466697368 psk_identity=foo" \ "$P_CLI extended_ms=0 debug_level=1 min_version=tls12 force_ciphersuite=TLS-RSA-PSK-WITH-AES-256-CBC-SHA384 \ - psk_identity=foo psk=abc123 psk_opaque=1" \ + psk_identity=foo psk=73776f726466697368 psk_opaque=1" \ 0 \ -C "session hash for extended master secret"\ -S "session hash for extended master secret"\ @@ -8272,9 +8272,9 @@ run_test "PSK callback: opaque rsa-psk on client, no callback, SHA-384" \ requires_config_enabled MBEDTLS_USE_PSA_CRYPTO run_test "PSK callback: opaque rsa-psk on client, no callback, EMS" \ - "$P_SRV extended_ms=1 debug_level=3 psk=abc123 psk_identity=foo" \ + "$P_SRV extended_ms=1 debug_level=3 psk=73776f726466697368 psk_identity=foo" \ "$P_CLI extended_ms=1 debug_level=3 min_version=tls12 force_ciphersuite=TLS-RSA-PSK-WITH-AES-128-CBC-SHA \ - psk_identity=foo psk=abc123 psk_opaque=1" \ + psk_identity=foo psk=73776f726466697368 psk_opaque=1" \ 0 \ -c "session hash for extended master secret"\ -s "session hash for extended master secret"\ @@ -8284,9 +8284,9 @@ run_test "PSK callback: opaque rsa-psk on client, no callback, EMS" \ requires_config_enabled MBEDTLS_USE_PSA_CRYPTO run_test "PSK callback: opaque rsa-psk on client, no callback, SHA-384, EMS" \ - "$P_SRV extended_ms=1 debug_level=3 psk=abc123 psk_identity=foo" \ + "$P_SRV extended_ms=1 debug_level=3 psk=73776f726466697368 psk_identity=foo" \ "$P_CLI extended_ms=1 debug_level=3 min_version=tls12 force_ciphersuite=TLS-RSA-PSK-WITH-AES-256-CBC-SHA384 \ - psk_identity=foo psk=abc123 psk_opaque=1" \ + psk_identity=foo psk=73776f726466697368 psk_opaque=1" \ 0 \ -c "session hash for extended master secret"\ -s "session hash for extended master secret"\ @@ -8296,9 +8296,9 @@ run_test "PSK callback: opaque rsa-psk on client, no callback, SHA-384, EMS" requires_config_enabled MBEDTLS_USE_PSA_CRYPTO run_test "PSK callback: opaque ecdhe-psk on client, no callback" \ - "$P_SRV extended_ms=0 debug_level=1 psk=abc123 psk_identity=foo" \ + "$P_SRV extended_ms=0 debug_level=1 psk=73776f726466697368 psk_identity=foo" \ "$P_CLI extended_ms=0 debug_level=1 min_version=tls12 force_ciphersuite=TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA256 \ - psk_identity=foo psk=abc123 psk_opaque=1" \ + psk_identity=foo psk=73776f726466697368 psk_opaque=1" \ 0 \ -C "session hash for extended master secret"\ -S "session hash for extended master secret"\ @@ -8308,9 +8308,9 @@ run_test "PSK callback: opaque ecdhe-psk on client, no callback" \ requires_config_enabled MBEDTLS_USE_PSA_CRYPTO run_test "PSK callback: opaque ecdhe-psk on client, no callback, SHA-384" \ - "$P_SRV extended_ms=0 debug_level=1 psk=abc123 psk_identity=foo" \ + "$P_SRV extended_ms=0 debug_level=1 psk=73776f726466697368 psk_identity=foo" \ "$P_CLI extended_ms=0 debug_level=1 min_version=tls12 force_ciphersuite=TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA384 \ - psk_identity=foo psk=abc123 psk_opaque=1" \ + psk_identity=foo psk=73776f726466697368 psk_opaque=1" \ 0 \ -C "session hash for extended master secret"\ -S "session hash for extended master secret"\ @@ -8320,9 +8320,9 @@ run_test "PSK callback: opaque ecdhe-psk on client, no callback, SHA-384" \ requires_config_enabled MBEDTLS_USE_PSA_CRYPTO run_test "PSK callback: opaque ecdhe-psk on client, no callback, EMS" \ - "$P_SRV extended_ms=1 debug_level=3 psk=abc123 psk_identity=foo" \ + "$P_SRV extended_ms=1 debug_level=3 psk=73776f726466697368 psk_identity=foo" \ "$P_CLI extended_ms=1 debug_level=3 min_version=tls12 force_ciphersuite=TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA \ - psk_identity=foo psk=abc123 psk_opaque=1" \ + psk_identity=foo psk=73776f726466697368 psk_opaque=1" \ 0 \ -c "session hash for extended master secret"\ -s "session hash for extended master secret"\ @@ -8332,9 +8332,9 @@ run_test "PSK callback: opaque ecdhe-psk on client, no callback, EMS" \ requires_config_enabled MBEDTLS_USE_PSA_CRYPTO run_test "PSK callback: opaque ecdhe-psk on client, no callback, SHA-384, EMS" \ - "$P_SRV extended_ms=1 debug_level=3 psk=abc123 psk_identity=foo" \ + "$P_SRV extended_ms=1 debug_level=3 psk=73776f726466697368 psk_identity=foo" \ "$P_CLI extended_ms=1 debug_level=3 min_version=tls12 force_ciphersuite=TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA384 \ - psk_identity=foo psk=abc123 psk_opaque=1" \ + psk_identity=foo psk=73776f726466697368 psk_opaque=1" \ 0 \ -c "session hash for extended master secret"\ -s "session hash for extended master secret"\ @@ -8344,9 +8344,9 @@ run_test "PSK callback: opaque ecdhe-psk on client, no callback, SHA-384, EMS requires_config_enabled MBEDTLS_USE_PSA_CRYPTO run_test "PSK callback: opaque dhe-psk on client, no callback" \ - "$P_SRV extended_ms=0 debug_level=1 psk=abc123 psk_identity=foo" \ + "$P_SRV extended_ms=0 debug_level=1 psk=73776f726466697368 psk_identity=foo" \ "$P_CLI extended_ms=0 debug_level=1 min_version=tls12 force_ciphersuite=TLS-DHE-PSK-WITH-AES-128-CBC-SHA256 \ - psk_identity=foo psk=abc123 psk_opaque=1" \ + psk_identity=foo psk=73776f726466697368 psk_opaque=1" \ 0 \ -C "session hash for extended master secret"\ -S "session hash for extended master secret"\ @@ -8356,9 +8356,9 @@ run_test "PSK callback: opaque dhe-psk on client, no callback" \ requires_config_enabled MBEDTLS_USE_PSA_CRYPTO run_test "PSK callback: opaque dhe-psk on client, no callback, SHA-384" \ - "$P_SRV extended_ms=0 debug_level=1 psk=abc123 psk_identity=foo" \ + "$P_SRV extended_ms=0 debug_level=1 psk=73776f726466697368 psk_identity=foo" \ "$P_CLI extended_ms=0 debug_level=1 min_version=tls12 force_ciphersuite=TLS-DHE-PSK-WITH-AES-256-CBC-SHA384 \ - psk_identity=foo psk=abc123 psk_opaque=1" \ + psk_identity=foo psk=73776f726466697368 psk_opaque=1" \ 0 \ -C "session hash for extended master secret"\ -S "session hash for extended master secret"\ @@ -8368,9 +8368,9 @@ run_test "PSK callback: opaque dhe-psk on client, no callback, SHA-384" \ requires_config_enabled MBEDTLS_USE_PSA_CRYPTO run_test "PSK callback: opaque dhe-psk on client, no callback, EMS" \ - "$P_SRV extended_ms=1 debug_level=3 psk=abc123 psk_identity=foo" \ + "$P_SRV extended_ms=1 debug_level=3 psk=73776f726466697368 psk_identity=foo" \ "$P_CLI extended_ms=1 debug_level=3 min_version=tls12 force_ciphersuite=TLS-DHE-PSK-WITH-AES-128-CBC-SHA \ - psk_identity=foo psk=abc123 psk_opaque=1" \ + psk_identity=foo psk=73776f726466697368 psk_opaque=1" \ 0 \ -c "session hash for extended master secret"\ -s "session hash for extended master secret"\ @@ -8380,9 +8380,9 @@ run_test "PSK callback: opaque dhe-psk on client, no callback, EMS" \ requires_config_enabled MBEDTLS_USE_PSA_CRYPTO run_test "PSK callback: opaque dhe-psk on client, no callback, SHA-384, EMS" \ - "$P_SRV extended_ms=1 debug_level=3 psk=abc123 psk_identity=foo" \ + "$P_SRV extended_ms=1 debug_level=3 psk=73776f726466697368 psk_identity=foo" \ "$P_CLI extended_ms=1 debug_level=3 min_version=tls12 force_ciphersuite=TLS-DHE-PSK-WITH-AES-256-CBC-SHA384 \ - psk_identity=foo psk=abc123 psk_opaque=1" \ + psk_identity=foo psk=73776f726466697368 psk_opaque=1" \ 0 \ -c "session hash for extended master secret"\ -s "session hash for extended master secret"\ @@ -8392,9 +8392,9 @@ run_test "PSK callback: opaque dhe-psk on client, no callback, SHA-384, EMS" requires_config_enabled MBEDTLS_USE_PSA_CRYPTO run_test "PSK callback: raw psk on client, static opaque on server, no callback" \ - "$P_SRV extended_ms=0 debug_level=1 psk=abc123 psk_identity=foo psk_opaque=1 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA" \ + "$P_SRV extended_ms=0 debug_level=1 psk=73776f726466697368 psk_identity=foo psk_opaque=1 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA" \ "$P_CLI extended_ms=0 debug_level=1 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \ - psk_identity=foo psk=abc123" \ + psk_identity=foo psk=73776f726466697368" \ 0 \ -C "session hash for extended master secret"\ -S "session hash for extended master secret"\ @@ -8404,9 +8404,9 @@ run_test "PSK callback: raw psk on client, static opaque on server, no callba requires_config_enabled MBEDTLS_USE_PSA_CRYPTO run_test "PSK callback: raw psk on client, static opaque on server, no callback, SHA-384" \ - "$P_SRV extended_ms=0 debug_level=1 psk=abc123 psk_identity=foo psk_opaque=1 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-256-CBC-SHA384" \ + "$P_SRV extended_ms=0 debug_level=1 psk=73776f726466697368 psk_identity=foo psk_opaque=1 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-256-CBC-SHA384" \ "$P_CLI extended_ms=0 debug_level=1 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-256-CBC-SHA384 \ - psk_identity=foo psk=abc123" \ + psk_identity=foo psk=73776f726466697368" \ 0 \ -C "session hash for extended master secret"\ -S "session hash for extended master secret"\ @@ -8416,10 +8416,10 @@ run_test "PSK callback: raw psk on client, static opaque on server, no callba requires_config_enabled MBEDTLS_USE_PSA_CRYPTO run_test "PSK callback: raw psk on client, static opaque on server, no callback, EMS" \ - "$P_SRV debug_level=3 psk=abc123 psk_identity=foo psk_opaque=1 min_version=tls12 \ + "$P_SRV debug_level=3 psk=73776f726466697368 psk_identity=foo psk_opaque=1 min_version=tls12 \ force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA extended_ms=1" \ "$P_CLI debug_level=3 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \ - psk_identity=foo psk=abc123 extended_ms=1" \ + psk_identity=foo psk=73776f726466697368 extended_ms=1" \ 0 \ -c "session hash for extended master secret"\ -s "session hash for extended master secret"\ @@ -8429,10 +8429,10 @@ run_test "PSK callback: raw psk on client, static opaque on server, no callba requires_config_enabled MBEDTLS_USE_PSA_CRYPTO run_test "PSK callback: raw psk on client, static opaque on server, no callback, EMS, SHA384" \ - "$P_SRV debug_level=3 psk=abc123 psk_identity=foo psk_opaque=1 min_version=tls12 \ + "$P_SRV debug_level=3 psk=73776f726466697368 psk_identity=foo psk_opaque=1 min_version=tls12 \ force_ciphersuite=TLS-PSK-WITH-AES-256-CBC-SHA384 extended_ms=1" \ "$P_CLI debug_level=3 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-256-CBC-SHA384 \ - psk_identity=foo psk=abc123 extended_ms=1" \ + psk_identity=foo psk=73776f726466697368 extended_ms=1" \ 0 \ -c "session hash for extended master secret"\ -s "session hash for extended master secret"\ @@ -8442,9 +8442,9 @@ run_test "PSK callback: raw psk on client, static opaque on server, no callba requires_config_enabled MBEDTLS_USE_PSA_CRYPTO run_test "PSK callback: raw rsa-psk on client, static opaque on server, no callback" \ - "$P_SRV extended_ms=0 debug_level=5 psk=abc123 psk_identity=foo psk_opaque=1 min_version=tls12 force_ciphersuite=TLS-RSA-PSK-WITH-AES-128-CBC-SHA" \ + "$P_SRV extended_ms=0 debug_level=5 psk=73776f726466697368 psk_identity=foo psk_opaque=1 min_version=tls12 force_ciphersuite=TLS-RSA-PSK-WITH-AES-128-CBC-SHA" \ "$P_CLI extended_ms=0 debug_level=5 min_version=tls12 force_ciphersuite=TLS-RSA-PSK-WITH-AES-128-CBC-SHA \ - psk_identity=foo psk=abc123" \ + psk_identity=foo psk=73776f726466697368" \ 0 \ -C "session hash for extended master secret"\ -S "session hash for extended master secret"\ @@ -8454,9 +8454,9 @@ run_test "PSK callback: raw rsa-psk on client, static opaque on server, no ca requires_config_enabled MBEDTLS_USE_PSA_CRYPTO run_test "PSK callback: raw rsa-psk on client, static opaque on server, no callback, SHA-384" \ - "$P_SRV extended_ms=0 debug_level=1 psk=abc123 psk_identity=foo psk_opaque=1 min_version=tls12 force_ciphersuite=TLS-RSA-PSK-WITH-AES-256-CBC-SHA384" \ + "$P_SRV extended_ms=0 debug_level=1 psk=73776f726466697368 psk_identity=foo psk_opaque=1 min_version=tls12 force_ciphersuite=TLS-RSA-PSK-WITH-AES-256-CBC-SHA384" \ "$P_CLI extended_ms=0 debug_level=1 min_version=tls12 force_ciphersuite=TLS-RSA-PSK-WITH-AES-256-CBC-SHA384 \ - psk_identity=foo psk=abc123" \ + psk_identity=foo psk=73776f726466697368" \ 0 \ -C "session hash for extended master secret"\ -S "session hash for extended master secret"\ @@ -8466,10 +8466,10 @@ run_test "PSK callback: raw rsa-psk on client, static opaque on server, no ca requires_config_enabled MBEDTLS_USE_PSA_CRYPTO run_test "PSK callback: raw rsa-psk on client, static opaque on server, no callback, EMS" \ - "$P_SRV debug_level=3 psk=abc123 psk_identity=foo psk_opaque=1 min_version=tls12 \ + "$P_SRV debug_level=3 psk=73776f726466697368 psk_identity=foo psk_opaque=1 min_version=tls12 \ force_ciphersuite=TLS-RSA-PSK-WITH-AES-128-CBC-SHA extended_ms=1" \ "$P_CLI debug_level=3 min_version=tls12 force_ciphersuite=TLS-RSA-PSK-WITH-AES-128-CBC-SHA \ - psk_identity=foo psk=abc123 extended_ms=1" \ + psk_identity=foo psk=73776f726466697368 extended_ms=1" \ 0 \ -c "session hash for extended master secret"\ -s "session hash for extended master secret"\ @@ -8479,10 +8479,10 @@ run_test "PSK callback: raw rsa-psk on client, static opaque on server, no ca requires_config_enabled MBEDTLS_USE_PSA_CRYPTO run_test "PSK callback: raw rsa-psk on client, static opaque on server, no callback, EMS, SHA384" \ - "$P_SRV debug_level=3 psk=abc123 psk_identity=foo psk_opaque=1 min_version=tls12 \ + "$P_SRV debug_level=3 psk=73776f726466697368 psk_identity=foo psk_opaque=1 min_version=tls12 \ force_ciphersuite=TLS-RSA-PSK-WITH-AES-256-CBC-SHA384 extended_ms=1" \ "$P_CLI debug_level=3 min_version=tls12 force_ciphersuite=TLS-RSA-PSK-WITH-AES-256-CBC-SHA384 \ - psk_identity=foo psk=abc123 extended_ms=1" \ + psk_identity=foo psk=73776f726466697368 extended_ms=1" \ 0 \ -c "session hash for extended master secret"\ -s "session hash for extended master secret"\ @@ -8492,9 +8492,9 @@ run_test "PSK callback: raw rsa-psk on client, static opaque on server, no ca requires_config_enabled MBEDTLS_USE_PSA_CRYPTO run_test "PSK callback: raw ecdhe-psk on client, static opaque on server, no callback" \ - "$P_SRV extended_ms=0 debug_level=5 psk=abc123 psk_identity=foo psk_opaque=1 min_version=tls12 force_ciphersuite=TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA" \ + "$P_SRV extended_ms=0 debug_level=5 psk=73776f726466697368 psk_identity=foo psk_opaque=1 min_version=tls12 force_ciphersuite=TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA" \ "$P_CLI extended_ms=0 debug_level=5 min_version=tls12 force_ciphersuite=TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA \ - psk_identity=foo psk=abc123" \ + psk_identity=foo psk=73776f726466697368" \ 0 \ -C "session hash for extended master secret"\ -S "session hash for extended master secret"\ @@ -8504,9 +8504,9 @@ run_test "PSK callback: raw ecdhe-psk on client, static opaque on server, no requires_config_enabled MBEDTLS_USE_PSA_CRYPTO run_test "PSK callback: raw ecdhe-psk on client, static opaque on server, no callback, SHA-384" \ - "$P_SRV extended_ms=0 debug_level=1 psk=abc123 psk_identity=foo psk_opaque=1 min_version=tls12 force_ciphersuite=TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA384" \ + "$P_SRV extended_ms=0 debug_level=1 psk=73776f726466697368 psk_identity=foo psk_opaque=1 min_version=tls12 force_ciphersuite=TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA384" \ "$P_CLI extended_ms=0 debug_level=1 min_version=tls12 force_ciphersuite=TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA384 \ - psk_identity=foo psk=abc123" \ + psk_identity=foo psk=73776f726466697368" \ 0 \ -C "session hash for extended master secret"\ -S "session hash for extended master secret"\ @@ -8516,10 +8516,10 @@ run_test "PSK callback: raw ecdhe-psk on client, static opaque on server, no requires_config_enabled MBEDTLS_USE_PSA_CRYPTO run_test "PSK callback: raw ecdhe-psk on client, static opaque on server, no callback, EMS" \ - "$P_SRV debug_level=3 psk=abc123 psk_identity=foo psk_opaque=1 min_version=tls12 \ + "$P_SRV debug_level=3 psk=73776f726466697368 psk_identity=foo psk_opaque=1 min_version=tls12 \ force_ciphersuite=TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA extended_ms=1" \ "$P_CLI debug_level=3 min_version=tls12 force_ciphersuite=TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA \ - psk_identity=foo psk=abc123 extended_ms=1" \ + psk_identity=foo psk=73776f726466697368 extended_ms=1" \ 0 \ -c "session hash for extended master secret"\ -s "session hash for extended master secret"\ @@ -8529,10 +8529,10 @@ run_test "PSK callback: raw ecdhe-psk on client, static opaque on server, no requires_config_enabled MBEDTLS_USE_PSA_CRYPTO run_test "PSK callback: raw ecdhe-psk on client, static opaque on server, no callback, EMS, SHA384" \ - "$P_SRV debug_level=3 psk=abc123 psk_identity=foo psk_opaque=1 min_version=tls12 \ + "$P_SRV debug_level=3 psk=73776f726466697368 psk_identity=foo psk_opaque=1 min_version=tls12 \ force_ciphersuite=TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA384 extended_ms=1" \ "$P_CLI debug_level=3 min_version=tls12 force_ciphersuite=TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA384 \ - psk_identity=foo psk=abc123 extended_ms=1" \ + psk_identity=foo psk=73776f726466697368 extended_ms=1" \ 0 \ -c "session hash for extended master secret"\ -s "session hash for extended master secret"\ @@ -8542,9 +8542,9 @@ run_test "PSK callback: raw ecdhe-psk on client, static opaque on server, no requires_config_enabled MBEDTLS_USE_PSA_CRYPTO run_test "PSK callback: raw dhe-psk on client, static opaque on server, no callback" \ - "$P_SRV extended_ms=0 debug_level=5 psk=abc123 psk_identity=foo psk_opaque=1 min_version=tls12 force_ciphersuite=TLS-DHE-PSK-WITH-AES-128-CBC-SHA" \ + "$P_SRV extended_ms=0 debug_level=5 psk=73776f726466697368 psk_identity=foo psk_opaque=1 min_version=tls12 force_ciphersuite=TLS-DHE-PSK-WITH-AES-128-CBC-SHA" \ "$P_CLI extended_ms=0 debug_level=5 min_version=tls12 force_ciphersuite=TLS-DHE-PSK-WITH-AES-128-CBC-SHA \ - psk_identity=foo psk=abc123" \ + psk_identity=foo psk=73776f726466697368" \ 0 \ -C "session hash for extended master secret"\ -S "session hash for extended master secret"\ @@ -8554,9 +8554,9 @@ run_test "PSK callback: raw dhe-psk on client, static opaque on server, no ca requires_config_enabled MBEDTLS_USE_PSA_CRYPTO run_test "PSK callback: raw dhe-psk on client, static opaque on server, no callback, SHA-384" \ - "$P_SRV extended_ms=0 debug_level=1 psk=abc123 psk_identity=foo psk_opaque=1 min_version=tls12 force_ciphersuite=TLS-DHE-PSK-WITH-AES-256-CBC-SHA384" \ + "$P_SRV extended_ms=0 debug_level=1 psk=73776f726466697368 psk_identity=foo psk_opaque=1 min_version=tls12 force_ciphersuite=TLS-DHE-PSK-WITH-AES-256-CBC-SHA384" \ "$P_CLI extended_ms=0 debug_level=1 min_version=tls12 force_ciphersuite=TLS-DHE-PSK-WITH-AES-256-CBC-SHA384 \ - psk_identity=foo psk=abc123" \ + psk_identity=foo psk=73776f726466697368" \ 0 \ -C "session hash for extended master secret"\ -S "session hash for extended master secret"\ @@ -8566,10 +8566,10 @@ run_test "PSK callback: raw dhe-psk on client, static opaque on server, no ca requires_config_enabled MBEDTLS_USE_PSA_CRYPTO run_test "PSK callback: raw dhe-psk on client, static opaque on server, no callback, EMS" \ - "$P_SRV debug_level=3 psk=abc123 psk_identity=foo psk_opaque=1 min_version=tls12 \ + "$P_SRV debug_level=3 psk=73776f726466697368 psk_identity=foo psk_opaque=1 min_version=tls12 \ force_ciphersuite=TLS-DHE-PSK-WITH-AES-128-CBC-SHA extended_ms=1" \ "$P_CLI debug_level=3 min_version=tls12 force_ciphersuite=TLS-DHE-PSK-WITH-AES-128-CBC-SHA \ - psk_identity=foo psk=abc123 extended_ms=1" \ + psk_identity=foo psk=73776f726466697368 extended_ms=1" \ 0 \ -c "session hash for extended master secret"\ -s "session hash for extended master secret"\ @@ -8579,10 +8579,10 @@ run_test "PSK callback: raw dhe-psk on client, static opaque on server, no ca requires_config_enabled MBEDTLS_USE_PSA_CRYPTO run_test "PSK callback: raw dhe-psk on client, static opaque on server, no callback, EMS, SHA384" \ - "$P_SRV debug_level=3 psk=abc123 psk_identity=foo psk_opaque=1 min_version=tls12 \ + "$P_SRV debug_level=3 psk=73776f726466697368 psk_identity=foo psk_opaque=1 min_version=tls12 \ force_ciphersuite=TLS-DHE-PSK-WITH-AES-256-CBC-SHA384 extended_ms=1" \ "$P_CLI debug_level=3 min_version=tls12 force_ciphersuite=TLS-DHE-PSK-WITH-AES-256-CBC-SHA384 \ - psk_identity=foo psk=abc123 extended_ms=1" \ + psk_identity=foo psk=73776f726466697368 extended_ms=1" \ 0 \ -c "session hash for extended master secret"\ -s "session hash for extended master secret"\ @@ -8792,7 +8792,7 @@ run_test "PSK callback: raw dhe-psk on client, no static DHE-PSK on server, o requires_config_enabled MBEDTLS_USE_PSA_CRYPTO run_test "PSK callback: raw psk on client, mismatching static raw PSK on server, opaque PSK from callback" \ - "$P_SRV extended_ms=0 psk_identity=foo psk=abc123 debug_level=3 psk_list=abc,dead,def,beef psk_list_opaque=1 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA" \ + "$P_SRV extended_ms=0 psk_identity=foo psk=73776f726466697368 debug_level=3 psk_list=abc,dead,def,beef psk_list_opaque=1 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA" \ "$P_CLI extended_ms=0 debug_level=3 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \ psk_identity=def psk=beef" \ 0 \ @@ -8804,7 +8804,7 @@ run_test "PSK callback: raw psk on client, mismatching static raw PSK on serv requires_config_enabled MBEDTLS_USE_PSA_CRYPTO run_test "PSK callback: raw psk on client, mismatching static opaque PSK on server, opaque PSK from callback" \ - "$P_SRV extended_ms=0 psk_opaque=1 psk_identity=foo psk=abc123 debug_level=3 psk_list=abc,dead,def,beef psk_list_opaque=1 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA" \ + "$P_SRV extended_ms=0 psk_opaque=1 psk_identity=foo psk=73776f726466697368 debug_level=3 psk_list=abc,dead,def,beef psk_list_opaque=1 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA" \ "$P_CLI extended_ms=0 debug_level=3 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \ psk_identity=def psk=beef" \ 0 \ @@ -8816,7 +8816,7 @@ run_test "PSK callback: raw psk on client, mismatching static opaque PSK on s requires_config_enabled MBEDTLS_USE_PSA_CRYPTO run_test "PSK callback: raw psk on client, mismatching static opaque PSK on server, raw PSK from callback" \ - "$P_SRV extended_ms=0 psk_opaque=1 psk_identity=foo psk=abc123 debug_level=3 psk_list=abc,dead,def,beef min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA" \ + "$P_SRV extended_ms=0 psk_opaque=1 psk_identity=foo psk=73776f726466697368 debug_level=3 psk_list=abc,dead,def,beef min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA" \ "$P_CLI extended_ms=0 debug_level=3 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \ psk_identity=def psk=beef" \ 0 \ @@ -8828,7 +8828,7 @@ run_test "PSK callback: raw psk on client, mismatching static opaque PSK on s requires_config_enabled MBEDTLS_USE_PSA_CRYPTO run_test "PSK callback: raw psk on client, id-matching but wrong raw PSK on server, opaque PSK from callback" \ - "$P_SRV extended_ms=0 psk_opaque=1 psk_identity=def psk=abc123 debug_level=3 psk_list=abc,dead,def,beef min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA" \ + "$P_SRV extended_ms=0 psk_opaque=1 psk_identity=def psk=73776f726466697368 debug_level=3 psk_list=abc,dead,def,beef min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA" \ "$P_CLI extended_ms=0 debug_level=3 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \ psk_identity=def psk=beef" \ 0 \ @@ -8840,7 +8840,7 @@ run_test "PSK callback: raw psk on client, id-matching but wrong raw PSK on s requires_config_enabled MBEDTLS_USE_PSA_CRYPTO run_test "PSK callback: raw psk on client, matching opaque PSK on server, wrong opaque PSK from callback" \ - "$P_SRV extended_ms=0 psk_opaque=1 psk_identity=def psk=beef debug_level=3 psk_list=abc,dead,def,abc123 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA" \ + "$P_SRV extended_ms=0 psk_opaque=1 psk_identity=def psk=beef debug_level=3 psk_list=abc,dead,def,73776f726466697368 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA" \ "$P_CLI extended_ms=0 debug_level=3 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \ psk_identity=def psk=beef" \ 1 \ @@ -8849,16 +8849,16 @@ run_test "PSK callback: raw psk on client, matching opaque PSK on server, wro run_test "PSK callback: no psk, no callback" \ "$P_SRV" \ "$P_CLI force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \ - psk_identity=foo psk=abc123" \ + psk_identity=foo psk=73776f726466697368" \ 1 \ -s "SSL - The handshake negotiation failed" \ -S "SSL - Unknown identity received" \ -S "SSL - Verification of the message MAC failed" run_test "PSK callback: callback overrides other settings" \ - "$P_SRV psk=abc123 psk_identity=foo psk_list=abc,dead,def,beef" \ + "$P_SRV psk=73776f726466697368 psk_identity=foo psk_list=abc,dead,def,beef" \ "$P_CLI force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \ - psk_identity=foo psk=abc123" \ + psk_identity=foo psk=73776f726466697368" \ 1 \ -S "SSL - The handshake negotiation failed" \ -s "SSL - Unknown identity received" \ @@ -9690,9 +9690,9 @@ run_test "SSL async private: decrypt, delay=1" \ requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE run_test "SSL async private: decrypt RSA-PSK, delay=0" \ - "$P_SRV psk=abc123 \ + "$P_SRV psk=73776f726466697368 \ async_operations=d async_private_delay1=0 async_private_delay2=0" \ - "$P_CLI psk=abc123 \ + "$P_CLI psk=73776f726466697368 \ force_ciphersuite=TLS-RSA-PSK-WITH-AES-128-CBC-SHA256" \ 0 \ -s "Async decrypt callback: using key slot " \ @@ -9700,9 +9700,9 @@ run_test "SSL async private: decrypt RSA-PSK, delay=0" \ requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE run_test "SSL async private: decrypt RSA-PSK, delay=1" \ - "$P_SRV psk=abc123 \ + "$P_SRV psk=73776f726466697368 \ async_operations=d async_private_delay1=1 async_private_delay2=1" \ - "$P_CLI psk=abc123 \ + "$P_CLI psk=73776f726466697368 \ force_ciphersuite=TLS-RSA-PSK-WITH-AES-128-CBC-SHA256" \ 0 \ -s "Async decrypt callback: using key slot " \ @@ -10152,7 +10152,7 @@ run_test "DTLS client auth: none, client has no cert" \ -s "! Certificate verification was skipped" run_test "DTLS wrong PSK: badmac alert" \ - "$P_SRV dtls=1 psk=abc123 force_ciphersuite=TLS-PSK-WITH-AES-128-GCM-SHA256" \ + "$P_SRV dtls=1 psk=73776f726466697368 force_ciphersuite=TLS-PSK-WITH-AES-128-GCM-SHA256" \ "$P_CLI dtls=1 psk=abc124" \ 1 \ -s "SSL - Verification of the message MAC failed" \ @@ -11921,8 +11921,8 @@ requires_config_value_at_least "MBEDTLS_SSL_DTLS_MAX_BUFFERING" 190 requires_config_value_at_most "MBEDTLS_SSL_DTLS_MAX_BUFFERING" 230 run_test "DTLS reordering: Buffer encrypted Finished message, drop for fragmented NewSessionTicket" \ -p "$P_PXY delay_srv=NewSessionTicket delay_srv=NewSessionTicket delay_ccs=1" \ - "$P_SRV mtu=140 response_size=90 dgram_packing=0 psk=abc123 psk_identity=foo cookies=0 dtls=1 debug_level=2" \ - "$P_CLI dgram_packing=0 dtls=1 debug_level=2 force_ciphersuite=TLS-PSK-WITH-AES-128-CCM-8 psk=abc123 psk_identity=foo" \ + "$P_SRV mtu=140 response_size=90 dgram_packing=0 psk=73776f726466697368 psk_identity=foo cookies=0 dtls=1 debug_level=2" \ + "$P_CLI dgram_packing=0 dtls=1 debug_level=2 force_ciphersuite=TLS-PSK-WITH-AES-128-CCM-8 psk=73776f726466697368 psk_identity=foo" \ 0 \ -s "Buffer record from epoch 1" \ -s "Found buffered record from current epoch - load" \ @@ -11936,8 +11936,8 @@ client_needs_more_time 2 run_test "DTLS proxy: 3d (drop, delay, duplicate), \"short\" PSK handshake" \ -p "$P_PXY drop=5 delay=5 duplicate=5" \ "$P_SRV dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 auth_mode=none \ - psk=abc123" \ - "$P_CLI dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 psk=abc123 \ + psk=73776f726466697368" \ + "$P_CLI dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 psk=73776f726466697368 \ force_ciphersuite=TLS-PSK-WITH-AES-128-CCM-8" \ 0 \ -s "Extra-header:" \ @@ -12012,8 +12012,8 @@ requires_config_enabled MBEDTLS_SSL_CACHE_C run_test "DTLS proxy: 3d, min handshake, resumption" \ -p "$P_PXY drop=5 delay=5 duplicate=5" \ "$P_SRV dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 auth_mode=none \ - psk=abc123 debug_level=3" \ - "$P_CLI dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 psk=abc123 \ + psk=73776f726466697368 debug_level=3" \ + "$P_CLI dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 psk=73776f726466697368 \ debug_level=3 reconnect=1 skip_close_notify=1 read_timeout=1000 max_resend=10 \ force_ciphersuite=TLS-PSK-WITH-AES-128-CCM-8" \ 0 \ @@ -12027,8 +12027,8 @@ requires_config_enabled MBEDTLS_SSL_CACHE_C run_test "DTLS proxy: 3d, min handshake, resumption, nbio" \ -p "$P_PXY drop=5 delay=5 duplicate=5" \ "$P_SRV dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 auth_mode=none \ - psk=abc123 debug_level=3 nbio=2" \ - "$P_CLI dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 psk=abc123 \ + psk=73776f726466697368 debug_level=3 nbio=2" \ + "$P_CLI dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 psk=73776f726466697368 \ debug_level=3 reconnect=1 skip_close_notify=1 read_timeout=1000 max_resend=10 \ force_ciphersuite=TLS-PSK-WITH-AES-128-CCM-8 nbio=2" \ 0 \ @@ -12042,8 +12042,8 @@ requires_config_enabled MBEDTLS_SSL_RENEGOTIATION run_test "DTLS proxy: 3d, min handshake, client-initiated renego" \ -p "$P_PXY drop=5 delay=5 duplicate=5" \ "$P_SRV dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 auth_mode=none \ - psk=abc123 renegotiation=1 debug_level=2" \ - "$P_CLI dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 psk=abc123 \ + psk=73776f726466697368 renegotiation=1 debug_level=2" \ + "$P_CLI dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 psk=73776f726466697368 \ renegotiate=1 debug_level=2 \ force_ciphersuite=TLS-PSK-WITH-AES-128-CCM-8" \ 0 \ @@ -12057,8 +12057,8 @@ requires_config_enabled MBEDTLS_SSL_RENEGOTIATION run_test "DTLS proxy: 3d, min handshake, client-initiated renego, nbio" \ -p "$P_PXY drop=5 delay=5 duplicate=5" \ "$P_SRV dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 auth_mode=none \ - psk=abc123 renegotiation=1 debug_level=2" \ - "$P_CLI dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 psk=abc123 \ + psk=73776f726466697368 renegotiation=1 debug_level=2" \ + "$P_CLI dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 psk=73776f726466697368 \ renegotiate=1 debug_level=2 \ force_ciphersuite=TLS-PSK-WITH-AES-128-CCM-8" \ 0 \ @@ -12072,9 +12072,9 @@ requires_config_enabled MBEDTLS_SSL_RENEGOTIATION run_test "DTLS proxy: 3d, min handshake, server-initiated renego" \ -p "$P_PXY drop=5 delay=5 duplicate=5" \ "$P_SRV dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 auth_mode=none \ - psk=abc123 renegotiate=1 renegotiation=1 exchanges=4 \ + psk=73776f726466697368 renegotiate=1 renegotiation=1 exchanges=4 \ debug_level=2" \ - "$P_CLI dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 psk=abc123 \ + "$P_CLI dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 psk=73776f726466697368 \ renegotiation=1 exchanges=4 debug_level=2 \ force_ciphersuite=TLS-PSK-WITH-AES-128-CCM-8" \ 0 \ @@ -12088,9 +12088,9 @@ requires_config_enabled MBEDTLS_SSL_RENEGOTIATION run_test "DTLS proxy: 3d, min handshake, server-initiated renego, nbio" \ -p "$P_PXY drop=5 delay=5 duplicate=5" \ "$P_SRV dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 auth_mode=none \ - psk=abc123 renegotiate=1 renegotiation=1 exchanges=4 \ + psk=73776f726466697368 renegotiate=1 renegotiation=1 exchanges=4 \ debug_level=2 nbio=2" \ - "$P_CLI dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 psk=abc123 \ + "$P_CLI dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 psk=73776f726466697368 \ renegotiation=1 exchanges=4 debug_level=2 nbio=2 \ force_ciphersuite=TLS-PSK-WITH-AES-128-CCM-8" \ 0 \ From 270dcd15d905e716b6f968892744d33156814af6 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Mon, 8 Apr 2024 13:44:41 +0200 Subject: [PATCH 145/429] tests: update Makefile to generate tests/src/test_keys.h Signed-off-by: Valerio Setti --- tests/data_files/Makefile | 3 +++ tests/scripts/generate_test_keys.py | 15 +++++++++++---- 2 files changed, 14 insertions(+), 4 deletions(-) diff --git a/tests/data_files/Makefile b/tests/data_files/Makefile index 01d2379d1e..e8917f170f 100644 --- a/tests/data_files/Makefile +++ b/tests/data_files/Makefile @@ -2157,6 +2157,9 @@ TEST_CERTS_H_INPUT_FILES=test-ca2.crt \ --string TEST_CLI_KEY_RSA_PEM=cli-rsa.key \ --binary TEST_CLI_KEY_RSA_DER=cli-rsa.key.der +../src/test_keys.h: ../scripts/generate_test_keys.py + ../scripts/generate_test_keys.py --output $@ + ################################################################ #### Diffie-Hellman parameters ################################################################ diff --git a/tests/scripts/generate_test_keys.py b/tests/scripts/generate_test_keys.py index 0a67a784cb..9920933692 100755 --- a/tests/scripts/generate_test_keys.py +++ b/tests/scripts/generate_test_keys.py @@ -9,6 +9,7 @@ generating the required key at run time. This helps speeding up testing.""" import os from typing import Iterator import re +import argparse import scripts_path # pylint: disable=unused-import from mbedtls_dev.asymmetric_key_data import ASYMMETRIC_KEY_DATA @@ -90,11 +91,17 @@ def get_look_up_table_entry(key_type: str, group_id_or_keybits: str, yield " {0}, sizeof({0}) }},".format(pub_array_name) def main() -> None: - # Remove output file if already existing. - if os.path.exists(OUTPUT_HEADER_FILE): - os.remove(OUTPUT_HEADER_FILE) + argparser = argparse.ArgumentParser() + argparser.add_argument("--output", required=True, help="Output file") + args = argparser.parse_args() - output_file = open(OUTPUT_HEADER_FILE, 'at') + output_file = args.output + # Remove output file if already existing. + if os.path.exists(output_file): + print("Warning: {} already existing, it will be overwritten.", output_file) + os.remove(output_file) + + output_file = open(output_file, 'at') output_file.write( "/*********************************************************************************\n" + " * This file was automatically generated from tests/scripts/generate_test_keys.py.\n" + From 8284f3dcbcca1aeeb6db4631a61f953bfd13a2a1 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Mon, 8 Apr 2024 17:52:12 +0200 Subject: [PATCH 146/429] test: automatically generate test_certs.h and test_keys.h Ensure that when tests are built also test_certs.h and test_keys.h are generated. Signed-off-by: Valerio Setti --- CMakeLists.txt | 117 +++++++++++++++++++++++++++++++++++++- tests/Makefile | 67 ++++++++++++++++++++++ tests/data_files/Makefile | 69 ---------------------- tests/src/test_certs.h | 112 ++++++++++++++++++------------------ 4 files changed, 239 insertions(+), 126 deletions(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index fb9e1c31db..565e92e7a7 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -311,10 +311,125 @@ add_subdirectory(pkgconfig) # to define the test executables. # if(ENABLE_TESTING OR ENABLE_PROGRAMS) + add_custom_command( + OUTPUT + ./tests/src/test_keys.h + WORKING_DIRECTORY + ${CMAKE_CURRENT_SOURCE_DIR} + COMMAND + ${MBEDTLS_PYTHON_EXECUTABLE} + "${CMAKE_CURRENT_SOURCE_DIR}/tests/scripts/generate_test_keys.py" + "--output" + "${CMAKE_CURRENT_SOURCE_DIR}/tests/src/test_keys.h" + DEPENDS + ${CMAKE_CURRENT_SOURCE_DIR}/tests/scripts/generate_test_keys.py + ) + add_custom_command( + OUTPUT + ./tests/src/test_certs.h + WORKING_DIRECTORY + ${CMAKE_CURRENT_SOURCE_DIR} + COMMAND + "${MBEDTLS_PYTHON_EXECUTABLE}" + "${CMAKE_CURRENT_SOURCE_DIR}/tests/scripts/generate_test_cert_macros.py" + "--output" + "${CMAKE_CURRENT_SOURCE_DIR}/tests/src/test_certs.h" + "--string" + "TEST_CA_CRT_EC_PEM=${CMAKE_CURRENT_SOURCE_DIR}/tests/data_files/test-ca2.crt" + "--binary" + "TEST_CA_CRT_EC_DER=${CMAKE_CURRENT_SOURCE_DIR}/tests/data_files/test-ca2.crt.der" + "--string" + "TEST_CA_KEY_EC_PEM=${CMAKE_CURRENT_SOURCE_DIR}/tests/data_files/test-ca2.key.enc" + "--password" + "TEST_CA_PWD_EC_PEM=PolarSSLTest" + "--binary" + "TEST_CA_KEY_EC_DER=${CMAKE_CURRENT_SOURCE_DIR}/tests/data_files/test-ca2.key.der" + "--string" + "TEST_CA_CRT_RSA_SHA256_PEM=${CMAKE_CURRENT_SOURCE_DIR}/tests/data_files/test-ca-sha256.crt" + "--binary" + "TEST_CA_CRT_RSA_SHA256_DER=${CMAKE_CURRENT_SOURCE_DIR}/tests/data_files/test-ca-sha256.crt.der" + "--string" + "TEST_CA_CRT_RSA_SHA1_PEM=${CMAKE_CURRENT_SOURCE_DIR}/tests/data_files/test-ca-sha1.crt" + "--binary" + "TEST_CA_CRT_RSA_SHA1_DER=${CMAKE_CURRENT_SOURCE_DIR}/tests/data_files/test-ca-sha1.crt.der" + "--string" + "TEST_CA_KEY_RSA_PEM=${CMAKE_CURRENT_SOURCE_DIR}/tests/data_files/test-ca.key" + "--password" + "TEST_CA_PWD_RSA_PEM=PolarSSLTest" + "--binary" + "TEST_CA_KEY_RSA_DER=${CMAKE_CURRENT_SOURCE_DIR}/tests/data_files/test-ca.key.der" + "--string" + "TEST_SRV_CRT_EC_PEM=${CMAKE_CURRENT_SOURCE_DIR}/tests/data_files/server5.crt" + "--binary" + "TEST_SRV_CRT_EC_DER=${CMAKE_CURRENT_SOURCE_DIR}/tests/data_files/server5.crt.der" + "--string" + "TEST_SRV_KEY_EC_PEM=${CMAKE_CURRENT_SOURCE_DIR}/tests/data_files/server5.key" + "--binary" + "TEST_SRV_KEY_EC_DER=${CMAKE_CURRENT_SOURCE_DIR}/tests/data_files/server5.key.der" + "--string" + "TEST_SRV_CRT_RSA_SHA256_PEM=${CMAKE_CURRENT_SOURCE_DIR}/tests/data_files/server2-sha256.crt" + "--binary" + "TEST_SRV_CRT_RSA_SHA256_DER=${CMAKE_CURRENT_SOURCE_DIR}/tests/data_files/server2-sha256.crt.der" + "--string" + "TEST_SRV_CRT_RSA_SHA1_PEM=${CMAKE_CURRENT_SOURCE_DIR}/tests/data_files/server2.crt" + "--binary" + "TEST_SRV_CRT_RSA_SHA1_DER=${CMAKE_CURRENT_SOURCE_DIR}/tests/data_files/server2.crt.der" + "--string" + "TEST_SRV_KEY_RSA_PEM=${CMAKE_CURRENT_SOURCE_DIR}/tests/data_files/server2.key" + "--binary" + "TEST_SRV_KEY_RSA_DER=${CMAKE_CURRENT_SOURCE_DIR}/tests/data_files/server2.key.der" + "--string" + "TEST_CLI_CRT_EC_PEM=${CMAKE_CURRENT_SOURCE_DIR}/tests/data_files/cli2.crt" + "--binary" + "TEST_CLI_CRT_EC_DER=${CMAKE_CURRENT_SOURCE_DIR}/tests/data_files/cli2.crt.der" + "--string" + "TEST_CLI_KEY_EC_PEM=${CMAKE_CURRENT_SOURCE_DIR}/tests/data_files/cli2.key" + "--binary" + "TEST_CLI_KEY_EC_DER=${CMAKE_CURRENT_SOURCE_DIR}/tests/data_files/cli2.key.der" + "--string" + "TEST_CLI_CRT_RSA_PEM=${CMAKE_CURRENT_SOURCE_DIR}/tests/data_files/cli-rsa-sha256.crt" + "--binary" + "TEST_CLI_CRT_RSA_DER=${CMAKE_CURRENT_SOURCE_DIR}/tests/data_files/cli-rsa-sha256.crt.der" + "--string" + "TEST_CLI_KEY_RSA_PEM=${CMAKE_CURRENT_SOURCE_DIR}/tests/data_files/cli-rsa.key" + "--binary" + "TEST_CLI_KEY_RSA_DER=${CMAKE_CURRENT_SOURCE_DIR}/tests/data_files/cli-rsa.key.der" + DEPENDS + ${CMAKE_CURRENT_SOURCE_DIR}/tests/scripts/generate_test_cert_macros.py + ${CMAKE_CURRENT_SOURCE_DIR}/tests/data_files/test-ca2.crt + ${CMAKE_CURRENT_SOURCE_DIR}/tests/data_files/test-ca2.crt.der + ${CMAKE_CURRENT_SOURCE_DIR}/tests/data_files/test-ca2.key.enc + ${CMAKE_CURRENT_SOURCE_DIR}/tests/data_files/test-ca2.key.der + ${CMAKE_CURRENT_SOURCE_DIR}/tests/data_files/test-ca-sha256.crt + ${CMAKE_CURRENT_SOURCE_DIR}/tests/data_files/test-ca-sha256.crt.der + ${CMAKE_CURRENT_SOURCE_DIR}/tests/data_files/test-ca-sha1.crt + ${CMAKE_CURRENT_SOURCE_DIR}/tests/data_files/test-ca-sha1.crt.der + ${CMAKE_CURRENT_SOURCE_DIR}/tests/data_files/test-ca.key + ${CMAKE_CURRENT_SOURCE_DIR}/tests/data_files/test-ca.key.der + ${CMAKE_CURRENT_SOURCE_DIR}/tests/data_files/server5.crt + ${CMAKE_CURRENT_SOURCE_DIR}/tests/data_files/server5.crt.der + ${CMAKE_CURRENT_SOURCE_DIR}/tests/data_files/server5.key + ${CMAKE_CURRENT_SOURCE_DIR}/tests/data_files/server5.key.der + ${CMAKE_CURRENT_SOURCE_DIR}/tests/data_files/server2-sha256.crt + ${CMAKE_CURRENT_SOURCE_DIR}/tests/data_files/server2-sha256.crt.der + ${CMAKE_CURRENT_SOURCE_DIR}/tests/data_files/server2.crt + ${CMAKE_CURRENT_SOURCE_DIR}/tests/data_files/server2.crt.der + ${CMAKE_CURRENT_SOURCE_DIR}/tests/data_files/server2.key + ${CMAKE_CURRENT_SOURCE_DIR}/tests/data_files/server2.key.der + ${CMAKE_CURRENT_SOURCE_DIR}/tests/data_files/cli2.crt + ${CMAKE_CURRENT_SOURCE_DIR}/tests/data_files/cli2.crt.der + ${CMAKE_CURRENT_SOURCE_DIR}/tests/data_files/cli2.key + ${CMAKE_CURRENT_SOURCE_DIR}/tests/data_files/cli2.key.der + ${CMAKE_CURRENT_SOURCE_DIR}/tests/data_files/cli-rsa-sha256.crt + ${CMAKE_CURRENT_SOURCE_DIR}/tests/data_files/cli-rsa-sha256.crt.der + ${CMAKE_CURRENT_SOURCE_DIR}/tests/data_files/cli-rsa.key + ${CMAKE_CURRENT_SOURCE_DIR}/tests/data_files/cli-rsa.key.der + ) file(GLOB MBEDTLS_TEST_FILES ${CMAKE_CURRENT_SOURCE_DIR}/tests/src/*.c ${CMAKE_CURRENT_SOURCE_DIR}/tests/src/drivers/*.c) - add_library(mbedtls_test OBJECT ${MBEDTLS_TEST_FILES}) + add_library(mbedtls_test OBJECT ${MBEDTLS_TEST_FILES} + ./tests/src/test_keys.h ./tests/src/test_certs.h) target_include_directories(mbedtls_test PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/tests/include PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/include diff --git a/tests/Makefile b/tests/Makefile index c2a0b84f07..5b2ee10256 100644 --- a/tests/Makefile +++ b/tests/Makefile @@ -112,6 +112,72 @@ all: $(BINARIES) mbedtls_test: $(MBEDTLS_TEST_OBJS) +TEST_CERTS_H_INPUT_FILES=\ + data_files/test-ca2.crt \ + data_files/test-ca2.crt.der \ + data_files/test-ca2.key.enc \ + data_files/test-ca2.key.der \ + data_files/test-ca-sha256.crt \ + data_files/test-ca-sha256.crt.der \ + data_files/test-ca-sha1.crt \ + data_files/test-ca-sha1.crt.der \ + data_files/test-ca.key \ + data_files/test-ca.key.der \ + data_files/server5.crt \ + data_files/server5.crt.der \ + data_files/server5.key \ + data_files/server5.key.der \ + data_files/server2-sha256.crt \ + data_files/server2-sha256.crt.der \ + data_files/server2.crt \ + data_files/server2.crt.der \ + data_files/server2.key \ + data_files/server2.key.der \ + data_files/cli2.crt \ + data_files/cli2.crt.der \ + data_files/cli2.key \ + data_files/cli2.key.der \ + data_files/cli-rsa-sha256.crt \ + data_files/cli-rsa-sha256.crt.der \ + data_files/cli-rsa.key \ + data_files/cli-rsa.key.der +src/test_certs.h: scripts/generate_test_cert_macros.py \ + $(TEST_CERTS_H_INPUT_FILES) + $(PYTHON) scripts/generate_test_cert_macros.py --output $@ \ + --string TEST_CA_CRT_EC_PEM=data_files/test-ca2.crt \ + --binary TEST_CA_CRT_EC_DER=data_files/test-ca2.crt.der \ + --string TEST_CA_KEY_EC_PEM=data_files/test-ca2.key.enc \ + --password TEST_CA_PWD_EC_PEM=PolarSSLTest \ + --binary TEST_CA_KEY_EC_DER=data_files/test-ca2.key.der \ + --string TEST_CA_CRT_RSA_SHA256_PEM=data_files/test-ca-sha256.crt \ + --binary TEST_CA_CRT_RSA_SHA256_DER=data_files/test-ca-sha256.crt.der \ + --string TEST_CA_CRT_RSA_SHA1_PEM=data_files/test-ca-sha1.crt \ + --binary TEST_CA_CRT_RSA_SHA1_DER=data_files/test-ca-sha1.crt.der \ + --string TEST_CA_KEY_RSA_PEM=data_files/test-ca.key \ + --password TEST_CA_PWD_RSA_PEM=PolarSSLTest \ + --binary TEST_CA_KEY_RSA_DER=data_files/test-ca.key.der \ + --string TEST_SRV_CRT_EC_PEM=data_files/server5.crt \ + --binary TEST_SRV_CRT_EC_DER=data_files/server5.crt.der \ + --string TEST_SRV_KEY_EC_PEM=data_files/server5.key \ + --binary TEST_SRV_KEY_EC_DER=data_files/server5.key.der \ + --string TEST_SRV_CRT_RSA_SHA256_PEM=data_files/server2-sha256.crt \ + --binary TEST_SRV_CRT_RSA_SHA256_DER=data_files/server2-sha256.crt.der \ + --string TEST_SRV_CRT_RSA_SHA1_PEM=data_files/server2.crt \ + --binary TEST_SRV_CRT_RSA_SHA1_DER=data_files/server2.crt.der \ + --string TEST_SRV_KEY_RSA_PEM=data_files/server2.key \ + --binary TEST_SRV_KEY_RSA_DER=data_files/server2.key.der \ + --string TEST_CLI_CRT_EC_PEM=data_files/cli2.crt \ + --binary TEST_CLI_CRT_EC_DER=data_files/cli2.crt.der \ + --string TEST_CLI_KEY_EC_PEM=data_files/cli2.key \ + --binary TEST_CLI_KEY_EC_DER=data_files/cli2.key.der \ + --string TEST_CLI_CRT_RSA_PEM=data_files/cli-rsa-sha256.crt \ + --binary TEST_CLI_CRT_RSA_DER=data_files/cli-rsa-sha256.crt.der \ + --string TEST_CLI_KEY_RSA_PEM=data_files/cli-rsa.key \ + --binary TEST_CLI_KEY_RSA_DER=data_files/cli-rsa.key.der + +src/test_keys.h: scripts/generate_test_keys.py + scripts/generate_test_keys.py --output $@ + TEST_OBJS_DEPS = $(wildcard include/test/*.h include/test/*/*.h) ifdef RECORD_PSA_STATUS_COVERAGE_LOG # Explicitly depend on this header because on a clean copy of the source tree, @@ -119,6 +185,7 @@ ifdef RECORD_PSA_STATUS_COVERAGE_LOG # therefore the wildcard enumeration above doesn't include it. TEST_OBJS_DEPS += include/test/instrument_record_status.h endif +TEST_OBJS_DEPS += src/test_certs.h src/test_keys.h # Rule to compile common test C files in src folder src/%.o : src/%.c $(TEST_OBJS_DEPS) diff --git a/tests/data_files/Makefile b/tests/data_files/Makefile index e8917f170f..68b3a05380 100644 --- a/tests/data_files/Makefile +++ b/tests/data_files/Makefile @@ -2091,75 +2091,6 @@ all_final += server2-v1.crt server2-v1-chain.crt: server2-v1.crt server1-v1.crt cat $^ > $@ -################################################################ -#### Generate C format test certs header -################################################################ - -TEST_CERTS_H_INPUT_FILES=test-ca2.crt \ - test-ca2.crt.der \ - test-ca2.key.enc \ - test-ca2.key.der \ - test-ca-sha256.crt \ - test-ca-sha256.crt.der \ - test-ca-sha1.crt \ - test-ca-sha1.crt.der \ - test-ca.key \ - test-ca.key.der \ - server5.crt \ - server5.crt.der \ - server5.key \ - server5.key.der \ - server2-sha256.crt \ - server2-sha256.crt.der \ - server2.crt \ - server2.crt.der \ - server2.key \ - server2.key.der \ - cli2.crt \ - cli2.crt.der \ - cli2.key \ - cli2.key.der \ - cli-rsa-sha256.crt \ - cli-rsa-sha256.crt.der \ - cli-rsa.key \ - cli-rsa.key.der -../src/test_certs.h: ../scripts/generate_test_cert_macros.py \ - $(TEST_CERTS_H_INPUT_FILES) - ../scripts/generate_test_cert_macros.py --output $@ \ - --string TEST_CA_CRT_EC_PEM=test-ca2.crt \ - --binary TEST_CA_CRT_EC_DER=test-ca2.crt.der \ - --string TEST_CA_KEY_EC_PEM=test-ca2.key.enc \ - --password TEST_CA_PWD_EC_PEM=PolarSSLTest \ - --binary TEST_CA_KEY_EC_DER=test-ca2.key.der \ - --string TEST_CA_CRT_RSA_SHA256_PEM=test-ca-sha256.crt \ - --binary TEST_CA_CRT_RSA_SHA256_DER=test-ca-sha256.crt.der \ - --string TEST_CA_CRT_RSA_SHA1_PEM=test-ca-sha1.crt \ - --binary TEST_CA_CRT_RSA_SHA1_DER=test-ca-sha1.crt.der \ - --string TEST_CA_KEY_RSA_PEM=test-ca.key \ - --password TEST_CA_PWD_RSA_PEM=PolarSSLTest \ - --binary TEST_CA_KEY_RSA_DER=test-ca.key.der \ - --string TEST_SRV_CRT_EC_PEM=server5.crt \ - --binary TEST_SRV_CRT_EC_DER=server5.crt.der \ - --string TEST_SRV_KEY_EC_PEM=server5.key \ - --binary TEST_SRV_KEY_EC_DER=server5.key.der \ - --string TEST_SRV_CRT_RSA_SHA256_PEM=server2-sha256.crt \ - --binary TEST_SRV_CRT_RSA_SHA256_DER=server2-sha256.crt.der \ - --string TEST_SRV_CRT_RSA_SHA1_PEM=server2.crt \ - --binary TEST_SRV_CRT_RSA_SHA1_DER=server2.crt.der \ - --string TEST_SRV_KEY_RSA_PEM=server2.key \ - --binary TEST_SRV_KEY_RSA_DER=server2.key.der \ - --string TEST_CLI_CRT_EC_PEM=cli2.crt \ - --binary TEST_CLI_CRT_EC_DER=cli2.crt.der \ - --string TEST_CLI_KEY_EC_PEM=cli2.key \ - --binary TEST_CLI_KEY_EC_DER=cli2.key.der \ - --string TEST_CLI_CRT_RSA_PEM=cli-rsa-sha256.crt \ - --binary TEST_CLI_CRT_RSA_DER=cli-rsa-sha256.crt.der \ - --string TEST_CLI_KEY_RSA_PEM=cli-rsa.key \ - --binary TEST_CLI_KEY_RSA_DER=cli-rsa.key.der - -../src/test_keys.h: ../scripts/generate_test_keys.py - ../scripts/generate_test_keys.py --output $@ - ################################################################ #### Diffie-Hellman parameters ################################################################ diff --git a/tests/src/test_certs.h b/tests/src/test_certs.h index b313ea88de..856d89960a 100644 --- a/tests/src/test_certs.h +++ b/tests/src/test_certs.h @@ -8,8 +8,8 @@ /* THIS FILE is generated by `tests/scripts/generate_test_cert_macros.py` */ /* *INDENT-OFF* */ -/* This is taken from test-ca2.crt. */ -/* BEGIN FILE string macro TEST_CA_CRT_EC_PEM test-ca2.crt */ +/* This is taken from data_files/test-ca2.crt. */ +/* BEGIN FILE string macro TEST_CA_CRT_EC_PEM data_files/test-ca2.crt */ #define TEST_CA_CRT_EC_PEM \ "-----BEGIN CERTIFICATE-----\r\n" \ "MIICBzCCAYugAwIBAgIJAMFD4n5iQ8zoMAwGCCqGSM49BAMCBQAwPjELMAkGA1UE\r\n" \ @@ -26,8 +26,8 @@ "-----END CERTIFICATE-----\r\n" /* END FILE */ -/* This is generated from test-ca2.crt.der. */ -/* BEGIN FILE binary macro TEST_CA_CRT_EC_DER test-ca2.crt.der */ +/* This is generated from data_files/test-ca2.crt.der. */ +/* BEGIN FILE binary macro TEST_CA_CRT_EC_DER data_files/test-ca2.crt.der */ #define TEST_CA_CRT_EC_DER { \ 0x30, 0x82, 0x02, 0x07, 0x30, 0x82, 0x01, 0x8b, 0xa0, 0x03, 0x02, 0x01, \ 0x02, 0x02, 0x09, 0x00, 0xc1, 0x43, 0xe2, 0x7e, 0x62, 0x43, 0xcc, 0xe8, \ @@ -76,8 +76,8 @@ } /* END FILE */ -/* This is taken from test-ca2.key.enc. */ -/* BEGIN FILE string macro TEST_CA_KEY_EC_PEM test-ca2.key.enc */ +/* This is taken from data_files/test-ca2.key.enc. */ +/* BEGIN FILE string macro TEST_CA_KEY_EC_PEM data_files/test-ca2.key.enc */ #define TEST_CA_KEY_EC_PEM \ "-----BEGIN EC PRIVATE KEY-----\r\n" \ "Proc-Type: 4,ENCRYPTED\r\n" \ @@ -92,8 +92,8 @@ #define TEST_CA_PWD_EC_PEM "PolarSSLTest" -/* This is generated from test-ca2.key.der. */ -/* BEGIN FILE binary macro TEST_CA_KEY_EC_DER test-ca2.key.der */ +/* This is generated from data_files/test-ca2.key.der. */ +/* BEGIN FILE binary macro TEST_CA_KEY_EC_DER data_files/test-ca2.key.der */ #define TEST_CA_KEY_EC_DER { \ 0x30, 0x81, 0xa4, 0x02, 0x01, 0x01, 0x04, 0x30, 0x83, 0xd9, 0x15, 0x0e, \ 0xa0, 0x71, 0xf0, 0x57, 0x10, 0x33, 0xa3, 0x38, 0xb8, 0x86, 0xc1, 0xa6, \ @@ -112,8 +112,8 @@ } /* END FILE */ -/* This is taken from test-ca-sha256.crt. */ -/* BEGIN FILE string macro TEST_CA_CRT_RSA_SHA256_PEM test-ca-sha256.crt */ +/* This is taken from data_files/test-ca-sha256.crt. */ +/* BEGIN FILE string macro TEST_CA_CRT_RSA_SHA256_PEM data_files/test-ca-sha256.crt */ #define TEST_CA_CRT_RSA_SHA256_PEM \ "-----BEGIN CERTIFICATE-----\r\n" \ "MIIDQTCCAimgAwIBAgIBAzANBgkqhkiG9w0BAQsFADA7MQswCQYDVQQGEwJOTDER\r\n" \ @@ -137,8 +137,8 @@ "-----END CERTIFICATE-----\r\n" /* END FILE */ -/* This is generated from test-ca-sha256.crt.der. */ -/* BEGIN FILE binary macro TEST_CA_CRT_RSA_SHA256_DER test-ca-sha256.crt.der */ +/* This is generated from data_files/test-ca-sha256.crt.der. */ +/* BEGIN FILE binary macro TEST_CA_CRT_RSA_SHA256_DER data_files/test-ca-sha256.crt.der */ #define TEST_CA_CRT_RSA_SHA256_DER { \ 0x30, 0x82, 0x03, 0x41, 0x30, 0x82, 0x02, 0x29, 0xa0, 0x03, 0x02, 0x01, \ 0x02, 0x02, 0x01, 0x03, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, \ @@ -213,8 +213,8 @@ } /* END FILE */ -/* This is taken from test-ca-sha1.crt. */ -/* BEGIN FILE string macro TEST_CA_CRT_RSA_SHA1_PEM test-ca-sha1.crt */ +/* This is taken from data_files/test-ca-sha1.crt. */ +/* BEGIN FILE string macro TEST_CA_CRT_RSA_SHA1_PEM data_files/test-ca-sha1.crt */ #define TEST_CA_CRT_RSA_SHA1_PEM \ "-----BEGIN CERTIFICATE-----\r\n" \ "MIIDQTCCAimgAwIBAgIBAzANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER\r\n" \ @@ -238,8 +238,8 @@ "-----END CERTIFICATE-----\r\n" /* END FILE */ -/* This is generated from test-ca-sha1.crt.der. */ -/* BEGIN FILE binary macro TEST_CA_CRT_RSA_SHA1_DER test-ca-sha1.crt.der */ +/* This is generated from data_files/test-ca-sha1.crt.der. */ +/* BEGIN FILE binary macro TEST_CA_CRT_RSA_SHA1_DER data_files/test-ca-sha1.crt.der */ #define TEST_CA_CRT_RSA_SHA1_DER { \ 0x30, 0x82, 0x03, 0x41, 0x30, 0x82, 0x02, 0x29, 0xa0, 0x03, 0x02, 0x01, \ 0x02, 0x02, 0x01, 0x03, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, \ @@ -314,8 +314,8 @@ } /* END FILE */ -/* This is taken from test-ca.key. */ -/* BEGIN FILE string macro TEST_CA_KEY_RSA_PEM test-ca.key */ +/* This is taken from data_files/test-ca.key. */ +/* BEGIN FILE string macro TEST_CA_KEY_RSA_PEM data_files/test-ca.key */ #define TEST_CA_KEY_RSA_PEM \ "-----BEGIN RSA PRIVATE KEY-----\r\n" \ "Proc-Type: 4,ENCRYPTED\r\n" \ @@ -351,8 +351,8 @@ #define TEST_CA_PWD_RSA_PEM "PolarSSLTest" -/* This is generated from test-ca.key.der. */ -/* BEGIN FILE binary macro TEST_CA_KEY_RSA_DER test-ca.key.der */ +/* This is generated from data_files/test-ca.key.der. */ +/* BEGIN FILE binary macro TEST_CA_KEY_RSA_DER data_files/test-ca.key.der */ #define TEST_CA_KEY_RSA_DER { \ 0x30, 0x82, 0x04, 0xa4, 0x02, 0x01, 0x00, 0x02, 0x82, 0x01, 0x01, 0x00, \ 0xc0, 0xdf, 0x37, 0xfc, 0x17, 0xbb, 0xe0, 0x96, 0x9d, 0x3f, 0x86, 0xde, \ @@ -457,8 +457,8 @@ } /* END FILE */ -/* This is taken from server5.crt. */ -/* BEGIN FILE string macro TEST_SRV_CRT_EC_PEM server5.crt */ +/* This is taken from data_files/server5.crt. */ +/* BEGIN FILE string macro TEST_SRV_CRT_EC_PEM data_files/server5.crt */ #define TEST_SRV_CRT_EC_PEM \ "-----BEGIN CERTIFICATE-----\r\n" \ "MIICIDCCAaWgAwIBAgIBCTAKBggqhkjOPQQDAjA+MQswCQYDVQQGEwJOTDERMA8G\r\n" \ @@ -476,8 +476,8 @@ "-----END CERTIFICATE-----\r\n" /* END FILE */ -/* This is generated from server5.crt.der. */ -/* BEGIN FILE binary macro TEST_SRV_CRT_EC_DER server5.crt.der */ +/* This is generated from data_files/server5.crt.der. */ +/* BEGIN FILE binary macro TEST_SRV_CRT_EC_DER data_files/server5.crt.der */ #define TEST_SRV_CRT_EC_DER { \ 0x30, 0x82, 0x02, 0x20, 0x30, 0x82, 0x01, 0xa5, 0xa0, 0x03, 0x02, 0x01, \ 0x02, 0x02, 0x01, 0x09, 0x30, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, \ @@ -528,8 +528,8 @@ } /* END FILE */ -/* This is taken from server5.key. */ -/* BEGIN FILE string macro TEST_SRV_KEY_EC_PEM server5.key */ +/* This is taken from data_files/server5.key. */ +/* BEGIN FILE string macro TEST_SRV_KEY_EC_PEM data_files/server5.key */ #define TEST_SRV_KEY_EC_PEM \ "-----BEGIN EC PRIVATE KEY-----\r\n" \ "MHcCAQEEIPEqEyB2AnCoPL/9U/YDHvdqXYbIogTywwyp6/UfDw6noAoGCCqGSM49\r\n" \ @@ -538,8 +538,8 @@ "-----END EC PRIVATE KEY-----\r\n" /* END FILE */ -/* This is generated from server5.key.der. */ -/* BEGIN FILE binary macro TEST_SRV_KEY_EC_DER server5.key.der */ +/* This is generated from data_files/server5.key.der. */ +/* BEGIN FILE binary macro TEST_SRV_KEY_EC_DER data_files/server5.key.der */ #define TEST_SRV_KEY_EC_DER { \ 0x30, 0x77, 0x02, 0x01, 0x01, 0x04, 0x20, 0xf1, 0x2a, 0x13, 0x20, 0x76, \ 0x02, 0x70, 0xa8, 0x3c, 0xbf, 0xfd, 0x53, 0xf6, 0x03, 0x1e, 0xf7, 0x6a, \ @@ -555,8 +555,8 @@ } /* END FILE */ -/* This is taken from server2-sha256.crt. */ -/* BEGIN FILE string macro TEST_SRV_CRT_RSA_SHA256_PEM server2-sha256.crt */ +/* This is taken from data_files/server2-sha256.crt. */ +/* BEGIN FILE string macro TEST_SRV_CRT_RSA_SHA256_PEM data_files/server2-sha256.crt */ #define TEST_SRV_CRT_RSA_SHA256_PEM \ "-----BEGIN CERTIFICATE-----\r\n" \ "MIIDNzCCAh+gAwIBAgIBAjANBgkqhkiG9w0BAQsFADA7MQswCQYDVQQGEwJOTDER\r\n" \ @@ -580,8 +580,8 @@ "-----END CERTIFICATE-----\r\n" /* END FILE */ -/* This is generated from server2-sha256.crt.der. */ -/* BEGIN FILE binary macro TEST_SRV_CRT_RSA_SHA256_DER server2-sha256.crt.der */ +/* This is generated from data_files/server2-sha256.crt.der. */ +/* BEGIN FILE binary macro TEST_SRV_CRT_RSA_SHA256_DER data_files/server2-sha256.crt.der */ #define TEST_SRV_CRT_RSA_SHA256_DER { \ 0x30, 0x82, 0x03, 0x37, 0x30, 0x82, 0x02, 0x1f, 0xa0, 0x03, 0x02, 0x01, \ 0x02, 0x02, 0x01, 0x02, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, \ @@ -655,8 +655,8 @@ } /* END FILE */ -/* This is taken from server2.crt. */ -/* BEGIN FILE string macro TEST_SRV_CRT_RSA_SHA1_PEM server2.crt */ +/* This is taken from data_files/server2.crt. */ +/* BEGIN FILE string macro TEST_SRV_CRT_RSA_SHA1_PEM data_files/server2.crt */ #define TEST_SRV_CRT_RSA_SHA1_PEM \ "-----BEGIN CERTIFICATE-----\r\n" \ "MIIDNzCCAh+gAwIBAgIBAjANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER\r\n" \ @@ -680,8 +680,8 @@ "-----END CERTIFICATE-----\r\n" /* END FILE */ -/* This is generated from server2.crt.der. */ -/* BEGIN FILE binary macro TEST_SRV_CRT_RSA_SHA1_DER server2.crt.der */ +/* This is generated from data_files/server2.crt.der. */ +/* BEGIN FILE binary macro TEST_SRV_CRT_RSA_SHA1_DER data_files/server2.crt.der */ #define TEST_SRV_CRT_RSA_SHA1_DER { \ 0x30, 0x82, 0x03, 0x37, 0x30, 0x82, 0x02, 0x1f, 0xa0, 0x03, 0x02, 0x01, \ 0x02, 0x02, 0x01, 0x02, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, \ @@ -755,8 +755,8 @@ } /* END FILE */ -/* This is taken from server2.key. */ -/* BEGIN FILE string macro TEST_SRV_KEY_RSA_PEM server2.key */ +/* This is taken from data_files/server2.key. */ +/* BEGIN FILE string macro TEST_SRV_KEY_RSA_PEM data_files/server2.key */ #define TEST_SRV_KEY_RSA_PEM \ "-----BEGIN RSA PRIVATE KEY-----\r\n" \ "MIIEpAIBAAKCAQEAwU2j3efNHdEE10lyuJmsDnjkOjxKzzoTFtBa5M2jAIin7h5r\r\n" \ @@ -787,8 +787,8 @@ "-----END RSA PRIVATE KEY-----\r\n" /* END FILE */ -/* This is generated from server2.key.der. */ -/* BEGIN FILE binary macro TEST_SRV_KEY_RSA_DER server2.key.der */ +/* This is generated from data_files/server2.key.der. */ +/* BEGIN FILE binary macro TEST_SRV_KEY_RSA_DER data_files/server2.key.der */ #define TEST_SRV_KEY_RSA_DER { \ 0x30, 0x82, 0x04, 0xa4, 0x02, 0x01, 0x00, 0x02, 0x82, 0x01, 0x01, 0x00, \ 0xc1, 0x4d, 0xa3, 0xdd, 0xe7, 0xcd, 0x1d, 0xd1, 0x04, 0xd7, 0x49, 0x72, \ @@ -893,8 +893,8 @@ } /* END FILE */ -/* This is taken from cli2.crt. */ -/* BEGIN FILE string macro TEST_CLI_CRT_EC_PEM cli2.crt */ +/* This is taken from data_files/cli2.crt. */ +/* BEGIN FILE string macro TEST_CLI_CRT_EC_PEM data_files/cli2.crt */ #define TEST_CLI_CRT_EC_PEM \ "-----BEGIN CERTIFICATE-----\r\n" \ "MIIB3zCCAWOgAwIBAgIBDTAMBggqhkjOPQQDAgUAMD4xCzAJBgNVBAYTAk5MMREw\r\n" \ @@ -911,8 +911,8 @@ "-----END CERTIFICATE-----\r\n" /* END FILE */ -/* This is generated from cli2.crt.der. */ -/* BEGIN FILE binary macro TEST_CLI_CRT_EC_DER cli2.crt.der */ +/* This is generated from data_files/cli2.crt.der. */ +/* BEGIN FILE binary macro TEST_CLI_CRT_EC_DER data_files/cli2.crt.der */ #define TEST_CLI_CRT_EC_DER { \ 0x30, 0x82, 0x01, 0xdf, 0x30, 0x82, 0x01, 0x63, 0xa0, 0x03, 0x02, 0x01, \ 0x02, 0x02, 0x01, 0x0d, 0x30, 0x0c, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, \ @@ -958,8 +958,8 @@ } /* END FILE */ -/* This is taken from cli2.key. */ -/* BEGIN FILE string macro TEST_CLI_KEY_EC_PEM cli2.key */ +/* This is taken from data_files/cli2.key. */ +/* BEGIN FILE string macro TEST_CLI_KEY_EC_PEM data_files/cli2.key */ #define TEST_CLI_KEY_EC_PEM \ "-----BEGIN EC PRIVATE KEY-----\r\n" \ "MHcCAQEEIPb3hmTxZ3/mZI3vyk7p3U3wBf+WIop6hDhkFzJhmLcqoAoGCCqGSM49\r\n" \ @@ -968,8 +968,8 @@ "-----END EC PRIVATE KEY-----\r\n" /* END FILE */ -/* This is generated from cli2.key.der. */ -/* BEGIN FILE binary macro TEST_CLI_KEY_EC_DER cli2.key.der */ +/* This is generated from data_files/cli2.key.der. */ +/* BEGIN FILE binary macro TEST_CLI_KEY_EC_DER data_files/cli2.key.der */ #define TEST_CLI_KEY_EC_DER { \ 0x30, 0x77, 0x02, 0x01, 0x01, 0x04, 0x20, 0xf6, 0xf7, 0x86, 0x64, 0xf1, \ 0x67, 0x7f, 0xe6, 0x64, 0x8d, 0xef, 0xca, 0x4e, 0xe9, 0xdd, 0x4d, 0xf0, \ @@ -985,8 +985,8 @@ } /* END FILE */ -/* This is taken from cli-rsa-sha256.crt. */ -/* BEGIN FILE string macro TEST_CLI_CRT_RSA_PEM cli-rsa-sha256.crt */ +/* This is taken from data_files/cli-rsa-sha256.crt. */ +/* BEGIN FILE string macro TEST_CLI_CRT_RSA_PEM data_files/cli-rsa-sha256.crt */ #define TEST_CLI_CRT_RSA_PEM \ "-----BEGIN CERTIFICATE-----\r\n" \ "MIIDPzCCAiegAwIBAgIBBDANBgkqhkiG9w0BAQsFADA7MQswCQYDVQQGEwJOTDER\r\n" \ @@ -1010,8 +1010,8 @@ "-----END CERTIFICATE-----\r\n" /* END FILE */ -/* This is generated from cli-rsa-sha256.crt.der. */ -/* BEGIN FILE binary macro TEST_CLI_CRT_RSA_DER cli-rsa-sha256.crt.der */ +/* This is generated from data_files/cli-rsa-sha256.crt.der. */ +/* BEGIN FILE binary macro TEST_CLI_CRT_RSA_DER data_files/cli-rsa-sha256.crt.der */ #define TEST_CLI_CRT_RSA_DER { \ 0x30, 0x82, 0x03, 0x3f, 0x30, 0x82, 0x02, 0x27, 0xa0, 0x03, 0x02, 0x01, \ 0x02, 0x02, 0x01, 0x04, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, \ @@ -1086,8 +1086,8 @@ } /* END FILE */ -/* This is taken from cli-rsa.key. */ -/* BEGIN FILE string macro TEST_CLI_KEY_RSA_PEM cli-rsa.key */ +/* This is taken from data_files/cli-rsa.key. */ +/* BEGIN FILE string macro TEST_CLI_KEY_RSA_PEM data_files/cli-rsa.key */ #define TEST_CLI_KEY_RSA_PEM \ "-----BEGIN RSA PRIVATE KEY-----\r\n" \ "MIIEpAIBAAKCAQEAyHTEzLn5tXnpRdkUYLB9u5Pyax6fM60Nj4o8VmXl3ETZzGaF\r\n" \ @@ -1118,8 +1118,8 @@ "-----END RSA PRIVATE KEY-----\r\n" /* END FILE */ -/* This is generated from cli-rsa.key.der. */ -/* BEGIN FILE binary macro TEST_CLI_KEY_RSA_DER cli-rsa.key.der */ +/* This is generated from data_files/cli-rsa.key.der. */ +/* BEGIN FILE binary macro TEST_CLI_KEY_RSA_DER data_files/cli-rsa.key.der */ #define TEST_CLI_KEY_RSA_DER { \ 0x30, 0x82, 0x04, 0xa4, 0x02, 0x01, 0x00, 0x02, 0x82, 0x01, 0x01, 0x00, \ 0xc8, 0x74, 0xc4, 0xcc, 0xb9, 0xf9, 0xb5, 0x79, 0xe9, 0x45, 0xd9, 0x14, \ From b0a524f4bf52245dd45253a4d31aad838a24e94c Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Wed, 10 Apr 2024 06:16:21 +0200 Subject: [PATCH 147/429] tests: remove test_certs.h and test_keys.h as they are auto-generated Signed-off-by: Valerio Setti --- tests/src/test_certs.h | 1226 ---------------------------------------- tests/src/test_keys.h | 799 -------------------------- 2 files changed, 2025 deletions(-) delete mode 100644 tests/src/test_certs.h delete mode 100644 tests/src/test_keys.h diff --git a/tests/src/test_certs.h b/tests/src/test_certs.h deleted file mode 100644 index 856d89960a..0000000000 --- a/tests/src/test_certs.h +++ /dev/null @@ -1,1226 +0,0 @@ -/* - * X.509 test certificates - * - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -/* THIS FILE is generated by `tests/scripts/generate_test_cert_macros.py` */ -/* *INDENT-OFF* */ - -/* This is taken from data_files/test-ca2.crt. */ -/* BEGIN FILE string macro TEST_CA_CRT_EC_PEM data_files/test-ca2.crt */ -#define TEST_CA_CRT_EC_PEM \ - "-----BEGIN CERTIFICATE-----\r\n" \ - "MIICBzCCAYugAwIBAgIJAMFD4n5iQ8zoMAwGCCqGSM49BAMCBQAwPjELMAkGA1UE\r\n" \ - "BhMCTkwxETAPBgNVBAoMCFBvbGFyU1NMMRwwGgYDVQQDDBNQb2xhcnNzbCBUZXN0\r\n" \ - "IEVDIENBMB4XDTE5MDIxMDE0NDQwMFoXDTI5MDIxMDE0NDQwMFowPjELMAkGA1UE\r\n" \ - "BhMCTkwxETAPBgNVBAoMCFBvbGFyU1NMMRwwGgYDVQQDDBNQb2xhcnNzbCBUZXN0\r\n" \ - "IEVDIENBMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEw9orNEE3WC+HVv78ibopQ0tO\r\n" \ - "4G7DDldTMzlY1FK0kZU5CyPfXxckYkj8GpUpziwth8KIUoCv1mqrId240xxuWLjK\r\n" \ - "6LJpjvNBrSnDtF91p0dv1RkpVWmaUzsgtGYWYDMeo1MwUTAPBgNVHRMBAf8EBTAD\r\n" \ - "AQH/MB0GA1UdDgQWBBSdbSAkSQE/K8t4tRm8fiTJ2/s2fDAfBgNVHSMEGDAWgBSd\r\n" \ - "bSAkSQE/K8t4tRm8fiTJ2/s2fDAMBggqhkjOPQQDAgUAA2gAMGUCMQDpNWfBIlzq\r\n" \ - "6xV2UwQD/1YGz9fQUM7AfNKzVa2PVBpf/QD1TAylTYTF4GI6qlb6EPYCMF/YVa29\r\n" \ - "N5yC1mFAir19jb9Pl9iiIkRm17dM4y6m5VIMepEPm/VlWAa8H5p1+BPbGw==\r\n" \ - "-----END CERTIFICATE-----\r\n" -/* END FILE */ - -/* This is generated from data_files/test-ca2.crt.der. */ -/* BEGIN FILE binary macro TEST_CA_CRT_EC_DER data_files/test-ca2.crt.der */ -#define TEST_CA_CRT_EC_DER { \ - 0x30, 0x82, 0x02, 0x07, 0x30, 0x82, 0x01, 0x8b, 0xa0, 0x03, 0x02, 0x01, \ - 0x02, 0x02, 0x09, 0x00, 0xc1, 0x43, 0xe2, 0x7e, 0x62, 0x43, 0xcc, 0xe8, \ - 0x30, 0x0c, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, 0x03, 0x02, \ - 0x05, 0x00, 0x30, 0x3e, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, \ - 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, 0x30, 0x0f, 0x06, 0x03, 0x55, \ - 0x04, 0x0a, 0x0c, 0x08, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, 0x53, 0x4c, \ - 0x31, 0x1c, 0x30, 0x1a, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x13, 0x50, \ - 0x6f, 0x6c, 0x61, 0x72, 0x73, 0x73, 0x6c, 0x20, 0x54, 0x65, 0x73, 0x74, \ - 0x20, 0x45, 0x43, 0x20, 0x43, 0x41, 0x30, 0x1e, 0x17, 0x0d, 0x31, 0x39, \ - 0x30, 0x32, 0x31, 0x30, 0x31, 0x34, 0x34, 0x34, 0x30, 0x30, 0x5a, 0x17, \ - 0x0d, 0x32, 0x39, 0x30, 0x32, 0x31, 0x30, 0x31, 0x34, 0x34, 0x34, 0x30, \ - 0x30, 0x5a, 0x30, 0x3e, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, \ - 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, 0x30, 0x0f, 0x06, 0x03, 0x55, \ - 0x04, 0x0a, 0x0c, 0x08, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, 0x53, 0x4c, \ - 0x31, 0x1c, 0x30, 0x1a, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x13, 0x50, \ - 0x6f, 0x6c, 0x61, 0x72, 0x73, 0x73, 0x6c, 0x20, 0x54, 0x65, 0x73, 0x74, \ - 0x20, 0x45, 0x43, 0x20, 0x43, 0x41, 0x30, 0x76, 0x30, 0x10, 0x06, 0x07, \ - 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, \ - 0x00, 0x22, 0x03, 0x62, 0x00, 0x04, 0xc3, 0xda, 0x2b, 0x34, 0x41, 0x37, \ - 0x58, 0x2f, 0x87, 0x56, 0xfe, 0xfc, 0x89, 0xba, 0x29, 0x43, 0x4b, 0x4e, \ - 0xe0, 0x6e, 0xc3, 0x0e, 0x57, 0x53, 0x33, 0x39, 0x58, 0xd4, 0x52, 0xb4, \ - 0x91, 0x95, 0x39, 0x0b, 0x23, 0xdf, 0x5f, 0x17, 0x24, 0x62, 0x48, 0xfc, \ - 0x1a, 0x95, 0x29, 0xce, 0x2c, 0x2d, 0x87, 0xc2, 0x88, 0x52, 0x80, 0xaf, \ - 0xd6, 0x6a, 0xab, 0x21, 0xdd, 0xb8, 0xd3, 0x1c, 0x6e, 0x58, 0xb8, 0xca, \ - 0xe8, 0xb2, 0x69, 0x8e, 0xf3, 0x41, 0xad, 0x29, 0xc3, 0xb4, 0x5f, 0x75, \ - 0xa7, 0x47, 0x6f, 0xd5, 0x19, 0x29, 0x55, 0x69, 0x9a, 0x53, 0x3b, 0x20, \ - 0xb4, 0x66, 0x16, 0x60, 0x33, 0x1e, 0xa3, 0x53, 0x30, 0x51, 0x30, 0x0f, \ - 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01, 0x01, 0xff, 0x04, 0x05, 0x30, 0x03, \ - 0x01, 0x01, 0xff, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, \ - 0x04, 0x14, 0x9d, 0x6d, 0x20, 0x24, 0x49, 0x01, 0x3f, 0x2b, 0xcb, 0x78, \ - 0xb5, 0x19, 0xbc, 0x7e, 0x24, 0xc9, 0xdb, 0xfb, 0x36, 0x7c, 0x30, 0x1f, \ - 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, 0x14, 0x9d, \ - 0x6d, 0x20, 0x24, 0x49, 0x01, 0x3f, 0x2b, 0xcb, 0x78, 0xb5, 0x19, 0xbc, \ - 0x7e, 0x24, 0xc9, 0xdb, 0xfb, 0x36, 0x7c, 0x30, 0x0c, 0x06, 0x08, 0x2a, \ - 0x86, 0x48, 0xce, 0x3d, 0x04, 0x03, 0x02, 0x05, 0x00, 0x03, 0x68, 0x00, \ - 0x30, 0x65, 0x02, 0x31, 0x00, 0xe9, 0x35, 0x67, 0xc1, 0x22, 0x5c, 0xea, \ - 0xeb, 0x15, 0x76, 0x53, 0x04, 0x03, 0xff, 0x56, 0x06, 0xcf, 0xd7, 0xd0, \ - 0x50, 0xce, 0xc0, 0x7c, 0xd2, 0xb3, 0x55, 0xad, 0x8f, 0x54, 0x1a, 0x5f, \ - 0xfd, 0x00, 0xf5, 0x4c, 0x0c, 0xa5, 0x4d, 0x84, 0xc5, 0xe0, 0x62, 0x3a, \ - 0xaa, 0x56, 0xfa, 0x10, 0xf6, 0x02, 0x30, 0x5f, 0xd8, 0x55, 0xad, 0xbd, \ - 0x37, 0x9c, 0x82, 0xd6, 0x61, 0x40, 0x8a, 0xbd, 0x7d, 0x8d, 0xbf, 0x4f, \ - 0x97, 0xd8, 0xa2, 0x22, 0x44, 0x66, 0xd7, 0xb7, 0x4c, 0xe3, 0x2e, 0xa6, \ - 0xe5, 0x52, 0x0c, 0x7a, 0x91, 0x0f, 0x9b, 0xf5, 0x65, 0x58, 0x06, 0xbc, \ - 0x1f, 0x9a, 0x75, 0xf8, 0x13, 0xdb, 0x1b \ -} -/* END FILE */ - -/* This is taken from data_files/test-ca2.key.enc. */ -/* BEGIN FILE string macro TEST_CA_KEY_EC_PEM data_files/test-ca2.key.enc */ -#define TEST_CA_KEY_EC_PEM \ - "-----BEGIN EC PRIVATE KEY-----\r\n" \ - "Proc-Type: 4,ENCRYPTED\r\n" \ - "DEK-Info: DES-EDE3-CBC,307EAB469933D64E\r\n" \ - "\r\n" \ - "IxbrRmKcAzctJqPdTQLA4SWyBYYGYJVkYEna+F7Pa5t5Yg/gKADrFKcm6B72e7DG\r\n" \ - "ihExtZI648s0zdYw6qSJ74vrPSuWDe5qm93BqsfVH9svtCzWHW0pm1p0KTBCFfUq\r\n" \ - "UsuWTITwJImcnlAs1gaRZ3sAWm7cOUidL0fo2G0fYUFNcYoCSLffCFTEHBuPnagb\r\n" \ - "a77x/sY1Bvii8S9/XhDTb6pTMx06wzrm\r\n" \ - "-----END EC PRIVATE KEY-----\r\n" -/* END FILE */ - -#define TEST_CA_PWD_EC_PEM "PolarSSLTest" - -/* This is generated from data_files/test-ca2.key.der. */ -/* BEGIN FILE binary macro TEST_CA_KEY_EC_DER data_files/test-ca2.key.der */ -#define TEST_CA_KEY_EC_DER { \ - 0x30, 0x81, 0xa4, 0x02, 0x01, 0x01, 0x04, 0x30, 0x83, 0xd9, 0x15, 0x0e, \ - 0xa0, 0x71, 0xf0, 0x57, 0x10, 0x33, 0xa3, 0x38, 0xb8, 0x86, 0xc1, 0xa6, \ - 0x11, 0x5d, 0x6d, 0xb4, 0x03, 0xe1, 0x29, 0x76, 0x45, 0xd7, 0x87, 0x6f, \ - 0x23, 0xab, 0x44, 0x20, 0xea, 0x64, 0x7b, 0x85, 0xb1, 0x76, 0xe7, 0x85, \ - 0x95, 0xaa, 0x74, 0xd6, 0xd1, 0xa4, 0x5e, 0xea, 0xa0, 0x07, 0x06, 0x05, \ - 0x2b, 0x81, 0x04, 0x00, 0x22, 0xa1, 0x64, 0x03, 0x62, 0x00, 0x04, 0xc3, \ - 0xda, 0x2b, 0x34, 0x41, 0x37, 0x58, 0x2f, 0x87, 0x56, 0xfe, 0xfc, 0x89, \ - 0xba, 0x29, 0x43, 0x4b, 0x4e, 0xe0, 0x6e, 0xc3, 0x0e, 0x57, 0x53, 0x33, \ - 0x39, 0x58, 0xd4, 0x52, 0xb4, 0x91, 0x95, 0x39, 0x0b, 0x23, 0xdf, 0x5f, \ - 0x17, 0x24, 0x62, 0x48, 0xfc, 0x1a, 0x95, 0x29, 0xce, 0x2c, 0x2d, 0x87, \ - 0xc2, 0x88, 0x52, 0x80, 0xaf, 0xd6, 0x6a, 0xab, 0x21, 0xdd, 0xb8, 0xd3, \ - 0x1c, 0x6e, 0x58, 0xb8, 0xca, 0xe8, 0xb2, 0x69, 0x8e, 0xf3, 0x41, 0xad, \ - 0x29, 0xc3, 0xb4, 0x5f, 0x75, 0xa7, 0x47, 0x6f, 0xd5, 0x19, 0x29, 0x55, \ - 0x69, 0x9a, 0x53, 0x3b, 0x20, 0xb4, 0x66, 0x16, 0x60, 0x33, 0x1e \ -} -/* END FILE */ - -/* This is taken from data_files/test-ca-sha256.crt. */ -/* BEGIN FILE string macro TEST_CA_CRT_RSA_SHA256_PEM data_files/test-ca-sha256.crt */ -#define TEST_CA_CRT_RSA_SHA256_PEM \ - "-----BEGIN CERTIFICATE-----\r\n" \ - "MIIDQTCCAimgAwIBAgIBAzANBgkqhkiG9w0BAQsFADA7MQswCQYDVQQGEwJOTDER\r\n" \ - "MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN\r\n" \ - "MTkwMjEwMTQ0NDAwWhcNMjkwMjEwMTQ0NDAwWjA7MQswCQYDVQQGEwJOTDERMA8G\r\n" \ - "A1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwggEiMA0G\r\n" \ - "CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDA3zf8F7vglp0/ht6WMn1EpRagzSHx\r\n" \ - "mdTs6st8GFgIlKXsm8WL3xoemTiZhx57wI053zhdcHgH057Zk+i5clHFzqMwUqny\r\n" \ - "50BwFMtEonILwuVA+T7lpg6z+exKY8C4KQB0nFc7qKUEkHHxvYPZP9al4jwqj+8n\r\n" \ - "YMPGn8u67GB9t+aEMr5P+1gmIgNb1LTV+/Xjli5wwOQuvfwu7uJBVcA0Ln0kcmnL\r\n" \ - "R7EUQIN9Z/SG9jGr8XmksrUuEvmEF/Bibyc+E1ixVA0hmnM3oTDPb5Lc9un8rNsu\r\n" \ - "KNF+AksjoBXyOGVkCeoMbo4bF6BxyLObyavpw/LPh5aPgAIynplYb6LVAgMBAAGj\r\n" \ - "UDBOMAwGA1UdEwQFMAMBAf8wHQYDVR0OBBYEFLRa5KWz3tJS9rnVppUP6z68x/3/\r\n" \ - "MB8GA1UdIwQYMBaAFLRa5KWz3tJS9rnVppUP6z68x/3/MA0GCSqGSIb3DQEBCwUA\r\n" \ - "A4IBAQA4qFSCth2q22uJIdE4KGHJsJjVEfw2/xn+MkTvCMfxVrvmRvqCtjE4tKDl\r\n" \ - "oK4MxFOek07oDZwvtAT9ijn1hHftTNS7RH9zd/fxNpfcHnMZXVC4w4DNA1fSANtW\r\n" \ - "5sY1JB5Je9jScrsLSS+mAjyv0Ow3Hb2Bix8wu7xNNrV5fIf7Ubm+wt6SqEBxu3Kb\r\n" \ - "+EfObAT4huf3czznhH3C17ed6NSbXwoXfby7stWUDeRJv08RaFOykf/Aae7bY5PL\r\n" \ - "yTVrkAnikMntJ9YI+hNNYt3inqq11A5cN0+rVTst8UKCxzQ4GpvroSwPKTFkbMw4\r\n" \ - "/anT1dVxr/BtwJfiESoK3/4CeXR1\r\n" \ - "-----END CERTIFICATE-----\r\n" -/* END FILE */ - -/* This is generated from data_files/test-ca-sha256.crt.der. */ -/* BEGIN FILE binary macro TEST_CA_CRT_RSA_SHA256_DER data_files/test-ca-sha256.crt.der */ -#define TEST_CA_CRT_RSA_SHA256_DER { \ - 0x30, 0x82, 0x03, 0x41, 0x30, 0x82, 0x02, 0x29, 0xa0, 0x03, 0x02, 0x01, \ - 0x02, 0x02, 0x01, 0x03, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, \ - 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x30, 0x3b, 0x31, 0x0b, 0x30, \ - 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, \ - 0x30, 0x0f, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x08, 0x50, 0x6f, 0x6c, \ - 0x61, 0x72, 0x53, 0x53, 0x4c, 0x31, 0x19, 0x30, 0x17, 0x06, 0x03, 0x55, \ - 0x04, 0x03, 0x0c, 0x10, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, 0x53, 0x4c, \ - 0x20, 0x54, 0x65, 0x73, 0x74, 0x20, 0x43, 0x41, 0x30, 0x1e, 0x17, 0x0d, \ - 0x31, 0x39, 0x30, 0x32, 0x31, 0x30, 0x31, 0x34, 0x34, 0x34, 0x30, 0x30, \ - 0x5a, 0x17, 0x0d, 0x32, 0x39, 0x30, 0x32, 0x31, 0x30, 0x31, 0x34, 0x34, \ - 0x34, 0x30, 0x30, 0x5a, 0x30, 0x3b, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, \ - 0x55, 0x04, 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, 0x30, 0x0f, 0x06, \ - 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x08, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, \ - 0x53, 0x4c, 0x31, 0x19, 0x30, 0x17, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, \ - 0x10, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, 0x53, 0x4c, 0x20, 0x54, 0x65, \ - 0x73, 0x74, 0x20, 0x43, 0x41, 0x30, 0x82, 0x01, 0x22, 0x30, 0x0d, 0x06, \ - 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, \ - 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30, 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, \ - 0x01, 0x00, 0xc0, 0xdf, 0x37, 0xfc, 0x17, 0xbb, 0xe0, 0x96, 0x9d, 0x3f, \ - 0x86, 0xde, 0x96, 0x32, 0x7d, 0x44, 0xa5, 0x16, 0xa0, 0xcd, 0x21, 0xf1, \ - 0x99, 0xd4, 0xec, 0xea, 0xcb, 0x7c, 0x18, 0x58, 0x08, 0x94, 0xa5, 0xec, \ - 0x9b, 0xc5, 0x8b, 0xdf, 0x1a, 0x1e, 0x99, 0x38, 0x99, 0x87, 0x1e, 0x7b, \ - 0xc0, 0x8d, 0x39, 0xdf, 0x38, 0x5d, 0x70, 0x78, 0x07, 0xd3, 0x9e, 0xd9, \ - 0x93, 0xe8, 0xb9, 0x72, 0x51, 0xc5, 0xce, 0xa3, 0x30, 0x52, 0xa9, 0xf2, \ - 0xe7, 0x40, 0x70, 0x14, 0xcb, 0x44, 0xa2, 0x72, 0x0b, 0xc2, 0xe5, 0x40, \ - 0xf9, 0x3e, 0xe5, 0xa6, 0x0e, 0xb3, 0xf9, 0xec, 0x4a, 0x63, 0xc0, 0xb8, \ - 0x29, 0x00, 0x74, 0x9c, 0x57, 0x3b, 0xa8, 0xa5, 0x04, 0x90, 0x71, 0xf1, \ - 0xbd, 0x83, 0xd9, 0x3f, 0xd6, 0xa5, 0xe2, 0x3c, 0x2a, 0x8f, 0xef, 0x27, \ - 0x60, 0xc3, 0xc6, 0x9f, 0xcb, 0xba, 0xec, 0x60, 0x7d, 0xb7, 0xe6, 0x84, \ - 0x32, 0xbe, 0x4f, 0xfb, 0x58, 0x26, 0x22, 0x03, 0x5b, 0xd4, 0xb4, 0xd5, \ - 0xfb, 0xf5, 0xe3, 0x96, 0x2e, 0x70, 0xc0, 0xe4, 0x2e, 0xbd, 0xfc, 0x2e, \ - 0xee, 0xe2, 0x41, 0x55, 0xc0, 0x34, 0x2e, 0x7d, 0x24, 0x72, 0x69, 0xcb, \ - 0x47, 0xb1, 0x14, 0x40, 0x83, 0x7d, 0x67, 0xf4, 0x86, 0xf6, 0x31, 0xab, \ - 0xf1, 0x79, 0xa4, 0xb2, 0xb5, 0x2e, 0x12, 0xf9, 0x84, 0x17, 0xf0, 0x62, \ - 0x6f, 0x27, 0x3e, 0x13, 0x58, 0xb1, 0x54, 0x0d, 0x21, 0x9a, 0x73, 0x37, \ - 0xa1, 0x30, 0xcf, 0x6f, 0x92, 0xdc, 0xf6, 0xe9, 0xfc, 0xac, 0xdb, 0x2e, \ - 0x28, 0xd1, 0x7e, 0x02, 0x4b, 0x23, 0xa0, 0x15, 0xf2, 0x38, 0x65, 0x64, \ - 0x09, 0xea, 0x0c, 0x6e, 0x8e, 0x1b, 0x17, 0xa0, 0x71, 0xc8, 0xb3, 0x9b, \ - 0xc9, 0xab, 0xe9, 0xc3, 0xf2, 0xcf, 0x87, 0x96, 0x8f, 0x80, 0x02, 0x32, \ - 0x9e, 0x99, 0x58, 0x6f, 0xa2, 0xd5, 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, \ - 0x50, 0x30, 0x4e, 0x30, 0x0c, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x04, 0x05, \ - 0x30, 0x03, 0x01, 0x01, 0xff, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, \ - 0x04, 0x16, 0x04, 0x14, 0xb4, 0x5a, 0xe4, 0xa5, 0xb3, 0xde, 0xd2, 0x52, \ - 0xf6, 0xb9, 0xd5, 0xa6, 0x95, 0x0f, 0xeb, 0x3e, 0xbc, 0xc7, 0xfd, 0xff, \ - 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, \ - 0x14, 0xb4, 0x5a, 0xe4, 0xa5, 0xb3, 0xde, 0xd2, 0x52, 0xf6, 0xb9, 0xd5, \ - 0xa6, 0x95, 0x0f, 0xeb, 0x3e, 0xbc, 0xc7, 0xfd, 0xff, 0x30, 0x0d, 0x06, \ - 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, \ - 0x03, 0x82, 0x01, 0x01, 0x00, 0x38, 0xa8, 0x54, 0x82, 0xb6, 0x1d, 0xaa, \ - 0xdb, 0x6b, 0x89, 0x21, 0xd1, 0x38, 0x28, 0x61, 0xc9, 0xb0, 0x98, 0xd5, \ - 0x11, 0xfc, 0x36, 0xff, 0x19, 0xfe, 0x32, 0x44, 0xef, 0x08, 0xc7, 0xf1, \ - 0x56, 0xbb, 0xe6, 0x46, 0xfa, 0x82, 0xb6, 0x31, 0x38, 0xb4, 0xa0, 0xe5, \ - 0xa0, 0xae, 0x0c, 0xc4, 0x53, 0x9e, 0x93, 0x4e, 0xe8, 0x0d, 0x9c, 0x2f, \ - 0xb4, 0x04, 0xfd, 0x8a, 0x39, 0xf5, 0x84, 0x77, 0xed, 0x4c, 0xd4, 0xbb, \ - 0x44, 0x7f, 0x73, 0x77, 0xf7, 0xf1, 0x36, 0x97, 0xdc, 0x1e, 0x73, 0x19, \ - 0x5d, 0x50, 0xb8, 0xc3, 0x80, 0xcd, 0x03, 0x57, 0xd2, 0x00, 0xdb, 0x56, \ - 0xe6, 0xc6, 0x35, 0x24, 0x1e, 0x49, 0x7b, 0xd8, 0xd2, 0x72, 0xbb, 0x0b, \ - 0x49, 0x2f, 0xa6, 0x02, 0x3c, 0xaf, 0xd0, 0xec, 0x37, 0x1d, 0xbd, 0x81, \ - 0x8b, 0x1f, 0x30, 0xbb, 0xbc, 0x4d, 0x36, 0xb5, 0x79, 0x7c, 0x87, 0xfb, \ - 0x51, 0xb9, 0xbe, 0xc2, 0xde, 0x92, 0xa8, 0x40, 0x71, 0xbb, 0x72, 0x9b, \ - 0xf8, 0x47, 0xce, 0x6c, 0x04, 0xf8, 0x86, 0xe7, 0xf7, 0x73, 0x3c, 0xe7, \ - 0x84, 0x7d, 0xc2, 0xd7, 0xb7, 0x9d, 0xe8, 0xd4, 0x9b, 0x5f, 0x0a, 0x17, \ - 0x7d, 0xbc, 0xbb, 0xb2, 0xd5, 0x94, 0x0d, 0xe4, 0x49, 0xbf, 0x4f, 0x11, \ - 0x68, 0x53, 0xb2, 0x91, 0xff, 0xc0, 0x69, 0xee, 0xdb, 0x63, 0x93, 0xcb, \ - 0xc9, 0x35, 0x6b, 0x90, 0x09, 0xe2, 0x90, 0xc9, 0xed, 0x27, 0xd6, 0x08, \ - 0xfa, 0x13, 0x4d, 0x62, 0xdd, 0xe2, 0x9e, 0xaa, 0xb5, 0xd4, 0x0e, 0x5c, \ - 0x37, 0x4f, 0xab, 0x55, 0x3b, 0x2d, 0xf1, 0x42, 0x82, 0xc7, 0x34, 0x38, \ - 0x1a, 0x9b, 0xeb, 0xa1, 0x2c, 0x0f, 0x29, 0x31, 0x64, 0x6c, 0xcc, 0x38, \ - 0xfd, 0xa9, 0xd3, 0xd5, 0xd5, 0x71, 0xaf, 0xf0, 0x6d, 0xc0, 0x97, 0xe2, \ - 0x11, 0x2a, 0x0a, 0xdf, 0xfe, 0x02, 0x79, 0x74, 0x75 \ -} -/* END FILE */ - -/* This is taken from data_files/test-ca-sha1.crt. */ -/* BEGIN FILE string macro TEST_CA_CRT_RSA_SHA1_PEM data_files/test-ca-sha1.crt */ -#define TEST_CA_CRT_RSA_SHA1_PEM \ - "-----BEGIN CERTIFICATE-----\r\n" \ - "MIIDQTCCAimgAwIBAgIBAzANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER\r\n" \ - "MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN\r\n" \ - "MTkwMjEwMTQ0NDAwWhcNMjkwMjEwMTQ0NDAwWjA7MQswCQYDVQQGEwJOTDERMA8G\r\n" \ - "A1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwggEiMA0G\r\n" \ - "CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDA3zf8F7vglp0/ht6WMn1EpRagzSHx\r\n" \ - "mdTs6st8GFgIlKXsm8WL3xoemTiZhx57wI053zhdcHgH057Zk+i5clHFzqMwUqny\r\n" \ - "50BwFMtEonILwuVA+T7lpg6z+exKY8C4KQB0nFc7qKUEkHHxvYPZP9al4jwqj+8n\r\n" \ - "YMPGn8u67GB9t+aEMr5P+1gmIgNb1LTV+/Xjli5wwOQuvfwu7uJBVcA0Ln0kcmnL\r\n" \ - "R7EUQIN9Z/SG9jGr8XmksrUuEvmEF/Bibyc+E1ixVA0hmnM3oTDPb5Lc9un8rNsu\r\n" \ - "KNF+AksjoBXyOGVkCeoMbo4bF6BxyLObyavpw/LPh5aPgAIynplYb6LVAgMBAAGj\r\n" \ - "UDBOMAwGA1UdEwQFMAMBAf8wHQYDVR0OBBYEFLRa5KWz3tJS9rnVppUP6z68x/3/\r\n" \ - "MB8GA1UdIwQYMBaAFLRa5KWz3tJS9rnVppUP6z68x/3/MA0GCSqGSIb3DQEBBQUA\r\n" \ - "A4IBAQB0ZiNRFdia6kskaPnhrqejIRq8YMEGAf2oIPnyZ78xoyERgc35lHGyMtsL\r\n" \ - "hWicNjP4d/hS9As4j5KA2gdNGi5ETA1X7SowWOGsryivSpMSHVy1+HdfWlsYQOzm\r\n" \ - "8o+faQNUm8XzPVmttfAVspxeHSxJZ36Oo+QWZ5wZlCIEyjEdLUId+Tm4Bz3B5jRD\r\n" \ - "zZa/SaqDokq66N2zpbgKKAl3GU2O++fBqP2dSkdQykmTxhLLWRN8FJqhYATyQntZ\r\n" \ - "0QSi3W9HfSZPnFTcPIXeoiPd2pLlxt1hZu8dws2LTXE63uP6MM4LHvWxiuJaWkP/\r\n" \ - "mtxyUALj2pQxRitopORFQdn7AOY5\r\n" \ - "-----END CERTIFICATE-----\r\n" -/* END FILE */ - -/* This is generated from data_files/test-ca-sha1.crt.der. */ -/* BEGIN FILE binary macro TEST_CA_CRT_RSA_SHA1_DER data_files/test-ca-sha1.crt.der */ -#define TEST_CA_CRT_RSA_SHA1_DER { \ - 0x30, 0x82, 0x03, 0x41, 0x30, 0x82, 0x02, 0x29, 0xa0, 0x03, 0x02, 0x01, \ - 0x02, 0x02, 0x01, 0x03, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, \ - 0xf7, 0x0d, 0x01, 0x01, 0x05, 0x05, 0x00, 0x30, 0x3b, 0x31, 0x0b, 0x30, \ - 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, \ - 0x30, 0x0f, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x08, 0x50, 0x6f, 0x6c, \ - 0x61, 0x72, 0x53, 0x53, 0x4c, 0x31, 0x19, 0x30, 0x17, 0x06, 0x03, 0x55, \ - 0x04, 0x03, 0x0c, 0x10, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, 0x53, 0x4c, \ - 0x20, 0x54, 0x65, 0x73, 0x74, 0x20, 0x43, 0x41, 0x30, 0x1e, 0x17, 0x0d, \ - 0x31, 0x39, 0x30, 0x32, 0x31, 0x30, 0x31, 0x34, 0x34, 0x34, 0x30, 0x30, \ - 0x5a, 0x17, 0x0d, 0x32, 0x39, 0x30, 0x32, 0x31, 0x30, 0x31, 0x34, 0x34, \ - 0x34, 0x30, 0x30, 0x5a, 0x30, 0x3b, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, \ - 0x55, 0x04, 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, 0x30, 0x0f, 0x06, \ - 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x08, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, \ - 0x53, 0x4c, 0x31, 0x19, 0x30, 0x17, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, \ - 0x10, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, 0x53, 0x4c, 0x20, 0x54, 0x65, \ - 0x73, 0x74, 0x20, 0x43, 0x41, 0x30, 0x82, 0x01, 0x22, 0x30, 0x0d, 0x06, \ - 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, \ - 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30, 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, \ - 0x01, 0x00, 0xc0, 0xdf, 0x37, 0xfc, 0x17, 0xbb, 0xe0, 0x96, 0x9d, 0x3f, \ - 0x86, 0xde, 0x96, 0x32, 0x7d, 0x44, 0xa5, 0x16, 0xa0, 0xcd, 0x21, 0xf1, \ - 0x99, 0xd4, 0xec, 0xea, 0xcb, 0x7c, 0x18, 0x58, 0x08, 0x94, 0xa5, 0xec, \ - 0x9b, 0xc5, 0x8b, 0xdf, 0x1a, 0x1e, 0x99, 0x38, 0x99, 0x87, 0x1e, 0x7b, \ - 0xc0, 0x8d, 0x39, 0xdf, 0x38, 0x5d, 0x70, 0x78, 0x07, 0xd3, 0x9e, 0xd9, \ - 0x93, 0xe8, 0xb9, 0x72, 0x51, 0xc5, 0xce, 0xa3, 0x30, 0x52, 0xa9, 0xf2, \ - 0xe7, 0x40, 0x70, 0x14, 0xcb, 0x44, 0xa2, 0x72, 0x0b, 0xc2, 0xe5, 0x40, \ - 0xf9, 0x3e, 0xe5, 0xa6, 0x0e, 0xb3, 0xf9, 0xec, 0x4a, 0x63, 0xc0, 0xb8, \ - 0x29, 0x00, 0x74, 0x9c, 0x57, 0x3b, 0xa8, 0xa5, 0x04, 0x90, 0x71, 0xf1, \ - 0xbd, 0x83, 0xd9, 0x3f, 0xd6, 0xa5, 0xe2, 0x3c, 0x2a, 0x8f, 0xef, 0x27, \ - 0x60, 0xc3, 0xc6, 0x9f, 0xcb, 0xba, 0xec, 0x60, 0x7d, 0xb7, 0xe6, 0x84, \ - 0x32, 0xbe, 0x4f, 0xfb, 0x58, 0x26, 0x22, 0x03, 0x5b, 0xd4, 0xb4, 0xd5, \ - 0xfb, 0xf5, 0xe3, 0x96, 0x2e, 0x70, 0xc0, 0xe4, 0x2e, 0xbd, 0xfc, 0x2e, \ - 0xee, 0xe2, 0x41, 0x55, 0xc0, 0x34, 0x2e, 0x7d, 0x24, 0x72, 0x69, 0xcb, \ - 0x47, 0xb1, 0x14, 0x40, 0x83, 0x7d, 0x67, 0xf4, 0x86, 0xf6, 0x31, 0xab, \ - 0xf1, 0x79, 0xa4, 0xb2, 0xb5, 0x2e, 0x12, 0xf9, 0x84, 0x17, 0xf0, 0x62, \ - 0x6f, 0x27, 0x3e, 0x13, 0x58, 0xb1, 0x54, 0x0d, 0x21, 0x9a, 0x73, 0x37, \ - 0xa1, 0x30, 0xcf, 0x6f, 0x92, 0xdc, 0xf6, 0xe9, 0xfc, 0xac, 0xdb, 0x2e, \ - 0x28, 0xd1, 0x7e, 0x02, 0x4b, 0x23, 0xa0, 0x15, 0xf2, 0x38, 0x65, 0x64, \ - 0x09, 0xea, 0x0c, 0x6e, 0x8e, 0x1b, 0x17, 0xa0, 0x71, 0xc8, 0xb3, 0x9b, \ - 0xc9, 0xab, 0xe9, 0xc3, 0xf2, 0xcf, 0x87, 0x96, 0x8f, 0x80, 0x02, 0x32, \ - 0x9e, 0x99, 0x58, 0x6f, 0xa2, 0xd5, 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, \ - 0x50, 0x30, 0x4e, 0x30, 0x0c, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x04, 0x05, \ - 0x30, 0x03, 0x01, 0x01, 0xff, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, \ - 0x04, 0x16, 0x04, 0x14, 0xb4, 0x5a, 0xe4, 0xa5, 0xb3, 0xde, 0xd2, 0x52, \ - 0xf6, 0xb9, 0xd5, 0xa6, 0x95, 0x0f, 0xeb, 0x3e, 0xbc, 0xc7, 0xfd, 0xff, \ - 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, \ - 0x14, 0xb4, 0x5a, 0xe4, 0xa5, 0xb3, 0xde, 0xd2, 0x52, 0xf6, 0xb9, 0xd5, \ - 0xa6, 0x95, 0x0f, 0xeb, 0x3e, 0xbc, 0xc7, 0xfd, 0xff, 0x30, 0x0d, 0x06, \ - 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x05, 0x05, 0x00, \ - 0x03, 0x82, 0x01, 0x01, 0x00, 0x74, 0x66, 0x23, 0x51, 0x15, 0xd8, 0x9a, \ - 0xea, 0x4b, 0x24, 0x68, 0xf9, 0xe1, 0xae, 0xa7, 0xa3, 0x21, 0x1a, 0xbc, \ - 0x60, 0xc1, 0x06, 0x01, 0xfd, 0xa8, 0x20, 0xf9, 0xf2, 0x67, 0xbf, 0x31, \ - 0xa3, 0x21, 0x11, 0x81, 0xcd, 0xf9, 0x94, 0x71, 0xb2, 0x32, 0xdb, 0x0b, \ - 0x85, 0x68, 0x9c, 0x36, 0x33, 0xf8, 0x77, 0xf8, 0x52, 0xf4, 0x0b, 0x38, \ - 0x8f, 0x92, 0x80, 0xda, 0x07, 0x4d, 0x1a, 0x2e, 0x44, 0x4c, 0x0d, 0x57, \ - 0xed, 0x2a, 0x30, 0x58, 0xe1, 0xac, 0xaf, 0x28, 0xaf, 0x4a, 0x93, 0x12, \ - 0x1d, 0x5c, 0xb5, 0xf8, 0x77, 0x5f, 0x5a, 0x5b, 0x18, 0x40, 0xec, 0xe6, \ - 0xf2, 0x8f, 0x9f, 0x69, 0x03, 0x54, 0x9b, 0xc5, 0xf3, 0x3d, 0x59, 0xad, \ - 0xb5, 0xf0, 0x15, 0xb2, 0x9c, 0x5e, 0x1d, 0x2c, 0x49, 0x67, 0x7e, 0x8e, \ - 0xa3, 0xe4, 0x16, 0x67, 0x9c, 0x19, 0x94, 0x22, 0x04, 0xca, 0x31, 0x1d, \ - 0x2d, 0x42, 0x1d, 0xf9, 0x39, 0xb8, 0x07, 0x3d, 0xc1, 0xe6, 0x34, 0x43, \ - 0xcd, 0x96, 0xbf, 0x49, 0xaa, 0x83, 0xa2, 0x4a, 0xba, 0xe8, 0xdd, 0xb3, \ - 0xa5, 0xb8, 0x0a, 0x28, 0x09, 0x77, 0x19, 0x4d, 0x8e, 0xfb, 0xe7, 0xc1, \ - 0xa8, 0xfd, 0x9d, 0x4a, 0x47, 0x50, 0xca, 0x49, 0x93, 0xc6, 0x12, 0xcb, \ - 0x59, 0x13, 0x7c, 0x14, 0x9a, 0xa1, 0x60, 0x04, 0xf2, 0x42, 0x7b, 0x59, \ - 0xd1, 0x04, 0xa2, 0xdd, 0x6f, 0x47, 0x7d, 0x26, 0x4f, 0x9c, 0x54, 0xdc, \ - 0x3c, 0x85, 0xde, 0xa2, 0x23, 0xdd, 0xda, 0x92, 0xe5, 0xc6, 0xdd, 0x61, \ - 0x66, 0xef, 0x1d, 0xc2, 0xcd, 0x8b, 0x4d, 0x71, 0x3a, 0xde, 0xe3, 0xfa, \ - 0x30, 0xce, 0x0b, 0x1e, 0xf5, 0xb1, 0x8a, 0xe2, 0x5a, 0x5a, 0x43, 0xff, \ - 0x9a, 0xdc, 0x72, 0x50, 0x02, 0xe3, 0xda, 0x94, 0x31, 0x46, 0x2b, 0x68, \ - 0xa4, 0xe4, 0x45, 0x41, 0xd9, 0xfb, 0x00, 0xe6, 0x39 \ -} -/* END FILE */ - -/* This is taken from data_files/test-ca.key. */ -/* BEGIN FILE string macro TEST_CA_KEY_RSA_PEM data_files/test-ca.key */ -#define TEST_CA_KEY_RSA_PEM \ - "-----BEGIN RSA PRIVATE KEY-----\r\n" \ - "Proc-Type: 4,ENCRYPTED\r\n" \ - "DEK-Info: AES-128-CBC,781840E6B804AE83D2AF71127C4CE314\r\n" \ - "\r\n" \ - "etQ3xgGLbuYF9vR1km03TH5fwfly1hOlix0PtfQ+t9HG065vTtSEHYc/OyHwdy79\r\n" \ - "NCLX5RUrPh06E/XlKzMNVHAXqkwFnIwNzRLsOozeP1L7iZEZb9QMeiN5Org+btCO\r\n" \ - "bylXPB4YirfuE7GSJalWY/pq3FQtD33zTIKmNhXfVj3sbwGI/8D9XjaKUb8PODOB\r\n" \ - "skOalmx6RvYRvg0lmRxB3+T3wejIsrrDPweYqte9B6dVHIVG1ZmvoA6/wnKZZZeV\r\n" \ - "sjj8OpL3OwUBrjuGSknE9Rs6kCuSCbHOYVK8VzcZmCYpie0TFnb3Sk8M6vjfW+45\r\n" \ - "U7WUMlSAPxKH6lJDzWdwHqLvsVJwuNnaAaBXg9/8U/rzQEWuq8Ar3s8fw2Jg3F1G\r\n" \ - "L6N5ZAEfCz3Sa0N9WKafR/RSQj+rq8Z3w4POAafhbzk249uo5K8B1Z3cQwLxeXIl\r\n" \ - "UbRQz1TZy4oNTfQzCahYruPNyvwgTkfwAFFvbLAdaiJd2ZtLBoqYE64TYakYnvcC\r\n" \ - "itim1bmySIKoxlMfBGFmMuF03epT0pSx701jlGzGi0l0m16NEjoVxDwo5j93SmiM\r\n" \ - "sQdjC1lOGk2iCLkphIQqHFjFJYWjvh1UUIqWZf+ZWOOxlf4x9a1pUVj6FvtECxNB\r\n" \ - "/mA/m4Iq4LAuVXHE1MpHeq067lJ6wWlrsb2WVmiNGfQ2AC7fMtpcPuunBVT9NV1m\r\n" \ - "1rbDzIgLIWAzqz/cy3N8Q8vfxnrFtmNUyM191Zyq+YF14hIKWX9J1qR4LXwWAzVV\r\n" \ - "UrC8IL4pA2mtRkW4qFsB0EmHAxO/cedDTPjVFty5WSzhNuvYZxX45HAkGIfK6d21\r\n" \ - "7WHPhHG+zaaUTWMUVixB0IcKp6RecjYPFzBHS0YeX88Ue2cyT/90jMiQ9ssOgRrG\r\n" \ - "ZJRJvZAc3TSCnY9sNPYoGrJPiZuCnlUj3ENNurYVy12ai0WFxwnNUZjRUhDS6hjm\r\n" \ - "cDHD5TlI9MZ6M+Mb/Bw4Ig8HuTHOtQBYD9vhtXsG+B7H/j6cS+1umaKjrnG/kK4W\r\n" \ - "R6YXwM2faAi+DwgjjoMXSzRqSTF8PdTIWbAXo3bc2qsXPTMBA8PEp4nb5scHZ4Ts\r\n" \ - "EcBNp2jv0j4gBkRmGIab17cWMrlagjFy89DhqZUFwKdeZs+yJ92A5xstWxOUfpEP\r\n" \ - "90T/bsp1G5d7WW5fl2TRJvYJNDM+djkKIh0zCkduiZ36oVM6nDdbjmXqjQXopeSD\r\n" \ - "gtOourBRF8g99W0fW8QT+yPhP0Pkyz6EG8eQO6Zwh439xdoVwu9jUzQAPmZ0uNeR\r\n" \ - "xTXXihYyv72z27rInjLiIPXL25K9eDVLlcSR3RyG7YYgjdQAL2VJDLcBz5jox1uQ\r\n" \ - "0guoD5wmfu2FWLqYE7HeTYntdY53lCflwq0GHRMjrrsVpx+5VDQ6Yi47Ny9SWLcp\r\n" \ - "fPI3iBkXuGRWupzs6N4pQdSO0dU28KfpMM5QvFoLIn67brCHEQij4dgFrCTYEyBX\r\n" \ - "9+jiNImUFYUhAFuxvUbfZt4O/ABLIElvHLfJs1oYCmI/nWpvLFqXB5rnzPNfEi0H\r\n" \ - "PGGe1Hj/t+CJIp/6ios3yNy2QtXO754TZH2UVu51Ykyig5PFjZVoUkbRvHQYcWfU\r\n" \ - "-----END RSA PRIVATE KEY-----\r\n" -/* END FILE */ - -#define TEST_CA_PWD_RSA_PEM "PolarSSLTest" - -/* This is generated from data_files/test-ca.key.der. */ -/* BEGIN FILE binary macro TEST_CA_KEY_RSA_DER data_files/test-ca.key.der */ -#define TEST_CA_KEY_RSA_DER { \ - 0x30, 0x82, 0x04, 0xa4, 0x02, 0x01, 0x00, 0x02, 0x82, 0x01, 0x01, 0x00, \ - 0xc0, 0xdf, 0x37, 0xfc, 0x17, 0xbb, 0xe0, 0x96, 0x9d, 0x3f, 0x86, 0xde, \ - 0x96, 0x32, 0x7d, 0x44, 0xa5, 0x16, 0xa0, 0xcd, 0x21, 0xf1, 0x99, 0xd4, \ - 0xec, 0xea, 0xcb, 0x7c, 0x18, 0x58, 0x08, 0x94, 0xa5, 0xec, 0x9b, 0xc5, \ - 0x8b, 0xdf, 0x1a, 0x1e, 0x99, 0x38, 0x99, 0x87, 0x1e, 0x7b, 0xc0, 0x8d, \ - 0x39, 0xdf, 0x38, 0x5d, 0x70, 0x78, 0x07, 0xd3, 0x9e, 0xd9, 0x93, 0xe8, \ - 0xb9, 0x72, 0x51, 0xc5, 0xce, 0xa3, 0x30, 0x52, 0xa9, 0xf2, 0xe7, 0x40, \ - 0x70, 0x14, 0xcb, 0x44, 0xa2, 0x72, 0x0b, 0xc2, 0xe5, 0x40, 0xf9, 0x3e, \ - 0xe5, 0xa6, 0x0e, 0xb3, 0xf9, 0xec, 0x4a, 0x63, 0xc0, 0xb8, 0x29, 0x00, \ - 0x74, 0x9c, 0x57, 0x3b, 0xa8, 0xa5, 0x04, 0x90, 0x71, 0xf1, 0xbd, 0x83, \ - 0xd9, 0x3f, 0xd6, 0xa5, 0xe2, 0x3c, 0x2a, 0x8f, 0xef, 0x27, 0x60, 0xc3, \ - 0xc6, 0x9f, 0xcb, 0xba, 0xec, 0x60, 0x7d, 0xb7, 0xe6, 0x84, 0x32, 0xbe, \ - 0x4f, 0xfb, 0x58, 0x26, 0x22, 0x03, 0x5b, 0xd4, 0xb4, 0xd5, 0xfb, 0xf5, \ - 0xe3, 0x96, 0x2e, 0x70, 0xc0, 0xe4, 0x2e, 0xbd, 0xfc, 0x2e, 0xee, 0xe2, \ - 0x41, 0x55, 0xc0, 0x34, 0x2e, 0x7d, 0x24, 0x72, 0x69, 0xcb, 0x47, 0xb1, \ - 0x14, 0x40, 0x83, 0x7d, 0x67, 0xf4, 0x86, 0xf6, 0x31, 0xab, 0xf1, 0x79, \ - 0xa4, 0xb2, 0xb5, 0x2e, 0x12, 0xf9, 0x84, 0x17, 0xf0, 0x62, 0x6f, 0x27, \ - 0x3e, 0x13, 0x58, 0xb1, 0x54, 0x0d, 0x21, 0x9a, 0x73, 0x37, 0xa1, 0x30, \ - 0xcf, 0x6f, 0x92, 0xdc, 0xf6, 0xe9, 0xfc, 0xac, 0xdb, 0x2e, 0x28, 0xd1, \ - 0x7e, 0x02, 0x4b, 0x23, 0xa0, 0x15, 0xf2, 0x38, 0x65, 0x64, 0x09, 0xea, \ - 0x0c, 0x6e, 0x8e, 0x1b, 0x17, 0xa0, 0x71, 0xc8, 0xb3, 0x9b, 0xc9, 0xab, \ - 0xe9, 0xc3, 0xf2, 0xcf, 0x87, 0x96, 0x8f, 0x80, 0x02, 0x32, 0x9e, 0x99, \ - 0x58, 0x6f, 0xa2, 0xd5, 0x02, 0x03, 0x01, 0x00, 0x01, 0x02, 0x82, 0x01, \ - 0x00, 0x3f, 0xf7, 0x07, 0xd3, 0x34, 0x6f, 0xdb, 0xc9, 0x37, 0xb7, 0x84, \ - 0xdc, 0x37, 0x45, 0xe1, 0x63, 0xad, 0xb8, 0xb6, 0x75, 0xb1, 0xc7, 0x35, \ - 0xb4, 0x77, 0x2a, 0x5b, 0x77, 0xf9, 0x7e, 0xe0, 0xc1, 0xa3, 0xd1, 0xb7, \ - 0xcb, 0xa9, 0x5a, 0xc1, 0x87, 0xda, 0x5a, 0xfa, 0x17, 0xe4, 0xd5, 0x38, \ - 0x03, 0xde, 0x68, 0x98, 0x81, 0xec, 0xb5, 0xf2, 0x2a, 0x8d, 0xe9, 0x2c, \ - 0xf3, 0xa6, 0xe5, 0x32, 0x17, 0x7f, 0x33, 0x81, 0xe8, 0x38, 0x72, 0xd5, \ - 0x9c, 0xfa, 0x4e, 0xfb, 0x26, 0xf5, 0x15, 0x0b, 0xaf, 0x84, 0x66, 0xab, \ - 0x02, 0xe0, 0x18, 0xd5, 0x91, 0x7c, 0xd6, 0x8f, 0xc9, 0x4b, 0x76, 0x08, \ - 0x2b, 0x1d, 0x81, 0x68, 0x30, 0xe1, 0xfa, 0x70, 0x6c, 0x13, 0x4e, 0x10, \ - 0x03, 0x35, 0x3e, 0xc5, 0xca, 0x58, 0x20, 0x8a, 0x21, 0x18, 0x38, 0xa0, \ - 0x0f, 0xed, 0xc4, 0xbb, 0x45, 0x6f, 0xf5, 0x84, 0x5b, 0xb0, 0xcf, 0x4e, \ - 0x9d, 0x58, 0x13, 0x6b, 0x35, 0x35, 0x69, 0xa1, 0xd2, 0xc4, 0xf2, 0xc1, \ - 0x48, 0x04, 0x20, 0x51, 0xb9, 0x6b, 0xa4, 0x5d, 0xa5, 0x4b, 0x84, 0x88, \ - 0x43, 0x48, 0x99, 0x2c, 0xbb, 0xa4, 0x97, 0xd6, 0xd6, 0x18, 0xf6, 0xec, \ - 0x5c, 0xd1, 0x31, 0x49, 0xc9, 0xf2, 0x8f, 0x0b, 0x4d, 0xef, 0x09, 0x02, \ - 0xfe, 0x7d, 0xfd, 0xbb, 0xaf, 0x2b, 0x83, 0x94, 0x22, 0xc4, 0xa7, 0x3e, \ - 0x66, 0xf5, 0xe0, 0x57, 0xdc, 0xf2, 0xed, 0x2c, 0x3e, 0x81, 0x74, 0x76, \ - 0x1e, 0x96, 0x6f, 0x74, 0x1e, 0x32, 0x0e, 0x14, 0x31, 0xd0, 0x74, 0xf0, \ - 0xf4, 0x07, 0xbd, 0xc3, 0xd1, 0x22, 0xc2, 0xa8, 0x95, 0x92, 0x06, 0x7f, \ - 0x43, 0x02, 0x91, 0xbc, 0xdd, 0x23, 0x01, 0x89, 0x94, 0x20, 0x44, 0x64, \ - 0xf5, 0x1d, 0x67, 0xd2, 0x8f, 0xe8, 0x69, 0xa5, 0x29, 0x25, 0xe6, 0x50, \ - 0x9c, 0xe3, 0xe9, 0xcb, 0x75, 0x02, 0x81, 0x81, 0x00, 0xe2, 0x29, 0x3e, \ - 0xaa, 0x6b, 0xd5, 0x59, 0x1e, 0x9c, 0xe6, 0x47, 0xd5, 0xb6, 0xd7, 0xe3, \ - 0xf1, 0x8e, 0x9e, 0xe9, 0x83, 0x5f, 0x10, 0x9f, 0x63, 0xec, 0x04, 0x44, \ - 0xcc, 0x3f, 0xf8, 0xd9, 0x3a, 0x17, 0xe0, 0x4f, 0xfe, 0xd8, 0x4d, 0xcd, \ - 0x46, 0x54, 0x74, 0xbf, 0x0a, 0xc4, 0x67, 0x9c, 0xa7, 0xd8, 0x89, 0x65, \ - 0x4c, 0xfd, 0x58, 0x2a, 0x47, 0x0f, 0xf4, 0x37, 0xb6, 0x55, 0xb0, 0x1d, \ - 0xed, 0xa7, 0x39, 0xfc, 0x4f, 0xa3, 0xc4, 0x75, 0x3a, 0xa3, 0x98, 0xa7, \ - 0x45, 0xf5, 0x66, 0xcb, 0x7c, 0x65, 0xfb, 0x80, 0x23, 0xe6, 0xff, 0xfd, \ - 0x99, 0x1f, 0x8e, 0x6b, 0xff, 0x5e, 0x93, 0x66, 0xdf, 0x6c, 0x6f, 0xc3, \ - 0xf6, 0x38, 0x2e, 0xff, 0x69, 0xb5, 0xac, 0xae, 0xbb, 0xc6, 0x71, 0x16, \ - 0x6b, 0xd0, 0xf8, 0x22, 0xd9, 0xf8, 0xa2, 0x72, 0x20, 0xd2, 0xe2, 0x3a, \ - 0x70, 0x4b, 0xde, 0xab, 0x2f, 0x02, 0x81, 0x81, 0x00, 0xda, 0x51, 0x9b, \ - 0xb8, 0xb2, 0x2a, 0x14, 0x75, 0x58, 0x40, 0x8d, 0x27, 0x70, 0xfa, 0x31, \ - 0x48, 0xb0, 0x20, 0x21, 0x34, 0xfa, 0x4c, 0x57, 0xa8, 0x11, 0x88, 0xf3, \ - 0xa7, 0xae, 0x21, 0xe9, 0xb6, 0x2b, 0xd1, 0xcd, 0xa7, 0xf8, 0xd8, 0x0c, \ - 0x8a, 0x76, 0x22, 0x35, 0x44, 0xce, 0x3f, 0x25, 0x29, 0x83, 0x7d, 0x79, \ - 0xa7, 0x31, 0xd6, 0xec, 0xb2, 0xbf, 0xda, 0x34, 0xb6, 0xf6, 0xb2, 0x3b, \ - 0xf3, 0x78, 0x5a, 0x04, 0x83, 0x33, 0x3e, 0xa2, 0xe2, 0x81, 0x82, 0x13, \ - 0xd4, 0x35, 0x17, 0x63, 0x9b, 0x9e, 0xc4, 0x8d, 0x91, 0x4c, 0x03, 0x77, \ - 0xc7, 0x71, 0x5b, 0xee, 0x83, 0x6d, 0xd5, 0x78, 0x88, 0xf6, 0x2c, 0x79, \ - 0xc2, 0x4a, 0xb4, 0x79, 0x90, 0x70, 0xbf, 0xdf, 0x34, 0x56, 0x96, 0x71, \ - 0xe3, 0x0e, 0x68, 0x91, 0xbc, 0xea, 0xcb, 0x33, 0xc0, 0xbe, 0x45, 0xd7, \ - 0xfc, 0x30, 0xfd, 0x01, 0x3b, 0x02, 0x81, 0x81, 0x00, 0xd2, 0x9f, 0x2a, \ - 0xb7, 0x38, 0x19, 0xc7, 0x17, 0x95, 0x73, 0x78, 0xae, 0xf5, 0xcb, 0x75, \ - 0x83, 0x7f, 0x19, 0x4b, 0xcb, 0x86, 0xfb, 0x4a, 0x15, 0x9a, 0xb6, 0x17, \ - 0x04, 0x49, 0x07, 0x8d, 0xf6, 0x66, 0x4a, 0x06, 0xf6, 0x05, 0xa7, 0xdf, \ - 0x66, 0x82, 0x3c, 0xff, 0xb6, 0x1d, 0x57, 0x89, 0x33, 0x5f, 0x9c, 0x05, \ - 0x75, 0x7f, 0xf3, 0x5d, 0xdc, 0x34, 0x65, 0x72, 0x85, 0x22, 0xa4, 0x14, \ - 0x1b, 0x41, 0xc3, 0xe4, 0xd0, 0x9e, 0x69, 0xd5, 0xeb, 0x38, 0x74, 0x70, \ - 0x43, 0xdc, 0xd9, 0x50, 0xe4, 0x97, 0x6d, 0x73, 0xd6, 0xfb, 0xc8, 0xa7, \ - 0xfa, 0xb4, 0xc2, 0xc4, 0x9d, 0x5d, 0x0c, 0xd5, 0x9f, 0x79, 0xb3, 0x54, \ - 0xc2, 0xb7, 0x6c, 0x3d, 0x7d, 0xcb, 0x2d, 0xf8, 0xc4, 0xf3, 0x78, 0x5a, \ - 0x33, 0x2a, 0xb8, 0x0c, 0x6d, 0x06, 0xfa, 0xf2, 0x62, 0xd3, 0x42, 0xd0, \ - 0xbd, 0xc8, 0x4a, 0xa5, 0x0d, 0x02, 0x81, 0x81, 0x00, 0xd4, 0xa9, 0x90, \ - 0x15, 0xde, 0xbf, 0x2c, 0xc4, 0x8d, 0x9d, 0xfb, 0xa1, 0xc2, 0xe4, 0x83, \ - 0xe3, 0x79, 0x65, 0x22, 0xd3, 0xb7, 0x49, 0x6c, 0x4d, 0x94, 0x1f, 0x22, \ - 0xb1, 0x60, 0xe7, 0x3a, 0x00, 0xb1, 0x38, 0xa2, 0xab, 0x0f, 0xb4, 0x6c, \ - 0xaa, 0xe7, 0x9e, 0x34, 0xe3, 0x7c, 0x40, 0x78, 0x53, 0xb2, 0xf9, 0x23, \ - 0xea, 0xa0, 0x9a, 0xea, 0x60, 0xc8, 0x8f, 0xa6, 0xaf, 0xdf, 0x29, 0x09, \ - 0x4b, 0x06, 0x1e, 0x31, 0xad, 0x17, 0xda, 0xd8, 0xd1, 0xe9, 0x33, 0xab, \ - 0x5b, 0x18, 0x08, 0x5b, 0x87, 0xf8, 0xa5, 0x1f, 0xfd, 0xbb, 0xdc, 0xd8, \ - 0xed, 0x97, 0x57, 0xe4, 0xc3, 0x73, 0xd6, 0xf0, 0x9e, 0x01, 0xa6, 0x9b, \ - 0x48, 0x8e, 0x7a, 0xb4, 0xbb, 0xe5, 0x88, 0x91, 0xc5, 0x2a, 0xdf, 0x4b, \ - 0xba, 0xd0, 0x8b, 0x3e, 0x03, 0x97, 0x77, 0x2f, 0x47, 0x7e, 0x51, 0x0c, \ - 0xae, 0x65, 0x8d, 0xde, 0x87, 0x02, 0x81, 0x80, 0x20, 0x24, 0x0f, 0xd2, \ - 0xaf, 0xc2, 0x28, 0x3b, 0x97, 0x20, 0xb2, 0x92, 0x49, 0xeb, 0x09, 0x68, \ - 0x40, 0xb2, 0xbe, 0xd1, 0xc3, 0x83, 0x94, 0x34, 0x38, 0xd6, 0xc9, 0xec, \ - 0x34, 0x09, 0xf9, 0x41, 0x6d, 0x5c, 0x42, 0x94, 0xf7, 0x04, 0xfc, 0x32, \ - 0x39, 0x69, 0xbc, 0x1c, 0xfb, 0x3e, 0x61, 0x98, 0xc0, 0x80, 0xd8, 0x36, \ - 0x47, 0xc3, 0x6d, 0xc2, 0x2e, 0xe7, 0x81, 0x2a, 0x17, 0x34, 0x64, 0x30, \ - 0x4e, 0x96, 0xbb, 0x26, 0x16, 0xb9, 0x41, 0x36, 0xfe, 0x8a, 0xd6, 0x53, \ - 0x7c, 0xaa, 0xec, 0x39, 0x42, 0x50, 0xef, 0xe3, 0xb3, 0x01, 0x28, 0x32, \ - 0xca, 0x6d, 0xf5, 0x9a, 0x1e, 0x9f, 0x37, 0xbe, 0xfe, 0x38, 0x20, 0x22, \ - 0x91, 0x8c, 0xcd, 0x95, 0x02, 0xf2, 0x4d, 0x6f, 0x1a, 0xb4, 0x43, 0xf0, \ - 0x19, 0xdf, 0x65, 0xc0, 0x92, 0xe7, 0x9d, 0x2f, 0x09, 0xe7, 0xec, 0x69, \ - 0xa8, 0xc2, 0x8f, 0x0d \ -} -/* END FILE */ - -/* This is taken from data_files/server5.crt. */ -/* BEGIN FILE string macro TEST_SRV_CRT_EC_PEM data_files/server5.crt */ -#define TEST_SRV_CRT_EC_PEM \ - "-----BEGIN CERTIFICATE-----\r\n" \ - "MIICIDCCAaWgAwIBAgIBCTAKBggqhkjOPQQDAjA+MQswCQYDVQQGEwJOTDERMA8G\r\n" \ - "A1UECgwIUG9sYXJTU0wxHDAaBgNVBAMME1BvbGFyc3NsIFRlc3QgRUMgQ0EwHhcN\r\n" \ - "MjMwNTE3MDcxMDM2WhcNMzMwNTE0MDcxMDM2WjA0MQswCQYDVQQGEwJOTDERMA8G\r\n" \ - "A1UECgwIUG9sYXJTU0wxEjAQBgNVBAMMCWxvY2FsaG9zdDBZMBMGByqGSM49AgEG\r\n" \ - "CCqGSM49AwEHA0IABDfMVtl2CR5acj7HWS3/IG7ufPkGkXTQrRS192giWWKSTuUA\r\n" \ - "2CMR/+ov0jRdXRa9iojCa3cNVc2KKg76Aci07f+jgZ0wgZowCQYDVR0TBAIwADAd\r\n" \ - "BgNVHQ4EFgQUUGGlj9QH2deCAQzlZX+MY0anE74wbgYDVR0jBGcwZYAUnW0gJEkB\r\n" \ - "PyvLeLUZvH4kydv7NnyhQqRAMD4xCzAJBgNVBAYTAk5MMREwDwYDVQQKDAhQb2xh\r\n" \ - "clNTTDEcMBoGA1UEAwwTUG9sYXJzc2wgVGVzdCBFQyBDQYIJAMFD4n5iQ8zoMAoG\r\n" \ - "CCqGSM49BAMCA2kAMGYCMQDg6p7PPfr2+n7nGvya3pU4ust3k7Obk4/tZX+uHHRQ\r\n" \ - "qaccsyULeFNzkyRvWHFeT5sCMQCzDJX79Ii7hILYza/iXWJe/BjJEE8MteCRGXDN\r\n" \ - "06jC+BLgOH1KQV9ArqEh3AhOhEg=\r\n" \ - "-----END CERTIFICATE-----\r\n" -/* END FILE */ - -/* This is generated from data_files/server5.crt.der. */ -/* BEGIN FILE binary macro TEST_SRV_CRT_EC_DER data_files/server5.crt.der */ -#define TEST_SRV_CRT_EC_DER { \ - 0x30, 0x82, 0x02, 0x20, 0x30, 0x82, 0x01, 0xa5, 0xa0, 0x03, 0x02, 0x01, \ - 0x02, 0x02, 0x01, 0x09, 0x30, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, \ - 0x3d, 0x04, 0x03, 0x02, 0x30, 0x3e, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, \ - 0x55, 0x04, 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, 0x30, 0x0f, 0x06, \ - 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x08, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, \ - 0x53, 0x4c, 0x31, 0x1c, 0x30, 0x1a, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, \ - 0x13, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x73, 0x73, 0x6c, 0x20, 0x54, 0x65, \ - 0x73, 0x74, 0x20, 0x45, 0x43, 0x20, 0x43, 0x41, 0x30, 0x1e, 0x17, 0x0d, \ - 0x32, 0x33, 0x30, 0x35, 0x31, 0x37, 0x30, 0x37, 0x31, 0x30, 0x33, 0x36, \ - 0x5a, 0x17, 0x0d, 0x33, 0x33, 0x30, 0x35, 0x31, 0x34, 0x30, 0x37, 0x31, \ - 0x30, 0x33, 0x36, 0x5a, 0x30, 0x34, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, \ - 0x55, 0x04, 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, 0x30, 0x0f, 0x06, \ - 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x08, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, \ - 0x53, 0x4c, 0x31, 0x12, 0x30, 0x10, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, \ - 0x09, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x68, 0x6f, 0x73, 0x74, 0x30, 0x59, \ - 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, 0x01, 0x06, \ - 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03, 0x42, 0x00, \ - 0x04, 0x37, 0xcc, 0x56, 0xd9, 0x76, 0x09, 0x1e, 0x5a, 0x72, 0x3e, 0xc7, \ - 0x59, 0x2d, 0xff, 0x20, 0x6e, 0xee, 0x7c, 0xf9, 0x06, 0x91, 0x74, 0xd0, \ - 0xad, 0x14, 0xb5, 0xf7, 0x68, 0x22, 0x59, 0x62, 0x92, 0x4e, 0xe5, 0x00, \ - 0xd8, 0x23, 0x11, 0xff, 0xea, 0x2f, 0xd2, 0x34, 0x5d, 0x5d, 0x16, 0xbd, \ - 0x8a, 0x88, 0xc2, 0x6b, 0x77, 0x0d, 0x55, 0xcd, 0x8a, 0x2a, 0x0e, 0xfa, \ - 0x01, 0xc8, 0xb4, 0xed, 0xff, 0xa3, 0x81, 0x9d, 0x30, 0x81, 0x9a, 0x30, \ - 0x09, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x04, 0x02, 0x30, 0x00, 0x30, 0x1d, \ - 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0x50, 0x61, 0xa5, \ - 0x8f, 0xd4, 0x07, 0xd9, 0xd7, 0x82, 0x01, 0x0c, 0xe5, 0x65, 0x7f, 0x8c, \ - 0x63, 0x46, 0xa7, 0x13, 0xbe, 0x30, 0x6e, 0x06, 0x03, 0x55, 0x1d, 0x23, \ - 0x04, 0x67, 0x30, 0x65, 0x80, 0x14, 0x9d, 0x6d, 0x20, 0x24, 0x49, 0x01, \ - 0x3f, 0x2b, 0xcb, 0x78, 0xb5, 0x19, 0xbc, 0x7e, 0x24, 0xc9, 0xdb, 0xfb, \ - 0x36, 0x7c, 0xa1, 0x42, 0xa4, 0x40, 0x30, 0x3e, 0x31, 0x0b, 0x30, 0x09, \ - 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, 0x30, \ - 0x0f, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x08, 0x50, 0x6f, 0x6c, 0x61, \ - 0x72, 0x53, 0x53, 0x4c, 0x31, 0x1c, 0x30, 0x1a, 0x06, 0x03, 0x55, 0x04, \ - 0x03, 0x0c, 0x13, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x73, 0x73, 0x6c, 0x20, \ - 0x54, 0x65, 0x73, 0x74, 0x20, 0x45, 0x43, 0x20, 0x43, 0x41, 0x82, 0x09, \ - 0x00, 0xc1, 0x43, 0xe2, 0x7e, 0x62, 0x43, 0xcc, 0xe8, 0x30, 0x0a, 0x06, \ - 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, 0x03, 0x02, 0x03, 0x69, 0x00, \ - 0x30, 0x66, 0x02, 0x31, 0x00, 0xe0, 0xea, 0x9e, 0xcf, 0x3d, 0xfa, 0xf6, \ - 0xfa, 0x7e, 0xe7, 0x1a, 0xfc, 0x9a, 0xde, 0x95, 0x38, 0xba, 0xcb, 0x77, \ - 0x93, 0xb3, 0x9b, 0x93, 0x8f, 0xed, 0x65, 0x7f, 0xae, 0x1c, 0x74, 0x50, \ - 0xa9, 0xa7, 0x1c, 0xb3, 0x25, 0x0b, 0x78, 0x53, 0x73, 0x93, 0x24, 0x6f, \ - 0x58, 0x71, 0x5e, 0x4f, 0x9b, 0x02, 0x31, 0x00, 0xb3, 0x0c, 0x95, 0xfb, \ - 0xf4, 0x88, 0xbb, 0x84, 0x82, 0xd8, 0xcd, 0xaf, 0xe2, 0x5d, 0x62, 0x5e, \ - 0xfc, 0x18, 0xc9, 0x10, 0x4f, 0x0c, 0xb5, 0xe0, 0x91, 0x19, 0x70, 0xcd, \ - 0xd3, 0xa8, 0xc2, 0xf8, 0x12, 0xe0, 0x38, 0x7d, 0x4a, 0x41, 0x5f, 0x40, \ - 0xae, 0xa1, 0x21, 0xdc, 0x08, 0x4e, 0x84, 0x48 \ -} -/* END FILE */ - -/* This is taken from data_files/server5.key. */ -/* BEGIN FILE string macro TEST_SRV_KEY_EC_PEM data_files/server5.key */ -#define TEST_SRV_KEY_EC_PEM \ - "-----BEGIN EC PRIVATE KEY-----\r\n" \ - "MHcCAQEEIPEqEyB2AnCoPL/9U/YDHvdqXYbIogTywwyp6/UfDw6noAoGCCqGSM49\r\n" \ - "AwEHoUQDQgAEN8xW2XYJHlpyPsdZLf8gbu58+QaRdNCtFLX3aCJZYpJO5QDYIxH/\r\n" \ - "6i/SNF1dFr2KiMJrdw1VzYoqDvoByLTt/w==\r\n" \ - "-----END EC PRIVATE KEY-----\r\n" -/* END FILE */ - -/* This is generated from data_files/server5.key.der. */ -/* BEGIN FILE binary macro TEST_SRV_KEY_EC_DER data_files/server5.key.der */ -#define TEST_SRV_KEY_EC_DER { \ - 0x30, 0x77, 0x02, 0x01, 0x01, 0x04, 0x20, 0xf1, 0x2a, 0x13, 0x20, 0x76, \ - 0x02, 0x70, 0xa8, 0x3c, 0xbf, 0xfd, 0x53, 0xf6, 0x03, 0x1e, 0xf7, 0x6a, \ - 0x5d, 0x86, 0xc8, 0xa2, 0x04, 0xf2, 0xc3, 0x0c, 0xa9, 0xeb, 0xf5, 0x1f, \ - 0x0f, 0x0e, 0xa7, 0xa0, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, \ - 0x03, 0x01, 0x07, 0xa1, 0x44, 0x03, 0x42, 0x00, 0x04, 0x37, 0xcc, 0x56, \ - 0xd9, 0x76, 0x09, 0x1e, 0x5a, 0x72, 0x3e, 0xc7, 0x59, 0x2d, 0xff, 0x20, \ - 0x6e, 0xee, 0x7c, 0xf9, 0x06, 0x91, 0x74, 0xd0, 0xad, 0x14, 0xb5, 0xf7, \ - 0x68, 0x22, 0x59, 0x62, 0x92, 0x4e, 0xe5, 0x00, 0xd8, 0x23, 0x11, 0xff, \ - 0xea, 0x2f, 0xd2, 0x34, 0x5d, 0x5d, 0x16, 0xbd, 0x8a, 0x88, 0xc2, 0x6b, \ - 0x77, 0x0d, 0x55, 0xcd, 0x8a, 0x2a, 0x0e, 0xfa, 0x01, 0xc8, 0xb4, 0xed, \ - 0xff \ -} -/* END FILE */ - -/* This is taken from data_files/server2-sha256.crt. */ -/* BEGIN FILE string macro TEST_SRV_CRT_RSA_SHA256_PEM data_files/server2-sha256.crt */ -#define TEST_SRV_CRT_RSA_SHA256_PEM \ - "-----BEGIN CERTIFICATE-----\r\n" \ - "MIIDNzCCAh+gAwIBAgIBAjANBgkqhkiG9w0BAQsFADA7MQswCQYDVQQGEwJOTDER\r\n" \ - "MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN\r\n" \ - "MTkwMjEwMTQ0NDA2WhcNMjkwMjEwMTQ0NDA2WjA0MQswCQYDVQQGEwJOTDERMA8G\r\n" \ - "A1UECgwIUG9sYXJTU0wxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcN\r\n" \ - "AQEBBQADggEPADCCAQoCggEBAMFNo93nzR3RBNdJcriZrA545Do8Ss86ExbQWuTN\r\n" \ - "owCIp+4ea5anUrSQ7y1yej4kmvy2NKwk9XfgJmSMnLAofaHa6ozmyRyWvP7BBFKz\r\n" \ - "NtSj+uGxdtiQwWG0ZlI2oiZTqqt0Xgd9GYLbKtgfoNkNHC1JZvdbJXNG6AuKT2kM\r\n" \ - "tQCQ4dqCEGZ9rlQri2V5kaHiYcPNQEkI7mgM8YuG0ka/0LiqEQMef1aoGh5EGA8P\r\n" \ - "hYvai0Re4hjGYi/HZo36Xdh98yeJKQHFkA4/J/EwyEoO79bex8cna8cFPXrEAjya\r\n" \ - "HT4P6DSYW8tzS1KW2BGiLICIaTla0w+w3lkvEcf36hIBMJcCAwEAAaNNMEswCQYD\r\n" \ - "VR0TBAIwADAdBgNVHQ4EFgQUpQXoZLjc32APUBJNYKhkr02LQ5MwHwYDVR0jBBgw\r\n" \ - "FoAUtFrkpbPe0lL2udWmlQ/rPrzH/f8wDQYJKoZIhvcNAQELBQADggEBAC465FJh\r\n" \ - "Pqel7zJngHIHJrqj/wVAxGAFOTF396XKATGAp+HRCqJ81Ry60CNK1jDzk8dv6M6U\r\n" \ - "HoS7RIFiM/9rXQCbJfiPD5xMTejZp5n5UYHAmxsxDaazfA5FuBhkfokKK6jD4Eq9\r\n" \ - "1C94xGKb6X4/VkaPF7cqoBBw/bHxawXc0UEPjqayiBpCYU/rJoVZgLqFVP7Px3sv\r\n" \ - "a1nOrNx8rPPI1hJ+ZOg8maiPTxHZnBVLakSSLQy/sWeWyazO1RnrbxjrbgQtYKz0\r\n" \ - "e3nwGpu1w13vfckFmUSBhHXH7AAS/HpKC4IH7G2GAk3+n8iSSN71sZzpxonQwVbo\r\n" \ - "pMZqLmbBm/7WPLc=\r\n" \ - "-----END CERTIFICATE-----\r\n" -/* END FILE */ - -/* This is generated from data_files/server2-sha256.crt.der. */ -/* BEGIN FILE binary macro TEST_SRV_CRT_RSA_SHA256_DER data_files/server2-sha256.crt.der */ -#define TEST_SRV_CRT_RSA_SHA256_DER { \ - 0x30, 0x82, 0x03, 0x37, 0x30, 0x82, 0x02, 0x1f, 0xa0, 0x03, 0x02, 0x01, \ - 0x02, 0x02, 0x01, 0x02, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, \ - 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x30, 0x3b, 0x31, 0x0b, 0x30, \ - 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, \ - 0x30, 0x0f, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x08, 0x50, 0x6f, 0x6c, \ - 0x61, 0x72, 0x53, 0x53, 0x4c, 0x31, 0x19, 0x30, 0x17, 0x06, 0x03, 0x55, \ - 0x04, 0x03, 0x0c, 0x10, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, 0x53, 0x4c, \ - 0x20, 0x54, 0x65, 0x73, 0x74, 0x20, 0x43, 0x41, 0x30, 0x1e, 0x17, 0x0d, \ - 0x31, 0x39, 0x30, 0x32, 0x31, 0x30, 0x31, 0x34, 0x34, 0x34, 0x30, 0x36, \ - 0x5a, 0x17, 0x0d, 0x32, 0x39, 0x30, 0x32, 0x31, 0x30, 0x31, 0x34, 0x34, \ - 0x34, 0x30, 0x36, 0x5a, 0x30, 0x34, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, \ - 0x55, 0x04, 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, 0x30, 0x0f, 0x06, \ - 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x08, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, \ - 0x53, 0x4c, 0x31, 0x12, 0x30, 0x10, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, \ - 0x09, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x68, 0x6f, 0x73, 0x74, 0x30, 0x82, \ - 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, \ - 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30, 0x82, \ - 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00, 0xc1, 0x4d, 0xa3, 0xdd, 0xe7, \ - 0xcd, 0x1d, 0xd1, 0x04, 0xd7, 0x49, 0x72, 0xb8, 0x99, 0xac, 0x0e, 0x78, \ - 0xe4, 0x3a, 0x3c, 0x4a, 0xcf, 0x3a, 0x13, 0x16, 0xd0, 0x5a, 0xe4, 0xcd, \ - 0xa3, 0x00, 0x88, 0xa7, 0xee, 0x1e, 0x6b, 0x96, 0xa7, 0x52, 0xb4, 0x90, \ - 0xef, 0x2d, 0x72, 0x7a, 0x3e, 0x24, 0x9a, 0xfc, 0xb6, 0x34, 0xac, 0x24, \ - 0xf5, 0x77, 0xe0, 0x26, 0x64, 0x8c, 0x9c, 0xb0, 0x28, 0x7d, 0xa1, 0xda, \ - 0xea, 0x8c, 0xe6, 0xc9, 0x1c, 0x96, 0xbc, 0xfe, 0xc1, 0x04, 0x52, 0xb3, \ - 0x36, 0xd4, 0xa3, 0xfa, 0xe1, 0xb1, 0x76, 0xd8, 0x90, 0xc1, 0x61, 0xb4, \ - 0x66, 0x52, 0x36, 0xa2, 0x26, 0x53, 0xaa, 0xab, 0x74, 0x5e, 0x07, 0x7d, \ - 0x19, 0x82, 0xdb, 0x2a, 0xd8, 0x1f, 0xa0, 0xd9, 0x0d, 0x1c, 0x2d, 0x49, \ - 0x66, 0xf7, 0x5b, 0x25, 0x73, 0x46, 0xe8, 0x0b, 0x8a, 0x4f, 0x69, 0x0c, \ - 0xb5, 0x00, 0x90, 0xe1, 0xda, 0x82, 0x10, 0x66, 0x7d, 0xae, 0x54, 0x2b, \ - 0x8b, 0x65, 0x79, 0x91, 0xa1, 0xe2, 0x61, 0xc3, 0xcd, 0x40, 0x49, 0x08, \ - 0xee, 0x68, 0x0c, 0xf1, 0x8b, 0x86, 0xd2, 0x46, 0xbf, 0xd0, 0xb8, 0xaa, \ - 0x11, 0x03, 0x1e, 0x7f, 0x56, 0xa8, 0x1a, 0x1e, 0x44, 0x18, 0x0f, 0x0f, \ - 0x85, 0x8b, 0xda, 0x8b, 0x44, 0x5e, 0xe2, 0x18, 0xc6, 0x62, 0x2f, 0xc7, \ - 0x66, 0x8d, 0xfa, 0x5d, 0xd8, 0x7d, 0xf3, 0x27, 0x89, 0x29, 0x01, 0xc5, \ - 0x90, 0x0e, 0x3f, 0x27, 0xf1, 0x30, 0xc8, 0x4a, 0x0e, 0xef, 0xd6, 0xde, \ - 0xc7, 0xc7, 0x27, 0x6b, 0xc7, 0x05, 0x3d, 0x7a, 0xc4, 0x02, 0x3c, 0x9a, \ - 0x1d, 0x3e, 0x0f, 0xe8, 0x34, 0x98, 0x5b, 0xcb, 0x73, 0x4b, 0x52, 0x96, \ - 0xd8, 0x11, 0xa2, 0x2c, 0x80, 0x88, 0x69, 0x39, 0x5a, 0xd3, 0x0f, 0xb0, \ - 0xde, 0x59, 0x2f, 0x11, 0xc7, 0xf7, 0xea, 0x12, 0x01, 0x30, 0x97, 0x02, \ - 0x03, 0x01, 0x00, 0x01, 0xa3, 0x4d, 0x30, 0x4b, 0x30, 0x09, 0x06, 0x03, \ - 0x55, 0x1d, 0x13, 0x04, 0x02, 0x30, 0x00, 0x30, 0x1d, 0x06, 0x03, 0x55, \ - 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0xa5, 0x05, 0xe8, 0x64, 0xb8, 0xdc, \ - 0xdf, 0x60, 0x0f, 0x50, 0x12, 0x4d, 0x60, 0xa8, 0x64, 0xaf, 0x4d, 0x8b, \ - 0x43, 0x93, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, \ - 0x16, 0x80, 0x14, 0xb4, 0x5a, 0xe4, 0xa5, 0xb3, 0xde, 0xd2, 0x52, 0xf6, \ - 0xb9, 0xd5, 0xa6, 0x95, 0x0f, 0xeb, 0x3e, 0xbc, 0xc7, 0xfd, 0xff, 0x30, \ - 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, \ - 0x05, 0x00, 0x03, 0x82, 0x01, 0x01, 0x00, 0x2e, 0x3a, 0xe4, 0x52, 0x61, \ - 0x3e, 0xa7, 0xa5, 0xef, 0x32, 0x67, 0x80, 0x72, 0x07, 0x26, 0xba, 0xa3, \ - 0xff, 0x05, 0x40, 0xc4, 0x60, 0x05, 0x39, 0x31, 0x77, 0xf7, 0xa5, 0xca, \ - 0x01, 0x31, 0x80, 0xa7, 0xe1, 0xd1, 0x0a, 0xa2, 0x7c, 0xd5, 0x1c, 0xba, \ - 0xd0, 0x23, 0x4a, 0xd6, 0x30, 0xf3, 0x93, 0xc7, 0x6f, 0xe8, 0xce, 0x94, \ - 0x1e, 0x84, 0xbb, 0x44, 0x81, 0x62, 0x33, 0xff, 0x6b, 0x5d, 0x00, 0x9b, \ - 0x25, 0xf8, 0x8f, 0x0f, 0x9c, 0x4c, 0x4d, 0xe8, 0xd9, 0xa7, 0x99, 0xf9, \ - 0x51, 0x81, 0xc0, 0x9b, 0x1b, 0x31, 0x0d, 0xa6, 0xb3, 0x7c, 0x0e, 0x45, \ - 0xb8, 0x18, 0x64, 0x7e, 0x89, 0x0a, 0x2b, 0xa8, 0xc3, 0xe0, 0x4a, 0xbd, \ - 0xd4, 0x2f, 0x78, 0xc4, 0x62, 0x9b, 0xe9, 0x7e, 0x3f, 0x56, 0x46, 0x8f, \ - 0x17, 0xb7, 0x2a, 0xa0, 0x10, 0x70, 0xfd, 0xb1, 0xf1, 0x6b, 0x05, 0xdc, \ - 0xd1, 0x41, 0x0f, 0x8e, 0xa6, 0xb2, 0x88, 0x1a, 0x42, 0x61, 0x4f, 0xeb, \ - 0x26, 0x85, 0x59, 0x80, 0xba, 0x85, 0x54, 0xfe, 0xcf, 0xc7, 0x7b, 0x2f, \ - 0x6b, 0x59, 0xce, 0xac, 0xdc, 0x7c, 0xac, 0xf3, 0xc8, 0xd6, 0x12, 0x7e, \ - 0x64, 0xe8, 0x3c, 0x99, 0xa8, 0x8f, 0x4f, 0x11, 0xd9, 0x9c, 0x15, 0x4b, \ - 0x6a, 0x44, 0x92, 0x2d, 0x0c, 0xbf, 0xb1, 0x67, 0x96, 0xc9, 0xac, 0xce, \ - 0xd5, 0x19, 0xeb, 0x6f, 0x18, 0xeb, 0x6e, 0x04, 0x2d, 0x60, 0xac, 0xf4, \ - 0x7b, 0x79, 0xf0, 0x1a, 0x9b, 0xb5, 0xc3, 0x5d, 0xef, 0x7d, 0xc9, 0x05, \ - 0x99, 0x44, 0x81, 0x84, 0x75, 0xc7, 0xec, 0x00, 0x12, 0xfc, 0x7a, 0x4a, \ - 0x0b, 0x82, 0x07, 0xec, 0x6d, 0x86, 0x02, 0x4d, 0xfe, 0x9f, 0xc8, 0x92, \ - 0x48, 0xde, 0xf5, 0xb1, 0x9c, 0xe9, 0xc6, 0x89, 0xd0, 0xc1, 0x56, 0xe8, \ - 0xa4, 0xc6, 0x6a, 0x2e, 0x66, 0xc1, 0x9b, 0xfe, 0xd6, 0x3c, 0xb7 \ -} -/* END FILE */ - -/* This is taken from data_files/server2.crt. */ -/* BEGIN FILE string macro TEST_SRV_CRT_RSA_SHA1_PEM data_files/server2.crt */ -#define TEST_SRV_CRT_RSA_SHA1_PEM \ - "-----BEGIN CERTIFICATE-----\r\n" \ - "MIIDNzCCAh+gAwIBAgIBAjANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER\r\n" \ - "MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN\r\n" \ - "MTkwMjEwMTQ0NDA2WhcNMjkwMjEwMTQ0NDA2WjA0MQswCQYDVQQGEwJOTDERMA8G\r\n" \ - "A1UECgwIUG9sYXJTU0wxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcN\r\n" \ - "AQEBBQADggEPADCCAQoCggEBAMFNo93nzR3RBNdJcriZrA545Do8Ss86ExbQWuTN\r\n" \ - "owCIp+4ea5anUrSQ7y1yej4kmvy2NKwk9XfgJmSMnLAofaHa6ozmyRyWvP7BBFKz\r\n" \ - "NtSj+uGxdtiQwWG0ZlI2oiZTqqt0Xgd9GYLbKtgfoNkNHC1JZvdbJXNG6AuKT2kM\r\n" \ - "tQCQ4dqCEGZ9rlQri2V5kaHiYcPNQEkI7mgM8YuG0ka/0LiqEQMef1aoGh5EGA8P\r\n" \ - "hYvai0Re4hjGYi/HZo36Xdh98yeJKQHFkA4/J/EwyEoO79bex8cna8cFPXrEAjya\r\n" \ - "HT4P6DSYW8tzS1KW2BGiLICIaTla0w+w3lkvEcf36hIBMJcCAwEAAaNNMEswCQYD\r\n" \ - "VR0TBAIwADAdBgNVHQ4EFgQUpQXoZLjc32APUBJNYKhkr02LQ5MwHwYDVR0jBBgw\r\n" \ - "FoAUtFrkpbPe0lL2udWmlQ/rPrzH/f8wDQYJKoZIhvcNAQEFBQADggEBAJklg3Q4\r\n" \ - "cB7v7BzsxM/vLyKccO6op0/gZzM4ghuLq2Y32kl0sM6kSNUUmduuq3u/+GmUZN2A\r\n" \ - "O/7c+Hw7hDFEIvZk98aBGjCLqn3DmgHIv8ToQ67nellQxx2Uj309PdgjNi/r9HOc\r\n" \ - "KNAYPbBcg6MJGWWj2TI6vNaceios/DhOYx5V0j5nfqSJ/pnU0g9Ign2LAhgYpGJE\r\n" \ - "iEM9wW7hEMkwmk0h/sqZsrJsGH5YsF/VThSq/JVO1e2mZH2vruyZKJVBq+8tDNYp\r\n" \ - "HkK6tSyVYQhzIt3StMJWKMl/o5k2AYz6tSC164+1oG+ML3LWg8XrGKa91H4UOKap\r\n" \ - "Awgk0+4m0T25cNs=\r\n" \ - "-----END CERTIFICATE-----\r\n" -/* END FILE */ - -/* This is generated from data_files/server2.crt.der. */ -/* BEGIN FILE binary macro TEST_SRV_CRT_RSA_SHA1_DER data_files/server2.crt.der */ -#define TEST_SRV_CRT_RSA_SHA1_DER { \ - 0x30, 0x82, 0x03, 0x37, 0x30, 0x82, 0x02, 0x1f, 0xa0, 0x03, 0x02, 0x01, \ - 0x02, 0x02, 0x01, 0x02, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, \ - 0xf7, 0x0d, 0x01, 0x01, 0x05, 0x05, 0x00, 0x30, 0x3b, 0x31, 0x0b, 0x30, \ - 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, \ - 0x30, 0x0f, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x08, 0x50, 0x6f, 0x6c, \ - 0x61, 0x72, 0x53, 0x53, 0x4c, 0x31, 0x19, 0x30, 0x17, 0x06, 0x03, 0x55, \ - 0x04, 0x03, 0x0c, 0x10, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, 0x53, 0x4c, \ - 0x20, 0x54, 0x65, 0x73, 0x74, 0x20, 0x43, 0x41, 0x30, 0x1e, 0x17, 0x0d, \ - 0x31, 0x39, 0x30, 0x32, 0x31, 0x30, 0x31, 0x34, 0x34, 0x34, 0x30, 0x36, \ - 0x5a, 0x17, 0x0d, 0x32, 0x39, 0x30, 0x32, 0x31, 0x30, 0x31, 0x34, 0x34, \ - 0x34, 0x30, 0x36, 0x5a, 0x30, 0x34, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, \ - 0x55, 0x04, 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, 0x30, 0x0f, 0x06, \ - 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x08, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, \ - 0x53, 0x4c, 0x31, 0x12, 0x30, 0x10, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, \ - 0x09, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x68, 0x6f, 0x73, 0x74, 0x30, 0x82, \ - 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, \ - 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30, 0x82, \ - 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00, 0xc1, 0x4d, 0xa3, 0xdd, 0xe7, \ - 0xcd, 0x1d, 0xd1, 0x04, 0xd7, 0x49, 0x72, 0xb8, 0x99, 0xac, 0x0e, 0x78, \ - 0xe4, 0x3a, 0x3c, 0x4a, 0xcf, 0x3a, 0x13, 0x16, 0xd0, 0x5a, 0xe4, 0xcd, \ - 0xa3, 0x00, 0x88, 0xa7, 0xee, 0x1e, 0x6b, 0x96, 0xa7, 0x52, 0xb4, 0x90, \ - 0xef, 0x2d, 0x72, 0x7a, 0x3e, 0x24, 0x9a, 0xfc, 0xb6, 0x34, 0xac, 0x24, \ - 0xf5, 0x77, 0xe0, 0x26, 0x64, 0x8c, 0x9c, 0xb0, 0x28, 0x7d, 0xa1, 0xda, \ - 0xea, 0x8c, 0xe6, 0xc9, 0x1c, 0x96, 0xbc, 0xfe, 0xc1, 0x04, 0x52, 0xb3, \ - 0x36, 0xd4, 0xa3, 0xfa, 0xe1, 0xb1, 0x76, 0xd8, 0x90, 0xc1, 0x61, 0xb4, \ - 0x66, 0x52, 0x36, 0xa2, 0x26, 0x53, 0xaa, 0xab, 0x74, 0x5e, 0x07, 0x7d, \ - 0x19, 0x82, 0xdb, 0x2a, 0xd8, 0x1f, 0xa0, 0xd9, 0x0d, 0x1c, 0x2d, 0x49, \ - 0x66, 0xf7, 0x5b, 0x25, 0x73, 0x46, 0xe8, 0x0b, 0x8a, 0x4f, 0x69, 0x0c, \ - 0xb5, 0x00, 0x90, 0xe1, 0xda, 0x82, 0x10, 0x66, 0x7d, 0xae, 0x54, 0x2b, \ - 0x8b, 0x65, 0x79, 0x91, 0xa1, 0xe2, 0x61, 0xc3, 0xcd, 0x40, 0x49, 0x08, \ - 0xee, 0x68, 0x0c, 0xf1, 0x8b, 0x86, 0xd2, 0x46, 0xbf, 0xd0, 0xb8, 0xaa, \ - 0x11, 0x03, 0x1e, 0x7f, 0x56, 0xa8, 0x1a, 0x1e, 0x44, 0x18, 0x0f, 0x0f, \ - 0x85, 0x8b, 0xda, 0x8b, 0x44, 0x5e, 0xe2, 0x18, 0xc6, 0x62, 0x2f, 0xc7, \ - 0x66, 0x8d, 0xfa, 0x5d, 0xd8, 0x7d, 0xf3, 0x27, 0x89, 0x29, 0x01, 0xc5, \ - 0x90, 0x0e, 0x3f, 0x27, 0xf1, 0x30, 0xc8, 0x4a, 0x0e, 0xef, 0xd6, 0xde, \ - 0xc7, 0xc7, 0x27, 0x6b, 0xc7, 0x05, 0x3d, 0x7a, 0xc4, 0x02, 0x3c, 0x9a, \ - 0x1d, 0x3e, 0x0f, 0xe8, 0x34, 0x98, 0x5b, 0xcb, 0x73, 0x4b, 0x52, 0x96, \ - 0xd8, 0x11, 0xa2, 0x2c, 0x80, 0x88, 0x69, 0x39, 0x5a, 0xd3, 0x0f, 0xb0, \ - 0xde, 0x59, 0x2f, 0x11, 0xc7, 0xf7, 0xea, 0x12, 0x01, 0x30, 0x97, 0x02, \ - 0x03, 0x01, 0x00, 0x01, 0xa3, 0x4d, 0x30, 0x4b, 0x30, 0x09, 0x06, 0x03, \ - 0x55, 0x1d, 0x13, 0x04, 0x02, 0x30, 0x00, 0x30, 0x1d, 0x06, 0x03, 0x55, \ - 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0xa5, 0x05, 0xe8, 0x64, 0xb8, 0xdc, \ - 0xdf, 0x60, 0x0f, 0x50, 0x12, 0x4d, 0x60, 0xa8, 0x64, 0xaf, 0x4d, 0x8b, \ - 0x43, 0x93, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, \ - 0x16, 0x80, 0x14, 0xb4, 0x5a, 0xe4, 0xa5, 0xb3, 0xde, 0xd2, 0x52, 0xf6, \ - 0xb9, 0xd5, 0xa6, 0x95, 0x0f, 0xeb, 0x3e, 0xbc, 0xc7, 0xfd, 0xff, 0x30, \ - 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x05, \ - 0x05, 0x00, 0x03, 0x82, 0x01, 0x01, 0x00, 0x99, 0x25, 0x83, 0x74, 0x38, \ - 0x70, 0x1e, 0xef, 0xec, 0x1c, 0xec, 0xc4, 0xcf, 0xef, 0x2f, 0x22, 0x9c, \ - 0x70, 0xee, 0xa8, 0xa7, 0x4f, 0xe0, 0x67, 0x33, 0x38, 0x82, 0x1b, 0x8b, \ - 0xab, 0x66, 0x37, 0xda, 0x49, 0x74, 0xb0, 0xce, 0xa4, 0x48, 0xd5, 0x14, \ - 0x99, 0xdb, 0xae, 0xab, 0x7b, 0xbf, 0xf8, 0x69, 0x94, 0x64, 0xdd, 0x80, \ - 0x3b, 0xfe, 0xdc, 0xf8, 0x7c, 0x3b, 0x84, 0x31, 0x44, 0x22, 0xf6, 0x64, \ - 0xf7, 0xc6, 0x81, 0x1a, 0x30, 0x8b, 0xaa, 0x7d, 0xc3, 0x9a, 0x01, 0xc8, \ - 0xbf, 0xc4, 0xe8, 0x43, 0xae, 0xe7, 0x7a, 0x59, 0x50, 0xc7, 0x1d, 0x94, \ - 0x8f, 0x7d, 0x3d, 0x3d, 0xd8, 0x23, 0x36, 0x2f, 0xeb, 0xf4, 0x73, 0x9c, \ - 0x28, 0xd0, 0x18, 0x3d, 0xb0, 0x5c, 0x83, 0xa3, 0x09, 0x19, 0x65, 0xa3, \ - 0xd9, 0x32, 0x3a, 0xbc, 0xd6, 0x9c, 0x7a, 0x2a, 0x2c, 0xfc, 0x38, 0x4e, \ - 0x63, 0x1e, 0x55, 0xd2, 0x3e, 0x67, 0x7e, 0xa4, 0x89, 0xfe, 0x99, 0xd4, \ - 0xd2, 0x0f, 0x48, 0x82, 0x7d, 0x8b, 0x02, 0x18, 0x18, 0xa4, 0x62, 0x44, \ - 0x88, 0x43, 0x3d, 0xc1, 0x6e, 0xe1, 0x10, 0xc9, 0x30, 0x9a, 0x4d, 0x21, \ - 0xfe, 0xca, 0x99, 0xb2, 0xb2, 0x6c, 0x18, 0x7e, 0x58, 0xb0, 0x5f, 0xd5, \ - 0x4e, 0x14, 0xaa, 0xfc, 0x95, 0x4e, 0xd5, 0xed, 0xa6, 0x64, 0x7d, 0xaf, \ - 0xae, 0xec, 0x99, 0x28, 0x95, 0x41, 0xab, 0xef, 0x2d, 0x0c, 0xd6, 0x29, \ - 0x1e, 0x42, 0xba, 0xb5, 0x2c, 0x95, 0x61, 0x08, 0x73, 0x22, 0xdd, 0xd2, \ - 0xb4, 0xc2, 0x56, 0x28, 0xc9, 0x7f, 0xa3, 0x99, 0x36, 0x01, 0x8c, 0xfa, \ - 0xb5, 0x20, 0xb5, 0xeb, 0x8f, 0xb5, 0xa0, 0x6f, 0x8c, 0x2f, 0x72, 0xd6, \ - 0x83, 0xc5, 0xeb, 0x18, 0xa6, 0xbd, 0xd4, 0x7e, 0x14, 0x38, 0xa6, 0xa9, \ - 0x03, 0x08, 0x24, 0xd3, 0xee, 0x26, 0xd1, 0x3d, 0xb9, 0x70, 0xdb \ -} -/* END FILE */ - -/* This is taken from data_files/server2.key. */ -/* BEGIN FILE string macro TEST_SRV_KEY_RSA_PEM data_files/server2.key */ -#define TEST_SRV_KEY_RSA_PEM \ - "-----BEGIN RSA PRIVATE KEY-----\r\n" \ - "MIIEpAIBAAKCAQEAwU2j3efNHdEE10lyuJmsDnjkOjxKzzoTFtBa5M2jAIin7h5r\r\n" \ - "lqdStJDvLXJ6PiSa/LY0rCT1d+AmZIycsCh9odrqjObJHJa8/sEEUrM21KP64bF2\r\n" \ - "2JDBYbRmUjaiJlOqq3ReB30Zgtsq2B+g2Q0cLUlm91slc0boC4pPaQy1AJDh2oIQ\r\n" \ - "Zn2uVCuLZXmRoeJhw81ASQjuaAzxi4bSRr/QuKoRAx5/VqgaHkQYDw+Fi9qLRF7i\r\n" \ - "GMZiL8dmjfpd2H3zJ4kpAcWQDj8n8TDISg7v1t7HxydrxwU9esQCPJodPg/oNJhb\r\n" \ - "y3NLUpbYEaIsgIhpOVrTD7DeWS8Rx/fqEgEwlwIDAQABAoIBAQCXR0S8EIHFGORZ\r\n" \ - "++AtOg6eENxD+xVs0f1IeGz57Tjo3QnXX7VBZNdj+p1ECvhCE/G7XnkgU5hLZX+G\r\n" \ - "Z0jkz/tqJOI0vRSdLBbipHnWouyBQ4e/A1yIJdlBtqXxJ1KE/ituHRbNc4j4kL8Z\r\n" \ - "/r6pvwnTI0PSx2Eqs048YdS92LT6qAv4flbNDxMn2uY7s4ycS4Q8w1JXnCeaAnYm\r\n" \ - "WYI5wxO+bvRELR2Mcz5DmVnL8jRyml6l6582bSv5oufReFIbyPZbQWlXgYnpu6He\r\n" \ - "GTc7E1zKYQGG/9+DQUl/1vQuCPqQwny0tQoX2w5tdYpdMdVm+zkLtbajzdTviJJa\r\n" \ - "TWzL6lt5AoGBAN86+SVeJDcmQJcv4Eq6UhtRr4QGMiQMz0Sod6ettYxYzMgxtw28\r\n" \ - "CIrgpozCc+UaZJLo7UxvC6an85r1b2nKPCLQFaggJ0H4Q0J/sZOhBIXaoBzWxveK\r\n" \ - "nupceKdVxGsFi8CDy86DBfiyFivfBj+47BbaQzPBj7C4rK7UlLjab2rDAoGBAN2u\r\n" \ - "AM2gchoFiu4v1HFL8D7lweEpi6ZnMJjnEu/dEgGQJFjwdpLnPbsj4c75odQ4Gz8g\r\n" \ - "sw9lao9VVzbusoRE/JGI4aTdO0pATXyG7eG1Qu+5Yc1YGXcCrliA2xM9xx+d7f+s\r\n" \ - "mPzN+WIEg5GJDYZDjAzHG5BNvi/FfM1C9dOtjv2dAoGAF0t5KmwbjWHBhcVqO4Ic\r\n" \ - "BVvN3BIlc1ue2YRXEDlxY5b0r8N4XceMgKmW18OHApZxfl8uPDauWZLXOgl4uepv\r\n" \ - "whZC3EuWrSyyICNhLY21Ah7hbIEBPF3L3ZsOwC+UErL+dXWLdB56Jgy3gZaBeW7b\r\n" \ - "vDrEnocJbqCm7IukhXHOBK8CgYEAwqdHB0hqyNSzIOGY7v9abzB6pUdA3BZiQvEs\r\n" \ - "3LjHVd4HPJ2x0N8CgrBIWOE0q8+0hSMmeE96WW/7jD3fPWwCR5zlXknxBQsfv0gP\r\n" \ - "3BC5PR0Qdypz+d+9zfMf625kyit4T/hzwhDveZUzHnk1Cf+IG7Q+TOEnLnWAWBED\r\n" \ - "ISOWmrUCgYAFEmRxgwAc/u+D6t0syCwAYh6POtscq9Y0i9GyWk89NzgC4NdwwbBH\r\n" \ - "4AgahOxIxXx2gxJnq3yfkJfIjwf0s2DyP0kY2y6Ua1OeomPeY9mrIS4tCuDQ6LrE\r\n" \ - "TB6l9VGoxJL4fyHnZb8L5gGvnB1bbD8cL6YPaDiOhcRseC9vBiEuVg==\r\n" \ - "-----END RSA PRIVATE KEY-----\r\n" -/* END FILE */ - -/* This is generated from data_files/server2.key.der. */ -/* BEGIN FILE binary macro TEST_SRV_KEY_RSA_DER data_files/server2.key.der */ -#define TEST_SRV_KEY_RSA_DER { \ - 0x30, 0x82, 0x04, 0xa4, 0x02, 0x01, 0x00, 0x02, 0x82, 0x01, 0x01, 0x00, \ - 0xc1, 0x4d, 0xa3, 0xdd, 0xe7, 0xcd, 0x1d, 0xd1, 0x04, 0xd7, 0x49, 0x72, \ - 0xb8, 0x99, 0xac, 0x0e, 0x78, 0xe4, 0x3a, 0x3c, 0x4a, 0xcf, 0x3a, 0x13, \ - 0x16, 0xd0, 0x5a, 0xe4, 0xcd, 0xa3, 0x00, 0x88, 0xa7, 0xee, 0x1e, 0x6b, \ - 0x96, 0xa7, 0x52, 0xb4, 0x90, 0xef, 0x2d, 0x72, 0x7a, 0x3e, 0x24, 0x9a, \ - 0xfc, 0xb6, 0x34, 0xac, 0x24, 0xf5, 0x77, 0xe0, 0x26, 0x64, 0x8c, 0x9c, \ - 0xb0, 0x28, 0x7d, 0xa1, 0xda, 0xea, 0x8c, 0xe6, 0xc9, 0x1c, 0x96, 0xbc, \ - 0xfe, 0xc1, 0x04, 0x52, 0xb3, 0x36, 0xd4, 0xa3, 0xfa, 0xe1, 0xb1, 0x76, \ - 0xd8, 0x90, 0xc1, 0x61, 0xb4, 0x66, 0x52, 0x36, 0xa2, 0x26, 0x53, 0xaa, \ - 0xab, 0x74, 0x5e, 0x07, 0x7d, 0x19, 0x82, 0xdb, 0x2a, 0xd8, 0x1f, 0xa0, \ - 0xd9, 0x0d, 0x1c, 0x2d, 0x49, 0x66, 0xf7, 0x5b, 0x25, 0x73, 0x46, 0xe8, \ - 0x0b, 0x8a, 0x4f, 0x69, 0x0c, 0xb5, 0x00, 0x90, 0xe1, 0xda, 0x82, 0x10, \ - 0x66, 0x7d, 0xae, 0x54, 0x2b, 0x8b, 0x65, 0x79, 0x91, 0xa1, 0xe2, 0x61, \ - 0xc3, 0xcd, 0x40, 0x49, 0x08, 0xee, 0x68, 0x0c, 0xf1, 0x8b, 0x86, 0xd2, \ - 0x46, 0xbf, 0xd0, 0xb8, 0xaa, 0x11, 0x03, 0x1e, 0x7f, 0x56, 0xa8, 0x1a, \ - 0x1e, 0x44, 0x18, 0x0f, 0x0f, 0x85, 0x8b, 0xda, 0x8b, 0x44, 0x5e, 0xe2, \ - 0x18, 0xc6, 0x62, 0x2f, 0xc7, 0x66, 0x8d, 0xfa, 0x5d, 0xd8, 0x7d, 0xf3, \ - 0x27, 0x89, 0x29, 0x01, 0xc5, 0x90, 0x0e, 0x3f, 0x27, 0xf1, 0x30, 0xc8, \ - 0x4a, 0x0e, 0xef, 0xd6, 0xde, 0xc7, 0xc7, 0x27, 0x6b, 0xc7, 0x05, 0x3d, \ - 0x7a, 0xc4, 0x02, 0x3c, 0x9a, 0x1d, 0x3e, 0x0f, 0xe8, 0x34, 0x98, 0x5b, \ - 0xcb, 0x73, 0x4b, 0x52, 0x96, 0xd8, 0x11, 0xa2, 0x2c, 0x80, 0x88, 0x69, \ - 0x39, 0x5a, 0xd3, 0x0f, 0xb0, 0xde, 0x59, 0x2f, 0x11, 0xc7, 0xf7, 0xea, \ - 0x12, 0x01, 0x30, 0x97, 0x02, 0x03, 0x01, 0x00, 0x01, 0x02, 0x82, 0x01, \ - 0x01, 0x00, 0x97, 0x47, 0x44, 0xbc, 0x10, 0x81, 0xc5, 0x18, 0xe4, 0x59, \ - 0xfb, 0xe0, 0x2d, 0x3a, 0x0e, 0x9e, 0x10, 0xdc, 0x43, 0xfb, 0x15, 0x6c, \ - 0xd1, 0xfd, 0x48, 0x78, 0x6c, 0xf9, 0xed, 0x38, 0xe8, 0xdd, 0x09, 0xd7, \ - 0x5f, 0xb5, 0x41, 0x64, 0xd7, 0x63, 0xfa, 0x9d, 0x44, 0x0a, 0xf8, 0x42, \ - 0x13, 0xf1, 0xbb, 0x5e, 0x79, 0x20, 0x53, 0x98, 0x4b, 0x65, 0x7f, 0x86, \ - 0x67, 0x48, 0xe4, 0xcf, 0xfb, 0x6a, 0x24, 0xe2, 0x34, 0xbd, 0x14, 0x9d, \ - 0x2c, 0x16, 0xe2, 0xa4, 0x79, 0xd6, 0xa2, 0xec, 0x81, 0x43, 0x87, 0xbf, \ - 0x03, 0x5c, 0x88, 0x25, 0xd9, 0x41, 0xb6, 0xa5, 0xf1, 0x27, 0x52, 0x84, \ - 0xfe, 0x2b, 0x6e, 0x1d, 0x16, 0xcd, 0x73, 0x88, 0xf8, 0x90, 0xbf, 0x19, \ - 0xfe, 0xbe, 0xa9, 0xbf, 0x09, 0xd3, 0x23, 0x43, 0xd2, 0xc7, 0x61, 0x2a, \ - 0xb3, 0x4e, 0x3c, 0x61, 0xd4, 0xbd, 0xd8, 0xb4, 0xfa, 0xa8, 0x0b, 0xf8, \ - 0x7e, 0x56, 0xcd, 0x0f, 0x13, 0x27, 0xda, 0xe6, 0x3b, 0xb3, 0x8c, 0x9c, \ - 0x4b, 0x84, 0x3c, 0xc3, 0x52, 0x57, 0x9c, 0x27, 0x9a, 0x02, 0x76, 0x26, \ - 0x59, 0x82, 0x39, 0xc3, 0x13, 0xbe, 0x6e, 0xf4, 0x44, 0x2d, 0x1d, 0x8c, \ - 0x73, 0x3e, 0x43, 0x99, 0x59, 0xcb, 0xf2, 0x34, 0x72, 0x9a, 0x5e, 0xa5, \ - 0xeb, 0x9f, 0x36, 0x6d, 0x2b, 0xf9, 0xa2, 0xe7, 0xd1, 0x78, 0x52, 0x1b, \ - 0xc8, 0xf6, 0x5b, 0x41, 0x69, 0x57, 0x81, 0x89, 0xe9, 0xbb, 0xa1, 0xde, \ - 0x19, 0x37, 0x3b, 0x13, 0x5c, 0xca, 0x61, 0x01, 0x86, 0xff, 0xdf, 0x83, \ - 0x41, 0x49, 0x7f, 0xd6, 0xf4, 0x2e, 0x08, 0xfa, 0x90, 0xc2, 0x7c, 0xb4, \ - 0xb5, 0x0a, 0x17, 0xdb, 0x0e, 0x6d, 0x75, 0x8a, 0x5d, 0x31, 0xd5, 0x66, \ - 0xfb, 0x39, 0x0b, 0xb5, 0xb6, 0xa3, 0xcd, 0xd4, 0xef, 0x88, 0x92, 0x5a, \ - 0x4d, 0x6c, 0xcb, 0xea, 0x5b, 0x79, 0x02, 0x81, 0x81, 0x00, 0xdf, 0x3a, \ - 0xf9, 0x25, 0x5e, 0x24, 0x37, 0x26, 0x40, 0x97, 0x2f, 0xe0, 0x4a, 0xba, \ - 0x52, 0x1b, 0x51, 0xaf, 0x84, 0x06, 0x32, 0x24, 0x0c, 0xcf, 0x44, 0xa8, \ - 0x77, 0xa7, 0xad, 0xb5, 0x8c, 0x58, 0xcc, 0xc8, 0x31, 0xb7, 0x0d, 0xbc, \ - 0x08, 0x8a, 0xe0, 0xa6, 0x8c, 0xc2, 0x73, 0xe5, 0x1a, 0x64, 0x92, 0xe8, \ - 0xed, 0x4c, 0x6f, 0x0b, 0xa6, 0xa7, 0xf3, 0x9a, 0xf5, 0x6f, 0x69, 0xca, \ - 0x3c, 0x22, 0xd0, 0x15, 0xa8, 0x20, 0x27, 0x41, 0xf8, 0x43, 0x42, 0x7f, \ - 0xb1, 0x93, 0xa1, 0x04, 0x85, 0xda, 0xa0, 0x1c, 0xd6, 0xc6, 0xf7, 0x8a, \ - 0x9e, 0xea, 0x5c, 0x78, 0xa7, 0x55, 0xc4, 0x6b, 0x05, 0x8b, 0xc0, 0x83, \ - 0xcb, 0xce, 0x83, 0x05, 0xf8, 0xb2, 0x16, 0x2b, 0xdf, 0x06, 0x3f, 0xb8, \ - 0xec, 0x16, 0xda, 0x43, 0x33, 0xc1, 0x8f, 0xb0, 0xb8, 0xac, 0xae, 0xd4, \ - 0x94, 0xb8, 0xda, 0x6f, 0x6a, 0xc3, 0x02, 0x81, 0x81, 0x00, 0xdd, 0xae, \ - 0x00, 0xcd, 0xa0, 0x72, 0x1a, 0x05, 0x8a, 0xee, 0x2f, 0xd4, 0x71, 0x4b, \ - 0xf0, 0x3e, 0xe5, 0xc1, 0xe1, 0x29, 0x8b, 0xa6, 0x67, 0x30, 0x98, 0xe7, \ - 0x12, 0xef, 0xdd, 0x12, 0x01, 0x90, 0x24, 0x58, 0xf0, 0x76, 0x92, 0xe7, \ - 0x3d, 0xbb, 0x23, 0xe1, 0xce, 0xf9, 0xa1, 0xd4, 0x38, 0x1b, 0x3f, 0x20, \ - 0xb3, 0x0f, 0x65, 0x6a, 0x8f, 0x55, 0x57, 0x36, 0xee, 0xb2, 0x84, 0x44, \ - 0xfc, 0x91, 0x88, 0xe1, 0xa4, 0xdd, 0x3b, 0x4a, 0x40, 0x4d, 0x7c, 0x86, \ - 0xed, 0xe1, 0xb5, 0x42, 0xef, 0xb9, 0x61, 0xcd, 0x58, 0x19, 0x77, 0x02, \ - 0xae, 0x58, 0x80, 0xdb, 0x13, 0x3d, 0xc7, 0x1f, 0x9d, 0xed, 0xff, 0xac, \ - 0x98, 0xfc, 0xcd, 0xf9, 0x62, 0x04, 0x83, 0x91, 0x89, 0x0d, 0x86, 0x43, \ - 0x8c, 0x0c, 0xc7, 0x1b, 0x90, 0x4d, 0xbe, 0x2f, 0xc5, 0x7c, 0xcd, 0x42, \ - 0xf5, 0xd3, 0xad, 0x8e, 0xfd, 0x9d, 0x02, 0x81, 0x80, 0x17, 0x4b, 0x79, \ - 0x2a, 0x6c, 0x1b, 0x8d, 0x61, 0xc1, 0x85, 0xc5, 0x6a, 0x3b, 0x82, 0x1c, \ - 0x05, 0x5b, 0xcd, 0xdc, 0x12, 0x25, 0x73, 0x5b, 0x9e, 0xd9, 0x84, 0x57, \ - 0x10, 0x39, 0x71, 0x63, 0x96, 0xf4, 0xaf, 0xc3, 0x78, 0x5d, 0xc7, 0x8c, \ - 0x80, 0xa9, 0x96, 0xd7, 0xc3, 0x87, 0x02, 0x96, 0x71, 0x7e, 0x5f, 0x2e, \ - 0x3c, 0x36, 0xae, 0x59, 0x92, 0xd7, 0x3a, 0x09, 0x78, 0xb9, 0xea, 0x6f, \ - 0xc2, 0x16, 0x42, 0xdc, 0x4b, 0x96, 0xad, 0x2c, 0xb2, 0x20, 0x23, 0x61, \ - 0x2d, 0x8d, 0xb5, 0x02, 0x1e, 0xe1, 0x6c, 0x81, 0x01, 0x3c, 0x5d, 0xcb, \ - 0xdd, 0x9b, 0x0e, 0xc0, 0x2f, 0x94, 0x12, 0xb2, 0xfe, 0x75, 0x75, 0x8b, \ - 0x74, 0x1e, 0x7a, 0x26, 0x0c, 0xb7, 0x81, 0x96, 0x81, 0x79, 0x6e, 0xdb, \ - 0xbc, 0x3a, 0xc4, 0x9e, 0x87, 0x09, 0x6e, 0xa0, 0xa6, 0xec, 0x8b, 0xa4, \ - 0x85, 0x71, 0xce, 0x04, 0xaf, 0x02, 0x81, 0x81, 0x00, 0xc2, 0xa7, 0x47, \ - 0x07, 0x48, 0x6a, 0xc8, 0xd4, 0xb3, 0x20, 0xe1, 0x98, 0xee, 0xff, 0x5a, \ - 0x6f, 0x30, 0x7a, 0xa5, 0x47, 0x40, 0xdc, 0x16, 0x62, 0x42, 0xf1, 0x2c, \ - 0xdc, 0xb8, 0xc7, 0x55, 0xde, 0x07, 0x3c, 0x9d, 0xb1, 0xd0, 0xdf, 0x02, \ - 0x82, 0xb0, 0x48, 0x58, 0xe1, 0x34, 0xab, 0xcf, 0xb4, 0x85, 0x23, 0x26, \ - 0x78, 0x4f, 0x7a, 0x59, 0x6f, 0xfb, 0x8c, 0x3d, 0xdf, 0x3d, 0x6c, 0x02, \ - 0x47, 0x9c, 0xe5, 0x5e, 0x49, 0xf1, 0x05, 0x0b, 0x1f, 0xbf, 0x48, 0x0f, \ - 0xdc, 0x10, 0xb9, 0x3d, 0x1d, 0x10, 0x77, 0x2a, 0x73, 0xf9, 0xdf, 0xbd, \ - 0xcd, 0xf3, 0x1f, 0xeb, 0x6e, 0x64, 0xca, 0x2b, 0x78, 0x4f, 0xf8, 0x73, \ - 0xc2, 0x10, 0xef, 0x79, 0x95, 0x33, 0x1e, 0x79, 0x35, 0x09, 0xff, 0x88, \ - 0x1b, 0xb4, 0x3e, 0x4c, 0xe1, 0x27, 0x2e, 0x75, 0x80, 0x58, 0x11, 0x03, \ - 0x21, 0x23, 0x96, 0x9a, 0xb5, 0x02, 0x81, 0x80, 0x05, 0x12, 0x64, 0x71, \ - 0x83, 0x00, 0x1c, 0xfe, 0xef, 0x83, 0xea, 0xdd, 0x2c, 0xc8, 0x2c, 0x00, \ - 0x62, 0x1e, 0x8f, 0x3a, 0xdb, 0x1c, 0xab, 0xd6, 0x34, 0x8b, 0xd1, 0xb2, \ - 0x5a, 0x4f, 0x3d, 0x37, 0x38, 0x02, 0xe0, 0xd7, 0x70, 0xc1, 0xb0, 0x47, \ - 0xe0, 0x08, 0x1a, 0x84, 0xec, 0x48, 0xc5, 0x7c, 0x76, 0x83, 0x12, 0x67, \ - 0xab, 0x7c, 0x9f, 0x90, 0x97, 0xc8, 0x8f, 0x07, 0xf4, 0xb3, 0x60, 0xf2, \ - 0x3f, 0x49, 0x18, 0xdb, 0x2e, 0x94, 0x6b, 0x53, 0x9e, 0xa2, 0x63, 0xde, \ - 0x63, 0xd9, 0xab, 0x21, 0x2e, 0x2d, 0x0a, 0xe0, 0xd0, 0xe8, 0xba, 0xc4, \ - 0x4c, 0x1e, 0xa5, 0xf5, 0x51, 0xa8, 0xc4, 0x92, 0xf8, 0x7f, 0x21, 0xe7, \ - 0x65, 0xbf, 0x0b, 0xe6, 0x01, 0xaf, 0x9c, 0x1d, 0x5b, 0x6c, 0x3f, 0x1c, \ - 0x2f, 0xa6, 0x0f, 0x68, 0x38, 0x8e, 0x85, 0xc4, 0x6c, 0x78, 0x2f, 0x6f, \ - 0x06, 0x21, 0x2e, 0x56 \ -} -/* END FILE */ - -/* This is taken from data_files/cli2.crt. */ -/* BEGIN FILE string macro TEST_CLI_CRT_EC_PEM data_files/cli2.crt */ -#define TEST_CLI_CRT_EC_PEM \ - "-----BEGIN CERTIFICATE-----\r\n" \ - "MIIB3zCCAWOgAwIBAgIBDTAMBggqhkjOPQQDAgUAMD4xCzAJBgNVBAYTAk5MMREw\r\n" \ - "DwYDVQQKDAhQb2xhclNTTDEcMBoGA1UEAwwTUG9sYXJTU0wgVGVzdCBFQyBDQTAe\r\n" \ - "Fw0xOTAyMTAxNDQ0MDBaFw0yOTAyMTAxNDQ0MDBaMEExCzAJBgNVBAYTAk5MMREw\r\n" \ - "DwYDVQQKDAhQb2xhclNTTDEfMB0GA1UEAwwWUG9sYXJTU0wgVGVzdCBDbGllbnQg\r\n" \ - "MjBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABFflrrFz39Osu5O4gf8Sru7mU6zO\r\n" \ - "VVP2NA7MLuNjJQvfmOLzXGA2lsDVGBRw5X+f1UtFGOWwbNVc+JaPh3Cj5MejTTBL\r\n" \ - "MAkGA1UdEwQCMAAwHQYDVR0OBBYEFHoAX4Zk/OBd5REQO7LmO8QmP8/iMB8GA1Ud\r\n" \ - "IwQYMBaAFJ1tICRJAT8ry3i1Gbx+JMnb+zZ8MAwGCCqGSM49BAMCBQADaAAwZQIx\r\n" \ - "AMqme4DKMldUlplDET9Q6Eptre7uUWKhsLOF+zPkKDlfzpIkJYEFgcloDHGYw80u\r\n" \ - "IgIwNftyPXsabTqMM7iEHgVpX/GRozKklY9yQI/5eoA6gGW7Y+imuGR/oao5ySOb\r\n" \ - "a9Vk\r\n" \ - "-----END CERTIFICATE-----\r\n" -/* END FILE */ - -/* This is generated from data_files/cli2.crt.der. */ -/* BEGIN FILE binary macro TEST_CLI_CRT_EC_DER data_files/cli2.crt.der */ -#define TEST_CLI_CRT_EC_DER { \ - 0x30, 0x82, 0x01, 0xdf, 0x30, 0x82, 0x01, 0x63, 0xa0, 0x03, 0x02, 0x01, \ - 0x02, 0x02, 0x01, 0x0d, 0x30, 0x0c, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, \ - 0x3d, 0x04, 0x03, 0x02, 0x05, 0x00, 0x30, 0x3e, 0x31, 0x0b, 0x30, 0x09, \ - 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, 0x30, \ - 0x0f, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x08, 0x50, 0x6f, 0x6c, 0x61, \ - 0x72, 0x53, 0x53, 0x4c, 0x31, 0x1c, 0x30, 0x1a, 0x06, 0x03, 0x55, 0x04, \ - 0x03, 0x0c, 0x13, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, 0x53, 0x4c, 0x20, \ - 0x54, 0x65, 0x73, 0x74, 0x20, 0x45, 0x43, 0x20, 0x43, 0x41, 0x30, 0x1e, \ - 0x17, 0x0d, 0x31, 0x39, 0x30, 0x32, 0x31, 0x30, 0x31, 0x34, 0x34, 0x34, \ - 0x30, 0x30, 0x5a, 0x17, 0x0d, 0x32, 0x39, 0x30, 0x32, 0x31, 0x30, 0x31, \ - 0x34, 0x34, 0x34, 0x30, 0x30, 0x5a, 0x30, 0x41, 0x31, 0x0b, 0x30, 0x09, \ - 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, 0x30, \ - 0x0f, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x08, 0x50, 0x6f, 0x6c, 0x61, \ - 0x72, 0x53, 0x53, 0x4c, 0x31, 0x1f, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x04, \ - 0x03, 0x0c, 0x16, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, 0x53, 0x4c, 0x20, \ - 0x54, 0x65, 0x73, 0x74, 0x20, 0x43, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x20, \ - 0x32, 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, \ - 0x02, 0x01, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, \ - 0x03, 0x42, 0x00, 0x04, 0x57, 0xe5, 0xae, 0xb1, 0x73, 0xdf, 0xd3, 0xac, \ - 0xbb, 0x93, 0xb8, 0x81, 0xff, 0x12, 0xae, 0xee, 0xe6, 0x53, 0xac, 0xce, \ - 0x55, 0x53, 0xf6, 0x34, 0x0e, 0xcc, 0x2e, 0xe3, 0x63, 0x25, 0x0b, 0xdf, \ - 0x98, 0xe2, 0xf3, 0x5c, 0x60, 0x36, 0x96, 0xc0, 0xd5, 0x18, 0x14, 0x70, \ - 0xe5, 0x7f, 0x9f, 0xd5, 0x4b, 0x45, 0x18, 0xe5, 0xb0, 0x6c, 0xd5, 0x5c, \ - 0xf8, 0x96, 0x8f, 0x87, 0x70, 0xa3, 0xe4, 0xc7, 0xa3, 0x4d, 0x30, 0x4b, \ - 0x30, 0x09, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x04, 0x02, 0x30, 0x00, 0x30, \ - 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0x7a, 0x00, \ - 0x5f, 0x86, 0x64, 0xfc, 0xe0, 0x5d, 0xe5, 0x11, 0x10, 0x3b, 0xb2, 0xe6, \ - 0x3b, 0xc4, 0x26, 0x3f, 0xcf, 0xe2, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, \ - 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, 0x14, 0x9d, 0x6d, 0x20, 0x24, 0x49, \ - 0x01, 0x3f, 0x2b, 0xcb, 0x78, 0xb5, 0x19, 0xbc, 0x7e, 0x24, 0xc9, 0xdb, \ - 0xfb, 0x36, 0x7c, 0x30, 0x0c, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, \ - 0x04, 0x03, 0x02, 0x05, 0x00, 0x03, 0x68, 0x00, 0x30, 0x65, 0x02, 0x31, \ - 0x00, 0xca, 0xa6, 0x7b, 0x80, 0xca, 0x32, 0x57, 0x54, 0x96, 0x99, 0x43, \ - 0x11, 0x3f, 0x50, 0xe8, 0x4a, 0x6d, 0xad, 0xee, 0xee, 0x51, 0x62, 0xa1, \ - 0xb0, 0xb3, 0x85, 0xfb, 0x33, 0xe4, 0x28, 0x39, 0x5f, 0xce, 0x92, 0x24, \ - 0x25, 0x81, 0x05, 0x81, 0xc9, 0x68, 0x0c, 0x71, 0x98, 0xc3, 0xcd, 0x2e, \ - 0x22, 0x02, 0x30, 0x35, 0xfb, 0x72, 0x3d, 0x7b, 0x1a, 0x6d, 0x3a, 0x8c, \ - 0x33, 0xb8, 0x84, 0x1e, 0x05, 0x69, 0x5f, 0xf1, 0x91, 0xa3, 0x32, 0xa4, \ - 0x95, 0x8f, 0x72, 0x40, 0x8f, 0xf9, 0x7a, 0x80, 0x3a, 0x80, 0x65, 0xbb, \ - 0x63, 0xe8, 0xa6, 0xb8, 0x64, 0x7f, 0xa1, 0xaa, 0x39, 0xc9, 0x23, 0x9b, \ - 0x6b, 0xd5, 0x64 \ -} -/* END FILE */ - -/* This is taken from data_files/cli2.key. */ -/* BEGIN FILE string macro TEST_CLI_KEY_EC_PEM data_files/cli2.key */ -#define TEST_CLI_KEY_EC_PEM \ - "-----BEGIN EC PRIVATE KEY-----\r\n" \ - "MHcCAQEEIPb3hmTxZ3/mZI3vyk7p3U3wBf+WIop6hDhkFzJhmLcqoAoGCCqGSM49\r\n" \ - "AwEHoUQDQgAEV+WusXPf06y7k7iB/xKu7uZTrM5VU/Y0Dswu42MlC9+Y4vNcYDaW\r\n" \ - "wNUYFHDlf5/VS0UY5bBs1Vz4lo+HcKPkxw==\r\n" \ - "-----END EC PRIVATE KEY-----\r\n" -/* END FILE */ - -/* This is generated from data_files/cli2.key.der. */ -/* BEGIN FILE binary macro TEST_CLI_KEY_EC_DER data_files/cli2.key.der */ -#define TEST_CLI_KEY_EC_DER { \ - 0x30, 0x77, 0x02, 0x01, 0x01, 0x04, 0x20, 0xf6, 0xf7, 0x86, 0x64, 0xf1, \ - 0x67, 0x7f, 0xe6, 0x64, 0x8d, 0xef, 0xca, 0x4e, 0xe9, 0xdd, 0x4d, 0xf0, \ - 0x05, 0xff, 0x96, 0x22, 0x8a, 0x7a, 0x84, 0x38, 0x64, 0x17, 0x32, 0x61, \ - 0x98, 0xb7, 0x2a, 0xa0, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, \ - 0x03, 0x01, 0x07, 0xa1, 0x44, 0x03, 0x42, 0x00, 0x04, 0x57, 0xe5, 0xae, \ - 0xb1, 0x73, 0xdf, 0xd3, 0xac, 0xbb, 0x93, 0xb8, 0x81, 0xff, 0x12, 0xae, \ - 0xee, 0xe6, 0x53, 0xac, 0xce, 0x55, 0x53, 0xf6, 0x34, 0x0e, 0xcc, 0x2e, \ - 0xe3, 0x63, 0x25, 0x0b, 0xdf, 0x98, 0xe2, 0xf3, 0x5c, 0x60, 0x36, 0x96, \ - 0xc0, 0xd5, 0x18, 0x14, 0x70, 0xe5, 0x7f, 0x9f, 0xd5, 0x4b, 0x45, 0x18, \ - 0xe5, 0xb0, 0x6c, 0xd5, 0x5c, 0xf8, 0x96, 0x8f, 0x87, 0x70, 0xa3, 0xe4, \ - 0xc7 \ -} -/* END FILE */ - -/* This is taken from data_files/cli-rsa-sha256.crt. */ -/* BEGIN FILE string macro TEST_CLI_CRT_RSA_PEM data_files/cli-rsa-sha256.crt */ -#define TEST_CLI_CRT_RSA_PEM \ - "-----BEGIN CERTIFICATE-----\r\n" \ - "MIIDPzCCAiegAwIBAgIBBDANBgkqhkiG9w0BAQsFADA7MQswCQYDVQQGEwJOTDER\r\n" \ - "MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN\r\n" \ - "MTkwMjEwMTQ0NDA2WhcNMjkwMjEwMTQ0NDA2WjA8MQswCQYDVQQGEwJOTDERMA8G\r\n" \ - "A1UECgwIUG9sYXJTU0wxGjAYBgNVBAMMEVBvbGFyU1NMIENsaWVudCAyMIIBIjAN\r\n" \ - "BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyHTEzLn5tXnpRdkUYLB9u5Pyax6f\r\n" \ - "M60Nj4o8VmXl3ETZzGaFB9X4J7BKNdBjngpuG7fa8H6r7gwQk4ZJGDTzqCrSV/Uu\r\n" \ - "1C93KYRhTYJQj6eVSHD1bk2y1RPD0hrt5kPqQhTrdOrA7R/UV06p86jt0uDBMHEw\r\n" \ - "MjDV0/YI0FZPRo7yX/k9Z5GIMC5Cst99++UMd//sMcB4j7/Cf8qtbCHWjdmLao5v\r\n" \ - "4Jv4EFbMs44TFeY0BGbH7vk2DmqV9gmaBmf0ZXH4yqSxJeD+PIs1BGe64E92hfx/\r\n" \ - "/DZrtenNLQNiTrM9AM+vdqBpVoNq0qjU51Bx5rU2BXcFbXvI5MT9TNUhXwIDAQAB\r\n" \ - "o00wSzAJBgNVHRMEAjAAMB0GA1UdDgQWBBRxoQBzckAvVHZeM/xSj7zx3WtGITAf\r\n" \ - "BgNVHSMEGDAWgBS0WuSls97SUva51aaVD+s+vMf9/zANBgkqhkiG9w0BAQsFAAOC\r\n" \ - "AQEAXidv1d4pLlBiKWED95rMycBdgDcgyNqJxakFkRfRyA2y1mlyTn7uBXRkNLY5\r\n" \ - "ZFzK82GCjk2Q2OD4RZSCPAJJqLpHHU34t71ciffvy2KK81YvrxczRhMAE64i+qna\r\n" \ - "yP3Td2XuWJR05PVPoSemsNELs9gWttdnYy3ce+EY2Y0n7Rsi7982EeLIAA7H6ca4\r\n" \ - "2Es/NUH//JZJT32OP0doMxeDRA+vplkKqTLLWf7dX26LIriBkBaRCgR5Yv9LBPFc\r\n" \ - "NOtpzu/LbrY7QFXKJMI+JXDudCsOn8KCmiA4d6Emisqfh3V3485l7HEQNcvLTxlD\r\n" \ - "6zDQyi0/ykYUYZkwQTK1N2Nvlw==\r\n" \ - "-----END CERTIFICATE-----\r\n" -/* END FILE */ - -/* This is generated from data_files/cli-rsa-sha256.crt.der. */ -/* BEGIN FILE binary macro TEST_CLI_CRT_RSA_DER data_files/cli-rsa-sha256.crt.der */ -#define TEST_CLI_CRT_RSA_DER { \ - 0x30, 0x82, 0x03, 0x3f, 0x30, 0x82, 0x02, 0x27, 0xa0, 0x03, 0x02, 0x01, \ - 0x02, 0x02, 0x01, 0x04, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, \ - 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x30, 0x3b, 0x31, 0x0b, 0x30, \ - 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, \ - 0x30, 0x0f, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x08, 0x50, 0x6f, 0x6c, \ - 0x61, 0x72, 0x53, 0x53, 0x4c, 0x31, 0x19, 0x30, 0x17, 0x06, 0x03, 0x55, \ - 0x04, 0x03, 0x0c, 0x10, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, 0x53, 0x4c, \ - 0x20, 0x54, 0x65, 0x73, 0x74, 0x20, 0x43, 0x41, 0x30, 0x1e, 0x17, 0x0d, \ - 0x31, 0x39, 0x30, 0x32, 0x31, 0x30, 0x31, 0x34, 0x34, 0x34, 0x30, 0x36, \ - 0x5a, 0x17, 0x0d, 0x32, 0x39, 0x30, 0x32, 0x31, 0x30, 0x31, 0x34, 0x34, \ - 0x34, 0x30, 0x36, 0x5a, 0x30, 0x3c, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, \ - 0x55, 0x04, 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, 0x30, 0x0f, 0x06, \ - 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x08, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, \ - 0x53, 0x4c, 0x31, 0x1a, 0x30, 0x18, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, \ - 0x11, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, 0x53, 0x4c, 0x20, 0x43, 0x6c, \ - 0x69, 0x65, 0x6e, 0x74, 0x20, 0x32, 0x30, 0x82, 0x01, 0x22, 0x30, 0x0d, \ - 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, \ - 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30, 0x82, 0x01, 0x0a, 0x02, 0x82, \ - 0x01, 0x01, 0x00, 0xc8, 0x74, 0xc4, 0xcc, 0xb9, 0xf9, 0xb5, 0x79, 0xe9, \ - 0x45, 0xd9, 0x14, 0x60, 0xb0, 0x7d, 0xbb, 0x93, 0xf2, 0x6b, 0x1e, 0x9f, \ - 0x33, 0xad, 0x0d, 0x8f, 0x8a, 0x3c, 0x56, 0x65, 0xe5, 0xdc, 0x44, 0xd9, \ - 0xcc, 0x66, 0x85, 0x07, 0xd5, 0xf8, 0x27, 0xb0, 0x4a, 0x35, 0xd0, 0x63, \ - 0x9e, 0x0a, 0x6e, 0x1b, 0xb7, 0xda, 0xf0, 0x7e, 0xab, 0xee, 0x0c, 0x10, \ - 0x93, 0x86, 0x49, 0x18, 0x34, 0xf3, 0xa8, 0x2a, 0xd2, 0x57, 0xf5, 0x2e, \ - 0xd4, 0x2f, 0x77, 0x29, 0x84, 0x61, 0x4d, 0x82, 0x50, 0x8f, 0xa7, 0x95, \ - 0x48, 0x70, 0xf5, 0x6e, 0x4d, 0xb2, 0xd5, 0x13, 0xc3, 0xd2, 0x1a, 0xed, \ - 0xe6, 0x43, 0xea, 0x42, 0x14, 0xeb, 0x74, 0xea, 0xc0, 0xed, 0x1f, 0xd4, \ - 0x57, 0x4e, 0xa9, 0xf3, 0xa8, 0xed, 0xd2, 0xe0, 0xc1, 0x30, 0x71, 0x30, \ - 0x32, 0x30, 0xd5, 0xd3, 0xf6, 0x08, 0xd0, 0x56, 0x4f, 0x46, 0x8e, 0xf2, \ - 0x5f, 0xf9, 0x3d, 0x67, 0x91, 0x88, 0x30, 0x2e, 0x42, 0xb2, 0xdf, 0x7d, \ - 0xfb, 0xe5, 0x0c, 0x77, 0xff, 0xec, 0x31, 0xc0, 0x78, 0x8f, 0xbf, 0xc2, \ - 0x7f, 0xca, 0xad, 0x6c, 0x21, 0xd6, 0x8d, 0xd9, 0x8b, 0x6a, 0x8e, 0x6f, \ - 0xe0, 0x9b, 0xf8, 0x10, 0x56, 0xcc, 0xb3, 0x8e, 0x13, 0x15, 0xe6, 0x34, \ - 0x04, 0x66, 0xc7, 0xee, 0xf9, 0x36, 0x0e, 0x6a, 0x95, 0xf6, 0x09, 0x9a, \ - 0x06, 0x67, 0xf4, 0x65, 0x71, 0xf8, 0xca, 0xa4, 0xb1, 0x25, 0xe0, 0xfe, \ - 0x3c, 0x8b, 0x35, 0x04, 0x67, 0xba, 0xe0, 0x4f, 0x76, 0x85, 0xfc, 0x7f, \ - 0xfc, 0x36, 0x6b, 0xb5, 0xe9, 0xcd, 0x2d, 0x03, 0x62, 0x4e, 0xb3, 0x3d, \ - 0x00, 0xcf, 0xaf, 0x76, 0xa0, 0x69, 0x56, 0x83, 0x6a, 0xd2, 0xa8, 0xd4, \ - 0xe7, 0x50, 0x71, 0xe6, 0xb5, 0x36, 0x05, 0x77, 0x05, 0x6d, 0x7b, 0xc8, \ - 0xe4, 0xc4, 0xfd, 0x4c, 0xd5, 0x21, 0x5f, 0x02, 0x03, 0x01, 0x00, 0x01, \ - 0xa3, 0x4d, 0x30, 0x4b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x04, \ - 0x02, 0x30, 0x00, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, \ - 0x04, 0x14, 0x71, 0xa1, 0x00, 0x73, 0x72, 0x40, 0x2f, 0x54, 0x76, 0x5e, \ - 0x33, 0xfc, 0x52, 0x8f, 0xbc, 0xf1, 0xdd, 0x6b, 0x46, 0x21, 0x30, 0x1f, \ - 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, 0x14, 0xb4, \ - 0x5a, 0xe4, 0xa5, 0xb3, 0xde, 0xd2, 0x52, 0xf6, 0xb9, 0xd5, 0xa6, 0x95, \ - 0x0f, 0xeb, 0x3e, 0xbc, 0xc7, 0xfd, 0xff, 0x30, 0x0d, 0x06, 0x09, 0x2a, \ - 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x03, 0x82, \ - 0x01, 0x01, 0x00, 0x5e, 0x27, 0x6f, 0xd5, 0xde, 0x29, 0x2e, 0x50, 0x62, \ - 0x29, 0x61, 0x03, 0xf7, 0x9a, 0xcc, 0xc9, 0xc0, 0x5d, 0x80, 0x37, 0x20, \ - 0xc8, 0xda, 0x89, 0xc5, 0xa9, 0x05, 0x91, 0x17, 0xd1, 0xc8, 0x0d, 0xb2, \ - 0xd6, 0x69, 0x72, 0x4e, 0x7e, 0xee, 0x05, 0x74, 0x64, 0x34, 0xb6, 0x39, \ - 0x64, 0x5c, 0xca, 0xf3, 0x61, 0x82, 0x8e, 0x4d, 0x90, 0xd8, 0xe0, 0xf8, \ - 0x45, 0x94, 0x82, 0x3c, 0x02, 0x49, 0xa8, 0xba, 0x47, 0x1d, 0x4d, 0xf8, \ - 0xb7, 0xbd, 0x5c, 0x89, 0xf7, 0xef, 0xcb, 0x62, 0x8a, 0xf3, 0x56, 0x2f, \ - 0xaf, 0x17, 0x33, 0x46, 0x13, 0x00, 0x13, 0xae, 0x22, 0xfa, 0xa9, 0xda, \ - 0xc8, 0xfd, 0xd3, 0x77, 0x65, 0xee, 0x58, 0x94, 0x74, 0xe4, 0xf5, 0x4f, \ - 0xa1, 0x27, 0xa6, 0xb0, 0xd1, 0x0b, 0xb3, 0xd8, 0x16, 0xb6, 0xd7, 0x67, \ - 0x63, 0x2d, 0xdc, 0x7b, 0xe1, 0x18, 0xd9, 0x8d, 0x27, 0xed, 0x1b, 0x22, \ - 0xef, 0xdf, 0x36, 0x11, 0xe2, 0xc8, 0x00, 0x0e, 0xc7, 0xe9, 0xc6, 0xb8, \ - 0xd8, 0x4b, 0x3f, 0x35, 0x41, 0xff, 0xfc, 0x96, 0x49, 0x4f, 0x7d, 0x8e, \ - 0x3f, 0x47, 0x68, 0x33, 0x17, 0x83, 0x44, 0x0f, 0xaf, 0xa6, 0x59, 0x0a, \ - 0xa9, 0x32, 0xcb, 0x59, 0xfe, 0xdd, 0x5f, 0x6e, 0x8b, 0x22, 0xb8, 0x81, \ - 0x90, 0x16, 0x91, 0x0a, 0x04, 0x79, 0x62, 0xff, 0x4b, 0x04, 0xf1, 0x5c, \ - 0x34, 0xeb, 0x69, 0xce, 0xef, 0xcb, 0x6e, 0xb6, 0x3b, 0x40, 0x55, 0xca, \ - 0x24, 0xc2, 0x3e, 0x25, 0x70, 0xee, 0x74, 0x2b, 0x0e, 0x9f, 0xc2, 0x82, \ - 0x9a, 0x20, 0x38, 0x77, 0xa1, 0x26, 0x8a, 0xca, 0x9f, 0x87, 0x75, 0x77, \ - 0xe3, 0xce, 0x65, 0xec, 0x71, 0x10, 0x35, 0xcb, 0xcb, 0x4f, 0x19, 0x43, \ - 0xeb, 0x30, 0xd0, 0xca, 0x2d, 0x3f, 0xca, 0x46, 0x14, 0x61, 0x99, 0x30, \ - 0x41, 0x32, 0xb5, 0x37, 0x63, 0x6f, 0x97 \ -} -/* END FILE */ - -/* This is taken from data_files/cli-rsa.key. */ -/* BEGIN FILE string macro TEST_CLI_KEY_RSA_PEM data_files/cli-rsa.key */ -#define TEST_CLI_KEY_RSA_PEM \ - "-----BEGIN RSA PRIVATE KEY-----\r\n" \ - "MIIEpAIBAAKCAQEAyHTEzLn5tXnpRdkUYLB9u5Pyax6fM60Nj4o8VmXl3ETZzGaF\r\n" \ - "B9X4J7BKNdBjngpuG7fa8H6r7gwQk4ZJGDTzqCrSV/Uu1C93KYRhTYJQj6eVSHD1\r\n" \ - "bk2y1RPD0hrt5kPqQhTrdOrA7R/UV06p86jt0uDBMHEwMjDV0/YI0FZPRo7yX/k9\r\n" \ - "Z5GIMC5Cst99++UMd//sMcB4j7/Cf8qtbCHWjdmLao5v4Jv4EFbMs44TFeY0BGbH\r\n" \ - "7vk2DmqV9gmaBmf0ZXH4yqSxJeD+PIs1BGe64E92hfx//DZrtenNLQNiTrM9AM+v\r\n" \ - "dqBpVoNq0qjU51Bx5rU2BXcFbXvI5MT9TNUhXwIDAQABAoIBAGdNtfYDiap6bzst\r\n" \ - "yhCiI8m9TtrhZw4MisaEaN/ll3XSjaOG2dvV6xMZCMV+5TeXDHOAZnY18Yi18vzz\r\n" \ - "4Ut2TnNFzizCECYNaA2fST3WgInnxUkV3YXAyP6CNxJaCmv2aA0yFr2kFVSeaKGt\r\n" \ - "ymvljNp2NVkvm7Th8fBQBO7I7AXhz43k0mR7XmPgewe8ApZOG3hstkOaMvbWAvWA\r\n" \ - "zCZupdDjZYjOJqlA4eEA4H8/w7F83r5CugeBE8LgEREjLPiyejrU5H1fubEY+h0d\r\n" \ - "l5HZBJ68ybTXfQ5U9o/QKA3dd0toBEhhdRUDGzWtjvwkEQfqF1reGWj/tod/gCpf\r\n" \ - "DFi6X0ECgYEA4wOv/pjSC3ty6TuOvKX2rOUiBrLXXv2JSxZnMoMiWI5ipLQt+RYT\r\n" \ - "VPafL/m7Dn6MbwjayOkcZhBwk5CNz5A6Q4lJ64Mq/lqHznRCQQ2Mc1G8eyDF/fYL\r\n" \ - "Ze2pLvwP9VD5jTc2miDfw+MnvJhywRRLcemDFP8k4hQVtm8PMp3ZmNECgYEA4gz7\r\n" \ - "wzObR4gn8ibe617uQPZjWzUj9dUHYd+in1gwBCIrtNnaRn9I9U/Q6tegRYpii4ys\r\n" \ - "c176NmU+umy6XmuSKV5qD9bSpZWG2nLFnslrN15Lm3fhZxoeMNhBaEDTnLT26yoi\r\n" \ - "33gp0mSSWy94ZEqipms+ULF6sY1ZtFW6tpGFoy8CgYAQHhnnvJflIs2ky4q10B60\r\n" \ - "ZcxFp3rtDpkp0JxhFLhiizFrujMtZSjYNm5U7KkgPVHhLELEUvCmOnKTt4ap/vZ0\r\n" \ - "BxJNe1GZH3pW6SAvGDQpl9sG7uu/vTFP+lCxukmzxB0DrrDcvorEkKMom7ZCCRvW\r\n" \ - "KZsZ6YeH2Z81BauRj218kQKBgQCUV/DgKP2985xDTT79N08jUo3hTP5MVYCCuj/+\r\n" \ - "UeEw1TvZcx3LJby7P6Xad6a1/BqveaGyFKIfEFIaBUBItk801sDDpDaYc4gL00Xc\r\n" \ - "7lFuBHOZkxJYlss5QrGpuOEl9ZwUt5IrFLBdYaKqNHzNVC1pCPfb/JyH6Dr2HUxq\r\n" \ - "gxUwAQKBgQCcU6G2L8AG9d9c0UpOyL1tMvFe5Ttw0KjlQVdsh1MP6yigYo9DYuwu\r\n" \ - "bHFVW2r0dBTqegP2/KTOxKzaHfC1qf0RGDsUoJCNJrd1cwoCLG8P2EF4w3OBrKqv\r\n" \ - "8u4ytY0F+Vlanj5lm3TaoHSVF1+NWPyOTiwevIECGKwSxvlki4fDAA==\r\n" \ - "-----END RSA PRIVATE KEY-----\r\n" -/* END FILE */ - -/* This is generated from data_files/cli-rsa.key.der. */ -/* BEGIN FILE binary macro TEST_CLI_KEY_RSA_DER data_files/cli-rsa.key.der */ -#define TEST_CLI_KEY_RSA_DER { \ - 0x30, 0x82, 0x04, 0xa4, 0x02, 0x01, 0x00, 0x02, 0x82, 0x01, 0x01, 0x00, \ - 0xc8, 0x74, 0xc4, 0xcc, 0xb9, 0xf9, 0xb5, 0x79, 0xe9, 0x45, 0xd9, 0x14, \ - 0x60, 0xb0, 0x7d, 0xbb, 0x93, 0xf2, 0x6b, 0x1e, 0x9f, 0x33, 0xad, 0x0d, \ - 0x8f, 0x8a, 0x3c, 0x56, 0x65, 0xe5, 0xdc, 0x44, 0xd9, 0xcc, 0x66, 0x85, \ - 0x07, 0xd5, 0xf8, 0x27, 0xb0, 0x4a, 0x35, 0xd0, 0x63, 0x9e, 0x0a, 0x6e, \ - 0x1b, 0xb7, 0xda, 0xf0, 0x7e, 0xab, 0xee, 0x0c, 0x10, 0x93, 0x86, 0x49, \ - 0x18, 0x34, 0xf3, 0xa8, 0x2a, 0xd2, 0x57, 0xf5, 0x2e, 0xd4, 0x2f, 0x77, \ - 0x29, 0x84, 0x61, 0x4d, 0x82, 0x50, 0x8f, 0xa7, 0x95, 0x48, 0x70, 0xf5, \ - 0x6e, 0x4d, 0xb2, 0xd5, 0x13, 0xc3, 0xd2, 0x1a, 0xed, 0xe6, 0x43, 0xea, \ - 0x42, 0x14, 0xeb, 0x74, 0xea, 0xc0, 0xed, 0x1f, 0xd4, 0x57, 0x4e, 0xa9, \ - 0xf3, 0xa8, 0xed, 0xd2, 0xe0, 0xc1, 0x30, 0x71, 0x30, 0x32, 0x30, 0xd5, \ - 0xd3, 0xf6, 0x08, 0xd0, 0x56, 0x4f, 0x46, 0x8e, 0xf2, 0x5f, 0xf9, 0x3d, \ - 0x67, 0x91, 0x88, 0x30, 0x2e, 0x42, 0xb2, 0xdf, 0x7d, 0xfb, 0xe5, 0x0c, \ - 0x77, 0xff, 0xec, 0x31, 0xc0, 0x78, 0x8f, 0xbf, 0xc2, 0x7f, 0xca, 0xad, \ - 0x6c, 0x21, 0xd6, 0x8d, 0xd9, 0x8b, 0x6a, 0x8e, 0x6f, 0xe0, 0x9b, 0xf8, \ - 0x10, 0x56, 0xcc, 0xb3, 0x8e, 0x13, 0x15, 0xe6, 0x34, 0x04, 0x66, 0xc7, \ - 0xee, 0xf9, 0x36, 0x0e, 0x6a, 0x95, 0xf6, 0x09, 0x9a, 0x06, 0x67, 0xf4, \ - 0x65, 0x71, 0xf8, 0xca, 0xa4, 0xb1, 0x25, 0xe0, 0xfe, 0x3c, 0x8b, 0x35, \ - 0x04, 0x67, 0xba, 0xe0, 0x4f, 0x76, 0x85, 0xfc, 0x7f, 0xfc, 0x36, 0x6b, \ - 0xb5, 0xe9, 0xcd, 0x2d, 0x03, 0x62, 0x4e, 0xb3, 0x3d, 0x00, 0xcf, 0xaf, \ - 0x76, 0xa0, 0x69, 0x56, 0x83, 0x6a, 0xd2, 0xa8, 0xd4, 0xe7, 0x50, 0x71, \ - 0xe6, 0xb5, 0x36, 0x05, 0x77, 0x05, 0x6d, 0x7b, 0xc8, 0xe4, 0xc4, 0xfd, \ - 0x4c, 0xd5, 0x21, 0x5f, 0x02, 0x03, 0x01, 0x00, 0x01, 0x02, 0x82, 0x01, \ - 0x00, 0x67, 0x4d, 0xb5, 0xf6, 0x03, 0x89, 0xaa, 0x7a, 0x6f, 0x3b, 0x2d, \ - 0xca, 0x10, 0xa2, 0x23, 0xc9, 0xbd, 0x4e, 0xda, 0xe1, 0x67, 0x0e, 0x0c, \ - 0x8a, 0xc6, 0x84, 0x68, 0xdf, 0xe5, 0x97, 0x75, 0xd2, 0x8d, 0xa3, 0x86, \ - 0xd9, 0xdb, 0xd5, 0xeb, 0x13, 0x19, 0x08, 0xc5, 0x7e, 0xe5, 0x37, 0x97, \ - 0x0c, 0x73, 0x80, 0x66, 0x76, 0x35, 0xf1, 0x88, 0xb5, 0xf2, 0xfc, 0xf3, \ - 0xe1, 0x4b, 0x76, 0x4e, 0x73, 0x45, 0xce, 0x2c, 0xc2, 0x10, 0x26, 0x0d, \ - 0x68, 0x0d, 0x9f, 0x49, 0x3d, 0xd6, 0x80, 0x89, 0xe7, 0xc5, 0x49, 0x15, \ - 0xdd, 0x85, 0xc0, 0xc8, 0xfe, 0x82, 0x37, 0x12, 0x5a, 0x0a, 0x6b, 0xf6, \ - 0x68, 0x0d, 0x32, 0x16, 0xbd, 0xa4, 0x15, 0x54, 0x9e, 0x68, 0xa1, 0xad, \ - 0xca, 0x6b, 0xe5, 0x8c, 0xda, 0x76, 0x35, 0x59, 0x2f, 0x9b, 0xb4, 0xe1, \ - 0xf1, 0xf0, 0x50, 0x04, 0xee, 0xc8, 0xec, 0x05, 0xe1, 0xcf, 0x8d, 0xe4, \ - 0xd2, 0x64, 0x7b, 0x5e, 0x63, 0xe0, 0x7b, 0x07, 0xbc, 0x02, 0x96, 0x4e, \ - 0x1b, 0x78, 0x6c, 0xb6, 0x43, 0x9a, 0x32, 0xf6, 0xd6, 0x02, 0xf5, 0x80, \ - 0xcc, 0x26, 0x6e, 0xa5, 0xd0, 0xe3, 0x65, 0x88, 0xce, 0x26, 0xa9, 0x40, \ - 0xe1, 0xe1, 0x00, 0xe0, 0x7f, 0x3f, 0xc3, 0xb1, 0x7c, 0xde, 0xbe, 0x42, \ - 0xba, 0x07, 0x81, 0x13, 0xc2, 0xe0, 0x11, 0x11, 0x23, 0x2c, 0xf8, 0xb2, \ - 0x7a, 0x3a, 0xd4, 0xe4, 0x7d, 0x5f, 0xb9, 0xb1, 0x18, 0xfa, 0x1d, 0x1d, \ - 0x97, 0x91, 0xd9, 0x04, 0x9e, 0xbc, 0xc9, 0xb4, 0xd7, 0x7d, 0x0e, 0x54, \ - 0xf6, 0x8f, 0xd0, 0x28, 0x0d, 0xdd, 0x77, 0x4b, 0x68, 0x04, 0x48, 0x61, \ - 0x75, 0x15, 0x03, 0x1b, 0x35, 0xad, 0x8e, 0xfc, 0x24, 0x11, 0x07, 0xea, \ - 0x17, 0x5a, 0xde, 0x19, 0x68, 0xff, 0xb6, 0x87, 0x7f, 0x80, 0x2a, 0x5f, \ - 0x0c, 0x58, 0xba, 0x5f, 0x41, 0x02, 0x81, 0x81, 0x00, 0xe3, 0x03, 0xaf, \ - 0xfe, 0x98, 0xd2, 0x0b, 0x7b, 0x72, 0xe9, 0x3b, 0x8e, 0xbc, 0xa5, 0xf6, \ - 0xac, 0xe5, 0x22, 0x06, 0xb2, 0xd7, 0x5e, 0xfd, 0x89, 0x4b, 0x16, 0x67, \ - 0x32, 0x83, 0x22, 0x58, 0x8e, 0x62, 0xa4, 0xb4, 0x2d, 0xf9, 0x16, 0x13, \ - 0x54, 0xf6, 0x9f, 0x2f, 0xf9, 0xbb, 0x0e, 0x7e, 0x8c, 0x6f, 0x08, 0xda, \ - 0xc8, 0xe9, 0x1c, 0x66, 0x10, 0x70, 0x93, 0x90, 0x8d, 0xcf, 0x90, 0x3a, \ - 0x43, 0x89, 0x49, 0xeb, 0x83, 0x2a, 0xfe, 0x5a, 0x87, 0xce, 0x74, 0x42, \ - 0x41, 0x0d, 0x8c, 0x73, 0x51, 0xbc, 0x7b, 0x20, 0xc5, 0xfd, 0xf6, 0x0b, \ - 0x65, 0xed, 0xa9, 0x2e, 0xfc, 0x0f, 0xf5, 0x50, 0xf9, 0x8d, 0x37, 0x36, \ - 0x9a, 0x20, 0xdf, 0xc3, 0xe3, 0x27, 0xbc, 0x98, 0x72, 0xc1, 0x14, 0x4b, \ - 0x71, 0xe9, 0x83, 0x14, 0xff, 0x24, 0xe2, 0x14, 0x15, 0xb6, 0x6f, 0x0f, \ - 0x32, 0x9d, 0xd9, 0x98, 0xd1, 0x02, 0x81, 0x81, 0x00, 0xe2, 0x0c, 0xfb, \ - 0xc3, 0x33, 0x9b, 0x47, 0x88, 0x27, 0xf2, 0x26, 0xde, 0xeb, 0x5e, 0xee, \ - 0x40, 0xf6, 0x63, 0x5b, 0x35, 0x23, 0xf5, 0xd5, 0x07, 0x61, 0xdf, 0xa2, \ - 0x9f, 0x58, 0x30, 0x04, 0x22, 0x2b, 0xb4, 0xd9, 0xda, 0x46, 0x7f, 0x48, \ - 0xf5, 0x4f, 0xd0, 0xea, 0xd7, 0xa0, 0x45, 0x8a, 0x62, 0x8b, 0x8c, 0xac, \ - 0x73, 0x5e, 0xfa, 0x36, 0x65, 0x3e, 0xba, 0x6c, 0xba, 0x5e, 0x6b, 0x92, \ - 0x29, 0x5e, 0x6a, 0x0f, 0xd6, 0xd2, 0xa5, 0x95, 0x86, 0xda, 0x72, 0xc5, \ - 0x9e, 0xc9, 0x6b, 0x37, 0x5e, 0x4b, 0x9b, 0x77, 0xe1, 0x67, 0x1a, 0x1e, \ - 0x30, 0xd8, 0x41, 0x68, 0x40, 0xd3, 0x9c, 0xb4, 0xf6, 0xeb, 0x2a, 0x22, \ - 0xdf, 0x78, 0x29, 0xd2, 0x64, 0x92, 0x5b, 0x2f, 0x78, 0x64, 0x4a, 0xa2, \ - 0xa6, 0x6b, 0x3e, 0x50, 0xb1, 0x7a, 0xb1, 0x8d, 0x59, 0xb4, 0x55, 0xba, \ - 0xb6, 0x91, 0x85, 0xa3, 0x2f, 0x02, 0x81, 0x80, 0x10, 0x1e, 0x19, 0xe7, \ - 0xbc, 0x97, 0xe5, 0x22, 0xcd, 0xa4, 0xcb, 0x8a, 0xb5, 0xd0, 0x1e, 0xb4, \ - 0x65, 0xcc, 0x45, 0xa7, 0x7a, 0xed, 0x0e, 0x99, 0x29, 0xd0, 0x9c, 0x61, \ - 0x14, 0xb8, 0x62, 0x8b, 0x31, 0x6b, 0xba, 0x33, 0x2d, 0x65, 0x28, 0xd8, \ - 0x36, 0x6e, 0x54, 0xec, 0xa9, 0x20, 0x3d, 0x51, 0xe1, 0x2c, 0x42, 0xc4, \ - 0x52, 0xf0, 0xa6, 0x3a, 0x72, 0x93, 0xb7, 0x86, 0xa9, 0xfe, 0xf6, 0x74, \ - 0x07, 0x12, 0x4d, 0x7b, 0x51, 0x99, 0x1f, 0x7a, 0x56, 0xe9, 0x20, 0x2f, \ - 0x18, 0x34, 0x29, 0x97, 0xdb, 0x06, 0xee, 0xeb, 0xbf, 0xbd, 0x31, 0x4f, \ - 0xfa, 0x50, 0xb1, 0xba, 0x49, 0xb3, 0xc4, 0x1d, 0x03, 0xae, 0xb0, 0xdc, \ - 0xbe, 0x8a, 0xc4, 0x90, 0xa3, 0x28, 0x9b, 0xb6, 0x42, 0x09, 0x1b, 0xd6, \ - 0x29, 0x9b, 0x19, 0xe9, 0x87, 0x87, 0xd9, 0x9f, 0x35, 0x05, 0xab, 0x91, \ - 0x8f, 0x6d, 0x7c, 0x91, 0x02, 0x81, 0x81, 0x00, 0x94, 0x57, 0xf0, 0xe0, \ - 0x28, 0xfd, 0xbd, 0xf3, 0x9c, 0x43, 0x4d, 0x3e, 0xfd, 0x37, 0x4f, 0x23, \ - 0x52, 0x8d, 0xe1, 0x4c, 0xfe, 0x4c, 0x55, 0x80, 0x82, 0xba, 0x3f, 0xfe, \ - 0x51, 0xe1, 0x30, 0xd5, 0x3b, 0xd9, 0x73, 0x1d, 0xcb, 0x25, 0xbc, 0xbb, \ - 0x3f, 0xa5, 0xda, 0x77, 0xa6, 0xb5, 0xfc, 0x1a, 0xaf, 0x79, 0xa1, 0xb2, \ - 0x14, 0xa2, 0x1f, 0x10, 0x52, 0x1a, 0x05, 0x40, 0x48, 0xb6, 0x4f, 0x34, \ - 0xd6, 0xc0, 0xc3, 0xa4, 0x36, 0x98, 0x73, 0x88, 0x0b, 0xd3, 0x45, 0xdc, \ - 0xee, 0x51, 0x6e, 0x04, 0x73, 0x99, 0x93, 0x12, 0x58, 0x96, 0xcb, 0x39, \ - 0x42, 0xb1, 0xa9, 0xb8, 0xe1, 0x25, 0xf5, 0x9c, 0x14, 0xb7, 0x92, 0x2b, \ - 0x14, 0xb0, 0x5d, 0x61, 0xa2, 0xaa, 0x34, 0x7c, 0xcd, 0x54, 0x2d, 0x69, \ - 0x08, 0xf7, 0xdb, 0xfc, 0x9c, 0x87, 0xe8, 0x3a, 0xf6, 0x1d, 0x4c, 0x6a, \ - 0x83, 0x15, 0x30, 0x01, 0x02, 0x81, 0x81, 0x00, 0x9c, 0x53, 0xa1, 0xb6, \ - 0x2f, 0xc0, 0x06, 0xf5, 0xdf, 0x5c, 0xd1, 0x4a, 0x4e, 0xc8, 0xbd, 0x6d, \ - 0x32, 0xf1, 0x5e, 0xe5, 0x3b, 0x70, 0xd0, 0xa8, 0xe5, 0x41, 0x57, 0x6c, \ - 0x87, 0x53, 0x0f, 0xeb, 0x28, 0xa0, 0x62, 0x8f, 0x43, 0x62, 0xec, 0x2e, \ - 0x6c, 0x71, 0x55, 0x5b, 0x6a, 0xf4, 0x74, 0x14, 0xea, 0x7a, 0x03, 0xf6, \ - 0xfc, 0xa4, 0xce, 0xc4, 0xac, 0xda, 0x1d, 0xf0, 0xb5, 0xa9, 0xfd, 0x11, \ - 0x18, 0x3b, 0x14, 0xa0, 0x90, 0x8d, 0x26, 0xb7, 0x75, 0x73, 0x0a, 0x02, \ - 0x2c, 0x6f, 0x0f, 0xd8, 0x41, 0x78, 0xc3, 0x73, 0x81, 0xac, 0xaa, 0xaf, \ - 0xf2, 0xee, 0x32, 0xb5, 0x8d, 0x05, 0xf9, 0x59, 0x5a, 0x9e, 0x3e, 0x65, \ - 0x9b, 0x74, 0xda, 0xa0, 0x74, 0x95, 0x17, 0x5f, 0x8d, 0x58, 0xfc, 0x8e, \ - 0x4e, 0x2c, 0x1e, 0xbc, 0x81, 0x02, 0x18, 0xac, 0x12, 0xc6, 0xf9, 0x64, \ - 0x8b, 0x87, 0xc3, 0x00 \ -} -/* END FILE */ - diff --git a/tests/src/test_keys.h b/tests/src/test_keys.h deleted file mode 100644 index ec54fe480c..0000000000 --- a/tests/src/test_keys.h +++ /dev/null @@ -1,799 +0,0 @@ -/********************************************************************************* - * This file was automatically generated from tests/scripts/generate_test_keys.py. - * Please do not edit it manually. - *********************************************************************************/ - -const unsigned char test_ec_secp192k1_priv[] = { - 0x29, 0x7a, 0xc1, 0x72, 0x2c, 0xca, 0xc7, 0x58, 0x9e, 0xcb, 0x24, 0x0d, 0xc7, 0x19, 0x84, 0x25, - 0x38, 0xca, 0x97, 0x4b, 0xeb, 0x79, 0xf2, 0x28, -}; -const unsigned char test_ec_secp192k1_pub[] = { - 0x04, 0x26, 0xb7, 0xbb, 0x38, 0xda, 0x64, 0x9a, 0xc2, 0x13, 0x8f, 0xc0, 0x50, 0xc6, 0x54, 0x8b, - 0x32, 0x55, 0x3d, 0xab, 0x68, 0xaf, 0xeb, 0xc3, 0x61, 0x05, 0xd3, 0x25, 0xb7, 0x55, 0x38, 0xc1, - 0x23, 0x23, 0xcb, 0x07, 0x64, 0x78, 0x9e, 0xcb, 0x99, 0x26, 0x71, 0xbe, 0xb2, 0xb6, 0xbe, 0xf2, - 0xf5, -}; - -const unsigned char test_ec_secp256k1_priv[] = { - 0x7f, 0xa0, 0x6f, 0xa0, 0x2d, 0x0e, 0x91, 0x1b, 0x9a, 0x47, 0xfd, 0xc1, 0x7d, 0x2d, 0x96, 0x2c, - 0xa0, 0x1e, 0x2f, 0x31, 0xd6, 0x0c, 0x62, 0x12, 0xd0, 0xed, 0x7e, 0x3b, 0xba, 0x23, 0xa7, 0xb9, -}; -const unsigned char test_ec_secp256k1_pub[] = { - 0x04, 0x5c, 0x39, 0x15, 0x45, 0x79, 0xef, 0xd6, 0x67, 0xad, 0xc7, 0x3a, 0x81, 0x01, 0x5a, 0x79, - 0x7d, 0x2c, 0x86, 0x82, 0xcd, 0xfb, 0xd3, 0xc3, 0x55, 0x3c, 0x4a, 0x18, 0x5d, 0x48, 0x1c, 0xdc, - 0x50, 0xe4, 0x2a, 0x0e, 0x1c, 0xbc, 0x3c, 0xa2, 0x9a, 0x32, 0xa6, 0x45, 0xe9, 0x27, 0xf5, 0x4b, - 0xea, 0xed, 0x14, 0xc9, 0xdb, 0xbf, 0x82, 0x79, 0xd7, 0x25, 0xf5, 0x49, 0x5c, 0xa9, 0x24, 0xb2, - 0x4d, -}; - -const unsigned char test_ec_secp192r1_priv[] = { - 0xd8, 0x3b, 0x57, 0xa5, 0x9c, 0x51, 0x35, 0x8d, 0x9c, 0x8b, 0xbb, 0x89, 0x8a, 0xff, 0x50, 0x7f, - 0x44, 0xdd, 0x14, 0xcf, 0x16, 0x91, 0x71, 0x90, -}; -const unsigned char test_ec_secp192r1_pub[] = { - 0x04, 0xe3, 0x5f, 0xcb, 0xee, 0x11, 0xce, 0xc3, 0x15, 0x4f, 0x80, 0xa1, 0xa6, 0x1d, 0xf7, 0xd7, - 0x61, 0x2d, 0xe4, 0xf2, 0xfd, 0x70, 0xc5, 0x60, 0x8d, 0x0e, 0xe3, 0xa4, 0xa1, 0xa5, 0x71, 0x94, - 0x71, 0xad, 0xb3, 0x39, 0x66, 0xdd, 0x9b, 0x03, 0x5f, 0xdb, 0x77, 0x4f, 0xee, 0xba, 0x94, 0xb0, - 0x4c, -}; - -const unsigned char test_ec_secp224r1_priv[] = { - 0x87, 0x2f, 0x20, 0x3b, 0x3a, 0xd3, 0x5b, 0x7f, 0x2e, 0xcc, 0x80, 0x3c, 0x3a, 0x0e, 0x1e, 0x0b, - 0x1e, 0xd6, 0x1c, 0xc1, 0xaf, 0xe7, 0x1b, 0x18, 0x9c, 0xd4, 0xc9, 0x95, -}; -const unsigned char test_ec_secp224r1_pub[] = { - 0x04, 0x6f, 0x00, 0xea, 0xda, 0xa9, 0x49, 0xfe, 0xe3, 0xe9, 0xe1, 0xc7, 0xfa, 0x12, 0x47, 0xee, - 0xce, 0xc8, 0x6a, 0x0d, 0xce, 0x46, 0x41, 0x8b, 0x9b, 0xd3, 0x11, 0x7b, 0x98, 0x1d, 0x4b, 0xd0, - 0xae, 0x7a, 0x99, 0x0d, 0xe9, 0x12, 0xf9, 0xd0, 0x60, 0xd6, 0xcb, 0x53, 0x1a, 0x42, 0xd2, 0x2e, - 0x39, 0x4a, 0xc2, 0x9e, 0x81, 0x80, 0x4b, 0xf1, 0x60, -}; - -const unsigned char test_ec_secp256r1_priv[] = { - 0x49, 0xc9, 0xa8, 0xc1, 0x8c, 0x4b, 0x88, 0x56, 0x38, 0xc4, 0x31, 0xcf, 0x1d, 0xf1, 0xc9, 0x94, - 0x13, 0x16, 0x09, 0xb5, 0x80, 0xd4, 0xfd, 0x43, 0xa0, 0xca, 0xb1, 0x7d, 0xb2, 0xf1, 0x3e, 0xee, -}; -const unsigned char test_ec_secp256r1_pub[] = { - 0x04, 0x77, 0x72, 0x65, 0x6f, 0x81, 0x4b, 0x39, 0x92, 0x79, 0xd5, 0xe1, 0xf1, 0x78, 0x1f, 0xac, - 0x6f, 0x09, 0x9a, 0x3c, 0x5c, 0xa1, 0xb0, 0xe3, 0x53, 0x51, 0x83, 0x4b, 0x08, 0xb6, 0x5e, 0x0b, - 0x57, 0x25, 0x90, 0xcd, 0xaf, 0x8f, 0x76, 0x93, 0x61, 0xbc, 0xf3, 0x4a, 0xcf, 0xc1, 0x1e, 0x5e, - 0x07, 0x4e, 0x84, 0x26, 0xbd, 0xde, 0x04, 0xbe, 0x6e, 0x65, 0x39, 0x45, 0x44, 0x96, 0x17, 0xde, - 0x45, -}; - -const unsigned char test_ec_secp384r1_priv[] = { - 0x3f, 0x5d, 0x8d, 0x9b, 0xe2, 0x80, 0xb5, 0x69, 0x6c, 0xc5, 0xcc, 0x9f, 0x94, 0xcf, 0x8a, 0xf7, - 0xe6, 0xb6, 0x1d, 0xd6, 0x59, 0x2b, 0x2a, 0xb2, 0xb3, 0xa4, 0xc6, 0x07, 0x45, 0x04, 0x17, 0xec, - 0x32, 0x7d, 0xcd, 0xca, 0xed, 0x7c, 0x10, 0x05, 0x3d, 0x71, 0x9a, 0x05, 0x74, 0xf0, 0xa7, 0x6a, -}; -const unsigned char test_ec_secp384r1_pub[] = { - 0x04, 0xd9, 0xc6, 0x62, 0xb5, 0x0b, 0xa2, 0x9c, 0xa4, 0x79, 0x90, 0x45, 0x0e, 0x04, 0x3a, 0xea, - 0xf4, 0xf0, 0xc6, 0x9b, 0x15, 0x67, 0x6d, 0x11, 0x2f, 0x62, 0x2a, 0x71, 0xc9, 0x30, 0x59, 0xaf, - 0x99, 0x96, 0x91, 0xc5, 0x68, 0x0d, 0x2b, 0x44, 0xd1, 0x11, 0x57, 0x9d, 0xb1, 0x2f, 0x4a, 0x41, - 0x3a, 0x2e, 0xd5, 0xc4, 0x5f, 0xcf, 0xb6, 0x7b, 0x5b, 0x63, 0xe0, 0x0b, 0x91, 0xeb, 0xe5, 0x9d, - 0x09, 0xa6, 0xb1, 0xac, 0x2c, 0x0c, 0x42, 0x82, 0xaa, 0x12, 0x31, 0x7e, 0xd5, 0x91, 0x4f, 0x99, - 0x9b, 0xc4, 0x88, 0xbb, 0x13, 0x2e, 0x83, 0x42, 0xcc, 0x36, 0xf2, 0xca, 0x5e, 0x33, 0x79, 0xc7, - 0x47, -}; - -const unsigned char test_ec_secp521r1_priv[] = { - 0x01, 0xb1, 0xb6, 0xad, 0x07, 0xbb, 0x79, 0xe7, 0x32, 0x0d, 0xa5, 0x98, 0x60, 0xea, 0x28, 0xe0, - 0x55, 0x28, 0x4f, 0x60, 0x58, 0xf2, 0x79, 0xde, 0x66, 0x6e, 0x06, 0xd4, 0x35, 0xd2, 0xaf, 0x7b, - 0xda, 0x28, 0xd9, 0x9f, 0xa4, 0x7b, 0x7d, 0xd0, 0x96, 0x3e, 0x16, 0xb0, 0x07, 0x30, 0x78, 0xee, - 0x8b, 0x8a, 0x38, 0xd9, 0x66, 0xa5, 0x82, 0xf4, 0x6d, 0x19, 0xff, 0x95, 0xdf, 0x3a, 0xd9, 0x68, - 0x5a, 0xae, -}; -const unsigned char test_ec_secp521r1_pub[] = { - 0x04, 0x00, 0x1d, 0xe1, 0x42, 0xd5, 0x4f, 0x69, 0xeb, 0x03, 0x8e, 0xe4, 0xb7, 0xaf, 0x9d, 0x3c, - 0xa0, 0x77, 0x36, 0xfd, 0x9c, 0xf7, 0x19, 0xeb, 0x35, 0x4d, 0x69, 0x87, 0x9e, 0xe7, 0xf3, 0xc1, - 0x36, 0xfb, 0x0f, 0xbf, 0x9f, 0x08, 0xf8, 0x6b, 0xe5, 0xfa, 0x12, 0x8e, 0xc1, 0xa0, 0x51, 0xd3, - 0xe6, 0xc6, 0x43, 0xe8, 0x5a, 0xda, 0x8f, 0xfa, 0xcf, 0x36, 0x63, 0xc2, 0x60, 0xbd, 0x2c, 0x84, - 0x4b, 0x6f, 0x56, 0x00, 0xce, 0xe8, 0xe4, 0x8a, 0x9e, 0x65, 0xd0, 0x9c, 0xad, 0xd8, 0x9f, 0x23, - 0x5d, 0xee, 0x05, 0xf3, 0xb8, 0xa6, 0x46, 0xbe, 0x71, 0x5f, 0x1f, 0x67, 0xd5, 0xb4, 0x34, 0xe0, - 0xff, 0x23, 0xa1, 0xfc, 0x07, 0xef, 0x77, 0x40, 0x19, 0x3e, 0x40, 0xee, 0xff, 0x6f, 0x3b, 0xcd, - 0xfd, 0x76, 0x5a, 0xa9, 0x15, 0x50, 0x33, 0x52, 0x4f, 0xe4, 0xf2, 0x05, 0xf5, 0x44, 0x4e, 0x29, - 0x2c, 0x4c, 0x2f, 0x6a, 0xc1, -}; - -const unsigned char test_ec_bp256r1_priv[] = { - 0x21, 0x61, 0xd6, 0xf2, 0xdb, 0x76, 0x52, 0x6f, 0xa6, 0x2c, 0x16, 0xf3, 0x56, 0xa8, 0x0f, 0x01, - 0xf3, 0x2f, 0x77, 0x67, 0x84, 0xb3, 0x6a, 0xa9, 0x97, 0x99, 0xa8, 0xb7, 0x66, 0x20, 0x80, 0xff, -}; -const unsigned char test_ec_bp256r1_pub[] = { - 0x04, 0x76, 0x8c, 0x8c, 0xae, 0x4a, 0xbc, 0xa6, 0x30, 0x6d, 0xb0, 0xed, 0x81, 0xb0, 0xc4, 0xa6, - 0x21, 0x5c, 0x37, 0x80, 0x66, 0xec, 0x6d, 0x61, 0x6c, 0x14, 0x6e, 0x13, 0xf1, 0xc7, 0xdf, 0x80, - 0x9b, 0x96, 0xab, 0x69, 0x11, 0xc2, 0x7d, 0x8a, 0x02, 0x33, 0x9f, 0x09, 0x26, 0x84, 0x0e, 0x55, - 0x23, 0x6d, 0x3d, 0x1e, 0xfb, 0xe2, 0x66, 0x9d, 0x09, 0x0e, 0x4c, 0x4c, 0x66, 0x0f, 0xad, 0xa9, - 0x1d, -}; - -const unsigned char test_ec_bp384r1_priv[] = { - 0x3d, 0xd9, 0x2e, 0x75, 0x0d, 0x90, 0xd7, 0xd3, 0x9f, 0xc1, 0x88, 0x5c, 0xd8, 0xad, 0x12, 0xea, - 0x94, 0x41, 0xf2, 0x2b, 0x93, 0x34, 0xb4, 0xd9, 0x65, 0x20, 0x2a, 0xdb, 0x14, 0x48, 0xce, 0x24, - 0xc5, 0x80, 0x8a, 0x85, 0xdd, 0x9a, 0xfc, 0x22, 0x9a, 0xf0, 0xa3, 0x12, 0x4f, 0x75, 0x5b, 0xcb, -}; -const unsigned char test_ec_bp384r1_pub[] = { - 0x04, 0x71, 0x9f, 0x9d, 0x09, 0x3a, 0x62, 0x7e, 0x0d, 0x35, 0x03, 0x85, 0xc6, 0x61, 0xce, 0xbf, - 0x00, 0xc6, 0x19, 0x23, 0x56, 0x6f, 0xe9, 0x00, 0x6a, 0x31, 0x07, 0xaf, 0x1d, 0x87, 0x1b, 0xc6, - 0xbb, 0x68, 0x98, 0x5f, 0xd7, 0x22, 0xea, 0x32, 0xbe, 0x31, 0x6f, 0x8e, 0x78, 0x3b, 0x7c, 0xd1, - 0x95, 0x77, 0x85, 0xf6, 0x6c, 0xfc, 0x0c, 0xb1, 0x95, 0xdd, 0x5c, 0x99, 0xa8, 0xe7, 0xab, 0xaa, - 0x84, 0x85, 0x53, 0xa5, 0x84, 0xdf, 0xd2, 0xb4, 0x8e, 0x76, 0xd4, 0x45, 0xfe, 0x00, 0xdd, 0x8b, - 0xe5, 0x90, 0x96, 0xd8, 0x77, 0xd4, 0x69, 0x6d, 0x23, 0xb4, 0xbc, 0x8d, 0xb1, 0x47, 0x24, 0xe6, - 0x6a, -}; - -const unsigned char test_ec_bp512r1_priv[] = { - 0x37, 0x2c, 0x97, 0x78, 0xf6, 0x9f, 0x72, 0x6c, 0xbc, 0xa3, 0xf4, 0xa2, 0x68, 0xf1, 0x6b, 0x4d, - 0x61, 0x7d, 0x10, 0x28, 0x0d, 0x79, 0xa6, 0xa0, 0x29, 0xcd, 0x51, 0x87, 0x9f, 0xe1, 0x01, 0x29, - 0x34, 0xdf, 0xe5, 0x39, 0x54, 0x55, 0x33, 0x7d, 0xf6, 0x90, 0x6d, 0xc7, 0xd6, 0xd2, 0xee, 0xa4, - 0xdb, 0xb2, 0x06, 0x5c, 0x02, 0x28, 0xf7, 0x3b, 0x3e, 0xd7, 0x16, 0x48, 0x0e, 0x7d, 0x71, 0xd2, -}; -const unsigned char test_ec_bp512r1_pub[] = { - 0x04, 0x38, 0xb7, 0xec, 0x92, 0xb6, 0x1c, 0x5c, 0x6c, 0x7f, 0xbc, 0x28, 0xa4, 0xec, 0x75, 0x9d, - 0x48, 0xfc, 0xd4, 0xe2, 0xe3, 0x74, 0xde, 0xfd, 0x5c, 0x49, 0x68, 0xa5, 0x4d, 0xbe, 0xf7, 0x51, - 0x0e, 0x51, 0x78, 0x86, 0xfb, 0xfc, 0x38, 0xea, 0x39, 0xaa, 0x52, 0x93, 0x59, 0xd7, 0x0a, 0x71, - 0x56, 0xc3, 0x5d, 0x3c, 0xba, 0xc7, 0xce, 0x77, 0x6b, 0xdb, 0x25, 0x1d, 0xd6, 0x4b, 0xce, 0x71, - 0x23, 0x44, 0x24, 0xee, 0x70, 0x49, 0xee, 0xd0, 0x72, 0xf0, 0xdb, 0xc4, 0xd7, 0x99, 0x96, 0xe1, - 0x75, 0xd5, 0x57, 0xe2, 0x63, 0x76, 0x3a, 0xe9, 0x70, 0x95, 0xc0, 0x81, 0xe7, 0x3e, 0x7d, 0xb2, - 0xe3, 0x8a, 0xdc, 0x3d, 0x4c, 0x9a, 0x04, 0x87, 0xb1, 0xed, 0xe8, 0x76, 0xdc, 0x1f, 0xca, 0x61, - 0xc9, 0x02, 0xe9, 0xa1, 0xd8, 0x72, 0x2b, 0x86, 0x12, 0x92, 0x8f, 0x18, 0xa2, 0x48, 0x45, 0x59, - 0x1a, -}; - -const unsigned char test_ec_curve25519_priv[] = { - 0x70, 0x07, 0x6d, 0x0a, 0x73, 0x18, 0xa5, 0x7d, 0x3c, 0x16, 0xc1, 0x72, 0x51, 0xb2, 0x66, 0x45, - 0xdf, 0x4c, 0x2f, 0x87, 0xeb, 0xc0, 0x99, 0x2a, 0xb1, 0x77, 0xfb, 0xa5, 0x1d, 0xb9, 0x2c, 0x6a, -}; -const unsigned char test_ec_curve25519_pub[] = { - 0x85, 0x20, 0xf0, 0x09, 0x89, 0x30, 0xa7, 0x54, 0x74, 0x8b, 0x7d, 0xdc, 0xb4, 0x3e, 0xf7, 0x5a, - 0x0d, 0xbf, 0x3a, 0x0d, 0x26, 0x38, 0x1a, 0xf4, 0xeb, 0xa4, 0xa9, 0x8e, 0xaa, 0x9b, 0x4e, 0x6a, -}; - -const unsigned char test_ec_curve448_priv[] = { - 0xe4, 0xe4, 0x9f, 0x52, 0x68, 0x6f, 0x9e, 0xe3, 0xb6, 0x38, 0x52, 0x8f, 0x72, 0x1f, 0x15, 0x96, - 0x19, 0x6f, 0xfd, 0x0a, 0x1c, 0xdd, 0xb6, 0x4c, 0x3f, 0x21, 0x6f, 0x06, 0x54, 0x18, 0x05, 0xcf, - 0xeb, 0x1a, 0x28, 0x6d, 0xc7, 0x80, 0x18, 0x09, 0x5c, 0xdf, 0xec, 0x05, 0x0e, 0x80, 0x07, 0xb5, - 0xf4, 0x90, 0x89, 0x62, 0xba, 0x20, 0xd6, 0xc1, -}; -const unsigned char test_ec_curve448_pub[] = { - 0xc0, 0xd3, 0xa5, 0xa2, 0xb4, 0x16, 0xa5, 0x73, 0xdc, 0x99, 0x09, 0xf9, 0x2f, 0x13, 0x4a, 0xc0, - 0x13, 0x23, 0xab, 0x8f, 0x8e, 0x36, 0x80, 0x4e, 0x57, 0x85, 0x88, 0xba, 0x2d, 0x09, 0xfe, 0x7c, - 0x3e, 0x73, 0x7f, 0x77, 0x1c, 0xa1, 0x12, 0x82, 0x5b, 0x54, 0x8a, 0x0f, 0xfd, 0xed, 0x6d, 0x6a, - 0x2f, 0xd0, 0x9a, 0x3e, 0x77, 0xde, 0xc3, 0x0e, -}; - -const unsigned char test_rsa_1024_priv[] = { - 0x30, 0x82, 0x02, 0x5e, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x00, 0xaf, 0x05, 0x7d, 0x39, 0x6e, - 0xe8, 0x4f, 0xb7, 0x5f, 0xdb, 0xb5, 0xc2, 0xb1, 0x3c, 0x7f, 0xe5, 0xa6, 0x54, 0xaa, 0x8a, 0xa2, - 0x47, 0x0b, 0x54, 0x1e, 0xe1, 0xfe, 0xb0, 0xb1, 0x2d, 0x25, 0xc7, 0x97, 0x11, 0x53, 0x12, 0x49, - 0xe1, 0x12, 0x96, 0x28, 0x04, 0x2d, 0xbb, 0xb6, 0xc1, 0x20, 0xd1, 0x44, 0x35, 0x24, 0xef, 0x4c, - 0x0e, 0x6e, 0x1d, 0x89, 0x56, 0xee, 0xb2, 0x07, 0x7a, 0xf1, 0x23, 0x49, 0xdd, 0xee, 0xe5, 0x44, - 0x83, 0xbc, 0x06, 0xc2, 0xc6, 0x19, 0x48, 0xcd, 0x02, 0xb2, 0x02, 0xe7, 0x96, 0xae, 0xbd, 0x94, - 0xd3, 0xa7, 0xcb, 0xf8, 0x59, 0xc2, 0xc1, 0x81, 0x9c, 0x32, 0x4c, 0xb8, 0x2b, 0x9c, 0xd3, 0x4e, - 0xde, 0x26, 0x3a, 0x2a, 0xbf, 0xfe, 0x47, 0x33, 0xf0, 0x77, 0x86, 0x9e, 0x86, 0x60, 0xf7, 0xd6, - 0x83, 0x4d, 0xa5, 0x3d, 0x69, 0x0e, 0xf7, 0x98, 0x5f, 0x6b, 0xc3, 0x02, 0x03, 0x01, 0x00, 0x01, - 0x02, 0x81, 0x81, 0x00, 0x87, 0x4b, 0xf0, 0xff, 0xc2, 0xf2, 0xa7, 0x1d, 0x14, 0x67, 0x1d, 0xdd, - 0x01, 0x71, 0xc9, 0x54, 0xd7, 0xfd, 0xbf, 0x50, 0x28, 0x1e, 0x4f, 0x6d, 0x99, 0xea, 0x0e, 0x1e, - 0xbc, 0xf8, 0x2f, 0xaa, 0x58, 0xe7, 0xb5, 0x95, 0xff, 0xb2, 0x93, 0xd1, 0xab, 0xe1, 0x7f, 0x11, - 0x0b, 0x37, 0xc4, 0x8c, 0xc0, 0xf3, 0x6c, 0x37, 0xe8, 0x4d, 0x87, 0x66, 0x21, 0xd3, 0x27, 0xf6, - 0x4b, 0xbe, 0x08, 0x45, 0x7d, 0x3e, 0xc4, 0x09, 0x8b, 0xa2, 0xfa, 0x0a, 0x31, 0x9f, 0xba, 0x41, - 0x1c, 0x28, 0x41, 0xed, 0x7b, 0xe8, 0x31, 0x96, 0xa8, 0xcd, 0xf9, 0xda, 0xa5, 0xd0, 0x06, 0x94, - 0xbc, 0x33, 0x5f, 0xc4, 0xc3, 0x22, 0x17, 0xfe, 0x04, 0x88, 0xbc, 0xe9, 0xcb, 0x72, 0x02, 0xe5, - 0x94, 0x68, 0xb1, 0xea, 0xd1, 0x19, 0x00, 0x04, 0x77, 0xdb, 0x2c, 0xa7, 0x97, 0xfa, 0xc1, 0x9e, - 0xda, 0x3f, 0x58, 0xc1, 0x02, 0x41, 0x00, 0xe2, 0xab, 0x76, 0x08, 0x41, 0xbb, 0x9d, 0x30, 0xa8, - 0x1d, 0x22, 0x2d, 0xe1, 0xeb, 0x73, 0x81, 0xd8, 0x22, 0x14, 0x40, 0x7f, 0x1b, 0x97, 0x5c, 0xbb, - 0xfe, 0x4e, 0x1a, 0x94, 0x67, 0xfd, 0x98, 0xad, 0xbd, 0x78, 0xf6, 0x07, 0x83, 0x6c, 0xa5, 0xbe, - 0x19, 0x28, 0xb9, 0xd1, 0x60, 0xd9, 0x7f, 0xd4, 0x5c, 0x12, 0xd6, 0xb5, 0x2e, 0x2c, 0x98, 0x71, - 0xa1, 0x74, 0xc6, 0x6b, 0x48, 0x81, 0x13, 0x02, 0x41, 0x00, 0xc5, 0xab, 0x27, 0x60, 0x21, 0x59, - 0xae, 0x7d, 0x6f, 0x20, 0xc3, 0xc2, 0xee, 0x85, 0x1e, 0x46, 0xdc, 0x11, 0x2e, 0x68, 0x9e, 0x28, - 0xd5, 0xfc, 0xbb, 0xf9, 0x90, 0xa9, 0x9e, 0xf8, 0xa9, 0x0b, 0x8b, 0xb4, 0x4f, 0xd3, 0x64, 0x67, - 0xe7, 0xfc, 0x17, 0x89, 0xce, 0xb6, 0x63, 0xab, 0xda, 0x33, 0x86, 0x52, 0xc3, 0xc7, 0x3f, 0x11, - 0x17, 0x74, 0x90, 0x2e, 0x84, 0x05, 0x65, 0x92, 0x70, 0x91, 0x02, 0x41, 0x00, 0xb6, 0xcd, 0xbd, - 0x35, 0x4f, 0x7d, 0xf5, 0x79, 0xa6, 0x3b, 0x48, 0xb3, 0x64, 0x3e, 0x35, 0x3b, 0x84, 0x89, 0x87, - 0x77, 0xb4, 0x8b, 0x15, 0xf9, 0x4e, 0x0b, 0xfc, 0x05, 0x67, 0xa6, 0xae, 0x59, 0x11, 0xd5, 0x7a, - 0xd6, 0x40, 0x9c, 0xf7, 0x64, 0x7b, 0xf9, 0x62, 0x64, 0xe9, 0xbd, 0x87, 0xeb, 0x95, 0xe2, 0x63, - 0xb7, 0x11, 0x0b, 0x9a, 0x1f, 0x9f, 0x94, 0xac, 0xce, 0xd0, 0xfa, 0xfa, 0x4d, 0x02, 0x40, 0x71, - 0x19, 0x5e, 0xec, 0x37, 0xe8, 0xd2, 0x57, 0xde, 0xcf, 0xc6, 0x72, 0xb0, 0x7a, 0xe6, 0x39, 0xf1, - 0x0c, 0xbb, 0x9b, 0x0c, 0x73, 0x9d, 0x0c, 0x80, 0x99, 0x68, 0xd6, 0x44, 0xa9, 0x4e, 0x3f, 0xd6, - 0xed, 0x92, 0x87, 0x07, 0x7a, 0x14, 0x58, 0x3f, 0x37, 0x90, 0x58, 0xf7, 0x6a, 0x8a, 0xec, 0xd4, - 0x3c, 0x62, 0xdc, 0x8c, 0x0f, 0x41, 0x76, 0x66, 0x50, 0xd7, 0x25, 0x27, 0x5a, 0xc4, 0xa1, 0x02, - 0x41, 0x00, 0xbb, 0x32, 0xd1, 0x33, 0xed, 0xc2, 0xe0, 0x48, 0xd4, 0x63, 0x38, 0x8b, 0x7b, 0xe9, - 0xcb, 0x4b, 0xe2, 0x9f, 0x4b, 0x62, 0x50, 0xbe, 0x60, 0x3e, 0x70, 0xe3, 0x64, 0x75, 0x01, 0xc9, - 0x7d, 0xdd, 0xe2, 0x0a, 0x4e, 0x71, 0xbe, 0x95, 0xfd, 0x5e, 0x71, 0x78, 0x4e, 0x25, 0xac, 0xa4, - 0xba, 0xf2, 0x5b, 0xe5, 0x73, 0x8a, 0xae, 0x59, 0xbb, 0xfe, 0x1c, 0x99, 0x77, 0x81, 0x44, 0x7a, - 0x2b, 0x24, -}; -const unsigned char test_rsa_1024_pub[] = { - 0x30, 0x81, 0x89, 0x02, 0x81, 0x81, 0x00, 0xaf, 0x05, 0x7d, 0x39, 0x6e, 0xe8, 0x4f, 0xb7, 0x5f, - 0xdb, 0xb5, 0xc2, 0xb1, 0x3c, 0x7f, 0xe5, 0xa6, 0x54, 0xaa, 0x8a, 0xa2, 0x47, 0x0b, 0x54, 0x1e, - 0xe1, 0xfe, 0xb0, 0xb1, 0x2d, 0x25, 0xc7, 0x97, 0x11, 0x53, 0x12, 0x49, 0xe1, 0x12, 0x96, 0x28, - 0x04, 0x2d, 0xbb, 0xb6, 0xc1, 0x20, 0xd1, 0x44, 0x35, 0x24, 0xef, 0x4c, 0x0e, 0x6e, 0x1d, 0x89, - 0x56, 0xee, 0xb2, 0x07, 0x7a, 0xf1, 0x23, 0x49, 0xdd, 0xee, 0xe5, 0x44, 0x83, 0xbc, 0x06, 0xc2, - 0xc6, 0x19, 0x48, 0xcd, 0x02, 0xb2, 0x02, 0xe7, 0x96, 0xae, 0xbd, 0x94, 0xd3, 0xa7, 0xcb, 0xf8, - 0x59, 0xc2, 0xc1, 0x81, 0x9c, 0x32, 0x4c, 0xb8, 0x2b, 0x9c, 0xd3, 0x4e, 0xde, 0x26, 0x3a, 0x2a, - 0xbf, 0xfe, 0x47, 0x33, 0xf0, 0x77, 0x86, 0x9e, 0x86, 0x60, 0xf7, 0xd6, 0x83, 0x4d, 0xa5, 0x3d, - 0x69, 0x0e, 0xf7, 0x98, 0x5f, 0x6b, 0xc3, 0x02, 0x03, 0x01, 0x00, 0x01, -}; - -const unsigned char test_rsa_1026_priv[] = { - 0x30, 0x82, 0x02, 0x5e, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x02, 0xd0, 0x96, 0x61, 0xfc, 0x74, - 0x22, 0x4b, 0xa7, 0xbe, 0x79, 0x07, 0xab, 0xef, 0x4f, 0x5e, 0x8b, 0xcc, 0x26, 0x4a, 0x80, 0x2c, - 0x97, 0x8f, 0x7e, 0xaa, 0x58, 0x55, 0xad, 0xa0, 0x54, 0x36, 0xd7, 0x5d, 0xb7, 0x68, 0xd2, 0x0f, - 0x68, 0x59, 0x5d, 0xbc, 0xc3, 0xd7, 0x25, 0xb1, 0x38, 0xe8, 0x0b, 0x24, 0x7e, 0x44, 0xa4, 0x16, - 0x3a, 0x05, 0x42, 0xfa, 0xb6, 0x12, 0xac, 0xbb, 0xde, 0x45, 0xf2, 0xe9, 0x38, 0x94, 0xaa, 0x25, - 0x3b, 0xdd, 0xef, 0x6a, 0x7b, 0xec, 0xdc, 0x9c, 0xc2, 0x9a, 0x99, 0xba, 0xcf, 0x48, 0xdc, 0x6e, - 0x38, 0xdb, 0x7a, 0x33, 0xe9, 0xac, 0x92, 0x4c, 0x52, 0x0f, 0xc6, 0xbe, 0x7d, 0x6e, 0x56, 0x46, - 0xc1, 0xd6, 0x7f, 0xb8, 0xb2, 0xb9, 0x7a, 0xc6, 0x0b, 0xee, 0xcc, 0x3b, 0xb8, 0xe7, 0x5b, 0xed, - 0x83, 0x15, 0xaa, 0x3f, 0xe4, 0x6f, 0x74, 0x8a, 0x66, 0xd6, 0xef, 0x02, 0x03, 0x01, 0x00, 0x01, - 0x02, 0x81, 0x80, 0x6a, 0x4a, 0x34, 0x6b, 0xeb, 0xa9, 0x7f, 0x65, 0x5f, 0xe8, 0x34, 0x64, 0x7d, - 0x29, 0x44, 0xf5, 0xf4, 0x08, 0x15, 0xe7, 0x30, 0x2c, 0xaf, 0x02, 0xed, 0x17, 0x98, 0x93, 0xc2, - 0xd9, 0x89, 0x39, 0x5d, 0x5e, 0x87, 0x7c, 0xac, 0xbf, 0x24, 0xa7, 0x7a, 0x07, 0x9d, 0x3d, 0xb7, - 0x15, 0x80, 0xcc, 0xdb, 0xf6, 0x30, 0x23, 0xd0, 0x0f, 0x80, 0xe5, 0x2f, 0x5c, 0x1a, 0x07, 0x16, - 0xb3, 0x23, 0xb7, 0xbf, 0xcb, 0xdc, 0x8a, 0x17, 0x81, 0xc4, 0x4c, 0x41, 0x53, 0xe3, 0xda, 0x22, - 0x8d, 0x17, 0xb2, 0xdc, 0x78, 0xeb, 0x1f, 0x44, 0xcf, 0xf6, 0x0f, 0xe1, 0x15, 0x08, 0x08, 0xa6, - 0xe3, 0x8b, 0xa2, 0x47, 0x0a, 0xee, 0x2e, 0x94, 0x8a, 0x68, 0x98, 0xdd, 0xad, 0xea, 0x56, 0xd9, - 0x47, 0x09, 0x27, 0xac, 0xa8, 0xd9, 0x4a, 0x03, 0x38, 0xc1, 0x1a, 0x8e, 0x95, 0x71, 0x5b, 0x5f, - 0x94, 0xe0, 0x11, 0x02, 0x41, 0x01, 0xf5, 0x41, 0x85, 0x34, 0xc3, 0x62, 0x36, 0xfc, 0x9f, 0xd3, - 0x89, 0x34, 0xd7, 0xc0, 0x6d, 0xfe, 0xd3, 0x82, 0x91, 0x51, 0xcc, 0xab, 0x56, 0xb6, 0x33, 0x0c, - 0x64, 0x1f, 0x77, 0x96, 0xa7, 0x19, 0x24, 0xcf, 0x81, 0x19, 0xca, 0x26, 0xe1, 0x86, 0xec, 0xd3, - 0x06, 0x8d, 0x66, 0x07, 0xa0, 0x52, 0x60, 0xdb, 0x48, 0x57, 0x65, 0x19, 0x80, 0x43, 0x68, 0x91, - 0xad, 0xde, 0x9e, 0xb9, 0x2a, 0xb7, 0x02, 0x41, 0x01, 0x70, 0x04, 0x2f, 0xbd, 0xba, 0xba, 0x1e, - 0x10, 0x2b, 0x7f, 0x7f, 0x1d, 0xc9, 0xd9, 0x40, 0xcf, 0xdc, 0xd8, 0x5d, 0xd0, 0xea, 0x65, 0xf5, - 0x43, 0xc6, 0x43, 0x2e, 0x9c, 0x54, 0x80, 0x72, 0x4b, 0xb4, 0x9b, 0x1e, 0x5f, 0x80, 0xca, 0x2b, - 0x9f, 0x84, 0xcd, 0x66, 0x44, 0xbf, 0xb2, 0xe3, 0xd0, 0x96, 0x80, 0x90, 0xb8, 0x9f, 0x53, 0x4d, - 0xc2, 0x95, 0x1e, 0x60, 0x6d, 0xb9, 0x09, 0xdd, 0x89, 0x02, 0x41, 0x01, 0x4b, 0x6c, 0x1a, 0xeb, - 0x1c, 0x14, 0xa0, 0x4e, 0xc0, 0x4e, 0x59, 0x75, 0xfb, 0x01, 0x5c, 0xb9, 0x14, 0x98, 0x4c, 0x05, - 0x4d, 0xd2, 0x2b, 0xef, 0x24, 0x29, 0x99, 0x39, 0xc5, 0x14, 0x73, 0x3f, 0x88, 0xbb, 0x3a, 0x9d, - 0x16, 0xb0, 0x46, 0x85, 0xb3, 0xa8, 0x83, 0xb8, 0x92, 0x31, 0x90, 0xab, 0x67, 0x27, 0x15, 0xd9, - 0xd3, 0x1a, 0xdd, 0x57, 0xb4, 0x98, 0x3d, 0xe1, 0xe8, 0x08, 0x7e, 0x59, 0x02, 0x41, 0x01, 0x17, - 0xbf, 0x76, 0xf3, 0x08, 0xb0, 0x56, 0x0e, 0x00, 0xa2, 0xc8, 0x64, 0x42, 0x7d, 0xcd, 0x50, 0xb5, - 0x16, 0x1c, 0x2a, 0xa5, 0x23, 0xa0, 0x0f, 0x46, 0xf4, 0xe6, 0xc7, 0x9b, 0x4c, 0x90, 0x95, 0x8f, - 0xd2, 0xa2, 0x82, 0x02, 0x8a, 0xac, 0x22, 0x74, 0x77, 0x16, 0x98, 0x88, 0x08, 0x5a, 0x38, 0xc3, - 0x4f, 0x33, 0xb3, 0xc4, 0x19, 0x34, 0xf1, 0x07, 0x1d, 0xb2, 0x3b, 0x75, 0xff, 0x53, 0xd1, 0x02, - 0x41, 0x01, 0x20, 0xa4, 0x28, 0xb4, 0xe0, 0xc4, 0xa6, 0xf2, 0x02, 0x92, 0x0f, 0xd4, 0x9c, 0xc9, - 0x88, 0x6e, 0x6b, 0x67, 0x19, 0xd4, 0x0a, 0x3a, 0xd0, 0x60, 0x4f, 0x5d, 0x5e, 0xfd, 0x5e, 0xf6, - 0x97, 0x3a, 0x57, 0x3a, 0xb3, 0x24, 0xf3, 0x8e, 0xcb, 0x8e, 0x66, 0x9a, 0x69, 0x34, 0x15, 0x97, - 0x08, 0x1e, 0x24, 0x0b, 0x6a, 0xe4, 0xe2, 0x71, 0x48, 0x87, 0xdd, 0x78, 0xda, 0xda, 0xeb, 0x0b, - 0x92, 0x16, -}; -const unsigned char test_rsa_1026_pub[] = { - 0x30, 0x81, 0x89, 0x02, 0x81, 0x81, 0x02, 0xd0, 0x96, 0x61, 0xfc, 0x74, 0x22, 0x4b, 0xa7, 0xbe, - 0x79, 0x07, 0xab, 0xef, 0x4f, 0x5e, 0x8b, 0xcc, 0x26, 0x4a, 0x80, 0x2c, 0x97, 0x8f, 0x7e, 0xaa, - 0x58, 0x55, 0xad, 0xa0, 0x54, 0x36, 0xd7, 0x5d, 0xb7, 0x68, 0xd2, 0x0f, 0x68, 0x59, 0x5d, 0xbc, - 0xc3, 0xd7, 0x25, 0xb1, 0x38, 0xe8, 0x0b, 0x24, 0x7e, 0x44, 0xa4, 0x16, 0x3a, 0x05, 0x42, 0xfa, - 0xb6, 0x12, 0xac, 0xbb, 0xde, 0x45, 0xf2, 0xe9, 0x38, 0x94, 0xaa, 0x25, 0x3b, 0xdd, 0xef, 0x6a, - 0x7b, 0xec, 0xdc, 0x9c, 0xc2, 0x9a, 0x99, 0xba, 0xcf, 0x48, 0xdc, 0x6e, 0x38, 0xdb, 0x7a, 0x33, - 0xe9, 0xac, 0x92, 0x4c, 0x52, 0x0f, 0xc6, 0xbe, 0x7d, 0x6e, 0x56, 0x46, 0xc1, 0xd6, 0x7f, 0xb8, - 0xb2, 0xb9, 0x7a, 0xc6, 0x0b, 0xee, 0xcc, 0x3b, 0xb8, 0xe7, 0x5b, 0xed, 0x83, 0x15, 0xaa, 0x3f, - 0xe4, 0x6f, 0x74, 0x8a, 0x66, 0xd6, 0xef, 0x02, 0x03, 0x01, 0x00, 0x01, -}; - -const unsigned char test_rsa_1028_priv[] = { - 0x30, 0x82, 0x02, 0x5e, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x0e, 0x62, 0xa7, 0x6f, 0x0e, 0x0b, - 0x59, 0x68, 0x3a, 0x7e, 0xbf, 0x7c, 0xbf, 0xd3, 0x7b, 0x1d, 0x17, 0x81, 0xd8, 0xf1, 0xb9, 0x00, - 0x60, 0x4b, 0x50, 0x7f, 0x0f, 0x04, 0xc7, 0x2a, 0x3d, 0x34, 0x0d, 0x06, 0x7b, 0xcd, 0x53, 0xbe, - 0xa3, 0xca, 0xff, 0x4e, 0x4a, 0xe6, 0x94, 0xf0, 0xb6, 0xd8, 0xf5, 0x91, 0xa4, 0x16, 0x7f, 0xbf, - 0x7f, 0x37, 0x2a, 0xb5, 0x7e, 0x83, 0xa6, 0x9a, 0x3f, 0x26, 0xf4, 0x47, 0xbc, 0xf5, 0x82, 0xbc, - 0x96, 0x21, 0xa3, 0x0a, 0x3b, 0x44, 0xd6, 0xb4, 0x3e, 0x98, 0x6d, 0x1a, 0x86, 0x7b, 0x07, 0x48, - 0x9e, 0x4f, 0x9b, 0xfc, 0xad, 0xaa, 0x82, 0xa2, 0x78, 0x2d, 0xc2, 0x72, 0x9a, 0x63, 0x1f, 0xb1, - 0xfb, 0x9f, 0xfb, 0x79, 0x4b, 0x4e, 0x53, 0xc7, 0x62, 0x39, 0xe0, 0x4d, 0x4a, 0x8f, 0x80, 0x35, - 0x25, 0x88, 0xdb, 0x29, 0x46, 0x2d, 0xde, 0x18, 0x23, 0x7c, 0xf5, 0x02, 0x03, 0x01, 0x00, 0x01, - 0x02, 0x81, 0x81, 0x01, 0xcf, 0xa0, 0x42, 0x2e, 0x3b, 0xb6, 0x0c, 0x15, 0xef, 0x2e, 0x96, 0xdb, - 0x44, 0x99, 0xe7, 0x89, 0xf5, 0xd6, 0x34, 0xea, 0x64, 0x56, 0x7b, 0x2c, 0xdd, 0x6e, 0x2b, 0xdd, - 0x12, 0x1f, 0x85, 0xed, 0xcc, 0xde, 0xe9, 0xb4, 0xed, 0x17, 0x8c, 0x5f, 0x33, 0x81, 0x61, 0x01, - 0xa7, 0xc3, 0x71, 0x51, 0x8b, 0x3e, 0x23, 0xf9, 0xfd, 0xc7, 0x1b, 0x90, 0x24, 0x2c, 0xd3, 0x10, - 0xb6, 0xb3, 0x14, 0x28, 0xb0, 0xb6, 0x4e, 0xb9, 0x59, 0x6b, 0xe0, 0xcc, 0x04, 0x4c, 0xc8, 0x50, - 0x48, 0x98, 0x2f, 0x90, 0xb7, 0x06, 0xe6, 0x6c, 0xcd, 0xd3, 0x9a, 0xd5, 0xa1, 0xa7, 0xb6, 0x4c, - 0xf0, 0x34, 0xea, 0xc0, 0xc3, 0x5d, 0x7a, 0xce, 0x93, 0xf2, 0xbc, 0xd3, 0xce, 0x24, 0x3b, 0xd8, - 0xf8, 0x3b, 0x46, 0xf5, 0x09, 0xca, 0x2f, 0x80, 0x50, 0x63, 0x00, 0x2a, 0xf2, 0xbb, 0x2d, 0x88, - 0xb6, 0xee, 0x36, 0xa9, 0x02, 0x41, 0x03, 0xf0, 0x88, 0x6d, 0x29, 0x77, 0x52, 0x6f, 0x3f, 0x3f, - 0x6a, 0x07, 0x56, 0x00, 0x23, 0x2c, 0xe3, 0x00, 0x85, 0x17, 0x27, 0x6d, 0xd3, 0x72, 0x1d, 0xee, - 0x08, 0xfd, 0x6c, 0x99, 0x9f, 0xc9, 0x76, 0xb9, 0xe8, 0xdd, 0x2b, 0xc1, 0x43, 0x38, 0x5f, 0xa4, - 0xb4, 0x87, 0x35, 0xce, 0x81, 0xc6, 0x6b, 0x50, 0x1d, 0x71, 0x29, 0xee, 0x78, 0x60, 0xcf, 0xbe, - 0xf2, 0x3b, 0x5d, 0xa9, 0x1e, 0x6c, 0x2d, 0x02, 0x41, 0x03, 0xa6, 0xc8, 0x73, 0x4a, 0xac, 0xe5, - 0x9d, 0x5f, 0x38, 0x6f, 0x97, 0xde, 0x45, 0x0f, 0x8a, 0x12, 0xd6, 0x3a, 0xe6, 0xac, 0x15, 0xd3, - 0x36, 0xe0, 0x10, 0xc9, 0xfc, 0xf0, 0x3a, 0x32, 0xf0, 0x61, 0x18, 0x81, 0xac, 0x6c, 0xd8, 0xb3, - 0xf9, 0x89, 0x92, 0x5c, 0x0f, 0x02, 0x5a, 0xf2, 0x6c, 0xf2, 0x6a, 0xeb, 0xd7, 0xd9, 0xb0, 0x4e, - 0xb5, 0x03, 0x04, 0x8d, 0xca, 0x2f, 0x50, 0x3c, 0x28, 0xe9, 0x02, 0x41, 0x01, 0x9b, 0x30, 0x04, - 0x51, 0xc3, 0xb4, 0x78, 0x66, 0xf1, 0x13, 0xe9, 0xa9, 0xc6, 0xa4, 0x90, 0xc8, 0x7c, 0x8d, 0xc6, - 0xc2, 0xec, 0xa4, 0x29, 0x02, 0xca, 0xea, 0x1f, 0x69, 0x07, 0xb9, 0x7e, 0x0a, 0x4a, 0x02, 0x07, - 0x2a, 0xaf, 0xc1, 0x18, 0x5a, 0xe6, 0x6c, 0x34, 0x34, 0x5b, 0xdd, 0xcd, 0x68, 0x33, 0x61, 0xcd, - 0xa1, 0xaa, 0xf8, 0xa9, 0x80, 0x09, 0xf9, 0xf8, 0xfa, 0x56, 0xd9, 0x70, 0x81, 0x02, 0x40, 0x1b, - 0xcc, 0xa8, 0x49, 0x17, 0x3d, 0x38, 0xe1, 0xe5, 0x0e, 0xc4, 0x88, 0x72, 0xab, 0x54, 0xa2, 0xdc, - 0xc6, 0x21, 0xa8, 0x0a, 0x7a, 0x1e, 0x8e, 0xa9, 0x51, 0x28, 0x79, 0x88, 0x71, 0x8d, 0x5e, 0x85, - 0xd9, 0x0d, 0x64, 0xab, 0x49, 0x26, 0xe9, 0xa5, 0x75, 0xa1, 0x68, 0xa3, 0x85, 0xc4, 0x21, 0xad, - 0x76, 0x58, 0x13, 0xfc, 0x3f, 0x4a, 0xf8, 0xcd, 0x00, 0xde, 0x7b, 0x6b, 0xba, 0x6e, 0x49, 0x02, - 0x41, 0x03, 0x6d, 0xcf, 0x69, 0xf6, 0xe5, 0x48, 0xc8, 0xac, 0xfb, 0x53, 0x6f, 0xb6, 0xcd, 0x18, - 0x6f, 0x8b, 0x8f, 0x20, 0xd3, 0x13, 0x36, 0x1d, 0x04, 0x47, 0xc1, 0xb5, 0xe3, 0x80, 0xf4, 0x11, - 0x3e, 0x57, 0x8b, 0x31, 0xe8, 0x67, 0xdd, 0xa4, 0x7d, 0x44, 0xad, 0x37, 0x61, 0xe7, 0x93, 0xf7, - 0x25, 0x03, 0x1b, 0x8d, 0x37, 0x9f, 0x38, 0x9d, 0xe2, 0x77, 0xa9, 0xa0, 0x13, 0x76, 0x51, 0xdf, - 0x54, 0x8a, -}; -const unsigned char test_rsa_1028_pub[] = { - 0x30, 0x81, 0x89, 0x02, 0x81, 0x81, 0x0e, 0x62, 0xa7, 0x6f, 0x0e, 0x0b, 0x59, 0x68, 0x3a, 0x7e, - 0xbf, 0x7c, 0xbf, 0xd3, 0x7b, 0x1d, 0x17, 0x81, 0xd8, 0xf1, 0xb9, 0x00, 0x60, 0x4b, 0x50, 0x7f, - 0x0f, 0x04, 0xc7, 0x2a, 0x3d, 0x34, 0x0d, 0x06, 0x7b, 0xcd, 0x53, 0xbe, 0xa3, 0xca, 0xff, 0x4e, - 0x4a, 0xe6, 0x94, 0xf0, 0xb6, 0xd8, 0xf5, 0x91, 0xa4, 0x16, 0x7f, 0xbf, 0x7f, 0x37, 0x2a, 0xb5, - 0x7e, 0x83, 0xa6, 0x9a, 0x3f, 0x26, 0xf4, 0x47, 0xbc, 0xf5, 0x82, 0xbc, 0x96, 0x21, 0xa3, 0x0a, - 0x3b, 0x44, 0xd6, 0xb4, 0x3e, 0x98, 0x6d, 0x1a, 0x86, 0x7b, 0x07, 0x48, 0x9e, 0x4f, 0x9b, 0xfc, - 0xad, 0xaa, 0x82, 0xa2, 0x78, 0x2d, 0xc2, 0x72, 0x9a, 0x63, 0x1f, 0xb1, 0xfb, 0x9f, 0xfb, 0x79, - 0x4b, 0x4e, 0x53, 0xc7, 0x62, 0x39, 0xe0, 0x4d, 0x4a, 0x8f, 0x80, 0x35, 0x25, 0x88, 0xdb, 0x29, - 0x46, 0x2d, 0xde, 0x18, 0x23, 0x7c, 0xf5, 0x02, 0x03, 0x01, 0x00, 0x01, -}; - -const unsigned char test_rsa_1030_priv[] = { - 0x30, 0x82, 0x02, 0x5f, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x2b, 0x7c, 0xd1, 0x97, 0xf5, 0x79, - 0x6d, 0x1f, 0x8e, 0x57, 0x6b, 0x2b, 0x37, 0x72, 0x3f, 0xd9, 0x21, 0x08, 0x14, 0xef, 0x1c, 0x19, - 0x95, 0xf9, 0x89, 0x9d, 0x50, 0x05, 0x8f, 0x37, 0x9d, 0x23, 0x9c, 0x66, 0x87, 0x8e, 0x92, 0x2f, - 0x34, 0xc6, 0xae, 0x36, 0x72, 0xc8, 0x59, 0x8f, 0xcd, 0x5d, 0x47, 0xb7, 0x64, 0xd2, 0xec, 0x15, - 0x6e, 0x13, 0x4d, 0x03, 0xcf, 0x6a, 0x94, 0xd3, 0x8d, 0x2e, 0xa8, 0xbc, 0x76, 0xdb, 0xbc, 0x60, - 0xc4, 0xb9, 0x74, 0x21, 0x90, 0x90, 0xea, 0xf2, 0x87, 0x49, 0x7d, 0x7d, 0xcf, 0x7f, 0x11, 0x9c, - 0xfa, 0x86, 0x74, 0x96, 0xf7, 0xe9, 0x1c, 0x12, 0xb5, 0xd5, 0x52, 0xe1, 0xd1, 0x46, 0x1a, 0x80, - 0xdb, 0xe9, 0xa5, 0x9d, 0xb3, 0xb0, 0x16, 0xc6, 0xc0, 0x14, 0x1c, 0x3b, 0x2a, 0x0e, 0x22, 0x60, - 0x89, 0xb8, 0x55, 0xcb, 0x88, 0xef, 0x65, 0x64, 0x08, 0xbd, 0x89, 0x02, 0x03, 0x01, 0x00, 0x01, - 0x02, 0x81, 0x81, 0x02, 0x10, 0xd5, 0xff, 0x53, 0x1c, 0xac, 0xb2, 0x2f, 0x8c, 0xf7, 0xdd, 0x1f, - 0xd9, 0xfb, 0x03, 0x76, 0xf3, 0x64, 0x7f, 0x2e, 0x9a, 0xb3, 0xdf, 0x9c, 0x89, 0xb9, 0xad, 0x3c, - 0x98, 0xe6, 0x8b, 0x89, 0xad, 0xeb, 0x29, 0x90, 0x1d, 0xd2, 0xf2, 0xcf, 0x2a, 0xc1, 0xf8, 0x17, - 0x72, 0x62, 0x78, 0x83, 0x0e, 0xc8, 0xa8, 0xd0, 0xfd, 0xd1, 0x9d, 0x49, 0x6e, 0xc6, 0xbc, 0x68, - 0x36, 0x71, 0x17, 0x47, 0x86, 0xb7, 0xd6, 0xa8, 0xe8, 0x22, 0xfa, 0x71, 0xd6, 0x5a, 0xd3, 0x5a, - 0xbb, 0xdf, 0x0e, 0x6e, 0x55, 0xff, 0x2c, 0x18, 0x21, 0xb6, 0x2b, 0xc6, 0x30, 0x19, 0x21, 0x60, - 0xe5, 0xc9, 0xb3, 0xdc, 0xaf, 0xc6, 0x5a, 0xe6, 0xb2, 0xa0, 0x88, 0xfb, 0xc5, 0x59, 0x1d, 0xa5, - 0x8a, 0x45, 0xdd, 0x7a, 0x30, 0x96, 0x0f, 0x7d, 0x3d, 0xef, 0x75, 0xb8, 0x0c, 0xdf, 0x73, 0x24, - 0x73, 0x60, 0xe8, 0xfb, 0x02, 0x41, 0x07, 0x2e, 0x37, 0x1a, 0x3b, 0xa8, 0x61, 0xe7, 0x8e, 0x3e, - 0xb9, 0x31, 0x30, 0x65, 0xfa, 0xab, 0x0a, 0x97, 0x21, 0x6e, 0x95, 0x44, 0xbf, 0xc2, 0xd5, 0xb4, - 0x03, 0x84, 0x4b, 0x43, 0x27, 0x37, 0x05, 0x75, 0x5a, 0x85, 0xaa, 0x0b, 0xaf, 0x71, 0x14, 0x77, - 0x0c, 0xfe, 0xca, 0x20, 0xbc, 0xa1, 0x7a, 0xc1, 0x9b, 0xc4, 0xcb, 0xba, 0x10, 0x6a, 0x33, 0xb3, - 0xdd, 0xdc, 0xa0, 0xfb, 0x53, 0x5f, 0x33, 0x02, 0x41, 0x06, 0x0e, 0x6a, 0xf3, 0x7a, 0xb4, 0xea, - 0x11, 0xf5, 0x2b, 0x93, 0x44, 0xe7, 0x16, 0x0e, 0xb2, 0xa5, 0x3f, 0x10, 0x75, 0xe1, 0x22, 0x9a, - 0x7f, 0x10, 0xa3, 0x01, 0xde, 0x33, 0x59, 0xf5, 0x3e, 0x98, 0x1e, 0xa0, 0xe1, 0x7d, 0xf0, 0xfb, - 0x38, 0x0f, 0x08, 0x9e, 0x5c, 0x37, 0xdd, 0x40, 0xda, 0xa2, 0x9e, 0xef, 0xd2, 0x05, 0xf5, 0xc8, - 0x7b, 0x38, 0xf8, 0xfe, 0xf6, 0x36, 0xb5, 0x7b, 0xa0, 0x53, 0x02, 0x41, 0x02, 0x3a, 0x5d, 0xd0, - 0x9e, 0xf8, 0x35, 0x40, 0xb3, 0x0b, 0x55, 0x4d, 0x24, 0xf6, 0x4f, 0x9c, 0x28, 0xd2, 0x12, 0x06, - 0x8c, 0xfc, 0x62, 0xff, 0xe2, 0x6d, 0x53, 0xb6, 0x05, 0xe0, 0x55, 0x57, 0xa6, 0x32, 0xee, 0x9e, - 0x90, 0xcf, 0xc5, 0x65, 0x31, 0xf3, 0x6a, 0xad, 0xd8, 0x2b, 0xe6, 0x3b, 0xb8, 0xaa, 0x40, 0x5a, - 0x04, 0xd8, 0xbb, 0xe5, 0x28, 0x1b, 0xc4, 0x58, 0x83, 0xfe, 0xd7, 0xb4, 0xaf, 0x02, 0x41, 0x04, - 0x1d, 0xe6, 0xdb, 0xad, 0x4c, 0xaf, 0x54, 0x17, 0xa9, 0x50, 0x49, 0x65, 0x20, 0x1c, 0x4b, 0x99, - 0x82, 0x7d, 0xe8, 0xf3, 0x69, 0xf7, 0x45, 0x6a, 0x84, 0xb3, 0xef, 0x5c, 0x4e, 0xc9, 0x23, 0x8c, - 0x7a, 0x3d, 0x78, 0x2a, 0x89, 0x15, 0xeb, 0xec, 0x64, 0x3a, 0x69, 0x8b, 0x5b, 0xee, 0x0a, 0xf0, - 0xc2, 0x43, 0x59, 0x2b, 0xce, 0x00, 0x42, 0xaa, 0xde, 0xaf, 0x49, 0xa4, 0xb4, 0xc6, 0xdd, 0x9b, - 0x02, 0x41, 0x05, 0xd3, 0x2d, 0xee, 0x95, 0x2b, 0x50, 0x3b, 0x53, 0x6f, 0xce, 0xcf, 0x19, 0xec, - 0x08, 0x23, 0x6a, 0x9c, 0xd9, 0x45, 0xc4, 0x95, 0x51, 0xbf, 0x99, 0xf1, 0x5b, 0x67, 0x4f, 0xc2, - 0x1a, 0xa1, 0x99, 0xf4, 0xc4, 0x21, 0x1f, 0x0f, 0x00, 0x07, 0xc4, 0x17, 0xc1, 0xfb, 0x41, 0x55, - 0x32, 0x6a, 0x21, 0x42, 0xfc, 0xa4, 0x54, 0xbb, 0xd3, 0x8d, 0x6d, 0xbc, 0x6c, 0xaa, 0x7a, 0xc3, - 0x35, 0xa1, 0x7c, -}; -const unsigned char test_rsa_1030_pub[] = { - 0x30, 0x81, 0x89, 0x02, 0x81, 0x81, 0x2b, 0x7c, 0xd1, 0x97, 0xf5, 0x79, 0x6d, 0x1f, 0x8e, 0x57, - 0x6b, 0x2b, 0x37, 0x72, 0x3f, 0xd9, 0x21, 0x08, 0x14, 0xef, 0x1c, 0x19, 0x95, 0xf9, 0x89, 0x9d, - 0x50, 0x05, 0x8f, 0x37, 0x9d, 0x23, 0x9c, 0x66, 0x87, 0x8e, 0x92, 0x2f, 0x34, 0xc6, 0xae, 0x36, - 0x72, 0xc8, 0x59, 0x8f, 0xcd, 0x5d, 0x47, 0xb7, 0x64, 0xd2, 0xec, 0x15, 0x6e, 0x13, 0x4d, 0x03, - 0xcf, 0x6a, 0x94, 0xd3, 0x8d, 0x2e, 0xa8, 0xbc, 0x76, 0xdb, 0xbc, 0x60, 0xc4, 0xb9, 0x74, 0x21, - 0x90, 0x90, 0xea, 0xf2, 0x87, 0x49, 0x7d, 0x7d, 0xcf, 0x7f, 0x11, 0x9c, 0xfa, 0x86, 0x74, 0x96, - 0xf7, 0xe9, 0x1c, 0x12, 0xb5, 0xd5, 0x52, 0xe1, 0xd1, 0x46, 0x1a, 0x80, 0xdb, 0xe9, 0xa5, 0x9d, - 0xb3, 0xb0, 0x16, 0xc6, 0xc0, 0x14, 0x1c, 0x3b, 0x2a, 0x0e, 0x22, 0x60, 0x89, 0xb8, 0x55, 0xcb, - 0x88, 0xef, 0x65, 0x64, 0x08, 0xbd, 0x89, 0x02, 0x03, 0x01, 0x00, 0x01, -}; - -const unsigned char test_rsa_1536_priv[] = { - 0x30, 0x82, 0x03, 0x7b, 0x02, 0x01, 0x00, 0x02, 0x81, 0xc1, 0x00, 0xc8, 0x70, 0xfe, 0xb6, 0xca, - 0x6b, 0x1d, 0x2b, 0xd9, 0xf2, 0xdd, 0x99, 0xe2, 0x0f, 0x1f, 0xe2, 0xd7, 0xe5, 0x19, 0x2d, 0xe6, - 0x62, 0x22, 0x9d, 0xbe, 0x16, 0x2b, 0xd1, 0xba, 0x66, 0x33, 0x6a, 0x71, 0x82, 0x90, 0x3c, 0xa0, - 0xb7, 0x27, 0x96, 0xcd, 0x44, 0x1c, 0x83, 0xd2, 0x4b, 0xcd, 0xc3, 0xe9, 0xa2, 0xf5, 0xe4, 0x39, - 0x9c, 0x8a, 0x04, 0x3f, 0x1c, 0x3d, 0xdf, 0x04, 0x75, 0x4a, 0x66, 0xd4, 0xcf, 0xe7, 0xb3, 0x67, - 0x1a, 0x37, 0xdd, 0x31, 0xa9, 0xb4, 0xc1, 0x3b, 0xfe, 0x06, 0xee, 0x90, 0xf9, 0xd9, 0x4d, 0xda, - 0xa0, 0x6d, 0xe6, 0x7a, 0x52, 0xac, 0x86, 0x3e, 0x68, 0xf7, 0x56, 0x73, 0x6c, 0xeb, 0x01, 0x44, - 0x05, 0xa6, 0x16, 0x05, 0x79, 0x64, 0x0f, 0x83, 0x1d, 0xdd, 0xcc, 0xc3, 0x4a, 0xd0, 0xb0, 0x50, - 0x70, 0xe3, 0xf9, 0x95, 0x4a, 0x58, 0xd1, 0x81, 0x58, 0x13, 0xe1, 0xb8, 0x3b, 0xca, 0xdb, 0xa8, - 0x14, 0x78, 0x9c, 0x87, 0xf1, 0xef, 0x2b, 0xa5, 0xd7, 0x38, 0xb7, 0x93, 0xec, 0x45, 0x6a, 0x67, - 0x36, 0x0e, 0xea, 0x1b, 0x5f, 0xaf, 0x1c, 0x7c, 0xc7, 0xbf, 0x24, 0xf3, 0xb2, 0xa9, 0xd0, 0xf8, - 0x95, 0x8b, 0x10, 0x96, 0xe0, 0xf0, 0xc3, 0x35, 0xf8, 0x88, 0x8d, 0x0c, 0x63, 0xa5, 0x1c, 0x3c, - 0x03, 0x37, 0x21, 0x4f, 0xa3, 0xf5, 0xef, 0xdf, 0x6d, 0xcc, 0x35, 0x02, 0x03, 0x01, 0x00, 0x01, - 0x02, 0x81, 0xc0, 0x6d, 0x2d, 0x67, 0x00, 0x47, 0x97, 0x3a, 0x87, 0x75, 0x2a, 0x9d, 0x5b, 0xc1, - 0x4f, 0x3d, 0xae, 0x00, 0xac, 0xb0, 0x1f, 0x59, 0x3a, 0xa0, 0xe2, 0x4c, 0xf4, 0xa4, 0x9f, 0x93, - 0x29, 0x31, 0xde, 0x4b, 0xbf, 0xb3, 0x32, 0xe2, 0xd3, 0x80, 0x83, 0xda, 0x80, 0xbc, 0x0b, 0x6d, - 0x53, 0x8e, 0xdb, 0xa4, 0x79, 0xf7, 0xf7, 0x7d, 0x0d, 0xef, 0xfb, 0x4a, 0x28, 0xe6, 0xe6, 0x7f, - 0xf6, 0x27, 0x35, 0x85, 0xbb, 0x4c, 0xd8, 0x62, 0x53, 0x5c, 0x94, 0x66, 0x05, 0xab, 0x08, 0x09, - 0xd6, 0x5f, 0x0e, 0x38, 0xf7, 0x6e, 0x4e, 0xc2, 0xc3, 0xd9, 0xb8, 0xcd, 0x6e, 0x14, 0xbc, 0xf6, - 0x67, 0x94, 0x38, 0x92, 0xcd, 0x4b, 0x34, 0xcc, 0x64, 0x20, 0xa4, 0x39, 0xab, 0xbf, 0x3d, 0x7d, - 0x35, 0xef, 0x73, 0x97, 0x6d, 0xd6, 0xf9, 0xcb, 0xde, 0x35, 0xa5, 0x1f, 0xa5, 0x21, 0x3f, 0x01, - 0x07, 0xf8, 0x3e, 0x34, 0x25, 0x83, 0x5d, 0x16, 0xd3, 0xc9, 0x14, 0x6f, 0xc9, 0xe3, 0x6c, 0xe7, - 0x5a, 0x09, 0xbb, 0x66, 0xcd, 0xff, 0x21, 0xdd, 0x5a, 0x77, 0x68, 0x99, 0xf1, 0xcb, 0x07, 0xe2, - 0x82, 0xcc, 0xa2, 0x7b, 0xe4, 0x65, 0x10, 0xe9, 0xc7, 0x99, 0xf0, 0xd8, 0xdb, 0x27, 0x5a, 0x6b, - 0xe0, 0x85, 0xd9, 0xf3, 0xf8, 0x03, 0x21, 0x8e, 0xe3, 0x38, 0x42, 0x65, 0xbf, 0xb1, 0xa3, 0x64, - 0x0e, 0x8c, 0xa1, 0x02, 0x61, 0x00, 0xe6, 0x84, 0x8c, 0x31, 0xd4, 0x66, 0xff, 0xfe, 0xfc, 0x54, - 0x7e, 0x3a, 0x3b, 0x0d, 0x37, 0x85, 0xde, 0x6f, 0x78, 0xb0, 0xdd, 0x12, 0x61, 0x08, 0x43, 0x51, - 0x2e, 0x49, 0x56, 0x11, 0xa0, 0x67, 0x55, 0x09, 0xb1, 0x65, 0x0b, 0x27, 0x41, 0x50, 0x09, 0x83, - 0x8d, 0xd8, 0xe6, 0x8e, 0xec, 0x6e, 0x75, 0x30, 0x55, 0x3b, 0x63, 0x7d, 0x60, 0x24, 0x24, 0x64, - 0x3b, 0x33, 0xe8, 0xbc, 0x5b, 0x76, 0x2e, 0x17, 0x99, 0xbc, 0x79, 0xd5, 0x6b, 0x13, 0x25, 0x1d, - 0x36, 0xd4, 0xf2, 0x01, 0xda, 0x21, 0x82, 0x41, 0x6c, 0xe1, 0x35, 0x74, 0xe8, 0x82, 0x78, 0xff, - 0x04, 0x46, 0x7a, 0xd6, 0x02, 0xd9, 0x02, 0x61, 0x00, 0xde, 0x99, 0x4f, 0xdf, 0x18, 0x1f, 0x02, - 0xbe, 0x2b, 0xf9, 0xe5, 0xf5, 0xe4, 0xe5, 0x17, 0xa9, 0x49, 0x93, 0xb8, 0x27, 0xd1, 0xea, 0xf6, - 0x09, 0x03, 0x3e, 0x3a, 0x6a, 0x6f, 0x23, 0x96, 0xae, 0x7c, 0x44, 0xe9, 0xeb, 0x59, 0x4c, 0xf1, - 0x04, 0x4c, 0xb3, 0xad, 0x32, 0xea, 0x25, 0x8f, 0x0c, 0x82, 0x96, 0x3b, 0x27, 0xbb, 0x65, 0x0e, - 0xd2, 0x00, 0xcd, 0xe8, 0x2c, 0xb9, 0x93, 0x37, 0x4b, 0xe3, 0x4b, 0xe5, 0xb1, 0xc7, 0xea, 0xd5, - 0x44, 0x6a, 0x2b, 0x82, 0xa4, 0x48, 0x6e, 0x8c, 0x18, 0x10, 0xa0, 0xb0, 0x15, 0x51, 0x60, 0x9f, - 0xb0, 0x84, 0x1d, 0x47, 0x4b, 0xad, 0xa8, 0x02, 0xbd, 0x02, 0x60, 0x76, 0xdd, 0xae, 0x75, 0x1b, - 0x73, 0xa9, 0x59, 0xd0, 0xbf, 0xb8, 0xff, 0x49, 0xe7, 0xfc, 0xd3, 0x78, 0xe9, 0xbe, 0x30, 0x65, - 0x2e, 0xce, 0xfe, 0x35, 0xc8, 0x2c, 0xb8, 0x00, 0x3b, 0xc2, 0x9c, 0xc6, 0x0a, 0xe3, 0x80, 0x99, - 0x09, 0xba, 0xf2, 0x0c, 0x95, 0xdb, 0x95, 0x16, 0xfe, 0x68, 0x08, 0x65, 0x41, 0x71, 0x11, 0xd8, - 0xb1, 0x93, 0xdb, 0xcf, 0x30, 0x28, 0x1f, 0x12, 0x49, 0xde, 0x57, 0xc8, 0x58, 0xbf, 0x1b, 0xa3, - 0x2f, 0x5b, 0xb1, 0x59, 0x98, 0x00, 0xe8, 0x39, 0x8a, 0x9e, 0xf2, 0x5c, 0x7a, 0x64, 0x2c, 0x95, - 0x26, 0x1d, 0xa6, 0xf9, 0xc1, 0x76, 0x70, 0xe9, 0x72, 0x65, 0xb1, 0x02, 0x60, 0x73, 0x24, 0x82, - 0xb8, 0x37, 0xd5, 0xf2, 0xa9, 0x44, 0x3e, 0x23, 0xc1, 0xaa, 0x01, 0x06, 0xd8, 0x3e, 0x82, 0xf6, - 0xc3, 0x42, 0x46, 0x73, 0xb5, 0xfd, 0xc3, 0x76, 0x9c, 0x0f, 0x99, 0x2d, 0x1c, 0x5c, 0x93, 0x99, - 0x1c, 0x70, 0x38, 0xe8, 0x82, 0xfc, 0xda, 0x04, 0x41, 0x4d, 0xf4, 0xd7, 0xa5, 0xf4, 0xf6, 0x98, - 0xea, 0xd8, 0x78, 0x51, 0xce, 0x37, 0x34, 0x4b, 0x60, 0xb7, 0x2d, 0x7b, 0x70, 0xf9, 0xc6, 0x0c, - 0xae, 0x85, 0x66, 0xe7, 0xa2, 0x57, 0xf8, 0xe1, 0xbe, 0xf0, 0xe8, 0x9d, 0xf6, 0xe4, 0xc2, 0xf9, - 0xd2, 0x4d, 0x21, 0xd9, 0xf8, 0x88, 0x9e, 0x4c, 0x7e, 0xcc, 0xf9, 0x17, 0x51, 0x02, 0x60, 0x09, - 0x05, 0x0d, 0x94, 0x49, 0x3d, 0xa8, 0xf0, 0x0a, 0x4d, 0xdb, 0xe9, 0xc8, 0x00, 0xaf, 0xe3, 0xd4, - 0x4b, 0x43, 0xf7, 0x8a, 0x48, 0x94, 0x1a, 0x79, 0xb2, 0x81, 0x4a, 0x1f, 0x0b, 0x81, 0xa1, 0x8a, - 0x8b, 0x23, 0x47, 0x64, 0x2a, 0x03, 0xb2, 0x79, 0x98, 0xf5, 0xa1, 0x8d, 0xe9, 0xab, 0xc9, 0xae, - 0x0e, 0x54, 0xab, 0x82, 0x94, 0xfe, 0xac, 0x66, 0xdc, 0x87, 0xe8, 0x54, 0xcc, 0xe6, 0xf7, 0x27, - 0x8a, 0xc2, 0x71, 0x0c, 0xb5, 0x87, 0x8b, 0x59, 0x2f, 0xfe, 0xb1, 0xf4, 0xf0, 0xa1, 0x85, 0x3e, - 0x4e, 0x8d, 0x1d, 0x05, 0x61, 0xb6, 0xef, 0xcc, 0x83, 0x1a, 0x29, 0x6c, 0xf7, 0xee, 0xaf, -}; -const unsigned char test_rsa_1536_pub[] = { - 0x30, 0x81, 0xc9, 0x02, 0x81, 0xc1, 0x00, 0xc8, 0x70, 0xfe, 0xb6, 0xca, 0x6b, 0x1d, 0x2b, 0xd9, - 0xf2, 0xdd, 0x99, 0xe2, 0x0f, 0x1f, 0xe2, 0xd7, 0xe5, 0x19, 0x2d, 0xe6, 0x62, 0x22, 0x9d, 0xbe, - 0x16, 0x2b, 0xd1, 0xba, 0x66, 0x33, 0x6a, 0x71, 0x82, 0x90, 0x3c, 0xa0, 0xb7, 0x27, 0x96, 0xcd, - 0x44, 0x1c, 0x83, 0xd2, 0x4b, 0xcd, 0xc3, 0xe9, 0xa2, 0xf5, 0xe4, 0x39, 0x9c, 0x8a, 0x04, 0x3f, - 0x1c, 0x3d, 0xdf, 0x04, 0x75, 0x4a, 0x66, 0xd4, 0xcf, 0xe7, 0xb3, 0x67, 0x1a, 0x37, 0xdd, 0x31, - 0xa9, 0xb4, 0xc1, 0x3b, 0xfe, 0x06, 0xee, 0x90, 0xf9, 0xd9, 0x4d, 0xda, 0xa0, 0x6d, 0xe6, 0x7a, - 0x52, 0xac, 0x86, 0x3e, 0x68, 0xf7, 0x56, 0x73, 0x6c, 0xeb, 0x01, 0x44, 0x05, 0xa6, 0x16, 0x05, - 0x79, 0x64, 0x0f, 0x83, 0x1d, 0xdd, 0xcc, 0xc3, 0x4a, 0xd0, 0xb0, 0x50, 0x70, 0xe3, 0xf9, 0x95, - 0x4a, 0x58, 0xd1, 0x81, 0x58, 0x13, 0xe1, 0xb8, 0x3b, 0xca, 0xdb, 0xa8, 0x14, 0x78, 0x9c, 0x87, - 0xf1, 0xef, 0x2b, 0xa5, 0xd7, 0x38, 0xb7, 0x93, 0xec, 0x45, 0x6a, 0x67, 0x36, 0x0e, 0xea, 0x1b, - 0x5f, 0xaf, 0x1c, 0x7c, 0xc7, 0xbf, 0x24, 0xf3, 0xb2, 0xa9, 0xd0, 0xf8, 0x95, 0x8b, 0x10, 0x96, - 0xe0, 0xf0, 0xc3, 0x35, 0xf8, 0x88, 0x8d, 0x0c, 0x63, 0xa5, 0x1c, 0x3c, 0x03, 0x37, 0x21, 0x4f, - 0xa3, 0xf5, 0xef, 0xdf, 0x6d, 0xcc, 0x35, 0x02, 0x03, 0x01, 0x00, 0x01, -}; - -const unsigned char test_rsa_2048_priv[] = { - 0x30, 0x82, 0x04, 0xa3, 0x02, 0x01, 0x00, 0x02, 0x82, 0x01, 0x01, 0x00, 0xf7, 0xbb, 0x6b, 0x8e, - 0xab, 0x40, 0x49, 0x1c, 0xd6, 0x44, 0x55, 0xec, 0x04, 0xd4, 0xed, 0x8d, 0xb5, 0x05, 0x1a, 0x97, - 0x38, 0xfc, 0x7a, 0xf7, 0x3f, 0xf3, 0xb0, 0x97, 0x51, 0x1c, 0xce, 0x40, 0xaa, 0xf7, 0x65, 0x37, - 0xb1, 0x35, 0x35, 0x04, 0x42, 0x79, 0x86, 0xb7, 0xb2, 0xb5, 0x3a, 0x96, 0x4a, 0x69, 0x37, 0xb5, - 0x58, 0xec, 0x0d, 0x1d, 0xea, 0x27, 0x4a, 0xf2, 0xb8, 0xff, 0xf2, 0xf0, 0x94, 0xc2, 0x43, 0xfa, - 0x57, 0x72, 0x66, 0xa7, 0x9d, 0xb0, 0xc2, 0x6f, 0xfe, 0x30, 0x41, 0x6d, 0x23, 0xef, 0x05, 0xdd, - 0x5f, 0xec, 0xab, 0x41, 0x3e, 0xbb, 0xb4, 0xf8, 0x52, 0x6a, 0xe7, 0x20, 0xa9, 0x45, 0x84, 0x22, - 0x6b, 0x37, 0xd9, 0x2e, 0xf4, 0x63, 0xfc, 0x73, 0x6c, 0xb3, 0x8e, 0x53, 0x0e, 0x74, 0x88, 0xd9, - 0x16, 0x2f, 0x57, 0x26, 0x80, 0x7b, 0xc5, 0x43, 0x13, 0x8a, 0x2d, 0x25, 0x8a, 0xdb, 0x4d, 0x68, - 0x02, 0x21, 0xc2, 0x53, 0x23, 0x81, 0xcc, 0xfa, 0x81, 0xbc, 0x89, 0xbc, 0x3d, 0x7b, 0x84, 0x03, - 0x9c, 0x2d, 0xf4, 0x1c, 0xe3, 0xec, 0x8d, 0xb9, 0x1c, 0x23, 0x80, 0xe7, 0x81, 0xba, 0x3a, 0xa9, - 0xe2, 0x3b, 0x74, 0xed, 0x99, 0x73, 0xd4, 0x90, 0x8e, 0xfc, 0xa4, 0x7a, 0xa8, 0xd9, 0xb7, 0xb0, - 0xa4, 0x42, 0x32, 0x97, 0xa4, 0x04, 0x42, 0x7c, 0x3f, 0x3c, 0xd6, 0xe0, 0x78, 0x2e, 0x45, 0x53, - 0x88, 0x0f, 0x06, 0xba, 0x39, 0xa6, 0x4f, 0x4a, 0x7b, 0x0e, 0xef, 0x92, 0x1a, 0x60, 0x50, 0xa2, - 0x07, 0xce, 0xfa, 0xdc, 0xf0, 0x73, 0x94, 0xa3, 0xe1, 0x8e, 0xa9, 0x15, 0xdc, 0x84, 0x97, 0xe7, - 0xae, 0x61, 0xfc, 0x31, 0x62, 0xf6, 0x2f, 0x50, 0x65, 0xa6, 0x92, 0xaf, 0x07, 0x72, 0x66, 0xf7, - 0x36, 0x0c, 0x20, 0x76, 0xce, 0xbe, 0xaf, 0x14, 0xcb, 0x22, 0xc1, 0xed, 0x02, 0x03, 0x01, 0x00, - 0x01, 0x02, 0x82, 0x01, 0x00, 0x00, 0xb8, 0x96, 0x2d, 0xce, 0x60, 0x4b, 0xc6, 0x2e, 0x76, 0x78, - 0xf4, 0x8c, 0xa8, 0x0c, 0xff, 0xf4, 0x56, 0xad, 0x36, 0xe2, 0xf6, 0xd3, 0x29, 0xcc, 0x91, 0x1a, - 0x42, 0xba, 0x7c, 0xf5, 0xb9, 0xb8, 0xf5, 0xaa, 0xe1, 0x00, 0x5e, 0x4a, 0x06, 0xf6, 0xe5, 0x91, - 0x27, 0x90, 0x38, 0xd8, 0x50, 0x8f, 0x2b, 0x62, 0xba, 0xdf, 0xa5, 0x22, 0x3d, 0xa3, 0xcc, 0x94, - 0xfa, 0x83, 0x60, 0xd5, 0x55, 0x6f, 0x6d, 0x68, 0x52, 0xbe, 0x75, 0xea, 0x08, 0x13, 0x5c, 0xac, - 0x18, 0x34, 0xda, 0x71, 0x9a, 0x4e, 0x78, 0x37, 0xe1, 0x66, 0xd1, 0xd2, 0xc6, 0xc8, 0x16, 0xb6, - 0x46, 0x61, 0xc1, 0x07, 0x66, 0xb0, 0x2f, 0x70, 0x5c, 0xc4, 0x48, 0x9f, 0x94, 0x74, 0x28, 0x25, - 0x58, 0x35, 0xa9, 0x09, 0x21, 0x43, 0x41, 0xc2, 0x13, 0x35, 0xae, 0x12, 0x18, 0x1d, 0xd8, 0x1e, - 0x61, 0x1d, 0x59, 0xb1, 0xdb, 0x70, 0x66, 0x7b, 0xeb, 0xd7, 0xe9, 0x2b, 0x71, 0xe1, 0xd3, 0x88, - 0x31, 0x8d, 0x3e, 0xc1, 0x4d, 0x61, 0x6f, 0x72, 0xc2, 0x31, 0xf6, 0x72, 0x7a, 0x18, 0x3e, 0x68, - 0x18, 0x28, 0x5b, 0xd6, 0x5f, 0x65, 0x72, 0xca, 0xdc, 0x90, 0x12, 0x24, 0x88, 0x21, 0xb2, 0xd0, - 0xae, 0x6c, 0xed, 0xd3, 0x0c, 0xa4, 0x40, 0xd4, 0xd3, 0x4c, 0xd7, 0x7e, 0x2c, 0xf6, 0xb4, 0x0e, - 0xd2, 0xc7, 0xd8, 0x56, 0xb3, 0x0d, 0x47, 0x47, 0x33, 0xfc, 0xe0, 0xfb, 0x69, 0x5c, 0x3e, 0x65, - 0x30, 0xc0, 0x79, 0xae, 0xd9, 0x55, 0xe4, 0x07, 0x30, 0x55, 0xf2, 0x65, 0x5d, 0x4b, 0x67, 0x1e, - 0x29, 0x1f, 0xde, 0x40, 0x0f, 0x2f, 0x06, 0xd0, 0xb3, 0x3f, 0x87, 0xd2, 0x61, 0xe0, 0xad, 0x3d, - 0xae, 0x48, 0xa9, 0x13, 0x84, 0x1b, 0x34, 0xcf, 0xed, 0x03, 0x79, 0x0f, 0xca, 0xee, 0x00, 0xde, - 0x2e, 0x90, 0xfb, 0x96, 0x21, 0x02, 0x81, 0x81, 0x00, 0xfc, 0xbe, 0x89, 0xcd, 0x1a, 0xa3, 0x19, - 0xe4, 0x9e, 0xf4, 0xf7, 0x21, 0x49, 0xbf, 0x06, 0xda, 0x57, 0xdc, 0xc6, 0x4d, 0x3d, 0xe6, 0x05, - 0xe9, 0xff, 0x3e, 0x76, 0xfc, 0x66, 0xf4, 0xb1, 0xe2, 0x87, 0x82, 0x45, 0xff, 0xd7, 0x19, 0x90, - 0x51, 0x1b, 0x17, 0xe9, 0x7f, 0x33, 0x81, 0x88, 0x89, 0xa8, 0xc2, 0x1b, 0x55, 0x27, 0xfd, 0x18, - 0x13, 0x27, 0xaf, 0xfe, 0x88, 0xf9, 0xbb, 0xa6, 0x70, 0xc4, 0xe6, 0xf1, 0xe6, 0x30, 0x9b, 0xd0, - 0x32, 0x30, 0x74, 0xe4, 0xcb, 0xcf, 0x23, 0xdc, 0xe3, 0xc1, 0x9b, 0x8d, 0x54, 0x95, 0xf5, 0x6a, - 0x93, 0x05, 0x9b, 0xa7, 0x41, 0x4f, 0x28, 0xed, 0x1e, 0xc9, 0x06, 0xad, 0x18, 0xc6, 0x3d, 0xe1, - 0x14, 0x8a, 0xbc, 0xfe, 0x9b, 0xe7, 0x98, 0x60, 0x00, 0xf4, 0x25, 0xe5, 0x80, 0xb7, 0x0e, 0x43, - 0xe4, 0x8e, 0x24, 0xfa, 0x9d, 0x51, 0xaa, 0xae, 0x4d, 0x02, 0x81, 0x81, 0x00, 0xfa, 0xec, 0x5a, - 0x7b, 0xed, 0x2e, 0x53, 0xcf, 0xca, 0x1e, 0x16, 0x7d, 0xb4, 0x64, 0x1d, 0xb5, 0xa0, 0x0f, 0xe2, - 0xc3, 0x28, 0x12, 0x54, 0x23, 0xd5, 0x94, 0x78, 0x9f, 0x3e, 0xc0, 0x72, 0xc6, 0x23, 0xe7, 0xaf, - 0xbd, 0xee, 0x00, 0x89, 0xfd, 0x26, 0x30, 0x76, 0x51, 0xf6, 0xd3, 0x61, 0x1a, 0x88, 0xaf, 0x28, - 0xc3, 0x45, 0x85, 0xd5, 0xcb, 0x71, 0x3a, 0x65, 0x0c, 0x35, 0x93, 0x3f, 0x58, 0x94, 0x4d, 0xb9, - 0xbd, 0x15, 0xba, 0x9f, 0xc2, 0x8b, 0x07, 0xe6, 0x70, 0x5b, 0x7b, 0x3e, 0xf1, 0xcc, 0xb4, 0x8d, - 0x21, 0xa5, 0x35, 0x69, 0xc8, 0xb8, 0x4c, 0x44, 0x4b, 0x61, 0xea, 0x5c, 0x6e, 0x67, 0xb5, 0x4f, - 0x0a, 0xfd, 0x85, 0x2f, 0xfb, 0x8c, 0x92, 0xa1, 0x11, 0xfa, 0xb8, 0x67, 0x72, 0x63, 0xee, 0xb8, - 0x0c, 0xf1, 0xa3, 0x40, 0x3b, 0x4a, 0x9a, 0x20, 0x97, 0x76, 0x94, 0x72, 0x21, 0x02, 0x81, 0x80, - 0x2f, 0xf9, 0x9a, 0xfe, 0xab, 0xc7, 0xb9, 0xea, 0x83, 0xa1, 0xcc, 0x27, 0x2d, 0x70, 0x6d, 0x44, - 0x94, 0xd8, 0xfb, 0x6b, 0x3e, 0x0c, 0xa3, 0xa2, 0xbf, 0x28, 0x84, 0x3d, 0x74, 0xed, 0x8d, 0xb6, - 0x8a, 0x32, 0x58, 0x47, 0x2f, 0xf5, 0x52, 0x47, 0x92, 0xf4, 0xff, 0x05, 0x7e, 0x29, 0x60, 0x59, - 0x81, 0x07, 0x17, 0x59, 0x1a, 0xb6, 0x18, 0x13, 0xca, 0xbc, 0xc5, 0x7c, 0x0a, 0xab, 0x6b, 0xf4, - 0x8b, 0xeb, 0xaa, 0x8f, 0x1f, 0x3a, 0xf4, 0x52, 0x12, 0x90, 0x9d, 0xbd, 0x72, 0x1c, 0x44, 0x99, - 0x96, 0xee, 0x87, 0xed, 0x3e, 0x69, 0xcf, 0x49, 0x09, 0x0f, 0x7a, 0xb8, 0x12, 0xe6, 0x99, 0xdb, - 0xf6, 0x1c, 0xa6, 0x4e, 0xc5, 0x92, 0x89, 0x5e, 0xf4, 0xd6, 0xdb, 0x1d, 0x8c, 0xe0, 0x87, 0x98, - 0xa6, 0xbf, 0x6a, 0xc8, 0xfb, 0xf6, 0x61, 0x3c, 0xc9, 0x1e, 0x8b, 0xd3, 0xc0, 0xe4, 0xbd, 0x21, - 0x02, 0x81, 0x81, 0x00, 0xb2, 0x9b, 0x34, 0x59, 0x0b, 0xdd, 0xb3, 0x08, 0xaf, 0xec, 0xb4, 0xc3, - 0xab, 0x78, 0xab, 0xf1, 0x11, 0x4a, 0xdd, 0x75, 0x5e, 0x7b, 0x95, 0x6a, 0xa0, 0x67, 0x7b, 0x68, - 0x96, 0xa9, 0x33, 0xc9, 0x37, 0xdb, 0x7d, 0xab, 0xaa, 0xd2, 0xb5, 0x65, 0xfd, 0x1d, 0xf7, 0xca, - 0xa5, 0xef, 0x96, 0x29, 0xe5, 0xeb, 0x10, 0x0f, 0xd6, 0xd7, 0xc9, 0xf3, 0x72, 0xd8, 0x46, 0xfe, - 0xe6, 0xcf, 0xb6, 0x02, 0x5e, 0x25, 0xe9, 0x34, 0xdf, 0x57, 0xa4, 0xca, 0x3c, 0x5e, 0x56, 0x37, - 0xd9, 0xd6, 0x23, 0x5a, 0xc8, 0x04, 0x28, 0x85, 0x2f, 0x6c, 0x92, 0xac, 0xae, 0x0a, 0x93, 0x7e, - 0x38, 0xe7, 0x31, 0xfd, 0xe0, 0x52, 0x1d, 0x3e, 0x4c, 0x70, 0xd6, 0x53, 0xae, 0x9e, 0xdc, 0x89, - 0xc8, 0xb6, 0x23, 0xe4, 0x37, 0x9f, 0xbf, 0x60, 0x6f, 0x4b, 0x6d, 0xb8, 0x06, 0x85, 0x28, 0xf7, - 0xc7, 0x0f, 0x29, 0x21, 0x02, 0x81, 0x80, 0x0e, 0xd4, 0x7a, 0xe0, 0x5b, 0x27, 0x5a, 0x23, 0xa7, - 0xdf, 0xe3, 0xff, 0xb7, 0x27, 0xe3, 0xa2, 0x68, 0xe6, 0x26, 0xa5, 0x9d, 0x40, 0x1d, 0x2d, 0x84, - 0x6d, 0xe2, 0x69, 0x54, 0xff, 0x54, 0xfc, 0x9e, 0xd9, 0x3a, 0x9a, 0xf3, 0x3f, 0xac, 0x2c, 0x96, - 0x7a, 0x18, 0xe0, 0xf8, 0x61, 0x45, 0x08, 0x3e, 0x39, 0x92, 0x34, 0x54, 0xbc, 0x10, 0xda, 0x5f, - 0x49, 0x37, 0xe8, 0x36, 0xb9, 0x98, 0x51, 0x95, 0x6b, 0xff, 0xb3, 0x01, 0xce, 0x9e, 0x06, 0x78, - 0x97, 0x86, 0x69, 0x32, 0x13, 0xfc, 0xde, 0x6d, 0x5f, 0x29, 0x33, 0xd5, 0x2b, 0xb2, 0x9d, 0xc3, - 0x40, 0xea, 0x01, 0x12, 0x57, 0x78, 0x8d, 0x3c, 0x57, 0x75, 0xeb, 0x65, 0x69, 0x23, 0x0a, 0xaf, - 0xbf, 0x08, 0x75, 0x2d, 0x40, 0xa8, 0x41, 0x9d, 0xe7, 0x1b, 0x01, 0xd4, 0x92, 0x7e, 0x27, 0xc1, - 0x07, 0x9c, 0xaa, 0xda, 0x05, 0x68, 0xb1, -}; -const unsigned char test_rsa_2048_pub[] = { - 0x30, 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00, 0xf7, 0xbb, 0x6b, 0x8e, 0xab, 0x40, 0x49, - 0x1c, 0xd6, 0x44, 0x55, 0xec, 0x04, 0xd4, 0xed, 0x8d, 0xb5, 0x05, 0x1a, 0x97, 0x38, 0xfc, 0x7a, - 0xf7, 0x3f, 0xf3, 0xb0, 0x97, 0x51, 0x1c, 0xce, 0x40, 0xaa, 0xf7, 0x65, 0x37, 0xb1, 0x35, 0x35, - 0x04, 0x42, 0x79, 0x86, 0xb7, 0xb2, 0xb5, 0x3a, 0x96, 0x4a, 0x69, 0x37, 0xb5, 0x58, 0xec, 0x0d, - 0x1d, 0xea, 0x27, 0x4a, 0xf2, 0xb8, 0xff, 0xf2, 0xf0, 0x94, 0xc2, 0x43, 0xfa, 0x57, 0x72, 0x66, - 0xa7, 0x9d, 0xb0, 0xc2, 0x6f, 0xfe, 0x30, 0x41, 0x6d, 0x23, 0xef, 0x05, 0xdd, 0x5f, 0xec, 0xab, - 0x41, 0x3e, 0xbb, 0xb4, 0xf8, 0x52, 0x6a, 0xe7, 0x20, 0xa9, 0x45, 0x84, 0x22, 0x6b, 0x37, 0xd9, - 0x2e, 0xf4, 0x63, 0xfc, 0x73, 0x6c, 0xb3, 0x8e, 0x53, 0x0e, 0x74, 0x88, 0xd9, 0x16, 0x2f, 0x57, - 0x26, 0x80, 0x7b, 0xc5, 0x43, 0x13, 0x8a, 0x2d, 0x25, 0x8a, 0xdb, 0x4d, 0x68, 0x02, 0x21, 0xc2, - 0x53, 0x23, 0x81, 0xcc, 0xfa, 0x81, 0xbc, 0x89, 0xbc, 0x3d, 0x7b, 0x84, 0x03, 0x9c, 0x2d, 0xf4, - 0x1c, 0xe3, 0xec, 0x8d, 0xb9, 0x1c, 0x23, 0x80, 0xe7, 0x81, 0xba, 0x3a, 0xa9, 0xe2, 0x3b, 0x74, - 0xed, 0x99, 0x73, 0xd4, 0x90, 0x8e, 0xfc, 0xa4, 0x7a, 0xa8, 0xd9, 0xb7, 0xb0, 0xa4, 0x42, 0x32, - 0x97, 0xa4, 0x04, 0x42, 0x7c, 0x3f, 0x3c, 0xd6, 0xe0, 0x78, 0x2e, 0x45, 0x53, 0x88, 0x0f, 0x06, - 0xba, 0x39, 0xa6, 0x4f, 0x4a, 0x7b, 0x0e, 0xef, 0x92, 0x1a, 0x60, 0x50, 0xa2, 0x07, 0xce, 0xfa, - 0xdc, 0xf0, 0x73, 0x94, 0xa3, 0xe1, 0x8e, 0xa9, 0x15, 0xdc, 0x84, 0x97, 0xe7, 0xae, 0x61, 0xfc, - 0x31, 0x62, 0xf6, 0x2f, 0x50, 0x65, 0xa6, 0x92, 0xaf, 0x07, 0x72, 0x66, 0xf7, 0x36, 0x0c, 0x20, - 0x76, 0xce, 0xbe, 0xaf, 0x14, 0xcb, 0x22, 0xc1, 0xed, 0x02, 0x03, 0x01, 0x00, 0x01, -}; - -const unsigned char test_rsa_4096_priv[] = { - 0x30, 0x82, 0x09, 0x29, 0x02, 0x01, 0x00, 0x02, 0x82, 0x02, 0x01, 0x00, 0xcc, 0x87, 0x25, 0xf6, - 0xb3, 0x8d, 0x5d, 0x01, 0xae, 0xeb, 0x07, 0xd3, 0x6e, 0x03, 0xde, 0x4d, 0x31, 0xa0, 0x26, 0x1c, - 0xe7, 0x4f, 0xe1, 0x1a, 0x89, 0x5e, 0xcf, 0xd1, 0x3d, 0x16, 0x8a, 0xee, 0x93, 0x2a, 0xf1, 0x35, - 0xff, 0xbb, 0x84, 0x98, 0x77, 0x27, 0x38, 0x97, 0x08, 0x1f, 0x3f, 0x75, 0x93, 0xc1, 0x4a, 0xe8, - 0x2b, 0xc2, 0x66, 0xc1, 0x05, 0x44, 0xf7, 0x26, 0xae, 0x1c, 0xcf, 0x13, 0x3d, 0x8a, 0x40, 0x18, - 0xd3, 0x80, 0xdf, 0xa2, 0x52, 0x51, 0xc0, 0x11, 0x10, 0x7b, 0x75, 0x13, 0xa9, 0x43, 0x34, 0x6a, - 0xa0, 0xe0, 0xde, 0xc1, 0x1d, 0x8d, 0x7f, 0xa2, 0x56, 0x44, 0x65, 0x3c, 0x11, 0x8d, 0xaa, 0xbc, - 0xe6, 0xd4, 0x1f, 0x06, 0x6f, 0x66, 0x21, 0x76, 0x88, 0x01, 0x47, 0x80, 0x55, 0x78, 0x0e, 0x91, - 0xb6, 0x8e, 0xa3, 0xc9, 0x58, 0x56, 0xd1, 0x72, 0xa8, 0x90, 0x32, 0xb3, 0x9c, 0x82, 0x4e, 0x8b, - 0x7d, 0xc1, 0xa3, 0xf8, 0xae, 0xe4, 0xf6, 0xb3, 0x68, 0xba, 0xa3, 0xcd, 0x68, 0xf5, 0x0d, 0x52, - 0x68, 0x01, 0x17, 0xe9, 0xb9, 0x13, 0xd7, 0xf8, 0xc8, 0x52, 0xa0, 0xd1, 0x00, 0x8e, 0x8b, 0x87, - 0xa5, 0xc9, 0x7e, 0x37, 0xaf, 0xc1, 0x1a, 0x08, 0x05, 0x50, 0x55, 0x7b, 0x8b, 0x4d, 0xcb, 0xd8, - 0xe1, 0x92, 0xed, 0x33, 0x66, 0xd8, 0x3a, 0x09, 0xd2, 0x7c, 0x77, 0xe1, 0x50, 0xf6, 0x68, 0x55, - 0xb5, 0xdc, 0xfd, 0xb2, 0xdf, 0x15, 0x1b, 0xd7, 0xf4, 0x44, 0x25, 0x0e, 0xaf, 0x6f, 0xe3, 0xf2, - 0x36, 0x82, 0x6c, 0x81, 0xfa, 0x84, 0x81, 0x01, 0xbf, 0xaa, 0xd5, 0x35, 0xff, 0xb5, 0x22, 0xd6, - 0xff, 0x97, 0xc9, 0xdd, 0x1e, 0x43, 0xb8, 0x2c, 0xce, 0x29, 0x21, 0xd1, 0x53, 0xc1, 0x54, 0x50, - 0xc4, 0x72, 0x4f, 0xfd, 0x3e, 0xfd, 0xca, 0x57, 0x8e, 0x01, 0x36, 0x50, 0xa0, 0x3a, 0x5c, 0xf5, - 0x01, 0xfc, 0x58, 0x60, 0x0f, 0xb5, 0xc8, 0x60, 0xc0, 0xef, 0x0c, 0xfe, 0x0a, 0xc0, 0x71, 0x2d, - 0x44, 0x13, 0x13, 0xdc, 0xa4, 0x1a, 0x4d, 0x7d, 0x41, 0x1e, 0x6c, 0x83, 0xb2, 0x15, 0x17, 0x49, - 0xd2, 0x8b, 0xe4, 0x69, 0x2f, 0x62, 0x37, 0x3d, 0xb0, 0x7e, 0x4a, 0x79, 0x05, 0x1c, 0x56, 0x82, - 0xec, 0x20, 0xd4, 0x91, 0xc4, 0xcf, 0xc7, 0xbc, 0x14, 0x0f, 0x35, 0xfa, 0x15, 0xe5, 0xa1, 0xfa, - 0x75, 0x6d, 0x65, 0xb8, 0xef, 0x93, 0xad, 0xdf, 0x4c, 0x47, 0xc4, 0xa3, 0x5b, 0x18, 0x4f, 0x22, - 0xa1, 0xef, 0x08, 0x99, 0x48, 0xf9, 0x46, 0xf6, 0xfa, 0xeb, 0x64, 0x70, 0xf2, 0x67, 0x46, 0xe6, - 0x58, 0xcf, 0x9b, 0x41, 0x77, 0x41, 0x78, 0x42, 0xe6, 0xd3, 0x73, 0x55, 0x80, 0x89, 0xaf, 0xf7, - 0x21, 0xb9, 0x30, 0xe9, 0xec, 0x61, 0xb4, 0xf6, 0xa0, 0x2c, 0x05, 0x2c, 0x69, 0x24, 0xd3, 0x9a, - 0x5b, 0xbb, 0x15, 0xed, 0x11, 0x06, 0xc4, 0x01, 0x0f, 0x4d, 0xd6, 0x9c, 0x79, 0xd0, 0x42, 0xc8, - 0xb3, 0x16, 0x61, 0xb1, 0xee, 0x48, 0x6b, 0xc6, 0x9d, 0xb5, 0xf2, 0xf0, 0x7a, 0x50, 0xd8, 0x5b, - 0x20, 0x69, 0x9d, 0x60, 0x13, 0x15, 0x62, 0x5b, 0xb8, 0x69, 0x62, 0x9c, 0x7f, 0x4c, 0x5d, 0x48, - 0xb2, 0x11, 0xd0, 0x97, 0xf4, 0x38, 0xac, 0xec, 0x95, 0x97, 0x3a, 0x38, 0xd4, 0x21, 0x09, 0x0a, - 0xf0, 0xf1, 0x34, 0x84, 0xe4, 0xe9, 0x4b, 0x8c, 0xb5, 0xef, 0xc1, 0x85, 0x07, 0xf4, 0xb9, 0x31, - 0xdf, 0x39, 0x98, 0x7f, 0xfb, 0x28, 0x30, 0x29, 0x3e, 0x4d, 0xa3, 0x81, 0xaa, 0xf7, 0x0b, 0x32, - 0x92, 0x95, 0x2e, 0xf9, 0x34, 0xe2, 0xb4, 0x0f, 0xde, 0xbb, 0xa3, 0xd9, 0x70, 0x1b, 0x76, 0xe1, - 0xbe, 0x54, 0x82, 0x74, 0xb2, 0x60, 0x2d, 0x88, 0x85, 0x37, 0x48, 0x2d, 0x02, 0x03, 0x01, 0x00, - 0x01, 0x02, 0x82, 0x02, 0x00, 0x1a, 0x94, 0x3e, 0x9c, 0x00, 0x89, 0xf0, 0xaa, 0x01, 0x16, 0x04, - 0x8a, 0x96, 0xab, 0xb4, 0x86, 0x32, 0x1a, 0x86, 0x91, 0x6f, 0x82, 0xfb, 0x35, 0x24, 0x60, 0x78, - 0x9f, 0xcf, 0xb1, 0x40, 0x05, 0x50, 0x85, 0x3e, 0x5a, 0xfe, 0xdc, 0x9a, 0xd6, 0xe8, 0x77, 0x25, - 0x9c, 0xc4, 0xfe, 0xb0, 0x93, 0xc2, 0x4b, 0x96, 0x85, 0x34, 0xf8, 0x9a, 0xbb, 0x5f, 0x48, 0xae, - 0xd8, 0xad, 0x3c, 0x4b, 0xb1, 0xcb, 0xa7, 0xcd, 0x7c, 0x1c, 0x72, 0x4d, 0x3d, 0xae, 0x36, 0x77, - 0x00, 0x10, 0xb5, 0x06, 0x8a, 0x33, 0x4f, 0x2b, 0x3e, 0xe7, 0x20, 0xc9, 0xf9, 0xed, 0x32, 0x00, - 0x01, 0xf3, 0xf5, 0x87, 0xf5, 0x66, 0x2f, 0x93, 0x9e, 0x60, 0x5d, 0xf5, 0x19, 0x34, 0x3d, 0x60, - 0xc0, 0x63, 0x5c, 0xcd, 0x32, 0xb1, 0x88, 0xbc, 0x55, 0xf5, 0xd4, 0x34, 0x17, 0x3c, 0x9e, 0x6d, - 0xb2, 0x19, 0x93, 0x41, 0xaf, 0x83, 0x39, 0x90, 0xe5, 0x02, 0x46, 0xf9, 0x9c, 0xdd, 0xf7, 0x9d, - 0xd2, 0xc3, 0x5b, 0xab, 0xe1, 0x4c, 0x10, 0x3a, 0x76, 0xb8, 0xd2, 0xd9, 0x8d, 0x73, 0x52, 0x8f, - 0x98, 0xc2, 0x49, 0xb0, 0xa1, 0xf0, 0x91, 0x55, 0xb3, 0x1f, 0x59, 0x9f, 0xc8, 0x33, 0x54, 0x24, - 0x22, 0xa2, 0x34, 0x26, 0x23, 0xbb, 0xbe, 0xf4, 0xac, 0x7e, 0xe6, 0x05, 0xe2, 0xcd, 0xec, 0xf0, - 0x1f, 0xea, 0x25, 0x68, 0x3b, 0xd4, 0xf6, 0x6c, 0xa9, 0x24, 0xcc, 0xef, 0x00, 0x41, 0x8a, 0xdf, - 0xf7, 0x30, 0xc4, 0x71, 0x4f, 0x66, 0xff, 0xa2, 0xaf, 0x0d, 0xa3, 0xe5, 0xdf, 0x7f, 0x53, 0x9c, - 0x63, 0x42, 0x89, 0xfc, 0x12, 0xbc, 0x24, 0x09, 0x3e, 0xc8, 0xf0, 0xec, 0x18, 0x0a, 0xf0, 0x90, - 0x7c, 0xec, 0x1e, 0xbe, 0xc9, 0x11, 0xfa, 0x18, 0x0f, 0xb5, 0xf3, 0xc8, 0x0e, 0xd8, 0x52, 0x89, - 0x6a, 0xd6, 0xe6, 0xb3, 0xec, 0xcb, 0x44, 0xde, 0x62, 0x19, 0x3d, 0x52, 0x11, 0x8c, 0xab, 0x2b, - 0x17, 0x10, 0x71, 0xd5, 0xfd, 0xaa, 0x7c, 0x42, 0x88, 0xfc, 0x77, 0x66, 0xd5, 0x77, 0x74, 0xf4, - 0xbe, 0x46, 0x15, 0x1b, 0xb9, 0x0a, 0xce, 0x7c, 0x10, 0xc2, 0x15, 0xf6, 0x2e, 0xd2, 0x6e, 0x52, - 0xe6, 0x12, 0x24, 0x36, 0xf5, 0x32, 0xbd, 0x54, 0xfc, 0x08, 0x27, 0x2a, 0xdb, 0x21, 0x6a, 0x2d, - 0xb4, 0x33, 0xd5, 0x69, 0x9c, 0x40, 0xad, 0x58, 0xfa, 0xa2, 0x66, 0x08, 0x98, 0xff, 0xcc, 0xfc, - 0x98, 0x00, 0x2f, 0x8b, 0xb0, 0x36, 0x1b, 0x4c, 0xf9, 0xed, 0x6e, 0x93, 0xc1, 0xca, 0x96, 0xd3, - 0x4a, 0x1e, 0xf4, 0x04, 0x60, 0xf8, 0x59, 0x18, 0xcf, 0xde, 0x4a, 0x81, 0x93, 0xb5, 0x1e, 0xce, - 0xa4, 0xb3, 0x90, 0x3c, 0xae, 0x92, 0x4a, 0x8f, 0xad, 0x5f, 0x83, 0x08, 0x95, 0x4c, 0x9f, 0x19, - 0xa7, 0x59, 0x7b, 0xf0, 0xa7, 0x51, 0x26, 0xa5, 0x57, 0xe4, 0x9f, 0x8b, 0xbd, 0x31, 0xfc, 0x4e, - 0x85, 0x56, 0xf2, 0x30, 0x64, 0x0b, 0xf3, 0x62, 0x04, 0xc6, 0xcf, 0x3d, 0x56, 0xdc, 0xa5, 0xa4, - 0x1d, 0x86, 0x03, 0x07, 0xba, 0x67, 0x05, 0xa6, 0x98, 0x68, 0x11, 0x00, 0xa3, 0x27, 0xf9, 0x17, - 0x39, 0xc4, 0x86, 0xc4, 0x70, 0xba, 0x71, 0xd0, 0x3d, 0x28, 0x53, 0x14, 0xb0, 0xd7, 0xd0, 0x40, - 0x08, 0xe0, 0x3f, 0x2a, 0x2b, 0x85, 0xe7, 0xc2, 0x43, 0xd6, 0xfd, 0x9b, 0x97, 0xa0, 0x21, 0x68, - 0xc0, 0x69, 0xec, 0x57, 0x2d, 0x3f, 0x0c, 0xa1, 0x5e, 0xbc, 0xb1, 0x73, 0x9f, 0x3a, 0x0b, 0x3c, - 0x14, 0x7a, 0x88, 0xe0, 0xb7, 0x4f, 0x45, 0xa0, 0x07, 0xae, 0x92, 0x7d, 0x6f, 0x82, 0x2b, 0xf5, - 0x0b, 0x87, 0xb1, 0xe9, 0x3f, 0xe7, 0xd9, 0x18, 0x0b, 0xc6, 0xbc, 0x12, 0xbd, 0xe6, 0xc8, 0x07, - 0x0d, 0x10, 0xc9, 0x73, 0x31, 0x02, 0x82, 0x01, 0x01, 0x00, 0xf5, 0x0e, 0xbc, 0xea, 0xc9, 0xd3, - 0xc6, 0x44, 0x82, 0xa8, 0xc2, 0x65, 0xd6, 0x36, 0x54, 0x61, 0xaa, 0x4a, 0x31, 0xa6, 0xa7, 0x63, - 0x3a, 0x24, 0xc8, 0xe3, 0x47, 0x94, 0xec, 0xdf, 0xca, 0xb1, 0xd6, 0xb5, 0x2f, 0xb6, 0xa5, 0xf3, - 0x80, 0x55, 0xcc, 0x32, 0xd6, 0xa6, 0x1b, 0x88, 0x95, 0x50, 0xde, 0x27, 0xb3, 0xd0, 0xbd, 0x68, - 0xb6, 0xd4, 0xfd, 0xa0, 0x41, 0x59, 0x8a, 0xb9, 0x88, 0x87, 0x14, 0x39, 0x88, 0x57, 0x68, 0x06, - 0xb1, 0xc4, 0x87, 0x20, 0x79, 0x49, 0x02, 0x95, 0x2e, 0xbe, 0x1b, 0xf0, 0xde, 0xf6, 0x5a, 0x0e, - 0x6f, 0x94, 0x06, 0x70, 0x56, 0xe6, 0x86, 0x4f, 0xa2, 0x88, 0x2e, 0x3a, 0x16, 0xf2, 0x46, 0x28, - 0x20, 0x93, 0xd0, 0x37, 0x63, 0x90, 0x78, 0x18, 0x2d, 0xd0, 0xa6, 0xeb, 0x21, 0xd3, 0xba, 0xd0, - 0x63, 0x79, 0x01, 0xa2, 0x68, 0xb1, 0x4c, 0x63, 0x2c, 0x9d, 0x0b, 0x16, 0x90, 0xed, 0x88, 0xab, - 0xdd, 0xe0, 0x3f, 0x52, 0x82, 0x47, 0xaa, 0x2e, 0x41, 0x55, 0x7d, 0x08, 0x65, 0xad, 0x34, 0xe5, - 0x3f, 0xf5, 0x3a, 0xe0, 0xe5, 0xde, 0xa1, 0x95, 0xd9, 0x3f, 0xe6, 0x5c, 0x25, 0x87, 0x1f, 0x6f, - 0x23, 0xad, 0xf3, 0x4b, 0x6e, 0x96, 0x0c, 0x29, 0x78, 0xf2, 0xb7, 0x47, 0x5d, 0xaf, 0xce, 0x6c, - 0xbb, 0x26, 0xa5, 0x39, 0x34, 0xd2, 0x6c, 0x19, 0x3d, 0x67, 0xf3, 0x2d, 0xe9, 0x10, 0x35, 0xee, - 0xb8, 0x90, 0x22, 0xbe, 0xb7, 0xd5, 0xdf, 0x78, 0x4a, 0xc2, 0x0c, 0xa6, 0xab, 0x91, 0xbf, 0x6b, - 0x77, 0x5b, 0x6c, 0x94, 0x16, 0xf6, 0x05, 0xb4, 0x84, 0x17, 0x36, 0xcb, 0xfb, 0xd2, 0x2a, 0xd9, - 0x8a, 0xb2, 0xe8, 0x42, 0x84, 0x57, 0xe0, 0x79, 0x3f, 0x5a, 0xf4, 0x0e, 0x55, 0x0b, 0x48, 0x76, - 0x5d, 0x59, 0xe6, 0xe1, 0xb4, 0xa4, 0xa1, 0xf5, 0x71, 0xf1, 0x02, 0x82, 0x01, 0x01, 0x00, 0xd5, - 0xa9, 0x1d, 0x4d, 0x44, 0xbb, 0x9b, 0x73, 0xc1, 0xfe, 0x02, 0x48, 0x92, 0x5e, 0x2c, 0x0e, 0xc1, - 0xde, 0x51, 0x39, 0x0b, 0xd8, 0xa7, 0x3b, 0x45, 0x3d, 0xa5, 0x1a, 0xe2, 0x93, 0x25, 0xae, 0x76, - 0x57, 0x08, 0x9f, 0xd4, 0xee, 0x4a, 0x2f, 0xd9, 0x6e, 0x34, 0x5b, 0x57, 0xf6, 0x72, 0xd7, 0xd4, - 0x84, 0xfd, 0xe9, 0x91, 0x89, 0xab, 0x0a, 0x63, 0x65, 0xbf, 0x2b, 0x38, 0x68, 0x0d, 0x6b, 0xb9, - 0x47, 0xf4, 0xb2, 0x17, 0xbe, 0x66, 0x03, 0x23, 0xc2, 0x6b, 0x86, 0xd6, 0x43, 0xae, 0x68, 0x6d, - 0x82, 0xe3, 0x6e, 0xc0, 0x0c, 0xfd, 0x03, 0x89, 0x42, 0x44, 0x3c, 0xaa, 0x04, 0xa0, 0xf9, 0x1e, - 0x68, 0xec, 0x71, 0x79, 0x35, 0xb4, 0x5e, 0x79, 0x03, 0x11, 0xbe, 0x56, 0x44, 0x0d, 0x71, 0x76, - 0x94, 0x95, 0x94, 0x68, 0x8e, 0xd1, 0xdd, 0x5c, 0x91, 0x03, 0xc5, 0x7c, 0x15, 0x8d, 0x05, 0xe4, - 0xc3, 0x7b, 0x98, 0xd8, 0x18, 0x98, 0x03, 0x07, 0x44, 0xa6, 0x4f, 0x6e, 0xbd, 0xbf, 0x75, 0x0a, - 0xab, 0x79, 0x75, 0x7e, 0x34, 0xda, 0xc4, 0x22, 0x16, 0x3e, 0xa7, 0xc0, 0xf4, 0x2b, 0x97, 0x71, - 0x0c, 0x86, 0x19, 0x78, 0xb2, 0x41, 0x00, 0x38, 0x5a, 0xad, 0x72, 0x7e, 0x5f, 0x38, 0x36, 0xa7, - 0x4e, 0xa4, 0xbf, 0x1d, 0x36, 0xef, 0x2a, 0x5e, 0xdf, 0x9c, 0x9e, 0x8f, 0x99, 0x6e, 0xf3, 0x19, - 0x13, 0x48, 0x45, 0x0e, 0xa9, 0xf1, 0xd4, 0xa6, 0x3d, 0xb2, 0x9c, 0xb0, 0x6f, 0x63, 0xe5, 0xba, - 0xdb, 0x18, 0xe4, 0xd4, 0x0f, 0x51, 0x12, 0xb6, 0x58, 0xd1, 0xcc, 0x23, 0xcb, 0x65, 0x38, 0x8a, - 0xca, 0x03, 0xd1, 0x41, 0xa6, 0xbc, 0x5f, 0xbd, 0x94, 0x29, 0xfe, 0x33, 0xd3, 0x40, 0xd3, 0xe8, - 0x5b, 0xfa, 0x84, 0x89, 0x08, 0xd6, 0x0b, 0x56, 0x2f, 0x89, 0x4e, 0x8a, 0x33, 0x7d, 0xfd, 0x02, - 0x82, 0x01, 0x01, 0x00, 0xc4, 0x95, 0x0f, 0x0d, 0x95, 0xdc, 0x51, 0xd7, 0x91, 0xad, 0x09, 0x4d, - 0x22, 0x3b, 0x31, 0x13, 0xab, 0xc4, 0x9a, 0xf1, 0xe2, 0xa3, 0x61, 0xf8, 0x32, 0x42, 0xc8, 0xa0, - 0x7a, 0x28, 0xc8, 0x74, 0x43, 0x15, 0xd3, 0xf1, 0xc4, 0x4c, 0x82, 0xed, 0xd0, 0xc2, 0x13, 0x98, - 0xea, 0xcb, 0x75, 0x64, 0x8a, 0xe1, 0xf4, 0x88, 0x85, 0xf9, 0x23, 0x79, 0xd6, 0xff, 0xa0, 0x8c, - 0xd1, 0x11, 0x26, 0xa9, 0x9d, 0x9a, 0xcd, 0x79, 0xb8, 0x94, 0x6e, 0x34, 0x86, 0x65, 0x91, 0x85, - 0xf5, 0x11, 0x71, 0x8e, 0xc5, 0xe1, 0x43, 0x2b, 0x02, 0x71, 0x44, 0x26, 0xcd, 0xc7, 0x7e, 0x9e, - 0xac, 0xad, 0xe3, 0x67, 0x35, 0x16, 0x1a, 0x64, 0x3d, 0xcd, 0x60, 0xdc, 0xd2, 0x92, 0x2c, 0x47, - 0xaf, 0x5f, 0x4e, 0x19, 0x6c, 0x5d, 0x81, 0x24, 0x55, 0x5f, 0x67, 0xfc, 0xa1, 0x48, 0x04, 0x8d, - 0xfe, 0x06, 0x2c, 0xba, 0xca, 0x33, 0x4f, 0x0d, 0x8d, 0xae, 0xb9, 0x6d, 0x73, 0xbe, 0x9f, 0x8e, - 0x17, 0xc1, 0xc5, 0x5d, 0x6b, 0xd0, 0xb9, 0xa7, 0xe9, 0x9f, 0xe1, 0xdf, 0xba, 0x5c, 0xc1, 0x6a, - 0x07, 0xdb, 0xaa, 0x8c, 0x6d, 0x22, 0x0c, 0x64, 0xc9, 0xdd, 0xa1, 0x14, 0xa0, 0xf0, 0x29, 0x05, - 0x2b, 0x3a, 0x75, 0xb0, 0xd7, 0x3f, 0xe3, 0xb2, 0xed, 0x78, 0x21, 0xe5, 0xcd, 0x73, 0x07, 0xa1, - 0xa9, 0x5f, 0xd1, 0xf7, 0xba, 0x87, 0x60, 0xc8, 0x45, 0x4b, 0x7c, 0x38, 0xfb, 0xf6, 0x5c, 0x88, - 0xb0, 0x1c, 0xd2, 0x73, 0xba, 0x2c, 0x55, 0xc3, 0xb4, 0x77, 0xe4, 0x26, 0xae, 0x02, 0x5a, 0x2c, - 0xff, 0xc4, 0xa0, 0x95, 0xf2, 0xba, 0x4e, 0x07, 0x79, 0xa2, 0x4b, 0x76, 0x5b, 0x85, 0x48, 0x9f, - 0x2a, 0x0e, 0x79, 0xb9, 0x5f, 0xc0, 0xc3, 0x8e, 0x2a, 0x91, 0xf1, 0x2e, 0xf6, 0x5c, 0xa7, 0x49, - 0xce, 0x36, 0x94, 0x31, 0x02, 0x82, 0x01, 0x00, 0x2a, 0xa4, 0x8e, 0x0c, 0x95, 0xe3, 0x3b, 0xab, - 0x66, 0xd4, 0x63, 0x70, 0x48, 0x86, 0x33, 0x14, 0xde, 0xec, 0x98, 0x19, 0x62, 0x9b, 0xe3, 0x04, - 0x99, 0x55, 0x2c, 0x56, 0xa9, 0x51, 0xe4, 0xfb, 0x64, 0xf3, 0x09, 0xed, 0x9c, 0x79, 0xd2, 0xa4, - 0xaa, 0x28, 0xac, 0x9a, 0x6e, 0x7b, 0xe9, 0x7f, 0xda, 0x12, 0x90, 0xfa, 0xc4, 0xe9, 0x4d, 0x11, - 0xcd, 0xb4, 0xc8, 0xea, 0xbf, 0x5f, 0x45, 0x0e, 0x72, 0xf4, 0x41, 0x8a, 0x29, 0xe2, 0xfe, 0x49, - 0x32, 0x21, 0xe3, 0x84, 0x0d, 0xcf, 0x84, 0x47, 0xa3, 0x53, 0xb4, 0x40, 0xae, 0x63, 0xe9, 0x3b, - 0x83, 0x71, 0x8e, 0x5c, 0xed, 0x31, 0xef, 0x4e, 0xc9, 0x1a, 0xf7, 0xd5, 0xcd, 0xf3, 0x42, 0x04, - 0x78, 0xf2, 0x7b, 0xe0, 0x19, 0x27, 0x8b, 0xe7, 0x51, 0x5b, 0x66, 0x5f, 0x30, 0x5f, 0x10, 0xd3, - 0xb5, 0x5d, 0xdb, 0xfa, 0xd6, 0x41, 0x16, 0xdc, 0x4e, 0x44, 0x15, 0xae, 0xf3, 0xb2, 0x34, 0xe4, - 0xa5, 0xd6, 0xb5, 0xba, 0xb4, 0xc7, 0x7a, 0x26, 0xc9, 0xf2, 0x5f, 0x53, 0x6b, 0xd4, 0xf0, 0xb4, - 0xa4, 0x78, 0xfc, 0x18, 0x4f, 0x12, 0x6c, 0x80, 0xd5, 0x37, 0x42, 0xac, 0x62, 0xc2, 0x70, 0xe6, - 0xb2, 0x58, 0xa6, 0xb5, 0x6b, 0x33, 0x65, 0xec, 0xc2, 0x87, 0x97, 0xa9, 0xed, 0x12, 0xc1, 0xb9, - 0x1b, 0x26, 0x56, 0x03, 0xef, 0x75, 0x18, 0x07, 0xbc, 0xc1, 0x74, 0x73, 0x13, 0xf2, 0x27, 0x29, - 0xe1, 0xe3, 0xfe, 0x79, 0xf7, 0x5c, 0xc3, 0xfb, 0x5d, 0xc7, 0xcc, 0xb8, 0x1e, 0xfa, 0xcf, 0x9b, - 0x84, 0x79, 0x45, 0xa6, 0x10, 0x9e, 0xcf, 0x9c, 0xf1, 0x56, 0x50, 0x5c, 0xbb, 0x55, 0xa3, 0xd3, - 0x17, 0xeb, 0x32, 0x56, 0x61, 0xd1, 0x8f, 0xe6, 0xbb, 0x41, 0x60, 0x46, 0x83, 0x73, 0x18, 0x05, - 0x3b, 0x36, 0x51, 0x99, 0x33, 0x4c, 0x03, 0xa1, 0x02, 0x82, 0x01, 0x01, 0x00, 0xee, 0x63, 0x70, - 0x60, 0x30, 0xa4, 0xec, 0xe9, 0xfe, 0x3b, 0xdd, 0xcf, 0xc4, 0x9f, 0x5a, 0x83, 0xf3, 0x7f, 0x63, - 0xeb, 0xcb, 0x29, 0xdb, 0xdc, 0x99, 0x9f, 0x6f, 0xf5, 0x4b, 0x59, 0x6f, 0x11, 0x5c, 0xf1, 0xec, - 0xa0, 0x99, 0x90, 0x10, 0x8a, 0x43, 0x95, 0x18, 0xe9, 0x96, 0xf6, 0x89, 0xfd, 0xde, 0x89, 0xb2, - 0xc6, 0x7e, 0xdc, 0x04, 0xbf, 0x8e, 0x36, 0x67, 0x34, 0xc2, 0xae, 0x30, 0x17, 0xec, 0x14, 0xe0, - 0x42, 0x05, 0x0e, 0x7c, 0x65, 0x68, 0x40, 0x14, 0x6c, 0xa0, 0x48, 0x39, 0x4d, 0xce, 0xbe, 0x90, - 0xdd, 0x21, 0x95, 0x34, 0x9b, 0xba, 0xd3, 0x06, 0x56, 0x90, 0x31, 0xb2, 0xef, 0x6e, 0x91, 0x71, - 0xd2, 0xae, 0x77, 0x97, 0xc8, 0x84, 0x4e, 0x54, 0x83, 0x94, 0xca, 0x3b, 0x76, 0x8d, 0x84, 0x96, - 0xe9, 0x9e, 0xf6, 0x3a, 0xbb, 0x59, 0xb0, 0xff, 0x7f, 0xc7, 0x0e, 0xb5, 0x31, 0x53, 0xdd, 0x0f, - 0x59, 0x01, 0x8a, 0x27, 0x5a, 0xcb, 0xa7, 0x01, 0xf2, 0xc7, 0x6a, 0x15, 0xc8, 0x94, 0xf5, 0x34, - 0x61, 0xfe, 0xdf, 0x65, 0xbc, 0x25, 0xc2, 0xc5, 0xce, 0xc3, 0x96, 0xe5, 0x56, 0xa1, 0xa9, 0x19, - 0xbc, 0x7a, 0x05, 0x63, 0x93, 0xd5, 0x06, 0x44, 0x12, 0x6d, 0xcd, 0xef, 0x92, 0x56, 0x64, 0x2e, - 0x65, 0xa6, 0x04, 0x3c, 0xbc, 0xe9, 0x49, 0x7e, 0x19, 0x2c, 0xf2, 0xcb, 0x33, 0x64, 0x8e, 0x11, - 0x7f, 0x41, 0xdb, 0xf0, 0x19, 0x00, 0xac, 0xb9, 0x3b, 0x0c, 0x78, 0xdd, 0xf3, 0x1f, 0x38, 0x1f, - 0x4d, 0xb3, 0xf9, 0xcc, 0xbb, 0xb6, 0x90, 0x93, 0xda, 0xbf, 0x2e, 0x89, 0xdb, 0xbc, 0x0c, 0xb7, - 0x2f, 0x20, 0xc0, 0x05, 0xa2, 0x51, 0x9e, 0x3a, 0x87, 0x41, 0x46, 0x49, 0x5d, 0x7a, 0xac, 0xf3, - 0x41, 0x6a, 0x42, 0x2e, 0x56, 0x09, 0x86, 0xf2, 0x2f, 0x39, 0x45, 0x6e, 0x7f, -}; -const unsigned char test_rsa_4096_pub[] = { - 0x30, 0x82, 0x02, 0x0a, 0x02, 0x82, 0x02, 0x01, 0x00, 0xcc, 0x87, 0x25, 0xf6, 0xb3, 0x8d, 0x5d, - 0x01, 0xae, 0xeb, 0x07, 0xd3, 0x6e, 0x03, 0xde, 0x4d, 0x31, 0xa0, 0x26, 0x1c, 0xe7, 0x4f, 0xe1, - 0x1a, 0x89, 0x5e, 0xcf, 0xd1, 0x3d, 0x16, 0x8a, 0xee, 0x93, 0x2a, 0xf1, 0x35, 0xff, 0xbb, 0x84, - 0x98, 0x77, 0x27, 0x38, 0x97, 0x08, 0x1f, 0x3f, 0x75, 0x93, 0xc1, 0x4a, 0xe8, 0x2b, 0xc2, 0x66, - 0xc1, 0x05, 0x44, 0xf7, 0x26, 0xae, 0x1c, 0xcf, 0x13, 0x3d, 0x8a, 0x40, 0x18, 0xd3, 0x80, 0xdf, - 0xa2, 0x52, 0x51, 0xc0, 0x11, 0x10, 0x7b, 0x75, 0x13, 0xa9, 0x43, 0x34, 0x6a, 0xa0, 0xe0, 0xde, - 0xc1, 0x1d, 0x8d, 0x7f, 0xa2, 0x56, 0x44, 0x65, 0x3c, 0x11, 0x8d, 0xaa, 0xbc, 0xe6, 0xd4, 0x1f, - 0x06, 0x6f, 0x66, 0x21, 0x76, 0x88, 0x01, 0x47, 0x80, 0x55, 0x78, 0x0e, 0x91, 0xb6, 0x8e, 0xa3, - 0xc9, 0x58, 0x56, 0xd1, 0x72, 0xa8, 0x90, 0x32, 0xb3, 0x9c, 0x82, 0x4e, 0x8b, 0x7d, 0xc1, 0xa3, - 0xf8, 0xae, 0xe4, 0xf6, 0xb3, 0x68, 0xba, 0xa3, 0xcd, 0x68, 0xf5, 0x0d, 0x52, 0x68, 0x01, 0x17, - 0xe9, 0xb9, 0x13, 0xd7, 0xf8, 0xc8, 0x52, 0xa0, 0xd1, 0x00, 0x8e, 0x8b, 0x87, 0xa5, 0xc9, 0x7e, - 0x37, 0xaf, 0xc1, 0x1a, 0x08, 0x05, 0x50, 0x55, 0x7b, 0x8b, 0x4d, 0xcb, 0xd8, 0xe1, 0x92, 0xed, - 0x33, 0x66, 0xd8, 0x3a, 0x09, 0xd2, 0x7c, 0x77, 0xe1, 0x50, 0xf6, 0x68, 0x55, 0xb5, 0xdc, 0xfd, - 0xb2, 0xdf, 0x15, 0x1b, 0xd7, 0xf4, 0x44, 0x25, 0x0e, 0xaf, 0x6f, 0xe3, 0xf2, 0x36, 0x82, 0x6c, - 0x81, 0xfa, 0x84, 0x81, 0x01, 0xbf, 0xaa, 0xd5, 0x35, 0xff, 0xb5, 0x22, 0xd6, 0xff, 0x97, 0xc9, - 0xdd, 0x1e, 0x43, 0xb8, 0x2c, 0xce, 0x29, 0x21, 0xd1, 0x53, 0xc1, 0x54, 0x50, 0xc4, 0x72, 0x4f, - 0xfd, 0x3e, 0xfd, 0xca, 0x57, 0x8e, 0x01, 0x36, 0x50, 0xa0, 0x3a, 0x5c, 0xf5, 0x01, 0xfc, 0x58, - 0x60, 0x0f, 0xb5, 0xc8, 0x60, 0xc0, 0xef, 0x0c, 0xfe, 0x0a, 0xc0, 0x71, 0x2d, 0x44, 0x13, 0x13, - 0xdc, 0xa4, 0x1a, 0x4d, 0x7d, 0x41, 0x1e, 0x6c, 0x83, 0xb2, 0x15, 0x17, 0x49, 0xd2, 0x8b, 0xe4, - 0x69, 0x2f, 0x62, 0x37, 0x3d, 0xb0, 0x7e, 0x4a, 0x79, 0x05, 0x1c, 0x56, 0x82, 0xec, 0x20, 0xd4, - 0x91, 0xc4, 0xcf, 0xc7, 0xbc, 0x14, 0x0f, 0x35, 0xfa, 0x15, 0xe5, 0xa1, 0xfa, 0x75, 0x6d, 0x65, - 0xb8, 0xef, 0x93, 0xad, 0xdf, 0x4c, 0x47, 0xc4, 0xa3, 0x5b, 0x18, 0x4f, 0x22, 0xa1, 0xef, 0x08, - 0x99, 0x48, 0xf9, 0x46, 0xf6, 0xfa, 0xeb, 0x64, 0x70, 0xf2, 0x67, 0x46, 0xe6, 0x58, 0xcf, 0x9b, - 0x41, 0x77, 0x41, 0x78, 0x42, 0xe6, 0xd3, 0x73, 0x55, 0x80, 0x89, 0xaf, 0xf7, 0x21, 0xb9, 0x30, - 0xe9, 0xec, 0x61, 0xb4, 0xf6, 0xa0, 0x2c, 0x05, 0x2c, 0x69, 0x24, 0xd3, 0x9a, 0x5b, 0xbb, 0x15, - 0xed, 0x11, 0x06, 0xc4, 0x01, 0x0f, 0x4d, 0xd6, 0x9c, 0x79, 0xd0, 0x42, 0xc8, 0xb3, 0x16, 0x61, - 0xb1, 0xee, 0x48, 0x6b, 0xc6, 0x9d, 0xb5, 0xf2, 0xf0, 0x7a, 0x50, 0xd8, 0x5b, 0x20, 0x69, 0x9d, - 0x60, 0x13, 0x15, 0x62, 0x5b, 0xb8, 0x69, 0x62, 0x9c, 0x7f, 0x4c, 0x5d, 0x48, 0xb2, 0x11, 0xd0, - 0x97, 0xf4, 0x38, 0xac, 0xec, 0x95, 0x97, 0x3a, 0x38, 0xd4, 0x21, 0x09, 0x0a, 0xf0, 0xf1, 0x34, - 0x84, 0xe4, 0xe9, 0x4b, 0x8c, 0xb5, 0xef, 0xc1, 0x85, 0x07, 0xf4, 0xb9, 0x31, 0xdf, 0x39, 0x98, - 0x7f, 0xfb, 0x28, 0x30, 0x29, 0x3e, 0x4d, 0xa3, 0x81, 0xaa, 0xf7, 0x0b, 0x32, 0x92, 0x95, 0x2e, - 0xf9, 0x34, 0xe2, 0xb4, 0x0f, 0xde, 0xbb, 0xa3, 0xd9, 0x70, 0x1b, 0x76, 0xe1, 0xbe, 0x54, 0x82, - 0x74, 0xb2, 0x60, 0x2d, 0x88, 0x85, 0x37, 0x48, 0x2d, 0x02, 0x03, 0x01, 0x00, 0x01, -}; - -struct predefined_key_element { - int group_id; // EC group ID; 0 for RSA keys - int keybits; // bits size of RSA key; 0 for EC keys - const unsigned char *priv_key; - size_t priv_key_len; - const unsigned char *pub_key; - size_t pub_key_len; -}; - -struct predefined_key_element predefined_keys[] = { - { MBEDTLS_ECP_DP_SECP192K1, 0, - test_ec_secp192k1_priv, sizeof(test_ec_secp192k1_priv), - test_ec_secp192k1_pub, sizeof(test_ec_secp192k1_pub) }, - { MBEDTLS_ECP_DP_SECP256K1, 0, - test_ec_secp256k1_priv, sizeof(test_ec_secp256k1_priv), - test_ec_secp256k1_pub, sizeof(test_ec_secp256k1_pub) }, - { MBEDTLS_ECP_DP_SECP192R1, 0, - test_ec_secp192r1_priv, sizeof(test_ec_secp192r1_priv), - test_ec_secp192r1_pub, sizeof(test_ec_secp192r1_pub) }, - { MBEDTLS_ECP_DP_SECP224R1, 0, - test_ec_secp224r1_priv, sizeof(test_ec_secp224r1_priv), - test_ec_secp224r1_pub, sizeof(test_ec_secp224r1_pub) }, - { MBEDTLS_ECP_DP_SECP256R1, 0, - test_ec_secp256r1_priv, sizeof(test_ec_secp256r1_priv), - test_ec_secp256r1_pub, sizeof(test_ec_secp256r1_pub) }, - { MBEDTLS_ECP_DP_SECP384R1, 0, - test_ec_secp384r1_priv, sizeof(test_ec_secp384r1_priv), - test_ec_secp384r1_pub, sizeof(test_ec_secp384r1_pub) }, - { MBEDTLS_ECP_DP_SECP521R1, 0, - test_ec_secp521r1_priv, sizeof(test_ec_secp521r1_priv), - test_ec_secp521r1_pub, sizeof(test_ec_secp521r1_pub) }, - { MBEDTLS_ECP_DP_BP256R1, 0, - test_ec_bp256r1_priv, sizeof(test_ec_bp256r1_priv), - test_ec_bp256r1_pub, sizeof(test_ec_bp256r1_pub) }, - { MBEDTLS_ECP_DP_BP384R1, 0, - test_ec_bp384r1_priv, sizeof(test_ec_bp384r1_priv), - test_ec_bp384r1_pub, sizeof(test_ec_bp384r1_pub) }, - { MBEDTLS_ECP_DP_BP512R1, 0, - test_ec_bp512r1_priv, sizeof(test_ec_bp512r1_priv), - test_ec_bp512r1_pub, sizeof(test_ec_bp512r1_pub) }, - { MBEDTLS_ECP_DP_CURVE25519, 0, - test_ec_curve25519_priv, sizeof(test_ec_curve25519_priv), - test_ec_curve25519_pub, sizeof(test_ec_curve25519_pub) }, - { MBEDTLS_ECP_DP_CURVE448, 0, - test_ec_curve448_priv, sizeof(test_ec_curve448_priv), - test_ec_curve448_pub, sizeof(test_ec_curve448_pub) }, - { 0, 1024, - test_rsa_1024_priv, sizeof(test_rsa_1024_priv), - test_rsa_1024_pub, sizeof(test_rsa_1024_pub) }, - { 0, 1026, - test_rsa_1026_priv, sizeof(test_rsa_1026_priv), - test_rsa_1026_pub, sizeof(test_rsa_1026_pub) }, - { 0, 1028, - test_rsa_1028_priv, sizeof(test_rsa_1028_priv), - test_rsa_1028_pub, sizeof(test_rsa_1028_pub) }, - { 0, 1030, - test_rsa_1030_priv, sizeof(test_rsa_1030_priv), - test_rsa_1030_pub, sizeof(test_rsa_1030_pub) }, - { 0, 1536, - test_rsa_1536_priv, sizeof(test_rsa_1536_priv), - test_rsa_1536_pub, sizeof(test_rsa_1536_pub) }, - { 0, 2048, - test_rsa_2048_priv, sizeof(test_rsa_2048_priv), - test_rsa_2048_pub, sizeof(test_rsa_2048_pub) }, - { 0, 4096, - test_rsa_4096_priv, sizeof(test_rsa_4096_priv), - test_rsa_4096_pub, sizeof(test_rsa_4096_pub) }, -}; From 52516a6a8657e93d685a675abee7e79687720739 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Thu, 11 Apr 2024 11:41:24 +0200 Subject: [PATCH 148/429] generate_test_keys: add default output file option Signed-off-by: Valerio Setti --- tests/scripts/generate_test_keys.py | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/tests/scripts/generate_test_keys.py b/tests/scripts/generate_test_keys.py index 9920933692..dbdb9600e7 100755 --- a/tests/scripts/generate_test_keys.py +++ b/tests/scripts/generate_test_keys.py @@ -91,14 +91,16 @@ def get_look_up_table_entry(key_type: str, group_id_or_keybits: str, yield " {0}, sizeof({0}) }},".format(pub_array_name) def main() -> None: + current_path = os.path.dirname(os.path.realpath(__file__)) + default_output_path = current_path + "/../src/test_keys.h" + argparser = argparse.ArgumentParser() - argparser.add_argument("--output", required=True, help="Output file") + argparser.add_argument("--output", help="Output file", default=default_output_path) args = argparser.parse_args() output_file = args.output # Remove output file if already existing. if os.path.exists(output_file): - print("Warning: {} already existing, it will be overwritten.", output_file) os.remove(output_file) output_file = open(output_file, 'at') From 96daf677011cc585cb99e2262c8e216ec3d27d43 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Thu, 11 Apr 2024 11:50:46 +0200 Subject: [PATCH 149/429] fix "make generated_files" for test_keys.h and test_certs.h This also add the check in tests/scripts/check-generated-files.sh Signed-off-by: Valerio Setti --- scripts/make_generated_files.bat | 32 ++++++++++++++++++++++++++ tests/Makefile | 7 ++++-- tests/scripts/check-generated-files.sh | 1 + tests/scripts/generate_test_keys.py | 4 ++-- 4 files changed, 40 insertions(+), 4 deletions(-) diff --git a/scripts/make_generated_files.bat b/scripts/make_generated_files.bat index abcfc39454..6be0de7ee5 100644 --- a/scripts/make_generated_files.bat +++ b/scripts/make_generated_files.bat @@ -13,3 +13,35 @@ python scripts\generate_psa_constants.py || exit /b 1 python tests\scripts\generate_bignum_tests.py || exit /b 1 python tests\scripts\generate_ecp_tests.py || exit /b 1 python tests\scripts\generate_psa_tests.py || exit /b 1 +python tests\scripts\generate_test_keys.py --output tests\src\test_keys.h || exit /b 1 +python tests\scripts\generate_test_cert_macros.py --output tests\src\test_certs.h ^ + --string TEST_CA_CRT_EC_PEM=tests\data_files\test-ca2.crt ^ + --binary TEST_CA_CRT_EC_DER=tests\data_files\test-ca2.crt.der ^ + --string TEST_CA_KEY_EC_PEM=tests\data_files\test-ca2.key.enc ^ + --password TEST_CA_PWD_EC_PEM=PolarSSLTest ^ + --binary TEST_CA_KEY_EC_DER=tests\data_files\test-ca2.key.der ^ + --string TEST_CA_CRT_RSA_SHA256_PEM=tests\data_files\test-ca-sha256.crt ^ + --binary TEST_CA_CRT_RSA_SHA256_DER=tests\data_files\test-ca-sha256.crt.der ^ + --string TEST_CA_CRT_RSA_SHA1_PEM=tests\data_files\test-ca-sha1.crt ^ + --binary TEST_CA_CRT_RSA_SHA1_DER=tests\data_files\test-ca-sha1.crt.der ^ + --string TEST_CA_KEY_RSA_PEM=tests\data_files\test-ca.key ^ + --password TEST_CA_PWD_RSA_PEM=PolarSSLTest ^ + --binary TEST_CA_KEY_RSA_DER=tests\data_files\test-ca.key.der ^ + --string TEST_SRV_CRT_EC_PEM=tests\data_files\server5.crt ^ + --binary TEST_SRV_CRT_EC_DER=tests\data_files\server5.crt.der ^ + --string TEST_SRV_KEY_EC_PEM=tests\data_files\server5.key ^ + --binary TEST_SRV_KEY_EC_DER=tests\data_files\server5.key.der ^ + --string TEST_SRV_CRT_RSA_SHA256_PEM=tests\data_files\server2-sha256.crt ^ + --binary TEST_SRV_CRT_RSA_SHA256_DER=tests\data_files\server2-sha256.crt.der ^ + --string TEST_SRV_CRT_RSA_SHA1_PEM=tests\data_files\server2.crt ^ + --binary TEST_SRV_CRT_RSA_SHA1_DER=tests\data_files\server2.crt.der ^ + --string TEST_SRV_KEY_RSA_PEM=tests\data_files\server2.key ^ + --binary TEST_SRV_KEY_RSA_DER=tests\data_files\server2.key.der ^ + --string TEST_CLI_CRT_EC_PEM=tests\data_files\cli2.crt ^ + --binary TEST_CLI_CRT_EC_DER=tests\data_files\cli2.crt.der ^ + --string TEST_CLI_KEY_EC_PEM=tests\data_files\cli2.key ^ + --binary TEST_CLI_KEY_EC_DER=tests\data_files\cli2.key.der ^ + --string TEST_CLI_CRT_RSA_PEM=tests\data_files\cli-rsa-sha256.crt ^ + --binary TEST_CLI_CRT_RSA_DER=tests\data_files\cli-rsa-sha256.crt.der ^ + --string TEST_CLI_KEY_RSA_PEM=tests\data_files\cli-rsa.key ^ + --binary TEST_CLI_KEY_RSA_DER=tests\data_files\cli-rsa.key.der || exit /b 1 diff --git a/tests/Makefile b/tests/Makefile index 5b2ee10256..dbba507d28 100644 --- a/tests/Makefile +++ b/tests/Makefile @@ -39,7 +39,7 @@ ifeq ($(GENERATED_PSA_DATA_FILES),FAILED) $(error "$(PYTHON) scripts/generate_psa_tests.py --list" failed) endif GENERATED_FILES := $(GENERATED_PSA_DATA_FILES) $(GENERATED_ECP_DATA_FILES) $(GENERATED_BIGNUM_DATA_FILES) -generated_files: $(GENERATED_FILES) +generated_files: $(GENERATED_FILES) src/test_keys.h src/test_certs.h # generate_bignum_tests.py and generate_psa_tests.py spend more time analyzing # inputs than generating outputs. Its inputs are the same no matter which files @@ -236,7 +236,8 @@ $(BINARIES): %$(EXEXT): %.c $(MBEDLIBS) $(TEST_OBJS_DEPS) $(MBEDTLS_TEST_OBJS) clean: ifndef WINDOWS rm -rf $(BINARIES) *.c *.datax - rm -f src/*.o src/drivers/*.o src/test_helpers/*.o src/libmbed* + rm -f src/*.o src/drivers/*.o src/test_helpers/*.o src/libmbed* src/test_keys.h src/test_certs.h + rm -f src/test_keys.h src/test_certs.h rm -f include/test/instrument_record_status.h rm -f include/alt-extra/*/*_alt.h rm -rf libtestdriver1 @@ -247,6 +248,8 @@ else if exist *.datax del /Q /F *.datax if exist src/*.o del /Q /F src/*.o if exist src/drivers/*.o del /Q /F src/drivers/*.o + if exist src/test_keys.h del /Q /F src/test_keys.h + if exist src/test_certs.h del /Q /F src/test_cers.h if exist src/test_helpers/*.o del /Q /F src/test_helpers/*.o if exist src/libmbed* del /Q /F src/libmed* if exist include/test/instrument_record_status.h del /Q /F include/test/instrument_record_status.h diff --git a/tests/scripts/check-generated-files.sh b/tests/scripts/check-generated-files.sh index 2f20026afc..96f122130a 100755 --- a/tests/scripts/check-generated-files.sh +++ b/tests/scripts/check-generated-files.sh @@ -131,6 +131,7 @@ check scripts/generate_psa_constants.py programs/psa/psa_constant_names_generate check tests/scripts/generate_bignum_tests.py $(tests/scripts/generate_bignum_tests.py --list) check tests/scripts/generate_ecp_tests.py $(tests/scripts/generate_ecp_tests.py --list) check tests/scripts/generate_psa_tests.py $(tests/scripts/generate_psa_tests.py --list) +check tests/scripts/generate_test_keys.py tests/src/test_keys.h check scripts/generate_driver_wrappers.py $library_dir/psa_crypto_driver_wrappers.h $library_dir/psa_crypto_driver_wrappers_no_static.c # Additional checks for Mbed TLS only diff --git a/tests/scripts/generate_test_keys.py b/tests/scripts/generate_test_keys.py index dbdb9600e7..85ff9186e2 100755 --- a/tests/scripts/generate_test_keys.py +++ b/tests/scripts/generate_test_keys.py @@ -99,9 +99,9 @@ def main() -> None: args = argparser.parse_args() output_file = args.output - # Remove output file if already existing. + # If the output file already exists, then we can quit (successfully) if os.path.exists(output_file): - os.remove(output_file) + return output_file = open(output_file, 'at') output_file.write( From 34f280538c33afdcbd9ef1352c85b7cf74bc08cc Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Fri, 12 Apr 2024 11:27:07 +0200 Subject: [PATCH 150/429] tests/Makefile: minor fix: specify Python binary to be used Signed-off-by: Valerio Setti --- tests/Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/Makefile b/tests/Makefile index dbba507d28..ad7affb9e4 100644 --- a/tests/Makefile +++ b/tests/Makefile @@ -176,7 +176,7 @@ src/test_certs.h: scripts/generate_test_cert_macros.py \ --binary TEST_CLI_KEY_RSA_DER=data_files/cli-rsa.key.der src/test_keys.h: scripts/generate_test_keys.py - scripts/generate_test_keys.py --output $@ + $(PYTHON) scripts/generate_test_keys.py --output $@ TEST_OBJS_DEPS = $(wildcard include/test/*.h include/test/*/*.h) ifdef RECORD_PSA_STATUS_COVERAGE_LOG From 455fb4e803148509969eb32ee7ca50596be2b084 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Mon, 15 Apr 2024 06:30:18 +0200 Subject: [PATCH 151/429] generate_test_cert_macros: embed input args - Embed input arguments inside the script so as to simplify the calls in Makefiles/CMakeLists. - add a new "--list-dependencies" command line option to print out the list of dependencies. - Modify tests/Makefile accordinlgy. Signed-off-by: Valerio Setti --- CMakeLists.txt | 88 ---------------------- scripts/make_generated_files.bat | 32 +------- tests/Makefile | 63 +--------------- tests/scripts/generate_test_cert_macros.py | 82 +++++++++++--------- 4 files changed, 49 insertions(+), 216 deletions(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index 565e92e7a7..cf004f4f38 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -334,96 +334,8 @@ if(ENABLE_TESTING OR ENABLE_PROGRAMS) "${CMAKE_CURRENT_SOURCE_DIR}/tests/scripts/generate_test_cert_macros.py" "--output" "${CMAKE_CURRENT_SOURCE_DIR}/tests/src/test_certs.h" - "--string" - "TEST_CA_CRT_EC_PEM=${CMAKE_CURRENT_SOURCE_DIR}/tests/data_files/test-ca2.crt" - "--binary" - "TEST_CA_CRT_EC_DER=${CMAKE_CURRENT_SOURCE_DIR}/tests/data_files/test-ca2.crt.der" - "--string" - "TEST_CA_KEY_EC_PEM=${CMAKE_CURRENT_SOURCE_DIR}/tests/data_files/test-ca2.key.enc" - "--password" - "TEST_CA_PWD_EC_PEM=PolarSSLTest" - "--binary" - "TEST_CA_KEY_EC_DER=${CMAKE_CURRENT_SOURCE_DIR}/tests/data_files/test-ca2.key.der" - "--string" - "TEST_CA_CRT_RSA_SHA256_PEM=${CMAKE_CURRENT_SOURCE_DIR}/tests/data_files/test-ca-sha256.crt" - "--binary" - "TEST_CA_CRT_RSA_SHA256_DER=${CMAKE_CURRENT_SOURCE_DIR}/tests/data_files/test-ca-sha256.crt.der" - "--string" - "TEST_CA_CRT_RSA_SHA1_PEM=${CMAKE_CURRENT_SOURCE_DIR}/tests/data_files/test-ca-sha1.crt" - "--binary" - "TEST_CA_CRT_RSA_SHA1_DER=${CMAKE_CURRENT_SOURCE_DIR}/tests/data_files/test-ca-sha1.crt.der" - "--string" - "TEST_CA_KEY_RSA_PEM=${CMAKE_CURRENT_SOURCE_DIR}/tests/data_files/test-ca.key" - "--password" - "TEST_CA_PWD_RSA_PEM=PolarSSLTest" - "--binary" - "TEST_CA_KEY_RSA_DER=${CMAKE_CURRENT_SOURCE_DIR}/tests/data_files/test-ca.key.der" - "--string" - "TEST_SRV_CRT_EC_PEM=${CMAKE_CURRENT_SOURCE_DIR}/tests/data_files/server5.crt" - "--binary" - "TEST_SRV_CRT_EC_DER=${CMAKE_CURRENT_SOURCE_DIR}/tests/data_files/server5.crt.der" - "--string" - "TEST_SRV_KEY_EC_PEM=${CMAKE_CURRENT_SOURCE_DIR}/tests/data_files/server5.key" - "--binary" - "TEST_SRV_KEY_EC_DER=${CMAKE_CURRENT_SOURCE_DIR}/tests/data_files/server5.key.der" - "--string" - "TEST_SRV_CRT_RSA_SHA256_PEM=${CMAKE_CURRENT_SOURCE_DIR}/tests/data_files/server2-sha256.crt" - "--binary" - "TEST_SRV_CRT_RSA_SHA256_DER=${CMAKE_CURRENT_SOURCE_DIR}/tests/data_files/server2-sha256.crt.der" - "--string" - "TEST_SRV_CRT_RSA_SHA1_PEM=${CMAKE_CURRENT_SOURCE_DIR}/tests/data_files/server2.crt" - "--binary" - "TEST_SRV_CRT_RSA_SHA1_DER=${CMAKE_CURRENT_SOURCE_DIR}/tests/data_files/server2.crt.der" - "--string" - "TEST_SRV_KEY_RSA_PEM=${CMAKE_CURRENT_SOURCE_DIR}/tests/data_files/server2.key" - "--binary" - "TEST_SRV_KEY_RSA_DER=${CMAKE_CURRENT_SOURCE_DIR}/tests/data_files/server2.key.der" - "--string" - "TEST_CLI_CRT_EC_PEM=${CMAKE_CURRENT_SOURCE_DIR}/tests/data_files/cli2.crt" - "--binary" - "TEST_CLI_CRT_EC_DER=${CMAKE_CURRENT_SOURCE_DIR}/tests/data_files/cli2.crt.der" - "--string" - "TEST_CLI_KEY_EC_PEM=${CMAKE_CURRENT_SOURCE_DIR}/tests/data_files/cli2.key" - "--binary" - "TEST_CLI_KEY_EC_DER=${CMAKE_CURRENT_SOURCE_DIR}/tests/data_files/cli2.key.der" - "--string" - "TEST_CLI_CRT_RSA_PEM=${CMAKE_CURRENT_SOURCE_DIR}/tests/data_files/cli-rsa-sha256.crt" - "--binary" - "TEST_CLI_CRT_RSA_DER=${CMAKE_CURRENT_SOURCE_DIR}/tests/data_files/cli-rsa-sha256.crt.der" - "--string" - "TEST_CLI_KEY_RSA_PEM=${CMAKE_CURRENT_SOURCE_DIR}/tests/data_files/cli-rsa.key" - "--binary" - "TEST_CLI_KEY_RSA_DER=${CMAKE_CURRENT_SOURCE_DIR}/tests/data_files/cli-rsa.key.der" DEPENDS ${CMAKE_CURRENT_SOURCE_DIR}/tests/scripts/generate_test_cert_macros.py - ${CMAKE_CURRENT_SOURCE_DIR}/tests/data_files/test-ca2.crt - ${CMAKE_CURRENT_SOURCE_DIR}/tests/data_files/test-ca2.crt.der - ${CMAKE_CURRENT_SOURCE_DIR}/tests/data_files/test-ca2.key.enc - ${CMAKE_CURRENT_SOURCE_DIR}/tests/data_files/test-ca2.key.der - ${CMAKE_CURRENT_SOURCE_DIR}/tests/data_files/test-ca-sha256.crt - ${CMAKE_CURRENT_SOURCE_DIR}/tests/data_files/test-ca-sha256.crt.der - ${CMAKE_CURRENT_SOURCE_DIR}/tests/data_files/test-ca-sha1.crt - ${CMAKE_CURRENT_SOURCE_DIR}/tests/data_files/test-ca-sha1.crt.der - ${CMAKE_CURRENT_SOURCE_DIR}/tests/data_files/test-ca.key - ${CMAKE_CURRENT_SOURCE_DIR}/tests/data_files/test-ca.key.der - ${CMAKE_CURRENT_SOURCE_DIR}/tests/data_files/server5.crt - ${CMAKE_CURRENT_SOURCE_DIR}/tests/data_files/server5.crt.der - ${CMAKE_CURRENT_SOURCE_DIR}/tests/data_files/server5.key - ${CMAKE_CURRENT_SOURCE_DIR}/tests/data_files/server5.key.der - ${CMAKE_CURRENT_SOURCE_DIR}/tests/data_files/server2-sha256.crt - ${CMAKE_CURRENT_SOURCE_DIR}/tests/data_files/server2-sha256.crt.der - ${CMAKE_CURRENT_SOURCE_DIR}/tests/data_files/server2.crt - ${CMAKE_CURRENT_SOURCE_DIR}/tests/data_files/server2.crt.der - ${CMAKE_CURRENT_SOURCE_DIR}/tests/data_files/server2.key - ${CMAKE_CURRENT_SOURCE_DIR}/tests/data_files/server2.key.der - ${CMAKE_CURRENT_SOURCE_DIR}/tests/data_files/cli2.crt - ${CMAKE_CURRENT_SOURCE_DIR}/tests/data_files/cli2.crt.der - ${CMAKE_CURRENT_SOURCE_DIR}/tests/data_files/cli2.key - ${CMAKE_CURRENT_SOURCE_DIR}/tests/data_files/cli2.key.der - ${CMAKE_CURRENT_SOURCE_DIR}/tests/data_files/cli-rsa-sha256.crt - ${CMAKE_CURRENT_SOURCE_DIR}/tests/data_files/cli-rsa-sha256.crt.der - ${CMAKE_CURRENT_SOURCE_DIR}/tests/data_files/cli-rsa.key - ${CMAKE_CURRENT_SOURCE_DIR}/tests/data_files/cli-rsa.key.der ) file(GLOB MBEDTLS_TEST_FILES ${CMAKE_CURRENT_SOURCE_DIR}/tests/src/*.c diff --git a/scripts/make_generated_files.bat b/scripts/make_generated_files.bat index 6be0de7ee5..11bcb1ae0b 100644 --- a/scripts/make_generated_files.bat +++ b/scripts/make_generated_files.bat @@ -14,34 +14,4 @@ python tests\scripts\generate_bignum_tests.py || exit /b 1 python tests\scripts\generate_ecp_tests.py || exit /b 1 python tests\scripts\generate_psa_tests.py || exit /b 1 python tests\scripts\generate_test_keys.py --output tests\src\test_keys.h || exit /b 1 -python tests\scripts\generate_test_cert_macros.py --output tests\src\test_certs.h ^ - --string TEST_CA_CRT_EC_PEM=tests\data_files\test-ca2.crt ^ - --binary TEST_CA_CRT_EC_DER=tests\data_files\test-ca2.crt.der ^ - --string TEST_CA_KEY_EC_PEM=tests\data_files\test-ca2.key.enc ^ - --password TEST_CA_PWD_EC_PEM=PolarSSLTest ^ - --binary TEST_CA_KEY_EC_DER=tests\data_files\test-ca2.key.der ^ - --string TEST_CA_CRT_RSA_SHA256_PEM=tests\data_files\test-ca-sha256.crt ^ - --binary TEST_CA_CRT_RSA_SHA256_DER=tests\data_files\test-ca-sha256.crt.der ^ - --string TEST_CA_CRT_RSA_SHA1_PEM=tests\data_files\test-ca-sha1.crt ^ - --binary TEST_CA_CRT_RSA_SHA1_DER=tests\data_files\test-ca-sha1.crt.der ^ - --string TEST_CA_KEY_RSA_PEM=tests\data_files\test-ca.key ^ - --password TEST_CA_PWD_RSA_PEM=PolarSSLTest ^ - --binary TEST_CA_KEY_RSA_DER=tests\data_files\test-ca.key.der ^ - --string TEST_SRV_CRT_EC_PEM=tests\data_files\server5.crt ^ - --binary TEST_SRV_CRT_EC_DER=tests\data_files\server5.crt.der ^ - --string TEST_SRV_KEY_EC_PEM=tests\data_files\server5.key ^ - --binary TEST_SRV_KEY_EC_DER=tests\data_files\server5.key.der ^ - --string TEST_SRV_CRT_RSA_SHA256_PEM=tests\data_files\server2-sha256.crt ^ - --binary TEST_SRV_CRT_RSA_SHA256_DER=tests\data_files\server2-sha256.crt.der ^ - --string TEST_SRV_CRT_RSA_SHA1_PEM=tests\data_files\server2.crt ^ - --binary TEST_SRV_CRT_RSA_SHA1_DER=tests\data_files\server2.crt.der ^ - --string TEST_SRV_KEY_RSA_PEM=tests\data_files\server2.key ^ - --binary TEST_SRV_KEY_RSA_DER=tests\data_files\server2.key.der ^ - --string TEST_CLI_CRT_EC_PEM=tests\data_files\cli2.crt ^ - --binary TEST_CLI_CRT_EC_DER=tests\data_files\cli2.crt.der ^ - --string TEST_CLI_KEY_EC_PEM=tests\data_files\cli2.key ^ - --binary TEST_CLI_KEY_EC_DER=tests\data_files\cli2.key.der ^ - --string TEST_CLI_CRT_RSA_PEM=tests\data_files\cli-rsa-sha256.crt ^ - --binary TEST_CLI_CRT_RSA_DER=tests\data_files\cli-rsa-sha256.crt.der ^ - --string TEST_CLI_KEY_RSA_PEM=tests\data_files\cli-rsa.key ^ - --binary TEST_CLI_KEY_RSA_DER=tests\data_files\cli-rsa.key.der || exit /b 1 +python tests\scripts\generate_test_cert_macros.py --output tests\src\test_certs.h || exit /b 1 diff --git a/tests/Makefile b/tests/Makefile index ad7affb9e4..7fb4f357cc 100644 --- a/tests/Makefile +++ b/tests/Makefile @@ -112,68 +112,9 @@ all: $(BINARIES) mbedtls_test: $(MBEDTLS_TEST_OBJS) -TEST_CERTS_H_INPUT_FILES=\ - data_files/test-ca2.crt \ - data_files/test-ca2.crt.der \ - data_files/test-ca2.key.enc \ - data_files/test-ca2.key.der \ - data_files/test-ca-sha256.crt \ - data_files/test-ca-sha256.crt.der \ - data_files/test-ca-sha1.crt \ - data_files/test-ca-sha1.crt.der \ - data_files/test-ca.key \ - data_files/test-ca.key.der \ - data_files/server5.crt \ - data_files/server5.crt.der \ - data_files/server5.key \ - data_files/server5.key.der \ - data_files/server2-sha256.crt \ - data_files/server2-sha256.crt.der \ - data_files/server2.crt \ - data_files/server2.crt.der \ - data_files/server2.key \ - data_files/server2.key.der \ - data_files/cli2.crt \ - data_files/cli2.crt.der \ - data_files/cli2.key \ - data_files/cli2.key.der \ - data_files/cli-rsa-sha256.crt \ - data_files/cli-rsa-sha256.crt.der \ - data_files/cli-rsa.key \ - data_files/cli-rsa.key.der src/test_certs.h: scripts/generate_test_cert_macros.py \ - $(TEST_CERTS_H_INPUT_FILES) - $(PYTHON) scripts/generate_test_cert_macros.py --output $@ \ - --string TEST_CA_CRT_EC_PEM=data_files/test-ca2.crt \ - --binary TEST_CA_CRT_EC_DER=data_files/test-ca2.crt.der \ - --string TEST_CA_KEY_EC_PEM=data_files/test-ca2.key.enc \ - --password TEST_CA_PWD_EC_PEM=PolarSSLTest \ - --binary TEST_CA_KEY_EC_DER=data_files/test-ca2.key.der \ - --string TEST_CA_CRT_RSA_SHA256_PEM=data_files/test-ca-sha256.crt \ - --binary TEST_CA_CRT_RSA_SHA256_DER=data_files/test-ca-sha256.crt.der \ - --string TEST_CA_CRT_RSA_SHA1_PEM=data_files/test-ca-sha1.crt \ - --binary TEST_CA_CRT_RSA_SHA1_DER=data_files/test-ca-sha1.crt.der \ - --string TEST_CA_KEY_RSA_PEM=data_files/test-ca.key \ - --password TEST_CA_PWD_RSA_PEM=PolarSSLTest \ - --binary TEST_CA_KEY_RSA_DER=data_files/test-ca.key.der \ - --string TEST_SRV_CRT_EC_PEM=data_files/server5.crt \ - --binary TEST_SRV_CRT_EC_DER=data_files/server5.crt.der \ - --string TEST_SRV_KEY_EC_PEM=data_files/server5.key \ - --binary TEST_SRV_KEY_EC_DER=data_files/server5.key.der \ - --string TEST_SRV_CRT_RSA_SHA256_PEM=data_files/server2-sha256.crt \ - --binary TEST_SRV_CRT_RSA_SHA256_DER=data_files/server2-sha256.crt.der \ - --string TEST_SRV_CRT_RSA_SHA1_PEM=data_files/server2.crt \ - --binary TEST_SRV_CRT_RSA_SHA1_DER=data_files/server2.crt.der \ - --string TEST_SRV_KEY_RSA_PEM=data_files/server2.key \ - --binary TEST_SRV_KEY_RSA_DER=data_files/server2.key.der \ - --string TEST_CLI_CRT_EC_PEM=data_files/cli2.crt \ - --binary TEST_CLI_CRT_EC_DER=data_files/cli2.crt.der \ - --string TEST_CLI_KEY_EC_PEM=data_files/cli2.key \ - --binary TEST_CLI_KEY_EC_DER=data_files/cli2.key.der \ - --string TEST_CLI_CRT_RSA_PEM=data_files/cli-rsa-sha256.crt \ - --binary TEST_CLI_CRT_RSA_DER=data_files/cli-rsa-sha256.crt.der \ - --string TEST_CLI_KEY_RSA_PEM=data_files/cli-rsa.key \ - --binary TEST_CLI_KEY_RSA_DER=data_files/cli-rsa.key.der + $($(PYTHON) scripts/generate_test_cert_macros.py --list-dependencies) + $(PYTHON) scripts/generate_test_cert_macros.py --output $@ src/test_keys.h: scripts/generate_test_keys.py $(PYTHON) scripts/generate_test_keys.py --output $@ diff --git a/tests/scripts/generate_test_cert_macros.py b/tests/scripts/generate_test_cert_macros.py index a3bca7e6f6..e612f626b9 100755 --- a/tests/scripts/generate_test_cert_macros.py +++ b/tests/scripts/generate_test_cert_macros.py @@ -14,51 +14,61 @@ import sys import argparse import jinja2 -class MacroDefineAction(argparse.Action): - #pylint: disable=signature-differs, too-few-public-methods - def __call__(self, parser, namespace, values, option_string): - if not hasattr(namespace, 'values'): - setattr(namespace, 'values', []) - macro_name, filename = values - if self.dest in ('string', 'binary') and not os.path.exists(filename): - raise argparse.ArgumentError( - None, '`{}`: Input file does not exist.'.format(filename)) - namespace.values.append((self.dest, macro_name, filename)) - - -def macro_define_type(value): - ret = value.split('=', 1) - if len(ret) != 2: - raise argparse.ArgumentTypeError( - '`{}` is not MACRO=value format'.format(value)) - return ret - - -def build_argparser(parser): - parser.description = __doc__ - parser.add_argument('--string', type=macro_define_type, action=MacroDefineAction, - metavar='MACRO_NAME=path/to/file', help='PEM to C string. ') - parser.add_argument('--binary', type=macro_define_type, action=MacroDefineAction, - metavar='MACRO_NAME=path/to/file', - help='DER to C arrary.') - parser.add_argument('--password', type=macro_define_type, action=MacroDefineAction, - metavar='MACRO_NAME=password', help='Password to C string.') - parser.add_argument('--output', type=str, required=True) +this_dir = os.path.dirname(os.path.abspath(__file__)) +data_files_path = os.path.join(this_dir, '..', 'data_files') +INPUT_ARGS = [ + ("string", "TEST_CA_CRT_EC_PEM", data_files_path + "/test-ca2.crt"), + ("binary", "TEST_CA_CRT_EC_DER", data_files_path + "/test-ca2.crt.der"), + ("string", "TEST_CA_KEY_EC_PEM", data_files_path + "/test-ca2.key.enc"), + ("password", "TEST_CA_PWD_EC_PEM", "PolarSSLTest"), + ("binary", "TEST_CA_KEY_EC_DER", data_files_path + "/test-ca2.key.der"), + ("string", "TEST_CA_CRT_RSA_SHA256_PEM", data_files_path + "/test-ca-sha256.crt"), + ("binary", "TEST_CA_CRT_RSA_SHA256_DER", data_files_path + "/test-ca-sha256.crt.der"), + ("string", "TEST_CA_CRT_RSA_SHA1_PEM", data_files_path + "/test-ca-sha1.crt"), + ("binary", "TEST_CA_CRT_RSA_SHA1_DER", data_files_path + "/test-ca-sha1.crt.der"), + ("string", "TEST_CA_KEY_RSA_PEM", data_files_path + "/test-ca.key"), + ("password", "TEST_CA_PWD_RSA_PEM", "PolarSSLTest"), + ("binary", "TEST_CA_KEY_RSA_DER", data_files_path + "/test-ca.key.der"), + ("string", "TEST_SRV_CRT_EC_PEM", data_files_path + "/server5.crt"), + ("binary", "TEST_SRV_CRT_EC_DER", data_files_path + "/server5.crt.der"), + ("string", "TEST_SRV_KEY_EC_PEM", data_files_path + "/server5.key"), + ("binary", "TEST_SRV_KEY_EC_DER", data_files_path + "/server5.key.der"), + ("string", "TEST_SRV_CRT_RSA_SHA256_PEM", data_files_path + "/server2-sha256.crt"), + ("binary", "TEST_SRV_CRT_RSA_SHA256_DER", data_files_path + "/server2-sha256.crt.der"), + ("string", "TEST_SRV_CRT_RSA_SHA1_PEM", data_files_path + "/server2.crt"), + ("binary", "TEST_SRV_CRT_RSA_SHA1_DER", data_files_path + "/server2.crt.der"), + ("string", "TEST_SRV_KEY_RSA_PEM", data_files_path + "/server2.key"), + ("binary", "TEST_SRV_KEY_RSA_DER", data_files_path + "/server2.key.der"), + ("string", "TEST_CLI_CRT_EC_PEM", data_files_path + "/cli2.crt"), + ("binary", "TEST_CLI_CRT_EC_DER", data_files_path + "/cli2.crt.der"), + ("string", "TEST_CLI_KEY_EC_PEM", data_files_path + "/cli2.key"), + ("binary", "TEST_CLI_KEY_EC_DER", data_files_path + "/cli2.key.der"), + ("string", "TEST_CLI_CRT_RSA_PEM", data_files_path + "/cli-rsa-sha256.crt"), + ("binary", "TEST_CLI_CRT_RSA_DER", data_files_path + "/cli-rsa-sha256.crt.der"), + ("string", "TEST_CLI_KEY_RSA_PEM", data_files_path + "/cli-rsa.key"), + ("binary", "TEST_CLI_KEY_RSA_DER", data_files_path + "/cli-rsa.key.der"), +] def main(): parser = argparse.ArgumentParser() - build_argparser(parser) + default_output_path = os.path.join(this_dir, '..', 'test_certs.h') + parser.add_argument('--output', type=str, default=default_output_path) + parser.add_argument('--list-dependencies', action='store_true') args = parser.parse_args() - return generate(**vars(args)) + + if (args.list_dependencies is True): + files_list = [arg[2] for arg in INPUT_ARGS] + print(" ".join(files_list)) + return + + return generate(INPUT_ARGS, output=args.output) #pylint: disable=dangerous-default-value, unused-argument -def generate(values=[], output=None, **kwargs): +def generate(values=[], output=None): """Generate C header file. """ - this_dir = os.path.dirname(os.path.abspath(__file__)) - template_loader = jinja2.FileSystemLoader( - searchpath=os.path.join(this_dir, '..', 'data_files')) + template_loader = jinja2.FileSystemLoader(data_files_path) template_env = jinja2.Environment( loader=template_loader, lstrip_blocks=True, trim_blocks=True) From fb418166b53f83c87fa2e0be6d0bae4743309e20 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Mon, 15 Apr 2024 09:11:28 +0200 Subject: [PATCH 152/429] cmake: relocate custom commands for test_certs.h and test_keys.h generation Signed-off-by: Valerio Setti --- CMakeLists.txt | 32 ++++---------------------------- tests/CMakeLists.txt | 28 ++++++++++++++++++++++++++++ 2 files changed, 32 insertions(+), 28 deletions(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index cf004f4f38..a56ecdc0c9 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -311,37 +311,13 @@ add_subdirectory(pkgconfig) # to define the test executables. # if(ENABLE_TESTING OR ENABLE_PROGRAMS) - add_custom_command( - OUTPUT - ./tests/src/test_keys.h - WORKING_DIRECTORY - ${CMAKE_CURRENT_SOURCE_DIR} - COMMAND - ${MBEDTLS_PYTHON_EXECUTABLE} - "${CMAKE_CURRENT_SOURCE_DIR}/tests/scripts/generate_test_keys.py" - "--output" - "${CMAKE_CURRENT_SOURCE_DIR}/tests/src/test_keys.h" - DEPENDS - ${CMAKE_CURRENT_SOURCE_DIR}/tests/scripts/generate_test_keys.py - ) - add_custom_command( - OUTPUT - ./tests/src/test_certs.h - WORKING_DIRECTORY - ${CMAKE_CURRENT_SOURCE_DIR} - COMMAND - "${MBEDTLS_PYTHON_EXECUTABLE}" - "${CMAKE_CURRENT_SOURCE_DIR}/tests/scripts/generate_test_cert_macros.py" - "--output" - "${CMAKE_CURRENT_SOURCE_DIR}/tests/src/test_certs.h" - DEPENDS - ${CMAKE_CURRENT_SOURCE_DIR}/tests/scripts/generate_test_cert_macros.py - ) file(GLOB MBEDTLS_TEST_FILES ${CMAKE_CURRENT_SOURCE_DIR}/tests/src/*.c ${CMAKE_CURRENT_SOURCE_DIR}/tests/src/drivers/*.c) - add_library(mbedtls_test OBJECT ${MBEDTLS_TEST_FILES} - ./tests/src/test_keys.h ./tests/src/test_certs.h) + add_library(mbedtls_test OBJECT ${MBEDTLS_TEST_FILES}) + if(GEN_FILES) + add_dependencies(mbedtls_test test_keys_header test_certs_header) + endif() target_include_directories(mbedtls_test PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/tests/include PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/include diff --git a/tests/CMakeLists.txt b/tests/CMakeLists.txt index 589643a806..83c48d292d 100644 --- a/tests/CMakeLists.txt +++ b/tests/CMakeLists.txt @@ -74,6 +74,34 @@ foreach(file ${base_psa_generated_data_files}) endforeach() if(GEN_FILES) + add_custom_command( + OUTPUT + ${CMAKE_CURRENT_SOURCE_DIR}/src/test_keys.h + WORKING_DIRECTORY + ${CMAKE_CURRENT_SOURCE_DIR} + COMMAND + ${MBEDTLS_PYTHON_EXECUTABLE} + "${CMAKE_CURRENT_SOURCE_DIR}/scripts/generate_test_keys.py" + "--output" + "${CMAKE_CURRENT_SOURCE_DIR}/src/test_keys.h" + DEPENDS + ${CMAKE_CURRENT_SOURCE_DIR}/scripts/generate_test_keys.py + ) + add_custom_target(test_keys_header DEPENDS ${CMAKE_CURRENT_SOURCE_DIR}/src/test_keys.h) + add_custom_command( + OUTPUT + ${CMAKE_CURRENT_SOURCE_DIR}/src/test_certs.h + WORKING_DIRECTORY + ${CMAKE_CURRENT_SOURCE_DIR} + COMMAND + "${MBEDTLS_PYTHON_EXECUTABLE}" + "${CMAKE_CURRENT_SOURCE_DIR}/scripts/generate_test_cert_macros.py" + "--output" + "${CMAKE_CURRENT_SOURCE_DIR}/src/test_certs.h" + DEPENDS + ${CMAKE_CURRENT_SOURCE_DIR}/scripts/generate_test_cert_macros.py + ) + add_custom_target(test_certs_header DEPENDS ${CMAKE_CURRENT_SOURCE_DIR}/src/test_certs.h) add_custom_command( OUTPUT ${bignum_generated_data_files} From f27d4073322e0b7da5501822da9c8d62fb393d71 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Tue, 16 Apr 2024 16:17:45 +0200 Subject: [PATCH 153/429] generate_test_cert_macros: minor fixes Signed-off-by: Valerio Setti --- tests/scripts/generate_test_cert_macros.py | 68 +++++++++++----------- 1 file changed, 34 insertions(+), 34 deletions(-) diff --git a/tests/scripts/generate_test_cert_macros.py b/tests/scripts/generate_test_cert_macros.py index e612f626b9..808bea4c25 100755 --- a/tests/scripts/generate_test_cert_macros.py +++ b/tests/scripts/generate_test_cert_macros.py @@ -14,61 +14,61 @@ import sys import argparse import jinja2 -this_dir = os.path.dirname(os.path.abspath(__file__)) -data_files_path = os.path.join(this_dir, '..', 'data_files') +THIS_DIR = os.path.dirname(os.path.abspath(__file__)) +DATA_FILES_PATH = os.path.join(THIS_DIR, '..', 'data_files') INPUT_ARGS = [ - ("string", "TEST_CA_CRT_EC_PEM", data_files_path + "/test-ca2.crt"), - ("binary", "TEST_CA_CRT_EC_DER", data_files_path + "/test-ca2.crt.der"), - ("string", "TEST_CA_KEY_EC_PEM", data_files_path + "/test-ca2.key.enc"), + ("string", "TEST_CA_CRT_EC_PEM", DATA_FILES_PATH + "/test-ca2.crt"), + ("binary", "TEST_CA_CRT_EC_DER", DATA_FILES_PATH + "/test-ca2.crt.der"), + ("string", "TEST_CA_KEY_EC_PEM", DATA_FILES_PATH + "/test-ca2.key.enc"), ("password", "TEST_CA_PWD_EC_PEM", "PolarSSLTest"), - ("binary", "TEST_CA_KEY_EC_DER", data_files_path + "/test-ca2.key.der"), - ("string", "TEST_CA_CRT_RSA_SHA256_PEM", data_files_path + "/test-ca-sha256.crt"), - ("binary", "TEST_CA_CRT_RSA_SHA256_DER", data_files_path + "/test-ca-sha256.crt.der"), - ("string", "TEST_CA_CRT_RSA_SHA1_PEM", data_files_path + "/test-ca-sha1.crt"), - ("binary", "TEST_CA_CRT_RSA_SHA1_DER", data_files_path + "/test-ca-sha1.crt.der"), - ("string", "TEST_CA_KEY_RSA_PEM", data_files_path + "/test-ca.key"), + ("binary", "TEST_CA_KEY_EC_DER", DATA_FILES_PATH + "/test-ca2.key.der"), + ("string", "TEST_CA_CRT_RSA_SHA256_PEM", DATA_FILES_PATH + "/test-ca-sha256.crt"), + ("binary", "TEST_CA_CRT_RSA_SHA256_DER", DATA_FILES_PATH + "/test-ca-sha256.crt.der"), + ("string", "TEST_CA_CRT_RSA_SHA1_PEM", DATA_FILES_PATH + "/test-ca-sha1.crt"), + ("binary", "TEST_CA_CRT_RSA_SHA1_DER", DATA_FILES_PATH + "/test-ca-sha1.crt.der"), + ("string", "TEST_CA_KEY_RSA_PEM", DATA_FILES_PATH + "/test-ca.key"), ("password", "TEST_CA_PWD_RSA_PEM", "PolarSSLTest"), - ("binary", "TEST_CA_KEY_RSA_DER", data_files_path + "/test-ca.key.der"), - ("string", "TEST_SRV_CRT_EC_PEM", data_files_path + "/server5.crt"), - ("binary", "TEST_SRV_CRT_EC_DER", data_files_path + "/server5.crt.der"), - ("string", "TEST_SRV_KEY_EC_PEM", data_files_path + "/server5.key"), - ("binary", "TEST_SRV_KEY_EC_DER", data_files_path + "/server5.key.der"), - ("string", "TEST_SRV_CRT_RSA_SHA256_PEM", data_files_path + "/server2-sha256.crt"), - ("binary", "TEST_SRV_CRT_RSA_SHA256_DER", data_files_path + "/server2-sha256.crt.der"), - ("string", "TEST_SRV_CRT_RSA_SHA1_PEM", data_files_path + "/server2.crt"), - ("binary", "TEST_SRV_CRT_RSA_SHA1_DER", data_files_path + "/server2.crt.der"), - ("string", "TEST_SRV_KEY_RSA_PEM", data_files_path + "/server2.key"), - ("binary", "TEST_SRV_KEY_RSA_DER", data_files_path + "/server2.key.der"), - ("string", "TEST_CLI_CRT_EC_PEM", data_files_path + "/cli2.crt"), - ("binary", "TEST_CLI_CRT_EC_DER", data_files_path + "/cli2.crt.der"), - ("string", "TEST_CLI_KEY_EC_PEM", data_files_path + "/cli2.key"), - ("binary", "TEST_CLI_KEY_EC_DER", data_files_path + "/cli2.key.der"), - ("string", "TEST_CLI_CRT_RSA_PEM", data_files_path + "/cli-rsa-sha256.crt"), - ("binary", "TEST_CLI_CRT_RSA_DER", data_files_path + "/cli-rsa-sha256.crt.der"), - ("string", "TEST_CLI_KEY_RSA_PEM", data_files_path + "/cli-rsa.key"), - ("binary", "TEST_CLI_KEY_RSA_DER", data_files_path + "/cli-rsa.key.der"), + ("binary", "TEST_CA_KEY_RSA_DER", DATA_FILES_PATH + "/test-ca.key.der"), + ("string", "TEST_SRV_CRT_EC_PEM", DATA_FILES_PATH + "/server5.crt"), + ("binary", "TEST_SRV_CRT_EC_DER", DATA_FILES_PATH + "/server5.crt.der"), + ("string", "TEST_SRV_KEY_EC_PEM", DATA_FILES_PATH + "/server5.key"), + ("binary", "TEST_SRV_KEY_EC_DER", DATA_FILES_PATH + "/server5.key.der"), + ("string", "TEST_SRV_CRT_RSA_SHA256_PEM", DATA_FILES_PATH + "/server2-sha256.crt"), + ("binary", "TEST_SRV_CRT_RSA_SHA256_DER", DATA_FILES_PATH + "/server2-sha256.crt.der"), + ("string", "TEST_SRV_CRT_RSA_SHA1_PEM", DATA_FILES_PATH + "/server2.crt"), + ("binary", "TEST_SRV_CRT_RSA_SHA1_DER", DATA_FILES_PATH + "/server2.crt.der"), + ("string", "TEST_SRV_KEY_RSA_PEM", DATA_FILES_PATH + "/server2.key"), + ("binary", "TEST_SRV_KEY_RSA_DER", DATA_FILES_PATH + "/server2.key.der"), + ("string", "TEST_CLI_CRT_EC_PEM", DATA_FILES_PATH + "/cli2.crt"), + ("binary", "TEST_CLI_CRT_EC_DER", DATA_FILES_PATH + "/cli2.crt.der"), + ("string", "TEST_CLI_KEY_EC_PEM", DATA_FILES_PATH + "/cli2.key"), + ("binary", "TEST_CLI_KEY_EC_DER", DATA_FILES_PATH + "/cli2.key.der"), + ("string", "TEST_CLI_CRT_RSA_PEM", DATA_FILES_PATH + "/cli-rsa-sha256.crt"), + ("binary", "TEST_CLI_CRT_RSA_DER", DATA_FILES_PATH + "/cli-rsa-sha256.crt.der"), + ("string", "TEST_CLI_KEY_RSA_PEM", DATA_FILES_PATH + "/cli-rsa.key"), + ("binary", "TEST_CLI_KEY_RSA_DER", DATA_FILES_PATH + "/cli-rsa.key.der"), ] def main(): parser = argparse.ArgumentParser() - default_output_path = os.path.join(this_dir, '..', 'test_certs.h') + default_output_path = os.path.join(THIS_DIR, '..', 'test_certs.h') parser.add_argument('--output', type=str, default=default_output_path) parser.add_argument('--list-dependencies', action='store_true') args = parser.parse_args() - if (args.list_dependencies is True): + if args.list_dependencies is True: files_list = [arg[2] for arg in INPUT_ARGS] print(" ".join(files_list)) return - return generate(INPUT_ARGS, output=args.output) + generate(INPUT_ARGS, output=args.output) #pylint: disable=dangerous-default-value, unused-argument def generate(values=[], output=None): """Generate C header file. """ - template_loader = jinja2.FileSystemLoader(data_files_path) + template_loader = jinja2.FileSystemLoader(DATA_FILES_PATH) template_env = jinja2.Environment( loader=template_loader, lstrip_blocks=True, trim_blocks=True) From 84dc3297fb6cfe34bfe57d3e152d29fc02f076f2 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Mon, 29 Apr 2024 17:33:48 +0200 Subject: [PATCH 154/429] generate_test_keys: use build_tree to guess the MbedTLS root path Signed-off-by: Valerio Setti --- tests/scripts/generate_test_keys.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/scripts/generate_test_keys.py b/tests/scripts/generate_test_keys.py index 85ff9186e2..0a71d56976 100755 --- a/tests/scripts/generate_test_keys.py +++ b/tests/scripts/generate_test_keys.py @@ -12,6 +12,7 @@ import re import argparse import scripts_path # pylint: disable=unused-import from mbedtls_dev.asymmetric_key_data import ASYMMETRIC_KEY_DATA +from mbedtls_dev.build_tree import guess_project_root OUTPUT_HEADER_FILE = os.path.dirname(os.path.abspath(__file__)) + "/../src/test_keys.h" BYTES_PER_LINE = 16 @@ -91,8 +92,7 @@ def get_look_up_table_entry(key_type: str, group_id_or_keybits: str, yield " {0}, sizeof({0}) }},".format(pub_array_name) def main() -> None: - current_path = os.path.dirname(os.path.realpath(__file__)) - default_output_path = current_path + "/../src/test_keys.h" + default_output_path = guess_project_root() + "/tests/src/test_keys.h" argparser = argparse.ArgumentParser() argparser.add_argument("--output", help="Output file", default=default_output_path) From c21147efe7ad1f4b5faf625053a094e43d2a65fc Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Mon, 29 Apr 2024 17:38:37 +0200 Subject: [PATCH 155/429] test_suite_pk: use explicit key bit size instead of RSA_KEY_SIZE Signed-off-by: Valerio Setti --- tests/suites/test_suite_pk.data | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/tests/suites/test_suite_pk.data b/tests/suites/test_suite_pk.data index 9a3781f3a7..2bc3848f37 100644 --- a/tests/suites/test_suite_pk.data +++ b/tests/suites/test_suite_pk.data @@ -10,21 +10,21 @@ valid_parameters_pkwrite:"308204a20201000282010100a9021f3d406ad555538bfd36ee8265 PK utils: RSA 1024-bit depends_on:MBEDTLS_RSA_C -pk_utils:MBEDTLS_PK_RSA:RSA_KEY_SIZE:RSA_KEY_SIZE:(RSA_KEY_SIZE + 7) / 8:"RSA" +pk_utils:MBEDTLS_PK_RSA:1024:1024:(1024 + 7) / 8:"RSA" # In the following 3 test cases we test a few different sizes that are not a # multiple of 8 and for which we have test data. PK utils: RSA 1026-bits depends_on:MBEDTLS_RSA_C -pk_utils:MBEDTLS_PK_RSA:RSA_KEY_SIZE + 2:RSA_KEY_SIZE + 2:(RSA_KEY_SIZE + 2 + 7) / 8:"RSA" +pk_utils:MBEDTLS_PK_RSA:1026:1026:(1026 + 7) / 8:"RSA" PK utils: RSA 1028-bits depends_on:MBEDTLS_RSA_C -pk_utils:MBEDTLS_PK_RSA:RSA_KEY_SIZE + 4:RSA_KEY_SIZE + 4:(RSA_KEY_SIZE + 4 + 7) / 8:"RSA" +pk_utils:MBEDTLS_PK_RSA:1028:1028:(1028 + 7) / 8:"RSA" PK utils: RSA 1030-bits depends_on:MBEDTLS_RSA_C -pk_utils:MBEDTLS_PK_RSA:RSA_KEY_SIZE + 6:RSA_KEY_SIZE + 6:(RSA_KEY_SIZE + 6 + 7) / 8:"RSA" +pk_utils:MBEDTLS_PK_RSA:1030:1030:(1030 + 7) / 8:"RSA" PK utils: ECKEY SECP192R1 depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_HAVE_SECP192R1 From dd90507dc679284d1c99f3e18bafeb51e539e221 Mon Sep 17 00:00:00 2001 From: Ryan Everett Date: Mon, 29 Apr 2024 18:24:58 +0100 Subject: [PATCH 156/429] Fix potential non-NULL slot return on failure If psa_get_and_lock_key_slot fails, the slot must be wiped. This fixes a bug where a pointer to some valid key slot can be incorrectly returned Signed-off-by: Ryan Everett --- library/psa_crypto_slot_management.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/library/psa_crypto_slot_management.c b/library/psa_crypto_slot_management.c index b184ed08c9..fbcb26ebc8 100644 --- a/library/psa_crypto_slot_management.c +++ b/library/psa_crypto_slot_management.c @@ -440,6 +440,9 @@ psa_status_t psa_get_and_lock_key_slot(mbedtls_svc_key_id_t key, status = PSA_ERROR_INVALID_HANDLE; #endif /* MBEDTLS_PSA_CRYPTO_STORAGE_C || MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS */ + if (status != PSA_SUCCESS) { + *p_slot = NULL; + } #if defined(MBEDTLS_THREADING_C) PSA_THREADING_CHK_RET(mbedtls_mutex_unlock( &mbedtls_threading_key_slot_mutex)); From 04e2b04f7fd11eb70f686feab62d4daefb6c5a9c Mon Sep 17 00:00:00 2001 From: Ryan Everett Date: Mon, 29 Apr 2024 18:26:19 +0100 Subject: [PATCH 157/429] Explicitly document return behaviour A bug existed previously where this guarantee was not met, causing some issues in multi-threaded code. Signed-off-by: Ryan Everett --- library/psa_crypto_slot_management.h | 3 +++ 1 file changed, 3 insertions(+) diff --git a/library/psa_crypto_slot_management.h b/library/psa_crypto_slot_management.h index bcfc9d8adc..a84be7d837 100644 --- a/library/psa_crypto_slot_management.h +++ b/library/psa_crypto_slot_management.h @@ -58,6 +58,9 @@ static inline int psa_key_id_is_volatile(psa_key_id_t key_id) * It is the responsibility of the caller to call psa_unregister_read(slot) * when they have finished reading the contents of the slot. * + * On failure, `*p_slot` is set to NULL. This ensures that it is always valid + * to call psa_unregister_read on the returned slot. + * * \param key Key identifier to query. * \param[out] p_slot On success, `*p_slot` contains a pointer to the * key slot containing the description of the key From 925b2d76f4b680776044e9a3dfbdb8a6f7107335 Mon Sep 17 00:00:00 2001 From: Ryan Everett Date: Mon, 29 Apr 2024 18:29:48 +0100 Subject: [PATCH 158/429] Clarify psa_get_and_lock_key_slot return behaviour Signed-off-by: Ryan Everett --- library/psa_crypto_slot_management.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/library/psa_crypto_slot_management.c b/library/psa_crypto_slot_management.c index fbcb26ebc8..9986a44969 100644 --- a/library/psa_crypto_slot_management.c +++ b/library/psa_crypto_slot_management.c @@ -424,6 +424,8 @@ psa_status_t psa_get_and_lock_key_slot(mbedtls_svc_key_id_t key, if (status != PSA_SUCCESS) { psa_wipe_key_slot(*p_slot); + /* If the key does not exist, we need to return + * PSA_ERROR_INVALID_HANDLE. */ if (status == PSA_ERROR_DOES_NOT_EXIST) { status = PSA_ERROR_INVALID_HANDLE; } From d338d0156f6c8883c11c47bf7949e2e56b849db2 Mon Sep 17 00:00:00 2001 From: "nilesh.kale" Date: Tue, 2 Apr 2024 18:10:39 +0530 Subject: [PATCH 159/429] Fixed issue of redefinition warning messages for _GNU_SOURCE Signed-off-by: nilesh.kale --- .../fix-redefination_warning_messages_for_GNU_SOURCE.txt | 5 +++++ library/entropy_poll.c | 4 +++- library/sha256.c | 2 ++ 3 files changed, 10 insertions(+), 1 deletion(-) create mode 100644 ChangeLog.d/fix-redefination_warning_messages_for_GNU_SOURCE.txt diff --git a/ChangeLog.d/fix-redefination_warning_messages_for_GNU_SOURCE.txt b/ChangeLog.d/fix-redefination_warning_messages_for_GNU_SOURCE.txt new file mode 100644 index 0000000000..ce2e9d57e4 --- /dev/null +++ b/ChangeLog.d/fix-redefination_warning_messages_for_GNU_SOURCE.txt @@ -0,0 +1,5 @@ +Bugfix + * Fix issue of redefinition warning messages for _GNU_SOURCE in + entropy_poll.c and sha_256.c. There was a build warning during + building for linux platform. + Resolves #9026 \ No newline at end of file diff --git a/library/entropy_poll.c b/library/entropy_poll.c index 794ee03a83..611768cd85 100644 --- a/library/entropy_poll.c +++ b/library/entropy_poll.c @@ -5,10 +5,12 @@ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ -#if defined(__linux__) || defined(__midipix__) && !defined(_GNU_SOURCE) +#if defined(__linux__) || defined(__midipix__) /* Ensure that syscall() is available even when compiling with -std=c99 */ +#if !defined(_GNU_SOURCE) #define _GNU_SOURCE #endif +#endif #include "common.h" diff --git a/library/sha256.c b/library/sha256.c index 87889817a4..8b2c34526b 100644 --- a/library/sha256.c +++ b/library/sha256.c @@ -44,7 +44,9 @@ #endif /* defined(__clang__) && (__clang_major__ >= 4) */ /* Ensure that SIG_SETMASK is defined when -std=c99 is used. */ +#if !defined(_GNU_SOURCE) #define _GNU_SOURCE +#endif #include "common.h" From 0ddab0ecee4642e13706328588056aaa2121c540 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Tue, 30 Apr 2024 06:49:46 +0200 Subject: [PATCH 160/429] generate_test_keys: add missing flush at the end of script Ensure that all the data is actually written to the output file. Signed-off-by: Valerio Setti --- tests/scripts/generate_test_keys.py | 2 ++ 1 file changed, 2 insertions(+) diff --git a/tests/scripts/generate_test_keys.py b/tests/scripts/generate_test_keys.py index 0a71d56976..6aac2301ec 100755 --- a/tests/scripts/generate_test_keys.py +++ b/tests/scripts/generate_test_keys.py @@ -91,6 +91,7 @@ def get_look_up_table_entry(key_type: str, group_id_or_keybits: str, yield " {0}, sizeof({0}),\n".format(priv_array_name) yield " {0}, sizeof({0}) }},".format(pub_array_name) +#pylint: disable=too-many-locals def main() -> None: default_output_path = guess_project_root() + "/tests/src/test_keys.h" @@ -166,6 +167,7 @@ struct predefined_key_element predefined_keys[] = { """) output_file.write("\n".join(look_up_table)) output_file.write("\n};\n") + output_file.flush() if __name__ == '__main__': main() From 28cc31c9d5bda6a7c036599a8ec603c67341a162 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Tue, 30 Apr 2024 06:53:51 +0200 Subject: [PATCH 161/429] md: fix guards for mbedtls_md_error_from_psa() This should be CRYPTO_CLIENT and not CRYPTO_C as this function can be used even when CRYPTO_C is not defined. Signed-off-by: Valerio Setti --- library/md.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/library/md.c b/library/md.c index 12a3ea2374..c95846aa04 100644 --- a/library/md.c +++ b/library/md.c @@ -41,7 +41,7 @@ #include "mbedtls/sha512.h" #include "mbedtls/sha3.h" -#if defined(MBEDTLS_PSA_CRYPTO_C) +#if defined(MBEDTLS_PSA_CRYPTO_CLIENT) #include #include "md_psa.h" #include "psa_util_internal.h" @@ -761,13 +761,13 @@ mbedtls_md_type_t mbedtls_md_get_type(const mbedtls_md_info_t *md_info) return md_info->type; } -#if defined(MBEDTLS_PSA_CRYPTO_C) +#if defined(MBEDTLS_PSA_CRYPTO_CLIENT) int mbedtls_md_error_from_psa(psa_status_t status) { return PSA_TO_MBEDTLS_ERR_LIST(status, psa_to_md_errors, psa_generic_status_to_mbedtls); } -#endif /* MBEDTLS_PSA_CRYPTO_C */ +#endif /* MBEDTLS_PSA_CRYPTO_CLIENT */ /************************************************************************ From 93f20f45d1ae045a9262613179c5de9f19ff4d32 Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Tue, 30 Apr 2024 09:09:30 +0100 Subject: [PATCH 162/429] Fix Changelog formatting Add EOL and remove trailing whitespaces. Signed-off-by: Janos Follath --- .../fix-redefination_warning_messages_for_GNU_SOURCE.txt | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/ChangeLog.d/fix-redefination_warning_messages_for_GNU_SOURCE.txt b/ChangeLog.d/fix-redefination_warning_messages_for_GNU_SOURCE.txt index ce2e9d57e4..b5c26505c2 100644 --- a/ChangeLog.d/fix-redefination_warning_messages_for_GNU_SOURCE.txt +++ b/ChangeLog.d/fix-redefination_warning_messages_for_GNU_SOURCE.txt @@ -1,5 +1,5 @@ Bugfix - * Fix issue of redefinition warning messages for _GNU_SOURCE in - entropy_poll.c and sha_256.c. There was a build warning during + * Fix issue of redefinition warning messages for _GNU_SOURCE in + entropy_poll.c and sha_256.c. There was a build warning during building for linux platform. - Resolves #9026 \ No newline at end of file + Resolves #9026 From c51e94837032ea71b13c5b5d225b5b18880d6455 Mon Sep 17 00:00:00 2001 From: Ryan Everett Date: Tue, 30 Apr 2024 14:04:17 +0100 Subject: [PATCH 163/429] Add changelog Signed-off-by: Ryan Everett --- ChangeLog.d/fix-concurrently-loading-non-existent-keys.txt | 4 ++++ 1 file changed, 4 insertions(+) create mode 100644 ChangeLog.d/fix-concurrently-loading-non-existent-keys.txt diff --git a/ChangeLog.d/fix-concurrently-loading-non-existent-keys.txt b/ChangeLog.d/fix-concurrently-loading-non-existent-keys.txt new file mode 100644 index 0000000000..8a406a12e8 --- /dev/null +++ b/ChangeLog.d/fix-concurrently-loading-non-existent-keys.txt @@ -0,0 +1,4 @@ +Bugfix + * Fix rare concurrent access bug where attempting to operate on a + non-existent key while concurrently creating a new key could potentially + corrupt the key store. From 3b81ea1e9ca5b6508ef0949190f92117153d9ed3 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 29 Apr 2024 17:42:52 +0200 Subject: [PATCH 164/429] Add some missing dependencies on crypto features Signed-off-by: Gilles Peskine --- tests/ssl-opt.sh | 24 +++++++++++++++++++++++- 1 file changed, 23 insertions(+), 1 deletion(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 63dc39d8f6..2740415e9a 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -2705,12 +2705,15 @@ run_test "Context-specific CRT verification callback" \ -C "error" # Tests for SHA-1 support +requires_hash_alg SHA_1 +requires_config_enabled MBEDTLS_RSA_C run_test "SHA-1 forbidden by default in server certificate" \ "$P_SRV key_file=data_files/server2.key crt_file=data_files/server2.crt" \ "$P_CLI debug_level=2 force_version=tls12 allow_sha1=0" \ 1 \ -c "The certificate is signed with an unacceptable hash" +requires_hash_alg SHA_1 run_test "SHA-1 explicitly allowed in server certificate" \ "$P_SRV key_file=data_files/server2.key crt_file=data_files/server2.crt" \ "$P_CLI force_version=tls12 allow_sha1=1" \ @@ -2721,17 +2724,23 @@ run_test "SHA-256 allowed by default in server certificate" \ "$P_CLI force_version=tls12 allow_sha1=0" \ 0 +requires_hash_alg SHA_1 +requires_config_enabled MBEDTLS_RSA_C run_test "SHA-1 forbidden by default in client certificate" \ "$P_SRV force_version=tls12 auth_mode=required allow_sha1=0" \ "$P_CLI key_file=data_files/cli-rsa.key crt_file=data_files/cli-rsa-sha1.crt" \ 1 \ -s "The certificate is signed with an unacceptable hash" +requires_hash_alg SHA_1 +requires_config_enabled MBEDTLS_RSA_C run_test "SHA-1 explicitly allowed in client certificate" \ "$P_SRV force_version=tls12 auth_mode=required allow_sha1=1" \ "$P_CLI key_file=data_files/cli-rsa.key crt_file=data_files/cli-rsa-sha1.crt" \ 0 +requires_config_enabled MBEDTLS_RSA_C +requires_hash_alg SHA_256 run_test "SHA-256 allowed by default in client certificate" \ "$P_SRV force_version=tls12 auth_mode=required allow_sha1=0" \ "$P_CLI key_file=data_files/cli-rsa.key crt_file=data_files/cli-rsa-sha256.crt" \ @@ -9076,11 +9085,24 @@ run_test "ECJPAKE: working, DTLS, nolog" \ # Test for ClientHello without extensions +# Without extensions, ECC is impossible (no curve negotiation). +requires_config_enabled MBEDTLS_RSA_C requires_gnutls -run_test "ClientHello without extensions" \ +run_test "ClientHello without extensions: RSA" \ "$P_SRV force_version=tls12 debug_level=3" \ "$G_CLI --priority=NORMAL:%NO_EXTENSIONS:%DISABLE_SAFE_RENEGOTIATION localhost" \ 0 \ + -s "Ciphersuite is .*-RSA-WITH-.*" \ + -S "Ciphersuite is .*-EC.*" \ + -s "dumping 'client hello extensions' (0 bytes)" + +requires_gnutls +run_test "ClientHello without extensions: PSK" \ + "$P_SRV force_version=tls12 debug_level=3 psk=73776f726466697368" \ + "$G_CLI --priority=NORMAL:+PSK:-RSA:-DHE-RSA:%NO_EXTENSIONS:%DISABLE_SAFE_RENEGOTIATION --pskusername=Client_identity --pskkey=73776f726466697368 localhost" \ + 0 \ + -s "Ciphersuite is .*-PSK-.*" \ + -S "Ciphersuite is .*-EC.*" \ -s "dumping 'client hello extensions' (0 bytes)" # Tests for mbedtls_ssl_get_bytes_avail() From 01fde2c3cc9012c5e6e329691a47114874a44065 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 29 Apr 2024 17:44:19 +0200 Subject: [PATCH 165/429] Force some test cases to use TLS 1.2 Some OpenSSL or GnuTLS interoperability test cases fail if the other implementation is recent enough to support TLS 1.3. Force those test cases to use TLS 1.2 so that the script works with more recent $OPENSSL or $GNUTLS_CLI or $GNUTLS_SERV than our official CI versions. Signed-off-by: Gilles Peskine --- tests/ssl-opt.sh | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 2740415e9a..875b8b8ace 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -3836,7 +3836,7 @@ run_test "Session resume using tickets: openssl server" \ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS run_test "Session resume using tickets: openssl client" \ - "$P_SRV debug_level=3 tickets=1" \ + "$P_SRV force_version=tls12 debug_level=3 tickets=1" \ "( $O_CLI -sess_out $SESSION; \ $O_CLI -sess_in $SESSION; \ rm -f $SESSION )" \ @@ -5675,7 +5675,7 @@ requires_gnutls requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Renego ext: gnutls client strict, server default" \ "$P_SRV debug_level=3" \ - "$G_CLI --priority=NORMAL:%SAFE_RENEGOTIATION localhost" \ + "$G_CLI --priority=NORMAL:-VERS-ALL:+VERS-TLS1.2:%SAFE_RENEGOTIATION localhost" \ 0 \ -s "received TLS_EMPTY_RENEGOTIATION_INFO\|found renegotiation extension" \ -s "server hello, secure renegotiation extension" @@ -5684,7 +5684,7 @@ requires_gnutls requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Renego ext: gnutls client unsafe, server default" \ "$P_SRV debug_level=3" \ - "$G_CLI --priority=NORMAL:%DISABLE_SAFE_RENEGOTIATION localhost" \ + "$G_CLI --priority=NORMAL:-VERS-ALL:+VERS-TLS1.2:%DISABLE_SAFE_RENEGOTIATION localhost" \ 0 \ -S "received TLS_EMPTY_RENEGOTIATION_INFO\|found renegotiation extension" \ -S "server hello, secure renegotiation extension" @@ -5693,7 +5693,7 @@ requires_gnutls requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Renego ext: gnutls client unsafe, server break legacy" \ "$P_SRV debug_level=3 allow_legacy=-1" \ - "$G_CLI --priority=NORMAL:%DISABLE_SAFE_RENEGOTIATION localhost" \ + "$G_CLI --priority=NORMAL:-VERS-ALL:+VERS-TLS1.2:%DISABLE_SAFE_RENEGOTIATION localhost" \ 1 \ -S "received TLS_EMPTY_RENEGOTIATION_INFO\|found renegotiation extension" \ -S "server hello, secure renegotiation extension" @@ -7823,7 +7823,7 @@ run_test "keyUsage cli-auth: RSA, KeyEncipherment: fail (soft)" \ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "keyUsage cli-auth: RSA, KeyEncipherment: fail (hard)" \ - "$P_SRV debug_level=1 auth_mode=required" \ + "$P_SRV debug_level=1 force_version=tls12 auth_mode=required" \ "$O_CLI -key data_files/server2.key \ -cert data_files/server2.ku-ke.crt" \ 1 \ @@ -8055,7 +8055,7 @@ run_test "extKeyUsage cli-auth: codeSign -> fail (soft)" \ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "extKeyUsage cli-auth: codeSign -> fail (hard)" \ - "$P_SRV debug_level=1 auth_mode=required" \ + "$P_SRV debug_level=1 force_version=tls12 auth_mode=required" \ "$O_CLI -key data_files/server5.key \ -cert data_files/server5.eku-cs.crt" \ 1 \ From dd782f4197832dfe9b2f579218631c0d0698beb4 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 29 Apr 2024 17:46:24 +0200 Subject: [PATCH 166/429] Default NEXT versions to be the base executables This allows many tests to pass with the system openssl and gnutls-*. As before, not all test cases will pass due to differences between versions and build options. Signed-off-by: Gilles Peskine --- tests/ssl-opt.sh | 26 ++++++++++++++++++++++++++ 1 file changed, 26 insertions(+) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 875b8b8ace..be458e034b 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -70,6 +70,32 @@ TCP_CLIENT="$PERL scripts/tcp_client.pl" # alternative versions of OpenSSL and GnuTLS (no default path) +# If $OPENSSL is at least 1.1.1, use it as OPENSSL_NEXT as well. +if [ -z "${OPENSSL_NEXT:-}" ]; then + case $($OPENSSL version) in + OpenSSL\ 1.1.[1-9]*) OPENSSL_NEXT=$OPENSSL;; + OpenSSL\ [3-9]*) OPENSSL_NEXT=$OPENSSL;; + esac +fi + +# If $GNUTLS_CLI is at least 3.7, use it as GNUTLS_NEXT_CLI as well. +if [ -z "${GNUTLS_NEXT_CLI:-}" ]; then + case $($GNUTLS_CLI --version) in + gnutls-cli\ 3.[1-9][0-9]*) GNUTLS_NEXT_CLI=$GNUTLS_CLI;; + gnutls-cli\ 3.[7-9].*) GNUTLS_NEXT_CLI=$GNUTLS_CLI;; + gnutls-cli\ [4-9]*) GNUTLS_NEXT_CLI=$GNUTLS_CLI;; + esac +fi + +# If $GNUTLS_SERV is at least 3.7, use it as GNUTLS_NEXT_SERV as well. +if [ -z "${GNUTLS_NEXT_SERV:-}" ]; then + case $($GNUTLS_SERV --version) in + gnutls-cli\ 3.[1-9][0-9]*) GNUTLS_NEXT_SERV=$GNUTLS_SERV;; + gnutls-cli\ 3.[7-9].*) GNUTLS_NEXT_SERV=$GNUTLS_SERV;; + gnutls-cli\ [4-9]*) GNUTLS_NEXT_SERV=$GNUTLS_SERV;; + esac +fi + if [ -n "${OPENSSL_NEXT:-}" ]; then O_NEXT_SRV="$OPENSSL_NEXT s_server -www -cert data_files/server5.crt -key data_files/server5.key" O_NEXT_SRV_EARLY_DATA="$OPENSSL_NEXT s_server -early_data -cert data_files/server5.crt -key data_files/server5.key" From 6191f4aeb567beb356eee03c984950f0cb10a559 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 29 Apr 2024 17:47:35 +0200 Subject: [PATCH 167/429] Add seme missing dependencies on renegotiation support Signed-off-by: Gilles Peskine --- tests/ssl-opt.sh | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index be458e034b..50798d36ce 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -5668,6 +5668,7 @@ run_test "Renegotiation: DTLS, gnutls server, client-initiated" \ # Test for the "secure renegotiation" extension only (no actual renegotiation) requires_gnutls +requires_config_enabled MBEDTLS_SSL_RENEGOTIATION requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Renego ext: gnutls server strict, client default" \ "$G_NEXT_SRV --priority=NORMAL:-VERS-ALL:+VERS-TLS1.2:%SAFE_RENEGOTIATION" \ @@ -5678,6 +5679,7 @@ run_test "Renego ext: gnutls server strict, client default" \ -c "HTTP/1.0 200 [Oo][Kk]" requires_gnutls +requires_config_enabled MBEDTLS_SSL_RENEGOTIATION requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Renego ext: gnutls server unsafe, client default" \ "$G_NEXT_SRV --priority=NORMAL:-VERS-ALL:+VERS-TLS1.2:%DISABLE_SAFE_RENEGOTIATION" \ @@ -5688,6 +5690,7 @@ run_test "Renego ext: gnutls server unsafe, client default" \ -c "HTTP/1.0 200 [Oo][Kk]" requires_gnutls +requires_config_enabled MBEDTLS_SSL_RENEGOTIATION requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Renego ext: gnutls server unsafe, client break legacy" \ "$G_NEXT_SRV --priority=NORMAL:-VERS-ALL:+VERS-TLS1.2:%DISABLE_SAFE_RENEGOTIATION" \ @@ -5698,6 +5701,7 @@ run_test "Renego ext: gnutls server unsafe, client break legacy" \ -C "HTTP/1.0 200 [Oo][Kk]" requires_gnutls +requires_config_enabled MBEDTLS_SSL_RENEGOTIATION requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Renego ext: gnutls client strict, server default" \ "$P_SRV debug_level=3" \ @@ -5707,6 +5711,7 @@ run_test "Renego ext: gnutls client strict, server default" \ -s "server hello, secure renegotiation extension" requires_gnutls +requires_config_enabled MBEDTLS_SSL_RENEGOTIATION requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Renego ext: gnutls client unsafe, server default" \ "$P_SRV debug_level=3" \ @@ -5716,6 +5721,7 @@ run_test "Renego ext: gnutls client unsafe, server default" \ -S "server hello, secure renegotiation extension" requires_gnutls +requires_config_enabled MBEDTLS_SSL_RENEGOTIATION requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Renego ext: gnutls client unsafe, server break legacy" \ "$P_SRV debug_level=3 allow_legacy=-1" \ From ff3b8211ffb9c4231e21bd452dd0426a248587a5 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 30 Apr 2024 14:25:30 +0200 Subject: [PATCH 168/429] Driver-only FFDH is not good enough for DHE support in TLS 1.2 Signed-off-by: Gilles Peskine --- docs/driver-only-builds.md | 5 +++++ tests/scripts/analyze_outcomes.py | 6 ++++++ 2 files changed, 11 insertions(+) diff --git a/docs/driver-only-builds.md b/docs/driver-only-builds.md index 4095d8ee77..5d950b068d 100644 --- a/docs/driver-only-builds.md +++ b/docs/driver-only-builds.md @@ -277,6 +277,11 @@ The same holds for the associated algorithm: `[PSA_WANT|MBEDTLS_PSA_ACCEL]_ALG_FFDH` allow builds accelerating FFDH and removing builtin support (i.e. `MBEDTLS_DHM_C`). +Note that the PSA API only supports FFDH with RFC 7919 groups, whereas the +Mbed TLS legacy API supports custom groups. As a consequence, the TLS layer +of Mbed TLS only supports DHE cipher suites if built-in FFDH +(`MBEDTLS_DHM_C`) is present, even when `MBEDTLS_USE_PSA_CRYPTO` is enabled. + RSA --- diff --git a/tests/scripts/analyze_outcomes.py b/tests/scripts/analyze_outcomes.py index 5b4deb6298..5193a3bd06 100755 --- a/tests/scripts/analyze_outcomes.py +++ b/tests/scripts/analyze_outcomes.py @@ -468,6 +468,12 @@ KNOWN_TASKS = { 'bignum.generated', 'bignum.misc', ], 'ignored_tests': { + 'ssl-opt': [ + # DHE support in TLS 1.2 requires built-in MBEDTLS_DHM_C + # (because it needs custom groups, which PSA does not + # provide), even with MBEDTLS_USE_PSA_CRYPTO. + re.compile(r'PSK callback:.*\bdhe-psk\b.*'), + ], 'test_suite_platform': [ # Incompatible with sanitizers (e.g. ASan). If the driver # component uses a sanitizer but the reference component From 30666d478b44082744c0a1832b68f98ad69a0c9f Mon Sep 17 00:00:00 2001 From: Andre Goddard Rosa Date: Wed, 1 May 2024 11:47:12 -0500 Subject: [PATCH 169/429] Add invalid `padding_len` check in `get_pkcs_padding` When trying to decrypt data with an invalid key, we found that `mbedtls` returned `0x6200` (`-25088`), which means "_CIPHER - Input data contains invalid padding and is rejected_" from `mbedtls_cipher_finish`, but it also set the output len as `18446744073709551516`. In case we detect an error with padding, we leave the output len zero'ed and return `MBEDTLS_ERR_CIPHER_INVALID_PADDING`. I believe that the current test cases are sufficient, as they fail if I return the alternative code `MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA`, so they do already expect a padding failure, but now we don't change the output len in the error case. Here's a reference for the way `openssl` checks the padding length: - https://github.com/openssl/openssl/blob/1848c561ec39a9ea91ff1bf740a554be274f98b0/crypto/evp/evp_enc.c#L1023 - https://github.com/openssl/openssl/commit/b554eef43b9ac5b92f590da6a120dbfd9ca0582e Signed-off-by: Andre Goddard Rosa Signed-off-by: Andre Goddard Rosa --- library/cipher.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/library/cipher.c b/library/cipher.c index 0683677eda..f883171921 100644 --- a/library/cipher.c +++ b/library/cipher.c @@ -849,6 +849,9 @@ static int get_pkcs_padding(unsigned char *input, size_t input_len, } padding_len = input[input_len - 1]; + if (padding_len == 0 || padding_len > (int)input_len) { + return MBEDTLS_ERR_CIPHER_INVALID_PADDING; + } *data_len = input_len - padding_len; mbedtls_ct_condition_t bad = mbedtls_ct_uint_gt(padding_len, input_len); From d0a1691b99ef2ad0ed9352ee4feaca6499be95b5 Mon Sep 17 00:00:00 2001 From: Andre Goddard Rosa Date: Wed, 1 May 2024 12:44:02 -0500 Subject: [PATCH 170/429] Remove unnecessary cast Signed-off-by: Andre Goddard Rosa Signed-off-by: Andre Goddard Rosa --- library/cipher.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/cipher.c b/library/cipher.c index f883171921..7f4c121492 100644 --- a/library/cipher.c +++ b/library/cipher.c @@ -849,7 +849,7 @@ static int get_pkcs_padding(unsigned char *input, size_t input_len, } padding_len = input[input_len - 1]; - if (padding_len == 0 || padding_len > (int)input_len) { + if (padding_len == 0 || padding_len > input_len) { return MBEDTLS_ERR_CIPHER_INVALID_PADDING; } *data_len = input_len - padding_len; From 1ca1f3d62f50d8c688b3716c46ab2f7e242eba6a Mon Sep 17 00:00:00 2001 From: Thomas Daubney Date: Thu, 2 May 2024 09:48:29 +0100 Subject: [PATCH 171/429] Restore Mbed TLS style AEAD options for now Signed-off-by: Thomas Daubney --- tests/scripts/all.sh | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index ecb15414bf..95053fb194 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -1904,6 +1904,10 @@ component_test_tls1_2_default_stream_cipher_only_use_psa () { scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CCM scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_GCM scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CHACHA20_POLY1305 + # Note: The three unsets below are to be removed for Mbed TLS 4.0 + scripts/config.py unset MBEDTLS_GCM_C + scripts/config.py unset MBEDTLS_CCM_C + scripts/config.py unset MBEDTLS_CHACHAPOLY_C #Disable TLS 1.3 (as no AEAD) scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3 # Disable CBC. Note: When implemented, PSA_WANT_ALG_CBC_MAC will also need to be unset here to fully disable CBC @@ -1962,6 +1966,10 @@ component_test_tls1_2_deafult_cbc_legacy_cipher_only_use_psa () { scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CCM scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_GCM scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CHACHA20_POLY1305 + # Note: The three unsets below are to be removed for Mbed TLS 4.0 + scripts/config.py unset MBEDTLS_GCM_C + scripts/config.py unset MBEDTLS_CCM_C + scripts/config.py unset MBEDTLS_CHACHAPOLY_C #Disable TLS 1.3 (as no AEAD) scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3 # Enable CBC-legacy (controlled by MBEDTLS_CIPHER_MODE_CBC plus at least one block cipher (AES, ARIA, Camellia, DES)) @@ -2022,6 +2030,10 @@ component_test_tls1_2_default_cbc_legacy_cbc_etm_cipher_only_use_psa () { scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CCM scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_GCM scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CHACHA20_POLY1305 + # Note: The three unsets below are to be removed for Mbed TLS 4.0 + scripts/config.py unset MBEDTLS_GCM_C + scripts/config.py unset MBEDTLS_CCM_C + scripts/config.py unset MBEDTLS_CHACHAPOLY_C #Disable TLS 1.3 (as no AEAD) scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3 # Enable CBC-legacy (controlled by MBEDTLS_CIPHER_MODE_CBC plus at least one block cipher (AES, ARIA, Camellia, DES)) From 5ce51b153c6ae44715289452c1b9e2479e6c7e2e Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Thu, 2 May 2024 14:40:03 +0200 Subject: [PATCH 172/429] generate_test_keys: do not quit script if output file already exists Signed-off-by: Valerio Setti --- tests/scripts/generate_test_keys.py | 4 ---- 1 file changed, 4 deletions(-) diff --git a/tests/scripts/generate_test_keys.py b/tests/scripts/generate_test_keys.py index 6aac2301ec..67e2abc0f3 100755 --- a/tests/scripts/generate_test_keys.py +++ b/tests/scripts/generate_test_keys.py @@ -100,10 +100,6 @@ def main() -> None: args = argparser.parse_args() output_file = args.output - # If the output file already exists, then we can quit (successfully) - if os.path.exists(output_file): - return - output_file = open(output_file, 'at') output_file.write( "/*********************************************************************************\n" + From 93b660b67ac8dc96de701d6c33b6f369b66a1333 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Thu, 2 May 2024 15:36:16 +0200 Subject: [PATCH 173/429] ChangeLog: Add missing reference to CVE in security entry Signed-off-by: Ronald Cron --- ChangeLog | 1 + 1 file changed, 1 insertion(+) diff --git a/ChangeLog b/ChangeLog index eae2a1977e..b691a0f2a0 100644 --- a/ChangeLog +++ b/ChangeLog @@ -144,6 +144,7 @@ Security * Fix a stack buffer overread (less than 256 bytes) when parsing a TLS 1.3 ClientHello in a TLS 1.3 server supporting some PSK key exchange mode. A malicious client could cause information disclosure or a denial of service. + Fixes CVE-2024-30166. * Passing buffers that are stored in untrusted memory as arguments to PSA functions is now secure by default. The PSA core now protects against modification of inputs or exposure From 72b980062daae64bcb0ad43c2c02a0f048c7a5db Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Thu, 25 Apr 2024 11:56:25 +0200 Subject: [PATCH 174/429] Update framework submodule Signed-off-by: Ronald Cron --- framework | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/framework b/framework index 750634d3a5..a627342536 160000 --- a/framework +++ b/framework @@ -1 +1 @@ -Subproject commit 750634d3a51eb9d61b59fd5d801546927c946588 +Subproject commit a627342536a9a9b7da1ff651821be264d86fff51 From 1e05debd607124c301f78fe772c6da78fc837f25 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Thu, 25 Apr 2024 12:24:00 +0200 Subject: [PATCH 175/429] Extend basic checks of files to framework files Signed-off-by: Ronald Cron --- tests/scripts/check_files.py | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/tests/scripts/check_files.py b/tests/scripts/check_files.py index d5a4b921e4..ea86439fbf 100755 --- a/tests/scripts/check_files.py +++ b/tests/scripts/check_files.py @@ -373,7 +373,7 @@ class LicenseIssueTracker(LineIssueTracker): r'3rdparty/(?!(p256-m)/.*)', # Documentation explaining the license may have accidental # false positives. - r'(ChangeLog|LICENSE|[-0-9A-Z_a-z]+\.md)\Z', + r'(ChangeLog|LICENSE|framework\/LICENSE|[-0-9A-Z_a-z]+\.md)\Z', # Files imported from TF-M, and not used except in test builds, # may be under a different license. r'configs/ext/crypto_config_profile_medium\.h\Z', @@ -381,6 +381,7 @@ class LicenseIssueTracker(LineIssueTracker): r'configs/ext/README\.md\Z', # Third-party file. r'dco\.txt\Z', + r'framework\/dco\.txt\Z', ] path_exemptions = re.compile('|'.join(BINARY_FILE_PATH_RE_LIST + LICENSE_EXEMPTION_RE_LIST)) @@ -486,7 +487,8 @@ class IntegrityChecker: These are the regular files commited into Git. """ - bytes_output = subprocess.check_output(['git', 'ls-files', '-z']) + bytes_output = subprocess.check_output(['git', 'ls-files', + '--recurse-submodules', '-z']) bytes_filepaths = bytes_output.split(b'\0')[:-1] ascii_filepaths = map(lambda fp: fp.decode('ascii'), bytes_filepaths) # Filter out directories. Normally Git doesn't list directories From 132d446c18f454aa19fb336a6efa26800e84c11c Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Thu, 2 May 2024 14:42:49 +0200 Subject: [PATCH 176/429] tests/CMakeLists: fix indentation Signed-off-by: Valerio Setti --- tests/CMakeLists.txt | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/tests/CMakeLists.txt b/tests/CMakeLists.txt index 83c48d292d..531404fc1d 100644 --- a/tests/CMakeLists.txt +++ b/tests/CMakeLists.txt @@ -80,10 +80,10 @@ if(GEN_FILES) WORKING_DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR} COMMAND - ${MBEDTLS_PYTHON_EXECUTABLE} - "${CMAKE_CURRENT_SOURCE_DIR}/scripts/generate_test_keys.py" - "--output" - "${CMAKE_CURRENT_SOURCE_DIR}/src/test_keys.h" + "${MBEDTLS_PYTHON_EXECUTABLE}" + "${CMAKE_CURRENT_SOURCE_DIR}/scripts/generate_test_keys.py" + "--output" + "${CMAKE_CURRENT_SOURCE_DIR}/src/test_keys.h" DEPENDS ${CMAKE_CURRENT_SOURCE_DIR}/scripts/generate_test_keys.py ) @@ -95,9 +95,9 @@ if(GEN_FILES) ${CMAKE_CURRENT_SOURCE_DIR} COMMAND "${MBEDTLS_PYTHON_EXECUTABLE}" - "${CMAKE_CURRENT_SOURCE_DIR}/scripts/generate_test_cert_macros.py" - "--output" - "${CMAKE_CURRENT_SOURCE_DIR}/src/test_certs.h" + "${CMAKE_CURRENT_SOURCE_DIR}/scripts/generate_test_cert_macros.py" + "--output" + "${CMAKE_CURRENT_SOURCE_DIR}/src/test_certs.h" DEPENDS ${CMAKE_CURRENT_SOURCE_DIR}/scripts/generate_test_cert_macros.py ) From 19f5566843fa7c4c16842c1df8e9f3b868d3121d Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Thu, 2 May 2024 14:43:45 +0200 Subject: [PATCH 177/429] generate_test_keys: remove left-over variable Signed-off-by: Valerio Setti --- tests/scripts/generate_test_keys.py | 1 - 1 file changed, 1 deletion(-) diff --git a/tests/scripts/generate_test_keys.py b/tests/scripts/generate_test_keys.py index 67e2abc0f3..102593fdec 100755 --- a/tests/scripts/generate_test_keys.py +++ b/tests/scripts/generate_test_keys.py @@ -14,7 +14,6 @@ import scripts_path # pylint: disable=unused-import from mbedtls_dev.asymmetric_key_data import ASYMMETRIC_KEY_DATA from mbedtls_dev.build_tree import guess_project_root -OUTPUT_HEADER_FILE = os.path.dirname(os.path.abspath(__file__)) + "/../src/test_keys.h" BYTES_PER_LINE = 16 def c_byte_array_literal_content(array_name: str, key_data: bytes) -> Iterator[str]: From 043aa9e2a2013b1a9472420f75b616b98f494777 Mon Sep 17 00:00:00 2001 From: Andre Goddard Rosa Date: Thu, 2 May 2024 09:51:49 -0500 Subject: [PATCH 178/429] Add check ensuring output is set to the least-harmful value in error cases With the robustness fix: `PASSED (125 suites, 26639 tests run)` Without the robustness fix: `FAILED (125 suites, 26639 tests run)` Signed-off-by: Andre Goddard Rosa Signed-off-by: Andre Goddard Rosa --- tests/suites/test_suite_cipher.function | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/tests/suites/test_suite_cipher.function b/tests/suites/test_suite_cipher.function index aca415095f..8e49d2d3b5 100644 --- a/tests/suites/test_suite_cipher.function +++ b/tests/suites/test_suite_cipher.function @@ -549,6 +549,10 @@ void enc_fail(int cipher_id, int pad_mode, int key_len, int length_val, /* encode length number of bytes from inbuf */ TEST_ASSERT(0 == mbedtls_cipher_update(&ctx, inbuf, length, encbuf, &outlen)); TEST_ASSERT(ret == mbedtls_cipher_finish(&ctx, encbuf + outlen, &outlen)); + if (0 != ret) { + /* Check output parameter is set to the least-harmful value on error */ + TEST_ASSERT(0 == outlen); + } /* done */ exit: @@ -826,6 +830,10 @@ void decrypt_test_vec(int cipher_id, int pad_mode, data_t *key, total_len += outlen; TEST_ASSERT(finish_result == mbedtls_cipher_finish(&ctx, output + outlen, &outlen)); + if (0 != finish_result) { + /* Check output parameter is set to the least-harmful value on error */ + TEST_ASSERT(0 == outlen); + } total_len += outlen; #if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C) int tag_expected = (ctx.cipher_info->mode == MBEDTLS_MODE_GCM || From 62a908d8694cc438606f0bf59c14c6fd43b226aa Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Thu, 25 Apr 2024 15:46:01 +0200 Subject: [PATCH 179/429] Extend C code style check to framework files Signed-off-by: Ronald Cron --- scripts/code_style.py | 29 +++++++++++++++++++++++++---- 1 file changed, 25 insertions(+), 4 deletions(-) diff --git a/scripts/code_style.py b/scripts/code_style.py index 07952b6cb5..9e3c75142a 100755 --- a/scripts/code_style.py +++ b/scripts/code_style.py @@ -75,16 +75,37 @@ def get_src_files(since: Optional[str]) -> List[str]: output = subprocess.check_output(["git", "ls-files"] + file_patterns, universal_newlines=True) src_files = output.split() + output = subprocess.check_output(["git", "-C", "framework", "ls-files"] + + file_patterns, universal_newlines=True) + framework_src_files = output.split() + if since: - # get all files changed in commits since the starting point - cmd = ["git", "log", since + "..HEAD", "--name-only", "--pretty=", "--"] + src_files + # get all files changed in commits since the starting point in ... + # ... the main repository + cmd = ["git", "log", since + "..HEAD", "--ignore-submodules", + "--name-only", "--pretty=", "--"] + src_files output = subprocess.check_output(cmd, universal_newlines=True) committed_changed_files = output.split() - # and also get all files with uncommitted changes + # ... the framework submodule + cmd = ["git", "-C", "framework", "log", since + "..HEAD", + "--name-only", "--pretty=", "--"] + framework_src_files + output = subprocess.check_output(cmd, universal_newlines=True) + committed_changed_files += ["framework/" + s for s in output.split()] + + # and also get all files with uncommitted changes in ... + # ... the main repository cmd = ["git", "diff", "--name-only", "--"] + src_files output = subprocess.check_output(cmd, universal_newlines=True) uncommitted_changed_files = output.split() - src_files = list(set(committed_changed_files + uncommitted_changed_files)) + # ... the framework submodule + cmd = ["git", "-C", "framework", "diff", "--name-only", "--"] + \ + framework_src_files + output = subprocess.check_output(cmd, universal_newlines=True) + uncommitted_changed_files += ["framework/" + s for s in output.split()] + + src_files = committed_changed_files + uncommitted_changed_files + else: + src_files += ["framework/" + s for s in framework_src_files] generated_files = list_generated_files() # Don't correct style for third-party files (and, for simplicity, From 7f6eabd9b1e43edb148d8c8d4fdd6ca1e3ecb268 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Fri, 3 May 2024 15:08:50 +0200 Subject: [PATCH 180/429] generated_test_keys: minor fixes - rewrite output file (do not append) - remove useless "os" import - move pylint for main() function Signed-off-by: Valerio Setti --- tests/scripts/generate_test_keys.py | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/tests/scripts/generate_test_keys.py b/tests/scripts/generate_test_keys.py index 102593fdec..dbb11e3836 100755 --- a/tests/scripts/generate_test_keys.py +++ b/tests/scripts/generate_test_keys.py @@ -6,7 +6,6 @@ """Module generating EC and RSA keys to be used in test_suite_pk instead of generating the required key at run time. This helps speeding up testing.""" -import os from typing import Iterator import re import argparse @@ -90,8 +89,8 @@ def get_look_up_table_entry(key_type: str, group_id_or_keybits: str, yield " {0}, sizeof({0}),\n".format(priv_array_name) yield " {0}, sizeof({0}) }},".format(pub_array_name) -#pylint: disable=too-many-locals def main() -> None: + #pylint: disable=too-many-locals default_output_path = guess_project_root() + "/tests/src/test_keys.h" argparser = argparse.ArgumentParser() @@ -99,7 +98,7 @@ def main() -> None: args = argparser.parse_args() output_file = args.output - output_file = open(output_file, 'at') + output_file = open(output_file, 'wt') output_file.write( "/*********************************************************************************\n" + " * This file was automatically generated from tests/scripts/generate_test_keys.py.\n" + From 5f37b25862a04bfe1b28c5263452dec744d43146 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Fri, 3 May 2024 15:34:06 +0200 Subject: [PATCH 181/429] generate_test_cert_macros: minor fixes - use build_tree to get the project root path - remove "if True" in an "if" statement Signed-off-by: Valerio Setti --- tests/scripts/generate_test_cert_macros.py | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/tests/scripts/generate_test_cert_macros.py b/tests/scripts/generate_test_cert_macros.py index 808bea4c25..1472370ffa 100755 --- a/tests/scripts/generate_test_cert_macros.py +++ b/tests/scripts/generate_test_cert_macros.py @@ -13,9 +13,11 @@ import os import sys import argparse import jinja2 +import scripts_path # pylint: disable=unused-import +from mbedtls_dev.build_tree import guess_project_root -THIS_DIR = os.path.dirname(os.path.abspath(__file__)) -DATA_FILES_PATH = os.path.join(THIS_DIR, '..', 'data_files') +TEST_DIR = os.path.join(guess_project_root(), 'tests') +DATA_FILES_PATH = os.path.join(TEST_DIR, 'data_files') INPUT_ARGS = [ ("string", "TEST_CA_CRT_EC_PEM", DATA_FILES_PATH + "/test-ca2.crt"), @@ -52,12 +54,12 @@ INPUT_ARGS = [ def main(): parser = argparse.ArgumentParser() - default_output_path = os.path.join(THIS_DIR, '..', 'test_certs.h') + default_output_path = os.path.join(TEST_DIR, 'src', 'test_certs.h') parser.add_argument('--output', type=str, default=default_output_path) parser.add_argument('--list-dependencies', action='store_true') args = parser.parse_args() - if args.list_dependencies is True: + if args.list_dependencies: files_list = [arg[2] for arg in INPUT_ARGS] print(" ".join(files_list)) return From d74d2ab9db5532c4b0727ac356699bb9c64ce596 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Fri, 3 May 2024 15:51:21 +0200 Subject: [PATCH 182/429] check-generated-files: add test_certs.h file to the list of checked items Signed-off-by: Valerio Setti --- tests/scripts/check-generated-files.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/tests/scripts/check-generated-files.sh b/tests/scripts/check-generated-files.sh index 96f122130a..92ed1739d6 100755 --- a/tests/scripts/check-generated-files.sh +++ b/tests/scripts/check-generated-files.sh @@ -132,6 +132,7 @@ check tests/scripts/generate_bignum_tests.py $(tests/scripts/generate_bignum_tes check tests/scripts/generate_ecp_tests.py $(tests/scripts/generate_ecp_tests.py --list) check tests/scripts/generate_psa_tests.py $(tests/scripts/generate_psa_tests.py --list) check tests/scripts/generate_test_keys.py tests/src/test_keys.h +check tests/scripts/generate_test_cert_macros.py tests/src/test_certs.h check scripts/generate_driver_wrappers.py $library_dir/psa_crypto_driver_wrappers.h $library_dir/psa_crypto_driver_wrappers_no_static.c # Additional checks for Mbed TLS only From 7661aa0e204eed21e6408bd1a6acdd9a1c571535 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Fri, 3 May 2024 10:12:01 +0200 Subject: [PATCH 183/429] Do not use --recurse-submodules On the CI, the git version when running on Ubuntu 16.04 is 2.7 and it does not support the "--recurse-submodules" option of "git ls-files" thus do not use it. Another argument to not use it is that when TF-PSA-Crypto will be a submodule of mbedtls we will not want check_files.py to check the TF-PSA-Crypto files as well. Signed-off-by: Ronald Cron --- tests/scripts/check_files.py | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) diff --git a/tests/scripts/check_files.py b/tests/scripts/check_files.py index ea86439fbf..cbef4e9ed8 100755 --- a/tests/scripts/check_files.py +++ b/tests/scripts/check_files.py @@ -487,10 +487,17 @@ class IntegrityChecker: These are the regular files commited into Git. """ - bytes_output = subprocess.check_output(['git', 'ls-files', - '--recurse-submodules', '-z']) - bytes_filepaths = bytes_output.split(b'\0')[:-1] + bytes_output = subprocess.check_output(['git', '-C', 'framework', + 'ls-files', '-z']) + bytes_framework_filepaths = bytes_output.split(b'\0')[:-1] + bytes_framework_filepaths = ["framework/".encode() + filepath + for filepath in bytes_framework_filepaths] + + bytes_output = subprocess.check_output(['git', 'ls-files', '-z']) + bytes_filepaths = bytes_output.split(b'\0')[:-1] + \ + bytes_framework_filepaths ascii_filepaths = map(lambda fp: fp.decode('ascii'), bytes_filepaths) + # Filter out directories. Normally Git doesn't list directories # (it only knows about the files inside them), but there is # at least one case where 'git ls-files' includes a directory: From c16048887e9984cb87a8ee6e3254067842606132 Mon Sep 17 00:00:00 2001 From: Minos Galanakis Date: Fri, 3 May 2024 15:39:38 +0100 Subject: [PATCH 184/429] Added work directory for the psa client/server testing epic Signed-off-by: Minos Galanakis --- tests/psa-client-server/README.md | 6 ++++++ 1 file changed, 6 insertions(+) create mode 100644 tests/psa-client-server/README.md diff --git a/tests/psa-client-server/README.md b/tests/psa-client-server/README.md new file mode 100644 index 0000000000..e6d9c873bc --- /dev/null +++ b/tests/psa-client-server/README.md @@ -0,0 +1,6 @@ +### PSA Crypto Client-Server Testing + +Everything in this directory should currently be considered experimental. We are adding features and extending CI support for it. + +Once stable, of production quality, and being tested by the CI, it will eventually be migrated into +the [MbedTLS framework repository](https://github.com/Mbed-TLS/mbedtls-framework). From 4f4ade9c34cd757f91cbd734e9a341133ed7b577 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Fri, 3 May 2024 17:28:04 +0200 Subject: [PATCH 185/429] psa-client-server: move psasim from framework repo to the mbedtls one This is a temporary fix that will be reverted once the framework repository will have CI checks. Signed-off-by: Valerio Setti --- tests/psa-client-server/psasim/.gitignore | 12 + tests/psa-client-server/psasim/Makefile | 23 + tests/psa-client-server/psasim/README.md | 61 ++ .../psasim/include/psa/client.h | 73 ++ .../psasim/include/psa/common.h | 53 ++ .../psasim/include/psa/error.h | 38 + .../psasim/include/psa/lifecycle.h | 17 + .../psasim/include/psa/service.h | 251 +++++++ .../psasim/include/psa/util.h | 33 + .../psasim/include/psasim/init.h | 15 + tests/psa-client-server/psasim/src/Makefile | 17 + tests/psa-client-server/psasim/src/client.c | 392 ++++++++++ tests/psa-client-server/psasim/src/common.c | 8 + tests/psa-client-server/psasim/src/service.c | 668 ++++++++++++++++++ tests/psa-client-server/psasim/test/Makefile | 29 + tests/psa-client-server/psasim/test/client.c | 48 ++ .../psasim/test/manifest.json | 29 + .../psa-client-server/psasim/test/run_test.sh | 34 + tests/psa-client-server/psasim/test/server.c | 119 ++++ .../psasim/tools/psa_autogen.py | 165 +++++ 20 files changed, 2085 insertions(+) create mode 100644 tests/psa-client-server/psasim/.gitignore create mode 100644 tests/psa-client-server/psasim/Makefile create mode 100644 tests/psa-client-server/psasim/README.md create mode 100644 tests/psa-client-server/psasim/include/psa/client.h create mode 100644 tests/psa-client-server/psasim/include/psa/common.h create mode 100644 tests/psa-client-server/psasim/include/psa/error.h create mode 100644 tests/psa-client-server/psasim/include/psa/lifecycle.h create mode 100644 tests/psa-client-server/psasim/include/psa/service.h create mode 100644 tests/psa-client-server/psasim/include/psa/util.h create mode 100644 tests/psa-client-server/psasim/include/psasim/init.h create mode 100644 tests/psa-client-server/psasim/src/Makefile create mode 100644 tests/psa-client-server/psasim/src/client.c create mode 100644 tests/psa-client-server/psasim/src/common.c create mode 100644 tests/psa-client-server/psasim/src/service.c create mode 100644 tests/psa-client-server/psasim/test/Makefile create mode 100644 tests/psa-client-server/psasim/test/client.c create mode 100644 tests/psa-client-server/psasim/test/manifest.json create mode 100755 tests/psa-client-server/psasim/test/run_test.sh create mode 100644 tests/psa-client-server/psasim/test/server.c create mode 100755 tests/psa-client-server/psasim/tools/psa_autogen.py diff --git a/tests/psa-client-server/psasim/.gitignore b/tests/psa-client-server/psasim/.gitignore new file mode 100644 index 0000000000..4065abf771 --- /dev/null +++ b/tests/psa-client-server/psasim/.gitignore @@ -0,0 +1,12 @@ +bin/* +*.o +*.so +test/psa_ff_bootstrap.c +test/psa_manifest/* +test/client +test/partition +cscope.out +*.orig +*.swp +*.DS_Store +*psa_ff_bootstrap_* diff --git a/tests/psa-client-server/psasim/Makefile b/tests/psa-client-server/psasim/Makefile new file mode 100644 index 0000000000..a84483c8f8 --- /dev/null +++ b/tests/psa-client-server/psasim/Makefile @@ -0,0 +1,23 @@ +CFLAGS ?= -Wall -Werror -std=c99 -D_XOPEN_SOURCE=1 -D_POSIX_C_SOURCE=200809L + +ifeq ($(DEBUG),1) + CFLAGS += -DDEBUG -O0 -g +endif + +.PHONY: all lib test run + +all: lib test + +lib: + $(MAKE) -C src CFLAGS="$(CFLAGS)" + +test: lib + $(MAKE) -C test CFLAGS="$(CFLAGS)" + +clean: + rm -f $(PSA_LIB) $(PSA_LIB_OBJS) + $(MAKE) -C test clean + $(MAKE) -C src clean + +run: test + cd test && ./run_test.sh diff --git a/tests/psa-client-server/psasim/README.md b/tests/psa-client-server/psasim/README.md new file mode 100644 index 0000000000..1b950d6b1d --- /dev/null +++ b/tests/psa-client-server/psasim/README.md @@ -0,0 +1,61 @@ +# psasim + +This tool simulates a PSA Firmware Framework implementation. +It allows you to develop secure partitions and their clients on a desktop computer. +It should be able to run on all systems that support POSIX and System V IPC: +e.g. macOS, Linux, FreeBSD, and perhaps Windows 10 WSL2. + +Please note that the code in this directory is maintained by the Mbed TLS / PSA Crypto project solely for the purpose of testing the use of Mbed TLS with client/service separation. We do not recommend using this code for any other purpose. In particular: + +* This simulator is not intended to pass or demonstrate compliance. +* This code is only intended for simulation and does not have any security goals. It does not isolate services from clients. + +## Building + +To build and run the test program make sure you have `make`, `python` and a +C compiler installed and then enter the following commands: + +```sh +make run +``` + +Optionally the `DEBUG=1` command line option can be enabled to increase verbosity: + +```sh +make DEBUG=1 run +``` + +Once done with the test, it is possible to clean all the generated files with: + +```sh +make clean +``` + +## Features + +The implemented API is intended to be compliant with PSA-FF 1.0.0 with the exception of a couple of things that are a work in progress: + +* `psa_notify` support +* "strict" policy in manifest + +The only supported "interrupts" are POSIX signals, which act +as a "virtual interrupt". + +The standard PSA RoT APIs are not included (e.g. cryptography, attestation, lifecycle etc). + +## Design + +The code is designed to be readable rather than fast or secure. +In this implementation only one message is delivered to a +RoT service at a time. +The code is not thread-safe. + +## Unsupported features + +Because this is a simulator there are a few things that +can't be reasonably emulated: + +* Manifest MMIO regions are unsupported +* Manifest priority field is ignored +* Partition IDs are in fact POSIX `pid_t`, which are only assigned at runtime, + making it infeasible to populate pid.h with correct values. diff --git a/tests/psa-client-server/psasim/include/psa/client.h b/tests/psa-client-server/psasim/include/psa/client.h new file mode 100644 index 0000000000..d1af993f4f --- /dev/null +++ b/tests/psa-client-server/psasim/include/psa/client.h @@ -0,0 +1,73 @@ +/* PSA Firmware Framework client header for psasim. */ + +/* + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + */ + +#ifndef __PSA_CLIENT_H__ +#define __PSA_CLIENT_H__ + +#ifdef __cplusplus +extern "C" { +#endif + +#include +#include + +#include "psa/error.h" +/*********************** PSA Client Macros and Types *************************/ + +#define PSA_FRAMEWORK_VERSION (0x0100) + +#define PSA_VERSION_NONE (0) + +/* PSA response types */ +#define PSA_CONNECTION_REFUSED PSA_ERROR_CONNECTION_REFUSED +#define PSA_CONNECTION_BUSY PSA_ERROR_CONNECTION_BUSY +#define PSA_DROP_CONNECTION PSA_ERROR_PROGRAMMER_ERROR + +/* PSA message handles */ +#define PSA_NULL_HANDLE ((psa_handle_t) 0) + +#define PSA_HANDLE_IS_VALID(handle) ((psa_handle_t) (handle) > 0) +#define PSA_HANDLE_TO_ERROR(handle) ((psa_status_t) (handle)) + +/** + * A read-only input memory region provided to an RoT Service. + */ +typedef struct psa_invec { + const void *base; + size_t len; +} psa_invec; + +/** + * A writable output memory region provided to an RoT Service. + */ +typedef struct psa_outvec { + void *base; + size_t len; +} psa_outvec; + +/*************************** PSA Client API **********************************/ + +uint32_t psa_framework_version(void); + +uint32_t psa_version(uint32_t sid); + +psa_handle_t psa_connect(uint32_t sid, uint32_t version); + +psa_status_t psa_call(psa_handle_t handle, + int32_t type, + const psa_invec *in_vec, + size_t in_len, + psa_outvec *out_vec, + size_t out_len); + +void psa_close(psa_handle_t handle); + +#ifdef __cplusplus +} +#endif + +#endif /* __PSA_CLIENT_H__ */ diff --git a/tests/psa-client-server/psasim/include/psa/common.h b/tests/psa-client-server/psasim/include/psa/common.h new file mode 100644 index 0000000000..d0205d291a --- /dev/null +++ b/tests/psa-client-server/psasim/include/psa/common.h @@ -0,0 +1,53 @@ +/* Common definitions used for clients and services */ + +/* + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + */ + +#ifndef _COMMON_H_ +#define _COMMON_H_ + +#include +#include + +/* Increasing this might break on some platforms */ +#define MAX_FRAGMENT_SIZE 200 + +#define CONNECT_REQUEST 1 +#define CALL_REQUEST 2 +#define CLOSE_REQUEST 3 +#define VERSION_REQUEST 4 +#define READ_REQUEST 5 +#define READ_RESPONSE 6 +#define WRITE_REQUEST 7 +#define WRITE_RESPONSE 8 +#define SKIP_REQUEST 9 +#define PSA_REPLY 10 + +#define NON_SECURE (1 << 30) + +typedef int32_t psa_status_t; +typedef int32_t psa_handle_t; + +#define PSA_MAX_IOVEC (4u) + +#define PSA_IPC_CALL (0) + +struct message_text { + int qid; + int32_t psa_type; + char buf[MAX_FRAGMENT_SIZE]; +}; + +struct message { + long message_type; + struct message_text message_text; +}; + +typedef struct vector_sizes { + size_t invec_sizes[PSA_MAX_IOVEC]; + size_t outvec_sizes[PSA_MAX_IOVEC]; +} vector_sizes_t; + +#endif /* _COMMON_H_ */ diff --git a/tests/psa-client-server/psasim/include/psa/error.h b/tests/psa-client-server/psasim/include/psa/error.h new file mode 100644 index 0000000000..44fc0b1cbf --- /dev/null +++ b/tests/psa-client-server/psasim/include/psa/error.h @@ -0,0 +1,38 @@ +/* PSA status codes used by psasim. */ + +/* + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + */ + +#ifndef PSA_ERROR_H +#define PSA_ERROR_H + +#include + +#include "psa/common.h" + +#define PSA_SUCCESS ((psa_status_t) 0) + +#define PSA_ERROR_PROGRAMMER_ERROR ((psa_status_t) -129) +#define PSA_ERROR_CONNECTION_REFUSED ((psa_status_t) -130) +#define PSA_ERROR_CONNECTION_BUSY ((psa_status_t) -131) +#define PSA_ERROR_GENERIC_ERROR ((psa_status_t) -132) +#define PSA_ERROR_NOT_PERMITTED ((psa_status_t) -133) +#define PSA_ERROR_NOT_SUPPORTED ((psa_status_t) -134) +#define PSA_ERROR_INVALID_ARGUMENT ((psa_status_t) -135) +#define PSA_ERROR_INVALID_HANDLE ((psa_status_t) -136) +#define PSA_ERROR_BAD_STATE ((psa_status_t) -137) +#define PSA_ERROR_BUFFER_TOO_SMALL ((psa_status_t) -138) +#define PSA_ERROR_ALREADY_EXISTS ((psa_status_t) -139) +#define PSA_ERROR_DOES_NOT_EXIST ((psa_status_t) -140) +#define PSA_ERROR_INSUFFICIENT_MEMORY ((psa_status_t) -141) +#define PSA_ERROR_INSUFFICIENT_STORAGE ((psa_status_t) -142) +#define PSA_ERROR_INSUFFICIENT_DATA ((psa_status_t) -143) +#define PSA_ERROR_SERVICE_FAILURE ((psa_status_t) -144) +#define PSA_ERROR_COMMUNICATION_FAILURE ((psa_status_t) -145) +#define PSA_ERROR_STORAGE_FAILURE ((psa_status_t) -146) +#define PSA_ERROR_HARDWARE_FAILURE ((psa_status_t) -147) +#define PSA_ERROR_INVALID_SIGNATURE ((psa_status_t) -149) + +#endif diff --git a/tests/psa-client-server/psasim/include/psa/lifecycle.h b/tests/psa-client-server/psasim/include/psa/lifecycle.h new file mode 100644 index 0000000000..1148397a88 --- /dev/null +++ b/tests/psa-client-server/psasim/include/psa/lifecycle.h @@ -0,0 +1,17 @@ +/* PSA lifecycle states used by psasim. */ + +/* + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + */ + +#define PSA_LIFECYCLE_PSA_STATE_MASK (0xff00u) +#define PSA_LIFECYCLE_IMP_STATE_MASK (0x00ffu) +#define PSA_LIFECYCLE_UNKNOWN (0x0000u) +#define PSA_LIFECYCLE_ASSEMBLY_AND_TEST (0x1000u) +#define PSA_LIFECYCLE_PSA_ROT_PROVISIONING (0x2000u) +#define PSA_LIFECYCLE_SECURED (0x3000u) +#define PSA_LIFECYCLE_NON_PSA_ROT_DEBUG (0x4000u) +#define PSA_LIFECYCLE_RECOVERABLE_PSA_ROT_DEBUG (0x5000u) +#define PSA_LIFECYCLE_DECOMMISSIONED (0x6000u) +#define psa_rot_lifecycle_state(void) PSA_LIFECYCLE_UNKNOWN diff --git a/tests/psa-client-server/psasim/include/psa/service.h b/tests/psa-client-server/psasim/include/psa/service.h new file mode 100644 index 0000000000..c8c00245ae --- /dev/null +++ b/tests/psa-client-server/psasim/include/psa/service.h @@ -0,0 +1,251 @@ +/* PSA Firmware Framework service header for psasim. */ + +/* + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + */ + +#ifndef __PSA_SERVICE_H__ +#define __PSA_SERVICE_H__ + +#ifdef __cplusplus +extern "C" { +#endif +#include +#include +#include + +#include "psa/common.h" + +/********************** PSA Secure Partition Macros and Types ****************/ + +/* PSA wait timeouts */ +#define PSA_POLL (0x00000000u) +#define PSA_BLOCK (0x80000000u) + +/* A mask value that includes all Secure Partition signals */ +#define PSA_WAIT_ANY (~0u) + +/* Doorbell signal */ +#define PSA_DOORBELL (0x00000008u) + +/* PSA message types */ +#define PSA_IPC_CONNECT (-1) +#define PSA_IPC_DISCONNECT (-2) + +/* Return code from psa_get() */ +#define PSA_ERR_NOMSG (INT32_MIN + 3) + +/* Store a set of one or more Secure Partition signals */ +typedef uint32_t psa_signal_t; + +/** + * Describe a message received by an RoT Service after calling \ref psa_get(). + */ +typedef struct psa_msg_t { + uint32_t type; /* One of the following values: + * \ref PSA_IPC_CONNECT + * \ref PSA_IPC_CALL + * \ref PSA_IPC_DISCONNECT + */ + psa_handle_t handle; /* A reference generated by the SPM to the + * message returned by psa_get(). + */ + int32_t client_id; /* Partition ID of the sender of the message */ + void *rhandle; /* Be useful for binding a connection to some + * application-specific data or function + * pointer within the RoT Service + * implementation. + */ + size_t in_size[PSA_MAX_IOVEC]; /* Provide the size of each client input + * vector in bytes. + */ + size_t out_size[PSA_MAX_IOVEC];/* Provide the size of each client output + * vector in bytes. + */ +} psa_msg_t; + +/************************* PSA Secure Partition API **************************/ + +/** + * \brief Return the Secure Partition interrupt signals that have been asserted + * from a subset of signals provided by the caller. + * + * \param[in] signal_mask A set of signals to query. Signals that are not + * in this set will be ignored. + * \param[in] timeout Specify either blocking \ref PSA_BLOCK or + * polling \ref PSA_POLL operation. + * + * \retval >0 At least one signal is asserted. + * \retval 0 No signals are asserted. This is only seen when + * a polling timeout is used. + */ +psa_signal_t psa_wait(psa_signal_t signal_mask, uint32_t timeout); + +/** + * \brief Retrieve the message which corresponds to a given RoT Service signal + * and remove the message from the RoT Service queue. + * + * \param[in] signal The signal value for an asserted RoT Service. + * \param[out] msg Pointer to \ref psa_msg_t object for receiving + * the message. + * + * \retval PSA_SUCCESS Success, *msg will contain the delivered + * message. + * \retval PSA_ERR_NOMSG Message could not be delivered. + * \retval "Does not return" The call is invalid because one or more of the + * following are true: + * \arg signal has more than a single bit set. + * \arg signal does not correspond to an RoT Service. + * \arg The RoT Service signal is not currently + * asserted. + * \arg The msg pointer provided is not a valid memory + * reference. + */ +psa_status_t psa_get(psa_signal_t signal, psa_msg_t *msg); + +/** + * \brief Associate some RoT Service private data with a client connection. + * + * \param[in] msg_handle Handle for the client's message. + * \param[in] rhandle Reverse handle allocated by the RoT Service. + * + * \retval void Success, rhandle will be provided with all + * subsequent messages delivered on this + * connection. + * \retval "Does not return" msg_handle is invalid. + */ +void psa_set_rhandle(psa_handle_t msg_handle, void *rhandle); + +/** + * \brief Read a message parameter or part of a message parameter from a client + * input vector. + * + * \param[in] msg_handle Handle for the client's message. + * \param[in] invec_idx Index of the input vector to read from. Must be + * less than \ref PSA_MAX_IOVEC. + * \param[out] buffer Buffer in the Secure Partition to copy the + * requested data to. + * \param[in] num_bytes Maximum number of bytes to be read from the + * client input vector. + * + * \retval >0 Number of bytes copied. + * \retval 0 There was no remaining data in this input + * vector. + * \retval "Does not return" The call is invalid, one or more of the + * following are true: + * \arg msg_handle is invalid. + * \arg msg_handle does not refer to a + * \ref PSA_IPC_CALL message. + * \arg invec_idx is equal to or greater than + * \ref PSA_MAX_IOVEC. + * \arg the memory reference for buffer is invalid or + * not writable. + */ +size_t psa_read(psa_handle_t msg_handle, uint32_t invec_idx, + void *buffer, size_t num_bytes); + +/** + * \brief Skip over part of a client input vector. + * + * \param[in] msg_handle Handle for the client's message. + * \param[in] invec_idx Index of input vector to skip from. Must be + * less than \ref PSA_MAX_IOVEC. + * \param[in] num_bytes Maximum number of bytes to skip in the client + * input vector. + * + * \retval >0 Number of bytes skipped. + * \retval 0 There was no remaining data in this input + * vector. + * \retval "Does not return" The call is invalid, one or more of the + * following are true: + * \arg msg_handle is invalid. + * \arg msg_handle does not refer to a + * \ref PSA_IPC_CALL message. + * \arg invec_idx is equal to or greater than + * \ref PSA_MAX_IOVEC. + */ +size_t psa_skip(psa_handle_t msg_handle, uint32_t invec_idx, size_t num_bytes); + +/** + * \brief Write a message response to a client output vector. + * + * \param[in] msg_handle Handle for the client's message. + * \param[out] outvec_idx Index of output vector in message to write to. + * Must be less than \ref PSA_MAX_IOVEC. + * \param[in] buffer Buffer with the data to write. + * \param[in] num_bytes Number of bytes to write to the client output + * vector. + * + * \retval void Success + * \retval "Does not return" The call is invalid, one or more of the + * following are true: + * \arg msg_handle is invalid. + * \arg msg_handle does not refer to a + * \ref PSA_IPC_CALL message. + * \arg outvec_idx is equal to or greater than + * \ref PSA_MAX_IOVEC. + * \arg The memory reference for buffer is invalid. + * \arg The call attempts to write data past the end + * of the client output vector. + */ +void psa_write(psa_handle_t msg_handle, uint32_t outvec_idx, + const void *buffer, size_t num_bytes); + +/** + * \brief Complete handling of a specific message and unblock the client. + * + * \param[in] msg_handle Handle for the client's message. + * \param[in] status Message result value to be reported to the + * client. + * + * \retval void Success. + * \retval "Does not return" The call is invalid, one or more of the + * following are true: + * \arg msg_handle is invalid. + * \arg An invalid status code is specified for the + * type of message. + */ +void psa_reply(psa_handle_t msg_handle, psa_status_t status); + +/** + * \brief Send a PSA_DOORBELL signal to a specific Secure Partition. + * + * \param[in] partition_id Secure Partition ID of the target partition. + * + * \retval void Success. + * \retval "Does not return" partition_id does not correspond to a Secure + * Partition. + */ +void psa_notify(int32_t partition_id); + +/** + * \brief Clear the PSA_DOORBELL signal. + * + * \retval void Success. + * \retval "Does not return" The Secure Partition's doorbell signal is not + * currently asserted. + */ +void psa_clear(void); + +/** + * \brief Inform the SPM that an interrupt has been handled (end of interrupt). + * + * \param[in] irq_signal The interrupt signal that has been processed. + * + * \retval void Success. + * \retval "Does not return" The call is invalid, one or more of the + * following are true: + * \arg irq_signal is not an interrupt signal. + * \arg irq_signal indicates more than one signal. + * \arg irq_signal is not currently asserted. + */ +void psa_eoi(psa_signal_t irq_signal); + +#define psa_panic(X) abort(); + +#ifdef __cplusplus +} +#endif + +#endif /* __PSA_SERVICE_H__ */ diff --git a/tests/psa-client-server/psasim/include/psa/util.h b/tests/psa-client-server/psasim/include/psa/util.h new file mode 100644 index 0000000000..c3669a125d --- /dev/null +++ b/tests/psa-client-server/psasim/include/psa/util.h @@ -0,0 +1,33 @@ +/* Common definitions used for clients and services */ + +/* + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + */ + +#include "psa/service.h" + +#define PRINT(fmt, ...) \ + fprintf(stdout, fmt "\n", ##__VA_ARGS__) + +#if defined(DEBUG) +#define INFO(fmt, ...) \ + fprintf(stdout, "Info (%s - %d): " fmt "\n", __FILE__, __LINE__, ##__VA_ARGS__) + +#define ERROR(fmt, ...) \ + fprintf(stdout, "Error (%s - %d): " fmt "\n", __FILE__, __LINE__, ##__VA_ARGS__) + +#define FATAL(fmt, ...) \ + { \ + fprintf(stdout, "Fatal (%s - %d): " fmt "\n", __FILE__, __LINE__, ##__VA_ARGS__); \ + abort(); \ + } +#else /* DEBUG */ +#define INFO(...) +#define ERROR(...) +#define FATAL(...) +#endif /* DEBUG*/ + +#define PROJECT_ID 'M' +#define PATHNAMESIZE 256 +#define TMP_FILE_BASE_PATH "./" diff --git a/tests/psa-client-server/psasim/include/psasim/init.h b/tests/psa-client-server/psasim/include/psasim/init.h new file mode 100644 index 0000000000..9496fc2a1c --- /dev/null +++ b/tests/psa-client-server/psasim/include/psasim/init.h @@ -0,0 +1,15 @@ +/* Declarations of internal functions. */ + +/* + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + */ + +#include +#include +void raise_signal(psa_signal_t signal); +void __init_psasim(const char **array, + int size, + const int allow_ns_clients_array[32], + const uint32_t versions[32], + const int strict_policy_array[32]); diff --git a/tests/psa-client-server/psasim/src/Makefile b/tests/psa-client-server/psasim/src/Makefile new file mode 100644 index 0000000000..fc6ba25aab --- /dev/null +++ b/tests/psa-client-server/psasim/src/Makefile @@ -0,0 +1,17 @@ +INCLUDE = -I../include/ +PSA_LIB = libpsaff.a + +PSA_LIB_OBJS = client.o service.o + +.PHONY: all lib + +all: $(PSA_LIB) + +%.o: %.c + $(CC) $(INCLUDE) $(CFLAGS) -c $< -o $@ + +$(PSA_LIB): $(PSA_LIB_OBJS) + $(AR) rcs $(PSA_LIB) client.o service.o + +clean: + rm -f $(PSA_LIB) $(PSA_LIB_OBJS) diff --git a/tests/psa-client-server/psasim/src/client.c b/tests/psa-client-server/psasim/src/client.c new file mode 100644 index 0000000000..5a3986e32c --- /dev/null +++ b/tests/psa-client-server/psasim/src/client.c @@ -0,0 +1,392 @@ +/* PSA firmware framework client API */ + +/* + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + */ + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include "psa/client.h" +#include "psa/common.h" +#include "psa/error.h" +#include "psa/util.h" + +typedef struct internal_handle { + int server_qid; + int client_qid; + int internal_server_qid; + int valid; +} internal_handle_t; + +typedef struct vectors { + const psa_invec *in_vec; + size_t in_len; + psa_outvec *out_vec; + size_t out_len; +} vectors_t; + +/* Note that this implementation is functional and not secure */ +int __psa_ff_client_security_state = NON_SECURE; + +/* Access to this global is not thread safe */ +#define MAX_HANDLES 32 +static internal_handle_t handles[MAX_HANDLES] = { { 0 } }; + +static int get_next_free_handle() +{ + /* Never return handle 0 as it's a special null handle */ + for (int i = 1; i < MAX_HANDLES; i++) { + if (handles[i].valid == 0) { + return i; + } + } + return -1; +} + +static int handle_is_valid(psa_handle_t handle) +{ + if (handle > 0 && handle < MAX_HANDLES) { + if (handles[handle].valid == 1) { + return 1; + } + } + ERROR("ERROR: Invalid handle"); + return 0; +} + +static int get_queue_info(char *path, int *cqid, int *sqid) +{ + + key_t server_queue_key; + int rx_qid, server_qid; + + INFO("Attempting to contact a RoT service queue"); + + if ((rx_qid = msgget(IPC_PRIVATE, 0660)) == -1) { + ERROR("msgget: rx_qid"); + return -1; + } + + if ((server_queue_key = ftok(path, PROJECT_ID)) == -1) { + ERROR("ftok"); + return -2; + } + + if ((server_qid = msgget(server_queue_key, 0)) == -1) { + ERROR("msgget: server_qid"); + return -3; + } + + *cqid = rx_qid; + *sqid = server_qid; + + return 0; +} + +static psa_status_t process_response(int rx_qid, vectors_t *vecs, int type, + int *internal_server_qid) +{ + + struct message response, request; + psa_status_t ret = PSA_ERROR_CONNECTION_REFUSED; + size_t invec_seek[4] = { 0 }; + size_t data_size; + psa_status_t invec, outvec; /* TODO: Should these be size_t ? */ + + assert(internal_server_qid > 0); + + while (1) { + data_size = 0; + invec = 0; + outvec = 0; + + // read response from server + if (msgrcv(rx_qid, &response, sizeof(struct message_text), 0, 0) == -1) { + ERROR(" msgrcv failed"); + return ret; + } + + // process return message from server + switch (response.message_type) { + case PSA_REPLY: + memcpy(&ret, response.message_text.buf, sizeof(psa_status_t)); + INFO(" Message received from server: %d", ret); + if (type == PSA_IPC_CONNECT && ret > 0) { + *internal_server_qid = ret; + INFO(" ASSSIGNED q ID %d", *internal_server_qid); + ret = PSA_SUCCESS; + } + return ret; + break; + case READ_REQUEST: + /* read data request */ + request.message_type = READ_RESPONSE; + + assert(vecs != 0); + + memcpy(&invec, response.message_text.buf, sizeof(psa_status_t)); + memcpy(&data_size, response.message_text.buf+sizeof(size_t), sizeof(size_t)); + INFO(" Partition asked for %lu bytes from invec %d", data_size, invec); + + /* need to add more checks here */ + assert(invec >= 0 && invec < PSA_MAX_IOVEC); + + if (data_size > MAX_FRAGMENT_SIZE) { + data_size = MAX_FRAGMENT_SIZE; + } + + /* send response */ + INFO(" invec_seek[invec] is %lu", invec_seek[invec]); + INFO(" Reading from offset %p", vecs->in_vec[invec].base + invec_seek[invec]); + memcpy(request.message_text.buf, + (vecs->in_vec[invec].base + invec_seek[invec]), + data_size); + + /* update invec base TODO: check me */ + invec_seek[invec] = invec_seek[invec] + data_size; + + INFO(" Sending message of type %li", request.message_type); + INFO(" with content %s", request.message_text.buf); + + if (msgsnd(*internal_server_qid, &request, + sizeof(int) + sizeof(uint32_t) + data_size, 0) == -1) { + ERROR("Internal error: failed to respond to read request"); + } + break; + case WRITE_REQUEST: + assert(vecs != 0); + + request.message_type = WRITE_RESPONSE; + + memcpy(&outvec, response.message_text.buf, sizeof(psa_status_t)); + memcpy(&data_size, response.message_text.buf + sizeof(size_t), sizeof(size_t)); + INFO(" Partition wants to write %lu bytes to outvec %d", data_size, outvec); + + assert(outvec >= 0 && outvec < PSA_MAX_IOVEC); + + /* copy memory into message and send back amount written */ + size_t sofar = vecs->out_vec[outvec].len; + memcpy(vecs->out_vec[outvec].base + sofar, + response.message_text.buf+(sizeof(size_t)*2), data_size); + INFO(" Data size is %lu", data_size); + vecs->out_vec[outvec].len += data_size; + + INFO(" Sending message of type %li", request.message_type); + + /* send response */ + if (msgsnd(*internal_server_qid, &request, sizeof(int) + data_size, 0) == -1) { + ERROR("Internal error: failed to respond to write request"); + } + break; + case SKIP_REQUEST: + memcpy(&invec, response.message_text.buf, sizeof(psa_status_t)); + memcpy(&data_size, response.message_text.buf+sizeof(size_t), sizeof(size_t)); + INFO(" Partition asked to skip %lu bytes in invec %d", data_size, invec); + assert(invec >= 0 && invec < PSA_MAX_IOVEC); + /* update invec base TODO: check me */ + invec_seek[invec] = invec_seek[invec] + data_size; + break; + + default: + FATAL(" ERROR: unknown internal message type: %ld", + response.message_type); + return ret; + } + } +} + +static psa_status_t send(int rx_qid, int server_qid, int *internal_server_qid, + int32_t type, uint32_t minor_version, vectors_t *vecs) +{ + { + psa_status_t ret = PSA_ERROR_CONNECTION_REFUSED; + size_t request_msg_size = (sizeof(int) + sizeof(long)); /* msg type plus queue id */ + struct message request; + request.message_type = 1; /* TODO: change this */ + request.message_text.psa_type = type; + vector_sizes_t vec_sizes; + + /* If the client is non-secure then set the NS bit */ + if (__psa_ff_client_security_state != 0) { + request.message_type |= NON_SECURE; + } + + assert(request.message_type >= 0); + + INFO("SEND: Sending message of type %ld with psa_type %d", request.message_type, type); + INFO(" internal_server_qid = %i", *internal_server_qid); + + request.message_text.qid = rx_qid; + + if (type == PSA_IPC_CONNECT) { + memcpy(request.message_text.buf, &minor_version, sizeof(minor_version)); + request_msg_size = request_msg_size + sizeof(minor_version); + INFO(" Request msg size is %lu", request_msg_size); + } else { + assert(internal_server_qid > 0); + } + + if (vecs != NULL && type >= PSA_IPC_CALL) { + + memset(&vec_sizes, 0, sizeof(vec_sizes)); + + /* Copy invec sizes */ + for (size_t i = 0; i < (vecs->in_len); i++) { + vec_sizes.invec_sizes[i] = vecs->in_vec[i].len; + INFO(" Client sending vector %lu: %lu", i, vec_sizes.invec_sizes[i]); + } + + /* Copy outvec sizes */ + for (size_t i = 0; i < (vecs->out_len); i++) { + vec_sizes.outvec_sizes[i] = vecs->out_vec[i].len; + + /* Reset to 0 since we need to eventually fill in with bytes written */ + vecs->out_vec[i].len = 0; + } + + memcpy(request.message_text.buf, &vec_sizes, sizeof(vec_sizes)); + request_msg_size = request_msg_size + sizeof(vec_sizes); + } + + INFO(" Sending and then waiting"); + + // send message to server + if (msgsnd(server_qid, &request, request_msg_size, 0) == -1) { + ERROR(" msgsnd failed"); + return ret; + } + + return process_response(rx_qid, vecs, type, internal_server_qid); + } +} + + +uint32_t psa_framework_version(void) +{ + return PSA_FRAMEWORK_VERSION; +} + +psa_handle_t psa_connect(uint32_t sid, uint32_t minor_version) +{ + + int idx; + psa_status_t ret; + char pathname[PATHNAMESIZE] = { 0 }; + + idx = get_next_free_handle(); + + /* if there's a free handle available */ + if (idx >= 0) { + snprintf(pathname, PATHNAMESIZE - 1, TMP_FILE_BASE_PATH "psa_service_%u", sid); + INFO("Attempting to contact RoT service at %s", pathname); + + /* if communication is possible */ + if (get_queue_info(pathname, &handles[idx].client_qid, &handles[idx].server_qid) >= 0) { + + ret = send(handles[idx].client_qid, + handles[idx].server_qid, + &handles[idx].internal_server_qid, + PSA_IPC_CONNECT, + minor_version, + NULL); + + /* if connection accepted by RoT service */ + if (ret >= 0) { + handles[idx].valid = 1; + return idx; + } else { + INFO("Server didn't like you"); + } + } else { + INFO("Couldn't contact RoT service. Does it exist?"); + + if (__psa_ff_client_security_state == 0) { + ERROR("Invalid SID"); + } + } + } + + INFO("Couldn't obtain a free handle"); + return PSA_ERROR_CONNECTION_REFUSED; +} + +uint32_t psa_version(uint32_t sid) +{ + int idx; + psa_status_t ret; + char pathname[PATHNAMESIZE] = { 0 }; + + idx = get_next_free_handle(); + + if (idx >= 0) { + snprintf(pathname, PATHNAMESIZE, TMP_FILE_BASE_PATH "psa_service_%u", sid); + if (get_queue_info(pathname, &handles[idx].client_qid, &handles[idx].server_qid) >= 0) { + ret = send(handles[idx].client_qid, + handles[idx].server_qid, + &handles[idx].internal_server_qid, + VERSION_REQUEST, + 0, + NULL); + INFO("psa_version: Recieved from server %d", ret); + if (ret > 0) { + return ret; + } + } + } + INFO("psa_version failed: does the service exist?"); + return PSA_VERSION_NONE; +} + +psa_status_t psa_call(psa_handle_t handle, + int32_t type, + const psa_invec *in_vec, + size_t in_len, + psa_outvec *out_vec, + size_t out_len) +{ + + handle_is_valid(handle); + + if ((in_len + out_len) > PSA_MAX_IOVEC) { + ERROR("Too many iovecs: %lu + %lu", in_len, out_len); + } + + vectors_t vecs = { 0 }; + vecs.in_vec = in_vec; + vecs.in_len = in_len; + vecs.out_vec = out_vec; + vecs.out_len = out_len; + + return send(handles[handle].client_qid, + handles[handle].server_qid, + &handles[handle].internal_server_qid, + type, + 0, + &vecs); +} + +void psa_close(psa_handle_t handle) +{ + handle_is_valid(handle); + if (send(handles[handle].client_qid, handles[handle].server_qid, + &handles[handle].internal_server_qid, PSA_IPC_DISCONNECT, 0, NULL)) { + ERROR("ERROR: Couldn't send disconnect msg"); + } else { + if (msgctl(handles[handle].client_qid, IPC_RMID, NULL) != 0) { + ERROR("ERROR: Failed to delete msg queue"); + } + } + INFO("Closing handle %u", handle); + handles[handle].valid = 0; +} diff --git a/tests/psa-client-server/psasim/src/common.c b/tests/psa-client-server/psasim/src/common.c new file mode 100644 index 0000000000..287bb504ae --- /dev/null +++ b/tests/psa-client-server/psasim/src/common.c @@ -0,0 +1,8 @@ +/* Common code between clients and services */ + +/* + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + */ + +#include "psa/common.h" diff --git a/tests/psa-client-server/psasim/src/service.c b/tests/psa-client-server/psasim/src/service.c new file mode 100644 index 0000000000..b2b6a08f54 --- /dev/null +++ b/tests/psa-client-server/psasim/src/service.c @@ -0,0 +1,668 @@ +/* PSA Firmware Framework service API */ + +/* + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + */ + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include "psa/service.h" +#include "psasim/init.h" +#include "psa/error.h" +#include "psa/common.h" +#include "psa/util.h" + +#define MAX_CLIENTS 128 +#define MAX_MESSAGES 32 + +#define SLEEP_MS 50 + +struct connection { + uint32_t client; + void *rhandle; + int client_to_server_q; +}; + +/* Note that this implementation is functional and not secure. */ +extern int __psa_ff_client_security_state; + +static psa_msg_t messages[MAX_MESSAGES]; /* Message slots */ +static uint8_t pending_message[MAX_MESSAGES] = { 0 }; /* Booleans indicating active message slots */ +static uint32_t message_client[MAX_MESSAGES] = { 0 }; /* Each client's response queue */ +static int nsacl[32]; +static int strict_policy[32] = { 0 }; +static uint32_t rot_svc_versions[32]; +static int rot_svc_incoming_queue[32] = { -1 }; +static struct connection connections[MAX_CLIENTS] = { { 0 } }; + +static uint32_t exposed_signals = 0; + +void print_vectors(vector_sizes_t *sizes) +{ + INFO("Printing iovec sizes"); + for (int j = 0; j < PSA_MAX_IOVEC; j++) { + INFO("Invec %d: %lu", j, sizes->invec_sizes[j]); + } + + for (int j = 0; j < PSA_MAX_IOVEC; j++) { + INFO("Outvec %d: %lu", j, sizes->outvec_sizes[j]); + } +} + +int find_connection(uint32_t client) +{ + for (int i = 1; i < MAX_CLIENTS; i++) { + if (client == connections[i].client) { + return i; + } + } + return -1; +} + +void destroy_connection(uint32_t client) +{ + int idx = find_connection(client); + if (idx >= 0) { + connections[idx].client = 0; + connections[idx].rhandle = 0; + INFO("Destroying connection"); + } else { + ERROR("Couldn't destroy connection for %u", client); + } +} + +int find_free_connection() +{ + INFO("Allocating connection"); + return find_connection(0); +} + +static void reply(psa_handle_t msg_handle, psa_status_t status) +{ + pending_message[msg_handle] = 1; + psa_reply(msg_handle, status); + pending_message[msg_handle] = 0; +} + +psa_signal_t psa_wait(psa_signal_t signal_mask, uint32_t timeout) +{ + psa_signal_t mask; + struct message msg; + vector_sizes_t sizes; + struct msqid_ds qinfo; + uint32_t requested_version; + ssize_t len; + int idx; +#if !defined(PSASIM_USE_USLEEP) + const struct timespec ts_delay = { .tv_sec = 0, .tv_nsec = SLEEP_MS * 1000000 }; +#endif + + if (timeout == PSA_POLL) { + INFO("psa_wait: Called in polling mode"); + } + + do { + mask = signal_mask; + + /* Check the status of each queue */ + for (int i = 0; i < 32; i++) { + if (mask & 0x1) { + if (i < 3) { + // do nothing (reserved) + } else if (i == 3) { + // this must be psa doorbell + } else { + /* Check if this signal corresponds to a queue */ + if (rot_svc_incoming_queue[i] >= 0 && (pending_message[i] == 0)) { + + /* AFAIK there is no "peek" method in SysV, so try to get a message */ + len = msgrcv(rot_svc_incoming_queue[i], + &msg, + sizeof(struct message_text), + 0, + IPC_NOWAIT); + if (len > 0) { + + INFO("Storing that QID in message_client[%d]", i); + INFO("The message handle will be %d", i); + + msgctl(rot_svc_incoming_queue[i], IPC_STAT, &qinfo); + messages[i].client_id = qinfo.msg_lspid; /* PID of last msgsnd(2) call */ + message_client[i] = msg.message_text.qid; + idx = find_connection(msg.message_text.qid); + + if (msg.message_type & NON_SECURE) { + /* This is a non-secure message */ + + /* Check if NS client is allowed for this RoT service */ + if (nsacl[i] <= 0) { +#if 0 + INFO( + "Rejecting non-secure client due to manifest security policy"); + reply(i, PSA_ERROR_CONNECTION_REFUSED); + continue; /* Skip to next signal */ +#endif + } + + msg.message_type &= ~(NON_SECURE); /* clear */ + messages[i].client_id = messages[i].client_id * -1; + } + + INFO("Got a message from client ID %d", messages[i].client_id); + INFO("Message type is %lu", msg.message_type); + INFO("PSA message type is %d", msg.message_text.psa_type); + + messages[i].handle = i; + + switch (msg.message_text.psa_type) { + case PSA_IPC_CONNECT: + + if (len >= 16) { + memcpy(&requested_version, msg.message_text.buf, + sizeof(requested_version)); + INFO("Requesting version %u", requested_version); + INFO("Implemented version %u", rot_svc_versions[i]); + /* TODO: need to check whether the policy is strict, + * and if so, then reject the client if the number doesn't match */ + + if (requested_version > rot_svc_versions[i]) { + INFO( + "Rejecting client because requested version that was too high"); + reply(i, PSA_ERROR_CONNECTION_REFUSED); + continue; /* Skip to next signal */ + } + + if (strict_policy[i] == 1 && + (requested_version != rot_svc_versions[i])) { + INFO( + "Rejecting client because enforcing a STRICT version policy"); + reply(i, PSA_ERROR_CONNECTION_REFUSED); + continue; /* Skip to next signal */ + } else { + INFO("Not rejecting client"); + } + } + + messages[i].type = PSA_IPC_CONNECT; + + if (idx < 0) { + idx = find_free_connection(); + } + + if (idx >= 0) { + connections[idx].client = msg.message_text.qid; + } else { + /* We've run out of system wide connections */ + reply(i, PSA_ERROR_CONNECTION_BUSY); + ERROR("Ran out of free connections"); + continue; + } + + break; + case PSA_IPC_DISCONNECT: + messages[i].type = PSA_IPC_DISCONNECT; + break; + case VERSION_REQUEST: + INFO("Got a version request"); + reply(i, rot_svc_versions[i]); + continue; /* Skip to next signal */ + break; + + default: + + /* PSA CALL */ + if (msg.message_text.psa_type >= 0) { + messages[i].type = msg.message_text.psa_type; + memcpy(&sizes, msg.message_text.buf, sizeof(sizes)); + print_vectors(&sizes); + memcpy(&messages[i].in_size, &sizes.invec_sizes, + (sizeof(size_t) * PSA_MAX_IOVEC)); + memcpy(&messages[i].out_size, &sizes.outvec_sizes, + (sizeof(size_t) * PSA_MAX_IOVEC)); + } else { + FATAL("UNKNOWN MESSAGE TYPE RECEIVED %li", + msg.message_type); + } + break; + } + messages[i].handle = i; + + /* Check if the client has a connection */ + if (idx >= 0) { + messages[i].rhandle = connections[idx].rhandle; + } else { + /* Client is begging for a programmer error */ + reply(i, PSA_ERROR_PROGRAMMER_ERROR); + continue; + } + + /* House keeping */ + pending_message[i] = 1; /* set message as pending */ + exposed_signals |= (0x1 << i); /* assert the signal */ + } + } + } + mask = mask >> 1; + } + } + + if ((timeout == PSA_BLOCK) && (exposed_signals > 0)) { + break; + } else { + /* There is no 'select' function in SysV to block on multiple queues, so busy-wait :( */ +#if defined(PSASIM_USE_USLEEP) + usleep(SLEEP_MS * 1000); +#else /* PSASIM_USE_USLEEP */ + nanosleep(&ts_delay, NULL); +#endif /* PSASIM_USE_USLEEP */ + } + } while (timeout == PSA_BLOCK); + + /* Assert signals */ + return signal_mask & exposed_signals; +} + +static int signal_to_index(psa_signal_t signal) +{ + int i; + int count = 0; + int ret = -1; + + for (i = 0; i < 32; i++) { + if (signal & 0x1) { + ret = i; + count++; + } + signal = signal >> 1; + } + + if (count > 1) { + ERROR("ERROR: Too many signals"); + return -1; /* Too many signals */ + } + return ret; +} + +static void clear_signal(psa_signal_t signal) +{ + exposed_signals = exposed_signals & ~signal; +} + +void raise_signal(psa_signal_t signal) +{ + exposed_signals |= signal; +} + +psa_status_t psa_get(psa_signal_t signal, psa_msg_t *msg) +{ + int index = signal_to_index(signal); + if (index < 0) { + ERROR("Bad signal"); + } + + clear_signal(signal); + + assert(messages[index].handle != 0); + + if (pending_message[index] == 1) { + INFO("There is a pending message!"); + memcpy(msg, &messages[index], sizeof(struct psa_msg_t)); + assert(msg->handle != 0); + return PSA_SUCCESS; + } else { + INFO("no pending message"); + } + + return PSA_ERROR_DOES_NOT_EXIST; +} + +static inline int is_valid_msg_handle(psa_handle_t h) +{ + if (h > 0 && h < MAX_MESSAGES) { + return 1; + } + ERROR("Not a valid message handle"); + return 0; +} + +static inline int is_call_msg(psa_handle_t h) +{ + assert(messages[h].type >= PSA_IPC_CALL); + return 1; +} + +void psa_set_rhandle(psa_handle_t msg_handle, void *rhandle) +{ + is_valid_msg_handle(msg_handle); + int idx = find_connection(message_client[msg_handle]); + INFO("Setting rhandle to %p", rhandle); + assert(idx >= 0); + connections[idx].rhandle = rhandle; +} + +/* Sends a message from the server to the client. Does not wait for a response */ +static void send_msg(psa_handle_t msg_handle, + int ctrl_msg, + psa_status_t status, + size_t amount, + const void *data, + size_t data_amount) +{ + struct message response; + int flags = 0; + + assert(ctrl_msg > 0); /* According to System V, it must be greater than 0 */ + + response.message_type = ctrl_msg; + if (ctrl_msg == PSA_REPLY) { + memcpy(response.message_text.buf, &status, sizeof(psa_status_t)); + } else if (ctrl_msg == READ_REQUEST || ctrl_msg == WRITE_REQUEST || ctrl_msg == SKIP_REQUEST) { + memcpy(response.message_text.buf, &status, sizeof(psa_status_t)); + memcpy(response.message_text.buf+sizeof(size_t), &amount, sizeof(size_t)); + if (ctrl_msg == WRITE_REQUEST) { + /* TODO: Check if too big */ + memcpy(response.message_text.buf + (sizeof(size_t) * 2), data, data_amount); + } + } + + /* TODO: sizeof doesn't need to be so big here for small responses */ + if (msgsnd(message_client[msg_handle], &response, sizeof(response.message_text), flags) == -1) { + ERROR("Failed to reply"); + } +} + +static size_t skip(psa_handle_t msg_handle, uint32_t invec_idx, size_t num_bytes) +{ + if (num_bytes < (messages[msg_handle].in_size[invec_idx] - num_bytes)) { + messages[msg_handle].in_size[invec_idx] = messages[msg_handle].in_size[invec_idx] - + num_bytes; + return num_bytes; + } else { + if (num_bytes >= messages[msg_handle].in_size[invec_idx]) { + size_t ret = messages[msg_handle].in_size[invec_idx]; + messages[msg_handle].in_size[invec_idx] = 0; + return ret; + } else { + return num_bytes; + } + } +} + +size_t psa_read(psa_handle_t msg_handle, uint32_t invec_idx, + void *buffer, size_t num_bytes) +{ + size_t sofar = 0; + struct message msg = { 0 }; + int idx; + ssize_t len; + + is_valid_msg_handle(msg_handle); + is_call_msg(msg_handle); + + if (invec_idx >= PSA_MAX_IOVEC) { + ERROR("Invalid iovec number"); + } + + /* If user wants more data than what's available, truncate their request */ + if (num_bytes > messages[msg_handle].in_size[invec_idx]) { + num_bytes = messages[msg_handle].in_size[invec_idx]; + } + + while (sofar < num_bytes) { + INFO("Server: requesting %lu bytes from client", (num_bytes - sofar)); + send_msg(msg_handle, READ_REQUEST, invec_idx, (num_bytes - sofar), NULL, 0); + + idx = find_connection(message_client[msg_handle]); + assert(idx >= 0); + + len = msgrcv(connections[idx].client_to_server_q, &msg, sizeof(struct message_text), 0, 0); + len = (len - sizeof(msg.message_text.qid)); + + if (len < 0) { + FATAL("Internal error: failed to dispatch read request to the client"); + } + + if (len > (num_bytes - sofar)) { + if ((num_bytes - sofar) > 0) { + memcpy(buffer+sofar, msg.message_text.buf, (num_bytes - sofar)); + } + } else { + memcpy(buffer + sofar, msg.message_text.buf, len); + } + + INFO("Printing what i got so far: %s", msg.message_text.buf); + + sofar = sofar + len; + } + + /* Update the seek count */ + skip(msg_handle, invec_idx, num_bytes); + INFO("Finished psa_read"); + return sofar; +} + +void psa_write(psa_handle_t msg_handle, uint32_t outvec_idx, + const void *buffer, size_t num_bytes) +{ + + size_t sofar = 0; + struct message msg = { 0 }; + int idx; + ssize_t len; + + is_valid_msg_handle(msg_handle); + is_call_msg(msg_handle); + + if (outvec_idx >= PSA_MAX_IOVEC) { + ERROR("Invalid iovec number"); + } + + if (num_bytes > messages[msg_handle].out_size[outvec_idx]) { + ERROR("Program tried to write too much data %lu/%lu", num_bytes, + messages[msg_handle].out_size[outvec_idx]); + } + + while (sofar < num_bytes) { + size_t sending = (num_bytes - sofar); + if (sending >= MAX_FRAGMENT_SIZE) { + sending = MAX_FRAGMENT_SIZE - (sizeof(size_t) * 2); + } + + INFO("Server: sending %lu bytes to client", sending); + + send_msg(msg_handle, WRITE_REQUEST, outvec_idx, sending, buffer, sending); + + idx = find_connection(message_client[msg_handle]); + assert(idx >= 0); + + len = msgrcv(connections[idx].client_to_server_q, &msg, sizeof(struct message_text), 0, 0); + if (len < 1) { + FATAL("Client didn't give me a full response"); + } + sofar = sofar + len; + } + + /* Update the seek count */ + messages[msg_handle].out_size[outvec_idx] -= num_bytes; +} + +size_t psa_skip(psa_handle_t msg_handle, uint32_t invec_idx, size_t num_bytes) +{ + + is_valid_msg_handle(msg_handle); + is_call_msg(msg_handle); + + size_t ret = skip(msg_handle, invec_idx, num_bytes); + + /* notify client to skip */ + send_msg(msg_handle, SKIP_REQUEST, invec_idx, num_bytes, NULL, 0); + return ret; +} + +static void destroy_temporary_queue(int myqid) +{ + + if (msgctl(myqid, IPC_RMID, NULL) != 0) { + INFO("ERROR: Failed to delete msg queue %d", myqid); + } +} + +static int make_temporary_queue() +{ + int myqid; + if ((myqid = msgget(IPC_PRIVATE, 0660)) == -1) { + INFO("msgget: myqid"); + return -1; + } + return myqid; +} + +/** + * Assumes msg_handle is the index into the message array + */ +void psa_reply(psa_handle_t msg_handle, psa_status_t status) +{ + int idx, q; + is_valid_msg_handle(msg_handle); + + if (pending_message[msg_handle] != 1) { + ERROR("Not a valid message handle"); + } + + if (messages[msg_handle].type == PSA_IPC_CONNECT) { + switch (status) { + case PSA_SUCCESS: + idx = find_connection(message_client[msg_handle]); + q = make_temporary_queue(); + if (q > 0 && idx >= 0) { + connections[idx].client_to_server_q = q; + status = q; + } else { + FATAL("What happened?"); + } + break; + case PSA_ERROR_CONNECTION_REFUSED: + destroy_connection(message_client[msg_handle]); + break; + case PSA_ERROR_CONNECTION_BUSY: + destroy_connection(message_client[msg_handle]); + break; + case PSA_ERROR_PROGRAMMER_ERROR: + destroy_connection(message_client[msg_handle]); + break; + default: + ERROR("Not a valid reply %d", status); + } + } else if (messages[msg_handle].type == PSA_IPC_DISCONNECT) { + idx = find_connection(message_client[msg_handle]); + if (idx >= 0) { + destroy_temporary_queue(connections[idx].client_to_server_q); + } + destroy_connection(message_client[msg_handle]); + } + + send_msg(msg_handle, PSA_REPLY, status, 0, NULL, 0); + + pending_message[msg_handle] = 0; + message_client[msg_handle] = 0; +} + +/* TODO: make sure you only clear interrupt signals, and not others */ +void psa_eoi(psa_signal_t signal) +{ + int index = signal_to_index(signal); + if (index >= 0 && (rot_svc_incoming_queue[index] >= 0)) { + clear_signal(signal); + } else { + ERROR("Tried to EOI a signal that isn't an interrupt"); + } +} + +void psa_notify(int32_t partition_id) +{ + char pathname[PATHNAMESIZE] = { 0 }; + + if (partition_id < 0) { + ERROR("Not a valid secure partition"); + } + + snprintf(pathname, PATHNAMESIZE, "/tmp/psa_notify_%u", partition_id); + INFO("psa_notify: notifying partition %u using %s", + partition_id, pathname); + INFO("psa_notify is unimplemented"); +} + +void psa_clear(void) +{ + clear_signal(PSA_DOORBELL); +} + +void __init_psasim(const char **array, + int size, + const int allow_ns_clients_array[32], + const uint32_t versions[32], + const int strict_policy_array[32]) +{ + + static uint8_t library_initialised = 0; + key_t key; + int qid; + FILE *fp; + char doorbell_path[PATHNAMESIZE] = { 0 }; + char queue_path[PATHNAMESIZE]; + snprintf(doorbell_path, PATHNAMESIZE, TMP_FILE_BASE_PATH "psa_notify_%u", getpid()); + + if (library_initialised > 0) { + return; + } else { + library_initialised = 1; + } + + if (size != 32) { + FATAL("Unsupported value. Aborting."); + } + + array[3] = doorbell_path; + + for (int i = 0; i < 32; i++) { + if (strncmp(array[i], "", 1) != 0) { + INFO("Setting up %s", array[i]); + memset(queue_path, 0, sizeof(queue_path)); + sprintf(queue_path, "%s%s", TMP_FILE_BASE_PATH, array[i]); + + /* Create file if doesn't exist */ + fp = fopen(queue_path, "ab+"); + if (fp) { + fclose(fp); + } + + if ((key = ftok(queue_path, PROJECT_ID)) == -1) { + FATAL("Error finding message queue during initialisation"); + } + + /* TODO: Investigate. Permissions are likely to be too relaxed */ + if ((qid = msgget(key, IPC_CREAT | 0660)) == -1) { + FATAL("Error opening message queue during initialisation"); + } else { + rot_svc_incoming_queue[i] = qid; + } + } + } + + memcpy(nsacl, allow_ns_clients_array, sizeof(int) * 32); + memcpy(strict_policy, strict_policy_array, sizeof(int) * 32); + memcpy(rot_svc_versions, versions, sizeof(uint32_t) * 32); + memset(&connections, 0, sizeof(struct connection) * MAX_CLIENTS); + + __psa_ff_client_security_state = 0; /* Set the client status to SECURE */ +} diff --git a/tests/psa-client-server/psasim/test/Makefile b/tests/psa-client-server/psasim/test/Makefile new file mode 100644 index 0000000000..34b86b616c --- /dev/null +++ b/tests/psa-client-server/psasim/test/Makefile @@ -0,0 +1,29 @@ +INCLUDE := -I../include/ -I./psa_manifest +LIB := -L../src -lpsaff + +TEST_BIN = psa_client \ + psa_partition + +GENERATED_H_FILES = psa_manifest/manifest.h \ + psa_manifest/pid.h \ + psa_manifest/sid.h + +PARTITION_SERVER_BOOTSTRAP = psa_ff_bootstrap_TEST_PARTITION.c + +.PHONY: all clean + +all: $(TEST_BIN) + +psa_client: client.c $(GENERATED_H_FILES) + $(CC) $(INCLUDE) $(CFLAGS) $< $(LIB) -o $@ + +psa_partition: $(PARTITION_SERVER_BOOTSTRAP) $(GENERATED_H_FILES) + $(CC) $(INCLUDE) $(CFLAGS) $< $(LIB) -o $@ + +$(PARTITION_SERVER_BOOTSTRAP) $(GENERATED_H_FILES): manifest.json server.c + ../tools/psa_autogen.py $< + +clean: + rm -f $(TEST_BIN) psa_ff_bootstrap_*.c + rm -f psa_notify_* psa_service_* + rm -f psa_manifest/* diff --git a/tests/psa-client-server/psasim/test/client.c b/tests/psa-client-server/psasim/test/client.c new file mode 100644 index 0000000000..5bde82fa22 --- /dev/null +++ b/tests/psa-client-server/psasim/test/client.c @@ -0,0 +1,48 @@ +/* psasim test client */ + +/* + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + */ + +#include +#include +#include "psa_manifest/sid.h" +#include +#include + +#define CLIENT_PRINT(fmt, ...) \ + PRINT("Client: " fmt, ##__VA_ARGS__) + +int main() +{ + const char *text = "FOOBARCOOL!!"; + char output[100] = { 0 }; + CLIENT_PRINT("My PID: %d", getpid()); + + CLIENT_PRINT("PSA version: %u", psa_version(PSA_SID_SHA256_SID)); + psa_handle_t h = psa_connect(PSA_SID_SHA256_SID, 1); + + if (h < 0) { + CLIENT_PRINT("Couldn't connect %d", h); + return 1; + } else { + int type = 2; + CLIENT_PRINT("psa_call() w/o invec returned: %d", psa_call(h, type, NULL, 0, NULL, 0)); + psa_invec invecs[1]; + psa_outvec outvecs[1]; + invecs[0].base = text; + invecs[0].len = sizeof(text); + outvecs[0].base = output; + outvecs[0].len = sizeof(output); + + CLIENT_PRINT("invec len: %lu", invecs[0].len); + CLIENT_PRINT("psa_call() w/ invec returned: %d", psa_call(h, type, invecs, 1, outvecs, 1)); + CLIENT_PRINT("Received payload len: %ld", outvecs[0].len); + CLIENT_PRINT("Received payload content: %s", output); + CLIENT_PRINT("Closing handle"); + psa_close(h); + } + + return 0; +} diff --git a/tests/psa-client-server/psasim/test/manifest.json b/tests/psa-client-server/psasim/test/manifest.json new file mode 100644 index 0000000000..0ab83ef907 --- /dev/null +++ b/tests/psa-client-server/psasim/test/manifest.json @@ -0,0 +1,29 @@ +{ + "psa_framework_version":1.0, + "name":"TEST_PARTITION", + "type":"PSA-ROT", + "priority":"LOW", + "entry_point":"psa_sha256_main", + "stack_size":"0x400", + "heap_size":"0x100", + "services":[ + { + "name":"PSA_SID_SHA256", + "sid":"0x0000F000", + "signal":"PSA_SHA256", + "non_secure_clients": "true", + "minor_version":1, + "minor_policy":"STRICT" + } + ], + "irqs": [ + { + "source": "SIGINT", + "signal": "SIGINT_SIG" + }, + { + "source": "SIGTSTP", + "signal": "SIGSTP_SIG" + } + ] +} diff --git a/tests/psa-client-server/psasim/test/run_test.sh b/tests/psa-client-server/psasim/test/run_test.sh new file mode 100755 index 0000000000..f0e7a62f1a --- /dev/null +++ b/tests/psa-client-server/psasim/test/run_test.sh @@ -0,0 +1,34 @@ +#!/bin/bash + +# This is a simple bash script that tests psa_client/psa_server interaction. +# This script is automatically executed when "make run" is launched by the +# "psasim" root folder. The script can also be launched manually once +# binary files are built (i.e. after "make test" is executed from the "psasim" +# root folder). +# +# Copyright The Mbed TLS Contributors +# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + +set -e + +function clean_run() { + pkill psa_partition || true + pkill psa_client || true + ipcs | grep q | awk '{ printf " -q " $$2 }' | xargs ipcrm > /dev/null 2>&1 || true +} + +# The server creates some local files when it starts up so we can wait for this +# event as signal that the server is ready so that we can start client(s). +function wait_for_server_startup() { + while [ ! -f ./psa_notify_* ]; do + sleep 0.1 + done +} + +clean_run + +./psa_partition -k & +SERV_PID=$! +wait_for_server_startup +./psa_client +wait $SERV_PID diff --git a/tests/psa-client-server/psasim/test/server.c b/tests/psa-client-server/psasim/test/server.c new file mode 100644 index 0000000000..c4b6d9c9a2 --- /dev/null +++ b/tests/psa-client-server/psasim/test/server.c @@ -0,0 +1,119 @@ +/* psasim test server */ + +/* + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + */ + +#include +#include + +#include "psa/service.h" +#include "psa/error.h" +#include "psa/util.h" +#include "psa_manifest/manifest.h" + +#define SERVER_PRINT(fmt, ...) \ + PRINT("Server: " fmt, ##__VA_ARGS__) + +#define BUF_SIZE 25 + +static int kill_on_disconnect = 0; /* Kill the server on client disconnection. */ + +void parse_input_args(int argc, char *argv[]) +{ + int opt; + + while ((opt = getopt(argc, argv, "k")) != -1) { + switch (opt) { + case 'k': + kill_on_disconnect = 1; + break; + default: + fprintf(stderr, "Usage: %s [-k]\n", argv[0]); + exit(EXIT_FAILURE); + } + } +} + +int psa_sha256_main(int argc, char *argv[]) +{ + psa_status_t ret = PSA_ERROR_PROGRAMMER_ERROR; + psa_msg_t msg = { -1 }; + char foo[BUF_SIZE] = { 0 }; + const int magic_num = 66; + int client_disconnected = 0; + + parse_input_args(argc, argv); + SERVER_PRINT("Starting"); + + while (!(kill_on_disconnect && client_disconnected)) { + psa_signal_t signals = psa_wait(PSA_WAIT_ANY, PSA_BLOCK); + + if (signals > 0) { + SERVER_PRINT("Signals: 0x%08x", signals); + } + + if (signals & PSA_SHA256_SIGNAL) { + if (PSA_SUCCESS == psa_get(PSA_SHA256_SIGNAL, &msg)) { + SERVER_PRINT("My handle is %d", msg.handle); + SERVER_PRINT("My rhandle is %p", (int *) msg.rhandle); + switch (msg.type) { + case PSA_IPC_CONNECT: + SERVER_PRINT("Got a connection message"); + psa_set_rhandle(msg.handle, (void *) &magic_num); + ret = PSA_SUCCESS; + break; + case PSA_IPC_DISCONNECT: + SERVER_PRINT("Got a disconnection message"); + ret = PSA_SUCCESS; + client_disconnected = 1; + break; + + default: + SERVER_PRINT("Got an IPC call of type %d", msg.type); + ret = 42; + size_t size = msg.in_size[0]; + + if ((size > 0) && (size <= sizeof(foo))) { + psa_read(msg.handle, 0, foo, 6); + foo[(BUF_SIZE-1)] = '\0'; + SERVER_PRINT("Reading payload: %s", foo); + psa_read(msg.handle, 0, foo+6, 6); + foo[(BUF_SIZE-1)] = '\0'; + SERVER_PRINT("Reading payload: %s", foo); + } + + size = msg.out_size[0]; + if ((size > 0)) { + SERVER_PRINT("Writing response"); + psa_write(msg.handle, 0, "RESP", 4); + psa_write(msg.handle, 0, "ONSE", 4); + } + + if (msg.client_id > 0) { + psa_notify(msg.client_id); + } else { + SERVER_PRINT("Client is non-secure, so won't notify"); + } + + } + + psa_reply(msg.handle, ret); + } else { + SERVER_PRINT("Failed to retrieve message"); + } + } else if (SIGSTP_SIG & signals) { + SERVER_PRINT("Recieved SIGSTP signal. Gonna EOI it."); + psa_eoi(SIGSTP_SIG); + } else if (SIGINT_SIG & signals) { + SERVER_PRINT("Handling interrupt!"); + SERVER_PRINT("Gracefully quitting"); + psa_panic(); + } else { + SERVER_PRINT("No signal asserted"); + } + } + + return 0; +} diff --git a/tests/psa-client-server/psasim/tools/psa_autogen.py b/tests/psa-client-server/psasim/tools/psa_autogen.py new file mode 100755 index 0000000000..53b1fea746 --- /dev/null +++ b/tests/psa-client-server/psasim/tools/psa_autogen.py @@ -0,0 +1,165 @@ +#!/usr/bin/env python3 +"""This hacky script generates a partition from a manifest file""" + +# Copyright The Mbed TLS Contributors +# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + +import json +import os +import sys +from os import listdir + +if len(sys.argv) != 2: + print("Usage: psa_autogen ") + sys.exit(1) + +FILENAME = str(sys.argv[1]) + + +with open(str(FILENAME), "r") as read_file: + data = json.load(read_file) + FILENAME = os.path.basename(FILENAME) + FILENAME = FILENAME.split('.')[0] + print("Base filename is " + str(FILENAME)) + + if str(data['psa_framework_version'] == "1.0"): + entry_point = str(data['entry_point']) + partition_name = str(data['name']) + services = data['services'] + try: + irqs = data['irqs'] + except KeyError: + irqs = [] + + try: + os.mkdir("psa_manifest") + print("Generating psa_manifest directory") + except OSError: + print ("PSA manifest directory already exists") + + man = open(str("psa_manifest/" + FILENAME + ".h"), "w") + pids = open("psa_manifest/pid.h", "a") + sids = open("psa_manifest/sid.h", "a") + + if len(services) > 28: + print ("Unsupported number of services") + + count = 4 # For creating SID array + nsacl = "const int ns_allowed[32] = { " + policy = "const int strict_policy[32] = { " + qcode = "const char *psa_queues[] = { " + versions = "const uint32_t versions[32] = { " + queue_path = "psa_service_" + start = False + + for x in range(0, count): + qcode = qcode + "\"\", " + nsacl = nsacl + "0, " + policy = policy + "0, " + versions = versions + "0, " + + # Go through all the services to make sid.h and pid.h + for svc in services: + man.write("#define {}_SIGNAL 0x{:08x}\n".format(svc['signal'], 2**count)) + sids.write("#define {}_SID {}\n".format(svc['name'], svc['sid'])) + qcode = qcode + "\"" + queue_path + str(int(svc['sid'], 16)) + "\"," + ns_clients = svc['non_secure_clients'] + print(str(svc)) + if ns_clients == "true": + nsacl = nsacl + "1, " + else: + nsacl = nsacl + "0, " + try: + versions = versions + str(svc['minor_version']) + ", " + except KeyError: + versions = versions + "1, " + + strict = 0 + try: + if str(svc['minor_policy']).lower() == "strict": + strict = 1 + policy = policy + "1, " + else: + policy = policy + "0, " + except KeyError: + strict = 0 + policy = policy + "0, " + + count = count+1 + + sigcode = "" + handlercode = "void __sig_handler(int signo) {\n" + irqcount = count + for irq in irqs: + man.write("#define {} 0x{:08x}\n".format(irq['signal'], 2**irqcount)) + sigcode = sigcode + " signal({}, __sig_handler);\n".format(irq['source']) + handlercode = handlercode + \ + " if (signo == {}) {{ raise_signal(0x{:08x}); }};\n".format(irq['source'], 2**irqcount) + irqcount = irqcount+1 + + handlercode = handlercode + "}\n" + + while (count < 32): + qcode = qcode + "\"\", " + nsacl = nsacl + "0, " + versions = versions + "0, " + policy = policy + "0, " + count = count + 1 + + qcode = qcode + "};\n" + nsacl = nsacl + "};\n" + versions = versions + "};\n" + policy = policy + "};\n" + + pids.close() + sids.close() + man.close() + + symbols = [] + # Go through all the files in the current directory and look for the entrypoint + + for root, directories, filenames in os.walk('.'): + for filename in filenames: + + if "psa_ff_bootstrap" in filename or filename == "psa_manifest": + continue + + try: + fullpath = os.path.join(root,filename) + with open(fullpath, encoding='utf-8') as currentFile: + text = currentFile.read() + if str(entry_point + "(") in text: + symbols.append(fullpath) + except IOError: + print("Couldn't open " + filename) + + except UnicodeDecodeError: + pass + + print(str("Number of entrypoints detected: " + str(len(symbols)))) + if len(symbols) < 1: + print("Couldn't find function " + entry_point) + sys.exit(1) + elif len(symbols) > 1: + print("Duplicate entrypoint symbol detected: " + str(symbols)) + sys.exit(2) + else: + bs = open(str("psa_ff_bootstrap_" + str(partition_name) + ".c"), "w") + bs.write("#include \n") + bs.write("#include \"" + symbols[0] + "\"\n") + bs.write("#include \n\n") + bs.write(qcode) + bs.write(nsacl) + bs.write(policy) + bs.write(versions) + bs.write("\n") + bs.write(handlercode) + bs.write("\n") + bs.write("int main(int argc, char *argv[]) {\n") + bs.write(" (void) argc;\n") + bs.write(sigcode) + bs.write(" __init_psasim(psa_queues, 32, ns_allowed, versions, strict_policy);\n") + bs.write(" " + entry_point + "(argc, argv);\n}\n") + bs.close() + + print("Success") From dc64163ad47174fb548fedad187bd1175c873ae9 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Fri, 3 May 2024 18:22:01 +0200 Subject: [PATCH 186/429] generate_test_keys: sort keys before processing them Without this fix keys could be listed differently on Ubuntu 16 between different runs therefore causing check_generated_files() to fail. Signed-off-by: Valerio Setti --- tests/scripts/generate_test_keys.py | 1 + 1 file changed, 1 insertion(+) diff --git a/tests/scripts/generate_test_keys.py b/tests/scripts/generate_test_keys.py index dbb11e3836..65e427983a 100755 --- a/tests/scripts/generate_test_keys.py +++ b/tests/scripts/generate_test_keys.py @@ -112,6 +112,7 @@ def main() -> None: # (key type, key bits) pair. We know that ASYMMETRIC_KEY_DATA # contains also the public counterpart. priv_keys = [key for key in ASYMMETRIC_KEY_DATA if '_KEY_PAIR' in key] + priv_keys = sorted(priv_keys) for priv_key in priv_keys: key_type = get_key_type(priv_key) From d9e425127847b97b43214ea567456ee593c9e88e Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Mon, 6 May 2024 15:59:51 +0200 Subject: [PATCH 187/429] all.sh: add test component to build and test psasim Signed-off-by: Valerio Setti --- tests/scripts/all.sh | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 28009d56a8..5343337b43 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -6165,6 +6165,16 @@ component_check_test_helpers () { python3 -m unittest tests/scripts/translate_ciphers.py 2>&1 } +component_test_psasim() { + msg "build psasim" + make -C tests/psa-client-server/psasim + + msg "test psasim" + make -C tests/psa-client-server/psasim run + + msg "clean psasim" + make -C tests/psa-client-server/psasim clean +} ################################################################ #### Termination From cc403cb6ec2a8ad4aa8ef02efa753d1d643e0df4 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Mon, 6 May 2024 12:39:26 +0200 Subject: [PATCH 188/429] generate_test_keys: move output file writing to a separate function This helps removing the previous pylint exception. Also use "with" statement for opening the file in order to ensure that all the content is flushed to the file before exiting. Signed-off-by: Valerio Setti --- tests/scripts/generate_test_keys.py | 55 ++++++++++++++++------------- 1 file changed, 30 insertions(+), 25 deletions(-) diff --git a/tests/scripts/generate_test_keys.py b/tests/scripts/generate_test_keys.py index 65e427983a..335e84890b 100755 --- a/tests/scripts/generate_test_keys.py +++ b/tests/scripts/generate_test_keys.py @@ -6,7 +6,7 @@ """Module generating EC and RSA keys to be used in test_suite_pk instead of generating the required key at run time. This helps speeding up testing.""" -from typing import Iterator +from typing import Iterator, List import re import argparse import scripts_path # pylint: disable=unused-import @@ -89,8 +89,33 @@ def get_look_up_table_entry(key_type: str, group_id_or_keybits: str, yield " {0}, sizeof({0}),\n".format(priv_array_name) yield " {0}, sizeof({0}) }},".format(pub_array_name) + +def write_output_file(output_file_name: str, arrays: List[str], look_up_table: List[str]): + with open(output_file_name, 'wt') as output: + output.write(""" +/********************************************************************************* + * This file was automatically generated from tests/scripts/generate_test_keys.py. + * Please do not edit it manually. + *********************************************************************************/ +""") + output.write(''.join(arrays)) + output.write(""" +struct predefined_key_element {{ + int group_id; // EC group ID; 0 for RSA keys + int keybits; // bits size of RSA key; 0 for EC keys + const unsigned char *priv_key; + size_t priv_key_len; + const unsigned char *pub_key; + size_t pub_key_len; +}}; + +struct predefined_key_element predefined_keys[] = {{ +{} +}}; +""".format("\n".join(look_up_table))) + + def main() -> None: - #pylint: disable=too-many-locals default_output_path = guess_project_root() + "/tests/src/test_keys.h" argparser = argparse.ArgumentParser() @@ -98,14 +123,8 @@ def main() -> None: args = argparser.parse_args() output_file = args.output - output_file = open(output_file, 'wt') - output_file.write( - "/*********************************************************************************\n" + - " * This file was automatically generated from tests/scripts/generate_test_keys.py.\n" + - " * Please do not edit it manually.\n" + - " *********************************************************************************/\n" - ) + arrays = [] look_up_table = [] # Get a list of private keys only in order to get a single item for every @@ -139,7 +158,7 @@ def main() -> None: c_array_priv = convert_der_to_c(array_name_priv, ASYMMETRIC_KEY_DATA[priv_key][bits]) c_array_pub = convert_der_to_c(array_name_pub, ASYMMETRIC_KEY_DATA[pub_key][bits]) # Write the C array to the output file - output_file.write(''.join(["\n", c_array_priv, "\n", c_array_pub, "\n"])) + arrays.append(''.join(["\n", c_array_priv, "\n", c_array_pub, "\n"])) # Update the lookup table if key_type == "ec": group_id_or_keybits = "MBEDTLS_ECP_DP_" + curve.upper() @@ -147,22 +166,8 @@ def main() -> None: group_id_or_keybits = str(bits) look_up_table.append(''.join(get_look_up_table_entry(key_type, group_id_or_keybits, array_name_priv, array_name_pub))) - # Write the lookup table: the struct containing pointers to all the arrays we created above. - output_file.write(""" -struct predefined_key_element { - int group_id; // EC group ID; 0 for RSA keys - int keybits; // bits size of RSA key; 0 for EC keys - const unsigned char *priv_key; - size_t priv_key_len; - const unsigned char *pub_key; - size_t pub_key_len; -}; -struct predefined_key_element predefined_keys[] = { -""") - output_file.write("\n".join(look_up_table)) - output_file.write("\n};\n") - output_file.flush() + write_output_file(output_file, arrays, look_up_table) if __name__ == '__main__': main() From 3fcaf6cc8a5b92dd570117d8e83e3b196be80d03 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Mon, 6 May 2024 14:37:25 +0200 Subject: [PATCH 189/429] generate_test_[keys/cert_macros]: minor fixes - remove new line at beginning of test_keys.h - add footer at the end of both generated files Signed-off-by: Valerio Setti --- tests/data_files/test_certs.h.jinja2 | 1 + tests/scripts/generate_test_cert_macros.py | 3 ++- tests/scripts/generate_test_keys.py | 4 +++- 3 files changed, 6 insertions(+), 2 deletions(-) diff --git a/tests/data_files/test_certs.h.jinja2 b/tests/data_files/test_certs.h.jinja2 index 4a64b3a796..f2657d883f 100644 --- a/tests/data_files/test_certs.h.jinja2 +++ b/tests/data_files/test_certs.h.jinja2 @@ -40,3 +40,4 @@ {% endif %} {% endfor %} +/* End of generated file */ diff --git a/tests/scripts/generate_test_cert_macros.py b/tests/scripts/generate_test_cert_macros.py index 1472370ffa..07c5b7de2d 100755 --- a/tests/scripts/generate_test_cert_macros.py +++ b/tests/scripts/generate_test_cert_macros.py @@ -72,7 +72,8 @@ def generate(values=[], output=None): """ template_loader = jinja2.FileSystemLoader(DATA_FILES_PATH) template_env = jinja2.Environment( - loader=template_loader, lstrip_blocks=True, trim_blocks=True) + loader=template_loader, lstrip_blocks=True, trim_blocks=True, + keep_trailing_newline=True) def read_as_c_array(filename): with open(filename, 'rb') as f: diff --git a/tests/scripts/generate_test_keys.py b/tests/scripts/generate_test_keys.py index 335e84890b..177850e0c7 100755 --- a/tests/scripts/generate_test_keys.py +++ b/tests/scripts/generate_test_keys.py @@ -92,7 +92,7 @@ def get_look_up_table_entry(key_type: str, group_id_or_keybits: str, def write_output_file(output_file_name: str, arrays: List[str], look_up_table: List[str]): with open(output_file_name, 'wt') as output: - output.write(""" + output.write("""\ /********************************************************************************* * This file was automatically generated from tests/scripts/generate_test_keys.py. * Please do not edit it manually. @@ -112,6 +112,8 @@ struct predefined_key_element {{ struct predefined_key_element predefined_keys[] = {{ {} }}; + +/* End of generated file */ """.format("\n".join(look_up_table))) From aabdca695004ea35e2df14c683b73fcb61df6373 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Tue, 7 May 2024 10:37:54 +0200 Subject: [PATCH 190/429] check-generated-files: move check for generate_test_cert_macros.py This test should only be performed when in MbedTLS repo and not in tf-psa-crypto one. Signed-off-by: Valerio Setti --- tests/scripts/check-generated-files.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/scripts/check-generated-files.sh b/tests/scripts/check-generated-files.sh index 92ed1739d6..049721bf1d 100755 --- a/tests/scripts/check-generated-files.sh +++ b/tests/scripts/check-generated-files.sh @@ -132,7 +132,6 @@ check tests/scripts/generate_bignum_tests.py $(tests/scripts/generate_bignum_tes check tests/scripts/generate_ecp_tests.py $(tests/scripts/generate_ecp_tests.py --list) check tests/scripts/generate_psa_tests.py $(tests/scripts/generate_psa_tests.py --list) check tests/scripts/generate_test_keys.py tests/src/test_keys.h -check tests/scripts/generate_test_cert_macros.py tests/src/test_certs.h check scripts/generate_driver_wrappers.py $library_dir/psa_crypto_driver_wrappers.h $library_dir/psa_crypto_driver_wrappers_no_static.c # Additional checks for Mbed TLS only @@ -141,6 +140,7 @@ if in_mbedtls_repo; then check scripts/generate_query_config.pl programs/test/query_config.c check scripts/generate_features.pl library/version_features.c check scripts/generate_ssl_debug_helpers.py library/ssl_debug_helpers_generated.c + check tests/scripts/generate_test_cert_macros.py tests/src/test_certs.h # generate_visualc_files enumerates source files (library/*.c). It doesn't # care about their content, but the files must exist. So it must run after # the step that creates or updates these files. From a8ccddce684a44e7607b7f2aad73108777d4c7ce Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Tue, 7 May 2024 12:10:54 +0200 Subject: [PATCH 191/429] generate_test_keys: move code for arrays and LUT generation to a separate function Signed-off-by: Valerio Setti --- tests/scripts/generate_test_keys.py | 38 ++++++++++++++++++----------- 1 file changed, 24 insertions(+), 14 deletions(-) diff --git a/tests/scripts/generate_test_keys.py b/tests/scripts/generate_test_keys.py index 177850e0c7..62b756031f 100755 --- a/tests/scripts/generate_test_keys.py +++ b/tests/scripts/generate_test_keys.py @@ -6,7 +6,7 @@ """Module generating EC and RSA keys to be used in test_suite_pk instead of generating the required key at run time. This helps speeding up testing.""" -from typing import Iterator, List +from typing import Iterator, List, Tuple import re import argparse import scripts_path # pylint: disable=unused-import @@ -90,7 +90,7 @@ def get_look_up_table_entry(key_type: str, group_id_or_keybits: str, yield " {0}, sizeof({0}) }},".format(pub_array_name) -def write_output_file(output_file_name: str, arrays: List[str], look_up_table: List[str]): +def write_output_file(output_file_name: str, arrays: str, look_up_table: str): with open(output_file_name, 'wt') as output: output.write("""\ /********************************************************************************* @@ -98,7 +98,7 @@ def write_output_file(output_file_name: str, arrays: List[str], look_up_table: L * Please do not edit it manually. *********************************************************************************/ """) - output.write(''.join(arrays)) + output.write(arrays) output.write(""" struct predefined_key_element {{ int group_id; // EC group ID; 0 for RSA keys @@ -114,18 +114,15 @@ struct predefined_key_element predefined_keys[] = {{ }}; /* End of generated file */ -""".format("\n".join(look_up_table))) - - -def main() -> None: - default_output_path = guess_project_root() + "/tests/src/test_keys.h" - - argparser = argparse.ArgumentParser() - argparser.add_argument("--output", help="Output file", default=default_output_path) - args = argparser.parse_args() - - output_file = args.output +""".format(look_up_table)) +def collect_keys() -> Tuple[str, str]: + """" + This function reads key data from ASYMMETRIC_KEY_DATA and, only for the + keys supported in legacy ECP/RSA modules, it returns 2 strings: + - the 1st contains C arrays declaration of these keys and + - the 2nd contains the final look-up table for all these arrays. + """ arrays = [] look_up_table = [] @@ -169,6 +166,19 @@ def main() -> None: look_up_table.append(''.join(get_look_up_table_entry(key_type, group_id_or_keybits, array_name_priv, array_name_pub))) + return ''.join(arrays), '\n'.join(look_up_table) + +def main() -> None: + default_output_path = guess_project_root() + "/tests/src/test_keys.h" + + argparser = argparse.ArgumentParser() + argparser.add_argument("--output", help="Output file", default=default_output_path) + args = argparser.parse_args() + + output_file = args.output + + arrays, look_up_table = collect_keys() + write_output_file(output_file, arrays, look_up_table) if __name__ == '__main__': From d1b6ef1959e8cdcdf734851e7afa56688889af23 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Tue, 7 May 2024 16:00:21 +0200 Subject: [PATCH 192/429] crypto-client test: add mechanism to build crypto library for client and server It includes changes to: - tests/Makefile: build the library for client and server in different folders. It mimica the libtestdriver1 behavior (without functions renaming though). - tests/scripts/all.sh: helper function to build for client and server with some default configuration for each of them. - crypto_spe.h: this is dummy file taken from the already existing tests. It's just meant to pacify the compiler, not to provide something useful. It will likely be changed in the future. Signed-off-by: Valerio Setti --- tests/Makefile | 15 ++ .../psasim/include/crypto_spe.h | 131 ++++++++++++++++++ tests/scripts/all.sh | 43 ++++++ 3 files changed, 189 insertions(+) create mode 100644 tests/psa-client-server/psasim/include/crypto_spe.h diff --git a/tests/Makefile b/tests/Makefile index c2a0b84f07..ebe3d4a8df 100644 --- a/tests/Makefile +++ b/tests/Makefile @@ -173,6 +173,7 @@ ifndef WINDOWS rm -f include/test/instrument_record_status.h rm -f include/alt-extra/*/*_alt.h rm -rf libtestdriver1 + rm -rf libpsaclient libpsaserver rm -f ../library/libtestdriver1.a else if exist *.c del /Q /F *.c @@ -246,3 +247,17 @@ include/test/instrument_record_status.h: ../include/psa/crypto.h Makefile echo " Gen $@" sed <../include/psa/crypto.h >$@ -n 's/^psa_status_t \([A-Za-z0-9_]*\)(.*/#define \1(...) RECORD_STATUS("\1", \1(__VA_ARGS__))/p' endif + +libpsaclient libpsaserver: + # Clone the library and include folder for client and server builds. + rm -Rf ./$@ + mkdir ./$@ + cp -Rf ../library ./$@ + cp -Rf ../include ./$@ + cp -Rf ../scripts ./$@ + mkdir ./$@/3rdparty + touch ./$@/3rdparty/Makefile.inc + cp ./psa-client-server/psasim/include/crypto_spe.h ./$@/include/psa/ + + # Build the libraries. + $(MAKE) -C ./$@/library CFLAGS="$(CFLAGS)" LDFLAGS="$(LDFLAGS)" libmbedcrypto.a libmbedx509.a libmbedtls.a diff --git a/tests/psa-client-server/psasim/include/crypto_spe.h b/tests/psa-client-server/psasim/include/crypto_spe.h new file mode 100644 index 0000000000..fdf3a2db5a --- /dev/null +++ b/tests/psa-client-server/psasim/include/crypto_spe.h @@ -0,0 +1,131 @@ +/* + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + * + */ + +/** + * \file crypto_spe.h + * + * \brief When Mbed TLS is built with the MBEDTLS_PSA_CRYPTO_SPM option + * enabled, this header is included by all .c files in Mbed TLS that + * use PSA Crypto function names. This avoids duplication of symbols + * between TF-M and Mbed TLS. + * + * \note This file should be included before including any PSA Crypto headers + * from Mbed TLS. + */ + +#ifndef CRYPTO_SPE_H +#define CRYPTO_SPE_H + +#define PSA_FUNCTION_NAME(x) mbedcrypto__ ## x + +#define psa_crypto_init \ + PSA_FUNCTION_NAME(psa_crypto_init) +#define psa_key_derivation_get_capacity \ + PSA_FUNCTION_NAME(psa_key_derivation_get_capacity) +#define psa_key_derivation_set_capacity \ + PSA_FUNCTION_NAME(psa_key_derivation_set_capacity) +#define psa_key_derivation_input_bytes \ + PSA_FUNCTION_NAME(psa_key_derivation_input_bytes) +#define psa_key_derivation_output_bytes \ + PSA_FUNCTION_NAME(psa_key_derivation_output_bytes) +#define psa_key_derivation_input_key \ + PSA_FUNCTION_NAME(psa_key_derivation_input_key) +#define psa_key_derivation_output_key \ + PSA_FUNCTION_NAME(psa_key_derivation_output_key) +#define psa_key_derivation_setup \ + PSA_FUNCTION_NAME(psa_key_derivation_setup) +#define psa_key_derivation_abort \ + PSA_FUNCTION_NAME(psa_key_derivation_abort) +#define psa_key_derivation_key_agreement \ + PSA_FUNCTION_NAME(psa_key_derivation_key_agreement) +#define psa_raw_key_agreement \ + PSA_FUNCTION_NAME(psa_raw_key_agreement) +#define psa_generate_random \ + PSA_FUNCTION_NAME(psa_generate_random) +#define psa_aead_encrypt \ + PSA_FUNCTION_NAME(psa_aead_encrypt) +#define psa_aead_decrypt \ + PSA_FUNCTION_NAME(psa_aead_decrypt) +#define psa_open_key \ + PSA_FUNCTION_NAME(psa_open_key) +#define psa_close_key \ + PSA_FUNCTION_NAME(psa_close_key) +#define psa_import_key \ + PSA_FUNCTION_NAME(psa_import_key) +#define psa_destroy_key \ + PSA_FUNCTION_NAME(psa_destroy_key) +#define psa_get_key_attributes \ + PSA_FUNCTION_NAME(psa_get_key_attributes) +#define psa_reset_key_attributes \ + PSA_FUNCTION_NAME(psa_reset_key_attributes) +#define psa_export_key \ + PSA_FUNCTION_NAME(psa_export_key) +#define psa_export_public_key \ + PSA_FUNCTION_NAME(psa_export_public_key) +#define psa_purge_key \ + PSA_FUNCTION_NAME(psa_purge_key) +#define psa_copy_key \ + PSA_FUNCTION_NAME(psa_copy_key) +#define psa_cipher_operation_init \ + PSA_FUNCTION_NAME(psa_cipher_operation_init) +#define psa_cipher_generate_iv \ + PSA_FUNCTION_NAME(psa_cipher_generate_iv) +#define psa_cipher_set_iv \ + PSA_FUNCTION_NAME(psa_cipher_set_iv) +#define psa_cipher_encrypt_setup \ + PSA_FUNCTION_NAME(psa_cipher_encrypt_setup) +#define psa_cipher_decrypt_setup \ + PSA_FUNCTION_NAME(psa_cipher_decrypt_setup) +#define psa_cipher_update \ + PSA_FUNCTION_NAME(psa_cipher_update) +#define psa_cipher_finish \ + PSA_FUNCTION_NAME(psa_cipher_finish) +#define psa_cipher_abort \ + PSA_FUNCTION_NAME(psa_cipher_abort) +#define psa_hash_operation_init \ + PSA_FUNCTION_NAME(psa_hash_operation_init) +#define psa_hash_setup \ + PSA_FUNCTION_NAME(psa_hash_setup) +#define psa_hash_update \ + PSA_FUNCTION_NAME(psa_hash_update) +#define psa_hash_finish \ + PSA_FUNCTION_NAME(psa_hash_finish) +#define psa_hash_verify \ + PSA_FUNCTION_NAME(psa_hash_verify) +#define psa_hash_abort \ + PSA_FUNCTION_NAME(psa_hash_abort) +#define psa_hash_clone \ + PSA_FUNCTION_NAME(psa_hash_clone) +#define psa_hash_compute \ + PSA_FUNCTION_NAME(psa_hash_compute) +#define psa_hash_compare \ + PSA_FUNCTION_NAME(psa_hash_compare) +#define psa_mac_operation_init \ + PSA_FUNCTION_NAME(psa_mac_operation_init) +#define psa_mac_sign_setup \ + PSA_FUNCTION_NAME(psa_mac_sign_setup) +#define psa_mac_verify_setup \ + PSA_FUNCTION_NAME(psa_mac_verify_setup) +#define psa_mac_update \ + PSA_FUNCTION_NAME(psa_mac_update) +#define psa_mac_sign_finish \ + PSA_FUNCTION_NAME(psa_mac_sign_finish) +#define psa_mac_verify_finish \ + PSA_FUNCTION_NAME(psa_mac_verify_finish) +#define psa_mac_abort \ + PSA_FUNCTION_NAME(psa_mac_abort) +#define psa_sign_hash \ + PSA_FUNCTION_NAME(psa_sign_hash) +#define psa_verify_hash \ + PSA_FUNCTION_NAME(psa_verify_hash) +#define psa_asymmetric_encrypt \ + PSA_FUNCTION_NAME(psa_asymmetric_encrypt) +#define psa_asymmetric_decrypt \ + PSA_FUNCTION_NAME(psa_asymmetric_decrypt) +#define psa_generate_key \ + PSA_FUNCTION_NAME(psa_generate_key) + +#endif /* CRYPTO_SPE_H */ diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 5343337b43..43db578ae5 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -945,6 +945,39 @@ helper_libtestdriver1_make_main() { make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -I../tests/include -I../tests -I../../tests -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_TEST_LIBTESTDRIVER1 $loc_accel_flags" LDFLAGS="-ltestdriver1 $ASAN_CFLAGS" "$@" } +# $1: target which can be "client" or "server" +helper_crypto_client_build() { + TARGET=$1 + TARGET_LIB=libpsa$TARGET + + cp $CONFIG_H $CONFIG_H.bak + + if [ "$TARGET" == "client" ]; then + scripts/config.py full + scripts/config.py unset MBEDTLS_PSA_CRYPTO_C + scripts/config.py unset MBEDTLS_PSA_CRYPTO_STORAGE_C + # Dynamic secure element support is a deprecated feature and it is not + # available when CRYPTO_C and PSA_CRYPTO_STORAGE_C are disabled. + scripts/config.py unset MBEDTLS_PSA_CRYPTO_SE_C + # Disable potentially problematic features + scripts/config.py unset MBEDTLS_X509_RSASSA_PSS_SUPPORT + scripts/config.py unset MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED + scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED + scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED + scripts/config.py unset MBEDTLS_ECP_RESTARTABLE + else + scripts/config.py crypto_full + scripts/config.py unset MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS + scripts/config.py set MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER + scripts/config.py set MBEDTLS_PSA_CRYPTO_SPM + fi + + make -C tests CC="$ASAN_CC" CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS" $TARGET_LIB + + rm $CONFIG_H + mv $CONFIG_H.bak $CONFIG_H +} + ################################################################ #### Configuration helpers ################################################################ @@ -6166,6 +6199,16 @@ component_check_test_helpers () { } component_test_psasim() { + msg "build library for client" + + helper_crypto_client_build client + + msg "build library for server" + + scripts/config.py crypto + + helper_crypto_client_build server + msg "build psasim" make -C tests/psa-client-server/psasim From 4362aaef7f41146b53f8c19dd4d72f7c1c35cb7c Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Thu, 9 May 2024 09:15:39 +0200 Subject: [PATCH 193/429] crypto-client test: ensure that client/server are linked against proper MbedTLS libraries Ensure that both server and client can call mbedtls_version_get_string_full() to verify that they are linked against proper libraries. Note: each side (client/server) performs the call against its own MbedTLS library. There is no IPC communication involved in this test. Client/server communication will come later. Signed-off-by: Valerio Setti --- tests/psa-client-server/psasim/Makefile | 6 +++--- tests/psa-client-server/psasim/test/Makefile | 19 +++++++++++++++---- tests/psa-client-server/psasim/test/client.c | 12 ++++++++++-- .../psa-client-server/psasim/test/run_test.sh | 4 ++-- tests/psa-client-server/psasim/test/server.c | 6 ++++++ tests/scripts/all.sh | 2 +- 6 files changed, 37 insertions(+), 12 deletions(-) diff --git a/tests/psa-client-server/psasim/Makefile b/tests/psa-client-server/psasim/Makefile index a84483c8f8..50fd0ad11b 100644 --- a/tests/psa-client-server/psasim/Makefile +++ b/tests/psa-client-server/psasim/Makefile @@ -1,4 +1,4 @@ -CFLAGS ?= -Wall -Werror -std=c99 -D_XOPEN_SOURCE=1 -D_POSIX_C_SOURCE=200809L +CFLAGS += -Wall -Werror -std=c99 -D_XOPEN_SOURCE=1 -D_POSIX_C_SOURCE=200809L ifeq ($(DEBUG),1) CFLAGS += -DDEBUG -O0 -g @@ -9,10 +9,10 @@ endif all: lib test lib: - $(MAKE) -C src CFLAGS="$(CFLAGS)" + $(MAKE) -C src CFLAGS="$(CFLAGS)" LDFLAGS="$(LDFLAGS)" test: lib - $(MAKE) -C test CFLAGS="$(CFLAGS)" + $(MAKE) -C test CFLAGS="$(CFLAGS)" LDFLAGS="$(LDFLAGS)" clean: rm -f $(PSA_LIB) $(PSA_LIB_OBJS) diff --git a/tests/psa-client-server/psasim/test/Makefile b/tests/psa-client-server/psasim/test/Makefile index 34b86b616c..5afc8f58a2 100644 --- a/tests/psa-client-server/psasim/test/Makefile +++ b/tests/psa-client-server/psasim/test/Makefile @@ -1,5 +1,16 @@ -INCLUDE := -I../include/ -I./psa_manifest -LIB := -L../src -lpsaff +LIBPSASIM_PATH := .. +LIBPSACLIENT_PATH := ../../../libpsaclient +LIBPSASERVER_PATH := ../../../libpsaserver + +LIBPSASIM := -L$(LIBPSASIM_PATH)/src -lpsaff +LIBPSACLIENT := -L$(LIBPSACLIENT_PATH)/library -lmbedcrypto -lmbedx509 -lmbedtls +LIBPSASERVER := -L$(LIBPSASERVER_PATH)/library -lmbedcrypto + +LIBPSASIM_H := -I$(LIBPSASIM_PATH)/include +LIBPSACLIENT_H := -I$(LIBPSACLIENT_PATH)/include +LIBPSASERVER_H := -I$(LIBPSASERVER_PATH)/include + +COMMON_INCLUDE := $(LIBPSASIM_H) -I./psa_manifest TEST_BIN = psa_client \ psa_partition @@ -15,10 +26,10 @@ PARTITION_SERVER_BOOTSTRAP = psa_ff_bootstrap_TEST_PARTITION.c all: $(TEST_BIN) psa_client: client.c $(GENERATED_H_FILES) - $(CC) $(INCLUDE) $(CFLAGS) $< $(LIB) -o $@ + $(CC) $(COMMON_INCLUDE) $(LIBPSACLIENT_H) $(CFLAGS) $< $(LIBPSASIM) $(LIBPSACLIENT) -o $@ psa_partition: $(PARTITION_SERVER_BOOTSTRAP) $(GENERATED_H_FILES) - $(CC) $(INCLUDE) $(CFLAGS) $< $(LIB) -o $@ + $(CC) $(COMMON_INCLUDE) $(LIBPSASERVER_H) $(CFLAGS) $< $(LIBPSASIM) $(LIBPSASERVER) -o $@ $(PARTITION_SERVER_BOOTSTRAP) $(GENERATED_H_FILES): manifest.json server.c ../tools/psa_autogen.py $< diff --git a/tests/psa-client-server/psasim/test/client.c b/tests/psa-client-server/psasim/test/client.c index 5bde82fa22..3c61120a11 100644 --- a/tests/psa-client-server/psasim/test/client.c +++ b/tests/psa-client-server/psasim/test/client.c @@ -5,19 +5,27 @@ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ +#include +#include + #include #include #include "psa_manifest/sid.h" -#include -#include + +#include "mbedtls/version.h" #define CLIENT_PRINT(fmt, ...) \ PRINT("Client: " fmt, ##__VA_ARGS__) int main() { + char mbedtls_version[18]; const char *text = "FOOBARCOOL!!"; char output[100] = { 0 }; + + mbedtls_version_get_string_full(mbedtls_version); + CLIENT_PRINT("%s", mbedtls_version); + CLIENT_PRINT("My PID: %d", getpid()); CLIENT_PRINT("PSA version: %u", psa_version(PSA_SID_SHA256_SID)); diff --git a/tests/psa-client-server/psasim/test/run_test.sh b/tests/psa-client-server/psasim/test/run_test.sh index f0e7a62f1a..0ffaaea794 100755 --- a/tests/psa-client-server/psasim/test/run_test.sh +++ b/tests/psa-client-server/psasim/test/run_test.sh @@ -27,8 +27,8 @@ function wait_for_server_startup() { clean_run -./psa_partition -k & +./psa_partition -k > psa_partition.log 2>&1 & SERV_PID=$! wait_for_server_startup -./psa_client +./psa_client > psa_client.log 2>&1 wait $SERV_PID diff --git a/tests/psa-client-server/psasim/test/server.c b/tests/psa-client-server/psasim/test/server.c index c4b6d9c9a2..1c873c6c06 100644 --- a/tests/psa-client-server/psasim/test/server.c +++ b/tests/psa-client-server/psasim/test/server.c @@ -13,6 +13,8 @@ #include "psa/util.h" #include "psa_manifest/manifest.h" +#include "mbedtls/version.h" + #define SERVER_PRINT(fmt, ...) \ PRINT("Server: " fmt, ##__VA_ARGS__) @@ -43,6 +45,10 @@ int psa_sha256_main(int argc, char *argv[]) char foo[BUF_SIZE] = { 0 }; const int magic_num = 66; int client_disconnected = 0; + char mbedtls_version[18]; + + mbedtls_version_get_string_full(mbedtls_version); + SERVER_PRINT("%s", mbedtls_version); parse_input_args(argc, argv); SERVER_PRINT("Starting"); diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 43db578ae5..d2805126b0 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -6210,7 +6210,7 @@ component_test_psasim() { helper_crypto_client_build server msg "build psasim" - make -C tests/psa-client-server/psasim + make -C tests/psa-client-server/psasim CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS" msg "test psasim" make -C tests/psa-client-server/psasim run From 67338c050ab840d96dbaceb90d51c9a01d621527 Mon Sep 17 00:00:00 2001 From: Thomas Daubney Date: Thu, 9 May 2024 15:21:14 +0100 Subject: [PATCH 194/429] Restore toggling of MBEDTLS_CIPHER_MODE_CBC Signed-off-by: Thomas Daubney --- tests/scripts/all.sh | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 95053fb194..deb13b71fc 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -1913,6 +1913,9 @@ component_test_tls1_2_default_stream_cipher_only_use_psa () { # Disable CBC. Note: When implemented, PSA_WANT_ALG_CBC_MAC will also need to be unset here to fully disable CBC scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CBC_NO_PADDING scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CBC_PKCS7 + # Disable CBC-legacy (controlled by MBEDTLS_CIPHER_MODE_CBC plus at least one block cipher (AES, ARIA, Camellia, DES)) + # Note: The unset below is to be removed for 4.0 + scripts/config.py unset MBEDTLS_CIPHER_MODE_CBC # Disable CBC-EtM (controlled by the same as CBC-legacy plus MBEDTLS_SSL_ENCRYPT_THEN_MAC) scripts/config.py unset MBEDTLS_SSL_ENCRYPT_THEN_MAC # Enable stream (currently that's just the NULL pseudo-cipher (controlled by MBEDTLS_CIPHER_NULL_CIPHER)) @@ -1973,6 +1976,8 @@ component_test_tls1_2_deafult_cbc_legacy_cipher_only_use_psa () { #Disable TLS 1.3 (as no AEAD) scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3 # Enable CBC-legacy (controlled by MBEDTLS_CIPHER_MODE_CBC plus at least one block cipher (AES, ARIA, Camellia, DES)) + # Note: The set below is to be removed for 4.0 + scripts/config.py set MBEDTLS_CIPHER_MODE_CBC # Note: When implemented, PSA_WANT_ALG_CBC_MAC will also need to be set here to fully enable CBC scripts/config.py -f $CRYPTO_CONFIG_H set PSA_WANT_ALG_CBC_NO_PADDING scripts/config.py -f $CRYPTO_CONFIG_H set PSA_WANT_ALG_CBC_PKCS7 @@ -2037,6 +2042,8 @@ component_test_tls1_2_default_cbc_legacy_cbc_etm_cipher_only_use_psa () { #Disable TLS 1.3 (as no AEAD) scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3 # Enable CBC-legacy (controlled by MBEDTLS_CIPHER_MODE_CBC plus at least one block cipher (AES, ARIA, Camellia, DES)) + # Note: The set below is to be removed for 4.0 + scripts/config.py set MBEDTLS_CIPHER_MODE_CBC # Note: When implemented, PSA_WANT_ALG_CBC_MAC will also need to be set here to fully enable CBC scripts/config.py -f $CRYPTO_CONFIG_H set PSA_WANT_ALG_CBC_NO_PADDING scripts/config.py -f $CRYPTO_CONFIG_H set PSA_WANT_ALG_CBC_PKCS7 From 655b9793c0a5488166245675fd611b297751cde7 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Thu, 9 May 2024 12:20:40 +0200 Subject: [PATCH 195/429] crypto-client test: implement the first IPC call for psa_crypto_init() This commit implements the first useful IPC communication between the client and the server. The implemented command is simple, psa_crypto_init(), and its return value is sent back to the client. Note: the newly added file psa_functions_codes.h is temporary and it's probably the one that needs to be automatically generated by a python script to support all crypto functions. Signed-off-by: Valerio Setti --- .../psasim/include/psa/client.h | 4 +- .../psasim/include/psa/common.h | 1 - .../psasim/include/psa/error.h | 38 ---------------- .../psasim/include/psa/error_ext.h | 19 ++++++++ .../psasim/include/psa/service.h | 2 + tests/psa-client-server/psasim/src/Makefile | 4 +- tests/psa-client-server/psasim/src/client.c | 2 +- tests/psa-client-server/psasim/src/service.c | 2 +- tests/psa-client-server/psasim/test/Makefile | 4 +- tests/psa-client-server/psasim/test/client.c | 34 +++++++-------- .../psasim/test/manifest.json | 4 +- .../psasim/test/psa_functions_codes.h | 9 ++++ .../psa-client-server/psasim/test/run_test.sh | 5 ++- tests/psa-client-server/psasim/test/server.c | 43 ++++++++----------- tests/scripts/all.sh | 2 +- 15 files changed, 80 insertions(+), 93 deletions(-) delete mode 100644 tests/psa-client-server/psasim/include/psa/error.h create mode 100644 tests/psa-client-server/psasim/include/psa/error_ext.h create mode 100644 tests/psa-client-server/psasim/test/psa_functions_codes.h diff --git a/tests/psa-client-server/psasim/include/psa/client.h b/tests/psa-client-server/psasim/include/psa/client.h index d1af993f4f..1044c84bbd 100644 --- a/tests/psa-client-server/psasim/include/psa/client.h +++ b/tests/psa-client-server/psasim/include/psa/client.h @@ -15,7 +15,9 @@ extern "C" { #include #include -#include "psa/error.h" +#include "psa/crypto.h" + +#include "psa/error_ext.h" /*********************** PSA Client Macros and Types *************************/ #define PSA_FRAMEWORK_VERSION (0x0100) diff --git a/tests/psa-client-server/psasim/include/psa/common.h b/tests/psa-client-server/psasim/include/psa/common.h index d0205d291a..ee5b5a3789 100644 --- a/tests/psa-client-server/psasim/include/psa/common.h +++ b/tests/psa-client-server/psasim/include/psa/common.h @@ -27,7 +27,6 @@ #define NON_SECURE (1 << 30) -typedef int32_t psa_status_t; typedef int32_t psa_handle_t; #define PSA_MAX_IOVEC (4u) diff --git a/tests/psa-client-server/psasim/include/psa/error.h b/tests/psa-client-server/psasim/include/psa/error.h deleted file mode 100644 index 44fc0b1cbf..0000000000 --- a/tests/psa-client-server/psasim/include/psa/error.h +++ /dev/null @@ -1,38 +0,0 @@ -/* PSA status codes used by psasim. */ - -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#ifndef PSA_ERROR_H -#define PSA_ERROR_H - -#include - -#include "psa/common.h" - -#define PSA_SUCCESS ((psa_status_t) 0) - -#define PSA_ERROR_PROGRAMMER_ERROR ((psa_status_t) -129) -#define PSA_ERROR_CONNECTION_REFUSED ((psa_status_t) -130) -#define PSA_ERROR_CONNECTION_BUSY ((psa_status_t) -131) -#define PSA_ERROR_GENERIC_ERROR ((psa_status_t) -132) -#define PSA_ERROR_NOT_PERMITTED ((psa_status_t) -133) -#define PSA_ERROR_NOT_SUPPORTED ((psa_status_t) -134) -#define PSA_ERROR_INVALID_ARGUMENT ((psa_status_t) -135) -#define PSA_ERROR_INVALID_HANDLE ((psa_status_t) -136) -#define PSA_ERROR_BAD_STATE ((psa_status_t) -137) -#define PSA_ERROR_BUFFER_TOO_SMALL ((psa_status_t) -138) -#define PSA_ERROR_ALREADY_EXISTS ((psa_status_t) -139) -#define PSA_ERROR_DOES_NOT_EXIST ((psa_status_t) -140) -#define PSA_ERROR_INSUFFICIENT_MEMORY ((psa_status_t) -141) -#define PSA_ERROR_INSUFFICIENT_STORAGE ((psa_status_t) -142) -#define PSA_ERROR_INSUFFICIENT_DATA ((psa_status_t) -143) -#define PSA_ERROR_SERVICE_FAILURE ((psa_status_t) -144) -#define PSA_ERROR_COMMUNICATION_FAILURE ((psa_status_t) -145) -#define PSA_ERROR_STORAGE_FAILURE ((psa_status_t) -146) -#define PSA_ERROR_HARDWARE_FAILURE ((psa_status_t) -147) -#define PSA_ERROR_INVALID_SIGNATURE ((psa_status_t) -149) - -#endif diff --git a/tests/psa-client-server/psasim/include/psa/error_ext.h b/tests/psa-client-server/psasim/include/psa/error_ext.h new file mode 100644 index 0000000000..efbba864fc --- /dev/null +++ b/tests/psa-client-server/psasim/include/psa/error_ext.h @@ -0,0 +1,19 @@ +/* PSA status codes used by psasim. */ + +/* + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + */ + +#ifndef PSA_ERROR_H +#define PSA_ERROR_H + +#include + +#include "psa/common.h" + +#define PSA_ERROR_PROGRAMMER_ERROR ((psa_status_t) -129) +#define PSA_ERROR_CONNECTION_REFUSED ((psa_status_t) -130) +#define PSA_ERROR_CONNECTION_BUSY ((psa_status_t) -131) + +#endif diff --git a/tests/psa-client-server/psasim/include/psa/service.h b/tests/psa-client-server/psasim/include/psa/service.h index c8c00245ae..b6c968427a 100644 --- a/tests/psa-client-server/psasim/include/psa/service.h +++ b/tests/psa-client-server/psasim/include/psa/service.h @@ -17,6 +17,8 @@ extern "C" { #include "psa/common.h" +#include "psa/crypto.h" + /********************** PSA Secure Partition Macros and Types ****************/ /* PSA wait timeouts */ diff --git a/tests/psa-client-server/psasim/src/Makefile b/tests/psa-client-server/psasim/src/Makefile index fc6ba25aab..119971b084 100644 --- a/tests/psa-client-server/psasim/src/Makefile +++ b/tests/psa-client-server/psasim/src/Makefile @@ -1,4 +1,6 @@ -INCLUDE = -I../include/ +# Here I'm picking also libpsaclient/include because I just need it for the +# psa/crypto.h include. libpsaserver would have worked the same. +INCLUDE = -I../include/ -I../../../libpsaclient/include PSA_LIB = libpsaff.a PSA_LIB_OBJS = client.o service.o diff --git a/tests/psa-client-server/psasim/src/client.c b/tests/psa-client-server/psasim/src/client.c index 5a3986e32c..bd1d5d8813 100644 --- a/tests/psa-client-server/psasim/src/client.c +++ b/tests/psa-client-server/psasim/src/client.c @@ -19,7 +19,7 @@ #include "psa/client.h" #include "psa/common.h" -#include "psa/error.h" +#include "psa/error_ext.h" #include "psa/util.h" typedef struct internal_handle { diff --git a/tests/psa-client-server/psasim/src/service.c b/tests/psa-client-server/psasim/src/service.c index b2b6a08f54..69c25a211a 100644 --- a/tests/psa-client-server/psasim/src/service.c +++ b/tests/psa-client-server/psasim/src/service.c @@ -18,7 +18,7 @@ #include "psa/service.h" #include "psasim/init.h" -#include "psa/error.h" +#include "psa/error_ext.h" #include "psa/common.h" #include "psa/util.h" diff --git a/tests/psa-client-server/psasim/test/Makefile b/tests/psa-client-server/psasim/test/Makefile index 5afc8f58a2..41f4bd47fc 100644 --- a/tests/psa-client-server/psasim/test/Makefile +++ b/tests/psa-client-server/psasim/test/Makefile @@ -26,10 +26,10 @@ PARTITION_SERVER_BOOTSTRAP = psa_ff_bootstrap_TEST_PARTITION.c all: $(TEST_BIN) psa_client: client.c $(GENERATED_H_FILES) - $(CC) $(COMMON_INCLUDE) $(LIBPSACLIENT_H) $(CFLAGS) $< $(LIBPSASIM) $(LIBPSACLIENT) -o $@ + $(CC) $(COMMON_INCLUDE) $(LIBPSACLIENT_H) $(CFLAGS) $< $(LIBPSASIM) $(LIBPSACLIENT) $(LDFLAGS) -o $@ psa_partition: $(PARTITION_SERVER_BOOTSTRAP) $(GENERATED_H_FILES) - $(CC) $(COMMON_INCLUDE) $(LIBPSASERVER_H) $(CFLAGS) $< $(LIBPSASIM) $(LIBPSASERVER) -o $@ + $(CC) $(COMMON_INCLUDE) $(LIBPSASERVER_H) $(CFLAGS) $< $(LIBPSASIM) $(LIBPSASERVER) $(LDFLAGS) -o $@ $(PARTITION_SERVER_BOOTSTRAP) $(GENERATED_H_FILES): manifest.json server.c ../tools/psa_autogen.py $< diff --git a/tests/psa-client-server/psasim/test/client.c b/tests/psa-client-server/psasim/test/client.c index 3c61120a11..74e7bcb8d2 100644 --- a/tests/psa-client-server/psasim/test/client.c +++ b/tests/psa-client-server/psasim/test/client.c @@ -8,11 +8,15 @@ #include #include +/* Includes from psasim */ #include #include #include "psa_manifest/sid.h" +#include "psa_functions_codes.h" +/* Includes from mbedtls */ #include "mbedtls/version.h" +#include "psa/crypto.h" #define CLIENT_PRINT(fmt, ...) \ PRINT("Client: " fmt, ##__VA_ARGS__) @@ -20,8 +24,9 @@ int main() { char mbedtls_version[18]; - const char *text = "FOOBARCOOL!!"; - char output[100] = { 0 }; + // psa_invec invecs[1]; + // psa_outvec outvecs[1]; + psa_status_t status; mbedtls_version_get_string_full(mbedtls_version); CLIENT_PRINT("%s", mbedtls_version); @@ -34,23 +39,16 @@ int main() if (h < 0) { CLIENT_PRINT("Couldn't connect %d", h); return 1; - } else { - int type = 2; - CLIENT_PRINT("psa_call() w/o invec returned: %d", psa_call(h, type, NULL, 0, NULL, 0)); - psa_invec invecs[1]; - psa_outvec outvecs[1]; - invecs[0].base = text; - invecs[0].len = sizeof(text); - outvecs[0].base = output; - outvecs[0].len = sizeof(output); - - CLIENT_PRINT("invec len: %lu", invecs[0].len); - CLIENT_PRINT("psa_call() w/ invec returned: %d", psa_call(h, type, invecs, 1, outvecs, 1)); - CLIENT_PRINT("Received payload len: %ld", outvecs[0].len); - CLIENT_PRINT("Received payload content: %s", output); - CLIENT_PRINT("Closing handle"); - psa_close(h); } + status = psa_call(h, PSA_CRYPTO_INIT, NULL, 0, NULL, 0); + CLIENT_PRINT("PSA_CRYPTO_INIT returned: %d", status); + + CLIENT_PRINT("Closing handle"); + psa_close(h); + + if (status != PSA_SUCCESS) { + return 1; + } return 0; } diff --git a/tests/psa-client-server/psasim/test/manifest.json b/tests/psa-client-server/psasim/test/manifest.json index 0ab83ef907..d90c7edbbf 100644 --- a/tests/psa-client-server/psasim/test/manifest.json +++ b/tests/psa-client-server/psasim/test/manifest.json @@ -3,14 +3,14 @@ "name":"TEST_PARTITION", "type":"PSA-ROT", "priority":"LOW", - "entry_point":"psa_sha256_main", + "entry_point":"psa_server_main", "stack_size":"0x400", "heap_size":"0x100", "services":[ { "name":"PSA_SID_SHA256", "sid":"0x0000F000", - "signal":"PSA_SHA256", + "signal":"PSA_CRYPTO", "non_secure_clients": "true", "minor_version":1, "minor_policy":"STRICT" diff --git a/tests/psa-client-server/psasim/test/psa_functions_codes.h b/tests/psa-client-server/psasim/test/psa_functions_codes.h new file mode 100644 index 0000000000..34897b91be --- /dev/null +++ b/tests/psa-client-server/psasim/test/psa_functions_codes.h @@ -0,0 +1,9 @@ +#ifndef _PSA_FUNCTIONS_CODES_H_ +#define _PSA_FUNCTIONS_CODES_H_ + +enum { + PSA_CRYPTO_INIT = 0x00, + /* Add other PSA functions here */ +}; + +#endif /* _PSA_FUNCTIONS_CODES_H_ */ diff --git a/tests/psa-client-server/psasim/test/run_test.sh b/tests/psa-client-server/psasim/test/run_test.sh index 0ffaaea794..6a5605ff5a 100755 --- a/tests/psa-client-server/psasim/test/run_test.sh +++ b/tests/psa-client-server/psasim/test/run_test.sh @@ -11,7 +11,10 @@ set -e +cd "$(dirname "$0")" + function clean_run() { + rm -f psa_notify_* pkill psa_partition || true pkill psa_client || true ipcs | grep q | awk '{ printf " -q " $$2 }' | xargs ipcrm > /dev/null 2>&1 || true @@ -21,7 +24,7 @@ function clean_run() { # event as signal that the server is ready so that we can start client(s). function wait_for_server_startup() { while [ ! -f ./psa_notify_* ]; do - sleep 0.1 + sleep 0.1 done } diff --git a/tests/psa-client-server/psasim/test/server.c b/tests/psa-client-server/psasim/test/server.c index 1c873c6c06..b88a7ba8d4 100644 --- a/tests/psa-client-server/psasim/test/server.c +++ b/tests/psa-client-server/psasim/test/server.c @@ -8,12 +8,16 @@ #include #include +/* Includes from psasim */ #include "psa/service.h" -#include "psa/error.h" +#include "psa/error_ext.h" #include "psa/util.h" #include "psa_manifest/manifest.h" +#include "psa_functions_codes.h" +/* Includes from mbedtls */ #include "mbedtls/version.h" +#include "psa/crypto.h" #define SERVER_PRINT(fmt, ...) \ PRINT("Server: " fmt, ##__VA_ARGS__) @@ -38,11 +42,10 @@ void parse_input_args(int argc, char *argv[]) } } -int psa_sha256_main(int argc, char *argv[]) +int psa_server_main(int argc, char *argv[]) { psa_status_t ret = PSA_ERROR_PROGRAMMER_ERROR; psa_msg_t msg = { -1 }; - char foo[BUF_SIZE] = { 0 }; const int magic_num = 66; int client_disconnected = 0; char mbedtls_version[18]; @@ -60,10 +63,9 @@ int psa_sha256_main(int argc, char *argv[]) SERVER_PRINT("Signals: 0x%08x", signals); } - if (signals & PSA_SHA256_SIGNAL) { - if (PSA_SUCCESS == psa_get(PSA_SHA256_SIGNAL, &msg)) { - SERVER_PRINT("My handle is %d", msg.handle); - SERVER_PRINT("My rhandle is %p", (int *) msg.rhandle); + if (signals & PSA_CRYPTO_SIGNAL) { + if (PSA_SUCCESS == psa_get(PSA_CRYPTO_SIGNAL, &msg)) { + SERVER_PRINT("handle: %d - rhandle: %p", msg.handle, (int *) msg.rhandle); switch (msg.type) { case PSA_IPC_CONNECT: SERVER_PRINT("Got a connection message"); @@ -75,34 +77,23 @@ int psa_sha256_main(int argc, char *argv[]) ret = PSA_SUCCESS; client_disconnected = 1; break; - default: SERVER_PRINT("Got an IPC call of type %d", msg.type); - ret = 42; - size_t size = msg.in_size[0]; - - if ((size > 0) && (size <= sizeof(foo))) { - psa_read(msg.handle, 0, foo, 6); - foo[(BUF_SIZE-1)] = '\0'; - SERVER_PRINT("Reading payload: %s", foo); - psa_read(msg.handle, 0, foo+6, 6); - foo[(BUF_SIZE-1)] = '\0'; - SERVER_PRINT("Reading payload: %s", foo); - } - - size = msg.out_size[0]; - if ((size > 0)) { - SERVER_PRINT("Writing response"); - psa_write(msg.handle, 0, "RESP", 4); - psa_write(msg.handle, 0, "ONSE", 4); + switch (msg.type) { + case PSA_CRYPTO_INIT: + ret = psa_crypto_init(); + break; + default: + SERVER_PRINT("Unknown PSA function code"); + break; } + SERVER_PRINT("Internal function call returned %d", ret); if (msg.client_id > 0) { psa_notify(msg.client_id); } else { SERVER_PRINT("Client is non-secure, so won't notify"); } - } psa_reply(msg.handle, ret); diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index d2805126b0..0a82237615 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -6213,7 +6213,7 @@ component_test_psasim() { make -C tests/psa-client-server/psasim CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS" msg "test psasim" - make -C tests/psa-client-server/psasim run + tests/psa-client-server/psasim/test/run_test.sh msg "clean psasim" make -C tests/psa-client-server/psasim clean From dde9579fabec59afc95b18f00cc6bef1d22067cf Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Fri, 10 May 2024 05:22:33 +0200 Subject: [PATCH 196/429] all.sh: crypto-client: keep NV_SEED disabled in the server lib This is necessary because otherwise the library is not able to find the seedfile at runtime and it fails the initialization. However since this test runs on a standard PC we can rely on platform entropy as source of entropy. Signed-off-by: Valerio Setti --- tests/scripts/all.sh | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 0a82237615..573f769cc1 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -970,6 +970,11 @@ helper_crypto_client_build() { scripts/config.py unset MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS scripts/config.py set MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER scripts/config.py set MBEDTLS_PSA_CRYPTO_SPM + # Disable NV_SEED as the MBEDTLS_PLATFORM_STD_NV_SEED_FILE is not in + # right path for mbedtls_platform_std_nv_seed_read(). Just rely on + # mbedtls_platform_entropy_poll() as entropy source(). + scripts/config.py unset MBEDTLS_ENTROPY_NV_SEED + scripts/config.py unset MBEDTLS_PLATFORM_NV_SEED_ALT fi make -C tests CC="$ASAN_CC" CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS" $TARGET_LIB From 66fb1c17ff94e21c29471e317ab0572005a3c7aa Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Fri, 10 May 2024 06:51:16 +0200 Subject: [PATCH 197/429] crypto-client: reorganize source files/folders The goal is to keep psasim as simple as possible: - do not build a separate lib for psa-ff; build those source files as part of server or client - do not have lot of different makefiles: just 1 that does all we need - do not have several subfolders for headers: only 1 is enough for this kind of project Signed-off-by: Valerio Setti --- tests/psa-client-server/psasim/Makefile | 52 ++- .../psasim/include/{psa => }/client.h | 2 +- .../psasim/include/{psa => }/common.h | 0 .../psasim/include/{psa => }/error_ext.h | 2 +- .../psasim/include/{psasim => }/init.h | 2 +- .../psasim/include/{psa => }/lifecycle.h | 0 .../psasim/include/{psa => }/service.h | 2 +- .../psasim/include/{psa => }/util.h | 2 +- tests/psa-client-server/psasim/src/Makefile | 19 - tests/psa-client-server/psasim/src/client.c | 414 ++---------------- tests/psa-client-server/psasim/src/common.c | 8 - .../psasim/{test => src}/manifest.json | 0 .../psasim/src/psa_ff_client.c | 392 +++++++++++++++++ .../psasim/src/{service.c => psa_ff_server.c} | 12 +- .../{test => src}/psa_functions_codes.h | 0 .../psasim/{test => src}/server.c | 6 +- tests/psa-client-server/psasim/test/Makefile | 40 -- tests/psa-client-server/psasim/test/client.c | 54 --- .../psasim/tools/psa_autogen.py | 25 +- 19 files changed, 497 insertions(+), 535 deletions(-) rename tests/psa-client-server/psasim/include/{psa => }/client.h (98%) rename tests/psa-client-server/psasim/include/{psa => }/common.h (100%) rename tests/psa-client-server/psasim/include/{psa => }/error_ext.h (94%) rename tests/psa-client-server/psasim/include/{psasim => }/init.h (94%) rename tests/psa-client-server/psasim/include/{psa => }/lifecycle.h (100%) rename tests/psa-client-server/psasim/include/{psa => }/service.h (99%) rename tests/psa-client-server/psasim/include/{psa => }/util.h (97%) delete mode 100644 tests/psa-client-server/psasim/src/Makefile delete mode 100644 tests/psa-client-server/psasim/src/common.c rename tests/psa-client-server/psasim/{test => src}/manifest.json (100%) create mode 100644 tests/psa-client-server/psasim/src/psa_ff_client.c rename tests/psa-client-server/psasim/src/{service.c => psa_ff_server.c} (99%) rename tests/psa-client-server/psasim/{test => src}/psa_functions_codes.h (100%) rename tests/psa-client-server/psasim/{test => src}/server.c (97%) delete mode 100644 tests/psa-client-server/psasim/test/Makefile delete mode 100644 tests/psa-client-server/psasim/test/client.c diff --git a/tests/psa-client-server/psasim/Makefile b/tests/psa-client-server/psasim/Makefile index 50fd0ad11b..45b31960ee 100644 --- a/tests/psa-client-server/psasim/Makefile +++ b/tests/psa-client-server/psasim/Makefile @@ -1,23 +1,51 @@ CFLAGS += -Wall -Werror -std=c99 -D_XOPEN_SOURCE=1 -D_POSIX_C_SOURCE=200809L ifeq ($(DEBUG),1) - CFLAGS += -DDEBUG -O0 -g + CFLAGS += -DDEBUG endif -.PHONY: all lib test run +LIBPSACLIENT_PATH := ../../libpsaclient +LIBPSASERVER_PATH := ../../libpsaserver -all: lib test +LIBPSACLIENT := -L$(LIBPSACLIENT_PATH)/library -lmbedcrypto -lmbedx509 -lmbedtls +LIBPSASERVER := -L$(LIBPSASERVER_PATH)/library -lmbedcrypto -lib: - $(MAKE) -C src CFLAGS="$(CFLAGS)" LDFLAGS="$(LDFLAGS)" +LIBPSACLIENT_H := -I$(LIBPSACLIENT_PATH)/include +LIBPSASERVER_H := -I$(LIBPSASERVER_PATH)/include -test: lib - $(MAKE) -C test CFLAGS="$(CFLAGS)" LDFLAGS="$(LDFLAGS)" +COMMON_INCLUDE := -I./include + +TEST_BIN = test/psa_client \ + test/psa_partition + +GENERATED_H_FILES = include/psa_manifest/manifest.h \ + include/psa_manifest/pid.h \ + include/psa_manifest/sid.h + +PSA_CLIENT_SRC = src/psa_ff_client.c \ + src/client.c + +PARTITION_SERVER_BOOTSTRAP = src/psa_ff_bootstrap_TEST_PARTITION.c + +PSA_SERVER_SRC = $(PARTITION_SERVER_BOOTSTRAP) \ + src/psa_ff_server.c + +.PHONY: all clean + +all: $(TEST_BIN) + +test/psa_client: $(PSA_CLIENT_SRC) $(GENERATED_H_FILES) + $(CC) $(COMMON_INCLUDE) $(LIBPSACLIENT_H) $(CFLAGS) $(PSA_CLIENT_SRC) $(LIBPSACLIENT) $(LDFLAGS) -o $@ + +test/psa_partition: $(PSA_SERVER_SRC) $(GENERATED_H_FILES) + $(CC) $(COMMON_INCLUDE) $(LIBPSASERVER_H) $(CFLAGS) $(PSA_SERVER_SRC) $(LIBPSASERVER) $(LDFLAGS) -o $@ + +$(PARTITION_SERVER_BOOTSTRAP) $(GENERATED_H_FILES): src/manifest.json src/server.c + tools/psa_autogen.py src/manifest.json clean: - rm -f $(PSA_LIB) $(PSA_LIB_OBJS) - $(MAKE) -C test clean - $(MAKE) -C src clean + rm -f $(TEST_BIN) + rm -f $(PARTITION_SERVER_BOOTSTRAP) + rm -rf include/psa_manifest + rm -f test/psa_service_* test/psa_notify_* -run: test - cd test && ./run_test.sh diff --git a/tests/psa-client-server/psasim/include/psa/client.h b/tests/psa-client-server/psasim/include/client.h similarity index 98% rename from tests/psa-client-server/psasim/include/psa/client.h rename to tests/psa-client-server/psasim/include/client.h index 1044c84bbd..d48498e682 100644 --- a/tests/psa-client-server/psasim/include/psa/client.h +++ b/tests/psa-client-server/psasim/include/client.h @@ -17,7 +17,7 @@ extern "C" { #include "psa/crypto.h" -#include "psa/error_ext.h" +#include "error_ext.h" /*********************** PSA Client Macros and Types *************************/ #define PSA_FRAMEWORK_VERSION (0x0100) diff --git a/tests/psa-client-server/psasim/include/psa/common.h b/tests/psa-client-server/psasim/include/common.h similarity index 100% rename from tests/psa-client-server/psasim/include/psa/common.h rename to tests/psa-client-server/psasim/include/common.h diff --git a/tests/psa-client-server/psasim/include/psa/error_ext.h b/tests/psa-client-server/psasim/include/error_ext.h similarity index 94% rename from tests/psa-client-server/psasim/include/psa/error_ext.h rename to tests/psa-client-server/psasim/include/error_ext.h index efbba864fc..6c82b8a72f 100644 --- a/tests/psa-client-server/psasim/include/psa/error_ext.h +++ b/tests/psa-client-server/psasim/include/error_ext.h @@ -10,7 +10,7 @@ #include -#include "psa/common.h" +#include "common.h" #define PSA_ERROR_PROGRAMMER_ERROR ((psa_status_t) -129) #define PSA_ERROR_CONNECTION_REFUSED ((psa_status_t) -130) diff --git a/tests/psa-client-server/psasim/include/psasim/init.h b/tests/psa-client-server/psasim/include/init.h similarity index 94% rename from tests/psa-client-server/psasim/include/psasim/init.h rename to tests/psa-client-server/psasim/include/init.h index 9496fc2a1c..de95d905c7 100644 --- a/tests/psa-client-server/psasim/include/psasim/init.h +++ b/tests/psa-client-server/psasim/include/init.h @@ -6,7 +6,7 @@ */ #include -#include +#include void raise_signal(psa_signal_t signal); void __init_psasim(const char **array, int size, diff --git a/tests/psa-client-server/psasim/include/psa/lifecycle.h b/tests/psa-client-server/psasim/include/lifecycle.h similarity index 100% rename from tests/psa-client-server/psasim/include/psa/lifecycle.h rename to tests/psa-client-server/psasim/include/lifecycle.h diff --git a/tests/psa-client-server/psasim/include/psa/service.h b/tests/psa-client-server/psasim/include/service.h similarity index 99% rename from tests/psa-client-server/psasim/include/psa/service.h rename to tests/psa-client-server/psasim/include/service.h index b6c968427a..cbcb918cb2 100644 --- a/tests/psa-client-server/psasim/include/psa/service.h +++ b/tests/psa-client-server/psasim/include/service.h @@ -15,7 +15,7 @@ extern "C" { #include #include -#include "psa/common.h" +#include "common.h" #include "psa/crypto.h" diff --git a/tests/psa-client-server/psasim/include/psa/util.h b/tests/psa-client-server/psasim/include/util.h similarity index 97% rename from tests/psa-client-server/psasim/include/psa/util.h rename to tests/psa-client-server/psasim/include/util.h index c3669a125d..558149fe2b 100644 --- a/tests/psa-client-server/psasim/include/psa/util.h +++ b/tests/psa-client-server/psasim/include/util.h @@ -5,7 +5,7 @@ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ -#include "psa/service.h" +#include "service.h" #define PRINT(fmt, ...) \ fprintf(stdout, fmt "\n", ##__VA_ARGS__) diff --git a/tests/psa-client-server/psasim/src/Makefile b/tests/psa-client-server/psasim/src/Makefile deleted file mode 100644 index 119971b084..0000000000 --- a/tests/psa-client-server/psasim/src/Makefile +++ /dev/null @@ -1,19 +0,0 @@ -# Here I'm picking also libpsaclient/include because I just need it for the -# psa/crypto.h include. libpsaserver would have worked the same. -INCLUDE = -I../include/ -I../../../libpsaclient/include -PSA_LIB = libpsaff.a - -PSA_LIB_OBJS = client.o service.o - -.PHONY: all lib - -all: $(PSA_LIB) - -%.o: %.c - $(CC) $(INCLUDE) $(CFLAGS) -c $< -o $@ - -$(PSA_LIB): $(PSA_LIB_OBJS) - $(AR) rcs $(PSA_LIB) client.o service.o - -clean: - rm -f $(PSA_LIB) $(PSA_LIB_OBJS) diff --git a/tests/psa-client-server/psasim/src/client.c b/tests/psa-client-server/psasim/src/client.c index bd1d5d8813..e8f370d97d 100644 --- a/tests/psa-client-server/psasim/src/client.c +++ b/tests/psa-client-server/psasim/src/client.c @@ -1,392 +1,54 @@ -/* PSA firmware framework client API */ +/* psasim test client */ /* * Copyright The Mbed TLS Contributors * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ -#include -#include -#include -#include #include -#include -#include -#include -#include -#include -#include +#include -#include "psa/client.h" -#include "psa/common.h" -#include "psa/error_ext.h" -#include "psa/util.h" +/* Includes from psasim */ +#include +#include +#include "psa_manifest/sid.h" +#include "psa_functions_codes.h" -typedef struct internal_handle { - int server_qid; - int client_qid; - int internal_server_qid; - int valid; -} internal_handle_t; +/* Includes from mbedtls */ +#include "mbedtls/version.h" +#include "psa/crypto.h" -typedef struct vectors { - const psa_invec *in_vec; - size_t in_len; - psa_outvec *out_vec; - size_t out_len; -} vectors_t; +#define CLIENT_PRINT(fmt, ...) \ + PRINT("Client: " fmt, ##__VA_ARGS__) -/* Note that this implementation is functional and not secure */ -int __psa_ff_client_security_state = NON_SECURE; - -/* Access to this global is not thread safe */ -#define MAX_HANDLES 32 -static internal_handle_t handles[MAX_HANDLES] = { { 0 } }; - -static int get_next_free_handle() +int main() { - /* Never return handle 0 as it's a special null handle */ - for (int i = 1; i < MAX_HANDLES; i++) { - if (handles[i].valid == 0) { - return i; - } - } - return -1; -} + char mbedtls_version[18]; + // psa_invec invecs[1]; + // psa_outvec outvecs[1]; + psa_status_t status; -static int handle_is_valid(psa_handle_t handle) -{ - if (handle > 0 && handle < MAX_HANDLES) { - if (handles[handle].valid == 1) { - return 1; - } + mbedtls_version_get_string_full(mbedtls_version); + CLIENT_PRINT("%s", mbedtls_version); + + CLIENT_PRINT("My PID: %d", getpid()); + + CLIENT_PRINT("PSA version: %u", psa_version(PSA_SID_SHA256_SID)); + psa_handle_t h = psa_connect(PSA_SID_SHA256_SID, 1); + + if (h < 0) { + CLIENT_PRINT("Couldn't connect %d", h); + return 1; + } + + status = psa_call(h, PSA_CRYPTO_INIT, NULL, 0, NULL, 0); + CLIENT_PRINT("PSA_CRYPTO_INIT returned: %d", status); + + CLIENT_PRINT("Closing handle"); + psa_close(h); + + if (status != PSA_SUCCESS) { + return 1; } - ERROR("ERROR: Invalid handle"); return 0; } - -static int get_queue_info(char *path, int *cqid, int *sqid) -{ - - key_t server_queue_key; - int rx_qid, server_qid; - - INFO("Attempting to contact a RoT service queue"); - - if ((rx_qid = msgget(IPC_PRIVATE, 0660)) == -1) { - ERROR("msgget: rx_qid"); - return -1; - } - - if ((server_queue_key = ftok(path, PROJECT_ID)) == -1) { - ERROR("ftok"); - return -2; - } - - if ((server_qid = msgget(server_queue_key, 0)) == -1) { - ERROR("msgget: server_qid"); - return -3; - } - - *cqid = rx_qid; - *sqid = server_qid; - - return 0; -} - -static psa_status_t process_response(int rx_qid, vectors_t *vecs, int type, - int *internal_server_qid) -{ - - struct message response, request; - psa_status_t ret = PSA_ERROR_CONNECTION_REFUSED; - size_t invec_seek[4] = { 0 }; - size_t data_size; - psa_status_t invec, outvec; /* TODO: Should these be size_t ? */ - - assert(internal_server_qid > 0); - - while (1) { - data_size = 0; - invec = 0; - outvec = 0; - - // read response from server - if (msgrcv(rx_qid, &response, sizeof(struct message_text), 0, 0) == -1) { - ERROR(" msgrcv failed"); - return ret; - } - - // process return message from server - switch (response.message_type) { - case PSA_REPLY: - memcpy(&ret, response.message_text.buf, sizeof(psa_status_t)); - INFO(" Message received from server: %d", ret); - if (type == PSA_IPC_CONNECT && ret > 0) { - *internal_server_qid = ret; - INFO(" ASSSIGNED q ID %d", *internal_server_qid); - ret = PSA_SUCCESS; - } - return ret; - break; - case READ_REQUEST: - /* read data request */ - request.message_type = READ_RESPONSE; - - assert(vecs != 0); - - memcpy(&invec, response.message_text.buf, sizeof(psa_status_t)); - memcpy(&data_size, response.message_text.buf+sizeof(size_t), sizeof(size_t)); - INFO(" Partition asked for %lu bytes from invec %d", data_size, invec); - - /* need to add more checks here */ - assert(invec >= 0 && invec < PSA_MAX_IOVEC); - - if (data_size > MAX_FRAGMENT_SIZE) { - data_size = MAX_FRAGMENT_SIZE; - } - - /* send response */ - INFO(" invec_seek[invec] is %lu", invec_seek[invec]); - INFO(" Reading from offset %p", vecs->in_vec[invec].base + invec_seek[invec]); - memcpy(request.message_text.buf, - (vecs->in_vec[invec].base + invec_seek[invec]), - data_size); - - /* update invec base TODO: check me */ - invec_seek[invec] = invec_seek[invec] + data_size; - - INFO(" Sending message of type %li", request.message_type); - INFO(" with content %s", request.message_text.buf); - - if (msgsnd(*internal_server_qid, &request, - sizeof(int) + sizeof(uint32_t) + data_size, 0) == -1) { - ERROR("Internal error: failed to respond to read request"); - } - break; - case WRITE_REQUEST: - assert(vecs != 0); - - request.message_type = WRITE_RESPONSE; - - memcpy(&outvec, response.message_text.buf, sizeof(psa_status_t)); - memcpy(&data_size, response.message_text.buf + sizeof(size_t), sizeof(size_t)); - INFO(" Partition wants to write %lu bytes to outvec %d", data_size, outvec); - - assert(outvec >= 0 && outvec < PSA_MAX_IOVEC); - - /* copy memory into message and send back amount written */ - size_t sofar = vecs->out_vec[outvec].len; - memcpy(vecs->out_vec[outvec].base + sofar, - response.message_text.buf+(sizeof(size_t)*2), data_size); - INFO(" Data size is %lu", data_size); - vecs->out_vec[outvec].len += data_size; - - INFO(" Sending message of type %li", request.message_type); - - /* send response */ - if (msgsnd(*internal_server_qid, &request, sizeof(int) + data_size, 0) == -1) { - ERROR("Internal error: failed to respond to write request"); - } - break; - case SKIP_REQUEST: - memcpy(&invec, response.message_text.buf, sizeof(psa_status_t)); - memcpy(&data_size, response.message_text.buf+sizeof(size_t), sizeof(size_t)); - INFO(" Partition asked to skip %lu bytes in invec %d", data_size, invec); - assert(invec >= 0 && invec < PSA_MAX_IOVEC); - /* update invec base TODO: check me */ - invec_seek[invec] = invec_seek[invec] + data_size; - break; - - default: - FATAL(" ERROR: unknown internal message type: %ld", - response.message_type); - return ret; - } - } -} - -static psa_status_t send(int rx_qid, int server_qid, int *internal_server_qid, - int32_t type, uint32_t minor_version, vectors_t *vecs) -{ - { - psa_status_t ret = PSA_ERROR_CONNECTION_REFUSED; - size_t request_msg_size = (sizeof(int) + sizeof(long)); /* msg type plus queue id */ - struct message request; - request.message_type = 1; /* TODO: change this */ - request.message_text.psa_type = type; - vector_sizes_t vec_sizes; - - /* If the client is non-secure then set the NS bit */ - if (__psa_ff_client_security_state != 0) { - request.message_type |= NON_SECURE; - } - - assert(request.message_type >= 0); - - INFO("SEND: Sending message of type %ld with psa_type %d", request.message_type, type); - INFO(" internal_server_qid = %i", *internal_server_qid); - - request.message_text.qid = rx_qid; - - if (type == PSA_IPC_CONNECT) { - memcpy(request.message_text.buf, &minor_version, sizeof(minor_version)); - request_msg_size = request_msg_size + sizeof(minor_version); - INFO(" Request msg size is %lu", request_msg_size); - } else { - assert(internal_server_qid > 0); - } - - if (vecs != NULL && type >= PSA_IPC_CALL) { - - memset(&vec_sizes, 0, sizeof(vec_sizes)); - - /* Copy invec sizes */ - for (size_t i = 0; i < (vecs->in_len); i++) { - vec_sizes.invec_sizes[i] = vecs->in_vec[i].len; - INFO(" Client sending vector %lu: %lu", i, vec_sizes.invec_sizes[i]); - } - - /* Copy outvec sizes */ - for (size_t i = 0; i < (vecs->out_len); i++) { - vec_sizes.outvec_sizes[i] = vecs->out_vec[i].len; - - /* Reset to 0 since we need to eventually fill in with bytes written */ - vecs->out_vec[i].len = 0; - } - - memcpy(request.message_text.buf, &vec_sizes, sizeof(vec_sizes)); - request_msg_size = request_msg_size + sizeof(vec_sizes); - } - - INFO(" Sending and then waiting"); - - // send message to server - if (msgsnd(server_qid, &request, request_msg_size, 0) == -1) { - ERROR(" msgsnd failed"); - return ret; - } - - return process_response(rx_qid, vecs, type, internal_server_qid); - } -} - - -uint32_t psa_framework_version(void) -{ - return PSA_FRAMEWORK_VERSION; -} - -psa_handle_t psa_connect(uint32_t sid, uint32_t minor_version) -{ - - int idx; - psa_status_t ret; - char pathname[PATHNAMESIZE] = { 0 }; - - idx = get_next_free_handle(); - - /* if there's a free handle available */ - if (idx >= 0) { - snprintf(pathname, PATHNAMESIZE - 1, TMP_FILE_BASE_PATH "psa_service_%u", sid); - INFO("Attempting to contact RoT service at %s", pathname); - - /* if communication is possible */ - if (get_queue_info(pathname, &handles[idx].client_qid, &handles[idx].server_qid) >= 0) { - - ret = send(handles[idx].client_qid, - handles[idx].server_qid, - &handles[idx].internal_server_qid, - PSA_IPC_CONNECT, - minor_version, - NULL); - - /* if connection accepted by RoT service */ - if (ret >= 0) { - handles[idx].valid = 1; - return idx; - } else { - INFO("Server didn't like you"); - } - } else { - INFO("Couldn't contact RoT service. Does it exist?"); - - if (__psa_ff_client_security_state == 0) { - ERROR("Invalid SID"); - } - } - } - - INFO("Couldn't obtain a free handle"); - return PSA_ERROR_CONNECTION_REFUSED; -} - -uint32_t psa_version(uint32_t sid) -{ - int idx; - psa_status_t ret; - char pathname[PATHNAMESIZE] = { 0 }; - - idx = get_next_free_handle(); - - if (idx >= 0) { - snprintf(pathname, PATHNAMESIZE, TMP_FILE_BASE_PATH "psa_service_%u", sid); - if (get_queue_info(pathname, &handles[idx].client_qid, &handles[idx].server_qid) >= 0) { - ret = send(handles[idx].client_qid, - handles[idx].server_qid, - &handles[idx].internal_server_qid, - VERSION_REQUEST, - 0, - NULL); - INFO("psa_version: Recieved from server %d", ret); - if (ret > 0) { - return ret; - } - } - } - INFO("psa_version failed: does the service exist?"); - return PSA_VERSION_NONE; -} - -psa_status_t psa_call(psa_handle_t handle, - int32_t type, - const psa_invec *in_vec, - size_t in_len, - psa_outvec *out_vec, - size_t out_len) -{ - - handle_is_valid(handle); - - if ((in_len + out_len) > PSA_MAX_IOVEC) { - ERROR("Too many iovecs: %lu + %lu", in_len, out_len); - } - - vectors_t vecs = { 0 }; - vecs.in_vec = in_vec; - vecs.in_len = in_len; - vecs.out_vec = out_vec; - vecs.out_len = out_len; - - return send(handles[handle].client_qid, - handles[handle].server_qid, - &handles[handle].internal_server_qid, - type, - 0, - &vecs); -} - -void psa_close(psa_handle_t handle) -{ - handle_is_valid(handle); - if (send(handles[handle].client_qid, handles[handle].server_qid, - &handles[handle].internal_server_qid, PSA_IPC_DISCONNECT, 0, NULL)) { - ERROR("ERROR: Couldn't send disconnect msg"); - } else { - if (msgctl(handles[handle].client_qid, IPC_RMID, NULL) != 0) { - ERROR("ERROR: Failed to delete msg queue"); - } - } - INFO("Closing handle %u", handle); - handles[handle].valid = 0; -} diff --git a/tests/psa-client-server/psasim/src/common.c b/tests/psa-client-server/psasim/src/common.c deleted file mode 100644 index 287bb504ae..0000000000 --- a/tests/psa-client-server/psasim/src/common.c +++ /dev/null @@ -1,8 +0,0 @@ -/* Common code between clients and services */ - -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#include "psa/common.h" diff --git a/tests/psa-client-server/psasim/test/manifest.json b/tests/psa-client-server/psasim/src/manifest.json similarity index 100% rename from tests/psa-client-server/psasim/test/manifest.json rename to tests/psa-client-server/psasim/src/manifest.json diff --git a/tests/psa-client-server/psasim/src/psa_ff_client.c b/tests/psa-client-server/psasim/src/psa_ff_client.c new file mode 100644 index 0000000000..bc2989ffae --- /dev/null +++ b/tests/psa-client-server/psasim/src/psa_ff_client.c @@ -0,0 +1,392 @@ +/* PSA firmware framework client API */ + +/* + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + */ + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include "client.h" +#include "common.h" +#include "error_ext.h" +#include "util.h" + +typedef struct internal_handle { + int server_qid; + int client_qid; + int internal_server_qid; + int valid; +} internal_handle_t; + +typedef struct vectors { + const psa_invec *in_vec; + size_t in_len; + psa_outvec *out_vec; + size_t out_len; +} vectors_t; + +/* Note that this implementation is functional and not secure */ +int __psa_ff_client_security_state = NON_SECURE; + +/* Access to this global is not thread safe */ +#define MAX_HANDLES 32 +static internal_handle_t handles[MAX_HANDLES] = { { 0 } }; + +static int get_next_free_handle() +{ + /* Never return handle 0 as it's a special null handle */ + for (int i = 1; i < MAX_HANDLES; i++) { + if (handles[i].valid == 0) { + return i; + } + } + return -1; +} + +static int handle_is_valid(psa_handle_t handle) +{ + if (handle > 0 && handle < MAX_HANDLES) { + if (handles[handle].valid == 1) { + return 1; + } + } + ERROR("ERROR: Invalid handle"); + return 0; +} + +static int get_queue_info(char *path, int *cqid, int *sqid) +{ + + key_t server_queue_key; + int rx_qid, server_qid; + + INFO("Attempting to contact a RoT service queue"); + + if ((rx_qid = msgget(IPC_PRIVATE, 0660)) == -1) { + ERROR("msgget: rx_qid"); + return -1; + } + + if ((server_queue_key = ftok(path, PROJECT_ID)) == -1) { + ERROR("ftok"); + return -2; + } + + if ((server_qid = msgget(server_queue_key, 0)) == -1) { + ERROR("msgget: server_qid"); + return -3; + } + + *cqid = rx_qid; + *sqid = server_qid; + + return 0; +} + +static psa_status_t process_response(int rx_qid, vectors_t *vecs, int type, + int *internal_server_qid) +{ + + struct message response, request; + psa_status_t ret = PSA_ERROR_CONNECTION_REFUSED; + size_t invec_seek[4] = { 0 }; + size_t data_size; + psa_status_t invec, outvec; /* TODO: Should these be size_t ? */ + + assert(internal_server_qid > 0); + + while (1) { + data_size = 0; + invec = 0; + outvec = 0; + + // read response from server + if (msgrcv(rx_qid, &response, sizeof(struct message_text), 0, 0) == -1) { + ERROR(" msgrcv failed"); + return ret; + } + + // process return message from server + switch (response.message_type) { + case PSA_REPLY: + memcpy(&ret, response.message_text.buf, sizeof(psa_status_t)); + INFO(" Message received from server: %d", ret); + if (type == PSA_IPC_CONNECT && ret > 0) { + *internal_server_qid = ret; + INFO(" ASSSIGNED q ID %d", *internal_server_qid); + ret = PSA_SUCCESS; + } + return ret; + break; + case READ_REQUEST: + /* read data request */ + request.message_type = READ_RESPONSE; + + assert(vecs != 0); + + memcpy(&invec, response.message_text.buf, sizeof(psa_status_t)); + memcpy(&data_size, response.message_text.buf+sizeof(size_t), sizeof(size_t)); + INFO(" Partition asked for %lu bytes from invec %d", data_size, invec); + + /* need to add more checks here */ + assert(invec >= 0 && invec < PSA_MAX_IOVEC); + + if (data_size > MAX_FRAGMENT_SIZE) { + data_size = MAX_FRAGMENT_SIZE; + } + + /* send response */ + INFO(" invec_seek[invec] is %lu", invec_seek[invec]); + INFO(" Reading from offset %p", vecs->in_vec[invec].base + invec_seek[invec]); + memcpy(request.message_text.buf, + (vecs->in_vec[invec].base + invec_seek[invec]), + data_size); + + /* update invec base TODO: check me */ + invec_seek[invec] = invec_seek[invec] + data_size; + + INFO(" Sending message of type %li", request.message_type); + INFO(" with content %s", request.message_text.buf); + + if (msgsnd(*internal_server_qid, &request, + sizeof(int) + sizeof(uint32_t) + data_size, 0) == -1) { + ERROR("Internal error: failed to respond to read request"); + } + break; + case WRITE_REQUEST: + assert(vecs != 0); + + request.message_type = WRITE_RESPONSE; + + memcpy(&outvec, response.message_text.buf, sizeof(psa_status_t)); + memcpy(&data_size, response.message_text.buf + sizeof(size_t), sizeof(size_t)); + INFO(" Partition wants to write %lu bytes to outvec %d", data_size, outvec); + + assert(outvec >= 0 && outvec < PSA_MAX_IOVEC); + + /* copy memory into message and send back amount written */ + size_t sofar = vecs->out_vec[outvec].len; + memcpy(vecs->out_vec[outvec].base + sofar, + response.message_text.buf+(sizeof(size_t)*2), data_size); + INFO(" Data size is %lu", data_size); + vecs->out_vec[outvec].len += data_size; + + INFO(" Sending message of type %li", request.message_type); + + /* send response */ + if (msgsnd(*internal_server_qid, &request, sizeof(int) + data_size, 0) == -1) { + ERROR("Internal error: failed to respond to write request"); + } + break; + case SKIP_REQUEST: + memcpy(&invec, response.message_text.buf, sizeof(psa_status_t)); + memcpy(&data_size, response.message_text.buf+sizeof(size_t), sizeof(size_t)); + INFO(" Partition asked to skip %lu bytes in invec %d", data_size, invec); + assert(invec >= 0 && invec < PSA_MAX_IOVEC); + /* update invec base TODO: check me */ + invec_seek[invec] = invec_seek[invec] + data_size; + break; + + default: + FATAL(" ERROR: unknown internal message type: %ld", + response.message_type); + return ret; + } + } +} + +static psa_status_t send(int rx_qid, int server_qid, int *internal_server_qid, + int32_t type, uint32_t minor_version, vectors_t *vecs) +{ + { + psa_status_t ret = PSA_ERROR_CONNECTION_REFUSED; + size_t request_msg_size = (sizeof(int) + sizeof(long)); /* msg type plus queue id */ + struct message request; + request.message_type = 1; /* TODO: change this */ + request.message_text.psa_type = type; + vector_sizes_t vec_sizes; + + /* If the client is non-secure then set the NS bit */ + if (__psa_ff_client_security_state != 0) { + request.message_type |= NON_SECURE; + } + + assert(request.message_type >= 0); + + INFO("SEND: Sending message of type %ld with psa_type %d", request.message_type, type); + INFO(" internal_server_qid = %i", *internal_server_qid); + + request.message_text.qid = rx_qid; + + if (type == PSA_IPC_CONNECT) { + memcpy(request.message_text.buf, &minor_version, sizeof(minor_version)); + request_msg_size = request_msg_size + sizeof(minor_version); + INFO(" Request msg size is %lu", request_msg_size); + } else { + assert(internal_server_qid > 0); + } + + if (vecs != NULL && type >= PSA_IPC_CALL) { + + memset(&vec_sizes, 0, sizeof(vec_sizes)); + + /* Copy invec sizes */ + for (size_t i = 0; i < (vecs->in_len); i++) { + vec_sizes.invec_sizes[i] = vecs->in_vec[i].len; + INFO(" Client sending vector %lu: %lu", i, vec_sizes.invec_sizes[i]); + } + + /* Copy outvec sizes */ + for (size_t i = 0; i < (vecs->out_len); i++) { + vec_sizes.outvec_sizes[i] = vecs->out_vec[i].len; + + /* Reset to 0 since we need to eventually fill in with bytes written */ + vecs->out_vec[i].len = 0; + } + + memcpy(request.message_text.buf, &vec_sizes, sizeof(vec_sizes)); + request_msg_size = request_msg_size + sizeof(vec_sizes); + } + + INFO(" Sending and then waiting"); + + // send message to server + if (msgsnd(server_qid, &request, request_msg_size, 0) == -1) { + ERROR(" msgsnd failed"); + return ret; + } + + return process_response(rx_qid, vecs, type, internal_server_qid); + } +} + + +uint32_t psa_framework_version(void) +{ + return PSA_FRAMEWORK_VERSION; +} + +psa_handle_t psa_connect(uint32_t sid, uint32_t minor_version) +{ + + int idx; + psa_status_t ret; + char pathname[PATHNAMESIZE] = { 0 }; + + idx = get_next_free_handle(); + + /* if there's a free handle available */ + if (idx >= 0) { + snprintf(pathname, PATHNAMESIZE - 1, TMP_FILE_BASE_PATH "psa_service_%u", sid); + INFO("Attempting to contact RoT service at %s", pathname); + + /* if communication is possible */ + if (get_queue_info(pathname, &handles[idx].client_qid, &handles[idx].server_qid) >= 0) { + + ret = send(handles[idx].client_qid, + handles[idx].server_qid, + &handles[idx].internal_server_qid, + PSA_IPC_CONNECT, + minor_version, + NULL); + + /* if connection accepted by RoT service */ + if (ret >= 0) { + handles[idx].valid = 1; + return idx; + } else { + INFO("Server didn't like you"); + } + } else { + INFO("Couldn't contact RoT service. Does it exist?"); + + if (__psa_ff_client_security_state == 0) { + ERROR("Invalid SID"); + } + } + } + + INFO("Couldn't obtain a free handle"); + return PSA_ERROR_CONNECTION_REFUSED; +} + +uint32_t psa_version(uint32_t sid) +{ + int idx; + psa_status_t ret; + char pathname[PATHNAMESIZE] = { 0 }; + + idx = get_next_free_handle(); + + if (idx >= 0) { + snprintf(pathname, PATHNAMESIZE, TMP_FILE_BASE_PATH "psa_service_%u", sid); + if (get_queue_info(pathname, &handles[idx].client_qid, &handles[idx].server_qid) >= 0) { + ret = send(handles[idx].client_qid, + handles[idx].server_qid, + &handles[idx].internal_server_qid, + VERSION_REQUEST, + 0, + NULL); + INFO("psa_version: Recieved from server %d", ret); + if (ret > 0) { + return ret; + } + } + } + INFO("psa_version failed: does the service exist?"); + return PSA_VERSION_NONE; +} + +psa_status_t psa_call(psa_handle_t handle, + int32_t type, + const psa_invec *in_vec, + size_t in_len, + psa_outvec *out_vec, + size_t out_len) +{ + + handle_is_valid(handle); + + if ((in_len + out_len) > PSA_MAX_IOVEC) { + ERROR("Too many iovecs: %lu + %lu", in_len, out_len); + } + + vectors_t vecs = { 0 }; + vecs.in_vec = in_vec; + vecs.in_len = in_len; + vecs.out_vec = out_vec; + vecs.out_len = out_len; + + return send(handles[handle].client_qid, + handles[handle].server_qid, + &handles[handle].internal_server_qid, + type, + 0, + &vecs); +} + +void psa_close(psa_handle_t handle) +{ + handle_is_valid(handle); + if (send(handles[handle].client_qid, handles[handle].server_qid, + &handles[handle].internal_server_qid, PSA_IPC_DISCONNECT, 0, NULL)) { + ERROR("ERROR: Couldn't send disconnect msg"); + } else { + if (msgctl(handles[handle].client_qid, IPC_RMID, NULL) != 0) { + ERROR("ERROR: Failed to delete msg queue"); + } + } + INFO("Closing handle %u", handle); + handles[handle].valid = 0; +} diff --git a/tests/psa-client-server/psasim/src/service.c b/tests/psa-client-server/psasim/src/psa_ff_server.c similarity index 99% rename from tests/psa-client-server/psasim/src/service.c rename to tests/psa-client-server/psasim/src/psa_ff_server.c index 69c25a211a..ea797d8ced 100644 --- a/tests/psa-client-server/psasim/src/service.c +++ b/tests/psa-client-server/psasim/src/psa_ff_server.c @@ -16,11 +16,11 @@ #include #include -#include "psa/service.h" -#include "psasim/init.h" -#include "psa/error_ext.h" -#include "psa/common.h" -#include "psa/util.h" +#include "service.h" +#include "init.h" +#include "error_ext.h" +#include "common.h" +#include "util.h" #define MAX_CLIENTS 128 #define MAX_MESSAGES 32 @@ -34,7 +34,7 @@ struct connection { }; /* Note that this implementation is functional and not secure. */ -extern int __psa_ff_client_security_state; +int __psa_ff_client_security_state = NON_SECURE; static psa_msg_t messages[MAX_MESSAGES]; /* Message slots */ static uint8_t pending_message[MAX_MESSAGES] = { 0 }; /* Booleans indicating active message slots */ diff --git a/tests/psa-client-server/psasim/test/psa_functions_codes.h b/tests/psa-client-server/psasim/src/psa_functions_codes.h similarity index 100% rename from tests/psa-client-server/psasim/test/psa_functions_codes.h rename to tests/psa-client-server/psasim/src/psa_functions_codes.h diff --git a/tests/psa-client-server/psasim/test/server.c b/tests/psa-client-server/psasim/src/server.c similarity index 97% rename from tests/psa-client-server/psasim/test/server.c rename to tests/psa-client-server/psasim/src/server.c index b88a7ba8d4..630bd7392c 100644 --- a/tests/psa-client-server/psasim/test/server.c +++ b/tests/psa-client-server/psasim/src/server.c @@ -9,9 +9,9 @@ #include /* Includes from psasim */ -#include "psa/service.h" -#include "psa/error_ext.h" -#include "psa/util.h" +#include "service.h" +#include "error_ext.h" +#include "util.h" #include "psa_manifest/manifest.h" #include "psa_functions_codes.h" diff --git a/tests/psa-client-server/psasim/test/Makefile b/tests/psa-client-server/psasim/test/Makefile deleted file mode 100644 index 41f4bd47fc..0000000000 --- a/tests/psa-client-server/psasim/test/Makefile +++ /dev/null @@ -1,40 +0,0 @@ -LIBPSASIM_PATH := .. -LIBPSACLIENT_PATH := ../../../libpsaclient -LIBPSASERVER_PATH := ../../../libpsaserver - -LIBPSASIM := -L$(LIBPSASIM_PATH)/src -lpsaff -LIBPSACLIENT := -L$(LIBPSACLIENT_PATH)/library -lmbedcrypto -lmbedx509 -lmbedtls -LIBPSASERVER := -L$(LIBPSASERVER_PATH)/library -lmbedcrypto - -LIBPSASIM_H := -I$(LIBPSASIM_PATH)/include -LIBPSACLIENT_H := -I$(LIBPSACLIENT_PATH)/include -LIBPSASERVER_H := -I$(LIBPSASERVER_PATH)/include - -COMMON_INCLUDE := $(LIBPSASIM_H) -I./psa_manifest - -TEST_BIN = psa_client \ - psa_partition - -GENERATED_H_FILES = psa_manifest/manifest.h \ - psa_manifest/pid.h \ - psa_manifest/sid.h - -PARTITION_SERVER_BOOTSTRAP = psa_ff_bootstrap_TEST_PARTITION.c - -.PHONY: all clean - -all: $(TEST_BIN) - -psa_client: client.c $(GENERATED_H_FILES) - $(CC) $(COMMON_INCLUDE) $(LIBPSACLIENT_H) $(CFLAGS) $< $(LIBPSASIM) $(LIBPSACLIENT) $(LDFLAGS) -o $@ - -psa_partition: $(PARTITION_SERVER_BOOTSTRAP) $(GENERATED_H_FILES) - $(CC) $(COMMON_INCLUDE) $(LIBPSASERVER_H) $(CFLAGS) $< $(LIBPSASIM) $(LIBPSASERVER) $(LDFLAGS) -o $@ - -$(PARTITION_SERVER_BOOTSTRAP) $(GENERATED_H_FILES): manifest.json server.c - ../tools/psa_autogen.py $< - -clean: - rm -f $(TEST_BIN) psa_ff_bootstrap_*.c - rm -f psa_notify_* psa_service_* - rm -f psa_manifest/* diff --git a/tests/psa-client-server/psasim/test/client.c b/tests/psa-client-server/psasim/test/client.c deleted file mode 100644 index 74e7bcb8d2..0000000000 --- a/tests/psa-client-server/psasim/test/client.c +++ /dev/null @@ -1,54 +0,0 @@ -/* psasim test client */ - -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#include -#include - -/* Includes from psasim */ -#include -#include -#include "psa_manifest/sid.h" -#include "psa_functions_codes.h" - -/* Includes from mbedtls */ -#include "mbedtls/version.h" -#include "psa/crypto.h" - -#define CLIENT_PRINT(fmt, ...) \ - PRINT("Client: " fmt, ##__VA_ARGS__) - -int main() -{ - char mbedtls_version[18]; - // psa_invec invecs[1]; - // psa_outvec outvecs[1]; - psa_status_t status; - - mbedtls_version_get_string_full(mbedtls_version); - CLIENT_PRINT("%s", mbedtls_version); - - CLIENT_PRINT("My PID: %d", getpid()); - - CLIENT_PRINT("PSA version: %u", psa_version(PSA_SID_SHA256_SID)); - psa_handle_t h = psa_connect(PSA_SID_SHA256_SID, 1); - - if (h < 0) { - CLIENT_PRINT("Couldn't connect %d", h); - return 1; - } - - status = psa_call(h, PSA_CRYPTO_INIT, NULL, 0, NULL, 0); - CLIENT_PRINT("PSA_CRYPTO_INIT returned: %d", status); - - CLIENT_PRINT("Closing handle"); - psa_close(h); - - if (status != PSA_SUCCESS) { - return 1; - } - return 0; -} diff --git a/tests/psa-client-server/psasim/tools/psa_autogen.py b/tests/psa-client-server/psasim/tools/psa_autogen.py index 53b1fea746..cece2b793e 100755 --- a/tests/psa-client-server/psasim/tools/psa_autogen.py +++ b/tests/psa-client-server/psasim/tools/psa_autogen.py @@ -15,6 +15,9 @@ if len(sys.argv) != 2: FILENAME = str(sys.argv[1]) +SCRIPT_PATH = os.path.dirname(__file__) +GENERATED_H_PATH = os.path.join(SCRIPT_PATH, "..", "include", "psa_manifest") +GENERATED_C_PATH = os.path.join(SCRIPT_PATH, "..", "src") with open(str(FILENAME), "r") as read_file: data = json.load(read_file) @@ -32,14 +35,14 @@ with open(str(FILENAME), "r") as read_file: irqs = [] try: - os.mkdir("psa_manifest") + os.mkdir(GENERATED_H_PATH) print("Generating psa_manifest directory") except OSError: print ("PSA manifest directory already exists") - man = open(str("psa_manifest/" + FILENAME + ".h"), "w") - pids = open("psa_manifest/pid.h", "a") - sids = open("psa_manifest/sid.h", "a") + man = open(os.path.join(GENERATED_H_PATH, FILENAME + ".h"), "w") + pids = open(os.path.join(GENERATED_H_PATH, "pid.h"), "a") + sids = open(os.path.join(GENERATED_H_PATH, "sid.h"), "a") if len(services) > 28: print ("Unsupported number of services") @@ -116,23 +119,20 @@ with open(str(FILENAME), "r") as read_file: man.close() symbols = [] - # Go through all the files in the current directory and look for the entrypoint - for root, directories, filenames in os.walk('.'): + # Go through source files and look for the entrypoint + for root, directories, filenames in os.walk(GENERATED_C_PATH): for filename in filenames: - if "psa_ff_bootstrap" in filename or filename == "psa_manifest": continue - try: fullpath = os.path.join(root,filename) with open(fullpath, encoding='utf-8') as currentFile: text = currentFile.read() if str(entry_point + "(") in text: - symbols.append(fullpath) + symbols.append(filename) except IOError: print("Couldn't open " + filename) - except UnicodeDecodeError: pass @@ -144,8 +144,9 @@ with open(str(FILENAME), "r") as read_file: print("Duplicate entrypoint symbol detected: " + str(symbols)) sys.exit(2) else: - bs = open(str("psa_ff_bootstrap_" + str(partition_name) + ".c"), "w") - bs.write("#include \n") + bs = open(os.path.join(GENERATED_C_PATH, "psa_ff_bootstrap_" + partition_name + ".c"), + "w") + bs.write("#include \n") bs.write("#include \"" + symbols[0] + "\"\n") bs.write("#include \n\n") bs.write(qcode) From cd89c1ffc8af516e3537293c63b9c87fdfb36360 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Fri, 10 May 2024 11:21:04 +0200 Subject: [PATCH 198/429] crypto-client: simplify build of mbedtls static libraries Instead of copying the entire library & include folders twice to build libraries for client and server: - change the main config file (mbedtls_config.h) - build in the root library folder - move the generated library in the psasim folder - use those library for linking the client/server binaries Signed-off-by: Valerio Setti --- tests/Makefile | 14 -- tests/psa-client-server/psasim/Makefile | 31 +++-- .../psasim/include/crypto_spe.h | 131 ------------------ tests/scripts/all.sh | 4 +- 4 files changed, 21 insertions(+), 159 deletions(-) delete mode 100644 tests/psa-client-server/psasim/include/crypto_spe.h diff --git a/tests/Makefile b/tests/Makefile index ebe3d4a8df..a07dd9786f 100644 --- a/tests/Makefile +++ b/tests/Makefile @@ -247,17 +247,3 @@ include/test/instrument_record_status.h: ../include/psa/crypto.h Makefile echo " Gen $@" sed <../include/psa/crypto.h >$@ -n 's/^psa_status_t \([A-Za-z0-9_]*\)(.*/#define \1(...) RECORD_STATUS("\1", \1(__VA_ARGS__))/p' endif - -libpsaclient libpsaserver: - # Clone the library and include folder for client and server builds. - rm -Rf ./$@ - mkdir ./$@ - cp -Rf ../library ./$@ - cp -Rf ../include ./$@ - cp -Rf ../scripts ./$@ - mkdir ./$@/3rdparty - touch ./$@/3rdparty/Makefile.inc - cp ./psa-client-server/psasim/include/crypto_spe.h ./$@/include/psa/ - - # Build the libraries. - $(MAKE) -C ./$@/library CFLAGS="$(CFLAGS)" LDFLAGS="$(LDFLAGS)" libmbedcrypto.a libmbedx509.a libmbedtls.a diff --git a/tests/psa-client-server/psasim/Makefile b/tests/psa-client-server/psasim/Makefile index 45b31960ee..29afca16df 100644 --- a/tests/psa-client-server/psasim/Makefile +++ b/tests/psa-client-server/psasim/Makefile @@ -4,16 +4,11 @@ ifeq ($(DEBUG),1) CFLAGS += -DDEBUG endif -LIBPSACLIENT_PATH := ../../libpsaclient -LIBPSASERVER_PATH := ../../libpsaserver +LIBPSACLIENT := -Llibpsaclient/ -lmbedcrypto -lmbedx509 -lmbedtls +LIBPSASERVER := -Llibpsaserver/ -lmbedcrypto -LIBPSACLIENT := -L$(LIBPSACLIENT_PATH)/library -lmbedcrypto -lmbedx509 -lmbedtls -LIBPSASERVER := -L$(LIBPSASERVER_PATH)/library -lmbedcrypto - -LIBPSACLIENT_H := -I$(LIBPSACLIENT_PATH)/include -LIBPSASERVER_H := -I$(LIBPSASERVER_PATH)/include - -COMMON_INCLUDE := -I./include +MBEDTLS_ROOT_PATH = ../../.. +COMMON_INCLUDE := -I./include -I$(MBEDTLS_ROOT_PATH)/include TEST_BIN = test/psa_client \ test/psa_partition @@ -30,22 +25,34 @@ PARTITION_SERVER_BOOTSTRAP = src/psa_ff_bootstrap_TEST_PARTITION.c PSA_SERVER_SRC = $(PARTITION_SERVER_BOOTSTRAP) \ src/psa_ff_server.c -.PHONY: all clean +.PHONY: all clean libpsaclient libpsaserver all: $(TEST_BIN) test/psa_client: $(PSA_CLIENT_SRC) $(GENERATED_H_FILES) - $(CC) $(COMMON_INCLUDE) $(LIBPSACLIENT_H) $(CFLAGS) $(PSA_CLIENT_SRC) $(LIBPSACLIENT) $(LDFLAGS) -o $@ + $(CC) $(COMMON_INCLUDE) $(CFLAGS) $(PSA_CLIENT_SRC) $(LIBPSACLIENT) $(LDFLAGS) -o $@ test/psa_partition: $(PSA_SERVER_SRC) $(GENERATED_H_FILES) - $(CC) $(COMMON_INCLUDE) $(LIBPSASERVER_H) $(CFLAGS) $(PSA_SERVER_SRC) $(LIBPSASERVER) $(LDFLAGS) -o $@ + $(CC) $(COMMON_INCLUDE) $(CFLAGS) $(PSA_SERVER_SRC) $(LIBPSASERVER) $(LDFLAGS) -o $@ $(PARTITION_SERVER_BOOTSTRAP) $(GENERATED_H_FILES): src/manifest.json src/server.c tools/psa_autogen.py src/manifest.json +# Build MbedTLS libraries (crypto, x509 and tls) and copy them locally to +# build client/server applications. +# +# Note: these rules assume that mbedtls_config.h is already configured by all.sh. +# If not using all.sh then the user must do it manually. +libpsaclient libpsaserver: + $(MAKE) -C $(MBEDTLS_ROOT_PATH)/library CFLAGS="$(CFLAGS)" LDFLAGS="$(LDFLAGS)" libmbedcrypto.a libmbedx509.a libmbedtls.a + mkdir -p $@ + cp $(MBEDTLS_ROOT_PATH)/library/libmbed*.a $@/ + $(MAKE) -C $(MBEDTLS_ROOT_PATH) clean + clean: rm -f $(TEST_BIN) rm -f $(PARTITION_SERVER_BOOTSTRAP) + rm -rf libpsaclient libpsaserver rm -rf include/psa_manifest rm -f test/psa_service_* test/psa_notify_* diff --git a/tests/psa-client-server/psasim/include/crypto_spe.h b/tests/psa-client-server/psasim/include/crypto_spe.h deleted file mode 100644 index fdf3a2db5a..0000000000 --- a/tests/psa-client-server/psasim/include/crypto_spe.h +++ /dev/null @@ -1,131 +0,0 @@ -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - * - */ - -/** - * \file crypto_spe.h - * - * \brief When Mbed TLS is built with the MBEDTLS_PSA_CRYPTO_SPM option - * enabled, this header is included by all .c files in Mbed TLS that - * use PSA Crypto function names. This avoids duplication of symbols - * between TF-M and Mbed TLS. - * - * \note This file should be included before including any PSA Crypto headers - * from Mbed TLS. - */ - -#ifndef CRYPTO_SPE_H -#define CRYPTO_SPE_H - -#define PSA_FUNCTION_NAME(x) mbedcrypto__ ## x - -#define psa_crypto_init \ - PSA_FUNCTION_NAME(psa_crypto_init) -#define psa_key_derivation_get_capacity \ - PSA_FUNCTION_NAME(psa_key_derivation_get_capacity) -#define psa_key_derivation_set_capacity \ - PSA_FUNCTION_NAME(psa_key_derivation_set_capacity) -#define psa_key_derivation_input_bytes \ - PSA_FUNCTION_NAME(psa_key_derivation_input_bytes) -#define psa_key_derivation_output_bytes \ - PSA_FUNCTION_NAME(psa_key_derivation_output_bytes) -#define psa_key_derivation_input_key \ - PSA_FUNCTION_NAME(psa_key_derivation_input_key) -#define psa_key_derivation_output_key \ - PSA_FUNCTION_NAME(psa_key_derivation_output_key) -#define psa_key_derivation_setup \ - PSA_FUNCTION_NAME(psa_key_derivation_setup) -#define psa_key_derivation_abort \ - PSA_FUNCTION_NAME(psa_key_derivation_abort) -#define psa_key_derivation_key_agreement \ - PSA_FUNCTION_NAME(psa_key_derivation_key_agreement) -#define psa_raw_key_agreement \ - PSA_FUNCTION_NAME(psa_raw_key_agreement) -#define psa_generate_random \ - PSA_FUNCTION_NAME(psa_generate_random) -#define psa_aead_encrypt \ - PSA_FUNCTION_NAME(psa_aead_encrypt) -#define psa_aead_decrypt \ - PSA_FUNCTION_NAME(psa_aead_decrypt) -#define psa_open_key \ - PSA_FUNCTION_NAME(psa_open_key) -#define psa_close_key \ - PSA_FUNCTION_NAME(psa_close_key) -#define psa_import_key \ - PSA_FUNCTION_NAME(psa_import_key) -#define psa_destroy_key \ - PSA_FUNCTION_NAME(psa_destroy_key) -#define psa_get_key_attributes \ - PSA_FUNCTION_NAME(psa_get_key_attributes) -#define psa_reset_key_attributes \ - PSA_FUNCTION_NAME(psa_reset_key_attributes) -#define psa_export_key \ - PSA_FUNCTION_NAME(psa_export_key) -#define psa_export_public_key \ - PSA_FUNCTION_NAME(psa_export_public_key) -#define psa_purge_key \ - PSA_FUNCTION_NAME(psa_purge_key) -#define psa_copy_key \ - PSA_FUNCTION_NAME(psa_copy_key) -#define psa_cipher_operation_init \ - PSA_FUNCTION_NAME(psa_cipher_operation_init) -#define psa_cipher_generate_iv \ - PSA_FUNCTION_NAME(psa_cipher_generate_iv) -#define psa_cipher_set_iv \ - PSA_FUNCTION_NAME(psa_cipher_set_iv) -#define psa_cipher_encrypt_setup \ - PSA_FUNCTION_NAME(psa_cipher_encrypt_setup) -#define psa_cipher_decrypt_setup \ - PSA_FUNCTION_NAME(psa_cipher_decrypt_setup) -#define psa_cipher_update \ - PSA_FUNCTION_NAME(psa_cipher_update) -#define psa_cipher_finish \ - PSA_FUNCTION_NAME(psa_cipher_finish) -#define psa_cipher_abort \ - PSA_FUNCTION_NAME(psa_cipher_abort) -#define psa_hash_operation_init \ - PSA_FUNCTION_NAME(psa_hash_operation_init) -#define psa_hash_setup \ - PSA_FUNCTION_NAME(psa_hash_setup) -#define psa_hash_update \ - PSA_FUNCTION_NAME(psa_hash_update) -#define psa_hash_finish \ - PSA_FUNCTION_NAME(psa_hash_finish) -#define psa_hash_verify \ - PSA_FUNCTION_NAME(psa_hash_verify) -#define psa_hash_abort \ - PSA_FUNCTION_NAME(psa_hash_abort) -#define psa_hash_clone \ - PSA_FUNCTION_NAME(psa_hash_clone) -#define psa_hash_compute \ - PSA_FUNCTION_NAME(psa_hash_compute) -#define psa_hash_compare \ - PSA_FUNCTION_NAME(psa_hash_compare) -#define psa_mac_operation_init \ - PSA_FUNCTION_NAME(psa_mac_operation_init) -#define psa_mac_sign_setup \ - PSA_FUNCTION_NAME(psa_mac_sign_setup) -#define psa_mac_verify_setup \ - PSA_FUNCTION_NAME(psa_mac_verify_setup) -#define psa_mac_update \ - PSA_FUNCTION_NAME(psa_mac_update) -#define psa_mac_sign_finish \ - PSA_FUNCTION_NAME(psa_mac_sign_finish) -#define psa_mac_verify_finish \ - PSA_FUNCTION_NAME(psa_mac_verify_finish) -#define psa_mac_abort \ - PSA_FUNCTION_NAME(psa_mac_abort) -#define psa_sign_hash \ - PSA_FUNCTION_NAME(psa_sign_hash) -#define psa_verify_hash \ - PSA_FUNCTION_NAME(psa_verify_hash) -#define psa_asymmetric_encrypt \ - PSA_FUNCTION_NAME(psa_asymmetric_encrypt) -#define psa_asymmetric_decrypt \ - PSA_FUNCTION_NAME(psa_asymmetric_decrypt) -#define psa_generate_key \ - PSA_FUNCTION_NAME(psa_generate_key) - -#endif /* CRYPTO_SPE_H */ diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 573f769cc1..eee0042e4f 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -969,7 +969,7 @@ helper_crypto_client_build() { scripts/config.py crypto_full scripts/config.py unset MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS scripts/config.py set MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER - scripts/config.py set MBEDTLS_PSA_CRYPTO_SPM + # scripts/config.py set MBEDTLS_PSA_CRYPTO_SPM # Disable NV_SEED as the MBEDTLS_PLATFORM_STD_NV_SEED_FILE is not in # right path for mbedtls_platform_std_nv_seed_read(). Just rely on # mbedtls_platform_entropy_poll() as entropy source(). @@ -977,7 +977,7 @@ helper_crypto_client_build() { scripts/config.py unset MBEDTLS_PLATFORM_NV_SEED_ALT fi - make -C tests CC="$ASAN_CC" CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS" $TARGET_LIB + make -C tests/psa-client-server/psasim/ CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS" $TARGET_LIB rm $CONFIG_H mv $CONFIG_H.bak $CONFIG_H From 400168cd1a4fd27ac8eff6a5beb355fd63a8ecc1 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Fri, 10 May 2024 12:31:41 +0200 Subject: [PATCH 199/429] crypto-client: fix the SID Signed-off-by: Valerio Setti --- tests/psa-client-server/psasim/src/client.c | 4 ++-- tests/psa-client-server/psasim/src/manifest.json | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/tests/psa-client-server/psasim/src/client.c b/tests/psa-client-server/psasim/src/client.c index e8f370d97d..550a6e869d 100644 --- a/tests/psa-client-server/psasim/src/client.c +++ b/tests/psa-client-server/psasim/src/client.c @@ -33,8 +33,8 @@ int main() CLIENT_PRINT("My PID: %d", getpid()); - CLIENT_PRINT("PSA version: %u", psa_version(PSA_SID_SHA256_SID)); - psa_handle_t h = psa_connect(PSA_SID_SHA256_SID, 1); + CLIENT_PRINT("PSA version: %u", psa_version(PSA_SID_CRYPTO_SID)); + psa_handle_t h = psa_connect(PSA_SID_CRYPTO_SID, 1); if (h < 0) { CLIENT_PRINT("Couldn't connect %d", h); diff --git a/tests/psa-client-server/psasim/src/manifest.json b/tests/psa-client-server/psasim/src/manifest.json index d90c7edbbf..e67b636c17 100644 --- a/tests/psa-client-server/psasim/src/manifest.json +++ b/tests/psa-client-server/psasim/src/manifest.json @@ -8,7 +8,7 @@ "heap_size":"0x100", "services":[ { - "name":"PSA_SID_SHA256", + "name":"PSA_SID_CRYPTO", "sid":"0x0000F000", "signal":"PSA_CRYPTO", "non_secure_clients": "true", From 237a64ef07605ef4df07e93142af0214d98ed8fa Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Fri, 10 May 2024 12:32:10 +0200 Subject: [PATCH 200/429] crypto-client: remove log files on "make clean" Signed-off-by: Valerio Setti --- tests/psa-client-server/psasim/Makefile | 1 + 1 file changed, 1 insertion(+) diff --git a/tests/psa-client-server/psasim/Makefile b/tests/psa-client-server/psasim/Makefile index 29afca16df..583f1b9b70 100644 --- a/tests/psa-client-server/psasim/Makefile +++ b/tests/psa-client-server/psasim/Makefile @@ -55,4 +55,5 @@ clean: rm -rf libpsaclient libpsaserver rm -rf include/psa_manifest rm -f test/psa_service_* test/psa_notify_* + rm -r test/*.log From 1238b375732877136ec8a79a1494c8a73991413b Mon Sep 17 00:00:00 2001 From: David Horstmann Date: Fri, 10 May 2024 14:23:16 +0100 Subject: [PATCH 201/429] Move test generated files to main CMakeLists.txt Move the generation of tests/src/test_certs.h and tests/src/test_keys.h to the main CMakeLists.txt. This is required because these files are needed both by tests and programs, whereas tests/CMakeLists.txt is only included when ENABLE_TESTING is on. Signed-off-by: David Horstmann --- CMakeLists.txt | 28 ++++++++++++++++++++++++++++ tests/CMakeLists.txt | 28 ---------------------------- 2 files changed, 28 insertions(+), 28 deletions(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index a56ecdc0c9..306cf0261d 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -316,6 +316,34 @@ if(ENABLE_TESTING OR ENABLE_PROGRAMS) ${CMAKE_CURRENT_SOURCE_DIR}/tests/src/drivers/*.c) add_library(mbedtls_test OBJECT ${MBEDTLS_TEST_FILES}) if(GEN_FILES) + add_custom_command( + OUTPUT + ${CMAKE_CURRENT_SOURCE_DIR}/tests/src/test_keys.h + WORKING_DIRECTORY + ${CMAKE_CURRENT_SOURCE_DIR}/tests + COMMAND + "${MBEDTLS_PYTHON_EXECUTABLE}" + "${CMAKE_CURRENT_SOURCE_DIR}/tests/scripts/generate_test_keys.py" + "--output" + "${CMAKE_CURRENT_SOURCE_DIR}/tests/src/test_keys.h" + DEPENDS + ${CMAKE_CURRENT_SOURCE_DIR}/tests/scripts/generate_test_keys.py + ) + add_custom_target(test_keys_header DEPENDS ${CMAKE_CURRENT_SOURCE_DIR}/tests/src/test_keys.h) + add_custom_command( + OUTPUT + ${CMAKE_CURRENT_SOURCE_DIR}/tests/src/test_certs.h + WORKING_DIRECTORY + ${CMAKE_CURRENT_SOURCE_DIR}/tests + COMMAND + "${MBEDTLS_PYTHON_EXECUTABLE}" + "${CMAKE_CURRENT_SOURCE_DIR}/tests/scripts/generate_test_cert_macros.py" + "--output" + "${CMAKE_CURRENT_SOURCE_DIR}/tests/src/test_certs.h" + DEPENDS + ${CMAKE_CURRENT_SOURCE_DIR}/tests/scripts/generate_test_cert_macros.py + ) + add_custom_target(test_certs_header DEPENDS ${CMAKE_CURRENT_SOURCE_DIR}/tests/src/test_certs.h) add_dependencies(mbedtls_test test_keys_header test_certs_header) endif() target_include_directories(mbedtls_test diff --git a/tests/CMakeLists.txt b/tests/CMakeLists.txt index 531404fc1d..589643a806 100644 --- a/tests/CMakeLists.txt +++ b/tests/CMakeLists.txt @@ -74,34 +74,6 @@ foreach(file ${base_psa_generated_data_files}) endforeach() if(GEN_FILES) - add_custom_command( - OUTPUT - ${CMAKE_CURRENT_SOURCE_DIR}/src/test_keys.h - WORKING_DIRECTORY - ${CMAKE_CURRENT_SOURCE_DIR} - COMMAND - "${MBEDTLS_PYTHON_EXECUTABLE}" - "${CMAKE_CURRENT_SOURCE_DIR}/scripts/generate_test_keys.py" - "--output" - "${CMAKE_CURRENT_SOURCE_DIR}/src/test_keys.h" - DEPENDS - ${CMAKE_CURRENT_SOURCE_DIR}/scripts/generate_test_keys.py - ) - add_custom_target(test_keys_header DEPENDS ${CMAKE_CURRENT_SOURCE_DIR}/src/test_keys.h) - add_custom_command( - OUTPUT - ${CMAKE_CURRENT_SOURCE_DIR}/src/test_certs.h - WORKING_DIRECTORY - ${CMAKE_CURRENT_SOURCE_DIR} - COMMAND - "${MBEDTLS_PYTHON_EXECUTABLE}" - "${CMAKE_CURRENT_SOURCE_DIR}/scripts/generate_test_cert_macros.py" - "--output" - "${CMAKE_CURRENT_SOURCE_DIR}/src/test_certs.h" - DEPENDS - ${CMAKE_CURRENT_SOURCE_DIR}/scripts/generate_test_cert_macros.py - ) - add_custom_target(test_certs_header DEPENDS ${CMAKE_CURRENT_SOURCE_DIR}/src/test_certs.h) add_custom_command( OUTPUT ${bignum_generated_data_files} From 041ed4255578d46effc747f41565a12d5080690a Mon Sep 17 00:00:00 2001 From: David Horstmann Date: Fri, 10 May 2024 14:37:48 +0100 Subject: [PATCH 202/429] Add all.sh component for programs without tests Check that we can build under CMake with ENABLE_TESTING=OFF but ENABLE_PROGRAMS=ON. Signed-off-by: David Horstmann --- tests/scripts/all.sh | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 28009d56a8..0b7e78d573 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -6077,6 +6077,14 @@ support_build_cmake_custom_config_file () { support_test_cmake_out_of_source } +component_build_cmake_programs_no_testing () { + msg "build: cmake with -DENABLE_PROGRAMS=ON and -DENABLE_TESTING=OFF" + cmake -DENABLE_PROGRAMS=ON -DENABLE_TESTING=OFF . + make +} +support_build_cmake_programs_no_testing () { + support_test_cmake_out_of_source +} component_build_zeroize_checks () { msg "build: check for obviously wrong calls to mbedtls_platform_zeroize()" From c98f8ab5f7879fd1a42ba325f7909c109443b691 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Fri, 10 May 2024 15:53:40 +0200 Subject: [PATCH 203/429] crypto-client: allow debug build of libraries and test binaries Add DEBUG=1 in test_psasim() to helpers and final make to build the libraries and the final binaries with debug symbols enabled. Signed-off-by: Valerio Setti --- tests/psa-client-server/psasim/Makefile | 2 +- tests/scripts/all.sh | 3 ++- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/tests/psa-client-server/psasim/Makefile b/tests/psa-client-server/psasim/Makefile index 583f1b9b70..01e3486b65 100644 --- a/tests/psa-client-server/psasim/Makefile +++ b/tests/psa-client-server/psasim/Makefile @@ -1,7 +1,7 @@ CFLAGS += -Wall -Werror -std=c99 -D_XOPEN_SOURCE=1 -D_POSIX_C_SOURCE=200809L ifeq ($(DEBUG),1) - CFLAGS += -DDEBUG +CFLAGS += -DDEBUG -O0 -g endif LIBPSACLIENT := -Llibpsaclient/ -lmbedcrypto -lmbedx509 -lmbedtls diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index eee0042e4f..2f4ee25e81 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -948,6 +948,7 @@ helper_libtestdriver1_make_main() { # $1: target which can be "client" or "server" helper_crypto_client_build() { TARGET=$1 + shift TARGET_LIB=libpsa$TARGET cp $CONFIG_H $CONFIG_H.bak @@ -977,7 +978,7 @@ helper_crypto_client_build() { scripts/config.py unset MBEDTLS_PLATFORM_NV_SEED_ALT fi - make -C tests/psa-client-server/psasim/ CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS" $TARGET_LIB + make -C tests/psa-client-server/psasim/ CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS" $TARGET_LIB $@ rm $CONFIG_H mv $CONFIG_H.bak $CONFIG_H From cbea7d6e672a87e053a60ce9e95cd50b820f9311 Mon Sep 17 00:00:00 2001 From: David Horstmann Date: Fri, 10 May 2024 15:37:57 +0100 Subject: [PATCH 204/429] Add note explaining component purpose We are testing that we don't break OSS-Fuzz, primarily. Signed-off-by: David Horstmann --- tests/scripts/all.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 0b7e78d573..dc78dd7a8a 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -6078,6 +6078,7 @@ support_build_cmake_custom_config_file () { } component_build_cmake_programs_no_testing () { + # Verify that the type of builds performed by oss-fuzz don't get accidentally broken msg "build: cmake with -DENABLE_PROGRAMS=ON and -DENABLE_TESTING=OFF" cmake -DENABLE_PROGRAMS=ON -DENABLE_TESTING=OFF . make From a621fd9df370ea584817342669d8a735f55eb72e Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Mon, 13 May 2024 11:13:36 +0200 Subject: [PATCH 205/429] gitignore: ignore test_keys.h and test_certs.h These files are automatically generated at build time so they do not need to be tracked. Signed-off-by: Valerio Setti --- tests/.gitignore | 2 ++ 1 file changed, 2 insertions(+) diff --git a/tests/.gitignore b/tests/.gitignore index 973ebb5083..838ea699fc 100644 --- a/tests/.gitignore +++ b/tests/.gitignore @@ -21,4 +21,6 @@ libtestdriver1/* /suites/*.generated.data /suites/test_suite_psa_crypto_storage_format.v[0-9]*.data /suites/test_suite_psa_crypto_storage_format.current.data +/src/test_keys.h +/src/test_certs.h ###END_GENERATED_FILES### From b5ea455d77b8e3681f4b11cd21aad27effc85a52 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Mon, 13 May 2024 11:14:57 +0200 Subject: [PATCH 206/429] gitignore: ignore .vscode folder in main repo Signed-off-by: Valerio Setti --- .gitignore | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.gitignore b/.gitignore index 4f29d5be50..12c775dff7 100644 --- a/.gitignore +++ b/.gitignore @@ -67,3 +67,6 @@ massif-* compile_commands.json # clangd index files /.cache/clangd/index/ + +# VScode folder to store local debug files and configurations +.vscode From 6343a83057b6ff0687c71c9d8ad13fe5deb24b97 Mon Sep 17 00:00:00 2001 From: David Horstmann Date: Fri, 3 May 2024 14:33:44 +0100 Subject: [PATCH 207/429] Move some files to framework repository Signed-off-by: David Horstmann --- scripts/mbedtls_dev/__init__.py | 3 - scripts/mbedtls_dev/asymmetric_key_data.py | 237 ------ scripts/mbedtls_dev/bignum_common.py | 406 --------- scripts/mbedtls_dev/bignum_core.py | 896 -------------------- scripts/mbedtls_dev/bignum_data.py | 159 ---- scripts/mbedtls_dev/bignum_mod.py | 102 --- scripts/mbedtls_dev/bignum_mod_raw.py | 242 ------ scripts/mbedtls_dev/build_tree.py | 120 --- scripts/mbedtls_dev/c_build_helper.py | 162 ---- scripts/mbedtls_dev/c_parsing_helper.py | 131 --- scripts/mbedtls_dev/c_wrapper_generator.py | 473 ----------- scripts/mbedtls_dev/crypto_data_tests.py | 112 --- scripts/mbedtls_dev/crypto_knowledge.py | 568 ------------- scripts/mbedtls_dev/ecp.py | 875 ------------------- scripts/mbedtls_dev/logging_util.py | 46 - scripts/mbedtls_dev/macro_collector.py | 539 ------------ scripts/mbedtls_dev/psa_information.py | 161 ---- scripts/mbedtls_dev/psa_storage.py | 206 ----- scripts/mbedtls_dev/test_case.py | 91 -- scripts/mbedtls_dev/test_data_generation.py | 224 ----- scripts/mbedtls_dev/typing_util.py | 28 - 21 files changed, 5781 deletions(-) delete mode 100644 scripts/mbedtls_dev/__init__.py delete mode 100644 scripts/mbedtls_dev/asymmetric_key_data.py delete mode 100644 scripts/mbedtls_dev/bignum_common.py delete mode 100644 scripts/mbedtls_dev/bignum_core.py delete mode 100644 scripts/mbedtls_dev/bignum_data.py delete mode 100644 scripts/mbedtls_dev/bignum_mod.py delete mode 100644 scripts/mbedtls_dev/bignum_mod_raw.py delete mode 100644 scripts/mbedtls_dev/build_tree.py delete mode 100644 scripts/mbedtls_dev/c_build_helper.py delete mode 100644 scripts/mbedtls_dev/c_parsing_helper.py delete mode 100644 scripts/mbedtls_dev/c_wrapper_generator.py delete mode 100644 scripts/mbedtls_dev/crypto_data_tests.py delete mode 100644 scripts/mbedtls_dev/crypto_knowledge.py delete mode 100644 scripts/mbedtls_dev/ecp.py delete mode 100644 scripts/mbedtls_dev/logging_util.py delete mode 100644 scripts/mbedtls_dev/macro_collector.py delete mode 100644 scripts/mbedtls_dev/psa_information.py delete mode 100644 scripts/mbedtls_dev/psa_storage.py delete mode 100644 scripts/mbedtls_dev/test_case.py delete mode 100644 scripts/mbedtls_dev/test_data_generation.py delete mode 100644 scripts/mbedtls_dev/typing_util.py diff --git a/scripts/mbedtls_dev/__init__.py b/scripts/mbedtls_dev/__init__.py deleted file mode 100644 index 15b0d60dd3..0000000000 --- a/scripts/mbedtls_dev/__init__.py +++ /dev/null @@ -1,3 +0,0 @@ -# This file needs to exist to make mbedtls_dev a package. -# Among other things, this allows modules in this directory to make -# relative imports. diff --git a/scripts/mbedtls_dev/asymmetric_key_data.py b/scripts/mbedtls_dev/asymmetric_key_data.py deleted file mode 100644 index 175bc9f03f..0000000000 --- a/scripts/mbedtls_dev/asymmetric_key_data.py +++ /dev/null @@ -1,237 +0,0 @@ -"""Sample key material for asymmetric key types. - -Meant for use in crypto_knowledge.py. -""" - -# Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later -# - -import binascii -import re -from typing import Dict - -STR_TRANS_REMOVE_BLANKS = str.maketrans('', '', ' \t\n\r') - -def unhexlify(text: str) -> bytes: - return binascii.unhexlify(text.translate(STR_TRANS_REMOVE_BLANKS)) - -def construct_asymmetric_key_data(src) -> Dict[str, Dict[int, bytes]]: - """Split key pairs into separate table entries and convert hex to bytes. - - Input format: src[abbreviated_type][size] = (private_key_hex, public_key_hex) - Output format: dst['PSA_KEY_TYPE_xxx'][size] = key_bytes - """ - dst = {} #type: Dict[str, Dict[int, bytes]] - for typ in src: - private = 'PSA_KEY_TYPE_' + re.sub(r'(\(|\Z)', r'_KEY_PAIR\1', typ, 1) - public = 'PSA_KEY_TYPE_' + re.sub(r'(\(|\Z)', r'_PUBLIC_KEY\1', typ, 1) - dst[private] = {} - dst[public] = {} - for size in src[typ]: - dst[private][size] = unhexlify(src[typ][size][0]) - dst[public][size] = unhexlify(src[typ][size][1]) - return dst - -## These are valid keys that don't try to exercise any edge cases. They're -## either test vectors from some specification, or randomly generated. All -## pairs consist of a private key and its public key. -#pylint: disable=line-too-long -ASYMMETRIC_KEY_DATA = construct_asymmetric_key_data({ - 'ECC(PSA_ECC_FAMILY_SECP_K1)': { - 192: ("297ac1722ccac7589ecb240dc719842538ca974beb79f228", - "0426b7bb38da649ac2138fc050c6548b32553dab68afebc36105d325b75538c12323cb0764789ecb992671beb2b6bef2f5"), - 225: ("0024122bf020fa113f6c0ac978dfbd41f749257a9468febdbe0dc9f7e8", - "042cc7335f4b76042bed44ef45959a62aa215f7a5ff0c8111b8c44ed654ee71c1918326ad485b2d599fe2a6eab096ee26d977334d2bac6d61d"), - 256: ("7fa06fa02d0e911b9a47fdc17d2d962ca01e2f31d60c6212d0ed7e3bba23a7b9", - "045c39154579efd667adc73a81015a797d2c8682cdfbd3c3553c4a185d481cdc50e42a0e1cbc3ca29a32a645e927f54beaed14c9dbbf8279d725f5495ca924b24d"), - }, - 'ECC(PSA_ECC_FAMILY_SECP_R1)': { - 192: ("d83b57a59c51358d9c8bbb898aff507f44dd14cf16917190", - "04e35fcbee11cec3154f80a1a61df7d7612de4f2fd70c5608d0ee3a4a1a5719471adb33966dd9b035fdb774feeba94b04c"), - 224: ("872f203b3ad35b7f2ecc803c3a0e1e0b1ed61cc1afe71b189cd4c995", - "046f00eadaa949fee3e9e1c7fa1247eecec86a0dce46418b9bd3117b981d4bd0ae7a990de912f9d060d6cb531a42d22e394ac29e81804bf160"), - 256: ("49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee", - "047772656f814b399279d5e1f1781fac6f099a3c5ca1b0e35351834b08b65e0b572590cdaf8f769361bcf34acfc11e5e074e8426bdde04be6e653945449617de45"), - 384: ("3f5d8d9be280b5696cc5cc9f94cf8af7e6b61dd6592b2ab2b3a4c607450417ec327dcdcaed7c10053d719a0574f0a76a", - "04d9c662b50ba29ca47990450e043aeaf4f0c69b15676d112f622a71c93059af999691c5680d2b44d111579db12f4a413a2ed5c45fcfb67b5b63e00b91ebe59d09a6b1ac2c0c4282aa12317ed5914f999bc488bb132e8342cc36f2ca5e3379c747"), - 521: ("01b1b6ad07bb79e7320da59860ea28e055284f6058f279de666e06d435d2af7bda28d99fa47b7dd0963e16b0073078ee8b8a38d966a582f46d19ff95df3ad9685aae", - "04001de142d54f69eb038ee4b7af9d3ca07736fd9cf719eb354d69879ee7f3c136fb0fbf9f08f86be5fa128ec1a051d3e6c643e85ada8ffacf3663c260bd2c844b6f5600cee8e48a9e65d09cadd89f235dee05f3b8a646be715f1f67d5b434e0ff23a1fc07ef7740193e40eeff6f3bcdfd765aa9155033524fe4f205f5444e292c4c2f6ac1"), - }, - 'ECC(PSA_ECC_FAMILY_SECP_R2)': { - 160: ("00bf539a1cdda0d7f71a50a3f98aec0a2e8e4ced1e", - "049570d541398665adb5cfa16f5af73b3196926bbd4b876bdb80f8eab20d0f540c22f4de9c140f6d7b"), - }, - 'ECC(PSA_ECC_FAMILY_SECT_K1)': { - 163: ("03ebc8fcded2d6ab72ec0f75bdb4fd080481273e71", - "0406f88f90b4b65950f06ce433afdb097e320f433dc2062b8a65db8fafd3c110f46bc45663fbf021ee7eb9"), - 233: ("41f08485ce587b06061c087e76e247c359de2ba9927ee013b2f1ed9ca8", - "0401e9d7189189f773bd8f71be2c10774ba18842434dfa9312595ea545104400f45a9d5675647513ba75b079fe66a29daac2ec86a6a5d4e75c5f290c1f"), - 239: ("1a8069ce2c2c8bdd7087f2a6ab49588797e6294e979495602ab9650b9c61", - "04068d76b9f4508762c2379db9ee8b87ad8d86d9535132ffba3b5680440cfa28eb133d4232faf1c9aba96af11aefe634a551440800d5f8185105d3072d"), - 283: ("006d627885dd48b9ec6facb5b3865377d755b75a5d51440e45211c1f600e15eff8a881a0", - "0405f48374debceaadb46ba385fd92048fcc5b9af1a1c90408bf94a68b9378df1cbfdfb6fb026a96bea06d8f181bf10c020adbcc88b6ecff96bdc564a9649c247cede601c4be63afc3"), - 409: ("3ff5e74d932fa77db139b7c948c81e4069c72c24845574064beea8976b70267f1c6f9a503e3892ea1dcbb71fcea423faa370a8", - "04012c587f69f68b308ba6dcb238797f4e22290ca939ae806604e2b5ab4d9caef5a74a98fd87c4f88d292dd39d92e556e16c6ecc3c019a105826eef507cd9a04119f54d5d850b3720b3792d5d03410e9105610f7e4b420166ed45604a7a1f229d80975ba6be2060e8b"), - 571: ("005008c97b4a161c0db1bac6452c72846d57337aa92d8ecb4a66eb01d2f29555ffb61a5317225dcc8ca6917d91789e227efc0bfe9eeda7ee21998cd11c3c9885056b0e55b4f75d51", - "04050172a7fd7adf98e4e2ed2742faa5cd12731a15fb0dbbdf75b1c3cc771a4369af6f2fa00e802735650881735759ea9c79961ded18e0daa0ac59afb1d513b5bbda9962e435f454fc020b4afe1445c2302ada07d295ec2580f8849b2dfa7f956b09b4cbe4c88d3b1c217049f75d3900d36df0fa12689256b58dd2ef784ebbeb0564600cf47a841485f8cf897a68accd5a"), - }, - 'ECC(PSA_ECC_FAMILY_SECT_R1)': { - 163: ("009b05dc82d46d64a04a22e6e5ca70ca1231e68c50", - "0400465eeb9e7258b11e33c02266bfe834b20bcb118700772796ee4704ec67651bd447e3011959a79a04cb"), - 233: ("00e5e42834e3c78758088b905deea975f28dc20ef6173e481f96e88afe7f", - "0400cd68c8af4430c92ec7a7048becfdf00a6bae8d1b4c37286f2d336f2a0e017eca3748f4ad6d435c85867aa014eea1bd6d9d005bbd8319cab629001d"), - 283: ("004cecad915f6f3c9bbbd92d1eb101eda23f16c7dad60a57c87c7e1fd2b29b22f6d666ad", - "04052f9ff887254c2d1440ba9e30f13e2185ba53c373b2c410dae21cf8c167f796c08134f601cbc4c570bffbc2433082cf4d9eb5ba173ecb8caec15d66a02673f60807b2daa729b765"), - 409: ("00c22422d265721a3ae2b3b2baeb77bee50416e19877af97b5fc1c700a0a88916ecb9050135883accb5e64edc77a3703f4f67a64", - "0401aa25466b1d291846db365957b25431591e50d9c109fe2106e93bb369775896925b15a7bfec397406ab4fe6f6b1a13bf8fdcb9300fa5500a813228676b0a6c572ed96b0f4aec7e87832e7e20f17ca98ecdfd36f59c82bddb8665f1f357a73900e827885ec9e1f22"), - 571: ("026ac1cdf92a13a1b8d282da9725847908745138f5c6706b52d164e3675fcfbf86fc3e6ab2de732193267db029dd35a0599a94a118f480231cfc6ccca2ebfc1d8f54176e0f5656a1", - "040708f3403ee9948114855c17572152a08f8054d486defef5f29cbffcfb7cfd9280746a1ac5f751a6ad902ec1e0525120e9be56f03437af196fbe60ee7856e3542ab2cf87880632d80290e39b1a2bd03c6bbf6225511c567bd2ff41d2325dc58346f2b60b1feee4dc8b2af2296c2dc52b153e0556b5d24152b07f690c3fa24e4d1d19efbdeb1037833a733654d2366c74"), - }, - 'ECC(PSA_ECC_FAMILY_SECT_R2)': { - 163: ("0210b482a458b4822d0cb21daa96819a67c8062d34", - "0403692601144c32a6cfa369ae20ae5d43c1c764678c037bafe80c6fd2e42b7ced96171d9c5367fd3dca6f"), - }, - 'ECC(PSA_ECC_FAMILY_BRAINPOOL_P_R1)': { - 160: ("69502c4fdaf48d4fa617bdd24498b0406d0eeaac", - "04d4b9186816358e2f9c59cf70748cb70641b22fbab65473db4b4e22a361ed7e3de7e8a8ddc4130c5c"), - 192: ("1688a2c5fbf4a3c851d76a98c3ec88f445a97996283db59f", - "043fdd168c179ff5363dd71dcd58de9617caad791ae0c37328be9ca0bfc79cebabf6a95d1c52df5b5f3c8b1a2441cf6c88"), - 224: ("a69835dafeb5da5ab89c59860dddebcfd80b529a99f59b880882923c", - "045fbea378fc8583b3837e3f21a457c31eaf20a54e18eb11d104b3adc47f9d1c97eb9ea4ac21740d70d88514b98bf0bc31addac1d19c4ab3cc"), - 256: ("2161d6f2db76526fa62c16f356a80f01f32f776784b36aa99799a8b7662080ff", - "04768c8cae4abca6306db0ed81b0c4a6215c378066ec6d616c146e13f1c7df809b96ab6911c27d8a02339f0926840e55236d3d1efbe2669d090e4c4c660fada91d"), - 320: ("61b8daa7a6e5aa9fccf1ef504220b2e5a5b8c6dc7475d16d3172d7db0b2778414e4f6e8fa2032ead", - "049caed8fb4742956cc2ad12a9a1c995e21759ef26a07bc2054136d3d2f28bb331a70e26c4c687275ab1f434be7871e115d2350c0c5f61d4d06d2bcdb67f5cb63fdb794e5947c87dc6849a58694e37e6cd"), - 384: ("3dd92e750d90d7d39fc1885cd8ad12ea9441f22b9334b4d965202adb1448ce24c5808a85dd9afc229af0a3124f755bcb", - "04719f9d093a627e0d350385c661cebf00c61923566fe9006a3107af1d871bc6bb68985fd722ea32be316f8e783b7cd1957785f66cfc0cb195dd5c99a8e7abaa848553a584dfd2b48e76d445fe00dd8be59096d877d4696d23b4bc8db14724e66a"), - 512: ("372c9778f69f726cbca3f4a268f16b4d617d10280d79a6a029cd51879fe1012934dfe5395455337df6906dc7d6d2eea4dbb2065c0228f73b3ed716480e7d71d2", - "0438b7ec92b61c5c6c7fbc28a4ec759d48fcd4e2e374defd5c4968a54dbef7510e517886fbfc38ea39aa529359d70a7156c35d3cbac7ce776bdb251dd64bce71234424ee7049eed072f0dbc4d79996e175d557e263763ae97095c081e73e7db2e38adc3d4c9a0487b1ede876dc1fca61c902e9a1d8722b8612928f18a24845591a"), - }, - 'ECC(PSA_ECC_FAMILY_MONTGOMERY)': { - 255: ("70076d0a7318a57d3c16c17251b26645df4c2f87ebc0992ab177fba51db92c6a", - "8520f0098930a754748b7ddcb43ef75a0dbf3a0d26381af4eba4a98eaa9b4e6a"), - 448: ("e4e49f52686f9ee3b638528f721f1596196ffd0a1cddb64c3f216f06541805cfeb1a286dc78018095cdfec050e8007b5f4908962ba20d6c1", - "c0d3a5a2b416a573dc9909f92f134ac01323ab8f8e36804e578588ba2d09fe7c3e737f771ca112825b548a0ffded6d6a2fd09a3e77dec30e"), - }, - 'ECC(PSA_ECC_FAMILY_TWISTED_EDWARDS)': { - 255: ("9d61b19deffd5a60ba844af492ec2cc44449c5697b326919703bac031cae7f60", - "d75a980182b10ab7d54bfed3c964073a0ee172f3daa62325af021a68f707511a"), - 448: ("6c82a562cb808d10d632be89c8513ebf6c929f34ddfa8c9f63c9960ef6e348a3528c8a3fcc2f044e39a3fc5b94492f8f032e7549a20098f95b", - "5fd7449b59b461fd2ce787ec616ad46a1da1342485a70e1f8a0ea75d80e96778edf124769b46c7061bd6783df1e50f6cd1fa1abeafe8256180"), - }, - 'RSA': { - 1024: (""" -3082025e - 020100 - 02818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3 - 0203010001 - 02818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1 - 024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113 - 024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091 - 024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d - 024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1 - 024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24 -""", """ - 308189 - 02818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3 - 0203010001 -"""), - 1026: (""" -3082025e - 020100 - 02818102d09661fc74224ba7be7907abef4f5e8bcc264a802c978f7eaa5855ada05436d75db768d20f68595dbcc3d725b138e80b247e44a4163a0542fab612acbbde45f2e93894aa253bddef6a7becdc9cc29a99bacf48dc6e38db7a33e9ac924c520fc6be7d6e5646c1d67fb8b2b97ac60beecc3bb8e75bed8315aa3fe46f748a66d6ef - 0203010001 - 0281806a4a346beba97f655fe834647d2944f5f40815e7302caf02ed179893c2d989395d5e877cacbf24a77a079d3db71580ccdbf63023d00f80e52f5c1a0716b323b7bfcbdc8a1781c44c4153e3da228d17b2dc78eb1f44cff60fe1150808a6e38ba2470aee2e948a6898ddadea56d9470927aca8d94a0338c11a8e95715b5f94e011 - 024101f5418534c36236fc9fd38934d7c06dfed3829151ccab56b6330c641f7796a71924cf8119ca26e186ecd3068d6607a05260db4857651980436891adde9eb92ab7 - 02410170042fbdbaba1e102b7f7f1dc9d940cfdcd85dd0ea65f543c6432e9c5480724bb49b1e5f80ca2b9f84cd6644bfb2e3d0968090b89f534dc2951e606db909dd89 - 0241014b6c1aeb1c14a04ec04e5975fb015cb914984c054dd22bef24299939c514733f88bb3a9d16b04685b3a883b8923190ab672715d9d31add57b4983de1e8087e59 - 02410117bf76f308b0560e00a2c864427dcd50b5161c2aa523a00f46f4e6c79b4c90958fd2a282028aac227477169888085a38c34f33b3c41934f1071db23b75ff53d1 - 02410120a428b4e0c4a6f202920fd49cc9886e6b6719d40a3ad0604f5d5efd5ef6973a573ab324f38ecb8e669a69341597081e240b6ae4e2714887dd78dadaeb0b9216 -""", """ -308189 - 02818102d09661fc74224ba7be7907abef4f5e8bcc264a802c978f7eaa5855ada05436d75db768d20f68595dbcc3d725b138e80b247e44a4163a0542fab612acbbde45f2e93894aa253bddef6a7becdc9cc29a99bacf48dc6e38db7a33e9ac924c520fc6be7d6e5646c1d67fb8b2b97ac60beecc3bb8e75bed8315aa3fe46f748a66d6ef - 0203010001 -"""), - 1028: (""" -3082025e - 020100 - 0281810e62a76f0e0b59683a7ebf7cbfd37b1d1781d8f1b900604b507f0f04c72a3d340d067bcd53bea3caff4e4ae694f0b6d8f591a4167fbf7f372ab57e83a69a3f26f447bcf582bc9621a30a3b44d6b43e986d1a867b07489e4f9bfcadaa82a2782dc2729a631fb1fb9ffb794b4e53c76239e04d4a8f80352588db29462dde18237cf5 - 0203010001 - 02818101cfa0422e3bb60c15ef2e96db4499e789f5d634ea64567b2cdd6e2bdd121f85edccdee9b4ed178c5f33816101a7c371518b3e23f9fdc71b90242cd310b6b31428b0b64eb9596be0cc044cc85048982f90b706e66ccdd39ad5a1a7b64cf034eac0c35d7ace93f2bcd3ce243bd8f83b46f509ca2f805063002af2bb2d88b6ee36a9 - 024103f0886d2977526f3f3f6a075600232ce3008517276dd3721dee08fd6c999fc976b9e8dd2bc143385fa4b48735ce81c66b501d7129ee7860cfbef23b5da91e6c2d - 024103a6c8734aace59d5f386f97de450f8a12d63ae6ac15d336e010c9fcf03a32f0611881ac6cd8b3f989925c0f025af26cf26aebd7d9b04eb503048dca2f503c28e9 - 0241019b300451c3b47866f113e9a9c6a490c87c8dc6c2eca42902caea1f6907b97e0a4a02072aafc1185ae66c34345bddcd683361cda1aaf8a98009f9f8fa56d97081 - 02401bcca849173d38e1e50ec48872ab54a2dcc621a80a7a1e8ea951287988718d5e85d90d64ab4926e9a575a168a385c421ad765813fc3f4af8cd00de7b6bba6e49 - 0241036dcf69f6e548c8acfb536fb6cd186f8b8f20d313361d0447c1b5e380f4113e578b31e867dda47d44ad3761e793f725031b8d379f389de277a9a0137651df548a -""", """ -308189 - 0281810e62a76f0e0b59683a7ebf7cbfd37b1d1781d8f1b900604b507f0f04c72a3d340d067bcd53bea3caff4e4ae694f0b6d8f591a4167fbf7f372ab57e83a69a3f26f447bcf582bc9621a30a3b44d6b43e986d1a867b07489e4f9bfcadaa82a2782dc2729a631fb1fb9ffb794b4e53c76239e04d4a8f80352588db29462dde18237cf5 - 0203010001 -"""), - 1030: (""" -3082025f - 020100 - 0281812b7cd197f5796d1f8e576b2b37723fd9210814ef1c1995f9899d50058f379d239c66878e922f34c6ae3672c8598fcd5d47b764d2ec156e134d03cf6a94d38d2ea8bc76dbbc60c4b974219090eaf287497d7dcf7f119cfa867496f7e91c12b5d552e1d1461a80dbe9a59db3b016c6c0141c3b2a0e226089b855cb88ef656408bd89 - 0203010001 - 0281810210d5ff531cacb22f8cf7dd1fd9fb0376f3647f2e9ab3df9c89b9ad3c98e68b89adeb29901dd2f2cf2ac1f817726278830ec8a8d0fdd19d496ec6bc683671174786b7d6a8e822fa71d65ad35abbdf0e6e55ff2c1821b62bc630192160e5c9b3dcafc65ae6b2a088fbc5591da58a45dd7a30960f7d3def75b80cdf73247360e8fb - 0241072e371a3ba861e78e3eb9313065faab0a97216e9544bfc2d5b403844b43273705755a85aa0baf7114770cfeca20bca17ac19bc4cbba106a33b3dddca0fb535f33 - 0241060e6af37ab4ea11f52b9344e7160eb2a53f1075e1229a7f10a301de3359f53e981ea0e17df0fb380f089e5c37dd40daa29eefd205f5c87b38f8fef636b57ba053 - 0241023a5dd09ef83540b30b554d24f64f9c28d212068cfc62ffe26d53b605e05557a632ee9e90cfc56531f36aadd82be63bb8aa405a04d8bbe5281bc45883fed7b4af - 0241041de6dbad4caf5417a9504965201c4b99827de8f369f7456a84b3ef5c4ec9238c7a3d782a8915ebec643a698b5bee0af0c243592bce0042aadeaf49a4b4c6dd9b - 024105d32dee952b503b536fcecf19ec08236a9cd945c49551bf99f15b674fc21aa199f4c4211f0f0007c417c1fb4155326a2142fca454bbd38d6dbc6caa7ac335a17c -""", """ -308189 - 0281812b7cd197f5796d1f8e576b2b37723fd9210814ef1c1995f9899d50058f379d239c66878e922f34c6ae3672c8598fcd5d47b764d2ec156e134d03cf6a94d38d2ea8bc76dbbc60c4b974219090eaf287497d7dcf7f119cfa867496f7e91c12b5d552e1d1461a80dbe9a59db3b016c6c0141c3b2a0e226089b855cb88ef656408bd89 - 0203010001 -"""), - 1536: (""" -3082037b - 020100 - 0281c100c870feb6ca6b1d2bd9f2dd99e20f1fe2d7e5192de662229dbe162bd1ba66336a7182903ca0b72796cd441c83d24bcdc3e9a2f5e4399c8a043f1c3ddf04754a66d4cfe7b3671a37dd31a9b4c13bfe06ee90f9d94ddaa06de67a52ac863e68f756736ceb014405a6160579640f831dddccc34ad0b05070e3f9954a58d1815813e1b83bcadba814789c87f1ef2ba5d738b793ec456a67360eea1b5faf1c7cc7bf24f3b2a9d0f8958b1096e0f0c335f8888d0c63a51c3c0337214fa3f5efdf6dcc35 - 0203010001 - 0281c06d2d670047973a87752a9d5bc14f3dae00acb01f593aa0e24cf4a49f932931de4bbfb332e2d38083da80bc0b6d538edba479f7f77d0deffb4a28e6e67ff6273585bb4cd862535c946605ab0809d65f0e38f76e4ec2c3d9b8cd6e14bcf667943892cd4b34cc6420a439abbf3d7d35ef73976dd6f9cbde35a51fa5213f0107f83e3425835d16d3c9146fc9e36ce75a09bb66cdff21dd5a776899f1cb07e282cca27be46510e9c799f0d8db275a6be085d9f3f803218ee3384265bfb1a3640e8ca1 - 026100e6848c31d466fffefc547e3a3b0d3785de6f78b0dd12610843512e495611a0675509b1650b27415009838dd8e68eec6e7530553b637d602424643b33e8bc5b762e1799bc79d56b13251d36d4f201da2182416ce13574e88278ff04467ad602d9 - 026100de994fdf181f02be2bf9e5f5e4e517a94993b827d1eaf609033e3a6a6f2396ae7c44e9eb594cf1044cb3ad32ea258f0c82963b27bb650ed200cde82cb993374be34be5b1c7ead5446a2b82a4486e8c1810a0b01551609fb0841d474bada802bd - 026076ddae751b73a959d0bfb8ff49e7fcd378e9be30652ecefe35c82cb8003bc29cc60ae3809909baf20c95db9516fe680865417111d8b193dbcf30281f1249de57c858bf1ba32f5bb1599800e8398a9ef25c7a642c95261da6f9c17670e97265b1 - 0260732482b837d5f2a9443e23c1aa0106d83e82f6c3424673b5fdc3769c0f992d1c5c93991c7038e882fcda04414df4d7a5f4f698ead87851ce37344b60b72d7b70f9c60cae8566e7a257f8e1bef0e89df6e4c2f9d24d21d9f8889e4c7eccf91751 - 026009050d94493da8f00a4ddbe9c800afe3d44b43f78a48941a79b2814a1f0b81a18a8b2347642a03b27998f5a18de9abc9ae0e54ab8294feac66dc87e854cce6f7278ac2710cb5878b592ffeb1f4f0a1853e4e8d1d0561b6efcc831a296cf7eeaf -""", """ -3081c9 - 0281c100c870feb6ca6b1d2bd9f2dd99e20f1fe2d7e5192de662229dbe162bd1ba66336a7182903ca0b72796cd441c83d24bcdc3e9a2f5e4399c8a043f1c3ddf04754a66d4cfe7b3671a37dd31a9b4c13bfe06ee90f9d94ddaa06de67a52ac863e68f756736ceb014405a6160579640f831dddccc34ad0b05070e3f9954a58d1815813e1b83bcadba814789c87f1ef2ba5d738b793ec456a67360eea1b5faf1c7cc7bf24f3b2a9d0f8958b1096e0f0c335f8888d0c63a51c3c0337214fa3f5efdf6dcc35 - 0203010001 -"""), - 2048: (""" -308204a3 - 020100 - 0282010100f7bb6b8eab40491cd64455ec04d4ed8db5051a9738fc7af73ff3b097511cce40aaf76537b1353504427986b7b2b53a964a6937b558ec0d1dea274af2b8fff2f094c243fa577266a79db0c26ffe30416d23ef05dd5fecab413ebbb4f8526ae720a94584226b37d92ef463fc736cb38e530e7488d9162f5726807bc543138a2d258adb4d680221c2532381ccfa81bc89bc3d7b84039c2df41ce3ec8db91c2380e781ba3aa9e23b74ed9973d4908efca47aa8d9b7b0a4423297a404427c3f3cd6e0782e4553880f06ba39a64f4a7b0eef921a6050a207cefadcf07394a3e18ea915dc8497e7ae61fc3162f62f5065a692af077266f7360c2076cebeaf14cb22c1ed - 0203010001 - 0282010000b8962dce604bc62e7678f48ca80cfff456ad36e2f6d329cc911a42ba7cf5b9b8f5aae1005e4a06f6e591279038d8508f2b62badfa5223da3cc94fa8360d5556f6d6852be75ea08135cac1834da719a4e7837e166d1d2c6c816b64661c10766b02f705cc4489f947428255835a909214341c21335ae12181dd81e611d59b1db70667bebd7e92b71e1d388318d3ec14d616f72c231f6727a183e6818285bd65f6572cadc9012248821b2d0ae6cedd30ca440d4d34cd77e2cf6b40ed2c7d856b30d474733fce0fb695c3e6530c079aed955e4073055f2655d4b671e291fde400f2f06d0b33f87d261e0ad3dae48a913841b34cfed03790fcaee00de2e90fb9621 - 02818100fcbe89cd1aa319e49ef4f72149bf06da57dcc64d3de605e9ff3e76fc66f4b1e2878245ffd71990511b17e97f33818889a8c21b5527fd181327affe88f9bba670c4e6f1e6309bd0323074e4cbcf23dce3c19b8d5495f56a93059ba7414f28ed1ec906ad18c63de1148abcfe9be7986000f425e580b70e43e48e24fa9d51aaae4d - 02818100faec5a7bed2e53cfca1e167db4641db5a00fe2c328125423d594789f3ec072c623e7afbdee0089fd26307651f6d3611a88af28c34585d5cb713a650c35933f58944db9bd15ba9fc28b07e6705b7b3ef1ccb48d21a53569c8b84c444b61ea5c6e67b54f0afd852ffb8c92a111fab8677263eeb80cf1a3403b4a9a209776947221 - 0281802ff99afeabc7b9ea83a1cc272d706d4494d8fb6b3e0ca3a2bf28843d74ed8db68a3258472ff5524792f4ff057e296059810717591ab61813cabcc57c0aab6bf48bebaa8f1f3af45212909dbd721c449996ee87ed3e69cf49090f7ab812e699dbf61ca64ec592895ef4d6db1d8ce08798a6bf6ac8fbf6613cc91e8bd3c0e4bd21 - 02818100b29b34590bddb308afecb4c3ab78abf1114add755e7b956aa0677b6896a933c937db7dabaad2b565fd1df7caa5ef9629e5eb100fd6d7c9f372d846fee6cfb6025e25e934df57a4ca3c5e5637d9d6235ac80428852f6c92acae0a937e38e731fde0521d3e4c70d653ae9edc89c8b623e4379fbf606f4b6db8068528f7c70f2921 - 0281800ed47ae05b275a23a7dfe3ffb727e3a268e626a59d401d2d846de26954ff54fc9ed93a9af33fac2c967a18e0f86145083e39923454bc10da5f4937e836b99851956bffb301ce9e06789786693213fcde6d5f2933d52bb29dc340ea011257788d3c5775eb6569230aafbf08752d40a8419de71b01d4927e27c1079caada0568b1 - """, """ -3082010a - 0282010100f7bb6b8eab40491cd64455ec04d4ed8db5051a9738fc7af73ff3b097511cce40aaf76537b1353504427986b7b2b53a964a6937b558ec0d1dea274af2b8fff2f094c243fa577266a79db0c26ffe30416d23ef05dd5fecab413ebbb4f8526ae720a94584226b37d92ef463fc736cb38e530e7488d9162f5726807bc543138a2d258adb4d680221c2532381ccfa81bc89bc3d7b84039c2df41ce3ec8db91c2380e781ba3aa9e23b74ed9973d4908efca47aa8d9b7b0a4423297a404427c3f3cd6e0782e4553880f06ba39a64f4a7b0eef921a6050a207cefadcf07394a3e18ea915dc8497e7ae61fc3162f62f5065a692af077266f7360c2076cebeaf14cb22c1ed - 0203010001 -"""), - 4096: (""" -30820929 - 020100 - 0282020100cc8725f6b38d5d01aeeb07d36e03de4d31a0261ce74fe11a895ecfd13d168aee932af135ffbb849877273897081f3f7593c14ae82bc266c10544f726ae1ccf133d8a4018d380dfa25251c011107b7513a943346aa0e0dec11d8d7fa25644653c118daabce6d41f066f6621768801478055780e91b68ea3c95856d172a89032b39c824e8b7dc1a3f8aee4f6b368baa3cd68f50d52680117e9b913d7f8c852a0d1008e8b87a5c97e37afc11a080550557b8b4dcbd8e192ed3366d83a09d27c77e150f66855b5dcfdb2df151bd7f444250eaf6fe3f236826c81fa848101bfaad535ffb522d6ff97c9dd1e43b82cce2921d153c15450c4724ffd3efdca578e013650a03a5cf501fc58600fb5c860c0ef0cfe0ac0712d441313dca41a4d7d411e6c83b2151749d28be4692f62373db07e4a79051c5682ec20d491c4cfc7bc140f35fa15e5a1fa756d65b8ef93addf4c47c4a35b184f22a1ef089948f946f6faeb6470f26746e658cf9b4177417842e6d373558089aff721b930e9ec61b4f6a02c052c6924d39a5bbb15ed1106c4010f4dd69c79d042c8b31661b1ee486bc69db5f2f07a50d85b20699d601315625bb869629c7f4c5d48b211d097f438acec95973a38d421090af0f13484e4e94b8cb5efc18507f4b931df39987ffb2830293e4da381aaf70b3292952ef934e2b40fdebba3d9701b76e1be548274b2602d888537482d - 0203010001 - 028202001a943e9c0089f0aa0116048a96abb486321a86916f82fb352460789fcfb1400550853e5afedc9ad6e877259cc4feb093c24b968534f89abb5f48aed8ad3c4bb1cba7cd7c1c724d3dae36770010b5068a334f2b3ee720c9f9ed320001f3f587f5662f939e605df519343d60c0635ccd32b188bc55f5d434173c9e6db2199341af833990e50246f99cddf79dd2c35babe14c103a76b8d2d98d73528f98c249b0a1f09155b31f599fc833542422a2342623bbbef4ac7ee605e2cdecf01fea25683bd4f66ca924ccef00418adff730c4714f66ffa2af0da3e5df7f539c634289fc12bc24093ec8f0ec180af0907cec1ebec911fa180fb5f3c80ed852896ad6e6b3eccb44de62193d52118cab2b171071d5fdaa7c4288fc7766d57774f4be46151bb90ace7c10c215f62ed26e52e6122436f532bd54fc08272adb216a2db433d5699c40ad58faa2660898ffccfc98002f8bb0361b4cf9ed6e93c1ca96d34a1ef40460f85918cfde4a8193b51ecea4b3903cae924a8fad5f8308954c9f19a7597bf0a75126a557e49f8bbd31fc4e8556f230640bf36204c6cf3d56dca5a41d860307ba6705a698681100a327f91739c486c470ba71d03d285314b0d7d04008e03f2a2b85e7c243d6fd9b97a02168c069ec572d3f0ca15ebcb1739f3a0b3c147a88e0b74f45a007ae927d6f822bf50b87b1e93fe7d9180bc6bc12bde6c8070d10c97331 - 0282010100f50ebceac9d3c64482a8c265d6365461aa4a31a6a7633a24c8e34794ecdfcab1d6b52fb6a5f38055cc32d6a61b889550de27b3d0bd68b6d4fda041598ab98887143988576806b1c48720794902952ebe1bf0def65a0e6f94067056e6864fa2882e3a16f246282093d037639078182dd0a6eb21d3bad0637901a268b14c632c9d0b1690ed88abdde03f528247aa2e41557d0865ad34e53ff53ae0e5dea195d93fe65c25871f6f23adf34b6e960c2978f2b7475dafce6cbb26a53934d26c193d67f32de91035eeb89022beb7d5df784ac20ca6ab91bf6b775b6c9416f605b4841736cbfbd22ad98ab2e8428457e0793f5af40e550b48765d59e6e1b4a4a1f571f1 - 0282010100d5a91d4d44bb9b73c1fe0248925e2c0ec1de51390bd8a73b453da51ae29325ae7657089fd4ee4a2fd96e345b57f672d7d484fde99189ab0a6365bf2b38680d6bb947f4b217be660323c26b86d643ae686d82e36ec00cfd038942443caa04a0f91e68ec717935b45e790311be56440d7176949594688ed1dd5c9103c57c158d05e4c37b98d81898030744a64f6ebdbf750aab79757e34dac422163ea7c0f42b97710c861978b24100385aad727e5f3836a74ea4bf1d36ef2a5edf9c9e8f996ef3191348450ea9f1d4a63db29cb06f63e5badb18e4d40f5112b658d1cc23cb65388aca03d141a6bc5fbd9429fe33d340d3e85bfa848908d60b562f894e8a337dfd - 0282010100c4950f0d95dc51d791ad094d223b3113abc49af1e2a361f83242c8a07a28c8744315d3f1c44c82edd0c21398eacb75648ae1f48885f92379d6ffa08cd11126a99d9acd79b8946e3486659185f511718ec5e1432b02714426cdc77e9eacade36735161a643dcd60dcd2922c47af5f4e196c5d8124555f67fca148048dfe062cbaca334f0d8daeb96d73be9f8e17c1c55d6bd0b9a7e99fe1dfba5cc16a07dbaa8c6d220c64c9dda114a0f029052b3a75b0d73fe3b2ed7821e5cd7307a1a95fd1f7ba8760c8454b7c38fbf65c88b01cd273ba2c55c3b477e426ae025a2cffc4a095f2ba4e0779a24b765b85489f2a0e79b95fc0c38e2a91f12ef65ca749ce369431 - 028201002aa48e0c95e33bab66d4637048863314deec9819629be30499552c56a951e4fb64f309ed9c79d2a4aa28ac9a6e7be97fda1290fac4e94d11cdb4c8eabf5f450e72f4418a29e2fe493221e3840dcf8447a353b440ae63e93b83718e5ced31ef4ec91af7d5cdf3420478f27be019278be7515b665f305f10d3b55ddbfad64116dc4e4415aef3b234e4a5d6b5bab4c77a26c9f25f536bd4f0b4a478fc184f126c80d53742ac62c270e6b258a6b56b3365ecc28797a9ed12c1b91b265603ef751807bcc1747313f22729e1e3fe79f75cc3fb5dc7ccb81efacf9b847945a6109ecf9cf156505cbb55a3d317eb325661d18fe6bb416046837318053b365199334c03a1 - 0282010100ee63706030a4ece9fe3bddcfc49f5a83f37f63ebcb29dbdc999f6ff54b596f115cf1eca09990108a439518e996f689fdde89b2c67edc04bf8e366734c2ae3017ec14e042050e7c656840146ca048394dcebe90dd2195349bbad306569031b2ef6e9171d2ae7797c8844e548394ca3b768d8496e99ef63abb59b0ff7fc70eb53153dd0f59018a275acba701f2c76a15c894f53461fedf65bc25c2c5cec396e556a1a919bc7a056393d50644126dcdef9256642e65a6043cbce9497e192cf2cb33648e117f41dbf01900acb93b0c78ddf31f381f4db3f9ccbbb69093dabf2e89dbbc0cb72f20c005a2519e3a874146495d7aacf3416a422e560986f22f39456e7f - """, """ -3082020a - 0282020100cc8725f6b38d5d01aeeb07d36e03de4d31a0261ce74fe11a895ecfd13d168aee932af135ffbb849877273897081f3f7593c14ae82bc266c10544f726ae1ccf133d8a4018d380dfa25251c011107b7513a943346aa0e0dec11d8d7fa25644653c118daabce6d41f066f6621768801478055780e91b68ea3c95856d172a89032b39c824e8b7dc1a3f8aee4f6b368baa3cd68f50d52680117e9b913d7f8c852a0d1008e8b87a5c97e37afc11a080550557b8b4dcbd8e192ed3366d83a09d27c77e150f66855b5dcfdb2df151bd7f444250eaf6fe3f236826c81fa848101bfaad535ffb522d6ff97c9dd1e43b82cce2921d153c15450c4724ffd3efdca578e013650a03a5cf501fc58600fb5c860c0ef0cfe0ac0712d441313dca41a4d7d411e6c83b2151749d28be4692f62373db07e4a79051c5682ec20d491c4cfc7bc140f35fa15e5a1fa756d65b8ef93addf4c47c4a35b184f22a1ef089948f946f6faeb6470f26746e658cf9b4177417842e6d373558089aff721b930e9ec61b4f6a02c052c6924d39a5bbb15ed1106c4010f4dd69c79d042c8b31661b1ee486bc69db5f2f07a50d85b20699d601315625bb869629c7f4c5d48b211d097f438acec95973a38d421090af0f13484e4e94b8cb5efc18507f4b931df39987ffb2830293e4da381aaf70b3292952ef934e2b40fdebba3d9701b76e1be548274b2602d888537482d - 0203010001 -"""), - }, -}) diff --git a/scripts/mbedtls_dev/bignum_common.py b/scripts/mbedtls_dev/bignum_common.py deleted file mode 100644 index eebc858b21..0000000000 --- a/scripts/mbedtls_dev/bignum_common.py +++ /dev/null @@ -1,406 +0,0 @@ -"""Common features for bignum in test generation framework.""" -# Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later -# - -from abc import abstractmethod -import enum -from typing import Iterator, List, Tuple, TypeVar, Any -from copy import deepcopy -from itertools import chain -from math import ceil - -from . import test_case -from . import test_data_generation -from .bignum_data import INPUTS_DEFAULT, MODULI_DEFAULT - -T = TypeVar('T') #pylint: disable=invalid-name - -def invmod(a: int, n: int) -> int: - """Return inverse of a to modulo n. - - Equivalent to pow(a, -1, n) in Python 3.8+. Implementation is equivalent - to long_invmod() in CPython. - """ - b, c = 1, 0 - while n: - q, r = divmod(a, n) - a, b, c, n = n, c, b - q*c, r - # at this point a is the gcd of the original inputs - if a == 1: - return b - raise ValueError("Not invertible") - -def invmod_positive(a: int, n: int) -> int: - """Return a non-negative inverse of a to modulo n.""" - inv = invmod(a, n) - return inv if inv >= 0 else inv + n - -def hex_to_int(val: str) -> int: - """Implement the syntax accepted by mbedtls_test_read_mpi(). - - This is a superset of what is accepted by mbedtls_test_read_mpi_core(). - """ - if val in ['', '-']: - return 0 - return int(val, 16) - -def quote_str(val: str) -> str: - return "\"{}\"".format(val) - -def bound_mpi(val: int, bits_in_limb: int) -> int: - """First number exceeding number of limbs needed for given input value.""" - return bound_mpi_limbs(limbs_mpi(val, bits_in_limb), bits_in_limb) - -def bound_mpi_limbs(limbs: int, bits_in_limb: int) -> int: - """First number exceeding maximum of given number of limbs.""" - bits = bits_in_limb * limbs - return 1 << bits - -def limbs_mpi(val: int, bits_in_limb: int) -> int: - """Return the number of limbs required to store value.""" - bit_length = max(val.bit_length(), 1) - return (bit_length + bits_in_limb - 1) // bits_in_limb - -def combination_pairs(values: List[T]) -> List[Tuple[T, T]]: - """Return all pair combinations from input values.""" - return [(x, y) for x in values for y in values] - -def bits_to_limbs(bits: int, bits_in_limb: int) -> int: - """ Return the appropriate ammount of limbs needed to store - a number contained in input bits""" - return ceil(bits / bits_in_limb) - -def hex_digits_for_limb(limbs: int, bits_in_limb: int) -> int: - """ Return the hex digits need for a number of limbs. """ - return 2 * ((limbs * bits_in_limb) // 8) - -def hex_digits_max_int(val: str, bits_in_limb: int) -> int: - """ Return the first number exceeding maximum the limb space - required to store the input hex-string value. This method - weights on the input str_len rather than numerical value - and works with zero-padded inputs""" - n = ((1 << (len(val) * 4)) - 1) - l = limbs_mpi(n, bits_in_limb) - return bound_mpi_limbs(l, bits_in_limb) - -def zfill_match(reference: str, target: str) -> str: - """ Zero pad target hex-string to match the limb size of - the reference input """ - lt = len(target) - lr = len(reference) - target_len = lr if lt < lr else lt - return "{:x}".format(int(target, 16)).zfill(target_len) - -class OperationCommon(test_data_generation.BaseTest): - """Common features for bignum binary operations. - - This adds functionality common in binary operation tests. - - Attributes: - symbol: Symbol to use for the operation in case description. - input_values: List of values to use as test case inputs. These are - combined to produce pairs of values. - input_cases: List of tuples containing pairs of test case inputs. This - can be used to implement specific pairs of inputs. - unique_combinations_only: Boolean to select if test case combinations - must be unique. If True, only A,B or B,A would be included as a test - case. If False, both A,B and B,A would be included. - input_style: Controls the way how test data is passed to the functions - in the generated test cases. "variable" passes them as they are - defined in the python source. "arch_split" pads the values with - zeroes depending on the architecture/limb size. If this is set, - test cases are generated for all architectures. - arity: the number of operands for the operation. Currently supported - values are 1 and 2. - """ - symbol = "" - input_values = INPUTS_DEFAULT # type: List[str] - input_cases = [] # type: List[Any] - dependencies = [] # type: List[Any] - unique_combinations_only = False - input_styles = ["variable", "fixed", "arch_split"] # type: List[str] - input_style = "variable" # type: str - limb_sizes = [32, 64] # type: List[int] - arities = [1, 2] - arity = 2 - suffix = False # for arity = 1, symbol can be prefix (default) or suffix - - def __init__(self, val_a: str, val_b: str = "0", bits_in_limb: int = 32) -> None: - self.val_a = val_a - self.val_b = val_b - # Setting the int versions here as opposed to making them @properties - # provides earlier/more robust input validation. - self.int_a = hex_to_int(val_a) - self.int_b = hex_to_int(val_b) - self.dependencies = deepcopy(self.dependencies) - if bits_in_limb not in self.limb_sizes: - raise ValueError("Invalid number of bits in limb!") - if self.input_style == "arch_split": - self.dependencies.append("MBEDTLS_HAVE_INT{:d}".format(bits_in_limb)) - self.bits_in_limb = bits_in_limb - - @property - def boundary(self) -> int: - if self.arity == 1: - return self.int_a - elif self.arity == 2: - return max(self.int_a, self.int_b) - raise ValueError("Unsupported number of operands!") - - @property - def limb_boundary(self) -> int: - return bound_mpi(self.boundary, self.bits_in_limb) - - @property - def limbs(self) -> int: - return limbs_mpi(self.boundary, self.bits_in_limb) - - @property - def hex_digits(self) -> int: - return hex_digits_for_limb(self.limbs, self.bits_in_limb) - - def format_arg(self, val: str) -> str: - if self.input_style not in self.input_styles: - raise ValueError("Unknown input style!") - if self.input_style == "variable": - return val - else: - return val.zfill(self.hex_digits) - - def format_result(self, res: int) -> str: - res_str = '{:x}'.format(res) - return quote_str(self.format_arg(res_str)) - - @property - def arg_a(self) -> str: - return self.format_arg(self.val_a) - - @property - def arg_b(self) -> str: - if self.arity == 1: - raise AttributeError("Operation is unary and doesn't have arg_b!") - return self.format_arg(self.val_b) - - def arguments(self) -> List[str]: - args = [quote_str(self.arg_a)] - if self.arity == 2: - args.append(quote_str(self.arg_b)) - return args + self.result() - - def description(self) -> str: - """Generate a description for the test case. - - If not set, case_description uses the form A `symbol` B, where symbol - is used to represent the operation. Descriptions of each value are - generated to provide some context to the test case. - """ - if not self.case_description: - if self.arity == 1: - format_string = "{1:x} {0}" if self.suffix else "{0} {1:x}" - self.case_description = format_string.format( - self.symbol, self.int_a - ) - elif self.arity == 2: - self.case_description = "{:x} {} {:x}".format( - self.int_a, self.symbol, self.int_b - ) - return super().description() - - @property - def is_valid(self) -> bool: - return True - - @abstractmethod - def result(self) -> List[str]: - """Get the result of the operation. - - This could be calculated during initialization and stored as `_result` - and then returned, or calculated when the method is called. - """ - raise NotImplementedError - - @classmethod - def get_value_pairs(cls) -> Iterator[Tuple[str, str]]: - """Generator to yield pairs of inputs. - - Combinations are first generated from all input values, and then - specific cases provided. - """ - if cls.arity == 1: - yield from ((a, "0") for a in cls.input_values) - elif cls.arity == 2: - if cls.unique_combinations_only: - yield from combination_pairs(cls.input_values) - else: - yield from ( - (a, b) - for a in cls.input_values - for b in cls.input_values - ) - else: - raise ValueError("Unsupported number of operands!") - - @classmethod - def generate_function_tests(cls) -> Iterator[test_case.TestCase]: - if cls.input_style not in cls.input_styles: - raise ValueError("Unknown input style!") - if cls.arity not in cls.arities: - raise ValueError("Unsupported number of operands!") - if cls.input_style == "arch_split": - test_objects = (cls(a, b, bits_in_limb=bil) - for a, b in cls.get_value_pairs() - for bil in cls.limb_sizes) - special_cases = (cls(*args, bits_in_limb=bil) # type: ignore - for args in cls.input_cases - for bil in cls.limb_sizes) - else: - test_objects = (cls(a, b) - for a, b in cls.get_value_pairs()) - special_cases = (cls(*args) for args in cls.input_cases) - yield from (valid_test_object.create_test_case() - for valid_test_object in filter( - lambda test_object: test_object.is_valid, - chain(test_objects, special_cases) - ) - ) - - -class ModulusRepresentation(enum.Enum): - """Representation selector of a modulus.""" - # Numerical values aligned with the type mbedtls_mpi_mod_rep_selector - INVALID = 0 - MONTGOMERY = 2 - OPT_RED = 3 - - def symbol(self) -> str: - """The C symbol for this representation selector.""" - return 'MBEDTLS_MPI_MOD_REP_' + self.name - - @classmethod - def supported_representations(cls) -> List['ModulusRepresentation']: - """Return all representations that are supported in positive test cases.""" - return [cls.MONTGOMERY, cls.OPT_RED] - - -class ModOperationCommon(OperationCommon): - #pylint: disable=abstract-method - """Target for bignum mod_raw test case generation.""" - moduli = MODULI_DEFAULT # type: List[str] - montgomery_form_a = False - disallow_zero_a = False - - def __init__(self, val_n: str, val_a: str, val_b: str = "0", - bits_in_limb: int = 64) -> None: - super().__init__(val_a=val_a, val_b=val_b, bits_in_limb=bits_in_limb) - self.val_n = val_n - # Setting the int versions here as opposed to making them @properties - # provides earlier/more robust input validation. - self.int_n = hex_to_int(val_n) - - def to_montgomery(self, val: int) -> int: - return (val * self.r) % self.int_n - - def from_montgomery(self, val: int) -> int: - return (val * self.r_inv) % self.int_n - - def convert_from_canonical(self, canonical: int, - rep: ModulusRepresentation) -> int: - """Convert values from canonical representation to the given representation.""" - if rep is ModulusRepresentation.MONTGOMERY: - return self.to_montgomery(canonical) - elif rep is ModulusRepresentation.OPT_RED: - return canonical - else: - raise ValueError('Modulus representation not supported: {}' - .format(rep.name)) - - @property - def boundary(self) -> int: - return self.int_n - - @property - def arg_a(self) -> str: - if self.montgomery_form_a: - value_a = self.to_montgomery(self.int_a) - else: - value_a = self.int_a - return self.format_arg('{:x}'.format(value_a)) - - @property - def arg_n(self) -> str: - return self.format_arg(self.val_n) - - def format_arg(self, val: str) -> str: - return super().format_arg(val).zfill(self.hex_digits) - - def arguments(self) -> List[str]: - return [quote_str(self.arg_n)] + super().arguments() - - @property - def r(self) -> int: # pylint: disable=invalid-name - l = limbs_mpi(self.int_n, self.bits_in_limb) - return bound_mpi_limbs(l, self.bits_in_limb) - - @property - def r_inv(self) -> int: - return invmod(self.r, self.int_n) - - @property - def r2(self) -> int: # pylint: disable=invalid-name - return pow(self.r, 2) - - @property - def is_valid(self) -> bool: - if self.int_a >= self.int_n: - return False - if self.disallow_zero_a and self.int_a == 0: - return False - if self.arity == 2 and self.int_b >= self.int_n: - return False - return True - - def description(self) -> str: - """Generate a description for the test case. - - It uses the form A `symbol` B mod N, where symbol is used to represent - the operation. - """ - - if not self.case_description: - return super().description() + " mod {:x}".format(self.int_n) - return super().description() - - @classmethod - def input_cases_args(cls) -> Iterator[Tuple[Any, Any, Any]]: - if cls.arity == 1: - yield from ((n, a, "0") for a, n in cls.input_cases) - elif cls.arity == 2: - yield from ((n, a, b) for a, b, n in cls.input_cases) - else: - raise ValueError("Unsupported number of operands!") - - @classmethod - def generate_function_tests(cls) -> Iterator[test_case.TestCase]: - if cls.input_style not in cls.input_styles: - raise ValueError("Unknown input style!") - if cls.arity not in cls.arities: - raise ValueError("Unsupported number of operands!") - if cls.input_style == "arch_split": - test_objects = (cls(n, a, b, bits_in_limb=bil) - for n in cls.moduli - for a, b in cls.get_value_pairs() - for bil in cls.limb_sizes) - special_cases = (cls(*args, bits_in_limb=bil) - for args in cls.input_cases_args() - for bil in cls.limb_sizes) - else: - test_objects = (cls(n, a, b) - for n in cls.moduli - for a, b in cls.get_value_pairs()) - special_cases = (cls(*args) for args in cls.input_cases_args()) - yield from (valid_test_object.create_test_case() - for valid_test_object in filter( - lambda test_object: test_object.is_valid, - chain(test_objects, special_cases) - )) diff --git a/scripts/mbedtls_dev/bignum_core.py b/scripts/mbedtls_dev/bignum_core.py deleted file mode 100644 index 909f6a3068..0000000000 --- a/scripts/mbedtls_dev/bignum_core.py +++ /dev/null @@ -1,896 +0,0 @@ -"""Framework classes for generation of bignum core test cases.""" -# Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later -# - -import random - -from typing import Dict, Iterator, List, Tuple - -from . import test_case -from . import test_data_generation -from . import bignum_common -from .bignum_data import ADD_SUB_DATA - -class BignumCoreTarget(test_data_generation.BaseTarget): - #pylint: disable=abstract-method, too-few-public-methods - """Target for bignum core test case generation.""" - target_basename = 'test_suite_bignum_core.generated' - - -class BignumCoreShiftR(BignumCoreTarget, test_data_generation.BaseTest): - """Test cases for mbedtls_bignum_core_shift_r().""" - count = 0 - test_function = "mpi_core_shift_r" - test_name = "Core shift right" - - DATA = [ - ('00', '0', [0, 1, 8]), - ('01', '1', [0, 1, 2, 8, 64]), - ('dee5ca1a7ef10a75', '64-bit', - list(range(11)) + [31, 32, 33, 63, 64, 65, 71, 72]), - ('002e7ab0070ad57001', '[leading 0 limb]', - [0, 1, 8, 63, 64]), - ('a1055eb0bb1efa1150ff', '80-bit', - [0, 1, 8, 63, 64, 65, 72, 79, 80, 81, 88, 128, 129, 136]), - ('020100000000000000001011121314151617', '138-bit', - [0, 1, 8, 9, 16, 72, 73, 136, 137, 138, 144]), - ] - - def __init__(self, input_hex: str, descr: str, count: int) -> None: - self.input_hex = input_hex - self.number_description = descr - self.shift_count = count - self.result = bignum_common.hex_to_int(input_hex) >> count - - def arguments(self) -> List[str]: - return ['"{}"'.format(self.input_hex), - str(self.shift_count), - '"{:0{}x}"'.format(self.result, len(self.input_hex))] - - def description(self) -> str: - return 'Core shift {} >> {}'.format(self.number_description, - self.shift_count) - - @classmethod - def generate_function_tests(cls) -> Iterator[test_case.TestCase]: - for input_hex, descr, counts in cls.DATA: - for count in counts: - yield cls(input_hex, descr, count).create_test_case() - - -class BignumCoreShiftL(BignumCoreTarget, bignum_common.ModOperationCommon): - """Test cases for mbedtls_bignum_core_shift_l().""" - - BIT_SHIFT_VALUES = ['0', '1', '2', '3', '4', '5', '6', '7', '8', '9', 'a', - '1f', '20', '21', '3f', '40', '41', '47', '48', '4f', - '50', '51', '58', '80', '81', '88'] - DATA = ["0", "1", "40", "dee5ca1a7ef10a75", "a1055eb0bb1efa1150ff", - "002e7ab0070ad57001", "020100000000000000001011121314151617", - "1946e2958a85d8863ae21f4904fcc49478412534ed53eaf321f63f2a222" - "7a3c63acbf50b6305595f90cfa8327f6db80d986fe96080bcbb5df1bdbe" - "9b74fb8dedf2bddb3f8215b54dffd66409323bcc473e45a8fe9d08e77a51" - "1698b5dad0416305db7fcf"] - arity = 1 - test_function = "mpi_core_shift_l" - test_name = "Core shift(L)" - input_style = "arch_split" - symbol = "<<" - input_values = BIT_SHIFT_VALUES - moduli = DATA - - @property - def val_n_max_limbs(self) -> int: - """ Return the limb count required to store the maximum number that can - fit in a the number of digits used by val_n """ - m = bignum_common.hex_digits_max_int(self.val_n, self.bits_in_limb) - 1 - return bignum_common.limbs_mpi(m, self.bits_in_limb) - - def arguments(self) -> List[str]: - return [bignum_common.quote_str(self.val_n), - str(self.int_a) - ] + self.result() - - def description(self) -> str: - """ Format the output as: - #{count} {hex input} ({input bits} {limbs capacity}) << {bit shift} """ - bits = "({} bits in {} limbs)".format(self.int_n.bit_length(), self.val_n_max_limbs) - return "{} #{} {} {} {} {}".format(self.test_name, - self.count, - self.val_n, - bits, - self.symbol, - self.int_a) - - def format_result(self, res: int) -> str: - # Override to match zero-pading for leading digits between the output and input. - res_str = bignum_common.zfill_match(self.val_n, "{:x}".format(res)) - return bignum_common.quote_str(res_str) - - def result(self) -> List[str]: - result = (self.int_n << self.int_a) - # Calculate if there is space for shifting to the left(leading zero limbs) - mx = bignum_common.hex_digits_max_int(self.val_n, self.bits_in_limb) - # If there are empty limbs ahead, adjust the bitmask accordingly - result = result & (mx - 1) - return [self.format_result(result)] - - @property - def is_valid(self) -> bool: - return True - - -class BignumCoreCTLookup(BignumCoreTarget, test_data_generation.BaseTest): - """Test cases for mbedtls_mpi_core_ct_uint_table_lookup().""" - test_function = "mpi_core_ct_uint_table_lookup" - test_name = "Constant time MPI table lookup" - - bitsizes = [ - (32, "One limb"), - (192, "Smallest curve sized"), - (512, "Largest curve sized"), - (2048, "Small FF/RSA sized"), - (4096, "Large FF/RSA sized"), - ] - - window_sizes = [0, 1, 2, 3, 4, 5, 6] - - def __init__(self, - bitsize: int, descr: str, window_size: int) -> None: - self.bitsize = bitsize - self.bitsize_description = descr - self.window_size = window_size - - def arguments(self) -> List[str]: - return [str(self.bitsize), str(self.window_size)] - - def description(self) -> str: - return '{} - {} MPI with {} bit window'.format( - BignumCoreCTLookup.test_name, - self.bitsize_description, - self.window_size - ) - - @classmethod - def generate_function_tests(cls) -> Iterator[test_case.TestCase]: - for bitsize, bitsize_description in cls.bitsizes: - for window_size in cls.window_sizes: - yield (cls(bitsize, bitsize_description, window_size) - .create_test_case()) - - -class BignumCoreAddAndAddIf(BignumCoreTarget, bignum_common.OperationCommon): - """Test cases for bignum core add and add-if.""" - count = 0 - symbol = "+" - test_function = "mpi_core_add_and_add_if" - test_name = "mpi_core_add_and_add_if" - input_style = "arch_split" - input_values = ADD_SUB_DATA - unique_combinations_only = True - - def result(self) -> List[str]: - result = self.int_a + self.int_b - - carry, result = divmod(result, self.limb_boundary) - - return [ - self.format_result(result), - str(carry) - ] - - -class BignumCoreSub(BignumCoreTarget, bignum_common.OperationCommon): - """Test cases for bignum core sub.""" - count = 0 - input_style = "arch_split" - symbol = "-" - test_function = "mpi_core_sub" - test_name = "mbedtls_mpi_core_sub" - input_values = ADD_SUB_DATA - - def result(self) -> List[str]: - if self.int_a >= self.int_b: - result = self.int_a - self.int_b - carry = 0 - else: - result = self.limb_boundary + self.int_a - self.int_b - carry = 1 - return [ - self.format_result(result), - str(carry) - ] - - -class BignumCoreMLA(BignumCoreTarget, bignum_common.OperationCommon): - """Test cases for fixed-size multiply accumulate.""" - count = 0 - test_function = "mpi_core_mla" - test_name = "mbedtls_mpi_core_mla" - - input_values = [ - "0", "1", "fffe", "ffffffff", "100000000", "20000000000000", - "ffffffffffffffff", "10000000000000000", "1234567890abcdef0", - "fffffffffffffffffefefefefefefefe", - "100000000000000000000000000000000", - "1234567890abcdef01234567890abcdef0", - "ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", - "1234567890abcdef01234567890abcdef01234567890abcdef01234567890abcdef0", - ( - "4df72d07b4b71c8dacb6cffa954f8d88254b6277099308baf003fab73227f" - "34029643b5a263f66e0d3c3fa297ef71755efd53b8fb6cb812c6bbf7bcf17" - "9298bd9947c4c8b14324140a2c0f5fad7958a69050a987a6096e9f055fb38" - "edf0c5889eca4a0cfa99b45fbdeee4c696b328ddceae4723945901ec02507" - "6b12b" - ) - ] # type: List[str] - input_scalars = [ - "0", "3", "fe", "ff", "ffff", "10000", "ffffffff", "100000000", - "7f7f7f7f7f7f7f7f", "8000000000000000", "fffffffffffffffe" - ] # type: List[str] - - def __init__(self, val_a: str, val_b: str, val_s: str) -> None: - super().__init__(val_a, val_b) - self.arg_scalar = val_s - self.int_scalar = bignum_common.hex_to_int(val_s) - if bignum_common.limbs_mpi(self.int_scalar, 32) > 1: - self.dependencies = ["MBEDTLS_HAVE_INT64"] - - def arguments(self) -> List[str]: - return [ - bignum_common.quote_str(self.arg_a), - bignum_common.quote_str(self.arg_b), - bignum_common.quote_str(self.arg_scalar) - ] + self.result() - - def description(self) -> str: - """Override and add the additional scalar.""" - if not self.case_description: - self.case_description = "0x{} + 0x{} * 0x{}".format( - self.arg_a, self.arg_b, self.arg_scalar - ) - return super().description() - - def result(self) -> List[str]: - result = self.int_a + (self.int_b * self.int_scalar) - bound_val = max(self.int_a, self.int_b) - bound_4 = bignum_common.bound_mpi(bound_val, 32) - bound_8 = bignum_common.bound_mpi(bound_val, 64) - carry_4, remainder_4 = divmod(result, bound_4) - carry_8, remainder_8 = divmod(result, bound_8) - return [ - "\"{:x}\"".format(remainder_4), - "\"{:x}\"".format(carry_4), - "\"{:x}\"".format(remainder_8), - "\"{:x}\"".format(carry_8) - ] - - @classmethod - def get_value_pairs(cls) -> Iterator[Tuple[str, str]]: - """Generator to yield pairs of inputs. - - Combinations are first generated from all input values, and then - specific cases provided. - """ - yield from super().get_value_pairs() - yield from cls.input_cases - - @classmethod - def generate_function_tests(cls) -> Iterator[test_case.TestCase]: - """Override for additional scalar input.""" - for a_value, b_value in cls.get_value_pairs(): - for s_value in cls.input_scalars: - cur_op = cls(a_value, b_value, s_value) - yield cur_op.create_test_case() - - -class BignumCoreMul(BignumCoreTarget, bignum_common.OperationCommon): - """Test cases for bignum core multiplication.""" - count = 0 - input_style = "arch_split" - symbol = "*" - test_function = "mpi_core_mul" - test_name = "mbedtls_mpi_core_mul" - arity = 2 - unique_combinations_only = True - - def format_arg(self, val: str) -> str: - return val - - def format_result(self, res: int) -> str: - res_str = '{:x}'.format(res) - a_limbs = bignum_common.limbs_mpi(self.int_a, self.bits_in_limb) - b_limbs = bignum_common.limbs_mpi(self.int_b, self.bits_in_limb) - hex_digits = bignum_common.hex_digits_for_limb(a_limbs + b_limbs, self.bits_in_limb) - return bignum_common.quote_str(self.format_arg(res_str).zfill(hex_digits)) - - def result(self) -> List[str]: - result = self.int_a * self.int_b - return [self.format_result(result)] - - -class BignumCoreMontmul(BignumCoreTarget, test_data_generation.BaseTest): - """Test cases for Montgomery multiplication.""" - count = 0 - test_function = "mpi_core_montmul" - test_name = "mbedtls_mpi_core_montmul" - - start_2_mpi4 = False - start_2_mpi8 = False - - replay_test_cases = [ - (2, 1, 1, 1, "19", "1", "1D"), (2, 1, 1, 1, "7", "1", "9"), - (2, 1, 1, 1, "4", "1", "9"), - ( - 12, 1, 6, 1, ( - "3C246D0E059A93A266288A7718419EC741661B474C58C032C5EDAF92709402" - "B07CC8C7CE0B781C641A1EA8DB2F4343" - ), "1", ( - "66A198186C18C10B2F5ED9B522752A9830B69916E535C8F047518A889A43A5" - "94B6BED27A168D31D4A52F88925AA8F5" - ) - ), ( - 8, 1, 4, 1, - "1E442976B0E63D64FCCE74B999E470CA9888165CB75BFA1F340E918CE03C6211", - "1", "B3A119602EE213CDE28581ECD892E0F592A338655DCE4CA88054B3D124D0E561" - ), ( - 22, 1, 11, 1, ( - "7CF5AC97304E0B63C65413F57249F59994B0FED1D2A8D3D83ED5FA38560FFB" - "82392870D6D08F87D711917FD7537E13B7E125BE407E74157776839B0AC9DB" - "23CBDFC696104353E4D2780B2B4968F8D8542306BCA7A2366E" - ), "1", ( - "284139EA19C139EBE09A8111926AAA39A2C2BE12ED487A809D3CB5BC558547" - "25B4CDCB5734C58F90B2F60D99CC1950CDBC8D651793E93C9C6F0EAD752500" - "A32C56C62082912B66132B2A6AA42ADA923E1AD22CEB7BA0123" - ) - ) - ] # type: List[Tuple[int, int, int, int, str, str, str]] - - random_test_cases = [ - ("2", "2", "3", ""), ("1", "2", "3", ""), ("2", "1", "3", ""), - ("6", "5", "7", ""), ("3", "4", "7", ""), ("1", "6", "7", ""), ("5", "6", "7", ""), - ("3", "4", "B", ""), ("7", "4", "B", ""), ("9", "7", "B", ""), ("2", "a", "B", ""), - ("25", "16", "29", "(0x29 is prime)"), ("8", "28", "29", ""), - ("18", "21", "29", ""), ("15", "f", "29", ""), - ("e2", "ea", "FF", ""), ("43", "72", "FF", ""), - ("d8", "70", "FF", ""), ("3c", "7c", "FF", ""), - ("99", "b9", "101", "(0x101 is prime)"), ("65", "b2", "101", ""), - ("81", "32", "101", ""), ("51", "dd", "101", ""), - ("d5", "143", "38B", "(0x38B is prime)"), ("3d", "387", "38B", ""), - ("160", "2e5", "38B", ""), ("10f", "137", "38B", ""), - ("7dac", "25a", "8003", "(0x8003 is prime)"), ("6f1c", "3286", "8003", ""), - ("59ed", "2f3f", "8003", ""), ("6893", "736d", "8003", ""), - ("d199", "2832", "10001", "(0x10001 is prime)"), ("c3b2", "3e5b", "10001", ""), - ("abe4", "214e", "10001", ""), ("4360", "a05d", "10001", ""), - ("3f5a1", "165b2", "7F7F7", ""), ("3bd29", "37863", "7F7F7", ""), - ("60c47", "64819", "7F7F7", ""), ("16584", "12c49", "7F7F7", ""), - ("1ff03f", "610347", "800009", "(0x800009 is prime)"), ("340fd5", "19812e", "800009", ""), - ("3fe2e8", "4d0dc7", "800009", ""), ("40356", "e6392", "800009", ""), - ("dd8a1d", "266c0e", "100002B", "(0x100002B is prime)"), - ("3fa1cb", "847fd6", "100002B", ""), ("5f439d", "5c3196", "100002B", ""), - ("18d645", "f72dc6", "100002B", ""), - ("20051ad", "37def6e", "37EEE9D", "(0x37EEE9D is prime)"), - ("2ec140b", "3580dbf", "37EEE9D", ""), ("1d91b46", "190d4fc", "37EEE9D", ""), - ("34e488d", "1224d24", "37EEE9D", ""), - ("2a4fe2cb", "263466a9", "8000000B", "(0x8000000B is prime)"), - ("5643fe94", "29a1aefa", "8000000B", ""), ("29633513", "7b007ac4", "8000000B", ""), - ("2439cef5", "5c9d5a47", "8000000B", ""), - ("4de3cfaa", "50dea178", "8CD626B9", "(0x8CD626B9 is prime)"), - ("b8b8563", "10dbbbac", "8CD626B9", ""), ("4e8a6151", "5574ec19", "8CD626B9", ""), - ("69224878", "309cfc23", "8CD626B9", ""), - ("fb6f7fb6", "afb05423", "10000000F", "(0x10000000F is prime)"), - ("8391a243", "26034dcd", "10000000F", ""), ("d26b98c", "14b2d6aa", "10000000F", ""), - ("6b9f1371", "a21daf1d", "10000000F", ""), - ( - "9f49435ad", "c8264ade8", "174876E7E9", - "0x174876E7E9 is prime (dec) 99999999977" - ), - ("c402da434", "1fb427acf", "174876E7E9", ""), - ("f6ebc2bb1", "1096d39f2a", "174876E7E9", ""), - ("153b7f7b6b", "878fda8ff", "174876E7E9", ""), - ("2c1adbb8d6", "4384d2d3c6", "8000000017", "(0x8000000017 is prime)"), - ("2e4f9cf5fb", "794f3443d9", "8000000017", ""), - ("149e495582", "3802b8f7b7", "8000000017", ""), - ("7b9d49df82", "69c68a442a", "8000000017", ""), - ("683a134600", "6dd80ea9f6", "864CB9076D", "(0x864CB9076D is prime)"), - ("13a870ff0d", "59b099694a", "864CB9076D", ""), - ("37d06b0e63", "4d2147e46f", "864CB9076D", ""), - ("661714f8f4", "22e55df507", "864CB9076D", ""), - ("2f0a96363", "52693307b4", "F7F7F7F7F7", ""), - ("3c85078e64", "f2275ecb6d", "F7F7F7F7F7", ""), - ("352dae68d1", "707775b4c6", "F7F7F7F7F7", ""), - ("37ae0f3e0b", "912113040f", "F7F7F7F7F7", ""), - ("6dada15e31", "f58ed9eff7", "1000000000F", "(0x1000000000F is prime)"), - ("69627a7c89", "cfb5ebd13d", "1000000000F", ""), - ("a5e1ad239b", "afc030c731", "1000000000F", ""), - ("f1cc45f4c5", "c64ad607c8", "1000000000F", ""), - ("2ebad87d2e31", "4c72d90bca78", "800000000005", "(0x800000000005 is prime)"), - ("a30b3cc50d", "29ac4fe59490", "800000000005", ""), - ("33674e9647b4", "5ec7ee7e72d3", "800000000005", ""), - ("3d956f474f61", "74070040257d", "800000000005", ""), - ("48348e3717d6", "43fcb4399571", "800795D9BA47", "(0x800795D9BA47 is prime)"), - ("5234c03cc99b", "2f3cccb87803", "800795D9BA47", ""), - ("3ed13db194ab", "44b8f4ba7030", "800795D9BA47", ""), - ("1c11e843bfdb", "95bd1b47b08", "800795D9BA47", ""), - ("a81d11cb81fd", "1e5753a3f33d", "1000000000015", "(0x1000000000015 is prime)"), - ("688c4db99232", "36fc0cf7ed", "1000000000015", ""), - ("f0720cc07e07", "fc76140ed903", "1000000000015", ""), - ("2ec61f8d17d1", "d270c85e36d2", "1000000000015", ""), - ( - "6a24cd3ab63820", "ed4aad55e5e348", "100000000000051", - "(0x100000000000051 is prime)" - ), - ("e680c160d3b248", "31e0d8840ed510", "100000000000051", ""), - ("a80637e9aebc38", "bb81decc4e1738", "100000000000051", ""), - ("9afa5a59e9d630", "be9e65a6d42938", "100000000000051", ""), - ("ab5e104eeb71c000", "2cffbd639e9fea00", "ABCDEF0123456789", ""), - ("197b867547f68a00", "44b796cf94654800", "ABCDEF0123456789", ""), - ("329f9483a04f2c00", "9892f76961d0f000", "ABCDEF0123456789", ""), - ("4a2e12dfb4545000", "1aa3e89a69794500", "ABCDEF0123456789", ""), - ( - "8b9acdf013d140f000", "12e4ceaefabdf2b2f00", "25A55A46E5DA99C71C7", - "0x25A55A46E5DA99C71C7 is the 3rd repunit prime(dec) 11111111111111111111111" - ), - ("1b8d960ea277e3f5500", "14418aa980e37dd000", "25A55A46E5DA99C71C7", ""), - ("7314524977e8075980", "8172fa45618ccd0d80", "25A55A46E5DA99C71C7", ""), - ("ca14f031769be63580", "147a2f3cf2964ca9400", "25A55A46E5DA99C71C7", ""), - ( - "18532ba119d5cd0cf39735c0000", "25f9838e31634844924733000000", - "314DC643FB763F2B8C0E2DE00879", - "0x314DC643FB763F2B8C0E2DE00879 is (dec)99999999977^3" - ), - ( - "a56e2d2517519e3970e70c40000", "ec27428d4bb380458588fa80000", - "314DC643FB763F2B8C0E2DE00879", "" - ), - ( - "1cb5e8257710e8653fff33a00000", "15fdd42fe440fd3a1d121380000", - "314DC643FB763F2B8C0E2DE00879", "" - ), - ( - "e50d07a65fc6f93e538ce040000", "1f4b059ca609f3ce597f61240000", - "314DC643FB763F2B8C0E2DE00879", "" - ), - ( - "1ea3ade786a095d978d387f30df9f20000000", - "127c448575f04af5a367a7be06c7da0000000", - "47BF19662275FA2F6845C74942ED1D852E521", - "0x47BF19662275FA2F6845C74942ED1D852E521 is (dec) 99999999977^4" - ), - ( - "16e15b0ca82764e72e38357b1f10a20000000", - "43e2355d8514bbe22b0838fdc3983a0000000", - "47BF19662275FA2F6845C74942ED1D852E521", "" - ), - ( - "be39332529d93f25c3d116c004c620000000", - "5cccec42370a0a2c89c6772da801a0000000", - "47BF19662275FA2F6845C74942ED1D852E521", "" - ), - ( - "ecaa468d90de0eeda474d39b3e1fc0000000", - "1e714554018de6dc0fe576bfd3b5660000000", - "47BF19662275FA2F6845C74942ED1D852E521", "" - ), - ( - "32298816711c5dce46f9ba06e775c4bedfc770e6700000000000000", - "8ee751fd5fb24f0b4a653cb3a0c8b7d9e724574d168000000000000", - "97EDD86E4B5C4592C6D32064AC55C888A7245F07CA3CC455E07C931", - ( - "0x97EDD86E4B5C4592C6D32064AC55C888A7245F07CA3CC455E07C931" - " is (dec) 99999999977^6" - ) - ), - ( - "29213b9df3cfd15f4b428645b67b677c29d1378d810000000000000", - "6cbb732c65e10a28872394dfdd1936d5171c3c3aac0000000000000", - "97EDD86E4B5C4592C6D32064AC55C888A7245F07CA3CC455E07C931", "" - ), - ( - "6f18db06ad4abc52c0c50643dd13098abccd4a232f0000000000000", - "7e6bf41f2a86098ad51f98dfc10490ba3e8081bc830000000000000", - "97EDD86E4B5C4592C6D32064AC55C888A7245F07CA3CC455E07C931", "" - ), - ( - "62d3286cd706ad9d73caff63f1722775d7e8c731208000000000000", - "530f7ba02ae2b04c2fe3e3d27ec095925631a6c2528000000000000", - "97EDD86E4B5C4592C6D32064AC55C888A7245F07CA3CC455E07C931", "" - ), - ( - "a6c6503e3c031fdbf6009a89ed60582b7233c5a85de28b16000000000000000", - "75c8ed18270b583f16d442a467d32bf95c5e491e9b8523798000000000000000", - "DD15FE80B731872AC104DB37832F7E75A244AA2631BC87885B861E8F20375499", - ( - "0xDD15FE80B731872AC104DB37832F7E75A244AA2631BC87885B861E8F20375499" - " is (dec) 99999999977^7" - ) - ), - ( - "bf84d1f85cf6b51e04d2c8f4ffd03532d852053cf99b387d4000000000000000", - "397ba5a743c349f4f28bc583ecd5f06e0a25f9c6d98f09134000000000000000", - "DD15FE80B731872AC104DB37832F7E75A244AA2631BC87885B861E8F20375499", "" - ), - ( - "6db11c3a4152ed1a2aa6fa34b0903ec82ea1b88908dcb482000000000000000", - "ac8ac576a74ad6ca48f201bf89f77350ce86e821358d85920000000000000000", - "DD15FE80B731872AC104DB37832F7E75A244AA2631BC87885B861E8F20375499", "" - ), - ( - "3001d96d7fe8b733f33687646fc3017e3ac417eb32e0ec708000000000000000", - "925ddbdac4174e8321a48a32f79640e8cf7ec6f46ea235a80000000000000000", - "DD15FE80B731872AC104DB37832F7E75A244AA2631BC87885B861E8F20375499", "" - ), - ( - "1029048755f2e60dd98c8de6d9989226b6bb4f0db8e46bd1939de560000000000000000000", - "51bb7270b2e25cec0301a03e8275213bb6c2f6e6ec93d4d46d36ca0000000000000000000", - "141B8EBD9009F84C241879A1F680FACCED355DA36C498F73E96E880CF78EA5F96146380E41", - ( - "0x141B8EBD9009F84C241879A1F680FACCED355DA36C498F73E96E880CF78EA5F96146" - "380E41 is 99999999977^8" - ) - ), - ( - "1c5337ff982b3ad6611257dbff5bbd7a9920ba2d4f5838a0cc681ce000000000000000000", - "520c5d049ca4702031ba728591b665c4d4ccd3b2b86864d4c160fd2000000000000000000", - "141B8EBD9009F84C241879A1F680FACCED355DA36C498F73E96E880CF78EA5F96146380E41", - "" - ), - ( - "57074dfa00e42f6555bae624b7f0209f218adf57f73ed34ab0ff90c000000000000000000", - "41eb14b6c07bfd3d1fe4f4a610c17cc44fcfcda695db040e011065000000000000000000", - "141B8EBD9009F84C241879A1F680FACCED355DA36C498F73E96E880CF78EA5F96146380E41", - "" - ), - ( - "d8ed7feed2fe855e6997ad6397f776158573d425031bf085a615784000000000000000000", - "6f121dcd18c578ab5e229881006007bb6d319b179f11015fe958b9c000000000000000000", - "141B8EBD9009F84C241879A1F680FACCED355DA36C498F73E96E880CF78EA5F96146380E41", - "" - ), - ( - ( - "2a462b156180ea5fe550d3758c764e06fae54e626b5f503265a09df76edbdfbf" - "a1e6000000000000000000000000" - ), ( - "1136f41d1879fd4fb9e49e0943a46b6704d77c068ee237c3121f9071cfd3e6a0" - "0315800000000000000000000000" - ), ( - "2A94608DE88B6D5E9F8920F5ABB06B24CC35AE1FBACC87D075C621C3E2833EC90" - "2713E40F51E3B3C214EDFABC451" - ), ( - "0x2A94608DE88B6D5E9F8920F5ABB06B24CC35AE1FBACC87D075C621C3E2833EC" - "902713E40F51E3B3C214EDFABC451 is (dec) 99999999977^10" - ) - ), - ( - ( - "c1ac3800dfb3c6954dea391d206200cf3c47f795bf4a5603b4cb88ae7e574de47" - "40800000000000000000000000" - ), ( - "c0d16eda0549ede42fa0deb4635f7b7ce061fadea02ee4d85cba4c4f709603419" - "3c800000000000000000000000" - ), ( - "2A94608DE88B6D5E9F8920F5ABB06B24CC35AE1FBACC87D075C621C3E2833EC90" - "2713E40F51E3B3C214EDFABC451" - ), "" - ), - ( - ( - "19e45bb7633094d272588ad2e43bcb3ee341991c6731b6fa9d47c4018d7ce7bba" - "5ee800000000000000000000000" - ), ( - "1e4f83166ae59f6b9cc8fd3e7677ed8bfc01bb99c98bd3eb084246b64c1e18c33" - "65b800000000000000000000000" - ), ( - "2A94608DE88B6D5E9F8920F5ABB06B24CC35AE1FBACC87D075C621C3E2833EC90" - "2713E40F51E3B3C214EDFABC451" - ), "" - ), - ( - ( - "1aa93395fad5f9b7f20b8f9028a054c0bb7c11bb8520e6a95e5a34f06cb70bcdd" - "01a800000000000000000000000" - ), ( - "54b45afa5d4310192f8d224634242dd7dcfb342318df3d9bd37b4c614788ba13b" - "8b000000000000000000000000" - ), ( - "2A94608DE88B6D5E9F8920F5ABB06B24CC35AE1FBACC87D075C621C3E2833EC90" - "2713E40F51E3B3C214EDFABC451" - ), "" - ), - ( - ( - "544f2628a28cfb5ce0a1b7180ee66b49716f1d9476c466c57f0c4b23089917843" - "06d48f78686115ee19e25400000000000000000000000000000000" - ), ( - "677eb31ef8d66c120fa872a60cd47f6e10cbfdf94f90501bd7883cba03d185be0" - "a0148d1625745e9c4c827300000000000000000000000000000000" - ), ( - "8335616AED761F1F7F44E6BD49E807B82E3BF2BF11BFA6AF813C808DBF33DBFA1" - "1DABD6E6144BEF37C6800000000000000000000000000000000051" - ), ( - "0x8335616AED761F1F7F44E6BD49E807B82E3BF2BF11BFA6AF813C808DBF33DBF" - "A11DABD6E6144BEF37C6800000000000000000000000000000000051 is prime," - " (dec) 10^143 + 3^4" - ) - ), - ( - ( - "76bb3470985174915e9993522aec989666908f9e8cf5cb9f037bf4aee33d8865c" - "b6464174795d07e30015b80000000000000000000000000000000" - ), ( - "6aaaf60d5784dcef612d133613b179a317532ecca0eed40b8ad0c01e6d4a6d8c7" - "9a52af190abd51739009a900000000000000000000000000000000" - ), ( - "8335616AED761F1F7F44E6BD49E807B82E3BF2BF11BFA6AF813C808DBF33DBFA1" - "1DABD6E6144BEF37C6800000000000000000000000000000000051" - ), "" - ), - ( - ( - "6cfdd6e60912e441d2d1fc88f421b533f0103a5322ccd3f4db84861643ad63fd6" - "3d1d8cfbc1d498162786ba00000000000000000000000000000000" - ), ( - "1177246ec5e93814816465e7f8f248b350d954439d35b2b5d75d917218e7fd5fb" - "4c2f6d0667f9467fdcf33400000000000000000000000000000000" - ), ( - "8335616AED761F1F7F44E6BD49E807B82E3BF2BF11BFA6AF813C808DBF33DBFA1" - "1DABD6E6144BEF37C6800000000000000000000000000000000051" - ), "" - ), - ( - ( - "7a09a0b0f8bbf8057116fb0277a9bdf3a91b5eaa8830d448081510d8973888be5" - "a9f0ad04facb69aa3715f00000000000000000000000000000000" - ), ( - "764dec6c05a1c0d87b649efa5fd94c91ea28bffb4725d4ab4b33f1a3e8e3b314d" - "799020e244a835a145ec9800000000000000000000000000000000" - ), ( - "8335616AED761F1F7F44E6BD49E807B82E3BF2BF11BFA6AF813C808DBF33DBFA1" - "1DABD6E6144BEF37C6800000000000000000000000000000000051" - ), "" - ) - ] # type: List[Tuple[str, str, str, str]] - - def __init__( - self, val_a: str, val_b: str, val_n: str, case_description: str = "" - ): - self.case_description = case_description - self.arg_a = val_a - self.int_a = bignum_common.hex_to_int(val_a) - self.arg_b = val_b - self.int_b = bignum_common.hex_to_int(val_b) - self.arg_n = val_n - self.int_n = bignum_common.hex_to_int(val_n) - - limbs_a4 = bignum_common.limbs_mpi(self.int_a, 32) - limbs_a8 = bignum_common.limbs_mpi(self.int_a, 64) - self.limbs_b4 = bignum_common.limbs_mpi(self.int_b, 32) - self.limbs_b8 = bignum_common.limbs_mpi(self.int_b, 64) - self.limbs_an4 = bignum_common.limbs_mpi(self.int_n, 32) - self.limbs_an8 = bignum_common.limbs_mpi(self.int_n, 64) - - if limbs_a4 > self.limbs_an4 or limbs_a8 > self.limbs_an8: - raise Exception("Limbs of input A ({}) exceeds N ({})".format( - self.arg_a, self.arg_n - )) - - def arguments(self) -> List[str]: - return [ - str(self.limbs_an4), str(self.limbs_b4), - str(self.limbs_an8), str(self.limbs_b8), - bignum_common.quote_str(self.arg_a), - bignum_common.quote_str(self.arg_b), - bignum_common.quote_str(self.arg_n) - ] + self.result() - - def description(self) -> str: - if self.case_description != "replay": - if not self.start_2_mpi4 and self.limbs_an4 > 1: - tmp = "(start of 2-MPI 4-byte bignums) " - self.__class__.start_2_mpi4 = True - elif not self.start_2_mpi8 and self.limbs_an8 > 1: - tmp = "(start of 2-MPI 8-byte bignums) " - self.__class__.start_2_mpi8 = True - else: - tmp = "(gen) " - self.case_description = tmp + self.case_description - return super().description() - - def result(self) -> List[str]: - """Get the result of the operation.""" - r4 = bignum_common.bound_mpi_limbs(self.limbs_an4, 32) - i4 = bignum_common.invmod(r4, self.int_n) - x4 = self.int_a * self.int_b * i4 - x4 = x4 % self.int_n - - r8 = bignum_common.bound_mpi_limbs(self.limbs_an8, 64) - i8 = bignum_common.invmod(r8, self.int_n) - x8 = self.int_a * self.int_b * i8 - x8 = x8 % self.int_n - return [ - "\"{:x}\"".format(x4), - "\"{:x}\"".format(x8) - ] - - def set_limbs( - self, limbs_an4: int, limbs_b4: int, limbs_an8: int, limbs_b8: int - ) -> None: - """Set number of limbs for each input. - - Replaces default values set during initialization. - """ - self.limbs_an4 = limbs_an4 - self.limbs_b4 = limbs_b4 - self.limbs_an8 = limbs_an8 - self.limbs_b8 = limbs_b8 - - @classmethod - def generate_function_tests(cls) -> Iterator[test_case.TestCase]: - """Generate replay and randomly generated test cases.""" - # Test cases which replay captured invocations during unit test runs. - for limbs_an4, limbs_b4, limbs_an8, limbs_b8, a, b, n in cls.replay_test_cases: - cur_op = cls(a, b, n, case_description="replay") - cur_op.set_limbs(limbs_an4, limbs_b4, limbs_an8, limbs_b8) - yield cur_op.create_test_case() - # Random test cases can be generated using mpi_modmul_case_generate() - # Uses a mixture of primes and odd numbers as N, with four randomly - # generated cases for each N. - for a, b, n, description in cls.random_test_cases: - cur_op = cls(a, b, n, case_description=description) - yield cur_op.create_test_case() - - -def mpi_modmul_case_generate() -> None: - """Generate valid inputs for montmul tests using moduli. - - For each modulus, generates random values for A and B and simple descriptions - for the test case. - """ - moduli = [ - ("3", ""), ("7", ""), ("B", ""), ("29", ""), ("FF", ""), - ("101", ""), ("38B", ""), ("8003", ""), ("10001", ""), - ("7F7F7", ""), ("800009", ""), ("100002B", ""), ("37EEE9D", ""), - ("8000000B", ""), ("8CD626B9", ""), ("10000000F", ""), - ("174876E7E9", "is prime (dec) 99999999977"), - ("8000000017", ""), ("864CB9076D", ""), ("F7F7F7F7F7", ""), - ("1000000000F", ""), ("800000000005", ""), ("800795D9BA47", ""), - ("1000000000015", ""), ("100000000000051", ""), ("ABCDEF0123456789", ""), - ( - "25A55A46E5DA99C71C7", - "is the 3rd repunit prime (dec) 11111111111111111111111" - ), - ("314DC643FB763F2B8C0E2DE00879", "is (dec)99999999977^3"), - ("47BF19662275FA2F6845C74942ED1D852E521", "is (dec) 99999999977^4"), - ( - "97EDD86E4B5C4592C6D32064AC55C888A7245F07CA3CC455E07C931", - "is (dec) 99999999977^6" - ), - ( - "DD15FE80B731872AC104DB37832F7E75A244AA2631BC87885B861E8F20375499", - "is (dec) 99999999977^7" - ), - ( - "141B8EBD9009F84C241879A1F680FACCED355DA36C498F73E96E880CF78EA5F96146380E41", - "is (dec) 99999999977^8" - ), - ( - ( - "2A94608DE88B6D5E9F8920F5ABB06B24CC35AE1FBACC87D075C621C3E283" - "3EC902713E40F51E3B3C214EDFABC451" - ), - "is (dec) 99999999977^10" - ), - ( - "8335616AED761F1F7F44E6BD49E807B82E3BF2BF11BFA6AF813C808DBF33DBFA11" - "DABD6E6144BEF37C6800000000000000000000000000000000051", - "is prime, (dec) 10^143 + 3^4" - ) - ] # type: List[Tuple[str, str]] - primes = [ - "3", "7", "B", "29", "101", "38B", "8003", "10001", "800009", - "100002B", "37EEE9D", "8000000B", "8CD626B9", - # From here they require > 1 4-byte MPI - "10000000F", "174876E7E9", "8000000017", "864CB9076D", "1000000000F", - "800000000005", "800795D9BA47", "1000000000015", "100000000000051", - # From here they require > 1 8-byte MPI - "25A55A46E5DA99C71C7", # this is 11111111111111111111111 decimal - # 10^143 + 3^4: (which is prime) - # 100000000000000000000000000000000000000000000000000000000000000000000000000000 - # 000000000000000000000000000000000000000000000000000000000000000081 - ( - "8335616AED761F1F7F44E6BD49E807B82E3BF2BF11BFA6AF813C808DBF33DBFA11" - "DABD6E6144BEF37C6800000000000000000000000000000000051" - ) - ] # type: List[str] - generated_inputs = [] - for mod, description in moduli: - n = bignum_common.hex_to_int(mod) - mod_read = "{:x}".format(n) - case_count = 3 if n < 5 else 4 - cases = {} # type: Dict[int, int] - i = 0 - while i < case_count: - a = random.randint(1, n) - b = random.randint(1, n) - if cases.get(a) == b: - continue - cases[a] = b - if description: - out_description = "0x{} {}".format(mod_read, description) - elif i == 0 and len(mod) > 1 and mod in primes: - out_description = "(0x{} is prime)" - else: - out_description = "" - generated_inputs.append( - ("{:x}".format(a), "{:x}".format(b), mod, out_description) - ) - i += 1 - print(generated_inputs) - - -class BignumCoreExpMod(BignumCoreTarget, bignum_common.ModOperationCommon): - """Test cases for bignum core exponentiation.""" - symbol = "^" - test_function = "mpi_core_exp_mod" - test_name = "Core modular exponentiation (Mongtomery form only)" - input_style = "fixed" - montgomery_form_a = True - - def result(self) -> List[str]: - # Result has to be given in Montgomery form too - result = pow(self.int_a, self.int_b, self.int_n) - mont_result = self.to_montgomery(result) - return [self.format_result(mont_result)] - - @property - def is_valid(self) -> bool: - # The base needs to be canonical, but the exponent can be larger than - # the modulus (see for example exponent blinding) - return bool(self.int_a < self.int_n) - - -class BignumCoreSubInt(BignumCoreTarget, bignum_common.OperationCommon): - """Test cases for bignum core sub int.""" - count = 0 - symbol = "-" - test_function = "mpi_core_sub_int" - test_name = "mpi_core_sub_int" - input_style = "arch_split" - - @property - def is_valid(self) -> bool: - # This is "sub int", so b is only one limb - if bignum_common.limbs_mpi(self.int_b, self.bits_in_limb) > 1: - return False - return True - - # Overriding because we don't want leading zeros on b - @property - def arg_b(self) -> str: - return self.val_b - - def result(self) -> List[str]: - result = self.int_a - self.int_b - - borrow, result = divmod(result, self.limb_boundary) - - # Borrow will be -1 if non-zero, but we want it to be 1 in the test data - return [ - self.format_result(result), - str(-borrow) - ] - -class BignumCoreZeroCheckCT(BignumCoreTarget, bignum_common.OperationCommon): - """Test cases for bignum core zero check (constant flow).""" - count = 0 - symbol = "== 0" - test_function = "mpi_core_check_zero_ct" - test_name = "mpi_core_check_zero_ct" - input_style = "variable" - arity = 1 - suffix = True - - def result(self) -> List[str]: - result = 1 if self.int_a == 0 else 0 - return [str(result)] diff --git a/scripts/mbedtls_dev/bignum_data.py b/scripts/mbedtls_dev/bignum_data.py deleted file mode 100644 index 5c6c2c81e4..0000000000 --- a/scripts/mbedtls_dev/bignum_data.py +++ /dev/null @@ -1,159 +0,0 @@ -"""Base values and datasets for bignum generated tests and helper functions that -produced them.""" -# Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later -# - -import random - -# Functions calling these were used to produce test data and are here only for -# reproducibility, they are not used by the test generation framework/classes -try: - from Cryptodome.Util.number import isPrime, getPrime #type: ignore #pylint: disable=import-error -except ImportError: - pass - -# Generated by bignum_common.gen_safe_prime(192,1) -SAFE_PRIME_192_BIT_SEED_1 = "d1c127a667786703830500038ebaef20e5a3e2dc378fb75b" - -# First number generated by random.getrandbits(192) - seed(2,2), not a prime -RANDOM_192_BIT_SEED_2_NO1 = "177219d30e7a269fd95bafc8f2a4d27bdcf4bb99f4bea973" - -# Second number generated by random.getrandbits(192) - seed(2,2), not a prime -RANDOM_192_BIT_SEED_2_NO2 = "cf1822ffbc6887782b491044d5e341245c6e433715ba2bdd" - -# Third number generated by random.getrandbits(192) - seed(2,2), not a prime -RANDOM_192_BIT_SEED_2_NO3 = "3653f8dd9b1f282e4067c3584ee207f8da94e3e8ab73738f" - -# Fourth number generated by random.getrandbits(192) - seed(2,2), not a prime -RANDOM_192_BIT_SEED_2_NO4 = "ffed9235288bc781ae66267594c9c9500925e4749b575bd1" - -# Ninth number generated by random.getrandbits(192) - seed(2,2), not a prime -RANDOM_192_BIT_SEED_2_NO9 = "2a1be9cd8697bbd0e2520e33e44c50556c71c4a66148a86f" - -# Generated by bignum_common.gen_safe_prime(1024,3) -SAFE_PRIME_1024_BIT_SEED_3 = ("c93ba7ec74d96f411ba008bdb78e63ff11bb5df46a51e16b" - "2c9d156f8e4e18abf5e052cb01f47d0d1925a77f60991577" - "e128fb6f52f34a27950a594baadd3d8057abeb222cf3cca9" - "62db16abf79f2ada5bd29ab2f51244bf295eff9f6aaba130" - "2efc449b128be75eeaca04bc3c1a155d11d14e8be32a2c82" - "87b3996cf6ad5223") - -# First number generated by random.getrandbits(1024) - seed(4,2), not a prime -RANDOM_1024_BIT_SEED_4_NO1 = ("6905269ed6f0b09f165c8ce36e2f24b43000de01b2ed40ed" - "3addccb2c33be0ac79d679346d4ac7a5c3902b38963dc6e8" - "534f45738d048ec0f1099c6c3e1b258fd724452ccea71ff4" - "a14876aeaff1a098ca5996666ceab360512bd13110722311" - "710cf5327ac435a7a97c643656412a9b8a1abcd1a6916c74" - "da4f9fc3c6da5d7") - -# Second number generated by random.getrandbits(1024) - seed(4,2), not a prime -RANDOM_1024_BIT_SEED_4_NO2 = ("f1cfd99216df648647adec26793d0e453f5082492d83a823" - "3fb62d2c81862fc9634f806fabf4a07c566002249b191bf4" - "d8441b5616332aca5f552773e14b0190d93936e1daca3c06" - "f5ff0c03bb5d7385de08caa1a08179104a25e4664f5253a0" - "2a3187853184ff27459142deccea264542a00403ce80c4b0" - "a4042bb3d4341aad") - -# Third number generated by random.getrandbits(1024) - seed(4,2), not a prime -RANDOM_1024_BIT_SEED_4_NO3 = ("14c15c910b11ad28cc21ce88d0060cc54278c2614e1bcb38" - "3bb4a570294c4ea3738d243a6e58d5ca49c7b59b995253fd" - "6c79a3de69f85e3131f3b9238224b122c3e4a892d9196ada" - "4fcfa583e1df8af9b474c7e89286a1754abcb06ae8abb93f" - "01d89a024cdce7a6d7288ff68c320f89f1347e0cdd905ecf" - "d160c5d0ef412ed6") - -# Fourth number generated by random.getrandbits(1024) - seed(4,2), not a prime -RANDOM_1024_BIT_SEED_4_NO4 = ("32decd6b8efbc170a26a25c852175b7a96b98b5fbf37a2be" - "6f98bca35b17b9662f0733c846bbe9e870ef55b1a1f65507" - "a2909cb633e238b4e9dd38b869ace91311021c9e32111ac1" - "ac7cc4a4ff4dab102522d53857c49391b36cc9aa78a330a1" - "a5e333cb88dcf94384d4cd1f47ca7883ff5a52f1a05885ac" - "7671863c0bdbc23a") - -# Fifth number generated by random.getrandbits(1024) - seed(4,2), not a prime -RANDOM_1024_BIT_SEED_4_NO5 = ("53be4721f5b9e1f5acdac615bc20f6264922b9ccf469aef8" - "f6e7d078e55b85dd1525f363b281b8885b69dc230af5ac87" - "0692b534758240df4a7a03052d733dcdef40af2e54c0ce68" - "1f44ebd13cc75f3edcb285f89d8cf4d4950b16ffc3e1ac3b" - "4708d9893a973000b54a23020fc5b043d6e4a51519d9c9cc" - "52d32377e78131c1") - -# Adding 192 bit and 1024 bit numbers because these are the shortest required -# for ECC and RSA respectively. -INPUTS_DEFAULT = [ - "0", "1", # corner cases - "2", "3", # small primes - "4", # non-prime even - "38", # small random - SAFE_PRIME_192_BIT_SEED_1, # prime - RANDOM_192_BIT_SEED_2_NO1, # not a prime - RANDOM_192_BIT_SEED_2_NO2, # not a prime - SAFE_PRIME_1024_BIT_SEED_3, # prime - RANDOM_1024_BIT_SEED_4_NO1, # not a prime - RANDOM_1024_BIT_SEED_4_NO3, # not a prime - RANDOM_1024_BIT_SEED_4_NO2, # largest (not a prime) - ] - -ADD_SUB_DATA = [ - "0", "1", "3", "f", "fe", "ff", "100", "ff00", - "fffe", "ffff", "10000", # 2^16 - 1, 2^16, 2^16 + 1 - "fffffffe", "ffffffff", "100000000", # 2^32 - 1, 2^32, 2^32 + 1 - "1f7f7f7f7f7f7f", - "8000000000000000", "fefefefefefefefe", - "fffffffffffffffe", "ffffffffffffffff", "10000000000000000", # 2^64 - 1, 2^64, 2^64 + 1 - "1234567890abcdef0", - "fffffffffffffffffffffffe", - "ffffffffffffffffffffffff", - "1000000000000000000000000", - "fffffffffffffffffefefefefefefefe", - "fffffffffffffffffffffffffffffffe", - "ffffffffffffffffffffffffffffffff", - "100000000000000000000000000000000", - "1234567890abcdef01234567890abcdef0", - "fffffffffffffffffffffffffffffffffffffffffffffffffefefefefefefefe", - "fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffe", - "ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", - "10000000000000000000000000000000000000000000000000000000000000000", - "1234567890abcdef01234567890abcdef01234567890abcdef01234567890abcdef0", - ] - -# Only odd moduli are present as in the new bignum code only odd moduli are -# supported for now. -MODULI_DEFAULT = [ - "53", # safe prime - "45", # non-prime - SAFE_PRIME_192_BIT_SEED_1, # safe prime - RANDOM_192_BIT_SEED_2_NO4, # not a prime - SAFE_PRIME_1024_BIT_SEED_3, # safe prime - RANDOM_1024_BIT_SEED_4_NO5, # not a prime - ] - -# Some functions, e.g. mbedtls_mpi_mod_raw_inv_prime(), only support prime moduli. -ONLY_PRIME_MODULI = [ - "53", # safe prime - "8ac72304057392b5", # 9999999997777777333 (longer, not safe, prime) - # The next prime has a different R in Montgomery form depending on - # whether 32- or 64-bit MPIs are used. - "152d02c7e14af67fe0bf", # 99999999999999999991999 - SAFE_PRIME_192_BIT_SEED_1, # safe prime - SAFE_PRIME_1024_BIT_SEED_3, # safe prime - ] - -def __gen_safe_prime(bits, seed): - ''' - Generate a safe prime. - - This function is intended for generating constants offline and shouldn't be - used in test generation classes. - - Requires pycryptodomex for getPrime and isPrime and python 3.9 or later for - randbytes. - ''' - rng = random.Random() - # We want reproducibility across python versions - rng.seed(seed, version=2) - while True: - prime = 2*getPrime(bits-1, rng.randbytes)+1 #pylint: disable=no-member - if isPrime(prime, 1e-30): - return prime diff --git a/scripts/mbedtls_dev/bignum_mod.py b/scripts/mbedtls_dev/bignum_mod.py deleted file mode 100644 index f554001ec7..0000000000 --- a/scripts/mbedtls_dev/bignum_mod.py +++ /dev/null @@ -1,102 +0,0 @@ -"""Framework classes for generation of bignum mod test cases.""" -# Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later -# - -from typing import Dict, List - -from . import test_data_generation -from . import bignum_common -from .bignum_data import ONLY_PRIME_MODULI - -class BignumModTarget(test_data_generation.BaseTarget): - #pylint: disable=abstract-method, too-few-public-methods - """Target for bignum mod test case generation.""" - target_basename = 'test_suite_bignum_mod.generated' - - -class BignumModMul(bignum_common.ModOperationCommon, - BignumModTarget): - # pylint:disable=duplicate-code - """Test cases for bignum mpi_mod_mul().""" - symbol = "*" - test_function = "mpi_mod_mul" - test_name = "mbedtls_mpi_mod_mul" - input_style = "arch_split" - arity = 2 - - def arguments(self) -> List[str]: - return [self.format_result(self.to_montgomery(self.int_a)), - self.format_result(self.to_montgomery(self.int_b)), - bignum_common.quote_str(self.arg_n) - ] + self.result() - - def result(self) -> List[str]: - result = (self.int_a * self.int_b) % self.int_n - return [self.format_result(self.to_montgomery(result))] - - -class BignumModSub(bignum_common.ModOperationCommon, BignumModTarget): - """Test cases for bignum mpi_mod_sub().""" - symbol = "-" - test_function = "mpi_mod_sub" - test_name = "mbedtls_mpi_mod_sub" - input_style = "fixed" - arity = 2 - - def result(self) -> List[str]: - result = (self.int_a - self.int_b) % self.int_n - # To make negative tests easier, append 0 for success to the - # generated cases - return [self.format_result(result), "0"] - -class BignumModInvNonMont(bignum_common.ModOperationCommon, BignumModTarget): - """Test cases for bignum mpi_mod_inv() - not in Montgomery form.""" - moduli = ONLY_PRIME_MODULI # for now only prime moduli supported - symbol = "^ -1" - test_function = "mpi_mod_inv_non_mont" - test_name = "mbedtls_mpi_mod_inv non-Mont. form" - input_style = "fixed" - arity = 1 - suffix = True - disallow_zero_a = True - - def result(self) -> List[str]: - result = bignum_common.invmod_positive(self.int_a, self.int_n) - # To make negative tests easier, append 0 for success to the - # generated cases - return [self.format_result(result), "0"] - -class BignumModInvMont(bignum_common.ModOperationCommon, BignumModTarget): - """Test cases for bignum mpi_mod_inv() - Montgomery form.""" - moduli = ONLY_PRIME_MODULI # for now only prime moduli supported - symbol = "^ -1" - test_function = "mpi_mod_inv_mont" - test_name = "mbedtls_mpi_mod_inv Mont. form" - input_style = "arch_split" # Mont. form requires arch_split - arity = 1 - suffix = True - disallow_zero_a = True - montgomery_form_a = True - - def result(self) -> List[str]: - result = bignum_common.invmod_positive(self.int_a, self.int_n) - mont_result = self.to_montgomery(result) - # To make negative tests easier, append 0 for success to the - # generated cases - return [self.format_result(mont_result), "0"] - - -class BignumModAdd(bignum_common.ModOperationCommon, BignumModTarget): - """Test cases for bignum mpi_mod_add().""" - count = 0 - symbol = "+" - test_function = "mpi_mod_add" - test_name = "mbedtls_mpi_mod_add" - input_style = "fixed" - - def result(self) -> List[str]: - result = (self.int_a + self.int_b) % self.int_n - # To make negative tests easier, append "0" for success to the - # generated cases - return [self.format_result(result), "0"] diff --git a/scripts/mbedtls_dev/bignum_mod_raw.py b/scripts/mbedtls_dev/bignum_mod_raw.py deleted file mode 100644 index 37ad27a115..0000000000 --- a/scripts/mbedtls_dev/bignum_mod_raw.py +++ /dev/null @@ -1,242 +0,0 @@ -"""Framework classes for generation of bignum mod_raw test cases.""" -# Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later -# - -from typing import Iterator, List - -from . import test_case -from . import test_data_generation -from . import bignum_common -from .bignum_data import ONLY_PRIME_MODULI - -class BignumModRawTarget(test_data_generation.BaseTarget): - #pylint: disable=abstract-method, too-few-public-methods - """Target for bignum mod_raw test case generation.""" - target_basename = 'test_suite_bignum_mod_raw.generated' - - -class BignumModRawSub(bignum_common.ModOperationCommon, - BignumModRawTarget): - """Test cases for bignum mpi_mod_raw_sub().""" - symbol = "-" - test_function = "mpi_mod_raw_sub" - test_name = "mbedtls_mpi_mod_raw_sub" - input_style = "fixed" - arity = 2 - - def arguments(self) -> List[str]: - return [bignum_common.quote_str(n) for n in [self.arg_a, - self.arg_b, - self.arg_n] - ] + self.result() - - def result(self) -> List[str]: - result = (self.int_a - self.int_b) % self.int_n - return [self.format_result(result)] - -class BignumModRawFixQuasiReduction(bignum_common.ModOperationCommon, - BignumModRawTarget): - """Test cases for ecp quasi_reduction().""" - symbol = "-" - test_function = "mpi_mod_raw_fix_quasi_reduction" - test_name = "fix_quasi_reduction" - input_style = "fixed" - arity = 1 - - # Extend the default values with n < x < 2n - input_values = bignum_common.ModOperationCommon.input_values + [ - "73", - - # First number generated by random.getrandbits(1024) - seed(3,2) - "ea7b5bf55eb561a4216363698b529b4a97b750923ceb3ffd", - - # First number generated by random.getrandbits(1024) - seed(1,2) - ("cd447e35b8b6d8fe442e3d437204e52db2221a58008a05a6c4647159c324c985" - "9b810e766ec9d28663ca828dd5f4b3b2e4b06ce60741c7a87ce42c8218072e8c" - "35bf992dc9e9c616612e7696a6cecc1b78e510617311d8a3c2ce6f447ed4d57b" - "1e2feb89414c343c1027c4d1c386bbc4cd613e30d8f16adf91b7584a2265b1f5") - ] # type: List[str] - - def result(self) -> List[str]: - result = self.int_a % self.int_n - return [self.format_result(result)] - - @property - def is_valid(self) -> bool: - return bool(self.int_a < 2 * self.int_n) - -class BignumModRawMul(bignum_common.ModOperationCommon, - BignumModRawTarget): - """Test cases for bignum mpi_mod_raw_mul().""" - symbol = "*" - test_function = "mpi_mod_raw_mul" - test_name = "mbedtls_mpi_mod_raw_mul" - input_style = "arch_split" - arity = 2 - - def arguments(self) -> List[str]: - return [self.format_result(self.to_montgomery(self.int_a)), - self.format_result(self.to_montgomery(self.int_b)), - bignum_common.quote_str(self.arg_n) - ] + self.result() - - def result(self) -> List[str]: - result = (self.int_a * self.int_b) % self.int_n - return [self.format_result(self.to_montgomery(result))] - - -class BignumModRawInvPrime(bignum_common.ModOperationCommon, - BignumModRawTarget): - """Test cases for bignum mpi_mod_raw_inv_prime().""" - moduli = ONLY_PRIME_MODULI - symbol = "^ -1" - test_function = "mpi_mod_raw_inv_prime" - test_name = "mbedtls_mpi_mod_raw_inv_prime (Montgomery form only)" - input_style = "arch_split" - arity = 1 - suffix = True - montgomery_form_a = True - disallow_zero_a = True - - def result(self) -> List[str]: - result = bignum_common.invmod_positive(self.int_a, self.int_n) - mont_result = self.to_montgomery(result) - return [self.format_result(mont_result)] - - -class BignumModRawAdd(bignum_common.ModOperationCommon, - BignumModRawTarget): - """Test cases for bignum mpi_mod_raw_add().""" - symbol = "+" - test_function = "mpi_mod_raw_add" - test_name = "mbedtls_mpi_mod_raw_add" - input_style = "fixed" - arity = 2 - - def result(self) -> List[str]: - result = (self.int_a + self.int_b) % self.int_n - return [self.format_result(result)] - - -class BignumModRawConvertRep(bignum_common.ModOperationCommon, - BignumModRawTarget): - # This is an abstract class, it's ok to have unimplemented methods. - #pylint: disable=abstract-method - """Test cases for representation conversion.""" - symbol = "" - input_style = "arch_split" - arity = 1 - rep = bignum_common.ModulusRepresentation.INVALID - - def set_representation(self, r: bignum_common.ModulusRepresentation) -> None: - self.rep = r - - def arguments(self) -> List[str]: - return ([bignum_common.quote_str(self.arg_n), self.rep.symbol(), - bignum_common.quote_str(self.arg_a)] + - self.result()) - - def description(self) -> str: - base = super().description() - mod_with_rep = 'mod({})'.format(self.rep.name) - return base.replace('mod', mod_with_rep, 1) - - @classmethod - def test_cases_for_values(cls, rep: bignum_common.ModulusRepresentation, - n: str, a: str) -> Iterator[test_case.TestCase]: - """Emit test cases for the given values (if any). - - This may emit no test cases if a isn't valid for the modulus n, - or multiple test cases if rep requires different data depending - on the limb size. - """ - for bil in cls.limb_sizes: - test_object = cls(n, a, bits_in_limb=bil) - test_object.set_representation(rep) - # The class is set to having separate test cases for each limb - # size, because the Montgomery representation requires it. - # But other representations don't require it. So for other - # representations, emit a single test case with no dependency - # on the limb size. - if rep is not bignum_common.ModulusRepresentation.MONTGOMERY: - test_object.dependencies = \ - [dep for dep in test_object.dependencies - if not dep.startswith('MBEDTLS_HAVE_INT')] - if test_object.is_valid: - yield test_object.create_test_case() - if rep is not bignum_common.ModulusRepresentation.MONTGOMERY: - # A single test case (emitted, or skipped due to invalidity) - # is enough, since this test case doesn't depend on the - # limb size. - break - - # The parent class doesn't support non-bignum parameters. So we override - # test generation, in order to have the representation as a parameter. - @classmethod - def generate_function_tests(cls) -> Iterator[test_case.TestCase]: - - for rep in bignum_common.ModulusRepresentation.supported_representations(): - for n in cls.moduli: - for a in cls.input_values: - yield from cls.test_cases_for_values(rep, n, a) - -class BignumModRawCanonicalToModulusRep(BignumModRawConvertRep): - """Test cases for mpi_mod_raw_canonical_to_modulus_rep.""" - test_function = "mpi_mod_raw_canonical_to_modulus_rep" - test_name = "Rep canon->mod" - - def result(self) -> List[str]: - return [self.format_result(self.convert_from_canonical(self.int_a, self.rep))] - -class BignumModRawModulusToCanonicalRep(BignumModRawConvertRep): - """Test cases for mpi_mod_raw_modulus_to_canonical_rep.""" - test_function = "mpi_mod_raw_modulus_to_canonical_rep" - test_name = "Rep mod->canon" - - @property - def arg_a(self) -> str: - return self.format_arg("{:x}".format(self.convert_from_canonical(self.int_a, self.rep))) - - def result(self) -> List[str]: - return [self.format_result(self.int_a)] - - -class BignumModRawConvertToMont(bignum_common.ModOperationCommon, - BignumModRawTarget): - """ Test cases for mpi_mod_raw_to_mont_rep(). """ - test_function = "mpi_mod_raw_to_mont_rep" - test_name = "Convert into Mont: " - symbol = "R *" - input_style = "arch_split" - arity = 1 - - def result(self) -> List[str]: - result = self.to_montgomery(self.int_a) - return [self.format_result(result)] - -class BignumModRawConvertFromMont(bignum_common.ModOperationCommon, - BignumModRawTarget): - """ Test cases for mpi_mod_raw_from_mont_rep(). """ - test_function = "mpi_mod_raw_from_mont_rep" - test_name = "Convert from Mont: " - symbol = "1/R *" - input_style = "arch_split" - arity = 1 - - def result(self) -> List[str]: - result = self.from_montgomery(self.int_a) - return [self.format_result(result)] - -class BignumModRawModNegate(bignum_common.ModOperationCommon, - BignumModRawTarget): - """ Test cases for mpi_mod_raw_neg(). """ - test_function = "mpi_mod_raw_neg" - test_name = "Modular negation: " - symbol = "-" - input_style = "arch_split" - arity = 1 - - def result(self) -> List[str]: - result = (self.int_n - self.int_a) % self.int_n - return [self.format_result(result)] diff --git a/scripts/mbedtls_dev/build_tree.py b/scripts/mbedtls_dev/build_tree.py deleted file mode 100644 index ec67e4cdfa..0000000000 --- a/scripts/mbedtls_dev/build_tree.py +++ /dev/null @@ -1,120 +0,0 @@ -"""Mbed TLS build tree information and manipulation. -""" - -# Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later -# - -import os -import inspect -from typing import Optional - -def looks_like_tf_psa_crypto_root(path: str) -> bool: - """Whether the given directory looks like the root of the PSA Crypto source tree.""" - return all(os.path.isdir(os.path.join(path, subdir)) - for subdir in ['include', 'core', 'drivers', 'programs', 'tests']) - -def looks_like_mbedtls_root(path: str) -> bool: - """Whether the given directory looks like the root of the Mbed TLS source tree.""" - return all(os.path.isdir(os.path.join(path, subdir)) - for subdir in ['include', 'library', 'programs', 'tests']) - -def looks_like_root(path: str) -> bool: - return looks_like_tf_psa_crypto_root(path) or looks_like_mbedtls_root(path) - -def crypto_core_directory(root: Optional[str] = None, relative: Optional[bool] = False) -> str: - """ - Return the path of the directory containing the PSA crypto core - for either TF-PSA-Crypto or Mbed TLS. - - Returns either the full path or relative path depending on the - "relative" boolean argument. - """ - if root is None: - root = guess_project_root() - if looks_like_tf_psa_crypto_root(root): - if relative: - return "core" - return os.path.join(root, "core") - elif looks_like_mbedtls_root(root): - if relative: - return "library" - return os.path.join(root, "library") - else: - raise Exception('Neither Mbed TLS nor TF-PSA-Crypto source tree found') - -def crypto_library_filename(root: Optional[str] = None) -> str: - """Return the crypto library filename for either TF-PSA-Crypto or Mbed TLS.""" - if root is None: - root = guess_project_root() - if looks_like_tf_psa_crypto_root(root): - return "tfpsacrypto" - elif looks_like_mbedtls_root(root): - return "mbedcrypto" - else: - raise Exception('Neither Mbed TLS nor TF-PSA-Crypto source tree found') - -def check_repo_path(): - """Check that the current working directory is the project root, and throw - an exception if not. - """ - if not all(os.path.isdir(d) for d in ["include", "library", "tests"]): - raise Exception("This script must be run from Mbed TLS root") - -def chdir_to_root() -> None: - """Detect the root of the Mbed TLS source tree and change to it. - - The current directory must be up to two levels deep inside an Mbed TLS - source tree. - """ - for d in [os.path.curdir, - os.path.pardir, - os.path.join(os.path.pardir, os.path.pardir)]: - if looks_like_root(d): - os.chdir(d) - return - raise Exception('Mbed TLS source tree not found') - -def guess_project_root(): - """Guess project source code directory. - - Return the first possible project root directory. - """ - dirs = set({}) - for frame in inspect.stack(): - path = os.path.dirname(frame.filename) - for d in ['.', os.path.pardir] \ - + [os.path.join(*([os.path.pardir]*i)) for i in range(2, 10)]: - d = os.path.abspath(os.path.join(path, d)) - if d in dirs: - continue - dirs.add(d) - if looks_like_root(d): - return d - raise Exception('Neither Mbed TLS nor TF-PSA-Crypto source tree found') - -def guess_mbedtls_root(root: Optional[str] = None) -> str: - """Guess Mbed TLS source code directory. - - Return the first possible Mbed TLS root directory. - Raise an exception if we are not in Mbed TLS. - """ - if root is None: - root = guess_project_root() - if looks_like_mbedtls_root(root): - return root - else: - raise Exception('Mbed TLS source tree not found') - -def guess_tf_psa_crypto_root(root: Optional[str] = None) -> str: - """Guess TF-PSA-Crypto source code directory. - - Return the first possible TF-PSA-Crypto root directory. - Raise an exception if we are not in TF-PSA-Crypto. - """ - if root is None: - root = guess_project_root() - if looks_like_tf_psa_crypto_root(root): - return root - else: - raise Exception('TF-PSA-Crypto source tree not found') diff --git a/scripts/mbedtls_dev/c_build_helper.py b/scripts/mbedtls_dev/c_build_helper.py deleted file mode 100644 index f2cbbe4af7..0000000000 --- a/scripts/mbedtls_dev/c_build_helper.py +++ /dev/null @@ -1,162 +0,0 @@ -"""Generate and run C code. -""" - -# Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later -# - -import os -import platform -import subprocess -import sys -import tempfile - -def remove_file_if_exists(filename): - """Remove the specified file, ignoring errors.""" - if not filename: - return - try: - os.remove(filename) - except OSError: - pass - -def create_c_file(file_label): - """Create a temporary C file. - - * ``file_label``: a string that will be included in the file name. - - Return ```(c_file, c_name, exe_name)``` where ``c_file`` is a Python - stream open for writing to the file, ``c_name`` is the name of the file - and ``exe_name`` is the name of the executable that will be produced - by compiling the file. - """ - c_fd, c_name = tempfile.mkstemp(prefix='tmp-{}-'.format(file_label), - suffix='.c') - exe_suffix = '.exe' if platform.system() == 'Windows' else '' - exe_name = c_name[:-2] + exe_suffix - remove_file_if_exists(exe_name) - c_file = os.fdopen(c_fd, 'w', encoding='ascii') - return c_file, c_name, exe_name - -def generate_c_printf_expressions(c_file, cast_to, printf_format, expressions): - """Generate C instructions to print the value of ``expressions``. - - Write the code with ``c_file``'s ``write`` method. - - Each expression is cast to the type ``cast_to`` and printed with the - printf format ``printf_format``. - """ - for expr in expressions: - c_file.write(' printf("{}\\n", ({}) {});\n' - .format(printf_format, cast_to, expr)) - -def generate_c_file(c_file, - caller, header, - main_generator): - """Generate a temporary C source file. - - * ``c_file`` is an open stream on the C source file. - * ``caller``: an informational string written in a comment at the top - of the file. - * ``header``: extra code to insert before any function in the generated - C file. - * ``main_generator``: a function called with ``c_file`` as its sole argument - to generate the body of the ``main()`` function. - """ - c_file.write('/* Generated by {} */' - .format(caller)) - c_file.write(''' -#include -''') - c_file.write(header) - c_file.write(''' -int main(void) -{ -''') - main_generator(c_file) - c_file.write(''' return 0; -} -''') - -def compile_c_file(c_filename, exe_filename, include_dirs): - """Compile a C source file with the host compiler. - - * ``c_filename``: the name of the source file to compile. - * ``exe_filename``: the name for the executable to be created. - * ``include_dirs``: a list of paths to include directories to be passed - with the -I switch. - """ - # Respect $HOSTCC if it is set - cc = os.getenv('HOSTCC', None) - if cc is None: - cc = os.getenv('CC', 'cc') - cmd = [cc] - - proc = subprocess.Popen(cmd, - stdout=subprocess.DEVNULL, - stderr=subprocess.PIPE, - universal_newlines=True) - cc_is_msvc = 'Microsoft (R) C/C++' in proc.communicate()[1] - - cmd += ['-I' + dir for dir in include_dirs] - if cc_is_msvc: - # MSVC has deprecated using -o to specify the output file, - # and produces an object file in the working directory by default. - obj_filename = exe_filename[:-4] + '.obj' - cmd += ['-Fe' + exe_filename, '-Fo' + obj_filename] - else: - cmd += ['-o' + exe_filename] - - subprocess.check_call(cmd + [c_filename]) - -def get_c_expression_values( - cast_to, printf_format, - expressions, - caller=__name__, file_label='', - header='', include_path=None, - keep_c=False, -): # pylint: disable=too-many-arguments, too-many-locals - """Generate and run a program to print out numerical values for expressions. - - * ``cast_to``: a C type. - * ``printf_format``: a printf format suitable for the type ``cast_to``. - * ``header``: extra code to insert before any function in the generated - C file. - * ``expressions``: a list of C language expressions that have the type - ``cast_to``. - * ``include_path``: a list of directories containing header files. - * ``keep_c``: if true, keep the temporary C file (presumably for debugging - purposes). - - Use the C compiler specified by the ``CC`` environment variable, defaulting - to ``cc``. If ``CC`` looks like MSVC, use its command line syntax, - otherwise assume the compiler supports Unix traditional ``-I`` and ``-o``. - - Return the list of values of the ``expressions``. - """ - if include_path is None: - include_path = [] - c_name = None - exe_name = None - obj_name = None - try: - c_file, c_name, exe_name = create_c_file(file_label) - generate_c_file( - c_file, caller, header, - lambda c_file: generate_c_printf_expressions(c_file, - cast_to, printf_format, - expressions) - ) - c_file.close() - - compile_c_file(c_name, exe_name, include_path) - if keep_c: - sys.stderr.write('List of {} tests kept at {}\n' - .format(caller, c_name)) - else: - os.remove(c_name) - output = subprocess.check_output([exe_name]) - return output.decode('ascii').strip().split('\n') - finally: - remove_file_if_exists(exe_name) - remove_file_if_exists(obj_name) diff --git a/scripts/mbedtls_dev/c_parsing_helper.py b/scripts/mbedtls_dev/c_parsing_helper.py deleted file mode 100644 index 2657b7d230..0000000000 --- a/scripts/mbedtls_dev/c_parsing_helper.py +++ /dev/null @@ -1,131 +0,0 @@ -"""Helper functions to parse C code in heavily constrained scenarios. - -Currently supported functionality: - -* read_function_declarations: read function declarations from a header file. -""" - -# Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - -### WARNING: the code in this file has not been extensively reviewed yet. -### We do not think it is harmful, but it may be below our normal standards -### for robustness and maintainability. - -import re -from typing import Dict, Iterable, Iterator, List, Optional, Tuple - - -class ArgumentInfo: - """Information about an argument to an API function.""" - #pylint: disable=too-few-public-methods - - _KEYWORDS = [ - 'const', 'register', 'restrict', - 'int', 'long', 'short', 'signed', 'unsigned', - ] - _DECLARATION_RE = re.compile( - r'(?P\w[\w\s*]*?)\s*' + - r'(?!(?:' + r'|'.join(_KEYWORDS) + r'))(?P\b\w+\b)?' + - r'\s*(?P\[[^][]*\])?\Z', - re.A | re.S) - - @classmethod - def normalize_type(cls, typ: str) -> str: - """Normalize whitespace in a type.""" - typ = re.sub(r'\s+', r' ', typ) - typ = re.sub(r'\s*\*', r' *', typ) - return typ - - def __init__(self, decl: str) -> None: - self.decl = decl.strip() - m = self._DECLARATION_RE.match(self.decl) - if not m: - raise ValueError(self.decl) - self.type = self.normalize_type(m.group('type')) #type: str - self.name = m.group('name') #type: Optional[str] - self.suffix = m.group('suffix') if m.group('suffix') else '' #type: str - - -class FunctionInfo: - """Information about an API function.""" - #pylint: disable=too-few-public-methods - - # Regex matching the declaration of a function that returns void. - VOID_RE = re.compile(r'\s*\bvoid\s*\Z', re.A) - - def __init__(self, #pylint: disable=too-many-arguments - filename: str, - line_number: int, - qualifiers: Iterable[str], - return_type: str, - name: str, - arguments: List[str]) -> None: - self.filename = filename - self.line_number = line_number - self.qualifiers = frozenset(qualifiers) - self.return_type = return_type - self.name = name - self.arguments = [ArgumentInfo(arg) for arg in arguments] - - def returns_void(self) -> bool: - """Whether the function returns void.""" - return bool(self.VOID_RE.search(self.return_type)) - - -# Match one C comment. -# Note that we match both comment types, so things like // in a /*...*/ -# comment are handled correctly. -_C_COMMENT_RE = re.compile(r'//(?:[^\n]|\\\n)*|/\*.*?\*/', re.S) -_NOT_NEWLINES_RE = re.compile(r'[^\n]+') - -def read_logical_lines(filename: str) -> Iterator[Tuple[int, str]]: - """Read logical lines from a file. - - Logical lines are one or more physical line, with balanced parentheses. - """ - with open(filename, encoding='utf-8') as inp: - content = inp.read() - # Strip comments, but keep newlines for line numbering - content = re.sub(_C_COMMENT_RE, - lambda m: re.sub(_NOT_NEWLINES_RE, "", m.group(0)), - content) - lines = enumerate(content.splitlines(), 1) - for line_number, line in lines: - # Read a logical line, containing balanced parentheses. - # We assume that parentheses are balanced (this should be ok - # since comments have been stripped), otherwise there will be - # a gigantic logical line at the end. - paren_level = line.count('(') - line.count(')') - while paren_level > 0: - _, more = next(lines) #pylint: disable=stop-iteration-return - paren_level += more.count('(') - more.count(')') - line += '\n' + more - yield line_number, line - -_C_FUNCTION_DECLARATION_RE = re.compile( - r'(?P(?:(?:extern|inline|static)\b\s*)*)' - r'(?P\w[\w\s*]*?)\s*' + - r'\b(?P\w+)' + - r'\s*\((?P.*)\)\s*;', - re.A | re.S) - -def read_function_declarations(functions: Dict[str, FunctionInfo], - filename: str) -> None: - """Collect function declarations from a C header file.""" - for line_number, line in read_logical_lines(filename): - m = _C_FUNCTION_DECLARATION_RE.match(line) - if not m: - continue - qualifiers = m.group('qualifiers').split() - return_type = m.group('return_type') - name = m.group('name') - arguments = m.group('arguments').split(',') - if len(arguments) == 1 and re.match(FunctionInfo.VOID_RE, arguments[0]): - arguments = [] - # Note: we replace any existing declaration for the same name. - functions[name] = FunctionInfo(filename, line_number, - qualifiers, - return_type, - name, - arguments) diff --git a/scripts/mbedtls_dev/c_wrapper_generator.py b/scripts/mbedtls_dev/c_wrapper_generator.py deleted file mode 100644 index 3cf1e05ebb..0000000000 --- a/scripts/mbedtls_dev/c_wrapper_generator.py +++ /dev/null @@ -1,473 +0,0 @@ -"""Generate C wrapper functions. -""" - -# Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - -### WARNING: the code in this file has not been extensively reviewed yet. -### We do not think it is harmful, but it may be below our normal standards -### for robustness and maintainability. - -import os -import re -import sys -import typing -from typing import Dict, List, Optional, Tuple - -from .c_parsing_helper import ArgumentInfo, FunctionInfo -from . import typing_util - - -def c_declare(prefix: str, name: str, suffix: str) -> str: - """Format a declaration of name with the given type prefix and suffix.""" - if not prefix.endswith('*'): - prefix += ' ' - return prefix + name + suffix - - -WrapperInfo = typing.NamedTuple('WrapperInfo', [ - ('argument_names', List[str]), - ('guard', Optional[str]), - ('wrapper_name', str), -]) - - -class Base: - """Generate a C source file containing wrapper functions.""" - - # This class is designed to have many methods potentially overloaded. - # Tell pylint not to complain about methods that have unused arguments: - # child classes are likely to override those methods and need the - # arguments in question. - #pylint: disable=no-self-use,unused-argument - - # Prefix prepended to the function's name to form the wrapper name. - _WRAPPER_NAME_PREFIX = '' - # Suffix appended to the function's name to form the wrapper name. - _WRAPPER_NAME_SUFFIX = '_wrap' - - # Functions with one of these qualifiers are skipped. - _SKIP_FUNCTION_WITH_QUALIFIERS = frozenset(['inline', 'static']) - - def __init__(self): - """Construct a wrapper generator object. - """ - self.program_name = os.path.basename(sys.argv[0]) - # To be populated in a derived class - self.functions = {} #type: Dict[str, FunctionInfo] - # Preprocessor symbol used as a guard against multiple inclusion in the - # header. Must be set before writing output to a header. - # Not used when writing .c output. - self.header_guard = None #type: Optional[str] - - def _write_prologue(self, out: typing_util.Writable, header: bool) -> None: - """Write the prologue of a C file. - - This includes a description comment and some include directives. - """ - out.write("""/* Automatically generated by {}, do not edit! */ - -/* Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ -""" - .format(self.program_name)) - if header: - out.write(""" -#ifndef {guard} -#define {guard} - -#ifdef __cplusplus -extern "C" {{ -#endif -""" - .format(guard=self.header_guard)) - out.write(""" -#include -""") - - def _write_epilogue(self, out: typing_util.Writable, header: bool) -> None: - """Write the epilogue of a C file. - """ - if header: - out.write(""" -#ifdef __cplusplus -}} -#endif - -#endif /* {guard} */ -""" - .format(guard=self.header_guard)) - out.write(""" -/* End of automatically generated file. */ -""") - - def _wrapper_function_name(self, original_name: str) -> str: - """The name of the wrapper function. - - By default, this adds a suffix. - """ - return (self._WRAPPER_NAME_PREFIX + - original_name + - self._WRAPPER_NAME_SUFFIX) - - def _wrapper_declaration_start(self, - function: FunctionInfo, - wrapper_name: str) -> str: - """The beginning of the wrapper function declaration. - - This ends just before the opening parenthesis of the argument list. - - This is a string containing at least the return type and the - function name. It may start with additional qualifiers or attributes - such as `static`, `__attribute__((...))`, etc. - """ - return c_declare(function.return_type, wrapper_name, '') - - def _argument_name(self, - function_name: str, - num: int, - arg: ArgumentInfo) -> str: - """Name to use for the given argument in the wrapper function. - - Argument numbers count from 0. - """ - name = 'arg' + str(num) - if arg.name: - name += '_' + arg.name - return name - - def _wrapper_declaration_argument(self, - function_name: str, - num: int, name: str, - arg: ArgumentInfo) -> str: - """One argument definition in the wrapper function declaration. - - Argument numbers count from 0. - """ - return c_declare(arg.type, name, arg.suffix) - - def _underlying_function_name(self, function: FunctionInfo) -> str: - """The name of the underlying function. - - By default, this is the name of the wrapped function. - """ - return function.name - - def _return_variable_name(self, function: FunctionInfo) -> str: - """The name of the variable that will contain the return value.""" - return 'retval' - - def _write_function_call(self, out: typing_util.Writable, - function: FunctionInfo, - argument_names: List[str]) -> None: - """Write the call to the underlying function. - """ - # Note that the function name is in parentheses, to avoid calling - # a function-like macro with the same name, since in typical usage - # there is a function-like macro with the same name which is the - # wrapper. - call = '({})({})'.format(self._underlying_function_name(function), - ', '.join(argument_names)) - if function.returns_void(): - out.write(' {};\n'.format(call)) - else: - ret_name = self._return_variable_name(function) - ret_decl = c_declare(function.return_type, ret_name, '') - out.write(' {} = {};\n'.format(ret_decl, call)) - - def _write_function_return(self, out: typing_util.Writable, - function: FunctionInfo, - if_void: bool = False) -> None: - """Write a return statement. - - If the function returns void, only write a statement if if_void is true. - """ - if function.returns_void(): - if if_void: - out.write(' return;\n') - else: - ret_name = self._return_variable_name(function) - out.write(' return {};\n'.format(ret_name)) - - def _write_function_body(self, out: typing_util.Writable, - function: FunctionInfo, - argument_names: List[str]) -> None: - """Write the body of the wrapper code for the specified function. - """ - self._write_function_call(out, function, argument_names) - self._write_function_return(out, function) - - def _skip_function(self, function: FunctionInfo) -> bool: - """Whether to skip this function. - - By default, static or inline functions are skipped. - """ - if not self._SKIP_FUNCTION_WITH_QUALIFIERS.isdisjoint(function.qualifiers): - return True - return False - - _FUNCTION_GUARDS = { - } #type: Dict[str, str] - - def _function_guard(self, function: FunctionInfo) -> Optional[str]: - """A preprocessor condition for this function. - - The wrapper will be guarded with `#if` on this condition, if not None. - """ - return self._FUNCTION_GUARDS.get(function.name) - - def _wrapper_info(self, function: FunctionInfo) -> Optional[WrapperInfo]: - """Information about the wrapper for one function. - - Return None if the function should be skipped. - """ - if self._skip_function(function): - return None - argument_names = [self._argument_name(function.name, num, arg) - for num, arg in enumerate(function.arguments)] - return WrapperInfo( - argument_names=argument_names, - guard=self._function_guard(function), - wrapper_name=self._wrapper_function_name(function.name), - ) - - def _write_function_prototype(self, out: typing_util.Writable, - function: FunctionInfo, - wrapper: WrapperInfo, - header: bool) -> None: - """Write the prototype of a wrapper function. - - If header is true, write a function declaration, with a semicolon at - the end. Otherwise just write the prototype, intended to be followed - by the function's body. - """ - declaration_start = self._wrapper_declaration_start(function, - wrapper.wrapper_name) - arg_indent = ' ' - terminator = ';\n' if header else '\n' - if function.arguments: - out.write(declaration_start + '(\n') - for num in range(len(function.arguments)): - arg_def = self._wrapper_declaration_argument( - function.name, - num, wrapper.argument_names[num], function.arguments[num]) - arg_terminator = \ - (')' + terminator if num == len(function.arguments) - 1 else - ',\n') - out.write(arg_indent + arg_def + arg_terminator) - else: - out.write(declaration_start + '(void)' + terminator) - - def _write_c_function(self, out: typing_util.Writable, - function: FunctionInfo) -> None: - """Write wrapper code for one function. - - Do nothing if the function is skipped. - """ - wrapper = self._wrapper_info(function) - if wrapper is None: - return - out.write(""" -/* Wrapper for {} */ -""" - .format(function.name)) - if wrapper.guard is not None: - out.write('#if {}\n'.format(wrapper.guard)) - self._write_function_prototype(out, function, wrapper, False) - out.write('{\n') - self._write_function_body(out, function, wrapper.argument_names) - out.write('}\n') - if wrapper.guard is not None: - out.write('#endif /* {} */\n'.format(wrapper.guard)) - - def _write_h_function_declaration(self, out: typing_util.Writable, - function: FunctionInfo, - wrapper: WrapperInfo) -> None: - """Write the declaration of one wrapper function. - """ - self._write_function_prototype(out, function, wrapper, True) - - def _write_h_macro_definition(self, out: typing_util.Writable, - function: FunctionInfo, - wrapper: WrapperInfo) -> None: - """Write the macro definition for one wrapper. - """ - arg_list = ', '.join(wrapper.argument_names) - out.write('#define {function_name}({args}) \\\n {wrapper_name}({args})\n' - .format(function_name=function.name, - wrapper_name=wrapper.wrapper_name, - args=arg_list)) - - def _write_h_function(self, out: typing_util.Writable, - function: FunctionInfo) -> None: - """Write the complete header content for one wrapper. - - This is the declaration of the wrapper function, and the - definition of a function-like macro that calls the wrapper function. - - Do nothing if the function is skipped. - """ - wrapper = self._wrapper_info(function) - if wrapper is None: - return - out.write('\n') - if wrapper.guard is not None: - out.write('#if {}\n'.format(wrapper.guard)) - self._write_h_function_declaration(out, function, wrapper) - self._write_h_macro_definition(out, function, wrapper) - if wrapper.guard is not None: - out.write('#endif /* {} */\n'.format(wrapper.guard)) - - def write_c_file(self, filename: str) -> None: - """Output a whole C file containing function wrapper definitions.""" - with open(filename, 'w', encoding='utf-8') as out: - self._write_prologue(out, False) - for name in sorted(self.functions): - self._write_c_function(out, self.functions[name]) - self._write_epilogue(out, False) - - def _header_guard_from_file_name(self, filename: str) -> str: - """Preprocessor symbol used as a guard against multiple inclusion.""" - # Heuristic to strip irrelevant leading directories - filename = re.sub(r'.*include[\\/]', r'', filename) - return re.sub(r'[^0-9A-Za-z]', r'_', filename, re.A).upper() - - def write_h_file(self, filename: str) -> None: - """Output a header file with function wrapper declarations and macro definitions.""" - self.header_guard = self._header_guard_from_file_name(filename) - with open(filename, 'w', encoding='utf-8') as out: - self._write_prologue(out, True) - for name in sorted(self.functions): - self._write_h_function(out, self.functions[name]) - self._write_epilogue(out, True) - - -class UnknownTypeForPrintf(Exception): - """Exception raised when attempting to generate code that logs a value of an unknown type.""" - - def __init__(self, typ: str) -> None: - super().__init__("Unknown type for printf format generation: " + typ) - - -class Logging(Base): - """Generate wrapper functions that log the inputs and outputs.""" - - def __init__(self) -> None: - """Construct a wrapper generator including logging of inputs and outputs. - - Log to stdout by default. Call `set_stream` to change this. - """ - super().__init__() - self.stream = 'stdout' - - def set_stream(self, stream: str) -> None: - """Set the stdio stream to log to. - - Call this method before calling `write_c_output` or `write_h_output`. - """ - self.stream = stream - - def _write_prologue(self, out: typing_util.Writable, header: bool) -> None: - super()._write_prologue(out, header) - if not header: - out.write(""" -#if defined(MBEDTLS_FS_IO) && defined(MBEDTLS_TEST_HOOKS) -#include -#include -#include // for MBEDTLS_PRINTF_SIZET -#include // for mbedtls_fprintf -#endif /* defined(MBEDTLS_FS_IO) && defined(MBEDTLS_TEST_HOOKS) */ -""") - - _PRINTF_SIMPLE_FORMAT = { - 'int': '%d', - 'long': '%ld', - 'long long': '%lld', - 'size_t': '%"MBEDTLS_PRINTF_SIZET"', - 'unsigned': '0x%08x', - 'unsigned int': '0x%08x', - 'unsigned long': '0x%08lx', - 'unsigned long long': '0x%016llx', - } - - def _printf_simple_format(self, typ: str) -> Optional[str]: - """Use this printf format for a value of typ. - - Return None if values of typ need more complex handling. - """ - return self._PRINTF_SIMPLE_FORMAT.get(typ) - - _PRINTF_TYPE_CAST = { - 'int32_t': 'int', - 'uint32_t': 'unsigned', - 'uint64_t': 'unsigned long long', - } #type: Dict[str, str] - - def _printf_type_cast(self, typ: str) -> Optional[str]: - """Cast values of typ to this type before passing them to printf. - - Return None if values of the given type do not need a cast. - """ - return self._PRINTF_TYPE_CAST.get(typ) - - _POINTER_TYPE_RE = re.compile(r'\s*\*\Z') - - def _printf_parameters(self, typ: str, var: str) -> Tuple[str, List[str]]: - """The printf format and arguments for a value of type typ stored in var. - """ - expr = var - base_type = typ - # For outputs via a pointer, get the value that has been written. - # Note: we don't support pointers to pointers here. - pointer_match = self._POINTER_TYPE_RE.search(base_type) - if pointer_match: - base_type = base_type[:pointer_match.start(0)] - expr = '*({})'.format(expr) - # Maybe cast the value to a standard type. - cast_to = self._printf_type_cast(base_type) - if cast_to is not None: - expr = '({}) {}'.format(cast_to, expr) - base_type = cast_to - # Try standard types. - fmt = self._printf_simple_format(base_type) - if fmt is not None: - return '{}={}'.format(var, fmt), [expr] - raise UnknownTypeForPrintf(typ) - - def _write_function_logging(self, out: typing_util.Writable, - function: FunctionInfo, - argument_names: List[str]) -> None: - """Write code to log the function's inputs and outputs.""" - formats, values = '%s', ['"' + function.name + '"'] - for arg_info, arg_name in zip(function.arguments, argument_names): - fmt, vals = self._printf_parameters(arg_info.type, arg_name) - if fmt: - formats += ' ' + fmt - values += vals - if not function.returns_void(): - ret_name = self._return_variable_name(function) - fmt, vals = self._printf_parameters(function.return_type, ret_name) - if fmt: - formats += ' ' + fmt - values += vals - out.write("""\ -#if defined(MBEDTLS_FS_IO) && defined(MBEDTLS_TEST_HOOKS) - if ({stream}) {{ - mbedtls_fprintf({stream}, "{formats}\\n", - {values}); - }} -#endif /* defined(MBEDTLS_FS_IO) && defined(MBEDTLS_TEST_HOOKS) */ -""" - .format(stream=self.stream, - formats=formats, - values=', '.join(values))) - - def _write_function_body(self, out: typing_util.Writable, - function: FunctionInfo, - argument_names: List[str]) -> None: - """Write the body of the wrapper code for the specified function. - """ - self._write_function_call(out, function, argument_names) - self._write_function_logging(out, function, argument_names) - self._write_function_return(out, function) diff --git a/scripts/mbedtls_dev/crypto_data_tests.py b/scripts/mbedtls_dev/crypto_data_tests.py deleted file mode 100644 index a36de692e8..0000000000 --- a/scripts/mbedtls_dev/crypto_data_tests.py +++ /dev/null @@ -1,112 +0,0 @@ -"""Generate test data for cryptographic mechanisms. - -This module is a work in progress, only implementing a few cases for now. -""" - -# Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later -# - -import hashlib -from typing import Callable, Dict, Iterator, List, Optional #pylint: disable=unused-import - -from . import crypto_knowledge -from . import psa_information -from . import test_case - - -def psa_low_level_dependencies(*expressions: str) -> List[str]: - """Infer dependencies of a PSA low-level test case by looking for PSA_xxx symbols. - - This function generates MBEDTLS_PSA_BUILTIN_xxx symbols. - """ - high_level = psa_information.automatic_dependencies(*expressions) - for dep in high_level: - assert dep.startswith('PSA_WANT_') - return ['MBEDTLS_PSA_BUILTIN_' + dep[9:] for dep in high_level] - - -class HashPSALowLevel: - """Generate test cases for the PSA low-level hash interface.""" - - def __init__(self, info: psa_information.Information) -> None: - self.info = info - base_algorithms = sorted(info.constructors.algorithms) - all_algorithms = \ - [crypto_knowledge.Algorithm(expr) - for expr in info.constructors.generate_expressions(base_algorithms)] - self.algorithms = \ - [alg - for alg in all_algorithms - if (not alg.is_wildcard and - alg.can_do(crypto_knowledge.AlgorithmCategory.HASH))] - - # CALCULATE[alg] = function to return the hash of its argument in hex - # TO-DO: implement the None entries with a third-party library, because - # hashlib might not have everything, depending on the Python version and - # the underlying OpenSSL. On Ubuntu 16.04, truncated sha512 and sha3/shake - # are not available. On Ubuntu 22.04, md2, md4 and ripemd160 are not - # available. - CALCULATE = { - 'PSA_ALG_MD5': lambda data: hashlib.md5(data).hexdigest(), - 'PSA_ALG_RIPEMD160': None, #lambda data: hashlib.new('ripdemd160').hexdigest() - 'PSA_ALG_SHA_1': lambda data: hashlib.sha1(data).hexdigest(), - 'PSA_ALG_SHA_224': lambda data: hashlib.sha224(data).hexdigest(), - 'PSA_ALG_SHA_256': lambda data: hashlib.sha256(data).hexdigest(), - 'PSA_ALG_SHA_384': lambda data: hashlib.sha384(data).hexdigest(), - 'PSA_ALG_SHA_512': lambda data: hashlib.sha512(data).hexdigest(), - 'PSA_ALG_SHA_512_224': None, #lambda data: hashlib.new('sha512_224').hexdigest() - 'PSA_ALG_SHA_512_256': None, #lambda data: hashlib.new('sha512_256').hexdigest() - 'PSA_ALG_SHA3_224': None, #lambda data: hashlib.sha3_224(data).hexdigest(), - 'PSA_ALG_SHA3_256': None, #lambda data: hashlib.sha3_256(data).hexdigest(), - 'PSA_ALG_SHA3_384': None, #lambda data: hashlib.sha3_384(data).hexdigest(), - 'PSA_ALG_SHA3_512': None, #lambda data: hashlib.sha3_512(data).hexdigest(), - 'PSA_ALG_SHAKE256_512': None, #lambda data: hashlib.shake_256(data).hexdigest(64), - } #type: Dict[str, Optional[Callable[[bytes], str]]] - - @staticmethod - def one_test_case(alg: crypto_knowledge.Algorithm, - function: str, note: str, - arguments: List[str]) -> test_case.TestCase: - """Construct one test case involving a hash.""" - tc = test_case.TestCase() - tc.set_description('{}{} {}' - .format(function, - ' ' + note if note else '', - alg.short_expression())) - tc.set_dependencies(psa_low_level_dependencies(alg.expression)) - tc.set_function(function) - tc.set_arguments([alg.expression] + - ['"{}"'.format(arg) for arg in arguments]) - return tc - - def test_cases_for_hash(self, - alg: crypto_knowledge.Algorithm - ) -> Iterator[test_case.TestCase]: - """Enumerate all test cases for one hash algorithm.""" - calc = self.CALCULATE[alg.expression] - if calc is None: - return # not implemented yet - - short = b'abc' - hash_short = calc(short) - long = (b'Hello, world. Here are 16 unprintable bytes: [' - b'\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a' - b'\x80\x81\x82\x83\xfe\xff]. ' - b' This message was brought to you by a natural intelligence. ' - b' If you can read this, good luck with your debugging!') - hash_long = calc(long) - - yield self.one_test_case(alg, 'hash_empty', '', [calc(b'')]) - yield self.one_test_case(alg, 'hash_valid_one_shot', '', - [short.hex(), hash_short]) - for n in [0, 1, 64, len(long) - 1, len(long)]: - yield self.one_test_case(alg, 'hash_valid_multipart', - '{} + {}'.format(n, len(long) - n), - [long[:n].hex(), calc(long[:n]), - long[n:].hex(), hash_long]) - - def all_test_cases(self) -> Iterator[test_case.TestCase]: - """Enumerate all test cases for all hash algorithms.""" - for alg in self.algorithms: - yield from self.test_cases_for_hash(alg) diff --git a/scripts/mbedtls_dev/crypto_knowledge.py b/scripts/mbedtls_dev/crypto_knowledge.py deleted file mode 100644 index ebfd55cdb3..0000000000 --- a/scripts/mbedtls_dev/crypto_knowledge.py +++ /dev/null @@ -1,568 +0,0 @@ -"""Knowledge about cryptographic mechanisms implemented in Mbed TLS. - -This module is entirely based on the PSA API. -""" - -# Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later -# - -import enum -import re -from typing import FrozenSet, Iterable, List, Optional, Tuple, Dict - -from .asymmetric_key_data import ASYMMETRIC_KEY_DATA - - -def short_expression(original: str, level: int = 0) -> str: - """Abbreviate the expression, keeping it human-readable. - - If `level` is 0, just remove parts that are implicit from context, - such as a leading ``PSA_KEY_TYPE_``. - For larger values of `level`, also abbreviate some names in an - unambiguous, but ad hoc way. - """ - short = original - short = re.sub(r'\bPSA_(?:ALG|DH_FAMILY|ECC_FAMILY|KEY_[A-Z]+)_', r'', short) - short = re.sub(r' +', r'', short) - if level >= 1: - short = re.sub(r'PUBLIC_KEY\b', r'PUB', short) - short = re.sub(r'KEY_PAIR\b', r'PAIR', short) - short = re.sub(r'\bBRAINPOOL_P', r'BP', short) - short = re.sub(r'\bMONTGOMERY\b', r'MGM', short) - short = re.sub(r'AEAD_WITH_SHORTENED_TAG\b', r'AEAD_SHORT', short) - short = re.sub(r'\bDETERMINISTIC_', r'DET_', short) - short = re.sub(r'\bKEY_AGREEMENT\b', r'KA', short) - short = re.sub(r'_PSK_TO_MS\b', r'_PSK2MS', short) - return short - - -BLOCK_CIPHERS = frozenset(['AES', 'ARIA', 'CAMELLIA', 'DES']) -BLOCK_MAC_MODES = frozenset(['CBC_MAC', 'CMAC']) -BLOCK_CIPHER_MODES = frozenset([ - 'CTR', 'CFB', 'OFB', 'XTS', 'CCM_STAR_NO_TAG', - 'ECB_NO_PADDING', 'CBC_NO_PADDING', 'CBC_PKCS7', -]) -BLOCK_AEAD_MODES = frozenset(['CCM', 'GCM']) - -class EllipticCurveCategory(enum.Enum): - """Categorization of elliptic curve families. - - The category of a curve determines what algorithms are defined over it. - """ - - SHORT_WEIERSTRASS = 0 - MONTGOMERY = 1 - TWISTED_EDWARDS = 2 - - @staticmethod - def from_family(family: str) -> 'EllipticCurveCategory': - if family == 'PSA_ECC_FAMILY_MONTGOMERY': - return EllipticCurveCategory.MONTGOMERY - if family == 'PSA_ECC_FAMILY_TWISTED_EDWARDS': - return EllipticCurveCategory.TWISTED_EDWARDS - # Default to SW, which most curves belong to. - return EllipticCurveCategory.SHORT_WEIERSTRASS - - -class KeyType: - """Knowledge about a PSA key type.""" - - def __init__(self, name: str, params: Optional[Iterable[str]] = None) -> None: - """Analyze a key type. - - The key type must be specified in PSA syntax. In its simplest form, - `name` is a string 'PSA_KEY_TYPE_xxx' which is the name of a PSA key - type macro. For key types that take arguments, the arguments can - be passed either through the optional argument `params` or by - passing an expression of the form 'PSA_KEY_TYPE_xxx(param1, ...)' - in `name` as a string. - """ - - self.name = name.strip() - """The key type macro name (``PSA_KEY_TYPE_xxx``). - - For key types constructed from a macro with arguments, this is the - name of the macro, and the arguments are in `self.params`. - """ - if params is None: - if '(' in self.name: - m = re.match(r'(\w+)\s*\((.*)\)\Z', self.name) - assert m is not None - self.name = m.group(1) - params = m.group(2).split(',') - self.params = (None if params is None else - [param.strip() for param in params]) - """The parameters of the key type, if there are any. - - None if the key type is a macro without arguments. - """ - assert re.match(r'PSA_KEY_TYPE_\w+\Z', self.name) - - self.expression = self.name - """A C expression whose value is the key type encoding.""" - if self.params is not None: - self.expression += '(' + ', '.join(self.params) + ')' - - m = re.match(r'PSA_KEY_TYPE_(\w+)', self.name) - assert m - self.head = re.sub(r'_(?:PUBLIC_KEY|KEY_PAIR)\Z', r'', m.group(1)) - """The key type macro name, with common prefixes and suffixes stripped.""" - - self.private_type = re.sub(r'_PUBLIC_KEY\Z', r'_KEY_PAIR', self.name) - """The key type macro name for the corresponding key pair type. - - For everything other than a public key type, this is the same as - `self.name`. - """ - - def short_expression(self, level: int = 0) -> str: - """Abbreviate the expression, keeping it human-readable. - - See `crypto_knowledge.short_expression`. - """ - return short_expression(self.expression, level=level) - - def is_public(self) -> bool: - """Whether the key type is for public keys.""" - return self.name.endswith('_PUBLIC_KEY') - - DH_KEY_SIZES = { - 'PSA_DH_FAMILY_RFC7919': (2048, 3072, 4096, 6144, 8192), - } # type: Dict[str, Tuple[int, ...]] - ECC_KEY_SIZES = { - 'PSA_ECC_FAMILY_SECP_K1': (192, 225, 256), - 'PSA_ECC_FAMILY_SECP_R1': (224, 256, 384, 521), - 'PSA_ECC_FAMILY_SECP_R2': (160,), - 'PSA_ECC_FAMILY_SECT_K1': (163, 233, 239, 283, 409, 571), - 'PSA_ECC_FAMILY_SECT_R1': (163, 233, 283, 409, 571), - 'PSA_ECC_FAMILY_SECT_R2': (163,), - 'PSA_ECC_FAMILY_BRAINPOOL_P_R1': (160, 192, 224, 256, 320, 384, 512), - 'PSA_ECC_FAMILY_MONTGOMERY': (255, 448), - 'PSA_ECC_FAMILY_TWISTED_EDWARDS': (255, 448), - } # type: Dict[str, Tuple[int, ...]] - KEY_TYPE_SIZES = { - 'PSA_KEY_TYPE_AES': (128, 192, 256), # exhaustive - 'PSA_KEY_TYPE_ARIA': (128, 192, 256), # exhaustive - 'PSA_KEY_TYPE_CAMELLIA': (128, 192, 256), # exhaustive - 'PSA_KEY_TYPE_CHACHA20': (256,), # exhaustive - 'PSA_KEY_TYPE_DERIVE': (120, 128), # sample - 'PSA_KEY_TYPE_DES': (64, 128, 192), # exhaustive - 'PSA_KEY_TYPE_HMAC': (128, 160, 224, 256, 384, 512), # standard size for each supported hash - 'PSA_KEY_TYPE_PASSWORD': (48, 168, 336), # sample - 'PSA_KEY_TYPE_PASSWORD_HASH': (128, 256), # sample - 'PSA_KEY_TYPE_PEPPER': (128, 256), # sample - 'PSA_KEY_TYPE_RAW_DATA': (8, 40, 128), # sample - 'PSA_KEY_TYPE_RSA_KEY_PAIR': (1024, 1536), # small sample - } # type: Dict[str, Tuple[int, ...]] - def sizes_to_test(self) -> Tuple[int, ...]: - """Return a tuple of key sizes to test. - - For key types that only allow a single size, or only a small set of - sizes, these are all the possible sizes. For key types that allow a - wide range of sizes, these are a representative sample of sizes, - excluding large sizes for which a typical resource-constrained platform - may run out of memory. - """ - if self.private_type == 'PSA_KEY_TYPE_ECC_KEY_PAIR': - assert self.params is not None - return self.ECC_KEY_SIZES[self.params[0]] - if self.private_type == 'PSA_KEY_TYPE_DH_KEY_PAIR': - assert self.params is not None - return self.DH_KEY_SIZES[self.params[0]] - return self.KEY_TYPE_SIZES[self.private_type] - - # "48657265006973206b6579a064617461" - DATA_BLOCK = b'Here\000is key\240data' - def key_material(self, bits: int) -> bytes: - """Return a byte string containing suitable key material with the given bit length. - - Use the PSA export representation. The resulting byte string is one that - can be obtained with the following code: - ``` - psa_set_key_type(&attributes, `self.expression`); - psa_set_key_bits(&attributes, `bits`); - psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_EXPORT); - psa_generate_key(&attributes, &id); - psa_export_key(id, `material`, ...); - ``` - """ - if self.expression in ASYMMETRIC_KEY_DATA: - if bits not in ASYMMETRIC_KEY_DATA[self.expression]: - raise ValueError('No key data for {}-bit {}' - .format(bits, self.expression)) - return ASYMMETRIC_KEY_DATA[self.expression][bits] - if bits % 8 != 0: - raise ValueError('Non-integer number of bytes: {} bits for {}' - .format(bits, self.expression)) - length = bits // 8 - if self.name == 'PSA_KEY_TYPE_DES': - # "644573206b457901644573206b457902644573206b457904" - des3 = b'dEs kEy\001dEs kEy\002dEs kEy\004' - return des3[:length] - return b''.join([self.DATA_BLOCK] * (length // len(self.DATA_BLOCK)) + - [self.DATA_BLOCK[:length % len(self.DATA_BLOCK)]]) - - def can_do(self, alg: 'Algorithm') -> bool: - """Whether this key type can be used for operations with the given algorithm. - - This function does not currently handle key derivation or PAKE. - """ - #pylint: disable=too-many-branches,too-many-return-statements - if not alg.is_valid_for_operation(): - return False - if self.head == 'HMAC' and alg.head == 'HMAC': - return True - if self.head == 'DES': - # 64-bit block ciphers only allow a reduced set of modes. - return alg.head in [ - 'CBC_NO_PADDING', 'CBC_PKCS7', - 'ECB_NO_PADDING', - ] - if self.head in BLOCK_CIPHERS and \ - alg.head in frozenset.union(BLOCK_MAC_MODES, - BLOCK_CIPHER_MODES, - BLOCK_AEAD_MODES): - if alg.head in ['CMAC', 'OFB'] and \ - self.head in ['ARIA', 'CAMELLIA']: - return False # not implemented in Mbed TLS - return True - if self.head == 'CHACHA20' and alg.head == 'CHACHA20_POLY1305': - return True - if self.head in {'ARC4', 'CHACHA20'} and \ - alg.head == 'STREAM_CIPHER': - return True - if self.head == 'RSA' and alg.head.startswith('RSA_'): - return True - if alg.category == AlgorithmCategory.KEY_AGREEMENT and \ - self.is_public(): - # The PSA API does not use public key objects in key agreement - # operations: it imports the public key as a formatted byte string. - # So a public key object with a key agreement algorithm is not - # a valid combination. - return False - if alg.is_invalid_key_agreement_with_derivation(): - return False - if self.head == 'ECC': - assert self.params is not None - eccc = EllipticCurveCategory.from_family(self.params[0]) - if alg.head == 'ECDH' and \ - eccc in {EllipticCurveCategory.SHORT_WEIERSTRASS, - EllipticCurveCategory.MONTGOMERY}: - return True - if alg.head == 'ECDSA' and \ - eccc == EllipticCurveCategory.SHORT_WEIERSTRASS: - return True - if alg.head in {'PURE_EDDSA', 'EDDSA_PREHASH'} and \ - eccc == EllipticCurveCategory.TWISTED_EDWARDS: - return True - if self.head == 'DH' and alg.head == 'FFDH': - return True - return False - - -class AlgorithmCategory(enum.Enum): - """PSA algorithm categories.""" - # The numbers are aligned with the category bits in numerical values of - # algorithms. - HASH = 2 - MAC = 3 - CIPHER = 4 - AEAD = 5 - SIGN = 6 - ASYMMETRIC_ENCRYPTION = 7 - KEY_DERIVATION = 8 - KEY_AGREEMENT = 9 - PAKE = 10 - - def requires_key(self) -> bool: - """Whether operations in this category are set up with a key.""" - return self not in {self.HASH, self.KEY_DERIVATION} - - def is_asymmetric(self) -> bool: - """Whether operations in this category involve asymmetric keys.""" - return self in { - self.SIGN, - self.ASYMMETRIC_ENCRYPTION, - self.KEY_AGREEMENT - } - - -class AlgorithmNotRecognized(Exception): - def __init__(self, expr: str) -> None: - super().__init__('Algorithm not recognized: ' + expr) - self.expr = expr - - -class Algorithm: - """Knowledge about a PSA algorithm.""" - - @staticmethod - def determine_base(expr: str) -> str: - """Return an expression for the "base" of the algorithm. - - This strips off variants of algorithms such as MAC truncation. - - This function does not attempt to detect invalid inputs. - """ - m = re.match(r'PSA_ALG_(?:' - r'(?:TRUNCATED|AT_LEAST_THIS_LENGTH)_MAC|' - r'AEAD_WITH_(?:SHORTENED|AT_LEAST_THIS_LENGTH)_TAG' - r')\((.*),[^,]+\)\Z', expr) - if m: - expr = m.group(1) - return expr - - @staticmethod - def determine_head(expr: str) -> str: - """Return the head of an algorithm expression. - - The head is the first (outermost) constructor, without its PSA_ALG_ - prefix, and with some normalization of similar algorithms. - """ - m = re.match(r'PSA_ALG_(?:DETERMINISTIC_)?(\w+)', expr) - if not m: - raise AlgorithmNotRecognized(expr) - head = m.group(1) - if head == 'KEY_AGREEMENT': - m = re.match(r'PSA_ALG_KEY_AGREEMENT\s*\(\s*PSA_ALG_(\w+)', expr) - if not m: - raise AlgorithmNotRecognized(expr) - head = m.group(1) - head = re.sub(r'_ANY\Z', r'', head) - if re.match(r'ED[0-9]+PH\Z', head): - head = 'EDDSA_PREHASH' - return head - - CATEGORY_FROM_HEAD = { - 'SHA': AlgorithmCategory.HASH, - 'SHAKE256_512': AlgorithmCategory.HASH, - 'MD': AlgorithmCategory.HASH, - 'RIPEMD': AlgorithmCategory.HASH, - 'ANY_HASH': AlgorithmCategory.HASH, - 'HMAC': AlgorithmCategory.MAC, - 'STREAM_CIPHER': AlgorithmCategory.CIPHER, - 'CHACHA20_POLY1305': AlgorithmCategory.AEAD, - 'DSA': AlgorithmCategory.SIGN, - 'ECDSA': AlgorithmCategory.SIGN, - 'EDDSA': AlgorithmCategory.SIGN, - 'PURE_EDDSA': AlgorithmCategory.SIGN, - 'RSA_PSS': AlgorithmCategory.SIGN, - 'RSA_PKCS1V15_SIGN': AlgorithmCategory.SIGN, - 'RSA_PKCS1V15_CRYPT': AlgorithmCategory.ASYMMETRIC_ENCRYPTION, - 'RSA_OAEP': AlgorithmCategory.ASYMMETRIC_ENCRYPTION, - 'HKDF': AlgorithmCategory.KEY_DERIVATION, - 'TLS12_PRF': AlgorithmCategory.KEY_DERIVATION, - 'TLS12_PSK_TO_MS': AlgorithmCategory.KEY_DERIVATION, - 'TLS12_ECJPAKE_TO_PMS': AlgorithmCategory.KEY_DERIVATION, - 'PBKDF': AlgorithmCategory.KEY_DERIVATION, - 'ECDH': AlgorithmCategory.KEY_AGREEMENT, - 'FFDH': AlgorithmCategory.KEY_AGREEMENT, - # KEY_AGREEMENT(...) is a key derivation with a key agreement component - 'KEY_AGREEMENT': AlgorithmCategory.KEY_DERIVATION, - 'JPAKE': AlgorithmCategory.PAKE, - } - for x in BLOCK_MAC_MODES: - CATEGORY_FROM_HEAD[x] = AlgorithmCategory.MAC - for x in BLOCK_CIPHER_MODES: - CATEGORY_FROM_HEAD[x] = AlgorithmCategory.CIPHER - for x in BLOCK_AEAD_MODES: - CATEGORY_FROM_HEAD[x] = AlgorithmCategory.AEAD - - def determine_category(self, expr: str, head: str) -> AlgorithmCategory: - """Return the category of the given algorithm expression. - - This function does not attempt to detect invalid inputs. - """ - prefix = head - while prefix: - if prefix in self.CATEGORY_FROM_HEAD: - return self.CATEGORY_FROM_HEAD[prefix] - if re.match(r'.*[0-9]\Z', prefix): - prefix = re.sub(r'_*[0-9]+\Z', r'', prefix) - else: - prefix = re.sub(r'_*[^_]*\Z', r'', prefix) - raise AlgorithmNotRecognized(expr) - - @staticmethod - def determine_wildcard(expr) -> bool: - """Whether the given algorithm expression is a wildcard. - - This function does not attempt to detect invalid inputs. - """ - if re.search(r'\bPSA_ALG_ANY_HASH\b', expr): - return True - if re.search(r'_AT_LEAST_', expr): - return True - return False - - def __init__(self, expr: str) -> None: - """Analyze an algorithm value. - - The algorithm must be expressed as a C expression containing only - calls to PSA algorithm constructor macros and numeric literals. - - This class is only programmed to handle valid expressions. Invalid - expressions may result in exceptions or in nonsensical results. - """ - self.expression = re.sub(r'\s+', r'', expr) - self.base_expression = self.determine_base(self.expression) - self.head = self.determine_head(self.base_expression) - self.category = self.determine_category(self.base_expression, self.head) - self.is_wildcard = self.determine_wildcard(self.expression) - - def get_key_agreement_derivation(self) -> Optional[str]: - """For a combined key agreement and key derivation algorithm, get the derivation part. - - For anything else, return None. - """ - if self.category != AlgorithmCategory.KEY_AGREEMENT: - return None - m = re.match(r'PSA_ALG_KEY_AGREEMENT\(\w+,\s*(.*)\)\Z', self.expression) - if not m: - return None - kdf_alg = m.group(1) - # Assume kdf_alg is either a valid KDF or 0. - if re.match(r'(?:0[Xx])?0+\s*\Z', kdf_alg): - return None - return kdf_alg - - KEY_DERIVATIONS_INCOMPATIBLE_WITH_AGREEMENT = frozenset([ - 'PSA_ALG_TLS12_ECJPAKE_TO_PMS', # secret input in specific format - ]) - def is_valid_key_agreement_with_derivation(self) -> bool: - """Whether this is a valid combined key agreement and key derivation algorithm.""" - kdf_alg = self.get_key_agreement_derivation() - if kdf_alg is None: - return False - return kdf_alg not in self.KEY_DERIVATIONS_INCOMPATIBLE_WITH_AGREEMENT - - def is_invalid_key_agreement_with_derivation(self) -> bool: - """Whether this is an invalid combined key agreement and key derivation algorithm.""" - kdf_alg = self.get_key_agreement_derivation() - if kdf_alg is None: - return False - return kdf_alg in self.KEY_DERIVATIONS_INCOMPATIBLE_WITH_AGREEMENT - - def short_expression(self, level: int = 0) -> str: - """Abbreviate the expression, keeping it human-readable. - - See `crypto_knowledge.short_expression`. - """ - return short_expression(self.expression, level=level) - - HASH_LENGTH = { - 'PSA_ALG_MD5': 16, - 'PSA_ALG_SHA_1': 20, - } - HASH_LENGTH_BITS_RE = re.compile(r'([0-9]+)\Z') - @classmethod - def hash_length(cls, alg: str) -> int: - """The length of the given hash algorithm, in bytes.""" - if alg in cls.HASH_LENGTH: - return cls.HASH_LENGTH[alg] - m = cls.HASH_LENGTH_BITS_RE.search(alg) - if m: - return int(m.group(1)) // 8 - raise ValueError('Unknown hash length for ' + alg) - - PERMITTED_TAG_LENGTHS = { - 'PSA_ALG_CCM': frozenset([4, 6, 8, 10, 12, 14, 16]), - 'PSA_ALG_CHACHA20_POLY1305': frozenset([16]), - 'PSA_ALG_GCM': frozenset([4, 8, 12, 13, 14, 15, 16]), - } - MAC_LENGTH = { - 'PSA_ALG_CBC_MAC': 16, # actually the block cipher length - 'PSA_ALG_CMAC': 16, # actually the block cipher length - } - HMAC_RE = re.compile(r'PSA_ALG_HMAC\((.*)\)\Z') - @classmethod - def permitted_truncations(cls, base: str) -> FrozenSet[int]: - """Permitted output lengths for the given MAC or AEAD base algorithm. - - For a MAC algorithm, this is the set of truncation lengths that - Mbed TLS supports. - For an AEAD algorithm, this is the set of truncation lengths that - are permitted by the algorithm specification. - """ - if base in cls.PERMITTED_TAG_LENGTHS: - return cls.PERMITTED_TAG_LENGTHS[base] - max_length = cls.MAC_LENGTH.get(base, None) - if max_length is None: - m = cls.HMAC_RE.match(base) - if m: - max_length = cls.hash_length(m.group(1)) - if max_length is None: - raise ValueError('Unknown permitted lengths for ' + base) - return frozenset(range(4, max_length + 1)) - - TRUNCATED_ALG_RE = re.compile( - r'(?PPSA_ALG_(?:AEAD_WITH_SHORTENED_TAG|TRUNCATED_MAC))' - r'\((?P.*),' - r'(?P0[Xx][0-9A-Fa-f]+|[1-9][0-9]*|0[0-7]*)[LUlu]*\)\Z') - def is_invalid_truncation(self) -> bool: - """False for a MAC or AEAD algorithm truncated to an invalid length. - - True for a MAC or AEAD algorithm truncated to a valid length or to - a length that cannot be determined. True for anything other than - a truncated MAC or AEAD. - """ - m = self.TRUNCATED_ALG_RE.match(self.expression) - if m: - base = m.group('base') - to_length = int(m.group('length'), 0) - permitted_lengths = self.permitted_truncations(base) - if to_length not in permitted_lengths: - return True - return False - - def is_valid_for_operation(self) -> bool: - """Whether this algorithm construction is valid for an operation. - - This function assumes that the algorithm is constructed in a - "grammatically" correct way, and only rejects semantically invalid - combinations. - """ - if self.is_wildcard: - return False - if self.is_invalid_truncation(): - return False - return True - - def can_do(self, category: AlgorithmCategory) -> bool: - """Whether this algorithm can perform operations in the given category. - """ - if category == self.category: - return True - if category == AlgorithmCategory.KEY_DERIVATION and \ - self.is_valid_key_agreement_with_derivation(): - return True - return False - - def usage_flags(self, public: bool = False) -> List[str]: - """The list of usage flags describing operations that can perform this algorithm. - - If public is true, only return public-key operations, not private-key operations. - """ - if self.category == AlgorithmCategory.HASH: - flags = [] - elif self.category == AlgorithmCategory.MAC: - flags = ['SIGN_HASH', 'SIGN_MESSAGE', - 'VERIFY_HASH', 'VERIFY_MESSAGE'] - elif self.category == AlgorithmCategory.CIPHER or \ - self.category == AlgorithmCategory.AEAD: - flags = ['DECRYPT', 'ENCRYPT'] - elif self.category == AlgorithmCategory.SIGN: - flags = ['VERIFY_HASH', 'VERIFY_MESSAGE'] - if not public: - flags += ['SIGN_HASH', 'SIGN_MESSAGE'] - elif self.category == AlgorithmCategory.ASYMMETRIC_ENCRYPTION: - flags = ['ENCRYPT'] - if not public: - flags += ['DECRYPT'] - elif self.category == AlgorithmCategory.KEY_DERIVATION or \ - self.category == AlgorithmCategory.KEY_AGREEMENT: - flags = ['DERIVE'] - else: - raise AlgorithmNotRecognized(self.expression) - return ['PSA_KEY_USAGE_' + flag for flag in flags] diff --git a/scripts/mbedtls_dev/ecp.py b/scripts/mbedtls_dev/ecp.py deleted file mode 100644 index b40f3b1267..0000000000 --- a/scripts/mbedtls_dev/ecp.py +++ /dev/null @@ -1,875 +0,0 @@ -"""Framework classes for generation of ecp test cases.""" -# Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later -# - -from typing import List - -from . import test_data_generation -from . import bignum_common - - -class EcpTarget(test_data_generation.BaseTarget): - #pylint: disable=abstract-method, too-few-public-methods - """Target for ecp test case generation.""" - target_basename = 'test_suite_ecp.generated' - - -class EcpP192R1Raw(bignum_common.ModOperationCommon, - EcpTarget): - """Test cases for ECP P192 fast reduction.""" - symbol = "-" - test_function = "ecp_mod_p_generic_raw" - test_name = "ecp_mod_p192_raw" - input_style = "fixed" - arity = 1 - dependencies = ["MBEDTLS_ECP_DP_SECP192R1_ENABLED", - "MBEDTLS_ECP_NIST_OPTIM"] - - moduli = ["fffffffffffffffffffffffffffffffeffffffffffffffff"] # type: List[str] - - input_values = [ - "0", "1", - - # Modulus - 1 - "fffffffffffffffffffffffffffffffefffffffffffffffe", - - # Modulus + 1 - "ffffffffffffffffffffffffffffffff0000000000000000", - - # 2^192 - 1 - "ffffffffffffffffffffffffffffffffffffffffffffffff", - - # Maximum canonical P192 multiplication result - ("fffffffffffffffffffffffffffffffdfffffffffffffffc" - "000000000000000100000000000000040000000000000004"), - - # Generate an overflow during reduction - ("00000000000000000000000000000001ffffffffffffffff" - "ffffffffffffffffffffffffffffffff0000000000000000"), - - # Generate an overflow during carry reduction - ("ffffffffffffffff00000000000000010000000000000000" - "fffffffffffffffeffffffffffffffff0000000000000000"), - - # First 8 number generated by random.getrandbits(384) - seed(2,2) - ("cf1822ffbc6887782b491044d5e341245c6e433715ba2bdd" - "177219d30e7a269fd95bafc8f2a4d27bdcf4bb99f4bea973"), - ("ffed9235288bc781ae66267594c9c9500925e4749b575bd1" - "3653f8dd9b1f282e4067c3584ee207f8da94e3e8ab73738f"), - ("ef8acd128b4f2fc15f3f57ebf30b94fa82523e86feac7eb7" - "dc38f519b91751dacdbd47d364be8049a372db8f6e405d93"), - ("e8624fab5186ee32ee8d7ee9770348a05d300cb90706a045" - "defc044a09325626e6b58de744ab6cce80877b6f71e1f6d2"), - ("2d3d854e061b90303b08c6e33c7295782d6c797f8f7d9b78" - "2a1be9cd8697bbd0e2520e33e44c50556c71c4a66148a86f"), - ("fec3f6b32e8d4b8a8f54f8ceacaab39e83844b40ffa9b9f1" - "5c14bc4a829e07b0829a48d422fe99a22c70501e533c9135"), - ("97eeab64ca2ce6bc5d3fd983c34c769fe89204e2e8168561" - "867e5e15bc01bfce6a27e0dfcbf8754472154e76e4c11ab2"), - ("bd143fa9b714210c665d7435c1066932f4767f26294365b2" - "721dea3bf63f23d0dbe53fcafb2147df5ca495fa5a91c89b"), - - # Next 2 number generated by random.getrandbits(192) - "47733e847d718d733ff98ff387c56473a7a83ee0761ebfd2", - "cbd4d3e2d4dec9ef83f0be4e80371eb97f81375eecc1cb63" - ] - - @property - def arg_a(self) -> str: - return super().format_arg('{:x}'.format(self.int_a)).zfill(2 * self.hex_digits) - - def result(self) -> List[str]: - result = self.int_a % self.int_n - return [self.format_result(result)] - - @property - def is_valid(self) -> bool: - return True - - def arguments(self)-> List[str]: - args = super().arguments() - return ["MBEDTLS_ECP_DP_SECP192R1"] + args - - -class EcpP224R1Raw(bignum_common.ModOperationCommon, - EcpTarget): - """Test cases for ECP P224 fast reduction.""" - symbol = "-" - test_function = "ecp_mod_p_generic_raw" - test_name = "ecp_mod_p224_raw" - input_style = "arch_split" - arity = 1 - dependencies = ["MBEDTLS_ECP_DP_SECP224R1_ENABLED", - "MBEDTLS_ECP_NIST_OPTIM"] - - moduli = ["ffffffffffffffffffffffffffffffff000000000000000000000001"] # type: List[str] - - input_values = [ - "0", "1", - - # Modulus - 1 - "ffffffffffffffffffffffffffffffff000000000000000000000000", - - # Modulus + 1 - "ffffffffffffffffffffffffffffffff000000000000000000000002", - - # 2^224 - 1 - "ffffffffffffffffffffffffffffffffffffffffffffffffffffffff", - - # Maximum canonical P224 multiplication result - ("fffffffffffffffffffffffffffffffe000000000000000000000000" - "00000001000000000000000000000000000000000000000000000000"), - - # Generate an overflow during reduction - ("00000000000000000000000000010000000070000000002000001000" - "ffffffffffff9fffffffffe00000efff000070000000002000001003"), - - # Generate an underflow during reduction - ("00000001000000000000000000000000000000000000000000000000" - "00000000000dc0000000000000000001000000010000000100000003"), - - # First 8 number generated by random.getrandbits(448) - seed(2,2) - ("da94e3e8ab73738fcf1822ffbc6887782b491044d5e341245c6e4337" - "15ba2bdd177219d30e7a269fd95bafc8f2a4d27bdcf4bb99f4bea973"), - ("cdbd47d364be8049a372db8f6e405d93ffed9235288bc781ae662675" - "94c9c9500925e4749b575bd13653f8dd9b1f282e4067c3584ee207f8"), - ("defc044a09325626e6b58de744ab6cce80877b6f71e1f6d2ef8acd12" - "8b4f2fc15f3f57ebf30b94fa82523e86feac7eb7dc38f519b91751da"), - ("2d6c797f8f7d9b782a1be9cd8697bbd0e2520e33e44c50556c71c4a6" - "6148a86fe8624fab5186ee32ee8d7ee9770348a05d300cb90706a045"), - ("8f54f8ceacaab39e83844b40ffa9b9f15c14bc4a829e07b0829a48d4" - "22fe99a22c70501e533c91352d3d854e061b90303b08c6e33c729578"), - ("97eeab64ca2ce6bc5d3fd983c34c769fe89204e2e8168561867e5e15" - "bc01bfce6a27e0dfcbf8754472154e76e4c11ab2fec3f6b32e8d4b8a"), - ("a7a83ee0761ebfd2bd143fa9b714210c665d7435c1066932f4767f26" - "294365b2721dea3bf63f23d0dbe53fcafb2147df5ca495fa5a91c89b"), - ("74667bffe202849da9643a295a9ac6decbd4d3e2d4dec9ef83f0be4e" - "80371eb97f81375eecc1cb6347733e847d718d733ff98ff387c56473"), - - # Next 2 number generated by random.getrandbits(224) - "eb9ac688b9d39cca91551e8259cc60b17604e4b4e73695c3e652c71a", - "f0caeef038c89b38a8acb5137c9260dc74e088a9b9492f258ebdbfe3" - ] - - @property - def arg_a(self) -> str: - limbs = 2 * bignum_common.bits_to_limbs(224, self.bits_in_limb) - hex_digits = bignum_common.hex_digits_for_limb(limbs, self.bits_in_limb) - return super().format_arg('{:x}'.format(self.int_a)).zfill(hex_digits) - - def result(self) -> List[str]: - result = self.int_a % self.int_n - return [self.format_result(result)] - - @property - def is_valid(self) -> bool: - return True - - def arguments(self)-> List[str]: - args = super().arguments() - return ["MBEDTLS_ECP_DP_SECP224R1"] + args - - -class EcpP256R1Raw(bignum_common.ModOperationCommon, - EcpTarget): - """Test cases for ECP P256 fast reduction.""" - symbol = "-" - test_function = "ecp_mod_p_generic_raw" - test_name = "ecp_mod_p256_raw" - input_style = "fixed" - arity = 1 - dependencies = ["MBEDTLS_ECP_DP_SECP256R1_ENABLED", - "MBEDTLS_ECP_NIST_OPTIM"] - - moduli = ["ffffffff00000001000000000000000000000000ffffffffffffffffffffffff"] # type: List[str] - - input_values = [ - "0", "1", - - # Modulus - 1 - "ffffffff00000001000000000000000000000000fffffffffffffffffffffffe", - - # Modulus + 1 - "ffffffff00000001000000000000000000000001000000000000000000000000", - - # 2^256 - 1 - "ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", - - # Maximum canonical P256 multiplication result - ("fffffffe00000002fffffffe0000000100000001fffffffe00000001fffffffc" - "00000003fffffffcfffffffffffffffffffffffc000000000000000000000004"), - - # Generate an overflow during reduction - ("0000000000000000000000010000000000000000000000000000000000000000" - "00000000000000000000000000000000000000000000000000000000ffffffff"), - - # Generate an underflow during reduction - ("0000000000000000000000000000000000000000000000000000000000000010" - "ffffffff00000000000000000000000000000000000000000000000000000000"), - - # Generate an overflow during carry reduction - ("aaaaaaaa00000000000000000000000000000000000000000000000000000000" - "00000000000000000000000000000000aaaaaaacaaaaaaaaaaaaaaaa00000000"), - - # Generate an underflow during carry reduction - ("000000000000000000000001ffffffff00000000000000000000000000000000" - "0000000000000000000000000000000000000002000000020000000100000002"), - - # First 8 number generated by random.getrandbits(512) - seed(2,2) - ("4067c3584ee207f8da94e3e8ab73738fcf1822ffbc6887782b491044d5e34124" - "5c6e433715ba2bdd177219d30e7a269fd95bafc8f2a4d27bdcf4bb99f4bea973"), - ("82523e86feac7eb7dc38f519b91751dacdbd47d364be8049a372db8f6e405d93" - "ffed9235288bc781ae66267594c9c9500925e4749b575bd13653f8dd9b1f282e"), - ("e8624fab5186ee32ee8d7ee9770348a05d300cb90706a045defc044a09325626" - "e6b58de744ab6cce80877b6f71e1f6d2ef8acd128b4f2fc15f3f57ebf30b94fa"), - ("829a48d422fe99a22c70501e533c91352d3d854e061b90303b08c6e33c729578" - "2d6c797f8f7d9b782a1be9cd8697bbd0e2520e33e44c50556c71c4a66148a86f"), - ("e89204e2e8168561867e5e15bc01bfce6a27e0dfcbf8754472154e76e4c11ab2" - "fec3f6b32e8d4b8a8f54f8ceacaab39e83844b40ffa9b9f15c14bc4a829e07b0"), - ("bd143fa9b714210c665d7435c1066932f4767f26294365b2721dea3bf63f23d0" - "dbe53fcafb2147df5ca495fa5a91c89b97eeab64ca2ce6bc5d3fd983c34c769f"), - ("74667bffe202849da9643a295a9ac6decbd4d3e2d4dec9ef83f0be4e80371eb9" - "7f81375eecc1cb6347733e847d718d733ff98ff387c56473a7a83ee0761ebfd2"), - ("d08f1bb2531d6460f0caeef038c89b38a8acb5137c9260dc74e088a9b9492f25" - "8ebdbfe3eb9ac688b9d39cca91551e8259cc60b17604e4b4e73695c3e652c71a"), - - # Next 2 number generated by random.getrandbits(256) - "c5e2486c44a4a8f69dc8db48e86ec9c6e06f291b2a838af8d5c44a4eb3172062", - "d4c0dca8b4c9e755cc9c3adcf515a8234da4daeb4f3f87777ad1f45ae9500ec9" - ] - - @property - def arg_a(self) -> str: - return super().format_arg('{:x}'.format(self.int_a)).zfill(2 * self.hex_digits) - - def result(self) -> List[str]: - result = self.int_a % self.int_n - return [self.format_result(result)] - - @property - def is_valid(self) -> bool: - return True - - def arguments(self)-> List[str]: - args = super().arguments() - return ["MBEDTLS_ECP_DP_SECP256R1"] + args - - -class EcpP384R1Raw(bignum_common.ModOperationCommon, - EcpTarget): - """Test cases for ECP P384 fast reduction.""" - test_function = "ecp_mod_p_generic_raw" - test_name = "ecp_mod_p384_raw" - input_style = "fixed" - arity = 1 - dependencies = ["MBEDTLS_ECP_DP_SECP384R1_ENABLED", - "MBEDTLS_ECP_NIST_OPTIM"] - - moduli = [("ffffffffffffffffffffffffffffffffffffffffffffffff" - "fffffffffffffffeffffffff0000000000000000ffffffff") - ] # type: List[str] - - input_values = [ - "0", "1", - - # Modulus - 1 - ("ffffffffffffffffffffffffffffffffffffffffffffffff" - "fffffffffffffffeffffffff0000000000000000fffffffe"), - - # Modulus + 1 - ("ffffffffffffffffffffffffffffffffffffffffffffffff" - "fffffffffffffffeffffffff000000000000000100000000"), - - # 2^384 - 1 - ("ffffffffffffffffffffffffffffffffffffffffffffffff" - "ffffffffffffffffffffffffffffffffffffffffffffffff"), - - # Maximum canonical P384 multiplication result - ("ffffffffffffffffffffffffffffffffffffffffffffffff" - "fffffffffffffffdfffffffe0000000000000001fffffffc" - "000000000000000000000000000000010000000200000000" - "fffffffe000000020000000400000000fffffffc00000004"), - - # Testing with overflow in A(12) + A(21) + A(20); - ("497811378624857a2c2af60d70583376545484cfae5c812f" - "e2999fc1abb51d18b559e8ca3b50aaf263fdf8f24bdfb98f" - "ffffffff20e65bf9099e4e73a5e8b517cf4fbeb8fd1750fd" - "ae6d43f2e53f82d5ffffffffffffffffcc6f1e06111c62e0"), - - # Testing with underflow in A(13) + A(22) + A(23) - A(12) - A(20); - ("dfdd25e96777406b3c04b8c7b406f5fcf287e1e576003a09" - "2852a6fbe517f2712b68abef41dbd35183a0614fb7222606" - "ffffffff84396eee542f18a9189d94396c784059c17a9f18" - "f807214ef32f2f10ffffffff8a77fac20000000000000000"), - - # Testing with overflow in A(23) + A(20) + A(19) - A(22); - ("783753f8a5afba6c1862eead1deb2fcdd907272be3ffd185" - "42b24a71ee8b26cab0aa33513610ff973042bbe1637cc9fc" - "99ad36c7f703514572cf4f5c3044469a8f5be6312c19e5d3" - "f8fc1ac6ffffffffffffffff8c86252400000000ffffffff"), - - # Testing with underflow in A(23) + A(20) + A(19) - A(22); - ("65e1d2362fce922663b7fd517586e88842a9b4bd092e93e6" - "251c9c69f278cbf8285d99ae3b53da5ba36e56701e2b17c2" - "25f1239556c5f00117fa140218b46ebd8e34f50d0018701f" - "a8a0a5cc00000000000000004410bcb4ffffffff00000000"), - - # Testing the second round of carry reduction - ("000000000000000000000000ffffffffffffffffffffffff" - "ffffffffffffffffffffffffffffffff0000000000000000" - "0000000000000000ffffffff000000000000000000000001" - "00000000000000000000000000000000ffffffff00000001"), - - # First 8 number generated by random.getrandbits(768) - seed(2,2) - ("ffed9235288bc781ae66267594c9c9500925e4749b575bd1" - "3653f8dd9b1f282e4067c3584ee207f8da94e3e8ab73738f" - "cf1822ffbc6887782b491044d5e341245c6e433715ba2bdd" - "177219d30e7a269fd95bafc8f2a4d27bdcf4bb99f4bea973"), - ("e8624fab5186ee32ee8d7ee9770348a05d300cb90706a045" - "defc044a09325626e6b58de744ab6cce80877b6f71e1f6d2" - "ef8acd128b4f2fc15f3f57ebf30b94fa82523e86feac7eb7" - "dc38f519b91751dacdbd47d364be8049a372db8f6e405d93"), - ("fec3f6b32e8d4b8a8f54f8ceacaab39e83844b40ffa9b9f1" - "5c14bc4a829e07b0829a48d422fe99a22c70501e533c9135" - "2d3d854e061b90303b08c6e33c7295782d6c797f8f7d9b78" - "2a1be9cd8697bbd0e2520e33e44c50556c71c4a66148a86f"), - ("bd143fa9b714210c665d7435c1066932f4767f26294365b2" - "721dea3bf63f23d0dbe53fcafb2147df5ca495fa5a91c89b" - "97eeab64ca2ce6bc5d3fd983c34c769fe89204e2e8168561" - "867e5e15bc01bfce6a27e0dfcbf8754472154e76e4c11ab2"), - ("8ebdbfe3eb9ac688b9d39cca91551e8259cc60b17604e4b4" - "e73695c3e652c71a74667bffe202849da9643a295a9ac6de" - "cbd4d3e2d4dec9ef83f0be4e80371eb97f81375eecc1cb63" - "47733e847d718d733ff98ff387c56473a7a83ee0761ebfd2"), - ("d4c0dca8b4c9e755cc9c3adcf515a8234da4daeb4f3f8777" - "7ad1f45ae9500ec9c5e2486c44a4a8f69dc8db48e86ec9c6" - "e06f291b2a838af8d5c44a4eb3172062d08f1bb2531d6460" - "f0caeef038c89b38a8acb5137c9260dc74e088a9b9492f25"), - ("0227eeb7b9d7d01f5769da05d205bbfcc8c69069134bccd3" - "e1cf4f589f8e4ce0af29d115ef24bd625dd961e6830b54fa" - "7d28f93435339774bb1e386c4fd5079e681b8f5896838b76" - "9da59b74a6c3181c81e220df848b1df78feb994a81167346"), - ("d322a7353ead4efe440e2b4fda9c025a22f1a83185b98f5f" - "c11e60de1b343f52ea748db9e020307aaeb6db2c3a038a70" - "9779ac1f45e9dd320c855fdfa7251af0930cdbd30f0ad2a8" - "1b2d19a2beaa14a7ff3fe32a30ffc4eed0a7bd04e85bfcdd"), - - # Next 2 number generated by random.getrandbits(384) - ("5c3747465cc36c270e8a35b10828d569c268a20eb78ac332" - "e5e138e26c4454b90f756132e16dce72f18e859835e1f291"), - ("eb2b5693babb7fbb0a76c196067cfdcb11457d9cf45e2fa0" - "1d7f4275153924800600571fac3a5b263fdf57cd2c006497") - ] - - @property - def arg_a(self) -> str: - return super().format_arg('{:x}'.format(self.int_a)).zfill(2 * self.hex_digits) - - def result(self) -> List[str]: - result = self.int_a % self.int_n - return [self.format_result(result)] - - @property - def is_valid(self) -> bool: - return True - - def arguments(self)-> List[str]: - args = super().arguments() - return ["MBEDTLS_ECP_DP_SECP384R1"] + args - - -class EcpP521R1Raw(bignum_common.ModOperationCommon, - EcpTarget): - """Test cases for ECP P521 fast reduction.""" - test_function = "ecp_mod_p_generic_raw" - test_name = "ecp_mod_p521_raw" - input_style = "arch_split" - arity = 1 - dependencies = ["MBEDTLS_ECP_DP_SECP521R1_ENABLED", - "MBEDTLS_ECP_NIST_OPTIM"] - - moduli = [("01ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff" - "ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff") - ] # type: List[str] - - input_values = [ - "0", "1", - - # Modulus - 1 - ("01ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff" - "fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffe"), - - # Modulus + 1 - ("020000000000000000000000000000000000000000000000000000000000000000" - "000000000000000000000000000000000000000000000000000000000000000000"), - - # Maximum canonical P521 multiplication result - ("0003ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff" - "ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff" - "fffff800" - "0000000000000000000000000000000000000000000000000000000000000000" - "0000000000000000000000000000000000000000000000000000000000000004"), - - # Test case for overflow during addition - ("0001efffffffffffffffffffffffffffffffffffffffffffffffffffffffffff" - "ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff" - "000001ef" - "0000000000000000000000000000000000000000000000000000000000000000" - "000000000000000000000000000000000000000000000000000000000f000000"), - - # First 8 number generated by random.getrandbits(1042) - seed(2,2) - ("0003cc2e82523e86feac7eb7dc38f519b91751dacdbd47d364be8049a372db8f" - "6e405d93ffed9235288bc781ae66267594c9c9500925e4749b575bd13653f8dd" - "9b1f282e" - "4067c3584ee207f8da94e3e8ab73738fcf1822ffbc6887782b491044d5e34124" - "5c6e433715ba2bdd177219d30e7a269fd95bafc8f2a4d27bdcf4bb99f4bea973"), - ("00017052829e07b0829a48d422fe99a22c70501e533c91352d3d854e061b9030" - "3b08c6e33c7295782d6c797f8f7d9b782a1be9cd8697bbd0e2520e33e44c5055" - "6c71c4a6" - "6148a86fe8624fab5186ee32ee8d7ee9770348a05d300cb90706a045defc044a" - "09325626e6b58de744ab6cce80877b6f71e1f6d2ef8acd128b4f2fc15f3f57eb"), - ("00021f15a7a83ee0761ebfd2bd143fa9b714210c665d7435c1066932f4767f26" - "294365b2721dea3bf63f23d0dbe53fcafb2147df5ca495fa5a91c89b97eeab64" - "ca2ce6bc" - "5d3fd983c34c769fe89204e2e8168561867e5e15bc01bfce6a27e0dfcbf87544" - "72154e76e4c11ab2fec3f6b32e8d4b8a8f54f8ceacaab39e83844b40ffa9b9f1"), - ("000381bc2a838af8d5c44a4eb3172062d08f1bb2531d6460f0caeef038c89b38" - "a8acb5137c9260dc74e088a9b9492f258ebdbfe3eb9ac688b9d39cca91551e82" - "59cc60b1" - "7604e4b4e73695c3e652c71a74667bffe202849da9643a295a9ac6decbd4d3e2" - "d4dec9ef83f0be4e80371eb97f81375eecc1cb6347733e847d718d733ff98ff3"), - ("00034816c8c69069134bccd3e1cf4f589f8e4ce0af29d115ef24bd625dd961e6" - "830b54fa7d28f93435339774bb1e386c4fd5079e681b8f5896838b769da59b74" - "a6c3181c" - "81e220df848b1df78feb994a81167346d4c0dca8b4c9e755cc9c3adcf515a823" - "4da4daeb4f3f87777ad1f45ae9500ec9c5e2486c44a4a8f69dc8db48e86ec9c6"), - ("000397846c4454b90f756132e16dce72f18e859835e1f291d322a7353ead4efe" - "440e2b4fda9c025a22f1a83185b98f5fc11e60de1b343f52ea748db9e020307a" - "aeb6db2c" - "3a038a709779ac1f45e9dd320c855fdfa7251af0930cdbd30f0ad2a81b2d19a2" - "beaa14a7ff3fe32a30ffc4eed0a7bd04e85bfcdd0227eeb7b9d7d01f5769da05"), - ("00002c3296e6bc4d62b47204007ee4fab105d83e85e951862f0981aebc1b00d9" - "2838e766ef9b6bf2d037fe2e20b6a8464174e75a5f834da70569c018eb2b5693" - "babb7fbb" - "0a76c196067cfdcb11457d9cf45e2fa01d7f4275153924800600571fac3a5b26" - "3fdf57cd2c0064975c3747465cc36c270e8a35b10828d569c268a20eb78ac332"), - ("00009d23b4917fc09f20dbb0dcc93f0e66dfe717c17313394391b6e2e6eacb0f" - "0bb7be72bd6d25009aeb7fa0c4169b148d2f527e72daf0a54ef25c0707e33868" - "7d1f7157" - "5653a45c49390aa51cf5192bbf67da14be11d56ba0b4a2969d8055a9f03f2d71" - "581d8e830112ff0f0948eccaf8877acf26c377c13f719726fd70bddacb4deeec"), - - # Next 2 number generated by random.getrandbits(521) - ("12b84ae65e920a63ac1f2b64df6dff07870c9d531ae72a47403063238da1a1fe" - "3f9d6a179fa50f96cd4aff9261aa92c0e6f17ec940639bc2ccdf572df00790813e3"), - ("166049dd332a73fa0b26b75196cf87eb8a09b27ec714307c68c425424a1574f1" - "eedf5b0f16cdfdb839424d201e653f53d6883ca1c107ca6e706649889c0c7f38608") - ] - - @property - def arg_a(self) -> str: - # Number of limbs: 2 * N - return super().format_arg('{:x}'.format(self.int_a)).zfill(2 * self.hex_digits) - - def result(self) -> List[str]: - result = self.int_a % self.int_n - return [self.format_result(result)] - - @property - def is_valid(self) -> bool: - return True - - def arguments(self)-> List[str]: - args = super().arguments() - return ["MBEDTLS_ECP_DP_SECP521R1"] + args - - -class EcpP192K1Raw(bignum_common.ModOperationCommon, - EcpTarget): - """Test cases for ECP P192K1 fast reduction.""" - symbol = "-" - test_function = "ecp_mod_p_generic_raw" - test_name = "ecp_mod_p192k1_raw" - input_style = "fixed" - arity = 1 - dependencies = ["MBEDTLS_ECP_DP_SECP192K1_ENABLED"] - - moduli = ["fffffffffffffffffffffffffffffffffffffffeffffee37"] # type: List[str] - - input_values = [ - "0", "1", - - # Modulus - 1 - "fffffffffffffffffffffffffffffffffffffffeffffee36", - - # Modulus + 1 - "fffffffffffffffffffffffffffffffffffffffeffffee38", - - # 2^192 - 1 - "ffffffffffffffffffffffffffffffffffffffffffffffff", - - # Maximum canonical P192K1 multiplication result - ("fffffffffffffffffffffffffffffffffffffffdffffdc6c" - "0000000000000000000000000000000100002394013c7364"), - - # Test case for overflow during addition - ("00000007ffff71b809e27dd832cfd5e04d9d2dbb9f8da217" - "0000000000000000000000000000000000000000520834f0"), - - # First 8 number generated by random.getrandbits(384) - seed(2,2) - ("cf1822ffbc6887782b491044d5e341245c6e433715ba2bdd" - "177219d30e7a269fd95bafc8f2a4d27bdcf4bb99f4bea973"), - ("ffed9235288bc781ae66267594c9c9500925e4749b575bd1" - "3653f8dd9b1f282e4067c3584ee207f8da94e3e8ab73738f"), - ("ef8acd128b4f2fc15f3f57ebf30b94fa82523e86feac7eb7" - "dc38f519b91751dacdbd47d364be8049a372db8f6e405d93"), - ("e8624fab5186ee32ee8d7ee9770348a05d300cb90706a045" - "defc044a09325626e6b58de744ab6cce80877b6f71e1f6d2"), - ("2d3d854e061b90303b08c6e33c7295782d6c797f8f7d9b78" - "2a1be9cd8697bbd0e2520e33e44c50556c71c4a66148a86f"), - ("fec3f6b32e8d4b8a8f54f8ceacaab39e83844b40ffa9b9f1" - "5c14bc4a829e07b0829a48d422fe99a22c70501e533c9135"), - ("97eeab64ca2ce6bc5d3fd983c34c769fe89204e2e8168561" - "867e5e15bc01bfce6a27e0dfcbf8754472154e76e4c11ab2"), - ("bd143fa9b714210c665d7435c1066932f4767f26294365b2" - "721dea3bf63f23d0dbe53fcafb2147df5ca495fa5a91c89b"), - - # Next 2 number generated by random.getrandbits(192) - "47733e847d718d733ff98ff387c56473a7a83ee0761ebfd2", - "cbd4d3e2d4dec9ef83f0be4e80371eb97f81375eecc1cb63" - ] - - @property - def arg_a(self) -> str: - return super().format_arg('{:x}'.format(self.int_a)).zfill(2 * self.hex_digits) - - def result(self) -> List[str]: - result = self.int_a % self.int_n - return [self.format_result(result)] - - @property - def is_valid(self) -> bool: - return True - - def arguments(self): - args = super().arguments() - return ["MBEDTLS_ECP_DP_SECP192K1"] + args - - -class EcpP224K1Raw(bignum_common.ModOperationCommon, - EcpTarget): - """Test cases for ECP P224 fast reduction.""" - symbol = "-" - test_function = "ecp_mod_p_generic_raw" - test_name = "ecp_mod_p224k1_raw" - input_style = "arch_split" - arity = 1 - dependencies = ["MBEDTLS_ECP_DP_SECP224K1_ENABLED"] - - moduli = ["fffffffffffffffffffffffffffffffffffffffffffffffeffffe56d"] # type: List[str] - - input_values = [ - "0", "1", - - # Modulus - 1 - "fffffffffffffffffffffffffffffffffffffffffffffffeffffe56c", - - # Modulus + 1 - "fffffffffffffffffffffffffffffffffffffffffffffffeffffe56e", - - # 2^224 - 1 - "ffffffffffffffffffffffffffffffffffffffffffffffffffffffff", - - # Maximum canonical P224K1 multiplication result - ("fffffffffffffffffffffffffffffffffffffffffffffffdffffcad8" - "00000000000000000000000000000000000000010000352802c26590"), - - # Test case for overflow during addition - ("0000007ffff2b68161180fd8cd92e1a109be158a19a99b1809db8032" - "0000000000000000000000000000000000000000000000000bf04f49"), - - # First 8 number generated by random.getrandbits(448) - seed(2,2) - ("da94e3e8ab73738fcf1822ffbc6887782b491044d5e341245c6e4337" - "15ba2bdd177219d30e7a269fd95bafc8f2a4d27bdcf4bb99f4bea973"), - ("cdbd47d364be8049a372db8f6e405d93ffed9235288bc781ae662675" - "94c9c9500925e4749b575bd13653f8dd9b1f282e4067c3584ee207f8"), - ("defc044a09325626e6b58de744ab6cce80877b6f71e1f6d2ef8acd12" - "8b4f2fc15f3f57ebf30b94fa82523e86feac7eb7dc38f519b91751da"), - ("2d6c797f8f7d9b782a1be9cd8697bbd0e2520e33e44c50556c71c4a6" - "6148a86fe8624fab5186ee32ee8d7ee9770348a05d300cb90706a045"), - ("8f54f8ceacaab39e83844b40ffa9b9f15c14bc4a829e07b0829a48d4" - "22fe99a22c70501e533c91352d3d854e061b90303b08c6e33c729578"), - ("97eeab64ca2ce6bc5d3fd983c34c769fe89204e2e8168561867e5e15" - "bc01bfce6a27e0dfcbf8754472154e76e4c11ab2fec3f6b32e8d4b8a"), - ("a7a83ee0761ebfd2bd143fa9b714210c665d7435c1066932f4767f26" - "294365b2721dea3bf63f23d0dbe53fcafb2147df5ca495fa5a91c89b"), - ("74667bffe202849da9643a295a9ac6decbd4d3e2d4dec9ef83f0be4e" - "80371eb97f81375eecc1cb6347733e847d718d733ff98ff387c56473"), - - # Next 2 number generated by random.getrandbits(224) - ("eb9ac688b9d39cca91551e8259cc60b17604e4b4e73695c3e652c71a"), - ("f0caeef038c89b38a8acb5137c9260dc74e088a9b9492f258ebdbfe3"), - ] - - @property - def arg_a(self) -> str: - limbs = 2 * bignum_common.bits_to_limbs(224, self.bits_in_limb) - hex_digits = bignum_common.hex_digits_for_limb(limbs, self.bits_in_limb) - return super().format_arg('{:x}'.format(self.int_a)).zfill(hex_digits) - - def result(self) -> List[str]: - result = self.int_a % self.int_n - return [self.format_result(result)] - - @property - def is_valid(self) -> bool: - return True - - def arguments(self): - args = super().arguments() - return ["MBEDTLS_ECP_DP_SECP224K1"] + args - - -class EcpP256K1Raw(bignum_common.ModOperationCommon, - EcpTarget): - """Test cases for ECP P256 fast reduction.""" - symbol = "-" - test_function = "ecp_mod_p_generic_raw" - test_name = "ecp_mod_p256k1_raw" - input_style = "fixed" - arity = 1 - dependencies = ["MBEDTLS_ECP_DP_SECP256K1_ENABLED"] - - moduli = ["fffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc2f"] # type: List[str] - - input_values = [ - "0", "1", - - # Modulus - 1 - "fffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc2e", - - # Modulus + 1 - "fffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc30", - - # 2^256 - 1 - "ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", - - # Maximum canonical P256K1 multiplication result - ("fffffffffffffffffffffffffffffffffffffffffffffffffffffffdfffff85c" - "000000000000000000000000000000000000000000000001000007a4000e9844"), - - # Test case for overflow during addition - ("0000fffffc2f000e90a0c86a0a63234e5ba641f43a7e4aecc4040e67ec850562" - "00000000000000000000000000000000000000000000000000000000585674fd"), - - # Test case for overflow during addition - ("0000fffffc2f000e90a0c86a0a63234e5ba641f43a7e4aecc4040e67ec850562" - "00000000000000000000000000000000000000000000000000000000585674fd"), - - # First 8 number generated by random.getrandbits(512) - seed(2,2) - ("4067c3584ee207f8da94e3e8ab73738fcf1822ffbc6887782b491044d5e34124" - "5c6e433715ba2bdd177219d30e7a269fd95bafc8f2a4d27bdcf4bb99f4bea973"), - ("82523e86feac7eb7dc38f519b91751dacdbd47d364be8049a372db8f6e405d93" - "ffed9235288bc781ae66267594c9c9500925e4749b575bd13653f8dd9b1f282e"), - ("e8624fab5186ee32ee8d7ee9770348a05d300cb90706a045defc044a09325626" - "e6b58de744ab6cce80877b6f71e1f6d2ef8acd128b4f2fc15f3f57ebf30b94fa"), - ("829a48d422fe99a22c70501e533c91352d3d854e061b90303b08c6e33c729578" - "2d6c797f8f7d9b782a1be9cd8697bbd0e2520e33e44c50556c71c4a66148a86f"), - ("e89204e2e8168561867e5e15bc01bfce6a27e0dfcbf8754472154e76e4c11ab2" - "fec3f6b32e8d4b8a8f54f8ceacaab39e83844b40ffa9b9f15c14bc4a829e07b0"), - ("bd143fa9b714210c665d7435c1066932f4767f26294365b2721dea3bf63f23d0" - "dbe53fcafb2147df5ca495fa5a91c89b97eeab64ca2ce6bc5d3fd983c34c769f"), - ("74667bffe202849da9643a295a9ac6decbd4d3e2d4dec9ef83f0be4e80371eb9" - "7f81375eecc1cb6347733e847d718d733ff98ff387c56473a7a83ee0761ebfd2"), - ("d08f1bb2531d6460f0caeef038c89b38a8acb5137c9260dc74e088a9b9492f25" - "8ebdbfe3eb9ac688b9d39cca91551e8259cc60b17604e4b4e73695c3e652c71a"), - - # Next 2 number generated by random.getrandbits(256) - ("c5e2486c44a4a8f69dc8db48e86ec9c6e06f291b2a838af8d5c44a4eb3172062"), - ("d4c0dca8b4c9e755cc9c3adcf515a8234da4daeb4f3f87777ad1f45ae9500ec9"), - ] - - @property - def arg_a(self) -> str: - return super().format_arg('{:x}'.format(self.int_a)).zfill(2 * self.hex_digits) - - def result(self) -> List[str]: - result = self.int_a % self.int_n - return [self.format_result(result)] - - @property - def is_valid(self) -> bool: - return True - - def arguments(self): - args = super().arguments() - return ["MBEDTLS_ECP_DP_SECP256K1"] + args - - -class EcpP255Raw(bignum_common.ModOperationCommon, - EcpTarget): - """Test cases for ECP 25519 fast reduction.""" - symbol = "-" - test_function = "ecp_mod_p_generic_raw" - test_name = "mbedtls_ecp_mod_p255_raw" - input_style = "fixed" - arity = 1 - dependencies = ["MBEDTLS_ECP_DP_CURVE25519_ENABLED"] - - moduli = [("7fffffffffffffffffffffffffffffffffffffffffffffffff" - "ffffffffffffed")] # type: List[str] - - input_values = [ - "0", "1", - - # Modulus - 1 - ("7fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffec"), - - # Modulus + 1 - ("7fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffee"), - - # 2^255 - 1 - ("7fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff"), - - # Maximum canonical P255 multiplication result - ("3fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffec" - "0000000000000000000000000000000000000000000000000000000000000190"), - - # First 8 number generated by random.getrandbits(510) - seed(2,2) - ("1019f0d64ee207f8da94e3e8ab73738fcf1822ffbc6887782b491044d5e34124" - "5c6e433715ba2bdd177219d30e7a269fd95bafc8f2a4d27bdcf4bb99f4bea973"), - ("20948fa1feac7eb7dc38f519b91751dacdbd47d364be8049a372db8f6e405d93" - "ffed9235288bc781ae66267594c9c9500925e4749b575bd13653f8dd9b1f282e"), - ("3a1893ea5186ee32ee8d7ee9770348a05d300cb90706a045defc044a09325626" - "e6b58de744ab6cce80877b6f71e1f6d2ef8acd128b4f2fc15f3f57ebf30b94fa"), - ("20a6923522fe99a22c70501e533c91352d3d854e061b90303b08c6e33c729578" - "2d6c797f8f7d9b782a1be9cd8697bbd0e2520e33e44c50556c71c4a66148a86f"), - ("3a248138e8168561867e5e15bc01bfce6a27e0dfcbf8754472154e76e4c11ab2" - "fec3f6b32e8d4b8a8f54f8ceacaab39e83844b40ffa9b9f15c14bc4a829e07b0"), - ("2f450feab714210c665d7435c1066932f4767f26294365b2721dea3bf63f23d0" - "dbe53fcafb2147df5ca495fa5a91c89b97eeab64ca2ce6bc5d3fd983c34c769f"), - ("1d199effe202849da9643a295a9ac6decbd4d3e2d4dec9ef83f0be4e80371eb9" - "7f81375eecc1cb6347733e847d718d733ff98ff387c56473a7a83ee0761ebfd2"), - ("3423c6ec531d6460f0caeef038c89b38a8acb5137c9260dc74e088a9b9492f25" - "8ebdbfe3eb9ac688b9d39cca91551e8259cc60b17604e4b4e73695c3e652c71a"), - - # Next 2 number generated by random.getrandbits(255) - ("62f1243644a4a8f69dc8db48e86ec9c6e06f291b2a838af8d5c44a4eb3172062"), - ("6a606e54b4c9e755cc9c3adcf515a8234da4daeb4f3f87777ad1f45ae9500ec9"), - ] - - @property - def arg_a(self) -> str: - return super().format_arg('{:x}'.format(self.int_a)).zfill(2 * self.hex_digits) - - def result(self) -> List[str]: - result = self.int_a % self.int_n - return [self.format_result(result)] - - @property - def is_valid(self) -> bool: - return True - - def arguments(self)-> List[str]: - args = super().arguments() - return ["MBEDTLS_ECP_DP_CURVE25519"] + args - - -class EcpP448Raw(bignum_common.ModOperationCommon, - EcpTarget): - """Test cases for ECP P448 fast reduction.""" - symbol = "-" - test_function = "ecp_mod_p_generic_raw" - test_name = "ecp_mod_p448_raw" - input_style = "fixed" - arity = 1 - dependencies = ["MBEDTLS_ECP_DP_CURVE448_ENABLED"] - - moduli = [("fffffffffffffffffffffffffffffffffffffffffffffffffffffffe" - "ffffffffffffffffffffffffffffffffffffffffffffffffffffffff")] # type: List[str] - - input_values = [ - "0", "1", - - # Modulus - 1 - ("fffffffffffffffffffffffffffffffffffffffffffffffffffffffe" - "fffffffffffffffffffffffffffffffffffffffffffffffffffffffe"), - - # Modulus + 1 - ("ffffffffffffffffffffffffffffffffffffffffffffffffffffffff" - "00000000000000000000000000000000000000000000000000000000"), - - # 2^448 - 1 - ("ffffffffffffffffffffffffffffffffffffffffffffffffffffffff" - "ffffffffffffffffffffffffffffffffffffffffffffffffffffffff"), - - # Maximum canonical P448 multiplication result - ("fffffffffffffffffffffffffffffffffffffffffffffffffffffffd" - "fffffffffffffffffffffffffffffffffffffffffffffffffffffffd" - "00000000000000000000000000000000000000000000000000000004" - "00000000000000000000000000000000000000000000000000000004"), - - # First 8 number generated by random.getrandbits(896) - seed(2,2) - ("74667bffe202849da9643a295a9ac6decbd4d3e2d4dec9ef83f0be4e" - "80371eb97f81375eecc1cb6347733e847d718d733ff98ff387c56473" - "a7a83ee0761ebfd2bd143fa9b714210c665d7435c1066932f4767f26" - "294365b2721dea3bf63f23d0dbe53fcafb2147df5ca495fa5a91c89b"), - ("4da4daeb4f3f87777ad1f45ae9500ec9c5e2486c44a4a8f69dc8db48" - "e86ec9c6e06f291b2a838af8d5c44a4eb3172062d08f1bb2531d6460" - "f0caeef038c89b38a8acb5137c9260dc74e088a9b9492f258ebdbfe3" - "eb9ac688b9d39cca91551e8259cc60b17604e4b4e73695c3e652c71a"), - ("bc1b00d92838e766ef9b6bf2d037fe2e20b6a8464174e75a5f834da7" - "0569c018eb2b5693babb7fbb0a76c196067cfdcb11457d9cf45e2fa0" - "1d7f4275153924800600571fac3a5b263fdf57cd2c0064975c374746" - "5cc36c270e8a35b10828d569c268a20eb78ac332e5e138e26c4454b9"), - ("8d2f527e72daf0a54ef25c0707e338687d1f71575653a45c49390aa5" - "1cf5192bbf67da14be11d56ba0b4a2969d8055a9f03f2d71581d8e83" - "0112ff0f0948eccaf8877acf26c377c13f719726fd70bddacb4deeec" - "0b0c995e96e6bc4d62b47204007ee4fab105d83e85e951862f0981ae"), - ("84ae65e920a63ac1f2b64df6dff07870c9d531ae72a47403063238da" - "1a1fe3f9d6a179fa50f96cd4aff9261aa92c0e6f17ec940639bc2ccd" - "f572df00790813e32748dd1db4917fc09f20dbb0dcc93f0e66dfe717" - "c17313394391b6e2e6eacb0f0bb7be72bd6d25009aeb7fa0c4169b14"), - ("2bb3b36f29421c4021b7379f0897246a40c270b00e893302aba9e7b8" - "23fc5ad2f58105748ed5d1b7b310b730049dd332a73fa0b26b75196c" - "f87eb8a09b27ec714307c68c425424a1574f1eedf5b0f16cdfdb8394" - "24d201e653f53d6883ca1c107ca6e706649889c0c7f3860895bfa813"), - ("af3f5d7841b1256d5c1dc12fb5a1ae519fb8883accda6559caa538a0" - "9fc9370d3a6b86a7975b54a31497024640332b0612d4050771d7b14e" - "b6c004cc3b8367dc3f2bb31efe9934ad0809eae3ef232a32b5459d83" - "fbc46f1aea990e94821d46063b4dbf2ca294523d74115c86188b1044"), - ("7430051376e31f5aab63ad02854efa600641b4fa37a47ce41aeffafc" - "3b45402ac02659fe2e87d4150511baeb198ababb1a16daff3da95cd2" - "167b75dfb948f82a8317cba01c75f67e290535d868a24b7f627f2855" - "09167d4126af8090013c3273c02c6b9586b4625b475b51096c4ad652"), - - # Corner case which causes maximum overflow - ("f4ae65e920a63ac1f2b64df6dff07870c9d531ae72a47403063238da1" - "a1fe3f9d6a179fa50f96cd4aff9261aa92c0e6f17ec940639bc2ccd0B" - "519A16DF59C53E0D49B209200F878F362ACE518D5B8BFCF9CDC725E5E" - "01C06295E8605AF06932B5006D9E556D3F190E8136BF9C643D332"), - - # Next 2 number generated by random.getrandbits(448) - ("8f54f8ceacaab39e83844b40ffa9b9f15c14bc4a829e07b0829a48d4" - "22fe99a22c70501e533c91352d3d854e061b90303b08c6e33c729578"), - ("97eeab64ca2ce6bc5d3fd983c34c769fe89204e2e8168561867e5e15" - "bc01bfce6a27e0dfcbf8754472154e76e4c11ab2fec3f6b32e8d4b8a"), - - ] - - @property - def arg_a(self) -> str: - return super().format_arg('{:x}'.format(self.int_a)).zfill(2 * self.hex_digits) - - def result(self) -> List[str]: - result = self.int_a % self.int_n - return [self.format_result(result)] - - @property - def is_valid(self) -> bool: - return True - - def arguments(self): - args = super().arguments() - return ["MBEDTLS_ECP_DP_CURVE448"] + args diff --git a/scripts/mbedtls_dev/logging_util.py b/scripts/mbedtls_dev/logging_util.py deleted file mode 100644 index ddd7c7fd67..0000000000 --- a/scripts/mbedtls_dev/logging_util.py +++ /dev/null @@ -1,46 +0,0 @@ -"""Auxiliary functions used for logging module. -""" - -# Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later -# - -import logging -import sys - -def configure_logger( - logger: logging.Logger, - log_format="[%(levelname)s]: %(message)s", - split_level=logging.WARNING - ) -> None: - """ - Configure the logging.Logger instance so that: - - Format is set to any log_format. - Default: "[%(levelname)s]: %(message)s" - - loglevel >= split_level are printed to stderr. - - loglevel < split_level are printed to stdout. - Default: logging.WARNING - """ - class MaxLevelFilter(logging.Filter): - # pylint: disable=too-few-public-methods - def __init__(self, max_level, name=''): - super().__init__(name) - self.max_level = max_level - - def filter(self, record: logging.LogRecord) -> bool: - return record.levelno <= self.max_level - - log_formatter = logging.Formatter(log_format) - - # set loglevel >= split_level to be printed to stderr - stderr_hdlr = logging.StreamHandler(sys.stderr) - stderr_hdlr.setLevel(split_level) - stderr_hdlr.setFormatter(log_formatter) - - # set loglevel < split_level to be printed to stdout - stdout_hdlr = logging.StreamHandler(sys.stdout) - stdout_hdlr.addFilter(MaxLevelFilter(split_level - 1)) - stdout_hdlr.setFormatter(log_formatter) - - logger.addHandler(stderr_hdlr) - logger.addHandler(stdout_hdlr) diff --git a/scripts/mbedtls_dev/macro_collector.py b/scripts/mbedtls_dev/macro_collector.py deleted file mode 100644 index d68be00bd5..0000000000 --- a/scripts/mbedtls_dev/macro_collector.py +++ /dev/null @@ -1,539 +0,0 @@ -"""Collect macro definitions from header files. -""" - -# Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later -# - -import itertools -import re -from typing import Dict, IO, Iterable, Iterator, List, Optional, Pattern, Set, Tuple, Union - - -class ReadFileLineException(Exception): - def __init__(self, filename: str, line_number: Union[int, str]) -> None: - message = 'in {} at {}'.format(filename, line_number) - super(ReadFileLineException, self).__init__(message) - self.filename = filename - self.line_number = line_number - - -class read_file_lines: - # Dear Pylint, conventionally, a context manager class name is lowercase. - # pylint: disable=invalid-name,too-few-public-methods - """Context manager to read a text file line by line. - - ``` - with read_file_lines(filename) as lines: - for line in lines: - process(line) - ``` - is equivalent to - ``` - with open(filename, 'r') as input_file: - for line in input_file: - process(line) - ``` - except that if process(line) raises an exception, then the read_file_lines - snippet annotates the exception with the file name and line number. - """ - def __init__(self, filename: str, binary: bool = False) -> None: - self.filename = filename - self.file = None #type: Optional[IO[str]] - self.line_number = 'entry' #type: Union[int, str] - self.generator = None #type: Optional[Iterable[Tuple[int, str]]] - self.binary = binary - def __enter__(self) -> 'read_file_lines': - self.file = open(self.filename, 'rb' if self.binary else 'r') - self.generator = enumerate(self.file) - return self - def __iter__(self) -> Iterator[str]: - assert self.generator is not None - for line_number, content in self.generator: - self.line_number = line_number - yield content - self.line_number = 'exit' - def __exit__(self, exc_type, exc_value, exc_traceback) -> None: - if self.file is not None: - self.file.close() - if exc_type is not None: - raise ReadFileLineException(self.filename, self.line_number) \ - from exc_value - - -class PSAMacroEnumerator: - """Information about constructors of various PSA Crypto types. - - This includes macro names as well as information about their arguments - when applicable. - - This class only provides ways to enumerate expressions that evaluate to - values of the covered types. Derived classes are expected to populate - the set of known constructors of each kind, as well as populate - `self.arguments_for` for arguments that are not of a kind that is - enumerated here. - """ - #pylint: disable=too-many-instance-attributes - - def __init__(self) -> None: - """Set up an empty set of known constructor macros. - """ - self.statuses = set() #type: Set[str] - self.lifetimes = set() #type: Set[str] - self.locations = set() #type: Set[str] - self.persistence_levels = set() #type: Set[str] - self.algorithms = set() #type: Set[str] - self.ecc_curves = set() #type: Set[str] - self.dh_groups = set() #type: Set[str] - self.key_types = set() #type: Set[str] - self.key_usage_flags = set() #type: Set[str] - self.hash_algorithms = set() #type: Set[str] - self.mac_algorithms = set() #type: Set[str] - self.ka_algorithms = set() #type: Set[str] - self.kdf_algorithms = set() #type: Set[str] - self.pake_algorithms = set() #type: Set[str] - self.aead_algorithms = set() #type: Set[str] - self.sign_algorithms = set() #type: Set[str] - # macro name -> list of argument names - self.argspecs = {} #type: Dict[str, List[str]] - # argument name -> list of values - self.arguments_for = { - 'mac_length': [], - 'min_mac_length': [], - 'tag_length': [], - 'min_tag_length': [], - } #type: Dict[str, List[str]] - # Whether to include intermediate macros in enumerations. Intermediate - # macros serve as category headers and are not valid values of their - # type. See `is_internal_name`. - # Always false in this class, may be set to true in derived classes. - self.include_intermediate = False - - def is_internal_name(self, name: str) -> bool: - """Whether this is an internal macro. Internal macros will be skipped.""" - if not self.include_intermediate: - if name.endswith('_BASE') or name.endswith('_NONE'): - return True - if '_CATEGORY_' in name: - return True - return name.endswith('_FLAG') or name.endswith('_MASK') - - def gather_arguments(self) -> None: - """Populate the list of values for macro arguments. - - Call this after parsing all the inputs. - """ - self.arguments_for['hash_alg'] = sorted(self.hash_algorithms) - self.arguments_for['mac_alg'] = sorted(self.mac_algorithms) - self.arguments_for['ka_alg'] = sorted(self.ka_algorithms) - self.arguments_for['kdf_alg'] = sorted(self.kdf_algorithms) - self.arguments_for['aead_alg'] = sorted(self.aead_algorithms) - self.arguments_for['sign_alg'] = sorted(self.sign_algorithms) - self.arguments_for['curve'] = sorted(self.ecc_curves) - self.arguments_for['group'] = sorted(self.dh_groups) - self.arguments_for['persistence'] = sorted(self.persistence_levels) - self.arguments_for['location'] = sorted(self.locations) - self.arguments_for['lifetime'] = sorted(self.lifetimes) - - @staticmethod - def _format_arguments(name: str, arguments: Iterable[str]) -> str: - """Format a macro call with arguments. - - The resulting format is consistent with - `InputsForTest.normalize_argument`. - """ - return name + '(' + ', '.join(arguments) + ')' - - _argument_split_re = re.compile(r' *, *') - @classmethod - def _argument_split(cls, arguments: str) -> List[str]: - return re.split(cls._argument_split_re, arguments) - - def distribute_arguments(self, name: str) -> Iterator[str]: - """Generate macro calls with each tested argument set. - - If name is a macro without arguments, just yield "name". - If name is a macro with arguments, yield a series of - "name(arg1,...,argN)" where each argument takes each possible - value at least once. - """ - try: - if name not in self.argspecs: - yield name - return - argspec = self.argspecs[name] - if argspec == []: - yield name + '()' - return - argument_lists = [self.arguments_for[arg] for arg in argspec] - arguments = [values[0] for values in argument_lists] - yield self._format_arguments(name, arguments) - # Dear Pylint, enumerate won't work here since we're modifying - # the array. - # pylint: disable=consider-using-enumerate - for i in range(len(arguments)): - for value in argument_lists[i][1:]: - arguments[i] = value - yield self._format_arguments(name, arguments) - arguments[i] = argument_lists[i][0] - except BaseException as e: - raise Exception('distribute_arguments({})'.format(name)) from e - - def distribute_arguments_without_duplicates( - self, seen: Set[str], name: str - ) -> Iterator[str]: - """Same as `distribute_arguments`, but don't repeat seen results.""" - for result in self.distribute_arguments(name): - if result not in seen: - seen.add(result) - yield result - - def generate_expressions(self, names: Iterable[str]) -> Iterator[str]: - """Generate expressions covering values constructed from the given names. - - `names` can be any iterable collection of macro names. - - For example: - * ``generate_expressions(['PSA_ALG_CMAC', 'PSA_ALG_HMAC'])`` - generates ``'PSA_ALG_CMAC'`` as well as ``'PSA_ALG_HMAC(h)'`` for - every known hash algorithm ``h``. - * ``macros.generate_expressions(macros.key_types)`` generates all - key types. - """ - seen = set() #type: Set[str] - return itertools.chain(*( - self.distribute_arguments_without_duplicates(seen, name) - for name in names - )) - - -class PSAMacroCollector(PSAMacroEnumerator): - """Collect PSA crypto macro definitions from C header files. - """ - - def __init__(self, include_intermediate: bool = False) -> None: - """Set up an object to collect PSA macro definitions. - - Call the read_file method of the constructed object on each header file. - - * include_intermediate: if true, include intermediate macros such as - PSA_XXX_BASE that do not designate semantic values. - """ - super().__init__() - self.include_intermediate = include_intermediate - self.key_types_from_curve = {} #type: Dict[str, str] - self.key_types_from_group = {} #type: Dict[str, str] - self.algorithms_from_hash = {} #type: Dict[str, str] - - @staticmethod - def algorithm_tester(name: str) -> str: - """The predicate for whether an algorithm is built from the given constructor. - - The given name must be the name of an algorithm constructor of the - form ``PSA_ALG_xxx`` which is used as ``PSA_ALG_xxx(yyy)`` to build - an algorithm value. Return the corresponding predicate macro which - is used as ``predicate(alg)`` to test whether ``alg`` can be built - as ``PSA_ALG_xxx(yyy)``. The predicate is usually called - ``PSA_ALG_IS_xxx``. - """ - prefix = 'PSA_ALG_' - assert name.startswith(prefix) - midfix = 'IS_' - suffix = name[len(prefix):] - if suffix in ['DSA', 'ECDSA']: - midfix += 'RANDOMIZED_' - elif suffix == 'RSA_PSS': - suffix += '_STANDARD_SALT' - return prefix + midfix + suffix - - def record_algorithm_subtype(self, name: str, expansion: str) -> None: - """Record the subtype of an algorithm constructor. - - Given a ``PSA_ALG_xxx`` macro name and its expansion, if the algorithm - is of a subtype that is tracked in its own set, add it to the relevant - set. - """ - # This code is very ad hoc and fragile. It should be replaced by - # something more robust. - if re.match(r'MAC(?:_|\Z)', name): - self.mac_algorithms.add(name) - elif re.match(r'KDF(?:_|\Z)', name): - self.kdf_algorithms.add(name) - elif re.search(r'0x020000[0-9A-Fa-f]{2}', expansion): - self.hash_algorithms.add(name) - elif re.search(r'0x03[0-9A-Fa-f]{6}', expansion): - self.mac_algorithms.add(name) - elif re.search(r'0x05[0-9A-Fa-f]{6}', expansion): - self.aead_algorithms.add(name) - elif re.search(r'0x09[0-9A-Fa-f]{2}0000', expansion): - self.ka_algorithms.add(name) - elif re.search(r'0x08[0-9A-Fa-f]{6}', expansion): - self.kdf_algorithms.add(name) - - # "#define" followed by a macro name with either no parameters - # or a single parameter and a non-empty expansion. - # Grab the macro name in group 1, the parameter name if any in group 2 - # and the expansion in group 3. - _define_directive_re = re.compile(r'\s*#\s*define\s+(\w+)' + - r'(?:\s+|\((\w+)\)\s*)' + - r'(.+)') - _deprecated_definition_re = re.compile(r'\s*MBEDTLS_DEPRECATED') - - def read_line(self, line): - """Parse a C header line and record the PSA identifier it defines if any. - This function analyzes lines that start with "#define PSA_" - (up to non-significant whitespace) and skips all non-matching lines. - """ - # pylint: disable=too-many-branches - m = re.match(self._define_directive_re, line) - if not m: - return - name, parameter, expansion = m.groups() - expansion = re.sub(r'/\*.*?\*/|//.*', r' ', expansion) - if parameter: - self.argspecs[name] = [parameter] - if re.match(self._deprecated_definition_re, expansion): - # Skip deprecated values, which are assumed to be - # backward compatibility aliases that share - # numerical values with non-deprecated values. - return - if self.is_internal_name(name): - # Macro only to build actual values - return - elif (name.startswith('PSA_ERROR_') or name == 'PSA_SUCCESS') \ - and not parameter: - self.statuses.add(name) - elif name.startswith('PSA_KEY_TYPE_') and not parameter: - self.key_types.add(name) - elif name.startswith('PSA_KEY_TYPE_') and parameter == 'curve': - self.key_types_from_curve[name] = name[:13] + 'IS_' + name[13:] - elif name.startswith('PSA_KEY_TYPE_') and parameter == 'group': - self.key_types_from_group[name] = name[:13] + 'IS_' + name[13:] - elif name.startswith('PSA_ECC_FAMILY_') and not parameter: - self.ecc_curves.add(name) - elif name.startswith('PSA_DH_FAMILY_') and not parameter: - self.dh_groups.add(name) - elif name.startswith('PSA_ALG_') and not parameter: - if name in ['PSA_ALG_ECDSA_BASE', - 'PSA_ALG_RSA_PKCS1V15_SIGN_BASE']: - # Ad hoc skipping of duplicate names for some numerical values - return - self.algorithms.add(name) - self.record_algorithm_subtype(name, expansion) - elif name.startswith('PSA_ALG_') and parameter == 'hash_alg': - self.algorithms_from_hash[name] = self.algorithm_tester(name) - elif name.startswith('PSA_KEY_USAGE_') and not parameter: - self.key_usage_flags.add(name) - else: - # Other macro without parameter - return - - _nonascii_re = re.compile(rb'[^\x00-\x7f]+') - _continued_line_re = re.compile(rb'\\\r?\n\Z') - def read_file(self, header_file): - for line in header_file: - m = re.search(self._continued_line_re, line) - while m: - cont = next(header_file) - line = line[:m.start(0)] + cont - m = re.search(self._continued_line_re, line) - line = re.sub(self._nonascii_re, rb'', line).decode('ascii') - self.read_line(line) - - -class InputsForTest(PSAMacroEnumerator): - # pylint: disable=too-many-instance-attributes - """Accumulate information about macros to test. -enumerate - This includes macro names as well as information about their arguments - when applicable. - """ - - def __init__(self) -> None: - super().__init__() - self.all_declared = set() #type: Set[str] - # Identifier prefixes - self.table_by_prefix = { - 'ERROR': self.statuses, - 'ALG': self.algorithms, - 'ECC_CURVE': self.ecc_curves, - 'DH_GROUP': self.dh_groups, - 'KEY_LIFETIME': self.lifetimes, - 'KEY_LOCATION': self.locations, - 'KEY_PERSISTENCE': self.persistence_levels, - 'KEY_TYPE': self.key_types, - 'KEY_USAGE': self.key_usage_flags, - } #type: Dict[str, Set[str]] - # Test functions - self.table_by_test_function = { - # Any function ending in _algorithm also gets added to - # self.algorithms. - 'key_type': [self.key_types], - 'block_cipher_key_type': [self.key_types], - 'stream_cipher_key_type': [self.key_types], - 'ecc_key_family': [self.ecc_curves], - 'ecc_key_types': [self.ecc_curves], - 'dh_key_family': [self.dh_groups], - 'dh_key_types': [self.dh_groups], - 'hash_algorithm': [self.hash_algorithms], - 'mac_algorithm': [self.mac_algorithms], - 'cipher_algorithm': [], - 'hmac_algorithm': [self.mac_algorithms, self.sign_algorithms], - 'aead_algorithm': [self.aead_algorithms], - 'key_derivation_algorithm': [self.kdf_algorithms], - 'key_agreement_algorithm': [self.ka_algorithms], - 'asymmetric_signature_algorithm': [self.sign_algorithms], - 'asymmetric_signature_wildcard': [self.algorithms], - 'asymmetric_encryption_algorithm': [], - 'pake_algorithm': [self.pake_algorithms], - 'other_algorithm': [], - 'lifetime': [self.lifetimes], - } #type: Dict[str, List[Set[str]]] - mac_lengths = [str(n) for n in [ - 1, # minimum expressible - 4, # minimum allowed by policy - 13, # an odd size in a plausible range - 14, # an even non-power-of-two size in a plausible range - 16, # same as full size for at least one algorithm - 63, # maximum expressible - ]] - self.arguments_for['mac_length'] += mac_lengths - self.arguments_for['min_mac_length'] += mac_lengths - aead_lengths = [str(n) for n in [ - 1, # minimum expressible - 4, # minimum allowed by policy - 13, # an odd size in a plausible range - 14, # an even non-power-of-two size in a plausible range - 16, # same as full size for at least one algorithm - 63, # maximum expressible - ]] - self.arguments_for['tag_length'] += aead_lengths - self.arguments_for['min_tag_length'] += aead_lengths - - def add_numerical_values(self) -> None: - """Add numerical values that are not supported to the known identifiers.""" - # Sets of names per type - self.algorithms.add('0xffffffff') - self.ecc_curves.add('0xff') - self.dh_groups.add('0xff') - self.key_types.add('0xffff') - self.key_usage_flags.add('0x80000000') - - # Hard-coded values for unknown algorithms - # - # These have to have values that are correct for their respective - # PSA_ALG_IS_xxx macros, but are also not currently assigned and are - # not likely to be assigned in the near future. - self.hash_algorithms.add('0x020000fe') # 0x020000ff is PSA_ALG_ANY_HASH - self.mac_algorithms.add('0x03007fff') - self.ka_algorithms.add('0x09fc0000') - self.kdf_algorithms.add('0x080000ff') - self.pake_algorithms.add('0x0a0000ff') - # For AEAD algorithms, the only variability is over the tag length, - # and this only applies to known algorithms, so don't test an - # unknown algorithm. - - def get_names(self, type_word: str) -> Set[str]: - """Return the set of known names of values of the given type.""" - return { - 'status': self.statuses, - 'algorithm': self.algorithms, - 'ecc_curve': self.ecc_curves, - 'dh_group': self.dh_groups, - 'key_type': self.key_types, - 'key_usage': self.key_usage_flags, - }[type_word] - - # Regex for interesting header lines. - # Groups: 1=macro name, 2=type, 3=argument list (optional). - _header_line_re = \ - re.compile(r'#define +' + - r'(PSA_((?:(?:DH|ECC|KEY)_)?[A-Z]+)_\w+)' + - r'(?:\(([^\n()]*)\))?') - # Regex of macro names to exclude. - _excluded_name_re = re.compile(r'_(?:GET|IS|OF)_|_(?:BASE|FLAG|MASK)\Z') - # Additional excluded macros. - _excluded_names = set([ - # Macros that provide an alternative way to build the same - # algorithm as another macro. - 'PSA_ALG_AEAD_WITH_DEFAULT_LENGTH_TAG', - 'PSA_ALG_FULL_LENGTH_MAC', - # Auxiliary macro whose name doesn't fit the usual patterns for - # auxiliary macros. - 'PSA_ALG_AEAD_WITH_DEFAULT_LENGTH_TAG_CASE', - ]) - def parse_header_line(self, line: str) -> None: - """Parse a C header line, looking for "#define PSA_xxx".""" - m = re.match(self._header_line_re, line) - if not m: - return - name = m.group(1) - self.all_declared.add(name) - if re.search(self._excluded_name_re, name) or \ - name in self._excluded_names or \ - self.is_internal_name(name): - return - dest = self.table_by_prefix.get(m.group(2)) - if dest is None: - return - dest.add(name) - if m.group(3): - self.argspecs[name] = self._argument_split(m.group(3)) - - _nonascii_re = re.compile(rb'[^\x00-\x7f]+') #type: Pattern - def parse_header(self, filename: str) -> None: - """Parse a C header file, looking for "#define PSA_xxx".""" - with read_file_lines(filename, binary=True) as lines: - for line in lines: - line = re.sub(self._nonascii_re, rb'', line).decode('ascii') - self.parse_header_line(line) - - _macro_identifier_re = re.compile(r'[A-Z]\w+') - def generate_undeclared_names(self, expr: str) -> Iterable[str]: - for name in re.findall(self._macro_identifier_re, expr): - if name not in self.all_declared: - yield name - - def accept_test_case_line(self, function: str, argument: str) -> bool: - #pylint: disable=unused-argument - undeclared = list(self.generate_undeclared_names(argument)) - if undeclared: - raise Exception('Undeclared names in test case', undeclared) - return True - - @staticmethod - def normalize_argument(argument: str) -> str: - """Normalize whitespace in the given C expression. - - The result uses the same whitespace as - ` PSAMacroEnumerator.distribute_arguments`. - """ - return re.sub(r',', r', ', re.sub(r' +', r'', argument)) - - def add_test_case_line(self, function: str, argument: str) -> None: - """Parse a test case data line, looking for algorithm metadata tests.""" - sets = [] - if function.endswith('_algorithm'): - sets.append(self.algorithms) - if function == 'key_agreement_algorithm' and \ - argument.startswith('PSA_ALG_KEY_AGREEMENT('): - # We only want *raw* key agreement algorithms as such, so - # exclude ones that are already chained with a KDF. - # Keep the expression as one to test as an algorithm. - function = 'other_algorithm' - sets += self.table_by_test_function[function] - if self.accept_test_case_line(function, argument): - for s in sets: - s.add(self.normalize_argument(argument)) - - # Regex matching a *.data line containing a test function call and - # its arguments. The actual definition is partly positional, but this - # regex is good enough in practice. - _test_case_line_re = re.compile(r'(?!depends_on:)(\w+):([^\n :][^:\n]*)') - def parse_test_cases(self, filename: str) -> None: - """Parse a test case file (*.data), looking for algorithm metadata tests.""" - with read_file_lines(filename) as lines: - for line in lines: - m = re.match(self._test_case_line_re, line) - if m: - self.add_test_case_line(m.group(1), m.group(2)) diff --git a/scripts/mbedtls_dev/psa_information.py b/scripts/mbedtls_dev/psa_information.py deleted file mode 100644 index 60803864f2..0000000000 --- a/scripts/mbedtls_dev/psa_information.py +++ /dev/null @@ -1,161 +0,0 @@ -"""Collect information about PSA cryptographic mechanisms. -""" - -# Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later -# - -import re -from collections import OrderedDict -from typing import FrozenSet, List, Optional - -from . import macro_collector - - -class Information: - """Gather information about PSA constructors.""" - - def __init__(self) -> None: - self.constructors = self.read_psa_interface() - - @staticmethod - def remove_unwanted_macros( - constructors: macro_collector.PSAMacroEnumerator - ) -> None: - # Mbed TLS does not support finite-field DSA. - # Don't attempt to generate any related test case. - constructors.key_types.discard('PSA_KEY_TYPE_DSA_KEY_PAIR') - constructors.key_types.discard('PSA_KEY_TYPE_DSA_PUBLIC_KEY') - - def read_psa_interface(self) -> macro_collector.PSAMacroEnumerator: - """Return the list of known key types, algorithms, etc.""" - constructors = macro_collector.InputsForTest() - header_file_names = ['include/psa/crypto_values.h', - 'include/psa/crypto_extra.h'] - test_suites = ['tests/suites/test_suite_psa_crypto_metadata.data'] - for header_file_name in header_file_names: - constructors.parse_header(header_file_name) - for test_cases in test_suites: - constructors.parse_test_cases(test_cases) - self.remove_unwanted_macros(constructors) - constructors.gather_arguments() - return constructors - - -def psa_want_symbol(name: str) -> str: - """Return the PSA_WANT_xxx symbol associated with a PSA crypto feature.""" - if name.startswith('PSA_'): - return name[:4] + 'WANT_' + name[4:] - else: - raise ValueError('Unable to determine the PSA_WANT_ symbol for ' + name) - -def finish_family_dependency(dep: str, bits: int) -> str: - """Finish dep if it's a family dependency symbol prefix. - - A family dependency symbol prefix is a PSA_WANT_ symbol that needs to be - qualified by the key size. If dep is such a symbol, finish it by adjusting - the prefix and appending the key size. Other symbols are left unchanged. - """ - return re.sub(r'_FAMILY_(.*)', r'_\1_' + str(bits), dep) - -def finish_family_dependencies(dependencies: List[str], bits: int) -> List[str]: - """Finish any family dependency symbol prefixes. - - Apply `finish_family_dependency` to each element of `dependencies`. - """ - return [finish_family_dependency(dep, bits) for dep in dependencies] - -SYMBOLS_WITHOUT_DEPENDENCY = frozenset([ - 'PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG', # modifier, only in policies - 'PSA_ALG_AEAD_WITH_SHORTENED_TAG', # modifier - 'PSA_ALG_ANY_HASH', # only in policies - 'PSA_ALG_AT_LEAST_THIS_LENGTH_MAC', # modifier, only in policies - 'PSA_ALG_KEY_AGREEMENT', # chaining - 'PSA_ALG_TRUNCATED_MAC', # modifier -]) -def automatic_dependencies(*expressions: str) -> List[str]: - """Infer dependencies of a test case by looking for PSA_xxx symbols. - - The arguments are strings which should be C expressions. Do not use - string literals or comments as this function is not smart enough to - skip them. - """ - used = set() - for expr in expressions: - used.update(re.findall(r'PSA_(?:ALG|ECC_FAMILY|DH_FAMILY|KEY_TYPE)_\w+', expr)) - used.difference_update(SYMBOLS_WITHOUT_DEPENDENCY) - return sorted(psa_want_symbol(name) for name in used) - -# Define set of regular expressions and dependencies to optionally append -# extra dependencies for test case based on key description. - -# Skip AES test cases which require 192- or 256-bit key -# if MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH defined -AES_128BIT_ONLY_DEP_REGEX = re.compile(r'AES\s(192|256)') -AES_128BIT_ONLY_DEP = ['!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH'] -# Skip AES/ARIA/CAMELLIA test cases which require decrypt operation in ECB mode -# if MBEDTLS_BLOCK_CIPHER_NO_DECRYPT enabled. -ECB_NO_PADDING_DEP_REGEX = re.compile(r'(AES|ARIA|CAMELLIA).*ECB_NO_PADDING') -ECB_NO_PADDING_DEP = ['!MBEDTLS_BLOCK_CIPHER_NO_DECRYPT'] - -DEPENDENCY_FROM_DESCRIPTION = OrderedDict() -DEPENDENCY_FROM_DESCRIPTION[AES_128BIT_ONLY_DEP_REGEX] = AES_128BIT_ONLY_DEP -DEPENDENCY_FROM_DESCRIPTION[ECB_NO_PADDING_DEP_REGEX] = ECB_NO_PADDING_DEP -def generate_deps_from_description( - description: str - ) -> List[str]: - """Return additional dependencies based on test case description and REGEX. - """ - dep_list = [] - for regex, deps in DEPENDENCY_FROM_DESCRIPTION.items(): - if re.search(regex, description): - dep_list += deps - - return dep_list - -# A temporary hack: at the time of writing, not all dependency symbols -# are implemented yet. Skip test cases for which the dependency symbols are -# not available. Once all dependency symbols are available, this hack must -# be removed so that a bug in the dependency symbols properly leads to a test -# failure. -def read_implemented_dependencies(filename: str) -> FrozenSet[str]: - return frozenset(symbol - for line in open(filename) - for symbol in re.findall(r'\bPSA_WANT_\w+\b', line)) -_implemented_dependencies = None #type: Optional[FrozenSet[str]] #pylint: disable=invalid-name -def hack_dependencies_not_implemented(dependencies: List[str]) -> None: - global _implemented_dependencies #pylint: disable=global-statement,invalid-name - if _implemented_dependencies is None: - _implemented_dependencies = \ - read_implemented_dependencies('include/psa/crypto_config.h') - if not all((dep.lstrip('!') in _implemented_dependencies or - not dep.lstrip('!').startswith('PSA_WANT')) - for dep in dependencies): - dependencies.append('DEPENDENCY_NOT_IMPLEMENTED_YET') - -def tweak_key_pair_dependency(dep: str, usage: str): - """ - This helper function add the proper suffix to PSA_WANT_KEY_TYPE_xxx_KEY_PAIR - symbols according to the required usage. - """ - ret_list = list() - if dep.endswith('KEY_PAIR'): - if usage == "BASIC": - # BASIC automatically includes IMPORT and EXPORT for test purposes (see - # config_psa.h). - ret_list.append(re.sub(r'KEY_PAIR', r'KEY_PAIR_BASIC', dep)) - ret_list.append(re.sub(r'KEY_PAIR', r'KEY_PAIR_IMPORT', dep)) - ret_list.append(re.sub(r'KEY_PAIR', r'KEY_PAIR_EXPORT', dep)) - elif usage == "GENERATE": - ret_list.append(re.sub(r'KEY_PAIR', r'KEY_PAIR_GENERATE', dep)) - else: - # No replacement to do in this case - ret_list.append(dep) - return ret_list - -def fix_key_pair_dependencies(dep_list: List[str], usage: str): - new_list = [new_deps - for dep in dep_list - for new_deps in tweak_key_pair_dependency(dep, usage)] - - return new_list diff --git a/scripts/mbedtls_dev/psa_storage.py b/scripts/mbedtls_dev/psa_storage.py deleted file mode 100644 index b1fc377104..0000000000 --- a/scripts/mbedtls_dev/psa_storage.py +++ /dev/null @@ -1,206 +0,0 @@ -"""Knowledge about the PSA key store as implemented in Mbed TLS. - -Note that if you need to make a change that affects how keys are -stored, this may indicate that the key store is changing in a -backward-incompatible way! Think carefully about backward compatibility -before changing how test data is constructed or validated. -""" - -# Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later -# - -import re -import struct -from typing import Dict, List, Optional, Set, Union -import unittest - -from . import c_build_helper -from . import build_tree - - -class Expr: - """Representation of a C expression with a known or knowable numerical value.""" - - def __init__(self, content: Union[int, str]): - if isinstance(content, int): - digits = 8 if content > 0xffff else 4 - self.string = '{0:#0{1}x}'.format(content, digits + 2) - self.value_if_known = content #type: Optional[int] - else: - self.string = content - self.unknown_values.add(self.normalize(content)) - self.value_if_known = None - - value_cache = {} #type: Dict[str, int] - """Cache of known values of expressions.""" - - unknown_values = set() #type: Set[str] - """Expressions whose values are not present in `value_cache` yet.""" - - def update_cache(self) -> None: - """Update `value_cache` for expressions registered in `unknown_values`.""" - expressions = sorted(self.unknown_values) - includes = ['include'] - if build_tree.looks_like_tf_psa_crypto_root('.'): - includes.append('drivers/builtin/include') - values = c_build_helper.get_c_expression_values( - 'unsigned long', '%lu', - expressions, - header=""" - #include - """, - include_path=includes) #type: List[str] - for e, v in zip(expressions, values): - self.value_cache[e] = int(v, 0) - self.unknown_values.clear() - - @staticmethod - def normalize(string: str) -> str: - """Put the given C expression in a canonical form. - - This function is only intended to give correct results for the - relatively simple kind of C expression typically used with this - module. - """ - return re.sub(r'\s+', r'', string) - - def value(self) -> int: - """Return the numerical value of the expression.""" - if self.value_if_known is None: - if re.match(r'([0-9]+|0x[0-9a-f]+)\Z', self.string, re.I): - return int(self.string, 0) - normalized = self.normalize(self.string) - if normalized not in self.value_cache: - self.update_cache() - self.value_if_known = self.value_cache[normalized] - return self.value_if_known - -Exprable = Union[str, int, Expr] -"""Something that can be converted to a C expression with a known numerical value.""" - -def as_expr(thing: Exprable) -> Expr: - """Return an `Expr` object for `thing`. - - If `thing` is already an `Expr` object, return it. Otherwise build a new - `Expr` object from `thing`. `thing` can be an integer or a string that - contains a C expression. - """ - if isinstance(thing, Expr): - return thing - else: - return Expr(thing) - - -class Key: - """Representation of a PSA crypto key object and its storage encoding. - """ - - LATEST_VERSION = 0 - """The latest version of the storage format.""" - - def __init__(self, *, - version: Optional[int] = None, - id: Optional[int] = None, #pylint: disable=redefined-builtin - lifetime: Exprable = 'PSA_KEY_LIFETIME_PERSISTENT', - type: Exprable, #pylint: disable=redefined-builtin - bits: int, - usage: Exprable, alg: Exprable, alg2: Exprable, - material: bytes #pylint: disable=used-before-assignment - ) -> None: - self.version = self.LATEST_VERSION if version is None else version - self.id = id #pylint: disable=invalid-name #type: Optional[int] - self.lifetime = as_expr(lifetime) #type: Expr - self.type = as_expr(type) #type: Expr - self.bits = bits #type: int - self.usage = as_expr(usage) #type: Expr - self.alg = as_expr(alg) #type: Expr - self.alg2 = as_expr(alg2) #type: Expr - self.material = material #type: bytes - - MAGIC = b'PSA\000KEY\000' - - @staticmethod - def pack( - fmt: str, - *args: Union[int, Expr] - ) -> bytes: #pylint: disable=used-before-assignment - """Pack the given arguments into a byte string according to the given format. - - This function is similar to `struct.pack`, but with the following differences: - * All integer values are encoded with standard sizes and in - little-endian representation. `fmt` must not include an endianness - prefix. - * Arguments can be `Expr` objects instead of integers. - * Only integer-valued elements are supported. - """ - return struct.pack('<' + fmt, # little-endian, standard sizes - *[arg.value() if isinstance(arg, Expr) else arg - for arg in args]) - - def bytes(self) -> bytes: - """Return the representation of the key in storage as a byte array. - - This is the content of the PSA storage file. When PSA storage is - implemented over stdio files, this does not include any wrapping made - by the PSA-storage-over-stdio-file implementation. - - Note that if you need to make a change in this function, - this may indicate that the key store is changing in a - backward-incompatible way! Think carefully about backward - compatibility before making any change here. - """ - header = self.MAGIC + self.pack('L', self.version) - if self.version == 0: - attributes = self.pack('LHHLLL', - self.lifetime, self.type, self.bits, - self.usage, self.alg, self.alg2) - material = self.pack('L', len(self.material)) + self.material - else: - raise NotImplementedError - return header + attributes + material - - def hex(self) -> str: - """Return the representation of the key as a hexadecimal string. - - This is the hexadecimal representation of `self.bytes`. - """ - return self.bytes().hex() - - def location_value(self) -> int: - """The numerical value of the location encoded in the key's lifetime.""" - return self.lifetime.value() >> 8 - - -class TestKey(unittest.TestCase): - # pylint: disable=line-too-long - """A few smoke tests for the functionality of the `Key` class.""" - - def test_numerical(self): - key = Key(version=0, - id=1, lifetime=0x00000001, - type=0x2400, bits=128, - usage=0x00000300, alg=0x05500200, alg2=0x04c01000, - material=b'@ABCDEFGHIJKLMNO') - expected_hex = '505341004b45590000000000010000000024800000030000000250050010c00410000000404142434445464748494a4b4c4d4e4f' - self.assertEqual(key.bytes(), bytes.fromhex(expected_hex)) - self.assertEqual(key.hex(), expected_hex) - - def test_names(self): - length = 0xfff8 // 8 # PSA_MAX_KEY_BITS in bytes - key = Key(version=0, - id=1, lifetime='PSA_KEY_LIFETIME_PERSISTENT', - type='PSA_KEY_TYPE_RAW_DATA', bits=length*8, - usage=0, alg=0, alg2=0, - material=b'\x00' * length) - expected_hex = '505341004b45590000000000010000000110f8ff000000000000000000000000ff1f0000' + '00' * length - self.assertEqual(key.bytes(), bytes.fromhex(expected_hex)) - self.assertEqual(key.hex(), expected_hex) - - def test_defaults(self): - key = Key(type=0x1001, bits=8, - usage=0, alg=0, alg2=0, - material=b'\x2a') - expected_hex = '505341004b455900000000000100000001100800000000000000000000000000010000002a' - self.assertEqual(key.bytes(), bytes.fromhex(expected_hex)) - self.assertEqual(key.hex(), expected_hex) diff --git a/scripts/mbedtls_dev/test_case.py b/scripts/mbedtls_dev/test_case.py deleted file mode 100644 index 6ed5e849de..0000000000 --- a/scripts/mbedtls_dev/test_case.py +++ /dev/null @@ -1,91 +0,0 @@ -"""Library for constructing an Mbed TLS test case. -""" - -# Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later -# - -import binascii -import os -import sys -from typing import Iterable, List, Optional - -from . import typing_util - -def hex_string(data: bytes) -> str: - return '"' + binascii.hexlify(data).decode('ascii') + '"' - - -class MissingDescription(Exception): - pass - -class MissingFunction(Exception): - pass - -class TestCase: - """An Mbed TLS test case.""" - - def __init__(self, description: Optional[str] = None): - self.comments = [] #type: List[str] - self.description = description #type: Optional[str] - self.dependencies = [] #type: List[str] - self.function = None #type: Optional[str] - self.arguments = [] #type: List[str] - - def add_comment(self, *lines: str) -> None: - self.comments += lines - - def set_description(self, description: str) -> None: - self.description = description - - def set_dependencies(self, dependencies: List[str]) -> None: - self.dependencies = dependencies - - def set_function(self, function: str) -> None: - self.function = function - - def set_arguments(self, arguments: List[str]) -> None: - self.arguments = arguments - - def check_completeness(self) -> None: - if self.description is None: - raise MissingDescription - if self.function is None: - raise MissingFunction - - def write(self, out: typing_util.Writable) -> None: - """Write the .data file paragraph for this test case. - - The output starts and ends with a single newline character. If the - surrounding code writes lines (consisting of non-newline characters - and a final newline), you will end up with a blank line before, but - not after the test case. - """ - self.check_completeness() - assert self.description is not None # guide mypy - assert self.function is not None # guide mypy - out.write('\n') - for line in self.comments: - out.write('# ' + line + '\n') - out.write(self.description + '\n') - if self.dependencies: - out.write('depends_on:' + ':'.join(self.dependencies) + '\n') - out.write(self.function + ':' + ':'.join(self.arguments) + '\n') - -def write_data_file(filename: str, - test_cases: Iterable[TestCase], - caller: Optional[str] = None) -> None: - """Write the test cases to the specified file. - - If the file already exists, it is overwritten. - """ - if caller is None: - caller = os.path.basename(sys.argv[0]) - tempfile = filename + '.new' - with open(tempfile, 'w') as out: - out.write('# Automatically generated by {}. Do not edit!\n' - .format(caller)) - for tc in test_cases: - tc.write(out) - out.write('\n# End of automatically generated file.\n') - os.replace(tempfile, filename) diff --git a/scripts/mbedtls_dev/test_data_generation.py b/scripts/mbedtls_dev/test_data_generation.py deleted file mode 100644 index a84f7dd2f0..0000000000 --- a/scripts/mbedtls_dev/test_data_generation.py +++ /dev/null @@ -1,224 +0,0 @@ -"""Common code for test data generation. - -This module defines classes that are of general use to automatically -generate .data files for unit tests, as well as a main function. - -These are used both by generate_psa_tests.py and generate_bignum_tests.py. -""" - -# Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later -# - -import argparse -import os -import posixpath -import re -import inspect - -from abc import ABCMeta, abstractmethod -from typing import Callable, Dict, Iterable, Iterator, List, Type, TypeVar - -from . import build_tree -from . import test_case - -T = TypeVar('T') #pylint: disable=invalid-name - - -class BaseTest(metaclass=ABCMeta): - """Base class for test case generation. - - Attributes: - count: Counter for test cases from this class. - case_description: Short description of the test case. This may be - automatically generated using the class, or manually set. - dependencies: A list of dependencies required for the test case. - show_test_count: Toggle for inclusion of `count` in the test description. - test_function: Test function which the class generates cases for. - test_name: A common name or description of the test function. This can - be `test_function`, a clearer equivalent, or a short summary of the - test function's purpose. - """ - count = 0 - case_description = "" - dependencies = [] # type: List[str] - show_test_count = True - test_function = "" - test_name = "" - - def __new__(cls, *args, **kwargs): - # pylint: disable=unused-argument - cls.count += 1 - return super().__new__(cls) - - @abstractmethod - def arguments(self) -> List[str]: - """Get the list of arguments for the test case. - - Override this method to provide the list of arguments required for - the `test_function`. - - Returns: - List of arguments required for the test function. - """ - raise NotImplementedError - - def description(self) -> str: - """Create a test case description. - - Creates a description of the test case, including a name for the test - function, an optional case count, and a description of the specific - test case. This should inform a reader what is being tested, and - provide context for the test case. - - Returns: - Description for the test case. - """ - if self.show_test_count: - return "{} #{} {}".format( - self.test_name, self.count, self.case_description - ).strip() - else: - return "{} {}".format(self.test_name, self.case_description).strip() - - - def create_test_case(self) -> test_case.TestCase: - """Generate TestCase from the instance.""" - tc = test_case.TestCase() - tc.set_description(self.description()) - tc.set_function(self.test_function) - tc.set_arguments(self.arguments()) - tc.set_dependencies(self.dependencies) - - return tc - - @classmethod - @abstractmethod - def generate_function_tests(cls) -> Iterator[test_case.TestCase]: - """Generate test cases for the class test function. - - This will be called in classes where `test_function` is set. - Implementations should yield TestCase objects, by creating instances - of the class with appropriate input data, and then calling - `create_test_case()` on each. - """ - raise NotImplementedError - - -class BaseTarget: - #pylint: disable=too-few-public-methods - """Base target for test case generation. - - Child classes of this class represent an output file, and can be referred - to as file targets. These indicate where test cases will be written to for - all subclasses of the file target, which is set by `target_basename`. - - Attributes: - target_basename: Basename of file to write generated tests to. This - should be specified in a child class of BaseTarget. - """ - target_basename = "" - - @classmethod - def generate_tests(cls) -> Iterator[test_case.TestCase]: - """Generate test cases for the class and its subclasses. - - In classes with `test_function` set, `generate_function_tests()` is - called to generate test cases first. - - In all classes, this method will iterate over its subclasses, and - yield from `generate_tests()` in each. Calling this method on a class X - will yield test cases from all classes derived from X. - """ - if issubclass(cls, BaseTest) and not inspect.isabstract(cls): - #pylint: disable=no-member - yield from cls.generate_function_tests() - for subclass in sorted(cls.__subclasses__(), key=lambda c: c.__name__): - yield from subclass.generate_tests() - - -class TestGenerator: - """Generate test cases and write to data files.""" - def __init__(self, options) -> None: - self.test_suite_directory = options.directory - # Update `targets` with an entry for each child class of BaseTarget. - # Each entry represents a file generated by the BaseTarget framework, - # and enables generating the .data files using the CLI. - self.targets.update({ - subclass.target_basename: subclass.generate_tests - for subclass in BaseTarget.__subclasses__() - if subclass.target_basename - }) - - def filename_for(self, basename: str) -> str: - """The location of the data file with the specified base name.""" - return posixpath.join(self.test_suite_directory, basename + '.data') - - def write_test_data_file(self, basename: str, - test_cases: Iterable[test_case.TestCase]) -> None: - """Write the test cases to a .data file. - - The output file is ``basename + '.data'`` in the test suite directory. - """ - filename = self.filename_for(basename) - test_case.write_data_file(filename, test_cases) - - # Note that targets whose names contain 'test_format' have their content - # validated by `abi_check.py`. - targets = {} # type: Dict[str, Callable[..., Iterable[test_case.TestCase]]] - - def generate_target(self, name: str, *target_args) -> None: - """Generate cases and write to data file for a target. - - For target callables which require arguments, override this function - and pass these arguments using super() (see PSATestGenerator). - """ - test_cases = self.targets[name](*target_args) - self.write_test_data_file(name, test_cases) - -def main(args, description: str, generator_class: Type[TestGenerator] = TestGenerator): - """Command line entry point.""" - parser = argparse.ArgumentParser(description=description) - parser.add_argument('--list', action='store_true', - help='List available targets and exit') - parser.add_argument('--list-for-cmake', action='store_true', - help='Print \';\'-separated list of available targets and exit') - # If specified explicitly, this option may be a path relative to the - # current directory when the script is invoked. The default value - # is relative to the mbedtls root, which we don't know yet. So we - # can't set a string as the default value here. - parser.add_argument('--directory', metavar='DIR', - help='Output directory (default: tests/suites)') - parser.add_argument('targets', nargs='*', metavar='TARGET', - help='Target file to generate (default: all; "-": none)') - options = parser.parse_args(args) - - # Change to the mbedtls root, to keep things simple. But first, adjust - # command line options that might be relative paths. - if options.directory is None: - options.directory = 'tests/suites' - else: - options.directory = os.path.abspath(options.directory) - build_tree.chdir_to_root() - - generator = generator_class(options) - if options.list: - for name in sorted(generator.targets): - print(generator.filename_for(name)) - return - # List in a cmake list format (i.e. ';'-separated) - if options.list_for_cmake: - print(';'.join(generator.filename_for(name) - for name in sorted(generator.targets)), end='') - return - if options.targets: - # Allow "-" as a special case so you can run - # ``generate_xxx_tests.py - $targets`` and it works uniformly whether - # ``$targets`` is empty or not. - options.targets = [os.path.basename(re.sub(r'\.data\Z', r'', target)) - for target in options.targets - if target != '-'] - else: - options.targets = sorted(generator.targets) - for target in options.targets: - generator.generate_target(target) diff --git a/scripts/mbedtls_dev/typing_util.py b/scripts/mbedtls_dev/typing_util.py deleted file mode 100644 index 2ec448d004..0000000000 --- a/scripts/mbedtls_dev/typing_util.py +++ /dev/null @@ -1,28 +0,0 @@ -"""Auxiliary definitions used in type annotations. -""" - -# Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later -# - -from typing import Any - -# The typing_extensions module is necessary for type annotations that are -# checked with mypy. It is only used for type annotations or to define -# things that are themselves only used for type annotations. It is not -# available on a default Python installation. Therefore, try loading -# what we need from it for the sake of mypy (which depends on, or comes -# with, typing_extensions), and if not define substitutes that lack the -# static type information but are good enough at runtime. -try: - from typing_extensions import Protocol #pylint: disable=import-error -except ImportError: - class Protocol: #type: ignore - #pylint: disable=too-few-public-methods - pass - -class Writable(Protocol): - """Abstract class for typing hints.""" - # pylint: disable=no-self-use,too-few-public-methods,unused-argument - def write(self, text: str) -> Any: - ... From 1131318b72ab25296bbd2b77f480f1338e46baa5 Mon Sep 17 00:00:00 2001 From: David Horstmann Date: Fri, 3 May 2024 14:34:57 +0100 Subject: [PATCH 208/429] Add framework/scripts to scripts_path.py This allows test scripts to find the new mbedtls_framework module. Signed-off-by: David Horstmann --- tests/scripts/scripts_path.py | 3 +++ 1 file changed, 3 insertions(+) diff --git a/tests/scripts/scripts_path.py b/tests/scripts/scripts_path.py index 5d83f29f92..ce2afcfc36 100644 --- a/tests/scripts/scripts_path.py +++ b/tests/scripts/scripts_path.py @@ -15,3 +15,6 @@ import sys sys.path.append(os.path.join(os.path.dirname(__file__), os.path.pardir, os.path.pardir, 'scripts')) +sys.path.append(os.path.join(os.path.dirname(__file__), + os.path.pardir, os.path.pardir, + 'framework', 'scripts')) From cd84bb287b635230aa96ae8d663516f47a690c64 Mon Sep 17 00:00:00 2001 From: David Horstmann Date: Fri, 3 May 2024 14:36:12 +0100 Subject: [PATCH 209/429] Update references to mbedtls_dev Change these to point to the new mbedtls_framework module in the framework submodule. Signed-off-by: David Horstmann --- .../psa-crypto-implementation-structure.md | 6 ++-- scripts/abi_check.py | 2 +- scripts/code_size_compare.py | 6 ++-- scripts/generate_driver_wrappers.py | 2 +- scripts/generate_psa_constants.py | 4 +-- scripts/generate_ssl_debug_helpers.py | 2 +- scripts/min_requirements.py | 2 +- tests/CMakeLists.txt | 34 +++++++++---------- tests/Makefile | 34 +++++++++---------- tests/scripts/audit-validity-dates.py | 4 +-- tests/scripts/check-python-files.sh | 6 ++-- tests/scripts/check_files.py | 2 +- tests/scripts/check_names.py | 2 +- tests/scripts/generate_bignum_tests.py | 6 ++-- tests/scripts/generate_ecp_tests.py | 4 +-- tests/scripts/generate_psa_tests.py | 14 ++++---- tests/scripts/generate_psa_wrappers.py | 8 ++--- tests/scripts/generate_test_cert_macros.py | 2 +- tests/scripts/generate_test_keys.py | 4 +-- tests/scripts/test_psa_compliance.py | 2 +- tests/scripts/test_psa_constant_names.py | 6 ++-- 21 files changed, 76 insertions(+), 76 deletions(-) diff --git a/docs/architecture/psa-crypto-implementation-structure.md b/docs/architecture/psa-crypto-implementation-structure.md index d7e4f9c488..7e0e37d251 100644 --- a/docs/architecture/psa-crypto-implementation-structure.md +++ b/docs/architecture/psa-crypto-implementation-structure.md @@ -86,7 +86,7 @@ Summary of files to modify when adding a new algorithm or key type: * [ ] `tests/suites/test_suite_psa_crypto_metadata.data` — [New functions and macros](#new-functions-and-macros) * (If adding `PSA_IS_xxx`) `tests/suites/test_suite_psa_crypto_metadata.function` — [New functions and macros](#new-functions-and-macros) * [ ] `tests/suites/test_suite_psa_crypto*.data`, `tests/suites/test_suite_psa_crypto*.function` — [Unit tests](#unit-tests) -* [ ] `scripts/mbedtls_dev/crypto_knowledge.py`, `scripts/mbedtls_dev/asymmetric_key_data.py` — [Unit tests](#unit-tests) +* [ ] `framework/scripts/mbedtls_framework/crypto_knowledge.py`, `framework/scripts/mbedtls_framework/asymmetric_key_data.py` — [Unit tests](#unit-tests) * [ ] `ChangeLog.d/*.txt` — changelog entry Summary of files to modify when adding new API functions: @@ -161,8 +161,8 @@ A number of unit tests are automatically generated by `tests/scripts/generate_ps When adding a new key type or algorithm: -* `scripts/mbedtls_dev/crypto_knowledge.py` contains knowledge about the compatibility of key types, key sizes and algorithms. -* `scripts/mbedtls_dev/asymmetric_key_data.py` contains valid key data for asymmetric key types. +* `framework/scripts/mbedtls_framework/crypto_knowledge.py` contains knowledge about the compatibility of key types, key sizes and algorithms. +* `framework/scripts/mbedtls_framework/asymmetric_key_data.py` contains valid key data for asymmetric key types. Other things need to be tested manually, either in `tests/suites/test_sutie_psa_crypto.data` or in another file. For example (this is not an exhaustive list): diff --git a/scripts/abi_check.py b/scripts/abi_check.py index 8a604c4e24..d3d2bd02f6 100755 --- a/scripts/abi_check.py +++ b/scripts/abi_check.py @@ -101,7 +101,7 @@ from types import SimpleNamespace import xml.etree.ElementTree as ET -from mbedtls_dev import build_tree +from mbedtls_framework import build_tree class AbiChecker: diff --git a/scripts/code_size_compare.py b/scripts/code_size_compare.py index abd13df240..eefda311a0 100755 --- a/scripts/code_size_compare.py +++ b/scripts/code_size_compare.py @@ -21,9 +21,9 @@ import sys import typing from enum import Enum -from mbedtls_dev import build_tree -from mbedtls_dev import logging_util -from mbedtls_dev import typing_util +from mbedtls_framework import build_tree +from mbedtls_framework import logging_util +from mbedtls_framework import typing_util class SupportedArch(Enum): """Supported architecture for code size measurement.""" diff --git a/scripts/generate_driver_wrappers.py b/scripts/generate_driver_wrappers.py index 624ab81df1..ec79c4e647 100755 --- a/scripts/generate_driver_wrappers.py +++ b/scripts/generate_driver_wrappers.py @@ -17,7 +17,7 @@ from traceback import format_tb import argparse import jsonschema import jinja2 -from mbedtls_dev import build_tree +from mbedtls_framework import build_tree JSONSchema = NewType('JSONSchema', object) # The Driver is an Object, but practically it's indexable and can called a dictionary to diff --git a/scripts/generate_psa_constants.py b/scripts/generate_psa_constants.py index f13b507d0d..119a6325fb 100755 --- a/scripts/generate_psa_constants.py +++ b/scripts/generate_psa_constants.py @@ -17,8 +17,8 @@ file is written: import os import sys -from mbedtls_dev import build_tree -from mbedtls_dev import macro_collector +from mbedtls_framework import build_tree +from mbedtls_framework import macro_collector OUTPUT_TEMPLATE = '''\ /* Automatically generated by generate_psa_constant.py. DO NOT EDIT. */ diff --git a/scripts/generate_ssl_debug_helpers.py b/scripts/generate_ssl_debug_helpers.py index a0544f1537..80d2fc76c0 100755 --- a/scripts/generate_ssl_debug_helpers.py +++ b/scripts/generate_ssl_debug_helpers.py @@ -14,7 +14,7 @@ import re import os import textwrap import argparse -from mbedtls_dev import build_tree +from mbedtls_framework import build_tree def remove_c_comments(string): diff --git a/scripts/min_requirements.py b/scripts/min_requirements.py index 9888abe085..c588a01d85 100755 --- a/scripts/min_requirements.py +++ b/scripts/min_requirements.py @@ -14,7 +14,7 @@ import tempfile import typing from typing import List, Optional -from mbedtls_dev import typing_util +from mbedtls_framework import typing_util def pylint_doesn_t_notice_that_certain_types_are_used_in_annotations( _list: List[typing.Any], diff --git a/tests/CMakeLists.txt b/tests/CMakeLists.txt index 589643a806..ffe3cc85ae 100644 --- a/tests/CMakeLists.txt +++ b/tests/CMakeLists.txt @@ -85,12 +85,12 @@ if(GEN_FILES) --directory ${CMAKE_CURRENT_BINARY_DIR}/suites DEPENDS ${CMAKE_CURRENT_SOURCE_DIR}/../tests/scripts/generate_bignum_tests.py - ${CMAKE_CURRENT_SOURCE_DIR}/../scripts/mbedtls_dev/bignum_common.py - ${CMAKE_CURRENT_SOURCE_DIR}/../scripts/mbedtls_dev/bignum_core.py - ${CMAKE_CURRENT_SOURCE_DIR}/../scripts/mbedtls_dev/bignum_mod_raw.py - ${CMAKE_CURRENT_SOURCE_DIR}/../scripts/mbedtls_dev/bignum_mod.py - ${CMAKE_CURRENT_SOURCE_DIR}/../scripts/mbedtls_dev/test_case.py - ${CMAKE_CURRENT_SOURCE_DIR}/../scripts/mbedtls_dev/test_data_generation.py + ${CMAKE_CURRENT_SOURCE_DIR}/../framework/scripts/mbedtls_framework/bignum_common.py + ${CMAKE_CURRENT_SOURCE_DIR}/../framework/scripts/mbedtls_framework/bignum_core.py + ${CMAKE_CURRENT_SOURCE_DIR}/../framework/scripts/mbedtls_framework/bignum_mod_raw.py + ${CMAKE_CURRENT_SOURCE_DIR}/../framework/scripts/mbedtls_framework/bignum_mod.py + ${CMAKE_CURRENT_SOURCE_DIR}/../framework/scripts/mbedtls_framework/test_case.py + ${CMAKE_CURRENT_SOURCE_DIR}/../framework/scripts/mbedtls_framework/test_data_generation.py ) add_custom_command( OUTPUT @@ -103,10 +103,10 @@ if(GEN_FILES) --directory ${CMAKE_CURRENT_BINARY_DIR}/suites DEPENDS ${CMAKE_CURRENT_SOURCE_DIR}/../tests/scripts/generate_ecp_tests.py - ${CMAKE_CURRENT_SOURCE_DIR}/../scripts/mbedtls_dev/bignum_common.py - ${CMAKE_CURRENT_SOURCE_DIR}/../scripts/mbedtls_dev/ecp.py - ${CMAKE_CURRENT_SOURCE_DIR}/../scripts/mbedtls_dev/test_case.py - ${CMAKE_CURRENT_SOURCE_DIR}/../scripts/mbedtls_dev/test_data_generation.py + ${CMAKE_CURRENT_SOURCE_DIR}/../framework/scripts/mbedtls_framework/bignum_common.py + ${CMAKE_CURRENT_SOURCE_DIR}/../framework/scripts/mbedtls_framework/ecp.py + ${CMAKE_CURRENT_SOURCE_DIR}/../framework/scripts/mbedtls_framework/test_case.py + ${CMAKE_CURRENT_SOURCE_DIR}/../framework/scripts/mbedtls_framework/test_data_generation.py ) add_custom_command( OUTPUT @@ -119,13 +119,13 @@ if(GEN_FILES) --directory ${CMAKE_CURRENT_BINARY_DIR}/suites DEPENDS ${CMAKE_CURRENT_SOURCE_DIR}/../tests/scripts/generate_psa_tests.py - ${CMAKE_CURRENT_SOURCE_DIR}/../scripts/mbedtls_dev/crypto_data_tests.py - ${CMAKE_CURRENT_SOURCE_DIR}/../scripts/mbedtls_dev/crypto_knowledge.py - ${CMAKE_CURRENT_SOURCE_DIR}/../scripts/mbedtls_dev/macro_collector.py - ${CMAKE_CURRENT_SOURCE_DIR}/../scripts/mbedtls_dev/psa_information.py - ${CMAKE_CURRENT_SOURCE_DIR}/../scripts/mbedtls_dev/psa_storage.py - ${CMAKE_CURRENT_SOURCE_DIR}/../scripts/mbedtls_dev/test_case.py - ${CMAKE_CURRENT_SOURCE_DIR}/../scripts/mbedtls_dev/test_data_generation.py + ${CMAKE_CURRENT_SOURCE_DIR}/../framework/scripts/mbedtls_framework/crypto_data_tests.py + ${CMAKE_CURRENT_SOURCE_DIR}/../framework/scripts/mbedtls_framework/crypto_knowledge.py + ${CMAKE_CURRENT_SOURCE_DIR}/../framework/scripts/mbedtls_framework/macro_collector.py + ${CMAKE_CURRENT_SOURCE_DIR}/../framework/scripts/mbedtls_framework/psa_information.py + ${CMAKE_CURRENT_SOURCE_DIR}/../framework/scripts/mbedtls_framework/psa_storage.py + ${CMAKE_CURRENT_SOURCE_DIR}/../framework/scripts/mbedtls_framework/test_case.py + ${CMAKE_CURRENT_SOURCE_DIR}/../framework/scripts/mbedtls_framework/test_data_generation.py ${CMAKE_CURRENT_SOURCE_DIR}/../include/psa/crypto_config.h ${CMAKE_CURRENT_SOURCE_DIR}/../include/psa/crypto_values.h ${CMAKE_CURRENT_SOURCE_DIR}/../include/psa/crypto_extra.h diff --git a/tests/Makefile b/tests/Makefile index 7fb4f357cc..3d7a605ab7 100644 --- a/tests/Makefile +++ b/tests/Makefile @@ -50,35 +50,35 @@ generated_files: $(GENERATED_FILES) src/test_keys.h src/test_certs.h .SECONDARY: generated_bignum_test_data generated_ecp_test_data generated_psa_test_data $(GENERATED_BIGNUM_DATA_FILES): $(gen_file_dep) generated_bignum_test_data generated_bignum_test_data: scripts/generate_bignum_tests.py -generated_bignum_test_data: ../scripts/mbedtls_dev/bignum_common.py -generated_bignum_test_data: ../scripts/mbedtls_dev/bignum_core.py -generated_bignum_test_data: ../scripts/mbedtls_dev/bignum_mod_raw.py -generated_bignum_test_data: ../scripts/mbedtls_dev/bignum_mod.py -generated_bignum_test_data: ../scripts/mbedtls_dev/test_case.py -generated_bignum_test_data: ../scripts/mbedtls_dev/test_data_generation.py +generated_bignum_test_data: ../framework/scripts/mbedtls_framework/bignum_common.py +generated_bignum_test_data: ../framework/scripts/mbedtls_framework/bignum_core.py +generated_bignum_test_data: ../framework/scripts/mbedtls_framework/bignum_mod_raw.py +generated_bignum_test_data: ../framework/scripts/mbedtls_framework/bignum_mod.py +generated_bignum_test_data: ../framework/scripts/mbedtls_framework/test_case.py +generated_bignum_test_data: ../framework/scripts/mbedtls_framework/test_data_generation.py generated_bignum_test_data: echo " Gen $(GENERATED_BIGNUM_DATA_FILES)" $(PYTHON) scripts/generate_bignum_tests.py $(GENERATED_ECP_DATA_FILES): $(gen_file_dep) generated_ecp_test_data generated_ecp_test_data: scripts/generate_ecp_tests.py -generated_ecp_test_data: ../scripts/mbedtls_dev/bignum_common.py -generated_ecp_test_data: ../scripts/mbedtls_dev/ecp.py -generated_ecp_test_data: ../scripts/mbedtls_dev/test_case.py -generated_ecp_test_data: ../scripts/mbedtls_dev/test_data_generation.py +generated_ecp_test_data: ../framework/scripts/mbedtls_framework/bignum_common.py +generated_ecp_test_data: ../framework/scripts/mbedtls_framework/ecp.py +generated_ecp_test_data: ../framework/scripts/mbedtls_framework/test_case.py +generated_ecp_test_data: ../framework/scripts/mbedtls_framework/test_data_generation.py generated_ecp_test_data: echo " Gen $(GENERATED_ECP_DATA_FILES)" $(PYTHON) scripts/generate_ecp_tests.py $(GENERATED_PSA_DATA_FILES): $(gen_file_dep) generated_psa_test_data generated_psa_test_data: scripts/generate_psa_tests.py -generated_psa_test_data: ../scripts/mbedtls_dev/crypto_data_tests.py -generated_psa_test_data: ../scripts/mbedtls_dev/crypto_knowledge.py -generated_psa_test_data: ../scripts/mbedtls_dev/macro_collector.py -generated_psa_test_data: ../scripts/mbedtls_dev/psa_information.py -generated_psa_test_data: ../scripts/mbedtls_dev/psa_storage.py -generated_psa_test_data: ../scripts/mbedtls_dev/test_case.py -generated_psa_test_data: ../scripts/mbedtls_dev/test_data_generation.py +generated_psa_test_data: ../framework/scripts/mbedtls_framework/crypto_data_tests.py +generated_psa_test_data: ../framework/scripts/mbedtls_framework/crypto_knowledge.py +generated_psa_test_data: ../framework/scripts/mbedtls_framework/macro_collector.py +generated_psa_test_data: ../framework/scripts/mbedtls_framework/psa_information.py +generated_psa_test_data: ../framework/scripts/mbedtls_framework/psa_storage.py +generated_psa_test_data: ../framework/scripts/mbedtls_framework/test_case.py +generated_psa_test_data: ../framework/scripts/mbedtls_framework/test_data_generation.py ## The generated file only depends on the options that are present in ## crypto_config.h, not on which options are set. To avoid regenerating this ## file all the time when switching between configurations, don't declare diff --git a/tests/scripts/audit-validity-dates.py b/tests/scripts/audit-validity-dates.py index 96b705a281..44b083dcfc 100755 --- a/tests/scripts/audit-validity-dates.py +++ b/tests/scripts/audit-validity-dates.py @@ -29,8 +29,8 @@ from cryptography import x509 from generate_test_code import FileWrapper import scripts_path # pylint: disable=unused-import -from mbedtls_dev import build_tree -from mbedtls_dev import logging_util +from mbedtls_framework import build_tree +from mbedtls_framework import logging_util def check_cryptography_version(): match = re.match(r'^[0-9]+', cryptography.__version__) diff --git a/tests/scripts/check-python-files.sh b/tests/scripts/check-python-files.sh index 51e80792b0..f3f48538a6 100755 --- a/tests/scripts/check-python-files.sh +++ b/tests/scripts/check-python-files.sh @@ -31,14 +31,14 @@ EOF can_pylint () { # Pylint 1.5.2 from Ubuntu 16.04 is too old: - # E: 34, 0: Unable to import 'mbedtls_dev' (import-error) + # E: 34, 0: Unable to import 'mbedtls_framework' (import-error) # Pylint 1.8.3 from Ubuntu 18.04 passed on the first commit containing this line. check_version pylint 1.8.3 } can_mypy () { # mypy 0.770 is too old: - # tests/scripts/test_psa_constant_names.py:34: error: Cannot find implementation or library stub for module named 'mbedtls_dev' + # tests/scripts/test_psa_constant_names.py:34: error: Cannot find implementation or library stub for module named 'mbedtls_framework' # mypy 0.780 from pip passed on the first commit containing this line. check_version mypy.version 0.780 } @@ -55,7 +55,7 @@ elif [ "$1" = "--can-mypy" ]; then fi echo 'Running pylint ...' -$PYTHON -m pylint scripts/mbedtls_dev/*.py scripts/*.py tests/scripts/*.py || { +$PYTHON -m pylint framework/scripts/mbedtls_framework/*.py scripts/*.py tests/scripts/*.py || { echo >&2 "pylint reported errors" ret=1 } diff --git a/tests/scripts/check_files.py b/tests/scripts/check_files.py index d5a4b921e4..45d7895949 100755 --- a/tests/scripts/check_files.py +++ b/tests/scripts/check_files.py @@ -24,7 +24,7 @@ except ImportError: pass import scripts_path # pylint: disable=unused-import -from mbedtls_dev import build_tree +from mbedtls_framework import build_tree class FileIssueTracker: diff --git a/tests/scripts/check_names.py b/tests/scripts/check_names.py index 9e8ed219a4..5128dc8e0d 100755 --- a/tests/scripts/check_names.py +++ b/tests/scripts/check_names.py @@ -45,7 +45,7 @@ import subprocess import logging import scripts_path # pylint: disable=unused-import -from mbedtls_dev import build_tree +from mbedtls_framework import build_tree # Naming patterns to check against. These are defined outside the NameCheck diff --git a/tests/scripts/generate_bignum_tests.py b/tests/scripts/generate_bignum_tests.py index 8dbb6ed783..b855e91abf 100755 --- a/tests/scripts/generate_bignum_tests.py +++ b/tests/scripts/generate_bignum_tests.py @@ -48,12 +48,12 @@ from abc import ABCMeta from typing import List import scripts_path # pylint: disable=unused-import -from mbedtls_dev import test_data_generation -from mbedtls_dev import bignum_common +from mbedtls_framework import test_data_generation +from mbedtls_framework import bignum_common # Import modules containing additional test classes # Test function classes in these modules will be registered by # the framework -from mbedtls_dev import bignum_core, bignum_mod_raw, bignum_mod # pylint: disable=unused-import +from mbedtls_framework import bignum_core, bignum_mod_raw, bignum_mod # pylint: disable=unused-import class BignumTarget(test_data_generation.BaseTarget): #pylint: disable=too-few-public-methods diff --git a/tests/scripts/generate_ecp_tests.py b/tests/scripts/generate_ecp_tests.py index df1e4696a0..c5281ad02b 100755 --- a/tests/scripts/generate_ecp_tests.py +++ b/tests/scripts/generate_ecp_tests.py @@ -11,11 +11,11 @@ as in generate_bignum_tests.py. import sys import scripts_path # pylint: disable=unused-import -from mbedtls_dev import test_data_generation +from mbedtls_framework import test_data_generation # Import modules containing additional test classes # Test function classes in these modules will be registered by # the framework -from mbedtls_dev import ecp # pylint: disable=unused-import +from mbedtls_framework import ecp # pylint: disable=unused-import if __name__ == '__main__': # Use the section of the docstring relevant to the CLI as description diff --git a/tests/scripts/generate_psa_tests.py b/tests/scripts/generate_psa_tests.py index fd278f8ffc..75d02b9e23 100755 --- a/tests/scripts/generate_psa_tests.py +++ b/tests/scripts/generate_psa_tests.py @@ -14,13 +14,13 @@ import sys from typing import Callable, Dict, FrozenSet, Iterable, Iterator, List, Optional import scripts_path # pylint: disable=unused-import -from mbedtls_dev import crypto_data_tests -from mbedtls_dev import crypto_knowledge -from mbedtls_dev import macro_collector #pylint: disable=unused-import -from mbedtls_dev import psa_information -from mbedtls_dev import psa_storage -from mbedtls_dev import test_case -from mbedtls_dev import test_data_generation +from mbedtls_framework import crypto_data_tests +from mbedtls_framework import crypto_knowledge +from mbedtls_framework import macro_collector #pylint: disable=unused-import +from mbedtls_framework import psa_information +from mbedtls_framework import psa_storage +from mbedtls_framework import test_case +from mbedtls_framework import test_data_generation diff --git a/tests/scripts/generate_psa_wrappers.py b/tests/scripts/generate_psa_wrappers.py index 07d1450ff3..500693bdae 100755 --- a/tests/scripts/generate_psa_wrappers.py +++ b/tests/scripts/generate_psa_wrappers.py @@ -15,10 +15,10 @@ import os from typing import Iterator, List, Optional, Tuple import scripts_path #pylint: disable=unused-import -from mbedtls_dev import build_tree -from mbedtls_dev import c_parsing_helper -from mbedtls_dev import c_wrapper_generator -from mbedtls_dev import typing_util +from mbedtls_framework import build_tree +from mbedtls_framework import c_parsing_helper +from mbedtls_framework import c_wrapper_generator +from mbedtls_framework import typing_util class BufferParameter: diff --git a/tests/scripts/generate_test_cert_macros.py b/tests/scripts/generate_test_cert_macros.py index 07c5b7de2d..14270e0603 100755 --- a/tests/scripts/generate_test_cert_macros.py +++ b/tests/scripts/generate_test_cert_macros.py @@ -14,7 +14,7 @@ import sys import argparse import jinja2 import scripts_path # pylint: disable=unused-import -from mbedtls_dev.build_tree import guess_project_root +from mbedtls_framework.build_tree import guess_project_root TEST_DIR = os.path.join(guess_project_root(), 'tests') DATA_FILES_PATH = os.path.join(TEST_DIR, 'data_files') diff --git a/tests/scripts/generate_test_keys.py b/tests/scripts/generate_test_keys.py index 62b756031f..9946c24976 100755 --- a/tests/scripts/generate_test_keys.py +++ b/tests/scripts/generate_test_keys.py @@ -10,8 +10,8 @@ from typing import Iterator, List, Tuple import re import argparse import scripts_path # pylint: disable=unused-import -from mbedtls_dev.asymmetric_key_data import ASYMMETRIC_KEY_DATA -from mbedtls_dev.build_tree import guess_project_root +from mbedtls_framework.asymmetric_key_data import ASYMMETRIC_KEY_DATA +from mbedtls_framework.build_tree import guess_project_root BYTES_PER_LINE = 16 diff --git a/tests/scripts/test_psa_compliance.py b/tests/scripts/test_psa_compliance.py index 8d70cbca38..f7d18954ca 100755 --- a/tests/scripts/test_psa_compliance.py +++ b/tests/scripts/test_psa_compliance.py @@ -20,7 +20,7 @@ from typing import List #pylint: disable=unused-import import scripts_path -from mbedtls_dev import build_tree +from mbedtls_framework import build_tree # PSA Compliance tests we expect to fail due to known defects in Mbed TLS / # TF-PSA-Crypto (or the test suite). diff --git a/tests/scripts/test_psa_constant_names.py b/tests/scripts/test_psa_constant_names.py index 6883e279fa..86d9e6f2be 100755 --- a/tests/scripts/test_psa_constant_names.py +++ b/tests/scripts/test_psa_constant_names.py @@ -19,9 +19,9 @@ import sys from typing import Iterable, List, Optional, Tuple import scripts_path # pylint: disable=unused-import -from mbedtls_dev import c_build_helper -from mbedtls_dev.macro_collector import InputsForTest, PSAMacroEnumerator -from mbedtls_dev import typing_util +from mbedtls_framework import c_build_helper +from mbedtls_framework.macro_collector import InputsForTest, PSAMacroEnumerator +from mbedtls_framework import typing_util def gather_inputs(headers: Iterable[str], test_suites: Iterable[str], From 875c32fa072fe9eac8b105fa0007d55b5f95eb92 Mon Sep 17 00:00:00 2001 From: David Horstmann Date: Fri, 3 May 2024 14:50:58 +0100 Subject: [PATCH 210/429] Add framework_path module This allows scripts in the scripts/ directory to get the path to the mbedtls_framework module in framework/scripts/ Signed-off-by: David Horstmann --- scripts/abi_check.py | 1 + scripts/code_size_compare.py | 1 + scripts/framework_path.py | 17 +++++++++++++++++ scripts/generate_driver_wrappers.py | 2 ++ scripts/generate_psa_constants.py | 1 + scripts/generate_ssl_debug_helpers.py | 2 ++ scripts/min_requirements.py | 2 ++ 7 files changed, 26 insertions(+) create mode 100644 scripts/framework_path.py diff --git a/scripts/abi_check.py b/scripts/abi_check.py index d3d2bd02f6..5a52d8787d 100755 --- a/scripts/abi_check.py +++ b/scripts/abi_check.py @@ -101,6 +101,7 @@ from types import SimpleNamespace import xml.etree.ElementTree as ET +import framework_path # pylint: disable=unused-import from mbedtls_framework import build_tree diff --git a/scripts/code_size_compare.py b/scripts/code_size_compare.py index eefda311a0..4dede0fa72 100755 --- a/scripts/code_size_compare.py +++ b/scripts/code_size_compare.py @@ -21,6 +21,7 @@ import sys import typing from enum import Enum +import framework_path # pylint: disable=unused-import from mbedtls_framework import build_tree from mbedtls_framework import logging_util from mbedtls_framework import typing_util diff --git a/scripts/framework_path.py b/scripts/framework_path.py new file mode 100644 index 0000000000..2bcf46fff4 --- /dev/null +++ b/scripts/framework_path.py @@ -0,0 +1,17 @@ +"""Add our Python library directory to the module search path. + +Usage: + + import framework_path # pylint: disable=unused-import +""" + +# Copyright The Mbed TLS Contributors +# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later +# + +import os +import sys + +sys.path.append(os.path.join(os.path.dirname(__file__), + os.path.pardir, + 'framework', 'scripts')) diff --git a/scripts/generate_driver_wrappers.py b/scripts/generate_driver_wrappers.py index ec79c4e647..7bcac848a3 100755 --- a/scripts/generate_driver_wrappers.py +++ b/scripts/generate_driver_wrappers.py @@ -17,6 +17,8 @@ from traceback import format_tb import argparse import jsonschema import jinja2 + +import framework_path # pylint: disable=unused-import from mbedtls_framework import build_tree JSONSchema = NewType('JSONSchema', object) diff --git a/scripts/generate_psa_constants.py b/scripts/generate_psa_constants.py index 119a6325fb..b20bae1308 100755 --- a/scripts/generate_psa_constants.py +++ b/scripts/generate_psa_constants.py @@ -17,6 +17,7 @@ file is written: import os import sys +import framework_path # pylint: disable=unused-import from mbedtls_framework import build_tree from mbedtls_framework import macro_collector diff --git a/scripts/generate_ssl_debug_helpers.py b/scripts/generate_ssl_debug_helpers.py index 80d2fc76c0..a6d1b1384d 100755 --- a/scripts/generate_ssl_debug_helpers.py +++ b/scripts/generate_ssl_debug_helpers.py @@ -14,6 +14,8 @@ import re import os import textwrap import argparse + +import framework_path # pylint: disable=unused-import from mbedtls_framework import build_tree diff --git a/scripts/min_requirements.py b/scripts/min_requirements.py index c588a01d85..2172c5d37b 100755 --- a/scripts/min_requirements.py +++ b/scripts/min_requirements.py @@ -14,6 +14,8 @@ import tempfile import typing from typing import List, Optional + +import framework_path # pylint: disable=unused-import from mbedtls_framework import typing_util def pylint_doesn_t_notice_that_certain_types_are_used_in_annotations( From 299e741e8e70373d0a70a48b9d4e0cf9e76eb557 Mon Sep 17 00:00:00 2001 From: David Horstmann Date: Fri, 3 May 2024 16:01:36 +0100 Subject: [PATCH 211/429] Add mbedtls_framework to mypy checks Since this python module resides in the framework submodule we must add an extra explicit path to it for mypy. Signed-off-by: David Horstmann --- tests/scripts/check-python-files.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/scripts/check-python-files.sh b/tests/scripts/check-python-files.sh index f3f48538a6..32b5baf5cd 100755 --- a/tests/scripts/check-python-files.sh +++ b/tests/scripts/check-python-files.sh @@ -62,7 +62,7 @@ $PYTHON -m pylint framework/scripts/mbedtls_framework/*.py scripts/*.py tests/sc echo echo 'Running mypy ...' -$PYTHON -m mypy scripts/*.py tests/scripts/*.py || +$PYTHON -m mypy framework/scripts/mbedtls_framework/*.py scripts/*.py tests/scripts/*.py || ret=1 exit $ret From 6c0e362a820a0207d499028289c2e4a760420f5b Mon Sep 17 00:00:00 2001 From: David Horstmann Date: Fri, 3 May 2024 14:53:17 +0100 Subject: [PATCH 212/429] Update framework submodule to tip of branch This allows us to use the mbedtls_framework python files moved there. Signed-off-by: David Horstmann --- framework | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/framework b/framework index 750634d3a5..7c58bc6c3f 160000 --- a/framework +++ b/framework @@ -1 +1 @@ -Subproject commit 750634d3a51eb9d61b59fd5d801546927c946588 +Subproject commit 7c58bc6c3f1d8dc29883f0d993be3d3ad80c53c3 From ecd6d0102380eb5a8d23fb375ca9a3f1ef57549c Mon Sep 17 00:00:00 2001 From: David Horstmann Date: Fri, 10 May 2024 16:58:31 +0100 Subject: [PATCH 213/429] Rename framework_path to framework_scripts_path This name is more descriptive of its purpose, since it actually adds framework/scripts to the path rather than just framework/ Signed-off-by: David Horstmann --- scripts/abi_check.py | 2 +- scripts/code_size_compare.py | 2 +- scripts/{framework_path.py => framework_scripts_path.py} | 2 +- scripts/generate_driver_wrappers.py | 2 +- scripts/generate_psa_constants.py | 2 +- scripts/generate_ssl_debug_helpers.py | 2 +- scripts/min_requirements.py | 2 +- 7 files changed, 7 insertions(+), 7 deletions(-) rename scripts/{framework_path.py => framework_scripts_path.py} (84%) diff --git a/scripts/abi_check.py b/scripts/abi_check.py index 5a52d8787d..ec0d4730df 100755 --- a/scripts/abi_check.py +++ b/scripts/abi_check.py @@ -101,7 +101,7 @@ from types import SimpleNamespace import xml.etree.ElementTree as ET -import framework_path # pylint: disable=unused-import +import framework_scripts_path # pylint: disable=unused-import from mbedtls_framework import build_tree diff --git a/scripts/code_size_compare.py b/scripts/code_size_compare.py index 4dede0fa72..50749b6a8b 100755 --- a/scripts/code_size_compare.py +++ b/scripts/code_size_compare.py @@ -21,7 +21,7 @@ import sys import typing from enum import Enum -import framework_path # pylint: disable=unused-import +import framework_scripts_path # pylint: disable=unused-import from mbedtls_framework import build_tree from mbedtls_framework import logging_util from mbedtls_framework import typing_util diff --git a/scripts/framework_path.py b/scripts/framework_scripts_path.py similarity index 84% rename from scripts/framework_path.py rename to scripts/framework_scripts_path.py index 2bcf46fff4..4d4a440c23 100644 --- a/scripts/framework_path.py +++ b/scripts/framework_scripts_path.py @@ -2,7 +2,7 @@ Usage: - import framework_path # pylint: disable=unused-import + import framework_scripts_path # pylint: disable=unused-import """ # Copyright The Mbed TLS Contributors diff --git a/scripts/generate_driver_wrappers.py b/scripts/generate_driver_wrappers.py index 7bcac848a3..0f0c8c7be1 100755 --- a/scripts/generate_driver_wrappers.py +++ b/scripts/generate_driver_wrappers.py @@ -18,7 +18,7 @@ import argparse import jsonschema import jinja2 -import framework_path # pylint: disable=unused-import +import framework_scripts_path # pylint: disable=unused-import from mbedtls_framework import build_tree JSONSchema = NewType('JSONSchema', object) diff --git a/scripts/generate_psa_constants.py b/scripts/generate_psa_constants.py index b20bae1308..d57d46a299 100755 --- a/scripts/generate_psa_constants.py +++ b/scripts/generate_psa_constants.py @@ -17,7 +17,7 @@ file is written: import os import sys -import framework_path # pylint: disable=unused-import +import framework_scripts_path # pylint: disable=unused-import from mbedtls_framework import build_tree from mbedtls_framework import macro_collector diff --git a/scripts/generate_ssl_debug_helpers.py b/scripts/generate_ssl_debug_helpers.py index a6d1b1384d..9d0addd462 100755 --- a/scripts/generate_ssl_debug_helpers.py +++ b/scripts/generate_ssl_debug_helpers.py @@ -15,7 +15,7 @@ import os import textwrap import argparse -import framework_path # pylint: disable=unused-import +import framework_scripts_path # pylint: disable=unused-import from mbedtls_framework import build_tree diff --git a/scripts/min_requirements.py b/scripts/min_requirements.py index 2172c5d37b..b36f906622 100755 --- a/scripts/min_requirements.py +++ b/scripts/min_requirements.py @@ -15,7 +15,7 @@ import typing from typing import List, Optional -import framework_path # pylint: disable=unused-import +import framework_scripts_path # pylint: disable=unused-import from mbedtls_framework import typing_util def pylint_doesn_t_notice_that_certain_types_are_used_in_annotations( From f9f3d21a675be03f7e875ef7f6b2f0b96b882880 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 13 May 2024 21:06:26 +0200 Subject: [PATCH 214/429] Fix PSK invocation: GnuTLS PSK length (more) Replace more sample PSK by longer (GnuTLS-compatible) strings, taking care of keeping distinct PSK distinct for wrong-PSK tests. Signed-off-by: Gilles Peskine --- tests/ssl-opt.sh | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 50798d36ce..134d319f73 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -10207,7 +10207,7 @@ run_test "DTLS client auth: none, client has no cert" \ run_test "DTLS wrong PSK: badmac alert" \ "$P_SRV dtls=1 psk=73776f726466697368 force_ciphersuite=TLS-PSK-WITH-AES-128-GCM-SHA256" \ - "$P_CLI dtls=1 psk=abc124" \ + "$P_CLI dtls=1 psk=73776f726466697374" \ 1 \ -s "SSL - Verification of the message MAC failed" \ -c "SSL - A fatal alert message was received from our peer" @@ -14123,8 +14123,8 @@ requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED run_test "TLS 1.3: no HRR in case of PSK key exchange mode" \ - "$P_SRV nbio=2 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk groups=none" \ - "$P_CLI nbio=2 debug_level=3 psk=010203 psk_identity=0a0b0c tls13_kex_modes=all" \ + "$P_SRV nbio=2 psk=73776f726466697368 psk_identity=0a0b0c tls13_kex_modes=psk groups=none" \ + "$P_CLI nbio=2 debug_level=3 psk=73776f726466697368 psk_identity=0a0b0c tls13_kex_modes=all" \ 0 \ -C "received HelloRetryRequest message" \ -c "Selected key exchange mode: psk$" \ From d9c7be775e79e1dc762263aad6ebcd0a64fe3de8 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 13 May 2024 21:17:35 +0200 Subject: [PATCH 215/429] Explicitly use TLS 1.2 on <=1.2-specific keyUsage/extKeyusage tests Signed-off-by: Gilles Peskine --- tests/ssl-opt.sh | 22 +++++++++++----------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 134d319f73..375073d5a5 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -7837,7 +7837,7 @@ run_test "keyUsage cli 1.3: KeyAgreement, ECDSA: fail" \ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "keyUsage cli-auth: RSA, DigitalSignature: OK" \ "$P_SRV debug_level=1 auth_mode=optional" \ - "$O_CLI -key data_files/server2.key \ + "$O_CLI -tls1_2 -key data_files/server2.key \ -cert data_files/server2.ku-ds.crt" \ 0 \ -s "Verifying peer X.509 certificate... ok" \ @@ -7847,7 +7847,7 @@ run_test "keyUsage cli-auth: RSA, DigitalSignature: OK" \ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "keyUsage cli-auth: RSA, KeyEncipherment: fail (soft)" \ "$P_SRV debug_level=1 auth_mode=optional" \ - "$O_CLI -key data_files/server2.key \ + "$O_CLI -tls1_2 -key data_files/server2.key \ -cert data_files/server2.ku-ke.crt" \ 0 \ -s "bad certificate (usage extensions)" \ @@ -7856,7 +7856,7 @@ run_test "keyUsage cli-auth: RSA, KeyEncipherment: fail (soft)" \ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "keyUsage cli-auth: RSA, KeyEncipherment: fail (hard)" \ "$P_SRV debug_level=1 force_version=tls12 auth_mode=required" \ - "$O_CLI -key data_files/server2.key \ + "$O_CLI -tls1_2 -key data_files/server2.key \ -cert data_files/server2.ku-ke.crt" \ 1 \ -s "bad certificate (usage extensions)" \ @@ -7865,7 +7865,7 @@ run_test "keyUsage cli-auth: RSA, KeyEncipherment: fail (hard)" \ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "keyUsage cli-auth: ECDSA, DigitalSignature: OK" \ "$P_SRV debug_level=1 auth_mode=optional" \ - "$O_CLI -key data_files/server5.key \ + "$O_CLI -tls1_2 -key data_files/server5.key \ -cert data_files/server5.ku-ds.crt" \ 0 \ -s "Verifying peer X.509 certificate... ok" \ @@ -7875,7 +7875,7 @@ run_test "keyUsage cli-auth: ECDSA, DigitalSignature: OK" \ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "keyUsage cli-auth: ECDSA, KeyAgreement: fail (soft)" \ "$P_SRV debug_level=1 auth_mode=optional" \ - "$O_CLI -key data_files/server5.key \ + "$O_CLI -tls1_2 -key data_files/server5.key \ -cert data_files/server5.ku-ka.crt" \ 0 \ -s "bad certificate (usage extensions)" \ @@ -8052,7 +8052,7 @@ run_test "extKeyUsage cli 1.3: codeSign -> fail" \ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "extKeyUsage cli-auth: clientAuth -> OK" \ "$P_SRV debug_level=1 auth_mode=optional" \ - "$O_CLI -key data_files/server5.key \ + "$O_CLI -tls1_2 -key data_files/server5.key \ -cert data_files/server5.eku-cli.crt" \ 0 \ -S "bad certificate (usage extensions)" \ @@ -8061,7 +8061,7 @@ run_test "extKeyUsage cli-auth: clientAuth -> OK" \ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "extKeyUsage cli-auth: serverAuth,clientAuth -> OK" \ "$P_SRV debug_level=1 auth_mode=optional" \ - "$O_CLI -key data_files/server5.key \ + "$O_CLI -tls1_2 -key data_files/server5.key \ -cert data_files/server5.eku-srv_cli.crt" \ 0 \ -S "bad certificate (usage extensions)" \ @@ -8070,7 +8070,7 @@ run_test "extKeyUsage cli-auth: serverAuth,clientAuth -> OK" \ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "extKeyUsage cli-auth: codeSign,anyEKU -> OK" \ "$P_SRV debug_level=1 auth_mode=optional" \ - "$O_CLI -key data_files/server5.key \ + "$O_CLI -tls1_2 -key data_files/server5.key \ -cert data_files/server5.eku-cs_any.crt" \ 0 \ -S "bad certificate (usage extensions)" \ @@ -8079,7 +8079,7 @@ run_test "extKeyUsage cli-auth: codeSign,anyEKU -> OK" \ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "extKeyUsage cli-auth: codeSign -> fail (soft)" \ "$P_SRV debug_level=1 auth_mode=optional" \ - "$O_CLI -key data_files/server5.key \ + "$O_CLI -tls1_2 -key data_files/server5.key \ -cert data_files/server5.eku-cs.crt" \ 0 \ -s "bad certificate (usage extensions)" \ @@ -8087,8 +8087,8 @@ run_test "extKeyUsage cli-auth: codeSign -> fail (soft)" \ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "extKeyUsage cli-auth: codeSign -> fail (hard)" \ - "$P_SRV debug_level=1 force_version=tls12 auth_mode=required" \ - "$O_CLI -key data_files/server5.key \ + "$P_SRV debug_level=1 auth_mode=required" \ + "$O_CLI -tls1_2 -key data_files/server5.key \ -cert data_files/server5.eku-cs.crt" \ 1 \ -s "bad certificate (usage extensions)" \ From f5a30afdae2191416baf5f03776e1285085531cc Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 13 May 2024 21:18:28 +0200 Subject: [PATCH 216/429] Remove redundant RSA dependency Signed-off-by: Gilles Peskine --- tests/ssl-opt.sh | 1 - 1 file changed, 1 deletion(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 375073d5a5..f21cfc9b81 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -2732,7 +2732,6 @@ run_test "Context-specific CRT verification callback" \ # Tests for SHA-1 support requires_hash_alg SHA_1 -requires_config_enabled MBEDTLS_RSA_C run_test "SHA-1 forbidden by default in server certificate" \ "$P_SRV key_file=data_files/server2.key crt_file=data_files/server2.crt" \ "$P_CLI debug_level=2 force_version=tls12 allow_sha1=0" \ From fc73aa02b0b0fdd9d7fe5b1daaaa6cbdb7b70c15 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 13 May 2024 21:18:41 +0200 Subject: [PATCH 217/429] Add missing dependency that isn't autodetected Signed-off-by: Gilles Peskine --- tests/ssl-opt.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index f21cfc9b81..f4c7f6d49f 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -9127,6 +9127,7 @@ run_test "ClientHello without extensions: RSA" \ -S "Ciphersuite is .*-EC.*" \ -s "dumping 'client hello extensions' (0 bytes)" +requires_config_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED requires_gnutls run_test "ClientHello without extensions: PSK" \ "$P_SRV force_version=tls12 debug_level=3 psk=73776f726466697368" \ From f57afd5acd9e9ec3bbbe9834b66b2510b76aae46 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Tue, 14 May 2024 10:39:20 +0200 Subject: [PATCH 218/429] all.sh: improvements - add quotes to the $@ parameter in helper_crypto_client_build() - instead of copying mbedtls_config.h to build static libraries, we rely on the already existing backup/cleanup mechanism which is available in all.sh. Signed-off-by: Valerio Setti --- tests/scripts/all.sh | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 2f4ee25e81..fbe9523caf 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -951,8 +951,6 @@ helper_crypto_client_build() { shift TARGET_LIB=libpsa$TARGET - cp $CONFIG_H $CONFIG_H.bak - if [ "$TARGET" == "client" ]; then scripts/config.py full scripts/config.py unset MBEDTLS_PSA_CRYPTO_C @@ -978,10 +976,12 @@ helper_crypto_client_build() { scripts/config.py unset MBEDTLS_PLATFORM_NV_SEED_ALT fi - make -C tests/psa-client-server/psasim/ CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS" $TARGET_LIB $@ + make -C tests/psa-client-server/psasim/ CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS" $TARGET_LIB "$@" - rm $CONFIG_H - mv $CONFIG_H.bak $CONFIG_H + # cleanup() will restore some backed-up files which include $CONFIG_H and + # $CRYPTO_CONFIG_H. Built libraries were already copied to psasim at this + # point. + cleanup } ################################################################ From dce6b85af846b8e23df4511a366f0d689a0d609a Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Tue, 14 May 2024 10:43:14 +0200 Subject: [PATCH 219/429] psa_ff_client: fix typos and useless blank lines Signed-off-by: Valerio Setti --- .../psasim/src/psa_ff_client.c | 122 +++++++++--------- 1 file changed, 58 insertions(+), 64 deletions(-) diff --git a/tests/psa-client-server/psasim/src/psa_ff_client.c b/tests/psa-client-server/psasim/src/psa_ff_client.c index bc2989ffae..21a43b39dd 100644 --- a/tests/psa-client-server/psasim/src/psa_ff_client.c +++ b/tests/psa-client-server/psasim/src/psa_ff_client.c @@ -67,7 +67,6 @@ static int handle_is_valid(psa_handle_t handle) static int get_queue_info(char *path, int *cqid, int *sqid) { - key_t server_queue_key; int rx_qid, server_qid; @@ -97,7 +96,6 @@ static int get_queue_info(char *path, int *cqid, int *sqid) static psa_status_t process_response(int rx_qid, vectors_t *vecs, int type, int *internal_server_qid) { - struct message response, request; psa_status_t ret = PSA_ERROR_CONNECTION_REFUSED; size_t invec_seek[4] = { 0 }; @@ -111,13 +109,13 @@ static psa_status_t process_response(int rx_qid, vectors_t *vecs, int type, invec = 0; outvec = 0; - // read response from server + /* read response from server */ if (msgrcv(rx_qid, &response, sizeof(struct message_text), 0, 0) == -1) { ERROR(" msgrcv failed"); return ret; } - // process return message from server + /* process return message from server */ switch (response.message_type) { case PSA_REPLY: memcpy(&ret, response.message_text.buf, sizeof(psa_status_t)); @@ -209,66 +207,64 @@ static psa_status_t process_response(int rx_qid, vectors_t *vecs, int type, static psa_status_t send(int rx_qid, int server_qid, int *internal_server_qid, int32_t type, uint32_t minor_version, vectors_t *vecs) { - { - psa_status_t ret = PSA_ERROR_CONNECTION_REFUSED; - size_t request_msg_size = (sizeof(int) + sizeof(long)); /* msg type plus queue id */ - struct message request; - request.message_type = 1; /* TODO: change this */ - request.message_text.psa_type = type; - vector_sizes_t vec_sizes; + psa_status_t ret = PSA_ERROR_CONNECTION_REFUSED; + size_t request_msg_size = (sizeof(int) + sizeof(long)); /* msg type plus queue id */ + struct message request; + request.message_type = 1; /* TODO: change this */ + request.message_text.psa_type = type; + vector_sizes_t vec_sizes; - /* If the client is non-secure then set the NS bit */ - if (__psa_ff_client_security_state != 0) { - request.message_type |= NON_SECURE; - } - - assert(request.message_type >= 0); - - INFO("SEND: Sending message of type %ld with psa_type %d", request.message_type, type); - INFO(" internal_server_qid = %i", *internal_server_qid); - - request.message_text.qid = rx_qid; - - if (type == PSA_IPC_CONNECT) { - memcpy(request.message_text.buf, &minor_version, sizeof(minor_version)); - request_msg_size = request_msg_size + sizeof(minor_version); - INFO(" Request msg size is %lu", request_msg_size); - } else { - assert(internal_server_qid > 0); - } - - if (vecs != NULL && type >= PSA_IPC_CALL) { - - memset(&vec_sizes, 0, sizeof(vec_sizes)); - - /* Copy invec sizes */ - for (size_t i = 0; i < (vecs->in_len); i++) { - vec_sizes.invec_sizes[i] = vecs->in_vec[i].len; - INFO(" Client sending vector %lu: %lu", i, vec_sizes.invec_sizes[i]); - } - - /* Copy outvec sizes */ - for (size_t i = 0; i < (vecs->out_len); i++) { - vec_sizes.outvec_sizes[i] = vecs->out_vec[i].len; - - /* Reset to 0 since we need to eventually fill in with bytes written */ - vecs->out_vec[i].len = 0; - } - - memcpy(request.message_text.buf, &vec_sizes, sizeof(vec_sizes)); - request_msg_size = request_msg_size + sizeof(vec_sizes); - } - - INFO(" Sending and then waiting"); - - // send message to server - if (msgsnd(server_qid, &request, request_msg_size, 0) == -1) { - ERROR(" msgsnd failed"); - return ret; - } - - return process_response(rx_qid, vecs, type, internal_server_qid); + /* If the client is non-secure then set the NS bit */ + if (__psa_ff_client_security_state != 0) { + request.message_type |= NON_SECURE; } + + assert(request.message_type >= 0); + + INFO("SEND: Sending message of type %ld with psa_type %d", request.message_type, type); + INFO(" internal_server_qid = %i", *internal_server_qid); + + request.message_text.qid = rx_qid; + + if (type == PSA_IPC_CONNECT) { + memcpy(request.message_text.buf, &minor_version, sizeof(minor_version)); + request_msg_size = request_msg_size + sizeof(minor_version); + INFO(" Request msg size is %lu", request_msg_size); + } else { + assert(internal_server_qid > 0); + } + + if (vecs != NULL && type >= PSA_IPC_CALL) { + + memset(&vec_sizes, 0, sizeof(vec_sizes)); + + /* Copy invec sizes */ + for (size_t i = 0; i < (vecs->in_len); i++) { + vec_sizes.invec_sizes[i] = vecs->in_vec[i].len; + INFO(" Client sending vector %lu: %lu", i, vec_sizes.invec_sizes[i]); + } + + /* Copy outvec sizes */ + for (size_t i = 0; i < (vecs->out_len); i++) { + vec_sizes.outvec_sizes[i] = vecs->out_vec[i].len; + + /* Reset to 0 since we need to eventually fill in with bytes written */ + vecs->out_vec[i].len = 0; + } + + memcpy(request.message_text.buf, &vec_sizes, sizeof(vec_sizes)); + request_msg_size = request_msg_size + sizeof(vec_sizes); + } + + INFO(" Sending and then waiting"); + + /* send message to server */ + if (msgsnd(server_qid, &request, request_msg_size, 0) == -1) { + ERROR(" msgsnd failed"); + return ret; + } + + return process_response(rx_qid, vecs, type, internal_server_qid); } @@ -279,7 +275,6 @@ uint32_t psa_framework_version(void) psa_handle_t psa_connect(uint32_t sid, uint32_t minor_version) { - int idx; psa_status_t ret; char pathname[PATHNAMESIZE] = { 0 }; @@ -355,7 +350,6 @@ psa_status_t psa_call(psa_handle_t handle, psa_outvec *out_vec, size_t out_len) { - handle_is_valid(handle); if ((in_len + out_len) > PSA_MAX_IOVEC) { From 87d99fbd6cfe08e64f029c6857e614f5c38e3fa5 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Tue, 14 May 2024 10:57:35 +0200 Subject: [PATCH 220/429] psasim: create a seedfile to be used for the crypto server This allows to re-enable MBEDTLS_ENTROPY_NV_SEED since the seedfile is correctly found in the "test" folder at runtime. Signed-off-by: Valerio Setti --- tests/psa-client-server/psasim/Makefile | 6 +++++- tests/scripts/all.sh | 6 ------ 2 files changed, 5 insertions(+), 7 deletions(-) diff --git a/tests/psa-client-server/psasim/Makefile b/tests/psa-client-server/psasim/Makefile index 01e3486b65..396f5ad3f0 100644 --- a/tests/psa-client-server/psasim/Makefile +++ b/tests/psa-client-server/psasim/Makefile @@ -29,10 +29,13 @@ PSA_SERVER_SRC = $(PARTITION_SERVER_BOOTSTRAP) \ all: $(TEST_BIN) +test/seedfile: + dd if=/dev/urandom of=./test/seedfile bs=64 count=1 + test/psa_client: $(PSA_CLIENT_SRC) $(GENERATED_H_FILES) $(CC) $(COMMON_INCLUDE) $(CFLAGS) $(PSA_CLIENT_SRC) $(LIBPSACLIENT) $(LDFLAGS) -o $@ -test/psa_partition: $(PSA_SERVER_SRC) $(GENERATED_H_FILES) +test/psa_partition: $(PSA_SERVER_SRC) $(GENERATED_H_FILES) test/seedfile $(CC) $(COMMON_INCLUDE) $(CFLAGS) $(PSA_SERVER_SRC) $(LIBPSASERVER) $(LDFLAGS) -o $@ $(PARTITION_SERVER_BOOTSTRAP) $(GENERATED_H_FILES): src/manifest.json src/server.c @@ -56,4 +59,5 @@ clean: rm -rf include/psa_manifest rm -f test/psa_service_* test/psa_notify_* rm -r test/*.log + rm test/seedfile diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index fbe9523caf..6ce0fa9088 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -968,12 +968,6 @@ helper_crypto_client_build() { scripts/config.py crypto_full scripts/config.py unset MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS scripts/config.py set MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER - # scripts/config.py set MBEDTLS_PSA_CRYPTO_SPM - # Disable NV_SEED as the MBEDTLS_PLATFORM_STD_NV_SEED_FILE is not in - # right path for mbedtls_platform_std_nv_seed_read(). Just rely on - # mbedtls_platform_entropy_poll() as entropy source(). - scripts/config.py unset MBEDTLS_ENTROPY_NV_SEED - scripts/config.py unset MBEDTLS_PLATFORM_NV_SEED_ALT fi make -C tests/psa-client-server/psasim/ CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS" $TARGET_LIB "$@" From 5f2595a018b3cad05ac12d8e02f3e4411878dc98 Mon Sep 17 00:00:00 2001 From: Thomas Daubney Date: Tue, 14 May 2024 16:09:34 +0100 Subject: [PATCH 221/429] Remove non- _use_psa versions of components Signed-off-by: Thomas Daubney --- tests/scripts/all.sh | 83 -------------------------------------------- 1 file changed, 83 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index deb13b71fc..ee28109877 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -1868,33 +1868,6 @@ component_test_full_no_bignum () { make test } -component_test_tls1_2_default_stream_cipher_only () { - msg "build: default with only stream cipher" - - # Disable AEAD (controlled by the presence of one of GCM_C, CCM_C, CHACHAPOLY_C - scripts/config.py unset MBEDTLS_GCM_C - scripts/config.py unset MBEDTLS_CCM_C - scripts/config.py unset MBEDTLS_CHACHAPOLY_C - #Disable TLS 1.3 (as no AEAD) - scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3 - # Disable CBC-legacy (controlled by MBEDTLS_CIPHER_MODE_CBC plus at least one block cipher (AES, ARIA, Camellia, DES)) - scripts/config.py unset MBEDTLS_CIPHER_MODE_CBC - # Disable CBC-EtM (controlled by the same as CBC-legacy plus MBEDTLS_SSL_ENCRYPT_THEN_MAC) - scripts/config.py unset MBEDTLS_SSL_ENCRYPT_THEN_MAC - # Enable stream (currently that's just the NULL pseudo-cipher (controlled by MBEDTLS_CIPHER_NULL_CIPHER)) - scripts/config.py set MBEDTLS_CIPHER_NULL_CIPHER - # Modules that depend on AEAD - scripts/config.py unset MBEDTLS_SSL_CONTEXT_SERIALIZATION - scripts/config.py unset MBEDTLS_SSL_TICKET_C - - make - - msg "test: default with only stream cipher" - make test - - # Not running ssl-opt.sh because most tests require a non-NULL ciphersuite. -} - component_test_tls1_2_default_stream_cipher_only_use_psa () { msg "build: default with only stream cipher use psa" @@ -1932,34 +1905,6 @@ component_test_tls1_2_default_stream_cipher_only_use_psa () { # Not running ssl-opt.sh because most tests require a non-NULL ciphersuite. } -component_test_tls1_2_default_cbc_legacy_cipher_only () { - msg "build: default with only CBC-legacy cipher" - - # Disable AEAD (controlled by the presence of one of GCM_C, CCM_C, CHACHAPOLY_C) - scripts/config.py unset MBEDTLS_GCM_C - scripts/config.py unset MBEDTLS_CCM_C - scripts/config.py unset MBEDTLS_CHACHAPOLY_C - #Disable TLS 1.3 (as no AEAD) - scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3 - # Enable CBC-legacy (controlled by MBEDTLS_CIPHER_MODE_CBC plus at least one block cipher (AES, ARIA, Camellia, DES)) - scripts/config.py set MBEDTLS_CIPHER_MODE_CBC - # Disable CBC-EtM (controlled by the same as CBC-legacy plus MBEDTLS_SSL_ENCRYPT_THEN_MAC) - scripts/config.py unset MBEDTLS_SSL_ENCRYPT_THEN_MAC - # Disable stream (currently that's just the NULL pseudo-cipher (controlled by MBEDTLS_CIPHER_NULL_CIPHER)) - scripts/config.py unset MBEDTLS_CIPHER_NULL_CIPHER - # Modules that depend on AEAD - scripts/config.py unset MBEDTLS_SSL_CONTEXT_SERIALIZATION - scripts/config.py unset MBEDTLS_SSL_TICKET_C - - make - - msg "test: default with only CBC-legacy cipher" - make test - - msg "test: default with only CBC-legacy cipher - ssl-opt.sh (subset)" - tests/ssl-opt.sh -f "TLS 1.2" -} - component_test_tls1_2_deafult_cbc_legacy_cipher_only_use_psa () { msg "build: default with only CBC-legacy cipher use psa" @@ -1998,34 +1943,6 @@ component_test_tls1_2_deafult_cbc_legacy_cipher_only_use_psa () { tests/ssl-opt.sh -f "TLS 1.2" } -component_test_tls1_2_default_cbc_legacy_cbc_etm_cipher_only () { - msg "build: default with only CBC-legacy and CBC-EtM ciphers" - - # Disable AEAD (controlled by the presence of one of GCM_C, CCM_C, CHACHAPOLY_C) - scripts/config.py unset MBEDTLS_GCM_C - scripts/config.py unset MBEDTLS_CCM_C - scripts/config.py unset MBEDTLS_CHACHAPOLY_C - #Disable TLS 1.3 (as no AEAD) - scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3 - # Enable CBC-legacy (controlled by MBEDTLS_CIPHER_MODE_CBC plus at least one block cipher (AES, ARIA, Camellia, DES)) - scripts/config.py set MBEDTLS_CIPHER_MODE_CBC - # Enable CBC-EtM (controlled by the same as CBC-legacy plus MBEDTLS_SSL_ENCRYPT_THEN_MAC) - scripts/config.py set MBEDTLS_SSL_ENCRYPT_THEN_MAC - # Disable stream (currently that's just the NULL pseudo-cipher (controlled by MBEDTLS_CIPHER_NULL_CIPHER)) - scripts/config.py unset MBEDTLS_CIPHER_NULL_CIPHER - # Modules that depend on AEAD - scripts/config.py unset MBEDTLS_SSL_CONTEXT_SERIALIZATION - scripts/config.py unset MBEDTLS_SSL_TICKET_C - - make - - msg "test: default with only CBC-legacy and CBC-EtM ciphers" - make test - - msg "test: default with only CBC-legacy and CBC-EtM ciphers - ssl-opt.sh (subset)" - tests/ssl-opt.sh -f "TLS 1.2" -} - component_test_tls1_2_default_cbc_legacy_cbc_etm_cipher_only_use_psa () { msg "build: default with only CBC-legacy and CBC-EtM ciphers use psa" From b7c624ddd8c71ccfc3dc2806120918eddf15e385 Mon Sep 17 00:00:00 2001 From: Thomas Daubney Date: Tue, 14 May 2024 16:11:00 +0100 Subject: [PATCH 222/429] Remove _use_psa suffix from remaining components Signed-off-by: Thomas Daubney --- tests/scripts/all.sh | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index ee28109877..65b36839d8 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -1868,7 +1868,7 @@ component_test_full_no_bignum () { make test } -component_test_tls1_2_default_stream_cipher_only_use_psa () { +component_test_tls1_2_default_stream_cipher_only () { msg "build: default with only stream cipher use psa" scripts/config.py set MBEDTLS_USE_PSA_CRYPTO @@ -1905,7 +1905,7 @@ component_test_tls1_2_default_stream_cipher_only_use_psa () { # Not running ssl-opt.sh because most tests require a non-NULL ciphersuite. } -component_test_tls1_2_deafult_cbc_legacy_cipher_only_use_psa () { +component_test_tls1_2_deafult_cbc_legacy_cipher_only () { msg "build: default with only CBC-legacy cipher use psa" scripts/config.py set MBEDTLS_USE_PSA_CRYPTO @@ -1943,7 +1943,7 @@ component_test_tls1_2_deafult_cbc_legacy_cipher_only_use_psa () { tests/ssl-opt.sh -f "TLS 1.2" } -component_test_tls1_2_default_cbc_legacy_cbc_etm_cipher_only_use_psa () { +component_test_tls1_2_default_cbc_legacy_cbc_etm_cipher_only () { msg "build: default with only CBC-legacy and CBC-EtM ciphers use psa" scripts/config.py set MBEDTLS_USE_PSA_CRYPTO From 69ca57eadca9138771dd5264d1ed13d845fe0292 Mon Sep 17 00:00:00 2001 From: Thomas Daubney Date: Tue, 14 May 2024 16:29:23 +0100 Subject: [PATCH 223/429] Fix typo Signed-off-by: Thomas Daubney --- tests/scripts/all.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 65b36839d8..a68f598697 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -1905,7 +1905,7 @@ component_test_tls1_2_default_stream_cipher_only () { # Not running ssl-opt.sh because most tests require a non-NULL ciphersuite. } -component_test_tls1_2_deafult_cbc_legacy_cipher_only () { +component_test_tls1_2_default_cbc_legacy_cipher_only () { msg "build: default with only CBC-legacy cipher use psa" scripts/config.py set MBEDTLS_USE_PSA_CRYPTO From 5da4b7d8da8d944990f7710dcc8e8506e1625e00 Mon Sep 17 00:00:00 2001 From: Patrick Wildt Date: Wed, 15 May 2024 18:22:17 +0000 Subject: [PATCH 224/429] Silence gcc 12.2.0 warning Unfortunately this compiler complains about a variable potentially being used un-initialized. Silence the warning by initializing it to a sane default. Signed-off-by: Patrick Wildt --- library/psa_crypto_cipher.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/psa_crypto_cipher.c b/library/psa_crypto_cipher.c index 881d673cc0..3216c94898 100644 --- a/library/psa_crypto_cipher.c +++ b/library/psa_crypto_cipher.c @@ -263,7 +263,7 @@ const mbedtls_cipher_info_t *mbedtls_cipher_info_from_psa( { mbedtls_cipher_mode_t mode; psa_status_t status; - mbedtls_cipher_id_t cipher_id_tmp; + mbedtls_cipher_id_t cipher_id_tmp = MBEDTLS_CIPHER_ID_NONE; status = mbedtls_cipher_values_from_psa(alg, key_type, &key_bits, &mode, &cipher_id_tmp); if (status != PSA_SUCCESS) { From 885ea8db8f04cdc4237a220ed3ad3f05909e3e87 Mon Sep 17 00:00:00 2001 From: Ryan Everett Date: Wed, 24 Apr 2024 16:34:14 +0100 Subject: [PATCH 225/429] Add a crypto config file for config-thread This file consists of PSA symbols which are defined if and only if the original config was set Signed-off-by: Ryan Everett --- configs/config-thread.h | 12 ++++----- configs/crypto-config-thread.h | 46 ++++++++++++++++++++++++++++++++++ 2 files changed, 51 insertions(+), 7 deletions(-) create mode 100644 configs/crypto-config-thread.h diff --git a/configs/config-thread.h b/configs/config-thread.h index 2f81f90078..e696583b38 100644 --- a/configs/config-thread.h +++ b/configs/config-thread.h @@ -17,15 +17,19 @@ * - no X.509 * - support for experimental EC J-PAKE key exchange * + * To be used in conjunction with configs/crypto-config-thread.h. * See README.txt for usage instructions. */ +#define MBEDTLS_PSA_CRYPTO_CONFIG_FILE "../configs/crypto-config-thread.h" + +#define MBEDTLS_PSA_CRYPTO_CONFIG + /* System support */ #define MBEDTLS_HAVE_ASM /* Mbed TLS feature support */ #define MBEDTLS_AES_ROM_TABLES -#define MBEDTLS_ECP_DP_SECP256R1_ENABLED #define MBEDTLS_ECP_NIST_OPTIM #define MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED #define MBEDTLS_SSL_MAX_FRAGMENT_LENGTH @@ -35,23 +39,17 @@ #define MBEDTLS_SSL_DTLS_HELLO_VERIFY /* Mbed TLS modules */ -#define MBEDTLS_AES_C #define MBEDTLS_ASN1_PARSE_C #define MBEDTLS_ASN1_WRITE_C #define MBEDTLS_BIGNUM_C -#define MBEDTLS_CCM_C #define MBEDTLS_CIPHER_C #define MBEDTLS_CTR_DRBG_C -#define MBEDTLS_CMAC_C -#define MBEDTLS_ECJPAKE_C -#define MBEDTLS_ECP_C #define MBEDTLS_ENTROPY_C #define MBEDTLS_HMAC_DRBG_C #define MBEDTLS_MD_C #define MBEDTLS_OID_C #define MBEDTLS_PK_C #define MBEDTLS_PK_PARSE_C -#define MBEDTLS_SHA256_C #define MBEDTLS_SSL_COOKIE_C #define MBEDTLS_SSL_CLI_C #define MBEDTLS_SSL_SRV_C diff --git a/configs/crypto-config-thread.h b/configs/crypto-config-thread.h new file mode 100644 index 0000000000..7ea66da318 --- /dev/null +++ b/configs/crypto-config-thread.h @@ -0,0 +1,46 @@ +/** + * \file crypto-config-thread.h + * + * \brief Minimal crypto configuration for using TLS as part of Thread + */ +/* + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + */ + +/** + * Minimal crypto configuration for using TLS as part of Thread + * http://threadgroup.org/ + * + * Distinguishing features: + * - no RSA or classic DH, fully based on ECC + * - no X.509 + * - support for experimental EC J-PAKE key exchange + * + * To be used in conjunction with configs/config-thread.h. + * See README.txt for usage instructions. + */ + +#ifndef PSA_CRYPTO_CONFIG_H +#define PSA_CRYPTO_CONFIG_H + +#define PSA_WANT_ALG_CCM 1 +#define PSA_WANT_ALG_CMAC 1 +#define PSA_WANT_ALG_JPAKE 1 +#define PSA_WANT_ALG_SHA_256 1 +#define PSA_WANT_ALG_TLS12_PRF 1 +#define PSA_WANT_ALG_TLS12_PSK_TO_MS 1 +#define PSA_WANT_ALG_CCM_STAR_NO_TAG 1 +#define PSA_WANT_ALG_ECB_NO_PADDING 1 +#define PSA_WANT_ALG_HMAC 1 +#define PSA_WANT_ALG_TLS12_ECJPAKE_TO_PMS 1 +#define PSA_WANT_ECC_SECP_R1_256 1 + +#define PSA_WANT_KEY_TYPE_AES 1 +#define PSA_WANT_KEY_TYPE_DERIVE 1 +#define PSA_WANT_KEY_TYPE_HMAC 1 +#define PSA_WANT_KEY_TYPE_RAW_DATA 1 +#define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC 1 +#define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE 1 +#define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE 1 +#endif /* PSA_CRYPTO_CONFIG_H */ From d3b11571e2707624fb168b3ea106da70d3ba4522 Mon Sep 17 00:00:00 2001 From: Ryan Everett Date: Thu, 25 Apr 2024 14:34:33 +0100 Subject: [PATCH 226/429] Add a crypto-config file for symmetric-only Replaces legacy symbols with the PSA equivalents. This doesn't change the code generated when this config is active Signed-off-by: Ryan Everett --- configs/config-symmetric-only.h | 31 +++------------ configs/crypto-config-symmetric-only.h | 55 ++++++++++++++++++++++++++ 2 files changed, 60 insertions(+), 26 deletions(-) create mode 100644 configs/crypto-config-symmetric-only.h diff --git a/configs/config-symmetric-only.h b/configs/config-symmetric-only.h index 512dd7616c..ad6a4419c3 100644 --- a/configs/config-symmetric-only.h +++ b/configs/config-symmetric-only.h @@ -8,18 +8,17 @@ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ +#define MBEDTLS_PSA_CRYPTO_CONFIG_FILE "../configs/crypto-config-symmetric-only.h" + +#define MBEDTLS_PSA_CRYPTO_CONFIG + /* System support */ //#define MBEDTLS_HAVE_ASM #define MBEDTLS_HAVE_TIME #define MBEDTLS_HAVE_TIME_DATE /* Mbed TLS feature support */ -#define MBEDTLS_CIPHER_MODE_CBC -#define MBEDTLS_CIPHER_MODE_CFB -#define MBEDTLS_CIPHER_MODE_CTR -#define MBEDTLS_CIPHER_MODE_OFB #define MBEDTLS_CIPHER_MODE_XTS -#define MBEDTLS_CIPHER_PADDING_PKCS7 #define MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS #define MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN #define MBEDTLS_CIPHER_PADDING_ZEROS @@ -31,47 +30,27 @@ #define MBEDTLS_VERSION_FEATURES /* Mbed TLS modules */ -#define MBEDTLS_AES_C #define MBEDTLS_ASN1_PARSE_C #define MBEDTLS_ASN1_WRITE_C #define MBEDTLS_BASE64_C -#define MBEDTLS_CAMELLIA_C -#define MBEDTLS_ARIA_C -#define MBEDTLS_CCM_C -#define MBEDTLS_CHACHA20_C -#define MBEDTLS_CHACHAPOLY_C #define MBEDTLS_CIPHER_C -#define MBEDTLS_CMAC_C #define MBEDTLS_CTR_DRBG_C -#define MBEDTLS_DES_C #define MBEDTLS_ENTROPY_C #define MBEDTLS_ERROR_C -#define MBEDTLS_GCM_C -#define MBEDTLS_HKDF_C #define MBEDTLS_HMAC_DRBG_C #define MBEDTLS_NIST_KW_C #define MBEDTLS_MD_C -#define MBEDTLS_MD5_C #define MBEDTLS_OID_C #define MBEDTLS_PEM_PARSE_C #define MBEDTLS_PEM_WRITE_C #define MBEDTLS_PKCS5_C #define MBEDTLS_PKCS12_C #define MBEDTLS_PLATFORM_C -#define MBEDTLS_POLY1305_C #define MBEDTLS_PSA_CRYPTO_C #define MBEDTLS_PSA_CRYPTO_SE_C #define MBEDTLS_PSA_CRYPTO_STORAGE_C #define MBEDTLS_PSA_ITS_FILE_C -#define MBEDTLS_RIPEMD160_C -#define MBEDTLS_SHA1_C -/* The library does not currently support enabling SHA-224 without SHA-256. - * A future version of the library will have this option disabled - * by default. */ -#define MBEDTLS_SHA224_C -#define MBEDTLS_SHA256_C -#define MBEDTLS_SHA384_C -#define MBEDTLS_SHA512_C + //#define MBEDTLS_THREADING_C #define MBEDTLS_TIMING_C #define MBEDTLS_VERSION_C diff --git a/configs/crypto-config-symmetric-only.h b/configs/crypto-config-symmetric-only.h new file mode 100644 index 0000000000..799890d4ef --- /dev/null +++ b/configs/crypto-config-symmetric-only.h @@ -0,0 +1,55 @@ +/** + * \file crypto-config-symmetric-only.h + * + * \brief Crypto configuration without any asymmetric cryptography. + */ +/* + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + */ + +/** + * To be used in conjunction with configs/config-symmetric-only.h. */ + +#ifndef PSA_CRYPTO_CONFIG_H +#define PSA_CRYPTO_CONFIG_H + +#define PSA_WANT_ALG_CBC_NO_PADDING 1 +#define PSA_WANT_ALG_CBC_PKCS7 1 +#define PSA_WANT_ALG_CCM 1 +#define PSA_WANT_ALG_CCM_STAR_NO_TAG 1 +#define PSA_WANT_ALG_CFB 1 +#define PSA_WANT_ALG_CHACHA20_POLY1305 1 +#define PSA_WANT_ALG_CMAC 1 +#define PSA_WANT_ALG_CTR 1 +#define PSA_WANT_ALG_ECB_NO_PADDING 1 +#define PSA_WANT_ALG_GCM 1 +#define PSA_WANT_ALG_HKDF 1 +#define PSA_WANT_ALG_HKDF_EXTRACT 1 +#define PSA_WANT_ALG_HKDF_EXPAND 1 +#define PSA_WANT_ALG_HMAC 1 +#define PSA_WANT_ALG_MD5 1 +#define PSA_WANT_ALG_OFB 1 +#define PSA_WANT_ALG_RIPEMD160 1 +#define PSA_WANT_ALG_SHA_1 1 +#define PSA_WANT_ALG_STREAM_CIPHER 1 +#define PSA_WANT_ALG_TLS12_ECJPAKE_TO_PMS 1 +#define PSA_WANT_ALG_TLS12_PRF 1 +#define PSA_WANT_ALG_TLS12_PSK_TO_MS 1 + +/* The library does not currently support enabling SHA-224 without SHA-256. + * A future version of the library will have this option disabled + * by default. */ +#define PSA_WANT_ALG_SHA_224 1 +#define PSA_WANT_ALG_SHA_256 1 +#define PSA_WANT_ALG_SHA_384 1 +#define PSA_WANT_ALG_SHA_512 1 + +#define PSA_WANT_KEY_TYPE_AES 1 +#define PSA_WANT_KEY_TYPE_ARIA 1 +#define PSA_WANT_KEY_TYPE_CAMELLIA 1 +#define PSA_WANT_KEY_TYPE_CHACHA20 1 +#define PSA_WANT_KEY_TYPE_DES 1 +#define PSA_WANT_KEY_TYPE_HMAC 1 + +#endif /* PSA_CRYPTO_CONFIG_H */ From ab5ec9d3a488f33aef46f3b477260b66b9653ad3 Mon Sep 17 00:00:00 2001 From: Ryan Everett Date: Thu, 25 Apr 2024 15:05:31 +0100 Subject: [PATCH 227/429] Add a crypto config file for ccm-psk-tls1_2.h Also convert legacy symbols to their PSA equivalents. This does not change code compiled when this config is active with PSA enabled Signed-off-by: Ryan Everett --- configs/config-ccm-psk-tls1_2.h | 7 +++--- configs/crypto-config-ccm-psk-tls1_2.h | 30 ++++++++++++++++++++++++++ 2 files changed, 34 insertions(+), 3 deletions(-) create mode 100644 configs/crypto-config-ccm-psk-tls1_2.h diff --git a/configs/config-ccm-psk-tls1_2.h b/configs/config-ccm-psk-tls1_2.h index d49adfd725..cbc7dab867 100644 --- a/configs/config-ccm-psk-tls1_2.h +++ b/configs/config-ccm-psk-tls1_2.h @@ -22,19 +22,20 @@ * See README.txt for usage instructions. */ +#define MBEDTLS_PSA_CRYPTO_CONFIG_FILE "../configs/crypto-config-ccm-psk-tls1_2.h" + +#define MBEDTLS_PSA_CRYPTO_CONFIG + /* System support */ //#define MBEDTLS_HAVE_TIME /* Optionally used in Hello messages */ /* Other MBEDTLS_HAVE_XXX flags irrelevant for this configuration */ /* Mbed TLS modules */ -#define MBEDTLS_AES_C -#define MBEDTLS_CCM_C #define MBEDTLS_CIPHER_C #define MBEDTLS_CTR_DRBG_C #define MBEDTLS_ENTROPY_C #define MBEDTLS_MD_C #define MBEDTLS_NET_C -#define MBEDTLS_SHA256_C #define MBEDTLS_SSL_CLI_C #define MBEDTLS_SSL_SRV_C #define MBEDTLS_SSL_TLS_C diff --git a/configs/crypto-config-ccm-psk-tls1_2.h b/configs/crypto-config-ccm-psk-tls1_2.h new file mode 100644 index 0000000000..2891b4e007 --- /dev/null +++ b/configs/crypto-config-ccm-psk-tls1_2.h @@ -0,0 +1,30 @@ +/** + * \file crypto-config-ccm-psk-tls1_2.h + * + * \brief Minimal crypto configuration for TLS 1.2 with + * PSK and AES-CCM ciphersuites + */ +/* + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + */ + +/** + * To be used in conjunction with configs/config-ccm-psk-tls1_2.h + * or configs/config-ccm-psk-dtls1_2.h. */ + +#ifndef PSA_CRYPTO_CONFIG_H +#define PSA_CRYPTO_CONFIG_H + +#define PSA_WANT_ALG_CCM 1 +#define PSA_WANT_ALG_CCM_STAR_NO_TAG 1 +#define PSA_WANT_ALG_ECB_NO_PADDING 1 +#define PSA_WANT_ALG_HMAC 1 +#define PSA_WANT_ALG_SHA_256 1 +#define PSA_WANT_ALG_TLS12_PRF 1 +#define PSA_WANT_ALG_TLS12_PSK_TO_MS 1 +#define PSA_WANT_ALG_TLS12_ECJPAKE_TO_PMS 1 + +#define PSA_WANT_KEY_TYPE_AES 1 +#define PSA_WANT_KEY_TYPE_HMAC 1 +#endif /* PSA_CRYPTO_CONFIG_H */ From 0a0393e8bd32fa2b9abf06dd41b5d2b73bed6d81 Mon Sep 17 00:00:00 2001 From: Ryan Everett Date: Thu, 25 Apr 2024 15:43:52 +0100 Subject: [PATCH 228/429] Use crypto config for ccm-psk-dtls1_2.h Convert legacy symbols to their PSA equivalents. This does not change code compiled when this config is active with PSA enabled Signed-off-by: Ryan Everett --- configs/config-ccm-psk-dtls1_2.h | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/configs/config-ccm-psk-dtls1_2.h b/configs/config-ccm-psk-dtls1_2.h index 19e09d957f..2ea9ac4618 100644 --- a/configs/config-ccm-psk-dtls1_2.h +++ b/configs/config-ccm-psk-dtls1_2.h @@ -23,19 +23,20 @@ * See README.txt for usage instructions. */ +#define MBEDTLS_PSA_CRYPTO_CONFIG_FILE "../configs/crypto-config-ccm-psk-tls1_2.h" + +#define MBEDTLS_PSA_CRYPTO_CONFIG + /* System support */ //#define MBEDTLS_HAVE_TIME /* Optionally used in Hello messages */ /* Other MBEDTLS_HAVE_XXX flags irrelevant for this configuration */ /* Mbed TLS modules */ -#define MBEDTLS_AES_C -#define MBEDTLS_CCM_C #define MBEDTLS_CIPHER_C #define MBEDTLS_CTR_DRBG_C #define MBEDTLS_ENTROPY_C #define MBEDTLS_MD_C #define MBEDTLS_NET_C -#define MBEDTLS_SHA256_C #define MBEDTLS_SSL_CLI_C #define MBEDTLS_SSL_COOKIE_C #define MBEDTLS_SSL_SRV_C From 4540cd342900bb9bd64f540ea51cb0629e614da0 Mon Sep 17 00:00:00 2001 From: Ryan Everett Date: Thu, 25 Apr 2024 17:30:30 +0100 Subject: [PATCH 229/429] Add a crypto config file for suite-b Also converts legacy symbols into their PSA equivalents. When PSA is defined this does not change the compiled code Signed-off-by: Ryan Everett --- configs/config-suite-b.h | 4 --- configs/crypto-config-suite-b.h | 50 +++++++++++++++++++++++++++++++++ 2 files changed, 50 insertions(+), 4 deletions(-) create mode 100644 configs/crypto-config-suite-b.h diff --git a/configs/config-suite-b.h b/configs/config-suite-b.h index 9bba6e6cbd..20bd7f9e14 100644 --- a/configs/config-suite-b.h +++ b/configs/config-suite-b.h @@ -32,17 +32,13 @@ #define MBEDTLS_SSL_PROTO_TLS1_2 /* Mbed TLS modules */ -#define MBEDTLS_AES_C #define MBEDTLS_ASN1_PARSE_C #define MBEDTLS_ASN1_WRITE_C #define MBEDTLS_BIGNUM_C #define MBEDTLS_CIPHER_C #define MBEDTLS_CTR_DRBG_C -#define MBEDTLS_ECDH_C -#define MBEDTLS_ECDSA_C #define MBEDTLS_ECP_C #define MBEDTLS_ENTROPY_C -#define MBEDTLS_GCM_C #define MBEDTLS_MD_C #define MBEDTLS_NET_C #define MBEDTLS_OID_C diff --git a/configs/crypto-config-suite-b.h b/configs/crypto-config-suite-b.h new file mode 100644 index 0000000000..8ad38754ed --- /dev/null +++ b/configs/crypto-config-suite-b.h @@ -0,0 +1,50 @@ +/** + * \file crypto-config-symmetric-only.h + * + * \brief \brief Minimal crypto configuration for + * TLS NSA Suite B Profile (RFC 6460). + */ +/* + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + */ + +/** + * Minimal crypto configuration for TLS NSA Suite B Profile (RFC 6460) + * + * Distinguishing features: + * - no RSA or classic DH, fully based on ECC + * - optimized for low RAM usage + * + * Possible improvements: + * - if 128-bit security is enough, disable secp384r1 and SHA-512 + * - use embedded certs in DER format and disable PEM_PARSE_C and BASE64_C + * + * To be used in conjunction with configs/config-suite-b.h. */ + +#define MBEDTLS_PSA_CRYPTO_CONFIG_FILE "../configs/crypto-config-suite-b.h" + +#define MBEDTLS_PSA_CRYPTO_CONFIG + +#ifndef PSA_CRYPTO_CONFIG_H +#define PSA_CRYPTO_CONFIG_H + +#define PSA_WANT_ALG_ECB_NO_PADDING 1 +#define PSA_WANT_ALG_ECDH 1 +#define PSA_WANT_ALG_ECDSA 1 +#define PSA_WANT_ALG_GCM 1 +#define PSA_WANT_ALG_HMAC 1 +#define PSA_WANT_ALG_SHA_256 1 +#define PSA_WANT_ALG_SHA_384 1 +#define PSA_WANT_ALG_SHA_512 1 +#define PSA_WANT_ECC_SECP_R1_256 1 +#define PSA_WANT_ALG_TLS12_PRF 1 +#define PSA_WANT_ALG_TLS12_PSK_TO_MS 1 +#define PSA_WANT_ALG_TLS12_ECJPAKE_TO_PMS 1 + +#define PSA_WANT_KEY_TYPE_AES 1 +#define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC 1 +#define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE 1 +#define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE 1 +#define PSA_WANT_KEY_TYPE_HMAC 1 +#endif /* PSA_CRYPTO_CONFIG_H */ From 44d7ddf82fa5d0d4b1b61a36c8d370c073476f5d Mon Sep 17 00:00:00 2001 From: Ryan Everett Date: Fri, 26 Apr 2024 11:25:43 +0100 Subject: [PATCH 230/429] In suite-b move definition of MBEDTLS_PSA_CRYPTO_CONFIG_FILE Signed-off-by: Ryan Everett --- configs/config-suite-b.h | 4 ++++ configs/crypto-config-suite-b.h | 4 ---- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/configs/config-suite-b.h b/configs/config-suite-b.h index 20bd7f9e14..b408a9e59e 100644 --- a/configs/config-suite-b.h +++ b/configs/config-suite-b.h @@ -21,6 +21,10 @@ * See README.txt for usage instructions. */ +#define MBEDTLS_PSA_CRYPTO_CONFIG_FILE "../configs/crypto-config-suite-b.h" + +#define MBEDTLS_PSA_CRYPTO_CONFIG + /* System support */ #define MBEDTLS_HAVE_ASM #define MBEDTLS_HAVE_TIME diff --git a/configs/crypto-config-suite-b.h b/configs/crypto-config-suite-b.h index 8ad38754ed..0d8f46530a 100644 --- a/configs/crypto-config-suite-b.h +++ b/configs/crypto-config-suite-b.h @@ -22,10 +22,6 @@ * * To be used in conjunction with configs/config-suite-b.h. */ -#define MBEDTLS_PSA_CRYPTO_CONFIG_FILE "../configs/crypto-config-suite-b.h" - -#define MBEDTLS_PSA_CRYPTO_CONFIG - #ifndef PSA_CRYPTO_CONFIG_H #define PSA_CRYPTO_CONFIG_H From c3051572cac18d6222fdc37c1294e5824eafe066 Mon Sep 17 00:00:00 2001 From: Ryan Everett Date: Tue, 30 Apr 2024 17:20:42 +0100 Subject: [PATCH 231/429] Address suite-b comments Signed-off-by: Ryan Everett --- configs/config-suite-b.h | 5 ----- configs/crypto-config-suite-b.h | 5 +---- 2 files changed, 1 insertion(+), 9 deletions(-) diff --git a/configs/config-suite-b.h b/configs/config-suite-b.h index b408a9e59e..77c0b1772f 100644 --- a/configs/config-suite-b.h +++ b/configs/config-suite-b.h @@ -38,19 +38,14 @@ /* Mbed TLS modules */ #define MBEDTLS_ASN1_PARSE_C #define MBEDTLS_ASN1_WRITE_C -#define MBEDTLS_BIGNUM_C #define MBEDTLS_CIPHER_C #define MBEDTLS_CTR_DRBG_C -#define MBEDTLS_ECP_C #define MBEDTLS_ENTROPY_C #define MBEDTLS_MD_C #define MBEDTLS_NET_C #define MBEDTLS_OID_C #define MBEDTLS_PK_C #define MBEDTLS_PK_PARSE_C -#define MBEDTLS_SHA256_C -#define MBEDTLS_SHA384_C -#define MBEDTLS_SHA512_C #define MBEDTLS_SSL_CLI_C #define MBEDTLS_SSL_SRV_C #define MBEDTLS_SSL_TLS_C diff --git a/configs/crypto-config-suite-b.h b/configs/crypto-config-suite-b.h index 0d8f46530a..2351ecb097 100644 --- a/configs/crypto-config-suite-b.h +++ b/configs/crypto-config-suite-b.h @@ -25,7 +25,6 @@ #ifndef PSA_CRYPTO_CONFIG_H #define PSA_CRYPTO_CONFIG_H -#define PSA_WANT_ALG_ECB_NO_PADDING 1 #define PSA_WANT_ALG_ECDH 1 #define PSA_WANT_ALG_ECDSA 1 #define PSA_WANT_ALG_GCM 1 @@ -35,12 +34,10 @@ #define PSA_WANT_ALG_SHA_512 1 #define PSA_WANT_ECC_SECP_R1_256 1 #define PSA_WANT_ALG_TLS12_PRF 1 -#define PSA_WANT_ALG_TLS12_PSK_TO_MS 1 -#define PSA_WANT_ALG_TLS12_ECJPAKE_TO_PMS 1 #define PSA_WANT_KEY_TYPE_AES 1 #define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC 1 -#define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE 1 +#define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT 1 #define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE 1 #define PSA_WANT_KEY_TYPE_HMAC 1 #endif /* PSA_CRYPTO_CONFIG_H */ From 2abd658030d14360f130f1444180f12995cd4d52 Mon Sep 17 00:00:00 2001 From: Ryan Everett Date: Tue, 30 Apr 2024 17:21:15 +0100 Subject: [PATCH 232/429] Address symmetric-only comments Signed-off-by: Ryan Everett --- configs/config-symmetric-only.h | 4 ---- configs/crypto-config-symmetric-only.h | 17 ++++++++++------- 2 files changed, 10 insertions(+), 11 deletions(-) diff --git a/configs/config-symmetric-only.h b/configs/config-symmetric-only.h index ad6a4419c3..faeab178fd 100644 --- a/configs/config-symmetric-only.h +++ b/configs/config-symmetric-only.h @@ -18,10 +18,6 @@ #define MBEDTLS_HAVE_TIME_DATE /* Mbed TLS feature support */ -#define MBEDTLS_CIPHER_MODE_XTS -#define MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS -#define MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN -#define MBEDTLS_CIPHER_PADDING_ZEROS #define MBEDTLS_ERROR_STRERROR_DUMMY #define MBEDTLS_FS_IO #define MBEDTLS_ENTROPY_NV_SEED diff --git a/configs/crypto-config-symmetric-only.h b/configs/crypto-config-symmetric-only.h index 799890d4ef..5d6bf85291 100644 --- a/configs/crypto-config-symmetric-only.h +++ b/configs/crypto-config-symmetric-only.h @@ -33,17 +33,20 @@ #define PSA_WANT_ALG_RIPEMD160 1 #define PSA_WANT_ALG_SHA_1 1 #define PSA_WANT_ALG_STREAM_CIPHER 1 -#define PSA_WANT_ALG_TLS12_ECJPAKE_TO_PMS 1 -#define PSA_WANT_ALG_TLS12_PRF 1 -#define PSA_WANT_ALG_TLS12_PSK_TO_MS 1 - -/* The library does not currently support enabling SHA-224 without SHA-256. - * A future version of the library will have this option disabled - * by default. */ #define PSA_WANT_ALG_SHA_224 1 #define PSA_WANT_ALG_SHA_256 1 #define PSA_WANT_ALG_SHA_384 1 #define PSA_WANT_ALG_SHA_512 1 +#define PSA_WANT_ALG_SHA3_224 1 +#define PSA_WANT_ALG_SHA3_256 1 +#define PSA_WANT_ALG_SHA3_384 1 +#define PSA_WANT_ALG_SHA3_512 1 +#define PSA_WANT_ALG_TLS12_ECJPAKE_TO_PMS 1 +#define PSA_WANT_ALG_TLS12_PRF 1 +#define PSA_WANT_ALG_TLS12_PSK_TO_MS 1 + +/* XTS is not yet supported via the PSA API in Mbed TLS. */ +//#define PSA_WANT_ALG_XTS 1 #define PSA_WANT_KEY_TYPE_AES 1 #define PSA_WANT_KEY_TYPE_ARIA 1 From 0855b26a808b3be43eeac75ee60cd0eaa244b0f9 Mon Sep 17 00:00:00 2001 From: Ryan Everett Date: Tue, 30 Apr 2024 17:21:43 +0100 Subject: [PATCH 233/429] Address thread comments Signed-off-by: Ryan Everett --- configs/config-thread.h | 1 - configs/crypto-config-thread.h | 8 +++----- 2 files changed, 3 insertions(+), 6 deletions(-) diff --git a/configs/config-thread.h b/configs/config-thread.h index e696583b38..e9b267c4c0 100644 --- a/configs/config-thread.h +++ b/configs/config-thread.h @@ -41,7 +41,6 @@ /* Mbed TLS modules */ #define MBEDTLS_ASN1_PARSE_C #define MBEDTLS_ASN1_WRITE_C -#define MBEDTLS_BIGNUM_C #define MBEDTLS_CIPHER_C #define MBEDTLS_CTR_DRBG_C #define MBEDTLS_ENTROPY_C diff --git a/configs/crypto-config-thread.h b/configs/crypto-config-thread.h index 7ea66da318..4ba8b5eb43 100644 --- a/configs/crypto-config-thread.h +++ b/configs/crypto-config-thread.h @@ -26,13 +26,11 @@ #define PSA_WANT_ALG_CCM 1 #define PSA_WANT_ALG_CMAC 1 +#define PSA_WANT_ALG_ECB_NO_PADDING 1 +#define PSA_WANT_ALG_HMAC 1 #define PSA_WANT_ALG_JPAKE 1 #define PSA_WANT_ALG_SHA_256 1 #define PSA_WANT_ALG_TLS12_PRF 1 -#define PSA_WANT_ALG_TLS12_PSK_TO_MS 1 -#define PSA_WANT_ALG_CCM_STAR_NO_TAG 1 -#define PSA_WANT_ALG_ECB_NO_PADDING 1 -#define PSA_WANT_ALG_HMAC 1 #define PSA_WANT_ALG_TLS12_ECJPAKE_TO_PMS 1 #define PSA_WANT_ECC_SECP_R1_256 1 @@ -41,6 +39,6 @@ #define PSA_WANT_KEY_TYPE_HMAC 1 #define PSA_WANT_KEY_TYPE_RAW_DATA 1 #define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC 1 +#define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT 1 #define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE 1 -#define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE 1 #endif /* PSA_CRYPTO_CONFIG_H */ From 21eaa77ba8363404cf1135fe05b47cfba82d3c5b Mon Sep 17 00:00:00 2001 From: Ryan Everett Date: Tue, 30 Apr 2024 17:21:57 +0100 Subject: [PATCH 234/429] Address ccm-psk-tls1_2 comments Signed-off-by: Ryan Everett --- configs/crypto-config-ccm-psk-tls1_2.h | 3 --- 1 file changed, 3 deletions(-) diff --git a/configs/crypto-config-ccm-psk-tls1_2.h b/configs/crypto-config-ccm-psk-tls1_2.h index 2891b4e007..d59729cd1b 100644 --- a/configs/crypto-config-ccm-psk-tls1_2.h +++ b/configs/crypto-config-ccm-psk-tls1_2.h @@ -17,13 +17,10 @@ #define PSA_CRYPTO_CONFIG_H #define PSA_WANT_ALG_CCM 1 -#define PSA_WANT_ALG_CCM_STAR_NO_TAG 1 -#define PSA_WANT_ALG_ECB_NO_PADDING 1 #define PSA_WANT_ALG_HMAC 1 #define PSA_WANT_ALG_SHA_256 1 #define PSA_WANT_ALG_TLS12_PRF 1 #define PSA_WANT_ALG_TLS12_PSK_TO_MS 1 -#define PSA_WANT_ALG_TLS12_ECJPAKE_TO_PMS 1 #define PSA_WANT_KEY_TYPE_AES 1 #define PSA_WANT_KEY_TYPE_HMAC 1 From 640276268dc8b11829c2f36481485fad0c056476 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Tue, 14 May 2024 10:51:27 +0200 Subject: [PATCH 235/429] Fix compat.sh filters Signed-off-by: Ronald Cron --- tests/scripts/test-ref-configs.pl | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/tests/scripts/test-ref-configs.pl b/tests/scripts/test-ref-configs.pl index 055023a5f2..a6bc0ec742 100755 --- a/tests/scripts/test-ref-configs.pl +++ b/tests/scripts/test-ref-configs.pl @@ -17,11 +17,11 @@ use strict; my %configs = ( 'config-ccm-psk-tls1_2.h' => { - 'compat' => '-m tls12 -f \'^TLS-PSK-WITH-AES-...-CCM-8\'', + 'compat' => '-m tls12 -f \'^TLS_PSK_WITH_AES_..._CCM_8\'', 'test_again_with_use_psa' => 1 }, 'config-ccm-psk-dtls1_2.h' => { - 'compat' => '-m dtls12 -f \'^TLS-PSK-WITH-AES-...-CCM-8\'', + 'compat' => '-m dtls12 -f \'^TLS_PSK_WITH_AES_..._CCM_8\'', 'opt' => ' ', 'opt_needs_debug' => 1, 'test_again_with_use_psa' => 1 @@ -29,7 +29,7 @@ my %configs = ( 'config-no-entropy.h' => { }, 'config-suite-b.h' => { - 'compat' => "-m tls12 -f 'ECDHE-ECDSA.*AES.*GCM' -p mbedTLS", + 'compat' => "-m tls12 -f 'ECDHE_ECDSA.*AES.*GCM' -p mbedTLS", 'test_again_with_use_psa' => 1, 'opt' => ' ', 'opt_needs_debug' => 1, From 4dd6631aac97c8eb50cb5a2aa326b57e73453500 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Wed, 15 May 2024 11:22:04 +0200 Subject: [PATCH 236/429] test-ref-configs.pl: Detect automatically test with USE_PSA enabled Change the way we decide if for a given configuration we need to run tests with and without MBEDTLS_USE_PSA_CRYPTO enabled. That makes the script suitable for 3.6 and development branch. Signed-off-by: Ronald Cron --- tests/scripts/test-ref-configs.pl | 18 +++++++++++------- 1 file changed, 11 insertions(+), 7 deletions(-) diff --git a/tests/scripts/test-ref-configs.pl b/tests/scripts/test-ref-configs.pl index a6bc0ec742..edd778a11d 100755 --- a/tests/scripts/test-ref-configs.pl +++ b/tests/scripts/test-ref-configs.pl @@ -18,31 +18,25 @@ use strict; my %configs = ( 'config-ccm-psk-tls1_2.h' => { 'compat' => '-m tls12 -f \'^TLS_PSK_WITH_AES_..._CCM_8\'', - 'test_again_with_use_psa' => 1 }, 'config-ccm-psk-dtls1_2.h' => { 'compat' => '-m dtls12 -f \'^TLS_PSK_WITH_AES_..._CCM_8\'', 'opt' => ' ', 'opt_needs_debug' => 1, - 'test_again_with_use_psa' => 1 }, 'config-no-entropy.h' => { }, 'config-suite-b.h' => { 'compat' => "-m tls12 -f 'ECDHE_ECDSA.*AES.*GCM' -p mbedTLS", - 'test_again_with_use_psa' => 1, 'opt' => ' ', 'opt_needs_debug' => 1, }, 'config-symmetric-only.h' => { - 'test_again_with_use_psa' => 0, # Uses PSA by default, no need to test it twice }, 'config-tfm.h' => { - 'test_again_with_use_psa' => 0, # Uses PSA by default, no need to test it twice }, 'config-thread.h' => { 'opt' => '-f ECJPAKE.*nolog', - 'test_again_with_use_psa' => 1, }, ); @@ -148,7 +142,17 @@ sub perform_test { } foreach my $conf ( @configs_to_test ) { - my $test_with_psa = $configs{$conf}{'test_again_with_use_psa'}; + my $test_with_psa = 0; + + open(CONFIG_FILE, "<", "configs/$conf") or die "Opening config file '$conf': $!"; + while (my $line = ) { + if ($line =~ /^\/\/#define MBEDTLS_USE_PSA_CRYPTO/) { + $test_with_psa = 1; + last; + } + } + close(CONFIG_FILE); + if ( $test_with_psa ) { perform_test( $conf, $configs{$conf}, $test_with_psa ); From 4de85396cf98891b41e6277f54822a7e9de60a05 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Tue, 14 May 2024 10:20:56 +0200 Subject: [PATCH 237/429] Enable MBEDTLS_PSA_CRYPTO_C and MBEDTLS_USE_PSA_CRYPTO Enable MBEDTLS_PSA_CRYPTO_C and MBEDTLS_USE_PSA_CRYPTO is reference configurations as we are working towards removing (always on) them. Signed-off-by: Ronald Cron --- configs/config-ccm-psk-dtls1_2.h | 7 ++----- configs/config-ccm-psk-tls1_2.h | 7 ++----- configs/config-suite-b.h | 7 ++----- configs/config-symmetric-only.h | 4 ++-- configs/config-thread.h | 7 ++----- 5 files changed, 10 insertions(+), 22 deletions(-) diff --git a/configs/config-ccm-psk-dtls1_2.h b/configs/config-ccm-psk-dtls1_2.h index 2ea9ac4618..fa012db8bd 100644 --- a/configs/config-ccm-psk-dtls1_2.h +++ b/configs/config-ccm-psk-dtls1_2.h @@ -25,7 +25,9 @@ #define MBEDTLS_PSA_CRYPTO_CONFIG_FILE "../configs/crypto-config-ccm-psk-tls1_2.h" +#define MBEDTLS_PSA_CRYPTO_C #define MBEDTLS_PSA_CRYPTO_CONFIG +#define MBEDTLS_USE_PSA_CRYPTO /* System support */ //#define MBEDTLS_HAVE_TIME /* Optionally used in Hello messages */ @@ -82,11 +84,6 @@ */ #define MBEDTLS_ENTROPY_MAX_SOURCES 2 -/* These defines are present so that the config modifying scripts can enable - * them during tests/scripts/test-ref-configs.pl */ -//#define MBEDTLS_USE_PSA_CRYPTO -//#define MBEDTLS_PSA_CRYPTO_C - /* Error messages and TLS debugging traces * (huge code size increase, needed for tests/ssl-opt.sh) */ //#define MBEDTLS_DEBUG_C diff --git a/configs/config-ccm-psk-tls1_2.h b/configs/config-ccm-psk-tls1_2.h index cbc7dab867..eb23fca1ce 100644 --- a/configs/config-ccm-psk-tls1_2.h +++ b/configs/config-ccm-psk-tls1_2.h @@ -24,7 +24,9 @@ #define MBEDTLS_PSA_CRYPTO_CONFIG_FILE "../configs/crypto-config-ccm-psk-tls1_2.h" +#define MBEDTLS_PSA_CRYPTO_C #define MBEDTLS_PSA_CRYPTO_CONFIG +#define MBEDTLS_USE_PSA_CRYPTO /* System support */ //#define MBEDTLS_HAVE_TIME /* Optionally used in Hello messages */ @@ -73,11 +75,6 @@ */ #define MBEDTLS_ENTROPY_MAX_SOURCES 2 -/* These defines are present so that the config modifying scripts can enable - * them during tests/scripts/test-ref-configs.pl */ -//#define MBEDTLS_USE_PSA_CRYPTO -//#define MBEDTLS_PSA_CRYPTO_C - /* Error messages and TLS debugging traces * (huge code size increase, needed for tests/ssl-opt.sh) */ //#define MBEDTLS_DEBUG_C diff --git a/configs/config-suite-b.h b/configs/config-suite-b.h index 77c0b1772f..bb9a312b36 100644 --- a/configs/config-suite-b.h +++ b/configs/config-suite-b.h @@ -23,7 +23,9 @@ #define MBEDTLS_PSA_CRYPTO_CONFIG_FILE "../configs/crypto-config-suite-b.h" +#define MBEDTLS_PSA_CRYPTO_C #define MBEDTLS_PSA_CRYPTO_CONFIG +#define MBEDTLS_USE_PSA_CRYPTO /* System support */ #define MBEDTLS_HAVE_ASM @@ -90,11 +92,6 @@ #define MBEDTLS_SSL_IN_CONTENT_LEN 1024 #define MBEDTLS_SSL_OUT_CONTENT_LEN 1024 -/* These defines are present so that the config modifying scripts can enable - * them during tests/scripts/test-ref-configs.pl */ -//#define MBEDTLS_USE_PSA_CRYPTO -//#define MBEDTLS_PSA_CRYPTO_C - /* Error messages and TLS debugging traces * (huge code size increase, needed for tests/ssl-opt.sh) */ //#define MBEDTLS_DEBUG_C diff --git a/configs/config-symmetric-only.h b/configs/config-symmetric-only.h index faeab178fd..e307c0b961 100644 --- a/configs/config-symmetric-only.h +++ b/configs/config-symmetric-only.h @@ -10,7 +10,9 @@ #define MBEDTLS_PSA_CRYPTO_CONFIG_FILE "../configs/crypto-config-symmetric-only.h" +#define MBEDTLS_PSA_CRYPTO_C #define MBEDTLS_PSA_CRYPTO_CONFIG +#define MBEDTLS_USE_PSA_CRYPTO /* System support */ //#define MBEDTLS_HAVE_ASM @@ -22,7 +24,6 @@ #define MBEDTLS_FS_IO #define MBEDTLS_ENTROPY_NV_SEED #define MBEDTLS_SELF_TEST -#define MBEDTLS_USE_PSA_CRYPTO #define MBEDTLS_VERSION_FEATURES /* Mbed TLS modules */ @@ -42,7 +43,6 @@ #define MBEDTLS_PKCS5_C #define MBEDTLS_PKCS12_C #define MBEDTLS_PLATFORM_C -#define MBEDTLS_PSA_CRYPTO_C #define MBEDTLS_PSA_CRYPTO_SE_C #define MBEDTLS_PSA_CRYPTO_STORAGE_C #define MBEDTLS_PSA_ITS_FILE_C diff --git a/configs/config-thread.h b/configs/config-thread.h index e9b267c4c0..48c8301661 100644 --- a/configs/config-thread.h +++ b/configs/config-thread.h @@ -23,7 +23,9 @@ #define MBEDTLS_PSA_CRYPTO_CONFIG_FILE "../configs/crypto-config-thread.h" +#define MBEDTLS_PSA_CRYPTO_C #define MBEDTLS_PSA_CRYPTO_CONFIG +#define MBEDTLS_USE_PSA_CRYPTO /* System support */ #define MBEDTLS_HAVE_ASM @@ -66,8 +68,3 @@ /* Save ROM and a few bytes of RAM by specifying our own ciphersuite list */ #define MBEDTLS_SSL_CIPHERSUITES MBEDTLS_TLS_ECJPAKE_WITH_AES_128_CCM_8 - -/* These defines are present so that the config modifying scripts can enable - * them during tests/scripts/test-ref-configs.pl */ -//#define MBEDTLS_USE_PSA_CRYPTO -//#define MBEDTLS_PSA_CRYPTO_C From b16e1c2c2fb7ff6201c3767fedb676a728d85c6e Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Tue, 14 May 2024 11:27:40 +0200 Subject: [PATCH 238/429] Remove direct enablement of MBEDTLS_CIPHER/MD_C Kept MD in thread config as needed for HMAC_DRBG. Signed-off-by: Ronald Cron --- configs/config-ccm-psk-dtls1_2.h | 2 -- configs/config-ccm-psk-tls1_2.h | 2 -- configs/config-suite-b.h | 2 -- configs/config-symmetric-only.h | 2 -- configs/config-thread.h | 1 - 5 files changed, 9 deletions(-) diff --git a/configs/config-ccm-psk-dtls1_2.h b/configs/config-ccm-psk-dtls1_2.h index fa012db8bd..be785b7aec 100644 --- a/configs/config-ccm-psk-dtls1_2.h +++ b/configs/config-ccm-psk-dtls1_2.h @@ -34,10 +34,8 @@ /* Other MBEDTLS_HAVE_XXX flags irrelevant for this configuration */ /* Mbed TLS modules */ -#define MBEDTLS_CIPHER_C #define MBEDTLS_CTR_DRBG_C #define MBEDTLS_ENTROPY_C -#define MBEDTLS_MD_C #define MBEDTLS_NET_C #define MBEDTLS_SSL_CLI_C #define MBEDTLS_SSL_COOKIE_C diff --git a/configs/config-ccm-psk-tls1_2.h b/configs/config-ccm-psk-tls1_2.h index eb23fca1ce..d8f4f9c180 100644 --- a/configs/config-ccm-psk-tls1_2.h +++ b/configs/config-ccm-psk-tls1_2.h @@ -33,10 +33,8 @@ /* Other MBEDTLS_HAVE_XXX flags irrelevant for this configuration */ /* Mbed TLS modules */ -#define MBEDTLS_CIPHER_C #define MBEDTLS_CTR_DRBG_C #define MBEDTLS_ENTROPY_C -#define MBEDTLS_MD_C #define MBEDTLS_NET_C #define MBEDTLS_SSL_CLI_C #define MBEDTLS_SSL_SRV_C diff --git a/configs/config-suite-b.h b/configs/config-suite-b.h index bb9a312b36..2925a87b2a 100644 --- a/configs/config-suite-b.h +++ b/configs/config-suite-b.h @@ -40,10 +40,8 @@ /* Mbed TLS modules */ #define MBEDTLS_ASN1_PARSE_C #define MBEDTLS_ASN1_WRITE_C -#define MBEDTLS_CIPHER_C #define MBEDTLS_CTR_DRBG_C #define MBEDTLS_ENTROPY_C -#define MBEDTLS_MD_C #define MBEDTLS_NET_C #define MBEDTLS_OID_C #define MBEDTLS_PK_C diff --git a/configs/config-symmetric-only.h b/configs/config-symmetric-only.h index e307c0b961..13e4d26677 100644 --- a/configs/config-symmetric-only.h +++ b/configs/config-symmetric-only.h @@ -30,13 +30,11 @@ #define MBEDTLS_ASN1_PARSE_C #define MBEDTLS_ASN1_WRITE_C #define MBEDTLS_BASE64_C -#define MBEDTLS_CIPHER_C #define MBEDTLS_CTR_DRBG_C #define MBEDTLS_ENTROPY_C #define MBEDTLS_ERROR_C #define MBEDTLS_HMAC_DRBG_C #define MBEDTLS_NIST_KW_C -#define MBEDTLS_MD_C #define MBEDTLS_OID_C #define MBEDTLS_PEM_PARSE_C #define MBEDTLS_PEM_WRITE_C diff --git a/configs/config-thread.h b/configs/config-thread.h index 48c8301661..160aded92c 100644 --- a/configs/config-thread.h +++ b/configs/config-thread.h @@ -43,7 +43,6 @@ /* Mbed TLS modules */ #define MBEDTLS_ASN1_PARSE_C #define MBEDTLS_ASN1_WRITE_C -#define MBEDTLS_CIPHER_C #define MBEDTLS_CTR_DRBG_C #define MBEDTLS_ENTROPY_C #define MBEDTLS_HMAC_DRBG_C From b3a400b9bd060ee9b78eae6d44f3986e9d34632b Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Tue, 14 May 2024 14:26:12 +0200 Subject: [PATCH 239/429] config-suite-b: Enable EC with PSA_WANT Signed-off-by: Ronald Cron --- configs/config-suite-b.h | 2 -- configs/crypto-config-suite-b.h | 1 + 2 files changed, 1 insertion(+), 2 deletions(-) diff --git a/configs/config-suite-b.h b/configs/config-suite-b.h index 2925a87b2a..cdea16e25a 100644 --- a/configs/config-suite-b.h +++ b/configs/config-suite-b.h @@ -32,8 +32,6 @@ #define MBEDTLS_HAVE_TIME /* Mbed TLS feature support */ -#define MBEDTLS_ECP_DP_SECP256R1_ENABLED -#define MBEDTLS_ECP_DP_SECP384R1_ENABLED #define MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED #define MBEDTLS_SSL_PROTO_TLS1_2 diff --git a/configs/crypto-config-suite-b.h b/configs/crypto-config-suite-b.h index 2351ecb097..268db60d7a 100644 --- a/configs/crypto-config-suite-b.h +++ b/configs/crypto-config-suite-b.h @@ -33,6 +33,7 @@ #define PSA_WANT_ALG_SHA_384 1 #define PSA_WANT_ALG_SHA_512 1 #define PSA_WANT_ECC_SECP_R1_256 1 +#define PSA_WANT_ECC_SECP_R1_384 1 #define PSA_WANT_ALG_TLS12_PRF 1 #define PSA_WANT_KEY_TYPE_AES 1 From b0c96f47e7dfa7f463cb92f886842a48d85e1d26 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Wed, 15 May 2024 09:27:27 +0200 Subject: [PATCH 240/429] Resolve some HMAC dependencies automatically Signed-off-by: Ronald Cron --- configs/crypto-config-ccm-aes-sha256.h | 4 +-- configs/crypto-config-ccm-psk-tls1_2.h | 2 -- configs/crypto-config-suite-b.h | 3 --- include/mbedtls/config_psa.h | 2 ++ .../psa/crypto_adjust_config_dependencies.h | 27 +++++++++++++++++++ 5 files changed, 30 insertions(+), 8 deletions(-) create mode 100644 include/psa/crypto_adjust_config_dependencies.h diff --git a/configs/crypto-config-ccm-aes-sha256.h b/configs/crypto-config-ccm-aes-sha256.h index 7f8d58768c..68a9c0a539 100644 --- a/configs/crypto-config-ccm-aes-sha256.h +++ b/configs/crypto-config-ccm-aes-sha256.h @@ -2,7 +2,7 @@ * \file configs/crypto-config-ccm-aes-sha256.h * * \brief PSA crypto configuration with only symmetric cryptography: CCM-AES, - * SHA-256, HMAC and key derivation + * SHA-256 and key derivation (uses HMAC). */ /* * Copyright The Mbed TLS Contributors @@ -13,12 +13,10 @@ #define PSA_CRYPTO_CONFIG_H #define PSA_WANT_ALG_CCM 1 -#define PSA_WANT_ALG_HMAC 1 #define PSA_WANT_ALG_SHA_256 1 #define PSA_WANT_ALG_TLS12_PRF 1 #define PSA_WANT_ALG_TLS12_PSK_TO_MS 1 #define PSA_WANT_KEY_TYPE_DERIVE 1 -#define PSA_WANT_KEY_TYPE_HMAC 1 #define PSA_WANT_KEY_TYPE_AES 1 #define PSA_WANT_KEY_TYPE_RAW_DATA 1 diff --git a/configs/crypto-config-ccm-psk-tls1_2.h b/configs/crypto-config-ccm-psk-tls1_2.h index d59729cd1b..f4928e2ee0 100644 --- a/configs/crypto-config-ccm-psk-tls1_2.h +++ b/configs/crypto-config-ccm-psk-tls1_2.h @@ -17,11 +17,9 @@ #define PSA_CRYPTO_CONFIG_H #define PSA_WANT_ALG_CCM 1 -#define PSA_WANT_ALG_HMAC 1 #define PSA_WANT_ALG_SHA_256 1 #define PSA_WANT_ALG_TLS12_PRF 1 #define PSA_WANT_ALG_TLS12_PSK_TO_MS 1 #define PSA_WANT_KEY_TYPE_AES 1 -#define PSA_WANT_KEY_TYPE_HMAC 1 #endif /* PSA_CRYPTO_CONFIG_H */ diff --git a/configs/crypto-config-suite-b.h b/configs/crypto-config-suite-b.h index 268db60d7a..ec209193e0 100644 --- a/configs/crypto-config-suite-b.h +++ b/configs/crypto-config-suite-b.h @@ -18,7 +18,6 @@ * * Possible improvements: * - if 128-bit security is enough, disable secp384r1 and SHA-512 - * - use embedded certs in DER format and disable PEM_PARSE_C and BASE64_C * * To be used in conjunction with configs/config-suite-b.h. */ @@ -28,7 +27,6 @@ #define PSA_WANT_ALG_ECDH 1 #define PSA_WANT_ALG_ECDSA 1 #define PSA_WANT_ALG_GCM 1 -#define PSA_WANT_ALG_HMAC 1 #define PSA_WANT_ALG_SHA_256 1 #define PSA_WANT_ALG_SHA_384 1 #define PSA_WANT_ALG_SHA_512 1 @@ -40,5 +38,4 @@ #define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC 1 #define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT 1 #define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE 1 -#define PSA_WANT_KEY_TYPE_HMAC 1 #endif /* PSA_CRYPTO_CONFIG_H */ diff --git a/include/mbedtls/config_psa.h b/include/mbedtls/config_psa.h index 17da61b3e8..de961ec0f8 100644 --- a/include/mbedtls/config_psa.h +++ b/include/mbedtls/config_psa.h @@ -22,6 +22,8 @@ #include "psa/crypto_adjust_config_synonyms.h" +#include "psa/crypto_adjust_config_dependencies.h" + #include "mbedtls/config_adjust_psa_superset_legacy.h" #if defined(MBEDTLS_PSA_CRYPTO_CONFIG) diff --git a/include/psa/crypto_adjust_config_dependencies.h b/include/psa/crypto_adjust_config_dependencies.h new file mode 100644 index 0000000000..776f05b422 --- /dev/null +++ b/include/psa/crypto_adjust_config_dependencies.h @@ -0,0 +1,27 @@ +/** + * \file psa/crypto_adjust_config_dependencies.h + * \brief Adjust PSA configuration by resolving some dependencies. + * + * See docs/proposed/psa-conditional-inclusion-c.md. + * If a cryptographic mechanism A depends on a cryptographic mechanism B and + * A is enabled then enable B. + */ +/* + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + */ + +#ifndef PSA_CRYPTO_ADJUST_CONFIG_DEPENDENCIES_H +#define PSA_CRYPTO_ADJUST_CONFIG_DEPENDENCIES_H + +#if defined(PSA_WANT_ALG_TLS12_PRF) || \ + defined(PSA_WANT_ALG_TLS12_PSK_TO_MS) || \ + defined(PSA_WANT_ALG_HKDF) || \ + defined(PSA_WANT_ALG_HKDF_EXTRACT) || \ + defined(PSA_WANT_ALG_HKDF_EXPAND) || \ + defined(PSA_WANT_ALG_PBKDF2_HMAC) +#define PSA_WANT_ALG_HMAC 1 +#define PSA_WANT_KEY_TYPE_HMAC 1 +#endif + +#endif /* PSA_CRYPTO_ADJUST_CONFIG_DEPENDENCIES_H */ From a33a824d8a5a5b4711c16c1acc3ee721f43ac1da Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Wed, 15 May 2024 18:31:17 +0200 Subject: [PATCH 241/429] Resolve PBKDF2_AES_CMAC_PRF_128 dependencies Signed-off-by: Ronald Cron --- include/psa/crypto_adjust_config_dependencies.h | 5 +++++ tests/scripts/all.sh | 8 ++++++-- 2 files changed, 11 insertions(+), 2 deletions(-) diff --git a/include/psa/crypto_adjust_config_dependencies.h b/include/psa/crypto_adjust_config_dependencies.h index 776f05b422..ffca8ca373 100644 --- a/include/psa/crypto_adjust_config_dependencies.h +++ b/include/psa/crypto_adjust_config_dependencies.h @@ -24,4 +24,9 @@ #define PSA_WANT_KEY_TYPE_HMAC 1 #endif +#if defined(PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128) +#define PSA_WANT_KEY_TYPE_AES 1 +#define PSA_WANT_ALG_CMAC 1 +#endif + #endif /* PSA_CRYPTO_ADJUST_CONFIG_DEPENDENCIES_H */ diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 8158c8d976..802a77abf4 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -1731,6 +1731,7 @@ common_test_full_no_cipher_with_psa_crypto () { scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CTR scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_ECB_NO_PADDING scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_OFB + scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128 scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_STREAM_CIPHER scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_KEY_TYPE_DES else @@ -4076,6 +4077,7 @@ common_block_cipher_dispatch() { scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CBC_PKCS7 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CMAC scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CCM_STAR_NO_TAG + scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128 # Disable direct dependency on AES_C scripts/config.py unset MBEDTLS_NIST_KW_C @@ -5276,9 +5278,11 @@ component_build_psa_config_file () { make clean msg "build: make with MBEDTLS_PSA_CRYPTO_CONFIG_FILE + MBEDTLS_PSA_CRYPTO_USER_CONFIG_FILE" # ~40s - # In the user config, disable one feature, which will reflect on the - # mbedtls configuration so we can query it with query_compile_time_config. + # In the user config, disable one feature and its dependencies, which will + # reflect on the mbedtls configuration so we can query it with + # query_compile_time_config. echo '#undef PSA_WANT_ALG_CMAC' >psa_user_config.h + echo '#undef PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128' >> psa_user_config.h scripts/config.py unset MBEDTLS_CMAC_C make CFLAGS="-I '$PWD' -DMBEDTLS_PSA_CRYPTO_CONFIG_FILE='\"psa_test_config.h\"' -DMBEDTLS_PSA_CRYPTO_USER_CONFIG_FILE='\"psa_user_config.h\"'" not programs/test/query_compile_time_config MBEDTLS_CMAC_C From 1f95ede98c707b53caac198a04ef75d58864bdad Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Wed, 15 May 2024 12:49:02 +0200 Subject: [PATCH 242/429] Fix "maybe-uninitialized" warning with GCC 11.3 Signed-off-by: Ronald Cron --- tests/suites/test_suite_pk.function | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/suites/test_suite_pk.function b/tests/suites/test_suite_pk.function index ad7da32222..1188137b33 100644 --- a/tests/suites/test_suite_pk.function +++ b/tests/suites/test_suite_pk.function @@ -1818,7 +1818,7 @@ void pk_psa_sign(int psa_type, int bits, int rsa_padding) int ret; #endif /* MBEDTLS_RSA_C || MBEDTLS_PK_WRITE_C */ #if defined(MBEDTLS_PK_CAN_ECDSA_SIGN) - mbedtls_ecp_group_id ecp_grp_id; + mbedtls_ecp_group_id ecp_grp_id = MBEDTLS_ECP_DP_NONE; #endif /* MBEDTLS_PK_CAN_ECDSA_SIGN */ /* From 1f3c99c77440b1cbd36f7d49e2ffae0c4ddbb433 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Wed, 15 May 2024 07:29:51 +0200 Subject: [PATCH 243/429] psa_autogen.py: improve management of output files While at this, fix also Makefile so that "make clean" does not complain if some of the files to be cancelled do not exist. Signed-off-by: Valerio Setti --- tests/psa-client-server/psasim/Makefile | 5 +- .../psasim/tools/psa_autogen.py | 64 +++++++++++-------- 2 files changed, 38 insertions(+), 31 deletions(-) diff --git a/tests/psa-client-server/psasim/Makefile b/tests/psa-client-server/psasim/Makefile index 396f5ad3f0..db0c4127f4 100644 --- a/tests/psa-client-server/psasim/Makefile +++ b/tests/psa-client-server/psasim/Makefile @@ -58,6 +58,5 @@ clean: rm -rf libpsaclient libpsaserver rm -rf include/psa_manifest rm -f test/psa_service_* test/psa_notify_* - rm -r test/*.log - rm test/seedfile - + rm -f test/*.log + rm -f test/seedfile diff --git a/tests/psa-client-server/psasim/tools/psa_autogen.py b/tests/psa-client-server/psasim/tools/psa_autogen.py index cece2b793e..fbc98060fe 100755 --- a/tests/psa-client-server/psasim/tools/psa_autogen.py +++ b/tests/psa-client-server/psasim/tools/psa_autogen.py @@ -19,6 +19,10 @@ SCRIPT_PATH = os.path.dirname(__file__) GENERATED_H_PATH = os.path.join(SCRIPT_PATH, "..", "include", "psa_manifest") GENERATED_C_PATH = os.path.join(SCRIPT_PATH, "..", "src") +MANIFEST_FILE = os.path.join(GENERATED_H_PATH, "manifest.h") +PID_FILE = os.path.join(GENERATED_H_PATH, "pid.h") +SID_FILE = os.path.join(GENERATED_H_PATH, "sid.h") + with open(str(FILENAME), "r") as read_file: data = json.load(read_file) FILENAME = os.path.basename(FILENAME) @@ -38,11 +42,11 @@ with open(str(FILENAME), "r") as read_file: os.mkdir(GENERATED_H_PATH) print("Generating psa_manifest directory") except OSError: - print ("PSA manifest directory already exists") + print("PSA manifest directory already exists") - man = open(os.path.join(GENERATED_H_PATH, FILENAME + ".h"), "w") - pids = open(os.path.join(GENERATED_H_PATH, "pid.h"), "a") - sids = open(os.path.join(GENERATED_H_PATH, "sid.h"), "a") + manifest_content = [] + pids_content = [] + sids_content = [] if len(services) > 28: print ("Unsupported number of services") @@ -63,8 +67,8 @@ with open(str(FILENAME), "r") as read_file: # Go through all the services to make sid.h and pid.h for svc in services: - man.write("#define {}_SIGNAL 0x{:08x}\n".format(svc['signal'], 2**count)) - sids.write("#define {}_SID {}\n".format(svc['name'], svc['sid'])) + manifest_content.append("#define {}_SIGNAL 0x{:08x}".format(svc['signal'], 2**count)) + sids_content.append("#define {}_SID {}".format(svc['name'], svc['sid'])) qcode = qcode + "\"" + queue_path + str(int(svc['sid'], 16)) + "\"," ns_clients = svc['non_secure_clients'] print(str(svc)) @@ -94,7 +98,7 @@ with open(str(FILENAME), "r") as read_file: handlercode = "void __sig_handler(int signo) {\n" irqcount = count for irq in irqs: - man.write("#define {} 0x{:08x}\n".format(irq['signal'], 2**irqcount)) + manifest_content.append("#define {} 0x{:08x}".format(irq['signal'], 2**irqcount)) sigcode = sigcode + " signal({}, __sig_handler);\n".format(irq['source']) handlercode = handlercode + \ " if (signo == {}) {{ raise_signal(0x{:08x}); }};\n".format(irq['source'], 2**irqcount) @@ -114,9 +118,12 @@ with open(str(FILENAME), "r") as read_file: versions = versions + "};\n" policy = policy + "};\n" - pids.close() - sids.close() - man.close() + with open(MANIFEST_FILE, "wt") as output: + output.write("\n".join(manifest_content)) + with open(SID_FILE, "wt") as output: + output.write("\n".join(sids_content)) + with open(PID_FILE, "wt") as output: + output.write("\n".join(pids_content)) symbols = [] @@ -144,23 +151,24 @@ with open(str(FILENAME), "r") as read_file: print("Duplicate entrypoint symbol detected: " + str(symbols)) sys.exit(2) else: - bs = open(os.path.join(GENERATED_C_PATH, "psa_ff_bootstrap_" + partition_name + ".c"), - "w") - bs.write("#include \n") - bs.write("#include \"" + symbols[0] + "\"\n") - bs.write("#include \n\n") - bs.write(qcode) - bs.write(nsacl) - bs.write(policy) - bs.write(versions) - bs.write("\n") - bs.write(handlercode) - bs.write("\n") - bs.write("int main(int argc, char *argv[]) {\n") - bs.write(" (void) argc;\n") - bs.write(sigcode) - bs.write(" __init_psasim(psa_queues, 32, ns_allowed, versions, strict_policy);\n") - bs.write(" " + entry_point + "(argc, argv);\n}\n") - bs.close() + C_FILENAME = os.path.join(GENERATED_C_PATH, "psa_ff_bootstrap_" + partition_name + ".c") + c_content = [] + c_content.append("#include ") + c_content.append("#include \"" + symbols[0] + "\"") + c_content.append("#include ") + c_content.append(qcode) + c_content.append(nsacl) + c_content.append(policy) + c_content.append(versions) + c_content.append(handlercode) + c_content.append("int main(int argc, char *argv[]) {") + c_content.append(" (void) argc;") + c_content.append(sigcode) + c_content.append(" __init_psasim(psa_queues, 32, ns_allowed, versions," + "strict_policy);") + c_content.append(" " + entry_point + "(argc, argv);") + c_content.append("}") + with open(C_FILENAME, "wt") as output: + output.write("\n".join(c_content)) print("Success") From 97f0ea761197e62230656ca7334e8d6e3173ef00 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Fri, 17 May 2024 11:19:57 +0200 Subject: [PATCH 244/429] Fix the resolution of dependencies on HMAC The Mbed TLS implementations of ALG_TLS12_PRF, ALG_TLS12_PSK_TO_MS, ALG_HKDF, ALG_HKDF_EXTRACT, ALG_HKDF_EXPAND and ALG_PBKDF2 rely on HMAC operations through the driver interface. Thus if one of these algorithms is enabled and not accelerated, we need ALG_HMAC to be enabled (PSA_WANT_ALG_HMAC and PSA_WANT_KEY_TYPE_HMAC defined). As HMAC operations occur through the driver interface, HMAC operations can be accelerated even if the caller algorithm is not. Signed-off-by: Ronald Cron --- .../mbedtls/config_adjust_legacy_from_psa.h | 6 ------ .../psa/crypto_adjust_config_dependencies.h | 18 ++++++++++++------ 2 files changed, 12 insertions(+), 12 deletions(-) diff --git a/include/mbedtls/config_adjust_legacy_from_psa.h b/include/mbedtls/config_adjust_legacy_from_psa.h index 0091e246b2..0e4759de74 100644 --- a/include/mbedtls/config_adjust_legacy_from_psa.h +++ b/include/mbedtls/config_adjust_legacy_from_psa.h @@ -498,7 +498,6 @@ * The PSA implementation has its own implementation of HKDF, separate from * hkdf.c. No need to enable MBEDTLS_HKDF_C here. */ -#define MBEDTLS_PSA_BUILTIN_ALG_HMAC 1 #define MBEDTLS_PSA_BUILTIN_ALG_HKDF 1 #endif /* !MBEDTLS_PSA_ACCEL_ALG_HKDF */ #endif /* PSA_WANT_ALG_HKDF */ @@ -509,7 +508,6 @@ * The PSA implementation has its own implementation of HKDF, separate from * hkdf.c. No need to enable MBEDTLS_HKDF_C here. */ -#define MBEDTLS_PSA_BUILTIN_ALG_HMAC 1 #define MBEDTLS_PSA_BUILTIN_ALG_HKDF_EXTRACT 1 #endif /* !MBEDTLS_PSA_ACCEL_ALG_HKDF_EXTRACT */ #endif /* PSA_WANT_ALG_HKDF_EXTRACT */ @@ -520,7 +518,6 @@ * The PSA implementation has its own implementation of HKDF, separate from * hkdf.c. No need to enable MBEDTLS_HKDF_C here. */ -#define MBEDTLS_PSA_BUILTIN_ALG_HMAC 1 #define MBEDTLS_PSA_BUILTIN_ALG_HKDF_EXPAND 1 #endif /* !MBEDTLS_PSA_ACCEL_ALG_HKDF_EXPAND */ #endif /* PSA_WANT_ALG_HKDF_EXPAND */ @@ -630,9 +627,6 @@ #if !defined(MBEDTLS_PSA_ACCEL_ALG_PBKDF2_HMAC) #define MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_HMAC 1 #define PSA_HAVE_SOFT_PBKDF2_HMAC 1 -#if !defined(MBEDTLS_PSA_ACCEL_ALG_HMAC) -#define MBEDTLS_PSA_BUILTIN_ALG_HMAC 1 -#endif /* !MBEDTLS_PSA_ACCEL_ALG_HMAC */ #endif /* !MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_HMAC */ #endif /* PSA_WANT_ALG_PBKDF2_HMAC */ diff --git a/include/psa/crypto_adjust_config_dependencies.h b/include/psa/crypto_adjust_config_dependencies.h index ffca8ca373..ac6344d891 100644 --- a/include/psa/crypto_adjust_config_dependencies.h +++ b/include/psa/crypto_adjust_config_dependencies.h @@ -14,12 +14,18 @@ #ifndef PSA_CRYPTO_ADJUST_CONFIG_DEPENDENCIES_H #define PSA_CRYPTO_ADJUST_CONFIG_DEPENDENCIES_H -#if defined(PSA_WANT_ALG_TLS12_PRF) || \ - defined(PSA_WANT_ALG_TLS12_PSK_TO_MS) || \ - defined(PSA_WANT_ALG_HKDF) || \ - defined(PSA_WANT_ALG_HKDF_EXTRACT) || \ - defined(PSA_WANT_ALG_HKDF_EXPAND) || \ - defined(PSA_WANT_ALG_PBKDF2_HMAC) +#if (defined(PSA_WANT_ALG_TLS12_PRF) && \ + !defined(MBEDTLS_PSA_ACCEL_ALG_TLS12_PRF)) || \ + (defined(PSA_WANT_ALG_TLS12_PSK_TO_MS) && \ + !defined(MBEDTLS_PSA_ACCEL_ALG_TLS12_PSK_TO_MS)) || \ + (defined(PSA_WANT_ALG_HKDF) && \ + !defined(MBEDTLS_PSA_ACCEL_ALG_HKDF)) || \ + (defined(PSA_WANT_ALG_HKDF_EXTRACT) && \ + !defined(MBEDTLS_PSA_ACCEL_ALG_HKDF_EXTRACT)) || \ + (defined(PSA_WANT_ALG_HKDF_EXPAND) && \ + !defined(MBEDTLS_PSA_ACCEL_ALG_HKDF_EXPAND)) || \ + (defined(PSA_WANT_ALG_PBKDF2_HMAC) && \ + !defined(MBEDTLS_PSA_ACCEL_ALG_PBKDF2_HMAC)) #define PSA_WANT_ALG_HMAC 1 #define PSA_WANT_KEY_TYPE_HMAC 1 #endif From c4c8bdf32e60a3592b17d6da013e9d779bbc3bff Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Fri, 17 May 2024 13:11:24 +0200 Subject: [PATCH 245/429] Fix PBKDF2_AES_CMAC_PRF_128 dependencies Signed-off-by: Ronald Cron --- include/psa/crypto_adjust_config_dependencies.h | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/include/psa/crypto_adjust_config_dependencies.h b/include/psa/crypto_adjust_config_dependencies.h index ac6344d891..aeedf681b6 100644 --- a/include/psa/crypto_adjust_config_dependencies.h +++ b/include/psa/crypto_adjust_config_dependencies.h @@ -30,7 +30,8 @@ #define PSA_WANT_KEY_TYPE_HMAC 1 #endif -#if defined(PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128) +#if (defined(PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128) && \ + !defined(MBEDTLS_PSA_ACCEL_ALG_PBKDF2_AES_CMAC_PRF_128)) #define PSA_WANT_KEY_TYPE_AES 1 #define PSA_WANT_ALG_CMAC 1 #endif From b48c8704e61e04ba8dc93cc1cb22f9a6e71119ad Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Fri, 17 May 2024 13:18:52 +0200 Subject: [PATCH 246/429] Fix crypto_adjust_config_dependencies.h documentation Signed-off-by: Ronald Cron --- include/psa/crypto_adjust_config_dependencies.h | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/include/psa/crypto_adjust_config_dependencies.h b/include/psa/crypto_adjust_config_dependencies.h index aeedf681b6..5a22205bf3 100644 --- a/include/psa/crypto_adjust_config_dependencies.h +++ b/include/psa/crypto_adjust_config_dependencies.h @@ -2,9 +2,13 @@ * \file psa/crypto_adjust_config_dependencies.h * \brief Adjust PSA configuration by resolving some dependencies. * + * This is an internal header. Do not include it directly. + * * See docs/proposed/psa-conditional-inclusion-c.md. - * If a cryptographic mechanism A depends on a cryptographic mechanism B and - * A is enabled then enable B. + * If the Mbed TLS implementation of a cryptographic mechanism A depends on a + * cryptographic mechanism B then if the cryptographic mechanism A is enabled + * and not accelerated enable B. Note that if A is enabled and accelerated, it + * is not necessary to enable B for A support. */ /* * Copyright The Mbed TLS Contributors From ca6b1e9df3596bbc88291582c65ccf382b0498f0 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Fri, 17 May 2024 13:25:12 +0200 Subject: [PATCH 247/429] Adjust crypto-config-thread.h Signed-off-by: Ronald Cron --- configs/crypto-config-thread.h | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/configs/crypto-config-thread.h b/configs/crypto-config-thread.h index 4ba8b5eb43..3c5fe247c3 100644 --- a/configs/crypto-config-thread.h +++ b/configs/crypto-config-thread.h @@ -16,6 +16,8 @@ * - no RSA or classic DH, fully based on ECC * - no X.509 * - support for experimental EC J-PAKE key exchange + * - support for PBKDF2-AES-CMAC-PRF-128 password-hashing or key-stretching + * algorithm. * * To be used in conjunction with configs/config-thread.h. * See README.txt for usage instructions. @@ -25,10 +27,10 @@ #define PSA_CRYPTO_CONFIG_H #define PSA_WANT_ALG_CCM 1 -#define PSA_WANT_ALG_CMAC 1 #define PSA_WANT_ALG_ECB_NO_PADDING 1 #define PSA_WANT_ALG_HMAC 1 #define PSA_WANT_ALG_JPAKE 1 +#define PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128 1 #define PSA_WANT_ALG_SHA_256 1 #define PSA_WANT_ALG_TLS12_PRF 1 #define PSA_WANT_ALG_TLS12_ECJPAKE_TO_PMS 1 @@ -41,4 +43,5 @@ #define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC 1 #define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT 1 #define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE 1 + #endif /* PSA_CRYPTO_CONFIG_H */ From b30cd3bb8f57e0c478a6dc14d4785fa08541a61d Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Fri, 17 May 2024 14:11:31 +0200 Subject: [PATCH 248/429] Improve test-ref-configs.pl Signed-off-by: Ronald Cron --- tests/scripts/test-ref-configs.pl | 13 +++---------- 1 file changed, 3 insertions(+), 10 deletions(-) diff --git a/tests/scripts/test-ref-configs.pl b/tests/scripts/test-ref-configs.pl index edd778a11d..5557de3276 100755 --- a/tests/scripts/test-ref-configs.pl +++ b/tests/scripts/test-ref-configs.pl @@ -142,16 +142,9 @@ sub perform_test { } foreach my $conf ( @configs_to_test ) { - my $test_with_psa = 0; - - open(CONFIG_FILE, "<", "configs/$conf") or die "Opening config file '$conf': $!"; - while (my $line = ) { - if ($line =~ /^\/\/#define MBEDTLS_USE_PSA_CRYPTO/) { - $test_with_psa = 1; - last; - } - } - close(CONFIG_FILE); + system("grep '//#define MBEDTLS_USE_PSA_CRYPTO' configs/$conf > /dev/null"); + die "grep ... configs/$conf: $!" if $? != 0 && $? != 0x100; + my $test_with_psa = $? == 0; if ( $test_with_psa ) { From 8f83ba08e22516bfe0dd171e9737668d283ad68c Mon Sep 17 00:00:00 2001 From: Thomas Daubney Date: Fri, 17 May 2024 14:44:15 +0100 Subject: [PATCH 249/429] Change the way CBC is set Signed-off-by: Thomas Daubney --- tests/scripts/all.sh | 8 -------- 1 file changed, 8 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index a68f598697..413dfe0fb1 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -1921,11 +1921,7 @@ component_test_tls1_2_default_cbc_legacy_cipher_only () { #Disable TLS 1.3 (as no AEAD) scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3 # Enable CBC-legacy (controlled by MBEDTLS_CIPHER_MODE_CBC plus at least one block cipher (AES, ARIA, Camellia, DES)) - # Note: The set below is to be removed for 4.0 - scripts/config.py set MBEDTLS_CIPHER_MODE_CBC - # Note: When implemented, PSA_WANT_ALG_CBC_MAC will also need to be set here to fully enable CBC scripts/config.py -f $CRYPTO_CONFIG_H set PSA_WANT_ALG_CBC_NO_PADDING - scripts/config.py -f $CRYPTO_CONFIG_H set PSA_WANT_ALG_CBC_PKCS7 # Disable CBC-EtM (controlled by the same as CBC-legacy plus MBEDTLS_SSL_ENCRYPT_THEN_MAC) scripts/config.py unset MBEDTLS_SSL_ENCRYPT_THEN_MAC # Disable stream (currently that's just the NULL pseudo-cipher (controlled by MBEDTLS_CIPHER_NULL_CIPHER)) @@ -1959,11 +1955,7 @@ component_test_tls1_2_default_cbc_legacy_cbc_etm_cipher_only () { #Disable TLS 1.3 (as no AEAD) scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3 # Enable CBC-legacy (controlled by MBEDTLS_CIPHER_MODE_CBC plus at least one block cipher (AES, ARIA, Camellia, DES)) - # Note: The set below is to be removed for 4.0 - scripts/config.py set MBEDTLS_CIPHER_MODE_CBC - # Note: When implemented, PSA_WANT_ALG_CBC_MAC will also need to be set here to fully enable CBC scripts/config.py -f $CRYPTO_CONFIG_H set PSA_WANT_ALG_CBC_NO_PADDING - scripts/config.py -f $CRYPTO_CONFIG_H set PSA_WANT_ALG_CBC_PKCS7 # Enable CBC-EtM (controlled by the same as CBC-legacy plus MBEDTLS_SSL_ENCRYPT_THEN_MAC) scripts/config.py set MBEDTLS_SSL_ENCRYPT_THEN_MAC # Disable stream (currently that's just the NULL pseudo-cipher (controlled by MBEDTLS_CIPHER_NULL_CIPHER)) From a8004f27b7f7536b6a7008140e7a0b49b372ea71 Mon Sep 17 00:00:00 2001 From: Thomas Daubney Date: Fri, 17 May 2024 14:46:07 +0100 Subject: [PATCH 250/429] Add additional CCM unset Signed-off-by: Thomas Daubney --- tests/scripts/all.sh | 3 +++ 1 file changed, 3 insertions(+) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 413dfe0fb1..03303e0e07 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -1875,6 +1875,7 @@ component_test_tls1_2_default_stream_cipher_only () { scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG # Disable AEAD (controlled by the presence of one of GCM_C, CCM_C, CHACHAPOLY_C) scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CCM + scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CCM_STAR_NO_TAG scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_GCM scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CHACHA20_POLY1305 # Note: The three unsets below are to be removed for Mbed TLS 4.0 @@ -1912,6 +1913,7 @@ component_test_tls1_2_default_cbc_legacy_cipher_only () { scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG # Disable AEAD (controlled by the presence of one of GCM_C, CCM_C, CHACHAPOLY_C) scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CCM + scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CCM_STAR_NO_TAG scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_GCM scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CHACHA20_POLY1305 # Note: The three unsets below are to be removed for Mbed TLS 4.0 @@ -1946,6 +1948,7 @@ component_test_tls1_2_default_cbc_legacy_cbc_etm_cipher_only () { scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG # Disable AEAD (controlled by the presence of one of GCM_C, CCM_C, CHACHAPOLY_C) scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CCM + scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CCM_STAR_NO_TAG scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_GCM scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CHACHA20_POLY1305 # Note: The three unsets below are to be removed for Mbed TLS 4.0 From 27098b458b5cb124d33849e676b8ef5ca0a81d2c Mon Sep 17 00:00:00 2001 From: Turiiya <34311583+ttytm@users.noreply.github.com> Date: Sat, 18 May 2024 18:04:58 +0200 Subject: [PATCH 251/429] fix typo Signed-off-by: Turiiya <34311583+ttytm@users.noreply.github.com> --- scripts/generate_ssl_debug_helpers.py | 2 +- tests/suites/test_suite_psa_crypto_pake.data | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/scripts/generate_ssl_debug_helpers.py b/scripts/generate_ssl_debug_helpers.py index a0544f1537..043cef1880 100755 --- a/scripts/generate_ssl_debug_helpers.py +++ b/scripts/generate_ssl_debug_helpers.py @@ -328,7 +328,7 @@ class NamedGroupDefinition: {translation_table} }}; - return "UNKOWN"; + return "UNKNOWN"; }}''') body = body.format(translation_table='\n'.join(translation_table)) return body diff --git a/tests/suites/test_suite_psa_crypto_pake.data b/tests/suites/test_suite_psa_crypto_pake.data index 49e97a9ab2..f81bb53203 100644 --- a/tests/suites/test_suite_psa_crypto_pake.data +++ b/tests/suites/test_suite_psa_crypto_pake.data @@ -74,7 +74,7 @@ PSA PAKE: invalid input depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:"client":"server":1:ERR_INJECT_EMPTY_IO_BUFFER:PSA_ERROR_INVALID_ARGUMENT -PSA PAKE: unkown input step +PSA PAKE: unknown input step depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:"client":"server":1:ERR_INJECT_UNKNOWN_STEP:PSA_ERROR_INVALID_ARGUMENT @@ -94,7 +94,7 @@ PSA PAKE: invalid output depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:"client":"server":0:ERR_INJECT_EMPTY_IO_BUFFER:PSA_ERROR_INVALID_ARGUMENT -PSA PAKE: unkown output step +PSA PAKE: unknown output step depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:"client":"server":0:ERR_INJECT_UNKNOWN_STEP:PSA_ERROR_INVALID_ARGUMENT From 78ae4f6fe15fa59eb67c8644fac4a14dbc240f3c Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 21 May 2024 20:26:18 +0200 Subject: [PATCH 252/429] Generate test data before coverage analysis Fixes #8300. Signed-off-by: Gilles Peskine --- tests/scripts/analyze_outcomes.py | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/tests/scripts/analyze_outcomes.py b/tests/scripts/analyze_outcomes.py index 5193a3bd06..9c13d8c040 100755 --- a/tests/scripts/analyze_outcomes.py +++ b/tests/scripts/analyze_outcomes.py @@ -85,6 +85,15 @@ def execute_reference_driver_tests(results: Results, ref_component: str, driver_ def analyze_coverage(results: Results, outcomes: Outcomes, allow_list: typing.List[str], full_coverage: bool) -> None: """Check that all available test cases are executed at least once.""" + # Make sure that the generated data files are present (and up-to-date). + # This allows analyze_outcomes.py to run correctly on a fresh Git + # checkout. + cp = subprocess.run(['make', 'generated_files'], + cwd='tests', + stdout=subprocess.PIPE, stderr=subprocess.STDOUT) + if cp.returncode != 0: + sys.stderr.write(cp.stdout.decode('utf-8')) + results.error("Failed \"make generated_files\" in tests. Coverage analysis may be incorrect.") available = check_test_cases.collect_available_test_cases() for suite_case in available: hit = any(suite_case in comp_outcomes.successes or From 2ad2f3207ef44d1427b0733de560350731aee3f4 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 22 May 2024 09:35:11 +0200 Subject: [PATCH 253/429] Pacify pylint Signed-off-by: Gilles Peskine --- tests/scripts/analyze_outcomes.py | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/tests/scripts/analyze_outcomes.py b/tests/scripts/analyze_outcomes.py index 9c13d8c040..eb2469495e 100755 --- a/tests/scripts/analyze_outcomes.py +++ b/tests/scripts/analyze_outcomes.py @@ -90,10 +90,12 @@ def analyze_coverage(results: Results, outcomes: Outcomes, # checkout. cp = subprocess.run(['make', 'generated_files'], cwd='tests', - stdout=subprocess.PIPE, stderr=subprocess.STDOUT) + stdout=subprocess.PIPE, stderr=subprocess.STDOUT, + check=False) if cp.returncode != 0: sys.stderr.write(cp.stdout.decode('utf-8')) - results.error("Failed \"make generated_files\" in tests. Coverage analysis may be incorrect.") + results.error("Failed \"make generated_files\" in tests. " + "Coverage analysis may be incorrect.") available = check_test_cases.collect_available_test_cases() for suite_case in available: hit = any(suite_case in comp_outcomes.successes or From 39c5207d79c640a7ee1d75af59ab57890b46172c Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 17 May 2024 11:55:15 +0200 Subject: [PATCH 254/429] ssl-opt.sh, compat.sh: Error out if not executing any tests Alert if all tests are filtered out or skipped: that probably indicates a test script that set up an unintended configuration or an overly strict filter. You can pass `--min 0` to bypass this check. You can pass `--min` with a larger value to require that many test cases to run. Signed-off-by: Gilles Peskine --- tests/compat.sh | 15 +++++++++++++++ tests/ssl-opt.sh | 14 ++++++++++++++ 2 files changed, 29 insertions(+) diff --git a/tests/compat.sh b/tests/compat.sh index 20f2dbda61..073258ed1b 100755 --- a/tests/compat.sh +++ b/tests/compat.sh @@ -96,6 +96,7 @@ FILTER="" EXCLUDE='NULL\|ARIA\|CHACHA20_POLY1305' VERBOSE="" MEMCHECK=0 +MIN_TESTS=1 PRESERVE_LOGS=0 PEERS="OpenSSL$PEER_GNUTLS mbedTLS" @@ -116,6 +117,7 @@ print_usage() { printf " -M|--memcheck\tCheck memory leaks and errors.\n" printf " -v|--verbose\tSet verbose output.\n" printf " --list-test-cases\tList all potential test cases (No Execution)\n" + printf " --min \tMinimum number of non-skipped tests (default 1)\n" printf " --outcome-file\tFile where test outcomes are written\n" printf " \t(default: \$MBEDTLS_TEST_OUTCOME_FILE, none if empty)\n" printf " --preserve-logs\tPreserve logs of successful tests as well\n" @@ -190,6 +192,9 @@ get_options() { list_test_cases exit $? ;; + --min) + shift; MIN_TESTS=$1 + ;; --outcome-file) shift; MBEDTLS_TEST_OUTCOME_FILE=$1 ;; @@ -1238,6 +1243,16 @@ fi PASSED=$(( $TESTS - $FAILED )) echo " ($PASSED / $TESTS tests ($SKIPPED skipped$MEMREPORT))" +if [ $((TESTS - SKIPPED)) -lt $MIN_TESTS ]; then + cat < Date: Fri, 24 May 2024 14:37:05 +0200 Subject: [PATCH 255/429] adjust_legacy_crypto: enable CIPHER_C when PSA CMAC is builtin psa_crypto_mac.c uses mbedtls_cipher_xxx() functions to perform CMAC operations. Therefore we need to enable CIPHER_C when PSA CMAC is builtin. Signed-off-by: Valerio Setti --- include/mbedtls/config_adjust_legacy_crypto.h | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/include/mbedtls/config_adjust_legacy_crypto.h b/include/mbedtls/config_adjust_legacy_crypto.h index e477c0796a..ce15a2c340 100644 --- a/include/mbedtls/config_adjust_legacy_crypto.h +++ b/include/mbedtls/config_adjust_legacy_crypto.h @@ -48,7 +48,8 @@ defined(MBEDTLS_PSA_BUILTIN_ALG_ECB_NO_PADDING) || \ defined(MBEDTLS_PSA_BUILTIN_ALG_CBC_NO_PADDING) || \ defined(MBEDTLS_PSA_BUILTIN_ALG_CBC_PKCS7) || \ - defined(MBEDTLS_PSA_BUILTIN_ALG_CCM_STAR_NO_TAG)) + defined(MBEDTLS_PSA_BUILTIN_ALG_CCM_STAR_NO_TAG) || \ + defined(MBEDTLS_PSA_BUILTIN_ALG_CMAC)) #define MBEDTLS_CIPHER_C #endif From a7ec5c888c098575ba5b36e767ad8788d3e0ae2b Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Mon, 27 May 2024 17:48:53 +0200 Subject: [PATCH 256/429] Update framework submodule to the merge of #15 Signed-off-by: Ronald Cron --- framework | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/framework b/framework index 7c58bc6c3f..e156a8eb8e 160000 --- a/framework +++ b/framework @@ -1 +1 @@ -Subproject commit 7c58bc6c3f1d8dc29883f0d993be3d3ad80c53c3 +Subproject commit e156a8eb8e6db88cdf0a3041fc7f645131eab16d From b7e5f31e2a7459de34fbd6c3550b1ad10d8d679f Mon Sep 17 00:00:00 2001 From: Tom Cosgrove Date: Mon, 27 May 2024 10:08:34 +0300 Subject: [PATCH 257/429] Replace final sprintf() with snprintf() in psa_ff_server.c Signed-off-by: Tom Cosgrove --- tests/psa-client-server/psasim/src/psa_ff_server.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/psa-client-server/psasim/src/psa_ff_server.c b/tests/psa-client-server/psasim/src/psa_ff_server.c index ea797d8ced..7c72ee7022 100644 --- a/tests/psa-client-server/psasim/src/psa_ff_server.c +++ b/tests/psa-client-server/psasim/src/psa_ff_server.c @@ -638,7 +638,7 @@ void __init_psasim(const char **array, if (strncmp(array[i], "", 1) != 0) { INFO("Setting up %s", array[i]); memset(queue_path, 0, sizeof(queue_path)); - sprintf(queue_path, "%s%s", TMP_FILE_BASE_PATH, array[i]); + snprintf(queue_path, sizeof(queue_path), "%s%s", TMP_FILE_BASE_PATH, array[i]); /* Create file if doesn't exist */ fp = fopen(queue_path, "ab+"); From 0a57a253cc9d3551bfd6300954cb1340f79a2911 Mon Sep 17 00:00:00 2001 From: Tom Cosgrove Date: Mon, 27 May 2024 19:29:16 +0300 Subject: [PATCH 258/429] Fix psa_ff_server.c to calculate the amount of data from client correctly Signed-off-by: Tom Cosgrove --- tests/psa-client-server/psasim/src/psa_ff_server.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/tests/psa-client-server/psasim/src/psa_ff_server.c b/tests/psa-client-server/psasim/src/psa_ff_server.c index 7c72ee7022..9a457f469e 100644 --- a/tests/psa-client-server/psasim/src/psa_ff_server.c +++ b/tests/psa-client-server/psasim/src/psa_ff_server.c @@ -8,6 +8,7 @@ #include #include #include +#include #include #include #include @@ -426,7 +427,7 @@ size_t psa_read(psa_handle_t msg_handle, uint32_t invec_idx, assert(idx >= 0); len = msgrcv(connections[idx].client_to_server_q, &msg, sizeof(struct message_text), 0, 0); - len = (len - sizeof(msg.message_text.qid)); + len = (len - offsetof(struct message_text, buf)); if (len < 0) { FATAL("Internal error: failed to dispatch read request to the client"); From bdc4c2d750f21a581bab9a10b92d1f2db3946748 Mon Sep 17 00:00:00 2001 From: Tom Cosgrove Date: Mon, 27 May 2024 23:55:43 +0300 Subject: [PATCH 259/429] Fix PSA sim test awk script by removing extra $ Signed-off-by: Tom Cosgrove --- tests/psa-client-server/psasim/test/run_test.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/psa-client-server/psasim/test/run_test.sh b/tests/psa-client-server/psasim/test/run_test.sh index 6a5605ff5a..06bcc93a82 100755 --- a/tests/psa-client-server/psasim/test/run_test.sh +++ b/tests/psa-client-server/psasim/test/run_test.sh @@ -17,7 +17,7 @@ function clean_run() { rm -f psa_notify_* pkill psa_partition || true pkill psa_client || true - ipcs | grep q | awk '{ printf " -q " $$2 }' | xargs ipcrm > /dev/null 2>&1 || true + ipcs | grep q | awk '{ printf " -q " $2 }' | xargs ipcrm > /dev/null 2>&1 || true } # The server creates some local files when it starts up so we can wait for this From f69445ccaf4ad4fb1ce31945878074d8f3def4bc Mon Sep 17 00:00:00 2001 From: Tom Cosgrove Date: Tue, 28 May 2024 14:01:04 +0300 Subject: [PATCH 260/429] Fix sending a response of more than 184 bytes in psa_ff_server.c:psa_write() Signed-off-by: Tom Cosgrove --- tests/psa-client-server/psasim/src/psa_ff_server.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/tests/psa-client-server/psasim/src/psa_ff_server.c b/tests/psa-client-server/psasim/src/psa_ff_server.c index 9a457f469e..75a8af5e74 100644 --- a/tests/psa-client-server/psasim/src/psa_ff_server.c +++ b/tests/psa-client-server/psasim/src/psa_ff_server.c @@ -479,9 +479,9 @@ void psa_write(psa_handle_t msg_handle, uint32_t outvec_idx, sending = MAX_FRAGMENT_SIZE - (sizeof(size_t) * 2); } - INFO("Server: sending %lu bytes to client", sending); + INFO("Server: sending %lu bytes to client, sofar = %lu", sending, (long)sofar); - send_msg(msg_handle, WRITE_REQUEST, outvec_idx, sending, buffer, sending); + send_msg(msg_handle, WRITE_REQUEST, outvec_idx, sending, buffer + sofar, sending); idx = find_connection(message_client[msg_handle]); assert(idx >= 0); @@ -490,7 +490,7 @@ void psa_write(psa_handle_t msg_handle, uint32_t outvec_idx, if (len < 1) { FATAL("Client didn't give me a full response"); } - sofar = sofar + len; + sofar = sofar + sending; } /* Update the seek count */ From 9919543f5c824d08983d60e9d3fd6d39493a90cc Mon Sep 17 00:00:00 2001 From: Tom Cosgrove Date: Tue, 28 May 2024 14:07:10 +0300 Subject: [PATCH 261/429] Only print PSA crypto sim server messages when DEBUG defined Signed-off-by: Tom Cosgrove --- tests/psa-client-server/psasim/src/server.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/tests/psa-client-server/psasim/src/server.c b/tests/psa-client-server/psasim/src/server.c index 630bd7392c..21b65c709e 100644 --- a/tests/psa-client-server/psasim/src/server.c +++ b/tests/psa-client-server/psasim/src/server.c @@ -19,8 +19,12 @@ #include "mbedtls/version.h" #include "psa/crypto.h" +#ifdef DEBUG #define SERVER_PRINT(fmt, ...) \ PRINT("Server: " fmt, ##__VA_ARGS__) +#else +#define SERVER_PRINT(...) +#endif #define BUF_SIZE 25 From 38f6c8672418a0896a53d05560ee0dbfcef63a41 Mon Sep 17 00:00:00 2001 From: Tom Cosgrove Date: Tue, 28 May 2024 14:15:16 +0300 Subject: [PATCH 262/429] Remove unnecessary blank lines at top of functions in psa_ff_server.c Signed-off-by: Tom Cosgrove --- tests/psa-client-server/psasim/src/psa_ff_server.c | 4 ---- 1 file changed, 4 deletions(-) diff --git a/tests/psa-client-server/psasim/src/psa_ff_server.c b/tests/psa-client-server/psasim/src/psa_ff_server.c index 75a8af5e74..16e6058f3b 100644 --- a/tests/psa-client-server/psasim/src/psa_ff_server.c +++ b/tests/psa-client-server/psasim/src/psa_ff_server.c @@ -455,7 +455,6 @@ size_t psa_read(psa_handle_t msg_handle, uint32_t invec_idx, void psa_write(psa_handle_t msg_handle, uint32_t outvec_idx, const void *buffer, size_t num_bytes) { - size_t sofar = 0; struct message msg = { 0 }; int idx; @@ -499,7 +498,6 @@ void psa_write(psa_handle_t msg_handle, uint32_t outvec_idx, size_t psa_skip(psa_handle_t msg_handle, uint32_t invec_idx, size_t num_bytes) { - is_valid_msg_handle(msg_handle); is_call_msg(msg_handle); @@ -512,7 +510,6 @@ size_t psa_skip(psa_handle_t msg_handle, uint32_t invec_idx, size_t num_bytes) static void destroy_temporary_queue(int myqid) { - if (msgctl(myqid, IPC_RMID, NULL) != 0) { INFO("ERROR: Failed to delete msg queue %d", myqid); } @@ -614,7 +611,6 @@ void __init_psasim(const char **array, const uint32_t versions[32], const int strict_policy_array[32]) { - static uint8_t library_initialised = 0; key_t key; int qid; From 680bee45ca18a8607f7ca8dd8d7a523c64479261 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Tue, 28 May 2024 18:33:42 +0200 Subject: [PATCH 263/429] Update framework submodule to the merge of PR #15 Signed-off-by: Ronald Cron --- framework | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/framework b/framework index a627342536..e156a8eb8e 160000 --- a/framework +++ b/framework @@ -1 +1 @@ -Subproject commit a627342536a9a9b7da1ff651821be264d86fff51 +Subproject commit e156a8eb8e6db88cdf0a3041fc7f645131eab16d From 975e74cb1ff74a0b7ecca301c3b8f6bd7d49f491 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 26 Apr 2024 14:18:10 +0200 Subject: [PATCH 264/429] Document check-config.h and *adjust*.h as internal headers Including *adjust*.h directly is likely to cause them to be applied at the wrong time, resulting in an invalid or unintended configuration. Including check_config.h at the wrong time is likely to cause spurious errors. Signed-off-by: Gilles Peskine --- include/mbedtls/check_config.h | 7 +++++++ include/mbedtls/config_adjust_legacy_crypto.h | 2 ++ include/mbedtls/config_adjust_legacy_from_psa.h | 2 ++ include/mbedtls/config_adjust_psa_from_legacy.h | 2 ++ include/mbedtls/config_adjust_psa_superset_legacy.h | 2 ++ include/mbedtls/config_adjust_ssl.h | 2 ++ include/mbedtls/config_adjust_x509.h | 2 ++ include/psa/crypto_adjust_auto_enabled.h | 2 ++ include/psa/crypto_adjust_config_key_pair_types.h | 2 ++ include/psa/crypto_adjust_config_synonyms.h | 2 ++ 10 files changed, 25 insertions(+) diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h index b3c038dd2e..9c33faeb9a 100644 --- a/include/mbedtls/check_config.h +++ b/include/mbedtls/check_config.h @@ -2,6 +2,13 @@ * \file check_config.h * * \brief Consistency checks for configuration options + * + * This is an internal header. Do not include it directly. + * + * This header is included automatically by all public Mbed TLS headers + * (via mbedtls/build_info.h). Do not include it directly in a configuration + * file such as mbedtls/mbedtls_config.h or #MBEDTLS_USER_CONFIG_FILE! + * It would run at the wrong time due to missing derived symbols. */ /* * Copyright The Mbed TLS Contributors diff --git a/include/mbedtls/config_adjust_legacy_crypto.h b/include/mbedtls/config_adjust_legacy_crypto.h index e477c0796a..a24616a5a0 100644 --- a/include/mbedtls/config_adjust_legacy_crypto.h +++ b/include/mbedtls/config_adjust_legacy_crypto.h @@ -2,6 +2,8 @@ * \file mbedtls/config_adjust_legacy_crypto.h * \brief Adjust legacy configuration configuration * + * This is an internal header. Do not include it directly. + * * Automatically enable certain dependencies. Generally, MBEDLTS_xxx * configurations need to be explicitly enabled by the user: enabling * MBEDTLS_xxx_A but not MBEDTLS_xxx_B when A requires B results in a diff --git a/include/mbedtls/config_adjust_legacy_from_psa.h b/include/mbedtls/config_adjust_legacy_from_psa.h index 0e4759de74..f5334f1574 100644 --- a/include/mbedtls/config_adjust_legacy_from_psa.h +++ b/include/mbedtls/config_adjust_legacy_from_psa.h @@ -2,6 +2,8 @@ * \file mbedtls/config_adjust_legacy_from_psa.h * \brief Adjust PSA configuration: activate legacy implementations * + * This is an internal header. Do not include it directly. + * * When MBEDTLS_PSA_CRYPTO_CONFIG is enabled, activate legacy implementations * of cryptographic mechanisms as needed to fulfill the needs of the PSA * configuration. Generally speaking, we activate a legacy mechanism if diff --git a/include/mbedtls/config_adjust_psa_from_legacy.h b/include/mbedtls/config_adjust_psa_from_legacy.h index 3456615943..7c3a2d2359 100644 --- a/include/mbedtls/config_adjust_psa_from_legacy.h +++ b/include/mbedtls/config_adjust_psa_from_legacy.h @@ -2,6 +2,8 @@ * \file mbedtls/config_adjust_psa_from_legacy.h * \brief Adjust PSA configuration: construct PSA configuration from legacy * + * This is an internal header. Do not include it directly. + * * When MBEDTLS_PSA_CRYPTO_CONFIG is disabled, we automatically enable * cryptographic mechanisms through the PSA interface when the corresponding * legacy mechanism is enabled. In many cases, this just enables the PSA diff --git a/include/mbedtls/config_adjust_psa_superset_legacy.h b/include/mbedtls/config_adjust_psa_superset_legacy.h index 3a55c3f6e1..6ccb91becd 100644 --- a/include/mbedtls/config_adjust_psa_superset_legacy.h +++ b/include/mbedtls/config_adjust_psa_superset_legacy.h @@ -2,6 +2,8 @@ * \file mbedtls/config_adjust_psa_superset_legacy.h * \brief Adjust PSA configuration: automatic enablement from legacy * + * This is an internal header. Do not include it directly. + * * To simplify some edge cases, we automatically enable certain cryptographic * mechanisms in the PSA API if they are enabled in the legacy API. The general * idea is that if legacy module M uses mechanism A internally, and A has diff --git a/include/mbedtls/config_adjust_ssl.h b/include/mbedtls/config_adjust_ssl.h index 39c7b3b117..4d8dc9dfac 100644 --- a/include/mbedtls/config_adjust_ssl.h +++ b/include/mbedtls/config_adjust_ssl.h @@ -2,6 +2,8 @@ * \file mbedtls/config_adjust_ssl.h * \brief Adjust TLS configuration * + * This is an internal header. Do not include it directly. + * * Automatically enable certain dependencies. Generally, MBEDLTS_xxx * configurations need to be explicitly enabled by the user: enabling * MBEDTLS_xxx_A but not MBEDTLS_xxx_B when A requires B results in a diff --git a/include/mbedtls/config_adjust_x509.h b/include/mbedtls/config_adjust_x509.h index 346c8ae6d5..d12f4d82bc 100644 --- a/include/mbedtls/config_adjust_x509.h +++ b/include/mbedtls/config_adjust_x509.h @@ -2,6 +2,8 @@ * \file mbedtls/config_adjust_x509.h * \brief Adjust X.509 configuration * + * This is an internal header. Do not include it directly. + * * Automatically enable certain dependencies. Generally, MBEDLTS_xxx * configurations need to be explicitly enabled by the user: enabling * MBEDTLS_xxx_A but not MBEDTLS_xxx_B when A requires B results in a diff --git a/include/psa/crypto_adjust_auto_enabled.h b/include/psa/crypto_adjust_auto_enabled.h index 63fb29e85b..e2618d15dc 100644 --- a/include/psa/crypto_adjust_auto_enabled.h +++ b/include/psa/crypto_adjust_auto_enabled.h @@ -2,6 +2,8 @@ * \file psa/crypto_adjust_auto_enabled.h * \brief Adjust PSA configuration: enable always-on features * + * This is an internal header. Do not include it directly. + * * Always enable certain features which require a negligible amount of code * to implement, to avoid some edge cases in the configuration combinatorics. */ diff --git a/include/psa/crypto_adjust_config_key_pair_types.h b/include/psa/crypto_adjust_config_key_pair_types.h index 63afc0e402..8308ac759e 100644 --- a/include/psa/crypto_adjust_config_key_pair_types.h +++ b/include/psa/crypto_adjust_config_key_pair_types.h @@ -2,6 +2,8 @@ * \file psa/crypto_adjust_config_key_pair_types.h * \brief Adjust PSA configuration for key pair types. * + * This is an internal header. Do not include it directly. + * * See docs/proposed/psa-conditional-inclusion-c.md. * - Support non-basic operations in a keypair type implicitly enables basic * support for that keypair type. diff --git a/include/psa/crypto_adjust_config_synonyms.h b/include/psa/crypto_adjust_config_synonyms.h index 332b622c9b..ad71050ef2 100644 --- a/include/psa/crypto_adjust_config_synonyms.h +++ b/include/psa/crypto_adjust_config_synonyms.h @@ -2,6 +2,8 @@ * \file psa/crypto_adjust_config_synonyms.h * \brief Adjust PSA configuration: enable quasi-synonyms * + * This is an internal header. Do not include it directly. + * * When two features require almost the same code, we automatically enable * both when either one is requested, to reduce the combinatorics of * possible configurations. From fef877f51f562acd23ed46c1cb70b783c13432f3 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 26 Apr 2024 14:25:22 +0200 Subject: [PATCH 265/429] Belated changelog entry for not including check_config.h Signed-off-by: Gilles Peskine --- ChangeLog.d/check-config.txt | 6 ++++++ 1 file changed, 6 insertions(+) create mode 100644 ChangeLog.d/check-config.txt diff --git a/ChangeLog.d/check-config.txt b/ChangeLog.d/check-config.txt new file mode 100644 index 0000000000..86723e0907 --- /dev/null +++ b/ChangeLog.d/check-config.txt @@ -0,0 +1,6 @@ +Changes + * Explicitly state that mbedtls/check_config.h must not be included manually. + When migrating from Mbed TLS 2.x, if you had a custom config.h that + included check_config.h, remove this inclusion from the Mbed TLS 3.x + configuration file (renamed to mbedtls_config.h). This change was made + in Mbed TLS 3.0, but was not announced in a changelog entry at the time. From d33eb55cce2f6f8110f6e23fe6fb31e23e67fa2f Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 16 May 2024 14:44:15 +0200 Subject: [PATCH 266/429] Macros to indicate the finalization level of the configuration Signed-off-by: Gilles Peskine --- include/mbedtls/build_info.h | 18 ++++++++++++++++-- 1 file changed, 16 insertions(+), 2 deletions(-) diff --git a/include/mbedtls/build_info.h b/include/mbedtls/build_info.h index eab167f383..e13e236d45 100644 --- a/include/mbedtls/build_info.h +++ b/include/mbedtls/build_info.h @@ -101,6 +101,9 @@ #define inline __inline #endif +#undef MBEDTLS_CONFIG_FILES_READ +#undef MBEDTLS_CONFIG_IS_FINALIZED + /* X.509, TLS and non-PSA crypto configuration */ #if !defined(MBEDTLS_CONFIG_FILE) #include "mbedtls/mbedtls_config.h" @@ -135,6 +138,12 @@ #endif #endif /* defined(MBEDTLS_PSA_CRYPTO_CONFIG) */ +/* Indicate that all configuration files have been read. + * It is now time to adjust the configuration (follow through on dependencies, + * make PSA and legacy crypto consistent, etc.). + */ +#define MBEDTLS_CONFIG_FILES_READ + /* Auto-enable MBEDTLS_CTR_DRBG_USE_128_BIT_KEY if * MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH and MBEDTLS_CTR_DRBG_C defined * to ensure a 128-bit key size in CTR_DRBG. @@ -169,8 +178,13 @@ #include "mbedtls/config_adjust_ssl.h" -/* Make sure all configuration symbols are set before including check_config.h, - * even the ones that are calculated programmatically. */ +/* Indicate that all configuration symbols are set, + * even the ones that are calculated programmatically. + * It is now safe to query the configuration (to check it, to size buffers, + * etc.). + */ +#define MBEDTLS_CONFIG_IS_FINALIZED + #include "mbedtls/check_config.h" #endif /* MBEDTLS_BUILD_INFO_H */ From 0b8ece6beb97b6b82783bce2da7a0a3c50b5fb2a Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 16 May 2024 14:46:09 +0200 Subject: [PATCH 267/429] Error out if *adjust* headers are included manually Some projects using Mbed TLS have migrated their configuration file (config.h -> mbedtls_config.h, or MBEDTLS_CONFIG_FILE) from Mbed TLS 2.x, and kept including check_config.h. This is unnecessary since Mbed TLS 3.0, and increasingly in 3.x it may report spurious errors because the configuration adjustments have not been done yet. This has led some projects to include configuration adjustment headers manually, but only partially or in the wrong order, which can result in silent inconsistencies. Error out if this happens, with a message mentioning check_config.h since that's the likely root cause. ``` perl -i -pe '$name = $ARGV; $name =~ s!include/!!; $name =~ s!_adjust_.*!_adjust_*.h!; $_ .= "\n#if !defined(MBEDTLS_CONFIG_FILES_READ)\n#error \"Do not include $name manually! This can lead to problems, \" \\\n \"up to and including runtime errors such as buffer overflows. \" \\\n \"If you're trying to fix a complaint from check_config.h, just remove it \" \\\n \"from your configuration file: since Mbed TLS 3.0, it is included \" \\\n \"automatically at the right time.\"\n#endif /* !MBEDTLS_CONFIG_FILES_READ */\n" if /^#define .*_H$/' include/*/*adjust*.h ``` Signed-off-by: Gilles Peskine --- include/mbedtls/config_adjust_legacy_crypto.h | 8 ++++++++ include/mbedtls/config_adjust_legacy_from_psa.h | 8 ++++++++ include/mbedtls/config_adjust_psa_from_legacy.h | 8 ++++++++ include/mbedtls/config_adjust_psa_superset_legacy.h | 8 ++++++++ include/mbedtls/config_adjust_ssl.h | 8 ++++++++ include/mbedtls/config_adjust_x509.h | 8 ++++++++ include/psa/crypto_adjust_auto_enabled.h | 8 ++++++++ include/psa/crypto_adjust_config_dependencies.h | 8 ++++++++ include/psa/crypto_adjust_config_key_pair_types.h | 8 ++++++++ include/psa/crypto_adjust_config_synonyms.h | 8 ++++++++ 10 files changed, 80 insertions(+) diff --git a/include/mbedtls/config_adjust_legacy_crypto.h b/include/mbedtls/config_adjust_legacy_crypto.h index a24616a5a0..1d1b29ec55 100644 --- a/include/mbedtls/config_adjust_legacy_crypto.h +++ b/include/mbedtls/config_adjust_legacy_crypto.h @@ -24,6 +24,14 @@ #ifndef MBEDTLS_CONFIG_ADJUST_LEGACY_CRYPTO_H #define MBEDTLS_CONFIG_ADJUST_LEGACY_CRYPTO_H +#if !defined(MBEDTLS_CONFIG_FILES_READ) +#error "Do not include mbedtls/config_adjust_*.h manually! This can lead to problems, " \ + "up to and including runtime errors such as buffer overflows. " \ + "If you're trying to fix a complaint from check_config.h, just remove " \ + "it from your configuration file: since Mbed TLS 3.0, it is included " \ + "automatically at the right time." +#endif /* */ + /* Ideally, we'd set those as defaults in mbedtls_config.h, but * putting an #ifdef _WIN32 in mbedtls_config.h would confuse config.py. * diff --git a/include/mbedtls/config_adjust_legacy_from_psa.h b/include/mbedtls/config_adjust_legacy_from_psa.h index f5334f1574..c8e4d03a4d 100644 --- a/include/mbedtls/config_adjust_legacy_from_psa.h +++ b/include/mbedtls/config_adjust_legacy_from_psa.h @@ -18,6 +18,14 @@ #ifndef MBEDTLS_CONFIG_ADJUST_LEGACY_FROM_PSA_H #define MBEDTLS_CONFIG_ADJUST_LEGACY_FROM_PSA_H +#if !defined(MBEDTLS_CONFIG_FILES_READ) +#error "Do not include mbedtls/config_adjust_*.h manually! This can lead to problems, " \ + "up to and including runtime errors such as buffer overflows. " \ + "If you're trying to fix a complaint from check_config.h, just remove " \ + "it from your configuration file: since Mbed TLS 3.0, it is included " \ + "automatically at the right time." +#endif /* */ + /* Define appropriate ACCEL macros for the p256-m driver. * In the future, those should be generated from the drivers JSON description. */ diff --git a/include/mbedtls/config_adjust_psa_from_legacy.h b/include/mbedtls/config_adjust_psa_from_legacy.h index 7c3a2d2359..3495f67bf6 100644 --- a/include/mbedtls/config_adjust_psa_from_legacy.h +++ b/include/mbedtls/config_adjust_psa_from_legacy.h @@ -20,6 +20,14 @@ #ifndef MBEDTLS_CONFIG_ADJUST_PSA_FROM_LEGACY_H #define MBEDTLS_CONFIG_ADJUST_PSA_FROM_LEGACY_H +#if !defined(MBEDTLS_CONFIG_FILES_READ) +#error "Do not include mbedtls/config_adjust_*.h manually! This can lead to problems, " \ + "up to and including runtime errors such as buffer overflows. " \ + "If you're trying to fix a complaint from check_config.h, just remove " \ + "it from your configuration file: since Mbed TLS 3.0, it is included " \ + "automatically at the right time." +#endif /* */ + /* * Ensure PSA_WANT_* defines are setup properly if MBEDTLS_PSA_CRYPTO_CONFIG * is not defined diff --git a/include/mbedtls/config_adjust_psa_superset_legacy.h b/include/mbedtls/config_adjust_psa_superset_legacy.h index 6ccb91becd..0cbad256ac 100644 --- a/include/mbedtls/config_adjust_psa_superset_legacy.h +++ b/include/mbedtls/config_adjust_psa_superset_legacy.h @@ -19,6 +19,14 @@ #ifndef MBEDTLS_CONFIG_ADJUST_PSA_SUPERSET_LEGACY_H #define MBEDTLS_CONFIG_ADJUST_PSA_SUPERSET_LEGACY_H +#if !defined(MBEDTLS_CONFIG_FILES_READ) +#error "Do not include mbedtls/config_adjust_*.h manually! This can lead to problems, " \ + "up to and including runtime errors such as buffer overflows. " \ + "If you're trying to fix a complaint from check_config.h, just remove " \ + "it from your configuration file: since Mbed TLS 3.0, it is included " \ + "automatically at the right time." +#endif /* */ + /****************************************************************/ /* Hashes that are built in are also enabled in PSA. * This simplifies dependency declarations especially diff --git a/include/mbedtls/config_adjust_ssl.h b/include/mbedtls/config_adjust_ssl.h index 4d8dc9dfac..8c824661f7 100644 --- a/include/mbedtls/config_adjust_ssl.h +++ b/include/mbedtls/config_adjust_ssl.h @@ -24,6 +24,14 @@ #ifndef MBEDTLS_CONFIG_ADJUST_SSL_H #define MBEDTLS_CONFIG_ADJUST_SSL_H +#if !defined(MBEDTLS_CONFIG_FILES_READ) +#error "Do not include mbedtls/config_adjust_*.h manually! This can lead to problems, " \ + "up to and including runtime errors such as buffer overflows. " \ + "If you're trying to fix a complaint from check_config.h, just remove " \ + "it from your configuration file: since Mbed TLS 3.0, it is included " \ + "automatically at the right time." +#endif /* */ + /* The following blocks make it easier to disable all of TLS, * or of TLS 1.2 or 1.3 or DTLS, without having to manually disable all * key exchanges, options and extensions related to them. */ diff --git a/include/mbedtls/config_adjust_x509.h b/include/mbedtls/config_adjust_x509.h index d12f4d82bc..3c95ce4047 100644 --- a/include/mbedtls/config_adjust_x509.h +++ b/include/mbedtls/config_adjust_x509.h @@ -24,4 +24,12 @@ #ifndef MBEDTLS_CONFIG_ADJUST_X509_H #define MBEDTLS_CONFIG_ADJUST_X509_H +#if !defined(MBEDTLS_CONFIG_FILES_READ) +#error "Do not include mbedtls/config_adjust_*.h manually! This can lead to problems, " \ + "up to and including runtime errors such as buffer overflows. " \ + "If you're trying to fix a complaint from check_config.h, just remove " \ + "it from your configuration file: since Mbed TLS 3.0, it is included " \ + "automatically at the right time." +#endif /* */ + #endif /* MBEDTLS_CONFIG_ADJUST_X509_H */ diff --git a/include/psa/crypto_adjust_auto_enabled.h b/include/psa/crypto_adjust_auto_enabled.h index e2618d15dc..59eb4f66c3 100644 --- a/include/psa/crypto_adjust_auto_enabled.h +++ b/include/psa/crypto_adjust_auto_enabled.h @@ -15,6 +15,14 @@ #ifndef PSA_CRYPTO_ADJUST_AUTO_ENABLED_H #define PSA_CRYPTO_ADJUST_AUTO_ENABLED_H +#if !defined(MBEDTLS_CONFIG_FILES_READ) +#error "Do not include psa/crypto_adjust_*.h manually! This can lead to problems, " \ + "up to and including runtime errors such as buffer overflows. " \ + "If you're trying to fix a complaint from check_config.h, just remove " \ + "it from your configuration file: since Mbed TLS 3.0, it is included " \ + "automatically at the right time." +#endif /* */ + #define PSA_WANT_KEY_TYPE_DERIVE 1 #define PSA_WANT_KEY_TYPE_PASSWORD 1 #define PSA_WANT_KEY_TYPE_PASSWORD_HASH 1 diff --git a/include/psa/crypto_adjust_config_dependencies.h b/include/psa/crypto_adjust_config_dependencies.h index 5a22205bf3..b63770fe99 100644 --- a/include/psa/crypto_adjust_config_dependencies.h +++ b/include/psa/crypto_adjust_config_dependencies.h @@ -18,6 +18,14 @@ #ifndef PSA_CRYPTO_ADJUST_CONFIG_DEPENDENCIES_H #define PSA_CRYPTO_ADJUST_CONFIG_DEPENDENCIES_H +#if !defined(MBEDTLS_CONFIG_FILES_READ) +#error "Do not include psa/crypto_adjust_*.h manually! This can lead to problems, " \ + "up to and including runtime errors such as buffer overflows. " \ + "If you're trying to fix a complaint from check_config.h, just remove " \ + "it from your configuration file: since Mbed TLS 3.0, it is included " \ + "automatically at the right time." +#endif /* */ + #if (defined(PSA_WANT_ALG_TLS12_PRF) && \ !defined(MBEDTLS_PSA_ACCEL_ALG_TLS12_PRF)) || \ (defined(PSA_WANT_ALG_TLS12_PSK_TO_MS) && \ diff --git a/include/psa/crypto_adjust_config_key_pair_types.h b/include/psa/crypto_adjust_config_key_pair_types.h index 8308ac759e..76a9654487 100644 --- a/include/psa/crypto_adjust_config_key_pair_types.h +++ b/include/psa/crypto_adjust_config_key_pair_types.h @@ -21,6 +21,14 @@ #ifndef PSA_CRYPTO_ADJUST_KEYPAIR_TYPES_H #define PSA_CRYPTO_ADJUST_KEYPAIR_TYPES_H +#if !defined(MBEDTLS_CONFIG_FILES_READ) +#error "Do not include psa/crypto_adjust_*.h manually! This can lead to problems, " \ + "up to and including runtime errors such as buffer overflows. " \ + "If you're trying to fix a complaint from check_config.h, just remove " \ + "it from your configuration file: since Mbed TLS 3.0, it is included " \ + "automatically at the right time." +#endif /* */ + /***************************************************************** * ANYTHING -> BASIC ****************************************************************/ diff --git a/include/psa/crypto_adjust_config_synonyms.h b/include/psa/crypto_adjust_config_synonyms.h index ad71050ef2..d92ca1150b 100644 --- a/include/psa/crypto_adjust_config_synonyms.h +++ b/include/psa/crypto_adjust_config_synonyms.h @@ -16,6 +16,14 @@ #ifndef PSA_CRYPTO_ADJUST_CONFIG_SYNONYMS_H #define PSA_CRYPTO_ADJUST_CONFIG_SYNONYMS_H +#if !defined(MBEDTLS_CONFIG_FILES_READ) +#error "Do not include psa/crypto_adjust_*.h manually! This can lead to problems, " \ + "up to and including runtime errors such as buffer overflows. " \ + "If you're trying to fix a complaint from check_config.h, just remove " \ + "it from your configuration file: since Mbed TLS 3.0, it is included " \ + "automatically at the right time." +#endif /* */ + /****************************************************************/ /* De facto synonyms */ /****************************************************************/ From 690fb5e0b0ee0921ccfe7d5e8c5bb96b06a8106b Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 16 May 2024 14:54:04 +0200 Subject: [PATCH 268/429] Warn if mbedtls_config.h is included manually Some projects using Mbed TLS have migrated their configuration file (config.h -> mbedtls_config.h, or MBEDTLS_CONFIG_FILE) from Mbed TLS 2.x, and kept including check_config.h. This is unnecessary since Mbed TLS 3.0, and increasingly in 3.x it may report spurious errors because the configuration adjustments have not been done yet. Signed-off-by: Gilles Peskine --- include/mbedtls/check_config.h | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h index 9c33faeb9a..67a05f83b8 100644 --- a/include/mbedtls/check_config.h +++ b/include/mbedtls/check_config.h @@ -19,6 +19,13 @@ #define MBEDTLS_CHECK_CONFIG_H /* *INDENT-OFF* */ + +#if !defined(MBEDTLS_CONFIG_IS_FINALIZED) +#warning "Do not include mbedtls/check_config.h manually! " \ + "This may cause spurious errors. " \ + "It is included automatically at the right point since Mbed TLS 3.0." +#endif /* !MBEDTLS_CONFIG_IS_FINALIZED */ + /* * We assume CHAR_BIT is 8 in many places. In practice, this is true on our * target platforms, so not an issue, but let's just be extra sure. From d2f191adb0022a6d09880f6f4cb78b0b5b3c8402 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 16 May 2024 14:57:03 +0200 Subject: [PATCH 269/429] Document that there is now an error for dangerous inclusions Signed-off-by: Gilles Peskine --- ChangeLog.d/check-config.txt | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/ChangeLog.d/check-config.txt b/ChangeLog.d/check-config.txt index 86723e0907..8570a11757 100644 --- a/ChangeLog.d/check-config.txt +++ b/ChangeLog.d/check-config.txt @@ -1,5 +1,8 @@ Changes - * Explicitly state that mbedtls/check_config.h must not be included manually. + * Warn if mbedtls/check_config.h is included manually, as this can + lead to spurious errors. Error if a *adjust*.h header is included + manually, as this can lead to silently inconsistent configurations, + potentially resulting in buffer overflows. When migrating from Mbed TLS 2.x, if you had a custom config.h that included check_config.h, remove this inclusion from the Mbed TLS 3.x configuration file (renamed to mbedtls_config.h). This change was made From 9df7806b370727d7c453ba9a0959f6b4b6176216 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 29 May 2024 09:33:04 +0200 Subject: [PATCH 270/429] Tweak wording Signed-off-by: Gilles Peskine --- include/mbedtls/config_adjust_legacy_crypto.h | 2 +- include/mbedtls/config_adjust_legacy_from_psa.h | 2 +- include/mbedtls/config_adjust_psa_from_legacy.h | 2 +- include/mbedtls/config_adjust_psa_superset_legacy.h | 2 +- include/mbedtls/config_adjust_ssl.h | 2 +- include/mbedtls/config_adjust_x509.h | 2 +- include/psa/crypto_adjust_auto_enabled.h | 2 +- include/psa/crypto_adjust_config_dependencies.h | 2 +- include/psa/crypto_adjust_config_key_pair_types.h | 2 +- include/psa/crypto_adjust_config_synonyms.h | 2 +- 10 files changed, 10 insertions(+), 10 deletions(-) diff --git a/include/mbedtls/config_adjust_legacy_crypto.h b/include/mbedtls/config_adjust_legacy_crypto.h index 1d1b29ec55..854116190e 100644 --- a/include/mbedtls/config_adjust_legacy_crypto.h +++ b/include/mbedtls/config_adjust_legacy_crypto.h @@ -29,7 +29,7 @@ "up to and including runtime errors such as buffer overflows. " \ "If you're trying to fix a complaint from check_config.h, just remove " \ "it from your configuration file: since Mbed TLS 3.0, it is included " \ - "automatically at the right time." + "automatically at the right point." #endif /* */ /* Ideally, we'd set those as defaults in mbedtls_config.h, but diff --git a/include/mbedtls/config_adjust_legacy_from_psa.h b/include/mbedtls/config_adjust_legacy_from_psa.h index c8e4d03a4d..04bdae61bb 100644 --- a/include/mbedtls/config_adjust_legacy_from_psa.h +++ b/include/mbedtls/config_adjust_legacy_from_psa.h @@ -23,7 +23,7 @@ "up to and including runtime errors such as buffer overflows. " \ "If you're trying to fix a complaint from check_config.h, just remove " \ "it from your configuration file: since Mbed TLS 3.0, it is included " \ - "automatically at the right time." + "automatically at the right point." #endif /* */ /* Define appropriate ACCEL macros for the p256-m driver. diff --git a/include/mbedtls/config_adjust_psa_from_legacy.h b/include/mbedtls/config_adjust_psa_from_legacy.h index 3495f67bf6..14ca14696f 100644 --- a/include/mbedtls/config_adjust_psa_from_legacy.h +++ b/include/mbedtls/config_adjust_psa_from_legacy.h @@ -25,7 +25,7 @@ "up to and including runtime errors such as buffer overflows. " \ "If you're trying to fix a complaint from check_config.h, just remove " \ "it from your configuration file: since Mbed TLS 3.0, it is included " \ - "automatically at the right time." + "automatically at the right point." #endif /* */ /* diff --git a/include/mbedtls/config_adjust_psa_superset_legacy.h b/include/mbedtls/config_adjust_psa_superset_legacy.h index 0cbad256ac..ef65cce0d9 100644 --- a/include/mbedtls/config_adjust_psa_superset_legacy.h +++ b/include/mbedtls/config_adjust_psa_superset_legacy.h @@ -24,7 +24,7 @@ "up to and including runtime errors such as buffer overflows. " \ "If you're trying to fix a complaint from check_config.h, just remove " \ "it from your configuration file: since Mbed TLS 3.0, it is included " \ - "automatically at the right time." + "automatically at the right point." #endif /* */ /****************************************************************/ diff --git a/include/mbedtls/config_adjust_ssl.h b/include/mbedtls/config_adjust_ssl.h index 8c824661f7..309524a06a 100644 --- a/include/mbedtls/config_adjust_ssl.h +++ b/include/mbedtls/config_adjust_ssl.h @@ -29,7 +29,7 @@ "up to and including runtime errors such as buffer overflows. " \ "If you're trying to fix a complaint from check_config.h, just remove " \ "it from your configuration file: since Mbed TLS 3.0, it is included " \ - "automatically at the right time." + "automatically at the right point." #endif /* */ /* The following blocks make it easier to disable all of TLS, diff --git a/include/mbedtls/config_adjust_x509.h b/include/mbedtls/config_adjust_x509.h index 3c95ce4047..c063251b0f 100644 --- a/include/mbedtls/config_adjust_x509.h +++ b/include/mbedtls/config_adjust_x509.h @@ -29,7 +29,7 @@ "up to and including runtime errors such as buffer overflows. " \ "If you're trying to fix a complaint from check_config.h, just remove " \ "it from your configuration file: since Mbed TLS 3.0, it is included " \ - "automatically at the right time." + "automatically at the right point." #endif /* */ #endif /* MBEDTLS_CONFIG_ADJUST_X509_H */ diff --git a/include/psa/crypto_adjust_auto_enabled.h b/include/psa/crypto_adjust_auto_enabled.h index 59eb4f66c3..3a2af15180 100644 --- a/include/psa/crypto_adjust_auto_enabled.h +++ b/include/psa/crypto_adjust_auto_enabled.h @@ -20,7 +20,7 @@ "up to and including runtime errors such as buffer overflows. " \ "If you're trying to fix a complaint from check_config.h, just remove " \ "it from your configuration file: since Mbed TLS 3.0, it is included " \ - "automatically at the right time." + "automatically at the right point." #endif /* */ #define PSA_WANT_KEY_TYPE_DERIVE 1 diff --git a/include/psa/crypto_adjust_config_dependencies.h b/include/psa/crypto_adjust_config_dependencies.h index b63770fe99..92e9c4de28 100644 --- a/include/psa/crypto_adjust_config_dependencies.h +++ b/include/psa/crypto_adjust_config_dependencies.h @@ -23,7 +23,7 @@ "up to and including runtime errors such as buffer overflows. " \ "If you're trying to fix a complaint from check_config.h, just remove " \ "it from your configuration file: since Mbed TLS 3.0, it is included " \ - "automatically at the right time." + "automatically at the right point." #endif /* */ #if (defined(PSA_WANT_ALG_TLS12_PRF) && \ diff --git a/include/psa/crypto_adjust_config_key_pair_types.h b/include/psa/crypto_adjust_config_key_pair_types.h index 76a9654487..cec39e01ce 100644 --- a/include/psa/crypto_adjust_config_key_pair_types.h +++ b/include/psa/crypto_adjust_config_key_pair_types.h @@ -26,7 +26,7 @@ "up to and including runtime errors such as buffer overflows. " \ "If you're trying to fix a complaint from check_config.h, just remove " \ "it from your configuration file: since Mbed TLS 3.0, it is included " \ - "automatically at the right time." + "automatically at the right point." #endif /* */ /***************************************************************** diff --git a/include/psa/crypto_adjust_config_synonyms.h b/include/psa/crypto_adjust_config_synonyms.h index d92ca1150b..54b116f434 100644 --- a/include/psa/crypto_adjust_config_synonyms.h +++ b/include/psa/crypto_adjust_config_synonyms.h @@ -21,7 +21,7 @@ "up to and including runtime errors such as buffer overflows. " \ "If you're trying to fix a complaint from check_config.h, just remove " \ "it from your configuration file: since Mbed TLS 3.0, it is included " \ - "automatically at the right time." + "automatically at the right point." #endif /* */ /****************************************************************/ From c8d45cd3fc499b6f1a544ba8786678e6f597d30f Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 29 May 2024 09:34:20 +0200 Subject: [PATCH 271/429] Error on unexpectedly defined symbols Signed-off-by: Gilles Peskine --- include/mbedtls/build_info.h | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/include/mbedtls/build_info.h b/include/mbedtls/build_info.h index e13e236d45..cf38f90981 100644 --- a/include/mbedtls/build_info.h +++ b/include/mbedtls/build_info.h @@ -101,8 +101,12 @@ #define inline __inline #endif -#undef MBEDTLS_CONFIG_FILES_READ -#undef MBEDTLS_CONFIG_IS_FINALIZED +#if defined(MBEDTLS_CONFIG_FILES_READ) +#error "Something went wrong: MBEDTLS_CONFIG_FILES_READ defined before reading the config files!" +#endif +#if defined(MBEDTLS_CONFIG_IS_FINALIZED) +#error "Something went wrong: MBEDTLS_CONFIG_IS_FINALIZED defined before reading the config files!" +#endif /* X.509, TLS and non-PSA crypto configuration */ #if !defined(MBEDTLS_CONFIG_FILE) From 92024566fb8741b5fc298b160bb3555874168959 Mon Sep 17 00:00:00 2001 From: Tom Cosgrove Date: Wed, 29 May 2024 09:58:56 +0100 Subject: [PATCH 272/429] Fix code style in psa_ff_server.c Signed-off-by: Tom Cosgrove --- tests/psa-client-server/psasim/src/psa_ff_server.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/psa-client-server/psasim/src/psa_ff_server.c b/tests/psa-client-server/psasim/src/psa_ff_server.c index 16e6058f3b..219722ad61 100644 --- a/tests/psa-client-server/psasim/src/psa_ff_server.c +++ b/tests/psa-client-server/psasim/src/psa_ff_server.c @@ -478,7 +478,7 @@ void psa_write(psa_handle_t msg_handle, uint32_t outvec_idx, sending = MAX_FRAGMENT_SIZE - (sizeof(size_t) * 2); } - INFO("Server: sending %lu bytes to client, sofar = %lu", sending, (long)sofar); + INFO("Server: sending %lu bytes to client, sofar = %lu", sending, (long) sofar); send_msg(msg_handle, WRITE_REQUEST, outvec_idx, sending, buffer + sofar, sending); From 2fc5687b21cfae75acd754ef115d661f4893f9e2 Mon Sep 17 00:00:00 2001 From: Tom Cosgrove Date: Wed, 29 May 2024 10:03:06 +0100 Subject: [PATCH 273/429] Add PSA crypto sim serialisation functions for basic types Not hooked into the build yet Signed-off-by: Tom Cosgrove --- .../psasim/src/psa_sim_serialise.c | 321 +++++++++ .../psasim/src/psa_sim_serialise.h | 272 +++++++ .../psasim/src/psa_sim_serialise.pl | 682 ++++++++++++++++++ 3 files changed, 1275 insertions(+) create mode 100644 tests/psa-client-server/psasim/src/psa_sim_serialise.c create mode 100644 tests/psa-client-server/psasim/src/psa_sim_serialise.h create mode 100644 tests/psa-client-server/psasim/src/psa_sim_serialise.pl diff --git a/tests/psa-client-server/psasim/src/psa_sim_serialise.c b/tests/psa-client-server/psasim/src/psa_sim_serialise.c new file mode 100644 index 0000000000..7caf4e595e --- /dev/null +++ b/tests/psa-client-server/psasim/src/psa_sim_serialise.c @@ -0,0 +1,321 @@ +/** + * \file psa_sim_serialise.c + * + * \brief Rough-and-ready serialisation and deserialisation for the PSA Crypto simulator + */ + +/* + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + */ + +#include "psa_sim_serialise.h" +#include +#include + +/* Basic idea: + * + * All arguments to a function will be serialised into a single buffer to + * be sent to the server with the PSA crypto function to be called. + * + * All returned data (the function's return value and any values returned + * via `out` parameters) will similarly be serialised into a buffer to be + * sent back to the client from the server. + * + * For each data type foo (e.g. int, size_t, psa_algorithm_t, but also "buffer" + * where "buffer" is a (uint8_t *, size_t) pair, we have a pair of functions, + * psasim_serialise_foo() and psasim_deserialise_foo(). + * + * We also have psasim_serialise_foo_needs() functions, which return a + * size_t giving the number of bytes that serialising that instance of that + * type will need. This allows callers to size buffers for serialisation. + * + * Each serialised buffer starts with a version byte, bytes that indicate + * the size of basic C types, and four bytes that indicate the endianness + * (to avoid incompatibilities if we ever run this over a network - we are + * not aiming for universality, just for correctness and simplicity). + * + * Most types are serialised as a fixed-size (per type) octet string, with + * no type indication. This is acceptable as (a) this is for the test PSA crypto + * simulator only, not production, and (b) these functions are called by + * code that itself is written by script. + * + * We also want to keep serialised data reasonably compact as communication + * between client and server goes in messages of less than 200 bytes each. + * + * Many serialisation functions can be created by a script; an exemplar Perl + * script is included. It is not hooked into the build and so must be run + * manually, but is expected to be replaced by a Python script in due course. + * Types that can have their functions created by script include plain old C + * data types (e.g. int), types typedef'd to those, and even structures that + * don't contain pointers. + */ + +size_t psasim_serialise_begin_needs(void) +{ + /* The serialisation buffer will + * start with a byte of 0 to indicate version 0, + * then have 1 byte each for length of int, long, void *, + * then have 4 bytes to indicate endianness. */ + return 4 + sizeof(uint32_t); +} + +int psasim_serialise_begin(uint8_t **pos, size_t *remaining) +{ + uint32_t endian = 0x1234; + + if (*remaining < 4 + sizeof(endian)) { + return 0; + } + + *(*pos)++ = 0; /* version */ + *(*pos)++ = (uint8_t) sizeof(int); + *(*pos)++ = (uint8_t) sizeof(long); + *(*pos)++ = (uint8_t) sizeof(void *); + + memcpy(*pos, &endian, sizeof(endian)); + + *pos += sizeof(endian); + + return 1; +} + +int psasim_deserialise_begin(uint8_t **pos, size_t *remaining) +{ + uint8_t version = 255; + uint8_t int_size = 0; + uint8_t long_size = 0; + uint8_t ptr_size = 0; + uint32_t endian; + + if (*remaining < 4 + sizeof(endian)) { + return 0; + } + + memcpy(&version, (*pos)++, sizeof(version)); + if (version != 0) { + return 0; + } + + memcpy(&int_size, (*pos)++, sizeof(int_size)); + if (int_size != sizeof(int)) { + return 0; + } + + memcpy(&long_size, (*pos)++, sizeof(long_size)); + if (long_size != sizeof(long)) { + return 0; + } + + memcpy(&ptr_size, (*pos)++, sizeof(ptr_size)); + if (ptr_size != sizeof(void *)) { + return 0; + } + + *remaining -= 4; + + memcpy(&endian, *pos, sizeof(endian)); + if (endian != 0x1234) { + return 0; + } + + *pos += sizeof(endian); + *remaining -= sizeof(endian); + + return 1; +} + +size_t psasim_serialise_unsigned_int_needs(unsigned int value) +{ + return sizeof(value); +} + +int psasim_serialise_unsigned_int(uint8_t **pos, size_t *remaining, unsigned int value) +{ + if (*remaining < sizeof(value)) { + return 0; + } + + memcpy(*pos, &value, sizeof(value)); + *pos += sizeof(value); + + return 1; +} + +int psasim_deserialise_unsigned_int(uint8_t **pos, size_t *remaining, unsigned int *value) +{ + if (*remaining < sizeof(*value)) { + return 0; + } + + memcpy(value, *pos, sizeof(*value)); + + *pos += sizeof(*value); + *remaining -= sizeof(*value); + + return 1; +} + +size_t psasim_serialise_int_needs(int value) +{ + return sizeof(value); +} + +int psasim_serialise_int(uint8_t **pos, size_t *remaining, int value) +{ + if (*remaining < sizeof(value)) { + return 0; + } + + memcpy(*pos, &value, sizeof(value)); + *pos += sizeof(value); + + return 1; +} + +int psasim_deserialise_int(uint8_t **pos, size_t *remaining, int *value) +{ + if (*remaining < sizeof(*value)) { + return 0; + } + + memcpy(value, *pos, sizeof(*value)); + + *pos += sizeof(*value); + *remaining -= sizeof(*value); + + return 1; +} + +size_t psasim_serialise_size_t_needs(size_t value) +{ + return sizeof(value); +} + +int psasim_serialise_size_t(uint8_t **pos, size_t *remaining, size_t value) +{ + if (*remaining < sizeof(value)) { + return 0; + } + + memcpy(*pos, &value, sizeof(value)); + *pos += sizeof(value); + + return 1; +} + +int psasim_deserialise_size_t(uint8_t **pos, size_t *remaining, size_t *value) +{ + if (*remaining < sizeof(*value)) { + return 0; + } + + memcpy(value, *pos, sizeof(*value)); + + *pos += sizeof(*value); + *remaining -= sizeof(*value); + + return 1; +} + +size_t psasim_serialise_buffer_needs(const uint8_t *buffer, size_t buffer_size) +{ + (void) buffer; + return sizeof(buffer_size) + buffer_size; +} + +int psasim_serialise_buffer(uint8_t **pos, + size_t *remaining, + const uint8_t *buffer, + size_t buffer_length) +{ + if (*remaining < sizeof(buffer_length) + buffer_length) { + return 0; + } + + memcpy(*pos, &buffer_length, sizeof(buffer_length)); + *pos += sizeof(buffer_length); + + if (buffer_length > 0) { // To be able to serialise (NULL, 0) + memcpy(*pos, buffer, buffer_length); + *pos += buffer_length; + } + + return 1; +} + +int psasim_deserialise_buffer(uint8_t **pos, + size_t *remaining, + uint8_t **buffer, + size_t *buffer_length) +{ + if (*remaining < sizeof(*buffer_length)) { + return 0; + } + + memcpy(buffer_length, *pos, sizeof(*buffer_length)); + + *pos += sizeof(buffer_length); + *remaining -= sizeof(buffer_length); + + if (*buffer_length == 0) { // Deserialise (NULL, 0) + *buffer = NULL; + return 1; + } + + if (*remaining < *buffer_length) { + return 0; + } + + uint8_t *data = malloc(*buffer_length); + if (data == NULL) { + return 0; + } + + memcpy(data, *pos, *buffer_length); + *pos += *buffer_length; + *remaining -= *buffer_length; + + *buffer = data; + + return 1; +} + +/* When the client is deserialising a buffer returned from the server, it needs + * to use this function to deserialised the returned buffer. It should use the + * usual \c psasim_serialise_buffer() function to serialise the outbound + * buffer. */ +int psasim_deserialise_return_buffer(uint8_t **pos, + size_t *remaining, + uint8_t *buffer, + size_t buffer_length) +{ + if (*remaining < sizeof(buffer_length)) { + return 0; + } + + size_t length_check; + + memcpy(&length_check, *pos, sizeof(buffer_length)); + + *pos += sizeof(buffer_length); + *remaining -= sizeof(buffer_length); + + if (buffer_length != length_check) { // Make sure we're sent back the same we sent to the server + return 0; + } + + if (length_check == 0) { // Deserialise (NULL, 0) + return 1; + } + + if (*remaining < buffer_length) { + return 0; + } + + memcpy(buffer, *pos, buffer_length); + *pos += buffer_length; + *remaining -= buffer_length; + + return 1; +} diff --git a/tests/psa-client-server/psasim/src/psa_sim_serialise.h b/tests/psa-client-server/psasim/src/psa_sim_serialise.h new file mode 100644 index 0000000000..4ae0253f4a --- /dev/null +++ b/tests/psa-client-server/psasim/src/psa_sim_serialise.h @@ -0,0 +1,272 @@ +/** + * \file psa_sim_serialise.h + * + * \brief Rough-and-ready serialisation and deserialisation for the PSA Crypto simulator + */ + +/* + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + */ + +#include +#include + +#include "psa/crypto.h" +#include "psa/crypto_types.h" +#include "psa/crypto_values.h" + +/* Basic idea: + * + * All arguments to a function will be serialised into a single buffer to + * be sent to the server with the PSA crypto function to be called. + * + * All returned data (the function's return value and any values returned + * via `out` parameters) will similarly be serialised into a buffer to be + * sent back to the client from the server. + * + * For each data type foo (e.g. int, size_t, psa_algorithm_t, but also "buffer" + * where "buffer" is a (uint8_t *, size_t) pair, we have a pair of functions, + * psasim_serialise_foo() and psasim_deserialise_foo(). + * + * We also have psasim_serialise_foo_needs() functions, which return a + * size_t giving the number of bytes that serialising that instance of that + * type will need. This allows callers to size buffers for serialisation. + * + * Each serialised buffer starts with a version byte, bytes that indicate + * the size of basic C types, and four bytes that indicate the endianness + * (to avoid incompatibilities if we ever run this over a network - we are + * not aiming for universality, just for correctness and simplicity). + * + * Most types are serialised as a fixed-size (per type) octet string, with + * no type indication. This is acceptable as (a) this is for the test PSA crypto + * simulator only, not production, and (b) these functions are called by + * code that itself is written by script. + * + * We also want to keep serialised data reasonably compact as communication + * between client and server goes in messages of less than 200 bytes each. + * + * Many serialisation functions can be created by a script; an exemplar Perl + * script is included. It is not hooked into the build and so must be run + * manually, but is expected to be replaced by a Python script in due course. + * Types that can have their functions created by script include plain old C + * data types (e.g. int), types typedef'd to those, and even structures that + * don't contain pointers. + */ + +/** Return how much buffer space is needed by \c psasim_serialise_begin(). + * + * \return The number of bytes needed in the buffer for + * \c psasim_serialise_begin()'s output. + */ +size_t psasim_serialise_begin_needs(void); + +/** Begin serialisation into a buffer. + * + * This must be the first serialisation API called + * on a buffer. + * + * \param pos[in,out] Pointer to a `uint8_t *` holding current position + * in the buffer. + * \param remaining[in,out] Pointer to a `size_t` holding number of bytes + * remaining in the buffer. + * + * \return \c 1 on success ("okay"), \c 0 on error (likely + * no space). + */ +int psasim_serialise_begin(uint8_t **pos, size_t *remaining); + +/** Begin deserialisation of a buffer. + * + * This must be the first deserialisation API called + * on a buffer. + * + * \param pos[in,out] Pointer to a `uint8_t *` holding current position + * in the buffer. + * \param remaining[in,out] Pointer to a `size_t` holding number of bytes + * remaining in the buffer. + * + * \return \c 1 on success ("okay"), \c 0 on error. + */ +int psasim_deserialise_begin(uint8_t **pos, size_t *remaining); + +/** Return how much buffer space is needed by \c psasim_serialise_unsigned_int() + * to serialise an `unsigned int`. + * + * \param value The value that will be serialised into the buffer + * (needed in case some serialisations are value- + * dependent). + * + * \return The number of bytes needed in the buffer by + * \c psasim_serialise_unsigned_int() to serialise + * the given value. + */ +size_t psasim_serialise_unsigned_int_needs(unsigned int value); + +/** Serialise an `unsigned int` into a buffer. + * + * \param pos[in,out] Pointer to a `uint8_t *` holding current position + * in the buffer. + * \param remaining[in,out] Pointer to a `size_t` holding number of bytes + * remaining in the buffer. + * \param value The value to serialise into the buffer. + * + * \return \c 1 on success ("okay"), \c 0 on error. + */ +int psasim_serialise_unsigned_int(uint8_t **pos, size_t *remaining, unsigned int value); + +/** Deserialise an `unsigned int` from a buffer. + * + * \param pos[in,out] Pointer to a `uint8_t *` holding current position + * in the buffer. + * \param remaining[in,out] Pointer to a `size_t` holding number of bytes + * remaining in the buffer. + * \param value Pointer to an `unsigned int` to receive the value + * deserialised from the buffer. + * + * \return \c 1 on success ("okay"), \c 0 on error. + */ +int psasim_deserialise_unsigned_int(uint8_t **pos, size_t *remaining, unsigned int *value); + +/** Return how much buffer space is needed by \c psasim_serialise_int() + * to serialise an `int`. + * + * \param value The value that will be serialised into the buffer + * (needed in case some serialisations are value- + * dependent). + * + * \return The number of bytes needed in the buffer by + * \c psasim_serialise_int() to serialise + * the given value. + */ +size_t psasim_serialise_int_needs(int value); + +/** Serialise an `int` into a buffer. + * + * \param pos[in,out] Pointer to a `uint8_t *` holding current position + * in the buffer. + * \param remaining[in,out] Pointer to a `size_t` holding number of bytes + * remaining in the buffer. + * \param value The value to serialise into the buffer. + * + * \return \c 1 on success ("okay"), \c 0 on error. + */ +int psasim_serialise_int(uint8_t **pos, size_t *remaining, int value); + +/** Deserialise an `int` from a buffer. + * + * \param pos[in,out] Pointer to a `uint8_t *` holding current position + * in the buffer. + * \param remaining[in,out] Pointer to a `size_t` holding number of bytes + * remaining in the buffer. + * \param value Pointer to an `int` to receive the value + * deserialised from the buffer. + * + * \return \c 1 on success ("okay"), \c 0 on error. + */ +int psasim_deserialise_int(uint8_t **pos, size_t *remaining, int *value); + +/** Return how much buffer space is needed by \c psasim_serialise_size_t() + * to serialise a `size_t`. + * + * \param value The value that will be serialised into the buffer + * (needed in case some serialisations are value- + * dependent). + * + * \return The number of bytes needed in the buffer by + * \c psasim_serialise_size_t() to serialise + * the given value. + */ +size_t psasim_serialise_size_t_needs(size_t value); + +/** Serialise a `size_t` into a buffer. + * + * \param pos[in,out] Pointer to a `uint8_t *` holding current position + * in the buffer. + * \param remaining[in,out] Pointer to a `size_t` holding number of bytes + * remaining in the buffer. + * \param value The value to serialise into the buffer. + * + * \return \c 1 on success ("okay"), \c 0 on error. + */ +int psasim_serialise_size_t(uint8_t **pos, size_t *remaining, size_t value); + +/** Deserialise a `size_t` from a buffer. + * + * \param pos[in,out] Pointer to a `uint8_t *` holding current position + * in the buffer. + * \param remaining[in,out] Pointer to a `size_t` holding number of bytes + * remaining in the buffer. + * \param value Pointer to a `size_t` to receive the value + * deserialised from the buffer. + * + * \return \c 1 on success ("okay"), \c 0 on error. + */ +int psasim_deserialise_size_t(uint8_t **pos, size_t *remaining, size_t *value); + +/** Return how much space is needed by \c psasim_serialise_buffer() + * to serialise a buffer: a (`uint8_t *`, `size_t`) pair. + * + * \param buffer Pointer to the buffer to be serialised + * (needed in case some serialisations are value- + * dependent). + * \param buffer_size Number of bytes in the buffer to be serialised. + * + * \return The number of bytes needed in the buffer by + * \c psasim_serialise_buffer() to serialise + * the specified buffer. + */ +size_t psasim_serialise_buffer_needs(const uint8_t *buffer, size_t buffer_size); + +/** Serialise a buffer. + * + * \param pos[in,out] Pointer to a `uint8_t *` holding current position + * in the buffer. + * \param remaining[in,out] Pointer to a `size_t` holding number of bytes + * remaining in the buffer. + * \param buffer Pointer to the buffer to be serialised. + * \param buffer_length Number of bytes in the buffer to be serialised. + * + * \return \c 1 on success ("okay"), \c 0 on error. + */ +int psasim_serialise_buffer(uint8_t **pos, size_t *remaining, + const uint8_t *buffer, size_t buffer_length); + +/** Deserialise a buffer. + * + * \param pos[in,out] Pointer to a `uint8_t *` holding current position + * in the serialisation buffer. + * \param remaining[in,out] Pointer to a `size_t` holding number of bytes + * remaining in the serialisation buffer. + * \param buffer Pointer to a `uint8_t *` to receive the address + * of a newly-allocated buffer, which the caller + * must `free()`. + * \param buffer_length Pointer to a `size_t` to receive the number of + * bytes in the deserialised buffer. + * + * \return \c 1 on success ("okay"), \c 0 on error. + */ +int psasim_deserialise_buffer(uint8_t **pos, size_t *remaining, + uint8_t **buffer, size_t *buffer_length); + +/** Deserialise a buffer returned from the server. + * + * When the client is deserialising a buffer returned from the server, it needs + * to use this function to deserialised the returned buffer. It should use the + * usual \c psasim_serialise_buffer() function to serialise the outbound + * buffer. + * + * \param pos[in,out] Pointer to a `uint8_t *` holding current position + * in the serialisation buffer. + * \param remaining[in,out] Pointer to a `size_t` holding number of bytes + * remaining in the serialisation buffer. + * \param buffer Pointer to a `uint8_t *` to receive the address + * of a newly-allocated buffer, which the caller + * must `free()`. + * \param buffer_length Pointer to a `size_t` to receive the number of + * bytes in the deserialised buffer. + * + * \return \c 1 on success ("okay"), \c 0 on error. + */ +int psasim_deserialise_return_buffer(uint8_t **pos, size_t *remaining, + uint8_t *buffer, size_t buffer_length); diff --git a/tests/psa-client-server/psasim/src/psa_sim_serialise.pl b/tests/psa-client-server/psasim/src/psa_sim_serialise.pl new file mode 100644 index 0000000000..092a448ba7 --- /dev/null +++ b/tests/psa-client-server/psasim/src/psa_sim_serialise.pl @@ -0,0 +1,682 @@ +#!/usr/bin/env perl +# +# psa_sim_serialise.pl - Sample Perl script to show how many serialisation +# functions can be created by templated scripting. +# +# This is an example only, and is expected to be replaced by a Python script +# for production use. It is not hooked into the build: it needs to be run +# manually: +# +# perl psa_sim_serialise.pl h > psa_sim_serialise.h +# perl psa_sim_serialise.pl c > psa_sim_serialise.c +# +use strict; + +my $usage = "$0: usage: $0 c|h\n"; +my $which = lc(shift) || die($usage); +die($usage) unless $which eq "c" || $which eq "h"; + +# Most types are serialised as a fixed-size (per type) octet string, with +# no type indication. This is acceptable as (a) this is for the test PSA crypto +# simulator only, not production, and (b) these functions are called by +# code that itself is written by script. +# +# We also want to keep serialised data reasonably compact as communication +# between client and server goes in messages of less than 200 bytes each. +# +# This script is able to create serialisation functions for plain old C data +# types (e.g. unsigned int), types typedef'd to those, and even structures +# that don't contain pointers. +# +# Structures that contain pointers will need to have their serialisation and +# deserialisation functions written manually (like those for the "buffer" type +# are). +# +my @types = qw(unsigned-int int size_t buffer); +grep(s/-/ /g, @types); + +# IS-A: Some data types are typedef'd; we serialise them as the other type +my %isa = ( + # e.g. "psa_status_t" => "int", but nothing for now +); + +if ($which eq "h") { + + print h_header(); + + for my $type (@types) { + if ($type eq "buffer") { + print declare_buffer_functions(); + } else { + print declare_needs($type); + print declare_serialise($type); + print declare_deserialise($type); + } + } + +} elsif ($which eq "c") { + + print c_header(); + + for my $type (@types) { + if ($type eq "buffer") { + print define_buffer_functions(); + } elsif (exists($isa{$type})) { + print define_needs_isa($type, $isa{$type}); + print define_serialise_isa($type, $isa{$type}); + print define_deserialise_isa($type, $isa{$type}); + } else { + print define_needs($type); + print define_serialise($type); + print define_deserialise($type); + } + } + +} else { + die("internal error - shouldn't happen"); +} + +sub declare_needs +{ + my ($type) = @_; + + my $an = ($type =~ /^[ui]/) ? "an" : "a"; + my $type_d = $type; + $type_d =~ s/ /_/g; + + return < +#include + +#include "psa/crypto.h" +#include "psa/crypto_types.h" +#include "psa/crypto_values.h" + +/* Basic idea: + * + * All arguments to a function will be serialised into a single buffer to + * be sent to the server with the PSA crypto function to be called. + * + * All returned data (the function's return value and any values returned + * via `out` parameters) will similarly be serialised into a buffer to be + * sent back to the client from the server. + * + * For each data type foo (e.g. int, size_t, psa_algorithm_t, but also "buffer" + * where "buffer" is a (uint8_t *, size_t) pair, we have a pair of functions, + * psasim_serialise_foo() and psasim_deserialise_foo(). + * + * We also have psasim_serialise_foo_needs() functions, which return a + * size_t giving the number of bytes that serialising that instance of that + * type will need. This allows callers to size buffers for serialisation. + * + * Each serialised buffer starts with a version byte, bytes that indicate + * the size of basic C types, and four bytes that indicate the endianness + * (to avoid incompatibilities if we ever run this over a network - we are + * not aiming for universality, just for correctness and simplicity). + * + * Most types are serialised as a fixed-size (per type) octet string, with + * no type indication. This is acceptable as (a) this is for the test PSA crypto + * simulator only, not production, and (b) these functions are called by + * code that itself is written by script. + * + * We also want to keep serialised data reasonably compact as communication + * between client and server goes in messages of less than 200 bytes each. + * + * Many serialisation functions can be created by a script; an exemplar Perl + * script is included. It is not hooked into the build and so must be run + * manually, but is expected to be replaced by a Python script in due course. + * Types that can have their functions created by script include plain old C + * data types (e.g. int), types typedef'd to those, and even structures that + * don't contain pointers. + */ + +/** Return how much buffer space is needed by \c psasim_serialise_begin(). + * + * \return The number of bytes needed in the buffer for + * \c psasim_serialise_begin()'s output. + */ +size_t psasim_serialise_begin_needs(void); + +/** Begin serialisation into a buffer. + * + * This must be the first serialisation API called + * on a buffer. + * + * \param pos[in,out] Pointer to a `uint8_t *` holding current position + * in the buffer. + * \param remaining[in,out] Pointer to a `size_t` holding number of bytes + * remaining in the buffer. + * + * \return \c 1 on success ("okay"), \c 0 on error (likely + * no space). + */ +int psasim_serialise_begin(uint8_t **pos, size_t *remaining); + +/** Begin deserialisation of a buffer. + * + * This must be the first deserialisation API called + * on a buffer. + * + * \param pos[in,out] Pointer to a `uint8_t *` holding current position + * in the buffer. + * \param remaining[in,out] Pointer to a `size_t` holding number of bytes + * remaining in the buffer. + * + * \return \c 1 on success ("okay"), \c 0 on error. + */ +int psasim_deserialise_begin(uint8_t **pos, size_t *remaining); +EOF +} + +sub define_needs +{ + my ($type) = @_; + + my $type_d = $type; + $type_d =~ s/ /_/g; + + return < 0) { // To be able to serialise (NULL, 0) + memcpy(*pos, buffer, buffer_length); + *pos += buffer_length; + } + + return 1; +} + +int psasim_deserialise_buffer(uint8_t **pos, + size_t *remaining, + uint8_t **buffer, + size_t *buffer_length) +{ + if (*remaining < sizeof(*buffer_length)) { + return 0; + } + + memcpy(buffer_length, *pos, sizeof(*buffer_length)); + + *pos += sizeof(buffer_length); + *remaining -= sizeof(buffer_length); + + if (*buffer_length == 0) { // Deserialise (NULL, 0) + *buffer = NULL; + return 1; + } + + if (*remaining < *buffer_length) { + return 0; + } + + uint8_t *data = malloc(*buffer_length); + if (data == NULL) { + return 0; + } + + memcpy(data, *pos, *buffer_length); + *pos += *buffer_length; + *remaining -= *buffer_length; + + *buffer = data; + + return 1; +} + +/* When the client is deserialising a buffer returned from the server, it needs + * to use this function to deserialised the returned buffer. It should use the + * usual \c psasim_serialise_buffer() function to serialise the outbound + * buffer. */ +int psasim_deserialise_return_buffer(uint8_t **pos, + size_t *remaining, + uint8_t *buffer, + size_t buffer_length) +{ + if (*remaining < sizeof(buffer_length)) { + return 0; + } + + size_t length_check; + + memcpy(&length_check, *pos, sizeof(buffer_length)); + + *pos += sizeof(buffer_length); + *remaining -= sizeof(buffer_length); + + if (buffer_length != length_check) { // Make sure we're sent back the same we sent to the server + return 0; + } + + if (length_check == 0) { // Deserialise (NULL, 0) + return 1; + } + + if (*remaining < buffer_length) { + return 0; + } + + memcpy(buffer, *pos, buffer_length); + *pos += buffer_length; + *remaining -= buffer_length; + + return 1; +} +EOF +} + +sub c_header +{ + return <<'EOF'; +/** + * \file psa_sim_serialise.c + * + * \brief Rough-and-ready serialisation and deserialisation for the PSA Crypto simulator + */ + +/* + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + */ + +#include "psa_sim_serialise.h" +#include +#include + +/* Basic idea: + * + * All arguments to a function will be serialised into a single buffer to + * be sent to the server with the PSA crypto function to be called. + * + * All returned data (the function's return value and any values returned + * via `out` parameters) will similarly be serialised into a buffer to be + * sent back to the client from the server. + * + * For each data type foo (e.g. int, size_t, psa_algorithm_t, but also "buffer" + * where "buffer" is a (uint8_t *, size_t) pair, we have a pair of functions, + * psasim_serialise_foo() and psasim_deserialise_foo(). + * + * We also have psasim_serialise_foo_needs() functions, which return a + * size_t giving the number of bytes that serialising that instance of that + * type will need. This allows callers to size buffers for serialisation. + * + * Each serialised buffer starts with a version byte, bytes that indicate + * the size of basic C types, and four bytes that indicate the endianness + * (to avoid incompatibilities if we ever run this over a network - we are + * not aiming for universality, just for correctness and simplicity). + * + * Most types are serialised as a fixed-size (per type) octet string, with + * no type indication. This is acceptable as (a) this is for the test PSA crypto + * simulator only, not production, and (b) these functions are called by + * code that itself is written by script. + * + * We also want to keep serialised data reasonably compact as communication + * between client and server goes in messages of less than 200 bytes each. + * + * Many serialisation functions can be created by a script; an exemplar Perl + * script is included. It is not hooked into the build and so must be run + * manually, but is expected to be replaced by a Python script in due course. + * Types that can have their functions created by script include plain old C + * data types (e.g. int), types typedef'd to those, and even structures that + * don't contain pointers. + */ + +size_t psasim_serialise_begin_needs(void) +{ + /* The serialisation buffer will + * start with a byte of 0 to indicate version 0, + * then have 1 byte each for length of int, long, void *, + * then have 4 bytes to indicate endianness. */ + return 4 + sizeof(uint32_t); +} + +int psasim_serialise_begin(uint8_t **pos, size_t *remaining) +{ + uint32_t endian = 0x1234; + + if (*remaining < 4 + sizeof(endian)) { + return 0; + } + + *(*pos)++ = 0; /* version */ + *(*pos)++ = (uint8_t) sizeof(int); + *(*pos)++ = (uint8_t) sizeof(long); + *(*pos)++ = (uint8_t) sizeof(void *); + + memcpy(*pos, &endian, sizeof(endian)); + + *pos += sizeof(endian); + + return 1; +} + +int psasim_deserialise_begin(uint8_t **pos, size_t *remaining) +{ + uint8_t version = 255; + uint8_t int_size = 0; + uint8_t long_size = 0; + uint8_t ptr_size = 0; + uint32_t endian; + + if (*remaining < 4 + sizeof(endian)) { + return 0; + } + + memcpy(&version, (*pos)++, sizeof(version)); + if (version != 0) { + return 0; + } + + memcpy(&int_size, (*pos)++, sizeof(int_size)); + if (int_size != sizeof(int)) { + return 0; + } + + memcpy(&long_size, (*pos)++, sizeof(long_size)); + if (long_size != sizeof(long)) { + return 0; + } + + memcpy(&ptr_size, (*pos)++, sizeof(ptr_size)); + if (ptr_size != sizeof(void *)) { + return 0; + } + + *remaining -= 4; + + memcpy(&endian, *pos, sizeof(endian)); + if (endian != 0x1234) { + return 0; + } + + *pos += sizeof(endian); + *remaining -= sizeof(endian); + + return 1; +} +EOF +} From e68fb72d8c7dc67a4c9fac9e79b7d70c90eb8a16 Mon Sep 17 00:00:00 2001 From: Tom Cosgrove Date: Wed, 29 May 2024 10:04:14 +0100 Subject: [PATCH 274/429] Add PSA crypto sim serialisation functions for rest of types needed for psa_hash_compute() Still not used Signed-off-by: Tom Cosgrove --- .../psasim/src/psa_sim_serialise.c | 30 ++++++++ .../psasim/src/psa_sim_serialise.h | 76 +++++++++++++++++++ .../psasim/src/psa_sim_serialise.pl | 5 +- 3 files changed, 109 insertions(+), 2 deletions(-) diff --git a/tests/psa-client-server/psasim/src/psa_sim_serialise.c b/tests/psa-client-server/psasim/src/psa_sim_serialise.c index 7caf4e595e..264509cdf1 100644 --- a/tests/psa-client-server/psasim/src/psa_sim_serialise.c +++ b/tests/psa-client-server/psasim/src/psa_sim_serialise.c @@ -319,3 +319,33 @@ int psasim_deserialise_return_buffer(uint8_t **pos, return 1; } + +size_t psasim_serialise_psa_status_t_needs(psa_status_t value) +{ + return psasim_serialise_int_needs(value); +} + +int psasim_serialise_psa_status_t(uint8_t **pos, size_t *remaining, psa_status_t value) +{ + return psasim_serialise_int(pos, remaining, value); +} + +int psasim_deserialise_psa_status_t(uint8_t **pos, size_t *remaining, psa_status_t *value) +{ + return psasim_deserialise_int(pos, remaining, value); +} + +size_t psasim_serialise_psa_algorithm_t_needs(psa_algorithm_t value) +{ + return psasim_serialise_unsigned_int_needs(value); +} + +int psasim_serialise_psa_algorithm_t(uint8_t **pos, size_t *remaining, psa_algorithm_t value) +{ + return psasim_serialise_unsigned_int(pos, remaining, value); +} + +int psasim_deserialise_psa_algorithm_t(uint8_t **pos, size_t *remaining, psa_algorithm_t *value) +{ + return psasim_deserialise_unsigned_int(pos, remaining, value); +} diff --git a/tests/psa-client-server/psasim/src/psa_sim_serialise.h b/tests/psa-client-server/psasim/src/psa_sim_serialise.h index 4ae0253f4a..9cca7d8c65 100644 --- a/tests/psa-client-server/psasim/src/psa_sim_serialise.h +++ b/tests/psa-client-server/psasim/src/psa_sim_serialise.h @@ -270,3 +270,79 @@ int psasim_deserialise_buffer(uint8_t **pos, size_t *remaining, */ int psasim_deserialise_return_buffer(uint8_t **pos, size_t *remaining, uint8_t *buffer, size_t buffer_length); + +/** Return how much buffer space is needed by \c psasim_serialise_psa_status_t() + * to serialise a `psa_status_t`. + * + * \param value The value that will be serialised into the buffer + * (needed in case some serialisations are value- + * dependent). + * + * \return The number of bytes needed in the buffer by + * \c psasim_serialise_psa_status_t() to serialise + * the given value. + */ +size_t psasim_serialise_psa_status_t_needs(psa_status_t value); + +/** Serialise a `psa_status_t` into a buffer. + * + * \param pos[in,out] Pointer to a `uint8_t *` holding current position + * in the buffer. + * \param remaining[in,out] Pointer to a `size_t` holding number of bytes + * remaining in the buffer. + * \param value The value to serialise into the buffer. + * + * \return \c 1 on success ("okay"), \c 0 on error. + */ +int psasim_serialise_psa_status_t(uint8_t **pos, size_t *remaining, psa_status_t value); + +/** Deserialise a `psa_status_t` from a buffer. + * + * \param pos[in,out] Pointer to a `uint8_t *` holding current position + * in the buffer. + * \param remaining[in,out] Pointer to a `size_t` holding number of bytes + * remaining in the buffer. + * \param value Pointer to a `psa_status_t` to receive the value + * deserialised from the buffer. + * + * \return \c 1 on success ("okay"), \c 0 on error. + */ +int psasim_deserialise_psa_status_t(uint8_t **pos, size_t *remaining, psa_status_t *value); + +/** Return how much buffer space is needed by \c psasim_serialise_psa_algorithm_t() + * to serialise a `psa_algorithm_t`. + * + * \param value The value that will be serialised into the buffer + * (needed in case some serialisations are value- + * dependent). + * + * \return The number of bytes needed in the buffer by + * \c psasim_serialise_psa_algorithm_t() to serialise + * the given value. + */ +size_t psasim_serialise_psa_algorithm_t_needs(psa_algorithm_t value); + +/** Serialise a `psa_algorithm_t` into a buffer. + * + * \param pos[in,out] Pointer to a `uint8_t *` holding current position + * in the buffer. + * \param remaining[in,out] Pointer to a `size_t` holding number of bytes + * remaining in the buffer. + * \param value The value to serialise into the buffer. + * + * \return \c 1 on success ("okay"), \c 0 on error. + */ +int psasim_serialise_psa_algorithm_t(uint8_t **pos, size_t *remaining, psa_algorithm_t value); + +/** Deserialise a `psa_algorithm_t` from a buffer. + * + * \param pos[in,out] Pointer to a `uint8_t *` holding current position + * in the buffer. + * \param remaining[in,out] Pointer to a `size_t` holding number of bytes + * remaining in the buffer. + * \param value Pointer to a `psa_algorithm_t` to receive the value + * deserialised from the buffer. + * + * \return \c 1 on success ("okay"), \c 0 on error. + */ +int psasim_deserialise_psa_algorithm_t(uint8_t **pos, size_t *remaining, psa_algorithm_t *value); diff --git a/tests/psa-client-server/psasim/src/psa_sim_serialise.pl b/tests/psa-client-server/psasim/src/psa_sim_serialise.pl index 092a448ba7..2a6c3885b7 100644 --- a/tests/psa-client-server/psasim/src/psa_sim_serialise.pl +++ b/tests/psa-client-server/psasim/src/psa_sim_serialise.pl @@ -32,12 +32,13 @@ die($usage) unless $which eq "c" || $which eq "h"; # deserialisation functions written manually (like those for the "buffer" type # are). # -my @types = qw(unsigned-int int size_t buffer); +my @types = qw(unsigned-int int size_t buffer psa_status_t psa_algorithm_t); grep(s/-/ /g, @types); # IS-A: Some data types are typedef'd; we serialise them as the other type my %isa = ( - # e.g. "psa_status_t" => "int", but nothing for now + "psa_status_t" => "int", + "psa_algorithm_t" => "unsigned int", ); if ($which eq "h") { From 54b4ccdbf88e04158f63330e0049c388f1b9a6ff Mon Sep 17 00:00:00 2001 From: Tom Cosgrove Date: Wed, 29 May 2024 10:27:01 +0100 Subject: [PATCH 275/429] Add PSA crypto sim client and server implementations of psa_hash_compute() A Perl script that creates them is also included as reference. This is not the final script (that will be in Python) but a proof-of-concept to show that creaation client and server wrappers can be scripted. It is not hooked into the build: it must be run manually. It is not part of the deliverables for this PR. Signed-off-by: Tom Cosgrove --- .../psasim/src/psa_functions_codes.h | 13 +- .../psasim/src/psa_sim_crypto_client.c | 207 +++ .../psasim/src/psa_sim_crypto_server.c | 225 ++++ .../psasim/src/psa_sim_generate.pl | 1130 +++++++++++++++++ 4 files changed, 1573 insertions(+), 2 deletions(-) create mode 100644 tests/psa-client-server/psasim/src/psa_sim_crypto_client.c create mode 100644 tests/psa-client-server/psasim/src/psa_sim_crypto_server.c create mode 100644 tests/psa-client-server/psasim/src/psa_sim_generate.pl diff --git a/tests/psa-client-server/psasim/src/psa_functions_codes.h b/tests/psa-client-server/psasim/src/psa_functions_codes.h index 34897b91be..9306be95a1 100644 --- a/tests/psa-client-server/psasim/src/psa_functions_codes.h +++ b/tests/psa-client-server/psasim/src/psa_functions_codes.h @@ -1,9 +1,18 @@ +/* THIS FILE WAS AUTO-GENERATED BY psa_sim_generate.pl. DO NOT EDIT!! */ + +/* + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + */ + #ifndef _PSA_FUNCTIONS_CODES_H_ #define _PSA_FUNCTIONS_CODES_H_ enum { - PSA_CRYPTO_INIT = 0x00, - /* Add other PSA functions here */ + /* Start here to avoid overlap with PSA_IPC_CONNECT, PSA_IPC_DISCONNECT + * and VERSION_REQUEST */ + PSA_CRYPTO_INIT = 100, + PSA_HASH_COMPUTE, }; #endif /* _PSA_FUNCTIONS_CODES_H_ */ diff --git a/tests/psa-client-server/psasim/src/psa_sim_crypto_client.c b/tests/psa-client-server/psasim/src/psa_sim_crypto_client.c new file mode 100644 index 0000000000..85c8a3c036 --- /dev/null +++ b/tests/psa-client-server/psasim/src/psa_sim_crypto_client.c @@ -0,0 +1,207 @@ +/* THIS FILE WAS AUTO-GENERATED BY psa_sim_generate.pl. DO NOT EDIT!! */ + +/* client calls */ + +/* + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + */ + +#include +#include + +/* Includes from psasim */ +#include +#include +#include "psa_manifest/sid.h" +#include "psa_functions_codes.h" +#include "psa_sim_serialise.h" + +/* Includes from mbedtls */ +#include "mbedtls/version.h" +#include "psa/crypto.h" + +#define CLIENT_PRINT(fmt, ...) \ + PRINT("Client: " fmt, ##__VA_ARGS__) + +static psa_handle_t handle = -1; + +int psa_crypto_call(int function, + uint8_t *in_params, size_t in_params_len, + uint8_t **out_params, size_t *out_params_len) +{ + // psa_outvec outvecs[1]; + if (handle < 0) { + fprintf(stderr, "NOT CONNECTED\n"); + exit(1); + } + + psa_invec invec; + invec.base = in_params; + invec.len = in_params_len; + + size_t max_receive = 8192; + uint8_t *receive = malloc(max_receive); + if (receive == NULL) { + fprintf(stderr, "FAILED to allocate %u bytes\n", (unsigned) max_receive); + exit(1); + } + + size_t actual_received = 0; + + psa_outvec outvecs[2]; + outvecs[0].base = &actual_received; + outvecs[0].len = sizeof(actual_received); + outvecs[1].base = receive; + outvecs[1].len = max_receive; + + psa_status_t status = psa_call(handle, function, &invec, 1, outvecs, 2); + if (status != PSA_SUCCESS) { + free(receive); + return 0; + } + + *out_params = receive; + *out_params_len = actual_received; + + return 1; // success +} + +psa_status_t psa_crypto_init(void) +{ + char mbedtls_version[18]; + uint8_t *result = NULL; + size_t result_length; + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + + mbedtls_version_get_string_full(mbedtls_version); + CLIENT_PRINT("%s", mbedtls_version); + + CLIENT_PRINT("My PID: %d", getpid()); + + CLIENT_PRINT("PSA version: %u", psa_version(PSA_SID_CRYPTO_SID)); + handle = psa_connect(PSA_SID_CRYPTO_SID, 1); + + if (handle < 0) { + CLIENT_PRINT("Couldn't connect %d", handle); + return PSA_ERROR_COMMUNICATION_FAILURE; + } + + int ok = psa_crypto_call(PSA_CRYPTO_INIT, NULL, 0, &result, &result_length); + CLIENT_PRINT("PSA_CRYPTO_INIT returned: %d", ok); + + if (!ok) { + goto fail; + } + + uint8_t *rpos = result; + size_t rremain = result_length; + + ok = psasim_deserialise_begin(&rpos, &rremain); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_psa_status_t(&rpos, &rremain, &status); + if (!ok) { + goto fail; + } + +fail: + free(result); + + return status; +} + +void mbedtls_psa_crypto_free(void) +{ + CLIENT_PRINT("Closing handle"); + psa_close(handle); + handle = -1; +} + + +psa_status_t psa_hash_compute( + psa_algorithm_t alg, + const uint8_t *input, size_t input_length, + uint8_t *hash, size_t hash_size, + size_t *hash_length + ) +{ + uint8_t *params = NULL; + uint8_t *result = NULL; + size_t result_length; + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + + size_t needed = psasim_serialise_begin_needs() + + psasim_serialise_psa_algorithm_t_needs(alg) + + psasim_serialise_buffer_needs(input, input_length) + + psasim_serialise_buffer_needs(hash, hash_size) + + psasim_serialise_size_t_needs(*hash_length); + + params = malloc(needed); + if (params == NULL) { + status = PSA_ERROR_INSUFFICIENT_MEMORY; + goto fail; + } + + uint8_t *pos = params; + size_t remaining = needed; + int ok; + ok = psasim_serialise_begin(&pos, &remaining); + if (!ok) { + goto fail; + } + ok = psasim_serialise_psa_algorithm_t(&pos, &remaining, alg); + if (!ok) { + goto fail; + } + ok = psasim_serialise_buffer(&pos, &remaining, input, input_length); + if (!ok) { + goto fail; + } + ok = psasim_serialise_buffer(&pos, &remaining, hash, hash_size); + if (!ok) { + goto fail; + } + ok = psasim_serialise_size_t(&pos, &remaining, *hash_length); + if (!ok) { + goto fail; + } + + ok = psa_crypto_call(PSA_HASH_COMPUTE, + params, (size_t) (pos - params), &result, &result_length); + if (!ok) { + printf("XXX server call failed\n"); + goto fail; + } + + uint8_t *rpos = result; + size_t rremain = result_length; + + ok = psasim_deserialise_begin(&rpos, &rremain); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_psa_status_t(&rpos, &rremain, &status); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_return_buffer(&rpos, &rremain, hash, hash_size); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_size_t(&rpos, &rremain, hash_length); + if (!ok) { + goto fail; + } + +fail: + free(params); + free(result); + + return status; +} diff --git a/tests/psa-client-server/psasim/src/psa_sim_crypto_server.c b/tests/psa-client-server/psasim/src/psa_sim_crypto_server.c new file mode 100644 index 0000000000..c15b2b0c82 --- /dev/null +++ b/tests/psa-client-server/psasim/src/psa_sim_crypto_server.c @@ -0,0 +1,225 @@ +/* THIS FILE WAS AUTO-GENERATED BY psa_sim_generate.pl. DO NOT EDIT!! */ + +/* server implementations */ + +#include +#include + +#include + +#include "psa_functions_codes.h" +#include "psa_sim_serialise.h" + +#include "service.h" + +// Returns 1 for success, 0 for failure +int psa_crypto_init_wrapper( + uint8_t *in_params, size_t in_params_len, + uint8_t **out_params, size_t *out_params_len) +{ + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + + uint8_t *result = NULL; + int ok; + + // Now we call the actual target function + + status = psa_crypto_init( + ); + + // NOTE: Should really check there is no overflow as we go along. + size_t result_size = + psasim_serialise_begin_needs() + + psasim_serialise_psa_status_t_needs(status); + + result = malloc(result_size); + if (result == NULL) { + goto fail; + } + + uint8_t *rpos = result; + size_t rremain = result_size; + + ok = psasim_serialise_begin(&rpos, &rremain); + if (!ok) { + goto fail; + } + + ok = psasim_serialise_psa_status_t(&rpos, &rremain, status); + if (!ok) { + goto fail; + } + + *out_params = result; + *out_params_len = result_size; + + return 1; // success + +fail: + free(result); + return 0; // This shouldn't happen! +} + +// Returns 1 for success, 0 for failure +int psa_hash_compute_wrapper( + uint8_t *in_params, size_t in_params_len, + uint8_t **out_params, size_t *out_params_len) +{ + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + psa_algorithm_t alg; + uint8_t *input = NULL; + size_t input_length; + uint8_t *hash = NULL; + size_t hash_size; + size_t hash_length; + + uint8_t *pos = in_params; + size_t remaining = in_params_len; + uint8_t *result = NULL; + int ok; + + ok = psasim_deserialise_begin(&pos, &remaining); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_psa_algorithm_t(&pos, &remaining, &alg); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_buffer(&pos, &remaining, &input, &input_length); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_buffer(&pos, &remaining, &hash, &hash_size); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_size_t(&pos, &remaining, &hash_length); + if (!ok) { + goto fail; + } + + // Now we call the actual target function + + status = psa_hash_compute( + alg, + input, input_length, + hash, hash_size, + &hash_length + ); + + // NOTE: Should really check there is no overflow as we go along. + size_t result_size = + psasim_serialise_begin_needs() + + psasim_serialise_psa_status_t_needs(status) + + psasim_serialise_buffer_needs(hash, hash_size) + + psasim_serialise_size_t_needs(hash_length); + + result = malloc(result_size); + if (result == NULL) { + goto fail; + } + + uint8_t *rpos = result; + size_t rremain = result_size; + + ok = psasim_serialise_begin(&rpos, &rremain); + if (!ok) { + goto fail; + } + + ok = psasim_serialise_psa_status_t(&rpos, &rremain, status); + if (!ok) { + goto fail; + } + + ok = psasim_serialise_buffer(&rpos, &rremain, hash, hash_size); + if (!ok) { + goto fail; + } + + ok = psasim_serialise_size_t(&rpos, &rremain, hash_length); + if (!ok) { + goto fail; + } + + *out_params = result; + *out_params_len = result_size; + + return 1; // success + +fail: + free(result); + return 0; // This shouldn't happen! +} + +psa_status_t psa_crypto_call(psa_msg_t msg) +{ + int ok = 0; + + int func = msg.type; + + /* We only expect a single input buffer, with everything serialised in it */ + if (msg.in_size[1] != 0 || msg.in_size[2] != 0 || msg.in_size[3] != 0) { + return PSA_ERROR_INVALID_ARGUMENT; + } + + /* We expect exactly 2 output buffers, one for size, the other for data */ + if (msg.out_size[0] != sizeof(size_t) || msg.out_size[1] == 0 || + msg.out_size[2] != 0 || msg.out_size[3] != 0) { + return PSA_ERROR_INVALID_ARGUMENT; + } + + uint8_t *in_params = NULL; + size_t in_params_len = 0; + uint8_t *out_params = NULL; + size_t out_params_len = 0; + + in_params_len = msg.in_size[0]; + in_params = malloc(in_params_len); + if (in_params == NULL) { + return PSA_ERROR_INSUFFICIENT_MEMORY; + } + + /* Read the bytes from the client */ + size_t actual = psa_read(msg.handle, 0, in_params, in_params_len); + if (actual != in_params_len) { + free(in_params); + return PSA_ERROR_CORRUPTION_DETECTED; + } + + switch (func) { + case PSA_CRYPTO_INIT: + ok = psa_crypto_init_wrapper(in_params, in_params_len, + &out_params, &out_params_len); + break; + case PSA_HASH_COMPUTE: + ok = psa_hash_compute_wrapper(in_params, in_params_len, + &out_params, &out_params_len); + break; + } + + free(in_params); + + if (out_params_len > msg.out_size[1]) { + fprintf(stderr, "unable to write %zu bytes into buffer of %zu bytes\n", + out_params_len, msg.out_size[1]); + exit(1); + } + + /* Write the exact amount of data we're returning */ + psa_write(msg.handle, 0, &out_params_len, sizeof(out_params_len)); + + /* And write the data itself */ + if (out_params_len) { + psa_write(msg.handle, 1, out_params, out_params_len); + } + + free(out_params); + + return ok ? PSA_SUCCESS : PSA_ERROR_GENERIC_ERROR; +} diff --git a/tests/psa-client-server/psasim/src/psa_sim_generate.pl b/tests/psa-client-server/psasim/src/psa_sim_generate.pl new file mode 100644 index 0000000000..62c1a893b7 --- /dev/null +++ b/tests/psa-client-server/psasim/src/psa_sim_generate.pl @@ -0,0 +1,1130 @@ +#!/usr/bin/env perl +# +# This is a proof-of-concept script to show that the client and server wrappers +# can be created by a script. It is not hooked into the build, so is run +# manually and the output files are what are to be reviewed. In due course +# this will be replaced by a Python script. +# +use strict; +use Data::Dumper; +use JSON qw(encode_json); + +my $debug = 0; + +# Globals (sorry!) +my %functions = get_functions(); +my @functions = sort keys %functions; + +# get_functions(), called above, returns a data structure for each function +# that we need to create client and server stubs for. In this example Perl script, +# the function declarations we want are in the data section (after __END__ at +# the bottom of this file), but a production Python version should process +# psa_crypto.h. +# +# In this script, the data for psa_crypto_init() looks like: +# +# "psa_crypto_init": { +# "return": { # Info on return type +# "type": "psa_status_t", # Return type +# "name": "status", # Name to be used for this in C code +# "default": "PSA_ERROR_CORRUPTION_DETECTED" # Default value +# }, +# "args": [], # void function, so args empty +# } +# +# The data for psa_hash_compute() looks like: +# +# "psa_hash_compute": { +# "return": { # Information on return type +# "type": "psa_status_t", +# "name": "status", +# "default": "PSA_ERROR_CORRUPTION_DETECTED" +# }, +# "args": [{ +# "type": "psa_algorithm_t", # Type of first argument +# "ctypename": "psa_algorithm_t ", # C type with trailing spaces +# # (so that e.g. `char *` looks ok) +# "name": "alg", +# "is_output": 0 +# }, { +# "type": "const buffer", # Specially created +# "ctypename": "", # (so no C type) +# "name": "input, input_length", # A pair of arguments +# "is_output": 0 # const, so not an output argument +# }, { +# "type": "buffer", # Specially created +# "ctypename": "", +# "name": "hash, hash_size", +# "is_output": 1 # Not const, so output argument +# }, { +# "type": "size_t", # size_t *hash_length +# "ctypename": "size_t ", +# "name": "*hash_length", # * comes into the name +# "is_output": 1 +# } +# ], +# }, +# +# It's possible that a production version might not need both type and ctypename; +# that was done for convenience and future-proofing during development. + +# We'll do psa_crypto_init() first +put_crypto_init_first(\@functions); + +write_function_codes("psa_functions_codes.h"); + +write_client_calls("psa_sim_crypto_client.c"); + +write_server_implementations("psa_sim_crypto_server.c"); + +sub write_function_codes +{ + my ($file) = @_; + + open(my $fh, ">", $file) || die("$0: $file: $!\n"); + + # NOTE: psa_crypto_init() is written manually + + print $fh <", $file) || die("$0: $file: $!\n"); + + print $fh client_calls_header(); + + for my $function (@functions) { + # psa_crypto_init() is hand written to establish connection to server + if ($function ne "psa_crypto_init") { + my $f = $functions{$function}; + output_client($fh, $f, $function); + } + } + + close($fh); +} + +sub write_server_implementations +{ + my ($file) = @_; + + open(my $fh, ">", $file) || die("$0: $file: $!\n"); + + print $fh server_implementations_header(); + + print $fh debug_functions() if $debug; + + for my $function (@functions) { + my $f = $functions{$function}; + output_server_wrapper($fh, $f, $function); + } + + # Now output a switch statement that calls each of the wrappers + + print $fh < msg.out_size[1]) { + fprintf(stderr, "unable to write %zu bytes into buffer of %zu bytes\\n", + out_params_len, msg.out_size[1]); + exit(1); + } + + /* Write the exact amount of data we're returning */ + psa_write(msg.handle, 0, &out_params_len, sizeof(out_params_len)); + + /* And write the data itself */ + if (out_params_len) { + psa_write(msg.handle, 1, out_params, out_params_len); + } + + free(out_params); + + return ok ? PSA_SUCCESS : PSA_ERROR_GENERIC_ERROR; +} +EOF + + close($fh); +} + +sub server_implementations_header +{ + return <<'EOF'; +/* THIS FILE WAS AUTO-GENERATED BY psa_sim_generate.pl. DO NOT EDIT!! */ + +/* server implementations */ + +#include +#include + +#include + +#include "psa_functions_codes.h" +#include "psa_sim_serialise.h" + +#include "service.h" +EOF +} + +sub client_calls_header +{ + my $code = <<'EOF'; +/* THIS FILE WAS AUTO-GENERATED BY psa_sim_generate.pl. DO NOT EDIT!! */ + +/* client calls */ + +/* + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + */ + +#include +#include + +/* Includes from psasim */ +#include +#include +#include "psa_manifest/sid.h" +#include "psa_functions_codes.h" +#include "psa_sim_serialise.h" + +/* Includes from mbedtls */ +#include "mbedtls/version.h" +#include "psa/crypto.h" + +#define CLIENT_PRINT(fmt, ...) \ + PRINT("Client: " fmt, ##__VA_ARGS__) + +static psa_handle_t handle = -1; +EOF + + $code .= debug_functions() if $debug; + + $code .= <<'EOF'; + +int psa_crypto_call(int function, + uint8_t *in_params, size_t in_params_len, + uint8_t **out_params, size_t *out_params_len) +{ + // psa_outvec outvecs[1]; + if (handle < 0) { + fprintf(stderr, "NOT CONNECTED\n"); + exit(1); + } + + psa_invec invec; + invec.base = in_params; + invec.len = in_params_len; + + size_t max_receive = 8192; + uint8_t *receive = malloc(max_receive); + if (receive == NULL) { + fprintf(stderr, "FAILED to allocate %u bytes\n", (unsigned) max_receive); + exit(1); + } + + size_t actual_received = 0; + + psa_outvec outvecs[2]; + outvecs[0].base = &actual_received; + outvecs[0].len = sizeof(actual_received); + outvecs[1].base = receive; + outvecs[1].len = max_receive; + + psa_status_t status = psa_call(handle, function, &invec, 1, outvecs, 2); + if (status != PSA_SUCCESS) { + free(receive); + return 0; + } + + *out_params = receive; + *out_params_len = actual_received; + + return 1; // success +} + +psa_status_t psa_crypto_init(void) +{ + char mbedtls_version[18]; + uint8_t *result = NULL; + size_t result_length; + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + + mbedtls_version_get_string_full(mbedtls_version); + CLIENT_PRINT("%s", mbedtls_version); + + CLIENT_PRINT("My PID: %d", getpid()); + + CLIENT_PRINT("PSA version: %u", psa_version(PSA_SID_CRYPTO_SID)); + handle = psa_connect(PSA_SID_CRYPTO_SID, 1); + + if (handle < 0) { + CLIENT_PRINT("Couldn't connect %d", handle); + return PSA_ERROR_COMMUNICATION_FAILURE; + } + + int ok = psa_crypto_call(PSA_CRYPTO_INIT, NULL, 0, &result, &result_length); + CLIENT_PRINT("PSA_CRYPTO_INIT returned: %d", ok); + + if (!ok) { + goto fail; + } + + uint8_t *rpos = result; + size_t rremain = result_length; + + ok = psasim_deserialise_begin(&rpos, &rremain); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_psa_status_t(&rpos, &rremain, &status); + if (!ok) { + goto fail; + } + +fail: + free(result); + + return status; +} + +void mbedtls_psa_crypto_free(void) +{ + CLIENT_PRINT("Closing handle"); + psa_close(handle); + handle = -1; +} +EOF +} + +sub debug_functions +{ + return <> 4); + p[1] = hex_digit(b & 0x0F); + + return 2; +} + +int hex_uint16(char *p, uint16_t b) +{ + hex_byte(p, b >> 8); + hex_byte(p + 2, b & 0xFF); + + return 4; +} + +char human_char(uint8_t c) +{ + return (c >= ' ' && c <= '~') ? (char)c : '.'; +} + +void dump_buffer(const uint8_t *buffer, size_t len) +{ + char line[80]; + + const uint8_t *p = buffer; + + size_t max = (len > 0xFFFF) ? 0xFFFF : len; + + for (size_t i = 0; i < max; i += 16) { + + char *q = line; + + q += hex_uint16(q, (uint16_t)i); + *q++ = ' '; + *q++ = ' '; + + size_t ll = (i + 16 > max) ? (max % 16) : 16; + + size_t j; + for (j = 0; j < ll; j++) { + q += hex_byte(q, p[i + j]); + *q++ = ' '; + } + + while (j++ < 16) { + *q++ = ' '; + *q++ = ' '; + *q++ = ' '; + } + + *q++ = ' '; + + for (j = 0; j < ll; j++) { + *q++ = human_char(p[i + j]); + } + + *q = '\\0'; + + printf("%s\\n", line); + } +} + +void hex_dump(uint8_t *p, size_t n) +{ + for (size_t i = 0; i < n; i++) { + printf("0x%02X ", p[i]); + } + printf("\\n"); +} +EOF +} + +sub output_server_wrapper +{ + my ($fh, $f, $name) = @_; + + my $ret_type = $f->{return}->{type}; + my $ret_name = $f->{return}->{name}; + my $ret_default = $f->{return}->{default}; + + print $fh <{args}; + + for my $i (0 .. $#$args) { + my $arg = $args->[$i]; + my $argtype = $arg->{type}; # e.g. int, psa_algorithm_t, or "buffer" + my $argname = $arg->{name}; + $argtype =~ s/^const //; + + if ($argtype =~ /^(const )?buffer$/) { + my ($n1, $n2) = split(/,\s*/, $argname); + print $fh <= 0) { # If we have any args (>= 0) + print $fh <= 0) { # If we have any args (>= 0) + print $fh <[$i]; + my $argtype = $arg->{type}; # e.g. int, psa_algorithm_t, or "buffer" + my $argname = $arg->{name}; + my $sep = ($i == $#$args) ? ";" : " +"; + $argtype =~ s/^const //; + + if ($argtype =~ /^(const )?buffer$/) { + my ($n1, $n2) = split(/,\s*/, $argname); + print $fh <{is_output}, @$args); + + my $sep1 = ($ret_type eq "void") ? ";" : " +"; + + print $fh <{is_output}; + my $argtype = $arg->{type}; # e.g. int, psa_algorithm_t, or "buffer" + my $argname = $arg->{name}; + my $sep = ($i == $#outputs) ? ";" : " +"; + $argtype =~ s/^const //; + $argname =~ s/^\*//; # Remove any leading * + + print $fh <{is_output}, @$args); + + for my $i (0 .. $#outputs) { + my $arg = $outputs[$i]; + die("$i: this should have been filtered out by grep") unless $arg->{is_output}; + my $argtype = $arg->{type}; # e.g. int, psa_algorithm_t, or "buffer" + my $argname = $arg->{name}; + my $sep = ($i == $#outputs) ? ";" : " +"; + $argtype =~ s/^const //; + + if ($argtype eq "buffer") { + print $fh <{return}->{type}; + my $ret_name = $f->{return}->{name}; + my $ret_default = $f->{return}->{default}; + + print $fh <{args}; + + for my $i (0 .. $#$args) { + my $arg = $args->[$i]; + my $argtype = $arg->{type}; # e.g. int, psa_algorithm_t, or "buffer" + my $argname = $arg->{name}; + my $sep = ($i == $#$args) ? ";" : " +"; + $argtype =~ s/^const //; + + print $fh <[$i]; + my $argtype = $arg->{type}; # e.g. int, psa_algorithm_t, or "buffer" + my $argname = $arg->{name}; + my $sep = ($i == $#$args) ? ";" : " +"; + $argtype =~ s/^const //; + + print $fh <{is_output}, @$args); + + for my $i (0 .. $#outputs) { + my $arg = $outputs[$i]; + die("$i: this should have been filtered out by grep") unless $arg->{is_output}; + my $argtype = $arg->{type}; # e.g. int, psa_algorithm_t, or "buffer" + my $argname = $arg->{name}; + my $sep = ($i == $#outputs) ? ";" : " +"; + $argtype =~ s/^const //; + + if ($argtype eq "buffer") { + print $fh <{return}->{name}; + my $args = $f->{args}; + + print $fh "\n $ret_name = $name(\n"; + + print $fh " );\n" if $#$args < 0; # If no arguments, empty arg list + + for my $i (0 .. $#$args) { + my $arg = $args->[$i]; + my $argtype = $arg->{type}; # e.g. int, psa_algorithm_t, or "buffer" + my $argname = $arg->{name}; + + if ($argtype =~ /^(const )?buffer$/) { + my ($n1, $n2) = split(/,\s*/, $argname); + print $fh " $n1, $n2"; + } else { + $argname =~ s/^\*/\&/; # Replace leading * with & + print $fh " $argname"; + } + my $sep = ($i == $#$args) ? "\n );" : ","; + print $fh "$sep\n"; + } +} + +sub output_signature +{ + my ($fh, $f, $name, $what) = @_; + + my $ret_type = $f->{return}->{type}; + my $args = $f->{args}; + + my $final_sep = ($what eq "declaration") ? "\n);" : "\n )"; + + print $fh "\n$ret_type $name(\n"; + + print $fh " void\n)\n" if $#$args < 0; # No arguments + + for my $i (0 .. $#$args) { + my $arg = $args->[$i]; + my $argtype = $arg->{type}; # e.g. int, psa_algorithm_t, or "buffer" + my $ctypename = $arg->{ctypename}; # e.g. "int ", "char *"; empty for buffer + my $argname = $arg->{name}; + + if ($argtype =~ /^(const )?buffer$/) { + my $const = length($1) ? "const " : ""; + my ($n1, $n2) = split(/,/, $argname); + print $fh " ${const}uint8_t *$n1, size_t $n2"; + } else { + print $fh " $ctypename$argname"; + } + my $sep = ($i == $#$args) ? $final_sep : ","; + print $fh "$sep\n"; + } +} + +sub get_functions +{ + my $src = ""; + while () { + chomp; + s/\/\/.*//; + s/\s+^//; + s/\s+/ /g; + $_ .= "\n"; + $src .= $_; + } + + $src =~ s/\/\*.*?\*\///gs; + + my @src = split(/\n+/, $src); + + my @rebuild = (); + my %funcs = (); + for (my $i = 0; $i <= $#src; $i++) { + my $line = $src[$i]; + if ($line =~ /^psa_status_t (psa_\w*)\(/) { # begin function definition + #print "have one $line\n"; + while ($line !~ /;/) { + $line .= $src[$i + 1]; + $i++; + } + $line =~ s/\s+/ /g; + if ($line =~ /(\w+)\s+\b(\w+)\s*\(\s*(.*\S)\s*\)\s*[;{]/s) { + my ($ret_type, $func, $args) = ($1, $2, $3); + my $copy = $line; + $copy =~ s/{$//; + my $f = { + "orig" => $copy, + }; + + my @args = split(/\s*,\s*/, $args); + + my $ret_name = ""; + $ret_name = "status" if $ret_type eq "psa_status_t"; + die("ret_name for $ret_type?") unless length($ret_name); + my $ret_default = ""; + $ret_default = "PSA_ERROR_CORRUPTION_DETECTED" if $ret_type eq "psa_status_t"; + die("ret_default for $ret_type?") unless length($ret_default); + + #print "FUNC $func RET_NAME $ret_name RET_TYPE $ret_type ARGS (", join("; ", @args), ")\n"; + + $f->{return} = { + "type" => $ret_type, + "default" => $ret_default, + "name" => $ret_name, + }; + $f->{args} = []; + # psa_algorithm_t alg; const uint8_t *input; size_t input_length; uint8_t *hash; size_t hash_size; size_t *hash_length + for (my $i = 0; $i <= $#args; $i++) { + my $arg = $args[$i]; + # "type" => "psa_algorithm_t", + # "ctypename" => "psa_algorithm_t ", + # "name" => "alg", + # "is_output" => 0, + my ($type, $ctype, $name, $is_output); + if ($arg =~ /^(\w+)\s+(\w+)$/) { # e.g. psa_algorithm_t alg + ($type, $name) = ($1, $2); + $ctype = $type . " "; + $is_output = 0; + } elsif ($arg =~ /^((const)\s+)?uint8_t\s*\*\s*(\w+)$/) { + $type = "buffer"; + $is_output = (length($1) == 0) ? 1 : 0; + $type = "const buffer" if !$is_output; + $ctype = ""; + $name = $3; + #print("$arg: $name: might be a buffer?\n"); + die("$arg: not a buffer 1!\n") if $i == $#args; + my $next = $args[$i + 1]; + die("$arg: not a buffer 2!\n") if $next !~ /^size_t\s+(${name}_\w+)$/; + $i++; # We're using the next param here + my $nname = $1; + $name .= ", " . $nname; + } elsif ($arg =~ /^((const)\s+)?(\w+)\s*\*(\w+)$/) { + ($type, $name) = ($3, "*" . $4); + $ctype = $1 . $type . " "; + $is_output = (length($1) == 0) ? 1 : 0; + } elsif ($arg eq "void") { + # we'll just ignore this one + } else { + die("ARG HELP $arg\n"); + } + #print "$arg => <$type><$ctype><$name><$is_output>\n"; + if ($arg ne "void") { + push(@{$f->{args}}, { + "type" => $type, + "ctypename" => $ctype, + "name" => $name, + "is_output" => $is_output, + }); + } + } + $funcs{$func} = $f; + } else { + die("FAILED"); + } + push(@rebuild, $line); + } elsif ($line =~ /^static psa_\w+_t (psa_\w*)\(/) { # begin function definition + # IGNORE static functions + } else { + if ($line =~ /psa_/) { + print "NOT PARSED: $line\n"; + } + push(@rebuild, $line); + } + } + + #print ::Dumper(\%funcs); + #exit; + + return %funcs; +} + +sub put_crypto_init_first +{ + my ($functions) = @_; + + my $want_first = "psa_crypto_init"; + + my $idx = undef; + for my $i (0 .. $#$functions) { + if ($functions->[$i] eq $want_first) { + $idx = $i; + last; + } + } + + if (defined($idx) && $idx != 0) { # Do nothing if already first + splice(@$functions, $idx, 1); + unshift(@$functions, $want_first); + } +} + +__END__ +/** + * \brief Library initialization. + * + * Applications must call this function before calling any other + * function in this module. + * + * Applications may call this function more than once. Once a call + * succeeds, subsequent calls are guaranteed to succeed. + * + * If the application calls other functions before calling psa_crypto_init(), + * the behavior is undefined. Implementations are encouraged to either perform + * the operation as if the library had been initialized or to return + * #PSA_ERROR_BAD_STATE or some other applicable error. In particular, + * implementations should not return a success status if the lack of + * initialization may have security implications, for example due to improper + * seeding of the random number generator. + * + * \retval #PSA_SUCCESS \emptydescription + * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription + * \retval #PSA_ERROR_INSUFFICIENT_STORAGE \emptydescription + * \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription + * \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription + * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription + * \retval #PSA_ERROR_INSUFFICIENT_ENTROPY \emptydescription + * \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription + * \retval #PSA_ERROR_DATA_INVALID \emptydescription + * \retval #PSA_ERROR_DATA_CORRUPT \emptydescription + */ +psa_status_t psa_crypto_init(void); + +/** Calculate the hash (digest) of a message. + * + * \note To verify the hash of a message against an + * expected value, use psa_hash_compare() instead. + * + * \param alg The hash algorithm to compute (\c PSA_ALG_XXX value + * such that #PSA_ALG_IS_HASH(\p alg) is true). + * \param[in] input Buffer containing the message to hash. + * \param input_length Size of the \p input buffer in bytes. + * \param[out] hash Buffer where the hash is to be written. + * \param hash_size Size of the \p hash buffer in bytes. + * \param[out] hash_length On success, the number of bytes + * that make up the hash value. This is always + * #PSA_HASH_LENGTH(\p alg). + * + * \retval #PSA_SUCCESS + * Success. + * \retval #PSA_ERROR_NOT_SUPPORTED + * \p alg is not supported or is not a hash algorithm. + * \retval #PSA_ERROR_INVALID_ARGUMENT \emptydescription + * \retval #PSA_ERROR_BUFFER_TOO_SMALL + * \p hash_size is too small + * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription + * \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription + * \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription + * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription + * \retval #PSA_ERROR_BAD_STATE + * The library has not been previously initialized by psa_crypto_init(). + * It is implementation-dependent whether a failure to initialize + * results in this error code. + */ +psa_status_t psa_hash_compute(psa_algorithm_t alg, + const uint8_t *input, + size_t input_length, + uint8_t *hash, + size_t hash_size, + size_t *hash_length); From a4952f945043bafd1a347f99ac4d68435dcdd250 Mon Sep 17 00:00:00 2001 From: Tom Cosgrove Date: Wed, 29 May 2024 10:28:08 +0100 Subject: [PATCH 276/429] The PSA sim logs aren't very many lines, so show them during tests Signed-off-by: Tom Cosgrove --- tests/psa-client-server/psasim/test/run_test.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/psa-client-server/psasim/test/run_test.sh b/tests/psa-client-server/psasim/test/run_test.sh index 06bcc93a82..31429c8bb5 100755 --- a/tests/psa-client-server/psasim/test/run_test.sh +++ b/tests/psa-client-server/psasim/test/run_test.sh @@ -30,8 +30,8 @@ function wait_for_server_startup() { clean_run -./psa_partition -k > psa_partition.log 2>&1 & +./psa_partition -k & SERV_PID=$! wait_for_server_startup -./psa_client > psa_client.log 2>&1 +./psa_client wait $SERV_PID From 3ebb880f90478acdf807c19588c0d625838720b9 Mon Sep 17 00:00:00 2001 From: Tom Cosgrove Date: Wed, 29 May 2024 10:29:39 +0100 Subject: [PATCH 277/429] Hook the new psa_sim_crypto_{client,server} into the build and tests - smoke test client.c becomes a trivial call to psa_crypto_init() - server.c now uses psa_sim_crypto_server.c's psa_crypto_call() - Makefile is updated to build all the modules, and allow a different MAIN - all.sh's test_psasim now tests the simulation of psa_hash_compute() too Signed-off-by: Tom Cosgrove --- tests/psa-client-server/psasim/Makefile | 10 +- .../psasim/src/aut_psa_hash_compute.c | 112 ++++++++++++++++++ tests/psa-client-server/psasim/src/client.c | 41 +------ tests/psa-client-server/psasim/src/server.c | 10 +- tests/scripts/all.sh | 9 ++ 5 files changed, 135 insertions(+), 47 deletions(-) create mode 100644 tests/psa-client-server/psasim/src/aut_psa_hash_compute.c diff --git a/tests/psa-client-server/psasim/Makefile b/tests/psa-client-server/psasim/Makefile index db0c4127f4..45ec45820e 100644 --- a/tests/psa-client-server/psasim/Makefile +++ b/tests/psa-client-server/psasim/Makefile @@ -1,3 +1,5 @@ +MAIN ?= client.c + CFLAGS += -Wall -Werror -std=c99 -D_XOPEN_SOURCE=1 -D_POSIX_C_SOURCE=200809L ifeq ($(DEBUG),1) @@ -18,12 +20,16 @@ GENERATED_H_FILES = include/psa_manifest/manifest.h \ include/psa_manifest/sid.h PSA_CLIENT_SRC = src/psa_ff_client.c \ - src/client.c + src/$(MAIN) \ + src/psa_sim_crypto_client.c \ + src/psa_sim_serialise.c PARTITION_SERVER_BOOTSTRAP = src/psa_ff_bootstrap_TEST_PARTITION.c PSA_SERVER_SRC = $(PARTITION_SERVER_BOOTSTRAP) \ - src/psa_ff_server.c + src/psa_ff_server.c \ + src/psa_sim_crypto_server.c \ + src/psa_sim_serialise.c .PHONY: all clean libpsaclient libpsaserver diff --git a/tests/psa-client-server/psasim/src/aut_psa_hash_compute.c b/tests/psa-client-server/psasim/src/aut_psa_hash_compute.c new file mode 100644 index 0000000000..519c0721f7 --- /dev/null +++ b/tests/psa-client-server/psasim/src/aut_psa_hash_compute.c @@ -0,0 +1,112 @@ +/* + * API(s) under test: psa_hash_compute() + * + * Taken from programs/psa/psa_hash.c, and calls to all hash APIs + * but psa_hash_compute() removed. + * + * Example computing a SHA-256 hash using the PSA Crypto API + * + * The example computes the SHA-256 hash of a test string using the + * one-shot API call psa_hash_compute(). + * + * + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + */ + +#include "psa/crypto.h" +#include +#include +#include + +#include "mbedtls/build_info.h" +#include "mbedtls/platform.h" + +/* Information about hashing with the PSA API can be + * found here: + * https://arm-software.github.io/psa-api/crypto/1.1/api/ops/hashes.html + * + * The algorithm used by this demo is SHA 256. + * Please see include/psa/crypto_values.h to see the other + * algorithms that are supported by Mbed TLS. + * If you switch to a different algorithm you will need to update + * the hash data in the EXAMPLE_HASH_VALUE macro below. */ + +#if !defined(MBEDTLS_PSA_CRYPTO_C) || !defined(PSA_WANT_ALG_SHA_256) +int main(void) +{ + mbedtls_printf("MBEDTLS_PSA_CRYPTO_C and PSA_WANT_ALG_SHA_256" + "not defined.\r\n"); + return EXIT_SUCCESS; +} +#else + +#define HASH_ALG PSA_ALG_SHA_256 + +const uint8_t sample_message[] = "Hello World!"; +/* sample_message is terminated with a null byte which is not part of + * the message itself so we make sure to subtract it in order to get + * the message length. */ +const size_t sample_message_length = sizeof(sample_message) - 1; + +#define EXPECTED_HASH_VALUE { \ + 0x7f, 0x83, 0xb1, 0x65, 0x7f, 0xf1, 0xfc, 0x53, 0xb9, 0x2d, 0xc1, 0x81, \ + 0x48, 0xa1, 0xd6, 0x5d, 0xfc, 0x2d, 0x4b, 0x1f, 0xa3, 0xd6, 0x77, 0x28, \ + 0x4a, 0xdd, 0xd2, 0x00, 0x12, 0x6d, 0x90, 0x69 \ +} + +const uint8_t expected_hash[] = EXPECTED_HASH_VALUE; +const size_t expected_hash_len = sizeof(expected_hash); + +int main(void) +{ + psa_status_t status; + uint8_t hash[PSA_HASH_LENGTH(HASH_ALG)]; + size_t hash_length; + + mbedtls_printf("PSA Crypto API: SHA-256 example\n\n"); + + status = psa_crypto_init(); + if (status != PSA_SUCCESS) { + mbedtls_printf("psa_crypto_init failed\n"); + return EXIT_FAILURE; + } + + /* Clear local variables prior to one-shot hash demo */ + memset(hash, 0, sizeof(hash)); + hash_length = 0; + + /* Compute hash using one-shot function call */ + status = psa_hash_compute(HASH_ALG, + sample_message, sample_message_length, + hash, sizeof(hash), + &hash_length); + if (status != PSA_SUCCESS) { + mbedtls_printf("psa_hash_compute failed\n"); + goto cleanup; + } + + if (hash_length != expected_hash_len || + (memcmp(hash, expected_hash, expected_hash_len) != 0)) { + mbedtls_printf("One-shot hash operation gave the wrong result!\n\n"); + goto cleanup; + } + + mbedtls_printf("One-shot hash operation successful!\n\n"); + + /* Print out result */ + mbedtls_printf("The SHA-256( '%s' ) is: ", sample_message); + + for (size_t j = 0; j < expected_hash_len; j++) { + mbedtls_printf("%02x", hash[j]); + } + + mbedtls_printf("\n"); + + mbedtls_psa_crypto_free(); + return EXIT_SUCCESS; + +cleanup: + return EXIT_FAILURE; +} +#endif /* !MBEDTLS_PSA_CRYPTO_C || !PSA_WANT_ALG_SHA_256 */ diff --git a/tests/psa-client-server/psasim/src/client.c b/tests/psa-client-server/psasim/src/client.c index 550a6e869d..a8c9e08f3e 100644 --- a/tests/psa-client-server/psasim/src/client.c +++ b/tests/psa-client-server/psasim/src/client.c @@ -5,50 +5,17 @@ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ -#include -#include - -/* Includes from psasim */ -#include -#include -#include "psa_manifest/sid.h" -#include "psa_functions_codes.h" - /* Includes from mbedtls */ -#include "mbedtls/version.h" #include "psa/crypto.h" -#define CLIENT_PRINT(fmt, ...) \ - PRINT("Client: " fmt, ##__VA_ARGS__) - int main() { - char mbedtls_version[18]; - // psa_invec invecs[1]; - // psa_outvec outvecs[1]; - psa_status_t status; - - mbedtls_version_get_string_full(mbedtls_version); - CLIENT_PRINT("%s", mbedtls_version); - - CLIENT_PRINT("My PID: %d", getpid()); - - CLIENT_PRINT("PSA version: %u", psa_version(PSA_SID_CRYPTO_SID)); - psa_handle_t h = psa_connect(PSA_SID_CRYPTO_SID, 1); - - if (h < 0) { - CLIENT_PRINT("Couldn't connect %d", h); - return 1; - } - - status = psa_call(h, PSA_CRYPTO_INIT, NULL, 0, NULL, 0); - CLIENT_PRINT("PSA_CRYPTO_INIT returned: %d", status); - - CLIENT_PRINT("Closing handle"); - psa_close(h); - + /* psa_crypto_init() connects to the server */ + psa_status_t status = psa_crypto_init(); if (status != PSA_SUCCESS) { return 1; } + + mbedtls_psa_crypto_free(); return 0; } diff --git a/tests/psa-client-server/psasim/src/server.c b/tests/psa-client-server/psasim/src/server.c index 21b65c709e..77ce2694e3 100644 --- a/tests/psa-client-server/psasim/src/server.c +++ b/tests/psa-client-server/psasim/src/server.c @@ -53,6 +53,7 @@ int psa_server_main(int argc, char *argv[]) const int magic_num = 66; int client_disconnected = 0; char mbedtls_version[18]; + extern psa_status_t psa_crypto_call(psa_msg_t msg); mbedtls_version_get_string_full(mbedtls_version); SERVER_PRINT("%s", mbedtls_version); @@ -83,14 +84,7 @@ int psa_server_main(int argc, char *argv[]) break; default: SERVER_PRINT("Got an IPC call of type %d", msg.type); - switch (msg.type) { - case PSA_CRYPTO_INIT: - ret = psa_crypto_init(); - break; - default: - SERVER_PRINT("Unknown PSA function code"); - break; - } + ret = psa_crypto_call(msg); SERVER_PRINT("Internal function call returned %d", ret); if (msg.client_id > 0) { diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 4f0e9bba14..e0901711d2 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -6228,6 +6228,15 @@ component_test_psasim() { msg "test psasim" tests/psa-client-server/psasim/test/run_test.sh + msg "build psasim to test psa_hash_compute" + # Delete the executable to ensure we build using the right MAIN + rm tests/psa-client-server/psasim/test/psa_client + # API under test: psa_hash_compute() + make -C tests/psa-client-server/psasim CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS" MAIN="aut_psa_hash_compute.c" + + msg "test psasim running psa_hash_compute" + tests/psa-client-server/psasim/test/run_test.sh + msg "clean psasim" make -C tests/psa-client-server/psasim clean } From 39f8b09f5bf07e98bee3e51f134b47258db31910 Mon Sep 17 00:00:00 2001 From: Tom Cosgrove Date: Wed, 29 May 2024 12:26:53 +0100 Subject: [PATCH 278/429] Add PSA crypto sim serialisation functions needed for the remaining PSA hash APIs Signed-off-by: Tom Cosgrove --- .../psasim/src/psa_sim_serialise.c | 75 +++++++++++++--- .../psasim/src/psa_sim_serialise.h | 82 ++++++++++++++--- .../psasim/src/psa_sim_serialise.pl | 87 ++++++++++++++++--- 3 files changed, 211 insertions(+), 33 deletions(-) diff --git a/tests/psa-client-server/psasim/src/psa_sim_serialise.c b/tests/psa-client-server/psasim/src/psa_sim_serialise.c index 264509cdf1..78ae9d65d7 100644 --- a/tests/psa-client-server/psasim/src/psa_sim_serialise.c +++ b/tests/psa-client-server/psasim/src/psa_sim_serialise.c @@ -130,7 +130,9 @@ size_t psasim_serialise_unsigned_int_needs(unsigned int value) return sizeof(value); } -int psasim_serialise_unsigned_int(uint8_t **pos, size_t *remaining, unsigned int value) +int psasim_serialise_unsigned_int(uint8_t **pos, + size_t *remaining, + unsigned int value) { if (*remaining < sizeof(value)) { return 0; @@ -142,7 +144,9 @@ int psasim_serialise_unsigned_int(uint8_t **pos, size_t *remaining, unsigned int return 1; } -int psasim_deserialise_unsigned_int(uint8_t **pos, size_t *remaining, unsigned int *value) +int psasim_deserialise_unsigned_int(uint8_t **pos, + size_t *remaining, + unsigned int *value) { if (*remaining < sizeof(*value)) { return 0; @@ -161,7 +165,9 @@ size_t psasim_serialise_int_needs(int value) return sizeof(value); } -int psasim_serialise_int(uint8_t **pos, size_t *remaining, int value) +int psasim_serialise_int(uint8_t **pos, + size_t *remaining, + int value) { if (*remaining < sizeof(value)) { return 0; @@ -173,7 +179,9 @@ int psasim_serialise_int(uint8_t **pos, size_t *remaining, int value) return 1; } -int psasim_deserialise_int(uint8_t **pos, size_t *remaining, int *value) +int psasim_deserialise_int(uint8_t **pos, + size_t *remaining, + int *value) { if (*remaining < sizeof(*value)) { return 0; @@ -192,7 +200,9 @@ size_t psasim_serialise_size_t_needs(size_t value) return sizeof(value); } -int psasim_serialise_size_t(uint8_t **pos, size_t *remaining, size_t value) +int psasim_serialise_size_t(uint8_t **pos, + size_t *remaining, + size_t value) { if (*remaining < sizeof(value)) { return 0; @@ -204,7 +214,9 @@ int psasim_serialise_size_t(uint8_t **pos, size_t *remaining, size_t value) return 1; } -int psasim_deserialise_size_t(uint8_t **pos, size_t *remaining, size_t *value) +int psasim_deserialise_size_t(uint8_t **pos, + size_t *remaining, + size_t *value) { if (*remaining < sizeof(*value)) { return 0; @@ -325,12 +337,16 @@ size_t psasim_serialise_psa_status_t_needs(psa_status_t value) return psasim_serialise_int_needs(value); } -int psasim_serialise_psa_status_t(uint8_t **pos, size_t *remaining, psa_status_t value) +int psasim_serialise_psa_status_t(uint8_t **pos, + size_t *remaining, + psa_status_t value) { return psasim_serialise_int(pos, remaining, value); } -int psasim_deserialise_psa_status_t(uint8_t **pos, size_t *remaining, psa_status_t *value) +int psasim_deserialise_psa_status_t(uint8_t **pos, + size_t *remaining, + psa_status_t *value) { return psasim_deserialise_int(pos, remaining, value); } @@ -340,12 +356,51 @@ size_t psasim_serialise_psa_algorithm_t_needs(psa_algorithm_t value) return psasim_serialise_unsigned_int_needs(value); } -int psasim_serialise_psa_algorithm_t(uint8_t **pos, size_t *remaining, psa_algorithm_t value) +int psasim_serialise_psa_algorithm_t(uint8_t **pos, + size_t *remaining, + psa_algorithm_t value) { return psasim_serialise_unsigned_int(pos, remaining, value); } -int psasim_deserialise_psa_algorithm_t(uint8_t **pos, size_t *remaining, psa_algorithm_t *value) +int psasim_deserialise_psa_algorithm_t(uint8_t **pos, + size_t *remaining, + psa_algorithm_t *value) { return psasim_deserialise_unsigned_int(pos, remaining, value); } + +size_t psasim_serialise_psa_hash_operation_t_needs(psa_hash_operation_t value) +{ + return sizeof(value); +} + +int psasim_serialise_psa_hash_operation_t(uint8_t **pos, + size_t *remaining, + psa_hash_operation_t value) +{ + if (*remaining < sizeof(value)) { + return 0; + } + + memcpy(*pos, &value, sizeof(value)); + *pos += sizeof(value); + + return 1; +} + +int psasim_deserialise_psa_hash_operation_t(uint8_t **pos, + size_t *remaining, + psa_hash_operation_t *value) +{ + if (*remaining < sizeof(*value)) { + return 0; + } + + memcpy(value, *pos, sizeof(*value)); + + *pos += sizeof(*value); + *remaining -= sizeof(*value); + + return 1; +} diff --git a/tests/psa-client-server/psasim/src/psa_sim_serialise.h b/tests/psa-client-server/psasim/src/psa_sim_serialise.h index 9cca7d8c65..d5eaccf482 100644 --- a/tests/psa-client-server/psasim/src/psa_sim_serialise.h +++ b/tests/psa-client-server/psasim/src/psa_sim_serialise.h @@ -113,7 +113,9 @@ size_t psasim_serialise_unsigned_int_needs(unsigned int value); * * \return \c 1 on success ("okay"), \c 0 on error. */ -int psasim_serialise_unsigned_int(uint8_t **pos, size_t *remaining, unsigned int value); +int psasim_serialise_unsigned_int(uint8_t **pos, + size_t *remaining, + unsigned int value); /** Deserialise an `unsigned int` from a buffer. * @@ -126,7 +128,9 @@ int psasim_serialise_unsigned_int(uint8_t **pos, size_t *remaining, unsigned int * * \return \c 1 on success ("okay"), \c 0 on error. */ -int psasim_deserialise_unsigned_int(uint8_t **pos, size_t *remaining, unsigned int *value); +int psasim_deserialise_unsigned_int(uint8_t **pos, + size_t *remaining, + unsigned int *value); /** Return how much buffer space is needed by \c psasim_serialise_int() * to serialise an `int`. @@ -151,7 +155,9 @@ size_t psasim_serialise_int_needs(int value); * * \return \c 1 on success ("okay"), \c 0 on error. */ -int psasim_serialise_int(uint8_t **pos, size_t *remaining, int value); +int psasim_serialise_int(uint8_t **pos, + size_t *remaining, + int value); /** Deserialise an `int` from a buffer. * @@ -164,7 +170,9 @@ int psasim_serialise_int(uint8_t **pos, size_t *remaining, int value); * * \return \c 1 on success ("okay"), \c 0 on error. */ -int psasim_deserialise_int(uint8_t **pos, size_t *remaining, int *value); +int psasim_deserialise_int(uint8_t **pos, + size_t *remaining, + int *value); /** Return how much buffer space is needed by \c psasim_serialise_size_t() * to serialise a `size_t`. @@ -189,7 +197,9 @@ size_t psasim_serialise_size_t_needs(size_t value); * * \return \c 1 on success ("okay"), \c 0 on error. */ -int psasim_serialise_size_t(uint8_t **pos, size_t *remaining, size_t value); +int psasim_serialise_size_t(uint8_t **pos, + size_t *remaining, + size_t value); /** Deserialise a `size_t` from a buffer. * @@ -202,7 +212,9 @@ int psasim_serialise_size_t(uint8_t **pos, size_t *remaining, size_t value); * * \return \c 1 on success ("okay"), \c 0 on error. */ -int psasim_deserialise_size_t(uint8_t **pos, size_t *remaining, size_t *value); +int psasim_deserialise_size_t(uint8_t **pos, + size_t *remaining, + size_t *value); /** Return how much space is needed by \c psasim_serialise_buffer() * to serialise a buffer: a (`uint8_t *`, `size_t`) pair. @@ -294,7 +306,9 @@ size_t psasim_serialise_psa_status_t_needs(psa_status_t value); * * \return \c 1 on success ("okay"), \c 0 on error. */ -int psasim_serialise_psa_status_t(uint8_t **pos, size_t *remaining, psa_status_t value); +int psasim_serialise_psa_status_t(uint8_t **pos, + size_t *remaining, + psa_status_t value); /** Deserialise a `psa_status_t` from a buffer. * @@ -307,7 +321,9 @@ int psasim_serialise_psa_status_t(uint8_t **pos, size_t *remaining, psa_status_t * * \return \c 1 on success ("okay"), \c 0 on error. */ -int psasim_deserialise_psa_status_t(uint8_t **pos, size_t *remaining, psa_status_t *value); +int psasim_deserialise_psa_status_t(uint8_t **pos, + size_t *remaining, + psa_status_t *value); /** Return how much buffer space is needed by \c psasim_serialise_psa_algorithm_t() * to serialise a `psa_algorithm_t`. @@ -332,7 +348,9 @@ size_t psasim_serialise_psa_algorithm_t_needs(psa_algorithm_t value); * * \return \c 1 on success ("okay"), \c 0 on error. */ -int psasim_serialise_psa_algorithm_t(uint8_t **pos, size_t *remaining, psa_algorithm_t value); +int psasim_serialise_psa_algorithm_t(uint8_t **pos, + size_t *remaining, + psa_algorithm_t value); /** Deserialise a `psa_algorithm_t` from a buffer. * @@ -345,4 +363,48 @@ int psasim_serialise_psa_algorithm_t(uint8_t **pos, size_t *remaining, psa_algor * * \return \c 1 on success ("okay"), \c 0 on error. */ -int psasim_deserialise_psa_algorithm_t(uint8_t **pos, size_t *remaining, psa_algorithm_t *value); +int psasim_deserialise_psa_algorithm_t(uint8_t **pos, + size_t *remaining, + psa_algorithm_t *value); + +/** Return how much buffer space is needed by \c psasim_serialise_psa_hash_operation_t() + * to serialise a `psa_hash_operation_t`. + * + * \param value The value that will be serialised into the buffer + * (needed in case some serialisations are value- + * dependent). + * + * \return The number of bytes needed in the buffer by + * \c psasim_serialise_psa_hash_operation_t() to serialise + * the given value. + */ +size_t psasim_serialise_psa_hash_operation_t_needs(psa_hash_operation_t value); + +/** Serialise a `psa_hash_operation_t` into a buffer. + * + * \param pos[in,out] Pointer to a `uint8_t *` holding current position + * in the buffer. + * \param remaining[in,out] Pointer to a `size_t` holding number of bytes + * remaining in the buffer. + * \param value The value to serialise into the buffer. + * + * \return \c 1 on success ("okay"), \c 0 on error. + */ +int psasim_serialise_psa_hash_operation_t(uint8_t **pos, + size_t *remaining, + psa_hash_operation_t value); + +/** Deserialise a `psa_hash_operation_t` from a buffer. + * + * \param pos[in,out] Pointer to a `uint8_t *` holding current position + * in the buffer. + * \param remaining[in,out] Pointer to a `size_t` holding number of bytes + * remaining in the buffer. + * \param value Pointer to a `psa_hash_operation_t` to receive the value + * deserialised from the buffer. + * + * \return \c 1 on success ("okay"), \c 0 on error. + */ +int psasim_deserialise_psa_hash_operation_t(uint8_t **pos, + size_t *remaining, + psa_hash_operation_t *value); diff --git a/tests/psa-client-server/psasim/src/psa_sim_serialise.pl b/tests/psa-client-server/psasim/src/psa_sim_serialise.pl index 2a6c3885b7..b89d058516 100644 --- a/tests/psa-client-server/psasim/src/psa_sim_serialise.pl +++ b/tests/psa-client-server/psasim/src/psa_sim_serialise.pl @@ -32,7 +32,10 @@ die($usage) unless $which eq "c" || $which eq "h"; # deserialisation functions written manually (like those for the "buffer" type # are). # -my @types = qw(unsigned-int int size_t buffer psa_status_t psa_algorithm_t); +my @types = qw(unsigned-int int size_t + buffer + psa_status_t psa_algorithm_t + psa_hash_operation_t); grep(s/-/ /g, @types); # IS-A: Some data types are typedef'd; we serialise them as the other type @@ -110,7 +113,7 @@ sub declare_serialise my $type_d = $type; $type_d =~ s/ /_/g; - return < $#code; + + # Find where the ( is + my $idx = index($code[$i], "("); + die("can't find (") if $idx < 0; + + my $indent = " " x ($idx + 1); + $code[$i + 1] =~ s/^\s+/$indent/; + $code[$i + 2] =~ s/^\s+/$indent/; + + return join("\n", @code) . "\n"; +} From 61ee59f041990b61cb3b277d0c7559662a2368db Mon Sep 17 00:00:00 2001 From: Tom Cosgrove Date: Wed, 29 May 2024 12:34:27 +0100 Subject: [PATCH 279/429] Add the rest of the psa_hash_xxx() functions to the simulator Signed-off-by: Tom Cosgrove --- .../psasim/src/psa_functions_codes.h | 7 + .../psasim/src/psa_sim_crypto_client.c | 494 +++++++++++++++ .../psasim/src/psa_sim_crypto_server.c | 571 ++++++++++++++++++ .../psasim/src/psa_sim_generate.pl | 266 ++++++++ 4 files changed, 1338 insertions(+) diff --git a/tests/psa-client-server/psasim/src/psa_functions_codes.h b/tests/psa-client-server/psasim/src/psa_functions_codes.h index 9306be95a1..00937338dd 100644 --- a/tests/psa-client-server/psasim/src/psa_functions_codes.h +++ b/tests/psa-client-server/psasim/src/psa_functions_codes.h @@ -12,7 +12,14 @@ enum { /* Start here to avoid overlap with PSA_IPC_CONNECT, PSA_IPC_DISCONNECT * and VERSION_REQUEST */ PSA_CRYPTO_INIT = 100, + PSA_HASH_ABORT, + PSA_HASH_CLONE, + PSA_HASH_COMPARE, PSA_HASH_COMPUTE, + PSA_HASH_FINISH, + PSA_HASH_SETUP, + PSA_HASH_UPDATE, + PSA_HASH_VERIFY, }; #endif /* _PSA_FUNCTIONS_CODES_H_ */ diff --git a/tests/psa-client-server/psasim/src/psa_sim_crypto_client.c b/tests/psa-client-server/psasim/src/psa_sim_crypto_client.c index 85c8a3c036..4ac6c4a581 100644 --- a/tests/psa-client-server/psasim/src/psa_sim_crypto_client.c +++ b/tests/psa-client-server/psasim/src/psa_sim_crypto_client.c @@ -121,6 +121,208 @@ void mbedtls_psa_crypto_free(void) } +psa_status_t psa_hash_abort( + psa_hash_operation_t *operation + ) +{ + uint8_t *params = NULL; + uint8_t *result = NULL; + size_t result_length; + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + + size_t needed = psasim_serialise_begin_needs() + + psasim_serialise_psa_hash_operation_t_needs(*operation); + + params = malloc(needed); + if (params == NULL) { + status = PSA_ERROR_INSUFFICIENT_MEMORY; + goto fail; + } + + uint8_t *pos = params; + size_t remaining = needed; + int ok; + ok = psasim_serialise_begin(&pos, &remaining); + if (!ok) { + goto fail; + } + ok = psasim_serialise_psa_hash_operation_t(&pos, &remaining, *operation); + if (!ok) { + goto fail; + } + + ok = psa_crypto_call(PSA_HASH_ABORT, + params, (size_t) (pos - params), &result, &result_length); + if (!ok) { + printf("XXX server call failed\n"); + goto fail; + } + + uint8_t *rpos = result; + size_t rremain = result_length; + + ok = psasim_deserialise_begin(&rpos, &rremain); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_psa_status_t(&rpos, &rremain, &status); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_psa_hash_operation_t(&rpos, &rremain, operation); + if (!ok) { + goto fail; + } + +fail: + free(params); + free(result); + + return status; +} + + +psa_status_t psa_hash_clone( + const psa_hash_operation_t *source_operation, + psa_hash_operation_t *target_operation + ) +{ + uint8_t *params = NULL; + uint8_t *result = NULL; + size_t result_length; + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + + size_t needed = psasim_serialise_begin_needs() + + psasim_serialise_psa_hash_operation_t_needs(*source_operation) + + psasim_serialise_psa_hash_operation_t_needs(*target_operation); + + params = malloc(needed); + if (params == NULL) { + status = PSA_ERROR_INSUFFICIENT_MEMORY; + goto fail; + } + + uint8_t *pos = params; + size_t remaining = needed; + int ok; + ok = psasim_serialise_begin(&pos, &remaining); + if (!ok) { + goto fail; + } + ok = psasim_serialise_psa_hash_operation_t(&pos, &remaining, *source_operation); + if (!ok) { + goto fail; + } + ok = psasim_serialise_psa_hash_operation_t(&pos, &remaining, *target_operation); + if (!ok) { + goto fail; + } + + ok = psa_crypto_call(PSA_HASH_CLONE, + params, (size_t) (pos - params), &result, &result_length); + if (!ok) { + printf("XXX server call failed\n"); + goto fail; + } + + uint8_t *rpos = result; + size_t rremain = result_length; + + ok = psasim_deserialise_begin(&rpos, &rremain); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_psa_status_t(&rpos, &rremain, &status); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_psa_hash_operation_t(&rpos, &rremain, target_operation); + if (!ok) { + goto fail; + } + +fail: + free(params); + free(result); + + return status; +} + + +psa_status_t psa_hash_compare( + psa_algorithm_t alg, + const uint8_t *input, size_t input_length, + const uint8_t *hash, size_t hash_length + ) +{ + uint8_t *params = NULL; + uint8_t *result = NULL; + size_t result_length; + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + + size_t needed = psasim_serialise_begin_needs() + + psasim_serialise_psa_algorithm_t_needs(alg) + + psasim_serialise_buffer_needs(input, input_length) + + psasim_serialise_buffer_needs(hash, hash_length); + + params = malloc(needed); + if (params == NULL) { + status = PSA_ERROR_INSUFFICIENT_MEMORY; + goto fail; + } + + uint8_t *pos = params; + size_t remaining = needed; + int ok; + ok = psasim_serialise_begin(&pos, &remaining); + if (!ok) { + goto fail; + } + ok = psasim_serialise_psa_algorithm_t(&pos, &remaining, alg); + if (!ok) { + goto fail; + } + ok = psasim_serialise_buffer(&pos, &remaining, input, input_length); + if (!ok) { + goto fail; + } + ok = psasim_serialise_buffer(&pos, &remaining, hash, hash_length); + if (!ok) { + goto fail; + } + + ok = psa_crypto_call(PSA_HASH_COMPARE, + params, (size_t) (pos - params), &result, &result_length); + if (!ok) { + printf("XXX server call failed\n"); + goto fail; + } + + uint8_t *rpos = result; + size_t rremain = result_length; + + ok = psasim_deserialise_begin(&rpos, &rremain); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_psa_status_t(&rpos, &rremain, &status); + if (!ok) { + goto fail; + } + +fail: + free(params); + free(result); + + return status; +} + + psa_status_t psa_hash_compute( psa_algorithm_t alg, const uint8_t *input, size_t input_length, @@ -205,3 +407,295 @@ fail: return status; } + + +psa_status_t psa_hash_finish( + psa_hash_operation_t *operation, + uint8_t *hash, size_t hash_size, + size_t *hash_length + ) +{ + uint8_t *params = NULL; + uint8_t *result = NULL; + size_t result_length; + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + + size_t needed = psasim_serialise_begin_needs() + + psasim_serialise_psa_hash_operation_t_needs(*operation) + + psasim_serialise_buffer_needs(hash, hash_size) + + psasim_serialise_size_t_needs(*hash_length); + + params = malloc(needed); + if (params == NULL) { + status = PSA_ERROR_INSUFFICIENT_MEMORY; + goto fail; + } + + uint8_t *pos = params; + size_t remaining = needed; + int ok; + ok = psasim_serialise_begin(&pos, &remaining); + if (!ok) { + goto fail; + } + ok = psasim_serialise_psa_hash_operation_t(&pos, &remaining, *operation); + if (!ok) { + goto fail; + } + ok = psasim_serialise_buffer(&pos, &remaining, hash, hash_size); + if (!ok) { + goto fail; + } + ok = psasim_serialise_size_t(&pos, &remaining, *hash_length); + if (!ok) { + goto fail; + } + + ok = psa_crypto_call(PSA_HASH_FINISH, + params, (size_t) (pos - params), &result, &result_length); + if (!ok) { + printf("XXX server call failed\n"); + goto fail; + } + + uint8_t *rpos = result; + size_t rremain = result_length; + + ok = psasim_deserialise_begin(&rpos, &rremain); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_psa_status_t(&rpos, &rremain, &status); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_psa_hash_operation_t(&rpos, &rremain, operation); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_return_buffer(&rpos, &rremain, hash, hash_size); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_size_t(&rpos, &rremain, hash_length); + if (!ok) { + goto fail; + } + +fail: + free(params); + free(result); + + return status; +} + + +psa_status_t psa_hash_setup( + psa_hash_operation_t *operation, + psa_algorithm_t alg + ) +{ + uint8_t *params = NULL; + uint8_t *result = NULL; + size_t result_length; + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + + size_t needed = psasim_serialise_begin_needs() + + psasim_serialise_psa_hash_operation_t_needs(*operation) + + psasim_serialise_psa_algorithm_t_needs(alg); + + params = malloc(needed); + if (params == NULL) { + status = PSA_ERROR_INSUFFICIENT_MEMORY; + goto fail; + } + + uint8_t *pos = params; + size_t remaining = needed; + int ok; + ok = psasim_serialise_begin(&pos, &remaining); + if (!ok) { + goto fail; + } + ok = psasim_serialise_psa_hash_operation_t(&pos, &remaining, *operation); + if (!ok) { + goto fail; + } + ok = psasim_serialise_psa_algorithm_t(&pos, &remaining, alg); + if (!ok) { + goto fail; + } + + ok = psa_crypto_call(PSA_HASH_SETUP, + params, (size_t) (pos - params), &result, &result_length); + if (!ok) { + printf("XXX server call failed\n"); + goto fail; + } + + uint8_t *rpos = result; + size_t rremain = result_length; + + ok = psasim_deserialise_begin(&rpos, &rremain); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_psa_status_t(&rpos, &rremain, &status); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_psa_hash_operation_t(&rpos, &rremain, operation); + if (!ok) { + goto fail; + } + +fail: + free(params); + free(result); + + return status; +} + + +psa_status_t psa_hash_update( + psa_hash_operation_t *operation, + const uint8_t *input, size_t input_length + ) +{ + uint8_t *params = NULL; + uint8_t *result = NULL; + size_t result_length; + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + + size_t needed = psasim_serialise_begin_needs() + + psasim_serialise_psa_hash_operation_t_needs(*operation) + + psasim_serialise_buffer_needs(input, input_length); + + params = malloc(needed); + if (params == NULL) { + status = PSA_ERROR_INSUFFICIENT_MEMORY; + goto fail; + } + + uint8_t *pos = params; + size_t remaining = needed; + int ok; + ok = psasim_serialise_begin(&pos, &remaining); + if (!ok) { + goto fail; + } + ok = psasim_serialise_psa_hash_operation_t(&pos, &remaining, *operation); + if (!ok) { + goto fail; + } + ok = psasim_serialise_buffer(&pos, &remaining, input, input_length); + if (!ok) { + goto fail; + } + + ok = psa_crypto_call(PSA_HASH_UPDATE, + params, (size_t) (pos - params), &result, &result_length); + if (!ok) { + printf("XXX server call failed\n"); + goto fail; + } + + uint8_t *rpos = result; + size_t rremain = result_length; + + ok = psasim_deserialise_begin(&rpos, &rremain); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_psa_status_t(&rpos, &rremain, &status); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_psa_hash_operation_t(&rpos, &rremain, operation); + if (!ok) { + goto fail; + } + +fail: + free(params); + free(result); + + return status; +} + + +psa_status_t psa_hash_verify( + psa_hash_operation_t *operation, + const uint8_t *hash, size_t hash_length + ) +{ + uint8_t *params = NULL; + uint8_t *result = NULL; + size_t result_length; + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + + size_t needed = psasim_serialise_begin_needs() + + psasim_serialise_psa_hash_operation_t_needs(*operation) + + psasim_serialise_buffer_needs(hash, hash_length); + + params = malloc(needed); + if (params == NULL) { + status = PSA_ERROR_INSUFFICIENT_MEMORY; + goto fail; + } + + uint8_t *pos = params; + size_t remaining = needed; + int ok; + ok = psasim_serialise_begin(&pos, &remaining); + if (!ok) { + goto fail; + } + ok = psasim_serialise_psa_hash_operation_t(&pos, &remaining, *operation); + if (!ok) { + goto fail; + } + ok = psasim_serialise_buffer(&pos, &remaining, hash, hash_length); + if (!ok) { + goto fail; + } + + ok = psa_crypto_call(PSA_HASH_VERIFY, + params, (size_t) (pos - params), &result, &result_length); + if (!ok) { + printf("XXX server call failed\n"); + goto fail; + } + + uint8_t *rpos = result; + size_t rremain = result_length; + + ok = psasim_deserialise_begin(&rpos, &rremain); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_psa_status_t(&rpos, &rremain, &status); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_psa_hash_operation_t(&rpos, &rremain, operation); + if (!ok) { + goto fail; + } + +fail: + free(params); + free(result); + + return status; +} diff --git a/tests/psa-client-server/psasim/src/psa_sim_crypto_server.c b/tests/psa-client-server/psasim/src/psa_sim_crypto_server.c index c15b2b0c82..7a8068237d 100644 --- a/tests/psa-client-server/psasim/src/psa_sim_crypto_server.c +++ b/tests/psa-client-server/psasim/src/psa_sim_crypto_server.c @@ -60,6 +60,227 @@ fail: return 0; // This shouldn't happen! } +// Returns 1 for success, 0 for failure +int psa_hash_abort_wrapper( + uint8_t *in_params, size_t in_params_len, + uint8_t **out_params, size_t *out_params_len) +{ + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + psa_hash_operation_t operation; + + uint8_t *pos = in_params; + size_t remaining = in_params_len; + uint8_t *result = NULL; + int ok; + + ok = psasim_deserialise_begin(&pos, &remaining); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_psa_hash_operation_t(&pos, &remaining, &operation); + if (!ok) { + goto fail; + } + + // Now we call the actual target function + + status = psa_hash_abort( + &operation + ); + + // NOTE: Should really check there is no overflow as we go along. + size_t result_size = + psasim_serialise_begin_needs() + + psasim_serialise_psa_status_t_needs(status) + + psasim_serialise_psa_hash_operation_t_needs(operation); + + result = malloc(result_size); + if (result == NULL) { + goto fail; + } + + uint8_t *rpos = result; + size_t rremain = result_size; + + ok = psasim_serialise_begin(&rpos, &rremain); + if (!ok) { + goto fail; + } + + ok = psasim_serialise_psa_status_t(&rpos, &rremain, status); + if (!ok) { + goto fail; + } + + ok = psasim_serialise_psa_hash_operation_t(&rpos, &rremain, operation); + if (!ok) { + goto fail; + } + + *out_params = result; + *out_params_len = result_size; + + return 1; // success + +fail: + free(result); + return 0; // This shouldn't happen! +} + +// Returns 1 for success, 0 for failure +int psa_hash_clone_wrapper( + uint8_t *in_params, size_t in_params_len, + uint8_t **out_params, size_t *out_params_len) +{ + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + psa_hash_operation_t source_operation; + psa_hash_operation_t target_operation; + + uint8_t *pos = in_params; + size_t remaining = in_params_len; + uint8_t *result = NULL; + int ok; + + ok = psasim_deserialise_begin(&pos, &remaining); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_psa_hash_operation_t(&pos, &remaining, &source_operation); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_psa_hash_operation_t(&pos, &remaining, &target_operation); + if (!ok) { + goto fail; + } + + // Now we call the actual target function + + status = psa_hash_clone( + &source_operation, + &target_operation + ); + + // NOTE: Should really check there is no overflow as we go along. + size_t result_size = + psasim_serialise_begin_needs() + + psasim_serialise_psa_status_t_needs(status) + + psasim_serialise_psa_hash_operation_t_needs(target_operation); + + result = malloc(result_size); + if (result == NULL) { + goto fail; + } + + uint8_t *rpos = result; + size_t rremain = result_size; + + ok = psasim_serialise_begin(&rpos, &rremain); + if (!ok) { + goto fail; + } + + ok = psasim_serialise_psa_status_t(&rpos, &rremain, status); + if (!ok) { + goto fail; + } + + ok = psasim_serialise_psa_hash_operation_t(&rpos, &rremain, target_operation); + if (!ok) { + goto fail; + } + + *out_params = result; + *out_params_len = result_size; + + return 1; // success + +fail: + free(result); + return 0; // This shouldn't happen! +} + +// Returns 1 for success, 0 for failure +int psa_hash_compare_wrapper( + uint8_t *in_params, size_t in_params_len, + uint8_t **out_params, size_t *out_params_len) +{ + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + psa_algorithm_t alg; + uint8_t *input = NULL; + size_t input_length; + uint8_t *hash = NULL; + size_t hash_length; + + uint8_t *pos = in_params; + size_t remaining = in_params_len; + uint8_t *result = NULL; + int ok; + + ok = psasim_deserialise_begin(&pos, &remaining); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_psa_algorithm_t(&pos, &remaining, &alg); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_buffer(&pos, &remaining, &input, &input_length); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_buffer(&pos, &remaining, &hash, &hash_length); + if (!ok) { + goto fail; + } + + // Now we call the actual target function + + status = psa_hash_compare( + alg, + input, input_length, + hash, hash_length + ); + + // NOTE: Should really check there is no overflow as we go along. + size_t result_size = + psasim_serialise_begin_needs() + + psasim_serialise_psa_status_t_needs(status); + + result = malloc(result_size); + if (result == NULL) { + goto fail; + } + + uint8_t *rpos = result; + size_t rremain = result_size; + + ok = psasim_serialise_begin(&rpos, &rremain); + if (!ok) { + goto fail; + } + + ok = psasim_serialise_psa_status_t(&rpos, &rremain, status); + if (!ok) { + goto fail; + } + + *out_params = result; + *out_params_len = result_size; + + return 1; // success + +fail: + free(result); + return 0; // This shouldn't happen! +} + // Returns 1 for success, 0 for failure int psa_hash_compute_wrapper( uint8_t *in_params, size_t in_params_len, @@ -157,6 +378,328 @@ fail: return 0; // This shouldn't happen! } +// Returns 1 for success, 0 for failure +int psa_hash_finish_wrapper( + uint8_t *in_params, size_t in_params_len, + uint8_t **out_params, size_t *out_params_len) +{ + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + psa_hash_operation_t operation; + uint8_t *hash = NULL; + size_t hash_size; + size_t hash_length; + + uint8_t *pos = in_params; + size_t remaining = in_params_len; + uint8_t *result = NULL; + int ok; + + ok = psasim_deserialise_begin(&pos, &remaining); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_psa_hash_operation_t(&pos, &remaining, &operation); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_buffer(&pos, &remaining, &hash, &hash_size); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_size_t(&pos, &remaining, &hash_length); + if (!ok) { + goto fail; + } + + // Now we call the actual target function + + status = psa_hash_finish( + &operation, + hash, hash_size, + &hash_length + ); + + // NOTE: Should really check there is no overflow as we go along. + size_t result_size = + psasim_serialise_begin_needs() + + psasim_serialise_psa_status_t_needs(status) + + psasim_serialise_psa_hash_operation_t_needs(operation) + + psasim_serialise_buffer_needs(hash, hash_size) + + psasim_serialise_size_t_needs(hash_length); + + result = malloc(result_size); + if (result == NULL) { + goto fail; + } + + uint8_t *rpos = result; + size_t rremain = result_size; + + ok = psasim_serialise_begin(&rpos, &rremain); + if (!ok) { + goto fail; + } + + ok = psasim_serialise_psa_status_t(&rpos, &rremain, status); + if (!ok) { + goto fail; + } + + ok = psasim_serialise_psa_hash_operation_t(&rpos, &rremain, operation); + if (!ok) { + goto fail; + } + + ok = psasim_serialise_buffer(&rpos, &rremain, hash, hash_size); + if (!ok) { + goto fail; + } + + ok = psasim_serialise_size_t(&rpos, &rremain, hash_length); + if (!ok) { + goto fail; + } + + *out_params = result; + *out_params_len = result_size; + + return 1; // success + +fail: + free(result); + return 0; // This shouldn't happen! +} + +// Returns 1 for success, 0 for failure +int psa_hash_setup_wrapper( + uint8_t *in_params, size_t in_params_len, + uint8_t **out_params, size_t *out_params_len) +{ + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + psa_hash_operation_t operation; + psa_algorithm_t alg; + + uint8_t *pos = in_params; + size_t remaining = in_params_len; + uint8_t *result = NULL; + int ok; + + ok = psasim_deserialise_begin(&pos, &remaining); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_psa_hash_operation_t(&pos, &remaining, &operation); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_psa_algorithm_t(&pos, &remaining, &alg); + if (!ok) { + goto fail; + } + + // Now we call the actual target function + + status = psa_hash_setup( + &operation, + alg + ); + + // NOTE: Should really check there is no overflow as we go along. + size_t result_size = + psasim_serialise_begin_needs() + + psasim_serialise_psa_status_t_needs(status) + + psasim_serialise_psa_hash_operation_t_needs(operation); + + result = malloc(result_size); + if (result == NULL) { + goto fail; + } + + uint8_t *rpos = result; + size_t rremain = result_size; + + ok = psasim_serialise_begin(&rpos, &rremain); + if (!ok) { + goto fail; + } + + ok = psasim_serialise_psa_status_t(&rpos, &rremain, status); + if (!ok) { + goto fail; + } + + ok = psasim_serialise_psa_hash_operation_t(&rpos, &rremain, operation); + if (!ok) { + goto fail; + } + + *out_params = result; + *out_params_len = result_size; + + return 1; // success + +fail: + free(result); + return 0; // This shouldn't happen! +} + +// Returns 1 for success, 0 for failure +int psa_hash_update_wrapper( + uint8_t *in_params, size_t in_params_len, + uint8_t **out_params, size_t *out_params_len) +{ + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + psa_hash_operation_t operation; + uint8_t *input = NULL; + size_t input_length; + + uint8_t *pos = in_params; + size_t remaining = in_params_len; + uint8_t *result = NULL; + int ok; + + ok = psasim_deserialise_begin(&pos, &remaining); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_psa_hash_operation_t(&pos, &remaining, &operation); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_buffer(&pos, &remaining, &input, &input_length); + if (!ok) { + goto fail; + } + + // Now we call the actual target function + + status = psa_hash_update( + &operation, + input, input_length + ); + + // NOTE: Should really check there is no overflow as we go along. + size_t result_size = + psasim_serialise_begin_needs() + + psasim_serialise_psa_status_t_needs(status) + + psasim_serialise_psa_hash_operation_t_needs(operation); + + result = malloc(result_size); + if (result == NULL) { + goto fail; + } + + uint8_t *rpos = result; + size_t rremain = result_size; + + ok = psasim_serialise_begin(&rpos, &rremain); + if (!ok) { + goto fail; + } + + ok = psasim_serialise_psa_status_t(&rpos, &rremain, status); + if (!ok) { + goto fail; + } + + ok = psasim_serialise_psa_hash_operation_t(&rpos, &rremain, operation); + if (!ok) { + goto fail; + } + + *out_params = result; + *out_params_len = result_size; + + return 1; // success + +fail: + free(result); + return 0; // This shouldn't happen! +} + +// Returns 1 for success, 0 for failure +int psa_hash_verify_wrapper( + uint8_t *in_params, size_t in_params_len, + uint8_t **out_params, size_t *out_params_len) +{ + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + psa_hash_operation_t operation; + uint8_t *hash = NULL; + size_t hash_length; + + uint8_t *pos = in_params; + size_t remaining = in_params_len; + uint8_t *result = NULL; + int ok; + + ok = psasim_deserialise_begin(&pos, &remaining); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_psa_hash_operation_t(&pos, &remaining, &operation); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_buffer(&pos, &remaining, &hash, &hash_length); + if (!ok) { + goto fail; + } + + // Now we call the actual target function + + status = psa_hash_verify( + &operation, + hash, hash_length + ); + + // NOTE: Should really check there is no overflow as we go along. + size_t result_size = + psasim_serialise_begin_needs() + + psasim_serialise_psa_status_t_needs(status) + + psasim_serialise_psa_hash_operation_t_needs(operation); + + result = malloc(result_size); + if (result == NULL) { + goto fail; + } + + uint8_t *rpos = result; + size_t rremain = result_size; + + ok = psasim_serialise_begin(&rpos, &rremain); + if (!ok) { + goto fail; + } + + ok = psasim_serialise_psa_status_t(&rpos, &rremain, status); + if (!ok) { + goto fail; + } + + ok = psasim_serialise_psa_hash_operation_t(&rpos, &rremain, operation); + if (!ok) { + goto fail; + } + + *out_params = result; + *out_params_len = result_size; + + return 1; // success + +fail: + free(result); + return 0; // This shouldn't happen! +} + psa_status_t psa_crypto_call(psa_msg_t msg) { int ok = 0; @@ -197,10 +740,38 @@ psa_status_t psa_crypto_call(psa_msg_t msg) ok = psa_crypto_init_wrapper(in_params, in_params_len, &out_params, &out_params_len); break; + case PSA_HASH_ABORT: + ok = psa_hash_abort_wrapper(in_params, in_params_len, + &out_params, &out_params_len); + break; + case PSA_HASH_CLONE: + ok = psa_hash_clone_wrapper(in_params, in_params_len, + &out_params, &out_params_len); + break; + case PSA_HASH_COMPARE: + ok = psa_hash_compare_wrapper(in_params, in_params_len, + &out_params, &out_params_len); + break; case PSA_HASH_COMPUTE: ok = psa_hash_compute_wrapper(in_params, in_params_len, &out_params, &out_params_len); break; + case PSA_HASH_FINISH: + ok = psa_hash_finish_wrapper(in_params, in_params_len, + &out_params, &out_params_len); + break; + case PSA_HASH_SETUP: + ok = psa_hash_setup_wrapper(in_params, in_params_len, + &out_params, &out_params_len); + break; + case PSA_HASH_UPDATE: + ok = psa_hash_update_wrapper(in_params, in_params_len, + &out_params, &out_params_len); + break; + case PSA_HASH_VERIFY: + ok = psa_hash_verify_wrapper(in_params, in_params_len, + &out_params, &out_params_len); + break; } free(in_params); diff --git a/tests/psa-client-server/psasim/src/psa_sim_generate.pl b/tests/psa-client-server/psasim/src/psa_sim_generate.pl index 62c1a893b7..9eef1e52d2 100644 --- a/tests/psa-client-server/psasim/src/psa_sim_generate.pl +++ b/tests/psa-client-server/psasim/src/psa_sim_generate.pl @@ -1128,3 +1128,269 @@ psa_status_t psa_hash_compute(psa_algorithm_t alg, uint8_t *hash, size_t hash_size, size_t *hash_length); + +/* XXX We put this next one in place to check we ignore static functions + * when we eventually read all this from a real header file + */ + +/** Return an initial value for a hash operation object. + */ +static psa_hash_operation_t psa_hash_operation_init(void); + +/* XXX Back to normal function declarations */ + +/** Set up a multipart hash operation. + * + * The sequence of operations to calculate a hash (message digest) + * is as follows: + * -# Allocate an operation object which will be passed to all the functions + * listed here. + * -# Initialize the operation object with one of the methods described in the + * documentation for #psa_hash_operation_t, e.g. #PSA_HASH_OPERATION_INIT. + * -# Call psa_hash_setup() to specify the algorithm. + * -# Call psa_hash_update() zero, one or more times, passing a fragment + * of the message each time. The hash that is calculated is the hash + * of the concatenation of these messages in order. + * -# To calculate the hash, call psa_hash_finish(). + * To compare the hash with an expected value, call psa_hash_verify(). + * + * If an error occurs at any step after a call to psa_hash_setup(), the + * operation will need to be reset by a call to psa_hash_abort(). The + * application may call psa_hash_abort() at any time after the operation + * has been initialized. + * + * After a successful call to psa_hash_setup(), the application must + * eventually terminate the operation. The following events terminate an + * operation: + * - A successful call to psa_hash_finish() or psa_hash_verify(). + * - A call to psa_hash_abort(). + * + * \param[in,out] operation The operation object to set up. It must have + * been initialized as per the documentation for + * #psa_hash_operation_t and not yet in use. + * \param alg The hash algorithm to compute (\c PSA_ALG_XXX value + * such that #PSA_ALG_IS_HASH(\p alg) is true). + * + * \retval #PSA_SUCCESS + * Success. + * \retval #PSA_ERROR_NOT_SUPPORTED + * \p alg is not a supported hash algorithm. + * \retval #PSA_ERROR_INVALID_ARGUMENT + * \p alg is not a hash algorithm. + * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription + * \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription + * \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription + * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription + * \retval #PSA_ERROR_BAD_STATE + * The operation state is not valid (it must be inactive), or + * the library has not been previously initialized by psa_crypto_init(). + * It is implementation-dependent whether a failure to initialize + * results in this error code. + */ +psa_status_t psa_hash_setup(psa_hash_operation_t *operation, + psa_algorithm_t alg); + +/** Add a message fragment to a multipart hash operation. + * + * The application must call psa_hash_setup() before calling this function. + * + * If this function returns an error status, the operation enters an error + * state and must be aborted by calling psa_hash_abort(). + * + * \param[in,out] operation Active hash operation. + * \param[in] input Buffer containing the message fragment to hash. + * \param input_length Size of the \p input buffer in bytes. + * + * \retval #PSA_SUCCESS + * Success. + * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription + * \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription + * \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription + * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription + * \retval #PSA_ERROR_BAD_STATE + * The operation state is not valid (it must be active), or + * the library has not been previously initialized by psa_crypto_init(). + * It is implementation-dependent whether a failure to initialize + * results in this error code. + */ +psa_status_t psa_hash_update(psa_hash_operation_t *operation, + const uint8_t *input, + size_t input_length); + +/** Finish the calculation of the hash of a message. + * + * The application must call psa_hash_setup() before calling this function. + * This function calculates the hash of the message formed by concatenating + * the inputs passed to preceding calls to psa_hash_update(). + * + * When this function returns successfully, the operation becomes inactive. + * If this function returns an error status, the operation enters an error + * state and must be aborted by calling psa_hash_abort(). + * + * \warning Applications should not call this function if they expect + * a specific value for the hash. Call psa_hash_verify() instead. + * Beware that comparing integrity or authenticity data such as + * hash values with a function such as \c memcmp is risky + * because the time taken by the comparison may leak information + * about the hashed data which could allow an attacker to guess + * a valid hash and thereby bypass security controls. + * + * \param[in,out] operation Active hash operation. + * \param[out] hash Buffer where the hash is to be written. + * \param hash_size Size of the \p hash buffer in bytes. + * \param[out] hash_length On success, the number of bytes + * that make up the hash value. This is always + * #PSA_HASH_LENGTH(\c alg) where \c alg is the + * hash algorithm that is calculated. + * + * \retval #PSA_SUCCESS + * Success. + * \retval #PSA_ERROR_BUFFER_TOO_SMALL + * The size of the \p hash buffer is too small. You can determine a + * sufficient buffer size by calling #PSA_HASH_LENGTH(\c alg) + * where \c alg is the hash algorithm that is calculated. + * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription + * \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription + * \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription + * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription + * \retval #PSA_ERROR_BAD_STATE + * The operation state is not valid (it must be active), or + * the library has not been previously initialized by psa_crypto_init(). + * It is implementation-dependent whether a failure to initialize + * results in this error code. + */ +psa_status_t psa_hash_finish(psa_hash_operation_t *operation, + uint8_t *hash, + size_t hash_size, + size_t *hash_length); + +/** Finish the calculation of the hash of a message and compare it with + * an expected value. + * + * The application must call psa_hash_setup() before calling this function. + * This function calculates the hash of the message formed by concatenating + * the inputs passed to preceding calls to psa_hash_update(). It then + * compares the calculated hash with the expected hash passed as a + * parameter to this function. + * + * When this function returns successfully, the operation becomes inactive. + * If this function returns an error status, the operation enters an error + * state and must be aborted by calling psa_hash_abort(). + * + * \note Implementations shall make the best effort to ensure that the + * comparison between the actual hash and the expected hash is performed + * in constant time. + * + * \param[in,out] operation Active hash operation. + * \param[in] hash Buffer containing the expected hash value. + * \param hash_length Size of the \p hash buffer in bytes. + * + * \retval #PSA_SUCCESS + * The expected hash is identical to the actual hash of the message. + * \retval #PSA_ERROR_INVALID_SIGNATURE + * The hash of the message was calculated successfully, but it + * differs from the expected hash. + * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription + * \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription + * \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription + * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription + * \retval #PSA_ERROR_BAD_STATE + * The operation state is not valid (it must be active), or + * the library has not been previously initialized by psa_crypto_init(). + * It is implementation-dependent whether a failure to initialize + * results in this error code. + */ +psa_status_t psa_hash_verify(psa_hash_operation_t *operation, + const uint8_t *hash, + size_t hash_length); + +/** Abort a hash operation. + * + * Aborting an operation frees all associated resources except for the + * \p operation structure itself. Once aborted, the operation object + * can be reused for another operation by calling + * psa_hash_setup() again. + * + * You may call this function any time after the operation object has + * been initialized by one of the methods described in #psa_hash_operation_t. + * + * In particular, calling psa_hash_abort() after the operation has been + * terminated by a call to psa_hash_abort(), psa_hash_finish() or + * psa_hash_verify() is safe and has no effect. + * + * \param[in,out] operation Initialized hash operation. + * + * \retval #PSA_SUCCESS \emptydescription + * \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription + * \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription + * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription + * \retval #PSA_ERROR_BAD_STATE + * The library has not been previously initialized by psa_crypto_init(). + * It is implementation-dependent whether a failure to initialize + * results in this error code. + */ +psa_status_t psa_hash_abort(psa_hash_operation_t *operation); + +/** Clone a hash operation. + * + * This function copies the state of an ongoing hash operation to + * a new operation object. In other words, this function is equivalent + * to calling psa_hash_setup() on \p target_operation with the same + * algorithm that \p source_operation was set up for, then + * psa_hash_update() on \p target_operation with the same input that + * that was passed to \p source_operation. After this function returns, the + * two objects are independent, i.e. subsequent calls involving one of + * the objects do not affect the other object. + * + * \param[in] source_operation The active hash operation to clone. + * \param[in,out] target_operation The operation object to set up. + * It must be initialized but not active. + * + * \retval #PSA_SUCCESS \emptydescription + * \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription + * \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription + * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription + * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription + * \retval #PSA_ERROR_BAD_STATE + * The \p source_operation state is not valid (it must be active), or + * the \p target_operation state is not valid (it must be inactive), or + * the library has not been previously initialized by psa_crypto_init(). + * It is implementation-dependent whether a failure to initialize + * results in this error code. + */ +psa_status_t psa_hash_clone(const psa_hash_operation_t *source_operation, + psa_hash_operation_t *target_operation); + +/** Calculate the hash (digest) of a message and compare it with a + * reference value. + * + * \param alg The hash algorithm to compute (\c PSA_ALG_XXX value + * such that #PSA_ALG_IS_HASH(\p alg) is true). + * \param[in] input Buffer containing the message to hash. + * \param input_length Size of the \p input buffer in bytes. + * \param[out] hash Buffer containing the expected hash value. + * \param hash_length Size of the \p hash buffer in bytes. + * + * \retval #PSA_SUCCESS + * The expected hash is identical to the actual hash of the input. + * \retval #PSA_ERROR_INVALID_SIGNATURE + * The hash of the message was calculated successfully, but it + * differs from the expected hash. + * \retval #PSA_ERROR_NOT_SUPPORTED + * \p alg is not supported or is not a hash algorithm. + * \retval #PSA_ERROR_INVALID_ARGUMENT + * \p input_length or \p hash_length do not match the hash size for \p alg + * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription + * \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription + * \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription + * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription + * \retval #PSA_ERROR_BAD_STATE + * The library has not been previously initialized by psa_crypto_init(). + * It is implementation-dependent whether a failure to initialize + * results in this error code. + */ +psa_status_t psa_hash_compare(psa_algorithm_t alg, + const uint8_t *input, + size_t input_length, + const uint8_t *hash, + size_t hash_length); From e2f0e3012af9386ad68bcdf1fd160cc3e18d8920 Mon Sep 17 00:00:00 2001 From: Tom Cosgrove Date: Wed, 29 May 2024 12:36:09 +0100 Subject: [PATCH 280/429] Extend PSA crypto simulator tests to run psa_hash.c under the simulator Signed-off-by: Tom Cosgrove --- tests/psa-client-server/psasim/Makefile | 4 ++-- tests/scripts/all.sh | 17 ++++++++++++++++- 2 files changed, 18 insertions(+), 3 deletions(-) diff --git a/tests/psa-client-server/psasim/Makefile b/tests/psa-client-server/psasim/Makefile index 45ec45820e..06d3059b4b 100644 --- a/tests/psa-client-server/psasim/Makefile +++ b/tests/psa-client-server/psasim/Makefile @@ -1,4 +1,4 @@ -MAIN ?= client.c +MAIN ?= src/client.c CFLAGS += -Wall -Werror -std=c99 -D_XOPEN_SOURCE=1 -D_POSIX_C_SOURCE=200809L @@ -20,7 +20,7 @@ GENERATED_H_FILES = include/psa_manifest/manifest.h \ include/psa_manifest/sid.h PSA_CLIENT_SRC = src/psa_ff_client.c \ - src/$(MAIN) \ + $(MAIN) \ src/psa_sim_crypto_client.c \ src/psa_sim_serialise.c diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index e0901711d2..c0abf056bd 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -6232,11 +6232,26 @@ component_test_psasim() { # Delete the executable to ensure we build using the right MAIN rm tests/psa-client-server/psasim/test/psa_client # API under test: psa_hash_compute() - make -C tests/psa-client-server/psasim CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS" MAIN="aut_psa_hash_compute.c" + make -C tests/psa-client-server/psasim CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS" MAIN="src/aut_psa_hash_compute.c" msg "test psasim running psa_hash_compute" tests/psa-client-server/psasim/test/run_test.sh + # Next APIs under test: psa_hash_*(). Just use the PSA hash example. + aut_psa_hash="../../../programs/psa/psa_hash.c" + if [ -f "tests/psa-client-server/psasim/$aut_psa_hash" ]; then + + msg "build psasim to test all psa_hash_* APIs" + # Delete the executable to ensure we build using the right MAIN + rm tests/psa-client-server/psasim/test/psa_client + make -C tests/psa-client-server/psasim CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS" MAIN="$aut_psa_hash" + + msg "test psasim running psa_hash sample" + tests/psa-client-server/psasim/test/run_test.sh + else + echo $aut_psa_hash NOT FOUND, so not running that test + fi + msg "clean psasim" make -C tests/psa-client-server/psasim clean } From ca0c1473545b7c4f5b1de77513c93fd0ae02b892 Mon Sep 17 00:00:00 2001 From: Tom Cosgrove Date: Wed, 29 May 2024 16:52:38 +0100 Subject: [PATCH 281/429] Mark temporary PSA crypto sim Perl scripts as executable Signed-off-by: Tom Cosgrove --- tests/psa-client-server/psasim/src/psa_sim_generate.pl | 0 tests/psa-client-server/psasim/src/psa_sim_serialise.pl | 0 2 files changed, 0 insertions(+), 0 deletions(-) mode change 100644 => 100755 tests/psa-client-server/psasim/src/psa_sim_generate.pl mode change 100644 => 100755 tests/psa-client-server/psasim/src/psa_sim_serialise.pl diff --git a/tests/psa-client-server/psasim/src/psa_sim_generate.pl b/tests/psa-client-server/psasim/src/psa_sim_generate.pl old mode 100644 new mode 100755 diff --git a/tests/psa-client-server/psasim/src/psa_sim_serialise.pl b/tests/psa-client-server/psasim/src/psa_sim_serialise.pl old mode 100644 new mode 100755 From 8bfb758e875858479a55768ca2e0f65fb237c7ed Mon Sep 17 00:00:00 2001 From: Tom Cosgrove Date: Wed, 29 May 2024 22:48:45 +0100 Subject: [PATCH 282/429] PSA crypto sim's server wrappers need to free deseraliased buffers when they're no longer needed Signed-off-by: Tom Cosgrove --- .../psasim/src/psa_sim_crypto_server.c | 33 +++++++++++++++++++ .../psasim/src/psa_sim_generate.pl | 9 ++++- 2 files changed, 41 insertions(+), 1 deletion(-) diff --git a/tests/psa-client-server/psasim/src/psa_sim_crypto_server.c b/tests/psa-client-server/psasim/src/psa_sim_crypto_server.c index 7a8068237d..7e874d16e8 100644 --- a/tests/psa-client-server/psasim/src/psa_sim_crypto_server.c +++ b/tests/psa-client-server/psasim/src/psa_sim_crypto_server.c @@ -57,6 +57,7 @@ int psa_crypto_init_wrapper( fail: free(result); + return 0; // This shouldn't happen! } @@ -125,6 +126,7 @@ int psa_hash_abort_wrapper( fail: free(result); + return 0; // This shouldn't happen! } @@ -200,6 +202,7 @@ int psa_hash_clone_wrapper( fail: free(result); + return 0; // This shouldn't happen! } @@ -274,10 +277,17 @@ int psa_hash_compare_wrapper( *out_params = result; *out_params_len = result_size; + free(input); + free(hash); + return 1; // success fail: free(result); + + free(input); + free(hash); + return 0; // This shouldn't happen! } @@ -371,10 +381,17 @@ int psa_hash_compute_wrapper( *out_params = result; *out_params_len = result_size; + free(input); + free(hash); + return 1; // success fail: free(result); + + free(input); + free(hash); + return 0; // This shouldn't happen! } @@ -466,10 +483,15 @@ int psa_hash_finish_wrapper( *out_params = result; *out_params_len = result_size; + free(hash); + return 1; // success fail: free(result); + + free(hash); + return 0; // This shouldn't happen! } @@ -545,6 +567,7 @@ int psa_hash_setup_wrapper( fail: free(result); + return 0; // This shouldn't happen! } @@ -617,10 +640,15 @@ int psa_hash_update_wrapper( *out_params = result; *out_params_len = result_size; + free(input); + return 1; // success fail: free(result); + + free(input); + return 0; // This shouldn't happen! } @@ -693,10 +721,15 @@ int psa_hash_verify_wrapper( *out_params = result; *out_params_len = result_size; + free(hash); + return 1; // success fail: free(result); + + free(hash); + return 0; // This shouldn't happen! } diff --git a/tests/psa-client-server/psasim/src/psa_sim_generate.pl b/tests/psa-client-server/psasim/src/psa_sim_generate.pl index 9eef1e52d2..7fea72c9d0 100755 --- a/tests/psa-client-server/psasim/src/psa_sim_generate.pl +++ b/tests/psa-client-server/psasim/src/psa_sim_generate.pl @@ -484,6 +484,8 @@ sub output_server_wrapper my $ret_name = $f->{return}->{name}; my $ret_default = $f->{return}->{default}; + my @buffers = (); # We need to free() these on exit + print $fh < Date: Thu, 30 May 2024 11:12:22 +0100 Subject: [PATCH 283/429] Add missing licences Signed-off-by: Tom Cosgrove --- .../psa-client-server/psasim/src/psa_sim_crypto_server.c | 5 +++++ tests/psa-client-server/psasim/src/psa_sim_generate.pl | 8 ++++++++ tests/psa-client-server/psasim/src/psa_sim_serialise.pl | 3 +++ 3 files changed, 16 insertions(+) diff --git a/tests/psa-client-server/psasim/src/psa_sim_crypto_server.c b/tests/psa-client-server/psasim/src/psa_sim_crypto_server.c index 7e874d16e8..919eb84419 100644 --- a/tests/psa-client-server/psasim/src/psa_sim_crypto_server.c +++ b/tests/psa-client-server/psasim/src/psa_sim_crypto_server.c @@ -2,6 +2,11 @@ /* server implementations */ +/* + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + */ + #include #include diff --git a/tests/psa-client-server/psasim/src/psa_sim_generate.pl b/tests/psa-client-server/psasim/src/psa_sim_generate.pl index 7fea72c9d0..19c6a0bf4a 100755 --- a/tests/psa-client-server/psasim/src/psa_sim_generate.pl +++ b/tests/psa-client-server/psasim/src/psa_sim_generate.pl @@ -5,6 +5,9 @@ # manually and the output files are what are to be reviewed. In due course # this will be replaced by a Python script. # +# Copyright The Mbed TLS Contributors +# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later +# use strict; use Data::Dumper; use JSON qw(encode_json); @@ -251,6 +254,11 @@ sub server_implementations_header /* server implementations */ +/* + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + */ + #include #include diff --git a/tests/psa-client-server/psasim/src/psa_sim_serialise.pl b/tests/psa-client-server/psasim/src/psa_sim_serialise.pl index b89d058516..5161db1f67 100755 --- a/tests/psa-client-server/psasim/src/psa_sim_serialise.pl +++ b/tests/psa-client-server/psasim/src/psa_sim_serialise.pl @@ -10,6 +10,9 @@ # perl psa_sim_serialise.pl h > psa_sim_serialise.h # perl psa_sim_serialise.pl c > psa_sim_serialise.c # +# Copyright The Mbed TLS Contributors +# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later +# use strict; my $usage = "$0: usage: $0 c|h\n"; From f29bf87696876c7b3a5b9684af4c1459010705a3 Mon Sep 17 00:00:00 2001 From: Thomas Daubney Date: Wed, 29 May 2024 17:11:02 +0100 Subject: [PATCH 284/429] Modify everest component for MBEDTLS_PSA_CRYPTO_CONFIG_ENABLED Signed-off-by: Thomas Daubney --- tests/scripts/all.sh | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 0bdfb6f157..e5b4eb3d24 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -2125,14 +2125,21 @@ component_test_everest () { component_test_everest_curve25519_only () { msg "build: Everest ECDH context, only Curve25519" # ~ 6 min + scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG scripts/config.py set MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED scripts/config.py unset MBEDTLS_ECDSA_C + scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_DETERMINISTIC_ECDSA + scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_ECDSA + scripts/config.py -f $CRYPTO_CONFIG_H set PSA_WANT_ALG_ECDH scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED scripts/config.py unset MBEDTLS_ECJPAKE_C + scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_JPAKE + # Disable all curves scripts/config.py unset-all "MBEDTLS_ECP_DP_[0-9A-Z_a-z]*_ENABLED" - scripts/config.py set MBEDTLS_ECP_DP_CURVE25519_ENABLED + scripts/config.py -f $CRYPTO_CONFIG_H unset-all "PSA_WANT_ECC_[0-9A-Z_a-z]*$" + scripts/config.py -f $CRYPTO_CONFIG_H set PSA_WANT_ECC_MONTGOMERY_255 make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS" From 7e2ce994001b62827788af4acf7a36e7756979d8 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Fri, 31 May 2024 05:52:59 +0200 Subject: [PATCH 285/429] changelog: add changelog for PSA CMAC fix Signed-off-by: Valerio Setti --- ChangeLog.d/fix-psa-cmac.txt | 4 ++++ 1 file changed, 4 insertions(+) create mode 100644 ChangeLog.d/fix-psa-cmac.txt diff --git a/ChangeLog.d/fix-psa-cmac.txt b/ChangeLog.d/fix-psa-cmac.txt new file mode 100644 index 0000000000..e3c8aecc2d --- /dev/null +++ b/ChangeLog.d/fix-psa-cmac.txt @@ -0,0 +1,4 @@ +Bugfix + * Fix the build when MBEDTLS_PSA_CRYPTO_CONFIG is enabled and the built-in + CMAC is enabled, but no built-in unauthenticated cipher is enabled. + Fixes #9209. From b8360cf3caeb040c033ce43b65105ea5a7d36f66 Mon Sep 17 00:00:00 2001 From: David Horstmann Date: Fri, 31 May 2024 14:38:52 +0100 Subject: [PATCH 286/429] Make abi_check.py look in both locations To deal with situations where we are comparing revisions before and after the move of generate_psa_tests.py to the framework, look for it in both the old and new locations. Signed-off-by: David Horstmann --- scripts/abi_check.py | 16 ++++++++++++++-- 1 file changed, 14 insertions(+), 2 deletions(-) diff --git a/scripts/abi_check.py b/scripts/abi_check.py index ec0d4730df..f91d80e504 100755 --- a/scripts/abi_check.py +++ b/scripts/abi_check.py @@ -326,8 +326,14 @@ class AbiChecker: @staticmethod def _list_generated_test_data_files(git_worktree_path): """List the generated test data files.""" + generate_psa_tests = 'framework/scripts/generate_psa_tests.py' + if not os.path.isfile(git_worktree_path + '/' + generate_psa_tests): + # The checked-out revision is from before generate_psa_tests.py + # was moved to the framework submodule. Use the old location. + generate_psa_tests = 'tests/scripts/generate_psa_tests.py' + output = subprocess.check_output( - ['tests/scripts/generate_psa_tests.py', '--list'], + [generate_psa_tests, '--list'], cwd=git_worktree_path, ).decode('ascii') return [line for line in output.split('\n') if line] @@ -353,8 +359,14 @@ class AbiChecker: if 'storage_format' in filename: storage_data_files.add(filename) to_be_generated.add(filename) + + generate_psa_tests = 'framework/scripts/generate_psa_tests.py' + if not os.path.isfile(git_worktree_path + '/' + generate_psa_tests): + # The checked-out revision is from before generate_psa_tests.py + # was moved to the framework submodule. Use the old location. + generate_psa_tests = 'tests/scripts/generate_psa_tests.py' subprocess.check_call( - ['tests/scripts/generate_psa_tests.py'] + sorted(to_be_generated), + [generate_psa_tests] + sorted(to_be_generated), cwd=git_worktree_path, ) for test_file in sorted(storage_data_files): From a7b0bb4de8890787ca1313d4000f0ace2919033e Mon Sep 17 00:00:00 2001 From: David Horstmann Date: Wed, 29 May 2024 16:01:44 +0100 Subject: [PATCH 287/429] Move some test generation files to framework Signed-off-by: David Horstmann --- tests/scripts/generate_bignum_tests.py | 187 -- tests/scripts/generate_ecp_tests.py | 22 - tests/scripts/generate_pkcs7_tests.py | 183 -- tests/scripts/generate_psa_tests.py | 850 --------- tests/scripts/generate_psa_wrappers.py | 257 --- tests/scripts/generate_test_cert_macros.py | 108 -- tests/scripts/generate_test_code.py | 1277 ------------- tests/scripts/generate_test_keys.py | 185 -- tests/scripts/test_generate_test_code.py | 1915 -------------------- 9 files changed, 4984 deletions(-) delete mode 100755 tests/scripts/generate_bignum_tests.py delete mode 100755 tests/scripts/generate_ecp_tests.py delete mode 100755 tests/scripts/generate_pkcs7_tests.py delete mode 100755 tests/scripts/generate_psa_tests.py delete mode 100755 tests/scripts/generate_psa_wrappers.py delete mode 100755 tests/scripts/generate_test_cert_macros.py delete mode 100755 tests/scripts/generate_test_code.py delete mode 100755 tests/scripts/generate_test_keys.py delete mode 100755 tests/scripts/test_generate_test_code.py diff --git a/tests/scripts/generate_bignum_tests.py b/tests/scripts/generate_bignum_tests.py deleted file mode 100755 index b855e91abf..0000000000 --- a/tests/scripts/generate_bignum_tests.py +++ /dev/null @@ -1,187 +0,0 @@ -#!/usr/bin/env python3 -"""Generate test data for bignum functions. - -With no arguments, generate all test data. With non-option arguments, -generate only the specified files. - -Class structure: - -Child classes of test_data_generation.BaseTarget (file targets) represent an output -file. These indicate where test cases will be written to, for all subclasses of -this target. Multiple file targets should not reuse a `target_basename`. - -Each subclass derived from a file target can either be: - - A concrete class, representing a test function, which generates test cases. - - An abstract class containing shared methods and attributes, not associated - with a test function. An example is BignumOperation, which provides - common features used for bignum binary operations. - -Both concrete and abstract subclasses can be derived from, to implement -additional test cases (see BignumCmp and BignumCmpAbs for examples of deriving -from abstract and concrete classes). - - -Adding test case generation for a function: - -A subclass representing the test function should be added, deriving from a -file target such as BignumTarget. This test class must set/implement the -following: - - test_function: the function name from the associated .function file. - - test_name: a descriptive name or brief summary to refer to the test - function. - - arguments(): a method to generate the list of arguments required for the - test_function. - - generate_function_tests(): a method to generate TestCases for the function. - This should create instances of the class with required input data, and - call `.create_test_case()` to yield the TestCase. - -Additional details and other attributes/methods are given in the documentation -of BaseTarget in test_data_generation.py. -""" - -# Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - -import sys - -from abc import ABCMeta -from typing import List - -import scripts_path # pylint: disable=unused-import -from mbedtls_framework import test_data_generation -from mbedtls_framework import bignum_common -# Import modules containing additional test classes -# Test function classes in these modules will be registered by -# the framework -from mbedtls_framework import bignum_core, bignum_mod_raw, bignum_mod # pylint: disable=unused-import - -class BignumTarget(test_data_generation.BaseTarget): - #pylint: disable=too-few-public-methods - """Target for bignum (legacy) test case generation.""" - target_basename = 'test_suite_bignum.generated' - - -class BignumOperation(bignum_common.OperationCommon, BignumTarget, - metaclass=ABCMeta): - #pylint: disable=abstract-method - """Common features for bignum operations in legacy tests.""" - unique_combinations_only = True - input_values = [ - "", "0", "-", "-0", - "7b", "-7b", - "0000000000000000123", "-0000000000000000123", - "1230000000000000000", "-1230000000000000000" - ] - - def description_suffix(self) -> str: - #pylint: disable=no-self-use # derived classes need self - """Text to add at the end of the test case description.""" - return "" - - def description(self) -> str: - """Generate a description for the test case. - - If not set, case_description uses the form A `symbol` B, where symbol - is used to represent the operation. Descriptions of each value are - generated to provide some context to the test case. - """ - if not self.case_description: - self.case_description = "{} {} {}".format( - self.value_description(self.arg_a), - self.symbol, - self.value_description(self.arg_b) - ) - description_suffix = self.description_suffix() - if description_suffix: - self.case_description += " " + description_suffix - return super().description() - - @staticmethod - def value_description(val) -> str: - """Generate a description of the argument val. - - This produces a simple description of the value, which is used in test - case naming to add context. - """ - if val == "": - return "0 (null)" - if val == "-": - return "negative 0 (null)" - if val == "0": - return "0 (1 limb)" - - if val[0] == "-": - tmp = "negative" - val = val[1:] - else: - tmp = "positive" - if val[0] == "0": - tmp += " with leading zero limb" - elif len(val) > 10: - tmp = "large " + tmp - return tmp - - -class BignumCmp(BignumOperation): - """Test cases for bignum value comparison.""" - count = 0 - test_function = "mpi_cmp_mpi" - test_name = "MPI compare" - input_cases = [ - ("-2", "-3"), - ("-2", "-2"), - ("2b4", "2b5"), - ("2b5", "2b6") - ] - - def __init__(self, val_a, val_b) -> None: - super().__init__(val_a, val_b) - self._result = int(self.int_a > self.int_b) - int(self.int_a < self.int_b) - self.symbol = ["<", "==", ">"][self._result + 1] - - def result(self) -> List[str]: - return [str(self._result)] - - -class BignumCmpAbs(BignumCmp): - """Test cases for absolute bignum value comparison.""" - count = 0 - test_function = "mpi_cmp_abs" - test_name = "MPI compare (abs)" - - def __init__(self, val_a, val_b) -> None: - super().__init__(val_a.strip("-"), val_b.strip("-")) - - -class BignumAdd(BignumOperation): - """Test cases for bignum value addition.""" - count = 0 - symbol = "+" - test_function = "mpi_add_mpi" - test_name = "MPI add" - input_cases = bignum_common.combination_pairs( - [ - "1c67967269c6", "9cde3", - "-1c67967269c6", "-9cde3", - ] - ) - - def __init__(self, val_a: str, val_b: str) -> None: - super().__init__(val_a, val_b) - self._result = self.int_a + self.int_b - - def description_suffix(self) -> str: - if (self.int_a >= 0 and self.int_b >= 0): - return "" # obviously positive result or 0 - if (self.int_a <= 0 and self.int_b <= 0): - return "" # obviously negative result or 0 - # The sign of the result is not obvious, so indicate it - return ", result{}0".format('>' if self._result > 0 else - '<' if self._result < 0 else '=') - - def result(self) -> List[str]: - return [bignum_common.quote_str("{:x}".format(self._result))] - -if __name__ == '__main__': - # Use the section of the docstring relevant to the CLI as description - test_data_generation.main(sys.argv[1:], "\n".join(__doc__.splitlines()[:4])) diff --git a/tests/scripts/generate_ecp_tests.py b/tests/scripts/generate_ecp_tests.py deleted file mode 100755 index c5281ad02b..0000000000 --- a/tests/scripts/generate_ecp_tests.py +++ /dev/null @@ -1,22 +0,0 @@ -#!/usr/bin/env python3 -"""Generate test data for ecp functions. - -The command line usage, class structure and available methods are the same -as in generate_bignum_tests.py. -""" - -# Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - -import sys - -import scripts_path # pylint: disable=unused-import -from mbedtls_framework import test_data_generation -# Import modules containing additional test classes -# Test function classes in these modules will be registered by -# the framework -from mbedtls_framework import ecp # pylint: disable=unused-import - -if __name__ == '__main__': - # Use the section of the docstring relevant to the CLI as description - test_data_generation.main(sys.argv[1:], "\n".join(__doc__.splitlines()[:4])) diff --git a/tests/scripts/generate_pkcs7_tests.py b/tests/scripts/generate_pkcs7_tests.py deleted file mode 100755 index 0e484b023d..0000000000 --- a/tests/scripts/generate_pkcs7_tests.py +++ /dev/null @@ -1,183 +0,0 @@ -#!/usr/bin/env python3 -# -# Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later -# - -""" -Make fuzz like testing for pkcs7 tests -Given a valid DER pkcs7 file add tests to the test_suite_pkcs7.data file - - It is expected that the pkcs7_asn1_fail( data_t *pkcs7_buf ) - function is defined in test_suite_pkcs7.function - - This is not meant to be portable code, if anything it is meant to serve as - documentation for showing how those ugly tests in test_suite_pkcs7.data were created -""" - - -import sys -from os.path import exists - -PKCS7_TEST_FILE = "../suites/test_suite_pkcs7.data" - -class Test: # pylint: disable=too-few-public-methods - """ - A instance of a test in test_suite_pkcs7.data - """ - def __init__(self, name, depends, func_call): - self.name = name - self.depends = depends - self.func_call = func_call - - # pylint: disable=no-self-use - def to_string(self): - return "\n" + self.name + "\n" + self.depends + "\n" + self.func_call + "\n" - -class TestData: - """ - Take in test_suite_pkcs7.data file. - Allow for new tests to be added. - """ - mandatory_dep = "MBEDTLS_MD_CAN_SHA256" - test_name = "PKCS7 Parse Failure Invalid ASN1" - test_function = "pkcs7_asn1_fail:" - def __init__(self, file_name): - self.file_name = file_name - self.last_test_num, self.old_tests = self.read_test_file(file_name) - self.new_tests = [] - - # pylint: disable=no-self-use - def read_test_file(self, file): - """ - Parse the test_suite_pkcs7.data file. - """ - tests = [] - if not exists(file): - print(file + " Does not exist") - sys.exit() - with open(file, "r", encoding='UTF-8') as fp: - data = fp.read() - lines = [line.strip() for line in data.split('\n') if len(line.strip()) > 1] - i = 0 - while i < len(lines): - if "depends" in lines[i+1]: - tests.append(Test(lines[i], lines[i+1], lines[i+2])) - i += 3 - else: - tests.append(Test(lines[i], None, lines[i+1])) - i += 2 - latest_test_num = float(tests[-1].name.split('#')[1]) - return latest_test_num, tests - - def add(self, name, func_call): - self.last_test_num += 1 - self.new_tests.append(Test(self.test_name + ": " + name + " #" + \ - str(self.last_test_num), "depends_on:" + self.mandatory_dep, \ - self.test_function + '"' + func_call + '"')) - - def write_changes(self): - with open(self.file_name, 'a', encoding='UTF-8') as fw: - fw.write("\n") - for t in self.new_tests: - fw.write(t.to_string()) - - -def asn1_mutate(data): - """ - We have been given an asn1 structure representing a pkcs7. - We want to return an array of slightly modified versions of this data - they should be modified in a way which makes the structure invalid - - We know that asn1 structures are: - |---1 byte showing data type---|----byte(s) for length of data---|---data content--| - We know that some data types can contain other data types. - Return a dictionary of reasons and mutated data types. - """ - - # off the bat just add bytes to start and end of the buffer - mutations = [] - reasons = [] - mutations.append(["00"] + data) - reasons.append("Add null byte to start") - mutations.append(data + ["00"]) - reasons.append("Add null byte to end") - # for every asn1 entry we should attempt to: - # - change the data type tag - # - make the length longer than actual - # - make the length shorter than actual - i = 0 - while i < len(data): - tag_i = i - leng_i = tag_i + 1 - data_i = leng_i + 1 + (int(data[leng_i][1], 16) if data[leng_i][0] == '8' else 0) - if data[leng_i][0] == '8': - length = int(''.join(data[leng_i + 1: data_i]), 16) - else: - length = int(data[leng_i], 16) - - tag = data[tag_i] - print("Looking at ans1: offset " + str(i) + " tag = " + tag + \ - ", length = " + str(length)+ ":") - print(''.join(data[data_i:data_i+length])) - # change tag to something else - if tag == "02": - # turn integers into octet strings - new_tag = "04" - else: - # turn everything else into an integer - new_tag = "02" - mutations.append(data[:tag_i] + [new_tag] + data[leng_i:]) - reasons.append("Change tag " + tag + " to " + new_tag) - - # change lengths to too big - # skip any edge cases which would cause carry over - if int(data[data_i - 1], 16) < 255: - new_length = str(hex(int(data[data_i - 1], 16) + 1))[2:] - if len(new_length) == 1: - new_length = "0"+new_length - mutations.append(data[:data_i -1] + [new_length] + data[data_i:]) - reasons.append("Change length from " + str(length) + " to " \ - + str(length + 1)) - # we can add another test here for tags that contain other tags \ - # where they have more data than there containing tags account for - if tag in ["30", "a0", "31"]: - mutations.append(data[:data_i -1] + [new_length] + \ - data[data_i:data_i + length] + ["00"] + \ - data[data_i + length:]) - reasons.append("Change contents of tag " + tag + " to contain \ - one unaccounted extra byte") - # change lengths to too small - if int(data[data_i - 1], 16) > 0: - new_length = str(hex(int(data[data_i - 1], 16) - 1))[2:] - if len(new_length) == 1: - new_length = "0"+new_length - mutations.append(data[:data_i -1] + [new_length] + data[data_i:]) - reasons.append("Change length from " + str(length) + " to " + str(length - 1)) - - # some tag types contain other tag types so we should iterate into the data - if tag in ["30", "a0", "31"]: - i = data_i - else: - i = data_i + length - - return list(zip(reasons, mutations)) - -if __name__ == "__main__": - if len(sys.argv) < 2: - print("USAGE: " + sys.argv[0] + " ") - sys.exit() - - DATA_FILE = sys.argv[1] - TEST_DATA = TestData(PKCS7_TEST_FILE) - with open(DATA_FILE, 'rb') as f: - DATA_STR = f.read().hex() - # make data an array of byte strings eg ['de','ad','be','ef'] - HEX_DATA = list(map(''.join, [[DATA_STR[i], DATA_STR[i+1]] for i in range(0, len(DATA_STR), \ - 2)])) - # returns tuples of test_names and modified data buffers - MUT_ARR = asn1_mutate(HEX_DATA) - - print("made " + str(len(MUT_ARR)) + " new tests") - for new_test in MUT_ARR: - TEST_DATA.add(new_test[0], ''.join(new_test[1])) - - TEST_DATA.write_changes() diff --git a/tests/scripts/generate_psa_tests.py b/tests/scripts/generate_psa_tests.py deleted file mode 100755 index 75d02b9e23..0000000000 --- a/tests/scripts/generate_psa_tests.py +++ /dev/null @@ -1,850 +0,0 @@ -#!/usr/bin/env python3 -"""Generate test data for PSA cryptographic mechanisms. - -With no arguments, generate all test data. With non-option arguments, -generate only the specified files. -""" - -# Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - -import enum -import re -import sys -from typing import Callable, Dict, FrozenSet, Iterable, Iterator, List, Optional - -import scripts_path # pylint: disable=unused-import -from mbedtls_framework import crypto_data_tests -from mbedtls_framework import crypto_knowledge -from mbedtls_framework import macro_collector #pylint: disable=unused-import -from mbedtls_framework import psa_information -from mbedtls_framework import psa_storage -from mbedtls_framework import test_case -from mbedtls_framework import test_data_generation - - - -def test_case_for_key_type_not_supported( - verb: str, key_type: str, bits: int, - dependencies: List[str], - *args: str, - param_descr: str = '' -) -> test_case.TestCase: - """Return one test case exercising a key creation method - for an unsupported key type or size. - """ - psa_information.hack_dependencies_not_implemented(dependencies) - tc = test_case.TestCase() - short_key_type = crypto_knowledge.short_expression(key_type) - adverb = 'not' if dependencies else 'never' - if param_descr: - adverb = param_descr + ' ' + adverb - tc.set_description('PSA {} {} {}-bit {} supported' - .format(verb, short_key_type, bits, adverb)) - tc.set_dependencies(dependencies) - tc.set_function(verb + '_not_supported') - tc.set_arguments([key_type] + list(args)) - return tc - -class KeyTypeNotSupported: - """Generate test cases for when a key type is not supported.""" - - def __init__(self, info: psa_information.Information) -> None: - self.constructors = info.constructors - - ALWAYS_SUPPORTED = frozenset([ - 'PSA_KEY_TYPE_DERIVE', - 'PSA_KEY_TYPE_PASSWORD', - 'PSA_KEY_TYPE_PASSWORD_HASH', - 'PSA_KEY_TYPE_RAW_DATA', - 'PSA_KEY_TYPE_HMAC' - ]) - def test_cases_for_key_type_not_supported( - self, - kt: crypto_knowledge.KeyType, - param: Optional[int] = None, - param_descr: str = '', - ) -> Iterator[test_case.TestCase]: - """Return test cases exercising key creation when the given type is unsupported. - - If param is present and not None, emit test cases conditioned on this - parameter not being supported. If it is absent or None, emit test cases - conditioned on the base type not being supported. - """ - if kt.name in self.ALWAYS_SUPPORTED: - # Don't generate test cases for key types that are always supported. - # They would be skipped in all configurations, which is noise. - return - import_dependencies = [('!' if param is None else '') + - psa_information.psa_want_symbol(kt.name)] - if kt.params is not None: - import_dependencies += [('!' if param == i else '') + - psa_information.psa_want_symbol(sym) - for i, sym in enumerate(kt.params)] - if kt.name.endswith('_PUBLIC_KEY'): - generate_dependencies = [] - else: - generate_dependencies = \ - psa_information.fix_key_pair_dependencies(import_dependencies, 'GENERATE') - import_dependencies = \ - psa_information.fix_key_pair_dependencies(import_dependencies, 'BASIC') - for bits in kt.sizes_to_test(): - yield test_case_for_key_type_not_supported( - 'import', kt.expression, bits, - psa_information.finish_family_dependencies(import_dependencies, bits), - test_case.hex_string(kt.key_material(bits)), - param_descr=param_descr, - ) - if not generate_dependencies and param is not None: - # If generation is impossible for this key type, rather than - # supported or not depending on implementation capabilities, - # only generate the test case once. - continue - # For public key we expect that key generation fails with - # INVALID_ARGUMENT. It is handled by KeyGenerate class. - if not kt.is_public(): - yield test_case_for_key_type_not_supported( - 'generate', kt.expression, bits, - psa_information.finish_family_dependencies(generate_dependencies, bits), - str(bits), - param_descr=param_descr, - ) - # To be added: derive - - ECC_KEY_TYPES = ('PSA_KEY_TYPE_ECC_KEY_PAIR', - 'PSA_KEY_TYPE_ECC_PUBLIC_KEY') - DH_KEY_TYPES = ('PSA_KEY_TYPE_DH_KEY_PAIR', - 'PSA_KEY_TYPE_DH_PUBLIC_KEY') - - def test_cases_for_not_supported(self) -> Iterator[test_case.TestCase]: - """Generate test cases that exercise the creation of keys of unsupported types.""" - for key_type in sorted(self.constructors.key_types): - if key_type in self.ECC_KEY_TYPES: - continue - if key_type in self.DH_KEY_TYPES: - continue - kt = crypto_knowledge.KeyType(key_type) - yield from self.test_cases_for_key_type_not_supported(kt) - for curve_family in sorted(self.constructors.ecc_curves): - for constr in self.ECC_KEY_TYPES: - kt = crypto_knowledge.KeyType(constr, [curve_family]) - yield from self.test_cases_for_key_type_not_supported( - kt, param_descr='type') - yield from self.test_cases_for_key_type_not_supported( - kt, 0, param_descr='curve') - for dh_family in sorted(self.constructors.dh_groups): - for constr in self.DH_KEY_TYPES: - kt = crypto_knowledge.KeyType(constr, [dh_family]) - yield from self.test_cases_for_key_type_not_supported( - kt, param_descr='type') - yield from self.test_cases_for_key_type_not_supported( - kt, 0, param_descr='group') - -def test_case_for_key_generation( - key_type: str, bits: int, - dependencies: List[str], - *args: str, - result: str = '' -) -> test_case.TestCase: - """Return one test case exercising a key generation. - """ - psa_information.hack_dependencies_not_implemented(dependencies) - tc = test_case.TestCase() - short_key_type = crypto_knowledge.short_expression(key_type) - tc.set_description('PSA {} {}-bit' - .format(short_key_type, bits)) - tc.set_dependencies(dependencies) - tc.set_function('generate_key') - tc.set_arguments([key_type] + list(args) + [result]) - - return tc - -class KeyGenerate: - """Generate positive and negative (invalid argument) test cases for key generation.""" - - def __init__(self, info: psa_information.Information) -> None: - self.constructors = info.constructors - - ECC_KEY_TYPES = ('PSA_KEY_TYPE_ECC_KEY_PAIR', - 'PSA_KEY_TYPE_ECC_PUBLIC_KEY') - DH_KEY_TYPES = ('PSA_KEY_TYPE_DH_KEY_PAIR', - 'PSA_KEY_TYPE_DH_PUBLIC_KEY') - - @staticmethod - def test_cases_for_key_type_key_generation( - kt: crypto_knowledge.KeyType - ) -> Iterator[test_case.TestCase]: - """Return test cases exercising key generation. - - All key types can be generated except for public keys. For public key - PSA_ERROR_INVALID_ARGUMENT status is expected. - """ - result = 'PSA_SUCCESS' - - import_dependencies = [psa_information.psa_want_symbol(kt.name)] - if kt.params is not None: - import_dependencies += [psa_information.psa_want_symbol(sym) - for i, sym in enumerate(kt.params)] - if kt.name.endswith('_PUBLIC_KEY'): - # The library checks whether the key type is a public key generically, - # before it reaches a point where it needs support for the specific key - # type, so it returns INVALID_ARGUMENT for unsupported public key types. - generate_dependencies = [] - result = 'PSA_ERROR_INVALID_ARGUMENT' - else: - generate_dependencies = \ - psa_information.fix_key_pair_dependencies(import_dependencies, 'GENERATE') - for bits in kt.sizes_to_test(): - if kt.name == 'PSA_KEY_TYPE_RSA_KEY_PAIR': - size_dependency = "PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS <= " + str(bits) - test_dependencies = generate_dependencies + [size_dependency] - else: - test_dependencies = generate_dependencies - yield test_case_for_key_generation( - kt.expression, bits, - psa_information.finish_family_dependencies(test_dependencies, bits), - str(bits), - result - ) - - def test_cases_for_key_generation(self) -> Iterator[test_case.TestCase]: - """Generate test cases that exercise the generation of keys.""" - for key_type in sorted(self.constructors.key_types): - if key_type in self.ECC_KEY_TYPES: - continue - if key_type in self.DH_KEY_TYPES: - continue - kt = crypto_knowledge.KeyType(key_type) - yield from self.test_cases_for_key_type_key_generation(kt) - for curve_family in sorted(self.constructors.ecc_curves): - for constr in self.ECC_KEY_TYPES: - kt = crypto_knowledge.KeyType(constr, [curve_family]) - yield from self.test_cases_for_key_type_key_generation(kt) - for dh_family in sorted(self.constructors.dh_groups): - for constr in self.DH_KEY_TYPES: - kt = crypto_knowledge.KeyType(constr, [dh_family]) - yield from self.test_cases_for_key_type_key_generation(kt) - -class OpFail: - """Generate test cases for operations that must fail.""" - #pylint: disable=too-few-public-methods - - class Reason(enum.Enum): - NOT_SUPPORTED = 0 - INVALID = 1 - INCOMPATIBLE = 2 - PUBLIC = 3 - - def __init__(self, info: psa_information.Information) -> None: - self.constructors = info.constructors - key_type_expressions = self.constructors.generate_expressions( - sorted(self.constructors.key_types) - ) - self.key_types = [crypto_knowledge.KeyType(kt_expr) - for kt_expr in key_type_expressions] - - def make_test_case( - self, - alg: crypto_knowledge.Algorithm, - category: crypto_knowledge.AlgorithmCategory, - reason: 'Reason', - kt: Optional[crypto_knowledge.KeyType] = None, - not_deps: FrozenSet[str] = frozenset(), - ) -> test_case.TestCase: - """Construct a failure test case for a one-key or keyless operation.""" - #pylint: disable=too-many-arguments,too-many-locals - tc = test_case.TestCase() - pretty_alg = alg.short_expression() - if reason == self.Reason.NOT_SUPPORTED: - short_deps = [re.sub(r'PSA_WANT_ALG_', r'', dep) - for dep in not_deps] - pretty_reason = '!' + '&'.join(sorted(short_deps)) - else: - pretty_reason = reason.name.lower() - if kt: - key_type = kt.expression - pretty_type = kt.short_expression() - else: - key_type = '' - pretty_type = '' - tc.set_description('PSA {} {}: {}{}' - .format(category.name.lower(), - pretty_alg, - pretty_reason, - ' with ' + pretty_type if pretty_type else '')) - dependencies = psa_information.automatic_dependencies(alg.base_expression, key_type) - dependencies = psa_information.fix_key_pair_dependencies(dependencies, 'BASIC') - for i, dep in enumerate(dependencies): - if dep in not_deps: - dependencies[i] = '!' + dep - tc.set_dependencies(dependencies) - tc.set_function(category.name.lower() + '_fail') - arguments = [] # type: List[str] - if kt: - key_material = kt.key_material(kt.sizes_to_test()[0]) - arguments += [key_type, test_case.hex_string(key_material)] - arguments.append(alg.expression) - if category.is_asymmetric(): - arguments.append('1' if reason == self.Reason.PUBLIC else '0') - error = ('NOT_SUPPORTED' if reason == self.Reason.NOT_SUPPORTED else - 'INVALID_ARGUMENT') - arguments.append('PSA_ERROR_' + error) - tc.set_arguments(arguments) - return tc - - def no_key_test_cases( - self, - alg: crypto_knowledge.Algorithm, - category: crypto_knowledge.AlgorithmCategory, - ) -> Iterator[test_case.TestCase]: - """Generate failure test cases for keyless operations with the specified algorithm.""" - if alg.can_do(category): - # Compatible operation, unsupported algorithm - for dep in psa_information.automatic_dependencies(alg.base_expression): - yield self.make_test_case(alg, category, - self.Reason.NOT_SUPPORTED, - not_deps=frozenset([dep])) - else: - # Incompatible operation, supported algorithm - yield self.make_test_case(alg, category, self.Reason.INVALID) - - def one_key_test_cases( - self, - alg: crypto_knowledge.Algorithm, - category: crypto_knowledge.AlgorithmCategory, - ) -> Iterator[test_case.TestCase]: - """Generate failure test cases for one-key operations with the specified algorithm.""" - for kt in self.key_types: - key_is_compatible = kt.can_do(alg) - if key_is_compatible and alg.can_do(category): - # Compatible key and operation, unsupported algorithm - for dep in psa_information.automatic_dependencies(alg.base_expression): - yield self.make_test_case(alg, category, - self.Reason.NOT_SUPPORTED, - kt=kt, not_deps=frozenset([dep])) - # Public key for a private-key operation - if category.is_asymmetric() and kt.is_public(): - yield self.make_test_case(alg, category, - self.Reason.PUBLIC, - kt=kt) - elif key_is_compatible: - # Compatible key, incompatible operation, supported algorithm - yield self.make_test_case(alg, category, - self.Reason.INVALID, - kt=kt) - elif alg.can_do(category): - # Incompatible key, compatible operation, supported algorithm - yield self.make_test_case(alg, category, - self.Reason.INCOMPATIBLE, - kt=kt) - else: - # Incompatible key and operation. Don't test cases where - # multiple things are wrong, to keep the number of test - # cases reasonable. - pass - - def test_cases_for_algorithm( - self, - alg: crypto_knowledge.Algorithm, - ) -> Iterator[test_case.TestCase]: - """Generate operation failure test cases for the specified algorithm.""" - for category in crypto_knowledge.AlgorithmCategory: - if category == crypto_knowledge.AlgorithmCategory.PAKE: - # PAKE operations are not implemented yet - pass - elif category.requires_key(): - yield from self.one_key_test_cases(alg, category) - else: - yield from self.no_key_test_cases(alg, category) - - def all_test_cases(self) -> Iterator[test_case.TestCase]: - """Generate all test cases for operations that must fail.""" - algorithms = sorted(self.constructors.algorithms) - for expr in self.constructors.generate_expressions(algorithms): - alg = crypto_knowledge.Algorithm(expr) - yield from self.test_cases_for_algorithm(alg) - - -class StorageKey(psa_storage.Key): - """Representation of a key for storage format testing.""" - - IMPLICIT_USAGE_FLAGS = { - 'PSA_KEY_USAGE_SIGN_HASH': 'PSA_KEY_USAGE_SIGN_MESSAGE', - 'PSA_KEY_USAGE_VERIFY_HASH': 'PSA_KEY_USAGE_VERIFY_MESSAGE' - } #type: Dict[str, str] - """Mapping of usage flags to the flags that they imply.""" - - def __init__( - self, - usage: Iterable[str], - without_implicit_usage: Optional[bool] = False, - **kwargs - ) -> None: - """Prepare to generate a key. - - * `usage` : The usage flags used for the key. - * `without_implicit_usage`: Flag to define to apply the usage extension - """ - usage_flags = set(usage) - if not without_implicit_usage: - for flag in sorted(usage_flags): - if flag in self.IMPLICIT_USAGE_FLAGS: - usage_flags.add(self.IMPLICIT_USAGE_FLAGS[flag]) - if usage_flags: - usage_expression = ' | '.join(sorted(usage_flags)) - else: - usage_expression = '0' - super().__init__(usage=usage_expression, **kwargs) - -class StorageTestData(StorageKey): - """Representation of test case data for storage format testing.""" - - def __init__( - self, - description: str, - expected_usage: Optional[List[str]] = None, - **kwargs - ) -> None: - """Prepare to generate test data - - * `description` : used for the test case names - * `expected_usage`: the usage flags generated as the expected usage flags - in the test cases. CAn differ from the usage flags - stored in the keys because of the usage flags extension. - """ - super().__init__(**kwargs) - self.description = description #type: str - if expected_usage is None: - self.expected_usage = self.usage #type: psa_storage.Expr - elif expected_usage: - self.expected_usage = psa_storage.Expr(' | '.join(expected_usage)) - else: - self.expected_usage = psa_storage.Expr(0) - -class StorageFormat: - """Storage format stability test cases.""" - - def __init__(self, info: psa_information.Information, version: int, forward: bool) -> None: - """Prepare to generate test cases for storage format stability. - - * `info`: information about the API. See the `Information` class. - * `version`: the storage format version to generate test cases for. - * `forward`: if true, generate forward compatibility test cases which - save a key and check that its representation is as intended. Otherwise - generate backward compatibility test cases which inject a key - representation and check that it can be read and used. - """ - self.constructors = info.constructors #type: macro_collector.PSAMacroEnumerator - self.version = version #type: int - self.forward = forward #type: bool - - RSA_OAEP_RE = re.compile(r'PSA_ALG_RSA_OAEP\((.*)\)\Z') - BRAINPOOL_RE = re.compile(r'PSA_KEY_TYPE_\w+\(PSA_ECC_FAMILY_BRAINPOOL_\w+\)\Z') - @classmethod - def exercise_key_with_algorithm( - cls, - key_type: psa_storage.Expr, bits: int, - alg: psa_storage.Expr - ) -> bool: - """Whether to exercise the given key with the given algorithm. - - Normally only the type and algorithm matter for compatibility, and - this is handled in crypto_knowledge.KeyType.can_do(). This function - exists to detect exceptional cases. Exceptional cases detected here - are not tested in OpFail and should therefore have manually written - test cases. - """ - # Some test keys have the RAW_DATA type and attributes that don't - # necessarily make sense. We do this to validate numerical - # encodings of the attributes. - # Raw data keys have no useful exercise anyway so there is no - # loss of test coverage. - if key_type.string == 'PSA_KEY_TYPE_RAW_DATA': - return False - # OAEP requires room for two hashes plus wrapping - m = cls.RSA_OAEP_RE.match(alg.string) - if m: - hash_alg = m.group(1) - hash_length = crypto_knowledge.Algorithm.hash_length(hash_alg) - key_length = (bits + 7) // 8 - # Leave enough room for at least one byte of plaintext - return key_length > 2 * hash_length + 2 - # There's nothing wrong with ECC keys on Brainpool curves, - # but operations with them are very slow. So we only exercise them - # with a single algorithm, not with all possible hashes. We do - # exercise other curves with all algorithms so test coverage is - # perfectly adequate like this. - m = cls.BRAINPOOL_RE.match(key_type.string) - if m and alg.string != 'PSA_ALG_ECDSA_ANY': - return False - return True - - def make_test_case(self, key: StorageTestData) -> test_case.TestCase: - """Construct a storage format test case for the given key. - - If ``forward`` is true, generate a forward compatibility test case: - create a key and validate that it has the expected representation. - Otherwise generate a backward compatibility test case: inject the - key representation into storage and validate that it can be read - correctly. - """ - verb = 'save' if self.forward else 'read' - tc = test_case.TestCase() - tc.set_description(verb + ' ' + key.description) - dependencies = psa_information.automatic_dependencies( - key.lifetime.string, key.type.string, - key.alg.string, key.alg2.string, - ) - dependencies = psa_information.finish_family_dependencies(dependencies, key.bits) - dependencies += psa_information.generate_deps_from_description(key.description) - dependencies = psa_information.fix_key_pair_dependencies(dependencies, 'BASIC') - tc.set_dependencies(dependencies) - tc.set_function('key_storage_' + verb) - if self.forward: - extra_arguments = [] - else: - flags = [] - if self.exercise_key_with_algorithm(key.type, key.bits, key.alg): - flags.append('TEST_FLAG_EXERCISE') - if 'READ_ONLY' in key.lifetime.string: - flags.append('TEST_FLAG_READ_ONLY') - extra_arguments = [' | '.join(flags) if flags else '0'] - tc.set_arguments([key.lifetime.string, - key.type.string, str(key.bits), - key.expected_usage.string, - key.alg.string, key.alg2.string, - '"' + key.material.hex() + '"', - '"' + key.hex() + '"', - *extra_arguments]) - return tc - - def key_for_lifetime( - self, - lifetime: str, - ) -> StorageTestData: - """Construct a test key for the given lifetime.""" - short = lifetime - short = re.sub(r'PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION', - r'', short) - short = crypto_knowledge.short_expression(short) - description = 'lifetime: ' + short - key = StorageTestData(version=self.version, - id=1, lifetime=lifetime, - type='PSA_KEY_TYPE_RAW_DATA', bits=8, - usage=['PSA_KEY_USAGE_EXPORT'], alg=0, alg2=0, - material=b'L', - description=description) - return key - - def all_keys_for_lifetimes(self) -> Iterator[StorageTestData]: - """Generate test keys covering lifetimes.""" - lifetimes = sorted(self.constructors.lifetimes) - expressions = self.constructors.generate_expressions(lifetimes) - for lifetime in expressions: - # Don't attempt to create or load a volatile key in storage - if 'VOLATILE' in lifetime: - continue - # Don't attempt to create a read-only key in storage, - # but do attempt to load one. - if 'READ_ONLY' in lifetime and self.forward: - continue - yield self.key_for_lifetime(lifetime) - - def key_for_usage_flags( - self, - usage_flags: List[str], - short: Optional[str] = None, - test_implicit_usage: Optional[bool] = True - ) -> StorageTestData: - """Construct a test key for the given key usage.""" - extra_desc = ' without implication' if test_implicit_usage else '' - description = 'usage' + extra_desc + ': ' - key1 = StorageTestData(version=self.version, - id=1, lifetime=0x00000001, - type='PSA_KEY_TYPE_RAW_DATA', bits=8, - expected_usage=usage_flags, - without_implicit_usage=not test_implicit_usage, - usage=usage_flags, alg=0, alg2=0, - material=b'K', - description=description) - if short is None: - usage_expr = key1.expected_usage.string - key1.description += crypto_knowledge.short_expression(usage_expr) - else: - key1.description += short - return key1 - - def generate_keys_for_usage_flags(self, **kwargs) -> Iterator[StorageTestData]: - """Generate test keys covering usage flags.""" - known_flags = sorted(self.constructors.key_usage_flags) - yield self.key_for_usage_flags(['0'], **kwargs) - for usage_flag in known_flags: - yield self.key_for_usage_flags([usage_flag], **kwargs) - for flag1, flag2 in zip(known_flags, - known_flags[1:] + [known_flags[0]]): - yield self.key_for_usage_flags([flag1, flag2], **kwargs) - - def generate_key_for_all_usage_flags(self) -> Iterator[StorageTestData]: - known_flags = sorted(self.constructors.key_usage_flags) - yield self.key_for_usage_flags(known_flags, short='all known') - - def all_keys_for_usage_flags(self) -> Iterator[StorageTestData]: - yield from self.generate_keys_for_usage_flags() - yield from self.generate_key_for_all_usage_flags() - - def key_for_type_and_alg( - self, - kt: crypto_knowledge.KeyType, - bits: int, - alg: Optional[crypto_knowledge.Algorithm] = None, - ) -> StorageTestData: - """Construct a test key of the given type. - - If alg is not None, this key allows it. - """ - usage_flags = ['PSA_KEY_USAGE_EXPORT'] - alg1 = 0 #type: psa_storage.Exprable - alg2 = 0 - if alg is not None: - alg1 = alg.expression - usage_flags += alg.usage_flags(public=kt.is_public()) - key_material = kt.key_material(bits) - description = 'type: {} {}-bit'.format(kt.short_expression(1), bits) - if alg is not None: - description += ', ' + alg.short_expression(1) - key = StorageTestData(version=self.version, - id=1, lifetime=0x00000001, - type=kt.expression, bits=bits, - usage=usage_flags, alg=alg1, alg2=alg2, - material=key_material, - description=description) - return key - - def keys_for_type( - self, - key_type: str, - all_algorithms: List[crypto_knowledge.Algorithm], - ) -> Iterator[StorageTestData]: - """Generate test keys for the given key type.""" - kt = crypto_knowledge.KeyType(key_type) - for bits in kt.sizes_to_test(): - # Test a non-exercisable key, as well as exercisable keys for - # each compatible algorithm. - # To do: test reading a key from storage with an incompatible - # or unsupported algorithm. - yield self.key_for_type_and_alg(kt, bits) - compatible_algorithms = [alg for alg in all_algorithms - if kt.can_do(alg)] - for alg in compatible_algorithms: - yield self.key_for_type_and_alg(kt, bits, alg) - - def all_keys_for_types(self) -> Iterator[StorageTestData]: - """Generate test keys covering key types and their representations.""" - key_types = sorted(self.constructors.key_types) - all_algorithms = [crypto_knowledge.Algorithm(alg) - for alg in self.constructors.generate_expressions( - sorted(self.constructors.algorithms) - )] - for key_type in self.constructors.generate_expressions(key_types): - yield from self.keys_for_type(key_type, all_algorithms) - - def keys_for_algorithm(self, alg: str) -> Iterator[StorageTestData]: - """Generate test keys for the encoding of the specified algorithm.""" - # These test cases only validate the encoding of algorithms, not - # whether the key read from storage is suitable for an operation. - # `keys_for_types` generate read tests with an algorithm and a - # compatible key. - descr = crypto_knowledge.short_expression(alg, 1) - usage = ['PSA_KEY_USAGE_EXPORT'] - key1 = StorageTestData(version=self.version, - id=1, lifetime=0x00000001, - type='PSA_KEY_TYPE_RAW_DATA', bits=8, - usage=usage, alg=alg, alg2=0, - material=b'K', - description='alg: ' + descr) - yield key1 - key2 = StorageTestData(version=self.version, - id=1, lifetime=0x00000001, - type='PSA_KEY_TYPE_RAW_DATA', bits=8, - usage=usage, alg=0, alg2=alg, - material=b'L', - description='alg2: ' + descr) - yield key2 - - def all_keys_for_algorithms(self) -> Iterator[StorageTestData]: - """Generate test keys covering algorithm encodings.""" - algorithms = sorted(self.constructors.algorithms) - for alg in self.constructors.generate_expressions(algorithms): - yield from self.keys_for_algorithm(alg) - - def generate_all_keys(self) -> Iterator[StorageTestData]: - """Generate all keys for the test cases.""" - yield from self.all_keys_for_lifetimes() - yield from self.all_keys_for_usage_flags() - yield from self.all_keys_for_types() - yield from self.all_keys_for_algorithms() - - def all_test_cases(self) -> Iterator[test_case.TestCase]: - """Generate all storage format test cases.""" - # First build a list of all keys, then construct all the corresponding - # test cases. This allows all required information to be obtained in - # one go, which is a significant performance gain as the information - # includes numerical values obtained by compiling a C program. - all_keys = list(self.generate_all_keys()) - for key in all_keys: - if key.location_value() != 0: - # Skip keys with a non-default location, because they - # require a driver and we currently have no mechanism to - # determine whether a driver is available. - continue - yield self.make_test_case(key) - -class StorageFormatForward(StorageFormat): - """Storage format stability test cases for forward compatibility.""" - - def __init__(self, info: psa_information.Information, version: int) -> None: - super().__init__(info, version, True) - -class StorageFormatV0(StorageFormat): - """Storage format stability test cases for version 0 compatibility.""" - - def __init__(self, info: psa_information.Information) -> None: - super().__init__(info, 0, False) - - def all_keys_for_usage_flags(self) -> Iterator[StorageTestData]: - """Generate test keys covering usage flags.""" - yield from super().all_keys_for_usage_flags() - yield from self.generate_keys_for_usage_flags(test_implicit_usage=False) - - def keys_for_implicit_usage( - self, - implyer_usage: str, - alg: str, - key_type: crypto_knowledge.KeyType - ) -> StorageTestData: - # pylint: disable=too-many-locals - """Generate test keys for the specified implicit usage flag, - algorithm and key type combination. - """ - bits = key_type.sizes_to_test()[0] - implicit_usage = StorageKey.IMPLICIT_USAGE_FLAGS[implyer_usage] - usage_flags = ['PSA_KEY_USAGE_EXPORT'] - material_usage_flags = usage_flags + [implyer_usage] - expected_usage_flags = material_usage_flags + [implicit_usage] - alg2 = 0 - key_material = key_type.key_material(bits) - usage_expression = crypto_knowledge.short_expression(implyer_usage, 1) - alg_expression = crypto_knowledge.short_expression(alg, 1) - key_type_expression = key_type.short_expression(1) - description = 'implied by {}: {} {} {}-bit'.format( - usage_expression, alg_expression, key_type_expression, bits) - key = StorageTestData(version=self.version, - id=1, lifetime=0x00000001, - type=key_type.expression, bits=bits, - usage=material_usage_flags, - expected_usage=expected_usage_flags, - without_implicit_usage=True, - alg=alg, alg2=alg2, - material=key_material, - description=description) - return key - - def gather_key_types_for_sign_alg(self) -> Dict[str, List[str]]: - # pylint: disable=too-many-locals - """Match possible key types for sign algorithms.""" - # To create a valid combination both the algorithms and key types - # must be filtered. Pair them with keywords created from its names. - incompatible_alg_keyword = frozenset(['RAW', 'ANY', 'PURE']) - incompatible_key_type_keywords = frozenset(['MONTGOMERY']) - keyword_translation = { - 'ECDSA': 'ECC', - 'ED[0-9]*.*' : 'EDWARDS' - } - exclusive_keywords = { - 'EDWARDS': 'ECC' - } - key_types = set(self.constructors.generate_expressions(self.constructors.key_types)) - algorithms = set(self.constructors.generate_expressions(self.constructors.sign_algorithms)) - alg_with_keys = {} #type: Dict[str, List[str]] - translation_table = str.maketrans('(', '_', ')') - for alg in algorithms: - # Generate keywords from the name of the algorithm - alg_keywords = set(alg.partition('(')[0].split(sep='_')[2:]) - # Translate keywords for better matching with the key types - for keyword in alg_keywords.copy(): - for pattern, replace in keyword_translation.items(): - if re.match(pattern, keyword): - alg_keywords.remove(keyword) - alg_keywords.add(replace) - # Filter out incompatible algorithms - if not alg_keywords.isdisjoint(incompatible_alg_keyword): - continue - - for key_type in key_types: - # Generate keywords from the of the key type - key_type_keywords = set(key_type.translate(translation_table).split(sep='_')[3:]) - - # Remove ambiguous keywords - for keyword1, keyword2 in exclusive_keywords.items(): - if keyword1 in key_type_keywords: - key_type_keywords.remove(keyword2) - - if key_type_keywords.isdisjoint(incompatible_key_type_keywords) and\ - not key_type_keywords.isdisjoint(alg_keywords): - if alg in alg_with_keys: - alg_with_keys[alg].append(key_type) - else: - alg_with_keys[alg] = [key_type] - return alg_with_keys - - def all_keys_for_implicit_usage(self) -> Iterator[StorageTestData]: - """Generate test keys for usage flag extensions.""" - # Generate a key type and algorithm pair for each extendable usage - # flag to generate a valid key for exercising. The key is generated - # without usage extension to check the extension compatibility. - alg_with_keys = self.gather_key_types_for_sign_alg() - - for usage in sorted(StorageKey.IMPLICIT_USAGE_FLAGS, key=str): - for alg in sorted(alg_with_keys): - for key_type in sorted(alg_with_keys[alg]): - # The key types must be filtered to fit the specific usage flag. - kt = crypto_knowledge.KeyType(key_type) - if kt.is_public() and '_SIGN_' in usage: - # Can't sign with a public key - continue - yield self.keys_for_implicit_usage(usage, alg, kt) - - def generate_all_keys(self) -> Iterator[StorageTestData]: - yield from super().generate_all_keys() - yield from self.all_keys_for_implicit_usage() - - -class PSATestGenerator(test_data_generation.TestGenerator): - """Test generator subclass including PSA targets and info.""" - # Note that targets whose names contain 'test_format' have their content - # validated by `abi_check.py`. - targets = { - 'test_suite_psa_crypto_generate_key.generated': - lambda info: KeyGenerate(info).test_cases_for_key_generation(), - 'test_suite_psa_crypto_not_supported.generated': - lambda info: KeyTypeNotSupported(info).test_cases_for_not_supported(), - 'test_suite_psa_crypto_low_hash.generated': - lambda info: crypto_data_tests.HashPSALowLevel(info).all_test_cases(), - 'test_suite_psa_crypto_op_fail.generated': - lambda info: OpFail(info).all_test_cases(), - 'test_suite_psa_crypto_storage_format.current': - lambda info: StorageFormatForward(info, 0).all_test_cases(), - 'test_suite_psa_crypto_storage_format.v0': - lambda info: StorageFormatV0(info).all_test_cases(), - } #type: Dict[str, Callable[[psa_information.Information], Iterable[test_case.TestCase]]] - - def __init__(self, options): - super().__init__(options) - self.info = psa_information.Information() - - def generate_target(self, name: str, *target_args) -> None: - super().generate_target(name, self.info) - - -if __name__ == '__main__': - test_data_generation.main(sys.argv[1:], __doc__, PSATestGenerator) diff --git a/tests/scripts/generate_psa_wrappers.py b/tests/scripts/generate_psa_wrappers.py deleted file mode 100755 index 500693bdae..0000000000 --- a/tests/scripts/generate_psa_wrappers.py +++ /dev/null @@ -1,257 +0,0 @@ -#!/usr/bin/env python3 -"""Generate wrapper functions for PSA function calls. -""" - -# Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - -### WARNING: the code in this file has not been extensively reviewed yet. -### We do not think it is harmful, but it may be below our normal standards -### for robustness and maintainability. - -import argparse -import itertools -import os -from typing import Iterator, List, Optional, Tuple - -import scripts_path #pylint: disable=unused-import -from mbedtls_framework import build_tree -from mbedtls_framework import c_parsing_helper -from mbedtls_framework import c_wrapper_generator -from mbedtls_framework import typing_util - - -class BufferParameter: - """Description of an input or output buffer parameter sequence to a PSA function.""" - #pylint: disable=too-few-public-methods - - def __init__(self, i: int, is_output: bool, - buffer_name: str, size_name: str) -> None: - """Initialize the parameter information. - - i is the index of the function argument that is the pointer to the buffer. - The size is argument i+1. For a variable-size output, the actual length - goes in argument i+2. - - buffer_name and size_names are the names of arguments i and i+1. - This class does not yet help with the output length. - """ - self.index = i - self.buffer_name = buffer_name - self.size_name = size_name - self.is_output = is_output - - -class PSAWrapperGenerator(c_wrapper_generator.Base): - """Generate a C source file containing wrapper functions for PSA Crypto API calls.""" - - _CPP_GUARDS = ('defined(MBEDTLS_PSA_CRYPTO_C) && ' + - 'defined(MBEDTLS_TEST_HOOKS) && \\\n ' + - '!defined(RECORD_PSA_STATUS_COVERAGE_LOG)') - _WRAPPER_NAME_PREFIX = 'mbedtls_test_wrap_' - _WRAPPER_NAME_SUFFIX = '' - - def gather_data(self) -> None: - root_dir = build_tree.guess_mbedtls_root() - for header_name in ['crypto.h', 'crypto_extra.h']: - header_path = os.path.join(root_dir, 'include', 'psa', header_name) - c_parsing_helper.read_function_declarations(self.functions, header_path) - - _SKIP_FUNCTIONS = frozenset([ - 'mbedtls_psa_external_get_random', # not a library function - 'psa_get_key_domain_parameters', # client-side function - 'psa_get_key_slot_number', # client-side function - 'psa_key_derivation_verify_bytes', # not implemented yet - 'psa_key_derivation_verify_key', # not implemented yet - 'psa_set_key_domain_parameters', # client-side function - ]) - - def _skip_function(self, function: c_wrapper_generator.FunctionInfo) -> bool: - if function.return_type != 'psa_status_t': - return True - if function.name in self._SKIP_FUNCTIONS: - return True - return False - - # PAKE stuff: not implemented yet - _PAKE_STUFF = frozenset([ - 'psa_crypto_driver_pake_inputs_t *', - 'psa_pake_cipher_suite_t *', - ]) - - def _return_variable_name(self, - function: c_wrapper_generator.FunctionInfo) -> str: - """The name of the variable that will contain the return value.""" - if function.return_type == 'psa_status_t': - return 'status' - return super()._return_variable_name(function) - - _FUNCTION_GUARDS = c_wrapper_generator.Base._FUNCTION_GUARDS.copy() \ - #pylint: disable=protected-access - _FUNCTION_GUARDS.update({ - 'mbedtls_psa_register_se_key': 'defined(MBEDTLS_PSA_CRYPTO_SE_C)', - 'mbedtls_psa_inject_entropy': 'defined(MBEDTLS_PSA_INJECT_ENTROPY)', - 'mbedtls_psa_external_get_random': 'defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG)', - 'mbedtls_psa_platform_get_builtin_key': 'defined(MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS)', - }) - - @staticmethod - def _detect_buffer_parameters(arguments: List[c_parsing_helper.ArgumentInfo], - argument_names: List[str]) -> Iterator[BufferParameter]: - """Detect function arguments that are buffers (pointer, size [,length]).""" - types = ['' if arg.suffix else arg.type for arg in arguments] - # pairs = list of (type_of_arg_N, type_of_arg_N+1) - # where each type_of_arg_X is the empty string if the type is an array - # or there is no argument X. - pairs = enumerate(itertools.zip_longest(types, types[1:], fillvalue='')) - for i, t01 in pairs: - if (t01[0] == 'const uint8_t *' or t01[0] == 'uint8_t *') and \ - t01[1] == 'size_t': - yield BufferParameter(i, not t01[0].startswith('const '), - argument_names[i], argument_names[i+1]) - - @staticmethod - def _write_poison_buffer_parameter(out: typing_util.Writable, - param: BufferParameter, - poison: bool) -> None: - """Write poisoning or unpoisoning code for a buffer parameter. - - Write poisoning code if poison is true, unpoisoning code otherwise. - """ - out.write(' MBEDTLS_TEST_MEMORY_{}({}, {});\n'.format( - 'POISON' if poison else 'UNPOISON', - param.buffer_name, param.size_name - )) - - def _write_poison_buffer_parameters(self, out: typing_util.Writable, - buffer_parameters: List[BufferParameter], - poison: bool) -> None: - """Write poisoning or unpoisoning code for the buffer parameters. - - Write poisoning code if poison is true, unpoisoning code otherwise. - """ - if not buffer_parameters: - return - out.write('#if !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS)\n') - for param in buffer_parameters: - self._write_poison_buffer_parameter(out, param, poison) - out.write('#endif /* !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) */\n') - - @staticmethod - def _parameter_should_be_copied(function_name: str, - _buffer_name: Optional[str]) -> bool: - """Whether the specified buffer argument to a PSA function should be copied. - """ - # False-positives that do not need buffer copying - if function_name in ('mbedtls_psa_inject_entropy', - 'psa_crypto_driver_pake_get_password', - 'psa_crypto_driver_pake_get_user', - 'psa_crypto_driver_pake_get_peer'): - return False - - return True - - def _write_function_call(self, out: typing_util.Writable, - function: c_wrapper_generator.FunctionInfo, - argument_names: List[str]) -> None: - buffer_parameters = list( - param - for param in self._detect_buffer_parameters(function.arguments, - argument_names) - if self._parameter_should_be_copied(function.name, - function.arguments[param.index].name)) - self._write_poison_buffer_parameters(out, buffer_parameters, True) - super()._write_function_call(out, function, argument_names) - self._write_poison_buffer_parameters(out, buffer_parameters, False) - - def _write_prologue(self, out: typing_util.Writable, header: bool) -> None: - super()._write_prologue(out, header) - out.write(""" -#if {} - -#include - -#include -#include -#include -""" - .format(self._CPP_GUARDS)) - - def _write_epilogue(self, out: typing_util.Writable, header: bool) -> None: - out.write(""" -#endif /* {} */ -""" - .format(self._CPP_GUARDS)) - super()._write_epilogue(out, header) - - -class PSALoggingWrapperGenerator(PSAWrapperGenerator, c_wrapper_generator.Logging): - """Generate a C source file containing wrapper functions that log PSA Crypto API calls.""" - - def __init__(self, stream: str) -> None: - super().__init__() - self.set_stream(stream) - - _PRINTF_TYPE_CAST = c_wrapper_generator.Logging._PRINTF_TYPE_CAST.copy() - _PRINTF_TYPE_CAST.update({ - 'mbedtls_svc_key_id_t': 'unsigned', - 'psa_algorithm_t': 'unsigned', - 'psa_drv_slot_number_t': 'unsigned long long', - 'psa_key_derivation_step_t': 'int', - 'psa_key_id_t': 'unsigned', - 'psa_key_slot_number_t': 'unsigned long long', - 'psa_key_lifetime_t': 'unsigned', - 'psa_key_type_t': 'unsigned', - 'psa_key_usage_flags_t': 'unsigned', - 'psa_pake_role_t': 'int', - 'psa_pake_step_t': 'int', - 'psa_status_t': 'int', - }) - - def _printf_parameters(self, typ: str, var: str) -> Tuple[str, List[str]]: - if typ.startswith('const '): - typ = typ[6:] - if typ == 'uint8_t *': - # Skip buffers - return '', [] - if typ.endswith('operation_t *'): - return '', [] - if typ in self._PAKE_STUFF: - return '', [] - if typ == 'psa_key_attributes_t *': - return (var + '={id=%u, lifetime=0x%08x, type=0x%08x, bits=%u, alg=%08x, usage=%08x}', - ['(unsigned) psa_get_key_{}({})'.format(field, var) - for field in ['id', 'lifetime', 'type', 'bits', 'algorithm', 'usage_flags']]) - return super()._printf_parameters(typ, var) - - -DEFAULT_C_OUTPUT_FILE_NAME = 'tests/src/psa_test_wrappers.c' -DEFAULT_H_OUTPUT_FILE_NAME = 'tests/include/test/psa_test_wrappers.h' - -def main() -> None: - parser = argparse.ArgumentParser(description=globals()['__doc__']) - parser.add_argument('--log', - help='Stream to log to (default: no logging code)') - parser.add_argument('--output-c', - metavar='FILENAME', - default=DEFAULT_C_OUTPUT_FILE_NAME, - help=('Output .c file path (default: {}; skip .c output if empty)' - .format(DEFAULT_C_OUTPUT_FILE_NAME))) - parser.add_argument('--output-h', - metavar='FILENAME', - default=DEFAULT_H_OUTPUT_FILE_NAME, - help=('Output .h file path (default: {}; skip .h output if empty)' - .format(DEFAULT_H_OUTPUT_FILE_NAME))) - options = parser.parse_args() - if options.log: - generator = PSALoggingWrapperGenerator(options.log) #type: PSAWrapperGenerator - else: - generator = PSAWrapperGenerator() - generator.gather_data() - if options.output_h: - generator.write_h_file(options.output_h) - if options.output_c: - generator.write_c_file(options.output_c) - -if __name__ == '__main__': - main() diff --git a/tests/scripts/generate_test_cert_macros.py b/tests/scripts/generate_test_cert_macros.py deleted file mode 100755 index 14270e0603..0000000000 --- a/tests/scripts/generate_test_cert_macros.py +++ /dev/null @@ -1,108 +0,0 @@ -#!/usr/bin/env python3 - -""" -Generate `tests/src/test_certs.h` which includes certficaties/keys/certificate list for testing. -""" - -# -# Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - - -import os -import sys -import argparse -import jinja2 -import scripts_path # pylint: disable=unused-import -from mbedtls_framework.build_tree import guess_project_root - -TEST_DIR = os.path.join(guess_project_root(), 'tests') -DATA_FILES_PATH = os.path.join(TEST_DIR, 'data_files') - -INPUT_ARGS = [ - ("string", "TEST_CA_CRT_EC_PEM", DATA_FILES_PATH + "/test-ca2.crt"), - ("binary", "TEST_CA_CRT_EC_DER", DATA_FILES_PATH + "/test-ca2.crt.der"), - ("string", "TEST_CA_KEY_EC_PEM", DATA_FILES_PATH + "/test-ca2.key.enc"), - ("password", "TEST_CA_PWD_EC_PEM", "PolarSSLTest"), - ("binary", "TEST_CA_KEY_EC_DER", DATA_FILES_PATH + "/test-ca2.key.der"), - ("string", "TEST_CA_CRT_RSA_SHA256_PEM", DATA_FILES_PATH + "/test-ca-sha256.crt"), - ("binary", "TEST_CA_CRT_RSA_SHA256_DER", DATA_FILES_PATH + "/test-ca-sha256.crt.der"), - ("string", "TEST_CA_CRT_RSA_SHA1_PEM", DATA_FILES_PATH + "/test-ca-sha1.crt"), - ("binary", "TEST_CA_CRT_RSA_SHA1_DER", DATA_FILES_PATH + "/test-ca-sha1.crt.der"), - ("string", "TEST_CA_KEY_RSA_PEM", DATA_FILES_PATH + "/test-ca.key"), - ("password", "TEST_CA_PWD_RSA_PEM", "PolarSSLTest"), - ("binary", "TEST_CA_KEY_RSA_DER", DATA_FILES_PATH + "/test-ca.key.der"), - ("string", "TEST_SRV_CRT_EC_PEM", DATA_FILES_PATH + "/server5.crt"), - ("binary", "TEST_SRV_CRT_EC_DER", DATA_FILES_PATH + "/server5.crt.der"), - ("string", "TEST_SRV_KEY_EC_PEM", DATA_FILES_PATH + "/server5.key"), - ("binary", "TEST_SRV_KEY_EC_DER", DATA_FILES_PATH + "/server5.key.der"), - ("string", "TEST_SRV_CRT_RSA_SHA256_PEM", DATA_FILES_PATH + "/server2-sha256.crt"), - ("binary", "TEST_SRV_CRT_RSA_SHA256_DER", DATA_FILES_PATH + "/server2-sha256.crt.der"), - ("string", "TEST_SRV_CRT_RSA_SHA1_PEM", DATA_FILES_PATH + "/server2.crt"), - ("binary", "TEST_SRV_CRT_RSA_SHA1_DER", DATA_FILES_PATH + "/server2.crt.der"), - ("string", "TEST_SRV_KEY_RSA_PEM", DATA_FILES_PATH + "/server2.key"), - ("binary", "TEST_SRV_KEY_RSA_DER", DATA_FILES_PATH + "/server2.key.der"), - ("string", "TEST_CLI_CRT_EC_PEM", DATA_FILES_PATH + "/cli2.crt"), - ("binary", "TEST_CLI_CRT_EC_DER", DATA_FILES_PATH + "/cli2.crt.der"), - ("string", "TEST_CLI_KEY_EC_PEM", DATA_FILES_PATH + "/cli2.key"), - ("binary", "TEST_CLI_KEY_EC_DER", DATA_FILES_PATH + "/cli2.key.der"), - ("string", "TEST_CLI_CRT_RSA_PEM", DATA_FILES_PATH + "/cli-rsa-sha256.crt"), - ("binary", "TEST_CLI_CRT_RSA_DER", DATA_FILES_PATH + "/cli-rsa-sha256.crt.der"), - ("string", "TEST_CLI_KEY_RSA_PEM", DATA_FILES_PATH + "/cli-rsa.key"), - ("binary", "TEST_CLI_KEY_RSA_DER", DATA_FILES_PATH + "/cli-rsa.key.der"), -] - -def main(): - parser = argparse.ArgumentParser() - default_output_path = os.path.join(TEST_DIR, 'src', 'test_certs.h') - parser.add_argument('--output', type=str, default=default_output_path) - parser.add_argument('--list-dependencies', action='store_true') - args = parser.parse_args() - - if args.list_dependencies: - files_list = [arg[2] for arg in INPUT_ARGS] - print(" ".join(files_list)) - return - - generate(INPUT_ARGS, output=args.output) - -#pylint: disable=dangerous-default-value, unused-argument -def generate(values=[], output=None): - """Generate C header file. - """ - template_loader = jinja2.FileSystemLoader(DATA_FILES_PATH) - template_env = jinja2.Environment( - loader=template_loader, lstrip_blocks=True, trim_blocks=True, - keep_trailing_newline=True) - - def read_as_c_array(filename): - with open(filename, 'rb') as f: - data = f.read(12) - while data: - yield ', '.join(['{:#04x}'.format(b) for b in data]) - data = f.read(12) - - def read_lines(filename): - with open(filename) as f: - try: - for line in f: - yield line.strip() - except: - print(filename) - raise - - def put_to_column(value, position=0): - return ' '*position + value - - template_env.filters['read_as_c_array'] = read_as_c_array - template_env.filters['read_lines'] = read_lines - template_env.filters['put_to_column'] = put_to_column - - template = template_env.get_template('test_certs.h.jinja2') - - with open(output, 'w') as f: - f.write(template.render(macros=values)) - - -if __name__ == '__main__': - sys.exit(main()) diff --git a/tests/scripts/generate_test_code.py b/tests/scripts/generate_test_code.py deleted file mode 100755 index 5f711bfb19..0000000000 --- a/tests/scripts/generate_test_code.py +++ /dev/null @@ -1,1277 +0,0 @@ -#!/usr/bin/env python3 -# Test suites code generator. -# -# Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - -""" -This script is a key part of Mbed TLS test suites framework. For -understanding the script it is important to understand the -framework. This doc string contains a summary of the framework -and explains the function of this script. - -Mbed TLS test suites: -===================== -Scope: ------- -The test suites focus on unit testing the crypto primitives and also -include x509 parser tests. Tests can be added to test any Mbed TLS -module. However, the framework is not capable of testing SSL -protocol, since that requires full stack execution and that is best -tested as part of the system test. - -Test case definition: ---------------------- -Tests are defined in a test_suite_[.].data -file. A test definition contains: - test name - optional build macro dependencies - test function - test parameters - -Test dependencies are build macros that can be specified to indicate -the build config in which the test is valid. For example if a test -depends on a feature that is only enabled by defining a macro. Then -that macro should be specified as a dependency of the test. - -Test function is the function that implements the test steps. This -function is specified for different tests that perform same steps -with different parameters. - -Test parameters are specified in string form separated by ':'. -Parameters can be of type string, binary data specified as hex -string and integer constants specified as integer, macro or -as an expression. Following is an example test definition: - - AES 128 GCM Encrypt and decrypt 8 bytes - depends_on:MBEDTLS_AES_C:MBEDTLS_GCM_C - enc_dec_buf:MBEDTLS_CIPHER_AES_128_GCM:"AES-128-GCM":128:8:-1 - -Test functions: ---------------- -Test functions are coded in C in test_suite_.function files. -Functions file is itself not compilable and contains special -format patterns to specify test suite dependencies, start and end -of functions and function dependencies. Check any existing functions -file for example. - -Execution: ----------- -Tests are executed in 3 steps: -- Generating test_suite_[.].c file - for each corresponding .data file. -- Building each source file into executables. -- Running each executable and printing report. - -Generating C test source requires more than just the test functions. -Following extras are required: -- Process main() -- Reading .data file and dispatching test cases. -- Platform specific test case execution -- Dependency checking -- Integer expression evaluation -- Test function dispatch - -Build dependencies and integer expressions (in the test parameters) -are specified as strings in the .data file. Their run time value is -not known at the generation stage. Hence, they need to be translated -into run time evaluations. This script generates the run time checks -for dependencies and integer expressions. - -Similarly, function names have to be translated into function calls. -This script also generates code for function dispatch. - -The extra code mentioned here is either generated by this script -or it comes from the input files: helpers file, platform file and -the template file. - -Helper file: ------------- -Helpers file contains common helper/utility functions and data. - -Platform file: --------------- -Platform file contains platform specific setup code and test case -dispatch code. For example, host_test.function reads test data -file from host's file system and dispatches tests. - -Template file: ---------- -Template file for example main_test.function is a template C file in -which generated code and code from input files is substituted to -generate a compilable C file. It also contains skeleton functions for -dependency checks, expression evaluation and function dispatch. These -functions are populated with checks and return codes by this script. - -Template file contains "replacement" fields that are formatted -strings processed by Python string.Template.substitute() method. - -This script: -============ -Core function of this script is to fill the template file with -code that is generated or read from helpers and platform files. - -This script replaces following fields in the template and generates -the test source file: - -__MBEDTLS_TEST_TEMPLATE__TEST_COMMON_HELPERS - All common code from helpers.function - is substituted here. -__MBEDTLS_TEST_TEMPLATE__FUNCTIONS_CODE - Test functions are substituted here - from the input test_suit_xyz.function - file. C preprocessor checks are generated - for the build dependencies specified - in the input file. This script also - generates wrappers for the test - functions with code to expand the - string parameters read from the data - file. -__MBEDTLS_TEST_TEMPLATE__EXPRESSION_CODE - This script enumerates the - expressions in the .data file and - generates code to handle enumerated - expression Ids and return the values. -__MBEDTLS_TEST_TEMPLATE__DEP_CHECK_CODE - This script enumerates all - build dependencies and generate - code to handle enumerated build - dependency Id and return status: if - the dependency is defined or not. -__MBEDTLS_TEST_TEMPLATE__DISPATCH_CODE - This script enumerates the functions - specified in the input test data file - and generates the initializer for the - function table in the template - file. -__MBEDTLS_TEST_TEMPLATE__PLATFORM_CODE - Platform specific setup and test - dispatch code. - -""" - - -import os -import re -import sys -import string -import argparse - - -# Types recognized as signed integer arguments in test functions. -SIGNED_INTEGER_TYPES = frozenset([ - 'char', - 'short', - 'short int', - 'int', - 'int8_t', - 'int16_t', - 'int32_t', - 'int64_t', - 'intmax_t', - 'long', - 'long int', - 'long long int', - 'mbedtls_mpi_sint', - 'psa_status_t', -]) -# Types recognized as string arguments in test functions. -STRING_TYPES = frozenset(['char*', 'const char*', 'char const*']) -# Types recognized as hex data arguments in test functions. -DATA_TYPES = frozenset(['data_t*', 'const data_t*', 'data_t const*']) - -BEGIN_HEADER_REGEX = r'/\*\s*BEGIN_HEADER\s*\*/' -END_HEADER_REGEX = r'/\*\s*END_HEADER\s*\*/' - -BEGIN_SUITE_HELPERS_REGEX = r'/\*\s*BEGIN_SUITE_HELPERS\s*\*/' -END_SUITE_HELPERS_REGEX = r'/\*\s*END_SUITE_HELPERS\s*\*/' - -BEGIN_DEP_REGEX = r'BEGIN_DEPENDENCIES' -END_DEP_REGEX = r'END_DEPENDENCIES' - -BEGIN_CASE_REGEX = r'/\*\s*BEGIN_CASE\s*(?P.*?)\s*\*/' -END_CASE_REGEX = r'/\*\s*END_CASE\s*\*/' - -DEPENDENCY_REGEX = r'depends_on:(?P.*)' -C_IDENTIFIER_REGEX = r'!?[a-z_][a-z0-9_]*' -CONDITION_OPERATOR_REGEX = r'[!=]=|[<>]=?' -# forbid 0ddd which might be accidentally octal or accidentally decimal -CONDITION_VALUE_REGEX = r'[-+]?(0x[0-9a-f]+|0|[1-9][0-9]*)' -CONDITION_REGEX = r'({})(?:\s*({})\s*({}))?$'.format(C_IDENTIFIER_REGEX, - CONDITION_OPERATOR_REGEX, - CONDITION_VALUE_REGEX) -TEST_FUNCTION_VALIDATION_REGEX = r'\s*void\s+(?P\w+)\s*\(' -FUNCTION_ARG_LIST_END_REGEX = r'.*\)' -EXIT_LABEL_REGEX = r'^exit:' - - -class GeneratorInputError(Exception): - """ - Exception to indicate error in the input files to this script. - This includes missing patterns, test function names and other - parsing errors. - """ - pass - - -class FileWrapper: - """ - This class extends the file object with attribute line_no, - that indicates line number for the line that is read. - """ - - def __init__(self, file_name) -> None: - """ - Instantiate the file object and initialize the line number to 0. - - :param file_name: File path to open. - """ - # private mix-in file object - self._f = open(file_name, 'rb') - self._line_no = 0 - - def __iter__(self): - return self - - def __next__(self): - """ - This method makes FileWrapper iterable. - It counts the line numbers as each line is read. - - :return: Line read from file. - """ - line = self._f.__next__() - self._line_no += 1 - # Convert byte array to string with correct encoding and - # strip any whitespaces added in the decoding process. - return line.decode(sys.getdefaultencoding()).rstrip()+ '\n' - - def __enter__(self): - return self - - def __exit__(self, exc_type, exc_val, exc_tb): - self._f.__exit__(exc_type, exc_val, exc_tb) - - @property - def line_no(self): - """ - Property that indicates line number for the line that is read. - """ - return self._line_no - - @property - def name(self): - """ - Property that indicates name of the file that is read. - """ - return self._f.name - - -def split_dep(dep): - """ - Split NOT character '!' from dependency. Used by gen_dependencies() - - :param dep: Dependency list - :return: string tuple. Ex: ('!', MACRO) for !MACRO and ('', MACRO) for - MACRO. - """ - return ('!', dep[1:]) if dep[0] == '!' else ('', dep) - - -def gen_dependencies(dependencies): - """ - Test suite data and functions specifies compile time dependencies. - This function generates C preprocessor code from the input - dependency list. Caller uses the generated preprocessor code to - wrap dependent code. - A dependency in the input list can have a leading '!' character - to negate a condition. '!' is separated from the dependency using - function split_dep() and proper preprocessor check is generated - accordingly. - - :param dependencies: List of dependencies. - :return: if defined and endif code with macro annotations for - readability. - """ - dep_start = ''.join(['#if %sdefined(%s)\n' % (x, y) for x, y in - map(split_dep, dependencies)]) - dep_end = ''.join(['#endif /* %s */\n' % - x for x in reversed(dependencies)]) - - return dep_start, dep_end - - -def gen_dependencies_one_line(dependencies): - """ - Similar to gen_dependencies() but generates dependency checks in one line. - Useful for generating code with #else block. - - :param dependencies: List of dependencies. - :return: Preprocessor check code - """ - defines = '#if ' if dependencies else '' - defines += ' && '.join(['%sdefined(%s)' % (x, y) for x, y in map( - split_dep, dependencies)]) - return defines - - -def gen_function_wrapper(name, local_vars, args_dispatch): - """ - Creates test function wrapper code. A wrapper has the code to - unpack parameters from parameters[] array. - - :param name: Test function name - :param local_vars: Local variables declaration code - :param args_dispatch: List of dispatch arguments. - Ex: ['(char *) params[0]', '*((int *) params[1])'] - :return: Test function wrapper. - """ - # Then create the wrapper - wrapper = ''' -void {name}_wrapper( void ** params ) -{{ -{unused_params}{locals} - {name}( {args} ); -}} -'''.format(name=name, - unused_params='' if args_dispatch else ' (void)params;\n', - args=', '.join(args_dispatch), - locals=local_vars) - return wrapper - - -def gen_dispatch(name, dependencies): - """ - Test suite code template main_test.function defines a C function - array to contain test case functions. This function generates an - initializer entry for a function in that array. The entry is - composed of a compile time check for the test function - dependencies. At compile time the test function is assigned when - dependencies are met, else NULL is assigned. - - :param name: Test function name - :param dependencies: List of dependencies - :return: Dispatch code. - """ - if dependencies: - preprocessor_check = gen_dependencies_one_line(dependencies) - dispatch_code = ''' -{preprocessor_check} - {name}_wrapper, -#else - NULL, -#endif -'''.format(preprocessor_check=preprocessor_check, name=name) - else: - dispatch_code = ''' - {name}_wrapper, -'''.format(name=name) - - return dispatch_code - - -def parse_until_pattern(funcs_f, end_regex): - """ - Matches pattern end_regex to the lines read from the file object. - Returns the lines read until end pattern is matched. - - :param funcs_f: file object for .function file - :param end_regex: Pattern to stop parsing - :return: Lines read before the end pattern - """ - headers = '#line %d "%s"\n' % (funcs_f.line_no + 1, funcs_f.name) - for line in funcs_f: - if re.search(end_regex, line): - break - headers += line - else: - raise GeneratorInputError("file: %s - end pattern [%s] not found!" % - (funcs_f.name, end_regex)) - - return headers - - -def validate_dependency(dependency): - """ - Validates a C macro and raises GeneratorInputError on invalid input. - :param dependency: Input macro dependency - :return: input dependency stripped of leading & trailing white spaces. - """ - dependency = dependency.strip() - if not re.match(CONDITION_REGEX, dependency, re.I): - raise GeneratorInputError('Invalid dependency %s' % dependency) - return dependency - - -def parse_dependencies(inp_str): - """ - Parses dependencies out of inp_str, validates them and returns a - list of macros. - - :param inp_str: Input string with macros delimited by ':'. - :return: list of dependencies - """ - dependencies = list(map(validate_dependency, inp_str.split(':'))) - return dependencies - - -def parse_suite_dependencies(funcs_f): - """ - Parses test suite dependencies specified at the top of a - .function file, that starts with pattern BEGIN_DEPENDENCIES - and end with END_DEPENDENCIES. Dependencies are specified - after pattern 'depends_on:' and are delimited by ':'. - - :param funcs_f: file object for .function file - :return: List of test suite dependencies. - """ - dependencies = [] - for line in funcs_f: - match = re.search(DEPENDENCY_REGEX, line.strip()) - if match: - try: - dependencies = parse_dependencies(match.group('dependencies')) - except GeneratorInputError as error: - raise GeneratorInputError( - str(error) + " - %s:%d" % (funcs_f.name, funcs_f.line_no)) - if re.search(END_DEP_REGEX, line): - break - else: - raise GeneratorInputError("file: %s - end dependency pattern [%s]" - " not found!" % (funcs_f.name, - END_DEP_REGEX)) - - return dependencies - - -def parse_function_dependencies(line): - """ - Parses function dependencies, that are in the same line as - comment BEGIN_CASE. Dependencies are specified after pattern - 'depends_on:' and are delimited by ':'. - - :param line: Line from .function file that has dependencies. - :return: List of dependencies. - """ - dependencies = [] - match = re.search(BEGIN_CASE_REGEX, line) - dep_str = match.group('depends_on') - if dep_str: - match = re.search(DEPENDENCY_REGEX, dep_str) - if match: - dependencies += parse_dependencies(match.group('dependencies')) - - return dependencies - - -ARGUMENT_DECLARATION_REGEX = re.compile(r'(.+?) ?(?:\bconst\b)? ?(\w+)\Z', re.S) -def parse_function_argument(arg, arg_idx, args, local_vars, args_dispatch): - """ - Parses one test function's argument declaration. - - :param arg: argument declaration. - :param arg_idx: current wrapper argument index. - :param args: accumulator of arguments' internal types. - :param local_vars: accumulator of internal variable declarations. - :param args_dispatch: accumulator of argument usage expressions. - :return: the number of new wrapper arguments, - or None if the argument declaration is invalid. - """ - # Normalize whitespace - arg = arg.strip() - arg = re.sub(r'\s*\*\s*', r'*', arg) - arg = re.sub(r'\s+', r' ', arg) - # Extract name and type - m = ARGUMENT_DECLARATION_REGEX.search(arg) - if not m: - # E.g. "int x[42]" - return None - typ, _ = m.groups() - if typ in SIGNED_INTEGER_TYPES: - args.append('int') - args_dispatch.append('((mbedtls_test_argument_t *) params[%d])->sint' % arg_idx) - return 1 - if typ in STRING_TYPES: - args.append('char*') - args_dispatch.append('(char *) params[%d]' % arg_idx) - return 1 - if typ in DATA_TYPES: - args.append('hex') - # create a structure - pointer_initializer = '(uint8_t *) params[%d]' % arg_idx - len_initializer = '((mbedtls_test_argument_t *) params[%d])->len' % (arg_idx+1) - local_vars.append(' data_t data%d = {%s, %s};\n' % - (arg_idx, pointer_initializer, len_initializer)) - args_dispatch.append('&data%d' % arg_idx) - return 2 - return None - -ARGUMENT_LIST_REGEX = re.compile(r'\((.*?)\)', re.S) -def parse_function_arguments(line): - """ - Parses test function signature for validation and generates - a dispatch wrapper function that translates input test vectors - read from the data file into test function arguments. - - :param line: Line from .function file that has a function - signature. - :return: argument list, local variables for - wrapper function and argument dispatch code. - """ - # Process arguments, ex: arg1, arg2 ) - # This script assumes that the argument list is terminated by ')' - # i.e. the test functions will not have a function pointer - # argument. - m = ARGUMENT_LIST_REGEX.search(line) - arg_list = m.group(1).strip() - if arg_list in ['', 'void']: - return [], '', [] - args = [] - local_vars = [] - args_dispatch = [] - arg_idx = 0 - for arg in arg_list.split(','): - indexes = parse_function_argument(arg, arg_idx, - args, local_vars, args_dispatch) - if indexes is None: - raise ValueError("Test function arguments can only be 'int', " - "'char *' or 'data_t'\n%s" % line) - arg_idx += indexes - - return args, ''.join(local_vars), args_dispatch - - -def generate_function_code(name, code, local_vars, args_dispatch, - dependencies): - """ - Generate function code with preprocessor checks and parameter dispatch - wrapper. - - :param name: Function name - :param code: Function code - :param local_vars: Local variables for function wrapper - :param args_dispatch: Argument dispatch code - :param dependencies: Preprocessor dependencies list - :return: Final function code - """ - # Add exit label if not present - if code.find('exit:') == -1: - split_code = code.rsplit('}', 1) - if len(split_code) == 2: - code = """exit: - ; -}""".join(split_code) - - code += gen_function_wrapper(name, local_vars, args_dispatch) - preprocessor_check_start, preprocessor_check_end = \ - gen_dependencies(dependencies) - return preprocessor_check_start + code + preprocessor_check_end - -COMMENT_START_REGEX = re.compile(r'/[*/]') - -def skip_comments(line, stream): - """Remove comments in line. - - If the line contains an unfinished comment, read more lines from stream - until the line that contains the comment. - - :return: The original line with inner comments replaced by spaces. - Trailing comments and whitespace may be removed completely. - """ - pos = 0 - while True: - opening = COMMENT_START_REGEX.search(line, pos) - if not opening: - break - if line[opening.start(0) + 1] == '/': # //... - continuation = line - # Count the number of line breaks, to keep line numbers aligned - # in the output. - line_count = 1 - while continuation.endswith('\\\n'): - # This errors out if the file ends with an unfinished line - # comment. That's acceptable to not complicate the code further. - continuation = next(stream) - line_count += 1 - return line[:opening.start(0)].rstrip() + '\n' * line_count - # Parsing /*...*/, looking for the end - closing = line.find('*/', opening.end(0)) - while closing == -1: - # This errors out if the file ends with an unfinished block - # comment. That's acceptable to not complicate the code further. - line += next(stream) - closing = line.find('*/', opening.end(0)) - pos = closing + 2 - # Replace inner comment by spaces. There needs to be at least one space - # for things like 'int/*ihatespaces*/foo'. Go further and preserve the - # width of the comment and line breaks, this way positions in error - # messages remain correct. - line = (line[:opening.start(0)] + - re.sub(r'.', r' ', line[opening.start(0):pos]) + - line[pos:]) - # Strip whitespace at the end of lines (it's irrelevant to error messages). - return re.sub(r' +(\n|\Z)', r'\1', line) - -def parse_function_code(funcs_f, dependencies, suite_dependencies): - """ - Parses out a function from function file object and generates - function and dispatch code. - - :param funcs_f: file object of the functions file. - :param dependencies: List of dependencies - :param suite_dependencies: List of test suite dependencies - :return: Function name, arguments, function code and dispatch code. - """ - line_directive = '#line %d "%s"\n' % (funcs_f.line_no + 1, funcs_f.name) - code = '' - has_exit_label = False - for line in funcs_f: - # Check function signature. Function signature may be split - # across multiple lines. Here we try to find the start of - # arguments list, then remove '\n's and apply the regex to - # detect function start. - line = skip_comments(line, funcs_f) - up_to_arg_list_start = code + line[:line.find('(') + 1] - match = re.match(TEST_FUNCTION_VALIDATION_REGEX, - up_to_arg_list_start.replace('\n', ' '), re.I) - if match: - # check if we have full signature i.e. split in more lines - name = match.group('func_name') - if not re.match(FUNCTION_ARG_LIST_END_REGEX, line): - for lin in funcs_f: - line += skip_comments(lin, funcs_f) - if re.search(FUNCTION_ARG_LIST_END_REGEX, line): - break - args, local_vars, args_dispatch = parse_function_arguments( - line) - code += line - break - code += line - else: - raise GeneratorInputError("file: %s - Test functions not found!" % - funcs_f.name) - - # Prefix test function name with 'test_' - code = code.replace(name, 'test_' + name, 1) - name = 'test_' + name - - # If a test function has no arguments then add 'void' argument to - # avoid "-Wstrict-prototypes" warnings from clang - if len(args) == 0: - code = code.replace('()', '(void)', 1) - - for line in funcs_f: - if re.search(END_CASE_REGEX, line): - break - if not has_exit_label: - has_exit_label = \ - re.search(EXIT_LABEL_REGEX, line.strip()) is not None - code += line - else: - raise GeneratorInputError("file: %s - end case pattern [%s] not " - "found!" % (funcs_f.name, END_CASE_REGEX)) - - code = line_directive + code - code = generate_function_code(name, code, local_vars, args_dispatch, - dependencies) - dispatch_code = gen_dispatch(name, suite_dependencies + dependencies) - return (name, args, code, dispatch_code) - - -def parse_functions(funcs_f): - """ - Parses a test_suite_xxx.function file and returns information - for generating a C source file for the test suite. - - :param funcs_f: file object of the functions file. - :return: List of test suite dependencies, test function dispatch - code, function code and a dict with function identifiers - and arguments info. - """ - suite_helpers = '' - suite_dependencies = [] - suite_functions = '' - func_info = {} - function_idx = 0 - dispatch_code = '' - for line in funcs_f: - if re.search(BEGIN_HEADER_REGEX, line): - suite_helpers += parse_until_pattern(funcs_f, END_HEADER_REGEX) - elif re.search(BEGIN_SUITE_HELPERS_REGEX, line): - suite_helpers += parse_until_pattern(funcs_f, - END_SUITE_HELPERS_REGEX) - elif re.search(BEGIN_DEP_REGEX, line): - suite_dependencies += parse_suite_dependencies(funcs_f) - elif re.search(BEGIN_CASE_REGEX, line): - try: - dependencies = parse_function_dependencies(line) - except GeneratorInputError as error: - raise GeneratorInputError( - "%s:%d: %s" % (funcs_f.name, funcs_f.line_no, - str(error))) - func_name, args, func_code, func_dispatch =\ - parse_function_code(funcs_f, dependencies, suite_dependencies) - suite_functions += func_code - # Generate dispatch code and enumeration info - if func_name in func_info: - raise GeneratorInputError( - "file: %s - function %s re-declared at line %d" % - (funcs_f.name, func_name, funcs_f.line_no)) - func_info[func_name] = (function_idx, args) - dispatch_code += '/* Function Id: %d */\n' % function_idx - dispatch_code += func_dispatch - function_idx += 1 - - func_code = (suite_helpers + - suite_functions).join(gen_dependencies(suite_dependencies)) - return suite_dependencies, dispatch_code, func_code, func_info - - -def escaped_split(inp_str, split_char): - """ - Split inp_str on character split_char but ignore if escaped. - Since, return value is used to write back to the intermediate - data file, any escape characters in the input are retained in the - output. - - :param inp_str: String to split - :param split_char: Split character - :return: List of splits - """ - if len(split_char) > 1: - raise ValueError('Expected split character. Found string!') - out = re.sub(r'(\\.)|' + split_char, - lambda m: m.group(1) or '\n', inp_str, - len(inp_str)).split('\n') - out = [x for x in out if x] - return out - - -def parse_test_data(data_f): - """ - Parses .data file for each test case name, test function name, - test dependencies and test arguments. This information is - correlated with the test functions file for generating an - intermediate data file replacing the strings for test function - names, dependencies and integer constant expressions with - identifiers. Mainly for optimising space for on-target - execution. - - :param data_f: file object of the data file. - :return: Generator that yields line number, test name, function name, - dependency list and function argument list. - """ - __state_read_name = 0 - __state_read_args = 1 - state = __state_read_name - dependencies = [] - name = '' - for line in data_f: - line = line.strip() - # Skip comments - if line.startswith('#'): - continue - - # Blank line indicates end of test - if not line: - if state == __state_read_args: - raise GeneratorInputError("[%s:%d] Newline before arguments. " - "Test function and arguments " - "missing for %s" % - (data_f.name, data_f.line_no, name)) - continue - - if state == __state_read_name: - # Read test name - name = line - state = __state_read_args - elif state == __state_read_args: - # Check dependencies - match = re.search(DEPENDENCY_REGEX, line) - if match: - try: - dependencies = parse_dependencies( - match.group('dependencies')) - except GeneratorInputError as error: - raise GeneratorInputError( - str(error) + " - %s:%d" % - (data_f.name, data_f.line_no)) - else: - # Read test vectors - parts = escaped_split(line, ':') - test_function = parts[0] - args = parts[1:] - yield data_f.line_no, name, test_function, dependencies, args - dependencies = [] - state = __state_read_name - if state == __state_read_args: - raise GeneratorInputError("[%s:%d] Newline before arguments. " - "Test function and arguments missing for " - "%s" % (data_f.name, data_f.line_no, name)) - - -def gen_dep_check(dep_id, dep): - """ - Generate code for checking dependency with the associated - identifier. - - :param dep_id: Dependency identifier - :param dep: Dependency macro - :return: Dependency check code - """ - if dep_id < 0: - raise GeneratorInputError("Dependency Id should be a positive " - "integer.") - _not, dep = ('!', dep[1:]) if dep[0] == '!' else ('', dep) - if not dep: - raise GeneratorInputError("Dependency should not be an empty string.") - - dependency = re.match(CONDITION_REGEX, dep, re.I) - if not dependency: - raise GeneratorInputError('Invalid dependency %s' % dep) - - _defined = '' if dependency.group(2) else 'defined' - _cond = dependency.group(2) if dependency.group(2) else '' - _value = dependency.group(3) if dependency.group(3) else '' - - dep_check = ''' - case {id}: - {{ -#if {_not}{_defined}({macro}{_cond}{_value}) - ret = DEPENDENCY_SUPPORTED; -#else - ret = DEPENDENCY_NOT_SUPPORTED; -#endif - }} - break;'''.format(_not=_not, _defined=_defined, - macro=dependency.group(1), id=dep_id, - _cond=_cond, _value=_value) - return dep_check - - -def gen_expression_check(exp_id, exp): - """ - Generates code for evaluating an integer expression using - associated expression Id. - - :param exp_id: Expression Identifier - :param exp: Expression/Macro - :return: Expression check code - """ - if exp_id < 0: - raise GeneratorInputError("Expression Id should be a positive " - "integer.") - if not exp: - raise GeneratorInputError("Expression should not be an empty string.") - exp_code = ''' - case {exp_id}: - {{ - *out_value = {expression}; - }} - break;'''.format(exp_id=exp_id, expression=exp) - return exp_code - - -def write_dependencies(out_data_f, test_dependencies, unique_dependencies): - """ - Write dependencies to intermediate test data file, replacing - the string form with identifiers. Also, generates dependency - check code. - - :param out_data_f: Output intermediate data file - :param test_dependencies: Dependencies - :param unique_dependencies: Mutable list to track unique dependencies - that are global to this re-entrant function. - :return: returns dependency check code. - """ - dep_check_code = '' - if test_dependencies: - out_data_f.write('depends_on') - for dep in test_dependencies: - if dep not in unique_dependencies: - unique_dependencies.append(dep) - dep_id = unique_dependencies.index(dep) - dep_check_code += gen_dep_check(dep_id, dep) - else: - dep_id = unique_dependencies.index(dep) - out_data_f.write(':' + str(dep_id)) - out_data_f.write('\n') - return dep_check_code - - -INT_VAL_REGEX = re.compile(r'-?(\d+|0x[0-9a-f]+)$', re.I) -def val_is_int(val: str) -> bool: - """Whether val is suitable as an 'int' parameter in the .datax file.""" - if not INT_VAL_REGEX.match(val): - return False - # Limit the range to what is guaranteed to get through strtol() - return abs(int(val, 0)) <= 0x7fffffff - -def write_parameters(out_data_f, test_args, func_args, unique_expressions): - """ - Writes test parameters to the intermediate data file, replacing - the string form with identifiers. Also, generates expression - check code. - - :param out_data_f: Output intermediate data file - :param test_args: Test parameters - :param func_args: Function arguments - :param unique_expressions: Mutable list to track unique - expressions that are global to this re-entrant function. - :return: Returns expression check code. - """ - expression_code = '' - for i, _ in enumerate(test_args): - typ = func_args[i] - val = test_args[i] - - # Pass small integer constants literally. This reduces the size of - # the C code. Register anything else as an expression. - if typ == 'int' and not val_is_int(val): - typ = 'exp' - if val not in unique_expressions: - unique_expressions.append(val) - # exp_id can be derived from len(). But for - # readability and consistency with case of existing - # let's use index(). - exp_id = unique_expressions.index(val) - expression_code += gen_expression_check(exp_id, val) - val = exp_id - else: - val = unique_expressions.index(val) - out_data_f.write(':' + typ + ':' + str(val)) - out_data_f.write('\n') - return expression_code - - -def gen_suite_dep_checks(suite_dependencies, dep_check_code, expression_code): - """ - Generates preprocessor checks for test suite dependencies. - - :param suite_dependencies: Test suite dependencies read from the - .function file. - :param dep_check_code: Dependency check code - :param expression_code: Expression check code - :return: Dependency and expression code guarded by test suite - dependencies. - """ - if suite_dependencies: - preprocessor_check = gen_dependencies_one_line(suite_dependencies) - dep_check_code = ''' -{preprocessor_check} -{code} -#endif -'''.format(preprocessor_check=preprocessor_check, code=dep_check_code) - expression_code = ''' -{preprocessor_check} -{code} -#endif -'''.format(preprocessor_check=preprocessor_check, code=expression_code) - return dep_check_code, expression_code - - -def get_function_info(func_info, function_name, line_no): - """Look up information about a test function by name. - - Raise an informative expression if function_name is not found. - - :param func_info: dictionary mapping function names to their information. - :param function_name: the function name as written in the .function and - .data files. - :param line_no: line number for error messages. - :return Function information (id, args). - """ - test_function_name = 'test_' + function_name - if test_function_name not in func_info: - raise GeneratorInputError("%d: Function %s not found!" % - (line_no, test_function_name)) - return func_info[test_function_name] - - -def gen_from_test_data(data_f, out_data_f, func_info, suite_dependencies): - """ - This function reads test case name, dependencies and test vectors - from the .data file. This information is correlated with the test - functions file for generating an intermediate data file replacing - the strings for test function names, dependencies and integer - constant expressions with identifiers. Mainly for optimising - space for on-target execution. - It also generates test case dependency check code and expression - evaluation code. - - :param data_f: Data file object - :param out_data_f: Output intermediate data file - :param func_info: Dict keyed by function and with function id - and arguments info - :param suite_dependencies: Test suite dependencies - :return: Returns dependency and expression check code - """ - unique_dependencies = [] - unique_expressions = [] - dep_check_code = '' - expression_code = '' - for line_no, test_name, function_name, test_dependencies, test_args in \ - parse_test_data(data_f): - out_data_f.write(test_name + '\n') - - # Write dependencies - dep_check_code += write_dependencies(out_data_f, test_dependencies, - unique_dependencies) - - # Write test function name - func_id, func_args = \ - get_function_info(func_info, function_name, line_no) - out_data_f.write(str(func_id)) - - # Write parameters - if len(test_args) != len(func_args): - raise GeneratorInputError("%d: Invalid number of arguments in test " - "%s. See function %s signature." % - (line_no, test_name, function_name)) - expression_code += write_parameters(out_data_f, test_args, func_args, - unique_expressions) - - # Write a newline as test case separator - out_data_f.write('\n') - - dep_check_code, expression_code = gen_suite_dep_checks( - suite_dependencies, dep_check_code, expression_code) - return dep_check_code, expression_code - - -def add_input_info(funcs_file, data_file, template_file, - c_file, snippets): - """ - Add generator input info in snippets. - - :param funcs_file: Functions file object - :param data_file: Data file object - :param template_file: Template file object - :param c_file: Output C file object - :param snippets: Dictionary to contain code pieces to be - substituted in the template. - :return: - """ - snippets['test_file'] = c_file - snippets['test_main_file'] = template_file - snippets['test_case_file'] = funcs_file - snippets['test_case_data_file'] = data_file - - -def read_code_from_input_files(platform_file, helpers_file, - out_data_file, snippets): - """ - Read code from input files and create substitutions for replacement - strings in the template file. - - :param platform_file: Platform file object - :param helpers_file: Helper functions file object - :param out_data_file: Output intermediate data file object - :param snippets: Dictionary to contain code pieces to be - substituted in the template. - :return: - """ - # Read helpers - with open(helpers_file, 'r') as help_f, open(platform_file, 'r') as \ - platform_f: - snippets['test_common_helper_file'] = helpers_file - snippets['test_common_helpers'] = help_f.read() - snippets['test_platform_file'] = platform_file - snippets['platform_code'] = platform_f.read().replace( - 'DATA_FILE', out_data_file.replace('\\', '\\\\')) # escape '\' - - -def write_test_source_file(template_file, c_file, snippets): - """ - Write output source file with generated source code. - - :param template_file: Template file name - :param c_file: Output source file - :param snippets: Generated and code snippets - :return: - """ - - # Create a placeholder pattern with the correct named capture groups - # to override the default provided with Template. - # Match nothing (no way of escaping placeholders). - escaped = "(?P(?!))" - # Match the "__MBEDTLS_TEST_TEMPLATE__PLACEHOLDER_NAME" pattern. - named = "__MBEDTLS_TEST_TEMPLATE__(?P[A-Z][_A-Z0-9]*)" - # Match nothing (no braced placeholder syntax). - braced = "(?P(?!))" - # If not already matched, a "__MBEDTLS_TEST_TEMPLATE__" prefix is invalid. - invalid = "(?P__MBEDTLS_TEST_TEMPLATE__)" - placeholder_pattern = re.compile("|".join([escaped, named, braced, invalid])) - - with open(template_file, 'r') as template_f, open(c_file, 'w') as c_f: - for line_no, line in enumerate(template_f.readlines(), 1): - # Update line number. +1 as #line directive sets next line number - snippets['line_no'] = line_no + 1 - template = string.Template(line) - template.pattern = placeholder_pattern - snippets = {k.upper():v for (k, v) in snippets.items()} - code = template.substitute(**snippets) - c_f.write(code) - - -def parse_function_file(funcs_file, snippets): - """ - Parse function file and generate function dispatch code. - - :param funcs_file: Functions file name - :param snippets: Dictionary to contain code pieces to be - substituted in the template. - :return: - """ - with FileWrapper(funcs_file) as funcs_f: - suite_dependencies, dispatch_code, func_code, func_info = \ - parse_functions(funcs_f) - snippets['functions_code'] = func_code - snippets['dispatch_code'] = dispatch_code - return suite_dependencies, func_info - - -def generate_intermediate_data_file(data_file, out_data_file, - suite_dependencies, func_info, snippets): - """ - Generates intermediate data file from input data file and - information read from functions file. - - :param data_file: Data file name - :param out_data_file: Output/Intermediate data file - :param suite_dependencies: List of suite dependencies. - :param func_info: Function info parsed from functions file. - :param snippets: Dictionary to contain code pieces to be - substituted in the template. - :return: - """ - with FileWrapper(data_file) as data_f, \ - open(out_data_file, 'w') as out_data_f: - dep_check_code, expression_code = gen_from_test_data( - data_f, out_data_f, func_info, suite_dependencies) - snippets['dep_check_code'] = dep_check_code - snippets['expression_code'] = expression_code - - -def generate_code(**input_info): - """ - Generates C source code from test suite file, data file, common - helpers file and platform file. - - input_info expands to following parameters: - funcs_file: Functions file object - data_file: Data file object - template_file: Template file object - platform_file: Platform file object - helpers_file: Helper functions file object - suites_dir: Test suites dir - c_file: Output C file object - out_data_file: Output intermediate data file object - :return: - """ - funcs_file = input_info['funcs_file'] - data_file = input_info['data_file'] - template_file = input_info['template_file'] - platform_file = input_info['platform_file'] - helpers_file = input_info['helpers_file'] - suites_dir = input_info['suites_dir'] - c_file = input_info['c_file'] - out_data_file = input_info['out_data_file'] - for name, path in [('Functions file', funcs_file), - ('Data file', data_file), - ('Template file', template_file), - ('Platform file', platform_file), - ('Helpers code file', helpers_file), - ('Suites dir', suites_dir)]: - if not os.path.exists(path): - raise IOError("ERROR: %s [%s] not found!" % (name, path)) - - snippets = {'generator_script': os.path.basename(__file__)} - read_code_from_input_files(platform_file, helpers_file, - out_data_file, snippets) - add_input_info(funcs_file, data_file, template_file, - c_file, snippets) - suite_dependencies, func_info = parse_function_file(funcs_file, snippets) - generate_intermediate_data_file(data_file, out_data_file, - suite_dependencies, func_info, snippets) - write_test_source_file(template_file, c_file, snippets) - - -def main(): - """ - Command line parser. - - :return: - """ - parser = argparse.ArgumentParser( - description='Dynamically generate test suite code.') - - parser.add_argument("-f", "--functions-file", - dest="funcs_file", - help="Functions file", - metavar="FUNCTIONS_FILE", - required=True) - - parser.add_argument("-d", "--data-file", - dest="data_file", - help="Data file", - metavar="DATA_FILE", - required=True) - - parser.add_argument("-t", "--template-file", - dest="template_file", - help="Template file", - metavar="TEMPLATE_FILE", - required=True) - - parser.add_argument("-s", "--suites-dir", - dest="suites_dir", - help="Suites dir", - metavar="SUITES_DIR", - required=True) - - parser.add_argument("--helpers-file", - dest="helpers_file", - help="Helpers file", - metavar="HELPERS_FILE", - required=True) - - parser.add_argument("-p", "--platform-file", - dest="platform_file", - help="Platform code file", - metavar="PLATFORM_FILE", - required=True) - - parser.add_argument("-o", "--out-dir", - dest="out_dir", - help="Dir where generated code and scripts are copied", - metavar="OUT_DIR", - required=True) - - args = parser.parse_args() - - data_file_name = os.path.basename(args.data_file) - data_name = os.path.splitext(data_file_name)[0] - - out_c_file = os.path.join(args.out_dir, data_name + '.c') - out_data_file = os.path.join(args.out_dir, data_name + '.datax') - - out_c_file_dir = os.path.dirname(out_c_file) - out_data_file_dir = os.path.dirname(out_data_file) - for directory in [out_c_file_dir, out_data_file_dir]: - if not os.path.exists(directory): - os.makedirs(directory) - - generate_code(funcs_file=args.funcs_file, data_file=args.data_file, - template_file=args.template_file, - platform_file=args.platform_file, - helpers_file=args.helpers_file, suites_dir=args.suites_dir, - c_file=out_c_file, out_data_file=out_data_file) - - -if __name__ == "__main__": - try: - main() - except GeneratorInputError as err: - sys.exit("%s: input error: %s" % - (os.path.basename(sys.argv[0]), str(err))) diff --git a/tests/scripts/generate_test_keys.py b/tests/scripts/generate_test_keys.py deleted file mode 100755 index 9946c24976..0000000000 --- a/tests/scripts/generate_test_keys.py +++ /dev/null @@ -1,185 +0,0 @@ -#!/usr/bin/env python3 - -# Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - -"""Module generating EC and RSA keys to be used in test_suite_pk instead of -generating the required key at run time. This helps speeding up testing.""" - -from typing import Iterator, List, Tuple -import re -import argparse -import scripts_path # pylint: disable=unused-import -from mbedtls_framework.asymmetric_key_data import ASYMMETRIC_KEY_DATA -from mbedtls_framework.build_tree import guess_project_root - -BYTES_PER_LINE = 16 - -def c_byte_array_literal_content(array_name: str, key_data: bytes) -> Iterator[str]: - yield 'const unsigned char ' - yield array_name - yield '[] = {' - for index in range(0, len(key_data), BYTES_PER_LINE): - yield '\n ' - for b in key_data[index:index + BYTES_PER_LINE]: - yield ' {:#04x},'.format(b) - yield '\n};' - -def convert_der_to_c(array_name: str, key_data: bytes) -> str: - return ''.join(c_byte_array_literal_content(array_name, key_data)) - -def get_key_type(key: str) -> str: - if re.match('PSA_KEY_TYPE_RSA_.*', key): - return "rsa" - elif re.match('PSA_KEY_TYPE_ECC_.*', key): - return "ec" - else: - print("Unhandled key type {}".format(key)) - return "unknown" - -def get_ec_key_family(key: str) -> str: - match = re.search(r'.*\((.*)\)', key) - if match is None: - raise Exception("Unable to get EC family from {}".format(key)) - return match.group(1) - -# Legacy EC group ID do not support all the key types that PSA does, so the -# following dictionaries are used for: -# - getting prefix/suffix for legacy curve names -# - understand if the curve is supported in legacy symbols (MBEDTLS_ECP_DP_...) -EC_NAME_CONVERSION = { - 'PSA_ECC_FAMILY_SECP_K1': { - 192: ('secp', 'k1'), - 224: ('secp', 'k1'), - 256: ('secp', 'k1') - }, - 'PSA_ECC_FAMILY_SECP_R1': { - 192: ('secp', 'r1'), - 224: ('secp', 'r1'), - 256: ('secp', 'r1'), - 384: ('secp', 'r1'), - 521: ('secp', 'r1') - }, - 'PSA_ECC_FAMILY_BRAINPOOL_P_R1': { - 256: ('bp', 'r1'), - 384: ('bp', 'r1'), - 512: ('bp', 'r1') - }, - 'PSA_ECC_FAMILY_MONTGOMERY': { - 255: ('curve', '19'), - 448: ('curve', '') - } -} - -def get_ec_curve_name(priv_key: str, bits: int) -> str: - ec_family = get_ec_key_family(priv_key) - try: - prefix = EC_NAME_CONVERSION[ec_family][bits][0] - suffix = EC_NAME_CONVERSION[ec_family][bits][1] - except KeyError: - return "" - return prefix + str(bits) + suffix - -def get_look_up_table_entry(key_type: str, group_id_or_keybits: str, - priv_array_name: str, pub_array_name: str) -> Iterator[str]: - if key_type == "ec": - yield " {{ {}, 0,\n".format(group_id_or_keybits) - else: - yield " {{ 0, {},\n".format(group_id_or_keybits) - yield " {0}, sizeof({0}),\n".format(priv_array_name) - yield " {0}, sizeof({0}) }},".format(pub_array_name) - - -def write_output_file(output_file_name: str, arrays: str, look_up_table: str): - with open(output_file_name, 'wt') as output: - output.write("""\ -/********************************************************************************* - * This file was automatically generated from tests/scripts/generate_test_keys.py. - * Please do not edit it manually. - *********************************************************************************/ -""") - output.write(arrays) - output.write(""" -struct predefined_key_element {{ - int group_id; // EC group ID; 0 for RSA keys - int keybits; // bits size of RSA key; 0 for EC keys - const unsigned char *priv_key; - size_t priv_key_len; - const unsigned char *pub_key; - size_t pub_key_len; -}}; - -struct predefined_key_element predefined_keys[] = {{ -{} -}}; - -/* End of generated file */ -""".format(look_up_table)) - -def collect_keys() -> Tuple[str, str]: - """" - This function reads key data from ASYMMETRIC_KEY_DATA and, only for the - keys supported in legacy ECP/RSA modules, it returns 2 strings: - - the 1st contains C arrays declaration of these keys and - - the 2nd contains the final look-up table for all these arrays. - """ - arrays = [] - look_up_table = [] - - # Get a list of private keys only in order to get a single item for every - # (key type, key bits) pair. We know that ASYMMETRIC_KEY_DATA - # contains also the public counterpart. - priv_keys = [key for key in ASYMMETRIC_KEY_DATA if '_KEY_PAIR' in key] - priv_keys = sorted(priv_keys) - - for priv_key in priv_keys: - key_type = get_key_type(priv_key) - # Ignore keys which are not EC or RSA - if key_type == "unknown": - continue - - pub_key = re.sub('_KEY_PAIR', '_PUBLIC_KEY', priv_key) - - for bits in ASYMMETRIC_KEY_DATA[priv_key]: - if key_type == "ec": - curve = get_ec_curve_name(priv_key, bits) - # Ignore EC curves unsupported in legacy symbols - if curve == "": - continue - # Create output array name - if key_type == "rsa": - array_name_base = "_".join(["test", key_type, str(bits)]) - else: - array_name_base = "_".join(["test", key_type, curve]) - array_name_priv = array_name_base + "_priv" - array_name_pub = array_name_base + "_pub" - # Convert bytearray to C array - c_array_priv = convert_der_to_c(array_name_priv, ASYMMETRIC_KEY_DATA[priv_key][bits]) - c_array_pub = convert_der_to_c(array_name_pub, ASYMMETRIC_KEY_DATA[pub_key][bits]) - # Write the C array to the output file - arrays.append(''.join(["\n", c_array_priv, "\n", c_array_pub, "\n"])) - # Update the lookup table - if key_type == "ec": - group_id_or_keybits = "MBEDTLS_ECP_DP_" + curve.upper() - else: - group_id_or_keybits = str(bits) - look_up_table.append(''.join(get_look_up_table_entry(key_type, group_id_or_keybits, - array_name_priv, array_name_pub))) - - return ''.join(arrays), '\n'.join(look_up_table) - -def main() -> None: - default_output_path = guess_project_root() + "/tests/src/test_keys.h" - - argparser = argparse.ArgumentParser() - argparser.add_argument("--output", help="Output file", default=default_output_path) - args = argparser.parse_args() - - output_file = args.output - - arrays, look_up_table = collect_keys() - - write_output_file(output_file, arrays, look_up_table) - -if __name__ == '__main__': - main() diff --git a/tests/scripts/test_generate_test_code.py b/tests/scripts/test_generate_test_code.py deleted file mode 100755 index abc46a7291..0000000000 --- a/tests/scripts/test_generate_test_code.py +++ /dev/null @@ -1,1915 +0,0 @@ -#!/usr/bin/env python3 -# Unit test for generate_test_code.py -# -# Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - -""" -Unit tests for generate_test_code.py -""" - -from io import StringIO -from unittest import TestCase, main as unittest_main -from unittest.mock import patch - -from generate_test_code import gen_dependencies, gen_dependencies_one_line -from generate_test_code import gen_function_wrapper, gen_dispatch -from generate_test_code import parse_until_pattern, GeneratorInputError -from generate_test_code import parse_suite_dependencies -from generate_test_code import parse_function_dependencies -from generate_test_code import parse_function_arguments, parse_function_code -from generate_test_code import parse_functions, END_HEADER_REGEX -from generate_test_code import END_SUITE_HELPERS_REGEX, escaped_split -from generate_test_code import parse_test_data, gen_dep_check -from generate_test_code import gen_expression_check, write_dependencies -from generate_test_code import write_parameters, gen_suite_dep_checks -from generate_test_code import gen_from_test_data - - -class GenDep(TestCase): - """ - Test suite for function gen_dep() - """ - - def test_dependencies_list(self): - """ - Test that gen_dep() correctly creates dependencies for given - dependency list. - :return: - """ - dependencies = ['DEP1', 'DEP2'] - dep_start, dep_end = gen_dependencies(dependencies) - preprocessor1, preprocessor2 = dep_start.splitlines() - endif1, endif2 = dep_end.splitlines() - self.assertEqual(preprocessor1, '#if defined(DEP1)', - 'Preprocessor generated incorrectly') - self.assertEqual(preprocessor2, '#if defined(DEP2)', - 'Preprocessor generated incorrectly') - self.assertEqual(endif1, '#endif /* DEP2 */', - 'Preprocessor generated incorrectly') - self.assertEqual(endif2, '#endif /* DEP1 */', - 'Preprocessor generated incorrectly') - - def test_disabled_dependencies_list(self): - """ - Test that gen_dep() correctly creates dependencies for given - dependency list. - :return: - """ - dependencies = ['!DEP1', '!DEP2'] - dep_start, dep_end = gen_dependencies(dependencies) - preprocessor1, preprocessor2 = dep_start.splitlines() - endif1, endif2 = dep_end.splitlines() - self.assertEqual(preprocessor1, '#if !defined(DEP1)', - 'Preprocessor generated incorrectly') - self.assertEqual(preprocessor2, '#if !defined(DEP2)', - 'Preprocessor generated incorrectly') - self.assertEqual(endif1, '#endif /* !DEP2 */', - 'Preprocessor generated incorrectly') - self.assertEqual(endif2, '#endif /* !DEP1 */', - 'Preprocessor generated incorrectly') - - def test_mixed_dependencies_list(self): - """ - Test that gen_dep() correctly creates dependencies for given - dependency list. - :return: - """ - dependencies = ['!DEP1', 'DEP2'] - dep_start, dep_end = gen_dependencies(dependencies) - preprocessor1, preprocessor2 = dep_start.splitlines() - endif1, endif2 = dep_end.splitlines() - self.assertEqual(preprocessor1, '#if !defined(DEP1)', - 'Preprocessor generated incorrectly') - self.assertEqual(preprocessor2, '#if defined(DEP2)', - 'Preprocessor generated incorrectly') - self.assertEqual(endif1, '#endif /* DEP2 */', - 'Preprocessor generated incorrectly') - self.assertEqual(endif2, '#endif /* !DEP1 */', - 'Preprocessor generated incorrectly') - - def test_empty_dependencies_list(self): - """ - Test that gen_dep() correctly creates dependencies for given - dependency list. - :return: - """ - dependencies = [] - dep_start, dep_end = gen_dependencies(dependencies) - self.assertEqual(dep_start, '', 'Preprocessor generated incorrectly') - self.assertEqual(dep_end, '', 'Preprocessor generated incorrectly') - - def test_large_dependencies_list(self): - """ - Test that gen_dep() correctly creates dependencies for given - dependency list. - :return: - """ - dependencies = [] - count = 10 - for i in range(count): - dependencies.append('DEP%d' % i) - dep_start, dep_end = gen_dependencies(dependencies) - self.assertEqual(len(dep_start.splitlines()), count, - 'Preprocessor generated incorrectly') - self.assertEqual(len(dep_end.splitlines()), count, - 'Preprocessor generated incorrectly') - - -class GenDepOneLine(TestCase): - """ - Test Suite for testing gen_dependencies_one_line() - """ - - def test_dependencies_list(self): - """ - Test that gen_dep() correctly creates dependencies for given - dependency list. - :return: - """ - dependencies = ['DEP1', 'DEP2'] - dep_str = gen_dependencies_one_line(dependencies) - self.assertEqual(dep_str, '#if defined(DEP1) && defined(DEP2)', - 'Preprocessor generated incorrectly') - - def test_disabled_dependencies_list(self): - """ - Test that gen_dep() correctly creates dependencies for given - dependency list. - :return: - """ - dependencies = ['!DEP1', '!DEP2'] - dep_str = gen_dependencies_one_line(dependencies) - self.assertEqual(dep_str, '#if !defined(DEP1) && !defined(DEP2)', - 'Preprocessor generated incorrectly') - - def test_mixed_dependencies_list(self): - """ - Test that gen_dep() correctly creates dependencies for given - dependency list. - :return: - """ - dependencies = ['!DEP1', 'DEP2'] - dep_str = gen_dependencies_one_line(dependencies) - self.assertEqual(dep_str, '#if !defined(DEP1) && defined(DEP2)', - 'Preprocessor generated incorrectly') - - def test_empty_dependencies_list(self): - """ - Test that gen_dep() correctly creates dependencies for given - dependency list. - :return: - """ - dependencies = [] - dep_str = gen_dependencies_one_line(dependencies) - self.assertEqual(dep_str, '', 'Preprocessor generated incorrectly') - - def test_large_dependencies_list(self): - """ - Test that gen_dep() correctly creates dependencies for given - dependency list. - :return: - """ - dependencies = [] - count = 10 - for i in range(count): - dependencies.append('DEP%d' % i) - dep_str = gen_dependencies_one_line(dependencies) - expected = '#if ' + ' && '.join(['defined(%s)' % - x for x in dependencies]) - self.assertEqual(dep_str, expected, - 'Preprocessor generated incorrectly') - - -class GenFunctionWrapper(TestCase): - """ - Test Suite for testing gen_function_wrapper() - """ - - def test_params_unpack(self): - """ - Test that params are properly unpacked in the function call. - - :return: - """ - code = gen_function_wrapper('test_a', '', ('a', 'b', 'c', 'd')) - expected = ''' -void test_a_wrapper( void ** params ) -{ - - test_a( a, b, c, d ); -} -''' - self.assertEqual(code, expected) - - def test_local(self): - """ - Test that params are properly unpacked in the function call. - - :return: - """ - code = gen_function_wrapper('test_a', - 'int x = 1;', ('x', 'b', 'c', 'd')) - expected = ''' -void test_a_wrapper( void ** params ) -{ -int x = 1; - test_a( x, b, c, d ); -} -''' - self.assertEqual(code, expected) - - def test_empty_params(self): - """ - Test that params are properly unpacked in the function call. - - :return: - """ - code = gen_function_wrapper('test_a', '', ()) - expected = ''' -void test_a_wrapper( void ** params ) -{ - (void)params; - - test_a( ); -} -''' - self.assertEqual(code, expected) - - -class GenDispatch(TestCase): - """ - Test suite for testing gen_dispatch() - """ - - def test_dispatch(self): - """ - Test that dispatch table entry is generated correctly. - :return: - """ - code = gen_dispatch('test_a', ['DEP1', 'DEP2']) - expected = ''' -#if defined(DEP1) && defined(DEP2) - test_a_wrapper, -#else - NULL, -#endif -''' - self.assertEqual(code, expected) - - def test_empty_dependencies(self): - """ - Test empty dependency list. - :return: - """ - code = gen_dispatch('test_a', []) - expected = ''' - test_a_wrapper, -''' - self.assertEqual(code, expected) - - -class StringIOWrapper(StringIO): - """ - file like class to mock file object in tests. - """ - def __init__(self, file_name, data, line_no=0): - """ - Init file handle. - - :param file_name: - :param data: - :param line_no: - """ - super(StringIOWrapper, self).__init__(data) - self.line_no = line_no - self.name = file_name - - def next(self): - """ - Iterator method. This method overrides base class's - next method and extends the next method to count the line - numbers as each line is read. - - :return: Line read from file. - """ - parent = super(StringIOWrapper, self) - line = parent.__next__() - return line - - def readline(self, _length=0): - """ - Wrap the base class readline. - - :param length: - :return: - """ - line = super(StringIOWrapper, self).readline() - if line is not None: - self.line_no += 1 - return line - - -class ParseUntilPattern(TestCase): - """ - Test Suite for testing parse_until_pattern(). - """ - - def test_suite_headers(self): - """ - Test that suite headers are parsed correctly. - - :return: - """ - data = '''#include "mbedtls/ecp.h" - -#define ECP_PF_UNKNOWN -1 -/* END_HEADER */ -''' - expected = '''#line 1 "test_suite_ut.function" -#include "mbedtls/ecp.h" - -#define ECP_PF_UNKNOWN -1 -''' - stream = StringIOWrapper('test_suite_ut.function', data, line_no=0) - headers = parse_until_pattern(stream, END_HEADER_REGEX) - self.assertEqual(headers, expected) - - def test_line_no(self): - """ - Test that #line is set to correct line no. in source .function file. - - :return: - """ - data = '''#include "mbedtls/ecp.h" - -#define ECP_PF_UNKNOWN -1 -/* END_HEADER */ -''' - offset_line_no = 5 - expected = '''#line %d "test_suite_ut.function" -#include "mbedtls/ecp.h" - -#define ECP_PF_UNKNOWN -1 -''' % (offset_line_no + 1) - stream = StringIOWrapper('test_suite_ut.function', data, - offset_line_no) - headers = parse_until_pattern(stream, END_HEADER_REGEX) - self.assertEqual(headers, expected) - - def test_no_end_header_comment(self): - """ - Test that InvalidFileFormat is raised when end header comment is - missing. - :return: - """ - data = '''#include "mbedtls/ecp.h" - -#define ECP_PF_UNKNOWN -1 - -''' - stream = StringIOWrapper('test_suite_ut.function', data) - self.assertRaises(GeneratorInputError, parse_until_pattern, stream, - END_HEADER_REGEX) - - -class ParseSuiteDependencies(TestCase): - """ - Test Suite for testing parse_suite_dependencies(). - """ - - def test_suite_dependencies(self): - """ - - :return: - """ - data = ''' - * depends_on:MBEDTLS_ECP_C - * END_DEPENDENCIES - */ -''' - expected = ['MBEDTLS_ECP_C'] - stream = StringIOWrapper('test_suite_ut.function', data) - dependencies = parse_suite_dependencies(stream) - self.assertEqual(dependencies, expected) - - def test_no_end_dep_comment(self): - """ - Test that InvalidFileFormat is raised when end dep comment is missing. - :return: - """ - data = ''' -* depends_on:MBEDTLS_ECP_C -''' - stream = StringIOWrapper('test_suite_ut.function', data) - self.assertRaises(GeneratorInputError, parse_suite_dependencies, - stream) - - def test_dependencies_split(self): - """ - Test that InvalidFileFormat is raised when end dep comment is missing. - :return: - """ - data = ''' - * depends_on:MBEDTLS_ECP_C:A:B: C : D :F : G: !H - * END_DEPENDENCIES - */ -''' - expected = ['MBEDTLS_ECP_C', 'A', 'B', 'C', 'D', 'F', 'G', '!H'] - stream = StringIOWrapper('test_suite_ut.function', data) - dependencies = parse_suite_dependencies(stream) - self.assertEqual(dependencies, expected) - - -class ParseFuncDependencies(TestCase): - """ - Test Suite for testing parse_function_dependencies() - """ - - def test_function_dependencies(self): - """ - Test that parse_function_dependencies() correctly parses function - dependencies. - :return: - """ - line = '/* BEGIN_CASE ' \ - 'depends_on:MBEDTLS_ENTROPY_NV_SEED:MBEDTLS_FS_IO */' - expected = ['MBEDTLS_ENTROPY_NV_SEED', 'MBEDTLS_FS_IO'] - dependencies = parse_function_dependencies(line) - self.assertEqual(dependencies, expected) - - def test_no_dependencies(self): - """ - Test that parse_function_dependencies() correctly parses function - dependencies. - :return: - """ - line = '/* BEGIN_CASE */' - dependencies = parse_function_dependencies(line) - self.assertEqual(dependencies, []) - - def test_tolerance(self): - """ - Test that parse_function_dependencies() correctly parses function - dependencies. - :return: - """ - line = '/* BEGIN_CASE depends_on:MBEDTLS_FS_IO: A : !B:C : F*/' - dependencies = parse_function_dependencies(line) - self.assertEqual(dependencies, ['MBEDTLS_FS_IO', 'A', '!B', 'C', 'F']) - - -class ParseFuncSignature(TestCase): - """ - Test Suite for parse_function_arguments(). - """ - - def test_int_and_char_params(self): - """ - Test int and char parameters parsing - :return: - """ - line = 'void entropy_threshold( char * a, int b, int result )' - args, local, arg_dispatch = parse_function_arguments(line) - self.assertEqual(args, ['char*', 'int', 'int']) - self.assertEqual(local, '') - self.assertEqual(arg_dispatch, - ['(char *) params[0]', - '((mbedtls_test_argument_t *) params[1])->sint', - '((mbedtls_test_argument_t *) params[2])->sint']) - - def test_hex_params(self): - """ - Test hex parameters parsing - :return: - """ - line = 'void entropy_threshold( char * a, data_t * h, int result )' - args, local, arg_dispatch = parse_function_arguments(line) - self.assertEqual(args, ['char*', 'hex', 'int']) - self.assertEqual(local, - ' data_t data1 = {(uint8_t *) params[1], ' - '((mbedtls_test_argument_t *) params[2])->len};\n') - self.assertEqual(arg_dispatch, ['(char *) params[0]', - '&data1', - '((mbedtls_test_argument_t *) params[3])->sint']) - - def test_unsupported_arg(self): - """ - Test unsupported argument type - :return: - """ - line = 'void entropy_threshold( char * a, data_t * h, unknown_t result )' - self.assertRaises(ValueError, parse_function_arguments, line) - - def test_empty_params(self): - """ - Test no parameters (nothing between parentheses). - :return: - """ - line = 'void entropy_threshold()' - args, local, arg_dispatch = parse_function_arguments(line) - self.assertEqual(args, []) - self.assertEqual(local, '') - self.assertEqual(arg_dispatch, []) - - def test_blank_params(self): - """ - Test no parameters (space between parentheses). - :return: - """ - line = 'void entropy_threshold( )' - args, local, arg_dispatch = parse_function_arguments(line) - self.assertEqual(args, []) - self.assertEqual(local, '') - self.assertEqual(arg_dispatch, []) - - def test_void_params(self): - """ - Test no parameters (void keyword). - :return: - """ - line = 'void entropy_threshold(void)' - args, local, arg_dispatch = parse_function_arguments(line) - self.assertEqual(args, []) - self.assertEqual(local, '') - self.assertEqual(arg_dispatch, []) - - def test_void_space_params(self): - """ - Test no parameters (void with spaces). - :return: - """ - line = 'void entropy_threshold( void )' - args, local, arg_dispatch = parse_function_arguments(line) - self.assertEqual(args, []) - self.assertEqual(local, '') - self.assertEqual(arg_dispatch, []) - - -class ParseFunctionCode(TestCase): - """ - Test suite for testing parse_function_code() - """ - - def test_no_function(self): - """ - Test no test function found. - :return: - """ - data = ''' -No -test -function -''' - stream = StringIOWrapper('test_suite_ut.function', data) - err_msg = 'file: test_suite_ut.function - Test functions not found!' - self.assertRaisesRegex(GeneratorInputError, err_msg, - parse_function_code, stream, [], []) - - def test_no_end_case_comment(self): - """ - Test missing end case. - :return: - """ - data = ''' -void test_func() -{ -} -''' - stream = StringIOWrapper('test_suite_ut.function', data) - err_msg = r'file: test_suite_ut.function - '\ - 'end case pattern .*? not found!' - self.assertRaisesRegex(GeneratorInputError, err_msg, - parse_function_code, stream, [], []) - - @patch("generate_test_code.parse_function_arguments") - def test_function_called(self, - parse_function_arguments_mock): - """ - Test parse_function_code() - :return: - """ - parse_function_arguments_mock.return_value = ([], '', []) - data = ''' -void test_func() -{ -} -''' - stream = StringIOWrapper('test_suite_ut.function', data) - self.assertRaises(GeneratorInputError, parse_function_code, - stream, [], []) - self.assertTrue(parse_function_arguments_mock.called) - parse_function_arguments_mock.assert_called_with('void test_func()\n') - - @patch("generate_test_code.gen_dispatch") - @patch("generate_test_code.gen_dependencies") - @patch("generate_test_code.gen_function_wrapper") - @patch("generate_test_code.parse_function_arguments") - def test_return(self, parse_function_arguments_mock, - gen_function_wrapper_mock, - gen_dependencies_mock, - gen_dispatch_mock): - """ - Test generated code. - :return: - """ - parse_function_arguments_mock.return_value = ([], '', []) - gen_function_wrapper_mock.return_value = '' - gen_dependencies_mock.side_effect = gen_dependencies - gen_dispatch_mock.side_effect = gen_dispatch - data = ''' -void func() -{ - ba ba black sheep - have you any wool -} -/* END_CASE */ -''' - stream = StringIOWrapper('test_suite_ut.function', data) - name, arg, code, dispatch_code = parse_function_code(stream, [], []) - - self.assertTrue(parse_function_arguments_mock.called) - parse_function_arguments_mock.assert_called_with('void func()\n') - gen_function_wrapper_mock.assert_called_with('test_func', '', []) - self.assertEqual(name, 'test_func') - self.assertEqual(arg, []) - expected = '''#line 1 "test_suite_ut.function" - -void test_func(void) -{ - ba ba black sheep - have you any wool -exit: - ; -} -''' - self.assertEqual(code, expected) - self.assertEqual(dispatch_code, "\n test_func_wrapper,\n") - - @patch("generate_test_code.gen_dispatch") - @patch("generate_test_code.gen_dependencies") - @patch("generate_test_code.gen_function_wrapper") - @patch("generate_test_code.parse_function_arguments") - def test_with_exit_label(self, parse_function_arguments_mock, - gen_function_wrapper_mock, - gen_dependencies_mock, - gen_dispatch_mock): - """ - Test when exit label is present. - :return: - """ - parse_function_arguments_mock.return_value = ([], '', []) - gen_function_wrapper_mock.return_value = '' - gen_dependencies_mock.side_effect = gen_dependencies - gen_dispatch_mock.side_effect = gen_dispatch - data = ''' -void func() -{ - ba ba black sheep - have you any wool -exit: - yes sir yes sir - 3 bags full -} -/* END_CASE */ -''' - stream = StringIOWrapper('test_suite_ut.function', data) - _, _, code, _ = parse_function_code(stream, [], []) - - expected = '''#line 1 "test_suite_ut.function" - -void test_func(void) -{ - ba ba black sheep - have you any wool -exit: - yes sir yes sir - 3 bags full -} -''' - self.assertEqual(code, expected) - - def test_non_void_function(self): - """ - Test invalid signature (non void). - :return: - """ - data = 'int entropy_threshold( char * a, data_t * h, int result )' - err_msg = 'file: test_suite_ut.function - Test functions not found!' - stream = StringIOWrapper('test_suite_ut.function', data) - self.assertRaisesRegex(GeneratorInputError, err_msg, - parse_function_code, stream, [], []) - - @patch("generate_test_code.gen_dispatch") - @patch("generate_test_code.gen_dependencies") - @patch("generate_test_code.gen_function_wrapper") - @patch("generate_test_code.parse_function_arguments") - def test_function_name_on_newline(self, parse_function_arguments_mock, - gen_function_wrapper_mock, - gen_dependencies_mock, - gen_dispatch_mock): - """ - Test with line break before the function name. - :return: - """ - parse_function_arguments_mock.return_value = ([], '', []) - gen_function_wrapper_mock.return_value = '' - gen_dependencies_mock.side_effect = gen_dependencies - gen_dispatch_mock.side_effect = gen_dispatch - data = ''' -void - - -func() -{ - ba ba black sheep - have you any wool -exit: - yes sir yes sir - 3 bags full -} -/* END_CASE */ -''' - stream = StringIOWrapper('test_suite_ut.function', data) - _, _, code, _ = parse_function_code(stream, [], []) - - expected = '''#line 1 "test_suite_ut.function" - -void - - -test_func(void) -{ - ba ba black sheep - have you any wool -exit: - yes sir yes sir - 3 bags full -} -''' - self.assertEqual(code, expected) - - @patch("generate_test_code.gen_dispatch") - @patch("generate_test_code.gen_dependencies") - @patch("generate_test_code.gen_function_wrapper") - @patch("generate_test_code.parse_function_arguments") - def test_case_starting_with_comment(self, parse_function_arguments_mock, - gen_function_wrapper_mock, - gen_dependencies_mock, - gen_dispatch_mock): - """ - Test with comments before the function signature - :return: - """ - parse_function_arguments_mock.return_value = ([], '', []) - gen_function_wrapper_mock.return_value = '' - gen_dependencies_mock.side_effect = gen_dependencies - gen_dispatch_mock.side_effect = gen_dispatch - data = '''/* comment */ -/* more - * comment */ -// this is\\ -still \\ -a comment -void func() -{ - ba ba black sheep - have you any wool -exit: - yes sir yes sir - 3 bags full -} -/* END_CASE */ -''' - stream = StringIOWrapper('test_suite_ut.function', data) - _, _, code, _ = parse_function_code(stream, [], []) - - expected = '''#line 1 "test_suite_ut.function" - - - - - - -void test_func(void) -{ - ba ba black sheep - have you any wool -exit: - yes sir yes sir - 3 bags full -} -''' - self.assertEqual(code, expected) - - @patch("generate_test_code.gen_dispatch") - @patch("generate_test_code.gen_dependencies") - @patch("generate_test_code.gen_function_wrapper") - @patch("generate_test_code.parse_function_arguments") - def test_comment_in_prototype(self, parse_function_arguments_mock, - gen_function_wrapper_mock, - gen_dependencies_mock, - gen_dispatch_mock): - """ - Test with comments in the function prototype - :return: - """ - parse_function_arguments_mock.return_value = ([], '', []) - gen_function_wrapper_mock.return_value = '' - gen_dependencies_mock.side_effect = gen_dependencies - gen_dispatch_mock.side_effect = gen_dispatch - data = ''' -void func( int x, // (line \\ - comment) - int y /* lone closing parenthesis) */ ) -{ - ba ba black sheep - have you any wool -exit: - yes sir yes sir - 3 bags full -} -/* END_CASE */ -''' - stream = StringIOWrapper('test_suite_ut.function', data) - _, _, code, _ = parse_function_code(stream, [], []) - - expected = '''#line 1 "test_suite_ut.function" - -void test_func( int x, - - int y ) -{ - ba ba black sheep - have you any wool -exit: - yes sir yes sir - 3 bags full -} -''' - self.assertEqual(code, expected) - - @patch("generate_test_code.gen_dispatch") - @patch("generate_test_code.gen_dependencies") - @patch("generate_test_code.gen_function_wrapper") - @patch("generate_test_code.parse_function_arguments") - def test_line_comment_in_block_comment(self, parse_function_arguments_mock, - gen_function_wrapper_mock, - gen_dependencies_mock, - gen_dispatch_mock): - """ - Test with line comment in block comment. - :return: - """ - parse_function_arguments_mock.return_value = ([], '', []) - gen_function_wrapper_mock.return_value = '' - gen_dependencies_mock.side_effect = gen_dependencies - gen_dispatch_mock.side_effect = gen_dispatch - data = ''' -void func( int x /* // */ ) -{ - ba ba black sheep - have you any wool -exit: - yes sir yes sir - 3 bags full -} -/* END_CASE */ -''' - stream = StringIOWrapper('test_suite_ut.function', data) - _, _, code, _ = parse_function_code(stream, [], []) - - expected = '''#line 1 "test_suite_ut.function" - -void test_func( int x ) -{ - ba ba black sheep - have you any wool -exit: - yes sir yes sir - 3 bags full -} -''' - self.assertEqual(code, expected) - - @patch("generate_test_code.gen_dispatch") - @patch("generate_test_code.gen_dependencies") - @patch("generate_test_code.gen_function_wrapper") - @patch("generate_test_code.parse_function_arguments") - def test_block_comment_in_line_comment(self, parse_function_arguments_mock, - gen_function_wrapper_mock, - gen_dependencies_mock, - gen_dispatch_mock): - """ - Test with block comment in line comment. - :return: - """ - parse_function_arguments_mock.return_value = ([], '', []) - gen_function_wrapper_mock.return_value = '' - gen_dependencies_mock.side_effect = gen_dependencies - gen_dispatch_mock.side_effect = gen_dispatch - data = ''' -// /* -void func( int x ) -{ - ba ba black sheep - have you any wool -exit: - yes sir yes sir - 3 bags full -} -/* END_CASE */ -''' - stream = StringIOWrapper('test_suite_ut.function', data) - _, _, code, _ = parse_function_code(stream, [], []) - - expected = '''#line 1 "test_suite_ut.function" - - -void test_func( int x ) -{ - ba ba black sheep - have you any wool -exit: - yes sir yes sir - 3 bags full -} -''' - self.assertEqual(code, expected) - - -class ParseFunction(TestCase): - """ - Test Suite for testing parse_functions() - """ - - @patch("generate_test_code.parse_until_pattern") - def test_begin_header(self, parse_until_pattern_mock): - """ - Test that begin header is checked and parse_until_pattern() is called. - :return: - """ - def stop(*_unused): - """Stop when parse_until_pattern is called.""" - raise Exception - parse_until_pattern_mock.side_effect = stop - data = '''/* BEGIN_HEADER */ -#include "mbedtls/ecp.h" - -#define ECP_PF_UNKNOWN -1 -/* END_HEADER */ -''' - stream = StringIOWrapper('test_suite_ut.function', data) - self.assertRaises(Exception, parse_functions, stream) - parse_until_pattern_mock.assert_called_with(stream, END_HEADER_REGEX) - self.assertEqual(stream.line_no, 1) - - @patch("generate_test_code.parse_until_pattern") - def test_begin_helper(self, parse_until_pattern_mock): - """ - Test that begin helper is checked and parse_until_pattern() is called. - :return: - """ - def stop(*_unused): - """Stop when parse_until_pattern is called.""" - raise Exception - parse_until_pattern_mock.side_effect = stop - data = '''/* BEGIN_SUITE_HELPERS */ -void print_hello_world() -{ - printf("Hello World!\n"); -} -/* END_SUITE_HELPERS */ -''' - stream = StringIOWrapper('test_suite_ut.function', data) - self.assertRaises(Exception, parse_functions, stream) - parse_until_pattern_mock.assert_called_with(stream, - END_SUITE_HELPERS_REGEX) - self.assertEqual(stream.line_no, 1) - - @patch("generate_test_code.parse_suite_dependencies") - def test_begin_dep(self, parse_suite_dependencies_mock): - """ - Test that begin dep is checked and parse_suite_dependencies() is - called. - :return: - """ - def stop(*_unused): - """Stop when parse_until_pattern is called.""" - raise Exception - parse_suite_dependencies_mock.side_effect = stop - data = '''/* BEGIN_DEPENDENCIES - * depends_on:MBEDTLS_ECP_C - * END_DEPENDENCIES - */ -''' - stream = StringIOWrapper('test_suite_ut.function', data) - self.assertRaises(Exception, parse_functions, stream) - parse_suite_dependencies_mock.assert_called_with(stream) - self.assertEqual(stream.line_no, 1) - - @patch("generate_test_code.parse_function_dependencies") - def test_begin_function_dep(self, func_mock): - """ - Test that begin dep is checked and parse_function_dependencies() is - called. - :return: - """ - def stop(*_unused): - """Stop when parse_until_pattern is called.""" - raise Exception - func_mock.side_effect = stop - - dependencies_str = '/* BEGIN_CASE ' \ - 'depends_on:MBEDTLS_ENTROPY_NV_SEED:MBEDTLS_FS_IO */\n' - data = '''%svoid test_func() -{ -} -''' % dependencies_str - stream = StringIOWrapper('test_suite_ut.function', data) - self.assertRaises(Exception, parse_functions, stream) - func_mock.assert_called_with(dependencies_str) - self.assertEqual(stream.line_no, 1) - - @patch("generate_test_code.parse_function_code") - @patch("generate_test_code.parse_function_dependencies") - def test_return(self, func_mock1, func_mock2): - """ - Test that begin case is checked and parse_function_code() is called. - :return: - """ - func_mock1.return_value = [] - in_func_code = '''void test_func() -{ -} -''' - func_dispatch = ''' - test_func_wrapper, -''' - func_mock2.return_value = 'test_func', [],\ - in_func_code, func_dispatch - dependencies_str = '/* BEGIN_CASE ' \ - 'depends_on:MBEDTLS_ENTROPY_NV_SEED:MBEDTLS_FS_IO */\n' - data = '''%svoid test_func() -{ -} -''' % dependencies_str - stream = StringIOWrapper('test_suite_ut.function', data) - suite_dependencies, dispatch_code, func_code, func_info = \ - parse_functions(stream) - func_mock1.assert_called_with(dependencies_str) - func_mock2.assert_called_with(stream, [], []) - self.assertEqual(stream.line_no, 5) - self.assertEqual(suite_dependencies, []) - expected_dispatch_code = '''/* Function Id: 0 */ - - test_func_wrapper, -''' - self.assertEqual(dispatch_code, expected_dispatch_code) - self.assertEqual(func_code, in_func_code) - self.assertEqual(func_info, {'test_func': (0, [])}) - - def test_parsing(self): - """ - Test case parsing. - :return: - """ - data = '''/* BEGIN_HEADER */ -#include "mbedtls/ecp.h" - -#define ECP_PF_UNKNOWN -1 -/* END_HEADER */ - -/* BEGIN_DEPENDENCIES - * depends_on:MBEDTLS_ECP_C - * END_DEPENDENCIES - */ - -/* BEGIN_CASE depends_on:MBEDTLS_ENTROPY_NV_SEED:MBEDTLS_FS_IO */ -void func1() -{ -} -/* END_CASE */ - -/* BEGIN_CASE depends_on:MBEDTLS_ENTROPY_NV_SEED:MBEDTLS_FS_IO */ -void func2() -{ -} -/* END_CASE */ -''' - stream = StringIOWrapper('test_suite_ut.function', data) - suite_dependencies, dispatch_code, func_code, func_info = \ - parse_functions(stream) - self.assertEqual(stream.line_no, 23) - self.assertEqual(suite_dependencies, ['MBEDTLS_ECP_C']) - - expected_dispatch_code = '''/* Function Id: 0 */ - -#if defined(MBEDTLS_ECP_C) && defined(MBEDTLS_ENTROPY_NV_SEED) && defined(MBEDTLS_FS_IO) - test_func1_wrapper, -#else - NULL, -#endif -/* Function Id: 1 */ - -#if defined(MBEDTLS_ECP_C) && defined(MBEDTLS_ENTROPY_NV_SEED) && defined(MBEDTLS_FS_IO) - test_func2_wrapper, -#else - NULL, -#endif -''' - self.assertEqual(dispatch_code, expected_dispatch_code) - expected_func_code = '''#if defined(MBEDTLS_ECP_C) -#line 2 "test_suite_ut.function" -#include "mbedtls/ecp.h" - -#define ECP_PF_UNKNOWN -1 -#if defined(MBEDTLS_ENTROPY_NV_SEED) -#if defined(MBEDTLS_FS_IO) -#line 13 "test_suite_ut.function" -void test_func1(void) -{ -exit: - ; -} - -void test_func1_wrapper( void ** params ) -{ - (void)params; - - test_func1( ); -} -#endif /* MBEDTLS_FS_IO */ -#endif /* MBEDTLS_ENTROPY_NV_SEED */ -#if defined(MBEDTLS_ENTROPY_NV_SEED) -#if defined(MBEDTLS_FS_IO) -#line 19 "test_suite_ut.function" -void test_func2(void) -{ -exit: - ; -} - -void test_func2_wrapper( void ** params ) -{ - (void)params; - - test_func2( ); -} -#endif /* MBEDTLS_FS_IO */ -#endif /* MBEDTLS_ENTROPY_NV_SEED */ -#endif /* MBEDTLS_ECP_C */ -''' - self.assertEqual(func_code, expected_func_code) - self.assertEqual(func_info, {'test_func1': (0, []), - 'test_func2': (1, [])}) - - def test_same_function_name(self): - """ - Test name conflict. - :return: - """ - data = '''/* BEGIN_HEADER */ -#include "mbedtls/ecp.h" - -#define ECP_PF_UNKNOWN -1 -/* END_HEADER */ - -/* BEGIN_DEPENDENCIES - * depends_on:MBEDTLS_ECP_C - * END_DEPENDENCIES - */ - -/* BEGIN_CASE depends_on:MBEDTLS_ENTROPY_NV_SEED:MBEDTLS_FS_IO */ -void func() -{ -} -/* END_CASE */ - -/* BEGIN_CASE depends_on:MBEDTLS_ENTROPY_NV_SEED:MBEDTLS_FS_IO */ -void func() -{ -} -/* END_CASE */ -''' - stream = StringIOWrapper('test_suite_ut.function', data) - self.assertRaises(GeneratorInputError, parse_functions, stream) - - -class EscapedSplit(TestCase): - """ - Test suite for testing escaped_split(). - Note: Since escaped_split() output is used to write back to the - intermediate data file. Any escape characters in the input are - retained in the output. - """ - - def test_invalid_input(self): - """ - Test when input split character is not a character. - :return: - """ - self.assertRaises(ValueError, escaped_split, '', 'string') - - def test_empty_string(self): - """ - Test empty string input. - :return: - """ - splits = escaped_split('', ':') - self.assertEqual(splits, []) - - def test_no_escape(self): - """ - Test with no escape character. The behaviour should be same as - str.split() - :return: - """ - test_str = 'yahoo:google' - splits = escaped_split(test_str, ':') - self.assertEqual(splits, test_str.split(':')) - - def test_escaped_input(self): - """ - Test input that has escaped delimiter. - :return: - """ - test_str = r'yahoo\:google:facebook' - splits = escaped_split(test_str, ':') - self.assertEqual(splits, [r'yahoo\:google', 'facebook']) - - def test_escaped_escape(self): - """ - Test input that has escaped delimiter. - :return: - """ - test_str = r'yahoo\\:google:facebook' - splits = escaped_split(test_str, ':') - self.assertEqual(splits, [r'yahoo\\', 'google', 'facebook']) - - def test_all_at_once(self): - """ - Test input that has escaped delimiter. - :return: - """ - test_str = r'yahoo\\:google:facebook\:instagram\\:bbc\\:wikipedia' - splits = escaped_split(test_str, ':') - self.assertEqual(splits, [r'yahoo\\', r'google', - r'facebook\:instagram\\', - r'bbc\\', r'wikipedia']) - - -class ParseTestData(TestCase): - """ - Test suite for parse test data. - """ - - def test_parser(self): - """ - Test that tests are parsed correctly from data file. - :return: - """ - data = """ -Diffie-Hellman full exchange #1 -dhm_do_dhm:10:"23":10:"5" - -Diffie-Hellman full exchange #2 -dhm_do_dhm:10:"93450983094850938450983409623":10:"9345098304850938450983409622" - -Diffie-Hellman full exchange #3 -dhm_do_dhm:10:"9345098382739712938719287391879381271":10:"9345098792137312973297123912791271" - -Diffie-Hellman selftest -dhm_selftest: -""" - stream = StringIOWrapper('test_suite_ut.function', data) - # List of (name, function_name, dependencies, args) - tests = list(parse_test_data(stream)) - test1, test2, test3, test4 = tests - self.assertEqual(test1[0], 3) - self.assertEqual(test1[1], 'Diffie-Hellman full exchange #1') - self.assertEqual(test1[2], 'dhm_do_dhm') - self.assertEqual(test1[3], []) - self.assertEqual(test1[4], ['10', '"23"', '10', '"5"']) - - self.assertEqual(test2[0], 6) - self.assertEqual(test2[1], 'Diffie-Hellman full exchange #2') - self.assertEqual(test2[2], 'dhm_do_dhm') - self.assertEqual(test2[3], []) - self.assertEqual(test2[4], ['10', '"93450983094850938450983409623"', - '10', '"9345098304850938450983409622"']) - - self.assertEqual(test3[0], 9) - self.assertEqual(test3[1], 'Diffie-Hellman full exchange #3') - self.assertEqual(test3[2], 'dhm_do_dhm') - self.assertEqual(test3[3], []) - self.assertEqual(test3[4], ['10', - '"9345098382739712938719287391879381271"', - '10', - '"9345098792137312973297123912791271"']) - - self.assertEqual(test4[0], 12) - self.assertEqual(test4[1], 'Diffie-Hellman selftest') - self.assertEqual(test4[2], 'dhm_selftest') - self.assertEqual(test4[3], []) - self.assertEqual(test4[4], []) - - def test_with_dependencies(self): - """ - Test that tests with dependencies are parsed. - :return: - """ - data = """ -Diffie-Hellman full exchange #1 -depends_on:YAHOO -dhm_do_dhm:10:"23":10:"5" - -Diffie-Hellman full exchange #2 -dhm_do_dhm:10:"93450983094850938450983409623":10:"9345098304850938450983409622" - -""" - stream = StringIOWrapper('test_suite_ut.function', data) - # List of (name, function_name, dependencies, args) - tests = list(parse_test_data(stream)) - test1, test2 = tests - self.assertEqual(test1[0], 4) - self.assertEqual(test1[1], 'Diffie-Hellman full exchange #1') - self.assertEqual(test1[2], 'dhm_do_dhm') - self.assertEqual(test1[3], ['YAHOO']) - self.assertEqual(test1[4], ['10', '"23"', '10', '"5"']) - - self.assertEqual(test2[0], 7) - self.assertEqual(test2[1], 'Diffie-Hellman full exchange #2') - self.assertEqual(test2[2], 'dhm_do_dhm') - self.assertEqual(test2[3], []) - self.assertEqual(test2[4], ['10', '"93450983094850938450983409623"', - '10', '"9345098304850938450983409622"']) - - def test_no_args(self): - """ - Test GeneratorInputError is raised when test function name and - args line is missing. - :return: - """ - data = """ -Diffie-Hellman full exchange #1 -depends_on:YAHOO - - -Diffie-Hellman full exchange #2 -dhm_do_dhm:10:"93450983094850938450983409623":10:"9345098304850938450983409622" - -""" - stream = StringIOWrapper('test_suite_ut.function', data) - err = None - try: - for _, _, _, _, _ in parse_test_data(stream): - pass - except GeneratorInputError as err: - self.assertEqual(type(err), GeneratorInputError) - - def test_incomplete_data(self): - """ - Test GeneratorInputError is raised when test function name - and args line is missing. - :return: - """ - data = """ -Diffie-Hellman full exchange #1 -depends_on:YAHOO -""" - stream = StringIOWrapper('test_suite_ut.function', data) - err = None - try: - for _, _, _, _, _ in parse_test_data(stream): - pass - except GeneratorInputError as err: - self.assertEqual(type(err), GeneratorInputError) - - -class GenDepCheck(TestCase): - """ - Test suite for gen_dep_check(). It is assumed this function is - called with valid inputs. - """ - - def test_gen_dep_check(self): - """ - Test that dependency check code generated correctly. - :return: - """ - expected = """ - case 5: - { -#if defined(YAHOO) - ret = DEPENDENCY_SUPPORTED; -#else - ret = DEPENDENCY_NOT_SUPPORTED; -#endif - } - break;""" - out = gen_dep_check(5, 'YAHOO') - self.assertEqual(out, expected) - - def test_not_defined_dependency(self): - """ - Test dependency with !. - :return: - """ - expected = """ - case 5: - { -#if !defined(YAHOO) - ret = DEPENDENCY_SUPPORTED; -#else - ret = DEPENDENCY_NOT_SUPPORTED; -#endif - } - break;""" - out = gen_dep_check(5, '!YAHOO') - self.assertEqual(out, expected) - - def test_empty_dependency(self): - """ - Test invalid dependency input. - :return: - """ - self.assertRaises(GeneratorInputError, gen_dep_check, 5, '!') - - def test_negative_dep_id(self): - """ - Test invalid dependency input. - :return: - """ - self.assertRaises(GeneratorInputError, gen_dep_check, -1, 'YAHOO') - - -class GenExpCheck(TestCase): - """ - Test suite for gen_expression_check(). It is assumed this function - is called with valid inputs. - """ - - def test_gen_exp_check(self): - """ - Test that expression check code generated correctly. - :return: - """ - expected = """ - case 5: - { - *out_value = YAHOO; - } - break;""" - out = gen_expression_check(5, 'YAHOO') - self.assertEqual(out, expected) - - def test_invalid_expression(self): - """ - Test invalid expression input. - :return: - """ - self.assertRaises(GeneratorInputError, gen_expression_check, 5, '') - - def test_negative_exp_id(self): - """ - Test invalid expression id. - :return: - """ - self.assertRaises(GeneratorInputError, gen_expression_check, - -1, 'YAHOO') - - -class WriteDependencies(TestCase): - """ - Test suite for testing write_dependencies. - """ - - def test_no_test_dependencies(self): - """ - Test when test dependencies input is empty. - :return: - """ - stream = StringIOWrapper('test_suite_ut.data', '') - unique_dependencies = [] - dep_check_code = write_dependencies(stream, [], unique_dependencies) - self.assertEqual(dep_check_code, '') - self.assertEqual(len(unique_dependencies), 0) - self.assertEqual(stream.getvalue(), '') - - def test_unique_dep_ids(self): - """ - - :return: - """ - stream = StringIOWrapper('test_suite_ut.data', '') - unique_dependencies = [] - dep_check_code = write_dependencies(stream, ['DEP3', 'DEP2', 'DEP1'], - unique_dependencies) - expect_dep_check_code = ''' - case 0: - { -#if defined(DEP3) - ret = DEPENDENCY_SUPPORTED; -#else - ret = DEPENDENCY_NOT_SUPPORTED; -#endif - } - break; - case 1: - { -#if defined(DEP2) - ret = DEPENDENCY_SUPPORTED; -#else - ret = DEPENDENCY_NOT_SUPPORTED; -#endif - } - break; - case 2: - { -#if defined(DEP1) - ret = DEPENDENCY_SUPPORTED; -#else - ret = DEPENDENCY_NOT_SUPPORTED; -#endif - } - break;''' - self.assertEqual(dep_check_code, expect_dep_check_code) - self.assertEqual(len(unique_dependencies), 3) - self.assertEqual(stream.getvalue(), 'depends_on:0:1:2\n') - - def test_dep_id_repeat(self): - """ - - :return: - """ - stream = StringIOWrapper('test_suite_ut.data', '') - unique_dependencies = [] - dep_check_code = '' - dep_check_code += write_dependencies(stream, ['DEP3', 'DEP2'], - unique_dependencies) - dep_check_code += write_dependencies(stream, ['DEP2', 'DEP1'], - unique_dependencies) - dep_check_code += write_dependencies(stream, ['DEP1', 'DEP3'], - unique_dependencies) - expect_dep_check_code = ''' - case 0: - { -#if defined(DEP3) - ret = DEPENDENCY_SUPPORTED; -#else - ret = DEPENDENCY_NOT_SUPPORTED; -#endif - } - break; - case 1: - { -#if defined(DEP2) - ret = DEPENDENCY_SUPPORTED; -#else - ret = DEPENDENCY_NOT_SUPPORTED; -#endif - } - break; - case 2: - { -#if defined(DEP1) - ret = DEPENDENCY_SUPPORTED; -#else - ret = DEPENDENCY_NOT_SUPPORTED; -#endif - } - break;''' - self.assertEqual(dep_check_code, expect_dep_check_code) - self.assertEqual(len(unique_dependencies), 3) - self.assertEqual(stream.getvalue(), - 'depends_on:0:1\ndepends_on:1:2\ndepends_on:2:0\n') - - -class WriteParams(TestCase): - """ - Test Suite for testing write_parameters(). - """ - - def test_no_params(self): - """ - Test with empty test_args - :return: - """ - stream = StringIOWrapper('test_suite_ut.data', '') - unique_expressions = [] - expression_code = write_parameters(stream, [], [], unique_expressions) - self.assertEqual(len(unique_expressions), 0) - self.assertEqual(expression_code, '') - self.assertEqual(stream.getvalue(), '\n') - - def test_no_exp_param(self): - """ - Test when there is no macro or expression in the params. - :return: - """ - stream = StringIOWrapper('test_suite_ut.data', '') - unique_expressions = [] - expression_code = write_parameters(stream, ['"Yahoo"', '"abcdef00"', - '0'], - ['char*', 'hex', 'int'], - unique_expressions) - self.assertEqual(len(unique_expressions), 0) - self.assertEqual(expression_code, '') - self.assertEqual(stream.getvalue(), - ':char*:"Yahoo":hex:"abcdef00":int:0\n') - - def test_hex_format_int_param(self): - """ - Test int parameter in hex format. - :return: - """ - stream = StringIOWrapper('test_suite_ut.data', '') - unique_expressions = [] - expression_code = write_parameters(stream, - ['"Yahoo"', '"abcdef00"', '0xAA'], - ['char*', 'hex', 'int'], - unique_expressions) - self.assertEqual(len(unique_expressions), 0) - self.assertEqual(expression_code, '') - self.assertEqual(stream.getvalue(), - ':char*:"Yahoo":hex:"abcdef00":int:0xAA\n') - - def test_with_exp_param(self): - """ - Test when there is macro or expression in the params. - :return: - """ - stream = StringIOWrapper('test_suite_ut.data', '') - unique_expressions = [] - expression_code = write_parameters(stream, - ['"Yahoo"', '"abcdef00"', '0', - 'MACRO1', 'MACRO2', 'MACRO3'], - ['char*', 'hex', 'int', - 'int', 'int', 'int'], - unique_expressions) - self.assertEqual(len(unique_expressions), 3) - self.assertEqual(unique_expressions, ['MACRO1', 'MACRO2', 'MACRO3']) - expected_expression_code = ''' - case 0: - { - *out_value = MACRO1; - } - break; - case 1: - { - *out_value = MACRO2; - } - break; - case 2: - { - *out_value = MACRO3; - } - break;''' - self.assertEqual(expression_code, expected_expression_code) - self.assertEqual(stream.getvalue(), - ':char*:"Yahoo":hex:"abcdef00":int:0:exp:0:exp:1' - ':exp:2\n') - - def test_with_repeat_calls(self): - """ - Test when write_parameter() is called with same macro or expression. - :return: - """ - stream = StringIOWrapper('test_suite_ut.data', '') - unique_expressions = [] - expression_code = '' - expression_code += write_parameters(stream, - ['"Yahoo"', 'MACRO1', 'MACRO2'], - ['char*', 'int', 'int'], - unique_expressions) - expression_code += write_parameters(stream, - ['"abcdef00"', 'MACRO2', 'MACRO3'], - ['hex', 'int', 'int'], - unique_expressions) - expression_code += write_parameters(stream, - ['0', 'MACRO3', 'MACRO1'], - ['int', 'int', 'int'], - unique_expressions) - self.assertEqual(len(unique_expressions), 3) - self.assertEqual(unique_expressions, ['MACRO1', 'MACRO2', 'MACRO3']) - expected_expression_code = ''' - case 0: - { - *out_value = MACRO1; - } - break; - case 1: - { - *out_value = MACRO2; - } - break; - case 2: - { - *out_value = MACRO3; - } - break;''' - self.assertEqual(expression_code, expected_expression_code) - expected_data_file = ''':char*:"Yahoo":exp:0:exp:1 -:hex:"abcdef00":exp:1:exp:2 -:int:0:exp:2:exp:0 -''' - self.assertEqual(stream.getvalue(), expected_data_file) - - -class GenTestSuiteDependenciesChecks(TestCase): - """ - Test suite for testing gen_suite_dep_checks() - """ - def test_empty_suite_dependencies(self): - """ - Test with empty suite_dependencies list. - - :return: - """ - dep_check_code, expression_code = \ - gen_suite_dep_checks([], 'DEP_CHECK_CODE', 'EXPRESSION_CODE') - self.assertEqual(dep_check_code, 'DEP_CHECK_CODE') - self.assertEqual(expression_code, 'EXPRESSION_CODE') - - def test_suite_dependencies(self): - """ - Test with suite_dependencies list. - - :return: - """ - dep_check_code, expression_code = \ - gen_suite_dep_checks(['SUITE_DEP'], 'DEP_CHECK_CODE', - 'EXPRESSION_CODE') - expected_dep_check_code = ''' -#if defined(SUITE_DEP) -DEP_CHECK_CODE -#endif -''' - expected_expression_code = ''' -#if defined(SUITE_DEP) -EXPRESSION_CODE -#endif -''' - self.assertEqual(dep_check_code, expected_dep_check_code) - self.assertEqual(expression_code, expected_expression_code) - - def test_no_dep_no_exp(self): - """ - Test when there are no dependency and expression code. - :return: - """ - dep_check_code, expression_code = gen_suite_dep_checks([], '', '') - self.assertEqual(dep_check_code, '') - self.assertEqual(expression_code, '') - - -class GenFromTestData(TestCase): - """ - Test suite for gen_from_test_data() - """ - - @staticmethod - @patch("generate_test_code.write_dependencies") - @patch("generate_test_code.write_parameters") - @patch("generate_test_code.gen_suite_dep_checks") - def test_intermediate_data_file(func_mock1, - write_parameters_mock, - write_dependencies_mock): - """ - Test that intermediate data file is written with expected data. - :return: - """ - data = ''' -My test -depends_on:DEP1 -func1:0 -''' - data_f = StringIOWrapper('test_suite_ut.data', data) - out_data_f = StringIOWrapper('test_suite_ut.datax', '') - func_info = {'test_func1': (1, ('int',))} - suite_dependencies = [] - write_parameters_mock.side_effect = write_parameters - write_dependencies_mock.side_effect = write_dependencies - func_mock1.side_effect = gen_suite_dep_checks - gen_from_test_data(data_f, out_data_f, func_info, suite_dependencies) - write_dependencies_mock.assert_called_with(out_data_f, - ['DEP1'], ['DEP1']) - write_parameters_mock.assert_called_with(out_data_f, ['0'], - ('int',), []) - expected_dep_check_code = ''' - case 0: - { -#if defined(DEP1) - ret = DEPENDENCY_SUPPORTED; -#else - ret = DEPENDENCY_NOT_SUPPORTED; -#endif - } - break;''' - func_mock1.assert_called_with( - suite_dependencies, expected_dep_check_code, '') - - def test_function_not_found(self): - """ - Test that AssertError is raised when function info in not found. - :return: - """ - data = ''' -My test -depends_on:DEP1 -func1:0 -''' - data_f = StringIOWrapper('test_suite_ut.data', data) - out_data_f = StringIOWrapper('test_suite_ut.datax', '') - func_info = {'test_func2': (1, ('int',))} - suite_dependencies = [] - self.assertRaises(GeneratorInputError, gen_from_test_data, - data_f, out_data_f, func_info, suite_dependencies) - - def test_different_func_args(self): - """ - Test that AssertError is raised when no. of parameters and - function args differ. - :return: - """ - data = ''' -My test -depends_on:DEP1 -func1:0 -''' - data_f = StringIOWrapper('test_suite_ut.data', data) - out_data_f = StringIOWrapper('test_suite_ut.datax', '') - func_info = {'test_func2': (1, ('int', 'hex'))} - suite_dependencies = [] - self.assertRaises(GeneratorInputError, gen_from_test_data, data_f, - out_data_f, func_info, suite_dependencies) - - def test_output(self): - """ - Test that intermediate data file is written with expected data. - :return: - """ - data = ''' -My test 1 -depends_on:DEP1 -func1:0:0xfa:MACRO1:MACRO2 - -My test 2 -depends_on:DEP1:DEP2 -func2:"yahoo":88:MACRO1 -''' - data_f = StringIOWrapper('test_suite_ut.data', data) - out_data_f = StringIOWrapper('test_suite_ut.datax', '') - func_info = {'test_func1': (0, ('int', 'int', 'int', 'int')), - 'test_func2': (1, ('char*', 'int', 'int'))} - suite_dependencies = [] - dep_check_code, expression_code = \ - gen_from_test_data(data_f, out_data_f, func_info, - suite_dependencies) - expected_dep_check_code = ''' - case 0: - { -#if defined(DEP1) - ret = DEPENDENCY_SUPPORTED; -#else - ret = DEPENDENCY_NOT_SUPPORTED; -#endif - } - break; - case 1: - { -#if defined(DEP2) - ret = DEPENDENCY_SUPPORTED; -#else - ret = DEPENDENCY_NOT_SUPPORTED; -#endif - } - break;''' - expected_data = '''My test 1 -depends_on:0 -0:int:0:int:0xfa:exp:0:exp:1 - -My test 2 -depends_on:0:1 -1:char*:"yahoo":int:88:exp:0 - -''' - expected_expression_code = ''' - case 0: - { - *out_value = MACRO1; - } - break; - case 1: - { - *out_value = MACRO2; - } - break;''' - self.assertEqual(dep_check_code, expected_dep_check_code) - self.assertEqual(out_data_f.getvalue(), expected_data) - self.assertEqual(expression_code, expected_expression_code) - - -if __name__ == '__main__': - unittest_main() From f6f3bcae43459b6cb6d912a18bcf39169e324a42 Mon Sep 17 00:00:00 2001 From: David Horstmann Date: Wed, 29 May 2024 17:57:08 +0100 Subject: [PATCH 288/429] Update file paths for moved files Signed-off-by: David Horstmann --- CMakeLists.txt | 8 ++-- .../psa-crypto-implementation-structure.md | 2 +- docs/architecture/psa-shared-memory.md | 2 +- scripts/make_generated_files.bat | 10 ++--- tests/CMakeLists.txt | 22 +++++------ tests/Makefile | 38 +++++++++---------- tests/data_files/test_certs.h.jinja2 | 2 +- tests/scripts/all.sh | 2 +- tests/scripts/check-generated-files.sh | 12 +++--- tests/suites/test_suite_pk.function | 2 +- 10 files changed, 50 insertions(+), 50 deletions(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index 306cf0261d..e47667545a 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -323,11 +323,11 @@ if(ENABLE_TESTING OR ENABLE_PROGRAMS) ${CMAKE_CURRENT_SOURCE_DIR}/tests COMMAND "${MBEDTLS_PYTHON_EXECUTABLE}" - "${CMAKE_CURRENT_SOURCE_DIR}/tests/scripts/generate_test_keys.py" + "${CMAKE_CURRENT_SOURCE_DIR}/framework/scripts/generate_test_keys.py" "--output" "${CMAKE_CURRENT_SOURCE_DIR}/tests/src/test_keys.h" DEPENDS - ${CMAKE_CURRENT_SOURCE_DIR}/tests/scripts/generate_test_keys.py + ${CMAKE_CURRENT_SOURCE_DIR}/framework/scripts/generate_test_keys.py ) add_custom_target(test_keys_header DEPENDS ${CMAKE_CURRENT_SOURCE_DIR}/tests/src/test_keys.h) add_custom_command( @@ -337,11 +337,11 @@ if(ENABLE_TESTING OR ENABLE_PROGRAMS) ${CMAKE_CURRENT_SOURCE_DIR}/tests COMMAND "${MBEDTLS_PYTHON_EXECUTABLE}" - "${CMAKE_CURRENT_SOURCE_DIR}/tests/scripts/generate_test_cert_macros.py" + "${CMAKE_CURRENT_SOURCE_DIR}/framework/scripts/generate_test_cert_macros.py" "--output" "${CMAKE_CURRENT_SOURCE_DIR}/tests/src/test_certs.h" DEPENDS - ${CMAKE_CURRENT_SOURCE_DIR}/tests/scripts/generate_test_cert_macros.py + ${CMAKE_CURRENT_SOURCE_DIR}/framework/scripts/generate_test_cert_macros.py ) add_custom_target(test_certs_header DEPENDS ${CMAKE_CURRENT_SOURCE_DIR}/tests/src/test_certs.h) add_dependencies(mbedtls_test test_keys_header test_certs_header) diff --git a/docs/architecture/psa-crypto-implementation-structure.md b/docs/architecture/psa-crypto-implementation-structure.md index 7e0e37d251..0954602cb6 100644 --- a/docs/architecture/psa-crypto-implementation-structure.md +++ b/docs/architecture/psa-crypto-implementation-structure.md @@ -153,7 +153,7 @@ The size of operation structures needs to be known at compile time, since caller ### Unit tests -A number of unit tests are automatically generated by `tests/scripts/generate_psa_tests.py` based on the algorithms and key types declared in `include/psa/crypto_values.h` and `include/psa/crypto_extra.h`: +A number of unit tests are automatically generated by `framework/scripts/generate_psa_tests.py` based on the algorithms and key types declared in `include/psa/crypto_values.h` and `include/psa/crypto_extra.h`: * Attempt to create a key with a key type that is not supported. * Attempt to perform an operation with a combination of key type and algorithm that is not valid or not supported. diff --git a/docs/architecture/psa-shared-memory.md b/docs/architecture/psa-shared-memory.md index ef3a6b09de..283ffc6265 100644 --- a/docs/architecture/psa-shared-memory.md +++ b/docs/architecture/psa-shared-memory.md @@ -663,7 +663,7 @@ psa_status_t mem_poison_psa_aead_update(psa_aead_operation_t *operation, There now exists a more generic mechanism for making exactly this kind of transformation - the PSA test wrappers, which exist in the files `tests/include/test/psa_test_wrappers.h` and `tests/src/psa_test_wrappers.c`. These are wrappers around all PSA functions that allow testing code to be inserted at the start and end of a PSA function call. -The test wrappers are generated by a script, although they are not automatically generated as part of the build process. Instead, they are checked into source control and must be manually updated when functions change by running `tests/scripts/generate_psa_wrappers.py`. +The test wrappers are generated by a script, although they are not automatically generated as part of the build process. Instead, they are checked into source control and must be manually updated when functions change by running `framework/scripts/generate_psa_wrappers.py`. Poisoning code is added to these test wrappers where relevant in order to pre-poison and post-unpoison the parameters to the functions. diff --git a/scripts/make_generated_files.bat b/scripts/make_generated_files.bat index 11bcb1ae0b..f04f6b72a9 100644 --- a/scripts/make_generated_files.bat +++ b/scripts/make_generated_files.bat @@ -10,8 +10,8 @@ perl scripts\generate_features.pl || exit /b 1 python scripts\generate_ssl_debug_helpers.py || exit /b 1 perl scripts\generate_visualc_files.pl || exit /b 1 python scripts\generate_psa_constants.py || exit /b 1 -python tests\scripts\generate_bignum_tests.py || exit /b 1 -python tests\scripts\generate_ecp_tests.py || exit /b 1 -python tests\scripts\generate_psa_tests.py || exit /b 1 -python tests\scripts\generate_test_keys.py --output tests\src\test_keys.h || exit /b 1 -python tests\scripts\generate_test_cert_macros.py --output tests\src\test_certs.h || exit /b 1 +python framework\scripts\generate_bignum_tests.py || exit /b 1 +python framework\scripts\generate_ecp_tests.py || exit /b 1 +python framework\scripts\generate_psa_tests.py || exit /b 1 +python framework\scripts\generate_test_keys.py --output tests\src\test_keys.h || exit /b 1 +python framework\scripts\generate_test_cert_macros.py --output tests\src\test_certs.h || exit /b 1 diff --git a/tests/CMakeLists.txt b/tests/CMakeLists.txt index ffe3cc85ae..5bc38b4e70 100644 --- a/tests/CMakeLists.txt +++ b/tests/CMakeLists.txt @@ -21,7 +21,7 @@ file(MAKE_DIRECTORY ${CMAKE_CURRENT_BINARY_DIR}/suites) execute_process( COMMAND ${MBEDTLS_PYTHON_EXECUTABLE} - ${CMAKE_CURRENT_SOURCE_DIR}/../tests/scripts/generate_bignum_tests.py + ${CMAKE_CURRENT_SOURCE_DIR}/../framework/scripts/generate_bignum_tests.py --list-for-cmake WORKING_DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR}/.. @@ -33,7 +33,7 @@ string(REGEX REPLACE "[^;]*/" "" execute_process( COMMAND ${MBEDTLS_PYTHON_EXECUTABLE} - ${CMAKE_CURRENT_SOURCE_DIR}/../tests/scripts/generate_ecp_tests.py + ${CMAKE_CURRENT_SOURCE_DIR}/../framework/scripts/generate_ecp_tests.py --list-for-cmake WORKING_DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR}/.. @@ -45,7 +45,7 @@ string(REGEX REPLACE "[^;]*/" "" execute_process( COMMAND ${MBEDTLS_PYTHON_EXECUTABLE} - ${CMAKE_CURRENT_SOURCE_DIR}/../tests/scripts/generate_psa_tests.py + ${CMAKE_CURRENT_SOURCE_DIR}/../framework/scripts/generate_psa_tests.py --list-for-cmake WORKING_DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR}/.. @@ -81,10 +81,10 @@ if(GEN_FILES) ${CMAKE_CURRENT_SOURCE_DIR}/.. COMMAND ${MBEDTLS_PYTHON_EXECUTABLE} - ${CMAKE_CURRENT_SOURCE_DIR}/../tests/scripts/generate_bignum_tests.py + ${CMAKE_CURRENT_SOURCE_DIR}/../framework/scripts/generate_bignum_tests.py --directory ${CMAKE_CURRENT_BINARY_DIR}/suites DEPENDS - ${CMAKE_CURRENT_SOURCE_DIR}/../tests/scripts/generate_bignum_tests.py + ${CMAKE_CURRENT_SOURCE_DIR}/../framework/scripts/generate_bignum_tests.py ${CMAKE_CURRENT_SOURCE_DIR}/../framework/scripts/mbedtls_framework/bignum_common.py ${CMAKE_CURRENT_SOURCE_DIR}/../framework/scripts/mbedtls_framework/bignum_core.py ${CMAKE_CURRENT_SOURCE_DIR}/../framework/scripts/mbedtls_framework/bignum_mod_raw.py @@ -99,10 +99,10 @@ if(GEN_FILES) ${CMAKE_CURRENT_SOURCE_DIR}/.. COMMAND ${MBEDTLS_PYTHON_EXECUTABLE} - ${CMAKE_CURRENT_SOURCE_DIR}/../tests/scripts/generate_ecp_tests.py + ${CMAKE_CURRENT_SOURCE_DIR}/../framework/scripts/generate_ecp_tests.py --directory ${CMAKE_CURRENT_BINARY_DIR}/suites DEPENDS - ${CMAKE_CURRENT_SOURCE_DIR}/../tests/scripts/generate_ecp_tests.py + ${CMAKE_CURRENT_SOURCE_DIR}/../framework/scripts/generate_ecp_tests.py ${CMAKE_CURRENT_SOURCE_DIR}/../framework/scripts/mbedtls_framework/bignum_common.py ${CMAKE_CURRENT_SOURCE_DIR}/../framework/scripts/mbedtls_framework/ecp.py ${CMAKE_CURRENT_SOURCE_DIR}/../framework/scripts/mbedtls_framework/test_case.py @@ -115,10 +115,10 @@ if(GEN_FILES) ${CMAKE_CURRENT_SOURCE_DIR}/.. COMMAND ${MBEDTLS_PYTHON_EXECUTABLE} - ${CMAKE_CURRENT_SOURCE_DIR}/../tests/scripts/generate_psa_tests.py + ${CMAKE_CURRENT_SOURCE_DIR}/../framework/scripts/generate_psa_tests.py --directory ${CMAKE_CURRENT_BINARY_DIR}/suites DEPENDS - ${CMAKE_CURRENT_SOURCE_DIR}/../tests/scripts/generate_psa_tests.py + ${CMAKE_CURRENT_SOURCE_DIR}/../framework/scripts/generate_psa_tests.py ${CMAKE_CURRENT_SOURCE_DIR}/../framework/scripts/mbedtls_framework/crypto_data_tests.py ${CMAKE_CURRENT_SOURCE_DIR}/../framework/scripts/mbedtls_framework/crypto_knowledge.py ${CMAKE_CURRENT_SOURCE_DIR}/../framework/scripts/mbedtls_framework/macro_collector.py @@ -220,7 +220,7 @@ function(add_test_suite suite_name) test_suite_${data_name}.c COMMAND ${MBEDTLS_PYTHON_EXECUTABLE} - ${CMAKE_CURRENT_SOURCE_DIR}/scripts/generate_test_code.py + ${CMAKE_CURRENT_SOURCE_DIR}/../framework/scripts/generate_test_code.py -f ${CMAKE_CURRENT_SOURCE_DIR}/suites/test_suite_${suite_name}.function -d ${data_file} -t ${CMAKE_CURRENT_SOURCE_DIR}/suites/main_test.function @@ -229,7 +229,7 @@ function(add_test_suite suite_name) --helpers-file ${CMAKE_CURRENT_SOURCE_DIR}/suites/helpers.function -o . DEPENDS - ${CMAKE_CURRENT_SOURCE_DIR}/scripts/generate_test_code.py + ${CMAKE_CURRENT_SOURCE_DIR}/../framework/scripts/generate_test_code.py ${CMAKE_CURRENT_SOURCE_DIR}/suites/test_suite_${suite_name}.function ${data_file} ${CMAKE_CURRENT_SOURCE_DIR}/suites/main_test.function diff --git a/tests/Makefile b/tests/Makefile index b7429ac33f..1d5c76823c 100644 --- a/tests/Makefile +++ b/tests/Makefile @@ -18,25 +18,25 @@ endif .PHONY: generated_files GENERATED_BIGNUM_DATA_FILES := $(patsubst tests/%,%,$(shell \ - $(PYTHON) scripts/generate_bignum_tests.py --list || \ + $(PYTHON) ../framework/scripts/generate_bignum_tests.py --list || \ echo FAILED \ )) ifeq ($(GENERATED_BIGNUM_DATA_FILES),FAILED) -$(error "$(PYTHON) scripts/generate_bignum_tests.py --list" failed) +$(error "$(PYTHON) ../framework/scripts/generate_bignum_tests.py --list" failed) endif GENERATED_ECP_DATA_FILES := $(patsubst tests/%,%,$(shell \ - $(PYTHON) scripts/generate_ecp_tests.py --list || \ + $(PYTHON) ../framework/scripts/generate_ecp_tests.py --list || \ echo FAILED \ )) ifeq ($(GENERATED_ECP_DATA_FILES),FAILED) -$(error "$(PYTHON) scripts/generate_ecp_tests.py --list" failed) +$(error "$(PYTHON) ../framework/scripts/generate_ecp_tests.py --list" failed) endif GENERATED_PSA_DATA_FILES := $(patsubst tests/%,%,$(shell \ - $(PYTHON) scripts/generate_psa_tests.py --list || \ + $(PYTHON) ../framework/scripts/generate_psa_tests.py --list || \ echo FAILED \ )) ifeq ($(GENERATED_PSA_DATA_FILES),FAILED) -$(error "$(PYTHON) scripts/generate_psa_tests.py --list" failed) +$(error "$(PYTHON) ../framework/scripts/generate_psa_tests.py --list" failed) endif GENERATED_FILES := $(GENERATED_PSA_DATA_FILES) $(GENERATED_ECP_DATA_FILES) $(GENERATED_BIGNUM_DATA_FILES) generated_files: $(GENERATED_FILES) src/test_keys.h src/test_certs.h @@ -49,7 +49,7 @@ generated_files: $(GENERATED_FILES) src/test_keys.h src/test_certs.h # a separate instance of the recipe for each output file. .SECONDARY: generated_bignum_test_data generated_ecp_test_data generated_psa_test_data $(GENERATED_BIGNUM_DATA_FILES): $(gen_file_dep) generated_bignum_test_data -generated_bignum_test_data: scripts/generate_bignum_tests.py +generated_bignum_test_data: ../framework/scripts/generate_bignum_tests.py generated_bignum_test_data: ../framework/scripts/mbedtls_framework/bignum_common.py generated_bignum_test_data: ../framework/scripts/mbedtls_framework/bignum_core.py generated_bignum_test_data: ../framework/scripts/mbedtls_framework/bignum_mod_raw.py @@ -58,20 +58,20 @@ generated_bignum_test_data: ../framework/scripts/mbedtls_framework/test_case.py generated_bignum_test_data: ../framework/scripts/mbedtls_framework/test_data_generation.py generated_bignum_test_data: echo " Gen $(GENERATED_BIGNUM_DATA_FILES)" - $(PYTHON) scripts/generate_bignum_tests.py + $(PYTHON) ../framework/scripts/generate_bignum_tests.py $(GENERATED_ECP_DATA_FILES): $(gen_file_dep) generated_ecp_test_data -generated_ecp_test_data: scripts/generate_ecp_tests.py +generated_ecp_test_data: ../framework/scripts/generate_ecp_tests.py generated_ecp_test_data: ../framework/scripts/mbedtls_framework/bignum_common.py generated_ecp_test_data: ../framework/scripts/mbedtls_framework/ecp.py generated_ecp_test_data: ../framework/scripts/mbedtls_framework/test_case.py generated_ecp_test_data: ../framework/scripts/mbedtls_framework/test_data_generation.py generated_ecp_test_data: echo " Gen $(GENERATED_ECP_DATA_FILES)" - $(PYTHON) scripts/generate_ecp_tests.py + $(PYTHON) ../framework/scripts/generate_ecp_tests.py $(GENERATED_PSA_DATA_FILES): $(gen_file_dep) generated_psa_test_data -generated_psa_test_data: scripts/generate_psa_tests.py +generated_psa_test_data: ../framework/scripts/generate_psa_tests.py generated_psa_test_data: ../framework/scripts/mbedtls_framework/crypto_data_tests.py generated_psa_test_data: ../framework/scripts/mbedtls_framework/crypto_knowledge.py generated_psa_test_data: ../framework/scripts/mbedtls_framework/macro_collector.py @@ -90,7 +90,7 @@ generated_psa_test_data: ../include/psa/crypto_extra.h generated_psa_test_data: suites/test_suite_psa_crypto_metadata.data generated_psa_test_data: echo " Gen $(GENERATED_PSA_DATA_FILES) ..." - $(PYTHON) scripts/generate_psa_tests.py + $(PYTHON) ../framework/scripts/generate_psa_tests.py # A test application is built for each suites/test_suite_*.data file. # Application name is same as .data file's base name and can be @@ -112,12 +112,12 @@ all: $(BINARIES) mbedtls_test: $(MBEDTLS_TEST_OBJS) -src/test_certs.h: scripts/generate_test_cert_macros.py \ - $($(PYTHON) scripts/generate_test_cert_macros.py --list-dependencies) - $(PYTHON) scripts/generate_test_cert_macros.py --output $@ +src/test_certs.h: ../framework/scripts/generate_test_cert_macros.py \ + $($(PYTHON) ../framework/scripts/generate_test_cert_macros.py --list-dependencies) + $(PYTHON) ../framework/scripts/generate_test_cert_macros.py --output $@ -src/test_keys.h: scripts/generate_test_keys.py - $(PYTHON) scripts/generate_test_keys.py --output $@ +src/test_keys.h: ../framework/scripts/generate_test_keys.py + $(PYTHON) ../framework/scripts/generate_test_keys.py --output $@ TEST_OBJS_DEPS = $(wildcard include/test/*.h include/test/*/*.h) ifdef RECORD_PSA_STATUS_COVERAGE_LOG @@ -159,9 +159,9 @@ c: $(C_FILES) # dot in .c file's base name. # .SECONDEXPANSION: -%.c: suites/$$(firstword $$(subst ., ,$$*)).function suites/%.data scripts/generate_test_code.py suites/helpers.function suites/main_test.function suites/host_test.function +%.c: suites/$$(firstword $$(subst ., ,$$*)).function suites/%.data ../framework/scripts/generate_test_code.py suites/helpers.function suites/main_test.function suites/host_test.function echo " Gen $@" - $(PYTHON) scripts/generate_test_code.py -f suites/$(firstword $(subst ., ,$*)).function \ + $(PYTHON) ../framework/scripts/generate_test_code.py -f suites/$(firstword $(subst ., ,$*)).function \ -d suites/$*.data \ -t suites/main_test.function \ -p suites/host_test.function \ diff --git a/tests/data_files/test_certs.h.jinja2 b/tests/data_files/test_certs.h.jinja2 index f2657d883f..c420c7964b 100644 --- a/tests/data_files/test_certs.h.jinja2 +++ b/tests/data_files/test_certs.h.jinja2 @@ -5,7 +5,7 @@ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ -/* THIS FILE is generated by `tests/scripts/generate_test_cert_macros.py` */ +/* THIS FILE is generated by `framework/scripts/generate_test_cert_macros.py` */ /* *INDENT-OFF* */ {% for mode, name, value in macros %} diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 4f0e9bba14..9e5fd0c69a 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -6205,7 +6205,7 @@ component_check_test_helpers () { # unittest writes out mundane stuff like number or tests run on stderr. # Our convention is to reserve stderr for actual errors, and write # harmless info on stdout so it can be suppress with --quiet. - ./tests/scripts/test_generate_test_code.py 2>&1 + ./framework/scripts/test_generate_test_code.py 2>&1 msg "unit test: translate_ciphers.py" python3 -m unittest tests/scripts/translate_ciphers.py 2>&1 diff --git a/tests/scripts/check-generated-files.sh b/tests/scripts/check-generated-files.sh index 049721bf1d..e740f33865 100755 --- a/tests/scripts/check-generated-files.sh +++ b/tests/scripts/check-generated-files.sh @@ -128,10 +128,10 @@ check() # These checks are common to Mbed TLS and TF-PSA-Crypto check scripts/generate_psa_constants.py programs/psa/psa_constant_names_generated.c -check tests/scripts/generate_bignum_tests.py $(tests/scripts/generate_bignum_tests.py --list) -check tests/scripts/generate_ecp_tests.py $(tests/scripts/generate_ecp_tests.py --list) -check tests/scripts/generate_psa_tests.py $(tests/scripts/generate_psa_tests.py --list) -check tests/scripts/generate_test_keys.py tests/src/test_keys.h +check framework/scripts/generate_bignum_tests.py $(framework/scripts/generate_bignum_tests.py --list) +check framework/scripts/generate_ecp_tests.py $(framework/scripts/generate_ecp_tests.py --list) +check framework/scripts/generate_psa_tests.py $(framework/scripts/generate_psa_tests.py --list) +check framework/scripts/generate_test_keys.py tests/src/test_keys.h check scripts/generate_driver_wrappers.py $library_dir/psa_crypto_driver_wrappers.h $library_dir/psa_crypto_driver_wrappers_no_static.c # Additional checks for Mbed TLS only @@ -140,7 +140,7 @@ if in_mbedtls_repo; then check scripts/generate_query_config.pl programs/test/query_config.c check scripts/generate_features.pl library/version_features.c check scripts/generate_ssl_debug_helpers.py library/ssl_debug_helpers_generated.c - check tests/scripts/generate_test_cert_macros.py tests/src/test_certs.h + check framework/scripts/generate_test_cert_macros.py tests/src/test_certs.h # generate_visualc_files enumerates source files (library/*.c). It doesn't # care about their content, but the files must exist. So it must run after # the step that creates or updates these files. @@ -150,4 +150,4 @@ fi # Generated files that are present in the repository even in the development # branch. (This is intended to be temporary, until the generator scripts are # fully reviewed and the build scripts support a generated header file.) -check tests/scripts/generate_psa_wrappers.py tests/include/test/psa_test_wrappers.h tests/src/psa_test_wrappers.c +check framework/scripts/generate_psa_wrappers.py tests/include/test/psa_test_wrappers.h tests/src/psa_test_wrappers.c diff --git a/tests/suites/test_suite_pk.function b/tests/suites/test_suite_pk.function index 1188137b33..23f5cdabd5 100644 --- a/tests/suites/test_suite_pk.function +++ b/tests/suites/test_suite_pk.function @@ -243,7 +243,7 @@ psa_status_t pk_psa_import_key(const unsigned char *key_data, size_t key_len, /** Setup the provided PK context. * * Predefined keys used for the setup are taken from "test/src/test_keys.h" - * which is automatically generated using "tests/scripts/generate_test_keys.py". + * which is automatically generated using "framework/scripts/generate_test_keys.py". * * \param pk The PK object to fill. It must have been initialized * (mbedtls_pk_init()), but not setup (mbedtls_pk_setup()). From ce7af0479572365edef9da2ddf663edfb883140e Mon Sep 17 00:00:00 2001 From: David Horstmann Date: Wed, 29 May 2024 18:03:31 +0100 Subject: [PATCH 289/429] Update framework submodule Signed-off-by: David Horstmann --- framework | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/framework b/framework index e156a8eb8e..7231e5e9c1 160000 --- a/framework +++ b/framework @@ -1 +1 @@ -Subproject commit e156a8eb8e6db88cdf0a3041fc7f645131eab16d +Subproject commit 7231e5e9c180b0e30eb28a5d7a2223c9b1975d52 From 351efa0ece0f6c051807d42e763b670c9cf22a79 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Mon, 3 Jun 2024 07:05:23 +0200 Subject: [PATCH 290/429] crypto.h: fix documentation for some functions Some functions has input parameters which are erroneously reported as "param[out]" in the documentation. This commit fixes them. Signed-off-by: Valerio Setti --- include/psa/crypto.h | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/include/psa/crypto.h b/include/psa/crypto.h index 7083bd911b..f9db4ddade 100644 --- a/include/psa/crypto.h +++ b/include/psa/crypto.h @@ -871,7 +871,7 @@ psa_status_t psa_hash_compute(psa_algorithm_t alg, * such that #PSA_ALG_IS_HASH(\p alg) is true). * \param[in] input Buffer containing the message to hash. * \param input_length Size of the \p input buffer in bytes. - * \param[out] hash Buffer containing the expected hash value. + * \param[in] hash Buffer containing the expected hash value. * \param hash_length Size of the \p hash buffer in bytes. * * \retval #PSA_SUCCESS @@ -1224,7 +1224,7 @@ psa_status_t psa_mac_compute(mbedtls_svc_key_id_t key, * such that #PSA_ALG_IS_MAC(\p alg) is true). * \param[in] input Buffer containing the input message. * \param input_length Size of the \p input buffer in bytes. - * \param[out] mac Buffer containing the expected MAC value. + * \param[in] mac Buffer containing the expected MAC value. * \param mac_length Size of the \p mac buffer in bytes. * * \retval #PSA_SUCCESS @@ -2910,7 +2910,7 @@ psa_status_t psa_sign_message(mbedtls_svc_key_id_t key, * \p key. * \param[in] input The message whose signature is to be verified. * \param[in] input_length Size of the \p input buffer in bytes. - * \param[out] signature Buffer containing the signature to verify. + * \param[in] signature Buffer containing the signature to verify. * \param[in] signature_length Size of the \p signature buffer in bytes. * * \retval #PSA_SUCCESS \emptydescription From fd59a0616580c548b6287e4ca0fac500266738b8 Mon Sep 17 00:00:00 2001 From: David Horstmann Date: Mon, 3 Jun 2024 18:18:49 +0100 Subject: [PATCH 291/429] Update to latest framework Signed-off-by: David Horstmann --- framework | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/framework b/framework index 7231e5e9c1..623c1b4532 160000 --- a/framework +++ b/framework @@ -1 +1 @@ -Subproject commit 7231e5e9c180b0e30eb28a5d7a2223c9b1975d52 +Subproject commit 623c1b4532e8de64a5d82ea84a7496e64c370d15 From a9d4ef0998a0b77108b906bbbec1d9ac65679b53 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 3 Jun 2024 22:16:23 +0200 Subject: [PATCH 292/429] Fix uint32_t printed as unsigned int This is ok in practice since we don't support 16-bit platforms, but it makes `arm-none-eabi-gcc-10 -mthumb -Wformat` complain. Signed-off-by: Gilles Peskine --- library/ssl_tls13_generic.c | 9 ++++++--- library/ssl_tls13_server.c | 5 +++-- 2 files changed, 9 insertions(+), 5 deletions(-) diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c index 3be6db78fc..529cbb9932 100644 --- a/library/ssl_tls13_generic.c +++ b/library/ssl_tls13_generic.c @@ -1484,9 +1484,12 @@ int mbedtls_ssl_tls13_check_early_data_len(mbedtls_ssl_context *ssl, ssl->total_early_data_size)) { MBEDTLS_SSL_DEBUG_MSG( - 2, ("EarlyData: Too much early data received, %u + %" MBEDTLS_PRINTF_SIZET " > %u", - ssl->total_early_data_size, early_data_len, - ssl->session_negotiate->max_early_data_size)); + 2, ("EarlyData: Too much early data received, " + "%" MBEDTLS_PRINTF_SIZET " + %" MBEDTLS_PRINTF_SIZET + " > %" MBEDTLS_PRINTF_SIZET, + (size_t) ssl->total_early_data_size, + early_data_len, + (size_t) ssl->session_negotiate->max_early_data_size)); MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_UNEXPECTED_MESSAGE, diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c index 6fe8caeca4..f5ef92032b 100644 --- a/library/ssl_tls13_server.c +++ b/library/ssl_tls13_server.c @@ -92,8 +92,9 @@ static void ssl_tls13_select_ciphersuite( return; } - MBEDTLS_SSL_DEBUG_MSG(2, ("No matched ciphersuite, psk_ciphersuite_id=%x, psk_hash_alg=%x", - (unsigned) psk_ciphersuite_id, psk_hash_alg)); + MBEDTLS_SSL_DEBUG_MSG(2, ("No matched ciphersuite, psk_ciphersuite_id=%x, psk_hash_alg=%lx", + (unsigned) psk_ciphersuite_id, + (unsigned long) psk_hash_alg)); } #if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED) From 69770aaa7b69deb45ed45e91520b9efdd4dcdaa3 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 4 Jun 2024 08:45:58 +0200 Subject: [PATCH 293/429] Use unsigned long rather than size_t for format string readability Signed-off-by: Gilles Peskine --- library/ssl_tls13_generic.c | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c index 529cbb9932..8ac6579e05 100644 --- a/library/ssl_tls13_generic.c +++ b/library/ssl_tls13_generic.c @@ -1485,11 +1485,10 @@ int mbedtls_ssl_tls13_check_early_data_len(mbedtls_ssl_context *ssl, MBEDTLS_SSL_DEBUG_MSG( 2, ("EarlyData: Too much early data received, " - "%" MBEDTLS_PRINTF_SIZET " + %" MBEDTLS_PRINTF_SIZET - " > %" MBEDTLS_PRINTF_SIZET, - (size_t) ssl->total_early_data_size, + "%lu + %" MBEDTLS_PRINTF_SIZET " > %lu", + (unsigned long) ssl->total_early_data_size, early_data_len, - (size_t) ssl->session_negotiate->max_early_data_size)); + (unsigned long) ssl->session_negotiate->max_early_data_size)); MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_UNEXPECTED_MESSAGE, From 330680e9fe24f3bd0aa65eacf3e657ccf539a562 Mon Sep 17 00:00:00 2001 From: David Horstmann Date: Thu, 6 Jun 2024 15:25:10 +0100 Subject: [PATCH 294/429] Allow code_style.py to work from a git hook When running a git hook, git sets certain environment variables (such as GIT_INDEX_FILE) which force git to look at the main repository, overriding other options. This trips up code_style.py whenever it tries to run a git command on the framework submodule. Fix this by explicitly clearing git-related environment-variables before running git commands on the framework. This is recommended by git's documentation[1]: > Environment variables, such as GIT_DIR, GIT_WORK_TREE, etc., are > exported so that Git commands run by the hook can correctly locate > the repository. If your hook needs to invoke Git commands in a > foreign repository or in a different working tree of the same > repository, then it should clear these environment variables so > they do not interfere with Git operations at the foreign location. [1] https://git-scm.com/docs/githooks Signed-off-by: David Horstmann --- scripts/code_style.py | 25 ++++++++++++++++++++++--- 1 file changed, 22 insertions(+), 3 deletions(-) diff --git a/scripts/code_style.py b/scripts/code_style.py index 9e3c75142a..937e464868 100755 --- a/scripts/code_style.py +++ b/scripts/code_style.py @@ -75,8 +75,25 @@ def get_src_files(since: Optional[str]) -> List[str]: output = subprocess.check_output(["git", "ls-files"] + file_patterns, universal_newlines=True) src_files = output.split() + + # When this script is called from a git hook, some environment variables + # are set by default which force all git commands to use the main repository + # (i.e. prevent us from performing commands on the framework repo). + # Create an environment without these variables for running commands on the + # framework repo. + framework_env = os.environ.copy() + # Get a list of environment vars that git sets + git_env_vars = subprocess.check_output(["git", "rev-parse", "--local-env-vars"], + universal_newlines=True) + git_env_vars = git_env_vars.split() + # Remove the vars from the environment + for var in git_env_vars: + framework_env.pop(var, None) + output = subprocess.check_output(["git", "-C", "framework", "ls-files"] - + file_patterns, universal_newlines=True) + + file_patterns, + universal_newlines=True, + env=framework_env) framework_src_files = output.split() if since: @@ -89,7 +106,8 @@ def get_src_files(since: Optional[str]) -> List[str]: # ... the framework submodule cmd = ["git", "-C", "framework", "log", since + "..HEAD", "--name-only", "--pretty=", "--"] + framework_src_files - output = subprocess.check_output(cmd, universal_newlines=True) + output = subprocess.check_output(cmd, universal_newlines=True, + env=framework_env) committed_changed_files += ["framework/" + s for s in output.split()] # and also get all files with uncommitted changes in ... @@ -100,7 +118,8 @@ def get_src_files(since: Optional[str]) -> List[str]: # ... the framework submodule cmd = ["git", "-C", "framework", "diff", "--name-only", "--"] + \ framework_src_files - output = subprocess.check_output(cmd, universal_newlines=True) + output = subprocess.check_output(cmd, universal_newlines=True, + env=framework_env) uncommitted_changed_files += ["framework/" + s for s in output.split()] src_files = committed_changed_files + uncommitted_changed_files From f8bbc2d53212aff06ffe73635e2815a956196e04 Mon Sep 17 00:00:00 2001 From: David Horstmann Date: Thu, 6 Jun 2024 16:16:31 +0100 Subject: [PATCH 295/429] Remove multi-type variable Signed-off-by: David Horstmann --- scripts/code_style.py | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/scripts/code_style.py b/scripts/code_style.py index 937e464868..d3f89d9130 100755 --- a/scripts/code_style.py +++ b/scripts/code_style.py @@ -85,9 +85,8 @@ def get_src_files(since: Optional[str]) -> List[str]: # Get a list of environment vars that git sets git_env_vars = subprocess.check_output(["git", "rev-parse", "--local-env-vars"], universal_newlines=True) - git_env_vars = git_env_vars.split() # Remove the vars from the environment - for var in git_env_vars: + for var in git_env_vars.split(): framework_env.pop(var, None) output = subprocess.check_output(["git", "-C", "framework", "ls-files"] From 8493452d6f555cecbcfc83ef514b4a3912cc1815 Mon Sep 17 00:00:00 2001 From: David Horstmann Date: Tue, 4 Jun 2024 16:19:14 +0100 Subject: [PATCH 296/429] Extend python checks to framework scripts Signed-off-by: David Horstmann --- tests/scripts/check-python-files.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/scripts/check-python-files.sh b/tests/scripts/check-python-files.sh index 32b5baf5cd..77102ba50c 100755 --- a/tests/scripts/check-python-files.sh +++ b/tests/scripts/check-python-files.sh @@ -55,14 +55,14 @@ elif [ "$1" = "--can-mypy" ]; then fi echo 'Running pylint ...' -$PYTHON -m pylint framework/scripts/mbedtls_framework/*.py scripts/*.py tests/scripts/*.py || { +$PYTHON -m pylint framework/scripts/*.py framework/scripts/mbedtls_framework/*.py scripts/*.py tests/scripts/*.py || { echo >&2 "pylint reported errors" ret=1 } echo echo 'Running mypy ...' -$PYTHON -m mypy framework/scripts/mbedtls_framework/*.py scripts/*.py tests/scripts/*.py || +$PYTHON -m mypy framework/scripts/*.py framework/scripts/mbedtls_framework/*.py scripts/*.py tests/scripts/*.py || ret=1 exit $ret From e7a2230df7e9468f3a276edabe20a0705a492940 Mon Sep 17 00:00:00 2001 From: Tom Cosgrove Date: Mon, 10 Jun 2024 13:43:41 +0100 Subject: [PATCH 297/429] Correctly build client-side code that's to be run under the PSA crypto sim Signed-off-by: Tom Cosgrove --- tests/psa-client-server/psasim/Makefile | 4 +++- .../psasim/src/psa_sim_client_config_adjust.h | 14 ++++++++++++++ 2 files changed, 17 insertions(+), 1 deletion(-) create mode 100644 tests/psa-client-server/psasim/src/psa_sim_client_config_adjust.h diff --git a/tests/psa-client-server/psasim/Makefile b/tests/psa-client-server/psasim/Makefile index 06d3059b4b..b9ec3ad742 100644 --- a/tests/psa-client-server/psasim/Makefile +++ b/tests/psa-client-server/psasim/Makefile @@ -24,6 +24,8 @@ PSA_CLIENT_SRC = src/psa_ff_client.c \ src/psa_sim_crypto_client.c \ src/psa_sim_serialise.c +PSA_CLIENT_DEFS = -Isrc -DMBEDTLS_USER_CONFIG_FILE='"psa_sim_client_config_adjust.h"' + PARTITION_SERVER_BOOTSTRAP = src/psa_ff_bootstrap_TEST_PARTITION.c PSA_SERVER_SRC = $(PARTITION_SERVER_BOOTSTRAP) \ @@ -39,7 +41,7 @@ test/seedfile: dd if=/dev/urandom of=./test/seedfile bs=64 count=1 test/psa_client: $(PSA_CLIENT_SRC) $(GENERATED_H_FILES) - $(CC) $(COMMON_INCLUDE) $(CFLAGS) $(PSA_CLIENT_SRC) $(LIBPSACLIENT) $(LDFLAGS) -o $@ + $(CC) $(COMMON_INCLUDE) $(CFLAGS) $(PSA_CLIENT_DEFS) $(PSA_CLIENT_SRC) $(LIBPSACLIENT) $(LDFLAGS) -o $@ test/psa_partition: $(PSA_SERVER_SRC) $(GENERATED_H_FILES) test/seedfile $(CC) $(COMMON_INCLUDE) $(CFLAGS) $(PSA_SERVER_SRC) $(LIBPSASERVER) $(LDFLAGS) -o $@ diff --git a/tests/psa-client-server/psasim/src/psa_sim_client_config_adjust.h b/tests/psa-client-server/psasim/src/psa_sim_client_config_adjust.h new file mode 100644 index 0000000000..3640c2a2fe --- /dev/null +++ b/tests/psa-client-server/psasim/src/psa_sim_client_config_adjust.h @@ -0,0 +1,14 @@ +/** + * \file psa_sim_client_config_adjust.h + * + * \brief User config file for client-side code to be run under PSA simulator + */ + +/* + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + */ + +#define MBEDTLS_PSA_CRYPTO_CLIENT +#undef MBEDTLS_PSA_CRYPTO_C +#undef MBEDTLS_PSA_CRYPTO_STORAGE_C From d6048a459c1c9bc1ff9cde27dadf7a9966d14a26 Mon Sep 17 00:00:00 2001 From: Tom Cosgrove Date: Mon, 10 Jun 2024 13:53:08 +0100 Subject: [PATCH 298/429] We want the PSA hash code if MBEDTLS_PSA_CRYPTO_CLIENT && !MBEDTLS_PSA_CRYPTO_C Signed-off-by: Tom Cosgrove --- programs/psa/psa_hash.c | 5 +++-- tests/psa-client-server/psasim/src/aut_psa_hash_compute.c | 5 +++-- 2 files changed, 6 insertions(+), 4 deletions(-) diff --git a/programs/psa/psa_hash.c b/programs/psa/psa_hash.c index c5244d6d40..6c2c07e062 100644 --- a/programs/psa/psa_hash.c +++ b/programs/psa/psa_hash.c @@ -30,11 +30,12 @@ * If you switch to a different algorithm you will need to update * the hash data in the EXAMPLE_HASH_VALUE macro below. */ -#if !defined(MBEDTLS_PSA_CRYPTO_C) || !defined(PSA_WANT_ALG_SHA_256) +#if !defined(MBEDTLS_PSA_CRYPTO_CLIENT) && \ + (!defined(MBEDTLS_PSA_CRYPTO_C) || !defined(PSA_WANT_ALG_SHA_256)) int main(void) { mbedtls_printf("MBEDTLS_PSA_CRYPTO_C and PSA_WANT_ALG_SHA_256" - "not defined.\r\n"); + "not defined, and not MBEDTLS_PSA_CRYPTO_CLIENT.\r\n"); return EXIT_SUCCESS; } #else diff --git a/tests/psa-client-server/psasim/src/aut_psa_hash_compute.c b/tests/psa-client-server/psasim/src/aut_psa_hash_compute.c index 519c0721f7..70c3e5be4f 100644 --- a/tests/psa-client-server/psasim/src/aut_psa_hash_compute.c +++ b/tests/psa-client-server/psasim/src/aut_psa_hash_compute.c @@ -32,11 +32,12 @@ * If you switch to a different algorithm you will need to update * the hash data in the EXAMPLE_HASH_VALUE macro below. */ -#if !defined(MBEDTLS_PSA_CRYPTO_C) || !defined(PSA_WANT_ALG_SHA_256) +#if !defined(MBEDTLS_PSA_CRYPTO_CLIENT) && \ + (!defined(MBEDTLS_PSA_CRYPTO_C) || !defined(PSA_WANT_ALG_SHA_256)) int main(void) { mbedtls_printf("MBEDTLS_PSA_CRYPTO_C and PSA_WANT_ALG_SHA_256" - "not defined.\r\n"); + "not defined, and not MBEDTLS_PSA_CRYPTO_CLIENT.\r\n"); return EXIT_SUCCESS; } #else From 517f4a1b4d75af033d192ed67c80cf1a39f5f9fe Mon Sep 17 00:00:00 2001 From: Tom Cosgrove Date: Mon, 10 Jun 2024 14:08:04 +0100 Subject: [PATCH 299/429] Store operation_ts on PSA sim server side; only send handle to client Signed-off-by: Tom Cosgrove --- .../psasim/src/psa_sim_crypto_server.c | 66 +++++------ .../psasim/src/psa_sim_serialise.c | 107 ++++++++++++++++++ .../psasim/src/psa_sim_serialise.h | 10 ++ 3 files changed, 150 insertions(+), 33 deletions(-) diff --git a/tests/psa-client-server/psasim/src/psa_sim_crypto_server.c b/tests/psa-client-server/psasim/src/psa_sim_crypto_server.c index 919eb84419..e511c74fa2 100644 --- a/tests/psa-client-server/psasim/src/psa_sim_crypto_server.c +++ b/tests/psa-client-server/psasim/src/psa_sim_crypto_server.c @@ -72,7 +72,7 @@ int psa_hash_abort_wrapper( uint8_t **out_params, size_t *out_params_len) { psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - psa_hash_operation_t operation; + psa_hash_operation_t *operation; uint8_t *pos = in_params; size_t remaining = in_params_len; @@ -84,7 +84,7 @@ int psa_hash_abort_wrapper( goto fail; } - ok = psasim_deserialise_psa_hash_operation_t(&pos, &remaining, &operation); + ok = psasim_server_deserialise_psa_hash_operation_t(&pos, &remaining, &operation); if (!ok) { goto fail; } @@ -92,14 +92,14 @@ int psa_hash_abort_wrapper( // Now we call the actual target function status = psa_hash_abort( - &operation + operation ); // NOTE: Should really check there is no overflow as we go along. size_t result_size = psasim_serialise_begin_needs() + psasim_serialise_psa_status_t_needs(status) + - psasim_serialise_psa_hash_operation_t_needs(operation); + psasim_server_serialise_psa_hash_operation_t_needs(operation); result = malloc(result_size); if (result == NULL) { @@ -119,7 +119,7 @@ int psa_hash_abort_wrapper( goto fail; } - ok = psasim_serialise_psa_hash_operation_t(&rpos, &rremain, operation); + ok = psasim_server_serialise_psa_hash_operation_t(&rpos, &rremain, operation); if (!ok) { goto fail; } @@ -141,8 +141,8 @@ int psa_hash_clone_wrapper( uint8_t **out_params, size_t *out_params_len) { psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - psa_hash_operation_t source_operation; - psa_hash_operation_t target_operation; + psa_hash_operation_t *source_operation; + psa_hash_operation_t *target_operation; uint8_t *pos = in_params; size_t remaining = in_params_len; @@ -154,12 +154,12 @@ int psa_hash_clone_wrapper( goto fail; } - ok = psasim_deserialise_psa_hash_operation_t(&pos, &remaining, &source_operation); + ok = psasim_server_deserialise_psa_hash_operation_t(&pos, &remaining, &source_operation); if (!ok) { goto fail; } - ok = psasim_deserialise_psa_hash_operation_t(&pos, &remaining, &target_operation); + ok = psasim_server_deserialise_psa_hash_operation_t(&pos, &remaining, &target_operation); if (!ok) { goto fail; } @@ -167,15 +167,15 @@ int psa_hash_clone_wrapper( // Now we call the actual target function status = psa_hash_clone( - &source_operation, - &target_operation + source_operation, + target_operation ); // NOTE: Should really check there is no overflow as we go along. size_t result_size = psasim_serialise_begin_needs() + psasim_serialise_psa_status_t_needs(status) + - psasim_serialise_psa_hash_operation_t_needs(target_operation); + psasim_server_serialise_psa_hash_operation_t_needs(target_operation); result = malloc(result_size); if (result == NULL) { @@ -195,7 +195,7 @@ int psa_hash_clone_wrapper( goto fail; } - ok = psasim_serialise_psa_hash_operation_t(&rpos, &rremain, target_operation); + ok = psasim_server_serialise_psa_hash_operation_t(&rpos, &rremain, target_operation); if (!ok) { goto fail; } @@ -406,7 +406,7 @@ int psa_hash_finish_wrapper( uint8_t **out_params, size_t *out_params_len) { psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - psa_hash_operation_t operation; + psa_hash_operation_t *operation; uint8_t *hash = NULL; size_t hash_size; size_t hash_length; @@ -421,7 +421,7 @@ int psa_hash_finish_wrapper( goto fail; } - ok = psasim_deserialise_psa_hash_operation_t(&pos, &remaining, &operation); + ok = psasim_server_deserialise_psa_hash_operation_t(&pos, &remaining, &operation); if (!ok) { goto fail; } @@ -439,7 +439,7 @@ int psa_hash_finish_wrapper( // Now we call the actual target function status = psa_hash_finish( - &operation, + operation, hash, hash_size, &hash_length ); @@ -448,7 +448,7 @@ int psa_hash_finish_wrapper( size_t result_size = psasim_serialise_begin_needs() + psasim_serialise_psa_status_t_needs(status) + - psasim_serialise_psa_hash_operation_t_needs(operation) + + psasim_server_serialise_psa_hash_operation_t_needs(operation) + psasim_serialise_buffer_needs(hash, hash_size) + psasim_serialise_size_t_needs(hash_length); @@ -470,7 +470,7 @@ int psa_hash_finish_wrapper( goto fail; } - ok = psasim_serialise_psa_hash_operation_t(&rpos, &rremain, operation); + ok = psasim_server_serialise_psa_hash_operation_t(&rpos, &rremain, operation); if (!ok) { goto fail; } @@ -506,7 +506,7 @@ int psa_hash_setup_wrapper( uint8_t **out_params, size_t *out_params_len) { psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - psa_hash_operation_t operation; + psa_hash_operation_t *operation; psa_algorithm_t alg; uint8_t *pos = in_params; @@ -519,7 +519,7 @@ int psa_hash_setup_wrapper( goto fail; } - ok = psasim_deserialise_psa_hash_operation_t(&pos, &remaining, &operation); + ok = psasim_server_deserialise_psa_hash_operation_t(&pos, &remaining, &operation); if (!ok) { goto fail; } @@ -532,7 +532,7 @@ int psa_hash_setup_wrapper( // Now we call the actual target function status = psa_hash_setup( - &operation, + operation, alg ); @@ -540,7 +540,7 @@ int psa_hash_setup_wrapper( size_t result_size = psasim_serialise_begin_needs() + psasim_serialise_psa_status_t_needs(status) + - psasim_serialise_psa_hash_operation_t_needs(operation); + psasim_server_serialise_psa_hash_operation_t_needs(operation); result = malloc(result_size); if (result == NULL) { @@ -560,7 +560,7 @@ int psa_hash_setup_wrapper( goto fail; } - ok = psasim_serialise_psa_hash_operation_t(&rpos, &rremain, operation); + ok = psasim_server_serialise_psa_hash_operation_t(&rpos, &rremain, operation); if (!ok) { goto fail; } @@ -582,7 +582,7 @@ int psa_hash_update_wrapper( uint8_t **out_params, size_t *out_params_len) { psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - psa_hash_operation_t operation; + psa_hash_operation_t *operation; uint8_t *input = NULL; size_t input_length; @@ -596,7 +596,7 @@ int psa_hash_update_wrapper( goto fail; } - ok = psasim_deserialise_psa_hash_operation_t(&pos, &remaining, &operation); + ok = psasim_server_deserialise_psa_hash_operation_t(&pos, &remaining, &operation); if (!ok) { goto fail; } @@ -609,7 +609,7 @@ int psa_hash_update_wrapper( // Now we call the actual target function status = psa_hash_update( - &operation, + operation, input, input_length ); @@ -617,7 +617,7 @@ int psa_hash_update_wrapper( size_t result_size = psasim_serialise_begin_needs() + psasim_serialise_psa_status_t_needs(status) + - psasim_serialise_psa_hash_operation_t_needs(operation); + psasim_server_serialise_psa_hash_operation_t_needs(operation); result = malloc(result_size); if (result == NULL) { @@ -637,7 +637,7 @@ int psa_hash_update_wrapper( goto fail; } - ok = psasim_serialise_psa_hash_operation_t(&rpos, &rremain, operation); + ok = psasim_server_serialise_psa_hash_operation_t(&rpos, &rremain, operation); if (!ok) { goto fail; } @@ -663,7 +663,7 @@ int psa_hash_verify_wrapper( uint8_t **out_params, size_t *out_params_len) { psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - psa_hash_operation_t operation; + psa_hash_operation_t *operation; uint8_t *hash = NULL; size_t hash_length; @@ -677,7 +677,7 @@ int psa_hash_verify_wrapper( goto fail; } - ok = psasim_deserialise_psa_hash_operation_t(&pos, &remaining, &operation); + ok = psasim_server_deserialise_psa_hash_operation_t(&pos, &remaining, &operation); if (!ok) { goto fail; } @@ -690,7 +690,7 @@ int psa_hash_verify_wrapper( // Now we call the actual target function status = psa_hash_verify( - &operation, + operation, hash, hash_length ); @@ -698,7 +698,7 @@ int psa_hash_verify_wrapper( size_t result_size = psasim_serialise_begin_needs() + psasim_serialise_psa_status_t_needs(status) + - psasim_serialise_psa_hash_operation_t_needs(operation); + psasim_server_serialise_psa_hash_operation_t_needs(operation); result = malloc(result_size); if (result == NULL) { @@ -718,7 +718,7 @@ int psa_hash_verify_wrapper( goto fail; } - ok = psasim_serialise_psa_hash_operation_t(&rpos, &rremain, operation); + ok = psasim_server_serialise_psa_hash_operation_t(&rpos, &rremain, operation); if (!ok) { goto fail; } diff --git a/tests/psa-client-server/psasim/src/psa_sim_serialise.c b/tests/psa-client-server/psasim/src/psa_sim_serialise.c index 78ae9d65d7..20d89c54fa 100644 --- a/tests/psa-client-server/psasim/src/psa_sim_serialise.c +++ b/tests/psa-client-server/psasim/src/psa_sim_serialise.c @@ -13,6 +13,51 @@ #include #include +/* include/psa/crypto_platform.h:typedef uint32_t mbedtls_psa_client_handle_t; + * but we don't get it on server builds, so redefine it here with a unique type name + */ +typedef uint32_t psasim_client_handle_t; + +typedef struct psasim_operation_s { + psasim_client_handle_t handle; +} psasim_operation_t; + +#define MAX_LIVE_HANDLES_PER_CLASS 100 /* this many slots */ + +static psa_hash_operation_t hash_operations[MAX_LIVE_HANDLES_PER_CLASS]; +static psasim_client_handle_t hash_operation_handles[MAX_LIVE_HANDLES_PER_CLASS]; +static psasim_client_handle_t next_hash_operation_handle = 1; + +/* Get a free slot */ +static ssize_t allocate_hash_operation_slot(void) +{ + psasim_client_handle_t handle = next_hash_operation_handle++; + if (next_hash_operation_handle == 0) { /* wrapped around */ + fprintf(stderr, "MAX HASH HANDLES REACHED\n"); + exit(1); + } + + for (ssize_t i = 0; i < MAX_LIVE_HANDLES_PER_CLASS; i++) { + if (hash_operation_handles[i] == 0) { + hash_operation_handles[i] = handle; + return i; + } + } + + return -1; /* all in use */ +} + +static ssize_t find_hash_slot_by_handle(psasim_client_handle_t handle) +{ + for (ssize_t i = 0; i < MAX_LIVE_HANDLES_PER_CLASS; i++) { + if (hash_operation_handles[i] == handle) { + return i; + } + } + + return -1; /* all in use */ +} + /* Basic idea: * * All arguments to a function will be serialised into a single buffer to @@ -404,3 +449,65 @@ int psasim_deserialise_psa_hash_operation_t(uint8_t **pos, return 1; } + +/* On the server side, we have a certain number of slots. One array holds the + * psa_XXX_operation_t values by slot, the other holds the client-side handles + * for the slots. + */ +size_t psasim_server_serialise_psa_hash_operation_t_needs(psa_hash_operation_t *operation) +{ + (void) operation; + + /* We will actually return a handle */ + return sizeof(psasim_operation_t); +} + +int psasim_server_serialise_psa_hash_operation_t(uint8_t **pos, + size_t *remaining, + psa_hash_operation_t *operation) +{ + psasim_operation_t client_operation; + + if (*remaining < sizeof(client_operation)) { + return 0; + } + + ssize_t slot = operation - hash_operations; + + client_operation.handle = hash_operation_handles[slot]; + + memcpy(*pos, &client_operation, sizeof(client_operation)); + *pos += sizeof(client_operation); + + return 1; +} + +int psasim_server_deserialise_psa_hash_operation_t(uint8_t **pos, + size_t *remaining, + psa_hash_operation_t **operation) +{ + psasim_operation_t client_operation; + + if (*remaining < sizeof(psasim_operation_t)) { + return 0; + } + + memcpy(&client_operation, *pos, sizeof(psasim_operation_t)); + *pos += sizeof(psasim_operation_t); + *remaining -= sizeof(psasim_operation_t); + + ssize_t slot; + if (client_operation.handle == 0) { /* We need a new handle */ + slot = allocate_hash_operation_slot(); + } else { + slot = find_hash_slot_by_handle(client_operation.handle); + } + + if (slot < 0) { + return 0; + } + + *operation = &hash_operations[slot]; + + return 1; +} diff --git a/tests/psa-client-server/psasim/src/psa_sim_serialise.h b/tests/psa-client-server/psasim/src/psa_sim_serialise.h index d5eaccf482..7a5881e74e 100644 --- a/tests/psa-client-server/psasim/src/psa_sim_serialise.h +++ b/tests/psa-client-server/psasim/src/psa_sim_serialise.h @@ -408,3 +408,13 @@ int psasim_serialise_psa_hash_operation_t(uint8_t **pos, int psasim_deserialise_psa_hash_operation_t(uint8_t **pos, size_t *remaining, psa_hash_operation_t *value); + +size_t psasim_server_serialise_psa_hash_operation_t_needs(psa_hash_operation_t *operation); + +int psasim_server_serialise_psa_hash_operation_t(uint8_t **pos, + size_t *remaining, + psa_hash_operation_t *operation); + +int psasim_server_deserialise_psa_hash_operation_t(uint8_t **pos, + size_t *remaining, + psa_hash_operation_t **operation); From 9ab19695b5d74338352fbc8d85368172d0ba2296 Mon Sep 17 00:00:00 2001 From: Tom Cosgrove Date: Mon, 10 Jun 2024 14:24:28 +0100 Subject: [PATCH 300/429] Make psa_sim_generate.pl output the new type of server wrapper we want Signed-off-by: Tom Cosgrove --- .../psasim/src/psa_sim_generate.pl | 20 +++++++++++++------ 1 file changed, 14 insertions(+), 6 deletions(-) diff --git a/tests/psa-client-server/psasim/src/psa_sim_generate.pl b/tests/psa-client-server/psasim/src/psa_sim_generate.pl index 19c6a0bf4a..efd50aa846 100755 --- a/tests/psa-client-server/psasim/src/psa_sim_generate.pl +++ b/tests/psa-client-server/psasim/src/psa_sim_generate.pl @@ -522,8 +522,9 @@ EOF push(@buffers, $n1); # Add to the list to be free()d at end } else { $argname =~ s/^\*//; # Remove any leading * + my $pointer = ($argtype =~ /^psa_\w+_operation_t/) ? "*" : ""; print $fh <{is_output}, @$args); @@ -616,9 +618,10 @@ EOF my $sep = ($i == $#outputs) ? ";" : " +"; $argtype =~ s/^const //; $argname =~ s/^\*//; # Remove any leading * + my $server_specific = ($argtype =~ /^psa_\w+_operation_t/) ? "server_" : ""; print $fh <{return}->{name}; my $args = $f->{args}; @@ -900,6 +905,9 @@ sub output_call print $fh " $n1, $n2"; } else { $argname =~ s/^\*/\&/; # Replace leading * with & + if ($is_server && $argtype =~ /^psa_\w+_operation_t/) { + $argname =~ s/^\&//; # Actually, for psa_XXX_operation_t, don't do this on the server side + } print $fh " $argname"; } my $sep = ($i == $#$args) ? "\n );" : ","; From 0d0415e6e04c2f9fee0afd0bfba23ec05f296626 Mon Sep 17 00:00:00 2001 From: Tom Cosgrove Date: Mon, 10 Jun 2024 15:34:19 +0100 Subject: [PATCH 301/429] Move the comment block in psa_sim_serialise.c back to where it belongs Signed-off-by: Tom Cosgrove --- .../psasim/src/psa_sim_serialise.c | 76 +++++++++---------- 1 file changed, 38 insertions(+), 38 deletions(-) diff --git a/tests/psa-client-server/psasim/src/psa_sim_serialise.c b/tests/psa-client-server/psasim/src/psa_sim_serialise.c index 20d89c54fa..e45cd00c4c 100644 --- a/tests/psa-client-server/psasim/src/psa_sim_serialise.c +++ b/tests/psa-client-server/psasim/src/psa_sim_serialise.c @@ -13,6 +13,44 @@ #include #include +/* Basic idea: + * + * All arguments to a function will be serialised into a single buffer to + * be sent to the server with the PSA crypto function to be called. + * + * All returned data (the function's return value and any values returned + * via `out` parameters) will similarly be serialised into a buffer to be + * sent back to the client from the server. + * + * For each data type foo (e.g. int, size_t, psa_algorithm_t, but also "buffer" + * where "buffer" is a (uint8_t *, size_t) pair, we have a pair of functions, + * psasim_serialise_foo() and psasim_deserialise_foo(). + * + * We also have psasim_serialise_foo_needs() functions, which return a + * size_t giving the number of bytes that serialising that instance of that + * type will need. This allows callers to size buffers for serialisation. + * + * Each serialised buffer starts with a version byte, bytes that indicate + * the size of basic C types, and four bytes that indicate the endianness + * (to avoid incompatibilities if we ever run this over a network - we are + * not aiming for universality, just for correctness and simplicity). + * + * Most types are serialised as a fixed-size (per type) octet string, with + * no type indication. This is acceptable as (a) this is for the test PSA crypto + * simulator only, not production, and (b) these functions are called by + * code that itself is written by script. + * + * We also want to keep serialised data reasonably compact as communication + * between client and server goes in messages of less than 200 bytes each. + * + * Many serialisation functions can be created by a script; an exemplar Perl + * script is included. It is not hooked into the build and so must be run + * manually, but is expected to be replaced by a Python script in due course. + * Types that can have their functions created by script include plain old C + * data types (e.g. int), types typedef'd to those, and even structures that + * don't contain pointers. + */ + /* include/psa/crypto_platform.h:typedef uint32_t mbedtls_psa_client_handle_t; * but we don't get it on server builds, so redefine it here with a unique type name */ @@ -58,44 +96,6 @@ static ssize_t find_hash_slot_by_handle(psasim_client_handle_t handle) return -1; /* all in use */ } -/* Basic idea: - * - * All arguments to a function will be serialised into a single buffer to - * be sent to the server with the PSA crypto function to be called. - * - * All returned data (the function's return value and any values returned - * via `out` parameters) will similarly be serialised into a buffer to be - * sent back to the client from the server. - * - * For each data type foo (e.g. int, size_t, psa_algorithm_t, but also "buffer" - * where "buffer" is a (uint8_t *, size_t) pair, we have a pair of functions, - * psasim_serialise_foo() and psasim_deserialise_foo(). - * - * We also have psasim_serialise_foo_needs() functions, which return a - * size_t giving the number of bytes that serialising that instance of that - * type will need. This allows callers to size buffers for serialisation. - * - * Each serialised buffer starts with a version byte, bytes that indicate - * the size of basic C types, and four bytes that indicate the endianness - * (to avoid incompatibilities if we ever run this over a network - we are - * not aiming for universality, just for correctness and simplicity). - * - * Most types are serialised as a fixed-size (per type) octet string, with - * no type indication. This is acceptable as (a) this is for the test PSA crypto - * simulator only, not production, and (b) these functions are called by - * code that itself is written by script. - * - * We also want to keep serialised data reasonably compact as communication - * between client and server goes in messages of less than 200 bytes each. - * - * Many serialisation functions can be created by a script; an exemplar Perl - * script is included. It is not hooked into the build and so must be run - * manually, but is expected to be replaced by a Python script in due course. - * Types that can have their functions created by script include plain old C - * data types (e.g. int), types typedef'd to those, and even structures that - * don't contain pointers. - */ - size_t psasim_serialise_begin_needs(void) { /* The serialisation buffer will From db87a44898e957ea3f6cf384004906af231d62fa Mon Sep 17 00:00:00 2001 From: Tom Cosgrove Date: Mon, 10 Jun 2024 15:20:44 +0100 Subject: [PATCH 302/429] psa_sim_serialise.pl now creates the updated .h file Signed-off-by: Tom Cosgrove --- .../psasim/src/psa_sim_serialise.h | 38 ++++++++++++++-- .../psasim/src/psa_sim_serialise.pl | 44 +++++++++++++------ 2 files changed, 65 insertions(+), 17 deletions(-) diff --git a/tests/psa-client-server/psasim/src/psa_sim_serialise.h b/tests/psa-client-server/psasim/src/psa_sim_serialise.h index 7a5881e74e..4ec7ec04fb 100644 --- a/tests/psa-client-server/psasim/src/psa_sim_serialise.h +++ b/tests/psa-client-server/psasim/src/psa_sim_serialise.h @@ -409,12 +409,44 @@ int psasim_deserialise_psa_hash_operation_t(uint8_t **pos, size_t *remaining, psa_hash_operation_t *value); -size_t psasim_server_serialise_psa_hash_operation_t_needs(psa_hash_operation_t *operation); +/** Return how much buffer space is needed by \c psasim_server_serialise_psa_hash_operation_t() + * to serialise a `psa_hash_operation_t`. + * + * \param value The value that will be serialised into the buffer + * (needed in case some serialisations are value- + * dependent). + * + * \return The number of bytes needed in the buffer by + * \c psasim_serialise_psa_hash_operation_t() to serialise + * the given value. + */ +size_t psasim_server_serialise_psa_hash_operation_t_needs(psa_hash_operation_t *value); +/** Serialise a `psa_hash_operation_t` into a buffer on the server side. + * + * \param pos[in,out] Pointer to a `uint8_t *` holding current position + * in the buffer. + * \param remaining[in,out] Pointer to a `size_t` holding number of bytes + * remaining in the buffer. + * \param value The value to serialise into the buffer. + * + * \return \c 1 on success ("okay"), \c 0 on error. + */ int psasim_server_serialise_psa_hash_operation_t(uint8_t **pos, size_t *remaining, - psa_hash_operation_t *operation); + psa_hash_operation_t *value); +/** Deserialise a `psa_hash_operation_t` from a buffer on the server side. + * + * \param pos[in,out] Pointer to a `uint8_t *` holding current position + * in the buffer. + * \param remaining[in,out] Pointer to a `size_t` holding number of bytes + * remaining in the buffer. + * \param value Pointer to a `psa_hash_operation_t` to receive the value + * deserialised from the buffer. + * + * \return \c 1 on success ("okay"), \c 0 on error. + */ int psasim_server_deserialise_psa_hash_operation_t(uint8_t **pos, size_t *remaining, - psa_hash_operation_t **operation); + psa_hash_operation_t **value); diff --git a/tests/psa-client-server/psasim/src/psa_sim_serialise.pl b/tests/psa-client-server/psasim/src/psa_sim_serialise.pl index 5161db1f67..21bfec52ba 100755 --- a/tests/psa-client-server/psasim/src/psa_sim_serialise.pl +++ b/tests/psa-client-server/psasim/src/psa_sim_serialise.pl @@ -55,9 +55,15 @@ if ($which eq "h") { if ($type eq "buffer") { print declare_buffer_functions(); } else { - print declare_needs($type); - print declare_serialise($type); - print declare_deserialise($type); + print declare_needs($type, ""); + print declare_serialise($type, ""); + print declare_deserialise($type, ""); + + if ($type =~ /^psa_\w+_operation_t$/) { + print declare_needs($type, "server_"); + print declare_serialise($type, "server_"); + print declare_deserialise($type, "server_"); + } } } @@ -85,15 +91,17 @@ if ($which eq "h") { sub declare_needs { - my ($type) = @_; + my ($type, $server) = @_; my $an = ($type =~ /^[ui]/) ? "an" : "a"; my $type_d = $type; $type_d =~ s/ /_/g; + my $ptr = (length($server)) ? "*" : ""; + return < Date: Mon, 10 Jun 2024 15:50:53 +0100 Subject: [PATCH 303/429] psa_sim_serialise.pl now creates the updated .c file Signed-off-by: Tom Cosgrove --- .../psasim/src/psa_sim_serialise.c | 5 +- .../psasim/src/psa_sim_serialise.pl | 187 ++++++++++++++++++ 2 files changed, 188 insertions(+), 4 deletions(-) diff --git a/tests/psa-client-server/psasim/src/psa_sim_serialise.c b/tests/psa-client-server/psasim/src/psa_sim_serialise.c index e45cd00c4c..348e42c2b4 100644 --- a/tests/psa-client-server/psasim/src/psa_sim_serialise.c +++ b/tests/psa-client-server/psasim/src/psa_sim_serialise.c @@ -85,6 +85,7 @@ static ssize_t allocate_hash_operation_slot(void) return -1; /* all in use */ } +/* Find the slot given the handle */ static ssize_t find_hash_slot_by_handle(psasim_client_handle_t handle) { for (ssize_t i = 0; i < MAX_LIVE_HANDLES_PER_CLASS; i++) { @@ -450,10 +451,6 @@ int psasim_deserialise_psa_hash_operation_t(uint8_t **pos, return 1; } -/* On the server side, we have a certain number of slots. One array holds the - * psa_XXX_operation_t values by slot, the other holds the client-side handles - * for the slots. - */ size_t psasim_server_serialise_psa_hash_operation_t_needs(psa_hash_operation_t *operation) { (void) operation; diff --git a/tests/psa-client-server/psasim/src/psa_sim_serialise.pl b/tests/psa-client-server/psasim/src/psa_sim_serialise.pl index 21bfec52ba..eb2893ea5f 100755 --- a/tests/psa-client-server/psasim/src/psa_sim_serialise.pl +++ b/tests/psa-client-server/psasim/src/psa_sim_serialise.pl @@ -69,7 +69,17 @@ if ($which eq "h") { } elsif ($which eq "c") { + my $have_operation_types = (grep(/psa_\w+_operation_t/, @types)) ? 1 : 0; + print c_header(); + print c_define_types_for_operation_types() if $have_operation_types; + + for my $type (@types) { + next unless $type =~ /^psa_(\w+)_operation_t$/; + print define_operation_type_data_and_functions($1); + } + + print c_define_begins(); for my $type (@types) { if ($type eq "buffer") { @@ -82,6 +92,12 @@ if ($which eq "h") { print define_needs($type); print define_serialise($type); print define_deserialise($type); + + if ($type =~ /^psa_\w+_operation_t$/) { + print define_server_needs($type); + print define_server_serialise($type); + print define_server_deserialise($type); + } } } @@ -363,6 +379,25 @@ size_t psasim_serialise_${type_d}_needs($type value) EOF } +sub define_server_needs +{ + my ($type) = @_; + + my $type_d = $type; + $type_d =~ s/ /_/g; + + return < Date: Mon, 10 Jun 2024 12:16:29 -0700 Subject: [PATCH 304/429] set psk to null in ssl_psk_remove Summary: set the psk to null after it is released. Test Plan: Reviewers: Subscribers: Tasks: Tags: Signed-off-by: lhuang04 --- library/ssl_tls.c | 1 + 1 file changed, 1 insertion(+) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index c2c2b6f795..dd39e81173 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -2243,6 +2243,7 @@ static void ssl_remove_psk(mbedtls_ssl_context *ssl) mbedtls_zeroize_and_free(ssl->handshake->psk, ssl->handshake->psk_len); ssl->handshake->psk_len = 0; + ssl->handshake->psk = NULL; } #endif /* MBEDTLS_USE_PSA_CRYPTO */ } From 5ddd6591c3984a299519d55752f2626f02880ad4 Mon Sep 17 00:00:00 2001 From: Tom Cosgrove Date: Tue, 11 Jun 2024 09:53:53 +0100 Subject: [PATCH 305/429] Revert "Correctly build client-side code that's to be run under the PSA crypto sim" This reverts commit e7a2230df7e9468f3a276edabe20a0705a492940. Signed-off-by: Tom Cosgrove --- tests/psa-client-server/psasim/Makefile | 4 +--- .../psasim/src/psa_sim_client_config_adjust.h | 14 -------------- 2 files changed, 1 insertion(+), 17 deletions(-) delete mode 100644 tests/psa-client-server/psasim/src/psa_sim_client_config_adjust.h diff --git a/tests/psa-client-server/psasim/Makefile b/tests/psa-client-server/psasim/Makefile index b9ec3ad742..06d3059b4b 100644 --- a/tests/psa-client-server/psasim/Makefile +++ b/tests/psa-client-server/psasim/Makefile @@ -24,8 +24,6 @@ PSA_CLIENT_SRC = src/psa_ff_client.c \ src/psa_sim_crypto_client.c \ src/psa_sim_serialise.c -PSA_CLIENT_DEFS = -Isrc -DMBEDTLS_USER_CONFIG_FILE='"psa_sim_client_config_adjust.h"' - PARTITION_SERVER_BOOTSTRAP = src/psa_ff_bootstrap_TEST_PARTITION.c PSA_SERVER_SRC = $(PARTITION_SERVER_BOOTSTRAP) \ @@ -41,7 +39,7 @@ test/seedfile: dd if=/dev/urandom of=./test/seedfile bs=64 count=1 test/psa_client: $(PSA_CLIENT_SRC) $(GENERATED_H_FILES) - $(CC) $(COMMON_INCLUDE) $(CFLAGS) $(PSA_CLIENT_DEFS) $(PSA_CLIENT_SRC) $(LIBPSACLIENT) $(LDFLAGS) -o $@ + $(CC) $(COMMON_INCLUDE) $(CFLAGS) $(PSA_CLIENT_SRC) $(LIBPSACLIENT) $(LDFLAGS) -o $@ test/psa_partition: $(PSA_SERVER_SRC) $(GENERATED_H_FILES) test/seedfile $(CC) $(COMMON_INCLUDE) $(CFLAGS) $(PSA_SERVER_SRC) $(LIBPSASERVER) $(LDFLAGS) -o $@ diff --git a/tests/psa-client-server/psasim/src/psa_sim_client_config_adjust.h b/tests/psa-client-server/psasim/src/psa_sim_client_config_adjust.h deleted file mode 100644 index 3640c2a2fe..0000000000 --- a/tests/psa-client-server/psasim/src/psa_sim_client_config_adjust.h +++ /dev/null @@ -1,14 +0,0 @@ -/** - * \file psa_sim_client_config_adjust.h - * - * \brief User config file for client-side code to be run under PSA simulator - */ - -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ - -#define MBEDTLS_PSA_CRYPTO_CLIENT -#undef MBEDTLS_PSA_CRYPTO_C -#undef MBEDTLS_PSA_CRYPTO_STORAGE_C From 51b2c86852ecb26c0cb9f118384146c922db1ee3 Mon Sep 17 00:00:00 2001 From: Tom Cosgrove Date: Tue, 11 Jun 2024 13:38:15 +0100 Subject: [PATCH 306/429] Use our own copy of programs/psa/psa_hash.c in the PSA simulator tests Signed-off-by: Tom Cosgrove --- programs/psa/psa_hash.c | 5 +- .../psasim/src/aut_psa_hash.c | 160 ++++++++++++++++++ tests/scripts/all.sh | 19 +-- 3 files changed, 170 insertions(+), 14 deletions(-) create mode 100644 tests/psa-client-server/psasim/src/aut_psa_hash.c diff --git a/programs/psa/psa_hash.c b/programs/psa/psa_hash.c index 6c2c07e062..c5244d6d40 100644 --- a/programs/psa/psa_hash.c +++ b/programs/psa/psa_hash.c @@ -30,12 +30,11 @@ * If you switch to a different algorithm you will need to update * the hash data in the EXAMPLE_HASH_VALUE macro below. */ -#if !defined(MBEDTLS_PSA_CRYPTO_CLIENT) && \ - (!defined(MBEDTLS_PSA_CRYPTO_C) || !defined(PSA_WANT_ALG_SHA_256)) +#if !defined(MBEDTLS_PSA_CRYPTO_C) || !defined(PSA_WANT_ALG_SHA_256) int main(void) { mbedtls_printf("MBEDTLS_PSA_CRYPTO_C and PSA_WANT_ALG_SHA_256" - "not defined, and not MBEDTLS_PSA_CRYPTO_CLIENT.\r\n"); + "not defined.\r\n"); return EXIT_SUCCESS; } #else diff --git a/tests/psa-client-server/psasim/src/aut_psa_hash.c b/tests/psa-client-server/psasim/src/aut_psa_hash.c new file mode 100644 index 0000000000..6c2c07e062 --- /dev/null +++ b/tests/psa-client-server/psasim/src/aut_psa_hash.c @@ -0,0 +1,160 @@ +/* + * Example computing a SHA-256 hash using the PSA Crypto API + * + * The example computes the SHA-256 hash of a test string using the + * one-shot API call psa_hash_compute() and the using multi-part + * operation, which requires psa_hash_setup(), psa_hash_update() and + * psa_hash_finish(). The multi-part operation is popular on embedded + * devices where a rolling hash needs to be computed. + * + * + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + */ + +#include "psa/crypto.h" +#include +#include +#include + +#include "mbedtls/build_info.h" +#include "mbedtls/platform.h" + +/* Information about hashing with the PSA API can be + * found here: + * https://arm-software.github.io/psa-api/crypto/1.1/api/ops/hashes.html + * + * The algorithm used by this demo is SHA 256. + * Please see include/psa/crypto_values.h to see the other + * algorithms that are supported by Mbed TLS. + * If you switch to a different algorithm you will need to update + * the hash data in the EXAMPLE_HASH_VALUE macro below. */ + +#if !defined(MBEDTLS_PSA_CRYPTO_CLIENT) && \ + (!defined(MBEDTLS_PSA_CRYPTO_C) || !defined(PSA_WANT_ALG_SHA_256)) +int main(void) +{ + mbedtls_printf("MBEDTLS_PSA_CRYPTO_C and PSA_WANT_ALG_SHA_256" + "not defined, and not MBEDTLS_PSA_CRYPTO_CLIENT.\r\n"); + return EXIT_SUCCESS; +} +#else + +#define HASH_ALG PSA_ALG_SHA_256 + +const uint8_t sample_message[] = "Hello World!"; +/* sample_message is terminated with a null byte which is not part of + * the message itself so we make sure to subtract it in order to get + * the message length. */ +const size_t sample_message_length = sizeof(sample_message) - 1; + +#define EXPECTED_HASH_VALUE { \ + 0x7f, 0x83, 0xb1, 0x65, 0x7f, 0xf1, 0xfc, 0x53, 0xb9, 0x2d, 0xc1, 0x81, \ + 0x48, 0xa1, 0xd6, 0x5d, 0xfc, 0x2d, 0x4b, 0x1f, 0xa3, 0xd6, 0x77, 0x28, \ + 0x4a, 0xdd, 0xd2, 0x00, 0x12, 0x6d, 0x90, 0x69 \ +} + +const uint8_t expected_hash[] = EXPECTED_HASH_VALUE; +const size_t expected_hash_len = sizeof(expected_hash); + +int main(void) +{ + psa_status_t status; + uint8_t hash[PSA_HASH_LENGTH(HASH_ALG)]; + size_t hash_length; + psa_hash_operation_t hash_operation = PSA_HASH_OPERATION_INIT; + psa_hash_operation_t cloned_hash_operation = PSA_HASH_OPERATION_INIT; + + mbedtls_printf("PSA Crypto API: SHA-256 example\n\n"); + + status = psa_crypto_init(); + if (status != PSA_SUCCESS) { + mbedtls_printf("psa_crypto_init failed\n"); + return EXIT_FAILURE; + } + + /* Compute hash using multi-part operation */ + status = psa_hash_setup(&hash_operation, HASH_ALG); + if (status == PSA_ERROR_NOT_SUPPORTED) { + mbedtls_printf("unknown hash algorithm supplied\n"); + return EXIT_FAILURE; + } else if (status != PSA_SUCCESS) { + mbedtls_printf("psa_hash_setup failed\n"); + return EXIT_FAILURE; + } + + status = psa_hash_update(&hash_operation, sample_message, sample_message_length); + if (status != PSA_SUCCESS) { + mbedtls_printf("psa_hash_update failed\n"); + goto cleanup; + } + + status = psa_hash_clone(&hash_operation, &cloned_hash_operation); + if (status != PSA_SUCCESS) { + mbedtls_printf("PSA hash clone failed\n"); + goto cleanup; + } + + status = psa_hash_finish(&hash_operation, hash, sizeof(hash), &hash_length); + if (status != PSA_SUCCESS) { + mbedtls_printf("psa_hash_finish failed\n"); + goto cleanup; + } + + /* Check the result of the operation against the sample */ + if (hash_length != expected_hash_len || + (memcmp(hash, expected_hash, expected_hash_len) != 0)) { + mbedtls_printf("Multi-part hash operation gave the wrong result!\n\n"); + goto cleanup; + } + + status = + psa_hash_verify(&cloned_hash_operation, expected_hash, + expected_hash_len); + if (status != PSA_SUCCESS) { + mbedtls_printf("psa_hash_verify failed\n"); + goto cleanup; + } else { + mbedtls_printf("Multi-part hash operation successful!\n"); + } + + /* Clear local variables prior to one-shot hash demo */ + memset(hash, 0, sizeof(hash)); + hash_length = 0; + + /* Compute hash using one-shot function call */ + status = psa_hash_compute(HASH_ALG, + sample_message, sample_message_length, + hash, sizeof(hash), + &hash_length); + if (status != PSA_SUCCESS) { + mbedtls_printf("psa_hash_compute failed\n"); + goto cleanup; + } + + if (hash_length != expected_hash_len || + (memcmp(hash, expected_hash, expected_hash_len) != 0)) { + mbedtls_printf("One-shot hash operation gave the wrong result!\n\n"); + goto cleanup; + } + + mbedtls_printf("One-shot hash operation successful!\n\n"); + + /* Print out result */ + mbedtls_printf("The SHA-256( '%s' ) is: ", sample_message); + + for (size_t j = 0; j < expected_hash_len; j++) { + mbedtls_printf("%02x", hash[j]); + } + + mbedtls_printf("\n"); + + mbedtls_psa_crypto_free(); + return EXIT_SUCCESS; + +cleanup: + psa_hash_abort(&hash_operation); + psa_hash_abort(&cloned_hash_operation); + return EXIT_FAILURE; +} +#endif /* !MBEDTLS_PSA_CRYPTO_C || !PSA_WANT_ALG_SHA_256 */ diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index e3d840192d..a42b38045f 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -6228,6 +6228,7 @@ component_test_psasim() { msg "test psasim" tests/psa-client-server/psasim/test/run_test.sh + msg "build psasim to test psa_hash_compute" # Delete the executable to ensure we build using the right MAIN rm tests/psa-client-server/psasim/test/psa_client @@ -6237,20 +6238,16 @@ component_test_psasim() { msg "test psasim running psa_hash_compute" tests/psa-client-server/psasim/test/run_test.sh + # Next APIs under test: psa_hash_*(). Just use the PSA hash example. - aut_psa_hash="../../../programs/psa/psa_hash.c" - if [ -f "tests/psa-client-server/psasim/$aut_psa_hash" ]; then + msg "build psasim to test all psa_hash_* APIs" + # Delete the executable to ensure we build using the right MAIN + rm tests/psa-client-server/psasim/test/psa_client + make -C tests/psa-client-server/psasim CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS" MAIN="src/aut_psa_hash.c" - msg "build psasim to test all psa_hash_* APIs" - # Delete the executable to ensure we build using the right MAIN - rm tests/psa-client-server/psasim/test/psa_client - make -C tests/psa-client-server/psasim CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS" MAIN="$aut_psa_hash" + msg "test psasim running psa_hash sample" + tests/psa-client-server/psasim/test/run_test.sh - msg "test psasim running psa_hash sample" - tests/psa-client-server/psasim/test/run_test.sh - else - echo $aut_psa_hash NOT FOUND, so not running that test - fi msg "clean psasim" make -C tests/psa-client-server/psasim clean From 75129e2ce30b7ce7d6971144fda0b39ac87737b2 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Mon, 10 Jun 2024 20:11:43 +0200 Subject: [PATCH 307/429] psa_sim_crypto_[client/server]: check if CRYPTO_C is enabled CRYPTO_C must or must-not be enabled on client and server sides as follows: - if it's enabled while building the client side it's a failure; - it it's NOT enabled while building the server it's a failure. Signed-off-by: Valerio Setti --- .../psa-client-server/psasim/src/psa_sim_crypto_client.c | 4 ++++ .../psa-client-server/psasim/src/psa_sim_crypto_server.c | 4 ++++ tests/psa-client-server/psasim/src/psa_sim_generate.pl | 8 ++++++++ 3 files changed, 16 insertions(+) diff --git a/tests/psa-client-server/psasim/src/psa_sim_crypto_client.c b/tests/psa-client-server/psasim/src/psa_sim_crypto_client.c index 4ac6c4a581..5811ac5e3f 100644 --- a/tests/psa-client-server/psasim/src/psa_sim_crypto_client.c +++ b/tests/psa-client-server/psasim/src/psa_sim_crypto_client.c @@ -26,6 +26,10 @@ static psa_handle_t handle = -1; +#if defined(MBEDTLS_PSA_CRYPTO_C) +#error "Error: MBEDTLS_PSA_CRYPTO_C must be disabled on client build" +#endif + int psa_crypto_call(int function, uint8_t *in_params, size_t in_params_len, uint8_t **out_params, size_t *out_params_len) diff --git a/tests/psa-client-server/psasim/src/psa_sim_crypto_server.c b/tests/psa-client-server/psasim/src/psa_sim_crypto_server.c index e511c74fa2..581254259e 100644 --- a/tests/psa-client-server/psasim/src/psa_sim_crypto_server.c +++ b/tests/psa-client-server/psasim/src/psa_sim_crypto_server.c @@ -17,6 +17,10 @@ #include "service.h" +#if !defined(MBEDTLS_PSA_CRYPTO_C) +#error "Error: MBEDTLS_PSA_CRYPTO_C must be enabled on server build" +#endif + // Returns 1 for success, 0 for failure int psa_crypto_init_wrapper( uint8_t *in_params, size_t in_params_len, diff --git a/tests/psa-client-server/psasim/src/psa_sim_generate.pl b/tests/psa-client-server/psasim/src/psa_sim_generate.pl index efd50aa846..cd0e3eba37 100755 --- a/tests/psa-client-server/psasim/src/psa_sim_generate.pl +++ b/tests/psa-client-server/psasim/src/psa_sim_generate.pl @@ -268,6 +268,10 @@ sub server_implementations_header #include "psa_sim_serialise.h" #include "service.h" + +#if !defined(MBEDTLS_PSA_CRYPTO_C) +#error "Error: MBEDTLS_PSA_CRYPTO_C must be enabled on server build" +#endif EOF } @@ -301,6 +305,10 @@ sub client_calls_header PRINT("Client: " fmt, ##__VA_ARGS__) static psa_handle_t handle = -1; + +#if defined(MBEDTLS_PSA_CRYPTO_C) +#error "Error: MBEDTLS_PSA_CRYPTO_C must be disabled on client build" +#endif EOF $code .= debug_functions() if $debug; From f98635c36087e326eff92297f0785d36ead21fc7 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Mon, 10 Jun 2024 20:13:13 +0200 Subject: [PATCH 308/429] psasim: build server library and binary before client's ones This allows to keep the same CONFIG_H while building the Mbed TLS library and the application (no matter if it's client or server). Signed-off-by: Valerio Setti --- tests/psa-client-server/psasim/Makefile | 7 ++---- tests/scripts/all.sh | 32 ++++++++++++------------- 2 files changed, 18 insertions(+), 21 deletions(-) diff --git a/tests/psa-client-server/psasim/Makefile b/tests/psa-client-server/psasim/Makefile index 06d3059b4b..38dbef6cd6 100644 --- a/tests/psa-client-server/psasim/Makefile +++ b/tests/psa-client-server/psasim/Makefile @@ -12,9 +12,6 @@ LIBPSASERVER := -Llibpsaserver/ -lmbedcrypto MBEDTLS_ROOT_PATH = ../../.. COMMON_INCLUDE := -I./include -I$(MBEDTLS_ROOT_PATH)/include -TEST_BIN = test/psa_client \ - test/psa_partition - GENERATED_H_FILES = include/psa_manifest/manifest.h \ include/psa_manifest/pid.h \ include/psa_manifest/sid.h @@ -33,7 +30,7 @@ PSA_SERVER_SRC = $(PARTITION_SERVER_BOOTSTRAP) \ .PHONY: all clean libpsaclient libpsaserver -all: $(TEST_BIN) +all: test/seedfile: dd if=/dev/urandom of=./test/seedfile bs=64 count=1 @@ -59,7 +56,7 @@ libpsaclient libpsaserver: $(MAKE) -C $(MBEDTLS_ROOT_PATH) clean clean: - rm -f $(TEST_BIN) + rm -f test/psa_client test/psa_partition rm -f $(PARTITION_SERVER_BOOTSTRAP) rm -rf libpsaclient libpsaserver rm -rf include/psa_manifest diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index a42b38045f..88d051b0f5 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -971,11 +971,6 @@ helper_crypto_client_build() { fi make -C tests/psa-client-server/psasim/ CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS" $TARGET_LIB "$@" - - # cleanup() will restore some backed-up files which include $CONFIG_H and - # $CRYPTO_CONFIG_H. Built libraries were already copied to psasim at this - # point. - cleanup } ################################################################ @@ -6212,18 +6207,23 @@ component_check_test_helpers () { } component_test_psasim() { - msg "build library for client" - - helper_crypto_client_build client - msg "build library for server" - scripts/config.py crypto - helper_crypto_client_build server - msg "build psasim" - make -C tests/psa-client-server/psasim CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS" + msg "build server" + make -C tests/psa-client-server/psasim CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS" test/psa_partition + + # cleanup() will restore some backed-up files which include $CONFIG_H and + # $CRYPTO_CONFIG_H. Built libraries were already copied to psasim at this + # point. + cleanup + + msg "build library for client" + helper_crypto_client_build client + + msg "build psasim to test psa_client" + make -C tests/psa-client-server/psasim CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS" test/psa_client msg "test psasim" tests/psa-client-server/psasim/test/run_test.sh @@ -6233,17 +6233,17 @@ component_test_psasim() { # Delete the executable to ensure we build using the right MAIN rm tests/psa-client-server/psasim/test/psa_client # API under test: psa_hash_compute() - make -C tests/psa-client-server/psasim CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS" MAIN="src/aut_psa_hash_compute.c" + make -C tests/psa-client-server/psasim CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS" MAIN="src/aut_psa_hash_compute.c" test/psa_client msg "test psasim running psa_hash_compute" tests/psa-client-server/psasim/test/run_test.sh - # Next APIs under test: psa_hash_*(). Just use the PSA hash example. + # Next APIs under test: psa_hash_*(). Use our copy of the PSA hash example. msg "build psasim to test all psa_hash_* APIs" # Delete the executable to ensure we build using the right MAIN rm tests/psa-client-server/psasim/test/psa_client - make -C tests/psa-client-server/psasim CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS" MAIN="src/aut_psa_hash.c" + make -C tests/psa-client-server/psasim CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS" MAIN="src/aut_psa_hash.c" test/psa_client msg "test psasim running psa_hash sample" tests/psa-client-server/psasim/test/run_test.sh From 3504c8891674c96ec0bccd53aa482ab33a6ae68b Mon Sep 17 00:00:00 2001 From: Sam Berry Date: Tue, 11 Jun 2024 14:34:17 +0100 Subject: [PATCH 309/429] Fix incorrect array length in function prototype Issue #9179 (MBEDTLS_SSL_CID_OUT_LEN_MAX changed to MBEDTLS_SSL_CID_IN_LEN_MAX in library\ssl.h and library\ssl_tls.c) Signed-off-by: Sam Berry --- include/mbedtls/ssl.h | 2 +- library/ssl_tls.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index ca130a3fbd..4b59e78532 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -2364,7 +2364,7 @@ int mbedtls_ssl_set_cid(mbedtls_ssl_context *ssl, */ int mbedtls_ssl_get_own_cid(mbedtls_ssl_context *ssl, int *enabled, - unsigned char own_cid[MBEDTLS_SSL_CID_OUT_LEN_MAX], + unsigned char own_cid[MBEDTLS_SSL_CID_IN_LEN_MAX], size_t *own_cid_len); /** diff --git a/library/ssl_tls.c b/library/ssl_tls.c index c2c2b6f795..e2f583fa4e 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -132,7 +132,7 @@ int mbedtls_ssl_set_cid(mbedtls_ssl_context *ssl, int mbedtls_ssl_get_own_cid(mbedtls_ssl_context *ssl, int *enabled, - unsigned char own_cid[MBEDTLS_SSL_CID_OUT_LEN_MAX], + unsigned char own_cid[MBEDTLS_SSL_CID_IN_LEN_MAX], size_t *own_cid_len) { *enabled = MBEDTLS_SSL_CID_DISABLED; From b923b473e7d9ad1ccaefeb9388552c5911ceef90 Mon Sep 17 00:00:00 2001 From: Tom Cosgrove Date: Tue, 11 Jun 2024 17:19:31 +0100 Subject: [PATCH 310/429] Have PSA sim client wrappers say which call fails, if one does Signed-off-by: Tom Cosgrove --- .../psasim/src/psa_sim_crypto_client.c | 16 ++++++++-------- .../psasim/src/psa_sim_generate.pl | 2 +- 2 files changed, 9 insertions(+), 9 deletions(-) diff --git a/tests/psa-client-server/psasim/src/psa_sim_crypto_client.c b/tests/psa-client-server/psasim/src/psa_sim_crypto_client.c index 5811ac5e3f..505a976d0b 100644 --- a/tests/psa-client-server/psasim/src/psa_sim_crypto_client.c +++ b/tests/psa-client-server/psasim/src/psa_sim_crypto_client.c @@ -158,7 +158,7 @@ psa_status_t psa_hash_abort( ok = psa_crypto_call(PSA_HASH_ABORT, params, (size_t) (pos - params), &result, &result_length); if (!ok) { - printf("XXX server call failed\n"); + printf("PSA_HASH_ABORT server call failed\n"); goto fail; } @@ -227,7 +227,7 @@ psa_status_t psa_hash_clone( ok = psa_crypto_call(PSA_HASH_CLONE, params, (size_t) (pos - params), &result, &result_length); if (!ok) { - printf("XXX server call failed\n"); + printf("PSA_HASH_CLONE server call failed\n"); goto fail; } @@ -302,7 +302,7 @@ psa_status_t psa_hash_compare( ok = psa_crypto_call(PSA_HASH_COMPARE, params, (size_t) (pos - params), &result, &result_length); if (!ok) { - printf("XXX server call failed\n"); + printf("PSA_HASH_COMPARE server call failed\n"); goto fail; } @@ -378,7 +378,7 @@ psa_status_t psa_hash_compute( ok = psa_crypto_call(PSA_HASH_COMPUTE, params, (size_t) (pos - params), &result, &result_length); if (!ok) { - printf("XXX server call failed\n"); + printf("PSA_HASH_COMPUTE server call failed\n"); goto fail; } @@ -458,7 +458,7 @@ psa_status_t psa_hash_finish( ok = psa_crypto_call(PSA_HASH_FINISH, params, (size_t) (pos - params), &result, &result_length); if (!ok) { - printf("XXX server call failed\n"); + printf("PSA_HASH_FINISH server call failed\n"); goto fail; } @@ -537,7 +537,7 @@ psa_status_t psa_hash_setup( ok = psa_crypto_call(PSA_HASH_SETUP, params, (size_t) (pos - params), &result, &result_length); if (!ok) { - printf("XXX server call failed\n"); + printf("PSA_HASH_SETUP server call failed\n"); goto fail; } @@ -606,7 +606,7 @@ psa_status_t psa_hash_update( ok = psa_crypto_call(PSA_HASH_UPDATE, params, (size_t) (pos - params), &result, &result_length); if (!ok) { - printf("XXX server call failed\n"); + printf("PSA_HASH_UPDATE server call failed\n"); goto fail; } @@ -675,7 +675,7 @@ psa_status_t psa_hash_verify( ok = psa_crypto_call(PSA_HASH_VERIFY, params, (size_t) (pos - params), &result, &result_length); if (!ok) { - printf("XXX server call failed\n"); + printf("PSA_HASH_VERIFY server call failed\n"); goto fail; } diff --git a/tests/psa-client-server/psasim/src/psa_sim_generate.pl b/tests/psa-client-server/psasim/src/psa_sim_generate.pl index cd0e3eba37..9765de796c 100755 --- a/tests/psa-client-server/psasim/src/psa_sim_generate.pl +++ b/tests/psa-client-server/psasim/src/psa_sim_generate.pl @@ -803,7 +803,7 @@ EOF ok = psa_crypto_call($enum, params, (size_t) (pos - params), &result, &result_length); if (!ok) { - printf("XXX server call failed\\n"); + printf("$enum server call failed\\n"); goto fail; } EOF From 98760124b81cfe13497d1784297b3ac56df85c58 Mon Sep 17 00:00:00 2001 From: Tom Cosgrove Date: Tue, 11 Jun 2024 17:21:15 +0100 Subject: [PATCH 311/429] Make it possible to pass arguments to PSA sim psa_client Signed-off-by: Tom Cosgrove --- tests/psa-client-server/psasim/test/run_test.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/psa-client-server/psasim/test/run_test.sh b/tests/psa-client-server/psasim/test/run_test.sh index 31429c8bb5..45a317a24e 100755 --- a/tests/psa-client-server/psasim/test/run_test.sh +++ b/tests/psa-client-server/psasim/test/run_test.sh @@ -33,5 +33,5 @@ clean_run ./psa_partition -k & SERV_PID=$! wait_for_server_startup -./psa_client +./psa_client "$@" wait $SERV_PID From 0fe5b8d4a3d51d988a9942f2dd0810d8f2ad89cf Mon Sep 17 00:00:00 2001 From: Tom Cosgrove Date: Tue, 11 Jun 2024 17:26:17 +0100 Subject: [PATCH 312/429] Add support for and run (a copy of) the PSA aead_demo program under PSA sim Signed-off-by: Tom Cosgrove --- .../psasim/src/aut_psa_aead_demo.c | 283 ++++ .../psasim/src/psa_functions_codes.h | 15 + .../psasim/src/psa_sim_crypto_client.c | 1210 ++++++++++++++ .../psasim/src/psa_sim_crypto_server.c | 1478 +++++++++++++++++ .../psasim/src/psa_sim_generate.pl | 936 +++++++++++ .../psasim/src/psa_sim_serialise.c | 198 +++ .../psasim/src/psa_sim_serialise.h | 168 ++ .../psasim/src/psa_sim_serialise.pl | 6 +- tests/scripts/all.sh | 19 +- 9 files changed, 4311 insertions(+), 2 deletions(-) create mode 100644 tests/psa-client-server/psasim/src/aut_psa_aead_demo.c diff --git a/tests/psa-client-server/psasim/src/aut_psa_aead_demo.c b/tests/psa-client-server/psasim/src/aut_psa_aead_demo.c new file mode 100644 index 0000000000..4a46c4039c --- /dev/null +++ b/tests/psa-client-server/psasim/src/aut_psa_aead_demo.c @@ -0,0 +1,283 @@ +/** + * PSA API multi-part AEAD demonstration. + * + * This program AEAD-encrypts a message, using the algorithm and key size + * specified on the command line, using the multi-part API. + * + * It comes with a companion program cipher/cipher_aead_demo.c, which does the + * same operations with the legacy Cipher API. The goal is that comparing the + * two programs will help people migrating to the PSA Crypto API. + * + * When used with multi-part AEAD operations, the `mbedtls_cipher_context` + * serves a triple purpose (1) hold the key, (2) store the algorithm when no + * operation is active, and (3) save progress information for the current + * operation. With PSA those roles are held by disinct objects: (1) a + * psa_key_id_t to hold the key, a (2) psa_algorithm_t to represent the + * algorithm, and (3) a psa_operation_t for multi-part progress. + * + * On the other hand, with PSA, the algorithms encodes the desired tag length; + * with Cipher the desired tag length needs to be tracked separately. + * + * This program and its companion cipher/cipher_aead_demo.c illustrate this by + * doing the same sequence of multi-part AEAD computation with both APIs; + * looking at the two side by side should make the differences and + * similarities clear. + */ + +/* + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + */ + +/* First include Mbed TLS headers to get the Mbed TLS configuration and + * platform definitions that we'll use in this program. Also include + * standard C headers for functions we'll use here. */ +#include "mbedtls/build_info.h" + +#include "psa/crypto.h" + +#include +#include +#include + +/* If the build options we need are not enabled, compile a placeholder. */ +#if !defined(MBEDTLS_PSA_CRYPTO_CLIENT) && \ + (!defined(MBEDTLS_PSA_CRYPTO_C) || \ + !defined(MBEDTLS_AES_C) || !defined(MBEDTLS_GCM_C) || \ + !defined(MBEDTLS_CHACHAPOLY_C) || \ + defined(MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER)) +int main(void) +{ + printf("MBEDTLS_PSA_CRYPTO_CLIENT or " + "MBEDTLS_PSA_CRYPTO_C and/or " + "MBEDTLS_AES_C and/or MBEDTLS_GCM_C and/or " + "MBEDTLS_CHACHAPOLY_C not defined, and/or " + "MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER defined\r\n"); + return 0; +} +#else + +/* The real program starts here. */ + +const char usage[] = + "Usage: aead_demo [aes128-gcm|aes256-gcm|aes128-gcm_8|chachapoly]"; + +/* Dummy data for encryption: IV/nonce, additional data, 2-part message */ +const unsigned char iv1[12] = { 0x00 }; +const unsigned char add_data1[] = { 0x01, 0x02 }; +const unsigned char msg1_part1[] = { 0x03, 0x04 }; +const unsigned char msg1_part2[] = { 0x05, 0x06, 0x07 }; + +/* Dummy data (2nd message) */ +const unsigned char iv2[12] = { 0x10 }; +const unsigned char add_data2[] = { 0x11, 0x12 }; +const unsigned char msg2_part1[] = { 0x13, 0x14 }; +const unsigned char msg2_part2[] = { 0x15, 0x16, 0x17 }; + +/* Maximum total size of the messages */ +#define MSG1_SIZE (sizeof(msg1_part1) + sizeof(msg1_part2)) +#define MSG2_SIZE (sizeof(msg2_part1) + sizeof(msg2_part2)) +#define MSG_MAX_SIZE (MSG1_SIZE > MSG2_SIZE ? MSG1_SIZE : MSG2_SIZE) + +/* Dummy key material - never do this in production! + * 32-byte is enough to all the key size supported by this program. */ +const unsigned char key_bytes[32] = { 0x2a }; + +/* Print the contents of a buffer in hex */ +void print_buf(const char *title, uint8_t *buf, size_t len) +{ + printf("%s:", title); + for (size_t i = 0; i < len; i++) { + printf(" %02x", buf[i]); + } + printf("\n"); +} + +/* Run a PSA function and bail out if it fails. + * The symbolic name of the error code can be recovered using: + * programs/psa/psa_constant_name status */ +#define PSA_CHECK(expr) \ + do \ + { \ + status = (expr); \ + if (status != PSA_SUCCESS) \ + { \ + printf("Error %d at line %d: %s\n", \ + (int) status, \ + __LINE__, \ + #expr); \ + goto exit; \ + } \ + } \ + while (0) + +/* + * Prepare encryption material: + * - interpret command-line argument + * - set up key + * - outputs: key and algorithm, which together hold all the information + */ +static psa_status_t aead_prepare(const char *info, + psa_key_id_t *key, + psa_algorithm_t *alg) +{ + psa_status_t status; + + /* Convert arg to alg + key_bits + key_type */ + size_t key_bits; + psa_key_type_t key_type; + if (strcmp(info, "aes128-gcm") == 0) { + *alg = PSA_ALG_GCM; + key_bits = 128; + key_type = PSA_KEY_TYPE_AES; + } else if (strcmp(info, "aes256-gcm") == 0) { + *alg = PSA_ALG_GCM; + key_bits = 256; + key_type = PSA_KEY_TYPE_AES; + } else if (strcmp(info, "aes128-gcm_8") == 0) { + *alg = PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM, 8); + key_bits = 128; + key_type = PSA_KEY_TYPE_AES; + } else if (strcmp(info, "chachapoly") == 0) { + *alg = PSA_ALG_CHACHA20_POLY1305; + key_bits = 256; + key_type = PSA_KEY_TYPE_CHACHA20; + } else { + puts(usage); + return PSA_ERROR_INVALID_ARGUMENT; + } + + /* Prepare key attributes */ + psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; + psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_ENCRYPT); + psa_set_key_algorithm(&attributes, *alg); + psa_set_key_type(&attributes, key_type); + psa_set_key_bits(&attributes, key_bits); // optional + + /* Import key */ + PSA_CHECK(psa_import_key(&attributes, key_bytes, key_bits / 8, key)); + +exit: + return status; +} + +/* + * Print out some information. + * + * All of this information was present in the command line argument, but his + * function demonstrates how each piece can be recovered from (key, alg). + */ +static void aead_info(psa_key_id_t key, psa_algorithm_t alg) +{ + psa_key_attributes_t attr = PSA_KEY_ATTRIBUTES_INIT; + (void) psa_get_key_attributes(key, &attr); + psa_key_type_t key_type = psa_get_key_type(&attr); + size_t key_bits = psa_get_key_bits(&attr); + psa_algorithm_t base_alg = PSA_ALG_AEAD_WITH_DEFAULT_LENGTH_TAG(alg); + size_t tag_len = PSA_AEAD_TAG_LENGTH(key_type, key_bits, alg); + + const char *type_str = key_type == PSA_KEY_TYPE_AES ? "AES" + : key_type == PSA_KEY_TYPE_CHACHA20 ? "Chacha" + : "???"; + const char *base_str = base_alg == PSA_ALG_GCM ? "GCM" + : base_alg == PSA_ALG_CHACHA20_POLY1305 ? "ChachaPoly" + : "???"; + + printf("%s, %u, %s, %u\n", + type_str, (unsigned) key_bits, base_str, (unsigned) tag_len); +} + +/* + * Encrypt a 2-part message. + */ +static int aead_encrypt(psa_key_id_t key, psa_algorithm_t alg, + const unsigned char *iv, size_t iv_len, + const unsigned char *ad, size_t ad_len, + const unsigned char *part1, size_t part1_len, + const unsigned char *part2, size_t part2_len) +{ + psa_status_t status; + size_t olen, olen_tag; + unsigned char out[PSA_AEAD_ENCRYPT_OUTPUT_MAX_SIZE(MSG_MAX_SIZE)]; + unsigned char *p = out, *end = out + sizeof(out); + unsigned char tag[PSA_AEAD_TAG_MAX_SIZE]; + + psa_aead_operation_t op = PSA_AEAD_OPERATION_INIT; + PSA_CHECK(psa_aead_encrypt_setup(&op, key, alg)); + + PSA_CHECK(psa_aead_set_nonce(&op, iv, iv_len)); + PSA_CHECK(psa_aead_update_ad(&op, ad, ad_len)); + PSA_CHECK(psa_aead_update(&op, part1, part1_len, p, end - p, &olen)); + p += olen; + PSA_CHECK(psa_aead_update(&op, part2, part2_len, p, end - p, &olen)); + p += olen; + PSA_CHECK(psa_aead_finish(&op, p, end - p, &olen, + tag, sizeof(tag), &olen_tag)); + p += olen; + memcpy(p, tag, olen_tag); + p += olen_tag; + + olen = p - out; + print_buf("out", out, olen); + +exit: + psa_aead_abort(&op); // required on errors, harmless on success + return status; +} + +/* + * AEAD demo: set up key/alg, print out info, encrypt messages. + */ +static psa_status_t aead_demo(const char *info) +{ + psa_status_t status; + + psa_key_id_t key; + psa_algorithm_t alg; + + PSA_CHECK(aead_prepare(info, &key, &alg)); + + aead_info(key, alg); + + PSA_CHECK(aead_encrypt(key, alg, + iv1, sizeof(iv1), add_data1, sizeof(add_data1), + msg1_part1, sizeof(msg1_part1), + msg1_part2, sizeof(msg1_part2))); + PSA_CHECK(aead_encrypt(key, alg, + iv2, sizeof(iv2), add_data2, sizeof(add_data2), + msg2_part1, sizeof(msg2_part1), + msg2_part2, sizeof(msg2_part2))); + +exit: + psa_destroy_key(key); + + return status; +} + +/* + * Main function + */ +int main(int argc, char **argv) +{ + psa_status_t status = PSA_SUCCESS; + + /* Check usage */ + if (argc != 2) { + puts(usage); + return EXIT_FAILURE; + } + + /* Initialize the PSA crypto library. */ + PSA_CHECK(psa_crypto_init()); + + /* Run the demo */ + PSA_CHECK(aead_demo(argv[1])); + + /* Deinitialize the PSA crypto library. */ + mbedtls_psa_crypto_free(); + +exit: + return status == PSA_SUCCESS ? EXIT_SUCCESS : EXIT_FAILURE; +} + +#endif diff --git a/tests/psa-client-server/psasim/src/psa_functions_codes.h b/tests/psa-client-server/psasim/src/psa_functions_codes.h index 00937338dd..c68b416096 100644 --- a/tests/psa-client-server/psasim/src/psa_functions_codes.h +++ b/tests/psa-client-server/psasim/src/psa_functions_codes.h @@ -12,6 +12,20 @@ enum { /* Start here to avoid overlap with PSA_IPC_CONNECT, PSA_IPC_DISCONNECT * and VERSION_REQUEST */ PSA_CRYPTO_INIT = 100, + PSA_AEAD_ABORT, + PSA_AEAD_DECRYPT, + PSA_AEAD_DECRYPT_SETUP, + PSA_AEAD_ENCRYPT, + PSA_AEAD_ENCRYPT_SETUP, + PSA_AEAD_FINISH, + PSA_AEAD_GENERATE_NONCE, + PSA_AEAD_SET_LENGTHS, + PSA_AEAD_SET_NONCE, + PSA_AEAD_UPDATE, + PSA_AEAD_UPDATE_AD, + PSA_AEAD_VERIFY, + PSA_DESTROY_KEY, + PSA_GET_KEY_ATTRIBUTES, PSA_HASH_ABORT, PSA_HASH_CLONE, PSA_HASH_COMPARE, @@ -20,6 +34,7 @@ enum { PSA_HASH_SETUP, PSA_HASH_UPDATE, PSA_HASH_VERIFY, + PSA_IMPORT_KEY, }; #endif /* _PSA_FUNCTIONS_CODES_H_ */ diff --git a/tests/psa-client-server/psasim/src/psa_sim_crypto_client.c b/tests/psa-client-server/psasim/src/psa_sim_crypto_client.c index 505a976d0b..2ffb615de7 100644 --- a/tests/psa-client-server/psasim/src/psa_sim_crypto_client.c +++ b/tests/psa-client-server/psasim/src/psa_sim_crypto_client.c @@ -125,6 +125,1141 @@ void mbedtls_psa_crypto_free(void) } +psa_status_t psa_aead_abort( + psa_aead_operation_t *operation + ) +{ + uint8_t *params = NULL; + uint8_t *result = NULL; + size_t result_length; + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + + size_t needed = psasim_serialise_begin_needs() + + psasim_serialise_psa_aead_operation_t_needs(*operation); + + params = malloc(needed); + if (params == NULL) { + status = PSA_ERROR_INSUFFICIENT_MEMORY; + goto fail; + } + + uint8_t *pos = params; + size_t remaining = needed; + int ok; + ok = psasim_serialise_begin(&pos, &remaining); + if (!ok) { + goto fail; + } + ok = psasim_serialise_psa_aead_operation_t(&pos, &remaining, *operation); + if (!ok) { + goto fail; + } + + ok = psa_crypto_call(PSA_AEAD_ABORT, + params, (size_t) (pos - params), &result, &result_length); + if (!ok) { + printf("PSA_AEAD_ABORT server call failed\n"); + goto fail; + } + + uint8_t *rpos = result; + size_t rremain = result_length; + + ok = psasim_deserialise_begin(&rpos, &rremain); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_psa_status_t(&rpos, &rremain, &status); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_psa_aead_operation_t(&rpos, &rremain, operation); + if (!ok) { + goto fail; + } + +fail: + free(params); + free(result); + + return status; +} + + +psa_status_t psa_aead_decrypt( + mbedtls_svc_key_id_t key, + psa_algorithm_t alg, + const uint8_t *nonce, size_t nonce_length, + const uint8_t *additional_data, size_t additional_data_length, + const uint8_t *ciphertext, size_t ciphertext_length, + uint8_t *plaintext, size_t plaintext_size, + size_t *plaintext_length + ) +{ + uint8_t *params = NULL; + uint8_t *result = NULL; + size_t result_length; + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + + size_t needed = psasim_serialise_begin_needs() + + psasim_serialise_mbedtls_svc_key_id_t_needs(key) + + psasim_serialise_psa_algorithm_t_needs(alg) + + psasim_serialise_buffer_needs(nonce, nonce_length) + + psasim_serialise_buffer_needs(additional_data, additional_data_length) + + psasim_serialise_buffer_needs(ciphertext, ciphertext_length) + + psasim_serialise_buffer_needs(plaintext, plaintext_size) + + psasim_serialise_size_t_needs(*plaintext_length); + + params = malloc(needed); + if (params == NULL) { + status = PSA_ERROR_INSUFFICIENT_MEMORY; + goto fail; + } + + uint8_t *pos = params; + size_t remaining = needed; + int ok; + ok = psasim_serialise_begin(&pos, &remaining); + if (!ok) { + goto fail; + } + ok = psasim_serialise_mbedtls_svc_key_id_t(&pos, &remaining, key); + if (!ok) { + goto fail; + } + ok = psasim_serialise_psa_algorithm_t(&pos, &remaining, alg); + if (!ok) { + goto fail; + } + ok = psasim_serialise_buffer(&pos, &remaining, nonce, nonce_length); + if (!ok) { + goto fail; + } + ok = psasim_serialise_buffer(&pos, &remaining, additional_data, additional_data_length); + if (!ok) { + goto fail; + } + ok = psasim_serialise_buffer(&pos, &remaining, ciphertext, ciphertext_length); + if (!ok) { + goto fail; + } + ok = psasim_serialise_buffer(&pos, &remaining, plaintext, plaintext_size); + if (!ok) { + goto fail; + } + ok = psasim_serialise_size_t(&pos, &remaining, *plaintext_length); + if (!ok) { + goto fail; + } + + ok = psa_crypto_call(PSA_AEAD_DECRYPT, + params, (size_t) (pos - params), &result, &result_length); + if (!ok) { + printf("PSA_AEAD_DECRYPT server call failed\n"); + goto fail; + } + + uint8_t *rpos = result; + size_t rremain = result_length; + + ok = psasim_deserialise_begin(&rpos, &rremain); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_psa_status_t(&rpos, &rremain, &status); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_return_buffer(&rpos, &rremain, plaintext, plaintext_size); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_size_t(&rpos, &rremain, plaintext_length); + if (!ok) { + goto fail; + } + +fail: + free(params); + free(result); + + return status; +} + + +psa_status_t psa_aead_decrypt_setup( + psa_aead_operation_t *operation, + mbedtls_svc_key_id_t key, + psa_algorithm_t alg + ) +{ + uint8_t *params = NULL; + uint8_t *result = NULL; + size_t result_length; + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + + size_t needed = psasim_serialise_begin_needs() + + psasim_serialise_psa_aead_operation_t_needs(*operation) + + psasim_serialise_mbedtls_svc_key_id_t_needs(key) + + psasim_serialise_psa_algorithm_t_needs(alg); + + params = malloc(needed); + if (params == NULL) { + status = PSA_ERROR_INSUFFICIENT_MEMORY; + goto fail; + } + + uint8_t *pos = params; + size_t remaining = needed; + int ok; + ok = psasim_serialise_begin(&pos, &remaining); + if (!ok) { + goto fail; + } + ok = psasim_serialise_psa_aead_operation_t(&pos, &remaining, *operation); + if (!ok) { + goto fail; + } + ok = psasim_serialise_mbedtls_svc_key_id_t(&pos, &remaining, key); + if (!ok) { + goto fail; + } + ok = psasim_serialise_psa_algorithm_t(&pos, &remaining, alg); + if (!ok) { + goto fail; + } + + ok = psa_crypto_call(PSA_AEAD_DECRYPT_SETUP, + params, (size_t) (pos - params), &result, &result_length); + if (!ok) { + printf("PSA_AEAD_DECRYPT_SETUP server call failed\n"); + goto fail; + } + + uint8_t *rpos = result; + size_t rremain = result_length; + + ok = psasim_deserialise_begin(&rpos, &rremain); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_psa_status_t(&rpos, &rremain, &status); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_psa_aead_operation_t(&rpos, &rremain, operation); + if (!ok) { + goto fail; + } + +fail: + free(params); + free(result); + + return status; +} + + +psa_status_t psa_aead_encrypt( + mbedtls_svc_key_id_t key, + psa_algorithm_t alg, + const uint8_t *nonce, size_t nonce_length, + const uint8_t *additional_data, size_t additional_data_length, + const uint8_t *plaintext, size_t plaintext_length, + uint8_t *ciphertext, size_t ciphertext_size, + size_t *ciphertext_length + ) +{ + uint8_t *params = NULL; + uint8_t *result = NULL; + size_t result_length; + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + + size_t needed = psasim_serialise_begin_needs() + + psasim_serialise_mbedtls_svc_key_id_t_needs(key) + + psasim_serialise_psa_algorithm_t_needs(alg) + + psasim_serialise_buffer_needs(nonce, nonce_length) + + psasim_serialise_buffer_needs(additional_data, additional_data_length) + + psasim_serialise_buffer_needs(plaintext, plaintext_length) + + psasim_serialise_buffer_needs(ciphertext, ciphertext_size) + + psasim_serialise_size_t_needs(*ciphertext_length); + + params = malloc(needed); + if (params == NULL) { + status = PSA_ERROR_INSUFFICIENT_MEMORY; + goto fail; + } + + uint8_t *pos = params; + size_t remaining = needed; + int ok; + ok = psasim_serialise_begin(&pos, &remaining); + if (!ok) { + goto fail; + } + ok = psasim_serialise_mbedtls_svc_key_id_t(&pos, &remaining, key); + if (!ok) { + goto fail; + } + ok = psasim_serialise_psa_algorithm_t(&pos, &remaining, alg); + if (!ok) { + goto fail; + } + ok = psasim_serialise_buffer(&pos, &remaining, nonce, nonce_length); + if (!ok) { + goto fail; + } + ok = psasim_serialise_buffer(&pos, &remaining, additional_data, additional_data_length); + if (!ok) { + goto fail; + } + ok = psasim_serialise_buffer(&pos, &remaining, plaintext, plaintext_length); + if (!ok) { + goto fail; + } + ok = psasim_serialise_buffer(&pos, &remaining, ciphertext, ciphertext_size); + if (!ok) { + goto fail; + } + ok = psasim_serialise_size_t(&pos, &remaining, *ciphertext_length); + if (!ok) { + goto fail; + } + + ok = psa_crypto_call(PSA_AEAD_ENCRYPT, + params, (size_t) (pos - params), &result, &result_length); + if (!ok) { + printf("PSA_AEAD_ENCRYPT server call failed\n"); + goto fail; + } + + uint8_t *rpos = result; + size_t rremain = result_length; + + ok = psasim_deserialise_begin(&rpos, &rremain); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_psa_status_t(&rpos, &rremain, &status); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_return_buffer(&rpos, &rremain, ciphertext, ciphertext_size); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_size_t(&rpos, &rremain, ciphertext_length); + if (!ok) { + goto fail; + } + +fail: + free(params); + free(result); + + return status; +} + + +psa_status_t psa_aead_encrypt_setup( + psa_aead_operation_t *operation, + mbedtls_svc_key_id_t key, + psa_algorithm_t alg + ) +{ + uint8_t *params = NULL; + uint8_t *result = NULL; + size_t result_length; + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + + size_t needed = psasim_serialise_begin_needs() + + psasim_serialise_psa_aead_operation_t_needs(*operation) + + psasim_serialise_mbedtls_svc_key_id_t_needs(key) + + psasim_serialise_psa_algorithm_t_needs(alg); + + params = malloc(needed); + if (params == NULL) { + status = PSA_ERROR_INSUFFICIENT_MEMORY; + goto fail; + } + + uint8_t *pos = params; + size_t remaining = needed; + int ok; + ok = psasim_serialise_begin(&pos, &remaining); + if (!ok) { + goto fail; + } + ok = psasim_serialise_psa_aead_operation_t(&pos, &remaining, *operation); + if (!ok) { + goto fail; + } + ok = psasim_serialise_mbedtls_svc_key_id_t(&pos, &remaining, key); + if (!ok) { + goto fail; + } + ok = psasim_serialise_psa_algorithm_t(&pos, &remaining, alg); + if (!ok) { + goto fail; + } + + ok = psa_crypto_call(PSA_AEAD_ENCRYPT_SETUP, + params, (size_t) (pos - params), &result, &result_length); + if (!ok) { + printf("PSA_AEAD_ENCRYPT_SETUP server call failed\n"); + goto fail; + } + + uint8_t *rpos = result; + size_t rremain = result_length; + + ok = psasim_deserialise_begin(&rpos, &rremain); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_psa_status_t(&rpos, &rremain, &status); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_psa_aead_operation_t(&rpos, &rremain, operation); + if (!ok) { + goto fail; + } + +fail: + free(params); + free(result); + + return status; +} + + +psa_status_t psa_aead_finish( + psa_aead_operation_t *operation, + uint8_t *ciphertext, size_t ciphertext_size, + size_t *ciphertext_length, + uint8_t *tag, size_t tag_size, + size_t *tag_length + ) +{ + uint8_t *params = NULL; + uint8_t *result = NULL; + size_t result_length; + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + + size_t needed = psasim_serialise_begin_needs() + + psasim_serialise_psa_aead_operation_t_needs(*operation) + + psasim_serialise_buffer_needs(ciphertext, ciphertext_size) + + psasim_serialise_size_t_needs(*ciphertext_length) + + psasim_serialise_buffer_needs(tag, tag_size) + + psasim_serialise_size_t_needs(*tag_length); + + params = malloc(needed); + if (params == NULL) { + status = PSA_ERROR_INSUFFICIENT_MEMORY; + goto fail; + } + + uint8_t *pos = params; + size_t remaining = needed; + int ok; + ok = psasim_serialise_begin(&pos, &remaining); + if (!ok) { + goto fail; + } + ok = psasim_serialise_psa_aead_operation_t(&pos, &remaining, *operation); + if (!ok) { + goto fail; + } + ok = psasim_serialise_buffer(&pos, &remaining, ciphertext, ciphertext_size); + if (!ok) { + goto fail; + } + ok = psasim_serialise_size_t(&pos, &remaining, *ciphertext_length); + if (!ok) { + goto fail; + } + ok = psasim_serialise_buffer(&pos, &remaining, tag, tag_size); + if (!ok) { + goto fail; + } + ok = psasim_serialise_size_t(&pos, &remaining, *tag_length); + if (!ok) { + goto fail; + } + + ok = psa_crypto_call(PSA_AEAD_FINISH, + params, (size_t) (pos - params), &result, &result_length); + if (!ok) { + printf("PSA_AEAD_FINISH server call failed\n"); + goto fail; + } + + uint8_t *rpos = result; + size_t rremain = result_length; + + ok = psasim_deserialise_begin(&rpos, &rremain); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_psa_status_t(&rpos, &rremain, &status); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_psa_aead_operation_t(&rpos, &rremain, operation); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_return_buffer(&rpos, &rremain, ciphertext, ciphertext_size); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_size_t(&rpos, &rremain, ciphertext_length); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_return_buffer(&rpos, &rremain, tag, tag_size); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_size_t(&rpos, &rremain, tag_length); + if (!ok) { + goto fail; + } + +fail: + free(params); + free(result); + + return status; +} + + +psa_status_t psa_aead_generate_nonce( + psa_aead_operation_t *operation, + uint8_t *nonce, size_t nonce_size, + size_t *nonce_length + ) +{ + uint8_t *params = NULL; + uint8_t *result = NULL; + size_t result_length; + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + + size_t needed = psasim_serialise_begin_needs() + + psasim_serialise_psa_aead_operation_t_needs(*operation) + + psasim_serialise_buffer_needs(nonce, nonce_size) + + psasim_serialise_size_t_needs(*nonce_length); + + params = malloc(needed); + if (params == NULL) { + status = PSA_ERROR_INSUFFICIENT_MEMORY; + goto fail; + } + + uint8_t *pos = params; + size_t remaining = needed; + int ok; + ok = psasim_serialise_begin(&pos, &remaining); + if (!ok) { + goto fail; + } + ok = psasim_serialise_psa_aead_operation_t(&pos, &remaining, *operation); + if (!ok) { + goto fail; + } + ok = psasim_serialise_buffer(&pos, &remaining, nonce, nonce_size); + if (!ok) { + goto fail; + } + ok = psasim_serialise_size_t(&pos, &remaining, *nonce_length); + if (!ok) { + goto fail; + } + + ok = psa_crypto_call(PSA_AEAD_GENERATE_NONCE, + params, (size_t) (pos - params), &result, &result_length); + if (!ok) { + printf("PSA_AEAD_GENERATE_NONCE server call failed\n"); + goto fail; + } + + uint8_t *rpos = result; + size_t rremain = result_length; + + ok = psasim_deserialise_begin(&rpos, &rremain); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_psa_status_t(&rpos, &rremain, &status); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_psa_aead_operation_t(&rpos, &rremain, operation); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_return_buffer(&rpos, &rremain, nonce, nonce_size); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_size_t(&rpos, &rremain, nonce_length); + if (!ok) { + goto fail; + } + +fail: + free(params); + free(result); + + return status; +} + + +psa_status_t psa_aead_set_lengths( + psa_aead_operation_t *operation, + size_t ad_length, + size_t plaintext_length + ) +{ + uint8_t *params = NULL; + uint8_t *result = NULL; + size_t result_length; + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + + size_t needed = psasim_serialise_begin_needs() + + psasim_serialise_psa_aead_operation_t_needs(*operation) + + psasim_serialise_size_t_needs(ad_length) + + psasim_serialise_size_t_needs(plaintext_length); + + params = malloc(needed); + if (params == NULL) { + status = PSA_ERROR_INSUFFICIENT_MEMORY; + goto fail; + } + + uint8_t *pos = params; + size_t remaining = needed; + int ok; + ok = psasim_serialise_begin(&pos, &remaining); + if (!ok) { + goto fail; + } + ok = psasim_serialise_psa_aead_operation_t(&pos, &remaining, *operation); + if (!ok) { + goto fail; + } + ok = psasim_serialise_size_t(&pos, &remaining, ad_length); + if (!ok) { + goto fail; + } + ok = psasim_serialise_size_t(&pos, &remaining, plaintext_length); + if (!ok) { + goto fail; + } + + ok = psa_crypto_call(PSA_AEAD_SET_LENGTHS, + params, (size_t) (pos - params), &result, &result_length); + if (!ok) { + printf("PSA_AEAD_SET_LENGTHS server call failed\n"); + goto fail; + } + + uint8_t *rpos = result; + size_t rremain = result_length; + + ok = psasim_deserialise_begin(&rpos, &rremain); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_psa_status_t(&rpos, &rremain, &status); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_psa_aead_operation_t(&rpos, &rremain, operation); + if (!ok) { + goto fail; + } + +fail: + free(params); + free(result); + + return status; +} + + +psa_status_t psa_aead_set_nonce( + psa_aead_operation_t *operation, + const uint8_t *nonce, size_t nonce_length + ) +{ + uint8_t *params = NULL; + uint8_t *result = NULL; + size_t result_length; + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + + size_t needed = psasim_serialise_begin_needs() + + psasim_serialise_psa_aead_operation_t_needs(*operation) + + psasim_serialise_buffer_needs(nonce, nonce_length); + + params = malloc(needed); + if (params == NULL) { + status = PSA_ERROR_INSUFFICIENT_MEMORY; + goto fail; + } + + uint8_t *pos = params; + size_t remaining = needed; + int ok; + ok = psasim_serialise_begin(&pos, &remaining); + if (!ok) { + goto fail; + } + ok = psasim_serialise_psa_aead_operation_t(&pos, &remaining, *operation); + if (!ok) { + goto fail; + } + ok = psasim_serialise_buffer(&pos, &remaining, nonce, nonce_length); + if (!ok) { + goto fail; + } + + ok = psa_crypto_call(PSA_AEAD_SET_NONCE, + params, (size_t) (pos - params), &result, &result_length); + if (!ok) { + printf("PSA_AEAD_SET_NONCE server call failed\n"); + goto fail; + } + + uint8_t *rpos = result; + size_t rremain = result_length; + + ok = psasim_deserialise_begin(&rpos, &rremain); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_psa_status_t(&rpos, &rremain, &status); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_psa_aead_operation_t(&rpos, &rremain, operation); + if (!ok) { + goto fail; + } + +fail: + free(params); + free(result); + + return status; +} + + +psa_status_t psa_aead_update( + psa_aead_operation_t *operation, + const uint8_t *input, size_t input_length, + uint8_t *output, size_t output_size, + size_t *output_length + ) +{ + uint8_t *params = NULL; + uint8_t *result = NULL; + size_t result_length; + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + + size_t needed = psasim_serialise_begin_needs() + + psasim_serialise_psa_aead_operation_t_needs(*operation) + + psasim_serialise_buffer_needs(input, input_length) + + psasim_serialise_buffer_needs(output, output_size) + + psasim_serialise_size_t_needs(*output_length); + + params = malloc(needed); + if (params == NULL) { + status = PSA_ERROR_INSUFFICIENT_MEMORY; + goto fail; + } + + uint8_t *pos = params; + size_t remaining = needed; + int ok; + ok = psasim_serialise_begin(&pos, &remaining); + if (!ok) { + goto fail; + } + ok = psasim_serialise_psa_aead_operation_t(&pos, &remaining, *operation); + if (!ok) { + goto fail; + } + ok = psasim_serialise_buffer(&pos, &remaining, input, input_length); + if (!ok) { + goto fail; + } + ok = psasim_serialise_buffer(&pos, &remaining, output, output_size); + if (!ok) { + goto fail; + } + ok = psasim_serialise_size_t(&pos, &remaining, *output_length); + if (!ok) { + goto fail; + } + + ok = psa_crypto_call(PSA_AEAD_UPDATE, + params, (size_t) (pos - params), &result, &result_length); + if (!ok) { + printf("PSA_AEAD_UPDATE server call failed\n"); + goto fail; + } + + uint8_t *rpos = result; + size_t rremain = result_length; + + ok = psasim_deserialise_begin(&rpos, &rremain); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_psa_status_t(&rpos, &rremain, &status); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_psa_aead_operation_t(&rpos, &rremain, operation); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_return_buffer(&rpos, &rremain, output, output_size); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_size_t(&rpos, &rremain, output_length); + if (!ok) { + goto fail; + } + +fail: + free(params); + free(result); + + return status; +} + + +psa_status_t psa_aead_update_ad( + psa_aead_operation_t *operation, + const uint8_t *input, size_t input_length + ) +{ + uint8_t *params = NULL; + uint8_t *result = NULL; + size_t result_length; + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + + size_t needed = psasim_serialise_begin_needs() + + psasim_serialise_psa_aead_operation_t_needs(*operation) + + psasim_serialise_buffer_needs(input, input_length); + + params = malloc(needed); + if (params == NULL) { + status = PSA_ERROR_INSUFFICIENT_MEMORY; + goto fail; + } + + uint8_t *pos = params; + size_t remaining = needed; + int ok; + ok = psasim_serialise_begin(&pos, &remaining); + if (!ok) { + goto fail; + } + ok = psasim_serialise_psa_aead_operation_t(&pos, &remaining, *operation); + if (!ok) { + goto fail; + } + ok = psasim_serialise_buffer(&pos, &remaining, input, input_length); + if (!ok) { + goto fail; + } + + ok = psa_crypto_call(PSA_AEAD_UPDATE_AD, + params, (size_t) (pos - params), &result, &result_length); + if (!ok) { + printf("PSA_AEAD_UPDATE_AD server call failed\n"); + goto fail; + } + + uint8_t *rpos = result; + size_t rremain = result_length; + + ok = psasim_deserialise_begin(&rpos, &rremain); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_psa_status_t(&rpos, &rremain, &status); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_psa_aead_operation_t(&rpos, &rremain, operation); + if (!ok) { + goto fail; + } + +fail: + free(params); + free(result); + + return status; +} + + +psa_status_t psa_aead_verify( + psa_aead_operation_t *operation, + uint8_t *plaintext, size_t plaintext_size, + size_t *plaintext_length, + const uint8_t *tag, size_t tag_length + ) +{ + uint8_t *params = NULL; + uint8_t *result = NULL; + size_t result_length; + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + + size_t needed = psasim_serialise_begin_needs() + + psasim_serialise_psa_aead_operation_t_needs(*operation) + + psasim_serialise_buffer_needs(plaintext, plaintext_size) + + psasim_serialise_size_t_needs(*plaintext_length) + + psasim_serialise_buffer_needs(tag, tag_length); + + params = malloc(needed); + if (params == NULL) { + status = PSA_ERROR_INSUFFICIENT_MEMORY; + goto fail; + } + + uint8_t *pos = params; + size_t remaining = needed; + int ok; + ok = psasim_serialise_begin(&pos, &remaining); + if (!ok) { + goto fail; + } + ok = psasim_serialise_psa_aead_operation_t(&pos, &remaining, *operation); + if (!ok) { + goto fail; + } + ok = psasim_serialise_buffer(&pos, &remaining, plaintext, plaintext_size); + if (!ok) { + goto fail; + } + ok = psasim_serialise_size_t(&pos, &remaining, *plaintext_length); + if (!ok) { + goto fail; + } + ok = psasim_serialise_buffer(&pos, &remaining, tag, tag_length); + if (!ok) { + goto fail; + } + + ok = psa_crypto_call(PSA_AEAD_VERIFY, + params, (size_t) (pos - params), &result, &result_length); + if (!ok) { + printf("PSA_AEAD_VERIFY server call failed\n"); + goto fail; + } + + uint8_t *rpos = result; + size_t rremain = result_length; + + ok = psasim_deserialise_begin(&rpos, &rremain); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_psa_status_t(&rpos, &rremain, &status); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_psa_aead_operation_t(&rpos, &rremain, operation); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_return_buffer(&rpos, &rremain, plaintext, plaintext_size); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_size_t(&rpos, &rremain, plaintext_length); + if (!ok) { + goto fail; + } + +fail: + free(params); + free(result); + + return status; +} + + +psa_status_t psa_destroy_key( + mbedtls_svc_key_id_t key + ) +{ + uint8_t *params = NULL; + uint8_t *result = NULL; + size_t result_length; + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + + size_t needed = psasim_serialise_begin_needs() + + psasim_serialise_mbedtls_svc_key_id_t_needs(key); + + params = malloc(needed); + if (params == NULL) { + status = PSA_ERROR_INSUFFICIENT_MEMORY; + goto fail; + } + + uint8_t *pos = params; + size_t remaining = needed; + int ok; + ok = psasim_serialise_begin(&pos, &remaining); + if (!ok) { + goto fail; + } + ok = psasim_serialise_mbedtls_svc_key_id_t(&pos, &remaining, key); + if (!ok) { + goto fail; + } + + ok = psa_crypto_call(PSA_DESTROY_KEY, + params, (size_t) (pos - params), &result, &result_length); + if (!ok) { + printf("PSA_DESTROY_KEY server call failed\n"); + goto fail; + } + + uint8_t *rpos = result; + size_t rremain = result_length; + + ok = psasim_deserialise_begin(&rpos, &rremain); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_psa_status_t(&rpos, &rremain, &status); + if (!ok) { + goto fail; + } + +fail: + free(params); + free(result); + + return status; +} + + +psa_status_t psa_get_key_attributes( + mbedtls_svc_key_id_t key, + psa_key_attributes_t *attributes + ) +{ + uint8_t *params = NULL; + uint8_t *result = NULL; + size_t result_length; + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + + size_t needed = psasim_serialise_begin_needs() + + psasim_serialise_mbedtls_svc_key_id_t_needs(key) + + psasim_serialise_psa_key_attributes_t_needs(*attributes); + + params = malloc(needed); + if (params == NULL) { + status = PSA_ERROR_INSUFFICIENT_MEMORY; + goto fail; + } + + uint8_t *pos = params; + size_t remaining = needed; + int ok; + ok = psasim_serialise_begin(&pos, &remaining); + if (!ok) { + goto fail; + } + ok = psasim_serialise_mbedtls_svc_key_id_t(&pos, &remaining, key); + if (!ok) { + goto fail; + } + ok = psasim_serialise_psa_key_attributes_t(&pos, &remaining, *attributes); + if (!ok) { + goto fail; + } + + ok = psa_crypto_call(PSA_GET_KEY_ATTRIBUTES, + params, (size_t) (pos - params), &result, &result_length); + if (!ok) { + printf("PSA_GET_KEY_ATTRIBUTES server call failed\n"); + goto fail; + } + + uint8_t *rpos = result; + size_t rremain = result_length; + + ok = psasim_deserialise_begin(&rpos, &rremain); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_psa_status_t(&rpos, &rremain, &status); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_psa_key_attributes_t(&rpos, &rremain, attributes); + if (!ok) { + goto fail; + } + +fail: + free(params); + free(result); + + return status; +} + + psa_status_t psa_hash_abort( psa_hash_operation_t *operation ) @@ -703,3 +1838,78 @@ fail: return status; } + + +psa_status_t psa_import_key( + const psa_key_attributes_t *attributes, + const uint8_t *data, size_t data_length, + mbedtls_svc_key_id_t *key + ) +{ + uint8_t *params = NULL; + uint8_t *result = NULL; + size_t result_length; + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + + size_t needed = psasim_serialise_begin_needs() + + psasim_serialise_psa_key_attributes_t_needs(*attributes) + + psasim_serialise_buffer_needs(data, data_length) + + psasim_serialise_mbedtls_svc_key_id_t_needs(*key); + + params = malloc(needed); + if (params == NULL) { + status = PSA_ERROR_INSUFFICIENT_MEMORY; + goto fail; + } + + uint8_t *pos = params; + size_t remaining = needed; + int ok; + ok = psasim_serialise_begin(&pos, &remaining); + if (!ok) { + goto fail; + } + ok = psasim_serialise_psa_key_attributes_t(&pos, &remaining, *attributes); + if (!ok) { + goto fail; + } + ok = psasim_serialise_buffer(&pos, &remaining, data, data_length); + if (!ok) { + goto fail; + } + ok = psasim_serialise_mbedtls_svc_key_id_t(&pos, &remaining, *key); + if (!ok) { + goto fail; + } + + ok = psa_crypto_call(PSA_IMPORT_KEY, + params, (size_t) (pos - params), &result, &result_length); + if (!ok) { + printf("PSA_IMPORT_KEY server call failed\n"); + goto fail; + } + + uint8_t *rpos = result; + size_t rremain = result_length; + + ok = psasim_deserialise_begin(&rpos, &rremain); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_psa_status_t(&rpos, &rremain, &status); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_mbedtls_svc_key_id_t(&rpos, &rremain, key); + if (!ok) { + goto fail; + } + +fail: + free(params); + free(result); + + return status; +} diff --git a/tests/psa-client-server/psasim/src/psa_sim_crypto_server.c b/tests/psa-client-server/psasim/src/psa_sim_crypto_server.c index 581254259e..da3adb0d31 100644 --- a/tests/psa-client-server/psasim/src/psa_sim_crypto_server.c +++ b/tests/psa-client-server/psasim/src/psa_sim_crypto_server.c @@ -70,6 +70,1336 @@ fail: return 0; // This shouldn't happen! } +// Returns 1 for success, 0 for failure +int psa_aead_abort_wrapper( + uint8_t *in_params, size_t in_params_len, + uint8_t **out_params, size_t *out_params_len) +{ + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + psa_aead_operation_t *operation; + + uint8_t *pos = in_params; + size_t remaining = in_params_len; + uint8_t *result = NULL; + int ok; + + ok = psasim_deserialise_begin(&pos, &remaining); + if (!ok) { + goto fail; + } + + ok = psasim_server_deserialise_psa_aead_operation_t(&pos, &remaining, &operation); + if (!ok) { + goto fail; + } + + // Now we call the actual target function + + status = psa_aead_abort( + operation + ); + + // NOTE: Should really check there is no overflow as we go along. + size_t result_size = + psasim_serialise_begin_needs() + + psasim_serialise_psa_status_t_needs(status) + + psasim_server_serialise_psa_aead_operation_t_needs(operation); + + result = malloc(result_size); + if (result == NULL) { + goto fail; + } + + uint8_t *rpos = result; + size_t rremain = result_size; + + ok = psasim_serialise_begin(&rpos, &rremain); + if (!ok) { + goto fail; + } + + ok = psasim_serialise_psa_status_t(&rpos, &rremain, status); + if (!ok) { + goto fail; + } + + ok = psasim_server_serialise_psa_aead_operation_t(&rpos, &rremain, operation); + if (!ok) { + goto fail; + } + + *out_params = result; + *out_params_len = result_size; + + return 1; // success + +fail: + free(result); + + return 0; // This shouldn't happen! +} + +// Returns 1 for success, 0 for failure +int psa_aead_decrypt_wrapper( + uint8_t *in_params, size_t in_params_len, + uint8_t **out_params, size_t *out_params_len) +{ + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + mbedtls_svc_key_id_t key; + psa_algorithm_t alg; + uint8_t *nonce = NULL; + size_t nonce_length; + uint8_t *additional_data = NULL; + size_t additional_data_length; + uint8_t *ciphertext = NULL; + size_t ciphertext_length; + uint8_t *plaintext = NULL; + size_t plaintext_size; + size_t plaintext_length; + + uint8_t *pos = in_params; + size_t remaining = in_params_len; + uint8_t *result = NULL; + int ok; + + ok = psasim_deserialise_begin(&pos, &remaining); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_mbedtls_svc_key_id_t(&pos, &remaining, &key); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_psa_algorithm_t(&pos, &remaining, &alg); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_buffer(&pos, &remaining, &nonce, &nonce_length); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_buffer(&pos, &remaining, &additional_data, &additional_data_length); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_buffer(&pos, &remaining, &ciphertext, &ciphertext_length); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_buffer(&pos, &remaining, &plaintext, &plaintext_size); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_size_t(&pos, &remaining, &plaintext_length); + if (!ok) { + goto fail; + } + + // Now we call the actual target function + + status = psa_aead_decrypt( + key, + alg, + nonce, nonce_length, + additional_data, additional_data_length, + ciphertext, ciphertext_length, + plaintext, plaintext_size, + &plaintext_length + ); + + // NOTE: Should really check there is no overflow as we go along. + size_t result_size = + psasim_serialise_begin_needs() + + psasim_serialise_psa_status_t_needs(status) + + psasim_serialise_buffer_needs(plaintext, plaintext_size) + + psasim_serialise_size_t_needs(plaintext_length); + + result = malloc(result_size); + if (result == NULL) { + goto fail; + } + + uint8_t *rpos = result; + size_t rremain = result_size; + + ok = psasim_serialise_begin(&rpos, &rremain); + if (!ok) { + goto fail; + } + + ok = psasim_serialise_psa_status_t(&rpos, &rremain, status); + if (!ok) { + goto fail; + } + + ok = psasim_serialise_buffer(&rpos, &rremain, plaintext, plaintext_size); + if (!ok) { + goto fail; + } + + ok = psasim_serialise_size_t(&rpos, &rremain, plaintext_length); + if (!ok) { + goto fail; + } + + *out_params = result; + *out_params_len = result_size; + + free(nonce); + free(additional_data); + free(ciphertext); + free(plaintext); + + return 1; // success + +fail: + free(result); + + free(nonce); + free(additional_data); + free(ciphertext); + free(plaintext); + + return 0; // This shouldn't happen! +} + +// Returns 1 for success, 0 for failure +int psa_aead_decrypt_setup_wrapper( + uint8_t *in_params, size_t in_params_len, + uint8_t **out_params, size_t *out_params_len) +{ + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + psa_aead_operation_t *operation; + mbedtls_svc_key_id_t key; + psa_algorithm_t alg; + + uint8_t *pos = in_params; + size_t remaining = in_params_len; + uint8_t *result = NULL; + int ok; + + ok = psasim_deserialise_begin(&pos, &remaining); + if (!ok) { + goto fail; + } + + ok = psasim_server_deserialise_psa_aead_operation_t(&pos, &remaining, &operation); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_mbedtls_svc_key_id_t(&pos, &remaining, &key); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_psa_algorithm_t(&pos, &remaining, &alg); + if (!ok) { + goto fail; + } + + // Now we call the actual target function + + status = psa_aead_decrypt_setup( + operation, + key, + alg + ); + + // NOTE: Should really check there is no overflow as we go along. + size_t result_size = + psasim_serialise_begin_needs() + + psasim_serialise_psa_status_t_needs(status) + + psasim_server_serialise_psa_aead_operation_t_needs(operation); + + result = malloc(result_size); + if (result == NULL) { + goto fail; + } + + uint8_t *rpos = result; + size_t rremain = result_size; + + ok = psasim_serialise_begin(&rpos, &rremain); + if (!ok) { + goto fail; + } + + ok = psasim_serialise_psa_status_t(&rpos, &rremain, status); + if (!ok) { + goto fail; + } + + ok = psasim_server_serialise_psa_aead_operation_t(&rpos, &rremain, operation); + if (!ok) { + goto fail; + } + + *out_params = result; + *out_params_len = result_size; + + return 1; // success + +fail: + free(result); + + return 0; // This shouldn't happen! +} + +// Returns 1 for success, 0 for failure +int psa_aead_encrypt_wrapper( + uint8_t *in_params, size_t in_params_len, + uint8_t **out_params, size_t *out_params_len) +{ + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + mbedtls_svc_key_id_t key; + psa_algorithm_t alg; + uint8_t *nonce = NULL; + size_t nonce_length; + uint8_t *additional_data = NULL; + size_t additional_data_length; + uint8_t *plaintext = NULL; + size_t plaintext_length; + uint8_t *ciphertext = NULL; + size_t ciphertext_size; + size_t ciphertext_length; + + uint8_t *pos = in_params; + size_t remaining = in_params_len; + uint8_t *result = NULL; + int ok; + + ok = psasim_deserialise_begin(&pos, &remaining); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_mbedtls_svc_key_id_t(&pos, &remaining, &key); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_psa_algorithm_t(&pos, &remaining, &alg); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_buffer(&pos, &remaining, &nonce, &nonce_length); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_buffer(&pos, &remaining, &additional_data, &additional_data_length); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_buffer(&pos, &remaining, &plaintext, &plaintext_length); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_buffer(&pos, &remaining, &ciphertext, &ciphertext_size); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_size_t(&pos, &remaining, &ciphertext_length); + if (!ok) { + goto fail; + } + + // Now we call the actual target function + + status = psa_aead_encrypt( + key, + alg, + nonce, nonce_length, + additional_data, additional_data_length, + plaintext, plaintext_length, + ciphertext, ciphertext_size, + &ciphertext_length + ); + + // NOTE: Should really check there is no overflow as we go along. + size_t result_size = + psasim_serialise_begin_needs() + + psasim_serialise_psa_status_t_needs(status) + + psasim_serialise_buffer_needs(ciphertext, ciphertext_size) + + psasim_serialise_size_t_needs(ciphertext_length); + + result = malloc(result_size); + if (result == NULL) { + goto fail; + } + + uint8_t *rpos = result; + size_t rremain = result_size; + + ok = psasim_serialise_begin(&rpos, &rremain); + if (!ok) { + goto fail; + } + + ok = psasim_serialise_psa_status_t(&rpos, &rremain, status); + if (!ok) { + goto fail; + } + + ok = psasim_serialise_buffer(&rpos, &rremain, ciphertext, ciphertext_size); + if (!ok) { + goto fail; + } + + ok = psasim_serialise_size_t(&rpos, &rremain, ciphertext_length); + if (!ok) { + goto fail; + } + + *out_params = result; + *out_params_len = result_size; + + free(nonce); + free(additional_data); + free(plaintext); + free(ciphertext); + + return 1; // success + +fail: + free(result); + + free(nonce); + free(additional_data); + free(plaintext); + free(ciphertext); + + return 0; // This shouldn't happen! +} + +// Returns 1 for success, 0 for failure +int psa_aead_encrypt_setup_wrapper( + uint8_t *in_params, size_t in_params_len, + uint8_t **out_params, size_t *out_params_len) +{ + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + psa_aead_operation_t *operation; + mbedtls_svc_key_id_t key; + psa_algorithm_t alg; + + uint8_t *pos = in_params; + size_t remaining = in_params_len; + uint8_t *result = NULL; + int ok; + + ok = psasim_deserialise_begin(&pos, &remaining); + if (!ok) { + goto fail; + } + + ok = psasim_server_deserialise_psa_aead_operation_t(&pos, &remaining, &operation); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_mbedtls_svc_key_id_t(&pos, &remaining, &key); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_psa_algorithm_t(&pos, &remaining, &alg); + if (!ok) { + goto fail; + } + + // Now we call the actual target function + + status = psa_aead_encrypt_setup( + operation, + key, + alg + ); + + // NOTE: Should really check there is no overflow as we go along. + size_t result_size = + psasim_serialise_begin_needs() + + psasim_serialise_psa_status_t_needs(status) + + psasim_server_serialise_psa_aead_operation_t_needs(operation); + + result = malloc(result_size); + if (result == NULL) { + goto fail; + } + + uint8_t *rpos = result; + size_t rremain = result_size; + + ok = psasim_serialise_begin(&rpos, &rremain); + if (!ok) { + goto fail; + } + + ok = psasim_serialise_psa_status_t(&rpos, &rremain, status); + if (!ok) { + goto fail; + } + + ok = psasim_server_serialise_psa_aead_operation_t(&rpos, &rremain, operation); + if (!ok) { + goto fail; + } + + *out_params = result; + *out_params_len = result_size; + + return 1; // success + +fail: + free(result); + + return 0; // This shouldn't happen! +} + +// Returns 1 for success, 0 for failure +int psa_aead_finish_wrapper( + uint8_t *in_params, size_t in_params_len, + uint8_t **out_params, size_t *out_params_len) +{ + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + psa_aead_operation_t *operation; + uint8_t *ciphertext = NULL; + size_t ciphertext_size; + size_t ciphertext_length; + uint8_t *tag = NULL; + size_t tag_size; + size_t tag_length; + + uint8_t *pos = in_params; + size_t remaining = in_params_len; + uint8_t *result = NULL; + int ok; + + ok = psasim_deserialise_begin(&pos, &remaining); + if (!ok) { + goto fail; + } + + ok = psasim_server_deserialise_psa_aead_operation_t(&pos, &remaining, &operation); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_buffer(&pos, &remaining, &ciphertext, &ciphertext_size); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_size_t(&pos, &remaining, &ciphertext_length); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_buffer(&pos, &remaining, &tag, &tag_size); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_size_t(&pos, &remaining, &tag_length); + if (!ok) { + goto fail; + } + + // Now we call the actual target function + + status = psa_aead_finish( + operation, + ciphertext, ciphertext_size, + &ciphertext_length, + tag, tag_size, + &tag_length + ); + + // NOTE: Should really check there is no overflow as we go along. + size_t result_size = + psasim_serialise_begin_needs() + + psasim_serialise_psa_status_t_needs(status) + + psasim_server_serialise_psa_aead_operation_t_needs(operation) + + psasim_serialise_buffer_needs(ciphertext, ciphertext_size) + + psasim_serialise_size_t_needs(ciphertext_length) + + psasim_serialise_buffer_needs(tag, tag_size) + + psasim_serialise_size_t_needs(tag_length); + + result = malloc(result_size); + if (result == NULL) { + goto fail; + } + + uint8_t *rpos = result; + size_t rremain = result_size; + + ok = psasim_serialise_begin(&rpos, &rremain); + if (!ok) { + goto fail; + } + + ok = psasim_serialise_psa_status_t(&rpos, &rremain, status); + if (!ok) { + goto fail; + } + + ok = psasim_server_serialise_psa_aead_operation_t(&rpos, &rremain, operation); + if (!ok) { + goto fail; + } + + ok = psasim_serialise_buffer(&rpos, &rremain, ciphertext, ciphertext_size); + if (!ok) { + goto fail; + } + + ok = psasim_serialise_size_t(&rpos, &rremain, ciphertext_length); + if (!ok) { + goto fail; + } + + ok = psasim_serialise_buffer(&rpos, &rremain, tag, tag_size); + if (!ok) { + goto fail; + } + + ok = psasim_serialise_size_t(&rpos, &rremain, tag_length); + if (!ok) { + goto fail; + } + + *out_params = result; + *out_params_len = result_size; + + free(ciphertext); + free(tag); + + return 1; // success + +fail: + free(result); + + free(ciphertext); + free(tag); + + return 0; // This shouldn't happen! +} + +// Returns 1 for success, 0 for failure +int psa_aead_generate_nonce_wrapper( + uint8_t *in_params, size_t in_params_len, + uint8_t **out_params, size_t *out_params_len) +{ + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + psa_aead_operation_t *operation; + uint8_t *nonce = NULL; + size_t nonce_size; + size_t nonce_length; + + uint8_t *pos = in_params; + size_t remaining = in_params_len; + uint8_t *result = NULL; + int ok; + + ok = psasim_deserialise_begin(&pos, &remaining); + if (!ok) { + goto fail; + } + + ok = psasim_server_deserialise_psa_aead_operation_t(&pos, &remaining, &operation); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_buffer(&pos, &remaining, &nonce, &nonce_size); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_size_t(&pos, &remaining, &nonce_length); + if (!ok) { + goto fail; + } + + // Now we call the actual target function + + status = psa_aead_generate_nonce( + operation, + nonce, nonce_size, + &nonce_length + ); + + // NOTE: Should really check there is no overflow as we go along. + size_t result_size = + psasim_serialise_begin_needs() + + psasim_serialise_psa_status_t_needs(status) + + psasim_server_serialise_psa_aead_operation_t_needs(operation) + + psasim_serialise_buffer_needs(nonce, nonce_size) + + psasim_serialise_size_t_needs(nonce_length); + + result = malloc(result_size); + if (result == NULL) { + goto fail; + } + + uint8_t *rpos = result; + size_t rremain = result_size; + + ok = psasim_serialise_begin(&rpos, &rremain); + if (!ok) { + goto fail; + } + + ok = psasim_serialise_psa_status_t(&rpos, &rremain, status); + if (!ok) { + goto fail; + } + + ok = psasim_server_serialise_psa_aead_operation_t(&rpos, &rremain, operation); + if (!ok) { + goto fail; + } + + ok = psasim_serialise_buffer(&rpos, &rremain, nonce, nonce_size); + if (!ok) { + goto fail; + } + + ok = psasim_serialise_size_t(&rpos, &rremain, nonce_length); + if (!ok) { + goto fail; + } + + *out_params = result; + *out_params_len = result_size; + + free(nonce); + + return 1; // success + +fail: + free(result); + + free(nonce); + + return 0; // This shouldn't happen! +} + +// Returns 1 for success, 0 for failure +int psa_aead_set_lengths_wrapper( + uint8_t *in_params, size_t in_params_len, + uint8_t **out_params, size_t *out_params_len) +{ + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + psa_aead_operation_t *operation; + size_t ad_length; + size_t plaintext_length; + + uint8_t *pos = in_params; + size_t remaining = in_params_len; + uint8_t *result = NULL; + int ok; + + ok = psasim_deserialise_begin(&pos, &remaining); + if (!ok) { + goto fail; + } + + ok = psasim_server_deserialise_psa_aead_operation_t(&pos, &remaining, &operation); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_size_t(&pos, &remaining, &ad_length); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_size_t(&pos, &remaining, &plaintext_length); + if (!ok) { + goto fail; + } + + // Now we call the actual target function + + status = psa_aead_set_lengths( + operation, + ad_length, + plaintext_length + ); + + // NOTE: Should really check there is no overflow as we go along. + size_t result_size = + psasim_serialise_begin_needs() + + psasim_serialise_psa_status_t_needs(status) + + psasim_server_serialise_psa_aead_operation_t_needs(operation); + + result = malloc(result_size); + if (result == NULL) { + goto fail; + } + + uint8_t *rpos = result; + size_t rremain = result_size; + + ok = psasim_serialise_begin(&rpos, &rremain); + if (!ok) { + goto fail; + } + + ok = psasim_serialise_psa_status_t(&rpos, &rremain, status); + if (!ok) { + goto fail; + } + + ok = psasim_server_serialise_psa_aead_operation_t(&rpos, &rremain, operation); + if (!ok) { + goto fail; + } + + *out_params = result; + *out_params_len = result_size; + + return 1; // success + +fail: + free(result); + + return 0; // This shouldn't happen! +} + +// Returns 1 for success, 0 for failure +int psa_aead_set_nonce_wrapper( + uint8_t *in_params, size_t in_params_len, + uint8_t **out_params, size_t *out_params_len) +{ + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + psa_aead_operation_t *operation; + uint8_t *nonce = NULL; + size_t nonce_length; + + uint8_t *pos = in_params; + size_t remaining = in_params_len; + uint8_t *result = NULL; + int ok; + + ok = psasim_deserialise_begin(&pos, &remaining); + if (!ok) { + goto fail; + } + + ok = psasim_server_deserialise_psa_aead_operation_t(&pos, &remaining, &operation); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_buffer(&pos, &remaining, &nonce, &nonce_length); + if (!ok) { + goto fail; + } + + // Now we call the actual target function + + status = psa_aead_set_nonce( + operation, + nonce, nonce_length + ); + + // NOTE: Should really check there is no overflow as we go along. + size_t result_size = + psasim_serialise_begin_needs() + + psasim_serialise_psa_status_t_needs(status) + + psasim_server_serialise_psa_aead_operation_t_needs(operation); + + result = malloc(result_size); + if (result == NULL) { + goto fail; + } + + uint8_t *rpos = result; + size_t rremain = result_size; + + ok = psasim_serialise_begin(&rpos, &rremain); + if (!ok) { + goto fail; + } + + ok = psasim_serialise_psa_status_t(&rpos, &rremain, status); + if (!ok) { + goto fail; + } + + ok = psasim_server_serialise_psa_aead_operation_t(&rpos, &rremain, operation); + if (!ok) { + goto fail; + } + + *out_params = result; + *out_params_len = result_size; + + free(nonce); + + return 1; // success + +fail: + free(result); + + free(nonce); + + return 0; // This shouldn't happen! +} + +// Returns 1 for success, 0 for failure +int psa_aead_update_wrapper( + uint8_t *in_params, size_t in_params_len, + uint8_t **out_params, size_t *out_params_len) +{ + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + psa_aead_operation_t *operation; + uint8_t *input = NULL; + size_t input_length; + uint8_t *output = NULL; + size_t output_size; + size_t output_length; + + uint8_t *pos = in_params; + size_t remaining = in_params_len; + uint8_t *result = NULL; + int ok; + + ok = psasim_deserialise_begin(&pos, &remaining); + if (!ok) { + goto fail; + } + + ok = psasim_server_deserialise_psa_aead_operation_t(&pos, &remaining, &operation); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_buffer(&pos, &remaining, &input, &input_length); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_buffer(&pos, &remaining, &output, &output_size); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_size_t(&pos, &remaining, &output_length); + if (!ok) { + goto fail; + } + + // Now we call the actual target function + + status = psa_aead_update( + operation, + input, input_length, + output, output_size, + &output_length + ); + + // NOTE: Should really check there is no overflow as we go along. + size_t result_size = + psasim_serialise_begin_needs() + + psasim_serialise_psa_status_t_needs(status) + + psasim_server_serialise_psa_aead_operation_t_needs(operation) + + psasim_serialise_buffer_needs(output, output_size) + + psasim_serialise_size_t_needs(output_length); + + result = malloc(result_size); + if (result == NULL) { + goto fail; + } + + uint8_t *rpos = result; + size_t rremain = result_size; + + ok = psasim_serialise_begin(&rpos, &rremain); + if (!ok) { + goto fail; + } + + ok = psasim_serialise_psa_status_t(&rpos, &rremain, status); + if (!ok) { + goto fail; + } + + ok = psasim_server_serialise_psa_aead_operation_t(&rpos, &rremain, operation); + if (!ok) { + goto fail; + } + + ok = psasim_serialise_buffer(&rpos, &rremain, output, output_size); + if (!ok) { + goto fail; + } + + ok = psasim_serialise_size_t(&rpos, &rremain, output_length); + if (!ok) { + goto fail; + } + + *out_params = result; + *out_params_len = result_size; + + free(input); + free(output); + + return 1; // success + +fail: + free(result); + + free(input); + free(output); + + return 0; // This shouldn't happen! +} + +// Returns 1 for success, 0 for failure +int psa_aead_update_ad_wrapper( + uint8_t *in_params, size_t in_params_len, + uint8_t **out_params, size_t *out_params_len) +{ + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + psa_aead_operation_t *operation; + uint8_t *input = NULL; + size_t input_length; + + uint8_t *pos = in_params; + size_t remaining = in_params_len; + uint8_t *result = NULL; + int ok; + + ok = psasim_deserialise_begin(&pos, &remaining); + if (!ok) { + goto fail; + } + + ok = psasim_server_deserialise_psa_aead_operation_t(&pos, &remaining, &operation); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_buffer(&pos, &remaining, &input, &input_length); + if (!ok) { + goto fail; + } + + // Now we call the actual target function + + status = psa_aead_update_ad( + operation, + input, input_length + ); + + // NOTE: Should really check there is no overflow as we go along. + size_t result_size = + psasim_serialise_begin_needs() + + psasim_serialise_psa_status_t_needs(status) + + psasim_server_serialise_psa_aead_operation_t_needs(operation); + + result = malloc(result_size); + if (result == NULL) { + goto fail; + } + + uint8_t *rpos = result; + size_t rremain = result_size; + + ok = psasim_serialise_begin(&rpos, &rremain); + if (!ok) { + goto fail; + } + + ok = psasim_serialise_psa_status_t(&rpos, &rremain, status); + if (!ok) { + goto fail; + } + + ok = psasim_server_serialise_psa_aead_operation_t(&rpos, &rremain, operation); + if (!ok) { + goto fail; + } + + *out_params = result; + *out_params_len = result_size; + + free(input); + + return 1; // success + +fail: + free(result); + + free(input); + + return 0; // This shouldn't happen! +} + +// Returns 1 for success, 0 for failure +int psa_aead_verify_wrapper( + uint8_t *in_params, size_t in_params_len, + uint8_t **out_params, size_t *out_params_len) +{ + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + psa_aead_operation_t *operation; + uint8_t *plaintext = NULL; + size_t plaintext_size; + size_t plaintext_length; + uint8_t *tag = NULL; + size_t tag_length; + + uint8_t *pos = in_params; + size_t remaining = in_params_len; + uint8_t *result = NULL; + int ok; + + ok = psasim_deserialise_begin(&pos, &remaining); + if (!ok) { + goto fail; + } + + ok = psasim_server_deserialise_psa_aead_operation_t(&pos, &remaining, &operation); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_buffer(&pos, &remaining, &plaintext, &plaintext_size); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_size_t(&pos, &remaining, &plaintext_length); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_buffer(&pos, &remaining, &tag, &tag_length); + if (!ok) { + goto fail; + } + + // Now we call the actual target function + + status = psa_aead_verify( + operation, + plaintext, plaintext_size, + &plaintext_length, + tag, tag_length + ); + + // NOTE: Should really check there is no overflow as we go along. + size_t result_size = + psasim_serialise_begin_needs() + + psasim_serialise_psa_status_t_needs(status) + + psasim_server_serialise_psa_aead_operation_t_needs(operation) + + psasim_serialise_buffer_needs(plaintext, plaintext_size) + + psasim_serialise_size_t_needs(plaintext_length); + + result = malloc(result_size); + if (result == NULL) { + goto fail; + } + + uint8_t *rpos = result; + size_t rremain = result_size; + + ok = psasim_serialise_begin(&rpos, &rremain); + if (!ok) { + goto fail; + } + + ok = psasim_serialise_psa_status_t(&rpos, &rremain, status); + if (!ok) { + goto fail; + } + + ok = psasim_server_serialise_psa_aead_operation_t(&rpos, &rremain, operation); + if (!ok) { + goto fail; + } + + ok = psasim_serialise_buffer(&rpos, &rremain, plaintext, plaintext_size); + if (!ok) { + goto fail; + } + + ok = psasim_serialise_size_t(&rpos, &rremain, plaintext_length); + if (!ok) { + goto fail; + } + + *out_params = result; + *out_params_len = result_size; + + free(plaintext); + free(tag); + + return 1; // success + +fail: + free(result); + + free(plaintext); + free(tag); + + return 0; // This shouldn't happen! +} + +// Returns 1 for success, 0 for failure +int psa_destroy_key_wrapper( + uint8_t *in_params, size_t in_params_len, + uint8_t **out_params, size_t *out_params_len) +{ + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + mbedtls_svc_key_id_t key; + + uint8_t *pos = in_params; + size_t remaining = in_params_len; + uint8_t *result = NULL; + int ok; + + ok = psasim_deserialise_begin(&pos, &remaining); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_mbedtls_svc_key_id_t(&pos, &remaining, &key); + if (!ok) { + goto fail; + } + + // Now we call the actual target function + + status = psa_destroy_key( + key + ); + + // NOTE: Should really check there is no overflow as we go along. + size_t result_size = + psasim_serialise_begin_needs() + + psasim_serialise_psa_status_t_needs(status); + + result = malloc(result_size); + if (result == NULL) { + goto fail; + } + + uint8_t *rpos = result; + size_t rremain = result_size; + + ok = psasim_serialise_begin(&rpos, &rremain); + if (!ok) { + goto fail; + } + + ok = psasim_serialise_psa_status_t(&rpos, &rremain, status); + if (!ok) { + goto fail; + } + + *out_params = result; + *out_params_len = result_size; + + return 1; // success + +fail: + free(result); + + return 0; // This shouldn't happen! +} + +// Returns 1 for success, 0 for failure +int psa_get_key_attributes_wrapper( + uint8_t *in_params, size_t in_params_len, + uint8_t **out_params, size_t *out_params_len) +{ + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + mbedtls_svc_key_id_t key; + psa_key_attributes_t attributes; + + uint8_t *pos = in_params; + size_t remaining = in_params_len; + uint8_t *result = NULL; + int ok; + + ok = psasim_deserialise_begin(&pos, &remaining); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_mbedtls_svc_key_id_t(&pos, &remaining, &key); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_psa_key_attributes_t(&pos, &remaining, &attributes); + if (!ok) { + goto fail; + } + + // Now we call the actual target function + + status = psa_get_key_attributes( + key, + &attributes + ); + + // NOTE: Should really check there is no overflow as we go along. + size_t result_size = + psasim_serialise_begin_needs() + + psasim_serialise_psa_status_t_needs(status) + + psasim_serialise_psa_key_attributes_t_needs(attributes); + + result = malloc(result_size); + if (result == NULL) { + goto fail; + } + + uint8_t *rpos = result; + size_t rremain = result_size; + + ok = psasim_serialise_begin(&rpos, &rremain); + if (!ok) { + goto fail; + } + + ok = psasim_serialise_psa_status_t(&rpos, &rremain, status); + if (!ok) { + goto fail; + } + + ok = psasim_serialise_psa_key_attributes_t(&rpos, &rremain, attributes); + if (!ok) { + goto fail; + } + + *out_params = result; + *out_params_len = result_size; + + return 1; // success + +fail: + free(result); + + return 0; // This shouldn't happen! +} + // Returns 1 for success, 0 for failure int psa_hash_abort_wrapper( uint8_t *in_params, size_t in_params_len, @@ -742,6 +2072,94 @@ fail: return 0; // This shouldn't happen! } +// Returns 1 for success, 0 for failure +int psa_import_key_wrapper( + uint8_t *in_params, size_t in_params_len, + uint8_t **out_params, size_t *out_params_len) +{ + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + psa_key_attributes_t attributes; + uint8_t *data = NULL; + size_t data_length; + mbedtls_svc_key_id_t key; + + uint8_t *pos = in_params; + size_t remaining = in_params_len; + uint8_t *result = NULL; + int ok; + + ok = psasim_deserialise_begin(&pos, &remaining); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_psa_key_attributes_t(&pos, &remaining, &attributes); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_buffer(&pos, &remaining, &data, &data_length); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_mbedtls_svc_key_id_t(&pos, &remaining, &key); + if (!ok) { + goto fail; + } + + // Now we call the actual target function + + status = psa_import_key( + &attributes, + data, data_length, + &key + ); + + // NOTE: Should really check there is no overflow as we go along. + size_t result_size = + psasim_serialise_begin_needs() + + psasim_serialise_psa_status_t_needs(status) + + psasim_serialise_mbedtls_svc_key_id_t_needs(key); + + result = malloc(result_size); + if (result == NULL) { + goto fail; + } + + uint8_t *rpos = result; + size_t rremain = result_size; + + ok = psasim_serialise_begin(&rpos, &rremain); + if (!ok) { + goto fail; + } + + ok = psasim_serialise_psa_status_t(&rpos, &rremain, status); + if (!ok) { + goto fail; + } + + ok = psasim_serialise_mbedtls_svc_key_id_t(&rpos, &rremain, key); + if (!ok) { + goto fail; + } + + *out_params = result; + *out_params_len = result_size; + + free(data); + + return 1; // success + +fail: + free(result); + + free(data); + + return 0; // This shouldn't happen! +} + psa_status_t psa_crypto_call(psa_msg_t msg) { int ok = 0; @@ -782,6 +2200,62 @@ psa_status_t psa_crypto_call(psa_msg_t msg) ok = psa_crypto_init_wrapper(in_params, in_params_len, &out_params, &out_params_len); break; + case PSA_AEAD_ABORT: + ok = psa_aead_abort_wrapper(in_params, in_params_len, + &out_params, &out_params_len); + break; + case PSA_AEAD_DECRYPT: + ok = psa_aead_decrypt_wrapper(in_params, in_params_len, + &out_params, &out_params_len); + break; + case PSA_AEAD_DECRYPT_SETUP: + ok = psa_aead_decrypt_setup_wrapper(in_params, in_params_len, + &out_params, &out_params_len); + break; + case PSA_AEAD_ENCRYPT: + ok = psa_aead_encrypt_wrapper(in_params, in_params_len, + &out_params, &out_params_len); + break; + case PSA_AEAD_ENCRYPT_SETUP: + ok = psa_aead_encrypt_setup_wrapper(in_params, in_params_len, + &out_params, &out_params_len); + break; + case PSA_AEAD_FINISH: + ok = psa_aead_finish_wrapper(in_params, in_params_len, + &out_params, &out_params_len); + break; + case PSA_AEAD_GENERATE_NONCE: + ok = psa_aead_generate_nonce_wrapper(in_params, in_params_len, + &out_params, &out_params_len); + break; + case PSA_AEAD_SET_LENGTHS: + ok = psa_aead_set_lengths_wrapper(in_params, in_params_len, + &out_params, &out_params_len); + break; + case PSA_AEAD_SET_NONCE: + ok = psa_aead_set_nonce_wrapper(in_params, in_params_len, + &out_params, &out_params_len); + break; + case PSA_AEAD_UPDATE: + ok = psa_aead_update_wrapper(in_params, in_params_len, + &out_params, &out_params_len); + break; + case PSA_AEAD_UPDATE_AD: + ok = psa_aead_update_ad_wrapper(in_params, in_params_len, + &out_params, &out_params_len); + break; + case PSA_AEAD_VERIFY: + ok = psa_aead_verify_wrapper(in_params, in_params_len, + &out_params, &out_params_len); + break; + case PSA_DESTROY_KEY: + ok = psa_destroy_key_wrapper(in_params, in_params_len, + &out_params, &out_params_len); + break; + case PSA_GET_KEY_ATTRIBUTES: + ok = psa_get_key_attributes_wrapper(in_params, in_params_len, + &out_params, &out_params_len); + break; case PSA_HASH_ABORT: ok = psa_hash_abort_wrapper(in_params, in_params_len, &out_params, &out_params_len); @@ -814,6 +2288,10 @@ psa_status_t psa_crypto_call(psa_msg_t msg) ok = psa_hash_verify_wrapper(in_params, in_params_len, &out_params, &out_params_len); break; + case PSA_IMPORT_KEY: + ok = psa_import_key_wrapper(in_params, in_params_len, + &out_params, &out_params_len); + break; } free(in_params); diff --git a/tests/psa-client-server/psasim/src/psa_sim_generate.pl b/tests/psa-client-server/psasim/src/psa_sim_generate.pl index 9765de796c..ee3894f0ee 100755 --- a/tests/psa-client-server/psasim/src/psa_sim_generate.pl +++ b/tests/psa-client-server/psasim/src/psa_sim_generate.pl @@ -1425,3 +1425,939 @@ psa_status_t psa_hash_compare(psa_algorithm_t alg, size_t input_length, const uint8_t *hash, size_t hash_length); + +/** Process an authenticated encryption operation. + * + * \param key Identifier of the key to use for the + * operation. It must allow the usage + * #PSA_KEY_USAGE_ENCRYPT. + * \param alg The AEAD algorithm to compute + * (\c PSA_ALG_XXX value such that + * #PSA_ALG_IS_AEAD(\p alg) is true). + * \param[in] nonce Nonce or IV to use. + * \param nonce_length Size of the \p nonce buffer in bytes. + * \param[in] additional_data Additional data that will be authenticated + * but not encrypted. + * \param additional_data_length Size of \p additional_data in bytes. + * \param[in] plaintext Data that will be authenticated and + * encrypted. + * \param plaintext_length Size of \p plaintext in bytes. + * \param[out] ciphertext Output buffer for the authenticated and + * encrypted data. The additional data is not + * part of this output. For algorithms where the + * encrypted data and the authentication tag + * are defined as separate outputs, the + * authentication tag is appended to the + * encrypted data. + * \param ciphertext_size Size of the \p ciphertext buffer in bytes. + * This must be appropriate for the selected + * algorithm and key: + * - A sufficient output size is + * #PSA_AEAD_ENCRYPT_OUTPUT_SIZE(\c key_type, + * \p alg, \p plaintext_length) where + * \c key_type is the type of \p key. + * - #PSA_AEAD_ENCRYPT_OUTPUT_MAX_SIZE(\p + * plaintext_length) evaluates to the maximum + * ciphertext size of any supported AEAD + * encryption. + * \param[out] ciphertext_length On success, the size of the output + * in the \p ciphertext buffer. + * + * \retval #PSA_SUCCESS + * Success. + * \retval #PSA_ERROR_INVALID_HANDLE \emptydescription + * \retval #PSA_ERROR_NOT_PERMITTED \emptydescription + * \retval #PSA_ERROR_INVALID_ARGUMENT + * \p key is not compatible with \p alg. + * \retval #PSA_ERROR_NOT_SUPPORTED + * \p alg is not supported or is not an AEAD algorithm. + * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription + * \retval #PSA_ERROR_BUFFER_TOO_SMALL + * \p ciphertext_size is too small. + * #PSA_AEAD_ENCRYPT_OUTPUT_SIZE(\c key_type, \p alg, + * \p plaintext_length) or + * #PSA_AEAD_ENCRYPT_OUTPUT_MAX_SIZE(\p plaintext_length) can be used to + * determine the required buffer size. + * \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription + * \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription + * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription + * \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription + * \retval #PSA_ERROR_BAD_STATE + * The library has not been previously initialized by psa_crypto_init(). + * It is implementation-dependent whether a failure to initialize + * results in this error code. + */ +psa_status_t psa_aead_encrypt(mbedtls_svc_key_id_t key, + psa_algorithm_t alg, + const uint8_t *nonce, + size_t nonce_length, + const uint8_t *additional_data, + size_t additional_data_length, + const uint8_t *plaintext, + size_t plaintext_length, + uint8_t *ciphertext, + size_t ciphertext_size, + size_t *ciphertext_length); + +/** Process an authenticated decryption operation. + * + * \param key Identifier of the key to use for the + * operation. It must allow the usage + * #PSA_KEY_USAGE_DECRYPT. + * \param alg The AEAD algorithm to compute + * (\c PSA_ALG_XXX value such that + * #PSA_ALG_IS_AEAD(\p alg) is true). + * \param[in] nonce Nonce or IV to use. + * \param nonce_length Size of the \p nonce buffer in bytes. + * \param[in] additional_data Additional data that has been authenticated + * but not encrypted. + * \param additional_data_length Size of \p additional_data in bytes. + * \param[in] ciphertext Data that has been authenticated and + * encrypted. For algorithms where the + * encrypted data and the authentication tag + * are defined as separate inputs, the buffer + * must contain the encrypted data followed + * by the authentication tag. + * \param ciphertext_length Size of \p ciphertext in bytes. + * \param[out] plaintext Output buffer for the decrypted data. + * \param plaintext_size Size of the \p plaintext buffer in bytes. + * This must be appropriate for the selected + * algorithm and key: + * - A sufficient output size is + * #PSA_AEAD_DECRYPT_OUTPUT_SIZE(\c key_type, + * \p alg, \p ciphertext_length) where + * \c key_type is the type of \p key. + * - #PSA_AEAD_DECRYPT_OUTPUT_MAX_SIZE(\p + * ciphertext_length) evaluates to the maximum + * plaintext size of any supported AEAD + * decryption. + * \param[out] plaintext_length On success, the size of the output + * in the \p plaintext buffer. + * + * \retval #PSA_SUCCESS + * Success. + * \retval #PSA_ERROR_INVALID_HANDLE \emptydescription + * \retval #PSA_ERROR_INVALID_SIGNATURE + * The ciphertext is not authentic. + * \retval #PSA_ERROR_NOT_PERMITTED \emptydescription + * \retval #PSA_ERROR_INVALID_ARGUMENT + * \p key is not compatible with \p alg. + * \retval #PSA_ERROR_NOT_SUPPORTED + * \p alg is not supported or is not an AEAD algorithm. + * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription + * \retval #PSA_ERROR_BUFFER_TOO_SMALL + * \p plaintext_size is too small. + * #PSA_AEAD_DECRYPT_OUTPUT_SIZE(\c key_type, \p alg, + * \p ciphertext_length) or + * #PSA_AEAD_DECRYPT_OUTPUT_MAX_SIZE(\p ciphertext_length) can be used + * to determine the required buffer size. + * \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription + * \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription + * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription + * \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription + * \retval #PSA_ERROR_BAD_STATE + * The library has not been previously initialized by psa_crypto_init(). + * It is implementation-dependent whether a failure to initialize + * results in this error code. + */ +psa_status_t psa_aead_decrypt(mbedtls_svc_key_id_t key, + psa_algorithm_t alg, + const uint8_t *nonce, + size_t nonce_length, + const uint8_t *additional_data, + size_t additional_data_length, + const uint8_t *ciphertext, + size_t ciphertext_length, + uint8_t *plaintext, + size_t plaintext_size, + size_t *plaintext_length); + +/** The type of the state data structure for multipart AEAD operations. + * + * Before calling any function on an AEAD operation object, the application + * must initialize it by any of the following means: + * - Set the structure to all-bits-zero, for example: + * \code + * psa_aead_operation_t operation; + * memset(&operation, 0, sizeof(operation)); + * \endcode + * - Initialize the structure to logical zero values, for example: + * \code + * psa_aead_operation_t operation = {0}; + * \endcode + * - Initialize the structure to the initializer #PSA_AEAD_OPERATION_INIT, + * for example: + * \code + * psa_aead_operation_t operation = PSA_AEAD_OPERATION_INIT; + * \endcode + * - Assign the result of the function psa_aead_operation_init() + * to the structure, for example: + * \code + * psa_aead_operation_t operation; + * operation = psa_aead_operation_init(); + * \endcode + * + * This is an implementation-defined \c struct. Applications should not + * make any assumptions about the content of this structure. + * Implementation details can change in future versions without notice. */ +typedef struct psa_aead_operation_s psa_aead_operation_t; + +/** \def PSA_AEAD_OPERATION_INIT + * + * This macro returns a suitable initializer for an AEAD operation object of + * type #psa_aead_operation_t. + */ + +/** Return an initial value for an AEAD operation object. + */ +static psa_aead_operation_t psa_aead_operation_init(void); + +/** Set the key for a multipart authenticated encryption operation. + * + * The sequence of operations to encrypt a message with authentication + * is as follows: + * -# Allocate an operation object which will be passed to all the functions + * listed here. + * -# Initialize the operation object with one of the methods described in the + * documentation for #psa_aead_operation_t, e.g. + * #PSA_AEAD_OPERATION_INIT. + * -# Call psa_aead_encrypt_setup() to specify the algorithm and key. + * -# If needed, call psa_aead_set_lengths() to specify the length of the + * inputs to the subsequent calls to psa_aead_update_ad() and + * psa_aead_update(). See the documentation of psa_aead_set_lengths() + * for details. + * -# Call either psa_aead_generate_nonce() or psa_aead_set_nonce() to + * generate or set the nonce. You should use + * psa_aead_generate_nonce() unless the protocol you are implementing + * requires a specific nonce value. + * -# Call psa_aead_update_ad() zero, one or more times, passing a fragment + * of the non-encrypted additional authenticated data each time. + * -# Call psa_aead_update() zero, one or more times, passing a fragment + * of the message to encrypt each time. + * -# Call psa_aead_finish(). + * + * If an error occurs at any step after a call to psa_aead_encrypt_setup(), + * the operation will need to be reset by a call to psa_aead_abort(). The + * application may call psa_aead_abort() at any time after the operation + * has been initialized. + * + * After a successful call to psa_aead_encrypt_setup(), the application must + * eventually terminate the operation. The following events terminate an + * operation: + * - A successful call to psa_aead_finish(). + * - A call to psa_aead_abort(). + * + * \param[in,out] operation The operation object to set up. It must have + * been initialized as per the documentation for + * #psa_aead_operation_t and not yet in use. + * \param key Identifier of the key to use for the operation. + * It must remain valid until the operation + * terminates. It must allow the usage + * #PSA_KEY_USAGE_ENCRYPT. + * \param alg The AEAD algorithm to compute + * (\c PSA_ALG_XXX value such that + * #PSA_ALG_IS_AEAD(\p alg) is true). + * + * \retval #PSA_SUCCESS + * Success. + * \retval #PSA_ERROR_BAD_STATE + * The operation state is not valid (it must be inactive), or + * the library has not been previously initialized by psa_crypto_init(). + * \retval #PSA_ERROR_INVALID_HANDLE \emptydescription + * \retval #PSA_ERROR_NOT_PERMITTED \emptydescription + * \retval #PSA_ERROR_INVALID_ARGUMENT + * \p key is not compatible with \p alg. + * \retval #PSA_ERROR_NOT_SUPPORTED + * \p alg is not supported or is not an AEAD algorithm. + * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription + * \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription + * \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription + * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription + * \retval #PSA_ERROR_STORAGE_FAILURE + * The library has not been previously initialized by psa_crypto_init(). + * It is implementation-dependent whether a failure to initialize + * results in this error code. + */ +psa_status_t psa_aead_encrypt_setup(psa_aead_operation_t *operation, + mbedtls_svc_key_id_t key, + psa_algorithm_t alg); + +/** Set the key for a multipart authenticated decryption operation. + * + * The sequence of operations to decrypt a message with authentication + * is as follows: + * -# Allocate an operation object which will be passed to all the functions + * listed here. + * -# Initialize the operation object with one of the methods described in the + * documentation for #psa_aead_operation_t, e.g. + * #PSA_AEAD_OPERATION_INIT. + * -# Call psa_aead_decrypt_setup() to specify the algorithm and key. + * -# If needed, call psa_aead_set_lengths() to specify the length of the + * inputs to the subsequent calls to psa_aead_update_ad() and + * psa_aead_update(). See the documentation of psa_aead_set_lengths() + * for details. + * -# Call psa_aead_set_nonce() with the nonce for the decryption. + * -# Call psa_aead_update_ad() zero, one or more times, passing a fragment + * of the non-encrypted additional authenticated data each time. + * -# Call psa_aead_update() zero, one or more times, passing a fragment + * of the ciphertext to decrypt each time. + * -# Call psa_aead_verify(). + * + * If an error occurs at any step after a call to psa_aead_decrypt_setup(), + * the operation will need to be reset by a call to psa_aead_abort(). The + * application may call psa_aead_abort() at any time after the operation + * has been initialized. + * + * After a successful call to psa_aead_decrypt_setup(), the application must + * eventually terminate the operation. The following events terminate an + * operation: + * - A successful call to psa_aead_verify(). + * - A call to psa_aead_abort(). + * + * \param[in,out] operation The operation object to set up. It must have + * been initialized as per the documentation for + * #psa_aead_operation_t and not yet in use. + * \param key Identifier of the key to use for the operation. + * It must remain valid until the operation + * terminates. It must allow the usage + * #PSA_KEY_USAGE_DECRYPT. + * \param alg The AEAD algorithm to compute + * (\c PSA_ALG_XXX value such that + * #PSA_ALG_IS_AEAD(\p alg) is true). + * + * \retval #PSA_SUCCESS + * Success. + * \retval #PSA_ERROR_INVALID_HANDLE \emptydescription + * \retval #PSA_ERROR_NOT_PERMITTED \emptydescription + * \retval #PSA_ERROR_INVALID_ARGUMENT + * \p key is not compatible with \p alg. + * \retval #PSA_ERROR_NOT_SUPPORTED + * \p alg is not supported or is not an AEAD algorithm. + * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription + * \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription + * \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription + * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription + * \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription + * \retval #PSA_ERROR_BAD_STATE + * The operation state is not valid (it must be inactive), or the + * library has not been previously initialized by psa_crypto_init(). + * It is implementation-dependent whether a failure to initialize + * results in this error code. + */ +psa_status_t psa_aead_decrypt_setup(psa_aead_operation_t *operation, + mbedtls_svc_key_id_t key, + psa_algorithm_t alg); + +/** Generate a random nonce for an authenticated encryption operation. + * + * This function generates a random nonce for the authenticated encryption + * operation with an appropriate size for the chosen algorithm, key type + * and key size. + * + * The application must call psa_aead_encrypt_setup() before + * calling this function. + * + * If this function returns an error status, the operation enters an error + * state and must be aborted by calling psa_aead_abort(). + * + * \param[in,out] operation Active AEAD operation. + * \param[out] nonce Buffer where the generated nonce is to be + * written. + * \param nonce_size Size of the \p nonce buffer in bytes. + * \param[out] nonce_length On success, the number of bytes of the + * generated nonce. + * + * \retval #PSA_SUCCESS + * Success. + * \retval #PSA_ERROR_BUFFER_TOO_SMALL + * The size of the \p nonce buffer is too small. + * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription + * \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription + * \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription + * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription + * \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription + * \retval #PSA_ERROR_BAD_STATE + * The operation state is not valid (it must be an active aead encrypt + * operation, with no nonce set), or the library has not been + * previously initialized by psa_crypto_init(). + * It is implementation-dependent whether a failure to initialize + * results in this error code. + */ +psa_status_t psa_aead_generate_nonce(psa_aead_operation_t *operation, + uint8_t *nonce, + size_t nonce_size, + size_t *nonce_length); + +/** Set the nonce for an authenticated encryption or decryption operation. + * + * This function sets the nonce for the authenticated + * encryption or decryption operation. + * + * The application must call psa_aead_encrypt_setup() or + * psa_aead_decrypt_setup() before calling this function. + * + * If this function returns an error status, the operation enters an error + * state and must be aborted by calling psa_aead_abort(). + * + * \note When encrypting, applications should use psa_aead_generate_nonce() + * instead of this function, unless implementing a protocol that requires + * a non-random IV. + * + * \param[in,out] operation Active AEAD operation. + * \param[in] nonce Buffer containing the nonce to use. + * \param nonce_length Size of the nonce in bytes. + * + * \retval #PSA_SUCCESS + * Success. + * \retval #PSA_ERROR_INVALID_ARGUMENT + * The size of \p nonce is not acceptable for the chosen algorithm. + * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription + * \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription + * \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription + * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription + * \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription + * \retval #PSA_ERROR_BAD_STATE + * The operation state is not valid (it must be active, with no nonce + * set), or the library has not been previously initialized + * by psa_crypto_init(). + * It is implementation-dependent whether a failure to initialize + * results in this error code. + */ +psa_status_t psa_aead_set_nonce(psa_aead_operation_t *operation, + const uint8_t *nonce, + size_t nonce_length); + +/** Declare the lengths of the message and additional data for AEAD. + * + * The application must call this function before calling + * psa_aead_update_ad() or psa_aead_update() if the algorithm for + * the operation requires it. If the algorithm does not require it, + * calling this function is optional, but if this function is called + * then the implementation must enforce the lengths. + * + * You may call this function before or after setting the nonce with + * psa_aead_set_nonce() or psa_aead_generate_nonce(). + * + * - For #PSA_ALG_CCM, calling this function is required. + * - For the other AEAD algorithms defined in this specification, calling + * this function is not required. + * - For vendor-defined algorithm, refer to the vendor documentation. + * + * If this function returns an error status, the operation enters an error + * state and must be aborted by calling psa_aead_abort(). + * + * \param[in,out] operation Active AEAD operation. + * \param ad_length Size of the non-encrypted additional + * authenticated data in bytes. + * \param plaintext_length Size of the plaintext to encrypt in bytes. + * + * \retval #PSA_SUCCESS + * Success. + * \retval #PSA_ERROR_INVALID_ARGUMENT + * At least one of the lengths is not acceptable for the chosen + * algorithm. + * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription + * \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription + * \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription + * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription + * \retval #PSA_ERROR_BAD_STATE + * The operation state is not valid (it must be active, and + * psa_aead_update_ad() and psa_aead_update() must not have been + * called yet), or the library has not been previously initialized + * by psa_crypto_init(). + * It is implementation-dependent whether a failure to initialize + * results in this error code. + */ +psa_status_t psa_aead_set_lengths(psa_aead_operation_t *operation, + size_t ad_length, + size_t plaintext_length); + +/** Pass additional data to an active AEAD operation. + * + * Additional data is authenticated, but not encrypted. + * + * You may call this function multiple times to pass successive fragments + * of the additional data. You may not call this function after passing + * data to encrypt or decrypt with psa_aead_update(). + * + * Before calling this function, you must: + * 1. Call either psa_aead_encrypt_setup() or psa_aead_decrypt_setup(). + * 2. Set the nonce with psa_aead_generate_nonce() or psa_aead_set_nonce(). + * + * If this function returns an error status, the operation enters an error + * state and must be aborted by calling psa_aead_abort(). + * + * \warning When decrypting, until psa_aead_verify() has returned #PSA_SUCCESS, + * there is no guarantee that the input is valid. Therefore, until + * you have called psa_aead_verify() and it has returned #PSA_SUCCESS, + * treat the input as untrusted and prepare to undo any action that + * depends on the input if psa_aead_verify() returns an error status. + * + * \param[in,out] operation Active AEAD operation. + * \param[in] input Buffer containing the fragment of + * additional data. + * \param input_length Size of the \p input buffer in bytes. + * + * \retval #PSA_SUCCESS + * Success. + * \retval #PSA_ERROR_INVALID_ARGUMENT + * The total input length overflows the additional data length that + * was previously specified with psa_aead_set_lengths(). + * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription + * \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription + * \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription + * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription + * \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription + * \retval #PSA_ERROR_BAD_STATE + * The operation state is not valid (it must be active, have a nonce + * set, have lengths set if required by the algorithm, and + * psa_aead_update() must not have been called yet), or the library + * has not been previously initialized by psa_crypto_init(). + * It is implementation-dependent whether a failure to initialize + * results in this error code. + */ +psa_status_t psa_aead_update_ad(psa_aead_operation_t *operation, + const uint8_t *input, + size_t input_length); + +/** Encrypt or decrypt a message fragment in an active AEAD operation. + * + * Before calling this function, you must: + * 1. Call either psa_aead_encrypt_setup() or psa_aead_decrypt_setup(). + * The choice of setup function determines whether this function + * encrypts or decrypts its input. + * 2. Set the nonce with psa_aead_generate_nonce() or psa_aead_set_nonce(). + * 3. Call psa_aead_update_ad() to pass all the additional data. + * + * If this function returns an error status, the operation enters an error + * state and must be aborted by calling psa_aead_abort(). + * + * \warning When decrypting, until psa_aead_verify() has returned #PSA_SUCCESS, + * there is no guarantee that the input is valid. Therefore, until + * you have called psa_aead_verify() and it has returned #PSA_SUCCESS: + * - Do not use the output in any way other than storing it in a + * confidential location. If you take any action that depends + * on the tentative decrypted data, this action will need to be + * undone if the input turns out not to be valid. Furthermore, + * if an adversary can observe that this action took place + * (for example through timing), they may be able to use this + * fact as an oracle to decrypt any message encrypted with the + * same key. + * - In particular, do not copy the output anywhere but to a + * memory or storage space that you have exclusive access to. + * + * This function does not require the input to be aligned to any + * particular block boundary. If the implementation can only process + * a whole block at a time, it must consume all the input provided, but + * it may delay the end of the corresponding output until a subsequent + * call to psa_aead_update(), psa_aead_finish() or psa_aead_verify() + * provides sufficient input. The amount of data that can be delayed + * in this way is bounded by #PSA_AEAD_UPDATE_OUTPUT_SIZE. + * + * \param[in,out] operation Active AEAD operation. + * \param[in] input Buffer containing the message fragment to + * encrypt or decrypt. + * \param input_length Size of the \p input buffer in bytes. + * \param[out] output Buffer where the output is to be written. + * \param output_size Size of the \p output buffer in bytes. + * This must be appropriate for the selected + * algorithm and key: + * - A sufficient output size is + * #PSA_AEAD_UPDATE_OUTPUT_SIZE(\c key_type, + * \c alg, \p input_length) where + * \c key_type is the type of key and \c alg is + * the algorithm that were used to set up the + * operation. + * - #PSA_AEAD_UPDATE_OUTPUT_MAX_SIZE(\p + * input_length) evaluates to the maximum + * output size of any supported AEAD + * algorithm. + * \param[out] output_length On success, the number of bytes + * that make up the returned output. + * + * \retval #PSA_SUCCESS + * Success. + * \retval #PSA_ERROR_BUFFER_TOO_SMALL + * The size of the \p output buffer is too small. + * #PSA_AEAD_UPDATE_OUTPUT_SIZE(\c key_type, \c alg, \p input_length) or + * #PSA_AEAD_UPDATE_OUTPUT_MAX_SIZE(\p input_length) can be used to + * determine the required buffer size. + * \retval #PSA_ERROR_INVALID_ARGUMENT + * The total length of input to psa_aead_update_ad() so far is + * less than the additional data length that was previously + * specified with psa_aead_set_lengths(), or + * the total input length overflows the plaintext length that + * was previously specified with psa_aead_set_lengths(). + * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription + * \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription + * \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription + * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription + * \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription + * \retval #PSA_ERROR_BAD_STATE + * The operation state is not valid (it must be active, have a nonce + * set, and have lengths set if required by the algorithm), or the + * library has not been previously initialized by psa_crypto_init(). + * It is implementation-dependent whether a failure to initialize + * results in this error code. + */ +psa_status_t psa_aead_update(psa_aead_operation_t *operation, + const uint8_t *input, + size_t input_length, + uint8_t *output, + size_t output_size, + size_t *output_length); + +/** Finish encrypting a message in an AEAD operation. + * + * The operation must have been set up with psa_aead_encrypt_setup(). + * + * This function finishes the authentication of the additional data + * formed by concatenating the inputs passed to preceding calls to + * psa_aead_update_ad() with the plaintext formed by concatenating the + * inputs passed to preceding calls to psa_aead_update(). + * + * This function has two output buffers: + * - \p ciphertext contains trailing ciphertext that was buffered from + * preceding calls to psa_aead_update(). + * - \p tag contains the authentication tag. + * + * When this function returns successfully, the operation becomes inactive. + * If this function returns an error status, the operation enters an error + * state and must be aborted by calling psa_aead_abort(). + * + * \param[in,out] operation Active AEAD operation. + * \param[out] ciphertext Buffer where the last part of the ciphertext + * is to be written. + * \param ciphertext_size Size of the \p ciphertext buffer in bytes. + * This must be appropriate for the selected + * algorithm and key: + * - A sufficient output size is + * #PSA_AEAD_FINISH_OUTPUT_SIZE(\c key_type, + * \c alg) where \c key_type is the type of key + * and \c alg is the algorithm that were used to + * set up the operation. + * - #PSA_AEAD_FINISH_OUTPUT_MAX_SIZE evaluates to + * the maximum output size of any supported AEAD + * algorithm. + * \param[out] ciphertext_length On success, the number of bytes of + * returned ciphertext. + * \param[out] tag Buffer where the authentication tag is + * to be written. + * \param tag_size Size of the \p tag buffer in bytes. + * This must be appropriate for the selected + * algorithm and key: + * - The exact tag size is #PSA_AEAD_TAG_LENGTH(\c + * key_type, \c key_bits, \c alg) where + * \c key_type and \c key_bits are the type and + * bit-size of the key, and \c alg is the + * algorithm that were used in the call to + * psa_aead_encrypt_setup(). + * - #PSA_AEAD_TAG_MAX_SIZE evaluates to the + * maximum tag size of any supported AEAD + * algorithm. + * \param[out] tag_length On success, the number of bytes + * that make up the returned tag. + * + * \retval #PSA_SUCCESS + * Success. + * \retval #PSA_ERROR_BUFFER_TOO_SMALL + * The size of the \p ciphertext or \p tag buffer is too small. + * #PSA_AEAD_FINISH_OUTPUT_SIZE(\c key_type, \c alg) or + * #PSA_AEAD_FINISH_OUTPUT_MAX_SIZE can be used to determine the + * required \p ciphertext buffer size. #PSA_AEAD_TAG_LENGTH(\c key_type, + * \c key_bits, \c alg) or #PSA_AEAD_TAG_MAX_SIZE can be used to + * determine the required \p tag buffer size. + * \retval #PSA_ERROR_INVALID_ARGUMENT + * The total length of input to psa_aead_update_ad() so far is + * less than the additional data length that was previously + * specified with psa_aead_set_lengths(), or + * the total length of input to psa_aead_update() so far is + * less than the plaintext length that was previously + * specified with psa_aead_set_lengths(). + * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription + * \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription + * \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription + * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription + * \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription + * \retval #PSA_ERROR_BAD_STATE + * The operation state is not valid (it must be an active encryption + * operation with a nonce set), or the library has not been previously + * initialized by psa_crypto_init(). + * It is implementation-dependent whether a failure to initialize + * results in this error code. + */ +psa_status_t psa_aead_finish(psa_aead_operation_t *operation, + uint8_t *ciphertext, + size_t ciphertext_size, + size_t *ciphertext_length, + uint8_t *tag, + size_t tag_size, + size_t *tag_length); + +/** Finish authenticating and decrypting a message in an AEAD operation. + * + * The operation must have been set up with psa_aead_decrypt_setup(). + * + * This function finishes the authenticated decryption of the message + * components: + * + * - The additional data consisting of the concatenation of the inputs + * passed to preceding calls to psa_aead_update_ad(). + * - The ciphertext consisting of the concatenation of the inputs passed to + * preceding calls to psa_aead_update(). + * - The tag passed to this function call. + * + * If the authentication tag is correct, this function outputs any remaining + * plaintext and reports success. If the authentication tag is not correct, + * this function returns #PSA_ERROR_INVALID_SIGNATURE. + * + * When this function returns successfully, the operation becomes inactive. + * If this function returns an error status, the operation enters an error + * state and must be aborted by calling psa_aead_abort(). + * + * \note Implementations shall make the best effort to ensure that the + * comparison between the actual tag and the expected tag is performed + * in constant time. + * + * \param[in,out] operation Active AEAD operation. + * \param[out] plaintext Buffer where the last part of the plaintext + * is to be written. This is the remaining data + * from previous calls to psa_aead_update() + * that could not be processed until the end + * of the input. + * \param plaintext_size Size of the \p plaintext buffer in bytes. + * This must be appropriate for the selected algorithm and key: + * - A sufficient output size is + * #PSA_AEAD_VERIFY_OUTPUT_SIZE(\c key_type, + * \c alg) where \c key_type is the type of key + * and \c alg is the algorithm that were used to + * set up the operation. + * - #PSA_AEAD_VERIFY_OUTPUT_MAX_SIZE evaluates to + * the maximum output size of any supported AEAD + * algorithm. + * \param[out] plaintext_length On success, the number of bytes of + * returned plaintext. + * \param[in] tag Buffer containing the authentication tag. + * \param tag_length Size of the \p tag buffer in bytes. + * + * \retval #PSA_SUCCESS + * Success. + * \retval #PSA_ERROR_INVALID_SIGNATURE + * The calculations were successful, but the authentication tag is + * not correct. + * \retval #PSA_ERROR_BUFFER_TOO_SMALL + * The size of the \p plaintext buffer is too small. + * #PSA_AEAD_VERIFY_OUTPUT_SIZE(\c key_type, \c alg) or + * #PSA_AEAD_VERIFY_OUTPUT_MAX_SIZE can be used to determine the + * required buffer size. + * \retval #PSA_ERROR_INVALID_ARGUMENT + * The total length of input to psa_aead_update_ad() so far is + * less than the additional data length that was previously + * specified with psa_aead_set_lengths(), or + * the total length of input to psa_aead_update() so far is + * less than the plaintext length that was previously + * specified with psa_aead_set_lengths(). + * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription + * \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription + * \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription + * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription + * \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription + * \retval #PSA_ERROR_BAD_STATE + * The operation state is not valid (it must be an active decryption + * operation with a nonce set), or the library has not been previously + * initialized by psa_crypto_init(). + * It is implementation-dependent whether a failure to initialize + * results in this error code. + */ +psa_status_t psa_aead_verify(psa_aead_operation_t *operation, + uint8_t *plaintext, + size_t plaintext_size, + size_t *plaintext_length, + const uint8_t *tag, + size_t tag_length); + +/** Abort an AEAD operation. + * + * Aborting an operation frees all associated resources except for the + * \p operation structure itself. Once aborted, the operation object + * can be reused for another operation by calling + * psa_aead_encrypt_setup() or psa_aead_decrypt_setup() again. + * + * You may call this function any time after the operation object has + * been initialized as described in #psa_aead_operation_t. + * + * In particular, calling psa_aead_abort() after the operation has been + * terminated by a call to psa_aead_abort(), psa_aead_finish() or + * psa_aead_verify() is safe and has no effect. + * + * \param[in,out] operation Initialized AEAD operation. + * + * \retval #PSA_SUCCESS \emptydescription + * \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription + * \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription + * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription + * \retval #PSA_ERROR_BAD_STATE + * The library has not been previously initialized by psa_crypto_init(). + * It is implementation-dependent whether a failure to initialize + * results in this error code. + */ +psa_status_t psa_aead_abort(psa_aead_operation_t *operation); + +/** + * \brief Import a key in binary format. + * + * This function supports any output from psa_export_key(). Refer to the + * documentation of psa_export_public_key() for the format of public keys + * and to the documentation of psa_export_key() for the format for + * other key types. + * + * The key data determines the key size. The attributes may optionally + * specify a key size; in this case it must match the size determined + * from the key data. A key size of 0 in \p attributes indicates that + * the key size is solely determined by the key data. + * + * Implementations must reject an attempt to import a key of size 0. + * + * This specification supports a single format for each key type. + * Implementations may support other formats as long as the standard + * format is supported. Implementations that support other formats + * should ensure that the formats are clearly unambiguous so as to + * minimize the risk that an invalid input is accidentally interpreted + * according to a different format. + * + * \param[in] attributes The attributes for the new key. + * The key size is always determined from the + * \p data buffer. + * If the key size in \p attributes is nonzero, + * it must be equal to the size from \p data. + * \param[out] key On success, an identifier to the newly created key. + * For persistent keys, this is the key identifier + * defined in \p attributes. + * \c 0 on failure. + * \param[in] data Buffer containing the key data. The content of this + * buffer is interpreted according to the type declared + * in \p attributes. + * All implementations must support at least the format + * described in the documentation + * of psa_export_key() or psa_export_public_key() for + * the chosen type. Implementations may allow other + * formats, but should be conservative: implementations + * should err on the side of rejecting content if it + * may be erroneous (e.g. wrong type or truncated data). + * \param data_length Size of the \p data buffer in bytes. + * + * \retval #PSA_SUCCESS + * Success. + * If the key is persistent, the key material and the key's metadata + * have been saved to persistent storage. + * \retval #PSA_ERROR_ALREADY_EXISTS + * This is an attempt to create a persistent key, and there is + * already a persistent key with the given identifier. + * \retval #PSA_ERROR_NOT_SUPPORTED + * The key type or key size is not supported, either by the + * implementation in general or in this particular persistent location. + * \retval #PSA_ERROR_INVALID_ARGUMENT + * The key attributes, as a whole, are invalid, or + * the key data is not correctly formatted, or + * the size in \p attributes is nonzero and does not match the size + * of the key data. + * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription + * \retval #PSA_ERROR_INSUFFICIENT_STORAGE \emptydescription + * \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription + * \retval #PSA_ERROR_DATA_CORRUPT \emptydescription + * \retval #PSA_ERROR_DATA_INVALID \emptydescription + * \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription + * \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription + * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription + * \retval #PSA_ERROR_BAD_STATE + * The library has not been previously initialized by psa_crypto_init(). + * It is implementation-dependent whether a failure to initialize + * results in this error code. + */ +psa_status_t psa_import_key(const psa_key_attributes_t *attributes, + const uint8_t *data, + size_t data_length, + mbedtls_svc_key_id_t *key); + +/** Retrieve the attributes of a key. + * + * This function first resets the attribute structure as with + * psa_reset_key_attributes(). It then copies the attributes of + * the given key into the given attribute structure. + * + * \note This function may allocate memory or other resources. + * Once you have called this function on an attribute structure, + * you must call psa_reset_key_attributes() to free these resources. + * + * \param[in] key Identifier of the key to query. + * \param[in,out] attributes On success, the attributes of the key. + * On failure, equivalent to a + * freshly-initialized structure. + * + * \retval #PSA_SUCCESS \emptydescription + * \retval #PSA_ERROR_INVALID_HANDLE \emptydescription + * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription + * \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription + * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription + * \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription + * \retval #PSA_ERROR_DATA_CORRUPT \emptydescription + * \retval #PSA_ERROR_DATA_INVALID \emptydescription + * \retval #PSA_ERROR_BAD_STATE + * The library has not been previously initialized by psa_crypto_init(). + * It is implementation-dependent whether a failure to initialize + * results in this error code. + */ +psa_status_t psa_get_key_attributes(mbedtls_svc_key_id_t key, + psa_key_attributes_t *attributes); + +/** + * \brief Destroy a key. + * + * This function destroys a key from both volatile + * memory and, if applicable, non-volatile storage. Implementations shall + * make a best effort to ensure that the key material cannot be recovered. + * + * This function also erases any metadata such as policies and frees + * resources associated with the key. + * + * If a key is currently in use in a multipart operation, then destroying the + * key will cause the multipart operation to fail. + * + * \warning We can only guarantee that the the key material will + * eventually be wiped from memory. With threading enabled + * and during concurrent execution, copies of the key material may + * still exist until all threads have finished using the key. + * + * \param key Identifier of the key to erase. If this is \c 0, do nothing and + * return #PSA_SUCCESS. + * + * \retval #PSA_SUCCESS + * \p key was a valid identifier and the key material that it + * referred to has been erased. Alternatively, \p key is \c 0. + * \retval #PSA_ERROR_NOT_PERMITTED + * The key cannot be erased because it is + * read-only, either due to a policy or due to physical restrictions. + * \retval #PSA_ERROR_INVALID_HANDLE + * \p key is not a valid identifier nor \c 0. + * \retval #PSA_ERROR_COMMUNICATION_FAILURE + * There was a failure in communication with the cryptoprocessor. + * The key material may still be present in the cryptoprocessor. + * \retval #PSA_ERROR_DATA_INVALID + * This error is typically a result of either storage corruption on a + * cleartext storage backend, or an attempt to read data that was + * written by an incompatible version of the library. + * \retval #PSA_ERROR_STORAGE_FAILURE + * The storage is corrupted. Implementations shall make a best effort + * to erase key material even in this stage, however applications + * should be aware that it may be impossible to guarantee that the + * key material is not recoverable in such cases. + * \retval #PSA_ERROR_CORRUPTION_DETECTED + * An unexpected condition which is not a storage corruption or + * a communication failure occurred. The cryptoprocessor may have + * been compromised. + * \retval #PSA_ERROR_BAD_STATE + * The library has not been previously initialized by psa_crypto_init(). + * It is implementation-dependent whether a failure to initialize + * results in this error code. + */ +psa_status_t psa_destroy_key(mbedtls_svc_key_id_t key); diff --git a/tests/psa-client-server/psasim/src/psa_sim_serialise.c b/tests/psa-client-server/psasim/src/psa_sim_serialise.c index 348e42c2b4..9e8c38bb57 100644 --- a/tests/psa-client-server/psasim/src/psa_sim_serialise.c +++ b/tests/psa-client-server/psasim/src/psa_sim_serialise.c @@ -97,6 +97,41 @@ static ssize_t find_hash_slot_by_handle(psasim_client_handle_t handle) return -1; /* all in use */ } +static psa_aead_operation_t aead_operations[MAX_LIVE_HANDLES_PER_CLASS]; +static psasim_client_handle_t aead_operation_handles[MAX_LIVE_HANDLES_PER_CLASS]; +static psasim_client_handle_t next_aead_operation_handle = 1; + +/* Get a free slot */ +static ssize_t allocate_aead_operation_slot(void) +{ + psasim_client_handle_t handle = next_aead_operation_handle++; + if (next_aead_operation_handle == 0) { /* wrapped around */ + fprintf(stderr, "MAX HASH HANDLES REACHED\n"); + exit(1); + } + + for (ssize_t i = 0; i < MAX_LIVE_HANDLES_PER_CLASS; i++) { + if (aead_operation_handles[i] == 0) { + aead_operation_handles[i] = handle; + return i; + } + } + + return -1; /* all in use */ +} + +/* Find the slot given the handle */ +static ssize_t find_aead_slot_by_handle(psasim_client_handle_t handle) +{ + for (ssize_t i = 0; i < MAX_LIVE_HANDLES_PER_CLASS; i++) { + if (aead_operation_handles[i] == handle) { + return i; + } + } + + return -1; /* all in use */ +} + size_t psasim_serialise_begin_needs(void) { /* The serialisation buffer will @@ -508,3 +543,166 @@ int psasim_server_deserialise_psa_hash_operation_t(uint8_t **pos, return 1; } + +size_t psasim_serialise_psa_aead_operation_t_needs(psa_aead_operation_t value) +{ + return sizeof(value); +} + +int psasim_serialise_psa_aead_operation_t(uint8_t **pos, + size_t *remaining, + psa_aead_operation_t value) +{ + if (*remaining < sizeof(value)) { + return 0; + } + + memcpy(*pos, &value, sizeof(value)); + *pos += sizeof(value); + + return 1; +} + +int psasim_deserialise_psa_aead_operation_t(uint8_t **pos, + size_t *remaining, + psa_aead_operation_t *value) +{ + if (*remaining < sizeof(*value)) { + return 0; + } + + memcpy(value, *pos, sizeof(*value)); + + *pos += sizeof(*value); + *remaining -= sizeof(*value); + + return 1; +} + +size_t psasim_server_serialise_psa_aead_operation_t_needs(psa_aead_operation_t *operation) +{ + (void) operation; + + /* We will actually return a handle */ + return sizeof(psasim_operation_t); +} + +int psasim_server_serialise_psa_aead_operation_t(uint8_t **pos, + size_t *remaining, + psa_aead_operation_t *operation) +{ + psasim_operation_t client_operation; + + if (*remaining < sizeof(client_operation)) { + return 0; + } + + ssize_t slot = operation - aead_operations; + + client_operation.handle = aead_operation_handles[slot]; + + memcpy(*pos, &client_operation, sizeof(client_operation)); + *pos += sizeof(client_operation); + + return 1; +} + +int psasim_server_deserialise_psa_aead_operation_t(uint8_t **pos, + size_t *remaining, + psa_aead_operation_t **operation) +{ + psasim_operation_t client_operation; + + if (*remaining < sizeof(psasim_operation_t)) { + return 0; + } + + memcpy(&client_operation, *pos, sizeof(psasim_operation_t)); + *pos += sizeof(psasim_operation_t); + *remaining -= sizeof(psasim_operation_t); + + ssize_t slot; + if (client_operation.handle == 0) { /* We need a new handle */ + slot = allocate_aead_operation_slot(); + } else { + slot = find_aead_slot_by_handle(client_operation.handle); + } + + if (slot < 0) { + return 0; + } + + *operation = &aead_operations[slot]; + + return 1; +} + +size_t psasim_serialise_psa_key_attributes_t_needs(psa_key_attributes_t value) +{ + return sizeof(value); +} + +int psasim_serialise_psa_key_attributes_t(uint8_t **pos, + size_t *remaining, + psa_key_attributes_t value) +{ + if (*remaining < sizeof(value)) { + return 0; + } + + memcpy(*pos, &value, sizeof(value)); + *pos += sizeof(value); + + return 1; +} + +int psasim_deserialise_psa_key_attributes_t(uint8_t **pos, + size_t *remaining, + psa_key_attributes_t *value) +{ + if (*remaining < sizeof(*value)) { + return 0; + } + + memcpy(value, *pos, sizeof(*value)); + + *pos += sizeof(*value); + *remaining -= sizeof(*value); + + return 1; +} + +size_t psasim_serialise_mbedtls_svc_key_id_t_needs(mbedtls_svc_key_id_t value) +{ + return sizeof(value); +} + +int psasim_serialise_mbedtls_svc_key_id_t(uint8_t **pos, + size_t *remaining, + mbedtls_svc_key_id_t value) +{ + if (*remaining < sizeof(value)) { + return 0; + } + + memcpy(*pos, &value, sizeof(value)); + *pos += sizeof(value); + + return 1; +} + +int psasim_deserialise_mbedtls_svc_key_id_t(uint8_t **pos, + size_t *remaining, + mbedtls_svc_key_id_t *value) +{ + if (*remaining < sizeof(*value)) { + return 0; + } + + memcpy(value, *pos, sizeof(*value)); + + *pos += sizeof(*value); + *remaining -= sizeof(*value); + + return 1; +} diff --git a/tests/psa-client-server/psasim/src/psa_sim_serialise.h b/tests/psa-client-server/psasim/src/psa_sim_serialise.h index 4ec7ec04fb..9c69e65cc0 100644 --- a/tests/psa-client-server/psasim/src/psa_sim_serialise.h +++ b/tests/psa-client-server/psasim/src/psa_sim_serialise.h @@ -450,3 +450,171 @@ int psasim_server_serialise_psa_hash_operation_t(uint8_t **pos, int psasim_server_deserialise_psa_hash_operation_t(uint8_t **pos, size_t *remaining, psa_hash_operation_t **value); + +/** Return how much buffer space is needed by \c psasim_serialise_psa_aead_operation_t() + * to serialise a `psa_aead_operation_t`. + * + * \param value The value that will be serialised into the buffer + * (needed in case some serialisations are value- + * dependent). + * + * \return The number of bytes needed in the buffer by + * \c psasim_serialise_psa_aead_operation_t() to serialise + * the given value. + */ +size_t psasim_serialise_psa_aead_operation_t_needs(psa_aead_operation_t value); + +/** Serialise a `psa_aead_operation_t` into a buffer. + * + * \param pos[in,out] Pointer to a `uint8_t *` holding current position + * in the buffer. + * \param remaining[in,out] Pointer to a `size_t` holding number of bytes + * remaining in the buffer. + * \param value The value to serialise into the buffer. + * + * \return \c 1 on success ("okay"), \c 0 on error. + */ +int psasim_serialise_psa_aead_operation_t(uint8_t **pos, + size_t *remaining, + psa_aead_operation_t value); + +/** Deserialise a `psa_aead_operation_t` from a buffer. + * + * \param pos[in,out] Pointer to a `uint8_t *` holding current position + * in the buffer. + * \param remaining[in,out] Pointer to a `size_t` holding number of bytes + * remaining in the buffer. + * \param value Pointer to a `psa_aead_operation_t` to receive the value + * deserialised from the buffer. + * + * \return \c 1 on success ("okay"), \c 0 on error. + */ +int psasim_deserialise_psa_aead_operation_t(uint8_t **pos, + size_t *remaining, + psa_aead_operation_t *value); + +/** Return how much buffer space is needed by \c psasim_server_serialise_psa_aead_operation_t() + * to serialise a `psa_aead_operation_t`. + * + * \param value The value that will be serialised into the buffer + * (needed in case some serialisations are value- + * dependent). + * + * \return The number of bytes needed in the buffer by + * \c psasim_serialise_psa_aead_operation_t() to serialise + * the given value. + */ +size_t psasim_server_serialise_psa_aead_operation_t_needs(psa_aead_operation_t *value); + +/** Serialise a `psa_aead_operation_t` into a buffer on the server side. + * + * \param pos[in,out] Pointer to a `uint8_t *` holding current position + * in the buffer. + * \param remaining[in,out] Pointer to a `size_t` holding number of bytes + * remaining in the buffer. + * \param value The value to serialise into the buffer. + * + * \return \c 1 on success ("okay"), \c 0 on error. + */ +int psasim_server_serialise_psa_aead_operation_t(uint8_t **pos, + size_t *remaining, + psa_aead_operation_t *value); + +/** Deserialise a `psa_aead_operation_t` from a buffer on the server side. + * + * \param pos[in,out] Pointer to a `uint8_t *` holding current position + * in the buffer. + * \param remaining[in,out] Pointer to a `size_t` holding number of bytes + * remaining in the buffer. + * \param value Pointer to a `psa_aead_operation_t` to receive the value + * deserialised from the buffer. + * + * \return \c 1 on success ("okay"), \c 0 on error. + */ +int psasim_server_deserialise_psa_aead_operation_t(uint8_t **pos, + size_t *remaining, + psa_aead_operation_t **value); + +/** Return how much buffer space is needed by \c psasim_serialise_psa_key_attributes_t() + * to serialise a `psa_key_attributes_t`. + * + * \param value The value that will be serialised into the buffer + * (needed in case some serialisations are value- + * dependent). + * + * \return The number of bytes needed in the buffer by + * \c psasim_serialise_psa_key_attributes_t() to serialise + * the given value. + */ +size_t psasim_serialise_psa_key_attributes_t_needs(psa_key_attributes_t value); + +/** Serialise a `psa_key_attributes_t` into a buffer. + * + * \param pos[in,out] Pointer to a `uint8_t *` holding current position + * in the buffer. + * \param remaining[in,out] Pointer to a `size_t` holding number of bytes + * remaining in the buffer. + * \param value The value to serialise into the buffer. + * + * \return \c 1 on success ("okay"), \c 0 on error. + */ +int psasim_serialise_psa_key_attributes_t(uint8_t **pos, + size_t *remaining, + psa_key_attributes_t value); + +/** Deserialise a `psa_key_attributes_t` from a buffer. + * + * \param pos[in,out] Pointer to a `uint8_t *` holding current position + * in the buffer. + * \param remaining[in,out] Pointer to a `size_t` holding number of bytes + * remaining in the buffer. + * \param value Pointer to a `psa_key_attributes_t` to receive the value + * deserialised from the buffer. + * + * \return \c 1 on success ("okay"), \c 0 on error. + */ +int psasim_deserialise_psa_key_attributes_t(uint8_t **pos, + size_t *remaining, + psa_key_attributes_t *value); + +/** Return how much buffer space is needed by \c psasim_serialise_mbedtls_svc_key_id_t() + * to serialise a `mbedtls_svc_key_id_t`. + * + * \param value The value that will be serialised into the buffer + * (needed in case some serialisations are value- + * dependent). + * + * \return The number of bytes needed in the buffer by + * \c psasim_serialise_mbedtls_svc_key_id_t() to serialise + * the given value. + */ +size_t psasim_serialise_mbedtls_svc_key_id_t_needs(mbedtls_svc_key_id_t value); + +/** Serialise a `mbedtls_svc_key_id_t` into a buffer. + * + * \param pos[in,out] Pointer to a `uint8_t *` holding current position + * in the buffer. + * \param remaining[in,out] Pointer to a `size_t` holding number of bytes + * remaining in the buffer. + * \param value The value to serialise into the buffer. + * + * \return \c 1 on success ("okay"), \c 0 on error. + */ +int psasim_serialise_mbedtls_svc_key_id_t(uint8_t **pos, + size_t *remaining, + mbedtls_svc_key_id_t value); + +/** Deserialise a `mbedtls_svc_key_id_t` from a buffer. + * + * \param pos[in,out] Pointer to a `uint8_t *` holding current position + * in the buffer. + * \param remaining[in,out] Pointer to a `size_t` holding number of bytes + * remaining in the buffer. + * \param value Pointer to a `mbedtls_svc_key_id_t` to receive the value + * deserialised from the buffer. + * + * \return \c 1 on success ("okay"), \c 0 on error. + */ +int psasim_deserialise_mbedtls_svc_key_id_t(uint8_t **pos, + size_t *remaining, + mbedtls_svc_key_id_t *value); diff --git a/tests/psa-client-server/psasim/src/psa_sim_serialise.pl b/tests/psa-client-server/psasim/src/psa_sim_serialise.pl index eb2893ea5f..e09bb818a5 100755 --- a/tests/psa-client-server/psasim/src/psa_sim_serialise.pl +++ b/tests/psa-client-server/psasim/src/psa_sim_serialise.pl @@ -38,7 +38,11 @@ die($usage) unless $which eq "c" || $which eq "h"; my @types = qw(unsigned-int int size_t buffer psa_status_t psa_algorithm_t - psa_hash_operation_t); + psa_hash_operation_t + psa_aead_operation_t + psa_key_attributes_t + mbedtls_svc_key_id_t); + grep(s/-/ /g, @types); # IS-A: Some data types are typedef'd; we serialise them as the other type diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 88d051b0f5..3bde6662bc 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -964,10 +964,14 @@ helper_crypto_client_build() { scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED scripts/config.py unset MBEDTLS_ECP_RESTARTABLE + scripts/config.py unset MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER else scripts/config.py crypto_full scripts/config.py unset MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS - scripts/config.py set MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER + # We need to match the client with MBEDTLS_PSA_CRYPTO_SE_C + scripts/config.py unset MBEDTLS_PSA_CRYPTO_SE_C + # Also ensure MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER not set (to match client) + scripts/config.py unset MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER fi make -C tests/psa-client-server/psasim/ CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS" $TARGET_LIB "$@" @@ -6223,6 +6227,7 @@ component_test_psasim() { helper_crypto_client_build client msg "build psasim to test psa_client" + rm -f tests/psa-client-server/psasim/test/psa_client # In case left behind make -C tests/psa-client-server/psasim CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS" test/psa_client msg "test psasim" @@ -6249,6 +6254,18 @@ component_test_psasim() { tests/psa-client-server/psasim/test/run_test.sh + # Next APIs under test: psa_aead_*(). Use our copy of the PSA aead example. + msg "build psasim to test all psa_aead_* APIs" + # Delete the executable to ensure we build using the right MAIN + rm tests/psa-client-server/psasim/test/psa_client + make -C tests/psa-client-server/psasim CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS" MAIN="src/aut_psa_aead_demo.c" test/psa_client + + msg "test psasim running psa_aead_demo sample" + tests/psa-client-server/psasim/test/run_test.sh aes128-gcm + tests/psa-client-server/psasim/test/run_test.sh aes256-gcm + tests/psa-client-server/psasim/test/run_test.sh aes128-gcm_8 + tests/psa-client-server/psasim/test/run_test.sh chachapoly + msg "clean psasim" make -C tests/psa-client-server/psasim clean } From 5cdc22b458bed3788667acd4f31b684b71b3ed57 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Wed, 12 Jun 2024 10:04:22 +0200 Subject: [PATCH 313/429] all.sh: Fix clean-up of Makefiles generated by CMake Signed-off-by: Ronald Cron --- tests/scripts/all.sh | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 35b3ff90bd..1f9b662831 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -327,8 +327,9 @@ cleanup() -iname CTestTestfile.cmake -o \ -iname CMakeCache.txt -o \ -path './cmake/*.cmake' \) -exec rm -f {} \+ - # Recover files overwritten by in-tree CMake builds - rm -f include/Makefile include/mbedtls/Makefile programs/!(fuzz)/Makefile + # Remove Makefiles generated by in-tree CMake builds + rm -f 3rdparty/Makefile 3rdparty/*/Makefile pkgconfig/Makefile framework/Makefile + rm -f include/Makefile programs/!(fuzz)/Makefile # Remove any artifacts from the component_test_cmake_as_subdirectory test. rm -rf programs/test/cmake_subproject/build From 28ce2380b07903ba37a02a0ae19400df55c8615d Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Wed, 12 Jun 2024 10:45:37 +0200 Subject: [PATCH 314/429] Add and update some .gitignore files Signed-off-by: Ronald Cron --- .gitignore | 3 +++ 3rdparty/p256-m/.gitignore | 1 + pkgconfig/.gitignore | 2 ++ programs/test/cmake_package/.gitignore | 1 + programs/test/cmake_package_install/.gitignore | 1 + 5 files changed, 8 insertions(+) create mode 100644 3rdparty/p256-m/.gitignore create mode 100644 pkgconfig/.gitignore diff --git a/.gitignore b/.gitignore index 12c775dff7..6068cbca76 100644 --- a/.gitignore +++ b/.gitignore @@ -2,6 +2,9 @@ seedfile # MBEDTLS_PSA_INJECT_ENTROPY seed file created by the test framework 00000000ffffff52.psa_its +# Log files created by all.sh to reduce the logs in case a component runs +# successfully +quiet-make.* # CMake build artifacts: CMakeCache.txt diff --git a/3rdparty/p256-m/.gitignore b/3rdparty/p256-m/.gitignore new file mode 100644 index 0000000000..f3c7a7c5da --- /dev/null +++ b/3rdparty/p256-m/.gitignore @@ -0,0 +1 @@ +Makefile diff --git a/pkgconfig/.gitignore b/pkgconfig/.gitignore new file mode 100644 index 0000000000..5460c20766 --- /dev/null +++ b/pkgconfig/.gitignore @@ -0,0 +1,2 @@ +Makefile +*.pc diff --git a/programs/test/cmake_package/.gitignore b/programs/test/cmake_package/.gitignore index 9ae6b59c4b..89d8c2bf69 100644 --- a/programs/test/cmake_package/.gitignore +++ b/programs/test/cmake_package/.gitignore @@ -1,3 +1,4 @@ build Makefile cmake_package +mbedtls diff --git a/programs/test/cmake_package_install/.gitignore b/programs/test/cmake_package_install/.gitignore index b9b828288b..aaa5942090 100644 --- a/programs/test/cmake_package_install/.gitignore +++ b/programs/test/cmake_package_install/.gitignore @@ -1,3 +1,4 @@ build Makefile cmake_package_install +mbedtls From d80134b56d74a3486c5e4d73f9b0546b5c045ca3 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Mon, 10 Jun 2024 09:33:51 +0200 Subject: [PATCH 315/429] Move PSA headers Move PSA headers to tf-psa-crypto directory. Signed-off-by: Ronald Cron --- {include => tf-psa-crypto/include}/psa/build_info.h | 0 {include => tf-psa-crypto/include}/psa/crypto.h | 0 .../include}/psa/crypto_adjust_auto_enabled.h | 0 .../include}/psa/crypto_adjust_config_dependencies.h | 0 .../include}/psa/crypto_adjust_config_key_pair_types.h | 0 .../include}/psa/crypto_adjust_config_synonyms.h | 0 .../include}/psa/crypto_builtin_composites.h | 0 .../include}/psa/crypto_builtin_key_derivation.h | 0 .../include}/psa/crypto_builtin_primitives.h | 0 {include => tf-psa-crypto/include}/psa/crypto_compat.h | 0 {include => tf-psa-crypto/include}/psa/crypto_config.h | 0 {include => tf-psa-crypto/include}/psa/crypto_driver_common.h | 0 .../include}/psa/crypto_driver_contexts_composites.h | 0 .../include}/psa/crypto_driver_contexts_key_derivation.h | 0 .../include}/psa/crypto_driver_contexts_primitives.h | 0 {include => tf-psa-crypto/include}/psa/crypto_extra.h | 0 {include => tf-psa-crypto/include}/psa/crypto_legacy.h | 0 {include => tf-psa-crypto/include}/psa/crypto_platform.h | 0 {include => tf-psa-crypto/include}/psa/crypto_se_driver.h | 0 {include => tf-psa-crypto/include}/psa/crypto_sizes.h | 0 {include => tf-psa-crypto/include}/psa/crypto_struct.h | 0 {include => tf-psa-crypto/include}/psa/crypto_types.h | 0 {include => tf-psa-crypto/include}/psa/crypto_values.h | 0 23 files changed, 0 insertions(+), 0 deletions(-) rename {include => tf-psa-crypto/include}/psa/build_info.h (100%) rename {include => tf-psa-crypto/include}/psa/crypto.h (100%) rename {include => tf-psa-crypto/include}/psa/crypto_adjust_auto_enabled.h (100%) rename {include => tf-psa-crypto/include}/psa/crypto_adjust_config_dependencies.h (100%) rename {include => tf-psa-crypto/include}/psa/crypto_adjust_config_key_pair_types.h (100%) rename {include => tf-psa-crypto/include}/psa/crypto_adjust_config_synonyms.h (100%) rename {include => tf-psa-crypto/include}/psa/crypto_builtin_composites.h (100%) rename {include => tf-psa-crypto/include}/psa/crypto_builtin_key_derivation.h (100%) rename {include => tf-psa-crypto/include}/psa/crypto_builtin_primitives.h (100%) rename {include => tf-psa-crypto/include}/psa/crypto_compat.h (100%) rename {include => tf-psa-crypto/include}/psa/crypto_config.h (100%) rename {include => tf-psa-crypto/include}/psa/crypto_driver_common.h (100%) rename {include => tf-psa-crypto/include}/psa/crypto_driver_contexts_composites.h (100%) rename {include => tf-psa-crypto/include}/psa/crypto_driver_contexts_key_derivation.h (100%) rename {include => tf-psa-crypto/include}/psa/crypto_driver_contexts_primitives.h (100%) rename {include => tf-psa-crypto/include}/psa/crypto_extra.h (100%) rename {include => tf-psa-crypto/include}/psa/crypto_legacy.h (100%) rename {include => tf-psa-crypto/include}/psa/crypto_platform.h (100%) rename {include => tf-psa-crypto/include}/psa/crypto_se_driver.h (100%) rename {include => tf-psa-crypto/include}/psa/crypto_sizes.h (100%) rename {include => tf-psa-crypto/include}/psa/crypto_struct.h (100%) rename {include => tf-psa-crypto/include}/psa/crypto_types.h (100%) rename {include => tf-psa-crypto/include}/psa/crypto_values.h (100%) diff --git a/include/psa/build_info.h b/tf-psa-crypto/include/psa/build_info.h similarity index 100% rename from include/psa/build_info.h rename to tf-psa-crypto/include/psa/build_info.h diff --git a/include/psa/crypto.h b/tf-psa-crypto/include/psa/crypto.h similarity index 100% rename from include/psa/crypto.h rename to tf-psa-crypto/include/psa/crypto.h diff --git a/include/psa/crypto_adjust_auto_enabled.h b/tf-psa-crypto/include/psa/crypto_adjust_auto_enabled.h similarity index 100% rename from include/psa/crypto_adjust_auto_enabled.h rename to tf-psa-crypto/include/psa/crypto_adjust_auto_enabled.h diff --git a/include/psa/crypto_adjust_config_dependencies.h b/tf-psa-crypto/include/psa/crypto_adjust_config_dependencies.h similarity index 100% rename from include/psa/crypto_adjust_config_dependencies.h rename to tf-psa-crypto/include/psa/crypto_adjust_config_dependencies.h diff --git a/include/psa/crypto_adjust_config_key_pair_types.h b/tf-psa-crypto/include/psa/crypto_adjust_config_key_pair_types.h similarity index 100% rename from include/psa/crypto_adjust_config_key_pair_types.h rename to tf-psa-crypto/include/psa/crypto_adjust_config_key_pair_types.h diff --git a/include/psa/crypto_adjust_config_synonyms.h b/tf-psa-crypto/include/psa/crypto_adjust_config_synonyms.h similarity index 100% rename from include/psa/crypto_adjust_config_synonyms.h rename to tf-psa-crypto/include/psa/crypto_adjust_config_synonyms.h diff --git a/include/psa/crypto_builtin_composites.h b/tf-psa-crypto/include/psa/crypto_builtin_composites.h similarity index 100% rename from include/psa/crypto_builtin_composites.h rename to tf-psa-crypto/include/psa/crypto_builtin_composites.h diff --git a/include/psa/crypto_builtin_key_derivation.h b/tf-psa-crypto/include/psa/crypto_builtin_key_derivation.h similarity index 100% rename from include/psa/crypto_builtin_key_derivation.h rename to tf-psa-crypto/include/psa/crypto_builtin_key_derivation.h diff --git a/include/psa/crypto_builtin_primitives.h b/tf-psa-crypto/include/psa/crypto_builtin_primitives.h similarity index 100% rename from include/psa/crypto_builtin_primitives.h rename to tf-psa-crypto/include/psa/crypto_builtin_primitives.h diff --git a/include/psa/crypto_compat.h b/tf-psa-crypto/include/psa/crypto_compat.h similarity index 100% rename from include/psa/crypto_compat.h rename to tf-psa-crypto/include/psa/crypto_compat.h diff --git a/include/psa/crypto_config.h b/tf-psa-crypto/include/psa/crypto_config.h similarity index 100% rename from include/psa/crypto_config.h rename to tf-psa-crypto/include/psa/crypto_config.h diff --git a/include/psa/crypto_driver_common.h b/tf-psa-crypto/include/psa/crypto_driver_common.h similarity index 100% rename from include/psa/crypto_driver_common.h rename to tf-psa-crypto/include/psa/crypto_driver_common.h diff --git a/include/psa/crypto_driver_contexts_composites.h b/tf-psa-crypto/include/psa/crypto_driver_contexts_composites.h similarity index 100% rename from include/psa/crypto_driver_contexts_composites.h rename to tf-psa-crypto/include/psa/crypto_driver_contexts_composites.h diff --git a/include/psa/crypto_driver_contexts_key_derivation.h b/tf-psa-crypto/include/psa/crypto_driver_contexts_key_derivation.h similarity index 100% rename from include/psa/crypto_driver_contexts_key_derivation.h rename to tf-psa-crypto/include/psa/crypto_driver_contexts_key_derivation.h diff --git a/include/psa/crypto_driver_contexts_primitives.h b/tf-psa-crypto/include/psa/crypto_driver_contexts_primitives.h similarity index 100% rename from include/psa/crypto_driver_contexts_primitives.h rename to tf-psa-crypto/include/psa/crypto_driver_contexts_primitives.h diff --git a/include/psa/crypto_extra.h b/tf-psa-crypto/include/psa/crypto_extra.h similarity index 100% rename from include/psa/crypto_extra.h rename to tf-psa-crypto/include/psa/crypto_extra.h diff --git a/include/psa/crypto_legacy.h b/tf-psa-crypto/include/psa/crypto_legacy.h similarity index 100% rename from include/psa/crypto_legacy.h rename to tf-psa-crypto/include/psa/crypto_legacy.h diff --git a/include/psa/crypto_platform.h b/tf-psa-crypto/include/psa/crypto_platform.h similarity index 100% rename from include/psa/crypto_platform.h rename to tf-psa-crypto/include/psa/crypto_platform.h diff --git a/include/psa/crypto_se_driver.h b/tf-psa-crypto/include/psa/crypto_se_driver.h similarity index 100% rename from include/psa/crypto_se_driver.h rename to tf-psa-crypto/include/psa/crypto_se_driver.h diff --git a/include/psa/crypto_sizes.h b/tf-psa-crypto/include/psa/crypto_sizes.h similarity index 100% rename from include/psa/crypto_sizes.h rename to tf-psa-crypto/include/psa/crypto_sizes.h diff --git a/include/psa/crypto_struct.h b/tf-psa-crypto/include/psa/crypto_struct.h similarity index 100% rename from include/psa/crypto_struct.h rename to tf-psa-crypto/include/psa/crypto_struct.h diff --git a/include/psa/crypto_types.h b/tf-psa-crypto/include/psa/crypto_types.h similarity index 100% rename from include/psa/crypto_types.h rename to tf-psa-crypto/include/psa/crypto_types.h diff --git a/include/psa/crypto_values.h b/tf-psa-crypto/include/psa/crypto_values.h similarity index 100% rename from include/psa/crypto_values.h rename to tf-psa-crypto/include/psa/crypto_values.h From c7e9e367bbee2ab31f3964d60f68e24cc33b4ea9 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Mon, 10 Jun 2024 09:41:49 +0200 Subject: [PATCH 316/429] Adjust build systems Adjust build systems such as we can build Mbed TLS in the default and full configuration. Signed-off-by: Ronald Cron --- 3rdparty/everest/CMakeLists.txt | 1 + 3rdparty/p256-m/CMakeLists.txt | 1 + CMakeLists.txt | 2 ++ framework | 2 +- library/CMakeLists.txt | 1 + library/Makefile | 8 ++++---- programs/Makefile | 4 ++-- programs/psa/CMakeLists.txt | 4 ++-- programs/test/CMakeLists.txt | 12 ++++++++---- scripts/common.make | 2 +- scripts/generate_psa_constants.py | 5 +++-- scripts/generate_query_config.pl | 2 +- scripts/generate_visualc_files.pl | 3 ++- tests/CMakeLists.txt | 6 +++--- tests/Makefile | 12 +++++++----- tests/psa-client-server/psasim/Makefile | 2 +- 16 files changed, 40 insertions(+), 27 deletions(-) diff --git a/3rdparty/everest/CMakeLists.txt b/3rdparty/everest/CMakeLists.txt index e0e5adecd1..8c8e8db04a 100644 --- a/3rdparty/everest/CMakeLists.txt +++ b/3rdparty/everest/CMakeLists.txt @@ -8,6 +8,7 @@ add_library(${everest_target} target_include_directories(${everest_target} PUBLIC $ $ + $ $ PRIVATE include/everest include/everest/kremlib diff --git a/3rdparty/p256-m/CMakeLists.txt b/3rdparty/p256-m/CMakeLists.txt index 2ef0d48b7d..bd302a7b66 100644 --- a/3rdparty/p256-m/CMakeLists.txt +++ b/3rdparty/p256-m/CMakeLists.txt @@ -8,6 +8,7 @@ target_include_directories(${p256m_target} PUBLIC $ $ $ + $ $ PRIVATE ${MBEDTLS_DIR}/library/) diff --git a/CMakeLists.txt b/CMakeLists.txt index e47667545a..b50dac9fc9 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -349,6 +349,7 @@ if(ENABLE_TESTING OR ENABLE_PROGRAMS) target_include_directories(mbedtls_test PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/tests/include PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/include + PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/tf-psa-crypto/include PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/library) # Request C11, needed for memory poisoning tests set_target_properties(mbedtls_test PROPERTIES C_STANDARD 11) @@ -359,6 +360,7 @@ if(ENABLE_TESTING OR ENABLE_PROGRAMS) target_include_directories(mbedtls_test_helpers PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/tests/include PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/include + PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/tf-psa-crypto/include PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/library PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/3rdparty/everest/include) diff --git a/framework b/framework index 623c1b4532..030b14c2bc 160000 --- a/framework +++ b/framework @@ -1 +1 @@ -Subproject commit 623c1b4532e8de64a5d82ea84a7496e64c370d15 +Subproject commit 030b14c2bce1dff5bd28b08b2c00b6bc1fdd66d5 diff --git a/library/CMakeLists.txt b/library/CMakeLists.txt index 37a9724559..5ccbe64161 100644 --- a/library/CMakeLists.txt +++ b/library/CMakeLists.txt @@ -329,6 +329,7 @@ foreach(target IN LISTS target_libraries) # of /library (which currently means: under /3rdparty). target_include_directories(${target} PUBLIC $ + $ $ PRIVATE ${MBEDTLS_DIR}/library/ # Needed to include psa_crypto_driver_wrappers.h diff --git a/library/Makefile b/library/Makefile index 388fcea612..4eadf41053 100644 --- a/library/Makefile +++ b/library/Makefile @@ -28,11 +28,11 @@ CFLAGS ?= -O2 WARNING_CFLAGS ?= -Wall -Wextra -Wformat=2 -Wno-format-nonliteral LDFLAGS ?= -# Include ../include for public headers and . for private headers. -# Note that . needs to be included explicitly for the sake of library -# files that are not in the /library directory (which currently means +# Include ../include, ../tf-psa-crypto/include for public headers and . for +# private headers. Note that . needs to be included explicitly for the sake of +# library files that are not in the /library directory (which currently means # under /3rdparty). -LOCAL_CFLAGS = $(WARNING_CFLAGS) -I. -I../include -D_FILE_OFFSET_BITS=64 +LOCAL_CFLAGS = $(WARNING_CFLAGS) -I. -I../include -I../tf-psa-crypto/include -D_FILE_OFFSET_BITS=64 LOCAL_LDFLAGS = ifdef DEBUG diff --git a/programs/Makefile b/programs/Makefile index 8d1da6dbe7..9b48cc0f05 100644 --- a/programs/Makefile +++ b/programs/Makefile @@ -127,8 +127,8 @@ GENERATED_FILES = psa/psa_constant_names_generated.c test/query_config.c generated_files: $(GENERATED_FILES) psa/psa_constant_names_generated.c: $(gen_file_dep) ../scripts/generate_psa_constants.py -psa/psa_constant_names_generated.c: $(gen_file_dep) ../include/psa/crypto_values.h -psa/psa_constant_names_generated.c: $(gen_file_dep) ../include/psa/crypto_extra.h +psa/psa_constant_names_generated.c: $(gen_file_dep) ../tf-psa-crypto/include/psa/crypto_values.h +psa/psa_constant_names_generated.c: $(gen_file_dep) ../tf-psa-crypto/include/psa/crypto_extra.h psa/psa_constant_names_generated.c: $(gen_file_dep) ../tests/suites/test_suite_psa_crypto_metadata.data psa/psa_constant_names_generated.c: echo " Gen $@" diff --git a/programs/psa/CMakeLists.txt b/programs/psa/CMakeLists.txt index a8e4b0e372..c0843e1233 100644 --- a/programs/psa/CMakeLists.txt +++ b/programs/psa/CMakeLists.txt @@ -19,8 +19,8 @@ if(GEN_FILES) ${CMAKE_CURRENT_SOURCE_DIR}/../.. DEPENDS ${CMAKE_CURRENT_SOURCE_DIR}/../../scripts/generate_psa_constants.py - ${CMAKE_CURRENT_SOURCE_DIR}/../../include/psa/crypto_values.h - ${CMAKE_CURRENT_SOURCE_DIR}/../../include/psa/crypto_extra.h + ${CMAKE_CURRENT_SOURCE_DIR}/../../tf-psa-crypto/include/psa/crypto_values.h + ${CMAKE_CURRENT_SOURCE_DIR}/../../tf-psa-crypto/include/psa/crypto_extra.h ) else() link_to_source(psa_constant_names_generated.c) diff --git a/programs/test/CMakeLists.txt b/programs/test/CMakeLists.txt index 0d43ffddd3..08fb321312 100644 --- a/programs/test/CMakeLists.txt +++ b/programs/test/CMakeLists.txt @@ -25,14 +25,18 @@ if(TEST_CPP) WORKING_DIRECTORY "${CMAKE_CURRENT_SOURCE_DIR}" ) add_executable(cpp_dummy_build "${cpp_dummy_build_cpp}") - target_include_directories(cpp_dummy_build PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../include) + target_include_directories(cpp_dummy_build + PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../include + PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../tf-psa-crypto/include) target_link_libraries(cpp_dummy_build ${mbedcrypto_target} ${CMAKE_THREAD_LIBS_INIT}) endif() if(USE_SHARED_MBEDTLS_LIBRARY AND NOT ${CMAKE_SYSTEM_NAME} MATCHES "[Ww][Ii][Nn]") add_executable(dlopen "dlopen.c") - target_include_directories(dlopen PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../include) + target_include_directories(dlopen + PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../include + PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../tf-psa-crypto/include) target_link_libraries(dlopen ${CMAKE_DL_LIBS}) endif() @@ -46,13 +50,13 @@ if(GEN_FILES) ${PERL} ${CMAKE_CURRENT_SOURCE_DIR}/../../scripts/generate_query_config.pl ${CMAKE_CURRENT_SOURCE_DIR}/../../include/mbedtls/mbedtls_config.h - ${CMAKE_CURRENT_SOURCE_DIR}/../../include/psa/crypto_config.h + ${CMAKE_CURRENT_SOURCE_DIR}/../../tf-psa-crypto/include/psa/crypto_config.h ${CMAKE_CURRENT_SOURCE_DIR}/../../scripts/data_files/query_config.fmt ${CMAKE_CURRENT_BINARY_DIR}/query_config.c DEPENDS ${CMAKE_CURRENT_SOURCE_DIR}/../../scripts/generate_query_config.pl ${CMAKE_CURRENT_SOURCE_DIR}/../../include/mbedtls/mbedtls_config.h - ${CMAKE_CURRENT_SOURCE_DIR}/../../include/psa/crypto_config.h + ${CMAKE_CURRENT_SOURCE_DIR}/../../tf-psa-crypto/include/psa/crypto_config.h ${CMAKE_CURRENT_SOURCE_DIR}/../../scripts/data_files/query_config.fmt ) # this file will also be used in another directory, so create a target, see diff --git a/scripts/common.make b/scripts/common.make index 9908a3c265..702ef5c670 100644 --- a/scripts/common.make +++ b/scripts/common.make @@ -21,7 +21,7 @@ WARNING_CFLAGS ?= -Wall -Wextra -Wformat=2 -Wno-format-nonliteral WARNING_CXXFLAGS ?= -Wall -Wextra -Wformat=2 -Wno-format-nonliteral LDFLAGS ?= -LOCAL_CFLAGS = $(WARNING_CFLAGS) -I$(MBEDTLS_TEST_PATH)/include -I$(MBEDTLS_PATH)/include -D_FILE_OFFSET_BITS=64 +LOCAL_CFLAGS = $(WARNING_CFLAGS) -I$(MBEDTLS_TEST_PATH)/include -I$(MBEDTLS_PATH)/include -I$(MBEDTLS_PATH)/tf-psa-crypto/include -D_FILE_OFFSET_BITS=64 LOCAL_CXXFLAGS = $(WARNING_CXXFLAGS) -I$(MBEDTLS_PATH)/include -I$(MBEDTLS_PATH)/tests/include -D_FILE_OFFSET_BITS=64 LOCAL_LDFLAGS = ${MBEDTLS_TEST_OBJS} \ -L$(MBEDTLS_PATH)/library \ diff --git a/scripts/generate_psa_constants.py b/scripts/generate_psa_constants.py index d57d46a299..d472c6dc51 100755 --- a/scripts/generate_psa_constants.py +++ b/scripts/generate_psa_constants.py @@ -328,6 +328,7 @@ if __name__ == '__main__': build_tree.chdir_to_root() # Allow to change the directory where psa_constant_names_generated.c is written to. OUTPUT_FILE_DIR = sys.argv[1] if len(sys.argv) == 2 else "programs/psa" - generate_psa_constants(['include/psa/crypto_values.h', - 'include/psa/crypto_extra.h'], + + generate_psa_constants(['tf-psa-crypto/include/psa/crypto_values.h', + 'tf-psa-crypto/include/psa/crypto_extra.h'], OUTPUT_FILE_DIR + '/psa_constant_names_generated.c') diff --git a/scripts/generate_query_config.pl b/scripts/generate_query_config.pl index 39743da6d1..6a2f9cbdfa 100755 --- a/scripts/generate_query_config.pl +++ b/scripts/generate_query_config.pl @@ -26,7 +26,7 @@ use strict; my ($mbedtls_config_file, $psa_crypto_config_file, $query_config_format_file, $query_config_file); my $default_mbedtls_config_file = "./include/mbedtls/mbedtls_config.h"; -my $default_psa_crypto_config_file = "./include/psa/crypto_config.h"; +my $default_psa_crypto_config_file = "./tf-psa-crypto/include/psa/crypto_config.h"; my $default_query_config_format_file = "./scripts/data_files/query_config.fmt"; my $default_query_config_file = "./programs/test/query_config.c"; diff --git a/scripts/generate_visualc_files.pl b/scripts/generate_visualc_files.pl index a0dfc57bff..b566372e1a 100755 --- a/scripts/generate_visualc_files.pl +++ b/scripts/generate_visualc_files.pl @@ -23,7 +23,7 @@ my $vsx_sln_file = "$vsx_dir/mbedTLS.sln"; my $programs_dir = 'programs'; my $mbedtls_header_dir = 'include/mbedtls'; -my $psa_header_dir = 'include/psa'; +my $psa_header_dir = 'tf-psa-crypto/include/psa'; my $source_dir = 'library'; my $test_source_dir = 'tests/src'; my $test_header_dir = 'tests/include/test'; @@ -44,6 +44,7 @@ my @thirdparty_source_dirs = qw( # one directory: the compiler will use the first match. my @include_directories = qw( include + tf-psa-crypto/include 3rdparty/everest/include/ 3rdparty/everest/include/everest 3rdparty/everest/include/everest/vs2013 diff --git a/tests/CMakeLists.txt b/tests/CMakeLists.txt index 5bc38b4e70..62be14e533 100644 --- a/tests/CMakeLists.txt +++ b/tests/CMakeLists.txt @@ -126,9 +126,9 @@ if(GEN_FILES) ${CMAKE_CURRENT_SOURCE_DIR}/../framework/scripts/mbedtls_framework/psa_storage.py ${CMAKE_CURRENT_SOURCE_DIR}/../framework/scripts/mbedtls_framework/test_case.py ${CMAKE_CURRENT_SOURCE_DIR}/../framework/scripts/mbedtls_framework/test_data_generation.py - ${CMAKE_CURRENT_SOURCE_DIR}/../include/psa/crypto_config.h - ${CMAKE_CURRENT_SOURCE_DIR}/../include/psa/crypto_values.h - ${CMAKE_CURRENT_SOURCE_DIR}/../include/psa/crypto_extra.h + ${CMAKE_CURRENT_SOURCE_DIR}/../tf-psa-crypto/include/psa/crypto_config.h + ${CMAKE_CURRENT_SOURCE_DIR}/../tf-psa-crypto/include/psa/crypto_values.h + ${CMAKE_CURRENT_SOURCE_DIR}/../tf-psa-crypto/include/psa/crypto_extra.h ) else() diff --git a/tests/Makefile b/tests/Makefile index 1d5c76823c..6367b3eb82 100644 --- a/tests/Makefile +++ b/tests/Makefile @@ -84,9 +84,9 @@ generated_psa_test_data: ../framework/scripts/mbedtls_framework/test_data_genera ## file all the time when switching between configurations, don't declare ## crypto_config.h as a dependency. Remove this file from your working tree ## if you've just added or removed an option in crypto_config.h. -#generated_psa_test_data: ../include/psa/crypto_config.h -generated_psa_test_data: ../include/psa/crypto_values.h -generated_psa_test_data: ../include/psa/crypto_extra.h +#generated_psa_test_data: ../tf-psa-crypto/include/psa/crypto_config.h +generated_psa_test_data: ../tf-psa-crypto/include/psa/crypto_values.h +generated_psa_test_data: ../tf-psa-crypto/include/psa/crypto_extra.h generated_psa_test_data: suites/test_suite_psa_crypto_metadata.data generated_psa_test_data: echo " Gen $(GENERATED_PSA_DATA_FILES) ..." @@ -206,6 +206,8 @@ test: check # Generate variants of some headers for testing include/alt-extra/%_alt.h: ../include/%.h perl -p -e 's/^(# *(define|ifndef) +\w+_)H\b/$${1}ALT_H/' $< >$@ +include/alt-extra/%_alt.h: ../tf-psa-crypto/include/%.h + perl -p -e 's/^(# *(define|ifndef) +\w+_)H\b/$${1}ALT_H/' $< >$@ # Generate test library @@ -254,7 +256,7 @@ libtestdriver1.a: cp ./libtestdriver1/library/libmbedcrypto.a ../library/libtestdriver1.a ifdef RECORD_PSA_STATUS_COVERAGE_LOG -include/test/instrument_record_status.h: ../include/psa/crypto.h Makefile +include/test/instrument_record_status.h: ../tf-psa-crypto/include/psa/crypto.h Makefile echo " Gen $@" - sed <../include/psa/crypto.h >$@ -n 's/^psa_status_t \([A-Za-z0-9_]*\)(.*/#define \1(...) RECORD_STATUS("\1", \1(__VA_ARGS__))/p' + sed <../tf-psa-crypto/include/psa/crypto.h >$@ -n 's/^psa_status_t \([A-Za-z0-9_]*\)(.*/#define \1(...) RECORD_STATUS("\1", \1(__VA_ARGS__))/p' endif diff --git a/tests/psa-client-server/psasim/Makefile b/tests/psa-client-server/psasim/Makefile index 06d3059b4b..093f3b92c7 100644 --- a/tests/psa-client-server/psasim/Makefile +++ b/tests/psa-client-server/psasim/Makefile @@ -10,7 +10,7 @@ LIBPSACLIENT := -Llibpsaclient/ -lmbedcrypto -lmbedx509 -lmbedtls LIBPSASERVER := -Llibpsaserver/ -lmbedcrypto MBEDTLS_ROOT_PATH = ../../.. -COMMON_INCLUDE := -I./include -I$(MBEDTLS_ROOT_PATH)/include +COMMON_INCLUDE := -I./include -I$(MBEDTLS_ROOT_PATH)/include -I$(MBEDTLS_ROOT_PATH)/tf-psa-crypto/include TEST_BIN = test/psa_client \ test/psa_partition From ebd153e6a997082ec77ec1b05a1de41d304f1bf9 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Mon, 10 Jun 2024 15:56:30 +0200 Subject: [PATCH 317/429] Adapt make apidoc Signed-off-by: Ronald Cron --- doxygen/mbedtls.doxyfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/doxygen/mbedtls.doxyfile b/doxygen/mbedtls.doxyfile index c4505ac239..847deb01ae 100644 --- a/doxygen/mbedtls.doxyfile +++ b/doxygen/mbedtls.doxyfile @@ -6,7 +6,7 @@ EXTRACT_ALL = YES EXTRACT_PRIVATE = YES EXTRACT_STATIC = YES CASE_SENSE_NAMES = NO -INPUT = ../include input ../tests/include/alt-dummy +INPUT = ../include ../tf-psa-crypto/include input ../tests/include/alt-dummy FILE_PATTERNS = *.h RECURSIVE = YES EXCLUDE_SYMLINKS = YES @@ -21,7 +21,7 @@ GENERATE_LATEX = NO GENERATE_XML = YES MACRO_EXPANSION = YES EXPAND_ONLY_PREDEF = YES -INCLUDE_PATH = ../include +INCLUDE_PATH = ../include ../tf-psa-crypto/include EXPAND_AS_DEFINED = MBEDTLS_PRIVATE CLASS_DIAGRAMS = NO HAVE_DOT = YES From db9d518e7ca025763f605796b991fab97dbd5ad6 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Mon, 10 Jun 2024 15:58:23 +0200 Subject: [PATCH 318/429] Adapt make cscope Signed-off-by: Ronald Cron --- Makefile | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/Makefile b/Makefile index fb80529efa..3f62b6636c 100644 --- a/Makefile +++ b/Makefile @@ -197,6 +197,7 @@ C_SOURCE_FILES = $(wildcard \ 3rdparty/*/*.c 3rdparty/*/*/*.c 3rdparty/*/*/*/*.c 3rdparty/*/*/*/*/*.c \ include/*/*.h \ library/*.[hc] \ + tf-psa-crypto/include/*/*.h \ programs/*/*.[hc] \ tests/include/*/*.h tests/include/*/*/*.h \ tests/src/*.c tests/src/*/*.c \ @@ -213,5 +214,5 @@ GPATH GRTAGS GSYMS GTAGS: $(C_SOURCE_FILES) ls $(C_SOURCE_FILES) | gtags -f - --gtagsconf .globalrc cscope: cscope.in.out cscope.po.out cscope.out cscope.in.out cscope.po.out cscope.out: $(C_SOURCE_FILES) - cscope -bq -u -Iinclude -Ilibrary $(patsubst %,-I%,$(wildcard 3rdparty/*/include)) -Itests/include $(C_SOURCE_FILES) + cscope -bq -u -Iinclude -Ilibrary -Itf-psa-crypto/include $(patsubst %,-I%,$(wildcard 3rdparty/*/include)) -Itests/include $(C_SOURCE_FILES) .PHONY: cscope global From 2581d91fdac0c60e9d06dbc378579ee1103259aa Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Mon, 10 Jun 2024 16:05:53 +0200 Subject: [PATCH 319/429] Adapt libraries installation Signed-off-by: Ronald Cron --- CMakeLists.txt | 2 ++ Makefile | 2 +- include/CMakeLists.txt | 7 ----- tf-psa-crypto/.gitignore | 1 + tf-psa-crypto/CMakeLists.txt | 38 ++++++++++++++++++++++++++++ tf-psa-crypto/include/.gitignore | 1 + tf-psa-crypto/include/CMakeLists.txt | 16 ++++++++++++ 7 files changed, 59 insertions(+), 8 deletions(-) create mode 100644 tf-psa-crypto/.gitignore create mode 100644 tf-psa-crypto/CMakeLists.txt create mode 100644 tf-psa-crypto/include/.gitignore create mode 100644 tf-psa-crypto/include/CMakeLists.txt diff --git a/CMakeLists.txt b/CMakeLists.txt index b50dac9fc9..b52058aa6a 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -294,6 +294,8 @@ add_subdirectory(3rdparty) add_subdirectory(library) +add_subdirectory(tf-psa-crypto) + add_subdirectory(pkgconfig) # diff --git a/Makefile b/Makefile index 3f62b6636c..0f1f3da8fd 100644 --- a/Makefile +++ b/Makefile @@ -96,7 +96,7 @@ install: no_test mkdir -p $(DESTDIR)/include/mbedtls cp -rp include/mbedtls $(DESTDIR)/include mkdir -p $(DESTDIR)/include/psa - cp -rp include/psa $(DESTDIR)/include + cp -rp tf-psa-crypto/include/psa $(DESTDIR)/include mkdir -p $(DESTDIR)/lib cp -RP library/libmbedtls.* $(DESTDIR)/lib diff --git a/include/CMakeLists.txt b/include/CMakeLists.txt index e11e2715af..755efedd1c 100644 --- a/include/CMakeLists.txt +++ b/include/CMakeLists.txt @@ -3,20 +3,13 @@ option(INSTALL_MBEDTLS_HEADERS "Install Mbed TLS headers." ON) if(INSTALL_MBEDTLS_HEADERS) file(GLOB headers "mbedtls/*.h") - file(GLOB psa_headers "psa/*.h") install(FILES ${headers} DESTINATION include/mbedtls PERMISSIONS OWNER_READ OWNER_WRITE GROUP_READ WORLD_READ) - - install(FILES ${psa_headers} - DESTINATION include/psa - PERMISSIONS OWNER_READ OWNER_WRITE GROUP_READ WORLD_READ) - endif(INSTALL_MBEDTLS_HEADERS) # Make mbedtls_config.h available in an out-of-source build. ssl-opt.sh requires it. if (ENABLE_TESTING AND NOT ${CMAKE_CURRENT_BINARY_DIR} STREQUAL ${CMAKE_CURRENT_SOURCE_DIR}) link_to_source(mbedtls) - link_to_source(psa) endif() diff --git a/tf-psa-crypto/.gitignore b/tf-psa-crypto/.gitignore new file mode 100644 index 0000000000..f3c7a7c5da --- /dev/null +++ b/tf-psa-crypto/.gitignore @@ -0,0 +1 @@ +Makefile diff --git a/tf-psa-crypto/CMakeLists.txt b/tf-psa-crypto/CMakeLists.txt new file mode 100644 index 0000000000..1425abb4c6 --- /dev/null +++ b/tf-psa-crypto/CMakeLists.txt @@ -0,0 +1,38 @@ +# +# CMake build system design considerations: +# +# - Include directories: +# + Do not define include directories globally using the include_directories +# command but rather at the target level using the +# target_include_directories command. That way, it is easier to guarantee +# that targets are built using the proper list of include directories. +# + Use the PUBLIC and PRIVATE keywords to specify the scope of include +# directories. That way, a target linking to a library (using the +# target_link_libraries command) inherits from the library PUBLIC include +# directories and not from the PRIVATE ones. +# - TF_PSA_CRYPTO_TARGET_PREFIX: CMake targets are designed to be alterable by +# calling CMake in order to avoid target name clashes, via the use of +# TF_PSA_CRYPTO_TARGET_PREFIX. The value of this variable is prefixed to the +# tfpsacrypto and apidoc targets. +# + +# We specify a minimum requirement of 3.10.2, but for now use 3.5.1 here +# until our infrastructure catches up. +cmake_minimum_required(VERSION 3.5.1) + +# https://cmake.org/cmake/help/latest/policy/CMP0011.html +# Setting this policy is required in CMake >= 3.18.0, otherwise a warning is generated. The OLD +# policy setting is deprecated, and will be removed in future versions. +cmake_policy(SET CMP0011 NEW) +# https://cmake.org/cmake/help/latest/policy/CMP0012.html +# Setting the CMP0012 policy to NEW is required for FindPython3 to work with CMake 3.18.2 +# (there is a bug in this particular version), otherwise, setting the CMP0012 policy is required +# for CMake versions >= 3.18.3 otherwise a deprecated warning is generated. The OLD policy setting +# is deprecated and will be removed in future versions. +cmake_policy(SET CMP0012 NEW) + +if(LIB_INSTALL_DIR) + set(CMAKE_INSTALL_LIBDIR "${LIB_INSTALL_DIR}") +endif() + +add_subdirectory(include) diff --git a/tf-psa-crypto/include/.gitignore b/tf-psa-crypto/include/.gitignore new file mode 100644 index 0000000000..f3c7a7c5da --- /dev/null +++ b/tf-psa-crypto/include/.gitignore @@ -0,0 +1 @@ +Makefile diff --git a/tf-psa-crypto/include/CMakeLists.txt b/tf-psa-crypto/include/CMakeLists.txt new file mode 100644 index 0000000000..dea92fe6ef --- /dev/null +++ b/tf-psa-crypto/include/CMakeLists.txt @@ -0,0 +1,16 @@ +option(INSTALL_PSA_CRYPTO_HEADERS "Install PSA Crypto headers." ON) + +if(INSTALL_PSA_CRYPTO_HEADERS) + + file(GLOB psa_headers "psa/*.h") + + install(FILES ${psa_headers} + DESTINATION include/psa + PERMISSIONS OWNER_READ OWNER_WRITE GROUP_READ WORLD_READ) + +endif(INSTALL_PSA_CRYPTO_HEADERS) + +# Make includes available in an out-of-source build. ssl-opt.sh requires it. +if (ENABLE_TESTING AND NOT ${CMAKE_CURRENT_BINARY_DIR} STREQUAL ${CMAKE_CURRENT_SOURCE_DIR}) + link_to_source(psa) +endif() From 1451a76958b3347902144e81a2f150742e0786cb Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Mon, 10 Jun 2024 16:02:04 +0200 Subject: [PATCH 320/429] Adapt libtestdriver1 build Signed-off-by: Ronald Cron --- tests/Makefile | 14 +++++++++----- tests/src/drivers/test_driver_key_agreement.c | 2 +- .../psa/crypto_driver_contexts_composites.h | 2 +- .../psa/crypto_driver_contexts_primitives.h | 2 +- 4 files changed, 12 insertions(+), 8 deletions(-) diff --git a/tests/Makefile b/tests/Makefile index 6367b3eb82..d1d5ed9721 100644 --- a/tests/Makefile +++ b/tests/Makefile @@ -7,6 +7,7 @@ TEST_FLAGS ?= $(if $(filter-out 0 OFF Off off NO No no FALSE False false N n,$(C # Also include library headers, for the sake of invasive tests. LOCAL_CFLAGS += -I../library + # Enable definition of various functions used throughout the testsuite # (gethostname, strdup, fileno...) even when compiling with -std=c99. Harmless # on non-POSIX platforms. @@ -216,7 +217,8 @@ include/alt-extra/%_alt.h: ../tf-psa-crypto/include/%.h # library. Add a LIBTESTDRIVER1_/libtestdriver1_ to mbedtls_xxx and psa_xxx # symbols. define libtestdriver1_rewrite := - s!^(\s*#\s*include\s*[\"<])(mbedtls|psa)/!$${1}libtestdriver1/include/$${2}/!; \ + s!^(\s*#\s*include\s*[\"<])mbedtls/!$${1}libtestdriver1/include/mbedtls/!; \ + s!^(\s*#\s*include\s*[\"<])psa/!$${1}libtestdriver1/tf-psa-crypto/include/psa/!; \ next if /^\s*#\s*include/; \ s/\b(?=MBEDTLS_|PSA_)/LIBTESTDRIVER1_/g; \ s/\b(?=mbedtls_|psa_)/libtestdriver1_/g; @@ -229,6 +231,7 @@ libtestdriver1.a: mkdir ./libtestdriver1 cp -Rf ../library ./libtestdriver1 cp -Rf ../include ./libtestdriver1 + cp -Rf ../tf-psa-crypto ./libtestdriver1 cp -Rf ../scripts ./libtestdriver1 mkdir ./libtestdriver1/3rdparty touch ./libtestdriver1/3rdparty/Makefile.inc @@ -241,16 +244,17 @@ libtestdriver1.a: # library the test library is intended to be linked with extended by # ./include/test/drivers/crypto_config_test_driver_extension.h to # mirror the PSA_ACCEL_* macros. - mv ./libtestdriver1/include/psa/crypto_config.h ./libtestdriver1/include/psa/crypto_config.h.bak - head -n -1 ./libtestdriver1/include/psa/crypto_config.h.bak > ./libtestdriver1/include/psa/crypto_config.h - cat ./include/test/drivers/crypto_config_test_driver_extension.h >> ./libtestdriver1/include/psa/crypto_config.h - echo "#endif /* PSA_CRYPTO_CONFIG_H */" >> ./libtestdriver1/include/psa/crypto_config.h + mv ./libtestdriver1/tf-psa-crypto/include/psa/crypto_config.h ./libtestdriver1/tf-psa-crypto/include/psa/crypto_config.h.bak + head -n -1 ./libtestdriver1/tf-psa-crypto/include/psa/crypto_config.h.bak > ./libtestdriver1/tf-psa-crypto/include/psa/crypto_config.h + cat ./include/test/drivers/crypto_config_test_driver_extension.h >> ./libtestdriver1/tf-psa-crypto/include/psa/crypto_config.h + echo "#endif /* PSA_CRYPTO_CONFIG_H */" >> ./libtestdriver1/tf-psa-crypto/include/psa/crypto_config.h # Prefix MBEDTLS_* PSA_* symbols with LIBTESTDRIVER1_ as well as # mbedtls_* psa_* symbols with libtestdriver1_ to avoid symbol clash # when this test driver library is linked with the Mbed TLS library. perl -pi -e '$(libtestdriver1_rewrite)' ./libtestdriver1/library/*.[ch] perl -pi -e '$(libtestdriver1_rewrite)' ./libtestdriver1/include/*/*.h + perl -pi -e '$(libtestdriver1_rewrite)' ./libtestdriver1/tf-psa-crypto/include/*/*.h $(MAKE) -C ./libtestdriver1/library CFLAGS="-I../../ $(CFLAGS)" LDFLAGS="$(LDFLAGS)" libmbedcrypto.a cp ./libtestdriver1/library/libmbedcrypto.a ../library/libtestdriver1.a diff --git a/tests/src/drivers/test_driver_key_agreement.c b/tests/src/drivers/test_driver_key_agreement.c index 8471959e2a..594fcd51d4 100644 --- a/tests/src/drivers/test_driver_key_agreement.c +++ b/tests/src/drivers/test_driver_key_agreement.c @@ -20,7 +20,7 @@ #include #if defined(MBEDTLS_TEST_LIBTESTDRIVER1) -#include "libtestdriver1/include/psa/crypto.h" +#include "libtestdriver1/tf-psa-crypto/include/psa/crypto.h" #include "libtestdriver1/library/psa_crypto_ecp.h" #include "libtestdriver1/library/psa_crypto_ffdh.h" #endif diff --git a/tf-psa-crypto/include/psa/crypto_driver_contexts_composites.h b/tf-psa-crypto/include/psa/crypto_driver_contexts_composites.h index d717c51909..5a484fcecc 100644 --- a/tf-psa-crypto/include/psa/crypto_driver_contexts_composites.h +++ b/tf-psa-crypto/include/psa/crypto_driver_contexts_composites.h @@ -31,7 +31,7 @@ * declared during the autogeneration process. */ #if defined(MBEDTLS_TEST_LIBTESTDRIVER1) -#include +#include #endif #if defined(PSA_CRYPTO_DRIVER_TEST) diff --git a/tf-psa-crypto/include/psa/crypto_driver_contexts_primitives.h b/tf-psa-crypto/include/psa/crypto_driver_contexts_primitives.h index c90a5fbe74..281e0a1851 100644 --- a/tf-psa-crypto/include/psa/crypto_driver_contexts_primitives.h +++ b/tf-psa-crypto/include/psa/crypto_driver_contexts_primitives.h @@ -30,7 +30,7 @@ * declared during the autogeneration process. */ #if defined(MBEDTLS_TEST_LIBTESTDRIVER1) -#include +#include #endif #if defined(PSA_CRYPTO_DRIVER_TEST) From 7e5d61c41a1cea244ae2a69208d494ff7e44e62a Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Mon, 10 Jun 2024 14:25:46 +0200 Subject: [PATCH 321/429] Adjust more paths to PSA headers Signed-off-by: Ronald Cron --- docs/architecture/psa-migration/outcome-analysis.sh | 2 +- programs/test/generate_cpp_dummy_build.sh | 10 ++++++++-- scripts/code_size_compare.py | 2 +- tests/scripts/all.sh | 5 +++-- tests/scripts/test_psa_compliance.py | 3 ++- tests/scripts/test_psa_constant_names.py | 2 +- 6 files changed, 16 insertions(+), 8 deletions(-) diff --git a/docs/architecture/psa-migration/outcome-analysis.sh b/docs/architecture/psa-migration/outcome-analysis.sh index 1805a3ca0e..bbcdffd843 100755 --- a/docs/architecture/psa-migration/outcome-analysis.sh +++ b/docs/architecture/psa-migration/outcome-analysis.sh @@ -27,7 +27,7 @@ set -eu cleanup() { make clean - git checkout -- include/mbedtls/mbedtls_config.h include/psa/crypto_config.h + git checkout -- include/mbedtls/mbedtls_config.h tf-psa-crypto/include/psa/crypto_config.h } record() { diff --git a/programs/test/generate_cpp_dummy_build.sh b/programs/test/generate_cpp_dummy_build.sh index 0b4bd0b7bd..ef9996e4c2 100755 --- a/programs/test/generate_cpp_dummy_build.sh +++ b/programs/test/generate_cpp_dummy_build.sh @@ -37,10 +37,16 @@ print_cpp () { EOF - for header in include/mbedtls/*.h include/psa/*.h; do + for header in include/mbedtls/*.h; do case ${header#include/} in mbedtls/mbedtls_config.h) :;; # not meant for direct inclusion mbedtls/config_*.h) :;; # not meant for direct inclusion + *) echo "#include \"${header#include/}\"";; + esac + done + + for header in tf-psa-crypto/include/psa/*.h; do + case ${header#tf-psa-crypto/include/} in psa/crypto_config.h) :;; # not meant for direct inclusion psa/crypto_ajdust_config*.h) :;; # not meant for direct inclusion # Some of the psa/crypto_*.h headers are not meant to be included @@ -48,7 +54,7 @@ EOF # psa/crypto.h has been included before. Since psa/crypto.h comes # before psa/crypto_*.h in the wildcard enumeration, we don't need # to skip those headers. - *) echo "#include \"${header#include/}\"";; + *) echo "#include \"${header#tf-psa-crypto/include/}\"";; esac done diff --git a/scripts/code_size_compare.py b/scripts/code_size_compare.py index 50749b6a8b..ce752e4931 100755 --- a/scripts/code_size_compare.py +++ b/scripts/code_size_compare.py @@ -149,7 +149,7 @@ TFM_MEDIUM_CONFIG_H = 'configs/ext/tfm_mbedcrypto_config_profile_medium.h' TFM_MEDIUM_CRYPTO_CONFIG_H = 'configs/ext/crypto_config_profile_medium.h' CONFIG_H = 'include/mbedtls/mbedtls_config.h' -CRYPTO_CONFIG_H = 'include/psa/crypto_config.h' +CRYPTO_CONFIG_H = 'tf-psa-crypto/include/psa/crypto_config.h' BACKUP_SUFFIX = '.code_size.bak' class CodeSizeBuildInfo: # pylint: disable=too-few-public-methods diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 1f9b662831..015a3290dc 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -133,10 +133,11 @@ pre_check_environment () { pre_initialize_variables () { if in_mbedtls_repo; then CONFIG_H='include/mbedtls/mbedtls_config.h' + CRYPTO_CONFIG_H='tf-psa-crypto/include/psa/crypto_config.h' else CONFIG_H='drivers/builtin/include/mbedtls/mbedtls_config.h' + CRYPTO_CONFIG_H='include/psa/crypto_config.h' fi - CRYPTO_CONFIG_H='include/psa/crypto_config.h' CONFIG_TEST_DRIVER_H='tests/include/test/drivers/config_test_driver.h' # Files that are clobbered by some jobs will be backed up. Use a different @@ -3227,7 +3228,7 @@ config_psa_crypto_config_accel_ecc_ffdh_no_bignum() { if [ "$test_target" = "ECC" ]; then # When testing ECC only, we disable FFDH support, both from builtin and # PSA sides, and also disable the key exchanges that depend on DHM. - scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_FFDH + scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_FFDH scripts/config.py -f "$CRYPTO_CONFIG_H" unset-all "PSA_WANT_KEY_TYPE_DH_[0-9A-Z_a-z]*" scripts/config.py -f "$CRYPTO_CONFIG_H" unset-all "PSA_WANT_DH_RFC7919_[0-9]*" scripts/config.py unset MBEDTLS_DHM_C diff --git a/tests/scripts/test_psa_compliance.py b/tests/scripts/test_psa_compliance.py index f7d18954ca..b500fe5b51 100755 --- a/tests/scripts/test_psa_compliance.py +++ b/tests/scripts/test_psa_compliance.py @@ -74,7 +74,8 @@ def main(library_build_dir: str): os.chdir(build_dir) extra_includes = (';{}/drivers/builtin/include'.format(root_dir) - if in_tf_psa_crypto_repo else '') + if in_tf_psa_crypto_repo else + ';{}/tf-psa-crypto/include'.format(root_dir)) #pylint: disable=bad-continuation subprocess.check_call([ diff --git a/tests/scripts/test_psa_constant_names.py b/tests/scripts/test_psa_constant_names.py index 86d9e6f2be..6c9d905106 100755 --- a/tests/scripts/test_psa_constant_names.py +++ b/tests/scripts/test_psa_constant_names.py @@ -161,7 +161,7 @@ TEST_SUITES = ['tests/suites/test_suite_psa_crypto_metadata.data'] def main(): parser = argparse.ArgumentParser(description=globals()['__doc__']) parser.add_argument('--include', '-I', - action='append', default=['include'], + action='append', default=['tf-psa-crypto/include', 'include'], help='Directory for header files') parser.add_argument('--keep-c', action='store_true', dest='keep_c', default=False, From 36c3ae98cba79e9bc233bade03a93f4a873fcd81 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Mon, 10 Jun 2024 16:05:00 +0200 Subject: [PATCH 322/429] Adapt check files Signed-off-by: Ronald Cron --- tests/scripts/check_names.py | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/tests/scripts/check_names.py b/tests/scripts/check_names.py index 5128dc8e0d..01c3f3c11d 100755 --- a/tests/scripts/check_names.py +++ b/tests/scripts/check_names.py @@ -238,6 +238,7 @@ class CodeParser(): all_macros["public"] = self.parse_macros([ "include/mbedtls/*.h", "include/psa/*.h", + "tf-psa-crypto/include/psa/*.h", "3rdparty/everest/include/everest/everest.h", "3rdparty/everest/include/everest/x25519.h" ]) @@ -251,6 +252,7 @@ class CodeParser(): enum_consts = self.parse_enum_consts([ "include/mbedtls/*.h", "include/psa/*.h", + "tf-psa-crypto/include/psa/*.h", "library/*.h", "library/*.c", "3rdparty/everest/include/everest/everest.h", @@ -259,6 +261,7 @@ class CodeParser(): identifiers, excluded_identifiers = self.parse_identifiers([ "include/mbedtls/*.h", "include/psa/*.h", + "tf-psa-crypto/include/psa/*.h", "library/*.h", "3rdparty/everest/include/everest/everest.h", "3rdparty/everest/include/everest/x25519.h" @@ -266,6 +269,7 @@ class CodeParser(): mbed_psa_words = self.parse_mbed_psa_words([ "include/mbedtls/*.h", "include/psa/*.h", + "tf-psa-crypto/include/psa/*.h", "library/*.h", "3rdparty/everest/include/everest/everest.h", "3rdparty/everest/include/everest/x25519.h", From 30ea2b91916f6207c0fca4758b1603bdd29f1a38 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Tue, 11 Jun 2024 14:07:09 +0200 Subject: [PATCH 323/429] all.sh: Update clean-up of Makefiles generated by CMake Signed-off-by: Ronald Cron --- tests/scripts/all.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 015a3290dc..599b4f7d7d 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -331,6 +331,7 @@ cleanup() # Remove Makefiles generated by in-tree CMake builds rm -f 3rdparty/Makefile 3rdparty/*/Makefile pkgconfig/Makefile framework/Makefile rm -f include/Makefile programs/!(fuzz)/Makefile + rm -f tf-psa-crypto/Makefile tf-psa-crypto/include/Makefile # Remove any artifacts from the component_test_cmake_as_subdirectory test. rm -rf programs/test/cmake_subproject/build From 7e47fdb184925b842a213f044138f58a9dc91323 Mon Sep 17 00:00:00 2001 From: Elena Uziunaite Date: Thu, 13 Jun 2024 10:36:37 +0100 Subject: [PATCH 324/429] Fix compiler warnings in test_suite_pk.function Signed-off-by: Elena Uziunaite --- tests/suites/test_suite_pk.function | 26 +++++++++++++------------- 1 file changed, 13 insertions(+), 13 deletions(-) diff --git a/tests/suites/test_suite_pk.function b/tests/suites/test_suite_pk.function index 23f5cdabd5..e411070300 100644 --- a/tests/suites/test_suite_pk.function +++ b/tests/suites/test_suite_pk.function @@ -64,14 +64,22 @@ #define MBEDTLS_TEST_PSA_ECC_ONE_FAMILY PSA_ECC_FAMILY_SECP_R1 #define MBEDTLS_TEST_PSA_ECC_ONE_CURVE_BITS 192 #define MBEDTLS_TEST_ECP_DP_ONE_CURVE MBEDTLS_ECP_DP_SECP192R1 -#elif defined(PSA_WANT_ECC_SECP_R1_224) -#define MBEDTLS_TEST_PSA_ECC_ONE_FAMILY PSA_ECC_FAMILY_SECP_R1 -#define MBEDTLS_TEST_PSA_ECC_ONE_CURVE_BITS 224 -#define MBEDTLS_TEST_ECP_DP_ONE_CURVE MBEDTLS_ECP_DP_SECP224R1 #elif defined(PSA_WANT_ECC_SECP_R1_256) #define MBEDTLS_TEST_PSA_ECC_ONE_FAMILY PSA_ECC_FAMILY_SECP_R1 #define MBEDTLS_TEST_PSA_ECC_ONE_CURVE_BITS 256 #define MBEDTLS_TEST_ECP_DP_ONE_CURVE MBEDTLS_ECP_DP_SECP256R1 +#elif defined(PSA_WANT_ECC_SECP_K1_192) +#define MBEDTLS_TEST_PSA_ECC_ONE_FAMILY PSA_ECC_FAMILY_SECP_K1 +#define MBEDTLS_TEST_PSA_ECC_ONE_CURVE_BITS 192 +#define MBEDTLS_TEST_ECP_DP_ONE_CURVE MBEDTLS_ECP_DP_SECP192K1 +#elif defined(PSA_WANT_ECC_SECP_K1_256) +#define MBEDTLS_TEST_PSA_ECC_ONE_FAMILY PSA_ECC_FAMILY_SECP_K1 +#define MBEDTLS_TEST_PSA_ECC_ONE_CURVE_BITS 256 +#define MBEDTLS_TEST_ECP_DP_ONE_CURVE MBEDTLS_ECP_DP_SECP256K1 +#elif defined(PSA_WANT_ECC_SECP_R1_224) +#define MBEDTLS_TEST_PSA_ECC_ONE_FAMILY PSA_ECC_FAMILY_SECP_R1 +#define MBEDTLS_TEST_PSA_ECC_ONE_CURVE_BITS 224 +#define MBEDTLS_TEST_ECP_DP_ONE_CURVE MBEDTLS_ECP_DP_SECP224R1 #elif defined(PSA_WANT_ECC_SECP_R1_384) #define MBEDTLS_TEST_PSA_ECC_ONE_FAMILY PSA_ECC_FAMILY_SECP_R1 #define MBEDTLS_TEST_PSA_ECC_ONE_CURVE_BITS 384 @@ -80,18 +88,10 @@ #define MBEDTLS_TEST_PSA_ECC_ONE_FAMILY PSA_ECC_FAMILY_SECP_R1 #define MBEDTLS_TEST_PSA_ECC_ONE_CURVE_BITS 521 #define MBEDTLS_TEST_ECP_DP_ONE_CURVE MBEDTLS_ECP_DP_SECP521R1 -#elif defined(PSA_WANT_ECC_SECP_K1_192) -#define MBEDTLS_TEST_PSA_ECC_ONE_FAMILY PSA_ECC_FAMILY_SECP_K1 -#define MBEDTLS_TEST_PSA_ECC_ONE_CURVE_BITS 192 -#define MBEDTLS_TEST_ECP_DP_ONE_CURVE MBEDTLS_ECP_DP_SECP192K1 #elif defined(PSA_WANT_ECC_SECP_K1_224) #define MBEDTLS_TEST_PSA_ECC_ONE_FAMILY PSA_ECC_FAMILY_SECP_K1 #define MBEDTLS_TEST_PSA_ECC_ONE_CURVE_BITS 224 #define MBEDTLS_TEST_ECP_DP_ONE_CURVE MBEDTLS_ECP_DP_SECP224K1 -#elif defined(PSA_WANT_ECC_SECP_K1_256) -#define MBEDTLS_TEST_PSA_ECC_ONE_FAMILY PSA_ECC_FAMILY_SECP_K1 -#define MBEDTLS_TEST_PSA_ECC_ONE_CURVE_BITS 256 -#define MBEDTLS_TEST_ECP_DP_ONE_CURVE MBEDTLS_ECP_DP_SECP256K1 #elif defined(PSA_WANT_ECC_BRAINPOOL_P_R1_256) #define MBEDTLS_TEST_PSA_ECC_ONE_FAMILY PSA_ECC_FAMILY_BRAINPOOL_P_R1 #define MBEDTLS_TEST_PSA_ECC_ONE_CURVE_BITS 256 @@ -128,7 +128,7 @@ #define MBEDTLS_TEST_PSA_ECC_ANOTHER_FAMILY PSA_ECC_FAMILY_SECP_K1 #define MBEDTLS_TEST_PSA_ECC_ONE_CURVE_BITS 192 #define MBEDTLS_TEST_PSA_ECC_HAVE_TWO_FAMILIES -#elif defined(PSA_WANT_ECC_SECP_R1_256) && defined(PSA_WANT_ECC_SECP_K1_256) +#elif defined(PSA_WANT_ECC_SECP_R1_256) && defined(PSA_WANT_ECC_SECP_K1_256) && !defined(PSA_WANT_ECC_SECP_R1_192) #define MBEDTLS_TEST_PSA_ECC_ONE_FAMILY PSA_ECC_FAMILY_SECP_R1 #define MBEDTLS_TEST_PSA_ECC_ANOTHER_FAMILY PSA_ECC_FAMILY_SECP_K1 #define MBEDTLS_TEST_PSA_ECC_ONE_CURVE_BITS 256 From 5bc887c64444c244300f17710a5d6a936ae5a3a2 Mon Sep 17 00:00:00 2001 From: Gabor Mezei Date: Thu, 13 Jun 2024 12:57:00 +0200 Subject: [PATCH 325/429] Update `full_no_cipher_no_psa_crypto` test component With replacing the `MD_CAN` macros with `PSA_WANT` counterparts the pure legacy test cases are needing the config options from `crypto_config.h`. Signed-off-by: Gabor Mezei --- tests/scripts/all.sh | 20 ++++++++++++++++---- 1 file changed, 16 insertions(+), 4 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 35b3ff90bd..6c2b428b69 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -1711,13 +1711,10 @@ component_test_crypto_full_md_light_only () { make test } -component_test_full_no_cipher_no_psa_crypto () { +component_test_full_no_cipher_with_legacy () { msg "build: full no CIPHER no PSA_CRYPTO_C" scripts/config.py full scripts/config.py unset MBEDTLS_CIPHER_C - # Don't pull in cipher via PSA mechanisms - # (currently ignored anyway because we completely disable PSA) - scripts/config.py unset MBEDTLS_PSA_CRYPTO_CONFIG # Disable features that depend on CIPHER_C scripts/config.py unset MBEDTLS_CMAC_C scripts/config.py unset MBEDTLS_NIST_KW_C @@ -1725,6 +1722,21 @@ component_test_full_no_cipher_no_psa_crypto () { scripts/config.py unset MBEDTLS_PSA_CRYPTO_CLIENT scripts/config.py unset MBEDTLS_SSL_TLS_C scripts/config.py unset MBEDTLS_SSL_TICKET_C + # The built-in implementation of the following algs/key-types depends + # on CIPHER_C so we disable them. + # This does not hold for KEY_TYPE_CHACHA20 and ALG_CHACHA20_POLY1305 + # so we keep them enabled. + scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CCM_STAR_NO_TAG + scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CMAC + scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CBC_NO_PADDING + scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CBC_PKCS7 + scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CFB + scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CTR + scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_ECB_NO_PADDING + scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_OFB + scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128 + scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_STREAM_CIPHER + scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_KEY_TYPE_DESPSA_WANT_ALG_CMAC # Disable features that depend on PSA_CRYPTO_C scripts/config.py unset MBEDTLS_PSA_CRYPTO_SE_C scripts/config.py unset MBEDTLS_PSA_CRYPTO_STORAGE_C From 118d040544dff35db40535813c51dc02ccf0125a Mon Sep 17 00:00:00 2001 From: Elena Uziunaite Date: Thu, 13 Jun 2024 15:12:02 +0100 Subject: [PATCH 326/429] Code style fix Signed-off-by: Elena Uziunaite --- tests/suites/test_suite_pk.function | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/tests/suites/test_suite_pk.function b/tests/suites/test_suite_pk.function index e411070300..38c27e399e 100644 --- a/tests/suites/test_suite_pk.function +++ b/tests/suites/test_suite_pk.function @@ -128,7 +128,8 @@ #define MBEDTLS_TEST_PSA_ECC_ANOTHER_FAMILY PSA_ECC_FAMILY_SECP_K1 #define MBEDTLS_TEST_PSA_ECC_ONE_CURVE_BITS 192 #define MBEDTLS_TEST_PSA_ECC_HAVE_TWO_FAMILIES -#elif defined(PSA_WANT_ECC_SECP_R1_256) && defined(PSA_WANT_ECC_SECP_K1_256) && !defined(PSA_WANT_ECC_SECP_R1_192) +#elif defined(PSA_WANT_ECC_SECP_R1_256) && defined(PSA_WANT_ECC_SECP_K1_256) && \ + !defined(PSA_WANT_ECC_SECP_R1_192) #define MBEDTLS_TEST_PSA_ECC_ONE_FAMILY PSA_ECC_FAMILY_SECP_R1 #define MBEDTLS_TEST_PSA_ECC_ANOTHER_FAMILY PSA_ECC_FAMILY_SECP_K1 #define MBEDTLS_TEST_PSA_ECC_ONE_CURVE_BITS 256 From df59c630a510991b998bb16479fafb7757770324 Mon Sep 17 00:00:00 2001 From: Gabor Mezei Date: Thu, 13 Jun 2024 16:13:17 +0200 Subject: [PATCH 327/429] Update `config-no-entropy.h` for 'PSA_WANT' macros Signed-off-by: Gabor Mezei --- configs/config-no-entropy.h | 3 +++ configs/crypto-config-no-entropy.h | 39 ++++++++++++++++++++++++++++++ 2 files changed, 42 insertions(+) create mode 100644 configs/crypto-config-no-entropy.h diff --git a/configs/config-no-entropy.h b/configs/config-no-entropy.h index ddb00b41ef..0a8dd14760 100644 --- a/configs/config-no-entropy.h +++ b/configs/config-no-entropy.h @@ -17,6 +17,9 @@ * See README.txt for usage instructions. */ +#define MBEDTLS_PSA_CRYPTO_CONFIG_FILE "../configs/crypto-config-no-entropy.h" +#define MBEDTLS_PSA_CRYPTO_CONFIG + /* System support */ #define MBEDTLS_HAVE_ASM #define MBEDTLS_HAVE_TIME diff --git a/configs/crypto-config-no-entropy.h b/configs/crypto-config-no-entropy.h new file mode 100644 index 0000000000..9a9afe7da3 --- /dev/null +++ b/configs/crypto-config-no-entropy.h @@ -0,0 +1,39 @@ +/** + * \file crypto-config-no-entropy.h + * + * \brief Minimal crypto configuration of features that do not require an entropy source + */ +/* + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + */ +/* + * Minimal configuration of features that do not require an entropy source + * Distinguishing features: + * - no entropy module + * - no TLS protocol implementation available due to absence of an entropy + * source + * + * See README.txt for usage instructions. + */ + +#define PSA_WANT_ALG_CBC_PKCS7 1 +#define PSA_WANT_ALG_CCM 1 +#define PSA_WANT_ALG_DETERMINISTIC_ECDSA 1 +#define PSA_WANT_ALG_ECDSA 1 +#define PSA_WANT_ALG_GCM 1 +#define PSA_WANT_ALG_HMAC 1 +#define PSA_WANT_ALG_RSA_OAEP 1 +#define PSA_WANT_ALG_RSA_PKCS1V15_CRYPT 1 +#define PSA_WANT_ALG_RSA_PKCS1V15_SIGN 1 +#define PSA_WANT_ALG_RSA_PSS 1 +#define PSA_WANT_ALG_SHA_224 1 +#define PSA_WANT_ALG_SHA_256 1 +#define PSA_WANT_ALG_SHA_384 1 +#define PSA_WANT_ALG_SHA_512 1 + +#define PSA_WANT_ECC_MONTGOMERY_255 1 +#define PSA_WANT_ECC_SECP_R1_256 1 +#define PSA_WANT_ECC_SECP_R1_384 1 + +#define PSA_WANT_KEY_TYPE_AES 1 From 62af02c063f0c37fc7ecc1e3ad9915936df895a4 Mon Sep 17 00:00:00 2001 From: Thomas Daubney Date: Fri, 14 Jun 2024 10:37:13 +0100 Subject: [PATCH 328/429] Drop support for VIA Padlock Signed-off-by: Thomas Daubney --- SECURITY.md | 2 +- .../tfm_mbedcrypto_config_profile_medium.h | 1 - .../alternative-implementations.md | 2 +- include/mbedtls/aes.h | 14 +- include/mbedtls/mbedtls_config.h | 16 -- library/CMakeLists.txt | 1 - library/Makefile | 1 - library/aes.c | 67 +------- library/padlock.c | 157 ------------------ library/padlock.h | 111 ------------- tests/scripts/all.sh | 39 +---- 11 files changed, 18 insertions(+), 393 deletions(-) delete mode 100644 library/padlock.c delete mode 100644 library/padlock.h diff --git a/SECURITY.md b/SECURITY.md index 7ed72de921..9506eb9134 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -128,7 +128,7 @@ even a remote. The attacks can result in key recovery. - Turn on hardware acceleration for AES. This is supported only on selected architectures and currently only available for AES. See configuration options - `MBEDTLS_AESCE_C`, `MBEDTLS_AESNI_C` and `MBEDTLS_PADLOCK_C` for details. + `MBEDTLS_AESCE_C`, `MBEDTLS_AESNI_C` for details. - Add a secure alternative implementation (typically hardware acceleration) for the vulnerable cipher. See the [Alternative Implementations Guide](docs/architecture/alternative-implementations.md) for more information. diff --git a/configs/ext/tfm_mbedcrypto_config_profile_medium.h b/configs/ext/tfm_mbedcrypto_config_profile_medium.h index ecdecea5ee..0e7bc684d2 100644 --- a/configs/ext/tfm_mbedcrypto_config_profile_medium.h +++ b/configs/ext/tfm_mbedcrypto_config_profile_medium.h @@ -56,7 +56,6 @@ * * Required by: * MBEDTLS_AESNI_C - * MBEDTLS_PADLOCK_C * * Comment to disable the use of assembly code. */ diff --git a/docs/architecture/alternative-implementations.md b/docs/architecture/alternative-implementations.md index eacdea7c3a..549d47c956 100644 --- a/docs/architecture/alternative-implementations.md +++ b/docs/architecture/alternative-implementations.md @@ -46,7 +46,7 @@ Generally, alternative implementations can define their context types to any C t Where a context type needs to have a certain field, the field must have the same type and semantics as in the built-in implementation, but does not need to be at the same position in the structure. Furthermore, unless otherwise indicated, only read access is necessary: the field can be `const`, and modifications to it do not need to be supported. For example, if an alternative implementation of asymmetric cryptography uses a different representation of large integers, it is sufficient to provide a read-only copy of the fields listed here of type `mbedtls_mpi`. -* AES: if `MBEDTLS_AESNI_C` or `MBEDTLS_PADLOCK_C` is enabled, `mbedtls_aes_context` must have the fields `nr` and `rk`. +* AES: if `MBEDTLS_AESNI_C` is enabled, `mbedtls_aes_context` must have the fields `nr` and `rk`. * DHM: if `MBEDTLS_DEBUG_C` is enabled, `mbedtls_dhm_context` must have the fields `P`, `Q`, `G`, `GX`, `GY` and `K`. * ECP: `mbedtls_ecp_group` must have the fields `id`, `P`, `A`, `B`, `G`, `N`, `pbits` and `nbits`. * If `MBEDTLS_PK_PARSE_EC_EXTENDED` is enabled, those fields must be writable, and `mbedtls_ecp_point_read_binary()` must support a group structure where only `P`, `pbits`, `A` and `B` are set. diff --git a/include/mbedtls/aes.h b/include/mbedtls/aes.h index d5eb1fd5c2..12b3506334 100644 --- a/include/mbedtls/aes.h +++ b/include/mbedtls/aes.h @@ -35,7 +35,7 @@ #include #include -/* padlock.c and aesni.c rely on these values! */ +/* aesni.c rely on these values! */ #define MBEDTLS_AES_ENCRYPT 1 /**< AES encryption. */ #define MBEDTLS_AES_DECRYPT 0 /**< AES decryption. */ @@ -64,19 +64,15 @@ typedef struct mbedtls_aes_context { int MBEDTLS_PRIVATE(nr); /*!< The number of rounds. */ size_t MBEDTLS_PRIVATE(rk_offset); /*!< The offset in array elements to AES round keys in the buffer. */ -#if defined(MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH) && !defined(MBEDTLS_PADLOCK_C) +#if defined(MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH) uint32_t MBEDTLS_PRIVATE(buf)[44]; /*!< Aligned data buffer to hold 10 round keys for 128-bit case. */ #else uint32_t MBEDTLS_PRIVATE(buf)[68]; /*!< Unaligned data buffer. This buffer can hold 32 extra Bytes, which can be used for - one of the following purposes: -
  • Alignment if VIA padlock is - used.
    • -
  • Simplifying key expansion in the 256-bit - case by generating an extra round key. -
*/ -#endif /* MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH && !MBEDTLS_PADLOCK_C */ + simplifying key expansion in the 256-bit + case by generating an extra round key. */ +#endif /* MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH */ } mbedtls_aes_context; diff --git a/include/mbedtls/mbedtls_config.h b/include/mbedtls/mbedtls_config.h index 35921412c6..2e98c3aae5 100644 --- a/include/mbedtls/mbedtls_config.h +++ b/include/mbedtls/mbedtls_config.h @@ -40,12 +40,10 @@ * library/aria.c * library/bn_mul.h * library/constant_time.c - * library/padlock.h * * Required by: * MBEDTLS_AESCE_C * MBEDTLS_AESNI_C (on some platforms) - * MBEDTLS_PADLOCK_C * * Comment to disable the use of assembly code. */ @@ -3010,20 +3008,6 @@ */ #define MBEDTLS_OID_C -/** - * \def MBEDTLS_PADLOCK_C - * - * Enable VIA Padlock support on x86. - * - * Module: library/padlock.c - * Caller: library/aes.c - * - * Requires: MBEDTLS_HAVE_ASM - * - * This modules adds support for the VIA PadLock on x86. - */ -#define MBEDTLS_PADLOCK_C - /** * \def MBEDTLS_PEM_PARSE_C * diff --git a/library/CMakeLists.txt b/library/CMakeLists.txt index 37a9724559..493af3097e 100644 --- a/library/CMakeLists.txt +++ b/library/CMakeLists.txt @@ -53,7 +53,6 @@ set(src_crypto memory_buffer_alloc.c nist_kw.c oid.c - padlock.c pem.c pk.c pk_ecc.c diff --git a/library/Makefile b/library/Makefile index 388fcea612..e0eefd829f 100644 --- a/library/Makefile +++ b/library/Makefile @@ -145,7 +145,6 @@ OBJS_CRYPTO= \ memory_buffer_alloc.o \ nist_kw.o \ oid.o \ - padlock.o \ pem.o \ pk.o \ pk_ecc.o \ diff --git a/library/aes.c b/library/aes.c index b1a5c3ed10..aaea70b169 100644 --- a/library/aes.c +++ b/library/aes.c @@ -30,21 +30,6 @@ #endif #endif -#if defined(MBEDTLS_ARCH_IS_X86) -#if defined(MBEDTLS_PADLOCK_C) -#if !defined(MBEDTLS_HAVE_ASM) -#error "MBEDTLS_PADLOCK_C defined, but not all prerequisites" -#endif -#if defined(MBEDTLS_AES_USE_HARDWARE_ONLY) -#error "MBEDTLS_AES_USE_HARDWARE_ONLY cannot be defined when " \ - "MBEDTLS_PADLOCK_C is set" -#endif -#endif -#endif - -#if defined(MBEDTLS_PADLOCK_C) -#include "padlock.h" -#endif #if defined(MBEDTLS_AESNI_C) #include "aesni.h" #endif @@ -67,10 +52,6 @@ #if !defined(MBEDTLS_AES_ALT) -#if defined(MBEDTLS_VIA_PADLOCK_HAVE_CODE) -static int aes_padlock_ace = -1; -#endif - #if defined(MBEDTLS_AES_ROM_TABLES) /* * Forward S-box @@ -527,8 +508,7 @@ void mbedtls_aes_xts_free(mbedtls_aes_xts_context *ctx) * Note that the offset is in units of elements of buf, i.e. 32-bit words, * i.e. an offset of 1 means 4 bytes and so on. */ -#if (defined(MBEDTLS_VIA_PADLOCK_HAVE_CODE)) || \ - (defined(MBEDTLS_AESNI_C) && MBEDTLS_AESNI_HAVE_CODE == 2) +#if (defined(MBEDTLS_AESNI_C) && MBEDTLS_AESNI_HAVE_CODE == 2) #define MAY_NEED_TO_ALIGN #endif @@ -537,15 +517,6 @@ MBEDTLS_MAYBE_UNUSED static unsigned mbedtls_aes_rk_offset(uint32_t *buf) #if defined(MAY_NEED_TO_ALIGN) int align_16_bytes = 0; -#if defined(MBEDTLS_VIA_PADLOCK_HAVE_CODE) - if (aes_padlock_ace == -1) { - aes_padlock_ace = mbedtls_padlock_has_support(MBEDTLS_PADLOCK_ACE); - } - if (aes_padlock_ace) { - align_16_bytes = 1; - } -#endif - #if defined(MBEDTLS_AESNI_C) && MBEDTLS_AESNI_HAVE_CODE == 2 if (mbedtls_aesni_has_support(MBEDTLS_AESNI_AES)) { align_16_bytes = 1; @@ -1000,12 +971,13 @@ int mbedtls_internal_aes_decrypt(mbedtls_aes_context *ctx, } #endif /* !MBEDTLS_AES_DECRYPT_ALT && !MBEDTLS_BLOCK_CIPHER_NO_DECRYPT */ -/* VIA Padlock and our intrinsics-based implementation of AESNI require - * the round keys to be aligned on a 16-byte boundary. We take care of this - * before creating them, but the AES context may have moved (this can happen - * if the library is called from a language with managed memory), and in later - * calls it might have a different alignment with respect to 16-byte memory. - * So we may need to realign. +/* + * Our intrinsics-based implementation of AESNI require the round keys to be + * aligned on a 16-byte boundary. We take care of this before creating them, + * but the AES context may have moved (this can happen if the library is + * called from a language with managed memory), and in later calls it might + * have a different alignment with respect to 16-byte memory. So we may need + * to realign. */ MBEDTLS_MAYBE_UNUSED static void aes_maybe_realign(mbedtls_aes_context *ctx) { @@ -1046,12 +1018,6 @@ int mbedtls_aes_crypt_ecb(mbedtls_aes_context *ctx, } #endif -#if defined(MBEDTLS_VIA_PADLOCK_HAVE_CODE) - if (aes_padlock_ace > 0) { - return mbedtls_padlock_xcryptecb(ctx, mode, input, output); - } -#endif - #if !defined(MBEDTLS_AES_USE_HARDWARE_ONLY) #if !defined(MBEDTLS_BLOCK_CIPHER_NO_DECRYPT) if (mode == MBEDTLS_AES_DECRYPT) { @@ -1092,18 +1058,6 @@ int mbedtls_aes_crypt_cbc(mbedtls_aes_context *ctx, return MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH; } -#if defined(MBEDTLS_VIA_PADLOCK_HAVE_CODE) - if (aes_padlock_ace > 0) { - if (mbedtls_padlock_xcryptcbc(ctx, mode, length, iv, input, output) == 0) { - return 0; - } - - // If padlock data misaligned, we just fall back to - // unaccelerated mode - // - } -#endif - const unsigned char *ivp = iv; if (mode == MBEDTLS_AES_DECRYPT) { @@ -1860,11 +1814,6 @@ int mbedtls_aes_self_test(int verbose) mbedtls_printf(" AES note: using AESNI.\n"); } else #endif -#if defined(MBEDTLS_VIA_PADLOCK_HAVE_CODE) - if (mbedtls_padlock_has_support(MBEDTLS_PADLOCK_ACE)) { - mbedtls_printf(" AES note: using VIA Padlock.\n"); - } else -#endif #if defined(MBEDTLS_AESCE_HAVE_CODE) if (MBEDTLS_AESCE_HAS_SUPPORT()) { mbedtls_printf(" AES note: using AESCE.\n"); diff --git a/library/padlock.c b/library/padlock.c deleted file mode 100644 index 1f006910c2..0000000000 --- a/library/padlock.c +++ /dev/null @@ -1,157 +0,0 @@ -/* - * VIA PadLock support functions - * - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ -/* - * This implementation is based on the VIA PadLock Programming Guide: - * - * http://www.via.com.tw/en/downloads/whitepapers/initiatives/padlock/ - * programming_guide.pdf - */ - -#include "common.h" - -#if defined(MBEDTLS_PADLOCK_C) - -#include "padlock.h" - -#include - -#if defined(MBEDTLS_VIA_PADLOCK_HAVE_CODE) - -/* - * PadLock detection routine - */ -int mbedtls_padlock_has_support(int feature) -{ - static int flags = -1; - int ebx = 0, edx = 0; - - if (flags == -1) { - asm ("movl %%ebx, %0 \n\t" - "movl $0xC0000000, %%eax \n\t" - "cpuid \n\t" - "cmpl $0xC0000001, %%eax \n\t" - "movl $0, %%edx \n\t" - "jb 1f \n\t" - "movl $0xC0000001, %%eax \n\t" - "cpuid \n\t" - "1: \n\t" - "movl %%edx, %1 \n\t" - "movl %2, %%ebx \n\t" - : "=m" (ebx), "=m" (edx) - : "m" (ebx) - : "eax", "ecx", "edx"); - - flags = edx; - } - - return flags & feature; -} - -/* - * PadLock AES-ECB block en(de)cryption - */ -int mbedtls_padlock_xcryptecb(mbedtls_aes_context *ctx, - int mode, - const unsigned char input[16], - unsigned char output[16]) -{ - int ebx = 0; - uint32_t *rk; - uint32_t *blk; - uint32_t *ctrl; - unsigned char buf[256]; - - rk = ctx->buf + ctx->rk_offset; - - if (((long) rk & 15) != 0) { - return MBEDTLS_ERR_PADLOCK_DATA_MISALIGNED; - } - - blk = MBEDTLS_PADLOCK_ALIGN16(buf); - memcpy(blk, input, 16); - - ctrl = blk + 4; - *ctrl = 0x80 | ctx->nr | ((ctx->nr + (mode^1) - 10) << 9); - - asm ("pushfl \n\t" - "popfl \n\t" - "movl %%ebx, %0 \n\t" - "movl $1, %%ecx \n\t" - "movl %2, %%edx \n\t" - "movl %3, %%ebx \n\t" - "movl %4, %%esi \n\t" - "movl %4, %%edi \n\t" - ".byte 0xf3,0x0f,0xa7,0xc8 \n\t" - "movl %1, %%ebx \n\t" - : "=m" (ebx) - : "m" (ebx), "m" (ctrl), "m" (rk), "m" (blk) - : "memory", "ecx", "edx", "esi", "edi"); - - memcpy(output, blk, 16); - - return 0; -} - -#if defined(MBEDTLS_CIPHER_MODE_CBC) -/* - * PadLock AES-CBC buffer en(de)cryption - */ -int mbedtls_padlock_xcryptcbc(mbedtls_aes_context *ctx, - int mode, - size_t length, - unsigned char iv[16], - const unsigned char *input, - unsigned char *output) -{ - int ebx = 0; - size_t count; - uint32_t *rk; - uint32_t *iw; - uint32_t *ctrl; - unsigned char buf[256]; - - rk = ctx->buf + ctx->rk_offset; - - if (((long) input & 15) != 0 || - ((long) output & 15) != 0 || - ((long) rk & 15) != 0) { - return MBEDTLS_ERR_PADLOCK_DATA_MISALIGNED; - } - - iw = MBEDTLS_PADLOCK_ALIGN16(buf); - memcpy(iw, iv, 16); - - ctrl = iw + 4; - *ctrl = 0x80 | ctx->nr | ((ctx->nr + (mode ^ 1) - 10) << 9); - - count = (length + 15) >> 4; - - asm ("pushfl \n\t" - "popfl \n\t" - "movl %%ebx, %0 \n\t" - "movl %2, %%ecx \n\t" - "movl %3, %%edx \n\t" - "movl %4, %%ebx \n\t" - "movl %5, %%esi \n\t" - "movl %6, %%edi \n\t" - "movl %7, %%eax \n\t" - ".byte 0xf3,0x0f,0xa7,0xd0 \n\t" - "movl %1, %%ebx \n\t" - : "=m" (ebx) - : "m" (ebx), "m" (count), "m" (ctrl), - "m" (rk), "m" (input), "m" (output), "m" (iw) - : "memory", "eax", "ecx", "edx", "esi", "edi"); - - memcpy(iv, iw, 16); - - return 0; -} -#endif /* MBEDTLS_CIPHER_MODE_CBC */ - -#endif /* MBEDTLS_VIA_PADLOCK_HAVE_CODE */ - -#endif /* MBEDTLS_PADLOCK_C */ diff --git a/library/padlock.h b/library/padlock.h deleted file mode 100644 index 92d72af516..0000000000 --- a/library/padlock.h +++ /dev/null @@ -1,111 +0,0 @@ -/** - * \file padlock.h - * - * \brief VIA PadLock ACE for HW encryption/decryption supported by some - * processors - * - * \warning These functions are only for internal use by other library - * functions; you must not call them directly. - */ -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ -#ifndef MBEDTLS_PADLOCK_H -#define MBEDTLS_PADLOCK_H - -#include "mbedtls/build_info.h" - -#include "mbedtls/aes.h" - -#define MBEDTLS_ERR_PADLOCK_DATA_MISALIGNED -0x0030 /**< Input data should be aligned. */ - -#if defined(__has_feature) -#if __has_feature(address_sanitizer) -#define MBEDTLS_HAVE_ASAN -#endif -#endif - -/* - * - `padlock` is implements with GNUC assembly for x86 target. - * - Some versions of ASan result in errors about not enough registers. - */ -#if defined(MBEDTLS_PADLOCK_C) && \ - defined(__GNUC__) && defined(MBEDTLS_ARCH_IS_X86) && \ - defined(MBEDTLS_HAVE_ASM) && \ - !defined(MBEDTLS_HAVE_ASAN) - -#define MBEDTLS_VIA_PADLOCK_HAVE_CODE - -#include - -#define MBEDTLS_PADLOCK_RNG 0x000C -#define MBEDTLS_PADLOCK_ACE 0x00C0 -#define MBEDTLS_PADLOCK_PHE 0x0C00 -#define MBEDTLS_PADLOCK_PMM 0x3000 - -#define MBEDTLS_PADLOCK_ALIGN16(x) (uint32_t *) (16 + ((int32_t) (x) & ~15)) - -#ifdef __cplusplus -extern "C" { -#endif - -/** - * \brief Internal PadLock detection routine - * - * \note This function is only for internal use by other library - * functions; you must not call it directly. - * - * \param feature The feature to detect - * - * \return non-zero if CPU has support for the feature, 0 otherwise - */ -int mbedtls_padlock_has_support(int feature); - -/** - * \brief Internal PadLock AES-ECB block en(de)cryption - * - * \note This function is only for internal use by other library - * functions; you must not call it directly. - * - * \param ctx AES context - * \param mode MBEDTLS_AES_ENCRYPT or MBEDTLS_AES_DECRYPT - * \param input 16-byte input block - * \param output 16-byte output block - * - * \return 0 if success, 1 if operation failed - */ -int mbedtls_padlock_xcryptecb(mbedtls_aes_context *ctx, - int mode, - const unsigned char input[16], - unsigned char output[16]); - -/** - * \brief Internal PadLock AES-CBC buffer en(de)cryption - * - * \note This function is only for internal use by other library - * functions; you must not call it directly. - * - * \param ctx AES context - * \param mode MBEDTLS_AES_ENCRYPT or MBEDTLS_AES_DECRYPT - * \param length length of the input data - * \param iv initialization vector (updated after use) - * \param input buffer holding the input data - * \param output buffer holding the output data - * - * \return 0 if success, 1 if operation failed - */ -int mbedtls_padlock_xcryptcbc(mbedtls_aes_context *ctx, - int mode, - size_t length, - unsigned char iv[16], - const unsigned char *input, - unsigned char *output); - -#ifdef __cplusplus -} -#endif - -#endif /* HAVE_X86 */ - -#endif /* padlock.h */ diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 35b3ff90bd..18f515c332 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -2540,9 +2540,8 @@ component_build_module_alt () { scripts/config.py full # Disable options that are incompatible with some ALT implementations: - # aesni.c and padlock.c reference mbedtls_aes_context fields directly. + # aesni.c references mbedtls_aes_context fields directly. scripts/config.py unset MBEDTLS_AESNI_C - scripts/config.py unset MBEDTLS_PADLOCK_C scripts/config.py unset MBEDTLS_AESCE_C # MBEDTLS_ECP_RESTARTABLE is documented as incompatible. scripts/config.py unset MBEDTLS_ECP_RESTARTABLE @@ -4253,9 +4252,6 @@ build_test_config_combos() { validate_aes_config_variations() { if [[ "$1" == *"MBEDTLS_AES_USE_HARDWARE_ONLY"* ]]; then - if [[ "$1" == *"MBEDTLS_PADLOCK_C"* ]]; then - return 1 - fi if [[ !(("$HOSTTYPE" == "aarch64" && "$1" != *"MBEDTLS_AESCE_C"*) || \ ("$HOSTTYPE" == "x86_64" && "$1" != *"MBEDTLS_AESNI_C"*)) ]]; then return 1 @@ -4276,7 +4272,7 @@ component_build_aes_variations() { build_test_config_combos library/aes.o validate_aes_config_variations \ "MBEDTLS_AES_SETKEY_ENC_ALT" "MBEDTLS_AES_DECRYPT_ALT" \ "MBEDTLS_AES_ROM_TABLES" "MBEDTLS_AES_ENCRYPT_ALT" "MBEDTLS_AES_SETKEY_DEC_ALT" \ - "MBEDTLS_AES_FEWER_TABLES" "MBEDTLS_PADLOCK_C" "MBEDTLS_AES_USE_HARDWARE_ONLY" \ + "MBEDTLS_AES_FEWER_TABLES" "MBEDTLS_AES_USE_HARDWARE_ONLY" \ "MBEDTLS_AESNI_C" "MBEDTLS_AESCE_C" "MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH" cd "$MBEDTLS_ROOT_DIR" @@ -4293,7 +4289,7 @@ component_build_aes_variations() { build_test_config_combos library/aes.o validate_aes_config_variations \ "MBEDTLS_AES_SETKEY_ENC_ALT" "MBEDTLS_AES_DECRYPT_ALT" \ "MBEDTLS_AES_ROM_TABLES" "MBEDTLS_AES_ENCRYPT_ALT" "MBEDTLS_AES_SETKEY_DEC_ALT" \ - "MBEDTLS_AES_FEWER_TABLES" "MBEDTLS_PADLOCK_C" "MBEDTLS_AES_USE_HARDWARE_ONLY" \ + "MBEDTLS_AES_FEWER_TABLES" "MBEDTLS_AES_USE_HARDWARE_ONLY" \ "MBEDTLS_AESNI_C" "MBEDTLS_AESCE_C" "MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH" } @@ -4629,7 +4625,6 @@ component_test_aesni_m32 () { # ~ 60s msg "build: default config with different AES implementations" scripts/config.py set MBEDTLS_AESNI_C - scripts/config.py set MBEDTLS_PADLOCK_C scripts/config.py unset MBEDTLS_AES_USE_HARDWARE_ONLY scripts/config.py set MBEDTLS_HAVE_ASM @@ -4645,7 +4640,6 @@ component_test_aesni_m32 () { # ~ 60s grep -q mbedtls_aesni_has_support ./programs/test/selftest scripts/config.py set MBEDTLS_AESNI_C - scripts/config.py unset MBEDTLS_PADLOCK_C scripts/config.py set MBEDTLS_AES_USE_HARDWARE_ONLY msg "AES tests, test AESNI only" make clean @@ -4666,7 +4660,6 @@ support_test_aesni_m32_clang() { component_test_aesni_m32_clang() { scripts/config.py set MBEDTLS_AESNI_C - scripts/config.py set MBEDTLS_PADLOCK_C scripts/config.py unset MBEDTLS_AES_USE_HARDWARE_ONLY scripts/config.py set MBEDTLS_HAVE_ASM @@ -4837,24 +4830,6 @@ component_build_sha_armce () { not grep -E 'sha256[a-z0-9]+\s+[qv]' library/sha256.o } -# For timebeing, no VIA Padlock platform available. -component_build_aes_via_padlock () { - - msg "AES:VIA PadLock, build with default configuration." - scripts/config.py unset MBEDTLS_AESNI_C - scripts/config.py set MBEDTLS_PADLOCK_C - scripts/config.py unset MBEDTLS_AES_USE_HARDWARE_ONLY - make CC=gcc CFLAGS="$ASAN_CFLAGS -m32" LDFLAGS="-m32 $ASAN_CFLAGS" - grep -q mbedtls_padlock_has_support ./programs/test/selftest - -} - -support_build_aes_via_padlock_only () { - ( [ "$MBEDTLS_TEST_PLATFORM" == "Linux-x86_64" ] || \ - [ "$MBEDTLS_TEST_PLATFORM" == "Linux-amd64" ] ) && \ - [ "`dpkg --print-foreign-architectures`" == "i386" ] -} - support_build_aes_aesce_armcc () { support_build_armcc } @@ -4862,7 +4837,6 @@ support_build_aes_aesce_armcc () { component_test_aes_only_128_bit_keys () { msg "build: default config + AES_ONLY_128_BIT_KEY_LENGTH" scripts/config.py set MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH - scripts/config.py unset MBEDTLS_PADLOCK_C make CFLAGS='-O2 -Werror -Wall -Wextra' @@ -4874,7 +4848,6 @@ component_test_no_ctr_drbg_aes_only_128_bit_keys () { msg "build: default config + AES_ONLY_128_BIT_KEY_LENGTH - CTR_DRBG_C" scripts/config.py set MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH scripts/config.py unset MBEDTLS_CTR_DRBG_C - scripts/config.py unset MBEDTLS_PADLOCK_C make CC=clang CFLAGS='-Werror -Wall -Wextra' @@ -4885,7 +4858,6 @@ component_test_no_ctr_drbg_aes_only_128_bit_keys () { component_test_aes_only_128_bit_keys_have_builtins () { msg "build: default config + AES_ONLY_128_BIT_KEY_LENGTH - AESNI_C - AESCE_C" scripts/config.py set MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH - scripts/config.py unset MBEDTLS_PADLOCK_C scripts/config.py unset MBEDTLS_AESNI_C scripts/config.py unset MBEDTLS_AESCE_C @@ -4901,7 +4873,6 @@ component_test_aes_only_128_bit_keys_have_builtins () { component_test_gcm_largetable () { msg "build: default config + GCM_LARGE_TABLE - AESNI_C - AESCE_C" scripts/config.py set MBEDTLS_GCM_LARGE_TABLE - scripts/config.py unset MBEDTLS_PADLOCK_C scripts/config.py unset MBEDTLS_AESNI_C scripts/config.py unset MBEDTLS_AESCE_C @@ -5299,7 +5270,6 @@ component_test_m32_no_asm () { msg "build: i386, make, gcc, no asm (ASan build)" # ~ 30s scripts/config.py full scripts/config.py unset MBEDTLS_HAVE_ASM - scripts/config.py unset MBEDTLS_PADLOCK_C scripts/config.py unset MBEDTLS_AESNI_C # AESNI for 32-bit is tested in test_aesni_m32 make CC=gcc CFLAGS="$ASAN_CFLAGS -m32" LDFLAGS="-m32 $ASAN_CFLAGS" @@ -5380,7 +5350,6 @@ component_test_have_int32 () { msg "build: gcc, force 32-bit bignum limbs" scripts/config.py unset MBEDTLS_HAVE_ASM scripts/config.py unset MBEDTLS_AESNI_C - scripts/config.py unset MBEDTLS_PADLOCK_C scripts/config.py unset MBEDTLS_AESCE_C make CC=gcc CFLAGS='-O2 -Werror -Wall -Wextra -DMBEDTLS_HAVE_INT32' @@ -5392,7 +5361,6 @@ component_test_have_int64 () { msg "build: gcc, force 64-bit bignum limbs" scripts/config.py unset MBEDTLS_HAVE_ASM scripts/config.py unset MBEDTLS_AESNI_C - scripts/config.py unset MBEDTLS_PADLOCK_C scripts/config.py unset MBEDTLS_AESCE_C make CC=gcc CFLAGS='-O2 -Werror -Wall -Wextra -DMBEDTLS_HAVE_INT64' @@ -5404,7 +5372,6 @@ component_test_have_int32_cmake_new_bignum () { msg "build: gcc, force 32-bit bignum limbs, new bignum interface, test hooks (ASan build)" scripts/config.py unset MBEDTLS_HAVE_ASM scripts/config.py unset MBEDTLS_AESNI_C - scripts/config.py unset MBEDTLS_PADLOCK_C scripts/config.py unset MBEDTLS_AESCE_C scripts/config.py set MBEDTLS_TEST_HOOKS scripts/config.py set MBEDTLS_ECP_WITH_MPI_UINT From a8efd81294538cb4b33998a4275f2a3170a7ed5c Mon Sep 17 00:00:00 2001 From: Thomas Daubney Date: Fri, 14 Jun 2024 11:00:51 +0100 Subject: [PATCH 329/429] Add ChangeLog entry Signed-off-by: Thomas Daubney --- ChangeLog.d/remove-via-padlock-support.txt | 5 +++++ 1 file changed, 5 insertions(+) create mode 100644 ChangeLog.d/remove-via-padlock-support.txt diff --git a/ChangeLog.d/remove-via-padlock-support.txt b/ChangeLog.d/remove-via-padlock-support.txt new file mode 100644 index 0000000000..7d259de466 --- /dev/null +++ b/ChangeLog.d/remove-via-padlock-support.txt @@ -0,0 +1,5 @@ +Removals + * Drop support for VIA Padlock. Removes MBEDTLS_PADLOCK_C and + * associated code. + * Note that it is still possible to use VIA Padlock through a + * PSA accelerator driver that is not part of Mbed TLS. Fixes #5903. \ No newline at end of file From bc935157a75b2613420a1ab04761d0ee5acc2fc1 Mon Sep 17 00:00:00 2001 From: Thomas Daubney Date: Fri, 14 Jun 2024 13:02:17 +0100 Subject: [PATCH 330/429] Fix ChangeLog formatting Signed-off-by: Thomas Daubney --- ChangeLog.d/remove-via-padlock-support.txt | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/ChangeLog.d/remove-via-padlock-support.txt b/ChangeLog.d/remove-via-padlock-support.txt index 7d259de466..ab579f71d6 100644 --- a/ChangeLog.d/remove-via-padlock-support.txt +++ b/ChangeLog.d/remove-via-padlock-support.txt @@ -1,5 +1,5 @@ Removals * Drop support for VIA Padlock. Removes MBEDTLS_PADLOCK_C and - * associated code. + associated code. * Note that it is still possible to use VIA Padlock through a - * PSA accelerator driver that is not part of Mbed TLS. Fixes #5903. \ No newline at end of file + PSA accelerator driver that is not part of Mbed TLS. Fixes #5903. \ No newline at end of file From 0c0e418d63699d365830d71b1041a6029ea72475 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Wed, 15 May 2024 07:39:47 +0200 Subject: [PATCH 331/429] config_psa: do not update legacy symbols in client-only PSA build Signed-off-by: Valerio Setti --- include/mbedtls/config_psa.h | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/include/mbedtls/config_psa.h b/include/mbedtls/config_psa.h index 17da61b3e8..8bcca407fd 100644 --- a/include/mbedtls/config_psa.h +++ b/include/mbedtls/config_psa.h @@ -32,7 +32,11 @@ * before we deduce what built-ins are required. */ #include "psa/crypto_adjust_config_key_pair_types.h" +#if defined(MBEDTLS_PSA_CRYPTO_C) +/* If we are implementing PSA crypto ourselves, then we want to enable the + * required built-ins. Otherwise, PSA features will be provided by the server. */ #include "mbedtls/config_adjust_legacy_from_psa.h" +#endif #else /* MBEDTLS_PSA_CRYPTO_CONFIG */ From 24f81cba9729371c6aee03ec7d414e15d8f3484a Mon Sep 17 00:00:00 2001 From: Thomas Daubney Date: Mon, 17 Jun 2024 11:51:52 +0100 Subject: [PATCH 332/429] Improve ChangeLog entry Signed-off-by: Thomas Daubney --- ChangeLog.d/remove-via-padlock-support.txt | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/ChangeLog.d/remove-via-padlock-support.txt b/ChangeLog.d/remove-via-padlock-support.txt index ab579f71d6..723982af4b 100644 --- a/ChangeLog.d/remove-via-padlock-support.txt +++ b/ChangeLog.d/remove-via-padlock-support.txt @@ -1,5 +1,4 @@ Removals - * Drop support for VIA Padlock. Removes MBEDTLS_PADLOCK_C and - associated code. - * Note that it is still possible to use VIA Padlock through a - PSA accelerator driver that is not part of Mbed TLS. Fixes #5903. \ No newline at end of file + * Drop support for VIA Padlock. Removes MBEDTLS_PADLOCK_C. + Note that it is still possible to use VIA Padlock through a + PSA accelerator driver that is not part of Mbed TLS. Fixes #5903. From 4d9fb8bbdf98d6b8ab2c2e4ea1baea4f93939397 Mon Sep 17 00:00:00 2001 From: Elena Uziunaite Date: Mon, 17 Jun 2024 17:13:51 +0100 Subject: [PATCH 333/429] Add ChangeLog Signed-off-by: Elena Uziunaite --- ChangeLog.d/fix-test-suite-pk-warnings.txt | 3 +++ 1 file changed, 3 insertions(+) create mode 100644 ChangeLog.d/fix-test-suite-pk-warnings.txt diff --git a/ChangeLog.d/fix-test-suite-pk-warnings.txt b/ChangeLog.d/fix-test-suite-pk-warnings.txt new file mode 100644 index 0000000000..fa8f37ee14 --- /dev/null +++ b/ChangeLog.d/fix-test-suite-pk-warnings.txt @@ -0,0 +1,3 @@ +Bugfix + * Fix redefinition warnings when SECP192R1 and/or SECP192K1 are disabled. + Fixes #9029. \ No newline at end of file From 2687e4797db978bee57ec988a3480758c7934a5b Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Mon, 17 Jun 2024 17:26:10 +0200 Subject: [PATCH 334/429] psa_sim: make server ping time much faster Reduce server's ping time for messages from 50ms to 1us because otherwise tests suites will take forever to execute. Signed-off-by: Valerio Setti --- tests/psa-client-server/psasim/src/psa_ff_server.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/tests/psa-client-server/psasim/src/psa_ff_server.c b/tests/psa-client-server/psasim/src/psa_ff_server.c index 219722ad61..7f97b9bf0f 100644 --- a/tests/psa-client-server/psasim/src/psa_ff_server.c +++ b/tests/psa-client-server/psasim/src/psa_ff_server.c @@ -26,7 +26,7 @@ #define MAX_CLIENTS 128 #define MAX_MESSAGES 32 -#define SLEEP_MS 50 +#define SLEEP_US 1 struct connection { uint32_t client; @@ -105,7 +105,7 @@ psa_signal_t psa_wait(psa_signal_t signal_mask, uint32_t timeout) ssize_t len; int idx; #if !defined(PSASIM_USE_USLEEP) - const struct timespec ts_delay = { .tv_sec = 0, .tv_nsec = SLEEP_MS * 1000000 }; + const struct timespec ts_delay = { .tv_sec = 0, .tv_nsec = SLEEP_US * 1000 }; #endif if (timeout == PSA_POLL) { @@ -262,7 +262,7 @@ psa_signal_t psa_wait(psa_signal_t signal_mask, uint32_t timeout) } else { /* There is no 'select' function in SysV to block on multiple queues, so busy-wait :( */ #if defined(PSASIM_USE_USLEEP) - usleep(SLEEP_MS * 1000); + usleep(SLEEP_US); #else /* PSASIM_USE_USLEEP */ nanosleep(&ts_delay, NULL); #endif /* PSASIM_USE_USLEEP */ From 2fd9572f274ffac9c81081fc2e690e881c061a6b Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Mon, 17 Jun 2024 17:34:03 +0200 Subject: [PATCH 335/429] psasim-server: add function to reset operations slots When the client disconnects the server can clean operations slots so that upcoming clients will not hit the maximum slot limit (at least it's very unlikely to happen for normal clients). Signed-off-by: Valerio Setti --- tests/psa-client-server/psasim/src/psa_sim_crypto_server.c | 5 +++++ tests/psa-client-server/psasim/src/psa_sim_serialise.c | 6 ++++++ tests/psa-client-server/psasim/src/psa_sim_serialise.h | 2 ++ tests/psa-client-server/psasim/src/server.c | 2 ++ 4 files changed, 15 insertions(+) diff --git a/tests/psa-client-server/psasim/src/psa_sim_crypto_server.c b/tests/psa-client-server/psasim/src/psa_sim_crypto_server.c index da3adb0d31..30d4b26dc8 100644 --- a/tests/psa-client-server/psasim/src/psa_sim_crypto_server.c +++ b/tests/psa-client-server/psasim/src/psa_sim_crypto_server.c @@ -2314,3 +2314,8 @@ psa_status_t psa_crypto_call(psa_msg_t msg) return ok ? PSA_SUCCESS : PSA_ERROR_GENERIC_ERROR; } + +void psa_crypto_close(void) +{ + psa_sim_serialize_reset(); +} diff --git a/tests/psa-client-server/psasim/src/psa_sim_serialise.c b/tests/psa-client-server/psasim/src/psa_sim_serialise.c index 9e8c38bb57..e326637a61 100644 --- a/tests/psa-client-server/psasim/src/psa_sim_serialise.c +++ b/tests/psa-client-server/psasim/src/psa_sim_serialise.c @@ -706,3 +706,9 @@ int psasim_deserialise_mbedtls_svc_key_id_t(uint8_t **pos, return 1; } + +void psa_sim_serialize_reset(void) +{ + memset(hash_operation_handles, 0, sizeof(hash_operation_handles)); + memset(hash_operations, 0, sizeof(hash_operations)); +} diff --git a/tests/psa-client-server/psasim/src/psa_sim_serialise.h b/tests/psa-client-server/psasim/src/psa_sim_serialise.h index 9c69e65cc0..7217595855 100644 --- a/tests/psa-client-server/psasim/src/psa_sim_serialise.h +++ b/tests/psa-client-server/psasim/src/psa_sim_serialise.h @@ -54,6 +54,8 @@ * don't contain pointers. */ +void psa_sim_serialize_reset(void); + /** Return how much buffer space is needed by \c psasim_serialise_begin(). * * \return The number of bytes needed in the buffer for diff --git a/tests/psa-client-server/psasim/src/server.c b/tests/psa-client-server/psasim/src/server.c index 77ce2694e3..10ab5a287f 100644 --- a/tests/psa-client-server/psasim/src/server.c +++ b/tests/psa-client-server/psasim/src/server.c @@ -54,6 +54,7 @@ int psa_server_main(int argc, char *argv[]) int client_disconnected = 0; char mbedtls_version[18]; extern psa_status_t psa_crypto_call(psa_msg_t msg); + extern psa_status_t psa_crypto_close(void); mbedtls_version_get_string_full(mbedtls_version); SERVER_PRINT("%s", mbedtls_version); @@ -81,6 +82,7 @@ int psa_server_main(int argc, char *argv[]) SERVER_PRINT("Got a disconnection message"); ret = PSA_SUCCESS; client_disconnected = 1; + psa_crypto_close(); break; default: SERVER_PRINT("Got an IPC call of type %d", msg.type); From 4cfee21779d6c16d479571ecf23009789e662709 Mon Sep 17 00:00:00 2001 From: Elena Uziunaite Date: Tue, 18 Jun 2024 10:25:11 +0100 Subject: [PATCH 336/429] Changelog Fix Signed-off-by: Elena Uziunaite --- ChangeLog.d/fix-test-suite-pk-warnings.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ChangeLog.d/fix-test-suite-pk-warnings.txt b/ChangeLog.d/fix-test-suite-pk-warnings.txt index fa8f37ee14..26042193cc 100644 --- a/ChangeLog.d/fix-test-suite-pk-warnings.txt +++ b/ChangeLog.d/fix-test-suite-pk-warnings.txt @@ -1,3 +1,3 @@ Bugfix * Fix redefinition warnings when SECP192R1 and/or SECP192K1 are disabled. - Fixes #9029. \ No newline at end of file + Fixes #9029. From a2447d18ebf28924c22b72c7d6096fd062dd0987 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Tue, 18 Jun 2024 11:41:32 +0200 Subject: [PATCH 337/429] Update framework submodule to the merge of PR26 Signed-off-by: Ronald Cron --- framework | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/framework b/framework index 030b14c2bc..c663fa8ece 160000 --- a/framework +++ b/framework @@ -1 +1 @@ -Subproject commit 030b14c2bce1dff5bd28b08b2c00b6bc1fdd66d5 +Subproject commit c663fa8ece1dfee830da096ae872547d23543e60 From aaf7e859a4bd6fdc2ed1bfa6d98430f1438bc798 Mon Sep 17 00:00:00 2001 From: Tom Cosgrove Date: Tue, 18 Jun 2024 12:31:57 +0100 Subject: [PATCH 338/429] Have psa_sim_generate.pl add psa_crypto_close() to psa_sim_crypto_server.c Signed-off-by: Tom Cosgrove --- tests/psa-client-server/psasim/src/psa_sim_generate.pl | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/tests/psa-client-server/psasim/src/psa_sim_generate.pl b/tests/psa-client-server/psasim/src/psa_sim_generate.pl index ee3894f0ee..baa060e344 100755 --- a/tests/psa-client-server/psasim/src/psa_sim_generate.pl +++ b/tests/psa-client-server/psasim/src/psa_sim_generate.pl @@ -242,6 +242,16 @@ EOF return ok ? PSA_SUCCESS : PSA_ERROR_GENERIC_ERROR; } +EOF + + # Finally, add psa_crypto_close() + + print $fh < Date: Tue, 18 Jun 2024 12:32:57 +0100 Subject: [PATCH 339/429] Have psa_sim_serialise.pl generate psa_sim_serialize_reset() Signed-off-by: Tom Cosgrove --- .../psasim/src/psa_sim_serialise.c | 2 ++ .../psasim/src/psa_sim_serialise.h | 4 +++ .../psasim/src/psa_sim_serialise.pl | 34 +++++++++++++++++++ 3 files changed, 40 insertions(+) diff --git a/tests/psa-client-server/psasim/src/psa_sim_serialise.c b/tests/psa-client-server/psasim/src/psa_sim_serialise.c index e326637a61..f51133cebc 100644 --- a/tests/psa-client-server/psasim/src/psa_sim_serialise.c +++ b/tests/psa-client-server/psasim/src/psa_sim_serialise.c @@ -711,4 +711,6 @@ void psa_sim_serialize_reset(void) { memset(hash_operation_handles, 0, sizeof(hash_operation_handles)); memset(hash_operations, 0, sizeof(hash_operations)); + memset(aead_operation_handles, 0, sizeof(aead_operation_handles)); + memset(aead_operations, 0, sizeof(aead_operations)); } diff --git a/tests/psa-client-server/psasim/src/psa_sim_serialise.h b/tests/psa-client-server/psasim/src/psa_sim_serialise.h index 7217595855..537730c1f8 100644 --- a/tests/psa-client-server/psasim/src/psa_sim_serialise.h +++ b/tests/psa-client-server/psasim/src/psa_sim_serialise.h @@ -54,6 +54,10 @@ * don't contain pointers. */ +/** Reset all operation slots. + * + * Should be called when all clients have disconnected. + */ void psa_sim_serialize_reset(void); /** Return how much buffer space is needed by \c psasim_serialise_begin(). diff --git a/tests/psa-client-server/psasim/src/psa_sim_serialise.pl b/tests/psa-client-server/psasim/src/psa_sim_serialise.pl index e09bb818a5..bbd946f24d 100755 --- a/tests/psa-client-server/psasim/src/psa_sim_serialise.pl +++ b/tests/psa-client-server/psasim/src/psa_sim_serialise.pl @@ -105,6 +105,7 @@ if ($which eq "h") { } } + print define_server_serialize_reset(@types); } else { die("internal error - shouldn't happen"); } @@ -329,6 +330,12 @@ sub h_header * don't contain pointers. */ +/** Reset all operation slots. + * + * Should be called when all clients have disconnected. + */ +void psa_sim_serialize_reset(void); + /** Return how much buffer space is needed by \c psasim_serialise_begin(). * * \return The number of bytes needed in the buffer for @@ -907,6 +914,33 @@ int psasim_deserialise_begin(uint8_t **pos, size_t *remaining) EOF } +# Return the code for psa_sim_serialize_reset() +sub define_server_serialize_reset +{ + my @types = @_; + + my $code = < Date: Mon, 17 Jun 2024 10:50:36 +0200 Subject: [PATCH 340/429] psa_sim: improve log prints - always print ERROR and FATAL messages because they should never occur, but when they do it's important to see them immediately; - keep INFO prints under DEBUG guard; - set client's PRINT as INFO message because otherwise it will mess test_suites's output; - change some error messages from INFO to ERROR because that's what they are. Signed-off-by: Valerio Setti --- tests/psa-client-server/psasim/include/util.h | 12 +++++------- tests/psa-client-server/psasim/src/client.c | 2 ++ .../psa-client-server/psasim/src/psa_ff_client.c | 7 +++---- .../psasim/src/psa_sim_crypto_client.c | 2 +- .../psasim/src/psa_sim_serialise.c | 16 +++++++++++++--- 5 files changed, 24 insertions(+), 15 deletions(-) diff --git a/tests/psa-client-server/psasim/include/util.h b/tests/psa-client-server/psasim/include/util.h index 558149fe2b..5eb8238c5c 100644 --- a/tests/psa-client-server/psasim/include/util.h +++ b/tests/psa-client-server/psasim/include/util.h @@ -13,20 +13,18 @@ #if defined(DEBUG) #define INFO(fmt, ...) \ fprintf(stdout, "Info (%s - %d): " fmt "\n", __FILE__, __LINE__, ##__VA_ARGS__) +#else /* !DEBUG */ +#define INFO(...) +#endif /* DEBUG*/ #define ERROR(fmt, ...) \ - fprintf(stdout, "Error (%s - %d): " fmt "\n", __FILE__, __LINE__, ##__VA_ARGS__) + fprintf(stderr, "Error (%s - %d): " fmt "\n", __FILE__, __LINE__, ##__VA_ARGS__) #define FATAL(fmt, ...) \ { \ - fprintf(stdout, "Fatal (%s - %d): " fmt "\n", __FILE__, __LINE__, ##__VA_ARGS__); \ + fprintf(stderr, "Fatal (%s - %d): " fmt "\n", __FILE__, __LINE__, ##__VA_ARGS__); \ abort(); \ } -#else /* DEBUG */ -#define INFO(...) -#define ERROR(...) -#define FATAL(...) -#endif /* DEBUG*/ #define PROJECT_ID 'M' #define PATHNAMESIZE 256 diff --git a/tests/psa-client-server/psasim/src/client.c b/tests/psa-client-server/psasim/src/client.c index a8c9e08f3e..4c63abf5a3 100644 --- a/tests/psa-client-server/psasim/src/client.c +++ b/tests/psa-client-server/psasim/src/client.c @@ -7,12 +7,14 @@ /* Includes from mbedtls */ #include "psa/crypto.h" +#include "util.h" int main() { /* psa_crypto_init() connects to the server */ psa_status_t status = psa_crypto_init(); if (status != PSA_SUCCESS) { + ERROR("psa_crypto_init returned %d", status); return 1; } diff --git a/tests/psa-client-server/psasim/src/psa_ff_client.c b/tests/psa-client-server/psasim/src/psa_ff_client.c index 21a43b39dd..0d6bbf3c92 100644 --- a/tests/psa-client-server/psasim/src/psa_ff_client.c +++ b/tests/psa-client-server/psasim/src/psa_ff_client.c @@ -199,7 +199,6 @@ static psa_status_t process_response(int rx_qid, vectors_t *vecs, int type, default: FATAL(" ERROR: unknown internal message type: %ld", response.message_type); - return ret; } } } @@ -301,10 +300,10 @@ psa_handle_t psa_connect(uint32_t sid, uint32_t minor_version) handles[idx].valid = 1; return idx; } else { - INFO("Server didn't like you"); + ERROR("Server didn't like you"); } } else { - INFO("Couldn't contact RoT service. Does it exist?"); + ERROR("Couldn't contact RoT service. Does it exist?"); if (__psa_ff_client_security_state == 0) { ERROR("Invalid SID"); @@ -339,7 +338,7 @@ uint32_t psa_version(uint32_t sid) } } } - INFO("psa_version failed: does the service exist?"); + ERROR("psa_version failed: does the service exist?"); return PSA_VERSION_NONE; } diff --git a/tests/psa-client-server/psasim/src/psa_sim_crypto_client.c b/tests/psa-client-server/psasim/src/psa_sim_crypto_client.c index 2ffb615de7..758e9b2ec6 100644 --- a/tests/psa-client-server/psasim/src/psa_sim_crypto_client.c +++ b/tests/psa-client-server/psasim/src/psa_sim_crypto_client.c @@ -22,7 +22,7 @@ #include "psa/crypto.h" #define CLIENT_PRINT(fmt, ...) \ - PRINT("Client: " fmt, ##__VA_ARGS__) + INFO("Client: " fmt, ##__VA_ARGS__) static psa_handle_t handle = -1; diff --git a/tests/psa-client-server/psasim/src/psa_sim_serialise.c b/tests/psa-client-server/psasim/src/psa_sim_serialise.c index 9e8c38bb57..703e4308f1 100644 --- a/tests/psa-client-server/psasim/src/psa_sim_serialise.c +++ b/tests/psa-client-server/psasim/src/psa_sim_serialise.c @@ -10,6 +10,7 @@ */ #include "psa_sim_serialise.h" +#include "util.h" #include #include @@ -71,8 +72,7 @@ static ssize_t allocate_hash_operation_slot(void) { psasim_client_handle_t handle = next_hash_operation_handle++; if (next_hash_operation_handle == 0) { /* wrapped around */ - fprintf(stderr, "MAX HASH HANDLES REACHED\n"); - exit(1); + FATAL("Hash operation handle wrapped"); } for (ssize_t i = 0; i < MAX_LIVE_HANDLES_PER_CLASS; i++) { @@ -82,6 +82,8 @@ static ssize_t allocate_hash_operation_slot(void) } } + ERROR("All slots are currently used. Unable to allocate a new one."); + return -1; /* all in use */ } @@ -94,7 +96,9 @@ static ssize_t find_hash_slot_by_handle(psasim_client_handle_t handle) } } - return -1; /* all in use */ + ERROR("Unable to find slot by handle %u", handle); + + return -1; /* not found */ } static psa_aead_operation_t aead_operations[MAX_LIVE_HANDLES_PER_CLASS]; @@ -706,3 +710,9 @@ int psasim_deserialise_mbedtls_svc_key_id_t(uint8_t **pos, return 1; } + +void psa_sim_serialize_reset(void) +{ + memset(hash_operation_handles, 0, sizeof(hash_operation_handles)); + memset(hash_operations, 0, sizeof(hash_operations)); +} From 37610024e9b46f6da86bd0665e72b6fd9bf4000f Mon Sep 17 00:00:00 2001 From: Tom Cosgrove Date: Tue, 18 Jun 2024 09:50:25 +0100 Subject: [PATCH 341/429] Update psa_sim_generate.pl to create the psa_sim_crypto_client.c we want Signed-off-by: Tom Cosgrove --- tests/psa-client-server/psasim/src/psa_sim_generate.pl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/psa-client-server/psasim/src/psa_sim_generate.pl b/tests/psa-client-server/psasim/src/psa_sim_generate.pl index ee3894f0ee..15f57949df 100755 --- a/tests/psa-client-server/psasim/src/psa_sim_generate.pl +++ b/tests/psa-client-server/psasim/src/psa_sim_generate.pl @@ -302,7 +302,7 @@ sub client_calls_header #include "psa/crypto.h" #define CLIENT_PRINT(fmt, ...) \ - PRINT("Client: " fmt, ##__VA_ARGS__) + INFO("Client: " fmt, ##__VA_ARGS__) static psa_handle_t handle = -1; From a60d9223d602ef4fc29ef2917691c8abfa695b77 Mon Sep 17 00:00:00 2001 From: Tom Cosgrove Date: Tue, 18 Jun 2024 13:22:21 +0100 Subject: [PATCH 342/429] Update psa_sim_serialise.pl to create the psa_sim_serialise.c we want Signed-off-by: Tom Cosgrove --- .../psasim/src/psa_sim_serialise.c | 15 ++++++--------- .../psasim/src/psa_sim_serialise.pl | 12 +++++++++--- 2 files changed, 15 insertions(+), 12 deletions(-) diff --git a/tests/psa-client-server/psasim/src/psa_sim_serialise.c b/tests/psa-client-server/psasim/src/psa_sim_serialise.c index 703e4308f1..aaf47db0a3 100644 --- a/tests/psa-client-server/psasim/src/psa_sim_serialise.c +++ b/tests/psa-client-server/psasim/src/psa_sim_serialise.c @@ -110,8 +110,7 @@ static ssize_t allocate_aead_operation_slot(void) { psasim_client_handle_t handle = next_aead_operation_handle++; if (next_aead_operation_handle == 0) { /* wrapped around */ - fprintf(stderr, "MAX HASH HANDLES REACHED\n"); - exit(1); + FATAL("Aead operation handle wrapped"); } for (ssize_t i = 0; i < MAX_LIVE_HANDLES_PER_CLASS; i++) { @@ -121,6 +120,8 @@ static ssize_t allocate_aead_operation_slot(void) } } + ERROR("All slots are currently used. Unable to allocate a new one."); + return -1; /* all in use */ } @@ -133,7 +134,9 @@ static ssize_t find_aead_slot_by_handle(psasim_client_handle_t handle) } } - return -1; /* all in use */ + ERROR("Unable to find slot by handle %u", handle); + + return -1; /* not found */ } size_t psasim_serialise_begin_needs(void) @@ -710,9 +713,3 @@ int psasim_deserialise_mbedtls_svc_key_id_t(uint8_t **pos, return 1; } - -void psa_sim_serialize_reset(void) -{ - memset(hash_operation_handles, 0, sizeof(hash_operation_handles)); - memset(hash_operations, 0, sizeof(hash_operations)); -} diff --git a/tests/psa-client-server/psasim/src/psa_sim_serialise.pl b/tests/psa-client-server/psasim/src/psa_sim_serialise.pl index e09bb818a5..c795fd4dc9 100755 --- a/tests/psa-client-server/psasim/src/psa_sim_serialise.pl +++ b/tests/psa-client-server/psasim/src/psa_sim_serialise.pl @@ -724,6 +724,7 @@ sub c_header */ #include "psa_sim_serialise.h" +#include "util.h" #include #include @@ -788,6 +789,8 @@ sub define_operation_type_data_and_functions { my ($type) = @_; # e.g. 'hash' rather than 'psa_hash_operation_t' + my $utype = ucfirst($type); + return < Date: Tue, 18 Jun 2024 14:23:37 +0100 Subject: [PATCH 343/429] Further padlock removals from all.sh Signed-off-by: Thomas Daubney --- tests/scripts/all.sh | 3 --- 1 file changed, 3 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 18f515c332..06ccc73897 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -4636,7 +4636,6 @@ component_test_aesni_m32 () { # ~ 60s ./programs/test/selftest aes | grep "AESNI code" | grep -q "intrinsics" grep -q "AES note: using AESNI" ./programs/test/selftest grep -q "AES note: built-in implementation." ./programs/test/selftest - grep -q "AES note: using VIA Padlock" ./programs/test/selftest grep -q mbedtls_aesni_has_support ./programs/test/selftest scripts/config.py set MBEDTLS_AESNI_C @@ -4648,7 +4647,6 @@ component_test_aesni_m32 () { # ~ 60s ./programs/test/selftest aes | not grep -q "AES note: built-in implementation." grep -q "AES note: using AESNI" ./programs/test/selftest not grep -q "AES note: built-in implementation." ./programs/test/selftest - not grep -q "AES note: using VIA Padlock" ./programs/test/selftest not grep -q mbedtls_aesni_has_support ./programs/test/selftest } @@ -4671,7 +4669,6 @@ component_test_aesni_m32_clang() { ./programs/test/selftest aes | grep "AESNI code" | grep -q "intrinsics" grep -q "AES note: using AESNI" ./programs/test/selftest grep -q "AES note: built-in implementation." ./programs/test/selftest - grep -q "AES note: using VIA Padlock" ./programs/test/selftest grep -q mbedtls_aesni_has_support ./programs/test/selftest } From 13db41006c404fdf69805e2a8db81abf67624a31 Mon Sep 17 00:00:00 2001 From: Gabor Mezei Date: Tue, 18 Jun 2024 17:35:00 +0200 Subject: [PATCH 344/429] Revert "Update `config-no-entropy.h` for 'PSA_WANT' macros" This reverts commit df59c630a510991b998bb16479fafb7757770324. Signed-off-by: Gabor Mezei --- configs/config-no-entropy.h | 3 --- configs/crypto-config-no-entropy.h | 39 ------------------------------ 2 files changed, 42 deletions(-) delete mode 100644 configs/crypto-config-no-entropy.h diff --git a/configs/config-no-entropy.h b/configs/config-no-entropy.h index 0a8dd14760..ddb00b41ef 100644 --- a/configs/config-no-entropy.h +++ b/configs/config-no-entropy.h @@ -17,9 +17,6 @@ * See README.txt for usage instructions. */ -#define MBEDTLS_PSA_CRYPTO_CONFIG_FILE "../configs/crypto-config-no-entropy.h" -#define MBEDTLS_PSA_CRYPTO_CONFIG - /* System support */ #define MBEDTLS_HAVE_ASM #define MBEDTLS_HAVE_TIME diff --git a/configs/crypto-config-no-entropy.h b/configs/crypto-config-no-entropy.h deleted file mode 100644 index 9a9afe7da3..0000000000 --- a/configs/crypto-config-no-entropy.h +++ /dev/null @@ -1,39 +0,0 @@ -/** - * \file crypto-config-no-entropy.h - * - * \brief Minimal crypto configuration of features that do not require an entropy source - */ -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ -/* - * Minimal configuration of features that do not require an entropy source - * Distinguishing features: - * - no entropy module - * - no TLS protocol implementation available due to absence of an entropy - * source - * - * See README.txt for usage instructions. - */ - -#define PSA_WANT_ALG_CBC_PKCS7 1 -#define PSA_WANT_ALG_CCM 1 -#define PSA_WANT_ALG_DETERMINISTIC_ECDSA 1 -#define PSA_WANT_ALG_ECDSA 1 -#define PSA_WANT_ALG_GCM 1 -#define PSA_WANT_ALG_HMAC 1 -#define PSA_WANT_ALG_RSA_OAEP 1 -#define PSA_WANT_ALG_RSA_PKCS1V15_CRYPT 1 -#define PSA_WANT_ALG_RSA_PKCS1V15_SIGN 1 -#define PSA_WANT_ALG_RSA_PSS 1 -#define PSA_WANT_ALG_SHA_224 1 -#define PSA_WANT_ALG_SHA_256 1 -#define PSA_WANT_ALG_SHA_384 1 -#define PSA_WANT_ALG_SHA_512 1 - -#define PSA_WANT_ECC_MONTGOMERY_255 1 -#define PSA_WANT_ECC_SECP_R1_256 1 -#define PSA_WANT_ECC_SECP_R1_384 1 - -#define PSA_WANT_KEY_TYPE_AES 1 From eafefb7a22081dc0af49fb6ac560b0d24665758f Mon Sep 17 00:00:00 2001 From: Gabor Mezei Date: Tue, 18 Jun 2024 17:35:25 +0200 Subject: [PATCH 345/429] Revert "Update `full_no_cipher_no_psa_crypto` test component" This reverts commit 5bc887c64444c244300f17710a5d6a936ae5a3a2. Signed-off-by: Gabor Mezei --- tests/scripts/all.sh | 20 ++++---------------- 1 file changed, 4 insertions(+), 16 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 6c2b428b69..35b3ff90bd 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -1711,10 +1711,13 @@ component_test_crypto_full_md_light_only () { make test } -component_test_full_no_cipher_with_legacy () { +component_test_full_no_cipher_no_psa_crypto () { msg "build: full no CIPHER no PSA_CRYPTO_C" scripts/config.py full scripts/config.py unset MBEDTLS_CIPHER_C + # Don't pull in cipher via PSA mechanisms + # (currently ignored anyway because we completely disable PSA) + scripts/config.py unset MBEDTLS_PSA_CRYPTO_CONFIG # Disable features that depend on CIPHER_C scripts/config.py unset MBEDTLS_CMAC_C scripts/config.py unset MBEDTLS_NIST_KW_C @@ -1722,21 +1725,6 @@ component_test_full_no_cipher_with_legacy () { scripts/config.py unset MBEDTLS_PSA_CRYPTO_CLIENT scripts/config.py unset MBEDTLS_SSL_TLS_C scripts/config.py unset MBEDTLS_SSL_TICKET_C - # The built-in implementation of the following algs/key-types depends - # on CIPHER_C so we disable them. - # This does not hold for KEY_TYPE_CHACHA20 and ALG_CHACHA20_POLY1305 - # so we keep them enabled. - scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CCM_STAR_NO_TAG - scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CMAC - scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CBC_NO_PADDING - scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CBC_PKCS7 - scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CFB - scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CTR - scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_ECB_NO_PADDING - scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_OFB - scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128 - scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_STREAM_CIPHER - scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_KEY_TYPE_DESPSA_WANT_ALG_CMAC # Disable features that depend on PSA_CRYPTO_C scripts/config.py unset MBEDTLS_PSA_CRYPTO_SE_C scripts/config.py unset MBEDTLS_PSA_CRYPTO_STORAGE_C From 1b646c2d79f5262a3ef08c24394ca13a9986ec39 Mon Sep 17 00:00:00 2001 From: Gabor Mezei Date: Mon, 17 Jun 2024 16:45:14 +0200 Subject: [PATCH 346/429] Remove `config-no-entropy.h` Signed-off-by: Gabor Mezei --- configs/config-no-entropy.h | 73 ------------------------------- tests/scripts/test-ref-configs.pl | 2 - 2 files changed, 75 deletions(-) delete mode 100644 configs/config-no-entropy.h diff --git a/configs/config-no-entropy.h b/configs/config-no-entropy.h deleted file mode 100644 index ddb00b41ef..0000000000 --- a/configs/config-no-entropy.h +++ /dev/null @@ -1,73 +0,0 @@ -/** - * \file config-no-entropy.h - * - * \brief Minimal configuration of features that do not require an entropy source - */ -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later - */ -/* - * Minimal configuration of features that do not require an entropy source - * Distinguishing features: - * - no entropy module - * - no TLS protocol implementation available due to absence of an entropy - * source - * - * See README.txt for usage instructions. - */ - -/* System support */ -#define MBEDTLS_HAVE_ASM -#define MBEDTLS_HAVE_TIME - -/* Mbed TLS feature support */ -#define MBEDTLS_CIPHER_MODE_CBC -#define MBEDTLS_CIPHER_PADDING_PKCS7 -#define MBEDTLS_ECP_DP_SECP256R1_ENABLED -#define MBEDTLS_ECP_DP_SECP384R1_ENABLED -#define MBEDTLS_ECP_DP_CURVE25519_ENABLED -#define MBEDTLS_ECP_NIST_OPTIM -#define MBEDTLS_ECDSA_DETERMINISTIC -#define MBEDTLS_PK_RSA_ALT_SUPPORT -#define MBEDTLS_PKCS1_V15 -#define MBEDTLS_PKCS1_V21 -#define MBEDTLS_SELF_TEST -#define MBEDTLS_VERSION_FEATURES - -/* Mbed TLS modules */ -#define MBEDTLS_AES_C -#define MBEDTLS_ASN1_PARSE_C -#define MBEDTLS_ASN1_WRITE_C -#define MBEDTLS_BASE64_C -#define MBEDTLS_BIGNUM_C -#define MBEDTLS_CCM_C -#define MBEDTLS_CIPHER_C -#define MBEDTLS_ECDSA_C -#define MBEDTLS_ECP_C -#define MBEDTLS_ERROR_C -#define MBEDTLS_GCM_C -#define MBEDTLS_HMAC_DRBG_C -#define MBEDTLS_MD_C -#define MBEDTLS_OID_C -#define MBEDTLS_PEM_PARSE_C -#define MBEDTLS_PK_C -#define MBEDTLS_PK_PARSE_C -#define MBEDTLS_PK_WRITE_C -#define MBEDTLS_PLATFORM_C -#define MBEDTLS_RSA_C -/* The library does not currently support enabling SHA-224 without SHA-256. - * A future version of the library will have this option disabled - * by default. */ -#define MBEDTLS_SHA224_C -#define MBEDTLS_SHA256_C -#define MBEDTLS_SHA384_C -#define MBEDTLS_SHA512_C -#define MBEDTLS_VERSION_C -#define MBEDTLS_X509_USE_C -#define MBEDTLS_X509_CRT_PARSE_C -#define MBEDTLS_X509_CRL_PARSE_C -//#define MBEDTLS_CMAC_C - -/* Miscellaneous options */ -#define MBEDTLS_AES_ROM_TABLES diff --git a/tests/scripts/test-ref-configs.pl b/tests/scripts/test-ref-configs.pl index 5557de3276..9198293d46 100755 --- a/tests/scripts/test-ref-configs.pl +++ b/tests/scripts/test-ref-configs.pl @@ -24,8 +24,6 @@ my %configs = ( 'opt' => ' ', 'opt_needs_debug' => 1, }, - 'config-no-entropy.h' => { - }, 'config-suite-b.h' => { 'compat' => "-m tls12 -f 'ECDHE_ECDSA.*AES.*GCM' -p mbedTLS", 'opt' => ' ', From a67f1beb46d3abd76d93f5e203513ebf5e44d8c3 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Thu, 23 May 2024 15:50:27 +0200 Subject: [PATCH 347/429] Adapt test_crypto_full_md_light_only Adapt test_crypto_full_md_light_only with MBEDTLS_PSA_CRYPTO_CONFIG enabled. No need to disable PSA_WANT_ALG_HKDF as the PSA implementation of HKDF is independent of hkdf.c and thus of MAC through md.c. Signed-off-by: Ronald Cron --- tests/scripts/all.sh | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 1328eebfec..7820aa11b4 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -1689,7 +1689,7 @@ component_full_no_pkparse_pkwrite() { component_test_crypto_full_md_light_only () { msg "build: crypto_full with only the light subset of MD" scripts/config.py crypto_full - scripts/config.py unset MBEDTLS_PSA_CRYPTO_CONFIG + # Disable MD scripts/config.py unset MBEDTLS_MD_C # Disable direct dependencies of MD_C @@ -1698,6 +1698,7 @@ component_test_crypto_full_md_light_only () { scripts/config.py unset MBEDTLS_PKCS7_C # Disable indirect dependencies of MD_C scripts/config.py unset MBEDTLS_ECDSA_DETERMINISTIC # needs HMAC_DRBG + scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_DETERMINISTIC_ECDSA # Disable things that would auto-enable MD_C scripts/config.py unset MBEDTLS_PKCS5_C From 8dbea48958a8b4427a5056808c7c578138127780 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Thu, 23 May 2024 16:04:11 +0200 Subject: [PATCH 348/429] Adapt test_full_no_cipher_ components Adapt test_full_no_cipher_ components with MBEDTLS_PSA_CRYPTO_CONFIG enabled. Remove the component with no PSA crypto and the one with MBEDTLS_PSA_CRYPTO_CONFIG disabled. Signed-off-by: Ronald Cron --- tests/scripts/all.sh | 87 ++++++++++---------------------------------- 1 file changed, 19 insertions(+), 68 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 7820aa11b4..d3bed3b11e 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -1714,69 +1714,28 @@ component_test_crypto_full_md_light_only () { make test } -component_test_full_no_cipher_no_psa_crypto () { - msg "build: full no CIPHER no PSA_CRYPTO_C" - scripts/config.py full - scripts/config.py unset MBEDTLS_CIPHER_C - # Don't pull in cipher via PSA mechanisms - # (currently ignored anyway because we completely disable PSA) - scripts/config.py unset MBEDTLS_PSA_CRYPTO_CONFIG - # Disable features that depend on CIPHER_C - scripts/config.py unset MBEDTLS_CMAC_C - scripts/config.py unset MBEDTLS_NIST_KW_C - scripts/config.py unset MBEDTLS_PSA_CRYPTO_C - scripts/config.py unset MBEDTLS_PSA_CRYPTO_CLIENT - scripts/config.py unset MBEDTLS_SSL_TLS_C - scripts/config.py unset MBEDTLS_SSL_TICKET_C - # Disable features that depend on PSA_CRYPTO_C - scripts/config.py unset MBEDTLS_PSA_CRYPTO_SE_C - scripts/config.py unset MBEDTLS_PSA_CRYPTO_STORAGE_C - scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO - scripts/config.py unset MBEDTLS_LMS_C - scripts/config.py unset MBEDTLS_LMS_PRIVATE - - msg "test: full no CIPHER no PSA_CRYPTO_C" - make test -} - -# This is a common configurator and test function that is used in: -# - component_test_full_no_cipher_with_psa_crypto -# - component_test_full_no_cipher_with_psa_crypto_config -# It accepts 2 input parameters: -# - $1: boolean value which basically reflects status of MBEDTLS_PSA_CRYPTO_CONFIG -# - $2: a text string which describes the test component -common_test_full_no_cipher_with_psa_crypto () { - USE_CRYPTO_CONFIG="$1" - COMPONENT_DESCRIPTION="$2" - - msg "build: $COMPONENT_DESCRIPTION" +component_test_full_no_cipher () { + msg "build: full no CIPHER" scripts/config.py full scripts/config.py unset MBEDTLS_CIPHER_C - if [ "$USE_CRYPTO_CONFIG" -eq 1 ]; then - # The built-in implementation of the following algs/key-types depends - # on CIPHER_C so we disable them. - # This does not hold for KEY_TYPE_CHACHA20 and ALG_CHACHA20_POLY1305 - # so we keep them enabled. - scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CCM_STAR_NO_TAG - scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CMAC - scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CBC_NO_PADDING - scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CBC_PKCS7 - scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CFB - scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CTR - scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_ECB_NO_PADDING - scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_OFB - scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128 - scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_STREAM_CIPHER - scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_KEY_TYPE_DES - else - # Don't pull in cipher via PSA mechanisms - scripts/config.py unset MBEDTLS_PSA_CRYPTO_CONFIG - # Disable cipher modes/keys that make PSA depend on CIPHER_C. - # Keep CHACHA20 and CHACHAPOLY enabled since they do not depend on CIPHER_C. - scripts/config.py unset-all MBEDTLS_CIPHER_MODE - fi + # The built-in implementation of the following algs/key-types depends + # on CIPHER_C so we disable them. + # This does not hold for KEY_TYPE_CHACHA20 and ALG_CHACHA20_POLY1305 + # so we keep them enabled. + scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CCM_STAR_NO_TAG + scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CMAC + scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CBC_NO_PADDING + scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CBC_PKCS7 + scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CFB + scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CTR + scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_ECB_NO_PADDING + scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_OFB + scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128 + scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_STREAM_CIPHER + scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_KEY_TYPE_DES + # The following modules directly depends on CIPHER_C scripts/config.py unset MBEDTLS_CMAC_C scripts/config.py unset MBEDTLS_NIST_KW_C @@ -1786,18 +1745,10 @@ common_test_full_no_cipher_with_psa_crypto () { # Ensure that CIPHER_C was not re-enabled not grep mbedtls_cipher_init library/cipher.o - msg "test: $COMPONENT_DESCRIPTION" + msg "test: full no CIPHER" make test } -component_test_full_no_cipher_with_psa_crypto() { - common_test_full_no_cipher_with_psa_crypto 0 "full no CIPHER no CRYPTO_CONFIG" -} - -component_test_full_no_cipher_with_psa_crypto_config() { - common_test_full_no_cipher_with_psa_crypto 1 "full no CIPHER" -} - component_test_full_no_ccm() { msg "build: full no PSA_WANT_ALG_CCM" From 7062d3d936d8e59f65022e58733a59f5c4045b3a Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Fri, 24 May 2024 10:28:15 +0200 Subject: [PATCH 349/429] tests: src: Fix PSA test wrappers for PAKE Signed-off-by: Ronald Cron --- framework | 2 +- tests/include/test/psa_test_wrappers.h | 32 ++++++++++++++++++++++++++ tests/src/psa_test_wrappers.c | 32 ++++++++++++++++++++++++++ 3 files changed, 65 insertions(+), 1 deletion(-) diff --git a/framework b/framework index c663fa8ece..b332327b5e 160000 --- a/framework +++ b/framework @@ -1 +1 @@ -Subproject commit c663fa8ece1dfee830da096ae872547d23543e60 +Subproject commit b332327b5e139a664bf9af1f8d7f42dbd44091f8 diff --git a/tests/include/test/psa_test_wrappers.h b/tests/include/test/psa_test_wrappers.h index ecf926eb07..e6d712bd63 100644 --- a/tests/include/test/psa_test_wrappers.h +++ b/tests/include/test/psa_test_wrappers.h @@ -262,12 +262,15 @@ psa_status_t mbedtls_test_wrap_psa_copy_key( #define psa_copy_key(arg0_source_key, arg1_attributes, arg2_target_key) \ mbedtls_test_wrap_psa_copy_key(arg0_source_key, arg1_attributes, arg2_target_key) +#if defined(PSA_WANT_ALG_SOME_PAKE) psa_status_t mbedtls_test_wrap_psa_crypto_driver_pake_get_cipher_suite( const psa_crypto_driver_pake_inputs_t *arg0_inputs, psa_pake_cipher_suite_t *arg1_cipher_suite); #define psa_crypto_driver_pake_get_cipher_suite(arg0_inputs, arg1_cipher_suite) \ mbedtls_test_wrap_psa_crypto_driver_pake_get_cipher_suite(arg0_inputs, arg1_cipher_suite) +#endif /* defined(PSA_WANT_ALG_SOME_PAKE) */ +#if defined(PSA_WANT_ALG_SOME_PAKE) psa_status_t mbedtls_test_wrap_psa_crypto_driver_pake_get_password( const psa_crypto_driver_pake_inputs_t *arg0_inputs, uint8_t *arg1_buffer, @@ -275,13 +278,17 @@ psa_status_t mbedtls_test_wrap_psa_crypto_driver_pake_get_password( size_t *arg3_buffer_length); #define psa_crypto_driver_pake_get_password(arg0_inputs, arg1_buffer, arg2_buffer_size, arg3_buffer_length) \ mbedtls_test_wrap_psa_crypto_driver_pake_get_password(arg0_inputs, arg1_buffer, arg2_buffer_size, arg3_buffer_length) +#endif /* defined(PSA_WANT_ALG_SOME_PAKE) */ +#if defined(PSA_WANT_ALG_SOME_PAKE) psa_status_t mbedtls_test_wrap_psa_crypto_driver_pake_get_password_len( const psa_crypto_driver_pake_inputs_t *arg0_inputs, size_t *arg1_password_len); #define psa_crypto_driver_pake_get_password_len(arg0_inputs, arg1_password_len) \ mbedtls_test_wrap_psa_crypto_driver_pake_get_password_len(arg0_inputs, arg1_password_len) +#endif /* defined(PSA_WANT_ALG_SOME_PAKE) */ +#if defined(PSA_WANT_ALG_SOME_PAKE) psa_status_t mbedtls_test_wrap_psa_crypto_driver_pake_get_peer( const psa_crypto_driver_pake_inputs_t *arg0_inputs, uint8_t *arg1_peer_id, @@ -289,13 +296,17 @@ psa_status_t mbedtls_test_wrap_psa_crypto_driver_pake_get_peer( size_t *arg3_peer_id_length); #define psa_crypto_driver_pake_get_peer(arg0_inputs, arg1_peer_id, arg2_peer_id_size, arg3_peer_id_length) \ mbedtls_test_wrap_psa_crypto_driver_pake_get_peer(arg0_inputs, arg1_peer_id, arg2_peer_id_size, arg3_peer_id_length) +#endif /* defined(PSA_WANT_ALG_SOME_PAKE) */ +#if defined(PSA_WANT_ALG_SOME_PAKE) psa_status_t mbedtls_test_wrap_psa_crypto_driver_pake_get_peer_len( const psa_crypto_driver_pake_inputs_t *arg0_inputs, size_t *arg1_peer_len); #define psa_crypto_driver_pake_get_peer_len(arg0_inputs, arg1_peer_len) \ mbedtls_test_wrap_psa_crypto_driver_pake_get_peer_len(arg0_inputs, arg1_peer_len) +#endif /* defined(PSA_WANT_ALG_SOME_PAKE) */ +#if defined(PSA_WANT_ALG_SOME_PAKE) psa_status_t mbedtls_test_wrap_psa_crypto_driver_pake_get_user( const psa_crypto_driver_pake_inputs_t *arg0_inputs, uint8_t *arg1_user_id, @@ -303,12 +314,15 @@ psa_status_t mbedtls_test_wrap_psa_crypto_driver_pake_get_user( size_t *arg3_user_id_len); #define psa_crypto_driver_pake_get_user(arg0_inputs, arg1_user_id, arg2_user_id_size, arg3_user_id_len) \ mbedtls_test_wrap_psa_crypto_driver_pake_get_user(arg0_inputs, arg1_user_id, arg2_user_id_size, arg3_user_id_len) +#endif /* defined(PSA_WANT_ALG_SOME_PAKE) */ +#if defined(PSA_WANT_ALG_SOME_PAKE) psa_status_t mbedtls_test_wrap_psa_crypto_driver_pake_get_user_len( const psa_crypto_driver_pake_inputs_t *arg0_inputs, size_t *arg1_user_len); #define psa_crypto_driver_pake_get_user_len(arg0_inputs, arg1_user_len) \ mbedtls_test_wrap_psa_crypto_driver_pake_get_user_len(arg0_inputs, arg1_user_len) +#endif /* defined(PSA_WANT_ALG_SOME_PAKE) */ psa_status_t mbedtls_test_wrap_psa_crypto_init(void); #define psa_crypto_init() \ @@ -566,17 +580,22 @@ psa_status_t mbedtls_test_wrap_psa_mac_verify_setup( #define psa_mac_verify_setup(arg0_operation, arg1_key, arg2_alg) \ mbedtls_test_wrap_psa_mac_verify_setup(arg0_operation, arg1_key, arg2_alg) +#if defined(PSA_WANT_ALG_SOME_PAKE) psa_status_t mbedtls_test_wrap_psa_pake_abort( psa_pake_operation_t *arg0_operation); #define psa_pake_abort(arg0_operation) \ mbedtls_test_wrap_psa_pake_abort(arg0_operation) +#endif /* defined(PSA_WANT_ALG_SOME_PAKE) */ +#if defined(PSA_WANT_ALG_SOME_PAKE) psa_status_t mbedtls_test_wrap_psa_pake_get_implicit_key( psa_pake_operation_t *arg0_operation, psa_key_derivation_operation_t *arg1_output); #define psa_pake_get_implicit_key(arg0_operation, arg1_output) \ mbedtls_test_wrap_psa_pake_get_implicit_key(arg0_operation, arg1_output) +#endif /* defined(PSA_WANT_ALG_SOME_PAKE) */ +#if defined(PSA_WANT_ALG_SOME_PAKE) psa_status_t mbedtls_test_wrap_psa_pake_input( psa_pake_operation_t *arg0_operation, psa_pake_step_t arg1_step, @@ -584,7 +603,9 @@ psa_status_t mbedtls_test_wrap_psa_pake_input( size_t arg3_input_length); #define psa_pake_input(arg0_operation, arg1_step, arg2_input, arg3_input_length) \ mbedtls_test_wrap_psa_pake_input(arg0_operation, arg1_step, arg2_input, arg3_input_length) +#endif /* defined(PSA_WANT_ALG_SOME_PAKE) */ +#if defined(PSA_WANT_ALG_SOME_PAKE) psa_status_t mbedtls_test_wrap_psa_pake_output( psa_pake_operation_t *arg0_operation, psa_pake_step_t arg1_step, @@ -593,38 +614,49 @@ psa_status_t mbedtls_test_wrap_psa_pake_output( size_t *arg4_output_length); #define psa_pake_output(arg0_operation, arg1_step, arg2_output, arg3_output_size, arg4_output_length) \ mbedtls_test_wrap_psa_pake_output(arg0_operation, arg1_step, arg2_output, arg3_output_size, arg4_output_length) +#endif /* defined(PSA_WANT_ALG_SOME_PAKE) */ +#if defined(PSA_WANT_ALG_SOME_PAKE) psa_status_t mbedtls_test_wrap_psa_pake_set_password_key( psa_pake_operation_t *arg0_operation, mbedtls_svc_key_id_t arg1_password); #define psa_pake_set_password_key(arg0_operation, arg1_password) \ mbedtls_test_wrap_psa_pake_set_password_key(arg0_operation, arg1_password) +#endif /* defined(PSA_WANT_ALG_SOME_PAKE) */ +#if defined(PSA_WANT_ALG_SOME_PAKE) psa_status_t mbedtls_test_wrap_psa_pake_set_peer( psa_pake_operation_t *arg0_operation, const uint8_t *arg1_peer_id, size_t arg2_peer_id_len); #define psa_pake_set_peer(arg0_operation, arg1_peer_id, arg2_peer_id_len) \ mbedtls_test_wrap_psa_pake_set_peer(arg0_operation, arg1_peer_id, arg2_peer_id_len) +#endif /* defined(PSA_WANT_ALG_SOME_PAKE) */ +#if defined(PSA_WANT_ALG_SOME_PAKE) psa_status_t mbedtls_test_wrap_psa_pake_set_role( psa_pake_operation_t *arg0_operation, psa_pake_role_t arg1_role); #define psa_pake_set_role(arg0_operation, arg1_role) \ mbedtls_test_wrap_psa_pake_set_role(arg0_operation, arg1_role) +#endif /* defined(PSA_WANT_ALG_SOME_PAKE) */ +#if defined(PSA_WANT_ALG_SOME_PAKE) psa_status_t mbedtls_test_wrap_psa_pake_set_user( psa_pake_operation_t *arg0_operation, const uint8_t *arg1_user_id, size_t arg2_user_id_len); #define psa_pake_set_user(arg0_operation, arg1_user_id, arg2_user_id_len) \ mbedtls_test_wrap_psa_pake_set_user(arg0_operation, arg1_user_id, arg2_user_id_len) +#endif /* defined(PSA_WANT_ALG_SOME_PAKE) */ +#if defined(PSA_WANT_ALG_SOME_PAKE) psa_status_t mbedtls_test_wrap_psa_pake_setup( psa_pake_operation_t *arg0_operation, const psa_pake_cipher_suite_t *arg1_cipher_suite); #define psa_pake_setup(arg0_operation, arg1_cipher_suite) \ mbedtls_test_wrap_psa_pake_setup(arg0_operation, arg1_cipher_suite) +#endif /* defined(PSA_WANT_ALG_SOME_PAKE) */ psa_status_t mbedtls_test_wrap_psa_purge_key( mbedtls_svc_key_id_t arg0_key); diff --git a/tests/src/psa_test_wrappers.c b/tests/src/psa_test_wrappers.c index 809f1cd6f5..24e05c8c6a 100644 --- a/tests/src/psa_test_wrappers.c +++ b/tests/src/psa_test_wrappers.c @@ -465,6 +465,7 @@ psa_status_t mbedtls_test_wrap_psa_copy_key( } /* Wrapper for psa_crypto_driver_pake_get_cipher_suite */ +#if defined(PSA_WANT_ALG_SOME_PAKE) psa_status_t mbedtls_test_wrap_psa_crypto_driver_pake_get_cipher_suite( const psa_crypto_driver_pake_inputs_t *arg0_inputs, psa_pake_cipher_suite_t *arg1_cipher_suite) @@ -472,8 +473,10 @@ psa_status_t mbedtls_test_wrap_psa_crypto_driver_pake_get_cipher_suite( psa_status_t status = (psa_crypto_driver_pake_get_cipher_suite)(arg0_inputs, arg1_cipher_suite); return status; } +#endif /* defined(PSA_WANT_ALG_SOME_PAKE) */ /* Wrapper for psa_crypto_driver_pake_get_password */ +#if defined(PSA_WANT_ALG_SOME_PAKE) psa_status_t mbedtls_test_wrap_psa_crypto_driver_pake_get_password( const psa_crypto_driver_pake_inputs_t *arg0_inputs, uint8_t *arg1_buffer, @@ -483,8 +486,10 @@ psa_status_t mbedtls_test_wrap_psa_crypto_driver_pake_get_password( psa_status_t status = (psa_crypto_driver_pake_get_password)(arg0_inputs, arg1_buffer, arg2_buffer_size, arg3_buffer_length); return status; } +#endif /* defined(PSA_WANT_ALG_SOME_PAKE) */ /* Wrapper for psa_crypto_driver_pake_get_password_len */ +#if defined(PSA_WANT_ALG_SOME_PAKE) psa_status_t mbedtls_test_wrap_psa_crypto_driver_pake_get_password_len( const psa_crypto_driver_pake_inputs_t *arg0_inputs, size_t *arg1_password_len) @@ -492,8 +497,10 @@ psa_status_t mbedtls_test_wrap_psa_crypto_driver_pake_get_password_len( psa_status_t status = (psa_crypto_driver_pake_get_password_len)(arg0_inputs, arg1_password_len); return status; } +#endif /* defined(PSA_WANT_ALG_SOME_PAKE) */ /* Wrapper for psa_crypto_driver_pake_get_peer */ +#if defined(PSA_WANT_ALG_SOME_PAKE) psa_status_t mbedtls_test_wrap_psa_crypto_driver_pake_get_peer( const psa_crypto_driver_pake_inputs_t *arg0_inputs, uint8_t *arg1_peer_id, @@ -503,8 +510,10 @@ psa_status_t mbedtls_test_wrap_psa_crypto_driver_pake_get_peer( psa_status_t status = (psa_crypto_driver_pake_get_peer)(arg0_inputs, arg1_peer_id, arg2_peer_id_size, arg3_peer_id_length); return status; } +#endif /* defined(PSA_WANT_ALG_SOME_PAKE) */ /* Wrapper for psa_crypto_driver_pake_get_peer_len */ +#if defined(PSA_WANT_ALG_SOME_PAKE) psa_status_t mbedtls_test_wrap_psa_crypto_driver_pake_get_peer_len( const psa_crypto_driver_pake_inputs_t *arg0_inputs, size_t *arg1_peer_len) @@ -512,8 +521,10 @@ psa_status_t mbedtls_test_wrap_psa_crypto_driver_pake_get_peer_len( psa_status_t status = (psa_crypto_driver_pake_get_peer_len)(arg0_inputs, arg1_peer_len); return status; } +#endif /* defined(PSA_WANT_ALG_SOME_PAKE) */ /* Wrapper for psa_crypto_driver_pake_get_user */ +#if defined(PSA_WANT_ALG_SOME_PAKE) psa_status_t mbedtls_test_wrap_psa_crypto_driver_pake_get_user( const psa_crypto_driver_pake_inputs_t *arg0_inputs, uint8_t *arg1_user_id, @@ -523,8 +534,10 @@ psa_status_t mbedtls_test_wrap_psa_crypto_driver_pake_get_user( psa_status_t status = (psa_crypto_driver_pake_get_user)(arg0_inputs, arg1_user_id, arg2_user_id_size, arg3_user_id_len); return status; } +#endif /* defined(PSA_WANT_ALG_SOME_PAKE) */ /* Wrapper for psa_crypto_driver_pake_get_user_len */ +#if defined(PSA_WANT_ALG_SOME_PAKE) psa_status_t mbedtls_test_wrap_psa_crypto_driver_pake_get_user_len( const psa_crypto_driver_pake_inputs_t *arg0_inputs, size_t *arg1_user_len) @@ -532,6 +545,7 @@ psa_status_t mbedtls_test_wrap_psa_crypto_driver_pake_get_user_len( psa_status_t status = (psa_crypto_driver_pake_get_user_len)(arg0_inputs, arg1_user_len); return status; } +#endif /* defined(PSA_WANT_ALG_SOME_PAKE) */ /* Wrapper for psa_crypto_init */ psa_status_t mbedtls_test_wrap_psa_crypto_init(void) @@ -1008,14 +1022,17 @@ psa_status_t mbedtls_test_wrap_psa_mac_verify_setup( } /* Wrapper for psa_pake_abort */ +#if defined(PSA_WANT_ALG_SOME_PAKE) psa_status_t mbedtls_test_wrap_psa_pake_abort( psa_pake_operation_t *arg0_operation) { psa_status_t status = (psa_pake_abort)(arg0_operation); return status; } +#endif /* defined(PSA_WANT_ALG_SOME_PAKE) */ /* Wrapper for psa_pake_get_implicit_key */ +#if defined(PSA_WANT_ALG_SOME_PAKE) psa_status_t mbedtls_test_wrap_psa_pake_get_implicit_key( psa_pake_operation_t *arg0_operation, psa_key_derivation_operation_t *arg1_output) @@ -1023,8 +1040,10 @@ psa_status_t mbedtls_test_wrap_psa_pake_get_implicit_key( psa_status_t status = (psa_pake_get_implicit_key)(arg0_operation, arg1_output); return status; } +#endif /* defined(PSA_WANT_ALG_SOME_PAKE) */ /* Wrapper for psa_pake_input */ +#if defined(PSA_WANT_ALG_SOME_PAKE) psa_status_t mbedtls_test_wrap_psa_pake_input( psa_pake_operation_t *arg0_operation, psa_pake_step_t arg1_step, @@ -1040,8 +1059,10 @@ psa_status_t mbedtls_test_wrap_psa_pake_input( #endif /* !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) */ return status; } +#endif /* defined(PSA_WANT_ALG_SOME_PAKE) */ /* Wrapper for psa_pake_output */ +#if defined(PSA_WANT_ALG_SOME_PAKE) psa_status_t mbedtls_test_wrap_psa_pake_output( psa_pake_operation_t *arg0_operation, psa_pake_step_t arg1_step, @@ -1058,8 +1079,10 @@ psa_status_t mbedtls_test_wrap_psa_pake_output( #endif /* !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) */ return status; } +#endif /* defined(PSA_WANT_ALG_SOME_PAKE) */ /* Wrapper for psa_pake_set_password_key */ +#if defined(PSA_WANT_ALG_SOME_PAKE) psa_status_t mbedtls_test_wrap_psa_pake_set_password_key( psa_pake_operation_t *arg0_operation, mbedtls_svc_key_id_t arg1_password) @@ -1067,8 +1090,10 @@ psa_status_t mbedtls_test_wrap_psa_pake_set_password_key( psa_status_t status = (psa_pake_set_password_key)(arg0_operation, arg1_password); return status; } +#endif /* defined(PSA_WANT_ALG_SOME_PAKE) */ /* Wrapper for psa_pake_set_peer */ +#if defined(PSA_WANT_ALG_SOME_PAKE) psa_status_t mbedtls_test_wrap_psa_pake_set_peer( psa_pake_operation_t *arg0_operation, const uint8_t *arg1_peer_id, @@ -1083,8 +1108,10 @@ psa_status_t mbedtls_test_wrap_psa_pake_set_peer( #endif /* !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) */ return status; } +#endif /* defined(PSA_WANT_ALG_SOME_PAKE) */ /* Wrapper for psa_pake_set_role */ +#if defined(PSA_WANT_ALG_SOME_PAKE) psa_status_t mbedtls_test_wrap_psa_pake_set_role( psa_pake_operation_t *arg0_operation, psa_pake_role_t arg1_role) @@ -1092,8 +1119,10 @@ psa_status_t mbedtls_test_wrap_psa_pake_set_role( psa_status_t status = (psa_pake_set_role)(arg0_operation, arg1_role); return status; } +#endif /* defined(PSA_WANT_ALG_SOME_PAKE) */ /* Wrapper for psa_pake_set_user */ +#if defined(PSA_WANT_ALG_SOME_PAKE) psa_status_t mbedtls_test_wrap_psa_pake_set_user( psa_pake_operation_t *arg0_operation, const uint8_t *arg1_user_id, @@ -1108,8 +1137,10 @@ psa_status_t mbedtls_test_wrap_psa_pake_set_user( #endif /* !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) */ return status; } +#endif /* defined(PSA_WANT_ALG_SOME_PAKE) */ /* Wrapper for psa_pake_setup */ +#if defined(PSA_WANT_ALG_SOME_PAKE) psa_status_t mbedtls_test_wrap_psa_pake_setup( psa_pake_operation_t *arg0_operation, const psa_pake_cipher_suite_t *arg1_cipher_suite) @@ -1117,6 +1148,7 @@ psa_status_t mbedtls_test_wrap_psa_pake_setup( psa_status_t status = (psa_pake_setup)(arg0_operation, arg1_cipher_suite); return status; } +#endif /* defined(PSA_WANT_ALG_SOME_PAKE) */ /* Wrapper for psa_purge_key */ psa_status_t mbedtls_test_wrap_psa_purge_key( From cfce75f4c49c243c5188faabdc06b1739d1dd7ce Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Fri, 24 May 2024 10:50:05 +0200 Subject: [PATCH 350/429] Remove component_test_full_no_bignum Remove test_full_no_bignum as duplicate of the test of the reference config confgi-symmetric-only.h and component_test_psa_crypto_config_accel_ecc_no_bignum(). Specifically, component_test_full_no_bignum was added as part of preparation work for that component. Signed-off-by: Ronald Cron --- tests/scripts/all.sh | 54 -------------------------------------------- 1 file changed, 54 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index d3bed3b11e..81c2e06f6c 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -1802,60 +1802,6 @@ component_test_full_no_ccm_star_no_tag() { make test } -component_test_full_no_bignum () { - msg "build: full minus bignum" - scripts/config.py full - scripts/config.py unset MBEDTLS_BIGNUM_C - # Direct dependencies of bignum - scripts/config.py unset MBEDTLS_ECP_C - scripts/config.py unset MBEDTLS_RSA_C - scripts/config.py unset MBEDTLS_DHM_C - # Direct dependencies of ECP - scripts/config.py unset MBEDTLS_ECDH_C - scripts/config.py unset MBEDTLS_ECDSA_C - scripts/config.py unset MBEDTLS_ECJPAKE_C - scripts/config.py unset MBEDTLS_ECP_RESTARTABLE - # Disable what auto-enables ECP_LIGHT - scripts/config.py unset MBEDTLS_PK_PARSE_EC_EXTENDED - scripts/config.py unset MBEDTLS_PK_PARSE_EC_COMPRESSED - # Indirect dependencies of ECP - scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED - scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED - scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED - scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED - scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED - scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED - scripts/config.py unset MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED - scripts/config.py unset MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED - # Direct dependencies of DHM - scripts/config.py unset MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED - # Direct dependencies of RSA - scripts/config.py unset MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED - scripts/config.py unset MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED - scripts/config.py unset MBEDTLS_KEY_EXCHANGE_RSA_ENABLED - scripts/config.py unset MBEDTLS_X509_RSASSA_PSS_SUPPORT - # PK and its dependencies - scripts/config.py unset MBEDTLS_PK_C - scripts/config.py unset MBEDTLS_PK_PARSE_C - scripts/config.py unset MBEDTLS_PK_WRITE_C - scripts/config.py unset MBEDTLS_X509_USE_C - scripts/config.py unset MBEDTLS_X509_CRT_PARSE_C - scripts/config.py unset MBEDTLS_X509_CRL_PARSE_C - scripts/config.py unset MBEDTLS_X509_CSR_PARSE_C - scripts/config.py unset MBEDTLS_X509_CREATE_C - scripts/config.py unset MBEDTLS_X509_CRT_WRITE_C - scripts/config.py unset MBEDTLS_X509_CSR_WRITE_C - scripts/config.py unset MBEDTLS_PKCS7_C - scripts/config.py unset MBEDTLS_SSL_SERVER_NAME_INDICATION - scripts/config.py unset MBEDTLS_SSL_ASYNC_PRIVATE - scripts/config.py unset MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK - - make - - msg "test: full minus bignum" - make test -} - component_test_tls1_2_default_stream_cipher_only () { msg "build: default with only stream cipher use psa" From cd33cd6abf23e916228859a586ce356e603edb43 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Mon, 27 May 2024 08:14:27 +0200 Subject: [PATCH 351/429] test_when_no_ciphersuites_have_mac: Fix logs Signed-off-by: Ronald Cron --- tests/scripts/all.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 81c2e06f6c..35778f0446 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -4382,10 +4382,10 @@ component_test_when_no_ciphersuites_have_mac () { scripts/config.py unset MBEDTLS_CMAC_C make - msg "test: !MBEDTLS_SSL_SOME_MODES_USE_MAC" + msg "test: !MBEDTLS_SSL_SOME_SUITES_USE_MAC" make test - msg "test ssl-opt.sh: !MBEDTLS_SSL_SOME_MODES_USE_MAC" + msg "test ssl-opt.sh: !MBEDTLS_SSL_SOME_SUITES_USE_MAC" tests/ssl-opt.sh -f 'Default\|EtM' -e 'without EtM' } From 0417a2c746babed0d4606e13cc7e26b50b15d137 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Fri, 24 May 2024 14:22:11 +0200 Subject: [PATCH 352/429] Adapt component_test_when_no_ciphersuites_have_mac Signed-off-by: Ronald Cron --- tests/scripts/all.sh | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 35778f0446..1ea70ff5fb 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -4377,9 +4377,16 @@ component_test_ssl_alloc_buffer_and_mfl () { component_test_when_no_ciphersuites_have_mac () { msg "build: when no ciphersuites have MAC" + scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG + scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CBC_NO_PADDING + scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CBC_PKCS7 + scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CMAC + scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128 + scripts/config.py unset MBEDTLS_CIPHER_NULL_CIPHER scripts/config.py unset MBEDTLS_CIPHER_MODE_CBC scripts/config.py unset MBEDTLS_CMAC_C + make msg "test: !MBEDTLS_SSL_SOME_SUITES_USE_MAC" From 390dba6a8fa9e25b839678bba36c9c44323caf09 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Wed, 19 Jun 2024 13:47:44 +0200 Subject: [PATCH 353/429] Update framework submodule to the merge of PR22 Signed-off-by: Ronald Cron --- framework | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/framework b/framework index b332327b5e..04847216ab 160000 --- a/framework +++ b/framework @@ -1 +1 @@ -Subproject commit b332327b5e139a664bf9af1f8d7f42dbd44091f8 +Subproject commit 04847216ab964b9bdce41f1e61ccc6d8f5d2a139 From 19efa3d0168ee5a3dfee6e6a99c307a714b39331 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Tue, 18 Jun 2024 14:40:27 +0200 Subject: [PATCH 354/429] changelog: add changelog Signed-off-by: Valerio Setti --- ChangeLog.d/9126.txt | 5 +++++ 1 file changed, 5 insertions(+) create mode 100644 ChangeLog.d/9126.txt diff --git a/ChangeLog.d/9126.txt b/ChangeLog.d/9126.txt new file mode 100644 index 0000000000..22939df86f --- /dev/null +++ b/ChangeLog.d/9126.txt @@ -0,0 +1,5 @@ +Default behavior changes + * In a PSA-client-only build (i.e. MBEDTLS_PSA_CRYPTO_CLIENT && + !MBEDTLS_PSA_CRYPTO_C), do not automatically enable local crypto when the + corresponding PSA mechanism is enabled, since the server provides the + crypto. Fixes #9126. From 9ba9c21c616e9dee97885cea78dc3d685fe2c872 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 23 May 2024 15:03:43 +0200 Subject: [PATCH 355/429] Recognize that a double-inclusion guard is not a config setting Fix PSA_CRYPTO_CONFIG_H being treated as a configuration setting in include/psa/crypto_config.h. Signed-off-by: Gilles Peskine --- scripts/config.py | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/scripts/config.py b/scripts/config.py index c53f9e7fe2..8704bdb51e 100755 --- a/scripts/config.py +++ b/scripts/config.py @@ -396,6 +396,7 @@ class ConfigFile(Config): self.default_path) super().__init__() self.filename = filename + self.inclusion_guard = None self.current_section = 'header' with open(filename, 'r', encoding='utf-8') as file: self.templates = [self._parse_line(line) for line in file] @@ -413,9 +414,11 @@ class ConfigFile(Config): r'(?P(?:\((?:\w|\s|,)*\))?)' + r'(?P\s*)' + r'(?P.*)') + _ifndef_line_regexp = r'#ifndef (?P\w+)' _section_line_regexp = (r'\s*/?\*+\s*[\\@]name\s+SECTION:\s*' + r'(?P
.*)[ */]*') _config_line_regexp = re.compile(r'|'.join([_define_line_regexp, + _ifndef_line_regexp, _section_line_regexp])) def _parse_line(self, line): """Parse a line in mbedtls_config.h and return the corresponding template.""" @@ -426,10 +429,16 @@ class ConfigFile(Config): elif m.group('section'): self.current_section = m.group('section') return line + elif m.group('inclusion_guard') and self.inclusion_guard is None: + self.inclusion_guard = m.group('inclusion_guard') + return line else: active = not m.group('commented_out') name = m.group('name') value = m.group('value') + if name == self.inclusion_guard and value == '': + # The file double-inclusion guard is not an option. + return line template = (name, m.group('indentation'), m.group('define') + name + From b0aa75e7cc8f9d3bff828d827240dce1ef9273fe Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 23 May 2024 16:38:07 +0200 Subject: [PATCH 356/429] Clean up generated files enumeration Avoid having to list multiple generation scripts on the same line. No intended semantic change. Signed-off-by: Gilles Peskine --- tests/Makefile | 20 +++++++++++++++----- 1 file changed, 15 insertions(+), 5 deletions(-) diff --git a/tests/Makefile b/tests/Makefile index d1d5ed9721..dcbd066a33 100644 --- a/tests/Makefile +++ b/tests/Makefile @@ -17,7 +17,6 @@ ifdef RECORD_PSA_STATUS_COVERAGE_LOG LOCAL_CFLAGS += -Werror -DRECORD_PSA_STATUS_COVERAGE_LOG endif -.PHONY: generated_files GENERATED_BIGNUM_DATA_FILES := $(patsubst tests/%,%,$(shell \ $(PYTHON) ../framework/scripts/generate_bignum_tests.py --list || \ echo FAILED \ @@ -25,6 +24,8 @@ GENERATED_BIGNUM_DATA_FILES := $(patsubst tests/%,%,$(shell \ ifeq ($(GENERATED_BIGNUM_DATA_FILES),FAILED) $(error "$(PYTHON) ../framework/scripts/generate_bignum_tests.py --list" failed) endif +GENERATED_DATA_FILES += $(GENERATED_BIGNUM_DATA_FILES) + GENERATED_ECP_DATA_FILES := $(patsubst tests/%,%,$(shell \ $(PYTHON) ../framework/scripts/generate_ecp_tests.py --list || \ echo FAILED \ @@ -32,6 +33,8 @@ GENERATED_ECP_DATA_FILES := $(patsubst tests/%,%,$(shell \ ifeq ($(GENERATED_ECP_DATA_FILES),FAILED) $(error "$(PYTHON) ../framework/scripts/generate_ecp_tests.py --list" failed) endif +GENERATED_DATA_FILES += $(GENERATED_ECP_DATA_FILES) + GENERATED_PSA_DATA_FILES := $(patsubst tests/%,%,$(shell \ $(PYTHON) ../framework/scripts/generate_psa_tests.py --list || \ echo FAILED \ @@ -39,8 +42,13 @@ GENERATED_PSA_DATA_FILES := $(patsubst tests/%,%,$(shell \ ifeq ($(GENERATED_PSA_DATA_FILES),FAILED) $(error "$(PYTHON) ../framework/scripts/generate_psa_tests.py --list" failed) endif -GENERATED_FILES := $(GENERATED_PSA_DATA_FILES) $(GENERATED_ECP_DATA_FILES) $(GENERATED_BIGNUM_DATA_FILES) -generated_files: $(GENERATED_FILES) src/test_keys.h src/test_certs.h +GENERATED_DATA_FILES += $(GENERATED_PSA_DATA_FILES) + +GENERATED_FILES = $(GENERATED_DATA_FILES) +GENERATED_FILES += src/test_keys.h src/test_certs.h + +.PHONY: generated_files +generated_files: $(GENERATED_FILES) # generate_bignum_tests.py and generate_psa_tests.py spend more time analyzing # inputs than generating outputs. Its inputs are the same no matter which files @@ -48,7 +56,6 @@ generated_files: $(GENERATED_FILES) src/test_keys.h src/test_certs.h # It's rare not to want all the outputs. So always generate all of its outputs. # Use an intermediate phony dependency so that parallel builds don't run # a separate instance of the recipe for each output file. -.SECONDARY: generated_bignum_test_data generated_ecp_test_data generated_psa_test_data $(GENERATED_BIGNUM_DATA_FILES): $(gen_file_dep) generated_bignum_test_data generated_bignum_test_data: ../framework/scripts/generate_bignum_tests.py generated_bignum_test_data: ../framework/scripts/mbedtls_framework/bignum_common.py @@ -60,6 +67,7 @@ generated_bignum_test_data: ../framework/scripts/mbedtls_framework/test_data_gen generated_bignum_test_data: echo " Gen $(GENERATED_BIGNUM_DATA_FILES)" $(PYTHON) ../framework/scripts/generate_bignum_tests.py +.SECONDARY: generated_bignum_test_data $(GENERATED_ECP_DATA_FILES): $(gen_file_dep) generated_ecp_test_data generated_ecp_test_data: ../framework/scripts/generate_ecp_tests.py @@ -70,6 +78,7 @@ generated_ecp_test_data: ../framework/scripts/mbedtls_framework/test_data_genera generated_ecp_test_data: echo " Gen $(GENERATED_ECP_DATA_FILES)" $(PYTHON) ../framework/scripts/generate_ecp_tests.py +.SECONDARY: generated_ecp_test_data $(GENERATED_PSA_DATA_FILES): $(gen_file_dep) generated_psa_test_data generated_psa_test_data: ../framework/scripts/generate_psa_tests.py @@ -92,6 +101,7 @@ generated_psa_test_data: suites/test_suite_psa_crypto_metadata.data generated_psa_test_data: echo " Gen $(GENERATED_PSA_DATA_FILES) ..." $(PYTHON) ../framework/scripts/generate_psa_tests.py +.SECONDARY: generated_psa_test_data # A test application is built for each suites/test_suite_*.data file. # Application name is same as .data file's base name and can be @@ -99,7 +109,7 @@ generated_psa_test_data: DATA_FILES := $(wildcard suites/test_suite_*.data) # Make sure that generated data files are included even if they don't # exist yet when the makefile is parsed. -DATA_FILES += $(filter-out $(DATA_FILES),$(GENERATED_FILES)) +DATA_FILES += $(filter-out $(DATA_FILES),$(GENERATED_DATA_FILES)) APPS = $(basename $(subst suites/,,$(DATA_FILES))) # Construct executable name by adding OS specific suffix $(EXEXT). From ada30fe650407c3fee80adde3cfe2801ec4b3e2e Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 23 May 2024 15:50:44 +0200 Subject: [PATCH 357/429] New test suite to report configuration options Add a test suite intended to report configuration options in the outcome file: we're only interested in SKIP vs PASS. Add a few test cases for some interesting combinations of options. The selection here is just for illustration purposes, more will be added later. A subsequent commit will automatically generate test cases for single options. Signed-off-by: Gilles Peskine --- .../test_suite_config.crypto_combinations.data | 9 +++++++++ tests/suites/test_suite_config.function | 14 ++++++++++++++ .../suites/test_suite_config.psa_combinations.data | 9 +++++++++ .../suites/test_suite_config.tls_combinations.data | 9 +++++++++ 4 files changed, 41 insertions(+) create mode 100644 tests/suites/test_suite_config.crypto_combinations.data create mode 100644 tests/suites/test_suite_config.function create mode 100644 tests/suites/test_suite_config.psa_combinations.data create mode 100644 tests/suites/test_suite_config.tls_combinations.data diff --git a/tests/suites/test_suite_config.crypto_combinations.data b/tests/suites/test_suite_config.crypto_combinations.data new file mode 100644 index 0000000000..d3287d266a --- /dev/null +++ b/tests/suites/test_suite_config.crypto_combinations.data @@ -0,0 +1,9 @@ +# Interesting combinations of low-level crypto options + +Config: ECC: Weierstrass curves only +depends_on:MBEDTLS_ECP_SHORT_WEIERSTRASS_ENABLED:!MBEDTLS_ECP_MONTGOMERY_ENABLED +pass: + +Config: ECC: Montgomery curves only +depends_on:!MBEDTLS_ECP_SHORT_WEIERSTRASS_ENABLED:MBEDTLS_ECP_MONTGOMERY_ENABLED +pass: diff --git a/tests/suites/test_suite_config.function b/tests/suites/test_suite_config.function new file mode 100644 index 0000000000..9e9dd01990 --- /dev/null +++ b/tests/suites/test_suite_config.function @@ -0,0 +1,14 @@ +/* BEGIN_HEADER */ + +/* END_HEADER */ + +/* BEGIN_CASE */ +/* This test case always passes. It is intended solely for configuration + * reporting in the outcome file. Write test cases using this function + * with dependencies to record in which configurations the dependencies + * are met. */ +void pass() +{ + goto exit; +} +/* END_CASE */ diff --git a/tests/suites/test_suite_config.psa_combinations.data b/tests/suites/test_suite_config.psa_combinations.data new file mode 100644 index 0000000000..1035af2487 --- /dev/null +++ b/tests/suites/test_suite_config.psa_combinations.data @@ -0,0 +1,9 @@ +# Interesting combinations of PSA options + +Config: PSA_WANT_ALG_ECDSA without PSA_WANT_ALG_DETERMINISTIC_ECDSA +depends_on:PSA_WANT_ALG_ECDSA:!PSA_WANT_ALG_DETERMINISTIC_ECDSA +pass: + +Config: PSA_WANT_ALG_DETERMINSTIC_ECDSA without PSA_WANT_ALG_ECDSA +depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:!PSA_WANT_ALG_ECDSA +pass: diff --git a/tests/suites/test_suite_config.tls_combinations.data b/tests/suites/test_suite_config.tls_combinations.data new file mode 100644 index 0000000000..cbc57d6cd3 --- /dev/null +++ b/tests/suites/test_suite_config.tls_combinations.data @@ -0,0 +1,9 @@ +# Interesting combinations of TLS options + +Config: TLS 1.2 without TLS 1.3 +depends_on:MBEDTLS_SSL_PROTO_TLS1_2:!MBEDTLS_SSL_PROTO_TLS1_3 +pass: + +Config: TLS 1.3 without TLS 1.2 +depends_on:MBEDTLS_SSL_PROTO_TLS1_3:!MBEDTLS_SSL_PROTO_TLS1_2 +pass: From e154e6fe51ab4245561e26934059fba3da924f99 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 23 May 2024 16:31:22 +0200 Subject: [PATCH 358/429] Generate config test cases for single options Generate option-on and option-off cases for test_suite_config, for all boolean options (MBEDTLS_xxx and PSA_WANT_xxx, collected from the mbedtls and PSA config files). Signed-off-by: Gilles Peskine --- framework | 2 +- scripts/make_generated_files.bat | 1 + tests/.gitignore | 2 ++ tests/CMakeLists.txt | 31 ++++++++++++++++++++++++++ tests/Makefile | 25 +++++++++++++++++++++ tests/scripts/check-generated-files.sh | 1 + 6 files changed, 61 insertions(+), 1 deletion(-) diff --git a/framework b/framework index 04847216ab..1893bfb1ee 160000 --- a/framework +++ b/framework @@ -1 +1 @@ -Subproject commit 04847216ab964b9bdce41f1e61ccc6d8f5d2a139 +Subproject commit 1893bfb1ee4b1d971db38bf3ea1f8005fe3c8d9a diff --git a/scripts/make_generated_files.bat b/scripts/make_generated_files.bat index f04f6b72a9..b03bce2ade 100644 --- a/scripts/make_generated_files.bat +++ b/scripts/make_generated_files.bat @@ -11,6 +11,7 @@ python scripts\generate_ssl_debug_helpers.py || exit /b 1 perl scripts\generate_visualc_files.pl || exit /b 1 python scripts\generate_psa_constants.py || exit /b 1 python framework\scripts\generate_bignum_tests.py || exit /b 1 +python framework\scripts\generate_config_tests.py || exit /b 1 python framework\scripts\generate_ecp_tests.py || exit /b 1 python framework\scripts\generate_psa_tests.py || exit /b 1 python framework\scripts\generate_test_keys.py --output tests\src\test_keys.h || exit /b 1 diff --git a/tests/.gitignore b/tests/.gitignore index 838ea699fc..635dd6257d 100644 --- a/tests/.gitignore +++ b/tests/.gitignore @@ -19,6 +19,8 @@ libtestdriver1/* ###START_GENERATED_FILES### # Generated source files /suites/*.generated.data +suites/test_suite_config.mbedtls_boolean.data +suites/test_suite_config.psa_boolean.data /suites/test_suite_psa_crypto_storage_format.v[0-9]*.data /suites/test_suite_psa_crypto_storage_format.current.data /src/test_keys.h diff --git a/tests/CMakeLists.txt b/tests/CMakeLists.txt index 62be14e533..060a928ab7 100644 --- a/tests/CMakeLists.txt +++ b/tests/CMakeLists.txt @@ -30,6 +30,18 @@ execute_process( string(REGEX REPLACE "[^;]*/" "" base_bignum_generated_data_files "${base_bignum_generated_data_files}") +execute_process( + COMMAND + ${MBEDTLS_PYTHON_EXECUTABLE} + ${CMAKE_CURRENT_SOURCE_DIR}/../framework/scripts/generate_config_tests.py + --list-for-cmake + WORKING_DIRECTORY + ${CMAKE_CURRENT_SOURCE_DIR}/.. + OUTPUT_VARIABLE + base_config_generated_data_files) +string(REGEX REPLACE "[^;]*/" "" + base_config_generated_data_files "${base_config_generated_data_files}") + execute_process( COMMAND ${MBEDTLS_PYTHON_EXECUTABLE} @@ -61,11 +73,15 @@ set(base_generated_data_files string(REGEX REPLACE "([^;]+)" "suites/\\1" all_generated_data_files "${base_generated_data_files}") set(bignum_generated_data_files "") +set(config_generated_data_files "") set(ecp_generated_data_files "") set(psa_generated_data_files "") foreach(file ${base_bignum_generated_data_files}) list(APPEND bignum_generated_data_files ${CMAKE_CURRENT_BINARY_DIR}/suites/${file}) endforeach() +foreach(file ${base_config_generated_data_files}) + list(APPEND config_generated_data_files ${CMAKE_CURRENT_BINARY_DIR}/suites/${file}) +endforeach() foreach(file ${base_ecp_generated_data_files}) list(APPEND ecp_generated_data_files ${CMAKE_CURRENT_BINARY_DIR}/suites/${file}) endforeach() @@ -92,6 +108,21 @@ if(GEN_FILES) ${CMAKE_CURRENT_SOURCE_DIR}/../framework/scripts/mbedtls_framework/test_case.py ${CMAKE_CURRENT_SOURCE_DIR}/../framework/scripts/mbedtls_framework/test_data_generation.py ) + add_custom_command( + OUTPUT + ${config_generated_data_files} + WORKING_DIRECTORY + ${CMAKE_CURRENT_SOURCE_DIR}/.. + COMMAND + ${MBEDTLS_PYTHON_EXECUTABLE} + ${CMAKE_CURRENT_SOURCE_DIR}/../framework/scripts/generate_config_tests.py + --directory ${CMAKE_CURRENT_BINARY_DIR}/suites + DEPENDS + ${CMAKE_CURRENT_SOURCE_DIR}/../framework/scripts/generate_config_tests.py + # Do not declare the configuration files as dependencies: they + # change too often in ways that don't affect the result + # ((un)commenting some options). + ) add_custom_command( OUTPUT ${ecp_generated_data_files} diff --git a/tests/Makefile b/tests/Makefile index dcbd066a33..b5637f37d3 100644 --- a/tests/Makefile +++ b/tests/Makefile @@ -26,6 +26,15 @@ $(error "$(PYTHON) ../framework/scripts/generate_bignum_tests.py --list" failed) endif GENERATED_DATA_FILES += $(GENERATED_BIGNUM_DATA_FILES) +GENERATED_CONFIG_DATA_FILES := $(patsubst tests/%,%,$(shell \ + $(PYTHON) ../framework/scripts/generate_config_tests.py --list || \ + echo FAILED \ +)) +ifeq ($(GENERATED_CONFIG_DATA_FILES),FAILED) +$(error "$(PYTHON) ../framework/scripts/generate_config_tests.py --list" failed) +endif +GENERATED_DATA_FILES += $(GENERATED_CONFIG_DATA_FILES) + GENERATED_ECP_DATA_FILES := $(patsubst tests/%,%,$(shell \ $(PYTHON) ../framework/scripts/generate_ecp_tests.py --list || \ echo FAILED \ @@ -69,6 +78,22 @@ generated_bignum_test_data: $(PYTHON) ../framework/scripts/generate_bignum_tests.py .SECONDARY: generated_bignum_test_data +# We deliberately omit the configuration files (mbedtls_config.h, +# crypto_config.h) from the depenency list because during development +# and on the CI, we often edit those in a way that doesn't change the +# output, to comment out certain options, or even to remove certain +# lines which do affect the output negatively (it will miss the +# corresponding test cases). +$(GENERATED_CONFIG_DATA_FILES): $(gen_file_dep) generated_config_test_data +generated_config_test_data: ../framework/scripts/generate_config_tests.py +generated_config_test_data: ../scripts/config.py +generated_config_test_data: ../framework/scripts/mbedtls_framework/test_case.py +generated_config_test_data: ../framework/scripts/mbedtls_framework/test_data_generation.py +generated_config_test_data: + echo " Gen $(GENERATED_CONFIG_DATA_FILES)" + $(PYTHON) ../framework/scripts/generate_config_tests.py +.SECONDARY: generated_config_test_data + $(GENERATED_ECP_DATA_FILES): $(gen_file_dep) generated_ecp_test_data generated_ecp_test_data: ../framework/scripts/generate_ecp_tests.py generated_ecp_test_data: ../framework/scripts/mbedtls_framework/bignum_common.py diff --git a/tests/scripts/check-generated-files.sh b/tests/scripts/check-generated-files.sh index e740f33865..09c850af7a 100755 --- a/tests/scripts/check-generated-files.sh +++ b/tests/scripts/check-generated-files.sh @@ -129,6 +129,7 @@ check() # These checks are common to Mbed TLS and TF-PSA-Crypto check scripts/generate_psa_constants.py programs/psa/psa_constant_names_generated.c check framework/scripts/generate_bignum_tests.py $(framework/scripts/generate_bignum_tests.py --list) +check framework/scripts/generate_config_tests.py $(framework/scripts/generate_config_tests.py --list) check framework/scripts/generate_ecp_tests.py $(framework/scripts/generate_ecp_tests.py --list) check framework/scripts/generate_psa_tests.py $(framework/scripts/generate_psa_tests.py --list) check framework/scripts/generate_test_keys.py tests/src/test_keys.h From a7469d3e8ce8f454b2141fd0e6d4705f4e95f6c2 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 24 May 2024 09:18:25 +0200 Subject: [PATCH 359/429] Driver vs referenee: ignore relevant configuration differences The driver-vs-reference checks compare test results in different configurations. Ignore the test results that report differences in configurations that were the point of the comparison. Do compare other configuration reports: this will let us know if the configurations diverge in an unexpected way. Signed-off-by: Gilles Peskine --- tests/scripts/analyze_outcomes.py | 60 ++++++++++++++++++++++++++++--- 1 file changed, 56 insertions(+), 4 deletions(-) diff --git a/tests/scripts/analyze_outcomes.py b/tests/scripts/analyze_outcomes.py index eb2469495e..f8147d1dc1 100755 --- a/tests/scripts/analyze_outcomes.py +++ b/tests/scripts/analyze_outcomes.py @@ -160,10 +160,10 @@ def analyze_driver_vs_reference(results: Results, outcomes: Outcomes, # don't issue an error if they're skipped with drivers, # but issue an error if they're not (means we have a bad entry). ignored = False - if full_test_suite in ignored_tests: - for str_or_re in ignored_tests[full_test_suite]: - if name_matches_pattern(test_string, str_or_re): - ignored = True + for str_or_re in (ignored_tests.get(full_test_suite, []) + + ignored_tests.get(test_suite, [])): + if name_matches_pattern(test_string, str_or_re): + ignored = True if not ignored and not suite_case in driver_outcomes.successes: results.error("PASS -> SKIP/FAIL: {}", suite_case) @@ -242,6 +242,9 @@ KNOWN_TASKS = { 'psa_crypto_low_hash.generated', # testing the builtins ], 'ignored_tests': { + 'test_suite_config': [ + re.compile(r'.*\bMBEDTLS_(MD5|RIPEMD160|SHA[0-9]+)_.*'), + ], 'test_suite_platform': [ # Incompatible with sanitizers (e.g. ASan). If the driver # component uses a sanitizer but the reference component @@ -265,6 +268,10 @@ KNOWN_TASKS = { 'psa_crypto_low_hash.generated', ], 'ignored_tests': { + 'test_suite_config': [ + re.compile(r'.*\bMBEDTLS_(MD5|RIPEMD160|SHA[0-9]+)_.*'), + re.compile(r'.*\bMBEDTLS_MD_C\b') + ], 'test_suite_md': [ # Builtin HMAC is not supported in the accelerate component. re.compile('.*HMAC.*'), @@ -304,6 +311,12 @@ KNOWN_TASKS = { 'cipher', ], 'ignored_tests': { + 'test_suite_config': [ + re.compile(r'.*\bMBEDTLS_(AES|ARIA|CAMELLIA|CHACHA20|DES)_.*'), + re.compile(r'.*\bMBEDTLS_(CCM|CHACHAPOLY|CMAC|GCM)_.*'), + re.compile(r'.*\bMBEDTLS_AES(\w+)_C\b.*'), + re.compile(r'.*\bMBEDTLS_CIPHER_.*'), + ], # PEM decryption is not supported so far. # The rest of PEM (write, unencrypted read) works though. 'test_suite_pem': [ @@ -357,6 +370,9 @@ KNOWN_TASKS = { 'ecdsa', 'ecdh', 'ecjpake', ], 'ignored_tests': { + 'test_suite_config': [ + re.compile(r'.*\bMBEDTLS_(ECDH|ECDSA|ECJPAKE|ECP)_.*'), + ], 'test_suite_platform': [ # Incompatible with sanitizers (e.g. ASan). If the driver # component uses a sanitizer but the reference component @@ -397,6 +413,10 @@ KNOWN_TASKS = { 'ecp', 'ecdsa', 'ecdh', 'ecjpake', ], 'ignored_tests': { + 'test_suite_config': [ + re.compile(r'.*\bMBEDTLS_(ECDH|ECDSA|ECJPAKE|ECP)_.*'), + re.compile(r'.*\bMBEDTLS_PK_PARSE_EC_COMPRESSED\b.*'), + ], 'test_suite_platform': [ # Incompatible with sanitizers (e.g. ASan). If the driver # component uses a sanitizer but the reference component @@ -436,6 +456,11 @@ KNOWN_TASKS = { 'bignum.generated', 'bignum.misc', ], 'ignored_tests': { + 'test_suite_config': [ + re.compile(r'.*\bMBEDTLS_BIGNUM_C\b.*'), + re.compile(r'.*\bMBEDTLS_(ECDH|ECDSA|ECJPAKE|ECP)_.*'), + re.compile(r'.*\bMBEDTLS_PK_PARSE_EC_COMPRESSED\b.*'), + ], 'test_suite_platform': [ # Incompatible with sanitizers (e.g. ASan). If the driver # component uses a sanitizer but the reference component @@ -485,6 +510,13 @@ KNOWN_TASKS = { # provide), even with MBEDTLS_USE_PSA_CRYPTO. re.compile(r'PSK callback:.*\bdhe-psk\b.*'), ], + 'test_suite_config': [ + re.compile(r'.*\bMBEDTLS_BIGNUM_C\b.*'), + re.compile(r'.*\bMBEDTLS_DHM_C\b.*'), + re.compile(r'.*\bMBEDTLS_(ECDH|ECDSA|ECJPAKE|ECP)_.*'), + re.compile(r'.*\bMBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED\b.*'), + re.compile(r'.*\bMBEDTLS_PK_PARSE_EC_COMPRESSED\b.*'), + ], 'test_suite_platform': [ # Incompatible with sanitizers (e.g. ASan). If the driver # component uses a sanitizer but the reference component @@ -523,6 +555,9 @@ KNOWN_TASKS = { 'component_driver': 'test_psa_crypto_config_accel_ffdh', 'ignored_suites': ['dhm'], 'ignored_tests': { + 'test_suite_config': [ + re.compile(r'.*\bMBEDTLS_DHM_C\b.*'), + ], 'test_suite_platform': [ # Incompatible with sanitizers (e.g. ASan). If the driver # component uses a sanitizer but the reference component @@ -545,6 +580,15 @@ KNOWN_TASKS = { 'bignum.generated', 'bignum.misc', ], 'ignored_tests': { + 'test_suite_config': [ + re.compile(r'.*\bMBEDTLS_BIGNUM_C\b.*'), + re.compile(r'.*\bMBEDTLS_(ASN1\w+)_C\b.*'), + re.compile(r'.*\bMBEDTLS_(ECDH|ECDSA|ECP)_.*'), + re.compile(r'.*\bMBEDTLS_PSA_P256M_DRIVER_ENABLED\b.*') + ], + 'test_suite_config.crypto_combinations': [ + 'Config: ECC: Weierstrass curves only', + ], 'test_suite_platform': [ # Incompatible with sanitizers (e.g. ASan). If the driver # component uses a sanitizer but the reference component @@ -570,6 +614,10 @@ KNOWN_TASKS = { 'pk', 'pkwrite', 'pkparse' ], 'ignored_tests': { + 'test_suite_config': [ + re.compile(r'.*\bMBEDTLS_(PKCS1|RSA)_.*'), + re.compile(r'.*\bMBEDTLS_GENPRIME\b.*') + ], 'test_suite_platform': [ # Incompatible with sanitizers (e.g. ASan). If the driver # component uses a sanitizer but the reference component @@ -611,6 +659,10 @@ KNOWN_TASKS = { 'cipher.camellia', ], 'ignored_tests': { + 'test_suite_config': [ + re.compile(r'.*\bMBEDTLS_(AES|ARIA|CAMELLIA)_.*'), + re.compile(r'.*\bMBEDTLS_AES(\w+)_C\b.*'), + ], 'test_suite_cmac': [ # Following tests require AES_C/ARIA_C/CAMELLIA_C to be enabled, # but these are not available in the accelerated component. From 863705838407fcee5544919390c2980215f5f204 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 28 May 2024 18:54:55 +0200 Subject: [PATCH 360/429] Anchor relative paths Signed-off-by: Gilles Peskine --- tests/.gitignore | 22 +++++++++++----------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/tests/.gitignore b/tests/.gitignore index 635dd6257d..870fa79808 100644 --- a/tests/.gitignore +++ b/tests/.gitignore @@ -3,24 +3,24 @@ *.log /test_suite* -data_files/mpi_write -data_files/hmac_drbg_seed -data_files/ctr_drbg_seed -data_files/entropy_seed +/data_files/mpi_write +/data_files/hmac_drbg_seed +/data_files/ctr_drbg_seed +/data_files/entropy_seed -include/alt-extra/psa/crypto_platform_alt.h -include/alt-extra/psa/crypto_struct_alt.h -include/test/instrument_record_status.h +/include/alt-extra/psa/crypto_platform_alt.h +/include/alt-extra/psa/crypto_struct_alt.h +/include/test/instrument_record_status.h -src/libmbed* +/src/libmbed* -libtestdriver1/* +/libtestdriver1/* ###START_GENERATED_FILES### # Generated source files /suites/*.generated.data -suites/test_suite_config.mbedtls_boolean.data -suites/test_suite_config.psa_boolean.data +/suites/test_suite_config.mbedtls_boolean.data +/suites/test_suite_config.psa_boolean.data /suites/test_suite_psa_crypto_storage_format.v[0-9]*.data /suites/test_suite_psa_crypto_storage_format.current.data /src/test_keys.h From ef822c16563ff0477cb13a6d305cde418d89e48e Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 28 May 2024 19:07:24 +0200 Subject: [PATCH 361/429] Add some missing handling for generated test_suite_config.*.data Fixes the files not being generated in the build tree. Signed-off-by: Gilles Peskine --- tests/CMakeLists.txt | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/tests/CMakeLists.txt b/tests/CMakeLists.txt index 060a928ab7..213578d370 100644 --- a/tests/CMakeLists.txt +++ b/tests/CMakeLists.txt @@ -173,6 +173,7 @@ endif() # With this line, only 4 sub-makefiles include the above command, that reduces # the risk of a race. add_custom_target(test_suite_bignum_generated_data DEPENDS ${bignum_generated_data_files}) +add_custom_target(test_suite_config_generated_data DEPENDS ${config_generated_data_files}) add_custom_target(test_suite_ecp_generated_data DEPENDS ${ecp_generated_data_files}) add_custom_target(test_suite_psa_generated_data DEPENDS ${psa_generated_data_files}) # If SKIP_TEST_SUITES is not defined with -D, get it from the environment. @@ -230,6 +231,10 @@ function(add_test_suite suite_name) set(data_file ${CMAKE_CURRENT_BINARY_DIR}/suites/test_suite_${data_name}.data) set(dependency test_suite_bignum_generated_data) + elseif(";${config_generated_data_names};" MATCHES ";${data_name};") + set(data_file + ${CMAKE_CURRENT_BINARY_DIR}/suites/test_suite_${data_name}.data) + set(dependency test_suite_bignum_generated_data) elseif(";${ecp_generated_data_names};" MATCHES ";${data_name};") set(data_file ${CMAKE_CURRENT_BINARY_DIR}/suites/test_suite_${data_name}.data) @@ -241,7 +246,11 @@ function(add_test_suite suite_name) else() set(data_file ${CMAKE_CURRENT_SOURCE_DIR}/suites/test_suite_${data_name}.data) - set(dependency test_suite_bignum_generated_data test_suite_ecp_generated_data test_suite_psa_generated_data) + set(dependency + test_suite_bignum_generated_data + test_suite_config_generated_data + test_suite_ecp_generated_data + test_suite_psa_generated_data) endif() add_custom_command( From 7f900690e08524a478e56f8b2f5646050bb925b0 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 12 Jun 2024 17:53:06 +0200 Subject: [PATCH 362/429] Update generate_config_tests.py Signed-off-by: Gilles Peskine --- framework | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/framework b/framework index 1893bfb1ee..558804797e 160000 --- a/framework +++ b/framework @@ -1 +1 @@ -Subproject commit 1893bfb1ee4b1d971db38bf3ea1f8005fe3c8d9a +Subproject commit 558804797e617af23957bbe94a5e74af8ae83e38 From 1b6fb219e9c26474f7d77b27a0caa4e4220b4e58 Mon Sep 17 00:00:00 2001 From: Elena Uziunaite Date: Fri, 10 May 2024 16:17:41 +0100 Subject: [PATCH 363/429] Replace MBEDTLS_MD_CAN_RIPEMD160 with PSA_WANT_ALG_RIPEMD160 Signed-off-by: Elena Uziunaite --- library/md.c | 8 ++-- library/oid.c | 6 +-- library/x509.c | 2 +- tests/suites/test_suite_md.data | 72 ++++++++++++++++---------------- tests/suites/test_suite_oid.data | 4 +- tests/suites/test_suite_rsa.data | 4 +- 6 files changed, 48 insertions(+), 48 deletions(-) diff --git a/library/md.c b/library/md.c index c95846aa04..dc25acb6f7 100644 --- a/library/md.c +++ b/library/md.c @@ -76,7 +76,7 @@ static const mbedtls_md_info_t mbedtls_md5_info = { }; #endif -#if defined(MBEDTLS_MD_CAN_RIPEMD160) +#if defined(PSA_WANT_ALG_RIPEMD160) static const mbedtls_md_info_t mbedtls_ripemd160_info = { MD_INFO(MBEDTLS_MD_RIPEMD160, 20, 64) }; @@ -143,7 +143,7 @@ const mbedtls_md_info_t *mbedtls_md_info_from_type(mbedtls_md_type_t md_type) case MBEDTLS_MD_MD5: return &mbedtls_md5_info; #endif -#if defined(MBEDTLS_MD_CAN_RIPEMD160) +#if defined(PSA_WANT_ALG_RIPEMD160) case MBEDTLS_MD_RIPEMD160: return &mbedtls_ripemd160_info; #endif @@ -800,7 +800,7 @@ static const int supported_digests[] = { MBEDTLS_MD_SHA1, #endif -#if defined(MBEDTLS_MD_CAN_RIPEMD160) +#if defined(PSA_WANT_ALG_RIPEMD160) MBEDTLS_MD_RIPEMD160, #endif @@ -841,7 +841,7 @@ static const md_name_entry md_names[] = { #if defined(MBEDTLS_MD_CAN_MD5) { "MD5", MBEDTLS_MD_MD5 }, #endif -#if defined(MBEDTLS_MD_CAN_RIPEMD160) +#if defined(PSA_WANT_ALG_RIPEMD160) { "RIPEMD160", MBEDTLS_MD_RIPEMD160 }, #endif #if defined(MBEDTLS_MD_CAN_SHA1) diff --git a/library/oid.c b/library/oid.c index 1d6b1eb866..e01e0e1ae4 100644 --- a/library/oid.c +++ b/library/oid.c @@ -755,7 +755,7 @@ static const oid_md_alg_t oid_md_alg[] = MBEDTLS_MD_SHA512, }, #endif -#if defined(MBEDTLS_MD_CAN_RIPEMD160) +#if defined(PSA_WANT_ALG_RIPEMD160) { OID_DESCRIPTOR(MBEDTLS_OID_DIGEST_ALG_RIPEMD160, "id-ripemd160", "RIPEMD-160"), MBEDTLS_MD_RIPEMD160, @@ -863,12 +863,12 @@ static const oid_md_hmac_t oid_md_hmac[] = MBEDTLS_MD_SHA3_512, }, #endif /* MBEDTLS_MD_CAN_SHA3_512 */ -#if defined(MBEDTLS_MD_CAN_RIPEMD160) +#if defined(PSA_WANT_ALG_RIPEMD160) { OID_DESCRIPTOR(MBEDTLS_OID_HMAC_RIPEMD160, "hmacRIPEMD160", "HMAC-RIPEMD160"), MBEDTLS_MD_RIPEMD160, }, -#endif /* MBEDTLS_MD_CAN_RIPEMD160 */ +#endif /* PSA_WANT_ALG_RIPEMD160 */ { NULL_OID_DESCRIPTOR, MBEDTLS_MD_NONE, diff --git a/library/x509.c b/library/x509.c index f97fb44589..4493b87359 100644 --- a/library/x509.c +++ b/library/x509.c @@ -153,7 +153,7 @@ static inline const char *md_type_to_string(mbedtls_md_type_t md_alg) case MBEDTLS_MD_SHA512: return "SHA512"; #endif -#if defined(MBEDTLS_MD_CAN_RIPEMD160) +#if defined(PSA_WANT_ALG_RIPEMD160) case MBEDTLS_MD_RIPEMD160: return "RIPEMD160"; #endif diff --git a/tests/suites/test_suite_md.data b/tests/suites/test_suite_md.data index fb9b5effa0..8edb561917 100644 --- a/tests/suites/test_suite_md.data +++ b/tests/suites/test_suite_md.data @@ -13,7 +13,7 @@ depends_on:MBEDTLS_MD_CAN_MD5 md_info:MBEDTLS_MD_MD5:"MD5":16 Information on RIPEMD160 -depends_on:MBEDTLS_MD_CAN_RIPEMD160 +depends_on:PSA_WANT_ALG_RIPEMD160 md_info:MBEDTLS_MD_RIPEMD160:"RIPEMD160":20 Information on SHA1 @@ -81,35 +81,35 @@ depends_on:MBEDTLS_MD_CAN_MD5 md_text:MBEDTLS_MD_MD5:"12345678901234567890123456789012345678901234567890123456789012345678901234567890":"57edf4a22be3c955ac49da2e2107b67a" generic mbedtls_ripemd160 Test vector from paper #1 -depends_on:MBEDTLS_MD_CAN_RIPEMD160 +depends_on:PSA_WANT_ALG_RIPEMD160 md_text:MBEDTLS_MD_RIPEMD160:"":"9c1185a5c5e9fc54612808977ee8f548b2258d31" generic mbedtls_ripemd160 Test vector from paper #2 -depends_on:MBEDTLS_MD_CAN_RIPEMD160 +depends_on:PSA_WANT_ALG_RIPEMD160 md_text:MBEDTLS_MD_RIPEMD160:"a":"0bdc9d2d256b3ee9daae347be6f4dc835a467ffe" generic mbedtls_ripemd160 Test vector from paper #3 -depends_on:MBEDTLS_MD_CAN_RIPEMD160 +depends_on:PSA_WANT_ALG_RIPEMD160 md_text:MBEDTLS_MD_RIPEMD160:"abc":"8eb208f7e05d987a9b044a8e98c6b087f15a0bfc" generic mbedtls_ripemd160 Test vector from paper #4 -depends_on:MBEDTLS_MD_CAN_RIPEMD160 +depends_on:PSA_WANT_ALG_RIPEMD160 md_text:MBEDTLS_MD_RIPEMD160:"message digest":"5d0689ef49d2fae572b881b123a85ffa21595f36" generic mbedtls_ripemd160 Test vector from paper #5 -depends_on:MBEDTLS_MD_CAN_RIPEMD160 +depends_on:PSA_WANT_ALG_RIPEMD160 md_text:MBEDTLS_MD_RIPEMD160:"abcdefghijklmnopqrstuvwxyz":"f71c27109c692c1b56bbdceb5b9d2865b3708dbc" generic mbedtls_ripemd160 Test vector from paper #6 -depends_on:MBEDTLS_MD_CAN_RIPEMD160 +depends_on:PSA_WANT_ALG_RIPEMD160 md_text:MBEDTLS_MD_RIPEMD160:"abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq":"12a053384a9c0c88e405a06c27dcf49ada62eb2b" generic mbedtls_ripemd160 Test vector from paper #7 -depends_on:MBEDTLS_MD_CAN_RIPEMD160 +depends_on:PSA_WANT_ALG_RIPEMD160 md_text:MBEDTLS_MD_RIPEMD160:"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789":"b0e20b6e3116640286ed3a87a5713079b21f5189" generic mbedtls_ripemd160 Test vector from paper #8 -depends_on:MBEDTLS_MD_CAN_RIPEMD160 +depends_on:PSA_WANT_ALG_RIPEMD160 md_text:MBEDTLS_MD_RIPEMD160:"12345678901234567890123456789012345678901234567890123456789012345678901234567890":"9b752e45573d4b39f4dbd3323cab82bf63326bfb" generic mbedtls_sha3 SHA3-224 Test vector from CAVS 19.0 with Len = 8 @@ -173,31 +173,31 @@ depends_on:MBEDTLS_MD_CAN_MD5 mbedtls_md_hmac:MBEDTLS_MD_MD5:16:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":"54657374205573696e67204c6172676572205468616e20426c6f636b2d53697a65204b657920616e64204c6172676572205468616e204f6e6520426c6f636b2d53697a652044617461":"6f630fad67cda0ee1fb1f562db3aa53e" generic HMAC-RIPEMD160 Test vector RFC 2286 #1 -depends_on:MBEDTLS_MD_CAN_RIPEMD160 +depends_on:PSA_WANT_ALG_RIPEMD160 mbedtls_md_hmac:MBEDTLS_MD_RIPEMD160:20:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"4869205468657265":"24cb4bd67d20fc1a5d2ed7732dcc39377f0a5668" generic HMAC-RIPEMD160 Test vector RFC 2286 #2 -depends_on:MBEDTLS_MD_CAN_RIPEMD160 +depends_on:PSA_WANT_ALG_RIPEMD160 mbedtls_md_hmac:MBEDTLS_MD_RIPEMD160:20:"4a656665":"7768617420646f2079612077616e7420666f72206e6f7468696e673f":"dda6c0213a485a9e24f4742064a7f033b43c4069" generic HMAC-RIPEMD160 Test vector RFC 2286 #3 -depends_on:MBEDTLS_MD_CAN_RIPEMD160 +depends_on:PSA_WANT_ALG_RIPEMD160 mbedtls_md_hmac:MBEDTLS_MD_RIPEMD160:20:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":"dddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddd":"b0b105360de759960ab4f35298e116e295d8e7c1" generic HMAC-RIPEMD160 Test vector RFC 2286 #4 -depends_on:MBEDTLS_MD_CAN_RIPEMD160 +depends_on:PSA_WANT_ALG_RIPEMD160 mbedtls_md_hmac:MBEDTLS_MD_RIPEMD160:20:"0102030405060708090a0b0c0d0e0f10111213141516171819":"cdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcd":"d5ca862f4d21d5e610e18b4cf1beb97a4365ecf4" generic HMAC-RIPEMD160 Test vector RFC 2286 #5 -depends_on:MBEDTLS_MD_CAN_RIPEMD160 +depends_on:PSA_WANT_ALG_RIPEMD160 mbedtls_md_hmac:MBEDTLS_MD_RIPEMD160:20:"0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c":"546573742057697468205472756e636174696f6e":"7619693978f91d90539ae786500ff3d8e0518e39" generic HMAC-RIPEMD160 Test vector RFC 2286 #6 -depends_on:MBEDTLS_MD_CAN_RIPEMD160 +depends_on:PSA_WANT_ALG_RIPEMD160 mbedtls_md_hmac:MBEDTLS_MD_RIPEMD160:20:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":"54657374205573696e67204c6172676572205468616e20426c6f636b2d53697a65204b6579202d2048617368204b6579204669727374":"6466ca07ac5eac29e1bd523e5ada7605b791fd8b" generic HMAC-RIPEMD160 Test vector RFC 2286 #7 -depends_on:MBEDTLS_MD_CAN_RIPEMD160 +depends_on:PSA_WANT_ALG_RIPEMD160 mbedtls_md_hmac:MBEDTLS_MD_RIPEMD160:20:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":"54657374205573696e67204c6172676572205468616e20426c6f636b2d53697a65204b657920616e64204c6172676572205468616e204f6e6520426c6f636b2d53697a652044617461":"69ea60798d71616cce5fd0871e23754cd75d5a0a" generic multi step mbedtls_md5 Test vector RFC1321 #1 @@ -229,35 +229,35 @@ depends_on:MBEDTLS_MD_CAN_MD5 md_text_multi:MBEDTLS_MD_MD5:"12345678901234567890123456789012345678901234567890123456789012345678901234567890":"57edf4a22be3c955ac49da2e2107b67a" generic multi step mbedtls_ripemd160 Test vector from paper #1 -depends_on:MBEDTLS_MD_CAN_RIPEMD160 +depends_on:PSA_WANT_ALG_RIPEMD160 md_text_multi:MBEDTLS_MD_RIPEMD160:"":"9c1185a5c5e9fc54612808977ee8f548b2258d31" generic multi step mbedtls_ripemd160 Test vector from paper #2 -depends_on:MBEDTLS_MD_CAN_RIPEMD160 +depends_on:PSA_WANT_ALG_RIPEMD160 md_text_multi:MBEDTLS_MD_RIPEMD160:"a":"0bdc9d2d256b3ee9daae347be6f4dc835a467ffe" generic multi step mbedtls_ripemd160 Test vector from paper #3 -depends_on:MBEDTLS_MD_CAN_RIPEMD160 +depends_on:PSA_WANT_ALG_RIPEMD160 md_text_multi:MBEDTLS_MD_RIPEMD160:"abc":"8eb208f7e05d987a9b044a8e98c6b087f15a0bfc" generic multi step mbedtls_ripemd160 Test vector from paper #4 -depends_on:MBEDTLS_MD_CAN_RIPEMD160 +depends_on:PSA_WANT_ALG_RIPEMD160 md_text_multi:MBEDTLS_MD_RIPEMD160:"message digest":"5d0689ef49d2fae572b881b123a85ffa21595f36" generic multi step mbedtls_ripemd160 Test vector from paper #5 -depends_on:MBEDTLS_MD_CAN_RIPEMD160 +depends_on:PSA_WANT_ALG_RIPEMD160 md_text_multi:MBEDTLS_MD_RIPEMD160:"abcdefghijklmnopqrstuvwxyz":"f71c27109c692c1b56bbdceb5b9d2865b3708dbc" generic multi step mbedtls_ripemd160 Test vector from paper #6 -depends_on:MBEDTLS_MD_CAN_RIPEMD160 +depends_on:PSA_WANT_ALG_RIPEMD160 md_text_multi:MBEDTLS_MD_RIPEMD160:"abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq":"12a053384a9c0c88e405a06c27dcf49ada62eb2b" generic multi step mbedtls_ripemd160 Test vector from paper #7 -depends_on:MBEDTLS_MD_CAN_RIPEMD160 +depends_on:PSA_WANT_ALG_RIPEMD160 md_text_multi:MBEDTLS_MD_RIPEMD160:"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789":"b0e20b6e3116640286ed3a87a5713079b21f5189" generic multi step mbedtls_ripemd160 Test vector from paper #8 -depends_on:MBEDTLS_MD_CAN_RIPEMD160 +depends_on:PSA_WANT_ALG_RIPEMD160 md_text_multi:MBEDTLS_MD_RIPEMD160:"12345678901234567890123456789012345678901234567890123456789012345678901234567890":"9b752e45573d4b39f4dbd3323cab82bf63326bfb" generic multi step mbedtls_sha3 SHA3-224 Test vector from CAVS 19.0 with Len = 48 @@ -317,31 +317,31 @@ depends_on:MBEDTLS_MD_CAN_MD5 md_hmac_multi:MBEDTLS_MD_MD5:16:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":"54657374205573696e67204c6172676572205468616e20426c6f636b2d53697a65204b657920616e64204c6172676572205468616e204f6e6520426c6f636b2d53697a652044617461":"6f630fad67cda0ee1fb1f562db3aa53e" generic multi step HMAC-RIPEMD160 Test vector RFC 2286 #1 -depends_on:MBEDTLS_MD_CAN_RIPEMD160 +depends_on:PSA_WANT_ALG_RIPEMD160 md_hmac_multi:MBEDTLS_MD_RIPEMD160:20:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"4869205468657265":"24cb4bd67d20fc1a5d2ed7732dcc39377f0a5668" generic multi step HMAC-RIPEMD160 Test vector RFC 2286 #2 -depends_on:MBEDTLS_MD_CAN_RIPEMD160 +depends_on:PSA_WANT_ALG_RIPEMD160 md_hmac_multi:MBEDTLS_MD_RIPEMD160:20:"4a656665":"7768617420646f2079612077616e7420666f72206e6f7468696e673f":"dda6c0213a485a9e24f4742064a7f033b43c4069" generic multi step HMAC-RIPEMD160 Test vector RFC 2286 #3 -depends_on:MBEDTLS_MD_CAN_RIPEMD160 +depends_on:PSA_WANT_ALG_RIPEMD160 md_hmac_multi:MBEDTLS_MD_RIPEMD160:20:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":"dddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddd":"b0b105360de759960ab4f35298e116e295d8e7c1" generic multi step HMAC-RIPEMD160 Test vector RFC 2286 #4 -depends_on:MBEDTLS_MD_CAN_RIPEMD160 +depends_on:PSA_WANT_ALG_RIPEMD160 md_hmac_multi:MBEDTLS_MD_RIPEMD160:20:"0102030405060708090a0b0c0d0e0f10111213141516171819":"cdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcd":"d5ca862f4d21d5e610e18b4cf1beb97a4365ecf4" generic multi step HMAC-RIPEMD160 Test vector RFC 2286 #5 -depends_on:MBEDTLS_MD_CAN_RIPEMD160 +depends_on:PSA_WANT_ALG_RIPEMD160 md_hmac_multi:MBEDTLS_MD_RIPEMD160:20:"0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c":"546573742057697468205472756e636174696f6e":"7619693978f91d90539ae786500ff3d8e0518e39" generic multi step HMAC-RIPEMD160 Test vector RFC 2286 #6 -depends_on:MBEDTLS_MD_CAN_RIPEMD160 +depends_on:PSA_WANT_ALG_RIPEMD160 md_hmac_multi:MBEDTLS_MD_RIPEMD160:20:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":"54657374205573696e67204c6172676572205468616e20426c6f636b2d53697a65204b6579202d2048617368204b6579204669727374":"6466ca07ac5eac29e1bd523e5ada7605b791fd8b" generic multi step HMAC-RIPEMD160 Test vector RFC 2286 #7 -depends_on:MBEDTLS_MD_CAN_RIPEMD160 +depends_on:PSA_WANT_ALG_RIPEMD160 md_hmac_multi:MBEDTLS_MD_RIPEMD160:20:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":"54657374205573696e67204c6172676572205468616e20426c6f636b2d53697a65204b657920616e64204c6172676572205468616e204f6e6520426c6f636b2d53697a652044617461":"69ea60798d71616cce5fd0871e23754cd75d5a0a" generic MD5 Hash file #1 @@ -361,23 +361,23 @@ depends_on:MBEDTLS_MD_CAN_MD5 mbedtls_md_file:MBEDTLS_MD_MD5:"data_files/hash_file_4":"d41d8cd98f00b204e9800998ecf8427e" generic RIPEMD160 Hash file #0 (from paper) -depends_on:MBEDTLS_MD_CAN_RIPEMD160 +depends_on:PSA_WANT_ALG_RIPEMD160 mbedtls_md_file:MBEDTLS_MD_RIPEMD160:"data_files/hash_file_5":"52783243c1697bdbe16d37f97f68f08325dc1528" generic RIPEMD160 Hash file #1 -depends_on:MBEDTLS_MD_CAN_RIPEMD160 +depends_on:PSA_WANT_ALG_RIPEMD160 mbedtls_md_file:MBEDTLS_MD_RIPEMD160:"data_files/hash_file_1":"82f1d072f0ec0c2b353703a7b575a04c113af1a6" generic RIPEMD160 Hash file #2 -depends_on:MBEDTLS_MD_CAN_RIPEMD160 +depends_on:PSA_WANT_ALG_RIPEMD160 mbedtls_md_file:MBEDTLS_MD_RIPEMD160:"data_files/hash_file_2":"996fbc8b79206ba7393ebcd246584069b1c08f0f" generic RIPEMD160 Hash file #3 -depends_on:MBEDTLS_MD_CAN_RIPEMD160 +depends_on:PSA_WANT_ALG_RIPEMD160 mbedtls_md_file:MBEDTLS_MD_RIPEMD160:"data_files/hash_file_3":"8653b46d65998fa8c8846efa17937e742533ae48" generic RIPEMD160 Hash file #4 -depends_on:MBEDTLS_MD_CAN_RIPEMD160 +depends_on:PSA_WANT_ALG_RIPEMD160 mbedtls_md_file:MBEDTLS_MD_RIPEMD160:"data_files/hash_file_4":"9c1185a5c5e9fc54612808977ee8f548b2258d31" generic HMAC-SHA-1 Test Vector FIPS-198a #1 diff --git a/tests/suites/test_suite_oid.data b/tests/suites/test_suite_oid.data index f8f1d43aa1..b532736b4b 100644 --- a/tests/suites/test_suite_oid.data +++ b/tests/suites/test_suite_oid.data @@ -99,7 +99,7 @@ depends_on:MBEDTLS_MD_CAN_SHA3_512 oid_get_md_alg_id:"60864801650304020a":MBEDTLS_MD_SHA3_512 OID hash id - id-ripemd160 -depends_on:MBEDTLS_MD_CAN_RIPEMD160 +depends_on:PSA_WANT_ALG_RIPEMD160 oid_get_md_alg_id:"2b24030201":MBEDTLS_MD_RIPEMD160 OID hash id - invalid oid @@ -203,7 +203,7 @@ OID from numeric string - OID with overflowing subidentifier oid_from_numeric_string:"2.4294967216":MBEDTLS_ERR_ASN1_INVALID_DATA:"" mbedtls_oid_get_md_hmac - RIPEMD160 -depends_on:MBEDTLS_MD_CAN_RIPEMD160 +depends_on:PSA_WANT_ALG_RIPEMD160 mbedtls_oid_get_md_hmac:"2B06010505080104":MBEDTLS_MD_RIPEMD160 mbedtls_oid_get_md_hmac - SHA1 diff --git a/tests/suites/test_suite_rsa.data b/tests/suites/test_suite_rsa.data index b52c7dc8a8..209602ba9f 100644 --- a/tests/suites/test_suite_rsa.data +++ b/tests/suites/test_suite_rsa.data @@ -249,11 +249,11 @@ depends_on:MBEDTLS_PKCS1_V15 mbedtls_rsa_pkcs1_verify:"59779fd2a39e56640c4fc1e67b60aeffcecd78aed7ad2bdfa464e93d04198d48466b8da7445f25bfa19db2844edd5c8f539cf772cc132b483169d390db28a43bc4ee0f038f6568ffc87447746cb72fefac2d6d90ee3143a915ac4688028805905a68eb8f8a96674b093c495eddd8704461eaa2b345efbb2ad6930acd8023f870":MBEDTLS_RSA_PKCS_V15:255:2048:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":"3":"3bcf673c3b27f6e2ece4bb97c7a37161e6c6ee7419ef366efc3cfee0f15f415ff6d9d4390937386c6fec1771acba73f24ec6b0469ea8b88083f0b4e1b6069d7bf286e67cf94182a548663137e82a6e09c35de2c27779da0503f1f5bedfebadf2a875f17763a0564df4a6d945a5a3e46bc90fb692af3a55106aafc6b577587456ff8d49cfd5c299d7a2b776dbe4c1ae777b0f64aa3bab27689af32d6cc76157c7dc6900a3469e18a7d9b6bfe4951d1105a08864575e4f4ec05b3e053f9b7a2d5653ae085e50a63380d6bdd6f58ab378d7e0a2be708c559849891317089ab04c82d8bc589ea088b90b11dea5cf85856ff7e609cc1adb1d403beead4c126ff29021":MBEDTLS_ERR_RSA_BAD_INPUT_DATA RSA PKCS1 Sign #10 (RIPEMD160, 2048 bits RSA) -depends_on:MBEDTLS_MD_CAN_RIPEMD160:MBEDTLS_PKCS1_V15 +depends_on:PSA_WANT_ALG_RIPEMD160:MBEDTLS_PKCS1_V15 mbedtls_rsa_pkcs1_sign:"8eb208f7e05d987a9b044a8e98c6b087f15a0bfc":MBEDTLS_RSA_PKCS_V15:MBEDTLS_MD_RIPEMD160:2048:"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":"3":"aa2d9f88334d61bed74317ba549b1463600a9219801240cca5c11b9cdda29373172a28151313fb2cf73bb68af167e4ec645b6f065028802afbcfbc10e6c2c824e3c4d50c7181193b93734832170f0c5d3dd9ba5808f0e2a5c16b3d0df90defefef8e8fde5906962d42a2f0d62d7f81977f367f436f10c8b1183ccf6676953f7219445938f725d0cb62efbabf092de531642863b381e2694f2bf544ff6a4fefa7b37cdbf6292dbedcacf6e57d6f206ce5df0fd2771f9f64818f59a0ab7a5f003b368dc3eb51ab9409a0ec4e43f45281ee9a560664de88965ab207e256303d9dcb8233ed6ad0a5ad7f81e2f8c7a196dc81e2c8b6dde8a77fb6cfd1e5477ece9df8":0 RSA PKCS1 Verify #10 (RIPEMD160, 2048 bits RSA) -depends_on:MBEDTLS_MD_CAN_RIPEMD160:MBEDTLS_PKCS1_V15 +depends_on:PSA_WANT_ALG_RIPEMD160:MBEDTLS_PKCS1_V15 mbedtls_rsa_pkcs1_verify:"8eb208f7e05d987a9b044a8e98c6b087f15a0bfc":MBEDTLS_RSA_PKCS_V15:MBEDTLS_MD_RIPEMD160:2048:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":"3":"aa2d9f88334d61bed74317ba549b1463600a9219801240cca5c11b9cdda29373172a28151313fb2cf73bb68af167e4ec645b6f065028802afbcfbc10e6c2c824e3c4d50c7181193b93734832170f0c5d3dd9ba5808f0e2a5c16b3d0df90defefef8e8fde5906962d42a2f0d62d7f81977f367f436f10c8b1183ccf6676953f7219445938f725d0cb62efbabf092de531642863b381e2694f2bf544ff6a4fefa7b37cdbf6292dbedcacf6e57d6f206ce5df0fd2771f9f64818f59a0ab7a5f003b368dc3eb51ab9409a0ec4e43f45281ee9a560664de88965ab207e256303d9dcb8233ed6ad0a5ad7f81e2f8c7a196dc81e2c8b6dde8a77fb6cfd1e5477ece9df8":0 RSA PKCS1 Encrypt #1 From 6a758fc7a137eef91185270a16b4e79357478e54 Mon Sep 17 00:00:00 2001 From: Thomas Daubney Date: Thu, 20 Jun 2024 16:43:20 +0100 Subject: [PATCH 364/429] Add guarding to aes_maybe_realign Signed-off-by: Thomas Daubney --- library/aes.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/library/aes.c b/library/aes.c index aaea70b169..203db0dcd7 100644 --- a/library/aes.c +++ b/library/aes.c @@ -981,6 +981,7 @@ int mbedtls_internal_aes_decrypt(mbedtls_aes_context *ctx, */ MBEDTLS_MAYBE_UNUSED static void aes_maybe_realign(mbedtls_aes_context *ctx) { +#if defined(MAY_NEED_TO_ALIGN) unsigned new_offset = mbedtls_aes_rk_offset(ctx->buf); if (new_offset != ctx->rk_offset) { memmove(ctx->buf + new_offset, // new address @@ -988,6 +989,8 @@ MBEDTLS_MAYBE_UNUSED static void aes_maybe_realign(mbedtls_aes_context *ctx) (ctx->nr + 1) * 16); // number of round keys * bytes per rk ctx->rk_offset = new_offset; } +#endif /* MAY_NEED_TO_ALIGN */ + (void) ctx; } /* From 0d915a90eabfbdfc51c2974f497e283234c57a3f Mon Sep 17 00:00:00 2001 From: Thomas Daubney Date: Thu, 20 Jun 2024 16:45:51 +0100 Subject: [PATCH 365/429] Remove final references to padlock Signed-off-by: Thomas Daubney --- include/mbedtls/error.h | 1 - scripts/generate_errors.pl | 2 +- 2 files changed, 1 insertion(+), 2 deletions(-) diff --git a/include/mbedtls/error.h b/include/mbedtls/error.h index 186589ac5b..d101dee3ae 100644 --- a/include/mbedtls/error.h +++ b/include/mbedtls/error.h @@ -45,7 +45,6 @@ * CAMELLIA 3 0x0024-0x0026 0x0027-0x0027 * BASE64 2 0x002A-0x002C * OID 1 0x002E-0x002E 0x000B-0x000B - * PADLOCK 1 0x0030-0x0030 * DES 2 0x0032-0x0032 0x0033-0x0033 * CTR_DBRG 4 0x0034-0x003A * ENTROPY 3 0x003C-0x0040 0x003D-0x003F diff --git a/scripts/generate_errors.pl b/scripts/generate_errors.pl index 0134c94f07..b3acb0e6c3 100755 --- a/scripts/generate_errors.pl +++ b/scripts/generate_errors.pl @@ -36,7 +36,7 @@ my $error_format_file = $data_dir.'/error.fmt'; my @low_level_modules = qw( AES ARIA ASN1 BASE64 BIGNUM CAMELLIA CCM CHACHA20 CHACHAPOLY CMAC CTR_DRBG DES ENTROPY ERROR GCM HKDF HMAC_DRBG LMS MD5 - NET OID PADLOCK PBKDF2 PLATFORM POLY1305 RIPEMD160 + NET OID PBKDF2 PLATFORM POLY1305 RIPEMD160 SHA1 SHA256 SHA512 SHA3 THREADING ); my @high_level_modules = qw( CIPHER DHM ECP MD PEM PK PKCS12 PKCS5 From baace2f7ba9d83dd2a4065f856033ada03d935b9 Mon Sep 17 00:00:00 2001 From: Tom Cosgrove Date: Fri, 21 Jun 2024 10:38:49 +0100 Subject: [PATCH 366/429] psasim: add support for psa_generate_random() Signed-off-by: Tom Cosgrove --- .../psasim/src/psa_functions_codes.h | 1 + .../psasim/src/psa_sim_crypto_client.c | 63 +++++++++++++++ .../psasim/src/psa_sim_crypto_server.c | 78 +++++++++++++++++++ .../psasim/src/psa_sim_generate.pl | 27 +++++++ 4 files changed, 169 insertions(+) diff --git a/tests/psa-client-server/psasim/src/psa_functions_codes.h b/tests/psa-client-server/psasim/src/psa_functions_codes.h index c68b416096..dd926d7137 100644 --- a/tests/psa-client-server/psasim/src/psa_functions_codes.h +++ b/tests/psa-client-server/psasim/src/psa_functions_codes.h @@ -25,6 +25,7 @@ enum { PSA_AEAD_UPDATE_AD, PSA_AEAD_VERIFY, PSA_DESTROY_KEY, + PSA_GENERATE_RANDOM, PSA_GET_KEY_ATTRIBUTES, PSA_HASH_ABORT, PSA_HASH_CLONE, diff --git a/tests/psa-client-server/psasim/src/psa_sim_crypto_client.c b/tests/psa-client-server/psasim/src/psa_sim_crypto_client.c index 758e9b2ec6..377b2369cf 100644 --- a/tests/psa-client-server/psasim/src/psa_sim_crypto_client.c +++ b/tests/psa-client-server/psasim/src/psa_sim_crypto_client.c @@ -1191,6 +1191,69 @@ fail: } +psa_status_t psa_generate_random( + uint8_t *output, size_t output_size + ) +{ + uint8_t *params = NULL; + uint8_t *result = NULL; + size_t result_length; + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + + size_t needed = psasim_serialise_begin_needs() + + psasim_serialise_buffer_needs(output, output_size); + + params = malloc(needed); + if (params == NULL) { + status = PSA_ERROR_INSUFFICIENT_MEMORY; + goto fail; + } + + uint8_t *pos = params; + size_t remaining = needed; + int ok; + ok = psasim_serialise_begin(&pos, &remaining); + if (!ok) { + goto fail; + } + ok = psasim_serialise_buffer(&pos, &remaining, output, output_size); + if (!ok) { + goto fail; + } + + ok = psa_crypto_call(PSA_GENERATE_RANDOM, + params, (size_t) (pos - params), &result, &result_length); + if (!ok) { + printf("PSA_GENERATE_RANDOM server call failed\n"); + goto fail; + } + + uint8_t *rpos = result; + size_t rremain = result_length; + + ok = psasim_deserialise_begin(&rpos, &rremain); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_psa_status_t(&rpos, &rremain, &status); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_return_buffer(&rpos, &rremain, output, output_size); + if (!ok) { + goto fail; + } + +fail: + free(params); + free(result); + + return status; +} + + psa_status_t psa_get_key_attributes( mbedtls_svc_key_id_t key, psa_key_attributes_t *attributes diff --git a/tests/psa-client-server/psasim/src/psa_sim_crypto_server.c b/tests/psa-client-server/psasim/src/psa_sim_crypto_server.c index 30d4b26dc8..0a84010f73 100644 --- a/tests/psa-client-server/psasim/src/psa_sim_crypto_server.c +++ b/tests/psa-client-server/psasim/src/psa_sim_crypto_server.c @@ -1324,6 +1324,80 @@ fail: return 0; // This shouldn't happen! } +// Returns 1 for success, 0 for failure +int psa_generate_random_wrapper( + uint8_t *in_params, size_t in_params_len, + uint8_t **out_params, size_t *out_params_len) +{ + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + uint8_t *output = NULL; + size_t output_size; + + uint8_t *pos = in_params; + size_t remaining = in_params_len; + uint8_t *result = NULL; + int ok; + + ok = psasim_deserialise_begin(&pos, &remaining); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_buffer(&pos, &remaining, &output, &output_size); + if (!ok) { + goto fail; + } + + // Now we call the actual target function + + status = psa_generate_random( + output, output_size + ); + + // NOTE: Should really check there is no overflow as we go along. + size_t result_size = + psasim_serialise_begin_needs() + + psasim_serialise_psa_status_t_needs(status) + + psasim_serialise_buffer_needs(output, output_size); + + result = malloc(result_size); + if (result == NULL) { + goto fail; + } + + uint8_t *rpos = result; + size_t rremain = result_size; + + ok = psasim_serialise_begin(&rpos, &rremain); + if (!ok) { + goto fail; + } + + ok = psasim_serialise_psa_status_t(&rpos, &rremain, status); + if (!ok) { + goto fail; + } + + ok = psasim_serialise_buffer(&rpos, &rremain, output, output_size); + if (!ok) { + goto fail; + } + + *out_params = result; + *out_params_len = result_size; + + free(output); + + return 1; // success + +fail: + free(result); + + free(output); + + return 0; // This shouldn't happen! +} + // Returns 1 for success, 0 for failure int psa_get_key_attributes_wrapper( uint8_t *in_params, size_t in_params_len, @@ -2252,6 +2326,10 @@ psa_status_t psa_crypto_call(psa_msg_t msg) ok = psa_destroy_key_wrapper(in_params, in_params_len, &out_params, &out_params_len); break; + case PSA_GENERATE_RANDOM: + ok = psa_generate_random_wrapper(in_params, in_params_len, + &out_params, &out_params_len); + break; case PSA_GET_KEY_ATTRIBUTES: ok = psa_get_key_attributes_wrapper(in_params, in_params_len, &out_params, &out_params_len); diff --git a/tests/psa-client-server/psasim/src/psa_sim_generate.pl b/tests/psa-client-server/psasim/src/psa_sim_generate.pl index 43de1db5e0..b2a59b20f1 100755 --- a/tests/psa-client-server/psasim/src/psa_sim_generate.pl +++ b/tests/psa-client-server/psasim/src/psa_sim_generate.pl @@ -2371,3 +2371,30 @@ psa_status_t psa_get_key_attributes(mbedtls_svc_key_id_t key, * results in this error code. */ psa_status_t psa_destroy_key(mbedtls_svc_key_id_t key); + +/** + * \brief Generate random bytes. + * + * \warning This function **can** fail! Callers MUST check the return status + * and MUST NOT use the content of the output buffer if the return + * status is not #PSA_SUCCESS. + * + * \note To generate a key, use psa_generate_key() instead. + * + * \param[out] output Output buffer for the generated data. + * \param output_size Number of bytes to generate and output. + * + * \retval #PSA_SUCCESS \emptydescription + * \retval #PSA_ERROR_NOT_SUPPORTED \emptydescription + * \retval #PSA_ERROR_INSUFFICIENT_ENTROPY \emptydescription + * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription + * \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription + * \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription + * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription + * \retval #PSA_ERROR_BAD_STATE + * The library has not been previously initialized by psa_crypto_init(). + * It is implementation-dependent whether a failure to initialize + * results in this error code. + */ +psa_status_t psa_generate_random(uint8_t *output, + size_t output_size); From 853ca0cdb0e072fbf3552c70937c2e48e50e2448 Mon Sep 17 00:00:00 2001 From: Tom Cosgrove Date: Fri, 21 Jun 2024 10:41:56 +0100 Subject: [PATCH 367/429] psasim: add support for psa_mac_xxx() functions Signed-off-by: Tom Cosgrove --- .../psasim/src/psa_functions_codes.h | 8 + .../psasim/src/psa_sim_crypto_client.c | 604 +++++++++++++++ .../psasim/src/psa_sim_crypto_server.c | 732 ++++++++++++++++++ .../psasim/src/psa_sim_generate.pl | 404 ++++++++++ .../psasim/src/psa_sim_serialise.c | 133 ++++ .../psasim/src/psa_sim_serialise.h | 84 ++ .../psasim/src/psa_sim_serialise.pl | 1 + 7 files changed, 1966 insertions(+) diff --git a/tests/psa-client-server/psasim/src/psa_functions_codes.h b/tests/psa-client-server/psasim/src/psa_functions_codes.h index dd926d7137..44ebf678f4 100644 --- a/tests/psa-client-server/psasim/src/psa_functions_codes.h +++ b/tests/psa-client-server/psasim/src/psa_functions_codes.h @@ -36,6 +36,14 @@ enum { PSA_HASH_UPDATE, PSA_HASH_VERIFY, PSA_IMPORT_KEY, + PSA_MAC_ABORT, + PSA_MAC_COMPUTE, + PSA_MAC_SIGN_FINISH, + PSA_MAC_SIGN_SETUP, + PSA_MAC_UPDATE, + PSA_MAC_VERIFY, + PSA_MAC_VERIFY_FINISH, + PSA_MAC_VERIFY_SETUP, }; #endif /* _PSA_FUNCTIONS_CODES_H_ */ diff --git a/tests/psa-client-server/psasim/src/psa_sim_crypto_client.c b/tests/psa-client-server/psasim/src/psa_sim_crypto_client.c index 377b2369cf..844c93951d 100644 --- a/tests/psa-client-server/psasim/src/psa_sim_crypto_client.c +++ b/tests/psa-client-server/psasim/src/psa_sim_crypto_client.c @@ -1976,3 +1976,607 @@ fail: return status; } + + +psa_status_t psa_mac_abort( + psa_mac_operation_t *operation + ) +{ + uint8_t *params = NULL; + uint8_t *result = NULL; + size_t result_length; + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + + size_t needed = psasim_serialise_begin_needs() + + psasim_serialise_psa_mac_operation_t_needs(*operation); + + params = malloc(needed); + if (params == NULL) { + status = PSA_ERROR_INSUFFICIENT_MEMORY; + goto fail; + } + + uint8_t *pos = params; + size_t remaining = needed; + int ok; + ok = psasim_serialise_begin(&pos, &remaining); + if (!ok) { + goto fail; + } + ok = psasim_serialise_psa_mac_operation_t(&pos, &remaining, *operation); + if (!ok) { + goto fail; + } + + ok = psa_crypto_call(PSA_MAC_ABORT, + params, (size_t) (pos - params), &result, &result_length); + if (!ok) { + printf("PSA_MAC_ABORT server call failed\n"); + goto fail; + } + + uint8_t *rpos = result; + size_t rremain = result_length; + + ok = psasim_deserialise_begin(&rpos, &rremain); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_psa_status_t(&rpos, &rremain, &status); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_psa_mac_operation_t(&rpos, &rremain, operation); + if (!ok) { + goto fail; + } + +fail: + free(params); + free(result); + + return status; +} + + +psa_status_t psa_mac_compute( + mbedtls_svc_key_id_t key, + psa_algorithm_t alg, + const uint8_t *input, size_t input_length, + uint8_t *mac, size_t mac_size, + size_t *mac_length + ) +{ + uint8_t *params = NULL; + uint8_t *result = NULL; + size_t result_length; + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + + size_t needed = psasim_serialise_begin_needs() + + psasim_serialise_mbedtls_svc_key_id_t_needs(key) + + psasim_serialise_psa_algorithm_t_needs(alg) + + psasim_serialise_buffer_needs(input, input_length) + + psasim_serialise_buffer_needs(mac, mac_size) + + psasim_serialise_size_t_needs(*mac_length); + + params = malloc(needed); + if (params == NULL) { + status = PSA_ERROR_INSUFFICIENT_MEMORY; + goto fail; + } + + uint8_t *pos = params; + size_t remaining = needed; + int ok; + ok = psasim_serialise_begin(&pos, &remaining); + if (!ok) { + goto fail; + } + ok = psasim_serialise_mbedtls_svc_key_id_t(&pos, &remaining, key); + if (!ok) { + goto fail; + } + ok = psasim_serialise_psa_algorithm_t(&pos, &remaining, alg); + if (!ok) { + goto fail; + } + ok = psasim_serialise_buffer(&pos, &remaining, input, input_length); + if (!ok) { + goto fail; + } + ok = psasim_serialise_buffer(&pos, &remaining, mac, mac_size); + if (!ok) { + goto fail; + } + ok = psasim_serialise_size_t(&pos, &remaining, *mac_length); + if (!ok) { + goto fail; + } + + ok = psa_crypto_call(PSA_MAC_COMPUTE, + params, (size_t) (pos - params), &result, &result_length); + if (!ok) { + printf("PSA_MAC_COMPUTE server call failed\n"); + goto fail; + } + + uint8_t *rpos = result; + size_t rremain = result_length; + + ok = psasim_deserialise_begin(&rpos, &rremain); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_psa_status_t(&rpos, &rremain, &status); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_return_buffer(&rpos, &rremain, mac, mac_size); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_size_t(&rpos, &rremain, mac_length); + if (!ok) { + goto fail; + } + +fail: + free(params); + free(result); + + return status; +} + + +psa_status_t psa_mac_sign_finish( + psa_mac_operation_t *operation, + uint8_t *mac, size_t mac_size, + size_t *mac_length + ) +{ + uint8_t *params = NULL; + uint8_t *result = NULL; + size_t result_length; + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + + size_t needed = psasim_serialise_begin_needs() + + psasim_serialise_psa_mac_operation_t_needs(*operation) + + psasim_serialise_buffer_needs(mac, mac_size) + + psasim_serialise_size_t_needs(*mac_length); + + params = malloc(needed); + if (params == NULL) { + status = PSA_ERROR_INSUFFICIENT_MEMORY; + goto fail; + } + + uint8_t *pos = params; + size_t remaining = needed; + int ok; + ok = psasim_serialise_begin(&pos, &remaining); + if (!ok) { + goto fail; + } + ok = psasim_serialise_psa_mac_operation_t(&pos, &remaining, *operation); + if (!ok) { + goto fail; + } + ok = psasim_serialise_buffer(&pos, &remaining, mac, mac_size); + if (!ok) { + goto fail; + } + ok = psasim_serialise_size_t(&pos, &remaining, *mac_length); + if (!ok) { + goto fail; + } + + ok = psa_crypto_call(PSA_MAC_SIGN_FINISH, + params, (size_t) (pos - params), &result, &result_length); + if (!ok) { + printf("PSA_MAC_SIGN_FINISH server call failed\n"); + goto fail; + } + + uint8_t *rpos = result; + size_t rremain = result_length; + + ok = psasim_deserialise_begin(&rpos, &rremain); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_psa_status_t(&rpos, &rremain, &status); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_psa_mac_operation_t(&rpos, &rremain, operation); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_return_buffer(&rpos, &rremain, mac, mac_size); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_size_t(&rpos, &rremain, mac_length); + if (!ok) { + goto fail; + } + +fail: + free(params); + free(result); + + return status; +} + + +psa_status_t psa_mac_sign_setup( + psa_mac_operation_t *operation, + mbedtls_svc_key_id_t key, + psa_algorithm_t alg + ) +{ + uint8_t *params = NULL; + uint8_t *result = NULL; + size_t result_length; + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + + size_t needed = psasim_serialise_begin_needs() + + psasim_serialise_psa_mac_operation_t_needs(*operation) + + psasim_serialise_mbedtls_svc_key_id_t_needs(key) + + psasim_serialise_psa_algorithm_t_needs(alg); + + params = malloc(needed); + if (params == NULL) { + status = PSA_ERROR_INSUFFICIENT_MEMORY; + goto fail; + } + + uint8_t *pos = params; + size_t remaining = needed; + int ok; + ok = psasim_serialise_begin(&pos, &remaining); + if (!ok) { + goto fail; + } + ok = psasim_serialise_psa_mac_operation_t(&pos, &remaining, *operation); + if (!ok) { + goto fail; + } + ok = psasim_serialise_mbedtls_svc_key_id_t(&pos, &remaining, key); + if (!ok) { + goto fail; + } + ok = psasim_serialise_psa_algorithm_t(&pos, &remaining, alg); + if (!ok) { + goto fail; + } + + ok = psa_crypto_call(PSA_MAC_SIGN_SETUP, + params, (size_t) (pos - params), &result, &result_length); + if (!ok) { + printf("PSA_MAC_SIGN_SETUP server call failed\n"); + goto fail; + } + + uint8_t *rpos = result; + size_t rremain = result_length; + + ok = psasim_deserialise_begin(&rpos, &rremain); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_psa_status_t(&rpos, &rremain, &status); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_psa_mac_operation_t(&rpos, &rremain, operation); + if (!ok) { + goto fail; + } + +fail: + free(params); + free(result); + + return status; +} + + +psa_status_t psa_mac_update( + psa_mac_operation_t *operation, + const uint8_t *input, size_t input_length + ) +{ + uint8_t *params = NULL; + uint8_t *result = NULL; + size_t result_length; + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + + size_t needed = psasim_serialise_begin_needs() + + psasim_serialise_psa_mac_operation_t_needs(*operation) + + psasim_serialise_buffer_needs(input, input_length); + + params = malloc(needed); + if (params == NULL) { + status = PSA_ERROR_INSUFFICIENT_MEMORY; + goto fail; + } + + uint8_t *pos = params; + size_t remaining = needed; + int ok; + ok = psasim_serialise_begin(&pos, &remaining); + if (!ok) { + goto fail; + } + ok = psasim_serialise_psa_mac_operation_t(&pos, &remaining, *operation); + if (!ok) { + goto fail; + } + ok = psasim_serialise_buffer(&pos, &remaining, input, input_length); + if (!ok) { + goto fail; + } + + ok = psa_crypto_call(PSA_MAC_UPDATE, + params, (size_t) (pos - params), &result, &result_length); + if (!ok) { + printf("PSA_MAC_UPDATE server call failed\n"); + goto fail; + } + + uint8_t *rpos = result; + size_t rremain = result_length; + + ok = psasim_deserialise_begin(&rpos, &rremain); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_psa_status_t(&rpos, &rremain, &status); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_psa_mac_operation_t(&rpos, &rremain, operation); + if (!ok) { + goto fail; + } + +fail: + free(params); + free(result); + + return status; +} + + +psa_status_t psa_mac_verify( + mbedtls_svc_key_id_t key, + psa_algorithm_t alg, + const uint8_t *input, size_t input_length, + const uint8_t *mac, size_t mac_length + ) +{ + uint8_t *params = NULL; + uint8_t *result = NULL; + size_t result_length; + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + + size_t needed = psasim_serialise_begin_needs() + + psasim_serialise_mbedtls_svc_key_id_t_needs(key) + + psasim_serialise_psa_algorithm_t_needs(alg) + + psasim_serialise_buffer_needs(input, input_length) + + psasim_serialise_buffer_needs(mac, mac_length); + + params = malloc(needed); + if (params == NULL) { + status = PSA_ERROR_INSUFFICIENT_MEMORY; + goto fail; + } + + uint8_t *pos = params; + size_t remaining = needed; + int ok; + ok = psasim_serialise_begin(&pos, &remaining); + if (!ok) { + goto fail; + } + ok = psasim_serialise_mbedtls_svc_key_id_t(&pos, &remaining, key); + if (!ok) { + goto fail; + } + ok = psasim_serialise_psa_algorithm_t(&pos, &remaining, alg); + if (!ok) { + goto fail; + } + ok = psasim_serialise_buffer(&pos, &remaining, input, input_length); + if (!ok) { + goto fail; + } + ok = psasim_serialise_buffer(&pos, &remaining, mac, mac_length); + if (!ok) { + goto fail; + } + + ok = psa_crypto_call(PSA_MAC_VERIFY, + params, (size_t) (pos - params), &result, &result_length); + if (!ok) { + printf("PSA_MAC_VERIFY server call failed\n"); + goto fail; + } + + uint8_t *rpos = result; + size_t rremain = result_length; + + ok = psasim_deserialise_begin(&rpos, &rremain); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_psa_status_t(&rpos, &rremain, &status); + if (!ok) { + goto fail; + } + +fail: + free(params); + free(result); + + return status; +} + + +psa_status_t psa_mac_verify_finish( + psa_mac_operation_t *operation, + const uint8_t *mac, size_t mac_length + ) +{ + uint8_t *params = NULL; + uint8_t *result = NULL; + size_t result_length; + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + + size_t needed = psasim_serialise_begin_needs() + + psasim_serialise_psa_mac_operation_t_needs(*operation) + + psasim_serialise_buffer_needs(mac, mac_length); + + params = malloc(needed); + if (params == NULL) { + status = PSA_ERROR_INSUFFICIENT_MEMORY; + goto fail; + } + + uint8_t *pos = params; + size_t remaining = needed; + int ok; + ok = psasim_serialise_begin(&pos, &remaining); + if (!ok) { + goto fail; + } + ok = psasim_serialise_psa_mac_operation_t(&pos, &remaining, *operation); + if (!ok) { + goto fail; + } + ok = psasim_serialise_buffer(&pos, &remaining, mac, mac_length); + if (!ok) { + goto fail; + } + + ok = psa_crypto_call(PSA_MAC_VERIFY_FINISH, + params, (size_t) (pos - params), &result, &result_length); + if (!ok) { + printf("PSA_MAC_VERIFY_FINISH server call failed\n"); + goto fail; + } + + uint8_t *rpos = result; + size_t rremain = result_length; + + ok = psasim_deserialise_begin(&rpos, &rremain); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_psa_status_t(&rpos, &rremain, &status); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_psa_mac_operation_t(&rpos, &rremain, operation); + if (!ok) { + goto fail; + } + +fail: + free(params); + free(result); + + return status; +} + + +psa_status_t psa_mac_verify_setup( + psa_mac_operation_t *operation, + mbedtls_svc_key_id_t key, + psa_algorithm_t alg + ) +{ + uint8_t *params = NULL; + uint8_t *result = NULL; + size_t result_length; + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + + size_t needed = psasim_serialise_begin_needs() + + psasim_serialise_psa_mac_operation_t_needs(*operation) + + psasim_serialise_mbedtls_svc_key_id_t_needs(key) + + psasim_serialise_psa_algorithm_t_needs(alg); + + params = malloc(needed); + if (params == NULL) { + status = PSA_ERROR_INSUFFICIENT_MEMORY; + goto fail; + } + + uint8_t *pos = params; + size_t remaining = needed; + int ok; + ok = psasim_serialise_begin(&pos, &remaining); + if (!ok) { + goto fail; + } + ok = psasim_serialise_psa_mac_operation_t(&pos, &remaining, *operation); + if (!ok) { + goto fail; + } + ok = psasim_serialise_mbedtls_svc_key_id_t(&pos, &remaining, key); + if (!ok) { + goto fail; + } + ok = psasim_serialise_psa_algorithm_t(&pos, &remaining, alg); + if (!ok) { + goto fail; + } + + ok = psa_crypto_call(PSA_MAC_VERIFY_SETUP, + params, (size_t) (pos - params), &result, &result_length); + if (!ok) { + printf("PSA_MAC_VERIFY_SETUP server call failed\n"); + goto fail; + } + + uint8_t *rpos = result; + size_t rremain = result_length; + + ok = psasim_deserialise_begin(&rpos, &rremain); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_psa_status_t(&rpos, &rremain, &status); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_psa_mac_operation_t(&rpos, &rremain, operation); + if (!ok) { + goto fail; + } + +fail: + free(params); + free(result); + + return status; +} diff --git a/tests/psa-client-server/psasim/src/psa_sim_crypto_server.c b/tests/psa-client-server/psasim/src/psa_sim_crypto_server.c index 0a84010f73..856186f6a3 100644 --- a/tests/psa-client-server/psasim/src/psa_sim_crypto_server.c +++ b/tests/psa-client-server/psasim/src/psa_sim_crypto_server.c @@ -2234,6 +2234,706 @@ fail: return 0; // This shouldn't happen! } +// Returns 1 for success, 0 for failure +int psa_mac_abort_wrapper( + uint8_t *in_params, size_t in_params_len, + uint8_t **out_params, size_t *out_params_len) +{ + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + psa_mac_operation_t *operation; + + uint8_t *pos = in_params; + size_t remaining = in_params_len; + uint8_t *result = NULL; + int ok; + + ok = psasim_deserialise_begin(&pos, &remaining); + if (!ok) { + goto fail; + } + + ok = psasim_server_deserialise_psa_mac_operation_t(&pos, &remaining, &operation); + if (!ok) { + goto fail; + } + + // Now we call the actual target function + + status = psa_mac_abort( + operation + ); + + // NOTE: Should really check there is no overflow as we go along. + size_t result_size = + psasim_serialise_begin_needs() + + psasim_serialise_psa_status_t_needs(status) + + psasim_server_serialise_psa_mac_operation_t_needs(operation); + + result = malloc(result_size); + if (result == NULL) { + goto fail; + } + + uint8_t *rpos = result; + size_t rremain = result_size; + + ok = psasim_serialise_begin(&rpos, &rremain); + if (!ok) { + goto fail; + } + + ok = psasim_serialise_psa_status_t(&rpos, &rremain, status); + if (!ok) { + goto fail; + } + + ok = psasim_server_serialise_psa_mac_operation_t(&rpos, &rremain, operation); + if (!ok) { + goto fail; + } + + *out_params = result; + *out_params_len = result_size; + + return 1; // success + +fail: + free(result); + + return 0; // This shouldn't happen! +} + +// Returns 1 for success, 0 for failure +int psa_mac_compute_wrapper( + uint8_t *in_params, size_t in_params_len, + uint8_t **out_params, size_t *out_params_len) +{ + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + mbedtls_svc_key_id_t key; + psa_algorithm_t alg; + uint8_t *input = NULL; + size_t input_length; + uint8_t *mac = NULL; + size_t mac_size; + size_t mac_length; + + uint8_t *pos = in_params; + size_t remaining = in_params_len; + uint8_t *result = NULL; + int ok; + + ok = psasim_deserialise_begin(&pos, &remaining); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_mbedtls_svc_key_id_t(&pos, &remaining, &key); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_psa_algorithm_t(&pos, &remaining, &alg); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_buffer(&pos, &remaining, &input, &input_length); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_buffer(&pos, &remaining, &mac, &mac_size); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_size_t(&pos, &remaining, &mac_length); + if (!ok) { + goto fail; + } + + // Now we call the actual target function + + status = psa_mac_compute( + key, + alg, + input, input_length, + mac, mac_size, + &mac_length + ); + + // NOTE: Should really check there is no overflow as we go along. + size_t result_size = + psasim_serialise_begin_needs() + + psasim_serialise_psa_status_t_needs(status) + + psasim_serialise_buffer_needs(mac, mac_size) + + psasim_serialise_size_t_needs(mac_length); + + result = malloc(result_size); + if (result == NULL) { + goto fail; + } + + uint8_t *rpos = result; + size_t rremain = result_size; + + ok = psasim_serialise_begin(&rpos, &rremain); + if (!ok) { + goto fail; + } + + ok = psasim_serialise_psa_status_t(&rpos, &rremain, status); + if (!ok) { + goto fail; + } + + ok = psasim_serialise_buffer(&rpos, &rremain, mac, mac_size); + if (!ok) { + goto fail; + } + + ok = psasim_serialise_size_t(&rpos, &rremain, mac_length); + if (!ok) { + goto fail; + } + + *out_params = result; + *out_params_len = result_size; + + free(input); + free(mac); + + return 1; // success + +fail: + free(result); + + free(input); + free(mac); + + return 0; // This shouldn't happen! +} + +// Returns 1 for success, 0 for failure +int psa_mac_sign_finish_wrapper( + uint8_t *in_params, size_t in_params_len, + uint8_t **out_params, size_t *out_params_len) +{ + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + psa_mac_operation_t *operation; + uint8_t *mac = NULL; + size_t mac_size; + size_t mac_length; + + uint8_t *pos = in_params; + size_t remaining = in_params_len; + uint8_t *result = NULL; + int ok; + + ok = psasim_deserialise_begin(&pos, &remaining); + if (!ok) { + goto fail; + } + + ok = psasim_server_deserialise_psa_mac_operation_t(&pos, &remaining, &operation); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_buffer(&pos, &remaining, &mac, &mac_size); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_size_t(&pos, &remaining, &mac_length); + if (!ok) { + goto fail; + } + + // Now we call the actual target function + + status = psa_mac_sign_finish( + operation, + mac, mac_size, + &mac_length + ); + + // NOTE: Should really check there is no overflow as we go along. + size_t result_size = + psasim_serialise_begin_needs() + + psasim_serialise_psa_status_t_needs(status) + + psasim_server_serialise_psa_mac_operation_t_needs(operation) + + psasim_serialise_buffer_needs(mac, mac_size) + + psasim_serialise_size_t_needs(mac_length); + + result = malloc(result_size); + if (result == NULL) { + goto fail; + } + + uint8_t *rpos = result; + size_t rremain = result_size; + + ok = psasim_serialise_begin(&rpos, &rremain); + if (!ok) { + goto fail; + } + + ok = psasim_serialise_psa_status_t(&rpos, &rremain, status); + if (!ok) { + goto fail; + } + + ok = psasim_server_serialise_psa_mac_operation_t(&rpos, &rremain, operation); + if (!ok) { + goto fail; + } + + ok = psasim_serialise_buffer(&rpos, &rremain, mac, mac_size); + if (!ok) { + goto fail; + } + + ok = psasim_serialise_size_t(&rpos, &rremain, mac_length); + if (!ok) { + goto fail; + } + + *out_params = result; + *out_params_len = result_size; + + free(mac); + + return 1; // success + +fail: + free(result); + + free(mac); + + return 0; // This shouldn't happen! +} + +// Returns 1 for success, 0 for failure +int psa_mac_sign_setup_wrapper( + uint8_t *in_params, size_t in_params_len, + uint8_t **out_params, size_t *out_params_len) +{ + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + psa_mac_operation_t *operation; + mbedtls_svc_key_id_t key; + psa_algorithm_t alg; + + uint8_t *pos = in_params; + size_t remaining = in_params_len; + uint8_t *result = NULL; + int ok; + + ok = psasim_deserialise_begin(&pos, &remaining); + if (!ok) { + goto fail; + } + + ok = psasim_server_deserialise_psa_mac_operation_t(&pos, &remaining, &operation); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_mbedtls_svc_key_id_t(&pos, &remaining, &key); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_psa_algorithm_t(&pos, &remaining, &alg); + if (!ok) { + goto fail; + } + + // Now we call the actual target function + + status = psa_mac_sign_setup( + operation, + key, + alg + ); + + // NOTE: Should really check there is no overflow as we go along. + size_t result_size = + psasim_serialise_begin_needs() + + psasim_serialise_psa_status_t_needs(status) + + psasim_server_serialise_psa_mac_operation_t_needs(operation); + + result = malloc(result_size); + if (result == NULL) { + goto fail; + } + + uint8_t *rpos = result; + size_t rremain = result_size; + + ok = psasim_serialise_begin(&rpos, &rremain); + if (!ok) { + goto fail; + } + + ok = psasim_serialise_psa_status_t(&rpos, &rremain, status); + if (!ok) { + goto fail; + } + + ok = psasim_server_serialise_psa_mac_operation_t(&rpos, &rremain, operation); + if (!ok) { + goto fail; + } + + *out_params = result; + *out_params_len = result_size; + + return 1; // success + +fail: + free(result); + + return 0; // This shouldn't happen! +} + +// Returns 1 for success, 0 for failure +int psa_mac_update_wrapper( + uint8_t *in_params, size_t in_params_len, + uint8_t **out_params, size_t *out_params_len) +{ + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + psa_mac_operation_t *operation; + uint8_t *input = NULL; + size_t input_length; + + uint8_t *pos = in_params; + size_t remaining = in_params_len; + uint8_t *result = NULL; + int ok; + + ok = psasim_deserialise_begin(&pos, &remaining); + if (!ok) { + goto fail; + } + + ok = psasim_server_deserialise_psa_mac_operation_t(&pos, &remaining, &operation); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_buffer(&pos, &remaining, &input, &input_length); + if (!ok) { + goto fail; + } + + // Now we call the actual target function + + status = psa_mac_update( + operation, + input, input_length + ); + + // NOTE: Should really check there is no overflow as we go along. + size_t result_size = + psasim_serialise_begin_needs() + + psasim_serialise_psa_status_t_needs(status) + + psasim_server_serialise_psa_mac_operation_t_needs(operation); + + result = malloc(result_size); + if (result == NULL) { + goto fail; + } + + uint8_t *rpos = result; + size_t rremain = result_size; + + ok = psasim_serialise_begin(&rpos, &rremain); + if (!ok) { + goto fail; + } + + ok = psasim_serialise_psa_status_t(&rpos, &rremain, status); + if (!ok) { + goto fail; + } + + ok = psasim_server_serialise_psa_mac_operation_t(&rpos, &rremain, operation); + if (!ok) { + goto fail; + } + + *out_params = result; + *out_params_len = result_size; + + free(input); + + return 1; // success + +fail: + free(result); + + free(input); + + return 0; // This shouldn't happen! +} + +// Returns 1 for success, 0 for failure +int psa_mac_verify_wrapper( + uint8_t *in_params, size_t in_params_len, + uint8_t **out_params, size_t *out_params_len) +{ + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + mbedtls_svc_key_id_t key; + psa_algorithm_t alg; + uint8_t *input = NULL; + size_t input_length; + uint8_t *mac = NULL; + size_t mac_length; + + uint8_t *pos = in_params; + size_t remaining = in_params_len; + uint8_t *result = NULL; + int ok; + + ok = psasim_deserialise_begin(&pos, &remaining); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_mbedtls_svc_key_id_t(&pos, &remaining, &key); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_psa_algorithm_t(&pos, &remaining, &alg); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_buffer(&pos, &remaining, &input, &input_length); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_buffer(&pos, &remaining, &mac, &mac_length); + if (!ok) { + goto fail; + } + + // Now we call the actual target function + + status = psa_mac_verify( + key, + alg, + input, input_length, + mac, mac_length + ); + + // NOTE: Should really check there is no overflow as we go along. + size_t result_size = + psasim_serialise_begin_needs() + + psasim_serialise_psa_status_t_needs(status); + + result = malloc(result_size); + if (result == NULL) { + goto fail; + } + + uint8_t *rpos = result; + size_t rremain = result_size; + + ok = psasim_serialise_begin(&rpos, &rremain); + if (!ok) { + goto fail; + } + + ok = psasim_serialise_psa_status_t(&rpos, &rremain, status); + if (!ok) { + goto fail; + } + + *out_params = result; + *out_params_len = result_size; + + free(input); + free(mac); + + return 1; // success + +fail: + free(result); + + free(input); + free(mac); + + return 0; // This shouldn't happen! +} + +// Returns 1 for success, 0 for failure +int psa_mac_verify_finish_wrapper( + uint8_t *in_params, size_t in_params_len, + uint8_t **out_params, size_t *out_params_len) +{ + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + psa_mac_operation_t *operation; + uint8_t *mac = NULL; + size_t mac_length; + + uint8_t *pos = in_params; + size_t remaining = in_params_len; + uint8_t *result = NULL; + int ok; + + ok = psasim_deserialise_begin(&pos, &remaining); + if (!ok) { + goto fail; + } + + ok = psasim_server_deserialise_psa_mac_operation_t(&pos, &remaining, &operation); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_buffer(&pos, &remaining, &mac, &mac_length); + if (!ok) { + goto fail; + } + + // Now we call the actual target function + + status = psa_mac_verify_finish( + operation, + mac, mac_length + ); + + // NOTE: Should really check there is no overflow as we go along. + size_t result_size = + psasim_serialise_begin_needs() + + psasim_serialise_psa_status_t_needs(status) + + psasim_server_serialise_psa_mac_operation_t_needs(operation); + + result = malloc(result_size); + if (result == NULL) { + goto fail; + } + + uint8_t *rpos = result; + size_t rremain = result_size; + + ok = psasim_serialise_begin(&rpos, &rremain); + if (!ok) { + goto fail; + } + + ok = psasim_serialise_psa_status_t(&rpos, &rremain, status); + if (!ok) { + goto fail; + } + + ok = psasim_server_serialise_psa_mac_operation_t(&rpos, &rremain, operation); + if (!ok) { + goto fail; + } + + *out_params = result; + *out_params_len = result_size; + + free(mac); + + return 1; // success + +fail: + free(result); + + free(mac); + + return 0; // This shouldn't happen! +} + +// Returns 1 for success, 0 for failure +int psa_mac_verify_setup_wrapper( + uint8_t *in_params, size_t in_params_len, + uint8_t **out_params, size_t *out_params_len) +{ + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + psa_mac_operation_t *operation; + mbedtls_svc_key_id_t key; + psa_algorithm_t alg; + + uint8_t *pos = in_params; + size_t remaining = in_params_len; + uint8_t *result = NULL; + int ok; + + ok = psasim_deserialise_begin(&pos, &remaining); + if (!ok) { + goto fail; + } + + ok = psasim_server_deserialise_psa_mac_operation_t(&pos, &remaining, &operation); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_mbedtls_svc_key_id_t(&pos, &remaining, &key); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_psa_algorithm_t(&pos, &remaining, &alg); + if (!ok) { + goto fail; + } + + // Now we call the actual target function + + status = psa_mac_verify_setup( + operation, + key, + alg + ); + + // NOTE: Should really check there is no overflow as we go along. + size_t result_size = + psasim_serialise_begin_needs() + + psasim_serialise_psa_status_t_needs(status) + + psasim_server_serialise_psa_mac_operation_t_needs(operation); + + result = malloc(result_size); + if (result == NULL) { + goto fail; + } + + uint8_t *rpos = result; + size_t rremain = result_size; + + ok = psasim_serialise_begin(&rpos, &rremain); + if (!ok) { + goto fail; + } + + ok = psasim_serialise_psa_status_t(&rpos, &rremain, status); + if (!ok) { + goto fail; + } + + ok = psasim_server_serialise_psa_mac_operation_t(&rpos, &rremain, operation); + if (!ok) { + goto fail; + } + + *out_params = result; + *out_params_len = result_size; + + return 1; // success + +fail: + free(result); + + return 0; // This shouldn't happen! +} + psa_status_t psa_crypto_call(psa_msg_t msg) { int ok = 0; @@ -2370,6 +3070,38 @@ psa_status_t psa_crypto_call(psa_msg_t msg) ok = psa_import_key_wrapper(in_params, in_params_len, &out_params, &out_params_len); break; + case PSA_MAC_ABORT: + ok = psa_mac_abort_wrapper(in_params, in_params_len, + &out_params, &out_params_len); + break; + case PSA_MAC_COMPUTE: + ok = psa_mac_compute_wrapper(in_params, in_params_len, + &out_params, &out_params_len); + break; + case PSA_MAC_SIGN_FINISH: + ok = psa_mac_sign_finish_wrapper(in_params, in_params_len, + &out_params, &out_params_len); + break; + case PSA_MAC_SIGN_SETUP: + ok = psa_mac_sign_setup_wrapper(in_params, in_params_len, + &out_params, &out_params_len); + break; + case PSA_MAC_UPDATE: + ok = psa_mac_update_wrapper(in_params, in_params_len, + &out_params, &out_params_len); + break; + case PSA_MAC_VERIFY: + ok = psa_mac_verify_wrapper(in_params, in_params_len, + &out_params, &out_params_len); + break; + case PSA_MAC_VERIFY_FINISH: + ok = psa_mac_verify_finish_wrapper(in_params, in_params_len, + &out_params, &out_params_len); + break; + case PSA_MAC_VERIFY_SETUP: + ok = psa_mac_verify_setup_wrapper(in_params, in_params_len, + &out_params, &out_params_len); + break; } free(in_params); diff --git a/tests/psa-client-server/psasim/src/psa_sim_generate.pl b/tests/psa-client-server/psasim/src/psa_sim_generate.pl index b2a59b20f1..ea5088e7a5 100755 --- a/tests/psa-client-server/psasim/src/psa_sim_generate.pl +++ b/tests/psa-client-server/psasim/src/psa_sim_generate.pl @@ -2398,3 +2398,407 @@ psa_status_t psa_destroy_key(mbedtls_svc_key_id_t key); */ psa_status_t psa_generate_random(uint8_t *output, size_t output_size); + +/** Calculate the MAC (message authentication code) of a message. + * + * \note To verify the MAC of a message against an + * expected value, use psa_mac_verify() instead. + * Beware that comparing integrity or authenticity data such as + * MAC values with a function such as \c memcmp is risky + * because the time taken by the comparison may leak information + * about the MAC value which could allow an attacker to guess + * a valid MAC and thereby bypass security controls. + * + * \param key Identifier of the key to use for the operation. It + * must allow the usage PSA_KEY_USAGE_SIGN_MESSAGE. + * \param alg The MAC algorithm to compute (\c PSA_ALG_XXX value + * such that #PSA_ALG_IS_MAC(\p alg) is true). + * \param[in] input Buffer containing the input message. + * \param input_length Size of the \p input buffer in bytes. + * \param[out] mac Buffer where the MAC value is to be written. + * \param mac_size Size of the \p mac buffer in bytes. + * \param[out] mac_length On success, the number of bytes + * that make up the MAC value. + * + * \retval #PSA_SUCCESS + * Success. + * \retval #PSA_ERROR_INVALID_HANDLE \emptydescription + * \retval #PSA_ERROR_NOT_PERMITTED \emptydescription + * \retval #PSA_ERROR_INVALID_ARGUMENT + * \p key is not compatible with \p alg. + * \retval #PSA_ERROR_NOT_SUPPORTED + * \p alg is not supported or is not a MAC algorithm. + * \retval #PSA_ERROR_BUFFER_TOO_SMALL + * \p mac_size is too small + * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription + * \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription + * \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription + * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription + * \retval #PSA_ERROR_STORAGE_FAILURE + * The key could not be retrieved from storage. + * \retval #PSA_ERROR_BAD_STATE + * The library has not been previously initialized by psa_crypto_init(). + * It is implementation-dependent whether a failure to initialize + * results in this error code. + */ +psa_status_t psa_mac_compute(mbedtls_svc_key_id_t key, + psa_algorithm_t alg, + const uint8_t *input, + size_t input_length, + uint8_t *mac, + size_t mac_size, + size_t *mac_length); + +/** Calculate the MAC of a message and compare it with a reference value. + * + * \param key Identifier of the key to use for the operation. It + * must allow the usage PSA_KEY_USAGE_VERIFY_MESSAGE. + * \param alg The MAC algorithm to compute (\c PSA_ALG_XXX value + * such that #PSA_ALG_IS_MAC(\p alg) is true). + * \param[in] input Buffer containing the input message. + * \param input_length Size of the \p input buffer in bytes. + * \param[in] mac Buffer containing the expected MAC value. + * \param mac_length Size of the \p mac buffer in bytes. + * + * \retval #PSA_SUCCESS + * The expected MAC is identical to the actual MAC of the input. + * \retval #PSA_ERROR_INVALID_SIGNATURE + * The MAC of the message was calculated successfully, but it + * differs from the expected value. + * \retval #PSA_ERROR_INVALID_HANDLE \emptydescription + * \retval #PSA_ERROR_NOT_PERMITTED \emptydescription + * \retval #PSA_ERROR_INVALID_ARGUMENT + * \p key is not compatible with \p alg. + * \retval #PSA_ERROR_NOT_SUPPORTED + * \p alg is not supported or is not a MAC algorithm. + * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription + * \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription + * \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription + * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription + * \retval #PSA_ERROR_STORAGE_FAILURE + * The key could not be retrieved from storage. + * \retval #PSA_ERROR_BAD_STATE + * The library has not been previously initialized by psa_crypto_init(). + * It is implementation-dependent whether a failure to initialize + * results in this error code. + */ +psa_status_t psa_mac_verify(mbedtls_svc_key_id_t key, + psa_algorithm_t alg, + const uint8_t *input, + size_t input_length, + const uint8_t *mac, + size_t mac_length); + +/** The type of the state data structure for multipart MAC operations. + * + * Before calling any function on a MAC operation object, the application must + * initialize it by any of the following means: + * - Set the structure to all-bits-zero, for example: + * \code + * psa_mac_operation_t operation; + * memset(&operation, 0, sizeof(operation)); + * \endcode + * - Initialize the structure to logical zero values, for example: + * \code + * psa_mac_operation_t operation = {0}; + * \endcode + * - Initialize the structure to the initializer #PSA_MAC_OPERATION_INIT, + * for example: + * \code + * psa_mac_operation_t operation = PSA_MAC_OPERATION_INIT; + * \endcode + * - Assign the result of the function psa_mac_operation_init() + * to the structure, for example: + * \code + * psa_mac_operation_t operation; + * operation = psa_mac_operation_init(); + * \endcode + * + * + * This is an implementation-defined \c struct. Applications should not + * make any assumptions about the content of this structure. + * Implementation details can change in future versions without notice. */ +typedef struct psa_mac_operation_s psa_mac_operation_t; + +/** \def PSA_MAC_OPERATION_INIT + * + * This macro returns a suitable initializer for a MAC operation object of type + * #psa_mac_operation_t. + */ + +/** Return an initial value for a MAC operation object. + */ +static psa_mac_operation_t psa_mac_operation_init(void); + +/** Set up a multipart MAC calculation operation. + * + * This function sets up the calculation of the MAC + * (message authentication code) of a byte string. + * To verify the MAC of a message against an + * expected value, use psa_mac_verify_setup() instead. + * + * The sequence of operations to calculate a MAC is as follows: + * -# Allocate an operation object which will be passed to all the functions + * listed here. + * -# Initialize the operation object with one of the methods described in the + * documentation for #psa_mac_operation_t, e.g. #PSA_MAC_OPERATION_INIT. + * -# Call psa_mac_sign_setup() to specify the algorithm and key. + * -# Call psa_mac_update() zero, one or more times, passing a fragment + * of the message each time. The MAC that is calculated is the MAC + * of the concatenation of these messages in order. + * -# At the end of the message, call psa_mac_sign_finish() to finish + * calculating the MAC value and retrieve it. + * + * If an error occurs at any step after a call to psa_mac_sign_setup(), the + * operation will need to be reset by a call to psa_mac_abort(). The + * application may call psa_mac_abort() at any time after the operation + * has been initialized. + * + * After a successful call to psa_mac_sign_setup(), the application must + * eventually terminate the operation through one of the following methods: + * - A successful call to psa_mac_sign_finish(). + * - A call to psa_mac_abort(). + * + * \param[in,out] operation The operation object to set up. It must have + * been initialized as per the documentation for + * #psa_mac_operation_t and not yet in use. + * \param key Identifier of the key to use for the operation. It + * must remain valid until the operation terminates. + * It must allow the usage PSA_KEY_USAGE_SIGN_MESSAGE. + * \param alg The MAC algorithm to compute (\c PSA_ALG_XXX value + * such that #PSA_ALG_IS_MAC(\p alg) is true). + * + * \retval #PSA_SUCCESS + * Success. + * \retval #PSA_ERROR_INVALID_HANDLE \emptydescription + * \retval #PSA_ERROR_NOT_PERMITTED \emptydescription + * \retval #PSA_ERROR_INVALID_ARGUMENT + * \p key is not compatible with \p alg. + * \retval #PSA_ERROR_NOT_SUPPORTED + * \p alg is not supported or is not a MAC algorithm. + * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription + * \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription + * \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription + * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription + * \retval #PSA_ERROR_STORAGE_FAILURE + * The key could not be retrieved from storage. + * \retval #PSA_ERROR_BAD_STATE + * The operation state is not valid (it must be inactive), or + * the library has not been previously initialized by psa_crypto_init(). + * It is implementation-dependent whether a failure to initialize + * results in this error code. + */ +psa_status_t psa_mac_sign_setup(psa_mac_operation_t *operation, + mbedtls_svc_key_id_t key, + psa_algorithm_t alg); + +/** Set up a multipart MAC verification operation. + * + * This function sets up the verification of the MAC + * (message authentication code) of a byte string against an expected value. + * + * The sequence of operations to verify a MAC is as follows: + * -# Allocate an operation object which will be passed to all the functions + * listed here. + * -# Initialize the operation object with one of the methods described in the + * documentation for #psa_mac_operation_t, e.g. #PSA_MAC_OPERATION_INIT. + * -# Call psa_mac_verify_setup() to specify the algorithm and key. + * -# Call psa_mac_update() zero, one or more times, passing a fragment + * of the message each time. The MAC that is calculated is the MAC + * of the concatenation of these messages in order. + * -# At the end of the message, call psa_mac_verify_finish() to finish + * calculating the actual MAC of the message and verify it against + * the expected value. + * + * If an error occurs at any step after a call to psa_mac_verify_setup(), the + * operation will need to be reset by a call to psa_mac_abort(). The + * application may call psa_mac_abort() at any time after the operation + * has been initialized. + * + * After a successful call to psa_mac_verify_setup(), the application must + * eventually terminate the operation through one of the following methods: + * - A successful call to psa_mac_verify_finish(). + * - A call to psa_mac_abort(). + * + * \param[in,out] operation The operation object to set up. It must have + * been initialized as per the documentation for + * #psa_mac_operation_t and not yet in use. + * \param key Identifier of the key to use for the operation. It + * must remain valid until the operation terminates. + * It must allow the usage + * PSA_KEY_USAGE_VERIFY_MESSAGE. + * \param alg The MAC algorithm to compute (\c PSA_ALG_XXX value + * such that #PSA_ALG_IS_MAC(\p alg) is true). + * + * \retval #PSA_SUCCESS + * Success. + * \retval #PSA_ERROR_INVALID_HANDLE \emptydescription + * \retval #PSA_ERROR_NOT_PERMITTED \emptydescription + * \retval #PSA_ERROR_INVALID_ARGUMENT + * \c key is not compatible with \c alg. + * \retval #PSA_ERROR_NOT_SUPPORTED + * \c alg is not supported or is not a MAC algorithm. + * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription + * \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription + * \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription + * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription + * \retval #PSA_ERROR_STORAGE_FAILURE + * The key could not be retrieved from storage. + * \retval #PSA_ERROR_BAD_STATE + * The operation state is not valid (it must be inactive), or + * the library has not been previously initialized by psa_crypto_init(). + * It is implementation-dependent whether a failure to initialize + * results in this error code. + */ +psa_status_t psa_mac_verify_setup(psa_mac_operation_t *operation, + mbedtls_svc_key_id_t key, + psa_algorithm_t alg); + +/** Add a message fragment to a multipart MAC operation. + * + * The application must call psa_mac_sign_setup() or psa_mac_verify_setup() + * before calling this function. + * + * If this function returns an error status, the operation enters an error + * state and must be aborted by calling psa_mac_abort(). + * + * \param[in,out] operation Active MAC operation. + * \param[in] input Buffer containing the message fragment to add to + * the MAC calculation. + * \param input_length Size of the \p input buffer in bytes. + * + * \retval #PSA_SUCCESS + * Success. + * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription + * \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription + * \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription + * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription + * \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription + * \retval #PSA_ERROR_BAD_STATE + * The operation state is not valid (it must be active), or + * the library has not been previously initialized by psa_crypto_init(). + * It is implementation-dependent whether a failure to initialize + * results in this error code. + */ +psa_status_t psa_mac_update(psa_mac_operation_t *operation, + const uint8_t *input, + size_t input_length); + +/** Finish the calculation of the MAC of a message. + * + * The application must call psa_mac_sign_setup() before calling this function. + * This function calculates the MAC of the message formed by concatenating + * the inputs passed to preceding calls to psa_mac_update(). + * + * When this function returns successfully, the operation becomes inactive. + * If this function returns an error status, the operation enters an error + * state and must be aborted by calling psa_mac_abort(). + * + * \warning Applications should not call this function if they expect + * a specific value for the MAC. Call psa_mac_verify_finish() instead. + * Beware that comparing integrity or authenticity data such as + * MAC values with a function such as \c memcmp is risky + * because the time taken by the comparison may leak information + * about the MAC value which could allow an attacker to guess + * a valid MAC and thereby bypass security controls. + * + * \param[in,out] operation Active MAC operation. + * \param[out] mac Buffer where the MAC value is to be written. + * \param mac_size Size of the \p mac buffer in bytes. + * \param[out] mac_length On success, the number of bytes + * that make up the MAC value. This is always + * #PSA_MAC_LENGTH(\c key_type, \c key_bits, \c alg) + * where \c key_type and \c key_bits are the type and + * bit-size respectively of the key and \c alg is the + * MAC algorithm that is calculated. + * + * \retval #PSA_SUCCESS + * Success. + * \retval #PSA_ERROR_BUFFER_TOO_SMALL + * The size of the \p mac buffer is too small. You can determine a + * sufficient buffer size by calling PSA_MAC_LENGTH(). + * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription + * \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription + * \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription + * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription + * \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription + * \retval #PSA_ERROR_BAD_STATE + * The operation state is not valid (it must be an active mac sign + * operation), or the library has not been previously initialized + * by psa_crypto_init(). + * It is implementation-dependent whether a failure to initialize + * results in this error code. + */ +psa_status_t psa_mac_sign_finish(psa_mac_operation_t *operation, + uint8_t *mac, + size_t mac_size, + size_t *mac_length); + +/** Finish the calculation of the MAC of a message and compare it with + * an expected value. + * + * The application must call psa_mac_verify_setup() before calling this function. + * This function calculates the MAC of the message formed by concatenating + * the inputs passed to preceding calls to psa_mac_update(). It then + * compares the calculated MAC with the expected MAC passed as a + * parameter to this function. + * + * When this function returns successfully, the operation becomes inactive. + * If this function returns an error status, the operation enters an error + * state and must be aborted by calling psa_mac_abort(). + * + * \note Implementations shall make the best effort to ensure that the + * comparison between the actual MAC and the expected MAC is performed + * in constant time. + * + * \param[in,out] operation Active MAC operation. + * \param[in] mac Buffer containing the expected MAC value. + * \param mac_length Size of the \p mac buffer in bytes. + * + * \retval #PSA_SUCCESS + * The expected MAC is identical to the actual MAC of the message. + * \retval #PSA_ERROR_INVALID_SIGNATURE + * The MAC of the message was calculated successfully, but it + * differs from the expected MAC. + * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription + * \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription + * \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription + * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription + * \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription + * \retval #PSA_ERROR_BAD_STATE + * The operation state is not valid (it must be an active mac verify + * operation), or the library has not been previously initialized + * by psa_crypto_init(). + * It is implementation-dependent whether a failure to initialize + * results in this error code. + */ +psa_status_t psa_mac_verify_finish(psa_mac_operation_t *operation, + const uint8_t *mac, + size_t mac_length); + +/** Abort a MAC operation. + * + * Aborting an operation frees all associated resources except for the + * \p operation structure itself. Once aborted, the operation object + * can be reused for another operation by calling + * psa_mac_sign_setup() or psa_mac_verify_setup() again. + * + * You may call this function any time after the operation object has + * been initialized by one of the methods described in #psa_mac_operation_t. + * + * In particular, calling psa_mac_abort() after the operation has been + * terminated by a call to psa_mac_abort(), psa_mac_sign_finish() or + * psa_mac_verify_finish() is safe and has no effect. + * + * \param[in,out] operation Initialized MAC operation. + * + * \retval #PSA_SUCCESS \emptydescription + * \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription + * \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription + * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription + * \retval #PSA_ERROR_BAD_STATE + * The library has not been previously initialized by psa_crypto_init(). + * It is implementation-dependent whether a failure to initialize + * results in this error code. + */ +psa_status_t psa_mac_abort(psa_mac_operation_t *operation); diff --git a/tests/psa-client-server/psasim/src/psa_sim_serialise.c b/tests/psa-client-server/psasim/src/psa_sim_serialise.c index 651e0468e2..0cd2e09f95 100644 --- a/tests/psa-client-server/psasim/src/psa_sim_serialise.c +++ b/tests/psa-client-server/psasim/src/psa_sim_serialise.c @@ -139,6 +139,44 @@ static ssize_t find_aead_slot_by_handle(psasim_client_handle_t handle) return -1; /* not found */ } +static psa_mac_operation_t mac_operations[MAX_LIVE_HANDLES_PER_CLASS]; +static psasim_client_handle_t mac_operation_handles[MAX_LIVE_HANDLES_PER_CLASS]; +static psasim_client_handle_t next_mac_operation_handle = 1; + +/* Get a free slot */ +static ssize_t allocate_mac_operation_slot(void) +{ + psasim_client_handle_t handle = next_mac_operation_handle++; + if (next_mac_operation_handle == 0) { /* wrapped around */ + FATAL("Mac operation handle wrapped"); + } + + for (ssize_t i = 0; i < MAX_LIVE_HANDLES_PER_CLASS; i++) { + if (mac_operation_handles[i] == 0) { + mac_operation_handles[i] = handle; + return i; + } + } + + ERROR("All slots are currently used. Unable to allocate a new one."); + + return -1; /* all in use */ +} + +/* Find the slot given the handle */ +static ssize_t find_mac_slot_by_handle(psasim_client_handle_t handle) +{ + for (ssize_t i = 0; i < MAX_LIVE_HANDLES_PER_CLASS; i++) { + if (mac_operation_handles[i] == handle) { + return i; + } + } + + ERROR("Unable to find slot by handle %u", handle); + + return -1; /* not found */ +} + size_t psasim_serialise_begin_needs(void) { /* The serialisation buffer will @@ -679,6 +717,99 @@ int psasim_deserialise_psa_key_attributes_t(uint8_t **pos, return 1; } +size_t psasim_serialise_psa_mac_operation_t_needs(psa_mac_operation_t value) +{ + return sizeof(value); +} + +int psasim_serialise_psa_mac_operation_t(uint8_t **pos, + size_t *remaining, + psa_mac_operation_t value) +{ + if (*remaining < sizeof(value)) { + return 0; + } + + memcpy(*pos, &value, sizeof(value)); + *pos += sizeof(value); + + return 1; +} + +int psasim_deserialise_psa_mac_operation_t(uint8_t **pos, + size_t *remaining, + psa_mac_operation_t *value) +{ + if (*remaining < sizeof(*value)) { + return 0; + } + + memcpy(value, *pos, sizeof(*value)); + + *pos += sizeof(*value); + *remaining -= sizeof(*value); + + return 1; +} + +size_t psasim_server_serialise_psa_mac_operation_t_needs(psa_mac_operation_t *operation) +{ + (void) operation; + + /* We will actually return a handle */ + return sizeof(psasim_operation_t); +} + +int psasim_server_serialise_psa_mac_operation_t(uint8_t **pos, + size_t *remaining, + psa_mac_operation_t *operation) +{ + psasim_operation_t client_operation; + + if (*remaining < sizeof(client_operation)) { + return 0; + } + + ssize_t slot = operation - mac_operations; + + client_operation.handle = mac_operation_handles[slot]; + + memcpy(*pos, &client_operation, sizeof(client_operation)); + *pos += sizeof(client_operation); + + return 1; +} + +int psasim_server_deserialise_psa_mac_operation_t(uint8_t **pos, + size_t *remaining, + psa_mac_operation_t **operation) +{ + psasim_operation_t client_operation; + + if (*remaining < sizeof(psasim_operation_t)) { + return 0; + } + + memcpy(&client_operation, *pos, sizeof(psasim_operation_t)); + *pos += sizeof(psasim_operation_t); + *remaining -= sizeof(psasim_operation_t); + + ssize_t slot; + if (client_operation.handle == 0) { /* We need a new handle */ + slot = allocate_mac_operation_slot(); + } else { + slot = find_mac_slot_by_handle(client_operation.handle); + } + + if (slot < 0) { + return 0; + } + + *operation = &mac_operations[slot]; + + return 1; +} + size_t psasim_serialise_mbedtls_svc_key_id_t_needs(mbedtls_svc_key_id_t value) { return sizeof(value); @@ -720,4 +851,6 @@ void psa_sim_serialize_reset(void) memset(hash_operations, 0, sizeof(hash_operations)); memset(aead_operation_handles, 0, sizeof(aead_operation_handles)); memset(aead_operations, 0, sizeof(aead_operations)); + memset(mac_operation_handles, 0, sizeof(mac_operation_handles)); + memset(mac_operations, 0, sizeof(mac_operations)); } diff --git a/tests/psa-client-server/psasim/src/psa_sim_serialise.h b/tests/psa-client-server/psasim/src/psa_sim_serialise.h index 537730c1f8..11de3d711a 100644 --- a/tests/psa-client-server/psasim/src/psa_sim_serialise.h +++ b/tests/psa-client-server/psasim/src/psa_sim_serialise.h @@ -583,6 +583,90 @@ int psasim_deserialise_psa_key_attributes_t(uint8_t **pos, size_t *remaining, psa_key_attributes_t *value); +/** Return how much buffer space is needed by \c psasim_serialise_psa_mac_operation_t() + * to serialise a `psa_mac_operation_t`. + * + * \param value The value that will be serialised into the buffer + * (needed in case some serialisations are value- + * dependent). + * + * \return The number of bytes needed in the buffer by + * \c psasim_serialise_psa_mac_operation_t() to serialise + * the given value. + */ +size_t psasim_serialise_psa_mac_operation_t_needs(psa_mac_operation_t value); + +/** Serialise a `psa_mac_operation_t` into a buffer. + * + * \param pos[in,out] Pointer to a `uint8_t *` holding current position + * in the buffer. + * \param remaining[in,out] Pointer to a `size_t` holding number of bytes + * remaining in the buffer. + * \param value The value to serialise into the buffer. + * + * \return \c 1 on success ("okay"), \c 0 on error. + */ +int psasim_serialise_psa_mac_operation_t(uint8_t **pos, + size_t *remaining, + psa_mac_operation_t value); + +/** Deserialise a `psa_mac_operation_t` from a buffer. + * + * \param pos[in,out] Pointer to a `uint8_t *` holding current position + * in the buffer. + * \param remaining[in,out] Pointer to a `size_t` holding number of bytes + * remaining in the buffer. + * \param value Pointer to a `psa_mac_operation_t` to receive the value + * deserialised from the buffer. + * + * \return \c 1 on success ("okay"), \c 0 on error. + */ +int psasim_deserialise_psa_mac_operation_t(uint8_t **pos, + size_t *remaining, + psa_mac_operation_t *value); + +/** Return how much buffer space is needed by \c psasim_server_serialise_psa_mac_operation_t() + * to serialise a `psa_mac_operation_t`. + * + * \param value The value that will be serialised into the buffer + * (needed in case some serialisations are value- + * dependent). + * + * \return The number of bytes needed in the buffer by + * \c psasim_serialise_psa_mac_operation_t() to serialise + * the given value. + */ +size_t psasim_server_serialise_psa_mac_operation_t_needs(psa_mac_operation_t *value); + +/** Serialise a `psa_mac_operation_t` into a buffer on the server side. + * + * \param pos[in,out] Pointer to a `uint8_t *` holding current position + * in the buffer. + * \param remaining[in,out] Pointer to a `size_t` holding number of bytes + * remaining in the buffer. + * \param value The value to serialise into the buffer. + * + * \return \c 1 on success ("okay"), \c 0 on error. + */ +int psasim_server_serialise_psa_mac_operation_t(uint8_t **pos, + size_t *remaining, + psa_mac_operation_t *value); + +/** Deserialise a `psa_mac_operation_t` from a buffer on the server side. + * + * \param pos[in,out] Pointer to a `uint8_t *` holding current position + * in the buffer. + * \param remaining[in,out] Pointer to a `size_t` holding number of bytes + * remaining in the buffer. + * \param value Pointer to a `psa_mac_operation_t` to receive the value + * deserialised from the buffer. + * + * \return \c 1 on success ("okay"), \c 0 on error. + */ +int psasim_server_deserialise_psa_mac_operation_t(uint8_t **pos, + size_t *remaining, + psa_mac_operation_t **value); + /** Return how much buffer space is needed by \c psasim_serialise_mbedtls_svc_key_id_t() * to serialise a `mbedtls_svc_key_id_t`. * diff --git a/tests/psa-client-server/psasim/src/psa_sim_serialise.pl b/tests/psa-client-server/psasim/src/psa_sim_serialise.pl index e89fafe0be..75f540b920 100755 --- a/tests/psa-client-server/psasim/src/psa_sim_serialise.pl +++ b/tests/psa-client-server/psasim/src/psa_sim_serialise.pl @@ -41,6 +41,7 @@ my @types = qw(unsigned-int int size_t psa_hash_operation_t psa_aead_operation_t psa_key_attributes_t + psa_mac_operation_t mbedtls_svc_key_id_t); grep(s/-/ /g, @types); From a4eac4a84da17600e1ea5e9a4e4d1704ec80563c Mon Sep 17 00:00:00 2001 From: Tom Cosgrove Date: Fri, 21 Jun 2024 10:43:39 +0100 Subject: [PATCH 368/429] psasim: add support for psa_cipher_xxx() functions Signed-off-by: Tom Cosgrove --- .../psasim/src/psa_functions_codes.h | 9 + .../psasim/src/psa_sim_crypto_client.c | 727 ++++++++++++++ .../psasim/src/psa_sim_crypto_server.c | 884 ++++++++++++++++++ .../psasim/src/psa_sim_generate.pl | 460 +++++++++ .../psasim/src/psa_sim_serialise.c | 133 +++ .../psasim/src/psa_sim_serialise.h | 84 ++ .../psasim/src/psa_sim_serialise.pl | 1 + 7 files changed, 2298 insertions(+) diff --git a/tests/psa-client-server/psasim/src/psa_functions_codes.h b/tests/psa-client-server/psasim/src/psa_functions_codes.h index 44ebf678f4..12c05e3cdd 100644 --- a/tests/psa-client-server/psasim/src/psa_functions_codes.h +++ b/tests/psa-client-server/psasim/src/psa_functions_codes.h @@ -24,6 +24,15 @@ enum { PSA_AEAD_UPDATE, PSA_AEAD_UPDATE_AD, PSA_AEAD_VERIFY, + PSA_CIPHER_ABORT, + PSA_CIPHER_DECRYPT, + PSA_CIPHER_DECRYPT_SETUP, + PSA_CIPHER_ENCRYPT, + PSA_CIPHER_ENCRYPT_SETUP, + PSA_CIPHER_FINISH, + PSA_CIPHER_GENERATE_IV, + PSA_CIPHER_SET_IV, + PSA_CIPHER_UPDATE, PSA_DESTROY_KEY, PSA_GENERATE_RANDOM, PSA_GET_KEY_ATTRIBUTES, diff --git a/tests/psa-client-server/psasim/src/psa_sim_crypto_client.c b/tests/psa-client-server/psasim/src/psa_sim_crypto_client.c index 844c93951d..613aa1f357 100644 --- a/tests/psa-client-server/psasim/src/psa_sim_crypto_client.c +++ b/tests/psa-client-server/psasim/src/psa_sim_crypto_client.c @@ -1133,6 +1133,733 @@ fail: } +psa_status_t psa_cipher_abort( + psa_cipher_operation_t *operation + ) +{ + uint8_t *params = NULL; + uint8_t *result = NULL; + size_t result_length; + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + + size_t needed = psasim_serialise_begin_needs() + + psasim_serialise_psa_cipher_operation_t_needs(*operation); + + params = malloc(needed); + if (params == NULL) { + status = PSA_ERROR_INSUFFICIENT_MEMORY; + goto fail; + } + + uint8_t *pos = params; + size_t remaining = needed; + int ok; + ok = psasim_serialise_begin(&pos, &remaining); + if (!ok) { + goto fail; + } + ok = psasim_serialise_psa_cipher_operation_t(&pos, &remaining, *operation); + if (!ok) { + goto fail; + } + + ok = psa_crypto_call(PSA_CIPHER_ABORT, + params, (size_t) (pos - params), &result, &result_length); + if (!ok) { + printf("PSA_CIPHER_ABORT server call failed\n"); + goto fail; + } + + uint8_t *rpos = result; + size_t rremain = result_length; + + ok = psasim_deserialise_begin(&rpos, &rremain); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_psa_status_t(&rpos, &rremain, &status); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_psa_cipher_operation_t(&rpos, &rremain, operation); + if (!ok) { + goto fail; + } + +fail: + free(params); + free(result); + + return status; +} + + +psa_status_t psa_cipher_decrypt( + mbedtls_svc_key_id_t key, + psa_algorithm_t alg, + const uint8_t *input, size_t input_length, + uint8_t *output, size_t output_size, + size_t *output_length + ) +{ + uint8_t *params = NULL; + uint8_t *result = NULL; + size_t result_length; + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + + size_t needed = psasim_serialise_begin_needs() + + psasim_serialise_mbedtls_svc_key_id_t_needs(key) + + psasim_serialise_psa_algorithm_t_needs(alg) + + psasim_serialise_buffer_needs(input, input_length) + + psasim_serialise_buffer_needs(output, output_size) + + psasim_serialise_size_t_needs(*output_length); + + params = malloc(needed); + if (params == NULL) { + status = PSA_ERROR_INSUFFICIENT_MEMORY; + goto fail; + } + + uint8_t *pos = params; + size_t remaining = needed; + int ok; + ok = psasim_serialise_begin(&pos, &remaining); + if (!ok) { + goto fail; + } + ok = psasim_serialise_mbedtls_svc_key_id_t(&pos, &remaining, key); + if (!ok) { + goto fail; + } + ok = psasim_serialise_psa_algorithm_t(&pos, &remaining, alg); + if (!ok) { + goto fail; + } + ok = psasim_serialise_buffer(&pos, &remaining, input, input_length); + if (!ok) { + goto fail; + } + ok = psasim_serialise_buffer(&pos, &remaining, output, output_size); + if (!ok) { + goto fail; + } + ok = psasim_serialise_size_t(&pos, &remaining, *output_length); + if (!ok) { + goto fail; + } + + ok = psa_crypto_call(PSA_CIPHER_DECRYPT, + params, (size_t) (pos - params), &result, &result_length); + if (!ok) { + printf("PSA_CIPHER_DECRYPT server call failed\n"); + goto fail; + } + + uint8_t *rpos = result; + size_t rremain = result_length; + + ok = psasim_deserialise_begin(&rpos, &rremain); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_psa_status_t(&rpos, &rremain, &status); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_return_buffer(&rpos, &rremain, output, output_size); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_size_t(&rpos, &rremain, output_length); + if (!ok) { + goto fail; + } + +fail: + free(params); + free(result); + + return status; +} + + +psa_status_t psa_cipher_decrypt_setup( + psa_cipher_operation_t *operation, + mbedtls_svc_key_id_t key, + psa_algorithm_t alg + ) +{ + uint8_t *params = NULL; + uint8_t *result = NULL; + size_t result_length; + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + + size_t needed = psasim_serialise_begin_needs() + + psasim_serialise_psa_cipher_operation_t_needs(*operation) + + psasim_serialise_mbedtls_svc_key_id_t_needs(key) + + psasim_serialise_psa_algorithm_t_needs(alg); + + params = malloc(needed); + if (params == NULL) { + status = PSA_ERROR_INSUFFICIENT_MEMORY; + goto fail; + } + + uint8_t *pos = params; + size_t remaining = needed; + int ok; + ok = psasim_serialise_begin(&pos, &remaining); + if (!ok) { + goto fail; + } + ok = psasim_serialise_psa_cipher_operation_t(&pos, &remaining, *operation); + if (!ok) { + goto fail; + } + ok = psasim_serialise_mbedtls_svc_key_id_t(&pos, &remaining, key); + if (!ok) { + goto fail; + } + ok = psasim_serialise_psa_algorithm_t(&pos, &remaining, alg); + if (!ok) { + goto fail; + } + + ok = psa_crypto_call(PSA_CIPHER_DECRYPT_SETUP, + params, (size_t) (pos - params), &result, &result_length); + if (!ok) { + printf("PSA_CIPHER_DECRYPT_SETUP server call failed\n"); + goto fail; + } + + uint8_t *rpos = result; + size_t rremain = result_length; + + ok = psasim_deserialise_begin(&rpos, &rremain); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_psa_status_t(&rpos, &rremain, &status); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_psa_cipher_operation_t(&rpos, &rremain, operation); + if (!ok) { + goto fail; + } + +fail: + free(params); + free(result); + + return status; +} + + +psa_status_t psa_cipher_encrypt( + mbedtls_svc_key_id_t key, + psa_algorithm_t alg, + const uint8_t *input, size_t input_length, + uint8_t *output, size_t output_size, + size_t *output_length + ) +{ + uint8_t *params = NULL; + uint8_t *result = NULL; + size_t result_length; + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + + size_t needed = psasim_serialise_begin_needs() + + psasim_serialise_mbedtls_svc_key_id_t_needs(key) + + psasim_serialise_psa_algorithm_t_needs(alg) + + psasim_serialise_buffer_needs(input, input_length) + + psasim_serialise_buffer_needs(output, output_size) + + psasim_serialise_size_t_needs(*output_length); + + params = malloc(needed); + if (params == NULL) { + status = PSA_ERROR_INSUFFICIENT_MEMORY; + goto fail; + } + + uint8_t *pos = params; + size_t remaining = needed; + int ok; + ok = psasim_serialise_begin(&pos, &remaining); + if (!ok) { + goto fail; + } + ok = psasim_serialise_mbedtls_svc_key_id_t(&pos, &remaining, key); + if (!ok) { + goto fail; + } + ok = psasim_serialise_psa_algorithm_t(&pos, &remaining, alg); + if (!ok) { + goto fail; + } + ok = psasim_serialise_buffer(&pos, &remaining, input, input_length); + if (!ok) { + goto fail; + } + ok = psasim_serialise_buffer(&pos, &remaining, output, output_size); + if (!ok) { + goto fail; + } + ok = psasim_serialise_size_t(&pos, &remaining, *output_length); + if (!ok) { + goto fail; + } + + ok = psa_crypto_call(PSA_CIPHER_ENCRYPT, + params, (size_t) (pos - params), &result, &result_length); + if (!ok) { + printf("PSA_CIPHER_ENCRYPT server call failed\n"); + goto fail; + } + + uint8_t *rpos = result; + size_t rremain = result_length; + + ok = psasim_deserialise_begin(&rpos, &rremain); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_psa_status_t(&rpos, &rremain, &status); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_return_buffer(&rpos, &rremain, output, output_size); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_size_t(&rpos, &rremain, output_length); + if (!ok) { + goto fail; + } + +fail: + free(params); + free(result); + + return status; +} + + +psa_status_t psa_cipher_encrypt_setup( + psa_cipher_operation_t *operation, + mbedtls_svc_key_id_t key, + psa_algorithm_t alg + ) +{ + uint8_t *params = NULL; + uint8_t *result = NULL; + size_t result_length; + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + + size_t needed = psasim_serialise_begin_needs() + + psasim_serialise_psa_cipher_operation_t_needs(*operation) + + psasim_serialise_mbedtls_svc_key_id_t_needs(key) + + psasim_serialise_psa_algorithm_t_needs(alg); + + params = malloc(needed); + if (params == NULL) { + status = PSA_ERROR_INSUFFICIENT_MEMORY; + goto fail; + } + + uint8_t *pos = params; + size_t remaining = needed; + int ok; + ok = psasim_serialise_begin(&pos, &remaining); + if (!ok) { + goto fail; + } + ok = psasim_serialise_psa_cipher_operation_t(&pos, &remaining, *operation); + if (!ok) { + goto fail; + } + ok = psasim_serialise_mbedtls_svc_key_id_t(&pos, &remaining, key); + if (!ok) { + goto fail; + } + ok = psasim_serialise_psa_algorithm_t(&pos, &remaining, alg); + if (!ok) { + goto fail; + } + + ok = psa_crypto_call(PSA_CIPHER_ENCRYPT_SETUP, + params, (size_t) (pos - params), &result, &result_length); + if (!ok) { + printf("PSA_CIPHER_ENCRYPT_SETUP server call failed\n"); + goto fail; + } + + uint8_t *rpos = result; + size_t rremain = result_length; + + ok = psasim_deserialise_begin(&rpos, &rremain); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_psa_status_t(&rpos, &rremain, &status); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_psa_cipher_operation_t(&rpos, &rremain, operation); + if (!ok) { + goto fail; + } + +fail: + free(params); + free(result); + + return status; +} + + +psa_status_t psa_cipher_finish( + psa_cipher_operation_t *operation, + uint8_t *output, size_t output_size, + size_t *output_length + ) +{ + uint8_t *params = NULL; + uint8_t *result = NULL; + size_t result_length; + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + + size_t needed = psasim_serialise_begin_needs() + + psasim_serialise_psa_cipher_operation_t_needs(*operation) + + psasim_serialise_buffer_needs(output, output_size) + + psasim_serialise_size_t_needs(*output_length); + + params = malloc(needed); + if (params == NULL) { + status = PSA_ERROR_INSUFFICIENT_MEMORY; + goto fail; + } + + uint8_t *pos = params; + size_t remaining = needed; + int ok; + ok = psasim_serialise_begin(&pos, &remaining); + if (!ok) { + goto fail; + } + ok = psasim_serialise_psa_cipher_operation_t(&pos, &remaining, *operation); + if (!ok) { + goto fail; + } + ok = psasim_serialise_buffer(&pos, &remaining, output, output_size); + if (!ok) { + goto fail; + } + ok = psasim_serialise_size_t(&pos, &remaining, *output_length); + if (!ok) { + goto fail; + } + + ok = psa_crypto_call(PSA_CIPHER_FINISH, + params, (size_t) (pos - params), &result, &result_length); + if (!ok) { + printf("PSA_CIPHER_FINISH server call failed\n"); + goto fail; + } + + uint8_t *rpos = result; + size_t rremain = result_length; + + ok = psasim_deserialise_begin(&rpos, &rremain); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_psa_status_t(&rpos, &rremain, &status); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_psa_cipher_operation_t(&rpos, &rremain, operation); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_return_buffer(&rpos, &rremain, output, output_size); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_size_t(&rpos, &rremain, output_length); + if (!ok) { + goto fail; + } + +fail: + free(params); + free(result); + + return status; +} + + +psa_status_t psa_cipher_generate_iv( + psa_cipher_operation_t *operation, + uint8_t *iv, size_t iv_size, + size_t *iv_length + ) +{ + uint8_t *params = NULL; + uint8_t *result = NULL; + size_t result_length; + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + + size_t needed = psasim_serialise_begin_needs() + + psasim_serialise_psa_cipher_operation_t_needs(*operation) + + psasim_serialise_buffer_needs(iv, iv_size) + + psasim_serialise_size_t_needs(*iv_length); + + params = malloc(needed); + if (params == NULL) { + status = PSA_ERROR_INSUFFICIENT_MEMORY; + goto fail; + } + + uint8_t *pos = params; + size_t remaining = needed; + int ok; + ok = psasim_serialise_begin(&pos, &remaining); + if (!ok) { + goto fail; + } + ok = psasim_serialise_psa_cipher_operation_t(&pos, &remaining, *operation); + if (!ok) { + goto fail; + } + ok = psasim_serialise_buffer(&pos, &remaining, iv, iv_size); + if (!ok) { + goto fail; + } + ok = psasim_serialise_size_t(&pos, &remaining, *iv_length); + if (!ok) { + goto fail; + } + + ok = psa_crypto_call(PSA_CIPHER_GENERATE_IV, + params, (size_t) (pos - params), &result, &result_length); + if (!ok) { + printf("PSA_CIPHER_GENERATE_IV server call failed\n"); + goto fail; + } + + uint8_t *rpos = result; + size_t rremain = result_length; + + ok = psasim_deserialise_begin(&rpos, &rremain); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_psa_status_t(&rpos, &rremain, &status); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_psa_cipher_operation_t(&rpos, &rremain, operation); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_return_buffer(&rpos, &rremain, iv, iv_size); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_size_t(&rpos, &rremain, iv_length); + if (!ok) { + goto fail; + } + +fail: + free(params); + free(result); + + return status; +} + + +psa_status_t psa_cipher_set_iv( + psa_cipher_operation_t *operation, + const uint8_t *iv, size_t iv_length + ) +{ + uint8_t *params = NULL; + uint8_t *result = NULL; + size_t result_length; + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + + size_t needed = psasim_serialise_begin_needs() + + psasim_serialise_psa_cipher_operation_t_needs(*operation) + + psasim_serialise_buffer_needs(iv, iv_length); + + params = malloc(needed); + if (params == NULL) { + status = PSA_ERROR_INSUFFICIENT_MEMORY; + goto fail; + } + + uint8_t *pos = params; + size_t remaining = needed; + int ok; + ok = psasim_serialise_begin(&pos, &remaining); + if (!ok) { + goto fail; + } + ok = psasim_serialise_psa_cipher_operation_t(&pos, &remaining, *operation); + if (!ok) { + goto fail; + } + ok = psasim_serialise_buffer(&pos, &remaining, iv, iv_length); + if (!ok) { + goto fail; + } + + ok = psa_crypto_call(PSA_CIPHER_SET_IV, + params, (size_t) (pos - params), &result, &result_length); + if (!ok) { + printf("PSA_CIPHER_SET_IV server call failed\n"); + goto fail; + } + + uint8_t *rpos = result; + size_t rremain = result_length; + + ok = psasim_deserialise_begin(&rpos, &rremain); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_psa_status_t(&rpos, &rremain, &status); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_psa_cipher_operation_t(&rpos, &rremain, operation); + if (!ok) { + goto fail; + } + +fail: + free(params); + free(result); + + return status; +} + + +psa_status_t psa_cipher_update( + psa_cipher_operation_t *operation, + const uint8_t *input, size_t input_length, + uint8_t *output, size_t output_size, + size_t *output_length + ) +{ + uint8_t *params = NULL; + uint8_t *result = NULL; + size_t result_length; + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + + size_t needed = psasim_serialise_begin_needs() + + psasim_serialise_psa_cipher_operation_t_needs(*operation) + + psasim_serialise_buffer_needs(input, input_length) + + psasim_serialise_buffer_needs(output, output_size) + + psasim_serialise_size_t_needs(*output_length); + + params = malloc(needed); + if (params == NULL) { + status = PSA_ERROR_INSUFFICIENT_MEMORY; + goto fail; + } + + uint8_t *pos = params; + size_t remaining = needed; + int ok; + ok = psasim_serialise_begin(&pos, &remaining); + if (!ok) { + goto fail; + } + ok = psasim_serialise_psa_cipher_operation_t(&pos, &remaining, *operation); + if (!ok) { + goto fail; + } + ok = psasim_serialise_buffer(&pos, &remaining, input, input_length); + if (!ok) { + goto fail; + } + ok = psasim_serialise_buffer(&pos, &remaining, output, output_size); + if (!ok) { + goto fail; + } + ok = psasim_serialise_size_t(&pos, &remaining, *output_length); + if (!ok) { + goto fail; + } + + ok = psa_crypto_call(PSA_CIPHER_UPDATE, + params, (size_t) (pos - params), &result, &result_length); + if (!ok) { + printf("PSA_CIPHER_UPDATE server call failed\n"); + goto fail; + } + + uint8_t *rpos = result; + size_t rremain = result_length; + + ok = psasim_deserialise_begin(&rpos, &rremain); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_psa_status_t(&rpos, &rremain, &status); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_psa_cipher_operation_t(&rpos, &rremain, operation); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_return_buffer(&rpos, &rremain, output, output_size); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_size_t(&rpos, &rremain, output_length); + if (!ok) { + goto fail; + } + +fail: + free(params); + free(result); + + return status; +} + + psa_status_t psa_destroy_key( mbedtls_svc_key_id_t key ) diff --git a/tests/psa-client-server/psasim/src/psa_sim_crypto_server.c b/tests/psa-client-server/psasim/src/psa_sim_crypto_server.c index 856186f6a3..897d50451d 100644 --- a/tests/psa-client-server/psasim/src/psa_sim_crypto_server.c +++ b/tests/psa-client-server/psasim/src/psa_sim_crypto_server.c @@ -1261,6 +1261,854 @@ fail: return 0; // This shouldn't happen! } +// Returns 1 for success, 0 for failure +int psa_cipher_abort_wrapper( + uint8_t *in_params, size_t in_params_len, + uint8_t **out_params, size_t *out_params_len) +{ + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + psa_cipher_operation_t *operation; + + uint8_t *pos = in_params; + size_t remaining = in_params_len; + uint8_t *result = NULL; + int ok; + + ok = psasim_deserialise_begin(&pos, &remaining); + if (!ok) { + goto fail; + } + + ok = psasim_server_deserialise_psa_cipher_operation_t(&pos, &remaining, &operation); + if (!ok) { + goto fail; + } + + // Now we call the actual target function + + status = psa_cipher_abort( + operation + ); + + // NOTE: Should really check there is no overflow as we go along. + size_t result_size = + psasim_serialise_begin_needs() + + psasim_serialise_psa_status_t_needs(status) + + psasim_server_serialise_psa_cipher_operation_t_needs(operation); + + result = malloc(result_size); + if (result == NULL) { + goto fail; + } + + uint8_t *rpos = result; + size_t rremain = result_size; + + ok = psasim_serialise_begin(&rpos, &rremain); + if (!ok) { + goto fail; + } + + ok = psasim_serialise_psa_status_t(&rpos, &rremain, status); + if (!ok) { + goto fail; + } + + ok = psasim_server_serialise_psa_cipher_operation_t(&rpos, &rremain, operation); + if (!ok) { + goto fail; + } + + *out_params = result; + *out_params_len = result_size; + + return 1; // success + +fail: + free(result); + + return 0; // This shouldn't happen! +} + +// Returns 1 for success, 0 for failure +int psa_cipher_decrypt_wrapper( + uint8_t *in_params, size_t in_params_len, + uint8_t **out_params, size_t *out_params_len) +{ + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + mbedtls_svc_key_id_t key; + psa_algorithm_t alg; + uint8_t *input = NULL; + size_t input_length; + uint8_t *output = NULL; + size_t output_size; + size_t output_length; + + uint8_t *pos = in_params; + size_t remaining = in_params_len; + uint8_t *result = NULL; + int ok; + + ok = psasim_deserialise_begin(&pos, &remaining); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_mbedtls_svc_key_id_t(&pos, &remaining, &key); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_psa_algorithm_t(&pos, &remaining, &alg); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_buffer(&pos, &remaining, &input, &input_length); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_buffer(&pos, &remaining, &output, &output_size); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_size_t(&pos, &remaining, &output_length); + if (!ok) { + goto fail; + } + + // Now we call the actual target function + + status = psa_cipher_decrypt( + key, + alg, + input, input_length, + output, output_size, + &output_length + ); + + // NOTE: Should really check there is no overflow as we go along. + size_t result_size = + psasim_serialise_begin_needs() + + psasim_serialise_psa_status_t_needs(status) + + psasim_serialise_buffer_needs(output, output_size) + + psasim_serialise_size_t_needs(output_length); + + result = malloc(result_size); + if (result == NULL) { + goto fail; + } + + uint8_t *rpos = result; + size_t rremain = result_size; + + ok = psasim_serialise_begin(&rpos, &rremain); + if (!ok) { + goto fail; + } + + ok = psasim_serialise_psa_status_t(&rpos, &rremain, status); + if (!ok) { + goto fail; + } + + ok = psasim_serialise_buffer(&rpos, &rremain, output, output_size); + if (!ok) { + goto fail; + } + + ok = psasim_serialise_size_t(&rpos, &rremain, output_length); + if (!ok) { + goto fail; + } + + *out_params = result; + *out_params_len = result_size; + + free(input); + free(output); + + return 1; // success + +fail: + free(result); + + free(input); + free(output); + + return 0; // This shouldn't happen! +} + +// Returns 1 for success, 0 for failure +int psa_cipher_decrypt_setup_wrapper( + uint8_t *in_params, size_t in_params_len, + uint8_t **out_params, size_t *out_params_len) +{ + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + psa_cipher_operation_t *operation; + mbedtls_svc_key_id_t key; + psa_algorithm_t alg; + + uint8_t *pos = in_params; + size_t remaining = in_params_len; + uint8_t *result = NULL; + int ok; + + ok = psasim_deserialise_begin(&pos, &remaining); + if (!ok) { + goto fail; + } + + ok = psasim_server_deserialise_psa_cipher_operation_t(&pos, &remaining, &operation); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_mbedtls_svc_key_id_t(&pos, &remaining, &key); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_psa_algorithm_t(&pos, &remaining, &alg); + if (!ok) { + goto fail; + } + + // Now we call the actual target function + + status = psa_cipher_decrypt_setup( + operation, + key, + alg + ); + + // NOTE: Should really check there is no overflow as we go along. + size_t result_size = + psasim_serialise_begin_needs() + + psasim_serialise_psa_status_t_needs(status) + + psasim_server_serialise_psa_cipher_operation_t_needs(operation); + + result = malloc(result_size); + if (result == NULL) { + goto fail; + } + + uint8_t *rpos = result; + size_t rremain = result_size; + + ok = psasim_serialise_begin(&rpos, &rremain); + if (!ok) { + goto fail; + } + + ok = psasim_serialise_psa_status_t(&rpos, &rremain, status); + if (!ok) { + goto fail; + } + + ok = psasim_server_serialise_psa_cipher_operation_t(&rpos, &rremain, operation); + if (!ok) { + goto fail; + } + + *out_params = result; + *out_params_len = result_size; + + return 1; // success + +fail: + free(result); + + return 0; // This shouldn't happen! +} + +// Returns 1 for success, 0 for failure +int psa_cipher_encrypt_wrapper( + uint8_t *in_params, size_t in_params_len, + uint8_t **out_params, size_t *out_params_len) +{ + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + mbedtls_svc_key_id_t key; + psa_algorithm_t alg; + uint8_t *input = NULL; + size_t input_length; + uint8_t *output = NULL; + size_t output_size; + size_t output_length; + + uint8_t *pos = in_params; + size_t remaining = in_params_len; + uint8_t *result = NULL; + int ok; + + ok = psasim_deserialise_begin(&pos, &remaining); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_mbedtls_svc_key_id_t(&pos, &remaining, &key); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_psa_algorithm_t(&pos, &remaining, &alg); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_buffer(&pos, &remaining, &input, &input_length); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_buffer(&pos, &remaining, &output, &output_size); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_size_t(&pos, &remaining, &output_length); + if (!ok) { + goto fail; + } + + // Now we call the actual target function + + status = psa_cipher_encrypt( + key, + alg, + input, input_length, + output, output_size, + &output_length + ); + + // NOTE: Should really check there is no overflow as we go along. + size_t result_size = + psasim_serialise_begin_needs() + + psasim_serialise_psa_status_t_needs(status) + + psasim_serialise_buffer_needs(output, output_size) + + psasim_serialise_size_t_needs(output_length); + + result = malloc(result_size); + if (result == NULL) { + goto fail; + } + + uint8_t *rpos = result; + size_t rremain = result_size; + + ok = psasim_serialise_begin(&rpos, &rremain); + if (!ok) { + goto fail; + } + + ok = psasim_serialise_psa_status_t(&rpos, &rremain, status); + if (!ok) { + goto fail; + } + + ok = psasim_serialise_buffer(&rpos, &rremain, output, output_size); + if (!ok) { + goto fail; + } + + ok = psasim_serialise_size_t(&rpos, &rremain, output_length); + if (!ok) { + goto fail; + } + + *out_params = result; + *out_params_len = result_size; + + free(input); + free(output); + + return 1; // success + +fail: + free(result); + + free(input); + free(output); + + return 0; // This shouldn't happen! +} + +// Returns 1 for success, 0 for failure +int psa_cipher_encrypt_setup_wrapper( + uint8_t *in_params, size_t in_params_len, + uint8_t **out_params, size_t *out_params_len) +{ + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + psa_cipher_operation_t *operation; + mbedtls_svc_key_id_t key; + psa_algorithm_t alg; + + uint8_t *pos = in_params; + size_t remaining = in_params_len; + uint8_t *result = NULL; + int ok; + + ok = psasim_deserialise_begin(&pos, &remaining); + if (!ok) { + goto fail; + } + + ok = psasim_server_deserialise_psa_cipher_operation_t(&pos, &remaining, &operation); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_mbedtls_svc_key_id_t(&pos, &remaining, &key); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_psa_algorithm_t(&pos, &remaining, &alg); + if (!ok) { + goto fail; + } + + // Now we call the actual target function + + status = psa_cipher_encrypt_setup( + operation, + key, + alg + ); + + // NOTE: Should really check there is no overflow as we go along. + size_t result_size = + psasim_serialise_begin_needs() + + psasim_serialise_psa_status_t_needs(status) + + psasim_server_serialise_psa_cipher_operation_t_needs(operation); + + result = malloc(result_size); + if (result == NULL) { + goto fail; + } + + uint8_t *rpos = result; + size_t rremain = result_size; + + ok = psasim_serialise_begin(&rpos, &rremain); + if (!ok) { + goto fail; + } + + ok = psasim_serialise_psa_status_t(&rpos, &rremain, status); + if (!ok) { + goto fail; + } + + ok = psasim_server_serialise_psa_cipher_operation_t(&rpos, &rremain, operation); + if (!ok) { + goto fail; + } + + *out_params = result; + *out_params_len = result_size; + + return 1; // success + +fail: + free(result); + + return 0; // This shouldn't happen! +} + +// Returns 1 for success, 0 for failure +int psa_cipher_finish_wrapper( + uint8_t *in_params, size_t in_params_len, + uint8_t **out_params, size_t *out_params_len) +{ + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + psa_cipher_operation_t *operation; + uint8_t *output = NULL; + size_t output_size; + size_t output_length; + + uint8_t *pos = in_params; + size_t remaining = in_params_len; + uint8_t *result = NULL; + int ok; + + ok = psasim_deserialise_begin(&pos, &remaining); + if (!ok) { + goto fail; + } + + ok = psasim_server_deserialise_psa_cipher_operation_t(&pos, &remaining, &operation); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_buffer(&pos, &remaining, &output, &output_size); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_size_t(&pos, &remaining, &output_length); + if (!ok) { + goto fail; + } + + // Now we call the actual target function + + status = psa_cipher_finish( + operation, + output, output_size, + &output_length + ); + + // NOTE: Should really check there is no overflow as we go along. + size_t result_size = + psasim_serialise_begin_needs() + + psasim_serialise_psa_status_t_needs(status) + + psasim_server_serialise_psa_cipher_operation_t_needs(operation) + + psasim_serialise_buffer_needs(output, output_size) + + psasim_serialise_size_t_needs(output_length); + + result = malloc(result_size); + if (result == NULL) { + goto fail; + } + + uint8_t *rpos = result; + size_t rremain = result_size; + + ok = psasim_serialise_begin(&rpos, &rremain); + if (!ok) { + goto fail; + } + + ok = psasim_serialise_psa_status_t(&rpos, &rremain, status); + if (!ok) { + goto fail; + } + + ok = psasim_server_serialise_psa_cipher_operation_t(&rpos, &rremain, operation); + if (!ok) { + goto fail; + } + + ok = psasim_serialise_buffer(&rpos, &rremain, output, output_size); + if (!ok) { + goto fail; + } + + ok = psasim_serialise_size_t(&rpos, &rremain, output_length); + if (!ok) { + goto fail; + } + + *out_params = result; + *out_params_len = result_size; + + free(output); + + return 1; // success + +fail: + free(result); + + free(output); + + return 0; // This shouldn't happen! +} + +// Returns 1 for success, 0 for failure +int psa_cipher_generate_iv_wrapper( + uint8_t *in_params, size_t in_params_len, + uint8_t **out_params, size_t *out_params_len) +{ + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + psa_cipher_operation_t *operation; + uint8_t *iv = NULL; + size_t iv_size; + size_t iv_length; + + uint8_t *pos = in_params; + size_t remaining = in_params_len; + uint8_t *result = NULL; + int ok; + + ok = psasim_deserialise_begin(&pos, &remaining); + if (!ok) { + goto fail; + } + + ok = psasim_server_deserialise_psa_cipher_operation_t(&pos, &remaining, &operation); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_buffer(&pos, &remaining, &iv, &iv_size); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_size_t(&pos, &remaining, &iv_length); + if (!ok) { + goto fail; + } + + // Now we call the actual target function + + status = psa_cipher_generate_iv( + operation, + iv, iv_size, + &iv_length + ); + + // NOTE: Should really check there is no overflow as we go along. + size_t result_size = + psasim_serialise_begin_needs() + + psasim_serialise_psa_status_t_needs(status) + + psasim_server_serialise_psa_cipher_operation_t_needs(operation) + + psasim_serialise_buffer_needs(iv, iv_size) + + psasim_serialise_size_t_needs(iv_length); + + result = malloc(result_size); + if (result == NULL) { + goto fail; + } + + uint8_t *rpos = result; + size_t rremain = result_size; + + ok = psasim_serialise_begin(&rpos, &rremain); + if (!ok) { + goto fail; + } + + ok = psasim_serialise_psa_status_t(&rpos, &rremain, status); + if (!ok) { + goto fail; + } + + ok = psasim_server_serialise_psa_cipher_operation_t(&rpos, &rremain, operation); + if (!ok) { + goto fail; + } + + ok = psasim_serialise_buffer(&rpos, &rremain, iv, iv_size); + if (!ok) { + goto fail; + } + + ok = psasim_serialise_size_t(&rpos, &rremain, iv_length); + if (!ok) { + goto fail; + } + + *out_params = result; + *out_params_len = result_size; + + free(iv); + + return 1; // success + +fail: + free(result); + + free(iv); + + return 0; // This shouldn't happen! +} + +// Returns 1 for success, 0 for failure +int psa_cipher_set_iv_wrapper( + uint8_t *in_params, size_t in_params_len, + uint8_t **out_params, size_t *out_params_len) +{ + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + psa_cipher_operation_t *operation; + uint8_t *iv = NULL; + size_t iv_length; + + uint8_t *pos = in_params; + size_t remaining = in_params_len; + uint8_t *result = NULL; + int ok; + + ok = psasim_deserialise_begin(&pos, &remaining); + if (!ok) { + goto fail; + } + + ok = psasim_server_deserialise_psa_cipher_operation_t(&pos, &remaining, &operation); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_buffer(&pos, &remaining, &iv, &iv_length); + if (!ok) { + goto fail; + } + + // Now we call the actual target function + + status = psa_cipher_set_iv( + operation, + iv, iv_length + ); + + // NOTE: Should really check there is no overflow as we go along. + size_t result_size = + psasim_serialise_begin_needs() + + psasim_serialise_psa_status_t_needs(status) + + psasim_server_serialise_psa_cipher_operation_t_needs(operation); + + result = malloc(result_size); + if (result == NULL) { + goto fail; + } + + uint8_t *rpos = result; + size_t rremain = result_size; + + ok = psasim_serialise_begin(&rpos, &rremain); + if (!ok) { + goto fail; + } + + ok = psasim_serialise_psa_status_t(&rpos, &rremain, status); + if (!ok) { + goto fail; + } + + ok = psasim_server_serialise_psa_cipher_operation_t(&rpos, &rremain, operation); + if (!ok) { + goto fail; + } + + *out_params = result; + *out_params_len = result_size; + + free(iv); + + return 1; // success + +fail: + free(result); + + free(iv); + + return 0; // This shouldn't happen! +} + +// Returns 1 for success, 0 for failure +int psa_cipher_update_wrapper( + uint8_t *in_params, size_t in_params_len, + uint8_t **out_params, size_t *out_params_len) +{ + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + psa_cipher_operation_t *operation; + uint8_t *input = NULL; + size_t input_length; + uint8_t *output = NULL; + size_t output_size; + size_t output_length; + + uint8_t *pos = in_params; + size_t remaining = in_params_len; + uint8_t *result = NULL; + int ok; + + ok = psasim_deserialise_begin(&pos, &remaining); + if (!ok) { + goto fail; + } + + ok = psasim_server_deserialise_psa_cipher_operation_t(&pos, &remaining, &operation); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_buffer(&pos, &remaining, &input, &input_length); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_buffer(&pos, &remaining, &output, &output_size); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_size_t(&pos, &remaining, &output_length); + if (!ok) { + goto fail; + } + + // Now we call the actual target function + + status = psa_cipher_update( + operation, + input, input_length, + output, output_size, + &output_length + ); + + // NOTE: Should really check there is no overflow as we go along. + size_t result_size = + psasim_serialise_begin_needs() + + psasim_serialise_psa_status_t_needs(status) + + psasim_server_serialise_psa_cipher_operation_t_needs(operation) + + psasim_serialise_buffer_needs(output, output_size) + + psasim_serialise_size_t_needs(output_length); + + result = malloc(result_size); + if (result == NULL) { + goto fail; + } + + uint8_t *rpos = result; + size_t rremain = result_size; + + ok = psasim_serialise_begin(&rpos, &rremain); + if (!ok) { + goto fail; + } + + ok = psasim_serialise_psa_status_t(&rpos, &rremain, status); + if (!ok) { + goto fail; + } + + ok = psasim_server_serialise_psa_cipher_operation_t(&rpos, &rremain, operation); + if (!ok) { + goto fail; + } + + ok = psasim_serialise_buffer(&rpos, &rremain, output, output_size); + if (!ok) { + goto fail; + } + + ok = psasim_serialise_size_t(&rpos, &rremain, output_length); + if (!ok) { + goto fail; + } + + *out_params = result; + *out_params_len = result_size; + + free(input); + free(output); + + return 1; // success + +fail: + free(result); + + free(input); + free(output); + + return 0; // This shouldn't happen! +} + // Returns 1 for success, 0 for failure int psa_destroy_key_wrapper( uint8_t *in_params, size_t in_params_len, @@ -3022,6 +3870,42 @@ psa_status_t psa_crypto_call(psa_msg_t msg) ok = psa_aead_verify_wrapper(in_params, in_params_len, &out_params, &out_params_len); break; + case PSA_CIPHER_ABORT: + ok = psa_cipher_abort_wrapper(in_params, in_params_len, + &out_params, &out_params_len); + break; + case PSA_CIPHER_DECRYPT: + ok = psa_cipher_decrypt_wrapper(in_params, in_params_len, + &out_params, &out_params_len); + break; + case PSA_CIPHER_DECRYPT_SETUP: + ok = psa_cipher_decrypt_setup_wrapper(in_params, in_params_len, + &out_params, &out_params_len); + break; + case PSA_CIPHER_ENCRYPT: + ok = psa_cipher_encrypt_wrapper(in_params, in_params_len, + &out_params, &out_params_len); + break; + case PSA_CIPHER_ENCRYPT_SETUP: + ok = psa_cipher_encrypt_setup_wrapper(in_params, in_params_len, + &out_params, &out_params_len); + break; + case PSA_CIPHER_FINISH: + ok = psa_cipher_finish_wrapper(in_params, in_params_len, + &out_params, &out_params_len); + break; + case PSA_CIPHER_GENERATE_IV: + ok = psa_cipher_generate_iv_wrapper(in_params, in_params_len, + &out_params, &out_params_len); + break; + case PSA_CIPHER_SET_IV: + ok = psa_cipher_set_iv_wrapper(in_params, in_params_len, + &out_params, &out_params_len); + break; + case PSA_CIPHER_UPDATE: + ok = psa_cipher_update_wrapper(in_params, in_params_len, + &out_params, &out_params_len); + break; case PSA_DESTROY_KEY: ok = psa_destroy_key_wrapper(in_params, in_params_len, &out_params, &out_params_len); diff --git a/tests/psa-client-server/psasim/src/psa_sim_generate.pl b/tests/psa-client-server/psasim/src/psa_sim_generate.pl index ea5088e7a5..6cfcf86249 100755 --- a/tests/psa-client-server/psasim/src/psa_sim_generate.pl +++ b/tests/psa-client-server/psasim/src/psa_sim_generate.pl @@ -2802,3 +2802,463 @@ psa_status_t psa_mac_verify_finish(psa_mac_operation_t *operation, * results in this error code. */ psa_status_t psa_mac_abort(psa_mac_operation_t *operation); + +/** Encrypt a message using a symmetric cipher. + * + * This function encrypts a message with a random IV (initialization + * vector). Use the multipart operation interface with a + * #psa_cipher_operation_t object to provide other forms of IV. + * + * \param key Identifier of the key to use for the operation. + * It must allow the usage #PSA_KEY_USAGE_ENCRYPT. + * \param alg The cipher algorithm to compute + * (\c PSA_ALG_XXX value such that + * #PSA_ALG_IS_CIPHER(\p alg) is true). + * \param[in] input Buffer containing the message to encrypt. + * \param input_length Size of the \p input buffer in bytes. + * \param[out] output Buffer where the output is to be written. + * The output contains the IV followed by + * the ciphertext proper. + * \param output_size Size of the \p output buffer in bytes. + * \param[out] output_length On success, the number of bytes + * that make up the output. + * + * \retval #PSA_SUCCESS + * Success. + * \retval #PSA_ERROR_INVALID_HANDLE \emptydescription + * \retval #PSA_ERROR_NOT_PERMITTED \emptydescription + * \retval #PSA_ERROR_INVALID_ARGUMENT + * \p key is not compatible with \p alg. + * \retval #PSA_ERROR_NOT_SUPPORTED + * \p alg is not supported or is not a cipher algorithm. + * \retval #PSA_ERROR_BUFFER_TOO_SMALL \emptydescription + * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription + * \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription + * \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription + * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription + * \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription + * \retval #PSA_ERROR_BAD_STATE + * The library has not been previously initialized by psa_crypto_init(). + * It is implementation-dependent whether a failure to initialize + * results in this error code. + */ +psa_status_t psa_cipher_encrypt(mbedtls_svc_key_id_t key, + psa_algorithm_t alg, + const uint8_t *input, + size_t input_length, + uint8_t *output, + size_t output_size, + size_t *output_length); + +/** Decrypt a message using a symmetric cipher. + * + * This function decrypts a message encrypted with a symmetric cipher. + * + * \param key Identifier of the key to use for the operation. + * It must remain valid until the operation + * terminates. It must allow the usage + * #PSA_KEY_USAGE_DECRYPT. + * \param alg The cipher algorithm to compute + * (\c PSA_ALG_XXX value such that + * #PSA_ALG_IS_CIPHER(\p alg) is true). + * \param[in] input Buffer containing the message to decrypt. + * This consists of the IV followed by the + * ciphertext proper. + * \param input_length Size of the \p input buffer in bytes. + * \param[out] output Buffer where the plaintext is to be written. + * \param output_size Size of the \p output buffer in bytes. + * \param[out] output_length On success, the number of bytes + * that make up the output. + * + * \retval #PSA_SUCCESS + * Success. + * \retval #PSA_ERROR_INVALID_HANDLE \emptydescription + * \retval #PSA_ERROR_NOT_PERMITTED \emptydescription + * \retval #PSA_ERROR_INVALID_ARGUMENT + * \p key is not compatible with \p alg. + * \retval #PSA_ERROR_NOT_SUPPORTED + * \p alg is not supported or is not a cipher algorithm. + * \retval #PSA_ERROR_BUFFER_TOO_SMALL \emptydescription + * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription + * \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription + * \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription + * \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription + * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription + * \retval #PSA_ERROR_BAD_STATE + * The library has not been previously initialized by psa_crypto_init(). + * It is implementation-dependent whether a failure to initialize + * results in this error code. + */ +psa_status_t psa_cipher_decrypt(mbedtls_svc_key_id_t key, + psa_algorithm_t alg, + const uint8_t *input, + size_t input_length, + uint8_t *output, + size_t output_size, + size_t *output_length); + +/** The type of the state data structure for multipart cipher operations. + * + * Before calling any function on a cipher operation object, the application + * must initialize it by any of the following means: + * - Set the structure to all-bits-zero, for example: + * \code + * psa_cipher_operation_t operation; + * memset(&operation, 0, sizeof(operation)); + * \endcode + * - Initialize the structure to logical zero values, for example: + * \code + * psa_cipher_operation_t operation = {0}; + * \endcode + * - Initialize the structure to the initializer #PSA_CIPHER_OPERATION_INIT, + * for example: + * \code + * psa_cipher_operation_t operation = PSA_CIPHER_OPERATION_INIT; + * \endcode + * - Assign the result of the function psa_cipher_operation_init() + * to the structure, for example: + * \code + * psa_cipher_operation_t operation; + * operation = psa_cipher_operation_init(); + * \endcode + * + * This is an implementation-defined \c struct. Applications should not + * make any assumptions about the content of this structure. + * Implementation details can change in future versions without notice. */ +typedef struct psa_cipher_operation_s psa_cipher_operation_t; + +/** \def PSA_CIPHER_OPERATION_INIT + * + * This macro returns a suitable initializer for a cipher operation object of + * type #psa_cipher_operation_t. + */ + +/** Return an initial value for a cipher operation object. + */ +static psa_cipher_operation_t psa_cipher_operation_init(void); + +/** Set the key for a multipart symmetric encryption operation. + * + * The sequence of operations to encrypt a message with a symmetric cipher + * is as follows: + * -# Allocate an operation object which will be passed to all the functions + * listed here. + * -# Initialize the operation object with one of the methods described in the + * documentation for #psa_cipher_operation_t, e.g. + * #PSA_CIPHER_OPERATION_INIT. + * -# Call psa_cipher_encrypt_setup() to specify the algorithm and key. + * -# Call either psa_cipher_generate_iv() or psa_cipher_set_iv() to + * generate or set the IV (initialization vector). You should use + * psa_cipher_generate_iv() unless the protocol you are implementing + * requires a specific IV value. + * -# Call psa_cipher_update() zero, one or more times, passing a fragment + * of the message each time. + * -# Call psa_cipher_finish(). + * + * If an error occurs at any step after a call to psa_cipher_encrypt_setup(), + * the operation will need to be reset by a call to psa_cipher_abort(). The + * application may call psa_cipher_abort() at any time after the operation + * has been initialized. + * + * After a successful call to psa_cipher_encrypt_setup(), the application must + * eventually terminate the operation. The following events terminate an + * operation: + * - A successful call to psa_cipher_finish(). + * - A call to psa_cipher_abort(). + * + * \param[in,out] operation The operation object to set up. It must have + * been initialized as per the documentation for + * #psa_cipher_operation_t and not yet in use. + * \param key Identifier of the key to use for the operation. + * It must remain valid until the operation + * terminates. It must allow the usage + * #PSA_KEY_USAGE_ENCRYPT. + * \param alg The cipher algorithm to compute + * (\c PSA_ALG_XXX value such that + * #PSA_ALG_IS_CIPHER(\p alg) is true). + * + * \retval #PSA_SUCCESS + * Success. + * \retval #PSA_ERROR_INVALID_HANDLE \emptydescription + * \retval #PSA_ERROR_NOT_PERMITTED \emptydescription + * \retval #PSA_ERROR_INVALID_ARGUMENT + * \p key is not compatible with \p alg. + * \retval #PSA_ERROR_NOT_SUPPORTED + * \p alg is not supported or is not a cipher algorithm. + * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription + * \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription + * \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription + * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription + * \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription + * \retval #PSA_ERROR_BAD_STATE + * The operation state is not valid (it must be inactive), or + * the library has not been previously initialized by psa_crypto_init(). + * It is implementation-dependent whether a failure to initialize + * results in this error code. + */ +psa_status_t psa_cipher_encrypt_setup(psa_cipher_operation_t *operation, + mbedtls_svc_key_id_t key, + psa_algorithm_t alg); + +/** Set the key for a multipart symmetric decryption operation. + * + * The sequence of operations to decrypt a message with a symmetric cipher + * is as follows: + * -# Allocate an operation object which will be passed to all the functions + * listed here. + * -# Initialize the operation object with one of the methods described in the + * documentation for #psa_cipher_operation_t, e.g. + * #PSA_CIPHER_OPERATION_INIT. + * -# Call psa_cipher_decrypt_setup() to specify the algorithm and key. + * -# Call psa_cipher_set_iv() with the IV (initialization vector) for the + * decryption. If the IV is prepended to the ciphertext, you can call + * psa_cipher_update() on a buffer containing the IV followed by the + * beginning of the message. + * -# Call psa_cipher_update() zero, one or more times, passing a fragment + * of the message each time. + * -# Call psa_cipher_finish(). + * + * If an error occurs at any step after a call to psa_cipher_decrypt_setup(), + * the operation will need to be reset by a call to psa_cipher_abort(). The + * application may call psa_cipher_abort() at any time after the operation + * has been initialized. + * + * After a successful call to psa_cipher_decrypt_setup(), the application must + * eventually terminate the operation. The following events terminate an + * operation: + * - A successful call to psa_cipher_finish(). + * - A call to psa_cipher_abort(). + * + * \param[in,out] operation The operation object to set up. It must have + * been initialized as per the documentation for + * #psa_cipher_operation_t and not yet in use. + * \param key Identifier of the key to use for the operation. + * It must remain valid until the operation + * terminates. It must allow the usage + * #PSA_KEY_USAGE_DECRYPT. + * \param alg The cipher algorithm to compute + * (\c PSA_ALG_XXX value such that + * #PSA_ALG_IS_CIPHER(\p alg) is true). + * + * \retval #PSA_SUCCESS + * Success. + * \retval #PSA_ERROR_INVALID_HANDLE \emptydescription + * \retval #PSA_ERROR_NOT_PERMITTED \emptydescription + * \retval #PSA_ERROR_INVALID_ARGUMENT + * \p key is not compatible with \p alg. + * \retval #PSA_ERROR_NOT_SUPPORTED + * \p alg is not supported or is not a cipher algorithm. + * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription + * \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription + * \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription + * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription + * \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription + * \retval #PSA_ERROR_BAD_STATE + * The operation state is not valid (it must be inactive), or + * the library has not been previously initialized by psa_crypto_init(). + * It is implementation-dependent whether a failure to initialize + * results in this error code. + */ +psa_status_t psa_cipher_decrypt_setup(psa_cipher_operation_t *operation, + mbedtls_svc_key_id_t key, + psa_algorithm_t alg); + +/** Generate an IV for a symmetric encryption operation. + * + * This function generates a random IV (initialization vector), nonce + * or initial counter value for the encryption operation as appropriate + * for the chosen algorithm, key type and key size. + * + * The application must call psa_cipher_encrypt_setup() before + * calling this function. + * + * If this function returns an error status, the operation enters an error + * state and must be aborted by calling psa_cipher_abort(). + * + * \param[in,out] operation Active cipher operation. + * \param[out] iv Buffer where the generated IV is to be written. + * \param iv_size Size of the \p iv buffer in bytes. + * \param[out] iv_length On success, the number of bytes of the + * generated IV. + * + * \retval #PSA_SUCCESS + * Success. + * \retval #PSA_ERROR_BUFFER_TOO_SMALL + * The size of the \p iv buffer is too small. + * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription + * \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription + * \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription + * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription + * \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription + * \retval #PSA_ERROR_BAD_STATE + * The operation state is not valid (it must be active, with no IV set), + * or the library has not been previously initialized + * by psa_crypto_init(). + * It is implementation-dependent whether a failure to initialize + * results in this error code. + */ +psa_status_t psa_cipher_generate_iv(psa_cipher_operation_t *operation, + uint8_t *iv, + size_t iv_size, + size_t *iv_length); + +/** Set the IV for a symmetric encryption or decryption operation. + * + * This function sets the IV (initialization vector), nonce + * or initial counter value for the encryption or decryption operation. + * + * The application must call psa_cipher_encrypt_setup() before + * calling this function. + * + * If this function returns an error status, the operation enters an error + * state and must be aborted by calling psa_cipher_abort(). + * + * \note When encrypting, applications should use psa_cipher_generate_iv() + * instead of this function, unless implementing a protocol that requires + * a non-random IV. + * + * \param[in,out] operation Active cipher operation. + * \param[in] iv Buffer containing the IV to use. + * \param iv_length Size of the IV in bytes. + * + * \retval #PSA_SUCCESS + * Success. + * \retval #PSA_ERROR_INVALID_ARGUMENT + * The size of \p iv is not acceptable for the chosen algorithm, + * or the chosen algorithm does not use an IV. + * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription + * \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription + * \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription + * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription + * \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription + * \retval #PSA_ERROR_BAD_STATE + * The operation state is not valid (it must be an active cipher + * encrypt operation, with no IV set), or the library has not been + * previously initialized by psa_crypto_init(). + * It is implementation-dependent whether a failure to initialize + * results in this error code. + */ +psa_status_t psa_cipher_set_iv(psa_cipher_operation_t *operation, + const uint8_t *iv, + size_t iv_length); + +/** Encrypt or decrypt a message fragment in an active cipher operation. + * + * Before calling this function, you must: + * 1. Call either psa_cipher_encrypt_setup() or psa_cipher_decrypt_setup(). + * The choice of setup function determines whether this function + * encrypts or decrypts its input. + * 2. If the algorithm requires an IV, call psa_cipher_generate_iv() + * (recommended when encrypting) or psa_cipher_set_iv(). + * + * If this function returns an error status, the operation enters an error + * state and must be aborted by calling psa_cipher_abort(). + * + * \param[in,out] operation Active cipher operation. + * \param[in] input Buffer containing the message fragment to + * encrypt or decrypt. + * \param input_length Size of the \p input buffer in bytes. + * \param[out] output Buffer where the output is to be written. + * \param output_size Size of the \p output buffer in bytes. + * \param[out] output_length On success, the number of bytes + * that make up the returned output. + * + * \retval #PSA_SUCCESS + * Success. + * \retval #PSA_ERROR_BUFFER_TOO_SMALL + * The size of the \p output buffer is too small. + * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription + * \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription + * \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription + * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription + * \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription + * \retval #PSA_ERROR_BAD_STATE + * The operation state is not valid (it must be active, with an IV set + * if required for the algorithm), or the library has not been + * previously initialized by psa_crypto_init(). + * It is implementation-dependent whether a failure to initialize + * results in this error code. + */ +psa_status_t psa_cipher_update(psa_cipher_operation_t *operation, + const uint8_t *input, + size_t input_length, + uint8_t *output, + size_t output_size, + size_t *output_length); + +/** Finish encrypting or decrypting a message in a cipher operation. + * + * The application must call psa_cipher_encrypt_setup() or + * psa_cipher_decrypt_setup() before calling this function. The choice + * of setup function determines whether this function encrypts or + * decrypts its input. + * + * This function finishes the encryption or decryption of the message + * formed by concatenating the inputs passed to preceding calls to + * psa_cipher_update(). + * + * When this function returns successfully, the operation becomes inactive. + * If this function returns an error status, the operation enters an error + * state and must be aborted by calling psa_cipher_abort(). + * + * \param[in,out] operation Active cipher operation. + * \param[out] output Buffer where the output is to be written. + * \param output_size Size of the \p output buffer in bytes. + * \param[out] output_length On success, the number of bytes + * that make up the returned output. + * + * \retval #PSA_SUCCESS + * Success. + * \retval #PSA_ERROR_INVALID_ARGUMENT + * The total input size passed to this operation is not valid for + * this particular algorithm. For example, the algorithm is a based + * on block cipher and requires a whole number of blocks, but the + * total input size is not a multiple of the block size. + * \retval #PSA_ERROR_INVALID_PADDING + * This is a decryption operation for an algorithm that includes + * padding, and the ciphertext does not contain valid padding. + * \retval #PSA_ERROR_BUFFER_TOO_SMALL + * The size of the \p output buffer is too small. + * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription + * \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription + * \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription + * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription + * \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription + * \retval #PSA_ERROR_BAD_STATE + * The operation state is not valid (it must be active, with an IV set + * if required for the algorithm), or the library has not been + * previously initialized by psa_crypto_init(). + * It is implementation-dependent whether a failure to initialize + * results in this error code. + */ +psa_status_t psa_cipher_finish(psa_cipher_operation_t *operation, + uint8_t *output, + size_t output_size, + size_t *output_length); + +/** Abort a cipher operation. + * + * Aborting an operation frees all associated resources except for the + * \p operation structure itself. Once aborted, the operation object + * can be reused for another operation by calling + * psa_cipher_encrypt_setup() or psa_cipher_decrypt_setup() again. + * + * You may call this function any time after the operation object has + * been initialized as described in #psa_cipher_operation_t. + * + * In particular, calling psa_cipher_abort() after the operation has been + * terminated by a call to psa_cipher_abort() or psa_cipher_finish() + * is safe and has no effect. + * + * \param[in,out] operation Initialized cipher operation. + * + * \retval #PSA_SUCCESS \emptydescription + * \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription + * \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription + * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription + * \retval #PSA_ERROR_BAD_STATE + * The library has not been previously initialized by psa_crypto_init(). + * It is implementation-dependent whether a failure to initialize + * results in this error code. + */ +psa_status_t psa_cipher_abort(psa_cipher_operation_t *operation); diff --git a/tests/psa-client-server/psasim/src/psa_sim_serialise.c b/tests/psa-client-server/psasim/src/psa_sim_serialise.c index 0cd2e09f95..975abd2bb9 100644 --- a/tests/psa-client-server/psasim/src/psa_sim_serialise.c +++ b/tests/psa-client-server/psasim/src/psa_sim_serialise.c @@ -177,6 +177,44 @@ static ssize_t find_mac_slot_by_handle(psasim_client_handle_t handle) return -1; /* not found */ } +static psa_cipher_operation_t cipher_operations[MAX_LIVE_HANDLES_PER_CLASS]; +static psasim_client_handle_t cipher_operation_handles[MAX_LIVE_HANDLES_PER_CLASS]; +static psasim_client_handle_t next_cipher_operation_handle = 1; + +/* Get a free slot */ +static ssize_t allocate_cipher_operation_slot(void) +{ + psasim_client_handle_t handle = next_cipher_operation_handle++; + if (next_cipher_operation_handle == 0) { /* wrapped around */ + FATAL("Cipher operation handle wrapped"); + } + + for (ssize_t i = 0; i < MAX_LIVE_HANDLES_PER_CLASS; i++) { + if (cipher_operation_handles[i] == 0) { + cipher_operation_handles[i] = handle; + return i; + } + } + + ERROR("All slots are currently used. Unable to allocate a new one."); + + return -1; /* all in use */ +} + +/* Find the slot given the handle */ +static ssize_t find_cipher_slot_by_handle(psasim_client_handle_t handle) +{ + for (ssize_t i = 0; i < MAX_LIVE_HANDLES_PER_CLASS; i++) { + if (cipher_operation_handles[i] == handle) { + return i; + } + } + + ERROR("Unable to find slot by handle %u", handle); + + return -1; /* not found */ +} + size_t psasim_serialise_begin_needs(void) { /* The serialisation buffer will @@ -810,6 +848,99 @@ int psasim_server_deserialise_psa_mac_operation_t(uint8_t **pos, return 1; } +size_t psasim_serialise_psa_cipher_operation_t_needs(psa_cipher_operation_t value) +{ + return sizeof(value); +} + +int psasim_serialise_psa_cipher_operation_t(uint8_t **pos, + size_t *remaining, + psa_cipher_operation_t value) +{ + if (*remaining < sizeof(value)) { + return 0; + } + + memcpy(*pos, &value, sizeof(value)); + *pos += sizeof(value); + + return 1; +} + +int psasim_deserialise_psa_cipher_operation_t(uint8_t **pos, + size_t *remaining, + psa_cipher_operation_t *value) +{ + if (*remaining < sizeof(*value)) { + return 0; + } + + memcpy(value, *pos, sizeof(*value)); + + *pos += sizeof(*value); + *remaining -= sizeof(*value); + + return 1; +} + +size_t psasim_server_serialise_psa_cipher_operation_t_needs(psa_cipher_operation_t *operation) +{ + (void) operation; + + /* We will actually return a handle */ + return sizeof(psasim_operation_t); +} + +int psasim_server_serialise_psa_cipher_operation_t(uint8_t **pos, + size_t *remaining, + psa_cipher_operation_t *operation) +{ + psasim_operation_t client_operation; + + if (*remaining < sizeof(client_operation)) { + return 0; + } + + ssize_t slot = operation - cipher_operations; + + client_operation.handle = cipher_operation_handles[slot]; + + memcpy(*pos, &client_operation, sizeof(client_operation)); + *pos += sizeof(client_operation); + + return 1; +} + +int psasim_server_deserialise_psa_cipher_operation_t(uint8_t **pos, + size_t *remaining, + psa_cipher_operation_t **operation) +{ + psasim_operation_t client_operation; + + if (*remaining < sizeof(psasim_operation_t)) { + return 0; + } + + memcpy(&client_operation, *pos, sizeof(psasim_operation_t)); + *pos += sizeof(psasim_operation_t); + *remaining -= sizeof(psasim_operation_t); + + ssize_t slot; + if (client_operation.handle == 0) { /* We need a new handle */ + slot = allocate_cipher_operation_slot(); + } else { + slot = find_cipher_slot_by_handle(client_operation.handle); + } + + if (slot < 0) { + return 0; + } + + *operation = &cipher_operations[slot]; + + return 1; +} + size_t psasim_serialise_mbedtls_svc_key_id_t_needs(mbedtls_svc_key_id_t value) { return sizeof(value); @@ -853,4 +984,6 @@ void psa_sim_serialize_reset(void) memset(aead_operations, 0, sizeof(aead_operations)); memset(mac_operation_handles, 0, sizeof(mac_operation_handles)); memset(mac_operations, 0, sizeof(mac_operations)); + memset(cipher_operation_handles, 0, sizeof(cipher_operation_handles)); + memset(cipher_operations, 0, sizeof(cipher_operations)); } diff --git a/tests/psa-client-server/psasim/src/psa_sim_serialise.h b/tests/psa-client-server/psasim/src/psa_sim_serialise.h index 11de3d711a..55b2acb3da 100644 --- a/tests/psa-client-server/psasim/src/psa_sim_serialise.h +++ b/tests/psa-client-server/psasim/src/psa_sim_serialise.h @@ -667,6 +667,90 @@ int psasim_server_deserialise_psa_mac_operation_t(uint8_t **pos, size_t *remaining, psa_mac_operation_t **value); +/** Return how much buffer space is needed by \c psasim_serialise_psa_cipher_operation_t() + * to serialise a `psa_cipher_operation_t`. + * + * \param value The value that will be serialised into the buffer + * (needed in case some serialisations are value- + * dependent). + * + * \return The number of bytes needed in the buffer by + * \c psasim_serialise_psa_cipher_operation_t() to serialise + * the given value. + */ +size_t psasim_serialise_psa_cipher_operation_t_needs(psa_cipher_operation_t value); + +/** Serialise a `psa_cipher_operation_t` into a buffer. + * + * \param pos[in,out] Pointer to a `uint8_t *` holding current position + * in the buffer. + * \param remaining[in,out] Pointer to a `size_t` holding number of bytes + * remaining in the buffer. + * \param value The value to serialise into the buffer. + * + * \return \c 1 on success ("okay"), \c 0 on error. + */ +int psasim_serialise_psa_cipher_operation_t(uint8_t **pos, + size_t *remaining, + psa_cipher_operation_t value); + +/** Deserialise a `psa_cipher_operation_t` from a buffer. + * + * \param pos[in,out] Pointer to a `uint8_t *` holding current position + * in the buffer. + * \param remaining[in,out] Pointer to a `size_t` holding number of bytes + * remaining in the buffer. + * \param value Pointer to a `psa_cipher_operation_t` to receive the value + * deserialised from the buffer. + * + * \return \c 1 on success ("okay"), \c 0 on error. + */ +int psasim_deserialise_psa_cipher_operation_t(uint8_t **pos, + size_t *remaining, + psa_cipher_operation_t *value); + +/** Return how much buffer space is needed by \c psasim_server_serialise_psa_cipher_operation_t() + * to serialise a `psa_cipher_operation_t`. + * + * \param value The value that will be serialised into the buffer + * (needed in case some serialisations are value- + * dependent). + * + * \return The number of bytes needed in the buffer by + * \c psasim_serialise_psa_cipher_operation_t() to serialise + * the given value. + */ +size_t psasim_server_serialise_psa_cipher_operation_t_needs(psa_cipher_operation_t *value); + +/** Serialise a `psa_cipher_operation_t` into a buffer on the server side. + * + * \param pos[in,out] Pointer to a `uint8_t *` holding current position + * in the buffer. + * \param remaining[in,out] Pointer to a `size_t` holding number of bytes + * remaining in the buffer. + * \param value The value to serialise into the buffer. + * + * \return \c 1 on success ("okay"), \c 0 on error. + */ +int psasim_server_serialise_psa_cipher_operation_t(uint8_t **pos, + size_t *remaining, + psa_cipher_operation_t *value); + +/** Deserialise a `psa_cipher_operation_t` from a buffer on the server side. + * + * \param pos[in,out] Pointer to a `uint8_t *` holding current position + * in the buffer. + * \param remaining[in,out] Pointer to a `size_t` holding number of bytes + * remaining in the buffer. + * \param value Pointer to a `psa_cipher_operation_t` to receive the value + * deserialised from the buffer. + * + * \return \c 1 on success ("okay"), \c 0 on error. + */ +int psasim_server_deserialise_psa_cipher_operation_t(uint8_t **pos, + size_t *remaining, + psa_cipher_operation_t **value); + /** Return how much buffer space is needed by \c psasim_serialise_mbedtls_svc_key_id_t() * to serialise a `mbedtls_svc_key_id_t`. * diff --git a/tests/psa-client-server/psasim/src/psa_sim_serialise.pl b/tests/psa-client-server/psasim/src/psa_sim_serialise.pl index 75f540b920..a47b918662 100755 --- a/tests/psa-client-server/psasim/src/psa_sim_serialise.pl +++ b/tests/psa-client-server/psasim/src/psa_sim_serialise.pl @@ -42,6 +42,7 @@ my @types = qw(unsigned-int int size_t psa_aead_operation_t psa_key_attributes_t psa_mac_operation_t + psa_cipher_operation_t mbedtls_svc_key_id_t); grep(s/-/ /g, @types); From 55b62dab75c63b65e7f0a4f4dc1a54c0427d4c99 Mon Sep 17 00:00:00 2001 From: Tom Cosgrove Date: Fri, 21 Jun 2024 15:28:19 +0100 Subject: [PATCH 369/429] psasim: skip some functions; see _SKIP_FUNCTIONS in generate_psa_wrappers.py Signed-off-by: Tom Cosgrove --- tests/psa-client-server/psasim/src/psa_sim_generate.pl | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/tests/psa-client-server/psasim/src/psa_sim_generate.pl b/tests/psa-client-server/psasim/src/psa_sim_generate.pl index 6cfcf86249..fdc3435377 100755 --- a/tests/psa-client-server/psasim/src/psa_sim_generate.pl +++ b/tests/psa-client-server/psasim/src/psa_sim_generate.pl @@ -18,6 +18,16 @@ my $debug = 0; my %functions = get_functions(); my @functions = sort keys %functions; +# We don't want these functions (e.g. because they are not implemented, etc) +my @skip_functions = qw( + psa_key_derivation_verify_bytes + psa_key_derivation_verify_key +); + +# Remove @skip_functions from @functions +my %skip_functions = map { $_ => 1 } @skip_functions; +@functions = grep(!exists($skip_functions{$_}), @functions); + # get_functions(), called above, returns a data structure for each function # that we need to create client and server stubs for. In this example Perl script, # the function declarations we want are in the data section (after __END__ at From c6d2e768d67088b5b4748b76b074e19582eb5cbc Mon Sep 17 00:00:00 2001 From: Tom Cosgrove Date: Fri, 21 Jun 2024 15:33:18 +0100 Subject: [PATCH 370/429] psasim: use ser_params and ser_result variable names in client; 'params' is needed by some PSA functions Signed-off-by: Tom Cosgrove --- .../psasim/src/psa_sim_crypto_client.c | 738 +++++++++--------- .../psasim/src/psa_sim_generate.pl | 24 +- 2 files changed, 381 insertions(+), 381 deletions(-) diff --git a/tests/psa-client-server/psasim/src/psa_sim_crypto_client.c b/tests/psa-client-server/psasim/src/psa_sim_crypto_client.c index 613aa1f357..1ae2dd7339 100644 --- a/tests/psa-client-server/psasim/src/psa_sim_crypto_client.c +++ b/tests/psa-client-server/psasim/src/psa_sim_crypto_client.c @@ -129,21 +129,21 @@ psa_status_t psa_aead_abort( psa_aead_operation_t *operation ) { - uint8_t *params = NULL; - uint8_t *result = NULL; + uint8_t *ser_params = NULL; + uint8_t *ser_result = NULL; size_t result_length; psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; size_t needed = psasim_serialise_begin_needs() + psasim_serialise_psa_aead_operation_t_needs(*operation); - params = malloc(needed); - if (params == NULL) { + ser_params = malloc(needed); + if (ser_params == NULL) { status = PSA_ERROR_INSUFFICIENT_MEMORY; goto fail; } - uint8_t *pos = params; + uint8_t *pos = ser_params; size_t remaining = needed; int ok; ok = psasim_serialise_begin(&pos, &remaining); @@ -156,13 +156,13 @@ psa_status_t psa_aead_abort( } ok = psa_crypto_call(PSA_AEAD_ABORT, - params, (size_t) (pos - params), &result, &result_length); + ser_params, (size_t) (pos - ser_params), &ser_result, &result_length); if (!ok) { printf("PSA_AEAD_ABORT server call failed\n"); goto fail; } - uint8_t *rpos = result; + uint8_t *rpos = ser_result; size_t rremain = result_length; ok = psasim_deserialise_begin(&rpos, &rremain); @@ -181,8 +181,8 @@ psa_status_t psa_aead_abort( } fail: - free(params); - free(result); + free(ser_params); + free(ser_result); return status; } @@ -198,8 +198,8 @@ psa_status_t psa_aead_decrypt( size_t *plaintext_length ) { - uint8_t *params = NULL; - uint8_t *result = NULL; + uint8_t *ser_params = NULL; + uint8_t *ser_result = NULL; size_t result_length; psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; @@ -212,13 +212,13 @@ psa_status_t psa_aead_decrypt( psasim_serialise_buffer_needs(plaintext, plaintext_size) + psasim_serialise_size_t_needs(*plaintext_length); - params = malloc(needed); - if (params == NULL) { + ser_params = malloc(needed); + if (ser_params == NULL) { status = PSA_ERROR_INSUFFICIENT_MEMORY; goto fail; } - uint8_t *pos = params; + uint8_t *pos = ser_params; size_t remaining = needed; int ok; ok = psasim_serialise_begin(&pos, &remaining); @@ -255,13 +255,13 @@ psa_status_t psa_aead_decrypt( } ok = psa_crypto_call(PSA_AEAD_DECRYPT, - params, (size_t) (pos - params), &result, &result_length); + ser_params, (size_t) (pos - ser_params), &ser_result, &result_length); if (!ok) { printf("PSA_AEAD_DECRYPT server call failed\n"); goto fail; } - uint8_t *rpos = result; + uint8_t *rpos = ser_result; size_t rremain = result_length; ok = psasim_deserialise_begin(&rpos, &rremain); @@ -285,8 +285,8 @@ psa_status_t psa_aead_decrypt( } fail: - free(params); - free(result); + free(ser_params); + free(ser_result); return status; } @@ -298,8 +298,8 @@ psa_status_t psa_aead_decrypt_setup( psa_algorithm_t alg ) { - uint8_t *params = NULL; - uint8_t *result = NULL; + uint8_t *ser_params = NULL; + uint8_t *ser_result = NULL; size_t result_length; psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; @@ -308,13 +308,13 @@ psa_status_t psa_aead_decrypt_setup( psasim_serialise_mbedtls_svc_key_id_t_needs(key) + psasim_serialise_psa_algorithm_t_needs(alg); - params = malloc(needed); - if (params == NULL) { + ser_params = malloc(needed); + if (ser_params == NULL) { status = PSA_ERROR_INSUFFICIENT_MEMORY; goto fail; } - uint8_t *pos = params; + uint8_t *pos = ser_params; size_t remaining = needed; int ok; ok = psasim_serialise_begin(&pos, &remaining); @@ -335,13 +335,13 @@ psa_status_t psa_aead_decrypt_setup( } ok = psa_crypto_call(PSA_AEAD_DECRYPT_SETUP, - params, (size_t) (pos - params), &result, &result_length); + ser_params, (size_t) (pos - ser_params), &ser_result, &result_length); if (!ok) { printf("PSA_AEAD_DECRYPT_SETUP server call failed\n"); goto fail; } - uint8_t *rpos = result; + uint8_t *rpos = ser_result; size_t rremain = result_length; ok = psasim_deserialise_begin(&rpos, &rremain); @@ -360,8 +360,8 @@ psa_status_t psa_aead_decrypt_setup( } fail: - free(params); - free(result); + free(ser_params); + free(ser_result); return status; } @@ -377,8 +377,8 @@ psa_status_t psa_aead_encrypt( size_t *ciphertext_length ) { - uint8_t *params = NULL; - uint8_t *result = NULL; + uint8_t *ser_params = NULL; + uint8_t *ser_result = NULL; size_t result_length; psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; @@ -391,13 +391,13 @@ psa_status_t psa_aead_encrypt( psasim_serialise_buffer_needs(ciphertext, ciphertext_size) + psasim_serialise_size_t_needs(*ciphertext_length); - params = malloc(needed); - if (params == NULL) { + ser_params = malloc(needed); + if (ser_params == NULL) { status = PSA_ERROR_INSUFFICIENT_MEMORY; goto fail; } - uint8_t *pos = params; + uint8_t *pos = ser_params; size_t remaining = needed; int ok; ok = psasim_serialise_begin(&pos, &remaining); @@ -434,13 +434,13 @@ psa_status_t psa_aead_encrypt( } ok = psa_crypto_call(PSA_AEAD_ENCRYPT, - params, (size_t) (pos - params), &result, &result_length); + ser_params, (size_t) (pos - ser_params), &ser_result, &result_length); if (!ok) { printf("PSA_AEAD_ENCRYPT server call failed\n"); goto fail; } - uint8_t *rpos = result; + uint8_t *rpos = ser_result; size_t rremain = result_length; ok = psasim_deserialise_begin(&rpos, &rremain); @@ -464,8 +464,8 @@ psa_status_t psa_aead_encrypt( } fail: - free(params); - free(result); + free(ser_params); + free(ser_result); return status; } @@ -477,8 +477,8 @@ psa_status_t psa_aead_encrypt_setup( psa_algorithm_t alg ) { - uint8_t *params = NULL; - uint8_t *result = NULL; + uint8_t *ser_params = NULL; + uint8_t *ser_result = NULL; size_t result_length; psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; @@ -487,13 +487,13 @@ psa_status_t psa_aead_encrypt_setup( psasim_serialise_mbedtls_svc_key_id_t_needs(key) + psasim_serialise_psa_algorithm_t_needs(alg); - params = malloc(needed); - if (params == NULL) { + ser_params = malloc(needed); + if (ser_params == NULL) { status = PSA_ERROR_INSUFFICIENT_MEMORY; goto fail; } - uint8_t *pos = params; + uint8_t *pos = ser_params; size_t remaining = needed; int ok; ok = psasim_serialise_begin(&pos, &remaining); @@ -514,13 +514,13 @@ psa_status_t psa_aead_encrypt_setup( } ok = psa_crypto_call(PSA_AEAD_ENCRYPT_SETUP, - params, (size_t) (pos - params), &result, &result_length); + ser_params, (size_t) (pos - ser_params), &ser_result, &result_length); if (!ok) { printf("PSA_AEAD_ENCRYPT_SETUP server call failed\n"); goto fail; } - uint8_t *rpos = result; + uint8_t *rpos = ser_result; size_t rremain = result_length; ok = psasim_deserialise_begin(&rpos, &rremain); @@ -539,8 +539,8 @@ psa_status_t psa_aead_encrypt_setup( } fail: - free(params); - free(result); + free(ser_params); + free(ser_result); return status; } @@ -554,8 +554,8 @@ psa_status_t psa_aead_finish( size_t *tag_length ) { - uint8_t *params = NULL; - uint8_t *result = NULL; + uint8_t *ser_params = NULL; + uint8_t *ser_result = NULL; size_t result_length; psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; @@ -566,13 +566,13 @@ psa_status_t psa_aead_finish( psasim_serialise_buffer_needs(tag, tag_size) + psasim_serialise_size_t_needs(*tag_length); - params = malloc(needed); - if (params == NULL) { + ser_params = malloc(needed); + if (ser_params == NULL) { status = PSA_ERROR_INSUFFICIENT_MEMORY; goto fail; } - uint8_t *pos = params; + uint8_t *pos = ser_params; size_t remaining = needed; int ok; ok = psasim_serialise_begin(&pos, &remaining); @@ -601,13 +601,13 @@ psa_status_t psa_aead_finish( } ok = psa_crypto_call(PSA_AEAD_FINISH, - params, (size_t) (pos - params), &result, &result_length); + ser_params, (size_t) (pos - ser_params), &ser_result, &result_length); if (!ok) { printf("PSA_AEAD_FINISH server call failed\n"); goto fail; } - uint8_t *rpos = result; + uint8_t *rpos = ser_result; size_t rremain = result_length; ok = psasim_deserialise_begin(&rpos, &rremain); @@ -646,8 +646,8 @@ psa_status_t psa_aead_finish( } fail: - free(params); - free(result); + free(ser_params); + free(ser_result); return status; } @@ -659,8 +659,8 @@ psa_status_t psa_aead_generate_nonce( size_t *nonce_length ) { - uint8_t *params = NULL; - uint8_t *result = NULL; + uint8_t *ser_params = NULL; + uint8_t *ser_result = NULL; size_t result_length; psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; @@ -669,13 +669,13 @@ psa_status_t psa_aead_generate_nonce( psasim_serialise_buffer_needs(nonce, nonce_size) + psasim_serialise_size_t_needs(*nonce_length); - params = malloc(needed); - if (params == NULL) { + ser_params = malloc(needed); + if (ser_params == NULL) { status = PSA_ERROR_INSUFFICIENT_MEMORY; goto fail; } - uint8_t *pos = params; + uint8_t *pos = ser_params; size_t remaining = needed; int ok; ok = psasim_serialise_begin(&pos, &remaining); @@ -696,13 +696,13 @@ psa_status_t psa_aead_generate_nonce( } ok = psa_crypto_call(PSA_AEAD_GENERATE_NONCE, - params, (size_t) (pos - params), &result, &result_length); + ser_params, (size_t) (pos - ser_params), &ser_result, &result_length); if (!ok) { printf("PSA_AEAD_GENERATE_NONCE server call failed\n"); goto fail; } - uint8_t *rpos = result; + uint8_t *rpos = ser_result; size_t rremain = result_length; ok = psasim_deserialise_begin(&rpos, &rremain); @@ -731,8 +731,8 @@ psa_status_t psa_aead_generate_nonce( } fail: - free(params); - free(result); + free(ser_params); + free(ser_result); return status; } @@ -744,8 +744,8 @@ psa_status_t psa_aead_set_lengths( size_t plaintext_length ) { - uint8_t *params = NULL; - uint8_t *result = NULL; + uint8_t *ser_params = NULL; + uint8_t *ser_result = NULL; size_t result_length; psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; @@ -754,13 +754,13 @@ psa_status_t psa_aead_set_lengths( psasim_serialise_size_t_needs(ad_length) + psasim_serialise_size_t_needs(plaintext_length); - params = malloc(needed); - if (params == NULL) { + ser_params = malloc(needed); + if (ser_params == NULL) { status = PSA_ERROR_INSUFFICIENT_MEMORY; goto fail; } - uint8_t *pos = params; + uint8_t *pos = ser_params; size_t remaining = needed; int ok; ok = psasim_serialise_begin(&pos, &remaining); @@ -781,13 +781,13 @@ psa_status_t psa_aead_set_lengths( } ok = psa_crypto_call(PSA_AEAD_SET_LENGTHS, - params, (size_t) (pos - params), &result, &result_length); + ser_params, (size_t) (pos - ser_params), &ser_result, &result_length); if (!ok) { printf("PSA_AEAD_SET_LENGTHS server call failed\n"); goto fail; } - uint8_t *rpos = result; + uint8_t *rpos = ser_result; size_t rremain = result_length; ok = psasim_deserialise_begin(&rpos, &rremain); @@ -806,8 +806,8 @@ psa_status_t psa_aead_set_lengths( } fail: - free(params); - free(result); + free(ser_params); + free(ser_result); return status; } @@ -818,8 +818,8 @@ psa_status_t psa_aead_set_nonce( const uint8_t *nonce, size_t nonce_length ) { - uint8_t *params = NULL; - uint8_t *result = NULL; + uint8_t *ser_params = NULL; + uint8_t *ser_result = NULL; size_t result_length; psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; @@ -827,13 +827,13 @@ psa_status_t psa_aead_set_nonce( psasim_serialise_psa_aead_operation_t_needs(*operation) + psasim_serialise_buffer_needs(nonce, nonce_length); - params = malloc(needed); - if (params == NULL) { + ser_params = malloc(needed); + if (ser_params == NULL) { status = PSA_ERROR_INSUFFICIENT_MEMORY; goto fail; } - uint8_t *pos = params; + uint8_t *pos = ser_params; size_t remaining = needed; int ok; ok = psasim_serialise_begin(&pos, &remaining); @@ -850,13 +850,13 @@ psa_status_t psa_aead_set_nonce( } ok = psa_crypto_call(PSA_AEAD_SET_NONCE, - params, (size_t) (pos - params), &result, &result_length); + ser_params, (size_t) (pos - ser_params), &ser_result, &result_length); if (!ok) { printf("PSA_AEAD_SET_NONCE server call failed\n"); goto fail; } - uint8_t *rpos = result; + uint8_t *rpos = ser_result; size_t rremain = result_length; ok = psasim_deserialise_begin(&rpos, &rremain); @@ -875,8 +875,8 @@ psa_status_t psa_aead_set_nonce( } fail: - free(params); - free(result); + free(ser_params); + free(ser_result); return status; } @@ -889,8 +889,8 @@ psa_status_t psa_aead_update( size_t *output_length ) { - uint8_t *params = NULL; - uint8_t *result = NULL; + uint8_t *ser_params = NULL; + uint8_t *ser_result = NULL; size_t result_length; psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; @@ -900,13 +900,13 @@ psa_status_t psa_aead_update( psasim_serialise_buffer_needs(output, output_size) + psasim_serialise_size_t_needs(*output_length); - params = malloc(needed); - if (params == NULL) { + ser_params = malloc(needed); + if (ser_params == NULL) { status = PSA_ERROR_INSUFFICIENT_MEMORY; goto fail; } - uint8_t *pos = params; + uint8_t *pos = ser_params; size_t remaining = needed; int ok; ok = psasim_serialise_begin(&pos, &remaining); @@ -931,13 +931,13 @@ psa_status_t psa_aead_update( } ok = psa_crypto_call(PSA_AEAD_UPDATE, - params, (size_t) (pos - params), &result, &result_length); + ser_params, (size_t) (pos - ser_params), &ser_result, &result_length); if (!ok) { printf("PSA_AEAD_UPDATE server call failed\n"); goto fail; } - uint8_t *rpos = result; + uint8_t *rpos = ser_result; size_t rremain = result_length; ok = psasim_deserialise_begin(&rpos, &rremain); @@ -966,8 +966,8 @@ psa_status_t psa_aead_update( } fail: - free(params); - free(result); + free(ser_params); + free(ser_result); return status; } @@ -978,8 +978,8 @@ psa_status_t psa_aead_update_ad( const uint8_t *input, size_t input_length ) { - uint8_t *params = NULL; - uint8_t *result = NULL; + uint8_t *ser_params = NULL; + uint8_t *ser_result = NULL; size_t result_length; psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; @@ -987,13 +987,13 @@ psa_status_t psa_aead_update_ad( psasim_serialise_psa_aead_operation_t_needs(*operation) + psasim_serialise_buffer_needs(input, input_length); - params = malloc(needed); - if (params == NULL) { + ser_params = malloc(needed); + if (ser_params == NULL) { status = PSA_ERROR_INSUFFICIENT_MEMORY; goto fail; } - uint8_t *pos = params; + uint8_t *pos = ser_params; size_t remaining = needed; int ok; ok = psasim_serialise_begin(&pos, &remaining); @@ -1010,13 +1010,13 @@ psa_status_t psa_aead_update_ad( } ok = psa_crypto_call(PSA_AEAD_UPDATE_AD, - params, (size_t) (pos - params), &result, &result_length); + ser_params, (size_t) (pos - ser_params), &ser_result, &result_length); if (!ok) { printf("PSA_AEAD_UPDATE_AD server call failed\n"); goto fail; } - uint8_t *rpos = result; + uint8_t *rpos = ser_result; size_t rremain = result_length; ok = psasim_deserialise_begin(&rpos, &rremain); @@ -1035,8 +1035,8 @@ psa_status_t psa_aead_update_ad( } fail: - free(params); - free(result); + free(ser_params); + free(ser_result); return status; } @@ -1049,8 +1049,8 @@ psa_status_t psa_aead_verify( const uint8_t *tag, size_t tag_length ) { - uint8_t *params = NULL; - uint8_t *result = NULL; + uint8_t *ser_params = NULL; + uint8_t *ser_result = NULL; size_t result_length; psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; @@ -1060,13 +1060,13 @@ psa_status_t psa_aead_verify( psasim_serialise_size_t_needs(*plaintext_length) + psasim_serialise_buffer_needs(tag, tag_length); - params = malloc(needed); - if (params == NULL) { + ser_params = malloc(needed); + if (ser_params == NULL) { status = PSA_ERROR_INSUFFICIENT_MEMORY; goto fail; } - uint8_t *pos = params; + uint8_t *pos = ser_params; size_t remaining = needed; int ok; ok = psasim_serialise_begin(&pos, &remaining); @@ -1091,13 +1091,13 @@ psa_status_t psa_aead_verify( } ok = psa_crypto_call(PSA_AEAD_VERIFY, - params, (size_t) (pos - params), &result, &result_length); + ser_params, (size_t) (pos - ser_params), &ser_result, &result_length); if (!ok) { printf("PSA_AEAD_VERIFY server call failed\n"); goto fail; } - uint8_t *rpos = result; + uint8_t *rpos = ser_result; size_t rremain = result_length; ok = psasim_deserialise_begin(&rpos, &rremain); @@ -1126,8 +1126,8 @@ psa_status_t psa_aead_verify( } fail: - free(params); - free(result); + free(ser_params); + free(ser_result); return status; } @@ -1137,21 +1137,21 @@ psa_status_t psa_cipher_abort( psa_cipher_operation_t *operation ) { - uint8_t *params = NULL; - uint8_t *result = NULL; + uint8_t *ser_params = NULL; + uint8_t *ser_result = NULL; size_t result_length; psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; size_t needed = psasim_serialise_begin_needs() + psasim_serialise_psa_cipher_operation_t_needs(*operation); - params = malloc(needed); - if (params == NULL) { + ser_params = malloc(needed); + if (ser_params == NULL) { status = PSA_ERROR_INSUFFICIENT_MEMORY; goto fail; } - uint8_t *pos = params; + uint8_t *pos = ser_params; size_t remaining = needed; int ok; ok = psasim_serialise_begin(&pos, &remaining); @@ -1164,13 +1164,13 @@ psa_status_t psa_cipher_abort( } ok = psa_crypto_call(PSA_CIPHER_ABORT, - params, (size_t) (pos - params), &result, &result_length); + ser_params, (size_t) (pos - ser_params), &ser_result, &result_length); if (!ok) { printf("PSA_CIPHER_ABORT server call failed\n"); goto fail; } - uint8_t *rpos = result; + uint8_t *rpos = ser_result; size_t rremain = result_length; ok = psasim_deserialise_begin(&rpos, &rremain); @@ -1189,8 +1189,8 @@ psa_status_t psa_cipher_abort( } fail: - free(params); - free(result); + free(ser_params); + free(ser_result); return status; } @@ -1204,8 +1204,8 @@ psa_status_t psa_cipher_decrypt( size_t *output_length ) { - uint8_t *params = NULL; - uint8_t *result = NULL; + uint8_t *ser_params = NULL; + uint8_t *ser_result = NULL; size_t result_length; psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; @@ -1216,13 +1216,13 @@ psa_status_t psa_cipher_decrypt( psasim_serialise_buffer_needs(output, output_size) + psasim_serialise_size_t_needs(*output_length); - params = malloc(needed); - if (params == NULL) { + ser_params = malloc(needed); + if (ser_params == NULL) { status = PSA_ERROR_INSUFFICIENT_MEMORY; goto fail; } - uint8_t *pos = params; + uint8_t *pos = ser_params; size_t remaining = needed; int ok; ok = psasim_serialise_begin(&pos, &remaining); @@ -1251,13 +1251,13 @@ psa_status_t psa_cipher_decrypt( } ok = psa_crypto_call(PSA_CIPHER_DECRYPT, - params, (size_t) (pos - params), &result, &result_length); + ser_params, (size_t) (pos - ser_params), &ser_result, &result_length); if (!ok) { printf("PSA_CIPHER_DECRYPT server call failed\n"); goto fail; } - uint8_t *rpos = result; + uint8_t *rpos = ser_result; size_t rremain = result_length; ok = psasim_deserialise_begin(&rpos, &rremain); @@ -1281,8 +1281,8 @@ psa_status_t psa_cipher_decrypt( } fail: - free(params); - free(result); + free(ser_params); + free(ser_result); return status; } @@ -1294,8 +1294,8 @@ psa_status_t psa_cipher_decrypt_setup( psa_algorithm_t alg ) { - uint8_t *params = NULL; - uint8_t *result = NULL; + uint8_t *ser_params = NULL; + uint8_t *ser_result = NULL; size_t result_length; psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; @@ -1304,13 +1304,13 @@ psa_status_t psa_cipher_decrypt_setup( psasim_serialise_mbedtls_svc_key_id_t_needs(key) + psasim_serialise_psa_algorithm_t_needs(alg); - params = malloc(needed); - if (params == NULL) { + ser_params = malloc(needed); + if (ser_params == NULL) { status = PSA_ERROR_INSUFFICIENT_MEMORY; goto fail; } - uint8_t *pos = params; + uint8_t *pos = ser_params; size_t remaining = needed; int ok; ok = psasim_serialise_begin(&pos, &remaining); @@ -1331,13 +1331,13 @@ psa_status_t psa_cipher_decrypt_setup( } ok = psa_crypto_call(PSA_CIPHER_DECRYPT_SETUP, - params, (size_t) (pos - params), &result, &result_length); + ser_params, (size_t) (pos - ser_params), &ser_result, &result_length); if (!ok) { printf("PSA_CIPHER_DECRYPT_SETUP server call failed\n"); goto fail; } - uint8_t *rpos = result; + uint8_t *rpos = ser_result; size_t rremain = result_length; ok = psasim_deserialise_begin(&rpos, &rremain); @@ -1356,8 +1356,8 @@ psa_status_t psa_cipher_decrypt_setup( } fail: - free(params); - free(result); + free(ser_params); + free(ser_result); return status; } @@ -1371,8 +1371,8 @@ psa_status_t psa_cipher_encrypt( size_t *output_length ) { - uint8_t *params = NULL; - uint8_t *result = NULL; + uint8_t *ser_params = NULL; + uint8_t *ser_result = NULL; size_t result_length; psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; @@ -1383,13 +1383,13 @@ psa_status_t psa_cipher_encrypt( psasim_serialise_buffer_needs(output, output_size) + psasim_serialise_size_t_needs(*output_length); - params = malloc(needed); - if (params == NULL) { + ser_params = malloc(needed); + if (ser_params == NULL) { status = PSA_ERROR_INSUFFICIENT_MEMORY; goto fail; } - uint8_t *pos = params; + uint8_t *pos = ser_params; size_t remaining = needed; int ok; ok = psasim_serialise_begin(&pos, &remaining); @@ -1418,13 +1418,13 @@ psa_status_t psa_cipher_encrypt( } ok = psa_crypto_call(PSA_CIPHER_ENCRYPT, - params, (size_t) (pos - params), &result, &result_length); + ser_params, (size_t) (pos - ser_params), &ser_result, &result_length); if (!ok) { printf("PSA_CIPHER_ENCRYPT server call failed\n"); goto fail; } - uint8_t *rpos = result; + uint8_t *rpos = ser_result; size_t rremain = result_length; ok = psasim_deserialise_begin(&rpos, &rremain); @@ -1448,8 +1448,8 @@ psa_status_t psa_cipher_encrypt( } fail: - free(params); - free(result); + free(ser_params); + free(ser_result); return status; } @@ -1461,8 +1461,8 @@ psa_status_t psa_cipher_encrypt_setup( psa_algorithm_t alg ) { - uint8_t *params = NULL; - uint8_t *result = NULL; + uint8_t *ser_params = NULL; + uint8_t *ser_result = NULL; size_t result_length; psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; @@ -1471,13 +1471,13 @@ psa_status_t psa_cipher_encrypt_setup( psasim_serialise_mbedtls_svc_key_id_t_needs(key) + psasim_serialise_psa_algorithm_t_needs(alg); - params = malloc(needed); - if (params == NULL) { + ser_params = malloc(needed); + if (ser_params == NULL) { status = PSA_ERROR_INSUFFICIENT_MEMORY; goto fail; } - uint8_t *pos = params; + uint8_t *pos = ser_params; size_t remaining = needed; int ok; ok = psasim_serialise_begin(&pos, &remaining); @@ -1498,13 +1498,13 @@ psa_status_t psa_cipher_encrypt_setup( } ok = psa_crypto_call(PSA_CIPHER_ENCRYPT_SETUP, - params, (size_t) (pos - params), &result, &result_length); + ser_params, (size_t) (pos - ser_params), &ser_result, &result_length); if (!ok) { printf("PSA_CIPHER_ENCRYPT_SETUP server call failed\n"); goto fail; } - uint8_t *rpos = result; + uint8_t *rpos = ser_result; size_t rremain = result_length; ok = psasim_deserialise_begin(&rpos, &rremain); @@ -1523,8 +1523,8 @@ psa_status_t psa_cipher_encrypt_setup( } fail: - free(params); - free(result); + free(ser_params); + free(ser_result); return status; } @@ -1536,8 +1536,8 @@ psa_status_t psa_cipher_finish( size_t *output_length ) { - uint8_t *params = NULL; - uint8_t *result = NULL; + uint8_t *ser_params = NULL; + uint8_t *ser_result = NULL; size_t result_length; psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; @@ -1546,13 +1546,13 @@ psa_status_t psa_cipher_finish( psasim_serialise_buffer_needs(output, output_size) + psasim_serialise_size_t_needs(*output_length); - params = malloc(needed); - if (params == NULL) { + ser_params = malloc(needed); + if (ser_params == NULL) { status = PSA_ERROR_INSUFFICIENT_MEMORY; goto fail; } - uint8_t *pos = params; + uint8_t *pos = ser_params; size_t remaining = needed; int ok; ok = psasim_serialise_begin(&pos, &remaining); @@ -1573,13 +1573,13 @@ psa_status_t psa_cipher_finish( } ok = psa_crypto_call(PSA_CIPHER_FINISH, - params, (size_t) (pos - params), &result, &result_length); + ser_params, (size_t) (pos - ser_params), &ser_result, &result_length); if (!ok) { printf("PSA_CIPHER_FINISH server call failed\n"); goto fail; } - uint8_t *rpos = result; + uint8_t *rpos = ser_result; size_t rremain = result_length; ok = psasim_deserialise_begin(&rpos, &rremain); @@ -1608,8 +1608,8 @@ psa_status_t psa_cipher_finish( } fail: - free(params); - free(result); + free(ser_params); + free(ser_result); return status; } @@ -1621,8 +1621,8 @@ psa_status_t psa_cipher_generate_iv( size_t *iv_length ) { - uint8_t *params = NULL; - uint8_t *result = NULL; + uint8_t *ser_params = NULL; + uint8_t *ser_result = NULL; size_t result_length; psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; @@ -1631,13 +1631,13 @@ psa_status_t psa_cipher_generate_iv( psasim_serialise_buffer_needs(iv, iv_size) + psasim_serialise_size_t_needs(*iv_length); - params = malloc(needed); - if (params == NULL) { + ser_params = malloc(needed); + if (ser_params == NULL) { status = PSA_ERROR_INSUFFICIENT_MEMORY; goto fail; } - uint8_t *pos = params; + uint8_t *pos = ser_params; size_t remaining = needed; int ok; ok = psasim_serialise_begin(&pos, &remaining); @@ -1658,13 +1658,13 @@ psa_status_t psa_cipher_generate_iv( } ok = psa_crypto_call(PSA_CIPHER_GENERATE_IV, - params, (size_t) (pos - params), &result, &result_length); + ser_params, (size_t) (pos - ser_params), &ser_result, &result_length); if (!ok) { printf("PSA_CIPHER_GENERATE_IV server call failed\n"); goto fail; } - uint8_t *rpos = result; + uint8_t *rpos = ser_result; size_t rremain = result_length; ok = psasim_deserialise_begin(&rpos, &rremain); @@ -1693,8 +1693,8 @@ psa_status_t psa_cipher_generate_iv( } fail: - free(params); - free(result); + free(ser_params); + free(ser_result); return status; } @@ -1705,8 +1705,8 @@ psa_status_t psa_cipher_set_iv( const uint8_t *iv, size_t iv_length ) { - uint8_t *params = NULL; - uint8_t *result = NULL; + uint8_t *ser_params = NULL; + uint8_t *ser_result = NULL; size_t result_length; psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; @@ -1714,13 +1714,13 @@ psa_status_t psa_cipher_set_iv( psasim_serialise_psa_cipher_operation_t_needs(*operation) + psasim_serialise_buffer_needs(iv, iv_length); - params = malloc(needed); - if (params == NULL) { + ser_params = malloc(needed); + if (ser_params == NULL) { status = PSA_ERROR_INSUFFICIENT_MEMORY; goto fail; } - uint8_t *pos = params; + uint8_t *pos = ser_params; size_t remaining = needed; int ok; ok = psasim_serialise_begin(&pos, &remaining); @@ -1737,13 +1737,13 @@ psa_status_t psa_cipher_set_iv( } ok = psa_crypto_call(PSA_CIPHER_SET_IV, - params, (size_t) (pos - params), &result, &result_length); + ser_params, (size_t) (pos - ser_params), &ser_result, &result_length); if (!ok) { printf("PSA_CIPHER_SET_IV server call failed\n"); goto fail; } - uint8_t *rpos = result; + uint8_t *rpos = ser_result; size_t rremain = result_length; ok = psasim_deserialise_begin(&rpos, &rremain); @@ -1762,8 +1762,8 @@ psa_status_t psa_cipher_set_iv( } fail: - free(params); - free(result); + free(ser_params); + free(ser_result); return status; } @@ -1776,8 +1776,8 @@ psa_status_t psa_cipher_update( size_t *output_length ) { - uint8_t *params = NULL; - uint8_t *result = NULL; + uint8_t *ser_params = NULL; + uint8_t *ser_result = NULL; size_t result_length; psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; @@ -1787,13 +1787,13 @@ psa_status_t psa_cipher_update( psasim_serialise_buffer_needs(output, output_size) + psasim_serialise_size_t_needs(*output_length); - params = malloc(needed); - if (params == NULL) { + ser_params = malloc(needed); + if (ser_params == NULL) { status = PSA_ERROR_INSUFFICIENT_MEMORY; goto fail; } - uint8_t *pos = params; + uint8_t *pos = ser_params; size_t remaining = needed; int ok; ok = psasim_serialise_begin(&pos, &remaining); @@ -1818,13 +1818,13 @@ psa_status_t psa_cipher_update( } ok = psa_crypto_call(PSA_CIPHER_UPDATE, - params, (size_t) (pos - params), &result, &result_length); + ser_params, (size_t) (pos - ser_params), &ser_result, &result_length); if (!ok) { printf("PSA_CIPHER_UPDATE server call failed\n"); goto fail; } - uint8_t *rpos = result; + uint8_t *rpos = ser_result; size_t rremain = result_length; ok = psasim_deserialise_begin(&rpos, &rremain); @@ -1853,8 +1853,8 @@ psa_status_t psa_cipher_update( } fail: - free(params); - free(result); + free(ser_params); + free(ser_result); return status; } @@ -1864,21 +1864,21 @@ psa_status_t psa_destroy_key( mbedtls_svc_key_id_t key ) { - uint8_t *params = NULL; - uint8_t *result = NULL; + uint8_t *ser_params = NULL; + uint8_t *ser_result = NULL; size_t result_length; psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; size_t needed = psasim_serialise_begin_needs() + psasim_serialise_mbedtls_svc_key_id_t_needs(key); - params = malloc(needed); - if (params == NULL) { + ser_params = malloc(needed); + if (ser_params == NULL) { status = PSA_ERROR_INSUFFICIENT_MEMORY; goto fail; } - uint8_t *pos = params; + uint8_t *pos = ser_params; size_t remaining = needed; int ok; ok = psasim_serialise_begin(&pos, &remaining); @@ -1891,13 +1891,13 @@ psa_status_t psa_destroy_key( } ok = psa_crypto_call(PSA_DESTROY_KEY, - params, (size_t) (pos - params), &result, &result_length); + ser_params, (size_t) (pos - ser_params), &ser_result, &result_length); if (!ok) { printf("PSA_DESTROY_KEY server call failed\n"); goto fail; } - uint8_t *rpos = result; + uint8_t *rpos = ser_result; size_t rremain = result_length; ok = psasim_deserialise_begin(&rpos, &rremain); @@ -1911,8 +1911,8 @@ psa_status_t psa_destroy_key( } fail: - free(params); - free(result); + free(ser_params); + free(ser_result); return status; } @@ -1922,21 +1922,21 @@ psa_status_t psa_generate_random( uint8_t *output, size_t output_size ) { - uint8_t *params = NULL; - uint8_t *result = NULL; + uint8_t *ser_params = NULL; + uint8_t *ser_result = NULL; size_t result_length; psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; size_t needed = psasim_serialise_begin_needs() + psasim_serialise_buffer_needs(output, output_size); - params = malloc(needed); - if (params == NULL) { + ser_params = malloc(needed); + if (ser_params == NULL) { status = PSA_ERROR_INSUFFICIENT_MEMORY; goto fail; } - uint8_t *pos = params; + uint8_t *pos = ser_params; size_t remaining = needed; int ok; ok = psasim_serialise_begin(&pos, &remaining); @@ -1949,13 +1949,13 @@ psa_status_t psa_generate_random( } ok = psa_crypto_call(PSA_GENERATE_RANDOM, - params, (size_t) (pos - params), &result, &result_length); + ser_params, (size_t) (pos - ser_params), &ser_result, &result_length); if (!ok) { printf("PSA_GENERATE_RANDOM server call failed\n"); goto fail; } - uint8_t *rpos = result; + uint8_t *rpos = ser_result; size_t rremain = result_length; ok = psasim_deserialise_begin(&rpos, &rremain); @@ -1974,8 +1974,8 @@ psa_status_t psa_generate_random( } fail: - free(params); - free(result); + free(ser_params); + free(ser_result); return status; } @@ -1986,8 +1986,8 @@ psa_status_t psa_get_key_attributes( psa_key_attributes_t *attributes ) { - uint8_t *params = NULL; - uint8_t *result = NULL; + uint8_t *ser_params = NULL; + uint8_t *ser_result = NULL; size_t result_length; psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; @@ -1995,13 +1995,13 @@ psa_status_t psa_get_key_attributes( psasim_serialise_mbedtls_svc_key_id_t_needs(key) + psasim_serialise_psa_key_attributes_t_needs(*attributes); - params = malloc(needed); - if (params == NULL) { + ser_params = malloc(needed); + if (ser_params == NULL) { status = PSA_ERROR_INSUFFICIENT_MEMORY; goto fail; } - uint8_t *pos = params; + uint8_t *pos = ser_params; size_t remaining = needed; int ok; ok = psasim_serialise_begin(&pos, &remaining); @@ -2018,13 +2018,13 @@ psa_status_t psa_get_key_attributes( } ok = psa_crypto_call(PSA_GET_KEY_ATTRIBUTES, - params, (size_t) (pos - params), &result, &result_length); + ser_params, (size_t) (pos - ser_params), &ser_result, &result_length); if (!ok) { printf("PSA_GET_KEY_ATTRIBUTES server call failed\n"); goto fail; } - uint8_t *rpos = result; + uint8_t *rpos = ser_result; size_t rremain = result_length; ok = psasim_deserialise_begin(&rpos, &rremain); @@ -2043,8 +2043,8 @@ psa_status_t psa_get_key_attributes( } fail: - free(params); - free(result); + free(ser_params); + free(ser_result); return status; } @@ -2054,21 +2054,21 @@ psa_status_t psa_hash_abort( psa_hash_operation_t *operation ) { - uint8_t *params = NULL; - uint8_t *result = NULL; + uint8_t *ser_params = NULL; + uint8_t *ser_result = NULL; size_t result_length; psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; size_t needed = psasim_serialise_begin_needs() + psasim_serialise_psa_hash_operation_t_needs(*operation); - params = malloc(needed); - if (params == NULL) { + ser_params = malloc(needed); + if (ser_params == NULL) { status = PSA_ERROR_INSUFFICIENT_MEMORY; goto fail; } - uint8_t *pos = params; + uint8_t *pos = ser_params; size_t remaining = needed; int ok; ok = psasim_serialise_begin(&pos, &remaining); @@ -2081,13 +2081,13 @@ psa_status_t psa_hash_abort( } ok = psa_crypto_call(PSA_HASH_ABORT, - params, (size_t) (pos - params), &result, &result_length); + ser_params, (size_t) (pos - ser_params), &ser_result, &result_length); if (!ok) { printf("PSA_HASH_ABORT server call failed\n"); goto fail; } - uint8_t *rpos = result; + uint8_t *rpos = ser_result; size_t rremain = result_length; ok = psasim_deserialise_begin(&rpos, &rremain); @@ -2106,8 +2106,8 @@ psa_status_t psa_hash_abort( } fail: - free(params); - free(result); + free(ser_params); + free(ser_result); return status; } @@ -2118,8 +2118,8 @@ psa_status_t psa_hash_clone( psa_hash_operation_t *target_operation ) { - uint8_t *params = NULL; - uint8_t *result = NULL; + uint8_t *ser_params = NULL; + uint8_t *ser_result = NULL; size_t result_length; psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; @@ -2127,13 +2127,13 @@ psa_status_t psa_hash_clone( psasim_serialise_psa_hash_operation_t_needs(*source_operation) + psasim_serialise_psa_hash_operation_t_needs(*target_operation); - params = malloc(needed); - if (params == NULL) { + ser_params = malloc(needed); + if (ser_params == NULL) { status = PSA_ERROR_INSUFFICIENT_MEMORY; goto fail; } - uint8_t *pos = params; + uint8_t *pos = ser_params; size_t remaining = needed; int ok; ok = psasim_serialise_begin(&pos, &remaining); @@ -2150,13 +2150,13 @@ psa_status_t psa_hash_clone( } ok = psa_crypto_call(PSA_HASH_CLONE, - params, (size_t) (pos - params), &result, &result_length); + ser_params, (size_t) (pos - ser_params), &ser_result, &result_length); if (!ok) { printf("PSA_HASH_CLONE server call failed\n"); goto fail; } - uint8_t *rpos = result; + uint8_t *rpos = ser_result; size_t rremain = result_length; ok = psasim_deserialise_begin(&rpos, &rremain); @@ -2175,8 +2175,8 @@ psa_status_t psa_hash_clone( } fail: - free(params); - free(result); + free(ser_params); + free(ser_result); return status; } @@ -2188,8 +2188,8 @@ psa_status_t psa_hash_compare( const uint8_t *hash, size_t hash_length ) { - uint8_t *params = NULL; - uint8_t *result = NULL; + uint8_t *ser_params = NULL; + uint8_t *ser_result = NULL; size_t result_length; psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; @@ -2198,13 +2198,13 @@ psa_status_t psa_hash_compare( psasim_serialise_buffer_needs(input, input_length) + psasim_serialise_buffer_needs(hash, hash_length); - params = malloc(needed); - if (params == NULL) { + ser_params = malloc(needed); + if (ser_params == NULL) { status = PSA_ERROR_INSUFFICIENT_MEMORY; goto fail; } - uint8_t *pos = params; + uint8_t *pos = ser_params; size_t remaining = needed; int ok; ok = psasim_serialise_begin(&pos, &remaining); @@ -2225,13 +2225,13 @@ psa_status_t psa_hash_compare( } ok = psa_crypto_call(PSA_HASH_COMPARE, - params, (size_t) (pos - params), &result, &result_length); + ser_params, (size_t) (pos - ser_params), &ser_result, &result_length); if (!ok) { printf("PSA_HASH_COMPARE server call failed\n"); goto fail; } - uint8_t *rpos = result; + uint8_t *rpos = ser_result; size_t rremain = result_length; ok = psasim_deserialise_begin(&rpos, &rremain); @@ -2245,8 +2245,8 @@ psa_status_t psa_hash_compare( } fail: - free(params); - free(result); + free(ser_params); + free(ser_result); return status; } @@ -2259,8 +2259,8 @@ psa_status_t psa_hash_compute( size_t *hash_length ) { - uint8_t *params = NULL; - uint8_t *result = NULL; + uint8_t *ser_params = NULL; + uint8_t *ser_result = NULL; size_t result_length; psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; @@ -2270,13 +2270,13 @@ psa_status_t psa_hash_compute( psasim_serialise_buffer_needs(hash, hash_size) + psasim_serialise_size_t_needs(*hash_length); - params = malloc(needed); - if (params == NULL) { + ser_params = malloc(needed); + if (ser_params == NULL) { status = PSA_ERROR_INSUFFICIENT_MEMORY; goto fail; } - uint8_t *pos = params; + uint8_t *pos = ser_params; size_t remaining = needed; int ok; ok = psasim_serialise_begin(&pos, &remaining); @@ -2301,13 +2301,13 @@ psa_status_t psa_hash_compute( } ok = psa_crypto_call(PSA_HASH_COMPUTE, - params, (size_t) (pos - params), &result, &result_length); + ser_params, (size_t) (pos - ser_params), &ser_result, &result_length); if (!ok) { printf("PSA_HASH_COMPUTE server call failed\n"); goto fail; } - uint8_t *rpos = result; + uint8_t *rpos = ser_result; size_t rremain = result_length; ok = psasim_deserialise_begin(&rpos, &rremain); @@ -2331,8 +2331,8 @@ psa_status_t psa_hash_compute( } fail: - free(params); - free(result); + free(ser_params); + free(ser_result); return status; } @@ -2344,8 +2344,8 @@ psa_status_t psa_hash_finish( size_t *hash_length ) { - uint8_t *params = NULL; - uint8_t *result = NULL; + uint8_t *ser_params = NULL; + uint8_t *ser_result = NULL; size_t result_length; psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; @@ -2354,13 +2354,13 @@ psa_status_t psa_hash_finish( psasim_serialise_buffer_needs(hash, hash_size) + psasim_serialise_size_t_needs(*hash_length); - params = malloc(needed); - if (params == NULL) { + ser_params = malloc(needed); + if (ser_params == NULL) { status = PSA_ERROR_INSUFFICIENT_MEMORY; goto fail; } - uint8_t *pos = params; + uint8_t *pos = ser_params; size_t remaining = needed; int ok; ok = psasim_serialise_begin(&pos, &remaining); @@ -2381,13 +2381,13 @@ psa_status_t psa_hash_finish( } ok = psa_crypto_call(PSA_HASH_FINISH, - params, (size_t) (pos - params), &result, &result_length); + ser_params, (size_t) (pos - ser_params), &ser_result, &result_length); if (!ok) { printf("PSA_HASH_FINISH server call failed\n"); goto fail; } - uint8_t *rpos = result; + uint8_t *rpos = ser_result; size_t rremain = result_length; ok = psasim_deserialise_begin(&rpos, &rremain); @@ -2416,8 +2416,8 @@ psa_status_t psa_hash_finish( } fail: - free(params); - free(result); + free(ser_params); + free(ser_result); return status; } @@ -2428,8 +2428,8 @@ psa_status_t psa_hash_setup( psa_algorithm_t alg ) { - uint8_t *params = NULL; - uint8_t *result = NULL; + uint8_t *ser_params = NULL; + uint8_t *ser_result = NULL; size_t result_length; psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; @@ -2437,13 +2437,13 @@ psa_status_t psa_hash_setup( psasim_serialise_psa_hash_operation_t_needs(*operation) + psasim_serialise_psa_algorithm_t_needs(alg); - params = malloc(needed); - if (params == NULL) { + ser_params = malloc(needed); + if (ser_params == NULL) { status = PSA_ERROR_INSUFFICIENT_MEMORY; goto fail; } - uint8_t *pos = params; + uint8_t *pos = ser_params; size_t remaining = needed; int ok; ok = psasim_serialise_begin(&pos, &remaining); @@ -2460,13 +2460,13 @@ psa_status_t psa_hash_setup( } ok = psa_crypto_call(PSA_HASH_SETUP, - params, (size_t) (pos - params), &result, &result_length); + ser_params, (size_t) (pos - ser_params), &ser_result, &result_length); if (!ok) { printf("PSA_HASH_SETUP server call failed\n"); goto fail; } - uint8_t *rpos = result; + uint8_t *rpos = ser_result; size_t rremain = result_length; ok = psasim_deserialise_begin(&rpos, &rremain); @@ -2485,8 +2485,8 @@ psa_status_t psa_hash_setup( } fail: - free(params); - free(result); + free(ser_params); + free(ser_result); return status; } @@ -2497,8 +2497,8 @@ psa_status_t psa_hash_update( const uint8_t *input, size_t input_length ) { - uint8_t *params = NULL; - uint8_t *result = NULL; + uint8_t *ser_params = NULL; + uint8_t *ser_result = NULL; size_t result_length; psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; @@ -2506,13 +2506,13 @@ psa_status_t psa_hash_update( psasim_serialise_psa_hash_operation_t_needs(*operation) + psasim_serialise_buffer_needs(input, input_length); - params = malloc(needed); - if (params == NULL) { + ser_params = malloc(needed); + if (ser_params == NULL) { status = PSA_ERROR_INSUFFICIENT_MEMORY; goto fail; } - uint8_t *pos = params; + uint8_t *pos = ser_params; size_t remaining = needed; int ok; ok = psasim_serialise_begin(&pos, &remaining); @@ -2529,13 +2529,13 @@ psa_status_t psa_hash_update( } ok = psa_crypto_call(PSA_HASH_UPDATE, - params, (size_t) (pos - params), &result, &result_length); + ser_params, (size_t) (pos - ser_params), &ser_result, &result_length); if (!ok) { printf("PSA_HASH_UPDATE server call failed\n"); goto fail; } - uint8_t *rpos = result; + uint8_t *rpos = ser_result; size_t rremain = result_length; ok = psasim_deserialise_begin(&rpos, &rremain); @@ -2554,8 +2554,8 @@ psa_status_t psa_hash_update( } fail: - free(params); - free(result); + free(ser_params); + free(ser_result); return status; } @@ -2566,8 +2566,8 @@ psa_status_t psa_hash_verify( const uint8_t *hash, size_t hash_length ) { - uint8_t *params = NULL; - uint8_t *result = NULL; + uint8_t *ser_params = NULL; + uint8_t *ser_result = NULL; size_t result_length; psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; @@ -2575,13 +2575,13 @@ psa_status_t psa_hash_verify( psasim_serialise_psa_hash_operation_t_needs(*operation) + psasim_serialise_buffer_needs(hash, hash_length); - params = malloc(needed); - if (params == NULL) { + ser_params = malloc(needed); + if (ser_params == NULL) { status = PSA_ERROR_INSUFFICIENT_MEMORY; goto fail; } - uint8_t *pos = params; + uint8_t *pos = ser_params; size_t remaining = needed; int ok; ok = psasim_serialise_begin(&pos, &remaining); @@ -2598,13 +2598,13 @@ psa_status_t psa_hash_verify( } ok = psa_crypto_call(PSA_HASH_VERIFY, - params, (size_t) (pos - params), &result, &result_length); + ser_params, (size_t) (pos - ser_params), &ser_result, &result_length); if (!ok) { printf("PSA_HASH_VERIFY server call failed\n"); goto fail; } - uint8_t *rpos = result; + uint8_t *rpos = ser_result; size_t rremain = result_length; ok = psasim_deserialise_begin(&rpos, &rremain); @@ -2623,8 +2623,8 @@ psa_status_t psa_hash_verify( } fail: - free(params); - free(result); + free(ser_params); + free(ser_result); return status; } @@ -2636,8 +2636,8 @@ psa_status_t psa_import_key( mbedtls_svc_key_id_t *key ) { - uint8_t *params = NULL; - uint8_t *result = NULL; + uint8_t *ser_params = NULL; + uint8_t *ser_result = NULL; size_t result_length; psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; @@ -2646,13 +2646,13 @@ psa_status_t psa_import_key( psasim_serialise_buffer_needs(data, data_length) + psasim_serialise_mbedtls_svc_key_id_t_needs(*key); - params = malloc(needed); - if (params == NULL) { + ser_params = malloc(needed); + if (ser_params == NULL) { status = PSA_ERROR_INSUFFICIENT_MEMORY; goto fail; } - uint8_t *pos = params; + uint8_t *pos = ser_params; size_t remaining = needed; int ok; ok = psasim_serialise_begin(&pos, &remaining); @@ -2673,13 +2673,13 @@ psa_status_t psa_import_key( } ok = psa_crypto_call(PSA_IMPORT_KEY, - params, (size_t) (pos - params), &result, &result_length); + ser_params, (size_t) (pos - ser_params), &ser_result, &result_length); if (!ok) { printf("PSA_IMPORT_KEY server call failed\n"); goto fail; } - uint8_t *rpos = result; + uint8_t *rpos = ser_result; size_t rremain = result_length; ok = psasim_deserialise_begin(&rpos, &rremain); @@ -2698,8 +2698,8 @@ psa_status_t psa_import_key( } fail: - free(params); - free(result); + free(ser_params); + free(ser_result); return status; } @@ -2709,21 +2709,21 @@ psa_status_t psa_mac_abort( psa_mac_operation_t *operation ) { - uint8_t *params = NULL; - uint8_t *result = NULL; + uint8_t *ser_params = NULL; + uint8_t *ser_result = NULL; size_t result_length; psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; size_t needed = psasim_serialise_begin_needs() + psasim_serialise_psa_mac_operation_t_needs(*operation); - params = malloc(needed); - if (params == NULL) { + ser_params = malloc(needed); + if (ser_params == NULL) { status = PSA_ERROR_INSUFFICIENT_MEMORY; goto fail; } - uint8_t *pos = params; + uint8_t *pos = ser_params; size_t remaining = needed; int ok; ok = psasim_serialise_begin(&pos, &remaining); @@ -2736,13 +2736,13 @@ psa_status_t psa_mac_abort( } ok = psa_crypto_call(PSA_MAC_ABORT, - params, (size_t) (pos - params), &result, &result_length); + ser_params, (size_t) (pos - ser_params), &ser_result, &result_length); if (!ok) { printf("PSA_MAC_ABORT server call failed\n"); goto fail; } - uint8_t *rpos = result; + uint8_t *rpos = ser_result; size_t rremain = result_length; ok = psasim_deserialise_begin(&rpos, &rremain); @@ -2761,8 +2761,8 @@ psa_status_t psa_mac_abort( } fail: - free(params); - free(result); + free(ser_params); + free(ser_result); return status; } @@ -2776,8 +2776,8 @@ psa_status_t psa_mac_compute( size_t *mac_length ) { - uint8_t *params = NULL; - uint8_t *result = NULL; + uint8_t *ser_params = NULL; + uint8_t *ser_result = NULL; size_t result_length; psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; @@ -2788,13 +2788,13 @@ psa_status_t psa_mac_compute( psasim_serialise_buffer_needs(mac, mac_size) + psasim_serialise_size_t_needs(*mac_length); - params = malloc(needed); - if (params == NULL) { + ser_params = malloc(needed); + if (ser_params == NULL) { status = PSA_ERROR_INSUFFICIENT_MEMORY; goto fail; } - uint8_t *pos = params; + uint8_t *pos = ser_params; size_t remaining = needed; int ok; ok = psasim_serialise_begin(&pos, &remaining); @@ -2823,13 +2823,13 @@ psa_status_t psa_mac_compute( } ok = psa_crypto_call(PSA_MAC_COMPUTE, - params, (size_t) (pos - params), &result, &result_length); + ser_params, (size_t) (pos - ser_params), &ser_result, &result_length); if (!ok) { printf("PSA_MAC_COMPUTE server call failed\n"); goto fail; } - uint8_t *rpos = result; + uint8_t *rpos = ser_result; size_t rremain = result_length; ok = psasim_deserialise_begin(&rpos, &rremain); @@ -2853,8 +2853,8 @@ psa_status_t psa_mac_compute( } fail: - free(params); - free(result); + free(ser_params); + free(ser_result); return status; } @@ -2866,8 +2866,8 @@ psa_status_t psa_mac_sign_finish( size_t *mac_length ) { - uint8_t *params = NULL; - uint8_t *result = NULL; + uint8_t *ser_params = NULL; + uint8_t *ser_result = NULL; size_t result_length; psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; @@ -2876,13 +2876,13 @@ psa_status_t psa_mac_sign_finish( psasim_serialise_buffer_needs(mac, mac_size) + psasim_serialise_size_t_needs(*mac_length); - params = malloc(needed); - if (params == NULL) { + ser_params = malloc(needed); + if (ser_params == NULL) { status = PSA_ERROR_INSUFFICIENT_MEMORY; goto fail; } - uint8_t *pos = params; + uint8_t *pos = ser_params; size_t remaining = needed; int ok; ok = psasim_serialise_begin(&pos, &remaining); @@ -2903,13 +2903,13 @@ psa_status_t psa_mac_sign_finish( } ok = psa_crypto_call(PSA_MAC_SIGN_FINISH, - params, (size_t) (pos - params), &result, &result_length); + ser_params, (size_t) (pos - ser_params), &ser_result, &result_length); if (!ok) { printf("PSA_MAC_SIGN_FINISH server call failed\n"); goto fail; } - uint8_t *rpos = result; + uint8_t *rpos = ser_result; size_t rremain = result_length; ok = psasim_deserialise_begin(&rpos, &rremain); @@ -2938,8 +2938,8 @@ psa_status_t psa_mac_sign_finish( } fail: - free(params); - free(result); + free(ser_params); + free(ser_result); return status; } @@ -2951,8 +2951,8 @@ psa_status_t psa_mac_sign_setup( psa_algorithm_t alg ) { - uint8_t *params = NULL; - uint8_t *result = NULL; + uint8_t *ser_params = NULL; + uint8_t *ser_result = NULL; size_t result_length; psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; @@ -2961,13 +2961,13 @@ psa_status_t psa_mac_sign_setup( psasim_serialise_mbedtls_svc_key_id_t_needs(key) + psasim_serialise_psa_algorithm_t_needs(alg); - params = malloc(needed); - if (params == NULL) { + ser_params = malloc(needed); + if (ser_params == NULL) { status = PSA_ERROR_INSUFFICIENT_MEMORY; goto fail; } - uint8_t *pos = params; + uint8_t *pos = ser_params; size_t remaining = needed; int ok; ok = psasim_serialise_begin(&pos, &remaining); @@ -2988,13 +2988,13 @@ psa_status_t psa_mac_sign_setup( } ok = psa_crypto_call(PSA_MAC_SIGN_SETUP, - params, (size_t) (pos - params), &result, &result_length); + ser_params, (size_t) (pos - ser_params), &ser_result, &result_length); if (!ok) { printf("PSA_MAC_SIGN_SETUP server call failed\n"); goto fail; } - uint8_t *rpos = result; + uint8_t *rpos = ser_result; size_t rremain = result_length; ok = psasim_deserialise_begin(&rpos, &rremain); @@ -3013,8 +3013,8 @@ psa_status_t psa_mac_sign_setup( } fail: - free(params); - free(result); + free(ser_params); + free(ser_result); return status; } @@ -3025,8 +3025,8 @@ psa_status_t psa_mac_update( const uint8_t *input, size_t input_length ) { - uint8_t *params = NULL; - uint8_t *result = NULL; + uint8_t *ser_params = NULL; + uint8_t *ser_result = NULL; size_t result_length; psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; @@ -3034,13 +3034,13 @@ psa_status_t psa_mac_update( psasim_serialise_psa_mac_operation_t_needs(*operation) + psasim_serialise_buffer_needs(input, input_length); - params = malloc(needed); - if (params == NULL) { + ser_params = malloc(needed); + if (ser_params == NULL) { status = PSA_ERROR_INSUFFICIENT_MEMORY; goto fail; } - uint8_t *pos = params; + uint8_t *pos = ser_params; size_t remaining = needed; int ok; ok = psasim_serialise_begin(&pos, &remaining); @@ -3057,13 +3057,13 @@ psa_status_t psa_mac_update( } ok = psa_crypto_call(PSA_MAC_UPDATE, - params, (size_t) (pos - params), &result, &result_length); + ser_params, (size_t) (pos - ser_params), &ser_result, &result_length); if (!ok) { printf("PSA_MAC_UPDATE server call failed\n"); goto fail; } - uint8_t *rpos = result; + uint8_t *rpos = ser_result; size_t rremain = result_length; ok = psasim_deserialise_begin(&rpos, &rremain); @@ -3082,8 +3082,8 @@ psa_status_t psa_mac_update( } fail: - free(params); - free(result); + free(ser_params); + free(ser_result); return status; } @@ -3096,8 +3096,8 @@ psa_status_t psa_mac_verify( const uint8_t *mac, size_t mac_length ) { - uint8_t *params = NULL; - uint8_t *result = NULL; + uint8_t *ser_params = NULL; + uint8_t *ser_result = NULL; size_t result_length; psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; @@ -3107,13 +3107,13 @@ psa_status_t psa_mac_verify( psasim_serialise_buffer_needs(input, input_length) + psasim_serialise_buffer_needs(mac, mac_length); - params = malloc(needed); - if (params == NULL) { + ser_params = malloc(needed); + if (ser_params == NULL) { status = PSA_ERROR_INSUFFICIENT_MEMORY; goto fail; } - uint8_t *pos = params; + uint8_t *pos = ser_params; size_t remaining = needed; int ok; ok = psasim_serialise_begin(&pos, &remaining); @@ -3138,13 +3138,13 @@ psa_status_t psa_mac_verify( } ok = psa_crypto_call(PSA_MAC_VERIFY, - params, (size_t) (pos - params), &result, &result_length); + ser_params, (size_t) (pos - ser_params), &ser_result, &result_length); if (!ok) { printf("PSA_MAC_VERIFY server call failed\n"); goto fail; } - uint8_t *rpos = result; + uint8_t *rpos = ser_result; size_t rremain = result_length; ok = psasim_deserialise_begin(&rpos, &rremain); @@ -3158,8 +3158,8 @@ psa_status_t psa_mac_verify( } fail: - free(params); - free(result); + free(ser_params); + free(ser_result); return status; } @@ -3170,8 +3170,8 @@ psa_status_t psa_mac_verify_finish( const uint8_t *mac, size_t mac_length ) { - uint8_t *params = NULL; - uint8_t *result = NULL; + uint8_t *ser_params = NULL; + uint8_t *ser_result = NULL; size_t result_length; psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; @@ -3179,13 +3179,13 @@ psa_status_t psa_mac_verify_finish( psasim_serialise_psa_mac_operation_t_needs(*operation) + psasim_serialise_buffer_needs(mac, mac_length); - params = malloc(needed); - if (params == NULL) { + ser_params = malloc(needed); + if (ser_params == NULL) { status = PSA_ERROR_INSUFFICIENT_MEMORY; goto fail; } - uint8_t *pos = params; + uint8_t *pos = ser_params; size_t remaining = needed; int ok; ok = psasim_serialise_begin(&pos, &remaining); @@ -3202,13 +3202,13 @@ psa_status_t psa_mac_verify_finish( } ok = psa_crypto_call(PSA_MAC_VERIFY_FINISH, - params, (size_t) (pos - params), &result, &result_length); + ser_params, (size_t) (pos - ser_params), &ser_result, &result_length); if (!ok) { printf("PSA_MAC_VERIFY_FINISH server call failed\n"); goto fail; } - uint8_t *rpos = result; + uint8_t *rpos = ser_result; size_t rremain = result_length; ok = psasim_deserialise_begin(&rpos, &rremain); @@ -3227,8 +3227,8 @@ psa_status_t psa_mac_verify_finish( } fail: - free(params); - free(result); + free(ser_params); + free(ser_result); return status; } @@ -3240,8 +3240,8 @@ psa_status_t psa_mac_verify_setup( psa_algorithm_t alg ) { - uint8_t *params = NULL; - uint8_t *result = NULL; + uint8_t *ser_params = NULL; + uint8_t *ser_result = NULL; size_t result_length; psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; @@ -3250,13 +3250,13 @@ psa_status_t psa_mac_verify_setup( psasim_serialise_mbedtls_svc_key_id_t_needs(key) + psasim_serialise_psa_algorithm_t_needs(alg); - params = malloc(needed); - if (params == NULL) { + ser_params = malloc(needed); + if (ser_params == NULL) { status = PSA_ERROR_INSUFFICIENT_MEMORY; goto fail; } - uint8_t *pos = params; + uint8_t *pos = ser_params; size_t remaining = needed; int ok; ok = psasim_serialise_begin(&pos, &remaining); @@ -3277,13 +3277,13 @@ psa_status_t psa_mac_verify_setup( } ok = psa_crypto_call(PSA_MAC_VERIFY_SETUP, - params, (size_t) (pos - params), &result, &result_length); + ser_params, (size_t) (pos - ser_params), &ser_result, &result_length); if (!ok) { printf("PSA_MAC_VERIFY_SETUP server call failed\n"); goto fail; } - uint8_t *rpos = result; + uint8_t *rpos = ser_result; size_t rremain = result_length; ok = psasim_deserialise_begin(&rpos, &rremain); @@ -3302,8 +3302,8 @@ psa_status_t psa_mac_verify_setup( } fail: - free(params); - free(result); + free(ser_params); + free(ser_result); return status; } diff --git a/tests/psa-client-server/psasim/src/psa_sim_generate.pl b/tests/psa-client-server/psasim/src/psa_sim_generate.pl index fdc3435377..a85a62a12e 100755 --- a/tests/psa-client-server/psasim/src/psa_sim_generate.pl +++ b/tests/psa-client-server/psasim/src/psa_sim_generate.pl @@ -748,8 +748,8 @@ sub output_client print $fh < Date: Fri, 21 Jun 2024 15:35:44 +0100 Subject: [PATCH 371/429] psasim: psa_key_derivation_verify_bytes() doesn't follow the naming convention for a buffer, so override Signed-off-by: Tom Cosgrove --- tests/psa-client-server/psasim/src/psa_sim_generate.pl | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/tests/psa-client-server/psasim/src/psa_sim_generate.pl b/tests/psa-client-server/psasim/src/psa_sim_generate.pl index a85a62a12e..76592151a4 100755 --- a/tests/psa-client-server/psasim/src/psa_sim_generate.pl +++ b/tests/psa-client-server/psasim/src/psa_sim_generate.pl @@ -1047,6 +1047,11 @@ sub get_functions #print("$arg: $name: might be a buffer?\n"); die("$arg: not a buffer 1!\n") if $i == $#args; my $next = $args[$i + 1]; + if ($func eq "psa_key_derivation_verify_bytes" && + $arg eq "const uint8_t *expected_output" && + $next eq "size_t output_length") { + $next = "size_t expected_output_length"; # doesn't follow naming convention, so override + } die("$arg: not a buffer 2!\n") if $next !~ /^size_t\s+(${name}_\w+)$/; $i++; # We're using the next param here my $nname = $1; From 623fcb37d6a5e4c897f7935c2ca188168dacd943 Mon Sep 17 00:00:00 2001 From: Tom Cosgrove Date: Fri, 21 Jun 2024 15:55:59 +0100 Subject: [PATCH 372/429] psasim: add the ability to serialise psa_key_production_parameters_t Signed-off-by: Tom Cosgrove --- .../psasim/src/psa_sim_generate.pl | 44 +++++ .../psasim/src/psa_sim_serialise.pl | 160 ++++++++++++++++++ 2 files changed, 204 insertions(+) diff --git a/tests/psa-client-server/psasim/src/psa_sim_generate.pl b/tests/psa-client-server/psasim/src/psa_sim_generate.pl index 76592151a4..97e92bc088 100755 --- a/tests/psa-client-server/psasim/src/psa_sim_generate.pl +++ b/tests/psa-client-server/psasim/src/psa_sim_generate.pl @@ -546,6 +546,13 @@ EOF print $fh < UINT32_MAX / 2) { /* arbitrary limit */ + return 0; /* too big to serialise */ + } + + /* We use 32-bit lengths, which should be enough for any reasonable usage :) */ + /* (the UINT32_MAX / 2 above is an even more conservative check to avoid overflow here) */ + uint32_t len = (uint32_t) (sizeof(data_length) + sizeof(*params) + data_length); + if (*remaining < SER_TAG_SIZE + sizeof(uint32_t) + len) { + return 0; + } + + char tag[SER_TAG_SIZE] = "PKPP"; + + memcpy(*pos, tag, sizeof(tag)); + memcpy(*pos + sizeof(tag), &len, sizeof(len)); + *pos += sizeof(tag) + sizeof(len); + *remaining -= sizeof(tag) + sizeof(len); + + memcpy(*pos, &data_length, sizeof(data_length)); + memcpy(*pos + sizeof(data_length), params, sizeof(*params) + data_length); + *pos += sizeof(data_length) + sizeof(*params) + data_length; + *remaining -= sizeof(data_length) + sizeof(*params) + data_length; + + return 1; +} + +int psasim_deserialise_psa_key_production_parameters_t(uint8_t **pos, + size_t *remaining, + psa_key_production_parameters_t **params, + size_t *data_length) +{ + if (*remaining < SER_TAG_SIZE + sizeof(uint32_t)) { + return 0; /* can't even be an empty serialisation */ + } + + char tag[SER_TAG_SIZE] = "PKPP"; /* expected */ + uint32_t len; + + memcpy(&len, *pos + sizeof(tag), sizeof(len)); + + if (memcmp(*pos, tag, sizeof(tag)) != 0) { + return 0; /* wrong tag */ + } + + *pos += sizeof(tag) + sizeof(len); + *remaining -= sizeof(tag) + sizeof(len); + + if (*remaining < sizeof(*data_length)) { + return 0; /* missing data_length */ + } + memcpy(data_length, *pos, sizeof(*data_length)); + + if ((size_t)len != (sizeof(data_length) + sizeof(**params) + *data_length)) { + return 0; /* wrong length */ + } + + if (*remaining < sizeof(*data_length) + sizeof(**params) + *data_length) { + return 0; /* not enough data provided */ + } + + *pos += sizeof(data_length); + *remaining -= sizeof(data_length); + + psa_key_production_parameters_t *out = malloc(sizeof(**params) + *data_length); + if (out == NULL) { + return 0; /* allocation failure */ + } + + memcpy(out, *pos, sizeof(*out) + *data_length); + *pos += sizeof(*out) + *data_length; + *remaining -= sizeof(*out) + *data_length; + + *params = out; + + return 1; +} +EOF +} + sub c_header { return <<'EOF'; From c3236b85da39e8c456fc96e20794e0476e57e712 Mon Sep 17 00:00:00 2001 From: Tom Cosgrove Date: Fri, 21 Jun 2024 16:11:25 +0100 Subject: [PATCH 373/429] psasim: add support for psa_key_derivation_xxx() and psa_raw_key_agreement() to the simulator Signed-off-by: Tom Cosgrove --- .../psasim/src/psa_functions_codes.h | 12 + .../psasim/src/psa_sim_crypto_client.c | 908 ++++++++++++++ .../psasim/src/psa_sim_crypto_server.c | 1082 +++++++++++++++++ .../psasim/src/psa_sim_generate.pl | 877 +++++++++++++ .../psasim/src/psa_sim_serialise.c | 316 +++++ .../psasim/src/psa_sim_serialise.h | 260 ++++ .../psasim/src/psa_sim_serialise.pl | 6 +- 7 files changed, 3460 insertions(+), 1 deletion(-) diff --git a/tests/psa-client-server/psasim/src/psa_functions_codes.h b/tests/psa-client-server/psasim/src/psa_functions_codes.h index 12c05e3cdd..c9b72e6f68 100644 --- a/tests/psa-client-server/psasim/src/psa_functions_codes.h +++ b/tests/psa-client-server/psasim/src/psa_functions_codes.h @@ -45,6 +45,17 @@ enum { PSA_HASH_UPDATE, PSA_HASH_VERIFY, PSA_IMPORT_KEY, + PSA_KEY_DERIVATION_ABORT, + PSA_KEY_DERIVATION_GET_CAPACITY, + PSA_KEY_DERIVATION_INPUT_BYTES, + PSA_KEY_DERIVATION_INPUT_INTEGER, + PSA_KEY_DERIVATION_INPUT_KEY, + PSA_KEY_DERIVATION_KEY_AGREEMENT, + PSA_KEY_DERIVATION_OUTPUT_BYTES, + PSA_KEY_DERIVATION_OUTPUT_KEY, + PSA_KEY_DERIVATION_OUTPUT_KEY_EXT, + PSA_KEY_DERIVATION_SET_CAPACITY, + PSA_KEY_DERIVATION_SETUP, PSA_MAC_ABORT, PSA_MAC_COMPUTE, PSA_MAC_SIGN_FINISH, @@ -53,6 +64,7 @@ enum { PSA_MAC_VERIFY, PSA_MAC_VERIFY_FINISH, PSA_MAC_VERIFY_SETUP, + PSA_RAW_KEY_AGREEMENT, }; #endif /* _PSA_FUNCTIONS_CODES_H_ */ diff --git a/tests/psa-client-server/psasim/src/psa_sim_crypto_client.c b/tests/psa-client-server/psasim/src/psa_sim_crypto_client.c index 1ae2dd7339..84f2b5a6ab 100644 --- a/tests/psa-client-server/psasim/src/psa_sim_crypto_client.c +++ b/tests/psa-client-server/psasim/src/psa_sim_crypto_client.c @@ -2705,6 +2705,822 @@ fail: } +psa_status_t psa_key_derivation_abort( + psa_key_derivation_operation_t *operation + ) +{ + uint8_t *ser_params = NULL; + uint8_t *ser_result = NULL; + size_t result_length; + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + + size_t needed = psasim_serialise_begin_needs() + + psasim_serialise_psa_key_derivation_operation_t_needs(*operation); + + ser_params = malloc(needed); + if (ser_params == NULL) { + status = PSA_ERROR_INSUFFICIENT_MEMORY; + goto fail; + } + + uint8_t *pos = ser_params; + size_t remaining = needed; + int ok; + ok = psasim_serialise_begin(&pos, &remaining); + if (!ok) { + goto fail; + } + ok = psasim_serialise_psa_key_derivation_operation_t(&pos, &remaining, *operation); + if (!ok) { + goto fail; + } + + ok = psa_crypto_call(PSA_KEY_DERIVATION_ABORT, + ser_params, (size_t) (pos - ser_params), &ser_result, &result_length); + if (!ok) { + printf("PSA_KEY_DERIVATION_ABORT server call failed\n"); + goto fail; + } + + uint8_t *rpos = ser_result; + size_t rremain = result_length; + + ok = psasim_deserialise_begin(&rpos, &rremain); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_psa_status_t(&rpos, &rremain, &status); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_psa_key_derivation_operation_t(&rpos, &rremain, operation); + if (!ok) { + goto fail; + } + +fail: + free(ser_params); + free(ser_result); + + return status; +} + + +psa_status_t psa_key_derivation_get_capacity( + const psa_key_derivation_operation_t *operation, + size_t *capacity + ) +{ + uint8_t *ser_params = NULL; + uint8_t *ser_result = NULL; + size_t result_length; + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + + size_t needed = psasim_serialise_begin_needs() + + psasim_serialise_psa_key_derivation_operation_t_needs(*operation) + + psasim_serialise_size_t_needs(*capacity); + + ser_params = malloc(needed); + if (ser_params == NULL) { + status = PSA_ERROR_INSUFFICIENT_MEMORY; + goto fail; + } + + uint8_t *pos = ser_params; + size_t remaining = needed; + int ok; + ok = psasim_serialise_begin(&pos, &remaining); + if (!ok) { + goto fail; + } + ok = psasim_serialise_psa_key_derivation_operation_t(&pos, &remaining, *operation); + if (!ok) { + goto fail; + } + ok = psasim_serialise_size_t(&pos, &remaining, *capacity); + if (!ok) { + goto fail; + } + + ok = psa_crypto_call(PSA_KEY_DERIVATION_GET_CAPACITY, + ser_params, (size_t) (pos - ser_params), &ser_result, &result_length); + if (!ok) { + printf("PSA_KEY_DERIVATION_GET_CAPACITY server call failed\n"); + goto fail; + } + + uint8_t *rpos = ser_result; + size_t rremain = result_length; + + ok = psasim_deserialise_begin(&rpos, &rremain); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_psa_status_t(&rpos, &rremain, &status); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_size_t(&rpos, &rremain, capacity); + if (!ok) { + goto fail; + } + +fail: + free(ser_params); + free(ser_result); + + return status; +} + + +psa_status_t psa_key_derivation_input_bytes( + psa_key_derivation_operation_t *operation, + psa_key_derivation_step_t step, + const uint8_t *data, size_t data_length + ) +{ + uint8_t *ser_params = NULL; + uint8_t *ser_result = NULL; + size_t result_length; + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + + size_t needed = psasim_serialise_begin_needs() + + psasim_serialise_psa_key_derivation_operation_t_needs(*operation) + + psasim_serialise_psa_key_derivation_step_t_needs(step) + + psasim_serialise_buffer_needs(data, data_length); + + ser_params = malloc(needed); + if (ser_params == NULL) { + status = PSA_ERROR_INSUFFICIENT_MEMORY; + goto fail; + } + + uint8_t *pos = ser_params; + size_t remaining = needed; + int ok; + ok = psasim_serialise_begin(&pos, &remaining); + if (!ok) { + goto fail; + } + ok = psasim_serialise_psa_key_derivation_operation_t(&pos, &remaining, *operation); + if (!ok) { + goto fail; + } + ok = psasim_serialise_psa_key_derivation_step_t(&pos, &remaining, step); + if (!ok) { + goto fail; + } + ok = psasim_serialise_buffer(&pos, &remaining, data, data_length); + if (!ok) { + goto fail; + } + + ok = psa_crypto_call(PSA_KEY_DERIVATION_INPUT_BYTES, + ser_params, (size_t) (pos - ser_params), &ser_result, &result_length); + if (!ok) { + printf("PSA_KEY_DERIVATION_INPUT_BYTES server call failed\n"); + goto fail; + } + + uint8_t *rpos = ser_result; + size_t rremain = result_length; + + ok = psasim_deserialise_begin(&rpos, &rremain); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_psa_status_t(&rpos, &rremain, &status); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_psa_key_derivation_operation_t(&rpos, &rremain, operation); + if (!ok) { + goto fail; + } + +fail: + free(ser_params); + free(ser_result); + + return status; +} + + +psa_status_t psa_key_derivation_input_integer( + psa_key_derivation_operation_t *operation, + psa_key_derivation_step_t step, + uint64_t value + ) +{ + uint8_t *ser_params = NULL; + uint8_t *ser_result = NULL; + size_t result_length; + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + + size_t needed = psasim_serialise_begin_needs() + + psasim_serialise_psa_key_derivation_operation_t_needs(*operation) + + psasim_serialise_psa_key_derivation_step_t_needs(step) + + psasim_serialise_uint64_t_needs(value); + + ser_params = malloc(needed); + if (ser_params == NULL) { + status = PSA_ERROR_INSUFFICIENT_MEMORY; + goto fail; + } + + uint8_t *pos = ser_params; + size_t remaining = needed; + int ok; + ok = psasim_serialise_begin(&pos, &remaining); + if (!ok) { + goto fail; + } + ok = psasim_serialise_psa_key_derivation_operation_t(&pos, &remaining, *operation); + if (!ok) { + goto fail; + } + ok = psasim_serialise_psa_key_derivation_step_t(&pos, &remaining, step); + if (!ok) { + goto fail; + } + ok = psasim_serialise_uint64_t(&pos, &remaining, value); + if (!ok) { + goto fail; + } + + ok = psa_crypto_call(PSA_KEY_DERIVATION_INPUT_INTEGER, + ser_params, (size_t) (pos - ser_params), &ser_result, &result_length); + if (!ok) { + printf("PSA_KEY_DERIVATION_INPUT_INTEGER server call failed\n"); + goto fail; + } + + uint8_t *rpos = ser_result; + size_t rremain = result_length; + + ok = psasim_deserialise_begin(&rpos, &rremain); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_psa_status_t(&rpos, &rremain, &status); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_psa_key_derivation_operation_t(&rpos, &rremain, operation); + if (!ok) { + goto fail; + } + +fail: + free(ser_params); + free(ser_result); + + return status; +} + + +psa_status_t psa_key_derivation_input_key( + psa_key_derivation_operation_t *operation, + psa_key_derivation_step_t step, + mbedtls_svc_key_id_t key + ) +{ + uint8_t *ser_params = NULL; + uint8_t *ser_result = NULL; + size_t result_length; + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + + size_t needed = psasim_serialise_begin_needs() + + psasim_serialise_psa_key_derivation_operation_t_needs(*operation) + + psasim_serialise_psa_key_derivation_step_t_needs(step) + + psasim_serialise_mbedtls_svc_key_id_t_needs(key); + + ser_params = malloc(needed); + if (ser_params == NULL) { + status = PSA_ERROR_INSUFFICIENT_MEMORY; + goto fail; + } + + uint8_t *pos = ser_params; + size_t remaining = needed; + int ok; + ok = psasim_serialise_begin(&pos, &remaining); + if (!ok) { + goto fail; + } + ok = psasim_serialise_psa_key_derivation_operation_t(&pos, &remaining, *operation); + if (!ok) { + goto fail; + } + ok = psasim_serialise_psa_key_derivation_step_t(&pos, &remaining, step); + if (!ok) { + goto fail; + } + ok = psasim_serialise_mbedtls_svc_key_id_t(&pos, &remaining, key); + if (!ok) { + goto fail; + } + + ok = psa_crypto_call(PSA_KEY_DERIVATION_INPUT_KEY, + ser_params, (size_t) (pos - ser_params), &ser_result, &result_length); + if (!ok) { + printf("PSA_KEY_DERIVATION_INPUT_KEY server call failed\n"); + goto fail; + } + + uint8_t *rpos = ser_result; + size_t rremain = result_length; + + ok = psasim_deserialise_begin(&rpos, &rremain); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_psa_status_t(&rpos, &rremain, &status); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_psa_key_derivation_operation_t(&rpos, &rremain, operation); + if (!ok) { + goto fail; + } + +fail: + free(ser_params); + free(ser_result); + + return status; +} + + +psa_status_t psa_key_derivation_key_agreement( + psa_key_derivation_operation_t *operation, + psa_key_derivation_step_t step, + mbedtls_svc_key_id_t private_key, + const uint8_t *peer_key, size_t peer_key_length + ) +{ + uint8_t *ser_params = NULL; + uint8_t *ser_result = NULL; + size_t result_length; + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + + size_t needed = psasim_serialise_begin_needs() + + psasim_serialise_psa_key_derivation_operation_t_needs(*operation) + + psasim_serialise_psa_key_derivation_step_t_needs(step) + + psasim_serialise_mbedtls_svc_key_id_t_needs(private_key) + + psasim_serialise_buffer_needs(peer_key, peer_key_length); + + ser_params = malloc(needed); + if (ser_params == NULL) { + status = PSA_ERROR_INSUFFICIENT_MEMORY; + goto fail; + } + + uint8_t *pos = ser_params; + size_t remaining = needed; + int ok; + ok = psasim_serialise_begin(&pos, &remaining); + if (!ok) { + goto fail; + } + ok = psasim_serialise_psa_key_derivation_operation_t(&pos, &remaining, *operation); + if (!ok) { + goto fail; + } + ok = psasim_serialise_psa_key_derivation_step_t(&pos, &remaining, step); + if (!ok) { + goto fail; + } + ok = psasim_serialise_mbedtls_svc_key_id_t(&pos, &remaining, private_key); + if (!ok) { + goto fail; + } + ok = psasim_serialise_buffer(&pos, &remaining, peer_key, peer_key_length); + if (!ok) { + goto fail; + } + + ok = psa_crypto_call(PSA_KEY_DERIVATION_KEY_AGREEMENT, + ser_params, (size_t) (pos - ser_params), &ser_result, &result_length); + if (!ok) { + printf("PSA_KEY_DERIVATION_KEY_AGREEMENT server call failed\n"); + goto fail; + } + + uint8_t *rpos = ser_result; + size_t rremain = result_length; + + ok = psasim_deserialise_begin(&rpos, &rremain); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_psa_status_t(&rpos, &rremain, &status); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_psa_key_derivation_operation_t(&rpos, &rremain, operation); + if (!ok) { + goto fail; + } + +fail: + free(ser_params); + free(ser_result); + + return status; +} + + +psa_status_t psa_key_derivation_output_bytes( + psa_key_derivation_operation_t *operation, + uint8_t *output, size_t output_length + ) +{ + uint8_t *ser_params = NULL; + uint8_t *ser_result = NULL; + size_t result_length; + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + + size_t needed = psasim_serialise_begin_needs() + + psasim_serialise_psa_key_derivation_operation_t_needs(*operation) + + psasim_serialise_buffer_needs(output, output_length); + + ser_params = malloc(needed); + if (ser_params == NULL) { + status = PSA_ERROR_INSUFFICIENT_MEMORY; + goto fail; + } + + uint8_t *pos = ser_params; + size_t remaining = needed; + int ok; + ok = psasim_serialise_begin(&pos, &remaining); + if (!ok) { + goto fail; + } + ok = psasim_serialise_psa_key_derivation_operation_t(&pos, &remaining, *operation); + if (!ok) { + goto fail; + } + ok = psasim_serialise_buffer(&pos, &remaining, output, output_length); + if (!ok) { + goto fail; + } + + ok = psa_crypto_call(PSA_KEY_DERIVATION_OUTPUT_BYTES, + ser_params, (size_t) (pos - ser_params), &ser_result, &result_length); + if (!ok) { + printf("PSA_KEY_DERIVATION_OUTPUT_BYTES server call failed\n"); + goto fail; + } + + uint8_t *rpos = ser_result; + size_t rremain = result_length; + + ok = psasim_deserialise_begin(&rpos, &rremain); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_psa_status_t(&rpos, &rremain, &status); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_psa_key_derivation_operation_t(&rpos, &rremain, operation); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_return_buffer(&rpos, &rremain, output, output_length); + if (!ok) { + goto fail; + } + +fail: + free(ser_params); + free(ser_result); + + return status; +} + + +psa_status_t psa_key_derivation_output_key( + const psa_key_attributes_t *attributes, + psa_key_derivation_operation_t *operation, + mbedtls_svc_key_id_t *key + ) +{ + uint8_t *ser_params = NULL; + uint8_t *ser_result = NULL; + size_t result_length; + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + + size_t needed = psasim_serialise_begin_needs() + + psasim_serialise_psa_key_attributes_t_needs(*attributes) + + psasim_serialise_psa_key_derivation_operation_t_needs(*operation) + + psasim_serialise_mbedtls_svc_key_id_t_needs(*key); + + ser_params = malloc(needed); + if (ser_params == NULL) { + status = PSA_ERROR_INSUFFICIENT_MEMORY; + goto fail; + } + + uint8_t *pos = ser_params; + size_t remaining = needed; + int ok; + ok = psasim_serialise_begin(&pos, &remaining); + if (!ok) { + goto fail; + } + ok = psasim_serialise_psa_key_attributes_t(&pos, &remaining, *attributes); + if (!ok) { + goto fail; + } + ok = psasim_serialise_psa_key_derivation_operation_t(&pos, &remaining, *operation); + if (!ok) { + goto fail; + } + ok = psasim_serialise_mbedtls_svc_key_id_t(&pos, &remaining, *key); + if (!ok) { + goto fail; + } + + ok = psa_crypto_call(PSA_KEY_DERIVATION_OUTPUT_KEY, + ser_params, (size_t) (pos - ser_params), &ser_result, &result_length); + if (!ok) { + printf("PSA_KEY_DERIVATION_OUTPUT_KEY server call failed\n"); + goto fail; + } + + uint8_t *rpos = ser_result; + size_t rremain = result_length; + + ok = psasim_deserialise_begin(&rpos, &rremain); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_psa_status_t(&rpos, &rremain, &status); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_psa_key_derivation_operation_t(&rpos, &rremain, operation); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_mbedtls_svc_key_id_t(&rpos, &rremain, key); + if (!ok) { + goto fail; + } + +fail: + free(ser_params); + free(ser_result); + + return status; +} + + +psa_status_t psa_key_derivation_output_key_ext( + const psa_key_attributes_t *attributes, + psa_key_derivation_operation_t *operation, + const psa_key_production_parameters_t *params, size_t params_data_length, + mbedtls_svc_key_id_t *key + ) +{ + uint8_t *ser_params = NULL; + uint8_t *ser_result = NULL; + size_t result_length; + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + + size_t needed = psasim_serialise_begin_needs() + + psasim_serialise_psa_key_attributes_t_needs(*attributes) + + psasim_serialise_psa_key_derivation_operation_t_needs(*operation) + + psasim_serialise_psa_key_production_parameters_t_needs(params, params_data_length) + + psasim_serialise_mbedtls_svc_key_id_t_needs(*key); + + ser_params = malloc(needed); + if (ser_params == NULL) { + status = PSA_ERROR_INSUFFICIENT_MEMORY; + goto fail; + } + + uint8_t *pos = ser_params; + size_t remaining = needed; + int ok; + ok = psasim_serialise_begin(&pos, &remaining); + if (!ok) { + goto fail; + } + ok = psasim_serialise_psa_key_attributes_t(&pos, &remaining, *attributes); + if (!ok) { + goto fail; + } + ok = psasim_serialise_psa_key_derivation_operation_t(&pos, &remaining, *operation); + if (!ok) { + goto fail; + } + ok = psasim_serialise_psa_key_production_parameters_t(&pos, &remaining, params, params_data_length); + if (!ok) { + goto fail; + } + ok = psasim_serialise_mbedtls_svc_key_id_t(&pos, &remaining, *key); + if (!ok) { + goto fail; + } + + ok = psa_crypto_call(PSA_KEY_DERIVATION_OUTPUT_KEY_EXT, + ser_params, (size_t) (pos - ser_params), &ser_result, &result_length); + if (!ok) { + printf("PSA_KEY_DERIVATION_OUTPUT_KEY_EXT server call failed\n"); + goto fail; + } + + uint8_t *rpos = ser_result; + size_t rremain = result_length; + + ok = psasim_deserialise_begin(&rpos, &rremain); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_psa_status_t(&rpos, &rremain, &status); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_psa_key_derivation_operation_t(&rpos, &rremain, operation); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_mbedtls_svc_key_id_t(&rpos, &rremain, key); + if (!ok) { + goto fail; + } + +fail: + free(ser_params); + free(ser_result); + + return status; +} + + +psa_status_t psa_key_derivation_set_capacity( + psa_key_derivation_operation_t *operation, + size_t capacity + ) +{ + uint8_t *ser_params = NULL; + uint8_t *ser_result = NULL; + size_t result_length; + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + + size_t needed = psasim_serialise_begin_needs() + + psasim_serialise_psa_key_derivation_operation_t_needs(*operation) + + psasim_serialise_size_t_needs(capacity); + + ser_params = malloc(needed); + if (ser_params == NULL) { + status = PSA_ERROR_INSUFFICIENT_MEMORY; + goto fail; + } + + uint8_t *pos = ser_params; + size_t remaining = needed; + int ok; + ok = psasim_serialise_begin(&pos, &remaining); + if (!ok) { + goto fail; + } + ok = psasim_serialise_psa_key_derivation_operation_t(&pos, &remaining, *operation); + if (!ok) { + goto fail; + } + ok = psasim_serialise_size_t(&pos, &remaining, capacity); + if (!ok) { + goto fail; + } + + ok = psa_crypto_call(PSA_KEY_DERIVATION_SET_CAPACITY, + ser_params, (size_t) (pos - ser_params), &ser_result, &result_length); + if (!ok) { + printf("PSA_KEY_DERIVATION_SET_CAPACITY server call failed\n"); + goto fail; + } + + uint8_t *rpos = ser_result; + size_t rremain = result_length; + + ok = psasim_deserialise_begin(&rpos, &rremain); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_psa_status_t(&rpos, &rremain, &status); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_psa_key_derivation_operation_t(&rpos, &rremain, operation); + if (!ok) { + goto fail; + } + +fail: + free(ser_params); + free(ser_result); + + return status; +} + + +psa_status_t psa_key_derivation_setup( + psa_key_derivation_operation_t *operation, + psa_algorithm_t alg + ) +{ + uint8_t *ser_params = NULL; + uint8_t *ser_result = NULL; + size_t result_length; + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + + size_t needed = psasim_serialise_begin_needs() + + psasim_serialise_psa_key_derivation_operation_t_needs(*operation) + + psasim_serialise_psa_algorithm_t_needs(alg); + + ser_params = malloc(needed); + if (ser_params == NULL) { + status = PSA_ERROR_INSUFFICIENT_MEMORY; + goto fail; + } + + uint8_t *pos = ser_params; + size_t remaining = needed; + int ok; + ok = psasim_serialise_begin(&pos, &remaining); + if (!ok) { + goto fail; + } + ok = psasim_serialise_psa_key_derivation_operation_t(&pos, &remaining, *operation); + if (!ok) { + goto fail; + } + ok = psasim_serialise_psa_algorithm_t(&pos, &remaining, alg); + if (!ok) { + goto fail; + } + + ok = psa_crypto_call(PSA_KEY_DERIVATION_SETUP, + ser_params, (size_t) (pos - ser_params), &ser_result, &result_length); + if (!ok) { + printf("PSA_KEY_DERIVATION_SETUP server call failed\n"); + goto fail; + } + + uint8_t *rpos = ser_result; + size_t rremain = result_length; + + ok = psasim_deserialise_begin(&rpos, &rremain); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_psa_status_t(&rpos, &rremain, &status); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_psa_key_derivation_operation_t(&rpos, &rremain, operation); + if (!ok) { + goto fail; + } + +fail: + free(ser_params); + free(ser_result); + + return status; +} + + psa_status_t psa_mac_abort( psa_mac_operation_t *operation ) @@ -3307,3 +4123,95 @@ fail: return status; } + + +psa_status_t psa_raw_key_agreement( + psa_algorithm_t alg, + mbedtls_svc_key_id_t private_key, + const uint8_t *peer_key, size_t peer_key_length, + uint8_t *output, size_t output_size, + size_t *output_length + ) +{ + uint8_t *ser_params = NULL; + uint8_t *ser_result = NULL; + size_t result_length; + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + + size_t needed = psasim_serialise_begin_needs() + + psasim_serialise_psa_algorithm_t_needs(alg) + + psasim_serialise_mbedtls_svc_key_id_t_needs(private_key) + + psasim_serialise_buffer_needs(peer_key, peer_key_length) + + psasim_serialise_buffer_needs(output, output_size) + + psasim_serialise_size_t_needs(*output_length); + + ser_params = malloc(needed); + if (ser_params == NULL) { + status = PSA_ERROR_INSUFFICIENT_MEMORY; + goto fail; + } + + uint8_t *pos = ser_params; + size_t remaining = needed; + int ok; + ok = psasim_serialise_begin(&pos, &remaining); + if (!ok) { + goto fail; + } + ok = psasim_serialise_psa_algorithm_t(&pos, &remaining, alg); + if (!ok) { + goto fail; + } + ok = psasim_serialise_mbedtls_svc_key_id_t(&pos, &remaining, private_key); + if (!ok) { + goto fail; + } + ok = psasim_serialise_buffer(&pos, &remaining, peer_key, peer_key_length); + if (!ok) { + goto fail; + } + ok = psasim_serialise_buffer(&pos, &remaining, output, output_size); + if (!ok) { + goto fail; + } + ok = psasim_serialise_size_t(&pos, &remaining, *output_length); + if (!ok) { + goto fail; + } + + ok = psa_crypto_call(PSA_RAW_KEY_AGREEMENT, + ser_params, (size_t) (pos - ser_params), &ser_result, &result_length); + if (!ok) { + printf("PSA_RAW_KEY_AGREEMENT server call failed\n"); + goto fail; + } + + uint8_t *rpos = ser_result; + size_t rremain = result_length; + + ok = psasim_deserialise_begin(&rpos, &rremain); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_psa_status_t(&rpos, &rremain, &status); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_return_buffer(&rpos, &rremain, output, output_size); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_size_t(&rpos, &rremain, output_length); + if (!ok) { + goto fail; + } + +fail: + free(ser_params); + free(ser_result); + + return status; +} diff --git a/tests/psa-client-server/psasim/src/psa_sim_crypto_server.c b/tests/psa-client-server/psasim/src/psa_sim_crypto_server.c index 897d50451d..92ce96a904 100644 --- a/tests/psa-client-server/psasim/src/psa_sim_crypto_server.c +++ b/tests/psa-client-server/psasim/src/psa_sim_crypto_server.c @@ -3082,6 +3082,929 @@ fail: return 0; // This shouldn't happen! } +// Returns 1 for success, 0 for failure +int psa_key_derivation_abort_wrapper( + uint8_t *in_params, size_t in_params_len, + uint8_t **out_params, size_t *out_params_len) +{ + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + psa_key_derivation_operation_t *operation; + + uint8_t *pos = in_params; + size_t remaining = in_params_len; + uint8_t *result = NULL; + int ok; + + ok = psasim_deserialise_begin(&pos, &remaining); + if (!ok) { + goto fail; + } + + ok = psasim_server_deserialise_psa_key_derivation_operation_t(&pos, &remaining, &operation); + if (!ok) { + goto fail; + } + + // Now we call the actual target function + + status = psa_key_derivation_abort( + operation + ); + + // NOTE: Should really check there is no overflow as we go along. + size_t result_size = + psasim_serialise_begin_needs() + + psasim_serialise_psa_status_t_needs(status) + + psasim_server_serialise_psa_key_derivation_operation_t_needs(operation); + + result = malloc(result_size); + if (result == NULL) { + goto fail; + } + + uint8_t *rpos = result; + size_t rremain = result_size; + + ok = psasim_serialise_begin(&rpos, &rremain); + if (!ok) { + goto fail; + } + + ok = psasim_serialise_psa_status_t(&rpos, &rremain, status); + if (!ok) { + goto fail; + } + + ok = psasim_server_serialise_psa_key_derivation_operation_t(&rpos, &rremain, operation); + if (!ok) { + goto fail; + } + + *out_params = result; + *out_params_len = result_size; + + return 1; // success + +fail: + free(result); + + return 0; // This shouldn't happen! +} + +// Returns 1 for success, 0 for failure +int psa_key_derivation_get_capacity_wrapper( + uint8_t *in_params, size_t in_params_len, + uint8_t **out_params, size_t *out_params_len) +{ + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + psa_key_derivation_operation_t *operation; + size_t capacity; + + uint8_t *pos = in_params; + size_t remaining = in_params_len; + uint8_t *result = NULL; + int ok; + + ok = psasim_deserialise_begin(&pos, &remaining); + if (!ok) { + goto fail; + } + + ok = psasim_server_deserialise_psa_key_derivation_operation_t(&pos, &remaining, &operation); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_size_t(&pos, &remaining, &capacity); + if (!ok) { + goto fail; + } + + // Now we call the actual target function + + status = psa_key_derivation_get_capacity( + operation, + &capacity + ); + + // NOTE: Should really check there is no overflow as we go along. + size_t result_size = + psasim_serialise_begin_needs() + + psasim_serialise_psa_status_t_needs(status) + + psasim_serialise_size_t_needs(capacity); + + result = malloc(result_size); + if (result == NULL) { + goto fail; + } + + uint8_t *rpos = result; + size_t rremain = result_size; + + ok = psasim_serialise_begin(&rpos, &rremain); + if (!ok) { + goto fail; + } + + ok = psasim_serialise_psa_status_t(&rpos, &rremain, status); + if (!ok) { + goto fail; + } + + ok = psasim_serialise_size_t(&rpos, &rremain, capacity); + if (!ok) { + goto fail; + } + + *out_params = result; + *out_params_len = result_size; + + return 1; // success + +fail: + free(result); + + return 0; // This shouldn't happen! +} + +// Returns 1 for success, 0 for failure +int psa_key_derivation_input_bytes_wrapper( + uint8_t *in_params, size_t in_params_len, + uint8_t **out_params, size_t *out_params_len) +{ + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + psa_key_derivation_operation_t *operation; + psa_key_derivation_step_t step; + uint8_t *data = NULL; + size_t data_length; + + uint8_t *pos = in_params; + size_t remaining = in_params_len; + uint8_t *result = NULL; + int ok; + + ok = psasim_deserialise_begin(&pos, &remaining); + if (!ok) { + goto fail; + } + + ok = psasim_server_deserialise_psa_key_derivation_operation_t(&pos, &remaining, &operation); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_psa_key_derivation_step_t(&pos, &remaining, &step); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_buffer(&pos, &remaining, &data, &data_length); + if (!ok) { + goto fail; + } + + // Now we call the actual target function + + status = psa_key_derivation_input_bytes( + operation, + step, + data, data_length + ); + + // NOTE: Should really check there is no overflow as we go along. + size_t result_size = + psasim_serialise_begin_needs() + + psasim_serialise_psa_status_t_needs(status) + + psasim_server_serialise_psa_key_derivation_operation_t_needs(operation); + + result = malloc(result_size); + if (result == NULL) { + goto fail; + } + + uint8_t *rpos = result; + size_t rremain = result_size; + + ok = psasim_serialise_begin(&rpos, &rremain); + if (!ok) { + goto fail; + } + + ok = psasim_serialise_psa_status_t(&rpos, &rremain, status); + if (!ok) { + goto fail; + } + + ok = psasim_server_serialise_psa_key_derivation_operation_t(&rpos, &rremain, operation); + if (!ok) { + goto fail; + } + + *out_params = result; + *out_params_len = result_size; + + free(data); + + return 1; // success + +fail: + free(result); + + free(data); + + return 0; // This shouldn't happen! +} + +// Returns 1 for success, 0 for failure +int psa_key_derivation_input_integer_wrapper( + uint8_t *in_params, size_t in_params_len, + uint8_t **out_params, size_t *out_params_len) +{ + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + psa_key_derivation_operation_t *operation; + psa_key_derivation_step_t step; + uint64_t value; + + uint8_t *pos = in_params; + size_t remaining = in_params_len; + uint8_t *result = NULL; + int ok; + + ok = psasim_deserialise_begin(&pos, &remaining); + if (!ok) { + goto fail; + } + + ok = psasim_server_deserialise_psa_key_derivation_operation_t(&pos, &remaining, &operation); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_psa_key_derivation_step_t(&pos, &remaining, &step); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_uint64_t(&pos, &remaining, &value); + if (!ok) { + goto fail; + } + + // Now we call the actual target function + + status = psa_key_derivation_input_integer( + operation, + step, + value + ); + + // NOTE: Should really check there is no overflow as we go along. + size_t result_size = + psasim_serialise_begin_needs() + + psasim_serialise_psa_status_t_needs(status) + + psasim_server_serialise_psa_key_derivation_operation_t_needs(operation); + + result = malloc(result_size); + if (result == NULL) { + goto fail; + } + + uint8_t *rpos = result; + size_t rremain = result_size; + + ok = psasim_serialise_begin(&rpos, &rremain); + if (!ok) { + goto fail; + } + + ok = psasim_serialise_psa_status_t(&rpos, &rremain, status); + if (!ok) { + goto fail; + } + + ok = psasim_server_serialise_psa_key_derivation_operation_t(&rpos, &rremain, operation); + if (!ok) { + goto fail; + } + + *out_params = result; + *out_params_len = result_size; + + return 1; // success + +fail: + free(result); + + return 0; // This shouldn't happen! +} + +// Returns 1 for success, 0 for failure +int psa_key_derivation_input_key_wrapper( + uint8_t *in_params, size_t in_params_len, + uint8_t **out_params, size_t *out_params_len) +{ + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + psa_key_derivation_operation_t *operation; + psa_key_derivation_step_t step; + mbedtls_svc_key_id_t key; + + uint8_t *pos = in_params; + size_t remaining = in_params_len; + uint8_t *result = NULL; + int ok; + + ok = psasim_deserialise_begin(&pos, &remaining); + if (!ok) { + goto fail; + } + + ok = psasim_server_deserialise_psa_key_derivation_operation_t(&pos, &remaining, &operation); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_psa_key_derivation_step_t(&pos, &remaining, &step); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_mbedtls_svc_key_id_t(&pos, &remaining, &key); + if (!ok) { + goto fail; + } + + // Now we call the actual target function + + status = psa_key_derivation_input_key( + operation, + step, + key + ); + + // NOTE: Should really check there is no overflow as we go along. + size_t result_size = + psasim_serialise_begin_needs() + + psasim_serialise_psa_status_t_needs(status) + + psasim_server_serialise_psa_key_derivation_operation_t_needs(operation); + + result = malloc(result_size); + if (result == NULL) { + goto fail; + } + + uint8_t *rpos = result; + size_t rremain = result_size; + + ok = psasim_serialise_begin(&rpos, &rremain); + if (!ok) { + goto fail; + } + + ok = psasim_serialise_psa_status_t(&rpos, &rremain, status); + if (!ok) { + goto fail; + } + + ok = psasim_server_serialise_psa_key_derivation_operation_t(&rpos, &rremain, operation); + if (!ok) { + goto fail; + } + + *out_params = result; + *out_params_len = result_size; + + return 1; // success + +fail: + free(result); + + return 0; // This shouldn't happen! +} + +// Returns 1 for success, 0 for failure +int psa_key_derivation_key_agreement_wrapper( + uint8_t *in_params, size_t in_params_len, + uint8_t **out_params, size_t *out_params_len) +{ + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + psa_key_derivation_operation_t *operation; + psa_key_derivation_step_t step; + mbedtls_svc_key_id_t private_key; + uint8_t *peer_key = NULL; + size_t peer_key_length; + + uint8_t *pos = in_params; + size_t remaining = in_params_len; + uint8_t *result = NULL; + int ok; + + ok = psasim_deserialise_begin(&pos, &remaining); + if (!ok) { + goto fail; + } + + ok = psasim_server_deserialise_psa_key_derivation_operation_t(&pos, &remaining, &operation); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_psa_key_derivation_step_t(&pos, &remaining, &step); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_mbedtls_svc_key_id_t(&pos, &remaining, &private_key); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_buffer(&pos, &remaining, &peer_key, &peer_key_length); + if (!ok) { + goto fail; + } + + // Now we call the actual target function + + status = psa_key_derivation_key_agreement( + operation, + step, + private_key, + peer_key, peer_key_length + ); + + // NOTE: Should really check there is no overflow as we go along. + size_t result_size = + psasim_serialise_begin_needs() + + psasim_serialise_psa_status_t_needs(status) + + psasim_server_serialise_psa_key_derivation_operation_t_needs(operation); + + result = malloc(result_size); + if (result == NULL) { + goto fail; + } + + uint8_t *rpos = result; + size_t rremain = result_size; + + ok = psasim_serialise_begin(&rpos, &rremain); + if (!ok) { + goto fail; + } + + ok = psasim_serialise_psa_status_t(&rpos, &rremain, status); + if (!ok) { + goto fail; + } + + ok = psasim_server_serialise_psa_key_derivation_operation_t(&rpos, &rremain, operation); + if (!ok) { + goto fail; + } + + *out_params = result; + *out_params_len = result_size; + + free(peer_key); + + return 1; // success + +fail: + free(result); + + free(peer_key); + + return 0; // This shouldn't happen! +} + +// Returns 1 for success, 0 for failure +int psa_key_derivation_output_bytes_wrapper( + uint8_t *in_params, size_t in_params_len, + uint8_t **out_params, size_t *out_params_len) +{ + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + psa_key_derivation_operation_t *operation; + uint8_t *output = NULL; + size_t output_length; + + uint8_t *pos = in_params; + size_t remaining = in_params_len; + uint8_t *result = NULL; + int ok; + + ok = psasim_deserialise_begin(&pos, &remaining); + if (!ok) { + goto fail; + } + + ok = psasim_server_deserialise_psa_key_derivation_operation_t(&pos, &remaining, &operation); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_buffer(&pos, &remaining, &output, &output_length); + if (!ok) { + goto fail; + } + + // Now we call the actual target function + + status = psa_key_derivation_output_bytes( + operation, + output, output_length + ); + + // NOTE: Should really check there is no overflow as we go along. + size_t result_size = + psasim_serialise_begin_needs() + + psasim_serialise_psa_status_t_needs(status) + + psasim_server_serialise_psa_key_derivation_operation_t_needs(operation) + + psasim_serialise_buffer_needs(output, output_length); + + result = malloc(result_size); + if (result == NULL) { + goto fail; + } + + uint8_t *rpos = result; + size_t rremain = result_size; + + ok = psasim_serialise_begin(&rpos, &rremain); + if (!ok) { + goto fail; + } + + ok = psasim_serialise_psa_status_t(&rpos, &rremain, status); + if (!ok) { + goto fail; + } + + ok = psasim_server_serialise_psa_key_derivation_operation_t(&rpos, &rremain, operation); + if (!ok) { + goto fail; + } + + ok = psasim_serialise_buffer(&rpos, &rremain, output, output_length); + if (!ok) { + goto fail; + } + + *out_params = result; + *out_params_len = result_size; + + free(output); + + return 1; // success + +fail: + free(result); + + free(output); + + return 0; // This shouldn't happen! +} + +// Returns 1 for success, 0 for failure +int psa_key_derivation_output_key_wrapper( + uint8_t *in_params, size_t in_params_len, + uint8_t **out_params, size_t *out_params_len) +{ + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + psa_key_attributes_t attributes; + psa_key_derivation_operation_t *operation; + mbedtls_svc_key_id_t key; + + uint8_t *pos = in_params; + size_t remaining = in_params_len; + uint8_t *result = NULL; + int ok; + + ok = psasim_deserialise_begin(&pos, &remaining); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_psa_key_attributes_t(&pos, &remaining, &attributes); + if (!ok) { + goto fail; + } + + ok = psasim_server_deserialise_psa_key_derivation_operation_t(&pos, &remaining, &operation); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_mbedtls_svc_key_id_t(&pos, &remaining, &key); + if (!ok) { + goto fail; + } + + // Now we call the actual target function + + status = psa_key_derivation_output_key( + &attributes, + operation, + &key + ); + + // NOTE: Should really check there is no overflow as we go along. + size_t result_size = + psasim_serialise_begin_needs() + + psasim_serialise_psa_status_t_needs(status) + + psasim_server_serialise_psa_key_derivation_operation_t_needs(operation) + + psasim_serialise_mbedtls_svc_key_id_t_needs(key); + + result = malloc(result_size); + if (result == NULL) { + goto fail; + } + + uint8_t *rpos = result; + size_t rremain = result_size; + + ok = psasim_serialise_begin(&rpos, &rremain); + if (!ok) { + goto fail; + } + + ok = psasim_serialise_psa_status_t(&rpos, &rremain, status); + if (!ok) { + goto fail; + } + + ok = psasim_server_serialise_psa_key_derivation_operation_t(&rpos, &rremain, operation); + if (!ok) { + goto fail; + } + + ok = psasim_serialise_mbedtls_svc_key_id_t(&rpos, &rremain, key); + if (!ok) { + goto fail; + } + + *out_params = result; + *out_params_len = result_size; + + return 1; // success + +fail: + free(result); + + return 0; // This shouldn't happen! +} + +// Returns 1 for success, 0 for failure +int psa_key_derivation_output_key_ext_wrapper( + uint8_t *in_params, size_t in_params_len, + uint8_t **out_params, size_t *out_params_len) +{ + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + psa_key_attributes_t attributes; + psa_key_derivation_operation_t *operation; + psa_key_production_parameters_t *params = NULL; + size_t params_data_length; + mbedtls_svc_key_id_t key; + + uint8_t *pos = in_params; + size_t remaining = in_params_len; + uint8_t *result = NULL; + int ok; + + ok = psasim_deserialise_begin(&pos, &remaining); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_psa_key_attributes_t(&pos, &remaining, &attributes); + if (!ok) { + goto fail; + } + + ok = psasim_server_deserialise_psa_key_derivation_operation_t(&pos, &remaining, &operation); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_psa_key_production_parameters_t(&pos, &remaining, ¶ms, ¶ms_data_length); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_mbedtls_svc_key_id_t(&pos, &remaining, &key); + if (!ok) { + goto fail; + } + + // Now we call the actual target function + + status = psa_key_derivation_output_key_ext( + &attributes, + operation, + params, params_data_length, + &key + ); + + // NOTE: Should really check there is no overflow as we go along. + size_t result_size = + psasim_serialise_begin_needs() + + psasim_serialise_psa_status_t_needs(status) + + psasim_server_serialise_psa_key_derivation_operation_t_needs(operation) + + psasim_serialise_mbedtls_svc_key_id_t_needs(key); + + result = malloc(result_size); + if (result == NULL) { + goto fail; + } + + uint8_t *rpos = result; + size_t rremain = result_size; + + ok = psasim_serialise_begin(&rpos, &rremain); + if (!ok) { + goto fail; + } + + ok = psasim_serialise_psa_status_t(&rpos, &rremain, status); + if (!ok) { + goto fail; + } + + ok = psasim_server_serialise_psa_key_derivation_operation_t(&rpos, &rremain, operation); + if (!ok) { + goto fail; + } + + ok = psasim_serialise_mbedtls_svc_key_id_t(&rpos, &rremain, key); + if (!ok) { + goto fail; + } + + *out_params = result; + *out_params_len = result_size; + + free(params); + + return 1; // success + +fail: + free(result); + + free(params); + + return 0; // This shouldn't happen! +} + +// Returns 1 for success, 0 for failure +int psa_key_derivation_set_capacity_wrapper( + uint8_t *in_params, size_t in_params_len, + uint8_t **out_params, size_t *out_params_len) +{ + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + psa_key_derivation_operation_t *operation; + size_t capacity; + + uint8_t *pos = in_params; + size_t remaining = in_params_len; + uint8_t *result = NULL; + int ok; + + ok = psasim_deserialise_begin(&pos, &remaining); + if (!ok) { + goto fail; + } + + ok = psasim_server_deserialise_psa_key_derivation_operation_t(&pos, &remaining, &operation); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_size_t(&pos, &remaining, &capacity); + if (!ok) { + goto fail; + } + + // Now we call the actual target function + + status = psa_key_derivation_set_capacity( + operation, + capacity + ); + + // NOTE: Should really check there is no overflow as we go along. + size_t result_size = + psasim_serialise_begin_needs() + + psasim_serialise_psa_status_t_needs(status) + + psasim_server_serialise_psa_key_derivation_operation_t_needs(operation); + + result = malloc(result_size); + if (result == NULL) { + goto fail; + } + + uint8_t *rpos = result; + size_t rremain = result_size; + + ok = psasim_serialise_begin(&rpos, &rremain); + if (!ok) { + goto fail; + } + + ok = psasim_serialise_psa_status_t(&rpos, &rremain, status); + if (!ok) { + goto fail; + } + + ok = psasim_server_serialise_psa_key_derivation_operation_t(&rpos, &rremain, operation); + if (!ok) { + goto fail; + } + + *out_params = result; + *out_params_len = result_size; + + return 1; // success + +fail: + free(result); + + return 0; // This shouldn't happen! +} + +// Returns 1 for success, 0 for failure +int psa_key_derivation_setup_wrapper( + uint8_t *in_params, size_t in_params_len, + uint8_t **out_params, size_t *out_params_len) +{ + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + psa_key_derivation_operation_t *operation; + psa_algorithm_t alg; + + uint8_t *pos = in_params; + size_t remaining = in_params_len; + uint8_t *result = NULL; + int ok; + + ok = psasim_deserialise_begin(&pos, &remaining); + if (!ok) { + goto fail; + } + + ok = psasim_server_deserialise_psa_key_derivation_operation_t(&pos, &remaining, &operation); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_psa_algorithm_t(&pos, &remaining, &alg); + if (!ok) { + goto fail; + } + + // Now we call the actual target function + + status = psa_key_derivation_setup( + operation, + alg + ); + + // NOTE: Should really check there is no overflow as we go along. + size_t result_size = + psasim_serialise_begin_needs() + + psasim_serialise_psa_status_t_needs(status) + + psasim_server_serialise_psa_key_derivation_operation_t_needs(operation); + + result = malloc(result_size); + if (result == NULL) { + goto fail; + } + + uint8_t *rpos = result; + size_t rremain = result_size; + + ok = psasim_serialise_begin(&rpos, &rremain); + if (!ok) { + goto fail; + } + + ok = psasim_serialise_psa_status_t(&rpos, &rremain, status); + if (!ok) { + goto fail; + } + + ok = psasim_server_serialise_psa_key_derivation_operation_t(&rpos, &rremain, operation); + if (!ok) { + goto fail; + } + + *out_params = result; + *out_params_len = result_size; + + return 1; // success + +fail: + free(result); + + return 0; // This shouldn't happen! +} + // Returns 1 for success, 0 for failure int psa_mac_abort_wrapper( uint8_t *in_params, size_t in_params_len, @@ -3782,6 +4705,117 @@ fail: return 0; // This shouldn't happen! } +// Returns 1 for success, 0 for failure +int psa_raw_key_agreement_wrapper( + uint8_t *in_params, size_t in_params_len, + uint8_t **out_params, size_t *out_params_len) +{ + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + psa_algorithm_t alg; + mbedtls_svc_key_id_t private_key; + uint8_t *peer_key = NULL; + size_t peer_key_length; + uint8_t *output = NULL; + size_t output_size; + size_t output_length; + + uint8_t *pos = in_params; + size_t remaining = in_params_len; + uint8_t *result = NULL; + int ok; + + ok = psasim_deserialise_begin(&pos, &remaining); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_psa_algorithm_t(&pos, &remaining, &alg); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_mbedtls_svc_key_id_t(&pos, &remaining, &private_key); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_buffer(&pos, &remaining, &peer_key, &peer_key_length); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_buffer(&pos, &remaining, &output, &output_size); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_size_t(&pos, &remaining, &output_length); + if (!ok) { + goto fail; + } + + // Now we call the actual target function + + status = psa_raw_key_agreement( + alg, + private_key, + peer_key, peer_key_length, + output, output_size, + &output_length + ); + + // NOTE: Should really check there is no overflow as we go along. + size_t result_size = + psasim_serialise_begin_needs() + + psasim_serialise_psa_status_t_needs(status) + + psasim_serialise_buffer_needs(output, output_size) + + psasim_serialise_size_t_needs(output_length); + + result = malloc(result_size); + if (result == NULL) { + goto fail; + } + + uint8_t *rpos = result; + size_t rremain = result_size; + + ok = psasim_serialise_begin(&rpos, &rremain); + if (!ok) { + goto fail; + } + + ok = psasim_serialise_psa_status_t(&rpos, &rremain, status); + if (!ok) { + goto fail; + } + + ok = psasim_serialise_buffer(&rpos, &rremain, output, output_size); + if (!ok) { + goto fail; + } + + ok = psasim_serialise_size_t(&rpos, &rremain, output_length); + if (!ok) { + goto fail; + } + + *out_params = result; + *out_params_len = result_size; + + free(peer_key); + free(output); + + return 1; // success + +fail: + free(result); + + free(peer_key); + free(output); + + return 0; // This shouldn't happen! +} + psa_status_t psa_crypto_call(psa_msg_t msg) { int ok = 0; @@ -3954,6 +4988,50 @@ psa_status_t psa_crypto_call(psa_msg_t msg) ok = psa_import_key_wrapper(in_params, in_params_len, &out_params, &out_params_len); break; + case PSA_KEY_DERIVATION_ABORT: + ok = psa_key_derivation_abort_wrapper(in_params, in_params_len, + &out_params, &out_params_len); + break; + case PSA_KEY_DERIVATION_GET_CAPACITY: + ok = psa_key_derivation_get_capacity_wrapper(in_params, in_params_len, + &out_params, &out_params_len); + break; + case PSA_KEY_DERIVATION_INPUT_BYTES: + ok = psa_key_derivation_input_bytes_wrapper(in_params, in_params_len, + &out_params, &out_params_len); + break; + case PSA_KEY_DERIVATION_INPUT_INTEGER: + ok = psa_key_derivation_input_integer_wrapper(in_params, in_params_len, + &out_params, &out_params_len); + break; + case PSA_KEY_DERIVATION_INPUT_KEY: + ok = psa_key_derivation_input_key_wrapper(in_params, in_params_len, + &out_params, &out_params_len); + break; + case PSA_KEY_DERIVATION_KEY_AGREEMENT: + ok = psa_key_derivation_key_agreement_wrapper(in_params, in_params_len, + &out_params, &out_params_len); + break; + case PSA_KEY_DERIVATION_OUTPUT_BYTES: + ok = psa_key_derivation_output_bytes_wrapper(in_params, in_params_len, + &out_params, &out_params_len); + break; + case PSA_KEY_DERIVATION_OUTPUT_KEY: + ok = psa_key_derivation_output_key_wrapper(in_params, in_params_len, + &out_params, &out_params_len); + break; + case PSA_KEY_DERIVATION_OUTPUT_KEY_EXT: + ok = psa_key_derivation_output_key_ext_wrapper(in_params, in_params_len, + &out_params, &out_params_len); + break; + case PSA_KEY_DERIVATION_SET_CAPACITY: + ok = psa_key_derivation_set_capacity_wrapper(in_params, in_params_len, + &out_params, &out_params_len); + break; + case PSA_KEY_DERIVATION_SETUP: + ok = psa_key_derivation_setup_wrapper(in_params, in_params_len, + &out_params, &out_params_len); + break; case PSA_MAC_ABORT: ok = psa_mac_abort_wrapper(in_params, in_params_len, &out_params, &out_params_len); @@ -3986,6 +5064,10 @@ psa_status_t psa_crypto_call(psa_msg_t msg) ok = psa_mac_verify_setup_wrapper(in_params, in_params_len, &out_params, &out_params_len); break; + case PSA_RAW_KEY_AGREEMENT: + ok = psa_raw_key_agreement_wrapper(in_params, in_params_len, + &out_params, &out_params_len); + break; } free(in_params); diff --git a/tests/psa-client-server/psasim/src/psa_sim_generate.pl b/tests/psa-client-server/psasim/src/psa_sim_generate.pl index 97e92bc088..5510be1fe5 100755 --- a/tests/psa-client-server/psasim/src/psa_sim_generate.pl +++ b/tests/psa-client-server/psasim/src/psa_sim_generate.pl @@ -3321,3 +3321,880 @@ psa_status_t psa_cipher_finish(psa_cipher_operation_t *operation, * results in this error code. */ psa_status_t psa_cipher_abort(psa_cipher_operation_t *operation); + +/** \defgroup key_derivation Key derivation and pseudorandom generation + * @{ + */ + +/** The type of the state data structure for key derivation operations. + * + * Before calling any function on a key derivation operation object, the + * application must initialize it by any of the following means: + * - Set the structure to all-bits-zero, for example: + * \code + * psa_key_derivation_operation_t operation; + * memset(&operation, 0, sizeof(operation)); + * \endcode + * - Initialize the structure to logical zero values, for example: + * \code + * psa_key_derivation_operation_t operation = {0}; + * \endcode + * - Initialize the structure to the initializer #PSA_KEY_DERIVATION_OPERATION_INIT, + * for example: + * \code + * psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT; + * \endcode + * - Assign the result of the function psa_key_derivation_operation_init() + * to the structure, for example: + * \code + * psa_key_derivation_operation_t operation; + * operation = psa_key_derivation_operation_init(); + * \endcode + * + * This is an implementation-defined \c struct. Applications should not + * make any assumptions about the content of this structure. + * Implementation details can change in future versions without notice. + */ +typedef struct psa_key_derivation_s psa_key_derivation_operation_t; + +/** \def PSA_KEY_DERIVATION_OPERATION_INIT + * + * This macro returns a suitable initializer for a key derivation operation + * object of type #psa_key_derivation_operation_t. + */ + +/** Return an initial value for a key derivation operation object. + */ +static psa_key_derivation_operation_t psa_key_derivation_operation_init(void); + +/** Set up a key derivation operation. + * + * A key derivation algorithm takes some inputs and uses them to generate + * a byte stream in a deterministic way. + * This byte stream can be used to produce keys and other + * cryptographic material. + * + * To derive a key: + * -# Start with an initialized object of type #psa_key_derivation_operation_t. + * -# Call psa_key_derivation_setup() to select the algorithm. + * -# Provide the inputs for the key derivation by calling + * psa_key_derivation_input_bytes() or psa_key_derivation_input_key() + * as appropriate. Which inputs are needed, in what order, and whether + * they may be keys and if so of what type depends on the algorithm. + * -# Optionally set the operation's maximum capacity with + * psa_key_derivation_set_capacity(). You may do this before, in the middle + * of or after providing inputs. For some algorithms, this step is mandatory + * because the output depends on the maximum capacity. + * -# To derive a key, call psa_key_derivation_output_key() or + * psa_key_derivation_output_key_ext(). + * To derive a byte string for a different purpose, call + * psa_key_derivation_output_bytes(). + * Successive calls to these functions use successive output bytes + * calculated by the key derivation algorithm. + * -# Clean up the key derivation operation object with + * psa_key_derivation_abort(). + * + * If this function returns an error, the key derivation operation object is + * not changed. + * + * If an error occurs at any step after a call to psa_key_derivation_setup(), + * the operation will need to be reset by a call to psa_key_derivation_abort(). + * + * Implementations must reject an attempt to derive a key of size 0. + * + * \param[in,out] operation The key derivation operation object + * to set up. It must + * have been initialized but not set up yet. + * \param alg The key derivation algorithm to compute + * (\c PSA_ALG_XXX value such that + * #PSA_ALG_IS_KEY_DERIVATION(\p alg) is true). + * + * \retval #PSA_SUCCESS + * Success. + * \retval #PSA_ERROR_INVALID_ARGUMENT + * \c alg is not a key derivation algorithm. + * \retval #PSA_ERROR_NOT_SUPPORTED + * \c alg is not supported or is not a key derivation algorithm. + * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription + * \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription + * \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription + * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription + * \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription + * \retval #PSA_ERROR_BAD_STATE + * The operation state is not valid (it must be inactive), or + * the library has not been previously initialized by psa_crypto_init(). + * It is implementation-dependent whether a failure to initialize + * results in this error code. + */ +psa_status_t psa_key_derivation_setup( + psa_key_derivation_operation_t *operation, + psa_algorithm_t alg); + +/** Retrieve the current capacity of a key derivation operation. + * + * The capacity of a key derivation is the maximum number of bytes that it can + * return. When you get *N* bytes of output from a key derivation operation, + * this reduces its capacity by *N*. + * + * \param[in] operation The operation to query. + * \param[out] capacity On success, the capacity of the operation. + * + * \retval #PSA_SUCCESS \emptydescription + * \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription + * \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription + * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription + * \retval #PSA_ERROR_BAD_STATE + * The operation state is not valid (it must be active), or + * the library has not been previously initialized by psa_crypto_init(). + * It is implementation-dependent whether a failure to initialize + * results in this error code. + */ +psa_status_t psa_key_derivation_get_capacity( + const psa_key_derivation_operation_t *operation, + size_t *capacity); + +/** Set the maximum capacity of a key derivation operation. + * + * The capacity of a key derivation operation is the maximum number of bytes + * that the key derivation operation can return from this point onwards. + * + * \param[in,out] operation The key derivation operation object to modify. + * \param capacity The new capacity of the operation. + * It must be less or equal to the operation's + * current capacity. + * + * \retval #PSA_SUCCESS \emptydescription + * \retval #PSA_ERROR_INVALID_ARGUMENT + * \p capacity is larger than the operation's current capacity. + * In this case, the operation object remains valid and its capacity + * remains unchanged. + * \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription + * \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription + * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription + * \retval #PSA_ERROR_BAD_STATE + * The operation state is not valid (it must be active), or the + * library has not been previously initialized by psa_crypto_init(). + * It is implementation-dependent whether a failure to initialize + * results in this error code. + */ +psa_status_t psa_key_derivation_set_capacity( + psa_key_derivation_operation_t *operation, + size_t capacity); + +/** Use the maximum possible capacity for a key derivation operation. + * + * Use this value as the capacity argument when setting up a key derivation + * to indicate that the operation should have the maximum possible capacity. + * The value of the maximum possible capacity depends on the key derivation + * algorithm. + */ +#define PSA_KEY_DERIVATION_UNLIMITED_CAPACITY ((size_t) (-1)) + +/** Provide an input for key derivation or key agreement. + * + * Which inputs are required and in what order depends on the algorithm. + * Refer to the documentation of each key derivation or key agreement + * algorithm for information. + * + * This function passes direct inputs, which is usually correct for + * non-secret inputs. To pass a secret input, which should be in a key + * object, call psa_key_derivation_input_key() instead of this function. + * Refer to the documentation of individual step types + * (`PSA_KEY_DERIVATION_INPUT_xxx` values of type ::psa_key_derivation_step_t) + * for more information. + * + * If this function returns an error status, the operation enters an error + * state and must be aborted by calling psa_key_derivation_abort(). + * + * \param[in,out] operation The key derivation operation object to use. + * It must have been set up with + * psa_key_derivation_setup() and must not + * have produced any output yet. + * \param step Which step the input data is for. + * \param[in] data Input data to use. + * \param data_length Size of the \p data buffer in bytes. + * + * \retval #PSA_SUCCESS + * Success. + * \retval #PSA_ERROR_INVALID_ARGUMENT + * \c step is not compatible with the operation's algorithm, or + * \c step does not allow direct inputs. + * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription + * \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription + * \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription + * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription + * \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription + * \retval #PSA_ERROR_BAD_STATE + * The operation state is not valid for this input \p step, or + * the library has not been previously initialized by psa_crypto_init(). + * It is implementation-dependent whether a failure to initialize + * results in this error code. + */ +psa_status_t psa_key_derivation_input_bytes( + psa_key_derivation_operation_t *operation, + psa_key_derivation_step_t step, + const uint8_t *data, + size_t data_length); + +/** Provide a numeric input for key derivation or key agreement. + * + * Which inputs are required and in what order depends on the algorithm. + * However, when an algorithm requires a particular order, numeric inputs + * usually come first as they tend to be configuration parameters. + * Refer to the documentation of each key derivation or key agreement + * algorithm for information. + * + * This function is used for inputs which are fixed-size non-negative + * integers. + * + * If this function returns an error status, the operation enters an error + * state and must be aborted by calling psa_key_derivation_abort(). + * + * \param[in,out] operation The key derivation operation object to use. + * It must have been set up with + * psa_key_derivation_setup() and must not + * have produced any output yet. + * \param step Which step the input data is for. + * \param[in] value The value of the numeric input. + * + * \retval #PSA_SUCCESS + * Success. + * \retval #PSA_ERROR_INVALID_ARGUMENT + * \c step is not compatible with the operation's algorithm, or + * \c step does not allow numeric inputs. + * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription + * \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription + * \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription + * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription + * \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription + * \retval #PSA_ERROR_BAD_STATE + * The operation state is not valid for this input \p step, or + * the library has not been previously initialized by psa_crypto_init(). + * It is implementation-dependent whether a failure to initialize + * results in this error code. + */ +psa_status_t psa_key_derivation_input_integer( + psa_key_derivation_operation_t *operation, + psa_key_derivation_step_t step, + uint64_t value); + +/** Provide an input for key derivation in the form of a key. + * + * Which inputs are required and in what order depends on the algorithm. + * Refer to the documentation of each key derivation or key agreement + * algorithm for information. + * + * This function obtains input from a key object, which is usually correct for + * secret inputs or for non-secret personalization strings kept in the key + * store. To pass a non-secret parameter which is not in the key store, + * call psa_key_derivation_input_bytes() instead of this function. + * Refer to the documentation of individual step types + * (`PSA_KEY_DERIVATION_INPUT_xxx` values of type ::psa_key_derivation_step_t) + * for more information. + * + * If this function returns an error status, the operation enters an error + * state and must be aborted by calling psa_key_derivation_abort(). + * + * \param[in,out] operation The key derivation operation object to use. + * It must have been set up with + * psa_key_derivation_setup() and must not + * have produced any output yet. + * \param step Which step the input data is for. + * \param key Identifier of the key. It must have an + * appropriate type for step and must allow the + * usage #PSA_KEY_USAGE_DERIVE or + * #PSA_KEY_USAGE_VERIFY_DERIVATION (see note) + * and the algorithm used by the operation. + * + * \note Once all inputs steps are completed, the operations will allow: + * - psa_key_derivation_output_bytes() if each input was either a direct input + * or a key with #PSA_KEY_USAGE_DERIVE set; + * - psa_key_derivation_output_key() or psa_key_derivation_output_key_ext() + * if the input for step + * #PSA_KEY_DERIVATION_INPUT_SECRET or #PSA_KEY_DERIVATION_INPUT_PASSWORD + * was from a key slot with #PSA_KEY_USAGE_DERIVE and each other input was + * either a direct input or a key with #PSA_KEY_USAGE_DERIVE set; + * - psa_key_derivation_verify_bytes() if each input was either a direct input + * or a key with #PSA_KEY_USAGE_VERIFY_DERIVATION set; + * - psa_key_derivation_verify_key() under the same conditions as + * psa_key_derivation_verify_bytes(). + * + * \retval #PSA_SUCCESS + * Success. + * \retval #PSA_ERROR_INVALID_HANDLE \emptydescription + * \retval #PSA_ERROR_NOT_PERMITTED + * The key allows neither #PSA_KEY_USAGE_DERIVE nor + * #PSA_KEY_USAGE_VERIFY_DERIVATION, or it doesn't allow this + * algorithm. + * \retval #PSA_ERROR_INVALID_ARGUMENT + * \c step is not compatible with the operation's algorithm, or + * \c step does not allow key inputs of the given type + * or does not allow key inputs at all. + * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription + * \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription + * \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription + * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription + * \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription + * \retval #PSA_ERROR_BAD_STATE + * The operation state is not valid for this input \p step, or + * the library has not been previously initialized by psa_crypto_init(). + * It is implementation-dependent whether a failure to initialize + * results in this error code. + */ +psa_status_t psa_key_derivation_input_key( + psa_key_derivation_operation_t *operation, + psa_key_derivation_step_t step, + mbedtls_svc_key_id_t key); + +/** Perform a key agreement and use the shared secret as input to a key + * derivation. + * + * A key agreement algorithm takes two inputs: a private key \p private_key + * a public key \p peer_key. + * The result of this function is passed as input to a key derivation. + * The output of this key derivation can be extracted by reading from the + * resulting operation to produce keys and other cryptographic material. + * + * If this function returns an error status, the operation enters an error + * state and must be aborted by calling psa_key_derivation_abort(). + * + * \param[in,out] operation The key derivation operation object to use. + * It must have been set up with + * psa_key_derivation_setup() with a + * key agreement and derivation algorithm + * \c alg (\c PSA_ALG_XXX value such that + * #PSA_ALG_IS_KEY_AGREEMENT(\c alg) is true + * and #PSA_ALG_IS_RAW_KEY_AGREEMENT(\c alg) + * is false). + * The operation must be ready for an + * input of the type given by \p step. + * \param step Which step the input data is for. + * \param private_key Identifier of the private key to use. It must + * allow the usage #PSA_KEY_USAGE_DERIVE. + * \param[in] peer_key Public key of the peer. The peer key must be in the + * same format that psa_import_key() accepts for the + * public key type corresponding to the type of + * private_key. That is, this function performs the + * equivalent of + * #psa_import_key(..., + * `peer_key`, `peer_key_length`) where + * with key attributes indicating the public key + * type corresponding to the type of `private_key`. + * For example, for EC keys, this means that peer_key + * is interpreted as a point on the curve that the + * private key is on. The standard formats for public + * keys are documented in the documentation of + * psa_export_public_key(). + * \param peer_key_length Size of \p peer_key in bytes. + * + * \retval #PSA_SUCCESS + * Success. + * \retval #PSA_ERROR_INVALID_HANDLE \emptydescription + * \retval #PSA_ERROR_NOT_PERMITTED \emptydescription + * \retval #PSA_ERROR_INVALID_ARGUMENT + * \c private_key is not compatible with \c alg, + * or \p peer_key is not valid for \c alg or not compatible with + * \c private_key, or \c step does not allow an input resulting + * from a key agreement. + * \retval #PSA_ERROR_NOT_SUPPORTED + * \c alg is not supported or is not a key derivation algorithm. + * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription + * \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription + * \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription + * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription + * \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription + * \retval #PSA_ERROR_BAD_STATE + * The operation state is not valid for this key agreement \p step, + * or the library has not been previously initialized by psa_crypto_init(). + * It is implementation-dependent whether a failure to initialize + * results in this error code. + */ +psa_status_t psa_key_derivation_key_agreement( + psa_key_derivation_operation_t *operation, + psa_key_derivation_step_t step, + mbedtls_svc_key_id_t private_key, + const uint8_t *peer_key, + size_t peer_key_length); + +/** Read some data from a key derivation operation. + * + * This function calculates output bytes from a key derivation algorithm and + * return those bytes. + * If you view the key derivation's output as a stream of bytes, this + * function destructively reads the requested number of bytes from the + * stream. + * The operation's capacity decreases by the number of bytes read. + * + * If this function returns an error status other than + * #PSA_ERROR_INSUFFICIENT_DATA, the operation enters an error + * state and must be aborted by calling psa_key_derivation_abort(). + * + * \param[in,out] operation The key derivation operation object to read from. + * \param[out] output Buffer where the output will be written. + * \param output_length Number of bytes to output. + * + * \retval #PSA_SUCCESS \emptydescription + * \retval #PSA_ERROR_NOT_PERMITTED + * One of the inputs was a key whose policy didn't allow + * #PSA_KEY_USAGE_DERIVE. + * \retval #PSA_ERROR_INSUFFICIENT_DATA + * The operation's capacity was less than + * \p output_length bytes. Note that in this case, + * no output is written to the output buffer. + * The operation's capacity is set to 0, thus + * subsequent calls to this function will not + * succeed, even with a smaller output buffer. + * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription + * \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription + * \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription + * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription + * \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription + * \retval #PSA_ERROR_BAD_STATE + * The operation state is not valid (it must be active and completed + * all required input steps), or the library has not been previously + * initialized by psa_crypto_init(). + * It is implementation-dependent whether a failure to initialize + * results in this error code. + */ +psa_status_t psa_key_derivation_output_bytes( + psa_key_derivation_operation_t *operation, + uint8_t *output, + size_t output_length); + +/** Derive a key from an ongoing key derivation operation. + * + * This function calculates output bytes from a key derivation algorithm + * and uses those bytes to generate a key deterministically. + * The key's location, usage policy, type and size are taken from + * \p attributes. + * + * If you view the key derivation's output as a stream of bytes, this + * function destructively reads as many bytes as required from the + * stream. + * The operation's capacity decreases by the number of bytes read. + * + * If this function returns an error status other than + * #PSA_ERROR_INSUFFICIENT_DATA, the operation enters an error + * state and must be aborted by calling psa_key_derivation_abort(). + * + * How much output is produced and consumed from the operation, and how + * the key is derived, depends on the key type and on the key size + * (denoted \c bits below): + * + * - For key types for which the key is an arbitrary sequence of bytes + * of a given size, this function is functionally equivalent to + * calling #psa_key_derivation_output_bytes + * and passing the resulting output to #psa_import_key. + * However, this function has a security benefit: + * if the implementation provides an isolation boundary then + * the key material is not exposed outside the isolation boundary. + * As a consequence, for these key types, this function always consumes + * exactly (\c bits / 8) bytes from the operation. + * The following key types defined in this specification follow this scheme: + * + * - #PSA_KEY_TYPE_AES; + * - #PSA_KEY_TYPE_ARIA; + * - #PSA_KEY_TYPE_CAMELLIA; + * - #PSA_KEY_TYPE_DERIVE; + * - #PSA_KEY_TYPE_HMAC; + * - #PSA_KEY_TYPE_PASSWORD_HASH. + * + * - For ECC keys on a Montgomery elliptic curve + * (#PSA_KEY_TYPE_ECC_KEY_PAIR(\c curve) where \c curve designates a + * Montgomery curve), this function always draws a byte string whose + * length is determined by the curve, and sets the mandatory bits + * accordingly. That is: + * + * - Curve25519 (#PSA_ECC_FAMILY_MONTGOMERY, 255 bits): draw a 32-byte + * string and process it as specified in RFC 7748 §5. + * - Curve448 (#PSA_ECC_FAMILY_MONTGOMERY, 448 bits): draw a 56-byte + * string and process it as specified in RFC 7748 §5. + * + * - For key types for which the key is represented by a single sequence of + * \c bits bits with constraints as to which bit sequences are acceptable, + * this function draws a byte string of length (\c bits / 8) bytes rounded + * up to the nearest whole number of bytes. If the resulting byte string + * is acceptable, it becomes the key, otherwise the drawn bytes are discarded. + * This process is repeated until an acceptable byte string is drawn. + * The byte string drawn from the operation is interpreted as specified + * for the output produced by psa_export_key(). + * The following key types defined in this specification follow this scheme: + * + * - #PSA_KEY_TYPE_DES. + * Force-set the parity bits, but discard forbidden weak keys. + * For 2-key and 3-key triple-DES, the three keys are generated + * successively (for example, for 3-key triple-DES, + * if the first 8 bytes specify a weak key and the next 8 bytes do not, + * discard the first 8 bytes, use the next 8 bytes as the first key, + * and continue reading output from the operation to derive the other + * two keys). + * - Finite-field Diffie-Hellman keys (#PSA_KEY_TYPE_DH_KEY_PAIR(\c group) + * where \c group designates any Diffie-Hellman group) and + * ECC keys on a Weierstrass elliptic curve + * (#PSA_KEY_TYPE_ECC_KEY_PAIR(\c curve) where \c curve designates a + * Weierstrass curve). + * For these key types, interpret the byte string as integer + * in big-endian order. Discard it if it is not in the range + * [0, *N* - 2] where *N* is the boundary of the private key domain + * (the prime *p* for Diffie-Hellman, the subprime *q* for DSA, + * or the order of the curve's base point for ECC). + * Add 1 to the resulting integer and use this as the private key *x*. + * This method allows compliance to NIST standards, specifically + * the methods titled "key-pair generation by testing candidates" + * in NIST SP 800-56A §5.6.1.1.4 for Diffie-Hellman, + * in FIPS 186-4 §B.1.2 for DSA, and + * in NIST SP 800-56A §5.6.1.2.2 or + * FIPS 186-4 §B.4.2 for elliptic curve keys. + * + * - For other key types, including #PSA_KEY_TYPE_RSA_KEY_PAIR, + * the way in which the operation output is consumed is + * implementation-defined. + * + * In all cases, the data that is read is discarded from the operation. + * The operation's capacity is decreased by the number of bytes read. + * + * For algorithms that take an input step #PSA_KEY_DERIVATION_INPUT_SECRET, + * the input to that step must be provided with psa_key_derivation_input_key(). + * Future versions of this specification may include additional restrictions + * on the derived key based on the attributes and strength of the secret key. + * + * \note This function is equivalent to calling + * psa_key_derivation_output_key_ext() + * with the production parameters #PSA_KEY_PRODUCTION_PARAMETERS_INIT + * and `params_data_length == 0` (i.e. `params->data` is empty). + * + * \param[in] attributes The attributes for the new key. + * If the key type to be created is + * #PSA_KEY_TYPE_PASSWORD_HASH then the algorithm in + * the policy must be the same as in the current + * operation. + * \param[in,out] operation The key derivation operation object to read from. + * \param[out] key On success, an identifier for the newly created + * key. For persistent keys, this is the key + * identifier defined in \p attributes. + * \c 0 on failure. + * + * \retval #PSA_SUCCESS + * Success. + * If the key is persistent, the key material and the key's metadata + * have been saved to persistent storage. + * \retval #PSA_ERROR_ALREADY_EXISTS + * This is an attempt to create a persistent key, and there is + * already a persistent key with the given identifier. + * \retval #PSA_ERROR_INSUFFICIENT_DATA + * There was not enough data to create the desired key. + * Note that in this case, no output is written to the output buffer. + * The operation's capacity is set to 0, thus subsequent calls to + * this function will not succeed, even with a smaller output buffer. + * \retval #PSA_ERROR_NOT_SUPPORTED + * The key type or key size is not supported, either by the + * implementation in general or in this particular location. + * \retval #PSA_ERROR_INVALID_ARGUMENT + * The provided key attributes are not valid for the operation. + * \retval #PSA_ERROR_NOT_PERMITTED + * The #PSA_KEY_DERIVATION_INPUT_SECRET or + * #PSA_KEY_DERIVATION_INPUT_PASSWORD input was not provided through a + * key; or one of the inputs was a key whose policy didn't allow + * #PSA_KEY_USAGE_DERIVE. + * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription + * \retval #PSA_ERROR_INSUFFICIENT_STORAGE \emptydescription + * \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription + * \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription + * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription + * \retval #PSA_ERROR_DATA_INVALID \emptydescription + * \retval #PSA_ERROR_DATA_CORRUPT \emptydescription + * \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription + * \retval #PSA_ERROR_BAD_STATE + * The operation state is not valid (it must be active and completed + * all required input steps), or the library has not been previously + * initialized by psa_crypto_init(). + * It is implementation-dependent whether a failure to initialize + * results in this error code. + */ +psa_status_t psa_key_derivation_output_key( + const psa_key_attributes_t *attributes, + psa_key_derivation_operation_t *operation, + mbedtls_svc_key_id_t *key); + +/** Derive a key from an ongoing key derivation operation with custom + * production parameters. + * + * See the description of psa_key_derivation_out_key() for the operation of + * this function with the default production parameters. + * Mbed TLS currently does not currently support any non-default production + * parameters. + * + * \note This function is experimental and may change in future minor + * versions of Mbed TLS. + * + * \param[in] attributes The attributes for the new key. + * If the key type to be created is + * #PSA_KEY_TYPE_PASSWORD_HASH then the algorithm in + * the policy must be the same as in the current + * operation. + * \param[in,out] operation The key derivation operation object to read from. + * \param[in] params Customization parameters for the key derivation. + * When this is #PSA_KEY_PRODUCTION_PARAMETERS_INIT + * with \p params_data_length = 0, + * this function is equivalent to + * psa_key_derivation_output_key(). + * Mbed TLS currently only supports the default + * production parameters, i.e. + * #PSA_KEY_PRODUCTION_PARAMETERS_INIT, + * for all key types. + * \param params_data_length + * Length of `params->data` in bytes. + * \param[out] key On success, an identifier for the newly created + * key. For persistent keys, this is the key + * identifier defined in \p attributes. + * \c 0 on failure. + * + * \retval #PSA_SUCCESS + * Success. + * If the key is persistent, the key material and the key's metadata + * have been saved to persistent storage. + * \retval #PSA_ERROR_ALREADY_EXISTS + * This is an attempt to create a persistent key, and there is + * already a persistent key with the given identifier. + * \retval #PSA_ERROR_INSUFFICIENT_DATA + * There was not enough data to create the desired key. + * Note that in this case, no output is written to the output buffer. + * The operation's capacity is set to 0, thus subsequent calls to + * this function will not succeed, even with a smaller output buffer. + * \retval #PSA_ERROR_NOT_SUPPORTED + * The key type or key size is not supported, either by the + * implementation in general or in this particular location. + * \retval #PSA_ERROR_INVALID_ARGUMENT + * The provided key attributes are not valid for the operation. + * \retval #PSA_ERROR_NOT_PERMITTED + * The #PSA_KEY_DERIVATION_INPUT_SECRET or + * #PSA_KEY_DERIVATION_INPUT_PASSWORD input was not provided through a + * key; or one of the inputs was a key whose policy didn't allow + * #PSA_KEY_USAGE_DERIVE. + * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription + * \retval #PSA_ERROR_INSUFFICIENT_STORAGE \emptydescription + * \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription + * \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription + * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription + * \retval #PSA_ERROR_DATA_INVALID \emptydescription + * \retval #PSA_ERROR_DATA_CORRUPT \emptydescription + * \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription + * \retval #PSA_ERROR_BAD_STATE + * The operation state is not valid (it must be active and completed + * all required input steps), or the library has not been previously + * initialized by psa_crypto_init(). + * It is implementation-dependent whether a failure to initialize + * results in this error code. + */ +psa_status_t psa_key_derivation_output_key_ext( + const psa_key_attributes_t *attributes, + psa_key_derivation_operation_t *operation, + const psa_key_production_parameters_t *params, + size_t params_data_length, + mbedtls_svc_key_id_t *key); + +/** Compare output data from a key derivation operation to an expected value. + * + * This function calculates output bytes from a key derivation algorithm and + * compares those bytes to an expected value in constant time. + * If you view the key derivation's output as a stream of bytes, this + * function destructively reads the expected number of bytes from the + * stream before comparing them. + * The operation's capacity decreases by the number of bytes read. + * + * This is functionally equivalent to the following code: + * \code + * psa_key_derivation_output_bytes(operation, tmp, output_length); + * if (memcmp(output, tmp, output_length) != 0) + * return PSA_ERROR_INVALID_SIGNATURE; + * \endcode + * except (1) it works even if the key's policy does not allow outputting the + * bytes, and (2) the comparison will be done in constant time. + * + * If this function returns an error status other than + * #PSA_ERROR_INSUFFICIENT_DATA or #PSA_ERROR_INVALID_SIGNATURE, + * the operation enters an error state and must be aborted by calling + * psa_key_derivation_abort(). + * + * \param[in,out] operation The key derivation operation object to read from. + * \param[in] expected_output Buffer containing the expected derivation output. + * \param output_length Length of the expected output; this is also the + * number of bytes that will be read. + * + * \retval #PSA_SUCCESS \emptydescription + * \retval #PSA_ERROR_INVALID_SIGNATURE + * The output was read successfully, but it differs from the expected + * output. + * \retval #PSA_ERROR_NOT_PERMITTED + * One of the inputs was a key whose policy didn't allow + * #PSA_KEY_USAGE_VERIFY_DERIVATION. + * \retval #PSA_ERROR_INSUFFICIENT_DATA + * The operation's capacity was less than + * \p output_length bytes. Note that in this case, + * the operation's capacity is set to 0, thus + * subsequent calls to this function will not + * succeed, even with a smaller expected output. + * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription + * \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription + * \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription + * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription + * \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription + * \retval #PSA_ERROR_BAD_STATE + * The operation state is not valid (it must be active and completed + * all required input steps), or the library has not been previously + * initialized by psa_crypto_init(). + * It is implementation-dependent whether a failure to initialize + * results in this error code. + */ +psa_status_t psa_key_derivation_verify_bytes( + psa_key_derivation_operation_t *operation, + const uint8_t *expected_output, + size_t output_length); + +/** Compare output data from a key derivation operation to an expected value + * stored in a key object. + * + * This function calculates output bytes from a key derivation algorithm and + * compares those bytes to an expected value, provided as key of type + * #PSA_KEY_TYPE_PASSWORD_HASH. + * If you view the key derivation's output as a stream of bytes, this + * function destructively reads the number of bytes corresponding to the + * length of the expected value from the stream before comparing them. + * The operation's capacity decreases by the number of bytes read. + * + * This is functionally equivalent to exporting the key and calling + * psa_key_derivation_verify_bytes() on the result, except that it + * works even if the key cannot be exported. + * + * If this function returns an error status other than + * #PSA_ERROR_INSUFFICIENT_DATA or #PSA_ERROR_INVALID_SIGNATURE, + * the operation enters an error state and must be aborted by calling + * psa_key_derivation_abort(). + * + * \param[in,out] operation The key derivation operation object to read from. + * \param[in] expected A key of type #PSA_KEY_TYPE_PASSWORD_HASH + * containing the expected output. Its policy must + * include the #PSA_KEY_USAGE_VERIFY_DERIVATION flag + * and the permitted algorithm must match the + * operation. The value of this key was likely + * computed by a previous call to + * psa_key_derivation_output_key() or + * psa_key_derivation_output_key_ext(). + * + * \retval #PSA_SUCCESS \emptydescription + * \retval #PSA_ERROR_INVALID_SIGNATURE + * The output was read successfully, but if differs from the expected + * output. + * \retval #PSA_ERROR_INVALID_HANDLE + * The key passed as the expected value does not exist. + * \retval #PSA_ERROR_INVALID_ARGUMENT + * The key passed as the expected value has an invalid type. + * \retval #PSA_ERROR_NOT_PERMITTED + * The key passed as the expected value does not allow this usage or + * this algorithm; or one of the inputs was a key whose policy didn't + * allow #PSA_KEY_USAGE_VERIFY_DERIVATION. + * \retval #PSA_ERROR_INSUFFICIENT_DATA + * The operation's capacity was less than + * the length of the expected value. In this case, + * the operation's capacity is set to 0, thus + * subsequent calls to this function will not + * succeed, even with a smaller expected output. + * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription + * \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription + * \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription + * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription + * \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription + * \retval #PSA_ERROR_BAD_STATE + * The operation state is not valid (it must be active and completed + * all required input steps), or the library has not been previously + * initialized by psa_crypto_init(). + * It is implementation-dependent whether a failure to initialize + * results in this error code. + */ +psa_status_t psa_key_derivation_verify_key( + psa_key_derivation_operation_t *operation, + psa_key_id_t expected); + +/** Abort a key derivation operation. + * + * Aborting an operation frees all associated resources except for the \c + * operation structure itself. Once aborted, the operation object can be reused + * for another operation by calling psa_key_derivation_setup() again. + * + * This function may be called at any time after the operation + * object has been initialized as described in #psa_key_derivation_operation_t. + * + * In particular, it is valid to call psa_key_derivation_abort() twice, or to + * call psa_key_derivation_abort() on an operation that has not been set up. + * + * \param[in,out] operation The operation to abort. + * + * \retval #PSA_SUCCESS \emptydescription + * \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription + * \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription + * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription + * \retval #PSA_ERROR_BAD_STATE + * The library has not been previously initialized by psa_crypto_init(). + * It is implementation-dependent whether a failure to initialize + * results in this error code. + */ +psa_status_t psa_key_derivation_abort( + psa_key_derivation_operation_t *operation); + +/** Perform a key agreement and return the raw shared secret. + * + * \warning The raw result of a key agreement algorithm such as finite-field + * Diffie-Hellman or elliptic curve Diffie-Hellman has biases and should + * not be used directly as key material. It should instead be passed as + * input to a key derivation algorithm. To chain a key agreement with + * a key derivation, use psa_key_derivation_key_agreement() and other + * functions from the key derivation interface. + * + * \param alg The key agreement algorithm to compute + * (\c PSA_ALG_XXX value such that + * #PSA_ALG_IS_RAW_KEY_AGREEMENT(\p alg) + * is true). + * \param private_key Identifier of the private key to use. It must + * allow the usage #PSA_KEY_USAGE_DERIVE. + * \param[in] peer_key Public key of the peer. It must be + * in the same format that psa_import_key() + * accepts. The standard formats for public + * keys are documented in the documentation + * of psa_export_public_key(). + * \param peer_key_length Size of \p peer_key in bytes. + * \param[out] output Buffer where the decrypted message is to + * be written. + * \param output_size Size of the \c output buffer in bytes. + * \param[out] output_length On success, the number of bytes + * that make up the returned output. + * + * \retval #PSA_SUCCESS + * Success. + * \retval #PSA_ERROR_INVALID_HANDLE \emptydescription + * \retval #PSA_ERROR_NOT_PERMITTED \emptydescription + * \retval #PSA_ERROR_INVALID_ARGUMENT + * \p alg is not a key agreement algorithm, or + * \p private_key is not compatible with \p alg, + * or \p peer_key is not valid for \p alg or not compatible with + * \p private_key. + * \retval #PSA_ERROR_BUFFER_TOO_SMALL + * \p output_size is too small + * \retval #PSA_ERROR_NOT_SUPPORTED + * \p alg is not a supported key agreement algorithm. + * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription + * \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription + * \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription + * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription + * \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription + * \retval #PSA_ERROR_BAD_STATE + * The library has not been previously initialized by psa_crypto_init(). + * It is implementation-dependent whether a failure to initialize + * results in this error code. + */ +psa_status_t psa_raw_key_agreement(psa_algorithm_t alg, + mbedtls_svc_key_id_t private_key, + const uint8_t *peer_key, + size_t peer_key_length, + uint8_t *output, + size_t output_size, + size_t *output_length); diff --git a/tests/psa-client-server/psasim/src/psa_sim_serialise.c b/tests/psa-client-server/psasim/src/psa_sim_serialise.c index 975abd2bb9..4de78021ef 100644 --- a/tests/psa-client-server/psasim/src/psa_sim_serialise.c +++ b/tests/psa-client-server/psasim/src/psa_sim_serialise.c @@ -215,6 +215,44 @@ static ssize_t find_cipher_slot_by_handle(psasim_client_handle_t handle) return -1; /* not found */ } +static psa_key_derivation_operation_t key_derivation_operations[MAX_LIVE_HANDLES_PER_CLASS]; +static psasim_client_handle_t key_derivation_operation_handles[MAX_LIVE_HANDLES_PER_CLASS]; +static psasim_client_handle_t next_key_derivation_operation_handle = 1; + +/* Get a free slot */ +static ssize_t allocate_key_derivation_operation_slot(void) +{ + psasim_client_handle_t handle = next_key_derivation_operation_handle++; + if (next_key_derivation_operation_handle == 0) { /* wrapped around */ + FATAL("Key_derivation operation handle wrapped"); + } + + for (ssize_t i = 0; i < MAX_LIVE_HANDLES_PER_CLASS; i++) { + if (key_derivation_operation_handles[i] == 0) { + key_derivation_operation_handles[i] = handle; + return i; + } + } + + ERROR("All slots are currently used. Unable to allocate a new one."); + + return -1; /* all in use */ +} + +/* Find the slot given the handle */ +static ssize_t find_key_derivation_slot_by_handle(psasim_client_handle_t handle) +{ + for (ssize_t i = 0; i < MAX_LIVE_HANDLES_PER_CLASS; i++) { + if (key_derivation_operation_handles[i] == handle) { + return i; + } + } + + ERROR("Unable to find slot by handle %u", handle); + + return -1; /* not found */ +} + size_t psasim_serialise_begin_needs(void) { /* The serialisation buffer will @@ -394,6 +432,76 @@ int psasim_deserialise_size_t(uint8_t **pos, return 1; } +size_t psasim_serialise_uint16_t_needs(uint16_t value) +{ + return sizeof(value); +} + +int psasim_serialise_uint16_t(uint8_t **pos, + size_t *remaining, + uint16_t value) +{ + if (*remaining < sizeof(value)) { + return 0; + } + + memcpy(*pos, &value, sizeof(value)); + *pos += sizeof(value); + + return 1; +} + +int psasim_deserialise_uint16_t(uint8_t **pos, + size_t *remaining, + uint16_t *value) +{ + if (*remaining < sizeof(*value)) { + return 0; + } + + memcpy(value, *pos, sizeof(*value)); + + *pos += sizeof(*value); + *remaining -= sizeof(*value); + + return 1; +} + +size_t psasim_serialise_uint64_t_needs(uint64_t value) +{ + return sizeof(value); +} + +int psasim_serialise_uint64_t(uint8_t **pos, + size_t *remaining, + uint64_t value) +{ + if (*remaining < sizeof(value)) { + return 0; + } + + memcpy(*pos, &value, sizeof(value)); + *pos += sizeof(value); + + return 1; +} + +int psasim_deserialise_uint64_t(uint8_t **pos, + size_t *remaining, + uint64_t *value) +{ + if (*remaining < sizeof(*value)) { + return 0; + } + + memcpy(value, *pos, sizeof(*value)); + + *pos += sizeof(*value); + *remaining -= sizeof(*value); + + return 1; +} + size_t psasim_serialise_buffer_needs(const uint8_t *buffer, size_t buffer_size) { (void) buffer; @@ -496,6 +604,100 @@ int psasim_deserialise_return_buffer(uint8_t **pos, return 1; } +#define SER_TAG_SIZE 4 + +size_t psasim_serialise_psa_key_production_parameters_t_needs( + const psa_key_production_parameters_t *params, + size_t data_length) +{ + /* We will serialise with 4-byte tag = "PKPP" + 4-byte overall length at the beginning, + * followed by size_t data_length, then the actual data from the structure. + */ + return SER_TAG_SIZE + sizeof(uint32_t) + sizeof(data_length) + sizeof(*params) + data_length; +} + +int psasim_serialise_psa_key_production_parameters_t(uint8_t **pos, + size_t *remaining, + const psa_key_production_parameters_t *params, + size_t data_length) +{ + if (data_length > UINT32_MAX / 2) { /* arbitrary limit */ + return 0; /* too big to serialise */ + } + + /* We use 32-bit lengths, which should be enough for any reasonable usage :) */ + /* (the UINT32_MAX / 2 above is an even more conservative check to avoid overflow here) */ + uint32_t len = (uint32_t) (sizeof(data_length) + sizeof(*params) + data_length); + if (*remaining < SER_TAG_SIZE + sizeof(uint32_t) + len) { + return 0; + } + + char tag[SER_TAG_SIZE] = "PKPP"; + + memcpy(*pos, tag, sizeof(tag)); + memcpy(*pos + sizeof(tag), &len, sizeof(len)); + *pos += sizeof(tag) + sizeof(len); + *remaining -= sizeof(tag) + sizeof(len); + + memcpy(*pos, &data_length, sizeof(data_length)); + memcpy(*pos + sizeof(data_length), params, sizeof(*params) + data_length); + *pos += sizeof(data_length) + sizeof(*params) + data_length; + *remaining -= sizeof(data_length) + sizeof(*params) + data_length; + + return 1; +} + +int psasim_deserialise_psa_key_production_parameters_t(uint8_t **pos, + size_t *remaining, + psa_key_production_parameters_t **params, + size_t *data_length) +{ + if (*remaining < SER_TAG_SIZE + sizeof(uint32_t)) { + return 0; /* can't even be an empty serialisation */ + } + + char tag[SER_TAG_SIZE] = "PKPP"; /* expected */ + uint32_t len; + + memcpy(&len, *pos + sizeof(tag), sizeof(len)); + + if (memcmp(*pos, tag, sizeof(tag)) != 0) { + return 0; /* wrong tag */ + } + + *pos += sizeof(tag) + sizeof(len); + *remaining -= sizeof(tag) + sizeof(len); + + if (*remaining < sizeof(*data_length)) { + return 0; /* missing data_length */ + } + memcpy(data_length, *pos, sizeof(*data_length)); + + if ((size_t)len != (sizeof(data_length) + sizeof(**params) + *data_length)) { + return 0; /* wrong length */ + } + + if (*remaining < sizeof(*data_length) + sizeof(**params) + *data_length) { + return 0; /* not enough data provided */ + } + + *pos += sizeof(data_length); + *remaining -= sizeof(data_length); + + psa_key_production_parameters_t *out = malloc(sizeof(**params) + *data_length); + if (out == NULL) { + return 0; /* allocation failure */ + } + + memcpy(out, *pos, sizeof(*out) + *data_length); + *pos += sizeof(*out) + *data_length; + *remaining -= sizeof(*out) + *data_length; + + *params = out; + + return 1; +} + size_t psasim_serialise_psa_status_t_needs(psa_status_t value) { return psasim_serialise_int_needs(value); @@ -534,6 +736,25 @@ int psasim_deserialise_psa_algorithm_t(uint8_t **pos, return psasim_deserialise_unsigned_int(pos, remaining, value); } +size_t psasim_serialise_psa_key_derivation_step_t_needs(psa_key_derivation_step_t value) +{ + return psasim_serialise_uint16_t_needs(value); +} + +int psasim_serialise_psa_key_derivation_step_t(uint8_t **pos, + size_t *remaining, + psa_key_derivation_step_t value) +{ + return psasim_serialise_uint16_t(pos, remaining, value); +} + +int psasim_deserialise_psa_key_derivation_step_t(uint8_t **pos, + size_t *remaining, + psa_key_derivation_step_t *value) +{ + return psasim_deserialise_uint16_t(pos, remaining, value); +} + size_t psasim_serialise_psa_hash_operation_t_needs(psa_hash_operation_t value) { return sizeof(value); @@ -941,6 +1162,99 @@ int psasim_server_deserialise_psa_cipher_operation_t(uint8_t **pos, return 1; } +size_t psasim_serialise_psa_key_derivation_operation_t_needs(psa_key_derivation_operation_t value) +{ + return sizeof(value); +} + +int psasim_serialise_psa_key_derivation_operation_t(uint8_t **pos, + size_t *remaining, + psa_key_derivation_operation_t value) +{ + if (*remaining < sizeof(value)) { + return 0; + } + + memcpy(*pos, &value, sizeof(value)); + *pos += sizeof(value); + + return 1; +} + +int psasim_deserialise_psa_key_derivation_operation_t(uint8_t **pos, + size_t *remaining, + psa_key_derivation_operation_t *value) +{ + if (*remaining < sizeof(*value)) { + return 0; + } + + memcpy(value, *pos, sizeof(*value)); + + *pos += sizeof(*value); + *remaining -= sizeof(*value); + + return 1; +} + +size_t psasim_server_serialise_psa_key_derivation_operation_t_needs(psa_key_derivation_operation_t *operation) +{ + (void) operation; + + /* We will actually return a handle */ + return sizeof(psasim_operation_t); +} + +int psasim_server_serialise_psa_key_derivation_operation_t(uint8_t **pos, + size_t *remaining, + psa_key_derivation_operation_t *operation) +{ + psasim_operation_t client_operation; + + if (*remaining < sizeof(client_operation)) { + return 0; + } + + ssize_t slot = operation - key_derivation_operations; + + client_operation.handle = key_derivation_operation_handles[slot]; + + memcpy(*pos, &client_operation, sizeof(client_operation)); + *pos += sizeof(client_operation); + + return 1; +} + +int psasim_server_deserialise_psa_key_derivation_operation_t(uint8_t **pos, + size_t *remaining, + psa_key_derivation_operation_t **operation) +{ + psasim_operation_t client_operation; + + if (*remaining < sizeof(psasim_operation_t)) { + return 0; + } + + memcpy(&client_operation, *pos, sizeof(psasim_operation_t)); + *pos += sizeof(psasim_operation_t); + *remaining -= sizeof(psasim_operation_t); + + ssize_t slot; + if (client_operation.handle == 0) { /* We need a new handle */ + slot = allocate_key_derivation_operation_slot(); + } else { + slot = find_key_derivation_slot_by_handle(client_operation.handle); + } + + if (slot < 0) { + return 0; + } + + *operation = &key_derivation_operations[slot]; + + return 1; +} + size_t psasim_serialise_mbedtls_svc_key_id_t_needs(mbedtls_svc_key_id_t value) { return sizeof(value); @@ -986,4 +1300,6 @@ void psa_sim_serialize_reset(void) memset(mac_operations, 0, sizeof(mac_operations)); memset(cipher_operation_handles, 0, sizeof(cipher_operation_handles)); memset(cipher_operations, 0, sizeof(cipher_operations)); + memset(key_derivation_operation_handles, 0, sizeof(key_derivation_operation_handles)); + memset(key_derivation_operations, 0, sizeof(key_derivation_operations)); } diff --git a/tests/psa-client-server/psasim/src/psa_sim_serialise.h b/tests/psa-client-server/psasim/src/psa_sim_serialise.h index 55b2acb3da..1028518dd6 100644 --- a/tests/psa-client-server/psasim/src/psa_sim_serialise.h +++ b/tests/psa-client-server/psasim/src/psa_sim_serialise.h @@ -222,6 +222,90 @@ int psasim_deserialise_size_t(uint8_t **pos, size_t *remaining, size_t *value); +/** Return how much buffer space is needed by \c psasim_serialise_uint16_t() + * to serialise an `uint16_t`. + * + * \param value The value that will be serialised into the buffer + * (needed in case some serialisations are value- + * dependent). + * + * \return The number of bytes needed in the buffer by + * \c psasim_serialise_uint16_t() to serialise + * the given value. + */ +size_t psasim_serialise_uint16_t_needs(uint16_t value); + +/** Serialise an `uint16_t` into a buffer. + * + * \param pos[in,out] Pointer to a `uint8_t *` holding current position + * in the buffer. + * \param remaining[in,out] Pointer to a `size_t` holding number of bytes + * remaining in the buffer. + * \param value The value to serialise into the buffer. + * + * \return \c 1 on success ("okay"), \c 0 on error. + */ +int psasim_serialise_uint16_t(uint8_t **pos, + size_t *remaining, + uint16_t value); + +/** Deserialise an `uint16_t` from a buffer. + * + * \param pos[in,out] Pointer to a `uint8_t *` holding current position + * in the buffer. + * \param remaining[in,out] Pointer to a `size_t` holding number of bytes + * remaining in the buffer. + * \param value Pointer to an `uint16_t` to receive the value + * deserialised from the buffer. + * + * \return \c 1 on success ("okay"), \c 0 on error. + */ +int psasim_deserialise_uint16_t(uint8_t **pos, + size_t *remaining, + uint16_t *value); + +/** Return how much buffer space is needed by \c psasim_serialise_uint64_t() + * to serialise an `uint64_t`. + * + * \param value The value that will be serialised into the buffer + * (needed in case some serialisations are value- + * dependent). + * + * \return The number of bytes needed in the buffer by + * \c psasim_serialise_uint64_t() to serialise + * the given value. + */ +size_t psasim_serialise_uint64_t_needs(uint64_t value); + +/** Serialise an `uint64_t` into a buffer. + * + * \param pos[in,out] Pointer to a `uint8_t *` holding current position + * in the buffer. + * \param remaining[in,out] Pointer to a `size_t` holding number of bytes + * remaining in the buffer. + * \param value The value to serialise into the buffer. + * + * \return \c 1 on success ("okay"), \c 0 on error. + */ +int psasim_serialise_uint64_t(uint8_t **pos, + size_t *remaining, + uint64_t value); + +/** Deserialise an `uint64_t` from a buffer. + * + * \param pos[in,out] Pointer to a `uint8_t *` holding current position + * in the buffer. + * \param remaining[in,out] Pointer to a `size_t` holding number of bytes + * remaining in the buffer. + * \param value Pointer to an `uint64_t` to receive the value + * deserialised from the buffer. + * + * \return \c 1 on success ("okay"), \c 0 on error. + */ +int psasim_deserialise_uint64_t(uint8_t **pos, + size_t *remaining, + uint64_t *value); + /** Return how much space is needed by \c psasim_serialise_buffer() * to serialise a buffer: a (`uint8_t *`, `size_t`) pair. * @@ -289,6 +373,56 @@ int psasim_deserialise_buffer(uint8_t **pos, size_t *remaining, int psasim_deserialise_return_buffer(uint8_t **pos, size_t *remaining, uint8_t *buffer, size_t buffer_length); +/** Return how much space is needed by \c psasim_serialise_psa_key_production_parameters_t() + * to serialise a psa_key_production_parameters_t (a structure with a flexible array member). + * + * \param params Pointer to the struct to be serialised + * (needed in case some serialisations are value- + * dependent). + * \param data_length Number of bytes in the data[] of the struct to be serialised. + * + * \return The number of bytes needed in the serialisation buffer by + * \c psasim_serialise_psa_key_production_parameters_t() to serialise + * the specified structure. + */ +size_t psasim_serialise_psa_key_production_parameters_t_needs( + const psa_key_production_parameters_t *params, + size_t buffer_size); + +/** Serialise a psa_key_production_parameters_t. + * + * \param pos[in,out] Pointer to a `uint8_t *` holding current position + * in the buffer. + * \param remaining[in,out] Pointer to a `size_t` holding number of bytes + * remaining in the buffer. + * \param params Pointer to the structure to be serialised. + * \param data_length Number of bytes in the data[] of the struct to be serialised. + * + * \return \c 1 on success ("okay"), \c 0 on error. + */ +int psasim_serialise_psa_key_production_parameters_t(uint8_t **pos, + size_t *remaining, + const psa_key_production_parameters_t *params, + size_t data_length); + +/** Deserialise a psa_key_production_parameters_t. + * + * \param pos[in,out] Pointer to a `uint8_t *` holding current position + * in the serialisation buffer. + * \param remaining[in,out] Pointer to a `size_t` holding number of bytes + * remaining in the serialisation buffer. + * \param params Pointer to a `psa_key_production_parameters_t *` to + * receive the address of a newly-allocated structure, + * which the caller must `free()`. + * \param data_length Pointer to a `size_t` to receive the number of + * bytes in the data[] member of the structure deserialised. + * + * \return \c 1 on success ("okay"), \c 0 on error. + */ +int psasim_deserialise_psa_key_production_parameters_t(uint8_t **pos, size_t *remaining, + psa_key_production_parameters_t **params, + size_t *buffer_length); + /** Return how much buffer space is needed by \c psasim_serialise_psa_status_t() * to serialise a `psa_status_t`. * @@ -373,6 +507,48 @@ int psasim_deserialise_psa_algorithm_t(uint8_t **pos, size_t *remaining, psa_algorithm_t *value); +/** Return how much buffer space is needed by \c psasim_serialise_psa_key_derivation_step_t() + * to serialise a `psa_key_derivation_step_t`. + * + * \param value The value that will be serialised into the buffer + * (needed in case some serialisations are value- + * dependent). + * + * \return The number of bytes needed in the buffer by + * \c psasim_serialise_psa_key_derivation_step_t() to serialise + * the given value. + */ +size_t psasim_serialise_psa_key_derivation_step_t_needs(psa_key_derivation_step_t value); + +/** Serialise a `psa_key_derivation_step_t` into a buffer. + * + * \param pos[in,out] Pointer to a `uint8_t *` holding current position + * in the buffer. + * \param remaining[in,out] Pointer to a `size_t` holding number of bytes + * remaining in the buffer. + * \param value The value to serialise into the buffer. + * + * \return \c 1 on success ("okay"), \c 0 on error. + */ +int psasim_serialise_psa_key_derivation_step_t(uint8_t **pos, + size_t *remaining, + psa_key_derivation_step_t value); + +/** Deserialise a `psa_key_derivation_step_t` from a buffer. + * + * \param pos[in,out] Pointer to a `uint8_t *` holding current position + * in the buffer. + * \param remaining[in,out] Pointer to a `size_t` holding number of bytes + * remaining in the buffer. + * \param value Pointer to a `psa_key_derivation_step_t` to receive the value + * deserialised from the buffer. + * + * \return \c 1 on success ("okay"), \c 0 on error. + */ +int psasim_deserialise_psa_key_derivation_step_t(uint8_t **pos, + size_t *remaining, + psa_key_derivation_step_t *value); + /** Return how much buffer space is needed by \c psasim_serialise_psa_hash_operation_t() * to serialise a `psa_hash_operation_t`. * @@ -751,6 +927,90 @@ int psasim_server_deserialise_psa_cipher_operation_t(uint8_t **pos, size_t *remaining, psa_cipher_operation_t **value); +/** Return how much buffer space is needed by \c psasim_serialise_psa_key_derivation_operation_t() + * to serialise a `psa_key_derivation_operation_t`. + * + * \param value The value that will be serialised into the buffer + * (needed in case some serialisations are value- + * dependent). + * + * \return The number of bytes needed in the buffer by + * \c psasim_serialise_psa_key_derivation_operation_t() to serialise + * the given value. + */ +size_t psasim_serialise_psa_key_derivation_operation_t_needs(psa_key_derivation_operation_t value); + +/** Serialise a `psa_key_derivation_operation_t` into a buffer. + * + * \param pos[in,out] Pointer to a `uint8_t *` holding current position + * in the buffer. + * \param remaining[in,out] Pointer to a `size_t` holding number of bytes + * remaining in the buffer. + * \param value The value to serialise into the buffer. + * + * \return \c 1 on success ("okay"), \c 0 on error. + */ +int psasim_serialise_psa_key_derivation_operation_t(uint8_t **pos, + size_t *remaining, + psa_key_derivation_operation_t value); + +/** Deserialise a `psa_key_derivation_operation_t` from a buffer. + * + * \param pos[in,out] Pointer to a `uint8_t *` holding current position + * in the buffer. + * \param remaining[in,out] Pointer to a `size_t` holding number of bytes + * remaining in the buffer. + * \param value Pointer to a `psa_key_derivation_operation_t` to receive the value + * deserialised from the buffer. + * + * \return \c 1 on success ("okay"), \c 0 on error. + */ +int psasim_deserialise_psa_key_derivation_operation_t(uint8_t **pos, + size_t *remaining, + psa_key_derivation_operation_t *value); + +/** Return how much buffer space is needed by \c psasim_server_serialise_psa_key_derivation_operation_t() + * to serialise a `psa_key_derivation_operation_t`. + * + * \param value The value that will be serialised into the buffer + * (needed in case some serialisations are value- + * dependent). + * + * \return The number of bytes needed in the buffer by + * \c psasim_serialise_psa_key_derivation_operation_t() to serialise + * the given value. + */ +size_t psasim_server_serialise_psa_key_derivation_operation_t_needs(psa_key_derivation_operation_t *value); + +/** Serialise a `psa_key_derivation_operation_t` into a buffer on the server side. + * + * \param pos[in,out] Pointer to a `uint8_t *` holding current position + * in the buffer. + * \param remaining[in,out] Pointer to a `size_t` holding number of bytes + * remaining in the buffer. + * \param value The value to serialise into the buffer. + * + * \return \c 1 on success ("okay"), \c 0 on error. + */ +int psasim_server_serialise_psa_key_derivation_operation_t(uint8_t **pos, + size_t *remaining, + psa_key_derivation_operation_t *value); + +/** Deserialise a `psa_key_derivation_operation_t` from a buffer on the server side. + * + * \param pos[in,out] Pointer to a `uint8_t *` holding current position + * in the buffer. + * \param remaining[in,out] Pointer to a `size_t` holding number of bytes + * remaining in the buffer. + * \param value Pointer to a `psa_key_derivation_operation_t` to receive the value + * deserialised from the buffer. + * + * \return \c 1 on success ("okay"), \c 0 on error. + */ +int psasim_server_deserialise_psa_key_derivation_operation_t(uint8_t **pos, + size_t *remaining, + psa_key_derivation_operation_t **value); + /** Return how much buffer space is needed by \c psasim_serialise_mbedtls_svc_key_id_t() * to serialise a `mbedtls_svc_key_id_t`. * diff --git a/tests/psa-client-server/psasim/src/psa_sim_serialise.pl b/tests/psa-client-server/psasim/src/psa_sim_serialise.pl index 6b23f5c411..43ba661634 100755 --- a/tests/psa-client-server/psasim/src/psa_sim_serialise.pl +++ b/tests/psa-client-server/psasim/src/psa_sim_serialise.pl @@ -36,13 +36,16 @@ die($usage) unless $which eq "c" || $which eq "h"; # are). # my @types = qw(unsigned-int int size_t + uint16_t uint64_t buffer - psa_status_t psa_algorithm_t + psa_key_production_parameters_t + psa_status_t psa_algorithm_t psa_key_derivation_step_t psa_hash_operation_t psa_aead_operation_t psa_key_attributes_t psa_mac_operation_t psa_cipher_operation_t + psa_key_derivation_operation_t mbedtls_svc_key_id_t); grep(s/-/ /g, @types); @@ -51,6 +54,7 @@ grep(s/-/ /g, @types); my %isa = ( "psa_status_t" => "int", "psa_algorithm_t" => "unsigned int", + "psa_key_derivation_step_t" => "uint16_t", ); if ($which eq "h") { From 5d4b9cb2e2d521d218ff0b6bf7cece1e18ec902c Mon Sep 17 00:00:00 2001 From: Tom Cosgrove Date: Fri, 21 Jun 2024 16:13:01 +0100 Subject: [PATCH 374/429] psasim: add support for psa_generate_key*() to the simulator Signed-off-by: Tom Cosgrove --- .../psasim/src/psa_functions_codes.h | 2 + .../psasim/src/psa_sim_crypto_client.c | 144 +++++++++++++++ .../psasim/src/psa_sim_crypto_server.c | 172 ++++++++++++++++++ .../psasim/src/psa_sim_generate.pl | 105 +++++++++++ 4 files changed, 423 insertions(+) diff --git a/tests/psa-client-server/psasim/src/psa_functions_codes.h b/tests/psa-client-server/psasim/src/psa_functions_codes.h index c9b72e6f68..39142c5e58 100644 --- a/tests/psa-client-server/psasim/src/psa_functions_codes.h +++ b/tests/psa-client-server/psasim/src/psa_functions_codes.h @@ -34,6 +34,8 @@ enum { PSA_CIPHER_SET_IV, PSA_CIPHER_UPDATE, PSA_DESTROY_KEY, + PSA_GENERATE_KEY, + PSA_GENERATE_KEY_EXT, PSA_GENERATE_RANDOM, PSA_GET_KEY_ATTRIBUTES, PSA_HASH_ABORT, diff --git a/tests/psa-client-server/psasim/src/psa_sim_crypto_client.c b/tests/psa-client-server/psasim/src/psa_sim_crypto_client.c index 84f2b5a6ab..5b84f2d84b 100644 --- a/tests/psa-client-server/psasim/src/psa_sim_crypto_client.c +++ b/tests/psa-client-server/psasim/src/psa_sim_crypto_client.c @@ -1918,6 +1918,150 @@ fail: } +psa_status_t psa_generate_key( + const psa_key_attributes_t *attributes, + mbedtls_svc_key_id_t *key + ) +{ + uint8_t *ser_params = NULL; + uint8_t *ser_result = NULL; + size_t result_length; + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + + size_t needed = psasim_serialise_begin_needs() + + psasim_serialise_psa_key_attributes_t_needs(*attributes) + + psasim_serialise_mbedtls_svc_key_id_t_needs(*key); + + ser_params = malloc(needed); + if (ser_params == NULL) { + status = PSA_ERROR_INSUFFICIENT_MEMORY; + goto fail; + } + + uint8_t *pos = ser_params; + size_t remaining = needed; + int ok; + ok = psasim_serialise_begin(&pos, &remaining); + if (!ok) { + goto fail; + } + ok = psasim_serialise_psa_key_attributes_t(&pos, &remaining, *attributes); + if (!ok) { + goto fail; + } + ok = psasim_serialise_mbedtls_svc_key_id_t(&pos, &remaining, *key); + if (!ok) { + goto fail; + } + + ok = psa_crypto_call(PSA_GENERATE_KEY, + ser_params, (size_t) (pos - ser_params), &ser_result, &result_length); + if (!ok) { + printf("PSA_GENERATE_KEY server call failed\n"); + goto fail; + } + + uint8_t *rpos = ser_result; + size_t rremain = result_length; + + ok = psasim_deserialise_begin(&rpos, &rremain); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_psa_status_t(&rpos, &rremain, &status); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_mbedtls_svc_key_id_t(&rpos, &rremain, key); + if (!ok) { + goto fail; + } + +fail: + free(ser_params); + free(ser_result); + + return status; +} + + +psa_status_t psa_generate_key_ext( + const psa_key_attributes_t *attributes, + const psa_key_production_parameters_t *params, size_t params_data_length, + mbedtls_svc_key_id_t *key + ) +{ + uint8_t *ser_params = NULL; + uint8_t *ser_result = NULL; + size_t result_length; + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + + size_t needed = psasim_serialise_begin_needs() + + psasim_serialise_psa_key_attributes_t_needs(*attributes) + + psasim_serialise_psa_key_production_parameters_t_needs(params, params_data_length) + + psasim_serialise_mbedtls_svc_key_id_t_needs(*key); + + ser_params = malloc(needed); + if (ser_params == NULL) { + status = PSA_ERROR_INSUFFICIENT_MEMORY; + goto fail; + } + + uint8_t *pos = ser_params; + size_t remaining = needed; + int ok; + ok = psasim_serialise_begin(&pos, &remaining); + if (!ok) { + goto fail; + } + ok = psasim_serialise_psa_key_attributes_t(&pos, &remaining, *attributes); + if (!ok) { + goto fail; + } + ok = psasim_serialise_psa_key_production_parameters_t(&pos, &remaining, params, params_data_length); + if (!ok) { + goto fail; + } + ok = psasim_serialise_mbedtls_svc_key_id_t(&pos, &remaining, *key); + if (!ok) { + goto fail; + } + + ok = psa_crypto_call(PSA_GENERATE_KEY_EXT, + ser_params, (size_t) (pos - ser_params), &ser_result, &result_length); + if (!ok) { + printf("PSA_GENERATE_KEY_EXT server call failed\n"); + goto fail; + } + + uint8_t *rpos = ser_result; + size_t rremain = result_length; + + ok = psasim_deserialise_begin(&rpos, &rremain); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_psa_status_t(&rpos, &rremain, &status); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_mbedtls_svc_key_id_t(&rpos, &rremain, key); + if (!ok) { + goto fail; + } + +fail: + free(ser_params); + free(ser_result); + + return status; +} + + psa_status_t psa_generate_random( uint8_t *output, size_t output_size ) diff --git a/tests/psa-client-server/psasim/src/psa_sim_crypto_server.c b/tests/psa-client-server/psasim/src/psa_sim_crypto_server.c index 92ce96a904..5d6b608a90 100644 --- a/tests/psa-client-server/psasim/src/psa_sim_crypto_server.c +++ b/tests/psa-client-server/psasim/src/psa_sim_crypto_server.c @@ -2172,6 +2172,170 @@ fail: return 0; // This shouldn't happen! } +// Returns 1 for success, 0 for failure +int psa_generate_key_wrapper( + uint8_t *in_params, size_t in_params_len, + uint8_t **out_params, size_t *out_params_len) +{ + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + psa_key_attributes_t attributes; + mbedtls_svc_key_id_t key; + + uint8_t *pos = in_params; + size_t remaining = in_params_len; + uint8_t *result = NULL; + int ok; + + ok = psasim_deserialise_begin(&pos, &remaining); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_psa_key_attributes_t(&pos, &remaining, &attributes); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_mbedtls_svc_key_id_t(&pos, &remaining, &key); + if (!ok) { + goto fail; + } + + // Now we call the actual target function + + status = psa_generate_key( + &attributes, + &key + ); + + // NOTE: Should really check there is no overflow as we go along. + size_t result_size = + psasim_serialise_begin_needs() + + psasim_serialise_psa_status_t_needs(status) + + psasim_serialise_mbedtls_svc_key_id_t_needs(key); + + result = malloc(result_size); + if (result == NULL) { + goto fail; + } + + uint8_t *rpos = result; + size_t rremain = result_size; + + ok = psasim_serialise_begin(&rpos, &rremain); + if (!ok) { + goto fail; + } + + ok = psasim_serialise_psa_status_t(&rpos, &rremain, status); + if (!ok) { + goto fail; + } + + ok = psasim_serialise_mbedtls_svc_key_id_t(&rpos, &rremain, key); + if (!ok) { + goto fail; + } + + *out_params = result; + *out_params_len = result_size; + + return 1; // success + +fail: + free(result); + + return 0; // This shouldn't happen! +} + +// Returns 1 for success, 0 for failure +int psa_generate_key_ext_wrapper( + uint8_t *in_params, size_t in_params_len, + uint8_t **out_params, size_t *out_params_len) +{ + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + psa_key_attributes_t attributes; + psa_key_production_parameters_t *params = NULL; + size_t params_data_length; + mbedtls_svc_key_id_t key; + + uint8_t *pos = in_params; + size_t remaining = in_params_len; + uint8_t *result = NULL; + int ok; + + ok = psasim_deserialise_begin(&pos, &remaining); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_psa_key_attributes_t(&pos, &remaining, &attributes); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_psa_key_production_parameters_t(&pos, &remaining, ¶ms, ¶ms_data_length); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_mbedtls_svc_key_id_t(&pos, &remaining, &key); + if (!ok) { + goto fail; + } + + // Now we call the actual target function + + status = psa_generate_key_ext( + &attributes, + params, params_data_length, + &key + ); + + // NOTE: Should really check there is no overflow as we go along. + size_t result_size = + psasim_serialise_begin_needs() + + psasim_serialise_psa_status_t_needs(status) + + psasim_serialise_mbedtls_svc_key_id_t_needs(key); + + result = malloc(result_size); + if (result == NULL) { + goto fail; + } + + uint8_t *rpos = result; + size_t rremain = result_size; + + ok = psasim_serialise_begin(&rpos, &rremain); + if (!ok) { + goto fail; + } + + ok = psasim_serialise_psa_status_t(&rpos, &rremain, status); + if (!ok) { + goto fail; + } + + ok = psasim_serialise_mbedtls_svc_key_id_t(&rpos, &rremain, key); + if (!ok) { + goto fail; + } + + *out_params = result; + *out_params_len = result_size; + + free(params); + + return 1; // success + +fail: + free(result); + + free(params); + + return 0; // This shouldn't happen! +} + // Returns 1 for success, 0 for failure int psa_generate_random_wrapper( uint8_t *in_params, size_t in_params_len, @@ -4944,6 +5108,14 @@ psa_status_t psa_crypto_call(psa_msg_t msg) ok = psa_destroy_key_wrapper(in_params, in_params_len, &out_params, &out_params_len); break; + case PSA_GENERATE_KEY: + ok = psa_generate_key_wrapper(in_params, in_params_len, + &out_params, &out_params_len); + break; + case PSA_GENERATE_KEY_EXT: + ok = psa_generate_key_ext_wrapper(in_params, in_params_len, + &out_params, &out_params_len); + break; case PSA_GENERATE_RANDOM: ok = psa_generate_random_wrapper(in_params, in_params_len, &out_params, &out_params_len); diff --git a/tests/psa-client-server/psasim/src/psa_sim_generate.pl b/tests/psa-client-server/psasim/src/psa_sim_generate.pl index 5510be1fe5..42f7ac7bd1 100755 --- a/tests/psa-client-server/psasim/src/psa_sim_generate.pl +++ b/tests/psa-client-server/psasim/src/psa_sim_generate.pl @@ -4198,3 +4198,108 @@ psa_status_t psa_raw_key_agreement(psa_algorithm_t alg, uint8_t *output, size_t output_size, size_t *output_length); + +/** + * \brief Generate a key or key pair. + * + * The key is generated randomly. + * Its location, usage policy, type and size are taken from \p attributes. + * + * Implementations must reject an attempt to generate a key of size 0. + * + * The following type-specific considerations apply: + * - For RSA keys (#PSA_KEY_TYPE_RSA_KEY_PAIR), + * the public exponent is 65537. + * The modulus is a product of two probabilistic primes + * between 2^{n-1} and 2^n where n is the bit size specified in the + * attributes. + * + * \note This function is equivalent to calling psa_generate_key_ext() + * with the production parameters #PSA_KEY_PRODUCTION_PARAMETERS_INIT + * and `params_data_length == 0` (i.e. `params->data` is empty). + * + * \param[in] attributes The attributes for the new key. + * \param[out] key On success, an identifier for the newly created + * key. For persistent keys, this is the key + * identifier defined in \p attributes. + * \c 0 on failure. + * + * \retval #PSA_SUCCESS + * Success. + * If the key is persistent, the key material and the key's metadata + * have been saved to persistent storage. + * \retval #PSA_ERROR_ALREADY_EXISTS + * This is an attempt to create a persistent key, and there is + * already a persistent key with the given identifier. + * \retval #PSA_ERROR_NOT_SUPPORTED \emptydescription + * \retval #PSA_ERROR_INVALID_ARGUMENT \emptydescription + * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription + * \retval #PSA_ERROR_INSUFFICIENT_ENTROPY \emptydescription + * \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription + * \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription + * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription + * \retval #PSA_ERROR_INSUFFICIENT_STORAGE \emptydescription + * \retval #PSA_ERROR_DATA_INVALID \emptydescription + * \retval #PSA_ERROR_DATA_CORRUPT \emptydescription + * \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription + * \retval #PSA_ERROR_BAD_STATE + * The library has not been previously initialized by psa_crypto_init(). + * It is implementation-dependent whether a failure to initialize + * results in this error code. + */ +psa_status_t psa_generate_key(const psa_key_attributes_t *attributes, + mbedtls_svc_key_id_t *key); + +/** + * \brief Generate a key or key pair using custom production parameters. + * + * See the description of psa_generate_key() for the operation of this + * function with the default production parameters. In addition, this function + * supports the following production customizations, described in more detail + * in the documentation of ::psa_key_production_parameters_t: + * + * - RSA keys: generation with a custom public exponent. + * + * \note This function is experimental and may change in future minor + * versions of Mbed TLS. + * + * \param[in] attributes The attributes for the new key. + * \param[in] params Customization parameters for the key generation. + * When this is #PSA_KEY_PRODUCTION_PARAMETERS_INIT + * with \p params_data_length = 0, + * this function is equivalent to + * psa_generate_key(). + * \param params_data_length + * Length of `params->data` in bytes. + * \param[out] key On success, an identifier for the newly created + * key. For persistent keys, this is the key + * identifier defined in \p attributes. + * \c 0 on failure. + * + * \retval #PSA_SUCCESS + * Success. + * If the key is persistent, the key material and the key's metadata + * have been saved to persistent storage. + * \retval #PSA_ERROR_ALREADY_EXISTS + * This is an attempt to create a persistent key, and there is + * already a persistent key with the given identifier. + * \retval #PSA_ERROR_NOT_SUPPORTED \emptydescription + * \retval #PSA_ERROR_INVALID_ARGUMENT \emptydescription + * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription + * \retval #PSA_ERROR_INSUFFICIENT_ENTROPY \emptydescription + * \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription + * \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription + * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription + * \retval #PSA_ERROR_INSUFFICIENT_STORAGE \emptydescription + * \retval #PSA_ERROR_DATA_INVALID \emptydescription + * \retval #PSA_ERROR_DATA_CORRUPT \emptydescription + * \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription + * \retval #PSA_ERROR_BAD_STATE + * The library has not been previously initialized by psa_crypto_init(). + * It is implementation-dependent whether a failure to initialize + * results in this error code. + */ +psa_status_t psa_generate_key_ext(const psa_key_attributes_t *attributes, + const psa_key_production_parameters_t *params, + size_t params_data_length, + mbedtls_svc_key_id_t *key); From 6add43aac835a2939e6e508fca712fa33201df0e Mon Sep 17 00:00:00 2001 From: Tom Cosgrove Date: Fri, 21 Jun 2024 16:15:28 +0100 Subject: [PATCH 375/429] psasim: add support for psa_{sign,verify}_{message,hash}() to the simulator Signed-off-by: Tom Cosgrove --- .../psasim/src/psa_functions_codes.h | 4 + .../psasim/src/psa_sim_crypto_client.c | 336 ++++++++++++++ .../psasim/src/psa_sim_crypto_server.c | 422 ++++++++++++++++++ .../psasim/src/psa_sim_generate.pl | 221 +++++++++ 4 files changed, 983 insertions(+) diff --git a/tests/psa-client-server/psasim/src/psa_functions_codes.h b/tests/psa-client-server/psasim/src/psa_functions_codes.h index 39142c5e58..1e5739fac7 100644 --- a/tests/psa-client-server/psasim/src/psa_functions_codes.h +++ b/tests/psa-client-server/psasim/src/psa_functions_codes.h @@ -67,6 +67,10 @@ enum { PSA_MAC_VERIFY_FINISH, PSA_MAC_VERIFY_SETUP, PSA_RAW_KEY_AGREEMENT, + PSA_SIGN_HASH, + PSA_SIGN_MESSAGE, + PSA_VERIFY_HASH, + PSA_VERIFY_MESSAGE, }; #endif /* _PSA_FUNCTIONS_CODES_H_ */ diff --git a/tests/psa-client-server/psasim/src/psa_sim_crypto_client.c b/tests/psa-client-server/psasim/src/psa_sim_crypto_client.c index 5b84f2d84b..8be8b073b7 100644 --- a/tests/psa-client-server/psasim/src/psa_sim_crypto_client.c +++ b/tests/psa-client-server/psasim/src/psa_sim_crypto_client.c @@ -4359,3 +4359,339 @@ fail: return status; } + + +psa_status_t psa_sign_hash( + mbedtls_svc_key_id_t key, + psa_algorithm_t alg, + const uint8_t *hash, size_t hash_length, + uint8_t *signature, size_t signature_size, + size_t *signature_length + ) +{ + uint8_t *ser_params = NULL; + uint8_t *ser_result = NULL; + size_t result_length; + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + + size_t needed = psasim_serialise_begin_needs() + + psasim_serialise_mbedtls_svc_key_id_t_needs(key) + + psasim_serialise_psa_algorithm_t_needs(alg) + + psasim_serialise_buffer_needs(hash, hash_length) + + psasim_serialise_buffer_needs(signature, signature_size) + + psasim_serialise_size_t_needs(*signature_length); + + ser_params = malloc(needed); + if (ser_params == NULL) { + status = PSA_ERROR_INSUFFICIENT_MEMORY; + goto fail; + } + + uint8_t *pos = ser_params; + size_t remaining = needed; + int ok; + ok = psasim_serialise_begin(&pos, &remaining); + if (!ok) { + goto fail; + } + ok = psasim_serialise_mbedtls_svc_key_id_t(&pos, &remaining, key); + if (!ok) { + goto fail; + } + ok = psasim_serialise_psa_algorithm_t(&pos, &remaining, alg); + if (!ok) { + goto fail; + } + ok = psasim_serialise_buffer(&pos, &remaining, hash, hash_length); + if (!ok) { + goto fail; + } + ok = psasim_serialise_buffer(&pos, &remaining, signature, signature_size); + if (!ok) { + goto fail; + } + ok = psasim_serialise_size_t(&pos, &remaining, *signature_length); + if (!ok) { + goto fail; + } + + ok = psa_crypto_call(PSA_SIGN_HASH, + ser_params, (size_t) (pos - ser_params), &ser_result, &result_length); + if (!ok) { + printf("PSA_SIGN_HASH server call failed\n"); + goto fail; + } + + uint8_t *rpos = ser_result; + size_t rremain = result_length; + + ok = psasim_deserialise_begin(&rpos, &rremain); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_psa_status_t(&rpos, &rremain, &status); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_return_buffer(&rpos, &rremain, signature, signature_size); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_size_t(&rpos, &rremain, signature_length); + if (!ok) { + goto fail; + } + +fail: + free(ser_params); + free(ser_result); + + return status; +} + + +psa_status_t psa_sign_message( + mbedtls_svc_key_id_t key, + psa_algorithm_t alg, + const uint8_t *input, size_t input_length, + uint8_t *signature, size_t signature_size, + size_t *signature_length + ) +{ + uint8_t *ser_params = NULL; + uint8_t *ser_result = NULL; + size_t result_length; + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + + size_t needed = psasim_serialise_begin_needs() + + psasim_serialise_mbedtls_svc_key_id_t_needs(key) + + psasim_serialise_psa_algorithm_t_needs(alg) + + psasim_serialise_buffer_needs(input, input_length) + + psasim_serialise_buffer_needs(signature, signature_size) + + psasim_serialise_size_t_needs(*signature_length); + + ser_params = malloc(needed); + if (ser_params == NULL) { + status = PSA_ERROR_INSUFFICIENT_MEMORY; + goto fail; + } + + uint8_t *pos = ser_params; + size_t remaining = needed; + int ok; + ok = psasim_serialise_begin(&pos, &remaining); + if (!ok) { + goto fail; + } + ok = psasim_serialise_mbedtls_svc_key_id_t(&pos, &remaining, key); + if (!ok) { + goto fail; + } + ok = psasim_serialise_psa_algorithm_t(&pos, &remaining, alg); + if (!ok) { + goto fail; + } + ok = psasim_serialise_buffer(&pos, &remaining, input, input_length); + if (!ok) { + goto fail; + } + ok = psasim_serialise_buffer(&pos, &remaining, signature, signature_size); + if (!ok) { + goto fail; + } + ok = psasim_serialise_size_t(&pos, &remaining, *signature_length); + if (!ok) { + goto fail; + } + + ok = psa_crypto_call(PSA_SIGN_MESSAGE, + ser_params, (size_t) (pos - ser_params), &ser_result, &result_length); + if (!ok) { + printf("PSA_SIGN_MESSAGE server call failed\n"); + goto fail; + } + + uint8_t *rpos = ser_result; + size_t rremain = result_length; + + ok = psasim_deserialise_begin(&rpos, &rremain); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_psa_status_t(&rpos, &rremain, &status); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_return_buffer(&rpos, &rremain, signature, signature_size); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_size_t(&rpos, &rremain, signature_length); + if (!ok) { + goto fail; + } + +fail: + free(ser_params); + free(ser_result); + + return status; +} + + +psa_status_t psa_verify_hash( + mbedtls_svc_key_id_t key, + psa_algorithm_t alg, + const uint8_t *hash, size_t hash_length, + const uint8_t *signature, size_t signature_length + ) +{ + uint8_t *ser_params = NULL; + uint8_t *ser_result = NULL; + size_t result_length; + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + + size_t needed = psasim_serialise_begin_needs() + + psasim_serialise_mbedtls_svc_key_id_t_needs(key) + + psasim_serialise_psa_algorithm_t_needs(alg) + + psasim_serialise_buffer_needs(hash, hash_length) + + psasim_serialise_buffer_needs(signature, signature_length); + + ser_params = malloc(needed); + if (ser_params == NULL) { + status = PSA_ERROR_INSUFFICIENT_MEMORY; + goto fail; + } + + uint8_t *pos = ser_params; + size_t remaining = needed; + int ok; + ok = psasim_serialise_begin(&pos, &remaining); + if (!ok) { + goto fail; + } + ok = psasim_serialise_mbedtls_svc_key_id_t(&pos, &remaining, key); + if (!ok) { + goto fail; + } + ok = psasim_serialise_psa_algorithm_t(&pos, &remaining, alg); + if (!ok) { + goto fail; + } + ok = psasim_serialise_buffer(&pos, &remaining, hash, hash_length); + if (!ok) { + goto fail; + } + ok = psasim_serialise_buffer(&pos, &remaining, signature, signature_length); + if (!ok) { + goto fail; + } + + ok = psa_crypto_call(PSA_VERIFY_HASH, + ser_params, (size_t) (pos - ser_params), &ser_result, &result_length); + if (!ok) { + printf("PSA_VERIFY_HASH server call failed\n"); + goto fail; + } + + uint8_t *rpos = ser_result; + size_t rremain = result_length; + + ok = psasim_deserialise_begin(&rpos, &rremain); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_psa_status_t(&rpos, &rremain, &status); + if (!ok) { + goto fail; + } + +fail: + free(ser_params); + free(ser_result); + + return status; +} + + +psa_status_t psa_verify_message( + mbedtls_svc_key_id_t key, + psa_algorithm_t alg, + const uint8_t *input, size_t input_length, + const uint8_t *signature, size_t signature_length + ) +{ + uint8_t *ser_params = NULL; + uint8_t *ser_result = NULL; + size_t result_length; + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + + size_t needed = psasim_serialise_begin_needs() + + psasim_serialise_mbedtls_svc_key_id_t_needs(key) + + psasim_serialise_psa_algorithm_t_needs(alg) + + psasim_serialise_buffer_needs(input, input_length) + + psasim_serialise_buffer_needs(signature, signature_length); + + ser_params = malloc(needed); + if (ser_params == NULL) { + status = PSA_ERROR_INSUFFICIENT_MEMORY; + goto fail; + } + + uint8_t *pos = ser_params; + size_t remaining = needed; + int ok; + ok = psasim_serialise_begin(&pos, &remaining); + if (!ok) { + goto fail; + } + ok = psasim_serialise_mbedtls_svc_key_id_t(&pos, &remaining, key); + if (!ok) { + goto fail; + } + ok = psasim_serialise_psa_algorithm_t(&pos, &remaining, alg); + if (!ok) { + goto fail; + } + ok = psasim_serialise_buffer(&pos, &remaining, input, input_length); + if (!ok) { + goto fail; + } + ok = psasim_serialise_buffer(&pos, &remaining, signature, signature_length); + if (!ok) { + goto fail; + } + + ok = psa_crypto_call(PSA_VERIFY_MESSAGE, + ser_params, (size_t) (pos - ser_params), &ser_result, &result_length); + if (!ok) { + printf("PSA_VERIFY_MESSAGE server call failed\n"); + goto fail; + } + + uint8_t *rpos = ser_result; + size_t rremain = result_length; + + ok = psasim_deserialise_begin(&rpos, &rremain); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_psa_status_t(&rpos, &rremain, &status); + if (!ok) { + goto fail; + } + +fail: + free(ser_params); + free(ser_result); + + return status; +} diff --git a/tests/psa-client-server/psasim/src/psa_sim_crypto_server.c b/tests/psa-client-server/psasim/src/psa_sim_crypto_server.c index 5d6b608a90..7ad0d67750 100644 --- a/tests/psa-client-server/psasim/src/psa_sim_crypto_server.c +++ b/tests/psa-client-server/psasim/src/psa_sim_crypto_server.c @@ -4980,6 +4980,412 @@ fail: return 0; // This shouldn't happen! } +// Returns 1 for success, 0 for failure +int psa_sign_hash_wrapper( + uint8_t *in_params, size_t in_params_len, + uint8_t **out_params, size_t *out_params_len) +{ + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + mbedtls_svc_key_id_t key; + psa_algorithm_t alg; + uint8_t *hash = NULL; + size_t hash_length; + uint8_t *signature = NULL; + size_t signature_size; + size_t signature_length; + + uint8_t *pos = in_params; + size_t remaining = in_params_len; + uint8_t *result = NULL; + int ok; + + ok = psasim_deserialise_begin(&pos, &remaining); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_mbedtls_svc_key_id_t(&pos, &remaining, &key); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_psa_algorithm_t(&pos, &remaining, &alg); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_buffer(&pos, &remaining, &hash, &hash_length); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_buffer(&pos, &remaining, &signature, &signature_size); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_size_t(&pos, &remaining, &signature_length); + if (!ok) { + goto fail; + } + + // Now we call the actual target function + + status = psa_sign_hash( + key, + alg, + hash, hash_length, + signature, signature_size, + &signature_length + ); + + // NOTE: Should really check there is no overflow as we go along. + size_t result_size = + psasim_serialise_begin_needs() + + psasim_serialise_psa_status_t_needs(status) + + psasim_serialise_buffer_needs(signature, signature_size) + + psasim_serialise_size_t_needs(signature_length); + + result = malloc(result_size); + if (result == NULL) { + goto fail; + } + + uint8_t *rpos = result; + size_t rremain = result_size; + + ok = psasim_serialise_begin(&rpos, &rremain); + if (!ok) { + goto fail; + } + + ok = psasim_serialise_psa_status_t(&rpos, &rremain, status); + if (!ok) { + goto fail; + } + + ok = psasim_serialise_buffer(&rpos, &rremain, signature, signature_size); + if (!ok) { + goto fail; + } + + ok = psasim_serialise_size_t(&rpos, &rremain, signature_length); + if (!ok) { + goto fail; + } + + *out_params = result; + *out_params_len = result_size; + + free(hash); + free(signature); + + return 1; // success + +fail: + free(result); + + free(hash); + free(signature); + + return 0; // This shouldn't happen! +} + +// Returns 1 for success, 0 for failure +int psa_sign_message_wrapper( + uint8_t *in_params, size_t in_params_len, + uint8_t **out_params, size_t *out_params_len) +{ + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + mbedtls_svc_key_id_t key; + psa_algorithm_t alg; + uint8_t *input = NULL; + size_t input_length; + uint8_t *signature = NULL; + size_t signature_size; + size_t signature_length; + + uint8_t *pos = in_params; + size_t remaining = in_params_len; + uint8_t *result = NULL; + int ok; + + ok = psasim_deserialise_begin(&pos, &remaining); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_mbedtls_svc_key_id_t(&pos, &remaining, &key); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_psa_algorithm_t(&pos, &remaining, &alg); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_buffer(&pos, &remaining, &input, &input_length); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_buffer(&pos, &remaining, &signature, &signature_size); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_size_t(&pos, &remaining, &signature_length); + if (!ok) { + goto fail; + } + + // Now we call the actual target function + + status = psa_sign_message( + key, + alg, + input, input_length, + signature, signature_size, + &signature_length + ); + + // NOTE: Should really check there is no overflow as we go along. + size_t result_size = + psasim_serialise_begin_needs() + + psasim_serialise_psa_status_t_needs(status) + + psasim_serialise_buffer_needs(signature, signature_size) + + psasim_serialise_size_t_needs(signature_length); + + result = malloc(result_size); + if (result == NULL) { + goto fail; + } + + uint8_t *rpos = result; + size_t rremain = result_size; + + ok = psasim_serialise_begin(&rpos, &rremain); + if (!ok) { + goto fail; + } + + ok = psasim_serialise_psa_status_t(&rpos, &rremain, status); + if (!ok) { + goto fail; + } + + ok = psasim_serialise_buffer(&rpos, &rremain, signature, signature_size); + if (!ok) { + goto fail; + } + + ok = psasim_serialise_size_t(&rpos, &rremain, signature_length); + if (!ok) { + goto fail; + } + + *out_params = result; + *out_params_len = result_size; + + free(input); + free(signature); + + return 1; // success + +fail: + free(result); + + free(input); + free(signature); + + return 0; // This shouldn't happen! +} + +// Returns 1 for success, 0 for failure +int psa_verify_hash_wrapper( + uint8_t *in_params, size_t in_params_len, + uint8_t **out_params, size_t *out_params_len) +{ + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + mbedtls_svc_key_id_t key; + psa_algorithm_t alg; + uint8_t *hash = NULL; + size_t hash_length; + uint8_t *signature = NULL; + size_t signature_length; + + uint8_t *pos = in_params; + size_t remaining = in_params_len; + uint8_t *result = NULL; + int ok; + + ok = psasim_deserialise_begin(&pos, &remaining); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_mbedtls_svc_key_id_t(&pos, &remaining, &key); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_psa_algorithm_t(&pos, &remaining, &alg); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_buffer(&pos, &remaining, &hash, &hash_length); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_buffer(&pos, &remaining, &signature, &signature_length); + if (!ok) { + goto fail; + } + + // Now we call the actual target function + + status = psa_verify_hash( + key, + alg, + hash, hash_length, + signature, signature_length + ); + + // NOTE: Should really check there is no overflow as we go along. + size_t result_size = + psasim_serialise_begin_needs() + + psasim_serialise_psa_status_t_needs(status); + + result = malloc(result_size); + if (result == NULL) { + goto fail; + } + + uint8_t *rpos = result; + size_t rremain = result_size; + + ok = psasim_serialise_begin(&rpos, &rremain); + if (!ok) { + goto fail; + } + + ok = psasim_serialise_psa_status_t(&rpos, &rremain, status); + if (!ok) { + goto fail; + } + + *out_params = result; + *out_params_len = result_size; + + free(hash); + free(signature); + + return 1; // success + +fail: + free(result); + + free(hash); + free(signature); + + return 0; // This shouldn't happen! +} + +// Returns 1 for success, 0 for failure +int psa_verify_message_wrapper( + uint8_t *in_params, size_t in_params_len, + uint8_t **out_params, size_t *out_params_len) +{ + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + mbedtls_svc_key_id_t key; + psa_algorithm_t alg; + uint8_t *input = NULL; + size_t input_length; + uint8_t *signature = NULL; + size_t signature_length; + + uint8_t *pos = in_params; + size_t remaining = in_params_len; + uint8_t *result = NULL; + int ok; + + ok = psasim_deserialise_begin(&pos, &remaining); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_mbedtls_svc_key_id_t(&pos, &remaining, &key); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_psa_algorithm_t(&pos, &remaining, &alg); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_buffer(&pos, &remaining, &input, &input_length); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_buffer(&pos, &remaining, &signature, &signature_length); + if (!ok) { + goto fail; + } + + // Now we call the actual target function + + status = psa_verify_message( + key, + alg, + input, input_length, + signature, signature_length + ); + + // NOTE: Should really check there is no overflow as we go along. + size_t result_size = + psasim_serialise_begin_needs() + + psasim_serialise_psa_status_t_needs(status); + + result = malloc(result_size); + if (result == NULL) { + goto fail; + } + + uint8_t *rpos = result; + size_t rremain = result_size; + + ok = psasim_serialise_begin(&rpos, &rremain); + if (!ok) { + goto fail; + } + + ok = psasim_serialise_psa_status_t(&rpos, &rremain, status); + if (!ok) { + goto fail; + } + + *out_params = result; + *out_params_len = result_size; + + free(input); + free(signature); + + return 1; // success + +fail: + free(result); + + free(input); + free(signature); + + return 0; // This shouldn't happen! +} + psa_status_t psa_crypto_call(psa_msg_t msg) { int ok = 0; @@ -5240,6 +5646,22 @@ psa_status_t psa_crypto_call(psa_msg_t msg) ok = psa_raw_key_agreement_wrapper(in_params, in_params_len, &out_params, &out_params_len); break; + case PSA_SIGN_HASH: + ok = psa_sign_hash_wrapper(in_params, in_params_len, + &out_params, &out_params_len); + break; + case PSA_SIGN_MESSAGE: + ok = psa_sign_message_wrapper(in_params, in_params_len, + &out_params, &out_params_len); + break; + case PSA_VERIFY_HASH: + ok = psa_verify_hash_wrapper(in_params, in_params_len, + &out_params, &out_params_len); + break; + case PSA_VERIFY_MESSAGE: + ok = psa_verify_message_wrapper(in_params, in_params_len, + &out_params, &out_params_len); + break; } free(in_params); diff --git a/tests/psa-client-server/psasim/src/psa_sim_generate.pl b/tests/psa-client-server/psasim/src/psa_sim_generate.pl index 42f7ac7bd1..e641433644 100755 --- a/tests/psa-client-server/psasim/src/psa_sim_generate.pl +++ b/tests/psa-client-server/psasim/src/psa_sim_generate.pl @@ -4303,3 +4303,224 @@ psa_status_t psa_generate_key_ext(const psa_key_attributes_t *attributes, const psa_key_production_parameters_t *params, size_t params_data_length, mbedtls_svc_key_id_t *key); + +/** + * \brief Sign a message with a private key. For hash-and-sign algorithms, + * this includes the hashing step. + * + * \note To perform a multi-part hash-and-sign signature algorithm, first use + * a multi-part hash operation and then pass the resulting hash to + * psa_sign_hash(). PSA_ALG_GET_HASH(\p alg) can be used to determine the + * hash algorithm to use. + * + * \param[in] key Identifier of the key to use for the operation. + * It must be an asymmetric key pair. The key must + * allow the usage #PSA_KEY_USAGE_SIGN_MESSAGE. + * \param[in] alg An asymmetric signature algorithm (PSA_ALG_XXX + * value such that #PSA_ALG_IS_SIGN_MESSAGE(\p alg) + * is true), that is compatible with the type of + * \p key. + * \param[in] input The input message to sign. + * \param[in] input_length Size of the \p input buffer in bytes. + * \param[out] signature Buffer where the signature is to be written. + * \param[in] signature_size Size of the \p signature buffer in bytes. This + * must be appropriate for the selected + * algorithm and key: + * - The required signature size is + * #PSA_SIGN_OUTPUT_SIZE(\c key_type, \c key_bits, \p alg) + * where \c key_type and \c key_bits are the type and + * bit-size respectively of key. + * - #PSA_SIGNATURE_MAX_SIZE evaluates to the + * maximum signature size of any supported + * signature algorithm. + * \param[out] signature_length On success, the number of bytes that make up + * the returned signature value. + * + * \retval #PSA_SUCCESS \emptydescription + * \retval #PSA_ERROR_INVALID_HANDLE \emptydescription + * \retval #PSA_ERROR_NOT_PERMITTED + * The key does not have the #PSA_KEY_USAGE_SIGN_MESSAGE flag, + * or it does not permit the requested algorithm. + * \retval #PSA_ERROR_BUFFER_TOO_SMALL + * The size of the \p signature buffer is too small. You can + * determine a sufficient buffer size by calling + * #PSA_SIGN_OUTPUT_SIZE(\c key_type, \c key_bits, \p alg) + * where \c key_type and \c key_bits are the type and bit-size + * respectively of \p key. + * \retval #PSA_ERROR_NOT_SUPPORTED \emptydescription + * \retval #PSA_ERROR_INVALID_ARGUMENT \emptydescription + * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription + * \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription + * \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription + * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription + * \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription + * \retval #PSA_ERROR_DATA_CORRUPT \emptydescription + * \retval #PSA_ERROR_DATA_INVALID \emptydescription + * \retval #PSA_ERROR_INSUFFICIENT_ENTROPY \emptydescription + * \retval #PSA_ERROR_BAD_STATE + * The library has not been previously initialized by psa_crypto_init(). + * It is implementation-dependent whether a failure to initialize + * results in this error code. + */ +psa_status_t psa_sign_message(mbedtls_svc_key_id_t key, + psa_algorithm_t alg, + const uint8_t *input, + size_t input_length, + uint8_t *signature, + size_t signature_size, + size_t *signature_length); + +/** \brief Verify the signature of a message with a public key, using + * a hash-and-sign verification algorithm. + * + * \note To perform a multi-part hash-and-sign signature verification + * algorithm, first use a multi-part hash operation to hash the message + * and then pass the resulting hash to psa_verify_hash(). + * PSA_ALG_GET_HASH(\p alg) can be used to determine the hash algorithm + * to use. + * + * \param[in] key Identifier of the key to use for the operation. + * It must be a public key or an asymmetric key + * pair. The key must allow the usage + * #PSA_KEY_USAGE_VERIFY_MESSAGE. + * \param[in] alg An asymmetric signature algorithm (PSA_ALG_XXX + * value such that #PSA_ALG_IS_SIGN_MESSAGE(\p alg) + * is true), that is compatible with the type of + * \p key. + * \param[in] input The message whose signature is to be verified. + * \param[in] input_length Size of the \p input buffer in bytes. + * \param[in] signature Buffer containing the signature to verify. + * \param[in] signature_length Size of the \p signature buffer in bytes. + * + * \retval #PSA_SUCCESS \emptydescription + * \retval #PSA_ERROR_INVALID_HANDLE \emptydescription + * \retval #PSA_ERROR_NOT_PERMITTED + * The key does not have the #PSA_KEY_USAGE_SIGN_MESSAGE flag, + * or it does not permit the requested algorithm. + * \retval #PSA_ERROR_INVALID_SIGNATURE + * The calculation was performed successfully, but the passed signature + * is not a valid signature. + * \retval #PSA_ERROR_NOT_SUPPORTED \emptydescription + * \retval #PSA_ERROR_INVALID_ARGUMENT \emptydescription + * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription + * \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription + * \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription + * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription + * \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription + * \retval #PSA_ERROR_DATA_CORRUPT \emptydescription + * \retval #PSA_ERROR_DATA_INVALID \emptydescription + * \retval #PSA_ERROR_BAD_STATE + * The library has not been previously initialized by psa_crypto_init(). + * It is implementation-dependent whether a failure to initialize + * results in this error code. + */ +psa_status_t psa_verify_message(mbedtls_svc_key_id_t key, + psa_algorithm_t alg, + const uint8_t *input, + size_t input_length, + const uint8_t *signature, + size_t signature_length); + +/** + * \brief Sign a hash or short message with a private key. + * + * Note that to perform a hash-and-sign signature algorithm, you must + * first calculate the hash by calling psa_hash_setup(), psa_hash_update() + * and psa_hash_finish(), or alternatively by calling psa_hash_compute(). + * Then pass the resulting hash as the \p hash + * parameter to this function. You can use #PSA_ALG_SIGN_GET_HASH(\p alg) + * to determine the hash algorithm to use. + * + * \param key Identifier of the key to use for the operation. + * It must be an asymmetric key pair. The key must + * allow the usage #PSA_KEY_USAGE_SIGN_HASH. + * \param alg A signature algorithm (PSA_ALG_XXX + * value such that #PSA_ALG_IS_SIGN_HASH(\p alg) + * is true), that is compatible with + * the type of \p key. + * \param[in] hash The hash or message to sign. + * \param hash_length Size of the \p hash buffer in bytes. + * \param[out] signature Buffer where the signature is to be written. + * \param signature_size Size of the \p signature buffer in bytes. + * \param[out] signature_length On success, the number of bytes + * that make up the returned signature value. + * + * \retval #PSA_SUCCESS \emptydescription + * \retval #PSA_ERROR_INVALID_HANDLE \emptydescription + * \retval #PSA_ERROR_NOT_PERMITTED \emptydescription + * \retval #PSA_ERROR_BUFFER_TOO_SMALL + * The size of the \p signature buffer is too small. You can + * determine a sufficient buffer size by calling + * #PSA_SIGN_OUTPUT_SIZE(\c key_type, \c key_bits, \p alg) + * where \c key_type and \c key_bits are the type and bit-size + * respectively of \p key. + * \retval #PSA_ERROR_NOT_SUPPORTED \emptydescription + * \retval #PSA_ERROR_INVALID_ARGUMENT \emptydescription + * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription + * \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription + * \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription + * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription + * \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription + * \retval #PSA_ERROR_INSUFFICIENT_ENTROPY \emptydescription + * \retval #PSA_ERROR_BAD_STATE + * The library has not been previously initialized by psa_crypto_init(). + * It is implementation-dependent whether a failure to initialize + * results in this error code. + */ +psa_status_t psa_sign_hash(mbedtls_svc_key_id_t key, + psa_algorithm_t alg, + const uint8_t *hash, + size_t hash_length, + uint8_t *signature, + size_t signature_size, + size_t *signature_length); + +/** + * \brief Verify the signature of a hash or short message using a public key. + * + * Note that to perform a hash-and-sign signature algorithm, you must + * first calculate the hash by calling psa_hash_setup(), psa_hash_update() + * and psa_hash_finish(), or alternatively by calling psa_hash_compute(). + * Then pass the resulting hash as the \p hash + * parameter to this function. You can use #PSA_ALG_SIGN_GET_HASH(\p alg) + * to determine the hash algorithm to use. + * + * \param key Identifier of the key to use for the operation. It + * must be a public key or an asymmetric key pair. The + * key must allow the usage + * #PSA_KEY_USAGE_VERIFY_HASH. + * \param alg A signature algorithm (PSA_ALG_XXX + * value such that #PSA_ALG_IS_SIGN_HASH(\p alg) + * is true), that is compatible with + * the type of \p key. + * \param[in] hash The hash or message whose signature is to be + * verified. + * \param hash_length Size of the \p hash buffer in bytes. + * \param[in] signature Buffer containing the signature to verify. + * \param signature_length Size of the \p signature buffer in bytes. + * + * \retval #PSA_SUCCESS + * The signature is valid. + * \retval #PSA_ERROR_INVALID_HANDLE \emptydescription + * \retval #PSA_ERROR_NOT_PERMITTED \emptydescription + * \retval #PSA_ERROR_INVALID_SIGNATURE + * The calculation was performed successfully, but the passed + * signature is not a valid signature. + * \retval #PSA_ERROR_NOT_SUPPORTED \emptydescription + * \retval #PSA_ERROR_INVALID_ARGUMENT \emptydescription + * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription + * \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription + * \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription + * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription + * \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription + * \retval #PSA_ERROR_BAD_STATE + * The library has not been previously initialized by psa_crypto_init(). + * It is implementation-dependent whether a failure to initialize + * results in this error code. + */ +psa_status_t psa_verify_hash(mbedtls_svc_key_id_t key, + psa_algorithm_t alg, + const uint8_t *hash, + size_t hash_length, + const uint8_t *signature, + size_t signature_length); From 8f1c913e38f82f0d56c658495868f385669d64cd Mon Sep 17 00:00:00 2001 From: Tom Cosgrove Date: Fri, 21 Jun 2024 16:17:30 +0100 Subject: [PATCH 376/429] psasim: add support for psa_asymmetric_{encrypt,decrypt}() to the simulator Signed-off-by: Tom Cosgrove --- .../psasim/src/psa_functions_codes.h | 2 + .../psasim/src/psa_sim_crypto_client.c | 196 ++++++++++++++ .../psasim/src/psa_sim_crypto_server.c | 250 ++++++++++++++++++ .../psasim/src/psa_sim_generate.pl | 122 +++++++++ 4 files changed, 570 insertions(+) diff --git a/tests/psa-client-server/psasim/src/psa_functions_codes.h b/tests/psa-client-server/psasim/src/psa_functions_codes.h index 1e5739fac7..fbbdea2db8 100644 --- a/tests/psa-client-server/psasim/src/psa_functions_codes.h +++ b/tests/psa-client-server/psasim/src/psa_functions_codes.h @@ -24,6 +24,8 @@ enum { PSA_AEAD_UPDATE, PSA_AEAD_UPDATE_AD, PSA_AEAD_VERIFY, + PSA_ASYMMETRIC_DECRYPT, + PSA_ASYMMETRIC_ENCRYPT, PSA_CIPHER_ABORT, PSA_CIPHER_DECRYPT, PSA_CIPHER_DECRYPT_SETUP, diff --git a/tests/psa-client-server/psasim/src/psa_sim_crypto_client.c b/tests/psa-client-server/psasim/src/psa_sim_crypto_client.c index 8be8b073b7..8dd85a317f 100644 --- a/tests/psa-client-server/psasim/src/psa_sim_crypto_client.c +++ b/tests/psa-client-server/psasim/src/psa_sim_crypto_client.c @@ -1133,6 +1133,202 @@ fail: } +psa_status_t psa_asymmetric_decrypt( + mbedtls_svc_key_id_t key, + psa_algorithm_t alg, + const uint8_t *input, size_t input_length, + const uint8_t *salt, size_t salt_length, + uint8_t *output, size_t output_size, + size_t *output_length + ) +{ + uint8_t *ser_params = NULL; + uint8_t *ser_result = NULL; + size_t result_length; + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + + size_t needed = psasim_serialise_begin_needs() + + psasim_serialise_mbedtls_svc_key_id_t_needs(key) + + psasim_serialise_psa_algorithm_t_needs(alg) + + psasim_serialise_buffer_needs(input, input_length) + + psasim_serialise_buffer_needs(salt, salt_length) + + psasim_serialise_buffer_needs(output, output_size) + + psasim_serialise_size_t_needs(*output_length); + + ser_params = malloc(needed); + if (ser_params == NULL) { + status = PSA_ERROR_INSUFFICIENT_MEMORY; + goto fail; + } + + uint8_t *pos = ser_params; + size_t remaining = needed; + int ok; + ok = psasim_serialise_begin(&pos, &remaining); + if (!ok) { + goto fail; + } + ok = psasim_serialise_mbedtls_svc_key_id_t(&pos, &remaining, key); + if (!ok) { + goto fail; + } + ok = psasim_serialise_psa_algorithm_t(&pos, &remaining, alg); + if (!ok) { + goto fail; + } + ok = psasim_serialise_buffer(&pos, &remaining, input, input_length); + if (!ok) { + goto fail; + } + ok = psasim_serialise_buffer(&pos, &remaining, salt, salt_length); + if (!ok) { + goto fail; + } + ok = psasim_serialise_buffer(&pos, &remaining, output, output_size); + if (!ok) { + goto fail; + } + ok = psasim_serialise_size_t(&pos, &remaining, *output_length); + if (!ok) { + goto fail; + } + + ok = psa_crypto_call(PSA_ASYMMETRIC_DECRYPT, + ser_params, (size_t) (pos - ser_params), &ser_result, &result_length); + if (!ok) { + printf("PSA_ASYMMETRIC_DECRYPT server call failed\n"); + goto fail; + } + + uint8_t *rpos = ser_result; + size_t rremain = result_length; + + ok = psasim_deserialise_begin(&rpos, &rremain); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_psa_status_t(&rpos, &rremain, &status); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_return_buffer(&rpos, &rremain, output, output_size); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_size_t(&rpos, &rremain, output_length); + if (!ok) { + goto fail; + } + +fail: + free(ser_params); + free(ser_result); + + return status; +} + + +psa_status_t psa_asymmetric_encrypt( + mbedtls_svc_key_id_t key, + psa_algorithm_t alg, + const uint8_t *input, size_t input_length, + const uint8_t *salt, size_t salt_length, + uint8_t *output, size_t output_size, + size_t *output_length + ) +{ + uint8_t *ser_params = NULL; + uint8_t *ser_result = NULL; + size_t result_length; + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + + size_t needed = psasim_serialise_begin_needs() + + psasim_serialise_mbedtls_svc_key_id_t_needs(key) + + psasim_serialise_psa_algorithm_t_needs(alg) + + psasim_serialise_buffer_needs(input, input_length) + + psasim_serialise_buffer_needs(salt, salt_length) + + psasim_serialise_buffer_needs(output, output_size) + + psasim_serialise_size_t_needs(*output_length); + + ser_params = malloc(needed); + if (ser_params == NULL) { + status = PSA_ERROR_INSUFFICIENT_MEMORY; + goto fail; + } + + uint8_t *pos = ser_params; + size_t remaining = needed; + int ok; + ok = psasim_serialise_begin(&pos, &remaining); + if (!ok) { + goto fail; + } + ok = psasim_serialise_mbedtls_svc_key_id_t(&pos, &remaining, key); + if (!ok) { + goto fail; + } + ok = psasim_serialise_psa_algorithm_t(&pos, &remaining, alg); + if (!ok) { + goto fail; + } + ok = psasim_serialise_buffer(&pos, &remaining, input, input_length); + if (!ok) { + goto fail; + } + ok = psasim_serialise_buffer(&pos, &remaining, salt, salt_length); + if (!ok) { + goto fail; + } + ok = psasim_serialise_buffer(&pos, &remaining, output, output_size); + if (!ok) { + goto fail; + } + ok = psasim_serialise_size_t(&pos, &remaining, *output_length); + if (!ok) { + goto fail; + } + + ok = psa_crypto_call(PSA_ASYMMETRIC_ENCRYPT, + ser_params, (size_t) (pos - ser_params), &ser_result, &result_length); + if (!ok) { + printf("PSA_ASYMMETRIC_ENCRYPT server call failed\n"); + goto fail; + } + + uint8_t *rpos = ser_result; + size_t rremain = result_length; + + ok = psasim_deserialise_begin(&rpos, &rremain); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_psa_status_t(&rpos, &rremain, &status); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_return_buffer(&rpos, &rremain, output, output_size); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_size_t(&rpos, &rremain, output_length); + if (!ok) { + goto fail; + } + +fail: + free(ser_params); + free(ser_result); + + return status; +} + + psa_status_t psa_cipher_abort( psa_cipher_operation_t *operation ) diff --git a/tests/psa-client-server/psasim/src/psa_sim_crypto_server.c b/tests/psa-client-server/psasim/src/psa_sim_crypto_server.c index 7ad0d67750..ae803491ea 100644 --- a/tests/psa-client-server/psasim/src/psa_sim_crypto_server.c +++ b/tests/psa-client-server/psasim/src/psa_sim_crypto_server.c @@ -1261,6 +1261,248 @@ fail: return 0; // This shouldn't happen! } +// Returns 1 for success, 0 for failure +int psa_asymmetric_decrypt_wrapper( + uint8_t *in_params, size_t in_params_len, + uint8_t **out_params, size_t *out_params_len) +{ + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + mbedtls_svc_key_id_t key; + psa_algorithm_t alg; + uint8_t *input = NULL; + size_t input_length; + uint8_t *salt = NULL; + size_t salt_length; + uint8_t *output = NULL; + size_t output_size; + size_t output_length; + + uint8_t *pos = in_params; + size_t remaining = in_params_len; + uint8_t *result = NULL; + int ok; + + ok = psasim_deserialise_begin(&pos, &remaining); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_mbedtls_svc_key_id_t(&pos, &remaining, &key); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_psa_algorithm_t(&pos, &remaining, &alg); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_buffer(&pos, &remaining, &input, &input_length); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_buffer(&pos, &remaining, &salt, &salt_length); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_buffer(&pos, &remaining, &output, &output_size); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_size_t(&pos, &remaining, &output_length); + if (!ok) { + goto fail; + } + + // Now we call the actual target function + + status = psa_asymmetric_decrypt( + key, + alg, + input, input_length, + salt, salt_length, + output, output_size, + &output_length + ); + + // NOTE: Should really check there is no overflow as we go along. + size_t result_size = + psasim_serialise_begin_needs() + + psasim_serialise_psa_status_t_needs(status) + + psasim_serialise_buffer_needs(output, output_size) + + psasim_serialise_size_t_needs(output_length); + + result = malloc(result_size); + if (result == NULL) { + goto fail; + } + + uint8_t *rpos = result; + size_t rremain = result_size; + + ok = psasim_serialise_begin(&rpos, &rremain); + if (!ok) { + goto fail; + } + + ok = psasim_serialise_psa_status_t(&rpos, &rremain, status); + if (!ok) { + goto fail; + } + + ok = psasim_serialise_buffer(&rpos, &rremain, output, output_size); + if (!ok) { + goto fail; + } + + ok = psasim_serialise_size_t(&rpos, &rremain, output_length); + if (!ok) { + goto fail; + } + + *out_params = result; + *out_params_len = result_size; + + free(input); + free(salt); + free(output); + + return 1; // success + +fail: + free(result); + + free(input); + free(salt); + free(output); + + return 0; // This shouldn't happen! +} + +// Returns 1 for success, 0 for failure +int psa_asymmetric_encrypt_wrapper( + uint8_t *in_params, size_t in_params_len, + uint8_t **out_params, size_t *out_params_len) +{ + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + mbedtls_svc_key_id_t key; + psa_algorithm_t alg; + uint8_t *input = NULL; + size_t input_length; + uint8_t *salt = NULL; + size_t salt_length; + uint8_t *output = NULL; + size_t output_size; + size_t output_length; + + uint8_t *pos = in_params; + size_t remaining = in_params_len; + uint8_t *result = NULL; + int ok; + + ok = psasim_deserialise_begin(&pos, &remaining); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_mbedtls_svc_key_id_t(&pos, &remaining, &key); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_psa_algorithm_t(&pos, &remaining, &alg); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_buffer(&pos, &remaining, &input, &input_length); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_buffer(&pos, &remaining, &salt, &salt_length); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_buffer(&pos, &remaining, &output, &output_size); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_size_t(&pos, &remaining, &output_length); + if (!ok) { + goto fail; + } + + // Now we call the actual target function + + status = psa_asymmetric_encrypt( + key, + alg, + input, input_length, + salt, salt_length, + output, output_size, + &output_length + ); + + // NOTE: Should really check there is no overflow as we go along. + size_t result_size = + psasim_serialise_begin_needs() + + psasim_serialise_psa_status_t_needs(status) + + psasim_serialise_buffer_needs(output, output_size) + + psasim_serialise_size_t_needs(output_length); + + result = malloc(result_size); + if (result == NULL) { + goto fail; + } + + uint8_t *rpos = result; + size_t rremain = result_size; + + ok = psasim_serialise_begin(&rpos, &rremain); + if (!ok) { + goto fail; + } + + ok = psasim_serialise_psa_status_t(&rpos, &rremain, status); + if (!ok) { + goto fail; + } + + ok = psasim_serialise_buffer(&rpos, &rremain, output, output_size); + if (!ok) { + goto fail; + } + + ok = psasim_serialise_size_t(&rpos, &rremain, output_length); + if (!ok) { + goto fail; + } + + *out_params = result; + *out_params_len = result_size; + + free(input); + free(salt); + free(output); + + return 1; // success + +fail: + free(result); + + free(input); + free(salt); + free(output); + + return 0; // This shouldn't happen! +} + // Returns 1 for success, 0 for failure int psa_cipher_abort_wrapper( uint8_t *in_params, size_t in_params_len, @@ -5474,6 +5716,14 @@ psa_status_t psa_crypto_call(psa_msg_t msg) ok = psa_aead_verify_wrapper(in_params, in_params_len, &out_params, &out_params_len); break; + case PSA_ASYMMETRIC_DECRYPT: + ok = psa_asymmetric_decrypt_wrapper(in_params, in_params_len, + &out_params, &out_params_len); + break; + case PSA_ASYMMETRIC_ENCRYPT: + ok = psa_asymmetric_encrypt_wrapper(in_params, in_params_len, + &out_params, &out_params_len); + break; case PSA_CIPHER_ABORT: ok = psa_cipher_abort_wrapper(in_params, in_params_len, &out_params, &out_params_len); diff --git a/tests/psa-client-server/psasim/src/psa_sim_generate.pl b/tests/psa-client-server/psasim/src/psa_sim_generate.pl index e641433644..82a6249f3b 100755 --- a/tests/psa-client-server/psasim/src/psa_sim_generate.pl +++ b/tests/psa-client-server/psasim/src/psa_sim_generate.pl @@ -4524,3 +4524,125 @@ psa_status_t psa_verify_hash(mbedtls_svc_key_id_t key, size_t hash_length, const uint8_t *signature, size_t signature_length); + +/** + * \brief Encrypt a short message with a public key. + * + * \param key Identifier of the key to use for the operation. + * It must be a public key or an asymmetric key + * pair. It must allow the usage + * #PSA_KEY_USAGE_ENCRYPT. + * \param alg An asymmetric encryption algorithm that is + * compatible with the type of \p key. + * \param[in] input The message to encrypt. + * \param input_length Size of the \p input buffer in bytes. + * \param[in] salt A salt or label, if supported by the + * encryption algorithm. + * If the algorithm does not support a + * salt, pass \c NULL. + * If the algorithm supports an optional + * salt and you do not want to pass a salt, + * pass \c NULL. + * + * - For #PSA_ALG_RSA_PKCS1V15_CRYPT, no salt is + * supported. + * \param salt_length Size of the \p salt buffer in bytes. + * If \p salt is \c NULL, pass 0. + * \param[out] output Buffer where the encrypted message is to + * be written. + * \param output_size Size of the \p output buffer in bytes. + * \param[out] output_length On success, the number of bytes + * that make up the returned output. + * + * \retval #PSA_SUCCESS \emptydescription + * \retval #PSA_ERROR_INVALID_HANDLE \emptydescription + * \retval #PSA_ERROR_NOT_PERMITTED \emptydescription + * \retval #PSA_ERROR_BUFFER_TOO_SMALL + * The size of the \p output buffer is too small. You can + * determine a sufficient buffer size by calling + * #PSA_ASYMMETRIC_ENCRYPT_OUTPUT_SIZE(\c key_type, \c key_bits, \p alg) + * where \c key_type and \c key_bits are the type and bit-size + * respectively of \p key. + * \retval #PSA_ERROR_NOT_SUPPORTED \emptydescription + * \retval #PSA_ERROR_INVALID_ARGUMENT \emptydescription + * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription + * \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription + * \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription + * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription + * \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription + * \retval #PSA_ERROR_INSUFFICIENT_ENTROPY \emptydescription + * \retval #PSA_ERROR_BAD_STATE + * The library has not been previously initialized by psa_crypto_init(). + * It is implementation-dependent whether a failure to initialize + * results in this error code. + */ +psa_status_t psa_asymmetric_encrypt(mbedtls_svc_key_id_t key, + psa_algorithm_t alg, + const uint8_t *input, + size_t input_length, + const uint8_t *salt, + size_t salt_length, + uint8_t *output, + size_t output_size, + size_t *output_length); + +/** + * \brief Decrypt a short message with a private key. + * + * \param key Identifier of the key to use for the operation. + * It must be an asymmetric key pair. It must + * allow the usage #PSA_KEY_USAGE_DECRYPT. + * \param alg An asymmetric encryption algorithm that is + * compatible with the type of \p key. + * \param[in] input The message to decrypt. + * \param input_length Size of the \p input buffer in bytes. + * \param[in] salt A salt or label, if supported by the + * encryption algorithm. + * If the algorithm does not support a + * salt, pass \c NULL. + * If the algorithm supports an optional + * salt and you do not want to pass a salt, + * pass \c NULL. + * + * - For #PSA_ALG_RSA_PKCS1V15_CRYPT, no salt is + * supported. + * \param salt_length Size of the \p salt buffer in bytes. + * If \p salt is \c NULL, pass 0. + * \param[out] output Buffer where the decrypted message is to + * be written. + * \param output_size Size of the \c output buffer in bytes. + * \param[out] output_length On success, the number of bytes + * that make up the returned output. + * + * \retval #PSA_SUCCESS \emptydescription + * \retval #PSA_ERROR_INVALID_HANDLE \emptydescription + * \retval #PSA_ERROR_NOT_PERMITTED \emptydescription + * \retval #PSA_ERROR_BUFFER_TOO_SMALL + * The size of the \p output buffer is too small. You can + * determine a sufficient buffer size by calling + * #PSA_ASYMMETRIC_DECRYPT_OUTPUT_SIZE(\c key_type, \c key_bits, \p alg) + * where \c key_type and \c key_bits are the type and bit-size + * respectively of \p key. + * \retval #PSA_ERROR_NOT_SUPPORTED \emptydescription + * \retval #PSA_ERROR_INVALID_ARGUMENT \emptydescription + * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription + * \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription + * \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription + * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription + * \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription + * \retval #PSA_ERROR_INSUFFICIENT_ENTROPY \emptydescription + * \retval #PSA_ERROR_INVALID_PADDING \emptydescription + * \retval #PSA_ERROR_BAD_STATE + * The library has not been previously initialized by psa_crypto_init(). + * It is implementation-dependent whether a failure to initialize + * results in this error code. + */ +psa_status_t psa_asymmetric_decrypt(mbedtls_svc_key_id_t key, + psa_algorithm_t alg, + const uint8_t *input, + size_t input_length, + const uint8_t *salt, + size_t salt_length, + uint8_t *output, + size_t output_size, + size_t *output_length); From 1a8b805cf54dde862152e9ecddb40e292d860307 Mon Sep 17 00:00:00 2001 From: Tom Cosgrove Date: Fri, 21 Jun 2024 16:26:03 +0100 Subject: [PATCH 377/429] psasim: add support for key functions that don't need psa_key_attributes_t Signed-off-by: Tom Cosgrove --- .../psasim/src/psa_functions_codes.h | 3 + .../psasim/src/psa_sim_crypto_client.c | 218 +++++++++++++++ .../psasim/src/psa_sim_crypto_server.c | 263 ++++++++++++++++++ .../psasim/src/psa_sim_generate.pl | 191 +++++++++++++ 4 files changed, 675 insertions(+) diff --git a/tests/psa-client-server/psasim/src/psa_functions_codes.h b/tests/psa-client-server/psasim/src/psa_functions_codes.h index fbbdea2db8..04401d11b9 100644 --- a/tests/psa-client-server/psasim/src/psa_functions_codes.h +++ b/tests/psa-client-server/psasim/src/psa_functions_codes.h @@ -36,6 +36,8 @@ enum { PSA_CIPHER_SET_IV, PSA_CIPHER_UPDATE, PSA_DESTROY_KEY, + PSA_EXPORT_KEY, + PSA_EXPORT_PUBLIC_KEY, PSA_GENERATE_KEY, PSA_GENERATE_KEY_EXT, PSA_GENERATE_RANDOM, @@ -68,6 +70,7 @@ enum { PSA_MAC_VERIFY, PSA_MAC_VERIFY_FINISH, PSA_MAC_VERIFY_SETUP, + PSA_PURGE_KEY, PSA_RAW_KEY_AGREEMENT, PSA_SIGN_HASH, PSA_SIGN_MESSAGE, diff --git a/tests/psa-client-server/psasim/src/psa_sim_crypto_client.c b/tests/psa-client-server/psasim/src/psa_sim_crypto_client.c index 8dd85a317f..67a66ff95f 100644 --- a/tests/psa-client-server/psasim/src/psa_sim_crypto_client.c +++ b/tests/psa-client-server/psasim/src/psa_sim_crypto_client.c @@ -2114,6 +2114,166 @@ fail: } +psa_status_t psa_export_key( + mbedtls_svc_key_id_t key, + uint8_t *data, size_t data_size, + size_t *data_length + ) +{ + uint8_t *ser_params = NULL; + uint8_t *ser_result = NULL; + size_t result_length; + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + + size_t needed = psasim_serialise_begin_needs() + + psasim_serialise_mbedtls_svc_key_id_t_needs(key) + + psasim_serialise_buffer_needs(data, data_size) + + psasim_serialise_size_t_needs(*data_length); + + ser_params = malloc(needed); + if (ser_params == NULL) { + status = PSA_ERROR_INSUFFICIENT_MEMORY; + goto fail; + } + + uint8_t *pos = ser_params; + size_t remaining = needed; + int ok; + ok = psasim_serialise_begin(&pos, &remaining); + if (!ok) { + goto fail; + } + ok = psasim_serialise_mbedtls_svc_key_id_t(&pos, &remaining, key); + if (!ok) { + goto fail; + } + ok = psasim_serialise_buffer(&pos, &remaining, data, data_size); + if (!ok) { + goto fail; + } + ok = psasim_serialise_size_t(&pos, &remaining, *data_length); + if (!ok) { + goto fail; + } + + ok = psa_crypto_call(PSA_EXPORT_KEY, + ser_params, (size_t) (pos - ser_params), &ser_result, &result_length); + if (!ok) { + printf("PSA_EXPORT_KEY server call failed\n"); + goto fail; + } + + uint8_t *rpos = ser_result; + size_t rremain = result_length; + + ok = psasim_deserialise_begin(&rpos, &rremain); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_psa_status_t(&rpos, &rremain, &status); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_return_buffer(&rpos, &rremain, data, data_size); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_size_t(&rpos, &rremain, data_length); + if (!ok) { + goto fail; + } + +fail: + free(ser_params); + free(ser_result); + + return status; +} + + +psa_status_t psa_export_public_key( + mbedtls_svc_key_id_t key, + uint8_t *data, size_t data_size, + size_t *data_length + ) +{ + uint8_t *ser_params = NULL; + uint8_t *ser_result = NULL; + size_t result_length; + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + + size_t needed = psasim_serialise_begin_needs() + + psasim_serialise_mbedtls_svc_key_id_t_needs(key) + + psasim_serialise_buffer_needs(data, data_size) + + psasim_serialise_size_t_needs(*data_length); + + ser_params = malloc(needed); + if (ser_params == NULL) { + status = PSA_ERROR_INSUFFICIENT_MEMORY; + goto fail; + } + + uint8_t *pos = ser_params; + size_t remaining = needed; + int ok; + ok = psasim_serialise_begin(&pos, &remaining); + if (!ok) { + goto fail; + } + ok = psasim_serialise_mbedtls_svc_key_id_t(&pos, &remaining, key); + if (!ok) { + goto fail; + } + ok = psasim_serialise_buffer(&pos, &remaining, data, data_size); + if (!ok) { + goto fail; + } + ok = psasim_serialise_size_t(&pos, &remaining, *data_length); + if (!ok) { + goto fail; + } + + ok = psa_crypto_call(PSA_EXPORT_PUBLIC_KEY, + ser_params, (size_t) (pos - ser_params), &ser_result, &result_length); + if (!ok) { + printf("PSA_EXPORT_PUBLIC_KEY server call failed\n"); + goto fail; + } + + uint8_t *rpos = ser_result; + size_t rremain = result_length; + + ok = psasim_deserialise_begin(&rpos, &rremain); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_psa_status_t(&rpos, &rremain, &status); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_return_buffer(&rpos, &rremain, data, data_size); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_size_t(&rpos, &rremain, data_length); + if (!ok) { + goto fail; + } + +fail: + free(ser_params); + free(ser_result); + + return status; +} + + psa_status_t psa_generate_key( const psa_key_attributes_t *attributes, mbedtls_svc_key_id_t *key @@ -4465,6 +4625,64 @@ fail: } +psa_status_t psa_purge_key( + mbedtls_svc_key_id_t key + ) +{ + uint8_t *ser_params = NULL; + uint8_t *ser_result = NULL; + size_t result_length; + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + + size_t needed = psasim_serialise_begin_needs() + + psasim_serialise_mbedtls_svc_key_id_t_needs(key); + + ser_params = malloc(needed); + if (ser_params == NULL) { + status = PSA_ERROR_INSUFFICIENT_MEMORY; + goto fail; + } + + uint8_t *pos = ser_params; + size_t remaining = needed; + int ok; + ok = psasim_serialise_begin(&pos, &remaining); + if (!ok) { + goto fail; + } + ok = psasim_serialise_mbedtls_svc_key_id_t(&pos, &remaining, key); + if (!ok) { + goto fail; + } + + ok = psa_crypto_call(PSA_PURGE_KEY, + ser_params, (size_t) (pos - ser_params), &ser_result, &result_length); + if (!ok) { + printf("PSA_PURGE_KEY server call failed\n"); + goto fail; + } + + uint8_t *rpos = ser_result; + size_t rremain = result_length; + + ok = psasim_deserialise_begin(&rpos, &rremain); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_psa_status_t(&rpos, &rremain, &status); + if (!ok) { + goto fail; + } + +fail: + free(ser_params); + free(ser_result); + + return status; +} + + psa_status_t psa_raw_key_agreement( psa_algorithm_t alg, mbedtls_svc_key_id_t private_key, diff --git a/tests/psa-client-server/psasim/src/psa_sim_crypto_server.c b/tests/psa-client-server/psasim/src/psa_sim_crypto_server.c index ae803491ea..41b4bc6516 100644 --- a/tests/psa-client-server/psasim/src/psa_sim_crypto_server.c +++ b/tests/psa-client-server/psasim/src/psa_sim_crypto_server.c @@ -2414,6 +2414,194 @@ fail: return 0; // This shouldn't happen! } +// Returns 1 for success, 0 for failure +int psa_export_key_wrapper( + uint8_t *in_params, size_t in_params_len, + uint8_t **out_params, size_t *out_params_len) +{ + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + mbedtls_svc_key_id_t key; + uint8_t *data = NULL; + size_t data_size; + size_t data_length; + + uint8_t *pos = in_params; + size_t remaining = in_params_len; + uint8_t *result = NULL; + int ok; + + ok = psasim_deserialise_begin(&pos, &remaining); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_mbedtls_svc_key_id_t(&pos, &remaining, &key); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_buffer(&pos, &remaining, &data, &data_size); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_size_t(&pos, &remaining, &data_length); + if (!ok) { + goto fail; + } + + // Now we call the actual target function + + status = psa_export_key( + key, + data, data_size, + &data_length + ); + + // NOTE: Should really check there is no overflow as we go along. + size_t result_size = + psasim_serialise_begin_needs() + + psasim_serialise_psa_status_t_needs(status) + + psasim_serialise_buffer_needs(data, data_size) + + psasim_serialise_size_t_needs(data_length); + + result = malloc(result_size); + if (result == NULL) { + goto fail; + } + + uint8_t *rpos = result; + size_t rremain = result_size; + + ok = psasim_serialise_begin(&rpos, &rremain); + if (!ok) { + goto fail; + } + + ok = psasim_serialise_psa_status_t(&rpos, &rremain, status); + if (!ok) { + goto fail; + } + + ok = psasim_serialise_buffer(&rpos, &rremain, data, data_size); + if (!ok) { + goto fail; + } + + ok = psasim_serialise_size_t(&rpos, &rremain, data_length); + if (!ok) { + goto fail; + } + + *out_params = result; + *out_params_len = result_size; + + free(data); + + return 1; // success + +fail: + free(result); + + free(data); + + return 0; // This shouldn't happen! +} + +// Returns 1 for success, 0 for failure +int psa_export_public_key_wrapper( + uint8_t *in_params, size_t in_params_len, + uint8_t **out_params, size_t *out_params_len) +{ + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + mbedtls_svc_key_id_t key; + uint8_t *data = NULL; + size_t data_size; + size_t data_length; + + uint8_t *pos = in_params; + size_t remaining = in_params_len; + uint8_t *result = NULL; + int ok; + + ok = psasim_deserialise_begin(&pos, &remaining); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_mbedtls_svc_key_id_t(&pos, &remaining, &key); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_buffer(&pos, &remaining, &data, &data_size); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_size_t(&pos, &remaining, &data_length); + if (!ok) { + goto fail; + } + + // Now we call the actual target function + + status = psa_export_public_key( + key, + data, data_size, + &data_length + ); + + // NOTE: Should really check there is no overflow as we go along. + size_t result_size = + psasim_serialise_begin_needs() + + psasim_serialise_psa_status_t_needs(status) + + psasim_serialise_buffer_needs(data, data_size) + + psasim_serialise_size_t_needs(data_length); + + result = malloc(result_size); + if (result == NULL) { + goto fail; + } + + uint8_t *rpos = result; + size_t rremain = result_size; + + ok = psasim_serialise_begin(&rpos, &rremain); + if (!ok) { + goto fail; + } + + ok = psasim_serialise_psa_status_t(&rpos, &rremain, status); + if (!ok) { + goto fail; + } + + ok = psasim_serialise_buffer(&rpos, &rremain, data, data_size); + if (!ok) { + goto fail; + } + + ok = psasim_serialise_size_t(&rpos, &rremain, data_length); + if (!ok) { + goto fail; + } + + *out_params = result; + *out_params_len = result_size; + + free(data); + + return 1; // success + +fail: + free(result); + + free(data); + + return 0; // This shouldn't happen! +} + // Returns 1 for success, 0 for failure int psa_generate_key_wrapper( uint8_t *in_params, size_t in_params_len, @@ -5111,6 +5299,69 @@ fail: return 0; // This shouldn't happen! } +// Returns 1 for success, 0 for failure +int psa_purge_key_wrapper( + uint8_t *in_params, size_t in_params_len, + uint8_t **out_params, size_t *out_params_len) +{ + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + mbedtls_svc_key_id_t key; + + uint8_t *pos = in_params; + size_t remaining = in_params_len; + uint8_t *result = NULL; + int ok; + + ok = psasim_deserialise_begin(&pos, &remaining); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_mbedtls_svc_key_id_t(&pos, &remaining, &key); + if (!ok) { + goto fail; + } + + // Now we call the actual target function + + status = psa_purge_key( + key + ); + + // NOTE: Should really check there is no overflow as we go along. + size_t result_size = + psasim_serialise_begin_needs() + + psasim_serialise_psa_status_t_needs(status); + + result = malloc(result_size); + if (result == NULL) { + goto fail; + } + + uint8_t *rpos = result; + size_t rremain = result_size; + + ok = psasim_serialise_begin(&rpos, &rremain); + if (!ok) { + goto fail; + } + + ok = psasim_serialise_psa_status_t(&rpos, &rremain, status); + if (!ok) { + goto fail; + } + + *out_params = result; + *out_params_len = result_size; + + return 1; // success + +fail: + free(result); + + return 0; // This shouldn't happen! +} + // Returns 1 for success, 0 for failure int psa_raw_key_agreement_wrapper( uint8_t *in_params, size_t in_params_len, @@ -5764,6 +6015,14 @@ psa_status_t psa_crypto_call(psa_msg_t msg) ok = psa_destroy_key_wrapper(in_params, in_params_len, &out_params, &out_params_len); break; + case PSA_EXPORT_KEY: + ok = psa_export_key_wrapper(in_params, in_params_len, + &out_params, &out_params_len); + break; + case PSA_EXPORT_PUBLIC_KEY: + ok = psa_export_public_key_wrapper(in_params, in_params_len, + &out_params, &out_params_len); + break; case PSA_GENERATE_KEY: ok = psa_generate_key_wrapper(in_params, in_params_len, &out_params, &out_params_len); @@ -5892,6 +6151,10 @@ psa_status_t psa_crypto_call(psa_msg_t msg) ok = psa_mac_verify_setup_wrapper(in_params, in_params_len, &out_params, &out_params_len); break; + case PSA_PURGE_KEY: + ok = psa_purge_key_wrapper(in_params, in_params_len, + &out_params, &out_params_len); + break; case PSA_RAW_KEY_AGREEMENT: ok = psa_raw_key_agreement_wrapper(in_params, in_params_len, &out_params, &out_params_len); diff --git a/tests/psa-client-server/psasim/src/psa_sim_generate.pl b/tests/psa-client-server/psasim/src/psa_sim_generate.pl index 82a6249f3b..1c27487b35 100755 --- a/tests/psa-client-server/psasim/src/psa_sim_generate.pl +++ b/tests/psa-client-server/psasim/src/psa_sim_generate.pl @@ -4646,3 +4646,194 @@ psa_status_t psa_asymmetric_decrypt(mbedtls_svc_key_id_t key, uint8_t *output, size_t output_size, size_t *output_length); + +/** Remove non-essential copies of key material from memory. + * + * If the key identifier designates a volatile key, this functions does not do + * anything and returns successfully. + * + * If the key identifier designates a persistent key, then this function will + * free all resources associated with the key in volatile memory. The key + * data in persistent storage is not affected and the key can still be used. + * + * \param key Identifier of the key to purge. + * + * \retval #PSA_SUCCESS + * The key material will have been removed from memory if it is not + * currently required. + * \retval #PSA_ERROR_INVALID_ARGUMENT + * \p key is not a valid key identifier. + * \retval #PSA_ERROR_BAD_STATE + * The library has not been previously initialized by psa_crypto_init(). + * It is implementation-dependent whether a failure to initialize + * results in this error code. + */ +psa_status_t psa_purge_key(mbedtls_svc_key_id_t key); + +/** + * \brief Export a key in binary format. + * + * The output of this function can be passed to psa_import_key() to + * create an equivalent object. + * + * If the implementation of psa_import_key() supports other formats + * beyond the format specified here, the output from psa_export_key() + * must use the representation specified here, not the original + * representation. + * + * For standard key types, the output format is as follows: + * + * - For symmetric keys (including MAC keys), the format is the + * raw bytes of the key. + * - For DES, the key data consists of 8 bytes. The parity bits must be + * correct. + * - For Triple-DES, the format is the concatenation of the + * two or three DES keys. + * - For RSA key pairs (#PSA_KEY_TYPE_RSA_KEY_PAIR), the format + * is the non-encrypted DER encoding of the representation defined by + * PKCS\#1 (RFC 8017) as `RSAPrivateKey`, version 0. + * ``` + * RSAPrivateKey ::= SEQUENCE { + * version INTEGER, -- must be 0 + * modulus INTEGER, -- n + * publicExponent INTEGER, -- e + * privateExponent INTEGER, -- d + * prime1 INTEGER, -- p + * prime2 INTEGER, -- q + * exponent1 INTEGER, -- d mod (p-1) + * exponent2 INTEGER, -- d mod (q-1) + * coefficient INTEGER, -- (inverse of q) mod p + * } + * ``` + * - For elliptic curve key pairs (key types for which + * #PSA_KEY_TYPE_IS_ECC_KEY_PAIR is true), the format is + * a representation of the private value as a `ceiling(m/8)`-byte string + * where `m` is the bit size associated with the curve, i.e. the bit size + * of the order of the curve's coordinate field. This byte string is + * in little-endian order for Montgomery curves (curve types + * `PSA_ECC_FAMILY_CURVEXXX`), and in big-endian order for Weierstrass + * curves (curve types `PSA_ECC_FAMILY_SECTXXX`, `PSA_ECC_FAMILY_SECPXXX` + * and `PSA_ECC_FAMILY_BRAINPOOL_PXXX`). + * For Weierstrass curves, this is the content of the `privateKey` field of + * the `ECPrivateKey` format defined by RFC 5915. For Montgomery curves, + * the format is defined by RFC 7748, and output is masked according to §5. + * For twisted Edwards curves, the private key is as defined by RFC 8032 + * (a 32-byte string for Edwards25519, a 57-byte string for Edwards448). + * - For Diffie-Hellman key exchange key pairs (key types for which + * #PSA_KEY_TYPE_IS_DH_KEY_PAIR is true), the + * format is the representation of the private key `x` as a big-endian byte + * string. The length of the byte string is the private key size in bytes + * (leading zeroes are not stripped). + * - For public keys (key types for which #PSA_KEY_TYPE_IS_PUBLIC_KEY is + * true), the format is the same as for psa_export_public_key(). + * + * The policy on the key must have the usage flag #PSA_KEY_USAGE_EXPORT set. + * + * \param key Identifier of the key to export. It must allow the + * usage #PSA_KEY_USAGE_EXPORT, unless it is a public + * key. + * \param[out] data Buffer where the key data is to be written. + * \param data_size Size of the \p data buffer in bytes. + * \param[out] data_length On success, the number of bytes + * that make up the key data. + * + * \retval #PSA_SUCCESS \emptydescription + * \retval #PSA_ERROR_INVALID_HANDLE \emptydescription + * \retval #PSA_ERROR_NOT_PERMITTED + * The key does not have the #PSA_KEY_USAGE_EXPORT flag. + * \retval #PSA_ERROR_NOT_SUPPORTED \emptydescription + * \retval #PSA_ERROR_BUFFER_TOO_SMALL + * The size of the \p data buffer is too small. You can determine a + * sufficient buffer size by calling + * #PSA_EXPORT_KEY_OUTPUT_SIZE(\c type, \c bits) + * where \c type is the key type + * and \c bits is the key size in bits. + * \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription + * \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription + * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription + * \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription + * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription + * \retval #PSA_ERROR_BAD_STATE + * The library has not been previously initialized by psa_crypto_init(). + * It is implementation-dependent whether a failure to initialize + * results in this error code. + */ +psa_status_t psa_export_key(mbedtls_svc_key_id_t key, + uint8_t *data, + size_t data_size, + size_t *data_length); + +/** + * \brief Export a public key or the public part of a key pair in binary format. + * + * The output of this function can be passed to psa_import_key() to + * create an object that is equivalent to the public key. + * + * This specification supports a single format for each key type. + * Implementations may support other formats as long as the standard + * format is supported. Implementations that support other formats + * should ensure that the formats are clearly unambiguous so as to + * minimize the risk that an invalid input is accidentally interpreted + * according to a different format. + * + * For standard key types, the output format is as follows: + * - For RSA public keys (#PSA_KEY_TYPE_RSA_PUBLIC_KEY), the DER encoding of + * the representation defined by RFC 3279 §2.3.1 as `RSAPublicKey`. + * ``` + * RSAPublicKey ::= SEQUENCE { + * modulus INTEGER, -- n + * publicExponent INTEGER } -- e + * ``` + * - For elliptic curve keys on a twisted Edwards curve (key types for which + * #PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY is true and #PSA_KEY_TYPE_ECC_GET_FAMILY + * returns #PSA_ECC_FAMILY_TWISTED_EDWARDS), the public key is as defined + * by RFC 8032 + * (a 32-byte string for Edwards25519, a 57-byte string for Edwards448). + * - For other elliptic curve public keys (key types for which + * #PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY is true), the format is the uncompressed + * representation defined by SEC1 §2.3.3 as the content of an ECPoint. + * Let `m` be the bit size associated with the curve, i.e. the bit size of + * `q` for a curve over `F_q`. The representation consists of: + * - The byte 0x04; + * - `x_P` as a `ceiling(m/8)`-byte string, big-endian; + * - `y_P` as a `ceiling(m/8)`-byte string, big-endian. + * - For Diffie-Hellman key exchange public keys (key types for which + * #PSA_KEY_TYPE_IS_DH_PUBLIC_KEY is true), + * the format is the representation of the public key `y = g^x mod p` as a + * big-endian byte string. The length of the byte string is the length of the + * base prime `p` in bytes. + * + * Exporting a public key object or the public part of a key pair is + * always permitted, regardless of the key's usage flags. + * + * \param key Identifier of the key to export. + * \param[out] data Buffer where the key data is to be written. + * \param data_size Size of the \p data buffer in bytes. + * \param[out] data_length On success, the number of bytes + * that make up the key data. + * + * \retval #PSA_SUCCESS \emptydescription + * \retval #PSA_ERROR_INVALID_HANDLE \emptydescription + * \retval #PSA_ERROR_INVALID_ARGUMENT + * The key is neither a public key nor a key pair. + * \retval #PSA_ERROR_NOT_SUPPORTED \emptydescription + * \retval #PSA_ERROR_BUFFER_TOO_SMALL + * The size of the \p data buffer is too small. You can determine a + * sufficient buffer size by calling + * #PSA_EXPORT_KEY_OUTPUT_SIZE(#PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR(\c type), \c bits) + * where \c type is the key type + * and \c bits is the key size in bits. + * \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription + * \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription + * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription + * \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription + * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription + * \retval #PSA_ERROR_BAD_STATE + * The library has not been previously initialized by psa_crypto_init(). + * It is implementation-dependent whether a failure to initialize + * results in this error code. + */ +psa_status_t psa_export_public_key(mbedtls_svc_key_id_t key, + uint8_t *data, + size_t data_size, + size_t *data_length); From 9b10cf7e396402e9c87b441d06fe146dbfb896ca Mon Sep 17 00:00:00 2001 From: Tom Cosgrove Date: Fri, 21 Jun 2024 17:05:53 +0100 Subject: [PATCH 378/429] psasim: add support for PSA functions that return uint32_t or void Signed-off-by: Tom Cosgrove --- .../psasim/src/psa_sim_generate.pl | 43 +++++++++++++++++-- 1 file changed, 39 insertions(+), 4 deletions(-) diff --git a/tests/psa-client-server/psasim/src/psa_sim_generate.pl b/tests/psa-client-server/psasim/src/psa_sim_generate.pl index 1c27487b35..dfbced1d74 100755 --- a/tests/psa-client-server/psasim/src/psa_sim_generate.pl +++ b/tests/psa-client-server/psasim/src/psa_sim_generate.pl @@ -529,6 +529,9 @@ int ${name}_wrapper( uint8_t *in_params, size_t in_params_len, uint8_t **out_params, size_t *out_params_len) { +EOF + + print $fh <{return}->{name}; my $args = $f->{args}; - print $fh "\n $ret_name = $name(\n"; + if ($ret_name eq "(void)") { + print $fh "\n $name(\n"; + } else { + print $fh "\n $ret_name = $name(\n"; + } print $fh " );\n" if $#$args < 0; # If no arguments, empty arg list @@ -1025,7 +1056,7 @@ sub get_functions my %funcs = (); for (my $i = 0; $i <= $#src; $i++) { my $line = $src[$i]; - if ($line =~ /^psa_status_t (psa_\w*)\(/) { # begin function definition + if ($line =~ /^(psa_status_t|uint32_t|void) (psa_\w*)\(/) { # begin function definition #print "have one $line\n"; while ($line !~ /;/) { $line .= $src[$i + 1]; @@ -1044,9 +1075,13 @@ sub get_functions my $ret_name = ""; $ret_name = "status" if $ret_type eq "psa_status_t"; + $ret_name = "value" if $ret_type eq "uint32_t"; + $ret_name = "(void)" if $ret_type eq "void"; die("ret_name for $ret_type?") unless length($ret_name); my $ret_default = ""; $ret_default = "PSA_ERROR_CORRUPTION_DETECTED" if $ret_type eq "psa_status_t"; + $ret_default = "0" if $ret_type eq "uint32_t"; + $ret_default = "(void)" if $ret_type eq "void"; die("ret_default for $ret_type?") unless length($ret_default); #print "FUNC $func RET_NAME $ret_name RET_TYPE $ret_type ARGS (", join("; ", @args), ")\n"; From 05c99e13e6276e300513e7fc0071bf20d3ce48eb Mon Sep 17 00:00:00 2001 From: Tom Cosgrove Date: Fri, 21 Jun 2024 17:09:11 +0100 Subject: [PATCH 379/429] psasim: add support for psa_{sign,verify}_hash_xxx() and get/set max ops Signed-off-by: Tom Cosgrove --- .../psasim/src/psa_functions_codes.h | 10 + .../psasim/src/psa_sim_crypto_client.c | 661 +++++++++++++++ .../psasim/src/psa_sim_crypto_server.c | 778 ++++++++++++++++++ .../psasim/src/psa_sim_generate.pl | 552 +++++++++++++ .../psasim/src/psa_sim_serialise.c | 301 +++++++ .../psasim/src/psa_sim_serialise.h | 210 +++++ .../psasim/src/psa_sim_serialise.pl | 4 +- 7 files changed, 2515 insertions(+), 1 deletion(-) diff --git a/tests/psa-client-server/psasim/src/psa_functions_codes.h b/tests/psa-client-server/psasim/src/psa_functions_codes.h index 04401d11b9..68d9f031f1 100644 --- a/tests/psa-client-server/psasim/src/psa_functions_codes.h +++ b/tests/psa-client-server/psasim/src/psa_functions_codes.h @@ -51,6 +51,8 @@ enum { PSA_HASH_UPDATE, PSA_HASH_VERIFY, PSA_IMPORT_KEY, + PSA_INTERRUPTIBLE_GET_MAX_OPS, + PSA_INTERRUPTIBLE_SET_MAX_OPS, PSA_KEY_DERIVATION_ABORT, PSA_KEY_DERIVATION_GET_CAPACITY, PSA_KEY_DERIVATION_INPUT_BYTES, @@ -73,8 +75,16 @@ enum { PSA_PURGE_KEY, PSA_RAW_KEY_AGREEMENT, PSA_SIGN_HASH, + PSA_SIGN_HASH_ABORT, + PSA_SIGN_HASH_COMPLETE, + PSA_SIGN_HASH_GET_NUM_OPS, + PSA_SIGN_HASH_START, PSA_SIGN_MESSAGE, PSA_VERIFY_HASH, + PSA_VERIFY_HASH_ABORT, + PSA_VERIFY_HASH_COMPLETE, + PSA_VERIFY_HASH_GET_NUM_OPS, + PSA_VERIFY_HASH_START, PSA_VERIFY_MESSAGE, }; diff --git a/tests/psa-client-server/psasim/src/psa_sim_crypto_client.c b/tests/psa-client-server/psasim/src/psa_sim_crypto_client.c index 67a66ff95f..36fdfdb761 100644 --- a/tests/psa-client-server/psasim/src/psa_sim_crypto_client.c +++ b/tests/psa-client-server/psasim/src/psa_sim_crypto_client.c @@ -3205,6 +3205,109 @@ fail: } +uint32_t psa_interruptible_get_max_ops( + void +) +{ + uint8_t *ser_params = NULL; + uint8_t *ser_result = NULL; + size_t result_length; + uint32_t value = 0; + + size_t needed = psasim_serialise_begin_needs() + + 0; + + ser_params = malloc(needed); + if (ser_params == NULL) { + value = 0; + goto fail; + } + + uint8_t *pos = ser_params; + size_t remaining = needed; + int ok; + ok = psasim_serialise_begin(&pos, &remaining); + if (!ok) { + goto fail; + } + + ok = psa_crypto_call(PSA_INTERRUPTIBLE_GET_MAX_OPS, + ser_params, (size_t) (pos - ser_params), &ser_result, &result_length); + if (!ok) { + printf("PSA_INTERRUPTIBLE_GET_MAX_OPS server call failed\n"); + goto fail; + } + + uint8_t *rpos = ser_result; + size_t rremain = result_length; + + ok = psasim_deserialise_begin(&rpos, &rremain); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_uint32_t(&rpos, &rremain, &value); + if (!ok) { + goto fail; + } + +fail: + free(ser_params); + free(ser_result); + + return value; +} + + +void psa_interruptible_set_max_ops( + uint32_t max_ops + ) +{ + uint8_t *ser_params = NULL; + uint8_t *ser_result = NULL; + size_t result_length; + + size_t needed = psasim_serialise_begin_needs() + + psasim_serialise_uint32_t_needs(max_ops); + + ser_params = malloc(needed); + if (ser_params == NULL) { + goto fail; + } + + uint8_t *pos = ser_params; + size_t remaining = needed; + int ok; + ok = psasim_serialise_begin(&pos, &remaining); + if (!ok) { + goto fail; + } + ok = psasim_serialise_uint32_t(&pos, &remaining, max_ops); + if (!ok) { + goto fail; + } + + ok = psa_crypto_call(PSA_INTERRUPTIBLE_SET_MAX_OPS, + ser_params, (size_t) (pos - ser_params), &ser_result, &result_length); + if (!ok) { + printf("PSA_INTERRUPTIBLE_SET_MAX_OPS server call failed\n"); + goto fail; + } + + uint8_t *rpos = ser_result; + size_t rremain = result_length; + + ok = psasim_deserialise_begin(&rpos, &rremain); + if (!ok) { + goto fail; + } + +fail: + free(ser_params); + free(ser_result); +} + + psa_status_t psa_key_derivation_abort( psa_key_derivation_operation_t *operation ) @@ -4867,6 +4970,293 @@ fail: } +psa_status_t psa_sign_hash_abort( + psa_sign_hash_interruptible_operation_t *operation + ) +{ + uint8_t *ser_params = NULL; + uint8_t *ser_result = NULL; + size_t result_length; + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + + size_t needed = psasim_serialise_begin_needs() + + psasim_serialise_psa_sign_hash_interruptible_operation_t_needs(*operation); + + ser_params = malloc(needed); + if (ser_params == NULL) { + status = PSA_ERROR_INSUFFICIENT_MEMORY; + goto fail; + } + + uint8_t *pos = ser_params; + size_t remaining = needed; + int ok; + ok = psasim_serialise_begin(&pos, &remaining); + if (!ok) { + goto fail; + } + ok = psasim_serialise_psa_sign_hash_interruptible_operation_t(&pos, &remaining, *operation); + if (!ok) { + goto fail; + } + + ok = psa_crypto_call(PSA_SIGN_HASH_ABORT, + ser_params, (size_t) (pos - ser_params), &ser_result, &result_length); + if (!ok) { + printf("PSA_SIGN_HASH_ABORT server call failed\n"); + goto fail; + } + + uint8_t *rpos = ser_result; + size_t rremain = result_length; + + ok = psasim_deserialise_begin(&rpos, &rremain); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_psa_status_t(&rpos, &rremain, &status); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_psa_sign_hash_interruptible_operation_t(&rpos, &rremain, operation); + if (!ok) { + goto fail; + } + +fail: + free(ser_params); + free(ser_result); + + return status; +} + + +psa_status_t psa_sign_hash_complete( + psa_sign_hash_interruptible_operation_t *operation, + uint8_t *signature, size_t signature_size, + size_t *signature_length + ) +{ + uint8_t *ser_params = NULL; + uint8_t *ser_result = NULL; + size_t result_length; + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + + size_t needed = psasim_serialise_begin_needs() + + psasim_serialise_psa_sign_hash_interruptible_operation_t_needs(*operation) + + psasim_serialise_buffer_needs(signature, signature_size) + + psasim_serialise_size_t_needs(*signature_length); + + ser_params = malloc(needed); + if (ser_params == NULL) { + status = PSA_ERROR_INSUFFICIENT_MEMORY; + goto fail; + } + + uint8_t *pos = ser_params; + size_t remaining = needed; + int ok; + ok = psasim_serialise_begin(&pos, &remaining); + if (!ok) { + goto fail; + } + ok = psasim_serialise_psa_sign_hash_interruptible_operation_t(&pos, &remaining, *operation); + if (!ok) { + goto fail; + } + ok = psasim_serialise_buffer(&pos, &remaining, signature, signature_size); + if (!ok) { + goto fail; + } + ok = psasim_serialise_size_t(&pos, &remaining, *signature_length); + if (!ok) { + goto fail; + } + + ok = psa_crypto_call(PSA_SIGN_HASH_COMPLETE, + ser_params, (size_t) (pos - ser_params), &ser_result, &result_length); + if (!ok) { + printf("PSA_SIGN_HASH_COMPLETE server call failed\n"); + goto fail; + } + + uint8_t *rpos = ser_result; + size_t rremain = result_length; + + ok = psasim_deserialise_begin(&rpos, &rremain); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_psa_status_t(&rpos, &rremain, &status); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_psa_sign_hash_interruptible_operation_t(&rpos, &rremain, operation); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_return_buffer(&rpos, &rremain, signature, signature_size); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_size_t(&rpos, &rremain, signature_length); + if (!ok) { + goto fail; + } + +fail: + free(ser_params); + free(ser_result); + + return status; +} + + +uint32_t psa_sign_hash_get_num_ops( + const psa_sign_hash_interruptible_operation_t *operation + ) +{ + uint8_t *ser_params = NULL; + uint8_t *ser_result = NULL; + size_t result_length; + uint32_t value = 0; + + size_t needed = psasim_serialise_begin_needs() + + psasim_serialise_psa_sign_hash_interruptible_operation_t_needs(*operation); + + ser_params = malloc(needed); + if (ser_params == NULL) { + value = 0; + goto fail; + } + + uint8_t *pos = ser_params; + size_t remaining = needed; + int ok; + ok = psasim_serialise_begin(&pos, &remaining); + if (!ok) { + goto fail; + } + ok = psasim_serialise_psa_sign_hash_interruptible_operation_t(&pos, &remaining, *operation); + if (!ok) { + goto fail; + } + + ok = psa_crypto_call(PSA_SIGN_HASH_GET_NUM_OPS, + ser_params, (size_t) (pos - ser_params), &ser_result, &result_length); + if (!ok) { + printf("PSA_SIGN_HASH_GET_NUM_OPS server call failed\n"); + goto fail; + } + + uint8_t *rpos = ser_result; + size_t rremain = result_length; + + ok = psasim_deserialise_begin(&rpos, &rremain); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_uint32_t(&rpos, &rremain, &value); + if (!ok) { + goto fail; + } + +fail: + free(ser_params); + free(ser_result); + + return value; +} + + +psa_status_t psa_sign_hash_start( + psa_sign_hash_interruptible_operation_t *operation, + mbedtls_svc_key_id_t key, + psa_algorithm_t alg, + const uint8_t *hash, size_t hash_length + ) +{ + uint8_t *ser_params = NULL; + uint8_t *ser_result = NULL; + size_t result_length; + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + + size_t needed = psasim_serialise_begin_needs() + + psasim_serialise_psa_sign_hash_interruptible_operation_t_needs(*operation) + + psasim_serialise_mbedtls_svc_key_id_t_needs(key) + + psasim_serialise_psa_algorithm_t_needs(alg) + + psasim_serialise_buffer_needs(hash, hash_length); + + ser_params = malloc(needed); + if (ser_params == NULL) { + status = PSA_ERROR_INSUFFICIENT_MEMORY; + goto fail; + } + + uint8_t *pos = ser_params; + size_t remaining = needed; + int ok; + ok = psasim_serialise_begin(&pos, &remaining); + if (!ok) { + goto fail; + } + ok = psasim_serialise_psa_sign_hash_interruptible_operation_t(&pos, &remaining, *operation); + if (!ok) { + goto fail; + } + ok = psasim_serialise_mbedtls_svc_key_id_t(&pos, &remaining, key); + if (!ok) { + goto fail; + } + ok = psasim_serialise_psa_algorithm_t(&pos, &remaining, alg); + if (!ok) { + goto fail; + } + ok = psasim_serialise_buffer(&pos, &remaining, hash, hash_length); + if (!ok) { + goto fail; + } + + ok = psa_crypto_call(PSA_SIGN_HASH_START, + ser_params, (size_t) (pos - ser_params), &ser_result, &result_length); + if (!ok) { + printf("PSA_SIGN_HASH_START server call failed\n"); + goto fail; + } + + uint8_t *rpos = ser_result; + size_t rremain = result_length; + + ok = psasim_deserialise_begin(&rpos, &rremain); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_psa_status_t(&rpos, &rremain, &status); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_psa_sign_hash_interruptible_operation_t(&rpos, &rremain, operation); + if (!ok) { + goto fail; + } + +fail: + free(ser_params); + free(ser_result); + + return status; +} + + psa_status_t psa_sign_message( mbedtls_svc_key_id_t key, psa_algorithm_t alg, @@ -5035,6 +5425,277 @@ fail: } +psa_status_t psa_verify_hash_abort( + psa_verify_hash_interruptible_operation_t *operation + ) +{ + uint8_t *ser_params = NULL; + uint8_t *ser_result = NULL; + size_t result_length; + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + + size_t needed = psasim_serialise_begin_needs() + + psasim_serialise_psa_verify_hash_interruptible_operation_t_needs(*operation); + + ser_params = malloc(needed); + if (ser_params == NULL) { + status = PSA_ERROR_INSUFFICIENT_MEMORY; + goto fail; + } + + uint8_t *pos = ser_params; + size_t remaining = needed; + int ok; + ok = psasim_serialise_begin(&pos, &remaining); + if (!ok) { + goto fail; + } + ok = psasim_serialise_psa_verify_hash_interruptible_operation_t(&pos, &remaining, *operation); + if (!ok) { + goto fail; + } + + ok = psa_crypto_call(PSA_VERIFY_HASH_ABORT, + ser_params, (size_t) (pos - ser_params), &ser_result, &result_length); + if (!ok) { + printf("PSA_VERIFY_HASH_ABORT server call failed\n"); + goto fail; + } + + uint8_t *rpos = ser_result; + size_t rremain = result_length; + + ok = psasim_deserialise_begin(&rpos, &rremain); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_psa_status_t(&rpos, &rremain, &status); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_psa_verify_hash_interruptible_operation_t(&rpos, &rremain, operation); + if (!ok) { + goto fail; + } + +fail: + free(ser_params); + free(ser_result); + + return status; +} + + +psa_status_t psa_verify_hash_complete( + psa_verify_hash_interruptible_operation_t *operation + ) +{ + uint8_t *ser_params = NULL; + uint8_t *ser_result = NULL; + size_t result_length; + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + + size_t needed = psasim_serialise_begin_needs() + + psasim_serialise_psa_verify_hash_interruptible_operation_t_needs(*operation); + + ser_params = malloc(needed); + if (ser_params == NULL) { + status = PSA_ERROR_INSUFFICIENT_MEMORY; + goto fail; + } + + uint8_t *pos = ser_params; + size_t remaining = needed; + int ok; + ok = psasim_serialise_begin(&pos, &remaining); + if (!ok) { + goto fail; + } + ok = psasim_serialise_psa_verify_hash_interruptible_operation_t(&pos, &remaining, *operation); + if (!ok) { + goto fail; + } + + ok = psa_crypto_call(PSA_VERIFY_HASH_COMPLETE, + ser_params, (size_t) (pos - ser_params), &ser_result, &result_length); + if (!ok) { + printf("PSA_VERIFY_HASH_COMPLETE server call failed\n"); + goto fail; + } + + uint8_t *rpos = ser_result; + size_t rremain = result_length; + + ok = psasim_deserialise_begin(&rpos, &rremain); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_psa_status_t(&rpos, &rremain, &status); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_psa_verify_hash_interruptible_operation_t(&rpos, &rremain, operation); + if (!ok) { + goto fail; + } + +fail: + free(ser_params); + free(ser_result); + + return status; +} + + +uint32_t psa_verify_hash_get_num_ops( + const psa_verify_hash_interruptible_operation_t *operation + ) +{ + uint8_t *ser_params = NULL; + uint8_t *ser_result = NULL; + size_t result_length; + uint32_t value = 0; + + size_t needed = psasim_serialise_begin_needs() + + psasim_serialise_psa_verify_hash_interruptible_operation_t_needs(*operation); + + ser_params = malloc(needed); + if (ser_params == NULL) { + value = 0; + goto fail; + } + + uint8_t *pos = ser_params; + size_t remaining = needed; + int ok; + ok = psasim_serialise_begin(&pos, &remaining); + if (!ok) { + goto fail; + } + ok = psasim_serialise_psa_verify_hash_interruptible_operation_t(&pos, &remaining, *operation); + if (!ok) { + goto fail; + } + + ok = psa_crypto_call(PSA_VERIFY_HASH_GET_NUM_OPS, + ser_params, (size_t) (pos - ser_params), &ser_result, &result_length); + if (!ok) { + printf("PSA_VERIFY_HASH_GET_NUM_OPS server call failed\n"); + goto fail; + } + + uint8_t *rpos = ser_result; + size_t rremain = result_length; + + ok = psasim_deserialise_begin(&rpos, &rremain); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_uint32_t(&rpos, &rremain, &value); + if (!ok) { + goto fail; + } + +fail: + free(ser_params); + free(ser_result); + + return value; +} + + +psa_status_t psa_verify_hash_start( + psa_verify_hash_interruptible_operation_t *operation, + mbedtls_svc_key_id_t key, + psa_algorithm_t alg, + const uint8_t *hash, size_t hash_length, + const uint8_t *signature, size_t signature_length + ) +{ + uint8_t *ser_params = NULL; + uint8_t *ser_result = NULL; + size_t result_length; + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + + size_t needed = psasim_serialise_begin_needs() + + psasim_serialise_psa_verify_hash_interruptible_operation_t_needs(*operation) + + psasim_serialise_mbedtls_svc_key_id_t_needs(key) + + psasim_serialise_psa_algorithm_t_needs(alg) + + psasim_serialise_buffer_needs(hash, hash_length) + + psasim_serialise_buffer_needs(signature, signature_length); + + ser_params = malloc(needed); + if (ser_params == NULL) { + status = PSA_ERROR_INSUFFICIENT_MEMORY; + goto fail; + } + + uint8_t *pos = ser_params; + size_t remaining = needed; + int ok; + ok = psasim_serialise_begin(&pos, &remaining); + if (!ok) { + goto fail; + } + ok = psasim_serialise_psa_verify_hash_interruptible_operation_t(&pos, &remaining, *operation); + if (!ok) { + goto fail; + } + ok = psasim_serialise_mbedtls_svc_key_id_t(&pos, &remaining, key); + if (!ok) { + goto fail; + } + ok = psasim_serialise_psa_algorithm_t(&pos, &remaining, alg); + if (!ok) { + goto fail; + } + ok = psasim_serialise_buffer(&pos, &remaining, hash, hash_length); + if (!ok) { + goto fail; + } + ok = psasim_serialise_buffer(&pos, &remaining, signature, signature_length); + if (!ok) { + goto fail; + } + + ok = psa_crypto_call(PSA_VERIFY_HASH_START, + ser_params, (size_t) (pos - ser_params), &ser_result, &result_length); + if (!ok) { + printf("PSA_VERIFY_HASH_START server call failed\n"); + goto fail; + } + + uint8_t *rpos = ser_result; + size_t rremain = result_length; + + ok = psasim_deserialise_begin(&rpos, &rremain); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_psa_status_t(&rpos, &rremain, &status); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_psa_verify_hash_interruptible_operation_t(&rpos, &rremain, operation); + if (!ok) { + goto fail; + } + +fail: + free(ser_params); + free(ser_result); + + return status; +} + + psa_status_t psa_verify_message( mbedtls_svc_key_id_t key, psa_algorithm_t alg, diff --git a/tests/psa-client-server/psasim/src/psa_sim_crypto_server.c b/tests/psa-client-server/psasim/src/psa_sim_crypto_server.c index 41b4bc6516..eb313760bf 100644 --- a/tests/psa-client-server/psasim/src/psa_sim_crypto_server.c +++ b/tests/psa-client-server/psasim/src/psa_sim_crypto_server.c @@ -3676,6 +3676,111 @@ fail: return 0; // This shouldn't happen! } +// Returns 1 for success, 0 for failure +int psa_interruptible_get_max_ops_wrapper( + uint8_t *in_params, size_t in_params_len, + uint8_t **out_params, size_t *out_params_len) +{ + uint32_t value = 0; + + uint8_t *result = NULL; + int ok; + + // Now we call the actual target function + + value = psa_interruptible_get_max_ops( + ); + + // NOTE: Should really check there is no overflow as we go along. + size_t result_size = + psasim_serialise_begin_needs() + + psasim_serialise_uint32_t_needs(value); + + result = malloc(result_size); + if (result == NULL) { + goto fail; + } + + uint8_t *rpos = result; + size_t rremain = result_size; + + ok = psasim_serialise_begin(&rpos, &rremain); + if (!ok) { + goto fail; + } + + ok = psasim_serialise_uint32_t(&rpos, &rremain, value); + if (!ok) { + goto fail; + } + + *out_params = result; + *out_params_len = result_size; + + return 1; // success + +fail: + free(result); + + return 0; // This shouldn't happen! +} + +// Returns 1 for success, 0 for failure +int psa_interruptible_set_max_ops_wrapper( + uint8_t *in_params, size_t in_params_len, + uint8_t **out_params, size_t *out_params_len) +{ + uint32_t max_ops; + + uint8_t *pos = in_params; + size_t remaining = in_params_len; + uint8_t *result = NULL; + int ok; + + ok = psasim_deserialise_begin(&pos, &remaining); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_uint32_t(&pos, &remaining, &max_ops); + if (!ok) { + goto fail; + } + + // Now we call the actual target function + + psa_interruptible_set_max_ops( + max_ops + ); + + // NOTE: Should really check there is no overflow as we go along. + size_t result_size = + psasim_serialise_begin_needs(); + + result = malloc(result_size); + if (result == NULL) { + goto fail; + } + + uint8_t *rpos = result; + size_t rremain = result_size; + + ok = psasim_serialise_begin(&rpos, &rremain); + if (!ok) { + goto fail; + } + + *out_params = result; + *out_params_len = result_size; + + return 1; // success + +fail: + free(result); + + return 0; // This shouldn't happen! +} + // Returns 1 for success, 0 for failure int psa_key_derivation_abort_wrapper( uint8_t *in_params, size_t in_params_len, @@ -5584,6 +5689,333 @@ fail: return 0; // This shouldn't happen! } +// Returns 1 for success, 0 for failure +int psa_sign_hash_abort_wrapper( + uint8_t *in_params, size_t in_params_len, + uint8_t **out_params, size_t *out_params_len) +{ + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + psa_sign_hash_interruptible_operation_t *operation; + + uint8_t *pos = in_params; + size_t remaining = in_params_len; + uint8_t *result = NULL; + int ok; + + ok = psasim_deserialise_begin(&pos, &remaining); + if (!ok) { + goto fail; + } + + ok = psasim_server_deserialise_psa_sign_hash_interruptible_operation_t(&pos, &remaining, &operation); + if (!ok) { + goto fail; + } + + // Now we call the actual target function + + status = psa_sign_hash_abort( + operation + ); + + // NOTE: Should really check there is no overflow as we go along. + size_t result_size = + psasim_serialise_begin_needs() + + psasim_serialise_psa_status_t_needs(status) + + psasim_server_serialise_psa_sign_hash_interruptible_operation_t_needs(operation); + + result = malloc(result_size); + if (result == NULL) { + goto fail; + } + + uint8_t *rpos = result; + size_t rremain = result_size; + + ok = psasim_serialise_begin(&rpos, &rremain); + if (!ok) { + goto fail; + } + + ok = psasim_serialise_psa_status_t(&rpos, &rremain, status); + if (!ok) { + goto fail; + } + + ok = psasim_server_serialise_psa_sign_hash_interruptible_operation_t(&rpos, &rremain, operation); + if (!ok) { + goto fail; + } + + *out_params = result; + *out_params_len = result_size; + + return 1; // success + +fail: + free(result); + + return 0; // This shouldn't happen! +} + +// Returns 1 for success, 0 for failure +int psa_sign_hash_complete_wrapper( + uint8_t *in_params, size_t in_params_len, + uint8_t **out_params, size_t *out_params_len) +{ + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + psa_sign_hash_interruptible_operation_t *operation; + uint8_t *signature = NULL; + size_t signature_size; + size_t signature_length; + + uint8_t *pos = in_params; + size_t remaining = in_params_len; + uint8_t *result = NULL; + int ok; + + ok = psasim_deserialise_begin(&pos, &remaining); + if (!ok) { + goto fail; + } + + ok = psasim_server_deserialise_psa_sign_hash_interruptible_operation_t(&pos, &remaining, &operation); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_buffer(&pos, &remaining, &signature, &signature_size); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_size_t(&pos, &remaining, &signature_length); + if (!ok) { + goto fail; + } + + // Now we call the actual target function + + status = psa_sign_hash_complete( + operation, + signature, signature_size, + &signature_length + ); + + // NOTE: Should really check there is no overflow as we go along. + size_t result_size = + psasim_serialise_begin_needs() + + psasim_serialise_psa_status_t_needs(status) + + psasim_server_serialise_psa_sign_hash_interruptible_operation_t_needs(operation) + + psasim_serialise_buffer_needs(signature, signature_size) + + psasim_serialise_size_t_needs(signature_length); + + result = malloc(result_size); + if (result == NULL) { + goto fail; + } + + uint8_t *rpos = result; + size_t rremain = result_size; + + ok = psasim_serialise_begin(&rpos, &rremain); + if (!ok) { + goto fail; + } + + ok = psasim_serialise_psa_status_t(&rpos, &rremain, status); + if (!ok) { + goto fail; + } + + ok = psasim_server_serialise_psa_sign_hash_interruptible_operation_t(&rpos, &rremain, operation); + if (!ok) { + goto fail; + } + + ok = psasim_serialise_buffer(&rpos, &rremain, signature, signature_size); + if (!ok) { + goto fail; + } + + ok = psasim_serialise_size_t(&rpos, &rremain, signature_length); + if (!ok) { + goto fail; + } + + *out_params = result; + *out_params_len = result_size; + + free(signature); + + return 1; // success + +fail: + free(result); + + free(signature); + + return 0; // This shouldn't happen! +} + +// Returns 1 for success, 0 for failure +int psa_sign_hash_get_num_ops_wrapper( + uint8_t *in_params, size_t in_params_len, + uint8_t **out_params, size_t *out_params_len) +{ + uint32_t value = 0; + psa_sign_hash_interruptible_operation_t *operation; + + uint8_t *pos = in_params; + size_t remaining = in_params_len; + uint8_t *result = NULL; + int ok; + + ok = psasim_deserialise_begin(&pos, &remaining); + if (!ok) { + goto fail; + } + + ok = psasim_server_deserialise_psa_sign_hash_interruptible_operation_t(&pos, &remaining, &operation); + if (!ok) { + goto fail; + } + + // Now we call the actual target function + + value = psa_sign_hash_get_num_ops( + operation + ); + + // NOTE: Should really check there is no overflow as we go along. + size_t result_size = + psasim_serialise_begin_needs() + + psasim_serialise_uint32_t_needs(value); + + result = malloc(result_size); + if (result == NULL) { + goto fail; + } + + uint8_t *rpos = result; + size_t rremain = result_size; + + ok = psasim_serialise_begin(&rpos, &rremain); + if (!ok) { + goto fail; + } + + ok = psasim_serialise_uint32_t(&rpos, &rremain, value); + if (!ok) { + goto fail; + } + + *out_params = result; + *out_params_len = result_size; + + return 1; // success + +fail: + free(result); + + return 0; // This shouldn't happen! +} + +// Returns 1 for success, 0 for failure +int psa_sign_hash_start_wrapper( + uint8_t *in_params, size_t in_params_len, + uint8_t **out_params, size_t *out_params_len) +{ + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + psa_sign_hash_interruptible_operation_t *operation; + mbedtls_svc_key_id_t key; + psa_algorithm_t alg; + uint8_t *hash = NULL; + size_t hash_length; + + uint8_t *pos = in_params; + size_t remaining = in_params_len; + uint8_t *result = NULL; + int ok; + + ok = psasim_deserialise_begin(&pos, &remaining); + if (!ok) { + goto fail; + } + + ok = psasim_server_deserialise_psa_sign_hash_interruptible_operation_t(&pos, &remaining, &operation); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_mbedtls_svc_key_id_t(&pos, &remaining, &key); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_psa_algorithm_t(&pos, &remaining, &alg); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_buffer(&pos, &remaining, &hash, &hash_length); + if (!ok) { + goto fail; + } + + // Now we call the actual target function + + status = psa_sign_hash_start( + operation, + key, + alg, + hash, hash_length + ); + + // NOTE: Should really check there is no overflow as we go along. + size_t result_size = + psasim_serialise_begin_needs() + + psasim_serialise_psa_status_t_needs(status) + + psasim_server_serialise_psa_sign_hash_interruptible_operation_t_needs(operation); + + result = malloc(result_size); + if (result == NULL) { + goto fail; + } + + uint8_t *rpos = result; + size_t rremain = result_size; + + ok = psasim_serialise_begin(&rpos, &rremain); + if (!ok) { + goto fail; + } + + ok = psasim_serialise_psa_status_t(&rpos, &rremain, status); + if (!ok) { + goto fail; + } + + ok = psasim_server_serialise_psa_sign_hash_interruptible_operation_t(&rpos, &rremain, operation); + if (!ok) { + goto fail; + } + + *out_params = result; + *out_params_len = result_size; + + free(hash); + + return 1; // success + +fail: + free(result); + + free(hash); + + return 0; // This shouldn't happen! +} + // Returns 1 for success, 0 for failure int psa_sign_message_wrapper( uint8_t *in_params, size_t in_params_len, @@ -5787,6 +6219,312 @@ fail: return 0; // This shouldn't happen! } +// Returns 1 for success, 0 for failure +int psa_verify_hash_abort_wrapper( + uint8_t *in_params, size_t in_params_len, + uint8_t **out_params, size_t *out_params_len) +{ + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + psa_verify_hash_interruptible_operation_t *operation; + + uint8_t *pos = in_params; + size_t remaining = in_params_len; + uint8_t *result = NULL; + int ok; + + ok = psasim_deserialise_begin(&pos, &remaining); + if (!ok) { + goto fail; + } + + ok = psasim_server_deserialise_psa_verify_hash_interruptible_operation_t(&pos, &remaining, &operation); + if (!ok) { + goto fail; + } + + // Now we call the actual target function + + status = psa_verify_hash_abort( + operation + ); + + // NOTE: Should really check there is no overflow as we go along. + size_t result_size = + psasim_serialise_begin_needs() + + psasim_serialise_psa_status_t_needs(status) + + psasim_server_serialise_psa_verify_hash_interruptible_operation_t_needs(operation); + + result = malloc(result_size); + if (result == NULL) { + goto fail; + } + + uint8_t *rpos = result; + size_t rremain = result_size; + + ok = psasim_serialise_begin(&rpos, &rremain); + if (!ok) { + goto fail; + } + + ok = psasim_serialise_psa_status_t(&rpos, &rremain, status); + if (!ok) { + goto fail; + } + + ok = psasim_server_serialise_psa_verify_hash_interruptible_operation_t(&rpos, &rremain, operation); + if (!ok) { + goto fail; + } + + *out_params = result; + *out_params_len = result_size; + + return 1; // success + +fail: + free(result); + + return 0; // This shouldn't happen! +} + +// Returns 1 for success, 0 for failure +int psa_verify_hash_complete_wrapper( + uint8_t *in_params, size_t in_params_len, + uint8_t **out_params, size_t *out_params_len) +{ + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + psa_verify_hash_interruptible_operation_t *operation; + + uint8_t *pos = in_params; + size_t remaining = in_params_len; + uint8_t *result = NULL; + int ok; + + ok = psasim_deserialise_begin(&pos, &remaining); + if (!ok) { + goto fail; + } + + ok = psasim_server_deserialise_psa_verify_hash_interruptible_operation_t(&pos, &remaining, &operation); + if (!ok) { + goto fail; + } + + // Now we call the actual target function + + status = psa_verify_hash_complete( + operation + ); + + // NOTE: Should really check there is no overflow as we go along. + size_t result_size = + psasim_serialise_begin_needs() + + psasim_serialise_psa_status_t_needs(status) + + psasim_server_serialise_psa_verify_hash_interruptible_operation_t_needs(operation); + + result = malloc(result_size); + if (result == NULL) { + goto fail; + } + + uint8_t *rpos = result; + size_t rremain = result_size; + + ok = psasim_serialise_begin(&rpos, &rremain); + if (!ok) { + goto fail; + } + + ok = psasim_serialise_psa_status_t(&rpos, &rremain, status); + if (!ok) { + goto fail; + } + + ok = psasim_server_serialise_psa_verify_hash_interruptible_operation_t(&rpos, &rremain, operation); + if (!ok) { + goto fail; + } + + *out_params = result; + *out_params_len = result_size; + + return 1; // success + +fail: + free(result); + + return 0; // This shouldn't happen! +} + +// Returns 1 for success, 0 for failure +int psa_verify_hash_get_num_ops_wrapper( + uint8_t *in_params, size_t in_params_len, + uint8_t **out_params, size_t *out_params_len) +{ + uint32_t value = 0; + psa_verify_hash_interruptible_operation_t *operation; + + uint8_t *pos = in_params; + size_t remaining = in_params_len; + uint8_t *result = NULL; + int ok; + + ok = psasim_deserialise_begin(&pos, &remaining); + if (!ok) { + goto fail; + } + + ok = psasim_server_deserialise_psa_verify_hash_interruptible_operation_t(&pos, &remaining, &operation); + if (!ok) { + goto fail; + } + + // Now we call the actual target function + + value = psa_verify_hash_get_num_ops( + operation + ); + + // NOTE: Should really check there is no overflow as we go along. + size_t result_size = + psasim_serialise_begin_needs() + + psasim_serialise_uint32_t_needs(value); + + result = malloc(result_size); + if (result == NULL) { + goto fail; + } + + uint8_t *rpos = result; + size_t rremain = result_size; + + ok = psasim_serialise_begin(&rpos, &rremain); + if (!ok) { + goto fail; + } + + ok = psasim_serialise_uint32_t(&rpos, &rremain, value); + if (!ok) { + goto fail; + } + + *out_params = result; + *out_params_len = result_size; + + return 1; // success + +fail: + free(result); + + return 0; // This shouldn't happen! +} + +// Returns 1 for success, 0 for failure +int psa_verify_hash_start_wrapper( + uint8_t *in_params, size_t in_params_len, + uint8_t **out_params, size_t *out_params_len) +{ + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + psa_verify_hash_interruptible_operation_t *operation; + mbedtls_svc_key_id_t key; + psa_algorithm_t alg; + uint8_t *hash = NULL; + size_t hash_length; + uint8_t *signature = NULL; + size_t signature_length; + + uint8_t *pos = in_params; + size_t remaining = in_params_len; + uint8_t *result = NULL; + int ok; + + ok = psasim_deserialise_begin(&pos, &remaining); + if (!ok) { + goto fail; + } + + ok = psasim_server_deserialise_psa_verify_hash_interruptible_operation_t(&pos, &remaining, &operation); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_mbedtls_svc_key_id_t(&pos, &remaining, &key); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_psa_algorithm_t(&pos, &remaining, &alg); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_buffer(&pos, &remaining, &hash, &hash_length); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_buffer(&pos, &remaining, &signature, &signature_length); + if (!ok) { + goto fail; + } + + // Now we call the actual target function + + status = psa_verify_hash_start( + operation, + key, + alg, + hash, hash_length, + signature, signature_length + ); + + // NOTE: Should really check there is no overflow as we go along. + size_t result_size = + psasim_serialise_begin_needs() + + psasim_serialise_psa_status_t_needs(status) + + psasim_server_serialise_psa_verify_hash_interruptible_operation_t_needs(operation); + + result = malloc(result_size); + if (result == NULL) { + goto fail; + } + + uint8_t *rpos = result; + size_t rremain = result_size; + + ok = psasim_serialise_begin(&rpos, &rremain); + if (!ok) { + goto fail; + } + + ok = psasim_serialise_psa_status_t(&rpos, &rremain, status); + if (!ok) { + goto fail; + } + + ok = psasim_server_serialise_psa_verify_hash_interruptible_operation_t(&rpos, &rremain, operation); + if (!ok) { + goto fail; + } + + *out_params = result; + *out_params_len = result_size; + + free(hash); + free(signature); + + return 1; // success + +fail: + free(result); + + free(hash); + free(signature); + + return 0; // This shouldn't happen! +} + // Returns 1 for success, 0 for failure int psa_verify_message_wrapper( uint8_t *in_params, size_t in_params_len, @@ -6075,6 +6813,14 @@ psa_status_t psa_crypto_call(psa_msg_t msg) ok = psa_import_key_wrapper(in_params, in_params_len, &out_params, &out_params_len); break; + case PSA_INTERRUPTIBLE_GET_MAX_OPS: + ok = psa_interruptible_get_max_ops_wrapper(in_params, in_params_len, + &out_params, &out_params_len); + break; + case PSA_INTERRUPTIBLE_SET_MAX_OPS: + ok = psa_interruptible_set_max_ops_wrapper(in_params, in_params_len, + &out_params, &out_params_len); + break; case PSA_KEY_DERIVATION_ABORT: ok = psa_key_derivation_abort_wrapper(in_params, in_params_len, &out_params, &out_params_len); @@ -6163,6 +6909,22 @@ psa_status_t psa_crypto_call(psa_msg_t msg) ok = psa_sign_hash_wrapper(in_params, in_params_len, &out_params, &out_params_len); break; + case PSA_SIGN_HASH_ABORT: + ok = psa_sign_hash_abort_wrapper(in_params, in_params_len, + &out_params, &out_params_len); + break; + case PSA_SIGN_HASH_COMPLETE: + ok = psa_sign_hash_complete_wrapper(in_params, in_params_len, + &out_params, &out_params_len); + break; + case PSA_SIGN_HASH_GET_NUM_OPS: + ok = psa_sign_hash_get_num_ops_wrapper(in_params, in_params_len, + &out_params, &out_params_len); + break; + case PSA_SIGN_HASH_START: + ok = psa_sign_hash_start_wrapper(in_params, in_params_len, + &out_params, &out_params_len); + break; case PSA_SIGN_MESSAGE: ok = psa_sign_message_wrapper(in_params, in_params_len, &out_params, &out_params_len); @@ -6171,6 +6933,22 @@ psa_status_t psa_crypto_call(psa_msg_t msg) ok = psa_verify_hash_wrapper(in_params, in_params_len, &out_params, &out_params_len); break; + case PSA_VERIFY_HASH_ABORT: + ok = psa_verify_hash_abort_wrapper(in_params, in_params_len, + &out_params, &out_params_len); + break; + case PSA_VERIFY_HASH_COMPLETE: + ok = psa_verify_hash_complete_wrapper(in_params, in_params_len, + &out_params, &out_params_len); + break; + case PSA_VERIFY_HASH_GET_NUM_OPS: + ok = psa_verify_hash_get_num_ops_wrapper(in_params, in_params_len, + &out_params, &out_params_len); + break; + case PSA_VERIFY_HASH_START: + ok = psa_verify_hash_start_wrapper(in_params, in_params_len, + &out_params, &out_params_len); + break; case PSA_VERIFY_MESSAGE: ok = psa_verify_message_wrapper(in_params, in_params_len, &out_params, &out_params_len); diff --git a/tests/psa-client-server/psasim/src/psa_sim_generate.pl b/tests/psa-client-server/psasim/src/psa_sim_generate.pl index dfbced1d74..344ad2594e 100755 --- a/tests/psa-client-server/psasim/src/psa_sim_generate.pl +++ b/tests/psa-client-server/psasim/src/psa_sim_generate.pl @@ -4872,3 +4872,555 @@ psa_status_t psa_export_public_key(mbedtls_svc_key_id_t key, uint8_t *data, size_t data_size, size_t *data_length); + +/** + * \brief Set the maximum number of ops allowed to be + * executed by an interruptible function in a + * single call. + * + * \warning This is a beta API, and thus subject to change + * at any point. It is not bound by the usual + * interface stability promises. + * + * \note The time taken to execute a single op is + * implementation specific and depends on + * software, hardware, the algorithm, key type and + * curve chosen. Even within a single operation, + * successive ops can take differing amounts of + * time. The only guarantee is that lower values + * for \p max_ops means functions will block for a + * lesser maximum amount of time. The functions + * \c psa_sign_interruptible_get_num_ops() and + * \c psa_verify_interruptible_get_num_ops() are + * provided to help with tuning this value. + * + * \note This value defaults to + * #PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED, which + * means the whole operation will be done in one + * go, regardless of the number of ops required. + * + * \note If more ops are needed to complete a + * computation, #PSA_OPERATION_INCOMPLETE will be + * returned by the function performing the + * computation. It is then the caller's + * responsibility to either call again with the + * same operation context until it returns 0 or an + * error code; or to call the relevant abort + * function if the answer is no longer required. + * + * \note The interpretation of \p max_ops is also + * implementation defined. On a hard real time + * system, this can indicate a hard deadline, as a + * real-time system needs a guarantee of not + * spending more than X time, however care must be + * taken in such an implementation to avoid the + * situation whereby calls just return, not being + * able to do any actual work within the allotted + * time. On a non-real-time system, the + * implementation can be more relaxed, but again + * whether this number should be interpreted as as + * hard or soft limit or even whether a less than + * or equals as regards to ops executed in a + * single call is implementation defined. + * + * \note For keys in local storage when no accelerator + * driver applies, please see also the + * documentation for \c mbedtls_ecp_set_max_ops(), + * which is the internal implementation in these + * cases. + * + * \warning With implementations that interpret this number + * as a hard limit, setting this number too small + * may result in an infinite loop, whereby each + * call results in immediate return with no ops + * done (as there is not enough time to execute + * any), and thus no result will ever be achieved. + * + * \note This only applies to functions whose + * documentation mentions they may return + * #PSA_OPERATION_INCOMPLETE. + * + * \param max_ops The maximum number of ops to be executed in a + * single call. This can be a number from 0 to + * #PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED, where 0 + * is the least amount of work done per call. + */ +void psa_interruptible_set_max_ops(uint32_t max_ops); + +/** + * \brief Get the maximum number of ops allowed to be + * executed by an interruptible function in a + * single call. This will return the last + * value set by + * \c psa_interruptible_set_max_ops() or + * #PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED if + * that function has never been called. + * + * \warning This is a beta API, and thus subject to change + * at any point. It is not bound by the usual + * interface stability promises. + * + * \return Maximum number of ops allowed to be + * executed by an interruptible function in a + * single call. + */ +uint32_t psa_interruptible_get_max_ops(void); + +/** + * \brief Get the number of ops that a hash signing + * operation has taken so far. If the operation + * has completed, then this will represent the + * number of ops required for the entire + * operation. After initialization or calling + * \c psa_sign_hash_interruptible_abort() on + * the operation, a value of 0 will be returned. + * + * \note This interface is guaranteed re-entrant and + * thus may be called from driver code. + * + * \warning This is a beta API, and thus subject to change + * at any point. It is not bound by the usual + * interface stability promises. + * + * This is a helper provided to help you tune the + * value passed to \c + * psa_interruptible_set_max_ops(). + * + * \param operation The \c psa_sign_hash_interruptible_operation_t + * to use. This must be initialized first. + * + * \return Number of ops that the operation has taken so + * far. + */ +uint32_t psa_sign_hash_get_num_ops( + const psa_sign_hash_interruptible_operation_t *operation); + +/** + * \brief Get the number of ops that a hash verification + * operation has taken so far. If the operation + * has completed, then this will represent the + * number of ops required for the entire + * operation. After initialization or calling \c + * psa_verify_hash_interruptible_abort() on the + * operation, a value of 0 will be returned. + * + * \warning This is a beta API, and thus subject to change + * at any point. It is not bound by the usual + * interface stability promises. + * + * This is a helper provided to help you tune the + * value passed to \c + * psa_interruptible_set_max_ops(). + * + * \param operation The \c + * psa_verify_hash_interruptible_operation_t to + * use. This must be initialized first. + * + * \return Number of ops that the operation has taken so + * far. + */ +uint32_t psa_verify_hash_get_num_ops( + const psa_verify_hash_interruptible_operation_t *operation); + +/** + * \brief Start signing a hash or short message with a + * private key, in an interruptible manner. + * + * \see \c psa_sign_hash_complete() + * + * \warning This is a beta API, and thus subject to change + * at any point. It is not bound by the usual + * interface stability promises. + * + * \note This function combined with \c + * psa_sign_hash_complete() is equivalent to + * \c psa_sign_hash() but + * \c psa_sign_hash_complete() can return early and + * resume according to the limit set with \c + * psa_interruptible_set_max_ops() to reduce the + * maximum time spent in a function call. + * + * \note Users should call \c psa_sign_hash_complete() + * repeatedly on the same context after a + * successful call to this function until \c + * psa_sign_hash_complete() either returns 0 or an + * error. \c psa_sign_hash_complete() will return + * #PSA_OPERATION_INCOMPLETE if there is more work + * to do. Alternatively users can call + * \c psa_sign_hash_abort() at any point if they no + * longer want the result. + * + * \note If this function returns an error status, the + * operation enters an error state and must be + * aborted by calling \c psa_sign_hash_abort(). + * + * \param[in, out] operation The \c psa_sign_hash_interruptible_operation_t + * to use. This must be initialized first. + * + * \param key Identifier of the key to use for the operation. + * It must be an asymmetric key pair. The key must + * allow the usage #PSA_KEY_USAGE_SIGN_HASH. + * \param alg A signature algorithm (\c PSA_ALG_XXX + * value such that #PSA_ALG_IS_SIGN_HASH(\p alg) + * is true), that is compatible with + * the type of \p key. + * \param[in] hash The hash or message to sign. + * \param hash_length Size of the \p hash buffer in bytes. + * + * \retval #PSA_SUCCESS + * The operation started successfully - call \c psa_sign_hash_complete() + * with the same context to complete the operation + * + * \retval #PSA_ERROR_INVALID_HANDLE \emptydescription + * \retval #PSA_ERROR_NOT_PERMITTED + * The key does not have the #PSA_KEY_USAGE_SIGN_HASH flag, or it does + * not permit the requested algorithm. + * \retval #PSA_ERROR_BAD_STATE + * An operation has previously been started on this context, and is + * still in progress. + * \retval #PSA_ERROR_NOT_SUPPORTED \emptydescription + * \retval #PSA_ERROR_INVALID_ARGUMENT \emptydescription + * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription + * \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription + * \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription + * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription + * \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription + * \retval #PSA_ERROR_DATA_CORRUPT \emptydescription + * \retval #PSA_ERROR_DATA_INVALID \emptydescription + * \retval #PSA_ERROR_INSUFFICIENT_ENTROPY \emptydescription + * \retval #PSA_ERROR_BAD_STATE + * The library has not been previously initialized by psa_crypto_init(). + * It is implementation-dependent whether a failure to initialize + * results in this error code. + */ +psa_status_t psa_sign_hash_start( + psa_sign_hash_interruptible_operation_t *operation, + mbedtls_svc_key_id_t key, psa_algorithm_t alg, + const uint8_t *hash, size_t hash_length); + +/** + * \brief Continue and eventually complete the action of + * signing a hash or short message with a private + * key, in an interruptible manner. + * + * \see \c psa_sign_hash_start() + * + * \warning This is a beta API, and thus subject to change + * at any point. It is not bound by the usual + * interface stability promises. + * + * \note This function combined with \c + * psa_sign_hash_start() is equivalent to + * \c psa_sign_hash() but this function can return + * early and resume according to the limit set with + * \c psa_interruptible_set_max_ops() to reduce the + * maximum time spent in a function call. + * + * \note Users should call this function on the same + * operation object repeatedly until it either + * returns 0 or an error. This function will return + * #PSA_OPERATION_INCOMPLETE if there is more work + * to do. Alternatively users can call + * \c psa_sign_hash_abort() at any point if they no + * longer want the result. + * + * \note When this function returns successfully, the + * operation becomes inactive. If this function + * returns an error status, the operation enters an + * error state and must be aborted by calling + * \c psa_sign_hash_abort(). + * + * \param[in, out] operation The \c psa_sign_hash_interruptible_operation_t + * to use. This must be initialized first, and have + * had \c psa_sign_hash_start() called with it + * first. + * + * \param[out] signature Buffer where the signature is to be written. + * \param signature_size Size of the \p signature buffer in bytes. This + * must be appropriate for the selected + * algorithm and key: + * - The required signature size is + * #PSA_SIGN_OUTPUT_SIZE(\c key_type, \c + * key_bits, \c alg) where \c key_type and \c + * key_bits are the type and bit-size + * respectively of key. + * - #PSA_SIGNATURE_MAX_SIZE evaluates to the + * maximum signature size of any supported + * signature algorithm. + * \param[out] signature_length On success, the number of bytes that make up + * the returned signature value. + * + * \retval #PSA_SUCCESS + * Operation completed successfully + * + * \retval #PSA_OPERATION_INCOMPLETE + * Operation was interrupted due to the setting of \c + * psa_interruptible_set_max_ops(). There is still work to be done. + * Call this function again with the same operation object. + * + * \retval #PSA_ERROR_BUFFER_TOO_SMALL + * The size of the \p signature buffer is too small. You can + * determine a sufficient buffer size by calling + * #PSA_SIGN_OUTPUT_SIZE(\c key_type, \c key_bits, \c alg) + * where \c key_type and \c key_bits are the type and bit-size + * respectively of \c key. + * + * \retval #PSA_ERROR_BAD_STATE + * An operation was not previously started on this context via + * \c psa_sign_hash_start(). + * + * \retval #PSA_ERROR_NOT_SUPPORTED \emptydescription + * \retval #PSA_ERROR_INVALID_ARGUMENT \emptydescription + * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription + * \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription + * \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription + * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription + * \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription + * \retval #PSA_ERROR_DATA_CORRUPT \emptydescription + * \retval #PSA_ERROR_DATA_INVALID \emptydescription + * \retval #PSA_ERROR_INSUFFICIENT_ENTROPY \emptydescription + * \retval #PSA_ERROR_BAD_STATE + * The library has either not been previously initialized by + * psa_crypto_init() or you did not previously call + * psa_sign_hash_start() with this operation object. It is + * implementation-dependent whether a failure to initialize results in + * this error code. + */ +psa_status_t psa_sign_hash_complete( + psa_sign_hash_interruptible_operation_t *operation, + uint8_t *signature, size_t signature_size, + size_t *signature_length); + +/** + * \brief Abort a sign hash operation. + * + * \warning This is a beta API, and thus subject to change + * at any point. It is not bound by the usual + * interface stability promises. + * + * \note This function is the only function that clears + * the number of ops completed as part of the + * operation. Please ensure you copy this value via + * \c psa_sign_hash_get_num_ops() if required + * before calling. + * + * \note Aborting an operation frees all associated + * resources except for the \p operation structure + * itself. Once aborted, the operation object can + * be reused for another operation by calling \c + * psa_sign_hash_start() again. + * + * \note You may call this function any time after the + * operation object has been initialized. In + * particular, calling \c psa_sign_hash_abort() + * after the operation has already been terminated + * by a call to \c psa_sign_hash_abort() or + * psa_sign_hash_complete() is safe. + * + * \param[in,out] operation Initialized sign hash operation. + * + * \retval #PSA_SUCCESS + * The operation was aborted successfully. + * + * \retval #PSA_ERROR_NOT_SUPPORTED \emptydescription + * \retval #PSA_ERROR_BAD_STATE + * The library has not been previously initialized by psa_crypto_init(). + * It is implementation-dependent whether a failure to initialize + * results in this error code. + */ +psa_status_t psa_sign_hash_abort( + psa_sign_hash_interruptible_operation_t *operation); + +/** + * \brief Start reading and verifying a hash or short + * message, in an interruptible manner. + * + * \see \c psa_verify_hash_complete() + * + * \warning This is a beta API, and thus subject to change + * at any point. It is not bound by the usual + * interface stability promises. + * + * \note This function combined with \c + * psa_verify_hash_complete() is equivalent to + * \c psa_verify_hash() but \c + * psa_verify_hash_complete() can return early and + * resume according to the limit set with \c + * psa_interruptible_set_max_ops() to reduce the + * maximum time spent in a function. + * + * \note Users should call \c psa_verify_hash_complete() + * repeatedly on the same operation object after a + * successful call to this function until \c + * psa_verify_hash_complete() either returns 0 or + * an error. \c psa_verify_hash_complete() will + * return #PSA_OPERATION_INCOMPLETE if there is + * more work to do. Alternatively users can call + * \c psa_verify_hash_abort() at any point if they + * no longer want the result. + * + * \note If this function returns an error status, the + * operation enters an error state and must be + * aborted by calling \c psa_verify_hash_abort(). + * + * \param[in, out] operation The \c psa_verify_hash_interruptible_operation_t + * to use. This must be initialized first. + * + * \param key Identifier of the key to use for the operation. + * The key must allow the usage + * #PSA_KEY_USAGE_VERIFY_HASH. + * \param alg A signature algorithm (\c PSA_ALG_XXX + * value such that #PSA_ALG_IS_SIGN_HASH(\p alg) + * is true), that is compatible with + * the type of \p key. + * \param[in] hash The hash whose signature is to be verified. + * \param hash_length Size of the \p hash buffer in bytes. + * \param[in] signature Buffer containing the signature to verify. + * \param signature_length Size of the \p signature buffer in bytes. + * + * \retval #PSA_SUCCESS + * The operation started successfully - please call \c + * psa_verify_hash_complete() with the same context to complete the + * operation. + * + * \retval #PSA_ERROR_BAD_STATE + * Another operation has already been started on this context, and is + * still in progress. + * + * \retval #PSA_ERROR_NOT_PERMITTED + * The key does not have the #PSA_KEY_USAGE_VERIFY_HASH flag, or it does + * not permit the requested algorithm. + * + * \retval #PSA_ERROR_NOT_SUPPORTED \emptydescription + * \retval #PSA_ERROR_INVALID_ARGUMENT \emptydescription + * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription + * \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription + * \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription + * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription + * \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription + * \retval PSA_ERROR_DATA_CORRUPT \emptydescription + * \retval PSA_ERROR_DATA_INVALID \emptydescription + * \retval #PSA_ERROR_BAD_STATE + * The library has not been previously initialized by psa_crypto_init(). + * It is implementation-dependent whether a failure to initialize + * results in this error code. + */ +psa_status_t psa_verify_hash_start( + psa_verify_hash_interruptible_operation_t *operation, + mbedtls_svc_key_id_t key, psa_algorithm_t alg, + const uint8_t *hash, size_t hash_length, + const uint8_t *signature, size_t signature_length); + +/** + * \brief Continue and eventually complete the action of + * reading and verifying a hash or short message + * signed with a private key, in an interruptible + * manner. + * + * \see \c psa_verify_hash_start() + * + * \warning This is a beta API, and thus subject to change + * at any point. It is not bound by the usual + * interface stability promises. + * + * \note This function combined with \c + * psa_verify_hash_start() is equivalent to + * \c psa_verify_hash() but this function can + * return early and resume according to the limit + * set with \c psa_interruptible_set_max_ops() to + * reduce the maximum time spent in a function + * call. + * + * \note Users should call this function on the same + * operation object repeatedly until it either + * returns 0 or an error. This function will return + * #PSA_OPERATION_INCOMPLETE if there is more work + * to do. Alternatively users can call + * \c psa_verify_hash_abort() at any point if they + * no longer want the result. + * + * \note When this function returns successfully, the + * operation becomes inactive. If this function + * returns an error status, the operation enters an + * error state and must be aborted by calling + * \c psa_verify_hash_abort(). + * + * \param[in, out] operation The \c psa_verify_hash_interruptible_operation_t + * to use. This must be initialized first, and have + * had \c psa_verify_hash_start() called with it + * first. + * + * \retval #PSA_SUCCESS + * Operation completed successfully, and the passed signature is valid. + * + * \retval #PSA_OPERATION_INCOMPLETE + * Operation was interrupted due to the setting of \c + * psa_interruptible_set_max_ops(). There is still work to be done. + * Call this function again with the same operation object. + * + * \retval #PSA_ERROR_INVALID_HANDLE \emptydescription + * \retval #PSA_ERROR_INVALID_SIGNATURE + * The calculation was performed successfully, but the passed + * signature is not a valid signature. + * \retval #PSA_ERROR_BAD_STATE + * An operation was not previously started on this context via + * \c psa_verify_hash_start(). + * \retval #PSA_ERROR_NOT_SUPPORTED \emptydescription + * \retval #PSA_ERROR_INVALID_ARGUMENT \emptydescription + * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription + * \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription + * \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription + * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription + * \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription + * \retval #PSA_ERROR_DATA_CORRUPT \emptydescription + * \retval #PSA_ERROR_DATA_INVALID \emptydescription + * \retval #PSA_ERROR_INSUFFICIENT_ENTROPY \emptydescription + * \retval #PSA_ERROR_BAD_STATE + * The library has either not been previously initialized by + * psa_crypto_init() or you did not previously call + * psa_verify_hash_start() on this object. It is + * implementation-dependent whether a failure to initialize results in + * this error code. + */ +psa_status_t psa_verify_hash_complete( + psa_verify_hash_interruptible_operation_t *operation); + +/** + * \brief Abort a verify hash operation. + * + * \warning This is a beta API, and thus subject to change at + * any point. It is not bound by the usual interface + * stability promises. + * + * \note This function is the only function that clears the + * number of ops completed as part of the operation. + * Please ensure you copy this value via + * \c psa_verify_hash_get_num_ops() if required + * before calling. + * + * \note Aborting an operation frees all associated + * resources except for the operation structure + * itself. Once aborted, the operation object can be + * reused for another operation by calling \c + * psa_verify_hash_start() again. + * + * \note You may call this function any time after the + * operation object has been initialized. + * In particular, calling \c psa_verify_hash_abort() + * after the operation has already been terminated by + * a call to \c psa_verify_hash_abort() or + * psa_verify_hash_complete() is safe. + * + * \param[in,out] operation Initialized verify hash operation. + * + * \retval #PSA_SUCCESS + * The operation was aborted successfully. + * + * \retval #PSA_ERROR_NOT_SUPPORTED \emptydescription + * \retval #PSA_ERROR_BAD_STATE + * The library has not been previously initialized by psa_crypto_init(). + * It is implementation-dependent whether a failure to initialize + * results in this error code. + */ +psa_status_t psa_verify_hash_abort( + psa_verify_hash_interruptible_operation_t *operation); diff --git a/tests/psa-client-server/psasim/src/psa_sim_serialise.c b/tests/psa-client-server/psasim/src/psa_sim_serialise.c index 4de78021ef..84e233955b 100644 --- a/tests/psa-client-server/psasim/src/psa_sim_serialise.c +++ b/tests/psa-client-server/psasim/src/psa_sim_serialise.c @@ -253,6 +253,82 @@ static ssize_t find_key_derivation_slot_by_handle(psasim_client_handle_t handle) return -1; /* not found */ } +static psa_sign_hash_interruptible_operation_t sign_hash_interruptible_operations[MAX_LIVE_HANDLES_PER_CLASS]; +static psasim_client_handle_t sign_hash_interruptible_operation_handles[MAX_LIVE_HANDLES_PER_CLASS]; +static psasim_client_handle_t next_sign_hash_interruptible_operation_handle = 1; + +/* Get a free slot */ +static ssize_t allocate_sign_hash_interruptible_operation_slot(void) +{ + psasim_client_handle_t handle = next_sign_hash_interruptible_operation_handle++; + if (next_sign_hash_interruptible_operation_handle == 0) { /* wrapped around */ + FATAL("Sign_hash_interruptible operation handle wrapped"); + } + + for (ssize_t i = 0; i < MAX_LIVE_HANDLES_PER_CLASS; i++) { + if (sign_hash_interruptible_operation_handles[i] == 0) { + sign_hash_interruptible_operation_handles[i] = handle; + return i; + } + } + + ERROR("All slots are currently used. Unable to allocate a new one."); + + return -1; /* all in use */ +} + +/* Find the slot given the handle */ +static ssize_t find_sign_hash_interruptible_slot_by_handle(psasim_client_handle_t handle) +{ + for (ssize_t i = 0; i < MAX_LIVE_HANDLES_PER_CLASS; i++) { + if (sign_hash_interruptible_operation_handles[i] == handle) { + return i; + } + } + + ERROR("Unable to find slot by handle %u", handle); + + return -1; /* not found */ +} + +static psa_verify_hash_interruptible_operation_t verify_hash_interruptible_operations[MAX_LIVE_HANDLES_PER_CLASS]; +static psasim_client_handle_t verify_hash_interruptible_operation_handles[MAX_LIVE_HANDLES_PER_CLASS]; +static psasim_client_handle_t next_verify_hash_interruptible_operation_handle = 1; + +/* Get a free slot */ +static ssize_t allocate_verify_hash_interruptible_operation_slot(void) +{ + psasim_client_handle_t handle = next_verify_hash_interruptible_operation_handle++; + if (next_verify_hash_interruptible_operation_handle == 0) { /* wrapped around */ + FATAL("Verify_hash_interruptible operation handle wrapped"); + } + + for (ssize_t i = 0; i < MAX_LIVE_HANDLES_PER_CLASS; i++) { + if (verify_hash_interruptible_operation_handles[i] == 0) { + verify_hash_interruptible_operation_handles[i] = handle; + return i; + } + } + + ERROR("All slots are currently used. Unable to allocate a new one."); + + return -1; /* all in use */ +} + +/* Find the slot given the handle */ +static ssize_t find_verify_hash_interruptible_slot_by_handle(psasim_client_handle_t handle) +{ + for (ssize_t i = 0; i < MAX_LIVE_HANDLES_PER_CLASS; i++) { + if (verify_hash_interruptible_operation_handles[i] == handle) { + return i; + } + } + + ERROR("Unable to find slot by handle %u", handle); + + return -1; /* not found */ +} + size_t psasim_serialise_begin_needs(void) { /* The serialisation buffer will @@ -467,6 +543,41 @@ int psasim_deserialise_uint16_t(uint8_t **pos, return 1; } +size_t psasim_serialise_uint32_t_needs(uint32_t value) +{ + return sizeof(value); +} + +int psasim_serialise_uint32_t(uint8_t **pos, + size_t *remaining, + uint32_t value) +{ + if (*remaining < sizeof(value)) { + return 0; + } + + memcpy(*pos, &value, sizeof(value)); + *pos += sizeof(value); + + return 1; +} + +int psasim_deserialise_uint32_t(uint8_t **pos, + size_t *remaining, + uint32_t *value) +{ + if (*remaining < sizeof(*value)) { + return 0; + } + + memcpy(value, *pos, sizeof(*value)); + + *pos += sizeof(*value); + *remaining -= sizeof(*value); + + return 1; +} + size_t psasim_serialise_uint64_t_needs(uint64_t value) { return sizeof(value); @@ -1255,6 +1366,192 @@ int psasim_server_deserialise_psa_key_derivation_operation_t(uint8_t **pos, return 1; } +size_t psasim_serialise_psa_sign_hash_interruptible_operation_t_needs(psa_sign_hash_interruptible_operation_t value) +{ + return sizeof(value); +} + +int psasim_serialise_psa_sign_hash_interruptible_operation_t(uint8_t **pos, + size_t *remaining, + psa_sign_hash_interruptible_operation_t value) +{ + if (*remaining < sizeof(value)) { + return 0; + } + + memcpy(*pos, &value, sizeof(value)); + *pos += sizeof(value); + + return 1; +} + +int psasim_deserialise_psa_sign_hash_interruptible_operation_t(uint8_t **pos, + size_t *remaining, + psa_sign_hash_interruptible_operation_t *value) +{ + if (*remaining < sizeof(*value)) { + return 0; + } + + memcpy(value, *pos, sizeof(*value)); + + *pos += sizeof(*value); + *remaining -= sizeof(*value); + + return 1; +} + +size_t psasim_server_serialise_psa_sign_hash_interruptible_operation_t_needs(psa_sign_hash_interruptible_operation_t *operation) +{ + (void) operation; + + /* We will actually return a handle */ + return sizeof(psasim_operation_t); +} + +int psasim_server_serialise_psa_sign_hash_interruptible_operation_t(uint8_t **pos, + size_t *remaining, + psa_sign_hash_interruptible_operation_t *operation) +{ + psasim_operation_t client_operation; + + if (*remaining < sizeof(client_operation)) { + return 0; + } + + ssize_t slot = operation - sign_hash_interruptible_operations; + + client_operation.handle = sign_hash_interruptible_operation_handles[slot]; + + memcpy(*pos, &client_operation, sizeof(client_operation)); + *pos += sizeof(client_operation); + + return 1; +} + +int psasim_server_deserialise_psa_sign_hash_interruptible_operation_t(uint8_t **pos, + size_t *remaining, + psa_sign_hash_interruptible_operation_t **operation) +{ + psasim_operation_t client_operation; + + if (*remaining < sizeof(psasim_operation_t)) { + return 0; + } + + memcpy(&client_operation, *pos, sizeof(psasim_operation_t)); + *pos += sizeof(psasim_operation_t); + *remaining -= sizeof(psasim_operation_t); + + ssize_t slot; + if (client_operation.handle == 0) { /* We need a new handle */ + slot = allocate_sign_hash_interruptible_operation_slot(); + } else { + slot = find_sign_hash_interruptible_slot_by_handle(client_operation.handle); + } + + if (slot < 0) { + return 0; + } + + *operation = &sign_hash_interruptible_operations[slot]; + + return 1; +} + +size_t psasim_serialise_psa_verify_hash_interruptible_operation_t_needs(psa_verify_hash_interruptible_operation_t value) +{ + return sizeof(value); +} + +int psasim_serialise_psa_verify_hash_interruptible_operation_t(uint8_t **pos, + size_t *remaining, + psa_verify_hash_interruptible_operation_t value) +{ + if (*remaining < sizeof(value)) { + return 0; + } + + memcpy(*pos, &value, sizeof(value)); + *pos += sizeof(value); + + return 1; +} + +int psasim_deserialise_psa_verify_hash_interruptible_operation_t(uint8_t **pos, + size_t *remaining, + psa_verify_hash_interruptible_operation_t *value) +{ + if (*remaining < sizeof(*value)) { + return 0; + } + + memcpy(value, *pos, sizeof(*value)); + + *pos += sizeof(*value); + *remaining -= sizeof(*value); + + return 1; +} + +size_t psasim_server_serialise_psa_verify_hash_interruptible_operation_t_needs(psa_verify_hash_interruptible_operation_t *operation) +{ + (void) operation; + + /* We will actually return a handle */ + return sizeof(psasim_operation_t); +} + +int psasim_server_serialise_psa_verify_hash_interruptible_operation_t(uint8_t **pos, + size_t *remaining, + psa_verify_hash_interruptible_operation_t *operation) +{ + psasim_operation_t client_operation; + + if (*remaining < sizeof(client_operation)) { + return 0; + } + + ssize_t slot = operation - verify_hash_interruptible_operations; + + client_operation.handle = verify_hash_interruptible_operation_handles[slot]; + + memcpy(*pos, &client_operation, sizeof(client_operation)); + *pos += sizeof(client_operation); + + return 1; +} + +int psasim_server_deserialise_psa_verify_hash_interruptible_operation_t(uint8_t **pos, + size_t *remaining, + psa_verify_hash_interruptible_operation_t **operation) +{ + psasim_operation_t client_operation; + + if (*remaining < sizeof(psasim_operation_t)) { + return 0; + } + + memcpy(&client_operation, *pos, sizeof(psasim_operation_t)); + *pos += sizeof(psasim_operation_t); + *remaining -= sizeof(psasim_operation_t); + + ssize_t slot; + if (client_operation.handle == 0) { /* We need a new handle */ + slot = allocate_verify_hash_interruptible_operation_slot(); + } else { + slot = find_verify_hash_interruptible_slot_by_handle(client_operation.handle); + } + + if (slot < 0) { + return 0; + } + + *operation = &verify_hash_interruptible_operations[slot]; + + return 1; +} + size_t psasim_serialise_mbedtls_svc_key_id_t_needs(mbedtls_svc_key_id_t value) { return sizeof(value); @@ -1302,4 +1599,8 @@ void psa_sim_serialize_reset(void) memset(cipher_operations, 0, sizeof(cipher_operations)); memset(key_derivation_operation_handles, 0, sizeof(key_derivation_operation_handles)); memset(key_derivation_operations, 0, sizeof(key_derivation_operations)); + memset(sign_hash_interruptible_operation_handles, 0, sizeof(sign_hash_interruptible_operation_handles)); + memset(sign_hash_interruptible_operations, 0, sizeof(sign_hash_interruptible_operations)); + memset(verify_hash_interruptible_operation_handles, 0, sizeof(verify_hash_interruptible_operation_handles)); + memset(verify_hash_interruptible_operations, 0, sizeof(verify_hash_interruptible_operations)); } diff --git a/tests/psa-client-server/psasim/src/psa_sim_serialise.h b/tests/psa-client-server/psasim/src/psa_sim_serialise.h index 1028518dd6..4bd7fe954e 100644 --- a/tests/psa-client-server/psasim/src/psa_sim_serialise.h +++ b/tests/psa-client-server/psasim/src/psa_sim_serialise.h @@ -264,6 +264,48 @@ int psasim_deserialise_uint16_t(uint8_t **pos, size_t *remaining, uint16_t *value); +/** Return how much buffer space is needed by \c psasim_serialise_uint32_t() + * to serialise an `uint32_t`. + * + * \param value The value that will be serialised into the buffer + * (needed in case some serialisations are value- + * dependent). + * + * \return The number of bytes needed in the buffer by + * \c psasim_serialise_uint32_t() to serialise + * the given value. + */ +size_t psasim_serialise_uint32_t_needs(uint32_t value); + +/** Serialise an `uint32_t` into a buffer. + * + * \param pos[in,out] Pointer to a `uint8_t *` holding current position + * in the buffer. + * \param remaining[in,out] Pointer to a `size_t` holding number of bytes + * remaining in the buffer. + * \param value The value to serialise into the buffer. + * + * \return \c 1 on success ("okay"), \c 0 on error. + */ +int psasim_serialise_uint32_t(uint8_t **pos, + size_t *remaining, + uint32_t value); + +/** Deserialise an `uint32_t` from a buffer. + * + * \param pos[in,out] Pointer to a `uint8_t *` holding current position + * in the buffer. + * \param remaining[in,out] Pointer to a `size_t` holding number of bytes + * remaining in the buffer. + * \param value Pointer to an `uint32_t` to receive the value + * deserialised from the buffer. + * + * \return \c 1 on success ("okay"), \c 0 on error. + */ +int psasim_deserialise_uint32_t(uint8_t **pos, + size_t *remaining, + uint32_t *value); + /** Return how much buffer space is needed by \c psasim_serialise_uint64_t() * to serialise an `uint64_t`. * @@ -1011,6 +1053,174 @@ int psasim_server_deserialise_psa_key_derivation_operation_t(uint8_t **pos, size_t *remaining, psa_key_derivation_operation_t **value); +/** Return how much buffer space is needed by \c psasim_serialise_psa_sign_hash_interruptible_operation_t() + * to serialise a `psa_sign_hash_interruptible_operation_t`. + * + * \param value The value that will be serialised into the buffer + * (needed in case some serialisations are value- + * dependent). + * + * \return The number of bytes needed in the buffer by + * \c psasim_serialise_psa_sign_hash_interruptible_operation_t() to serialise + * the given value. + */ +size_t psasim_serialise_psa_sign_hash_interruptible_operation_t_needs(psa_sign_hash_interruptible_operation_t value); + +/** Serialise a `psa_sign_hash_interruptible_operation_t` into a buffer. + * + * \param pos[in,out] Pointer to a `uint8_t *` holding current position + * in the buffer. + * \param remaining[in,out] Pointer to a `size_t` holding number of bytes + * remaining in the buffer. + * \param value The value to serialise into the buffer. + * + * \return \c 1 on success ("okay"), \c 0 on error. + */ +int psasim_serialise_psa_sign_hash_interruptible_operation_t(uint8_t **pos, + size_t *remaining, + psa_sign_hash_interruptible_operation_t value); + +/** Deserialise a `psa_sign_hash_interruptible_operation_t` from a buffer. + * + * \param pos[in,out] Pointer to a `uint8_t *` holding current position + * in the buffer. + * \param remaining[in,out] Pointer to a `size_t` holding number of bytes + * remaining in the buffer. + * \param value Pointer to a `psa_sign_hash_interruptible_operation_t` to receive the value + * deserialised from the buffer. + * + * \return \c 1 on success ("okay"), \c 0 on error. + */ +int psasim_deserialise_psa_sign_hash_interruptible_operation_t(uint8_t **pos, + size_t *remaining, + psa_sign_hash_interruptible_operation_t *value); + +/** Return how much buffer space is needed by \c psasim_server_serialise_psa_sign_hash_interruptible_operation_t() + * to serialise a `psa_sign_hash_interruptible_operation_t`. + * + * \param value The value that will be serialised into the buffer + * (needed in case some serialisations are value- + * dependent). + * + * \return The number of bytes needed in the buffer by + * \c psasim_serialise_psa_sign_hash_interruptible_operation_t() to serialise + * the given value. + */ +size_t psasim_server_serialise_psa_sign_hash_interruptible_operation_t_needs(psa_sign_hash_interruptible_operation_t *value); + +/** Serialise a `psa_sign_hash_interruptible_operation_t` into a buffer on the server side. + * + * \param pos[in,out] Pointer to a `uint8_t *` holding current position + * in the buffer. + * \param remaining[in,out] Pointer to a `size_t` holding number of bytes + * remaining in the buffer. + * \param value The value to serialise into the buffer. + * + * \return \c 1 on success ("okay"), \c 0 on error. + */ +int psasim_server_serialise_psa_sign_hash_interruptible_operation_t(uint8_t **pos, + size_t *remaining, + psa_sign_hash_interruptible_operation_t *value); + +/** Deserialise a `psa_sign_hash_interruptible_operation_t` from a buffer on the server side. + * + * \param pos[in,out] Pointer to a `uint8_t *` holding current position + * in the buffer. + * \param remaining[in,out] Pointer to a `size_t` holding number of bytes + * remaining in the buffer. + * \param value Pointer to a `psa_sign_hash_interruptible_operation_t` to receive the value + * deserialised from the buffer. + * + * \return \c 1 on success ("okay"), \c 0 on error. + */ +int psasim_server_deserialise_psa_sign_hash_interruptible_operation_t(uint8_t **pos, + size_t *remaining, + psa_sign_hash_interruptible_operation_t **value); + +/** Return how much buffer space is needed by \c psasim_serialise_psa_verify_hash_interruptible_operation_t() + * to serialise a `psa_verify_hash_interruptible_operation_t`. + * + * \param value The value that will be serialised into the buffer + * (needed in case some serialisations are value- + * dependent). + * + * \return The number of bytes needed in the buffer by + * \c psasim_serialise_psa_verify_hash_interruptible_operation_t() to serialise + * the given value. + */ +size_t psasim_serialise_psa_verify_hash_interruptible_operation_t_needs(psa_verify_hash_interruptible_operation_t value); + +/** Serialise a `psa_verify_hash_interruptible_operation_t` into a buffer. + * + * \param pos[in,out] Pointer to a `uint8_t *` holding current position + * in the buffer. + * \param remaining[in,out] Pointer to a `size_t` holding number of bytes + * remaining in the buffer. + * \param value The value to serialise into the buffer. + * + * \return \c 1 on success ("okay"), \c 0 on error. + */ +int psasim_serialise_psa_verify_hash_interruptible_operation_t(uint8_t **pos, + size_t *remaining, + psa_verify_hash_interruptible_operation_t value); + +/** Deserialise a `psa_verify_hash_interruptible_operation_t` from a buffer. + * + * \param pos[in,out] Pointer to a `uint8_t *` holding current position + * in the buffer. + * \param remaining[in,out] Pointer to a `size_t` holding number of bytes + * remaining in the buffer. + * \param value Pointer to a `psa_verify_hash_interruptible_operation_t` to receive the value + * deserialised from the buffer. + * + * \return \c 1 on success ("okay"), \c 0 on error. + */ +int psasim_deserialise_psa_verify_hash_interruptible_operation_t(uint8_t **pos, + size_t *remaining, + psa_verify_hash_interruptible_operation_t *value); + +/** Return how much buffer space is needed by \c psasim_server_serialise_psa_verify_hash_interruptible_operation_t() + * to serialise a `psa_verify_hash_interruptible_operation_t`. + * + * \param value The value that will be serialised into the buffer + * (needed in case some serialisations are value- + * dependent). + * + * \return The number of bytes needed in the buffer by + * \c psasim_serialise_psa_verify_hash_interruptible_operation_t() to serialise + * the given value. + */ +size_t psasim_server_serialise_psa_verify_hash_interruptible_operation_t_needs(psa_verify_hash_interruptible_operation_t *value); + +/** Serialise a `psa_verify_hash_interruptible_operation_t` into a buffer on the server side. + * + * \param pos[in,out] Pointer to a `uint8_t *` holding current position + * in the buffer. + * \param remaining[in,out] Pointer to a `size_t` holding number of bytes + * remaining in the buffer. + * \param value The value to serialise into the buffer. + * + * \return \c 1 on success ("okay"), \c 0 on error. + */ +int psasim_server_serialise_psa_verify_hash_interruptible_operation_t(uint8_t **pos, + size_t *remaining, + psa_verify_hash_interruptible_operation_t *value); + +/** Deserialise a `psa_verify_hash_interruptible_operation_t` from a buffer on the server side. + * + * \param pos[in,out] Pointer to a `uint8_t *` holding current position + * in the buffer. + * \param remaining[in,out] Pointer to a `size_t` holding number of bytes + * remaining in the buffer. + * \param value Pointer to a `psa_verify_hash_interruptible_operation_t` to receive the value + * deserialised from the buffer. + * + * \return \c 1 on success ("okay"), \c 0 on error. + */ +int psasim_server_deserialise_psa_verify_hash_interruptible_operation_t(uint8_t **pos, + size_t *remaining, + psa_verify_hash_interruptible_operation_t **value); + /** Return how much buffer space is needed by \c psasim_serialise_mbedtls_svc_key_id_t() * to serialise a `mbedtls_svc_key_id_t`. * diff --git a/tests/psa-client-server/psasim/src/psa_sim_serialise.pl b/tests/psa-client-server/psasim/src/psa_sim_serialise.pl index 43ba661634..ed5dd9a25b 100755 --- a/tests/psa-client-server/psasim/src/psa_sim_serialise.pl +++ b/tests/psa-client-server/psasim/src/psa_sim_serialise.pl @@ -36,7 +36,7 @@ die($usage) unless $which eq "c" || $which eq "h"; # are). # my @types = qw(unsigned-int int size_t - uint16_t uint64_t + uint16_t uint32_t uint64_t buffer psa_key_production_parameters_t psa_status_t psa_algorithm_t psa_key_derivation_step_t @@ -46,6 +46,8 @@ my @types = qw(unsigned-int int size_t psa_mac_operation_t psa_cipher_operation_t psa_key_derivation_operation_t + psa_sign_hash_interruptible_operation_t + psa_verify_hash_interruptible_operation_t mbedtls_svc_key_id_t); grep(s/-/ /g, @types); From feb021695a2ba4114197592e15b9caa1bac1b943 Mon Sep 17 00:00:00 2001 From: Tom Cosgrove Date: Fri, 21 Jun 2024 17:18:35 +0100 Subject: [PATCH 380/429] psasim: add support for psa_copy_key() Signed-off-by: Tom Cosgrove --- .../psasim/src/psa_functions_codes.h | 1 + .../psasim/src/psa_sim_crypto_client.c | 75 +++++++++++++++ .../psasim/src/psa_sim_crypto_server.c | 87 ++++++++++++++++++ .../psasim/src/psa_sim_generate.pl | 92 +++++++++++++++++++ 4 files changed, 255 insertions(+) diff --git a/tests/psa-client-server/psasim/src/psa_functions_codes.h b/tests/psa-client-server/psasim/src/psa_functions_codes.h index 68d9f031f1..44b2a99f84 100644 --- a/tests/psa-client-server/psasim/src/psa_functions_codes.h +++ b/tests/psa-client-server/psasim/src/psa_functions_codes.h @@ -35,6 +35,7 @@ enum { PSA_CIPHER_GENERATE_IV, PSA_CIPHER_SET_IV, PSA_CIPHER_UPDATE, + PSA_COPY_KEY, PSA_DESTROY_KEY, PSA_EXPORT_KEY, PSA_EXPORT_PUBLIC_KEY, diff --git a/tests/psa-client-server/psasim/src/psa_sim_crypto_client.c b/tests/psa-client-server/psasim/src/psa_sim_crypto_client.c index 36fdfdb761..9f3ef08e08 100644 --- a/tests/psa-client-server/psasim/src/psa_sim_crypto_client.c +++ b/tests/psa-client-server/psasim/src/psa_sim_crypto_client.c @@ -2056,6 +2056,81 @@ fail: } +psa_status_t psa_copy_key( + mbedtls_svc_key_id_t source_key, + const psa_key_attributes_t *attributes, + mbedtls_svc_key_id_t *target_key + ) +{ + uint8_t *ser_params = NULL; + uint8_t *ser_result = NULL; + size_t result_length; + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + + size_t needed = psasim_serialise_begin_needs() + + psasim_serialise_mbedtls_svc_key_id_t_needs(source_key) + + psasim_serialise_psa_key_attributes_t_needs(*attributes) + + psasim_serialise_mbedtls_svc_key_id_t_needs(*target_key); + + ser_params = malloc(needed); + if (ser_params == NULL) { + status = PSA_ERROR_INSUFFICIENT_MEMORY; + goto fail; + } + + uint8_t *pos = ser_params; + size_t remaining = needed; + int ok; + ok = psasim_serialise_begin(&pos, &remaining); + if (!ok) { + goto fail; + } + ok = psasim_serialise_mbedtls_svc_key_id_t(&pos, &remaining, source_key); + if (!ok) { + goto fail; + } + ok = psasim_serialise_psa_key_attributes_t(&pos, &remaining, *attributes); + if (!ok) { + goto fail; + } + ok = psasim_serialise_mbedtls_svc_key_id_t(&pos, &remaining, *target_key); + if (!ok) { + goto fail; + } + + ok = psa_crypto_call(PSA_COPY_KEY, + ser_params, (size_t) (pos - ser_params), &ser_result, &result_length); + if (!ok) { + printf("PSA_COPY_KEY server call failed\n"); + goto fail; + } + + uint8_t *rpos = ser_result; + size_t rremain = result_length; + + ok = psasim_deserialise_begin(&rpos, &rremain); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_psa_status_t(&rpos, &rremain, &status); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_mbedtls_svc_key_id_t(&rpos, &rremain, target_key); + if (!ok) { + goto fail; + } + +fail: + free(ser_params); + free(ser_result); + + return status; +} + + psa_status_t psa_destroy_key( mbedtls_svc_key_id_t key ) diff --git a/tests/psa-client-server/psasim/src/psa_sim_crypto_server.c b/tests/psa-client-server/psasim/src/psa_sim_crypto_server.c index eb313760bf..29fc5213a6 100644 --- a/tests/psa-client-server/psasim/src/psa_sim_crypto_server.c +++ b/tests/psa-client-server/psasim/src/psa_sim_crypto_server.c @@ -2351,6 +2351,89 @@ fail: return 0; // This shouldn't happen! } +// Returns 1 for success, 0 for failure +int psa_copy_key_wrapper( + uint8_t *in_params, size_t in_params_len, + uint8_t **out_params, size_t *out_params_len) +{ + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + mbedtls_svc_key_id_t source_key; + psa_key_attributes_t attributes; + mbedtls_svc_key_id_t target_key; + + uint8_t *pos = in_params; + size_t remaining = in_params_len; + uint8_t *result = NULL; + int ok; + + ok = psasim_deserialise_begin(&pos, &remaining); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_mbedtls_svc_key_id_t(&pos, &remaining, &source_key); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_psa_key_attributes_t(&pos, &remaining, &attributes); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_mbedtls_svc_key_id_t(&pos, &remaining, &target_key); + if (!ok) { + goto fail; + } + + // Now we call the actual target function + + status = psa_copy_key( + source_key, + &attributes, + &target_key + ); + + // NOTE: Should really check there is no overflow as we go along. + size_t result_size = + psasim_serialise_begin_needs() + + psasim_serialise_psa_status_t_needs(status) + + psasim_serialise_mbedtls_svc_key_id_t_needs(target_key); + + result = malloc(result_size); + if (result == NULL) { + goto fail; + } + + uint8_t *rpos = result; + size_t rremain = result_size; + + ok = psasim_serialise_begin(&rpos, &rremain); + if (!ok) { + goto fail; + } + + ok = psasim_serialise_psa_status_t(&rpos, &rremain, status); + if (!ok) { + goto fail; + } + + ok = psasim_serialise_mbedtls_svc_key_id_t(&rpos, &rremain, target_key); + if (!ok) { + goto fail; + } + + *out_params = result; + *out_params_len = result_size; + + return 1; // success + +fail: + free(result); + + return 0; // This shouldn't happen! +} + // Returns 1 for success, 0 for failure int psa_destroy_key_wrapper( uint8_t *in_params, size_t in_params_len, @@ -6749,6 +6832,10 @@ psa_status_t psa_crypto_call(psa_msg_t msg) ok = psa_cipher_update_wrapper(in_params, in_params_len, &out_params, &out_params_len); break; + case PSA_COPY_KEY: + ok = psa_copy_key_wrapper(in_params, in_params_len, + &out_params, &out_params_len); + break; case PSA_DESTROY_KEY: ok = psa_destroy_key_wrapper(in_params, in_params_len, &out_params, &out_params_len); diff --git a/tests/psa-client-server/psasim/src/psa_sim_generate.pl b/tests/psa-client-server/psasim/src/psa_sim_generate.pl index 344ad2594e..9dafd0c834 100755 --- a/tests/psa-client-server/psasim/src/psa_sim_generate.pl +++ b/tests/psa-client-server/psasim/src/psa_sim_generate.pl @@ -5424,3 +5424,95 @@ psa_status_t psa_verify_hash_complete( */ psa_status_t psa_verify_hash_abort( psa_verify_hash_interruptible_operation_t *operation); + +/** Make a copy of a key. + * + * Copy key material from one location to another. + * + * This function is primarily useful to copy a key from one location + * to another, since it populates a key using the material from + * another key which may have a different lifetime. + * + * This function may be used to share a key with a different party, + * subject to implementation-defined restrictions on key sharing. + * + * The policy on the source key must have the usage flag + * #PSA_KEY_USAGE_COPY set. + * This flag is sufficient to permit the copy if the key has the lifetime + * #PSA_KEY_LIFETIME_VOLATILE or #PSA_KEY_LIFETIME_PERSISTENT. + * Some secure elements do not provide a way to copy a key without + * making it extractable from the secure element. If a key is located + * in such a secure element, then the key must have both usage flags + * #PSA_KEY_USAGE_COPY and #PSA_KEY_USAGE_EXPORT in order to make + * a copy of the key outside the secure element. + * + * The resulting key may only be used in a way that conforms to + * both the policy of the original key and the policy specified in + * the \p attributes parameter: + * - The usage flags on the resulting key are the bitwise-and of the + * usage flags on the source policy and the usage flags in \p attributes. + * - If both allow the same algorithm or wildcard-based + * algorithm policy, the resulting key has the same algorithm policy. + * - If either of the policies allows an algorithm and the other policy + * allows a wildcard-based algorithm policy that includes this algorithm, + * the resulting key allows the same algorithm. + * - If the policies do not allow any algorithm in common, this function + * fails with the status #PSA_ERROR_INVALID_ARGUMENT. + * + * The effect of this function on implementation-defined attributes is + * implementation-defined. + * + * \param source_key The key to copy. It must allow the usage + * #PSA_KEY_USAGE_COPY. If a private or secret key is + * being copied outside of a secure element it must + * also allow #PSA_KEY_USAGE_EXPORT. + * \param[in] attributes The attributes for the new key. + * They are used as follows: + * - The key type and size may be 0. If either is + * nonzero, it must match the corresponding + * attribute of the source key. + * - The key location (the lifetime and, for + * persistent keys, the key identifier) is + * used directly. + * - The policy constraints (usage flags and + * algorithm policy) are combined from + * the source key and \p attributes so that + * both sets of restrictions apply, as + * described in the documentation of this function. + * \param[out] target_key On success, an identifier for the newly created + * key. For persistent keys, this is the key + * identifier defined in \p attributes. + * \c 0 on failure. + * + * \retval #PSA_SUCCESS \emptydescription + * \retval #PSA_ERROR_INVALID_HANDLE + * \p source_key is invalid. + * \retval #PSA_ERROR_ALREADY_EXISTS + * This is an attempt to create a persistent key, and there is + * already a persistent key with the given identifier. + * \retval #PSA_ERROR_INVALID_ARGUMENT + * The lifetime or identifier in \p attributes are invalid, or + * the policy constraints on the source and specified in + * \p attributes are incompatible, or + * \p attributes specifies a key type or key size + * which does not match the attributes of the source key. + * \retval #PSA_ERROR_NOT_PERMITTED + * The source key does not have the #PSA_KEY_USAGE_COPY usage flag, or + * the source key is not exportable and its lifetime does not + * allow copying it to the target's lifetime. + * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription + * \retval #PSA_ERROR_INSUFFICIENT_STORAGE \emptydescription + * \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription + * \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription + * \retval #PSA_ERROR_DATA_INVALID \emptydescription + * \retval #PSA_ERROR_DATA_CORRUPT \emptydescription + * \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription + * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription + * \retval #PSA_ERROR_BAD_STATE + * The library has not been previously initialized by psa_crypto_init(). + * It is implementation-dependent whether a failure to initialize + * results in this error code. + */ +psa_status_t psa_copy_key(mbedtls_svc_key_id_t source_key, + const psa_key_attributes_t *attributes, + mbedtls_svc_key_id_t *target_key); From 4d8d5569d8a91b19778d836973322da140ee3033 Mon Sep 17 00:00:00 2001 From: Tom Cosgrove Date: Fri, 21 Jun 2024 17:23:39 +0100 Subject: [PATCH 381/429] psasim: add support for psa_reset_key_attributes() Signed-off-by: Tom Cosgrove --- .../psasim/src/psa_functions_codes.h | 1 + .../psasim/src/psa_sim_crypto_client.c | 54 +++++++++++++++ .../psasim/src/psa_sim_crypto_server.c | 66 +++++++++++++++++++ .../psasim/src/psa_sim_generate.pl | 14 ++++ 4 files changed, 135 insertions(+) diff --git a/tests/psa-client-server/psasim/src/psa_functions_codes.h b/tests/psa-client-server/psasim/src/psa_functions_codes.h index 44b2a99f84..bc1b84442a 100644 --- a/tests/psa-client-server/psasim/src/psa_functions_codes.h +++ b/tests/psa-client-server/psasim/src/psa_functions_codes.h @@ -75,6 +75,7 @@ enum { PSA_MAC_VERIFY_SETUP, PSA_PURGE_KEY, PSA_RAW_KEY_AGREEMENT, + PSA_RESET_KEY_ATTRIBUTES, PSA_SIGN_HASH, PSA_SIGN_HASH_ABORT, PSA_SIGN_HASH_COMPLETE, diff --git a/tests/psa-client-server/psasim/src/psa_sim_crypto_client.c b/tests/psa-client-server/psasim/src/psa_sim_crypto_client.c index 9f3ef08e08..091e354b19 100644 --- a/tests/psa-client-server/psasim/src/psa_sim_crypto_client.c +++ b/tests/psa-client-server/psasim/src/psa_sim_crypto_client.c @@ -4953,6 +4953,60 @@ fail: } +void psa_reset_key_attributes( + psa_key_attributes_t *attributes + ) +{ + uint8_t *ser_params = NULL; + uint8_t *ser_result = NULL; + size_t result_length; + + size_t needed = psasim_serialise_begin_needs() + + psasim_serialise_psa_key_attributes_t_needs(*attributes); + + ser_params = malloc(needed); + if (ser_params == NULL) { + goto fail; + } + + uint8_t *pos = ser_params; + size_t remaining = needed; + int ok; + ok = psasim_serialise_begin(&pos, &remaining); + if (!ok) { + goto fail; + } + ok = psasim_serialise_psa_key_attributes_t(&pos, &remaining, *attributes); + if (!ok) { + goto fail; + } + + ok = psa_crypto_call(PSA_RESET_KEY_ATTRIBUTES, + ser_params, (size_t) (pos - ser_params), &ser_result, &result_length); + if (!ok) { + printf("PSA_RESET_KEY_ATTRIBUTES server call failed\n"); + goto fail; + } + + uint8_t *rpos = ser_result; + size_t rremain = result_length; + + ok = psasim_deserialise_begin(&rpos, &rremain); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_psa_key_attributes_t(&rpos, &rremain, attributes); + if (!ok) { + goto fail; + } + +fail: + free(ser_params); + free(ser_result); +} + + psa_status_t psa_sign_hash( mbedtls_svc_key_id_t key, psa_algorithm_t alg, diff --git a/tests/psa-client-server/psasim/src/psa_sim_crypto_server.c b/tests/psa-client-server/psasim/src/psa_sim_crypto_server.c index 29fc5213a6..03e36c06e1 100644 --- a/tests/psa-client-server/psasim/src/psa_sim_crypto_server.c +++ b/tests/psa-client-server/psasim/src/psa_sim_crypto_server.c @@ -5661,6 +5661,68 @@ fail: return 0; // This shouldn't happen! } +// Returns 1 for success, 0 for failure +int psa_reset_key_attributes_wrapper( + uint8_t *in_params, size_t in_params_len, + uint8_t **out_params, size_t *out_params_len) +{ + psa_key_attributes_t attributes; + + uint8_t *pos = in_params; + size_t remaining = in_params_len; + uint8_t *result = NULL; + int ok; + + ok = psasim_deserialise_begin(&pos, &remaining); + if (!ok) { + goto fail; + } + + ok = psasim_deserialise_psa_key_attributes_t(&pos, &remaining, &attributes); + if (!ok) { + goto fail; + } + + // Now we call the actual target function + + psa_reset_key_attributes( + &attributes + ); + + // NOTE: Should really check there is no overflow as we go along. + size_t result_size = + psasim_serialise_begin_needs(); + psasim_serialise_psa_key_attributes_t_needs(attributes); + + result = malloc(result_size); + if (result == NULL) { + goto fail; + } + + uint8_t *rpos = result; + size_t rremain = result_size; + + ok = psasim_serialise_begin(&rpos, &rremain); + if (!ok) { + goto fail; + } + + ok = psasim_serialise_psa_key_attributes_t(&rpos, &rremain, attributes); + if (!ok) { + goto fail; + } + + *out_params = result; + *out_params_len = result_size; + + return 1; // success + +fail: + free(result); + + return 0; // This shouldn't happen! +} + // Returns 1 for success, 0 for failure int psa_sign_hash_wrapper( uint8_t *in_params, size_t in_params_len, @@ -6992,6 +7054,10 @@ psa_status_t psa_crypto_call(psa_msg_t msg) ok = psa_raw_key_agreement_wrapper(in_params, in_params_len, &out_params, &out_params_len); break; + case PSA_RESET_KEY_ATTRIBUTES: + ok = psa_reset_key_attributes_wrapper(in_params, in_params_len, + &out_params, &out_params_len); + break; case PSA_SIGN_HASH: ok = psa_sign_hash_wrapper(in_params, in_params_len, &out_params, &out_params_len); diff --git a/tests/psa-client-server/psasim/src/psa_sim_generate.pl b/tests/psa-client-server/psasim/src/psa_sim_generate.pl index 9dafd0c834..5673b677a3 100755 --- a/tests/psa-client-server/psasim/src/psa_sim_generate.pl +++ b/tests/psa-client-server/psasim/src/psa_sim_generate.pl @@ -5516,3 +5516,17 @@ psa_status_t psa_verify_hash_abort( psa_status_t psa_copy_key(mbedtls_svc_key_id_t source_key, const psa_key_attributes_t *attributes, mbedtls_svc_key_id_t *target_key); + +/** Reset a key attribute structure to a freshly initialized state. + * + * You must initialize the attribute structure as described in the + * documentation of the type #psa_key_attributes_t before calling this + * function. Once the structure has been initialized, you may call this + * function at any time. + * + * This function frees any auxiliary resources that the structure + * may contain. + * + * \param[in,out] attributes The attribute structure to reset. + */ +void psa_reset_key_attributes(psa_key_attributes_t *attributes); From d32fac276da9157047f94583de5d56c107eee8ea Mon Sep 17 00:00:00 2001 From: Tom Cosgrove Date: Fri, 21 Jun 2024 20:28:17 +0100 Subject: [PATCH 382/429] psasim: have the generator script check for type = "void" rather than name = "(void)" Signed-off-by: Tom Cosgrove --- tests/psa-client-server/psasim/src/psa_sim_generate.pl | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/tests/psa-client-server/psasim/src/psa_sim_generate.pl b/tests/psa-client-server/psasim/src/psa_sim_generate.pl index 5673b677a3..a0ee76a801 100755 --- a/tests/psa-client-server/psasim/src/psa_sim_generate.pl +++ b/tests/psa-client-server/psasim/src/psa_sim_generate.pl @@ -531,7 +531,7 @@ int ${name}_wrapper( { EOF - print $fh <{return}->{type}; my $ret_name = $f->{return}->{name}; my $args = $f->{args}; - if ($ret_name eq "(void)") { + if ($ret_type eq "void") { print $fh "\n $name(\n"; } else { print $fh "\n $ret_name = $name(\n"; From 1d08e2f2bc22288c97f3eed57cc853be9f590931 Mon Sep 17 00:00:00 2001 From: Thomas Daubney Date: Tue, 25 Jun 2024 09:18:20 +0100 Subject: [PATCH 383/429] Change guard implementation Signed-off-by: Thomas Daubney --- library/aes.c | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/library/aes.c b/library/aes.c index 203db0dcd7..f615267a36 100644 --- a/library/aes.c +++ b/library/aes.c @@ -979,9 +979,9 @@ int mbedtls_internal_aes_decrypt(mbedtls_aes_context *ctx, * have a different alignment with respect to 16-byte memory. So we may need * to realign. */ +#if defined(MAY_NEED_TO_ALIGN) MBEDTLS_MAYBE_UNUSED static void aes_maybe_realign(mbedtls_aes_context *ctx) { -#if defined(MAY_NEED_TO_ALIGN) unsigned new_offset = mbedtls_aes_rk_offset(ctx->buf); if (new_offset != ctx->rk_offset) { memmove(ctx->buf + new_offset, // new address @@ -989,10 +989,8 @@ MBEDTLS_MAYBE_UNUSED static void aes_maybe_realign(mbedtls_aes_context *ctx) (ctx->nr + 1) * 16); // number of round keys * bytes per rk ctx->rk_offset = new_offset; } -#endif /* MAY_NEED_TO_ALIGN */ - (void) ctx; } - +#endif /* MAY_NEED_TO_ALIGN */ /* * AES-ECB block encryption/decryption */ From 5beb236835ddcf06931c2b79bfac2d98b3ca3010 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Mon, 24 Jun 2024 13:13:17 +0200 Subject: [PATCH 384/429] psasim: merge all AUT programs into a single executable This makes both building and testing much faster. Signed-off-by: Valerio Setti --- tests/psa-client-server/psasim/Makefile | 19 ++++--- tests/psa-client-server/psasim/src/aut_main.c | 53 +++++++++++++++++++ .../{aut_psa_aead_demo.c => aut_psa_aead.c} | 12 ++--- .../psasim/src/aut_psa_hash.c | 40 ++------------ .../psasim/src/aut_psa_hash_compute.c | 42 ++------------- .../psa-client-server/psasim/test/run_test.sh | 12 +++-- tests/scripts/all.sh | 47 +++------------- 7 files changed, 94 insertions(+), 131 deletions(-) create mode 100644 tests/psa-client-server/psasim/src/aut_main.c rename tests/psa-client-server/psasim/src/{aut_psa_aead_demo.c => aut_psa_aead.c} (98%) diff --git a/tests/psa-client-server/psasim/Makefile b/tests/psa-client-server/psasim/Makefile index a7e22e131e..4b0c46e47c 100644 --- a/tests/psa-client-server/psasim/Makefile +++ b/tests/psa-client-server/psasim/Makefile @@ -1,5 +1,3 @@ -MAIN ?= src/client.c - CFLAGS += -Wall -Werror -std=c99 -D_XOPEN_SOURCE=1 -D_POSIX_C_SOURCE=200809L ifeq ($(DEBUG),1) @@ -16,11 +14,15 @@ GENERATED_H_FILES = include/psa_manifest/manifest.h \ include/psa_manifest/pid.h \ include/psa_manifest/sid.h -PSA_CLIENT_SRC = src/psa_ff_client.c \ - $(MAIN) \ +PSA_CLIENT_COMMON_SRC = src/psa_ff_client.c \ src/psa_sim_crypto_client.c \ src/psa_sim_serialise.c +PSA_CLIENT_BASE_SRC = $(PSA_CLIENT_COMMON_SRC) src/client.c + +PSA_CLIENT_FULL_SRC = $(PSA_CLIENT_COMMON_SRC) \ + $(wildcard src/aut_*.c) + PARTITION_SERVER_BOOTSTRAP = src/psa_ff_bootstrap_TEST_PARTITION.c PSA_SERVER_SRC = $(PARTITION_SERVER_BOOTSTRAP) \ @@ -35,8 +37,11 @@ all: test/seedfile: dd if=/dev/urandom of=./test/seedfile bs=64 count=1 -test/psa_client: $(PSA_CLIENT_SRC) $(GENERATED_H_FILES) - $(CC) $(COMMON_INCLUDE) $(CFLAGS) $(PSA_CLIENT_SRC) $(LIBPSACLIENT) $(LDFLAGS) -o $@ +test/psa_client_base: $(PSA_CLIENT_BASE_SRC) $(GENERATED_H_FILES) + $(CC) $(COMMON_INCLUDE) $(CFLAGS) $(PSA_CLIENT_BASE_SRC) $(LIBPSACLIENT) $(LDFLAGS) -o $@ + +test/psa_client_full: $(PSA_CLIENT_FULL_SRC) $(GENERATED_H_FILES) + $(CC) $(COMMON_INCLUDE) $(CFLAGS) $(PSA_CLIENT_FULL_SRC) $(LIBPSACLIENT) $(LDFLAGS) -o $@ test/psa_partition: $(PSA_SERVER_SRC) $(GENERATED_H_FILES) test/seedfile $(CC) $(COMMON_INCLUDE) $(CFLAGS) $(PSA_SERVER_SRC) $(LIBPSASERVER) $(LDFLAGS) -o $@ @@ -56,7 +61,7 @@ libpsaclient libpsaserver: $(MAKE) -C $(MBEDTLS_ROOT_PATH) clean clean: - rm -f test/psa_client test/psa_partition + rm -f test/psa_client_base test/psa_client_full test/psa_partition rm -f $(PARTITION_SERVER_BOOTSTRAP) rm -rf libpsaclient libpsaserver rm -rf include/psa_manifest diff --git a/tests/psa-client-server/psasim/src/aut_main.c b/tests/psa-client-server/psasim/src/aut_main.c new file mode 100644 index 0000000000..e1012a5f42 --- /dev/null +++ b/tests/psa-client-server/psasim/src/aut_main.c @@ -0,0 +1,53 @@ +/** + * This is the base AUT that exectues all other AUTs meant to test PSA APIs + * through PSASIM. + */ + +/* + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + */ + +/* First include Mbed TLS headers to get the Mbed TLS configuration and + * platform definitions that we'll use in this program. Also include + * standard C headers for functions we'll use here. */ +#include "mbedtls/build_info.h" + +#include "psa/crypto.h" + +#include +#include +#include + +int psa_hash_compute_main(void); +int psa_hash_main(void); +int psa_aead_main(char *cipher_name); + +#define TEST_MODULE(main_func) \ + do { \ + char title[128] = { 0 }; \ + char separator[128] = { 0 }; \ + int title_len = snprintf(title, sizeof(title), "=== Test: %s ===", #main_func); \ + memset(separator, '=', title_len); \ + printf("%s\n%s\n%s\n", separator, title, separator); \ + ret = main_func; \ + if (ret != 0) { \ + goto exit; \ + } \ + } while (0) + +int main() +{ + int ret; + + TEST_MODULE(psa_hash_compute_main()); + TEST_MODULE(psa_hash_main()); + + TEST_MODULE(psa_aead_main("aes128-gcm")); + TEST_MODULE(psa_aead_main("aes256-gcm")); + TEST_MODULE(psa_aead_main("aes128-gcm_8")); + TEST_MODULE(psa_aead_main("chachapoly")); + +exit: + return (ret != 0) ? 1 : 0; +} diff --git a/tests/psa-client-server/psasim/src/aut_psa_aead_demo.c b/tests/psa-client-server/psasim/src/aut_psa_aead.c similarity index 98% rename from tests/psa-client-server/psasim/src/aut_psa_aead_demo.c rename to tests/psa-client-server/psasim/src/aut_psa_aead.c index 4a46c4039c..aa9dfb0950 100644 --- a/tests/psa-client-server/psasim/src/aut_psa_aead_demo.c +++ b/tests/psa-client-server/psasim/src/aut_psa_aead.c @@ -46,7 +46,7 @@ !defined(MBEDTLS_AES_C) || !defined(MBEDTLS_GCM_C) || \ !defined(MBEDTLS_CHACHAPOLY_C) || \ defined(MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER)) -int main(void) +int psa_aead_main(void) { printf("MBEDTLS_PSA_CRYPTO_CLIENT or " "MBEDTLS_PSA_CRYPTO_C and/or " @@ -257,21 +257,15 @@ exit: /* * Main function */ -int main(int argc, char **argv) +int psa_aead_main(char *cipher_name) { psa_status_t status = PSA_SUCCESS; - /* Check usage */ - if (argc != 2) { - puts(usage); - return EXIT_FAILURE; - } - /* Initialize the PSA crypto library. */ PSA_CHECK(psa_crypto_init()); /* Run the demo */ - PSA_CHECK(aead_demo(argv[1])); + PSA_CHECK(aead_demo(cipher_name)); /* Deinitialize the PSA crypto library. */ mbedtls_psa_crypto_free(); diff --git a/tests/psa-client-server/psasim/src/aut_psa_hash.c b/tests/psa-client-server/psasim/src/aut_psa_hash.c index 6c2c07e062..0446e7a76a 100644 --- a/tests/psa-client-server/psasim/src/aut_psa_hash.c +++ b/tests/psa-client-server/psasim/src/aut_psa_hash.c @@ -1,13 +1,4 @@ /* - * Example computing a SHA-256 hash using the PSA Crypto API - * - * The example computes the SHA-256 hash of a test string using the - * one-shot API call psa_hash_compute() and the using multi-part - * operation, which requires psa_hash_setup(), psa_hash_update() and - * psa_hash_finish(). The multi-part operation is popular on embedded - * devices where a rolling hash needs to be computed. - * - * * Copyright The Mbed TLS Contributors * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ @@ -20,33 +11,13 @@ #include "mbedtls/build_info.h" #include "mbedtls/platform.h" -/* Information about hashing with the PSA API can be - * found here: - * https://arm-software.github.io/psa-api/crypto/1.1/api/ops/hashes.html - * - * The algorithm used by this demo is SHA 256. - * Please see include/psa/crypto_values.h to see the other - * algorithms that are supported by Mbed TLS. - * If you switch to a different algorithm you will need to update - * the hash data in the EXAMPLE_HASH_VALUE macro below. */ - -#if !defined(MBEDTLS_PSA_CRYPTO_CLIENT) && \ - (!defined(MBEDTLS_PSA_CRYPTO_C) || !defined(PSA_WANT_ALG_SHA_256)) -int main(void) -{ - mbedtls_printf("MBEDTLS_PSA_CRYPTO_C and PSA_WANT_ALG_SHA_256" - "not defined, and not MBEDTLS_PSA_CRYPTO_CLIENT.\r\n"); - return EXIT_SUCCESS; -} -#else - #define HASH_ALG PSA_ALG_SHA_256 -const uint8_t sample_message[] = "Hello World!"; +static const uint8_t sample_message[] = "Hello World!"; /* sample_message is terminated with a null byte which is not part of * the message itself so we make sure to subtract it in order to get * the message length. */ -const size_t sample_message_length = sizeof(sample_message) - 1; +static const size_t sample_message_length = sizeof(sample_message) - 1; #define EXPECTED_HASH_VALUE { \ 0x7f, 0x83, 0xb1, 0x65, 0x7f, 0xf1, 0xfc, 0x53, 0xb9, 0x2d, 0xc1, 0x81, \ @@ -54,10 +25,10 @@ const size_t sample_message_length = sizeof(sample_message) - 1; 0x4a, 0xdd, 0xd2, 0x00, 0x12, 0x6d, 0x90, 0x69 \ } -const uint8_t expected_hash[] = EXPECTED_HASH_VALUE; -const size_t expected_hash_len = sizeof(expected_hash); +static const uint8_t expected_hash[] = EXPECTED_HASH_VALUE; +static const size_t expected_hash_len = sizeof(expected_hash); -int main(void) +int psa_hash_main(void) { psa_status_t status; uint8_t hash[PSA_HASH_LENGTH(HASH_ALG)]; @@ -157,4 +128,3 @@ cleanup: psa_hash_abort(&cloned_hash_operation); return EXIT_FAILURE; } -#endif /* !MBEDTLS_PSA_CRYPTO_C || !PSA_WANT_ALG_SHA_256 */ diff --git a/tests/psa-client-server/psasim/src/aut_psa_hash_compute.c b/tests/psa-client-server/psasim/src/aut_psa_hash_compute.c index 70c3e5be4f..959e0c38ab 100644 --- a/tests/psa-client-server/psasim/src/aut_psa_hash_compute.c +++ b/tests/psa-client-server/psasim/src/aut_psa_hash_compute.c @@ -1,15 +1,4 @@ /* - * API(s) under test: psa_hash_compute() - * - * Taken from programs/psa/psa_hash.c, and calls to all hash APIs - * but psa_hash_compute() removed. - * - * Example computing a SHA-256 hash using the PSA Crypto API - * - * The example computes the SHA-256 hash of a test string using the - * one-shot API call psa_hash_compute(). - * - * * Copyright The Mbed TLS Contributors * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ @@ -22,33 +11,13 @@ #include "mbedtls/build_info.h" #include "mbedtls/platform.h" -/* Information about hashing with the PSA API can be - * found here: - * https://arm-software.github.io/psa-api/crypto/1.1/api/ops/hashes.html - * - * The algorithm used by this demo is SHA 256. - * Please see include/psa/crypto_values.h to see the other - * algorithms that are supported by Mbed TLS. - * If you switch to a different algorithm you will need to update - * the hash data in the EXAMPLE_HASH_VALUE macro below. */ - -#if !defined(MBEDTLS_PSA_CRYPTO_CLIENT) && \ - (!defined(MBEDTLS_PSA_CRYPTO_C) || !defined(PSA_WANT_ALG_SHA_256)) -int main(void) -{ - mbedtls_printf("MBEDTLS_PSA_CRYPTO_C and PSA_WANT_ALG_SHA_256" - "not defined, and not MBEDTLS_PSA_CRYPTO_CLIENT.\r\n"); - return EXIT_SUCCESS; -} -#else - #define HASH_ALG PSA_ALG_SHA_256 -const uint8_t sample_message[] = "Hello World!"; +static const uint8_t sample_message[] = "Hello World!"; /* sample_message is terminated with a null byte which is not part of * the message itself so we make sure to subtract it in order to get * the message length. */ -const size_t sample_message_length = sizeof(sample_message) - 1; +static const size_t sample_message_length = sizeof(sample_message) - 1; #define EXPECTED_HASH_VALUE { \ 0x7f, 0x83, 0xb1, 0x65, 0x7f, 0xf1, 0xfc, 0x53, 0xb9, 0x2d, 0xc1, 0x81, \ @@ -56,10 +25,10 @@ const size_t sample_message_length = sizeof(sample_message) - 1; 0x4a, 0xdd, 0xd2, 0x00, 0x12, 0x6d, 0x90, 0x69 \ } -const uint8_t expected_hash[] = EXPECTED_HASH_VALUE; -const size_t expected_hash_len = sizeof(expected_hash); +static const uint8_t expected_hash[] = EXPECTED_HASH_VALUE; +static const size_t expected_hash_len = sizeof(expected_hash); -int main(void) +int psa_hash_compute_main(void) { psa_status_t status; uint8_t hash[PSA_HASH_LENGTH(HASH_ALG)]; @@ -110,4 +79,3 @@ int main(void) cleanup: return EXIT_FAILURE; } -#endif /* !MBEDTLS_PSA_CRYPTO_C || !PSA_WANT_ALG_SHA_256 */ diff --git a/tests/psa-client-server/psasim/test/run_test.sh b/tests/psa-client-server/psasim/test/run_test.sh index 45a317a24e..7c1011ead2 100755 --- a/tests/psa-client-server/psasim/test/run_test.sh +++ b/tests/psa-client-server/psasim/test/run_test.sh @@ -13,6 +13,9 @@ set -e cd "$(dirname "$0")" +CLIENT_BIN=$1 +shift + function clean_run() { rm -f psa_notify_* pkill psa_partition || true @@ -30,8 +33,9 @@ function wait_for_server_startup() { clean_run -./psa_partition -k & -SERV_PID=$! +./psa_partition & wait_for_server_startup -./psa_client "$@" -wait $SERV_PID +./$CLIENT_BIN "$@" + +# Kill server once client exited +pkill psa_partition diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 1ea70ff5fb..5093d9a309 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -6080,47 +6080,16 @@ component_test_psasim() { msg "build library for client" helper_crypto_client_build client - msg "build psasim to test psa_client" - rm -f tests/psa-client-server/psasim/test/psa_client # In case left behind - make -C tests/psa-client-server/psasim CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS" test/psa_client + msg "build basic psasim client" + make -C tests/psa-client-server/psasim CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS" test/psa_client_base + msg "test basic psasim client" + tests/psa-client-server/psasim/test/run_test.sh psa_client_base - msg "test psasim" - tests/psa-client-server/psasim/test/run_test.sh + msg "build full psasim client" + make -C tests/psa-client-server/psasim CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS" test/psa_client_full + msg "test full psasim client" + tests/psa-client-server/psasim/test/run_test.sh psa_client_full - - msg "build psasim to test psa_hash_compute" - # Delete the executable to ensure we build using the right MAIN - rm tests/psa-client-server/psasim/test/psa_client - # API under test: psa_hash_compute() - make -C tests/psa-client-server/psasim CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS" MAIN="src/aut_psa_hash_compute.c" test/psa_client - - msg "test psasim running psa_hash_compute" - tests/psa-client-server/psasim/test/run_test.sh - - - # Next APIs under test: psa_hash_*(). Use our copy of the PSA hash example. - msg "build psasim to test all psa_hash_* APIs" - # Delete the executable to ensure we build using the right MAIN - rm tests/psa-client-server/psasim/test/psa_client - make -C tests/psa-client-server/psasim CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS" MAIN="src/aut_psa_hash.c" test/psa_client - - msg "test psasim running psa_hash sample" - tests/psa-client-server/psasim/test/run_test.sh - - - # Next APIs under test: psa_aead_*(). Use our copy of the PSA aead example. - msg "build psasim to test all psa_aead_* APIs" - # Delete the executable to ensure we build using the right MAIN - rm tests/psa-client-server/psasim/test/psa_client - make -C tests/psa-client-server/psasim CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS" MAIN="src/aut_psa_aead_demo.c" test/psa_client - - msg "test psasim running psa_aead_demo sample" - tests/psa-client-server/psasim/test/run_test.sh aes128-gcm - tests/psa-client-server/psasim/test/run_test.sh aes256-gcm - tests/psa-client-server/psasim/test/run_test.sh aes128-gcm_8 - tests/psa-client-server/psasim/test/run_test.sh chachapoly - - msg "clean psasim" make -C tests/psa-client-server/psasim clean } From 25afdc1309e1ea9847d0988cb7a6f8338510c667 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Mon, 24 Jun 2024 13:44:12 +0200 Subject: [PATCH 385/429] psasim: add AUT for psa_generate_random() Signed-off-by: Valerio Setti --- tests/psa-client-server/psasim/src/aut_main.c | 3 ++ .../psasim/src/aut_psa_random.c | 47 +++++++++++++++++++ 2 files changed, 50 insertions(+) create mode 100644 tests/psa-client-server/psasim/src/aut_psa_random.c diff --git a/tests/psa-client-server/psasim/src/aut_main.c b/tests/psa-client-server/psasim/src/aut_main.c index e1012a5f42..c4940c339a 100644 --- a/tests/psa-client-server/psasim/src/aut_main.c +++ b/tests/psa-client-server/psasim/src/aut_main.c @@ -22,6 +22,7 @@ int psa_hash_compute_main(void); int psa_hash_main(void); int psa_aead_main(char *cipher_name); +int psa_random_main(void); #define TEST_MODULE(main_func) \ do { \ @@ -48,6 +49,8 @@ int main() TEST_MODULE(psa_aead_main("aes128-gcm_8")); TEST_MODULE(psa_aead_main("chachapoly")); + TEST_MODULE(psa_random_main()); + exit: return (ret != 0) ? 1 : 0; } diff --git a/tests/psa-client-server/psasim/src/aut_psa_random.c b/tests/psa-client-server/psasim/src/aut_psa_random.c new file mode 100644 index 0000000000..5880c4deb9 --- /dev/null +++ b/tests/psa-client-server/psasim/src/aut_psa_random.c @@ -0,0 +1,47 @@ +/* + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + */ + +#include "mbedtls/build_info.h" + +#include +#include +#include +#include + +#include "mbedtls/entropy.h" + +#define BUFFER_SIZE 100 + +int psa_random_main(void) +{ + psa_status_t status; + uint8_t output[BUFFER_SIZE] = { 0 }; + + status = psa_crypto_init(); + if (status != PSA_SUCCESS) { + printf("psa_crypto_init failed\n"); + return EXIT_FAILURE; + } + + status = psa_generate_random(output, BUFFER_SIZE); + if (status != PSA_SUCCESS) { + printf("psa_generate_random failed\n"); + return EXIT_FAILURE; + } + + printf("Random bytes generated:\n"); + + for (size_t j = 0; j < BUFFER_SIZE; j++) { + if (j % 8 == 0) { + printf("\n "); + } + printf("%02x ", output[j]); + } + + printf("\n"); + + mbedtls_psa_crypto_free(); + return 0; +} From f79e17a3d50a05df89551a611f115e826c9b8500 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Mon, 24 Jun 2024 13:57:49 +0200 Subject: [PATCH 386/429] psasim: add AUT for MAC Signed-off-by: Valerio Setti --- tests/psa-client-server/psasim/src/aut_main.c | 3 + .../psasim/src/aut_psa_mac.c | 162 ++++++++++++++++++ 2 files changed, 165 insertions(+) create mode 100644 tests/psa-client-server/psasim/src/aut_psa_mac.c diff --git a/tests/psa-client-server/psasim/src/aut_main.c b/tests/psa-client-server/psasim/src/aut_main.c index c4940c339a..7d1d2c00fc 100644 --- a/tests/psa-client-server/psasim/src/aut_main.c +++ b/tests/psa-client-server/psasim/src/aut_main.c @@ -23,6 +23,7 @@ int psa_hash_compute_main(void); int psa_hash_main(void); int psa_aead_main(char *cipher_name); int psa_random_main(void); +int psa_mac_main(void); #define TEST_MODULE(main_func) \ do { \ @@ -51,6 +52,8 @@ int main() TEST_MODULE(psa_random_main()); + TEST_MODULE(psa_mac_main()); + exit: return (ret != 0) ? 1 : 0; } diff --git a/tests/psa-client-server/psasim/src/aut_psa_mac.c b/tests/psa-client-server/psasim/src/aut_psa_mac.c new file mode 100644 index 0000000000..18b4b571a3 --- /dev/null +++ b/tests/psa-client-server/psasim/src/aut_psa_mac.c @@ -0,0 +1,162 @@ +/* + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + */ + +#include "psa/crypto.h" +#include +#include +#include + +#include "mbedtls/build_info.h" + +/* constant-time buffer comparison */ +static inline int safer_memcmp(const void *a, const void *b, size_t n) +{ + size_t i; + volatile const unsigned char *A = (volatile const unsigned char *) a; + volatile const unsigned char *B = (volatile const unsigned char *) b; + volatile unsigned char diff = 0; + + for (i = 0; i < n; i++) { + /* Read volatile data in order before computing diff. + * This avoids IAR compiler warning: + * 'the order of volatile accesses is undefined ..' */ + unsigned char x = A[i], y = B[i]; + diff |= x ^ y; + } + + return diff; +} + + +int psa_mac_main(void) +{ + uint8_t input[] = "Hello World!"; + psa_status_t status; + size_t mac_size_real = 0; + psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; + psa_key_id_t key_id = 0; + uint8_t mac[PSA_MAC_MAX_SIZE]; + psa_mac_operation_t operation = PSA_MAC_OPERATION_INIT; + const uint8_t key_bytes[16] = "kkkkkkkkkkkkkkkk"; + const uint8_t mbedtls_test_hmac_sha256[] = { + 0xae, 0x72, 0x34, 0x5a, 0x10, 0x36, 0xfb, 0x71, + 0x35, 0x3c, 0x7d, 0x6c, 0x81, 0x98, 0x52, 0x86, + 0x00, 0x4a, 0x43, 0x7c, 0x2d, 0xb3, 0x1a, 0xd8, + 0x67, 0xb1, 0xad, 0x11, 0x4d, 0x18, 0x49, 0x8b + }; + + status = psa_crypto_init(); + if (status != PSA_SUCCESS) { + printf("psa_crypto_init failed\n"); + return EXIT_FAILURE; + } + + psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_VERIFY_MESSAGE | + PSA_KEY_USAGE_SIGN_HASH | + PSA_KEY_USAGE_SIGN_MESSAGE); + psa_set_key_algorithm(&attributes, PSA_ALG_HMAC(PSA_ALG_SHA_256)); + psa_set_key_type(&attributes, PSA_KEY_TYPE_HMAC); + + status = psa_import_key(&attributes, key_bytes, sizeof(key_bytes), &key_id); + if (status != PSA_SUCCESS) { + printf("psa_import_key failed\n"); + return EXIT_FAILURE; + } + + /* Single-part MAC operation with psa_mac_compute() */ + status = psa_mac_compute(key_id, + PSA_ALG_HMAC(PSA_ALG_SHA_256), + input, + sizeof(input), + mac, + sizeof(mac), + &mac_size_real); + if (status != PSA_SUCCESS) { + printf("psa_mac_compute failed\n"); + return EXIT_FAILURE; + } + + printf("HMAC-SHA-256(%s) with psa_mac_compute():\n", input); + + for (size_t j = 0; j < mac_size_real; j++) { + if (j % 8 == 0) { + printf("\n "); + } + printf("%02x ", mac[j]); + } + + printf("\n"); + + if (safer_memcmp(mac, + mbedtls_test_hmac_sha256, + mac_size_real + ) != 0) { + printf("\nMAC verified incorrectly!\n"); + } else { + printf("\nMAC verified correctly!\n"); + } + + psa_destroy_key(key_id); + + status = psa_import_key(&attributes, key_bytes, sizeof(key_bytes), &key_id); + if (status != PSA_SUCCESS) { + printf("psa_import_key failed\n"); + return EXIT_FAILURE; + } + + /* Single-part MAC operation with psa_mac_verify() */ + status = psa_mac_verify(key_id, + PSA_ALG_HMAC(PSA_ALG_SHA_256), + input, + sizeof(input), + mbedtls_test_hmac_sha256, + sizeof(mbedtls_test_hmac_sha256)); + if (status != PSA_SUCCESS) { + printf("psa_mac_verify failed\n"); + return EXIT_FAILURE; + } else { + printf("psa_mac_verify passed successfully\n"); + } + + psa_destroy_key(key_id); + + status = psa_import_key(&attributes, key_bytes, sizeof(key_bytes), &key_id); + if (status != PSA_SUCCESS) { + printf("psa_import_key failed\n"); + return EXIT_FAILURE; + } + + /* Multi-part MAC operation */ + status = psa_mac_sign_setup(&operation, key_id, PSA_ALG_HMAC(PSA_ALG_SHA_256)); + if (status != PSA_SUCCESS) { + printf("psa_mac_sign_setup failed\n"); + return EXIT_FAILURE; + } + + status = psa_mac_update(&operation, input, sizeof(input)); + if (status != PSA_SUCCESS) { + printf("psa_mac_update failed\n"); + return EXIT_FAILURE; + } + + status = psa_mac_sign_finish(&operation, mac, sizeof(mac), &mac_size_real); + if (status != PSA_SUCCESS) { + printf("psa_mac_sign_finish failed\n"); + return EXIT_FAILURE; + } + + if (safer_memcmp(mac, + mbedtls_test_hmac_sha256, + mac_size_real + ) != 0) { + printf("MAC, calculated with multi-part MAC operation, verified incorrectly!\n"); + } else { + printf("MAC, calculated with multi-part MAC operation, verified correctly!\n"); + } + + psa_destroy_key(key_id); + mbedtls_psa_crypto_free(); + return EXIT_SUCCESS; +} From 6d6fe8b2d5187d93cbf051e901e5b915970cd163 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Mon, 24 Jun 2024 14:46:08 +0200 Subject: [PATCH 387/429] psasim: add AUT for key generation and raw key agreement Signed-off-by: Valerio Setti --- tests/psa-client-server/psasim/src/aut_main.c | 2 + .../psasim/src/aut_psa_key_agreement.c | 146 ++++++++++++++++++ 2 files changed, 148 insertions(+) create mode 100644 tests/psa-client-server/psasim/src/aut_psa_key_agreement.c diff --git a/tests/psa-client-server/psasim/src/aut_main.c b/tests/psa-client-server/psasim/src/aut_main.c index 7d1d2c00fc..9604964082 100644 --- a/tests/psa-client-server/psasim/src/aut_main.c +++ b/tests/psa-client-server/psasim/src/aut_main.c @@ -24,6 +24,7 @@ int psa_hash_main(void); int psa_aead_main(char *cipher_name); int psa_random_main(void); int psa_mac_main(void); +int psa_key_agreement_main(void); #define TEST_MODULE(main_func) \ do { \ @@ -53,6 +54,7 @@ int main() TEST_MODULE(psa_random_main()); TEST_MODULE(psa_mac_main()); + TEST_MODULE(psa_key_agreement_main()); exit: return (ret != 0) ? 1 : 0; diff --git a/tests/psa-client-server/psasim/src/aut_psa_key_agreement.c b/tests/psa-client-server/psasim/src/aut_psa_key_agreement.c new file mode 100644 index 0000000000..4a0aab1477 --- /dev/null +++ b/tests/psa-client-server/psasim/src/aut_psa_key_agreement.c @@ -0,0 +1,146 @@ +/* + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + */ + + +#include "psa/crypto.h" +#include +#include +#include +#include "mbedtls/build_info.h" +#include "mbedtls/debug.h" +#include "mbedtls/platform.h" + +#define BUFFER_SIZE 500 + +#define SERVER_PK_VALUE { \ + 0x04, 0xde, 0xa5, 0xe4, 0x5d, 0x0e, 0xa3, 0x7f, 0xc5, \ + 0x66, 0x23, 0x2a, 0x50, 0x8f, 0x4a, 0xd2, 0x0e, 0xa1, \ + 0x3d, 0x47, 0xe4, 0xbf, 0x5f, 0xa4, 0xd5, 0x4a, 0x57, \ + 0xa0, 0xba, 0x01, 0x20, 0x42, 0x08, 0x70, 0x97, 0x49, \ + 0x6e, 0xfc, 0x58, 0x3f, 0xed, 0x8b, 0x24, 0xa5, 0xb9, \ + 0xbe, 0x9a, 0x51, 0xde, 0x06, 0x3f, 0x5a, 0x00, 0xa8, \ + 0xb6, 0x98, 0xa1, 0x6f, 0xd7, 0xf2, 0x9b, 0x54, 0x85, \ + 0xf3, 0x20 \ +} + +#define KEY_BITS 256 + +int psa_key_agreement_main(void) +{ + psa_status_t status; + psa_key_attributes_t client_attributes = PSA_KEY_ATTRIBUTES_INIT; + psa_key_attributes_t server_attributes = PSA_KEY_ATTRIBUTES_INIT; + psa_key_attributes_t check_attributes = PSA_KEY_ATTRIBUTES_INIT; + psa_key_id_t client_key_id = 0; + psa_key_id_t server_key_id = 0; + uint8_t client_pk[BUFFER_SIZE] = { 0 }; + size_t client_pk_len; + size_t key_bits; + psa_key_type_t key_type; + + const uint8_t server_pk[] = SERVER_PK_VALUE; + uint8_t derived_key[BUFFER_SIZE] = { 0 }; + size_t derived_key_len; + + status = psa_crypto_init(); + if (status != PSA_SUCCESS) { + mbedtls_printf("psa_crypto_init failed\n"); + return EXIT_FAILURE; + } + + psa_set_key_usage_flags(&client_attributes, PSA_KEY_USAGE_DERIVE); + psa_set_key_algorithm(&client_attributes, PSA_ALG_ECDH); + psa_set_key_type(&client_attributes, PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1)); + psa_set_key_bits(&client_attributes, KEY_BITS); + + /* Generate ephemeral key pair */ + status = psa_generate_key(&client_attributes, &client_key_id); + if (status != PSA_SUCCESS) { + mbedtls_printf("psa_generate_key failed\n"); + return EXIT_FAILURE; + } + status = psa_export_public_key(client_key_id, + client_pk, sizeof(client_pk), + &client_pk_len); + if (status != PSA_SUCCESS) { + mbedtls_printf("psa_export_public_key failed\n"); + return EXIT_FAILURE; + } + + mbedtls_printf("Client Public Key (%" MBEDTLS_PRINTF_SIZET " bytes):\n", client_pk_len); + + for (size_t j = 0; j < client_pk_len; j++) { + if (j % 8 == 0) { + mbedtls_printf("\n "); + } + mbedtls_printf("%02x ", client_pk[j]); + } + mbedtls_printf("\n\n"); + + psa_set_key_usage_flags(&server_attributes, PSA_KEY_USAGE_DERIVE | PSA_KEY_USAGE_EXPORT); + psa_set_key_algorithm(&server_attributes, PSA_ALG_ECDSA_ANY); + psa_set_key_type(&server_attributes, PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1)); + + /* Import server public key */ + status = psa_import_key(&server_attributes, server_pk, sizeof(server_pk), &server_key_id); + if (status != PSA_SUCCESS) { + mbedtls_printf("psa_import_key failed\n"); + return EXIT_FAILURE; + } + + status = psa_get_key_attributes(server_key_id, &check_attributes); + if (status != PSA_SUCCESS) { + mbedtls_printf("psa_get_key_attributes failed\n"); + return EXIT_FAILURE; + } + + key_bits = psa_get_key_bits(&check_attributes); + if (key_bits != 256) { + mbedtls_printf("Incompatible key size!\n"); + return EXIT_FAILURE; + } + + key_type = psa_get_key_type(&check_attributes); + if (key_type != PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1)) { + mbedtls_printf("Unsupported key type!\n"); + return EXIT_FAILURE; + } + + mbedtls_printf("Server Public Key (%" MBEDTLS_PRINTF_SIZET " bytes):\n", sizeof(server_pk)); + + for (size_t j = 0; j < sizeof(server_pk); j++) { + if (j % 8 == 0) { + mbedtls_printf("\n "); + } + mbedtls_printf("%02x ", server_pk[j]); + } + mbedtls_printf("\n\n"); + + /* Generate ECDHE derived key */ + status = psa_raw_key_agreement(PSA_ALG_ECDH, // algorithm + client_key_id, // client secret key + server_pk, sizeof(server_pk), // server public key + derived_key, sizeof(derived_key), // buffer to store derived key + &derived_key_len); + if (status != PSA_SUCCESS) { + mbedtls_printf("psa_raw_key_agreement failed\n"); + return EXIT_FAILURE; + } + + mbedtls_printf("Derived Key (%" MBEDTLS_PRINTF_SIZET " bytes):\n", derived_key_len); + + for (size_t j = 0; j < derived_key_len; j++) { + if (j % 8 == 0) { + mbedtls_printf("\n "); + } + mbedtls_printf("%02x ", derived_key[j]); + } + mbedtls_printf("\n"); + + psa_destroy_key(server_key_id); + psa_destroy_key(client_key_id); + mbedtls_psa_crypto_free(); + return EXIT_SUCCESS; +} From bb1502b804300782f5a9e1cf73a3eeb37d8194b7 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Mon, 24 Jun 2024 14:50:54 +0200 Subject: [PATCH 388/429] psasim: add AUT for PSA sign and verify Signed-off-by: Valerio Setti --- tests/psa-client-server/psasim/src/aut_main.c | 2 + .../psasim/src/aut_psa_sign_verify.c | 93 +++++++++++++++++++ 2 files changed, 95 insertions(+) create mode 100644 tests/psa-client-server/psasim/src/aut_psa_sign_verify.c diff --git a/tests/psa-client-server/psasim/src/aut_main.c b/tests/psa-client-server/psasim/src/aut_main.c index 9604964082..3eee631619 100644 --- a/tests/psa-client-server/psasim/src/aut_main.c +++ b/tests/psa-client-server/psasim/src/aut_main.c @@ -25,6 +25,7 @@ int psa_aead_main(char *cipher_name); int psa_random_main(void); int psa_mac_main(void); int psa_key_agreement_main(void); +int psa_sign_verify_main(void); #define TEST_MODULE(main_func) \ do { \ @@ -55,6 +56,7 @@ int main() TEST_MODULE(psa_mac_main()); TEST_MODULE(psa_key_agreement_main()); + TEST_MODULE(psa_sign_verify_main()); exit: return (ret != 0) ? 1 : 0; diff --git a/tests/psa-client-server/psasim/src/aut_psa_sign_verify.c b/tests/psa-client-server/psasim/src/aut_psa_sign_verify.c new file mode 100644 index 0000000000..98df9e5162 --- /dev/null +++ b/tests/psa-client-server/psasim/src/aut_psa_sign_verify.c @@ -0,0 +1,93 @@ +/* + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + */ + + +#include "psa/crypto.h" +#include +#include +#include + +#include "mbedtls/build_info.h" +#include "mbedtls/platform.h" + +#define KEY_BYTES_VALUE { \ + 0x49, 0xc9, 0xa8, 0xc1, 0x8c, 0x4b, 0x88, 0x56, 0x38, 0xc4, 0x31, 0xcf, \ + 0x1d, 0xf1, 0xc9, 0x94, 0x13, 0x16, 0x09, 0xb5, 0x80, 0xd4, 0xfd, 0x43, \ + 0xa0, 0xca, 0xb1, 0x7d, 0xb2, 0xf1, 0x3e, 0xee \ +} + +#define PLAINTEXT_VALUE "Hello World!" + +/* SHA-256(plaintext) */ +#define HASH_VALUE { \ + 0x5a, 0x09, 0xe8, 0xfa, 0x9c, 0x77, 0x80, 0x7b, 0x24, 0xe9, 0x9c, 0x9c, \ + 0xf9, 0x99, 0xde, 0xbf, 0xad, 0x84, 0x41, 0xe2, 0x69, 0xeb, 0x96, 0x0e, \ + 0x20, 0x1f, 0x61, 0xfc, 0x3d, 0xe2, 0x0d, 0x5a \ +} + +int psa_sign_verify_main(void) +{ + psa_status_t status; + psa_key_id_t key_id = 0; + psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; + uint8_t signature[PSA_SIGNATURE_MAX_SIZE] = { 0 }; + size_t signature_length; + const uint8_t key_bytes[] = KEY_BYTES_VALUE; + const uint8_t plaintext[] = PLAINTEXT_VALUE; + const uint8_t hash[] = HASH_VALUE; + + status = psa_crypto_init(); + if (status != PSA_SUCCESS) { + mbedtls_printf("psa_crypto_init failed\n"); + return EXIT_FAILURE; + } + + psa_set_key_usage_flags(&attributes, + PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH); + psa_set_key_algorithm(&attributes, PSA_ALG_ECDSA(PSA_ALG_SHA_256)); + psa_set_key_type(&attributes, PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1)); + + status = psa_import_key(&attributes, key_bytes, sizeof(key_bytes), &key_id); + if (status != PSA_SUCCESS) { + mbedtls_printf("psa_import_key failed\n"); + return EXIT_FAILURE; + } + + status = psa_sign_hash(key_id, // key handle + PSA_ALG_ECDSA(PSA_ALG_SHA_256), // signature algorithm + hash, sizeof(hash), // hash of the message + signature, sizeof(signature), // signature (as output) + &signature_length); // length of signature output + if (status != PSA_SUCCESS) { + mbedtls_printf("psa_sign_hash failed\n"); + return EXIT_FAILURE; + } + + mbedtls_printf("ECDSA-SHA256 signature of SHA-256('%s'):\n", plaintext); + + for (size_t j = 0; j < signature_length; j++) { + if (j % 8 == 0) { + mbedtls_printf("\n "); + } + mbedtls_printf("%02x ", signature[j]); + } + + mbedtls_printf("\n"); + + status = psa_verify_hash(key_id, // key handle + PSA_ALG_ECDSA(PSA_ALG_SHA_256), // signature algorithm + hash, sizeof(hash), // hash of message + signature, signature_length); // signature + if (status != PSA_SUCCESS) { + mbedtls_printf("psa_verify_hash failed\n"); + return EXIT_FAILURE; + } else { + mbedtls_printf("\nSignature verification successful!\n"); + } + + psa_destroy_key(key_id); + mbedtls_psa_crypto_free(); + return EXIT_SUCCESS; +} From a06b22d7092f5c37dd1dcf634b22432c34384144 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Mon, 24 Jun 2024 14:59:34 +0200 Subject: [PATCH 389/429] psasim: add AUT for symmetric encryption/decryption Signed-off-by: Valerio Setti --- tests/psa-client-server/psasim/src/aut_main.c | 12 +- ...{aut_psa_aead.c => aut_psa_aead_encrypt.c} | 52 +-------- .../psasim/src/aut_psa_aead_encrypt_decrypt.c | 109 ++++++++++++++++++ 3 files changed, 117 insertions(+), 56 deletions(-) rename tests/psa-client-server/psasim/src/{aut_psa_aead.c => aut_psa_aead_encrypt.c} (77%) create mode 100644 tests/psa-client-server/psasim/src/aut_psa_aead_encrypt_decrypt.c diff --git a/tests/psa-client-server/psasim/src/aut_main.c b/tests/psa-client-server/psasim/src/aut_main.c index 3eee631619..b0f96bee8b 100644 --- a/tests/psa-client-server/psasim/src/aut_main.c +++ b/tests/psa-client-server/psasim/src/aut_main.c @@ -21,7 +21,8 @@ int psa_hash_compute_main(void); int psa_hash_main(void); -int psa_aead_main(char *cipher_name); +int psa_aead_encrypt_main(char *cipher_name); +int psa_aead_encrypt_decrypt_main(void); int psa_random_main(void); int psa_mac_main(void); int psa_key_agreement_main(void); @@ -47,16 +48,17 @@ int main() TEST_MODULE(psa_hash_compute_main()); TEST_MODULE(psa_hash_main()); - TEST_MODULE(psa_aead_main("aes128-gcm")); - TEST_MODULE(psa_aead_main("aes256-gcm")); - TEST_MODULE(psa_aead_main("aes128-gcm_8")); - TEST_MODULE(psa_aead_main("chachapoly")); + TEST_MODULE(psa_aead_encrypt_main("aes128-gcm")); + TEST_MODULE(psa_aead_encrypt_main("aes256-gcm")); + TEST_MODULE(psa_aead_encrypt_main("aes128-gcm_8")); + TEST_MODULE(psa_aead_encrypt_main("chachapoly")); TEST_MODULE(psa_random_main()); TEST_MODULE(psa_mac_main()); TEST_MODULE(psa_key_agreement_main()); TEST_MODULE(psa_sign_verify_main()); + TEST_MODULE(psa_aead_encrypt_decrypt_main()); exit: return (ret != 0) ? 1 : 0; diff --git a/tests/psa-client-server/psasim/src/aut_psa_aead.c b/tests/psa-client-server/psasim/src/aut_psa_aead_encrypt.c similarity index 77% rename from tests/psa-client-server/psasim/src/aut_psa_aead.c rename to tests/psa-client-server/psasim/src/aut_psa_aead_encrypt.c index aa9dfb0950..64463f57fc 100644 --- a/tests/psa-client-server/psasim/src/aut_psa_aead.c +++ b/tests/psa-client-server/psasim/src/aut_psa_aead_encrypt.c @@ -1,37 +1,8 @@ -/** - * PSA API multi-part AEAD demonstration. - * - * This program AEAD-encrypts a message, using the algorithm and key size - * specified on the command line, using the multi-part API. - * - * It comes with a companion program cipher/cipher_aead_demo.c, which does the - * same operations with the legacy Cipher API. The goal is that comparing the - * two programs will help people migrating to the PSA Crypto API. - * - * When used with multi-part AEAD operations, the `mbedtls_cipher_context` - * serves a triple purpose (1) hold the key, (2) store the algorithm when no - * operation is active, and (3) save progress information for the current - * operation. With PSA those roles are held by disinct objects: (1) a - * psa_key_id_t to hold the key, a (2) psa_algorithm_t to represent the - * algorithm, and (3) a psa_operation_t for multi-part progress. - * - * On the other hand, with PSA, the algorithms encodes the desired tag length; - * with Cipher the desired tag length needs to be tracked separately. - * - * This program and its companion cipher/cipher_aead_demo.c illustrate this by - * doing the same sequence of multi-part AEAD computation with both APIs; - * looking at the two side by side should make the differences and - * similarities clear. - */ - /* * Copyright The Mbed TLS Contributors * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later */ -/* First include Mbed TLS headers to get the Mbed TLS configuration and - * platform definitions that we'll use in this program. Also include - * standard C headers for functions we'll use here. */ #include "mbedtls/build_info.h" #include "psa/crypto.h" @@ -40,25 +11,6 @@ #include #include -/* If the build options we need are not enabled, compile a placeholder. */ -#if !defined(MBEDTLS_PSA_CRYPTO_CLIENT) && \ - (!defined(MBEDTLS_PSA_CRYPTO_C) || \ - !defined(MBEDTLS_AES_C) || !defined(MBEDTLS_GCM_C) || \ - !defined(MBEDTLS_CHACHAPOLY_C) || \ - defined(MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER)) -int psa_aead_main(void) -{ - printf("MBEDTLS_PSA_CRYPTO_CLIENT or " - "MBEDTLS_PSA_CRYPTO_C and/or " - "MBEDTLS_AES_C and/or MBEDTLS_GCM_C and/or " - "MBEDTLS_CHACHAPOLY_C not defined, and/or " - "MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER defined\r\n"); - return 0; -} -#else - -/* The real program starts here. */ - const char usage[] = "Usage: aead_demo [aes128-gcm|aes256-gcm|aes128-gcm_8|chachapoly]"; @@ -257,7 +209,7 @@ exit: /* * Main function */ -int psa_aead_main(char *cipher_name) +int psa_aead_encrypt_main(char *cipher_name) { psa_status_t status = PSA_SUCCESS; @@ -273,5 +225,3 @@ int psa_aead_main(char *cipher_name) exit: return status == PSA_SUCCESS ? EXIT_SUCCESS : EXIT_FAILURE; } - -#endif diff --git a/tests/psa-client-server/psasim/src/aut_psa_aead_encrypt_decrypt.c b/tests/psa-client-server/psasim/src/aut_psa_aead_encrypt_decrypt.c new file mode 100644 index 0000000000..ca090ccc66 --- /dev/null +++ b/tests/psa-client-server/psasim/src/aut_psa_aead_encrypt_decrypt.c @@ -0,0 +1,109 @@ +/* + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + */ + +#include "psa/crypto.h" +#include +#include +#include + +#define BUFFER_SIZE 500 + +static void print_bytestr(const uint8_t *bytes, size_t len) +{ + for (unsigned int idx = 0; idx < len; idx++) { + printf("%02X", bytes[idx]); + } +} + +int psa_aead_encrypt_decrypt_main(void) +{ + psa_status_t status; + psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; + psa_key_id_t key_id = 0; + uint8_t encrypt[BUFFER_SIZE] = { 0 }; + uint8_t decrypt[BUFFER_SIZE] = { 0 }; + const uint8_t plaintext[] = "Hello World!"; + const uint8_t key_bytes[32] = "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"; + uint8_t nonce[PSA_AEAD_NONCE_LENGTH(PSA_KEY_TYPE_AES, PSA_ALG_CCM)]; + size_t nonce_length = sizeof(nonce); + size_t ciphertext_length; + size_t plaintext_length; + + status = psa_crypto_init(); + if (status != PSA_SUCCESS) { + printf("psa_crypto_init failed\n"); + return EXIT_FAILURE; + } + + psa_set_key_usage_flags(&attributes, + PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT); + psa_set_key_algorithm(&attributes, PSA_ALG_CCM); + psa_set_key_type(&attributes, PSA_KEY_TYPE_AES); + psa_set_key_bits(&attributes, 256); + + status = psa_import_key(&attributes, key_bytes, sizeof(key_bytes), &key_id); + if (status != PSA_SUCCESS) { + printf("psa_import_key failed\n"); + return EXIT_FAILURE; + } + + status = psa_generate_random(nonce, nonce_length); + if (status != PSA_SUCCESS) { + printf("psa_generate_random failed\n"); + return EXIT_FAILURE; + } + + status = psa_aead_encrypt(key_id, // key + PSA_ALG_CCM, // algorithm + nonce, nonce_length, // nonce + NULL, 0, // additional data + plaintext, sizeof(plaintext), // plaintext + encrypt, sizeof(encrypt), // ciphertext + &ciphertext_length); // length of output + if (status != PSA_SUCCESS) { + printf("psa_aead_encrypt failed\n"); + return EXIT_FAILURE; + } + + printf("AES-CCM encryption:\n"); + printf("- Plaintext: '%s':\n", plaintext); + printf("- Key: "); + print_bytestr(key_bytes, sizeof(key_bytes)); + printf("\n- Nonce: "); + print_bytestr(nonce, nonce_length); + printf("\n- No additional data\n"); + printf("- Ciphertext:\n"); + + for (size_t j = 0; j < ciphertext_length; j++) { + if (j % 8 == 0) { + printf("\n "); + } + printf("%02x ", encrypt[j]); + } + + printf("\n"); + + status = psa_aead_decrypt(key_id, // key + PSA_ALG_CCM, // algorithm + nonce, nonce_length, // nonce + NULL, 0, // additional data + encrypt, ciphertext_length, // ciphertext + decrypt, sizeof(decrypt), // plaintext + &plaintext_length); // length of output + if (status != PSA_SUCCESS) { + printf("psa_aead_decrypt failed\n"); + return EXIT_FAILURE; + } + + if (memcmp(plaintext, decrypt, sizeof(plaintext)) != 0) { + printf("\nEncryption/Decryption failed!\n"); + } else { + printf("\nEncryption/Decryption successful!\n"); + } + + psa_destroy_key(key_id); + mbedtls_psa_crypto_free(); + return 0; +} From 87be9db668a4032fbccddc4e7ba5ebda6f210ed6 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Mon, 24 Jun 2024 15:09:33 +0200 Subject: [PATCH 390/429] psasim: add AUT for key derivation Signed-off-by: Valerio Setti --- tests/psa-client-server/psasim/src/aut_main.c | 2 + .../psasim/src/aut_psa_hkdf.c | 121 ++++++++++++++++++ 2 files changed, 123 insertions(+) create mode 100644 tests/psa-client-server/psasim/src/aut_psa_hkdf.c diff --git a/tests/psa-client-server/psasim/src/aut_main.c b/tests/psa-client-server/psasim/src/aut_main.c index b0f96bee8b..f0cd1a09b3 100644 --- a/tests/psa-client-server/psasim/src/aut_main.c +++ b/tests/psa-client-server/psasim/src/aut_main.c @@ -27,6 +27,7 @@ int psa_random_main(void); int psa_mac_main(void); int psa_key_agreement_main(void); int psa_sign_verify_main(void); +int psa_hkdf_main(void); #define TEST_MODULE(main_func) \ do { \ @@ -59,6 +60,7 @@ int main() TEST_MODULE(psa_key_agreement_main()); TEST_MODULE(psa_sign_verify_main()); TEST_MODULE(psa_aead_encrypt_decrypt_main()); + TEST_MODULE(psa_hkdf_main()); exit: return (ret != 0) ? 1 : 0; diff --git a/tests/psa-client-server/psasim/src/aut_psa_hkdf.c b/tests/psa-client-server/psasim/src/aut_psa_hkdf.c new file mode 100644 index 0000000000..891fdb3f92 --- /dev/null +++ b/tests/psa-client-server/psasim/src/aut_psa_hkdf.c @@ -0,0 +1,121 @@ +/* + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + */ + +#include "psa/crypto.h" +#include +#include +#include +#include "mbedtls/build_info.h" + +int psa_hkdf_main(void) +{ + psa_status_t status; + psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; + psa_key_id_t key_id = 0; + psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT; + + /* Example test vector from RFC 5869 */ + + /* Input keying material (IKM) */ + unsigned char ikm[] = { 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, + 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b }; + + unsigned char salt[] = + { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c }; + + /* Context and application specific information, which can be of zero length */ + unsigned char info[] = { 0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7, 0xf8, 0xf9 }; + + /* Expected OKM based on the RFC 5869-provided test vector */ + unsigned char expected_okm[] = { 0x3c, 0xb2, 0x5f, 0x25, 0xfa, 0xac, 0xd5, 0x7a, 0x90, 0x43, + 0x4f, 0x64, 0xd0, 0x36, 0x2f, 0x2a, 0x2d, 0x2d, 0x0a, 0x90, + 0xcf, 0x1a, 0x5a, 0x4c, 0x5d, 0xb0, 0x2d, 0x56, 0xec, 0xc4, + 0xc5, 0xbf, 0x34, 0x00, 0x72, 0x08, 0xd5, 0xb8, 0x87, 0x18, + 0x58, 0x65 }; + + /* The output size of the HKDF function depends on the hash function used. + * In our case we use SHA-256, which produces a 32 byte fingerprint. + * Therefore, we allocate a buffer of 32 bytes to hold the output keying + * material (OKM). + */ + unsigned char output[32]; + + psa_algorithm_t alg = PSA_ALG_HKDF(PSA_ALG_SHA_256); + + printf("PSA Crypto API: HKDF SHA-256 example\n\n"); + + status = psa_crypto_init(); + if (status != PSA_SUCCESS) { + printf("psa_crypto_init failed\n"); + return EXIT_FAILURE; + } + + psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_DERIVE); + psa_set_key_algorithm(&attributes, PSA_ALG_HKDF(PSA_ALG_SHA_256)); + psa_set_key_type(&attributes, PSA_KEY_TYPE_DERIVE); + + status = psa_import_key(&attributes, ikm, sizeof(ikm), &key_id); + if (status != PSA_SUCCESS) { + printf("psa_import_key failed\n"); + return EXIT_FAILURE; + } + + status = psa_key_derivation_setup(&operation, alg); + if (status != PSA_SUCCESS) { + printf("psa_key_derivation_setup failed"); + return EXIT_FAILURE; + } + + status = psa_key_derivation_input_bytes(&operation, PSA_KEY_DERIVATION_INPUT_SALT, + salt, sizeof(salt)); + if (status != PSA_SUCCESS) { + printf("psa_key_derivation_input_bytes (salt) failed"); + return EXIT_FAILURE; + } + + status = psa_key_derivation_input_key(&operation, PSA_KEY_DERIVATION_INPUT_SECRET, + key_id); + if (status != PSA_SUCCESS) { + printf("psa_key_derivation_input_key failed"); + return EXIT_FAILURE; + } + + status = psa_key_derivation_input_bytes(&operation, PSA_KEY_DERIVATION_INPUT_INFO, + info, sizeof(info)); + if (status != PSA_SUCCESS) { + printf("psa_key_derivation_input_bytes (info) failed"); + return EXIT_FAILURE; + } + + status = psa_key_derivation_output_bytes(&operation, output, sizeof(output)); + if (status != PSA_SUCCESS) { + printf("psa_key_derivation_output_bytes failed"); + return EXIT_FAILURE; + } + + status = psa_key_derivation_abort(&operation); + if (status != PSA_SUCCESS) { + printf("psa_key_derivation_abort failed"); + return EXIT_FAILURE; + } + + printf("OKM: \n"); + + for (size_t j = 0; j < sizeof(output); j++) { + if (output[j] != expected_okm[j]) { + printf("\n --- Unexpected outcome!\n"); + return EXIT_FAILURE; + } + + if (j % 8 == 0) { + printf("\n "); + } + printf("%02x ", output[j]); + } + + printf("\n"); + mbedtls_psa_crypto_free(); + return EXIT_SUCCESS; +} From e9829e59c50878680344bf167aa0be616bf83457 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Mon, 24 Jun 2024 16:37:27 +0200 Subject: [PATCH 391/429] psasim: add AUT for cipher encryption/decryption Signed-off-by: Valerio Setti --- tests/psa-client-server/psasim/src/aut_main.c | 4 +- .../src/aut_psa_cipher_encrypt_decrypt.c | 81 +++++++++++++++++++ 2 files changed, 84 insertions(+), 1 deletion(-) create mode 100644 tests/psa-client-server/psasim/src/aut_psa_cipher_encrypt_decrypt.c diff --git a/tests/psa-client-server/psasim/src/aut_main.c b/tests/psa-client-server/psasim/src/aut_main.c index f0cd1a09b3..2c4a8fb90d 100644 --- a/tests/psa-client-server/psasim/src/aut_main.c +++ b/tests/psa-client-server/psasim/src/aut_main.c @@ -23,6 +23,7 @@ int psa_hash_compute_main(void); int psa_hash_main(void); int psa_aead_encrypt_main(char *cipher_name); int psa_aead_encrypt_decrypt_main(void); +int psa_cipher_encrypt_decrypt_main(void); int psa_random_main(void); int psa_mac_main(void); int psa_key_agreement_main(void); @@ -53,13 +54,14 @@ int main() TEST_MODULE(psa_aead_encrypt_main("aes256-gcm")); TEST_MODULE(psa_aead_encrypt_main("aes128-gcm_8")); TEST_MODULE(psa_aead_encrypt_main("chachapoly")); + TEST_MODULE(psa_aead_encrypt_decrypt_main()); + TEST_MODULE(psa_cipher_encrypt_decrypt_main()); TEST_MODULE(psa_random_main()); TEST_MODULE(psa_mac_main()); TEST_MODULE(psa_key_agreement_main()); TEST_MODULE(psa_sign_verify_main()); - TEST_MODULE(psa_aead_encrypt_decrypt_main()); TEST_MODULE(psa_hkdf_main()); exit: diff --git a/tests/psa-client-server/psasim/src/aut_psa_cipher_encrypt_decrypt.c b/tests/psa-client-server/psasim/src/aut_psa_cipher_encrypt_decrypt.c new file mode 100644 index 0000000000..a923feb618 --- /dev/null +++ b/tests/psa-client-server/psasim/src/aut_psa_cipher_encrypt_decrypt.c @@ -0,0 +1,81 @@ +/* + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + */ + +#include "psa/crypto.h" +#include +#include +#include + +#define BUFFER_SIZE 4096 + +static void print_bytestr(const uint8_t *bytes, size_t len) +{ + for (unsigned int idx = 0; idx < len; idx++) { + printf("%02X", bytes[idx]); + } +} + +int psa_cipher_encrypt_decrypt_main(void) +{ + psa_status_t status; + psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; + psa_key_id_t key_id = 0; + uint8_t original[BUFFER_SIZE] = { 0 }; + uint8_t encrypt[BUFFER_SIZE] = { 0 }; + uint8_t decrypt[BUFFER_SIZE] = { 0 }; + const uint8_t key_bytes[32] = "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"; + size_t encrypted_length; + size_t decrypted_length; + + status = psa_crypto_init(); + if (status != PSA_SUCCESS) { + printf("psa_crypto_init failed\n"); + return EXIT_FAILURE; + } + + status = psa_generate_random(original, sizeof(original)); + if (status != PSA_SUCCESS) { + printf("psa_generate_random() failed\n"); + return EXIT_FAILURE; + } + + psa_set_key_usage_flags(&attributes, + PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT); + psa_set_key_algorithm(&attributes, PSA_ALG_ECB_NO_PADDING); + psa_set_key_type(&attributes, PSA_KEY_TYPE_AES); + psa_set_key_bits(&attributes, 256); + + status = psa_import_key(&attributes, key_bytes, sizeof(key_bytes), &key_id); + if (status != PSA_SUCCESS) { + printf("psa_import_key failed\n"); + return EXIT_FAILURE; + } + + status = psa_cipher_encrypt(key_id, PSA_ALG_ECB_NO_PADDING, + original, sizeof(original), + encrypt, sizeof(encrypt), &encrypted_length); + if (status != PSA_SUCCESS) { + printf("psa_cipher_encrypt failed\n"); + return EXIT_FAILURE; + } + + status = psa_cipher_decrypt(key_id, PSA_ALG_ECB_NO_PADDING, + encrypt, encrypted_length, + decrypt, sizeof(decrypt), &decrypted_length); + if (status != PSA_SUCCESS) { + printf("psa_cipher_decrypt failed\n"); + return EXIT_FAILURE; + } + + if (memcmp(original, decrypt, sizeof(original)) != 0) { + printf("\nEncryption/Decryption failed!\n"); + } else { + printf("\nEncryption/Decryption successful!\n"); + } + + psa_destroy_key(key_id); + mbedtls_psa_crypto_free(); + return 0; +} From 9dc928990f429bbdcbb0ca97300d782bfd6cad77 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Mon, 24 Jun 2024 17:38:10 +0200 Subject: [PATCH 392/429] psasim: add AUT for asymmetric encryption/decryption Signed-off-by: Valerio Setti --- tests/psa-client-server/psasim/src/aut_main.c | 2 + .../src/aut_psa_asymmetric_encrypt_decrypt.c | 81 +++++++++++++++++++ 2 files changed, 83 insertions(+) create mode 100644 tests/psa-client-server/psasim/src/aut_psa_asymmetric_encrypt_decrypt.c diff --git a/tests/psa-client-server/psasim/src/aut_main.c b/tests/psa-client-server/psasim/src/aut_main.c index 2c4a8fb90d..ed198790c6 100644 --- a/tests/psa-client-server/psasim/src/aut_main.c +++ b/tests/psa-client-server/psasim/src/aut_main.c @@ -24,6 +24,7 @@ int psa_hash_main(void); int psa_aead_encrypt_main(char *cipher_name); int psa_aead_encrypt_decrypt_main(void); int psa_cipher_encrypt_decrypt_main(void); +int psa_asymmetric_encrypt_decrypt_main(void); int psa_random_main(void); int psa_mac_main(void); int psa_key_agreement_main(void); @@ -56,6 +57,7 @@ int main() TEST_MODULE(psa_aead_encrypt_main("chachapoly")); TEST_MODULE(psa_aead_encrypt_decrypt_main()); TEST_MODULE(psa_cipher_encrypt_decrypt_main()); + TEST_MODULE(psa_asymmetric_encrypt_decrypt_main()); TEST_MODULE(psa_random_main()); diff --git a/tests/psa-client-server/psasim/src/aut_psa_asymmetric_encrypt_decrypt.c b/tests/psa-client-server/psasim/src/aut_psa_asymmetric_encrypt_decrypt.c new file mode 100644 index 0000000000..02d8cf486d --- /dev/null +++ b/tests/psa-client-server/psasim/src/aut_psa_asymmetric_encrypt_decrypt.c @@ -0,0 +1,81 @@ +/* + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + */ + +#include "psa/crypto.h" +#include +#include +#include + +#define KEY_BITS 4096 +#define BUFFER_SIZE PSA_BITS_TO_BYTES(KEY_BITS) + +static void print_bytestr(const uint8_t *bytes, size_t len) +{ + for (unsigned int idx = 0; idx < len; idx++) { + printf("%02X", bytes[idx]); + } +} + +int psa_asymmetric_encrypt_decrypt_main(void) +{ + psa_status_t status; + psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; + psa_key_id_t key_id = 0; + uint8_t original[BUFFER_SIZE/2] = { 0 }; + uint8_t encrypt[BUFFER_SIZE] = { 0 }; + uint8_t decrypt[BUFFER_SIZE] = { 0 }; + size_t encrypted_length; + size_t decrypted_length; + + status = psa_crypto_init(); + if (status != PSA_SUCCESS) { + printf("psa_crypto_init failed\n"); + return EXIT_FAILURE; + } + + status = psa_generate_random(original, sizeof(original)); + if (status != PSA_SUCCESS) { + printf("psa_generate_random() failed\n"); + return EXIT_FAILURE; + } + + psa_set_key_usage_flags(&attributes, + PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT); + psa_set_key_algorithm(&attributes, PSA_ALG_RSA_PKCS1V15_CRYPT); + psa_set_key_type(&attributes, PSA_KEY_TYPE_RSA_KEY_PAIR); + psa_set_key_bits(&attributes, KEY_BITS); + + status = psa_generate_key(&attributes, &key_id); + if (status != PSA_SUCCESS) { + printf("psa_generate_key failed (%d)\n", status); + return EXIT_FAILURE; + } + + status = psa_asymmetric_encrypt(key_id, PSA_ALG_RSA_PKCS1V15_CRYPT, + original, sizeof(original), NULL, 0, + encrypt, sizeof(encrypt), &encrypted_length); + if (status != PSA_SUCCESS) { + printf("psa_asymmetric_encrypt failed (%d)\n", status); + return EXIT_FAILURE; + } + + status = psa_asymmetric_decrypt(key_id, PSA_ALG_RSA_PKCS1V15_CRYPT, + encrypt, encrypted_length, NULL, 0, + decrypt, sizeof(decrypt), &decrypted_length); + if (status != PSA_SUCCESS) { + printf("psa_cipher_decrypt failed (%d)\n", status); + return EXIT_FAILURE; + } + + if (memcmp(original, decrypt, sizeof(original)) != 0) { + printf("\nEncryption/Decryption failed!\n"); + } else { + printf("\nEncryption/Decryption successful!\n"); + } + + psa_destroy_key(key_id); + mbedtls_psa_crypto_free(); + return 0; +} From 4848f9d64f67bce3d2f0bb59a049f3ab6843c44e Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Tue, 25 Jun 2024 13:49:38 +0200 Subject: [PATCH 393/429] psasim: fix max line length in generated files Prevent generated files from having lines longer than 100 chars which would trigger CI failures on code style checks. Signed-off-by: Valerio Setti --- .../psasim/src/psa_sim_crypto_client.c | 2264 ++++++++++++----- .../psasim/src/psa_sim_crypto_server.c | 1598 +++++++++--- .../psasim/src/psa_sim_generate.pl | 55 +- .../psasim/src/psa_sim_serialise.c | 161 +- .../psasim/src/psa_sim_serialise.h | 75 +- .../psasim/src/psa_sim_serialise.pl | 26 +- 6 files changed, 2979 insertions(+), 1200 deletions(-) diff --git a/tests/psa-client-server/psasim/src/psa_sim_crypto_client.c b/tests/psa-client-server/psasim/src/psa_sim_crypto_client.c index 091e354b19..28dff38d02 100644 --- a/tests/psa-client-server/psasim/src/psa_sim_crypto_client.c +++ b/tests/psa-client-server/psasim/src/psa_sim_crypto_client.c @@ -134,8 +134,9 @@ psa_status_t psa_aead_abort( size_t result_length; psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - size_t needed = psasim_serialise_begin_needs() + - psasim_serialise_psa_aead_operation_t_needs(*operation); + size_t needed = + psasim_serialise_begin_needs() + + psasim_serialise_psa_aead_operation_t_needs(*operation); ser_params = malloc(needed); if (ser_params == NULL) { @@ -150,7 +151,9 @@ psa_status_t psa_aead_abort( if (!ok) { goto fail; } - ok = psasim_serialise_psa_aead_operation_t(&pos, &remaining, *operation); + ok = psasim_serialise_psa_aead_operation_t( + &pos, &remaining, + *operation); if (!ok) { goto fail; } @@ -170,12 +173,16 @@ psa_status_t psa_aead_abort( goto fail; } - ok = psasim_deserialise_psa_status_t(&rpos, &rremain, &status); + ok = psasim_deserialise_psa_status_t( + &rpos, &rremain, + &status); if (!ok) { goto fail; } - ok = psasim_deserialise_psa_aead_operation_t(&rpos, &rremain, operation); + ok = psasim_deserialise_psa_aead_operation_t( + &rpos, &rremain, + operation); if (!ok) { goto fail; } @@ -203,14 +210,15 @@ psa_status_t psa_aead_decrypt( size_t result_length; psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - size_t needed = psasim_serialise_begin_needs() + - psasim_serialise_mbedtls_svc_key_id_t_needs(key) + - psasim_serialise_psa_algorithm_t_needs(alg) + - psasim_serialise_buffer_needs(nonce, nonce_length) + - psasim_serialise_buffer_needs(additional_data, additional_data_length) + - psasim_serialise_buffer_needs(ciphertext, ciphertext_length) + - psasim_serialise_buffer_needs(plaintext, plaintext_size) + - psasim_serialise_size_t_needs(*plaintext_length); + size_t needed = + psasim_serialise_begin_needs() + + psasim_serialise_mbedtls_svc_key_id_t_needs(key) + + psasim_serialise_psa_algorithm_t_needs(alg) + + psasim_serialise_buffer_needs(nonce, nonce_length) + + psasim_serialise_buffer_needs(additional_data, additional_data_length) + + psasim_serialise_buffer_needs(ciphertext, ciphertext_length) + + psasim_serialise_buffer_needs(plaintext, plaintext_size) + + psasim_serialise_size_t_needs(*plaintext_length); ser_params = malloc(needed); if (ser_params == NULL) { @@ -225,31 +233,45 @@ psa_status_t psa_aead_decrypt( if (!ok) { goto fail; } - ok = psasim_serialise_mbedtls_svc_key_id_t(&pos, &remaining, key); + ok = psasim_serialise_mbedtls_svc_key_id_t( + &pos, &remaining, + key); if (!ok) { goto fail; } - ok = psasim_serialise_psa_algorithm_t(&pos, &remaining, alg); + ok = psasim_serialise_psa_algorithm_t( + &pos, &remaining, + alg); if (!ok) { goto fail; } - ok = psasim_serialise_buffer(&pos, &remaining, nonce, nonce_length); + ok = psasim_serialise_buffer( + &pos, &remaining, + nonce, nonce_length); if (!ok) { goto fail; } - ok = psasim_serialise_buffer(&pos, &remaining, additional_data, additional_data_length); + ok = psasim_serialise_buffer( + &pos, &remaining, + additional_data, additional_data_length); if (!ok) { goto fail; } - ok = psasim_serialise_buffer(&pos, &remaining, ciphertext, ciphertext_length); + ok = psasim_serialise_buffer( + &pos, &remaining, + ciphertext, ciphertext_length); if (!ok) { goto fail; } - ok = psasim_serialise_buffer(&pos, &remaining, plaintext, plaintext_size); + ok = psasim_serialise_buffer( + &pos, &remaining, + plaintext, plaintext_size); if (!ok) { goto fail; } - ok = psasim_serialise_size_t(&pos, &remaining, *plaintext_length); + ok = psasim_serialise_size_t( + &pos, &remaining, + *plaintext_length); if (!ok) { goto fail; } @@ -269,17 +291,23 @@ psa_status_t psa_aead_decrypt( goto fail; } - ok = psasim_deserialise_psa_status_t(&rpos, &rremain, &status); + ok = psasim_deserialise_psa_status_t( + &rpos, &rremain, + &status); if (!ok) { goto fail; } - ok = psasim_deserialise_return_buffer(&rpos, &rremain, plaintext, plaintext_size); + ok = psasim_deserialise_return_buffer( + &rpos, &rremain, + plaintext, plaintext_size); if (!ok) { goto fail; } - ok = psasim_deserialise_size_t(&rpos, &rremain, plaintext_length); + ok = psasim_deserialise_size_t( + &rpos, &rremain, + plaintext_length); if (!ok) { goto fail; } @@ -303,10 +331,11 @@ psa_status_t psa_aead_decrypt_setup( size_t result_length; psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - size_t needed = psasim_serialise_begin_needs() + - psasim_serialise_psa_aead_operation_t_needs(*operation) + - psasim_serialise_mbedtls_svc_key_id_t_needs(key) + - psasim_serialise_psa_algorithm_t_needs(alg); + size_t needed = + psasim_serialise_begin_needs() + + psasim_serialise_psa_aead_operation_t_needs(*operation) + + psasim_serialise_mbedtls_svc_key_id_t_needs(key) + + psasim_serialise_psa_algorithm_t_needs(alg); ser_params = malloc(needed); if (ser_params == NULL) { @@ -321,15 +350,21 @@ psa_status_t psa_aead_decrypt_setup( if (!ok) { goto fail; } - ok = psasim_serialise_psa_aead_operation_t(&pos, &remaining, *operation); + ok = psasim_serialise_psa_aead_operation_t( + &pos, &remaining, + *operation); if (!ok) { goto fail; } - ok = psasim_serialise_mbedtls_svc_key_id_t(&pos, &remaining, key); + ok = psasim_serialise_mbedtls_svc_key_id_t( + &pos, &remaining, + key); if (!ok) { goto fail; } - ok = psasim_serialise_psa_algorithm_t(&pos, &remaining, alg); + ok = psasim_serialise_psa_algorithm_t( + &pos, &remaining, + alg); if (!ok) { goto fail; } @@ -349,12 +384,16 @@ psa_status_t psa_aead_decrypt_setup( goto fail; } - ok = psasim_deserialise_psa_status_t(&rpos, &rremain, &status); + ok = psasim_deserialise_psa_status_t( + &rpos, &rremain, + &status); if (!ok) { goto fail; } - ok = psasim_deserialise_psa_aead_operation_t(&rpos, &rremain, operation); + ok = psasim_deserialise_psa_aead_operation_t( + &rpos, &rremain, + operation); if (!ok) { goto fail; } @@ -382,14 +421,15 @@ psa_status_t psa_aead_encrypt( size_t result_length; psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - size_t needed = psasim_serialise_begin_needs() + - psasim_serialise_mbedtls_svc_key_id_t_needs(key) + - psasim_serialise_psa_algorithm_t_needs(alg) + - psasim_serialise_buffer_needs(nonce, nonce_length) + - psasim_serialise_buffer_needs(additional_data, additional_data_length) + - psasim_serialise_buffer_needs(plaintext, plaintext_length) + - psasim_serialise_buffer_needs(ciphertext, ciphertext_size) + - psasim_serialise_size_t_needs(*ciphertext_length); + size_t needed = + psasim_serialise_begin_needs() + + psasim_serialise_mbedtls_svc_key_id_t_needs(key) + + psasim_serialise_psa_algorithm_t_needs(alg) + + psasim_serialise_buffer_needs(nonce, nonce_length) + + psasim_serialise_buffer_needs(additional_data, additional_data_length) + + psasim_serialise_buffer_needs(plaintext, plaintext_length) + + psasim_serialise_buffer_needs(ciphertext, ciphertext_size) + + psasim_serialise_size_t_needs(*ciphertext_length); ser_params = malloc(needed); if (ser_params == NULL) { @@ -404,31 +444,45 @@ psa_status_t psa_aead_encrypt( if (!ok) { goto fail; } - ok = psasim_serialise_mbedtls_svc_key_id_t(&pos, &remaining, key); + ok = psasim_serialise_mbedtls_svc_key_id_t( + &pos, &remaining, + key); if (!ok) { goto fail; } - ok = psasim_serialise_psa_algorithm_t(&pos, &remaining, alg); + ok = psasim_serialise_psa_algorithm_t( + &pos, &remaining, + alg); if (!ok) { goto fail; } - ok = psasim_serialise_buffer(&pos, &remaining, nonce, nonce_length); + ok = psasim_serialise_buffer( + &pos, &remaining, + nonce, nonce_length); if (!ok) { goto fail; } - ok = psasim_serialise_buffer(&pos, &remaining, additional_data, additional_data_length); + ok = psasim_serialise_buffer( + &pos, &remaining, + additional_data, additional_data_length); if (!ok) { goto fail; } - ok = psasim_serialise_buffer(&pos, &remaining, plaintext, plaintext_length); + ok = psasim_serialise_buffer( + &pos, &remaining, + plaintext, plaintext_length); if (!ok) { goto fail; } - ok = psasim_serialise_buffer(&pos, &remaining, ciphertext, ciphertext_size); + ok = psasim_serialise_buffer( + &pos, &remaining, + ciphertext, ciphertext_size); if (!ok) { goto fail; } - ok = psasim_serialise_size_t(&pos, &remaining, *ciphertext_length); + ok = psasim_serialise_size_t( + &pos, &remaining, + *ciphertext_length); if (!ok) { goto fail; } @@ -448,17 +502,23 @@ psa_status_t psa_aead_encrypt( goto fail; } - ok = psasim_deserialise_psa_status_t(&rpos, &rremain, &status); + ok = psasim_deserialise_psa_status_t( + &rpos, &rremain, + &status); if (!ok) { goto fail; } - ok = psasim_deserialise_return_buffer(&rpos, &rremain, ciphertext, ciphertext_size); + ok = psasim_deserialise_return_buffer( + &rpos, &rremain, + ciphertext, ciphertext_size); if (!ok) { goto fail; } - ok = psasim_deserialise_size_t(&rpos, &rremain, ciphertext_length); + ok = psasim_deserialise_size_t( + &rpos, &rremain, + ciphertext_length); if (!ok) { goto fail; } @@ -482,10 +542,11 @@ psa_status_t psa_aead_encrypt_setup( size_t result_length; psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - size_t needed = psasim_serialise_begin_needs() + - psasim_serialise_psa_aead_operation_t_needs(*operation) + - psasim_serialise_mbedtls_svc_key_id_t_needs(key) + - psasim_serialise_psa_algorithm_t_needs(alg); + size_t needed = + psasim_serialise_begin_needs() + + psasim_serialise_psa_aead_operation_t_needs(*operation) + + psasim_serialise_mbedtls_svc_key_id_t_needs(key) + + psasim_serialise_psa_algorithm_t_needs(alg); ser_params = malloc(needed); if (ser_params == NULL) { @@ -500,15 +561,21 @@ psa_status_t psa_aead_encrypt_setup( if (!ok) { goto fail; } - ok = psasim_serialise_psa_aead_operation_t(&pos, &remaining, *operation); + ok = psasim_serialise_psa_aead_operation_t( + &pos, &remaining, + *operation); if (!ok) { goto fail; } - ok = psasim_serialise_mbedtls_svc_key_id_t(&pos, &remaining, key); + ok = psasim_serialise_mbedtls_svc_key_id_t( + &pos, &remaining, + key); if (!ok) { goto fail; } - ok = psasim_serialise_psa_algorithm_t(&pos, &remaining, alg); + ok = psasim_serialise_psa_algorithm_t( + &pos, &remaining, + alg); if (!ok) { goto fail; } @@ -528,12 +595,16 @@ psa_status_t psa_aead_encrypt_setup( goto fail; } - ok = psasim_deserialise_psa_status_t(&rpos, &rremain, &status); + ok = psasim_deserialise_psa_status_t( + &rpos, &rremain, + &status); if (!ok) { goto fail; } - ok = psasim_deserialise_psa_aead_operation_t(&rpos, &rremain, operation); + ok = psasim_deserialise_psa_aead_operation_t( + &rpos, &rremain, + operation); if (!ok) { goto fail; } @@ -559,12 +630,13 @@ psa_status_t psa_aead_finish( size_t result_length; psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - size_t needed = psasim_serialise_begin_needs() + - psasim_serialise_psa_aead_operation_t_needs(*operation) + - psasim_serialise_buffer_needs(ciphertext, ciphertext_size) + - psasim_serialise_size_t_needs(*ciphertext_length) + - psasim_serialise_buffer_needs(tag, tag_size) + - psasim_serialise_size_t_needs(*tag_length); + size_t needed = + psasim_serialise_begin_needs() + + psasim_serialise_psa_aead_operation_t_needs(*operation) + + psasim_serialise_buffer_needs(ciphertext, ciphertext_size) + + psasim_serialise_size_t_needs(*ciphertext_length) + + psasim_serialise_buffer_needs(tag, tag_size) + + psasim_serialise_size_t_needs(*tag_length); ser_params = malloc(needed); if (ser_params == NULL) { @@ -579,23 +651,33 @@ psa_status_t psa_aead_finish( if (!ok) { goto fail; } - ok = psasim_serialise_psa_aead_operation_t(&pos, &remaining, *operation); + ok = psasim_serialise_psa_aead_operation_t( + &pos, &remaining, + *operation); if (!ok) { goto fail; } - ok = psasim_serialise_buffer(&pos, &remaining, ciphertext, ciphertext_size); + ok = psasim_serialise_buffer( + &pos, &remaining, + ciphertext, ciphertext_size); if (!ok) { goto fail; } - ok = psasim_serialise_size_t(&pos, &remaining, *ciphertext_length); + ok = psasim_serialise_size_t( + &pos, &remaining, + *ciphertext_length); if (!ok) { goto fail; } - ok = psasim_serialise_buffer(&pos, &remaining, tag, tag_size); + ok = psasim_serialise_buffer( + &pos, &remaining, + tag, tag_size); if (!ok) { goto fail; } - ok = psasim_serialise_size_t(&pos, &remaining, *tag_length); + ok = psasim_serialise_size_t( + &pos, &remaining, + *tag_length); if (!ok) { goto fail; } @@ -615,32 +697,44 @@ psa_status_t psa_aead_finish( goto fail; } - ok = psasim_deserialise_psa_status_t(&rpos, &rremain, &status); + ok = psasim_deserialise_psa_status_t( + &rpos, &rremain, + &status); if (!ok) { goto fail; } - ok = psasim_deserialise_psa_aead_operation_t(&rpos, &rremain, operation); + ok = psasim_deserialise_psa_aead_operation_t( + &rpos, &rremain, + operation); if (!ok) { goto fail; } - ok = psasim_deserialise_return_buffer(&rpos, &rremain, ciphertext, ciphertext_size); + ok = psasim_deserialise_return_buffer( + &rpos, &rremain, + ciphertext, ciphertext_size); if (!ok) { goto fail; } - ok = psasim_deserialise_size_t(&rpos, &rremain, ciphertext_length); + ok = psasim_deserialise_size_t( + &rpos, &rremain, + ciphertext_length); if (!ok) { goto fail; } - ok = psasim_deserialise_return_buffer(&rpos, &rremain, tag, tag_size); + ok = psasim_deserialise_return_buffer( + &rpos, &rremain, + tag, tag_size); if (!ok) { goto fail; } - ok = psasim_deserialise_size_t(&rpos, &rremain, tag_length); + ok = psasim_deserialise_size_t( + &rpos, &rremain, + tag_length); if (!ok) { goto fail; } @@ -664,10 +758,11 @@ psa_status_t psa_aead_generate_nonce( size_t result_length; psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - size_t needed = psasim_serialise_begin_needs() + - psasim_serialise_psa_aead_operation_t_needs(*operation) + - psasim_serialise_buffer_needs(nonce, nonce_size) + - psasim_serialise_size_t_needs(*nonce_length); + size_t needed = + psasim_serialise_begin_needs() + + psasim_serialise_psa_aead_operation_t_needs(*operation) + + psasim_serialise_buffer_needs(nonce, nonce_size) + + psasim_serialise_size_t_needs(*nonce_length); ser_params = malloc(needed); if (ser_params == NULL) { @@ -682,15 +777,21 @@ psa_status_t psa_aead_generate_nonce( if (!ok) { goto fail; } - ok = psasim_serialise_psa_aead_operation_t(&pos, &remaining, *operation); + ok = psasim_serialise_psa_aead_operation_t( + &pos, &remaining, + *operation); if (!ok) { goto fail; } - ok = psasim_serialise_buffer(&pos, &remaining, nonce, nonce_size); + ok = psasim_serialise_buffer( + &pos, &remaining, + nonce, nonce_size); if (!ok) { goto fail; } - ok = psasim_serialise_size_t(&pos, &remaining, *nonce_length); + ok = psasim_serialise_size_t( + &pos, &remaining, + *nonce_length); if (!ok) { goto fail; } @@ -710,22 +811,30 @@ psa_status_t psa_aead_generate_nonce( goto fail; } - ok = psasim_deserialise_psa_status_t(&rpos, &rremain, &status); + ok = psasim_deserialise_psa_status_t( + &rpos, &rremain, + &status); if (!ok) { goto fail; } - ok = psasim_deserialise_psa_aead_operation_t(&rpos, &rremain, operation); + ok = psasim_deserialise_psa_aead_operation_t( + &rpos, &rremain, + operation); if (!ok) { goto fail; } - ok = psasim_deserialise_return_buffer(&rpos, &rremain, nonce, nonce_size); + ok = psasim_deserialise_return_buffer( + &rpos, &rremain, + nonce, nonce_size); if (!ok) { goto fail; } - ok = psasim_deserialise_size_t(&rpos, &rremain, nonce_length); + ok = psasim_deserialise_size_t( + &rpos, &rremain, + nonce_length); if (!ok) { goto fail; } @@ -749,10 +858,11 @@ psa_status_t psa_aead_set_lengths( size_t result_length; psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - size_t needed = psasim_serialise_begin_needs() + - psasim_serialise_psa_aead_operation_t_needs(*operation) + - psasim_serialise_size_t_needs(ad_length) + - psasim_serialise_size_t_needs(plaintext_length); + size_t needed = + psasim_serialise_begin_needs() + + psasim_serialise_psa_aead_operation_t_needs(*operation) + + psasim_serialise_size_t_needs(ad_length) + + psasim_serialise_size_t_needs(plaintext_length); ser_params = malloc(needed); if (ser_params == NULL) { @@ -767,15 +877,21 @@ psa_status_t psa_aead_set_lengths( if (!ok) { goto fail; } - ok = psasim_serialise_psa_aead_operation_t(&pos, &remaining, *operation); + ok = psasim_serialise_psa_aead_operation_t( + &pos, &remaining, + *operation); if (!ok) { goto fail; } - ok = psasim_serialise_size_t(&pos, &remaining, ad_length); + ok = psasim_serialise_size_t( + &pos, &remaining, + ad_length); if (!ok) { goto fail; } - ok = psasim_serialise_size_t(&pos, &remaining, plaintext_length); + ok = psasim_serialise_size_t( + &pos, &remaining, + plaintext_length); if (!ok) { goto fail; } @@ -795,12 +911,16 @@ psa_status_t psa_aead_set_lengths( goto fail; } - ok = psasim_deserialise_psa_status_t(&rpos, &rremain, &status); + ok = psasim_deserialise_psa_status_t( + &rpos, &rremain, + &status); if (!ok) { goto fail; } - ok = psasim_deserialise_psa_aead_operation_t(&rpos, &rremain, operation); + ok = psasim_deserialise_psa_aead_operation_t( + &rpos, &rremain, + operation); if (!ok) { goto fail; } @@ -823,9 +943,10 @@ psa_status_t psa_aead_set_nonce( size_t result_length; psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - size_t needed = psasim_serialise_begin_needs() + - psasim_serialise_psa_aead_operation_t_needs(*operation) + - psasim_serialise_buffer_needs(nonce, nonce_length); + size_t needed = + psasim_serialise_begin_needs() + + psasim_serialise_psa_aead_operation_t_needs(*operation) + + psasim_serialise_buffer_needs(nonce, nonce_length); ser_params = malloc(needed); if (ser_params == NULL) { @@ -840,11 +961,15 @@ psa_status_t psa_aead_set_nonce( if (!ok) { goto fail; } - ok = psasim_serialise_psa_aead_operation_t(&pos, &remaining, *operation); + ok = psasim_serialise_psa_aead_operation_t( + &pos, &remaining, + *operation); if (!ok) { goto fail; } - ok = psasim_serialise_buffer(&pos, &remaining, nonce, nonce_length); + ok = psasim_serialise_buffer( + &pos, &remaining, + nonce, nonce_length); if (!ok) { goto fail; } @@ -864,12 +989,16 @@ psa_status_t psa_aead_set_nonce( goto fail; } - ok = psasim_deserialise_psa_status_t(&rpos, &rremain, &status); + ok = psasim_deserialise_psa_status_t( + &rpos, &rremain, + &status); if (!ok) { goto fail; } - ok = psasim_deserialise_psa_aead_operation_t(&rpos, &rremain, operation); + ok = psasim_deserialise_psa_aead_operation_t( + &rpos, &rremain, + operation); if (!ok) { goto fail; } @@ -894,11 +1023,12 @@ psa_status_t psa_aead_update( size_t result_length; psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - size_t needed = psasim_serialise_begin_needs() + - psasim_serialise_psa_aead_operation_t_needs(*operation) + - psasim_serialise_buffer_needs(input, input_length) + - psasim_serialise_buffer_needs(output, output_size) + - psasim_serialise_size_t_needs(*output_length); + size_t needed = + psasim_serialise_begin_needs() + + psasim_serialise_psa_aead_operation_t_needs(*operation) + + psasim_serialise_buffer_needs(input, input_length) + + psasim_serialise_buffer_needs(output, output_size) + + psasim_serialise_size_t_needs(*output_length); ser_params = malloc(needed); if (ser_params == NULL) { @@ -913,19 +1043,27 @@ psa_status_t psa_aead_update( if (!ok) { goto fail; } - ok = psasim_serialise_psa_aead_operation_t(&pos, &remaining, *operation); + ok = psasim_serialise_psa_aead_operation_t( + &pos, &remaining, + *operation); if (!ok) { goto fail; } - ok = psasim_serialise_buffer(&pos, &remaining, input, input_length); + ok = psasim_serialise_buffer( + &pos, &remaining, + input, input_length); if (!ok) { goto fail; } - ok = psasim_serialise_buffer(&pos, &remaining, output, output_size); + ok = psasim_serialise_buffer( + &pos, &remaining, + output, output_size); if (!ok) { goto fail; } - ok = psasim_serialise_size_t(&pos, &remaining, *output_length); + ok = psasim_serialise_size_t( + &pos, &remaining, + *output_length); if (!ok) { goto fail; } @@ -945,22 +1083,30 @@ psa_status_t psa_aead_update( goto fail; } - ok = psasim_deserialise_psa_status_t(&rpos, &rremain, &status); + ok = psasim_deserialise_psa_status_t( + &rpos, &rremain, + &status); if (!ok) { goto fail; } - ok = psasim_deserialise_psa_aead_operation_t(&rpos, &rremain, operation); + ok = psasim_deserialise_psa_aead_operation_t( + &rpos, &rremain, + operation); if (!ok) { goto fail; } - ok = psasim_deserialise_return_buffer(&rpos, &rremain, output, output_size); + ok = psasim_deserialise_return_buffer( + &rpos, &rremain, + output, output_size); if (!ok) { goto fail; } - ok = psasim_deserialise_size_t(&rpos, &rremain, output_length); + ok = psasim_deserialise_size_t( + &rpos, &rremain, + output_length); if (!ok) { goto fail; } @@ -983,9 +1129,10 @@ psa_status_t psa_aead_update_ad( size_t result_length; psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - size_t needed = psasim_serialise_begin_needs() + - psasim_serialise_psa_aead_operation_t_needs(*operation) + - psasim_serialise_buffer_needs(input, input_length); + size_t needed = + psasim_serialise_begin_needs() + + psasim_serialise_psa_aead_operation_t_needs(*operation) + + psasim_serialise_buffer_needs(input, input_length); ser_params = malloc(needed); if (ser_params == NULL) { @@ -1000,11 +1147,15 @@ psa_status_t psa_aead_update_ad( if (!ok) { goto fail; } - ok = psasim_serialise_psa_aead_operation_t(&pos, &remaining, *operation); + ok = psasim_serialise_psa_aead_operation_t( + &pos, &remaining, + *operation); if (!ok) { goto fail; } - ok = psasim_serialise_buffer(&pos, &remaining, input, input_length); + ok = psasim_serialise_buffer( + &pos, &remaining, + input, input_length); if (!ok) { goto fail; } @@ -1024,12 +1175,16 @@ psa_status_t psa_aead_update_ad( goto fail; } - ok = psasim_deserialise_psa_status_t(&rpos, &rremain, &status); + ok = psasim_deserialise_psa_status_t( + &rpos, &rremain, + &status); if (!ok) { goto fail; } - ok = psasim_deserialise_psa_aead_operation_t(&rpos, &rremain, operation); + ok = psasim_deserialise_psa_aead_operation_t( + &rpos, &rremain, + operation); if (!ok) { goto fail; } @@ -1054,11 +1209,12 @@ psa_status_t psa_aead_verify( size_t result_length; psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - size_t needed = psasim_serialise_begin_needs() + - psasim_serialise_psa_aead_operation_t_needs(*operation) + - psasim_serialise_buffer_needs(plaintext, plaintext_size) + - psasim_serialise_size_t_needs(*plaintext_length) + - psasim_serialise_buffer_needs(tag, tag_length); + size_t needed = + psasim_serialise_begin_needs() + + psasim_serialise_psa_aead_operation_t_needs(*operation) + + psasim_serialise_buffer_needs(plaintext, plaintext_size) + + psasim_serialise_size_t_needs(*plaintext_length) + + psasim_serialise_buffer_needs(tag, tag_length); ser_params = malloc(needed); if (ser_params == NULL) { @@ -1073,19 +1229,27 @@ psa_status_t psa_aead_verify( if (!ok) { goto fail; } - ok = psasim_serialise_psa_aead_operation_t(&pos, &remaining, *operation); + ok = psasim_serialise_psa_aead_operation_t( + &pos, &remaining, + *operation); if (!ok) { goto fail; } - ok = psasim_serialise_buffer(&pos, &remaining, plaintext, plaintext_size); + ok = psasim_serialise_buffer( + &pos, &remaining, + plaintext, plaintext_size); if (!ok) { goto fail; } - ok = psasim_serialise_size_t(&pos, &remaining, *plaintext_length); + ok = psasim_serialise_size_t( + &pos, &remaining, + *plaintext_length); if (!ok) { goto fail; } - ok = psasim_serialise_buffer(&pos, &remaining, tag, tag_length); + ok = psasim_serialise_buffer( + &pos, &remaining, + tag, tag_length); if (!ok) { goto fail; } @@ -1105,22 +1269,30 @@ psa_status_t psa_aead_verify( goto fail; } - ok = psasim_deserialise_psa_status_t(&rpos, &rremain, &status); + ok = psasim_deserialise_psa_status_t( + &rpos, &rremain, + &status); if (!ok) { goto fail; } - ok = psasim_deserialise_psa_aead_operation_t(&rpos, &rremain, operation); + ok = psasim_deserialise_psa_aead_operation_t( + &rpos, &rremain, + operation); if (!ok) { goto fail; } - ok = psasim_deserialise_return_buffer(&rpos, &rremain, plaintext, plaintext_size); + ok = psasim_deserialise_return_buffer( + &rpos, &rremain, + plaintext, plaintext_size); if (!ok) { goto fail; } - ok = psasim_deserialise_size_t(&rpos, &rremain, plaintext_length); + ok = psasim_deserialise_size_t( + &rpos, &rremain, + plaintext_length); if (!ok) { goto fail; } @@ -1147,13 +1319,14 @@ psa_status_t psa_asymmetric_decrypt( size_t result_length; psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - size_t needed = psasim_serialise_begin_needs() + - psasim_serialise_mbedtls_svc_key_id_t_needs(key) + - psasim_serialise_psa_algorithm_t_needs(alg) + - psasim_serialise_buffer_needs(input, input_length) + - psasim_serialise_buffer_needs(salt, salt_length) + - psasim_serialise_buffer_needs(output, output_size) + - psasim_serialise_size_t_needs(*output_length); + size_t needed = + psasim_serialise_begin_needs() + + psasim_serialise_mbedtls_svc_key_id_t_needs(key) + + psasim_serialise_psa_algorithm_t_needs(alg) + + psasim_serialise_buffer_needs(input, input_length) + + psasim_serialise_buffer_needs(salt, salt_length) + + psasim_serialise_buffer_needs(output, output_size) + + psasim_serialise_size_t_needs(*output_length); ser_params = malloc(needed); if (ser_params == NULL) { @@ -1168,27 +1341,39 @@ psa_status_t psa_asymmetric_decrypt( if (!ok) { goto fail; } - ok = psasim_serialise_mbedtls_svc_key_id_t(&pos, &remaining, key); + ok = psasim_serialise_mbedtls_svc_key_id_t( + &pos, &remaining, + key); if (!ok) { goto fail; } - ok = psasim_serialise_psa_algorithm_t(&pos, &remaining, alg); + ok = psasim_serialise_psa_algorithm_t( + &pos, &remaining, + alg); if (!ok) { goto fail; } - ok = psasim_serialise_buffer(&pos, &remaining, input, input_length); + ok = psasim_serialise_buffer( + &pos, &remaining, + input, input_length); if (!ok) { goto fail; } - ok = psasim_serialise_buffer(&pos, &remaining, salt, salt_length); + ok = psasim_serialise_buffer( + &pos, &remaining, + salt, salt_length); if (!ok) { goto fail; } - ok = psasim_serialise_buffer(&pos, &remaining, output, output_size); + ok = psasim_serialise_buffer( + &pos, &remaining, + output, output_size); if (!ok) { goto fail; } - ok = psasim_serialise_size_t(&pos, &remaining, *output_length); + ok = psasim_serialise_size_t( + &pos, &remaining, + *output_length); if (!ok) { goto fail; } @@ -1208,17 +1393,23 @@ psa_status_t psa_asymmetric_decrypt( goto fail; } - ok = psasim_deserialise_psa_status_t(&rpos, &rremain, &status); + ok = psasim_deserialise_psa_status_t( + &rpos, &rremain, + &status); if (!ok) { goto fail; } - ok = psasim_deserialise_return_buffer(&rpos, &rremain, output, output_size); + ok = psasim_deserialise_return_buffer( + &rpos, &rremain, + output, output_size); if (!ok) { goto fail; } - ok = psasim_deserialise_size_t(&rpos, &rremain, output_length); + ok = psasim_deserialise_size_t( + &rpos, &rremain, + output_length); if (!ok) { goto fail; } @@ -1245,13 +1436,14 @@ psa_status_t psa_asymmetric_encrypt( size_t result_length; psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - size_t needed = psasim_serialise_begin_needs() + - psasim_serialise_mbedtls_svc_key_id_t_needs(key) + - psasim_serialise_psa_algorithm_t_needs(alg) + - psasim_serialise_buffer_needs(input, input_length) + - psasim_serialise_buffer_needs(salt, salt_length) + - psasim_serialise_buffer_needs(output, output_size) + - psasim_serialise_size_t_needs(*output_length); + size_t needed = + psasim_serialise_begin_needs() + + psasim_serialise_mbedtls_svc_key_id_t_needs(key) + + psasim_serialise_psa_algorithm_t_needs(alg) + + psasim_serialise_buffer_needs(input, input_length) + + psasim_serialise_buffer_needs(salt, salt_length) + + psasim_serialise_buffer_needs(output, output_size) + + psasim_serialise_size_t_needs(*output_length); ser_params = malloc(needed); if (ser_params == NULL) { @@ -1266,27 +1458,39 @@ psa_status_t psa_asymmetric_encrypt( if (!ok) { goto fail; } - ok = psasim_serialise_mbedtls_svc_key_id_t(&pos, &remaining, key); + ok = psasim_serialise_mbedtls_svc_key_id_t( + &pos, &remaining, + key); if (!ok) { goto fail; } - ok = psasim_serialise_psa_algorithm_t(&pos, &remaining, alg); + ok = psasim_serialise_psa_algorithm_t( + &pos, &remaining, + alg); if (!ok) { goto fail; } - ok = psasim_serialise_buffer(&pos, &remaining, input, input_length); + ok = psasim_serialise_buffer( + &pos, &remaining, + input, input_length); if (!ok) { goto fail; } - ok = psasim_serialise_buffer(&pos, &remaining, salt, salt_length); + ok = psasim_serialise_buffer( + &pos, &remaining, + salt, salt_length); if (!ok) { goto fail; } - ok = psasim_serialise_buffer(&pos, &remaining, output, output_size); + ok = psasim_serialise_buffer( + &pos, &remaining, + output, output_size); if (!ok) { goto fail; } - ok = psasim_serialise_size_t(&pos, &remaining, *output_length); + ok = psasim_serialise_size_t( + &pos, &remaining, + *output_length); if (!ok) { goto fail; } @@ -1306,17 +1510,23 @@ psa_status_t psa_asymmetric_encrypt( goto fail; } - ok = psasim_deserialise_psa_status_t(&rpos, &rremain, &status); + ok = psasim_deserialise_psa_status_t( + &rpos, &rremain, + &status); if (!ok) { goto fail; } - ok = psasim_deserialise_return_buffer(&rpos, &rremain, output, output_size); + ok = psasim_deserialise_return_buffer( + &rpos, &rremain, + output, output_size); if (!ok) { goto fail; } - ok = psasim_deserialise_size_t(&rpos, &rremain, output_length); + ok = psasim_deserialise_size_t( + &rpos, &rremain, + output_length); if (!ok) { goto fail; } @@ -1338,8 +1548,9 @@ psa_status_t psa_cipher_abort( size_t result_length; psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - size_t needed = psasim_serialise_begin_needs() + - psasim_serialise_psa_cipher_operation_t_needs(*operation); + size_t needed = + psasim_serialise_begin_needs() + + psasim_serialise_psa_cipher_operation_t_needs(*operation); ser_params = malloc(needed); if (ser_params == NULL) { @@ -1354,7 +1565,9 @@ psa_status_t psa_cipher_abort( if (!ok) { goto fail; } - ok = psasim_serialise_psa_cipher_operation_t(&pos, &remaining, *operation); + ok = psasim_serialise_psa_cipher_operation_t( + &pos, &remaining, + *operation); if (!ok) { goto fail; } @@ -1374,12 +1587,16 @@ psa_status_t psa_cipher_abort( goto fail; } - ok = psasim_deserialise_psa_status_t(&rpos, &rremain, &status); + ok = psasim_deserialise_psa_status_t( + &rpos, &rremain, + &status); if (!ok) { goto fail; } - ok = psasim_deserialise_psa_cipher_operation_t(&rpos, &rremain, operation); + ok = psasim_deserialise_psa_cipher_operation_t( + &rpos, &rremain, + operation); if (!ok) { goto fail; } @@ -1405,12 +1622,13 @@ psa_status_t psa_cipher_decrypt( size_t result_length; psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - size_t needed = psasim_serialise_begin_needs() + - psasim_serialise_mbedtls_svc_key_id_t_needs(key) + - psasim_serialise_psa_algorithm_t_needs(alg) + - psasim_serialise_buffer_needs(input, input_length) + - psasim_serialise_buffer_needs(output, output_size) + - psasim_serialise_size_t_needs(*output_length); + size_t needed = + psasim_serialise_begin_needs() + + psasim_serialise_mbedtls_svc_key_id_t_needs(key) + + psasim_serialise_psa_algorithm_t_needs(alg) + + psasim_serialise_buffer_needs(input, input_length) + + psasim_serialise_buffer_needs(output, output_size) + + psasim_serialise_size_t_needs(*output_length); ser_params = malloc(needed); if (ser_params == NULL) { @@ -1425,23 +1643,33 @@ psa_status_t psa_cipher_decrypt( if (!ok) { goto fail; } - ok = psasim_serialise_mbedtls_svc_key_id_t(&pos, &remaining, key); + ok = psasim_serialise_mbedtls_svc_key_id_t( + &pos, &remaining, + key); if (!ok) { goto fail; } - ok = psasim_serialise_psa_algorithm_t(&pos, &remaining, alg); + ok = psasim_serialise_psa_algorithm_t( + &pos, &remaining, + alg); if (!ok) { goto fail; } - ok = psasim_serialise_buffer(&pos, &remaining, input, input_length); + ok = psasim_serialise_buffer( + &pos, &remaining, + input, input_length); if (!ok) { goto fail; } - ok = psasim_serialise_buffer(&pos, &remaining, output, output_size); + ok = psasim_serialise_buffer( + &pos, &remaining, + output, output_size); if (!ok) { goto fail; } - ok = psasim_serialise_size_t(&pos, &remaining, *output_length); + ok = psasim_serialise_size_t( + &pos, &remaining, + *output_length); if (!ok) { goto fail; } @@ -1461,17 +1689,23 @@ psa_status_t psa_cipher_decrypt( goto fail; } - ok = psasim_deserialise_psa_status_t(&rpos, &rremain, &status); + ok = psasim_deserialise_psa_status_t( + &rpos, &rremain, + &status); if (!ok) { goto fail; } - ok = psasim_deserialise_return_buffer(&rpos, &rremain, output, output_size); + ok = psasim_deserialise_return_buffer( + &rpos, &rremain, + output, output_size); if (!ok) { goto fail; } - ok = psasim_deserialise_size_t(&rpos, &rremain, output_length); + ok = psasim_deserialise_size_t( + &rpos, &rremain, + output_length); if (!ok) { goto fail; } @@ -1495,10 +1729,11 @@ psa_status_t psa_cipher_decrypt_setup( size_t result_length; psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - size_t needed = psasim_serialise_begin_needs() + - psasim_serialise_psa_cipher_operation_t_needs(*operation) + - psasim_serialise_mbedtls_svc_key_id_t_needs(key) + - psasim_serialise_psa_algorithm_t_needs(alg); + size_t needed = + psasim_serialise_begin_needs() + + psasim_serialise_psa_cipher_operation_t_needs(*operation) + + psasim_serialise_mbedtls_svc_key_id_t_needs(key) + + psasim_serialise_psa_algorithm_t_needs(alg); ser_params = malloc(needed); if (ser_params == NULL) { @@ -1513,15 +1748,21 @@ psa_status_t psa_cipher_decrypt_setup( if (!ok) { goto fail; } - ok = psasim_serialise_psa_cipher_operation_t(&pos, &remaining, *operation); + ok = psasim_serialise_psa_cipher_operation_t( + &pos, &remaining, + *operation); if (!ok) { goto fail; } - ok = psasim_serialise_mbedtls_svc_key_id_t(&pos, &remaining, key); + ok = psasim_serialise_mbedtls_svc_key_id_t( + &pos, &remaining, + key); if (!ok) { goto fail; } - ok = psasim_serialise_psa_algorithm_t(&pos, &remaining, alg); + ok = psasim_serialise_psa_algorithm_t( + &pos, &remaining, + alg); if (!ok) { goto fail; } @@ -1541,12 +1782,16 @@ psa_status_t psa_cipher_decrypt_setup( goto fail; } - ok = psasim_deserialise_psa_status_t(&rpos, &rremain, &status); + ok = psasim_deserialise_psa_status_t( + &rpos, &rremain, + &status); if (!ok) { goto fail; } - ok = psasim_deserialise_psa_cipher_operation_t(&rpos, &rremain, operation); + ok = psasim_deserialise_psa_cipher_operation_t( + &rpos, &rremain, + operation); if (!ok) { goto fail; } @@ -1572,12 +1817,13 @@ psa_status_t psa_cipher_encrypt( size_t result_length; psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - size_t needed = psasim_serialise_begin_needs() + - psasim_serialise_mbedtls_svc_key_id_t_needs(key) + - psasim_serialise_psa_algorithm_t_needs(alg) + - psasim_serialise_buffer_needs(input, input_length) + - psasim_serialise_buffer_needs(output, output_size) + - psasim_serialise_size_t_needs(*output_length); + size_t needed = + psasim_serialise_begin_needs() + + psasim_serialise_mbedtls_svc_key_id_t_needs(key) + + psasim_serialise_psa_algorithm_t_needs(alg) + + psasim_serialise_buffer_needs(input, input_length) + + psasim_serialise_buffer_needs(output, output_size) + + psasim_serialise_size_t_needs(*output_length); ser_params = malloc(needed); if (ser_params == NULL) { @@ -1592,23 +1838,33 @@ psa_status_t psa_cipher_encrypt( if (!ok) { goto fail; } - ok = psasim_serialise_mbedtls_svc_key_id_t(&pos, &remaining, key); + ok = psasim_serialise_mbedtls_svc_key_id_t( + &pos, &remaining, + key); if (!ok) { goto fail; } - ok = psasim_serialise_psa_algorithm_t(&pos, &remaining, alg); + ok = psasim_serialise_psa_algorithm_t( + &pos, &remaining, + alg); if (!ok) { goto fail; } - ok = psasim_serialise_buffer(&pos, &remaining, input, input_length); + ok = psasim_serialise_buffer( + &pos, &remaining, + input, input_length); if (!ok) { goto fail; } - ok = psasim_serialise_buffer(&pos, &remaining, output, output_size); + ok = psasim_serialise_buffer( + &pos, &remaining, + output, output_size); if (!ok) { goto fail; } - ok = psasim_serialise_size_t(&pos, &remaining, *output_length); + ok = psasim_serialise_size_t( + &pos, &remaining, + *output_length); if (!ok) { goto fail; } @@ -1628,17 +1884,23 @@ psa_status_t psa_cipher_encrypt( goto fail; } - ok = psasim_deserialise_psa_status_t(&rpos, &rremain, &status); + ok = psasim_deserialise_psa_status_t( + &rpos, &rremain, + &status); if (!ok) { goto fail; } - ok = psasim_deserialise_return_buffer(&rpos, &rremain, output, output_size); + ok = psasim_deserialise_return_buffer( + &rpos, &rremain, + output, output_size); if (!ok) { goto fail; } - ok = psasim_deserialise_size_t(&rpos, &rremain, output_length); + ok = psasim_deserialise_size_t( + &rpos, &rremain, + output_length); if (!ok) { goto fail; } @@ -1662,10 +1924,11 @@ psa_status_t psa_cipher_encrypt_setup( size_t result_length; psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - size_t needed = psasim_serialise_begin_needs() + - psasim_serialise_psa_cipher_operation_t_needs(*operation) + - psasim_serialise_mbedtls_svc_key_id_t_needs(key) + - psasim_serialise_psa_algorithm_t_needs(alg); + size_t needed = + psasim_serialise_begin_needs() + + psasim_serialise_psa_cipher_operation_t_needs(*operation) + + psasim_serialise_mbedtls_svc_key_id_t_needs(key) + + psasim_serialise_psa_algorithm_t_needs(alg); ser_params = malloc(needed); if (ser_params == NULL) { @@ -1680,15 +1943,21 @@ psa_status_t psa_cipher_encrypt_setup( if (!ok) { goto fail; } - ok = psasim_serialise_psa_cipher_operation_t(&pos, &remaining, *operation); + ok = psasim_serialise_psa_cipher_operation_t( + &pos, &remaining, + *operation); if (!ok) { goto fail; } - ok = psasim_serialise_mbedtls_svc_key_id_t(&pos, &remaining, key); + ok = psasim_serialise_mbedtls_svc_key_id_t( + &pos, &remaining, + key); if (!ok) { goto fail; } - ok = psasim_serialise_psa_algorithm_t(&pos, &remaining, alg); + ok = psasim_serialise_psa_algorithm_t( + &pos, &remaining, + alg); if (!ok) { goto fail; } @@ -1708,12 +1977,16 @@ psa_status_t psa_cipher_encrypt_setup( goto fail; } - ok = psasim_deserialise_psa_status_t(&rpos, &rremain, &status); + ok = psasim_deserialise_psa_status_t( + &rpos, &rremain, + &status); if (!ok) { goto fail; } - ok = psasim_deserialise_psa_cipher_operation_t(&rpos, &rremain, operation); + ok = psasim_deserialise_psa_cipher_operation_t( + &rpos, &rremain, + operation); if (!ok) { goto fail; } @@ -1737,10 +2010,11 @@ psa_status_t psa_cipher_finish( size_t result_length; psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - size_t needed = psasim_serialise_begin_needs() + - psasim_serialise_psa_cipher_operation_t_needs(*operation) + - psasim_serialise_buffer_needs(output, output_size) + - psasim_serialise_size_t_needs(*output_length); + size_t needed = + psasim_serialise_begin_needs() + + psasim_serialise_psa_cipher_operation_t_needs(*operation) + + psasim_serialise_buffer_needs(output, output_size) + + psasim_serialise_size_t_needs(*output_length); ser_params = malloc(needed); if (ser_params == NULL) { @@ -1755,15 +2029,21 @@ psa_status_t psa_cipher_finish( if (!ok) { goto fail; } - ok = psasim_serialise_psa_cipher_operation_t(&pos, &remaining, *operation); + ok = psasim_serialise_psa_cipher_operation_t( + &pos, &remaining, + *operation); if (!ok) { goto fail; } - ok = psasim_serialise_buffer(&pos, &remaining, output, output_size); + ok = psasim_serialise_buffer( + &pos, &remaining, + output, output_size); if (!ok) { goto fail; } - ok = psasim_serialise_size_t(&pos, &remaining, *output_length); + ok = psasim_serialise_size_t( + &pos, &remaining, + *output_length); if (!ok) { goto fail; } @@ -1783,22 +2063,30 @@ psa_status_t psa_cipher_finish( goto fail; } - ok = psasim_deserialise_psa_status_t(&rpos, &rremain, &status); + ok = psasim_deserialise_psa_status_t( + &rpos, &rremain, + &status); if (!ok) { goto fail; } - ok = psasim_deserialise_psa_cipher_operation_t(&rpos, &rremain, operation); + ok = psasim_deserialise_psa_cipher_operation_t( + &rpos, &rremain, + operation); if (!ok) { goto fail; } - ok = psasim_deserialise_return_buffer(&rpos, &rremain, output, output_size); + ok = psasim_deserialise_return_buffer( + &rpos, &rremain, + output, output_size); if (!ok) { goto fail; } - ok = psasim_deserialise_size_t(&rpos, &rremain, output_length); + ok = psasim_deserialise_size_t( + &rpos, &rremain, + output_length); if (!ok) { goto fail; } @@ -1822,10 +2110,11 @@ psa_status_t psa_cipher_generate_iv( size_t result_length; psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - size_t needed = psasim_serialise_begin_needs() + - psasim_serialise_psa_cipher_operation_t_needs(*operation) + - psasim_serialise_buffer_needs(iv, iv_size) + - psasim_serialise_size_t_needs(*iv_length); + size_t needed = + psasim_serialise_begin_needs() + + psasim_serialise_psa_cipher_operation_t_needs(*operation) + + psasim_serialise_buffer_needs(iv, iv_size) + + psasim_serialise_size_t_needs(*iv_length); ser_params = malloc(needed); if (ser_params == NULL) { @@ -1840,15 +2129,21 @@ psa_status_t psa_cipher_generate_iv( if (!ok) { goto fail; } - ok = psasim_serialise_psa_cipher_operation_t(&pos, &remaining, *operation); + ok = psasim_serialise_psa_cipher_operation_t( + &pos, &remaining, + *operation); if (!ok) { goto fail; } - ok = psasim_serialise_buffer(&pos, &remaining, iv, iv_size); + ok = psasim_serialise_buffer( + &pos, &remaining, + iv, iv_size); if (!ok) { goto fail; } - ok = psasim_serialise_size_t(&pos, &remaining, *iv_length); + ok = psasim_serialise_size_t( + &pos, &remaining, + *iv_length); if (!ok) { goto fail; } @@ -1868,22 +2163,30 @@ psa_status_t psa_cipher_generate_iv( goto fail; } - ok = psasim_deserialise_psa_status_t(&rpos, &rremain, &status); + ok = psasim_deserialise_psa_status_t( + &rpos, &rremain, + &status); if (!ok) { goto fail; } - ok = psasim_deserialise_psa_cipher_operation_t(&rpos, &rremain, operation); + ok = psasim_deserialise_psa_cipher_operation_t( + &rpos, &rremain, + operation); if (!ok) { goto fail; } - ok = psasim_deserialise_return_buffer(&rpos, &rremain, iv, iv_size); + ok = psasim_deserialise_return_buffer( + &rpos, &rremain, + iv, iv_size); if (!ok) { goto fail; } - ok = psasim_deserialise_size_t(&rpos, &rremain, iv_length); + ok = psasim_deserialise_size_t( + &rpos, &rremain, + iv_length); if (!ok) { goto fail; } @@ -1906,9 +2209,10 @@ psa_status_t psa_cipher_set_iv( size_t result_length; psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - size_t needed = psasim_serialise_begin_needs() + - psasim_serialise_psa_cipher_operation_t_needs(*operation) + - psasim_serialise_buffer_needs(iv, iv_length); + size_t needed = + psasim_serialise_begin_needs() + + psasim_serialise_psa_cipher_operation_t_needs(*operation) + + psasim_serialise_buffer_needs(iv, iv_length); ser_params = malloc(needed); if (ser_params == NULL) { @@ -1923,11 +2227,15 @@ psa_status_t psa_cipher_set_iv( if (!ok) { goto fail; } - ok = psasim_serialise_psa_cipher_operation_t(&pos, &remaining, *operation); + ok = psasim_serialise_psa_cipher_operation_t( + &pos, &remaining, + *operation); if (!ok) { goto fail; } - ok = psasim_serialise_buffer(&pos, &remaining, iv, iv_length); + ok = psasim_serialise_buffer( + &pos, &remaining, + iv, iv_length); if (!ok) { goto fail; } @@ -1947,12 +2255,16 @@ psa_status_t psa_cipher_set_iv( goto fail; } - ok = psasim_deserialise_psa_status_t(&rpos, &rremain, &status); + ok = psasim_deserialise_psa_status_t( + &rpos, &rremain, + &status); if (!ok) { goto fail; } - ok = psasim_deserialise_psa_cipher_operation_t(&rpos, &rremain, operation); + ok = psasim_deserialise_psa_cipher_operation_t( + &rpos, &rremain, + operation); if (!ok) { goto fail; } @@ -1977,11 +2289,12 @@ psa_status_t psa_cipher_update( size_t result_length; psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - size_t needed = psasim_serialise_begin_needs() + - psasim_serialise_psa_cipher_operation_t_needs(*operation) + - psasim_serialise_buffer_needs(input, input_length) + - psasim_serialise_buffer_needs(output, output_size) + - psasim_serialise_size_t_needs(*output_length); + size_t needed = + psasim_serialise_begin_needs() + + psasim_serialise_psa_cipher_operation_t_needs(*operation) + + psasim_serialise_buffer_needs(input, input_length) + + psasim_serialise_buffer_needs(output, output_size) + + psasim_serialise_size_t_needs(*output_length); ser_params = malloc(needed); if (ser_params == NULL) { @@ -1996,19 +2309,27 @@ psa_status_t psa_cipher_update( if (!ok) { goto fail; } - ok = psasim_serialise_psa_cipher_operation_t(&pos, &remaining, *operation); + ok = psasim_serialise_psa_cipher_operation_t( + &pos, &remaining, + *operation); if (!ok) { goto fail; } - ok = psasim_serialise_buffer(&pos, &remaining, input, input_length); + ok = psasim_serialise_buffer( + &pos, &remaining, + input, input_length); if (!ok) { goto fail; } - ok = psasim_serialise_buffer(&pos, &remaining, output, output_size); + ok = psasim_serialise_buffer( + &pos, &remaining, + output, output_size); if (!ok) { goto fail; } - ok = psasim_serialise_size_t(&pos, &remaining, *output_length); + ok = psasim_serialise_size_t( + &pos, &remaining, + *output_length); if (!ok) { goto fail; } @@ -2028,22 +2349,30 @@ psa_status_t psa_cipher_update( goto fail; } - ok = psasim_deserialise_psa_status_t(&rpos, &rremain, &status); + ok = psasim_deserialise_psa_status_t( + &rpos, &rremain, + &status); if (!ok) { goto fail; } - ok = psasim_deserialise_psa_cipher_operation_t(&rpos, &rremain, operation); + ok = psasim_deserialise_psa_cipher_operation_t( + &rpos, &rremain, + operation); if (!ok) { goto fail; } - ok = psasim_deserialise_return_buffer(&rpos, &rremain, output, output_size); + ok = psasim_deserialise_return_buffer( + &rpos, &rremain, + output, output_size); if (!ok) { goto fail; } - ok = psasim_deserialise_size_t(&rpos, &rremain, output_length); + ok = psasim_deserialise_size_t( + &rpos, &rremain, + output_length); if (!ok) { goto fail; } @@ -2067,10 +2396,11 @@ psa_status_t psa_copy_key( size_t result_length; psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - size_t needed = psasim_serialise_begin_needs() + - psasim_serialise_mbedtls_svc_key_id_t_needs(source_key) + - psasim_serialise_psa_key_attributes_t_needs(*attributes) + - psasim_serialise_mbedtls_svc_key_id_t_needs(*target_key); + size_t needed = + psasim_serialise_begin_needs() + + psasim_serialise_mbedtls_svc_key_id_t_needs(source_key) + + psasim_serialise_psa_key_attributes_t_needs(*attributes) + + psasim_serialise_mbedtls_svc_key_id_t_needs(*target_key); ser_params = malloc(needed); if (ser_params == NULL) { @@ -2085,15 +2415,21 @@ psa_status_t psa_copy_key( if (!ok) { goto fail; } - ok = psasim_serialise_mbedtls_svc_key_id_t(&pos, &remaining, source_key); + ok = psasim_serialise_mbedtls_svc_key_id_t( + &pos, &remaining, + source_key); if (!ok) { goto fail; } - ok = psasim_serialise_psa_key_attributes_t(&pos, &remaining, *attributes); + ok = psasim_serialise_psa_key_attributes_t( + &pos, &remaining, + *attributes); if (!ok) { goto fail; } - ok = psasim_serialise_mbedtls_svc_key_id_t(&pos, &remaining, *target_key); + ok = psasim_serialise_mbedtls_svc_key_id_t( + &pos, &remaining, + *target_key); if (!ok) { goto fail; } @@ -2113,12 +2449,16 @@ psa_status_t psa_copy_key( goto fail; } - ok = psasim_deserialise_psa_status_t(&rpos, &rremain, &status); + ok = psasim_deserialise_psa_status_t( + &rpos, &rremain, + &status); if (!ok) { goto fail; } - ok = psasim_deserialise_mbedtls_svc_key_id_t(&rpos, &rremain, target_key); + ok = psasim_deserialise_mbedtls_svc_key_id_t( + &rpos, &rremain, + target_key); if (!ok) { goto fail; } @@ -2140,8 +2480,9 @@ psa_status_t psa_destroy_key( size_t result_length; psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - size_t needed = psasim_serialise_begin_needs() + - psasim_serialise_mbedtls_svc_key_id_t_needs(key); + size_t needed = + psasim_serialise_begin_needs() + + psasim_serialise_mbedtls_svc_key_id_t_needs(key); ser_params = malloc(needed); if (ser_params == NULL) { @@ -2156,7 +2497,9 @@ psa_status_t psa_destroy_key( if (!ok) { goto fail; } - ok = psasim_serialise_mbedtls_svc_key_id_t(&pos, &remaining, key); + ok = psasim_serialise_mbedtls_svc_key_id_t( + &pos, &remaining, + key); if (!ok) { goto fail; } @@ -2176,7 +2519,9 @@ psa_status_t psa_destroy_key( goto fail; } - ok = psasim_deserialise_psa_status_t(&rpos, &rremain, &status); + ok = psasim_deserialise_psa_status_t( + &rpos, &rremain, + &status); if (!ok) { goto fail; } @@ -2200,10 +2545,11 @@ psa_status_t psa_export_key( size_t result_length; psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - size_t needed = psasim_serialise_begin_needs() + - psasim_serialise_mbedtls_svc_key_id_t_needs(key) + - psasim_serialise_buffer_needs(data, data_size) + - psasim_serialise_size_t_needs(*data_length); + size_t needed = + psasim_serialise_begin_needs() + + psasim_serialise_mbedtls_svc_key_id_t_needs(key) + + psasim_serialise_buffer_needs(data, data_size) + + psasim_serialise_size_t_needs(*data_length); ser_params = malloc(needed); if (ser_params == NULL) { @@ -2218,15 +2564,21 @@ psa_status_t psa_export_key( if (!ok) { goto fail; } - ok = psasim_serialise_mbedtls_svc_key_id_t(&pos, &remaining, key); + ok = psasim_serialise_mbedtls_svc_key_id_t( + &pos, &remaining, + key); if (!ok) { goto fail; } - ok = psasim_serialise_buffer(&pos, &remaining, data, data_size); + ok = psasim_serialise_buffer( + &pos, &remaining, + data, data_size); if (!ok) { goto fail; } - ok = psasim_serialise_size_t(&pos, &remaining, *data_length); + ok = psasim_serialise_size_t( + &pos, &remaining, + *data_length); if (!ok) { goto fail; } @@ -2246,17 +2598,23 @@ psa_status_t psa_export_key( goto fail; } - ok = psasim_deserialise_psa_status_t(&rpos, &rremain, &status); + ok = psasim_deserialise_psa_status_t( + &rpos, &rremain, + &status); if (!ok) { goto fail; } - ok = psasim_deserialise_return_buffer(&rpos, &rremain, data, data_size); + ok = psasim_deserialise_return_buffer( + &rpos, &rremain, + data, data_size); if (!ok) { goto fail; } - ok = psasim_deserialise_size_t(&rpos, &rremain, data_length); + ok = psasim_deserialise_size_t( + &rpos, &rremain, + data_length); if (!ok) { goto fail; } @@ -2280,10 +2638,11 @@ psa_status_t psa_export_public_key( size_t result_length; psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - size_t needed = psasim_serialise_begin_needs() + - psasim_serialise_mbedtls_svc_key_id_t_needs(key) + - psasim_serialise_buffer_needs(data, data_size) + - psasim_serialise_size_t_needs(*data_length); + size_t needed = + psasim_serialise_begin_needs() + + psasim_serialise_mbedtls_svc_key_id_t_needs(key) + + psasim_serialise_buffer_needs(data, data_size) + + psasim_serialise_size_t_needs(*data_length); ser_params = malloc(needed); if (ser_params == NULL) { @@ -2298,15 +2657,21 @@ psa_status_t psa_export_public_key( if (!ok) { goto fail; } - ok = psasim_serialise_mbedtls_svc_key_id_t(&pos, &remaining, key); + ok = psasim_serialise_mbedtls_svc_key_id_t( + &pos, &remaining, + key); if (!ok) { goto fail; } - ok = psasim_serialise_buffer(&pos, &remaining, data, data_size); + ok = psasim_serialise_buffer( + &pos, &remaining, + data, data_size); if (!ok) { goto fail; } - ok = psasim_serialise_size_t(&pos, &remaining, *data_length); + ok = psasim_serialise_size_t( + &pos, &remaining, + *data_length); if (!ok) { goto fail; } @@ -2326,17 +2691,23 @@ psa_status_t psa_export_public_key( goto fail; } - ok = psasim_deserialise_psa_status_t(&rpos, &rremain, &status); + ok = psasim_deserialise_psa_status_t( + &rpos, &rremain, + &status); if (!ok) { goto fail; } - ok = psasim_deserialise_return_buffer(&rpos, &rremain, data, data_size); + ok = psasim_deserialise_return_buffer( + &rpos, &rremain, + data, data_size); if (!ok) { goto fail; } - ok = psasim_deserialise_size_t(&rpos, &rremain, data_length); + ok = psasim_deserialise_size_t( + &rpos, &rremain, + data_length); if (!ok) { goto fail; } @@ -2359,9 +2730,10 @@ psa_status_t psa_generate_key( size_t result_length; psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - size_t needed = psasim_serialise_begin_needs() + - psasim_serialise_psa_key_attributes_t_needs(*attributes) + - psasim_serialise_mbedtls_svc_key_id_t_needs(*key); + size_t needed = + psasim_serialise_begin_needs() + + psasim_serialise_psa_key_attributes_t_needs(*attributes) + + psasim_serialise_mbedtls_svc_key_id_t_needs(*key); ser_params = malloc(needed); if (ser_params == NULL) { @@ -2376,11 +2748,15 @@ psa_status_t psa_generate_key( if (!ok) { goto fail; } - ok = psasim_serialise_psa_key_attributes_t(&pos, &remaining, *attributes); + ok = psasim_serialise_psa_key_attributes_t( + &pos, &remaining, + *attributes); if (!ok) { goto fail; } - ok = psasim_serialise_mbedtls_svc_key_id_t(&pos, &remaining, *key); + ok = psasim_serialise_mbedtls_svc_key_id_t( + &pos, &remaining, + *key); if (!ok) { goto fail; } @@ -2400,12 +2776,16 @@ psa_status_t psa_generate_key( goto fail; } - ok = psasim_deserialise_psa_status_t(&rpos, &rremain, &status); + ok = psasim_deserialise_psa_status_t( + &rpos, &rremain, + &status); if (!ok) { goto fail; } - ok = psasim_deserialise_mbedtls_svc_key_id_t(&rpos, &rremain, key); + ok = psasim_deserialise_mbedtls_svc_key_id_t( + &rpos, &rremain, + key); if (!ok) { goto fail; } @@ -2429,10 +2809,11 @@ psa_status_t psa_generate_key_ext( size_t result_length; psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - size_t needed = psasim_serialise_begin_needs() + - psasim_serialise_psa_key_attributes_t_needs(*attributes) + - psasim_serialise_psa_key_production_parameters_t_needs(params, params_data_length) + - psasim_serialise_mbedtls_svc_key_id_t_needs(*key); + size_t needed = + psasim_serialise_begin_needs() + + psasim_serialise_psa_key_attributes_t_needs(*attributes) + + psasim_serialise_psa_key_production_parameters_t_needs(params, params_data_length) + + psasim_serialise_mbedtls_svc_key_id_t_needs(*key); ser_params = malloc(needed); if (ser_params == NULL) { @@ -2447,15 +2828,21 @@ psa_status_t psa_generate_key_ext( if (!ok) { goto fail; } - ok = psasim_serialise_psa_key_attributes_t(&pos, &remaining, *attributes); + ok = psasim_serialise_psa_key_attributes_t( + &pos, &remaining, + *attributes); if (!ok) { goto fail; } - ok = psasim_serialise_psa_key_production_parameters_t(&pos, &remaining, params, params_data_length); + ok = psasim_serialise_psa_key_production_parameters_t( + &pos, &remaining, + params, params_data_length); if (!ok) { goto fail; } - ok = psasim_serialise_mbedtls_svc_key_id_t(&pos, &remaining, *key); + ok = psasim_serialise_mbedtls_svc_key_id_t( + &pos, &remaining, + *key); if (!ok) { goto fail; } @@ -2475,12 +2862,16 @@ psa_status_t psa_generate_key_ext( goto fail; } - ok = psasim_deserialise_psa_status_t(&rpos, &rremain, &status); + ok = psasim_deserialise_psa_status_t( + &rpos, &rremain, + &status); if (!ok) { goto fail; } - ok = psasim_deserialise_mbedtls_svc_key_id_t(&rpos, &rremain, key); + ok = psasim_deserialise_mbedtls_svc_key_id_t( + &rpos, &rremain, + key); if (!ok) { goto fail; } @@ -2502,8 +2893,9 @@ psa_status_t psa_generate_random( size_t result_length; psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - size_t needed = psasim_serialise_begin_needs() + - psasim_serialise_buffer_needs(output, output_size); + size_t needed = + psasim_serialise_begin_needs() + + psasim_serialise_buffer_needs(output, output_size); ser_params = malloc(needed); if (ser_params == NULL) { @@ -2518,7 +2910,9 @@ psa_status_t psa_generate_random( if (!ok) { goto fail; } - ok = psasim_serialise_buffer(&pos, &remaining, output, output_size); + ok = psasim_serialise_buffer( + &pos, &remaining, + output, output_size); if (!ok) { goto fail; } @@ -2538,12 +2932,16 @@ psa_status_t psa_generate_random( goto fail; } - ok = psasim_deserialise_psa_status_t(&rpos, &rremain, &status); + ok = psasim_deserialise_psa_status_t( + &rpos, &rremain, + &status); if (!ok) { goto fail; } - ok = psasim_deserialise_return_buffer(&rpos, &rremain, output, output_size); + ok = psasim_deserialise_return_buffer( + &rpos, &rremain, + output, output_size); if (!ok) { goto fail; } @@ -2566,9 +2964,10 @@ psa_status_t psa_get_key_attributes( size_t result_length; psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - size_t needed = psasim_serialise_begin_needs() + - psasim_serialise_mbedtls_svc_key_id_t_needs(key) + - psasim_serialise_psa_key_attributes_t_needs(*attributes); + size_t needed = + psasim_serialise_begin_needs() + + psasim_serialise_mbedtls_svc_key_id_t_needs(key) + + psasim_serialise_psa_key_attributes_t_needs(*attributes); ser_params = malloc(needed); if (ser_params == NULL) { @@ -2583,11 +2982,15 @@ psa_status_t psa_get_key_attributes( if (!ok) { goto fail; } - ok = psasim_serialise_mbedtls_svc_key_id_t(&pos, &remaining, key); + ok = psasim_serialise_mbedtls_svc_key_id_t( + &pos, &remaining, + key); if (!ok) { goto fail; } - ok = psasim_serialise_psa_key_attributes_t(&pos, &remaining, *attributes); + ok = psasim_serialise_psa_key_attributes_t( + &pos, &remaining, + *attributes); if (!ok) { goto fail; } @@ -2607,12 +3010,16 @@ psa_status_t psa_get_key_attributes( goto fail; } - ok = psasim_deserialise_psa_status_t(&rpos, &rremain, &status); + ok = psasim_deserialise_psa_status_t( + &rpos, &rremain, + &status); if (!ok) { goto fail; } - ok = psasim_deserialise_psa_key_attributes_t(&rpos, &rremain, attributes); + ok = psasim_deserialise_psa_key_attributes_t( + &rpos, &rremain, + attributes); if (!ok) { goto fail; } @@ -2634,8 +3041,9 @@ psa_status_t psa_hash_abort( size_t result_length; psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - size_t needed = psasim_serialise_begin_needs() + - psasim_serialise_psa_hash_operation_t_needs(*operation); + size_t needed = + psasim_serialise_begin_needs() + + psasim_serialise_psa_hash_operation_t_needs(*operation); ser_params = malloc(needed); if (ser_params == NULL) { @@ -2650,7 +3058,9 @@ psa_status_t psa_hash_abort( if (!ok) { goto fail; } - ok = psasim_serialise_psa_hash_operation_t(&pos, &remaining, *operation); + ok = psasim_serialise_psa_hash_operation_t( + &pos, &remaining, + *operation); if (!ok) { goto fail; } @@ -2670,12 +3080,16 @@ psa_status_t psa_hash_abort( goto fail; } - ok = psasim_deserialise_psa_status_t(&rpos, &rremain, &status); + ok = psasim_deserialise_psa_status_t( + &rpos, &rremain, + &status); if (!ok) { goto fail; } - ok = psasim_deserialise_psa_hash_operation_t(&rpos, &rremain, operation); + ok = psasim_deserialise_psa_hash_operation_t( + &rpos, &rremain, + operation); if (!ok) { goto fail; } @@ -2698,9 +3112,10 @@ psa_status_t psa_hash_clone( size_t result_length; psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - size_t needed = psasim_serialise_begin_needs() + - psasim_serialise_psa_hash_operation_t_needs(*source_operation) + - psasim_serialise_psa_hash_operation_t_needs(*target_operation); + size_t needed = + psasim_serialise_begin_needs() + + psasim_serialise_psa_hash_operation_t_needs(*source_operation) + + psasim_serialise_psa_hash_operation_t_needs(*target_operation); ser_params = malloc(needed); if (ser_params == NULL) { @@ -2715,11 +3130,15 @@ psa_status_t psa_hash_clone( if (!ok) { goto fail; } - ok = psasim_serialise_psa_hash_operation_t(&pos, &remaining, *source_operation); + ok = psasim_serialise_psa_hash_operation_t( + &pos, &remaining, + *source_operation); if (!ok) { goto fail; } - ok = psasim_serialise_psa_hash_operation_t(&pos, &remaining, *target_operation); + ok = psasim_serialise_psa_hash_operation_t( + &pos, &remaining, + *target_operation); if (!ok) { goto fail; } @@ -2739,12 +3158,16 @@ psa_status_t psa_hash_clone( goto fail; } - ok = psasim_deserialise_psa_status_t(&rpos, &rremain, &status); + ok = psasim_deserialise_psa_status_t( + &rpos, &rremain, + &status); if (!ok) { goto fail; } - ok = psasim_deserialise_psa_hash_operation_t(&rpos, &rremain, target_operation); + ok = psasim_deserialise_psa_hash_operation_t( + &rpos, &rremain, + target_operation); if (!ok) { goto fail; } @@ -2768,10 +3191,11 @@ psa_status_t psa_hash_compare( size_t result_length; psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - size_t needed = psasim_serialise_begin_needs() + - psasim_serialise_psa_algorithm_t_needs(alg) + - psasim_serialise_buffer_needs(input, input_length) + - psasim_serialise_buffer_needs(hash, hash_length); + size_t needed = + psasim_serialise_begin_needs() + + psasim_serialise_psa_algorithm_t_needs(alg) + + psasim_serialise_buffer_needs(input, input_length) + + psasim_serialise_buffer_needs(hash, hash_length); ser_params = malloc(needed); if (ser_params == NULL) { @@ -2786,15 +3210,21 @@ psa_status_t psa_hash_compare( if (!ok) { goto fail; } - ok = psasim_serialise_psa_algorithm_t(&pos, &remaining, alg); + ok = psasim_serialise_psa_algorithm_t( + &pos, &remaining, + alg); if (!ok) { goto fail; } - ok = psasim_serialise_buffer(&pos, &remaining, input, input_length); + ok = psasim_serialise_buffer( + &pos, &remaining, + input, input_length); if (!ok) { goto fail; } - ok = psasim_serialise_buffer(&pos, &remaining, hash, hash_length); + ok = psasim_serialise_buffer( + &pos, &remaining, + hash, hash_length); if (!ok) { goto fail; } @@ -2814,7 +3244,9 @@ psa_status_t psa_hash_compare( goto fail; } - ok = psasim_deserialise_psa_status_t(&rpos, &rremain, &status); + ok = psasim_deserialise_psa_status_t( + &rpos, &rremain, + &status); if (!ok) { goto fail; } @@ -2839,11 +3271,12 @@ psa_status_t psa_hash_compute( size_t result_length; psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - size_t needed = psasim_serialise_begin_needs() + - psasim_serialise_psa_algorithm_t_needs(alg) + - psasim_serialise_buffer_needs(input, input_length) + - psasim_serialise_buffer_needs(hash, hash_size) + - psasim_serialise_size_t_needs(*hash_length); + size_t needed = + psasim_serialise_begin_needs() + + psasim_serialise_psa_algorithm_t_needs(alg) + + psasim_serialise_buffer_needs(input, input_length) + + psasim_serialise_buffer_needs(hash, hash_size) + + psasim_serialise_size_t_needs(*hash_length); ser_params = malloc(needed); if (ser_params == NULL) { @@ -2858,19 +3291,27 @@ psa_status_t psa_hash_compute( if (!ok) { goto fail; } - ok = psasim_serialise_psa_algorithm_t(&pos, &remaining, alg); + ok = psasim_serialise_psa_algorithm_t( + &pos, &remaining, + alg); if (!ok) { goto fail; } - ok = psasim_serialise_buffer(&pos, &remaining, input, input_length); + ok = psasim_serialise_buffer( + &pos, &remaining, + input, input_length); if (!ok) { goto fail; } - ok = psasim_serialise_buffer(&pos, &remaining, hash, hash_size); + ok = psasim_serialise_buffer( + &pos, &remaining, + hash, hash_size); if (!ok) { goto fail; } - ok = psasim_serialise_size_t(&pos, &remaining, *hash_length); + ok = psasim_serialise_size_t( + &pos, &remaining, + *hash_length); if (!ok) { goto fail; } @@ -2890,17 +3331,23 @@ psa_status_t psa_hash_compute( goto fail; } - ok = psasim_deserialise_psa_status_t(&rpos, &rremain, &status); + ok = psasim_deserialise_psa_status_t( + &rpos, &rremain, + &status); if (!ok) { goto fail; } - ok = psasim_deserialise_return_buffer(&rpos, &rremain, hash, hash_size); + ok = psasim_deserialise_return_buffer( + &rpos, &rremain, + hash, hash_size); if (!ok) { goto fail; } - ok = psasim_deserialise_size_t(&rpos, &rremain, hash_length); + ok = psasim_deserialise_size_t( + &rpos, &rremain, + hash_length); if (!ok) { goto fail; } @@ -2924,10 +3371,11 @@ psa_status_t psa_hash_finish( size_t result_length; psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - size_t needed = psasim_serialise_begin_needs() + - psasim_serialise_psa_hash_operation_t_needs(*operation) + - psasim_serialise_buffer_needs(hash, hash_size) + - psasim_serialise_size_t_needs(*hash_length); + size_t needed = + psasim_serialise_begin_needs() + + psasim_serialise_psa_hash_operation_t_needs(*operation) + + psasim_serialise_buffer_needs(hash, hash_size) + + psasim_serialise_size_t_needs(*hash_length); ser_params = malloc(needed); if (ser_params == NULL) { @@ -2942,15 +3390,21 @@ psa_status_t psa_hash_finish( if (!ok) { goto fail; } - ok = psasim_serialise_psa_hash_operation_t(&pos, &remaining, *operation); + ok = psasim_serialise_psa_hash_operation_t( + &pos, &remaining, + *operation); if (!ok) { goto fail; } - ok = psasim_serialise_buffer(&pos, &remaining, hash, hash_size); + ok = psasim_serialise_buffer( + &pos, &remaining, + hash, hash_size); if (!ok) { goto fail; } - ok = psasim_serialise_size_t(&pos, &remaining, *hash_length); + ok = psasim_serialise_size_t( + &pos, &remaining, + *hash_length); if (!ok) { goto fail; } @@ -2970,22 +3424,30 @@ psa_status_t psa_hash_finish( goto fail; } - ok = psasim_deserialise_psa_status_t(&rpos, &rremain, &status); + ok = psasim_deserialise_psa_status_t( + &rpos, &rremain, + &status); if (!ok) { goto fail; } - ok = psasim_deserialise_psa_hash_operation_t(&rpos, &rremain, operation); + ok = psasim_deserialise_psa_hash_operation_t( + &rpos, &rremain, + operation); if (!ok) { goto fail; } - ok = psasim_deserialise_return_buffer(&rpos, &rremain, hash, hash_size); + ok = psasim_deserialise_return_buffer( + &rpos, &rremain, + hash, hash_size); if (!ok) { goto fail; } - ok = psasim_deserialise_size_t(&rpos, &rremain, hash_length); + ok = psasim_deserialise_size_t( + &rpos, &rremain, + hash_length); if (!ok) { goto fail; } @@ -3008,9 +3470,10 @@ psa_status_t psa_hash_setup( size_t result_length; psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - size_t needed = psasim_serialise_begin_needs() + - psasim_serialise_psa_hash_operation_t_needs(*operation) + - psasim_serialise_psa_algorithm_t_needs(alg); + size_t needed = + psasim_serialise_begin_needs() + + psasim_serialise_psa_hash_operation_t_needs(*operation) + + psasim_serialise_psa_algorithm_t_needs(alg); ser_params = malloc(needed); if (ser_params == NULL) { @@ -3025,11 +3488,15 @@ psa_status_t psa_hash_setup( if (!ok) { goto fail; } - ok = psasim_serialise_psa_hash_operation_t(&pos, &remaining, *operation); + ok = psasim_serialise_psa_hash_operation_t( + &pos, &remaining, + *operation); if (!ok) { goto fail; } - ok = psasim_serialise_psa_algorithm_t(&pos, &remaining, alg); + ok = psasim_serialise_psa_algorithm_t( + &pos, &remaining, + alg); if (!ok) { goto fail; } @@ -3049,12 +3516,16 @@ psa_status_t psa_hash_setup( goto fail; } - ok = psasim_deserialise_psa_status_t(&rpos, &rremain, &status); + ok = psasim_deserialise_psa_status_t( + &rpos, &rremain, + &status); if (!ok) { goto fail; } - ok = psasim_deserialise_psa_hash_operation_t(&rpos, &rremain, operation); + ok = psasim_deserialise_psa_hash_operation_t( + &rpos, &rremain, + operation); if (!ok) { goto fail; } @@ -3077,9 +3548,10 @@ psa_status_t psa_hash_update( size_t result_length; psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - size_t needed = psasim_serialise_begin_needs() + - psasim_serialise_psa_hash_operation_t_needs(*operation) + - psasim_serialise_buffer_needs(input, input_length); + size_t needed = + psasim_serialise_begin_needs() + + psasim_serialise_psa_hash_operation_t_needs(*operation) + + psasim_serialise_buffer_needs(input, input_length); ser_params = malloc(needed); if (ser_params == NULL) { @@ -3094,11 +3566,15 @@ psa_status_t psa_hash_update( if (!ok) { goto fail; } - ok = psasim_serialise_psa_hash_operation_t(&pos, &remaining, *operation); + ok = psasim_serialise_psa_hash_operation_t( + &pos, &remaining, + *operation); if (!ok) { goto fail; } - ok = psasim_serialise_buffer(&pos, &remaining, input, input_length); + ok = psasim_serialise_buffer( + &pos, &remaining, + input, input_length); if (!ok) { goto fail; } @@ -3118,12 +3594,16 @@ psa_status_t psa_hash_update( goto fail; } - ok = psasim_deserialise_psa_status_t(&rpos, &rremain, &status); + ok = psasim_deserialise_psa_status_t( + &rpos, &rremain, + &status); if (!ok) { goto fail; } - ok = psasim_deserialise_psa_hash_operation_t(&rpos, &rremain, operation); + ok = psasim_deserialise_psa_hash_operation_t( + &rpos, &rremain, + operation); if (!ok) { goto fail; } @@ -3146,9 +3626,10 @@ psa_status_t psa_hash_verify( size_t result_length; psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - size_t needed = psasim_serialise_begin_needs() + - psasim_serialise_psa_hash_operation_t_needs(*operation) + - psasim_serialise_buffer_needs(hash, hash_length); + size_t needed = + psasim_serialise_begin_needs() + + psasim_serialise_psa_hash_operation_t_needs(*operation) + + psasim_serialise_buffer_needs(hash, hash_length); ser_params = malloc(needed); if (ser_params == NULL) { @@ -3163,11 +3644,15 @@ psa_status_t psa_hash_verify( if (!ok) { goto fail; } - ok = psasim_serialise_psa_hash_operation_t(&pos, &remaining, *operation); + ok = psasim_serialise_psa_hash_operation_t( + &pos, &remaining, + *operation); if (!ok) { goto fail; } - ok = psasim_serialise_buffer(&pos, &remaining, hash, hash_length); + ok = psasim_serialise_buffer( + &pos, &remaining, + hash, hash_length); if (!ok) { goto fail; } @@ -3187,12 +3672,16 @@ psa_status_t psa_hash_verify( goto fail; } - ok = psasim_deserialise_psa_status_t(&rpos, &rremain, &status); + ok = psasim_deserialise_psa_status_t( + &rpos, &rremain, + &status); if (!ok) { goto fail; } - ok = psasim_deserialise_psa_hash_operation_t(&rpos, &rremain, operation); + ok = psasim_deserialise_psa_hash_operation_t( + &rpos, &rremain, + operation); if (!ok) { goto fail; } @@ -3216,10 +3705,11 @@ psa_status_t psa_import_key( size_t result_length; psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - size_t needed = psasim_serialise_begin_needs() + - psasim_serialise_psa_key_attributes_t_needs(*attributes) + - psasim_serialise_buffer_needs(data, data_length) + - psasim_serialise_mbedtls_svc_key_id_t_needs(*key); + size_t needed = + psasim_serialise_begin_needs() + + psasim_serialise_psa_key_attributes_t_needs(*attributes) + + psasim_serialise_buffer_needs(data, data_length) + + psasim_serialise_mbedtls_svc_key_id_t_needs(*key); ser_params = malloc(needed); if (ser_params == NULL) { @@ -3234,15 +3724,21 @@ psa_status_t psa_import_key( if (!ok) { goto fail; } - ok = psasim_serialise_psa_key_attributes_t(&pos, &remaining, *attributes); + ok = psasim_serialise_psa_key_attributes_t( + &pos, &remaining, + *attributes); if (!ok) { goto fail; } - ok = psasim_serialise_buffer(&pos, &remaining, data, data_length); + ok = psasim_serialise_buffer( + &pos, &remaining, + data, data_length); if (!ok) { goto fail; } - ok = psasim_serialise_mbedtls_svc_key_id_t(&pos, &remaining, *key); + ok = psasim_serialise_mbedtls_svc_key_id_t( + &pos, &remaining, + *key); if (!ok) { goto fail; } @@ -3262,12 +3758,16 @@ psa_status_t psa_import_key( goto fail; } - ok = psasim_deserialise_psa_status_t(&rpos, &rremain, &status); + ok = psasim_deserialise_psa_status_t( + &rpos, &rremain, + &status); if (!ok) { goto fail; } - ok = psasim_deserialise_mbedtls_svc_key_id_t(&rpos, &rremain, key); + ok = psasim_deserialise_mbedtls_svc_key_id_t( + &rpos, &rremain, + key); if (!ok) { goto fail; } @@ -3282,15 +3782,16 @@ fail: uint32_t psa_interruptible_get_max_ops( void -) + ) { uint8_t *ser_params = NULL; uint8_t *ser_result = NULL; size_t result_length; uint32_t value = 0; - size_t needed = psasim_serialise_begin_needs() + - 0; + size_t needed = + psasim_serialise_begin_needs() + + 0; ser_params = malloc(needed); if (ser_params == NULL) { @@ -3321,7 +3822,9 @@ uint32_t psa_interruptible_get_max_ops( goto fail; } - ok = psasim_deserialise_uint32_t(&rpos, &rremain, &value); + ok = psasim_deserialise_uint32_t( + &rpos, &rremain, + &value); if (!ok) { goto fail; } @@ -3342,8 +3845,9 @@ void psa_interruptible_set_max_ops( uint8_t *ser_result = NULL; size_t result_length; - size_t needed = psasim_serialise_begin_needs() + - psasim_serialise_uint32_t_needs(max_ops); + size_t needed = + psasim_serialise_begin_needs() + + psasim_serialise_uint32_t_needs(max_ops); ser_params = malloc(needed); if (ser_params == NULL) { @@ -3357,7 +3861,9 @@ void psa_interruptible_set_max_ops( if (!ok) { goto fail; } - ok = psasim_serialise_uint32_t(&pos, &remaining, max_ops); + ok = psasim_serialise_uint32_t( + &pos, &remaining, + max_ops); if (!ok) { goto fail; } @@ -3392,8 +3898,9 @@ psa_status_t psa_key_derivation_abort( size_t result_length; psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - size_t needed = psasim_serialise_begin_needs() + - psasim_serialise_psa_key_derivation_operation_t_needs(*operation); + size_t needed = + psasim_serialise_begin_needs() + + psasim_serialise_psa_key_derivation_operation_t_needs(*operation); ser_params = malloc(needed); if (ser_params == NULL) { @@ -3408,7 +3915,9 @@ psa_status_t psa_key_derivation_abort( if (!ok) { goto fail; } - ok = psasim_serialise_psa_key_derivation_operation_t(&pos, &remaining, *operation); + ok = psasim_serialise_psa_key_derivation_operation_t( + &pos, &remaining, + *operation); if (!ok) { goto fail; } @@ -3428,12 +3937,16 @@ psa_status_t psa_key_derivation_abort( goto fail; } - ok = psasim_deserialise_psa_status_t(&rpos, &rremain, &status); + ok = psasim_deserialise_psa_status_t( + &rpos, &rremain, + &status); if (!ok) { goto fail; } - ok = psasim_deserialise_psa_key_derivation_operation_t(&rpos, &rremain, operation); + ok = psasim_deserialise_psa_key_derivation_operation_t( + &rpos, &rremain, + operation); if (!ok) { goto fail; } @@ -3456,9 +3969,10 @@ psa_status_t psa_key_derivation_get_capacity( size_t result_length; psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - size_t needed = psasim_serialise_begin_needs() + - psasim_serialise_psa_key_derivation_operation_t_needs(*operation) + - psasim_serialise_size_t_needs(*capacity); + size_t needed = + psasim_serialise_begin_needs() + + psasim_serialise_psa_key_derivation_operation_t_needs(*operation) + + psasim_serialise_size_t_needs(*capacity); ser_params = malloc(needed); if (ser_params == NULL) { @@ -3473,11 +3987,15 @@ psa_status_t psa_key_derivation_get_capacity( if (!ok) { goto fail; } - ok = psasim_serialise_psa_key_derivation_operation_t(&pos, &remaining, *operation); + ok = psasim_serialise_psa_key_derivation_operation_t( + &pos, &remaining, + *operation); if (!ok) { goto fail; } - ok = psasim_serialise_size_t(&pos, &remaining, *capacity); + ok = psasim_serialise_size_t( + &pos, &remaining, + *capacity); if (!ok) { goto fail; } @@ -3497,12 +4015,16 @@ psa_status_t psa_key_derivation_get_capacity( goto fail; } - ok = psasim_deserialise_psa_status_t(&rpos, &rremain, &status); + ok = psasim_deserialise_psa_status_t( + &rpos, &rremain, + &status); if (!ok) { goto fail; } - ok = psasim_deserialise_size_t(&rpos, &rremain, capacity); + ok = psasim_deserialise_size_t( + &rpos, &rremain, + capacity); if (!ok) { goto fail; } @@ -3526,10 +4048,11 @@ psa_status_t psa_key_derivation_input_bytes( size_t result_length; psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - size_t needed = psasim_serialise_begin_needs() + - psasim_serialise_psa_key_derivation_operation_t_needs(*operation) + - psasim_serialise_psa_key_derivation_step_t_needs(step) + - psasim_serialise_buffer_needs(data, data_length); + size_t needed = + psasim_serialise_begin_needs() + + psasim_serialise_psa_key_derivation_operation_t_needs(*operation) + + psasim_serialise_psa_key_derivation_step_t_needs(step) + + psasim_serialise_buffer_needs(data, data_length); ser_params = malloc(needed); if (ser_params == NULL) { @@ -3544,15 +4067,21 @@ psa_status_t psa_key_derivation_input_bytes( if (!ok) { goto fail; } - ok = psasim_serialise_psa_key_derivation_operation_t(&pos, &remaining, *operation); + ok = psasim_serialise_psa_key_derivation_operation_t( + &pos, &remaining, + *operation); if (!ok) { goto fail; } - ok = psasim_serialise_psa_key_derivation_step_t(&pos, &remaining, step); + ok = psasim_serialise_psa_key_derivation_step_t( + &pos, &remaining, + step); if (!ok) { goto fail; } - ok = psasim_serialise_buffer(&pos, &remaining, data, data_length); + ok = psasim_serialise_buffer( + &pos, &remaining, + data, data_length); if (!ok) { goto fail; } @@ -3572,12 +4101,16 @@ psa_status_t psa_key_derivation_input_bytes( goto fail; } - ok = psasim_deserialise_psa_status_t(&rpos, &rremain, &status); + ok = psasim_deserialise_psa_status_t( + &rpos, &rremain, + &status); if (!ok) { goto fail; } - ok = psasim_deserialise_psa_key_derivation_operation_t(&rpos, &rremain, operation); + ok = psasim_deserialise_psa_key_derivation_operation_t( + &rpos, &rremain, + operation); if (!ok) { goto fail; } @@ -3601,10 +4134,11 @@ psa_status_t psa_key_derivation_input_integer( size_t result_length; psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - size_t needed = psasim_serialise_begin_needs() + - psasim_serialise_psa_key_derivation_operation_t_needs(*operation) + - psasim_serialise_psa_key_derivation_step_t_needs(step) + - psasim_serialise_uint64_t_needs(value); + size_t needed = + psasim_serialise_begin_needs() + + psasim_serialise_psa_key_derivation_operation_t_needs(*operation) + + psasim_serialise_psa_key_derivation_step_t_needs(step) + + psasim_serialise_uint64_t_needs(value); ser_params = malloc(needed); if (ser_params == NULL) { @@ -3619,15 +4153,21 @@ psa_status_t psa_key_derivation_input_integer( if (!ok) { goto fail; } - ok = psasim_serialise_psa_key_derivation_operation_t(&pos, &remaining, *operation); + ok = psasim_serialise_psa_key_derivation_operation_t( + &pos, &remaining, + *operation); if (!ok) { goto fail; } - ok = psasim_serialise_psa_key_derivation_step_t(&pos, &remaining, step); + ok = psasim_serialise_psa_key_derivation_step_t( + &pos, &remaining, + step); if (!ok) { goto fail; } - ok = psasim_serialise_uint64_t(&pos, &remaining, value); + ok = psasim_serialise_uint64_t( + &pos, &remaining, + value); if (!ok) { goto fail; } @@ -3647,12 +4187,16 @@ psa_status_t psa_key_derivation_input_integer( goto fail; } - ok = psasim_deserialise_psa_status_t(&rpos, &rremain, &status); + ok = psasim_deserialise_psa_status_t( + &rpos, &rremain, + &status); if (!ok) { goto fail; } - ok = psasim_deserialise_psa_key_derivation_operation_t(&rpos, &rremain, operation); + ok = psasim_deserialise_psa_key_derivation_operation_t( + &rpos, &rremain, + operation); if (!ok) { goto fail; } @@ -3676,10 +4220,11 @@ psa_status_t psa_key_derivation_input_key( size_t result_length; psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - size_t needed = psasim_serialise_begin_needs() + - psasim_serialise_psa_key_derivation_operation_t_needs(*operation) + - psasim_serialise_psa_key_derivation_step_t_needs(step) + - psasim_serialise_mbedtls_svc_key_id_t_needs(key); + size_t needed = + psasim_serialise_begin_needs() + + psasim_serialise_psa_key_derivation_operation_t_needs(*operation) + + psasim_serialise_psa_key_derivation_step_t_needs(step) + + psasim_serialise_mbedtls_svc_key_id_t_needs(key); ser_params = malloc(needed); if (ser_params == NULL) { @@ -3694,15 +4239,21 @@ psa_status_t psa_key_derivation_input_key( if (!ok) { goto fail; } - ok = psasim_serialise_psa_key_derivation_operation_t(&pos, &remaining, *operation); + ok = psasim_serialise_psa_key_derivation_operation_t( + &pos, &remaining, + *operation); if (!ok) { goto fail; } - ok = psasim_serialise_psa_key_derivation_step_t(&pos, &remaining, step); + ok = psasim_serialise_psa_key_derivation_step_t( + &pos, &remaining, + step); if (!ok) { goto fail; } - ok = psasim_serialise_mbedtls_svc_key_id_t(&pos, &remaining, key); + ok = psasim_serialise_mbedtls_svc_key_id_t( + &pos, &remaining, + key); if (!ok) { goto fail; } @@ -3722,12 +4273,16 @@ psa_status_t psa_key_derivation_input_key( goto fail; } - ok = psasim_deserialise_psa_status_t(&rpos, &rremain, &status); + ok = psasim_deserialise_psa_status_t( + &rpos, &rremain, + &status); if (!ok) { goto fail; } - ok = psasim_deserialise_psa_key_derivation_operation_t(&rpos, &rremain, operation); + ok = psasim_deserialise_psa_key_derivation_operation_t( + &rpos, &rremain, + operation); if (!ok) { goto fail; } @@ -3752,11 +4307,12 @@ psa_status_t psa_key_derivation_key_agreement( size_t result_length; psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - size_t needed = psasim_serialise_begin_needs() + - psasim_serialise_psa_key_derivation_operation_t_needs(*operation) + - psasim_serialise_psa_key_derivation_step_t_needs(step) + - psasim_serialise_mbedtls_svc_key_id_t_needs(private_key) + - psasim_serialise_buffer_needs(peer_key, peer_key_length); + size_t needed = + psasim_serialise_begin_needs() + + psasim_serialise_psa_key_derivation_operation_t_needs(*operation) + + psasim_serialise_psa_key_derivation_step_t_needs(step) + + psasim_serialise_mbedtls_svc_key_id_t_needs(private_key) + + psasim_serialise_buffer_needs(peer_key, peer_key_length); ser_params = malloc(needed); if (ser_params == NULL) { @@ -3771,19 +4327,27 @@ psa_status_t psa_key_derivation_key_agreement( if (!ok) { goto fail; } - ok = psasim_serialise_psa_key_derivation_operation_t(&pos, &remaining, *operation); + ok = psasim_serialise_psa_key_derivation_operation_t( + &pos, &remaining, + *operation); if (!ok) { goto fail; } - ok = psasim_serialise_psa_key_derivation_step_t(&pos, &remaining, step); + ok = psasim_serialise_psa_key_derivation_step_t( + &pos, &remaining, + step); if (!ok) { goto fail; } - ok = psasim_serialise_mbedtls_svc_key_id_t(&pos, &remaining, private_key); + ok = psasim_serialise_mbedtls_svc_key_id_t( + &pos, &remaining, + private_key); if (!ok) { goto fail; } - ok = psasim_serialise_buffer(&pos, &remaining, peer_key, peer_key_length); + ok = psasim_serialise_buffer( + &pos, &remaining, + peer_key, peer_key_length); if (!ok) { goto fail; } @@ -3803,12 +4367,16 @@ psa_status_t psa_key_derivation_key_agreement( goto fail; } - ok = psasim_deserialise_psa_status_t(&rpos, &rremain, &status); + ok = psasim_deserialise_psa_status_t( + &rpos, &rremain, + &status); if (!ok) { goto fail; } - ok = psasim_deserialise_psa_key_derivation_operation_t(&rpos, &rremain, operation); + ok = psasim_deserialise_psa_key_derivation_operation_t( + &rpos, &rremain, + operation); if (!ok) { goto fail; } @@ -3831,9 +4399,10 @@ psa_status_t psa_key_derivation_output_bytes( size_t result_length; psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - size_t needed = psasim_serialise_begin_needs() + - psasim_serialise_psa_key_derivation_operation_t_needs(*operation) + - psasim_serialise_buffer_needs(output, output_length); + size_t needed = + psasim_serialise_begin_needs() + + psasim_serialise_psa_key_derivation_operation_t_needs(*operation) + + psasim_serialise_buffer_needs(output, output_length); ser_params = malloc(needed); if (ser_params == NULL) { @@ -3848,11 +4417,15 @@ psa_status_t psa_key_derivation_output_bytes( if (!ok) { goto fail; } - ok = psasim_serialise_psa_key_derivation_operation_t(&pos, &remaining, *operation); + ok = psasim_serialise_psa_key_derivation_operation_t( + &pos, &remaining, + *operation); if (!ok) { goto fail; } - ok = psasim_serialise_buffer(&pos, &remaining, output, output_length); + ok = psasim_serialise_buffer( + &pos, &remaining, + output, output_length); if (!ok) { goto fail; } @@ -3872,17 +4445,23 @@ psa_status_t psa_key_derivation_output_bytes( goto fail; } - ok = psasim_deserialise_psa_status_t(&rpos, &rremain, &status); + ok = psasim_deserialise_psa_status_t( + &rpos, &rremain, + &status); if (!ok) { goto fail; } - ok = psasim_deserialise_psa_key_derivation_operation_t(&rpos, &rremain, operation); + ok = psasim_deserialise_psa_key_derivation_operation_t( + &rpos, &rremain, + operation); if (!ok) { goto fail; } - ok = psasim_deserialise_return_buffer(&rpos, &rremain, output, output_length); + ok = psasim_deserialise_return_buffer( + &rpos, &rremain, + output, output_length); if (!ok) { goto fail; } @@ -3906,10 +4485,11 @@ psa_status_t psa_key_derivation_output_key( size_t result_length; psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - size_t needed = psasim_serialise_begin_needs() + - psasim_serialise_psa_key_attributes_t_needs(*attributes) + - psasim_serialise_psa_key_derivation_operation_t_needs(*operation) + - psasim_serialise_mbedtls_svc_key_id_t_needs(*key); + size_t needed = + psasim_serialise_begin_needs() + + psasim_serialise_psa_key_attributes_t_needs(*attributes) + + psasim_serialise_psa_key_derivation_operation_t_needs(*operation) + + psasim_serialise_mbedtls_svc_key_id_t_needs(*key); ser_params = malloc(needed); if (ser_params == NULL) { @@ -3924,15 +4504,21 @@ psa_status_t psa_key_derivation_output_key( if (!ok) { goto fail; } - ok = psasim_serialise_psa_key_attributes_t(&pos, &remaining, *attributes); + ok = psasim_serialise_psa_key_attributes_t( + &pos, &remaining, + *attributes); if (!ok) { goto fail; } - ok = psasim_serialise_psa_key_derivation_operation_t(&pos, &remaining, *operation); + ok = psasim_serialise_psa_key_derivation_operation_t( + &pos, &remaining, + *operation); if (!ok) { goto fail; } - ok = psasim_serialise_mbedtls_svc_key_id_t(&pos, &remaining, *key); + ok = psasim_serialise_mbedtls_svc_key_id_t( + &pos, &remaining, + *key); if (!ok) { goto fail; } @@ -3952,17 +4538,23 @@ psa_status_t psa_key_derivation_output_key( goto fail; } - ok = psasim_deserialise_psa_status_t(&rpos, &rremain, &status); + ok = psasim_deserialise_psa_status_t( + &rpos, &rremain, + &status); if (!ok) { goto fail; } - ok = psasim_deserialise_psa_key_derivation_operation_t(&rpos, &rremain, operation); + ok = psasim_deserialise_psa_key_derivation_operation_t( + &rpos, &rremain, + operation); if (!ok) { goto fail; } - ok = psasim_deserialise_mbedtls_svc_key_id_t(&rpos, &rremain, key); + ok = psasim_deserialise_mbedtls_svc_key_id_t( + &rpos, &rremain, + key); if (!ok) { goto fail; } @@ -3987,11 +4579,12 @@ psa_status_t psa_key_derivation_output_key_ext( size_t result_length; psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - size_t needed = psasim_serialise_begin_needs() + - psasim_serialise_psa_key_attributes_t_needs(*attributes) + - psasim_serialise_psa_key_derivation_operation_t_needs(*operation) + - psasim_serialise_psa_key_production_parameters_t_needs(params, params_data_length) + - psasim_serialise_mbedtls_svc_key_id_t_needs(*key); + size_t needed = + psasim_serialise_begin_needs() + + psasim_serialise_psa_key_attributes_t_needs(*attributes) + + psasim_serialise_psa_key_derivation_operation_t_needs(*operation) + + psasim_serialise_psa_key_production_parameters_t_needs(params, params_data_length) + + psasim_serialise_mbedtls_svc_key_id_t_needs(*key); ser_params = malloc(needed); if (ser_params == NULL) { @@ -4006,19 +4599,27 @@ psa_status_t psa_key_derivation_output_key_ext( if (!ok) { goto fail; } - ok = psasim_serialise_psa_key_attributes_t(&pos, &remaining, *attributes); + ok = psasim_serialise_psa_key_attributes_t( + &pos, &remaining, + *attributes); if (!ok) { goto fail; } - ok = psasim_serialise_psa_key_derivation_operation_t(&pos, &remaining, *operation); + ok = psasim_serialise_psa_key_derivation_operation_t( + &pos, &remaining, + *operation); if (!ok) { goto fail; } - ok = psasim_serialise_psa_key_production_parameters_t(&pos, &remaining, params, params_data_length); + ok = psasim_serialise_psa_key_production_parameters_t( + &pos, &remaining, + params, params_data_length); if (!ok) { goto fail; } - ok = psasim_serialise_mbedtls_svc_key_id_t(&pos, &remaining, *key); + ok = psasim_serialise_mbedtls_svc_key_id_t( + &pos, &remaining, + *key); if (!ok) { goto fail; } @@ -4038,17 +4639,23 @@ psa_status_t psa_key_derivation_output_key_ext( goto fail; } - ok = psasim_deserialise_psa_status_t(&rpos, &rremain, &status); + ok = psasim_deserialise_psa_status_t( + &rpos, &rremain, + &status); if (!ok) { goto fail; } - ok = psasim_deserialise_psa_key_derivation_operation_t(&rpos, &rremain, operation); + ok = psasim_deserialise_psa_key_derivation_operation_t( + &rpos, &rremain, + operation); if (!ok) { goto fail; } - ok = psasim_deserialise_mbedtls_svc_key_id_t(&rpos, &rremain, key); + ok = psasim_deserialise_mbedtls_svc_key_id_t( + &rpos, &rremain, + key); if (!ok) { goto fail; } @@ -4071,9 +4678,10 @@ psa_status_t psa_key_derivation_set_capacity( size_t result_length; psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - size_t needed = psasim_serialise_begin_needs() + - psasim_serialise_psa_key_derivation_operation_t_needs(*operation) + - psasim_serialise_size_t_needs(capacity); + size_t needed = + psasim_serialise_begin_needs() + + psasim_serialise_psa_key_derivation_operation_t_needs(*operation) + + psasim_serialise_size_t_needs(capacity); ser_params = malloc(needed); if (ser_params == NULL) { @@ -4088,11 +4696,15 @@ psa_status_t psa_key_derivation_set_capacity( if (!ok) { goto fail; } - ok = psasim_serialise_psa_key_derivation_operation_t(&pos, &remaining, *operation); + ok = psasim_serialise_psa_key_derivation_operation_t( + &pos, &remaining, + *operation); if (!ok) { goto fail; } - ok = psasim_serialise_size_t(&pos, &remaining, capacity); + ok = psasim_serialise_size_t( + &pos, &remaining, + capacity); if (!ok) { goto fail; } @@ -4112,12 +4724,16 @@ psa_status_t psa_key_derivation_set_capacity( goto fail; } - ok = psasim_deserialise_psa_status_t(&rpos, &rremain, &status); + ok = psasim_deserialise_psa_status_t( + &rpos, &rremain, + &status); if (!ok) { goto fail; } - ok = psasim_deserialise_psa_key_derivation_operation_t(&rpos, &rremain, operation); + ok = psasim_deserialise_psa_key_derivation_operation_t( + &rpos, &rremain, + operation); if (!ok) { goto fail; } @@ -4140,9 +4756,10 @@ psa_status_t psa_key_derivation_setup( size_t result_length; psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - size_t needed = psasim_serialise_begin_needs() + - psasim_serialise_psa_key_derivation_operation_t_needs(*operation) + - psasim_serialise_psa_algorithm_t_needs(alg); + size_t needed = + psasim_serialise_begin_needs() + + psasim_serialise_psa_key_derivation_operation_t_needs(*operation) + + psasim_serialise_psa_algorithm_t_needs(alg); ser_params = malloc(needed); if (ser_params == NULL) { @@ -4157,11 +4774,15 @@ psa_status_t psa_key_derivation_setup( if (!ok) { goto fail; } - ok = psasim_serialise_psa_key_derivation_operation_t(&pos, &remaining, *operation); + ok = psasim_serialise_psa_key_derivation_operation_t( + &pos, &remaining, + *operation); if (!ok) { goto fail; } - ok = psasim_serialise_psa_algorithm_t(&pos, &remaining, alg); + ok = psasim_serialise_psa_algorithm_t( + &pos, &remaining, + alg); if (!ok) { goto fail; } @@ -4181,12 +4802,16 @@ psa_status_t psa_key_derivation_setup( goto fail; } - ok = psasim_deserialise_psa_status_t(&rpos, &rremain, &status); + ok = psasim_deserialise_psa_status_t( + &rpos, &rremain, + &status); if (!ok) { goto fail; } - ok = psasim_deserialise_psa_key_derivation_operation_t(&rpos, &rremain, operation); + ok = psasim_deserialise_psa_key_derivation_operation_t( + &rpos, &rremain, + operation); if (!ok) { goto fail; } @@ -4208,8 +4833,9 @@ psa_status_t psa_mac_abort( size_t result_length; psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - size_t needed = psasim_serialise_begin_needs() + - psasim_serialise_psa_mac_operation_t_needs(*operation); + size_t needed = + psasim_serialise_begin_needs() + + psasim_serialise_psa_mac_operation_t_needs(*operation); ser_params = malloc(needed); if (ser_params == NULL) { @@ -4224,7 +4850,9 @@ psa_status_t psa_mac_abort( if (!ok) { goto fail; } - ok = psasim_serialise_psa_mac_operation_t(&pos, &remaining, *operation); + ok = psasim_serialise_psa_mac_operation_t( + &pos, &remaining, + *operation); if (!ok) { goto fail; } @@ -4244,12 +4872,16 @@ psa_status_t psa_mac_abort( goto fail; } - ok = psasim_deserialise_psa_status_t(&rpos, &rremain, &status); + ok = psasim_deserialise_psa_status_t( + &rpos, &rremain, + &status); if (!ok) { goto fail; } - ok = psasim_deserialise_psa_mac_operation_t(&rpos, &rremain, operation); + ok = psasim_deserialise_psa_mac_operation_t( + &rpos, &rremain, + operation); if (!ok) { goto fail; } @@ -4275,12 +4907,13 @@ psa_status_t psa_mac_compute( size_t result_length; psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - size_t needed = psasim_serialise_begin_needs() + - psasim_serialise_mbedtls_svc_key_id_t_needs(key) + - psasim_serialise_psa_algorithm_t_needs(alg) + - psasim_serialise_buffer_needs(input, input_length) + - psasim_serialise_buffer_needs(mac, mac_size) + - psasim_serialise_size_t_needs(*mac_length); + size_t needed = + psasim_serialise_begin_needs() + + psasim_serialise_mbedtls_svc_key_id_t_needs(key) + + psasim_serialise_psa_algorithm_t_needs(alg) + + psasim_serialise_buffer_needs(input, input_length) + + psasim_serialise_buffer_needs(mac, mac_size) + + psasim_serialise_size_t_needs(*mac_length); ser_params = malloc(needed); if (ser_params == NULL) { @@ -4295,23 +4928,33 @@ psa_status_t psa_mac_compute( if (!ok) { goto fail; } - ok = psasim_serialise_mbedtls_svc_key_id_t(&pos, &remaining, key); + ok = psasim_serialise_mbedtls_svc_key_id_t( + &pos, &remaining, + key); if (!ok) { goto fail; } - ok = psasim_serialise_psa_algorithm_t(&pos, &remaining, alg); + ok = psasim_serialise_psa_algorithm_t( + &pos, &remaining, + alg); if (!ok) { goto fail; } - ok = psasim_serialise_buffer(&pos, &remaining, input, input_length); + ok = psasim_serialise_buffer( + &pos, &remaining, + input, input_length); if (!ok) { goto fail; } - ok = psasim_serialise_buffer(&pos, &remaining, mac, mac_size); + ok = psasim_serialise_buffer( + &pos, &remaining, + mac, mac_size); if (!ok) { goto fail; } - ok = psasim_serialise_size_t(&pos, &remaining, *mac_length); + ok = psasim_serialise_size_t( + &pos, &remaining, + *mac_length); if (!ok) { goto fail; } @@ -4331,17 +4974,23 @@ psa_status_t psa_mac_compute( goto fail; } - ok = psasim_deserialise_psa_status_t(&rpos, &rremain, &status); + ok = psasim_deserialise_psa_status_t( + &rpos, &rremain, + &status); if (!ok) { goto fail; } - ok = psasim_deserialise_return_buffer(&rpos, &rremain, mac, mac_size); + ok = psasim_deserialise_return_buffer( + &rpos, &rremain, + mac, mac_size); if (!ok) { goto fail; } - ok = psasim_deserialise_size_t(&rpos, &rremain, mac_length); + ok = psasim_deserialise_size_t( + &rpos, &rremain, + mac_length); if (!ok) { goto fail; } @@ -4365,10 +5014,11 @@ psa_status_t psa_mac_sign_finish( size_t result_length; psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - size_t needed = psasim_serialise_begin_needs() + - psasim_serialise_psa_mac_operation_t_needs(*operation) + - psasim_serialise_buffer_needs(mac, mac_size) + - psasim_serialise_size_t_needs(*mac_length); + size_t needed = + psasim_serialise_begin_needs() + + psasim_serialise_psa_mac_operation_t_needs(*operation) + + psasim_serialise_buffer_needs(mac, mac_size) + + psasim_serialise_size_t_needs(*mac_length); ser_params = malloc(needed); if (ser_params == NULL) { @@ -4383,15 +5033,21 @@ psa_status_t psa_mac_sign_finish( if (!ok) { goto fail; } - ok = psasim_serialise_psa_mac_operation_t(&pos, &remaining, *operation); + ok = psasim_serialise_psa_mac_operation_t( + &pos, &remaining, + *operation); if (!ok) { goto fail; } - ok = psasim_serialise_buffer(&pos, &remaining, mac, mac_size); + ok = psasim_serialise_buffer( + &pos, &remaining, + mac, mac_size); if (!ok) { goto fail; } - ok = psasim_serialise_size_t(&pos, &remaining, *mac_length); + ok = psasim_serialise_size_t( + &pos, &remaining, + *mac_length); if (!ok) { goto fail; } @@ -4411,22 +5067,30 @@ psa_status_t psa_mac_sign_finish( goto fail; } - ok = psasim_deserialise_psa_status_t(&rpos, &rremain, &status); + ok = psasim_deserialise_psa_status_t( + &rpos, &rremain, + &status); if (!ok) { goto fail; } - ok = psasim_deserialise_psa_mac_operation_t(&rpos, &rremain, operation); + ok = psasim_deserialise_psa_mac_operation_t( + &rpos, &rremain, + operation); if (!ok) { goto fail; } - ok = psasim_deserialise_return_buffer(&rpos, &rremain, mac, mac_size); + ok = psasim_deserialise_return_buffer( + &rpos, &rremain, + mac, mac_size); if (!ok) { goto fail; } - ok = psasim_deserialise_size_t(&rpos, &rremain, mac_length); + ok = psasim_deserialise_size_t( + &rpos, &rremain, + mac_length); if (!ok) { goto fail; } @@ -4450,10 +5114,11 @@ psa_status_t psa_mac_sign_setup( size_t result_length; psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - size_t needed = psasim_serialise_begin_needs() + - psasim_serialise_psa_mac_operation_t_needs(*operation) + - psasim_serialise_mbedtls_svc_key_id_t_needs(key) + - psasim_serialise_psa_algorithm_t_needs(alg); + size_t needed = + psasim_serialise_begin_needs() + + psasim_serialise_psa_mac_operation_t_needs(*operation) + + psasim_serialise_mbedtls_svc_key_id_t_needs(key) + + psasim_serialise_psa_algorithm_t_needs(alg); ser_params = malloc(needed); if (ser_params == NULL) { @@ -4468,15 +5133,21 @@ psa_status_t psa_mac_sign_setup( if (!ok) { goto fail; } - ok = psasim_serialise_psa_mac_operation_t(&pos, &remaining, *operation); + ok = psasim_serialise_psa_mac_operation_t( + &pos, &remaining, + *operation); if (!ok) { goto fail; } - ok = psasim_serialise_mbedtls_svc_key_id_t(&pos, &remaining, key); + ok = psasim_serialise_mbedtls_svc_key_id_t( + &pos, &remaining, + key); if (!ok) { goto fail; } - ok = psasim_serialise_psa_algorithm_t(&pos, &remaining, alg); + ok = psasim_serialise_psa_algorithm_t( + &pos, &remaining, + alg); if (!ok) { goto fail; } @@ -4496,12 +5167,16 @@ psa_status_t psa_mac_sign_setup( goto fail; } - ok = psasim_deserialise_psa_status_t(&rpos, &rremain, &status); + ok = psasim_deserialise_psa_status_t( + &rpos, &rremain, + &status); if (!ok) { goto fail; } - ok = psasim_deserialise_psa_mac_operation_t(&rpos, &rremain, operation); + ok = psasim_deserialise_psa_mac_operation_t( + &rpos, &rremain, + operation); if (!ok) { goto fail; } @@ -4524,9 +5199,10 @@ psa_status_t psa_mac_update( size_t result_length; psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - size_t needed = psasim_serialise_begin_needs() + - psasim_serialise_psa_mac_operation_t_needs(*operation) + - psasim_serialise_buffer_needs(input, input_length); + size_t needed = + psasim_serialise_begin_needs() + + psasim_serialise_psa_mac_operation_t_needs(*operation) + + psasim_serialise_buffer_needs(input, input_length); ser_params = malloc(needed); if (ser_params == NULL) { @@ -4541,11 +5217,15 @@ psa_status_t psa_mac_update( if (!ok) { goto fail; } - ok = psasim_serialise_psa_mac_operation_t(&pos, &remaining, *operation); + ok = psasim_serialise_psa_mac_operation_t( + &pos, &remaining, + *operation); if (!ok) { goto fail; } - ok = psasim_serialise_buffer(&pos, &remaining, input, input_length); + ok = psasim_serialise_buffer( + &pos, &remaining, + input, input_length); if (!ok) { goto fail; } @@ -4565,12 +5245,16 @@ psa_status_t psa_mac_update( goto fail; } - ok = psasim_deserialise_psa_status_t(&rpos, &rremain, &status); + ok = psasim_deserialise_psa_status_t( + &rpos, &rremain, + &status); if (!ok) { goto fail; } - ok = psasim_deserialise_psa_mac_operation_t(&rpos, &rremain, operation); + ok = psasim_deserialise_psa_mac_operation_t( + &rpos, &rremain, + operation); if (!ok) { goto fail; } @@ -4595,11 +5279,12 @@ psa_status_t psa_mac_verify( size_t result_length; psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - size_t needed = psasim_serialise_begin_needs() + - psasim_serialise_mbedtls_svc_key_id_t_needs(key) + - psasim_serialise_psa_algorithm_t_needs(alg) + - psasim_serialise_buffer_needs(input, input_length) + - psasim_serialise_buffer_needs(mac, mac_length); + size_t needed = + psasim_serialise_begin_needs() + + psasim_serialise_mbedtls_svc_key_id_t_needs(key) + + psasim_serialise_psa_algorithm_t_needs(alg) + + psasim_serialise_buffer_needs(input, input_length) + + psasim_serialise_buffer_needs(mac, mac_length); ser_params = malloc(needed); if (ser_params == NULL) { @@ -4614,19 +5299,27 @@ psa_status_t psa_mac_verify( if (!ok) { goto fail; } - ok = psasim_serialise_mbedtls_svc_key_id_t(&pos, &remaining, key); + ok = psasim_serialise_mbedtls_svc_key_id_t( + &pos, &remaining, + key); if (!ok) { goto fail; } - ok = psasim_serialise_psa_algorithm_t(&pos, &remaining, alg); + ok = psasim_serialise_psa_algorithm_t( + &pos, &remaining, + alg); if (!ok) { goto fail; } - ok = psasim_serialise_buffer(&pos, &remaining, input, input_length); + ok = psasim_serialise_buffer( + &pos, &remaining, + input, input_length); if (!ok) { goto fail; } - ok = psasim_serialise_buffer(&pos, &remaining, mac, mac_length); + ok = psasim_serialise_buffer( + &pos, &remaining, + mac, mac_length); if (!ok) { goto fail; } @@ -4646,7 +5339,9 @@ psa_status_t psa_mac_verify( goto fail; } - ok = psasim_deserialise_psa_status_t(&rpos, &rremain, &status); + ok = psasim_deserialise_psa_status_t( + &rpos, &rremain, + &status); if (!ok) { goto fail; } @@ -4669,9 +5364,10 @@ psa_status_t psa_mac_verify_finish( size_t result_length; psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - size_t needed = psasim_serialise_begin_needs() + - psasim_serialise_psa_mac_operation_t_needs(*operation) + - psasim_serialise_buffer_needs(mac, mac_length); + size_t needed = + psasim_serialise_begin_needs() + + psasim_serialise_psa_mac_operation_t_needs(*operation) + + psasim_serialise_buffer_needs(mac, mac_length); ser_params = malloc(needed); if (ser_params == NULL) { @@ -4686,11 +5382,15 @@ psa_status_t psa_mac_verify_finish( if (!ok) { goto fail; } - ok = psasim_serialise_psa_mac_operation_t(&pos, &remaining, *operation); + ok = psasim_serialise_psa_mac_operation_t( + &pos, &remaining, + *operation); if (!ok) { goto fail; } - ok = psasim_serialise_buffer(&pos, &remaining, mac, mac_length); + ok = psasim_serialise_buffer( + &pos, &remaining, + mac, mac_length); if (!ok) { goto fail; } @@ -4710,12 +5410,16 @@ psa_status_t psa_mac_verify_finish( goto fail; } - ok = psasim_deserialise_psa_status_t(&rpos, &rremain, &status); + ok = psasim_deserialise_psa_status_t( + &rpos, &rremain, + &status); if (!ok) { goto fail; } - ok = psasim_deserialise_psa_mac_operation_t(&rpos, &rremain, operation); + ok = psasim_deserialise_psa_mac_operation_t( + &rpos, &rremain, + operation); if (!ok) { goto fail; } @@ -4739,10 +5443,11 @@ psa_status_t psa_mac_verify_setup( size_t result_length; psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - size_t needed = psasim_serialise_begin_needs() + - psasim_serialise_psa_mac_operation_t_needs(*operation) + - psasim_serialise_mbedtls_svc_key_id_t_needs(key) + - psasim_serialise_psa_algorithm_t_needs(alg); + size_t needed = + psasim_serialise_begin_needs() + + psasim_serialise_psa_mac_operation_t_needs(*operation) + + psasim_serialise_mbedtls_svc_key_id_t_needs(key) + + psasim_serialise_psa_algorithm_t_needs(alg); ser_params = malloc(needed); if (ser_params == NULL) { @@ -4757,15 +5462,21 @@ psa_status_t psa_mac_verify_setup( if (!ok) { goto fail; } - ok = psasim_serialise_psa_mac_operation_t(&pos, &remaining, *operation); + ok = psasim_serialise_psa_mac_operation_t( + &pos, &remaining, + *operation); if (!ok) { goto fail; } - ok = psasim_serialise_mbedtls_svc_key_id_t(&pos, &remaining, key); + ok = psasim_serialise_mbedtls_svc_key_id_t( + &pos, &remaining, + key); if (!ok) { goto fail; } - ok = psasim_serialise_psa_algorithm_t(&pos, &remaining, alg); + ok = psasim_serialise_psa_algorithm_t( + &pos, &remaining, + alg); if (!ok) { goto fail; } @@ -4785,12 +5496,16 @@ psa_status_t psa_mac_verify_setup( goto fail; } - ok = psasim_deserialise_psa_status_t(&rpos, &rremain, &status); + ok = psasim_deserialise_psa_status_t( + &rpos, &rremain, + &status); if (!ok) { goto fail; } - ok = psasim_deserialise_psa_mac_operation_t(&rpos, &rremain, operation); + ok = psasim_deserialise_psa_mac_operation_t( + &rpos, &rremain, + operation); if (!ok) { goto fail; } @@ -4812,8 +5527,9 @@ psa_status_t psa_purge_key( size_t result_length; psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - size_t needed = psasim_serialise_begin_needs() + - psasim_serialise_mbedtls_svc_key_id_t_needs(key); + size_t needed = + psasim_serialise_begin_needs() + + psasim_serialise_mbedtls_svc_key_id_t_needs(key); ser_params = malloc(needed); if (ser_params == NULL) { @@ -4828,7 +5544,9 @@ psa_status_t psa_purge_key( if (!ok) { goto fail; } - ok = psasim_serialise_mbedtls_svc_key_id_t(&pos, &remaining, key); + ok = psasim_serialise_mbedtls_svc_key_id_t( + &pos, &remaining, + key); if (!ok) { goto fail; } @@ -4848,7 +5566,9 @@ psa_status_t psa_purge_key( goto fail; } - ok = psasim_deserialise_psa_status_t(&rpos, &rremain, &status); + ok = psasim_deserialise_psa_status_t( + &rpos, &rremain, + &status); if (!ok) { goto fail; } @@ -4874,12 +5594,13 @@ psa_status_t psa_raw_key_agreement( size_t result_length; psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - size_t needed = psasim_serialise_begin_needs() + - psasim_serialise_psa_algorithm_t_needs(alg) + - psasim_serialise_mbedtls_svc_key_id_t_needs(private_key) + - psasim_serialise_buffer_needs(peer_key, peer_key_length) + - psasim_serialise_buffer_needs(output, output_size) + - psasim_serialise_size_t_needs(*output_length); + size_t needed = + psasim_serialise_begin_needs() + + psasim_serialise_psa_algorithm_t_needs(alg) + + psasim_serialise_mbedtls_svc_key_id_t_needs(private_key) + + psasim_serialise_buffer_needs(peer_key, peer_key_length) + + psasim_serialise_buffer_needs(output, output_size) + + psasim_serialise_size_t_needs(*output_length); ser_params = malloc(needed); if (ser_params == NULL) { @@ -4894,23 +5615,33 @@ psa_status_t psa_raw_key_agreement( if (!ok) { goto fail; } - ok = psasim_serialise_psa_algorithm_t(&pos, &remaining, alg); + ok = psasim_serialise_psa_algorithm_t( + &pos, &remaining, + alg); if (!ok) { goto fail; } - ok = psasim_serialise_mbedtls_svc_key_id_t(&pos, &remaining, private_key); + ok = psasim_serialise_mbedtls_svc_key_id_t( + &pos, &remaining, + private_key); if (!ok) { goto fail; } - ok = psasim_serialise_buffer(&pos, &remaining, peer_key, peer_key_length); + ok = psasim_serialise_buffer( + &pos, &remaining, + peer_key, peer_key_length); if (!ok) { goto fail; } - ok = psasim_serialise_buffer(&pos, &remaining, output, output_size); + ok = psasim_serialise_buffer( + &pos, &remaining, + output, output_size); if (!ok) { goto fail; } - ok = psasim_serialise_size_t(&pos, &remaining, *output_length); + ok = psasim_serialise_size_t( + &pos, &remaining, + *output_length); if (!ok) { goto fail; } @@ -4930,17 +5661,23 @@ psa_status_t psa_raw_key_agreement( goto fail; } - ok = psasim_deserialise_psa_status_t(&rpos, &rremain, &status); + ok = psasim_deserialise_psa_status_t( + &rpos, &rremain, + &status); if (!ok) { goto fail; } - ok = psasim_deserialise_return_buffer(&rpos, &rremain, output, output_size); + ok = psasim_deserialise_return_buffer( + &rpos, &rremain, + output, output_size); if (!ok) { goto fail; } - ok = psasim_deserialise_size_t(&rpos, &rremain, output_length); + ok = psasim_deserialise_size_t( + &rpos, &rremain, + output_length); if (!ok) { goto fail; } @@ -4961,8 +5698,9 @@ void psa_reset_key_attributes( uint8_t *ser_result = NULL; size_t result_length; - size_t needed = psasim_serialise_begin_needs() + - psasim_serialise_psa_key_attributes_t_needs(*attributes); + size_t needed = + psasim_serialise_begin_needs() + + psasim_serialise_psa_key_attributes_t_needs(*attributes); ser_params = malloc(needed); if (ser_params == NULL) { @@ -4976,7 +5714,9 @@ void psa_reset_key_attributes( if (!ok) { goto fail; } - ok = psasim_serialise_psa_key_attributes_t(&pos, &remaining, *attributes); + ok = psasim_serialise_psa_key_attributes_t( + &pos, &remaining, + *attributes); if (!ok) { goto fail; } @@ -4996,7 +5736,9 @@ void psa_reset_key_attributes( goto fail; } - ok = psasim_deserialise_psa_key_attributes_t(&rpos, &rremain, attributes); + ok = psasim_deserialise_psa_key_attributes_t( + &rpos, &rremain, + attributes); if (!ok) { goto fail; } @@ -5020,12 +5762,13 @@ psa_status_t psa_sign_hash( size_t result_length; psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - size_t needed = psasim_serialise_begin_needs() + - psasim_serialise_mbedtls_svc_key_id_t_needs(key) + - psasim_serialise_psa_algorithm_t_needs(alg) + - psasim_serialise_buffer_needs(hash, hash_length) + - psasim_serialise_buffer_needs(signature, signature_size) + - psasim_serialise_size_t_needs(*signature_length); + size_t needed = + psasim_serialise_begin_needs() + + psasim_serialise_mbedtls_svc_key_id_t_needs(key) + + psasim_serialise_psa_algorithm_t_needs(alg) + + psasim_serialise_buffer_needs(hash, hash_length) + + psasim_serialise_buffer_needs(signature, signature_size) + + psasim_serialise_size_t_needs(*signature_length); ser_params = malloc(needed); if (ser_params == NULL) { @@ -5040,23 +5783,33 @@ psa_status_t psa_sign_hash( if (!ok) { goto fail; } - ok = psasim_serialise_mbedtls_svc_key_id_t(&pos, &remaining, key); + ok = psasim_serialise_mbedtls_svc_key_id_t( + &pos, &remaining, + key); if (!ok) { goto fail; } - ok = psasim_serialise_psa_algorithm_t(&pos, &remaining, alg); + ok = psasim_serialise_psa_algorithm_t( + &pos, &remaining, + alg); if (!ok) { goto fail; } - ok = psasim_serialise_buffer(&pos, &remaining, hash, hash_length); + ok = psasim_serialise_buffer( + &pos, &remaining, + hash, hash_length); if (!ok) { goto fail; } - ok = psasim_serialise_buffer(&pos, &remaining, signature, signature_size); + ok = psasim_serialise_buffer( + &pos, &remaining, + signature, signature_size); if (!ok) { goto fail; } - ok = psasim_serialise_size_t(&pos, &remaining, *signature_length); + ok = psasim_serialise_size_t( + &pos, &remaining, + *signature_length); if (!ok) { goto fail; } @@ -5076,17 +5829,23 @@ psa_status_t psa_sign_hash( goto fail; } - ok = psasim_deserialise_psa_status_t(&rpos, &rremain, &status); + ok = psasim_deserialise_psa_status_t( + &rpos, &rremain, + &status); if (!ok) { goto fail; } - ok = psasim_deserialise_return_buffer(&rpos, &rremain, signature, signature_size); + ok = psasim_deserialise_return_buffer( + &rpos, &rremain, + signature, signature_size); if (!ok) { goto fail; } - ok = psasim_deserialise_size_t(&rpos, &rremain, signature_length); + ok = psasim_deserialise_size_t( + &rpos, &rremain, + signature_length); if (!ok) { goto fail; } @@ -5108,8 +5867,9 @@ psa_status_t psa_sign_hash_abort( size_t result_length; psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - size_t needed = psasim_serialise_begin_needs() + - psasim_serialise_psa_sign_hash_interruptible_operation_t_needs(*operation); + size_t needed = + psasim_serialise_begin_needs() + + psasim_serialise_psa_sign_hash_interruptible_operation_t_needs(*operation); ser_params = malloc(needed); if (ser_params == NULL) { @@ -5124,7 +5884,9 @@ psa_status_t psa_sign_hash_abort( if (!ok) { goto fail; } - ok = psasim_serialise_psa_sign_hash_interruptible_operation_t(&pos, &remaining, *operation); + ok = psasim_serialise_psa_sign_hash_interruptible_operation_t( + &pos, &remaining, + *operation); if (!ok) { goto fail; } @@ -5144,12 +5906,16 @@ psa_status_t psa_sign_hash_abort( goto fail; } - ok = psasim_deserialise_psa_status_t(&rpos, &rremain, &status); + ok = psasim_deserialise_psa_status_t( + &rpos, &rremain, + &status); if (!ok) { goto fail; } - ok = psasim_deserialise_psa_sign_hash_interruptible_operation_t(&rpos, &rremain, operation); + ok = psasim_deserialise_psa_sign_hash_interruptible_operation_t( + &rpos, &rremain, + operation); if (!ok) { goto fail; } @@ -5173,10 +5939,11 @@ psa_status_t psa_sign_hash_complete( size_t result_length; psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - size_t needed = psasim_serialise_begin_needs() + - psasim_serialise_psa_sign_hash_interruptible_operation_t_needs(*operation) + - psasim_serialise_buffer_needs(signature, signature_size) + - psasim_serialise_size_t_needs(*signature_length); + size_t needed = + psasim_serialise_begin_needs() + + psasim_serialise_psa_sign_hash_interruptible_operation_t_needs(*operation) + + psasim_serialise_buffer_needs(signature, signature_size) + + psasim_serialise_size_t_needs(*signature_length); ser_params = malloc(needed); if (ser_params == NULL) { @@ -5191,15 +5958,21 @@ psa_status_t psa_sign_hash_complete( if (!ok) { goto fail; } - ok = psasim_serialise_psa_sign_hash_interruptible_operation_t(&pos, &remaining, *operation); + ok = psasim_serialise_psa_sign_hash_interruptible_operation_t( + &pos, &remaining, + *operation); if (!ok) { goto fail; } - ok = psasim_serialise_buffer(&pos, &remaining, signature, signature_size); + ok = psasim_serialise_buffer( + &pos, &remaining, + signature, signature_size); if (!ok) { goto fail; } - ok = psasim_serialise_size_t(&pos, &remaining, *signature_length); + ok = psasim_serialise_size_t( + &pos, &remaining, + *signature_length); if (!ok) { goto fail; } @@ -5219,22 +5992,30 @@ psa_status_t psa_sign_hash_complete( goto fail; } - ok = psasim_deserialise_psa_status_t(&rpos, &rremain, &status); + ok = psasim_deserialise_psa_status_t( + &rpos, &rremain, + &status); if (!ok) { goto fail; } - ok = psasim_deserialise_psa_sign_hash_interruptible_operation_t(&rpos, &rremain, operation); + ok = psasim_deserialise_psa_sign_hash_interruptible_operation_t( + &rpos, &rremain, + operation); if (!ok) { goto fail; } - ok = psasim_deserialise_return_buffer(&rpos, &rremain, signature, signature_size); + ok = psasim_deserialise_return_buffer( + &rpos, &rremain, + signature, signature_size); if (!ok) { goto fail; } - ok = psasim_deserialise_size_t(&rpos, &rremain, signature_length); + ok = psasim_deserialise_size_t( + &rpos, &rremain, + signature_length); if (!ok) { goto fail; } @@ -5256,8 +6037,9 @@ uint32_t psa_sign_hash_get_num_ops( size_t result_length; uint32_t value = 0; - size_t needed = psasim_serialise_begin_needs() + - psasim_serialise_psa_sign_hash_interruptible_operation_t_needs(*operation); + size_t needed = + psasim_serialise_begin_needs() + + psasim_serialise_psa_sign_hash_interruptible_operation_t_needs(*operation); ser_params = malloc(needed); if (ser_params == NULL) { @@ -5272,7 +6054,9 @@ uint32_t psa_sign_hash_get_num_ops( if (!ok) { goto fail; } - ok = psasim_serialise_psa_sign_hash_interruptible_operation_t(&pos, &remaining, *operation); + ok = psasim_serialise_psa_sign_hash_interruptible_operation_t( + &pos, &remaining, + *operation); if (!ok) { goto fail; } @@ -5292,7 +6076,9 @@ uint32_t psa_sign_hash_get_num_ops( goto fail; } - ok = psasim_deserialise_uint32_t(&rpos, &rremain, &value); + ok = psasim_deserialise_uint32_t( + &rpos, &rremain, + &value); if (!ok) { goto fail; } @@ -5317,11 +6103,12 @@ psa_status_t psa_sign_hash_start( size_t result_length; psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - size_t needed = psasim_serialise_begin_needs() + - psasim_serialise_psa_sign_hash_interruptible_operation_t_needs(*operation) + - psasim_serialise_mbedtls_svc_key_id_t_needs(key) + - psasim_serialise_psa_algorithm_t_needs(alg) + - psasim_serialise_buffer_needs(hash, hash_length); + size_t needed = + psasim_serialise_begin_needs() + + psasim_serialise_psa_sign_hash_interruptible_operation_t_needs(*operation) + + psasim_serialise_mbedtls_svc_key_id_t_needs(key) + + psasim_serialise_psa_algorithm_t_needs(alg) + + psasim_serialise_buffer_needs(hash, hash_length); ser_params = malloc(needed); if (ser_params == NULL) { @@ -5336,19 +6123,27 @@ psa_status_t psa_sign_hash_start( if (!ok) { goto fail; } - ok = psasim_serialise_psa_sign_hash_interruptible_operation_t(&pos, &remaining, *operation); + ok = psasim_serialise_psa_sign_hash_interruptible_operation_t( + &pos, &remaining, + *operation); if (!ok) { goto fail; } - ok = psasim_serialise_mbedtls_svc_key_id_t(&pos, &remaining, key); + ok = psasim_serialise_mbedtls_svc_key_id_t( + &pos, &remaining, + key); if (!ok) { goto fail; } - ok = psasim_serialise_psa_algorithm_t(&pos, &remaining, alg); + ok = psasim_serialise_psa_algorithm_t( + &pos, &remaining, + alg); if (!ok) { goto fail; } - ok = psasim_serialise_buffer(&pos, &remaining, hash, hash_length); + ok = psasim_serialise_buffer( + &pos, &remaining, + hash, hash_length); if (!ok) { goto fail; } @@ -5368,12 +6163,16 @@ psa_status_t psa_sign_hash_start( goto fail; } - ok = psasim_deserialise_psa_status_t(&rpos, &rremain, &status); + ok = psasim_deserialise_psa_status_t( + &rpos, &rremain, + &status); if (!ok) { goto fail; } - ok = psasim_deserialise_psa_sign_hash_interruptible_operation_t(&rpos, &rremain, operation); + ok = psasim_deserialise_psa_sign_hash_interruptible_operation_t( + &rpos, &rremain, + operation); if (!ok) { goto fail; } @@ -5399,12 +6198,13 @@ psa_status_t psa_sign_message( size_t result_length; psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - size_t needed = psasim_serialise_begin_needs() + - psasim_serialise_mbedtls_svc_key_id_t_needs(key) + - psasim_serialise_psa_algorithm_t_needs(alg) + - psasim_serialise_buffer_needs(input, input_length) + - psasim_serialise_buffer_needs(signature, signature_size) + - psasim_serialise_size_t_needs(*signature_length); + size_t needed = + psasim_serialise_begin_needs() + + psasim_serialise_mbedtls_svc_key_id_t_needs(key) + + psasim_serialise_psa_algorithm_t_needs(alg) + + psasim_serialise_buffer_needs(input, input_length) + + psasim_serialise_buffer_needs(signature, signature_size) + + psasim_serialise_size_t_needs(*signature_length); ser_params = malloc(needed); if (ser_params == NULL) { @@ -5419,23 +6219,33 @@ psa_status_t psa_sign_message( if (!ok) { goto fail; } - ok = psasim_serialise_mbedtls_svc_key_id_t(&pos, &remaining, key); + ok = psasim_serialise_mbedtls_svc_key_id_t( + &pos, &remaining, + key); if (!ok) { goto fail; } - ok = psasim_serialise_psa_algorithm_t(&pos, &remaining, alg); + ok = psasim_serialise_psa_algorithm_t( + &pos, &remaining, + alg); if (!ok) { goto fail; } - ok = psasim_serialise_buffer(&pos, &remaining, input, input_length); + ok = psasim_serialise_buffer( + &pos, &remaining, + input, input_length); if (!ok) { goto fail; } - ok = psasim_serialise_buffer(&pos, &remaining, signature, signature_size); + ok = psasim_serialise_buffer( + &pos, &remaining, + signature, signature_size); if (!ok) { goto fail; } - ok = psasim_serialise_size_t(&pos, &remaining, *signature_length); + ok = psasim_serialise_size_t( + &pos, &remaining, + *signature_length); if (!ok) { goto fail; } @@ -5455,17 +6265,23 @@ psa_status_t psa_sign_message( goto fail; } - ok = psasim_deserialise_psa_status_t(&rpos, &rremain, &status); + ok = psasim_deserialise_psa_status_t( + &rpos, &rremain, + &status); if (!ok) { goto fail; } - ok = psasim_deserialise_return_buffer(&rpos, &rremain, signature, signature_size); + ok = psasim_deserialise_return_buffer( + &rpos, &rremain, + signature, signature_size); if (!ok) { goto fail; } - ok = psasim_deserialise_size_t(&rpos, &rremain, signature_length); + ok = psasim_deserialise_size_t( + &rpos, &rremain, + signature_length); if (!ok) { goto fail; } @@ -5490,11 +6306,12 @@ psa_status_t psa_verify_hash( size_t result_length; psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - size_t needed = psasim_serialise_begin_needs() + - psasim_serialise_mbedtls_svc_key_id_t_needs(key) + - psasim_serialise_psa_algorithm_t_needs(alg) + - psasim_serialise_buffer_needs(hash, hash_length) + - psasim_serialise_buffer_needs(signature, signature_length); + size_t needed = + psasim_serialise_begin_needs() + + psasim_serialise_mbedtls_svc_key_id_t_needs(key) + + psasim_serialise_psa_algorithm_t_needs(alg) + + psasim_serialise_buffer_needs(hash, hash_length) + + psasim_serialise_buffer_needs(signature, signature_length); ser_params = malloc(needed); if (ser_params == NULL) { @@ -5509,19 +6326,27 @@ psa_status_t psa_verify_hash( if (!ok) { goto fail; } - ok = psasim_serialise_mbedtls_svc_key_id_t(&pos, &remaining, key); + ok = psasim_serialise_mbedtls_svc_key_id_t( + &pos, &remaining, + key); if (!ok) { goto fail; } - ok = psasim_serialise_psa_algorithm_t(&pos, &remaining, alg); + ok = psasim_serialise_psa_algorithm_t( + &pos, &remaining, + alg); if (!ok) { goto fail; } - ok = psasim_serialise_buffer(&pos, &remaining, hash, hash_length); + ok = psasim_serialise_buffer( + &pos, &remaining, + hash, hash_length); if (!ok) { goto fail; } - ok = psasim_serialise_buffer(&pos, &remaining, signature, signature_length); + ok = psasim_serialise_buffer( + &pos, &remaining, + signature, signature_length); if (!ok) { goto fail; } @@ -5541,7 +6366,9 @@ psa_status_t psa_verify_hash( goto fail; } - ok = psasim_deserialise_psa_status_t(&rpos, &rremain, &status); + ok = psasim_deserialise_psa_status_t( + &rpos, &rremain, + &status); if (!ok) { goto fail; } @@ -5563,8 +6390,9 @@ psa_status_t psa_verify_hash_abort( size_t result_length; psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - size_t needed = psasim_serialise_begin_needs() + - psasim_serialise_psa_verify_hash_interruptible_operation_t_needs(*operation); + size_t needed = + psasim_serialise_begin_needs() + + psasim_serialise_psa_verify_hash_interruptible_operation_t_needs(*operation); ser_params = malloc(needed); if (ser_params == NULL) { @@ -5579,7 +6407,9 @@ psa_status_t psa_verify_hash_abort( if (!ok) { goto fail; } - ok = psasim_serialise_psa_verify_hash_interruptible_operation_t(&pos, &remaining, *operation); + ok = psasim_serialise_psa_verify_hash_interruptible_operation_t( + &pos, &remaining, + *operation); if (!ok) { goto fail; } @@ -5599,12 +6429,16 @@ psa_status_t psa_verify_hash_abort( goto fail; } - ok = psasim_deserialise_psa_status_t(&rpos, &rremain, &status); + ok = psasim_deserialise_psa_status_t( + &rpos, &rremain, + &status); if (!ok) { goto fail; } - ok = psasim_deserialise_psa_verify_hash_interruptible_operation_t(&rpos, &rremain, operation); + ok = psasim_deserialise_psa_verify_hash_interruptible_operation_t( + &rpos, &rremain, + operation); if (!ok) { goto fail; } @@ -5626,8 +6460,9 @@ psa_status_t psa_verify_hash_complete( size_t result_length; psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - size_t needed = psasim_serialise_begin_needs() + - psasim_serialise_psa_verify_hash_interruptible_operation_t_needs(*operation); + size_t needed = + psasim_serialise_begin_needs() + + psasim_serialise_psa_verify_hash_interruptible_operation_t_needs(*operation); ser_params = malloc(needed); if (ser_params == NULL) { @@ -5642,7 +6477,9 @@ psa_status_t psa_verify_hash_complete( if (!ok) { goto fail; } - ok = psasim_serialise_psa_verify_hash_interruptible_operation_t(&pos, &remaining, *operation); + ok = psasim_serialise_psa_verify_hash_interruptible_operation_t( + &pos, &remaining, + *operation); if (!ok) { goto fail; } @@ -5662,12 +6499,16 @@ psa_status_t psa_verify_hash_complete( goto fail; } - ok = psasim_deserialise_psa_status_t(&rpos, &rremain, &status); + ok = psasim_deserialise_psa_status_t( + &rpos, &rremain, + &status); if (!ok) { goto fail; } - ok = psasim_deserialise_psa_verify_hash_interruptible_operation_t(&rpos, &rremain, operation); + ok = psasim_deserialise_psa_verify_hash_interruptible_operation_t( + &rpos, &rremain, + operation); if (!ok) { goto fail; } @@ -5689,8 +6530,9 @@ uint32_t psa_verify_hash_get_num_ops( size_t result_length; uint32_t value = 0; - size_t needed = psasim_serialise_begin_needs() + - psasim_serialise_psa_verify_hash_interruptible_operation_t_needs(*operation); + size_t needed = + psasim_serialise_begin_needs() + + psasim_serialise_psa_verify_hash_interruptible_operation_t_needs(*operation); ser_params = malloc(needed); if (ser_params == NULL) { @@ -5705,7 +6547,9 @@ uint32_t psa_verify_hash_get_num_ops( if (!ok) { goto fail; } - ok = psasim_serialise_psa_verify_hash_interruptible_operation_t(&pos, &remaining, *operation); + ok = psasim_serialise_psa_verify_hash_interruptible_operation_t( + &pos, &remaining, + *operation); if (!ok) { goto fail; } @@ -5725,7 +6569,9 @@ uint32_t psa_verify_hash_get_num_ops( goto fail; } - ok = psasim_deserialise_uint32_t(&rpos, &rremain, &value); + ok = psasim_deserialise_uint32_t( + &rpos, &rremain, + &value); if (!ok) { goto fail; } @@ -5751,12 +6597,13 @@ psa_status_t psa_verify_hash_start( size_t result_length; psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - size_t needed = psasim_serialise_begin_needs() + - psasim_serialise_psa_verify_hash_interruptible_operation_t_needs(*operation) + - psasim_serialise_mbedtls_svc_key_id_t_needs(key) + - psasim_serialise_psa_algorithm_t_needs(alg) + - psasim_serialise_buffer_needs(hash, hash_length) + - psasim_serialise_buffer_needs(signature, signature_length); + size_t needed = + psasim_serialise_begin_needs() + + psasim_serialise_psa_verify_hash_interruptible_operation_t_needs(*operation) + + psasim_serialise_mbedtls_svc_key_id_t_needs(key) + + psasim_serialise_psa_algorithm_t_needs(alg) + + psasim_serialise_buffer_needs(hash, hash_length) + + psasim_serialise_buffer_needs(signature, signature_length); ser_params = malloc(needed); if (ser_params == NULL) { @@ -5771,23 +6618,33 @@ psa_status_t psa_verify_hash_start( if (!ok) { goto fail; } - ok = psasim_serialise_psa_verify_hash_interruptible_operation_t(&pos, &remaining, *operation); + ok = psasim_serialise_psa_verify_hash_interruptible_operation_t( + &pos, &remaining, + *operation); if (!ok) { goto fail; } - ok = psasim_serialise_mbedtls_svc_key_id_t(&pos, &remaining, key); + ok = psasim_serialise_mbedtls_svc_key_id_t( + &pos, &remaining, + key); if (!ok) { goto fail; } - ok = psasim_serialise_psa_algorithm_t(&pos, &remaining, alg); + ok = psasim_serialise_psa_algorithm_t( + &pos, &remaining, + alg); if (!ok) { goto fail; } - ok = psasim_serialise_buffer(&pos, &remaining, hash, hash_length); + ok = psasim_serialise_buffer( + &pos, &remaining, + hash, hash_length); if (!ok) { goto fail; } - ok = psasim_serialise_buffer(&pos, &remaining, signature, signature_length); + ok = psasim_serialise_buffer( + &pos, &remaining, + signature, signature_length); if (!ok) { goto fail; } @@ -5807,12 +6664,16 @@ psa_status_t psa_verify_hash_start( goto fail; } - ok = psasim_deserialise_psa_status_t(&rpos, &rremain, &status); + ok = psasim_deserialise_psa_status_t( + &rpos, &rremain, + &status); if (!ok) { goto fail; } - ok = psasim_deserialise_psa_verify_hash_interruptible_operation_t(&rpos, &rremain, operation); + ok = psasim_deserialise_psa_verify_hash_interruptible_operation_t( + &rpos, &rremain, + operation); if (!ok) { goto fail; } @@ -5837,11 +6698,12 @@ psa_status_t psa_verify_message( size_t result_length; psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - size_t needed = psasim_serialise_begin_needs() + - psasim_serialise_mbedtls_svc_key_id_t_needs(key) + - psasim_serialise_psa_algorithm_t_needs(alg) + - psasim_serialise_buffer_needs(input, input_length) + - psasim_serialise_buffer_needs(signature, signature_length); + size_t needed = + psasim_serialise_begin_needs() + + psasim_serialise_mbedtls_svc_key_id_t_needs(key) + + psasim_serialise_psa_algorithm_t_needs(alg) + + psasim_serialise_buffer_needs(input, input_length) + + psasim_serialise_buffer_needs(signature, signature_length); ser_params = malloc(needed); if (ser_params == NULL) { @@ -5856,19 +6718,27 @@ psa_status_t psa_verify_message( if (!ok) { goto fail; } - ok = psasim_serialise_mbedtls_svc_key_id_t(&pos, &remaining, key); + ok = psasim_serialise_mbedtls_svc_key_id_t( + &pos, &remaining, + key); if (!ok) { goto fail; } - ok = psasim_serialise_psa_algorithm_t(&pos, &remaining, alg); + ok = psasim_serialise_psa_algorithm_t( + &pos, &remaining, + alg); if (!ok) { goto fail; } - ok = psasim_serialise_buffer(&pos, &remaining, input, input_length); + ok = psasim_serialise_buffer( + &pos, &remaining, + input, input_length); if (!ok) { goto fail; } - ok = psasim_serialise_buffer(&pos, &remaining, signature, signature_length); + ok = psasim_serialise_buffer( + &pos, &remaining, + signature, signature_length); if (!ok) { goto fail; } @@ -5888,7 +6758,9 @@ psa_status_t psa_verify_message( goto fail; } - ok = psasim_deserialise_psa_status_t(&rpos, &rremain, &status); + ok = psasim_deserialise_psa_status_t( + &rpos, &rremain, + &status); if (!ok) { goto fail; } diff --git a/tests/psa-client-server/psasim/src/psa_sim_crypto_server.c b/tests/psa-client-server/psasim/src/psa_sim_crypto_server.c index 03e36c06e1..52597516cf 100644 --- a/tests/psa-client-server/psasim/src/psa_sim_crypto_server.c +++ b/tests/psa-client-server/psasim/src/psa_sim_crypto_server.c @@ -54,7 +54,9 @@ int psa_crypto_init_wrapper( goto fail; } - ok = psasim_serialise_psa_status_t(&rpos, &rremain, status); + ok = psasim_serialise_psa_status_t( + &rpos, &rremain, + status); if (!ok) { goto fail; } @@ -88,7 +90,9 @@ int psa_aead_abort_wrapper( goto fail; } - ok = psasim_server_deserialise_psa_aead_operation_t(&pos, &remaining, &operation); + ok = psasim_server_deserialise_psa_aead_operation_t( + &pos, &remaining, + &operation); if (!ok) { goto fail; } @@ -118,12 +122,16 @@ int psa_aead_abort_wrapper( goto fail; } - ok = psasim_serialise_psa_status_t(&rpos, &rremain, status); + ok = psasim_serialise_psa_status_t( + &rpos, &rremain, + status); if (!ok) { goto fail; } - ok = psasim_server_serialise_psa_aead_operation_t(&rpos, &rremain, operation); + ok = psasim_server_serialise_psa_aead_operation_t( + &rpos, &rremain, + operation); if (!ok) { goto fail; } @@ -167,37 +175,51 @@ int psa_aead_decrypt_wrapper( goto fail; } - ok = psasim_deserialise_mbedtls_svc_key_id_t(&pos, &remaining, &key); + ok = psasim_deserialise_mbedtls_svc_key_id_t( + &pos, &remaining, + &key); if (!ok) { goto fail; } - ok = psasim_deserialise_psa_algorithm_t(&pos, &remaining, &alg); + ok = psasim_deserialise_psa_algorithm_t( + &pos, &remaining, + &alg); if (!ok) { goto fail; } - ok = psasim_deserialise_buffer(&pos, &remaining, &nonce, &nonce_length); + ok = psasim_deserialise_buffer( + &pos, &remaining, + &nonce, &nonce_length); if (!ok) { goto fail; } - ok = psasim_deserialise_buffer(&pos, &remaining, &additional_data, &additional_data_length); + ok = psasim_deserialise_buffer( + &pos, &remaining, + &additional_data, &additional_data_length); if (!ok) { goto fail; } - ok = psasim_deserialise_buffer(&pos, &remaining, &ciphertext, &ciphertext_length); + ok = psasim_deserialise_buffer( + &pos, &remaining, + &ciphertext, &ciphertext_length); if (!ok) { goto fail; } - ok = psasim_deserialise_buffer(&pos, &remaining, &plaintext, &plaintext_size); + ok = psasim_deserialise_buffer( + &pos, &remaining, + &plaintext, &plaintext_size); if (!ok) { goto fail; } - ok = psasim_deserialise_size_t(&pos, &remaining, &plaintext_length); + ok = psasim_deserialise_size_t( + &pos, &remaining, + &plaintext_length); if (!ok) { goto fail; } @@ -234,17 +256,23 @@ int psa_aead_decrypt_wrapper( goto fail; } - ok = psasim_serialise_psa_status_t(&rpos, &rremain, status); + ok = psasim_serialise_psa_status_t( + &rpos, &rremain, + status); if (!ok) { goto fail; } - ok = psasim_serialise_buffer(&rpos, &rremain, plaintext, plaintext_size); + ok = psasim_serialise_buffer( + &rpos, &rremain, + plaintext, plaintext_size); if (!ok) { goto fail; } - ok = psasim_serialise_size_t(&rpos, &rremain, plaintext_length); + ok = psasim_serialise_size_t( + &rpos, &rremain, + plaintext_length); if (!ok) { goto fail; } @@ -290,17 +318,23 @@ int psa_aead_decrypt_setup_wrapper( goto fail; } - ok = psasim_server_deserialise_psa_aead_operation_t(&pos, &remaining, &operation); + ok = psasim_server_deserialise_psa_aead_operation_t( + &pos, &remaining, + &operation); if (!ok) { goto fail; } - ok = psasim_deserialise_mbedtls_svc_key_id_t(&pos, &remaining, &key); + ok = psasim_deserialise_mbedtls_svc_key_id_t( + &pos, &remaining, + &key); if (!ok) { goto fail; } - ok = psasim_deserialise_psa_algorithm_t(&pos, &remaining, &alg); + ok = psasim_deserialise_psa_algorithm_t( + &pos, &remaining, + &alg); if (!ok) { goto fail; } @@ -332,12 +366,16 @@ int psa_aead_decrypt_setup_wrapper( goto fail; } - ok = psasim_serialise_psa_status_t(&rpos, &rremain, status); + ok = psasim_serialise_psa_status_t( + &rpos, &rremain, + status); if (!ok) { goto fail; } - ok = psasim_server_serialise_psa_aead_operation_t(&rpos, &rremain, operation); + ok = psasim_server_serialise_psa_aead_operation_t( + &rpos, &rremain, + operation); if (!ok) { goto fail; } @@ -381,37 +419,51 @@ int psa_aead_encrypt_wrapper( goto fail; } - ok = psasim_deserialise_mbedtls_svc_key_id_t(&pos, &remaining, &key); + ok = psasim_deserialise_mbedtls_svc_key_id_t( + &pos, &remaining, + &key); if (!ok) { goto fail; } - ok = psasim_deserialise_psa_algorithm_t(&pos, &remaining, &alg); + ok = psasim_deserialise_psa_algorithm_t( + &pos, &remaining, + &alg); if (!ok) { goto fail; } - ok = psasim_deserialise_buffer(&pos, &remaining, &nonce, &nonce_length); + ok = psasim_deserialise_buffer( + &pos, &remaining, + &nonce, &nonce_length); if (!ok) { goto fail; } - ok = psasim_deserialise_buffer(&pos, &remaining, &additional_data, &additional_data_length); + ok = psasim_deserialise_buffer( + &pos, &remaining, + &additional_data, &additional_data_length); if (!ok) { goto fail; } - ok = psasim_deserialise_buffer(&pos, &remaining, &plaintext, &plaintext_length); + ok = psasim_deserialise_buffer( + &pos, &remaining, + &plaintext, &plaintext_length); if (!ok) { goto fail; } - ok = psasim_deserialise_buffer(&pos, &remaining, &ciphertext, &ciphertext_size); + ok = psasim_deserialise_buffer( + &pos, &remaining, + &ciphertext, &ciphertext_size); if (!ok) { goto fail; } - ok = psasim_deserialise_size_t(&pos, &remaining, &ciphertext_length); + ok = psasim_deserialise_size_t( + &pos, &remaining, + &ciphertext_length); if (!ok) { goto fail; } @@ -448,17 +500,23 @@ int psa_aead_encrypt_wrapper( goto fail; } - ok = psasim_serialise_psa_status_t(&rpos, &rremain, status); + ok = psasim_serialise_psa_status_t( + &rpos, &rremain, + status); if (!ok) { goto fail; } - ok = psasim_serialise_buffer(&rpos, &rremain, ciphertext, ciphertext_size); + ok = psasim_serialise_buffer( + &rpos, &rremain, + ciphertext, ciphertext_size); if (!ok) { goto fail; } - ok = psasim_serialise_size_t(&rpos, &rremain, ciphertext_length); + ok = psasim_serialise_size_t( + &rpos, &rremain, + ciphertext_length); if (!ok) { goto fail; } @@ -504,17 +562,23 @@ int psa_aead_encrypt_setup_wrapper( goto fail; } - ok = psasim_server_deserialise_psa_aead_operation_t(&pos, &remaining, &operation); + ok = psasim_server_deserialise_psa_aead_operation_t( + &pos, &remaining, + &operation); if (!ok) { goto fail; } - ok = psasim_deserialise_mbedtls_svc_key_id_t(&pos, &remaining, &key); + ok = psasim_deserialise_mbedtls_svc_key_id_t( + &pos, &remaining, + &key); if (!ok) { goto fail; } - ok = psasim_deserialise_psa_algorithm_t(&pos, &remaining, &alg); + ok = psasim_deserialise_psa_algorithm_t( + &pos, &remaining, + &alg); if (!ok) { goto fail; } @@ -546,12 +610,16 @@ int psa_aead_encrypt_setup_wrapper( goto fail; } - ok = psasim_serialise_psa_status_t(&rpos, &rremain, status); + ok = psasim_serialise_psa_status_t( + &rpos, &rremain, + status); if (!ok) { goto fail; } - ok = psasim_server_serialise_psa_aead_operation_t(&rpos, &rremain, operation); + ok = psasim_server_serialise_psa_aead_operation_t( + &rpos, &rremain, + operation); if (!ok) { goto fail; } @@ -591,27 +659,37 @@ int psa_aead_finish_wrapper( goto fail; } - ok = psasim_server_deserialise_psa_aead_operation_t(&pos, &remaining, &operation); + ok = psasim_server_deserialise_psa_aead_operation_t( + &pos, &remaining, + &operation); if (!ok) { goto fail; } - ok = psasim_deserialise_buffer(&pos, &remaining, &ciphertext, &ciphertext_size); + ok = psasim_deserialise_buffer( + &pos, &remaining, + &ciphertext, &ciphertext_size); if (!ok) { goto fail; } - ok = psasim_deserialise_size_t(&pos, &remaining, &ciphertext_length); + ok = psasim_deserialise_size_t( + &pos, &remaining, + &ciphertext_length); if (!ok) { goto fail; } - ok = psasim_deserialise_buffer(&pos, &remaining, &tag, &tag_size); + ok = psasim_deserialise_buffer( + &pos, &remaining, + &tag, &tag_size); if (!ok) { goto fail; } - ok = psasim_deserialise_size_t(&pos, &remaining, &tag_length); + ok = psasim_deserialise_size_t( + &pos, &remaining, + &tag_length); if (!ok) { goto fail; } @@ -649,32 +727,44 @@ int psa_aead_finish_wrapper( goto fail; } - ok = psasim_serialise_psa_status_t(&rpos, &rremain, status); + ok = psasim_serialise_psa_status_t( + &rpos, &rremain, + status); if (!ok) { goto fail; } - ok = psasim_server_serialise_psa_aead_operation_t(&rpos, &rremain, operation); + ok = psasim_server_serialise_psa_aead_operation_t( + &rpos, &rremain, + operation); if (!ok) { goto fail; } - ok = psasim_serialise_buffer(&rpos, &rremain, ciphertext, ciphertext_size); + ok = psasim_serialise_buffer( + &rpos, &rremain, + ciphertext, ciphertext_size); if (!ok) { goto fail; } - ok = psasim_serialise_size_t(&rpos, &rremain, ciphertext_length); + ok = psasim_serialise_size_t( + &rpos, &rremain, + ciphertext_length); if (!ok) { goto fail; } - ok = psasim_serialise_buffer(&rpos, &rremain, tag, tag_size); + ok = psasim_serialise_buffer( + &rpos, &rremain, + tag, tag_size); if (!ok) { goto fail; } - ok = psasim_serialise_size_t(&rpos, &rremain, tag_length); + ok = psasim_serialise_size_t( + &rpos, &rremain, + tag_length); if (!ok) { goto fail; } @@ -717,17 +807,23 @@ int psa_aead_generate_nonce_wrapper( goto fail; } - ok = psasim_server_deserialise_psa_aead_operation_t(&pos, &remaining, &operation); + ok = psasim_server_deserialise_psa_aead_operation_t( + &pos, &remaining, + &operation); if (!ok) { goto fail; } - ok = psasim_deserialise_buffer(&pos, &remaining, &nonce, &nonce_size); + ok = psasim_deserialise_buffer( + &pos, &remaining, + &nonce, &nonce_size); if (!ok) { goto fail; } - ok = psasim_deserialise_size_t(&pos, &remaining, &nonce_length); + ok = psasim_deserialise_size_t( + &pos, &remaining, + &nonce_length); if (!ok) { goto fail; } @@ -761,22 +857,30 @@ int psa_aead_generate_nonce_wrapper( goto fail; } - ok = psasim_serialise_psa_status_t(&rpos, &rremain, status); + ok = psasim_serialise_psa_status_t( + &rpos, &rremain, + status); if (!ok) { goto fail; } - ok = psasim_server_serialise_psa_aead_operation_t(&rpos, &rremain, operation); + ok = psasim_server_serialise_psa_aead_operation_t( + &rpos, &rremain, + operation); if (!ok) { goto fail; } - ok = psasim_serialise_buffer(&rpos, &rremain, nonce, nonce_size); + ok = psasim_serialise_buffer( + &rpos, &rremain, + nonce, nonce_size); if (!ok) { goto fail; } - ok = psasim_serialise_size_t(&rpos, &rremain, nonce_length); + ok = psasim_serialise_size_t( + &rpos, &rremain, + nonce_length); if (!ok) { goto fail; } @@ -816,17 +920,23 @@ int psa_aead_set_lengths_wrapper( goto fail; } - ok = psasim_server_deserialise_psa_aead_operation_t(&pos, &remaining, &operation); + ok = psasim_server_deserialise_psa_aead_operation_t( + &pos, &remaining, + &operation); if (!ok) { goto fail; } - ok = psasim_deserialise_size_t(&pos, &remaining, &ad_length); + ok = psasim_deserialise_size_t( + &pos, &remaining, + &ad_length); if (!ok) { goto fail; } - ok = psasim_deserialise_size_t(&pos, &remaining, &plaintext_length); + ok = psasim_deserialise_size_t( + &pos, &remaining, + &plaintext_length); if (!ok) { goto fail; } @@ -858,12 +968,16 @@ int psa_aead_set_lengths_wrapper( goto fail; } - ok = psasim_serialise_psa_status_t(&rpos, &rremain, status); + ok = psasim_serialise_psa_status_t( + &rpos, &rremain, + status); if (!ok) { goto fail; } - ok = psasim_server_serialise_psa_aead_operation_t(&rpos, &rremain, operation); + ok = psasim_server_serialise_psa_aead_operation_t( + &rpos, &rremain, + operation); if (!ok) { goto fail; } @@ -899,12 +1013,16 @@ int psa_aead_set_nonce_wrapper( goto fail; } - ok = psasim_server_deserialise_psa_aead_operation_t(&pos, &remaining, &operation); + ok = psasim_server_deserialise_psa_aead_operation_t( + &pos, &remaining, + &operation); if (!ok) { goto fail; } - ok = psasim_deserialise_buffer(&pos, &remaining, &nonce, &nonce_length); + ok = psasim_deserialise_buffer( + &pos, &remaining, + &nonce, &nonce_length); if (!ok) { goto fail; } @@ -935,12 +1053,16 @@ int psa_aead_set_nonce_wrapper( goto fail; } - ok = psasim_serialise_psa_status_t(&rpos, &rremain, status); + ok = psasim_serialise_psa_status_t( + &rpos, &rremain, + status); if (!ok) { goto fail; } - ok = psasim_server_serialise_psa_aead_operation_t(&rpos, &rremain, operation); + ok = psasim_server_serialise_psa_aead_operation_t( + &rpos, &rremain, + operation); if (!ok) { goto fail; } @@ -983,22 +1105,30 @@ int psa_aead_update_wrapper( goto fail; } - ok = psasim_server_deserialise_psa_aead_operation_t(&pos, &remaining, &operation); + ok = psasim_server_deserialise_psa_aead_operation_t( + &pos, &remaining, + &operation); if (!ok) { goto fail; } - ok = psasim_deserialise_buffer(&pos, &remaining, &input, &input_length); + ok = psasim_deserialise_buffer( + &pos, &remaining, + &input, &input_length); if (!ok) { goto fail; } - ok = psasim_deserialise_buffer(&pos, &remaining, &output, &output_size); + ok = psasim_deserialise_buffer( + &pos, &remaining, + &output, &output_size); if (!ok) { goto fail; } - ok = psasim_deserialise_size_t(&pos, &remaining, &output_length); + ok = psasim_deserialise_size_t( + &pos, &remaining, + &output_length); if (!ok) { goto fail; } @@ -1033,22 +1163,30 @@ int psa_aead_update_wrapper( goto fail; } - ok = psasim_serialise_psa_status_t(&rpos, &rremain, status); + ok = psasim_serialise_psa_status_t( + &rpos, &rremain, + status); if (!ok) { goto fail; } - ok = psasim_server_serialise_psa_aead_operation_t(&rpos, &rremain, operation); + ok = psasim_server_serialise_psa_aead_operation_t( + &rpos, &rremain, + operation); if (!ok) { goto fail; } - ok = psasim_serialise_buffer(&rpos, &rremain, output, output_size); + ok = psasim_serialise_buffer( + &rpos, &rremain, + output, output_size); if (!ok) { goto fail; } - ok = psasim_serialise_size_t(&rpos, &rremain, output_length); + ok = psasim_serialise_size_t( + &rpos, &rremain, + output_length); if (!ok) { goto fail; } @@ -1090,12 +1228,16 @@ int psa_aead_update_ad_wrapper( goto fail; } - ok = psasim_server_deserialise_psa_aead_operation_t(&pos, &remaining, &operation); + ok = psasim_server_deserialise_psa_aead_operation_t( + &pos, &remaining, + &operation); if (!ok) { goto fail; } - ok = psasim_deserialise_buffer(&pos, &remaining, &input, &input_length); + ok = psasim_deserialise_buffer( + &pos, &remaining, + &input, &input_length); if (!ok) { goto fail; } @@ -1126,12 +1268,16 @@ int psa_aead_update_ad_wrapper( goto fail; } - ok = psasim_serialise_psa_status_t(&rpos, &rremain, status); + ok = psasim_serialise_psa_status_t( + &rpos, &rremain, + status); if (!ok) { goto fail; } - ok = psasim_server_serialise_psa_aead_operation_t(&rpos, &rremain, operation); + ok = psasim_server_serialise_psa_aead_operation_t( + &rpos, &rremain, + operation); if (!ok) { goto fail; } @@ -1174,22 +1320,30 @@ int psa_aead_verify_wrapper( goto fail; } - ok = psasim_server_deserialise_psa_aead_operation_t(&pos, &remaining, &operation); + ok = psasim_server_deserialise_psa_aead_operation_t( + &pos, &remaining, + &operation); if (!ok) { goto fail; } - ok = psasim_deserialise_buffer(&pos, &remaining, &plaintext, &plaintext_size); + ok = psasim_deserialise_buffer( + &pos, &remaining, + &plaintext, &plaintext_size); if (!ok) { goto fail; } - ok = psasim_deserialise_size_t(&pos, &remaining, &plaintext_length); + ok = psasim_deserialise_size_t( + &pos, &remaining, + &plaintext_length); if (!ok) { goto fail; } - ok = psasim_deserialise_buffer(&pos, &remaining, &tag, &tag_length); + ok = psasim_deserialise_buffer( + &pos, &remaining, + &tag, &tag_length); if (!ok) { goto fail; } @@ -1224,22 +1378,30 @@ int psa_aead_verify_wrapper( goto fail; } - ok = psasim_serialise_psa_status_t(&rpos, &rremain, status); + ok = psasim_serialise_psa_status_t( + &rpos, &rremain, + status); if (!ok) { goto fail; } - ok = psasim_server_serialise_psa_aead_operation_t(&rpos, &rremain, operation); + ok = psasim_server_serialise_psa_aead_operation_t( + &rpos, &rremain, + operation); if (!ok) { goto fail; } - ok = psasim_serialise_buffer(&rpos, &rremain, plaintext, plaintext_size); + ok = psasim_serialise_buffer( + &rpos, &rremain, + plaintext, plaintext_size); if (!ok) { goto fail; } - ok = psasim_serialise_size_t(&rpos, &rremain, plaintext_length); + ok = psasim_serialise_size_t( + &rpos, &rremain, + plaintext_length); if (!ok) { goto fail; } @@ -1287,32 +1449,44 @@ int psa_asymmetric_decrypt_wrapper( goto fail; } - ok = psasim_deserialise_mbedtls_svc_key_id_t(&pos, &remaining, &key); + ok = psasim_deserialise_mbedtls_svc_key_id_t( + &pos, &remaining, + &key); if (!ok) { goto fail; } - ok = psasim_deserialise_psa_algorithm_t(&pos, &remaining, &alg); + ok = psasim_deserialise_psa_algorithm_t( + &pos, &remaining, + &alg); if (!ok) { goto fail; } - ok = psasim_deserialise_buffer(&pos, &remaining, &input, &input_length); + ok = psasim_deserialise_buffer( + &pos, &remaining, + &input, &input_length); if (!ok) { goto fail; } - ok = psasim_deserialise_buffer(&pos, &remaining, &salt, &salt_length); + ok = psasim_deserialise_buffer( + &pos, &remaining, + &salt, &salt_length); if (!ok) { goto fail; } - ok = psasim_deserialise_buffer(&pos, &remaining, &output, &output_size); + ok = psasim_deserialise_buffer( + &pos, &remaining, + &output, &output_size); if (!ok) { goto fail; } - ok = psasim_deserialise_size_t(&pos, &remaining, &output_length); + ok = psasim_deserialise_size_t( + &pos, &remaining, + &output_length); if (!ok) { goto fail; } @@ -1348,17 +1522,23 @@ int psa_asymmetric_decrypt_wrapper( goto fail; } - ok = psasim_serialise_psa_status_t(&rpos, &rremain, status); + ok = psasim_serialise_psa_status_t( + &rpos, &rremain, + status); if (!ok) { goto fail; } - ok = psasim_serialise_buffer(&rpos, &rremain, output, output_size); + ok = psasim_serialise_buffer( + &rpos, &rremain, + output, output_size); if (!ok) { goto fail; } - ok = psasim_serialise_size_t(&rpos, &rremain, output_length); + ok = psasim_serialise_size_t( + &rpos, &rremain, + output_length); if (!ok) { goto fail; } @@ -1408,32 +1588,44 @@ int psa_asymmetric_encrypt_wrapper( goto fail; } - ok = psasim_deserialise_mbedtls_svc_key_id_t(&pos, &remaining, &key); + ok = psasim_deserialise_mbedtls_svc_key_id_t( + &pos, &remaining, + &key); if (!ok) { goto fail; } - ok = psasim_deserialise_psa_algorithm_t(&pos, &remaining, &alg); + ok = psasim_deserialise_psa_algorithm_t( + &pos, &remaining, + &alg); if (!ok) { goto fail; } - ok = psasim_deserialise_buffer(&pos, &remaining, &input, &input_length); + ok = psasim_deserialise_buffer( + &pos, &remaining, + &input, &input_length); if (!ok) { goto fail; } - ok = psasim_deserialise_buffer(&pos, &remaining, &salt, &salt_length); + ok = psasim_deserialise_buffer( + &pos, &remaining, + &salt, &salt_length); if (!ok) { goto fail; } - ok = psasim_deserialise_buffer(&pos, &remaining, &output, &output_size); + ok = psasim_deserialise_buffer( + &pos, &remaining, + &output, &output_size); if (!ok) { goto fail; } - ok = psasim_deserialise_size_t(&pos, &remaining, &output_length); + ok = psasim_deserialise_size_t( + &pos, &remaining, + &output_length); if (!ok) { goto fail; } @@ -1469,17 +1661,23 @@ int psa_asymmetric_encrypt_wrapper( goto fail; } - ok = psasim_serialise_psa_status_t(&rpos, &rremain, status); + ok = psasim_serialise_psa_status_t( + &rpos, &rremain, + status); if (!ok) { goto fail; } - ok = psasim_serialise_buffer(&rpos, &rremain, output, output_size); + ok = psasim_serialise_buffer( + &rpos, &rremain, + output, output_size); if (!ok) { goto fail; } - ok = psasim_serialise_size_t(&rpos, &rremain, output_length); + ok = psasim_serialise_size_t( + &rpos, &rremain, + output_length); if (!ok) { goto fail; } @@ -1521,7 +1719,9 @@ int psa_cipher_abort_wrapper( goto fail; } - ok = psasim_server_deserialise_psa_cipher_operation_t(&pos, &remaining, &operation); + ok = psasim_server_deserialise_psa_cipher_operation_t( + &pos, &remaining, + &operation); if (!ok) { goto fail; } @@ -1551,12 +1751,16 @@ int psa_cipher_abort_wrapper( goto fail; } - ok = psasim_serialise_psa_status_t(&rpos, &rremain, status); + ok = psasim_serialise_psa_status_t( + &rpos, &rremain, + status); if (!ok) { goto fail; } - ok = psasim_server_serialise_psa_cipher_operation_t(&rpos, &rremain, operation); + ok = psasim_server_serialise_psa_cipher_operation_t( + &rpos, &rremain, + operation); if (!ok) { goto fail; } @@ -1596,27 +1800,37 @@ int psa_cipher_decrypt_wrapper( goto fail; } - ok = psasim_deserialise_mbedtls_svc_key_id_t(&pos, &remaining, &key); + ok = psasim_deserialise_mbedtls_svc_key_id_t( + &pos, &remaining, + &key); if (!ok) { goto fail; } - ok = psasim_deserialise_psa_algorithm_t(&pos, &remaining, &alg); + ok = psasim_deserialise_psa_algorithm_t( + &pos, &remaining, + &alg); if (!ok) { goto fail; } - ok = psasim_deserialise_buffer(&pos, &remaining, &input, &input_length); + ok = psasim_deserialise_buffer( + &pos, &remaining, + &input, &input_length); if (!ok) { goto fail; } - ok = psasim_deserialise_buffer(&pos, &remaining, &output, &output_size); + ok = psasim_deserialise_buffer( + &pos, &remaining, + &output, &output_size); if (!ok) { goto fail; } - ok = psasim_deserialise_size_t(&pos, &remaining, &output_length); + ok = psasim_deserialise_size_t( + &pos, &remaining, + &output_length); if (!ok) { goto fail; } @@ -1651,17 +1865,23 @@ int psa_cipher_decrypt_wrapper( goto fail; } - ok = psasim_serialise_psa_status_t(&rpos, &rremain, status); + ok = psasim_serialise_psa_status_t( + &rpos, &rremain, + status); if (!ok) { goto fail; } - ok = psasim_serialise_buffer(&rpos, &rremain, output, output_size); + ok = psasim_serialise_buffer( + &rpos, &rremain, + output, output_size); if (!ok) { goto fail; } - ok = psasim_serialise_size_t(&rpos, &rremain, output_length); + ok = psasim_serialise_size_t( + &rpos, &rremain, + output_length); if (!ok) { goto fail; } @@ -1703,17 +1923,23 @@ int psa_cipher_decrypt_setup_wrapper( goto fail; } - ok = psasim_server_deserialise_psa_cipher_operation_t(&pos, &remaining, &operation); + ok = psasim_server_deserialise_psa_cipher_operation_t( + &pos, &remaining, + &operation); if (!ok) { goto fail; } - ok = psasim_deserialise_mbedtls_svc_key_id_t(&pos, &remaining, &key); + ok = psasim_deserialise_mbedtls_svc_key_id_t( + &pos, &remaining, + &key); if (!ok) { goto fail; } - ok = psasim_deserialise_psa_algorithm_t(&pos, &remaining, &alg); + ok = psasim_deserialise_psa_algorithm_t( + &pos, &remaining, + &alg); if (!ok) { goto fail; } @@ -1745,12 +1971,16 @@ int psa_cipher_decrypt_setup_wrapper( goto fail; } - ok = psasim_serialise_psa_status_t(&rpos, &rremain, status); + ok = psasim_serialise_psa_status_t( + &rpos, &rremain, + status); if (!ok) { goto fail; } - ok = psasim_server_serialise_psa_cipher_operation_t(&rpos, &rremain, operation); + ok = psasim_server_serialise_psa_cipher_operation_t( + &rpos, &rremain, + operation); if (!ok) { goto fail; } @@ -1790,27 +2020,37 @@ int psa_cipher_encrypt_wrapper( goto fail; } - ok = psasim_deserialise_mbedtls_svc_key_id_t(&pos, &remaining, &key); + ok = psasim_deserialise_mbedtls_svc_key_id_t( + &pos, &remaining, + &key); if (!ok) { goto fail; } - ok = psasim_deserialise_psa_algorithm_t(&pos, &remaining, &alg); + ok = psasim_deserialise_psa_algorithm_t( + &pos, &remaining, + &alg); if (!ok) { goto fail; } - ok = psasim_deserialise_buffer(&pos, &remaining, &input, &input_length); + ok = psasim_deserialise_buffer( + &pos, &remaining, + &input, &input_length); if (!ok) { goto fail; } - ok = psasim_deserialise_buffer(&pos, &remaining, &output, &output_size); + ok = psasim_deserialise_buffer( + &pos, &remaining, + &output, &output_size); if (!ok) { goto fail; } - ok = psasim_deserialise_size_t(&pos, &remaining, &output_length); + ok = psasim_deserialise_size_t( + &pos, &remaining, + &output_length); if (!ok) { goto fail; } @@ -1845,17 +2085,23 @@ int psa_cipher_encrypt_wrapper( goto fail; } - ok = psasim_serialise_psa_status_t(&rpos, &rremain, status); + ok = psasim_serialise_psa_status_t( + &rpos, &rremain, + status); if (!ok) { goto fail; } - ok = psasim_serialise_buffer(&rpos, &rremain, output, output_size); + ok = psasim_serialise_buffer( + &rpos, &rremain, + output, output_size); if (!ok) { goto fail; } - ok = psasim_serialise_size_t(&rpos, &rremain, output_length); + ok = psasim_serialise_size_t( + &rpos, &rremain, + output_length); if (!ok) { goto fail; } @@ -1897,17 +2143,23 @@ int psa_cipher_encrypt_setup_wrapper( goto fail; } - ok = psasim_server_deserialise_psa_cipher_operation_t(&pos, &remaining, &operation); + ok = psasim_server_deserialise_psa_cipher_operation_t( + &pos, &remaining, + &operation); if (!ok) { goto fail; } - ok = psasim_deserialise_mbedtls_svc_key_id_t(&pos, &remaining, &key); + ok = psasim_deserialise_mbedtls_svc_key_id_t( + &pos, &remaining, + &key); if (!ok) { goto fail; } - ok = psasim_deserialise_psa_algorithm_t(&pos, &remaining, &alg); + ok = psasim_deserialise_psa_algorithm_t( + &pos, &remaining, + &alg); if (!ok) { goto fail; } @@ -1939,12 +2191,16 @@ int psa_cipher_encrypt_setup_wrapper( goto fail; } - ok = psasim_serialise_psa_status_t(&rpos, &rremain, status); + ok = psasim_serialise_psa_status_t( + &rpos, &rremain, + status); if (!ok) { goto fail; } - ok = psasim_server_serialise_psa_cipher_operation_t(&rpos, &rremain, operation); + ok = psasim_server_serialise_psa_cipher_operation_t( + &rpos, &rremain, + operation); if (!ok) { goto fail; } @@ -1981,17 +2237,23 @@ int psa_cipher_finish_wrapper( goto fail; } - ok = psasim_server_deserialise_psa_cipher_operation_t(&pos, &remaining, &operation); + ok = psasim_server_deserialise_psa_cipher_operation_t( + &pos, &remaining, + &operation); if (!ok) { goto fail; } - ok = psasim_deserialise_buffer(&pos, &remaining, &output, &output_size); + ok = psasim_deserialise_buffer( + &pos, &remaining, + &output, &output_size); if (!ok) { goto fail; } - ok = psasim_deserialise_size_t(&pos, &remaining, &output_length); + ok = psasim_deserialise_size_t( + &pos, &remaining, + &output_length); if (!ok) { goto fail; } @@ -2025,22 +2287,30 @@ int psa_cipher_finish_wrapper( goto fail; } - ok = psasim_serialise_psa_status_t(&rpos, &rremain, status); + ok = psasim_serialise_psa_status_t( + &rpos, &rremain, + status); if (!ok) { goto fail; } - ok = psasim_server_serialise_psa_cipher_operation_t(&rpos, &rremain, operation); + ok = psasim_server_serialise_psa_cipher_operation_t( + &rpos, &rremain, + operation); if (!ok) { goto fail; } - ok = psasim_serialise_buffer(&rpos, &rremain, output, output_size); + ok = psasim_serialise_buffer( + &rpos, &rremain, + output, output_size); if (!ok) { goto fail; } - ok = psasim_serialise_size_t(&rpos, &rremain, output_length); + ok = psasim_serialise_size_t( + &rpos, &rremain, + output_length); if (!ok) { goto fail; } @@ -2081,17 +2351,23 @@ int psa_cipher_generate_iv_wrapper( goto fail; } - ok = psasim_server_deserialise_psa_cipher_operation_t(&pos, &remaining, &operation); + ok = psasim_server_deserialise_psa_cipher_operation_t( + &pos, &remaining, + &operation); if (!ok) { goto fail; } - ok = psasim_deserialise_buffer(&pos, &remaining, &iv, &iv_size); + ok = psasim_deserialise_buffer( + &pos, &remaining, + &iv, &iv_size); if (!ok) { goto fail; } - ok = psasim_deserialise_size_t(&pos, &remaining, &iv_length); + ok = psasim_deserialise_size_t( + &pos, &remaining, + &iv_length); if (!ok) { goto fail; } @@ -2125,22 +2401,30 @@ int psa_cipher_generate_iv_wrapper( goto fail; } - ok = psasim_serialise_psa_status_t(&rpos, &rremain, status); + ok = psasim_serialise_psa_status_t( + &rpos, &rremain, + status); if (!ok) { goto fail; } - ok = psasim_server_serialise_psa_cipher_operation_t(&rpos, &rremain, operation); + ok = psasim_server_serialise_psa_cipher_operation_t( + &rpos, &rremain, + operation); if (!ok) { goto fail; } - ok = psasim_serialise_buffer(&rpos, &rremain, iv, iv_size); + ok = psasim_serialise_buffer( + &rpos, &rremain, + iv, iv_size); if (!ok) { goto fail; } - ok = psasim_serialise_size_t(&rpos, &rremain, iv_length); + ok = psasim_serialise_size_t( + &rpos, &rremain, + iv_length); if (!ok) { goto fail; } @@ -2180,12 +2464,16 @@ int psa_cipher_set_iv_wrapper( goto fail; } - ok = psasim_server_deserialise_psa_cipher_operation_t(&pos, &remaining, &operation); + ok = psasim_server_deserialise_psa_cipher_operation_t( + &pos, &remaining, + &operation); if (!ok) { goto fail; } - ok = psasim_deserialise_buffer(&pos, &remaining, &iv, &iv_length); + ok = psasim_deserialise_buffer( + &pos, &remaining, + &iv, &iv_length); if (!ok) { goto fail; } @@ -2216,12 +2504,16 @@ int psa_cipher_set_iv_wrapper( goto fail; } - ok = psasim_serialise_psa_status_t(&rpos, &rremain, status); + ok = psasim_serialise_psa_status_t( + &rpos, &rremain, + status); if (!ok) { goto fail; } - ok = psasim_server_serialise_psa_cipher_operation_t(&rpos, &rremain, operation); + ok = psasim_server_serialise_psa_cipher_operation_t( + &rpos, &rremain, + operation); if (!ok) { goto fail; } @@ -2264,22 +2556,30 @@ int psa_cipher_update_wrapper( goto fail; } - ok = psasim_server_deserialise_psa_cipher_operation_t(&pos, &remaining, &operation); + ok = psasim_server_deserialise_psa_cipher_operation_t( + &pos, &remaining, + &operation); if (!ok) { goto fail; } - ok = psasim_deserialise_buffer(&pos, &remaining, &input, &input_length); + ok = psasim_deserialise_buffer( + &pos, &remaining, + &input, &input_length); if (!ok) { goto fail; } - ok = psasim_deserialise_buffer(&pos, &remaining, &output, &output_size); + ok = psasim_deserialise_buffer( + &pos, &remaining, + &output, &output_size); if (!ok) { goto fail; } - ok = psasim_deserialise_size_t(&pos, &remaining, &output_length); + ok = psasim_deserialise_size_t( + &pos, &remaining, + &output_length); if (!ok) { goto fail; } @@ -2314,22 +2614,30 @@ int psa_cipher_update_wrapper( goto fail; } - ok = psasim_serialise_psa_status_t(&rpos, &rremain, status); + ok = psasim_serialise_psa_status_t( + &rpos, &rremain, + status); if (!ok) { goto fail; } - ok = psasim_server_serialise_psa_cipher_operation_t(&rpos, &rremain, operation); + ok = psasim_server_serialise_psa_cipher_operation_t( + &rpos, &rremain, + operation); if (!ok) { goto fail; } - ok = psasim_serialise_buffer(&rpos, &rremain, output, output_size); + ok = psasim_serialise_buffer( + &rpos, &rremain, + output, output_size); if (!ok) { goto fail; } - ok = psasim_serialise_size_t(&rpos, &rremain, output_length); + ok = psasim_serialise_size_t( + &rpos, &rremain, + output_length); if (!ok) { goto fail; } @@ -2371,17 +2679,23 @@ int psa_copy_key_wrapper( goto fail; } - ok = psasim_deserialise_mbedtls_svc_key_id_t(&pos, &remaining, &source_key); + ok = psasim_deserialise_mbedtls_svc_key_id_t( + &pos, &remaining, + &source_key); if (!ok) { goto fail; } - ok = psasim_deserialise_psa_key_attributes_t(&pos, &remaining, &attributes); + ok = psasim_deserialise_psa_key_attributes_t( + &pos, &remaining, + &attributes); if (!ok) { goto fail; } - ok = psasim_deserialise_mbedtls_svc_key_id_t(&pos, &remaining, &target_key); + ok = psasim_deserialise_mbedtls_svc_key_id_t( + &pos, &remaining, + &target_key); if (!ok) { goto fail; } @@ -2413,12 +2727,16 @@ int psa_copy_key_wrapper( goto fail; } - ok = psasim_serialise_psa_status_t(&rpos, &rremain, status); + ok = psasim_serialise_psa_status_t( + &rpos, &rremain, + status); if (!ok) { goto fail; } - ok = psasim_serialise_mbedtls_svc_key_id_t(&rpos, &rremain, target_key); + ok = psasim_serialise_mbedtls_svc_key_id_t( + &rpos, &rremain, + target_key); if (!ok) { goto fail; } @@ -2452,7 +2770,9 @@ int psa_destroy_key_wrapper( goto fail; } - ok = psasim_deserialise_mbedtls_svc_key_id_t(&pos, &remaining, &key); + ok = psasim_deserialise_mbedtls_svc_key_id_t( + &pos, &remaining, + &key); if (!ok) { goto fail; } @@ -2481,7 +2801,9 @@ int psa_destroy_key_wrapper( goto fail; } - ok = psasim_serialise_psa_status_t(&rpos, &rremain, status); + ok = psasim_serialise_psa_status_t( + &rpos, &rremain, + status); if (!ok) { goto fail; } @@ -2518,17 +2840,23 @@ int psa_export_key_wrapper( goto fail; } - ok = psasim_deserialise_mbedtls_svc_key_id_t(&pos, &remaining, &key); + ok = psasim_deserialise_mbedtls_svc_key_id_t( + &pos, &remaining, + &key); if (!ok) { goto fail; } - ok = psasim_deserialise_buffer(&pos, &remaining, &data, &data_size); + ok = psasim_deserialise_buffer( + &pos, &remaining, + &data, &data_size); if (!ok) { goto fail; } - ok = psasim_deserialise_size_t(&pos, &remaining, &data_length); + ok = psasim_deserialise_size_t( + &pos, &remaining, + &data_length); if (!ok) { goto fail; } @@ -2561,17 +2889,23 @@ int psa_export_key_wrapper( goto fail; } - ok = psasim_serialise_psa_status_t(&rpos, &rremain, status); + ok = psasim_serialise_psa_status_t( + &rpos, &rremain, + status); if (!ok) { goto fail; } - ok = psasim_serialise_buffer(&rpos, &rremain, data, data_size); + ok = psasim_serialise_buffer( + &rpos, &rremain, + data, data_size); if (!ok) { goto fail; } - ok = psasim_serialise_size_t(&rpos, &rremain, data_length); + ok = psasim_serialise_size_t( + &rpos, &rremain, + data_length); if (!ok) { goto fail; } @@ -2612,17 +2946,23 @@ int psa_export_public_key_wrapper( goto fail; } - ok = psasim_deserialise_mbedtls_svc_key_id_t(&pos, &remaining, &key); + ok = psasim_deserialise_mbedtls_svc_key_id_t( + &pos, &remaining, + &key); if (!ok) { goto fail; } - ok = psasim_deserialise_buffer(&pos, &remaining, &data, &data_size); + ok = psasim_deserialise_buffer( + &pos, &remaining, + &data, &data_size); if (!ok) { goto fail; } - ok = psasim_deserialise_size_t(&pos, &remaining, &data_length); + ok = psasim_deserialise_size_t( + &pos, &remaining, + &data_length); if (!ok) { goto fail; } @@ -2655,17 +2995,23 @@ int psa_export_public_key_wrapper( goto fail; } - ok = psasim_serialise_psa_status_t(&rpos, &rremain, status); + ok = psasim_serialise_psa_status_t( + &rpos, &rremain, + status); if (!ok) { goto fail; } - ok = psasim_serialise_buffer(&rpos, &rremain, data, data_size); + ok = psasim_serialise_buffer( + &rpos, &rremain, + data, data_size); if (!ok) { goto fail; } - ok = psasim_serialise_size_t(&rpos, &rremain, data_length); + ok = psasim_serialise_size_t( + &rpos, &rremain, + data_length); if (!ok) { goto fail; } @@ -2704,12 +3050,16 @@ int psa_generate_key_wrapper( goto fail; } - ok = psasim_deserialise_psa_key_attributes_t(&pos, &remaining, &attributes); + ok = psasim_deserialise_psa_key_attributes_t( + &pos, &remaining, + &attributes); if (!ok) { goto fail; } - ok = psasim_deserialise_mbedtls_svc_key_id_t(&pos, &remaining, &key); + ok = psasim_deserialise_mbedtls_svc_key_id_t( + &pos, &remaining, + &key); if (!ok) { goto fail; } @@ -2740,12 +3090,16 @@ int psa_generate_key_wrapper( goto fail; } - ok = psasim_serialise_psa_status_t(&rpos, &rremain, status); + ok = psasim_serialise_psa_status_t( + &rpos, &rremain, + status); if (!ok) { goto fail; } - ok = psasim_serialise_mbedtls_svc_key_id_t(&rpos, &rremain, key); + ok = psasim_serialise_mbedtls_svc_key_id_t( + &rpos, &rremain, + key); if (!ok) { goto fail; } @@ -2782,17 +3136,23 @@ int psa_generate_key_ext_wrapper( goto fail; } - ok = psasim_deserialise_psa_key_attributes_t(&pos, &remaining, &attributes); + ok = psasim_deserialise_psa_key_attributes_t( + &pos, &remaining, + &attributes); if (!ok) { goto fail; } - ok = psasim_deserialise_psa_key_production_parameters_t(&pos, &remaining, ¶ms, ¶ms_data_length); + ok = psasim_deserialise_psa_key_production_parameters_t( + &pos, &remaining, + ¶ms, ¶ms_data_length); if (!ok) { goto fail; } - ok = psasim_deserialise_mbedtls_svc_key_id_t(&pos, &remaining, &key); + ok = psasim_deserialise_mbedtls_svc_key_id_t( + &pos, &remaining, + &key); if (!ok) { goto fail; } @@ -2824,12 +3184,16 @@ int psa_generate_key_ext_wrapper( goto fail; } - ok = psasim_serialise_psa_status_t(&rpos, &rremain, status); + ok = psasim_serialise_psa_status_t( + &rpos, &rremain, + status); if (!ok) { goto fail; } - ok = psasim_serialise_mbedtls_svc_key_id_t(&rpos, &rremain, key); + ok = psasim_serialise_mbedtls_svc_key_id_t( + &rpos, &rremain, + key); if (!ok) { goto fail; } @@ -2868,7 +3232,9 @@ int psa_generate_random_wrapper( goto fail; } - ok = psasim_deserialise_buffer(&pos, &remaining, &output, &output_size); + ok = psasim_deserialise_buffer( + &pos, &remaining, + &output, &output_size); if (!ok) { goto fail; } @@ -2898,12 +3264,16 @@ int psa_generate_random_wrapper( goto fail; } - ok = psasim_serialise_psa_status_t(&rpos, &rremain, status); + ok = psasim_serialise_psa_status_t( + &rpos, &rremain, + status); if (!ok) { goto fail; } - ok = psasim_serialise_buffer(&rpos, &rremain, output, output_size); + ok = psasim_serialise_buffer( + &rpos, &rremain, + output, output_size); if (!ok) { goto fail; } @@ -2942,12 +3312,16 @@ int psa_get_key_attributes_wrapper( goto fail; } - ok = psasim_deserialise_mbedtls_svc_key_id_t(&pos, &remaining, &key); + ok = psasim_deserialise_mbedtls_svc_key_id_t( + &pos, &remaining, + &key); if (!ok) { goto fail; } - ok = psasim_deserialise_psa_key_attributes_t(&pos, &remaining, &attributes); + ok = psasim_deserialise_psa_key_attributes_t( + &pos, &remaining, + &attributes); if (!ok) { goto fail; } @@ -2978,12 +3352,16 @@ int psa_get_key_attributes_wrapper( goto fail; } - ok = psasim_serialise_psa_status_t(&rpos, &rremain, status); + ok = psasim_serialise_psa_status_t( + &rpos, &rremain, + status); if (!ok) { goto fail; } - ok = psasim_serialise_psa_key_attributes_t(&rpos, &rremain, attributes); + ok = psasim_serialise_psa_key_attributes_t( + &rpos, &rremain, + attributes); if (!ok) { goto fail; } @@ -3017,7 +3395,9 @@ int psa_hash_abort_wrapper( goto fail; } - ok = psasim_server_deserialise_psa_hash_operation_t(&pos, &remaining, &operation); + ok = psasim_server_deserialise_psa_hash_operation_t( + &pos, &remaining, + &operation); if (!ok) { goto fail; } @@ -3047,12 +3427,16 @@ int psa_hash_abort_wrapper( goto fail; } - ok = psasim_serialise_psa_status_t(&rpos, &rremain, status); + ok = psasim_serialise_psa_status_t( + &rpos, &rremain, + status); if (!ok) { goto fail; } - ok = psasim_server_serialise_psa_hash_operation_t(&rpos, &rremain, operation); + ok = psasim_server_serialise_psa_hash_operation_t( + &rpos, &rremain, + operation); if (!ok) { goto fail; } @@ -3087,12 +3471,16 @@ int psa_hash_clone_wrapper( goto fail; } - ok = psasim_server_deserialise_psa_hash_operation_t(&pos, &remaining, &source_operation); + ok = psasim_server_deserialise_psa_hash_operation_t( + &pos, &remaining, + &source_operation); if (!ok) { goto fail; } - ok = psasim_server_deserialise_psa_hash_operation_t(&pos, &remaining, &target_operation); + ok = psasim_server_deserialise_psa_hash_operation_t( + &pos, &remaining, + &target_operation); if (!ok) { goto fail; } @@ -3123,12 +3511,16 @@ int psa_hash_clone_wrapper( goto fail; } - ok = psasim_serialise_psa_status_t(&rpos, &rremain, status); + ok = psasim_serialise_psa_status_t( + &rpos, &rremain, + status); if (!ok) { goto fail; } - ok = psasim_server_serialise_psa_hash_operation_t(&rpos, &rremain, target_operation); + ok = psasim_server_serialise_psa_hash_operation_t( + &rpos, &rremain, + target_operation); if (!ok) { goto fail; } @@ -3166,17 +3558,23 @@ int psa_hash_compare_wrapper( goto fail; } - ok = psasim_deserialise_psa_algorithm_t(&pos, &remaining, &alg); + ok = psasim_deserialise_psa_algorithm_t( + &pos, &remaining, + &alg); if (!ok) { goto fail; } - ok = psasim_deserialise_buffer(&pos, &remaining, &input, &input_length); + ok = psasim_deserialise_buffer( + &pos, &remaining, + &input, &input_length); if (!ok) { goto fail; } - ok = psasim_deserialise_buffer(&pos, &remaining, &hash, &hash_length); + ok = psasim_deserialise_buffer( + &pos, &remaining, + &hash, &hash_length); if (!ok) { goto fail; } @@ -3207,7 +3605,9 @@ int psa_hash_compare_wrapper( goto fail; } - ok = psasim_serialise_psa_status_t(&rpos, &rremain, status); + ok = psasim_serialise_psa_status_t( + &rpos, &rremain, + status); if (!ok) { goto fail; } @@ -3252,22 +3652,30 @@ int psa_hash_compute_wrapper( goto fail; } - ok = psasim_deserialise_psa_algorithm_t(&pos, &remaining, &alg); + ok = psasim_deserialise_psa_algorithm_t( + &pos, &remaining, + &alg); if (!ok) { goto fail; } - ok = psasim_deserialise_buffer(&pos, &remaining, &input, &input_length); + ok = psasim_deserialise_buffer( + &pos, &remaining, + &input, &input_length); if (!ok) { goto fail; } - ok = psasim_deserialise_buffer(&pos, &remaining, &hash, &hash_size); + ok = psasim_deserialise_buffer( + &pos, &remaining, + &hash, &hash_size); if (!ok) { goto fail; } - ok = psasim_deserialise_size_t(&pos, &remaining, &hash_length); + ok = psasim_deserialise_size_t( + &pos, &remaining, + &hash_length); if (!ok) { goto fail; } @@ -3301,17 +3709,23 @@ int psa_hash_compute_wrapper( goto fail; } - ok = psasim_serialise_psa_status_t(&rpos, &rremain, status); + ok = psasim_serialise_psa_status_t( + &rpos, &rremain, + status); if (!ok) { goto fail; } - ok = psasim_serialise_buffer(&rpos, &rremain, hash, hash_size); + ok = psasim_serialise_buffer( + &rpos, &rremain, + hash, hash_size); if (!ok) { goto fail; } - ok = psasim_serialise_size_t(&rpos, &rremain, hash_length); + ok = psasim_serialise_size_t( + &rpos, &rremain, + hash_length); if (!ok) { goto fail; } @@ -3354,17 +3768,23 @@ int psa_hash_finish_wrapper( goto fail; } - ok = psasim_server_deserialise_psa_hash_operation_t(&pos, &remaining, &operation); + ok = psasim_server_deserialise_psa_hash_operation_t( + &pos, &remaining, + &operation); if (!ok) { goto fail; } - ok = psasim_deserialise_buffer(&pos, &remaining, &hash, &hash_size); + ok = psasim_deserialise_buffer( + &pos, &remaining, + &hash, &hash_size); if (!ok) { goto fail; } - ok = psasim_deserialise_size_t(&pos, &remaining, &hash_length); + ok = psasim_deserialise_size_t( + &pos, &remaining, + &hash_length); if (!ok) { goto fail; } @@ -3398,22 +3818,30 @@ int psa_hash_finish_wrapper( goto fail; } - ok = psasim_serialise_psa_status_t(&rpos, &rremain, status); + ok = psasim_serialise_psa_status_t( + &rpos, &rremain, + status); if (!ok) { goto fail; } - ok = psasim_server_serialise_psa_hash_operation_t(&rpos, &rremain, operation); + ok = psasim_server_serialise_psa_hash_operation_t( + &rpos, &rremain, + operation); if (!ok) { goto fail; } - ok = psasim_serialise_buffer(&rpos, &rremain, hash, hash_size); + ok = psasim_serialise_buffer( + &rpos, &rremain, + hash, hash_size); if (!ok) { goto fail; } - ok = psasim_serialise_size_t(&rpos, &rremain, hash_length); + ok = psasim_serialise_size_t( + &rpos, &rremain, + hash_length); if (!ok) { goto fail; } @@ -3452,12 +3880,16 @@ int psa_hash_setup_wrapper( goto fail; } - ok = psasim_server_deserialise_psa_hash_operation_t(&pos, &remaining, &operation); + ok = psasim_server_deserialise_psa_hash_operation_t( + &pos, &remaining, + &operation); if (!ok) { goto fail; } - ok = psasim_deserialise_psa_algorithm_t(&pos, &remaining, &alg); + ok = psasim_deserialise_psa_algorithm_t( + &pos, &remaining, + &alg); if (!ok) { goto fail; } @@ -3488,12 +3920,16 @@ int psa_hash_setup_wrapper( goto fail; } - ok = psasim_serialise_psa_status_t(&rpos, &rremain, status); + ok = psasim_serialise_psa_status_t( + &rpos, &rremain, + status); if (!ok) { goto fail; } - ok = psasim_server_serialise_psa_hash_operation_t(&rpos, &rremain, operation); + ok = psasim_server_serialise_psa_hash_operation_t( + &rpos, &rremain, + operation); if (!ok) { goto fail; } @@ -3529,12 +3965,16 @@ int psa_hash_update_wrapper( goto fail; } - ok = psasim_server_deserialise_psa_hash_operation_t(&pos, &remaining, &operation); + ok = psasim_server_deserialise_psa_hash_operation_t( + &pos, &remaining, + &operation); if (!ok) { goto fail; } - ok = psasim_deserialise_buffer(&pos, &remaining, &input, &input_length); + ok = psasim_deserialise_buffer( + &pos, &remaining, + &input, &input_length); if (!ok) { goto fail; } @@ -3565,12 +4005,16 @@ int psa_hash_update_wrapper( goto fail; } - ok = psasim_serialise_psa_status_t(&rpos, &rremain, status); + ok = psasim_serialise_psa_status_t( + &rpos, &rremain, + status); if (!ok) { goto fail; } - ok = psasim_server_serialise_psa_hash_operation_t(&rpos, &rremain, operation); + ok = psasim_server_serialise_psa_hash_operation_t( + &rpos, &rremain, + operation); if (!ok) { goto fail; } @@ -3610,12 +4054,16 @@ int psa_hash_verify_wrapper( goto fail; } - ok = psasim_server_deserialise_psa_hash_operation_t(&pos, &remaining, &operation); + ok = psasim_server_deserialise_psa_hash_operation_t( + &pos, &remaining, + &operation); if (!ok) { goto fail; } - ok = psasim_deserialise_buffer(&pos, &remaining, &hash, &hash_length); + ok = psasim_deserialise_buffer( + &pos, &remaining, + &hash, &hash_length); if (!ok) { goto fail; } @@ -3646,12 +4094,16 @@ int psa_hash_verify_wrapper( goto fail; } - ok = psasim_serialise_psa_status_t(&rpos, &rremain, status); + ok = psasim_serialise_psa_status_t( + &rpos, &rremain, + status); if (!ok) { goto fail; } - ok = psasim_server_serialise_psa_hash_operation_t(&rpos, &rremain, operation); + ok = psasim_server_serialise_psa_hash_operation_t( + &rpos, &rremain, + operation); if (!ok) { goto fail; } @@ -3692,17 +4144,23 @@ int psa_import_key_wrapper( goto fail; } - ok = psasim_deserialise_psa_key_attributes_t(&pos, &remaining, &attributes); + ok = psasim_deserialise_psa_key_attributes_t( + &pos, &remaining, + &attributes); if (!ok) { goto fail; } - ok = psasim_deserialise_buffer(&pos, &remaining, &data, &data_length); + ok = psasim_deserialise_buffer( + &pos, &remaining, + &data, &data_length); if (!ok) { goto fail; } - ok = psasim_deserialise_mbedtls_svc_key_id_t(&pos, &remaining, &key); + ok = psasim_deserialise_mbedtls_svc_key_id_t( + &pos, &remaining, + &key); if (!ok) { goto fail; } @@ -3734,12 +4192,16 @@ int psa_import_key_wrapper( goto fail; } - ok = psasim_serialise_psa_status_t(&rpos, &rremain, status); + ok = psasim_serialise_psa_status_t( + &rpos, &rremain, + status); if (!ok) { goto fail; } - ok = psasim_serialise_mbedtls_svc_key_id_t(&rpos, &rremain, key); + ok = psasim_serialise_mbedtls_svc_key_id_t( + &rpos, &rremain, + key); if (!ok) { goto fail; } @@ -3792,7 +4254,9 @@ int psa_interruptible_get_max_ops_wrapper( goto fail; } - ok = psasim_serialise_uint32_t(&rpos, &rremain, value); + ok = psasim_serialise_uint32_t( + &rpos, &rremain, + value); if (!ok) { goto fail; } @@ -3825,7 +4289,9 @@ int psa_interruptible_set_max_ops_wrapper( goto fail; } - ok = psasim_deserialise_uint32_t(&pos, &remaining, &max_ops); + ok = psasim_deserialise_uint32_t( + &pos, &remaining, + &max_ops); if (!ok) { goto fail; } @@ -3882,7 +4348,9 @@ int psa_key_derivation_abort_wrapper( goto fail; } - ok = psasim_server_deserialise_psa_key_derivation_operation_t(&pos, &remaining, &operation); + ok = psasim_server_deserialise_psa_key_derivation_operation_t( + &pos, &remaining, + &operation); if (!ok) { goto fail; } @@ -3912,12 +4380,16 @@ int psa_key_derivation_abort_wrapper( goto fail; } - ok = psasim_serialise_psa_status_t(&rpos, &rremain, status); + ok = psasim_serialise_psa_status_t( + &rpos, &rremain, + status); if (!ok) { goto fail; } - ok = psasim_server_serialise_psa_key_derivation_operation_t(&rpos, &rremain, operation); + ok = psasim_server_serialise_psa_key_derivation_operation_t( + &rpos, &rremain, + operation); if (!ok) { goto fail; } @@ -3952,12 +4424,16 @@ int psa_key_derivation_get_capacity_wrapper( goto fail; } - ok = psasim_server_deserialise_psa_key_derivation_operation_t(&pos, &remaining, &operation); + ok = psasim_server_deserialise_psa_key_derivation_operation_t( + &pos, &remaining, + &operation); if (!ok) { goto fail; } - ok = psasim_deserialise_size_t(&pos, &remaining, &capacity); + ok = psasim_deserialise_size_t( + &pos, &remaining, + &capacity); if (!ok) { goto fail; } @@ -3988,12 +4464,16 @@ int psa_key_derivation_get_capacity_wrapper( goto fail; } - ok = psasim_serialise_psa_status_t(&rpos, &rremain, status); + ok = psasim_serialise_psa_status_t( + &rpos, &rremain, + status); if (!ok) { goto fail; } - ok = psasim_serialise_size_t(&rpos, &rremain, capacity); + ok = psasim_serialise_size_t( + &rpos, &rremain, + capacity); if (!ok) { goto fail; } @@ -4030,17 +4510,23 @@ int psa_key_derivation_input_bytes_wrapper( goto fail; } - ok = psasim_server_deserialise_psa_key_derivation_operation_t(&pos, &remaining, &operation); + ok = psasim_server_deserialise_psa_key_derivation_operation_t( + &pos, &remaining, + &operation); if (!ok) { goto fail; } - ok = psasim_deserialise_psa_key_derivation_step_t(&pos, &remaining, &step); + ok = psasim_deserialise_psa_key_derivation_step_t( + &pos, &remaining, + &step); if (!ok) { goto fail; } - ok = psasim_deserialise_buffer(&pos, &remaining, &data, &data_length); + ok = psasim_deserialise_buffer( + &pos, &remaining, + &data, &data_length); if (!ok) { goto fail; } @@ -4072,12 +4558,16 @@ int psa_key_derivation_input_bytes_wrapper( goto fail; } - ok = psasim_serialise_psa_status_t(&rpos, &rremain, status); + ok = psasim_serialise_psa_status_t( + &rpos, &rremain, + status); if (!ok) { goto fail; } - ok = psasim_server_serialise_psa_key_derivation_operation_t(&rpos, &rremain, operation); + ok = psasim_server_serialise_psa_key_derivation_operation_t( + &rpos, &rremain, + operation); if (!ok) { goto fail; } @@ -4117,17 +4607,23 @@ int psa_key_derivation_input_integer_wrapper( goto fail; } - ok = psasim_server_deserialise_psa_key_derivation_operation_t(&pos, &remaining, &operation); + ok = psasim_server_deserialise_psa_key_derivation_operation_t( + &pos, &remaining, + &operation); if (!ok) { goto fail; } - ok = psasim_deserialise_psa_key_derivation_step_t(&pos, &remaining, &step); + ok = psasim_deserialise_psa_key_derivation_step_t( + &pos, &remaining, + &step); if (!ok) { goto fail; } - ok = psasim_deserialise_uint64_t(&pos, &remaining, &value); + ok = psasim_deserialise_uint64_t( + &pos, &remaining, + &value); if (!ok) { goto fail; } @@ -4159,12 +4655,16 @@ int psa_key_derivation_input_integer_wrapper( goto fail; } - ok = psasim_serialise_psa_status_t(&rpos, &rremain, status); + ok = psasim_serialise_psa_status_t( + &rpos, &rremain, + status); if (!ok) { goto fail; } - ok = psasim_server_serialise_psa_key_derivation_operation_t(&rpos, &rremain, operation); + ok = psasim_server_serialise_psa_key_derivation_operation_t( + &rpos, &rremain, + operation); if (!ok) { goto fail; } @@ -4200,17 +4700,23 @@ int psa_key_derivation_input_key_wrapper( goto fail; } - ok = psasim_server_deserialise_psa_key_derivation_operation_t(&pos, &remaining, &operation); + ok = psasim_server_deserialise_psa_key_derivation_operation_t( + &pos, &remaining, + &operation); if (!ok) { goto fail; } - ok = psasim_deserialise_psa_key_derivation_step_t(&pos, &remaining, &step); + ok = psasim_deserialise_psa_key_derivation_step_t( + &pos, &remaining, + &step); if (!ok) { goto fail; } - ok = psasim_deserialise_mbedtls_svc_key_id_t(&pos, &remaining, &key); + ok = psasim_deserialise_mbedtls_svc_key_id_t( + &pos, &remaining, + &key); if (!ok) { goto fail; } @@ -4242,12 +4748,16 @@ int psa_key_derivation_input_key_wrapper( goto fail; } - ok = psasim_serialise_psa_status_t(&rpos, &rremain, status); + ok = psasim_serialise_psa_status_t( + &rpos, &rremain, + status); if (!ok) { goto fail; } - ok = psasim_server_serialise_psa_key_derivation_operation_t(&rpos, &rremain, operation); + ok = psasim_server_serialise_psa_key_derivation_operation_t( + &rpos, &rremain, + operation); if (!ok) { goto fail; } @@ -4285,22 +4795,30 @@ int psa_key_derivation_key_agreement_wrapper( goto fail; } - ok = psasim_server_deserialise_psa_key_derivation_operation_t(&pos, &remaining, &operation); + ok = psasim_server_deserialise_psa_key_derivation_operation_t( + &pos, &remaining, + &operation); if (!ok) { goto fail; } - ok = psasim_deserialise_psa_key_derivation_step_t(&pos, &remaining, &step); + ok = psasim_deserialise_psa_key_derivation_step_t( + &pos, &remaining, + &step); if (!ok) { goto fail; } - ok = psasim_deserialise_mbedtls_svc_key_id_t(&pos, &remaining, &private_key); + ok = psasim_deserialise_mbedtls_svc_key_id_t( + &pos, &remaining, + &private_key); if (!ok) { goto fail; } - ok = psasim_deserialise_buffer(&pos, &remaining, &peer_key, &peer_key_length); + ok = psasim_deserialise_buffer( + &pos, &remaining, + &peer_key, &peer_key_length); if (!ok) { goto fail; } @@ -4333,12 +4851,16 @@ int psa_key_derivation_key_agreement_wrapper( goto fail; } - ok = psasim_serialise_psa_status_t(&rpos, &rremain, status); + ok = psasim_serialise_psa_status_t( + &rpos, &rremain, + status); if (!ok) { goto fail; } - ok = psasim_server_serialise_psa_key_derivation_operation_t(&rpos, &rremain, operation); + ok = psasim_server_serialise_psa_key_derivation_operation_t( + &rpos, &rremain, + operation); if (!ok) { goto fail; } @@ -4378,12 +4900,16 @@ int psa_key_derivation_output_bytes_wrapper( goto fail; } - ok = psasim_server_deserialise_psa_key_derivation_operation_t(&pos, &remaining, &operation); + ok = psasim_server_deserialise_psa_key_derivation_operation_t( + &pos, &remaining, + &operation); if (!ok) { goto fail; } - ok = psasim_deserialise_buffer(&pos, &remaining, &output, &output_length); + ok = psasim_deserialise_buffer( + &pos, &remaining, + &output, &output_length); if (!ok) { goto fail; } @@ -4415,17 +4941,23 @@ int psa_key_derivation_output_bytes_wrapper( goto fail; } - ok = psasim_serialise_psa_status_t(&rpos, &rremain, status); + ok = psasim_serialise_psa_status_t( + &rpos, &rremain, + status); if (!ok) { goto fail; } - ok = psasim_server_serialise_psa_key_derivation_operation_t(&rpos, &rremain, operation); + ok = psasim_server_serialise_psa_key_derivation_operation_t( + &rpos, &rremain, + operation); if (!ok) { goto fail; } - ok = psasim_serialise_buffer(&rpos, &rremain, output, output_length); + ok = psasim_serialise_buffer( + &rpos, &rremain, + output, output_length); if (!ok) { goto fail; } @@ -4465,17 +4997,23 @@ int psa_key_derivation_output_key_wrapper( goto fail; } - ok = psasim_deserialise_psa_key_attributes_t(&pos, &remaining, &attributes); + ok = psasim_deserialise_psa_key_attributes_t( + &pos, &remaining, + &attributes); if (!ok) { goto fail; } - ok = psasim_server_deserialise_psa_key_derivation_operation_t(&pos, &remaining, &operation); + ok = psasim_server_deserialise_psa_key_derivation_operation_t( + &pos, &remaining, + &operation); if (!ok) { goto fail; } - ok = psasim_deserialise_mbedtls_svc_key_id_t(&pos, &remaining, &key); + ok = psasim_deserialise_mbedtls_svc_key_id_t( + &pos, &remaining, + &key); if (!ok) { goto fail; } @@ -4508,17 +5046,23 @@ int psa_key_derivation_output_key_wrapper( goto fail; } - ok = psasim_serialise_psa_status_t(&rpos, &rremain, status); + ok = psasim_serialise_psa_status_t( + &rpos, &rremain, + status); if (!ok) { goto fail; } - ok = psasim_server_serialise_psa_key_derivation_operation_t(&rpos, &rremain, operation); + ok = psasim_server_serialise_psa_key_derivation_operation_t( + &rpos, &rremain, + operation); if (!ok) { goto fail; } - ok = psasim_serialise_mbedtls_svc_key_id_t(&rpos, &rremain, key); + ok = psasim_serialise_mbedtls_svc_key_id_t( + &rpos, &rremain, + key); if (!ok) { goto fail; } @@ -4556,22 +5100,30 @@ int psa_key_derivation_output_key_ext_wrapper( goto fail; } - ok = psasim_deserialise_psa_key_attributes_t(&pos, &remaining, &attributes); + ok = psasim_deserialise_psa_key_attributes_t( + &pos, &remaining, + &attributes); if (!ok) { goto fail; } - ok = psasim_server_deserialise_psa_key_derivation_operation_t(&pos, &remaining, &operation); + ok = psasim_server_deserialise_psa_key_derivation_operation_t( + &pos, &remaining, + &operation); if (!ok) { goto fail; } - ok = psasim_deserialise_psa_key_production_parameters_t(&pos, &remaining, ¶ms, ¶ms_data_length); + ok = psasim_deserialise_psa_key_production_parameters_t( + &pos, &remaining, + ¶ms, ¶ms_data_length); if (!ok) { goto fail; } - ok = psasim_deserialise_mbedtls_svc_key_id_t(&pos, &remaining, &key); + ok = psasim_deserialise_mbedtls_svc_key_id_t( + &pos, &remaining, + &key); if (!ok) { goto fail; } @@ -4605,17 +5157,23 @@ int psa_key_derivation_output_key_ext_wrapper( goto fail; } - ok = psasim_serialise_psa_status_t(&rpos, &rremain, status); + ok = psasim_serialise_psa_status_t( + &rpos, &rremain, + status); if (!ok) { goto fail; } - ok = psasim_server_serialise_psa_key_derivation_operation_t(&rpos, &rremain, operation); + ok = psasim_server_serialise_psa_key_derivation_operation_t( + &rpos, &rremain, + operation); if (!ok) { goto fail; } - ok = psasim_serialise_mbedtls_svc_key_id_t(&rpos, &rremain, key); + ok = psasim_serialise_mbedtls_svc_key_id_t( + &rpos, &rremain, + key); if (!ok) { goto fail; } @@ -4654,12 +5212,16 @@ int psa_key_derivation_set_capacity_wrapper( goto fail; } - ok = psasim_server_deserialise_psa_key_derivation_operation_t(&pos, &remaining, &operation); + ok = psasim_server_deserialise_psa_key_derivation_operation_t( + &pos, &remaining, + &operation); if (!ok) { goto fail; } - ok = psasim_deserialise_size_t(&pos, &remaining, &capacity); + ok = psasim_deserialise_size_t( + &pos, &remaining, + &capacity); if (!ok) { goto fail; } @@ -4690,12 +5252,16 @@ int psa_key_derivation_set_capacity_wrapper( goto fail; } - ok = psasim_serialise_psa_status_t(&rpos, &rremain, status); + ok = psasim_serialise_psa_status_t( + &rpos, &rremain, + status); if (!ok) { goto fail; } - ok = psasim_server_serialise_psa_key_derivation_operation_t(&rpos, &rremain, operation); + ok = psasim_server_serialise_psa_key_derivation_operation_t( + &rpos, &rremain, + operation); if (!ok) { goto fail; } @@ -4730,12 +5296,16 @@ int psa_key_derivation_setup_wrapper( goto fail; } - ok = psasim_server_deserialise_psa_key_derivation_operation_t(&pos, &remaining, &operation); + ok = psasim_server_deserialise_psa_key_derivation_operation_t( + &pos, &remaining, + &operation); if (!ok) { goto fail; } - ok = psasim_deserialise_psa_algorithm_t(&pos, &remaining, &alg); + ok = psasim_deserialise_psa_algorithm_t( + &pos, &remaining, + &alg); if (!ok) { goto fail; } @@ -4766,12 +5336,16 @@ int psa_key_derivation_setup_wrapper( goto fail; } - ok = psasim_serialise_psa_status_t(&rpos, &rremain, status); + ok = psasim_serialise_psa_status_t( + &rpos, &rremain, + status); if (!ok) { goto fail; } - ok = psasim_server_serialise_psa_key_derivation_operation_t(&rpos, &rremain, operation); + ok = psasim_server_serialise_psa_key_derivation_operation_t( + &rpos, &rremain, + operation); if (!ok) { goto fail; } @@ -4805,7 +5379,9 @@ int psa_mac_abort_wrapper( goto fail; } - ok = psasim_server_deserialise_psa_mac_operation_t(&pos, &remaining, &operation); + ok = psasim_server_deserialise_psa_mac_operation_t( + &pos, &remaining, + &operation); if (!ok) { goto fail; } @@ -4835,12 +5411,16 @@ int psa_mac_abort_wrapper( goto fail; } - ok = psasim_serialise_psa_status_t(&rpos, &rremain, status); + ok = psasim_serialise_psa_status_t( + &rpos, &rremain, + status); if (!ok) { goto fail; } - ok = psasim_server_serialise_psa_mac_operation_t(&rpos, &rremain, operation); + ok = psasim_server_serialise_psa_mac_operation_t( + &rpos, &rremain, + operation); if (!ok) { goto fail; } @@ -4880,27 +5460,37 @@ int psa_mac_compute_wrapper( goto fail; } - ok = psasim_deserialise_mbedtls_svc_key_id_t(&pos, &remaining, &key); + ok = psasim_deserialise_mbedtls_svc_key_id_t( + &pos, &remaining, + &key); if (!ok) { goto fail; } - ok = psasim_deserialise_psa_algorithm_t(&pos, &remaining, &alg); + ok = psasim_deserialise_psa_algorithm_t( + &pos, &remaining, + &alg); if (!ok) { goto fail; } - ok = psasim_deserialise_buffer(&pos, &remaining, &input, &input_length); + ok = psasim_deserialise_buffer( + &pos, &remaining, + &input, &input_length); if (!ok) { goto fail; } - ok = psasim_deserialise_buffer(&pos, &remaining, &mac, &mac_size); + ok = psasim_deserialise_buffer( + &pos, &remaining, + &mac, &mac_size); if (!ok) { goto fail; } - ok = psasim_deserialise_size_t(&pos, &remaining, &mac_length); + ok = psasim_deserialise_size_t( + &pos, &remaining, + &mac_length); if (!ok) { goto fail; } @@ -4935,17 +5525,23 @@ int psa_mac_compute_wrapper( goto fail; } - ok = psasim_serialise_psa_status_t(&rpos, &rremain, status); + ok = psasim_serialise_psa_status_t( + &rpos, &rremain, + status); if (!ok) { goto fail; } - ok = psasim_serialise_buffer(&rpos, &rremain, mac, mac_size); + ok = psasim_serialise_buffer( + &rpos, &rremain, + mac, mac_size); if (!ok) { goto fail; } - ok = psasim_serialise_size_t(&rpos, &rremain, mac_length); + ok = psasim_serialise_size_t( + &rpos, &rremain, + mac_length); if (!ok) { goto fail; } @@ -4988,17 +5584,23 @@ int psa_mac_sign_finish_wrapper( goto fail; } - ok = psasim_server_deserialise_psa_mac_operation_t(&pos, &remaining, &operation); + ok = psasim_server_deserialise_psa_mac_operation_t( + &pos, &remaining, + &operation); if (!ok) { goto fail; } - ok = psasim_deserialise_buffer(&pos, &remaining, &mac, &mac_size); + ok = psasim_deserialise_buffer( + &pos, &remaining, + &mac, &mac_size); if (!ok) { goto fail; } - ok = psasim_deserialise_size_t(&pos, &remaining, &mac_length); + ok = psasim_deserialise_size_t( + &pos, &remaining, + &mac_length); if (!ok) { goto fail; } @@ -5032,22 +5634,30 @@ int psa_mac_sign_finish_wrapper( goto fail; } - ok = psasim_serialise_psa_status_t(&rpos, &rremain, status); + ok = psasim_serialise_psa_status_t( + &rpos, &rremain, + status); if (!ok) { goto fail; } - ok = psasim_server_serialise_psa_mac_operation_t(&rpos, &rremain, operation); + ok = psasim_server_serialise_psa_mac_operation_t( + &rpos, &rremain, + operation); if (!ok) { goto fail; } - ok = psasim_serialise_buffer(&rpos, &rremain, mac, mac_size); + ok = psasim_serialise_buffer( + &rpos, &rremain, + mac, mac_size); if (!ok) { goto fail; } - ok = psasim_serialise_size_t(&rpos, &rremain, mac_length); + ok = psasim_serialise_size_t( + &rpos, &rremain, + mac_length); if (!ok) { goto fail; } @@ -5087,17 +5697,23 @@ int psa_mac_sign_setup_wrapper( goto fail; } - ok = psasim_server_deserialise_psa_mac_operation_t(&pos, &remaining, &operation); + ok = psasim_server_deserialise_psa_mac_operation_t( + &pos, &remaining, + &operation); if (!ok) { goto fail; } - ok = psasim_deserialise_mbedtls_svc_key_id_t(&pos, &remaining, &key); + ok = psasim_deserialise_mbedtls_svc_key_id_t( + &pos, &remaining, + &key); if (!ok) { goto fail; } - ok = psasim_deserialise_psa_algorithm_t(&pos, &remaining, &alg); + ok = psasim_deserialise_psa_algorithm_t( + &pos, &remaining, + &alg); if (!ok) { goto fail; } @@ -5129,12 +5745,16 @@ int psa_mac_sign_setup_wrapper( goto fail; } - ok = psasim_serialise_psa_status_t(&rpos, &rremain, status); + ok = psasim_serialise_psa_status_t( + &rpos, &rremain, + status); if (!ok) { goto fail; } - ok = psasim_server_serialise_psa_mac_operation_t(&rpos, &rremain, operation); + ok = psasim_server_serialise_psa_mac_operation_t( + &rpos, &rremain, + operation); if (!ok) { goto fail; } @@ -5170,12 +5790,16 @@ int psa_mac_update_wrapper( goto fail; } - ok = psasim_server_deserialise_psa_mac_operation_t(&pos, &remaining, &operation); + ok = psasim_server_deserialise_psa_mac_operation_t( + &pos, &remaining, + &operation); if (!ok) { goto fail; } - ok = psasim_deserialise_buffer(&pos, &remaining, &input, &input_length); + ok = psasim_deserialise_buffer( + &pos, &remaining, + &input, &input_length); if (!ok) { goto fail; } @@ -5206,12 +5830,16 @@ int psa_mac_update_wrapper( goto fail; } - ok = psasim_serialise_psa_status_t(&rpos, &rremain, status); + ok = psasim_serialise_psa_status_t( + &rpos, &rremain, + status); if (!ok) { goto fail; } - ok = psasim_server_serialise_psa_mac_operation_t(&rpos, &rremain, operation); + ok = psasim_server_serialise_psa_mac_operation_t( + &rpos, &rremain, + operation); if (!ok) { goto fail; } @@ -5254,22 +5882,30 @@ int psa_mac_verify_wrapper( goto fail; } - ok = psasim_deserialise_mbedtls_svc_key_id_t(&pos, &remaining, &key); + ok = psasim_deserialise_mbedtls_svc_key_id_t( + &pos, &remaining, + &key); if (!ok) { goto fail; } - ok = psasim_deserialise_psa_algorithm_t(&pos, &remaining, &alg); + ok = psasim_deserialise_psa_algorithm_t( + &pos, &remaining, + &alg); if (!ok) { goto fail; } - ok = psasim_deserialise_buffer(&pos, &remaining, &input, &input_length); + ok = psasim_deserialise_buffer( + &pos, &remaining, + &input, &input_length); if (!ok) { goto fail; } - ok = psasim_deserialise_buffer(&pos, &remaining, &mac, &mac_length); + ok = psasim_deserialise_buffer( + &pos, &remaining, + &mac, &mac_length); if (!ok) { goto fail; } @@ -5301,7 +5937,9 @@ int psa_mac_verify_wrapper( goto fail; } - ok = psasim_serialise_psa_status_t(&rpos, &rremain, status); + ok = psasim_serialise_psa_status_t( + &rpos, &rremain, + status); if (!ok) { goto fail; } @@ -5343,12 +5981,16 @@ int psa_mac_verify_finish_wrapper( goto fail; } - ok = psasim_server_deserialise_psa_mac_operation_t(&pos, &remaining, &operation); + ok = psasim_server_deserialise_psa_mac_operation_t( + &pos, &remaining, + &operation); if (!ok) { goto fail; } - ok = psasim_deserialise_buffer(&pos, &remaining, &mac, &mac_length); + ok = psasim_deserialise_buffer( + &pos, &remaining, + &mac, &mac_length); if (!ok) { goto fail; } @@ -5379,12 +6021,16 @@ int psa_mac_verify_finish_wrapper( goto fail; } - ok = psasim_serialise_psa_status_t(&rpos, &rremain, status); + ok = psasim_serialise_psa_status_t( + &rpos, &rremain, + status); if (!ok) { goto fail; } - ok = psasim_server_serialise_psa_mac_operation_t(&rpos, &rremain, operation); + ok = psasim_server_serialise_psa_mac_operation_t( + &rpos, &rremain, + operation); if (!ok) { goto fail; } @@ -5424,17 +6070,23 @@ int psa_mac_verify_setup_wrapper( goto fail; } - ok = psasim_server_deserialise_psa_mac_operation_t(&pos, &remaining, &operation); + ok = psasim_server_deserialise_psa_mac_operation_t( + &pos, &remaining, + &operation); if (!ok) { goto fail; } - ok = psasim_deserialise_mbedtls_svc_key_id_t(&pos, &remaining, &key); + ok = psasim_deserialise_mbedtls_svc_key_id_t( + &pos, &remaining, + &key); if (!ok) { goto fail; } - ok = psasim_deserialise_psa_algorithm_t(&pos, &remaining, &alg); + ok = psasim_deserialise_psa_algorithm_t( + &pos, &remaining, + &alg); if (!ok) { goto fail; } @@ -5466,12 +6118,16 @@ int psa_mac_verify_setup_wrapper( goto fail; } - ok = psasim_serialise_psa_status_t(&rpos, &rremain, status); + ok = psasim_serialise_psa_status_t( + &rpos, &rremain, + status); if (!ok) { goto fail; } - ok = psasim_server_serialise_psa_mac_operation_t(&rpos, &rremain, operation); + ok = psasim_server_serialise_psa_mac_operation_t( + &rpos, &rremain, + operation); if (!ok) { goto fail; } @@ -5505,7 +6161,9 @@ int psa_purge_key_wrapper( goto fail; } - ok = psasim_deserialise_mbedtls_svc_key_id_t(&pos, &remaining, &key); + ok = psasim_deserialise_mbedtls_svc_key_id_t( + &pos, &remaining, + &key); if (!ok) { goto fail; } @@ -5534,7 +6192,9 @@ int psa_purge_key_wrapper( goto fail; } - ok = psasim_serialise_psa_status_t(&rpos, &rremain, status); + ok = psasim_serialise_psa_status_t( + &rpos, &rremain, + status); if (!ok) { goto fail; } @@ -5574,27 +6234,37 @@ int psa_raw_key_agreement_wrapper( goto fail; } - ok = psasim_deserialise_psa_algorithm_t(&pos, &remaining, &alg); + ok = psasim_deserialise_psa_algorithm_t( + &pos, &remaining, + &alg); if (!ok) { goto fail; } - ok = psasim_deserialise_mbedtls_svc_key_id_t(&pos, &remaining, &private_key); + ok = psasim_deserialise_mbedtls_svc_key_id_t( + &pos, &remaining, + &private_key); if (!ok) { goto fail; } - ok = psasim_deserialise_buffer(&pos, &remaining, &peer_key, &peer_key_length); + ok = psasim_deserialise_buffer( + &pos, &remaining, + &peer_key, &peer_key_length); if (!ok) { goto fail; } - ok = psasim_deserialise_buffer(&pos, &remaining, &output, &output_size); + ok = psasim_deserialise_buffer( + &pos, &remaining, + &output, &output_size); if (!ok) { goto fail; } - ok = psasim_deserialise_size_t(&pos, &remaining, &output_length); + ok = psasim_deserialise_size_t( + &pos, &remaining, + &output_length); if (!ok) { goto fail; } @@ -5629,17 +6299,23 @@ int psa_raw_key_agreement_wrapper( goto fail; } - ok = psasim_serialise_psa_status_t(&rpos, &rremain, status); + ok = psasim_serialise_psa_status_t( + &rpos, &rremain, + status); if (!ok) { goto fail; } - ok = psasim_serialise_buffer(&rpos, &rremain, output, output_size); + ok = psasim_serialise_buffer( + &rpos, &rremain, + output, output_size); if (!ok) { goto fail; } - ok = psasim_serialise_size_t(&rpos, &rremain, output_length); + ok = psasim_serialise_size_t( + &rpos, &rremain, + output_length); if (!ok) { goto fail; } @@ -5678,7 +6354,9 @@ int psa_reset_key_attributes_wrapper( goto fail; } - ok = psasim_deserialise_psa_key_attributes_t(&pos, &remaining, &attributes); + ok = psasim_deserialise_psa_key_attributes_t( + &pos, &remaining, + &attributes); if (!ok) { goto fail; } @@ -5691,7 +6369,7 @@ int psa_reset_key_attributes_wrapper( // NOTE: Should really check there is no overflow as we go along. size_t result_size = - psasim_serialise_begin_needs(); + psasim_serialise_begin_needs() + psasim_serialise_psa_key_attributes_t_needs(attributes); result = malloc(result_size); @@ -5707,7 +6385,9 @@ int psa_reset_key_attributes_wrapper( goto fail; } - ok = psasim_serialise_psa_key_attributes_t(&rpos, &rremain, attributes); + ok = psasim_serialise_psa_key_attributes_t( + &rpos, &rremain, + attributes); if (!ok) { goto fail; } @@ -5747,27 +6427,37 @@ int psa_sign_hash_wrapper( goto fail; } - ok = psasim_deserialise_mbedtls_svc_key_id_t(&pos, &remaining, &key); + ok = psasim_deserialise_mbedtls_svc_key_id_t( + &pos, &remaining, + &key); if (!ok) { goto fail; } - ok = psasim_deserialise_psa_algorithm_t(&pos, &remaining, &alg); + ok = psasim_deserialise_psa_algorithm_t( + &pos, &remaining, + &alg); if (!ok) { goto fail; } - ok = psasim_deserialise_buffer(&pos, &remaining, &hash, &hash_length); + ok = psasim_deserialise_buffer( + &pos, &remaining, + &hash, &hash_length); if (!ok) { goto fail; } - ok = psasim_deserialise_buffer(&pos, &remaining, &signature, &signature_size); + ok = psasim_deserialise_buffer( + &pos, &remaining, + &signature, &signature_size); if (!ok) { goto fail; } - ok = psasim_deserialise_size_t(&pos, &remaining, &signature_length); + ok = psasim_deserialise_size_t( + &pos, &remaining, + &signature_length); if (!ok) { goto fail; } @@ -5802,17 +6492,23 @@ int psa_sign_hash_wrapper( goto fail; } - ok = psasim_serialise_psa_status_t(&rpos, &rremain, status); + ok = psasim_serialise_psa_status_t( + &rpos, &rremain, + status); if (!ok) { goto fail; } - ok = psasim_serialise_buffer(&rpos, &rremain, signature, signature_size); + ok = psasim_serialise_buffer( + &rpos, &rremain, + signature, signature_size); if (!ok) { goto fail; } - ok = psasim_serialise_size_t(&rpos, &rremain, signature_length); + ok = psasim_serialise_size_t( + &rpos, &rremain, + signature_length); if (!ok) { goto fail; } @@ -5852,7 +6548,9 @@ int psa_sign_hash_abort_wrapper( goto fail; } - ok = psasim_server_deserialise_psa_sign_hash_interruptible_operation_t(&pos, &remaining, &operation); + ok = psasim_server_deserialise_psa_sign_hash_interruptible_operation_t( + &pos, &remaining, + &operation); if (!ok) { goto fail; } @@ -5882,12 +6580,16 @@ int psa_sign_hash_abort_wrapper( goto fail; } - ok = psasim_serialise_psa_status_t(&rpos, &rremain, status); + ok = psasim_serialise_psa_status_t( + &rpos, &rremain, + status); if (!ok) { goto fail; } - ok = psasim_server_serialise_psa_sign_hash_interruptible_operation_t(&rpos, &rremain, operation); + ok = psasim_server_serialise_psa_sign_hash_interruptible_operation_t( + &rpos, &rremain, + operation); if (!ok) { goto fail; } @@ -5924,17 +6626,23 @@ int psa_sign_hash_complete_wrapper( goto fail; } - ok = psasim_server_deserialise_psa_sign_hash_interruptible_operation_t(&pos, &remaining, &operation); + ok = psasim_server_deserialise_psa_sign_hash_interruptible_operation_t( + &pos, &remaining, + &operation); if (!ok) { goto fail; } - ok = psasim_deserialise_buffer(&pos, &remaining, &signature, &signature_size); + ok = psasim_deserialise_buffer( + &pos, &remaining, + &signature, &signature_size); if (!ok) { goto fail; } - ok = psasim_deserialise_size_t(&pos, &remaining, &signature_length); + ok = psasim_deserialise_size_t( + &pos, &remaining, + &signature_length); if (!ok) { goto fail; } @@ -5968,22 +6676,30 @@ int psa_sign_hash_complete_wrapper( goto fail; } - ok = psasim_serialise_psa_status_t(&rpos, &rremain, status); + ok = psasim_serialise_psa_status_t( + &rpos, &rremain, + status); if (!ok) { goto fail; } - ok = psasim_server_serialise_psa_sign_hash_interruptible_operation_t(&rpos, &rremain, operation); + ok = psasim_server_serialise_psa_sign_hash_interruptible_operation_t( + &rpos, &rremain, + operation); if (!ok) { goto fail; } - ok = psasim_serialise_buffer(&rpos, &rremain, signature, signature_size); + ok = psasim_serialise_buffer( + &rpos, &rremain, + signature, signature_size); if (!ok) { goto fail; } - ok = psasim_serialise_size_t(&rpos, &rremain, signature_length); + ok = psasim_serialise_size_t( + &rpos, &rremain, + signature_length); if (!ok) { goto fail; } @@ -6021,7 +6737,9 @@ int psa_sign_hash_get_num_ops_wrapper( goto fail; } - ok = psasim_server_deserialise_psa_sign_hash_interruptible_operation_t(&pos, &remaining, &operation); + ok = psasim_server_deserialise_psa_sign_hash_interruptible_operation_t( + &pos, &remaining, + &operation); if (!ok) { goto fail; } @@ -6050,7 +6768,9 @@ int psa_sign_hash_get_num_ops_wrapper( goto fail; } - ok = psasim_serialise_uint32_t(&rpos, &rremain, value); + ok = psasim_serialise_uint32_t( + &rpos, &rremain, + value); if (!ok) { goto fail; } @@ -6088,22 +6808,30 @@ int psa_sign_hash_start_wrapper( goto fail; } - ok = psasim_server_deserialise_psa_sign_hash_interruptible_operation_t(&pos, &remaining, &operation); + ok = psasim_server_deserialise_psa_sign_hash_interruptible_operation_t( + &pos, &remaining, + &operation); if (!ok) { goto fail; } - ok = psasim_deserialise_mbedtls_svc_key_id_t(&pos, &remaining, &key); + ok = psasim_deserialise_mbedtls_svc_key_id_t( + &pos, &remaining, + &key); if (!ok) { goto fail; } - ok = psasim_deserialise_psa_algorithm_t(&pos, &remaining, &alg); + ok = psasim_deserialise_psa_algorithm_t( + &pos, &remaining, + &alg); if (!ok) { goto fail; } - ok = psasim_deserialise_buffer(&pos, &remaining, &hash, &hash_length); + ok = psasim_deserialise_buffer( + &pos, &remaining, + &hash, &hash_length); if (!ok) { goto fail; } @@ -6136,12 +6864,16 @@ int psa_sign_hash_start_wrapper( goto fail; } - ok = psasim_serialise_psa_status_t(&rpos, &rremain, status); + ok = psasim_serialise_psa_status_t( + &rpos, &rremain, + status); if (!ok) { goto fail; } - ok = psasim_server_serialise_psa_sign_hash_interruptible_operation_t(&rpos, &rremain, operation); + ok = psasim_server_serialise_psa_sign_hash_interruptible_operation_t( + &rpos, &rremain, + operation); if (!ok) { goto fail; } @@ -6185,27 +6917,37 @@ int psa_sign_message_wrapper( goto fail; } - ok = psasim_deserialise_mbedtls_svc_key_id_t(&pos, &remaining, &key); + ok = psasim_deserialise_mbedtls_svc_key_id_t( + &pos, &remaining, + &key); if (!ok) { goto fail; } - ok = psasim_deserialise_psa_algorithm_t(&pos, &remaining, &alg); + ok = psasim_deserialise_psa_algorithm_t( + &pos, &remaining, + &alg); if (!ok) { goto fail; } - ok = psasim_deserialise_buffer(&pos, &remaining, &input, &input_length); + ok = psasim_deserialise_buffer( + &pos, &remaining, + &input, &input_length); if (!ok) { goto fail; } - ok = psasim_deserialise_buffer(&pos, &remaining, &signature, &signature_size); + ok = psasim_deserialise_buffer( + &pos, &remaining, + &signature, &signature_size); if (!ok) { goto fail; } - ok = psasim_deserialise_size_t(&pos, &remaining, &signature_length); + ok = psasim_deserialise_size_t( + &pos, &remaining, + &signature_length); if (!ok) { goto fail; } @@ -6240,17 +6982,23 @@ int psa_sign_message_wrapper( goto fail; } - ok = psasim_serialise_psa_status_t(&rpos, &rremain, status); + ok = psasim_serialise_psa_status_t( + &rpos, &rremain, + status); if (!ok) { goto fail; } - ok = psasim_serialise_buffer(&rpos, &rremain, signature, signature_size); + ok = psasim_serialise_buffer( + &rpos, &rremain, + signature, signature_size); if (!ok) { goto fail; } - ok = psasim_serialise_size_t(&rpos, &rremain, signature_length); + ok = psasim_serialise_size_t( + &rpos, &rremain, + signature_length); if (!ok) { goto fail; } @@ -6295,22 +7043,30 @@ int psa_verify_hash_wrapper( goto fail; } - ok = psasim_deserialise_mbedtls_svc_key_id_t(&pos, &remaining, &key); + ok = psasim_deserialise_mbedtls_svc_key_id_t( + &pos, &remaining, + &key); if (!ok) { goto fail; } - ok = psasim_deserialise_psa_algorithm_t(&pos, &remaining, &alg); + ok = psasim_deserialise_psa_algorithm_t( + &pos, &remaining, + &alg); if (!ok) { goto fail; } - ok = psasim_deserialise_buffer(&pos, &remaining, &hash, &hash_length); + ok = psasim_deserialise_buffer( + &pos, &remaining, + &hash, &hash_length); if (!ok) { goto fail; } - ok = psasim_deserialise_buffer(&pos, &remaining, &signature, &signature_length); + ok = psasim_deserialise_buffer( + &pos, &remaining, + &signature, &signature_length); if (!ok) { goto fail; } @@ -6342,7 +7098,9 @@ int psa_verify_hash_wrapper( goto fail; } - ok = psasim_serialise_psa_status_t(&rpos, &rremain, status); + ok = psasim_serialise_psa_status_t( + &rpos, &rremain, + status); if (!ok) { goto fail; } @@ -6382,7 +7140,9 @@ int psa_verify_hash_abort_wrapper( goto fail; } - ok = psasim_server_deserialise_psa_verify_hash_interruptible_operation_t(&pos, &remaining, &operation); + ok = psasim_server_deserialise_psa_verify_hash_interruptible_operation_t( + &pos, &remaining, + &operation); if (!ok) { goto fail; } @@ -6412,12 +7172,16 @@ int psa_verify_hash_abort_wrapper( goto fail; } - ok = psasim_serialise_psa_status_t(&rpos, &rremain, status); + ok = psasim_serialise_psa_status_t( + &rpos, &rremain, + status); if (!ok) { goto fail; } - ok = psasim_server_serialise_psa_verify_hash_interruptible_operation_t(&rpos, &rremain, operation); + ok = psasim_server_serialise_psa_verify_hash_interruptible_operation_t( + &rpos, &rremain, + operation); if (!ok) { goto fail; } @@ -6451,7 +7215,9 @@ int psa_verify_hash_complete_wrapper( goto fail; } - ok = psasim_server_deserialise_psa_verify_hash_interruptible_operation_t(&pos, &remaining, &operation); + ok = psasim_server_deserialise_psa_verify_hash_interruptible_operation_t( + &pos, &remaining, + &operation); if (!ok) { goto fail; } @@ -6481,12 +7247,16 @@ int psa_verify_hash_complete_wrapper( goto fail; } - ok = psasim_serialise_psa_status_t(&rpos, &rremain, status); + ok = psasim_serialise_psa_status_t( + &rpos, &rremain, + status); if (!ok) { goto fail; } - ok = psasim_server_serialise_psa_verify_hash_interruptible_operation_t(&rpos, &rremain, operation); + ok = psasim_server_serialise_psa_verify_hash_interruptible_operation_t( + &rpos, &rremain, + operation); if (!ok) { goto fail; } @@ -6520,7 +7290,9 @@ int psa_verify_hash_get_num_ops_wrapper( goto fail; } - ok = psasim_server_deserialise_psa_verify_hash_interruptible_operation_t(&pos, &remaining, &operation); + ok = psasim_server_deserialise_psa_verify_hash_interruptible_operation_t( + &pos, &remaining, + &operation); if (!ok) { goto fail; } @@ -6549,7 +7321,9 @@ int psa_verify_hash_get_num_ops_wrapper( goto fail; } - ok = psasim_serialise_uint32_t(&rpos, &rremain, value); + ok = psasim_serialise_uint32_t( + &rpos, &rremain, + value); if (!ok) { goto fail; } @@ -6589,27 +7363,37 @@ int psa_verify_hash_start_wrapper( goto fail; } - ok = psasim_server_deserialise_psa_verify_hash_interruptible_operation_t(&pos, &remaining, &operation); + ok = psasim_server_deserialise_psa_verify_hash_interruptible_operation_t( + &pos, &remaining, + &operation); if (!ok) { goto fail; } - ok = psasim_deserialise_mbedtls_svc_key_id_t(&pos, &remaining, &key); + ok = psasim_deserialise_mbedtls_svc_key_id_t( + &pos, &remaining, + &key); if (!ok) { goto fail; } - ok = psasim_deserialise_psa_algorithm_t(&pos, &remaining, &alg); + ok = psasim_deserialise_psa_algorithm_t( + &pos, &remaining, + &alg); if (!ok) { goto fail; } - ok = psasim_deserialise_buffer(&pos, &remaining, &hash, &hash_length); + ok = psasim_deserialise_buffer( + &pos, &remaining, + &hash, &hash_length); if (!ok) { goto fail; } - ok = psasim_deserialise_buffer(&pos, &remaining, &signature, &signature_length); + ok = psasim_deserialise_buffer( + &pos, &remaining, + &signature, &signature_length); if (!ok) { goto fail; } @@ -6643,12 +7427,16 @@ int psa_verify_hash_start_wrapper( goto fail; } - ok = psasim_serialise_psa_status_t(&rpos, &rremain, status); + ok = psasim_serialise_psa_status_t( + &rpos, &rremain, + status); if (!ok) { goto fail; } - ok = psasim_server_serialise_psa_verify_hash_interruptible_operation_t(&rpos, &rremain, operation); + ok = psasim_server_serialise_psa_verify_hash_interruptible_operation_t( + &rpos, &rremain, + operation); if (!ok) { goto fail; } @@ -6693,22 +7481,30 @@ int psa_verify_message_wrapper( goto fail; } - ok = psasim_deserialise_mbedtls_svc_key_id_t(&pos, &remaining, &key); + ok = psasim_deserialise_mbedtls_svc_key_id_t( + &pos, &remaining, + &key); if (!ok) { goto fail; } - ok = psasim_deserialise_psa_algorithm_t(&pos, &remaining, &alg); + ok = psasim_deserialise_psa_algorithm_t( + &pos, &remaining, + &alg); if (!ok) { goto fail; } - ok = psasim_deserialise_buffer(&pos, &remaining, &input, &input_length); + ok = psasim_deserialise_buffer( + &pos, &remaining, + &input, &input_length); if (!ok) { goto fail; } - ok = psasim_deserialise_buffer(&pos, &remaining, &signature, &signature_length); + ok = psasim_deserialise_buffer( + &pos, &remaining, + &signature, &signature_length); if (!ok) { goto fail; } @@ -6740,7 +7536,9 @@ int psa_verify_message_wrapper( goto fail; } - ok = psasim_serialise_psa_status_t(&rpos, &rremain, status); + ok = psasim_serialise_psa_status_t( + &rpos, &rremain, + status); if (!ok) { goto fail; } diff --git a/tests/psa-client-server/psasim/src/psa_sim_generate.pl b/tests/psa-client-server/psasim/src/psa_sim_generate.pl index a0ee76a801..ac238070c3 100755 --- a/tests/psa-client-server/psasim/src/psa_sim_generate.pl +++ b/tests/psa-client-server/psasim/src/psa_sim_generate.pl @@ -606,7 +606,9 @@ EOF my ($n1, $n2) = split(/,\s*/, $argname); print $fh <{is_output}, @$args); - my $sep1 = ($ret_type eq "void") ? ";" : " +"; + my $sep1 = (($ret_type eq "void") and ($#outputs < 0)) ? ";" : " +"; print $fh <{args}; @@ -803,12 +818,12 @@ EOF $argtype =~ s/^const //; print $fh <[$i]; diff --git a/tests/psa-client-server/psasim/src/psa_sim_serialise.c b/tests/psa-client-server/psasim/src/psa_sim_serialise.c index 84e233955b..e655e078f3 100644 --- a/tests/psa-client-server/psasim/src/psa_sim_serialise.c +++ b/tests/psa-client-server/psasim/src/psa_sim_serialise.c @@ -63,8 +63,10 @@ typedef struct psasim_operation_s { #define MAX_LIVE_HANDLES_PER_CLASS 100 /* this many slots */ -static psa_hash_operation_t hash_operations[MAX_LIVE_HANDLES_PER_CLASS]; -static psasim_client_handle_t hash_operation_handles[MAX_LIVE_HANDLES_PER_CLASS]; +static psa_hash_operation_t hash_operations[ + MAX_LIVE_HANDLES_PER_CLASS]; +static psasim_client_handle_t hash_operation_handles[ + MAX_LIVE_HANDLES_PER_CLASS]; static psasim_client_handle_t next_hash_operation_handle = 1; /* Get a free slot */ @@ -101,8 +103,10 @@ static ssize_t find_hash_slot_by_handle(psasim_client_handle_t handle) return -1; /* not found */ } -static psa_aead_operation_t aead_operations[MAX_LIVE_HANDLES_PER_CLASS]; -static psasim_client_handle_t aead_operation_handles[MAX_LIVE_HANDLES_PER_CLASS]; +static psa_aead_operation_t aead_operations[ + MAX_LIVE_HANDLES_PER_CLASS]; +static psasim_client_handle_t aead_operation_handles[ + MAX_LIVE_HANDLES_PER_CLASS]; static psasim_client_handle_t next_aead_operation_handle = 1; /* Get a free slot */ @@ -139,8 +143,10 @@ static ssize_t find_aead_slot_by_handle(psasim_client_handle_t handle) return -1; /* not found */ } -static psa_mac_operation_t mac_operations[MAX_LIVE_HANDLES_PER_CLASS]; -static psasim_client_handle_t mac_operation_handles[MAX_LIVE_HANDLES_PER_CLASS]; +static psa_mac_operation_t mac_operations[ + MAX_LIVE_HANDLES_PER_CLASS]; +static psasim_client_handle_t mac_operation_handles[ + MAX_LIVE_HANDLES_PER_CLASS]; static psasim_client_handle_t next_mac_operation_handle = 1; /* Get a free slot */ @@ -177,8 +183,10 @@ static ssize_t find_mac_slot_by_handle(psasim_client_handle_t handle) return -1; /* not found */ } -static psa_cipher_operation_t cipher_operations[MAX_LIVE_HANDLES_PER_CLASS]; -static psasim_client_handle_t cipher_operation_handles[MAX_LIVE_HANDLES_PER_CLASS]; +static psa_cipher_operation_t cipher_operations[ + MAX_LIVE_HANDLES_PER_CLASS]; +static psasim_client_handle_t cipher_operation_handles[ + MAX_LIVE_HANDLES_PER_CLASS]; static psasim_client_handle_t next_cipher_operation_handle = 1; /* Get a free slot */ @@ -215,8 +223,10 @@ static ssize_t find_cipher_slot_by_handle(psasim_client_handle_t handle) return -1; /* not found */ } -static psa_key_derivation_operation_t key_derivation_operations[MAX_LIVE_HANDLES_PER_CLASS]; -static psasim_client_handle_t key_derivation_operation_handles[MAX_LIVE_HANDLES_PER_CLASS]; +static psa_key_derivation_operation_t key_derivation_operations[ + MAX_LIVE_HANDLES_PER_CLASS]; +static psasim_client_handle_t key_derivation_operation_handles[ + MAX_LIVE_HANDLES_PER_CLASS]; static psasim_client_handle_t next_key_derivation_operation_handle = 1; /* Get a free slot */ @@ -253,8 +263,10 @@ static ssize_t find_key_derivation_slot_by_handle(psasim_client_handle_t handle) return -1; /* not found */ } -static psa_sign_hash_interruptible_operation_t sign_hash_interruptible_operations[MAX_LIVE_HANDLES_PER_CLASS]; -static psasim_client_handle_t sign_hash_interruptible_operation_handles[MAX_LIVE_HANDLES_PER_CLASS]; +static psa_sign_hash_interruptible_operation_t sign_hash_interruptible_operations[ + MAX_LIVE_HANDLES_PER_CLASS]; +static psasim_client_handle_t sign_hash_interruptible_operation_handles[ + MAX_LIVE_HANDLES_PER_CLASS]; static psasim_client_handle_t next_sign_hash_interruptible_operation_handle = 1; /* Get a free slot */ @@ -291,8 +303,10 @@ static ssize_t find_sign_hash_interruptible_slot_by_handle(psasim_client_handle_ return -1; /* not found */ } -static psa_verify_hash_interruptible_operation_t verify_hash_interruptible_operations[MAX_LIVE_HANDLES_PER_CLASS]; -static psasim_client_handle_t verify_hash_interruptible_operation_handles[MAX_LIVE_HANDLES_PER_CLASS]; +static psa_verify_hash_interruptible_operation_t verify_hash_interruptible_operations[ + MAX_LIVE_HANDLES_PER_CLASS]; +static psasim_client_handle_t verify_hash_interruptible_operation_handles[ + MAX_LIVE_HANDLES_PER_CLASS]; static psasim_client_handle_t next_verify_hash_interruptible_operation_handle = 1; /* Get a free slot */ @@ -403,7 +417,8 @@ int psasim_deserialise_begin(uint8_t **pos, size_t *remaining) return 1; } -size_t psasim_serialise_unsigned_int_needs(unsigned int value) +size_t psasim_serialise_unsigned_int_needs( + unsigned int value) { return sizeof(value); } @@ -438,7 +453,8 @@ int psasim_deserialise_unsigned_int(uint8_t **pos, return 1; } -size_t psasim_serialise_int_needs(int value) +size_t psasim_serialise_int_needs( + int value) { return sizeof(value); } @@ -473,7 +489,8 @@ int psasim_deserialise_int(uint8_t **pos, return 1; } -size_t psasim_serialise_size_t_needs(size_t value) +size_t psasim_serialise_size_t_needs( + size_t value) { return sizeof(value); } @@ -508,7 +525,8 @@ int psasim_deserialise_size_t(uint8_t **pos, return 1; } -size_t psasim_serialise_uint16_t_needs(uint16_t value) +size_t psasim_serialise_uint16_t_needs( + uint16_t value) { return sizeof(value); } @@ -543,7 +561,8 @@ int psasim_deserialise_uint16_t(uint8_t **pos, return 1; } -size_t psasim_serialise_uint32_t_needs(uint32_t value) +size_t psasim_serialise_uint32_t_needs( + uint32_t value) { return sizeof(value); } @@ -578,7 +597,8 @@ int psasim_deserialise_uint32_t(uint8_t **pos, return 1; } -size_t psasim_serialise_uint64_t_needs(uint64_t value) +size_t psasim_serialise_uint64_t_needs( + uint64_t value) { return sizeof(value); } @@ -784,7 +804,7 @@ int psasim_deserialise_psa_key_production_parameters_t(uint8_t **pos, } memcpy(data_length, *pos, sizeof(*data_length)); - if ((size_t)len != (sizeof(data_length) + sizeof(**params) + *data_length)) { + if ((size_t) len != (sizeof(data_length) + sizeof(**params) + *data_length)) { return 0; /* wrong length */ } @@ -809,7 +829,8 @@ int psasim_deserialise_psa_key_production_parameters_t(uint8_t **pos, return 1; } -size_t psasim_serialise_psa_status_t_needs(psa_status_t value) +size_t psasim_serialise_psa_status_t_needs( + psa_status_t value) { return psasim_serialise_int_needs(value); } @@ -828,7 +849,8 @@ int psasim_deserialise_psa_status_t(uint8_t **pos, return psasim_deserialise_int(pos, remaining, value); } -size_t psasim_serialise_psa_algorithm_t_needs(psa_algorithm_t value) +size_t psasim_serialise_psa_algorithm_t_needs( + psa_algorithm_t value) { return psasim_serialise_unsigned_int_needs(value); } @@ -847,7 +869,8 @@ int psasim_deserialise_psa_algorithm_t(uint8_t **pos, return psasim_deserialise_unsigned_int(pos, remaining, value); } -size_t psasim_serialise_psa_key_derivation_step_t_needs(psa_key_derivation_step_t value) +size_t psasim_serialise_psa_key_derivation_step_t_needs( + psa_key_derivation_step_t value) { return psasim_serialise_uint16_t_needs(value); } @@ -866,7 +889,8 @@ int psasim_deserialise_psa_key_derivation_step_t(uint8_t **pos, return psasim_deserialise_uint16_t(pos, remaining, value); } -size_t psasim_serialise_psa_hash_operation_t_needs(psa_hash_operation_t value) +size_t psasim_serialise_psa_hash_operation_t_needs( + psa_hash_operation_t value) { return sizeof(value); } @@ -901,7 +925,8 @@ int psasim_deserialise_psa_hash_operation_t(uint8_t **pos, return 1; } -size_t psasim_server_serialise_psa_hash_operation_t_needs(psa_hash_operation_t *operation) +size_t psasim_server_serialise_psa_hash_operation_t_needs( + psa_hash_operation_t *operation) { (void) operation; @@ -959,7 +984,8 @@ int psasim_server_deserialise_psa_hash_operation_t(uint8_t **pos, return 1; } -size_t psasim_serialise_psa_aead_operation_t_needs(psa_aead_operation_t value) +size_t psasim_serialise_psa_aead_operation_t_needs( + psa_aead_operation_t value) { return sizeof(value); } @@ -994,7 +1020,8 @@ int psasim_deserialise_psa_aead_operation_t(uint8_t **pos, return 1; } -size_t psasim_server_serialise_psa_aead_operation_t_needs(psa_aead_operation_t *operation) +size_t psasim_server_serialise_psa_aead_operation_t_needs( + psa_aead_operation_t *operation) { (void) operation; @@ -1052,7 +1079,8 @@ int psasim_server_deserialise_psa_aead_operation_t(uint8_t **pos, return 1; } -size_t psasim_serialise_psa_key_attributes_t_needs(psa_key_attributes_t value) +size_t psasim_serialise_psa_key_attributes_t_needs( + psa_key_attributes_t value) { return sizeof(value); } @@ -1087,7 +1115,8 @@ int psasim_deserialise_psa_key_attributes_t(uint8_t **pos, return 1; } -size_t psasim_serialise_psa_mac_operation_t_needs(psa_mac_operation_t value) +size_t psasim_serialise_psa_mac_operation_t_needs( + psa_mac_operation_t value) { return sizeof(value); } @@ -1122,7 +1151,8 @@ int psasim_deserialise_psa_mac_operation_t(uint8_t **pos, return 1; } -size_t psasim_server_serialise_psa_mac_operation_t_needs(psa_mac_operation_t *operation) +size_t psasim_server_serialise_psa_mac_operation_t_needs( + psa_mac_operation_t *operation) { (void) operation; @@ -1180,7 +1210,8 @@ int psasim_server_deserialise_psa_mac_operation_t(uint8_t **pos, return 1; } -size_t psasim_serialise_psa_cipher_operation_t_needs(psa_cipher_operation_t value) +size_t psasim_serialise_psa_cipher_operation_t_needs( + psa_cipher_operation_t value) { return sizeof(value); } @@ -1215,7 +1246,8 @@ int psasim_deserialise_psa_cipher_operation_t(uint8_t **pos, return 1; } -size_t psasim_server_serialise_psa_cipher_operation_t_needs(psa_cipher_operation_t *operation) +size_t psasim_server_serialise_psa_cipher_operation_t_needs( + psa_cipher_operation_t *operation) { (void) operation; @@ -1273,7 +1305,8 @@ int psasim_server_deserialise_psa_cipher_operation_t(uint8_t **pos, return 1; } -size_t psasim_serialise_psa_key_derivation_operation_t_needs(psa_key_derivation_operation_t value) +size_t psasim_serialise_psa_key_derivation_operation_t_needs( + psa_key_derivation_operation_t value) { return sizeof(value); } @@ -1308,7 +1341,8 @@ int psasim_deserialise_psa_key_derivation_operation_t(uint8_t **pos, return 1; } -size_t psasim_server_serialise_psa_key_derivation_operation_t_needs(psa_key_derivation_operation_t *operation) +size_t psasim_server_serialise_psa_key_derivation_operation_t_needs( + psa_key_derivation_operation_t *operation) { (void) operation; @@ -1366,7 +1400,8 @@ int psasim_server_deserialise_psa_key_derivation_operation_t(uint8_t **pos, return 1; } -size_t psasim_serialise_psa_sign_hash_interruptible_operation_t_needs(psa_sign_hash_interruptible_operation_t value) +size_t psasim_serialise_psa_sign_hash_interruptible_operation_t_needs( + psa_sign_hash_interruptible_operation_t value) { return sizeof(value); } @@ -1401,7 +1436,8 @@ int psasim_deserialise_psa_sign_hash_interruptible_operation_t(uint8_t **pos, return 1; } -size_t psasim_server_serialise_psa_sign_hash_interruptible_operation_t_needs(psa_sign_hash_interruptible_operation_t *operation) +size_t psasim_server_serialise_psa_sign_hash_interruptible_operation_t_needs( + psa_sign_hash_interruptible_operation_t *operation) { (void) operation; @@ -1459,7 +1495,8 @@ int psasim_server_deserialise_psa_sign_hash_interruptible_operation_t(uint8_t ** return 1; } -size_t psasim_serialise_psa_verify_hash_interruptible_operation_t_needs(psa_verify_hash_interruptible_operation_t value) +size_t psasim_serialise_psa_verify_hash_interruptible_operation_t_needs( + psa_verify_hash_interruptible_operation_t value) { return sizeof(value); } @@ -1494,7 +1531,8 @@ int psasim_deserialise_psa_verify_hash_interruptible_operation_t(uint8_t **pos, return 1; } -size_t psasim_server_serialise_psa_verify_hash_interruptible_operation_t_needs(psa_verify_hash_interruptible_operation_t *operation) +size_t psasim_server_serialise_psa_verify_hash_interruptible_operation_t_needs( + psa_verify_hash_interruptible_operation_t *operation) { (void) operation; @@ -1552,7 +1590,8 @@ int psasim_server_deserialise_psa_verify_hash_interruptible_operation_t(uint8_t return 1; } -size_t psasim_serialise_mbedtls_svc_key_id_t_needs(mbedtls_svc_key_id_t value) +size_t psasim_serialise_mbedtls_svc_key_id_t_needs( + mbedtls_svc_key_id_t value) { return sizeof(value); } @@ -1589,18 +1628,32 @@ int psasim_deserialise_mbedtls_svc_key_id_t(uint8_t **pos, void psa_sim_serialize_reset(void) { - memset(hash_operation_handles, 0, sizeof(hash_operation_handles)); - memset(hash_operations, 0, sizeof(hash_operations)); - memset(aead_operation_handles, 0, sizeof(aead_operation_handles)); - memset(aead_operations, 0, sizeof(aead_operations)); - memset(mac_operation_handles, 0, sizeof(mac_operation_handles)); - memset(mac_operations, 0, sizeof(mac_operations)); - memset(cipher_operation_handles, 0, sizeof(cipher_operation_handles)); - memset(cipher_operations, 0, sizeof(cipher_operations)); - memset(key_derivation_operation_handles, 0, sizeof(key_derivation_operation_handles)); - memset(key_derivation_operations, 0, sizeof(key_derivation_operations)); - memset(sign_hash_interruptible_operation_handles, 0, sizeof(sign_hash_interruptible_operation_handles)); - memset(sign_hash_interruptible_operations, 0, sizeof(sign_hash_interruptible_operations)); - memset(verify_hash_interruptible_operation_handles, 0, sizeof(verify_hash_interruptible_operation_handles)); - memset(verify_hash_interruptible_operations, 0, sizeof(verify_hash_interruptible_operations)); + memset(hash_operation_handles, 0, + sizeof(hash_operation_handles)); + memset(hash_operations, 0, + sizeof(hash_operations)); + memset(aead_operation_handles, 0, + sizeof(aead_operation_handles)); + memset(aead_operations, 0, + sizeof(aead_operations)); + memset(mac_operation_handles, 0, + sizeof(mac_operation_handles)); + memset(mac_operations, 0, + sizeof(mac_operations)); + memset(cipher_operation_handles, 0, + sizeof(cipher_operation_handles)); + memset(cipher_operations, 0, + sizeof(cipher_operations)); + memset(key_derivation_operation_handles, 0, + sizeof(key_derivation_operation_handles)); + memset(key_derivation_operations, 0, + sizeof(key_derivation_operations)); + memset(sign_hash_interruptible_operation_handles, 0, + sizeof(sign_hash_interruptible_operation_handles)); + memset(sign_hash_interruptible_operations, 0, + sizeof(sign_hash_interruptible_operations)); + memset(verify_hash_interruptible_operation_handles, 0, + sizeof(verify_hash_interruptible_operation_handles)); + memset(verify_hash_interruptible_operations, 0, + sizeof(verify_hash_interruptible_operations)); } diff --git a/tests/psa-client-server/psasim/src/psa_sim_serialise.h b/tests/psa-client-server/psasim/src/psa_sim_serialise.h index 4bd7fe954e..f85faad606 100644 --- a/tests/psa-client-server/psasim/src/psa_sim_serialise.h +++ b/tests/psa-client-server/psasim/src/psa_sim_serialise.h @@ -107,7 +107,8 @@ int psasim_deserialise_begin(uint8_t **pos, size_t *remaining); * \c psasim_serialise_unsigned_int() to serialise * the given value. */ -size_t psasim_serialise_unsigned_int_needs(unsigned int value); +size_t psasim_serialise_unsigned_int_needs( + unsigned int value); /** Serialise an `unsigned int` into a buffer. * @@ -149,7 +150,8 @@ int psasim_deserialise_unsigned_int(uint8_t **pos, * \c psasim_serialise_int() to serialise * the given value. */ -size_t psasim_serialise_int_needs(int value); +size_t psasim_serialise_int_needs( + int value); /** Serialise an `int` into a buffer. * @@ -191,7 +193,8 @@ int psasim_deserialise_int(uint8_t **pos, * \c psasim_serialise_size_t() to serialise * the given value. */ -size_t psasim_serialise_size_t_needs(size_t value); +size_t psasim_serialise_size_t_needs( + size_t value); /** Serialise a `size_t` into a buffer. * @@ -233,7 +236,8 @@ int psasim_deserialise_size_t(uint8_t **pos, * \c psasim_serialise_uint16_t() to serialise * the given value. */ -size_t psasim_serialise_uint16_t_needs(uint16_t value); +size_t psasim_serialise_uint16_t_needs( + uint16_t value); /** Serialise an `uint16_t` into a buffer. * @@ -275,7 +279,8 @@ int psasim_deserialise_uint16_t(uint8_t **pos, * \c psasim_serialise_uint32_t() to serialise * the given value. */ -size_t psasim_serialise_uint32_t_needs(uint32_t value); +size_t psasim_serialise_uint32_t_needs( + uint32_t value); /** Serialise an `uint32_t` into a buffer. * @@ -317,7 +322,8 @@ int psasim_deserialise_uint32_t(uint8_t **pos, * \c psasim_serialise_uint64_t() to serialise * the given value. */ -size_t psasim_serialise_uint64_t_needs(uint64_t value); +size_t psasim_serialise_uint64_t_needs( + uint64_t value); /** Serialise an `uint64_t` into a buffer. * @@ -476,7 +482,8 @@ int psasim_deserialise_psa_key_production_parameters_t(uint8_t **pos, size_t *re * \c psasim_serialise_psa_status_t() to serialise * the given value. */ -size_t psasim_serialise_psa_status_t_needs(psa_status_t value); +size_t psasim_serialise_psa_status_t_needs( + psa_status_t value); /** Serialise a `psa_status_t` into a buffer. * @@ -518,7 +525,8 @@ int psasim_deserialise_psa_status_t(uint8_t **pos, * \c psasim_serialise_psa_algorithm_t() to serialise * the given value. */ -size_t psasim_serialise_psa_algorithm_t_needs(psa_algorithm_t value); +size_t psasim_serialise_psa_algorithm_t_needs( + psa_algorithm_t value); /** Serialise a `psa_algorithm_t` into a buffer. * @@ -560,7 +568,8 @@ int psasim_deserialise_psa_algorithm_t(uint8_t **pos, * \c psasim_serialise_psa_key_derivation_step_t() to serialise * the given value. */ -size_t psasim_serialise_psa_key_derivation_step_t_needs(psa_key_derivation_step_t value); +size_t psasim_serialise_psa_key_derivation_step_t_needs( + psa_key_derivation_step_t value); /** Serialise a `psa_key_derivation_step_t` into a buffer. * @@ -602,7 +611,8 @@ int psasim_deserialise_psa_key_derivation_step_t(uint8_t **pos, * \c psasim_serialise_psa_hash_operation_t() to serialise * the given value. */ -size_t psasim_serialise_psa_hash_operation_t_needs(psa_hash_operation_t value); +size_t psasim_serialise_psa_hash_operation_t_needs( + psa_hash_operation_t value); /** Serialise a `psa_hash_operation_t` into a buffer. * @@ -644,7 +654,8 @@ int psasim_deserialise_psa_hash_operation_t(uint8_t **pos, * \c psasim_serialise_psa_hash_operation_t() to serialise * the given value. */ -size_t psasim_server_serialise_psa_hash_operation_t_needs(psa_hash_operation_t *value); +size_t psasim_server_serialise_psa_hash_operation_t_needs( + psa_hash_operation_t *value); /** Serialise a `psa_hash_operation_t` into a buffer on the server side. * @@ -686,7 +697,8 @@ int psasim_server_deserialise_psa_hash_operation_t(uint8_t **pos, * \c psasim_serialise_psa_aead_operation_t() to serialise * the given value. */ -size_t psasim_serialise_psa_aead_operation_t_needs(psa_aead_operation_t value); +size_t psasim_serialise_psa_aead_operation_t_needs( + psa_aead_operation_t value); /** Serialise a `psa_aead_operation_t` into a buffer. * @@ -728,7 +740,8 @@ int psasim_deserialise_psa_aead_operation_t(uint8_t **pos, * \c psasim_serialise_psa_aead_operation_t() to serialise * the given value. */ -size_t psasim_server_serialise_psa_aead_operation_t_needs(psa_aead_operation_t *value); +size_t psasim_server_serialise_psa_aead_operation_t_needs( + psa_aead_operation_t *value); /** Serialise a `psa_aead_operation_t` into a buffer on the server side. * @@ -770,7 +783,8 @@ int psasim_server_deserialise_psa_aead_operation_t(uint8_t **pos, * \c psasim_serialise_psa_key_attributes_t() to serialise * the given value. */ -size_t psasim_serialise_psa_key_attributes_t_needs(psa_key_attributes_t value); +size_t psasim_serialise_psa_key_attributes_t_needs( + psa_key_attributes_t value); /** Serialise a `psa_key_attributes_t` into a buffer. * @@ -812,7 +826,8 @@ int psasim_deserialise_psa_key_attributes_t(uint8_t **pos, * \c psasim_serialise_psa_mac_operation_t() to serialise * the given value. */ -size_t psasim_serialise_psa_mac_operation_t_needs(psa_mac_operation_t value); +size_t psasim_serialise_psa_mac_operation_t_needs( + psa_mac_operation_t value); /** Serialise a `psa_mac_operation_t` into a buffer. * @@ -854,7 +869,8 @@ int psasim_deserialise_psa_mac_operation_t(uint8_t **pos, * \c psasim_serialise_psa_mac_operation_t() to serialise * the given value. */ -size_t psasim_server_serialise_psa_mac_operation_t_needs(psa_mac_operation_t *value); +size_t psasim_server_serialise_psa_mac_operation_t_needs( + psa_mac_operation_t *value); /** Serialise a `psa_mac_operation_t` into a buffer on the server side. * @@ -896,7 +912,8 @@ int psasim_server_deserialise_psa_mac_operation_t(uint8_t **pos, * \c psasim_serialise_psa_cipher_operation_t() to serialise * the given value. */ -size_t psasim_serialise_psa_cipher_operation_t_needs(psa_cipher_operation_t value); +size_t psasim_serialise_psa_cipher_operation_t_needs( + psa_cipher_operation_t value); /** Serialise a `psa_cipher_operation_t` into a buffer. * @@ -938,7 +955,8 @@ int psasim_deserialise_psa_cipher_operation_t(uint8_t **pos, * \c psasim_serialise_psa_cipher_operation_t() to serialise * the given value. */ -size_t psasim_server_serialise_psa_cipher_operation_t_needs(psa_cipher_operation_t *value); +size_t psasim_server_serialise_psa_cipher_operation_t_needs( + psa_cipher_operation_t *value); /** Serialise a `psa_cipher_operation_t` into a buffer on the server side. * @@ -980,7 +998,8 @@ int psasim_server_deserialise_psa_cipher_operation_t(uint8_t **pos, * \c psasim_serialise_psa_key_derivation_operation_t() to serialise * the given value. */ -size_t psasim_serialise_psa_key_derivation_operation_t_needs(psa_key_derivation_operation_t value); +size_t psasim_serialise_psa_key_derivation_operation_t_needs( + psa_key_derivation_operation_t value); /** Serialise a `psa_key_derivation_operation_t` into a buffer. * @@ -1022,7 +1041,8 @@ int psasim_deserialise_psa_key_derivation_operation_t(uint8_t **pos, * \c psasim_serialise_psa_key_derivation_operation_t() to serialise * the given value. */ -size_t psasim_server_serialise_psa_key_derivation_operation_t_needs(psa_key_derivation_operation_t *value); +size_t psasim_server_serialise_psa_key_derivation_operation_t_needs( + psa_key_derivation_operation_t *value); /** Serialise a `psa_key_derivation_operation_t` into a buffer on the server side. * @@ -1064,7 +1084,8 @@ int psasim_server_deserialise_psa_key_derivation_operation_t(uint8_t **pos, * \c psasim_serialise_psa_sign_hash_interruptible_operation_t() to serialise * the given value. */ -size_t psasim_serialise_psa_sign_hash_interruptible_operation_t_needs(psa_sign_hash_interruptible_operation_t value); +size_t psasim_serialise_psa_sign_hash_interruptible_operation_t_needs( + psa_sign_hash_interruptible_operation_t value); /** Serialise a `psa_sign_hash_interruptible_operation_t` into a buffer. * @@ -1106,7 +1127,8 @@ int psasim_deserialise_psa_sign_hash_interruptible_operation_t(uint8_t **pos, * \c psasim_serialise_psa_sign_hash_interruptible_operation_t() to serialise * the given value. */ -size_t psasim_server_serialise_psa_sign_hash_interruptible_operation_t_needs(psa_sign_hash_interruptible_operation_t *value); +size_t psasim_server_serialise_psa_sign_hash_interruptible_operation_t_needs( + psa_sign_hash_interruptible_operation_t *value); /** Serialise a `psa_sign_hash_interruptible_operation_t` into a buffer on the server side. * @@ -1148,7 +1170,8 @@ int psasim_server_deserialise_psa_sign_hash_interruptible_operation_t(uint8_t ** * \c psasim_serialise_psa_verify_hash_interruptible_operation_t() to serialise * the given value. */ -size_t psasim_serialise_psa_verify_hash_interruptible_operation_t_needs(psa_verify_hash_interruptible_operation_t value); +size_t psasim_serialise_psa_verify_hash_interruptible_operation_t_needs( + psa_verify_hash_interruptible_operation_t value); /** Serialise a `psa_verify_hash_interruptible_operation_t` into a buffer. * @@ -1190,7 +1213,8 @@ int psasim_deserialise_psa_verify_hash_interruptible_operation_t(uint8_t **pos, * \c psasim_serialise_psa_verify_hash_interruptible_operation_t() to serialise * the given value. */ -size_t psasim_server_serialise_psa_verify_hash_interruptible_operation_t_needs(psa_verify_hash_interruptible_operation_t *value); +size_t psasim_server_serialise_psa_verify_hash_interruptible_operation_t_needs( + psa_verify_hash_interruptible_operation_t *value); /** Serialise a `psa_verify_hash_interruptible_operation_t` into a buffer on the server side. * @@ -1232,7 +1256,8 @@ int psasim_server_deserialise_psa_verify_hash_interruptible_operation_t(uint8_t * \c psasim_serialise_mbedtls_svc_key_id_t() to serialise * the given value. */ -size_t psasim_serialise_mbedtls_svc_key_id_t_needs(mbedtls_svc_key_id_t value); +size_t psasim_serialise_mbedtls_svc_key_id_t_needs( + mbedtls_svc_key_id_t value); /** Serialise a `mbedtls_svc_key_id_t` into a buffer. * diff --git a/tests/psa-client-server/psasim/src/psa_sim_serialise.pl b/tests/psa-client-server/psasim/src/psa_sim_serialise.pl index ed5dd9a25b..81808caffc 100755 --- a/tests/psa-client-server/psasim/src/psa_sim_serialise.pl +++ b/tests/psa-client-server/psasim/src/psa_sim_serialise.pl @@ -145,7 +145,8 @@ sub declare_needs * \\c psasim_serialise_$type_d() to serialise * the given value. */ -size_t psasim_${server}serialise_${type_d}_needs($type ${ptr}value); +size_t psasim_${server}serialise_${type_d}_needs( + $type ${ptr}value); EOF } @@ -451,7 +452,8 @@ sub define_needs return < Date: Tue, 25 Jun 2024 15:19:40 +0100 Subject: [PATCH 394/429] Improve ChangeLog wording Signed-off-by: Thomas Daubney --- ChangeLog.d/remove-via-padlock-support.txt | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/ChangeLog.d/remove-via-padlock-support.txt b/ChangeLog.d/remove-via-padlock-support.txt index 723982af4b..bc07135135 100644 --- a/ChangeLog.d/remove-via-padlock-support.txt +++ b/ChangeLog.d/remove-via-padlock-support.txt @@ -1,4 +1,5 @@ Removals * Drop support for VIA Padlock. Removes MBEDTLS_PADLOCK_C. - Note that it is still possible to use VIA Padlock through a - PSA accelerator driver that is not part of Mbed TLS. Fixes #5903. + Note that this does not prevent users from using VIA Padlock + through a suitable PSA driver (not provided by Mbed TLS). + Fixes #5903. From 4e5d183d784a7f4031abd3ecdf6b053372aed3cd Mon Sep 17 00:00:00 2001 From: Thomas Daubney Date: Tue, 25 Jun 2024 15:21:48 +0100 Subject: [PATCH 395/429] Correct pluralisation errors in comments Signed-off-by: Thomas Daubney --- include/mbedtls/aes.h | 2 +- library/aes.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/include/mbedtls/aes.h b/include/mbedtls/aes.h index 12b3506334..a07c8a5f98 100644 --- a/include/mbedtls/aes.h +++ b/include/mbedtls/aes.h @@ -35,7 +35,7 @@ #include #include -/* aesni.c rely on these values! */ +/* aesni.c relies on these values! */ #define MBEDTLS_AES_ENCRYPT 1 /**< AES encryption. */ #define MBEDTLS_AES_DECRYPT 0 /**< AES decryption. */ diff --git a/library/aes.c b/library/aes.c index f615267a36..ae883b247d 100644 --- a/library/aes.c +++ b/library/aes.c @@ -972,7 +972,7 @@ int mbedtls_internal_aes_decrypt(mbedtls_aes_context *ctx, #endif /* !MBEDTLS_AES_DECRYPT_ALT && !MBEDTLS_BLOCK_CIPHER_NO_DECRYPT */ /* - * Our intrinsics-based implementation of AESNI require the round keys to be + * Our intrinsics-based implementation of AESNI requires the round keys to be * aligned on a 16-byte boundary. We take care of this before creating them, * but the AES context may have moved (this can happen if the library is * called from a language with managed memory), and in later calls it might From f57a352a9d4eeda41365ad09269291ea198a9e4c Mon Sep 17 00:00:00 2001 From: Thomas Daubney Date: Tue, 25 Jun 2024 15:23:57 +0100 Subject: [PATCH 396/429] Remove superfluous brackets Signed-off-by: Thomas Daubney --- library/aes.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/aes.c b/library/aes.c index ae883b247d..72e2c57450 100644 --- a/library/aes.c +++ b/library/aes.c @@ -508,7 +508,7 @@ void mbedtls_aes_xts_free(mbedtls_aes_xts_context *ctx) * Note that the offset is in units of elements of buf, i.e. 32-bit words, * i.e. an offset of 1 means 4 bytes and so on. */ -#if (defined(MBEDTLS_AESNI_C) && MBEDTLS_AESNI_HAVE_CODE == 2) +#if defined(MBEDTLS_AESNI_C) && MBEDTLS_AESNI_HAVE_CODE == 2 #define MAY_NEED_TO_ALIGN #endif From e92adafd2d1213f0062adad6c80933e165b0b312 Mon Sep 17 00:00:00 2001 From: Thomas Daubney Date: Tue, 25 Jun 2024 16:48:04 +0100 Subject: [PATCH 397/429] Remove mention of driver from ChangeLog Signed-off-by: Thomas Daubney --- ChangeLog.d/remove-via-padlock-support.txt | 2 -- 1 file changed, 2 deletions(-) diff --git a/ChangeLog.d/remove-via-padlock-support.txt b/ChangeLog.d/remove-via-padlock-support.txt index bc07135135..a3f4b96573 100644 --- a/ChangeLog.d/remove-via-padlock-support.txt +++ b/ChangeLog.d/remove-via-padlock-support.txt @@ -1,5 +1,3 @@ Removals * Drop support for VIA Padlock. Removes MBEDTLS_PADLOCK_C. - Note that this does not prevent users from using VIA Padlock - through a suitable PSA driver (not provided by Mbed TLS). Fixes #5903. From 7b6ddfcd25d95a1c6a452158db9205a6372b4426 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 26 Jun 2024 13:16:33 +0200 Subject: [PATCH 398/429] psa_cipher_decrypt CCM*: fix rejection of messages shorter than 3 bytes Credit to Cryptofuzz. Fixes #9314. Signed-off-by: Gilles Peskine --- ...decrypt-ccm_star-iv_length_enforcement.txt | 3 +++ library/psa_crypto.c | 6 +---- tests/suites/test_suite_psa_crypto.data | 22 ++++++++++++++++--- 3 files changed, 23 insertions(+), 8 deletions(-) create mode 100644 ChangeLog.d/psa_cipher_decrypt-ccm_star-iv_length_enforcement.txt diff --git a/ChangeLog.d/psa_cipher_decrypt-ccm_star-iv_length_enforcement.txt b/ChangeLog.d/psa_cipher_decrypt-ccm_star-iv_length_enforcement.txt new file mode 100644 index 0000000000..39e03b93ba --- /dev/null +++ b/ChangeLog.d/psa_cipher_decrypt-ccm_star-iv_length_enforcement.txt @@ -0,0 +1,3 @@ +Bugfix + * Fix psa_cipher_decrypt() with CCM* rejecting messages less than 3 bytes + long. Credit to Cryptofuzz. Fixes #9314. diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 02554d1d4b..8100afc471 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -4631,11 +4631,7 @@ psa_status_t psa_cipher_decrypt(mbedtls_svc_key_id_t key, goto exit; } - if (alg == PSA_ALG_CCM_STAR_NO_TAG && - input_length < PSA_BLOCK_CIPHER_BLOCK_LENGTH(slot->attr.type)) { - status = PSA_ERROR_INVALID_ARGUMENT; - goto exit; - } else if (input_length < PSA_CIPHER_IV_LENGTH(slot->attr.type, alg)) { + if (input_length < PSA_CIPHER_IV_LENGTH(slot->attr.type, alg)) { status = PSA_ERROR_INVALID_ARGUMENT; goto exit; } diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data index 4f29a7aaed..32c7274444 100644 --- a/tests/suites/test_suite_psa_crypto.data +++ b/tests/suites/test_suite_psa_crypto.data @@ -2412,9 +2412,9 @@ PSA symmetric decrypt: AES-CBC-nopad, input too short (5 bytes) depends_on:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_KEY_TYPE_AES cipher_decrypt_fail:PSA_ALG_CBC_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee223":PSA_ERROR_INVALID_ARGUMENT -PSA symmetric decrypt: CCM*-no-tag, input too short (15 bytes) +PSA symmetric decrypt: CCM*-no-tag, input too short (12 bytes) depends_on:PSA_WANT_ALG_CCM_STAR_NO_TAG:PSA_WANT_KEY_TYPE_AES -cipher_decrypt_fail:PSA_ALG_CCM_STAR_NO_TAG:PSA_KEY_TYPE_AES:"19ebfde2d5468ba0a3031bde629b11fd":"5a8aa485c316e9":"2a2a2a2a2a2a2a2a":PSA_ERROR_INVALID_ARGUMENT +cipher_decrypt_fail:PSA_ALG_CCM_STAR_NO_TAG:PSA_KEY_TYPE_AES:"19ebfde2d5468ba0a3031bde629b11fd":"0102030405060708090a0b0c":"":PSA_ERROR_INVALID_ARGUMENT PSA symmetric decrypt: AES-ECB, 0 bytes, good depends_on:PSA_WANT_ALG_ECB_NO_PADDING:PSA_WANT_KEY_TYPE_AES:!MBEDTLS_BLOCK_CIPHER_NO_DECRYPT @@ -2464,10 +2464,26 @@ PSA symmetric decrypt: 3-key 3DES-ECB, 8 bytes, good depends_on:PSA_WANT_ALG_ECB_NO_PADDING:PSA_WANT_KEY_TYPE_DES cipher_decrypt:PSA_ALG_ECB_NO_PADDING:PSA_KEY_TYPE_DES:"01020407080b0d0ec1c2c4c7c8cbcdce31323437383b3d3e":"":"817ca7d69b80d86a":"c78e2b38139610e3" -PSA symmetric decrypt: CCM*-no-tag, NIST DVPT AES-128 #15 +PSA symmetric decrypt: CCM*-no-tag, NIST DVPT AES-128 #15, 24 bytes depends_on:PSA_WANT_ALG_CCM_STAR_NO_TAG:PSA_WANT_KEY_TYPE_AES cipher_decrypt:PSA_ALG_CCM_STAR_NO_TAG:PSA_KEY_TYPE_AES:"90929a4b0ac65b350ad1591611fe4829":"5a8aa485c316e9403aff859fbb":"4bfe4e35784f0a65b545477e5e2f4bae0e1e6fa717eaf2cb":"a16a2e741f1cd9717285b6d882c1fc53655e9773761ad697" +PSA symmetric decrypt: CCM*-no-tag, NIST DVPT AES-128 #15, 23 bytes +depends_on:PSA_WANT_ALG_CCM_STAR_NO_TAG:PSA_WANT_KEY_TYPE_AES +cipher_decrypt:PSA_ALG_CCM_STAR_NO_TAG:PSA_KEY_TYPE_AES:"90929a4b0ac65b350ad1591611fe4829":"5a8aa485c316e9403aff859fbb":"4bfe4e35784f0a65b545477e5e2f4bae0e1e6fa717eaf2":"a16a2e741f1cd9717285b6d882c1fc53655e9773761ad6" + +PSA symmetric decrypt: CCM*-no-tag, NIST DVPT AES-128 #15, 3 bytes +depends_on:PSA_WANT_ALG_CCM_STAR_NO_TAG:PSA_WANT_KEY_TYPE_AES +cipher_decrypt:PSA_ALG_CCM_STAR_NO_TAG:PSA_KEY_TYPE_AES:"90929a4b0ac65b350ad1591611fe4829":"5a8aa485c316e9403aff859fbb":"4bfe4e":"a16a2e" + +PSA symmetric decrypt: CCM*-no-tag, NIST DVPT AES-128 #15, 2 bytes +depends_on:PSA_WANT_ALG_CCM_STAR_NO_TAG:PSA_WANT_KEY_TYPE_AES +cipher_decrypt:PSA_ALG_CCM_STAR_NO_TAG:PSA_KEY_TYPE_AES:"90929a4b0ac65b350ad1591611fe4829":"5a8aa485c316e9403aff859fbb":"4bfe":"a16a" + +PSA symmetric decrypt: CCM*-no-tag, NIST DVPT AES-128 #15, 0 bytes +depends_on:PSA_WANT_ALG_CCM_STAR_NO_TAG:PSA_WANT_KEY_TYPE_AES +cipher_decrypt:PSA_ALG_CCM_STAR_NO_TAG:PSA_KEY_TYPE_AES:"90929a4b0ac65b350ad1591611fe4829":"5a8aa485c316e9403aff859fbb":"":"" + PSA symmetric decrypt: ChaCha20, RFC7539 keystream depends_on:PSA_WANT_ALG_STREAM_CIPHER:PSA_WANT_KEY_TYPE_CHACHA20 # Keystream from RFC 7539 §2.4.2, with an extra 64-byte output block prepended From 550a18d4d6b29e62b6824201d8a49b8224e61c97 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Thu, 13 Jun 2024 17:58:27 +0200 Subject: [PATCH 399/429] Move Mbed TLS crypto headers Move all the header files (roughly the crypto and platform ones) necessary to build the crypto library to tf-psa-crypto/drivers/builtin/include/mbedtls. Exceptions: . some configuration related files that will not be necessary anymore when the work on the configuration file(s) is completed. . build_info.h as TF-PSA-Crypto will have its own when we had its CMake build system. For the time being all headers are kept public but eventually all headers in tf-psa-crypto/drivers/builtin/include/mbedtls will be private and the ones that remain public (e.g. lms.h, pk.h probably ...) will be moved to tf-psa-crypto/include/tf-psa-crypto/. Signed-off-by: Ronald Cron --- {include => tf-psa-crypto/drivers/builtin/include}/mbedtls/aes.h | 0 {include => tf-psa-crypto/drivers/builtin/include}/mbedtls/aria.h | 0 {include => tf-psa-crypto/drivers/builtin/include}/mbedtls/asn1.h | 0 .../drivers/builtin/include}/mbedtls/asn1write.h | 0 .../drivers/builtin/include}/mbedtls/base64.h | 0 .../drivers/builtin/include}/mbedtls/bignum.h | 0 .../drivers/builtin/include}/mbedtls/block_cipher.h | 0 .../drivers/builtin/include}/mbedtls/camellia.h | 0 {include => tf-psa-crypto/drivers/builtin/include}/mbedtls/ccm.h | 0 .../drivers/builtin/include}/mbedtls/chacha20.h | 0 .../drivers/builtin/include}/mbedtls/chachapoly.h | 0 .../drivers/builtin/include}/mbedtls/cipher.h | 0 {include => tf-psa-crypto/drivers/builtin/include}/mbedtls/cmac.h | 0 .../builtin/include}/mbedtls/config_adjust_legacy_from_psa.h | 0 .../builtin/include}/mbedtls/config_adjust_psa_superset_legacy.h | 0 .../drivers/builtin/include}/mbedtls/config_psa.h | 0 .../drivers/builtin/include}/mbedtls/constant_time.h | 0 .../drivers/builtin/include}/mbedtls/ctr_drbg.h | 0 {include => tf-psa-crypto/drivers/builtin/include}/mbedtls/des.h | 0 {include => tf-psa-crypto/drivers/builtin/include}/mbedtls/dhm.h | 0 {include => tf-psa-crypto/drivers/builtin/include}/mbedtls/ecdh.h | 0 .../drivers/builtin/include}/mbedtls/ecdsa.h | 0 .../drivers/builtin/include}/mbedtls/ecjpake.h | 0 {include => tf-psa-crypto/drivers/builtin/include}/mbedtls/ecp.h | 0 .../drivers/builtin/include}/mbedtls/entropy.h | 0 .../drivers/builtin/include}/mbedtls/error.h | 0 {include => tf-psa-crypto/drivers/builtin/include}/mbedtls/gcm.h | 0 .../drivers/builtin/include}/mbedtls/hmac_drbg.h | 0 {include => tf-psa-crypto/drivers/builtin/include}/mbedtls/lms.h | 0 {include => tf-psa-crypto/drivers/builtin/include}/mbedtls/md.h | 0 {include => tf-psa-crypto/drivers/builtin/include}/mbedtls/md5.h | 0 .../drivers/builtin/include}/mbedtls/memory_buffer_alloc.h | 0 .../drivers/builtin/include}/mbedtls/nist_kw.h | 0 {include => tf-psa-crypto/drivers/builtin/include}/mbedtls/oid.h | 0 {include => tf-psa-crypto/drivers/builtin/include}/mbedtls/pem.h | 0 {include => tf-psa-crypto/drivers/builtin/include}/mbedtls/pk.h | 0 .../drivers/builtin/include}/mbedtls/pkcs12.h | 0 .../drivers/builtin/include}/mbedtls/pkcs5.h | 0 .../drivers/builtin/include}/mbedtls/platform.h | 0 .../drivers/builtin/include}/mbedtls/platform_time.h | 0 .../drivers/builtin/include}/mbedtls/platform_util.h | 0 .../drivers/builtin/include}/mbedtls/poly1305.h | 0 .../drivers/builtin/include}/mbedtls/private_access.h | 0 .../drivers/builtin/include}/mbedtls/psa_util.h | 0 .../drivers/builtin/include}/mbedtls/ripemd160.h | 0 {include => tf-psa-crypto/drivers/builtin/include}/mbedtls/rsa.h | 0 {include => tf-psa-crypto/drivers/builtin/include}/mbedtls/sha1.h | 0 .../drivers/builtin/include}/mbedtls/sha256.h | 0 {include => tf-psa-crypto/drivers/builtin/include}/mbedtls/sha3.h | 0 .../drivers/builtin/include}/mbedtls/sha512.h | 0 .../drivers/builtin/include}/mbedtls/threading.h | 0 .../drivers/builtin/include}/mbedtls/timing.h | 0 .../drivers/builtin/include}/mbedtls/version.h | 0 53 files changed, 0 insertions(+), 0 deletions(-) rename {include => tf-psa-crypto/drivers/builtin/include}/mbedtls/aes.h (100%) rename {include => tf-psa-crypto/drivers/builtin/include}/mbedtls/aria.h (100%) rename {include => tf-psa-crypto/drivers/builtin/include}/mbedtls/asn1.h (100%) rename {include => tf-psa-crypto/drivers/builtin/include}/mbedtls/asn1write.h (100%) rename {include => tf-psa-crypto/drivers/builtin/include}/mbedtls/base64.h (100%) rename {include => tf-psa-crypto/drivers/builtin/include}/mbedtls/bignum.h (100%) rename {include => tf-psa-crypto/drivers/builtin/include}/mbedtls/block_cipher.h (100%) rename {include => tf-psa-crypto/drivers/builtin/include}/mbedtls/camellia.h (100%) rename {include => tf-psa-crypto/drivers/builtin/include}/mbedtls/ccm.h (100%) rename {include => tf-psa-crypto/drivers/builtin/include}/mbedtls/chacha20.h (100%) rename {include => tf-psa-crypto/drivers/builtin/include}/mbedtls/chachapoly.h (100%) rename {include => tf-psa-crypto/drivers/builtin/include}/mbedtls/cipher.h (100%) rename {include => tf-psa-crypto/drivers/builtin/include}/mbedtls/cmac.h (100%) rename {include => tf-psa-crypto/drivers/builtin/include}/mbedtls/config_adjust_legacy_from_psa.h (100%) rename {include => tf-psa-crypto/drivers/builtin/include}/mbedtls/config_adjust_psa_superset_legacy.h (100%) rename {include => tf-psa-crypto/drivers/builtin/include}/mbedtls/config_psa.h (100%) rename {include => tf-psa-crypto/drivers/builtin/include}/mbedtls/constant_time.h (100%) rename {include => tf-psa-crypto/drivers/builtin/include}/mbedtls/ctr_drbg.h (100%) rename {include => tf-psa-crypto/drivers/builtin/include}/mbedtls/des.h (100%) rename {include => tf-psa-crypto/drivers/builtin/include}/mbedtls/dhm.h (100%) rename {include => tf-psa-crypto/drivers/builtin/include}/mbedtls/ecdh.h (100%) rename {include => tf-psa-crypto/drivers/builtin/include}/mbedtls/ecdsa.h (100%) rename {include => tf-psa-crypto/drivers/builtin/include}/mbedtls/ecjpake.h (100%) rename {include => tf-psa-crypto/drivers/builtin/include}/mbedtls/ecp.h (100%) rename {include => tf-psa-crypto/drivers/builtin/include}/mbedtls/entropy.h (100%) rename {include => tf-psa-crypto/drivers/builtin/include}/mbedtls/error.h (100%) rename {include => tf-psa-crypto/drivers/builtin/include}/mbedtls/gcm.h (100%) rename {include => tf-psa-crypto/drivers/builtin/include}/mbedtls/hmac_drbg.h (100%) rename {include => tf-psa-crypto/drivers/builtin/include}/mbedtls/lms.h (100%) rename {include => tf-psa-crypto/drivers/builtin/include}/mbedtls/md.h (100%) rename {include => tf-psa-crypto/drivers/builtin/include}/mbedtls/md5.h (100%) rename {include => tf-psa-crypto/drivers/builtin/include}/mbedtls/memory_buffer_alloc.h (100%) rename {include => tf-psa-crypto/drivers/builtin/include}/mbedtls/nist_kw.h (100%) rename {include => tf-psa-crypto/drivers/builtin/include}/mbedtls/oid.h (100%) rename {include => tf-psa-crypto/drivers/builtin/include}/mbedtls/pem.h (100%) rename {include => tf-psa-crypto/drivers/builtin/include}/mbedtls/pk.h (100%) rename {include => tf-psa-crypto/drivers/builtin/include}/mbedtls/pkcs12.h (100%) rename {include => tf-psa-crypto/drivers/builtin/include}/mbedtls/pkcs5.h (100%) rename {include => tf-psa-crypto/drivers/builtin/include}/mbedtls/platform.h (100%) rename {include => tf-psa-crypto/drivers/builtin/include}/mbedtls/platform_time.h (100%) rename {include => tf-psa-crypto/drivers/builtin/include}/mbedtls/platform_util.h (100%) rename {include => tf-psa-crypto/drivers/builtin/include}/mbedtls/poly1305.h (100%) rename {include => tf-psa-crypto/drivers/builtin/include}/mbedtls/private_access.h (100%) rename {include => tf-psa-crypto/drivers/builtin/include}/mbedtls/psa_util.h (100%) rename {include => tf-psa-crypto/drivers/builtin/include}/mbedtls/ripemd160.h (100%) rename {include => tf-psa-crypto/drivers/builtin/include}/mbedtls/rsa.h (100%) rename {include => tf-psa-crypto/drivers/builtin/include}/mbedtls/sha1.h (100%) rename {include => tf-psa-crypto/drivers/builtin/include}/mbedtls/sha256.h (100%) rename {include => tf-psa-crypto/drivers/builtin/include}/mbedtls/sha3.h (100%) rename {include => tf-psa-crypto/drivers/builtin/include}/mbedtls/sha512.h (100%) rename {include => tf-psa-crypto/drivers/builtin/include}/mbedtls/threading.h (100%) rename {include => tf-psa-crypto/drivers/builtin/include}/mbedtls/timing.h (100%) rename {include => tf-psa-crypto/drivers/builtin/include}/mbedtls/version.h (100%) diff --git a/include/mbedtls/aes.h b/tf-psa-crypto/drivers/builtin/include/mbedtls/aes.h similarity index 100% rename from include/mbedtls/aes.h rename to tf-psa-crypto/drivers/builtin/include/mbedtls/aes.h diff --git a/include/mbedtls/aria.h b/tf-psa-crypto/drivers/builtin/include/mbedtls/aria.h similarity index 100% rename from include/mbedtls/aria.h rename to tf-psa-crypto/drivers/builtin/include/mbedtls/aria.h diff --git a/include/mbedtls/asn1.h b/tf-psa-crypto/drivers/builtin/include/mbedtls/asn1.h similarity index 100% rename from include/mbedtls/asn1.h rename to tf-psa-crypto/drivers/builtin/include/mbedtls/asn1.h diff --git a/include/mbedtls/asn1write.h b/tf-psa-crypto/drivers/builtin/include/mbedtls/asn1write.h similarity index 100% rename from include/mbedtls/asn1write.h rename to tf-psa-crypto/drivers/builtin/include/mbedtls/asn1write.h diff --git a/include/mbedtls/base64.h b/tf-psa-crypto/drivers/builtin/include/mbedtls/base64.h similarity index 100% rename from include/mbedtls/base64.h rename to tf-psa-crypto/drivers/builtin/include/mbedtls/base64.h diff --git a/include/mbedtls/bignum.h b/tf-psa-crypto/drivers/builtin/include/mbedtls/bignum.h similarity index 100% rename from include/mbedtls/bignum.h rename to tf-psa-crypto/drivers/builtin/include/mbedtls/bignum.h diff --git a/include/mbedtls/block_cipher.h b/tf-psa-crypto/drivers/builtin/include/mbedtls/block_cipher.h similarity index 100% rename from include/mbedtls/block_cipher.h rename to tf-psa-crypto/drivers/builtin/include/mbedtls/block_cipher.h diff --git a/include/mbedtls/camellia.h b/tf-psa-crypto/drivers/builtin/include/mbedtls/camellia.h similarity index 100% rename from include/mbedtls/camellia.h rename to tf-psa-crypto/drivers/builtin/include/mbedtls/camellia.h diff --git a/include/mbedtls/ccm.h b/tf-psa-crypto/drivers/builtin/include/mbedtls/ccm.h similarity index 100% rename from include/mbedtls/ccm.h rename to tf-psa-crypto/drivers/builtin/include/mbedtls/ccm.h diff --git a/include/mbedtls/chacha20.h b/tf-psa-crypto/drivers/builtin/include/mbedtls/chacha20.h similarity index 100% rename from include/mbedtls/chacha20.h rename to tf-psa-crypto/drivers/builtin/include/mbedtls/chacha20.h diff --git a/include/mbedtls/chachapoly.h b/tf-psa-crypto/drivers/builtin/include/mbedtls/chachapoly.h similarity index 100% rename from include/mbedtls/chachapoly.h rename to tf-psa-crypto/drivers/builtin/include/mbedtls/chachapoly.h diff --git a/include/mbedtls/cipher.h b/tf-psa-crypto/drivers/builtin/include/mbedtls/cipher.h similarity index 100% rename from include/mbedtls/cipher.h rename to tf-psa-crypto/drivers/builtin/include/mbedtls/cipher.h diff --git a/include/mbedtls/cmac.h b/tf-psa-crypto/drivers/builtin/include/mbedtls/cmac.h similarity index 100% rename from include/mbedtls/cmac.h rename to tf-psa-crypto/drivers/builtin/include/mbedtls/cmac.h diff --git a/include/mbedtls/config_adjust_legacy_from_psa.h b/tf-psa-crypto/drivers/builtin/include/mbedtls/config_adjust_legacy_from_psa.h similarity index 100% rename from include/mbedtls/config_adjust_legacy_from_psa.h rename to tf-psa-crypto/drivers/builtin/include/mbedtls/config_adjust_legacy_from_psa.h diff --git a/include/mbedtls/config_adjust_psa_superset_legacy.h b/tf-psa-crypto/drivers/builtin/include/mbedtls/config_adjust_psa_superset_legacy.h similarity index 100% rename from include/mbedtls/config_adjust_psa_superset_legacy.h rename to tf-psa-crypto/drivers/builtin/include/mbedtls/config_adjust_psa_superset_legacy.h diff --git a/include/mbedtls/config_psa.h b/tf-psa-crypto/drivers/builtin/include/mbedtls/config_psa.h similarity index 100% rename from include/mbedtls/config_psa.h rename to tf-psa-crypto/drivers/builtin/include/mbedtls/config_psa.h diff --git a/include/mbedtls/constant_time.h b/tf-psa-crypto/drivers/builtin/include/mbedtls/constant_time.h similarity index 100% rename from include/mbedtls/constant_time.h rename to tf-psa-crypto/drivers/builtin/include/mbedtls/constant_time.h diff --git a/include/mbedtls/ctr_drbg.h b/tf-psa-crypto/drivers/builtin/include/mbedtls/ctr_drbg.h similarity index 100% rename from include/mbedtls/ctr_drbg.h rename to tf-psa-crypto/drivers/builtin/include/mbedtls/ctr_drbg.h diff --git a/include/mbedtls/des.h b/tf-psa-crypto/drivers/builtin/include/mbedtls/des.h similarity index 100% rename from include/mbedtls/des.h rename to tf-psa-crypto/drivers/builtin/include/mbedtls/des.h diff --git a/include/mbedtls/dhm.h b/tf-psa-crypto/drivers/builtin/include/mbedtls/dhm.h similarity index 100% rename from include/mbedtls/dhm.h rename to tf-psa-crypto/drivers/builtin/include/mbedtls/dhm.h diff --git a/include/mbedtls/ecdh.h b/tf-psa-crypto/drivers/builtin/include/mbedtls/ecdh.h similarity index 100% rename from include/mbedtls/ecdh.h rename to tf-psa-crypto/drivers/builtin/include/mbedtls/ecdh.h diff --git a/include/mbedtls/ecdsa.h b/tf-psa-crypto/drivers/builtin/include/mbedtls/ecdsa.h similarity index 100% rename from include/mbedtls/ecdsa.h rename to tf-psa-crypto/drivers/builtin/include/mbedtls/ecdsa.h diff --git a/include/mbedtls/ecjpake.h b/tf-psa-crypto/drivers/builtin/include/mbedtls/ecjpake.h similarity index 100% rename from include/mbedtls/ecjpake.h rename to tf-psa-crypto/drivers/builtin/include/mbedtls/ecjpake.h diff --git a/include/mbedtls/ecp.h b/tf-psa-crypto/drivers/builtin/include/mbedtls/ecp.h similarity index 100% rename from include/mbedtls/ecp.h rename to tf-psa-crypto/drivers/builtin/include/mbedtls/ecp.h diff --git a/include/mbedtls/entropy.h b/tf-psa-crypto/drivers/builtin/include/mbedtls/entropy.h similarity index 100% rename from include/mbedtls/entropy.h rename to tf-psa-crypto/drivers/builtin/include/mbedtls/entropy.h diff --git a/include/mbedtls/error.h b/tf-psa-crypto/drivers/builtin/include/mbedtls/error.h similarity index 100% rename from include/mbedtls/error.h rename to tf-psa-crypto/drivers/builtin/include/mbedtls/error.h diff --git a/include/mbedtls/gcm.h b/tf-psa-crypto/drivers/builtin/include/mbedtls/gcm.h similarity index 100% rename from include/mbedtls/gcm.h rename to tf-psa-crypto/drivers/builtin/include/mbedtls/gcm.h diff --git a/include/mbedtls/hmac_drbg.h b/tf-psa-crypto/drivers/builtin/include/mbedtls/hmac_drbg.h similarity index 100% rename from include/mbedtls/hmac_drbg.h rename to tf-psa-crypto/drivers/builtin/include/mbedtls/hmac_drbg.h diff --git a/include/mbedtls/lms.h b/tf-psa-crypto/drivers/builtin/include/mbedtls/lms.h similarity index 100% rename from include/mbedtls/lms.h rename to tf-psa-crypto/drivers/builtin/include/mbedtls/lms.h diff --git a/include/mbedtls/md.h b/tf-psa-crypto/drivers/builtin/include/mbedtls/md.h similarity index 100% rename from include/mbedtls/md.h rename to tf-psa-crypto/drivers/builtin/include/mbedtls/md.h diff --git a/include/mbedtls/md5.h b/tf-psa-crypto/drivers/builtin/include/mbedtls/md5.h similarity index 100% rename from include/mbedtls/md5.h rename to tf-psa-crypto/drivers/builtin/include/mbedtls/md5.h diff --git a/include/mbedtls/memory_buffer_alloc.h b/tf-psa-crypto/drivers/builtin/include/mbedtls/memory_buffer_alloc.h similarity index 100% rename from include/mbedtls/memory_buffer_alloc.h rename to tf-psa-crypto/drivers/builtin/include/mbedtls/memory_buffer_alloc.h diff --git a/include/mbedtls/nist_kw.h b/tf-psa-crypto/drivers/builtin/include/mbedtls/nist_kw.h similarity index 100% rename from include/mbedtls/nist_kw.h rename to tf-psa-crypto/drivers/builtin/include/mbedtls/nist_kw.h diff --git a/include/mbedtls/oid.h b/tf-psa-crypto/drivers/builtin/include/mbedtls/oid.h similarity index 100% rename from include/mbedtls/oid.h rename to tf-psa-crypto/drivers/builtin/include/mbedtls/oid.h diff --git a/include/mbedtls/pem.h b/tf-psa-crypto/drivers/builtin/include/mbedtls/pem.h similarity index 100% rename from include/mbedtls/pem.h rename to tf-psa-crypto/drivers/builtin/include/mbedtls/pem.h diff --git a/include/mbedtls/pk.h b/tf-psa-crypto/drivers/builtin/include/mbedtls/pk.h similarity index 100% rename from include/mbedtls/pk.h rename to tf-psa-crypto/drivers/builtin/include/mbedtls/pk.h diff --git a/include/mbedtls/pkcs12.h b/tf-psa-crypto/drivers/builtin/include/mbedtls/pkcs12.h similarity index 100% rename from include/mbedtls/pkcs12.h rename to tf-psa-crypto/drivers/builtin/include/mbedtls/pkcs12.h diff --git a/include/mbedtls/pkcs5.h b/tf-psa-crypto/drivers/builtin/include/mbedtls/pkcs5.h similarity index 100% rename from include/mbedtls/pkcs5.h rename to tf-psa-crypto/drivers/builtin/include/mbedtls/pkcs5.h diff --git a/include/mbedtls/platform.h b/tf-psa-crypto/drivers/builtin/include/mbedtls/platform.h similarity index 100% rename from include/mbedtls/platform.h rename to tf-psa-crypto/drivers/builtin/include/mbedtls/platform.h diff --git a/include/mbedtls/platform_time.h b/tf-psa-crypto/drivers/builtin/include/mbedtls/platform_time.h similarity index 100% rename from include/mbedtls/platform_time.h rename to tf-psa-crypto/drivers/builtin/include/mbedtls/platform_time.h diff --git a/include/mbedtls/platform_util.h b/tf-psa-crypto/drivers/builtin/include/mbedtls/platform_util.h similarity index 100% rename from include/mbedtls/platform_util.h rename to tf-psa-crypto/drivers/builtin/include/mbedtls/platform_util.h diff --git a/include/mbedtls/poly1305.h b/tf-psa-crypto/drivers/builtin/include/mbedtls/poly1305.h similarity index 100% rename from include/mbedtls/poly1305.h rename to tf-psa-crypto/drivers/builtin/include/mbedtls/poly1305.h diff --git a/include/mbedtls/private_access.h b/tf-psa-crypto/drivers/builtin/include/mbedtls/private_access.h similarity index 100% rename from include/mbedtls/private_access.h rename to tf-psa-crypto/drivers/builtin/include/mbedtls/private_access.h diff --git a/include/mbedtls/psa_util.h b/tf-psa-crypto/drivers/builtin/include/mbedtls/psa_util.h similarity index 100% rename from include/mbedtls/psa_util.h rename to tf-psa-crypto/drivers/builtin/include/mbedtls/psa_util.h diff --git a/include/mbedtls/ripemd160.h b/tf-psa-crypto/drivers/builtin/include/mbedtls/ripemd160.h similarity index 100% rename from include/mbedtls/ripemd160.h rename to tf-psa-crypto/drivers/builtin/include/mbedtls/ripemd160.h diff --git a/include/mbedtls/rsa.h b/tf-psa-crypto/drivers/builtin/include/mbedtls/rsa.h similarity index 100% rename from include/mbedtls/rsa.h rename to tf-psa-crypto/drivers/builtin/include/mbedtls/rsa.h diff --git a/include/mbedtls/sha1.h b/tf-psa-crypto/drivers/builtin/include/mbedtls/sha1.h similarity index 100% rename from include/mbedtls/sha1.h rename to tf-psa-crypto/drivers/builtin/include/mbedtls/sha1.h diff --git a/include/mbedtls/sha256.h b/tf-psa-crypto/drivers/builtin/include/mbedtls/sha256.h similarity index 100% rename from include/mbedtls/sha256.h rename to tf-psa-crypto/drivers/builtin/include/mbedtls/sha256.h diff --git a/include/mbedtls/sha3.h b/tf-psa-crypto/drivers/builtin/include/mbedtls/sha3.h similarity index 100% rename from include/mbedtls/sha3.h rename to tf-psa-crypto/drivers/builtin/include/mbedtls/sha3.h diff --git a/include/mbedtls/sha512.h b/tf-psa-crypto/drivers/builtin/include/mbedtls/sha512.h similarity index 100% rename from include/mbedtls/sha512.h rename to tf-psa-crypto/drivers/builtin/include/mbedtls/sha512.h diff --git a/include/mbedtls/threading.h b/tf-psa-crypto/drivers/builtin/include/mbedtls/threading.h similarity index 100% rename from include/mbedtls/threading.h rename to tf-psa-crypto/drivers/builtin/include/mbedtls/threading.h diff --git a/include/mbedtls/timing.h b/tf-psa-crypto/drivers/builtin/include/mbedtls/timing.h similarity index 100% rename from include/mbedtls/timing.h rename to tf-psa-crypto/drivers/builtin/include/mbedtls/timing.h diff --git a/include/mbedtls/version.h b/tf-psa-crypto/drivers/builtin/include/mbedtls/version.h similarity index 100% rename from include/mbedtls/version.h rename to tf-psa-crypto/drivers/builtin/include/mbedtls/version.h From 3d817add466c38591128cc67b49523c8c17f4e47 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Fri, 14 Jun 2024 08:43:28 +0200 Subject: [PATCH 400/429] Adjust build systems Adjust build systems such as we can built Mbed TLS in the default and full configuration. Signed-off-by: Ronald Cron --- 3rdparty/everest/CMakeLists.txt | 1 + 3rdparty/p256-m/CMakeLists.txt | 1 + CMakeLists.txt | 2 ++ framework | 2 +- library/CMakeLists.txt | 10 +++++++--- library/Makefile | 6 ++++-- programs/test/CMakeLists.txt | 6 ++++-- scripts/common.make | 5 ++++- scripts/generate_errors.pl | 21 ++++++++++++--------- scripts/generate_visualc_files.pl | 4 ++++ tests/Makefile | 2 ++ tests/psa-client-server/psasim/Makefile | 4 +++- 12 files changed, 45 insertions(+), 19 deletions(-) diff --git a/3rdparty/everest/CMakeLists.txt b/3rdparty/everest/CMakeLists.txt index 8c8e8db04a..356931e05f 100644 --- a/3rdparty/everest/CMakeLists.txt +++ b/3rdparty/everest/CMakeLists.txt @@ -9,6 +9,7 @@ target_include_directories(${everest_target} PUBLIC $ $ $ + $ $ PRIVATE include/everest include/everest/kremlib diff --git a/3rdparty/p256-m/CMakeLists.txt b/3rdparty/p256-m/CMakeLists.txt index bd302a7b66..d3dc81328e 100644 --- a/3rdparty/p256-m/CMakeLists.txt +++ b/3rdparty/p256-m/CMakeLists.txt @@ -9,6 +9,7 @@ target_include_directories(${p256m_target} $ $ $ + $ $ PRIVATE ${MBEDTLS_DIR}/library/) diff --git a/CMakeLists.txt b/CMakeLists.txt index 35b8d4812e..28d4b832a9 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -356,6 +356,7 @@ if(ENABLE_TESTING OR ENABLE_PROGRAMS) PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/tests/include PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/include PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/tf-psa-crypto/include + PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/tf-psa-crypto/drivers/builtin/include PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/library) # Request C11, needed for memory poisoning tests set_target_properties(mbedtls_test PROPERTIES C_STANDARD 11) @@ -367,6 +368,7 @@ if(ENABLE_TESTING OR ENABLE_PROGRAMS) PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/tests/include PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/include PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/tf-psa-crypto/include + PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/tf-psa-crypto/drivers/builtin/include PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/library PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/3rdparty/everest/include) diff --git a/framework b/framework index 04847216ab..86dede5177 160000 --- a/framework +++ b/framework @@ -1 +1 @@ -Subproject commit 04847216ab964b9bdce41f1e61ccc6d8f5d2a139 +Subproject commit 86dede517741011ccd65c1946963add19580f6ca diff --git a/library/CMakeLists.txt b/library/CMakeLists.txt index 9b26b6b102..e2562df998 100644 --- a/library/CMakeLists.txt +++ b/library/CMakeLists.txt @@ -129,19 +129,22 @@ set(src_tls if(GEN_FILES) find_package(Perl REQUIRED) - file(GLOB error_headers ${CMAKE_CURRENT_SOURCE_DIR}/../include/mbedtls/*.h) + file(GLOB crypto_error_headers ${CMAKE_CURRENT_SOURCE_DIR}/../tf-psa-crypto/drivers/builtin/include/mbedtls/*.h) + file(GLOB tls_error_headers ${CMAKE_CURRENT_SOURCE_DIR}/../include/mbedtls/*.h) add_custom_command( OUTPUT ${CMAKE_CURRENT_BINARY_DIR}/error.c COMMAND ${PERL_EXECUTABLE} ${CMAKE_CURRENT_SOURCE_DIR}/../scripts/generate_errors.pl + ${CMAKE_CURRENT_SOURCE_DIR}/../tf-psa-crypto/drivers/builtin/include/mbedtls ${CMAKE_CURRENT_SOURCE_DIR}/../include/mbedtls ${CMAKE_CURRENT_SOURCE_DIR}/../scripts/data_files ${CMAKE_CURRENT_BINARY_DIR}/error.c DEPENDS ${CMAKE_CURRENT_SOURCE_DIR}/../scripts/generate_errors.pl - ${error_headers} + ${crypto_error_headers} + ${tls_error_headers} ${CMAKE_CURRENT_SOURCE_DIR}/../scripts/data_files/error.fmt ) @@ -170,7 +173,7 @@ if(GEN_FILES) ${CMAKE_CURRENT_BINARY_DIR} DEPENDS ${CMAKE_CURRENT_SOURCE_DIR}/../scripts/generate_ssl_debug_helpers.py - ${error_headers} + ${tls_error_headers} ) add_custom_command( @@ -329,6 +332,7 @@ foreach(target IN LISTS target_libraries) target_include_directories(${target} PUBLIC $ $ + $ $ PRIVATE ${MBEDTLS_DIR}/library/ # Needed to include psa_crypto_driver_wrappers.h diff --git a/library/Makefile b/library/Makefile index 014e0caab4..5b18e3ad17 100644 --- a/library/Makefile +++ b/library/Makefile @@ -28,11 +28,13 @@ CFLAGS ?= -O2 WARNING_CFLAGS ?= -Wall -Wextra -Wformat=2 -Wno-format-nonliteral LDFLAGS ?= -# Include ../include, ../tf-psa-crypto/include for public headers and . for +# Include ../include, ../tf-psa-crypto/include and +# ../tf-psa-crypto/drivers/builtin/includefor public headers and . for # private headers. Note that . needs to be included explicitly for the sake of # library files that are not in the /library directory (which currently means # under /3rdparty). -LOCAL_CFLAGS = $(WARNING_CFLAGS) -I. -I../include -I../tf-psa-crypto/include -D_FILE_OFFSET_BITS=64 +LOCAL_CFLAGS = $(WARNING_CFLAGS) -I. -I../include -I../tf-psa-crypto/include \ + -I../tf-psa-crypto/drivers/builtin/include -D_FILE_OFFSET_BITS=64 LOCAL_LDFLAGS = ifdef DEBUG diff --git a/programs/test/CMakeLists.txt b/programs/test/CMakeLists.txt index 08fb321312..20cdf41890 100644 --- a/programs/test/CMakeLists.txt +++ b/programs/test/CMakeLists.txt @@ -27,7 +27,8 @@ if(TEST_CPP) add_executable(cpp_dummy_build "${cpp_dummy_build_cpp}") target_include_directories(cpp_dummy_build PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../include - PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../tf-psa-crypto/include) + PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../tf-psa-crypto/include + PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../tf-psa-crypto/drivers/builtin/include) target_link_libraries(cpp_dummy_build ${mbedcrypto_target} ${CMAKE_THREAD_LIBS_INIT}) endif() @@ -36,7 +37,8 @@ if(USE_SHARED_MBEDTLS_LIBRARY AND add_executable(dlopen "dlopen.c") target_include_directories(dlopen PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../include - PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../tf-psa-crypto/include) + PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../tf-psa-crypto/include + PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../tf-psa-crypto/drivers/builtin/include) target_link_libraries(dlopen ${CMAKE_DL_LIBS}) endif() diff --git a/scripts/common.make b/scripts/common.make index 702ef5c670..ead1334ca3 100644 --- a/scripts/common.make +++ b/scripts/common.make @@ -21,7 +21,10 @@ WARNING_CFLAGS ?= -Wall -Wextra -Wformat=2 -Wno-format-nonliteral WARNING_CXXFLAGS ?= -Wall -Wextra -Wformat=2 -Wno-format-nonliteral LDFLAGS ?= -LOCAL_CFLAGS = $(WARNING_CFLAGS) -I$(MBEDTLS_TEST_PATH)/include -I$(MBEDTLS_PATH)/include -I$(MBEDTLS_PATH)/tf-psa-crypto/include -D_FILE_OFFSET_BITS=64 +LOCAL_CFLAGS = $(WARNING_CFLAGS) -I$(MBEDTLS_TEST_PATH)/include \ + -I$(MBEDTLS_PATH)/include -I$(MBEDTLS_PATH)/tf-psa-crypto/include \ + -I$(MBEDTLS_PATH)/tf-psa-crypto/drivers/builtin/include \ + -D_FILE_OFFSET_BITS=64 LOCAL_CXXFLAGS = $(WARNING_CXXFLAGS) -I$(MBEDTLS_PATH)/include -I$(MBEDTLS_PATH)/tests/include -D_FILE_OFFSET_BITS=64 LOCAL_LDFLAGS = ${MBEDTLS_TEST_OBJS} \ -L$(MBEDTLS_PATH)/library \ diff --git a/scripts/generate_errors.pl b/scripts/generate_errors.pl index b3acb0e6c3..fb95c0d2ca 100755 --- a/scripts/generate_errors.pl +++ b/scripts/generate_errors.pl @@ -3,7 +3,7 @@ # Generate error.c # # Usage: ./generate_errors.pl or scripts/generate_errors.pl without arguments, -# or generate_errors.pl include_dir data_dir error_file +# or generate_errors.pl crypto_include_dir tls_include_dir data_dir error_file # # Copyright The Mbed TLS Contributors # SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later @@ -11,22 +11,24 @@ use strict; use warnings; -my ($include_dir, $data_dir, $error_file); +my ($crypto_include_dir, $tls_include_dir, $data_dir, $error_file); if( @ARGV ) { - die "Invalid number of arguments" if scalar @ARGV != 3; - ($include_dir, $data_dir, $error_file) = @ARGV; + die "Invalid number of arguments" if scalar @ARGV != 4; + ($crypto_include_dir, $tls_include_dir, $data_dir, $error_file) = @ARGV; - -d $include_dir or die "No such directory: $include_dir\n"; + -d $crypto_include_dir or die "No such directory: $crypto_include_dir\n"; + -d $tls_include_dir or die "No such directory: $tls_include_dir\n"; -d $data_dir or die "No such directory: $data_dir\n"; } else { - $include_dir = 'include/mbedtls'; + $crypto_include_dir = 'tf-psa-crypto/drivers/builtin/include/mbedtls'; + $tls_include_dir = 'include/mbedtls'; $data_dir = 'scripts/data_files'; $error_file = 'library/error.c'; - unless( -d $include_dir && -d $data_dir ) { + unless( -d $crypto_include_dir && -d $tls_include_dir && -d $data_dir ) { chdir '..' or die; - -d $include_dir && -d $data_dir + -d $crypto_include_dir && -d $tls_include_dir && -d $data_dir or die "Without arguments, must be run from root or scripts\n" } } @@ -48,7 +50,8 @@ open(FORMAT_FILE, '<:crlf', "$error_format_file") or die "Opening error format f my $error_format = ; close(FORMAT_FILE); -my @files = glob qq("$include_dir/*.h"); +my @files = glob qq("$crypto_include_dir/*.h"); +push(@files, glob qq("$tls_include_dir/*.h")); my @necessary_include_files; my @matches; foreach my $file (@files) { diff --git a/scripts/generate_visualc_files.pl b/scripts/generate_visualc_files.pl index b566372e1a..e9267eb450 100755 --- a/scripts/generate_visualc_files.pl +++ b/scripts/generate_visualc_files.pl @@ -23,6 +23,7 @@ my $vsx_sln_file = "$vsx_dir/mbedTLS.sln"; my $programs_dir = 'programs'; my $mbedtls_header_dir = 'include/mbedtls'; +my $drivers_builtin_header_dir = 'tf-psa-crypto/drivers/builtin/include/mbedtls'; my $psa_header_dir = 'tf-psa-crypto/include/psa'; my $source_dir = 'library'; my $test_source_dir = 'tests/src'; @@ -45,6 +46,7 @@ my @thirdparty_source_dirs = qw( my @include_directories = qw( include tf-psa-crypto/include + tf-psa-crypto/drivers/builtin/include 3rdparty/everest/include/ 3rdparty/everest/include/everest 3rdparty/everest/include/everest/vs2013 @@ -102,6 +104,7 @@ sub check_dirs { } return -d $vsx_dir && -d $mbedtls_header_dir + && -d $drivers_builtin_header_dir && -d $psa_header_dir && -d $source_dir && -d $test_source_dir @@ -258,6 +261,7 @@ sub main { my @app_list = get_app_list(); my @header_dirs = ( $mbedtls_header_dir, + $drivers_builtin_header_dir, $psa_header_dir, $test_header_dir, $test_drivers_header_dir, diff --git a/tests/Makefile b/tests/Makefile index d1d5ed9721..5af49b4a2c 100644 --- a/tests/Makefile +++ b/tests/Makefile @@ -209,6 +209,8 @@ include/alt-extra/%_alt.h: ../include/%.h perl -p -e 's/^(# *(define|ifndef) +\w+_)H\b/$${1}ALT_H/' $< >$@ include/alt-extra/%_alt.h: ../tf-psa-crypto/include/%.h perl -p -e 's/^(# *(define|ifndef) +\w+_)H\b/$${1}ALT_H/' $< >$@ +include/alt-extra/%_alt.h: ../tf-psa-crypto/drivers/builtin/include/%.h + perl -p -e 's/^(# *(define|ifndef) +\w+_)H\b/$${1}ALT_H/' $< >$@ # Generate test library diff --git a/tests/psa-client-server/psasim/Makefile b/tests/psa-client-server/psasim/Makefile index 4b0c46e47c..02b639f2c4 100644 --- a/tests/psa-client-server/psasim/Makefile +++ b/tests/psa-client-server/psasim/Makefile @@ -8,7 +8,9 @@ LIBPSACLIENT := -Llibpsaclient/ -lmbedcrypto -lmbedx509 -lmbedtls LIBPSASERVER := -Llibpsaserver/ -lmbedcrypto MBEDTLS_ROOT_PATH = ../../.. -COMMON_INCLUDE := -I./include -I$(MBEDTLS_ROOT_PATH)/include -I$(MBEDTLS_ROOT_PATH)/tf-psa-crypto/include +COMMON_INCLUDE := -I./include -I$(MBEDTLS_ROOT_PATH)/include \ + -I$(MBEDTLS_ROOT_PATH)/tf-psa-crypto/include \ + -I$(MBEDTLS_ROOT_PATH)/tf-psa-crypto/drivers/builtin/include GENERATED_H_FILES = include/psa_manifest/manifest.h \ include/psa_manifest/pid.h \ From 09de583a8a7e26bb951dcac9f38a08896c29603b Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Mon, 17 Jun 2024 13:52:55 +0200 Subject: [PATCH 401/429] Adapt make apidoc Signed-off-by: Ronald Cron --- doxygen/mbedtls.doxyfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/doxygen/mbedtls.doxyfile b/doxygen/mbedtls.doxyfile index 847deb01ae..1e494a0de0 100644 --- a/doxygen/mbedtls.doxyfile +++ b/doxygen/mbedtls.doxyfile @@ -6,7 +6,7 @@ EXTRACT_ALL = YES EXTRACT_PRIVATE = YES EXTRACT_STATIC = YES CASE_SENSE_NAMES = NO -INPUT = ../include ../tf-psa-crypto/include input ../tests/include/alt-dummy +INPUT = ../include ../tf-psa-crypto/include input ../tf-psa-crypto/drivers/builtin/include ../tests/include/alt-dummy FILE_PATTERNS = *.h RECURSIVE = YES EXCLUDE_SYMLINKS = YES @@ -21,7 +21,7 @@ GENERATE_LATEX = NO GENERATE_XML = YES MACRO_EXPANSION = YES EXPAND_ONLY_PREDEF = YES -INCLUDE_PATH = ../include ../tf-psa-crypto/include +INCLUDE_PATH = ../include ../tf-psa-crypto/include ../tf-psa-crypto/drivers/builtin/include EXPAND_AS_DEFINED = MBEDTLS_PRIVATE CLASS_DIAGRAMS = NO HAVE_DOT = YES From d6d7f3ce64a95d2c2c53c382a88f10704694e63e Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Mon, 17 Jun 2024 13:58:54 +0200 Subject: [PATCH 402/429] Adapt make cscope Signed-off-by: Ronald Cron --- Makefile | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/Makefile b/Makefile index 0f1f3da8fd..b10ef6256e 100644 --- a/Makefile +++ b/Makefile @@ -198,6 +198,7 @@ C_SOURCE_FILES = $(wildcard \ include/*/*.h \ library/*.[hc] \ tf-psa-crypto/include/*/*.h \ + tf-psa-crypto/drivers/builtin/include/*/*.h \ programs/*/*.[hc] \ tests/include/*/*.h tests/include/*/*/*.h \ tests/src/*.c tests/src/*/*.c \ @@ -214,5 +215,7 @@ GPATH GRTAGS GSYMS GTAGS: $(C_SOURCE_FILES) ls $(C_SOURCE_FILES) | gtags -f - --gtagsconf .globalrc cscope: cscope.in.out cscope.po.out cscope.out cscope.in.out cscope.po.out cscope.out: $(C_SOURCE_FILES) - cscope -bq -u -Iinclude -Ilibrary -Itf-psa-crypto/include $(patsubst %,-I%,$(wildcard 3rdparty/*/include)) -Itests/include $(C_SOURCE_FILES) + cscope -bq -u -Iinclude -Ilibrary -Itf-psa-crypto/include \ + -Itf-psa-crypto/drivers/builtin/include \ + $(patsubst %,-I%,$(wildcard 3rdparty/*/include)) -Itests/include $(C_SOURCE_FILES) .PHONY: cscope global From 05ba9124b7fc2af5e8a19cfd9c4f9ec73d74a504 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Mon, 17 Jun 2024 14:25:26 +0200 Subject: [PATCH 403/429] Adapt libraries installation Signed-off-by: Ronald Cron --- Makefile | 1 + tf-psa-crypto/include/CMakeLists.txt | 11 +++++++---- 2 files changed, 8 insertions(+), 4 deletions(-) diff --git a/Makefile b/Makefile index b10ef6256e..67ad0b7b10 100644 --- a/Makefile +++ b/Makefile @@ -95,6 +95,7 @@ ifndef WINDOWS install: no_test mkdir -p $(DESTDIR)/include/mbedtls cp -rp include/mbedtls $(DESTDIR)/include + cp -rp tf-psa-crypto/drivers/builtin/include/mbedtls $(DESTDIR)/include mkdir -p $(DESTDIR)/include/psa cp -rp tf-psa-crypto/include/psa $(DESTDIR)/include diff --git a/tf-psa-crypto/include/CMakeLists.txt b/tf-psa-crypto/include/CMakeLists.txt index dea92fe6ef..bca86ff4ee 100644 --- a/tf-psa-crypto/include/CMakeLists.txt +++ b/tf-psa-crypto/include/CMakeLists.txt @@ -1,14 +1,17 @@ -option(INSTALL_PSA_CRYPTO_HEADERS "Install PSA Crypto headers." ON) - -if(INSTALL_PSA_CRYPTO_HEADERS) +option(INSTALL_TF_PSA_CRYPTO_HEADERS "Install TF PSA Crypto headers." ON) +if(INSTALL_TF_PSA_CRYPTO_HEADERS) file(GLOB psa_headers "psa/*.h") + file(GLOB mbedtls_crypto_headers "../drivers/builtin/include/mbedtls/*.h") install(FILES ${psa_headers} DESTINATION include/psa PERMISSIONS OWNER_READ OWNER_WRITE GROUP_READ WORLD_READ) -endif(INSTALL_PSA_CRYPTO_HEADERS) + install(FILES ${mbedtls_crypto_headers} + DESTINATION include/mbedtls + PERMISSIONS OWNER_READ OWNER_WRITE GROUP_READ WORLD_READ) +endif(INSTALL_TF_PSA_CRYPTO_HEADERS) # Make includes available in an out-of-source build. ssl-opt.sh requires it. if (ENABLE_TESTING AND NOT ${CMAKE_CURRENT_BINARY_DIR} STREQUAL ${CMAKE_CURRENT_SOURCE_DIR}) From 52cc858aec6fba1eb251d0f515225c68998f9883 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Mon, 17 Jun 2024 17:26:39 +0200 Subject: [PATCH 404/429] Adapt libtestdriver1 build Signed-off-by: Ronald Cron --- tests/Makefile | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/tests/Makefile b/tests/Makefile index 5af49b4a2c..7ab4d9c474 100644 --- a/tests/Makefile +++ b/tests/Makefile @@ -219,7 +219,13 @@ include/alt-extra/%_alt.h: ../tf-psa-crypto/drivers/builtin/include/%.h # library. Add a LIBTESTDRIVER1_/libtestdriver1_ to mbedtls_xxx and psa_xxx # symbols. define libtestdriver1_rewrite := - s!^(\s*#\s*include\s*[\"<])mbedtls/!$${1}libtestdriver1/include/mbedtls/!; \ + s!^(\s*#\s*include\s*[\"<])mbedtls/build_info.h!$${1}libtestdriver1/include/mbedtls/build_info.h!; \ + s!^(\s*#\s*include\s*[\"<])mbedtls/mbedtls_config.h!$${1}libtestdriver1/include/mbedtls/mbedtls_config.h!; \ + s!^(\s*#\s*include\s*[\"<])mbedtls/config_adjust_legacy_crypto.h!$${1}libtestdriver1/include/mbedtls/config_adjust_legacy_crypto.h!; \ + s!^(\s*#\s*include\s*[\"<])mbedtls/config_adjust_x509.h!$${1}libtestdriver1/include/mbedtls/config_adjust_x509.h!; \ + s!^(\s*#\s*include\s*[\"<])mbedtls/config_adjust_ssl.h!$${1}libtestdriver1/include/mbedtls/config_adjust_ssl.h!; \ + s!^(\s*#\s*include\s*[\"<])mbedtls/check_config.h!$${1}libtestdriver1/include/mbedtls/check_config.h!; \ + s!^(\s*#\s*include\s*[\"<])mbedtls/!$${1}libtestdriver1/tf-psa-crypto/drivers/builtin/include/mbedtls/!; \ s!^(\s*#\s*include\s*[\"<])psa/!$${1}libtestdriver1/tf-psa-crypto/include/psa/!; \ next if /^\s*#\s*include/; \ s/\b(?=MBEDTLS_|PSA_)/LIBTESTDRIVER1_/g; \ @@ -257,6 +263,7 @@ libtestdriver1.a: perl -pi -e '$(libtestdriver1_rewrite)' ./libtestdriver1/library/*.[ch] perl -pi -e '$(libtestdriver1_rewrite)' ./libtestdriver1/include/*/*.h perl -pi -e '$(libtestdriver1_rewrite)' ./libtestdriver1/tf-psa-crypto/include/*/*.h + perl -pi -e '$(libtestdriver1_rewrite)' ./libtestdriver1/tf-psa-crypto/drivers/builtin/include/*/*.h $(MAKE) -C ./libtestdriver1/library CFLAGS="-I../../ $(CFLAGS)" LDFLAGS="$(LDFLAGS)" libmbedcrypto.a cp ./libtestdriver1/library/libmbedcrypto.a ../library/libtestdriver1.a From f4606d489ec4c91cd14817e62ea720e20f593ecf Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Mon, 17 Jun 2024 17:49:28 +0200 Subject: [PATCH 405/429] Adjust more paths to Mbed TLS crypto headers Signed-off-by: Ronald Cron --- programs/test/generate_cpp_dummy_build.sh | 7 +++++++ tests/scripts/test_psa_constant_names.py | 4 +++- 2 files changed, 10 insertions(+), 1 deletion(-) diff --git a/programs/test/generate_cpp_dummy_build.sh b/programs/test/generate_cpp_dummy_build.sh index ef9996e4c2..d27c7ae124 100755 --- a/programs/test/generate_cpp_dummy_build.sh +++ b/programs/test/generate_cpp_dummy_build.sh @@ -45,6 +45,13 @@ EOF esac done + for header in tf-psa-crypto/drivers/builtin/include/mbedtls/*.h; do + case ${header#tf-psa-crypto/drivers/builtin/include/} in + mbedtls/config_*.h) :;; # not meant for direct inclusion + *) echo "#include \"${header#tf-psa-crypto/drivers/builtin/include/}\"";; + esac + done + for header in tf-psa-crypto/include/psa/*.h; do case ${header#tf-psa-crypto/include/} in psa/crypto_config.h) :;; # not meant for direct inclusion diff --git a/tests/scripts/test_psa_constant_names.py b/tests/scripts/test_psa_constant_names.py index 6c9d905106..f35351c079 100755 --- a/tests/scripts/test_psa_constant_names.py +++ b/tests/scripts/test_psa_constant_names.py @@ -161,7 +161,9 @@ TEST_SUITES = ['tests/suites/test_suite_psa_crypto_metadata.data'] def main(): parser = argparse.ArgumentParser(description=globals()['__doc__']) parser.add_argument('--include', '-I', - action='append', default=['tf-psa-crypto/include', 'include'], + action='append', default=['tf-psa-crypto/include', + 'tf-psa-crypto/drivers/builtin/include', + 'include'], help='Directory for header files') parser.add_argument('--keep-c', action='store_true', dest='keep_c', default=False, From 71609eb4a8f4b08a97cbca807110d29c3c9beaa4 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Wed, 19 Jun 2024 16:18:01 +0200 Subject: [PATCH 406/429] Adapt check_names.py Signed-off-by: Ronald Cron --- tests/scripts/check_names.py | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/tests/scripts/check_names.py b/tests/scripts/check_names.py index 01c3f3c11d..142233c6b3 100755 --- a/tests/scripts/check_names.py +++ b/tests/scripts/check_names.py @@ -239,6 +239,7 @@ class CodeParser(): "include/mbedtls/*.h", "include/psa/*.h", "tf-psa-crypto/include/psa/*.h", + "tf-psa-crypto/drivers/builtin/include/mbedtls/*.h", "3rdparty/everest/include/everest/everest.h", "3rdparty/everest/include/everest/x25519.h" ]) @@ -253,6 +254,7 @@ class CodeParser(): "include/mbedtls/*.h", "include/psa/*.h", "tf-psa-crypto/include/psa/*.h", + "tf-psa-crypto/drivers/builtin/include/mbedtls/*.h", "library/*.h", "library/*.c", "3rdparty/everest/include/everest/everest.h", @@ -262,6 +264,7 @@ class CodeParser(): "include/mbedtls/*.h", "include/psa/*.h", "tf-psa-crypto/include/psa/*.h", + "tf-psa-crypto/drivers/builtin/include/mbedtls/*.h", "library/*.h", "3rdparty/everest/include/everest/everest.h", "3rdparty/everest/include/everest/x25519.h" @@ -270,6 +273,7 @@ class CodeParser(): "include/mbedtls/*.h", "include/psa/*.h", "tf-psa-crypto/include/psa/*.h", + "tf-psa-crypto/drivers/builtin/include/mbedtls/*.h", "library/*.h", "3rdparty/everest/include/everest/everest.h", "3rdparty/everest/include/everest/x25519.h", From b50d30f3383c26aac3dc78b4a332b27e3a3d741d Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Fri, 21 Jun 2024 08:56:43 +0200 Subject: [PATCH 407/429] Adapt cipher.h path in depends.py Signed-off-by: Ronald Cron --- tests/scripts/depends.py | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/tests/scripts/depends.py b/tests/scripts/depends.py index 1990cd21ca..fa17e134d3 100755 --- a/tests/scripts/depends.py +++ b/tests/scripts/depends.py @@ -369,7 +369,11 @@ class CipherInfo: # pylint: disable=too-few-public-methods """Collect data about cipher.h.""" def __init__(self): self.base_symbols = set() - with open('include/mbedtls/cipher.h', encoding="utf-8") as fh: + if os.path.isdir('tf-psa-crypto'): + cipher_h_path = 'tf-psa-crypto/drivers/builtin/include/mbedtls/cipher.h' + else: + cipher_h_path = 'include/mbedtls/cipher.h' + with open(cipher_h_path, encoding="utf-8") as fh: for line in fh: m = re.match(r' *MBEDTLS_CIPHER_ID_(\w+),', line) if m and m.group(1) not in ['NONE', 'NULL', '3DES']: From fb3e1596cfd576d12c07765d4d29d5f0ed2f7a1a Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Fri, 21 Jun 2024 09:07:58 +0200 Subject: [PATCH 408/429] Adapt include dir paths in test_psa_compliance.py Signed-off-by: Ronald Cron --- tests/scripts/test_psa_compliance.py | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/tests/scripts/test_psa_compliance.py b/tests/scripts/test_psa_compliance.py index b500fe5b51..d4e4979890 100755 --- a/tests/scripts/test_psa_compliance.py +++ b/tests/scripts/test_psa_compliance.py @@ -73,9 +73,14 @@ def main(library_build_dir: str): os.mkdir(build_dir) os.chdir(build_dir) - extra_includes = (';{}/drivers/builtin/include'.format(root_dir) - if in_tf_psa_crypto_repo else - ';{}/tf-psa-crypto/include'.format(root_dir)) + # Temporary while the PSA compliance test suite is still run as part + # of Mbed TLS testing. When it is not the case anymore, the second case + # can be removed. + if in_tf_psa_crypto_repo: + extra_includes = ';{}/drivers/builtin/include'.format(root_dir) + elif os.path.isdir(os.path.join(root_dir, 'tf-psa-crypto')): + extra_includes = ';{}/tf-psa-crypto/include'.format(root_dir) + \ + (';{}/tf-psa-crypto/drivers/builtin/include'.format(root_dir)) #pylint: disable=bad-continuation subprocess.check_call([ From fa7e15d76bf9921debff746413bb822eaf56d736 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Mon, 1 Jul 2024 14:54:09 +0200 Subject: [PATCH 409/429] Fix typo Signed-off-by: Ronald Cron --- library/Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/Makefile b/library/Makefile index 5b18e3ad17..e4fb643ec2 100644 --- a/library/Makefile +++ b/library/Makefile @@ -29,7 +29,7 @@ WARNING_CFLAGS ?= -Wall -Wextra -Wformat=2 -Wno-format-nonliteral LDFLAGS ?= # Include ../include, ../tf-psa-crypto/include and -# ../tf-psa-crypto/drivers/builtin/includefor public headers and . for +# ../tf-psa-crypto/drivers/builtin/include for public headers and . for # private headers. Note that . needs to be included explicitly for the sake of # library files that are not in the /library directory (which currently means # under /3rdparty). From af732955d8b6f08a25ddbb6b4db2b36374d2fd7c Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Mon, 1 Jul 2024 14:58:24 +0200 Subject: [PATCH 410/429] Update framework submodule to the merge of PR30 Signed-off-by: Ronald Cron --- framework | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/framework b/framework index 86dede5177..423e41ec80 160000 --- a/framework +++ b/framework @@ -1 +1 @@ -Subproject commit 86dede517741011ccd65c1946963add19580f6ca +Subproject commit 423e41ec8044a797eca7ac3a36497963fc4e5606 From 3bf375cf255b58208d54373efe2360ef22b13f4d Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 1 Jul 2024 15:33:33 +0200 Subject: [PATCH 411/429] Update framework after merge of #28 Signed-off-by: Gilles Peskine --- framework | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/framework b/framework index 558804797e..29e8dce54a 160000 --- a/framework +++ b/framework @@ -1 +1 @@ -Subproject commit 558804797e617af23957bbe94a5e74af8ae83e38 +Subproject commit 29e8dce54a1041e22489f713cc8c44f700fafcec From 7fe75ba72df7328bd9233825ab4349993806ea3f Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Thu, 27 Jun 2024 18:14:43 +0200 Subject: [PATCH 412/429] psasim: minor fixes to the core - do not try to close a connection that was never started - fix data chunks length for psa_write (prevent memcpy-ing to large blocks of data) Signed-off-by: Valerio Setti --- tests/psa-client-server/psasim/src/psa_ff_server.c | 2 +- tests/psa-client-server/psasim/src/psa_sim_crypto_client.c | 7 ++++++- tests/psa-client-server/psasim/src/psa_sim_generate.pl | 7 ++++++- 3 files changed, 13 insertions(+), 3 deletions(-) diff --git a/tests/psa-client-server/psasim/src/psa_ff_server.c b/tests/psa-client-server/psasim/src/psa_ff_server.c index 7f97b9bf0f..b0737ec840 100644 --- a/tests/psa-client-server/psasim/src/psa_ff_server.c +++ b/tests/psa-client-server/psasim/src/psa_ff_server.c @@ -474,7 +474,7 @@ void psa_write(psa_handle_t msg_handle, uint32_t outvec_idx, while (sofar < num_bytes) { size_t sending = (num_bytes - sofar); - if (sending >= MAX_FRAGMENT_SIZE) { + if (sending > (MAX_FRAGMENT_SIZE - (sizeof(size_t) * 2))) { sending = MAX_FRAGMENT_SIZE - (sizeof(size_t) * 2); } diff --git a/tests/psa-client-server/psasim/src/psa_sim_crypto_client.c b/tests/psa-client-server/psasim/src/psa_sim_crypto_client.c index 28dff38d02..4200f6c04d 100644 --- a/tests/psa-client-server/psasim/src/psa_sim_crypto_client.c +++ b/tests/psa-client-server/psasim/src/psa_sim_crypto_client.c @@ -44,7 +44,7 @@ int psa_crypto_call(int function, invec.base = in_params; invec.len = in_params_len; - size_t max_receive = 8192; + size_t max_receive = 24576; uint8_t *receive = malloc(max_receive); if (receive == NULL) { fprintf(stderr, "FAILED to allocate %u bytes\n", (unsigned) max_receive); @@ -119,6 +119,11 @@ fail: void mbedtls_psa_crypto_free(void) { + /* Do not try to close a connection that was never started.*/ + if (handle == -1) { + return; + } + CLIENT_PRINT("Closing handle"); psa_close(handle); handle = -1; diff --git a/tests/psa-client-server/psasim/src/psa_sim_generate.pl b/tests/psa-client-server/psasim/src/psa_sim_generate.pl index ac238070c3..ac7b2419c7 100755 --- a/tests/psa-client-server/psasim/src/psa_sim_generate.pl +++ b/tests/psa-client-server/psasim/src/psa_sim_generate.pl @@ -349,7 +349,7 @@ int psa_crypto_call(int function, invec.base = in_params; invec.len = in_params_len; - size_t max_receive = 8192; + size_t max_receive = 24576; uint8_t *receive = malloc(max_receive); if (receive == NULL) { fprintf(stderr, "FAILED to allocate %u bytes\n", (unsigned) max_receive); @@ -424,6 +424,11 @@ fail: void mbedtls_psa_crypto_free(void) { + /* Do not try to close a connection that was never started.*/ + if (handle == -1) { + return; + } + CLIENT_PRINT("Closing handle"); psa_close(handle); handle = -1; From 7cdb1dde60894d3e771b94eb16ccf85d14685e9b Mon Sep 17 00:00:00 2001 From: Tom Cosgrove Date: Sat, 29 Jun 2024 16:10:21 +0100 Subject: [PATCH 413/429] psasim: invalidate operations on abort+finish Signed-off-by: Tom Cosgrove --- .../psasim/src/psa_sim_crypto_server.c | 90 +++++++++---------- .../psasim/src/psa_sim_generate.pl | 10 ++- .../psasim/src/psa_sim_serialise.c | 70 +++++++++++++-- .../psasim/src/psa_sim_serialise.h | 35 ++++++-- .../psasim/src/psa_sim_serialise.pl | 56 +++++++++--- 5 files changed, 190 insertions(+), 71 deletions(-) diff --git a/tests/psa-client-server/psasim/src/psa_sim_crypto_server.c b/tests/psa-client-server/psasim/src/psa_sim_crypto_server.c index 52597516cf..cab32c47c1 100644 --- a/tests/psa-client-server/psasim/src/psa_sim_crypto_server.c +++ b/tests/psa-client-server/psasim/src/psa_sim_crypto_server.c @@ -131,7 +131,7 @@ int psa_aead_abort_wrapper( ok = psasim_server_serialise_psa_aead_operation_t( &rpos, &rremain, - operation); + operation, 1); if (!ok) { goto fail; } @@ -375,7 +375,7 @@ int psa_aead_decrypt_setup_wrapper( ok = psasim_server_serialise_psa_aead_operation_t( &rpos, &rremain, - operation); + operation, 0); if (!ok) { goto fail; } @@ -619,7 +619,7 @@ int psa_aead_encrypt_setup_wrapper( ok = psasim_server_serialise_psa_aead_operation_t( &rpos, &rremain, - operation); + operation, 0); if (!ok) { goto fail; } @@ -736,7 +736,7 @@ int psa_aead_finish_wrapper( ok = psasim_server_serialise_psa_aead_operation_t( &rpos, &rremain, - operation); + operation, 1); if (!ok) { goto fail; } @@ -866,7 +866,7 @@ int psa_aead_generate_nonce_wrapper( ok = psasim_server_serialise_psa_aead_operation_t( &rpos, &rremain, - operation); + operation, 0); if (!ok) { goto fail; } @@ -977,7 +977,7 @@ int psa_aead_set_lengths_wrapper( ok = psasim_server_serialise_psa_aead_operation_t( &rpos, &rremain, - operation); + operation, 0); if (!ok) { goto fail; } @@ -1062,7 +1062,7 @@ int psa_aead_set_nonce_wrapper( ok = psasim_server_serialise_psa_aead_operation_t( &rpos, &rremain, - operation); + operation, 0); if (!ok) { goto fail; } @@ -1172,7 +1172,7 @@ int psa_aead_update_wrapper( ok = psasim_server_serialise_psa_aead_operation_t( &rpos, &rremain, - operation); + operation, 0); if (!ok) { goto fail; } @@ -1277,7 +1277,7 @@ int psa_aead_update_ad_wrapper( ok = psasim_server_serialise_psa_aead_operation_t( &rpos, &rremain, - operation); + operation, 0); if (!ok) { goto fail; } @@ -1387,7 +1387,7 @@ int psa_aead_verify_wrapper( ok = psasim_server_serialise_psa_aead_operation_t( &rpos, &rremain, - operation); + operation, 0); if (!ok) { goto fail; } @@ -1760,7 +1760,7 @@ int psa_cipher_abort_wrapper( ok = psasim_server_serialise_psa_cipher_operation_t( &rpos, &rremain, - operation); + operation, 1); if (!ok) { goto fail; } @@ -1980,7 +1980,7 @@ int psa_cipher_decrypt_setup_wrapper( ok = psasim_server_serialise_psa_cipher_operation_t( &rpos, &rremain, - operation); + operation, 0); if (!ok) { goto fail; } @@ -2200,7 +2200,7 @@ int psa_cipher_encrypt_setup_wrapper( ok = psasim_server_serialise_psa_cipher_operation_t( &rpos, &rremain, - operation); + operation, 0); if (!ok) { goto fail; } @@ -2296,7 +2296,7 @@ int psa_cipher_finish_wrapper( ok = psasim_server_serialise_psa_cipher_operation_t( &rpos, &rremain, - operation); + operation, 1); if (!ok) { goto fail; } @@ -2410,7 +2410,7 @@ int psa_cipher_generate_iv_wrapper( ok = psasim_server_serialise_psa_cipher_operation_t( &rpos, &rremain, - operation); + operation, 0); if (!ok) { goto fail; } @@ -2513,7 +2513,7 @@ int psa_cipher_set_iv_wrapper( ok = psasim_server_serialise_psa_cipher_operation_t( &rpos, &rremain, - operation); + operation, 0); if (!ok) { goto fail; } @@ -2623,7 +2623,7 @@ int psa_cipher_update_wrapper( ok = psasim_server_serialise_psa_cipher_operation_t( &rpos, &rremain, - operation); + operation, 0); if (!ok) { goto fail; } @@ -3436,7 +3436,7 @@ int psa_hash_abort_wrapper( ok = psasim_server_serialise_psa_hash_operation_t( &rpos, &rremain, - operation); + operation, 1); if (!ok) { goto fail; } @@ -3520,7 +3520,7 @@ int psa_hash_clone_wrapper( ok = psasim_server_serialise_psa_hash_operation_t( &rpos, &rremain, - target_operation); + target_operation, 0); if (!ok) { goto fail; } @@ -3827,7 +3827,7 @@ int psa_hash_finish_wrapper( ok = psasim_server_serialise_psa_hash_operation_t( &rpos, &rremain, - operation); + operation, 1); if (!ok) { goto fail; } @@ -3929,7 +3929,7 @@ int psa_hash_setup_wrapper( ok = psasim_server_serialise_psa_hash_operation_t( &rpos, &rremain, - operation); + operation, 0); if (!ok) { goto fail; } @@ -4014,7 +4014,7 @@ int psa_hash_update_wrapper( ok = psasim_server_serialise_psa_hash_operation_t( &rpos, &rremain, - operation); + operation, 0); if (!ok) { goto fail; } @@ -4103,7 +4103,7 @@ int psa_hash_verify_wrapper( ok = psasim_server_serialise_psa_hash_operation_t( &rpos, &rremain, - operation); + operation, 1); if (!ok) { goto fail; } @@ -4389,7 +4389,7 @@ int psa_key_derivation_abort_wrapper( ok = psasim_server_serialise_psa_key_derivation_operation_t( &rpos, &rremain, - operation); + operation, 1); if (!ok) { goto fail; } @@ -4567,7 +4567,7 @@ int psa_key_derivation_input_bytes_wrapper( ok = psasim_server_serialise_psa_key_derivation_operation_t( &rpos, &rremain, - operation); + operation, 0); if (!ok) { goto fail; } @@ -4664,7 +4664,7 @@ int psa_key_derivation_input_integer_wrapper( ok = psasim_server_serialise_psa_key_derivation_operation_t( &rpos, &rremain, - operation); + operation, 0); if (!ok) { goto fail; } @@ -4757,7 +4757,7 @@ int psa_key_derivation_input_key_wrapper( ok = psasim_server_serialise_psa_key_derivation_operation_t( &rpos, &rremain, - operation); + operation, 0); if (!ok) { goto fail; } @@ -4860,7 +4860,7 @@ int psa_key_derivation_key_agreement_wrapper( ok = psasim_server_serialise_psa_key_derivation_operation_t( &rpos, &rremain, - operation); + operation, 0); if (!ok) { goto fail; } @@ -4950,7 +4950,7 @@ int psa_key_derivation_output_bytes_wrapper( ok = psasim_server_serialise_psa_key_derivation_operation_t( &rpos, &rremain, - operation); + operation, 0); if (!ok) { goto fail; } @@ -5055,7 +5055,7 @@ int psa_key_derivation_output_key_wrapper( ok = psasim_server_serialise_psa_key_derivation_operation_t( &rpos, &rremain, - operation); + operation, 0); if (!ok) { goto fail; } @@ -5166,7 +5166,7 @@ int psa_key_derivation_output_key_ext_wrapper( ok = psasim_server_serialise_psa_key_derivation_operation_t( &rpos, &rremain, - operation); + operation, 0); if (!ok) { goto fail; } @@ -5261,7 +5261,7 @@ int psa_key_derivation_set_capacity_wrapper( ok = psasim_server_serialise_psa_key_derivation_operation_t( &rpos, &rremain, - operation); + operation, 0); if (!ok) { goto fail; } @@ -5345,7 +5345,7 @@ int psa_key_derivation_setup_wrapper( ok = psasim_server_serialise_psa_key_derivation_operation_t( &rpos, &rremain, - operation); + operation, 0); if (!ok) { goto fail; } @@ -5420,7 +5420,7 @@ int psa_mac_abort_wrapper( ok = psasim_server_serialise_psa_mac_operation_t( &rpos, &rremain, - operation); + operation, 1); if (!ok) { goto fail; } @@ -5643,7 +5643,7 @@ int psa_mac_sign_finish_wrapper( ok = psasim_server_serialise_psa_mac_operation_t( &rpos, &rremain, - operation); + operation, 1); if (!ok) { goto fail; } @@ -5754,7 +5754,7 @@ int psa_mac_sign_setup_wrapper( ok = psasim_server_serialise_psa_mac_operation_t( &rpos, &rremain, - operation); + operation, 0); if (!ok) { goto fail; } @@ -5839,7 +5839,7 @@ int psa_mac_update_wrapper( ok = psasim_server_serialise_psa_mac_operation_t( &rpos, &rremain, - operation); + operation, 0); if (!ok) { goto fail; } @@ -6030,7 +6030,7 @@ int psa_mac_verify_finish_wrapper( ok = psasim_server_serialise_psa_mac_operation_t( &rpos, &rremain, - operation); + operation, 1); if (!ok) { goto fail; } @@ -6127,7 +6127,7 @@ int psa_mac_verify_setup_wrapper( ok = psasim_server_serialise_psa_mac_operation_t( &rpos, &rremain, - operation); + operation, 0); if (!ok) { goto fail; } @@ -6589,7 +6589,7 @@ int psa_sign_hash_abort_wrapper( ok = psasim_server_serialise_psa_sign_hash_interruptible_operation_t( &rpos, &rremain, - operation); + operation, 1); if (!ok) { goto fail; } @@ -6685,7 +6685,7 @@ int psa_sign_hash_complete_wrapper( ok = psasim_server_serialise_psa_sign_hash_interruptible_operation_t( &rpos, &rremain, - operation); + operation, 0); if (!ok) { goto fail; } @@ -6873,7 +6873,7 @@ int psa_sign_hash_start_wrapper( ok = psasim_server_serialise_psa_sign_hash_interruptible_operation_t( &rpos, &rremain, - operation); + operation, 0); if (!ok) { goto fail; } @@ -7181,7 +7181,7 @@ int psa_verify_hash_abort_wrapper( ok = psasim_server_serialise_psa_verify_hash_interruptible_operation_t( &rpos, &rremain, - operation); + operation, 1); if (!ok) { goto fail; } @@ -7256,7 +7256,7 @@ int psa_verify_hash_complete_wrapper( ok = psasim_server_serialise_psa_verify_hash_interruptible_operation_t( &rpos, &rremain, - operation); + operation, 0); if (!ok) { goto fail; } @@ -7436,7 +7436,7 @@ int psa_verify_hash_start_wrapper( ok = psasim_server_serialise_psa_verify_hash_interruptible_operation_t( &rpos, &rremain, - operation); + operation, 0); if (!ok) { goto fail; } diff --git a/tests/psa-client-server/psasim/src/psa_sim_generate.pl b/tests/psa-client-server/psasim/src/psa_sim_generate.pl index ac7b2419c7..dd2fe9e3c4 100755 --- a/tests/psa-client-server/psasim/src/psa_sim_generate.pl +++ b/tests/psa-client-server/psasim/src/psa_sim_generate.pl @@ -750,11 +750,19 @@ EOF my $server_specific = ($argtype =~ /^psa_\w+_operation_t/) ? "server_" : ""; + my $completed = ""; # Only needed on server serialise calls + if (length($server_specific)) { + # On server serialisation, which is only for operation types, + # we need to mark the operation as completed (variously called + # terminated or inactive in psa/crypto.h) on certain calls. + $completed = ($name =~ /_(abort|finish|hash_verify)$/) ? ", 1" : ", 0"; + } + print $fh < Date: Mon, 1 Jul 2024 07:06:26 +0200 Subject: [PATCH 414/429] psasim: remove sleep on server side to make test as fast as possible Signed-off-by: Valerio Setti --- tests/psa-client-server/psasim/src/psa_ff_server.c | 10 ---------- 1 file changed, 10 deletions(-) diff --git a/tests/psa-client-server/psasim/src/psa_ff_server.c b/tests/psa-client-server/psasim/src/psa_ff_server.c index b0737ec840..b106092441 100644 --- a/tests/psa-client-server/psasim/src/psa_ff_server.c +++ b/tests/psa-client-server/psasim/src/psa_ff_server.c @@ -26,8 +26,6 @@ #define MAX_CLIENTS 128 #define MAX_MESSAGES 32 -#define SLEEP_US 1 - struct connection { uint32_t client; void *rhandle; @@ -104,9 +102,6 @@ psa_signal_t psa_wait(psa_signal_t signal_mask, uint32_t timeout) uint32_t requested_version; ssize_t len; int idx; -#if !defined(PSASIM_USE_USLEEP) - const struct timespec ts_delay = { .tv_sec = 0, .tv_nsec = SLEEP_US * 1000 }; -#endif if (timeout == PSA_POLL) { INFO("psa_wait: Called in polling mode"); @@ -261,11 +256,6 @@ psa_signal_t psa_wait(psa_signal_t signal_mask, uint32_t timeout) break; } else { /* There is no 'select' function in SysV to block on multiple queues, so busy-wait :( */ -#if defined(PSASIM_USE_USLEEP) - usleep(SLEEP_US); -#else /* PSASIM_USE_USLEEP */ - nanosleep(&ts_delay, NULL); -#endif /* PSASIM_USE_USLEEP */ } } while (timeout == PSA_BLOCK); From fcc9afaf9d537c83bac4d40f82c6b67a08fa7e50 Mon Sep 17 00:00:00 2001 From: Elena Uziunaite Date: Thu, 23 May 2024 14:43:22 +0100 Subject: [PATCH 415/429] Replace MBEDTLS_MD_CAN_SHA224 with PSA_WANT_ALG_SHA_224 Signed-off-by: Elena Uziunaite --- library/md.c | 8 +- library/oid.c | 12 +- library/ssl_misc.h | 2 +- library/ssl_tls.c | 4 +- library/x509.c | 2 +- programs/ssl/ssl_test_common_source.c | 2 +- tests/suites/test_suite_ecdsa.data | 20 +-- tests/suites/test_suite_hmac_drbg.misc.data | 8 +- .../test_suite_hmac_drbg.no_reseed.data | 120 +++++++++--------- tests/suites/test_suite_hmac_drbg.nopr.data | 120 +++++++++--------- tests/suites/test_suite_hmac_drbg.pr.data | 120 +++++++++--------- tests/suites/test_suite_md.data | 66 +++++----- tests/suites/test_suite_oid.data | 4 +- tests/suites/test_suite_pk.function | 2 +- tests/suites/test_suite_pkcs1_v21.data | 12 +- tests/suites/test_suite_pkcs5.data | 10 +- tests/suites/test_suite_pkparse.data | 72 +++++------ tests/suites/test_suite_rsa.data | 16 +-- tests/suites/test_suite_x509parse.data | 64 +++++----- tests/suites/test_suite_x509write.data | 2 +- 20 files changed, 333 insertions(+), 333 deletions(-) diff --git a/library/md.c b/library/md.c index c95846aa04..beb6dad800 100644 --- a/library/md.c +++ b/library/md.c @@ -88,7 +88,7 @@ static const mbedtls_md_info_t mbedtls_sha1_info = { }; #endif -#if defined(MBEDTLS_MD_CAN_SHA224) +#if defined(PSA_WANT_ALG_SHA_224) static const mbedtls_md_info_t mbedtls_sha224_info = { MD_INFO(MBEDTLS_MD_SHA224, 28, 64) }; @@ -151,7 +151,7 @@ const mbedtls_md_info_t *mbedtls_md_info_from_type(mbedtls_md_type_t md_type) case MBEDTLS_MD_SHA1: return &mbedtls_sha1_info; #endif -#if defined(MBEDTLS_MD_CAN_SHA224) +#if defined(PSA_WANT_ALG_SHA_224) case MBEDTLS_MD_SHA224: return &mbedtls_sha224_info; #endif @@ -792,7 +792,7 @@ static const int supported_digests[] = { #if defined(MBEDTLS_MD_CAN_SHA256) MBEDTLS_MD_SHA256, #endif -#if defined(MBEDTLS_MD_CAN_SHA224) +#if defined(PSA_WANT_ALG_SHA_224) MBEDTLS_MD_SHA224, #endif @@ -848,7 +848,7 @@ static const md_name_entry md_names[] = { { "SHA1", MBEDTLS_MD_SHA1 }, { "SHA", MBEDTLS_MD_SHA1 }, // compatibility fallback #endif -#if defined(MBEDTLS_MD_CAN_SHA224) +#if defined(PSA_WANT_ALG_SHA_224) { "SHA224", MBEDTLS_MD_SHA224 }, #endif #if defined(MBEDTLS_MD_CAN_SHA256) diff --git a/library/oid.c b/library/oid.c index 1d6b1eb866..dbcafea6a3 100644 --- a/library/oid.c +++ b/library/oid.c @@ -391,13 +391,13 @@ static const oid_sig_alg_t oid_sig_alg[] = MBEDTLS_MD_SHA1, MBEDTLS_PK_RSA, }, #endif /* MBEDTLS_MD_CAN_SHA1 */ -#if defined(MBEDTLS_MD_CAN_SHA224) +#if defined(PSA_WANT_ALG_SHA_224) { OID_DESCRIPTOR(MBEDTLS_OID_PKCS1_SHA224, "sha224WithRSAEncryption", "RSA with SHA-224"), MBEDTLS_MD_SHA224, MBEDTLS_PK_RSA, }, -#endif /* MBEDTLS_MD_CAN_SHA224 */ +#endif /* PSA_WANT_ALG_SHA_224 */ #if defined(MBEDTLS_MD_CAN_SHA256) { OID_DESCRIPTOR(MBEDTLS_OID_PKCS1_SHA256, "sha256WithRSAEncryption", @@ -433,7 +433,7 @@ static const oid_sig_alg_t oid_sig_alg[] = MBEDTLS_MD_SHA1, MBEDTLS_PK_ECDSA, }, #endif /* MBEDTLS_MD_CAN_SHA1 */ -#if defined(MBEDTLS_MD_CAN_SHA224) +#if defined(PSA_WANT_ALG_SHA_224) { OID_DESCRIPTOR(MBEDTLS_OID_ECDSA_SHA224, "ecdsa-with-SHA224", "ECDSA with SHA224"), MBEDTLS_MD_SHA224, MBEDTLS_PK_ECDSA, @@ -731,7 +731,7 @@ static const oid_md_alg_t oid_md_alg[] = MBEDTLS_MD_SHA1, }, #endif -#if defined(MBEDTLS_MD_CAN_SHA224) +#if defined(PSA_WANT_ALG_SHA_224) { OID_DESCRIPTOR(MBEDTLS_OID_DIGEST_ALG_SHA224, "id-sha224", "SHA-224"), MBEDTLS_MD_SHA224, @@ -815,12 +815,12 @@ static const oid_md_hmac_t oid_md_hmac[] = MBEDTLS_MD_SHA1, }, #endif /* MBEDTLS_MD_CAN_SHA1 */ -#if defined(MBEDTLS_MD_CAN_SHA224) +#if defined(PSA_WANT_ALG_SHA_224) { OID_DESCRIPTOR(MBEDTLS_OID_HMAC_SHA224, "hmacSHA224", "HMAC-SHA-224"), MBEDTLS_MD_SHA224, }, -#endif /* MBEDTLS_MD_CAN_SHA224 */ +#endif /* PSA_WANT_ALG_SHA_224 */ #if defined(MBEDTLS_MD_CAN_SHA256) { OID_DESCRIPTOR(MBEDTLS_OID_HMAC_SHA256, "hmacSHA256", "HMAC-SHA-256"), diff --git a/library/ssl_misc.h b/library/ssl_misc.h index a8807f67c6..ebeaf5fb4e 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -2527,7 +2527,7 @@ static inline int mbedtls_ssl_tls12_sig_alg_is_supported( break; #endif -#if defined(MBEDTLS_MD_CAN_SHA224) +#if defined(PSA_WANT_ALG_SHA_224) case MBEDTLS_SSL_HASH_SHA224: break; #endif diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 4c31aa2ce6..96bb786e7b 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -6136,7 +6136,7 @@ mbedtls_md_type_t mbedtls_ssl_md_alg_from_hash(unsigned char hash) case MBEDTLS_SSL_HASH_SHA1: return MBEDTLS_MD_SHA1; #endif -#if defined(MBEDTLS_MD_CAN_SHA224) +#if defined(PSA_WANT_ALG_SHA_224) case MBEDTLS_SSL_HASH_SHA224: return MBEDTLS_MD_SHA224; #endif @@ -6171,7 +6171,7 @@ unsigned char mbedtls_ssl_hash_from_md_alg(int md) case MBEDTLS_MD_SHA1: return MBEDTLS_SSL_HASH_SHA1; #endif -#if defined(MBEDTLS_MD_CAN_SHA224) +#if defined(PSA_WANT_ALG_SHA_224) case MBEDTLS_MD_SHA224: return MBEDTLS_SSL_HASH_SHA224; #endif diff --git a/library/x509.c b/library/x509.c index f97fb44589..4aa612c446 100644 --- a/library/x509.c +++ b/library/x509.c @@ -137,7 +137,7 @@ static inline const char *md_type_to_string(mbedtls_md_type_t md_alg) case MBEDTLS_MD_SHA1: return "SHA1"; #endif -#if defined(MBEDTLS_MD_CAN_SHA224) +#if defined(PSA_WANT_ALG_SHA_224) case MBEDTLS_MD_SHA224: return "SHA224"; #endif diff --git a/programs/ssl/ssl_test_common_source.c b/programs/ssl/ssl_test_common_source.c index 1ff2077d4a..ca0ce305fb 100644 --- a/programs/ssl/ssl_test_common_source.c +++ b/programs/ssl/ssl_test_common_source.c @@ -301,7 +301,7 @@ uint16_t ssl_sig_algs_for_test[] = { #if defined(MBEDTLS_MD_CAN_SHA256) MBEDTLS_SSL_SIG_ALG(MBEDTLS_SSL_HASH_SHA256) #endif -#if defined(MBEDTLS_MD_CAN_SHA224) +#if defined(PSA_WANT_ALG_SHA_224) MBEDTLS_SSL_SIG_ALG(MBEDTLS_SSL_HASH_SHA224) #endif #if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_MD_CAN_SHA256) diff --git a/tests/suites/test_suite_ecdsa.data b/tests/suites/test_suite_ecdsa.data index c852c665e0..280480eaaa 100644 --- a/tests/suites/test_suite_ecdsa.data +++ b/tests/suites/test_suite_ecdsa.data @@ -95,7 +95,7 @@ depends_on:MBEDTLS_ECP_DP_SECP192R1_ENABLED:MBEDTLS_MD_CAN_SHA1 ecdsa_det_test_vectors:MBEDTLS_ECP_DP_SECP192R1:"6FAB034934E4C0FC9AE67F5B5659A9D7D1FEFD187EE09FD4":MBEDTLS_MD_SHA1:"8151325DCDBAE9E0FF95F9F9658432DBEDFDB209":"98C6BD12B23EAF5E2A2045132086BE3EB8EBD62ABF6698FF":"57A22B07DEA9530F8DE9471B1DC6624472E8E2844BC25B64" ECDSA deterministic test vector rfc 6979 p192 sha224 [#1] -depends_on:MBEDTLS_ECP_DP_SECP192R1_ENABLED:MBEDTLS_MD_CAN_SHA224 +depends_on:MBEDTLS_ECP_DP_SECP192R1_ENABLED:PSA_WANT_ALG_SHA_224 ecdsa_det_test_vectors:MBEDTLS_ECP_DP_SECP192R1:"6FAB034934E4C0FC9AE67F5B5659A9D7D1FEFD187EE09FD4":MBEDTLS_MD_SHA224:"9003E374BC726550C2C289447FD0533160F875709386DFA377BFD41C":"A1F00DAD97AEEC91C95585F36200C65F3C01812AA60378F5":"E07EC1304C7C6C9DEBBE980B9692668F81D4DE7922A0F97A" ECDSA deterministic test vector rfc 6979 p192 sha256 [#1] @@ -115,7 +115,7 @@ depends_on:MBEDTLS_ECP_DP_SECP192R1_ENABLED:MBEDTLS_MD_CAN_SHA1 ecdsa_det_test_vectors:MBEDTLS_ECP_DP_SECP192R1:"6FAB034934E4C0FC9AE67F5B5659A9D7D1FEFD187EE09FD4":MBEDTLS_MD_SHA1:"A94A8FE5CCB19BA61C4C0873D391E987982FBBD3":"0F2141A0EBBC44D2E1AF90A50EBCFCE5E197B3B7D4DE036D":"EB18BC9E1F3D7387500CB99CF5F7C157070A8961E38700B7" ECDSA deterministic test vector rfc 6979 p192 sha224 [#2] -depends_on:MBEDTLS_ECP_DP_SECP192R1_ENABLED:MBEDTLS_MD_CAN_SHA224 +depends_on:MBEDTLS_ECP_DP_SECP192R1_ENABLED:PSA_WANT_ALG_SHA_224 ecdsa_det_test_vectors:MBEDTLS_ECP_DP_SECP192R1:"6FAB034934E4C0FC9AE67F5B5659A9D7D1FEFD187EE09FD4":MBEDTLS_MD_SHA224:"90A3ED9E32B2AAF4C61C410EB925426119E1A9DC53D4286ADE99A809":"6945A1C1D1B2206B8145548F633BB61CEF04891BAF26ED34":"B7FB7FDFC339C0B9BD61A9F5A8EAF9BE58FC5CBA2CB15293" ECDSA deterministic test vector rfc 6979 p192 sha256 [#2] @@ -135,7 +135,7 @@ depends_on:MBEDTLS_ECP_DP_SECP224R1_ENABLED:MBEDTLS_MD_CAN_SHA1 ecdsa_det_test_vectors:MBEDTLS_ECP_DP_SECP224R1:"F220266E1105BFE3083E03EC7A3A654651F45E37167E88600BF257C1":MBEDTLS_MD_SHA1:"8151325DCDBAE9E0FF95F9F9658432DBEDFDB209":"22226F9D40A96E19C4A301CE5B74B115303C0F3A4FD30FC257FB57AC":"66D1CDD83E3AF75605DD6E2FEFF196D30AA7ED7A2EDF7AF475403D69" ECDSA deterministic test vector rfc 6979 p224 sha224 [#1] -depends_on:MBEDTLS_ECP_DP_SECP224R1_ENABLED:MBEDTLS_MD_CAN_SHA224 +depends_on:MBEDTLS_ECP_DP_SECP224R1_ENABLED:PSA_WANT_ALG_SHA_224 ecdsa_det_test_vectors:MBEDTLS_ECP_DP_SECP224R1:"F220266E1105BFE3083E03EC7A3A654651F45E37167E88600BF257C1":MBEDTLS_MD_SHA224:"9003E374BC726550C2C289447FD0533160F875709386DFA377BFD41C":"1CDFE6662DDE1E4A1EC4CDEDF6A1F5A2FB7FBD9145C12113E6ABFD3E":"A6694FD7718A21053F225D3F46197CA699D45006C06F871808F43EBC" ECDSA deterministic test vector rfc 6979 p224 sha256 [#1] @@ -155,7 +155,7 @@ depends_on:MBEDTLS_ECP_DP_SECP224R1_ENABLED:MBEDTLS_MD_CAN_SHA1 ecdsa_det_test_vectors:MBEDTLS_ECP_DP_SECP224R1:"F220266E1105BFE3083E03EC7A3A654651F45E37167E88600BF257C1":MBEDTLS_MD_SHA1:"A94A8FE5CCB19BA61C4C0873D391E987982FBBD3":"DEAA646EC2AF2EA8AD53ED66B2E2DDAA49A12EFD8356561451F3E21C":"95987796F6CF2062AB8135271DE56AE55366C045F6D9593F53787BD2" ECDSA deterministic test vector rfc 6979 p224 sha224 [#2] -depends_on:MBEDTLS_ECP_DP_SECP224R1_ENABLED:MBEDTLS_MD_CAN_SHA224 +depends_on:MBEDTLS_ECP_DP_SECP224R1_ENABLED:PSA_WANT_ALG_SHA_224 ecdsa_det_test_vectors:MBEDTLS_ECP_DP_SECP224R1:"F220266E1105BFE3083E03EC7A3A654651F45E37167E88600BF257C1":MBEDTLS_MD_SHA224:"90A3ED9E32B2AAF4C61C410EB925426119E1A9DC53D4286ADE99A809":"C441CE8E261DED634E4CF84910E4C5D1D22C5CF3B732BB204DBEF019":"902F42847A63BDC5F6046ADA114953120F99442D76510150F372A3F4" ECDSA deterministic test vector rfc 6979 p224 sha256 [#2] @@ -175,7 +175,7 @@ depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_MD_CAN_SHA1 ecdsa_det_test_vectors:MBEDTLS_ECP_DP_SECP256R1:"C9AFA9D845BA75166B5C215767B1D6934E50C3DB36E89B127B8A622B120F6721":MBEDTLS_MD_SHA1:"8151325DCDBAE9E0FF95F9F9658432DBEDFDB209":"61340C88C3AAEBEB4F6D667F672CA9759A6CCAA9FA8811313039EE4A35471D32":"6D7F147DAC089441BB2E2FE8F7A3FA264B9C475098FDCF6E00D7C996E1B8B7EB" ECDSA deterministic test vector rfc 6979 p256 sha224 [#1] -depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_MD_CAN_SHA224 +depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED:PSA_WANT_ALG_SHA_224 ecdsa_det_test_vectors:MBEDTLS_ECP_DP_SECP256R1:"C9AFA9D845BA75166B5C215767B1D6934E50C3DB36E89B127B8A622B120F6721":MBEDTLS_MD_SHA224:"9003E374BC726550C2C289447FD0533160F875709386DFA377BFD41C":"53B2FFF5D1752B2C689DF257C04C40A587FABABB3F6FC2702F1343AF7CA9AA3F":"B9AFB64FDC03DC1A131C7D2386D11E349F070AA432A4ACC918BEA988BF75C74C" ECDSA deterministic test vector rfc 6979 p256 sha256 [#1] @@ -195,7 +195,7 @@ depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_MD_CAN_SHA1 ecdsa_det_test_vectors:MBEDTLS_ECP_DP_SECP256R1:"C9AFA9D845BA75166B5C215767B1D6934E50C3DB36E89B127B8A622B120F6721":MBEDTLS_MD_SHA1:"A94A8FE5CCB19BA61C4C0873D391E987982FBBD3":"0CBCC86FD6ABD1D99E703E1EC50069EE5C0B4BA4B9AC60E409E8EC5910D81A89":"01B9D7B73DFAA60D5651EC4591A0136F87653E0FD780C3B1BC872FFDEAE479B1" ECDSA deterministic test vector rfc 6979 p256 sha224 [#2] -depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_MD_CAN_SHA224 +depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED:PSA_WANT_ALG_SHA_224 ecdsa_det_test_vectors:MBEDTLS_ECP_DP_SECP256R1:"C9AFA9D845BA75166B5C215767B1D6934E50C3DB36E89B127B8A622B120F6721":MBEDTLS_MD_SHA224:"90A3ED9E32B2AAF4C61C410EB925426119E1A9DC53D4286ADE99A809":"C37EDB6F0AE79D47C3C27E962FA269BB4F441770357E114EE511F662EC34A692":"C820053A05791E521FCAAD6042D40AEA1D6B1A540138558F47D0719800E18F2D" ECDSA deterministic test vector rfc 6979 p256 sha256 [#2] @@ -215,7 +215,7 @@ depends_on:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_MD_CAN_SHA1 ecdsa_det_test_vectors:MBEDTLS_ECP_DP_SECP384R1:"6B9D3DAD2E1B8C1C05B19875B6659F4DE23C3B667BF297BA9AA47740787137D896D5724E4C70A825F872C9EA60D2EDF5":MBEDTLS_MD_SHA1:"8151325DCDBAE9E0FF95F9F9658432DBEDFDB209":"EC748D839243D6FBEF4FC5C4859A7DFFD7F3ABDDF72014540C16D73309834FA37B9BA002899F6FDA3A4A9386790D4EB2":"A3BCFA947BEEF4732BF247AC17F71676CB31A847B9FF0CBC9C9ED4C1A5B3FACF26F49CA031D4857570CCB5CA4424A443" ECDSA deterministic test vector rfc 6979 p384 sha224 [#1] -depends_on:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_MD_CAN_SHA224 +depends_on:MBEDTLS_ECP_DP_SECP384R1_ENABLED:PSA_WANT_ALG_SHA_224 ecdsa_det_test_vectors:MBEDTLS_ECP_DP_SECP384R1:"6B9D3DAD2E1B8C1C05B19875B6659F4DE23C3B667BF297BA9AA47740787137D896D5724E4C70A825F872C9EA60D2EDF5":MBEDTLS_MD_SHA224:"9003E374BC726550C2C289447FD0533160F875709386DFA377BFD41C":"42356E76B55A6D9B4631C865445DBE54E056D3B3431766D0509244793C3F9366450F76EE3DE43F5A125333A6BE060122":"9DA0C81787064021E78DF658F2FBB0B042BF304665DB721F077A4298B095E4834C082C03D83028EFBF93A3C23940CA8D" ECDSA deterministic test vector rfc 6979 p384 sha256 [#1] @@ -235,7 +235,7 @@ depends_on:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_MD_CAN_SHA1 ecdsa_det_test_vectors:MBEDTLS_ECP_DP_SECP384R1:"6B9D3DAD2E1B8C1C05B19875B6659F4DE23C3B667BF297BA9AA47740787137D896D5724E4C70A825F872C9EA60D2EDF5":MBEDTLS_MD_SHA1:"A94A8FE5CCB19BA61C4C0873D391E987982FBBD3":"4BC35D3A50EF4E30576F58CD96CE6BF638025EE624004A1F7789A8B8E43D0678ACD9D29876DAF46638645F7F404B11C7":"D5A6326C494ED3FF614703878961C0FDE7B2C278F9A65FD8C4B7186201A2991695BA1C84541327E966FA7B50F7382282" ECDSA deterministic test vector rfc 6979 p384 sha224 [#2] -depends_on:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_MD_CAN_SHA224 +depends_on:MBEDTLS_ECP_DP_SECP384R1_ENABLED:PSA_WANT_ALG_SHA_224 ecdsa_det_test_vectors:MBEDTLS_ECP_DP_SECP384R1:"6B9D3DAD2E1B8C1C05B19875B6659F4DE23C3B667BF297BA9AA47740787137D896D5724E4C70A825F872C9EA60D2EDF5":MBEDTLS_MD_SHA224:"90A3ED9E32B2AAF4C61C410EB925426119E1A9DC53D4286ADE99A809":"E8C9D0B6EA72A0E7837FEA1D14A1A9557F29FAA45D3E7EE888FC5BF954B5E62464A9A817C47FF78B8C11066B24080E72":"07041D4A7A0379AC7232FF72E6F77B6DDB8F09B16CCE0EC3286B2BD43FA8C6141C53EA5ABEF0D8231077A04540A96B66" ECDSA deterministic test vector rfc 6979 p384 sha256 [#2] @@ -255,7 +255,7 @@ depends_on:MBEDTLS_ECP_DP_SECP521R1_ENABLED:MBEDTLS_MD_CAN_SHA1 ecdsa_det_test_vectors:MBEDTLS_ECP_DP_SECP521R1:"0FAD06DAA62BA3B25D2FB40133DA757205DE67F5BB0018FEE8C86E1B68C7E75CAA896EB32F1F47C70855836A6D16FCC1466F6D8FBEC67DB89EC0C08B0E996B83538":MBEDTLS_MD_SHA1:"8151325DCDBAE9E0FF95F9F9658432DBEDFDB209":"0343B6EC45728975EA5CBA6659BBB6062A5FF89EEA58BE3C80B619F322C87910FE092F7D45BB0F8EEE01ED3F20BABEC079D202AE677B243AB40B5431D497C55D75D":"0E7B0E675A9B24413D448B8CC119D2BF7B2D2DF032741C096634D6D65D0DBE3D5694625FB9E8104D3B842C1B0E2D0B98BEA19341E8676AEF66AE4EBA3D5475D5D16" ECDSA deterministic test vector rfc 6979 p521 sha224 [#1] -depends_on:MBEDTLS_ECP_DP_SECP521R1_ENABLED:MBEDTLS_MD_CAN_SHA224 +depends_on:MBEDTLS_ECP_DP_SECP521R1_ENABLED:PSA_WANT_ALG_SHA_224 ecdsa_det_test_vectors:MBEDTLS_ECP_DP_SECP521R1:"0FAD06DAA62BA3B25D2FB40133DA757205DE67F5BB0018FEE8C86E1B68C7E75CAA896EB32F1F47C70855836A6D16FCC1466F6D8FBEC67DB89EC0C08B0E996B83538":MBEDTLS_MD_SHA224:"9003E374BC726550C2C289447FD0533160F875709386DFA377BFD41C":"1776331CFCDF927D666E032E00CF776187BC9FDD8E69D0DABB4109FFE1B5E2A30715F4CC923A4A5E94D2503E9ACFED92857B7F31D7152E0F8C00C15FF3D87E2ED2E":"050CB5265417FE2320BBB5A122B8E1A32BD699089851128E360E620A30C7E17BA41A666AF126CE100E5799B153B60528D5300D08489CA9178FB610A2006C254B41F" ECDSA deterministic test vector rfc 6979 p521 sha256 [#1] @@ -275,7 +275,7 @@ depends_on:MBEDTLS_ECP_DP_SECP521R1_ENABLED:MBEDTLS_MD_CAN_SHA1 ecdsa_det_test_vectors:MBEDTLS_ECP_DP_SECP521R1:"0FAD06DAA62BA3B25D2FB40133DA757205DE67F5BB0018FEE8C86E1B68C7E75CAA896EB32F1F47C70855836A6D16FCC1466F6D8FBEC67DB89EC0C08B0E996B83538":MBEDTLS_MD_SHA1:"A94A8FE5CCB19BA61C4C0873D391E987982FBBD3":"13BAD9F29ABE20DE37EBEB823C252CA0F63361284015A3BF430A46AAA80B87B0693F0694BD88AFE4E661FC33B094CD3B7963BED5A727ED8BD6A3A202ABE009D0367":"1E9BB81FF7944CA409AD138DBBEE228E1AFCC0C890FC78EC8604639CB0DBDC90F717A99EAD9D272855D00162EE9527567DD6A92CBD629805C0445282BBC916797FF" ECDSA deterministic test vector rfc 6979 p521 sha224 [#2] -depends_on:MBEDTLS_ECP_DP_SECP521R1_ENABLED:MBEDTLS_MD_CAN_SHA224 +depends_on:MBEDTLS_ECP_DP_SECP521R1_ENABLED:PSA_WANT_ALG_SHA_224 ecdsa_det_test_vectors:MBEDTLS_ECP_DP_SECP521R1:"0FAD06DAA62BA3B25D2FB40133DA757205DE67F5BB0018FEE8C86E1B68C7E75CAA896EB32F1F47C70855836A6D16FCC1466F6D8FBEC67DB89EC0C08B0E996B83538":MBEDTLS_MD_SHA224:"90A3ED9E32B2AAF4C61C410EB925426119E1A9DC53D4286ADE99A809":"1C7ED902E123E6815546065A2C4AF977B22AA8EADDB68B2C1110E7EA44D42086BFE4A34B67DDC0E17E96536E358219B23A706C6A6E16BA77B65E1C595D43CAE17FB":"177336676304FCB343CE028B38E7B4FBA76C1C1B277DA18CAD2A8478B2A9A9F5BEC0F3BA04F35DB3E4263569EC6AADE8C92746E4C82F8299AE1B8F1739F8FD519A4" ECDSA deterministic test vector rfc 6979 p521 sha256 [#2] diff --git a/tests/suites/test_suite_hmac_drbg.misc.data b/tests/suites/test_suite_hmac_drbg.misc.data index 68866d7aa8..b305473389 100644 --- a/tests/suites/test_suite_hmac_drbg.misc.data +++ b/tests/suites/test_suite_hmac_drbg.misc.data @@ -3,7 +3,7 @@ depends_on:MBEDTLS_MD_CAN_SHA1 hmac_drbg_entropy_usage:MBEDTLS_MD_SHA1 HMAC_DRBG entropy usage SHA-224 -depends_on:MBEDTLS_MD_CAN_SHA224 +depends_on:PSA_WANT_ALG_SHA_224 hmac_drbg_entropy_usage:MBEDTLS_MD_SHA224 HMAC_DRBG entropy usage SHA-256 @@ -43,11 +43,11 @@ depends_on:MBEDTLS_MD_CAN_SHA1 hmac_drbg_seed_file:MBEDTLS_MD_SHA1:"no_such_dir/file":MBEDTLS_ERR_HMAC_DRBG_FILE_IO_ERROR HMAC_DRBG write/update seed file SHA-224 [#1] -depends_on:MBEDTLS_MD_CAN_SHA224 +depends_on:PSA_WANT_ALG_SHA_224 hmac_drbg_seed_file:MBEDTLS_MD_SHA224:"data_files/hmac_drbg_seed":0 HMAC_DRBG write/update seed file SHA-224 [#2] -depends_on:MBEDTLS_MD_CAN_SHA224 +depends_on:PSA_WANT_ALG_SHA_224 hmac_drbg_seed_file:MBEDTLS_MD_SHA224:"no_such_dir/file":MBEDTLS_ERR_HMAC_DRBG_FILE_IO_ERROR HMAC_DRBG write/update seed file SHA-256 [#1] @@ -111,7 +111,7 @@ depends_on:MBEDTLS_MD_CAN_SHA1 hmac_drbg_buf:MBEDTLS_MD_SHA1 HMAC_DRBG from buffer SHA-224 -depends_on:MBEDTLS_MD_CAN_SHA224 +depends_on:PSA_WANT_ALG_SHA_224 hmac_drbg_buf:MBEDTLS_MD_SHA224 HMAC_DRBG from buffer SHA-256 diff --git a/tests/suites/test_suite_hmac_drbg.no_reseed.data b/tests/suites/test_suite_hmac_drbg.no_reseed.data index a6f50ad479..08e93a8c7e 100644 --- a/tests/suites/test_suite_hmac_drbg.no_reseed.data +++ b/tests/suites/test_suite_hmac_drbg.no_reseed.data @@ -239,243 +239,243 @@ depends_on:MBEDTLS_MD_CAN_SHA1 hmac_drbg_no_reseed:MBEDTLS_MD_SHA1:"3e325daab3301856044f416f250b6161e447e63d85ca084f":"a9d2a53dbd7ef4b9150dd0ed4d002e56":"4de6c923346d7adc16bbe89b9a184a79":"9e9e3412635aec6fcfb9d00da0c49fb3":"48ac8646b334e7434e5f73d60a8f6741e472baabe525257b78151c20872f331c169abe25faf800991f3d0a45c65e71261be0c8e14a1a8a6df9c6a80834a4f2237e23abd750f845ccbb4a46250ab1bb63" HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-224,192+96,0,0) #0 -depends_on:MBEDTLS_MD_CAN_SHA224 +depends_on:PSA_WANT_ALG_SHA_224 hmac_drbg_no_reseed:MBEDTLS_MD_SHA224:"a76e77a969ab92645181f0157802523746c34bf321867641051ed6ba39368033adc93d4e":"":"":"":"8925987db5566e60520f09bdddab488292bed92cd385e5b6fc223e1919640b4e34e34575033e56c0a8f608be21d3d221c67d39abec98d81312f3a2653d55ffbf44c337c82bed314c211be23ec394399ba351c4687dce649e7c2a1ba7b0b5dab125671b1bcf9008da65cad612d95ddc92" HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-224,192+96,0,0) #1 -depends_on:MBEDTLS_MD_CAN_SHA224 +depends_on:PSA_WANT_ALG_SHA_224 hmac_drbg_no_reseed:MBEDTLS_MD_SHA224:"65cdaa5ab147d0c79fdd02b24fc94d0e427f59ef9a31f447458c6befe0c2cde5a58c6b7d":"":"":"":"0d164682b5bb552a53a2a942373639d98576450ca632faebc15060691a4219467c5aa106034cd19a214a0a4f31d402e68c4c565f49b33b680d522ef25f541e8202be779730376fdcf5b7b58fd6ac959204a88f91008651d2c02ada82505f914d4d9b9aea7967784e5320e185e1248270" HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-224,192+96,0,0) #2 -depends_on:MBEDTLS_MD_CAN_SHA224 +depends_on:PSA_WANT_ALG_SHA_224 hmac_drbg_no_reseed:MBEDTLS_MD_SHA224:"650996f1477112af7604386be5ace78232904315d99d87d72a06709d331a6f930b447cf5":"":"":"":"d3341d7767cfd95640a107b3abaed7b4e1855b348e3ae5bcc53a0b0d49d4b4976837ec8f376f38327135578eca7ee583215bd5c79ebf499816f79afcc402ff1e9ffc4ad0f896761c9cff75050bf84baa194c355763b16b5d2648d480a2b48f22662685de39c7cee90aa0b6edf8062e42" HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-224,192+96,0,0) #3 -depends_on:MBEDTLS_MD_CAN_SHA224 +depends_on:PSA_WANT_ALG_SHA_224 hmac_drbg_no_reseed:MBEDTLS_MD_SHA224:"898640ce467201a53e7731bdfb572977f7eb3e49050bc1e367ca74bf0a27376d339d09f4":"":"":"":"4f5eea927023b4abab5d4d9944e84ca001ee081cbc21d4080e1534ee6d1d8a6f60361029ffa983bcc79b5d65d4aaaaaf98983de13ddde39a739f9d95878fb31f57f96184e5f2f3adf654a468c616237fcbc6b2c194e247178cb90294f631c449a01f1fe09c02587c460305be9fc71b5a" HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-224,192+96,0,0) #4 -depends_on:MBEDTLS_MD_CAN_SHA224 +depends_on:PSA_WANT_ALG_SHA_224 hmac_drbg_no_reseed:MBEDTLS_MD_SHA224:"fe405dd73956bf6ec875515eebd8c5ecd60553643da750914c83dfc93611d57390af7324":"":"":"":"d8ae0eb81913a190c439f8ffa56c06155a73f84b20608b2b2e9eab3061202cebad18ab8b3eba81672152c1c02ef573cd6e8623c392facb6a857425c6795cd7999c1e7f56f3fa9accca018076e0bfc106d075df98f5fb66f28933215e9276777dfc479e71a8d506a66197918d9b0f7a8f" HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-224,192+96,0,0) #5 -depends_on:MBEDTLS_MD_CAN_SHA224 +depends_on:PSA_WANT_ALG_SHA_224 hmac_drbg_no_reseed:MBEDTLS_MD_SHA224:"b06892f6f455afddc8eb60aae35b35a64f63b2aa85a2dae4ef489266f7bc354f72d68b71":"":"":"":"fc10c03fc37d3bd5fba6591a97f6354a9ed8ba2b6806744432851f43a3ce6418e39ccb417b8539e349acea588e2abe5da06147c9825c6e50a31f8589a57ca3bfb10f0da9c8e89fe2e372b5af1cf96e0fbeec5d99228770c41a76e587da7d8764d5f235f5d1d6188d84ae61c52c2164fb" HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-224,192+96,0,0) #6 -depends_on:MBEDTLS_MD_CAN_SHA224 +depends_on:PSA_WANT_ALG_SHA_224 hmac_drbg_no_reseed:MBEDTLS_MD_SHA224:"9174e174e9e031f62b2e19ae5c0bef22eed7d5598e6e73504759a2c15b05c2473a721d26":"":"":"":"1962f2d473b31a2576dbd78022f4eeb974641fa2e9cb582f03ab741929f51f0f4663129e68ddc242e1c2ceafacec3dccb97e09527aff46b948f0abcea1451699dc3ae4d3fb5e04c84337e17b504af2fb5f1aa6ec0033ddf138a188ee162c497526563a67da8015275d89f0e1e902b2ef" HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-224,192+96,0,0) #7 -depends_on:MBEDTLS_MD_CAN_SHA224 +depends_on:PSA_WANT_ALG_SHA_224 hmac_drbg_no_reseed:MBEDTLS_MD_SHA224:"eb1d45ba0d8951b7b1d7ce922b7d1f6e94da8b821940126c9da5b0b4382425930743a051":"":"":"":"306b1f733e6f69b6f26b7baa5441af4967a5cad8faad18029440aa989aef6024dbf3ba02dfc2c694dad6496ff760d72ae6914a4dcd5e3a443f4bcb14bf2b64986f35c32449f15e3084d46fadfa2ae213da6b26f787cef89b6a23084a929608a9f6acd8315808c29f8ae435a40202a012" HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-224,192+96,0,0) #8 -depends_on:MBEDTLS_MD_CAN_SHA224 +depends_on:PSA_WANT_ALG_SHA_224 hmac_drbg_no_reseed:MBEDTLS_MD_SHA224:"78cdc1567caf2ff529ef8e3475c0fbb09a48b687a544f7399f503948621f29686fb15216":"":"":"":"2367067d8ec189b0819eda34602768a0698b4b545c7d5214fad58c9787b89809b97f3af5f9349907d2954f8c0dccbdbe63cc019bde3a6fae10497ae57f33e91ed55b6fc4a83fe8a2463552796d5120da8066f7285a8388958817b1218e006d7fc617f453ad0f9217966a0731ba99f093" HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-224,192+96,0,0) #9 -depends_on:MBEDTLS_MD_CAN_SHA224 +depends_on:PSA_WANT_ALG_SHA_224 hmac_drbg_no_reseed:MBEDTLS_MD_SHA224:"25f9ee24ee25ad3d29a974f8f552b178cb292b847a6be80694213a6c0b33e25e29fd3ecc":"":"":"":"32fe251a619d164c217365b12a313a942b6a9c3df007751a5fa9f356412d1142c785c292e3dc9d0b1d77e080892e5d39b91c58fd142458c71182061920a0721db453a32fe7ffc8b2c20bf11894fa37d8f0e9463edd43a97f65362295119be03d5e06f617fdff6accaab8c4da72ac8f81" HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-224,192+96,0,0) #10 -depends_on:MBEDTLS_MD_CAN_SHA224 +depends_on:PSA_WANT_ALG_SHA_224 hmac_drbg_no_reseed:MBEDTLS_MD_SHA224:"0b644221788c266aae00a3b63a87f32ca96a6c32b116cd37caa4f75ff5d7e56be3b4e20f":"":"":"":"dc9245da77502cadd1a8ac4d1cf6a199c8e529deda10c87ab6c69ceea6fdef36d45f4d036021b93fe5b342c52fe1e71d81e617bebc58804af3109bab93dbb2e5c546e108bd0891710128b5e8e4a4f01df2003d038fec8cef426fad7f72dd5e091b4850e9bf4932d60deacb6e9ea3c5e6" HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-224,192+96,0,0) #11 -depends_on:MBEDTLS_MD_CAN_SHA224 +depends_on:PSA_WANT_ALG_SHA_224 hmac_drbg_no_reseed:MBEDTLS_MD_SHA224:"a6677badff70966a3cd2febaad7de7aa5849ba763789b20d0a39b6c569261b826cdb15e8":"":"":"":"e04838c970f5d7208a2a7310da893d65391666a5dc62d9ede71fc30816cfc3e8064ac59cc9aaf30283356078c812676ca20beb044a6d78db6c5ef9718a88559607f225002452c01459944433013cfffea84d6fe404fbbbc2d66bb50a2fa01d8a5d6e4ea9b402dc5256752461bf6fcb7f" HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-224,192+96,0,0) #12 -depends_on:MBEDTLS_MD_CAN_SHA224 +depends_on:PSA_WANT_ALG_SHA_224 hmac_drbg_no_reseed:MBEDTLS_MD_SHA224:"2301d8c053312db04882f4284cf8b47966c1c9b8c49de847d0c11f14c5f70ce19346562b":"":"":"":"b46246526b28f3ad7f6d8732ca3bfc40f005d97a519640a4ce728486d8bf830d661be5a97b11113e89096d9bf15cbef73ec28ac13e3fbeadc9bca500918bbe92ea23e131cc622dbffe2272db16ec5d4ca30e9bd986d1709ae22d10180514bcd11bd6218ea1fbaba101444945a17a4c4b" HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-224,192+96,0,0) #13 -depends_on:MBEDTLS_MD_CAN_SHA224 +depends_on:PSA_WANT_ALG_SHA_224 hmac_drbg_no_reseed:MBEDTLS_MD_SHA224:"78644ea1b0c4c55c4addeb476fc34471ea2c4393697aa4f170726010c443b8e1c4a6b3ea":"":"":"":"ef1b41bd03ee8460d55759db65a4c97758f48e3a09127be04c7ed08bbee5fa5cf119929df42c187e2a347a8df99c502b693a7ae41946f4918d84686880ae29d6d8fbbc4fccc9e295876a249cfa59effd331994e84717b4c76637df36beb960761880daab3d43376341439af2ce8e33cc" HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-224,192+96,0,0) #14 -depends_on:MBEDTLS_MD_CAN_SHA224 +depends_on:PSA_WANT_ALG_SHA_224 hmac_drbg_no_reseed:MBEDTLS_MD_SHA224:"71acb71235e88e3aa6d8bbf27ccef8ef28043ebe8663f7bcf49cb642b3d915cf03b90e65":"":"":"":"144aeb56a11cb648b5ec7d40c2816e368426690db55b559f5633f856b79efe5f784944144756825b8fd7bf98beb758efe2ac1f650d54fc436a4bcd7dfaf3a66c192a7629eea8a357eef24b117a6e7d578797980eaefcf9a961452c4c1315119ca960ad08764fe76e2462ae1a191baeca" HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-224,192+96,192,0) #0 -depends_on:MBEDTLS_MD_CAN_SHA224 +depends_on:PSA_WANT_ALG_SHA_224 hmac_drbg_no_reseed:MBEDTLS_MD_SHA224:"c5c89c26ac4ca8b1106ba90a8ef4d6d687dfd88743caa5fbafa4745d9c1f8371120b10c8":"":"d3483ae5f9ed97efd3f852e4a6f20f25c947a03f39a4b75c":"2cd523c5958cdf403caa61abe5c4739cdb9d40152f0e769a":"1fef4e6abc2778d1c3e3ce00fdb5eae1ebebdd5cff0a7087644c8565d1e8b876b2c05264ca81498468851fc7b9e5a2163a06f377d2ed754c095adc59dc015a77edd69e4eecbe48d9dc127eedfff5cc73ae38127ae3a518fe7fa5abd1a9c53eeaf144420873341e2efa3d81493c69b04e" HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-224,192+96,192,0) #1 -depends_on:MBEDTLS_MD_CAN_SHA224 +depends_on:PSA_WANT_ALG_SHA_224 hmac_drbg_no_reseed:MBEDTLS_MD_SHA224:"6860e44bf582db9818ffbe4c699d4218965c29f463d7a02fe1f36c8442b0a5d103def7a2":"":"e9f598357109e2a532dc980388b8a5991256166d67c3bc01":"58ebbf7402be041724701e5c0132abe604c11a62a9de1d2f":"52fad34b27113c146595a6740f505bc2d3edf6618975cb9c4a5155788eaf08b96d232610d9b4ee06264fd92f319df5a52b8f9e31b016a6c21d27d31d9d42bbb7588a7142f26ece3ddf211c8cf4530947adee302aa71c0d7fe9060c1b25f1c1f2e053598a7fb72c4db55fb1b02352d60a" HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-224,192+96,192,0) #2 -depends_on:MBEDTLS_MD_CAN_SHA224 +depends_on:PSA_WANT_ALG_SHA_224 hmac_drbg_no_reseed:MBEDTLS_MD_SHA224:"27b9f78ae07821f2b5625c8fc3a03ceec4fc8062be860c2db20403dd88a8751dcad56158":"":"1b6c848fce706abd73612dd3fd421c1c7ce9f4c2d0ecc670":"14a43645c1b6ae394f795af6ca2e9084e7e707f3f2cedd7a":"33c592017af545b3a9cf3419ce1c604e9c7c687ebf6418fbef47ec96e61f1951068eec9b60005d24574313f04ffc16c30872ec83e41e248e3d5c6951930d6a88b8931d5502d1142ce50676b3adf48453d1a008189658db8511d19a06ac97b4d5cfac19b54e8e6b899d501715f401ef85" HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-224,192+96,192,0) #3 -depends_on:MBEDTLS_MD_CAN_SHA224 +depends_on:PSA_WANT_ALG_SHA_224 hmac_drbg_no_reseed:MBEDTLS_MD_SHA224:"8d7cf5c2e360ef755c1e9f5b7a44a1e29f09cee7ca44e15925ffe9a47b2d55fd7750b356":"":"0e691c9a435939c615f0686eae88e090ba5c4b3f5e6e00c0":"1e3a452295617e5a9e6f78256d2781feeb3812753b4aad9a":"a307569d8adf3f7e6ee4567a5b2bd338badb9234e7b27c92429ffa75e4c56c0529fdc6c15df5d47c46e3d2eeadcf1b9e93a5dd6cde99a82f04b0d97f7a3bfd05c0e1d8370987222310ab18c980ce48b2679361c3d9011dd355a9b06337c054ee37913d5f4dd30d1fc942cd733a0fa5f8" HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-224,192+96,192,0) #4 -depends_on:MBEDTLS_MD_CAN_SHA224 +depends_on:PSA_WANT_ALG_SHA_224 hmac_drbg_no_reseed:MBEDTLS_MD_SHA224:"1a0d2c734918c539c1b306a464eb6b54f92e958e8636032aec23ba8ae817bec48384461f":"":"b8ad9e613a891fd0db89571fddda77827382e406cd3cdf7e":"1e172a708aa4ffa3618ff0d7b1f9ba341f4811507851dfb4":"674df1f3095d6c87bc54dd9b2aaa2c786bd50e4ddc02493745d820dad8552131fb3e389e99b0709478b65d4268f2a3b468a8447dc572a6ee024be6be9be9d428c12cc92894d15dd1c959d6222dc9ec30478c7a0b57f5bd8bd53868b98d7674738b54cf74100ae215693babb6db3b3890" HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-224,192+96,192,0) #5 -depends_on:MBEDTLS_MD_CAN_SHA224 +depends_on:PSA_WANT_ALG_SHA_224 hmac_drbg_no_reseed:MBEDTLS_MD_SHA224:"95a30a0ca779a4038ea920cccfa4cdd814ca17d560d53a75cf170f4712994f9bcb2efb74":"":"1da6c8726bbfa3c8bee6dcff6f76f2d55d60527c4f0db26b":"595ebd903a596a1f12175080185bd94c2336eb8dd29a387d":"317c19cf4a45b8cf3f645da084ada54d1b1f81379152424fddad22a6dc9bd22841e0c4c5a36bfb7879eafbd1a939121905a938ae034c7fc01afb56607e35f895f46f13e91ce4e8e75b6a87a1e5544e18eb194fd6754b06885ac05e332a05ed436e889965e405e0f2069b04b40ea0f635" HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-224,192+96,192,0) #6 -depends_on:MBEDTLS_MD_CAN_SHA224 +depends_on:PSA_WANT_ALG_SHA_224 hmac_drbg_no_reseed:MBEDTLS_MD_SHA224:"8af8930562510231a592a72587fa6ad7c234e133046965907642fbc785c0b86cba844f0f":"":"9ee7b221064966582dc836437b82386f5204a302a4179079":"473d917f5b66f0f6e3fb4670ba08c2cbd2ea765b46b10838":"5c2fc9cc7148dbe40a692b3636778eb80188949d198bba3e8355386b78b54bfb963f5f2d9202988da20ccbf336a7c737a66c90149b9e8e306477151c4d912f7c61e872de0d0e47701cbe765864de536d599946b8bd65e4d89d4e61deb53de9974fbbe634501800feea100fea573e2e50" HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-224,192+96,192,0) #7 -depends_on:MBEDTLS_MD_CAN_SHA224 +depends_on:PSA_WANT_ALG_SHA_224 hmac_drbg_no_reseed:MBEDTLS_MD_SHA224:"2b9554ecf94c7d647a4e117f43326cab54466eba56a09a52741b2445057c491935c067d2":"":"0144be6978dba85aa645d793c1881dc2deb1bd210811ec9e":"1cd265f3812568274b643954c70923a76dfcc9f123360111":"f7459b0c23966dc1a53e0c6406c9e78ebe728e3484224cd88b6b2ea554522e75eb4a1c8a3fdc66561426464f50b8d0ff95b266677d91776b344a820eb4fd7d554678300558011a7cd85d22e92dc8ec2c2fa15c6330ba157c3e71728304447c1ad4d64f3da4fbf26d92e1e7c58a1b289c" HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-224,192+96,192,0) #8 -depends_on:MBEDTLS_MD_CAN_SHA224 +depends_on:PSA_WANT_ALG_SHA_224 hmac_drbg_no_reseed:MBEDTLS_MD_SHA224:"335ede8603fcde78ea9869da2dbcab4a6e72f1b53439f3085d06b856e627411a9ce1c297":"":"ededc73fe268935c10832c463549f8204a29cf0fe00a4d87":"ef1b8a80dd49d2c263999ddc0d5a1d9205c1b1c66239fd80":"05bfe97c398b1e33ee1c547c0edb5b654b7060b76604195440d06dd2f614a398c6c43f1803893c4c8888bedecdf998367cf992301a25f24c263f5d36bbfc6fe8b839cad293b3617c1d2c60a814bda0359e3f717fa80fc7324af8827d438c88642754b39b10d18cf5bf42f11177a0bc6b" HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-224,192+96,192,0) #9 -depends_on:MBEDTLS_MD_CAN_SHA224 +depends_on:PSA_WANT_ALG_SHA_224 hmac_drbg_no_reseed:MBEDTLS_MD_SHA224:"9b0275d861117553ecd3c4d7cfe762f88df22c4c4190dac8e0be5872818e2dd765261d58":"":"cfc0b07082d514425b17ce3cb334ec62bc1b3be0be58ca4b":"d3c70ab5ff7a364a9e6dc75132ac67e0d373fa2df301afb5":"09fb41bcceb016e754795e1cce582f0cae91d7bb50245975eb75274819e1e4dcdfbc5e2f13fd26b9a9f9e945cd807ffec4e275681ea7bd33eae13efd8a01edbe02562e77b44b6312f416c3dd0be64f2bae0ba4b9bb36fc3a44841d21d8b3571c0ef644d88cf3cc3c851b256a15f4d716" HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-224,192+96,192,0) #10 -depends_on:MBEDTLS_MD_CAN_SHA224 +depends_on:PSA_WANT_ALG_SHA_224 hmac_drbg_no_reseed:MBEDTLS_MD_SHA224:"1981c3f9ca58fd10e8377a8d0eb3cf02102aab6f7a033af3135533d9fd850e29ecb8dc9b":"":"f9978ba41df22894ad5f3849c1bdf21f7bbc0128c782e79b":"b4d57de5e18d393273ee9f3ef9736599c6d639f437239219":"fee23db2fcc71624fb39f573e33a1490efc7230c27e9278188251634f9c045bcb26e79ece6a173491475ae44a957c4269570f5469234ca8b6873cc973c8d97178c58cec658a352bad0d4c6001cae5664258db59ad76eb6304d166267eafb46f4dd536a914fa6d1ac58317e7c557d4653" HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-224,192+96,192,0) #11 -depends_on:MBEDTLS_MD_CAN_SHA224 +depends_on:PSA_WANT_ALG_SHA_224 hmac_drbg_no_reseed:MBEDTLS_MD_SHA224:"c10d4e521350f7cd1853576d03c4bece3e58c8c740859e4e16979499ec1365fc073736a3":"":"78b245520153baacc66846e7a83a2a925f892d4c2ee63c0f":"c8ca7a33de5991d44d7ef7da2d3368cc2cdb93895c394d41":"f92c15f5833800b28dba2d134d4dcfc41abf72f5a700469551e8ccb83bdb0772d14d6b26ba6978169e3ddbe5f214d57930dfcad719bf10d306749246d2624bedd4a18d327b8ae6bee67cf0bfb5f649824bbd0440f042146b95a83e5845ced69a55ba055d5dfc7183c3bb28d61312d274" HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-224,192+96,192,0) #12 -depends_on:MBEDTLS_MD_CAN_SHA224 +depends_on:PSA_WANT_ALG_SHA_224 hmac_drbg_no_reseed:MBEDTLS_MD_SHA224:"7608b5617785995a1f7144ee5229e4f9c138e418bcc3b5e061a422e8cf875f58650e996d":"":"961c2d33039e60a2871e1f5b82097f6b1cb03836dba5f440":"b18cb52d3858ac5bf59f216a28c0ad49f3dc88c67b5870e0":"4b0313ae873ce5ebf08aec160416492e4c4c797a5017061ea42aefa0685ab19b74a7af11f019b9fb63072b797f7ea3354efd32c4abd1e866405a319ed2fa13fc81019d61326e70e503141b9c77b4879a45e9f36f101dbfff4359147282ef814888fee81640def25f551cee41d12609aa" HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-224,192+96,192,0) #13 -depends_on:MBEDTLS_MD_CAN_SHA224 +depends_on:PSA_WANT_ALG_SHA_224 hmac_drbg_no_reseed:MBEDTLS_MD_SHA224:"fef7a43fea2ff1a0f624086985e535778d7a73dbc47bc23e9da92edd5d2f273cdbbc0251":"":"836731a57497a69e31f8db4f729774ad65f31d968dbc55a8":"bcca96d808ba98bb50e90afe58fc88e95dc14c3e90c56004":"4f2c64ecd146689064fbf4fcffce2a2ab3910e72ec4faec277f7b9e9ed510381312b01f21650e175ebe9c45c11e977276f13be015243a0cd16a191abbac6462ba96e4e4a1120b28083da933419e8c8f03099906eb1ee012ae291104c6530f51b5e32e6631cab8ef5aad68c0045255ba9" HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-224,192+96,192,0) #14 -depends_on:MBEDTLS_MD_CAN_SHA224 +depends_on:PSA_WANT_ALG_SHA_224 hmac_drbg_no_reseed:MBEDTLS_MD_SHA224:"00197c70b2f0d3e98e4b387ec42a65c4106a1689ab5de61101ee76f4b5e530e7efeaf964":"":"03015311cddd0961ec7a74cb84d835c058a69b964f18a1c1":"5e0d99e0e7c57769a43ea771c467fb5e2df6d06dae035fd6":"72e8ca7666e440ac6a84ab6f7be7e00a536d77315b119b49e5544bf3ead564bd06740f09f6e20564542e0d597ac15a43b5fb5a0239a3362bc3a9efe1ce358ddd9d4f30b72e12ed9d78340c66b194beb4b12e973213931b9cfd0ccbdf540d2c36ce074e2beac7a4ddac59e06e4c7178d3" HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-224,192+96,0,192) #0 -depends_on:MBEDTLS_MD_CAN_SHA224 +depends_on:PSA_WANT_ALG_SHA_224 hmac_drbg_no_reseed:MBEDTLS_MD_SHA224:"c5c89c26ac4ca8b1106ba90a8ef4d6d687dfd88743caa5fbafa4745d9c1f8371120b10c8":"":"d3483ae5f9ed97efd3f852e4a6f20f25c947a03f39a4b75c":"2cd523c5958cdf403caa61abe5c4739cdb9d40152f0e769a":"1fef4e6abc2778d1c3e3ce00fdb5eae1ebebdd5cff0a7087644c8565d1e8b876b2c05264ca81498468851fc7b9e5a2163a06f377d2ed754c095adc59dc015a77edd69e4eecbe48d9dc127eedfff5cc73ae38127ae3a518fe7fa5abd1a9c53eeaf144420873341e2efa3d81493c69b04e" HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-224,192+96,0,192) #1 -depends_on:MBEDTLS_MD_CAN_SHA224 +depends_on:PSA_WANT_ALG_SHA_224 hmac_drbg_no_reseed:MBEDTLS_MD_SHA224:"6860e44bf582db9818ffbe4c699d4218965c29f463d7a02fe1f36c8442b0a5d103def7a2":"":"e9f598357109e2a532dc980388b8a5991256166d67c3bc01":"58ebbf7402be041724701e5c0132abe604c11a62a9de1d2f":"52fad34b27113c146595a6740f505bc2d3edf6618975cb9c4a5155788eaf08b96d232610d9b4ee06264fd92f319df5a52b8f9e31b016a6c21d27d31d9d42bbb7588a7142f26ece3ddf211c8cf4530947adee302aa71c0d7fe9060c1b25f1c1f2e053598a7fb72c4db55fb1b02352d60a" HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-224,192+96,0,192) #2 -depends_on:MBEDTLS_MD_CAN_SHA224 +depends_on:PSA_WANT_ALG_SHA_224 hmac_drbg_no_reseed:MBEDTLS_MD_SHA224:"27b9f78ae07821f2b5625c8fc3a03ceec4fc8062be860c2db20403dd88a8751dcad56158":"":"1b6c848fce706abd73612dd3fd421c1c7ce9f4c2d0ecc670":"14a43645c1b6ae394f795af6ca2e9084e7e707f3f2cedd7a":"33c592017af545b3a9cf3419ce1c604e9c7c687ebf6418fbef47ec96e61f1951068eec9b60005d24574313f04ffc16c30872ec83e41e248e3d5c6951930d6a88b8931d5502d1142ce50676b3adf48453d1a008189658db8511d19a06ac97b4d5cfac19b54e8e6b899d501715f401ef85" HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-224,192+96,0,192) #3 -depends_on:MBEDTLS_MD_CAN_SHA224 +depends_on:PSA_WANT_ALG_SHA_224 hmac_drbg_no_reseed:MBEDTLS_MD_SHA224:"8d7cf5c2e360ef755c1e9f5b7a44a1e29f09cee7ca44e15925ffe9a47b2d55fd7750b356":"":"0e691c9a435939c615f0686eae88e090ba5c4b3f5e6e00c0":"1e3a452295617e5a9e6f78256d2781feeb3812753b4aad9a":"a307569d8adf3f7e6ee4567a5b2bd338badb9234e7b27c92429ffa75e4c56c0529fdc6c15df5d47c46e3d2eeadcf1b9e93a5dd6cde99a82f04b0d97f7a3bfd05c0e1d8370987222310ab18c980ce48b2679361c3d9011dd355a9b06337c054ee37913d5f4dd30d1fc942cd733a0fa5f8" HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-224,192+96,0,192) #4 -depends_on:MBEDTLS_MD_CAN_SHA224 +depends_on:PSA_WANT_ALG_SHA_224 hmac_drbg_no_reseed:MBEDTLS_MD_SHA224:"1a0d2c734918c539c1b306a464eb6b54f92e958e8636032aec23ba8ae817bec48384461f":"":"b8ad9e613a891fd0db89571fddda77827382e406cd3cdf7e":"1e172a708aa4ffa3618ff0d7b1f9ba341f4811507851dfb4":"674df1f3095d6c87bc54dd9b2aaa2c786bd50e4ddc02493745d820dad8552131fb3e389e99b0709478b65d4268f2a3b468a8447dc572a6ee024be6be9be9d428c12cc92894d15dd1c959d6222dc9ec30478c7a0b57f5bd8bd53868b98d7674738b54cf74100ae215693babb6db3b3890" HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-224,192+96,0,192) #5 -depends_on:MBEDTLS_MD_CAN_SHA224 +depends_on:PSA_WANT_ALG_SHA_224 hmac_drbg_no_reseed:MBEDTLS_MD_SHA224:"95a30a0ca779a4038ea920cccfa4cdd814ca17d560d53a75cf170f4712994f9bcb2efb74":"":"1da6c8726bbfa3c8bee6dcff6f76f2d55d60527c4f0db26b":"595ebd903a596a1f12175080185bd94c2336eb8dd29a387d":"317c19cf4a45b8cf3f645da084ada54d1b1f81379152424fddad22a6dc9bd22841e0c4c5a36bfb7879eafbd1a939121905a938ae034c7fc01afb56607e35f895f46f13e91ce4e8e75b6a87a1e5544e18eb194fd6754b06885ac05e332a05ed436e889965e405e0f2069b04b40ea0f635" HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-224,192+96,0,192) #6 -depends_on:MBEDTLS_MD_CAN_SHA224 +depends_on:PSA_WANT_ALG_SHA_224 hmac_drbg_no_reseed:MBEDTLS_MD_SHA224:"8af8930562510231a592a72587fa6ad7c234e133046965907642fbc785c0b86cba844f0f":"":"9ee7b221064966582dc836437b82386f5204a302a4179079":"473d917f5b66f0f6e3fb4670ba08c2cbd2ea765b46b10838":"5c2fc9cc7148dbe40a692b3636778eb80188949d198bba3e8355386b78b54bfb963f5f2d9202988da20ccbf336a7c737a66c90149b9e8e306477151c4d912f7c61e872de0d0e47701cbe765864de536d599946b8bd65e4d89d4e61deb53de9974fbbe634501800feea100fea573e2e50" HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-224,192+96,0,192) #7 -depends_on:MBEDTLS_MD_CAN_SHA224 +depends_on:PSA_WANT_ALG_SHA_224 hmac_drbg_no_reseed:MBEDTLS_MD_SHA224:"2b9554ecf94c7d647a4e117f43326cab54466eba56a09a52741b2445057c491935c067d2":"":"0144be6978dba85aa645d793c1881dc2deb1bd210811ec9e":"1cd265f3812568274b643954c70923a76dfcc9f123360111":"f7459b0c23966dc1a53e0c6406c9e78ebe728e3484224cd88b6b2ea554522e75eb4a1c8a3fdc66561426464f50b8d0ff95b266677d91776b344a820eb4fd7d554678300558011a7cd85d22e92dc8ec2c2fa15c6330ba157c3e71728304447c1ad4d64f3da4fbf26d92e1e7c58a1b289c" HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-224,192+96,0,192) #8 -depends_on:MBEDTLS_MD_CAN_SHA224 +depends_on:PSA_WANT_ALG_SHA_224 hmac_drbg_no_reseed:MBEDTLS_MD_SHA224:"335ede8603fcde78ea9869da2dbcab4a6e72f1b53439f3085d06b856e627411a9ce1c297":"":"ededc73fe268935c10832c463549f8204a29cf0fe00a4d87":"ef1b8a80dd49d2c263999ddc0d5a1d9205c1b1c66239fd80":"05bfe97c398b1e33ee1c547c0edb5b654b7060b76604195440d06dd2f614a398c6c43f1803893c4c8888bedecdf998367cf992301a25f24c263f5d36bbfc6fe8b839cad293b3617c1d2c60a814bda0359e3f717fa80fc7324af8827d438c88642754b39b10d18cf5bf42f11177a0bc6b" HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-224,192+96,0,192) #9 -depends_on:MBEDTLS_MD_CAN_SHA224 +depends_on:PSA_WANT_ALG_SHA_224 hmac_drbg_no_reseed:MBEDTLS_MD_SHA224:"9b0275d861117553ecd3c4d7cfe762f88df22c4c4190dac8e0be5872818e2dd765261d58":"":"cfc0b07082d514425b17ce3cb334ec62bc1b3be0be58ca4b":"d3c70ab5ff7a364a9e6dc75132ac67e0d373fa2df301afb5":"09fb41bcceb016e754795e1cce582f0cae91d7bb50245975eb75274819e1e4dcdfbc5e2f13fd26b9a9f9e945cd807ffec4e275681ea7bd33eae13efd8a01edbe02562e77b44b6312f416c3dd0be64f2bae0ba4b9bb36fc3a44841d21d8b3571c0ef644d88cf3cc3c851b256a15f4d716" HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-224,192+96,0,192) #10 -depends_on:MBEDTLS_MD_CAN_SHA224 +depends_on:PSA_WANT_ALG_SHA_224 hmac_drbg_no_reseed:MBEDTLS_MD_SHA224:"1981c3f9ca58fd10e8377a8d0eb3cf02102aab6f7a033af3135533d9fd850e29ecb8dc9b":"":"f9978ba41df22894ad5f3849c1bdf21f7bbc0128c782e79b":"b4d57de5e18d393273ee9f3ef9736599c6d639f437239219":"fee23db2fcc71624fb39f573e33a1490efc7230c27e9278188251634f9c045bcb26e79ece6a173491475ae44a957c4269570f5469234ca8b6873cc973c8d97178c58cec658a352bad0d4c6001cae5664258db59ad76eb6304d166267eafb46f4dd536a914fa6d1ac58317e7c557d4653" HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-224,192+96,0,192) #11 -depends_on:MBEDTLS_MD_CAN_SHA224 +depends_on:PSA_WANT_ALG_SHA_224 hmac_drbg_no_reseed:MBEDTLS_MD_SHA224:"c10d4e521350f7cd1853576d03c4bece3e58c8c740859e4e16979499ec1365fc073736a3":"":"78b245520153baacc66846e7a83a2a925f892d4c2ee63c0f":"c8ca7a33de5991d44d7ef7da2d3368cc2cdb93895c394d41":"f92c15f5833800b28dba2d134d4dcfc41abf72f5a700469551e8ccb83bdb0772d14d6b26ba6978169e3ddbe5f214d57930dfcad719bf10d306749246d2624bedd4a18d327b8ae6bee67cf0bfb5f649824bbd0440f042146b95a83e5845ced69a55ba055d5dfc7183c3bb28d61312d274" HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-224,192+96,0,192) #12 -depends_on:MBEDTLS_MD_CAN_SHA224 +depends_on:PSA_WANT_ALG_SHA_224 hmac_drbg_no_reseed:MBEDTLS_MD_SHA224:"7608b5617785995a1f7144ee5229e4f9c138e418bcc3b5e061a422e8cf875f58650e996d":"":"961c2d33039e60a2871e1f5b82097f6b1cb03836dba5f440":"b18cb52d3858ac5bf59f216a28c0ad49f3dc88c67b5870e0":"4b0313ae873ce5ebf08aec160416492e4c4c797a5017061ea42aefa0685ab19b74a7af11f019b9fb63072b797f7ea3354efd32c4abd1e866405a319ed2fa13fc81019d61326e70e503141b9c77b4879a45e9f36f101dbfff4359147282ef814888fee81640def25f551cee41d12609aa" HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-224,192+96,0,192) #13 -depends_on:MBEDTLS_MD_CAN_SHA224 +depends_on:PSA_WANT_ALG_SHA_224 hmac_drbg_no_reseed:MBEDTLS_MD_SHA224:"fef7a43fea2ff1a0f624086985e535778d7a73dbc47bc23e9da92edd5d2f273cdbbc0251":"":"836731a57497a69e31f8db4f729774ad65f31d968dbc55a8":"bcca96d808ba98bb50e90afe58fc88e95dc14c3e90c56004":"4f2c64ecd146689064fbf4fcffce2a2ab3910e72ec4faec277f7b9e9ed510381312b01f21650e175ebe9c45c11e977276f13be015243a0cd16a191abbac6462ba96e4e4a1120b28083da933419e8c8f03099906eb1ee012ae291104c6530f51b5e32e6631cab8ef5aad68c0045255ba9" HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-224,192+96,0,192) #14 -depends_on:MBEDTLS_MD_CAN_SHA224 +depends_on:PSA_WANT_ALG_SHA_224 hmac_drbg_no_reseed:MBEDTLS_MD_SHA224:"00197c70b2f0d3e98e4b387ec42a65c4106a1689ab5de61101ee76f4b5e530e7efeaf964":"":"03015311cddd0961ec7a74cb84d835c058a69b964f18a1c1":"5e0d99e0e7c57769a43ea771c467fb5e2df6d06dae035fd6":"72e8ca7666e440ac6a84ab6f7be7e00a536d77315b119b49e5544bf3ead564bd06740f09f6e20564542e0d597ac15a43b5fb5a0239a3362bc3a9efe1ce358ddd9d4f30b72e12ed9d78340c66b194beb4b12e973213931b9cfd0ccbdf540d2c36ce074e2beac7a4ddac59e06e4c7178d3" HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-224,192+96,192,192) #0 -depends_on:MBEDTLS_MD_CAN_SHA224 +depends_on:PSA_WANT_ALG_SHA_224 hmac_drbg_no_reseed:MBEDTLS_MD_SHA224:"e4547261c9dda6bafe9fddf435a80ebc96354c7c2c8847c5d26c6e73a967bfc4ebaf8613":"42849dc8eec611eaa49252067fa60d7d7267d711dc35b576":"815f50fc233f157f96ad0627c355bce407b269dca91af661":"775a1c9da6f58d4eb95b27935ecc01dde31ff17ce2e4e65d":"25adb777523a80a6dbb6ac1fd08e02bfc4b4686cec5efe3ae9aa2d4469eae8c9c3693fdc8e0fc107720b7789ef7331e23fe3799412ec86857ffbba515a5af4d91013b2f17669421c822005b4747942790a11a24c4974f27d54de69727b0ed507b6a48a9d6c53f93e2f3d33df73dd643f" HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-224,192+96,192,192) #1 -depends_on:MBEDTLS_MD_CAN_SHA224 +depends_on:PSA_WANT_ALG_SHA_224 hmac_drbg_no_reseed:MBEDTLS_MD_SHA224:"06d677001d9b3c97fda4d09778aee3de131b4123696b109f81bb6b0d7fbcab3c5842bb83":"f99638d2d4365b662cd83ab4e6a7bbb624e6c72b7b38e81b":"20b7d56f6222bafeeeee59dbca1933d8086218891f3a9bfe":"9de4f2847fe239cb1a3df4b8ff64c25d7b0870f3c9ebe3a3":"e18ff19837ce21e68944659321311b8584dd515ed8a6a1f2b0ac06e69009c3d0cf0489af876201efad962cfd1ba54f540b94131d788d3fea797c4bc079593bc7932baa70abb145a355741a98c584f0fa3298b8310b01e1a6debf5359d7d02b1a6c663100acb56975450bec20e91b736b" HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-224,192+96,192,192) #2 -depends_on:MBEDTLS_MD_CAN_SHA224 +depends_on:PSA_WANT_ALG_SHA_224 hmac_drbg_no_reseed:MBEDTLS_MD_SHA224:"abd38c0465cdfe018f36ffbb7a0ee51d67675ab4f0f1d1e93418bb4cdf6499a371af4d3a":"9a07d5571d841e3c1a9eb3fb48cde3b3e080e1c2e0db6a6d":"a392f79022aebbec0c82b981293627d139dfb5232eb490b4":"f5ce1f6b1e6715c49bea42ff439fdecd9b3b7f2e578133cc":"885c54ad25992fc38260498d6f4d8c73d6159af5f7efef06174da03afcd8384cb28690fd9ded1d26e2dff74aee4dd0c47a0d99c6fc1ec8d8faccbdcf6fdb12a528564ad0d8131bcf5222d7e6c69c52da1acba01b721c98ac5a33725111f12f6d8100009d7cc9efb7ad8d7d95ea4e620d" HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-224,192+96,192,192) #3 -depends_on:MBEDTLS_MD_CAN_SHA224 +depends_on:PSA_WANT_ALG_SHA_224 hmac_drbg_no_reseed:MBEDTLS_MD_SHA224:"b52620e58e0b52b8eed0d6a6c5f4ff6c1483c61fc41dacf72bf475b37d068d061d1edcea":"ef0d233de00d24622b7d4ff4215aa720787fe80aaeb65d7a":"81b735acd3dcb13e65231c2d980fb40ca850370581f230d2":"b2302d024d92cdaed4b12f79b0aeb20c98b2321710fefab2":"ae94204670196baf740768f97b3a095134b384afea667fd90a77a16c8ae390a732ff49a3073a27db0f7a2c8ad5d7cb527d334a37abf0472f292a20f2a28e667d7c9e9f7b8fbdd177f36bf92d66223aee3f712b6c9b064e07ab96f6a77613ea55008fb4f8fbcb2f1ccbb0da75316c1faa" HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-224,192+96,192,192) #4 -depends_on:MBEDTLS_MD_CAN_SHA224 +depends_on:PSA_WANT_ALG_SHA_224 hmac_drbg_no_reseed:MBEDTLS_MD_SHA224:"2592a5ed86ff64b9b4c1fbb81222d1bfbc53f3a639571ecc356084058b8855237da15c50":"a626c51ec99e72431485d2ba027ed9cabcae7b86116abe4f":"c430876552d28776570923c6b74e42c3210f01104006bf11":"fe2ebc239690a4eb18a0b5e75d08831cc2eb07c982c63973":"005045ade7cc15467b5ea784649d9804540a842ffba4db8d44df4f44c69480bd4fe965b645aed09d62190daeb2693a2192aec3d71453a8218e4700201ab922ac35d241d95150b47cc7a051897be4d958f2da5c2ebbfceb1c550cb67b32ff83ce4fd845fd826a0d2469b506f5158765fa" HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-224,192+96,192,192) #5 -depends_on:MBEDTLS_MD_CAN_SHA224 +depends_on:PSA_WANT_ALG_SHA_224 hmac_drbg_no_reseed:MBEDTLS_MD_SHA224:"376785f5ff8a82ceb0aaeb010533cc1089059ec583c302b14bc47e2cb8c2711839ce7f68":"6d345e248339e893f75696c039ac47e5678696fd489a393c":"b0f3fa1131c3fdd5c7fd2de93931e45a66fa030422ac65db":"c66341e3f9fb82e3ba85f229fcb7d34457e4a6ba8396b548":"b92d17e1be94b0385a8cc3e16189811fef7b284a1b0b6b2520fde79af7826c745e746486a70cd8dd9930b163da75f7eea7c216e758d9ed6c745dcd7bde19bb9382c1f7c37cd15b703b884d7d452c255b25048a836844c5ff28aaacf733a52c28904b36e1b51729d7aed81d601c0872dd" HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-224,192+96,192,192) #6 -depends_on:MBEDTLS_MD_CAN_SHA224 +depends_on:PSA_WANT_ALG_SHA_224 hmac_drbg_no_reseed:MBEDTLS_MD_SHA224:"2cc2557582c5a90cd2ad0c4a5578eb0bbc9bde41b126e46d8e9c3563341ba238414eb628":"9d2fbb9153e3ffefae0770c79de10db069a5ff9f50e31787":"2e54e32539e27ef76ac1eeae2e30c2385647652e20903b39":"1f4e01255908c3c8049521f8972c01ede7dc76c425c59640":"7d6ccdfab33f322898c470be02d8257e0e952dd10f407b3a8eaeeba47c541d968d79eca29e15541c1505fe4f19a41797c9ca2280c06261fe9d0c58bab65d16f5794b57566b8795c38c7b43d4761c8fd107beb95147a0fe61ae8dc31e25eb2957e44c0463ca7c1b589ea587f0cae1428c" HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-224,192+96,192,192) #7 -depends_on:MBEDTLS_MD_CAN_SHA224 +depends_on:PSA_WANT_ALG_SHA_224 hmac_drbg_no_reseed:MBEDTLS_MD_SHA224:"e670f896326b76034e43cd85f6f6f11fe6582d3471a8eb88d37a2302de010aac0e556860":"5e218091abee1960ef81f4d5a80415e388bd0cc79bed70cf":"7cf84b9ff30dbd0f608fb21646d7c5b542fba50adb38d5df":"c1c4aabe7616a4c97a4dbdadb08a9b63c6e10cef8d463fd8":"d8fbd557fccf31829b5ee11b05d0353e725bff15fdaac94d21ce95d40eff55edd852b264b515ec6384e2d28d014e47a2df0d4f56a4ec79309b06affc62915e231d62d02bfc60220c72b7ca7ba5671f882839b791ef534e707a04e5274c1011f7941fe1075a5d06a47af9fb2f65c1f211" HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-224,192+96,192,192) #8 -depends_on:MBEDTLS_MD_CAN_SHA224 +depends_on:PSA_WANT_ALG_SHA_224 hmac_drbg_no_reseed:MBEDTLS_MD_SHA224:"0576bb2d4c663b781193509251e2f76b0a8bb792e79449600c2c154feb70cf33ca942508":"ad15e4fce9f4dea43c12ff9f9d50c963b335a01332541154":"3c8a4d6ab96cebf9d02b5663dcb0e0db23699623455cd4b5":"43d2d3a8d023fa1785ce4781a15eb20ad787685a47da08f0":"a68e648cb07da2eb795a8c898c8631e565f33c2fe9c35e686d6f85fef145446cb79bb6d17bdc8224bfe437468a9630ed03c517caf1226c278ae510c869d67d50b6bf1cb378a34035041f290d8dbc123650ab4fbe5cf6074ed0ba90e45d9a8ae08566ea3d3a00ee3741c8ec8f56dcc78c" HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-224,192+96,192,192) #9 -depends_on:MBEDTLS_MD_CAN_SHA224 +depends_on:PSA_WANT_ALG_SHA_224 hmac_drbg_no_reseed:MBEDTLS_MD_SHA224:"f597ce05b9a5b1cf3847bbd4171e5085384cc256f77ac61573b435726cbd538b93de9f55":"573cf859f8fea05f16c6d03cb4e524b91e917f39eeeb1d68":"2a842454870c3f7936f8036b453d219557ca341f261d2519":"7afd8cc269899acd88f5c55af29fb0c4ce678a0d8ebf924f":"8162c16c1ce3d5c6b7c96f0281f4220569a882277935752b86e7d3f54646b276cb77ed96da73799911fca3d19d34c1f0b21068a472afcb77410412eff2abd03c753a009ce02b0e995477546366020294eff0ef0da66f31a413313e2774ca04f09a4d5076e0e85ca97d5bb6faac4c0c27" HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-224,192+96,192,192) #10 -depends_on:MBEDTLS_MD_CAN_SHA224 +depends_on:PSA_WANT_ALG_SHA_224 hmac_drbg_no_reseed:MBEDTLS_MD_SHA224:"d5b5374fe143035c4fea41667bc8bc7d46000998cc82ab32a0040c705e01f9b354e8f16e":"ed8bb219e67515874c5b9e3f6ae6e4dfa9c42d1e69204e8b":"70f03fe6e78cc34ec1678b2708fcd8ae3300183ea15ccfc7":"9c641d7e73d1a2b819e113747d74a979b74c444ed36b7391":"d50df8e3e17c0f5e19673ba2097d1d0c4cf7a9def7465a5b91ac8d49ae1b6a821fe9efde841ec9064555c0e2d6cdfa41f1089f22a5c27090c5a136660d1af586a1e131a853f19bc3c8f4c79aa09e39c2f22b4456c667ec907e2a4124218665e7cce50399ae1e19ba9c2399f470444839" HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-224,192+96,192,192) #11 -depends_on:MBEDTLS_MD_CAN_SHA224 +depends_on:PSA_WANT_ALG_SHA_224 hmac_drbg_no_reseed:MBEDTLS_MD_SHA224:"74d7c8c9b170e59e4f128c8df1955838df5c8071a5e85439d71e785c68b37e10efb39c9a":"be3d54203a1078d051519137774d5d851e81be026155eb78":"23f7b6758d79de580ed3eb995fc173da74939837aa8d9eb4":"6f0d5a333ddea0d38362df0dc3ebaa2be2fe5825ddb0ce84":"4462fc32110b25b3797c5cafaad830e8a4346d9270fed98b30f1345a7a8dde19bf5365d6f3788e7f715feb2762af263839c8c8188908c61120743d977d71c51f6324d887bbda380fc07eff09a31c2332e7b1aa1692c59c3379db95fc21cf711c004c4d385fe14f48f2f2a31bcce6aaec" HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-224,192+96,192,192) #12 -depends_on:MBEDTLS_MD_CAN_SHA224 +depends_on:PSA_WANT_ALG_SHA_224 hmac_drbg_no_reseed:MBEDTLS_MD_SHA224:"eaf27c3f69279fd523c0c3a1da5fc4f01ed64c27ffcfe3c1c596482f5baae1434e8c687c":"b038829fc95dcba8645ce40a306491c893f48139ae30a071":"fbbf7abb8cc2612eeea6d9463efd55c47245e01713332bd6":"ccd7e81f529de1ff4e65fc63d34c262ffde7ee49e6707197":"96dfb7445057633b2f0deb69135d10d0a2dc53faa9cded55ddfb8edc63f5424f8fec7627597a30328177dde7963f76f9e5412b5b440256c6a3f0c7c7fa02ca49e19ea176abac013696e9d529f65e51d4a7348e42dd254bbf19d9632d6c875b8ecd7a4139f1bf020a159d2a30af8d645f" HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-224,192+96,192,192) #13 -depends_on:MBEDTLS_MD_CAN_SHA224 +depends_on:PSA_WANT_ALG_SHA_224 hmac_drbg_no_reseed:MBEDTLS_MD_SHA224:"319cbf2b11b37c831c654b6cec2570dc6d7abeeab185272a518eaef30faa5acf5c8b254d":"9effa141f7466b659eaa50c32c8e683c2640f54027ab6aa5":"63b3acc237588cdf41c0d4bef16c4890cf3d458fcf1de8ea":"573d6a7960aeccc3280a8aee4d72e587e9d196b7b270e329":"8a568086fdd9f01206a5aaee34d253bbc9339112d3170699b9a1392e97062d5d0f16240114dc1789269217c5b4b2974895b20903890f7dacfef46fa4a4d02891c70425ab3b42f53d72f852faf3713ac7b8207dc453279f4df345091b8bfeb54983095c2d190358293ba507bdfdc39b24" HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-224,192+96,192,192) #14 -depends_on:MBEDTLS_MD_CAN_SHA224 +depends_on:PSA_WANT_ALG_SHA_224 hmac_drbg_no_reseed:MBEDTLS_MD_SHA224:"56f3f5b08da10ead0c986dd2ae5553e4b2eeeb47ad5d22197b12b89b4a871c51c0d85554":"96c8630a1f4187fb0794601cf51e7e333e71756a0421ff43":"875e5bc9548917a82b6dc95200d92bf4218dba7ab316a5fe":"4d3f5678b00d47bb9d0936486de60407eaf1282fda99f595":"90969961ef9283b9e600aead7985455e692db817165189665f498f219b1e5f277e586b237851305d5205548b565faeb02bb7b5f477c80ba94b0563e24d9309d2957a675848140f5601f698459db5899b20dda68f000ccb18dcd39dfae49955b8478fd50bb59d772045beb338622efa5a" HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-256,256+128,0,0) #0 diff --git a/tests/suites/test_suite_hmac_drbg.nopr.data b/tests/suites/test_suite_hmac_drbg.nopr.data index 07fb24b713..0e59e2a4e1 100644 --- a/tests/suites/test_suite_hmac_drbg.nopr.data +++ b/tests/suites/test_suite_hmac_drbg.nopr.data @@ -239,243 +239,243 @@ depends_on:MBEDTLS_MD_CAN_SHA1 hmac_drbg_nopr:MBEDTLS_MD_SHA1:"4e8227e8422d674cdb79e52cc30b7b84f81cc05b03339704dba3e731fc81949e679a4257c5fd68a7":"2d6e4af02acaf230bf746157ec624ba7":"deebb368a79c1788528b589056b1194b":"1dbbc7a131e98344fd748edc6fec11a0":"0266e8a066dcabaf6991c7a91e1c6e56":"e51fc833a60b099e56996a66820368f5332822c8f9dffe8459c80d2512d451e1669ecf6e562a1c295fa6981fa651fdd3d8d936c18f88d5844393a2a371aaac8f485cfe92926f1a54980500edc43a0a6c" HMAC_DRBG NIST CAVS 14.3 PR False (SHA-224, 0, 0) #0 -depends_on:MBEDTLS_MD_CAN_SHA224 +depends_on:PSA_WANT_ALG_SHA_224 hmac_drbg_nopr:MBEDTLS_MD_SHA224:"09effa3906a5e93d05530edc71e62b39c5e4da020537176c23823da52dbdbae8307656cdaf8f861471dba14533c880505874098917e338f20ef8d8a1":"":"":"":"":"d5de8a3388b11e45085f6d9a009462947631c4e74523080ccd03a0196aa56b63a93a2939f490e9456e9fce3e9000e58190991b9aed6d145ac18f65cf2b1c17eb021acc5256eb6a7e9023f62aed87d15ea4e4b328f265cc34adbc062d54524365cc9c5073a8371f35dc2f459e1d027515" HMAC_DRBG NIST CAVS 14.3 PR False (SHA-224, 0, 0) #1 -depends_on:MBEDTLS_MD_CAN_SHA224 +depends_on:PSA_WANT_ALG_SHA_224 hmac_drbg_nopr:MBEDTLS_MD_SHA224:"29a7071e686936e60c392061f71b68500dd6f11c563732fca9dec3b2f859e06a857fd94e3ca1817872d94c2b7c2f283a0d2d12a6443e95f7e700a910":"":"":"":"":"72c0f3cb7792bfebbc1ee6f65d40d118a6a1c4e04e589c8f70273b4c7b718c9df383658572b894838a311fc0aa2aa6258758b33783e192b0c3c1d322809375dc925a05605fed8c7e8fb878fb63c84ce639fd277d9955f91602a9f4777b7c3b15404c4e761ec8d466674e32136c7b8bdb" HMAC_DRBG NIST CAVS 14.3 PR False (SHA-224, 0, 0) #2 -depends_on:MBEDTLS_MD_CAN_SHA224 +depends_on:PSA_WANT_ALG_SHA_224 hmac_drbg_nopr:MBEDTLS_MD_SHA224:"abd3dafc85b23025792bcdaf9f410829d3201c1e8ca450e217e13ec2e3b744e8c54107174a6e69ad05f643ee5cec49cd47ea88c80b96a0944154b458":"":"":"":"":"152333e16b04283dfb8c43dbb3be43b5db2ec49a399facb65cebdf7ca3ed267792ba308cdb0649b0c19cb1126b144d5766b5afeca98036a1f85cd2cfe3b8071011b69b2aec382f8562d9dd4331a554f3a3ee632cff308488b30a7416be8bbdee7e250cd12f371d069a097e9eac43031a" HMAC_DRBG NIST CAVS 14.3 PR False (SHA-224, 0, 0) #3 -depends_on:MBEDTLS_MD_CAN_SHA224 +depends_on:PSA_WANT_ALG_SHA_224 hmac_drbg_nopr:MBEDTLS_MD_SHA224:"caa286c160d22af10922ee6088c269d0c963034e5fd2a85d2fc171d0c4ba0833b630a64ab09965f132a744656631bf2dd27430c7c2d1e59cdcf43a97":"":"":"":"":"4d6132b9ce70470dd36f551584ada639e74b85fb9bd3c3e350011d99f2dc0371f874e6b9d92eba3fceafe34e574c1441d0d476c475b704755a28733e31637962cae67e849bed18d77501383cdbc27ab6f60d5d8d26634ef39e2c60fcbb04a9bdda8bcfb9b2d3aeec12a21279ed553343" HMAC_DRBG NIST CAVS 14.3 PR False (SHA-224, 0, 0) #4 -depends_on:MBEDTLS_MD_CAN_SHA224 +depends_on:PSA_WANT_ALG_SHA_224 hmac_drbg_nopr:MBEDTLS_MD_SHA224:"f79156a2321ba930e15109501ead80a3b26c1747b7a9aeb922d1a9d474df64a1fc3483f10e88a7fcdde91dc06940c58bf4d747b5a9cd8cad2c2e9870":"":"":"":"":"1b3aeaff973b2e20cee947ff283277991842a22f45cce9d22c1705daa51a56ab43aaae1b51bad7a7363edc7b548a0cec6b376b925a6e35bc7dc3b4a33a7f3b57d66b1b35256908bd2d8f0495caf2539ba4475d766c21c2c2e4acff87fefb07c662eb344d9c99ed407165f8a09a22816a" HMAC_DRBG NIST CAVS 14.3 PR False (SHA-224, 0, 0) #5 -depends_on:MBEDTLS_MD_CAN_SHA224 +depends_on:PSA_WANT_ALG_SHA_224 hmac_drbg_nopr:MBEDTLS_MD_SHA224:"2dfeb70fc433426e23378d048b836f899cbff52d4a92c6d7d218e3aa54c06793339a752f86f03b7fcf89bef725339f16ab1cd28ec85c20594bbdf3be":"":"":"":"":"d403dd8a6f3a914933253db9cd043421e54243a34043f5ee11a3b6a627e25d944434eac22a00172caa607ebf7de55b4c4305c2b93428d5fb4cf0a649451ec7fc5da65c4894cf4d2f3d52e90993544237e5c58745441c9cb2e047513ff81d9cf980d8b12769c21cc8c06f6d583b8be3dd" HMAC_DRBG NIST CAVS 14.3 PR False (SHA-224, 0, 0) #6 -depends_on:MBEDTLS_MD_CAN_SHA224 +depends_on:PSA_WANT_ALG_SHA_224 hmac_drbg_nopr:MBEDTLS_MD_SHA224:"2c6ba987bb61c4131138bb8acd877763c2c7e1f86289a81b6b54d1d8b399b5a5ac7171c0c9c0b5943bd7f54bf72b20307834e971bb637b351a756823":"":"":"":"":"7ff01def84626825fc22a62cfe28f5f95403bb2618eff22529b6531aaf1032100944d5f9703496d165c5756c0aac55b1812a72940aa5317fb6a2944d124e7f65766f231b6bda06100c5ad0d1b37c488e0e9f11a6d8f7e4cf7337e04d094ea9de2db1bbecf40e0cc8d1fc1cf5a01cd081" HMAC_DRBG NIST CAVS 14.3 PR False (SHA-224, 0, 0) #7 -depends_on:MBEDTLS_MD_CAN_SHA224 +depends_on:PSA_WANT_ALG_SHA_224 hmac_drbg_nopr:MBEDTLS_MD_SHA224:"ba08acc3a00b9b40d2bad8cca4909d3bbec5471f78d0bf89a805d839b8b29fb753c9e5d3674365a7055a187a238ea1cd04f482d24d856b67eb54d71a":"":"":"":"":"9ec6ad840270051313c5825295a6f7527a8b1b9b3e7c867e5642a984b11911be60614e5737d3a0d109eea4223f0d2ee63cb19be702291a771b2e2c277f2d4559176fc5adccea52492e3d3ba7d17bad5b5f487d783639467997d7668ce2173ef777f9e31dbecb6ee716b5cedc8bc5098a" HMAC_DRBG NIST CAVS 14.3 PR False (SHA-224, 0, 0) #8 -depends_on:MBEDTLS_MD_CAN_SHA224 +depends_on:PSA_WANT_ALG_SHA_224 hmac_drbg_nopr:MBEDTLS_MD_SHA224:"95413345228eadb85b67674b9981af34bd6a4ae04866229921be928c06e6a6a6fde8d31a6a88f24d6a1114ccbe08ded9d7c50c3360bcb8908a615381":"":"":"":"":"d4dc08e36f94e88f8bfb1919c13186139591edc681affb61c421d32dfda69e507d59495bcadd39b73c4036ef440dc598e339473caba60e0770ac4729264b1dbfdaf32ca6d136ef6810a6660fa5cbac91940a28053c0fa405c7b6ca5e3f147b5e0096f36b67da9fce64247cfdaad70fc0" HMAC_DRBG NIST CAVS 14.3 PR False (SHA-224, 0, 0) #9 -depends_on:MBEDTLS_MD_CAN_SHA224 +depends_on:PSA_WANT_ALG_SHA_224 hmac_drbg_nopr:MBEDTLS_MD_SHA224:"9b6bb9589f41e8ed6969dbf1a3b3d242dd5e133711f72549334c74190e4efb1d0452016ed4fffca9561aaf219e6793bfb6fd3dd9500bd61e6a62db66":"":"":"":"":"cee02e4fe0980afe6ccbb1b0d80041ba9841461397494f0fae5188228fbe9822e3ffc5397b7caa29950d95536e7000e1249e5bb93a593e659a49689add16d2f5e02ff251c76716dc426010c2961a176bd63c29397f6e36cd4de2f2b11e1260b9f9a00bd49b4b6617fb056b82c92c471d" HMAC_DRBG NIST CAVS 14.3 PR False (SHA-224, 0, 0) #10 -depends_on:MBEDTLS_MD_CAN_SHA224 +depends_on:PSA_WANT_ALG_SHA_224 hmac_drbg_nopr:MBEDTLS_MD_SHA224:"f276ba0da08274a082f3b8ad989a713908873b742f96bbbf8c81b4e1a7e4857bc99aeceabe534c45105306b14860883cd56f2438a7812b43f0d911f7":"":"":"":"":"24dd3eea9a8e1f9929ebbbc2a68379caec77fb42531a97f7f3a75d16ad053799ffc25cace4f4553c271ae360eca1f5131ef87bf0390b26785880db0d92bb351e6e22409d600f6dab5cbb2278b8784e67a40be4d8ea6d994115c67b7224d721d1b3c7fc5b24e15f97eb3bbe33798d1bb8" HMAC_DRBG NIST CAVS 14.3 PR False (SHA-224, 0, 0) #11 -depends_on:MBEDTLS_MD_CAN_SHA224 +depends_on:PSA_WANT_ALG_SHA_224 hmac_drbg_nopr:MBEDTLS_MD_SHA224:"fa5ed9189f21d7e94764bddeff23050112868cfe35220b863e8112f691c57e6d6c4a91c752c5f0b37b97d5f3e383480054877f319a568b064e6562a4":"":"":"":"":"55eb5ef1248b5a34c741f2076ea5d568da630ce4720b7e2c86a9dd535b48faece2229866a36024fd4114249be4730e554b772d557ce3f8b9d4d86d91202582213a676a076b87f941351c7606a452816db5d0f8194825d402d2fe7ebb2815532091b3830a9616918bb0e3298faf037bf6" HMAC_DRBG NIST CAVS 14.3 PR False (SHA-224, 0, 0) #12 -depends_on:MBEDTLS_MD_CAN_SHA224 +depends_on:PSA_WANT_ALG_SHA_224 hmac_drbg_nopr:MBEDTLS_MD_SHA224:"d0c5003a6168163f707b25191b51211dc1ae361df1e069d0f284f66967aca4199809dc89368164213ae17285674e5574851582372fcae8cd2733bf4a":"":"":"":"":"24910e1a9304471d053af458bc3fdef527e8796e33133f5af005106b203e8fdefb274f1c0e8ff44e92c63bef3082c6e5607a7981a6076f1a1d15368f4330c7012509d5f61b4349224a87960bce9873725145f187aa931394c449f502d12b60655a0ab2a221134a51786c3683f9ffa2b2" HMAC_DRBG NIST CAVS 14.3 PR False (SHA-224, 0, 0) #13 -depends_on:MBEDTLS_MD_CAN_SHA224 +depends_on:PSA_WANT_ALG_SHA_224 hmac_drbg_nopr:MBEDTLS_MD_SHA224:"bf5b5d1c891f7a6f2dd3f4d486d693fbf67f49584b7f053aa96ddacd9fc0cdea0fab8209d8f4335820ce68bfa04899b63cda15242e9cd3f7acb1f103":"":"":"":"":"710c8b33ab034b50a29de657b93f3c71df4727a5219a474350c88b4e3974ffd0d3452e8c4d26f579e348f39cfe0d20045a70a866c5e16a0c22aa0d69b739f74cbe8b046bc14cf82b86498460bfb26af0771371c2750f7c59320c6f6fe1d04cfb40c048686b6c1b69dc641b8957c2c341" HMAC_DRBG NIST CAVS 14.3 PR False (SHA-224, 0, 0) #14 -depends_on:MBEDTLS_MD_CAN_SHA224 +depends_on:PSA_WANT_ALG_SHA_224 hmac_drbg_nopr:MBEDTLS_MD_SHA224:"525615164dce0dac5397b357546aad049dbe5982da2c215a233557553460f8505a3e7c8224af561190099ee21a06d62f9f00e282b32b486e8d0e338f":"":"":"":"":"3fe96c9b10c4c8e43cf3cd76ced4ad85ae576f32ea6671ef284f7c97491b72152a18a1060145e4f5e7c0c373c396cb4c8c0b6d625c1f0d2ae95b0691cb1c80a3dd5eaa21632a82aaa28e09a2bbdeff7fd8812fae46deae14bbb16da24d06878fc417b3554fb47b0ef9fe18d1b9d4f4ca" HMAC_DRBG NIST CAVS 14.3 PR False (SHA-224, 0, 192) #0 -depends_on:MBEDTLS_MD_CAN_SHA224 +depends_on:PSA_WANT_ALG_SHA_224 hmac_drbg_nopr:MBEDTLS_MD_SHA224:"ca81953d50430bfb09537a318a1a7b90a9200077abb721e55d9ac28946fbf75d9cebc81f11cf6d4db712a3b91d479e00ba30d736a763cbfe40b91448":"":"e50aa8bec96339cf2608bb82cf038d5fd6bf93e65271cb72":"5c5eed0d98c7fc7eb30acddfee002d5b99c965949d4e2095":"a1a7cbc79bfaf4571cd8020da094118d241b3f018ec823ba":"c8b7d9c15624ae018a8612edf6444354c45c6a788272281c16526c689a3dac36679e44d89c4acd7eb58ff40a577c3d1a9f4d0175feef9ac5674c115d5e4cd17f2369e0135e33b018bdc99e4099713ace986a145ef55e868f74846feb3592d44ca3ebba6044a928e9284b5ea75063ae81" HMAC_DRBG NIST CAVS 14.3 PR False (SHA-224, 0, 192) #1 -depends_on:MBEDTLS_MD_CAN_SHA224 +depends_on:PSA_WANT_ALG_SHA_224 hmac_drbg_nopr:MBEDTLS_MD_SHA224:"b96ca1202fa959ef55a683a9021068e14c75376e15d1f0394b1c091a8b6dd6b98b6f63747dae58c29186179b4155b868f5a81ca206a5086a5759b025":"":"a35096086c1fdeb1fb60dd84fa730eccedd53e5b127eecf9":"a3269fa749e55850d4aa9e466bced0beab2edf86b926c2ae":"29f6799f7c78fdfa2d0dbdde8381aec5af249556903f6313":"c63ea73e1ddc9d55bd64a63cf73f730136ab4f6d688a9cd56b945f9875ef4ff48cdbdd8b78b898486a685d8af8cccbc2a834a9804e566ee7138c7dbf488d263fbd387041f835ea46ad27cbd66721428ed5795f6ed044cdb17c8e7e3ecbf61dd68239e8fd644ae85776050afbaa06caf7" HMAC_DRBG NIST CAVS 14.3 PR False (SHA-224, 0, 192) #2 -depends_on:MBEDTLS_MD_CAN_SHA224 +depends_on:PSA_WANT_ALG_SHA_224 hmac_drbg_nopr:MBEDTLS_MD_SHA224:"59af1213cfcaeea29e31400ab6b30f108d4a9a77d3b370972d29032cdc612b7c360c41f16b0c9d794219300fe0551e0e66d634a4eec396c50ec9604c":"":"66ed9352bed73224d35508754aab68fcea10aac06d60e888":"198a3526a67a0ce31ad0348bbdfecede4f82d4203d1d5ca1":"03faa2f4c34577cd8b2ed53e10c68c83c1ebc8d877379178":"5e24f1a9083f13274ed1020ab6935222cca644d0920839c2b142e2780983204453d2e6c58518cb351188bc3e5e3b64015882130d745511f004cfb6b64831139e01ae5bba64b74f1a1ede7e220a6d29b1067d7c68ba3543f4dda2fc97a3dd23590c2c18b85662618462ba2c05231534b6" HMAC_DRBG NIST CAVS 14.3 PR False (SHA-224, 0, 192) #3 -depends_on:MBEDTLS_MD_CAN_SHA224 +depends_on:PSA_WANT_ALG_SHA_224 hmac_drbg_nopr:MBEDTLS_MD_SHA224:"e6cc94c72f37999f28b5fe350bff622b433ae19111786c747d954adaecba47abacfea8cdf5eab05e2f750c0a679cfb9c2c2c071461178a054af40967":"":"3032528703dd66e42c7b6b5881483eca41e9eea503852eda":"ce8c03b0a05982ceadb516b1fe513da2403a9e6dcd7a39f0":"3f7ccb55376f23dfac1dc13be617894931f9c13d15fd3dcb":"558656cad7da2ad87a7a29ec5e612addcca96d72ac7b224cde80ce386c6efda12113fe9aa8e511714a42edab53ea0289c75d34b42f2313ac366f51f5dd3f6968bbd4c09ebf840dfd03852dedc1e3b6209d932889cb04062c644482106cf8b7a237d2937840f0c4d752d52725b5590d15" HMAC_DRBG NIST CAVS 14.3 PR False (SHA-224, 0, 192) #4 -depends_on:MBEDTLS_MD_CAN_SHA224 +depends_on:PSA_WANT_ALG_SHA_224 hmac_drbg_nopr:MBEDTLS_MD_SHA224:"cd4dcc8fb50672611f19e0cc8adcf9285f9d76e7e28bcac34e931163f8057b9f86424e5d514a13c0a25bbb49ee485501ec5e21061e006ad1569d2610":"":"24480094a44067b86ef47db38ec3e62914351196358bd9d7":"c6ac3b879adb6c150a8ee44428c333574ed9b0d6806848d8":"92bdc1514d87daaa321655d56c6302878c2bde37700163e8":"21c51a1568aafb56af1fd424f6fa146113d14d6d63e1a24e3168130ebc10dd84925bc4077c41897aa8b3c73aeb5bcf392d496dedcb6487379bfb3e12bc07fcf5c196d59fcc1fa730e55c00edaa2bca7b1e32a40ba06500ed3dd7fcab361995319979a0fa9cdc406a4d20650814e8bfac" HMAC_DRBG NIST CAVS 14.3 PR False (SHA-224, 0, 192) #5 -depends_on:MBEDTLS_MD_CAN_SHA224 +depends_on:PSA_WANT_ALG_SHA_224 hmac_drbg_nopr:MBEDTLS_MD_SHA224:"fdca0039e8485a06e6a9afbde5b07a1bbe49e13659a2164034289639d23dcf3f9874b8fb1a1af8495b6b2129b88475cc529c96271bc1bbb5c7c2ea03":"":"841f765ed5f00be838a270730ce5926659cd7cd9d5b93ca5":"825fa13ed554973768aab55917cc880183c3ebb33a532305":"736e9de931198dd1c5f18a7da3887f685fbfa22b1d6ab638":"dd8596a62847a77da81818dbbeaf0393bd5e135069ba169f8987f01dc756689342cba61d87a79d4bce2311790069d10709c3a53df974c7d6793ae1298253f13ecdbb5680928579b73d73afdcd24a703dc9b391f303d8835ba1129c3d46237ede5e44732a74f8f23b60a3a45ce42f042a" HMAC_DRBG NIST CAVS 14.3 PR False (SHA-224, 0, 192) #6 -depends_on:MBEDTLS_MD_CAN_SHA224 +depends_on:PSA_WANT_ALG_SHA_224 hmac_drbg_nopr:MBEDTLS_MD_SHA224:"e246e3f95d89c166768aac69fc95fb49eec49aa633adb938ce1705b68987aeb0fae7f57b7e99e4f3e3e1b1db2d1fedf443bd2618e95193cefd905e1d":"":"130701f88cc1e7545980e6c6f6cc76b0336f089bb66cc347":"95533f4cc247c887d6a7cc0ca753009bf034ba95b7b1d3b2":"464fd16f011eb2986d9982879d79349a3ce4f5905bbfe832":"0d4e6b03af7a648337abec2efa585908af40e88d1f104b3e8c352aa29ac79fe8e448f36b0dfd701a1fc0f1d86dcab7e8a8ecada6ba218d9aaea1c40aa442ca51f3116ced3c9b8ba7546688ed4f3a1378f76b8a29ec763784fc82906dc0f688c5e60d59e6d5284fcd96f361bc5b285465" HMAC_DRBG NIST CAVS 14.3 PR False (SHA-224, 0, 192) #7 -depends_on:MBEDTLS_MD_CAN_SHA224 +depends_on:PSA_WANT_ALG_SHA_224 hmac_drbg_nopr:MBEDTLS_MD_SHA224:"cb0405e58270cecb34a9951adeb694c5513c499cf310f6a99985d4fb3973463e907705740e01aed4ca221d4b03ef30e69fd8dbfb4ea919a913800a1a":"":"0b57e688472e9a05baa3920417a2e8f9a9c12555fd0abc00":"cac05f79d9837c97bb39f751792624983c397fd288dd1d95":"344d2aa2b3bad1485429b66606bf215acb0a65bf2a318f6d":"b2a13d75ad389514149763199d711092a9b0e4f1e50809355cfefc1884a94f4d4a50ac5c5da0b4e9bd7537e413bb451fdd2fa77f1f894444cb5c81e4c43978ebfd96900a2c8986c885d0faf89a2ad5c6ef922dfba1b5219b0f3c4ac2095340c3b8bf0db037171b6545741c76217b2aa5" HMAC_DRBG NIST CAVS 14.3 PR False (SHA-224, 0, 192) #8 -depends_on:MBEDTLS_MD_CAN_SHA224 +depends_on:PSA_WANT_ALG_SHA_224 hmac_drbg_nopr:MBEDTLS_MD_SHA224:"e38ea7584fea31e48ab085c44f46b4cf68ff24b4a6b0b25867463e4a46ddc9a4de23f7272af1e9c4e0391aa9491ce7cdb5f96292e0d65cb9a9a4a3cc":"":"afe267e1491de3934054b8419b88b16731217eb4ee74c854":"bd0f3c43229a0ffc9e143e16738111e16d6a06ebf3eaa5b0":"23bd14ef8cf797cff7ff787df8ed8b87684fe7a9a33bf695":"c27a6ee5bab8f8e93783840e72894f3b024c7d3206a4a1869ce6fa8b5674bcbd24d4aab30f9866d797d850423c57684b7697913b9ef7bc0be933d0e21535bd50fea0feeb293985261fb9d4eb1ef97ab5ec6b691a08db4c8171e63745d14fb4c3a03c41f906daaa2877b7622b254f0449" HMAC_DRBG NIST CAVS 14.3 PR False (SHA-224, 0, 192) #9 -depends_on:MBEDTLS_MD_CAN_SHA224 +depends_on:PSA_WANT_ALG_SHA_224 hmac_drbg_nopr:MBEDTLS_MD_SHA224:"71dc625242dcb94e6ba2bd013beb2112cfca576774e102830503b7aeda24c2c9d862f5212975ccc019ad2ea0442595f74d1d37dbcba0719d8ea32ba1":"":"0fef9f0934bb4485bfab2431f8811d963ec7fa7953ffc213":"a6a7501c4a5a93c396ef8cc969ebd93cac1c30b4783a0617":"c58ea233f35a22fd9b01592c6026aa17922070b3604c7118":"a1452d85799b54370cff65fd6dd74b575199606cc8fa64880b26972c913c372010b4c3f4ce9b7b565a8f5305072404c7b9d70f7aef6e2709c1694eefae66ffa80f16eb4b91f8041f4487427e69daa437e183e83d3b9718ba6a23fb90365884899e0d2f0bef56b27249f65e1c00c5411a" HMAC_DRBG NIST CAVS 14.3 PR False (SHA-224, 0, 192) #10 -depends_on:MBEDTLS_MD_CAN_SHA224 +depends_on:PSA_WANT_ALG_SHA_224 hmac_drbg_nopr:MBEDTLS_MD_SHA224:"36c1e048d16f9d6035c6b62515afb929633f356fed6a654282663e2284fd4132116d21eef66d29629bc712965d960f18cf3f7dcbf8a3ccd61b5b5fb5":"":"93bb372b7ae1035de6f13b2a36c3ae5682b9a3ea8f444383":"9715b72e4755993762e11a93857f1d50a051e70d094339a5":"2f1e73945863b237f49d6d20d0999a0203f295b9a046dca2":"ca135891b47f27c26ac891df49c80d085f90c13d236a60f1372eefd81eafc5819f4ae5aee5b32d46681be01629b078ae965f67b81a5268ef0b303d09e048f4449f5aaa11af51f80151b4697b13700930167cdcb3b6e8260eeb8bec7f6a67a2050a6ea569c825d61d4858a1cd15f70fb3" HMAC_DRBG NIST CAVS 14.3 PR False (SHA-224, 0, 192) #11 -depends_on:MBEDTLS_MD_CAN_SHA224 +depends_on:PSA_WANT_ALG_SHA_224 hmac_drbg_nopr:MBEDTLS_MD_SHA224:"582425e13356e7a840cae9fa435b220af6a96fb53ac91e7ee22023cf6a0eef3923907883ae540be816e0631c894520b86e8c6adb8152e55cb6aed5ad":"":"227762e137f9eec6d2b3c63476b404dc5b0c68613a93034a":"fba72c01a9e51c93ac00c1232c717d32fd4d4c791556e716":"f5258bf318457769a93ef5b3ba95fa2753ad1c5c1b81a785":"c753a84ba7f41af2ab757ac1e4c9c450d2112767ff55a9af8f58edc05c2adcaef7b5bf696e5c64f71d5685593f254a87625065ee0df51ab4f7bba38faf5799c567d783fa047957f3f965571a7b4cb477566d1c434d6b2e22ae16fdf473a6c03057d934a7e25f0ea3537be97238d74bc4" HMAC_DRBG NIST CAVS 14.3 PR False (SHA-224, 0, 192) #12 -depends_on:MBEDTLS_MD_CAN_SHA224 +depends_on:PSA_WANT_ALG_SHA_224 hmac_drbg_nopr:MBEDTLS_MD_SHA224:"836f5d7521f26d884dc34af2ca56ab4a752ea18b909085a87cb6d07dba32b654390a25b68ea7ba8fb790271c712f387145052ca46cb40534355c1666":"":"99d9aec334666d7c399e453455ef6ae884c2173e12e31cf2":"d74d20dc22c55c35f0b66a464dfbe8f349616916fc726298":"407b0951404079fb3b54559c0286143d9cb18957bed7fb1d":"809f372d1af60ff972049193fe9f173684a2fc9828b60b32164c1b6738e1ba6aa12cf739287a74c6ad528a3ec00095b590b44705b4975236a0b7ea02c1213f0e830f275f53bb79efd98679c4766cad27738e6fb777e98cdd606b971fa60745289d5ef72a99e1919686a53a241fe36cf0" HMAC_DRBG NIST CAVS 14.3 PR False (SHA-224, 0, 192) #13 -depends_on:MBEDTLS_MD_CAN_SHA224 +depends_on:PSA_WANT_ALG_SHA_224 hmac_drbg_nopr:MBEDTLS_MD_SHA224:"e555ed6c7ab344fea68d73c6432e4e6da2e67d8b33ab79e5719a2def258a852d17d93212840583fe23900949c301a29fc92095f4716018144e64583b":"":"5262cccd138256fa8424801435d118f39b9aa1db4d11ca9f":"9b55d76b743bd7fc5700fde8ffca956c0ed6091df1a22aed":"f8c99af8029110c41a6a01fd2d3d12b7103aa39cbeea90c8":"d1ec06e38af7c6e0a70b73ac62bc3556183f99a47bfea0f0c4a59e7ba4b0718df5438e369ba14be84db40d5ffe8a1a5952edfb83f61ee4d984e3d2fa67f557aacc58291cc688fa29be530e66c228e68607e25c013473b4ffbcfeda721ee35f5dfc8809528eaddad8969ce719a411216f" HMAC_DRBG NIST CAVS 14.3 PR False (SHA-224, 0, 192) #14 -depends_on:MBEDTLS_MD_CAN_SHA224 +depends_on:PSA_WANT_ALG_SHA_224 hmac_drbg_nopr:MBEDTLS_MD_SHA224:"12f2cabd3b6f640daaf27ed6cf6bd7d06e2ac372733c6971739e36afe2ba1ebf4e7e5e9f5591480e3fae752fa59bb99a1949bdeccf0c100f6afe886d":"":"7766c36e6583cc8e3c26a8058fa0923bfeb3ee22033f46c0":"63e60d1bba9aa29adc3f3b8a5db53f3b703c7ae69bcbc2f7":"f416f36717ba5f0a78125ca52ccd004b2f4f2dcdd401f595":"6196b2b4adff14a26d64f440b6c160210266d7f5b77d5e292e94b8c67bd9cc774274741e7c0c9a7ab21c31f1194ef4218ddcbbe94059042d22ef44ecfecef214a73db64505d46d5493d7475d0684fc0e431c5265c12b35310d4404b3c4db6029facbaec88b0c0ae9799e5af0aa49e842" HMAC_DRBG NIST CAVS 14.3 PR False (SHA-224, 192, 0) #0 -depends_on:MBEDTLS_MD_CAN_SHA224 +depends_on:PSA_WANT_ALG_SHA_224 hmac_drbg_nopr:MBEDTLS_MD_SHA224:"2c50da90a1f7987d5216950ea22689584b237647d96c1239f9251942f4d13d16f418b0cf7265b91c4ad97a7acbbda065a48bc1bc5c7a9ee1523c50e3":"a74c108fe870b91a2defa971fa1efcb7a209f293d29bb5ea":"":"":"":"8853eb47c4ada94a3d58a1b517784bccc8f831d02dd5239c740fd7caa3869c5ff7bbf522a78be2d510c49c496a6657a09f0ede00daee9fd77061b0f04e7342518dc6ec1f4a7ff99dd7c783882b58f5e8bc467516c6b85985fab65c6761d4fe756ffc27fd62cfb92778391a258d3b0b0e" HMAC_DRBG NIST CAVS 14.3 PR False (SHA-224, 192, 0) #1 -depends_on:MBEDTLS_MD_CAN_SHA224 +depends_on:PSA_WANT_ALG_SHA_224 hmac_drbg_nopr:MBEDTLS_MD_SHA224:"4606e3e19a8a53e8aba05d9d1fda1ddf15e7709aa2bae8b54efc4a14e734b45a5cbbad00a749d2bde540258de74ff8fe886d05570300af2086d0b9a2":"23ef5fbde4b270c084a745e0e299a5eba228a37074fd4f07":"":"":"":"8caf86df25de5cbc3749fee4b64fe041cf4ef2859e20704bb01abe126a90ead8cffc427c2f98aac400aab97184846125a2a66888dea9c8aa108e96e03b05bbd30e566fb90c661dc1990ebfe75f73f5b0de7be419c225bfcba3713805455dffbe5d6fcc98141743b59c2cbd70e78f5977" HMAC_DRBG NIST CAVS 14.3 PR False (SHA-224, 192, 0) #2 -depends_on:MBEDTLS_MD_CAN_SHA224 +depends_on:PSA_WANT_ALG_SHA_224 hmac_drbg_nopr:MBEDTLS_MD_SHA224:"08e2e2175fb34e4111179fc2580c05afa16d224440cc7eff24082beb16133a992fc4f4e2762634fbf68177dc3f11c4d057b71661ade56e7768ab9e6b":"0a4af33e2501ba409b132459ba97603888e727aca0a0cee0":"":"":"":"39c60b6d9f85cb69b2128bde86aca2b055e21ffd7716d789f834ecacc69a043893b09459991793571d3d8070f03382a11bd1c1bf38e86fae13a932c6dc82c540fab8c8eff478e598d3295663ab75ee8a56376c0d607fe43b74ac39479b8f694a3a13826b1b96344ec67b9eb0a5858eec" HMAC_DRBG NIST CAVS 14.3 PR False (SHA-224, 192, 0) #3 -depends_on:MBEDTLS_MD_CAN_SHA224 +depends_on:PSA_WANT_ALG_SHA_224 hmac_drbg_nopr:MBEDTLS_MD_SHA224:"b436ebeda1119de3fb2b2e532f7ebf59fac632a4d784d904f844bb73f2cade5a88d4790c8c1d5973fc73f6b7f929303b62d30b6818a25ddf705bdb9e":"07de5589726c49dc5a764de9b41bce74675e4ca3c71769a6":"":"":"":"2099fc754ecd19a19de8afd21d2ae2ce456c32d6ce7772a98e37ed47f54001f44fad8e9b591a70d3bb28f19bca22940321ba17c33193613b7b5be1ec54efa470b70cbd6be2931193c35cc73d80c139bb4e670e1a2cb74d3bedd3610e9d0f9d154372a70b608fef824c346fb16241b301" HMAC_DRBG NIST CAVS 14.3 PR False (SHA-224, 192, 0) #4 -depends_on:MBEDTLS_MD_CAN_SHA224 +depends_on:PSA_WANT_ALG_SHA_224 hmac_drbg_nopr:MBEDTLS_MD_SHA224:"4d3e993c296c66983b9c751d2c0aa2d519f801a764ac9f1fd8d86b57eb226bdd9f69efd9ad29bf16af483e7dc170f8af65c16426c2ab7c0fa9df0175":"52ae4cfe985348408d3678d60259a78369aac02953911e74":"":"":"":"bead2cfc29315133e6f5ba2e85bd7778dcf9908081032ee634f90b0124ed9371c9009419b9e2a409fe4abd6295cad57cddcb6042986cc98f2fafdff99f7cc1185f3ba0d5f1e5f5452ee5f9df03c0e8a4f8426ca246afafe81079c2f0d165b87056e7c8528e8cccac5f49d0bb5ccfbefc" HMAC_DRBG NIST CAVS 14.3 PR False (SHA-224, 192, 0) #5 -depends_on:MBEDTLS_MD_CAN_SHA224 +depends_on:PSA_WANT_ALG_SHA_224 hmac_drbg_nopr:MBEDTLS_MD_SHA224:"c7c4e18c56e9191ba43c967cebe48e55bf9aff4d6449c3e6a1f9846bfd7f92d535bb7386c0155cdc5aa2beec888de0d432f695ec79b1c78841ad941e":"c36a381b1b36e6ab00ea80557b5e7451ec9771101dc22580":"":"":"":"da74b23d309fc7cf7670d7feb6cb6ff4da1b763ae2e8616edeec12c71511f5a24b9c466532283f4151a902ffa5ae211d7c1efa84477b93fc393ac95522f3673f97aa9e379e48d198d5929684875150633fcf8a0918d2050551d8daa91887f3d2685737b6456d0c61c0a117413f193346" HMAC_DRBG NIST CAVS 14.3 PR False (SHA-224, 192, 0) #6 -depends_on:MBEDTLS_MD_CAN_SHA224 +depends_on:PSA_WANT_ALG_SHA_224 hmac_drbg_nopr:MBEDTLS_MD_SHA224:"78426f865483ffbcc6330db2ccd65bf8f247706cedf68d4cbcc289bacb1ef32e5caf05f28a21146a9b18e77b3a7ed0d24a0803c9af7264fe4e23d692":"e5026090f9806ff6f158c4a834588f6a39e9b4a44ef2dfa6":"":"":"":"111cd64a9950cc6f20a1b38811fce4a08929ca2654bed66c0cdebab0b81552826c06ef12ce463fc9c91c81a35d2ca0553905922b9a4975fa8fee2c7f9ffa9f2ed8cb2609f4b7d32a44927c7b5baa8f43dda137aba9b49a2b0394f7f67d37b7f71a5e4f4c151db6b96e8e4dd9cd0bd84d" HMAC_DRBG NIST CAVS 14.3 PR False (SHA-224, 192, 0) #7 -depends_on:MBEDTLS_MD_CAN_SHA224 +depends_on:PSA_WANT_ALG_SHA_224 hmac_drbg_nopr:MBEDTLS_MD_SHA224:"43ca11d53ad0198e4db5e136de8136bc461851a30ce59521f931ad0596d13365bd8297a68dd42b7dab7f40808b3ce6c12f14d4de741ce451b6637a10":"532b05891fe406ce72421013aceb434581be8a3a13549dfa":"":"":"":"4c42f791dc8322d779f9a1ed9a28b0cf352601a4ef6d74e4e822ee5d9eef06e700314acb7a47dcbb62805babdcfdd236e3022374defd44bbf747764f72fbfccae10893b54b29966aba448435987c22ace4c931d01dc945091860cae7744365bd9b619059b8b646b229878966049cf83f" HMAC_DRBG NIST CAVS 14.3 PR False (SHA-224, 192, 0) #8 -depends_on:MBEDTLS_MD_CAN_SHA224 +depends_on:PSA_WANT_ALG_SHA_224 hmac_drbg_nopr:MBEDTLS_MD_SHA224:"ddcb3024b681e30e16e05026d8e23977497fd0b2c0ac24017de2744edcb097d3a104d4e3c6b8adcb554746f9a43671f0692c01a8f89fa98ec3a54ac7":"bd9e41974f6627ac5bbb21ec690eece459e1dcedefb327f9":"":"":"":"741b2a8e82aa3ca9f3a609d05a6e2d570be463ef957f235344cdf9e0f89b3610951aa1ef0b9406785b75e59c2de8349d435e4db82fc2a4a8b94e366f4eb13c432fcf8fac08f0c7fdbe67a44e81706b53b460f78befb8cb6dd2a0ffd13c87df84f8a5197ed47158cee171e5323593df4e" HMAC_DRBG NIST CAVS 14.3 PR False (SHA-224, 192, 0) #9 -depends_on:MBEDTLS_MD_CAN_SHA224 +depends_on:PSA_WANT_ALG_SHA_224 hmac_drbg_nopr:MBEDTLS_MD_SHA224:"f81c4ba8605dc14072e2bda2d2ef64e71ad856061056b8d8374fff5a6fd9a54a814fd725bda8944037197492c52c62b97ea02df33325b35b91726839":"217137084f4519d046ec896144cf2c301baf911e1440852e":"":"":"":"14efd71fa13dfbd498bbe13ffa24e646d04ee0ef32c99c11004c3e9d8f748ac2f956f9899a72c8d97ae988d06275855f77a92bc30f1b957dbcfc93fffec3852715c239c5313e765affbed257d302b6d1b74977b8012522b69902adb86efc1ad768d99d657a5375dff720b4cad886877a" HMAC_DRBG NIST CAVS 14.3 PR False (SHA-224, 192, 0) #10 -depends_on:MBEDTLS_MD_CAN_SHA224 +depends_on:PSA_WANT_ALG_SHA_224 hmac_drbg_nopr:MBEDTLS_MD_SHA224:"8181fd2cc5f7ae2d4ed2c96b9511aeeef33e50ecf164afc4eddebaf76a96d97bfb40377959e1edc44d24df041749ec6239ff226e40d5a5feccdbeda6":"7d6ca5ab652a37cd79367d84299f1ff2c5a3c2331c77b98e":"":"":"":"5a2cac8110a24e1d8c5f8bff3e82857ec8cfcd469c316fa18b0f65a0d30866e49fed2a228121f50901dbbba561732c4fe82a98f341bbc0a397fd257a5f8a4a9122c991648b1a6507c82f866d26f9b22e0ee7c9a51c4d8e5104f0b4570043c9257bb9dd6f3730f1daf94f80baf8907acb" HMAC_DRBG NIST CAVS 14.3 PR False (SHA-224, 192, 0) #11 -depends_on:MBEDTLS_MD_CAN_SHA224 +depends_on:PSA_WANT_ALG_SHA_224 hmac_drbg_nopr:MBEDTLS_MD_SHA224:"a0ad012a978bed2268d05086b823f5d0dc9bb98ee03980d755bce968f9ac81db886a2a05b59df40d8346334a0276b73f528db03a118545acb7f2d70e":"1a8aca3c118f2bc0c2196df81ef22c267d20ed7c607cdae0":"":"":"":"b9dc0eb1e4aeb482dea1b4a5e6f6ef9636366face696811db2d912e9430b303f23ac95d65682694ef9513ac5b3e56a053b2e1a2ffbcb901c375cd122cab47d31fca5a0606daf8cc2e5e6e99b90fc8ab4fa67794caad91985cc92b2187dd2965be0980240d9be2fb1c4bf06e60f58f547" HMAC_DRBG NIST CAVS 14.3 PR False (SHA-224, 192, 0) #12 -depends_on:MBEDTLS_MD_CAN_SHA224 +depends_on:PSA_WANT_ALG_SHA_224 hmac_drbg_nopr:MBEDTLS_MD_SHA224:"f28b143468ab87794230cef4361d047236444180d0cfda58cbb9494cd1ad21be96297ff799011042013789a928f18831ffb0169126dd046c774a4fce":"ea7fc50e1eea3d84bffcbf83b240e921348b532e7b33f094":"":"":"":"5c22e92f25acaf98f55ff06e1bd80d382da754d1d33cffb6fca933583ba758200357551640c439770f77f843e9ce1e9a054f69588d76acb9cb92b7a2fa2903bc51391bd7001ccc1da67a4cce9e5dd08c2d489295c36de2c148ce27311d0789310de1cab2641e92f859b036383a8058a4" HMAC_DRBG NIST CAVS 14.3 PR False (SHA-224, 192, 0) #13 -depends_on:MBEDTLS_MD_CAN_SHA224 +depends_on:PSA_WANT_ALG_SHA_224 hmac_drbg_nopr:MBEDTLS_MD_SHA224:"b628cb448e477cb439a2de687861a992e738db6b2b25cc6c27aadfc3a0a640b3411de49c920407303e80abd7a1d4f45c4749980fe1550bff69518210":"d5f4f8266da9b7f17ac97734201544104a5c0acb53c6bf22":"":"":"":"34a834dbb7da0b6a2e2353bd9795bef369cdde4d172b3feae7b1d9fdfb0446454cfb1adeff423d0a143c33c0e0d8e7905bd1720889e8b1121f1ef82cf15443c2f9c8999c5573e7df60b52ef395ca1d1b60e7eb721c012c344d06b336d519fa2b7b6dfbed8383456504bd0b4893bf2ba2" HMAC_DRBG NIST CAVS 14.3 PR False (SHA-224, 192, 0) #14 -depends_on:MBEDTLS_MD_CAN_SHA224 +depends_on:PSA_WANT_ALG_SHA_224 hmac_drbg_nopr:MBEDTLS_MD_SHA224:"5c7c9690a1926a4580c691c2e5327e736d5c3aec0ce8f5d32d4946bc4b607f712a8759428b010ba1b268b0de64fc5eb32d3f7fa9b8d4f20fab45c72d":"0310b2d8b5655cbb0fc2041ad15a248a7b1f2ac78845e29b":"":"":"":"6f8b6df55d9d8acf87dc2af20b7f4512f9425987495f512975de8059135e7ebb8698cb0301a8816e7299e76053cb66051c8b35bd2b00b4695cff4847f168d2d60697495cd9007ab7dd74ee7f61ee90b7827543f624b7c1412bba3d6df1242e6ffd90534ed393341429fc00bd97d9bcb7" HMAC_DRBG NIST CAVS 14.3 PR False (SHA-224, 192, 192) #0 -depends_on:MBEDTLS_MD_CAN_SHA224 +depends_on:PSA_WANT_ALG_SHA_224 hmac_drbg_nopr:MBEDTLS_MD_SHA224:"96ae702af50c50c7c38818a5133938bd7ce51197fc78e21815b6c5a7ff9c0395d764159f707d5813e5bf47c1b8232b44a007bf7decfef499d758ed53":"e96554644097e9932585b7f4bb14d101f24c8b0376f38c05":"3f698a5f6f4fe67ef2ddf23bd5a67c1a2df4f3b19425fb85":"fe1f6a90fc0ed396bca21c0d40a1bb583eb63df78c98adac":"5942b56148f27dd5388f00caa47ffd4925e854237fe14454":"150b9260ce9aa419fe1860332ae7c9f42d9ada1649679b53f46bc9d20de3431186a54afb5df7b6269cdc05540a93fdd50a2cd3a862372d862841768df02846b057993dd6aa32f874b7220a5a1fd9cb573d720a54af5715cedfc16f0d9a467735e253b2b1a6e97421fcee1f2d670dec1a" HMAC_DRBG NIST CAVS 14.3 PR False (SHA-224, 192, 192) #1 -depends_on:MBEDTLS_MD_CAN_SHA224 +depends_on:PSA_WANT_ALG_SHA_224 hmac_drbg_nopr:MBEDTLS_MD_SHA224:"4834717f669d9b599f0ee526129057b5a7c5680724ae0459ceb0e0d4eda21e5fe92e63fd23f08f8a0b094a85f3f377fdf1018ada0c461b5a05c334e8":"870b7857dae97cd361a005c3005013e4dd55ca76e46b62bd":"522534ba1a09cf9abf29bde66ce1dacd0e273e8954eccafb":"45f54169665f59d92211f266892009958ee515f14d09581a":"4633819c2ae83c71059ec8ae41ed2c68cadf9b2085a5b8bb":"7afd6cfafd9a7bad155b59a8bb2094f76b915b93764e92858821d5c32ff4a29493788d3dc1627ffe7980950394349eba88b9c2f6869ac5086296366b6f4ee37e8529d291c9d962e30662423faf375b7820e0b650db03e3c99791d8042da790cce1a1997ea21441dba4b936bd8b393300" HMAC_DRBG NIST CAVS 14.3 PR False (SHA-224, 192, 192) #2 -depends_on:MBEDTLS_MD_CAN_SHA224 +depends_on:PSA_WANT_ALG_SHA_224 hmac_drbg_nopr:MBEDTLS_MD_SHA224:"f5d1d27eb344b63e907d82a2e57494b25dabcae440ac88738512d9602ac8bca243018f2495599e618dde0261e43ea38d45e7c09ccdc4bf3dd8e5c100":"12ff844e5c5bb3fd871feb37ab796002846ffaca5a741c54":"f642c19602754584afa3083f567d80fdcd1e5c29202ac3ad":"cb6dbad8ce1a5677b4825cca934336b936ccf841ff98d894":"c11fcc157c643a943e54274f1d942d998fd1ea0333e21588":"6f25ae8bf8c26d5f0b9d2a81acaf221790a09241b6e83c9e527c7784881d1f7398c2d7771174f92aab45134b4633ad96430df30b130ae34af52de90b425405959ba24a41685a04d2411e2f0e8564bf5bf3280cb6d75d0b910d06c73a625cd56646eebff14fcff81411c055921cdfb4c0" HMAC_DRBG NIST CAVS 14.3 PR False (SHA-224, 192, 192) #3 -depends_on:MBEDTLS_MD_CAN_SHA224 +depends_on:PSA_WANT_ALG_SHA_224 hmac_drbg_nopr:MBEDTLS_MD_SHA224:"49a10569d87a790d34bcc3c8fd77d075a1cef9eff337e8929b51bdb8d6c5df3ad31045684fd1dabb1fe6f052fc9886384fe43c0a7abc7adca043d35e":"34d6ad434a436a690e7644f0dc2207131148192ceb2e91b6":"8707328fc5a1721e4d72b23c2b8ca3c30ddd95664ac478aa":"82c8d83a9f5d5639a6a1ce26d244bd30dceb1cc978627e19":"2a53b0b80b29c7d071983b65ba835e4eda66bcfe7b3d90b5":"08e24ccaae3b44b7248b2d735af985dcadb84f74d202bca726de1cd663bb5ea1bb67c669126ac97218a9ca45491df90beb387615474249bba1afd4534be7a74c61fef308f13661ddfcce40f24b410cffb1cc3cbba2c6d20a5e4c4814d44bef07bb697cfcf1e9932e43349376dc04865d" HMAC_DRBG NIST CAVS 14.3 PR False (SHA-224, 192, 192) #4 -depends_on:MBEDTLS_MD_CAN_SHA224 +depends_on:PSA_WANT_ALG_SHA_224 hmac_drbg_nopr:MBEDTLS_MD_SHA224:"9a4232a59cc579867f8330c288a9218251030c00ebe50c9cd97d6cff6e49ad079df509644ec2ebe3ad4e515654af383da265d7b348dd4b89ddd49cbd":"b4498a32f664d4b489c2b47e67845d2d2bed5096e88f86de":"b8471ee87531817d81ee32578d27fa3a190df33561da7a2d":"2e74194aa62ef911599b37a51fa742817e3a4e6c254ec179":"afc7f13ae55e738cceb976ebdd01698de4d103db797f799b":"340c28cb7cf4c3e143dac3e133de864b1f458c76e3d47f3cbb6845f940be174b8819fc539f42005f4485fddc657f064c34873094e25a9bf7ec341a98cb97014a1d694b1694170ca5a8976e86f6e4e41232f526ec8536facd02394f492fbcc7c298ef0eddb3c5a148399ded7677366cf3" HMAC_DRBG NIST CAVS 14.3 PR False (SHA-224, 192, 192) #5 -depends_on:MBEDTLS_MD_CAN_SHA224 +depends_on:PSA_WANT_ALG_SHA_224 hmac_drbg_nopr:MBEDTLS_MD_SHA224:"b89744009793d2c118365b1d2f343d6b6c59374b41dbd805e793f27882467c5342015cf968b080a88a15fd6a7be3757b05313528525ab1e2cbd08ffd":"f3c02be0a880e194013c21b09b6703a61a7ccf7a73e8a541":"bca27f10060bb8d16d499b3f6ca05ed8462b51b0b43a1fd7":"eb6fcf75884be9112219d359013f45fcb1959ea971bd0bc8":"50a03bc3652f50cb9ed1167ea70ec1e74f896f81a8090216":"d2a529722365e7ff3e660964eeb27040a0e92a4d19bbe94592cfebad71047414676ca6ca72234f5127f313cb7f5be613b44d989fe141c9a0ec1f0b4d83c36e744cfb1c72c32a02b68c21d28832da008c57664046255ef18488ed750ec5e73b18eead939f932d2809f12939670c3c1033" HMAC_DRBG NIST CAVS 14.3 PR False (SHA-224, 192, 192) #6 -depends_on:MBEDTLS_MD_CAN_SHA224 +depends_on:PSA_WANT_ALG_SHA_224 hmac_drbg_nopr:MBEDTLS_MD_SHA224:"6d2918c15be7871cad99dc9e06f73253ef905d9705c4e4ec38664043b04f9a150fe5953bfa7aebd926be162b7edd72fdc14ff97e67dae6257ad654f4":"489243eaac215f76a573b92f0709d116bd3c817eb95c2c39":"0a84cad7a1cd21a5afe6557d7d2875d9c62183cbbf49a123":"0c14578ac9504902cb9aa654086246d113039f926a87b325":"1aaab1e3a29e144cec825d29c3f42dc945cf2772ed30cb5b":"33438ba4edd0c38db99f2b6a50b35dd89aecb3491990ec4e60460bb32eb0186ff9fdc973b1b0df23ae65da31b8af5a37a69f81ab3e577a4c2c31e51cfcc4e844b044fb597e937524f59a0019ad5120c460329c982fc93e8e7a4b4e1de5619103b23a7a579633fc925d147d8fb856a277" HMAC_DRBG NIST CAVS 14.3 PR False (SHA-224, 192, 192) #7 -depends_on:MBEDTLS_MD_CAN_SHA224 +depends_on:PSA_WANT_ALG_SHA_224 hmac_drbg_nopr:MBEDTLS_MD_SHA224:"1330c4aef54ff84387e0372f7c8d273cecf0af2ceb32ef6edb6a4f1ace802f3b95fa69cf578e2cda1d6060ec2554eb3152507387f325d8e26009bd80":"89d7bf8f5754cedc2e1a249f693e29276170f62c29c5edae":"a6b58f33d57570f4df05bbfb792a00087d331e17417e09ef":"f57fc701e4f8f5cc2181b5357824f932f6e07679ec0d3cc7":"586c4e8c5769156cbb54c025fb01aad0b61aa6238c231656":"0bcb6ad4f2acefb549c46271d5a4ed41d7decc095137e2044b60273388c6c6d79cb89016abcad1d6a138621720b71fc11ef82fae04026e08926e94042694a0c008f99281e03da580fbb6543aca2b4596d39699b97f1fe65ec60a70b88770eb825b716a10ce41383f31db596079a9d54e" HMAC_DRBG NIST CAVS 14.3 PR False (SHA-224, 192, 192) #8 -depends_on:MBEDTLS_MD_CAN_SHA224 +depends_on:PSA_WANT_ALG_SHA_224 hmac_drbg_nopr:MBEDTLS_MD_SHA224:"3f0564b9ceee32c8944c8f2bc4b4d2179b38acc880bdb91eed466b881e2cc21df77bc3901ab5ce5ecf029a066784503f80d1857979b09c4563944433":"5d54fc715556c20f5b2d01d6b0992f1c596e5ad77f81da75":"35cb6d07862fbab4f50038097cb463aadf14e519c8834651":"abb21e501e85ad1edc66108e3b88380fddf810b10b883317":"3c690cdd997dfa9c5677bee976fa93cac21f5bbf382f7f53":"bae872c9d221b1531f85c15f466b7a3af3fa9c9c6b72bb8f5dad77f3d12df52d10347ba5d6504cd0a285c3be578bb67f0a9f0137463dc01cdcb847e7853c5db4cbb6a115ebff7b80db0406baccb0e3e68a4a4a95364c2da29466e160fece7b8ddb65dfab000c66cc8109380a601d5ed9" HMAC_DRBG NIST CAVS 14.3 PR False (SHA-224, 192, 192) #9 -depends_on:MBEDTLS_MD_CAN_SHA224 +depends_on:PSA_WANT_ALG_SHA_224 hmac_drbg_nopr:MBEDTLS_MD_SHA224:"115c973d6df41ead464e22572dbe0761dcdb9aad930b2e55a5558075fb7c51c94efc5f8fe5dfe24d30175a89f1bbcf146037a07b324f572d0d4c27e4":"d3079ee3a3c9b2d69ee0fd316a6448bc7d8e3b730948c46d":"2348ee87bd5a3bb45d51a7b6a109043a9b6ee3db011dda28":"937fe1a7a790754bff99ad51782e8ef5b4928d0057b0c380":"3e89899f4aad241a9189ffa127c87c15b5e3bcfd80bc316d":"0ffc883aa19b3cbdeb39039fd3760160a93cd663b8b358e9fbb6300df164689303ee5f2489ab4ab2d522f6a33c93350eab553a2499b15f8ca198303ff45e946a06d8a40959f33a759c5381b3a59da22e68032abf3da3da6aadb410cb41f54b3146ce57f9bb5d28bc823e3e03c0294794" HMAC_DRBG NIST CAVS 14.3 PR False (SHA-224, 192, 192) #10 -depends_on:MBEDTLS_MD_CAN_SHA224 +depends_on:PSA_WANT_ALG_SHA_224 hmac_drbg_nopr:MBEDTLS_MD_SHA224:"c28541425a7cf33e29adaa91f326f216de89976031977f104f44fcbcdcf4579337434613801fe4661642392db29f15f0924566e72b596b23ff7b18d5":"44650a29972aa8521d6fb9dffeb15c00903a283f20ea9914":"43cf4de0276483be1382f3cecc6a803551a40602584cd84b":"03eaa10612895db8f66d50a2210d73d1f563c3ca929d9f54":"8d2b20abc4e8890c772bcaa05cb7b3eb5025ac4cacb5f7ce":"aed27ff8eb54a7d2787e73ed2a51877c1250c0d4eaf10aaddb30409624289a9b7742cdebba54218c7c448b57f209182e214014cd180916a8c125ad438af2e5f5ca5b00f9cf063f0c307560ed4378382b4572b97088f8d24e0bdf0fc3489f64074f1155fbb1163b54c93098b841257c30" HMAC_DRBG NIST CAVS 14.3 PR False (SHA-224, 192, 192) #11 -depends_on:MBEDTLS_MD_CAN_SHA224 +depends_on:PSA_WANT_ALG_SHA_224 hmac_drbg_nopr:MBEDTLS_MD_SHA224:"dfa52082afb4dd137cb5209f6771f04eda25794280983ba1d8cd2f3d7f9dee556ac26d8a5a368d29096ed643089b65e9ab17b5f58ec816570499fbff":"16ccfd20408082829aaf8a818885164581c9a1bd09e9fc12":"abe13d12a9f0133bdebe14785dfef5f08a133a6cb5c26a92":"485dad7804de594356cf3c571d5f22263c0b7cbd4dca1f1b":"5961f8177b6015ae0119d22e0a45a4aa1bcdc580f7e7f975":"ee48e57f1b5bd72c99c911d3353952c2c143689c3cd9b474a46e4ada83811efc67f2557d323723526809825aa338a80e833c95297d6b16490db633ac1f1648071c3ad4cdcea056c41b4eb157ffc83c3454b0cf001f1e01c31e48a61587381e293e6cff97270c1f157b069df3e591c2f9" HMAC_DRBG NIST CAVS 14.3 PR False (SHA-224, 192, 192) #12 -depends_on:MBEDTLS_MD_CAN_SHA224 +depends_on:PSA_WANT_ALG_SHA_224 hmac_drbg_nopr:MBEDTLS_MD_SHA224:"95f3a1aeacd07218a2ccee44c807f790e568e0032a42fdc7c8dc9a71f76bd725aa909ddbdf5457f1dc4e69746426a9c56fbec603867633ee36a7fe62":"658b7326cf6adbf7208d37cd69547805bc3f58fdd874e143":"d44350c7a668e64873ff97c31d79cb23b0f1620aed7c9d23":"dfefff80f10c3143b82de3392c395ab94ac8a2f4c0a30048":"a6d21a762aaaddcdbae9b9ecefbcb3149d514c94fe83eb21":"4f5e544491b72b84a0d0532d7f9ce01ec2de6a05ab5056fc75d8f73bbcac5ffc38e20745d0e8aa1eacdefea6dcbb92475b5cf9ce0a617e5603b7b9fe34f4f4cb04ade2db35cce1fd315140e3e4ab8472216c7cfdaf004181351f210b397c3147dcd279f6fc2ebd96050e996f77ad6ba1" HMAC_DRBG NIST CAVS 14.3 PR False (SHA-224, 192, 192) #13 -depends_on:MBEDTLS_MD_CAN_SHA224 +depends_on:PSA_WANT_ALG_SHA_224 hmac_drbg_nopr:MBEDTLS_MD_SHA224:"29a1897d6ea5de66e551f8c106f601e421ddd940812530df00f634682f249aebdaf86938c895c11f9fcb0bd1fcdb183b4f8cf86b3429a5372caafe1d":"d655a179edaf4b8381a9f6a332ed5b754dbf34f650d19867":"31c87be686b6f90f3d1b0ea90c541e16f3430292a5c4755f":"ed49403700cebec30d1057503be7baacbeb45bcdfd9a43a2":"952763380af3243c6c327f23cb74f8368919e0b6b9c25934":"fb29067bdb23c0f0153932523edf32d0e3c18e46616e07f39a4b78091eca90349f636ffcf26b68a4cd0902431f2ada91bcc86dc223db4aa7a42e7cb57a852095704a27f9f07962880a50d2ce16c125be1e8d4f54a0cc5eaf63150c32408db6f39b22fc93b853caaba9e49581f13a8815" HMAC_DRBG NIST CAVS 14.3 PR False (SHA-224, 192, 192) #14 -depends_on:MBEDTLS_MD_CAN_SHA224 +depends_on:PSA_WANT_ALG_SHA_224 hmac_drbg_nopr:MBEDTLS_MD_SHA224:"387e31bcfffa51323a92d90713b438a1f4ded69707be3aa517e1e72d448abbdf0a17989b3de7c43c621e904f52db52ad823daabff9c10b3fca93acfa":"e08fff320a493d70ea4cc85a4cc604664a0deec8f6c7666d":"969cafc33e99964833c4d0f88f906f5429b5daa552f53bf0":"8d6e6f05301ef5cefba752f3d0ef58a25775d6b69f6c15a4":"72292aaa69fbef6f010fa4d5bb63d6d7a595395d79a8c110":"77ead908484044482da529f9a6f4ca6e6d8d49954d2e2d5c7dc455e03bebf484021673727bbc40adc8812600201b8c2de8e658191422b80d23502329c84c0ca061b212952fdb2ecf3106dd20e6455f1f231e1dad1cfbf2fa019dfe9c162a670ae20b252ae2e5a4ca0eaae1c679a7fd3b" HMAC_DRBG NIST CAVS 14.3 PR False (SHA-256, 0, 0) #0 diff --git a/tests/suites/test_suite_hmac_drbg.pr.data b/tests/suites/test_suite_hmac_drbg.pr.data index 72bddfb990..2b347b63e1 100644 --- a/tests/suites/test_suite_hmac_drbg.pr.data +++ b/tests/suites/test_suite_hmac_drbg.pr.data @@ -239,243 +239,243 @@ depends_on:MBEDTLS_MD_CAN_SHA1 hmac_drbg_pr:MBEDTLS_MD_SHA1:"567d3f4c0de396ed67569c070d87f2b535ec874e881418983ec42ceb295b7d312e715e46b96f9da5998f9cde45b1dc22db6d2d7bfd4f3930":"43c16ab49ca5174f907d7899ebd242e9":"6c0b479d9e847dfbeae230bd4601d0db":"0d5a2183c9f9ca6941f6a617892f5e47":"934fe82b0951b97dafc5ba16e87b0459691156b42ff2dbbbd8f6ed9b04be952af267c6a17fbfc86de91f9f07eed482a5362b176216a8963af485503ba93b2e82c03a3ee6225077d90cd961e24f6026f6" HMAC_DRBG NIST CAVS 14.3 PR True (SHA-224, 0, 0) #0 -depends_on:MBEDTLS_MD_CAN_SHA224 +depends_on:PSA_WANT_ALG_SHA_224 hmac_drbg_pr:MBEDTLS_MD_SHA224:"f3a709bb47a36838cb998fb6986ff074c57932a669670570ff6cd1b202ee1da014a011f43fc02c51ffcb4048cc060763f2c58de2edd494275da14118c9cb7fd50475c66cc7e792406213a7d00cf7623d931a5947":"":"":"":"bbe3daefa61fe302bdaa6d4d379680acfd0d456b5d35f137c145b72626f2fcf39fdf7f3708d9e88c1710408a3d7ece3b0261ff538846fd5452149960215c0c22beafe6cd24a7c392d5845774b87528912c322119a2adf4d35a0ba61dd36ffc8a7e7475afec58ad4a8cf343afb677f087" HMAC_DRBG NIST CAVS 14.3 PR True (SHA-224, 0, 0) #1 -depends_on:MBEDTLS_MD_CAN_SHA224 +depends_on:PSA_WANT_ALG_SHA_224 hmac_drbg_pr:MBEDTLS_MD_SHA224:"0f508c6330b9673e94861ae2057e200ae8f2b330b74634d79fe8a4c698211080db07e58b762a2387379f0c0e2d01b2ca40ef82fec35eb81a5493ccef709dbaa0b0e4494e460530062c8db7446bc6af2d852fd875":"":"":"":"583367bde003eb2061cdb6f51db9c6827cbcefbff0497ba823e112edbf7f2066fcffa3e92d1e8c531007783554e6aa8a633bc925690ca6d579fbedbf9cc4d6cb08133d0cf8d4c25fcd3b6fed95f00b1bb17477cf67b97a557e7da933bdc121481755f628fdf0f0b1189a097c7147169e" HMAC_DRBG NIST CAVS 14.3 PR True (SHA-224, 0, 0) #2 -depends_on:MBEDTLS_MD_CAN_SHA224 +depends_on:PSA_WANT_ALG_SHA_224 hmac_drbg_pr:MBEDTLS_MD_SHA224:"9082871e73b098bbc58f324f12f6a83c321360c9f5b400d00a9bb865ef5265083d9309657c40ac94b579995902df0e2084eb4a6410cac605e482ea4abe5c8eb73bc63f68baaeaa56d47f7d74974d940555fd3861":"":"":"":"67c2fd4397af79297782af9baad2a26b993efa48c689a74531417ae102d4ea1d6a82cb0321aee3dc2572ad27299e81a7a77f1cf837119e746988f2ec60bb01eb2ac3d110a948c1c33e86833757e2670cc3947658f3b2d32ac59242f152e889d03d03056f0a265ee759d3a4488b55c63a" HMAC_DRBG NIST CAVS 14.3 PR True (SHA-224, 0, 0) #3 -depends_on:MBEDTLS_MD_CAN_SHA224 +depends_on:PSA_WANT_ALG_SHA_224 hmac_drbg_pr:MBEDTLS_MD_SHA224:"4701f34326930cf93deaeb3a9c196e307a890c8ccf44a55f84593b3388a196238fdd97d201998ec734821998e7d6bef7b31fa2a81343918056c01d65f519c8576e4120a3d6b9ce28ccf57eeabd012d2c14e47045":"":"":"":"b499b86b0a25a0fc84a9a1b902972e2bb5aaf9b84f13804d6180491285b9316218cde0e73eacf722b5c664f4e618625ed35c5facbfca153cc184309754ecaad9c3678ce51ade96dfe3290e125d661e2afbdadfa73240c24939bc31d171712c7c987bfb434f1db6ed44b321bcd237f149" HMAC_DRBG NIST CAVS 14.3 PR True (SHA-224, 0, 0) #4 -depends_on:MBEDTLS_MD_CAN_SHA224 +depends_on:PSA_WANT_ALG_SHA_224 hmac_drbg_pr:MBEDTLS_MD_SHA224:"a912b6755cd2d677d63268a5203739b0785d7d956738a596e269128a583921aacbba1adb7c6d1714c164143c8f44e76711965514651680235068476ab137d5962e5e5872f3b899d0e9ca5ae8fe71bdcfaef1d241":"":"":"":"0f410304b6d88e52c8d6039ca674a06c49a5fa1094cf341c4034e39990236d9e5bb8ebb6e59849e7df82e2d02981d8df21e4ba3381e606b99c16de62860a470109c0123c69ebaf970603f451f9e6acf83e1c5951c3cb87170ef319d9a791110aea0c0dae5623c287d4c454ec93227654" HMAC_DRBG NIST CAVS 14.3 PR True (SHA-224, 0, 0) #5 -depends_on:MBEDTLS_MD_CAN_SHA224 +depends_on:PSA_WANT_ALG_SHA_224 hmac_drbg_pr:MBEDTLS_MD_SHA224:"54fb376707de02a1c385a3da78523485111a0a099066206f210ad848f29d3c270d2fd2f668cdd3a57cabed71f9d784c209259d1e4a3eee2046846a55a46965e495eb29725a86bd630dc43cd60ddb4fc93c59980d":"":"":"":"a2e3ab5390b5b79786ec7b434de48e45f590b85513106008479d8a3b7b236c884b0f871d8dee539c712509bd70de351f3881cd87c9cf77c1a9d8879986ff0f6678549c5c6acd15aeb6bbe653a9bc76829df2f194c5f6e8c7dd3058971ce15273a2d559c1ac60a0014e5e32352d6be2a1" HMAC_DRBG NIST CAVS 14.3 PR True (SHA-224, 0, 0) #6 -depends_on:MBEDTLS_MD_CAN_SHA224 +depends_on:PSA_WANT_ALG_SHA_224 hmac_drbg_pr:MBEDTLS_MD_SHA224:"3a0c24b5a6106d28c02957538e76e96b3ececfa80ba4c7d01fe642a88fc822884cc36ac2703e8952ee635948715f78c542e6e3270f2757f1652474df4706490b18e649ffd95dc518a8b4259da193600af5d5bde1":"":"":"":"55dc24206aa59d34ea990ac6b31250f15ac056c8ecd52e159f3464c38e1f28840eec4c6423b0fd9971d11c5ab99225eda5d173c08f9439bb56eb1cc487fdaea934fa816f9c9e0d628f111cbe60a647e03892084f80775248d41cb587617671d99b508644476b66c1c96979e5061e025a" HMAC_DRBG NIST CAVS 14.3 PR True (SHA-224, 0, 0) #7 -depends_on:MBEDTLS_MD_CAN_SHA224 +depends_on:PSA_WANT_ALG_SHA_224 hmac_drbg_pr:MBEDTLS_MD_SHA224:"ae7ff70bb69c964f05c99c0e7868210d567bcb5eb02db7708de162e6bbfd91fa17f30656420dad1ca69d356cbab80456cef922a9206f07d32c3f198c1a68e673c5583674bb1df1f2a69c554fdd3411c81a90c83f":"":"":"":"f1f3f79b1d7f988d4caf7308416f3d02371cc029a28eb4f0247c8625c4680a2dcbe9f3d56d92de6ee4d4031a254bda8a657bc147fb90c2f7783a8e3749b60633e5a921d015b846b3cb38830bc7554308af08ee8219e5acd1b699f1ac538930d257da4ef567ca570a7951bfb236d4d36b" HMAC_DRBG NIST CAVS 14.3 PR True (SHA-224, 0, 0) #8 -depends_on:MBEDTLS_MD_CAN_SHA224 +depends_on:PSA_WANT_ALG_SHA_224 hmac_drbg_pr:MBEDTLS_MD_SHA224:"86704ad0286f88dbc60baebc2ed0571de7b5ab64bc8554ba8645557fa10159ec03cc9f6f299c1c3011c73b2563e571fc24f5b5b50b4bee514d7c808873ca804b147201ba7ed43430d89b066c04b00b0a17694523":"":"":"":"6b1a26d7d21308d217bc8988067ef3e21f5bc10d34e89937f2a89f8da256acef50b6ea7d9ea877bc1d15002b1766e9bc7fea3d681b147e42359ce29d6d4f8c73e7c29b9ec14277fce2f6a0c518d24aeada44990f7f92b0d1184ff96b20c76d506f6f9d963391abec5bc247a2ac6b24c7" HMAC_DRBG NIST CAVS 14.3 PR True (SHA-224, 0, 0) #9 -depends_on:MBEDTLS_MD_CAN_SHA224 +depends_on:PSA_WANT_ALG_SHA_224 hmac_drbg_pr:MBEDTLS_MD_SHA224:"d0b30341b4fd48281f76a83d7de5769d05d5cb9e565b213c8e2bc8d4adcbae90107fc12fc1ed2a19f20beb563de8f05bc5c437637148154a12b1606bff071dbb366458b74a07a1c14114fab487772d436d4ce159":"":"":"":"fe2a7ced1965f013d475724eaa7d31b62740be411d899afa79f9fa6e73f18ebe0907f2f21388b6498cd365798f27f882a2c5c2744a9b25e8d351e77b9fa4471ceb1dd6c72fdef75977e4e4a246e24f56a615189e1b2a8d6782e8c5062b744a65ebe1f7c5fbcab333fdc155bfee300503" HMAC_DRBG NIST CAVS 14.3 PR True (SHA-224, 0, 0) #10 -depends_on:MBEDTLS_MD_CAN_SHA224 +depends_on:PSA_WANT_ALG_SHA_224 hmac_drbg_pr:MBEDTLS_MD_SHA224:"4a1a697e41537f28b381e05f11ebc905bd66c2c1d905d8c0b78c10c26cdf547a1b6f85ff58f48298a11bba41e3ec015d41a24d9e335e6e13b06b84b9f56b3e803bac569dae2d74c444bb58b3a6344bfbb9eee765":"":"":"":"15060b2bc827dbeefa2170ade633b0f0075a4b9b03fc24f73522174be4e4b08b93b421fa98c7c5a445c3aafed47a2eeeed63f19ef4f67e7726d8ff84bd94daa3338e397d52abea4c7d1191e30f3e8a11864f10ff56b2dbefd860655d34cf63ea22bbb54dfd0c5f64284c303a2ba2f49e" HMAC_DRBG NIST CAVS 14.3 PR True (SHA-224, 0, 0) #11 -depends_on:MBEDTLS_MD_CAN_SHA224 +depends_on:PSA_WANT_ALG_SHA_224 hmac_drbg_pr:MBEDTLS_MD_SHA224:"e80b8c8896557d596e192c3226347c336dae455b50bf32a78c61b9a98c949096be51538e293d338a464eae0eb18f1ab21f9903d07a8b98ea2ad7f41fe7ffdc4b4bd0fd06138a84dc5217cc8fe39b92f9558aa619":"":"":"":"55574491d07db3aff94dcb71f519cffe2f96ef57219262860c3c03f9a5b8a1eb88869e69587f8bc0693c9919bb277dc84fa55187c0dbb20101f0c4e301dcd2fe21664e5a2f0dda3eb4f11df3878c5becddbfc3ca032a17f740d424b99be0a9bedfd99907229ecccbf459f5495533560e" HMAC_DRBG NIST CAVS 14.3 PR True (SHA-224, 0, 0) #12 -depends_on:MBEDTLS_MD_CAN_SHA224 +depends_on:PSA_WANT_ALG_SHA_224 hmac_drbg_pr:MBEDTLS_MD_SHA224:"5c25f02bef1f1319cb6868d836c9cbc182fd8d86ecd87bc5cba41c163710074e80d1a30ddfd0f5d88c6682292cd50c68966d15e6ff95e117d342d974ff074ee872719d15745da624f8503a6141b0ac4b887ead5f":"":"":"":"9c5204d5471c25203f1d9786d38f71081a872f1c56604dc7570caa5439f17cddb7feff01cadaac8e0f35e7a5433cbbcd2dd4f11cc7dd14f6af629fd72a3145db6924d2bdefc262662367b7258cff36172263460f4dd52dd08faed3460bbffe18eb10ff5b3c6a97faddf65b3e21ecc98c" HMAC_DRBG NIST CAVS 14.3 PR True (SHA-224, 0, 0) #13 -depends_on:MBEDTLS_MD_CAN_SHA224 +depends_on:PSA_WANT_ALG_SHA_224 hmac_drbg_pr:MBEDTLS_MD_SHA224:"68b4e1ddfd16a1c1ecb0f4221306e77ad02b07993457eace086f66566afc5f12489633c605d11d53916eee96ed778d6d6518c5681f0fa9b0160da1c71740a94ab33310bc20a18710015af25d3d667c40dc619f34":"":"":"":"5c4c9b3276d546d3b6277a3a2089d4969146d833e0ace3e1ddbd9f79fa2158531f8bb26a28b08dc64bb1e610f13eb14c9fb23559dc2f38326e145ab509b9f69259a0d1a32f471d5abf154a2585288063845f99306f9bb875ccb0d32e9d49b42900257ebaa532e8ec223aea60abc9714d" HMAC_DRBG NIST CAVS 14.3 PR True (SHA-224, 0, 0) #14 -depends_on:MBEDTLS_MD_CAN_SHA224 +depends_on:PSA_WANT_ALG_SHA_224 hmac_drbg_pr:MBEDTLS_MD_SHA224:"d5ee5e2e629ea17487e593914012575daa8baf2d0e9671e1b8aad16524dbdf7d04c11130cdc10e50c630ccb235579a72b6eb4502fe146aabdab62a085c820ea46bb9091054d75a892a83c3850da0a31c15e0d021":"":"":"":"e32c0798b2040620fbc5d2a44ec7fa8038444c1910fd4a24312c8c8eadb57a78606449cf05ac51a3bc4d58ce78742c1be3a0fab6e3f5ebc92b82b5d5d64ce29e8c2787ace0f4e718a7f6cb669a0a43ba1aee0d9aef55cb7c6f5dff57c8acfe883ffd8a496d44afe06803e4c9ff62df04" HMAC_DRBG NIST CAVS 14.3 PR True (SHA-224, 0, 192) #0 -depends_on:MBEDTLS_MD_CAN_SHA224 +depends_on:PSA_WANT_ALG_SHA_224 hmac_drbg_pr:MBEDTLS_MD_SHA224:"6e531842b9b7fe2c0ee66899a1255135f784a2d5259c93ab3d63a5cb708e2e6cba955897d9b66c7fab274aa388a5db69713c86faa4a19709e9aab04638c670ffaa83806abf79a43e613e62cccafc637e1a1c0c14":"":"e628db057250fbc6fc5aba01b6c8b47062ec5632a8566730":"bd12e61e3d5218efb0c103dc49402800cfb863ec8925e76a":"037650ddf66ed42ea38cf44aaa94884effc5f831c593fb35886b5d601a58f74f868d89f2dba450b9c160e28f69fd24e30fb7a44189810e29afd0d11762d3ef07b4527f4134d6c53bdc9b024cebb6b40fbacd68b6acd4bb4d011d6705ce22f90d910ac4017d2426db7a48db3242161aa8" HMAC_DRBG NIST CAVS 14.3 PR True (SHA-224, 0, 192) #1 -depends_on:MBEDTLS_MD_CAN_SHA224 +depends_on:PSA_WANT_ALG_SHA_224 hmac_drbg_pr:MBEDTLS_MD_SHA224:"3fadabd2d8879bd2298f53c54b573db2584655e08a83289cb58a4ff5170fdc30d71bb24efbb5a50def315dc69146111462e204289a64ce72767499f299c74c934f0007ddb34bf5183bc1e5afd8c15eebdebba882":"":"742f7022892c2123e62379e9367787302fd18dc3835de0bd":"b60325136fde7c858054983a977262b6390a48419725febe":"3bfa419f9bad259b871703681284c5396fa94a323d646ddbf5339398c4d8314a999c230894ac60bf231762acada672f58154a86f80a8c4e3bbc67132e22ef50c0377193cb0d13c7e2c97cb24ce5bb69c73be2e5cd3a07ca2b000b2d7eea940053156bf55d846181e3748a91c342e191f" HMAC_DRBG NIST CAVS 14.3 PR True (SHA-224, 0, 192) #2 -depends_on:MBEDTLS_MD_CAN_SHA224 +depends_on:PSA_WANT_ALG_SHA_224 hmac_drbg_pr:MBEDTLS_MD_SHA224:"0784a499424dd1c2c13f765e9ed88d752fefa83cec61154f82b3fd645f642ff103db9c8d1c10b5979c56a22d58324669d4ace3994927222fa87fd049558a48adcbd6ad5a2380d2d927be57fffaae037bf8a34384":"":"9f853db57c3da0421914d2f71f9317817580c1de4ca43d50":"27071ad475b8541c1a80234bb2d110637fcf4b4e20e06a7a":"2c879a03bd719595211b526101fe85702161711c67a81184cc42c1f9da5761e853ff4b8d19deb95a2f3323d1cd58a2e066c66e7a30059732eba43a4bf3b22fffa5bea5161fd775160dc53d7cbb4c892bc122e4e0139f8f550219cf6fbccf55d16d8a4d8d7776aa143c00d9e7bd1c847a" HMAC_DRBG NIST CAVS 14.3 PR True (SHA-224, 0, 192) #3 -depends_on:MBEDTLS_MD_CAN_SHA224 +depends_on:PSA_WANT_ALG_SHA_224 hmac_drbg_pr:MBEDTLS_MD_SHA224:"addb36bc9ad134c7b8fa54881db1b18e040de4f253be28efbd36b12bfcf4721b08c5833eb0a97c668c7adbc7f04a9e0299549126172e25b9e624282c8e63eccf358c0ef1a71f8fd0a8fc49451db7757eae344e48":"":"e32540418ef68c3dcca1e7a0546e5dc7d4c5e92019b8cb0f":"327e31a0619305c93e9b5eef87102d447d21e21e2d8c1cc2":"178bee4059af0282854c833e11e7bba923a1e2f1126fe8cd7e1694602c180802d67b845a88ff786147f22a74e6ffb0f8b86d352cec2714ff8f308b1f9705603faf5b04bea3c75c87c91d5e6cf7583b5c45eb5f5a74d2bac490c8415d2fe07726bc334c88e3fb7284058b006f82e89ae7" HMAC_DRBG NIST CAVS 14.3 PR True (SHA-224, 0, 192) #4 -depends_on:MBEDTLS_MD_CAN_SHA224 +depends_on:PSA_WANT_ALG_SHA_224 hmac_drbg_pr:MBEDTLS_MD_SHA224:"412431badcf06f87551ec63c3860baf4b59667cb4753363d0f82fe7c968ea6f8bc5d015418adeae206005725dd9693af6f7060a2d5ba53f66dd49dc148de581737b67acd4bb70ff2f4cf20abc001ae1eb50cb75f":"":"d67f94a953e7e4e4bc0cbd517f963e599d68851cc333644a":"385281961ecf2d8175c0a718347d2132f059964c55f39f57":"357876e78a69cd4bc4e06b2c52ad28434520d54a4a310ee0eb026b87993514ba1442e25eb1ae22a3ce98529625d8db9b0e5b680d7e027523b0ba0184d3f2e4b9cdee027960ac1612295bcdbf570912ed05108541b97e3bb30ae0a122d74cb536e5db34b7d5ee5a042897d5d29fa3c126" HMAC_DRBG NIST CAVS 14.3 PR True (SHA-224, 0, 192) #5 -depends_on:MBEDTLS_MD_CAN_SHA224 +depends_on:PSA_WANT_ALG_SHA_224 hmac_drbg_pr:MBEDTLS_MD_SHA224:"ae914c3d74acb6e2d9b8487927db7992b838ede73dc918b60bcc94f0f456f454a6d100c90e119342154bc3ddb059f48db3a8d7b7288eb42d0ceb07532a2a357d20506ead28d9bd4a127d437a657a61f5d30b04cf":"":"2afb537c13fee9c4103cc6abb11225046d94df2e9838f73f":"6a9f670cb49cd9ad98a17cc19d00d4766344108f0c86804b":"2ed0c4140420c6e3798a13f917cd998b2ce6f98bac27f0fdb09e2538f573caff16904edb371f98f50964b7de552e997007fcd267b36abed12cd95d9a08852a4ca862872edd32c707e7a60e11fe0a7db4c0d34f4c70ff16e5c75e6f5d7ffaec3be383b8790ef0ff3a0d9f79850c9749c0" HMAC_DRBG NIST CAVS 14.3 PR True (SHA-224, 0, 192) #6 -depends_on:MBEDTLS_MD_CAN_SHA224 +depends_on:PSA_WANT_ALG_SHA_224 hmac_drbg_pr:MBEDTLS_MD_SHA224:"38a93c3ede148c91eb7f0cd327cbe8b27ff0e569bc5262aaf30b86d31be35f83b4ff50b84b5dfd649908d0c55cd5be7ad36d4f5f7f22cce066d3b589adef804bfaf52253a0e4c6bb03e000d649541e523ae52f1d":"":"e12c05f2bf463d24da9abe89301d2acefb7957dc1bab9ef8":"d70065fa713e2d691bf554a00d063222755e7204a3e53968":"3e5ad7e96c8cee899889640d8268cbea296aee96fca7bb60308bcdc08eed36bdc8a5b3126ed8be900577e60ec0f8b3d3014deec41ac650480e08dd3a425843b37fa5d1d621b5053ba4b2fc1804d407849a84e9eb5bfcf94f27c2a535e2756b8202ede1f18e81f65e3f7f51a064b401a4" HMAC_DRBG NIST CAVS 14.3 PR True (SHA-224, 0, 192) #7 -depends_on:MBEDTLS_MD_CAN_SHA224 +depends_on:PSA_WANT_ALG_SHA_224 hmac_drbg_pr:MBEDTLS_MD_SHA224:"384d6f43e7d77a381bc6bfbfbfe1a17aa35525bef01be8aaf6c488c46517d9b94380c73d3fb45a4f1b4d70375021c7df78eadb61df5d9efc6e08fe2d81ffa65df33667c23e3cc5c89893988f04be1d3634ced443":"":"a0271fd2552e037568cc857a60a550db050680fc03904fce":"ec095cc9e3bc301071a901d0289b54aefc796bffad6fda8e":"aca2571a9cf6bcd10429e146e6e94d1ae43a00db28bee2b60eb6a1bc1cde3d452dd6e04617aae7a3f813feaddc0f8fd25890004607f45ec995df970e1a3abb17b416bdbf62b6ba5625a80cb100e2b87260a73ffe15d9e6f24abfe9e6f9ba66bdfbfe71380d832418e2a4b460dd7415f4" HMAC_DRBG NIST CAVS 14.3 PR True (SHA-224, 0, 192) #8 -depends_on:MBEDTLS_MD_CAN_SHA224 +depends_on:PSA_WANT_ALG_SHA_224 hmac_drbg_pr:MBEDTLS_MD_SHA224:"98c8df867d234553e504fcdf807fb8bba51d23ac65dd8b160943bd45181764cf6df0049cad23e6aca490db57d12dc6c631604c943f153927d6d04af042e1da1b225eb8bdf4ee99dd405e3586acf8e44bb0184d68":"":"3338baea79c06f0d48ec2d47004e61c1c1e5056bf8bbecd3":"79007bfce109a682b746df074e87c845eebd665532867fa2":"ba7040193e38c4495971827fb1ddb747ea80cd0bb1fd6aaabf85ec1959c29eba8f818ef55aadadc8c34b6a7c00f210a899092b9704f2e03abf3e5e8fe6d127cac0436441d0a6f1b02a00e5fe948539c66a8c78e70f35cfeb600e1cc68c06553f47ca053b64a0534a028a73d0890034fe" HMAC_DRBG NIST CAVS 14.3 PR True (SHA-224, 0, 192) #9 -depends_on:MBEDTLS_MD_CAN_SHA224 +depends_on:PSA_WANT_ALG_SHA_224 hmac_drbg_pr:MBEDTLS_MD_SHA224:"6150b7280b3105b86b66c2a39a1f0461cfbce17e746791afb241b298741454e174650ab1e7f08500bd7eb096e40d8114e5a60668636b6ff66d2622154b7d239eaefc9ab2aa3351eda2af4fe51de36e22e70235fb":"":"6ece8aa447d2cf51d8497e303c1a202e39e06bd723c847b7":"21d890666d2c8ce4440bb453f4284c3928650f8cf38576d7":"7554b8cc8e79330ae55575f9157cd10d8eeb58af30eeebe9daa021f4b55ce365fbdf3629be7547a89c78bb9df79d35179e5d2924aa032e60d5a00281f19ee2255c17a69345ed86bf36ecfd694be0405c8b6c077b43a8c8bbea603ddc632a1aea6771a6bc117dbdc365e2714bdaa8b377" HMAC_DRBG NIST CAVS 14.3 PR True (SHA-224, 0, 192) #10 -depends_on:MBEDTLS_MD_CAN_SHA224 +depends_on:PSA_WANT_ALG_SHA_224 hmac_drbg_pr:MBEDTLS_MD_SHA224:"cb25eef7230ac2da249fe30ea94d3a3332147022bb2207aab4a50822b1564c24a047ebb46d57f45f6680f909629b43129876c75381e3b7c6d06887f68083fc423f06ecba159a90edd394cc0ca9473e9cd0f23c89":"":"2f30b005ea5d5965439bf15220b1c010e6c79306e700e6fe":"9937bf3edb3603cbbe190f3616b021fad652011854e6f6d0":"040a30b82981f71e4607c20c1f2d6e6854824c90b127517f65b6c7da99fd33dee32dc52bd0dbe902509c50492a88e5963b2b6e27d046334b356e5909f85763af2de70e93a89d6a00e2ef81ddd74f4a33d3f8406d05b383fda569a5a574fb5e3c0c86a5096e94174b79b2a4eadebccc2c" HMAC_DRBG NIST CAVS 14.3 PR True (SHA-224, 0, 192) #11 -depends_on:MBEDTLS_MD_CAN_SHA224 +depends_on:PSA_WANT_ALG_SHA_224 hmac_drbg_pr:MBEDTLS_MD_SHA224:"1d7dbe4e83913bad3fa918262ab0f45cdb9e4e61667694f361ddecace06bf352b18dfab4c32bff9a013d3b92a2da8ed698168155ddc492f8ad5d65cda8eed212793cd9aec8acde7e00f952bb5d00c53c5c181e89":"":"f9c51ff8f264cae722734502f6799e4fc5bee773d31e3e31":"6a171a0a8801017a1d924f80fc5d9d6592b8b28a342f30de":"425024bd1d1a66d4527a3e8a8307b3206923bc1d693f5b7f9017f0d5527cd6591016758794ac89e2f682cb2d66f8d28f9a2f5ae2974a75f4d0de17dcd02e93bf29c69175fceba262378bafbe3eb7e3dabe974889306d0a2ebd0ad9d934c37b1ad89ac1fc28493e6b1f6f24620e40eaf7" HMAC_DRBG NIST CAVS 14.3 PR True (SHA-224, 0, 192) #12 -depends_on:MBEDTLS_MD_CAN_SHA224 +depends_on:PSA_WANT_ALG_SHA_224 hmac_drbg_pr:MBEDTLS_MD_SHA224:"a6887fe41ed5a615eb030b31b86315d32d13dd5ad506566ea23ea3b162b8dd621129736c8dde31708a7fa4a4c606dc212b3440617111e94a5c6722c3a729d84d2e5858c23ba8bb249456a11d63dba9d4260a7213":"":"a52036daa8172111e89c8991ca818bdd711095a1602f2f15":"cba427a2b7bb64002e1da3159d643e002516bed279e0d442":"cf0f5881032606c21a8ea20adba6a72e176e968f10b08ab6d08f997b24fc2a24f2c5d44d1b99deb7db4f388dc8ac268f966a34c857cc5f43efc601674bc548ffeaee1c13415df6d0240835832cb75840b60711cb636f509dd9b87b698615959688e9afeffa50671ada05faa564c87ad5" HMAC_DRBG NIST CAVS 14.3 PR True (SHA-224, 0, 192) #13 -depends_on:MBEDTLS_MD_CAN_SHA224 +depends_on:PSA_WANT_ALG_SHA_224 hmac_drbg_pr:MBEDTLS_MD_SHA224:"a563459889ca29b711086adfbf18f284fdd18601ff69916af1ce47510d33f205d4dcd0080f9dfedb2bc1e2e60fa0b9cae094102bc7a705cc223279e0fc3b0020b4facafc2b31b9bca92382f3810d5a4e3ef626a9":"":"5fc83f1f6dc0ad454bbacf2df366c803cc1d2fd46bf78d32":"1a9654667cfd6ad0aad9383be04ec1480a494262b3fee823":"cb45ce96a973728bdade51f91004ac09e155173769063b3fb4712493d8877f088127a3492588e99fef648a101cf1c238fdefd798dd4928b5bb3a851eed693f37d67360a28a2b27c4406e9ddefdffba662529b91a980bbe4eb381cf9734b336e2b64e7482e0328c2e2bf81e39edc30d97" HMAC_DRBG NIST CAVS 14.3 PR True (SHA-224, 0, 192) #14 -depends_on:MBEDTLS_MD_CAN_SHA224 +depends_on:PSA_WANT_ALG_SHA_224 hmac_drbg_pr:MBEDTLS_MD_SHA224:"886d098731abf3140d512e0d348a384d25372667fe7e4f0ce713b1d2eca7b2ad939b25af03f78edad75bf0ab95b4110710d0e12e714e03f7df35db59fc4ef2906cf36c6c8897b802200a83e60d16f7fb064abd2a":"":"a4f42d83a492db3fc053d1275c6f264706fa932955c3da62":"4505c0664e59bb4388020470838bb098c4ae1338c268adf2":"4f9c3c60ee32042735cc539b9a23d04c2bc6bcd68db04a58240305f165bccebbb98e0f4796b283a0d78bdaccfcc8daf19f21a72945be07996bbb0b606643c7753f76ee6371292d3e681468b714e16bc32db14ad6d777677137ebd3731186ea72b840b8c4ae79ecb2c61352ea056d2d6a" HMAC_DRBG NIST CAVS 14.3 PR True (SHA-224, 192, 0) #0 -depends_on:MBEDTLS_MD_CAN_SHA224 +depends_on:PSA_WANT_ALG_SHA_224 hmac_drbg_pr:MBEDTLS_MD_SHA224:"a26af93571ba84b58e14e921a6bada73083ec17f21580a152703e1741392fc9ce6046f77d6eda5000f3225ef28425e30cec138a16b0ebd885fef074c6da2a7b126fcd1f056e3a5fd5627368c63681cc10fbf750b":"0627d10b1e5b4f0fff96d0c7e684deb9fb6a4e48959dbc29":"":"":"98d6bc7ec7cd72da4c750d9173518a9a17120fe9af10cd1a7d872fac505d9276c551b821a868cb8b4d8b10eb3b05845827717d2975814b5080a2f4aa50c5b112bd01b8652f2d1b56a88c6c891db5f3f40d1d1f0648d84e6ce2138c2c879884eb4847856198579eac759a065a5d384c46" HMAC_DRBG NIST CAVS 14.3 PR True (SHA-224, 192, 0) #1 -depends_on:MBEDTLS_MD_CAN_SHA224 +depends_on:PSA_WANT_ALG_SHA_224 hmac_drbg_pr:MBEDTLS_MD_SHA224:"5fd08930ba404d13a7275227660869e7eff10e103548e6ea15f0816ea93b649f6aba408ac710c49eaddea0b4d1e219577e6f6ba4f193386228f6fdf9cdcc50d5bdcf6d1f249e9cae0a097bb341e2ba3581a3f2ca":"7a463958302109d5fb9fef1a232b5aea13ba58a60b70911c":"":"":"a1a5c9d90f9340c807efa2068c6a0b872a4ad51a7cf90e14b4797dd894361712fc9507bd61d8ba984ecf1345fa3cbcf3031e2bc4302354cdf3f615c3a1bf43f60a464698e250726c37a7a9a23e1ff7e8d96df03957e3a0b5e6c4c4fdbdcff487e467b12dbc21e07eb8a7c4cd7f779912" HMAC_DRBG NIST CAVS 14.3 PR True (SHA-224, 192, 0) #2 -depends_on:MBEDTLS_MD_CAN_SHA224 +depends_on:PSA_WANT_ALG_SHA_224 hmac_drbg_pr:MBEDTLS_MD_SHA224:"625d6a509ec43c55bbec45b4244fa0bce24c74cc270851f2d32e4bb4f1961476af40088b5ea81f7a86efba78abdfb50be09e1a68851899e0e9acd95f77f16e8b0aea5a9bf29bc1a18d32158cf69c794f3f47fe61":"bcfa259c919f6e56c77914a272959cda6d2cafeaff87d91b":"":"":"b5bc1f03099547ce1a359bede1f9f3b76b38e8b9cc781fb3909899144f4d0a4ba93272552bfb0ddcda51165d0ca3eae47d10961a62692bd9edf2a9339c8ad14469f1834eee3c3fc1074cb1493054f84273e4adc73e5eec6cba284c5b7fd8005f10cb67b0fe16ae0b4ff30d50ca245c5d" HMAC_DRBG NIST CAVS 14.3 PR True (SHA-224, 192, 0) #3 -depends_on:MBEDTLS_MD_CAN_SHA224 +depends_on:PSA_WANT_ALG_SHA_224 hmac_drbg_pr:MBEDTLS_MD_SHA224:"bc0c83de31217ff6b22c719de8c6653fcbd8aff7925f04624c76f586ed3bab324b64fa8a1ec14efa8d8d0b41eb6735d517f6c647ef8bedf3036a6ca90fa1d2c528722de33f76f7375711b6b4127b86fe096e72cd":"d7ef6b5dd09c08437313871078ac730c2f85a5abae6d6e24":"":"":"6d415afc0151c3cb426eb3b90c209feb726c01e28785678bb0b8d9143d4b7f31ae07e384816072e2df31350b133a8f4e3ee18f04b154d194513d9b072a695e52bf03eeb4c9a1df85dd6ef98d2453dc39390bc3a17f3ce499d9b182c89d0591dc3dbdb7aecb626b07f0ad2737bf8200b2" HMAC_DRBG NIST CAVS 14.3 PR True (SHA-224, 192, 0) #4 -depends_on:MBEDTLS_MD_CAN_SHA224 +depends_on:PSA_WANT_ALG_SHA_224 hmac_drbg_pr:MBEDTLS_MD_SHA224:"caca2b8631502fbd8bec33e89066e77b97a57b09d21a92dcc7b65897e50d7a312f287932c529f6a6fd8be6fad5c467f6c15f9bc0f39653a6e4963c0d4c4baa9d6ad39f4ad2a1d6587377ec3898e63e02cc0c454f":"33691da7461d3355659c4ca927b4d3e3bbfd8e775b535538":"":"":"89abe8e656667299705c4c8b208f0fc400897397d15aa3574cf86c0a6415dd30ac5d7d8bc629d8ba52e6e5af63818475874266e98a43ab5d3085d2856950e8d487ea22e01f9ab7fe1862be1fdb9a97cc24eb9ad05beebb202716607e8b164cf63cacb92504e80e68e641af71ad6ee47d" HMAC_DRBG NIST CAVS 14.3 PR True (SHA-224, 192, 0) #5 -depends_on:MBEDTLS_MD_CAN_SHA224 +depends_on:PSA_WANT_ALG_SHA_224 hmac_drbg_pr:MBEDTLS_MD_SHA224:"5d97de97d6f81a858ad6ae0262e58169b27c25adfc2bff506854e6bfd37f3a4d8c4b46cd78d0a76b0dc67e0d3f90fb04c2131bc31239defc8eabe9be0fc589a554a4b77fa79c64c03bbf87a32031530d99bbe397":"a0d8be30a0972002f21ce2d7cf3c8e84907c638e0093354d":"":"":"67536d7352a49a1a49110a1dc1b77dd1924be34123e027aea0ba6064ae0aa051d4470ccbf923e0c96c86f2d440f17f45b67c4c7785a6f5006bf0cadc13269540b2c59bb75f642e9668feb601fc60c18b94d65ebea0dfe5fb284e003a58837f9e9e120481ec2ba972c755c6a9134af683" HMAC_DRBG NIST CAVS 14.3 PR True (SHA-224, 192, 0) #6 -depends_on:MBEDTLS_MD_CAN_SHA224 +depends_on:PSA_WANT_ALG_SHA_224 hmac_drbg_pr:MBEDTLS_MD_SHA224:"9ca7149b0c5ccb7a0f7ec5399c644dba98c418373460c59978d91db57ff714897ee71caf459c1dc164655140810992fa6cbbb708ba2e61053d5866ba6a1bbdbc639fd21be4383beb4a4d370e86d0e9739ef849ae":"2ade2ffc19de7fc94767193223aa1fb3461cb29d970c8f05":"":"":"b39d6db529fbb3c6a90d6b7057759c26a9fa26024d2b65e3bf459881ff0f88a5b93b87e0779635022cea81db313329b61613742cc82b52fff1a2e6e24ae0eebc0917d5e4573466e4aee3f0ee0053445566eaa080c3e701bc35d40ce5105b4b6572baa7b4c84a16e4aab501e6ef670164" HMAC_DRBG NIST CAVS 14.3 PR True (SHA-224, 192, 0) #7 -depends_on:MBEDTLS_MD_CAN_SHA224 +depends_on:PSA_WANT_ALG_SHA_224 hmac_drbg_pr:MBEDTLS_MD_SHA224:"cc751171d828dba023f430b3f5a7134f733f4cc1ec76495e98a6dc2a627d97924716d7e6b043cf15c62ce8da1dda2a930c88d6d4d12ca992a501f773dff5d38e42f150f1c55ee358aba1e73cbebf465baf9fd0a6":"4ba50a75424970526022c7351831c58ee75f1e3aa0c47749":"":"":"8b387e55b9c10d0cc336f5445755c0b6dbe971bf69a04682b21c9303a66e093b7dccf33fc685765c6d2bcfa3020892ed09ce6ea3e3355b3bc16741f34d40b5c96bb085c1574801d14b4f71c97cf64e75dcc330fafa1d1e626822609a9af62c894dbdd56307ccf1ebbb7ec09d500096aa" HMAC_DRBG NIST CAVS 14.3 PR True (SHA-224, 192, 0) #8 -depends_on:MBEDTLS_MD_CAN_SHA224 +depends_on:PSA_WANT_ALG_SHA_224 hmac_drbg_pr:MBEDTLS_MD_SHA224:"1f2ccd29bc38e8364a4beb0e89984b88d61dcd31d48e310ae691c0e146f495b9d8cf443ed12f3ad2da7c59c2a2f6b8df4e0202414791e106c1f879879b7a46ac207f45b5fed69c38309adf15dfd0dd75742c0df0":"e0c49aee71c4c060aac1bab1f438f9e2b0c96d710ebfef77":"":"":"593677f65ca4339c0dd8b1ae9278cc49adaef1cf889760b4631a379d82bc25123dfd2e1436d0b6b890d4155e3236fc1e2cef67d8bc0454099051e220d6925b37c47408fdacdfd54cab7be70f8b3b3dfc5a86f181dd559ff7182f225f7de87dd8bd69143be270ce76d2562c6e01ba4c4e" HMAC_DRBG NIST CAVS 14.3 PR True (SHA-224, 192, 0) #9 -depends_on:MBEDTLS_MD_CAN_SHA224 +depends_on:PSA_WANT_ALG_SHA_224 hmac_drbg_pr:MBEDTLS_MD_SHA224:"f1bee9caecfd0397a6cd76f356ecacf1053981c64d315db4a51a244fe3b22ef997392f65dc13cf30f5b8f5edb7f8f55863a30156722536d02440e5f06e503795d2401775a560685f2ad3c98aaaa22726cd6ec45a":"9d42670ea4113ae02302cdcc660b497f3ffb19b9aca8babf":"":"":"78f31a24cda43acfbc4db7f17c57805a4b53353d668596247358b47e8f8deeaca312a7f9ce78832bc1da2d6b3727fcb847ca4feb1695a2edfd2ab24c486da125be1c1af4f78b749afdb57f97b4a8b892fd87228f116ba10fa739059581256de4fb865d1115c58284cb9850a24e5b7615" HMAC_DRBG NIST CAVS 14.3 PR True (SHA-224, 192, 0) #10 -depends_on:MBEDTLS_MD_CAN_SHA224 +depends_on:PSA_WANT_ALG_SHA_224 hmac_drbg_pr:MBEDTLS_MD_SHA224:"17b3146ea3ac1afdca446275f3b7539a517766b90e2da2c4c85db4802943efcd8009a9ffdd054440da16edb641a050fce3f3cab3d5f03d550111daeaa8841a9c814def76eec9c4e910788c710562428a39cd0987":"f3831c1bc859fad452a76ce513575a23e8b790c90de4575c":"":"":"c6c85936cd52b5271a6e70410e0b9d960d76f3236b548cfd4fea26504ca8a78e58ee914c6cf248f30d7ee3547eedd3a4d9869b15e326c911aaecb7f0c221f8eb9208a9b355e4b1cc7926380d25bb776f3e89904943b3fdf306012fc95d06b3b7c44ef55c9eee675150b332e2181f2a32" HMAC_DRBG NIST CAVS 14.3 PR True (SHA-224, 192, 0) #11 -depends_on:MBEDTLS_MD_CAN_SHA224 +depends_on:PSA_WANT_ALG_SHA_224 hmac_drbg_pr:MBEDTLS_MD_SHA224:"fabe526177dcd476be9950233ec56f9122a9b083e589c9264add302d4768c06020cf53e7708bc728582360cbf06a18de38e3da2642dd6751aa686dbf11734bd75a422571c9f2420915d7d79d9efea870e72d262d":"ba5858340e6a82b2ecfe1190215bd8da995ee8ef572eed8b":"":"":"10260dfc2f2322f530192e96a2396694dead62f9b206137108666cd199939184503da75598f54a89dff885a9856140b56687347c2c066a1593bfe02b8bd2cd93e939c424b33683a13678ba5f34df3f2f5f50b2a708d1d5a04683db00a607e2f80e5feb20086e3d64294e9732b0776c51" HMAC_DRBG NIST CAVS 14.3 PR True (SHA-224, 192, 0) #12 -depends_on:MBEDTLS_MD_CAN_SHA224 +depends_on:PSA_WANT_ALG_SHA_224 hmac_drbg_pr:MBEDTLS_MD_SHA224:"b7c9a1d221fe10552bb0b799e18d12cffd1f76d6a1e6dc79a36584ac7e13c355b9323d0ef2f97fc2d8a26e6c37209a485963788aeab084e923a3794c63713c2ee288ba3a99f2d407adfc1b87ba64fcc5a7f98e4e":"e563f8c8318862c7117af8946823e8570ebc64b3de1b293e":"":"":"100c460c12e5ab12a72bd4351f7b608f5578060b262f21d735fe79d13c942035a76f001adfd39fe93caa22b6274bec282e640469d3f454d108991a1b73d8acb3d392732fc24cafb15fbe248441462bb2c1278883610ba28486ef82ec2ff3d20eb9601866c7dc4eaf44cdd73e5b5ac14f" HMAC_DRBG NIST CAVS 14.3 PR True (SHA-224, 192, 0) #13 -depends_on:MBEDTLS_MD_CAN_SHA224 +depends_on:PSA_WANT_ALG_SHA_224 hmac_drbg_pr:MBEDTLS_MD_SHA224:"78e5d4818964d748282fa8dd386ea9c920c4fc5ddb9d2204a3f6285082b8065dd3944ce193722e973f8300783e37991e6c4a6286a1a0fe3703dd78ae951c88a0ce47b1a23d91e0926358221713670a78732d5470":"fa058586d35f0d74d2c473e005e7f8ddc33a1f6d5bc79d75":"":"":"6b603b098ca74b7fcf3c8f9b42dde5b3b51e84cab4f67f4d87bc6575ad4fa3f1e0ee27085f88e2a5ecf4f57f9ba92638e52941535806d2cd1b5aeb5b7c81b3d44d41cf5b8073b646a9cc1b0a9f7e183b082e9f2270acd928623e8a46b46257e1b827e8b88b55c88a3a3a067cfcb9b2b0" HMAC_DRBG NIST CAVS 14.3 PR True (SHA-224, 192, 0) #14 -depends_on:MBEDTLS_MD_CAN_SHA224 +depends_on:PSA_WANT_ALG_SHA_224 hmac_drbg_pr:MBEDTLS_MD_SHA224:"50241739e3f08c910baea7f9ba481511b6ee5d69bb1a2dd34f3987a231cc25f39a1a966390e391a33dc21281372589e2a667cdbbe4267710d5244fd342c959b7272b39e5cdf67701d47665b61782541e94aa224f":"6a7d2f2dcfcae8a284802c97d77917e87c6cf8417c2b16bd":"":"":"4402afee12048c1c6a44624d2df026798930ec732884899ffd20d17f1c8d7c221cf5edac8679a21ee11b177ecfd61927d4ccbb175ee6b49cc6f371450904c2666aaf2e6cb36cd55cae3af772beb80955cf67b4e8be1fce11250a39693ecb7f8ac05aa23b949ac74bc9a67060cd60cc77" HMAC_DRBG NIST CAVS 14.3 PR True (SHA-224, 192, 192) #0 -depends_on:MBEDTLS_MD_CAN_SHA224 +depends_on:PSA_WANT_ALG_SHA_224 hmac_drbg_pr:MBEDTLS_MD_SHA224:"c3005cdc5c5b7b25ed78c9684f3faf6278f9a9c5a9fb202014a29882e50b21e56ec8b7947fe871daec2626f32372123f44a8721ff4339e0a20f978ea27609eb495c2342e9ba719bbd2b44ff503db2322ada1c982":"c4506109937e0f9352fc881b0396b0a103626a15addfe525":"6ee49c76d138eaa3fc10cf411e0b8ad5488d77f74faacf13":"8825122b506dd6f3a58811fe6c9a7e9271a6e68dcdd590e2":"e818887ca1c84717e277baf00913d65ed58a8f90b8728080a03043bb2ab53f55fa605ba0cfab29b4cb694f6aae6594dedcbe6f74e1f7573c2944f3703b89a52789b0170077ea8e66d8299ba5cc139943ab96254065a27abca2098a85162fb01d294d8671b00206b7f784319384e01b3d" HMAC_DRBG NIST CAVS 14.3 PR True (SHA-224, 192, 192) #1 -depends_on:MBEDTLS_MD_CAN_SHA224 +depends_on:PSA_WANT_ALG_SHA_224 hmac_drbg_pr:MBEDTLS_MD_SHA224:"9bf2ab19aa7e9ffc3461522f3cf85b3292b54bd3e1099a42dd6f5349d169d59a152b2dce675874b665fcff802260ea84b358f6fcf8011b511834e8447a73c1f675b7598d836dc9fbf40f1dd0f481f47f95f3ef4d":"38d7a2109c6fad9205abc22b9ff705b7f671c4bde5b662d4":"b46e928cb59eac0cbed65645767e96fd824fa95cb96a1cd7":"532c8d3748205cfaa826fba7f240e9926cd3811da8fd1a5a":"bc367839d1510316ac3ba17fb7bf633a6eb4b61dc0b03cf1cca564db8248ced0b47ccb36e730c0237b0812af30361b5dce662636b23f87d6ace82cd3e34d45a1133b35ff9b8bde8fb29fe82298820c0c87f0e30887ddb15c9644bfb12578f0878a710771ad22fe16935c66681378f5f8" HMAC_DRBG NIST CAVS 14.3 PR True (SHA-224, 192, 192) #2 -depends_on:MBEDTLS_MD_CAN_SHA224 +depends_on:PSA_WANT_ALG_SHA_224 hmac_drbg_pr:MBEDTLS_MD_SHA224:"a3bfbed559c396b807ffa80409fc4e2c23ba952f64a41c07d3af5e5b78d8ef88171bd5022d3e02efefa644f4fddbe207e59397605a0408b0201f6a882def64d973c0714555d2c7e0a6fddf49558fd1328074ca79":"4c63bef79f71fa82168928619cd09b003aeb2ba2b04150d2":"c85bb368a82d57c70cd5ad6327187c8550f7c10380b2f030":"5d467e9c06ee058ca066dadd6f6ec6b0da59ecbaa4ddd12e":"1ce311c919c67e151b51ce3060384ca95c071a295f01e54349abaa2da8ef497ea1364454133d20f57da28985bfc6d1d2f58f84d144c85dbe3c9fd5e8958ce06f2f5ad5af7e16bf90ddb4a1e2947f78008467fcc38b5a082eb1612d68e36e3c0abfbfb3a321eef3754ac16c41f96bd635" HMAC_DRBG NIST CAVS 14.3 PR True (SHA-224, 192, 192) #3 -depends_on:MBEDTLS_MD_CAN_SHA224 +depends_on:PSA_WANT_ALG_SHA_224 hmac_drbg_pr:MBEDTLS_MD_SHA224:"1b2c2419e85386716135b3c142d749f1f5bc23edbf8c0a1c53b72f474484c545761b21aeff05cdd35621d104ee393e791737c48c5a6e6b25b58c5c5be28ecf17c410c9c9c3c3aa2b6385f66759f31b61f9fe0286":"b69011f446e50880a15bb0dd00229f765bf77b2a40040109":"67eb63a168aad8712a0e7e0f162af7ac7893e902f1aa72cd":"23bb752e6232144630e3d3a6daaa1e58a5ca315f21fe1d8b":"cd8e6c6b8a1f7f98f5d796023fdd4f1da2d72eedb96a8e85cac661da24dd0a7810fa04be0491c69db7617712582b43ec4bf112d9e2932288f25b64fb7a2a09ac8747b8f71ce75e3c80b854336a0457b8013ec6dc1268b4c7e8f7d3422a4a5d432f8d9705d6a273a09b9f9273f4928c4f" HMAC_DRBG NIST CAVS 14.3 PR True (SHA-224, 192, 192) #4 -depends_on:MBEDTLS_MD_CAN_SHA224 +depends_on:PSA_WANT_ALG_SHA_224 hmac_drbg_pr:MBEDTLS_MD_SHA224:"62d059e3ecb695167e93b3cfd77f96e681985ab5d68f15473a89f9cbc4012e1c090a5a9e65f738be938f44fd6cb157fd9b737d9389e4e56b6903d4d015f9d80d96336730fdf57787296d447ea91de7e686c7a81e":"d8f121b2bbdb8530c6315c63e0a52e383c163c033d3b0854":"830e2cab11331b761aed55db61681fffad3a61a1a06adfec":"c7783d7357ff30e88cfdbc90569daf03d3fec8caf89619ff":"e44c9b35d3b847a928748094ba6754d1c5de3cbe3d90d4e2bd0c0f19dc5aed7228c541044b2b14d7e67dcc148ab04abff7c22a8f1fdbec4d68ad24a7c4b0f0e507bd7f2b4845593363da484b481906fb7207844597238b9d40c14237004e275572aac6a6d84d151fa58abc0987e54e18" HMAC_DRBG NIST CAVS 14.3 PR True (SHA-224, 192, 192) #5 -depends_on:MBEDTLS_MD_CAN_SHA224 +depends_on:PSA_WANT_ALG_SHA_224 hmac_drbg_pr:MBEDTLS_MD_SHA224:"fcf3887b4505f7a1273ad5b32e064ff51682bca23ed974ca981871a5b7f63e5ceee58131f9a01fa7c37ab14150c9323a03f694e463496c4159eb8e5d3ebc62f41264beb93098a42a3dd406b983e1fb040d108f93":"9b3e97eed077155cf181829233868d27eb773c398575dfb2":"75a75a15c622e69eba698a064b0b41c8bc80ef803df0f29e":"7b6a20a222a81dfa6fd164def816c2b6708bd4c761b2bb8f":"0b3d501f728d2f1d8b0d7dffda0160157b30d0d97932315f77022d1a6fb30d9a0ee4383f2f63377ac6e57b16b0c7480a6f5dd12ed3ec0bc6f104a26c86592daa3f68a499570703306e2c2448e784b67cd6efdb4ae64a2e8ffa5929e74c95b663c9b7fe891633f07d7b50f5f16e9fe567" HMAC_DRBG NIST CAVS 14.3 PR True (SHA-224, 192, 192) #6 -depends_on:MBEDTLS_MD_CAN_SHA224 +depends_on:PSA_WANT_ALG_SHA_224 hmac_drbg_pr:MBEDTLS_MD_SHA224:"7a6a0774f2cb5ddce6b5242782fd3d7b5c7c7e31cb5fe95367c06f29a5488fa37feb34d689c646cdb162e258ad636a030ff74f6a7ff876417fb08f5c5decdcc98692538bebf9958c627ad8287633f98c587cdaec":"fb16aea72967c43b8803bcdd3e794911f6d53f2cb7946cee":"67d89947396322ca243e2c591a3adc8fd9f1ef448414fca8":"a0d568f4fce862e5e1b22acca29e60d7bc6cdcf6cc277794":"758b4685b0db1093eebde07ba11085a9dcab64c8d5adacda070fd2b292bec49240f25e158fc96cb1d0ecc9ebcccc360b981d140e3cdba54fc697313014450a9af29d9d55dcbc5bb9a38e4f10c6a3e41874d5c6688f22d0c5714301083cbbd0014880af0f7d088dabeb4e84a64f26d2b9" HMAC_DRBG NIST CAVS 14.3 PR True (SHA-224, 192, 192) #7 -depends_on:MBEDTLS_MD_CAN_SHA224 +depends_on:PSA_WANT_ALG_SHA_224 hmac_drbg_pr:MBEDTLS_MD_SHA224:"19bbbbfcb755cd9dc000abfc03343ef64193141c3d3f43120f55674616e3d96b6086adf47c906981923c98ef7dd0fbb2f7af0ecbbd2de848f2b25cba8651b7e3aeaa0c59b605e6d4710a01406565ea30d0c4f68d":"e77cce9d26d283bb5d6e8300ad0f69df723324d23928c6f7":"0586c76051462d0483071213804385d01a07bcb27db05e06":"1c9363d0b3e9f42b6c722b8d62f9c633066587577fe766e3":"6d458079264d5f3940d098aae092690b7d04cd46d6d5dde753063b7194118ab67d3848459156b8f0216d85b5c583a1bfc000e68111be459743175fd114253cc24db72ecc978ff8620301ecbf18f42fc4697d91150649a8254a9850d5c28f9c4e187e409e496e2a659b2e79c06074c5c9" HMAC_DRBG NIST CAVS 14.3 PR True (SHA-224, 192, 192) #8 -depends_on:MBEDTLS_MD_CAN_SHA224 +depends_on:PSA_WANT_ALG_SHA_224 hmac_drbg_pr:MBEDTLS_MD_SHA224:"c2b577bfd802b8f599ca14bdd5fe5003ee28ae69ca5c246df4f62d9e21a7793281c48f73ffea15f3c3d444ba48367fde04cdf6d62498b8afb24966a8662461015135cb55034a63571a032d3cd2c1e6cf4a6855ef":"f0de29d4530b4af75b8defe9b3b24dcb7ce0add4aed6f72d":"90ac05703a8e0c6057dd2d8b1a6f16f0059e7c70679919df":"16935f700de9fe529a2bbe811dccad430e27dbc60549c3e5":"56988f9328a91314e4b3ae027bc6f43a01fe471615f3a319afd9bb63f55b13e681ac0ae830d4d3057882fe247ca4decbb26af811282f59ee89ea38642e4ffad9bdfae44bcdbc3a289bf431e0bfc68148c12ced1853e698e74f74e24aa434937390fd41cb4e78f823a262900f2f44c1fa" HMAC_DRBG NIST CAVS 14.3 PR True (SHA-224, 192, 192) #9 -depends_on:MBEDTLS_MD_CAN_SHA224 +depends_on:PSA_WANT_ALG_SHA_224 hmac_drbg_pr:MBEDTLS_MD_SHA224:"b5c4acc63ae5c68ca404bded2d36a391e8b2e9ef3b32eb598aa94fd6b5ede6c3d9c33ec77a195abb6f8cbcafb6c492a1d78f04439bdc442168d1eccc783d53a92e16b90ccbdb0284b383cb96af04e81728d1cda0":"b3e6df5e9ae10c63da4269de170550b92dde7c6e33af228e":"c9787b641b5c881dae53a69e2b3514ce2ea81e5879765bd1":"e4abedcfc4cc69da45467bf2bfb03d823abc19a746e3c582":"e14f46dcab0ba39965f170f01a07308090b051127685ada6601112aa236093f7a760530f856617d9e027c8279ef33d9fbc4b624ae26a277b9e6077ac71e2d2f101b84ebed007ddeddb4286aa4729cb3b28798387b757d8e99a7b6d2631601fe7ab4caad7983dede59b94f4c920ef1b29" HMAC_DRBG NIST CAVS 14.3 PR True (SHA-224, 192, 192) #10 -depends_on:MBEDTLS_MD_CAN_SHA224 +depends_on:PSA_WANT_ALG_SHA_224 hmac_drbg_pr:MBEDTLS_MD_SHA224:"7302ea40e214308136b8427e601ad61132d195f870f2a861c7b8ce1f686bf325a155d0aae1211401bb844893dba2909060c76cf9cda757d9e2cb24f5602fedf6a7412f49497c82866a8c9b56e2bbaf912f760255":"58efaa77c9bf446ce8d3f3ce73b7d1f014bdeffea2a2fdde":"68f9eab1893186d7e5cf3a8c37bf1c229344abdceecd9de5":"a0d3bf1de632fb19ca5326d936f79aafe59a0e809b13f10c":"f2c6a717ab10a9cc89f6d3a07bf6077fa33c2e5d67475ebcdd1b895fd0067941ed3fd8f251352403c2680df2319a882f39a91f8ccb7df2c06a13037f057962e23b8ea0654ef9bfc19b6ec982e539ea6afcd1145cee582d27b708691354b4c397a51d004c61687c1c9c948576009002ee" HMAC_DRBG NIST CAVS 14.3 PR True (SHA-224, 192, 192) #11 -depends_on:MBEDTLS_MD_CAN_SHA224 +depends_on:PSA_WANT_ALG_SHA_224 hmac_drbg_pr:MBEDTLS_MD_SHA224:"48ce334fcdeae603c54fc228461e7173681a8e8387e0c048c2acfdd6a78c955deb7dc25bea4e9924c4a2ae22d9fb6b227452addd0b6eda7769f9ceaaf2ca34568b3c198ebdcf5f6ed11f863097bd56f42d648862":"6bf4c173d264dce03e475fb3bde9fca2474877627bfb0c5d":"2a728f461ce1067dd38896002724b4967c1a9cfececd3437":"2b862cd7a94c1776b26022c27c0e4f2d199ccb782caae6dd":"07f80326ea781bd95efe729867d6c39465213bb698b5e486e6c5f27d3fac4fda3cfb7c831fe6291062d4db2aff59781efb4f4cf428236aad6a55111b969885a6b851d5462278d0863909a07796e5e0e8448fc0d674a4408cd9e91e98e3adcec2064ad37dcc566faa80149519f5ea261c" HMAC_DRBG NIST CAVS 14.3 PR True (SHA-224, 192, 192) #12 -depends_on:MBEDTLS_MD_CAN_SHA224 +depends_on:PSA_WANT_ALG_SHA_224 hmac_drbg_pr:MBEDTLS_MD_SHA224:"b23c748a9c9d206ed4ce6b8bacb6f7e17cacf5649ea8d1e1144a96e977a4cb22c0f37139c3eedbcc8b9024c6f21412f1600fcde1488f95744446df7b6e21a858224b9294a75829a014697cc4b363c3ad0e152ca6":"325bdbd8c14b766d4a7ff0e14128585b21af76de7ca30ff1":"2e002a406bb8090eae6c950944a4d6768c89d43cc0d8bd17":"4828622ff56d0867bbad03bac51b8c939a5dfa33a362b129":"58cebdf4676a21ded5eba4dd19452f5dec909c589751879ea4249a4c9fef834d85dcfc95ada82f7fba1476451774036246d7a496d4d427f37647ebc10fc2e1125b0b71da1fa5f1479c5681e9d7acc9b88b527390734d943bff6a76c4b22bb4f6ac331f7710b95f6806fa35a29a2fa35f" HMAC_DRBG NIST CAVS 14.3 PR True (SHA-224, 192, 192) #13 -depends_on:MBEDTLS_MD_CAN_SHA224 +depends_on:PSA_WANT_ALG_SHA_224 hmac_drbg_pr:MBEDTLS_MD_SHA224:"606f388e8ae35faf979434656144370991e89b7457ca5b55d5bf2b48fe8cb64f549f48a812edbbb4cff895efb21c90eb26c1db239ed72da43504a1e09c56fe144f2d09242f2670dbe2561456d938352125b19131":"5e039f38d6f9a9c4ecc67158f40d3c8de61808fd7476fbf7":"21c7d976da71bcde51a3b4bc1b9a79cc6c4ca51ec992e479":"bac1c5904816c3040eb532622f127ac3e28cd78ba68404a9":"5f951dd774bc1a0818b249ffc51348bf1f36aa4b9d6a3348d36df84b5d3e824adcdf8b87ffecfec13fe36ca354625ae8db8a69722254c3f6e7027b866c529f9bed25360e0cee7ce41f996d50d224a08e965e0e5dd67a77142e2a3de0d559b9dae8919ad0387ba5fdef699e42016d7291" HMAC_DRBG NIST CAVS 14.3 PR True (SHA-224, 192, 192) #14 -depends_on:MBEDTLS_MD_CAN_SHA224 +depends_on:PSA_WANT_ALG_SHA_224 hmac_drbg_pr:MBEDTLS_MD_SHA224:"be16ca52551a6a0656c40539e3155eebbc416cbfe212101f8edc2f7118472907ae9b2b9574abe81257533115472610ab401d1ce1f8998884af43fa5776a59ae38c88631a066fa85d24dfc9b2547caae598cd0fa7":"ed000ad2e479513861014e8ff45a481a494af312d2dd5563":"feb295c74975f1e1c738988fc70b9d2603c7da93832154a1":"764705681b7781573af811fa7751dbc27d667af7a1e59dce":"ba4a0583d8d6c5b4216a0875cfad594485858dc7f9ef265d4ed0c0f0fbfcaaf5ae318df2d7fc530301813d9f49826030625f7ea02d0630b3573c486b1fa0ef4269cbfb6fb86675c11fb7c0570cf7ff4fc7affdb00625ac453c23c229a4ea5f540c66f031ab3462f7d12659eec990501f" HMAC_DRBG NIST CAVS 14.3 PR True (SHA-256, 0, 0) #0 diff --git a/tests/suites/test_suite_md.data b/tests/suites/test_suite_md.data index fb9b5effa0..9fb6d23b3f 100644 --- a/tests/suites/test_suite_md.data +++ b/tests/suites/test_suite_md.data @@ -21,7 +21,7 @@ depends_on:MBEDTLS_MD_CAN_SHA1 md_info:MBEDTLS_MD_SHA1:"SHA1":20 Information on SHA224 -depends_on:MBEDTLS_MD_CAN_SHA224 +depends_on:PSA_WANT_ALG_SHA_224 md_info:MBEDTLS_MD_SHA224:"SHA224":28 Information on SHA256 @@ -425,31 +425,31 @@ depends_on:MBEDTLS_MD_CAN_SHA1 mbedtls_md_hmac:MBEDTLS_MD_SHA1:10:"1287e1565a57b547":"390ffdccc6171c11568d85b8f913e019bf4cd982ca9cd21ea730d41bdf3fcc0bc88ff48ba13a8f23deb2d96ec1033e7b2a58ca72b0c1e17bf03330db25d1e360fa6918009c4294bd1215b5ccd159a8f58bc3dc3d490eb7c3b9f887e8c98dbbb274a75373dcb695a59abd0219529d88518a96f92abc0bbcbda985c388f1fbbcc9":"d78ddf08077c7d9e2ba6" generic HMAC-SHA-224 Test Vector NIST CAVS #1 -depends_on:MBEDTLS_MD_CAN_SHA224 +depends_on:PSA_WANT_ALG_SHA_224 mbedtls_md_hmac:MBEDTLS_MD_SHA224:14:"e055eb756697ee573fd3214811a9f7fa":"3875847012ee42fe54a0027bdf38cca7021b83a2ed0503af69ef6c37c637bc1114fba40096c5947d736e19b7af3c68d95a4e3b8b073adbbb80f47e9db8f2d4f0018ddd847fabfdf9dd9b52c93e40458977725f6b7ba15f0816bb895cdf50401268f5d702b7e6a5f9faef57b8768c8a3fc14f9a4b3182b41d940e337d219b29ff":"40a453133361cc48da11baf616ee" generic HMAC-SHA-224 Test Vector NIST CAVS #2 -depends_on:MBEDTLS_MD_CAN_SHA224 +depends_on:PSA_WANT_ALG_SHA_224 mbedtls_md_hmac:MBEDTLS_MD_SHA224:14:"88e5258b55b1623385eb9632fa7c57d6":"ada76bb604be14326551701cf30e48a65eee80b44f0b9d4a07b1844543b7844a621097fdc99de57387458ae9354899b620d0617eabcaefa9eef3d413a33628054335ce656c26fa2986e0f111a6351096b283101ec7868871d770b370973c7405983f9756b3005a3eab492cfd0e7eb42e5c2e15fa6be8718c0a50acc4e5717230":"81c783af538015cef3c60095df53" generic HMAC-SHA-224 Test Vector NIST CAVS #3 -depends_on:MBEDTLS_MD_CAN_SHA224 +depends_on:PSA_WANT_ALG_SHA_224 mbedtls_md_hmac:MBEDTLS_MD_SHA224:14:"85d402d822114d31abf75526e2538705":"8020d8d98cc2e2298b32879c51c751e1dd5558fe2eabb8f158604297d6d072ce2261a1d6830b7cfe2617b57c7126f99c9476211d6161acd75d266da217ec8174b80484c9dc6f0448a0a036a3fc82e8bf54bdb71549368258d5d41f57978a4c266b92e8783ef66350215573d99be4089144b383ad8f3222bae8f3bf80ffb1bb2b":"2aa0340ac9deafe3be38129daca0" generic HMAC-SHA-224 Test Vector NIST CAVS #4 -depends_on:MBEDTLS_MD_CAN_SHA224 +depends_on:PSA_WANT_ALG_SHA_224 mbedtls_md_hmac:MBEDTLS_MD_SHA224:14:"545c6eecc5ee46fa17c59f91a94f81ae":"8fb7f3565593170152ddb2021874784e951977cfdd22f8b72a72a61320a8f2a35697b5e913f717805559b1af1861ee3ed42fb788481e4fd276b17bdbefcae7b4501dc5d20de5b7626dd5efdcd65294db4bdf682c33d9a9255c6435383fa5f1c886326a3acbc6bd50a33ab5b2dbb034ce0112d4e226bbcd57e3731a519aa1d784":"3eb566eac54c4a3a9ef092469f24" generic HMAC-SHA-224 Test Vector NIST CAVS #5 -depends_on:MBEDTLS_MD_CAN_SHA224 +depends_on:PSA_WANT_ALG_SHA_224 mbedtls_md_hmac:MBEDTLS_MD_SHA224:14:"4466ab4dc438841a9750c7f173dff02e":"2534c11c78c99cffaec8f722f04adc7045c7324d58ce98e37cfa94b6ed21ed7f58ce55379ef24b72d6d640ee9154f96c614734be9c408e225d7ba4cecc1179cc9f6e1808e1067aa8f244a99bd0c3267594c1887a40d167f8b7cf78db0d19f97b01fc50b8c86def490dfa7a5135002c33e71d77a8cce8ea0f93e0580439a33733":"59f44a9bbed4875b892d22d6b5ab" generic HMAC-SHA-224 Test Vector NIST CAVS #6 -depends_on:MBEDTLS_MD_CAN_SHA224 +depends_on:PSA_WANT_ALG_SHA_224 mbedtls_md_hmac:MBEDTLS_MD_SHA224:28:"0e3dd9bb5e4cf0f09a4c11600af56d8d":"f4589fa76c328ea25cf8bae582026ba40a59d45a546ff31cf80eb826088f69bb954c452c74586836416dee90a5255bc5d56d3b405b3705a5197045688b32fa984c3a3dfbdc9c2460a0b5e6312a624048bb6f170306535e9b371a3ab134a2642a230ad03d2c688cca80baeaee9a20e1d4c548b1cede29c6a45bf4df2c8c476f1a":"12175b93e3da4c58217145e4dc0a1cf142fab9319bb501e037b350ba" generic HMAC-SHA-224 Test Vector NIST CAVS #7 -depends_on:MBEDTLS_MD_CAN_SHA224 +depends_on:PSA_WANT_ALG_SHA_224 mbedtls_md_hmac:MBEDTLS_MD_SHA224:28:"cda5187b0c5dcb0f8e5a8beed2306584":"9011ae29b44c49b347487ce972965f16ade3c15be0856ce9c853a9739dba07e4f20d594ddc1dfe21560a65a4e458cfa17745575b915a30c7a9412ff8d1d689db9680dd2428c27588bb0dc92d2cd9445fe8f44b840a197c52c3c4333fff45533945134398df6436513cfab06c924046b8c795a5bd92e8d5f2de85bf306f2eed67":"4aaba92b40e2a600feab176eb9b292d814864195c03342aad6f67f08" generic HMAC-SHA-256 Test Vector NIST CAVS #1 @@ -633,31 +633,31 @@ depends_on:MBEDTLS_MD_CAN_SHA1 md_hmac_multi:MBEDTLS_MD_SHA1:10:"1287e1565a57b547":"390ffdccc6171c11568d85b8f913e019bf4cd982ca9cd21ea730d41bdf3fcc0bc88ff48ba13a8f23deb2d96ec1033e7b2a58ca72b0c1e17bf03330db25d1e360fa6918009c4294bd1215b5ccd159a8f58bc3dc3d490eb7c3b9f887e8c98dbbb274a75373dcb695a59abd0219529d88518a96f92abc0bbcbda985c388f1fbbcc9":"d78ddf08077c7d9e2ba6" generic multi step HMAC-SHA-224 Test Vector NIST CAVS #1 -depends_on:MBEDTLS_MD_CAN_SHA224 +depends_on:PSA_WANT_ALG_SHA_224 md_hmac_multi:MBEDTLS_MD_SHA224:14:"e055eb756697ee573fd3214811a9f7fa":"3875847012ee42fe54a0027bdf38cca7021b83a2ed0503af69ef6c37c637bc1114fba40096c5947d736e19b7af3c68d95a4e3b8b073adbbb80f47e9db8f2d4f0018ddd847fabfdf9dd9b52c93e40458977725f6b7ba15f0816bb895cdf50401268f5d702b7e6a5f9faef57b8768c8a3fc14f9a4b3182b41d940e337d219b29ff":"40a453133361cc48da11baf616ee" generic multi step HMAC-SHA-224 Test Vector NIST CAVS #2 -depends_on:MBEDTLS_MD_CAN_SHA224 +depends_on:PSA_WANT_ALG_SHA_224 md_hmac_multi:MBEDTLS_MD_SHA224:14:"88e5258b55b1623385eb9632fa7c57d6":"ada76bb604be14326551701cf30e48a65eee80b44f0b9d4a07b1844543b7844a621097fdc99de57387458ae9354899b620d0617eabcaefa9eef3d413a33628054335ce656c26fa2986e0f111a6351096b283101ec7868871d770b370973c7405983f9756b3005a3eab492cfd0e7eb42e5c2e15fa6be8718c0a50acc4e5717230":"81c783af538015cef3c60095df53" generic multi step HMAC-SHA-224 Test Vector NIST CAVS #3 -depends_on:MBEDTLS_MD_CAN_SHA224 +depends_on:PSA_WANT_ALG_SHA_224 md_hmac_multi:MBEDTLS_MD_SHA224:14:"85d402d822114d31abf75526e2538705":"8020d8d98cc2e2298b32879c51c751e1dd5558fe2eabb8f158604297d6d072ce2261a1d6830b7cfe2617b57c7126f99c9476211d6161acd75d266da217ec8174b80484c9dc6f0448a0a036a3fc82e8bf54bdb71549368258d5d41f57978a4c266b92e8783ef66350215573d99be4089144b383ad8f3222bae8f3bf80ffb1bb2b":"2aa0340ac9deafe3be38129daca0" generic multi step HMAC-SHA-224 Test Vector NIST CAVS #4 -depends_on:MBEDTLS_MD_CAN_SHA224 +depends_on:PSA_WANT_ALG_SHA_224 md_hmac_multi:MBEDTLS_MD_SHA224:14:"545c6eecc5ee46fa17c59f91a94f81ae":"8fb7f3565593170152ddb2021874784e951977cfdd22f8b72a72a61320a8f2a35697b5e913f717805559b1af1861ee3ed42fb788481e4fd276b17bdbefcae7b4501dc5d20de5b7626dd5efdcd65294db4bdf682c33d9a9255c6435383fa5f1c886326a3acbc6bd50a33ab5b2dbb034ce0112d4e226bbcd57e3731a519aa1d784":"3eb566eac54c4a3a9ef092469f24" generic multi step HMAC-SHA-224 Test Vector NIST CAVS #5 -depends_on:MBEDTLS_MD_CAN_SHA224 +depends_on:PSA_WANT_ALG_SHA_224 md_hmac_multi:MBEDTLS_MD_SHA224:14:"4466ab4dc438841a9750c7f173dff02e":"2534c11c78c99cffaec8f722f04adc7045c7324d58ce98e37cfa94b6ed21ed7f58ce55379ef24b72d6d640ee9154f96c614734be9c408e225d7ba4cecc1179cc9f6e1808e1067aa8f244a99bd0c3267594c1887a40d167f8b7cf78db0d19f97b01fc50b8c86def490dfa7a5135002c33e71d77a8cce8ea0f93e0580439a33733":"59f44a9bbed4875b892d22d6b5ab" generic multi step HMAC-SHA-224 Test Vector NIST CAVS #6 -depends_on:MBEDTLS_MD_CAN_SHA224 +depends_on:PSA_WANT_ALG_SHA_224 md_hmac_multi:MBEDTLS_MD_SHA224:28:"0e3dd9bb5e4cf0f09a4c11600af56d8d":"f4589fa76c328ea25cf8bae582026ba40a59d45a546ff31cf80eb826088f69bb954c452c74586836416dee90a5255bc5d56d3b405b3705a5197045688b32fa984c3a3dfbdc9c2460a0b5e6312a624048bb6f170306535e9b371a3ab134a2642a230ad03d2c688cca80baeaee9a20e1d4c548b1cede29c6a45bf4df2c8c476f1a":"12175b93e3da4c58217145e4dc0a1cf142fab9319bb501e037b350ba" generic multi step HMAC-SHA-224 Test Vector NIST CAVS #7 -depends_on:MBEDTLS_MD_CAN_SHA224 +depends_on:PSA_WANT_ALG_SHA_224 md_hmac_multi:MBEDTLS_MD_SHA224:28:"cda5187b0c5dcb0f8e5a8beed2306584":"9011ae29b44c49b347487ce972965f16ade3c15be0856ce9c853a9739dba07e4f20d594ddc1dfe21560a65a4e458cfa17745575b915a30c7a9412ff8d1d689db9680dd2428c27588bb0dc92d2cd9445fe8f44b840a197c52c3c4333fff45533945134398df6436513cfab06c924046b8c795a5bd92e8d5f2de85bf306f2eed67":"4aaba92b40e2a600feab176eb9b292d814864195c03342aad6f67f08" generic multi step HMAC-SHA-256 Test Vector NIST CAVS #1 @@ -837,31 +837,31 @@ depends_on:MBEDTLS_MD_CAN_SHA1 md_hex:MBEDTLS_MD_SHA1:"8236153781bd2f1b81ffe0def1beb46f5a70191142926651503f1b3bb1016acdb9e7f7acced8dd168226f118ff664a01a8800116fd023587bfba52a2558393476f5fc69ce9c65001f23e70476d2cc81c97ea19caeb194e224339bcb23f77a83feac5096f9b3090c51a6ee6d204b735aa71d7e996d380b80822e4dfd43683af9c7442498cacbea64842dfda238cb099927c6efae07fdf7b23a4e4456e0152b24853fe0d5de4179974b2b9d4a1cdbefcbc01d8d311b5dda059136176ea698ab82acf20dd490be47130b1235cb48f8a6710473cfc923e222d94b582f9ae36d4ca2a32d141b8e8cc36638845fbc499bce17698c3fecae2572dbbd470552430d7ef30c238c2124478f1f780483839b4fb73d63a9460206824a5b6b65315b21e3c2f24c97ee7c0e78faad3df549c7ca8ef241876d9aafe9a309f6da352bec2caaa92ee8dca392899ba67dfed90aef33d41fc2494b765cb3e2422c8e595dabbfaca217757453fb322a13203f425f6073a9903e2dc5818ee1da737afc345f0057744e3a56e1681c949eb12273a3bfc20699e423b96e44bd1ff62e50a848a890809bfe1611c6787d3d741103308f849a790f9c015098286dbacfc34c1718b2c2b77e32194a75dda37954a320fa68764027852855a7e5b5274eb1e2cbcd27161d98b59ad245822015f48af82a45c0ed59be94f9af03d9736048570d6e3ef63b1770bc98dfb77de84b1bb1708d872b625d9ab9b06c18e5dbbf34399391f0f8aa26ec0dac7ff4cb8ec97b52bcb942fa6db2385dcd1b3b9d567aaeb425d567b0ebe267235651a1ed9bf78fd93d3c1dd077fe340bb04b00529c58f45124b717c168d07e9826e33376988bc5cf62845c2009980a4dfa69fbc7e5a0b1bb20a5958ca967aec68eb31dd8fccca9afcd30a26bab26279f1bf6724ff":"11863b483809ef88413ca9b0084ac4a5390640af" generic SHA-224 Test Vector NIST CAVS #1 -depends_on:MBEDTLS_MD_CAN_SHA224 +depends_on:PSA_WANT_ALG_SHA_224 md_hex:MBEDTLS_MD_SHA224:"":"d14a028c2a3a2bc9476102bb288234c415a2b01f828ea62ac5b3e42f" generic SHA-224 Test Vector NIST CAVS #2 -depends_on:MBEDTLS_MD_CAN_SHA224 +depends_on:PSA_WANT_ALG_SHA_224 md_hex:MBEDTLS_MD_SHA224:"ff":"e33f9d75e6ae1369dbabf81b96b4591ae46bba30b591a6b6c62542b5" generic SHA-224 Test Vector NIST CAVS #3 -depends_on:MBEDTLS_MD_CAN_SHA224 +depends_on:PSA_WANT_ALG_SHA_224 md_hex:MBEDTLS_MD_SHA224:"984c":"2fa9df9157d9e027cfbc4c6a9df32e1adc0cbe2328ec2a63c5ae934e" generic SHA-224 Test Vector NIST CAVS #4 -depends_on:MBEDTLS_MD_CAN_SHA224 +depends_on:PSA_WANT_ALG_SHA_224 md_hex:MBEDTLS_MD_SHA224:"50efd0":"b5a9820413c2bf8211fbbf5df1337043b32fa4eafaf61a0c8e9ccede" generic SHA-224 Test Vector NIST CAVS #5 -depends_on:MBEDTLS_MD_CAN_SHA224 +depends_on:PSA_WANT_ALG_SHA_224 md_hex:MBEDTLS_MD_SHA224:"e5e09924":"fd19e74690d291467ce59f077df311638f1c3a46e510d0e49a67062d" generic SHA-224 Test Vector NIST CAVS #6 -depends_on:MBEDTLS_MD_CAN_SHA224 +depends_on:PSA_WANT_ALG_SHA_224 md_hex:MBEDTLS_MD_SHA224:"21ebecb914":"78f4a71c21c694499ce1c7866611b14ace70d905012c356323c7c713" generic SHA-224 Test Vector NIST CAVS #7 -depends_on:MBEDTLS_MD_CAN_SHA224 +depends_on:PSA_WANT_ALG_SHA_224 md_hex:MBEDTLS_MD_SHA224:"fc488947c1a7a589726b15436b4f3d9556262f98fc6422fc5cdf20f0fad7fe427a3491c86d101ffe6b7514f06268f65b2d269b0f69ad9a97847eff1c16a2438775eb7be6847ccf11cb8b2e8dcd6640b095b49c0693fe3cf4a66e2d9b7ad68bff14f3ad69abf49d0aba36cbe0535202deb6599a47225ef05beb351335cd7bc0f480d691198c7e71305ffd53b39d33242bb79cfd98bfd69e137b5d18b2b89ac9ace01c8dbdcf2533cce3682ecc52118de0c1062ec2126c2e657d6ea3d9e2398e705d4b0b1f1ceecb266dffc4f31bf42744fb1e938dc22a889919ee1e73f463f7871fed720519e32186264b7ef2a0e5d9a18e6c95c0781894f77967f048951dec3b4d892a38710b1e3436d3c29088eb8b3da1789c25db3d3bc6c26081206e7155d210a89b80ca6ea877c41ff9947c0f25625dcb118294a163501f6239c326661a958fd12da4cd15a899f8b88cc723589056eaec5aa04a4cf5dbb6f480f9660423ccf38c486e210707e0fb25e1f126ceb2616f63e147a647dab0af9ebe89d65458bf636154a46e4cab95f5ee62da2c7974cd14b90d3e4f99f81733e85b3c1d5da2b508d9b90f5eed7eff0d9c7649de62bee00375454fee4a39576a5bbfdae428e7f8097bdf7797f167686cb68407e49079e4611ff3402b6384ba7b7e522bd2bb11ce8fd02ea4c1604d163ac4f6dde50b8b1f593f7edaadeac0868ed97df690200680c25f0f5d85431a529e4f339089dcdeda105e4ee51dead704cdf5a605c55fb055c9b0e86b8ba1b564c0dea3eb790a595cb103cb292268b07c5e59371e1a7ef597cd4b22977a820694c9f9aeb55d9de3ef62b75d6e656e3336698d960a3787bf8cf5b926a7faeef52ae128bcb5dc9e66d94b016c7b8e034879171a2d91c381f57e6a815b63b5ee6a6d2ff435b49f14c963966960194430d78f8f87627a67757fb3532b289550894da6dce4817a4e07f4d56877a1102ffcc8befa5c9f8fca6a4574d93ff70376c8861e0f8108cf907fce77ecb49728f86f034f80224b9695682e0824462f76cdb1fd1af151337b0d85419047a7aa284791718a4860cd586f7824b95bc837b6fd4f9be5aade68456e20356aa4d943dac36bf8b67b9e8f9d01a00fcda74b798bafa746c661b010f75b59904b29d0c8041504811c4065f82cf2ead58d2f595cbd8bc3e7043f4d94577b373b7cfe16a36fe564f505c03b70cfeb5e5f411c79481338aa67e86b3f5a2e77c21e454c333ae3da943ab723ab5f4c940395319534a5575f64acba0d0ecc43f60221ed3badf7289c9b3a7b903a2d6c94e15fa4c310dc4fa7faa0c24f405160a1002dbef20e4105d481db982f7243f79400a6e4cd9753c4b9732a47575f504b20c328fe9add7f432a4f075829da07b53b695037dc51737d3cd731934df333cd1a53fcf65aa31baa450ca501a6fae26e322347e618c5a444d92e9fec5a8261ae38b98fee5be77c02cec09ddccd5b3de92036":"1302149d1e197c41813b054c942329d420e366530f5517b470e964fe" generic SHA-256 Test Vector NIST CAVS #1 @@ -1061,31 +1061,31 @@ depends_on:MBEDTLS_MD_CAN_SHA1 md_hex_multi:MBEDTLS_MD_SHA1:"8236153781bd2f1b81ffe0def1beb46f5a70191142926651503f1b3bb1016acdb9e7f7acced8dd168226f118ff664a01a8800116fd023587bfba52a2558393476f5fc69ce9c65001f23e70476d2cc81c97ea19caeb194e224339bcb23f77a83feac5096f9b3090c51a6ee6d204b735aa71d7e996d380b80822e4dfd43683af9c7442498cacbea64842dfda238cb099927c6efae07fdf7b23a4e4456e0152b24853fe0d5de4179974b2b9d4a1cdbefcbc01d8d311b5dda059136176ea698ab82acf20dd490be47130b1235cb48f8a6710473cfc923e222d94b582f9ae36d4ca2a32d141b8e8cc36638845fbc499bce17698c3fecae2572dbbd470552430d7ef30c238c2124478f1f780483839b4fb73d63a9460206824a5b6b65315b21e3c2f24c97ee7c0e78faad3df549c7ca8ef241876d9aafe9a309f6da352bec2caaa92ee8dca392899ba67dfed90aef33d41fc2494b765cb3e2422c8e595dabbfaca217757453fb322a13203f425f6073a9903e2dc5818ee1da737afc345f0057744e3a56e1681c949eb12273a3bfc20699e423b96e44bd1ff62e50a848a890809bfe1611c6787d3d741103308f849a790f9c015098286dbacfc34c1718b2c2b77e32194a75dda37954a320fa68764027852855a7e5b5274eb1e2cbcd27161d98b59ad245822015f48af82a45c0ed59be94f9af03d9736048570d6e3ef63b1770bc98dfb77de84b1bb1708d872b625d9ab9b06c18e5dbbf34399391f0f8aa26ec0dac7ff4cb8ec97b52bcb942fa6db2385dcd1b3b9d567aaeb425d567b0ebe267235651a1ed9bf78fd93d3c1dd077fe340bb04b00529c58f45124b717c168d07e9826e33376988bc5cf62845c2009980a4dfa69fbc7e5a0b1bb20a5958ca967aec68eb31dd8fccca9afcd30a26bab26279f1bf6724ff":"11863b483809ef88413ca9b0084ac4a5390640af" generic multi step SHA-224 Test Vector NIST CAVS #1 -depends_on:MBEDTLS_MD_CAN_SHA224 +depends_on:PSA_WANT_ALG_SHA_224 md_hex_multi:MBEDTLS_MD_SHA224:"":"d14a028c2a3a2bc9476102bb288234c415a2b01f828ea62ac5b3e42f" generic multi step SHA-224 Test Vector NIST CAVS #2 -depends_on:MBEDTLS_MD_CAN_SHA224 +depends_on:PSA_WANT_ALG_SHA_224 md_hex_multi:MBEDTLS_MD_SHA224:"ff":"e33f9d75e6ae1369dbabf81b96b4591ae46bba30b591a6b6c62542b5" generic multi step SHA-224 Test Vector NIST CAVS #3 -depends_on:MBEDTLS_MD_CAN_SHA224 +depends_on:PSA_WANT_ALG_SHA_224 md_hex_multi:MBEDTLS_MD_SHA224:"984c":"2fa9df9157d9e027cfbc4c6a9df32e1adc0cbe2328ec2a63c5ae934e" generic multi step SHA-224 Test Vector NIST CAVS #4 -depends_on:MBEDTLS_MD_CAN_SHA224 +depends_on:PSA_WANT_ALG_SHA_224 md_hex_multi:MBEDTLS_MD_SHA224:"50efd0":"b5a9820413c2bf8211fbbf5df1337043b32fa4eafaf61a0c8e9ccede" generic multi step SHA-224 Test Vector NIST CAVS #5 -depends_on:MBEDTLS_MD_CAN_SHA224 +depends_on:PSA_WANT_ALG_SHA_224 md_hex_multi:MBEDTLS_MD_SHA224:"e5e09924":"fd19e74690d291467ce59f077df311638f1c3a46e510d0e49a67062d" generic multi step SHA-224 Test Vector NIST CAVS #6 -depends_on:MBEDTLS_MD_CAN_SHA224 +depends_on:PSA_WANT_ALG_SHA_224 md_hex_multi:MBEDTLS_MD_SHA224:"21ebecb914":"78f4a71c21c694499ce1c7866611b14ace70d905012c356323c7c713" generic multi step SHA-224 Test Vector NIST CAVS #7 -depends_on:MBEDTLS_MD_CAN_SHA224 +depends_on:PSA_WANT_ALG_SHA_224 md_hex_multi:MBEDTLS_MD_SHA224:"fc488947c1a7a589726b15436b4f3d9556262f98fc6422fc5cdf20f0fad7fe427a3491c86d101ffe6b7514f06268f65b2d269b0f69ad9a97847eff1c16a2438775eb7be6847ccf11cb8b2e8dcd6640b095b49c0693fe3cf4a66e2d9b7ad68bff14f3ad69abf49d0aba36cbe0535202deb6599a47225ef05beb351335cd7bc0f480d691198c7e71305ffd53b39d33242bb79cfd98bfd69e137b5d18b2b89ac9ace01c8dbdcf2533cce3682ecc52118de0c1062ec2126c2e657d6ea3d9e2398e705d4b0b1f1ceecb266dffc4f31bf42744fb1e938dc22a889919ee1e73f463f7871fed720519e32186264b7ef2a0e5d9a18e6c95c0781894f77967f048951dec3b4d892a38710b1e3436d3c29088eb8b3da1789c25db3d3bc6c26081206e7155d210a89b80ca6ea877c41ff9947c0f25625dcb118294a163501f6239c326661a958fd12da4cd15a899f8b88cc723589056eaec5aa04a4cf5dbb6f480f9660423ccf38c486e210707e0fb25e1f126ceb2616f63e147a647dab0af9ebe89d65458bf636154a46e4cab95f5ee62da2c7974cd14b90d3e4f99f81733e85b3c1d5da2b508d9b90f5eed7eff0d9c7649de62bee00375454fee4a39576a5bbfdae428e7f8097bdf7797f167686cb68407e49079e4611ff3402b6384ba7b7e522bd2bb11ce8fd02ea4c1604d163ac4f6dde50b8b1f593f7edaadeac0868ed97df690200680c25f0f5d85431a529e4f339089dcdeda105e4ee51dead704cdf5a605c55fb055c9b0e86b8ba1b564c0dea3eb790a595cb103cb292268b07c5e59371e1a7ef597cd4b22977a820694c9f9aeb55d9de3ef62b75d6e656e3336698d960a3787bf8cf5b926a7faeef52ae128bcb5dc9e66d94b016c7b8e034879171a2d91c381f57e6a815b63b5ee6a6d2ff435b49f14c963966960194430d78f8f87627a67757fb3532b289550894da6dce4817a4e07f4d56877a1102ffcc8befa5c9f8fca6a4574d93ff70376c8861e0f8108cf907fce77ecb49728f86f034f80224b9695682e0824462f76cdb1fd1af151337b0d85419047a7aa284791718a4860cd586f7824b95bc837b6fd4f9be5aade68456e20356aa4d943dac36bf8b67b9e8f9d01a00fcda74b798bafa746c661b010f75b59904b29d0c8041504811c4065f82cf2ead58d2f595cbd8bc3e7043f4d94577b373b7cfe16a36fe564f505c03b70cfeb5e5f411c79481338aa67e86b3f5a2e77c21e454c333ae3da943ab723ab5f4c940395319534a5575f64acba0d0ecc43f60221ed3badf7289c9b3a7b903a2d6c94e15fa4c310dc4fa7faa0c24f405160a1002dbef20e4105d481db982f7243f79400a6e4cd9753c4b9732a47575f504b20c328fe9add7f432a4f075829da07b53b695037dc51737d3cd731934df333cd1a53fcf65aa31baa450ca501a6fae26e322347e618c5a444d92e9fec5a8261ae38b98fee5be77c02cec09ddccd5b3de92036":"1302149d1e197c41813b054c942329d420e366530f5517b470e964fe" generic multi step SHA-256 Test Vector NIST CAVS #1 @@ -1197,19 +1197,19 @@ depends_on:MBEDTLS_MD_CAN_SHA1 mbedtls_md_file:MBEDTLS_MD_SHA1:"data_files/hash_file_4":"da39a3ee5e6b4b0d3255bfef95601890afd80709" generic SHA-224 Hash file #1 -depends_on:MBEDTLS_MD_CAN_SHA224 +depends_on:PSA_WANT_ALG_SHA_224 mbedtls_md_file:MBEDTLS_MD_SHA224:"data_files/hash_file_1":"8606da018870f0c16834a21bc3385704cb1683b9dbab04c5ddb90a48" generic SHA-224 Hash file #2 -depends_on:MBEDTLS_MD_CAN_SHA224 +depends_on:PSA_WANT_ALG_SHA_224 mbedtls_md_file:MBEDTLS_MD_SHA224:"data_files/hash_file_2":"733b2ab97b6f63f2e29b9a2089756d81e14c93fe4cc9615c0d5e8a03" generic SHA-224 Hash file #3 -depends_on:MBEDTLS_MD_CAN_SHA224 +depends_on:PSA_WANT_ALG_SHA_224 mbedtls_md_file:MBEDTLS_MD_SHA224:"data_files/hash_file_3":"e1df95867580e2cc2100e9565bf9c2e42c24fe5250c19efe33d1c4fe" generic SHA-224 Hash file #4 -depends_on:MBEDTLS_MD_CAN_SHA224 +depends_on:PSA_WANT_ALG_SHA_224 mbedtls_md_file:MBEDTLS_MD_SHA224:"data_files/hash_file_4":"d14a028c2a3a2bc9476102bb288234c415a2b01f828ea62ac5b3e42f" generic SHA-256 Hash file #1 diff --git a/tests/suites/test_suite_oid.data b/tests/suites/test_suite_oid.data index f8f1d43aa1..b9458d4f05 100644 --- a/tests/suites/test_suite_oid.data +++ b/tests/suites/test_suite_oid.data @@ -67,7 +67,7 @@ depends_on:MBEDTLS_MD_CAN_SHA1 oid_get_md_alg_id:"2b0e03021a":MBEDTLS_MD_SHA1 OID hash id - id-sha224 -depends_on:MBEDTLS_MD_CAN_SHA224 +depends_on:PSA_WANT_ALG_SHA_224 oid_get_md_alg_id:"608648016503040204":MBEDTLS_MD_SHA224 OID hash id - id-sha256 @@ -211,7 +211,7 @@ depends_on:MBEDTLS_MD_CAN_SHA1 mbedtls_oid_get_md_hmac:"2A864886F70D0207":MBEDTLS_MD_SHA1 mbedtls_oid_get_md_hmac - SHA224 -depends_on:MBEDTLS_MD_CAN_SHA224 +depends_on:PSA_WANT_ALG_SHA_224 mbedtls_oid_get_md_hmac:"2A864886F70D0208":MBEDTLS_MD_SHA224 mbedtls_oid_get_md_hmac - SHA256 diff --git a/tests/suites/test_suite_pk.function b/tests/suites/test_suite_pk.function index 38c27e399e..8ac8dbeca2 100644 --- a/tests/suites/test_suite_pk.function +++ b/tests/suites/test_suite_pk.function @@ -171,7 +171,7 @@ /* Get an available MD alg to be used in sign/verify tests. */ #if defined(MBEDTLS_MD_CAN_SHA1) #define MBEDTLS_MD_ALG_FOR_TEST MBEDTLS_MD_SHA1 -#elif defined(MBEDTLS_MD_CAN_SHA224) +#elif defined(PSA_WANT_ALG_SHA_224) #define MBEDTLS_MD_ALG_FOR_TEST MBEDTLS_MD_SHA224 #elif defined(MBEDTLS_MD_CAN_SHA256) #define MBEDTLS_MD_ALG_FOR_TEST MBEDTLS_MD_SHA256 diff --git a/tests/suites/test_suite_pkcs1_v21.data b/tests/suites/test_suite_pkcs1_v21.data index 42450d9583..beef06dda4 100644 --- a/tests/suites/test_suite_pkcs1_v21.data +++ b/tests/suites/test_suite_pkcs1_v21.data @@ -1135,7 +1135,7 @@ depends_on:MBEDTLS_MD_CAN_SHA512 pkcs1_rsassa_pss_verify:1048:"00c75d0f9fa17d1d24b939537a434017f390c6604444c35a13360d6b1fc986baf40159b84275d37b883278df5064dd9eb0f29b0d325acc790c4b59672737dbbf3acb88f5e2f2d54c919cafd072272c494591d52e158993315e71e2ca60b1c74feff8f3d77842b415d4e71734a498206a5cd9315c87b23e583e25eb4ca97056b45c96856d":"010001":MBEDTLS_MD_SHA512:MBEDTLS_MD_SHA512:"353cef1c3aa58b0acc2f53c3aa01bf7d77a65ed9407df668fc29155b11845a72e987e3897cb902c7a4a0267038c1f16bef5df67da50f66a4993ceb4b7234f769":"653df9730e14e03f2ffb3374d6b75295aa4a52c38540b2d501adc1eb659a4d7a050769a3d11d0d5d6f3efb734200ade241fdc271c0f5eeed85b4bf00b2327bc8":"9442a8ec48f87ebc81cc1273b03e528e7643c9e2fcc60ed85827d9341c5a36e5c76059baa8e9891df437e44c4047a266b46bcaaad3de1f1d4d3576defff080b791b013491636187fc45a930b70a533ed92abfd168f050df91b4c35d68d160a243ce589807a7d32661fc18b9547cdc0fd86d33acd349c98b34fb016ddd1bff23c58170e":0 RSASSA-PSS Signature RSA-1024, SHA-224, Salt Length 20 -depends_on:MBEDTLS_MD_CAN_SHA224 +depends_on:PSA_WANT_ALG_SHA_224 pkcs1_rsassa_pss_sign:1024:"e5563b145db6ff5a16280d3e80eff02f181dbd03324ef247f596a4d4a7b8daa32b9934e3c7f4dcf6a3105462dec63839638618418b51db02693fabb4e6838725":"d2a4ec0fa2226cde82da77653b072cd098535d3e90ed4d7224dcb8cb8b9314768dc517e22d7c8fa13f253daa7465a79956098aa4cc3a6e35e8b1fcc4f97e774f":"bcb47b2e0dafcba81ff2a2b5cb115ca7e757184c9d72bcdcda707a146b3b4e29989ddc660bd694865b932b71ca24a335cf4d339c719183e6222e4c9ea6875acd528a49ba21863fe08147c3a47e41990b51a03f77d22137f8d74c43a5a45f4e9e18a2d15db051dc89385db9cf8374b63a8cc88113710e6d8179075b7dc79ee76b":"010001":MBEDTLS_MD_SHA224:MBEDTLS_MD_SHA224:"1698b7da13806451366b9658e44e2c7dc15dc96c588c720c4d5f454c":"6f2841166a64471d4f0b8ed0dbb7db32161da13b":"53d859c9f10abf1c00284a4b55bf2bd84d8e313b4f3c35b8dec7bc3afe39b9b8a155418ead1931895769ce2340be2091f2385bbcf10d9e92bcf5d0e2960d10e792e7d865c64e50d19ffa13e52817d7d8d8db34392c2374a2e9b69184f92a4ad9b1b8bae99ca614d204b65a438e38dbbfc8c7cc44ed5677af70ce6c4f951f0244":20:0 RSASSA-PSS Signature RSA-1024, SHA-256, Salt Length 20 @@ -1151,7 +1151,7 @@ depends_on:MBEDTLS_MD_CAN_SHA512 pkcs1_rsassa_pss_sign:1024:"e5563b145db6ff5a16280d3e80eff02f181dbd03324ef247f596a4d4a7b8daa32b9934e3c7f4dcf6a3105462dec63839638618418b51db02693fabb4e6838725":"d2a4ec0fa2226cde82da77653b072cd098535d3e90ed4d7224dcb8cb8b9314768dc517e22d7c8fa13f253daa7465a79956098aa4cc3a6e35e8b1fcc4f97e774f":"bcb47b2e0dafcba81ff2a2b5cb115ca7e757184c9d72bcdcda707a146b3b4e29989ddc660bd694865b932b71ca24a335cf4d339c719183e6222e4c9ea6875acd528a49ba21863fe08147c3a47e41990b51a03f77d22137f8d74c43a5a45f4e9e18a2d15db051dc89385db9cf8374b63a8cc88113710e6d8179075b7dc79ee76b":"010001":MBEDTLS_MD_SHA512:MBEDTLS_MD_SHA512:"c3366c552451274a4042e4357447786cce3a25a8dbd8cf3c2f8a8ddc02161bda332bb45062f7c61b7aa7a88ed3b5d51b6103abcf1769642b11ab95f92fa39adf":"6f2841166a64471d4f0b8ed0dbb7db32161da13b":"a833ba31634f8773e4fe6ea0c69e1a23766a939d34b32fc78b774b22e46a646c25e6e1062d234ed48b1aba0f830529ff6afc296cc8dc207bbc15391623beac5f6c3db557ca49d0e42c962de95b5ff548cff970f5c73f439cfe82d3907be60240f56b6a4259cc96dfd8fe02a0bfa26e0223f68214428fff0ae40162198cc5cbd1":20:0 RSASSA-PSS Signature RSA-1536, SHA-224, Salt Length 20 -depends_on:MBEDTLS_MD_CAN_SHA224 +depends_on:PSA_WANT_ALG_SHA_224 pkcs1_rsassa_pss_sign:1536:"d3bde85f8718388de38c7e157c7200366224fd446ab590fb31dfd8135d3c561426b9966c164912bf0cd6537e877d59bb21fa3d3c5a6115ce971018db6be1033f14a4bb5849ccb070eb83838394e9d0851f3a33c43f48935a01c31c6fea72a6dd":"c342842ed13979fe948de3d31c21e5d4407db5f08524a1d04221500901e44b95274cbb84d80575ef1514332e27b0244a4154a8b561125439772a3d2fc9db73f19679cb92f9c5b5388154b0180aa339ff0bbec819da8a84d2bb617542cf097a8d":"a180ac4b5186df0b7b1cb7a95746a5af411efa16d1aed12468de15b747a0ff32c215dd08a99287b7788e91542d9059940e4b610f741cb9c7a86b4aa0b45a7b38450b6ea25070f98e70bb7833aecd1834a8e591bea207ec55d403c76213bd9f700ce25adb265ad383c443ed7a87a57d7e5c6495c32f51ae0cc8784352cfc56f2029cdd323393a153193f41f0408cdcd5b344d20942413bd97c3b0c04ab584f685b0e796ce9b5a0cf64441f00ee7586c62fe8442d522f7c6e3f314f84d557039b9":"010001":MBEDTLS_MD_SHA224:MBEDTLS_MD_SHA224:"5c69f2cc59e63b6f9ee0c954d2b7db7e4d63b7e2347f8791f1353d31":"6f2841166a64471d4f0b8ed0dbb7db32161da13b":"1d85cec0da1a74825ab796480c6e1235808387106ac1411d68f313246c65040111d74a9a45ebae10ac7686fddf4a340c4f9d24685d708bbf7b0ab4563794f5f90e0405b5d7d56c998e996b8bde2b022ae45fecf29a21836fcf362042e77e13cbf67b8a4da3f1e378dfcab2143aa8b9a145c2ee7d593e31626baa47fe623a3c3f859bb63e9336e11c5ff398a6597623318e098230b09e553ba0a4257692a0bc0a1ce1c17b2d541b52d134627229c141d351c16f1bdfe33384a9e163ecaa13e2fa":20:0 RSASSA-PSS Signature RSA-1536, SHA-256, Salt Length 20 @@ -1167,7 +1167,7 @@ depends_on:MBEDTLS_MD_CAN_SHA512 pkcs1_rsassa_pss_sign:1536:"d3bde85f8718388de38c7e157c7200366224fd446ab590fb31dfd8135d3c561426b9966c164912bf0cd6537e877d59bb21fa3d3c5a6115ce971018db6be1033f14a4bb5849ccb070eb83838394e9d0851f3a33c43f48935a01c31c6fea72a6dd":"c342842ed13979fe948de3d31c21e5d4407db5f08524a1d04221500901e44b95274cbb84d80575ef1514332e27b0244a4154a8b561125439772a3d2fc9db73f19679cb92f9c5b5388154b0180aa339ff0bbec819da8a84d2bb617542cf097a8d":"a180ac4b5186df0b7b1cb7a95746a5af411efa16d1aed12468de15b747a0ff32c215dd08a99287b7788e91542d9059940e4b610f741cb9c7a86b4aa0b45a7b38450b6ea25070f98e70bb7833aecd1834a8e591bea207ec55d403c76213bd9f700ce25adb265ad383c443ed7a87a57d7e5c6495c32f51ae0cc8784352cfc56f2029cdd323393a153193f41f0408cdcd5b344d20942413bd97c3b0c04ab584f685b0e796ce9b5a0cf64441f00ee7586c62fe8442d522f7c6e3f314f84d557039b9":"010001":MBEDTLS_MD_SHA512:MBEDTLS_MD_SHA512:"9a89e38ce0fe8b008f58c3c07621fcf18e76ca5d304f17fbb52d82d8368425ec305e20b70b839fcad3511a194e99e907e3f0e2a801c0b9cd4497c4a0bdf1ea49":"6f2841166a64471d4f0b8ed0dbb7db32161da13b":"32e688063ea24ccb2ca998fb7091877c103ce6576b11a175bc896af454042a5731b91c1c58b4d8e38f0619f6ddc8ced6b5397545f9571a4c90767593d11c00b75eb58a0ae4932265f0ab1790be2c83dff65357a301b3b3e2ee2e3683afe0b4b35ee8b6e58a96b4009c98d8faba75f86ffb548f0501884f3528d8eabad353e28d0132c4c01fa3af5dec922f02eff22020481615e4cd35b9eccfd711cb3b0d65af95c0637d79aaa2433f2854de3560adb284248bac8cbd4717317011a5159c93ed":20:0 RSASSA-PSS Signature RSA-2048, SHA-224, Salt Length 20 -depends_on:MBEDTLS_MD_CAN_SHA224 +depends_on:PSA_WANT_ALG_SHA_224 pkcs1_rsassa_pss_sign:2048:"f7b664093cabf8334b1c0ff824564db5c13f941a279733893a7e5abed536d2b51a2beac80730b5194a0c722f57354ce4b7db447ea3286b1cd1c754548ea3c91a0df1bde3ff70820b63ef3c74a0119671d14db3e2603868a0d607a81bf14f3f41f810c3a24bf52a94f9b694078a556194dd0cb36c56a91846d3569096c631b61f":"e0a1111aa114d5b1702e34d29565d65320e05c21d794f38572ad28a60b2ffe50d0dd3df3fb5a0eef048ec50e144bfe52be30ebf2eaceec9f110a600bb0c2bcacf6b4dabec09b9387c89a8fde19de5ceec780be38dca846d795f82608cf2844e9bced8d81da2d9258c3ef412154f9e590a158ea0ad9180ac6a798614ba3410937":"d95b71c9dfee453ba1b1a7de2c1f0b0a67579ee91d1d3ad97e481829b86edac750c48e12a8cdb026c82f273dafc222009f0db3b08b2db10a69c4b2dddaaeceac1b0c862682eef294e579f55aab871bc0a7eeabc923c9e80dddc22ec0a27002aee6a5ba66397f412bbaf5fb4eaf66a1a0f82eaf6827198caf49b347258b1283e8cbb10da2837f6ecc3490c728fe927f44455a6f194f3776bf79151d9ad7e2daf770b37d12627cc0c5fb62484f46258d9ce2c11b26256d09cb412f8d8f8f1fe91bb94ac27de6d26a83a8439e51b35dbee46b3b8ff991d667bb53eeee85ff1652c8981f141d47c8205791cef5b32d718ddc082ed0dd542826416b2271064ef437a9":"010001":MBEDTLS_MD_SHA224:MBEDTLS_MD_SHA224:"b777a83dd25a4fa36a5ea663aa16403c67368e4711e8c121b01f83ac":"6f2841166a64471d4f0b8ed0dbb7db32161da13b":"cd1fe0acb89969ae139c178bfef1cc982993521b3a020ec847c89c0cc6c869d970f43f018d495b9e991457e7501a344c33c376fd2efcf05ad6eb2bd0b3c0e7cc3c88a4124398ca16585490a0817a36149cc82cdc01b20e9026261215dd06f9db4e13613c6a569c2187a0e00bc63c281149433ac7f061bd218e79f8eca9dd9c93ebc3cc013bf27aa0bf286e124593e76d3c7012f97ae1d0c4bf5823cf17fe76d505a54cef174add58ae616f47de825049e9916bf2ab7de4d443745763b0c314cfae3a6e57ad475cc5fae47cddcad7b526c2154a15f9ee8eab02f4c36f7a41d7a19b23c5996b627270ceb2c0dbed1a6b6dd2ff94868e073cb7b1a1fa3429e487ae":20:0 RSASSA-PSS Signature RSA-2048, SHA-256, Salt Length 20 @@ -1183,7 +1183,7 @@ depends_on:MBEDTLS_MD_CAN_SHA512 pkcs1_rsassa_pss_sign:2048:"f7b664093cabf8334b1c0ff824564db5c13f941a279733893a7e5abed536d2b51a2beac80730b5194a0c722f57354ce4b7db447ea3286b1cd1c754548ea3c91a0df1bde3ff70820b63ef3c74a0119671d14db3e2603868a0d607a81bf14f3f41f810c3a24bf52a94f9b694078a556194dd0cb36c56a91846d3569096c631b61f":"e0a1111aa114d5b1702e34d29565d65320e05c21d794f38572ad28a60b2ffe50d0dd3df3fb5a0eef048ec50e144bfe52be30ebf2eaceec9f110a600bb0c2bcacf6b4dabec09b9387c89a8fde19de5ceec780be38dca846d795f82608cf2844e9bced8d81da2d9258c3ef412154f9e590a158ea0ad9180ac6a798614ba3410937":"d95b71c9dfee453ba1b1a7de2c1f0b0a67579ee91d1d3ad97e481829b86edac750c48e12a8cdb026c82f273dafc222009f0db3b08b2db10a69c4b2dddaaeceac1b0c862682eef294e579f55aab871bc0a7eeabc923c9e80dddc22ec0a27002aee6a5ba66397f412bbaf5fb4eaf66a1a0f82eaf6827198caf49b347258b1283e8cbb10da2837f6ecc3490c728fe927f44455a6f194f3776bf79151d9ad7e2daf770b37d12627cc0c5fb62484f46258d9ce2c11b26256d09cb412f8d8f8f1fe91bb94ac27de6d26a83a8439e51b35dbee46b3b8ff991d667bb53eeee85ff1652c8981f141d47c8205791cef5b32d718ddc082ed0dd542826416b2271064ef437a9":"010001":MBEDTLS_MD_SHA512:MBEDTLS_MD_SHA512:"7641739d2f4fc0eba07e212218af4d77e78ae3a225ef253a7ec96215a1197e681a93fd534288cda156f216d21f02b2dc60b49c41874c26c0a2be0aca13babc53":"6f2841166a64471d4f0b8ed0dbb7db32161da13b":"2cdb0d5ea5f0aad1f7af8108bff56eec5c0dcd0522c5dc6ae4c6e0f66821cdf698ccfeace65fd6e47f95febd879e580e5ee648972cc265f9a117fc720db4f2545a432eae24a367b0aaa70a011ac8fdec94a95c3cd48cfa7102de8dc26c877e974688b3919de6cf06e27028995ac85da88cb3851a5761e17f215e5c593e13e481088c7d747ecb34d3ce61a5b56eb2a65be5363363294eb365f83c4c709644d857e2ccb14a5851724420fc81178144ef3f9e1138b5750eb7196eba3319d799c3494a7e399115a62b1ca4f1d5da079b495d35fd651a1de78d54000b06bdd3122d7404013f2ed8fdf8a7d012f9812b8e4c2e0b24192d5f899d70a3cc5c7e08c81be7":20:0 RSASSA-PSS Signature RSA-3072, SHA-224, Salt Length 20 -depends_on:MBEDTLS_MD_CAN_SHA224 +depends_on:PSA_WANT_ALG_SHA_224 pkcs1_rsassa_pss_sign:3072:"ca7b50c5f65f2115fea7691f7d90c124866e774e68e9eb89306538956fc217593d46017b7dd7942d636e384a34c802a14d5fd9916798d7d6193ef1a29e2fdbefd955261496d8ac9713922d43bfc43a7a410752ccbc854cc85268f411e793f9b5279007bbcaca30fb16fd9033a6ea31566b4f2c27f0161107e2cd890bcf563a522ee0eb96a016e9007595a94172a4aeded11fadcb8ab5f03cd154f8b8e0e0666ff62b1ccda02599ea44bbfcfaea541a5ac26bf267a56a8177a50f6b87b460a54d":"c591723042d4b8737f4ef9dfeb40c6d62d439ee8688158a4be24c0ad130f851113cc53d776c63cd782b95ccfd266bdb2578b78439c121de34e8955a7fbd2c6ae1a1c37b24c12f5dce15175dd9e203a3abd5bf9e736b1fc183d10c4540c5cf2cbe26768e94c1eab2ba3008b32d6d50716699c6bfcbec5bbeb94a054dbcd16d10f74972ca5fe53256cd0ade8f502eceaed633414a9bdb623035a234f65c6662a23d792cc0eeb21a1f55ebca26ffa1c56c96fbb7d870fc3ffb181de8398238ab1b5":"9c43ef522cab18022297d3d70fa491d03b975b844b76cedba35d8d885ddb2825e31fd5c101bd9e9a215520bb8cdddeb6ab2cf2dc86065179477d80f733016929d7334cdfdf818c1378a4b9428fa1ee2e525321f905d0b949d3abc9e93d3f30b077795338bd55c28a1ced134bb2d575bfa44b2fd8cf1d5c54168a12a1d6c511f62ca973cdb704c233487e1fd39e5adc8870af352ec3c6a6a64152fc82a1c16ecc43d1d5817f76a1b46a5fab9db8923311edd3cc032fed7eb6252e77db69d7bf9ee35dc4ddd0fbdb9a76afe25a82f4495aa4f072cef9b1247cb368bcc8677565a47095242702e6341281f506805e20e8c89e9af28adff21c804c70cab10ee2fe5212ec07987d13e7d4b60529611e4d33a062d724cdfb16cdc48b964ba07dfa2620d5a8805d0be93380850c66f3fada059802a5946bfe3b0b10e19a8289ec01f6514abb883bb53c49dadbba42d412ea264c8a5122fda1ea9b742289642b0ea34ceb76ae8256a97845d37594cfbff8c7a4430176223bacc3bef395ceda13fd211c71":"010001":MBEDTLS_MD_SHA224:MBEDTLS_MD_SHA224:"f145387c7a70e478968e238037e8d561b1665e0e15ac547ed4a72ea1":"6f2841166a64471d4f0b8ed0dbb7db32161da13b":"7171c74df24272dfe6b34db78f24507a68062bd791f68796d5001be354de6fddab81e9252e151884f4cc1f3cd3e7760e263c0c34e63c557eb32c8336e0cef40855c5e279dbba3170da5a14ac60e4cc8d402633a383b88709f3306fb02708e39f3039e7e614edcb89609c8c71137de5211659a41e9e5682cfe0463f3bc97558d3bf77bd798976f09db69153123923835ac9bbd7648c2773e38b5228640fde6df005e9f44819eca31f41ccddbd45d61ae7e1ed0640f0736f52bf5fc1c62f5430de6a96d5aabccfcfef508ac299c7f3f0f7d222ef1f19b288273690b3275b68f874301afa95d243316284ed117bded69da11f5ce1435dd67717bae82ed468ff1b6ac7f2483397d310ffe91775189f671a82b493039d8c233830d20e290bc9be880a47f0b36bf2e1da2c1f23dafeb9f42d9f084feb808a98e894e8501937ba932594a6d202e20a0afddcef8fa48c1682d3179edebf8ea44ea1216a2f55c305cdf487249010909fa8a21d9ba9e3dbbeec046a823922390b7d902d77ec176bb447b05d":20:0 RSASSA-PSS Signature RSA-3072, SHA-256, Salt Length 20 @@ -1199,7 +1199,7 @@ depends_on:MBEDTLS_MD_CAN_SHA512 pkcs1_rsassa_pss_sign:3072:"ca7b50c5f65f2115fea7691f7d90c124866e774e68e9eb89306538956fc217593d46017b7dd7942d636e384a34c802a14d5fd9916798d7d6193ef1a29e2fdbefd955261496d8ac9713922d43bfc43a7a410752ccbc854cc85268f411e793f9b5279007bbcaca30fb16fd9033a6ea31566b4f2c27f0161107e2cd890bcf563a522ee0eb96a016e9007595a94172a4aeded11fadcb8ab5f03cd154f8b8e0e0666ff62b1ccda02599ea44bbfcfaea541a5ac26bf267a56a8177a50f6b87b460a54d":"c591723042d4b8737f4ef9dfeb40c6d62d439ee8688158a4be24c0ad130f851113cc53d776c63cd782b95ccfd266bdb2578b78439c121de34e8955a7fbd2c6ae1a1c37b24c12f5dce15175dd9e203a3abd5bf9e736b1fc183d10c4540c5cf2cbe26768e94c1eab2ba3008b32d6d50716699c6bfcbec5bbeb94a054dbcd16d10f74972ca5fe53256cd0ade8f502eceaed633414a9bdb623035a234f65c6662a23d792cc0eeb21a1f55ebca26ffa1c56c96fbb7d870fc3ffb181de8398238ab1b5":"9c43ef522cab18022297d3d70fa491d03b975b844b76cedba35d8d885ddb2825e31fd5c101bd9e9a215520bb8cdddeb6ab2cf2dc86065179477d80f733016929d7334cdfdf818c1378a4b9428fa1ee2e525321f905d0b949d3abc9e93d3f30b077795338bd55c28a1ced134bb2d575bfa44b2fd8cf1d5c54168a12a1d6c511f62ca973cdb704c233487e1fd39e5adc8870af352ec3c6a6a64152fc82a1c16ecc43d1d5817f76a1b46a5fab9db8923311edd3cc032fed7eb6252e77db69d7bf9ee35dc4ddd0fbdb9a76afe25a82f4495aa4f072cef9b1247cb368bcc8677565a47095242702e6341281f506805e20e8c89e9af28adff21c804c70cab10ee2fe5212ec07987d13e7d4b60529611e4d33a062d724cdfb16cdc48b964ba07dfa2620d5a8805d0be93380850c66f3fada059802a5946bfe3b0b10e19a8289ec01f6514abb883bb53c49dadbba42d412ea264c8a5122fda1ea9b742289642b0ea34ceb76ae8256a97845d37594cfbff8c7a4430176223bacc3bef395ceda13fd211c71":"010001":MBEDTLS_MD_SHA512:MBEDTLS_MD_SHA512:"c57911bf353ef106479bd0ac85a4f70b6d3298f8e5882c5d0bfb28cb6f27129ae53b4fab702ccd3d5457d5fd662d29f34b445e60fc5da3c0c943cee17b81e255":"6f2841166a64471d4f0b8ed0dbb7db32161da13b":"607b7731ecb232f9b8e9ea03be28cc1e948acc3ec12a1222ba0f63935440c3effeaf460d7066d260d174d0ed18a9193550000c2fa0119712fb1ab1e27b4e6f5f84be9b63a1ede17a01174060e2d9e46121cc5d10515a342a26649539341eb1b44b82e346a0102e7ca45be3149b5f1444bd7fdf43da441c59deb37da9a223bcd7a8244237bb5404ea532eb470e80891c0fe9403d12734100284e99cfd96de2ab4058529d91bf348c6cbdb7fcfeea3f9925e93efd6adb3ef6946008738f4577a49c42ac0203a2d982fd77cb421ae030b81b97dd04490605179626903471cf68835dd5e4ac41acfe54e048878df89db9c2de5f1e822266c325e0be0991c7f18cd3de4b2110e14f56100e45f8ba19edf917150c2074f379293f73cb587ff77ad63e4cbec9eeaed77ca90261b2813ae8e6533b09b223a68abe2beeec888088ff91fea5c63de3b55238aef018c368f98651572bc7b8cf3d14c15b24bb5534ae07a6c4c9d5ecd0b86961b550859036ba6fa8e50d06228d89bcc943581b26e302795d1e3":20:0 RSASSA-PSS Signature RSA-4096, SHA-224, Salt Length 20 -depends_on:MBEDTLS_MD_CAN_SHA224 +depends_on:PSA_WANT_ALG_SHA_224 pkcs1_rsassa_pss_sign:4096:"f00102d29990fb36bf66dcab57fa4e05745e307c031fe6acb86df4e0487bcb8fd929e227b6e1090a48befbd642f432ea1b6cff26c1aed9f18c04f68170dc1857786faa086fa00b43e0272a1042ee53566cbb48a04f109420e3501cf56222f7a9b51a7ffe2b97a8ea71e791e0bfb259514f953473130dbe41a7978fc385150f8f78748b90538c8906e24759ce2106ede4ac40eb26776cff5abf227673407d0910a9c3f6464d48569f1b8faa62d0b3b7156b059441e1f701751339fa8dfd218c343050e8a88293b6be0407ab2534815eee742c574cbb7469998b23439a23ca4104f563883f5a35ab88d789dcba4073aebf2e1855abb839908874c1a10f150d56b7":"dda4491b56bdad20f032c8a61bc326995ee7353c3f1b4c1e677aeb4b028e45bf6566fb20f3e82bac4169a970787b8cbafb06edd24a9bebe52704f242f7203ec96aee9a9f5ee76e270191f82e3651da663b80d51688c2d40ffa932ce2302322503664ae0260617e7b79d13e4a1dec1784647d7571c1390e86294f20937740f93e0ff1bdb0c1ff648ef152022bf5f54bfcbf24564cbca7a130fb5f56be921fcc7a3ebd51114968274ab13bcc3986137eb6949eff0d42b596f7baec56c94a67a2ec0aeff18dc044cf9500b525dc98efb9992b13f81e1b0bf4c2ac1da91e67c0847cbdaf268ced549c2febd08b661140af9bf45458d13d4717eb61de86b555856ad5":"cfcae49f88b80dc12186d53c57162dbecba6e348094f9fb3743e39d99d5355d87e3efca9d488d39d705671e58634309cbd7cf53fccd52d9a84edb99ffdad0680e9ec826d625728370717b39321c7d4b6882785cf6884275f6c7b6d681bfa710593679e99b67d5bc28121dd603617dc8cfdb2557c2a04533893f593f0f7e59cbe6d46623d22642a7161a4c685b293c7edcc9aaec48e3810ec74a884a41108610d000b591fbf5da44b5501e63781264edf3c73706321ecf44d0e14b5932a2d69ca3d180c5cee86b4ccad850c766e0beb5f20e6b142055d551aeb453bd099eac67eb92cf13e34ef0d0e34fc599a6e5d4d14f74e08190c66c66ad3473de9ae8f53dd2c1c0c41f4b4a8d4690f4b77354c76e05ab76b7a6c7c9edf0955fee799a2bb42c86c6a06631398d38cceb71ec9aaa9a0fb83850f62342f3f781f9d453229b1a709bbce83a44c225ebffd4f518f94a7935f4669f65d02ff3defbbd1d5efd9191365808cdf9460371ede1eae735af03f21431239d5cd57cc0cc88fb3965d187eba98359409aaa944a7af8e85e20b67c43c82e78fa967fc0d629bcd7483d17dcaa25915571a15c3f0c730e81095139d71a28858dd9d83b65bf9c9273a8a40b12a2c87107a71f984818f7dc766374d31b4c3a1d284adb2a17f8ac85dbe3f58cf78b14c0fdce00a79daf348aa0557290ef5f9dd305c15fa73d40c6822b75fda13ec43":"010001":MBEDTLS_MD_SHA224:MBEDTLS_MD_SHA224:"bb21ead0163de468ab3580ab57c7959cc1db437d6f2f47a878dc19bc":"6f2841166a64471d4f0b8ed0dbb7db32161da13b":"3742d8a9627e2e10145c31a3548977f87f8019b1d9093c42f806c8df5ef7fad8330e2a05846c346cb64d9e8af2cd3806eb0df40cd097b3f8841525786ed53746498aa565f8945cf55e24944e8e3d86eb219f65c3385e1e7d45fe3a403773f3057bf22839d5903cd64c95a417c00b429ee068f0fe8ec17305a122979cabee8c3ad31b597da7c71fa1db3da842f7f7048f4396e1768197ccd84c5d9a0450d66f0bc88da7605cc8cdfe52bce60793704dafea504349ff14c481bea73dd761c848387d12f2d1b9227a959fec8b9eef0e9780cb6a427af946597d7e6059a07d50e878d7ae14eed8b571ac88e1c5d1a00d16c0de1c5148ec5781036676c6355e0cbca06346eebaf6c7de938cedd47a244f908ba1189bfbd97bd2667e8eba95e007a64b165dbfc4bf35878cd606732fd469f922ec141e5bc6a7d5c1875233cff612d336c28466c271764ef94e9c07e701923f1f68f39e2f003487dbe41d5505862eb4e90402e50f7b3cb918ef3eff893d0f00b203e2a511cfea4ca54c043ed0598d022c947cad5129fc47f5e79db97a0eea5afd7bb801a367a7bb8d929de1c12a54865e1e183ed926bb8da9d454c7a52b30cfcfe9ed3479799276f4a65b30f430e61fcf520e46e4eb9bea59ba064e7c9c72c9b58bf4ff633897d3ea46d989cec31ce4fc32e46e5a3d1805c35a30b387fb77afe20dba19be37252e40b252d346b69d3cf2":20:0 RSASSA-PSS Signature RSA-4096, SHA-256, Salt Length 20 @@ -1215,7 +1215,7 @@ depends_on:MBEDTLS_MD_CAN_SHA512 pkcs1_rsassa_pss_sign:4096:"f00102d29990fb36bf66dcab57fa4e05745e307c031fe6acb86df4e0487bcb8fd929e227b6e1090a48befbd642f432ea1b6cff26c1aed9f18c04f68170dc1857786faa086fa00b43e0272a1042ee53566cbb48a04f109420e3501cf56222f7a9b51a7ffe2b97a8ea71e791e0bfb259514f953473130dbe41a7978fc385150f8f78748b90538c8906e24759ce2106ede4ac40eb26776cff5abf227673407d0910a9c3f6464d48569f1b8faa62d0b3b7156b059441e1f701751339fa8dfd218c343050e8a88293b6be0407ab2534815eee742c574cbb7469998b23439a23ca4104f563883f5a35ab88d789dcba4073aebf2e1855abb839908874c1a10f150d56b7":"dda4491b56bdad20f032c8a61bc326995ee7353c3f1b4c1e677aeb4b028e45bf6566fb20f3e82bac4169a970787b8cbafb06edd24a9bebe52704f242f7203ec96aee9a9f5ee76e270191f82e3651da663b80d51688c2d40ffa932ce2302322503664ae0260617e7b79d13e4a1dec1784647d7571c1390e86294f20937740f93e0ff1bdb0c1ff648ef152022bf5f54bfcbf24564cbca7a130fb5f56be921fcc7a3ebd51114968274ab13bcc3986137eb6949eff0d42b596f7baec56c94a67a2ec0aeff18dc044cf9500b525dc98efb9992b13f81e1b0bf4c2ac1da91e67c0847cbdaf268ced549c2febd08b661140af9bf45458d13d4717eb61de86b555856ad5":"cfcae49f88b80dc12186d53c57162dbecba6e348094f9fb3743e39d99d5355d87e3efca9d488d39d705671e58634309cbd7cf53fccd52d9a84edb99ffdad0680e9ec826d625728370717b39321c7d4b6882785cf6884275f6c7b6d681bfa710593679e99b67d5bc28121dd603617dc8cfdb2557c2a04533893f593f0f7e59cbe6d46623d22642a7161a4c685b293c7edcc9aaec48e3810ec74a884a41108610d000b591fbf5da44b5501e63781264edf3c73706321ecf44d0e14b5932a2d69ca3d180c5cee86b4ccad850c766e0beb5f20e6b142055d551aeb453bd099eac67eb92cf13e34ef0d0e34fc599a6e5d4d14f74e08190c66c66ad3473de9ae8f53dd2c1c0c41f4b4a8d4690f4b77354c76e05ab76b7a6c7c9edf0955fee799a2bb42c86c6a06631398d38cceb71ec9aaa9a0fb83850f62342f3f781f9d453229b1a709bbce83a44c225ebffd4f518f94a7935f4669f65d02ff3defbbd1d5efd9191365808cdf9460371ede1eae735af03f21431239d5cd57cc0cc88fb3965d187eba98359409aaa944a7af8e85e20b67c43c82e78fa967fc0d629bcd7483d17dcaa25915571a15c3f0c730e81095139d71a28858dd9d83b65bf9c9273a8a40b12a2c87107a71f984818f7dc766374d31b4c3a1d284adb2a17f8ac85dbe3f58cf78b14c0fdce00a79daf348aa0557290ef5f9dd305c15fa73d40c6822b75fda13ec43":"010001":MBEDTLS_MD_SHA512:MBEDTLS_MD_SHA512:"ebbca26fb18da6226cc47dea14c57d9f3c935cb449462cc9446689577031ebc915fdd09cdb79d4703a53eb5dd447852f3bc72f974487ffb998cbe996d206c80c":"6f2841166a64471d4f0b8ed0dbb7db32161da13b":"6edfb6bfb20da2621e7ca0b8e13bfc3801d8bcb43ef3822be960b96a67d3e8afbbe2ef22e206b328ce99dd8f9758052d42a8ee93e16d8e160a50687e8ffce72d258610064ebde4c4cc2ab96c8e516ec2c1eed816c8e6ac537a0570c9eff81a38147bcd8f4747390676f9d755f613687ac59dbac14f69ca6e56a26727699fa11c200eb77339ead56fc6883acf9b92c6deb6f4d79f82ccdc493fedc6165f78c174adcf32941eeb237a4ae369dbbafb4553c98e413823f6f46da0d47d47a164b792aaf1324a8be4f01601bceb809f8c08f3458b1de2c6378cf93fb293212f6bd4a7b1fd1bfa14a1af29575a5ecc4281420179758e96b4465ec07f6cce4e5e5c2307d531e400e494725eb7dceb1d8dac1000d92f62f319534063c01aec9c6ec0c7675351f2883e462b0454db364f03700d6593c9be195fbea5800ebb81578c765409ac2c37f78fabe8783c5d324fa4dfabe4f192866e34037901615304237f08028a75f00a3904bea03219ef9dbfeb48d10ec59d481eb0429cfc9ae835cc578377e61023d5ceedfd3d0a05aceddb274c13782dda9299d6197519e14791208f8d86d63e0ab7fb42a1e14f8f37f49732e23d4b7d4f07cd0bc828649a12748e8d70f53683580bca87290992a349730370bbed6ed743e705759734872c54ff03c1a97037a7b9ee3c8c42d12c3ebe0c1bf3b42854d04a9177d1a24000bd388fa289fd77d5":20:0 RSASSA-PSS Signature RSA-2048, SHA-224, Salt Length 15 -depends_on:MBEDTLS_MD_CAN_SHA224 +depends_on:PSA_WANT_ALG_SHA_224 pkcs1_rsassa_pss_sign:2048:"e28da1aa250390bc8fd27d6f601830febbdd5a309bcd5d1d3cebda111110851563d1fb4d141e8129bf25721aa144b104b7c5adbb8540f02a7402788ae72c93c9f59d6d1bcf1541c3354b5cd3dcb91e35ed100d78857cf2ab6ed04b2dc1cc81fa1307bb18c635fdacfb7f656d0b4743d9f487048a8aaf5d5ec6fd09a01b28d4b1":"dea1faf22b760cbfa9ba11a486edd9b9faee04f22f15abfff5b2c079a2c932cfa641660da16213adfbbb568ecbaac18511031f428cd3ae4e0bf01928a1db6360511c26501c7bda7bf4fc4cc792d79efb86ec15ba2fc82aa41bce08e0807859a41b57e9e3f15804c81bf8ed017dea62e53489f955949651ddcb1da5297465ac9f":"c5062b58d8539c765e1e5dbaf14cf75dd56c2e13105fecfd1a930bbb5948ff328f126abe779359ca59bca752c308d281573bc6178b6c0fef7dc445e4f826430437b9f9d790581de5749c2cb9cb26d42b2fee15b6b26f09c99670336423b86bc5bec71113157be2d944d7ff3eebffb28413143ea36755db0ae62ff5b724eecb3d316b6bac67e89cacd8171937e2ab19bd353a89acea8c36f81c89a620d5fd2effea896601c7f9daca7f033f635a3a943331d1b1b4f5288790b53af352f1121ca1bef205f40dc012c412b40bdd27585b946466d75f7ee0a7f9d549b4bece6f43ac3ee65fe7fd37123359d9f1a850ad450aaf5c94eb11dea3fc0fc6e9856b1805ef":"86c94f":MBEDTLS_MD_SHA224:MBEDTLS_MD_SHA224:"3be4397c9467ec90f5d5640834f6e9febee4ce2477aa3f385cab9435":"463729b3eaf43502d9cff129925681":"7e628bcbe6ff83a937b8961197d8bdbb322818aa8bdf30cdfb67ca6bf025ef6f09a99dba4c3ee2807d0b7c77776cfeff33b68d7e3fa859c4688626b2441897d26e5d6b559dd72a596e7dad7def9278419db375f7c67cee0740394502212ebdd4a6c8d3af6ee2fd696d8523de6908492b7cbf2254f15a348956c19840dc15a3d732ef862b62ede022290de3af11ca5e79a3392fff06f75aca8c88a2de1858b35a216d8f73fd70e9d67958ed39a6f8976fb94ec6e61f238a52f9d42241e8354f89e3ece94d6fa5bfbba1eeb70e1698bff31a685fbe799fb44efe21338ed6eea2129155aabc0943bc9f69a8e58897db6a8abcc2879d5d0c5d3e6dc5eb48cf16dac8":15:0 RSASSA-PSS Signature RSA-2048, SHA-384, Salt Length 25 diff --git a/tests/suites/test_suite_pkcs5.data b/tests/suites/test_suite_pkcs5.data index 52e682321f..bfce841e4e 100644 --- a/tests/suites/test_suite_pkcs5.data +++ b/tests/suites/test_suite_pkcs5.data @@ -19,23 +19,23 @@ depends_on:MBEDTLS_MD_CAN_SHA1 pbkdf2_hmac:MBEDTLS_MD_SHA1:"7061737300776f7264":"7361006c74":4096:16:"56fa6aa75548099dcc37d7f03425e0c3" PBKDF2 Python hashlib Test Vector #1 (SHA224) -depends_on:MBEDTLS_MD_CAN_SHA224 +depends_on:PSA_WANT_ALG_SHA_224 pbkdf2_hmac:MBEDTLS_MD_SHA224:"70617373776f7264":"73616c74":1:20:"3c198cbdb9464b7857966bd05b7bc92bc1cc4e6e" PBKDF2 Python hashlib Test Vector #2 (SHA224) -depends_on:MBEDTLS_MD_CAN_SHA224 +depends_on:PSA_WANT_ALG_SHA_224 pbkdf2_hmac:MBEDTLS_MD_SHA224:"70617373776f7264":"73616c74":2:20:"93200ffa96c5776d38fa10abdf8f5bfc0054b971" PBKDF2 Python hashlib Test Vector #3 (SHA224) -depends_on:MBEDTLS_MD_CAN_SHA224 +depends_on:PSA_WANT_ALG_SHA_224 pbkdf2_hmac:MBEDTLS_MD_SHA224:"70617373776f7264":"73616c74":4096:20:"218c453bf90635bd0a21a75d172703ff6108ef60" PBKDF2 Python hashlib Test Vector #5 (SHA224) -depends_on:MBEDTLS_MD_CAN_SHA224 +depends_on:PSA_WANT_ALG_SHA_224 pbkdf2_hmac:MBEDTLS_MD_SHA224:"70617373776f726450415353574f524470617373776f7264":"73616c7453414c5473616c7453414c5473616c7453414c5473616c7453414c5473616c74":4096:25:"056c4ba438ded91fc14e0594e6f52b87e1f3690c0dc0fbc057" PBKDF2 Python hashlib Test Vector #6 (SHA224) -depends_on:MBEDTLS_MD_CAN_SHA224 +depends_on:PSA_WANT_ALG_SHA_224 pbkdf2_hmac:MBEDTLS_MD_SHA224:"7061737300776f7264":"7361006c74":4096:16:"9b4011b641f40a2a500a31d4a392d15c" PBKDF2 RFC 7914 Sec 11 Test Vector #1 (SHA256) diff --git a/tests/suites/test_suite_pkparse.data b/tests/suites/test_suite_pkparse.data index d170e1e089..dcc173340a 100644 --- a/tests/suites/test_suite_pkparse.data +++ b/tests/suites/test_suite_pkparse.data @@ -315,147 +315,147 @@ depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT Parse RSA Key #50 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA224) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA224:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC +depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_224:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha224.pem":"PolarSSLTest":0 Parse RSA Key #50.1 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA224, wrong PW) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA224:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_224:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha224.pem":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH Parse RSA Key #50.2 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA224, no PW) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA224:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C +depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_224:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha224.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED Parse RSA Key #51 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA224, 2048-bit) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA224:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC +depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_224:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha224.pem":"PolarSSLTest":0 Parse RSA Key #51.1 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA224, 2048-bit, wrong PW) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA224:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_224:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha224.pem":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH Parse RSA Key #51.2 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA224, 2048-bit, no PW) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA224:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C +depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_224:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha224.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED Parse RSA Key #52 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA224, 4096-bit) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA224:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC +depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_224:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha224.pem":"PolarSSLTest":0 Parse RSA Key #52.1 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA224, 4096-bit, wrong PW) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA224:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_224:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha224.pem":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH Parse RSA Key #52.2 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA224, 4096-bit, no PW) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA224:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C +depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_224:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha224.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED Parse RSA Key #53 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA224 DER) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA224:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC +depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_224:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha224.der":"PolarSSLTest":0 Parse RSA Key #53.1 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA224 DER, wrong PW) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA224:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_224:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha224.der":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH Parse RSA Key #53.2 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA224 DER, no PW) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA224:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C +depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_224:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha224.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT Parse RSA Key #54 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA224 DER, 2048-bit) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA224:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC +depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_224:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha224.der":"PolarSSLTest":0 Parse RSA Key #54.1 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA224 DER, 2048-bit, wrong PW) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA224:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_224:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha224.der":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH Parse RSA Key #54.2 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA224 DER, 2048-bit, no PW) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA224:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C +depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_224:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha224.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT Parse RSA Key #55 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA224 DER, 4096-bit) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA224:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC +depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_224:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha224.der":"PolarSSLTest":0 Parse RSA Key #55.1 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA224 DER, 4096-bit, wrong PW) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA224:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_224:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha224.der":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH Parse RSA Key #55.2 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA224 DER, 4096-bit, no PW) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA224:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C +depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_224:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha224.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT Parse RSA Key #56 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA224) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA224:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC +depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_224:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_des_sha224.pem":"PolarSSLTest":0 Parse RSA Key #56.1 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA224, wrong PW) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA224:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_224:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_des_sha224.pem":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH Parse RSA Key #56.2 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA224, no PW) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA224:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C +depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_224:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_des_sha224.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED Parse RSA Key #57 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA224, 2048-bit) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA224:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC +depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_224:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_des_sha224.pem":"PolarSSLTest":0 Parse RSA Key #57.1 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA224, 2048-bit, wrong PW) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA224:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_224:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_des_sha224.pem":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH Parse RSA Key #57.2 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA224, 2048-bit, no PW) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA224:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C +depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_224:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_des_sha224.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED Parse RSA Key #58 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA224, 4096-bit) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA224:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC +depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_224:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha224.pem":"PolarSSLTest":0 Parse RSA Key #58.1 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA224, 4096-bit, wrong PW) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA224:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_224:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha224.pem":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH Parse RSA Key #58.2 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA224, 4096-bit, no PW) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA224:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C +depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_224:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha224.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED Parse RSA Key #59 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA224 DER) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA224:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC +depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_224:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_des_sha224.der":"PolarSSLTest":0 Parse RSA Key #59.1 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA224 DER, wrong PW) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA224:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_224:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_des_sha224.der":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH Parse RSA Key #59.2 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA224 DER, no PW) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA224:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C +depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_224:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_des_sha224.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT Parse RSA Key #60 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA224 DER, 2048-bit) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA224:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC +depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_224:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_des_sha224.der":"PolarSSLTest":0 Parse RSA Key #60.1 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA224 DER, 2048-bit, wrong PW) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA224:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_224:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_des_sha224.der":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH Parse RSA Key #60.2 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA224 DER, 2048-bit, no PW) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA224:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C +depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_224:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_des_sha224.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT Parse RSA Key #61 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA224 DER, 4096-bit) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA224:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC +depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_224:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha224.der":"PolarSSLTest":0 Parse RSA Key #61.1 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA224 DER, 4096-bit, wrong PW) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA224:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_224:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha224.der":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH Parse RSA Key #61.2 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA224 DER, 4096-bit, no PW) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA224:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C +depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_224:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha224.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT Parse RSA Key #62 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA256) diff --git a/tests/suites/test_suite_rsa.data b/tests/suites/test_suite_rsa.data index b52c7dc8a8..9a039eb61c 100644 --- a/tests/suites/test_suite_rsa.data +++ b/tests/suites/test_suite_rsa.data @@ -21,7 +21,7 @@ depends_on:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PKCS1_V15 mbedtls_rsa_pkcs1_verify:"6a8a1f225703fe39753c1017b43eec9e070a70b1":MBEDTLS_RSA_PKCS_V15:MBEDTLS_MD_SHA1:1024:"e28a13548525e5f36dccb24ecb7cc332cc689dfd64012604c9c7816d72a16c3f5fcdc0e86e7c03280b1c69b586ce0cd8aec722cc73a5d3b730310bf7dfebdc77ce5d94bbc369dc18a2f7b07bd505ab0f82224aef09fdc1e5063234255e0b3c40a52e9e8ae60898eb88a766bdd788fe9493d8fd86bcdd2884d5c06216c65469e5":"3":"5abc01f5de25b70867ff0c24e222c61f53c88daf42586fddcd56f3c4588f074be3c328056c063388688b6385a8167957c6e5355a510e005b8a851d69c96b36ec6036644078210e5d7d326f96365ee0648882921492bc7b753eb9c26cdbab37555f210df2ca6fec1b25b463d38b81c0dcea202022b04af5da58aa03d77be949b7":0 RSA PKCS1 Verify v1.5 CAVS #4 -depends_on:MBEDTLS_MD_CAN_SHA224:MBEDTLS_PKCS1_V15 +depends_on:PSA_WANT_ALG_SHA_224:MBEDTLS_PKCS1_V15 mbedtls_rsa_pkcs1_verify:"693c1ac1a3fc23157b4a854f886b6b8d18e28b321b8382a93dcf2426":MBEDTLS_RSA_PKCS_V15:MBEDTLS_MD_SHA224:1024:"e28a13548525e5f36dccb24ecb7cc332cc689dfd64012604c9c7816d72a16c3f5fcdc0e86e7c03280b1c69b586ce0cd8aec722cc73a5d3b730310bf7dfebdc77ce5d94bbc369dc18a2f7b07bd505ab0f82224aef09fdc1e5063234255e0b3c40a52e9e8ae60898eb88a766bdd788fe9493d8fd86bcdd2884d5c06216c65469e5":"3":"3bb7b1c5f3391de4549e2e96fd33afa4d647dd90e321d9d576f3808e32213e948b697ef4fd2dd12923de6ec3ffd625078a57f86af38dc07052bb50547c616ed51fa1352b3ab66788408168d21263ef2d3388d567d2ce8cf674f45491ab2b0319d47be1266bda39e343b2a38ea2d6aaaee6c4465aee1d7bb33e93a1c40a8e3ae4":0 RSA PKCS1 Verify v1.5 CAVS #5 @@ -50,7 +50,7 @@ depends_on:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PKCS1_V15 mbedtls_rsa_pkcs1_verify:"f0571d8513c4ff68dc68c605dfe856f27bdfed91":MBEDTLS_RSA_PKCS_V15:MBEDTLS_MD_SHA1:1024:"e28a13548525e5f36dccb24ecb7cc332cc689dfd64012604c9c7816d72a16c3f5fcdc0e86e7c03280b1c69b586ce0cd8aec722cc73a5d3b730310bf7dfebdc77ce5d94bbc369dc18a2f7b07bd505ab0f82224aef09fdc1e5063234255e0b3c40a52e9e8ae60898eb88a766bdd788fe9493d8fd86bcdd2884d5c06216c65469e5":"10001":"dd82b7be791c454fbbf6f1de47cbe585a687e4e8bbae0b6e2a77f8ca4efd06d71498f9a74b931bd59c377e71daf708a624c51303f377006c676487bad57f7067b09b7bb94a6189119ab8cf7321c321b2dc7df565bfbec833a28b86625fb5fd6a035d4ed79ff0f9aee9fa78935eec65069439ee449d7f5249cdae6fdd6d8c2a63":MBEDTLS_ERR_RSA_VERIFY_FAILED RSA PKCS1 Verify v1.5 CAVS #11 -depends_on:MBEDTLS_MD_CAN_SHA224:MBEDTLS_PKCS1_V15 +depends_on:PSA_WANT_ALG_SHA_224:MBEDTLS_PKCS1_V15 mbedtls_rsa_pkcs1_verify:"16d8bbe3323f26b66f1513e1ffc0ff2cd823747a3cc1534fdb1de304":MBEDTLS_RSA_PKCS_V15:MBEDTLS_MD_SHA224:1024:"e28a13548525e5f36dccb24ecb7cc332cc689dfd64012604c9c7816d72a16c3f5fcdc0e86e7c03280b1c69b586ce0cd8aec722cc73a5d3b730310bf7dfebdc77ce5d94bbc369dc18a2f7b07bd505ab0f82224aef09fdc1e5063234255e0b3c40a52e9e8ae60898eb88a766bdd788fe9493d8fd86bcdd2884d5c06216c65469e5":"10001":"d8ef7bdc0f111b1249d5ad6515b6fe37f2ff327f493832f1385c10e975c07b0266497716fcb84f5039cd60f5a050614fde27f354a6c45e8a7d74f9821e2f301500ac1953feafeb9d98cf88d2c928413f337813135c66abfc3dc7a4d80655d925bf96f21872ca2b3a2684b976ca768fe37feae20a69eeec3cc8f1de0db34b3462":0 RSA PKCS1 Verify v1.5 CAVS #12 @@ -70,7 +70,7 @@ depends_on:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PKCS1_V15 mbedtls_rsa_pkcs1_verify:"1340fc324c96aa313425ecfa971297f2cddca172":MBEDTLS_RSA_PKCS_V15:MBEDTLS_MD_SHA1:1536:"a59d9b7269b102b7be684ec5e28db79992e6d3231e77c90b78960c2638b35ef6dbdac1ac59e7249d96d426e7f99397eabc6b8903fe1942da580322b98bafacd81bb911c29666f83886a2a2864f3552044300e60cedd5a8c321c43e280413dc41673c39a11b98a885486f8187a70f270185c4c12bc48a1968305269776c070ef69d4913589a887c4d0f5e7dd58bd806d0d49a14a1762c38665cef4646ff13a0cd29c3a60460703c3d051d5b28c660bffb5f8bd43d495ffa64175f72b8abe5fddd":"3":"1f7938b20a9cd8bb8ca26bad9e79ea92373174203f3ab212a06de34a9a3e14e102d19a8878c28a2fc8083a97c06b19c1ae62678289d5d071a904aed1d364655d9e2d16480a6fd18f4c8edf204844a34d573b1b988b82d495caefd9298c1635083e196a11f4a7df6a7e3cc4db7b9642e7682d22ec7038c3bad791e1365fe8836976092460e6df749dc032baf1e026684f55936beb9369845c53c3d217941c1f8d8f54a32333a4c049c3f2d527125778032f5d390040d1d4cce83dc353ce250152":0 RSA PKCS1 Verify v1.5 CAVS #16 -depends_on:MBEDTLS_MD_CAN_SHA224:MBEDTLS_PKCS1_V15 +depends_on:PSA_WANT_ALG_SHA_224:MBEDTLS_PKCS1_V15 mbedtls_rsa_pkcs1_verify:"64d856065bbe1590ed1cc1e2ad048641b3aedbfe13ea2f9df2270b74":MBEDTLS_RSA_PKCS_V15:MBEDTLS_MD_SHA224:1536:"a59d9b7269b102b7be684ec5e28db79992e6d3231e77c90b78960c2638b35ef6dbdac1ac59e7249d96d426e7f99397eabc6b8903fe1942da580322b98bafacd81bb911c29666f83886a2a2864f3552044300e60cedd5a8c321c43e280413dc41673c39a11b98a885486f8187a70f270185c4c12bc48a1968305269776c070ef69d4913589a887c4d0f5e7dd58bd806d0d49a14a1762c38665cef4646ff13a0cd29c3a60460703c3d051d5b28c660bffb5f8bd43d495ffa64175f72b8abe5fddd":"3":"339dce3a1937669d9fb14c4f652378861fd5adc4da88eaf833b16020b55a24ddc83b7ae3395a9a49b426bb9a4170cb765b02652faa9594b457aeefdae4f802e93d8e65c687ddc723701465a5ef19249ed5d2617b5121c58557b34eb99a663bbcf4453a6e1db5d88723de449fcf58ca8ef514daf08cfdc71be155bb3d0724df0c0a6fd5aa7737433cc376640b9b8b4c7ddd09776bae0245729cddb56e36f28edad6aecaed0821ec8d843a96348e722bf0a84cf060a793a2179f054138f907d0c3":0 RSA PKCS1 Verify v1.5 CAVS #17 @@ -94,11 +94,11 @@ depends_on:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PKCS1_V15 mbedtls_rsa_pkcs1_verify:"a827c0785f663e39a08106f8036fd669d05b345c":MBEDTLS_RSA_PKCS_V15:MBEDTLS_MD_SHA1:1536:"a59d9b7269b102b7be684ec5e28db79992e6d3231e77c90b78960c2638b35ef6dbdac1ac59e7249d96d426e7f99397eabc6b8903fe1942da580322b98bafacd81bb911c29666f83886a2a2864f3552044300e60cedd5a8c321c43e280413dc41673c39a11b98a885486f8187a70f270185c4c12bc48a1968305269776c070ef69d4913589a887c4d0f5e7dd58bd806d0d49a14a1762c38665cef4646ff13a0cd29c3a60460703c3d051d5b28c660bffb5f8bd43d495ffa64175f72b8abe5fddd":"10001":"a142b0d9456f8f4772675265a08613a66c416bd1ae712975c69d9ca5fb8c1be9c24359a04fd15460bf6136a8a11f13e3ce2de2171524f10cb715f0d71e3db15281ab99eadbe86cf8c5c518162c638ef27a4f7bfb4a1a3873f3c384a5b1c3b4966c837b9d8d192ac34e03943b7ae191355aa1ff3b9cd041bb2668f1f81cf0d015b3d3608cd9ac79398212c0f132f1bd45d47768b999fcf3c05fe2069593ceecedc851a7fc465abcfef0fabba9b9460153f6ba8723a5c6e766c83a446aef3ee327":MBEDTLS_ERR_RSA_VERIFY_FAILED RSA PKCS1 Verify v1.5 CAVS #22 -depends_on:MBEDTLS_MD_CAN_SHA224:MBEDTLS_PKCS1_V15 +depends_on:PSA_WANT_ALG_SHA_224:MBEDTLS_PKCS1_V15 mbedtls_rsa_pkcs1_verify:"e5979f65ad7572ed4b0bc3a5fcad893a142a73379a1a16b45570d77d":MBEDTLS_RSA_PKCS_V15:MBEDTLS_MD_SHA224:1536:"a59d9b7269b102b7be684ec5e28db79992e6d3231e77c90b78960c2638b35ef6dbdac1ac59e7249d96d426e7f99397eabc6b8903fe1942da580322b98bafacd81bb911c29666f83886a2a2864f3552044300e60cedd5a8c321c43e280413dc41673c39a11b98a885486f8187a70f270185c4c12bc48a1968305269776c070ef69d4913589a887c4d0f5e7dd58bd806d0d49a14a1762c38665cef4646ff13a0cd29c3a60460703c3d051d5b28c660bffb5f8bd43d495ffa64175f72b8abe5fddd":"10001":"0676e64daaa18f4af46e9dfbe234db389b8a527b0fe1db97eb7f404e3155226cba70d318800f83160fa1aa19916e5c09f079331079f18cb8ab1a4b884cb28501824974f683ed2b9babae9f8c15bea30802805c6b2152119764811bbf5f3994d2e97fa2fe8c5ab15a23c14d7ae56be00eaa8bc26678481ff5ba59b0acfb0e43341bff9fc638e5625480a73dbc5d8d13bd2b9e64037c6b79df0c60869980c6a22ec46f80fb859cb4ee5d2032ac1fe538cfd85c70a7f33b4af50a93395917c2cfb6":MBEDTLS_ERR_RSA_VERIFY_FAILED RSA PKCS1 Verify v1.5 CAVS #23 -depends_on:MBEDTLS_MD_CAN_SHA224:MBEDTLS_PKCS1_V15 +depends_on:PSA_WANT_ALG_SHA_224:MBEDTLS_PKCS1_V15 mbedtls_rsa_pkcs1_verify:"7af156b6b8089300a6d8cd3f32176c4c619135f4eced14dcfd633d2e":MBEDTLS_RSA_PKCS_V15:MBEDTLS_MD_SHA224:1536:"a59d9b7269b102b7be684ec5e28db79992e6d3231e77c90b78960c2638b35ef6dbdac1ac59e7249d96d426e7f99397eabc6b8903fe1942da580322b98bafacd81bb911c29666f83886a2a2864f3552044300e60cedd5a8c321c43e280413dc41673c39a11b98a885486f8187a70f270185c4c12bc48a1968305269776c070ef69d4913589a887c4d0f5e7dd58bd806d0d49a14a1762c38665cef4646ff13a0cd29c3a60460703c3d051d5b28c660bffb5f8bd43d495ffa64175f72b8abe5fddd":"10001":"5e08f399258e6de075b67a0a6a822ceb21b1eb7a0342eca6a4295739f644547dee3456243cf32bd6ea6f357c88632508457130f3dae04f7806efaed43d1d501e16c961dfbd6c71a42b480e95c7027f8275063d05a9aac3eef0520867b9896ebe8ec358f7d121beb4e61ddfdc3dcd835dfe265f2ba68d300ef566ed1284f9f3d7b1af363ed47bfa2e5f0492925444df7e5fcb1e79e690c746117650b543a5e82c39553552f0f44e617b5cf773c533050f4129e893ac22af69b1eb9afb4b5ba5f5":0 RSA PKCS1 Verify v1.5 CAVS #24 @@ -118,7 +118,7 @@ depends_on:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PKCS1_V15 mbedtls_rsa_pkcs1_verify:"46ba38d521ffa6fc01bd69512008fd557785c783":MBEDTLS_RSA_PKCS_V15:MBEDTLS_MD_SHA1:1536:"a59d9b7269b102b7be684ec5e28db79992e6d3231e77c90b78960c2638b35ef6dbdac1ac59e7249d96d426e7f99397eabc6b8903fe1942da580322b98bafacd81bb911c29666f83886a2a2864f3552044300e60cedd5a8c321c43e280413dc41673c39a11b98a885486f8187a70f270185c4c12bc48a1968305269776c070ef69d4913589a887c4d0f5e7dd58bd806d0d49a14a1762c38665cef4646ff13a0cd29c3a60460703c3d051d5b28c660bffb5f8bd43d495ffa64175f72b8abe5fddd":"11":"180caf03781b391aacebe5b3f5e1d3b01c68a00df4ecfb6c4bf14217aed7cfca0adac099ec1d6e1f0b43b09b86788533fee6691d773807af0df6cc3bbdde3cf34bf5b848fa59c8bc10227cc3eba3452a85e0520fccdb2d8d32dd99672d302756a2d7f7f2693db3a48be17bd34d9d891f4ba44449c5bad1de91b788f524500a7703cccbaa77b9fe8791f5c8aa7b8f055336f28fcfc01733712e33cfb3d33fe71ddb9ced2a31931ec38007f5ad4a0d19acc428124b0e5ee6e0746fb33c1a4d90c8":0 RSA PKCS1 Verify v1.5 CAVS #28 -depends_on:MBEDTLS_MD_CAN_SHA224:MBEDTLS_PKCS1_V15 +depends_on:PSA_WANT_ALG_SHA_224:MBEDTLS_PKCS1_V15 mbedtls_rsa_pkcs1_verify:"807ca5785542d26b3d1615209ab0ad3ff5f58707fe25f986abc19c0a":MBEDTLS_RSA_PKCS_V15:MBEDTLS_MD_SHA224:1536:"a59d9b7269b102b7be684ec5e28db79992e6d3231e77c90b78960c2638b35ef6dbdac1ac59e7249d96d426e7f99397eabc6b8903fe1942da580322b98bafacd81bb911c29666f83886a2a2864f3552044300e60cedd5a8c321c43e280413dc41673c39a11b98a885486f8187a70f270185c4c12bc48a1968305269776c070ef69d4913589a887c4d0f5e7dd58bd806d0d49a14a1762c38665cef4646ff13a0cd29c3a60460703c3d051d5b28c660bffb5f8bd43d495ffa64175f72b8abe5fddd":"11":"8c846e75e32ce5f9964bdd8f6dcf1d2996a646b233bcf1bd6394e13e856691b89bedd18290a0f9f7c90dca307271b3108e795340490513b25e6789e93722c65ec064b4c43457295a31d1f07dd605e133fd6eaafc58cda132df2939f5f693e0205af34550afaa137f3e482885e50dfb48333a15c0821e7a19642acdddc6fea3c7487c691246a2b083dac439889d5ae741b7e08c47937530b4b069f1a260cd07fe4a0ddd530ab11534fb805e9b562118ee0e97932966008aadfc83f3b8a10de8ee":0 RSA PKCS1 Verify v1.5 CAVS #29 @@ -205,11 +205,11 @@ depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_PKCS1_V15 mbedtls_rsa_pkcs1_verify:"8cfd7c2f07a94aea1ff222dc9b80c58a946c975470ff2d2d3fbdb45eac1efa5c":MBEDTLS_RSA_PKCS_V15:MBEDTLS_MD_SHA256:2048:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":"3":"5aee2b9dbc02a6a2d87ff64a64165dc0b9ce70c79bab2d287939e2601c3223e0493988d5468731ae4edc7d5f5d449335c204fdb0e192c1915c9d694d3a61c3be14df79c4b34d6ac73707829024d263c94f9107fa93f3783de3965522336e18d1e01a142b5103451bb97839eaf2f44703a63050a36b78aef4072ea1a8daaaf1a2918fc03ee957a9c09efdc6287bcb4d6aec4723290294b249b3e3dc63157b560ad9c867323a73ebeb360cc9e482111643b0d86c4e33dcf170155590f0eba7d170789e84de336b7fe2f6cf485ddca94607a4ff379fc49d375c730249dd1a210e7dccd763d1c23c7532e769c6aa88e38e8654ff90f7b34df4c07ba90e89099ec1ed":MBEDTLS_ERR_RSA_VERIFY_FAILED RSA PKCS1 Sign #3 (SHA224, 2048 bits RSA) -depends_on:MBEDTLS_MD_CAN_SHA224:MBEDTLS_PKCS1_V15 +depends_on:PSA_WANT_ALG_SHA_224:MBEDTLS_PKCS1_V15 mbedtls_rsa_pkcs1_sign:"32f339fe33f10a0fa152bf9659cdf7a0e4b741444ea31a85d40ed4bb":MBEDTLS_RSA_PKCS_V15:MBEDTLS_MD_SHA224:2048:"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":"3":"9d768b8b31421f9d9ced890aafaf8b3468656419049ed268f6e1992066f45dc3e4cd349e8c5ed5a06e4ef5badaba064ba94907dfedf3d708becaf44ae9b27c3866d329311ba93e8ddc7fc284fba05d1bb84fb1e060a5b76b7fa515cfcd2c8144474623672703cac1e15ff4fdf8ef19d365c51ba86e60f4cbbcd07f956060625751bfbecc47945646459cadaddd900603a8149a93b31a6d432e1da1a67eb765f5b2f0bd1adb9af12d731c7b02931b42dbbfd8c7cecde76b817e96f664147a2c5091c6ce4dc562c5f57159d6f9dc9ba2daa212db56677839621bd4805dde62955fb2d0cc2c448109d10ecc6206ea81f0a02e1646471358f3ec146cd3c75f2d390b":0 RSA PKCS1 Sign #3 Verify -depends_on:MBEDTLS_MD_CAN_SHA224:MBEDTLS_PKCS1_V15 +depends_on:PSA_WANT_ALG_SHA_224:MBEDTLS_PKCS1_V15 mbedtls_rsa_pkcs1_verify:"32f339fe33f10a0fa152bf9659cdf7a0e4b741444ea31a85d40ed4bb":MBEDTLS_RSA_PKCS_V15:MBEDTLS_MD_SHA224:2048:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":"3":"9d768b8b31421f9d9ced890aafaf8b3468656419049ed268f6e1992066f45dc3e4cd349e8c5ed5a06e4ef5badaba064ba94907dfedf3d708becaf44ae9b27c3866d329311ba93e8ddc7fc284fba05d1bb84fb1e060a5b76b7fa515cfcd2c8144474623672703cac1e15ff4fdf8ef19d365c51ba86e60f4cbbcd07f956060625751bfbecc47945646459cadaddd900603a8149a93b31a6d432e1da1a67eb765f5b2f0bd1adb9af12d731c7b02931b42dbbfd8c7cecde76b817e96f664147a2c5091c6ce4dc562c5f57159d6f9dc9ba2daa212db56677839621bd4805dde62955fb2d0cc2c448109d10ecc6206ea81f0a02e1646471358f3ec146cd3c75f2d390b":0 RSA PKCS1 Sign #4 (SHA384, 2048 bits RSA) diff --git a/tests/suites/test_suite_x509parse.data b/tests/suites/test_suite_x509parse.data index 500c6764d1..2c08818d27 100644 --- a/tests/suites/test_suite_x509parse.data +++ b/tests/suites/test_suite_x509parse.data @@ -31,7 +31,7 @@ depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_MD_CAN_SHA1 x509_cert_info:"data_files/parse_input/cert_sha1.crt":"cert. version \: 3\nserial number \: 07\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Cert SHA1\nissued on \: 2019-02-10 14\:44\:06\nexpires on \: 2029-02-10 14\:44\:06\nsigned using \: RSA with SHA1\nRSA key size \: 2048 bits\nbasic constraints \: CA=false\n" X509 CRT information SHA224 Digest -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_MD_CAN_SHA224 +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_224 x509_cert_info:"data_files/parse_input/cert_sha224.crt":"cert. version \: 3\nserial number \: 08\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Cert SHA224\nissued on \: 2019-02-10 14\:44\:06\nexpires on \: 2029-02-10 14\:44\:06\nsigned using \: RSA with SHA-224\nRSA key size \: 2048 bits\nbasic constraints \: CA=false\n" X509 CRT information SHA256 Digest @@ -51,7 +51,7 @@ depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_MD_CAN_SH x509_cert_info:"data_files/parse_input/server9.crt":"cert. version \: 3\nserial number \: 16\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nissued on \: 2014-01-20 13\:38\:16\nexpires on \: 2024-01-18 13\:38\:16\nsigned using \: RSASSA-PSS (SHA1, MGF1-SHA1, 0xEA)\nRSA key size \: 1024 bits\nbasic constraints \: CA=false\n" X509 CRT information RSA-PSS, SHA224 Digest -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_MD_CAN_SHA224 +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:PSA_WANT_ALG_SHA_224 x509_cert_info:"data_files/parse_input/server9-sha224.crt":"cert. version \: 3\nserial number \: 17\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nissued on \: 2014-01-20 13\:57\:36\nexpires on \: 2024-01-18 13\:57\:36\nsigned using \: RSASSA-PSS (SHA224, MGF1-SHA224, 0xE2)\nRSA key size \: 1024 bits\nbasic constraints \: CA=false\n" X509 CRT information RSA-PSS, SHA256 Digest @@ -71,7 +71,7 @@ depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_HAVE_SECP25 x509_cert_info:"data_files/parse_input/server5-sha1.crt":"cert. version \: 3\nserial number \: 12\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nissued on \: 2013-09-24 16\:21\:27\nexpires on \: 2023-09-22 16\:21\:27\nsigned using \: ECDSA with SHA1\nEC key size \: 256 bits\nbasic constraints \: CA=false\n" X509 CRT information EC, SHA224 Digest -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_MD_CAN_SHA224 +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_HAVE_SECP256R1:PSA_WANT_ALG_SHA_224 x509_cert_info:"data_files/parse_input/server5-sha224.crt":"cert. version \: 3\nserial number \: 13\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nissued on \: 2013-09-24 16\:21\:27\nexpires on \: 2023-09-22 16\:21\:27\nsigned using \: ECDSA with SHA224\nEC key size \: 256 bits\nbasic constraints \: CA=false\n" X509 CRT information EC, SHA256 Digest @@ -251,7 +251,7 @@ depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_RSA_C mbedtls_x509_crl_info:"data_files/parse_input/crl_sha1.pem":"CRL version \: 1\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2011-02-12 14\:44\:07\nnext update \: 2011-04-13 14\:44\:07\nRevoked certificates\:\nserial number\: 01 revocation date\: 2011-02-12 14\:44\:07\nserial number\: 03 revocation date\: 2011-02-12 14\:44\:07\nsigned using \: RSA with SHA1\n" X509 CRL Information SHA224 Digest -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD_CAN_SHA224:MBEDTLS_RSA_C +depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_224:MBEDTLS_RSA_C mbedtls_x509_crl_info:"data_files/parse_input/crl_sha224.pem":"CRL version \: 1\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2011-02-12 14\:44\:07\nnext update \: 2011-04-13 14\:44\:07\nRevoked certificates\:\nserial number\: 01 revocation date\: 2011-02-12 14\:44\:07\nserial number\: 03 revocation date\: 2011-02-12 14\:44\:07\nsigned using \: RSA with SHA-224\n" X509 CRL Information SHA256 Digest @@ -271,7 +271,7 @@ depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_MD_CAN_SH mbedtls_x509_crl_info:"data_files/parse_input/crl-rsa-pss-sha1.pem":"CRL version \: 2\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2014-01-20 13\:46\:35\nnext update \: 2024-01-18 13\:46\:35\nRevoked certificates\:\nserial number\: 0A revocation date\: 2013-09-24 16\:28\:38\nserial number\: 16 revocation date\: 2014-01-20 13\:43\:05\nsigned using \: RSASSA-PSS (SHA1, MGF1-SHA1, 0xEA)\n" X509 CRL information RSA-PSS, SHA224 Digest -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_MD_CAN_SHA224 +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:PSA_WANT_ALG_SHA_224 mbedtls_x509_crl_info:"data_files/parse_input/crl-rsa-pss-sha224.pem":"CRL version \: 2\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2014-01-20 13\:56\:06\nnext update \: 2024-01-18 13\:56\:06\nRevoked certificates\:\nserial number\: 0A revocation date\: 2013-09-24 16\:28\:38\nserial number\: 16 revocation date\: 2014-01-20 13\:43\:05\nsigned using \: RSASSA-PSS (SHA224, MGF1-SHA224, 0xE2)\n" X509 CRL information RSA-PSS, SHA256 Digest @@ -291,7 +291,7 @@ depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PK_CAN_ECDSA_SOME mbedtls_x509_crl_info:"data_files/parse_input/crl-ec-sha1.pem":"CRL version \: 2\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nthis update \: 2013-09-24 16\:31\:08\nnext update \: 2023-09-22 16\:31\:08\nRevoked certificates\:\nserial number\: 0A revocation date\: 2013-09-24 16\:28\:38\nsigned using \: ECDSA with SHA1\n" X509 CRL Information EC, SHA224 Digest -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD_CAN_SHA224:MBEDTLS_PK_CAN_ECDSA_SOME +depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_224:MBEDTLS_PK_CAN_ECDSA_SOME mbedtls_x509_crl_info:"data_files/parse_input/crl-ec-sha224.pem":"CRL version \: 2\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nthis update \: 2013-09-24 16\:31\:08\nnext update \: 2023-09-22 16\:31\:08\nRevoked certificates\:\nserial number\: 0A revocation date\: 2013-09-24 16\:28\:38\nsigned using \: ECDSA with SHA224\n" X509 CRL Information EC, SHA256 Digest @@ -327,7 +327,7 @@ depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_RSA_C:!MBEDTLS_X509_R mbedtls_x509_csr_info:"data_files/parse_input/server1.req.sha1":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Server 1\nsigned using \: RSA with SHA1\nRSA key size \: 2048 bits\n" X509 CSR Information RSA with SHA224 -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD_CAN_SHA224:MBEDTLS_RSA_C:!MBEDTLS_X509_REMOVE_INFO +depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_224:MBEDTLS_RSA_C:!MBEDTLS_X509_REMOVE_INFO mbedtls_x509_csr_info:"data_files/parse_input/server1.req.sha224":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Server 1\nsigned using \: RSA with SHA-224\nRSA key size \: 2048 bits\n" X509 CSR Information RSA with SHA256 @@ -351,7 +351,7 @@ depends_on:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_HAVE_SECP25 mbedtls_x509_csr_info:"data_files/parse_input/server5.req.sha1":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nsigned using \: ECDSA with SHA1\nEC key size \: 256 bits\n\nkey usage \: Digital Signature, Non Repudiation, Key Encipherment\n" X509 CSR Information EC with SHA224 -depends_on:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_MD_CAN_SHA224:!MBEDTLS_X509_REMOVE_INFO +depends_on:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_HAVE_SECP256R1:PSA_WANT_ALG_SHA_224:!MBEDTLS_X509_REMOVE_INFO mbedtls_x509_csr_info:"data_files/parse_input/server5.req.sha224":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nsigned using \: ECDSA with SHA224\nEC key size \: 256 bits\n\nkey usage \: Digital Signature, Non Repudiation, Key Encipherment\n" X509 CSR Information EC with SHA256 @@ -371,7 +371,7 @@ depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_MD_CAN_SH mbedtls_x509_csr_info:"data_files/parse_input/server9.req.sha1":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nsigned using \: RSASSA-PSS (SHA1, MGF1-SHA1, 0x6A)\nRSA key size \: 1024 bits\n\nkey usage \: Digital Signature, Non Repudiation, Key Encipherment\n" X509 CSR Information RSA-PSS with SHA224 -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_MD_CAN_SHA224:!MBEDTLS_X509_REMOVE_INFO +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:PSA_WANT_ALG_SHA_224:!MBEDTLS_X509_REMOVE_INFO mbedtls_x509_csr_info:"data_files/parse_input/server9.req.sha224":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nsigned using \: RSASSA-PSS (SHA224, MGF1-SHA224, 0x62)\nRSA key size \: 1024 bits\n\nkey usage \: Digital Signature, Non Repudiation, Key Encipherment\n" X509 CSR Information RSA-PSS with SHA256 @@ -680,7 +680,7 @@ depends_on:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_R x509_verify:"data_files/cert_sha1.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCRL_BAD_MD | MBEDTLS_X509_BADCERT_BAD_MD:"":"NULL" X509 CRT verification #15 (Valid Cert SHA224 Digest) -depends_on:MBEDTLS_MD_CAN_SHA224:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 +depends_on:PSA_WANT_ALG_SHA_224:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 x509_verify:"data_files/cert_sha224.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":0:0:"compat":"NULL" X509 CRT verification #16 (Valid Cert SHA256 Digest) @@ -772,7 +772,7 @@ depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_MD_CAN_SHA256 x509_verify:"data_files/server5-sha1.crt":"data_files/test-ca2.crt":"data_files/crl-ec-sha256.pem":"NULL":0:0:"compat":"NULL" X509 CRT verification #37 (Valid, EC CA, SHA224 Digest) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_MD_CAN_SHA256:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_MD_CAN_SHA224 +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_MD_CAN_SHA256:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:PSA_WANT_ALG_SHA_224 x509_verify:"data_files/server5-sha224.crt":"data_files/test-ca2.crt":"data_files/crl-ec-sha256.pem":"NULL":0:0:"compat":"NULL" X509 CRT verification #38 (Valid, EC CA, SHA384 Digest) @@ -860,7 +860,7 @@ depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_MD_CAN_SH x509_verify:"data_files/server9.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":0:0:"compat":"NULL" X509 CRT verification #58 (Valid, RSASSA-PSS, SHA-224) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_MD_CAN_SHA224:MBEDTLS_MD_CAN_SHA1 +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:PSA_WANT_ALG_SHA_224:MBEDTLS_MD_CAN_SHA1 x509_verify:"data_files/server9-sha224.crt":"data_files/test-ca.crt":"data_files/crl-rsa-pss-sha224.pem":"NULL":0:0:"compat":"NULL" X509 CRT verification #59 (Valid, RSASSA-PSS, SHA-256) @@ -908,7 +908,7 @@ depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_MD_CAN_SH x509_verify:"data_files/server9-bad-saltlen.crt":"data_files/test-ca.crt":"data_files/crl-rsa-pss-sha1.pem":"NULL":0:0:"compat":"NULL" X509 CRT verification #69 (RSASSA-PSS, wrong mgf_hash) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_MD_CAN_SHA256:MBEDTLS_MD_CAN_SHA224:MBEDTLS_MD_CAN_SHA1 +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_MD_CAN_SHA256:PSA_WANT_ALG_SHA_224:MBEDTLS_MD_CAN_SHA1 x509_verify:"data_files/server9-bad-mgfhash.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:"compat":"NULL" X509 CRT verification #70 (v1 trusted CA) @@ -1020,7 +1020,7 @@ depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_MD_CAN_SHA256 x509_verify:"data_files/server5.crt":"data_files/test-ca2.crt":"data_files/crl-ec-sha256.pem":"NULL":0:0:"suite_b":"NULL" X509 CRT verification #96 (next profile Invalid Cert SHA224 Digest) -depends_on:MBEDTLS_MD_CAN_SHA224:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_MD_CAN_SHA1 +depends_on:PSA_WANT_ALG_SHA_224:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_MD_CAN_SHA1 x509_verify:"data_files/cert_sha224.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_BAD_MD|MBEDTLS_X509_BADCRL_BAD_MD:"next":"NULL" X509 CRT verification #97 (next profile Valid Cert SHA256 Digest) @@ -2468,35 +2468,35 @@ X509 CRL ASN1 (TBSCertList, sig_oid1 id unknown) x509parse_crl:"30143012020100300d06092a864886f70d01010f0500":"":MBEDTLS_ERR_X509_UNKNOWN_SIG_ALG X509 CRL ASN1 (TBSCertList, sig_oid1 correct, issuer missing) -depends_on:MBEDTLS_RSA_C:MBEDTLS_MD_CAN_SHA224 +depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_224 x509parse_crl:"30143012020100300d06092a864886f70d01010e0500":"":MBEDTLS_ERR_X509_INVALID_FORMAT + MBEDTLS_ERR_ASN1_OUT_OF_DATA X509 CRL ASN1 (TBSCertList, issuer set missing) -depends_on:MBEDTLS_RSA_C:MBEDTLS_MD_CAN_SHA224 +depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_224 x509parse_crl:"30163014020100300d06092a864886f70d01010e05003000":"":MBEDTLS_ERR_X509_INVALID_NAME + MBEDTLS_ERR_ASN1_OUT_OF_DATA X509 CRL ASN1 (TBSCertList, correct issuer, thisUpdate missing) -depends_on:MBEDTLS_RSA_C:MBEDTLS_MD_CAN_SHA224 +depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_224 x509parse_crl:"30253023020100300d06092a864886f70d01010e0500300f310d300b0603550403130441424344":"":MBEDTLS_ERR_X509_INVALID_DATE + MBEDTLS_ERR_ASN1_OUT_OF_DATA X509 CRL ASN1 (TBSCertList, correct thisUpdate, nextUpdate missing, entries length missing) -depends_on:MBEDTLS_RSA_C:MBEDTLS_MD_CAN_SHA224 +depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_224 x509parse_crl:"30343032020100300d06092a864886f70d01010e0500300f310d300b0603550403130441424344170c30393031303130303030303030":"":MBEDTLS_ERR_ASN1_OUT_OF_DATA X509 CRL ASN1 (TBSCertList, entries present, invalid sig_alg) -depends_on:MBEDTLS_RSA_C:MBEDTLS_MD_CAN_SHA224 +depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_224 x509parse_crl:"304a3047020100300d06092a864886f70d01010e0500300f310d300b0603550403130441424344170c303930313031303030303030301430128202abcd170c30383132333132333539353900":"":MBEDTLS_ERR_X509_INVALID_ALG + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG X509 CRL ASN1 (TBSCertList, entries present, date in entry invalid) -depends_on:MBEDTLS_RSA_C:MBEDTLS_MD_CAN_SHA224 +depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_224 x509parse_crl:"304a3047020100300d06092a864886f70d01010e0500300f310d300b0603550403130441424344170c303930313031303030303030301430128202abcd190c30383132333132333539353900":"":MBEDTLS_ERR_X509_INVALID_DATE + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG X509 CRL ASN1 (TBSCertList, sig_alg present, sig_alg does not match) -depends_on:MBEDTLS_RSA_C:MBEDTLS_MD_CAN_SHA224 +depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_224 x509parse_crl:"30583047020100300d06092a864886f70d01010e0500300f310d300b0603550403130441424344170c303930313031303030303030301430128202abcd170c303831323331323335393539300d06092a864886f70d01010d0500":"":MBEDTLS_ERR_X509_SIG_MISMATCH X509 CRL ASN1 (TBSCertList, sig present, len mismatch) -depends_on:MBEDTLS_RSA_C:MBEDTLS_MD_CAN_SHA224 +depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_224 x509parse_crl:"305d3047020100300d06092a864886f70d01010e0500300f310d300b0603550403130441424344170c303930313031303030303030301430128202abcd170c303831323331323335393539300d06092a864886f70d01010e05000302000100":"":MBEDTLS_ERR_X509_INVALID_FORMAT + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH # 305c @@ -2518,43 +2518,43 @@ x509parse_crl:"305d3047020100300d06092a864886f70d01010e0500300f310d300b060355040 # 03020001 signatureValue BIT STRING # The subsequent TBSCertList negative tests remove or modify some elements. X509 CRL ASN1 (TBSCertList, sig present) -depends_on:MBEDTLS_RSA_C:MBEDTLS_MD_CAN_SHA224:!MBEDTLS_X509_REMOVE_INFO +depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_224:!MBEDTLS_X509_REMOVE_INFO x509parse_crl:"305c3047020100300d06092a864886f70d01010e0500300f310d300b0603550403130441424344170c303930313031303030303030301430128202abcd170c303831323331323335393539300d06092a864886f70d01010e050003020001":"CRL version \: 1\nissuer name \: CN=ABCD\nthis update \: 2009-01-01 00\:00\:00\nnext update \: 0000-00-00 00\:00\:00\nRevoked certificates\:\nserial number\: AB\:CD revocation date\: 2008-12-31 23\:59\:59\nsigned using \: RSA with SHA-224\n":0 X509 CRL ASN1 (TBSCertList, signatureValue missing) -depends_on:MBEDTLS_RSA_C:MBEDTLS_MD_CAN_SHA224 +depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_224 x509parse_crl:"30583047020100300d06092a864886f70d01010e0500300f310d300b0603550403130441424344170c303930313031303030303030301430128202abcd170c303831323331323335393539300d06092a864886f70d01010e0500":"":MBEDTLS_ERR_X509_INVALID_SIGNATURE + MBEDTLS_ERR_ASN1_OUT_OF_DATA X509 CRL ASN1 (TBSCertList, signatureAlgorithm missing) -depends_on:MBEDTLS_RSA_C:MBEDTLS_MD_CAN_SHA224 +depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_224 x509parse_crl:"30493047020100300d06092a864886f70d01010e0500300f310d300b0603550403130441424344170c303930313031303030303030301430128202abcd170c303831323331323335393539":"":MBEDTLS_ERR_X509_INVALID_ALG + MBEDTLS_ERR_ASN1_OUT_OF_DATA X509 CRL ASN1 (TBSCertList, single empty entry at end) -depends_on:MBEDTLS_RSA_C:MBEDTLS_MD_CAN_SHA224 +depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_224 x509parse_crl:"30373035020100300d06092a864886f70d01010e0500300f310d300b0603550403130441424344170c30393031303130303030303030023000":"":MBEDTLS_ERR_X509_INVALID_SERIAL + MBEDTLS_ERR_ASN1_OUT_OF_DATA X509 CRL ASN1 (TBSCertList, good entry then empty entry at end) -depends_on:MBEDTLS_RSA_C:MBEDTLS_MD_CAN_SHA224 +depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_224 x509parse_crl:"304b3049020100300d06092a864886f70d01010e0500300f310d300b0603550403130441424344170c303930313031303030303030301630128202abcd170c3038313233313233353935393000":"":MBEDTLS_ERR_X509_INVALID_SERIAL + MBEDTLS_ERR_ASN1_OUT_OF_DATA X509 CRL ASN1 (TBSCertList, missing time in entry) -depends_on:MBEDTLS_RSA_C:MBEDTLS_MD_CAN_SHA224 +depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_224 x509parse_crl:"304e3039020100300d06092a864886f70d01010e0500300f310d300b0603550403130441424344170c303930313031303030303030300630048202abcd300d06092a864886f70d01010e050003020001":"":MBEDTLS_ERR_X509_INVALID_DATE + MBEDTLS_ERR_ASN1_OUT_OF_DATA X509 CRL ASN1 (TBSCertList, missing time in entry at end) -depends_on:MBEDTLS_RSA_C:MBEDTLS_MD_CAN_SHA224 +depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_224 x509parse_crl:"303b3039020100300d06092a864886f70d01010e0500300f310d300b0603550403130441424344170c303930313031303030303030300630048202abcd":"":MBEDTLS_ERR_X509_INVALID_DATE + MBEDTLS_ERR_ASN1_OUT_OF_DATA X509 CRL ASN1 (TBSCertList, invalid tag for time in entry) -depends_on:MBEDTLS_RSA_C:MBEDTLS_MD_CAN_SHA224 +depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_224 x509parse_crl:"305c3047020100300d06092a864886f70d01010e0500300f310d300b0603550403130441424344170c303930313031303030303030301430128202abcd190c303831323331323335393539300d06092a864886f70d01010e050003020001":"":MBEDTLS_ERR_X509_INVALID_DATE + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG X509 CRL ASN1 (TBSCertList, invalid tag for serial) -depends_on:MBEDTLS_RSA_C:MBEDTLS_MD_CAN_SHA224 +depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_224 x509parse_crl:"305c3047020100300d06092a864886f70d01010e0500300f310d300b0603550403130441424344170c303930313031303030303030301430128402abcd170c303831323331323335393539300d06092a864886f70d01010e050003020001":"":MBEDTLS_ERR_X509_INVALID_SERIAL + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG X509 CRL ASN1 (TBSCertList, no entries) -depends_on:MBEDTLS_RSA_C:MBEDTLS_MD_CAN_SHA224:!MBEDTLS_X509_REMOVE_INFO +depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_224:!MBEDTLS_X509_REMOVE_INFO x509parse_crl:"30463031020100300d06092a864886f70d01010e0500300f310d300b0603550403130441424344170c303930313031303030303030300d06092a864886f70d01010e050003020001":"CRL version \: 1\nissuer name \: CN=ABCD\nthis update \: 2009-01-01 00\:00\:00\nnext update \: 0000-00-00 00\:00\:00\nRevoked certificates\:\nsigned using \: RSA with SHA-224\n":0 X509 CRL ASN1 (invalid version 2) diff --git a/tests/suites/test_suite_x509write.data b/tests/suites/test_suite_x509write.data index 5c6a9032d0..8ddd47fcec 100644 --- a/tests/suites/test_suite_x509write.data +++ b/tests/suites/test_suite_x509write.data @@ -3,7 +3,7 @@ depends_on:MBEDTLS_MD_CAN_SHA1:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 x509_csr_check:"data_files/server1.key":"data_files/server1.req.sha1":MBEDTLS_MD_SHA1:0:0:0:0:0 Certificate Request check Server1 SHA224 -depends_on:MBEDTLS_MD_CAN_SHA224:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 +depends_on:PSA_WANT_ALG_SHA_224:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 x509_csr_check:"data_files/server1.key":"data_files/server1.req.sha224":MBEDTLS_MD_SHA224:0:0:0:0:0 Certificate Request check Server1 SHA256 From 624488214c02ab3b493d06c4dc7b2f60e73ca0ce Mon Sep 17 00:00:00 2001 From: Elena Uziunaite Date: Wed, 26 Jun 2024 10:45:06 +0100 Subject: [PATCH 416/429] Replace MBEDTLS_MD_CAN_SHA224 in md.h Signed-off-by: Elena Uziunaite --- tf-psa-crypto/drivers/builtin/include/mbedtls/md.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tf-psa-crypto/drivers/builtin/include/mbedtls/md.h b/tf-psa-crypto/drivers/builtin/include/mbedtls/md.h index 478e9f7667..bbf4ec02d5 100644 --- a/tf-psa-crypto/drivers/builtin/include/mbedtls/md.h +++ b/tf-psa-crypto/drivers/builtin/include/mbedtls/md.h @@ -73,7 +73,7 @@ typedef enum { #define MBEDTLS_MD_MAX_SIZE 48 /* longest known is SHA384 */ #elif defined(MBEDTLS_MD_CAN_SHA256) || defined(MBEDTLS_MD_CAN_SHA3_256) #define MBEDTLS_MD_MAX_SIZE 32 /* longest known is SHA256 */ -#elif defined(MBEDTLS_MD_CAN_SHA224) || defined(MBEDTLS_MD_CAN_SHA3_224) +#elif defined(PSA_WANT_ALG_SHA_224) || defined(MBEDTLS_MD_CAN_SHA3_224) #define MBEDTLS_MD_MAX_SIZE 28 /* longest known is SHA224 */ #else #define MBEDTLS_MD_MAX_SIZE 20 /* longest known is SHA1 or RIPE MD-160 From 0917265014ec34a27545c89c9822344da542fe84 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Thu, 27 Jun 2024 08:00:54 +0200 Subject: [PATCH 417/429] makefile: allow to build and link test suites against psasim Signed-off-by: Valerio Setti --- Makefile | 10 ++++- scripts/common.make | 36 +++++++++++++++-- tests/Makefile | 1 + tests/psa-client-server/psasim/Makefile | 53 +++++++++++++++---------- 4 files changed, 72 insertions(+), 28 deletions(-) diff --git a/Makefile b/Makefile index 67ad0b7b10..74e328af49 100644 --- a/Makefile +++ b/Makefile @@ -31,7 +31,10 @@ programs: lib mbedtls_test lib: $(MAKE) -C library -tests: lib mbedtls_test +ifndef PSASIM +tests: lib +endif +tests: mbedtls_test $(MAKE) -C tests mbedtls_test: @@ -168,7 +171,10 @@ else if exist visualc\VS2017\mbedTLS.sln del /Q /F visualc\VS2017\mbedTLS.sln endif -check: lib tests +ifndef PSASIM +check: lib +endif +check: tests $(MAKE) -C tests check test: check diff --git a/scripts/common.make b/scripts/common.make index ead1334ca3..077ac6f310 100644 --- a/scripts/common.make +++ b/scripts/common.make @@ -4,6 +4,8 @@ ifndef MBEDTLS_PATH MBEDTLS_PATH := .. endif +PSASIM_PATH=$(MBEDTLS_PATH)/tests/psa-client-server/psasim + ifeq (,$(wildcard $(MBEDTLS_PATH)/framework/exported.make)) # Use the define keyword to get a multi-line message. # GNU make appends ". Stop.", so tweak the ending of our message accordingly. @@ -26,19 +28,38 @@ LOCAL_CFLAGS = $(WARNING_CFLAGS) -I$(MBEDTLS_TEST_PATH)/include \ -I$(MBEDTLS_PATH)/tf-psa-crypto/drivers/builtin/include \ -D_FILE_OFFSET_BITS=64 LOCAL_CXXFLAGS = $(WARNING_CXXFLAGS) -I$(MBEDTLS_PATH)/include -I$(MBEDTLS_PATH)/tests/include -D_FILE_OFFSET_BITS=64 + +ifdef PSASIM +LOCAL_LDFLAGS = ${MBEDTLS_TEST_OBJS} \ + -L$(PSASIM_PATH)/client_libs \ + -lpsaclient \ + -lmbedtls$(SHARED_SUFFIX) \ + -lmbedx509$(SHARED_SUFFIX) \ + -lmbedcrypto$(SHARED_SUFFIX) +else LOCAL_LDFLAGS = ${MBEDTLS_TEST_OBJS} \ -L$(MBEDTLS_PATH)/library \ -lmbedtls$(SHARED_SUFFIX) \ -lmbedx509$(SHARED_SUFFIX) \ -lmbedcrypto$(SHARED_SUFFIX) +endif include $(MBEDTLS_PATH)/3rdparty/Makefile.inc LOCAL_CFLAGS+=$(THIRDPARTY_INCLUDES) -ifndef SHARED -MBEDLIBS=$(MBEDTLS_PATH)/library/libmbedcrypto.a $(MBEDTLS_PATH)/library/libmbedx509.a $(MBEDTLS_PATH)/library/libmbedtls.a +ifdef PSASIM +MBEDLIBS=$(PSASIM_PATH)/client_libs/libmbedcrypto.a \ + $(PSASIM_PATH)/client_libs/libmbedx509.a \ + $(PSASIM_PATH)/client_libs/libmbedtls.a \ + $(PSASIM_PATH)/client_libs/libpsaclient.a +else ifndef SHARED +MBEDLIBS=$(MBEDTLS_PATH)/library/libmbedcrypto.a \ + $(MBEDTLS_PATH)/library/libmbedx509.a \ + $(MBEDTLS_PATH)/library/libmbedtls.a else -MBEDLIBS=$(MBEDTLS_PATH)/library/libmbedcrypto.$(DLEXT) $(MBEDTLS_PATH)/library/libmbedx509.$(DLEXT) $(MBEDTLS_PATH)/library/libmbedtls.$(DLEXT) +MBEDLIBS=$(MBEDTLS_PATH)/library/libmbedcrypto.$(DLEXT) \ + $(MBEDTLS_PATH)/library/libmbedx509.$(DLEXT) \ + $(MBEDTLS_PATH)/library/libmbedtls.$(DLEXT) endif ifdef DEBUG @@ -126,10 +147,17 @@ else endif # Auxiliary modules used by tests and some sample programs -MBEDTLS_CORE_TEST_OBJS = $(patsubst %.c,%.o,$(wildcard \ +MBEDTLS_CORE_TEST_OBJS := $(patsubst %.c,%.o,$(wildcard \ ${MBEDTLS_TEST_PATH}/src/*.c \ ${MBEDTLS_TEST_PATH}/src/drivers/*.c \ )) +# Ignore PSA stubs when building for the client side of PSASIM (i.e. +# CRYPTO_CLIENT && !CRYPTO_C) otherwise there will be functions duplicates. +ifdef PSASIM +MBEDTLS_CORE_TEST_OBJS := $(filter-out \ + ${MBEDTLS_TEST_PATH}/src/psa_crypto_stubs.o, $(MBEDTLS_CORE_TEST_OBJS)\ + ) +endif # Additional auxiliary modules for TLS testing MBEDTLS_TLS_TEST_OBJS = $(patsubst %.c,%.o,$(wildcard \ ${MBEDTLS_TEST_PATH}/src/test_helpers/*.c \ diff --git a/tests/Makefile b/tests/Makefile index 7ab4d9c474..796d5fc9c0 100644 --- a/tests/Makefile +++ b/tests/Makefile @@ -177,6 +177,7 @@ $(BINARIES): %$(EXEXT): %.c $(MBEDLIBS) $(TEST_OBJS_DEPS) $(MBEDTLS_TEST_OBJS) clean: ifndef WINDOWS + $(MAKE) -C psa-client-server/psasim clean rm -rf $(BINARIES) *.c *.datax rm -f src/*.o src/drivers/*.o src/test_helpers/*.o src/libmbed* src/test_keys.h src/test_certs.h rm -f src/test_keys.h src/test_certs.h diff --git a/tests/psa-client-server/psasim/Makefile b/tests/psa-client-server/psasim/Makefile index 02b639f2c4..ec6691f422 100644 --- a/tests/psa-client-server/psasim/Makefile +++ b/tests/psa-client-server/psasim/Makefile @@ -1,11 +1,11 @@ CFLAGS += -Wall -Werror -std=c99 -D_XOPEN_SOURCE=1 -D_POSIX_C_SOURCE=200809L ifeq ($(DEBUG),1) -CFLAGS += -DDEBUG -O0 -g +override CFLAGS += -DDEBUG -O0 -g endif -LIBPSACLIENT := -Llibpsaclient/ -lmbedcrypto -lmbedx509 -lmbedtls -LIBPSASERVER := -Llibpsaserver/ -lmbedcrypto +CLIENT_LIBS := -Lclient_libs -lpsaclient -lmbedtls -lmbedx509 -lmbedcrypto +SERVER_LIBS := -Lserver_libs -lmbedcrypto MBEDTLS_ROOT_PATH = ../../.. COMMON_INCLUDE := -I./include -I$(MBEDTLS_ROOT_PATH)/include \ @@ -16,13 +16,14 @@ GENERATED_H_FILES = include/psa_manifest/manifest.h \ include/psa_manifest/pid.h \ include/psa_manifest/sid.h -PSA_CLIENT_COMMON_SRC = src/psa_ff_client.c \ - src/psa_sim_crypto_client.c \ - src/psa_sim_serialise.c +LIBPSACLIENT_SRC = src/psa_ff_client.c \ + src/psa_sim_crypto_client.c \ + src/psa_sim_serialise.c +LIBPSACLIENT_OBJS=$(LIBPSACLIENT_SRC:.c=.o) -PSA_CLIENT_BASE_SRC = $(PSA_CLIENT_COMMON_SRC) src/client.c +PSA_CLIENT_BASE_SRC = $(LIBPSACLIENT_SRC) src/client.c -PSA_CLIENT_FULL_SRC = $(PSA_CLIENT_COMMON_SRC) \ +PSA_CLIENT_FULL_SRC = $(LIBPSACLIENT_SRC) \ $(wildcard src/aut_*.c) PARTITION_SERVER_BOOTSTRAP = src/psa_ff_bootstrap_TEST_PARTITION.c @@ -32,21 +33,28 @@ PSA_SERVER_SRC = $(PARTITION_SERVER_BOOTSTRAP) \ src/psa_sim_crypto_server.c \ src/psa_sim_serialise.c -.PHONY: all clean libpsaclient libpsaserver +.PHONY: all clean client_libs server_libs all: test/seedfile: dd if=/dev/urandom of=./test/seedfile bs=64 count=1 -test/psa_client_base: $(PSA_CLIENT_BASE_SRC) $(GENERATED_H_FILES) - $(CC) $(COMMON_INCLUDE) $(CFLAGS) $(PSA_CLIENT_BASE_SRC) $(LIBPSACLIENT) $(LDFLAGS) -o $@ +src/%.o: src/%.c $(GENERATED_H_FILES) + $(CC) $(COMMON_INCLUDE) $(CFLAGS) -c $< $(LDFLAGS) -o $@ -test/psa_client_full: $(PSA_CLIENT_FULL_SRC) $(GENERATED_H_FILES) - $(CC) $(COMMON_INCLUDE) $(CFLAGS) $(PSA_CLIENT_FULL_SRC) $(LIBPSACLIENT) $(LDFLAGS) -o $@ +client_libs/libpsaclient: $(LIBPSACLIENT_OBJS) + mkdir -p client_libs + $(AR) -src client_libs/libpsaclient.a $(LIBPSACLIENT_OBJS) -test/psa_partition: $(PSA_SERVER_SRC) $(GENERATED_H_FILES) test/seedfile - $(CC) $(COMMON_INCLUDE) $(CFLAGS) $(PSA_SERVER_SRC) $(LIBPSASERVER) $(LDFLAGS) -o $@ +test/psa_client_base: $(PSA_CLIENT_BASE_SRC) $(GENERATED_H_FILES) test/seedfile + $(CC) $(COMMON_INCLUDE) $(CFLAGS) $(PSA_CLIENT_BASE_SRC) $(CLIENT_LIBS) $(LDFLAGS) -o $@ + +test/psa_client_full: $(PSA_CLIENT_FULL_SRC) $(GENERATED_H_FILES) test/seedfile + $(CC) $(COMMON_INCLUDE) $(CFLAGS) $(PSA_CLIENT_FULL_SRC) $(CLIENT_LIBS) $(LDFLAGS) -o $@ + +test/psa_server: $(PSA_SERVER_SRC) $(GENERATED_H_FILES) + $(CC) $(COMMON_INCLUDE) $(CFLAGS) $(PSA_SERVER_SRC) $(SERVER_LIBS) $(LDFLAGS) -o $@ $(PARTITION_SERVER_BOOTSTRAP) $(GENERATED_H_FILES): src/manifest.json src/server.c tools/psa_autogen.py src/manifest.json @@ -56,17 +64,18 @@ $(PARTITION_SERVER_BOOTSTRAP) $(GENERATED_H_FILES): src/manifest.json src/server # # Note: these rules assume that mbedtls_config.h is already configured by all.sh. # If not using all.sh then the user must do it manually. -libpsaclient libpsaserver: +client_libs: client_libs/libpsaclient +client_libs server_libs: $(MAKE) -C $(MBEDTLS_ROOT_PATH)/library CFLAGS="$(CFLAGS)" LDFLAGS="$(LDFLAGS)" libmbedcrypto.a libmbedx509.a libmbedtls.a mkdir -p $@ cp $(MBEDTLS_ROOT_PATH)/library/libmbed*.a $@/ - $(MAKE) -C $(MBEDTLS_ROOT_PATH) clean -clean: - rm -f test/psa_client_base test/psa_client_full test/psa_partition +clean_server_intermediate_files: rm -f $(PARTITION_SERVER_BOOTSTRAP) - rm -rf libpsaclient libpsaserver rm -rf include/psa_manifest - rm -f test/psa_service_* test/psa_notify_* - rm -f test/*.log + +clean: clean_server_intermediate_files + rm -f test/psa_client_base test/psa_client_full test/psa_server + rm -rf client_libs server_libs + rm -f test/psa_service_* test/psa_notify_* test/*.log rm -f test/seedfile From 9022f718b1e6e1af3f9fc9c7283fb9937adfffc5 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Thu, 27 Jun 2024 07:59:39 +0200 Subject: [PATCH 418/429] all.sh: add new component to run test suites with psasim Signed-off-by: Valerio Setti --- tests/scripts/all.sh | 106 +++++++++++++++++++++++++++++++++++++------ 1 file changed, 91 insertions(+), 15 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 3bff3a8534..eb9589ac45 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -217,6 +217,8 @@ pre_initialize_variables () { # defined in this script whose name starts with "component_". ALL_COMPONENTS=$(compgen -A function component_ | sed 's/component_//') + PSASIM_PATH='tests/psa-client-server/psasim/' + # Delay determining SUPPORTED_COMPONENTS until the command line options have a chance to override # the commands set by the environment } @@ -356,6 +358,24 @@ cleanup() done } +# This is a helper function to be used in psasim builds. It is meant to clean +# up the library's workspace after the server build and before the client +# build. Built libraries (mbedcrypto, mbedx509 and mbedtls) are supposed to be +# already copied to psasim folder at this point. +cleanup_before_psasim_client() { + # Clean up library files + make -C library clean + # Clean up intermediate files that were used to build the server + make -C $PSASIM_PATH clean_server_intermediate_files + # Restore files that were backup before building library files. This + # includes $CONFIG_H and $CRYPTO_CONFIG_H. + for x in $files_to_back_up; do + if [[ -e "$x$backup_suffix" ]]; then + cp -p "$x$backup_suffix" "$x" + fi + done +} + # Final cleanup when this script exits (except when exiting on a failure # in non-keep-going mode). final_cleanup () { @@ -948,11 +968,11 @@ helper_libtestdriver1_make_main() { make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -I../tests/include -I../tests -I../../tests -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_TEST_LIBTESTDRIVER1 $loc_accel_flags" LDFLAGS="-ltestdriver1 $ASAN_CFLAGS" "$@" } -# $1: target which can be "client" or "server" -helper_crypto_client_build() { +# Set some default values $CONFIG_H in order to build server or client sides +# in PSASIM. There is only 1 mandatory parameter: +# - $1: target which can be "client" or "server" +helper_psasim_base_config() { TARGET=$1 - shift - TARGET_LIB=libpsa$TARGET if [ "$TARGET" == "client" ]; then scripts/config.py full @@ -976,8 +996,23 @@ helper_crypto_client_build() { # Also ensure MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER not set (to match client) scripts/config.py unset MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER fi +} - make -C tests/psa-client-server/psasim/ CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS" $TARGET_LIB "$@" +# Helper to build the libraries for client/server in PSASIM. If the server is +# being built, then it builds also the final executable. +# There is only 1 mandatory parameter: +# - $1: target which can be "client" or "server" +helper_psasim_build() { + TARGET=$1 + shift + TARGET_LIB=${TARGET}_libs + + make -C $PSASIM_PATH CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS" $TARGET_LIB "$@" + + # Build also the server application after its libraries have been built. + if [ "$TARGET" == "server" ]; then + make -C $PSASIM_PATH CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS" test/psa_server + fi } ################################################################ @@ -1037,6 +1072,24 @@ helper_get_psa_key_type_list() { echo "$loc_list" } +# Helper function for controlling (start & stop) the psasim server. +helper_psasim_server() { + OPERATION=$1 + if [ "$OPERATION" == "start" ]; then + ( + cd tests + msg "start server" + psa-client-server/psasim/test/start_server.sh + ) + else + ( + cd tests + msg "terminate server and cleanup" + psa-client-server/psasim//test/kill_server.sh + ) + fi +} + ################################################################ #### Basic checks ################################################################ @@ -6029,20 +6082,16 @@ component_check_test_helpers () { } component_test_psasim() { - msg "build library for server" + msg "build server library and application" scripts/config.py crypto - helper_crypto_client_build server + helper_psasim_base_config server + helper_psasim_build server - msg "build server" - make -C tests/psa-client-server/psasim CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS" test/psa_partition - - # cleanup() will restore some backed-up files which include $CONFIG_H and - # $CRYPTO_CONFIG_H. Built libraries were already copied to psasim at this - # point. - cleanup + cleanup_before_psasim_client msg "build library for client" - helper_crypto_client_build client + helper_psasim_base_config client + helper_psasim_build client msg "build basic psasim client" make -C tests/psa-client-server/psasim CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS" test/psa_client_base @@ -6057,6 +6106,33 @@ component_test_psasim() { make -C tests/psa-client-server/psasim clean } +component_test_suite_with_psasim() +{ + msg "build server library and application" + helper_psasim_base_config server + # Modify server's library configuration here (if needed) + helper_psasim_build server + + cleanup_before_psasim_client + + msg "build client library" + helper_psasim_base_config client + # PAKE functions are still unsupported from PSASIM + scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_JPAKE + scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED + helper_psasim_build client + + msg "build test suites" + make PSASIM=1 CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS" tests + + helper_psasim_server start + + msg "run test suites" + make PSASIM=1 test + + helper_psasim_server kill +} + ################################################################ #### Termination ################################################################ From f67ded3488b8e1136e568baa2562aaf712f37cc7 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Thu, 27 Jun 2024 08:03:32 +0200 Subject: [PATCH 419/429] psasim: update bash scripts Signed-off-by: Valerio Setti --- .../psasim/test/kill_server.sh | 16 +++++++++++ .../psa-client-server/psasim/test/run_test.sh | 28 ++++--------------- .../psasim/test/start_server.sh | 19 +++++++++++++ 3 files changed, 41 insertions(+), 22 deletions(-) create mode 100755 tests/psa-client-server/psasim/test/kill_server.sh create mode 100755 tests/psa-client-server/psasim/test/start_server.sh diff --git a/tests/psa-client-server/psasim/test/kill_server.sh b/tests/psa-client-server/psasim/test/kill_server.sh new file mode 100755 index 0000000000..7aba5a32ed --- /dev/null +++ b/tests/psa-client-server/psasim/test/kill_server.sh @@ -0,0 +1,16 @@ +#!/bin/bash + +# Copyright The Mbed TLS Contributors +# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + +set -e + +pkill psa_server || true + +# Remove temporary files and logs +rm -f psa_notify_* +rm -f psa_service_* +rm -f psa_server.log + +# Remove all IPCs +ipcs -q | awk '{ printf " -q " $2 }' | xargs ipcrm > /dev/null 2>&1 || true diff --git a/tests/psa-client-server/psasim/test/run_test.sh b/tests/psa-client-server/psasim/test/run_test.sh index 7c1011ead2..ac9c4c86ca 100755 --- a/tests/psa-client-server/psasim/test/run_test.sh +++ b/tests/psa-client-server/psasim/test/run_test.sh @@ -1,13 +1,13 @@ #!/bin/bash +# Copyright The Mbed TLS Contributors +# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + # This is a simple bash script that tests psa_client/psa_server interaction. # This script is automatically executed when "make run" is launched by the # "psasim" root folder. The script can also be launched manually once # binary files are built (i.e. after "make test" is executed from the "psasim" # root folder). -# -# Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later set -e @@ -16,26 +16,10 @@ cd "$(dirname "$0")" CLIENT_BIN=$1 shift -function clean_run() { - rm -f psa_notify_* - pkill psa_partition || true - pkill psa_client || true - ipcs | grep q | awk '{ printf " -q " $2 }' | xargs ipcrm > /dev/null 2>&1 || true -} +ipcs | grep q | awk '{ printf " -q " $2 }' | xargs ipcrm > /dev/null 2>&1 || true -# The server creates some local files when it starts up so we can wait for this -# event as signal that the server is ready so that we can start client(s). -function wait_for_server_startup() { - while [ ! -f ./psa_notify_* ]; do - sleep 0.1 - done -} - -clean_run - -./psa_partition & -wait_for_server_startup +./start_server.sh ./$CLIENT_BIN "$@" # Kill server once client exited -pkill psa_partition +pkill psa_server diff --git a/tests/psa-client-server/psasim/test/start_server.sh b/tests/psa-client-server/psasim/test/start_server.sh new file mode 100755 index 0000000000..fcc8a97e9c --- /dev/null +++ b/tests/psa-client-server/psasim/test/start_server.sh @@ -0,0 +1,19 @@ +#!/bin/bash + +# Copyright The Mbed TLS Contributors +# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + +set -e + +# The server creates some local files when it starts up so we can wait for this +# event as signal that the server is ready so that we can start client(s). +function wait_for_server_startup() { + while [ $(find . -name "psa_notify_*" | wc -l) -eq 0 ]; do + sleep 0.1 + done +} + +$(dirname "$0")/kill_server.sh + +$(dirname "$0")/psa_server & +wait_for_server_startup From e134d0962a871fc64088b5f02b9865b5ad8c5d69 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Thu, 27 Jun 2024 08:04:29 +0200 Subject: [PATCH 420/429] all.sh: remove old tests components on CRYPTO_CLIENT Now that we have PSASIM we can really test CRYPTO_CLIENT functionality and those functions are not needed anymore. Moreover new test suites that are going to rely on CRYPTO_CLIENT && !CRYPTO_C would be tested from test_default_psa_crypto_client_without_crypto_provider() leading to failures due to stub functions being empty. Signed-off-by: Valerio Setti --- tests/scripts/all.sh | 62 -------------------------------------------- 1 file changed, 62 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index eb9589ac45..0c1e9c9f3e 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -1402,68 +1402,6 @@ component_build_psa_crypto_spm () { check_renamed_symbols tests/include/spe/crypto_spe.h library/libmbedcrypto.a } -# Get a list of library-wise undefined symbols and ensure that they only -# belong to psa_xxx() functions and not to mbedtls_yyy() ones. -# This function is a common helper used by both: -# - component_test_default_psa_crypto_client_without_crypto_provider -# - component_build_full_psa_crypto_client_without_crypto_provider. -common_check_mbedtls_missing_symbols() { - nm library/libmbedcrypto.a | grep ' [TRrDC] ' | grep -Eo '(mbedtls_|psa_).*' | sort -u > sym_def.txt - nm library/libmbedcrypto.a | grep ' U ' | grep -Eo '(mbedtls_|psa_).*' | sort -u > sym_undef.txt - comm sym_def.txt sym_undef.txt -13 > linking_errors.txt - not grep mbedtls_ linking_errors.txt - - rm sym_def.txt sym_undef.txt linking_errors.txt -} - -component_test_default_psa_crypto_client_without_crypto_provider () { - msg "build: default config - PSA_CRYPTO_C + PSA_CRYPTO_CLIENT" - - scripts/config.py unset MBEDTLS_PSA_CRYPTO_C - scripts/config.py unset MBEDTLS_PSA_CRYPTO_STORAGE_C - scripts/config.py unset MBEDTLS_PSA_ITS_FILE_C - scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3 - scripts/config.py set MBEDTLS_PSA_CRYPTO_CLIENT - scripts/config.py unset MBEDTLS_LMS_C - - make - - msg "check missing symbols: default config - PSA_CRYPTO_C + PSA_CRYPTO_CLIENT" - common_check_mbedtls_missing_symbols - - msg "test: default config - PSA_CRYPTO_C + PSA_CRYPTO_CLIENT" - make test -} - -component_build_full_psa_crypto_client_without_crypto_provider () { - msg "build: full config - PSA_CRYPTO_C" - - # Use full config which includes USE_PSA and CRYPTO_CLIENT. - scripts/config.py full - - scripts/config.py unset MBEDTLS_PSA_CRYPTO_C - scripts/config.py unset MBEDTLS_PSA_CRYPTO_STORAGE_C - # Dynamic secure element support is a deprecated feature and it is not - # available when CRYPTO_C and PSA_CRYPTO_STORAGE_C are disabled. - scripts/config.py unset MBEDTLS_PSA_CRYPTO_SE_C - - # Since there is no crypto provider in this build it is not possible to - # build all the test executables and progrems due to missing PSA functions - # at link time. Therefore we will just build libraries and we'll check - # that symbols of interest are there. - make lib - - msg "check missing symbols: full config - PSA_CRYPTO_C" - - common_check_mbedtls_missing_symbols - - # Ensure that desired functions are included into the build (extend the - # following list as required). - grep mbedtls_pk_get_psa_attributes library/libmbedcrypto.a - grep mbedtls_pk_import_into_psa library/libmbedcrypto.a - grep mbedtls_pk_copy_from_psa library/libmbedcrypto.a -} - component_test_no_rsa_key_pair_generation() { msg "build: default config minus PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE" scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG From 8473390bbbf205814e3e881a15d7d5dd1017d177 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Thu, 27 Jun 2024 08:05:09 +0200 Subject: [PATCH 421/429] tests: fix guards in test suites to allow testing with PSASIM Signed-off-by: Valerio Setti --- tests/include/test/psa_crypto_helpers.h | 11 +++-- tests/src/psa_exercise_key.c | 4 +- tests/suites/test_suite_debug.function | 16 +++---- tests/suites/test_suite_lmots.function | 13 ++++++ tests/suites/test_suite_lms.function | 8 ++++ tests/suites/test_suite_pk.data | 24 +++++----- tests/suites/test_suite_pk.function | 46 ++++++++++--------- .../test_suite_psa_crypto_attributes.function | 4 ++ .../test_suite_psa_crypto_hash.function | 4 +- tests/suites/test_suite_ssl.data | 4 +- tests/suites/test_suite_ssl.function | 2 +- 11 files changed, 84 insertions(+), 52 deletions(-) diff --git a/tests/include/test/psa_crypto_helpers.h b/tests/include/test/psa_crypto_helpers.h index 7306d8eb10..7393d81dc3 100644 --- a/tests/include/test/psa_crypto_helpers.h +++ b/tests/include/test/psa_crypto_helpers.h @@ -11,7 +11,7 @@ #include "test/helpers.h" -#if defined(MBEDTLS_PSA_CRYPTO_C) +#if defined(MBEDTLS_PSA_CRYPTO_CLIENT) #include "test/psa_helpers.h" #include #endif @@ -38,12 +38,15 @@ mbedtls_psa_crypto_free(); \ } \ while (0) -#else /*MBEDTLS_PSA_CRYPTO_C */ +#elif defined(MBEDTLS_PSA_CRYPTO_CLIENT) /* MBEDTLS_PSA_CRYPTO_CLIENT && !MBEDTLS_PSA_CRYPTO_C */ +#define PSA_INIT() PSA_ASSERT(psa_crypto_init()) +#define PSA_DONE() mbedtls_psa_crypto_free(); +#else /* MBEDTLS_PSA_CRYPTO_CLIENT && !MBEDTLS_PSA_CRYPTO_C */ #define PSA_INIT() ((void) 0) #define PSA_DONE() ((void) 0) #endif /* MBEDTLS_PSA_CRYPTO_C */ -#if defined(MBEDTLS_PSA_CRYPTO_C) +#if defined(MBEDTLS_PSA_CRYPTO_CLIENT) #if defined(MBEDTLS_PSA_CRYPTO_STORAGE_C) @@ -313,7 +316,7 @@ uint64_t mbedtls_test_parse_binary_string(data_t *bin_string); } \ while (0) -#endif /* MBEDTLS_PSA_CRYPTO_C */ +#endif /* MBEDTLS_PSA_CRYPTO_CLIENT */ /** \def USE_PSA_INIT * diff --git a/tests/src/psa_exercise_key.c b/tests/src/psa_exercise_key.c index 937bd45d22..b2232764a7 100644 --- a/tests/src/psa_exercise_key.c +++ b/tests/src/psa_exercise_key.c @@ -11,7 +11,7 @@ #include #include -#if defined(MBEDTLS_PSA_CRYPTO_C) +#if defined(MBEDTLS_PSA_CRYPTO_CLIENT) #include #include @@ -1332,4 +1332,4 @@ exit: } #endif /* MBEDTLS_PK_C */ -#endif /* MBEDTLS_PSA_CRYPTO_C */ +#endif /* MBEDTLS_PSA_CRYPTO_CLIENT */ diff --git a/tests/suites/test_suite_debug.function b/tests/suites/test_suite_debug.function index 70e7badca5..982be3c6e5 100644 --- a/tests/suites/test_suite_debug.function +++ b/tests/suites/test_suite_debug.function @@ -59,7 +59,7 @@ void debug_print_msg_threshold(int threshold, int level, char *file, mbedtls_ssl_config conf; struct buffer_data buffer; - MD_PSA_INIT(); + MD_OR_USE_PSA_INIT(); mbedtls_ssl_init(&ssl); mbedtls_ssl_config_init(&conf); @@ -86,7 +86,7 @@ void debug_print_msg_threshold(int threshold, int level, char *file, exit: mbedtls_ssl_free(&ssl); mbedtls_ssl_config_free(&conf); - MD_PSA_DONE(); + MD_OR_USE_PSA_DONE(); } /* END_CASE */ @@ -98,7 +98,7 @@ void mbedtls_debug_print_ret(char *file, int line, char *text, int value, mbedtls_ssl_config conf; struct buffer_data buffer; - MD_PSA_INIT(); + MD_OR_USE_PSA_INIT(); mbedtls_ssl_init(&ssl); mbedtls_ssl_config_init(&conf); @@ -122,7 +122,7 @@ void mbedtls_debug_print_ret(char *file, int line, char *text, int value, exit: mbedtls_ssl_free(&ssl); mbedtls_ssl_config_free(&conf); - MD_PSA_DONE(); + MD_OR_USE_PSA_DONE(); } /* END_CASE */ @@ -134,7 +134,7 @@ void mbedtls_debug_print_buf(char *file, int line, char *text, mbedtls_ssl_config conf; struct buffer_data buffer; - MD_PSA_INIT(); + MD_OR_USE_PSA_INIT(); mbedtls_ssl_init(&ssl); mbedtls_ssl_config_init(&conf); @@ -158,7 +158,7 @@ void mbedtls_debug_print_buf(char *file, int line, char *text, exit: mbedtls_ssl_free(&ssl); mbedtls_ssl_config_free(&conf); - MD_PSA_DONE(); + MD_OR_USE_PSA_DONE(); } /* END_CASE */ @@ -211,7 +211,7 @@ void mbedtls_debug_print_mpi(char *value, char *file, int line, struct buffer_data buffer; mbedtls_mpi val; - MD_PSA_INIT(); + MD_OR_USE_PSA_INIT(); mbedtls_ssl_init(&ssl); mbedtls_ssl_config_init(&conf); @@ -239,6 +239,6 @@ exit: mbedtls_mpi_free(&val); mbedtls_ssl_free(&ssl); mbedtls_ssl_config_free(&conf); - MD_PSA_DONE(); + MD_OR_USE_PSA_DONE(); } /* END_CASE */ diff --git a/tests/suites/test_suite_lmots.function b/tests/suites/test_suite_lmots.function index 293287aab9..c81501c4d5 100644 --- a/tests/suites/test_suite_lmots.function +++ b/tests/suites/test_suite_lmots.function @@ -37,6 +37,7 @@ void lmots_sign_verify_test(data_t *msg, data_t *key_id, int leaf_id, mbedtls_lmots_public_init(&pub_ctx); mbedtls_lmots_private_init(&priv_ctx); + USE_PSA_INIT(); TEST_EQUAL(mbedtls_lmots_generate_private_key(&priv_ctx, MBEDTLS_LMOTS_SHA256_N32_W8, key_id->x, leaf_id, seed->x, seed->len), 0); @@ -48,6 +49,7 @@ void lmots_sign_verify_test(data_t *msg, data_t *key_id, int leaf_id, exit: mbedtls_lmots_public_free(&pub_ctx); mbedtls_lmots_private_free(&priv_ctx); + USE_PSA_DONE(); } /* END_CASE */ @@ -60,6 +62,7 @@ void lmots_sign_verify_null_msg_test(data_t *key_id, int leaf_id, data_t *seed) mbedtls_lmots_public_init(&pub_ctx); mbedtls_lmots_private_init(&priv_ctx); + USE_PSA_INIT(); TEST_EQUAL(mbedtls_lmots_generate_private_key(&priv_ctx, MBEDTLS_LMOTS_SHA256_N32_W8, key_id->x, leaf_id, seed->x, seed->len), 0); @@ -71,6 +74,7 @@ void lmots_sign_verify_null_msg_test(data_t *key_id, int leaf_id, data_t *seed) exit: mbedtls_lmots_public_free(&pub_ctx); mbedtls_lmots_private_free(&priv_ctx); + USE_PSA_DONE(); } /* END_CASE */ @@ -83,6 +87,7 @@ void lmots_verify_test(data_t *msg, data_t *sig, data_t *pub_key, unsigned char *tmp_sig = NULL; mbedtls_lmots_public_init(&ctx); + USE_PSA_INIT(); TEST_EQUAL(mbedtls_lmots_import_public_key(&ctx, pub_key->x, pub_key->len), 0); @@ -137,6 +142,7 @@ void lmots_verify_test(data_t *msg, data_t *sig, data_t *pub_key, exit: mbedtls_free(tmp_sig); mbedtls_lmots_public_free(&ctx); + USE_PSA_DONE(); } /* END_CASE */ @@ -149,6 +155,8 @@ void lmots_import_export_test(data_t *pub_key, int expected_import_rc) size_t exported_pub_key_size; mbedtls_lmots_public_init(&ctx); + USE_PSA_INIT(); + TEST_EQUAL(mbedtls_lmots_import_public_key(&ctx, pub_key->x, pub_key->len), expected_import_rc); @@ -192,6 +200,7 @@ void lmots_import_export_test(data_t *pub_key, int expected_import_rc) exit: mbedtls_lmots_public_free(&ctx); mbedtls_free(exported_pub_key); + USE_PSA_DONE(); } /* END_CASE */ @@ -202,6 +211,7 @@ void lmots_reuse_test(data_t *msg, data_t *key_id, int leaf_id, data_t *seed) unsigned char sig[MBEDTLS_LMOTS_SIG_LEN(MBEDTLS_LMOTS_SHA256_N32_W8)]; mbedtls_lmots_private_init(&ctx); + USE_PSA_INIT(); TEST_EQUAL(mbedtls_lmots_generate_private_key(&ctx, MBEDTLS_LMOTS_SHA256_N32_W8, key_id->x, leaf_id, seed->x, seed->len), 0); @@ -217,6 +227,7 @@ void lmots_reuse_test(data_t *msg, data_t *key_id, int leaf_id, data_t *seed) exit: mbedtls_lmots_private_free(&ctx); + USE_PSA_DONE(); } /* END_CASE */ @@ -233,6 +244,7 @@ void lmots_signature_leak_test(data_t *msg, data_t *key_id, int leaf_id, memset(sig, 0x7E, sizeof(sig)); mbedtls_lmots_private_init(&ctx); + USE_PSA_INIT(); TEST_EQUAL(mbedtls_lmots_generate_private_key(&ctx, MBEDTLS_LMOTS_SHA256_N32_W8, key_id->x, leaf_id, seed->x, seed->len), 0); @@ -242,5 +254,6 @@ void lmots_signature_leak_test(data_t *msg, data_t *key_id, int leaf_id, exit: mbedtls_lmots_private_free(&ctx); mbedtls_lmots_sign_private_key_invalidated_hook = NULL; + USE_PSA_DONE(); } /* END_CASE */ diff --git a/tests/suites/test_suite_lms.function b/tests/suites/test_suite_lms.function index 7116f61810..377efcd9b2 100644 --- a/tests/suites/test_suite_lms.function +++ b/tests/suites/test_suite_lms.function @@ -17,6 +17,7 @@ void lms_sign_verify_test(data_t *msg, data_t *seed) mbedtls_lms_public_init(&pub_ctx); mbedtls_lms_private_init(&priv_ctx); + USE_PSA_INIT(); /* Allocation failure isn't a test failure, since it likely just means * there's not enough memory to run the test. @@ -38,6 +39,7 @@ void lms_sign_verify_test(data_t *msg, data_t *seed) exit: mbedtls_lms_public_free(&pub_ctx); mbedtls_lms_private_free(&priv_ctx); + USE_PSA_DONE(); } /* END_CASE */ @@ -50,6 +52,7 @@ void lms_sign_verify_null_msg_test(data_t *seed) mbedtls_lms_public_init(&pub_ctx); mbedtls_lms_private_init(&priv_ctx); + USE_PSA_INIT(); /* Allocation failure isn't a test failure, since it likely just means * there's not enough memory to run the test. @@ -71,6 +74,7 @@ void lms_sign_verify_null_msg_test(data_t *seed) exit: mbedtls_lms_public_free(&pub_ctx); mbedtls_lms_private_free(&priv_ctx); + USE_PSA_DONE(); } /* END_CASE */ @@ -83,6 +87,7 @@ void lms_verify_test(data_t *msg, data_t *sig, data_t *pub_key, unsigned char *tmp_sig = NULL; mbedtls_lms_public_init(&ctx); + USE_PSA_INIT(); TEST_EQUAL(mbedtls_lms_import_public_key(&ctx, pub_key->x, pub_key->len), 0); @@ -139,6 +144,7 @@ void lms_verify_test(data_t *msg, data_t *sig, data_t *pub_key, exit: mbedtls_free(tmp_sig); mbedtls_lms_public_free(&ctx); + USE_PSA_DONE(); } /* END_CASE */ @@ -151,6 +157,7 @@ void lms_import_export_test(data_t *pub_key, int expected_import_rc) unsigned char *exported_pub_key = NULL; mbedtls_lms_public_init(&ctx); + USE_PSA_INIT(); TEST_EQUAL(mbedtls_lms_import_public_key(&ctx, pub_key->x, pub_key->len), expected_import_rc); @@ -194,5 +201,6 @@ void lms_import_export_test(data_t *pub_key, int expected_import_rc) exit: mbedtls_free(exported_pub_key); mbedtls_lms_public_free(&ctx); + USE_PSA_DONE(); } /* END_CASE */ diff --git a/tests/suites/test_suite_pk.data b/tests/suites/test_suite_pk.data index 2bc3848f37..6911265f09 100644 --- a/tests/suites/test_suite_pk.data +++ b/tests/suites/test_suite_pk.data @@ -95,11 +95,11 @@ depends_on:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_HAVE_SECP256R1 pk_can_do_ext:1:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):PSA_KEY_USAGE_SIGN_HASH:PSA_ALG_ECDSA(PSA_ALG_SHA_256):PSA_ALG_NONE:256:PSA_ALG_ECDSA(PSA_ALG_SHA_256):PSA_KEY_USAGE_SIGN_HASH:1 PK can do ext: NONE/ECDSA(ANY_HASH), check ECDSA(SHA256) -depends_on:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_HAVE_SECP256R1 +depends_on:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_PSA_CRYPTO_C pk_can_do_ext:1:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):PSA_KEY_USAGE_SIGN_HASH:PSA_ALG_NONE:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):256:PSA_ALG_ECDSA(PSA_ALG_SHA_256):PSA_KEY_USAGE_SIGN_HASH:1 PK can do ext: NONE/ECDSA(SHA256), check ECDSA(SHA256) -depends_on:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_HAVE_SECP256R1 +depends_on:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_PSA_CRYPTO_C pk_can_do_ext:1:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):PSA_KEY_USAGE_SIGN_HASH:PSA_ALG_NONE:PSA_ALG_ECDSA(PSA_ALG_SHA_256):256:PSA_ALG_ECDSA(PSA_ALG_SHA_256):PSA_KEY_USAGE_SIGN_HASH:1 PK can do ext: ECDSA(SHA256)/NONE, invalid check ECDSA(ANY) @@ -147,15 +147,15 @@ depends_on:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_HAVE_SECP256R1 pk_can_do_ext:1:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):PSA_KEY_USAGE_DERIVE|PSA_KEY_USAGE_SIGN_HASH:PSA_ALG_ECDH:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):256:PSA_ALG_ECDH:PSA_KEY_USAGE_DERIVE|PSA_KEY_USAGE_SIGN_HASH:1 PK can do ext: ECDH/ECDSA(ANY), check ECDSA(SHA256)+DERIVE|SIGN -depends_on:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_HAVE_SECP256R1 +depends_on:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_PSA_CRYPTO_C pk_can_do_ext:1:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):PSA_KEY_USAGE_DERIVE|PSA_KEY_USAGE_SIGN_HASH:PSA_ALG_ECDH:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):256:PSA_ALG_ECDSA(PSA_ALG_SHA_256):PSA_KEY_USAGE_DERIVE|PSA_KEY_USAGE_SIGN_HASH:1 PK can do ext: ECDH/ECDSA(ANY), check ECDSA(SHA256)+SIGN -depends_on:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_HAVE_SECP256R1 +depends_on:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_PSA_CRYPTO_C pk_can_do_ext:1:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):PSA_KEY_USAGE_DERIVE|PSA_KEY_USAGE_SIGN_HASH:PSA_ALG_ECDH:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):256:PSA_ALG_ECDSA(PSA_ALG_SHA_256):PSA_KEY_USAGE_SIGN_HASH:1 PK can do ext: ECDH/ECDSA(ANY), check ECDSA(SHA256)+DERIVE -depends_on:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_HAVE_SECP256R1 +depends_on:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_PSA_CRYPTO_C pk_can_do_ext:1:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):PSA_KEY_USAGE_DERIVE|PSA_KEY_USAGE_SIGN_HASH:PSA_ALG_ECDH:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):256:PSA_ALG_ECDSA(PSA_ALG_SHA_256):PSA_KEY_USAGE_DERIVE:1 PK can do ext: RSA_PKCS1V15_SIGN(ANY)/NONE, check not allowed COPY usage @@ -195,11 +195,11 @@ depends_on:MBEDTLS_RSA_C pk_can_do_ext:1:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_SIGN_HASH:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):PSA_ALG_NONE:1024:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):PSA_KEY_USAGE_SIGN_HASH:1 PK can do ext: NONE, RSA_PKCS1V15_SIGN(ANY), check RSA_PKCS1V15_SIGN(SHA256) -depends_on:MBEDTLS_RSA_C +depends_on:MBEDTLS_RSA_C:MBEDTLS_PSA_CRYPTO_C pk_can_do_ext:1:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_SIGN_HASH:PSA_ALG_NONE:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):1024:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):PSA_KEY_USAGE_SIGN_HASH:1 PK can do ext: NONE, RSA_PKCS1V15_SIGN(SHA256), check RSA_PKCS1V15_SIGN(SHA256) -depends_on:MBEDTLS_RSA_C +depends_on:MBEDTLS_RSA_C:MBEDTLS_PSA_CRYPTO_C pk_can_do_ext:1:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_SIGN_HASH:PSA_ALG_NONE:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):1024:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):PSA_KEY_USAGE_SIGN_HASH:1 PK can do ext: RSA_PKCS1V15_SIGN(SHA256)/NONE, invalid check RSA_PKCS1V15_SIGN(ANY) @@ -235,11 +235,11 @@ depends_on:MBEDTLS_RSA_C pk_can_do_ext:1:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_SIGN_HASH:PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):PSA_ALG_NONE:1024:PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):PSA_KEY_USAGE_SIGN_HASH:1 PK can do ext: NONE, RSA_PSS(ANY), check RSA_PSS(SHA256) -depends_on:MBEDTLS_RSA_C +depends_on:MBEDTLS_RSA_C:MBEDTLS_PSA_CRYPTO_C pk_can_do_ext:1:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_SIGN_HASH:PSA_ALG_NONE:PSA_ALG_RSA_PSS(PSA_ALG_ANY_HASH):1024:PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):PSA_KEY_USAGE_SIGN_HASH:1 PK can do ext: NONE, RSA_PSS(SHA256), check RSA_PSS(SHA256) -depends_on:MBEDTLS_RSA_C +depends_on:MBEDTLS_RSA_C:MBEDTLS_PSA_CRYPTO_C pk_can_do_ext:1:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_SIGN_HASH:PSA_ALG_NONE:PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):1024:PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):PSA_KEY_USAGE_SIGN_HASH:1 PK can do ext: RSA_PSS(SHA256)/NONE, invalid check RSA_PSS(ANY) @@ -283,11 +283,11 @@ depends_on:MBEDTLS_RSA_C pk_can_do_ext:1:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_ENCRYPT|PSA_KEY_USAGE_DECRYPT:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_ALG_NONE:1024:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_KEY_USAGE_DECRYPT:1 PK can do ext: RSA_PKCS1V15_CRYPT/RSA_PSS(ANY), check RSA_PKCS1V15_CRYPT -depends_on:MBEDTLS_RSA_C +depends_on:MBEDTLS_RSA_C:MBEDTLS_PSA_CRYPTO_C pk_can_do_ext:1:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_ENCRYPT|PSA_KEY_USAGE_DECRYPT|PSA_KEY_USAGE_SIGN_HASH:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_ALG_RSA_PSS(PSA_ALG_ANY_HASH):1024:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_KEY_USAGE_DECRYPT:1 PK can do ext: RSA_PKCS1V15_CRYPT/RSA_PSS(ANY), check RSA_PSS(SHA256) -depends_on:MBEDTLS_RSA_C +depends_on:MBEDTLS_RSA_C:MBEDTLS_PSA_CRYPTO_C pk_can_do_ext:1:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_ENCRYPT|PSA_KEY_USAGE_DECRYPT|PSA_KEY_USAGE_SIGN_HASH:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_ALG_RSA_PSS(PSA_ALG_ANY_HASH):1024:PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):PSA_KEY_USAGE_DECRYPT:1 PK can do ext: RSA_PKCS1V15_CRYPT/RSA_PSS(ANY), check non allowed ENCRYPT usage @@ -295,7 +295,7 @@ depends_on:MBEDTLS_RSA_C pk_can_do_ext:1:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_ENCRYPT|PSA_KEY_USAGE_DECRYPT|PSA_KEY_USAGE_SIGN_HASH:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_ALG_RSA_PSS(PSA_ALG_ANY_HASH):1024:PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):PSA_KEY_USAGE_ENCRYPT:0 PK can do ext: RSA_PKCS1V15_SIGN(ANY)/RSA_PSS(ANY), check RSA_PSS(SHA256) -depends_on:MBEDTLS_RSA_C +depends_on:MBEDTLS_RSA_C:MBEDTLS_PSA_CRYPTO_C pk_can_do_ext:1:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_SIGN_HASH:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):PSA_ALG_RSA_PSS(PSA_ALG_ANY_HASH):1024:PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):PSA_KEY_USAGE_SIGN_HASH:1 PK can do ext: RSA_PKCS1V15_SIGN(ANY)/RSA_PSS(ANY), check RSA_PKCS1V15_SIGN(SHA256) diff --git a/tests/suites/test_suite_pk.function b/tests/suites/test_suite_pk.function index 38c27e399e..5f4267780b 100644 --- a/tests/suites/test_suite_pk.function +++ b/tests/suites/test_suite_pk.function @@ -45,7 +45,7 @@ #define MBEDTLS_TEST_PK_PSA_SIGN #endif -#if defined(MBEDTLS_PSA_CRYPTO_C) && defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) +#if defined(MBEDTLS_PSA_CRYPTO_CLIENT) && defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) /* Pick an elliptic curve that's supported by PSA. Note that the curve is * not guaranteed to be supported by the ECP module. * @@ -153,7 +153,7 @@ #define MBEDTLS_TEST_PSA_ECC_HAVE_TWO_BITS #endif -#endif /* defined(MBEDTLS_PSA_CRYPTO_C) && defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) */ +#endif /* defined(MBEDTLS_PSA_CRYPTO_CLIENT) && defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) */ /* Always define the macros so that we can use them in test data. */ #if !defined(MBEDTLS_TEST_PSA_ECC_ONE_FAMILY) @@ -220,7 +220,7 @@ exit: return MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE; } -#if defined(MBEDTLS_PSA_CRYPTO_C) +#if defined(MBEDTLS_PSA_CRYPTO_CLIENT) psa_status_t pk_psa_import_key(const unsigned char *key_data, size_t key_len, psa_key_type_t type, psa_key_usage_t usage, psa_algorithm_t alg, mbedtls_svc_key_id_t *key) @@ -239,7 +239,7 @@ psa_status_t pk_psa_import_key(const unsigned char *key_data, size_t key_len, return status; } -#endif /* MBEDTLS_PSA_CRYPTO_C */ +#endif /* MBEDTLS_PSA_CRYPTO_CLIENT */ /** Setup the provided PK context. * @@ -305,7 +305,7 @@ exit: return ret; } -#if defined(MBEDTLS_PSA_CRYPTO_C) +#if defined(MBEDTLS_PSA_CRYPTO_CLIENT) /** Create a PSA key of the desired type and properties. * * - For RSA and EC keys predefined key data is used (as in the pk_setup() above). @@ -465,7 +465,7 @@ static int pk_public_same(const mbedtls_pk_context *pk1, exit: return ok; } -#endif /* MBEDTLS_PSA_CRYPTO_C */ +#endif /* MBEDTLS_PSA_CRYPTO_CLIENT */ #if defined(MBEDTLS_RSA_C) int mbedtls_rsa_decrypt_func(void *ctx, size_t *olen, @@ -499,7 +499,7 @@ typedef enum { FROM_PAIR = 1 } from_pair_t; -#if defined(MBEDTLS_PSA_CRYPTO_C) +#if defined(MBEDTLS_PSA_CRYPTO_CLIENT) static int pk_setup_for_type(mbedtls_pk_type_t pk_type, int want_pair, mbedtls_pk_context *pk, psa_key_type_t *psa_type) { @@ -567,9 +567,9 @@ static int pk_setup_for_type(mbedtls_pk_type_t pk_type, int want_pair, exit: return MBEDTLS_ERR_ERROR_GENERIC_ERROR; } -#endif /* MBEDTLS_PSA_CRYPTO_C */ +#endif /* MBEDTLS_PSA_CRYPTO_CLIENT */ -#if defined(MBEDTLS_PSA_CRYPTO_C) +#if defined(MBEDTLS_PSA_CRYPTO_CLIENT) /* Create a new PSA key which will contain only the public part of the private * key which is provided in input. For this new key: * - Type is the public counterpart of the private key. @@ -636,7 +636,7 @@ exit: psa_reset_key_attributes(&new_attr); return new_key_id; } -#endif /* MBEDTLS_PSA_CRYPTO_C */ +#endif /* MBEDTLS_PSA_CRYPTO_CLIENT */ /* END_HEADER */ /* BEGIN_DEPENDENCIES @@ -1753,7 +1753,7 @@ void pk_rsa_alt() TEST_ASSERT(mbedtls_pk_get_type(&alt) == MBEDTLS_PK_RSA_ALT); TEST_ASSERT(strcmp(mbedtls_pk_get_name(&alt), "RSA-alt") == 0); -#if defined(MBEDTLS_PSA_CRYPTO_C) +#if defined(MBEDTLS_PSA_CRYPTO_CLIENT) psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; TEST_EQUAL(mbedtls_pk_get_psa_attributes(&alt, PSA_KEY_USAGE_ENCRYPT, @@ -1762,7 +1762,7 @@ void pk_rsa_alt() mbedtls_svc_key_id_t key_id = MBEDTLS_SVC_KEY_ID_INIT; TEST_EQUAL(mbedtls_pk_import_into_psa(&alt, &attributes, &key_id), MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE); -#endif /* MBEDTLS_PSA_CRYPTO_C */ +#endif /* MBEDTLS_PSA_CRYPTO_CLIENT */ /* Test signature */ #if SIZE_MAX > UINT_MAX @@ -2107,7 +2107,7 @@ exit: } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_PSA_CRYPTO_C */ +/* BEGIN_CASE depends_on:MBEDTLS_PSA_CRYPTO_CLIENT */ void pk_get_psa_attributes(int pk_type, int from_pair, int usage_arg, int to_pair, int expected_alg) @@ -2155,7 +2155,11 @@ void pk_get_psa_attributes(int pk_type, int from_pair, mbedtls_pk_get_bitlen(&pk)); TEST_EQUAL(psa_get_key_usage_flags(&attributes), expected_usage); TEST_EQUAL(psa_get_key_algorithm(&attributes), expected_alg); +#if defined(MBEDTLS_PSA_CRYPTO_C) TEST_EQUAL(psa_get_key_enrollment_algorithm(&attributes), PSA_ALG_NONE); +#else /* MBEDTLS_PSA_CRYPTO_C */ + TEST_EQUAL(psa_get_key_enrollment_algorithm(&attributes), 42); +#endif /* MBEDTLS_PSA_CRYPTO_C */ TEST_EQUAL(mbedtls_pk_import_into_psa(&pk, &attributes, &new_key_id), 0); if (!mbedtls_test_key_consistency_psa_pk(new_key_id, &pk)) { @@ -2170,7 +2174,7 @@ exit: } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_PSA_CRYPTO_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V21 */ +/* BEGIN_CASE depends_on:MBEDTLS_PSA_CRYPTO_CLIENT:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V21 */ void pk_rsa_v21_get_psa_attributes(int md_type, int from_pair, int usage_arg, int to_pair, int expected_alg) @@ -2218,7 +2222,7 @@ exit: } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_PSA_CRYPTO_C */ +/* BEGIN_CASE depends_on:MBEDTLS_PSA_CRYPTO_CLIENT */ void pk_get_psa_attributes_fail(int pk_type, int from_pair, int usage_arg, int expected_ret) @@ -2244,7 +2248,7 @@ exit: } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_PSA_CRYPTO_C:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE:MBEDTLS_PSA_CRYPTO_STORAGE_C */ +/* BEGIN_CASE depends_on:MBEDTLS_PSA_CRYPTO_CLIENT:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE:MBEDTLS_PSA_CRYPTO_STORAGE_C */ void pk_import_into_psa_lifetime(int from_opaque, int from_persistent, /* when from opaque */ int from_exportable, /* when from opaque */ @@ -2395,7 +2399,7 @@ exit: } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_PSA_CRYPTO_C */ +/* BEGIN_CASE depends_on:MBEDTLS_PSA_CRYPTO_CLIENT */ void pk_import_into_psa_fail(int pk_type, int from_pair, int type_arg, int bits_arg, int expected_ret) @@ -2490,7 +2494,7 @@ exit: } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_PSA_CRYPTO_C*/ +/* BEGIN_CASE depends_on:MBEDTLS_PSA_CRYPTO_CLIENT*/ void pk_copy_from_psa_fail(void) { mbedtls_pk_context pk_ctx; @@ -2535,7 +2539,7 @@ exit: } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_PSA_CRYPTO_C:MBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_SIGN:MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR_BASIC:!MBEDTLS_RSA_C */ +/* BEGIN_CASE depends_on:MBEDTLS_PSA_CRYPTO_CLIENT:MBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_SIGN:MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR_BASIC:!MBEDTLS_RSA_C */ void pk_copy_from_psa_builtin_fail() { mbedtls_pk_context pk_ctx; @@ -2558,7 +2562,7 @@ exit: } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_PSA_CRYPTO_C*/ +/* BEGIN_CASE depends_on:MBEDTLS_PSA_CRYPTO_CLIENT */ void pk_copy_from_psa_success(data_t *priv_key_data, int key_type_arg, int key_alg_arg) { @@ -2645,7 +2649,7 @@ exit: } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_PSA_CRYPTO_C*/ +/* BEGIN_CASE depends_on:MBEDTLS_PSA_CRYPTO_CLIENT*/ void pk_copy_public_from_psa(data_t *priv_key_data, int key_type_arg) { psa_key_type_t key_type = key_type_arg; diff --git a/tests/suites/test_suite_psa_crypto_attributes.function b/tests/suites/test_suite_psa_crypto_attributes.function index c933cb7242..bc7adb4a20 100644 --- a/tests/suites/test_suite_psa_crypto_attributes.function +++ b/tests/suites/test_suite_psa_crypto_attributes.function @@ -20,6 +20,8 @@ void attributes_set_get(int owner_id_arg, int id_arg, int lifetime_arg, psa_key_type_t type = type_arg; size_t bits = bits_arg; + USE_PSA_INIT(); + TEST_EQUAL( MBEDTLS_SVC_KEY_ID_GET_KEY_ID(psa_get_key_id(&attributes)), 0); TEST_EQUAL( @@ -56,6 +58,8 @@ void attributes_set_get(int owner_id_arg, int id_arg, int lifetime_arg, TEST_EQUAL(psa_get_key_algorithm(&attributes), 0); TEST_EQUAL(psa_get_key_type(&attributes), 0); TEST_EQUAL(psa_get_key_bits(&attributes), 0); + + USE_PSA_DONE(); } /* END_CASE */ diff --git a/tests/suites/test_suite_psa_crypto_hash.function b/tests/suites/test_suite_psa_crypto_hash.function index 20167fdaba..c7c72f43dd 100644 --- a/tests/suites/test_suite_psa_crypto_hash.function +++ b/tests/suites/test_suite_psa_crypto_hash.function @@ -6,7 +6,7 @@ /* END_HEADER */ /* BEGIN_DEPENDENCIES - * depends_on:MBEDTLS_PSA_CRYPTO_C + * depends_on:MBEDTLS_PSA_CRYPTO_CLIENT * END_DEPENDENCIES */ @@ -35,7 +35,7 @@ exit: } /* END_CASE */ -/* BEGIN_CASE */ +/* BEGIN_CASE depends_on: MBEDTLS_PSA_CRYPTO_C */ void hmac(int alg_arg, char *input, data_t *expected_mac) { psa_algorithm_t alg = PSA_ALG_HMAC(alg_arg); diff --git a/tests/suites/test_suite_ssl.data b/tests/suites/test_suite_ssl.data index c96b4adad8..b4d3451862 100644 --- a/tests/suites/test_suite_ssl.data +++ b/tests/suites/test_suite_ssl.data @@ -561,11 +561,11 @@ depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC: handshake_ciphersuite_select:"TLS-ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384":MBEDTLS_PK_ECDSA:"":PSA_ALG_NONE:PSA_ALG_NONE:0:0:MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 Handshake, select ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384, opaque, PSA_ALG_ANY_HASH -depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO +depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PSA_CRYPTO_C handshake_ciphersuite_select:"TLS-ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384":MBEDTLS_PK_ECDSA:"":PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):PSA_ALG_ECDH:PSA_KEY_USAGE_SIGN_HASH|PSA_KEY_USAGE_DERIVE:0:MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 Handshake, select ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384, opaque, PSA_ALG_SHA_384 -depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO +depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:MBEDTSL_PSA_CRYPTO_C handshake_ciphersuite_select:"TLS-ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384":MBEDTLS_PK_ECDSA:"":PSA_ALG_ECDSA(PSA_ALG_SHA_384):PSA_ALG_ECDH:PSA_KEY_USAGE_SIGN_HASH|PSA_KEY_USAGE_DERIVE:0:MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 Handshake, select ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384, opaque, missing alg diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index 840af7d2d9..8125e5833e 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -3297,7 +3297,7 @@ exit: } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_RSA_C:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_PK_CAN_ECDSA_SOME */ +/* BEGIN_CASE depends_on:MBEDTLS_PSA_CRYPTO_C:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_RSA_C:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_PK_CAN_ECDSA_SOME */ void raw_key_agreement_fail(int bad_server_ecdhe_key) { enum { BUFFSIZE = 17000 }; From caee58f559c260446f3501ded64c540d3ec792e0 Mon Sep 17 00:00:00 2001 From: Tom Cosgrove Date: Sat, 29 Jun 2024 15:10:21 +0100 Subject: [PATCH 422/429] psasim: add a bit of white-box testing to hash operations Signed-off-by: Tom Cosgrove --- .../psasim/src/aut_psa_hash.c | 37 +++++++++++++++++++ 1 file changed, 37 insertions(+) diff --git a/tests/psa-client-server/psasim/src/aut_psa_hash.c b/tests/psa-client-server/psasim/src/aut_psa_hash.c index 0446e7a76a..b429c0bc58 100644 --- a/tests/psa-client-server/psasim/src/aut_psa_hash.c +++ b/tests/psa-client-server/psasim/src/aut_psa_hash.c @@ -89,6 +89,43 @@ int psa_hash_main(void) mbedtls_printf("Multi-part hash operation successful!\n"); } + /* A bit of white-box testing: ensure that we can abort an operation more + * times than there are operation slots on the simulator server. + */ + for (int i = 0; i < 200; i++) { + /* This should be a no-op */ + status = psa_hash_abort(&hash_operation); + if (status != PSA_SUCCESS) { + mbedtls_printf("psa_hash_abort failed\n"); + goto cleanup; + } + } + + /* Compute hash using multi-part operation using the same operation struct */ + status = psa_hash_setup(&hash_operation, HASH_ALG); + if (status == PSA_ERROR_NOT_SUPPORTED) { + mbedtls_printf("unknown hash algorithm supplied\n"); + goto cleanup; + } else if (status != PSA_SUCCESS) { + mbedtls_printf("psa_hash_setup failed: %d\n", status); + goto cleanup; + } + + status = psa_hash_update(&hash_operation, sample_message, sample_message_length); + if (status != PSA_SUCCESS) { + mbedtls_printf("psa_hash_update failed\n"); + goto cleanup; + } + + /* Don't use psa_hash_finish() when going to check against an expected result */ + status = psa_hash_verify(&hash_operation, expected_hash, expected_hash_len); + if (status != PSA_SUCCESS) { + mbedtls_printf("psa_hash_verify failed: %d\n", status); + goto cleanup; + } else { + mbedtls_printf("Second multi-part hash operation successful!\n"); + } + /* Clear local variables prior to one-shot hash demo */ memset(hash, 0, sizeof(hash)); hash_length = 0; From 1a49383694548e6148cb1139d8f180aeb7e369a4 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Mon, 1 Jul 2024 07:29:02 +0200 Subject: [PATCH 423/429] all.sh: exclude some extra slow test suites from psasim testing Signed-off-by: Valerio Setti --- tests/scripts/all.sh | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 0c1e9c9f3e..cce51ad34c 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -6065,6 +6065,11 @@ component_test_suite_with_psasim() helper_psasim_server start + # psasim takes an extremely long execution time on some test suites so we + # exclude them from the list. + SKIP_TEST_SUITES="constant_time_hmac,lmots,lms" + export SKIP_TEST_SUITES + msg "run test suites" make PSASIM=1 test From d8b59373a0f77a22bcc4c95af41906969a8030ec Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Tue, 2 Jul 2024 12:02:25 +0200 Subject: [PATCH 424/429] all.sh: psasim helper functions renaming Signed-off-by: Valerio Setti --- tests/scripts/all.sh | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index cce51ad34c..de74f97b6b 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -362,7 +362,7 @@ cleanup() # up the library's workspace after the server build and before the client # build. Built libraries (mbedcrypto, mbedx509 and mbedtls) are supposed to be # already copied to psasim folder at this point. -cleanup_before_psasim_client() { +helper_psasim_cleanup_before_client() { # Clean up library files make -C library clean # Clean up intermediate files that were used to build the server @@ -971,7 +971,7 @@ helper_libtestdriver1_make_main() { # Set some default values $CONFIG_H in order to build server or client sides # in PSASIM. There is only 1 mandatory parameter: # - $1: target which can be "client" or "server" -helper_psasim_base_config() { +helper_psasim_config() { TARGET=$1 if [ "$TARGET" == "client" ]; then @@ -6022,13 +6022,13 @@ component_check_test_helpers () { component_test_psasim() { msg "build server library and application" scripts/config.py crypto - helper_psasim_base_config server + helper_psasim_config server helper_psasim_build server - cleanup_before_psasim_client + helper_psasim_cleanup_before_client msg "build library for client" - helper_psasim_base_config client + helper_psasim_config client helper_psasim_build client msg "build basic psasim client" @@ -6047,14 +6047,14 @@ component_test_psasim() { component_test_suite_with_psasim() { msg "build server library and application" - helper_psasim_base_config server + helper_psasim_config server # Modify server's library configuration here (if needed) helper_psasim_build server - cleanup_before_psasim_client + helper_psasim_cleanup_before_client msg "build client library" - helper_psasim_base_config client + helper_psasim_config client # PAKE functions are still unsupported from PSASIM scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_JPAKE scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED From b476d4bf21b220c1a78c5cb2b833d3e9b9198e22 Mon Sep 17 00:00:00 2001 From: Elena Uziunaite Date: Thu, 23 May 2024 15:33:41 +0100 Subject: [PATCH 425/429] Replace MBEDTLS_MD_CAN_SHA384 with PSA_WANT_ALG_SHA_384 Signed-off-by: Elena Uziunaite --- library/md.c | 8 +- library/oid.c | 14 +- library/ssl_ciphersuites.c | 178 ++++++------- library/ssl_cookie.c | 2 +- library/ssl_misc.h | 14 +- library/ssl_tls.c | 92 +++---- library/x509.c | 2 +- programs/fuzz/fuzz_dtlsserver.c | 4 +- programs/ssl/ssl_client2.c | 4 +- programs/ssl/ssl_server2.c | 4 +- programs/ssl/ssl_test_common_source.c | 2 +- tests/include/test/ssl_helpers.h | 2 +- .../suites/test_suite_constant_time_hmac.data | 2 +- tests/suites/test_suite_ecdsa.data | 20 +- tests/suites/test_suite_hmac_drbg.misc.data | 8 +- .../test_suite_hmac_drbg.no_reseed.data | 120 ++++----- tests/suites/test_suite_hmac_drbg.nopr.data | 120 ++++----- tests/suites/test_suite_hmac_drbg.pr.data | 120 ++++----- tests/suites/test_suite_md.data | 66 ++--- tests/suites/test_suite_oid.data | 4 +- tests/suites/test_suite_pk.data | 10 +- tests/suites/test_suite_pk.function | 2 +- tests/suites/test_suite_pkcs1_v21.data | 18 +- tests/suites/test_suite_pkcs5.data | 10 +- tests/suites/test_suite_pkparse.data | 84 +++--- tests/suites/test_suite_rsa.data | 18 +- tests/suites/test_suite_ssl.data | 240 +++++++++--------- tests/suites/test_suite_ssl_decrypt.misc.data | 50 ++-- tests/suites/test_suite_x509parse.data | 24 +- tests/suites/test_suite_x509write.data | 2 +- 30 files changed, 622 insertions(+), 622 deletions(-) diff --git a/library/md.c b/library/md.c index c95846aa04..50983c1fc0 100644 --- a/library/md.c +++ b/library/md.c @@ -100,7 +100,7 @@ static const mbedtls_md_info_t mbedtls_sha256_info = { }; #endif -#if defined(MBEDTLS_MD_CAN_SHA384) +#if defined(PSA_WANT_ALG_SHA_384) static const mbedtls_md_info_t mbedtls_sha384_info = { MD_INFO(MBEDTLS_MD_SHA384, 48, 128) }; @@ -159,7 +159,7 @@ const mbedtls_md_info_t *mbedtls_md_info_from_type(mbedtls_md_type_t md_type) case MBEDTLS_MD_SHA256: return &mbedtls_sha256_info; #endif -#if defined(MBEDTLS_MD_CAN_SHA384) +#if defined(PSA_WANT_ALG_SHA_384) case MBEDTLS_MD_SHA384: return &mbedtls_sha384_info; #endif @@ -785,7 +785,7 @@ static const int supported_digests[] = { MBEDTLS_MD_SHA512, #endif -#if defined(MBEDTLS_MD_CAN_SHA384) +#if defined(PSA_WANT_ALG_SHA_384) MBEDTLS_MD_SHA384, #endif @@ -854,7 +854,7 @@ static const md_name_entry md_names[] = { #if defined(MBEDTLS_MD_CAN_SHA256) { "SHA256", MBEDTLS_MD_SHA256 }, #endif -#if defined(MBEDTLS_MD_CAN_SHA384) +#if defined(PSA_WANT_ALG_SHA_384) { "SHA384", MBEDTLS_MD_SHA384 }, #endif #if defined(MBEDTLS_MD_CAN_SHA512) diff --git a/library/oid.c b/library/oid.c index 1d6b1eb866..fcf74d471d 100644 --- a/library/oid.c +++ b/library/oid.c @@ -405,13 +405,13 @@ static const oid_sig_alg_t oid_sig_alg[] = MBEDTLS_MD_SHA256, MBEDTLS_PK_RSA, }, #endif /* MBEDTLS_MD_CAN_SHA256 */ -#if defined(MBEDTLS_MD_CAN_SHA384) +#if defined(PSA_WANT_ALG_SHA_384) { OID_DESCRIPTOR(MBEDTLS_OID_PKCS1_SHA384, "sha384WithRSAEncryption", "RSA with SHA-384"), MBEDTLS_MD_SHA384, MBEDTLS_PK_RSA, }, -#endif /* MBEDTLS_MD_CAN_SHA384 */ +#endif /* PSA_WANT_ALG_SHA_384 */ #if defined(MBEDTLS_MD_CAN_SHA512) { OID_DESCRIPTOR(MBEDTLS_OID_PKCS1_SHA512, "sha512WithRSAEncryption", @@ -445,12 +445,12 @@ static const oid_sig_alg_t oid_sig_alg[] = MBEDTLS_MD_SHA256, MBEDTLS_PK_ECDSA, }, #endif /* MBEDTLS_MD_CAN_SHA256 */ -#if defined(MBEDTLS_MD_CAN_SHA384) +#if defined(PSA_WANT_ALG_SHA_384) { OID_DESCRIPTOR(MBEDTLS_OID_ECDSA_SHA384, "ecdsa-with-SHA384", "ECDSA with SHA384"), MBEDTLS_MD_SHA384, MBEDTLS_PK_ECDSA, }, -#endif /* MBEDTLS_MD_CAN_SHA384 */ +#endif /* PSA_WANT_ALG_SHA_384 */ #if defined(MBEDTLS_MD_CAN_SHA512) { OID_DESCRIPTOR(MBEDTLS_OID_ECDSA_SHA512, "ecdsa-with-SHA512", "ECDSA with SHA512"), @@ -743,7 +743,7 @@ static const oid_md_alg_t oid_md_alg[] = MBEDTLS_MD_SHA256, }, #endif -#if defined(MBEDTLS_MD_CAN_SHA384) +#if defined(PSA_WANT_ALG_SHA_384) { OID_DESCRIPTOR(MBEDTLS_OID_DIGEST_ALG_SHA384, "id-sha384", "SHA-384"), MBEDTLS_MD_SHA384, @@ -827,12 +827,12 @@ static const oid_md_hmac_t oid_md_hmac[] = MBEDTLS_MD_SHA256, }, #endif /* MBEDTLS_MD_CAN_SHA256 */ -#if defined(MBEDTLS_MD_CAN_SHA384) +#if defined(PSA_WANT_ALG_SHA_384) { OID_DESCRIPTOR(MBEDTLS_OID_HMAC_SHA384, "hmacSHA384", "HMAC-SHA-384"), MBEDTLS_MD_SHA384, }, -#endif /* MBEDTLS_MD_CAN_SHA384 */ +#endif /* PSA_WANT_ALG_SHA_384 */ #if defined(MBEDTLS_MD_CAN_SHA512) { OID_DESCRIPTOR(MBEDTLS_OID_HMAC_SHA512, "hmacSHA512", "HMAC-SHA-512"), diff --git a/library/ssl_ciphersuites.c b/library/ssl_ciphersuites.c index 23619a26c8..5fc9000def 100644 --- a/library/ssl_ciphersuites.c +++ b/library/ssl_ciphersuites.c @@ -282,13 +282,13 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = #if defined(MBEDTLS_SSL_PROTO_TLS1_3) #if defined(MBEDTLS_SSL_HAVE_AES) #if defined(MBEDTLS_SSL_HAVE_GCM) -#if defined(MBEDTLS_MD_CAN_SHA384) +#if defined(PSA_WANT_ALG_SHA_384) { MBEDTLS_TLS1_3_AES_256_GCM_SHA384, "TLS1-3-AES-256-GCM-SHA384", MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_NONE, /* Key exchange not part of ciphersuite in TLS 1.3 */ 0, MBEDTLS_SSL_VERSION_TLS1_3, MBEDTLS_SSL_VERSION_TLS1_3 }, -#endif /* MBEDTLS_MD_CAN_SHA384 */ +#endif /* PSA_WANT_ALG_SHA_384 */ #if defined(MBEDTLS_MD_CAN_SHA256) { MBEDTLS_TLS1_3_AES_128_GCM_SHA256, "TLS1-3-AES-128-GCM-SHA256", MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, @@ -410,7 +410,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, #endif /* MBEDTLS_SSL_HAVE_GCM */ #endif /* MBEDTLS_MD_CAN_SHA256 */ -#if defined(MBEDTLS_MD_CAN_SHA384) +#if defined(PSA_WANT_ALG_SHA_384) #if defined(MBEDTLS_SSL_HAVE_CBC) { MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, "TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384", MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA, @@ -423,7 +423,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = 0, MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, #endif /* MBEDTLS_SSL_HAVE_GCM */ -#endif /* MBEDTLS_MD_CAN_SHA384 */ +#endif /* PSA_WANT_ALG_SHA_384 */ #if defined(MBEDTLS_SSL_HAVE_CCM) { MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CCM, "TLS-ECDHE-ECDSA-WITH-AES-256-CCM", MBEDTLS_CIPHER_AES_256_CCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA, @@ -453,13 +453,13 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = 0, MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, #endif /* MBEDTLS_MD_CAN_SHA256 */ -#if defined(MBEDTLS_MD_CAN_SHA384) +#if defined(PSA_WANT_ALG_SHA_384) { MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384, "TLS-ECDHE-ECDSA-WITH-CAMELLIA-256-CBC-SHA384", MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA, 0, MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif /* MBEDTLS_MD_CAN_SHA384 */ +#endif /* PSA_WANT_ALG_SHA_384 */ #endif /* MBEDTLS_SSL_HAVE_CBC */ #if defined(MBEDTLS_SSL_HAVE_GCM) @@ -470,13 +470,13 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = 0, MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, #endif /* MBEDTLS_MD_CAN_SHA256 */ -#if defined(MBEDTLS_MD_CAN_SHA384) +#if defined(PSA_WANT_ALG_SHA_384) { MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384, "TLS-ECDHE-ECDSA-WITH-CAMELLIA-256-GCM-SHA384", MBEDTLS_CIPHER_CAMELLIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA, 0, MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif /* MBEDTLS_MD_CAN_SHA384 */ +#endif /* PSA_WANT_ALG_SHA_384 */ #endif /* MBEDTLS_SSL_HAVE_GCM */ #endif /* MBEDTLS_SSL_HAVE_CAMELLIA */ @@ -518,7 +518,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, #endif /* MBEDTLS_SSL_HAVE_GCM */ #endif /* MBEDTLS_MD_CAN_SHA256 */ -#if defined(MBEDTLS_MD_CAN_SHA384) +#if defined(PSA_WANT_ALG_SHA_384) #if defined(MBEDTLS_SSL_HAVE_CBC) { MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, "TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384", MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA, @@ -531,7 +531,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = 0, MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, #endif /* MBEDTLS_SSL_HAVE_GCM */ -#endif /* MBEDTLS_MD_CAN_SHA384 */ +#endif /* PSA_WANT_ALG_SHA_384 */ #endif /* MBEDTLS_SSL_HAVE_AES */ #if defined(MBEDTLS_SSL_HAVE_CAMELLIA) @@ -543,13 +543,13 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = 0, MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, #endif /* MBEDTLS_MD_CAN_SHA256 */ -#if defined(MBEDTLS_MD_CAN_SHA384) +#if defined(PSA_WANT_ALG_SHA_384) { MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384, "TLS-ECDHE-RSA-WITH-CAMELLIA-256-CBC-SHA384", MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA, 0, MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif /* MBEDTLS_MD_CAN_SHA384 */ +#endif /* PSA_WANT_ALG_SHA_384 */ #endif /* MBEDTLS_SSL_HAVE_CBC */ #if defined(MBEDTLS_SSL_HAVE_GCM) @@ -560,13 +560,13 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = 0, MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, #endif /* MBEDTLS_MD_CAN_SHA256 */ -#if defined(MBEDTLS_MD_CAN_SHA384) +#if defined(PSA_WANT_ALG_SHA_384) { MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384, "TLS-ECDHE-RSA-WITH-CAMELLIA-256-GCM-SHA384", MBEDTLS_CIPHER_CAMELLIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA, 0, MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif /* MBEDTLS_MD_CAN_SHA384 */ +#endif /* PSA_WANT_ALG_SHA_384 */ #endif /* MBEDTLS_SSL_HAVE_GCM */ #endif /* MBEDTLS_SSL_HAVE_CAMELLIA */ @@ -582,13 +582,13 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = #if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) #if defined(MBEDTLS_SSL_HAVE_AES) -#if defined(MBEDTLS_MD_CAN_SHA384) && \ +#if defined(PSA_WANT_ALG_SHA_384) && \ defined(MBEDTLS_SSL_HAVE_GCM) { MBEDTLS_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, "TLS-DHE-RSA-WITH-AES-256-GCM-SHA384", MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_RSA, 0, MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif /* MBEDTLS_MD_CAN_SHA384 && MBEDTLS_SSL_HAVE_GCM */ +#endif /* PSA_WANT_ALG_SHA_384 && MBEDTLS_SSL_HAVE_GCM */ #if defined(MBEDTLS_MD_CAN_SHA256) #if defined(MBEDTLS_SSL_HAVE_GCM) @@ -678,12 +678,12 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, #endif /* MBEDTLS_MD_CAN_SHA256 */ -#if defined(MBEDTLS_MD_CAN_SHA384) +#if defined(PSA_WANT_ALG_SHA_384) { MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384, "TLS-DHE-RSA-WITH-CAMELLIA-256-GCM-SHA384", MBEDTLS_CIPHER_CAMELLIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_RSA, 0, MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif /* MBEDTLS_MD_CAN_SHA384 */ +#endif /* PSA_WANT_ALG_SHA_384 */ #endif /* MBEDTLS_SSL_HAVE_GCM */ #endif /* MBEDTLS_SSL_HAVE_CAMELLIA */ @@ -691,13 +691,13 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = #if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) #if defined(MBEDTLS_SSL_HAVE_AES) -#if defined(MBEDTLS_MD_CAN_SHA384) && \ +#if defined(PSA_WANT_ALG_SHA_384) && \ defined(MBEDTLS_SSL_HAVE_GCM) { MBEDTLS_TLS_RSA_WITH_AES_256_GCM_SHA384, "TLS-RSA-WITH-AES-256-GCM-SHA384", MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA, 0, MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif /* MBEDTLS_MD_CAN_SHA384 && MBEDTLS_SSL_HAVE_GCM */ +#endif /* PSA_WANT_ALG_SHA_384 && MBEDTLS_SSL_HAVE_GCM */ #if defined(MBEDTLS_MD_CAN_SHA256) #if defined(MBEDTLS_SSL_HAVE_GCM) @@ -788,12 +788,12 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, #endif /* MBEDTLS_MD_CAN_SHA256 */ -#if defined(MBEDTLS_MD_CAN_SHA384) +#if defined(PSA_WANT_ALG_SHA_384) { MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384, "TLS-RSA-WITH-CAMELLIA-256-GCM-SHA384", MBEDTLS_CIPHER_CAMELLIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA, 0, MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif /* MBEDTLS_MD_CAN_SHA384 */ +#endif /* PSA_WANT_ALG_SHA_384 */ #endif /* MBEDTLS_SSL_HAVE_GCM */ #endif /* MBEDTLS_SSL_HAVE_CAMELLIA */ @@ -827,7 +827,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, #endif /* MBEDTLS_SSL_HAVE_GCM */ #endif /* MBEDTLS_MD_CAN_SHA256 */ -#if defined(MBEDTLS_MD_CAN_SHA384) +#if defined(PSA_WANT_ALG_SHA_384) #if defined(MBEDTLS_SSL_HAVE_CBC) { MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384, "TLS-ECDH-RSA-WITH-AES-256-CBC-SHA384", MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_RSA, @@ -840,7 +840,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = 0, MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, #endif /* MBEDTLS_SSL_HAVE_GCM */ -#endif /* MBEDTLS_MD_CAN_SHA384 */ +#endif /* PSA_WANT_ALG_SHA_384 */ #endif /* MBEDTLS_SSL_HAVE_AES */ #if defined(MBEDTLS_SSL_HAVE_CAMELLIA) @@ -852,13 +852,13 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = 0, MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, #endif /* MBEDTLS_MD_CAN_SHA256 */ -#if defined(MBEDTLS_MD_CAN_SHA384) +#if defined(PSA_WANT_ALG_SHA_384) { MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384, "TLS-ECDH-RSA-WITH-CAMELLIA-256-CBC-SHA384", MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_RSA, 0, MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif /* MBEDTLS_MD_CAN_SHA384 */ +#endif /* PSA_WANT_ALG_SHA_384 */ #endif /* MBEDTLS_SSL_HAVE_CBC */ #if defined(MBEDTLS_SSL_HAVE_GCM) @@ -869,13 +869,13 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = 0, MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, #endif /* MBEDTLS_MD_CAN_SHA256 */ -#if defined(MBEDTLS_MD_CAN_SHA384) +#if defined(PSA_WANT_ALG_SHA_384) { MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384, "TLS-ECDH-RSA-WITH-CAMELLIA-256-GCM-SHA384", MBEDTLS_CIPHER_CAMELLIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_RSA, 0, MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif /* MBEDTLS_MD_CAN_SHA384 */ +#endif /* PSA_WANT_ALG_SHA_384 */ #endif /* MBEDTLS_SSL_HAVE_GCM */ #endif /* MBEDTLS_SSL_HAVE_CAMELLIA */ @@ -917,7 +917,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, #endif /* MBEDTLS_SSL_HAVE_GCM */ #endif /* MBEDTLS_MD_CAN_SHA256 */ -#if defined(MBEDTLS_MD_CAN_SHA384) +#if defined(PSA_WANT_ALG_SHA_384) #if defined(MBEDTLS_SSL_HAVE_CBC) { MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384, "TLS-ECDH-ECDSA-WITH-AES-256-CBC-SHA384", MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA, @@ -930,7 +930,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = 0, MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, #endif /* MBEDTLS_SSL_HAVE_GCM */ -#endif /* MBEDTLS_MD_CAN_SHA384 */ +#endif /* PSA_WANT_ALG_SHA_384 */ #endif /* MBEDTLS_SSL_HAVE_AES */ #if defined(MBEDTLS_SSL_HAVE_CAMELLIA) @@ -942,13 +942,13 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = 0, MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, #endif /* MBEDTLS_MD_CAN_SHA256 */ -#if defined(MBEDTLS_MD_CAN_SHA384) +#if defined(PSA_WANT_ALG_SHA_384) { MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384, "TLS-ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384", MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA, 0, MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif /* MBEDTLS_MD_CAN_SHA384 */ +#endif /* PSA_WANT_ALG_SHA_384 */ #endif /* MBEDTLS_SSL_HAVE_CBC */ #if defined(MBEDTLS_SSL_HAVE_GCM) @@ -959,13 +959,13 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = 0, MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, #endif /* MBEDTLS_MD_CAN_SHA256 */ -#if defined(MBEDTLS_MD_CAN_SHA384) +#if defined(PSA_WANT_ALG_SHA_384) { MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384, "TLS-ECDH-ECDSA-WITH-CAMELLIA-256-GCM-SHA384", MBEDTLS_CIPHER_CAMELLIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA, 0, MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif /* MBEDTLS_MD_CAN_SHA384 */ +#endif /* PSA_WANT_ALG_SHA_384 */ #endif /* MBEDTLS_SSL_HAVE_GCM */ #endif /* MBEDTLS_SSL_HAVE_CAMELLIA */ @@ -989,12 +989,12 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, #endif /* MBEDTLS_MD_CAN_SHA256 */ -#if defined(MBEDTLS_MD_CAN_SHA384) +#if defined(PSA_WANT_ALG_SHA_384) { MBEDTLS_TLS_PSK_WITH_AES_256_GCM_SHA384, "TLS-PSK-WITH-AES-256-GCM-SHA384", MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_PSK, 0, MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif /* MBEDTLS_MD_CAN_SHA384 */ +#endif /* PSA_WANT_ALG_SHA_384 */ #endif /* MBEDTLS_SSL_HAVE_GCM */ #if defined(MBEDTLS_SSL_HAVE_CBC) @@ -1005,12 +1005,12 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, #endif /* MBEDTLS_MD_CAN_SHA256 */ -#if defined(MBEDTLS_MD_CAN_SHA384) +#if defined(PSA_WANT_ALG_SHA_384) { MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA384, "TLS-PSK-WITH-AES-256-CBC-SHA384", MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_PSK, 0, MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif /* MBEDTLS_MD_CAN_SHA384 */ +#endif /* PSA_WANT_ALG_SHA_384 */ #if defined(MBEDTLS_MD_CAN_SHA1) { MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA, "TLS-PSK-WITH-AES-128-CBC-SHA", @@ -1053,12 +1053,12 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, #endif /* MBEDTLS_MD_CAN_SHA256 */ -#if defined(MBEDTLS_MD_CAN_SHA384) +#if defined(PSA_WANT_ALG_SHA_384) { MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384, "TLS-PSK-WITH-CAMELLIA-256-CBC-SHA384", MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_PSK, 0, MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif /* MBEDTLS_MD_CAN_SHA384 */ +#endif /* PSA_WANT_ALG_SHA_384 */ #endif /* MBEDTLS_SSL_HAVE_CBC */ #if defined(MBEDTLS_SSL_HAVE_GCM) @@ -1069,12 +1069,12 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, #endif /* MBEDTLS_MD_CAN_SHA256 */ -#if defined(MBEDTLS_MD_CAN_SHA384) +#if defined(PSA_WANT_ALG_SHA_384) { MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384, "TLS-PSK-WITH-CAMELLIA-256-GCM-SHA384", MBEDTLS_CIPHER_CAMELLIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_PSK, 0, MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif /* MBEDTLS_MD_CAN_SHA384 */ +#endif /* PSA_WANT_ALG_SHA_384 */ #endif /* MBEDTLS_SSL_HAVE_GCM */ #endif /* MBEDTLS_SSL_HAVE_CAMELLIA */ @@ -1090,12 +1090,12 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, #endif /* MBEDTLS_MD_CAN_SHA256 */ -#if defined(MBEDTLS_MD_CAN_SHA384) +#if defined(PSA_WANT_ALG_SHA_384) { MBEDTLS_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384, "TLS-DHE-PSK-WITH-AES-256-GCM-SHA384", MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_PSK, 0, MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif /* MBEDTLS_MD_CAN_SHA384 */ +#endif /* PSA_WANT_ALG_SHA_384 */ #endif /* MBEDTLS_SSL_HAVE_GCM */ #if defined(MBEDTLS_SSL_HAVE_CBC) @@ -1106,12 +1106,12 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, #endif /* MBEDTLS_MD_CAN_SHA256 */ -#if defined(MBEDTLS_MD_CAN_SHA384) +#if defined(PSA_WANT_ALG_SHA_384) { MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384, "TLS-DHE-PSK-WITH-AES-256-CBC-SHA384", MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_PSK, 0, MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif /* MBEDTLS_MD_CAN_SHA384 */ +#endif /* PSA_WANT_ALG_SHA_384 */ #if defined(MBEDTLS_MD_CAN_SHA1) { MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA, "TLS-DHE-PSK-WITH-AES-128-CBC-SHA", @@ -1154,12 +1154,12 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, #endif /* MBEDTLS_MD_CAN_SHA256 */ -#if defined(MBEDTLS_MD_CAN_SHA384) +#if defined(PSA_WANT_ALG_SHA_384) { MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384, "TLS-DHE-PSK-WITH-CAMELLIA-256-CBC-SHA384", MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_PSK, 0, MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif /* MBEDTLS_MD_CAN_SHA384 */ +#endif /* PSA_WANT_ALG_SHA_384 */ #endif /* MBEDTLS_SSL_HAVE_CBC */ #if defined(MBEDTLS_SSL_HAVE_GCM) @@ -1170,12 +1170,12 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, #endif /* MBEDTLS_MD_CAN_SHA256 */ -#if defined(MBEDTLS_MD_CAN_SHA384) +#if defined(PSA_WANT_ALG_SHA_384) { MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384, "TLS-DHE-PSK-WITH-CAMELLIA-256-GCM-SHA384", MBEDTLS_CIPHER_CAMELLIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_PSK, 0, MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif /* MBEDTLS_MD_CAN_SHA384 */ +#endif /* PSA_WANT_ALG_SHA_384 */ #endif /* MBEDTLS_SSL_HAVE_GCM */ #endif /* MBEDTLS_SSL_HAVE_CAMELLIA */ @@ -1192,12 +1192,12 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, #endif /* MBEDTLS_MD_CAN_SHA256 */ -#if defined(MBEDTLS_MD_CAN_SHA384) +#if defined(PSA_WANT_ALG_SHA_384) { MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384, "TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA384", MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK, 0, MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif /* MBEDTLS_MD_CAN_SHA384 */ +#endif /* PSA_WANT_ALG_SHA_384 */ #if defined(MBEDTLS_MD_CAN_SHA1) { MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA, "TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA", @@ -1223,13 +1223,13 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, #endif /* MBEDTLS_MD_CAN_SHA256 */ -#if defined(MBEDTLS_MD_CAN_SHA384) +#if defined(PSA_WANT_ALG_SHA_384) { MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384, "TLS-ECDHE-PSK-WITH-CAMELLIA-256-CBC-SHA384", MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK, 0, MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif /* MBEDTLS_MD_CAN_SHA384 */ +#endif /* PSA_WANT_ALG_SHA_384 */ #endif /* MBEDTLS_SSL_HAVE_CBC */ #endif /* MBEDTLS_SSL_HAVE_CAMELLIA */ @@ -1245,12 +1245,12 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, #endif /* MBEDTLS_MD_CAN_SHA256 */ -#if defined(MBEDTLS_MD_CAN_SHA384) +#if defined(PSA_WANT_ALG_SHA_384) { MBEDTLS_TLS_RSA_PSK_WITH_AES_256_GCM_SHA384, "TLS-RSA-PSK-WITH-AES-256-GCM-SHA384", MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA_PSK, 0, MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif /* MBEDTLS_MD_CAN_SHA384 */ +#endif /* PSA_WANT_ALG_SHA_384 */ #endif /* MBEDTLS_SSL_HAVE_GCM */ #if defined(MBEDTLS_SSL_HAVE_CBC) @@ -1261,12 +1261,12 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, #endif /* MBEDTLS_MD_CAN_SHA256 */ -#if defined(MBEDTLS_MD_CAN_SHA384) +#if defined(PSA_WANT_ALG_SHA_384) { MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA384, "TLS-RSA-PSK-WITH-AES-256-CBC-SHA384", MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA_PSK, 0, MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif /* MBEDTLS_MD_CAN_SHA384 */ +#endif /* PSA_WANT_ALG_SHA_384 */ #if defined(MBEDTLS_MD_CAN_SHA1) { MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA, "TLS-RSA-PSK-WITH-AES-128-CBC-SHA", @@ -1291,12 +1291,12 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, #endif /* MBEDTLS_MD_CAN_SHA256 */ -#if defined(MBEDTLS_MD_CAN_SHA384) +#if defined(PSA_WANT_ALG_SHA_384) { MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384, "TLS-RSA-PSK-WITH-CAMELLIA-256-CBC-SHA384", MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA_PSK, 0, MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif /* MBEDTLS_MD_CAN_SHA384 */ +#endif /* PSA_WANT_ALG_SHA_384 */ #endif /* MBEDTLS_SSL_HAVE_CBC */ #if defined(MBEDTLS_SSL_HAVE_GCM) @@ -1307,12 +1307,12 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, #endif /* MBEDTLS_MD_CAN_SHA256 */ -#if defined(MBEDTLS_MD_CAN_SHA384) +#if defined(PSA_WANT_ALG_SHA_384) { MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384, "TLS-RSA-PSK-WITH-CAMELLIA-256-GCM-SHA384", MBEDTLS_CIPHER_CAMELLIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA_PSK, 0, MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif /* MBEDTLS_MD_CAN_SHA384 */ +#endif /* PSA_WANT_ALG_SHA_384 */ #endif /* MBEDTLS_SSL_HAVE_GCM */ #endif /* MBEDTLS_SSL_HAVE_CAMELLIA */ @@ -1368,12 +1368,12 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, #endif -#if defined(MBEDTLS_MD_CAN_SHA384) +#if defined(PSA_WANT_ALG_SHA_384) { MBEDTLS_TLS_PSK_WITH_NULL_SHA384, "TLS-PSK-WITH-NULL-SHA384", MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_PSK, MBEDTLS_CIPHERSUITE_WEAK, MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif /* MBEDTLS_MD_CAN_SHA384 */ +#endif /* PSA_WANT_ALG_SHA_384 */ #endif /* MBEDTLS_KEY_EXCHANGE_PSK_ENABLED */ #if defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED) @@ -1391,12 +1391,12 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, #endif -#if defined(MBEDTLS_MD_CAN_SHA384) +#if defined(PSA_WANT_ALG_SHA_384) { MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA384, "TLS-DHE-PSK-WITH-NULL-SHA384", MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_PSK, MBEDTLS_CIPHERSUITE_WEAK, MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif /* MBEDTLS_MD_CAN_SHA384 */ +#endif /* PSA_WANT_ALG_SHA_384 */ #endif /* MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED */ #if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED) @@ -1414,12 +1414,12 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, #endif -#if defined(MBEDTLS_MD_CAN_SHA384) +#if defined(PSA_WANT_ALG_SHA_384) { MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA384, "TLS-ECDHE-PSK-WITH-NULL-SHA384", MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK, MBEDTLS_CIPHERSUITE_WEAK, MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif /* MBEDTLS_MD_CAN_SHA384 */ +#endif /* PSA_WANT_ALG_SHA_384 */ #endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED */ #if defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED) @@ -1437,12 +1437,12 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, #endif -#if defined(MBEDTLS_MD_CAN_SHA384) +#if defined(PSA_WANT_ALG_SHA_384) { MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA384, "TLS-RSA-PSK-WITH-NULL-SHA384", MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA_PSK, MBEDTLS_CIPHERSUITE_WEAK, MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, -#endif /* MBEDTLS_MD_CAN_SHA384 */ +#endif /* PSA_WANT_ALG_SHA_384 */ #endif /* MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED */ #endif /* MBEDTLS_CIPHER_NULL_CIPHER */ @@ -1450,7 +1450,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = #if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) -#if (defined(MBEDTLS_SSL_HAVE_GCM) && defined(MBEDTLS_MD_CAN_SHA384)) +#if (defined(MBEDTLS_SSL_HAVE_GCM) && defined(PSA_WANT_ALG_SHA_384)) { MBEDTLS_TLS_RSA_WITH_ARIA_256_GCM_SHA384, "TLS-RSA-WITH-ARIA-256-GCM-SHA384", MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA, @@ -1458,7 +1458,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, #endif #if (defined(MBEDTLS_SSL_HAVE_CBC) && \ - defined(MBEDTLS_MD_CAN_SHA384)) + defined(PSA_WANT_ALG_SHA_384)) { MBEDTLS_TLS_RSA_WITH_ARIA_256_CBC_SHA384, "TLS-RSA-WITH-ARIA-256-CBC-SHA384", MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA, @@ -1485,7 +1485,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = #if defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED) -#if (defined(MBEDTLS_SSL_HAVE_GCM) && defined(MBEDTLS_MD_CAN_SHA384)) +#if (defined(MBEDTLS_SSL_HAVE_GCM) && defined(PSA_WANT_ALG_SHA_384)) { MBEDTLS_TLS_RSA_PSK_WITH_ARIA_256_GCM_SHA384, "TLS-RSA-PSK-WITH-ARIA-256-GCM-SHA384", MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA_PSK, @@ -1493,7 +1493,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, #endif #if (defined(MBEDTLS_SSL_HAVE_CBC) && \ - defined(MBEDTLS_MD_CAN_SHA384)) + defined(PSA_WANT_ALG_SHA_384)) { MBEDTLS_TLS_RSA_PSK_WITH_ARIA_256_CBC_SHA384, "TLS-RSA-PSK-WITH-ARIA-256-CBC-SHA384", MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_RSA_PSK, @@ -1520,7 +1520,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = #if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED) -#if (defined(MBEDTLS_SSL_HAVE_GCM) && defined(MBEDTLS_MD_CAN_SHA384)) +#if (defined(MBEDTLS_SSL_HAVE_GCM) && defined(PSA_WANT_ALG_SHA_384)) { MBEDTLS_TLS_PSK_WITH_ARIA_256_GCM_SHA384, "TLS-PSK-WITH-ARIA-256-GCM-SHA384", MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_PSK, @@ -1528,7 +1528,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, #endif #if (defined(MBEDTLS_SSL_HAVE_CBC) && \ - defined(MBEDTLS_MD_CAN_SHA384)) + defined(PSA_WANT_ALG_SHA_384)) { MBEDTLS_TLS_PSK_WITH_ARIA_256_CBC_SHA384, "TLS-PSK-WITH-ARIA-256-CBC-SHA384", MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_PSK, @@ -1555,7 +1555,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = #if defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) -#if (defined(MBEDTLS_SSL_HAVE_GCM) && defined(MBEDTLS_MD_CAN_SHA384)) +#if (defined(MBEDTLS_SSL_HAVE_GCM) && defined(PSA_WANT_ALG_SHA_384)) { MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_256_GCM_SHA384, "TLS-ECDH-RSA-WITH-ARIA-256-GCM-SHA384", MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_RSA, @@ -1563,7 +1563,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, #endif #if (defined(MBEDTLS_SSL_HAVE_CBC) && \ - defined(MBEDTLS_MD_CAN_SHA384)) + defined(PSA_WANT_ALG_SHA_384)) { MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_256_CBC_SHA384, "TLS-ECDH-RSA-WITH-ARIA-256-CBC-SHA384", MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_RSA, @@ -1590,7 +1590,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = #if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) -#if (defined(MBEDTLS_SSL_HAVE_GCM) && defined(MBEDTLS_MD_CAN_SHA384)) +#if (defined(MBEDTLS_SSL_HAVE_GCM) && defined(PSA_WANT_ALG_SHA_384)) { MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384, "TLS-ECDHE-RSA-WITH-ARIA-256-GCM-SHA384", MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA, @@ -1598,7 +1598,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, #endif #if (defined(MBEDTLS_SSL_HAVE_CBC) && \ - defined(MBEDTLS_MD_CAN_SHA384)) + defined(PSA_WANT_ALG_SHA_384)) { MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_256_CBC_SHA384, "TLS-ECDHE-RSA-WITH-ARIA-256-CBC-SHA384", MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_RSA, @@ -1626,7 +1626,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = #if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED) #if (defined(MBEDTLS_SSL_HAVE_CBC) && \ - defined(MBEDTLS_MD_CAN_SHA384)) + defined(PSA_WANT_ALG_SHA_384)) { MBEDTLS_TLS_ECDHE_PSK_WITH_ARIA_256_CBC_SHA384, "TLS-ECDHE-PSK-WITH-ARIA-256-CBC-SHA384", MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_PSK, @@ -1646,7 +1646,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = #if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) -#if (defined(MBEDTLS_SSL_HAVE_GCM) && defined(MBEDTLS_MD_CAN_SHA384)) +#if (defined(MBEDTLS_SSL_HAVE_GCM) && defined(PSA_WANT_ALG_SHA_384)) { MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384, "TLS-ECDHE-ECDSA-WITH-ARIA-256-GCM-SHA384", MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA, @@ -1654,7 +1654,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, #endif #if (defined(MBEDTLS_SSL_HAVE_CBC) && \ - defined(MBEDTLS_MD_CAN_SHA384)) + defined(PSA_WANT_ALG_SHA_384)) { MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_256_CBC_SHA384, "TLS-ECDHE-ECDSA-WITH-ARIA-256-CBC-SHA384", MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA, @@ -1681,7 +1681,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = #if defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED) -#if (defined(MBEDTLS_SSL_HAVE_GCM) && defined(MBEDTLS_MD_CAN_SHA384)) +#if (defined(MBEDTLS_SSL_HAVE_GCM) && defined(PSA_WANT_ALG_SHA_384)) { MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384, "TLS-ECDH-ECDSA-WITH-ARIA-256-GCM-SHA384", MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA, @@ -1689,7 +1689,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, #endif #if (defined(MBEDTLS_SSL_HAVE_CBC) && \ - defined(MBEDTLS_MD_CAN_SHA384)) + defined(PSA_WANT_ALG_SHA_384)) { MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_256_CBC_SHA384, "TLS-ECDH-ECDSA-WITH-ARIA-256-CBC-SHA384", MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA, @@ -1716,7 +1716,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = #if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) -#if (defined(MBEDTLS_SSL_HAVE_GCM) && defined(MBEDTLS_MD_CAN_SHA384)) +#if (defined(MBEDTLS_SSL_HAVE_GCM) && defined(PSA_WANT_ALG_SHA_384)) { MBEDTLS_TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384, "TLS-DHE-RSA-WITH-ARIA-256-GCM-SHA384", MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_RSA, @@ -1724,7 +1724,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, #endif #if (defined(MBEDTLS_SSL_HAVE_CBC) && \ - defined(MBEDTLS_MD_CAN_SHA384)) + defined(PSA_WANT_ALG_SHA_384)) { MBEDTLS_TLS_DHE_RSA_WITH_ARIA_256_CBC_SHA384, "TLS-DHE-RSA-WITH-ARIA-256-CBC-SHA384", MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_RSA, @@ -1751,7 +1751,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = #if defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED) -#if (defined(MBEDTLS_SSL_HAVE_GCM) && defined(MBEDTLS_MD_CAN_SHA384)) +#if (defined(MBEDTLS_SSL_HAVE_GCM) && defined(PSA_WANT_ALG_SHA_384)) { MBEDTLS_TLS_DHE_PSK_WITH_ARIA_256_GCM_SHA384, "TLS-DHE-PSK-WITH-ARIA-256-GCM-SHA384", MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_PSK, @@ -1759,7 +1759,7 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] = MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 }, #endif #if (defined(MBEDTLS_SSL_HAVE_CBC) && \ - defined(MBEDTLS_MD_CAN_SHA384)) + defined(PSA_WANT_ALG_SHA_384)) { MBEDTLS_TLS_DHE_PSK_WITH_ARIA_256_CBC_SHA384, "TLS-DHE-PSK-WITH-ARIA-256-CBC-SHA384", MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_DHE_PSK, diff --git a/library/ssl_cookie.c b/library/ssl_cookie.c index 2772cac4be..fd6cba0ef8 100644 --- a/library/ssl_cookie.c +++ b/library/ssl_cookie.c @@ -44,7 +44,7 @@ static int local_err_translation(psa_status_t status) #define COOKIE_MD MBEDTLS_MD_SHA256 #define COOKIE_MD_OUTLEN 32 #define COOKIE_HMAC_LEN 28 -#elif defined(MBEDTLS_MD_CAN_SHA384) +#elif defined(PSA_WANT_ALG_SHA_384) #define COOKIE_MD MBEDTLS_MD_SHA384 #define COOKIE_MD_OUTLEN 48 #define COOKIE_HMAC_LEN 28 diff --git a/library/ssl_misc.h b/library/ssl_misc.h index a8807f67c6..290df17c17 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -288,7 +288,7 @@ uint32_t mbedtls_ssl_get_extension_mask(unsigned int extension_type); #if defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC) /* Ciphersuites using HMAC */ -#if defined(MBEDTLS_MD_CAN_SHA384) +#if defined(PSA_WANT_ALG_SHA_384) #define MBEDTLS_SSL_MAC_ADD 48 /* SHA-384 used for HMAC */ #elif defined(MBEDTLS_MD_CAN_SHA256) #define MBEDTLS_SSL_MAC_ADD 32 /* SHA-256 used for HMAC */ @@ -929,7 +929,7 @@ struct mbedtls_ssl_handshake_params { mbedtls_md_context_t fin_sha256; #endif #endif -#if defined(MBEDTLS_MD_CAN_SHA384) +#if defined(PSA_WANT_ALG_SHA_384) #if defined(MBEDTLS_USE_PSA_CRYPTO) psa_hash_operation_t fin_sha384_psa; #else @@ -2433,10 +2433,10 @@ static inline int mbedtls_ssl_tls13_sig_alg_is_supported( case MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA256: break; #endif /* MBEDTLS_MD_CAN_SHA256 */ -#if defined(MBEDTLS_MD_CAN_SHA384) +#if defined(PSA_WANT_ALG_SHA_384) case MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA384: break; -#endif /* MBEDTLS_MD_CAN_SHA384 */ +#endif /* PSA_WANT_ALG_SHA_384 */ #if defined(MBEDTLS_MD_CAN_SHA512) case MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA512: break; @@ -2489,12 +2489,12 @@ static inline int mbedtls_ssl_get_pk_type_and_md_alg_from_sig_alg( *pk_type = MBEDTLS_PK_RSASSA_PSS; break; #endif /* MBEDTLS_MD_CAN_SHA256 */ -#if defined(MBEDTLS_MD_CAN_SHA384) +#if defined(PSA_WANT_ALG_SHA_384) case MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA384: *md_alg = MBEDTLS_MD_SHA384; *pk_type = MBEDTLS_PK_RSASSA_PSS; break; -#endif /* MBEDTLS_MD_CAN_SHA384 */ +#endif /* PSA_WANT_ALG_SHA_384 */ #if defined(MBEDTLS_MD_CAN_SHA512) case MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA512: *md_alg = MBEDTLS_MD_SHA512; @@ -2537,7 +2537,7 @@ static inline int mbedtls_ssl_tls12_sig_alg_is_supported( break; #endif -#if defined(MBEDTLS_MD_CAN_SHA384) +#if defined(PSA_WANT_ALG_SHA_384) case MBEDTLS_SSL_HASH_SHA384: break; #endif diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 4c31aa2ce6..670be0ef77 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -436,7 +436,7 @@ static int ssl_calc_finished_tls_sha256(mbedtls_ssl_context *, unsigned char *, #endif /* MBEDTLS_MD_CAN_SHA256*/ -#if defined(MBEDTLS_MD_CAN_SHA384) +#if defined(PSA_WANT_ALG_SHA_384) MBEDTLS_CHECK_RETURN_CRITICAL static int tls_prf_sha384(const unsigned char *secret, size_t slen, const char *label, @@ -445,7 +445,7 @@ static int tls_prf_sha384(const unsigned char *secret, size_t slen, static int ssl_calc_verify_tls_sha384(const mbedtls_ssl_context *, unsigned char *, size_t *); static int ssl_calc_finished_tls_sha384(mbedtls_ssl_context *, unsigned char *, int); -#endif /* MBEDTLS_MD_CAN_SHA384*/ +#endif /* PSA_WANT_ALG_SHA_384*/ MBEDTLS_CHECK_RETURN_CRITICAL static int ssl_tls12_session_load(mbedtls_ssl_session *session, @@ -459,9 +459,9 @@ static int ssl_update_checksum_start(mbedtls_ssl_context *, const unsigned char static int ssl_update_checksum_sha256(mbedtls_ssl_context *, const unsigned char *, size_t); #endif /* MBEDTLS_MD_CAN_SHA256*/ -#if defined(MBEDTLS_MD_CAN_SHA384) +#if defined(PSA_WANT_ALG_SHA_384) static int ssl_update_checksum_sha384(mbedtls_ssl_context *, const unsigned char *, size_t); -#endif /* MBEDTLS_MD_CAN_SHA384*/ +#endif /* PSA_WANT_ALG_SHA_384*/ int mbedtls_ssl_tls_prf(const mbedtls_tls_prf_types prf, const unsigned char *secret, size_t slen, @@ -473,11 +473,11 @@ int mbedtls_ssl_tls_prf(const mbedtls_tls_prf_types prf, switch (prf) { #if defined(MBEDTLS_SSL_PROTO_TLS1_2) -#if defined(MBEDTLS_MD_CAN_SHA384) +#if defined(PSA_WANT_ALG_SHA_384) case MBEDTLS_SSL_TLS_PRF_SHA384: tls_prf = tls_prf_sha384; break; -#endif /* MBEDTLS_MD_CAN_SHA384*/ +#endif /* PSA_WANT_ALG_SHA_384*/ #if defined(MBEDTLS_MD_CAN_SHA256) case MBEDTLS_SSL_TLS_PRF_SHA256: tls_prf = tls_prf_sha256; @@ -784,7 +784,7 @@ void mbedtls_ssl_optimize_checksum(mbedtls_ssl_context *ssl, { ((void) ciphersuite_info); -#if defined(MBEDTLS_MD_CAN_SHA384) +#if defined(PSA_WANT_ALG_SHA_384) if (ciphersuite_info->mac == MBEDTLS_MD_SHA384) { ssl->handshake->update_checksum = ssl_update_checksum_sha384; } else @@ -831,7 +831,7 @@ int mbedtls_ssl_add_hs_msg_to_checksum(mbedtls_ssl_context *ssl, int mbedtls_ssl_reset_checksum(mbedtls_ssl_context *ssl) { #if defined(MBEDTLS_MD_CAN_SHA256) || \ - defined(MBEDTLS_MD_CAN_SHA384) + defined(PSA_WANT_ALG_SHA_384) #if defined(MBEDTLS_USE_PSA_CRYPTO) psa_status_t status; #else @@ -865,7 +865,7 @@ int mbedtls_ssl_reset_checksum(mbedtls_ssl_context *ssl) } #endif #endif -#if defined(MBEDTLS_MD_CAN_SHA384) +#if defined(PSA_WANT_ALG_SHA_384) #if defined(MBEDTLS_USE_PSA_CRYPTO) status = psa_hash_abort(&ssl->handshake->fin_sha384_psa); if (status != PSA_SUCCESS) { @@ -896,7 +896,7 @@ static int ssl_update_checksum_start(mbedtls_ssl_context *ssl, const unsigned char *buf, size_t len) { #if defined(MBEDTLS_MD_CAN_SHA256) || \ - defined(MBEDTLS_MD_CAN_SHA384) + defined(PSA_WANT_ALG_SHA_384) #if defined(MBEDTLS_USE_PSA_CRYPTO) psa_status_t status; #else @@ -920,7 +920,7 @@ static int ssl_update_checksum_start(mbedtls_ssl_context *ssl, } #endif #endif -#if defined(MBEDTLS_MD_CAN_SHA384) +#if defined(PSA_WANT_ALG_SHA_384) #if defined(MBEDTLS_USE_PSA_CRYPTO) status = psa_hash_update(&ssl->handshake->fin_sha384_psa, buf, len); if (status != PSA_SUCCESS) { @@ -949,7 +949,7 @@ static int ssl_update_checksum_sha256(mbedtls_ssl_context *ssl, } #endif -#if defined(MBEDTLS_MD_CAN_SHA384) +#if defined(PSA_WANT_ALG_SHA_384) static int ssl_update_checksum_sha384(mbedtls_ssl_context *ssl, const unsigned char *buf, size_t len) { @@ -973,7 +973,7 @@ static void ssl_handshake_params_init(mbedtls_ssl_handshake_params *handshake) mbedtls_md_init(&handshake->fin_sha256); #endif #endif -#if defined(MBEDTLS_MD_CAN_SHA384) +#if defined(PSA_WANT_ALG_SHA_384) #if defined(MBEDTLS_USE_PSA_CRYPTO) handshake->fin_sha384_psa = psa_hash_operation_init(); #else @@ -4802,7 +4802,7 @@ void mbedtls_ssl_handshake_free(mbedtls_ssl_context *ssl) mbedtls_md_free(&handshake->fin_sha256); #endif #endif -#if defined(MBEDTLS_MD_CAN_SHA384) +#if defined(PSA_WANT_ALG_SHA_384) #if defined(MBEDTLS_USE_PSA_CRYPTO) psa_hash_abort(&handshake->fin_sha384_psa); #else @@ -5671,7 +5671,7 @@ static const uint16_t ssl_preset_default_sig_algs[] = { #endif #if defined(MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ANY_ALLOWED_ENABLED) && \ - defined(MBEDTLS_MD_CAN_SHA384) && \ + defined(PSA_WANT_ALG_SHA_384) && \ defined(PSA_WANT_ECC_SECP_R1_384) MBEDTLS_TLS1_3_SIG_ECDSA_SECP384R1_SHA384, // == MBEDTLS_SSL_TLS12_SIG_AND_HASH_ALG(MBEDTLS_SSL_SIG_ECDSA, MBEDTLS_SSL_HASH_SHA384) @@ -5688,7 +5688,7 @@ static const uint16_t ssl_preset_default_sig_algs[] = { MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA512, #endif -#if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT) && defined(MBEDTLS_MD_CAN_SHA384) +#if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT) && defined(PSA_WANT_ALG_SHA_384) MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA384, #endif @@ -5700,9 +5700,9 @@ static const uint16_t ssl_preset_default_sig_algs[] = { MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA512, #endif /* MBEDTLS_RSA_C && MBEDTLS_MD_CAN_SHA512 */ -#if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_MD_CAN_SHA384) +#if defined(MBEDTLS_RSA_C) && defined(PSA_WANT_ALG_SHA_384) MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA384, -#endif /* MBEDTLS_RSA_C && MBEDTLS_MD_CAN_SHA384 */ +#endif /* MBEDTLS_RSA_C && PSA_WANT_ALG_SHA_384 */ #if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_MD_CAN_SHA256) MBEDTLS_TLS1_3_SIG_RSA_PKCS1_SHA256, @@ -5727,7 +5727,7 @@ static uint16_t ssl_tls12_preset_default_sig_algs[] = { #endif #endif /* MBEDTLS_MD_CAN_SHA512 */ -#if defined(MBEDTLS_MD_CAN_SHA384) +#if defined(PSA_WANT_ALG_SHA_384) #if defined(MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ALLOWED_ENABLED) MBEDTLS_SSL_TLS12_SIG_AND_HASH_ALG(MBEDTLS_SSL_SIG_ECDSA, MBEDTLS_SSL_HASH_SHA384), #endif @@ -5737,7 +5737,7 @@ static uint16_t ssl_tls12_preset_default_sig_algs[] = { #if defined(MBEDTLS_RSA_C) MBEDTLS_SSL_TLS12_SIG_AND_HASH_ALG(MBEDTLS_SSL_SIG_RSA, MBEDTLS_SSL_HASH_SHA384), #endif -#endif /* MBEDTLS_MD_CAN_SHA384 */ +#endif /* PSA_WANT_ALG_SHA_384 */ #if defined(MBEDTLS_MD_CAN_SHA256) #if defined(MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ALLOWED_ENABLED) @@ -5766,7 +5766,7 @@ static const uint16_t ssl_preset_suiteb_sig_algs[] = { #endif #if defined(MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ANY_ALLOWED_ENABLED) && \ - defined(MBEDTLS_MD_CAN_SHA384) && \ + defined(PSA_WANT_ALG_SHA_384) && \ defined(MBEDTLS_ECP_HAVE_SECP384R1) MBEDTLS_TLS1_3_SIG_ECDSA_SECP384R1_SHA384, // == MBEDTLS_SSL_TLS12_SIG_AND_HASH_ALG(MBEDTLS_SSL_SIG_ECDSA, MBEDTLS_SSL_HASH_SHA384) @@ -5785,11 +5785,11 @@ static uint16_t ssl_tls12_preset_suiteb_sig_algs[] = { #endif #endif /* MBEDTLS_MD_CAN_SHA256 */ -#if defined(MBEDTLS_MD_CAN_SHA384) +#if defined(PSA_WANT_ALG_SHA_384) #if defined(MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ALLOWED_ENABLED) MBEDTLS_SSL_TLS12_SIG_AND_HASH_ALG(MBEDTLS_SSL_SIG_ECDSA, MBEDTLS_SSL_HASH_SHA384), #endif -#endif /* MBEDTLS_MD_CAN_SHA384 */ +#endif /* PSA_WANT_ALG_SHA_384 */ MBEDTLS_TLS_SIG_NONE }; @@ -6144,7 +6144,7 @@ mbedtls_md_type_t mbedtls_ssl_md_alg_from_hash(unsigned char hash) case MBEDTLS_SSL_HASH_SHA256: return MBEDTLS_MD_SHA256; #endif -#if defined(MBEDTLS_MD_CAN_SHA384) +#if defined(PSA_WANT_ALG_SHA_384) case MBEDTLS_SSL_HASH_SHA384: return MBEDTLS_MD_SHA384; #endif @@ -6179,7 +6179,7 @@ unsigned char mbedtls_ssl_hash_from_md_alg(int md) case MBEDTLS_MD_SHA256: return MBEDTLS_SSL_HASH_SHA256; #endif -#if defined(MBEDTLS_MD_CAN_SHA384) +#if defined(PSA_WANT_ALG_SHA_384) case MBEDTLS_MD_SHA384: return MBEDTLS_SSL_HASH_SHA384; #endif @@ -6433,7 +6433,7 @@ int mbedtls_ssl_get_handshake_transcript(mbedtls_ssl_context *ssl, *olen = 0; switch (md) { -#if defined(MBEDTLS_MD_CAN_SHA384) +#if defined(PSA_WANT_ALG_SHA_384) case MBEDTLS_MD_SHA384: hash_operation_to_clone = &ssl->handshake->fin_sha384_psa; break; @@ -6460,7 +6460,7 @@ int mbedtls_ssl_get_handshake_transcript(mbedtls_ssl_context *ssl, } exit: -#if !defined(MBEDTLS_MD_CAN_SHA384) && \ +#if !defined(PSA_WANT_ALG_SHA_384) && \ !defined(MBEDTLS_MD_CAN_SHA256) (void) ssl; #endif @@ -6468,7 +6468,7 @@ exit: } #else /* MBEDTLS_USE_PSA_CRYPTO */ -#if defined(MBEDTLS_MD_CAN_SHA384) +#if defined(PSA_WANT_ALG_SHA_384) MBEDTLS_CHECK_RETURN_CRITICAL static int ssl_get_handshake_transcript_sha384(mbedtls_ssl_context *ssl, unsigned char *dst, @@ -6504,7 +6504,7 @@ exit: mbedtls_md_free(&sha384); return ret; } -#endif /* MBEDTLS_MD_CAN_SHA384 */ +#endif /* PSA_WANT_ALG_SHA_384 */ #if defined(MBEDTLS_MD_CAN_SHA256) MBEDTLS_CHECK_RETURN_CRITICAL @@ -6552,10 +6552,10 @@ int mbedtls_ssl_get_handshake_transcript(mbedtls_ssl_context *ssl, { switch (md) { -#if defined(MBEDTLS_MD_CAN_SHA384) +#if defined(PSA_WANT_ALG_SHA_384) case MBEDTLS_MD_SHA384: return ssl_get_handshake_transcript_sha384(ssl, dst, dst_len, olen); -#endif /* MBEDTLS_MD_CAN_SHA384*/ +#endif /* PSA_WANT_ALG_SHA_384*/ #if defined(MBEDTLS_MD_CAN_SHA256) case MBEDTLS_MD_SHA256: @@ -6563,7 +6563,7 @@ int mbedtls_ssl_get_handshake_transcript(mbedtls_ssl_context *ssl, #endif /* MBEDTLS_MD_CAN_SHA256*/ default: -#if !defined(MBEDTLS_MD_CAN_SHA384) && \ +#if !defined(PSA_WANT_ALG_SHA_384) && \ !defined(MBEDTLS_MD_CAN_SHA256) (void) ssl; (void) dst; @@ -6831,7 +6831,7 @@ static int tls_prf_generic(mbedtls_md_type_t md_type, #if defined(MBEDTLS_MD_C) && \ (defined(MBEDTLS_MD_CAN_SHA256) || \ - defined(MBEDTLS_MD_CAN_SHA384)) + defined(PSA_WANT_ALG_SHA_384)) MBEDTLS_CHECK_RETURN_CRITICAL static int tls_prf_generic(mbedtls_md_type_t md_type, const unsigned char *secret, size_t slen, @@ -6935,7 +6935,7 @@ exit: return ret; } -#endif /* MBEDTLS_MD_C && ( MBEDTLS_MD_CAN_SHA256 || MBEDTLS_MD_CAN_SHA384 ) */ +#endif /* MBEDTLS_MD_C && ( MBEDTLS_MD_CAN_SHA256 || PSA_WANT_ALG_SHA_384 ) */ #endif /* MBEDTLS_USE_PSA_CRYPTO */ #if defined(MBEDTLS_MD_CAN_SHA256) @@ -6950,7 +6950,7 @@ static int tls_prf_sha256(const unsigned char *secret, size_t slen, } #endif /* MBEDTLS_MD_CAN_SHA256*/ -#if defined(MBEDTLS_MD_CAN_SHA384) +#if defined(PSA_WANT_ALG_SHA_384) MBEDTLS_CHECK_RETURN_CRITICAL static int tls_prf_sha384(const unsigned char *secret, size_t slen, const char *label, @@ -6960,7 +6960,7 @@ static int tls_prf_sha384(const unsigned char *secret, size_t slen, return tls_prf_generic(MBEDTLS_MD_SHA384, secret, slen, label, random, rlen, dstbuf, dlen); } -#endif /* MBEDTLS_MD_CAN_SHA384*/ +#endif /* PSA_WANT_ALG_SHA_384*/ /* * Set appropriate PRF function and other SSL / TLS1.2 functions @@ -6975,7 +6975,7 @@ MBEDTLS_CHECK_RETURN_CRITICAL static int ssl_set_handshake_prfs(mbedtls_ssl_handshake_params *handshake, mbedtls_md_type_t hash) { -#if defined(MBEDTLS_MD_CAN_SHA384) +#if defined(PSA_WANT_ALG_SHA_384) if (hash == MBEDTLS_MD_SHA384) { handshake->tls_prf = tls_prf_sha384; handshake->calc_verify = ssl_calc_verify_tls_sha384; @@ -7272,7 +7272,7 @@ int mbedtls_ssl_derive_keys(mbedtls_ssl_context *ssl) int mbedtls_ssl_set_calc_verify_md(mbedtls_ssl_context *ssl, int md) { switch (md) { -#if defined(MBEDTLS_MD_CAN_SHA384) +#if defined(PSA_WANT_ALG_SHA_384) case MBEDTLS_SSL_HASH_SHA384: ssl->handshake->calc_verify = ssl_calc_verify_tls_sha384; break; @@ -7285,7 +7285,7 @@ int mbedtls_ssl_set_calc_verify_md(mbedtls_ssl_context *ssl, int md) default: return -1; } -#if !defined(MBEDTLS_MD_CAN_SHA384) && \ +#if !defined(PSA_WANT_ALG_SHA_384) && \ !defined(MBEDTLS_MD_CAN_SHA256) (void) ssl; #endif @@ -7379,7 +7379,7 @@ int ssl_calc_verify_tls_sha256(const mbedtls_ssl_context *ssl, } #endif /* MBEDTLS_MD_CAN_SHA256 */ -#if defined(MBEDTLS_MD_CAN_SHA384) +#if defined(PSA_WANT_ALG_SHA_384) int ssl_calc_verify_tls_sha384(const mbedtls_ssl_context *ssl, unsigned char *hash, size_t *hlen) @@ -7392,7 +7392,7 @@ int ssl_calc_verify_tls_sha384(const mbedtls_ssl_context *ssl, hash, hlen); #endif /* MBEDTLS_USE_PSA_CRYPTO */ } -#endif /* MBEDTLS_MD_CAN_SHA384 */ +#endif /* PSA_WANT_ALG_SHA_384 */ #if !defined(MBEDTLS_USE_PSA_CRYPTO) && \ defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED) @@ -8431,7 +8431,7 @@ static int ssl_calc_finished_tls_sha256( #endif /* MBEDTLS_MD_CAN_SHA256*/ -#if defined(MBEDTLS_MD_CAN_SHA384) +#if defined(PSA_WANT_ALG_SHA_384) static int ssl_calc_finished_tls_sha384( mbedtls_ssl_context *ssl, unsigned char *buf, int from) { @@ -8445,7 +8445,7 @@ static int ssl_calc_finished_tls_sha384( padbuf, sizeof(padbuf), buf, from); } -#endif /* MBEDTLS_MD_CAN_SHA384*/ +#endif /* PSA_WANT_ALG_SHA_384*/ void mbedtls_ssl_handshake_wrapup_free_hs_transform(mbedtls_ssl_context *ssl) { @@ -8738,7 +8738,7 @@ static tls_prf_fn ssl_tls12prf_from_cs(int ciphersuite_id) { const mbedtls_ssl_ciphersuite_t * const ciphersuite_info = mbedtls_ssl_ciphersuite_from_id(ciphersuite_id); -#if defined(MBEDTLS_MD_CAN_SHA384) +#if defined(PSA_WANT_ALG_SHA_384) if (ciphersuite_info != NULL && ciphersuite_info->mac == MBEDTLS_MD_SHA384) { return tls_prf_sha384; } else @@ -8750,7 +8750,7 @@ static tls_prf_fn ssl_tls12prf_from_cs(int ciphersuite_id) } } #endif -#if !defined(MBEDTLS_MD_CAN_SHA384) && \ +#if !defined(PSA_WANT_ALG_SHA_384) && \ !defined(MBEDTLS_MD_CAN_SHA256) (void) ciphersuite_info; #endif @@ -8762,7 +8762,7 @@ static tls_prf_fn ssl_tls12prf_from_cs(int ciphersuite_id) static mbedtls_tls_prf_types tls_prf_get_type(mbedtls_ssl_tls_prf_cb *tls_prf) { ((void) tls_prf); -#if defined(MBEDTLS_MD_CAN_SHA384) +#if defined(PSA_WANT_ALG_SHA_384) if (tls_prf == tls_prf_sha384) { return MBEDTLS_SSL_TLS_PRF_SHA384; } else diff --git a/library/x509.c b/library/x509.c index f97fb44589..aa1f82e634 100644 --- a/library/x509.c +++ b/library/x509.c @@ -145,7 +145,7 @@ static inline const char *md_type_to_string(mbedtls_md_type_t md_alg) case MBEDTLS_MD_SHA256: return "SHA256"; #endif -#if defined(MBEDTLS_MD_CAN_SHA384) +#if defined(PSA_WANT_ALG_SHA_384) case MBEDTLS_MD_SHA384: return "SHA384"; #endif diff --git a/programs/fuzz/fuzz_dtlsserver.c b/programs/fuzz/fuzz_dtlsserver.c index fd3e0aa9c7..4343e81893 100644 --- a/programs/fuzz/fuzz_dtlsserver.c +++ b/programs/fuzz/fuzz_dtlsserver.c @@ -14,7 +14,7 @@ defined(MBEDTLS_ENTROPY_C) && \ defined(MBEDTLS_CTR_DRBG_C) && \ defined(MBEDTLS_TIMING_C) && \ - (defined(MBEDTLS_MD_CAN_SHA384) || \ + (defined(PSA_WANT_ALG_SHA_384) || \ defined(MBEDTLS_MD_CAN_SHA256)) const char *pers = "fuzz_dtlsserver"; const unsigned char client_ip[4] = { 0x7F, 0, 0, 1 }; @@ -33,7 +33,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) defined(MBEDTLS_ENTROPY_C) && \ defined(MBEDTLS_CTR_DRBG_C) && \ defined(MBEDTLS_TIMING_C) && \ - (defined(MBEDTLS_MD_CAN_SHA384) || \ + (defined(PSA_WANT_ALG_SHA_384) || \ defined(MBEDTLS_MD_CAN_SHA256)) int ret; size_t len; diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c index 43133d901c..fef5c460d9 100644 --- a/programs/ssl/ssl_client2.c +++ b/programs/ssl/ssl_client2.c @@ -1527,11 +1527,11 @@ usage: #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED) if (opt.psk_opaque != 0) { /* Determine KDF algorithm the opaque PSK will be used in. */ -#if defined(MBEDTLS_MD_CAN_SHA384) +#if defined(PSA_WANT_ALG_SHA_384) if (ciphersuite_info->mac == MBEDTLS_MD_SHA384) { alg = PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_384); } else -#endif /* MBEDTLS_MD_CAN_SHA384 */ +#endif /* PSA_WANT_ALG_SHA_384 */ alg = PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_256); } #endif /* MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED */ diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index a5d2ed1020..81b125693d 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -2403,11 +2403,11 @@ usage: #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED) if (opt.psk_opaque != 0 || opt.psk_list_opaque != 0) { /* Determine KDF algorithm the opaque PSK will be used in. */ -#if defined(MBEDTLS_MD_CAN_SHA384) +#if defined(PSA_WANT_ALG_SHA_384) if (ciphersuite_info->mac == MBEDTLS_MD_SHA384) { alg = PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_384); } else -#endif /* MBEDTLS_MD_CAN_SHA384 */ +#endif /* PSA_WANT_ALG_SHA_384 */ alg = PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_256); } #endif /* MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED */ diff --git a/programs/ssl/ssl_test_common_source.c b/programs/ssl/ssl_test_common_source.c index 1ff2077d4a..1a311ef9b2 100644 --- a/programs/ssl/ssl_test_common_source.c +++ b/programs/ssl/ssl_test_common_source.c @@ -295,7 +295,7 @@ uint16_t ssl_sig_algs_for_test[] = { #if defined(MBEDTLS_MD_CAN_SHA512) MBEDTLS_SSL_SIG_ALG(MBEDTLS_SSL_HASH_SHA512) #endif -#if defined(MBEDTLS_MD_CAN_SHA384) +#if defined(PSA_WANT_ALG_SHA_384) MBEDTLS_SSL_SIG_ALG(MBEDTLS_SSL_HASH_SHA384) #endif #if defined(MBEDTLS_MD_CAN_SHA256) diff --git a/tests/include/test/ssl_helpers.h b/tests/include/test/ssl_helpers.h index 77f85c4966..00e45c3ac2 100644 --- a/tests/include/test/ssl_helpers.h +++ b/tests/include/test/ssl_helpers.h @@ -40,7 +40,7 @@ #if defined(MBEDTLS_SSL_PROTO_TLS1_3) #if defined(MBEDTLS_SSL_HAVE_AES) #if defined(MBEDTLS_SSL_HAVE_GCM) -#if defined(MBEDTLS_MD_CAN_SHA384) +#if defined(PSA_WANT_ALG_SHA_384) #define MBEDTLS_TEST_HAS_TLS1_3_AES_256_GCM_SHA384 #endif #if defined(MBEDTLS_MD_CAN_SHA256) diff --git a/tests/suites/test_suite_constant_time_hmac.data b/tests/suites/test_suite_constant_time_hmac.data index 6a118b8a6c..4adddfc513 100644 --- a/tests/suites/test_suite_constant_time_hmac.data +++ b/tests/suites/test_suite_constant_time_hmac.data @@ -11,5 +11,5 @@ depends_on:MBEDTLS_MD_CAN_SHA256 ssl_cf_hmac:MBEDTLS_MD_SHA256 Constant-flow HMAC: SHA384 -depends_on:MBEDTLS_MD_CAN_SHA384 +depends_on:PSA_WANT_ALG_SHA_384 ssl_cf_hmac:MBEDTLS_MD_SHA384 diff --git a/tests/suites/test_suite_ecdsa.data b/tests/suites/test_suite_ecdsa.data index c852c665e0..e4073e47b8 100644 --- a/tests/suites/test_suite_ecdsa.data +++ b/tests/suites/test_suite_ecdsa.data @@ -103,7 +103,7 @@ depends_on:MBEDTLS_ECP_DP_SECP192R1_ENABLED:MBEDTLS_MD_CAN_SHA256 ecdsa_det_test_vectors:MBEDTLS_ECP_DP_SECP192R1:"6FAB034934E4C0FC9AE67F5B5659A9D7D1FEFD187EE09FD4":MBEDTLS_MD_SHA256:"AF2BDBE1AA9B6EC1E2ADE1D694F41FC71A831D0268E9891562113D8A62ADD1BF":"4B0B8CE98A92866A2820E20AA6B75B56382E0F9BFD5ECB55":"CCDB006926EA9565CBADC840829D8C384E06DE1F1E381B85" ECDSA deterministic test vector rfc 6979 p192 sha384 [#1] -depends_on:MBEDTLS_ECP_DP_SECP192R1_ENABLED:MBEDTLS_MD_CAN_SHA384 +depends_on:MBEDTLS_ECP_DP_SECP192R1_ENABLED:PSA_WANT_ALG_SHA_384 ecdsa_det_test_vectors:MBEDTLS_ECP_DP_SECP192R1:"6FAB034934E4C0FC9AE67F5B5659A9D7D1FEFD187EE09FD4":MBEDTLS_MD_SHA384:"9A9083505BC92276AEC4BE312696EF7BF3BF603F4BBD381196A029F340585312313BCA4A9B5B890EFEE42C77B1EE25FE":"DA63BF0B9ABCF948FBB1E9167F136145F7A20426DCC287D5":"C3AA2C960972BD7A2003A57E1C4C77F0578F8AE95E31EC5E" ECDSA deterministic test vector rfc 6979 p192 sha512 [#1] @@ -123,7 +123,7 @@ depends_on:MBEDTLS_ECP_DP_SECP192R1_ENABLED:MBEDTLS_MD_CAN_SHA256 ecdsa_det_test_vectors:MBEDTLS_ECP_DP_SECP192R1:"6FAB034934E4C0FC9AE67F5B5659A9D7D1FEFD187EE09FD4":MBEDTLS_MD_SHA256:"9F86D081884C7D659A2FEAA0C55AD015A3BF4F1B2B0B822CD15D6C15B0F00A08":"3A718BD8B4926C3B52EE6BBE67EF79B18CB6EB62B1AD97AE":"5662E6848A4A19B1F1AE2F72ACD4B8BBE50F1EAC65D9124F" ECDSA deterministic test vector rfc 6979 p192 sha384 [#2] -depends_on:MBEDTLS_ECP_DP_SECP192R1_ENABLED:MBEDTLS_MD_CAN_SHA384 +depends_on:MBEDTLS_ECP_DP_SECP192R1_ENABLED:PSA_WANT_ALG_SHA_384 ecdsa_det_test_vectors:MBEDTLS_ECP_DP_SECP192R1:"6FAB034934E4C0FC9AE67F5B5659A9D7D1FEFD187EE09FD4":MBEDTLS_MD_SHA384:"768412320F7B0AA5812FCE428DC4706B3CAE50E02A64CAA16A782249BFE8EFC4B7EF1CCB126255D196047DFEDF17A0A9":"B234B60B4DB75A733E19280A7A6034BD6B1EE88AF5332367":"7994090B2D59BB782BE57E74A44C9A1C700413F8ABEFE77A" ECDSA deterministic test vector rfc 6979 p192 sha512 [#2] @@ -143,7 +143,7 @@ depends_on:MBEDTLS_ECP_DP_SECP224R1_ENABLED:MBEDTLS_MD_CAN_SHA256 ecdsa_det_test_vectors:MBEDTLS_ECP_DP_SECP224R1:"F220266E1105BFE3083E03EC7A3A654651F45E37167E88600BF257C1":MBEDTLS_MD_SHA256:"AF2BDBE1AA9B6EC1E2ADE1D694F41FC71A831D0268E9891562113D8A62ADD1BF":"61AA3DA010E8E8406C656BC477A7A7189895E7E840CDFE8FF42307BA":"BC814050DAB5D23770879494F9E0A680DC1AF7161991BDE692B10101" ECDSA deterministic test vector rfc 6979 p224 sha384 [#1] -depends_on:MBEDTLS_ECP_DP_SECP224R1_ENABLED:MBEDTLS_MD_CAN_SHA384 +depends_on:MBEDTLS_ECP_DP_SECP224R1_ENABLED:PSA_WANT_ALG_SHA_384 ecdsa_det_test_vectors:MBEDTLS_ECP_DP_SECP224R1:"F220266E1105BFE3083E03EC7A3A654651F45E37167E88600BF257C1":MBEDTLS_MD_SHA384:"9A9083505BC92276AEC4BE312696EF7BF3BF603F4BBD381196A029F340585312313BCA4A9B5B890EFEE42C77B1EE25FE":"0B115E5E36F0F9EC81F1325A5952878D745E19D7BB3EABFABA77E953":"830F34CCDFE826CCFDC81EB4129772E20E122348A2BBD889A1B1AF1D" ECDSA deterministic test vector rfc 6979 p224 sha512 [#1] @@ -163,7 +163,7 @@ depends_on:MBEDTLS_ECP_DP_SECP224R1_ENABLED:MBEDTLS_MD_CAN_SHA256 ecdsa_det_test_vectors:MBEDTLS_ECP_DP_SECP224R1:"F220266E1105BFE3083E03EC7A3A654651F45E37167E88600BF257C1":MBEDTLS_MD_SHA256:"9F86D081884C7D659A2FEAA0C55AD015A3BF4F1B2B0B822CD15D6C15B0F00A08":"AD04DDE87B84747A243A631EA47A1BA6D1FAA059149AD2440DE6FBA6":"178D49B1AE90E3D8B629BE3DB5683915F4E8C99FDF6E666CF37ADCFD" ECDSA deterministic test vector rfc 6979 p224 sha384 [#2] -depends_on:MBEDTLS_ECP_DP_SECP224R1_ENABLED:MBEDTLS_MD_CAN_SHA384 +depends_on:MBEDTLS_ECP_DP_SECP224R1_ENABLED:PSA_WANT_ALG_SHA_384 ecdsa_det_test_vectors:MBEDTLS_ECP_DP_SECP224R1:"F220266E1105BFE3083E03EC7A3A654651F45E37167E88600BF257C1":MBEDTLS_MD_SHA384:"768412320F7B0AA5812FCE428DC4706B3CAE50E02A64CAA16A782249BFE8EFC4B7EF1CCB126255D196047DFEDF17A0A9":"389B92682E399B26518A95506B52C03BC9379A9DADF3391A21FB0EA4":"414A718ED3249FF6DBC5B50C27F71F01F070944DA22AB1F78F559AAB" ECDSA deterministic test vector rfc 6979 p224 sha512 [#2] @@ -183,7 +183,7 @@ depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_MD_CAN_SHA256 ecdsa_det_test_vectors:MBEDTLS_ECP_DP_SECP256R1:"C9AFA9D845BA75166B5C215767B1D6934E50C3DB36E89B127B8A622B120F6721":MBEDTLS_MD_SHA256:"AF2BDBE1AA9B6EC1E2ADE1D694F41FC71A831D0268E9891562113D8A62ADD1BF":"EFD48B2AACB6A8FD1140DD9CD45E81D69D2C877B56AAF991C34D0EA84EAF3716":"F7CB1C942D657C41D436C7A1B6E29F65F3E900DBB9AFF4064DC4AB2F843ACDA8" ECDSA deterministic test vector rfc 6979 p256 sha384 [#1] -depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_MD_CAN_SHA384 +depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED:PSA_WANT_ALG_SHA_384 ecdsa_det_test_vectors:MBEDTLS_ECP_DP_SECP256R1:"C9AFA9D845BA75166B5C215767B1D6934E50C3DB36E89B127B8A622B120F6721":MBEDTLS_MD_SHA384:"9A9083505BC92276AEC4BE312696EF7BF3BF603F4BBD381196A029F340585312313BCA4A9B5B890EFEE42C77B1EE25FE":"0EAFEA039B20E9B42309FB1D89E213057CBF973DC0CFC8F129EDDDC800EF7719":"4861F0491E6998B9455193E34E7B0D284DDD7149A74B95B9261F13ABDE940954" ECDSA deterministic test vector rfc 6979 p256 sha512 [#1] @@ -203,7 +203,7 @@ depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_MD_CAN_SHA256 ecdsa_det_test_vectors:MBEDTLS_ECP_DP_SECP256R1:"C9AFA9D845BA75166B5C215767B1D6934E50C3DB36E89B127B8A622B120F6721":MBEDTLS_MD_SHA256:"9F86D081884C7D659A2FEAA0C55AD015A3BF4F1B2B0B822CD15D6C15B0F00A08":"F1ABB023518351CD71D881567B1EA663ED3EFCF6C5132B354F28D3B0B7D38367":"019F4113742A2B14BD25926B49C649155F267E60D3814B4C0CC84250E46F0083" ECDSA deterministic test vector rfc 6979 p256 sha384 [#2] -depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_MD_CAN_SHA384 +depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED:PSA_WANT_ALG_SHA_384 ecdsa_det_test_vectors:MBEDTLS_ECP_DP_SECP256R1:"C9AFA9D845BA75166B5C215767B1D6934E50C3DB36E89B127B8A622B120F6721":MBEDTLS_MD_SHA384:"768412320F7B0AA5812FCE428DC4706B3CAE50E02A64CAA16A782249BFE8EFC4B7EF1CCB126255D196047DFEDF17A0A9":"83910E8B48BB0C74244EBDF7F07A1C5413D61472BD941EF3920E623FBCCEBEB6":"8DDBEC54CF8CD5874883841D712142A56A8D0F218F5003CB0296B6B509619F2C" ECDSA deterministic test vector rfc 6979 p256 sha512 [#2] @@ -223,7 +223,7 @@ depends_on:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_MD_CAN_SHA256 ecdsa_det_test_vectors:MBEDTLS_ECP_DP_SECP384R1:"6B9D3DAD2E1B8C1C05B19875B6659F4DE23C3B667BF297BA9AA47740787137D896D5724E4C70A825F872C9EA60D2EDF5":MBEDTLS_MD_SHA256:"AF2BDBE1AA9B6EC1E2ADE1D694F41FC71A831D0268E9891562113D8A62ADD1BF":"21B13D1E013C7FA1392D03C5F99AF8B30C570C6F98D4EA8E354B63A21D3DAA33BDE1E888E63355D92FA2B3C36D8FB2CD":"F3AA443FB107745BF4BD77CB3891674632068A10CA67E3D45DB2266FA7D1FEEBEFDC63ECCD1AC42EC0CB8668A4FA0AB0" ECDSA deterministic test vector rfc 6979 p384 sha384 [#1] -depends_on:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_MD_CAN_SHA384 +depends_on:MBEDTLS_ECP_DP_SECP384R1_ENABLED:PSA_WANT_ALG_SHA_384 ecdsa_det_test_vectors:MBEDTLS_ECP_DP_SECP384R1:"6B9D3DAD2E1B8C1C05B19875B6659F4DE23C3B667BF297BA9AA47740787137D896D5724E4C70A825F872C9EA60D2EDF5":MBEDTLS_MD_SHA384:"9A9083505BC92276AEC4BE312696EF7BF3BF603F4BBD381196A029F340585312313BCA4A9B5B890EFEE42C77B1EE25FE":"94EDBB92A5ECB8AAD4736E56C691916B3F88140666CE9FA73D64C4EA95AD133C81A648152E44ACF96E36DD1E80FABE46":"99EF4AEB15F178CEA1FE40DB2603138F130E740A19624526203B6351D0A3A94FA329C145786E679E7B82C71A38628AC8" ECDSA deterministic test vector rfc 6979 p384 sha512 [#1] @@ -243,7 +243,7 @@ depends_on:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_MD_CAN_SHA256 ecdsa_det_test_vectors:MBEDTLS_ECP_DP_SECP384R1:"6B9D3DAD2E1B8C1C05B19875B6659F4DE23C3B667BF297BA9AA47740787137D896D5724E4C70A825F872C9EA60D2EDF5":MBEDTLS_MD_SHA256:"9F86D081884C7D659A2FEAA0C55AD015A3BF4F1B2B0B822CD15D6C15B0F00A08":"6D6DEFAC9AB64DABAFE36C6BF510352A4CC27001263638E5B16D9BB51D451559F918EEDAF2293BE5B475CC8F0188636B":"2D46F3BECBCC523D5F1A1256BF0C9B024D879BA9E838144C8BA6BAEB4B53B47D51AB373F9845C0514EEFB14024787265" ECDSA deterministic test vector rfc 6979 p384 sha384 [#2] -depends_on:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_MD_CAN_SHA384 +depends_on:MBEDTLS_ECP_DP_SECP384R1_ENABLED:PSA_WANT_ALG_SHA_384 ecdsa_det_test_vectors:MBEDTLS_ECP_DP_SECP384R1:"6B9D3DAD2E1B8C1C05B19875B6659F4DE23C3B667BF297BA9AA47740787137D896D5724E4C70A825F872C9EA60D2EDF5":MBEDTLS_MD_SHA384:"768412320F7B0AA5812FCE428DC4706B3CAE50E02A64CAA16A782249BFE8EFC4B7EF1CCB126255D196047DFEDF17A0A9":"8203B63D3C853E8D77227FB377BCF7B7B772E97892A80F36AB775D509D7A5FEB0542A7F0812998DA8F1DD3CA3CF023DB":"DDD0760448D42D8A43AF45AF836FCE4DE8BE06B485E9B61B827C2F13173923E06A739F040649A667BF3B828246BAA5A5" ECDSA deterministic test vector rfc 6979 p384 sha512 [#2] @@ -263,7 +263,7 @@ depends_on:MBEDTLS_ECP_DP_SECP521R1_ENABLED:MBEDTLS_MD_CAN_SHA256 ecdsa_det_test_vectors:MBEDTLS_ECP_DP_SECP521R1:"0FAD06DAA62BA3B25D2FB40133DA757205DE67F5BB0018FEE8C86E1B68C7E75CAA896EB32F1F47C70855836A6D16FCC1466F6D8FBEC67DB89EC0C08B0E996B83538":MBEDTLS_MD_SHA256:"AF2BDBE1AA9B6EC1E2ADE1D694F41FC71A831D0268E9891562113D8A62ADD1BF":"1511BB4D675114FE266FC4372B87682BAECC01D3CC62CF2303C92B3526012659D16876E25C7C1E57648F23B73564D67F61C6F14D527D54972810421E7D87589E1A7":"04A171143A83163D6DF460AAF61522695F207A58B95C0644D87E52AA1A347916E4F7A72930B1BC06DBE22CE3F58264AFD23704CBB63B29B931F7DE6C9D949A7ECFC" ECDSA deterministic test vector rfc 6979 p521 sha384 [#1] -depends_on:MBEDTLS_ECP_DP_SECP521R1_ENABLED:MBEDTLS_MD_CAN_SHA384 +depends_on:MBEDTLS_ECP_DP_SECP521R1_ENABLED:PSA_WANT_ALG_SHA_384 ecdsa_det_test_vectors:MBEDTLS_ECP_DP_SECP521R1:"0FAD06DAA62BA3B25D2FB40133DA757205DE67F5BB0018FEE8C86E1B68C7E75CAA896EB32F1F47C70855836A6D16FCC1466F6D8FBEC67DB89EC0C08B0E996B83538":MBEDTLS_MD_SHA384:"9A9083505BC92276AEC4BE312696EF7BF3BF603F4BBD381196A029F340585312313BCA4A9B5B890EFEE42C77B1EE25FE":"1EA842A0E17D2DE4F92C15315C63DDF72685C18195C2BB95E572B9C5136CA4B4B576AD712A52BE9730627D16054BA40CC0B8D3FF035B12AE75168397F5D50C67451":"1F21A3CEE066E1961025FB048BD5FE2B7924D0CD797BABE0A83B66F1E35EEAF5FDE143FA85DC394A7DEE766523393784484BDF3E00114A1C857CDE1AA203DB65D61" ECDSA deterministic test vector rfc 6979 p521 sha512 [#1] @@ -283,7 +283,7 @@ depends_on:MBEDTLS_ECP_DP_SECP521R1_ENABLED:MBEDTLS_MD_CAN_SHA256 ecdsa_det_test_vectors:MBEDTLS_ECP_DP_SECP521R1:"0FAD06DAA62BA3B25D2FB40133DA757205DE67F5BB0018FEE8C86E1B68C7E75CAA896EB32F1F47C70855836A6D16FCC1466F6D8FBEC67DB89EC0C08B0E996B83538":MBEDTLS_MD_SHA256:"9F86D081884C7D659A2FEAA0C55AD015A3BF4F1B2B0B822CD15D6C15B0F00A08":"00E871C4A14F993C6C7369501900C4BC1E9C7B0B4BA44E04868B30B41D8071042EB28C4C250411D0CE08CD197E4188EA4876F279F90B3D8D74A3C76E6F1E4656AA8":"0CD52DBAA33B063C3A6CD8058A1FB0A46A4754B034FCC644766CA14DA8CA5CA9FDE00E88C1AD60CCBA759025299079D7A427EC3CC5B619BFBC828E7769BCD694E86" ECDSA deterministic test vector rfc 6979 p521 sha384 [#2] -depends_on:MBEDTLS_ECP_DP_SECP521R1_ENABLED:MBEDTLS_MD_CAN_SHA384 +depends_on:MBEDTLS_ECP_DP_SECP521R1_ENABLED:PSA_WANT_ALG_SHA_384 ecdsa_det_test_vectors:MBEDTLS_ECP_DP_SECP521R1:"0FAD06DAA62BA3B25D2FB40133DA757205DE67F5BB0018FEE8C86E1B68C7E75CAA896EB32F1F47C70855836A6D16FCC1466F6D8FBEC67DB89EC0C08B0E996B83538":MBEDTLS_MD_SHA384:"768412320F7B0AA5812FCE428DC4706B3CAE50E02A64CAA16A782249BFE8EFC4B7EF1CCB126255D196047DFEDF17A0A9":"14BEE21A18B6D8B3C93FAB08D43E739707953244FDBE924FA926D76669E7AC8C89DF62ED8975C2D8397A65A49DCC09F6B0AC62272741924D479354D74FF6075578C":"133330865C067A0EAF72362A65E2D7BC4E461E8C8995C3B6226A21BD1AA78F0ED94FE536A0DCA35534F0CD1510C41525D163FE9D74D134881E35141ED5E8E95B979" ECDSA deterministic test vector rfc 6979 p521 sha512 [#2] diff --git a/tests/suites/test_suite_hmac_drbg.misc.data b/tests/suites/test_suite_hmac_drbg.misc.data index 68866d7aa8..aea9c175cf 100644 --- a/tests/suites/test_suite_hmac_drbg.misc.data +++ b/tests/suites/test_suite_hmac_drbg.misc.data @@ -11,7 +11,7 @@ depends_on:MBEDTLS_MD_CAN_SHA256 hmac_drbg_entropy_usage:MBEDTLS_MD_SHA256 HMAC_DRBG entropy usage SHA-384 -depends_on:MBEDTLS_MD_CAN_SHA384 +depends_on:PSA_WANT_ALG_SHA_384 hmac_drbg_entropy_usage:MBEDTLS_MD_SHA384 HMAC_DRBG entropy usage SHA-512 @@ -59,11 +59,11 @@ depends_on:MBEDTLS_MD_CAN_SHA256 hmac_drbg_seed_file:MBEDTLS_MD_SHA256:"no_such_dir/file":MBEDTLS_ERR_HMAC_DRBG_FILE_IO_ERROR HMAC_DRBG write/update seed file SHA-384 [#1] -depends_on:MBEDTLS_MD_CAN_SHA384 +depends_on:PSA_WANT_ALG_SHA_384 hmac_drbg_seed_file:MBEDTLS_MD_SHA384:"data_files/hmac_drbg_seed":0 HMAC_DRBG write/update seed file SHA-384 [#2] -depends_on:MBEDTLS_MD_CAN_SHA384 +depends_on:PSA_WANT_ALG_SHA_384 hmac_drbg_seed_file:MBEDTLS_MD_SHA384:"no_such_dir/file":MBEDTLS_ERR_HMAC_DRBG_FILE_IO_ERROR HMAC_DRBG write/update seed file SHA-512 [#1] @@ -119,7 +119,7 @@ depends_on:MBEDTLS_MD_CAN_SHA256 hmac_drbg_buf:MBEDTLS_MD_SHA256 HMAC_DRBG from buffer SHA-384 -depends_on:MBEDTLS_MD_CAN_SHA384 +depends_on:PSA_WANT_ALG_SHA_384 hmac_drbg_buf:MBEDTLS_MD_SHA384 HMAC_DRBG from buffer SHA-512 diff --git a/tests/suites/test_suite_hmac_drbg.no_reseed.data b/tests/suites/test_suite_hmac_drbg.no_reseed.data index a6f50ad479..318b0e2349 100644 --- a/tests/suites/test_suite_hmac_drbg.no_reseed.data +++ b/tests/suites/test_suite_hmac_drbg.no_reseed.data @@ -719,243 +719,243 @@ depends_on:MBEDTLS_MD_CAN_SHA256 hmac_drbg_no_reseed:MBEDTLS_MD_SHA256:"3d99f9b7ac3a2fbe9cf15d960bf41f5588fc4db1e0d2a5c9c0fe9059f03593fb411f504bb63a9b3afa7ffa1357bb48be":"0bb5ebd55981a25ba69164da49fa92f2871fd3fc65eb30d0f0d0b8d798a4f8f2":"288e948a551284eb3cb23e26299955c2fb8f063c132a92683c1615ecaed80f30":"d975b22f79e34acf5db25a2a167ef60a10682dd9964e15533d75f7fa9efc5dcb":"ee8d707eea9bc7080d58768c8c64a991606bb808600cafab834db8bc884f866941b4a7eb8d0334d876c0f1151bccc7ce8970593dad0c1809075ce6dbca54c4d4667227331eeac97f83ccb76901762f153c5e8562a8ccf12c8a1f2f480ec6f1975ac097a49770219107d4edea54fb5ee23a8403874929d073d7ef0526a647011a" HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-384,256+128,0,0) #0 -depends_on:MBEDTLS_MD_CAN_SHA384 +depends_on:PSA_WANT_ALG_SHA_384 hmac_drbg_no_reseed:MBEDTLS_MD_SHA384:"a1dc2dfeda4f3a1124e0e75ebfbe5f98cac11018221dda3fdcf8f9125d68447abae5ea27166540515268a493a96b5187":"":"":"":"228293e59b1e4545a4ff9f232616fc5108a1128debd0f7c20ace837ca105cbf24c0dac1f9847dafd0d0500721ffad3c684a992d110a549a264d14a8911c50be8cd6a7e8fac783ad95b24f64fd8cc4c8b649eac2b15b363e30df79541a6b8a1caac238949b46643694c85e1d5fcbcd9aaae6260acee660b8a79bea48e079ceb6a5eaf4993a82c3f1b758d7c53e3094eeac63dc255be6dcdcc2b51e5ca45d2b20684a5a8fa5806b96f8461ebf51bc515a7dd8c5475c0e70f2fd0faf7869a99ab6c" HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-384,256+128,0,0) #1 -depends_on:MBEDTLS_MD_CAN_SHA384 +depends_on:PSA_WANT_ALG_SHA_384 hmac_drbg_no_reseed:MBEDTLS_MD_SHA384:"067fa0e25d71ea392671c24f38ef782ab3587a7b3c77ea756f7bd496b445b7a3ce6acc722768ca0e03784b2217bc60e4":"":"":"":"16eaa49510ffad8cc21ec32858640a0d6f34cb03e8649022aa5c3f566b44e8ace7c3b056cf2a44b242de09ae21dba4275418933611875841b4f0944a8272848c5dc1aad685935e12511d5ee27e9162d4bb968afab53c4b338269c1c77da9d78617911ed4390cb20e88bf30b74fda66fe05df5537a759061d3ffd9231d811e8b34213f22ab0b0ddafff7749a40243a901c310776e09d2e529806d4d6f0655178953c16707519c3c19b9aaa0d09fb676a9d23525c8bc388053bfccfbc368e3eb04" HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-384,256+128,0,0) #2 -depends_on:MBEDTLS_MD_CAN_SHA384 +depends_on:PSA_WANT_ALG_SHA_384 hmac_drbg_no_reseed:MBEDTLS_MD_SHA384:"9f76503e84727297bc7056c7af917a1c98baa725295457db4fcf54ed09af7f15f39c46142b85a67b4b323594b7e97bde":"":"":"":"7d6a8bc5a7f057ceed6109bfac2486f80f81373b6b31d062aa1fad6d9eda5874867b9ef007ba5a92ba8f3fca624bfd9f7ee5770bbeb0391394fef783c16a7f003c06e5469bab03445bb28a2111def415d162e40472d3e5ae628c5c63170bb19f741c79a5331c883c12bca429f518bf71b14683a071b6c6e1e55d8c7a0f3942bc12a103556c49ca173e498b3b4a15027145cdaeb195bc8a7e1aa82ebdf6ecd516481a4d21f400d0d71b5894545888fee8beed80d3251647947f5abc4735b47fd0" HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-384,256+128,0,0) #3 -depends_on:MBEDTLS_MD_CAN_SHA384 +depends_on:PSA_WANT_ALG_SHA_384 hmac_drbg_no_reseed:MBEDTLS_MD_SHA384:"e242e5b3b49d87289fe02840dc742a2a6cd9490fe2cce581833dddb1edc0d103f987f5de5c68cd345c81b032ea55f36d":"":"":"":"3a858345dfaf00defdf6c83114b760ef53b131fbf14bcc4052cd948820eee78a11cbbd8f4baa308e1d187fced74cbf019c1080d9efffd93fda07df051433876d9900c1f9ad36ea1cb04989bb0c55fd6d01e46923f3bc8887ac00ebd4710212114165355361e240b04232df55a81add3fb363f0d4c9c5e3d313bc7caac7d49dca8517cedacf571fde9686ae93d901fb9b17097a638bb9899cfab0ebc9d1f8a43c2eed7c9f326a711d0f5b9cfc5166c9b561824cbd7775ec601ca712b3ddaaa05b" HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-384,256+128,0,0) #4 -depends_on:MBEDTLS_MD_CAN_SHA384 +depends_on:PSA_WANT_ALG_SHA_384 hmac_drbg_no_reseed:MBEDTLS_MD_SHA384:"42cc17365f5ea5fd22bdc4ade715e293064d6794d82bed5b77c4c107a73de1f76d759e4b191ba01e0ed5dea788ab018d":"":"":"":"de06dee8c8fe453aa03ac2546c39f5cda12412864d52ed5cbd0d4905dd226746d50d1af9fd3e1d90de0f16295cb7f6f4d3271ef00564709df4b05eb9f8adc0f8e8522b05b9f32c37d8526813898b9f71db57fc8328e3b79144482e8aa55c83934d6e097e43ec6d0bc32edaf8c0e6ca449b2e8388b32b286e2d4f85266b0605fb99d1a647565c95ff7857bcab73662b7218719189d792514edca2b1d0cdcd9b6347e132ef4c323da24ad5afd5ed6f96d27b0f879288e962fa0baca3d5b72b5c70" HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-384,256+128,0,0) #5 -depends_on:MBEDTLS_MD_CAN_SHA384 +depends_on:PSA_WANT_ALG_SHA_384 hmac_drbg_no_reseed:MBEDTLS_MD_SHA384:"d57024a230b825b241c206f7b55e2114461ecc9b75353f12ac1d9ad7e7871481fe401c320f74afdb07f566ea500b0628":"":"":"":"e8930bd55a0a5a6d83a9b3b2cde7085c2ae467ea4a2e65ca303697d492ca878bcb801769eb1b7ec564586ec8b36d350e192c4fbf03a98be0ddecf56d465914ba353ed7734d19a680fc4593d9234c4ac8c23b7dfa1e26b013f590cca43b9fef126121b4842496b11dea3ef5e981cb357341f03f92a546a62609236ded6f7d814456acc0596d555cbdc02cbd47dae2caa1897831ea464225922c6600a8bb92e711653067f83b21e1df054309858948c11a1399736fc8391c5b0fc35629abfa5650" HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-384,256+128,0,0) #6 -depends_on:MBEDTLS_MD_CAN_SHA384 +depends_on:PSA_WANT_ALG_SHA_384 hmac_drbg_no_reseed:MBEDTLS_MD_SHA384:"059ded79125b2d56d9d52bcc950bf608d1a2373515dafcc81efb6588005a5722d8f5f4181f9f2a316c93fdfbadf50e75":"":"":"":"db65d2000632c3d7009c227e99c210e5897f4d7edae608a242b5a4f17708613f8c19a4dd65d6bc3ca57737c9bfdcca068288eea49440af768d1fc977c32b065bb71aa3d8c4d77c9e8e8a6166f332a247978a6c41ed253a1b68ad934a3416b40344a681de28638f00b0a0ffb75514c3f62253372f809906043de35e4805b8e962e5eb957f04212835f802b2c0b3e76c7cf239c89adf31909cd6224d542d929f9b20a10ab99a7c631e4e6188fe2ba8f552c9c88fdadb528679fe950431641b8f37" HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-384,256+128,0,0) #7 -depends_on:MBEDTLS_MD_CAN_SHA384 +depends_on:PSA_WANT_ALG_SHA_384 hmac_drbg_no_reseed:MBEDTLS_MD_SHA384:"4630406b475b1263b6078e93e5d4282205958d94eb97d1e66b429fb69ec9fccd0dd9982c338df935e929c42fab66adaf":"":"":"":"5d80ec072f550981bcaac6787c0488cc470406249ec80f4bf11050630227f8b5ac6b3b369db237d7c24a0980dffe8d3abd9b64fd4efa492349bd4eb6902edb94553546110227d7de5a864ddae8b9fed8de9f0df9c596e39de903fda323ee6f788831452eb9e49c5eef3e058b5bf84f61f735a93e042bb9e458df6b25f42a6eb8fb03d437cfab757fab4990c721a757eaa5e9048208abbcce6e52f177b20dcf52f1fa551a92b68bcdb01680855b8f79131266378cd1f0c2a4141c9675f01d1e48" HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-384,256+128,0,0) #8 -depends_on:MBEDTLS_MD_CAN_SHA384 +depends_on:PSA_WANT_ALG_SHA_384 hmac_drbg_no_reseed:MBEDTLS_MD_SHA384:"6ea9c6f784f12a9707ceac8a7162ee5381dc893ee139f8f4b4d93db266829db4ae92bc52ff860d8ecdc9fc16bd070130":"":"":"":"234366f1591cfe244956f9496cdf446e0d390ba64beaa066945b1b4c5337dded2619dd2bd0133a5d612bab7c251ab79e3951cb134894c422553fc8cc7b3ccb29c20adbf52dda35af779142d7efc735342db2ee067649fda25f3e8a74f8e4f6620cf5a17cb943602609cafb85bdf482873efa4c74928cc0d69444b72aa6bc72694a3a21c6a721aa4e0fccab0a98aef375a37a3e8a15dccad13b6d70b3483581004642d879804aa00cba207b51affca43490bb98f67953265574366ec3829e67aa" HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-384,256+128,0,0) #9 -depends_on:MBEDTLS_MD_CAN_SHA384 +depends_on:PSA_WANT_ALG_SHA_384 hmac_drbg_no_reseed:MBEDTLS_MD_SHA384:"5c13056be92a7f71236fcfef460298acc8595dd474310727f5ccb9a7acb2254ac7226f86349e20e2aca737068ab0f2ce":"":"":"":"16d415eddefa4dc295a64adcbbcb8c6fe8c8f123c6b09dc08a56d723cff5978cc120fd0a68a2f4c202c220db372d3128ef52385d5786c12dfc6e60ecfc3461a09fa80453e2b1b6365eaeb4df602d192aacb25ab6b4a59689d4bf8d1c4c42a32779f62b06baca6461f154cf40901f5787c1aa2bf67cbfe7546ef5b2bdff20790d8c72d077d48c59c92d1af90a90ccfcdf643dd9d6cee0b1faf5f2f35cfd01d2077ced5e2d013ec1e09336dfab9d9e51ba9a3a2837306213bca2d79abf8dc3282c" HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-384,256+128,0,0) #10 -depends_on:MBEDTLS_MD_CAN_SHA384 +depends_on:PSA_WANT_ALG_SHA_384 hmac_drbg_no_reseed:MBEDTLS_MD_SHA384:"38f08a099fc2d405c32d1e0f867e5450d5ee0d53783c31de9ddeae46d962999da01f13a43320c715612cedb920cf12eb":"":"":"":"079ce7a5b540cae96c2883e95acde3039048a6c45a2d259cc648639e7205392d91fa3ee080e615f1e0741a0e536c9e05844651b93461bfc547fb452fec61f853e1bd6e08eabd0cf1c5f84f85eca9d42b53d1e5bae51be5fd35189e4f1c02b843c6361fccf4ca6648bf30a23ccb8ebc16fcf158746eb39cd96f19d46707c001e11c4e0e8ccbc89fec66c69fc92843b6bb2ee1cc7595b65ba89ccaccd6130a8417faf705e8e203e90ee64ae970c409389b5cd0ca80a4e40b642689741691b20621" HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-384,256+128,0,0) #11 -depends_on:MBEDTLS_MD_CAN_SHA384 +depends_on:PSA_WANT_ALG_SHA_384 hmac_drbg_no_reseed:MBEDTLS_MD_SHA384:"0863c868c32442a1a64095a71ab6ae2f9e61c119b58dfa4f34efd26593bbbf68bc407904c43300452dd4e61df47fa98f":"":"":"":"585334828cf531828fc7127fee0c926f85b8e71e8522ea921296dc62b83a09a00397cd45e0664d0f26fa24edd3e3d8ecef8fdd77ab22431d4066f0efaf3882c97f179a7060efe9e8cba5d8145bebd502c0e09ee791231d539983c08860d7783edb58440d193ed82bc77c27723381a0da45bb1fc2a609f8b73b90446e39869a5af5038aff603b44db9771113927a5297fdc3450eaa228e313afe43c31b0a95b476c5ca312b4f589f809749481722cea9990c02b647976aa6c6f02ce1e5e6ea6df" HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-384,256+128,0,0) #12 -depends_on:MBEDTLS_MD_CAN_SHA384 +depends_on:PSA_WANT_ALG_SHA_384 hmac_drbg_no_reseed:MBEDTLS_MD_SHA384:"a41ad223e41e2bb9c131ec945ca310600ab00c51f6e4fcddd803bd9ab9be8af5483373838894d32745a81ba9d6967751":"":"":"":"95ca31a7eeebdd2348cf1d43411d2c35faffdbcaed4052d50cf92f0e9d2e757686b72d631a56ca98b68215e7014cfed943abc1e13441c1d660f13adf2188d0975154e1b42a592a62a43b57f82cc21a428873a92fda83abe420efb5233140e4d6c7852cf81e85961fa5c606c5f33e06077f414b0f814cbbe50cc606bffbd474364e608825fdaaf5e74d862795539be8697e2ce05d71446881e3f65bb54ed95e941586988f6e0c34e1beef426696e9dbd9a214013d826a8c99a2a686d8402c583f" HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-384,256+128,0,0) #13 -depends_on:MBEDTLS_MD_CAN_SHA384 +depends_on:PSA_WANT_ALG_SHA_384 hmac_drbg_no_reseed:MBEDTLS_MD_SHA384:"62a26c1327c0ebf8b40691fb4c8f812e81f5474b0c7db70aa9424110fee3a05e41c0cf2e87210e34d0c6bffc269bf2ba":"":"":"":"6e20a00df1af37e6cc55e580ba21335111eb375395343618df7d630b9dc234496e3964cd45c5de34bda46a28964f6148704c30925feeaecae0574038434cd33c1dd943207a8dbdcd72dc9ecb76a25728b3c2a8ac13c1de3a126d7d43a46e12e0d0ca8991469e582b78ef6aa691b5a0e3e85cba7d7aea3c1e8e031674e85f5af36546eb2a0a28d4ffbaa316a9a6c944fce291cc0c235e8499882eb62b22b548ae07cf9430329e009f4443cb94f7a14e8661166b0d681dcec867205abed48145e9" HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-384,256+128,0,0) #14 -depends_on:MBEDTLS_MD_CAN_SHA384 +depends_on:PSA_WANT_ALG_SHA_384 hmac_drbg_no_reseed:MBEDTLS_MD_SHA384:"fd54cf77ed35022a3fd0dec88e58a207c8c069250066481388f12841d38ad98591f9c02a1d205cdbcdf4d93054fde5f5":"":"":"":"f6d5bf594f44a1c7c9954ae498fe993f67f4e67ef4e349509719b7fd597311f2c123889203d90f147a242cfa863c691dc74cfe7027de25860c67d8ecd06bcd22dfec34f6b6c838e5aab34d89624378fb5598b9f30add2e10bdc439dcb1535878cec90a7cf7251675ccfb9ee37932b1a07cd9b523c07eff45a5e14d888be830c5ab06dcd5032278bf9627ff20dbec322e84038bac3b46229425e954283c4e061383ffe9b0558c59b1ece2a167a4ee27dd59afeeb16b38fbdb3c415f34b1c83a75" HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-384,256+128,0,256) #0 -depends_on:MBEDTLS_MD_CAN_SHA384 +depends_on:PSA_WANT_ALG_SHA_384 hmac_drbg_no_reseed:MBEDTLS_MD_SHA384:"5e919d353357671566d2c6ab6e1acd46f47d0c878fe36114d7fea9fecb88a3a27efca9e3d1e1b09d7f16832f3af75141":"":"442f17cb3cb1482a19729bfd58f46f6ef16285554892c01b0718968d6e011082":"f9557c93eb841bfd7b5d4b71da928efcbe3f55e1870493ef90d16eb238380d65":"36902134f1989cfe7eb518a56c06aada98997d9bacd04aee21f879a57b515ca3b5e0c2d5fed05ca1a8b054e8c46b389d9d9186feb0abe8e2e60b3a267281cc5b4b7341116ced35a0e07bc2b0330bbfd8b07f07248fa6d8fc5c9df13445324162bdfa22a91ba71453ab123c92f91c70b8bd540b3b180b11ab45ae2c59e57c7c43dab7576594959a96eb502d182267c86576b1846ccee1a694cabdfb42e0c8214192efb502926fa3c27eed020b7cc8866a5af9d838a57e78bf7acd230e1f4d8361" HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-384,256+128,0,256) #1 -depends_on:MBEDTLS_MD_CAN_SHA384 +depends_on:PSA_WANT_ALG_SHA_384 hmac_drbg_no_reseed:MBEDTLS_MD_SHA384:"7a5d1efc9b7043060cabd67de7fe22740bcd6a8ceb355d69f118829a2b3c92006a5633e613f8769c1114b1822ffb5408":"":"f2ad962d992434468681c644587639901ff74e2bbdd8761961ec34edc4a0c36d":"75aae0d1bca9484c89fc4de3d1b34275ef0656775f3f8c96f2bbc50401aaa718":"5ca21af4b399db38f8b74a406aace69f994691f2765bb9c47b240000152739e059b163cd007de5f28bba17e485fcf9ff6f41f76e93998510e302282cbdbde09fe8b1a96187e57c9a3df94e2e748f20026476ca682dfa890b478f7a21f4927f74f99aedd9ae782ba10fcda1dc34c31b4f784722e01cc4679737276f56df23c5bd8c6985797b83c0ccde2b4c7a65c652745de7fc8a235ad7ed0f456f1e7568b2dad475f0bc46f02a7f35c05cfef9d0e2c773ff895e291a2cfc2424b106096d8864" HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-384,256+128,0,256) #2 -depends_on:MBEDTLS_MD_CAN_SHA384 +depends_on:PSA_WANT_ALG_SHA_384 hmac_drbg_no_reseed:MBEDTLS_MD_SHA384:"611586ee40cb3ca4a9238ce112a237449bba5422ac9b18ea53480875334d8fa026da9d96c4e87f94b2f9a7c261be3edb":"":"2f835c336a3aa0019b0bf940c24643bc8fca58c9cfa6509aa9241de9e0e1a046":"1911a59c5f2568860ae71e803688889dc44d14ffb0d93e324c39f32d95c1c3ea":"27bf42f50476d8a2cc23f455e9ef477cb8e9c90f2e97c8a483093ebf55b2aee02e0356cff919e2ec9811b42c73498a6c2b96aa5b761ef7e715cbf66ad2e3ff8a6c92419dbf2e653ce70a87b51e26d9f607eb25b45b91f947d0026a38977143c8bbd94076e663b9cee35505b48e453e7cca83e540975ae8a53f26390aa63aaf1e2669410cc83427eea09428776a2d520eebd170602c52dd491c98042018a0372a0b39cb565cbe5e474f927f91515a6a7444fdbe1d89d8ae2c2482a0deb8ff236d" HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-384,256+128,0,256) #3 -depends_on:MBEDTLS_MD_CAN_SHA384 +depends_on:PSA_WANT_ALG_SHA_384 hmac_drbg_no_reseed:MBEDTLS_MD_SHA384:"85b1e5da599efd4a20ffcefd4737fa3ea1d2b14be33861c2a4ac3ac2a49d3947b14cf18f4ff426cb6345f1a7653e9630":"":"cf5bbf98d8577077b0b84475dee0f0e9aa95eedd1d916507b5233b688bcc856c":"b333ec111e1e7d78c9ac916e420704832539d2db46aca3bdc4732e8ce72b5e80":"4773d32a9fba37acc6900f3ac70f6978ff1e40039d6e3286c264fb7fc59f1bfe0188c7979380c8922bdd0e363c8e09a49faef59ea85a9f0e400b94c74a8a50687e4e51e25266eabb86276f22628d0d2e19c5696cd221a9b80f94045d001ca4c20dc916ca0ff22c93a41fc822912dd7e247927fd45982e94d3d1fde77cbe78beecba830b753079326ae33274f13fb7cd875e85fb5e9e703e61cbd41bc4ad47d7b4d14afc873a39dd810ad8eed95adff8dce3adb7659b7c1d4e3f62403767940b4" HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-384,256+128,0,256) #4 -depends_on:MBEDTLS_MD_CAN_SHA384 +depends_on:PSA_WANT_ALG_SHA_384 hmac_drbg_no_reseed:MBEDTLS_MD_SHA384:"50f986f6efb413fba3e8e0beb84d4948c2db0661ab8e064d9fee8b3c2f0a910fc35d37512f88bdfcfde797a21a006e01":"":"37c7b08222ba63f2136bb28f5ec09b9a899b56371615be41bef49a0b640590e4":"4a1e34a5d60ca08e3e6c0f1b86547ba2d12fa293275e7d75f83a0b846daa48df":"e27738c6fae66125fcaf4e725a0881d5a450fb5b02a55057d6cb7babd91d502c4f4a8431a83352f47ea8e5fd7e815f5080d144318a1dcbc755e0b935785cd5397955da22e3ff633b34a64ac72b2e6b7c51e78ff553731e6e8da911d147a6e05b36b74898cac6d3171bc8650e445ffd19ede2aa8218be17671321c186465d852dd80d73290546b88ef7a978b41c4c549e9c7fc6ef86e47084778fb5aed5d41e794ee0e700b77c0314a307b10df69daba605f3fdbe2dec708ba0b20d6b650befbd" HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-384,256+128,0,256) #5 -depends_on:MBEDTLS_MD_CAN_SHA384 +depends_on:PSA_WANT_ALG_SHA_384 hmac_drbg_no_reseed:MBEDTLS_MD_SHA384:"641dbcbf99b61437c2bf65a13dc3e0324eb940335da123870d9429636dfc82979d0cc913c73e8a6321fc3eb9e973c0aa":"":"72580c11a87ce6b4207908aaf5bcaaa1bd217fce3e8bc0726568c64639b70767":"cf9f4527e074b72be735558dcaa1fc82f26ae286bf944b49649f769bf6faf49f":"345395723d048c2270c0eac990498689bcb862a4996e82995b4e7169e671eb03bb2242c4669c874c1aeaffec58aa653c7d7431abd1650f0cbce8cf5db8316693f3ed501fd9b48c1a44b34f7878aa386d65afc31f94f908a322b03d06c2a1074a03bd2b579cafb0f7cee6d6934588ae1ce9e4ed37b03737c553ca19af4b46b5e43767cee2e459ab91407df6cfd13a6f186abdb148b85a5f49bf92ac6674fb055c7fe123e9355a0d33de281c03a56f91891dd496dabfd6eaa6fff6c9cfb4e67c44" HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-384,256+128,0,256) #6 -depends_on:MBEDTLS_MD_CAN_SHA384 +depends_on:PSA_WANT_ALG_SHA_384 hmac_drbg_no_reseed:MBEDTLS_MD_SHA384:"b9c305ada943a64a2b00494e869f9a640173eb1c2518dd9be93abc3c93c7e6b5bd0627a199d15f77b188824df00d5997":"":"ffc6760f9af02d35666275c074eda03f53dbcb5690580bb25768a6566b328dfb":"f26f436a820ef71597b75134b8d9dca6e9a6afd9b429222a4c9c878f3b92716e":"e5413a234859511cd837312bb31aac4d31962c5f7f27aec47417f367ca99b8400a4287e60412fc356cb40d96ddf5cb801285ebca42b2f6fe4a711451c1574174c58dccb2cd3342b7092a196ac7d2881a08e7f5de939ccc8f4eedc8f867c81aa88655d96ae50f618279d5009ba2ac4b1df4e63030cc0ec3541b6a94bd9a2ae5d1fcf4d847114a783c997a7c6b9d549010bf7b649abef692cdea3aa8ada14574e0f78b7fcbe17b587ac14980e40264d6de030e429586593d5ce3ae571f95454dcf" HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-384,256+128,0,256) #7 -depends_on:MBEDTLS_MD_CAN_SHA384 +depends_on:PSA_WANT_ALG_SHA_384 hmac_drbg_no_reseed:MBEDTLS_MD_SHA384:"9875dbf59b760eab9998bf3341847910526d10071dc179f96081dd793a6001936881e7f39075cd382293a1aaa8c845d2":"":"1196583a99afe1d377b344585c8252a0690704b8f7a2b7582387ec91a60fd7e4":"20147a88e0f9f1e8caa8cb14488c9b5c38e5520a36ae913b4703d15af27218dd":"c808f6f296683d26208359a766fe61bc70ee8b6ed9ffb94ce269578fb5568fe2358d603638324b63b29bb36ae71a542e38ee69a2b93ad7e4a887a27a2852cdcd541a5fa6d0c8b087aa1185bd5788256e7d95c2aa2d5c11407b7bf762f416b01d8e747c45298f875200a2e67679d6d5ff7a7c0e50a010690b1920df1baf0afcfaee7ab0862004e23b5aa1ff47b8273d503bd74a54e7b39ac7e6d6fb0a594d30531cab8a67b22783470a65f24faba1c231b3ba45efae9f0be04e2338529cfec008" HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-384,256+128,0,256) #8 -depends_on:MBEDTLS_MD_CAN_SHA384 +depends_on:PSA_WANT_ALG_SHA_384 hmac_drbg_no_reseed:MBEDTLS_MD_SHA384:"ac92a6c791aba0406d6ea8255c3c0901eb711a424501c2c2c847076d78bdcfc3266b7c3bc578c7501daac6dda8366d4f":"":"13379a77d84a0c4cec95e62ac4c8a98ceede0d89b8bd317352a95300963415ed":"04d47ec89a3e1b7f22580167331225a00ff258da72446241a6c09c517ee4d48c":"c2e6528584c6dbec436ffec4075fd3aebe953fdc0b46b4b225a3c2886e60d21879e6ccce3746d881f6d80e33876afad439ab9f68fcc458492de12811fbd57ac49d868754da19279b4c0a38979201a588884def5677392dec97cafc94bccf8914d9f78575711bb6f2adf4116db91c8b54e36e9ac2f5e01caebd300acd7bd45eada69d20f1b4139013a8a614069315a1c99137a6f23e38f91c210e0c156c6fb498056e823dc41a05348ab43c2f6f4ce188d4e05a13d38f8025731ac1670949a040" HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-384,256+128,0,256) #9 -depends_on:MBEDTLS_MD_CAN_SHA384 +depends_on:PSA_WANT_ALG_SHA_384 hmac_drbg_no_reseed:MBEDTLS_MD_SHA384:"63954ac7a0f989a458d2b4a6b7013dd66683624584b545060bd03a57b92822ef422764bbbc35fa5d40d34145afe44bec":"":"7b25d875dfb03333cc27b9d4286d00a85ea5921f4b8a4717b957349eb3509053":"8b70d28c5c80086c0cbbd01337ad45297af271d4bafc764b0fc5705700cd419d":"297752e61c4ebc4e1c68391335e2cdb49b0f19dafe359e451f8158fb7958d32a98455a852002d8f05169f438816ae6fccba1eae4d1fdd7a1176b04831d7ce892f711ec825062ea1c6b12144bbd3a0aca7f92520ebb87ac6045d2ac3a4a74fa559926f0daceb59d44fdb39f5fc3b877f34241531e863c153286f3f1b2ba2db4e2c8e2344be40c2a7a8cd01daf168696ce19f83ddb64d50e2313e78c5dfcf077f25e5b4d6f687279119ce856d4131a63ad133cedd020881939bf70f82eabfe46db" HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-384,256+128,0,256) #10 -depends_on:MBEDTLS_MD_CAN_SHA384 +depends_on:PSA_WANT_ALG_SHA_384 hmac_drbg_no_reseed:MBEDTLS_MD_SHA384:"d0944e0a3f3604a588271c8eb65913ad9b07ee2b29620f8106ca70ec10aeb896bc9b2b519c77fec5fc419e953ceb0be5":"":"d58593f2488f0a292ab552dac006c94b20ff500dd57af32be808921a5ee251c1":"ea9e579c9dca67f07ffd67d2483ec1fac3d2ec22fefff73c7ac9f125888d7a4b":"ae736da6632a7d8bdcc9e279cb7d3f9101a8f7dddeff253277d1d99b45c76a1a5c193334e912c3dfdff1bc389b209c3b29359a4ca53765a1e40cb900c6055d8a285cf63ebec79b46019efe95d5199f215f11961f3319d225bf3d60734fbfbf3593ab105cec2a17e308af469b3220ef7f055675396d289e6f4f8009881c8a2b4e9de88d53ad13e8bed8b38be6d8988f615b4590fde3d91caf50a86eac3fbf29924743145803978d261132b5975a9f108499250314e098e57c56e2f9327307cff8" HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-384,256+128,0,256) #11 -depends_on:MBEDTLS_MD_CAN_SHA384 +depends_on:PSA_WANT_ALG_SHA_384 hmac_drbg_no_reseed:MBEDTLS_MD_SHA384:"1ef53464bc7a441227a27ea7b5c558dbb3f509aaf880213cdef7e8f6a1d287c173cd5b3148d46c48c83c5cad3ccc1f50":"":"b052a66992fd8a8cb02c593edfe4766fcbcd3505af29d698e1f4db398acf717d":"37333448311c2c6edee19aadb8f1036cb60cff2a945c1a0ea087713bff31e915":"4ea7054659cae1cc178ef431aebb64c2c8dda3a965ea940a84c00d9790e2e3a33521395cc4d49038994aa4c7dcaf0b52b44375d93b625ac2281991a85a5acebf3de552355e17b3528faf39d392fed981400f28540f5ca64a4d2eeb952c88856c8f7388a49611810941b46b1000ee4a8aaaadcd39944c4abca9110fd6580093f9303f86a6e129d56b5aeff5422c2261af33523cc6a174e0782e13a026c003c17430b8371bbfc3d51c3e06fbdc30769a278b109238bbe383cd5523053fe589b72e" HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-384,256+128,0,256) #12 -depends_on:MBEDTLS_MD_CAN_SHA384 +depends_on:PSA_WANT_ALG_SHA_384 hmac_drbg_no_reseed:MBEDTLS_MD_SHA384:"14148d69d583d4c1758c307e0eb0b762511165823fc54096f9da5513e87df53b96a7be8d31b8a38f24a82d846b0e13ef":"":"e05f81f6402c52dff5c221a2f191155bb56abe160ce7dc8a6bedfa029195a612":"214777e3faee7d953b5c796675e106d50cdc12836b3114d14447ae91cea3c1db":"eb0497b32af8a91ed3959c31b079b8cc5c39db3100913332fffbb6b1d5ebbcdc97d6e67c934f3336197c9b730d80995a7d7445e36cf3047cab22895f244cac803eabd001eb1ff5d5645a803c41ea6dde6c972b47de0372ce901667d03e2e02aa0a5aea809e0bdc7430440365908418ce6066c24191ace05d6a797ef9b94409989cacbb9d9ec31f3cf0112b72e1420b47e0c184a8aacc214d55a0d5e0869d09303e4014de0430c07380006ea75984e6c32b06067d7d7b931e2b74666b4b569f71" HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-384,256+128,0,256) #13 -depends_on:MBEDTLS_MD_CAN_SHA384 +depends_on:PSA_WANT_ALG_SHA_384 hmac_drbg_no_reseed:MBEDTLS_MD_SHA384:"27d47020acc3a80a55149fa0ef43f684843ba89fda4bff1c29d20baa2b21956780569b7fa0c4078d9ff71a3790f1be3f":"":"c03ea0b88e2f9b53f902b22746bf4dde09439c190a7a638e3cb990d86739dbed":"3ef05e71487cdbc209b5ab6e808e55f0a93bcc02df766b01c1c1ae5875b1023e":"3ee49e2a58d800d922cfb66284da84bbb5944c85f194d95f1156b673392132a430e47ae74f1ed7c1d0e632d8cb604c88777437d8f37e7d0428b834555a96800540bf5bce6f430328fd328baf4b22b7f8e663c1d8583bc0119248588840510e11203cf47dfc4f6cdf8344170a341fbb7d93999ba86be3fb94d9c03922fd3d75e3fd5b42365aa62606e352676b2a0c51fb030d8d5605e8ac6bac2b4f8417d8e060148e3d4ba67b31e5e704d866bc87741ba877d12b10e8a9b37f3feca908fe1fc4" HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-384,256+128,0,256) #14 -depends_on:MBEDTLS_MD_CAN_SHA384 +depends_on:PSA_WANT_ALG_SHA_384 hmac_drbg_no_reseed:MBEDTLS_MD_SHA384:"88b6550d49182ca7321d8015f780121223a93343dabaf21978ee2818e7bce6591d32b48eb4642069adcaa5986224e6d3":"":"809639f48ebf6756a530e1b6aad2036082b07b13ed3c13e80dc2b6ea56e70a04":"3395902e0004e584123bb6926f89954a5d03cc13c3c3e3b70fd0cbe975c339a7":"4a5a29bf725c8240ae6558641a6b8f2e584db031ef158124c4d1041fe56988fdaee91ca13925fee6d5e5748b26cc0275d45ef35abb56ad12e65aa6fe1d28a198f5aa7938fca4794c1a35f9a60a37c7360baf860efd20398c72a36b3c4805c67a185e2f099f034b80d04008c54d6a6e7ec727b1cace12e0119c171a02515ab18ea3d0a3463622dd88027b40567be96e5c301469b47d83f5a2056d1dc9341e0de101d6d5f1b78c61cc4a6bfd6f9184ebde7a97ccf53d393f26fd2afcae5ebedb7e" HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-384,256+128,256,0) #0 -depends_on:MBEDTLS_MD_CAN_SHA384 +depends_on:PSA_WANT_ALG_SHA_384 hmac_drbg_no_reseed:MBEDTLS_MD_SHA384:"2cd968bacda2bc314d2fb41fe43354fb761134eb19eec60431e2f36755b85126e3dedf2af9382a1e652143e952212d39":"59fa8235108821accbd3c14eaf76856d6a07f43383db4cc6038040b18810d53c":"":"":"06051ce6b2f1c34378e08caf8fe836201ff7ec2db8fc5a2519add2524d90470194b247af3a34a673298e57070b256f59fd098632768e2d55137d6c17b1a53fe45d6ed0e31d49e64820db145014e2f038b69b7220e042a8efc98985706ab9635451230a128aee801d4e3718ff59511c3f3ff1b20f109774a8ddc1fadf41afcc13d40096d997948857a894d0ef8b3235c3213ba85c50c2f3d61b0d104eccfcf36c35fe5e49e7602cb1533de12f0bec613a0ed9633821957e5b7cb32f60b7c02fa4" HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-384,256+128,256,0) #1 -depends_on:MBEDTLS_MD_CAN_SHA384 +depends_on:PSA_WANT_ALG_SHA_384 hmac_drbg_no_reseed:MBEDTLS_MD_SHA384:"023f5673dac29f62245510d0a866629c43c64bf35a0bad30f1270050876cfb1ce80b615a5a47ecb51217a46079e11fd3":"a6f797b155d6da01f5d155cb7291442e1b82d4190e93e279fe5b4aaa7d04ecc0":"":"":"507b824443af5db28f746229e03ab00c73cc3ee4956aa14b33eda00dd2b9b645c132dab7dcdbc659c8ba0e1a3575fe7dbc7cf9691f9b714acb1b33bef96943003c992f661e04fe9e8b9f648f4af9a58a45b08b8fa7fa3704e6bdc289abbe14a8c7e1747a52ac916c31ed079de0b900672e658a201279824d0d75ae35dbdd43aeab915653765d83e46f347fcb4fe3321fc28abd2d0d26a662661582ce21b6dc4ea6d1b236e9692a83c8ba0fb299157b80623ad4f448d25d57f537b10e5e30f80b" HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-384,256+128,256,0) #2 -depends_on:MBEDTLS_MD_CAN_SHA384 +depends_on:PSA_WANT_ALG_SHA_384 hmac_drbg_no_reseed:MBEDTLS_MD_SHA384:"96b5bc16ce0d101b90d54da6c4b3d85a70ee19d54cf4cde3d048afb5f758a6b52ea2c10c16feb71cedfab9bfa9e462f8":"2ff415e2432d2e6c4279910a5e56c0f5354a5af0099132d891943b4a8901ca6c":"":"":"ecebe717afe6dc08dbff3ed626bb06de0f9784283b70e378dec19d4fbb50e61b7be48ceb69851b2bb94641aec5027d53d314a96500a9bbb38a87c9aa42ebeb96a23cf29a0fbd5e48b399daa1b24dbdc85223f24b7d77332bb1a137ec709d27c008c709696cbe44bb2fc19fb10a2fad4ffd8a9d89492a939f2268d1557f44b6a64e2a57887830fd8bca1b6306aaedbd7f3f476b827995a1ed121388497edc7e639c87d092f6591a45b5647c6c091c15ed39f594b7fc4ae92331f96dd8e17be970" HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-384,256+128,256,0) #3 -depends_on:MBEDTLS_MD_CAN_SHA384 +depends_on:PSA_WANT_ALG_SHA_384 hmac_drbg_no_reseed:MBEDTLS_MD_SHA384:"364a833a283a3e0b8a5b681daa50df96d806d4b54828f2b016de5d88597e6287d98cba8fda464d21aa1cfb7b26b9b226":"35b0e7534014dc2d7eb0f20ff78a69d5548d0a64122d4936a6ed177fb3ec66a6":"":"":"df4c799cae37173a81c545d019ffa336ef2c039a5865af425e5b60bc3d7202f4bc1aac5a84022bf4088061abd5c39d0fb047ba80163eb5dc8b9dd515948f16915832c6f76b45acc25b9c01e7f70955c0eb51bf50f00b24bb8e7ff53bd7c051b53d8b1a837a17a00355d7eb21e43b2b5b249dadced37d06e7047c2fd12012705a59d051afd26245ce3a59acb4b996b718c7dc1ae964bf12b1db02fd6c06ac2fec6ee5deb02c2c830110e9bbbd3c778a136b646ce2a0738563555a89409c56b81e" HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-384,256+128,256,0) #4 -depends_on:MBEDTLS_MD_CAN_SHA384 +depends_on:PSA_WANT_ALG_SHA_384 hmac_drbg_no_reseed:MBEDTLS_MD_SHA384:"bb4d38c775acdeed663256abb747ec25182bc16efd0de02cb4b05e4ad4749c92be6f1e856e423a8f3bfb0c0f27ad8210":"21591e796b7e68e7913fefbef4872af9c062f21c8023c0dbf47e040c3aed3733":"":"":"12575776e1b9f54b0fbc39e85a77b6912160bace4f1e9f049e3a1c5bcb452cf9be42ea10c028c3cc249401ac236dd3baa53ff327735435f4869d3289bc9465ccf15f826e4e4fff099986bdde0d09bd12e3caddcf452eed6ca1206ae4561b84770a9cc6e962567304ef79d8d3608529a3b5e4067fa83c8c35a06f1855da5f5ea7eb106e4c60181d12ba00cfbf7eac60bda00571d95c45c9d75c43b42e27a238aa5e0f02bbd96cde59a2e572934a99d05c399ffdf15c65f173748734c51999a29e" HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-384,256+128,256,0) #5 -depends_on:MBEDTLS_MD_CAN_SHA384 +depends_on:PSA_WANT_ALG_SHA_384 hmac_drbg_no_reseed:MBEDTLS_MD_SHA384:"f9d041d24158f480600c3747cbfd868c3f7e9ac7f74b3760eae5320839e4f5130f8477d88b1d914c0d8b375d089a4c83":"b148049f4093f0032c7f105dae219aa9e3f70487ce3a6b6ecd99429f66be5406":"":"":"84c58bf473061da92fa8d56aab3a75598428f18dca504191a51746eb5fcad8f784eafac5ea81d636d579e330baf7db95c8d706432e9f585e84da090c0eb40dcd819bf10e0d5b8600150d186f732af50b431c596c920eca742e6555129fdf5df96b44005083d7a33087b150d63529bee4b6e1ed4189ae2d93cee8dc671d47c0e74ba04218dfe273484a4bb59a57743ea56843d516ff2c72ef9841996d31b0d6c5beef367a6b44cc84cf4d403a06b40406e4c9f47da401e3cf31412694e6164dcb" HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-384,256+128,256,0) #6 -depends_on:MBEDTLS_MD_CAN_SHA384 +depends_on:PSA_WANT_ALG_SHA_384 hmac_drbg_no_reseed:MBEDTLS_MD_SHA384:"c18f511ffc3479a59357c17c2fb3d1e0e6f0edda4c8b567f2413323c2037f2fd140fb0cf33eb59526d8c0dbd216939b5":"7387aa3b0b3d92afb29761d3d5ea16e32a68297b9ea6751e1d54c8612f6351c1":"":"":"949bf03868563c7d1498c69c327686682656374b2efdef6342e69a388229c580ca2217a9332d3ae77c2d1223f5dedf4b34ec50b79d5baa7283168ed7cbe71c6c3c9193bbe01b76e011c39d2d462017c2c74b7e698fa2140e16886a9ec0fc6c36decbae37537638ccf17777f1cfa49d2c2c7ba3aadd0a1565d61942de94aa6fa16ecafc2dafabc9082f23e75a0e2f8f79d1c0a15ce57fef7655f1a4fc6fc4d4a694bf6ca9e333959f35ad354524f614905c6a52ef8f524cdf01c5fadadf207772" HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-384,256+128,256,0) #7 -depends_on:MBEDTLS_MD_CAN_SHA384 +depends_on:PSA_WANT_ALG_SHA_384 hmac_drbg_no_reseed:MBEDTLS_MD_SHA384:"6b09295110384eb56726f61474bdc532fdace31ceadb5fc23d587356cfac74338ab6f9d89394b907edb646650865a3fc":"7cafcb4db31ab411c396015b8bbbc990607e08bd1cef3337dfa0e295ae024f9e":"":"":"e51bc5b3a6bb2a2667f5d62c2ff9902dd07b566870b4c14242627da7581449ec985739cdc2bb5ef036033fa798112ce20df06d46d61aad7121b8282fe7556bdd363cdabbf47184e55edd85ee0b7b0be17b9a7f822f4d8906465b525c16385d0899b6c27728ff2a600870aef65f58f9d3777e8987d86e59fdb69cd232e7289fc75cf2174304137f988a17b60c57af84cd8e556aaad458f511fc0b3009516435c0c60098f35fb6a4a90d90bc6071d38000703ef57cbc19d6b78a0f797f3ba044c9" HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-384,256+128,256,0) #8 -depends_on:MBEDTLS_MD_CAN_SHA384 +depends_on:PSA_WANT_ALG_SHA_384 hmac_drbg_no_reseed:MBEDTLS_MD_SHA384:"ec6d0f68240f5c47e822d9088364c6cd03ca53808162b4f06f5956da65290946f4d26653d079e50604f836c1d798243d":"b40b5737cc76c5f6d1df0f13bfbac7e26f92aa933125705b6197d9bedb11f2e1":"":"":"207833cf65599e1406ddaf3452f060c872099cbf7483f1f7f14033490f7258ca5fd7f5339f914498b6e61fa426cb872c880a9fda9b8ba590cd8006b990af7ad412f60c8b2ad969c2f9cb0e9d005943d4dd2dd7af9699046ce89d6405597716d43b9ad54641c2278b04b2bcc5b8ecbcd5e2044e4e6ec5a628605fcbd67249e813bb769d7df01b60404d030e69e9672b4fdeddf82a22042b83ca036578b69f9a0ad9702bcf95fe846705b49b0a0795dfbc4f671e0158ded6242bd8f8fbc2410c46" HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-384,256+128,256,0) #9 -depends_on:MBEDTLS_MD_CAN_SHA384 +depends_on:PSA_WANT_ALG_SHA_384 hmac_drbg_no_reseed:MBEDTLS_MD_SHA384:"df59ac224e4ba1b6dff348f17bcf9c5a94a3235a54f2799a6cae29d8654b79d18b09b444a28a7d537e1a2bc89e95abd8":"14a0a91e0cfd63ef5fcbe2e8c7a44bcf5769c9f95b6c50bbe9d3b48b82a09053":"":"":"656438e7738d441b9ac116361e9f26adc0e303da7889cf559841b3e44127318edd356051bd0b3ecea78feb2b928227921a0c183c9f56bfd11ef31b28da6c78f3891d8ae1804bc158fa56e8b7a1a46be4954de493ef65a7f9beb46949a323a04e944034db30b19cebd8b70bfc155882ddfaca1bd5acb981c2c1b3e0862c6234d13093ddbcdff15129d586fc24ea2fd20946fe45b467bbbc77a6b6973eb6ea02994607c657eec29e4c4b3915cb730db056babf1779127047b401e25f97f606063b" HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-384,256+128,256,0) #10 -depends_on:MBEDTLS_MD_CAN_SHA384 +depends_on:PSA_WANT_ALG_SHA_384 hmac_drbg_no_reseed:MBEDTLS_MD_SHA384:"8da1ad6810c1d6b7ead210e48f51c370d4520547a330a4d591e61a9847aa043463f69d1b237999fda9b5697f1e7aaa07":"291c536dac72409e31e71cafb1b5f55c14421b2c7a44d792cfdc663dc8f62692":"":"":"c2bff571554c26bbd4442fbb3b0f8eb4db09840337658a7425613e0fd4f96e60da39b250c3a77379a53325a56ec02248c4d67fb9154e3b0eb8972a3109aed531eccc027705b267d2b9c037da79860d76e5e980b5b30b7ea588fa221d24d973f6d4c625de65123e91613a1528cdee59993aa827f319a759412f20aad6c50fa79a3debeb346ad92809470daf228cf344e09f03c839a28d580a2b3d7050685ef51e95649aba7228a2f0c82a2dfd89cae6ce549e8b27fd46f02feb473645765018ef" HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-384,256+128,256,0) #11 -depends_on:MBEDTLS_MD_CAN_SHA384 +depends_on:PSA_WANT_ALG_SHA_384 hmac_drbg_no_reseed:MBEDTLS_MD_SHA384:"5e8d6571f514519de6c4c0a7cc5b85df616735b8dd09c3bed2377499aaabb296a9b2c94642da10e8fa737cdfb3129334":"6ae29c71b76fc48f14a3d731a0f6f276f73e7672eff631dbb1d22b06463bb236":"":"":"5cadc1264314fb4bc7ed7fa74bfa16aefa624bf2fd60c992d0cba10429c56e0028ebb430b1a1c6662a9b3c7f6de244ca000ae63db9570f1aa3e7ffb1e97a9d848021d8e632fedc037712a29abec4063b9d57c60738f0af0b1aab3844b03f7aacc65d38bec91a11b7c3bf8d970f01e00fed9dbbe9e2e499a21c72a7c5a22864125133ecb073a4c9f6d9fd46024f5c1ee7fa447209afa6ccef1f97ae77ca67fca5959dde209d2597f87af6e154408579cec42c69fa9b7cc075ee3e37ee3d91ad9f" HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-384,256+128,256,0) #12 -depends_on:MBEDTLS_MD_CAN_SHA384 +depends_on:PSA_WANT_ALG_SHA_384 hmac_drbg_no_reseed:MBEDTLS_MD_SHA384:"5c9481b2642855fac8931eccd1bd6c5a05b560a55f96d37e865f057a95812d81fe65c84c96a990eb7a302b58de723cb4":"b6a61b9a31207363d62c0b88f1632290f4f18feb41a6dedb85b7450ff9157016":"":"":"9cc77b68e1ac23fdd2e2a6ff697053f816bb48b39b1162f7aa3fdd2dd1867f68b13980c9e5989d4631b7983248501731326bd7bf6e967b3dee7d2d5625d3cc2e198623af9f77f86103491ebb4aefda5c333b51557b8f643e6d6c593fd7e27e4bccca13140f6129cbd024de076e4688567fd7e41dc7b2bd0bd9b3e966d5d3c461502221b52b001a4d2102894da04172efb900171a0eabab1fd134217580cfc33a0a94edc0bc132af91d048c6f5ea4e34ebc9686a99f81d19118ba4da63ae3df7a" HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-384,256+128,256,0) #13 -depends_on:MBEDTLS_MD_CAN_SHA384 +depends_on:PSA_WANT_ALG_SHA_384 hmac_drbg_no_reseed:MBEDTLS_MD_SHA384:"c43f883d0adc2b56984d4a497a8ad76813a01df5a0ba22b53144763b65c7bf3f6f722e4ceac59966a6e44ed898e6109b":"769bace2c263edb87101743673724ef67a935e1ae9cace87202b6015d20fd9ca":"":"":"ce61480953190453247d091838dd80117f7f85a7e9a1237c92edf10cfa26b423735788b1e89f33625480d9faae57112ee62c8e4840475a6a738018ad3fd4a77efdd8f15ffb621c429419b6adb20431fd35f9d62fb33d500b87beac4856aa4971eb89710576b609ecfe758f3682dd316e7ee9d6560b444c2446656c8941dca7d6eaa70fdf8a70f18386ee5d4c86738bc261c0e8e5f509dabffd0425a86858ea3c71de5be98570dabd80a37b4f7f954002727c0b712e58693603c23130a45e98df" HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-384,256+128,256,0) #14 -depends_on:MBEDTLS_MD_CAN_SHA384 +depends_on:PSA_WANT_ALG_SHA_384 hmac_drbg_no_reseed:MBEDTLS_MD_SHA384:"d083f7f8c65374627ddb51582b3a39e2bf074508d5f28ecce25787f386058de8afafaf2ad7e6449308e176be01edbc59":"ddb4ced192f52bdfa17aa82391f57142ac50e77f428fa191e298c23899611aad":"":"":"b978826b890ce8a264bf1ad1c486aaf5a80aa407428c0201dd047fa1b26e9ea9ff25a9149215b04c2f32b65e007e0059a8efe11481926925061c748678835c0066f596352123f0b883e0c6ab027da2486244da5e6033953af9e41eec02f15bebdb4e1215d964905e67c9e3945ec8177b8c4869efc70a165719b8e1f153c41744d44d3c56a15822d522e69bd277c0c0435fa93e5e1bc49bc9d02aee058a01a04580a6cad821e9f85cf764fc70dfae494cbfa924eab0eff7842e3541bc29156f6b" HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-384,256+128,256,256) #0 -depends_on:MBEDTLS_MD_CAN_SHA384 +depends_on:PSA_WANT_ALG_SHA_384 hmac_drbg_no_reseed:MBEDTLS_MD_SHA384:"c2feb900032f2cca98d3f60536f563d8ac9af5fb2e90dba36c371c0a1c58cf5e4a60f2be0fa13b8266b715be8aad128c":"8e6f9be0c692648072d19c750804b10e2ec313c8013abd363de7a467787859f2":"72f54ba3f8e71ad69a040bb8493283acfc8815f17dbcea220ecd68372a2dffae":"adce8157ef60482841dd2ac5ac512bf7649120c1dba81ea75f2a70b7512bb6f3":"e76e4326ac69ddbc6b2408c529b05a96425c65cc65671601191238e9434d2a0147f3a25ce9b6818774f5263c92459bca421d2b492f9a9c2971359baaa1426d6e2c36d8924f39d02ee2fb5502c4e0b206dbe9aeeacd508abe6c055d547b5f9f35de4fdc9c05a2c63ad699a3a7e265598b8f40a8a295d7376b88c49af9edc790b8a5ee221e19877616678e2a5135d7b3756109200439d9ec8bfe0cc5f3c334ca9c022ab9192d5d554dc7ae76af1dc06d814427f46a7cfa2dcc62f4777d07ebde7d" HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-384,256+128,256,256) #1 -depends_on:MBEDTLS_MD_CAN_SHA384 +depends_on:PSA_WANT_ALG_SHA_384 hmac_drbg_no_reseed:MBEDTLS_MD_SHA384:"ad500edbe28b9a4338b55451b81c652797eb48fba753c186ce0aa9ad02a84ea2c995b7ade6de0fb4ec97bcbd61b711d5":"5770c41832a4cdc4039a8c332a4b45e7a7b2dabb678ccd2e56452aabeab14925":"d8d5516d158b41cb9d66566b88064900af78183f765f2f72a19548fb797377b2":"60a3a01a72e6b3f33a0c236db08237e7d656bdf4bab1db57ae23b7305569dea5":"c5ac3df66bc664e8bf84c758c7926992f0e8a03cd3f3f5fb8277c85b4da526601e8131f9d205f35594e101a86fb83ccf4c1e98c8e609062256701ff2132e337cb7287f0ee2e8fe3ef11ae703d7efe52e63cf89119ced05950c55aae6c822b6b0a8e1b91b537e5bb2de165a4b5b43a1c41fbfd65fff9bc5329d303caca84f5d1fc6acacee622623ed5dde36aeda0816749557c924d6ed26cd80e456fd0ae2146477ccb63a203fe16ac1d0eb2d12b6a2cabb21d412422e95f2df8ccdc23b4ef0dc" HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-384,256+128,256,256) #2 -depends_on:MBEDTLS_MD_CAN_SHA384 +depends_on:PSA_WANT_ALG_SHA_384 hmac_drbg_no_reseed:MBEDTLS_MD_SHA384:"51a29bac53961792077e88ed3603d33bd1f51b3fdb2b5cd1ea131c6f643af65de81eb2e260396d2a69b4184c4eb98a15":"72e5285b92c4ea4458e8a2159687cd46e7df9c1f4513d8b72cc88be41c2e1522":"16a69f7aee34c567595f3d362ccbdbb7b9e9372c4b1729fbb80d9a089eee31a4":"825197262a43f6523182f0a91005d70b17d81c2bb692edfd02ab988130c7d5b9":"f63f531c242a295d7796c3b4844fc74821af5a53e0e7ae822cd8a7f9de91e6164164f3448fd7d18feafb97c9500e0625d501dcb3927e6fb39ef65dd9586d157076436452bd3066cb30d1f47dc0a3ffa5f2e9ab4e183018b40a82b39b0d170aa21b05600eefea906838b95456e04cf046808030a56951d2502c5eb6271228905ed08549bb171d6c0408d88250785f42e349ce1d9e74a6cd0360a008ec804e7ecdcb4d1fe24aa5a18cbb65f4de1619a29c6062b409a386ea6f43e60adb9ea3dd28" HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-384,256+128,256,256) #3 -depends_on:MBEDTLS_MD_CAN_SHA384 +depends_on:PSA_WANT_ALG_SHA_384 hmac_drbg_no_reseed:MBEDTLS_MD_SHA384:"b30ff9c6e5b6bd258f1cea0fd5ef9adb81fbec233ff2fab01e79b7422878b2e950604e10ab80ddceb9d2b968d0d37ba9":"e8acd4b380aace0b27572057eaa947e10e6b49516140139c74a1d4f472221dac":"1d2ded0003521e2ba6a4a3e732e0949c1d858fdf0925fedd9cfd7f603e0e692a":"688ac5e7b4400d962c106fd2ce712a1cda6a0b8ac5196ad727f9b882329a3d5a":"c5208fec1d67517311a42bec07782ceb247e9c818e4f5f3bd160c9e53d462b61884feb278cdc8f64e22f59d27dfa98d3a90da8c7c5ba28ca40bd0d18934595a376553d1a8a19de07a83e2e9db42748c982cbcbf4a975c20084ea9cc6c6a41b571faf66b364e4b7e4d32efc80c30b219da1c02a1ea02f6922adbc31a057f999605a2d827f10907835c2bdde4157d7bf2906a0ad27bb72f113c6ec4f23631a2b8517bbce91b560d90d73fbf0699bab21da23e27cfec513bb5e375f50108197d664" HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-384,256+128,256,256) #4 -depends_on:MBEDTLS_MD_CAN_SHA384 +depends_on:PSA_WANT_ALG_SHA_384 hmac_drbg_no_reseed:MBEDTLS_MD_SHA384:"56715dcbaa4f5bdbd157bdd950d1c1b46c1f4f8d7818ab321d72c0ff3c0a928064b0439f7bf021dcdc7febf2126e5432":"cd5547991b525f7795e075a59af1701375175bd760db99d316b91463f87f7f3c":"b2e4f02f1c14866f538eddab402356ff3b405abbb9154e88b98483a83be70f7c":"b8db321ab30285eee7f9e377ad62def6caada447d00a4ec882081daafe2ec009":"7ed8c2be58e3553eb65508377d63d7f24518d1a7235dd4c740bd987dd8bc1c1e3ca97a69a37dc9a270ad88989e4868e6cf8e4cf01703c0b1eb6aed8c3f8af431d819e68b6947ae134d360d87e33668cdef0e45e11f5cd79329ff95ed00e4a6952750f1574f489394b5fde3c6f07311a1e5d9c4e070a0943ef9d4a130a9e4b0a80c256e96ca5042961766874898ea0f772b78d1a33e866351a4eb425b822b5ad596cf249bce8ccd6dafb334b71a503fce2c8fa3fbac9943910ce5ff02ebbedde8" HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-384,256+128,256,256) #5 -depends_on:MBEDTLS_MD_CAN_SHA384 +depends_on:PSA_WANT_ALG_SHA_384 hmac_drbg_no_reseed:MBEDTLS_MD_SHA384:"1c60a31760019e6a571e2987e57e19adbc1accf3edd44e501061cbec331b197eb68d0fa8fa5e3071d6f8b7c9c0a3c35d":"d4d84dc7311096791dd9c9d7f2cd291071f877afd86b9644427482d09ac9df64":"6473f4430398d7e5a2d218bd05e6aedac1e317269df3e4705d56c22d6e7abb0f":"379649b56a46399b9ab5f3880e1a73993a58cf52821d3cac87890aa0e6322a94":"d34152fa12fa341d0326a525aa838558630013857747f02634d24e9deec2da12f52fb405e7f1b973dc2d982d26eb2ddb4b49c35a9308b06809171dc990a4248e6da0c329a259f495247b9fa8c73af06604db7b629168e34081696a043977dd29a3c0362d5895f9aac24bcba58dd74078ef6f8d33eac864f2e6cdc479da3d224bad8099d011e914b6ccc3631a7369586e18c71a4087de0d47a7c29a09c12438c7de2d4b47768f47685b742c25b860e716c31e2afe4ce6d92bc2fb9f34400602f9" HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-384,256+128,256,256) #6 -depends_on:MBEDTLS_MD_CAN_SHA384 +depends_on:PSA_WANT_ALG_SHA_384 hmac_drbg_no_reseed:MBEDTLS_MD_SHA384:"eeccce7f7edc52f0e2559250be36526cd1839151a77c59d527f66fa24ea4d86b3fb298c8d72b6a0a8e191b60259d1fc1":"26d35895723ba3d431991a0e6fb2154ae5bff7e58609c926ee3269afc5cd631f":"227b9a71a6c17ecbf627161fc627f8f6f1a28ce39772b7a3d36064e2cc6dc4d5":"eb59f780c5a955e1355dfe15cc4a4e90a6ec75584e63bd0de734399f47b95070":"78ac77657dc56b23e617a9b38168da945c1cf52b6062c2b10f1d7a3814d9b9efa5545da050b0db5a65a2d2d2e02fa12e97eb970fa8e83c524bc809d675e0db35c9762323f327f1edb9b534ce16d02519750b41ebe51f747e9da43fd1afc60e46c7aba72e15cc7a22fad19ed55189f287a14737483eb6b32d966c3e3969d8198f01f2ed841f20d7d2e156d6285a29e07f6d7fff42bd575806c4092522b03e0d1b8df0cc88f5b82d24a7fd0feff6ada03a60ef2541a4ab041a49aa973c7163bf94" HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-384,256+128,256,256) #7 -depends_on:MBEDTLS_MD_CAN_SHA384 +depends_on:PSA_WANT_ALG_SHA_384 hmac_drbg_no_reseed:MBEDTLS_MD_SHA384:"86f8104a081c9565dea5652f20145a068dadff125debf818262d8931cec6ba937fd5b51affcebee952fb67f29f197267":"c7ba5ff828855e6e78fa1732d63aac1f49701ff7ac1f3506e97941f998b4e9d2":"6917bca15db53a5359e5c4d30ab4d37fc6a1bc660faaf2e74864cb4aa52e0e02":"eea8db0cfc04f8de14d6053442b5b4f8733f822df4be5966a0de8b0f7d2036f6":"562b8b2fa3bb15cfc3f7e57f309e31b13c790c928ad6b32a005f5431c28576c5706c4ac0dc2c7a4435bebfa06571278f485932bd94382efcf727b300b230da9b9e9f377d2659ac75dd8247351d5ed8185effa0f255a2a2136e63717e0265d561a34c75ecee1c774c25e33fd938696825686acf9a419c1da3fa1ce8f695e231087aa0927dde6ab487dc61291ad4700c5c608fab1a418f6b30ff97b8b8f01ef8164287849a77b21be5d11d82d0c19056e07d59a30f6c576705c6cedcb9f22d3a8f" HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-384,256+128,256,256) #8 -depends_on:MBEDTLS_MD_CAN_SHA384 +depends_on:PSA_WANT_ALG_SHA_384 hmac_drbg_no_reseed:MBEDTLS_MD_SHA384:"0db6f73ab6d31ddf8f78d76961310d68f081c9e6d5985e1883978c2dec48d9f58875ab658b3a8b795bf464af9470a90c":"d886936ad36549a10b5dc5d6e21203abd75ad63f826794b4adaad45a70424c5f":"76993d3bcc32546430efa30e3b30acc34c7672b6e18c7e2e9a1f1cc26f7f7a22":"54c72cf3457e6f5f6b35dc14167fee9383c44c867f233ec9d81f187bce438c0f":"c3523894d273c85d605d39f5b89e3388afad8c20787897b903d8db7e3de7590340174be3abd7598daba7806ab934e0feca02bbe66282d469ec01476bad5ccba59fc14cd9549bf4af49641f4326b1052b179c89194d21bec0501c97ef2c24aaf045fd348b765910fe92c0039612e37baad2445b57d9db6c1e550adf6688a79b117f6b7a37e0209d89f194a1bfe1ff2e3b28f0454b383af8872f32322bd5313a3c9ca48d33eab7c3807bb98f8f402c43b99b2176f0b33be08c7e84c86b26e971ab" HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-384,256+128,256,256) #9 -depends_on:MBEDTLS_MD_CAN_SHA384 +depends_on:PSA_WANT_ALG_SHA_384 hmac_drbg_no_reseed:MBEDTLS_MD_SHA384:"3b1ffbfae6ec54a175a80a33c8768fb60f2af9ee2b8620c4e800a17fb9241ae47f77da414f67b5d7b24dd100355d2afb":"0d50cf61e2020a909ba6e36ba4d0a394579d3e4377cd4bf0068967e8d0fe7a78":"5d4efb3f6e6503c5d85a1c43398d0441ce8aefafaabe2f6d86988a24e033f502":"cfb6156a1b139abf21c73001240997ee1a8cad91a4bd777c0372c1e8fcfd3fac":"d3ef776c8d77fcc5e947bf53e0be11777e69c7dce138f24c1a3212d1b6b932580371479b7619fc82f029d92969628f810b54a8fdab8eba799e750945f3545f6a96226bc760ad736101516efff5d8581f5864b38c29885d39843a4adca17046e1e388c890542988797b576da64804eb4101638328d3f8bfa398ffaf83cb7290a2cfd39ead13290ae773a8958b33914ca02c8ff6a069aa25ac8b36f6f0f1dcd8f1c5fc838083a64ae7ae11b85be3a9fa80ed83949b622002e91776273fa32d6cfd" HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-384,256+128,256,256) #10 -depends_on:MBEDTLS_MD_CAN_SHA384 +depends_on:PSA_WANT_ALG_SHA_384 hmac_drbg_no_reseed:MBEDTLS_MD_SHA384:"19767ce1f18aea366539642fad400a03a675b2f3c0b1cfd49925e535b2c2779043c5a1c57ef550acae733729516aa62e":"6bfa882c1e895eeffbb85578182653c022a4703091529780c075cd482809b990":"11236df1dca3de6e3e3a57d2741d1b77f15f45b05beb47cc500100b31188a42d":"98708a88fafae56c4f6fa780c6c0e33ca8f2592983b5ae607146cd6e92204416":"b6514a3779dcef2c9ea0ed7ddfa808d045c5907314c358302ca32b2055987a38ef601637cdcf77b1b8f7eac479f8f18972013c2e1a6dfe612e8a586dc529ece486505534c0ff3dc0b2049a0e46d7ac504a1fdfaa9b08d9fa017c5803415fa391ba7eeb576fd6ddba4404feb46e7cde56e090dd280be5edba7d6df9c5ba7d3454bcbd4d443b08fb51a117c1d5916f225dcd6c1c3fe2b2880f4d42962befe3ab76bdc086e29381dd985206e3e00ce722c9c040af5ff4cd4a8183b446d91b310845" HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-384,256+128,256,256) #11 -depends_on:MBEDTLS_MD_CAN_SHA384 +depends_on:PSA_WANT_ALG_SHA_384 hmac_drbg_no_reseed:MBEDTLS_MD_SHA384:"f63292bab50668eb14b83975422a0c853fe55714a9edf9d8a817ba0b2f26ec40063a86ee3c79c694273342a02f68ecd0":"3c525956838e26b77b8cfc37f024ec398ed825076dbb749cf49a7d868c201e6d":"d9a41b47c3bf8743099dc8fd228f77dff01ae304761eaf57d751e11cf094bef1":"b790c37dbda20fbeafe9d1339a1151144253bdfbffe17ba87240eae49c606bf3":"3586b63315020b3ba1121314a0fa6c66d57de0ec44abeef7b7325e960832b7944cb0a81a747ee5c5d3163001536d3e5ad2ec869b0e5ceb14aee2e6915073619528c1421b59b80254dfc3cab0584898b0bca72c76ae25f52b7405b9dad38cb2b841e1d6a34fc5b277129db49928b2f6c0dd22900ee786ec128164ed12eb324b502499f1c5c89be2101901476b39c56034cc293e320e63a3e019186d4eaf9a098136e8c0ce7f6326f84ec95992dde2585ad3945a9534aa2954b8c15a48e3324d76" HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-384,256+128,256,256) #12 -depends_on:MBEDTLS_MD_CAN_SHA384 +depends_on:PSA_WANT_ALG_SHA_384 hmac_drbg_no_reseed:MBEDTLS_MD_SHA384:"3df74683f298ba48648714e384989145c1b84246736dc275636809d64c75ff603056e703c435eacf21c0bb152d9fc2a0":"371217ca2337db03c4d06714624fa11f90d5dc575bdbe12a457c610be066dc2b":"f26b9cac8df57a33e4b5868c36f2b9322994a98269dcbd7956b93d147dd0aa27":"0a6db86c3abdc39878045b8fc2d5f0f77a8e298efdacb4cb9f74762fc23b96fc":"ff5252b7a39460a73094b9d668b53d1932243caa885c0ecd850612fdbe7e46cb275d079bb75a6b050191282ccb11ef255d52cb763618c4b624560d79bb9a5bc99319783de43c152e7aa7c4cd879a75869285320a9b749c897bf07220cc1bef1edc494bffa6ab93dcf839dc15f6f2e508b9e216e2a1786b75abfb01bb7bdeda722b47af895f551670f9562d9f9b78e98ee7ea5c5ca4f836af5bf153925b2aec055eee8164edf3f7b72e24b1203cfae1834705f74cac8c6043a3c2abf6bdf28fc9" HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-384,256+128,256,256) #13 -depends_on:MBEDTLS_MD_CAN_SHA384 +depends_on:PSA_WANT_ALG_SHA_384 hmac_drbg_no_reseed:MBEDTLS_MD_SHA384:"53d70692f0f4dbda23d78660f0f08c7e70ca94441f1440348f76108874d13ea14652725abd1a94d315364416c90e662a":"6deee916ad660811cf05b5652f32df4e97f544ebb57762617359159cc9a425c2":"acda427eea1c8c6791be6e4d2b60be30302abc84d5c5a13be7d510004b8710c9":"d27d7f598a14205c45788665cd062135b6b65547d3188959e38ab675401d2b62":"f77f9de60e95da3f1d0d67b5dde29b31df59ce980ebdbad7b5e0a0051fee39e1d6fc4311f21efa016039bb05f3b009b223be6f2c007b468388a8a19bb468c7b82cc93dab3e160b2b72fda1240fcceea01c2638e9c8bd2d1ed9ff9b55bf69fba4b6ae8e694c150896ac6233b75567993f9a9adf25ca0f0835b9991ff4b8d3f4f1a3e4c5f9866d98b7a75196804f996492a61dbab5bf72f87658e2300a1b0777ef7f43ffe8962f6b6708d2d91dcdf6b430cfaacb3289f74cb0f67370bcc9af249c" HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-384,256+128,256,256) #14 -depends_on:MBEDTLS_MD_CAN_SHA384 +depends_on:PSA_WANT_ALG_SHA_384 hmac_drbg_no_reseed:MBEDTLS_MD_SHA384:"85186650694f742c3f5f228f943788f05602d4827518908fd09a1fb445d8333db2d65f376d48c66eb9e0498999e1ff49":"499928c41841324749143be9cc769899c38d6f6e6933e56898896fabcd802931":"9574ca51f21865c2fb0efc75cc9d90ec5e9c43104979cd64d00ea5544ea01c96":"c0df840a18d7584b62c70b2f057bf824168edb673cb517cd9dac89a0fc80c9b4":"b31e50202f883a8563cf129a0d5f8a33abad79d8ec8a97167ed7fca778e5892480617cdf50b5e51547f7ec1bede35020a311572c61e33e9c82968e8f69586daea3dc19063bea56503f8ca482918d229949acd6f1c52cccdc5f7f4cd43602a72a5375f3aabfd2834ee0494823beada2daeccbed8d46984d1756fe2207ca92186b506115f6de7d840c0b3b658e4d422dbf07210f620c71545f74cdf39ff82de2b0b6b53fbfa0cf58014038184d34fc9617b71ccd22031b27a8fc5c7b338eeaf0fc" HMAC_DRBG NIST CAVS 14.3 No Reseed (SHA-512,256+128,0,0) #0 diff --git a/tests/suites/test_suite_hmac_drbg.nopr.data b/tests/suites/test_suite_hmac_drbg.nopr.data index 07fb24b713..bea83dd720 100644 --- a/tests/suites/test_suite_hmac_drbg.nopr.data +++ b/tests/suites/test_suite_hmac_drbg.nopr.data @@ -719,243 +719,243 @@ depends_on:MBEDTLS_MD_CAN_SHA256 hmac_drbg_nopr:MBEDTLS_MD_SHA256:"1353f3543eb1134980e061fc4382394975dbc74f1f1ea5ecc02780a813ac5ee6cf584db2447afbe2c8fa0c15575ee391ba60219332a67b95d90ec9de6b8453d4c8af991ae9277461ff3af1b92fc985d3":"345b0cc016f2765a8c33fc24f1dcfa182cbe29d7eacbcdc9bcda988521458fc2":"6964b9b9842aec9c7ec2aad926d701f30eec76fe699265ae2a7765d716958069":"6a03c28a9365c558c33d3fdc7e5ebf0b4d32caac70df71403fd70ced09757528":"a58546c72a0b4d47c9bd6c19e7cf4ab73b2d7ba36c6c6dc08606f608795ebd29":"5b029ef68b6799868b04dc28dbea26bc2fa9fcc8c2b2795aafeed0127b7297fa19a4ef2ba60c42ff8259d5a759f92bd90fdfb27145e82d798bb3ab7fd60bfaefb7aefb116ca2a4fa8b01d96a03c47c8d987fdd33c460e560b138891278313bb619d0c3c6f9d7c5a37e88fce83e94943705c6ff68e00484e74ad4097b0c9e5f10" HMAC_DRBG NIST CAVS 14.3 PR False (SHA-384, 0, 0) #0 -depends_on:MBEDTLS_MD_CAN_SHA384 +depends_on:PSA_WANT_ALG_SHA_384 hmac_drbg_nopr:MBEDTLS_MD_SHA384:"096349506f3a7653d54db7ec1d09e93413edd175b6ddbeb00e56752a520ac8fffc7983b918acadaa71a67e1624f1b5024260a0495fdaba58aae41df82505012d480c8e4f751fd7ebc39f9becd694b2a3":"":"":"":"":"f4c7bec0c26cf3892d214549ac6f3d82f34c6966d4295099ee56166e879a70ecae130251facda351e903d877b6c5eab5153ce87ba6c7cf8bcc61cbd14cfbe34cf1ed43678aee69cd87b60e6bcb6ff48ebd44ce9e31982d8fe20aec34fa51d625f845f61056575969bf785c2ffab4dcc754f13de63423e94bad8d5e166d96a62a602d3ee4045df162028b89cac45e6207d9097f2b3ac0ab17729251985f276f1287f5c56cc9ba1a79fbdbb291f3a945fbfdbd63cf13b82ec91f7b1085b33279e3" HMAC_DRBG NIST CAVS 14.3 PR False (SHA-384, 0, 0) #1 -depends_on:MBEDTLS_MD_CAN_SHA384 +depends_on:PSA_WANT_ALG_SHA_384 hmac_drbg_nopr:MBEDTLS_MD_SHA384:"aece2087b713992ff49d3bf404dcda18403e015632ac03735fed29102cfea6ec1b574952687c9bad0e9aedcfc1da568be632162a83c802ab94f32bbd87f6cf4af1f2703f4a02af7d60e22383a770b9ac":"":"":"":"":"c0344807d5e3ea29fef73afb2b83dfe0aae186047fab6b603d8608df49476be18bf1f0f4707198fefa18804404887ea3c598d887e938440e1fbb8ed0a1a330cff84d952cc6405b12e7bf51b0c67d5e4896006dedb44637e393a97925890fd5176252f69d43920043844a91d0840844d89b8715052cec31e257c121d3fc0ee807b84afabee59624a00703f464b0079f12884a6e888ae4959c5423604f8ae2e6b57f4428e10b680cb74cf20417380dd5378449a24ef95d9438b0fee386badee962" HMAC_DRBG NIST CAVS 14.3 PR False (SHA-384, 0, 0) #2 -depends_on:MBEDTLS_MD_CAN_SHA384 +depends_on:PSA_WANT_ALG_SHA_384 hmac_drbg_nopr:MBEDTLS_MD_SHA384:"c39e77d579755aacd454ab7ca6528596c397f28bcd5467cc7e0fb47f398e875da83892a840381c1bc03b7a223e92904a714dff45759124fa33464a97d7f0d7fd2d1c6c21663d31fe80abdad59458c228":"":"":"":"":"10f8ec63a550c31ecdaf2fb1b373f71f18d146ea033dd65cec2ec0b73b55bb6f3fbb7136dd045e09c4073247f093493cf26b6683bc9ebc98025f75fa405fb8deecbffeb0236a33f0ed6c7600d992ce5a268c86085adadf68047178ed89d93d739351f892723d8d6e4f428946e4e6dad1d640a9c11de23ce9b793324e31dfacfd367d86855a28cc544f88b8a91506753fa061cefcb9d77bccc15a23a84dba644089ee03db8374fee91dc23af6672159b0d2db219ffd07390b69879910b5c336a5" HMAC_DRBG NIST CAVS 14.3 PR False (SHA-384, 0, 0) #3 -depends_on:MBEDTLS_MD_CAN_SHA384 +depends_on:PSA_WANT_ALG_SHA_384 hmac_drbg_nopr:MBEDTLS_MD_SHA384:"d2e8a25249ac850fd3b01f62cd1eae3dd94d38e724f8e2644b7bb510c37f203890242b11be773beb202e9ee93899b60a00ebf08db1648c8750b14d7b784cdf0a6d4e7cdc816469cbdc3a08d6d32503b7":"":"":"":"":"019f74eeef674ef100ba4a1835bddeb925fe6fffa97113dc00d7d8c0ed486a73e831561ae44c5bd90e189fbe2bb1bfb84f3e82ec8809699ee8c2fad80b464b6b344999c364868300c1edb065ae86109dc29516f2bdfe2a046ebc8725044c382d93990f1cba185f61f71fd22fbd076d727de32a6c1d2f430bed491c9d09eb6ee669a1dc4f8048c7be199c7cbb5aa4f14d1423c8a54763869f5dee947f776ef2543ebb88d3004739089efd86b7b22327ae952747068b35d4b3d86cac1debce3e41" HMAC_DRBG NIST CAVS 14.3 PR False (SHA-384, 0, 0) #4 -depends_on:MBEDTLS_MD_CAN_SHA384 +depends_on:PSA_WANT_ALG_SHA_384 hmac_drbg_nopr:MBEDTLS_MD_SHA384:"cffc6c44279e641856c39f14ed35440ea2f149c77459106f960caf910af21c109067c0f9445320adfc0aaf0c86120a38584747b4049588e5d93569fcecd358c51507bed59f96145bb8db6bfb4ade3a2e":"":"":"":"":"928d6d9f9128b0af64028d5d2e94414af9f8dddd353e4155f42a5d08f3e530930e01ec0dddf25d65de7f49de702791372c71fcaf5f20bdb24eb999752bfdfca28525b16308d46cefb0bc3b260490115778161db2faebbd687b940ba098e3d5be640565b81ed9d434b6861fbb4cf034ba77380562119aa3164dc53653d4e82ec84cf351c35b1b668343faf17f172eb4c0cc3999d7d24aaba58dedf11225336b5bd747825d2ae9100cf6da3276f26cec198e52edf9194162483aa4a45fa348d0cb" HMAC_DRBG NIST CAVS 14.3 PR False (SHA-384, 0, 0) #5 -depends_on:MBEDTLS_MD_CAN_SHA384 +depends_on:PSA_WANT_ALG_SHA_384 hmac_drbg_nopr:MBEDTLS_MD_SHA384:"3a1f0474c279548c086de9e12ed754c49a0322e6631f7f441c8024fea654bb6ce245c357b13ae94064d1b41c23e5e0496199e8ac9d535f8d95fcf85fdbd31eb33c20793f35075c412ba7213194a873fb":"":"":"":"":"954b58042d028abd00f7ce3d39fdb61e0cff6c40391ef8629e87101915771b8d0c7e24292751aab1219645743c6f54306866775e28b54818c759a6bf807c4982eddd4be5e22fe35a303cd503d122cc3fc5cffe50b03117457e2efc1fd91a9768964552116811b0e65856e8f8256681c722ea2652deaa2498025e84262a3fdd78bd33bc36c057e198327a33232ecd36501a0acf997d0149b4a833153b710b90c8722b232a574d22e7026a89a4d9cc3506cc9942705a162b34db9f49301a087dfe" HMAC_DRBG NIST CAVS 14.3 PR False (SHA-384, 0, 0) #6 -depends_on:MBEDTLS_MD_CAN_SHA384 +depends_on:PSA_WANT_ALG_SHA_384 hmac_drbg_nopr:MBEDTLS_MD_SHA384:"e5f4fa500982bdf8b023788f9a5532482b29b12e8ae776111adaa617a958ce8977873caee6e82c5098ae77287bde1d8295b8aa125923dd7f8e05df78adc29898836be76df7c5aafba6493b211cbf8b94":"":"":"":"":"5b3fc1a7ea418debe79994bc0a8c86f487ed2f320c34293db950a1a026c239b8da6226d1dea509a0fe76f5a811c9391a622343324c293a0090587c10193a2961e358d1e71c269827e0d44e93d87984f47acf5b4751c8c066156da1c44662af4826cdfb5f7cf98b1f0200d3a0d7b99fea7f1b17dee7acfa5baee8f95ae4e0bc050bee2eeea7c09baa729e6e02ed19476ba3f8f5a8c1660de0353df8723efcd98f5fcaa56f6eda77f2d15c76d26989aa998c4afdc53ffcde47dafba8fe5818e8ee" HMAC_DRBG NIST CAVS 14.3 PR False (SHA-384, 0, 0) #7 -depends_on:MBEDTLS_MD_CAN_SHA384 +depends_on:PSA_WANT_ALG_SHA_384 hmac_drbg_nopr:MBEDTLS_MD_SHA384:"b9444339a8738df6cfe95b6dc28980d02799b2ec5c8dba9ca98fa8075621a04172b0c9e414ea33c8bc4b3beeb536161cdb9a2a516f3e87bcc9f92ebbf4ac1a900559756903b72c4c1b5f9082d8b341f5":"":"":"":"":"09465004f009ed378f440c10fb122a265f464d373e7f1a1719c713f6bf38d28fb5447c269c127a0c10081533a847c0e19f4b640be0b1edf84d95025d56679e5880922f29c942e7284296a9309b4fab1b5bd9957d470db28d3d36a3585fd37573e8e3355d03690241d6f7211d8c6b054a813ba25f9cda76202d3270bf12f66d2e5ba5a946c7d28dd22d55d34a30a040aa9782d1e494603143d436cbb0212fa0df6d1bbf4f19818b99a68d9cb062aaee8fa05636fc60a072ec6e5ef24566c6b96a" HMAC_DRBG NIST CAVS 14.3 PR False (SHA-384, 0, 0) #8 -depends_on:MBEDTLS_MD_CAN_SHA384 +depends_on:PSA_WANT_ALG_SHA_384 hmac_drbg_nopr:MBEDTLS_MD_SHA384:"2aa822efa22d4cd65359107c46309033984b8e9c3ecb1b77078a09ad9ec746ef4f64b287bcc3064867b678f81ab209db3ee132a11f8c9246ce0a3d6deb3345f9b15e4cd048289991c64a21afc46ac98e":"":"":"":"":"7b79baf0126782bebf1794fb48633dc69ba88d63504d27a206d974854d446737da4ca1fc5bbc54368966b583dc441b105bb30b3be19f2778ed31564acf333b7c4cb1727480aa985afd80396866e10f6da31287cce07358d6308e56e3bbce8613bbf472aeaecb27e66305e34af593c8631508cf7d2c512df7c9b3ab04a4ede436b9d2e6919c03a525dceba10afbf6e8a641591d09e8a90543f1905b08537b8868337c774c20ed47df32d115a7f3306d808bb82d06bcbdc81042d0a16a3fc8d0b6" HMAC_DRBG NIST CAVS 14.3 PR False (SHA-384, 0, 0) #9 -depends_on:MBEDTLS_MD_CAN_SHA384 +depends_on:PSA_WANT_ALG_SHA_384 hmac_drbg_nopr:MBEDTLS_MD_SHA384:"a32ac0aaaee05d57cb3a626fd26854ef08a3ad42a3c688ec6a9f9b67bbff02f86df150db0de2e3612cf106d9f158fb570901e1efb12252666e7a680513cf22bc0172c4f8c0d8b2eecfa1d471c10c9ef8":"":"":"":"":"8271bd7aaa795b58d8f741bc207332335a68feb66ac9c3bfd5dac72f20807029f555c3bcac629d228c3a77d596d99c5d545a8dcdd0a2fb2a5eed5c3492618dab4f763ecd7c6580817c6a7acca42d81831bfc13f38ed56ed42055877c7f31dfad35a73eb2052f6f9183dfc89b5926680dc2aa85995d42a0c073c881f1ed332794a784553493bfd842225030e0056d76e52810236b17f6f067d1272372395ffe9c2df3145cc65ed2c6f2f121dfc6c1eb8fa6132b44ee0373c7c027af80383d4a7f" HMAC_DRBG NIST CAVS 14.3 PR False (SHA-384, 0, 0) #10 -depends_on:MBEDTLS_MD_CAN_SHA384 +depends_on:PSA_WANT_ALG_SHA_384 hmac_drbg_nopr:MBEDTLS_MD_SHA384:"c586e0f5999f107281dd5c7ca1ff88d4617b4fd1bb61313895dd4bede875c27b5b0e6c5ba15e8725eba8fa009406aa3d8b8b66f13e07c8918c0f3f55262debfbedfc641329e1fcd6442c245626cfd206":"":"":"":"":"9d4f4f688406d8e57d96369553ee39267a9df9020d7fa78b39e1f246675b70a8080cac5aa6967e78c55071241e20a9446a82507a215a6c5faa3a2ea3c05c12905558d98a8eef90c8abffe6cf8b874c5ef057e365fdf179438de6a78b4dcc075b41aace875a5dd35a44f2d2b17d6ef6aa91f79354931c4d487142f7ac2120fd78caa6c7ff5298729de16c0e8285d73a3c6a95ada99f329dc9aa0924b0059a6585853296789b7e1129432baef4bbd2240a8ef7b19046fba104a85d43aee0ebf021" HMAC_DRBG NIST CAVS 14.3 PR False (SHA-384, 0, 0) #11 -depends_on:MBEDTLS_MD_CAN_SHA384 +depends_on:PSA_WANT_ALG_SHA_384 hmac_drbg_nopr:MBEDTLS_MD_SHA384:"bcac6c2160455e7db38a9c94ebd329c1ac043b6ff607a9c76a86156974d30251b4f4b14e6cf01d407cb426ad61608d1599a6b7ba9402756bea2709cf3b162cbf040d0f5f38fc4584cb9cf4e6a7bb3984":"":"":"":"":"37d76ebbab0d4c8354086a5c5edd5aa6314a4770749d468b9e5d3454f2dbc9b25432f2d5d9f4b88bea7f9835edb22f8a7b09bd604703870abee1160369d0575bdd3847ee5fa93a9fe9aaaac0d436022f94d1b96655ab00feba1f40202425e51b084e372249fbc37f49410fc9d4d16173a9bc29181b62e342a8835f818d2647c45b6ce6c5b6f29add13d57e80513f767339575671bccdccdc9d093dbd72c91ba07d81c58ab5256b6744a94f0e75482e3848de891dabf384322d1419814cfe1590" HMAC_DRBG NIST CAVS 14.3 PR False (SHA-384, 0, 0) #12 -depends_on:MBEDTLS_MD_CAN_SHA384 +depends_on:PSA_WANT_ALG_SHA_384 hmac_drbg_nopr:MBEDTLS_MD_SHA384:"4b667d35a481779ad919956ca06e07366a974738c09a5685fa23b3fcc1a54260cd39d725a7f2661ea86a2d57cfcd2a91e08419476bdc5534df58c6c3b077d3acd27ace0472f91854c164de7f76a9b1ac":"":"":"":"":"c82e5e2fb08171c233670e9e5403b07c600be4e91ff5b57ae284c4d733139b56ece720e82d3f9ac185e37d0f44d5281224cb5f9d230dbdfcaf1756389fe752575a2764f6ae775d0a82f2eb1d901ab04b59b54b5fadb2acc9b9af3e829ef19571dc416752b1bb0935ea2f3ad69dc452285c2f08412b11794134ba3bda0a10425576e88ea7b069b74b436aca93fe9dd1dafc78da1227b13d70157f60c9bee644451f8765e4c8badddad6c779d6b42d4e8b5ba65269186b04c38db348ab5f7a4146" HMAC_DRBG NIST CAVS 14.3 PR False (SHA-384, 0, 0) #13 -depends_on:MBEDTLS_MD_CAN_SHA384 +depends_on:PSA_WANT_ALG_SHA_384 hmac_drbg_nopr:MBEDTLS_MD_SHA384:"c0db9453f84c2aa74bf93ef21b9e7802bb8995f6fa5e634cd4064ca2a0075319a969bad1345bb5432df63412807a646d2008394d83989cb4a506990f59f8da80e6b3a1df3fb8d726639d59cbaed1562f":"":"":"":"":"120bc268ca0d3f55d5aff5b360ca4d29a4b8ec5cb624f9674ef0a67b90bb70c238b94b2bf804fe74ca18f8364ff8b1e50b2315f8aa0c3fea663e93c80544284136de1d162e9078e9a074a50b493bcc7e0c83a0047199164a2d32133db57abb05b751a357abd3ad5298773be21c534f98645e94f0935afa53729462acbe55993b7d801bd6b0cbc8eeb5a1c5f0c0d690702f8de0a1a78dcca8862538201fafbefee55cd5be62afa8e5111c89f1f68d0f1760cecc86bf6675cb09b20e097bace037" HMAC_DRBG NIST CAVS 14.3 PR False (SHA-384, 0, 0) #14 -depends_on:MBEDTLS_MD_CAN_SHA384 +depends_on:PSA_WANT_ALG_SHA_384 hmac_drbg_nopr:MBEDTLS_MD_SHA384:"31836d292cb46aad594171e76237a3422844f62fb14d0cdf63ba587e73501051c7cbb280d4b46412e10927c9523bed1beeb5163737db7f910e444e5d5221c5469655fda4ab7218e63e1451f461b4fc70":"":"":"":"":"1cf3b49f28b791e7c81706fb1a870f1af134a0fb0d2aacfcd6e446caf0a91c04dc160f080ebd5503fb7c16ad9229bf0a7bffcaad07329d5bde4576870758a4bffebb6b5c309114688db8e59a55413b4b37689df38d72bc5358291bbcc0b05af487a33934ce626efde918d0ed5f2deb75a17bd8912a31dccd783354477fa850520c3b97b56c6d2b9e4a05d49bc36e6683271f2322c9a546fca88c502187a5f4a2035bf5c527aa312f16c357c37162d722510b52ff8357490a096692572cfd8b0f" HMAC_DRBG NIST CAVS 14.3 PR False (SHA-384, 0, 256) #0 -depends_on:MBEDTLS_MD_CAN_SHA384 +depends_on:PSA_WANT_ALG_SHA_384 hmac_drbg_nopr:MBEDTLS_MD_SHA384:"a0c341ddf73d9404177a5fde32cbe21319c318f35cc9afca9ad41a3b06e13491e843cc6afdf2bcd00ce77ff06ce3d8a54772c46baf142e569ecd9131d6185af3575bb62a41cb646bdcae8a7a9fe60cc5":"":"b83491ec1bd89f3fc84acf1aad6fbeb8ef6ab949f41adc6d0dedc53722c171fe":"b76cec3d6300ecc4a02e810296c7e70bd9b4e7121fc5e971cbb94337980fddbd":"2a25cb0ecf913749ad46b585c76097739a14ca7b59f1f3ce4f79bc8a4afd1378":"98c01d4527fd131cc327e9632104d9eee10407cd73ab607228d37b9b72ca2c987aa794804d505d072561ccd5016bd4189ac9e3db9187822877dd533347b5d2071818bb7683312e1e8806e9b73b021777f7f878bb7d304ec58ce92e5e36d3d05a7383dc77f3fe6eb84b615f3f290bf8a43c34ef5478a30a6ad616157c9d7dd046aa66b522bcef61c9d19382c32425d38ed3fc049e73035af1e8b97388de22c4dcba0bdc09fd36ab7eb3f67659cbd92b8d7f6d74b56fc8daf17068c65fb016e29f" HMAC_DRBG NIST CAVS 14.3 PR False (SHA-384, 0, 256) #1 -depends_on:MBEDTLS_MD_CAN_SHA384 +depends_on:PSA_WANT_ALG_SHA_384 hmac_drbg_nopr:MBEDTLS_MD_SHA384:"7817fe880c0a4224eaed0da5f3962727e4b3be567021d37d3b6d4cd779274378f1cdab91c4e7c1433dcdcd0afbe4b43c32a2b5ffc520ac3721bfd5352fed023d04439c176288521319b5e315b6e5e85a":"":"c7708c25003e6587fc8c8116c500d37299f5d5ffcad3405349351d4fed623874":"45f88f2df43c4b9c3d829b7cfe61904ddf658c16043271f01c5f06ad3ec7bc32":"883cfd717ad8466035e6d3f3c04813e21657ad62eeaca449785aeb0836ac94f8":"6e0633c532099ebf0b10d4ad35d78a48b82fbce37913e655484ae40e29772a25630a7ab37f1d0ecdce27773a2ce88521b171432c07c02269df1822d2b6cde0d9f768375d9c60e688f497fb7ae262cdd5f7e8b84b84411d619c36529b41576ac456a240ed94d750fa722db874098ef7200c74c3234a3e5f21fcbc2cb5d50c4297d1e70901b8936964ccd242098002f4c8ed7dbf49de8c2a924c737f248d46ac1469f676377ca52cba12f28d9b534504d6e8423b5404b7e14de954b4225bb53551" HMAC_DRBG NIST CAVS 14.3 PR False (SHA-384, 0, 256) #2 -depends_on:MBEDTLS_MD_CAN_SHA384 +depends_on:PSA_WANT_ALG_SHA_384 hmac_drbg_nopr:MBEDTLS_MD_SHA384:"f2bb6edec000982bfdb301d1d88a23ce840e496a4f595a662e4127571264f1d7e9e283c567f11e7e266459fa781c6fd95339015836ebd69aa42857010f44e8a72b81f501c96931fb491dc1192f6f6a27":"":"ecd5ea33146cb74a707eedb8df881eddb1797cbb7b16c16f8d741d23795774fc":"d410d6e2e848f2241ee45c9870064ac0217d97f59a8e80f6b5107ff0e4240bd0":"8a8c58fde3b8c9711757cb17e46587d0c5187f758d64478e9968604af0367136":"990b1f68152b3607f3011f8d04ea33a3e8fc479c8a6eaeb589133569048fe1284ab44d51bdcf4f0cd4c8d64f4c6337cdbe5f4f497ea90ee4204845bebca2ffde7831cf49892829322644c4e20a45a9885ff619bdf5e79ee53c26f47072e20a46d2b108d180d6ba5859a696f472bfaa80b2fcc7eda374a3f91ac0b06c9f13afac1af244a389cab4489d0ee04a0598f9c5168f39b40e7127dad9f20d69ede6cae7683b25ded1cf9d903541fb4b0a804d7c163ab068d22949f28a8f4e853e691e51" HMAC_DRBG NIST CAVS 14.3 PR False (SHA-384, 0, 256) #3 -depends_on:MBEDTLS_MD_CAN_SHA384 +depends_on:PSA_WANT_ALG_SHA_384 hmac_drbg_nopr:MBEDTLS_MD_SHA384:"6968f5b87019b4cdafcc9f3a89321f25ef5d8d70fd0781c9e3bb01b3ada18c8b61d9142b639aa75f5f9d798ca538475d09b121048e8a0cc4b2286efa12fa8b4b959938261a1ec8e607526b7a27931191":"":"fbe6b8af6685422eeeafc32327a99104b45ca5602513aed0a5c6235328e8a7a5":"04f137391e27caffecd4413c775117feda27cad839aa900ff2af47c700034b08":"f185925cc180e556a0703a5956ab6d846121f9d9cff97f65bbed3bc44904cb5f":"c8bbe16192bda74ef89d9859b248ac658896bd40b5491c90e923cab6815ec3d2126c62410370f5f44e01fbf1d1653064aed835604d5fd0633c8b71cdde6c831cd91d69e420db83e6d5d82c26c47a11f2ede616a2885a884835cf2142a6ae4cabe989700125df12902374bcce04f3fd78f034e50398d9bcf463dde6796627820c75a7efee82fe4e16375af57ad3154973042e0a92110ef745f468377f6cbec5fa1a1470eac80408f8e96d37248b100ef8476c2a85cccdfca5696ffefeeecda9e0" HMAC_DRBG NIST CAVS 14.3 PR False (SHA-384, 0, 256) #4 -depends_on:MBEDTLS_MD_CAN_SHA384 +depends_on:PSA_WANT_ALG_SHA_384 hmac_drbg_nopr:MBEDTLS_MD_SHA384:"e8e99ffcf08aad8e50386f5d079d79d3db783a74165c6126b42b3140f744a7c723541930c8c772adb62981dbef8d054ecdcf1c30228904bd7ba31798bfbbd64757aa251ac9a1ae8c20a050670feac59b":"":"546e04247d6cb5212a57b62f99e1cca767a5768cf79296f45f0db24732ba6368":"fd45f66c8dede41387373c38674605f3e075c9b7cfc66123a5478b8f8e3ab276":"39911a79c6edbbc805a50d2aa018742094177a8e216d647c64428c00169ab2d6":"871577ddf34b29e5caf132aa82e1d2f1586b76e39aab62acd02f6d4440908a772ac5f6fd48c5f55f1ebe0e76221ac46b834a8a4f5dd9958721ee053ba3aef1574ebd980a5da6a94693662717ee548af0f921421d1afb814e4d1799d351889d2a1bdd57570a913e428e6613b16e158c1cfed038f6578920d60db73dc10a40da9bc363a0206b4e7e49670eccea866efd9a05bc237042cf052f2a4140f9377e3c6792b88ea06323fcebb99c643fc1c3653758d6866cdb148837fb0fdf77de1564cf" HMAC_DRBG NIST CAVS 14.3 PR False (SHA-384, 0, 256) #5 -depends_on:MBEDTLS_MD_CAN_SHA384 +depends_on:PSA_WANT_ALG_SHA_384 hmac_drbg_nopr:MBEDTLS_MD_SHA384:"c7774e199b5a8c0b306ca236163249044ec2153dc89bd1c1459cfd40cc6069fd1921837aaa80f4dff34a97b4dd7e94c0143efa24f34924fa52abb4275a63cae7048a7fbb8b76300fa8d109f9561f1699":"":"1f437f758512071bd23d091c2b1ad8d51b99acc663e1d037fc5421092cbb1a45":"c622ac1071b50e4f899e4760cfed476adc013b6ff95c9b7be671f79cd2487ba5":"f973f45f75fb0d68e0bc5a723a72e722e6c8f3fea08d785141c78786da5101c6":"9475c697af430e94ed396c707bb7d5ee5bff18405131a0e898ed38065abc28ebdc1dc33d767c4dab69c846e3350bb414ef2d43798710958a6ff3e6b55de93c2ac31793a1dd4b07379e364ce72553323b9bcaa8839cbbbd347b4a82010b78967219b84c6fe9f9285ff741a0036aba6bfa7dd0d5a4ffc1936341b0e2a31082123b6d2af6740cb3ff43bb4a87ee74ef7eb06030745453d2ec225c8f31d214f1dead0f29af01ebfe90d2f8a8bf5e031242ebfcbd136b3e3db1f63a46f69a26d6159f" HMAC_DRBG NIST CAVS 14.3 PR False (SHA-384, 0, 256) #6 -depends_on:MBEDTLS_MD_CAN_SHA384 +depends_on:PSA_WANT_ALG_SHA_384 hmac_drbg_nopr:MBEDTLS_MD_SHA384:"898963d0237c58e4b7b6e894ab271555407d3ae8c1c4599f5f5490ad5701984a6e5ddd58d311b547f6fd2d4d67addb4ca6b86839b83978baef72b8cfbdd0cf180518af0e32e52ad4a73db460af05e187":"":"cbe5f14445cd310aecc97113232a0121ed2082f2c4152b4be68448f36c91b1f4":"efe0ef028e4179ae10b378bcda3d96056ff21d94404bfe022b563cb6690ad563":"98cf6a771c05f904b53ff9b12709d20bc3f1821385cf27ace7a4a584e73866c2":"5682b6bd667b45dcf16527a817852b52a7f5d0fa8c962f3dd3af63e7e71990da92b75e9fcf5de59b1565f525a734e978ba74dd80fe89a2e527960ce4207b9ca514d933676ad93e6dff5d57314a45889637a623eb7832854c3897faa511ed6dd246d2b8280e7d0524647d4bf7715b5546e0a9a1dec246b1680adea2eecdc354fb3122654102cd0bf94ac9333caef3fdc369e7649653352739783d048e08e8d231b332fa1558745e2ce89dd76d1dc442a71dc3d5eb7d3481558941e261f989b097" HMAC_DRBG NIST CAVS 14.3 PR False (SHA-384, 0, 256) #7 -depends_on:MBEDTLS_MD_CAN_SHA384 +depends_on:PSA_WANT_ALG_SHA_384 hmac_drbg_nopr:MBEDTLS_MD_SHA384:"426bfdd4ead656611ce49bfd9f213843c194bb6863534ebc258415148f457e6e685fcf539922aade348a2af678038610af676246632dd70920d661518d4dc5221381b2fbf1c2f3bfed01cbb930398095":"":"971785b18e244d03e25b9a80c2c2204f5bab6dcbcaec986342450eb9b376bb5e":"5de582cba43a610866578604c9f2a542831f41c277d50b324f4edf1e2e5d498b":"46e4c325d2c45e00a3c17ab35115b5370abbae61337eb2da4e6aa91f951f55e9":"f2e8be2e994b74a4945fedabb167778523865ed27826f9c26ca2b49bf32af1626ae62bfeaab13e9bc52a081f365062a5cdbed0872f6479cfec5a5e79171d97ea898e8d10ed71203882d1d7b7d28c5d59b8872985abc628e73622f616c4c0904ecb1e4518be8b4398662dff8806c3f43750cc9be95aaac2a4730f40323d63af157d13555d043c4d0d7cb53f202df282fdfc5544a234f71121e893814f4bfa926351c5e9427e90f1117a3bce7a16f0e08cd06c3d7c458f9d07ca3269e015733aa1" HMAC_DRBG NIST CAVS 14.3 PR False (SHA-384, 0, 256) #8 -depends_on:MBEDTLS_MD_CAN_SHA384 +depends_on:PSA_WANT_ALG_SHA_384 hmac_drbg_nopr:MBEDTLS_MD_SHA384:"ddfb3d1d93e977aecd08efbd71dd48168e67658d93596b742670ed7c8804bd3e730d34a80ca1fb4ad2471ee22461bbda670337d675a17721ac63c3793153830a26b1871b316a3e10e49c555f44719577":"":"390c53a5ec1db52996eb042f9a76e45f0bca76ef6ea31b4642f00658342e601d":"b5436e880c15f03c3bb846d90f3ee5fc5bf5393865a112a4317d724738f5dd25":"d193f932af858698ab086bda36d04dfdbfaf487fae4298b38fef97bccdf63f38":"bdf9e1ba1fbafdb8f4628098aefae4810ee7fd565d0d285ddc3840f8e24a9985c2de57edf5a511079ba6c952c95c626e296fd62f3579ad03db536238fe69158317c9c26d373816343505c60a48e07a00edff8fbfef0ce69ed176e5484d056af02a270bb6fce7bae0b223bfd98ad359d53b159f3295be3fd630a568d2363121c7021ec23b14693be48f5b55e06be3d729c2a80948194b1266da96317bc592362809409a7666d5c168125b99de26da741f17ca52d63685ee8d8260d45764fc78ea" HMAC_DRBG NIST CAVS 14.3 PR False (SHA-384, 0, 256) #9 -depends_on:MBEDTLS_MD_CAN_SHA384 +depends_on:PSA_WANT_ALG_SHA_384 hmac_drbg_nopr:MBEDTLS_MD_SHA384:"457e49a71da81a2a08bb19b97ba8e62ae4b5ad4ae64daf758a83a75506f9251149b2bd7180f69b9217346f8165b7cd8f100e0b1066e2877f5e5da21b037c2bbf178611dae627d9beaee64a9d0186462a":"":"c3181f694695c21405588f600ac33871b519e2b8e3b876424b32753da483d6ec":"68e717410f99ae13712175e402b51058b7625b7da27224414b472f9622d163d5":"f2cf13d05e853a13ed47c5d0eeb9c0416688050342f0d345ac1bb21d5ae675fe":"fc23aad02870885394ca831b72201d76cf736f08f6132b12178e8e3b016fef8d3bbb849e5d935ab732054ca701154e7d3e87d1b51b7392ccfaa19c4ad28638c67bd149ff67a93c09ee1fa5c2ef7bf9d40844baae79169e52e9990c93f099e036b63b000fb8ea67a13167b045c8f9163045beabe0575fef00b89fd90390b0124961698f4ad8884a1e1faf576de7a179c03221402279b31c93136b9436f9a07b5a67b1c199e7c6cbd0b5f53ee5bd0ef845243077c6eda0e021ac9219f6db5ad503" HMAC_DRBG NIST CAVS 14.3 PR False (SHA-384, 0, 256) #10 -depends_on:MBEDTLS_MD_CAN_SHA384 +depends_on:PSA_WANT_ALG_SHA_384 hmac_drbg_nopr:MBEDTLS_MD_SHA384:"79e96cc8e77d8fe72cd6c66becb52753cea28bf71680fa541f345b83be79973db4081201bf23c94d1828e9ca1e825ac18aedc5ceb87a4c1b0c333c88d97e0f12d61b338e5ace5e15f71283d31a1ea90f":"":"4304ccb2666b227c92e2b00659ce0b34dbb53451591e32914a60d6e6cbbbfdd6":"d6e74777c02252b0613357b9a582f4d8cd7e436daf1674a663561b62d8ee7143":"0de123897d5f090b52db88e4c0f9fe736ccf27c134b0f5eac61b200d15e07986":"55a369d136e2d903c179472eebfc45ae236994669c46cd318401bc662f38a1f714f78ac9f15c819d2bd876a7af51e6caecff3c650a3e661e5d137a354cb16aed5b1554545bde08c10baaa5bce22284083b43a6dd9941a37f1a18929ced61181c137e9e38c79d107465a5a12f2a2f37788c8e398ac48b2be944d6dd3562c05922c25569c26a1203fdd244920e6c268028dbcf6807c05bbf1559969981467a479d7117a91f210118c1159749a1dbce4d8a0d5f2f8232c5152cbaa6441865ac3a88" HMAC_DRBG NIST CAVS 14.3 PR False (SHA-384, 0, 256) #11 -depends_on:MBEDTLS_MD_CAN_SHA384 +depends_on:PSA_WANT_ALG_SHA_384 hmac_drbg_nopr:MBEDTLS_MD_SHA384:"b37180874dd4a7e08b1256966ed5845001b0773b5136956dca7194cd12a9d9e1f1dd35534f579307de11c1e64875e9377081de3095d83ced0ea3df2ee8d5be4daee545b431dc908bc10efc04db16ab4e":"":"d3c8aa88cc8d5b59af3685177cf3826cd675854deddcb9b501c40c4288cd9cdf":"6783f5bd86fe178e6a4d303342374ed32853925f143a5ad083c04a9c298feb99":"4774e5d062eda04b680d717f652d87bf5cf635f597287b76fc35e2d5ce593d08":"e478d45fd3eb6f4c398a0ec84f93ea6861f00666753c143506c5e417100077e2c4c9ece450d98c9372d68aeffe9e57ef9176d4084f9c6d02479b516942dd4792a90ffe1e4e49a8156bdd872f1f05facc06e71e581f919cd94fb97208515ba284fcd255ea6f1d1ebb7d351e1ceea1cdee631072d3fc3f4ef9d5fc57a9ca98c88b81003d858cb5be0a3520c34e52d3beeadf91388ec9a495b1fc7ff7a6799ab0af211abf52c15467274c04bd104df14033df000d8624acd253a6c954c0d89b7238" HMAC_DRBG NIST CAVS 14.3 PR False (SHA-384, 0, 256) #12 -depends_on:MBEDTLS_MD_CAN_SHA384 +depends_on:PSA_WANT_ALG_SHA_384 hmac_drbg_nopr:MBEDTLS_MD_SHA384:"2779f20c02d086d30d53dbd6e7396a35e677214650e39f2ae83077fad70c068005faef347e7f73efb53a92f0629e012c7e1246d07b4e1bea7008dd8ecc7546e3f0a6e0e950e083373fde3fd994e114a4":"":"55edb840b85b391d4f1940be52a3e3824119349c780811c570d2c88dbefcea16":"e83ef56f09f82af4dd91a0b887d3f182dccd973435b74b7b3c432b39a61fe720":"eb9f30f2886d0486c5240f43104e426b36aae0006c4b9c64dab1bb713bcef7e3":"68c3feda06172a191184e0bb77a8f3c9096048bf71ed95b20cba1b1726660900d7d9f97b7ac648c76b50b921c28eee3d401ba81c8a46fabf82301fda8ffe9d76bd93cb275638f7c2088cfde88620661eb844cf953cc141b31e946338a0203c8ae67c2af1330a53251818aebef893010f16a519fcf22060a9aa9c597f3409465cf3c9ccf753db8c0bd3b465b028adfc447e37b5129c17ae9e8bd01f762662c466491fe57384825c163ab8a26d67efdda01b053c19d3bc6545c3661f2ad1df1e33" HMAC_DRBG NIST CAVS 14.3 PR False (SHA-384, 0, 256) #13 -depends_on:MBEDTLS_MD_CAN_SHA384 +depends_on:PSA_WANT_ALG_SHA_384 hmac_drbg_nopr:MBEDTLS_MD_SHA384:"71c9fb2eb8cca98860f955a8bb3669c70b6f5374256da23fcbc4ffc2e90bc0a043b8ecbf1cb0c7b65a2cb7a47211541f2675512138964d0db8074727158bfb4f0d3c093f1e2c2bf697a48c2ebd27153b":"":"13b1d552e2c8c84f66961ac8c919166a248bc62fb896cff0b8b001cd7e147bd7":"27d626121ef579d9969809762c77068e4573af44b6e947a2892337a11404c133":"456ea206c38662750af39aed5fe0a39760f4dac85b83d7ccbc335f53a160a0c9":"464aee8af42ae68ee776780113805cade246b83a698c34bf4c92e5d81f28829ecdb808884bc7d784397f2b2f8c76a2e3517b53bcdc7257f44ec9357d014af4e8ddb44df98da72775567356f363fb85885f8f22505e5b5a80c824b4a0bc48029e3419d3d2f161b1469cead730cb123ca8387a2c8276635a91d0dcb2220797ae2702468587ac3a70b927625f3a6e2980d6fae6fddf4b380ca0d91eb4aee37b98644bdeac345f49523a241ca392972da02d70364f9401c21fcf39eeaf414a09fdfe" HMAC_DRBG NIST CAVS 14.3 PR False (SHA-384, 0, 256) #14 -depends_on:MBEDTLS_MD_CAN_SHA384 +depends_on:PSA_WANT_ALG_SHA_384 hmac_drbg_nopr:MBEDTLS_MD_SHA384:"c9e54bcebbbdf44051e80b91cd10c87dc24267923350b6770406551a5069ea2255201f3f15bc3a2e4caaf0b45510f19db299a41db8d56ce993ade44323c455fb1a3f504124c35a9e907d9765e810c939":"":"2819b3ee279d57145ea1020ebc77c46031d69524a843158192e081f2ac91512b":"269ac853ccd332fef61330af7e80a33791ec44b6cbb83006e5ca0670597b35b1":"fdf031b1e0a8016bdf6a6ebb533dddaae1a3a5b14b9cf52a1a8028cc720b10c4":"a1c4c1d6e72dae5e4714bddf4a1cb8d01cff8a3973b12022011270c0de7ceb85ffb6a6aedfa54d0521ff33d748fdef8f29c52c7c414e692a30dfd0013776b58f58421605369c83d4d891a19c782a2d036f9638aba9e24b0eacdee87d4a8011699b638c287f0a12f11ede86a946be9c00d21a31584a2a0da536dcbf86e2df63be9a7b771999c9c7a6b748de713b7da757de2d731a8d980b75136b0fdc75ca7aef47cd36bb9370c5ca0ef81b9a04fdc78698720f68e5d54e1a777e557a1dfb4c22" HMAC_DRBG NIST CAVS 14.3 PR False (SHA-384, 256, 0) #0 -depends_on:MBEDTLS_MD_CAN_SHA384 +depends_on:PSA_WANT_ALG_SHA_384 hmac_drbg_nopr:MBEDTLS_MD_SHA384:"4d95f31b9606a5f6d04dff1d89b50becfd0882e6cf51c1c5d24ad843bc12d977eba4582c39d793a63eadb63f292568c7fc4270e6c9aec83186a20819a7d35e7f1155ea108794302d593c53ce9d25422b":"43bf6f32b3b5f580b54179e4102d063536e7c47681d6de3cfe88fd8ec66e4873":"":"":"":"e991d000b24ebdf838ba11f9849591b0029feff33604bc4d71acd94301f8d045eeb1f81f3a101a297403a35859113c099939638680d481c86067f54762892f82146f61cce7bc2c85d395348f3ea2aba6bb3e59dbcf8e41a81918b6cab304d44ea1e32573cd6936f38cdc11d3c2f96290cc27b0dfa3bbbafa9394acdf2f4435170b428563427c4b02ed25924226edf8d5a5eca4eec4aecf98ef2e6f75caa70bdd84877df2e637b7fad621c6170ca5bd86e21d0bb01cc90fe2e76353a9d5687bea" HMAC_DRBG NIST CAVS 14.3 PR False (SHA-384, 256, 0) #1 -depends_on:MBEDTLS_MD_CAN_SHA384 +depends_on:PSA_WANT_ALG_SHA_384 hmac_drbg_nopr:MBEDTLS_MD_SHA384:"1378443dfec3c03d36b16bacc480edfcb1a4a509c17cf4b35787dae3bc91ade6c113a1e0df927a4449ff9e2f4f1cd9a27b07f57ccd6777f6d6bbfc9655f0676d7b4f91712efd43315be7c7f30e51da89":"f67cd35afbc96756499c68a5ea19991cd1ad4880fdc13afaa817608a141e9646":"":"":"":"b32d9838b3f45e3c4b3ede1181bf0aadab96d22790d8536f5913fe95c3ec0179dd1c7ae69430bc8c68f4f30105199b785a11adf7abec007d18abcee2e65df5a211adfda35fed8b9389a61d2fad33fe020119e72c782a316f17f8a588239567315bda461f5f4518a1aece4d0ae028c153d67a8d4ce620e571faa0403c56bcaa864822e4d8ae6d14feafefccbe879ce4baeca70d436218e0eb3a62bf15c018fd4cf66a50e3d9d7cc9e4744e29e9c945eabf03a6a2c4ca57e582b60914417da57f6" HMAC_DRBG NIST CAVS 14.3 PR False (SHA-384, 256, 0) #2 -depends_on:MBEDTLS_MD_CAN_SHA384 +depends_on:PSA_WANT_ALG_SHA_384 hmac_drbg_nopr:MBEDTLS_MD_SHA384:"69e9396c58ed867eb52fcd046504922e2e9a9b059234cdd3f0a09eee9fdfd45dedf5d3860b25115f8a3d0e2f3f543890a23a5aa278f836577956944a098d18f05900d1b076d30ea745be745b9efc0dcc":"1b6e1bb613d199a5e6f1b5c2ed041cf6f6633e2ef4d50ecad89b28102bf70554":"":"":"":"ee09f7b24cdc6b51a8212ca00613633c1a5f044fa921bec31baf679f5ba66bfd723721a03e0f260a44ad5cc4c580080667a781427a34c3d2fdfaceb4b040ee675491c4dd0c0d13abbe81336384806e37f2729e7fd080fd57011b54b664d58534c831c90d182d4d955676938d484087b0086d2bf2737a912afb66101575ca2bc5acf845f4970bb1ce4441eb667d5096319d6282714a8a9708ef9964cadf596ac3e7b1ba18fdec7e2e22f5e6352e825e965a494cb880aae78477aa3bcba9428107" HMAC_DRBG NIST CAVS 14.3 PR False (SHA-384, 256, 0) #3 -depends_on:MBEDTLS_MD_CAN_SHA384 +depends_on:PSA_WANT_ALG_SHA_384 hmac_drbg_nopr:MBEDTLS_MD_SHA384:"d2f390fde0b50ea4afe6baf29a75e698fb0275c04c481df03910d238f4e72c6f63a6231df89123c2dbecfe0cb0313db34288f4143694ce2df2484d20884dbca097e35c3fd8ddee5273b53c1149bf5070":"2bc38d852d1ddee2e89b7174032d96c0b97f955e16bc61716c5c64248eb6232f":"":"":"":"e62346c72ef393a2904e982158992df4ccab03142c41d8d29c1454794926c48570eef34bd021d44cc9106401e9cbce6ddbb6c92257e89a787499d7f7a2dd527833307e02f44645ddbcb1303f1da95382c89805c76a2f12eb13d2b0205b7ec0ef21f596c98af608a2f2a2c5e3534e01a23ba25bd5fcba0481482e1ec8138fb1c86840060919d7620cb7b879d1096f64aecae1ea085a793a9f4dd665449ce73cb3036dd5f2a49138ce88c461a0a9e2f0c1fb8338f5eea53ab0a0ca8a8df9c315c4" HMAC_DRBG NIST CAVS 14.3 PR False (SHA-384, 256, 0) #4 -depends_on:MBEDTLS_MD_CAN_SHA384 +depends_on:PSA_WANT_ALG_SHA_384 hmac_drbg_nopr:MBEDTLS_MD_SHA384:"0cf86ffa1456c453b53305353ce43ad3ba44ebf4c6943cde8613cdc417ee9f6e759c0bf4676f1ebd05c519eb84dfcd3e379ce61016e48cccde24753878f7d8fd5da72518253b2f836f32e5b594d54ad6":"088c917f84679641f491aaf105eea0f02d0a8ae0b7add69645d1ef304c74b417":"":"":"":"79e71d9a974cb88d9022d35997032bb5fbf8f0daff411467217837a836aa44c493f868a333d1ebf66689895b53c9e01d58019dd1da2354fb966c88d2d6adbe66ac0b8901595a24dddba609478ec36e497f6fb6b4bcaa88b1e9a9c87088f66611446e8c2873e89ee1006b6d92d2eac54714fc6481e7782b38ed4b18d5f9714ae6a544110cb6063c8a9964c52a7026f52af448783c3427092e0339efd7d1a8522848a2faa8aa19c21363a537766c05505cb979269c73ee90679feaef8df13b6506" HMAC_DRBG NIST CAVS 14.3 PR False (SHA-384, 256, 0) #5 -depends_on:MBEDTLS_MD_CAN_SHA384 +depends_on:PSA_WANT_ALG_SHA_384 hmac_drbg_nopr:MBEDTLS_MD_SHA384:"7179c434bffa377d9b6821da9571667c8b962196f7d8aad062e75b6091a34a454e8f4d14a60fb5253ae373cf50edca93b8d2eb2075076ec8c7a42b7adbe7723a6ba8b51a55fadb16fc3a6fe9da020482":"bc1c39e646afc1bb62685b746007148494209a419b733e938c1a5d02e2350860":"":"":"":"3093a2e1f502d44d8be4f35b386774162f0e10870f9cd34e3b9d4e77c7ec7cd10cdfa0bf8228be96cb5741f069440a6b6f9ec155d88ba66b7fa84959c53d3574bf1cf9f1561006c776223b881dd396e9e9830af2c1b5f7457fc45e823b411c5c2ba3b11219aefe5508f75cbdb5e40edf6b1f61453541ac98dad9ed502bf1a8afa79604261c7a89e78cf2941d520e0c10bed18820da6c23a5ed1c0dffbb04cdcc9c3284d400644e9365c995d8c99eebf444f2cb051bb62f231301d31ea815c338" HMAC_DRBG NIST CAVS 14.3 PR False (SHA-384, 256, 0) #6 -depends_on:MBEDTLS_MD_CAN_SHA384 +depends_on:PSA_WANT_ALG_SHA_384 hmac_drbg_nopr:MBEDTLS_MD_SHA384:"b063333128a6ab4f433f151ae8aec4283ab6d1cbf4a69447850fa1a25930ec0f4204da52752a9bdc788c5cee6d8b92e1b8530dbe0c81b1d34037ee53f20758d5750d9863ed60c762ae2a8b4c973acc22":"067708b24df7a34811993d5c65d5348eea73e6c6680293afab5804b4328e7a96":"":"":"":"5f74a1d199f30fa22f2020baf036fc61b1cc2acaa80b48ddff1cf85fe5dd200a9afbd8bc51dd1829636fa335660f36d5d2a516e4c38e8ef0c3cad979e79e7e226b820634ef1d76ae81bc3e3807913eb0731b2e959c43afa83feb1d8da31dcdcb3dc3a4cf8f454c4ec41bbc822e58023f0d797c844bd8f20034b31d99579bff142cf53d2651d7a31b212d2b9d5705b048860d6c4e3f45ef1bf2d5e46433fec593b9f68be8b1e928ea04ddc4ce2fcecb737bb8f9d054c2ba5060fae5e5fc21a650" HMAC_DRBG NIST CAVS 14.3 PR False (SHA-384, 256, 0) #7 -depends_on:MBEDTLS_MD_CAN_SHA384 +depends_on:PSA_WANT_ALG_SHA_384 hmac_drbg_nopr:MBEDTLS_MD_SHA384:"e23fa0c86c8a7b99ba0d3ec3ca47349a57798c07587b666cc4ae1c9eff83b8cbffb49d1910bf05db3c7d0db7e27285ae9f6b4411d84364b27a66398f5b0a897ee2085526d3ac4f65e70800067d57a51e":"7ffdef21683a75484f6ac304801c213dc8cb7e3cf0f94c358a2e1ccc9969e834":"":"":"":"f952956cb8c528efe2c831c67b69e8aa7e79c013161497b9c55415fd40c7fae778a6fa82109a40dd72fb2f4d92e1cbc47f52d055485c99d893fbea1cf28dab35be1f162494cb79ea45c44a63a1685217cd3733dcfa88bb6de65c68f2390e479c0fcc6b398dc5498ac93002e7e7f360535d082c8e46386611075665060845c4f8bdee38c23d2f90d2b1d78217e865ecfb6df02498db837fe581c43382cd1d3a508b6dc052ef7c4d20349679db8d8bf8dedd763da8e5df775d133970be062a9ced" HMAC_DRBG NIST CAVS 14.3 PR False (SHA-384, 256, 0) #8 -depends_on:MBEDTLS_MD_CAN_SHA384 +depends_on:PSA_WANT_ALG_SHA_384 hmac_drbg_nopr:MBEDTLS_MD_SHA384:"4889013333cd1e2b3b8c4365bde690b66e06bcccbea25f04132a0962f13a7d458e823f5ec0ea091a07065593ca44fe49611602d165a35aacb352206844acdf41dc2c88b63b36912ae81875bfd3e098e3":"b4761d82a93e17d8a0a461ec8205932edf218157459a25a7f26ceddb59992192":"":"":"":"72aa3601986e6c970b8c2253118b8381264577e391e48bddff0cceeb5101975391a2c731f5611316b255c2a6c0554ed6cbf8acbbcd8609e3f99c3cec38aa060eedb863563442b7beb78f35221736c608a933aeb0d4a7cc050fbcca351cf780d42c5380284a6163520a80896ee7f71d2961d7629d673791f8fac10bd01d32d95e8efbd65381424c378bbf54b532a70c285d98bdbb559c9f37d6eae889b82d5006fba2892ae16acab103aff1b247711ef92dbc6e516c92e388fda4243808f95170" HMAC_DRBG NIST CAVS 14.3 PR False (SHA-384, 256, 0) #9 -depends_on:MBEDTLS_MD_CAN_SHA384 +depends_on:PSA_WANT_ALG_SHA_384 hmac_drbg_nopr:MBEDTLS_MD_SHA384:"cc32ef3ea3b0db89c69312cad56b1ddea73ba4c302b85ff3c6605d1899a96f49909c6a54d98baf096ea5bd46abc2535309676d9d6bb9917271bf8c86c8852e29bf3ff5b2fe56ac094fa35dcc51547f62":"cb80942bfbcd8f112ed601cb12a5ca52cc0f280522db11da92ac6c76be3932fd":"":"":"":"2c972cfe1537bae42ecc46b1b41a691350f6e63c202245347e91602b93a4cbd5c8829e5a4f63f7ee0e29adb69386e8b659dca2e6000aa03beab132db6dada8dc35ab68433671cf621fe4593018b1eafd3a2191507fe015e2a5694fdfe2c3182fada71d18c5fdeed065089862249c5508f055ebeceb9fcfe5d16e4479dc17e2b59b5a0aa31cf21fc6b5925569b0ca63d1a5cd268a4d409f1039d902556236fb06e61c1c054ed3798cbe4d8c2a7b2d18206212591174cec9da519fb876c583a20f" HMAC_DRBG NIST CAVS 14.3 PR False (SHA-384, 256, 0) #10 -depends_on:MBEDTLS_MD_CAN_SHA384 +depends_on:PSA_WANT_ALG_SHA_384 hmac_drbg_nopr:MBEDTLS_MD_SHA384:"142bff9332c48103221359040cda6632baa92cfbd1ae7f8b3d0e33d6a8193939d9d20d17fdf6edd1b3ca9ff600fe965746b0ba1b61e9aa5141edb77ade0f191b87f0b33c0f3620801a755dca02698883":"8dbbcf0c190783122aa6da6e05ec9d82ee29f8e74e59f8fe6eb9492fe410df6a":"":"":"":"2537a8638d5759201cbc225e844208c1d08443b055fafe23329aed5eb2d814703b0fdbd0a89c2d62f8f4ea7746905b9bd90706b734060c96e4e406675576bae84317bf36d8523babab72236b71fc6087dfcfcbe765de13cd1ed316f495e3bd08d780cd6a58849c929ef24b41e9561868158046ffe8d2a89d169ba31331611f0872c6d075b9938e5170a3b8612f9ecff4743c0db5ae365fdc2678ec262eed3b7c337e65dd1ff24a867574ee460bec7c374fc6b3fe9b0eb7bd9f5507ec5988d313" HMAC_DRBG NIST CAVS 14.3 PR False (SHA-384, 256, 0) #11 -depends_on:MBEDTLS_MD_CAN_SHA384 +depends_on:PSA_WANT_ALG_SHA_384 hmac_drbg_nopr:MBEDTLS_MD_SHA384:"821ed44bd793a4af223aebf52413ba5e0e231b2029b3d71475ac028d8c10f86d2382eb9c62bab540be847e22344704d339b798248d0bf2990c0621316e3c98ec07f05bba8887783adaebe8fcecc48fed":"8d2c8cdb2ddd6934271941f071ea47dfab869a5671dff9d424b916c1ccabb02d":"":"":"":"a5fcf13e4a6b9829ac30171920478a7878aeda658803f2e314f9ef8cf42c9c1933cbd8dfe5053abd30df644ca062070662f4b7e7851d28ff801cc4b878523b4610891abb29c095a70665de1199182fa193439665cb19cbdb00aaf3fd0fefaa2278194e79ebf652713a28c36f2cdb83f96c8eb1e85c9969381b52bc3444e8ad5d82c94964544b3e6649ae3f532d25a2e370e9fc8c77753239f130091c43720ffcd2bbcdb70a75223cfd9346091e8c056227f66648941552efaa5a0a369291e9ee" HMAC_DRBG NIST CAVS 14.3 PR False (SHA-384, 256, 0) #12 -depends_on:MBEDTLS_MD_CAN_SHA384 +depends_on:PSA_WANT_ALG_SHA_384 hmac_drbg_nopr:MBEDTLS_MD_SHA384:"977bad4c5d1d16a2439863af8bb6fdbc206ad0bf20c4036c044645962c36e2e853f0d702a54b70421a509c25de124f27e330eba581fc82efca522e43956187c9ee4f58f971e4b91ed51cc8aeea26fdc3":"51cb91cb7ff1b39e18aacc0baad20443522bf869f26d9d7182005b5cb1d018de":"":"":"":"df4acafbe4f28ee47acc5134ef665a50deb68de9b3c7e075b26d5731049f13ffd00cda05f612f20fd901ff127277f269c069607442ed9f7b41892711a72b83ac592048bfb28ab2c64c6b9f5eb4427450f4475b1c04dd4665998b638d06fe8f463e2f07ff46073003132b66a5d4d19a65bd08230d1db0234fbd09a98864f8ca824e7a0ca9f1d1662027a60c7e95382122674d88224fb192cfc129952ed6515912aded9c72a49a39a00f9f9a16abbd361b20a12b5f3c4de54012aeb1b42f6fa3bc" HMAC_DRBG NIST CAVS 14.3 PR False (SHA-384, 256, 0) #13 -depends_on:MBEDTLS_MD_CAN_SHA384 +depends_on:PSA_WANT_ALG_SHA_384 hmac_drbg_nopr:MBEDTLS_MD_SHA384:"3116ef07685eafff1c77f185fa840bb5627fb9a5d79f72f8007cdcdfbfefc56bb1769991d78e9e48fca4c97b01d720d1d3ea6fa6ffbe2569da94b6bb36cd34d72c37d0218b3d02c391e0653e286b24b8":"f138ca3ec867cb7ed7d5fdb0868d7470de5f802fdb941dc400ad524d9032e23a":"":"":"":"59f01ec06c97a49cc5de469cc2b39c28db7612029e0e24e3c2b24f92c0af2383bfb9a0dccbeefdaec4bbd2607dc582ee7eaae6a4ffab251404e3c59c95e5460ccc8d8dea4db73e924ccd7528708e1b6a9d62d485c93764686f93df6fb8a9ae86bbda1e038697b5485e27e0bac9a18126bff1e7b104401306cc424e783f55ebe9940176d7123ef58c9460e5fb8311f745fdccd39ce552547adccdcd853bfba87aeb87dfe8ae72080fb7b3e5c4718e743c9f576d7752e3db1fdb29f160bde115f3" HMAC_DRBG NIST CAVS 14.3 PR False (SHA-384, 256, 0) #14 -depends_on:MBEDTLS_MD_CAN_SHA384 +depends_on:PSA_WANT_ALG_SHA_384 hmac_drbg_nopr:MBEDTLS_MD_SHA384:"f5ba27c487a40dfe342fe18e7f9c72bebc1ea229c7634cce87defd7aa11448e3f584d1769f3e76a017430e6e9bae6bb6c79170925e1156275311d86d4a03cfe3dfbf85f80bbd70ea98af76220833a0be":"34fd124aad5a10b852b2fe8481cd0ec46dc2d02ed9583f6e282a4c908e319024":"":"":"":"977fa5b70f4ca3c04b6f495de3bfdb4b8aef93bd14c82653e30a00a4678c602aa889766ab7caa434d9c15bd68bd14e66cdc609289a691dbcb391611be66c2056f8e675de5db9b2e2f15e5a330d00a8886eb8b8eed4076306d443ca292d783fb056186aa86e1dc9f18a113e015e535dffea954319cd26e5572f4173766207ed7d9b8b2c42a741340c1850a07139c0b358cab942bec51b159e50f5aa9d8fbe7ca9d1d2127a98fbf0f8c3094bea4e3039f7f7ab083fc9d050e29e7d4cc2d3d44caf" HMAC_DRBG NIST CAVS 14.3 PR False (SHA-384, 256, 256) #0 -depends_on:MBEDTLS_MD_CAN_SHA384 +depends_on:PSA_WANT_ALG_SHA_384 hmac_drbg_nopr:MBEDTLS_MD_SHA384:"c4868db5c46fde0a10008838b5be62c349209fded42fab461b01e11723c8242a618faba54acba1e0afd4b27cbd731ed9d30016b5827dc2bfe4034c6654d69775fe98432b19e3da373213d939d391f54a":"135132cf2b8a57554bdc13c68e90dc434353e4f65a4d5ca07c3e0a13c62e7265":"a0bbd02f6aa71a06d1642ca2cc7cdc5e8857e431b176bcf1ecd20f041467bd2d":"93ee30a9e7a0e244aa91da62f2215c7233bdfc415740d2770780cbbad61b9ba2":"36d922cacca00ae89db8f0c1cae5a47d2de8e61ae09357ca431c28a07907fce1":"2aac4cebed080c68ef0dcff348506eca568180f7370c020deda1a4c9050ce94d4db90fd827165846d6dd6cb2031eec1634b0e7f3e0e89504e34d248e23a8fb31cd32ff39a486946b2940f54c968f96cfc508cd871c84e68458ca7dccabc6dcfb1e9fbef9a47caae14c5239c28686e0fc0942b0c847c9d8d987970c1c5f5f06eaa8385575dacb1e925c0ed85e13edbb9922083f9bbbb79405411ff5dfe70615685df1f1e49867d0b6ed69afe8ac5e76ffab6ff3d71b4dae998faf8c7d5bc6ae4d" HMAC_DRBG NIST CAVS 14.3 PR False (SHA-384, 256, 256) #1 -depends_on:MBEDTLS_MD_CAN_SHA384 +depends_on:PSA_WANT_ALG_SHA_384 hmac_drbg_nopr:MBEDTLS_MD_SHA384:"46c82cb81de474ae02cccfac1555d06e5dc44b6ef526e0e28356ffc8bc6c0fd0628d4d942834b94fc977609c8ec0a6392c0693130c6215d55e37da43d67def719051e99871db68128e245217d2aa3230":"5de51e3f49951bab36460724a63f046e75f6f610be7405f55016c93a59f1890a":"5dbb13f5b4eb275cb757513e6b8af6fefd7c9c9e0f5304fdd9b4c0968458f22b":"3ebceff3232e75c6beb79d97c78e93244a257f0772f82e234518c50e322630eb":"dc64e5a1fc7b32f0294db138dc131946e5602266f4cdf00037ffe513a44ff83c":"e3480544036a3684a88e23ff41a4bbd810f827021ca45e800aaaa36ed0b9bffcbbcc99a1ef1f1528b4bfe39514c7a390ba132d1681138c4b1b9f1a0fa1758837dde35d0f6c38683ba47a904937dc5ee3d3b75f909e5fb6311c6cda5e1121edc774e66092aa1dbde83e4680ff95c0bbc2946aa4d46770f247caa7b71bdefac9641ee99700fbd1e560f9f7fbd462ede64e009ced90c44c6ff03b890e16c79c7b8c959a27defa6f062168891977c637ec22ecfe20601d499443f1fb0ecc7d9505b7" HMAC_DRBG NIST CAVS 14.3 PR False (SHA-384, 256, 256) #2 -depends_on:MBEDTLS_MD_CAN_SHA384 +depends_on:PSA_WANT_ALG_SHA_384 hmac_drbg_nopr:MBEDTLS_MD_SHA384:"df8053def0260ae71f67e197ae8b547a228e9b67ba7909fc1cb3adca51058b15f6d5951f0b60c972d139b75dc44a3680127a84799fd7672e429f20876c175d135e5f894edc7a4da334eb8b73a334be61":"26890036a9b17d8e805c38568630e1c196091faad546ba8eb976f3aa031a8905":"40ea6bebb0cb94b7e527787e17ef9f7d3efb889fc1e47e49893ac5c4bba988c2":"090271c307b43b951c20ad3f081d2838df0936a4bbdc5eb6f2e16b1db482b1ac":"c203cc1a3af668e45653bab6b1aa39ba0669491a06d00cd39c97b777a8bfd4d7":"0d68d903c85c0172419dc9f782c5d67a0b3367d13cb2f734fed95c7fc082291edbf4fa83354c6588227e40bbff082be2dd276c264823a8f31ba18b00955d7a1fd612a2f37d824bc82cdec972d3f8384dfc78b51dca61e815766c877ef3d2113704c805a250aee7b55b849af048feb3536fe73ec4f0bee97006881d5eed8ea38ba1b8d16a3bcd91fda749b77d688997bff09f104a2d8cd8e133ea4aa764b237787358dadae1c25092cfe09f79efeb8eb6e20c39cafdceed90e602f221fe6b1d69" HMAC_DRBG NIST CAVS 14.3 PR False (SHA-384, 256, 256) #3 -depends_on:MBEDTLS_MD_CAN_SHA384 +depends_on:PSA_WANT_ALG_SHA_384 hmac_drbg_nopr:MBEDTLS_MD_SHA384:"b1a1b468e1d59716a23fb028e295588f17be6a79e589027237681fe9ce354860b1cc33918a64c8be171e595ee6a3b1ef46c2ef21df2815528482ab4c7a32449b97ac75a51dfa1c7e67a763f17e97bcd6":"77e5a3eb6ab38419f84b57997627c6bea79703c95bc1cd24ea73eba2edbed540":"52aa0be951816d21a2ede89f53913f6d5d70cc580a1cda8a49f8e49a6befa909":"5bd8e4ac61bdfe752b5a66cf2e048e812a8aeae8e20c3c8c43f31180e4b18303":"af5eab21e4dd9443b1b16f40413faebdb0e086991dd3c53c8a51bc434348311b":"d477404bcaf0ed53788354705f0fa9f46c4e2bef2cd94932b614b3c34e0b0c7c28d7483075c9745bfbd4e31e587fb1db77d557fcdfd3fea47da3f01e42635ed3fd87cf6c98a2f20aa833a1bb74a15b158e47841cebe53e4d5d8c85cae78ade156e025a7737aa9197b122e73a29ce0a881c7adc8ec228f4c14e56c722acb0165b1595f010266151801812c031efcee4a7739876777816af8baf4d29496912a012f1f33c07107b2db5ebd681722dfd76f3a58e9d7426e7fa75e326eaa416c5d820" HMAC_DRBG NIST CAVS 14.3 PR False (SHA-384, 256, 256) #4 -depends_on:MBEDTLS_MD_CAN_SHA384 +depends_on:PSA_WANT_ALG_SHA_384 hmac_drbg_nopr:MBEDTLS_MD_SHA384:"098b8c107fbf943bcdd2199dfd15f130a20d518e95dc81988748e1f0ecc5c45f74622ca2940807df86fb05f0aab4727525f19d1d3bda1f70825f3e1fcb18d29e8e410616c105fda9324f4617af39f021":"220bbf23394c3cef156f683d05739b76f37538a0d360600bd52f0076425b5f5f":"af88f076ab39db1dd0e7002bae187965cd144382a3d1ca7b1ecd65d346f7c090":"bab9d09dce5073d11fcdf9539501dc998b6fffa8a0716edcf583a7d7385ff41c":"caf8d4e10513e5ceacad6f9f145a6f79e5c245aed4965ae85e2e7c5914f97510":"f556494b3849d78b06ae75571f0b9c8c108885fcb041dbd7892bf639d8ff6c82e19e8ce2d5aeb58e8b964ce4f75976a0a9c7f3ec8373b83150b88d6c58ff9b810124d4ac62d955aa64d194afef2f77de6994642ec86cee40aa7a5591e99a63edbd8bbdb22fc3c2506beee6d507fe34fdb4d4f525dcbe30b5747ff920a13f9e230899ffffbc5615e994ee96a1bfd8890cf607379be1a39d173662d0967c9dfea33b14d78cc8818c2a1956197f85e92bc11133ac4f7657f2db20eceecae8ca636a" HMAC_DRBG NIST CAVS 14.3 PR False (SHA-384, 256, 256) #5 -depends_on:MBEDTLS_MD_CAN_SHA384 +depends_on:PSA_WANT_ALG_SHA_384 hmac_drbg_nopr:MBEDTLS_MD_SHA384:"f54e9df92752d30eec01c3756d569bdb39abcdedab80b0aacac76ab406723f480bb359a5fc6c7aeebb6719ab44114a75afd340af202be3ca30e4de794b826237105202dcff5d1291cdaf266673275825":"b69f77d5a08850a13f8e6d06847c4bec181ac0f6b720be3c06c0b67d44843c6e":"40f14c3340e7092b898758ea3c36750943acac7fbb6a83f0df3392f7936749cb":"5bcfb0786c447675032d2a32b304f25737de59cd07c84d3875c45475b15797d4":"656ab204e2c1834f346d89c37a30164db414827d83ca732c71ec71efa8182c28":"6eb8f276a8ff516f789d94d997f33c2e40b227776fae0681c83fde659462b72d37cd48c95899530ca072bf2470986ef29dfb193be7ee9ab3f8cde2317c9bf02a5f901ccb62bb665bc3a109eab7e3910888a522c765eb49b11d1ad0fbcc45abe3841e9bb4fc0e73188497cffba54f3ff82260767d0f70ea1668f45192e6719102e75aa5cc43084c50bdbd1ba491bb61ee9e5175092c1f50d56bfb68977a567e41c1e05d2d1523c198ded737079131fb12dcf847219d71fbedb5659411d7aff2bc" HMAC_DRBG NIST CAVS 14.3 PR False (SHA-384, 256, 256) #6 -depends_on:MBEDTLS_MD_CAN_SHA384 +depends_on:PSA_WANT_ALG_SHA_384 hmac_drbg_nopr:MBEDTLS_MD_SHA384:"2cc330b34c976c859936c21e2ad88bb60ff153e41131567f58ad34bff5c9cb418939fed56356af7fe215986a5d0ed8e9a078dcb1d3fcee6b99714eea3bfcefb37a344a69d414965539ddce9df239be2f":"bf531083f35066ebfaeabd67b82d392ef6b121e7d9603a5407c5bc74cd596023":"51f223dc461ac2df1c4877f65ca876d635d50939fa9dd586c176d8ab73c6d605":"ff9d6807d71ded1305d9e2cdc811dac2d73746b001b53ec8a5509c4ce0a07efa":"f5222c8966659974dd8a7244d2cee588b6c9a2700f338683fff9ccc45b6d3807":"981abda0e405c976435ec7f938570d911e5bbb32add52a8b94e528486e9dafae139eb15cc2b56fedfb9e4b2d10dbcaa5e6ab985be16c62b9b75a037684986843a7a0e3baabc34859253df2a053dcb0352a0554fd2d4530de0251b1b852d1d3b6e08548e215902ec8dc46ee89f3fc262c7a35aef8216b3def65bd56f0482a18a329f96863afd951307740fd8653d333f932940e2a87523afbc162c5c1d2bbe16f33a4b0ee0ec75bcfa6aee6d8348265938738be638f78506ab731d3e9ab345551" HMAC_DRBG NIST CAVS 14.3 PR False (SHA-384, 256, 256) #7 -depends_on:MBEDTLS_MD_CAN_SHA384 +depends_on:PSA_WANT_ALG_SHA_384 hmac_drbg_nopr:MBEDTLS_MD_SHA384:"b4e5aad9bf4fb03ded64e4bf40ecc6fe2214049bd5889a5aeea0bf47be8670d329e6ed04538dd6d207767c367406d482ba7ad29231fd944f00b8d9b762935b93819ec62e0ccfd48f619ac40c9c208304":"67826d2bf9651404d5df4db84ea64dcab10697ecb90c68041f421452109af3c3":"67d6983465facf33369eebe0be12dc65fe736969e8f41478e44ec25d461e4435":"65f97c99140c8c9ba2ce37710b06f822cc0eaa03589157a3b575bc9c423afc3f":"19c37886d613d24b0592ea0b3a465ec8f8a9229abde3fb5e0122032e1ac8dfc5":"05777487bc152260a852e1b31a091f8e929ed22d8a652a77e4391abce7efcf0570df3d466d56dc51ef14bbc55309c6831655ba97c6050e563083fd1f2fe65b43d0cf8762ef6598d967b473b68c4143287f70d096a6ea120e3c07f2a95b80b393ffeafac2d0309d349bff017a49b9ea547a5776b5c38b9e981ed0a4825853cafcdf0f17269b9df6189fabc30388a383e3c28949625ef3d59a2c371ef416ace8658adc0e0b0104f1acd4b349b91b660d64412168d3c9e29680a5e324e4d0ab9258" HMAC_DRBG NIST CAVS 14.3 PR False (SHA-384, 256, 256) #8 -depends_on:MBEDTLS_MD_CAN_SHA384 +depends_on:PSA_WANT_ALG_SHA_384 hmac_drbg_nopr:MBEDTLS_MD_SHA384:"27ae2120824f3d416bbea1f987440c507a4f01fed08a1be27e6ec16390c92c4f8dab04203543caa3981373fb991d855340c29baf439f23bfb599a5eeb95ec2059af24dd86c0825957ea8392ce3d980f1":"cd646b0d1971f249f4c4d1eaa17e60c311d813057e0b71819a503aa41e5c6b21":"90ee2d0bf06cb94190e6505a75d12dd77c266497dc99c5f89bde60be6789099e":"7d82b50cdfaab9b5d23fb6618b59dd28cf1a83c77ff2993d9f1edb87ed7bc388":"f7f728d8ef6af8c5e77cef1e837030a6aa5c12bc81423b0ecb07a2db95a32a28":"4b25aaf436eb600a103d3fae8e301d2755132b3de3c8b4c442129a88ebb3ab20c4d3a54078ecc4197994ff04bf0e460919978d47e45c7d10d76a1e63ae34624e2f64125ae1bef304efb1af688f20d8e212f6df4e11243a49177e4b6456010d784d0e4a94e75371a75c4050b27e48359549f8268dd2a2290ebde22282d96b2f38e3f06103dafae5f54f0019bfb013df39a76482ec7f878d26ef0e34c9c21e67fbcc3412aa0739e875da0e9ea1340592144eb232385fc7e605ecd10fee45524718" HMAC_DRBG NIST CAVS 14.3 PR False (SHA-384, 256, 256) #9 -depends_on:MBEDTLS_MD_CAN_SHA384 +depends_on:PSA_WANT_ALG_SHA_384 hmac_drbg_nopr:MBEDTLS_MD_SHA384:"dbd5f508e8226acb957bbc4914ab13810b9b5b2b51a1b55cd4ac60f6b6d4c370963448fd323968c27d97e005b1a079c9e3ba151887006c56593eca7809b23cb768f5b3701b456bdc85fb5672a81db2d9":"0cda5d501072cf482d3c56c49a3c929b423f6e15a3e835888b3a9873647ffddc":"d3f38ca5c0bbcef46976c6a5965a8493f714aa2c8a2c817576cbc0bd6652beb0":"20014421f9af259892f017dd5392cc973f103d4736f3866e66329e5e7704e0f8":"686aba6c9c6c221b2b4a7de766963e4d9880676e7e6ac8e644dd273fcee519bc":"b720c7c56e10c9e436036fa8e1f1d1c0c0b7246c28bd36e5f3e88f988684b95a01127bc64cbcf12b9689f718baa52042b0837fea791391ee2ae42e54acc571239e5b654486a025ac25f46f10280ecdc65ed098e65e07dc3870b17af8bfd58edba026dc12b4ff04830ef132d07dcd7c62f67172caf2620a204869a81e39809db7befa25c5ed8a74b6d306c21cfd3778180d444bd99314a430ff4ef6b7061832df9b82603d6a0f646b398e7dcd8bb33a7926bdfa085a450d3de68c1e8cb2ee4524" HMAC_DRBG NIST CAVS 14.3 PR False (SHA-384, 256, 256) #10 -depends_on:MBEDTLS_MD_CAN_SHA384 +depends_on:PSA_WANT_ALG_SHA_384 hmac_drbg_nopr:MBEDTLS_MD_SHA384:"7093224d6bcf0915eb75360ab4bb789c15834a371baa24deeceb33f86e8bfb46f4e34325ddcbee671f9e45f7887c1481238993ec4a309e10d3f8e3952c840d564644062534f985a6b4e38688d2c800a3":"e7cf1f32ba369cf5545ee672cd6746ea9a336de7039ecbb25419259eabdfa44c":"bb186a460387baae27c11aa8c65d6ee003577eac47b259254a933f82ac683250":"d823535ed974b7ff9f19dc38b9494aa99f88143e3383b5a183ec00c925bdfedf":"56548af797f4a07ec42273f895822d877a311bf1f8dd5c96fd8449732a13a921":"159c6923fb71f9670db4eef12dadd143ee701bec9b0f76b56e9b1b8c473eecc3e38cf06c8f3b0c3d49580e49caeac0fd48da5f53d0d3e9c829c253fac4e4f09730177a63e0e759f043169e91459c9cf959d2230c7b94be168cf4fa02588d78aefbc855d55e444d671a69d274c66ad1851c56c0d880416bcbad08523cefa2fb384dd0f9f188e8a601ce0a92d42faaed0a299d6a9c86958854712427b35e73a0817193b50f3557e66d64ad80fa9ff87427b7de5b7e6312d1d9988ba77be90d4cca" HMAC_DRBG NIST CAVS 14.3 PR False (SHA-384, 256, 256) #11 -depends_on:MBEDTLS_MD_CAN_SHA384 +depends_on:PSA_WANT_ALG_SHA_384 hmac_drbg_nopr:MBEDTLS_MD_SHA384:"ea96f8787458e505f5858e31bb85b6e335206f6d6d04bd9d333029193bd2a04e5f85ad152675ecc090119aff7720739bdbe34551ebbef10e822cd29e9ade1488c21fd9e798369d585d6f58168d509d94":"ba45df1a14e23361201a467d2cfb7a3dce3128069a8a59a9a388b8e31c48efb4":"d551272e5a60aa1232fcb4765e853de2ccec08941acc75188eca37120fa49aac":"c1b34347691ae9f1bf6be396e8b49aaedb38307526627399fc10c48748c3a7bc":"722c0efa445262f5800abf75e43d9daa44e3dcee7a7528f7313ee52fca9f1803":"e2f873758c4e71704d8545dd1eab51206ac11dfdb00dfd1ec9e53bdc7f6b57f5209727049d4d781059b0bc4b6091c9bdee947127b8c8f03f1ee5f3665720a4f6c6777682ef1937719052254aeb97e3a17b6b552bcbc9154551a7ed41d837a27b6c37b426508409b75236cc156dad89d896f25c54467fd45f9698a11c7ce01bfb1fe171e4d33faf73a30c8992c51a838e9c0537354371bf79146a79a6d42d4e987b9773377fbf384979690b2c04c332f22567fb0921c3e33088d3b011921fca6a" HMAC_DRBG NIST CAVS 14.3 PR False (SHA-384, 256, 256) #12 -depends_on:MBEDTLS_MD_CAN_SHA384 +depends_on:PSA_WANT_ALG_SHA_384 hmac_drbg_nopr:MBEDTLS_MD_SHA384:"92ac19b133398b7d8ddfba3c6046421b3618923241097b8f68b6c7430b6d232ae9ad8f864f358afa7cac72bbc4fd90f16ebc9c15913c11094bf7aaa510e6241face016a99ca08de6525a570bd1741dc7":"0517ea7410bde64edcc70df48f3c87f578b38b8c7087def16031e52760037df0":"439c97f62d6b7aadac64057c0003a41a44ee549f60afa92797ee7c9aebfc8164":"669d42f9901e029bce7584bbd22a13a74e6f6ba50441a2633773bf5ac745122a":"8bf3c1a08b2d8459df96d6abfa90725f1a735809da78bf99f7fded0230771804":"3b832a7f1df591bba571bf7662914b0e5a3b34d38228e377e4e7dcb4b9cb396ac268d71fbfd2e1a5cff4429feba36f55c7e45cdac49a5fc8a787292011c61f4f102bb9a5d9c8fe1cf047956f21c74987d80968d2e4cfa29bd92a35cb96dd372d9baaed8d31ba3462b42084dc1841a4042311abfe4b3358f56c9e0c69e233638d3be56d0d269cf110d5200759eceb63fdf3b0ad25937857d129b68f038fc73a842046cc7c45292d6ec3766aafbc22f1491774624751f2c50fee830e24a34a27b5" HMAC_DRBG NIST CAVS 14.3 PR False (SHA-384, 256, 256) #13 -depends_on:MBEDTLS_MD_CAN_SHA384 +depends_on:PSA_WANT_ALG_SHA_384 hmac_drbg_nopr:MBEDTLS_MD_SHA384:"7a346bd6d853803d07844ca348f3c4837fce3e3a727f712223da248cd82db6ed4a9710cd8b9f2e7b593cca42da7b1a1285a78d0c764b24c3e4b21d25919c5400b4adaf0684c787326c19010728bc6f94":"3e8de39ab206ed166b203c97103059e6a9317d47f7a76bf4511829cc2e27a4cc":"327976aef239b20833d36b7f352e8e6570f8f325b568975a661b54b8ada49128":"9419cdf1c59abc03013d7d443c734aff57a6d97c870a03762c50b459d38f5e09":"f2c9c49c76bd683d42dd9de9d45a97b78710f39f2ee482e877e3b0844647f9e1":"24a83991f9455a0410213cc138696cf4eece7b2caca0a627c6ce023b7f912c115768ab8aad0fb10e35591d370e0372fe020823365b5bbe713417bc2f050cbf86fd626caf91323271eeebd5f2aae36fd0aced63779565604ef2653a0770fe4e42649eceb6089bb7662ca3d744fe178f5ac5bc20ce7a90325497f55ffd9b25c59a6b82f07553c080f0c45fed23ce47d972605a2f603b72d09d608548a04031dd2bbae9ff898201e4460479548d70b176e917ff3e3683e49f3330cfa77a25cc48fe" HMAC_DRBG NIST CAVS 14.3 PR False (SHA-384, 256, 256) #14 -depends_on:MBEDTLS_MD_CAN_SHA384 +depends_on:PSA_WANT_ALG_SHA_384 hmac_drbg_nopr:MBEDTLS_MD_SHA384:"2d8fb8796d8a1764f8c824c55b880c53d2205559afbdf1cecda3dc2d05bf001e6252076dac013c7094ae72ca80cafce2cab30a160ce49dbd646710bc429c163231d73fe0e121f8cef8c02f70598fa853":"feea8ae0b299d5f79315383d938bcf9b536d11e036b28056bcbbc7fcede21cfc":"1a0fc47fa95cdafd2036eb5314e0f56266e58abb0f03b5e679638945b1fbcd58":"30707f376333df203eafba7fc52b40d8f1d97521a71d579c8b8457ac1328cacc":"f179c19e45c4a4f3cad8b545d116ca29e45f322580b7fc9715313be53f047658":"eaf7523b910b653a305f9122363d96e17fd22ccb9b6158cc42aceea40c34eac73e496827dd5fe4312f102ba6aa7aee934d1f41609bf3e14c29aa3aca210e3cabe70744a09f4c180f3d1ddf8be0b530403c5238761226f2c2c7ae29b24439afd65d6d5a0aa8daa11abce36df02ce61d352ab08965122e16708731d72a9fb5de071c20c6cb039273498ff1588c901d997151edbbd41870031ee337b38233edfd78aab389fae2bd280e4bc85d1bd6655269c3359753b17fdac502c3a2e871149fbf" HMAC_DRBG NIST CAVS 14.3 PR False (SHA-512, 0, 0) #0 diff --git a/tests/suites/test_suite_hmac_drbg.pr.data b/tests/suites/test_suite_hmac_drbg.pr.data index 72bddfb990..56337a93e8 100644 --- a/tests/suites/test_suite_hmac_drbg.pr.data +++ b/tests/suites/test_suite_hmac_drbg.pr.data @@ -719,243 +719,243 @@ depends_on:MBEDTLS_MD_CAN_SHA256 hmac_drbg_pr:MBEDTLS_MD_SHA256:"ef9292f4a7a67ac4d4eba48936391bb45f8810c2ab02ba424cc8e4add53d1c514611e3233cd8cc8f6d69494dc336cbe1cbc67c17520af442933a235c6aa6b8f98128c66fcdd77843ae32e06b7a31689c9a6a3c540a19081bcbe850278d50adfac3638ec8cf85148a0547d28d0a7025db":"f4a8721a2a873f8fe94e4b3e137e866c79212f9c14f89be156c47a5fbb9aaecb":"b38a6628647a02c0de5b7acb939d0d1896c9c730106c8667d810bd4866ebaee4":"366370899b2a0d6f049e7d820061599a675cba5d3bc82ad747fa731bead8efb3":"1947d468ae4fa4da7f45cfaf32d62a4369796e532f1b03b1495587e6bb95d8330f5b7c962a9b0a2b715d9def79194741870e5c47d15a7308843e10616b891fc9e5cab7db901e0f1efbe1217dd627c71b54c98cec0fe1b25a84caa56f0bde247a9d9183587742a38825234b6b6cc808afde36ef5e17bcdb2c72c7645949289369" HMAC_DRBG NIST CAVS 14.3 PR True (SHA-384, 0, 0) #0 -depends_on:MBEDTLS_MD_CAN_SHA384 +depends_on:PSA_WANT_ALG_SHA_384 hmac_drbg_pr:MBEDTLS_MD_SHA384:"51ec4987ddacbcf6348e4a891fa571c6e3aec02879eb0181a121a4846344a687cdff9798761875320256e5a59bc94663faab8864cc0bb1e64343c0b978fcc0d6e84d0d17c1c1f4093fac3b4c01837c6b37d189d7608f0c335eb38fe1f43573e0c525093f60ef618bab297b8a4d9d8c16":"":"":"":"ade04730059471b1829bec8dfbb0ec708be7b4e77d688ce7cfba9ddde059a52f969407291440aa79492f827fe1a2f6568989fd36b4fd84e6699152536bff15388af319fb306f07de4309eb92ba3da5f7007948335993698d398bac42029912bec6ba39226c2bf238733b5081aa0a2ca392a719385184be619d9ca56771d8e3716a46cfb339f93ff48abe406ef788db2ada45ab5fcb7f689bd801a5ccad855b52cd4bf1d6e338f2c3eac94ce9fdd0dd06632d01ded3753e87957e8569a67eccad" HMAC_DRBG NIST CAVS 14.3 PR True (SHA-384, 0, 0) #1 -depends_on:MBEDTLS_MD_CAN_SHA384 +depends_on:PSA_WANT_ALG_SHA_384 hmac_drbg_pr:MBEDTLS_MD_SHA384:"f8dfa70524d46f3545db3c687fe85a8ea35e32eda470b4e14b8b12f4e9c6bbf6c08efa9ae1df90ae6f14b895c342ae07b5e8d563199a141c34e709c6e743260b573f88186f40f800c4c0ec9f9fbeba49f103bfa2d62d7ed8fc9ff88cb1ddc5d4ca4d074e0053c069393d70a5b3f1df3e":"":"":"":"05f4e609b085d28958f5702eb7b99f2e0c7a80f095907abd5b7329628aa6dce2e2f8bdb7a2992261ea414e6434dc98162d02c51936542218a31c6072ed55c9ed83c79698de7ffd3835d5e4d0f3a0c2a70bef2b6c602d1e0cc814c71b2fb1a001fb83a0e2befdec7e4749629693629ea2397b299cdf491415dda446817dd7d28da431f95162de83d917f9e9325774e2f7ef02fe8067cf4bac47e2f61ba235b532af3aa95a6517e9f1286e065ccf9b3eefa6cab4c940c83ee9a11da55ee21c8d06" HMAC_DRBG NIST CAVS 14.3 PR True (SHA-384, 0, 0) #2 -depends_on:MBEDTLS_MD_CAN_SHA384 +depends_on:PSA_WANT_ALG_SHA_384 hmac_drbg_pr:MBEDTLS_MD_SHA384:"7ab7da47ff7a95ebf2367de0a25c7885d80931447d2f5cc73ae7f66844910e481e05f53ca993b0266b7cde89960d681a3d3c568d9a6e35347cf52d2e0ff7ad1142983fd7d2c848674315ed3e009adb7154fde1f2d90019cac210dbfc06279d48fc7c2e900652b5cb638c1260acd896ea":"":"":"":"f00714df243103f54b4c0c516a7a631431dbefdecc30c09e8e834f09882100c1d0276273568cc6352c3028c156371389078236afe57d00edaa226262f1a7f6e0011ba48d4b8f089cd257b6b7cfe80ca2bbeee99635c277254546d4adbf046935791be21c48a7882ef6cb81f7bccdfcf9bc430d21cef1d788d4f4df6bd6ef5bcbf48e35f116d482d880f597bcbcfbbf68bc77f591bd7346d7a1085fbc1c2707c17bb288ce6bfb0a78a54731421762f18142975b8b3b79dec0d852dca80f1638b3" HMAC_DRBG NIST CAVS 14.3 PR True (SHA-384, 0, 0) #3 -depends_on:MBEDTLS_MD_CAN_SHA384 +depends_on:PSA_WANT_ALG_SHA_384 hmac_drbg_pr:MBEDTLS_MD_SHA384:"40e83cb1fbbefb44426350916b0995fb6a1c5394f2fd625774459548cfab27f2f92e2e889d3deeb33dfd6c40f610b71b70387af8d70768c52b36bb2a59f3ad9a16be98c726c2d65af457b2f7d81c75fae82523c977cbdf6138b1cbe5a9b3ad402ba197a3009dba459d3f534ea143e5dc":"":"":"":"52cfd4a4741b6575578a1b7aab91a366341cfd483799ca08b851bb0dc2f2bf640e90c1406fd09fbf9166bd55d46aaaef38e0449b7187d019e68a3b98a7dd9cdac63ae9c966db4d901d37cc147835d017915902621216bc1835d70dc2101ae50e0541f796bd6bca2e53260ba3353e6aa4eee56f80aa329173e347d83d050ddeb465d8e1aa5450e6e7eb515a92fbcdfd8530f04fae3d1a41b13151a4827f0634d6e80424c1e934ce0e2077f5f31fd177e9a42acfcaa67d4043fd31a8ec72a39e6b" HMAC_DRBG NIST CAVS 14.3 PR True (SHA-384, 0, 0) #4 -depends_on:MBEDTLS_MD_CAN_SHA384 +depends_on:PSA_WANT_ALG_SHA_384 hmac_drbg_pr:MBEDTLS_MD_SHA384:"39927d4fd0c3eba2044002e65b60d3994c3aad0c705bce2e9e41aca30a7c2f03e7b4968d8e729e868f5fd57b49a4b862b0bd169a4e2d77bd59745e778ca6fd762901ae3c0fcc48a0d6ee22bc8520ec450630055b3b66bdd2dde9f5215d241fa266d24342b50d42e2db5436a478c7ebaf":"":"":"":"96194dd1b6ac5efb3d4787bd1fb4c9cc32c29b67ee34369a7aad9a56f64f53526e9207c1d4c541c6e0df4960c54e10168284891841fe554adaa5012f325b3aea79fa4db8c36e67a0f914d9ab361d8ba0b3d6ca4904103f14a30a90dd6fd7c3f679c272dee7f01110f7229f4f5b6ed152a0149dc5a7185bf637d10899bca417cba8f919a2800d8a72d5575f0c174f98f77a1afad850334204e66156eff4572a6703aab50b850a8df498d1d96b1e2bc1ac34aa4399f3b13e97b4989539ca78e97a" HMAC_DRBG NIST CAVS 14.3 PR True (SHA-384, 0, 0) #5 -depends_on:MBEDTLS_MD_CAN_SHA384 +depends_on:PSA_WANT_ALG_SHA_384 hmac_drbg_pr:MBEDTLS_MD_SHA384:"ad10dbbedf980a0c33576f7606e14785b2a903788b9b7cb4c29cf74a8bbec877999ca28c36c835b60680bab9005d8e4f341b97213fdb6a52e783d19850906cb643bcf48c291cd186ebcbf0a287e459d1795e29ffb0c7c84b0f6dfbe219b4f85d9fb893c0cf9134263a9e6a36c76d02a9":"":"":"":"5db269714c4ab774c2eb14eb95e9b60c6ccaa6e90f9f879e295cc007069dd231894cd8fe0c09bf748e26940160cd0cad75dd2e305ed1f2527ba857c42c3d0662d25cbbcfe342910498ced309cda1894a1186ab935fb614646d299ca56f86defdd0a0f52baee1b9b9be05df85a05c225475a7ce1cc58ebc488a4f57fd1f983881754dcfe3bd78cac529e9945c89383e331f0177e721644b3a8d82deef548d161e085cff59645a345cf7af3f3582bed5b81c7de7a6a216403bb88804f7d16ceec9" HMAC_DRBG NIST CAVS 14.3 PR True (SHA-384, 0, 0) #6 -depends_on:MBEDTLS_MD_CAN_SHA384 +depends_on:PSA_WANT_ALG_SHA_384 hmac_drbg_pr:MBEDTLS_MD_SHA384:"e9506dd05bac4750f5d5b43e0663ecba6444455ab6f662802897a493ca11ff05f76045b621004f4a88fc6b1ba859ae795e4846f17c3b1c127a8ef16d32381e27eeca77ec062a8a8f811f5dd7f90737147f5fca2b7cc89009b0350292b88d1de5de94e1e82bd5f7bf2e06882a925977ce":"":"":"":"abc3d68bb9b0d29655ee2057a60e59fb84afbaf9c75ac5d146a9856384022e4873a6abb963d8795ded5ce33f8df9275f8ae4c3da0037973487348645415ed51458529bd7c4996128c943ddfa21484521fc645723802318ffd5191e957ec453a8e922d48b1e83681c1463a03c34175a5d610f8f3709b3044f45084f901704547e301f9807a7d92036e08a3eef791f67659816fcb28922b9b52e2a4a2e81cb848f9ae579cba346b0507e91f26b70d199acb6da5d3544b8caea762f6f30178636d8" HMAC_DRBG NIST CAVS 14.3 PR True (SHA-384, 0, 0) #7 -depends_on:MBEDTLS_MD_CAN_SHA384 +depends_on:PSA_WANT_ALG_SHA_384 hmac_drbg_pr:MBEDTLS_MD_SHA384:"f1f00ebb7cb4bbb3b0a083a290d4d3cc4db53aa9eb3f2feb1d428cf6d8104bdc56b2a30e75782693d7565c5d1ad6edd6cc22967eeb5f159989c2ed7fdb62103c055456f5e1a3163bfa034c502ccbd9aa75385d4777d03a82606a890c89a207494d082becc22efad8fe69c367fa9e3350":"":"":"":"6b75aa14c129d011191b9016b089af15b806a494e8e763a7fe902479155704e1a92eab48ce29fd0f1e9d5a2014757c3cda6e021defdb91c796cbad709658edad6c8f7ab6aebe978d507459198e0719eec49b1926a7c4e33e34e8e366966e0e4e7f3ce0aed6e51d7804d803aab57257ff1250ae8b76bfc48a505d4600bccdd992d564b39c3519db0c7dd26f5dbabdf3c098735688aad1af8525e8a6a343835bed094708b78faa300c08600e638e6f24f4b2b78df0d747ffbb9521cc6786b9c89d" HMAC_DRBG NIST CAVS 14.3 PR True (SHA-384, 0, 0) #8 -depends_on:MBEDTLS_MD_CAN_SHA384 +depends_on:PSA_WANT_ALG_SHA_384 hmac_drbg_pr:MBEDTLS_MD_SHA384:"1f3bade86f64dc0770dafd6a4900f61baf003c6dccec496856b7b08cb99db8f371f1c9606602ad397e0c757f56ec6176c04e832302fd6fbac3519af6d2cb9da5a85ee70efc19c7350145e904a7fa9d3199e1f6213999ee3bbdbcd1200b4dd4e7a8f112f3a37865e494bf8549349e9e78":"":"":"":"1a420c51052534d5d77347ed5751e44817824ed75467791c9717875dadcbceff2ffe024952958d4718b2b4028af83ecf363d57349a36476c0203fcdf4952794aa66b3692e7b0810ce060601817ad0794574b1ce12d6a7b6ec1d0b1e0acb2a6c453be81bf2d17e1fca7dc1c9ac5fe4a64069285a8cb9408051ba5ae4dc0c8897b4a216109b22ec56aace995a453f28dd7d2c38c7d44739b9f09ca0e52d62f204e7f4a09c3e231c8cdaf54f941e8d5565b25155be21cb316417a4c005f7e834d0e" HMAC_DRBG NIST CAVS 14.3 PR True (SHA-384, 0, 0) #9 -depends_on:MBEDTLS_MD_CAN_SHA384 +depends_on:PSA_WANT_ALG_SHA_384 hmac_drbg_pr:MBEDTLS_MD_SHA384:"1b288c94a8aa7499850d7bf82177024f20e8ccd502b7b0f529c47185aad4eb82ca1efc0104f93cc35885e9894671b9d74fa8237f5d740fec09e90b88bc75124e564f1f198081d51c950dbef6a6ebb2b5e1aec008d8a5a4c692f6467c740f5026807bafc0710dc8e9197aee4372b429cf":"":"":"":"3daf72d94056e6c7138787004f40a4a0c81a244c8aa14c332675e977330b63315916d8fe6ba8f0aea5a22def342d4136d1d6c787b3a6c6c05a44ee1cf9b2d8911974974cbf7a14ed5b83fceb8dd8d3ed59194d3fb6cce579a97244091731a4c1ca1d6e4c9d2623a41de665ee3c8236e0da8710208cee948f248329781f40f6f4b4010508c219755b6df752b9523ed0c9644b17250bbc88b4338c688e97e952a924da894fc986f7e807fca4477be94dec993cd6910709d8032fd3a5b97612cd65" HMAC_DRBG NIST CAVS 14.3 PR True (SHA-384, 0, 0) #10 -depends_on:MBEDTLS_MD_CAN_SHA384 +depends_on:PSA_WANT_ALG_SHA_384 hmac_drbg_pr:MBEDTLS_MD_SHA384:"1e1837b46486b6e65713327240bfac6c618e817787c277b995c92dbe03b9b01de8e100b303ce5bf5048dccfce4d240878ffd5ddcb6754292291d1a79ee1e62b6da6b23d7a83d0fe9e84757dcfa51d05709d54142b42dc876506876b136b6df34b485c0c129581972bcbc674b893ad61b":"":"":"":"23c258b93d4e9943783e88b244a52cde6747d8d7ff28b77e2ddfaa2edcbb29eaf41dc75cdc2c5b581b3a59fe20e705223bdd90e786f6c6498330ec9bd7ca7303e53c0b21abef1497210f8222850ca7f01e0af4fefd36d82e711fb17f581b951e949876a5ef0a212fb73af4d32f6bf9fe8c9e60849fd2311f3b5cb8a4abe856b3dd629fbac41e6dfb502d1894088fc52832cefff807555457c03ba7b7daaf02830d9ff8c9e8ed09ddbb68d6530af0cc5ae9383acd34c89ec189f5a97abbf3ed5d" HMAC_DRBG NIST CAVS 14.3 PR True (SHA-384, 0, 0) #11 -depends_on:MBEDTLS_MD_CAN_SHA384 +depends_on:PSA_WANT_ALG_SHA_384 hmac_drbg_pr:MBEDTLS_MD_SHA384:"67b2a6e09bf31ecee8fe9c719491baf3c6efc0e27519155f99c94667d727420265254ee6d34c6b9c03414452d68929812f1d23aca44adfaf6b02f519dfc3f034bc32c1b763a129a97c7258e5e77ba69d6eb459be2cc96fd6150b6040babcc406143bdc2c1862c7bf6607b4be95f3151f":"":"":"":"d0f71e56e975e443bd7364eaffa9dbfb60a82bd0ea6405de0b1301911449ae6ac0dc8792acd2b0ca3e68c2abb982362eb2a7a8f95d2960579f9932070c9cd7abd57a36759b2c6f12e20dbda8a16a17c29b70f5bb8db0efa9451d9a349b9917b7bc39af6c6be8217e0a6fb52e6a4c46dfe41e6a9cfba84335d0254cad07557fd7aa3fea185c8c88a921ea665e410067395791785ebdf1793038ceef6c590e64af00ac4ce69ac3d0b497feb93b4fee7d55cf0fa40dd49ea748b33f038b5097578c" HMAC_DRBG NIST CAVS 14.3 PR True (SHA-384, 0, 0) #12 -depends_on:MBEDTLS_MD_CAN_SHA384 +depends_on:PSA_WANT_ALG_SHA_384 hmac_drbg_pr:MBEDTLS_MD_SHA384:"379d0a38c8897a6524d6a59df4f09ba975c146be7a398c3cbde8c222fcf998102e98223b81dfca7fb5bc92b164afbaf50f58b8df04889dbd69acd59f7d5ac08f81984910ee20a4d58c51512a3ed893d7b736da894a0b52f75c5208d14f858dfd42290f4181b7aa249097b93fb2bceab8":"":"":"":"166f643609dcb8951161ca15b3660759b69da616b45761b8cfec01a8a7f51a0bb1cf256c9fabe69b29552f8e861cbb3160b905d24845d368a17ebf911a839384c3b3aa6c8dedf1fde12384ec9535ab9d008728978ca58ad88780cdc3d272d1dcf2059b9bdc0d2311812fb1b559e31f8e5a89efcb2b33c705555ee0efb23d2c4d312fe02b998eb78af85e3839963afd98c1c644ed4493c3f1af0cb210e660748cadcfc9ef85fa3b5fafe345756ca34e7b7f88d3aff8783e92da00dbead5d51f89" HMAC_DRBG NIST CAVS 14.3 PR True (SHA-384, 0, 0) #13 -depends_on:MBEDTLS_MD_CAN_SHA384 +depends_on:PSA_WANT_ALG_SHA_384 hmac_drbg_pr:MBEDTLS_MD_SHA384:"96041c211e97d480d149e75c876886a78fee171e0f395a952a0e873af4dc22b46cdb68a60dd1d5753027e544643c5764cd65e202eb821804300ea618e8ff9785f3bf2fbf1b1048cd4450399e2f642af38bce41df8fde3208055e34d356b1aa1b0180673e8507af2035f75e9fe629f979":"":"":"":"51475ffba32991781b17e38ea58b08bde40f03b64824187b9506153f41c233f34dbdc52b63cfc71b120b4fe6c2866d11e9aaf44f82deddaf998caa56a4dd58a6ea2e8f5e3c4ec7fef73e5620cb6a77313a4bc0b135c57d18085010a4a026059c2abd4b6d2048393c5400341928f5ee6c5a063d679e185eb9be2834a1009d03d298b9abb09f993a8ede54bdc4d9a95c2af5552aed9fb02cf598a18b5cfe6c811d1ca4ed764d0756fdfcb5d03aac1ed80fc86595539c105da6b66a00a91caf44fd" HMAC_DRBG NIST CAVS 14.3 PR True (SHA-384, 0, 0) #14 -depends_on:MBEDTLS_MD_CAN_SHA384 +depends_on:PSA_WANT_ALG_SHA_384 hmac_drbg_pr:MBEDTLS_MD_SHA384:"423cf6fb44605cf03e3063bceb92c156e38c5badfaac35593139df46d325242c84908baef2f824bf3ea66e74bb4127a0c5650c33f68b5d33502b1f55e06fe2c1169fb34688a09291d1e12e5390a73da125be4cf15692e3e6ad0ab6ffb22cf3f77b00333517ecb2239c9b81e59a72d087":"":"":"":"41f335cf727ffec9ebfe7cb348d11cdb4e5e49a9a047d8342a6656e5d235219a5d80715166698cc1f16e34f743811b820e6ea55c2bdd0db1b97ea2269fbf60c739feed818282f447bfe2bd0b9a7c479144f0016703aff450abbd87a50e5e5af0d2d9469175542737bd116de2a73acbb74d9f0077a227704f271fe0696f071914dcb9c0f0191fee35eb66248eb17991b538649457d5d5f9d4bb9cd81c33a14d2becce003c143c9cfe39ccac51048ef169f6a22143eca721d04f6e147749a44a75" HMAC_DRBG NIST CAVS 14.3 PR True (SHA-384, 0, 256) #0 -depends_on:MBEDTLS_MD_CAN_SHA384 +depends_on:PSA_WANT_ALG_SHA_384 hmac_drbg_pr:MBEDTLS_MD_SHA384:"0b2307c32f34d3f3c3d6887fb17ff68b01f158ef07438a41cde27d2d6725277f33f60888aa32b9b7406f78f47bd877a1795496f759d693f3f8bbd65cb5b2562c4a8d4a717b6bb8eeabc4d8f56118a97d3787d3065f1e20e6d71a1dee563fdb2d56561128fa83d8602fe0da3e89b019e1":"":"16815bf5482abc969179152f79aa34a04c28d483e6ac81aae14f7e0e051a5662":"938c363df2740ba9ccd39168f9bbcd7d421566955f141e13ed039c4d86195392":"959517e0b27d461d678ba2dd528bfb7e844f7bf14a15fb176efabb3a5200ff2b373c7c0683f095798951dc7ffd62b172ed814954c44087fc7a6695a5a275bc8aecd3a2ca8ed631a9ebf5e1d1c515542c67f31e16fd3ebc7e2333c7dffcf385f0d6ebe16b9ed42994be9f83d0cc1e2b3b5773cd2963639ac74ce64a311ac0726014bcd213818cecf5d562cd1c5e97be4028f64400cff31fcd587a004cf60f03c6f3222e4dabae5c4bdef8819670f77f9227eaf55eba5238f90c4bea4f03588b66" HMAC_DRBG NIST CAVS 14.3 PR True (SHA-384, 0, 256) #1 -depends_on:MBEDTLS_MD_CAN_SHA384 +depends_on:PSA_WANT_ALG_SHA_384 hmac_drbg_pr:MBEDTLS_MD_SHA384:"062f2aa7b48c983c1c6d00d06aa523a67d4e86e5bd266451bb286dcc5888f0f4940c3b022cc76d68e1706d62fea84d052a019b921335f69ed5dcd902632116759b68e09b531de276c9238faf3a9802806750454a5260bd808b796cb12116354b9a7ab9ce33f8dbd40ae7e74a07cfca02":"":"4a217bf136c3894ff7a3ca07eafafa286fafc8a827328b105b3a8aff28e49d14":"e433460e9414b21fc3d5e2705c08a21a36acde4458e24b78dcc51199b97c7a9a":"5c980247a1fa16ea086d54084281c5fd114777ed21478beee9edb175be7c4066b197065da5f4c15750783039eb4b5e2cd4ccdc2a45c49ce535f03a36657f218fc616b3e8ef0c84b78b0cd1c57477242bbddbbde098be573e20d6ddc76649d706e7f6c7ca3f44c845c2c9c9d316ac8b7389f7264c6f8cd6c56ca5503e5b37f52d19e8d47cc85a04a0196b9387433bca3c18dc30b47030fd297705101826840991eaf5b856a5ab75d2bbb70cb13e0dd1876802fc2bd776a518b9dcb9484c499644" HMAC_DRBG NIST CAVS 14.3 PR True (SHA-384, 0, 256) #2 -depends_on:MBEDTLS_MD_CAN_SHA384 +depends_on:PSA_WANT_ALG_SHA_384 hmac_drbg_pr:MBEDTLS_MD_SHA384:"0fc79576bdba77a815108bc9cd2d168ee30f9ab76db70600ac95fc40c1f6b724068c12b99cb4928247e64b2ea8e75c728ccb3de18adfebe24ef99e14ad54bc1b3a486891b00b1c55172d16adb00ae58c9d8ae0fa9809245a56c9118048199767d35c026e6664773562af011c2ca7025d":"":"b0c200b6f8548643529fd414c693054d4fe04d8f76c3fb8ccc6992ffc25e6b19":"b91bf188cbaf4b01350d726585c6f3601a26b3654db2e2690a14f1989f83ad85":"7c64e503eea5b3df44dc0eb986188c312a0f5fe1f113239984608a69ccadce8a7c7f3136169e075b0c61812b1e74dfe6ab2e7d6f247f73859da5a1068c92ef8e6aedd94c3904b973ab887ca3c38de70b8b312e32a702710829ddf962f0e08779ed9770975536557e3f912ef0d5c4969202af50252117eca8182c30389c9b84fda95118f8c748f0b1752c1e58b8e0af530376aa34cd874cf49628bebbd7353ab4a5f64bbc8e3537762fd5556c680290b2c523153432a2e0df1658f2a5507a30a6" HMAC_DRBG NIST CAVS 14.3 PR True (SHA-384, 0, 256) #3 -depends_on:MBEDTLS_MD_CAN_SHA384 +depends_on:PSA_WANT_ALG_SHA_384 hmac_drbg_pr:MBEDTLS_MD_SHA384:"ffde7e2726e89cce816ab3e22572fe31434f3181d0578d51161cc77305e2562b755008c7e4ccc8ec62806bdfbcd8508ae418fcb0b57a4d1007469ee3d959a07e949094b0a3e5af69aea3a90a222630978af9139027a656151225a2183b92e980fff9ba9876824bafcf18d63c916fe7ae":"":"bda1741b0b39d9248dd062870334e33cecde5c5f63a07a3030f98b021c6849fa":"1b5336fcbb0ed183e0f80cd31ede4f324997ffb842a83957f41d291612c55e8a":"61d542e4794e9bd4acefef4b325d954c8ec6a29138476ab1bb037507cf52c17edbd511579be5c232a67269ef42364cfb4e2aaefb31d9e8e260a04e51d95c2ed6c5e0f095efd92fbd36edcae4393659af6bb98b0b71b281e91e1df37c353987a6a9e259f2735fd16b8c1277df651b26ac3d9f292c9252be7fe09ab7851f515325a078cd69a7573a4810ab460c4c9e7604e54242ab956fe471e90f86613ece7372f1aa934a50dbd0457033843b887c279f14ad6b4960f401b7fb777253ca5e295f" HMAC_DRBG NIST CAVS 14.3 PR True (SHA-384, 0, 256) #4 -depends_on:MBEDTLS_MD_CAN_SHA384 +depends_on:PSA_WANT_ALG_SHA_384 hmac_drbg_pr:MBEDTLS_MD_SHA384:"7946fe7ada4b545090d7647c99f71594fa094593115c23888146b27a7ccbfd77ce305c1ae4fddbb75a65dba4f0ea18897bb7e9aff3138ba030005a7d1c5802838ebb20848f8e81e7e8018cd0d0dd921243c094aa710f6b0b2ea004bd684799e3caed8c3c8944d5da995b88fa071d7526":"":"b29a506c7bc8b2282570223230664193216dd47f7d20ccdd35943a88c58c0503":"3a4c00cd2f278f0e82498d33fb6ae9e020f4d3793e832afc9864c0b7b6cda43c":"8c0667d913b13866c7eab98471109d966901fdc66fa4dff8996ce81ec5185ce374b118da34e07bd82833f20fa4e44ef159f9b0c47c046307a484b3f52822a596bcfb49b555ec8d481fb30e13dc9898f093d34cbb4d696d70161315c48def73bb1c8b4947c8ddab101d4918f5cc00b890b7450e4e10c17c46ea7f5e0a1df65a1fe74ad2577e592e7bddeadb246fa62cfa5bb8620220b18fff296a19a5a3ae6b833321ca779b7cb5b55658931610d8b7776087c41ee4d077400753681c7da5c5aa" HMAC_DRBG NIST CAVS 14.3 PR True (SHA-384, 0, 256) #5 -depends_on:MBEDTLS_MD_CAN_SHA384 +depends_on:PSA_WANT_ALG_SHA_384 hmac_drbg_pr:MBEDTLS_MD_SHA384:"5459500d5a709b88bf067b4c390837eef5ae2e5f109c110a84cf32f561d26ddc567c5f4cf0f418cbc2a56d4325b2727f875cb1ceed3167136f0d93940417f616a3843b686ab4f5dd3d808801054c510fca5ea8fa0465f9d1afd8e0c68affa10f5af61e594e66b2bdb2372caa0712bff1":"":"eaec7b75ee03cdf0508c0ca171b005077954e2cec7230b0aedfe32a15cb1c855":"cdafe409b871625ab1b06a93c4d5a1f8196777370df18643f97050d7756adecd":"486aa4063b3840f0417034c65676d20da22c510d281bbf407855cb58a87ac9b33511d692315d88d27bd5d1ad5c35ec8b99018b5ca64897aff48544a5e578124ddc00f785deb60b0a60dc4873fa9a148da4dfa1557baa3aafa22680a40f650e4992d21e35fab3be5458dae13eb2caeddd8704d662b221bda01ac6329e2c451e865af9701a7ccb69c0ed0baeb226e6fbd2b871b99420949570bf5fc61c673aacb58feabdb304f870939d705426aae55cb3a2f3206c33abd453e077c4565c603a18" HMAC_DRBG NIST CAVS 14.3 PR True (SHA-384, 0, 256) #6 -depends_on:MBEDTLS_MD_CAN_SHA384 +depends_on:PSA_WANT_ALG_SHA_384 hmac_drbg_pr:MBEDTLS_MD_SHA384:"7e74b0a5413ee2ad8de814ea1f556ca5c54c6f11159f1fbc78faa86a74c4871a11658e917fed348e779aae510d383290bc6c4f13391709f8aa9bd79f38f310e2ffbe7fb1be3e6e3aac9d879f1e5fb3eb1fe81675cbdd098cd287f66fb9b28d50e12a64b9e08f28a40ed446fc3a12585c":"":"d152b0aa1946cf177aafc7d47322f8c756831550ec79adb40f34681fd6b3840f":"152229388caf5dc50454c2514d9ff1a4b70e3d1d9b8b29a228d59ce67e8bc586":"a1e2046729e849482bd693e21779e18370a542e2fc7baedbed054476f35447e069bfda33fa2723ad425717c027e8b30d57dd2fca8cf268849358354478cd8bb42e8f9a737c2e3d5490991e4902a52e86d1bafc1751f5908a36afca2b6b4663ccc9f1aa46e857e2ee61e4dc19d154029da48d59519dde64410b1d7daeb5b7b93213cba1bb059637023f928f16e5944e0ed2ca07be3674fed6e0da72313b3cb80b7a2d6533fc8785587366ca1b6769db803d6d840c5d1b6c4589272a3fe9371b0f" HMAC_DRBG NIST CAVS 14.3 PR True (SHA-384, 0, 256) #7 -depends_on:MBEDTLS_MD_CAN_SHA384 +depends_on:PSA_WANT_ALG_SHA_384 hmac_drbg_pr:MBEDTLS_MD_SHA384:"70b5cab63391c5777e4e60516b7095dea3cf26d72b27c19f5a08de6634306d992de4c3f70bf2849a4c3dbeafb163f5d50dcbbcc8e6f4bd973636da95d71d39d6ffc9e67332088bf906921b9c48a7e3de158740a9c0f29a7b69d5545e390030965e305ac1653958360d01607bcbc39fb9":"":"ab042d23accf9a9473b43e82683e30f436fa492ba4a8911e4ed2622d481e0cd1":"b707e2d5a5020d37656009713bb100c55819a98e220fbdfd921c6c0724ba7238":"f3f82b7aa0639bcabecefc7b07b3eecc9962884250fad11b9351226f138e06e3e953e052792d0127618a28aaaa1bf5374a06393c18a326f8d3471010f9840dd16ec997f53fb981aa2b689bf1cdbf265b4ab698f9e8e9c054255147e04654b8fb1d0fd3a0b64d3880ee6e9fa87e0184f6ba307f4d3fea651556e0baeeb75f308fa32925f8c55ae0f355f8db8495ec6c46003763ad4ef36590ec40239b5e8530aadaac931feefc8e392c550ad4d89f5b314a53a0633c7a93bc05b588273e6d1d56" HMAC_DRBG NIST CAVS 14.3 PR True (SHA-384, 0, 256) #8 -depends_on:MBEDTLS_MD_CAN_SHA384 +depends_on:PSA_WANT_ALG_SHA_384 hmac_drbg_pr:MBEDTLS_MD_SHA384:"c17914dd6b73d65e5af112536f52b046d4963f9c9098c77d9dfe35ca7ee6366d4c0fed576ba4cd14caa3d0c406fffad2f0748362166975f5bcb9a395d568b8dbde3383c5654bd24f26890b21ee1f1cb10f3c93cf2df64cd764187c840590a54babc9c281de88ad1a1dbc2677fa8687f9":"":"4a61ee9349d53f8b3c1af36fe0a9303ef89705fd87e06e5f34b61e1350111279":"a9ad1cad4ca7a5af4bfb83680d4b914c23a6cd551e8b002c50f30be0d8693edf":"9ab30e3729dd8b2af987dcb793d7a3e1fc4ebcfe0a4ac976d91bd3897777effb210c8076e9fd135991e54abb4bb8c7b183a80ef37077692e519d38df4a04304fd83fe1d67d32147fe0a249a6c8bc603d99878039b873588c3781a193437f098094fd8c12945ef99036442c80cd1f544725040df980c548f0a675afaf62a1b7c225c9cdf0703e613c7a5d72c8b00d8ba199b8ecb48b6e0b0d103a3b0f57ff1a4b9189a20dedeac6eb26b1f66ea0c34ddded10af2b0133f4b5b95ac2239dd94919" HMAC_DRBG NIST CAVS 14.3 PR True (SHA-384, 0, 256) #9 -depends_on:MBEDTLS_MD_CAN_SHA384 +depends_on:PSA_WANT_ALG_SHA_384 hmac_drbg_pr:MBEDTLS_MD_SHA384:"2aa5423270d0859a6e3aa3069a88f3ac4c30eda7f6e52aa891e4f995244a80d73d73f789561b00ceddf721ea59a7eda3157090ec192c578fc53d232c36453c5e8bc3c9c22f3aedb6a93f7aa63975d9bd3369cd518e570f6af0ab162e4c938d17dcd4f3ae46d7cd502ef73b2d40f50e2a":"":"32cae3ff757b79f2305a8b5f5fff5a77afb581faf5a3796c5ed7054d7c048017":"632eb6f1c827cf299f3403bf80af721fe5ff8245331f1ccfbb8f4e61ef5edadf":"1a85c36131a8c271d6c805233098bb29f9104e6254e0680c6e264a76f79ec17c7ac65c8a97610a0a7e5304b37d1ebdbe02cf9daa9e45b81d75d8c613afb974eb38dc49041eafa7462b4c272fdd3d7fd4b05b1e6142305ffd6fa634ddde90e273b51b02c0b68b823c77ddf3e93a2ab9436d0f4801f08a113eefeefefb9592683981423f83235f8e563ecdb4e44daa9afa5e1728204dde1bd254c7985e6d56897c570b0c6307fd49ae4dce18ea55eae846af2a5acaae17a71f8369b64f47b0e54d" HMAC_DRBG NIST CAVS 14.3 PR True (SHA-384, 0, 256) #10 -depends_on:MBEDTLS_MD_CAN_SHA384 +depends_on:PSA_WANT_ALG_SHA_384 hmac_drbg_pr:MBEDTLS_MD_SHA384:"c69c61689d1f7763d43b22b6bc2262c377c62db60835114442fd5bd65c665705b5563b3b6e9e793d0f4128696eefc5ac603b3edb35b705ae39845cefdf8fde23f5479ae4f033442aa958e979c89bc41dde68d92f05b28c3644133d19788624bc970019a10f6b3c6c5b8dd22b0cee3e26":"":"15cd6984fab6ae7db72a4c099a064cdfbd141dce361fab0021872c91b1bb65ff":"86c295fcc7f9c2ec9fad377e0e4d0119334080f59fa68c21c19d7a1212dce03b":"97b971ec13db049ccd72bc597ebc2e33fe4da647d0f74855f242884d35dcf92d0349fdb3527c87c5431c10fa85569285096d3369bd1917c8c7c8650024acb88e5b17c42b50a75419e29757a9e1ae09053cf0b51dac437883cf3f5b1abb40a71f40d279bc9d596d0f59f4c70f81087b4446c402279f4486198ee3294d0a5f72eba7ba52cd552906371aeeedb47122bffb0d5ed27c3cbb86a6fc2d83ab4db7b6e1ee467dd1ec20dc15bcee168f2e200179714cfc04eac651a495a718e1ed985bfb" HMAC_DRBG NIST CAVS 14.3 PR True (SHA-384, 0, 256) #11 -depends_on:MBEDTLS_MD_CAN_SHA384 +depends_on:PSA_WANT_ALG_SHA_384 hmac_drbg_pr:MBEDTLS_MD_SHA384:"4dcc7427dff46b7db7e2d3273e0605ce85c460cfd4269fce9ca3b10399b99e178b12f28786b9e3df457ac0015004844d6f6bef29ea562856ee82246d24982393f770d0b65d0ffc660d9d8359f10904fd8cbb76e648df60ec43237ff7dc46bc34920bba637a2c1643a53e8a88bb7bb97b":"":"4c0ab67b952186f2f85a0dbd4b2c1b0dd009dd794260ee7f321b2d2b3d994e09":"f5be66009b79f51f6aa0cd1a5a24a72c6a6c4263263cbcf80e8e0d514a2bbb1e":"211ca57a321cae2c6d1ad755ac924c92dd09bb1c6334ecc543ba78a18608479457bebda63f707fc28190b2d56e4cfd96d8c49fd146ace867236c57761ea28326e3d241d1dc35d7ca971df9d292f2563d33c5f32abe86367cf5f2f06628376752b353f72b501ffa94a50f146b8174cb7946ab8c8be382237334f37594418850a233c536d72763f10b06f728e3e60d3b4f0377d51b0de11d110a28b6fcb7c42b77e5f6b771c8e5d713a0f6c4d82ab2311cadf16b7cb441a417b2f595f32ea822ea" HMAC_DRBG NIST CAVS 14.3 PR True (SHA-384, 0, 256) #12 -depends_on:MBEDTLS_MD_CAN_SHA384 +depends_on:PSA_WANT_ALG_SHA_384 hmac_drbg_pr:MBEDTLS_MD_SHA384:"b72f34bf8209a28168ae7692e4c7d6f19feab9346971b85fb9f377f6e4a77dfb370a10addae744ac03f2f277c85423945f486830cd410f26e22c23a136d41800850113339242e1a0550bef81a239a289a8d020c14298854f0b17abb0bc461ed6d39ab2d9cfb03b835916c2a8e93710a0":"":"e919d983beae4b687bb393d90ad4104146e86564845800ecf82085d5b269f1dc":"abc8b519db05c1de8794248c5741627cc00ee35a972ecdec045a0cc557a2d967":"9777504473adadade14eefc0279f8347bb178a36dbb5fb028f0315b4309fad4ef554bf34b04146ba4bc260a89cf78195ad1c23c6e473a14385c66ba2a1c005cdfe336999245f00ffeaa41dfa3d9e68294e5d676f01f213c6d2d8a69b43e36f2a568999c0a8c07e96d7daf90f3e2e668eb9fc8e5c812a49a39507d193eb7c95b947aafe658a1065efe9370cf81014e4ffd54efffe5f863e6e4b7d875565617d8b72854ecf09263c55d1c3f1a4f4862214fafe7f03da5572095a7befcfd8e6ee63" HMAC_DRBG NIST CAVS 14.3 PR True (SHA-384, 0, 256) #13 -depends_on:MBEDTLS_MD_CAN_SHA384 +depends_on:PSA_WANT_ALG_SHA_384 hmac_drbg_pr:MBEDTLS_MD_SHA384:"35d5a6cae5aefdbc62f1efb638c15dda387a8f651810bf068a8d92601fd37e0efffd95196c09c668ddb05eef3de339222a0bd0d3b721a27e2f29be84a846c3964eb9a84cf69b214f612df3b414729df499da4d3ad8bf3613bdad3a70c73cae80556c16f8ab83adf0f2bc9391094bfd98":"":"cd603812a8444925993f2c1a0691bb4459faedd872f43852f9970675f579a1eb":"1441b6d4876b050fa4d969f1845d3f119cf5d8720c35da9c489000e6b7165db4":"259828d05b8e735fad69527cd2322f94e8e7ac2791607ccf2a74d070bf7d5574ffd8d6e447cb4e02bb15a87aa88d8f1667edc0905455b116ef7f08ce727d8f266965242e0042810f946e52acca6348d70e012d998322a18a2f3b4c4c6d6b66cfe65385312344e3eed14c6e7277eac9a4d09ddc5dcf8fcce6f79a23d34c80cb78aaaf1347ecce8c13efd450d59506513e62f527179b95b9b5d9df821c32538f8e1ccb17e911826e944ec44943ad8e726d54fa98ebc4d012d34a23771ba497ca2e" HMAC_DRBG NIST CAVS 14.3 PR True (SHA-384, 0, 256) #14 -depends_on:MBEDTLS_MD_CAN_SHA384 +depends_on:PSA_WANT_ALG_SHA_384 hmac_drbg_pr:MBEDTLS_MD_SHA384:"66abf17d907a134232faaff93bfe361223b5b773980cc261fd19caaca022fd0a081c11efee01fb1f7abd0145b32a51b3237d6ace877ca6392bcae2fd2aa5b865aabfb1d1d1da33f42319a088c8dbed1124a71d39e627d5efaa1e8f3e5f70114bb03b71ce54e4f8d34e838106b2467cca":"":"1e51f2b67538f84440912c6fa20fbf009100fc3008b5b8e1308d95e7ca53b460":"301f91c659f73b618cb46a4343772f1eee9fb4949ec6328109823749bd8b0b11":"34c532082926e6d530b3a58282eb4666ac7374e8befaa4999dfc9f409e40ff966652295d2940db97061800583bc7d47b053553ad29c89ee61803c1089d30592270d2927031353592d4aa71f59a4bf3f2147cb406322367544c38fa5a3c8ccb534bd884355b06145db62161260162091c795874a2e99e01292a2e39e107738818a211750f858edbe0c2ea4734ad14f1c45bcc9f733f027616926558587f7332be55044dfd6fcdb628ff7d7d581820a217bc64aa092e450722686e0cb291eca45b" HMAC_DRBG NIST CAVS 14.3 PR True (SHA-384, 256, 0) #0 -depends_on:MBEDTLS_MD_CAN_SHA384 +depends_on:PSA_WANT_ALG_SHA_384 hmac_drbg_pr:MBEDTLS_MD_SHA384:"37dc21c72dc7c82d5e13c51ecaf5a8ae06402500d92caf96c0555a95069f4f0144a961ead5d6d9bc317afc8206202bddd57fc02a2a500df1fb5c4d9d8837b52a5220fdf068fe2b8b4bcc63fbc9bfc94c8e21d987e8b6cb0f4cd37b144c668f18b7a36ed4e9758ee7b96029aa0ab2196a":"41e3b89347bd035bde510ab8ff83d5fdcc9d5f2de648bdb468a714f2c1083c52":"":"":"a929ee23c5832e5ab93ccaa40bf775593d7d04a1a8411dfa07b4c8a2da2dc91b1bcb9c27a0ba5a7152ce5ded5f76cf6b83c04c0f8a4f6b43383ae3e7d497280c0f944be91b0bca6a56df2d00641bfc1ec549b538898e559407b076164278c0eb7afb6d6f4495a50d4da178c04b259d21bb745692d3bd186edf5bb3da6f66b4418fc3d9b085b0a6c1a5e54696272c305c4b8887595b391dd6ed8da03dc9fdb2728d8c40a2defd8af05ef1c443a72323f2e0b0d268109fb7e7ee70192fa06bc6c2" HMAC_DRBG NIST CAVS 14.3 PR True (SHA-384, 256, 0) #1 -depends_on:MBEDTLS_MD_CAN_SHA384 +depends_on:PSA_WANT_ALG_SHA_384 hmac_drbg_pr:MBEDTLS_MD_SHA384:"0dcbeb660cff703e059913eebff4f639a24b611a078bae8f01320ea4af5e8e0ed93b8dc4e84d224036b5da645c147359c6123c54cc2367262a7594bc9a7dc69f76549ab803af66de8f253d338d48ab827b2b1918d636d6ec92bfd9123f1f5fb59b6c37eadca0ca7792e2b7932e1ddc33":"1debeed9ba5790437a6c56dd3c9e2f6df0912aa0ce2e57fa8eec9652e2eccfc1":"":"":"5bd815b3c3bb73a45dba72c68457ccc17212af905607d827e8b5ddbffa34a058ec360abbeb6c8ba16c770ae4826135ac7e4faf208da8b5fe3b26c16fa7c7ef4000c3dfe1b8b707dde64b415c671c4615d56e2648908e047ac978a389e346cebe9228daa7bcdf5e341f72c3c7ff74672edd60c7c6341726450ffbf9e3e7a16580e7e602f9ddd3f3556129052de05991907d81a87467ff5842c6e5dcff4543e24ee48149f16e9107a9aa40cbce367d4b76042d77ef1790b0a7701b2f04873d245f" HMAC_DRBG NIST CAVS 14.3 PR True (SHA-384, 256, 0) #2 -depends_on:MBEDTLS_MD_CAN_SHA384 +depends_on:PSA_WANT_ALG_SHA_384 hmac_drbg_pr:MBEDTLS_MD_SHA384:"d9bd99128fe2771918afc6db6b2514eea0b617d9bd4599a238d9d99a7ce18995e8d85542f3f9dd89920b0f79b94d7f551fef4a330e9de24eb197bc75677bc13d8361104997af99ea2c6da03f4e71c89e03191bc5e320f057afee98e98facb99d15142c61ddd71666cdc38146fbc3ea4d":"eb701a9d119cc6dc0d735254067dfe161b1052ba3f93ab0d6bcc19cc0387027a":"":"":"67b86213a84778a9a38eb9913b9db8508b53ac0a81ff85dc78c966d638255f8f7c63ce06d4a66f5d9213ec2b32f7e63ce5dcf01b59d3b30433f0cf4c06c171d839953de913093ec845670b38ecacd81162dd73501b2e4c2d9dc69b97d49bd6d9f6250070ef6b360305fcc5ff392d1adad98d6bfda67d10b725c7cc8ef6b4fc206fde1871712b96dcbc2df4f08d79f1adf7fbb01bfd8f20e76956ed4b9dd1d7e5fb4f922ad2a529bd871490e741843d839e876c4b475e2fa140f28ac8d347a07b" HMAC_DRBG NIST CAVS 14.3 PR True (SHA-384, 256, 0) #3 -depends_on:MBEDTLS_MD_CAN_SHA384 +depends_on:PSA_WANT_ALG_SHA_384 hmac_drbg_pr:MBEDTLS_MD_SHA384:"0de3fed3b363d20ec5018d4aeafb25c8e0e6aa42ee8b56843043f8d9c40b9bdc8ed427d29c469d8976a5b785d050f3d2e5eb287a064c54311bab32dcd5f240682babef59c6ffa602669f3ce4590b054e2550444f249b56666b7b2fbec29b33d1b29ee653e388f9fb54b00635ff526dd9":"82b6a44b0f35f946fa0fd4628738e61a0bdd421a8de73f3d2efa25216c789080":"":"":"1f7b951d147ddbf21fef9d4849044c44b757309da8f0244f71e4d8301e1fd50c5e46407f5bcbed83eaefdf8983c330dd0a67568e866b20b48c2bc97dc63a7c0d3eb60f2488b1eefdfaa7b8dd43132511b4a2ca80bc9e82851584ec4ae463444aadd3c8e6db2d4469ad9750e18a31337613975b3fa0629b9a22bccb235d20157a4427acd619324e881e68f5615c65e59a566a73e4ce9d484fc5b0b29137c4f339be84781cad67d17de03099b1d03ac45106c1f2eb5b380ec84392b7ba5c91df4c" HMAC_DRBG NIST CAVS 14.3 PR True (SHA-384, 256, 0) #4 -depends_on:MBEDTLS_MD_CAN_SHA384 +depends_on:PSA_WANT_ALG_SHA_384 hmac_drbg_pr:MBEDTLS_MD_SHA384:"abdc2ac24ba7d92ed9f518d9576510969f8d22074bed9b7639299d2137532c50faa49b5e843f417693a2eebd0ffd3f27c0ad2d8bbfdb912ed4d1ec85165d4ae577a92b1affab63070e25dca8bb1b035c8bbc5d3a07b4fe094690e4a45b99f9e5bb6b0bfe823f3c2a148732fd43db5e5d":"8c7b18ce389664fb72e777e70b533ced4c04b0c290fdd45b86b6b95708d74187":"":"":"c3d1420055f71a43264ab8da92829fa1b8937346375349d2e256705d933a21352ddb4eeceb36cdeab38cae58da81bcbe6deafeca5d7f018a0514bbc285f436b574ffac2547d26a3f9aef21b66c1e70b45d372e4dc2281182ae94667e442f39e1b9b2fc2aee06ab306095a904614613b513cf1af5a9df12b996cbe88cc3b25401790034ad0622df43af4cdbf9cb681538c79189a8260cf9c35378955f2ea859faa78773854883cd94bde4c0f50d4c998c278e47787e3f74f3dbb98f710366d315" HMAC_DRBG NIST CAVS 14.3 PR True (SHA-384, 256, 0) #5 -depends_on:MBEDTLS_MD_CAN_SHA384 +depends_on:PSA_WANT_ALG_SHA_384 hmac_drbg_pr:MBEDTLS_MD_SHA384:"d20353e175f4ebd0ef5fe77f7f6fbf5340ba07934828dd296c041a63de841002db0d21ecbfd5eda2bce80bed6f73c23d3f18900bcc02791ba9cae668fc33fc60ba84c6eb40afbbfff18be5c4960ce57ad67dfc8c1eabe61a299881c0f326f7093c1a232c80467772e707dbe75b5558d4":"f38f23461c471181a4179323aed247299df11ce145fbab9834b85b3cb42a10f5":"":"":"76a4994edba3d0d9ffee9ccb7e12a75e79c5ec1213f45ca4c50ad629ac533e5e6dbf58f8fac193755e74f9e7a75eedf89472e91d394e32eaed86efa4fb2f9e7fe4bec1d9c7a30fe9bd17c2cda73d136e752a9b818cee6f1262028031bc09cb81b89156138b571f03afa69dd388a807a8cbe9c4de66cad764114f9a4a6419ea70ccbbbff9dd774aea8a2d6b1d20d0a577c59953661f0a87b4d795c2626a025d733f43bb5cd1df37f5cf542c7c8b6bda061cf4693e0384060e63090415d7470cb0" HMAC_DRBG NIST CAVS 14.3 PR True (SHA-384, 256, 0) #6 -depends_on:MBEDTLS_MD_CAN_SHA384 +depends_on:PSA_WANT_ALG_SHA_384 hmac_drbg_pr:MBEDTLS_MD_SHA384:"a58ca5154659ba58fc1b468c909c667e1b5087884c01ab15f86fb5a431e982c1c041be0aa014fb310019fff65f40ff13d4469b123223ae44f4f4ac0fb6877a7890f969d39047e39ab23882cd7838e16e64bc361fe18136471dea2e71a86ef2d9f8f7e1d24643d7df292409ff8cba0f13":"dc05980e40f07a02fdb150af580a7d195ba26f4fa72a1fe513ccc2cf6e4f699f":"":"":"6ad4543c218cb6aafe65e6a50c4f9ee9d5c7a3b9a0112bce262f49f5b0d20dab7225fd0acffa25165729d8fbba038eb65f7e72f136e5bb82e8d94698dd9b763c38f3041ccece3b04189aaabed79e4d4213e24218c5fccf5f9a0c3902875564431f4d670e6e60e1dbabcc4642c3ef895c115e28702927cb98d509f9341ac7ae2c6ef6c2dc4537e909c81a9804057b6e24fa63ec5edce835e624969a969e2c47c6dcb7e9bcb2bb8f344d2b9855a43e26c0606466887b28b67ffd7f99d374812d11" HMAC_DRBG NIST CAVS 14.3 PR True (SHA-384, 256, 0) #7 -depends_on:MBEDTLS_MD_CAN_SHA384 +depends_on:PSA_WANT_ALG_SHA_384 hmac_drbg_pr:MBEDTLS_MD_SHA384:"9d6e99a11d63cab5aabb1462abef66bef31a2886cd172651bbf30f65b16fb8f3b93b5042a908510d8518330538a06253959da557d2b390c6fe0b7ac6b18591e5791d275c7e3d558690719d5967d026a80604a389946e2a55486b5c49c2984990a2e14824aa2922e6a59892c5e6d969fb":"af631e7990394889b84d851920ce8877934e706b780908a07211d45b247584a6":"":"":"9f33ba9083c7f4088c9505622cd5b4937b7189b0cbcdcf352c54ef72057594b8568cd4b13a4bfeb61261d27f5febbf2cbbf902a8d55f6bdf669238ae84b8abc58826841f7f62a0c5bd9f74125cecbf8e3b4c1ec88663114e7c248c41cce92e73b05eb3f826100c1b2683cbba985d2ab694b5de1ed8624628917ec9bb97733f337298c0459f198c7a138f1670dfac0d58f287b8244f0605f97406ef528099aa2ef290db202baa7fb221a8523344ad836c9a2bb25e1ff3fb4dc20f69ebc9f0fdd9" HMAC_DRBG NIST CAVS 14.3 PR True (SHA-384, 256, 0) #8 -depends_on:MBEDTLS_MD_CAN_SHA384 +depends_on:PSA_WANT_ALG_SHA_384 hmac_drbg_pr:MBEDTLS_MD_SHA384:"df7c57519ae3914c75174b3107b7ddab95df936c5cd7c296b1cb1ea06249915cda22bac19ccf2d522137989d5a42549809277ba155d04b3353520f4b5c2f18120bb4b8442130db58e9d46a1a41f5627c40a6b65a4f9075460b7053202a6e5b12b9e07ae6ee9b4945d4235d0b736e88f2":"10a198b05830cff2fb4f5b0317c258129396edb943769292753095b58bc8fece":"":"":"17b9fc6419c17534ee16aacf32550cbf58ea1f073b8e72fb9ae6e94094e797f216703da428394a1da8236f725b191cbec11531a1f87946c70fb1440a55be7d7d18c9b5085d626dd0cd9b3bd63a9014e5d14eef636beb694dfa7f781e83f3c1b4fe5519ab1a505d1be5b812514f3a39814601db104afe5726086f6bacb61c00ab8210239b2891938e97fc53de069f18a6469999727a904403bc53c6c73c7b3a5f9f37f380563f1281cdaa1b4bb4a636f849717c307848748172ae0191997abda8" HMAC_DRBG NIST CAVS 14.3 PR True (SHA-384, 256, 0) #9 -depends_on:MBEDTLS_MD_CAN_SHA384 +depends_on:PSA_WANT_ALG_SHA_384 hmac_drbg_pr:MBEDTLS_MD_SHA384:"2e403c307a03d766b61001842f85caf91a5eec97a49934547b2ce63411916495f3e102d333269e04381bbf140a28a2d61fa6a5f2286079619f4f4fafeb5c520c602d0ac3190fd500a3402e7c0647ac76c901e7c58e012cd6b9e83d2a969f0d0ae4e08ed5cb601fc72596a72b4854f246":"ff1d9eed8cf59f5708e41924cf13fd5d30ccb7dedce3062dfbb2c4bb4d36b65b":"":"":"e5e20f2cb063c1587583a381536aecbf0b0cb4400c99a74bbb6aa15f338b3e67187316865cf90e691d99466e34bd6612985575122c6c79848d4e2f26801d98e49c002f4063019394f4b3eee908f2d6b56749c260e56ece4e0431650a8bd9735879ee6c9bfaa5d44c07e7ff6978883c36597c31126386dafbbe035579819068bb060348629f74420bd411f2dc858d46dff0bb4f79946af96046da2c2cb32e0aaded4eb1ebc8748f277317f9ffb9aadac1bf5e6654ae7131d5ee0c765ff3d49d9e" HMAC_DRBG NIST CAVS 14.3 PR True (SHA-384, 256, 0) #10 -depends_on:MBEDTLS_MD_CAN_SHA384 +depends_on:PSA_WANT_ALG_SHA_384 hmac_drbg_pr:MBEDTLS_MD_SHA384:"4b1240cedb84ee3f395317e177efcf03b0fb57be1e01e3c206170877a06ec2cc077e9751b4eec964a4422d010ef1487456fc16b3e6e7ccb8a06230144535274215f00afe175d394cb04518b630ba7255ada0c6676885801a8f503c55c38850de6f7904b40cf03fa195cd16ea2999347c":"9043ef3c775f32dce1902b9efdc481f61f29220eca53bb904155f2aacc3b3706":"":"":"4facd2fff1828b9f4a63f639503cf6533a4d242f316ef7168fba44b52b876056bb0fd040d5e331d2746169cdc88ccef74dcf6c642c1d1a0db4130f8be9ff88555de4c2a7a5824f005cccdfa6074df3385672eca57a45679d69dfec232cc8b1bca87f6f9c6cac2f630498d52449a5d1b328a6d2ac1a9054a0658be589bc277b7750ab5d647a73a15a059d72608f9d299d11f9fb417a37ddc1b52c8b8859c2949e5ebae650b9cf8b4fd771288e582dee38178b154e681eaf74d4d3f35daf00a309" HMAC_DRBG NIST CAVS 14.3 PR True (SHA-384, 256, 0) #11 -depends_on:MBEDTLS_MD_CAN_SHA384 +depends_on:PSA_WANT_ALG_SHA_384 hmac_drbg_pr:MBEDTLS_MD_SHA384:"c2027d8c084e2c6fc5d535726312bc6362372872cd37bf07cc1c3870f3b59a970c62b84a10d1498b2e02027d854fd84dd615e29e7c204579968569386b6f08393322c4fb36da4398ec4881ca9c17905b7b2fa28722c98d404e93fbaadb165411d41256a0dfc806a19df0f526571c80f0":"8c5c93583dbba016531aecc1da7b010b9559785b2e8cf660ce17022f8d86be78":"":"":"54074cf184040f57716e9eef80ed0e006cd029b99ca568fd7639c4c1b0f7431933516830f5f87b157fdbbb2af7ab57f6faa26323f096c8e86136e49d833665a6cb3a22f7d5d38290c2e9a23c62dea6c51b958460b263566c5c0e4be9adcb1c123b55879f405f11b3c34c24852d33c64d6563ee46cad14ce08d5919ddbffdfaad0bef8d8ed9974f1d95917e2b108d9519b13c4f6929429d2dc44ecace7799839ffcae035904b576e71e92b0a89f39e3b3444b75ee0705419c3b3533c793605eb6" HMAC_DRBG NIST CAVS 14.3 PR True (SHA-384, 256, 0) #12 -depends_on:MBEDTLS_MD_CAN_SHA384 +depends_on:PSA_WANT_ALG_SHA_384 hmac_drbg_pr:MBEDTLS_MD_SHA384:"02ef640b9f087fa48457918d7bd6e910d7379bdd89e1549118ec67880dc3c4be3ad95397b8fc88bfced5aa76941716bf4c26696e9540d759c8c6b8603d5c40df267056c79bd8a3497b77052e498953493eb853b56c41f3286c09f1ec88637f95a1cb7e6e0efd3acb8a8fa4de63d10727":"38e664b930fb072112e6d47bfc5538b0d48672a12769f3eb860243bbc1c5db75":"":"":"c399e8c39ab174fa8cabb7e73845d8d434dcebc21062edc69d02928b0de4471517496365bbd59062a43408215f5b0f35971f4c48077623860206e0e6af8de751e6fe45eb6648a66e8ac5e603043c5365be3015af858fa2709c6c7b1cd22701dbbf4ef27fa45e6d7f9df4e8a558517a38e26bdd82960db9a92a0deee98657ab514913f134cb9362756a78ae4afed3a6c89e86341a8fb20b5cdfcd56933363f83e8c55c69adbf8e8d7199bc4f93b72ae1c4d0939b564d98e7f052c66e1e0988ca5" HMAC_DRBG NIST CAVS 14.3 PR True (SHA-384, 256, 0) #13 -depends_on:MBEDTLS_MD_CAN_SHA384 +depends_on:PSA_WANT_ALG_SHA_384 hmac_drbg_pr:MBEDTLS_MD_SHA384:"2f280ffe3306764839899faa89213139a40462039f4d9c55feaef6728c24cc636819357f6ea65badc8e493b99d5af1d995d14d81e39802711977d0a1c5783bfe3c290bc469bb9af520b0faa06f230fe6c4ba3804e39e3226f0731f09579e105d726b089d1c37c72e3faeb33768d3f20e":"e3d99860e8b1e9297c60b17904be8525be831d71dbd3f454f085d1758ebe7160":"":"":"45400ec700a4cf8309fbea94aa4fcbdd22c859e0f7defa746085a2f4ddb9db16efbb0c2fff798c99ff4e9e11986f4c330f3658e34a146f8d9071467228e3b0ea486cfbc81da3e739a301fe51b620d7d27fe9da0e4b875efe3c2bd0fde31f608015ad71cac9c95bce33e516c62fc45a9fc85a78c142416d7fbff3a83602dcce3add6301ca6b9be565e3cf06ad6f22855d57d9c184ed7214adc1bb014a1b6dafb86989283fa3a4be10c410442d761c98d2d3f94bb0d97ba1d5c8966eb47b0fe6ec" HMAC_DRBG NIST CAVS 14.3 PR True (SHA-384, 256, 0) #14 -depends_on:MBEDTLS_MD_CAN_SHA384 +depends_on:PSA_WANT_ALG_SHA_384 hmac_drbg_pr:MBEDTLS_MD_SHA384:"8f3ddc4230f8320bd18cf078c04c62e248fcc326980301174617a9e54351c667ba4c31a4c0e7dbd7336c27c0b8a034f6fd947b0a21e580e6c2dbfbd44d01f5fb4a51dcd2199df9f1803f24c5e774f048815302e016aad33254d308c5457f368965c15b6204e191c2a252e4fe88dfb978":"9bfe9bc055b3215560cd285553372c47cca422fca574c0d22d7ce5f2dd40b084":"":"":"34f550231d31c1b3a3db331d341ada3b987120d94e431831eea67e8d208f9cf1800549d445fc7befbdcc2488cc7f4340560d574fcd2396e9ecc9a232f1015cfb26db451623fe47ec8bacee1756573e74e519adc62b23ce86fc191ea5e13da9c7a14496426c6c53dfa7c7ccdb67d6164dbe88cbbe7f48d4971993003ab24f3eff18bd52c2661992e8f8da93bfdd28f01fc32edb439ad130352463084041e9871c431ba26c676ecd7812991833113cbbe687651e93aeb22a6a44cffc7a3fb214b2" HMAC_DRBG NIST CAVS 14.3 PR True (SHA-384, 256, 256) #0 -depends_on:MBEDTLS_MD_CAN_SHA384 +depends_on:PSA_WANT_ALG_SHA_384 hmac_drbg_pr:MBEDTLS_MD_SHA384:"8b285ce6b4da70c83fd72aab1b4be62101bf9b29e168726ea2f670aab0deaefc5da3404c494c6019ea33679e37cec308dab13e0cb060f66c1c83fc6fba46477d1a3c802edd7594db0b297dedb9ccbc800c817f05658fb9b4c99938ae2140160c4a16d548634a353bc285cb38d0e93243":"723c0f287db4af285c195cebb1104a106f22e8b243fdcd0566228ab5f227a9e3":"881a1874c800db068b5913d195058d0726458de3782ff530af1a761f9628547f":"0c27cf271bd7931d187ec6f56038519674468fa2e7e6f994904c9f1afa346939":"51e042dd56a193908c9018c25f1c1a8b5e2734b055c3b7fde6a8ba9ec2b959349df29295abb0a24b4715f98d31de0a369e6262c2b2cd49c5462b7ae284e921f5ad2ec013edc1611343c228683f4170f34a75854b1b656d226e294172d488c10a415f09dee70984b9c49e8d36863192301d1762145e0d9e94e99bd30ce8490438ed050f418cf4ba0b07fe90a82d1ccf38578d99edf0518c4a758a199db4d3533c4dbc55b1da19840b8f365a574aa01647819032dc0ad641388c2093ebd4ab5d99" HMAC_DRBG NIST CAVS 14.3 PR True (SHA-384, 256, 256) #1 -depends_on:MBEDTLS_MD_CAN_SHA384 +depends_on:PSA_WANT_ALG_SHA_384 hmac_drbg_pr:MBEDTLS_MD_SHA384:"5b5c670d3e0e97a21cfd5bc3d038f0c3d2578cf3147f5545e5118a04c4eac727b50734939e2fd0aba704932ccaac42af316525e3fc5f1dd224131d65f8d44ff8420891c0af7c78f9cf766097fbf0f8bfdd131db1801275c28081e6063c0c4d6242f96e40fc513608289f378bc4f18518":"4cb0e590a1d575b6a2df9cb0243895263c894a990b6798424bea9ef199761d08":"feabcecf0648665b08a7c690add6ff75744de3916d5573145c35517808605beb":"fe81cf8978798311ee6d1c5d6145b3832d9ad1a1266fdac0f4fa230c631e9ba0":"62aa5e9b8a07bed2a5d3eef0c73bbc841bb8cbf544d32a2889806ba501c6768aca98c19b83fd4fb2cabf120c05716b9eac9b77d561ffdd69682308f80fcf1c78409f3b21749bf71abdb209660716a39c2562e8ae1b3478828bf35ec9d3f9712d95f49a36b9eaddaf1b249f023c36d09ff1b6f3df6d10e4e336763edef9501827d5171c507eec405bae52d56fd62f90f5c58a2f1a7310530df15ca6b7841a2871a37cae583e6b388978c118b9600840f5540af529bce0a24da8f906f601fc270f" HMAC_DRBG NIST CAVS 14.3 PR True (SHA-384, 256, 256) #2 -depends_on:MBEDTLS_MD_CAN_SHA384 +depends_on:PSA_WANT_ALG_SHA_384 hmac_drbg_pr:MBEDTLS_MD_SHA384:"64cf47e52f758df802c2b37a4841c73a3228738d14b439a7d02b13fa3024715c744721e49f25a0e73e821f69786fe2d91ec1cce1d1cbf2dcbe5bdd2371c0a5df050841b6f07b1a2c0d064bc5e06ecf2ff9904928febe0bfaf3626df5bfb79fee1474cc8dfc3ae268570df2811bc3ba3b":"c3f0b0471d5273f40e74ccd71712071fa411b72b0f5a98c9eea9a5f7f176967e":"4df90039bbb54d8753b19ccb6250ffceb7279c05f6d69b5c47801c6fdeb1ddf8":"181d12bb126ea840bbf9e6ff5e68f8ef53f69071d223bff593a63e4e0c65ee1b":"8cec490ebe0b4837f040663de29e2c6dc801d7953cb2416d245ef66173e5d7baafbb77fd2c5ce69b4b8995bfe51f5f33cfffd9e9b1284fb8657bb7a3c26f5aac500cc7d3737fc81418c94d3db1a63f4922ca49803c04fdbc9488e21d9c4bc381c48bd9f7e5cd1ed6c6fa9e889e463dfc3a313812245a66be220266707a5358e25807ccb11f24780e5ef82c84a8803f72dbd21f55d96362d7cd8abbfd9d21f4e3dfac33326a4e538476508afd87e030d92328a91c91ffb16b054740dc3d0a2130" HMAC_DRBG NIST CAVS 14.3 PR True (SHA-384, 256, 256) #3 -depends_on:MBEDTLS_MD_CAN_SHA384 +depends_on:PSA_WANT_ALG_SHA_384 hmac_drbg_pr:MBEDTLS_MD_SHA384:"690a8be904c75e41342c8e2548abde2e465612a632710179ccb9c1dab76c4615bdaeda1587772638a61747738b96cfc94879325d2cf1cc0269d877eab8aa233ba8d7f1ff44e9118a128bcd8cc687eef58940343d27ba1d800aed9e2e911a8c83b8460f9d72c7b92852cc178d3d0baf6a":"5dd031fb2df56c510b3cc3c02fdcf6cf3ffa4a881e7475a8631073b3ed5e3c62":"a0a861238b2b9ea03582eb4703bc33921b5376c27004710d416ff921d6e6fc60":"3cef66f75aa682ad5430bdf0f01dd1f2c3492fcacc6f80ab351cfacc1c6b6ce0":"92b337a3364059acfcaef789ac1ae09c9ed05fdf69f5d5da7a1c9b6962d3a3c71a4041dc234f7be58fdbb728f8f5fb10404558f21d9b4c818fcadf5d6bac8bcb044e5b2fbd26ee08398dc8904c271e8d3d184bbf61f77c62fd3c8f1cc1ee2f8c4620c513f3abf5e312b431e8608b29cdf528d892ff03bc0a9cbd202b9da1d052ae2bc2dd8723198a1b3017ade2803c3dc8733ac33ddbdcef7a9948d64f72da0716b32dc6eea224bd49a7349a1c32e8e325ac11e5fad8353cf85d9eb4b72b1954" HMAC_DRBG NIST CAVS 14.3 PR True (SHA-384, 256, 256) #4 -depends_on:MBEDTLS_MD_CAN_SHA384 +depends_on:PSA_WANT_ALG_SHA_384 hmac_drbg_pr:MBEDTLS_MD_SHA384:"0eba7b06309f0dc4e2bfabea57e1d01a5a3e711398320925647008abf19cae194efbff93968c0a7d1c7623ee1e3987cd95c3dbd1b2ba94d0b2d416fe2f2f6faeab46646a378e931bb5daac049333129ce7e20e53117a0f68baf4c86a3ee5e787b02b53b1e0140430e77ca86f242d7f90":"69adc69e03cd113c34ae6b89c7c2fcfbe987e426da865f7c8e052da4bade343a":"729489cc7ba4f3f96f77ff365fd5380cd83cc7b17b150d327c5b7632f1cb0460":"59892fcf99ce719819774539ed4f10edb7cd35cd66969137a88ebe6336da90f9":"565e3e392a9f364df0b575d9444aac262f58ce12312d5ac9832ae6351b6aae0398e0bedd3074f57bd4e9f0e89a50d627ecfe11fe9aea09fce563eb34efd27610a3255f81f953bb3f222b15c019b9d812150f7a1f19126994c505d9ce5c948882a1f6c5cdbc7050461ccdbbb7aae597dab53a12ea6bfaa4d4710188d690fb0a0a34df7fb6bba949fd6a8565fded8e4832ff7f6b08a653a72b8b88782b8d77c1f217e8487163fdbddcc88a83d8bdad479ca75fdbcaf02250db39528456942119f1" HMAC_DRBG NIST CAVS 14.3 PR True (SHA-384, 256, 256) #5 -depends_on:MBEDTLS_MD_CAN_SHA384 +depends_on:PSA_WANT_ALG_SHA_384 hmac_drbg_pr:MBEDTLS_MD_SHA384:"9dea5f271193aef61bd72c76a581d65eadc8002b258a4d548c7ad1cb587a5f681e9709eab5e146833b01a79a34c352aa642a7a376595347c0203a8a0456af4e9859aea62c887166b3483e0c7acdd5b99a1b1a466dc0709cc6ba133abe29ecf3f3150d664d04baef8854fd86a5d8cab19":"895e5039eeb3ea1d197614a683c84d7780ac8724192bd6c35fe81137bc23e4bd":"9e8669a67bf80c695889a7e875a9ad1954b91e4bddd0848313b4efb4b00b14fc":"2e93a8b96ae1966e2a052db0d5c2d5b76cd7cd23494bb1170a33a9ddf39b21ce":"71a0ea8b9884e979f4ed546cee3688ebc399b41be38578f15b99d9621de0da3e671182f6da612334edb8d3a6d5e34c2872e277942854350526c3e000834bbe18cd5f2f336bcfabb42c4aaeb19b8cefa3f7066a89593960fabba244812d15c5fa7a7281067c789745127ee2b63b14237136c54864bf86ab7c377414a7933b829fc3052e8c26c698459a83b1990c093305372aa608c967bfda719e98c4c177764b72d184586f7b63a8e75f78c9e5e1dc045c3eb5b30c7147c69100c2cf910d4f3a" HMAC_DRBG NIST CAVS 14.3 PR True (SHA-384, 256, 256) #6 -depends_on:MBEDTLS_MD_CAN_SHA384 +depends_on:PSA_WANT_ALG_SHA_384 hmac_drbg_pr:MBEDTLS_MD_SHA384:"2b4c85aac528f5cf44e9018795a1e8f810220ce318aa174bed9db372602c00f68ac33625739f299241d1a8381372537bac392411a1d6849aa6610a177743afdf45cc524838fadf1b5feaaa9983ca79a4508b5e4a275514ef4c04c233c3dbbca32a00d0a1628323b91dacbe499c1ba928":"799a4b3c9f62c2f6aa9e91604e742dd06ff9f77b15d3799684e1dfcf029d807b":"1d15f59cb3e102d5ff47ad4c0aae13631ec4d300de4247137aec5b43e5aa4f79":"f43801851946f97208909f1ad0f79d6577eeda70067886b270f55d626d966fbe":"f05e50192528ba1185cb964324141c1d195f6e26c42164052a7b7244797c3084d48bc5e6e1a27e64562cf2fa36b4de30132a082de2f927059731d084e2042eb7720932ae8e1741f05f4c75079586924cc43a6cf3f5525e037b089674121c2741f836372f219a33bfcd910884abb166eeeed1840672663e0455b18bc7c9fcf20967b25dd77eb37e00d8fc40b0788c08280b0bd8878c504d982db4d3d2476f5fe6785b1959d1bfa2762c00efe436cd217b6d01adbf7da08d23254f1be1991d200a" HMAC_DRBG NIST CAVS 14.3 PR True (SHA-384, 256, 256) #7 -depends_on:MBEDTLS_MD_CAN_SHA384 +depends_on:PSA_WANT_ALG_SHA_384 hmac_drbg_pr:MBEDTLS_MD_SHA384:"a716af9e058eedbe937ef79ee21cbaf4ac1ed0e2f4863eef4ca1e3e972f33326eb6ecfa7bc9bacd3d90215a3db843b24343edf7ada9e440a206df7f38f8cbd1d38159b8511f2a93d1f0b5ace8a89c0d823fe001656c3dde659874df88dd60056ced293cc49d64a71ee6b23199c9b20e6":"648aa30cb2687d857d309f702f6dae1f30edc824493d6e83a9e26d94f28948a2":"39c5a6514f3d399ac41b2640fd619312332fe053abf1b2a19472a58c28345347":"c912a1bb84f7aeeef79d73347097e09f6b8fb7ec593176cebbbb56af866bc309":"5387674cec52da2a9743b2556fa9874c0866e579079954cb357f17fc069c2e345c1ca80081040d620fba150c22eb1b8b2c7df082f637855c396ad6417fd383f8e93b7bd91693408e951b7572269c0ae65be8bcc9844f9fd8401e68f6fafdce195162154b34fdd5db8559dc11cfd3cbd3d391a45065761372f60c5182fe4cc162304061f86e666326c3332010fd388626cfa9ce1252982cae7b6eb1b8208c79b7b689aae9084fd180d00962fa4eea79f612ab7ec5fb51394f6f498528ad5860e7" HMAC_DRBG NIST CAVS 14.3 PR True (SHA-384, 256, 256) #8 -depends_on:MBEDTLS_MD_CAN_SHA384 +depends_on:PSA_WANT_ALG_SHA_384 hmac_drbg_pr:MBEDTLS_MD_SHA384:"af405b42f8a67c349bc10d4d0b97f56cce433e1d34cebcc75c2850010d20cf74f61b23e1d2f964ad6c9a8d65c9f87749da279902d5c30fb67207d72be55451337f34aaa8e598b9ef55fd36224ebee4b5524a93f1513fc21fa984f0a76c2bcc98ddf39823d0a87d501b3515e3ee9fd4d6":"1cbd963d49b2553a9711687bc50743d820588049cf097c100739f857b3928fc0":"e0d336ea552a6dbc132f194ac9ab80a34a54f4d331a55a070dde6601d6d9084e":"91e882daaa304874fb0c063718984ac53e1f0716ca8c9210bdcdddc142c84082":"0acb19f2a65bf0e1d9f9561d8731fe0f0c178443f00faf427973ad45f2df4f4d21a4fdecdf96c34be28e389d8caed96b515ecb215ca915b38c715015e1b07949263fb65517ea4bcae361d76c418cd2c58d29010ea79b9420d1cedf937d3aaae7e29c2170ba88c8328664d884ace90e88c66200033d19ffd52f668b00b0df088b7942377c1aec37b3c304521c394ec749efbb252669e0c0415b8b04b995fc224903b0843fbaf0be1ce804c9f14a5e97afa70d0fca9cb708ad20388730aa9de020" HMAC_DRBG NIST CAVS 14.3 PR True (SHA-384, 256, 256) #9 -depends_on:MBEDTLS_MD_CAN_SHA384 +depends_on:PSA_WANT_ALG_SHA_384 hmac_drbg_pr:MBEDTLS_MD_SHA384:"e9ecd00efafeba4fa9cbab22b1b5288c98a36ff1d6856592a288325968c31d7d88fd2be5c82d79413b33c1dbe972859822ca2c8a92e7812479c14fa292a627a8909c3a953a2758d42f22a18682ffa219aa9908e06f521be8fb59ad58e5651aa9d6b95983e23e54cd57dfc82b2077bf96":"adf1f50a295d88f68e8c07a180897d8e7b49f7cc6cb78a3b25ee10b0583a0f0b":"82de6a73568ade5e5b0d8ae37c40ff25e858a7055346020c5e47feddfef75680":"cd0e15d764d2355ac9f1cbd5ea519ed1756a3bfaa55e3783b738c03bdb42e371":"1e592e5003fc0f3f81a7aef2272527980cc5a9ac7286a621513b9c7ce2ea94fbfa255ef2654d673bb8cd13f3a033a7701304acbbe8d19b82a61d2e77e7251f98b0e28e1a694f9cba2c86c7c8cb20d9c2986e52052f701596e3c837af95b166cd227f2fc00edd3ea62b57f60262712b2f71479569c119cbce9d771f8a2cfdf832aa8d70e0a912978fb2bb33b27a185fb3a4caa3a18913aeab095ac088d14381802117af0cc1d97c06fe9730bebbff0adf2ffac5995d299e4defb0722bd93f0799" HMAC_DRBG NIST CAVS 14.3 PR True (SHA-384, 256, 256) #10 -depends_on:MBEDTLS_MD_CAN_SHA384 +depends_on:PSA_WANT_ALG_SHA_384 hmac_drbg_pr:MBEDTLS_MD_SHA384:"898a6c47a5cff500ea0f5b18b5f0b4bcf7e75d6d7c92025f9920c666dbc1c5ffc48972e1d519428f8d61dfb5e300b48f2660ff53e1ffaa3950cffc50e17a874182236fbb555d35ced33302ef87b84c0ad31e87441ae365350452a39470567bc009871a3c9785bda4569af33d03d46f08":"9e16568a225b80e9011571f3b55102cf6362e26b8a60fd33680d4e6625738e5f":"b1c65d6e51ba043f63b4251ed58e9a8eebfc289f6285705f8ef44c202c9b4a22":"245ee741a2041eda22ce7053f8576c0a43eae868fd95ad7d58bb921c155b1b53":"b076210688b06ab6b57edf68126dcdfce82b6f9285ddec102ed60730aa7530863076186a3f7affbdd4ef081b7f5a32fb461bc5755ab4f860012631b74ae357fbc3cbd64f0eef8789c6c9dca894a41a005d272b4a57e761f91d221636d0ec7a49f10bb1b4264938604ff4dc7bc97eb799cea9e3e1d7a9b4bd66d88d244e22120bb311f502e66e60c5c9e42731ad320b23d6b06ae92a132b093ad924a1a7e08b5dccdc50e257bfdb63bf5705350588f61e93e4fc5042a2cad1bd6d9fbc82e875cf" HMAC_DRBG NIST CAVS 14.3 PR True (SHA-384, 256, 256) #11 -depends_on:MBEDTLS_MD_CAN_SHA384 +depends_on:PSA_WANT_ALG_SHA_384 hmac_drbg_pr:MBEDTLS_MD_SHA384:"8e92836dc5e4bbf9598803efb0d3871e5418cf18f379479bbcbd9262558af6cb6d97e73decb8781c30f69b61c1f5c91a5ea1f10fb1eef74b480e583710d9a6a2e57f8cfc9d0215fa73d1ce9c1562f3cc34be187940cd317b69139ab9aa58d064b6bca59ee6460c3db4e8b57fab0186f1":"6d9afc769985218745235e5af280eb45cec81a2e920c284ed5c77105489e8f4b":"711672f2ca12e7d8f32445a87163bc00f5d0f52c2f6799ba513b68c07c350de5":"426aeab2cfa56cd3146c0eb9facfbc048a504eec3273256b5e4db3d66c89560f":"56325373099fc1dd194555c3a1e69358fc7f80fe6610412cb31c14cdc70c73a74d040746c6cf388fb9718e7446888c6162de73ac097c32f8b4b00dd7f115fed1821d3786baaa1f64885cb93c75531e99171f98d3c3576337c1c41c5bfe83f94cef2adebc88c0790398d4c071488699edd599797c1f8f394b3e00e66bc4b68a7cacd209695961713c3bf2c9a5c8589d935e171f775f366217e2634ddf0db5f01ab31760ebd9ed9724292bec89db06d0145fb824a76292a35f39b01a06c43510a6" HMAC_DRBG NIST CAVS 14.3 PR True (SHA-384, 256, 256) #12 -depends_on:MBEDTLS_MD_CAN_SHA384 +depends_on:PSA_WANT_ALG_SHA_384 hmac_drbg_pr:MBEDTLS_MD_SHA384:"a4f1fd83e53a406163862260fb9e2ec64d4af74f5fa41ff56c07c791b6bb6abbdb203670b1849afbf0931206ad6393798ff06fba8dca3318c29d9161c0ec18ec5d7d66847b1a618bb0e4f69fa1331fd1db5d5fffdeec5a2e045c588dc95a5d5eac6d35502ebe2e6a57318f15af53e001":"39dd79397f91a97432e5124e7b9b85928f62c598ecd19626070a81a5a8ed564a":"985724541d44c8b865672759c8d36ded75c2189c2281731888a741b305eb4161":"e2dae75950e417c18f1c3e5fbd66b1cc9fa617aa695c9d03d8768b9e197fea80":"703ab1f6a5332f01fa788cf73922a9f6cf856319772eeab07b4795702562cde350a8cf9395976fd227b08134feb469ca34f675c9b6f176ad684a5b0d02b4c135a7174bf0604a1546e7d8d978ecfd8cb6ae5efce3b228dc95cb413b010732c3e7f9ef8e547a93540e5e4aaaa3b0e5a8f45b83bb11209a03883c54f41e494fcbc66c2d57c01002137567ea2f99f7a1ed6c4c6080bdaa299d18f57bb3b386278a78b2ef23a03043e850bd9fd742527c45308e5b910fc586f9f21de7022d02b1493b" HMAC_DRBG NIST CAVS 14.3 PR True (SHA-384, 256, 256) #13 -depends_on:MBEDTLS_MD_CAN_SHA384 +depends_on:PSA_WANT_ALG_SHA_384 hmac_drbg_pr:MBEDTLS_MD_SHA384:"f331ebcdbc0d2dfbf54758680dd49dd0bd666d0505ef6ba1c4bbfb7dee62edc34ea9063632c8e6719bbe140c3c840aabd66e7702c384700921dc1838c6c5a832c650a474e74270c378abff021d60d1a1884939bbdc51c547c72c929c0c73ca7f78668d33fba197642be8ac2d41cefde4":"ec299e456cd1985a3f1022d5c05f0ef9040cc8b8297ba5e404d92a6d36c3578f":"954f464877f7258f99acbfb9adfe4eedc89da71ca82e3581fb5bad127b2069e7":"515f9e746c7407196610bbae963b9bc15b1658972a30e62be6f78caee1287e88":"5aa30a796d46e789c498352ade179f0cd3336418fbeafae0d10fbf7798917672288b3b2a12267fc0435d88b4e99809c1e3067f0d65c910b12a330334b6a23d6d30910d301438c2c999353e1f78019ba7b20eaf68b499ff1e88db0431312a66f35305c4f3c3a2750c95bbc07ccbdf1e4d123eec378b9be8894b597bcc029c664e59e2b3c23fd72841af0ddc9374ecef21885a0b54d13186dc0a66ed3c3caca9e41753813ae61015a952142bd4d7ebbaa3193598be1267be937745fb0de09aa70d" HMAC_DRBG NIST CAVS 14.3 PR True (SHA-384, 256, 256) #14 -depends_on:MBEDTLS_MD_CAN_SHA384 +depends_on:PSA_WANT_ALG_SHA_384 hmac_drbg_pr:MBEDTLS_MD_SHA384:"d99ddbd82ce9937cda083e30b3da47a6e6ca08b8f59f2fc934bb3f78e748bb28cfabddb375efc5f2025a53fd073a89b0fbec391290863ad862aa56fe6d945044e879ca05c3c019313f810dd559fa0e682d6b77ff7e612c7c40cd5231eece4018c5b3c0d8181ab44703f7a04c0a1c7c5e":"ebc2193d4a97b97d298f1305b2f7a54dab466f7c4e444831651cac29a6c5bd88":"6826aad41f8ac29e272884cb6d21300c7b0b3ca37205e1720afaf9f716f337ec":"5a7434648de82a3552e12aff800093776ca3e86565b29c0b3ad6c0bc3180623f":"cfc79a89a0a55dc9c6c6eccdfab5a9935335e806b73bab7f5eff5f9fea6aa3f47bf31f06d987a94e2bc2a4a6144ebe94d6f5aa8fcaabbf86a37c8d412207864322d3057b89fef358740c5962cf9e7c37072847fcaa6db693a5238ef270e8414e2b29448bbcc37dceaa75479c2ac5fee2d6fe9ed68516f6dbd90135ddcae8a12d1c1595e0edc34ea2bf00bee7ae773c240c2bc1ed828b7ff91a676891173eec1dabeecb2184df9186c3bd833e349351481655bda91bc0f4e419fb78e426de6b39" HMAC_DRBG NIST CAVS 14.3 PR True (SHA-512, 0, 0) #0 diff --git a/tests/suites/test_suite_md.data b/tests/suites/test_suite_md.data index fb9b5effa0..8cc7343755 100644 --- a/tests/suites/test_suite_md.data +++ b/tests/suites/test_suite_md.data @@ -29,7 +29,7 @@ depends_on:MBEDTLS_MD_CAN_SHA256 md_info:MBEDTLS_MD_SHA256:"SHA256":32 Information on SHA384 -depends_on:MBEDTLS_MD_CAN_SHA384 +depends_on:PSA_WANT_ALG_SHA_384 md_info:MBEDTLS_MD_SHA384:"SHA384":48 Information on SHA512 @@ -477,27 +477,27 @@ depends_on:MBEDTLS_MD_CAN_SHA256 mbedtls_md_hmac:MBEDTLS_MD_SHA256:24:"63cec6246aeb1b61":"c178db908a405fa88aa255b8cad22b4057016585f139ee930388b083d86062fa0b3ea1f23f8a43bd11bee8464bcbd19b5ab9f6a8038d5245516f8274d20c8ee3033a07b908da528fa00343bb595deed500cab9745c4cb6391c23300f0d3584b090b3326c4cfa342620b78f9f5b4f27f7307ed770643ec1764aeae3dcf1a3ec69":"64f3dd861b7c7d29fce9ae0ce9ed954b5d7141806ee9eec7" generic HMAC-SHA-384 Test Vector NIST CAVS #1 -depends_on:MBEDTLS_MD_CAN_SHA384 +depends_on:PSA_WANT_ALG_SHA_384 mbedtls_md_hmac:MBEDTLS_MD_SHA384:32:"91a7401817386948ca952f9a20ee55dc":"2fea5b91035d6d501f3a834fa178bff4e64b99a8450432dafd32e4466b0e1e7781166f8a73f7e036b3b0870920f559f47bd1400a1a906e85e0dcf00a6c26862e9148b23806680f285f1fe4f93cdaf924c181a965465739c14f2268c8be8b471847c74b222577a1310bcdc1a85ef1468aa1a3fd4031213c97324b7509c9050a3d":"6d7be9490058cf413cc09fd043c224c2ec4fa7859b13783000a9a593c9f75838" generic HMAC-SHA-384 Test Vector NIST CAVS #2 -depends_on:MBEDTLS_MD_CAN_SHA384 +depends_on:PSA_WANT_ALG_SHA_384 mbedtls_md_hmac:MBEDTLS_MD_SHA384:32:"d6cac19657061aa90a6da11cd2e9ea47":"9f482e4655173135dfaa22a11bbbe6af263db48716406c5aec162ba3c4b41cad4f5a91558377521191c7343118beee65982929802913d67b6de5c4bdc3d27299bd722219d5ad2efa5bdb9ff7b229fc4bbc3f60719320cf2e7a51cad1133d21bad2d80919b1836ef825308b7c51c6b7677ac782e2bc30007afba065681cbdd215":"f3d5f3c008175321aa7b2ea379eaa4f8b9dcc60f895ec8940b8162f80a7dfe9f" generic HMAC-SHA-384 Test Vector NIST CAVS #3 -depends_on:MBEDTLS_MD_CAN_SHA384 +depends_on:PSA_WANT_ALG_SHA_384 mbedtls_md_hmac:MBEDTLS_MD_SHA384:32:"e06366ad149b8442cd4c1abdddd0afde":"2d140a194c02a5598f69174834679b8371234a0d505491f1bd03e128dd91a8bca2fb812e9d5da71613b5b00952ea78bf450d5b7547dea79135925085c7d3e6f52009c51ca3d88c6c09e9d074b0ee110736e0ec9b478b93efb34d7bf1c41b54decec43eab077a3aa4998ede53f67b4ea36c266745f9643d5360bdc8337c70dabf":"c19c67eda6fe29f3667bee1c897c333ce7683094ae77e84b4c16378d290895a1" generic HMAC-SHA-384 Test Vector NIST CAVS #4 -depends_on:MBEDTLS_MD_CAN_SHA384 +depends_on:PSA_WANT_ALG_SHA_384 mbedtls_md_hmac:MBEDTLS_MD_SHA384:48:"01ac59f42f8bb91d1bd10fe6990d7a87":"3caf18c476edd5615f343ac7b7d3a9da9efade755672d5ba4b8ae8a7505539ea2c124ff755ec0457fbe49e43480b3c71e7f4742ec3693aad115d039f90222b030fdc9440313691716d5302005808c07627483b916fdf61983063c2eb1268f2deeef42fc790334456bc6bad256e31fc9066de7cc7e43d1321b1866db45e905622":"1985fa2163a5943fc5d92f1fe8831215e7e91f0bff5332bc713a072bdb3a8f9e5c5157463a3bfeb36231416e65973e64" generic HMAC-SHA-384 Test Vector NIST CAVS #5 [#1] -depends_on:MBEDTLS_MD_CAN_SHA384 +depends_on:PSA_WANT_ALG_SHA_384 mbedtls_md_hmac:MBEDTLS_MD_SHA384:48:"fd74b9d9e102a3a80df1baf0cb35bace":"1a068917584813d1689ccbd0370c2114d537cdc8cc52bf6db16d5535f8f7d1ad0c850a9fa0cf62373ffbf7642b1f1e8164010d350721d798d9f99e9724830399c2fce26377e83d38845675457865c03d4a07d741a505ef028343eb29fd46d0f761f3792886998c1e5c32ac3bc7e6f08faed194b34f06eff4d5d4a5b42c481e0e":"a981eaf5de3d78b20ebd4414a4edd0657e3667cd808a0dbc430cf7252f73a5b24efa136039207bd59806897457d74e0c" generic HMAC-SHA-384 Test Vector NIST CAVS #5 [#2] -depends_on:MBEDTLS_MD_CAN_SHA384 +depends_on:PSA_WANT_ALG_SHA_384 mbedtls_md_hmac:MBEDTLS_MD_SHA384:48:"9fe794f0e26b669fa5f6883149377c6c":"6010c9745e8f1d44cfdc99e7e0fd79bc4271944c2d1d84dba589073dfc4ca5eb98c59356f60cd87bef28aeb83a832bde339b2087daf942aa1f67876c5d5ed33924bed4143bc12a2be532ccaf64daa7e2bc3c8872b9823b0533b6f5159135effe8c61545536975d7c3a61ba7365ec35f165bc92b4d19eb9156ade17dfa1bb4161":"915ae61f8754698c2b6ef9629e93441f8541bd4258a5e05372d19136cfaefc0473b48d96119291b38eb1a3cb1982a986" generic HMAC-SHA-512 Test Vector NIST CAVS #1 @@ -685,27 +685,27 @@ depends_on:MBEDTLS_MD_CAN_SHA256 md_hmac_multi:MBEDTLS_MD_SHA256:24:"63cec6246aeb1b61":"c178db908a405fa88aa255b8cad22b4057016585f139ee930388b083d86062fa0b3ea1f23f8a43bd11bee8464bcbd19b5ab9f6a8038d5245516f8274d20c8ee3033a07b908da528fa00343bb595deed500cab9745c4cb6391c23300f0d3584b090b3326c4cfa342620b78f9f5b4f27f7307ed770643ec1764aeae3dcf1a3ec69":"64f3dd861b7c7d29fce9ae0ce9ed954b5d7141806ee9eec7" generic multi step HMAC-SHA-384 Test Vector NIST CAVS #1 -depends_on:MBEDTLS_MD_CAN_SHA384 +depends_on:PSA_WANT_ALG_SHA_384 md_hmac_multi:MBEDTLS_MD_SHA384:32:"91a7401817386948ca952f9a20ee55dc":"2fea5b91035d6d501f3a834fa178bff4e64b99a8450432dafd32e4466b0e1e7781166f8a73f7e036b3b0870920f559f47bd1400a1a906e85e0dcf00a6c26862e9148b23806680f285f1fe4f93cdaf924c181a965465739c14f2268c8be8b471847c74b222577a1310bcdc1a85ef1468aa1a3fd4031213c97324b7509c9050a3d":"6d7be9490058cf413cc09fd043c224c2ec4fa7859b13783000a9a593c9f75838" generic multi step HMAC-SHA-384 Test Vector NIST CAVS #2 -depends_on:MBEDTLS_MD_CAN_SHA384 +depends_on:PSA_WANT_ALG_SHA_384 md_hmac_multi:MBEDTLS_MD_SHA384:32:"d6cac19657061aa90a6da11cd2e9ea47":"9f482e4655173135dfaa22a11bbbe6af263db48716406c5aec162ba3c4b41cad4f5a91558377521191c7343118beee65982929802913d67b6de5c4bdc3d27299bd722219d5ad2efa5bdb9ff7b229fc4bbc3f60719320cf2e7a51cad1133d21bad2d80919b1836ef825308b7c51c6b7677ac782e2bc30007afba065681cbdd215":"f3d5f3c008175321aa7b2ea379eaa4f8b9dcc60f895ec8940b8162f80a7dfe9f" generic multi step HMAC-SHA-384 Test Vector NIST CAVS #3 -depends_on:MBEDTLS_MD_CAN_SHA384 +depends_on:PSA_WANT_ALG_SHA_384 md_hmac_multi:MBEDTLS_MD_SHA384:32:"e06366ad149b8442cd4c1abdddd0afde":"2d140a194c02a5598f69174834679b8371234a0d505491f1bd03e128dd91a8bca2fb812e9d5da71613b5b00952ea78bf450d5b7547dea79135925085c7d3e6f52009c51ca3d88c6c09e9d074b0ee110736e0ec9b478b93efb34d7bf1c41b54decec43eab077a3aa4998ede53f67b4ea36c266745f9643d5360bdc8337c70dabf":"c19c67eda6fe29f3667bee1c897c333ce7683094ae77e84b4c16378d290895a1" generic multi step HMAC-SHA-384 Test Vector NIST CAVS #4 -depends_on:MBEDTLS_MD_CAN_SHA384 +depends_on:PSA_WANT_ALG_SHA_384 md_hmac_multi:MBEDTLS_MD_SHA384:48:"01ac59f42f8bb91d1bd10fe6990d7a87":"3caf18c476edd5615f343ac7b7d3a9da9efade755672d5ba4b8ae8a7505539ea2c124ff755ec0457fbe49e43480b3c71e7f4742ec3693aad115d039f90222b030fdc9440313691716d5302005808c07627483b916fdf61983063c2eb1268f2deeef42fc790334456bc6bad256e31fc9066de7cc7e43d1321b1866db45e905622":"1985fa2163a5943fc5d92f1fe8831215e7e91f0bff5332bc713a072bdb3a8f9e5c5157463a3bfeb36231416e65973e64" generic multi step HMAC-SHA-384 Test Vector NIST CAVS #5 [#1] -depends_on:MBEDTLS_MD_CAN_SHA384 +depends_on:PSA_WANT_ALG_SHA_384 md_hmac_multi:MBEDTLS_MD_SHA384:48:"fd74b9d9e102a3a80df1baf0cb35bace":"1a068917584813d1689ccbd0370c2114d537cdc8cc52bf6db16d5535f8f7d1ad0c850a9fa0cf62373ffbf7642b1f1e8164010d350721d798d9f99e9724830399c2fce26377e83d38845675457865c03d4a07d741a505ef028343eb29fd46d0f761f3792886998c1e5c32ac3bc7e6f08faed194b34f06eff4d5d4a5b42c481e0e":"a981eaf5de3d78b20ebd4414a4edd0657e3667cd808a0dbc430cf7252f73a5b24efa136039207bd59806897457d74e0c" generic multi step HMAC-SHA-384 Test Vector NIST CAVS #5 [#2] -depends_on:MBEDTLS_MD_CAN_SHA384 +depends_on:PSA_WANT_ALG_SHA_384 md_hmac_multi:MBEDTLS_MD_SHA384:48:"9fe794f0e26b669fa5f6883149377c6c":"6010c9745e8f1d44cfdc99e7e0fd79bc4271944c2d1d84dba589073dfc4ca5eb98c59356f60cd87bef28aeb83a832bde339b2087daf942aa1f67876c5d5ed33924bed4143bc12a2be532ccaf64daa7e2bc3c8872b9823b0533b6f5159135effe8c61545536975d7c3a61ba7365ec35f165bc92b4d19eb9156ade17dfa1bb4161":"915ae61f8754698c2b6ef9629e93441f8541bd4258a5e05372d19136cfaefc0473b48d96119291b38eb1a3cb1982a986" generic multi step HMAC-SHA-512 Test Vector NIST CAVS #1 @@ -893,35 +893,35 @@ depends_on:MBEDTLS_MD_CAN_SHA256 md_hex:MBEDTLS_MD_SHA256:"8390cf0be07661cc7669aac54ce09a37733a629d45f5d983ef201f9b2d13800e555d9b1097fec3b783d7a50dcb5e2b644b96a1e9463f177cf34906bf388f366db5c2deee04a30e283f764a97c3b377a034fefc22c259214faa99babaff160ab0aaa7e2ccb0ce09c6b32fe08cbc474694375aba703fadbfa31cf685b30a11c57f3cf4edd321e57d3ae6ebb1133c8260e75b9224fa47a2bb205249add2e2e62f817491482ae152322be0900355cdcc8d42a98f82e961a0dc6f537b7b410eff105f59673bfb787bf042aa071f7af68d944d27371c64160fe9382772372516c230c1f45c0d6b6cca7f274b394da9402d3eafdf733994ec58ab22d71829a98399574d4b5908a447a5a681cb0dd50a31145311d92c22a16de1ead66a5499f2dceb4cae694772ce90762ef8336afec653aa9b1a1c4820b221136dfce80dce2ba920d88a530c9410d0a4e0358a3a11052e58dd73b0b179ef8f56fe3b5a2d117a73a0c38a1392b6938e9782e0d86456ee4884e3c39d4d75813f13633bc79baa07c0d2d555afbf207f52b7dca126d015aa2b9873b3eb065e90b9b065a5373fe1fb1b20d594327d19fba56cb81e7b6696605ffa56eba3c27a438697cc21b201fd7e09f18deea1b3ea2f0d1edc02df0e20396a145412cd6b13c32d2e605641c948b714aec30c0649dc44143511f35ab0fd5dd64c34d06fe86f3836dfe9edeb7f08cfc3bd40956826356242191f99f53473f32b0cc0cf9321d6c92a112e8db90b86ee9e87cc32d0343db01e32ce9eb782cb24efbbbeb440fe929e8f2bf8dfb1550a3a2e742e8b455a3e5730e9e6a7a9824d17acc0f72a7f67eae0f0970f8bde46dcdefaed3047cf807e7f00a42e5fd11d40f5e98533d7574425b7d2bc3b3845c443008b58980e768e464e17cc6f6b3939eee52f713963d07d8c4abf02448ef0b889c9671e2f8a436ddeeffcca7176e9bf9d1005ecd377f2fa67c23ed1f137e60bf46018a8bd613d038e883704fc26e798969df35ec7bbc6a4fe46d8910bd82fa3cded265d0a3b6d399e4251e4d8233daa21b5812fded6536198ff13aa5a1cd46a5b9a17a4ddc1d9f85544d1d1cc16f3df858038c8e071a11a7e157a85a6a8dc47e88d75e7009a8b26fdb73f33a2a70f1e0c259f8f9533b9b8f9af9288b7274f21baeec78d396f8bacdcc22471207d9b4efccd3fedc5c5a2214ff5e51c553f35e21ae696fe51e8df733a8e06f50f419e599e9f9e4b37ce643fc810faaa47989771509d69a110ac916261427026369a21263ac4460fb4f708f8ae28599856db7cb6a43ac8e03d64a9609807e76c5f312b9d1863bfa304e8953647648b4f4ab0ed995e":"4109cdbec3240ad74cc6c37f39300f70fede16e21efc77f7865998714aad0b5e" generic SHA-384 Test Vector NIST CAVS #1 -depends_on:MBEDTLS_MD_CAN_SHA384 +depends_on:PSA_WANT_ALG_SHA_384 md_hex:MBEDTLS_MD_SHA384:"":"38b060a751ac96384cd9327eb1b1e36a21fdb71114be07434c0cc7bf63f6e1da274edebfe76f65fbd51ad2f14898b95b" generic SHA-384 Test Vector NIST CAVS #2 -depends_on:MBEDTLS_MD_CAN_SHA384 +depends_on:PSA_WANT_ALG_SHA_384 md_hex:MBEDTLS_MD_SHA384:"ab":"fb94d5be118865f6fcbc978b825da82cff188faec2f66cb84b2537d74b4938469854b0ca89e66fa2e182834736629f3d" generic SHA-384 Test Vector NIST CAVS #3 -depends_on:MBEDTLS_MD_CAN_SHA384 +depends_on:PSA_WANT_ALG_SHA_384 md_hex:MBEDTLS_MD_SHA384:"7c27":"3d80be467df86d63abb9ea1d3f9cb39cd19890e7f2c53a6200bedc5006842b35e820dc4e0ca90ca9b97ab23ef07080fc" generic SHA-384 Test Vector NIST CAVS #4 -depends_on:MBEDTLS_MD_CAN_SHA384 +depends_on:PSA_WANT_ALG_SHA_384 md_hex:MBEDTLS_MD_SHA384:"31f5ca":"78d54b943421fdf7ba90a7fb9637c2073aa480454bd841d39ff72f4511fc21fb67797b652c0c823229342873d3bef955" generic SHA-384 Test Vector NIST CAVS #5 -depends_on:MBEDTLS_MD_CAN_SHA384 +depends_on:PSA_WANT_ALG_SHA_384 md_hex:MBEDTLS_MD_SHA384:"7bdee3f8":"8bdafba0777ee446c3431c2d7b1fbb631089f71d2ca417abc1d230e1aba64ec2f1c187474a6f4077d372c14ad407f99a" generic SHA-384 Test Vector NIST CAVS #6 -depends_on:MBEDTLS_MD_CAN_SHA384 +depends_on:PSA_WANT_ALG_SHA_384 md_hex:MBEDTLS_MD_SHA384:"8f05604915":"504e414bf1db1060f14c8c799e25b1e0c4dcf1504ebbd129998f0ae283e6de86e0d3c7e879c73ec3b1836c3ee89c2649" generic SHA-384 Test Vector NIST CAVS #7 -depends_on:MBEDTLS_MD_CAN_SHA384 +depends_on:PSA_WANT_ALG_SHA_384 md_hex:MBEDTLS_MD_SHA384:"665da6eda214":"4c022f112010908848312f8b8f1072625fd5c105399d562ea1d56130619a7eac8dfc3748fd05ee37e4b690be9daa9980" generic SHA-384 Test Vector NIST CAVS #8 -depends_on:MBEDTLS_MD_CAN_SHA384 +depends_on:PSA_WANT_ALG_SHA_384 md_hex:MBEDTLS_MD_SHA384:"7f46ce506d593c4ed53c82edeb602037e0485befbee03f7f930fe532d18ff2a3f5fd6076672c8145a1bf40dd94f7abab47c9ae71c234213d2ad1069c2dac0b0ba15257ae672b8245960ae55bd50315c0097daa3a318745788d70d14706910809ca6e396237fe4934fa46f9ce782d66606d8bd6b2d283b1160513ce9c24e9f084b97891f99d4cdefc169a029e431ca772ba1bba426fce6f01d8e286014e5acc66b799e4db62bd4783322f8a32ff78e0de3957df50ce10871f4e0680df4e8ca3960af9bc6f4efa8eb3962d18f474eb178c3265cc46b8f2ff5ab1a7449fea297dfcfabfa01f28abbb7289bb354b691b5664ec6d098af51be19947ec5ba7ebd66380d1141953ba78d4aa5401679fa7b0a44db1981f864d3535c45afe4c61183d5b0ad51fae71ca07e34240283959f7530a32c70d95a088e501c230059f333b0670825009e7e22103ef22935830df1fac8ef877f5f3426dd54f7d1128dd871ad9a7d088f94c0e8712013295b8d69ae7623b880978c2d3c6ad26dc478f8dc47f5c0adcc618665dc3dc205a9071b2f2191e16cac5bd89bb59148fc719633752303aa08e518dbc389f0a5482caaa4c507b8729a6f3edd061efb39026cecc6399f51971cf7381d605e144a5928c8c2d1ad7467b05da2f202f4f3234e1aff19a0198a28685721c3d2d52311c721e3fdcbaf30214cdc3acff8c433880e104fb63f2df7ce69a97857819ba7ac00ac8eae1969764fde8f68cf8e0916d7e0c151147d4944f99f42ae50f30e1c79a42d2b6c5188d133d3cbbf69094027b354b295ccd0f7dc5a87d73638bd98ebfb00383ca0fa69cb8dcb35a12510e5e07ad8789047d0b63841a1bb928737e8b0a0c33254f47aa8bfbe3341a09c2b76dbcefa67e30df300d34f7b8465c4f869e51b6bcfe6cf68b238359a645036bf7f63f02924e087ce7457e483b6025a859903cb484574aa3b12cf946f32127d537c33bee3141b5db96d10a148c50ae045f287210757710d6846e04b202f79e87dd9a56bc6da15f84a77a7f63935e1dee00309cd276a8e7176cb04da6bb0e9009534438732cb42d008008853d38d19beba46e61006e30f7efd1bc7c2906b024e4ff898a1b58c448d68b43c6ab63f34f85b3ac6aa4475867e51b583844cb23829f4b30f4bdd817d88e2ef3e7b4fc0a624395b05ec5e8686082b24d29fef2b0d3c29e031d5f94f504b1d3df9361eb5ffbadb242e66c39a8094cfe62f85f639f3fd65fc8ae0c74a8f4c6e1d070b9183a434c722caaa0225f8bcd68614d6f0738ed62f8484ec96077d155c08e26c46be262a73e3551698bd70d8d5610cf37c4c306eed04ba6a040a9c3e6d7e15e8acda17f477c2484cf5c56b813313927be8387b1024f995e98fc87f1029091c01424bdc2b296c2eadb7d25b3e762a2fd0c2dcd1727ddf91db97c5984305265f3695a7f5472f2d72c94d68c27914f14f82aa8dd5fe4e2348b0ca967a3f98626a091552f5d0ffa2bf10350d23c996256c01fdeffb2c2c612519869f877e4929c6e95ff15040f1485e22ed14119880232fef3b57b3848f15b1766a5552879df8f06":"cba9e3eb12a6f83db11e8a6ff40d1049854ee094416bc527fea931d8585428a8ed6242ce81f6769b36e2123a5c23483e" generic SHA-512 Test Vector NIST CAVS #1 @@ -1117,35 +1117,35 @@ depends_on:MBEDTLS_MD_CAN_SHA256 md_hex_multi:MBEDTLS_MD_SHA256:"8390cf0be07661cc7669aac54ce09a37733a629d45f5d983ef201f9b2d13800e555d9b1097fec3b783d7a50dcb5e2b644b96a1e9463f177cf34906bf388f366db5c2deee04a30e283f764a97c3b377a034fefc22c259214faa99babaff160ab0aaa7e2ccb0ce09c6b32fe08cbc474694375aba703fadbfa31cf685b30a11c57f3cf4edd321e57d3ae6ebb1133c8260e75b9224fa47a2bb205249add2e2e62f817491482ae152322be0900355cdcc8d42a98f82e961a0dc6f537b7b410eff105f59673bfb787bf042aa071f7af68d944d27371c64160fe9382772372516c230c1f45c0d6b6cca7f274b394da9402d3eafdf733994ec58ab22d71829a98399574d4b5908a447a5a681cb0dd50a31145311d92c22a16de1ead66a5499f2dceb4cae694772ce90762ef8336afec653aa9b1a1c4820b221136dfce80dce2ba920d88a530c9410d0a4e0358a3a11052e58dd73b0b179ef8f56fe3b5a2d117a73a0c38a1392b6938e9782e0d86456ee4884e3c39d4d75813f13633bc79baa07c0d2d555afbf207f52b7dca126d015aa2b9873b3eb065e90b9b065a5373fe1fb1b20d594327d19fba56cb81e7b6696605ffa56eba3c27a438697cc21b201fd7e09f18deea1b3ea2f0d1edc02df0e20396a145412cd6b13c32d2e605641c948b714aec30c0649dc44143511f35ab0fd5dd64c34d06fe86f3836dfe9edeb7f08cfc3bd40956826356242191f99f53473f32b0cc0cf9321d6c92a112e8db90b86ee9e87cc32d0343db01e32ce9eb782cb24efbbbeb440fe929e8f2bf8dfb1550a3a2e742e8b455a3e5730e9e6a7a9824d17acc0f72a7f67eae0f0970f8bde46dcdefaed3047cf807e7f00a42e5fd11d40f5e98533d7574425b7d2bc3b3845c443008b58980e768e464e17cc6f6b3939eee52f713963d07d8c4abf02448ef0b889c9671e2f8a436ddeeffcca7176e9bf9d1005ecd377f2fa67c23ed1f137e60bf46018a8bd613d038e883704fc26e798969df35ec7bbc6a4fe46d8910bd82fa3cded265d0a3b6d399e4251e4d8233daa21b5812fded6536198ff13aa5a1cd46a5b9a17a4ddc1d9f85544d1d1cc16f3df858038c8e071a11a7e157a85a6a8dc47e88d75e7009a8b26fdb73f33a2a70f1e0c259f8f9533b9b8f9af9288b7274f21baeec78d396f8bacdcc22471207d9b4efccd3fedc5c5a2214ff5e51c553f35e21ae696fe51e8df733a8e06f50f419e599e9f9e4b37ce643fc810faaa47989771509d69a110ac916261427026369a21263ac4460fb4f708f8ae28599856db7cb6a43ac8e03d64a9609807e76c5f312b9d1863bfa304e8953647648b4f4ab0ed995e":"4109cdbec3240ad74cc6c37f39300f70fede16e21efc77f7865998714aad0b5e" generic multi step SHA-384 Test Vector NIST CAVS #1 -depends_on:MBEDTLS_MD_CAN_SHA384 +depends_on:PSA_WANT_ALG_SHA_384 md_hex_multi:MBEDTLS_MD_SHA384:"":"38b060a751ac96384cd9327eb1b1e36a21fdb71114be07434c0cc7bf63f6e1da274edebfe76f65fbd51ad2f14898b95b" generic multi step SHA-384 Test Vector NIST CAVS #2 -depends_on:MBEDTLS_MD_CAN_SHA384 +depends_on:PSA_WANT_ALG_SHA_384 md_hex_multi:MBEDTLS_MD_SHA384:"ab":"fb94d5be118865f6fcbc978b825da82cff188faec2f66cb84b2537d74b4938469854b0ca89e66fa2e182834736629f3d" generic multi step SHA-384 Test Vector NIST CAVS #3 -depends_on:MBEDTLS_MD_CAN_SHA384 +depends_on:PSA_WANT_ALG_SHA_384 md_hex_multi:MBEDTLS_MD_SHA384:"7c27":"3d80be467df86d63abb9ea1d3f9cb39cd19890e7f2c53a6200bedc5006842b35e820dc4e0ca90ca9b97ab23ef07080fc" generic multi step SHA-384 Test Vector NIST CAVS #4 -depends_on:MBEDTLS_MD_CAN_SHA384 +depends_on:PSA_WANT_ALG_SHA_384 md_hex_multi:MBEDTLS_MD_SHA384:"31f5ca":"78d54b943421fdf7ba90a7fb9637c2073aa480454bd841d39ff72f4511fc21fb67797b652c0c823229342873d3bef955" generic multi step SHA-384 Test Vector NIST CAVS #5 -depends_on:MBEDTLS_MD_CAN_SHA384 +depends_on:PSA_WANT_ALG_SHA_384 md_hex_multi:MBEDTLS_MD_SHA384:"7bdee3f8":"8bdafba0777ee446c3431c2d7b1fbb631089f71d2ca417abc1d230e1aba64ec2f1c187474a6f4077d372c14ad407f99a" generic multi step SHA-384 Test Vector NIST CAVS #6 -depends_on:MBEDTLS_MD_CAN_SHA384 +depends_on:PSA_WANT_ALG_SHA_384 md_hex_multi:MBEDTLS_MD_SHA384:"8f05604915":"504e414bf1db1060f14c8c799e25b1e0c4dcf1504ebbd129998f0ae283e6de86e0d3c7e879c73ec3b1836c3ee89c2649" generic multi step SHA-384 Test Vector NIST CAVS #7 -depends_on:MBEDTLS_MD_CAN_SHA384 +depends_on:PSA_WANT_ALG_SHA_384 md_hex_multi:MBEDTLS_MD_SHA384:"665da6eda214":"4c022f112010908848312f8b8f1072625fd5c105399d562ea1d56130619a7eac8dfc3748fd05ee37e4b690be9daa9980" generic multi step SHA-384 Test Vector NIST CAVS #8 -depends_on:MBEDTLS_MD_CAN_SHA384 +depends_on:PSA_WANT_ALG_SHA_384 md_hex_multi:MBEDTLS_MD_SHA384:"7f46ce506d593c4ed53c82edeb602037e0485befbee03f7f930fe532d18ff2a3f5fd6076672c8145a1bf40dd94f7abab47c9ae71c234213d2ad1069c2dac0b0ba15257ae672b8245960ae55bd50315c0097daa3a318745788d70d14706910809ca6e396237fe4934fa46f9ce782d66606d8bd6b2d283b1160513ce9c24e9f084b97891f99d4cdefc169a029e431ca772ba1bba426fce6f01d8e286014e5acc66b799e4db62bd4783322f8a32ff78e0de3957df50ce10871f4e0680df4e8ca3960af9bc6f4efa8eb3962d18f474eb178c3265cc46b8f2ff5ab1a7449fea297dfcfabfa01f28abbb7289bb354b691b5664ec6d098af51be19947ec5ba7ebd66380d1141953ba78d4aa5401679fa7b0a44db1981f864d3535c45afe4c61183d5b0ad51fae71ca07e34240283959f7530a32c70d95a088e501c230059f333b0670825009e7e22103ef22935830df1fac8ef877f5f3426dd54f7d1128dd871ad9a7d088f94c0e8712013295b8d69ae7623b880978c2d3c6ad26dc478f8dc47f5c0adcc618665dc3dc205a9071b2f2191e16cac5bd89bb59148fc719633752303aa08e518dbc389f0a5482caaa4c507b8729a6f3edd061efb39026cecc6399f51971cf7381d605e144a5928c8c2d1ad7467b05da2f202f4f3234e1aff19a0198a28685721c3d2d52311c721e3fdcbaf30214cdc3acff8c433880e104fb63f2df7ce69a97857819ba7ac00ac8eae1969764fde8f68cf8e0916d7e0c151147d4944f99f42ae50f30e1c79a42d2b6c5188d133d3cbbf69094027b354b295ccd0f7dc5a87d73638bd98ebfb00383ca0fa69cb8dcb35a12510e5e07ad8789047d0b63841a1bb928737e8b0a0c33254f47aa8bfbe3341a09c2b76dbcefa67e30df300d34f7b8465c4f869e51b6bcfe6cf68b238359a645036bf7f63f02924e087ce7457e483b6025a859903cb484574aa3b12cf946f32127d537c33bee3141b5db96d10a148c50ae045f287210757710d6846e04b202f79e87dd9a56bc6da15f84a77a7f63935e1dee00309cd276a8e7176cb04da6bb0e9009534438732cb42d008008853d38d19beba46e61006e30f7efd1bc7c2906b024e4ff898a1b58c448d68b43c6ab63f34f85b3ac6aa4475867e51b583844cb23829f4b30f4bdd817d88e2ef3e7b4fc0a624395b05ec5e8686082b24d29fef2b0d3c29e031d5f94f504b1d3df9361eb5ffbadb242e66c39a8094cfe62f85f639f3fd65fc8ae0c74a8f4c6e1d070b9183a434c722caaa0225f8bcd68614d6f0738ed62f8484ec96077d155c08e26c46be262a73e3551698bd70d8d5610cf37c4c306eed04ba6a040a9c3e6d7e15e8acda17f477c2484cf5c56b813313927be8387b1024f995e98fc87f1029091c01424bdc2b296c2eadb7d25b3e762a2fd0c2dcd1727ddf91db97c5984305265f3695a7f5472f2d72c94d68c27914f14f82aa8dd5fe4e2348b0ca967a3f98626a091552f5d0ffa2bf10350d23c996256c01fdeffb2c2c612519869f877e4929c6e95ff15040f1485e22ed14119880232fef3b57b3848f15b1766a5552879df8f06":"cba9e3eb12a6f83db11e8a6ff40d1049854ee094416bc527fea931d8585428a8ed6242ce81f6769b36e2123a5c23483e" generic multi step SHA-512 Test Vector NIST CAVS #1 @@ -1229,19 +1229,19 @@ depends_on:MBEDTLS_MD_CAN_SHA256 mbedtls_md_file:MBEDTLS_MD_SHA256:"data_files/hash_file_4":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855" generic SHA-384 Hash file #1 -depends_on:MBEDTLS_MD_CAN_SHA384 +depends_on:PSA_WANT_ALG_SHA_384 mbedtls_md_file:MBEDTLS_MD_SHA384:"data_files/hash_file_1":"e0a3e6259d6378001b54ef82f5dd087009c5fad86d8db226a9fe1d14ecbe33a6fc916e3a4b16f5f286424de15d5a8e0e" generic SHA-384 Hash file #2 -depends_on:MBEDTLS_MD_CAN_SHA384 +depends_on:PSA_WANT_ALG_SHA_384 mbedtls_md_file:MBEDTLS_MD_SHA384:"data_files/hash_file_2":"eff727afc8495c92e2f370f97a317f93c3350324b0646b0f0e264708b3c97d3d332d3c5390e1e47130f5c92f1ef4b9cf" generic SHA-384 Hash file #3 -depends_on:MBEDTLS_MD_CAN_SHA384 +depends_on:PSA_WANT_ALG_SHA_384 mbedtls_md_file:MBEDTLS_MD_SHA384:"data_files/hash_file_3":"6fc10ebda96a1ccf61777cac72f6034f92533d42052a4bf9f9d929c672973c71e5aeb1213268043c21527ac0f7f349c4" generic SHA-384 Hash file #4 -depends_on:MBEDTLS_MD_CAN_SHA384 +depends_on:PSA_WANT_ALG_SHA_384 mbedtls_md_file:MBEDTLS_MD_SHA384:"data_files/hash_file_4":"38b060a751ac96384cd9327eb1b1e36a21fdb71114be07434c0cc7bf63f6e1da274edebfe76f65fbd51ad2f14898b95b" generic SHA-512 Hash file #1 diff --git a/tests/suites/test_suite_oid.data b/tests/suites/test_suite_oid.data index f8f1d43aa1..880b04df68 100644 --- a/tests/suites/test_suite_oid.data +++ b/tests/suites/test_suite_oid.data @@ -75,7 +75,7 @@ depends_on:MBEDTLS_MD_CAN_SHA256 oid_get_md_alg_id:"608648016503040201":MBEDTLS_MD_SHA256 OID hash id - id-sha384 -depends_on:MBEDTLS_MD_CAN_SHA384 +depends_on:PSA_WANT_ALG_SHA_384 oid_get_md_alg_id:"608648016503040202":MBEDTLS_MD_SHA384 OID hash id - id-sha512 @@ -219,7 +219,7 @@ depends_on:MBEDTLS_MD_CAN_SHA256 mbedtls_oid_get_md_hmac:"2A864886F70D0209":MBEDTLS_MD_SHA256 mbedtls_oid_get_md_hmac - SHA384 -depends_on:MBEDTLS_MD_CAN_SHA384 +depends_on:PSA_WANT_ALG_SHA_384 mbedtls_oid_get_md_hmac:"2A864886F70D020A":MBEDTLS_MD_SHA384 mbedtls_oid_get_md_hmac - SHA512 diff --git a/tests/suites/test_suite_pk.data b/tests/suites/test_suite_pk.data index 6911265f09..8fc42c6793 100644 --- a/tests/suites/test_suite_pk.data +++ b/tests/suites/test_suite_pk.data @@ -704,11 +704,11 @@ depends_on:MBEDTLS_PKCS1_V21:MBEDTLS_MD_CAN_SHA256:MBEDTLS_RSA_C pk_sign_ext:MBEDTLS_PK_RSA:2048:MBEDTLS_PK_RSASSA_PSS:MBEDTLS_MD_SHA256 PK sign ext: RSA2048, PK_RSA, MD_SHA384 -depends_on:MBEDTLS_PKCS1_V15:MBEDTLS_MD_CAN_SHA384:MBEDTLS_RSA_C +depends_on:MBEDTLS_PKCS1_V15:PSA_WANT_ALG_SHA_384:MBEDTLS_RSA_C pk_sign_ext:MBEDTLS_PK_RSA:2048:MBEDTLS_PK_RSA:MBEDTLS_MD_SHA384 PK sign ext: RSA2048, PK_RSASSA_PSS, MD_SHA384 -depends_on:MBEDTLS_PKCS1_V21:MBEDTLS_MD_CAN_SHA384:MBEDTLS_RSA_C +depends_on:MBEDTLS_PKCS1_V21:PSA_WANT_ALG_SHA_384:MBEDTLS_RSA_C pk_sign_ext:MBEDTLS_PK_RSA:2048:MBEDTLS_PK_RSASSA_PSS:MBEDTLS_MD_SHA384 PK sign ext: RSA2048, PK_RSA, MD_SHA512 @@ -724,7 +724,7 @@ depends_on:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_MD_CAN_S pk_sign_ext:MBEDTLS_PK_ECDSA:MBEDTLS_ECP_DP_SECP256R1:MBEDTLS_PK_ECDSA:MBEDTLS_MD_SHA256 PK sign ext: SECP384R1, PK_ECDSA, MD_SHA384 -depends_on:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_MD_CAN_SHA384 +depends_on:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_HAVE_SECP384R1:PSA_WANT_ALG_SHA_384 pk_sign_ext:MBEDTLS_PK_ECDSA:MBEDTLS_ECP_DP_SECP384R1:MBEDTLS_PK_ECDSA:MBEDTLS_MD_SHA384 PK sign ext: SECP521R1, PK_ECDSA, MD_SHA512 @@ -740,11 +740,11 @@ depends_on:MBEDTLS_PKCS1_V21:MBEDTLS_MD_CAN_SHA256:MBEDTLS_RSA_C pk_psa_wrap_sign_ext:MBEDTLS_PK_RSA:2048:MBEDTLS_PK_RSASSA_PSS:MBEDTLS_MD_SHA256 PSA wrapped sign ext: RSA2048, PK_RSA, MD_SHA384 -depends_on:MBEDTLS_PKCS1_V15:MBEDTLS_MD_CAN_SHA384:MBEDTLS_RSA_C +depends_on:MBEDTLS_PKCS1_V15:PSA_WANT_ALG_SHA_384:MBEDTLS_RSA_C pk_psa_wrap_sign_ext:MBEDTLS_PK_RSA:2048:MBEDTLS_PK_RSA:MBEDTLS_MD_SHA384 PSA wrapped sign ext: RSA2048, PK_RSASSA_PSS, MD_SHA384 -depends_on:MBEDTLS_PKCS1_V21:MBEDTLS_MD_CAN_SHA384:MBEDTLS_RSA_C +depends_on:MBEDTLS_PKCS1_V21:PSA_WANT_ALG_SHA_384:MBEDTLS_RSA_C pk_psa_wrap_sign_ext:MBEDTLS_PK_RSA:2048:MBEDTLS_PK_RSASSA_PSS:MBEDTLS_MD_SHA384 PSA wrapped sign ext: RSA2048, PK_RSA, MD_SHA512 diff --git a/tests/suites/test_suite_pk.function b/tests/suites/test_suite_pk.function index 5f4267780b..7f2395aff1 100644 --- a/tests/suites/test_suite_pk.function +++ b/tests/suites/test_suite_pk.function @@ -175,7 +175,7 @@ #define MBEDTLS_MD_ALG_FOR_TEST MBEDTLS_MD_SHA224 #elif defined(MBEDTLS_MD_CAN_SHA256) #define MBEDTLS_MD_ALG_FOR_TEST MBEDTLS_MD_SHA256 -#elif defined(MBEDTLS_MD_CAN_SHA384) +#elif defined(PSA_WANT_ALG_SHA_384) #define MBEDTLS_MD_ALG_FOR_TEST MBEDTLS_MD_SHA384 #elif defined(MBEDTLS_MD_CAN_SHA512) #define MBEDTLS_MD_ALG_FOR_TEST MBEDTLS_MD_SHA512 diff --git a/tests/suites/test_suite_pkcs1_v21.data b/tests/suites/test_suite_pkcs1_v21.data index 42450d9583..258dd2db5e 100644 --- a/tests/suites/test_suite_pkcs1_v21.data +++ b/tests/suites/test_suite_pkcs1_v21.data @@ -1143,7 +1143,7 @@ depends_on:MBEDTLS_MD_CAN_SHA256 pkcs1_rsassa_pss_sign:1024:"e5563b145db6ff5a16280d3e80eff02f181dbd03324ef247f596a4d4a7b8daa32b9934e3c7f4dcf6a3105462dec63839638618418b51db02693fabb4e6838725":"d2a4ec0fa2226cde82da77653b072cd098535d3e90ed4d7224dcb8cb8b9314768dc517e22d7c8fa13f253daa7465a79956098aa4cc3a6e35e8b1fcc4f97e774f":"bcb47b2e0dafcba81ff2a2b5cb115ca7e757184c9d72bcdcda707a146b3b4e29989ddc660bd694865b932b71ca24a335cf4d339c719183e6222e4c9ea6875acd528a49ba21863fe08147c3a47e41990b51a03f77d22137f8d74c43a5a45f4e9e18a2d15db051dc89385db9cf8374b63a8cc88113710e6d8179075b7dc79ee76b":"010001":MBEDTLS_MD_SHA256:MBEDTLS_MD_SHA256:"0c37233c694cc81c4ca1027009269b64e9e32288e3522a2cd76da6613d8c5cd7":"6f2841166a64471d4f0b8ed0dbb7db32161da13b":"7b1d37278e549898d4084e2210c4a9961edfe7b5963550cca1904248c8681513539017820f0e9bd074b9f8a067b9fefff7f1fa20bf2d0c75015ff020b2210cc7f79034fedf68e8d44a007abf4dd82c26e8b00393723aea15abfbc22941c8cf79481718c008da713fb8f54cb3fca890bde1137314334b9b0a18515bfa48e5ccd0":20:0 RSASSA-PSS Signature RSA-1024, SHA-384, Salt Length 20 -depends_on:MBEDTLS_MD_CAN_SHA384 +depends_on:PSA_WANT_ALG_SHA_384 pkcs1_rsassa_pss_sign:1024:"e5563b145db6ff5a16280d3e80eff02f181dbd03324ef247f596a4d4a7b8daa32b9934e3c7f4dcf6a3105462dec63839638618418b51db02693fabb4e6838725":"d2a4ec0fa2226cde82da77653b072cd098535d3e90ed4d7224dcb8cb8b9314768dc517e22d7c8fa13f253daa7465a79956098aa4cc3a6e35e8b1fcc4f97e774f":"bcb47b2e0dafcba81ff2a2b5cb115ca7e757184c9d72bcdcda707a146b3b4e29989ddc660bd694865b932b71ca24a335cf4d339c719183e6222e4c9ea6875acd528a49ba21863fe08147c3a47e41990b51a03f77d22137f8d74c43a5a45f4e9e18a2d15db051dc89385db9cf8374b63a8cc88113710e6d8179075b7dc79ee76b":"010001":MBEDTLS_MD_SHA384:MBEDTLS_MD_SHA384:"8e75cb3239b2b4ebf15bf74e8017340305c99d2fc1a97384257bf91cae15d57c80d7f78a487c3e16a5d1cf894da90fcb":"6f2841166a64471d4f0b8ed0dbb7db32161da13b":"8f16c807bef3ed6f74ee7ff5c360a5428c6c2f105178b58ff7d073e566dad6e7718d3129c768cd5a9666de2b6c947177b45709dc7cd0f43b0ba6fc75578e1196acc15ca3afe4a78c144cb6885c1cc815f7f98925bc04ad2ff20fc1068b045d9450e2a1dcf5a161ceabba2b0b66c7354fdb80fa1d729e5f976387f24a697a7e56":20:0 RSASSA-PSS Signature RSA-1024, SHA-512, Salt Length 20 @@ -1159,7 +1159,7 @@ depends_on:MBEDTLS_MD_CAN_SHA256 pkcs1_rsassa_pss_sign:1536:"d3bde85f8718388de38c7e157c7200366224fd446ab590fb31dfd8135d3c561426b9966c164912bf0cd6537e877d59bb21fa3d3c5a6115ce971018db6be1033f14a4bb5849ccb070eb83838394e9d0851f3a33c43f48935a01c31c6fea72a6dd":"c342842ed13979fe948de3d31c21e5d4407db5f08524a1d04221500901e44b95274cbb84d80575ef1514332e27b0244a4154a8b561125439772a3d2fc9db73f19679cb92f9c5b5388154b0180aa339ff0bbec819da8a84d2bb617542cf097a8d":"a180ac4b5186df0b7b1cb7a95746a5af411efa16d1aed12468de15b747a0ff32c215dd08a99287b7788e91542d9059940e4b610f741cb9c7a86b4aa0b45a7b38450b6ea25070f98e70bb7833aecd1834a8e591bea207ec55d403c76213bd9f700ce25adb265ad383c443ed7a87a57d7e5c6495c32f51ae0cc8784352cfc56f2029cdd323393a153193f41f0408cdcd5b344d20942413bd97c3b0c04ab584f685b0e796ce9b5a0cf64441f00ee7586c62fe8442d522f7c6e3f314f84d557039b9":"010001":MBEDTLS_MD_SHA256:MBEDTLS_MD_SHA256:"f19c43966938402a6e5145088e65ea888f3792373983d359a7e864864bc25e3c":"6f2841166a64471d4f0b8ed0dbb7db32161da13b":"8eb2ba2367b8f0b36b566c938b4d9948b4a0a87dd1c8300a160ec024ad0fa37174d1bba2ae6ee8c7fdbb4d172ac9615f1428599030a33515e2925a268b87c867242ccddcce6c9c03045eccbfee5eeb6e0ce2d89a9c51f40c1732927a6c7d283627dd87eca27270b117e658a3cc9d2ca7da46a76097213a7f3e2a58d7c9d306e796eee94809042bc6768d6cca4e003a40529bffa267914a232f315ddedd2768c60877bdcb05c8f2026179713084a0daf8b494959c347fb65a4414034d21c7a750":20:0 RSASSA-PSS Signature RSA-1536, SHA-384, Salt Length 20 -depends_on:MBEDTLS_MD_CAN_SHA384 +depends_on:PSA_WANT_ALG_SHA_384 pkcs1_rsassa_pss_sign:1536:"d3bde85f8718388de38c7e157c7200366224fd446ab590fb31dfd8135d3c561426b9966c164912bf0cd6537e877d59bb21fa3d3c5a6115ce971018db6be1033f14a4bb5849ccb070eb83838394e9d0851f3a33c43f48935a01c31c6fea72a6dd":"c342842ed13979fe948de3d31c21e5d4407db5f08524a1d04221500901e44b95274cbb84d80575ef1514332e27b0244a4154a8b561125439772a3d2fc9db73f19679cb92f9c5b5388154b0180aa339ff0bbec819da8a84d2bb617542cf097a8d":"a180ac4b5186df0b7b1cb7a95746a5af411efa16d1aed12468de15b747a0ff32c215dd08a99287b7788e91542d9059940e4b610f741cb9c7a86b4aa0b45a7b38450b6ea25070f98e70bb7833aecd1834a8e591bea207ec55d403c76213bd9f700ce25adb265ad383c443ed7a87a57d7e5c6495c32f51ae0cc8784352cfc56f2029cdd323393a153193f41f0408cdcd5b344d20942413bd97c3b0c04ab584f685b0e796ce9b5a0cf64441f00ee7586c62fe8442d522f7c6e3f314f84d557039b9":"010001":MBEDTLS_MD_SHA384:MBEDTLS_MD_SHA384:"1412b9f046aeba0a7c63e744a4f30a3656d41300726e66d8825a1043f08285b7e6e250efcc9a0405c6da019d042a7e14":"6f2841166a64471d4f0b8ed0dbb7db32161da13b":"9fa4e64bab336017e19015ee7ea1e267bf426633fb2ac5f4d65bc754aba17f7a9f0f1ee2bf0a3b9f2dd354ed8eba596f5ca3e26495ef268658bd247474d3524b11a2953f591f8abb14ef4bcd44dadc36a41f9daef1bf88b7e441160278c8a39945524557b84ce5cdcb79eecbad63658e8470d8dc94b44aad1f04b05400ea04e5f959dd18f6f718311f6dfec98a7e1aaa7ba11771f61448b12d7901a2530e830dccc531fd0dbe222215b3f7b9dafa5fc20d5af15ab312b621d71b2106150a801b":20:0 RSASSA-PSS Signature RSA-1536, SHA-512, Salt Length 20 @@ -1175,7 +1175,7 @@ depends_on:MBEDTLS_MD_CAN_SHA256 pkcs1_rsassa_pss_sign:2048:"f7b664093cabf8334b1c0ff824564db5c13f941a279733893a7e5abed536d2b51a2beac80730b5194a0c722f57354ce4b7db447ea3286b1cd1c754548ea3c91a0df1bde3ff70820b63ef3c74a0119671d14db3e2603868a0d607a81bf14f3f41f810c3a24bf52a94f9b694078a556194dd0cb36c56a91846d3569096c631b61f":"e0a1111aa114d5b1702e34d29565d65320e05c21d794f38572ad28a60b2ffe50d0dd3df3fb5a0eef048ec50e144bfe52be30ebf2eaceec9f110a600bb0c2bcacf6b4dabec09b9387c89a8fde19de5ceec780be38dca846d795f82608cf2844e9bced8d81da2d9258c3ef412154f9e590a158ea0ad9180ac6a798614ba3410937":"d95b71c9dfee453ba1b1a7de2c1f0b0a67579ee91d1d3ad97e481829b86edac750c48e12a8cdb026c82f273dafc222009f0db3b08b2db10a69c4b2dddaaeceac1b0c862682eef294e579f55aab871bc0a7eeabc923c9e80dddc22ec0a27002aee6a5ba66397f412bbaf5fb4eaf66a1a0f82eaf6827198caf49b347258b1283e8cbb10da2837f6ecc3490c728fe927f44455a6f194f3776bf79151d9ad7e2daf770b37d12627cc0c5fb62484f46258d9ce2c11b26256d09cb412f8d8f8f1fe91bb94ac27de6d26a83a8439e51b35dbee46b3b8ff991d667bb53eeee85ff1652c8981f141d47c8205791cef5b32d718ddc082ed0dd542826416b2271064ef437a9":"010001":MBEDTLS_MD_SHA256:MBEDTLS_MD_SHA256:"b416e0843040b35277be7734bc23ac9e9eb47a7f57f55e94d826285c9c00100a":"6f2841166a64471d4f0b8ed0dbb7db32161da13b":"6375755eff8d48afb3263b3b96988a2afd181ba061793ea009783bb1599d03944d987620a2668ac9714d6f2a21f7e5200d63923f42cb32e63301c8de58c70a203910640da967d03f4f6292f6cb199759822790c0c5bcfb1d4faa59465c3db2ea1fffd5e543335632b74745bf1e18473c0a8b4a89def6b27edf0d7d735ee13f887041c9d8a91e62186a9a1e0b1afb48e577f6887ca61b7c1bb26b4a8e2cc464a9af03444b3da5bed08b73f1262bd3d61f4c78f49fac6a3bfc9e8548b4bbe64cce6a6090fc480efd1f36c18c10bc09be9d957a79f707a10577a1bf6e9e2d4849693fa58d8877c8f1e55181955d6c2b94b1d6d9401b5fb80cc32b358934fec2aedb":20:0 RSASSA-PSS Signature RSA-2048, SHA-384, Salt Length 20 -depends_on:MBEDTLS_MD_CAN_SHA384 +depends_on:PSA_WANT_ALG_SHA_384 pkcs1_rsassa_pss_sign:2048:"f7b664093cabf8334b1c0ff824564db5c13f941a279733893a7e5abed536d2b51a2beac80730b5194a0c722f57354ce4b7db447ea3286b1cd1c754548ea3c91a0df1bde3ff70820b63ef3c74a0119671d14db3e2603868a0d607a81bf14f3f41f810c3a24bf52a94f9b694078a556194dd0cb36c56a91846d3569096c631b61f":"e0a1111aa114d5b1702e34d29565d65320e05c21d794f38572ad28a60b2ffe50d0dd3df3fb5a0eef048ec50e144bfe52be30ebf2eaceec9f110a600bb0c2bcacf6b4dabec09b9387c89a8fde19de5ceec780be38dca846d795f82608cf2844e9bced8d81da2d9258c3ef412154f9e590a158ea0ad9180ac6a798614ba3410937":"d95b71c9dfee453ba1b1a7de2c1f0b0a67579ee91d1d3ad97e481829b86edac750c48e12a8cdb026c82f273dafc222009f0db3b08b2db10a69c4b2dddaaeceac1b0c862682eef294e579f55aab871bc0a7eeabc923c9e80dddc22ec0a27002aee6a5ba66397f412bbaf5fb4eaf66a1a0f82eaf6827198caf49b347258b1283e8cbb10da2837f6ecc3490c728fe927f44455a6f194f3776bf79151d9ad7e2daf770b37d12627cc0c5fb62484f46258d9ce2c11b26256d09cb412f8d8f8f1fe91bb94ac27de6d26a83a8439e51b35dbee46b3b8ff991d667bb53eeee85ff1652c8981f141d47c8205791cef5b32d718ddc082ed0dd542826416b2271064ef437a9":"010001":MBEDTLS_MD_SHA384:MBEDTLS_MD_SHA384:"41f2bf25c2544062c78b59886eea442c884e4b9bb87f643abcb4d5c1c661a0fb0dd592107f6173438c34f67ec9f6c97a":"6f2841166a64471d4f0b8ed0dbb7db32161da13b":"b43d87deefa7df127a717f4065f831c58cd84bf78c916ba52ed32769abd541df52233b8583507c539b1d51e0437ab1a41e17fc1599b92aabdb5b040dc79027c60c9cc3ed3de36aeea28f20360635be5bf654d6c1b7fe6da77d0c45b9ea2802ad22eba182cbed95d33da7f78ac844f4891cebc0396caa2f8daaf55254fdafe98b5fe6c4dd3967d23ea99497060820e108e818cd0aa94e65770bde892c62233b96d87fe545162d6ba077f110274bddacb2a7cbf17d437bfe004b34c3ea24fb46e5ed9cce4de96b0694efd73832ec76e19e5a25c49c5843393ce6b919ea35e4d264e0a0855f518a63c008c183798ca612cd8f75688a09210413e0a23cafcf2d4158":20:0 RSASSA-PSS Signature RSA-2048, SHA-512, Salt Length 20 @@ -1191,7 +1191,7 @@ depends_on:MBEDTLS_MD_CAN_SHA256 pkcs1_rsassa_pss_sign:3072:"ca7b50c5f65f2115fea7691f7d90c124866e774e68e9eb89306538956fc217593d46017b7dd7942d636e384a34c802a14d5fd9916798d7d6193ef1a29e2fdbefd955261496d8ac9713922d43bfc43a7a410752ccbc854cc85268f411e793f9b5279007bbcaca30fb16fd9033a6ea31566b4f2c27f0161107e2cd890bcf563a522ee0eb96a016e9007595a94172a4aeded11fadcb8ab5f03cd154f8b8e0e0666ff62b1ccda02599ea44bbfcfaea541a5ac26bf267a56a8177a50f6b87b460a54d":"c591723042d4b8737f4ef9dfeb40c6d62d439ee8688158a4be24c0ad130f851113cc53d776c63cd782b95ccfd266bdb2578b78439c121de34e8955a7fbd2c6ae1a1c37b24c12f5dce15175dd9e203a3abd5bf9e736b1fc183d10c4540c5cf2cbe26768e94c1eab2ba3008b32d6d50716699c6bfcbec5bbeb94a054dbcd16d10f74972ca5fe53256cd0ade8f502eceaed633414a9bdb623035a234f65c6662a23d792cc0eeb21a1f55ebca26ffa1c56c96fbb7d870fc3ffb181de8398238ab1b5":"9c43ef522cab18022297d3d70fa491d03b975b844b76cedba35d8d885ddb2825e31fd5c101bd9e9a215520bb8cdddeb6ab2cf2dc86065179477d80f733016929d7334cdfdf818c1378a4b9428fa1ee2e525321f905d0b949d3abc9e93d3f30b077795338bd55c28a1ced134bb2d575bfa44b2fd8cf1d5c54168a12a1d6c511f62ca973cdb704c233487e1fd39e5adc8870af352ec3c6a6a64152fc82a1c16ecc43d1d5817f76a1b46a5fab9db8923311edd3cc032fed7eb6252e77db69d7bf9ee35dc4ddd0fbdb9a76afe25a82f4495aa4f072cef9b1247cb368bcc8677565a47095242702e6341281f506805e20e8c89e9af28adff21c804c70cab10ee2fe5212ec07987d13e7d4b60529611e4d33a062d724cdfb16cdc48b964ba07dfa2620d5a8805d0be93380850c66f3fada059802a5946bfe3b0b10e19a8289ec01f6514abb883bb53c49dadbba42d412ea264c8a5122fda1ea9b742289642b0ea34ceb76ae8256a97845d37594cfbff8c7a4430176223bacc3bef395ceda13fd211c71":"010001":MBEDTLS_MD_SHA256:MBEDTLS_MD_SHA256:"14ea4dca3559976c7d8943a51d69c1322c7860d496f742b9c0c2d03ce629613b":"6f2841166a64471d4f0b8ed0dbb7db32161da13b":"3a0622ddff5a0c1f5b545d684054e46211786a2e40627e0cb6795ea0d176f3c97e6536fb64c5eca7b28b7ac52e48e3d50b916d2fccb87d70cd8eda7c15c2308734254716e5b400592cc2e5e033ba27866cb14fefbdcbc35d5d85d4eee8ba6bc2da995e8ebcc27d50c48aa988bf45fde27311a9e2ec029d0fa6fa6d3efea460fc1a90e443d807d209a4c06bf3022d529ab2e4a877325fcccb3f86ac16200ab95628bf0c1c8c70f6fe1a9f288bbc0162a392f40ad1109cdbbaf03d9b2d514a60983874350be9aef886c3c481a66325f137aecb4c82a8a73046dbc1dd8598ffbdb828a3d638f9dd8139a768dcd8d30d79740ef345c1644d03e6fb86a46367f6d82a7a819057ae490e1b100b5842ed385845f379101e37ce604531c61de423df66200d45b7229662fd0ec3572593b09a5213ec14c1d7b2338ca9c763c0d18946f04eaaf57ea2ebc79e093f2fd4c64cb1c1a7f0e888dc2d87a15eb769f56dc180cfe1597cc3e4e1811d4e27852fa188c8fec4fc917d4724d33ce5f3211895cf7e8b8c":20:0 RSASSA-PSS Signature RSA-3072, SHA-384, Salt Length 20 -depends_on:MBEDTLS_MD_CAN_SHA384 +depends_on:PSA_WANT_ALG_SHA_384 pkcs1_rsassa_pss_sign:3072:"ca7b50c5f65f2115fea7691f7d90c124866e774e68e9eb89306538956fc217593d46017b7dd7942d636e384a34c802a14d5fd9916798d7d6193ef1a29e2fdbefd955261496d8ac9713922d43bfc43a7a410752ccbc854cc85268f411e793f9b5279007bbcaca30fb16fd9033a6ea31566b4f2c27f0161107e2cd890bcf563a522ee0eb96a016e9007595a94172a4aeded11fadcb8ab5f03cd154f8b8e0e0666ff62b1ccda02599ea44bbfcfaea541a5ac26bf267a56a8177a50f6b87b460a54d":"c591723042d4b8737f4ef9dfeb40c6d62d439ee8688158a4be24c0ad130f851113cc53d776c63cd782b95ccfd266bdb2578b78439c121de34e8955a7fbd2c6ae1a1c37b24c12f5dce15175dd9e203a3abd5bf9e736b1fc183d10c4540c5cf2cbe26768e94c1eab2ba3008b32d6d50716699c6bfcbec5bbeb94a054dbcd16d10f74972ca5fe53256cd0ade8f502eceaed633414a9bdb623035a234f65c6662a23d792cc0eeb21a1f55ebca26ffa1c56c96fbb7d870fc3ffb181de8398238ab1b5":"9c43ef522cab18022297d3d70fa491d03b975b844b76cedba35d8d885ddb2825e31fd5c101bd9e9a215520bb8cdddeb6ab2cf2dc86065179477d80f733016929d7334cdfdf818c1378a4b9428fa1ee2e525321f905d0b949d3abc9e93d3f30b077795338bd55c28a1ced134bb2d575bfa44b2fd8cf1d5c54168a12a1d6c511f62ca973cdb704c233487e1fd39e5adc8870af352ec3c6a6a64152fc82a1c16ecc43d1d5817f76a1b46a5fab9db8923311edd3cc032fed7eb6252e77db69d7bf9ee35dc4ddd0fbdb9a76afe25a82f4495aa4f072cef9b1247cb368bcc8677565a47095242702e6341281f506805e20e8c89e9af28adff21c804c70cab10ee2fe5212ec07987d13e7d4b60529611e4d33a062d724cdfb16cdc48b964ba07dfa2620d5a8805d0be93380850c66f3fada059802a5946bfe3b0b10e19a8289ec01f6514abb883bb53c49dadbba42d412ea264c8a5122fda1ea9b742289642b0ea34ceb76ae8256a97845d37594cfbff8c7a4430176223bacc3bef395ceda13fd211c71":"010001":MBEDTLS_MD_SHA384:MBEDTLS_MD_SHA384:"bc9fb8fc6d4c6ce8865c758063e55639f98afc15e5d71f4f1ecf89d6fbb904aecc28126bd5e6b5a7f8f31729949dbf8a":"6f2841166a64471d4f0b8ed0dbb7db32161da13b":"3f90aeabfa9a5f00e241f3f65dfe61baf67c1356353042c3566edacb11c7649737e5adf94cfb05f2619aecc8895db45190fbdf35dab01144e207b6f0923927a6148d3f16eaad05e73bccb562dc087e2d82db3dce130a83e8303bd7c3447b3ae4d3700d4763ba6981d82618ac82a6e66423f294781a59b20cc978c79e2d5c103bfb9d47119294c3c85b1d3c45a36897d42e183514cc8edbbfa1be9ef17b78280b5b6214dad79d60db057f22506515b6843ce7d4dd6bd861a889b36164c325147baeed714d7a3f55ae51ef6e6d4ae9e862d677caba1a2df369c23d3ffe33dd42fe707e1fd8ba6283aaa0b570353b48a8e39ff72a09f700e024150ce87c044a3ec745b212ae81aa5743b981a8bb95deb6b3e15c2487f7900178d5840f8e794662706dcdb19bc0bdd56cb7fdf0e21d10b03adac41b749f31bd3e7c4d07d5d4ec8e79d424812b6e83f1c7b59779e58029f9b07da3e77795fcff6ae8bb098b1c00d1d2a5bc0cb005ef3d8aab63ddd883d38bacdc64307e911c6e51946744f361fe978d":20:0 RSASSA-PSS Signature RSA-3072, SHA-512, Salt Length 20 @@ -1207,7 +1207,7 @@ depends_on:MBEDTLS_MD_CAN_SHA256 pkcs1_rsassa_pss_sign:4096:"f00102d29990fb36bf66dcab57fa4e05745e307c031fe6acb86df4e0487bcb8fd929e227b6e1090a48befbd642f432ea1b6cff26c1aed9f18c04f68170dc1857786faa086fa00b43e0272a1042ee53566cbb48a04f109420e3501cf56222f7a9b51a7ffe2b97a8ea71e791e0bfb259514f953473130dbe41a7978fc385150f8f78748b90538c8906e24759ce2106ede4ac40eb26776cff5abf227673407d0910a9c3f6464d48569f1b8faa62d0b3b7156b059441e1f701751339fa8dfd218c343050e8a88293b6be0407ab2534815eee742c574cbb7469998b23439a23ca4104f563883f5a35ab88d789dcba4073aebf2e1855abb839908874c1a10f150d56b7":"dda4491b56bdad20f032c8a61bc326995ee7353c3f1b4c1e677aeb4b028e45bf6566fb20f3e82bac4169a970787b8cbafb06edd24a9bebe52704f242f7203ec96aee9a9f5ee76e270191f82e3651da663b80d51688c2d40ffa932ce2302322503664ae0260617e7b79d13e4a1dec1784647d7571c1390e86294f20937740f93e0ff1bdb0c1ff648ef152022bf5f54bfcbf24564cbca7a130fb5f56be921fcc7a3ebd51114968274ab13bcc3986137eb6949eff0d42b596f7baec56c94a67a2ec0aeff18dc044cf9500b525dc98efb9992b13f81e1b0bf4c2ac1da91e67c0847cbdaf268ced549c2febd08b661140af9bf45458d13d4717eb61de86b555856ad5":"cfcae49f88b80dc12186d53c57162dbecba6e348094f9fb3743e39d99d5355d87e3efca9d488d39d705671e58634309cbd7cf53fccd52d9a84edb99ffdad0680e9ec826d625728370717b39321c7d4b6882785cf6884275f6c7b6d681bfa710593679e99b67d5bc28121dd603617dc8cfdb2557c2a04533893f593f0f7e59cbe6d46623d22642a7161a4c685b293c7edcc9aaec48e3810ec74a884a41108610d000b591fbf5da44b5501e63781264edf3c73706321ecf44d0e14b5932a2d69ca3d180c5cee86b4ccad850c766e0beb5f20e6b142055d551aeb453bd099eac67eb92cf13e34ef0d0e34fc599a6e5d4d14f74e08190c66c66ad3473de9ae8f53dd2c1c0c41f4b4a8d4690f4b77354c76e05ab76b7a6c7c9edf0955fee799a2bb42c86c6a06631398d38cceb71ec9aaa9a0fb83850f62342f3f781f9d453229b1a709bbce83a44c225ebffd4f518f94a7935f4669f65d02ff3defbbd1d5efd9191365808cdf9460371ede1eae735af03f21431239d5cd57cc0cc88fb3965d187eba98359409aaa944a7af8e85e20b67c43c82e78fa967fc0d629bcd7483d17dcaa25915571a15c3f0c730e81095139d71a28858dd9d83b65bf9c9273a8a40b12a2c87107a71f984818f7dc766374d31b4c3a1d284adb2a17f8ac85dbe3f58cf78b14c0fdce00a79daf348aa0557290ef5f9dd305c15fa73d40c6822b75fda13ec43":"010001":MBEDTLS_MD_SHA256:MBEDTLS_MD_SHA256:"480aa96e4b3a710d9924a84998e46b7246e26671e7d11efa6c6ec34919eac963":"6f2841166a64471d4f0b8ed0dbb7db32161da13b":"2e512f73d198e623afe019bd4cea9192ff8b24ab555099d31bd52d705fc808229a269bf749c8061a3dc7ffae9ef7c6bdcd8c34910f92f0a0fcd6d73017ca3388ca5e99a1735e005ff5d5eade3ec0ea0c2436f0e78b197c2d999ba4351b9e37a09195504b63a42762bea22d307a0328fc9c80acdc28fc8f4050e25fbd5890233028f97ea3a2669ff4d5f4232c1e48571499af28ed6f5a92e7936de39d913e12c5cef51e25f90a1e903f3f60a6a9cddbc56564b146aca6af6236b899c2cb7223a6941f0beaa3aa787b2333e4f3e66b334b99b90825153ebd0095f27691880f44e4e77135f26df376e261adfe0d8354cfa15b49138d624d9f62a9751221ee0598097891c9864ad3651e89723bc9ec6086f571e199619ceb6720ab5a4998254cb807dce75a5a5203d38a9f5d56adee4239ff50cefe3e927eba91de7e1f8e1ae8b0505c077788372af7d8ef00735cc531fd46dbe86702ac49171f0a921f4626442ae960e972a5594ee3bcbfbf687cd96ed300aa9df1b9487607b5bae0f1abecbc1d2291fe93b9f8a091ffac8469b0f00ba561f0628f5e004ed1fd8713650e147c4b2cab7f4d69a4ad57b145c1e5e4c1412e86fbbda5a6096f66293203207e35098bf94dafff75ed094d10e6034cd22179d94655004fa4bf4de774807b6f5cd27d90255468cf01db7b6f82607df597f72d1f9c9c91d17740a14a4816ae65e63fde480d":20:0 RSASSA-PSS Signature RSA-4096, SHA-384, Salt Length 20 -depends_on:MBEDTLS_MD_CAN_SHA384 +depends_on:PSA_WANT_ALG_SHA_384 pkcs1_rsassa_pss_sign:4096:"f00102d29990fb36bf66dcab57fa4e05745e307c031fe6acb86df4e0487bcb8fd929e227b6e1090a48befbd642f432ea1b6cff26c1aed9f18c04f68170dc1857786faa086fa00b43e0272a1042ee53566cbb48a04f109420e3501cf56222f7a9b51a7ffe2b97a8ea71e791e0bfb259514f953473130dbe41a7978fc385150f8f78748b90538c8906e24759ce2106ede4ac40eb26776cff5abf227673407d0910a9c3f6464d48569f1b8faa62d0b3b7156b059441e1f701751339fa8dfd218c343050e8a88293b6be0407ab2534815eee742c574cbb7469998b23439a23ca4104f563883f5a35ab88d789dcba4073aebf2e1855abb839908874c1a10f150d56b7":"dda4491b56bdad20f032c8a61bc326995ee7353c3f1b4c1e677aeb4b028e45bf6566fb20f3e82bac4169a970787b8cbafb06edd24a9bebe52704f242f7203ec96aee9a9f5ee76e270191f82e3651da663b80d51688c2d40ffa932ce2302322503664ae0260617e7b79d13e4a1dec1784647d7571c1390e86294f20937740f93e0ff1bdb0c1ff648ef152022bf5f54bfcbf24564cbca7a130fb5f56be921fcc7a3ebd51114968274ab13bcc3986137eb6949eff0d42b596f7baec56c94a67a2ec0aeff18dc044cf9500b525dc98efb9992b13f81e1b0bf4c2ac1da91e67c0847cbdaf268ced549c2febd08b661140af9bf45458d13d4717eb61de86b555856ad5":"cfcae49f88b80dc12186d53c57162dbecba6e348094f9fb3743e39d99d5355d87e3efca9d488d39d705671e58634309cbd7cf53fccd52d9a84edb99ffdad0680e9ec826d625728370717b39321c7d4b6882785cf6884275f6c7b6d681bfa710593679e99b67d5bc28121dd603617dc8cfdb2557c2a04533893f593f0f7e59cbe6d46623d22642a7161a4c685b293c7edcc9aaec48e3810ec74a884a41108610d000b591fbf5da44b5501e63781264edf3c73706321ecf44d0e14b5932a2d69ca3d180c5cee86b4ccad850c766e0beb5f20e6b142055d551aeb453bd099eac67eb92cf13e34ef0d0e34fc599a6e5d4d14f74e08190c66c66ad3473de9ae8f53dd2c1c0c41f4b4a8d4690f4b77354c76e05ab76b7a6c7c9edf0955fee799a2bb42c86c6a06631398d38cceb71ec9aaa9a0fb83850f62342f3f781f9d453229b1a709bbce83a44c225ebffd4f518f94a7935f4669f65d02ff3defbbd1d5efd9191365808cdf9460371ede1eae735af03f21431239d5cd57cc0cc88fb3965d187eba98359409aaa944a7af8e85e20b67c43c82e78fa967fc0d629bcd7483d17dcaa25915571a15c3f0c730e81095139d71a28858dd9d83b65bf9c9273a8a40b12a2c87107a71f984818f7dc766374d31b4c3a1d284adb2a17f8ac85dbe3f58cf78b14c0fdce00a79daf348aa0557290ef5f9dd305c15fa73d40c6822b75fda13ec43":"010001":MBEDTLS_MD_SHA384:MBEDTLS_MD_SHA384:"c6e4881e3f76394a6d8cfb1786e1757f78d66cf048ba1a8aaaa28be02430097e30d92e459257f8f571c6389d1d94b0d5":"6f2841166a64471d4f0b8ed0dbb7db32161da13b":"364ad106da2cec6ce94e141e16af855f6d6e31ac6d7bdb2649695645a3d7f176a9b55f60b861776d49077dcfda4db42bb584767606f90de7289e71f188ff139b138bbd24f7a7f50192a137f2c648e19fe78a836bd2a01d31b248857cd29dbf3d1251c2d4cb339f2ff78add26304fbc3e44f8a2f04b47dc754b984169fba4a091d70f956074880c709ee849a05f8f2dcffee09b221078e98b6e28a965a2d44fcde72c6b27ff0a3def818d80aaba17915d37ad1d72755548310062e73da15a8d2544b311060b404683c00394666dc3a890f60ec9d85b2d0fca8a76fc96c4cfd0e3c4a83594957bac42866c395f8feab3b40c9bc9a675f47a1cd62fc43ebe0fff2bbd239130bbbe5257c5c3756044eb2190db7a309cddc4ef410e9abccd0f93158e0edfab2f0a50e80d814a428f61c531b2b747e64feb41523c5802a53c374f35df21abe67a877d062f56a001b47ee6ab571b0bbe7141e0b49cfdc97a15dc19138863d140cc772074c12b3d751985b7852fe76932be1f44a165f4fe58a341d28c3f86924defab4cf2458ba4cc3fb92558511ceee6d91c672b24b8727b867132bf6b8d7af714ab668f06f046448c1e854ae98e59cf21f2b7370c9378ee0eb34b031f9f4795057557773af0f7fc18ddeec7e95c2ccdd5f66ed224d08fbdfb37995e87f4df9691e499d77afaa8d5b93f3275c43f69edbe37672cf192f94509df0a4e9b":20:0 RSASSA-PSS Signature RSA-4096, SHA-512, Salt Length 20 @@ -1219,7 +1219,7 @@ depends_on:MBEDTLS_MD_CAN_SHA224 pkcs1_rsassa_pss_sign:2048:"e28da1aa250390bc8fd27d6f601830febbdd5a309bcd5d1d3cebda111110851563d1fb4d141e8129bf25721aa144b104b7c5adbb8540f02a7402788ae72c93c9f59d6d1bcf1541c3354b5cd3dcb91e35ed100d78857cf2ab6ed04b2dc1cc81fa1307bb18c635fdacfb7f656d0b4743d9f487048a8aaf5d5ec6fd09a01b28d4b1":"dea1faf22b760cbfa9ba11a486edd9b9faee04f22f15abfff5b2c079a2c932cfa641660da16213adfbbb568ecbaac18511031f428cd3ae4e0bf01928a1db6360511c26501c7bda7bf4fc4cc792d79efb86ec15ba2fc82aa41bce08e0807859a41b57e9e3f15804c81bf8ed017dea62e53489f955949651ddcb1da5297465ac9f":"c5062b58d8539c765e1e5dbaf14cf75dd56c2e13105fecfd1a930bbb5948ff328f126abe779359ca59bca752c308d281573bc6178b6c0fef7dc445e4f826430437b9f9d790581de5749c2cb9cb26d42b2fee15b6b26f09c99670336423b86bc5bec71113157be2d944d7ff3eebffb28413143ea36755db0ae62ff5b724eecb3d316b6bac67e89cacd8171937e2ab19bd353a89acea8c36f81c89a620d5fd2effea896601c7f9daca7f033f635a3a943331d1b1b4f5288790b53af352f1121ca1bef205f40dc012c412b40bdd27585b946466d75f7ee0a7f9d549b4bece6f43ac3ee65fe7fd37123359d9f1a850ad450aaf5c94eb11dea3fc0fc6e9856b1805ef":"86c94f":MBEDTLS_MD_SHA224:MBEDTLS_MD_SHA224:"3be4397c9467ec90f5d5640834f6e9febee4ce2477aa3f385cab9435":"463729b3eaf43502d9cff129925681":"7e628bcbe6ff83a937b8961197d8bdbb322818aa8bdf30cdfb67ca6bf025ef6f09a99dba4c3ee2807d0b7c77776cfeff33b68d7e3fa859c4688626b2441897d26e5d6b559dd72a596e7dad7def9278419db375f7c67cee0740394502212ebdd4a6c8d3af6ee2fd696d8523de6908492b7cbf2254f15a348956c19840dc15a3d732ef862b62ede022290de3af11ca5e79a3392fff06f75aca8c88a2de1858b35a216d8f73fd70e9d67958ed39a6f8976fb94ec6e61f238a52f9d42241e8354f89e3ece94d6fa5bfbba1eeb70e1698bff31a685fbe799fb44efe21338ed6eea2129155aabc0943bc9f69a8e58897db6a8abcc2879d5d0c5d3e6dc5eb48cf16dac8":15:0 RSASSA-PSS Signature RSA-2048, SHA-384, Salt Length 25 -depends_on:MBEDTLS_MD_CAN_SHA384 +depends_on:PSA_WANT_ALG_SHA_384 pkcs1_rsassa_pss_sign:2048:"e28da1aa250390bc8fd27d6f601830febbdd5a309bcd5d1d3cebda111110851563d1fb4d141e8129bf25721aa144b104b7c5adbb8540f02a7402788ae72c93c9f59d6d1bcf1541c3354b5cd3dcb91e35ed100d78857cf2ab6ed04b2dc1cc81fa1307bb18c635fdacfb7f656d0b4743d9f487048a8aaf5d5ec6fd09a01b28d4b1":"dea1faf22b760cbfa9ba11a486edd9b9faee04f22f15abfff5b2c079a2c932cfa641660da16213adfbbb568ecbaac18511031f428cd3ae4e0bf01928a1db6360511c26501c7bda7bf4fc4cc792d79efb86ec15ba2fc82aa41bce08e0807859a41b57e9e3f15804c81bf8ed017dea62e53489f955949651ddcb1da5297465ac9f":"c5062b58d8539c765e1e5dbaf14cf75dd56c2e13105fecfd1a930bbb5948ff328f126abe779359ca59bca752c308d281573bc6178b6c0fef7dc445e4f826430437b9f9d790581de5749c2cb9cb26d42b2fee15b6b26f09c99670336423b86bc5bec71113157be2d944d7ff3eebffb28413143ea36755db0ae62ff5b724eecb3d316b6bac67e89cacd8171937e2ab19bd353a89acea8c36f81c89a620d5fd2effea896601c7f9daca7f033f635a3a943331d1b1b4f5288790b53af352f1121ca1bef205f40dc012c412b40bdd27585b946466d75f7ee0a7f9d549b4bece6f43ac3ee65fe7fd37123359d9f1a850ad450aaf5c94eb11dea3fc0fc6e9856b1805ef":"86c94f":MBEDTLS_MD_SHA384:MBEDTLS_MD_SHA384:"1c389ed84b9f252bedde76a9a694986fa130906633047674c9a44e887f359e1cfc19d2d9a53a8fdfb2f826d813ca7a58":"b750587671afd76886e8ffb7865e78f706641b2e4251b48706":"2ca37a3d6abd28c1eaf9bde5e7ac17f1fa799ce1b4b899d19985c2ff7c8ba959fe54e5afb8bc4021a1f1c687eebb8cba800d1c51636b1f68dc3e48f63e2da6bc6d09c6668f68e508c5d8c19bef154759e2f89ade152717370a8944f537578296380d1fe6be809e8b113d2b9d89e6a46f5c333d4fd48770fc1ea1c548104575b84cf071042bfe5acf496392be8351a41c46a2cab0864c4c1c5b5e0c7b27e7b88c69f37ffa7e1a8cd98f343ac84a4ad67025a40ed8f664e9d630337de6e48bb2125e2552123609491f183afd92634487f0b2cf971f2626e88858879d45a29b0fefb66cd41b2e4e968385bd9fc8c7211976bc6bd3e1ad6df60856985a825f4726d2":25:0 RSASSA-PSS Signature RSA-2048, SHA-512, Salt Length 30 @@ -1267,15 +1267,15 @@ depends_on:MBEDTLS_MD_CAN_SHA512 pkcs1_rsassa_pss_sign:1024:"e5563b145db6ff5a16280d3e80eff02f181dbd03324ef247f596a4d4a7b8daa32b9934e3c7f4dcf6a3105462dec63839638618418b51db02693fabb4e6838725":"d2a4ec0fa2226cde82da77653b072cd098535d3e90ed4d7224dcb8cb8b9314768dc517e22d7c8fa13f253daa7465a79956098aa4cc3a6e35e8b1fcc4f97e774f":"bcb47b2e0dafcba81ff2a2b5cb115ca7e757184c9d72bcdcda707a146b3b4e29989ddc660bd694865b932b71ca24a335cf4d339c719183e6222e4c9ea6875acd528a49ba21863fe08147c3a47e41990b51a03f77d22137f8d74c43a5a45f4e9e18a2d15db051dc89385db9cf8374b63a8cc88113710e6d8179075b7dc79ee76b":"010001":MBEDTLS_MD_SHA512:MBEDTLS_MD_SHA512:"c3366c552451274a4042e4357447786cce3a25a8dbd8cf3c2f8a8ddc02161bda332bb45062f7c61b7aa7a88ed3b5d51b6103abcf1769642b11ab95f92fa39adf":"6f2841166a64471d4f0b8ed0dbb7db32161da13b":"":63:MBEDTLS_ERR_RSA_BAD_INPUT_DATA RSASSA-PSS Signature RSA-3072, SHA-384, Salt Length 0 -depends_on:MBEDTLS_MD_CAN_SHA384 +depends_on:PSA_WANT_ALG_SHA_384 pkcs1_rsassa_pss_sign:3072:"ca7b50c5f65f2115fea7691f7d90c124866e774e68e9eb89306538956fc217593d46017b7dd7942d636e384a34c802a14d5fd9916798d7d6193ef1a29e2fdbefd955261496d8ac9713922d43bfc43a7a410752ccbc854cc85268f411e793f9b5279007bbcaca30fb16fd9033a6ea31566b4f2c27f0161107e2cd890bcf563a522ee0eb96a016e9007595a94172a4aeded11fadcb8ab5f03cd154f8b8e0e0666ff62b1ccda02599ea44bbfcfaea541a5ac26bf267a56a8177a50f6b87b460a54d":"c591723042d4b8737f4ef9dfeb40c6d62d439ee8688158a4be24c0ad130f851113cc53d776c63cd782b95ccfd266bdb2578b78439c121de34e8955a7fbd2c6ae1a1c37b24c12f5dce15175dd9e203a3abd5bf9e736b1fc183d10c4540c5cf2cbe26768e94c1eab2ba3008b32d6d50716699c6bfcbec5bbeb94a054dbcd16d10f74972ca5fe53256cd0ade8f502eceaed633414a9bdb623035a234f65c6662a23d792cc0eeb21a1f55ebca26ffa1c56c96fbb7d870fc3ffb181de8398238ab1b5":"9c43ef522cab18022297d3d70fa491d03b975b844b76cedba35d8d885ddb2825e31fd5c101bd9e9a215520bb8cdddeb6ab2cf2dc86065179477d80f733016929d7334cdfdf818c1378a4b9428fa1ee2e525321f905d0b949d3abc9e93d3f30b077795338bd55c28a1ced134bb2d575bfa44b2fd8cf1d5c54168a12a1d6c511f62ca973cdb704c233487e1fd39e5adc8870af352ec3c6a6a64152fc82a1c16ecc43d1d5817f76a1b46a5fab9db8923311edd3cc032fed7eb6252e77db69d7bf9ee35dc4ddd0fbdb9a76afe25a82f4495aa4f072cef9b1247cb368bcc8677565a47095242702e6341281f506805e20e8c89e9af28adff21c804c70cab10ee2fe5212ec07987d13e7d4b60529611e4d33a062d724cdfb16cdc48b964ba07dfa2620d5a8805d0be93380850c66f3fada059802a5946bfe3b0b10e19a8289ec01f6514abb883bb53c49dadbba42d412ea264c8a5122fda1ea9b742289642b0ea34ceb76ae8256a97845d37594cfbff8c7a4430176223bacc3bef395ceda13fd211c71":"010001":MBEDTLS_MD_SHA384:MBEDTLS_MD_SHA384:"bc9fb8fc6d4c6ce8865c758063e55639f98afc15e5d71f4f1ecf89d6fbb904aecc28126bd5e6b5a7f8f31729949dbf8a":"6f2841166a64471d4f0b8ed0dbb7db32161da13b":"9110b39c1ffc2d8a5f24e965e3985b06871c2be23e677bb3ea879b7b6b25c327ebdd9434387cfe5f64bcb6900a5c8395549e3681390583786b709257ff0ad90507a02ec6abb40e33dec80097322876a84ee98b1fe79ced62ba4f983bb9b52758bf9856098af527924ea83291762b179894f1fab6d8c9867b0244393fa32b5871836fa4446b247153bc117ccaf7cd51c5ec026bcaf9b634182cd19a0eb95ec40dd5e4274750c9ee3b1379fb339fa4ed8348b104936396355bea0a00337b83f47d2fd7e7353f3009752f970eebc1bbade601b912f7b0984bccc68941ed23bd31fcd23a7d0f2b0cfaabdb3d361969f485e5d198442661ee71eef258ae9fc27a19d995a5695c668f9ab78622486d6ccfe4ae11de9240588fafbc75f8bd0d04de5f2959c126b7c672eac8bb65031ea22ebb4a4e36c12f427d2dc4619eb30ef1c90ec951337a364566f0d2e32f311b425a68fd5277a85dc8d8041ab2a0165c39fd4e39160498d5eae98965e8745b77390e5ddeff0aeffc0fb18839455d524826a1f366":0:0 RSASSA-PSS Signature RSA-3072, SHA-384, Salt Length max -depends_on:MBEDTLS_MD_CAN_SHA384 +depends_on:PSA_WANT_ALG_SHA_384 pkcs1_rsassa_pss_sign:3072:"ca7b50c5f65f2115fea7691f7d90c124866e774e68e9eb89306538956fc217593d46017b7dd7942d636e384a34c802a14d5fd9916798d7d6193ef1a29e2fdbefd955261496d8ac9713922d43bfc43a7a410752ccbc854cc85268f411e793f9b5279007bbcaca30fb16fd9033a6ea31566b4f2c27f0161107e2cd890bcf563a522ee0eb96a016e9007595a94172a4aeded11fadcb8ab5f03cd154f8b8e0e0666ff62b1ccda02599ea44bbfcfaea541a5ac26bf267a56a8177a50f6b87b460a54d":"c591723042d4b8737f4ef9dfeb40c6d62d439ee8688158a4be24c0ad130f851113cc53d776c63cd782b95ccfd266bdb2578b78439c121de34e8955a7fbd2c6ae1a1c37b24c12f5dce15175dd9e203a3abd5bf9e736b1fc183d10c4540c5cf2cbe26768e94c1eab2ba3008b32d6d50716699c6bfcbec5bbeb94a054dbcd16d10f74972ca5fe53256cd0ade8f502eceaed633414a9bdb623035a234f65c6662a23d792cc0eeb21a1f55ebca26ffa1c56c96fbb7d870fc3ffb181de8398238ab1b5":"9c43ef522cab18022297d3d70fa491d03b975b844b76cedba35d8d885ddb2825e31fd5c101bd9e9a215520bb8cdddeb6ab2cf2dc86065179477d80f733016929d7334cdfdf818c1378a4b9428fa1ee2e525321f905d0b949d3abc9e93d3f30b077795338bd55c28a1ced134bb2d575bfa44b2fd8cf1d5c54168a12a1d6c511f62ca973cdb704c233487e1fd39e5adc8870af352ec3c6a6a64152fc82a1c16ecc43d1d5817f76a1b46a5fab9db8923311edd3cc032fed7eb6252e77db69d7bf9ee35dc4ddd0fbdb9a76afe25a82f4495aa4f072cef9b1247cb368bcc8677565a47095242702e6341281f506805e20e8c89e9af28adff21c804c70cab10ee2fe5212ec07987d13e7d4b60529611e4d33a062d724cdfb16cdc48b964ba07dfa2620d5a8805d0be93380850c66f3fada059802a5946bfe3b0b10e19a8289ec01f6514abb883bb53c49dadbba42d412ea264c8a5122fda1ea9b742289642b0ea34ceb76ae8256a97845d37594cfbff8c7a4430176223bacc3bef395ceda13fd211c71":"010001":MBEDTLS_MD_SHA384:MBEDTLS_MD_SHA384:"bc9fb8fc6d4c6ce8865c758063e55639f98afc15e5d71f4f1ecf89d6fbb904aecc28126bd5e6b5a7f8f31729949dbf8a":"6f2841166a64471d4f0b8ed0dbb7db32161da13b3fe26ee600cfb2d187384e529f280485cf84830af8cb015878cb7c4c74ad6ab38fd8998fa74b612e84af8123d785a8a60a2bb002f7b15a6f7cd6bbf18325a412fd3ea2a48903d30db2543089d9d82fe304dfe5fb903f6a0d1625fe994aa2ac47e04eeb6a51be770312a88cec80bbcf849ab57f2af4e9370a0e35a458d8509fb89e8b22ef499af25c427e48c2391747d3ccc6fdc1b035cbbe6a6f1742bfb6fb5d411d4c8bb73ee7f9bc2fbcf54603c813c9c6d479fb9f38650f4fa8ce05a32c47c078d278b7b97173e82d692e303141faf71573f2b5ab58c4fa009200a3be47633719dbeed24d61ba7acae8abfc2aa5f33f18e6f4c43eb8be3e4bbee1090544401e202ef06d90aae75a939256bd374afc5030f1146ea9d2acf4918dfe96d13eb5f16da55efd504657e3d8aea010f89c60288d74963746422bd7cf":"57a5511992b30d39e150b6a7a760a74136db0a24bc635f3a700a74f865a7c9c0ed2e2e196022a6d17ad7c2d3f12946828458015beffb0c0652de2cc9c3366aaeb7634c5d6ccbdf6c7c93b8feff21a7d2831ac3ee73fd98f9c972dcb833ac61323b77ec249db0e4fb9bf33c71aef9d2aaef40aafab2cb3870f0224c8d0c3ada2abb9d3dd601a038594d290177277a8b791ebcc211d7e5379323a633c62fe9cc2394bd7a977a604122ee9799e5368cc17e1af1795046e76899aa6e7be8f27b1a3e96daa81784d967e9a36cf1912936d7ae11f80aed79c27c53237e7fa009daf9240fb205f83e8c6f8f57d3c3520e0e60213a203432c18d92979b13555ce6eab075ddb38b6d820e378ac4e3afcb3d57e5c6d3c11f165745996fdb61e36b842c6ec81d6437073fe9fc96a4dbc3b188ca766a7f7ef786f39729cadcc5700fb0fffeca0eb0bc47243783f129917948df9bee23da83fadadfa87708e0a839a62965a5d2b9a7cd16b4675cef6afc8fbc2615d97d11ede47f4dfd83e74847dc184ccdc4fd":334:0 RSASSA-PSS Signature RSA-3072, SHA-384, Salt Length max + 1 -depends_on:MBEDTLS_MD_CAN_SHA384 +depends_on:PSA_WANT_ALG_SHA_384 pkcs1_rsassa_pss_sign:3072:"ca7b50c5f65f2115fea7691f7d90c124866e774e68e9eb89306538956fc217593d46017b7dd7942d636e384a34c802a14d5fd9916798d7d6193ef1a29e2fdbefd955261496d8ac9713922d43bfc43a7a410752ccbc854cc85268f411e793f9b5279007bbcaca30fb16fd9033a6ea31566b4f2c27f0161107e2cd890bcf563a522ee0eb96a016e9007595a94172a4aeded11fadcb8ab5f03cd154f8b8e0e0666ff62b1ccda02599ea44bbfcfaea541a5ac26bf267a56a8177a50f6b87b460a54d":"c591723042d4b8737f4ef9dfeb40c6d62d439ee8688158a4be24c0ad130f851113cc53d776c63cd782b95ccfd266bdb2578b78439c121de34e8955a7fbd2c6ae1a1c37b24c12f5dce15175dd9e203a3abd5bf9e736b1fc183d10c4540c5cf2cbe26768e94c1eab2ba3008b32d6d50716699c6bfcbec5bbeb94a054dbcd16d10f74972ca5fe53256cd0ade8f502eceaed633414a9bdb623035a234f65c6662a23d792cc0eeb21a1f55ebca26ffa1c56c96fbb7d870fc3ffb181de8398238ab1b5":"9c43ef522cab18022297d3d70fa491d03b975b844b76cedba35d8d885ddb2825e31fd5c101bd9e9a215520bb8cdddeb6ab2cf2dc86065179477d80f733016929d7334cdfdf818c1378a4b9428fa1ee2e525321f905d0b949d3abc9e93d3f30b077795338bd55c28a1ced134bb2d575bfa44b2fd8cf1d5c54168a12a1d6c511f62ca973cdb704c233487e1fd39e5adc8870af352ec3c6a6a64152fc82a1c16ecc43d1d5817f76a1b46a5fab9db8923311edd3cc032fed7eb6252e77db69d7bf9ee35dc4ddd0fbdb9a76afe25a82f4495aa4f072cef9b1247cb368bcc8677565a47095242702e6341281f506805e20e8c89e9af28adff21c804c70cab10ee2fe5212ec07987d13e7d4b60529611e4d33a062d724cdfb16cdc48b964ba07dfa2620d5a8805d0be93380850c66f3fada059802a5946bfe3b0b10e19a8289ec01f6514abb883bb53c49dadbba42d412ea264c8a5122fda1ea9b742289642b0ea34ceb76ae8256a97845d37594cfbff8c7a4430176223bacc3bef395ceda13fd211c71":"010001":MBEDTLS_MD_SHA384:MBEDTLS_MD_SHA384:"bc9fb8fc6d4c6ce8865c758063e55639f98afc15e5d71f4f1ecf89d6fbb904aecc28126bd5e6b5a7f8f31729949dbf8a":"6f2841166a64471d4f0b8ed0dbb7db32161da13b":"":335:MBEDTLS_ERR_RSA_BAD_INPUT_DATA RSASSA-PSS Sign. RSA-520 SHA-512: Salt Len. 0, no possible salt size diff --git a/tests/suites/test_suite_pkcs5.data b/tests/suites/test_suite_pkcs5.data index 52e682321f..cbb6c811f9 100644 --- a/tests/suites/test_suite_pkcs5.data +++ b/tests/suites/test_suite_pkcs5.data @@ -67,23 +67,23 @@ depends_on:MBEDTLS_MD_CAN_SHA256 pbkdf2_hmac:MBEDTLS_MD_SHA256:"7061737300776f7264":"7361006c74":4096:16:"89b69d0516f829893c696226650a8687" PBKDF2 Python hashlib Test Vector #1 (SHA384) -depends_on:MBEDTLS_MD_CAN_SHA384 +depends_on:PSA_WANT_ALG_SHA_384 pbkdf2_hmac:MBEDTLS_MD_SHA384:"70617373776f7264":"73616c74":1:20:"c0e14f06e49e32d73f9f52ddf1d0c5c719160923" PBKDF2 Python hashlib Test Vector #2 (SHA384) -depends_on:MBEDTLS_MD_CAN_SHA384 +depends_on:PSA_WANT_ALG_SHA_384 pbkdf2_hmac:MBEDTLS_MD_SHA384:"70617373776f7264":"73616c74":2:20:"54f775c6d790f21930459162fc535dbf04a93918" PBKDF2 Python hashlib Test Vector #3 (SHA384) -depends_on:MBEDTLS_MD_CAN_SHA384 +depends_on:PSA_WANT_ALG_SHA_384 pbkdf2_hmac:MBEDTLS_MD_SHA384:"70617373776f7264":"73616c74":4096:20:"559726be38db125bc85ed7895f6e3cf574c7a01c" PBKDF2 Python hashlib Test Vector #5 (SHA384) -depends_on:MBEDTLS_MD_CAN_SHA384 +depends_on:PSA_WANT_ALG_SHA_384 pbkdf2_hmac:MBEDTLS_MD_SHA384:"70617373776f726450415353574f524470617373776f7264":"73616c7453414c5473616c7453414c5473616c7453414c5473616c7453414c5473616c74":4096:25:"819143ad66df9a552559b9e131c52ae6c5c1b0eed18f4d283b" PBKDF2 Python hashlib Test Vector #6 (SHA384) -depends_on:MBEDTLS_MD_CAN_SHA384 +depends_on:PSA_WANT_ALG_SHA_384 pbkdf2_hmac:MBEDTLS_MD_SHA384:"7061737300776f7264":"7361006c74":4096:16:"a3f00ac8657e095f8e0823d232fc60b3" PBKDF2 Python hashlib Test Vector #1 (SHA512) diff --git a/tests/suites/test_suite_pkparse.data b/tests/suites/test_suite_pkparse.data index d170e1e089..e7f7d39b77 100644 --- a/tests/suites/test_suite_pkparse.data +++ b/tests/suites/test_suite_pkparse.data @@ -603,147 +603,147 @@ depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA256:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha256.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT Parse RSA Key #75 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA384) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC +depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_384:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha384.pem":"PolarSSLTest":0 Parse RSA Key #75.1 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA384, wrong PW) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_384:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha384.pem":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH Parse RSA Key #75.2 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA384, no PW) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C +depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_384:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha384.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED Parse RSA Key #76 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA384, 2048-bit) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC +depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_384:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha384.pem":"PolarSSLTest":0 Parse RSA Key #76.1 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA384, 2048-bit, wrong PW) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_384:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha384.pem":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH Parse RSA Key #76.2 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA384, 2048-bit, no PW) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C +depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_384:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha384.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED Parse RSA Key #77 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA384, 4096-bit) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC +depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_384:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha384.pem":"PolarSSLTest":0 Parse RSA Key #77.1 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA384, 4096-bit, wrong PW) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_384:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha384.pem":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH Parse RSA Key #77.2 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA384, 4096-bit, no PW) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C +depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_384:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha384.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED Parse RSA Key #78 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA384 DER) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC +depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_384:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha384.der":"PolarSSLTest":0 Parse RSA Key #78.1 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA384 DER, wrong PW) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_384:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha384.der":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH Parse RSA Key #78.2 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA384 DER, no PW) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C +depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_384:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_3des_sha384.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT Parse RSA Key #79 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA384 DER, 2048-bit) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC +depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_384:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha384.der":"PolarSSLTest":0 Parse RSA Key #79.1 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA384 DER, 2048-bit, wrong PW) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_384:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha384.der":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH Parse RSA Key #79.2 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA384 DER, 2048-bit, no PW) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C +depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_384:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha384.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT Parse RSA Key #80 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA384 DER, 4096-bit) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC +depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_384:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha384.der":"PolarSSLTest":0 Parse RSA Key #80.1 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA384 DER, 4096-bit, wrong PW) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_384:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha384.der":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH Parse RSA Key #80.2 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA384 DER, 4096-bit, no PW) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C +depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_384:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha384.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT Parse RSA Key #81 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA384) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC +depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_384:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_des_sha384.pem":"PolarSSLTest":0 Parse RSA Key #81.1 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA384, wrong PW) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_384:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_des_sha384.pem":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH Parse RSA Key #81.2 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA384, no PW) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C +depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_384:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_des_sha384.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED Parse RSA Key #82 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA384, 2048-bit) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC +depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_384:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_des_sha384.pem":"PolarSSLTest":0 Parse RSA Key #82.1 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA384, 2048-bit, wrong PW) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_384:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_des_sha384.pem":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH Parse RSA Key #82.2 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA384, 2048-bit, no PW) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C +depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_384:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_des_sha384.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED Parse RSA Key #83 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA384, 4096-bit) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC +depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_384:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha384.pem":"PolarSSLTest":0 Parse RSA Key #83.1 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA384, 4096-bit, wrong PW) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_384:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha384.pem":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH Parse RSA Key #83.2 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA384, 4096-bit, no PW) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C +depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_384:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha384.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED Parse RSA Key #84 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA384 DER) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC +depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_384:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_des_sha384.der":"PolarSSLTest":0 Parse RSA Key #84.1 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA384 DER, wrong PW) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_384:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_des_sha384.der":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH Parse RSA Key #85.2 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA384 DER, no PW) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C +depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_384:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_des_sha384.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT Parse RSA Key #86 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA384 DER, 2048-bit) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC +depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_384:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_des_sha384.der":"PolarSSLTest":0 Parse RSA Key #86.1 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA384 DER, 2048-bit, wrong PW) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_384:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_des_sha384.der":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH Parse RSA Key #86.2 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA384 DER, 2048-bit, no PW) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C +depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_384:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_des_sha384.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT Parse RSA Key #87 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA384 DER, 4096-bit) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC +depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_384:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha384.der":"PolarSSLTest":0 Parse RSA Key #87.1 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA384 DER, 4096-bit, wrong PW) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_384:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha384.der":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH Parse RSA Key #87.2 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA384 DER, 4096-bit, no PW) -depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C +depends_on:MBEDTLS_DES_C:PSA_WANT_ALG_SHA_384:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha384.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT Parse RSA Key #88 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA512) @@ -891,27 +891,27 @@ depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA512:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha512.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT Parse RSA Key #99.3 (PKCS#8 encrypted v2 PBKDF2 AES-128-CBC hmacWithSHA384, 2048-bit) -depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC +depends_on:MBEDTLS_AES_C:PSA_WANT_ALG_SHA_384:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_aes128cbc_sha384.pem":"PolarSSLTest":0 Parse RSA Key #99.4 (PKCS#8 encrypted v2 PBKDF2 AES-192-CBC hmacWithSHA384, 2048-bit) -depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_AES_C:PSA_WANT_ALG_SHA_384:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_aes192cbc_sha384.pem":"PolarSSLTest":0 Parse RSA Key #99.5 (PKCS#8 encrypted v2 PBKDF2 AES-256-CBC hmacWithSHA384, 2048-bit) -depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_AES_C:PSA_WANT_ALG_SHA_384:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_aes256cbc_sha384.pem":"PolarSSLTest":0 Parse RSA Key #99.6 (PKCS#8 encrypted v2 PBKDF2 AES-128-CBC hmacWithSHA384 DER, 2048-bit) -depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC +depends_on:MBEDTLS_AES_C:PSA_WANT_ALG_SHA_384:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_aes128cbc_sha384.der":"PolarSSLTest":0 Parse RSA Key #99.7 (PKCS#8 encrypted v2 PBKDF2 AES-192-CBC hmacWithSHA384 DER, 2048-bit) -depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_AES_C:PSA_WANT_ALG_SHA_384:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_aes192cbc_sha384.der":"PolarSSLTest":0 Parse RSA Key #99.8 (PKCS#8 encrypted v2 PBKDF2 AES-256-CBC hmacWithSHA384 DER, 2048-bit) -depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_AES_C:PSA_WANT_ALG_SHA_384:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_aes256cbc_sha384.der":"PolarSSLTest":0 # Test keys with non-word-aligned sizes. diff --git a/tests/suites/test_suite_rsa.data b/tests/suites/test_suite_rsa.data index b52c7dc8a8..362a4c7ae1 100644 --- a/tests/suites/test_suite_rsa.data +++ b/tests/suites/test_suite_rsa.data @@ -29,11 +29,11 @@ depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_PKCS1_V15 mbedtls_rsa_pkcs1_verify:"944d593f3e31817d712038dbf88a17c1772b135c34c66b236daf9a7413c2a8af":MBEDTLS_RSA_PKCS_V15:MBEDTLS_MD_SHA256:1024:"e28a13548525e5f36dccb24ecb7cc332cc689dfd64012604c9c7816d72a16c3f5fcdc0e86e7c03280b1c69b586ce0cd8aec722cc73a5d3b730310bf7dfebdc77ce5d94bbc369dc18a2f7b07bd505ab0f82224aef09fdc1e5063234255e0b3c40a52e9e8ae60898eb88a766bdd788fe9493d8fd86bcdd2884d5c06216c65469e5":"3":"7b5fba70ec5b521638f182bcab39cec30b76e7bc017bdbd1059658a9a1db0969ab482dce32f3e9865952f0a0de0978272c951e3c015328ea3758f47029a379ab4200550fba58f11d51264878406fc717d5f7b72b3582946f16a7e5314a220881fc820f7d29949710273421533d8ac0a449dc6d0fd1a21c22444edd1c0d5b44d3":0 RSA PKCS1 Verify v1.5 CAVS #6 -depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PKCS1_V15 +depends_on:PSA_WANT_ALG_SHA_384:MBEDTLS_PKCS1_V15 mbedtls_rsa_pkcs1_verify:"5a3b396a237f5460a9c8d40628e4bc324d046d0bf3ad6417db59ff3904513a79297d51656ab6c70cc07f08b8eefd2f15":MBEDTLS_RSA_PKCS_V15:MBEDTLS_MD_SHA384:1024:"e28a13548525e5f36dccb24ecb7cc332cc689dfd64012604c9c7816d72a16c3f5fcdc0e86e7c03280b1c69b586ce0cd8aec722cc73a5d3b730310bf7dfebdc77ce5d94bbc369dc18a2f7b07bd505ab0f82224aef09fdc1e5063234255e0b3c40a52e9e8ae60898eb88a766bdd788fe9493d8fd86bcdd2884d5c06216c65469e5":"3":"38fc4f6f0430bb3ea9f470a4c0f5cebdabac4dbeb3b9c99d4168e7b00f5eb294ec0ece1908eded1f3e14f1e69d10f9feb425bda0c998af945ef864298a60a675f0bb5c540a7be3f534d5faddff974eea8bffe182a44e2ee1f4f653e71967a11869ee1a850edb03cb44a340378cb7a1bc9616d3649b78002b390a05a7e54edec6":0 RSA PKCS1 Verify v1.5 CAVS #7 -depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PKCS1_V15 +depends_on:PSA_WANT_ALG_SHA_384:MBEDTLS_PKCS1_V15 # Bad padding after performing the public key operation mbedtls_rsa_pkcs1_verify:"900ada01bc5536ee88ee7f2b95d15e2e6353bc3de0ef9610f8e6deb736c30623b961eda17f316229c013bb4696fc7346":MBEDTLS_RSA_PKCS_V15:MBEDTLS_MD_SHA384:1024:"e28a13548525e5f36dccb24ecb7cc332cc689dfd64012604c9c7816d72a16c3f5fcdc0e86e7c03280b1c69b586ce0cd8aec722cc73a5d3b730310bf7dfebdc77ce5d94bbc369dc18a2f7b07bd505ab0f82224aef09fdc1e5063234255e0b3c40a52e9e8ae60898eb88a766bdd788fe9493d8fd86bcdd2884d5c06216c65469e5":"3":"d93a878c1ce86571590b0e43794b3edb23552797c4b8c9e3da4fe1cc4ac0566acd3b10541fe9a7a79f5ea4892d3069ca6903efb5c40c47eb8a9c781eb4249281d40c3d96aae16da1bb4daaece6a26eca5f41c062b4124a64fc9d340cba5ab0d1f5affff6515a87f0933774fd4322d2fa497cd6f708a429ca56dcb1fd3db623d0":MBEDTLS_ERR_RSA_VERIFY_FAILED @@ -58,7 +58,7 @@ depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_PKCS1_V15 mbedtls_rsa_pkcs1_verify:"63030cef0e2d4067573222bef3a3f83e7c98ec4c2d21780a7438673ad48bfe29":MBEDTLS_RSA_PKCS_V15:MBEDTLS_MD_SHA256:1024:"e28a13548525e5f36dccb24ecb7cc332cc689dfd64012604c9c7816d72a16c3f5fcdc0e86e7c03280b1c69b586ce0cd8aec722cc73a5d3b730310bf7dfebdc77ce5d94bbc369dc18a2f7b07bd505ab0f82224aef09fdc1e5063234255e0b3c40a52e9e8ae60898eb88a766bdd788fe9493d8fd86bcdd2884d5c06216c65469e5":"10001":"52111f4798da3c11b3c74394358348ab0fc797bde99080f238d33a69b04b08ac2bd767b33872473943e23af27ca32fd568a43a8c7d6cc55b4fbb380212fdfcb60487e20694d4287e233efdf7b04737c0037a592d03077801828b051998c42b9f9e2420063331d5b2349918a64d8b65b21a2011ee7318fcef48aced95b8ddf501":0 RSA PKCS1 Verify v1.5 CAVS #13 -depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PKCS1_V15 +depends_on:PSA_WANT_ALG_SHA_384:MBEDTLS_PKCS1_V15 mbedtls_rsa_pkcs1_verify:"b6a6dcf38a14037e598508fcff07f8da0e3f00538961cb159402f60442cbaf8d8abec885c4f0017018e2c2f45f3b076d":MBEDTLS_RSA_PKCS_V15:MBEDTLS_MD_SHA384:1024:"e28a13548525e5f36dccb24ecb7cc332cc689dfd64012604c9c7816d72a16c3f5fcdc0e86e7c03280b1c69b586ce0cd8aec722cc73a5d3b730310bf7dfebdc77ce5d94bbc369dc18a2f7b07bd505ab0f82224aef09fdc1e5063234255e0b3c40a52e9e8ae60898eb88a766bdd788fe9493d8fd86bcdd2884d5c06216c65469e5":"10001":"d5dcd27c74e040ea86f106b63d3275fa7b7e98d2dd701f38ec15fc7301b72df127f6d3bd5571253a0b9e0e719d7d522893896941a1aeccc697912282b5308d829b91905b5dd7b7e1b8fe27e2bd4003b09dfe7fe295f8a43c076c0cb52f2aac067e87de7ffe3a275d21a870c3dfc9b1d06d7f018667de9eb187bdf53d282e5d8b":0 RSA PKCS1 Verify v1.5 CAVS #14 @@ -78,7 +78,7 @@ depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_PKCS1_V15 mbedtls_rsa_pkcs1_verify:"7743dd578de944491852bfddfdeb0d239eb8d3d40a3315b8a028854627dd0ff7":MBEDTLS_RSA_PKCS_V15:MBEDTLS_MD_SHA256:1536:"a59d9b7269b102b7be684ec5e28db79992e6d3231e77c90b78960c2638b35ef6dbdac1ac59e7249d96d426e7f99397eabc6b8903fe1942da580322b98bafacd81bb911c29666f83886a2a2864f3552044300e60cedd5a8c321c43e280413dc41673c39a11b98a885486f8187a70f270185c4c12bc48a1968305269776c070ef69d4913589a887c4d0f5e7dd58bd806d0d49a14a1762c38665cef4646ff13a0cd29c3a60460703c3d051d5b28c660bffb5f8bd43d495ffa64175f72b8abe5fddd":"3":"8117a6897e14c183737661cf5741350a84ae00495cd9ee8fb033582e559f79701ab424706660515ee5821a69a6850647ec641676a625d1a3899932aaa52161fbc0c0a825db82fde0585b3c9b9c16de43e26da6a30fe5a601dae68bded1e29ec34557b5f6962efb10b9450d6f096655f68e8499cfa16a0adeb9075e7b91851fef84243132d08273d35d01ad89c17e1e6e4deaf1cb233050b275fa9d2cae57e9e1a0e23139267040aa39b6abd8f10fa1cec38ce2183573ddc11626fc262e1a0ced":0 RSA PKCS1 Verify v1.5 CAVS #18 -depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PKCS1_V15 +depends_on:PSA_WANT_ALG_SHA_384:MBEDTLS_PKCS1_V15 mbedtls_rsa_pkcs1_verify:"c293af20d96cc76b460fe8d4a7f02bf6e131750cadeaa898c7c2086a70ee9021986e408e896fbfdde338cbc9ab5ab94e":MBEDTLS_RSA_PKCS_V15:MBEDTLS_MD_SHA384:1536:"a59d9b7269b102b7be684ec5e28db79992e6d3231e77c90b78960c2638b35ef6dbdac1ac59e7249d96d426e7f99397eabc6b8903fe1942da580322b98bafacd81bb911c29666f83886a2a2864f3552044300e60cedd5a8c321c43e280413dc41673c39a11b98a885486f8187a70f270185c4c12bc48a1968305269776c070ef69d4913589a887c4d0f5e7dd58bd806d0d49a14a1762c38665cef4646ff13a0cd29c3a60460703c3d051d5b28c660bffb5f8bd43d495ffa64175f72b8abe5fddd":"3":"6b49553ed964ae196a41ea281f4d2a250ce7d1e7434e45cf6a82f7bed17554f39c3f0241e0364702fcb87475eb0c0839ffd2180890fa05b4bbf31bbfa4bf5119dea0c9f88e1e9617fcdadabc6fa1945136cc66e039b905d78ed365c5806d38aec88b3edfb86c05ff446dbfd51d7cd75cbf8d3b85154c783765386f51637532221f52429db5612dcc034968bb8feab7dc6f5ed1f2feb557f6dd49c980296117be2c4195ec7b6101ea767df9d16a56fc9709b49308a54dab63dbc4d609f959ce17":0 RSA PKCS1 Verify v1.5 CAVS #19 @@ -106,7 +106,7 @@ depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_PKCS1_V15 mbedtls_rsa_pkcs1_verify:"f5f493fc1dfc2221e2a5d61d8fc88480ec03b1fddec8b14d1d77c558859659db":MBEDTLS_RSA_PKCS_V15:MBEDTLS_MD_SHA256:1536:"a59d9b7269b102b7be684ec5e28db79992e6d3231e77c90b78960c2638b35ef6dbdac1ac59e7249d96d426e7f99397eabc6b8903fe1942da580322b98bafacd81bb911c29666f83886a2a2864f3552044300e60cedd5a8c321c43e280413dc41673c39a11b98a885486f8187a70f270185c4c12bc48a1968305269776c070ef69d4913589a887c4d0f5e7dd58bd806d0d49a14a1762c38665cef4646ff13a0cd29c3a60460703c3d051d5b28c660bffb5f8bd43d495ffa64175f72b8abe5fddd":"10001":"a003ae9cf0704d58763b214f20446ecc4099c566f25384e28d0dd6540c58705fc8d0bfe1ceaa06096ed1e230146edb82056e39e6727abec09f25e44079b6ce1ca2c6a540dec7aa34444d7d435f41e5fca9b0bba62759ae2780638e5160e031bb60409c2e85674ac7a776b444b37b9d7f4dbaa557e88b8562a584f2dbe90729b241aede95dfcc7e05b10deef06255cb89f0e7ccff23354818756a1f8bb9f00fd18f6cd22ca1b4bfc38027562bb37562c77c7883b5d735170d75521195fd3f2bd3":0 RSA PKCS1 Verify v1.5 CAVS #25 -depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PKCS1_V15 +depends_on:PSA_WANT_ALG_SHA_384:MBEDTLS_PKCS1_V15 mbedtls_rsa_pkcs1_verify:"d8758fac95ed9177581c1eb690c5fad797f47e798c4a92706dd57eb038af9dbfa02c0b964c301053bb50ac8fc652d564":MBEDTLS_RSA_PKCS_V15:MBEDTLS_MD_SHA384:1536:"a59d9b7269b102b7be684ec5e28db79992e6d3231e77c90b78960c2638b35ef6dbdac1ac59e7249d96d426e7f99397eabc6b8903fe1942da580322b98bafacd81bb911c29666f83886a2a2864f3552044300e60cedd5a8c321c43e280413dc41673c39a11b98a885486f8187a70f270185c4c12bc48a1968305269776c070ef69d4913589a887c4d0f5e7dd58bd806d0d49a14a1762c38665cef4646ff13a0cd29c3a60460703c3d051d5b28c660bffb5f8bd43d495ffa64175f72b8abe5fddd":"10001":"2c6b301852cc55a993a933e2c080eb9dabfe19e9dc3571066caeabed1492d3501cd838de1c01784932df7a5ad5bbfb48c78f53a45f76e9812d046f23bd968495ef7e981e5add4acfc538fe33a5205de74bb37d3d9b6b87b2d174e85a73f216fd67d5738fc469dff7ea6b852e8dd08bc8df036597372d4d51185e6f47a45fbe1b9bdb06a4018783425ec95294de41f27235ad3b3263a890b8b62b17410a9bb08673393ff205a866ee2057e99c6517c6bbc84f8d87717b83d6f64de7ee215e1e8d":0 RSA PKCS1 Verify v1.5 CAVS #26 @@ -130,11 +130,11 @@ depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_PKCS1_V15 mbedtls_rsa_pkcs1_verify:"db7e6ef51ffecd9c1cb88078275c362c0e36730860a33a0802c4a9237467d48d":MBEDTLS_RSA_PKCS_V15:MBEDTLS_MD_SHA256:1536:"a59d9b7269b102b7be684ec5e28db79992e6d3231e77c90b78960c2638b35ef6dbdac1ac59e7249d96d426e7f99397eabc6b8903fe1942da580322b98bafacd81bb911c29666f83886a2a2864f3552044300e60cedd5a8c321c43e280413dc41673c39a11b98a885486f8187a70f270185c4c12bc48a1968305269776c070ef69d4913589a887c4d0f5e7dd58bd806d0d49a14a1762c38665cef4646ff13a0cd29c3a60460703c3d051d5b28c660bffb5f8bd43d495ffa64175f72b8abe5fddd":"3":"a202c33eb831b9d8e818b6c3bcdb42818e1d9c22a06ddd73a17a21e49d18cda44df349a066477cae068e1a5d2b518b0885e889ef796ca9e6f42a69ac755b8a6405fbaef93fe0130d98de35d689addfee3eecd26658903f774bda481c3f40ee0e9569a3c3e2da7ad576c7de82159d933e36fa29cfef99367005e34ab5082d80f48276d37dabc88dbb023bd01585329d2ccf417f78ec508aaa29751007d31f1669296b981d44c8fa99130c5df7a071725b496859314aaf9baf0ebc780355914249":MBEDTLS_ERR_RSA_VERIFY_FAILED RSA PKCS1 Verify v1.5 CAVS #31 -depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PKCS1_V15 +depends_on:PSA_WANT_ALG_SHA_384:MBEDTLS_PKCS1_V15 mbedtls_rsa_pkcs1_verify:"810b988d9966877681759634c332d6099cf905c7cd57c871b9e3399730fe4ef8cd1d3c7391ec4def78d4624b384664c4":MBEDTLS_RSA_PKCS_V15:MBEDTLS_MD_SHA384:1536:"a59d9b7269b102b7be684ec5e28db79992e6d3231e77c90b78960c2638b35ef6dbdac1ac59e7249d96d426e7f99397eabc6b8903fe1942da580322b98bafacd81bb911c29666f83886a2a2864f3552044300e60cedd5a8c321c43e280413dc41673c39a11b98a885486f8187a70f270185c4c12bc48a1968305269776c070ef69d4913589a887c4d0f5e7dd58bd806d0d49a14a1762c38665cef4646ff13a0cd29c3a60460703c3d051d5b28c660bffb5f8bd43d495ffa64175f72b8abe5fddd":"10001":"402631f3cddfb02cc4d9cb58ef1ab6726bd787a50e12e98567c9702bfdf47af85904aec5a2f6c5df9a10f08f90f93728eb090ae2ac21ded9f38faecd8195f3eb3d4107521b1cee956e7a214245b038adae912fa35ec97cb3bdc41352e8aaff80173561284cb740f999a3cd6653a6c3d5a3f911a416f41e2155083982c99eb5998a0a74d77f1ae999d901ee24a7f2c424179a3f92b07dc0b3498c1884e60677bee0175e810b426c4ad008d2743cd19b00b33177bf8be3fed7f7406e1bce0c2ea3":MBEDTLS_ERR_RSA_VERIFY_FAILED RSA PKCS1 Verify v1.5 CAVS #32 -depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PKCS1_V15 +depends_on:PSA_WANT_ALG_SHA_384:MBEDTLS_PKCS1_V15 mbedtls_rsa_pkcs1_verify:"cc43d91a2ae21a1a1fe7e51801f48f5a2f21ff4827d79cf6193e7610e2a5d9881f21577dcd100b2b5d087d936f867960":MBEDTLS_RSA_PKCS_V15:MBEDTLS_MD_SHA384:1536:"a59d9b7269b102b7be684ec5e28db79992e6d3231e77c90b78960c2638b35ef6dbdac1ac59e7249d96d426e7f99397eabc6b8903fe1942da580322b98bafacd81bb911c29666f83886a2a2864f3552044300e60cedd5a8c321c43e280413dc41673c39a11b98a885486f8187a70f270185c4c12bc48a1968305269776c070ef69d4913589a887c4d0f5e7dd58bd806d0d49a14a1762c38665cef4646ff13a0cd29c3a60460703c3d051d5b28c660bffb5f8bd43d495ffa64175f72b8abe5fddd":"11":"57edd0560df9840a25c28ff6d254e432395a5cd2d92248b3b44d7eab0fc65b3c4e545a916a8e90ce89745119db9ec9799aa8890f5250fb589cfc12dac1b6e406a39bc3b3663892da5354ba453cbd5e4c89bdce82d0ffe97052a03a5c3308819c1139ebc780c13cf6dc1477faf734abcb1db3fafaed6f22885c9c0222ff5deacb8cc6d027f2e959c3075011b382e88c4b27b83b4f2e6fda022e331c3602d19f5ac7bccfe95ea1e93d736dbd918ae5b1f468cd0b5b536a2f918d5e27a0757e75b7":0 RSA PKCS1 Verify v1.5 CAVS #33 @@ -213,11 +213,11 @@ depends_on:MBEDTLS_MD_CAN_SHA224:MBEDTLS_PKCS1_V15 mbedtls_rsa_pkcs1_verify:"32f339fe33f10a0fa152bf9659cdf7a0e4b741444ea31a85d40ed4bb":MBEDTLS_RSA_PKCS_V15:MBEDTLS_MD_SHA224:2048:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":"3":"9d768b8b31421f9d9ced890aafaf8b3468656419049ed268f6e1992066f45dc3e4cd349e8c5ed5a06e4ef5badaba064ba94907dfedf3d708becaf44ae9b27c3866d329311ba93e8ddc7fc284fba05d1bb84fb1e060a5b76b7fa515cfcd2c8144474623672703cac1e15ff4fdf8ef19d365c51ba86e60f4cbbcd07f956060625751bfbecc47945646459cadaddd900603a8149a93b31a6d432e1da1a67eb765f5b2f0bd1adb9af12d731c7b02931b42dbbfd8c7cecde76b817e96f664147a2c5091c6ce4dc562c5f57159d6f9dc9ba2daa212db56677839621bd4805dde62955fb2d0cc2c448109d10ecc6206ea81f0a02e1646471358f3ec146cd3c75f2d390b":0 RSA PKCS1 Sign #4 (SHA384, 2048 bits RSA) -depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PKCS1_V15 +depends_on:PSA_WANT_ALG_SHA_384:MBEDTLS_PKCS1_V15 mbedtls_rsa_pkcs1_sign:"7fccca8778575cf67d95d44e6825128e2ba5155f7cc91d968a923dbac35bc04b4d45bf6fd0009144ef9d70898948eeec":MBEDTLS_RSA_PKCS_V15:MBEDTLS_MD_SHA384:2048:"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":"3":"40dcc96822e5612eb33f1dca247a35109ba3845c7a3d556a60e656624bf1c103d94686ca7379e9e329ccd1b19b52bfd48b608df9f59a96a82d3feb0101096dbcb80e46da543b4c982ac6bb1717f24f9fe3f76b7154492b47525be1ddcaf4631d33481531be8f3e685837b40bdf4a02827d79f6a32374147174680f51c8e0d8eed9d5c445a563a7bce9ef4236e7cfdc12b2223ef457c3e8ccc6dd65cc23e977a1f03f5ef584feb9af00efc71a701f9d413b0290af17692cb821a1e863d5778e174b1130659f30583f434f09cb1212471a41dd65c102de64a194b6ae3e43cd75928049db78042c58e980aff3ea2774e42845bcf217410a118cf5deeaa64224dbc8":0 RSA PKCS1 Sign #4 Verify -depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PKCS1_V15 +depends_on:PSA_WANT_ALG_SHA_384:MBEDTLS_PKCS1_V15 mbedtls_rsa_pkcs1_verify:"7fccca8778575cf67d95d44e6825128e2ba5155f7cc91d968a923dbac35bc04b4d45bf6fd0009144ef9d70898948eeec":MBEDTLS_RSA_PKCS_V15:MBEDTLS_MD_SHA384:2048:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":"3":"40dcc96822e5612eb33f1dca247a35109ba3845c7a3d556a60e656624bf1c103d94686ca7379e9e329ccd1b19b52bfd48b608df9f59a96a82d3feb0101096dbcb80e46da543b4c982ac6bb1717f24f9fe3f76b7154492b47525be1ddcaf4631d33481531be8f3e685837b40bdf4a02827d79f6a32374147174680f51c8e0d8eed9d5c445a563a7bce9ef4236e7cfdc12b2223ef457c3e8ccc6dd65cc23e977a1f03f5ef584feb9af00efc71a701f9d413b0290af17692cb821a1e863d5778e174b1130659f30583f434f09cb1212471a41dd65c102de64a194b6ae3e43cd75928049db78042c58e980aff3ea2774e42845bcf217410a118cf5deeaa64224dbc8":0 RSA PKCS1 Sign #7 (MD5, 2048 bits RSA) diff --git a/tests/suites/test_suite_ssl.data b/tests/suites/test_suite_ssl.data index b4d3451862..16e6d3f52e 100644 --- a/tests/suites/test_suite_ssl.data +++ b/tests/suites/test_suite_ssl.data @@ -365,7 +365,7 @@ depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_TEST_AT_LEAST_ONE_TLS1_3_CIPHERSUITE handshake_version:0:MBEDTLS_SSL_VERSION_TLS1_3:MBEDTLS_SSL_VERSION_TLS1_3:MBEDTLS_SSL_VERSION_TLS1_3:MBEDTLS_SSL_VERSION_TLS1_3:MBEDTLS_SSL_VERSION_TLS1_3 Handshake, ECDHE-RSA-WITH-AES-256-GCM-SHA384 -depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_RSA_C:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:PSA_WANT_ALG_SHA_384:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_RSA_C:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH handshake_cipher:"TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384":MBEDTLS_PK_RSA:0 Handshake, RSA-WITH-AES-128-CCM @@ -381,7 +381,7 @@ depends_on:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CCM:MBEDTLS_PK_CAN_ECDSA_SOME:M handshake_cipher:"TLS-ECDHE-ECDSA-WITH-AES-256-CCM":MBEDTLS_PK_ECDSA:0 Handshake, ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384 -depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED +depends_on:PSA_WANT_ALG_SHA_384:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED handshake_cipher:"TLS-ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384":MBEDTLS_PK_ECDSA:0 Handshake, PSK-WITH-AES-128-CBC-SHA @@ -393,7 +393,7 @@ depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_PROTO_DTLS:MBEDTLS_CAN_HANDLE_RS handshake_version:1:MBEDTLS_SSL_VERSION_TLS1_2:MBEDTLS_SSL_VERSION_TLS1_2:MBEDTLS_SSL_VERSION_TLS1_2:MBEDTLS_SSL_VERSION_TLS1_2:MBEDTLS_SSL_VERSION_TLS1_2 DTLS Handshake, ECDHE-RSA-WITH-AES-256-GCM-SHA384 -depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_RSA_C:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:MBEDTLS_SSL_PROTO_DTLS:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:PSA_WANT_ALG_SHA_384:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_RSA_C:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:MBEDTLS_SSL_PROTO_DTLS:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH handshake_cipher:"TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384":MBEDTLS_PK_RSA:1 DTLS Handshake, RSA-WITH-AES-128-CCM @@ -409,7 +409,7 @@ depends_on:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CCM:MBEDTLS_PK_CAN_ECDSA_SOME:M handshake_cipher:"TLS-ECDHE-ECDSA-WITH-AES-256-CCM":MBEDTLS_PK_ECDSA:1 DTLS Handshake, ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384 -depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_SSL_PROTO_DTLS:MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED +depends_on:PSA_WANT_ALG_SHA_384:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_SSL_PROTO_DTLS:MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED handshake_cipher:"TLS-ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384":MBEDTLS_PK_ECDSA:1 DTLS Handshake, PSK-WITH-AES-128-CBC-SHA @@ -453,71 +453,71 @@ depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDT handshake_ciphersuite_select:"TLS-RSA-WITH-AES-256-CBC-SHA256":MBEDTLS_PK_RSA:"":PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_ALG_NONE:PSA_KEY_USAGE_DERIVE:MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE:0 Handshake, select RSA-PSK-WITH-AES-256-CBC-SHA384, non-opaque -depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_RSA_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:PSA_WANT_ALG_SHA_384:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_RSA_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH handshake_ciphersuite_select:"TLS-RSA-PSK-WITH-AES-256-CBC-SHA384":MBEDTLS_PK_RSA:"abc123":PSA_ALG_NONE:PSA_ALG_NONE:0:0:MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA384 Handshake, select RSA-PSK-WITH-AES-256-CBC-SHA384, opaque -depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_RSA_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:PSA_WANT_ALG_SHA_384:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_RSA_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH handshake_ciphersuite_select:"TLS-RSA-PSK-WITH-AES-256-CBC-SHA384":MBEDTLS_PK_RSA:"abc123":PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_ALG_NONE:PSA_KEY_USAGE_DECRYPT:0:MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA384 Handshake, select RSA-PSK-WITH-AES-256-CBC-SHA384, opaque, bad alg -depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_RSA_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:PSA_WANT_ALG_SHA_384:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_RSA_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH handshake_ciphersuite_select:"TLS-RSA-PSK-WITH-AES-256-CBC-SHA384":MBEDTLS_PK_RSA:"abc123":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):PSA_ALG_NONE:PSA_KEY_USAGE_DECRYPT:MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE:0 Handshake, select RSA-PSK-WITH-AES-256-CBC-SHA384, opaque, bad usage -depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_RSA_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:PSA_WANT_ALG_SHA_384:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_RSA_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH handshake_ciphersuite_select:"TLS-RSA-PSK-WITH-AES-256-CBC-SHA384":MBEDTLS_PK_RSA:"abc123":PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_ALG_NONE:PSA_KEY_USAGE_DERIVE:MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE:0 Handshake, select RSA-PSK-WITH-AES-256-CBC-SHA384, opaque, no psk -depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_RSA_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:PSA_WANT_ALG_SHA_384:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_RSA_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH handshake_ciphersuite_select:"TLS-RSA-PSK-WITH-AES-256-CBC-SHA384":MBEDTLS_PK_RSA:"":PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_ALG_NONE:PSA_KEY_USAGE_DECRYPT:MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE:0 Handshake, select DHE-RSA-WITH-AES-256-GCM-SHA384, non-opaque -depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_RSA_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:PSA_WANT_ALG_SHA_384:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_RSA_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH handshake_ciphersuite_select:"TLS-DHE-RSA-WITH-AES-256-GCM-SHA384":MBEDTLS_PK_RSA:"":PSA_ALG_NONE:PSA_ALG_NONE:0:0:MBEDTLS_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 Handshake, select DHE-RSA-WITH-AES-256-GCM-SHA384, opaque, PSA_ALG_ANY_HASH -depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_RSA_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:PSA_WANT_ALG_SHA_384:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_RSA_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH handshake_ciphersuite_select:"TLS-DHE-RSA-WITH-AES-256-GCM-SHA384":MBEDTLS_PK_RSA:"":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):PSA_ALG_NONE:PSA_KEY_USAGE_SIGN_HASH:0:MBEDTLS_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 Handshake, select DHE-RSA-WITH-AES-256-GCM-SHA384, opaque, PSA_ALG_SHA_384 -depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_RSA_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:PSA_WANT_ALG_SHA_384:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_RSA_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH handshake_ciphersuite_select:"TLS-DHE-RSA-WITH-AES-256-GCM-SHA384":MBEDTLS_PK_RSA:"":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_384):PSA_ALG_NONE:PSA_KEY_USAGE_SIGN_HASH:0:MBEDTLS_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 Handshake, select DHE-RSA-WITH-AES-256-GCM-SHA384, opaque, invalid alg -depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_RSA_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:PSA_WANT_ALG_SHA_384:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_RSA_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH handshake_ciphersuite_select:"TLS-DHE-RSA-WITH-AES-256-GCM-SHA384":MBEDTLS_PK_RSA:"":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):PSA_ALG_NONE:PSA_KEY_USAGE_SIGN_HASH:MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE:0 Handshake, select DHE-RSA-WITH-AES-256-GCM-SHA384, opaque, bad alg -depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_RSA_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:PSA_WANT_ALG_SHA_384:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_RSA_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH handshake_ciphersuite_select:"TLS-DHE-RSA-WITH-AES-256-GCM-SHA384":MBEDTLS_PK_RSA:"":PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_ALG_NONE:PSA_KEY_USAGE_SIGN_HASH:MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE:0 Handshake, select DHE-RSA-WITH-AES-256-GCM-SHA384, opaque, bad usage -depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_RSA_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:PSA_WANT_ALG_SHA_384:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_RSA_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH handshake_ciphersuite_select:"TLS-DHE-RSA-WITH-AES-256-GCM-SHA384":MBEDTLS_PK_RSA:"":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):PSA_ALG_NONE:PSA_KEY_USAGE_DERIVE:MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE:0 Handshake, select ECDHE-RSA-WITH-AES-256-GCM-SHA384, non-opaque -depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_RSA_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:PSA_WANT_ALG_SHA_384:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_RSA_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH handshake_ciphersuite_select:"TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384":MBEDTLS_PK_RSA:"":PSA_ALG_NONE:PSA_ALG_NONE:0:0:MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 Handshake, select ECDHE-RSA-WITH-AES-256-GCM-SHA384, opaque, PSA_ALG_ANY_HASH -depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_RSA_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:PSA_WANT_ALG_SHA_384:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_RSA_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH handshake_ciphersuite_select:"TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384":MBEDTLS_PK_RSA:"":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):PSA_ALG_NONE:PSA_KEY_USAGE_SIGN_HASH:0:MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 Handshake, select ECDHE-RSA-WITH-AES-256-GCM-SHA384, opaque, PSA_ALG_SHA_384 -depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_RSA_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:PSA_WANT_ALG_SHA_384:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_RSA_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH handshake_ciphersuite_select:"TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384":MBEDTLS_PK_RSA:"":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_384):PSA_ALG_NONE:PSA_KEY_USAGE_SIGN_HASH:0:MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 Handshake, select ECDHE-RSA-WITH-AES-256-GCM-SHA384, opaque, invalid alg -depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_RSA_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:PSA_WANT_ALG_SHA_384:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_RSA_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH handshake_ciphersuite_select:"TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384":MBEDTLS_PK_RSA:"":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):PSA_ALG_NONE:PSA_KEY_USAGE_SIGN_HASH:MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE:0 Handshake, select ECDHE-RSA-WITH-AES-256-GCM-SHA384, opaque, bad alg -depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_RSA_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:PSA_WANT_ALG_SHA_384:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_RSA_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH handshake_ciphersuite_select:"TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384":MBEDTLS_PK_RSA:"":PSA_ALG_RSA_PSS(PSA_ALG_ANY_HASH):PSA_ALG_NONE:PSA_KEY_USAGE_SIGN_HASH:MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE:0 Handshake, select ECDHE-RSA-WITH-AES-256-GCM-SHA384, opaque, bad usage -depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_RSA_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:PSA_WANT_ALG_SHA_384:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_RSA_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH handshake_ciphersuite_select:"TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384":MBEDTLS_PK_RSA:"":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):PSA_ALG_NONE:PSA_KEY_USAGE_DERIVE:MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE:0 Handshake, select ECDHE-ECDSA-WITH-AES-256-CCM, non-opaque @@ -541,39 +541,39 @@ depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CCM:MBEDT handshake_ciphersuite_select:"TLS-ECDHE-ECDSA-WITH-AES-256-CCM":MBEDTLS_PK_ECDSA:"":PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):PSA_ALG_NONE:PSA_KEY_USAGE_DERIVE:MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE:0 Handshake, select ECDH-RSA-WITH-AES-256-CBC-SHA384, non-opaque -depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_RSA_C:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:PSA_WANT_ALG_SHA_384:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_RSA_C:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH handshake_ciphersuite_select:"TLS-ECDH-RSA-WITH-AES-256-CBC-SHA384":MBEDTLS_PK_ECDSA:"":PSA_ALG_NONE:PSA_ALG_NONE:0:0:MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 Handshake, select ECDH-RSA-WITH-AES-256-CBC-SHA384, opaque -depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_RSA_C:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:PSA_WANT_ALG_SHA_384:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_RSA_C:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH handshake_ciphersuite_select:"TLS-ECDH-RSA-WITH-AES-256-CBC-SHA384":MBEDTLS_PK_ECDSA:"":PSA_ALG_ECDH:PSA_ALG_NONE:PSA_KEY_USAGE_DERIVE:0:MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 Handshake, select ECDH-RSA-WITH-AES-256-CBC-SHA384, opaque, bad alg -depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_RSA_C:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:PSA_WANT_ALG_SHA_384:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_RSA_C:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH handshake_ciphersuite_select:"TLS-ECDH-RSA-WITH-AES-256-CBC-SHA384":MBEDTLS_PK_ECDSA:"":PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):PSA_ALG_NONE:PSA_KEY_USAGE_DERIVE:MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE:0 Handshake, select ECDH-RSA-WITH-AES-256-CBC-SHA384, opaque, bad usage -depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_RSA_C:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:PSA_WANT_ALG_SHA_384:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_RSA_C:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH handshake_ciphersuite_select:"TLS-ECDH-RSA-WITH-AES-256-CBC-SHA384":MBEDTLS_PK_ECDSA:"":PSA_ALG_ECDH:PSA_ALG_NONE:PSA_KEY_USAGE_DECRYPT:MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE:0 Handshake, select ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384, non-opaque -depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED +depends_on:PSA_WANT_ALG_SHA_384:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED handshake_ciphersuite_select:"TLS-ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384":MBEDTLS_PK_ECDSA:"":PSA_ALG_NONE:PSA_ALG_NONE:0:0:MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 Handshake, select ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384, opaque, PSA_ALG_ANY_HASH -depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PSA_CRYPTO_C +depends_on:PSA_WANT_ALG_SHA_384:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PSA_CRYPTO_C handshake_ciphersuite_select:"TLS-ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384":MBEDTLS_PK_ECDSA:"":PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):PSA_ALG_ECDH:PSA_KEY_USAGE_SIGN_HASH|PSA_KEY_USAGE_DERIVE:0:MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 Handshake, select ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384, opaque, PSA_ALG_SHA_384 -depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:MBEDTSL_PSA_CRYPTO_C +depends_on:PSA_WANT_ALG_SHA_384:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:MBEDTSL_PSA_CRYPTO_C handshake_ciphersuite_select:"TLS-ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384":MBEDTLS_PK_ECDSA:"":PSA_ALG_ECDSA(PSA_ALG_SHA_384):PSA_ALG_ECDH:PSA_KEY_USAGE_SIGN_HASH|PSA_KEY_USAGE_DERIVE:0:MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 Handshake, select ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384, opaque, missing alg -depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO +depends_on:PSA_WANT_ALG_SHA_384:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO handshake_ciphersuite_select:"TLS-ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384":MBEDTLS_PK_ECDSA:"":PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):PSA_ALG_NONE:PSA_KEY_USAGE_SIGN_HASH|PSA_KEY_USAGE_DERIVE:MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE:0 Handshake, select ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384, opaque, missing usage -depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO +depends_on:PSA_WANT_ALG_SHA_384:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO handshake_ciphersuite_select:"TLS-ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384":MBEDTLS_PK_ECDSA:"":PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):PSA_ALG_ECDH:PSA_KEY_USAGE_SIGN_HASH:MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE:0 Sending app data via TLS, MFL=512 without fragmentation @@ -710,51 +710,51 @@ DTLS legacy break handshake renegotiation with MFL=4096 resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_4096:MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE:"" DTLS no legacy renegotiation with MFL=512, ECDHE-RSA-WITH-AES-256-GCM-SHA384 -depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:PSA_WANT_ALG_SHA_384:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_512:MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION:"TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384" DTLS no legacy renegotiation with MFL=1024, ECDHE-RSA-WITH-AES-256-GCM-SHA384 -depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:PSA_WANT_ALG_SHA_384:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_1024:MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION:"TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384" DTLS no legacy renegotiation with MFL=2048, ECDHE-RSA-WITH-AES-256-GCM-SHA384 -depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:PSA_WANT_ALG_SHA_384:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_2048:MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION:"TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384" DTLS no legacy renegotiation with MFL=4096, ECDHE-RSA-WITH-AES-256-GCM-SHA384 -depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:PSA_WANT_ALG_SHA_384:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_4096:MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION:"TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384" DTLS legacy allow renegotiation with MFL=512, ECDHE-RSA-WITH-AES-256-GCM-SHA384 -depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:PSA_WANT_ALG_SHA_384:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_512:MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION:"TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384" DTLS legacy allow renegotiation with MFL=1024, ECDHE-RSA-WITH-AES-256-GCM-SHA384 -depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:PSA_WANT_ALG_SHA_384:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_1024:MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION:"TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384" DTLS legacy allow renegotiation with MFL=2048, ECDHE-RSA-WITH-AES-256-GCM-SHA384 -depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:PSA_WANT_ALG_SHA_384:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_2048:MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION:"TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384" DTLS legacy allow renegotiation with MFL=4096, ECDHE-RSA-WITH-AES-256-GCM-SHA384 -depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:PSA_WANT_ALG_SHA_384:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_4096:MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION:"TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384" DTLS legacy break handshake renegotiation with MFL=512, ECDHE-RSA-WITH-AES-256-GCM-SHA384 -depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:PSA_WANT_ALG_SHA_384:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_512:MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE:"TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384" DTLS legacy break handshake renegotiation with MFL=1024, ECDHE-RSA-WITH-AES-256-GCM-SHA384 -depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:PSA_WANT_ALG_SHA_384:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_1024:MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE:"TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384" DTLS legacy break handshake renegotiation with MFL=2048, ECDHE-RSA-WITH-AES-256-GCM-SHA384 -depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:PSA_WANT_ALG_SHA_384:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_2048:MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE:"TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384" DTLS legacy break handshake renegotiation with MFL=4096, ECDHE-RSA-WITH-AES-256-GCM-SHA384 -depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:PSA_WANT_ALG_SHA_384:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_GCM:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_4096:MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE:"TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384" DTLS no legacy renegotiation with MFL=512, RSA-WITH-AES-128-CCM @@ -970,27 +970,27 @@ depends_on:MBEDTLS_SSL_PROTO_TLS1_3 ssl_session_id_accessors_check:MBEDTLS_SSL_VERSION_TLS1_3 Record crypt, AES-128-CBC, 1.2, SHA-384 -depends_on:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384 +depends_on:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384 ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, AES-128-CBC, 1.2, SHA-384, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384 +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384 ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 Record crypt, AES-128-CBC, 1.2, SHA-384, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384 +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384 ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, AES-128-CBC, 1.2, SHA-384, EtM -depends_on:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, AES-128-CBC, 1.2, SHA-384, EtM, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 Record crypt, AES-128-CBC, 1.2, SHA-384, EtM, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, AES-128-CBC, 1.2, SHA-256 @@ -1066,27 +1066,27 @@ depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_ ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, AES-256-CBC, 1.2, SHA-384 -depends_on:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, AES-256-CBC, 1.2, SHA-384, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 Record crypt, AES-256-CBC, 1.2, SHA-384, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, AES-256-CBC, 1.2, SHA-384, EtM -depends_on:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_ENCRYPT_THEN_MAC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384:MBEDTLS_SSL_ENCRYPT_THEN_MAC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, AES-256-CBC, 1.2, SHA-384, EtM, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_ENCRYPT_THEN_MAC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384:MBEDTLS_SSL_ENCRYPT_THEN_MAC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 Record crypt, AES-256-CBC, 1.2, SHA-384, EtM, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_ENCRYPT_THEN_MAC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384:MBEDTLS_SSL_ENCRYPT_THEN_MAC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, AES-256-CBC, 1.2, SHA-256 @@ -1162,27 +1162,27 @@ depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_ ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, ARIA-128-CBC, 1.2, SHA-384 -depends_on:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384 +depends_on:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384 ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, ARIA-128-CBC, 1.2, SHA-384, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384 +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384 ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 Record crypt, ARIA-128-CBC, 1.2, SHA-384, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384 +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384 ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, ARIA-128-CBC, 1.2, SHA-384, EtM -depends_on:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, ARIA-128-CBC, 1.2, SHA-384, EtM, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 Record crypt, ARIA-128-CBC, 1.2, SHA-384, EtM, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, ARIA-128-CBC, 1.2, SHA-256 @@ -1258,27 +1258,27 @@ depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE ssl_crypt_record:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, ARIA-256-CBC, 1.2, SHA-384 -depends_on:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384 +depends_on:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384 ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, ARIA-256-CBC, 1.2, SHA-384, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384 +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384 ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 Record crypt, ARIA-256-CBC, 1.2, SHA-384, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384 +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384 ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, ARIA-256-CBC, 1.2, SHA-384, EtM -depends_on:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, ARIA-256-CBC, 1.2, SHA-384, EtM, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 Record crypt, ARIA-256-CBC, 1.2, SHA-384, EtM, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, ARIA-256-CBC, 1.2, SHA-256 @@ -1354,27 +1354,27 @@ depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE ssl_crypt_record:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, CAMELLIA-128-CBC, 1.2, SHA-384 -depends_on:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384 +depends_on:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384 ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, CAMELLIA-128-CBC, 1.2, SHA-384, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384 +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384 ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 Record crypt, CAMELLIA-128-CBC, 1.2, SHA-384, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384 +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384 ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, CAMELLIA-128-CBC, 1.2, SHA-384, EtM -depends_on:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, CAMELLIA-128-CBC, 1.2, SHA-384, EtM, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 Record crypt, CAMELLIA-128-CBC, 1.2, SHA-384, EtM, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, CAMELLIA-128-CBC, 1.2, SHA-256 @@ -1450,27 +1450,27 @@ depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_ ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, CAMELLIA-256-CBC, 1.2, SHA-384 -depends_on:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384 +depends_on:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384 ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, CAMELLIA-256-CBC, 1.2, SHA-384, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384 +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384 ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 Record crypt, CAMELLIA-256-CBC, 1.2, SHA-384, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384 +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384 ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, CAMELLIA-256-CBC, 1.2, SHA-384, EtM -depends_on:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, CAMELLIA-256-CBC, 1.2, SHA-384, EtM, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 Record crypt, CAMELLIA-256-CBC, 1.2, SHA-384, EtM, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, CAMELLIA-256-CBC, 1.2, SHA-256 @@ -1786,11 +1786,11 @@ depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_ ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, NULL cipher, 1.2, SHA-384 -depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384 +depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384 ssl_crypt_record:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, NULL cipher, 1.2, SHA-384, EtM -depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, NULL cipher, 1.2, SHA-256 @@ -1842,27 +1842,27 @@ depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CHACHAPOLY:MBEDTLS_SS ssl_crypt_record_small:MBEDTLS_CIPHER_CHACHA20_POLY1305:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, little space, AES-128-CBC, 1.2, SHA-384 -depends_on:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384 +depends_on:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384 ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, little space, AES-128-CBC, 1.2, SHA-384, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384 +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384 ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 Record crypt, little space, AES-128-CBC, 1.2, SHA-384, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384 +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384 ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, little space, AES-128-CBC, 1.2, SHA-384, EtM -depends_on:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, little space, AES-128-CBC, 1.2, SHA-384, EtM, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 Record crypt, little space, AES-128-CBC, 1.2, SHA-384, EtM, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, little space, AES-128-CBC, 1.2, SHA-256 @@ -1938,27 +1938,27 @@ depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_ ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, little space, AES-256-CBC, 1.2, SHA-384 -depends_on:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, little space, AES-256-CBC, 1.2, SHA-384, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 Record crypt, little space, AES-256-CBC, 1.2, SHA-384, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, little space, AES-256-CBC, 1.2, SHA-384, EtM -depends_on:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_ENCRYPT_THEN_MAC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384:MBEDTLS_SSL_ENCRYPT_THEN_MAC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, little space, AES-256-CBC, 1.2, SHA-384, EtM, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_ENCRYPT_THEN_MAC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384:MBEDTLS_SSL_ENCRYPT_THEN_MAC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 Record crypt, little space, AES-256-CBC, 1.2, SHA-384, EtM, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_ENCRYPT_THEN_MAC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384:MBEDTLS_SSL_ENCRYPT_THEN_MAC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, little space, AES-256-CBC, 1.2, SHA-256 @@ -2034,27 +2034,27 @@ depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_ ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, little space, ARIA-128-CBC, 1.2, SHA-384 -depends_on:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384 +depends_on:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384 ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, little space, ARIA-128-CBC, 1.2, SHA-384, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384 +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384 ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 Record crypt, little space, ARIA-128-CBC, 1.2, SHA-384, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384 +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384 ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, little space, ARIA-128-CBC, 1.2, SHA-384, EtM -depends_on:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, little space, ARIA-128-CBC, 1.2, SHA-384, EtM, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 Record crypt, little space, ARIA-128-CBC, 1.2, SHA-384, EtM, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, little space, ARIA-128-CBC, 1.2, SHA-256 @@ -2130,27 +2130,27 @@ depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, little space, ARIA-256-CBC, 1.2, SHA-384 -depends_on:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384 +depends_on:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384 ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, little space, ARIA-256-CBC, 1.2, SHA-384, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384 +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384 ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 Record crypt, little space, ARIA-256-CBC, 1.2, SHA-384, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384 +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384 ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, little space, ARIA-256-CBC, 1.2, SHA-384, EtM -depends_on:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, little space, ARIA-256-CBC, 1.2, SHA-384, EtM, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 Record crypt, little space, ARIA-256-CBC, 1.2, SHA-384, EtM, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, little space, ARIA-256-CBC, 1.2, SHA-256 @@ -2226,27 +2226,27 @@ depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE ssl_crypt_record_small:MBEDTLS_CIPHER_ARIA_256_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, little space, CAMELLIA-128-CBC, 1.2, SHA-384 -depends_on:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384 +depends_on:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384 ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, little space, CAMELLIA-128-CBC, 1.2, SHA-384, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384 +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384 ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 Record crypt, little space, CAMELLIA-128-CBC, 1.2, SHA-384, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384 +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384 ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, little space, CAMELLIA-128-CBC, 1.2, SHA-384, EtM -depends_on:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, little space, CAMELLIA-128-CBC, 1.2, SHA-384, EtM, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 Record crypt, little space, CAMELLIA-128-CBC, 1.2, SHA-384, EtM, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, little space, CAMELLIA-128-CBC, 1.2, SHA-256 @@ -2322,27 +2322,27 @@ depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_ ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, little space, CAMELLIA-256-CBC, 1.2, SHA-384 -depends_on:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384 +depends_on:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384 ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, little space, CAMELLIA-256-CBC, 1.2, SHA-384, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384 +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384 ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 Record crypt, little space, CAMELLIA-256-CBC, 1.2, SHA-384, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384 +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384 ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, little space, CAMELLIA-256-CBC, 1.2, SHA-384, EtM -depends_on:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, little space, CAMELLIA-256-CBC, 1.2, SHA-384, EtM, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:4 Record crypt, little space, CAMELLIA-256-CBC, 1.2, SHA-384, EtM, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, little space, CAMELLIA-256-CBC, 1.2, SHA-256 @@ -2658,11 +2658,11 @@ depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_ ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CCM:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_VERSION_TLS1_2:4:0 Record crypt, little space, NULL cipher, 1.2, SHA-384 -depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384 +depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384 ssl_crypt_record_small:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, little space, NULL cipher, 1.2, SHA-384, EtM -depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_ENCRYPT_THEN_MAC +depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ALG_SHA_384:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record_small:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 Record crypt, little space, NULL cipher, 1.2, SHA-256 @@ -2931,7 +2931,7 @@ SSL TLS_PRF MBEDTLS_SSL_TLS_PRF_NONE ssl_tls_prf:MBEDTLS_SSL_TLS_PRF_NONE:"":"":"test tls_prf label":"":MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE SSL TLS_PRF MBEDTLS_SSL_TLS_PRF_SHA384 -depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_PROTO_TLS1_2 +depends_on:PSA_WANT_ALG_SHA_384:MBEDTLS_SSL_PROTO_TLS1_2 ssl_tls_prf:MBEDTLS_SSL_TLS_PRF_SHA384:"1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef":"1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef":"test tls_prf label":"a4206a36eef93f496611c2b7806625c3":0 SSL TLS_PRF MBEDTLS_SSL_TLS_PRF_SHA256 @@ -2939,7 +2939,7 @@ depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_PROTO_TLS1_2 ssl_tls_prf:MBEDTLS_SSL_TLS_PRF_SHA256:"1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef":"1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef":"test tls_prf label":"7f9998393198a02c8d731ccc2ef90b2c":0 SSL TLS_PRF MBEDTLS_SSL_TLS_PRF_SHA384 SHA-384 not enabled -depends_on:!MBEDTLS_MD_CAN_SHA384 +depends_on:!PSA_WANT_ALG_SHA_384 ssl_tls_prf:MBEDTLS_SSL_TLS_PRF_SHA384:"1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef":"1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef":"test tls_prf label":"a4206a36eef93f496611c2b7806625c3":MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE SSL TLS_PRF MBEDTLS_SSL_TLS_PRF_SHA256 SHA-256 not enabled diff --git a/tests/suites/test_suite_ssl_decrypt.misc.data b/tests/suites/test_suite_ssl_decrypt.misc.data index 27ea27a178..10bb56d18d 100644 --- a/tests/suites/test_suite_ssl_decrypt.misc.data +++ b/tests/suites/test_suite_ssl_decrypt.misc.data @@ -11,7 +11,7 @@ depends_on:MBEDTLS_MD_CAN_SHA256 ssl_decrypt_null:MBEDTLS_MD_SHA256 Decrypt null cipher, SHA-384 -depends_on:MBEDTLS_MD_CAN_SHA384 +depends_on:PSA_WANT_ALG_SHA_384 ssl_decrypt_null:MBEDTLS_MD_SHA384 Decrypt CBC !EtM, AES MD5 !trunc, empty plaintext, minpad @@ -111,35 +111,35 @@ depends_on:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_MD_CAN_SHA256 ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:0:255 Decrypt CBC !EtM, AES SHA384 !trunc, empty plaintext, minpad -depends_on:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_MD_CAN_SHA384 +depends_on:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:PSA_WANT_ALG_SHA_384 ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:0:-1 Decrypt CBC !EtM, AES SHA384 !trunc, empty plaintext, maxpad -depends_on:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_MD_CAN_SHA384 +depends_on:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:PSA_WANT_ALG_SHA_384 ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:0:-2 Decrypt CBC !EtM, AES SHA384 !trunc, padlen=0 -depends_on:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_MD_CAN_SHA384 +depends_on:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:PSA_WANT_ALG_SHA_384 ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:0:0 Decrypt CBC !EtM, AES SHA384 !trunc, padlen=240 -depends_on:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_MD_CAN_SHA384 +depends_on:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:PSA_WANT_ALG_SHA_384 ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:0:240 Decrypt CBC !EtM, AES SHA384 !trunc, padlen=1 -depends_on:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_MD_CAN_SHA384 +depends_on:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:PSA_WANT_ALG_SHA_384 ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:0:1 Decrypt CBC !EtM, AES SHA384 !trunc, padlen=241 -depends_on:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_MD_CAN_SHA384 +depends_on:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:PSA_WANT_ALG_SHA_384 ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:0:241 Decrypt CBC !EtM, AES SHA384 !trunc, padlen=15 -depends_on:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_MD_CAN_SHA384 +depends_on:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:PSA_WANT_ALG_SHA_384 ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:0:15 Decrypt CBC !EtM, AES SHA384 !trunc, padlen=255 -depends_on:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_MD_CAN_SHA384 +depends_on:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:PSA_WANT_ALG_SHA_384 ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:0:255 Decrypt CBC !EtM, ARIA MD5 !trunc, empty plaintext, minpad @@ -239,35 +239,35 @@ depends_on:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_MD_CAN_SHA256 ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:0:255 Decrypt CBC !EtM, ARIA SHA384 !trunc, empty plaintext, minpad -depends_on:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_MD_CAN_SHA384 +depends_on:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:PSA_WANT_ALG_SHA_384 ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:0:-1 Decrypt CBC !EtM, ARIA SHA384 !trunc, empty plaintext, maxpad -depends_on:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_MD_CAN_SHA384 +depends_on:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:PSA_WANT_ALG_SHA_384 ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:0:-2 Decrypt CBC !EtM, ARIA SHA384 !trunc, padlen=0 -depends_on:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_MD_CAN_SHA384 +depends_on:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:PSA_WANT_ALG_SHA_384 ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:0:0 Decrypt CBC !EtM, ARIA SHA384 !trunc, padlen=240 -depends_on:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_MD_CAN_SHA384 +depends_on:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:PSA_WANT_ALG_SHA_384 ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:0:240 Decrypt CBC !EtM, ARIA SHA384 !trunc, padlen=1 -depends_on:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_MD_CAN_SHA384 +depends_on:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:PSA_WANT_ALG_SHA_384 ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:0:1 Decrypt CBC !EtM, ARIA SHA384 !trunc, padlen=241 -depends_on:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_MD_CAN_SHA384 +depends_on:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:PSA_WANT_ALG_SHA_384 ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:0:241 Decrypt CBC !EtM, ARIA SHA384 !trunc, padlen=15 -depends_on:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_MD_CAN_SHA384 +depends_on:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:PSA_WANT_ALG_SHA_384 ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:0:15 Decrypt CBC !EtM, ARIA SHA384 !trunc, padlen=255 -depends_on:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_MD_CAN_SHA384 +depends_on:MBEDTLS_SSL_HAVE_ARIA:MBEDTLS_SSL_HAVE_CBC:PSA_WANT_ALG_SHA_384 ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:0:255 Decrypt CBC !EtM, CAMELLIA MD5 !trunc, empty plaintext, minpad @@ -367,33 +367,33 @@ depends_on:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_MD_CAN_SHA256 ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:0:255 Decrypt CBC !EtM, CAMELLIA SHA384 !trunc, empty plaintext, minpad -depends_on:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_MD_CAN_SHA384 +depends_on:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:PSA_WANT_ALG_SHA_384 ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:0:-1 Decrypt CBC !EtM, CAMELLIA SHA384 !trunc, empty plaintext, maxpad -depends_on:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_MD_CAN_SHA384 +depends_on:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:PSA_WANT_ALG_SHA_384 ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:0:-2 Decrypt CBC !EtM, CAMELLIA SHA384 !trunc, padlen=0 -depends_on:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_MD_CAN_SHA384 +depends_on:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:PSA_WANT_ALG_SHA_384 ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:0:0 Decrypt CBC !EtM, CAMELLIA SHA384 !trunc, padlen=240 -depends_on:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_MD_CAN_SHA384 +depends_on:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:PSA_WANT_ALG_SHA_384 ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:0:240 Decrypt CBC !EtM, CAMELLIA SHA384 !trunc, padlen=1 -depends_on:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_MD_CAN_SHA384 +depends_on:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:PSA_WANT_ALG_SHA_384 ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:0:1 Decrypt CBC !EtM, CAMELLIA SHA384 !trunc, padlen=241 -depends_on:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_MD_CAN_SHA384 +depends_on:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:PSA_WANT_ALG_SHA_384 ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:0:241 Decrypt CBC !EtM, CAMELLIA SHA384 !trunc, padlen=15 -depends_on:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_MD_CAN_SHA384 +depends_on:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:PSA_WANT_ALG_SHA_384 ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:0:15 Decrypt CBC !EtM, CAMELLIA SHA384 !trunc, padlen=255 -depends_on:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_MD_CAN_SHA384 +depends_on:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:PSA_WANT_ALG_SHA_384 ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:0:255 diff --git a/tests/suites/test_suite_x509parse.data b/tests/suites/test_suite_x509parse.data index 500c6764d1..3bac0855a2 100644 --- a/tests/suites/test_suite_x509parse.data +++ b/tests/suites/test_suite_x509parse.data @@ -39,7 +39,7 @@ depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_MD_CAN_SHA256 x509_cert_info:"data_files/parse_input/cert_sha256.crt":"cert. version \: 3\nserial number \: 09\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Cert SHA256\nissued on \: 2019-02-10 14\:44\:06\nexpires on \: 2029-02-10 14\:44\:06\nsigned using \: RSA with SHA-256\nRSA key size \: 2048 bits\nbasic constraints \: CA=false\n" X509 CRT information SHA384 Digest -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_MD_CAN_SHA384 +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_384 x509_cert_info:"data_files/parse_input/cert_sha384.crt":"cert. version \: 3\nserial number \: 0A\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Cert SHA384\nissued on \: 2019-02-10 14\:44\:06\nexpires on \: 2029-02-10 14\:44\:06\nsigned using \: RSA with SHA-384\nRSA key size \: 2048 bits\nbasic constraints \: CA=false\n" X509 CRT information SHA512 Digest @@ -59,7 +59,7 @@ depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_MD_CAN_SH x509_cert_info:"data_files/parse_input/server9-sha256.crt":"cert. version \: 3\nserial number \: 18\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nissued on \: 2014-01-20 13\:57\:45\nexpires on \: 2024-01-18 13\:57\:45\nsigned using \: RSASSA-PSS (SHA256, MGF1-SHA256, 0xDE)\nRSA key size \: 1024 bits\nbasic constraints \: CA=false\n" X509 CRT information RSA-PSS, SHA384 Digest -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_MD_CAN_SHA384 +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:PSA_WANT_ALG_SHA_384 x509_cert_info:"data_files/parse_input/server9-sha384.crt":"cert. version \: 3\nserial number \: 19\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nissued on \: 2014-01-20 13\:57\:58\nexpires on \: 2024-01-18 13\:57\:58\nsigned using \: RSASSA-PSS (SHA384, MGF1-SHA384, 0xCE)\nRSA key size \: 1024 bits\nbasic constraints \: CA=false\n" X509 CRT information RSA-PSS, SHA512 Digest @@ -79,7 +79,7 @@ depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_HAVE_SECP25 x509_cert_info:"data_files/parse_input/server5.crt":"cert. version \: 3\nserial number \: 09\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nissued on \: 2013-09-24 15\:52\:04\nexpires on \: 2023-09-22 15\:52\:04\nsigned using \: ECDSA with SHA256\nEC key size \: 256 bits\nbasic constraints \: CA=false\n" X509 CRT information EC, SHA384 Digest -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_MD_CAN_SHA384 +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_HAVE_SECP256R1:PSA_WANT_ALG_SHA_384 x509_cert_info:"data_files/parse_input/server5-sha384.crt":"cert. version \: 3\nserial number \: 14\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nissued on \: 2013-09-24 16\:21\:27\nexpires on \: 2023-09-22 16\:21\:27\nsigned using \: ECDSA with SHA384\nEC key size \: 256 bits\nbasic constraints \: CA=false\n" X509 CRT information EC, SHA512 Digest @@ -259,7 +259,7 @@ depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD_CAN_SHA256:MBEDTLS_RSA_C mbedtls_x509_crl_info:"data_files/parse_input/crl_sha256.pem":"CRL version \: 1\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2011-02-12 14\:44\:07\nnext update \: 2011-04-13 14\:44\:07\nRevoked certificates\:\nserial number\: 01 revocation date\: 2011-02-12 14\:44\:07\nserial number\: 03 revocation date\: 2011-02-12 14\:44\:07\nsigned using \: RSA with SHA-256\n" X509 CRL Information SHA384 Digest -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_RSA_C +depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_384:MBEDTLS_RSA_C mbedtls_x509_crl_info:"data_files/parse_input/crl_sha384.pem":"CRL version \: 1\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2011-02-12 14\:44\:07\nnext update \: 2011-04-13 14\:44\:07\nRevoked certificates\:\nserial number\: 01 revocation date\: 2011-02-12 14\:44\:07\nserial number\: 03 revocation date\: 2011-02-12 14\:44\:07\nsigned using \: RSA with SHA-384\n" X509 CRL Information SHA512 Digest @@ -279,7 +279,7 @@ depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_MD_CAN_SH mbedtls_x509_crl_info:"data_files/parse_input/crl-rsa-pss-sha256.pem":"CRL version \: 2\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2014-01-20 13\:56\:16\nnext update \: 2024-01-18 13\:56\:16\nRevoked certificates\:\nserial number\: 0A revocation date\: 2013-09-24 16\:28\:38\nserial number\: 16 revocation date\: 2014-01-20 13\:43\:05\nsigned using \: RSASSA-PSS (SHA256, MGF1-SHA256, 0xDE)\n" X509 CRL information RSA-PSS, SHA384 Digest -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_MD_CAN_SHA384 +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:PSA_WANT_ALG_SHA_384 mbedtls_x509_crl_info:"data_files/parse_input/crl-rsa-pss-sha384.pem":"CRL version \: 2\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2014-01-20 13\:56\:28\nnext update \: 2024-01-18 13\:56\:28\nRevoked certificates\:\nserial number\: 0A revocation date\: 2013-09-24 16\:28\:38\nserial number\: 16 revocation date\: 2014-01-20 13\:43\:05\nsigned using \: RSASSA-PSS (SHA384, MGF1-SHA384, 0xCE)\n" X509 CRL information RSA-PSS, SHA512 Digest @@ -299,7 +299,7 @@ depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD_CAN_SHA256:MBEDTLS_PK_CAN_ECDSA_SOME mbedtls_x509_crl_info:"data_files/parse_input/crl-ec-sha256.pem":"CRL version \: 2\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nthis update \: 2013-09-24 16\:31\:08\nnext update \: 2023-09-22 16\:31\:08\nRevoked certificates\:\nserial number\: 0A revocation date\: 2013-09-24 16\:28\:38\nsigned using \: ECDSA with SHA256\n" X509 CRL Information EC, SHA384 Digest -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PK_CAN_ECDSA_SOME +depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_384:MBEDTLS_PK_CAN_ECDSA_SOME mbedtls_x509_crl_info:"data_files/parse_input/crl-ec-sha384.pem":"CRL version \: 2\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nthis update \: 2013-09-24 16\:31\:08\nnext update \: 2023-09-22 16\:31\:08\nRevoked certificates\:\nserial number\: 0A revocation date\: 2013-09-24 16\:28\:38\nsigned using \: ECDSA with SHA384\n" X509 CRL Information EC, SHA512 Digest @@ -335,7 +335,7 @@ depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD_CAN_SHA256:MBEDTLS_RSA_C:!MBEDTLS_X509 mbedtls_x509_csr_info:"data_files/parse_input/server1.req.sha256":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Server 1\nsigned using \: RSA with SHA-256\nRSA key size \: 2048 bits\n" X509 CSR Information RSA with SHA384 -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_RSA_C:!MBEDTLS_X509_REMOVE_INFO +depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_384:MBEDTLS_RSA_C:!MBEDTLS_X509_REMOVE_INFO mbedtls_x509_csr_info:"data_files/parse_input/server1.req.sha384":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Server 1\nsigned using \: RSA with SHA-384\nRSA key size \: 2048 bits\n" X509 CSR Information RSA with SHA512 @@ -359,7 +359,7 @@ depends_on:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_HAVE_SECP25 mbedtls_x509_csr_info:"data_files/parse_input/server5.req.sha256":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nsigned using \: ECDSA with SHA256\nEC key size \: 256 bits\n\nkey usage \: Digital Signature, Non Repudiation, Key Encipherment\n" X509 CSR Information EC with SHA384 -depends_on:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_MD_CAN_SHA384:!MBEDTLS_X509_REMOVE_INFO +depends_on:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_HAVE_SECP256R1:PSA_WANT_ALG_SHA_384:!MBEDTLS_X509_REMOVE_INFO mbedtls_x509_csr_info:"data_files/parse_input/server5.req.sha384":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nsigned using \: ECDSA with SHA384\nEC key size \: 256 bits\n\nkey usage \: Digital Signature, Non Repudiation, Key Encipherment\n" X509 CSR Information EC with SHA512 @@ -379,7 +379,7 @@ depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_MD_CAN_SH mbedtls_x509_csr_info:"data_files/parse_input/server9.req.sha256":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nsigned using \: RSASSA-PSS (SHA256, MGF1-SHA256, 0x5E)\nRSA key size \: 1024 bits\n\nkey usage \: Digital Signature, Non Repudiation, Key Encipherment\n" X509 CSR Information RSA-PSS with SHA384 -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_MD_CAN_SHA384:!MBEDTLS_X509_REMOVE_INFO +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:PSA_WANT_ALG_SHA_384:!MBEDTLS_X509_REMOVE_INFO mbedtls_x509_csr_info:"data_files/parse_input/server9.req.sha384":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nsigned using \: RSASSA-PSS (SHA384, MGF1-SHA384, 0x4E)\nRSA key size \: 1024 bits\n\nkey usage \: Digital Signature, Non Repudiation, Key Encipherment\n" X509 CSR Information RSA-PSS with SHA512 @@ -688,7 +688,7 @@ depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS x509_verify:"data_files/cert_sha256.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":0:0:"compat":"NULL" X509 CRT verification #17 (Valid Cert SHA384 Digest) -depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 +depends_on:PSA_WANT_ALG_SHA_384:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 x509_verify:"data_files/cert_sha384.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":0:0:"compat":"NULL" X509 CRT verification #18 (Valid Cert SHA512 Digest) @@ -776,7 +776,7 @@ depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_MD_CAN_SHA256 x509_verify:"data_files/server5-sha224.crt":"data_files/test-ca2.crt":"data_files/crl-ec-sha256.pem":"NULL":0:0:"compat":"NULL" X509 CRT verification #38 (Valid, EC CA, SHA384 Digest) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_MD_CAN_SHA256:MBEDTLS_MD_CAN_SHA384:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1 +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_MD_CAN_SHA256:PSA_WANT_ALG_SHA_384:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1 x509_verify:"data_files/server5-sha384.crt":"data_files/test-ca2.crt":"data_files/crl-ec-sha256.pem":"NULL":0:0:"compat":"NULL" X509 CRT verification #39 (Valid, EC CA, SHA512 Digest) @@ -868,7 +868,7 @@ depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_MD_CAN_SH x509_verify:"data_files/server9-sha256.crt":"data_files/test-ca.crt":"data_files/crl-rsa-pss-sha256.pem":"NULL":0:0:"compat":"NULL" X509 CRT verification #60 (Valid, RSASSA-PSS, SHA-384) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_MD_CAN_SHA384:MBEDTLS_MD_CAN_SHA1 +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:PSA_WANT_ALG_SHA_384:MBEDTLS_MD_CAN_SHA1 x509_verify:"data_files/server9-sha384.crt":"data_files/test-ca.crt":"data_files/crl-rsa-pss-sha384.pem":"NULL":0:0:"compat":"NULL" X509 CRT verification #61 (Valid, RSASSA-PSS, SHA-512) diff --git a/tests/suites/test_suite_x509write.data b/tests/suites/test_suite_x509write.data index 5c6a9032d0..0d816553ba 100644 --- a/tests/suites/test_suite_x509write.data +++ b/tests/suites/test_suite_x509write.data @@ -11,7 +11,7 @@ depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 x509_csr_check:"data_files/server1.key":"data_files/server1.req.sha256":MBEDTLS_MD_SHA256:0:0:0:0:0 Certificate Request check Server1 SHA384 -depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 +depends_on:PSA_WANT_ALG_SHA_384:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 x509_csr_check:"data_files/server1.key":"data_files/server1.req.sha384":MBEDTLS_MD_SHA384:0:0:0:0:0 Certificate Request check Server1 SHA512 From cf5e3dd9f0081b93345880a1e059cec2f58e0466 Mon Sep 17 00:00:00 2001 From: Elena Uziunaite Date: Wed, 26 Jun 2024 10:49:49 +0100 Subject: [PATCH 426/429] Replace MBEDTLS_MD_CAN_SHA384 in md.h and ssl.h Signed-off-by: Elena Uziunaite --- include/mbedtls/ssl.h | 4 ++-- tf-psa-crypto/drivers/builtin/include/mbedtls/md.h | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index 4b59e78532..3781b514d4 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -644,7 +644,7 @@ #if defined(MBEDTLS_SSL_PROTO_TLS1_3) && \ defined(MBEDTLS_SSL_SESSION_TICKETS) && \ defined(MBEDTLS_SSL_HAVE_AES) && defined(MBEDTLS_SSL_HAVE_GCM) && \ - defined(MBEDTLS_MD_CAN_SHA384) + defined(PSA_WANT_ALG_SHA_384) #define MBEDTLS_PSK_MAX_LEN 48 /* 384 bits */ #else #define MBEDTLS_PSK_MAX_LEN 32 /* 256 bits */ @@ -1156,7 +1156,7 @@ typedef void mbedtls_ssl_async_cancel_t(mbedtls_ssl_context *ssl); #if defined(MBEDTLS_MD_CAN_SHA256) #define MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_TYPE MBEDTLS_MD_SHA256 #define MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_LEN 32 -#elif defined(MBEDTLS_MD_CAN_SHA384) +#elif defined(PSA_WANT_ALG_SHA_384) #define MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_TYPE MBEDTLS_MD_SHA384 #define MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_LEN 48 #elif defined(MBEDTLS_MD_CAN_SHA1) diff --git a/tf-psa-crypto/drivers/builtin/include/mbedtls/md.h b/tf-psa-crypto/drivers/builtin/include/mbedtls/md.h index 478e9f7667..32416fba6d 100644 --- a/tf-psa-crypto/drivers/builtin/include/mbedtls/md.h +++ b/tf-psa-crypto/drivers/builtin/include/mbedtls/md.h @@ -69,7 +69,7 @@ typedef enum { */ #if defined(MBEDTLS_MD_CAN_SHA512) || defined(MBEDTLS_MD_CAN_SHA3_512) #define MBEDTLS_MD_MAX_SIZE 64 /* longest known is SHA512 */ -#elif defined(MBEDTLS_MD_CAN_SHA384) || defined(MBEDTLS_MD_CAN_SHA3_384) +#elif defined(PSA_WANT_ALG_SHA_384) || defined(MBEDTLS_MD_CAN_SHA3_384) #define MBEDTLS_MD_MAX_SIZE 48 /* longest known is SHA384 */ #elif defined(MBEDTLS_MD_CAN_SHA256) || defined(MBEDTLS_MD_CAN_SHA3_256) #define MBEDTLS_MD_MAX_SIZE 32 /* longest known is SHA256 */ @@ -84,7 +84,7 @@ typedef enum { #define MBEDTLS_MD_MAX_BLOCK_SIZE 144 /* the longest known is SHA3-224 */ #elif defined(MBEDTLS_MD_CAN_SHA3_256) #define MBEDTLS_MD_MAX_BLOCK_SIZE 136 -#elif defined(MBEDTLS_MD_CAN_SHA512) || defined(MBEDTLS_MD_CAN_SHA384) +#elif defined(MBEDTLS_MD_CAN_SHA512) || defined(PSA_WANT_ALG_SHA_384) #define MBEDTLS_MD_MAX_BLOCK_SIZE 128 #elif defined(MBEDTLS_MD_CAN_SHA3_384) #define MBEDTLS_MD_MAX_BLOCK_SIZE 104 From 3a994b7dbef99db03535bcee5c8316129ea23c25 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Wed, 3 Jul 2024 16:58:10 +0200 Subject: [PATCH 427/429] tests_suite_debug: fix psa initialization Since MD_OR_USE_PSA_INIT() can fail and jump to the "exit" label it should be placed after all initializations has been done. This issue was discovered by Coverity testing. Signed-off-by: Valerio Setti --- tests/suites/test_suite_debug.function | 12 ++++-------- 1 file changed, 4 insertions(+), 8 deletions(-) diff --git a/tests/suites/test_suite_debug.function b/tests/suites/test_suite_debug.function index 982be3c6e5..5cd02b95a2 100644 --- a/tests/suites/test_suite_debug.function +++ b/tests/suites/test_suite_debug.function @@ -59,10 +59,9 @@ void debug_print_msg_threshold(int threshold, int level, char *file, mbedtls_ssl_config conf; struct buffer_data buffer; - MD_OR_USE_PSA_INIT(); - mbedtls_ssl_init(&ssl); mbedtls_ssl_config_init(&conf); + MD_OR_USE_PSA_INIT(); memset(buffer.buf, 0, 2000); buffer.ptr = buffer.buf; @@ -98,10 +97,9 @@ void mbedtls_debug_print_ret(char *file, int line, char *text, int value, mbedtls_ssl_config conf; struct buffer_data buffer; - MD_OR_USE_PSA_INIT(); - mbedtls_ssl_init(&ssl); mbedtls_ssl_config_init(&conf); + MD_OR_USE_PSA_INIT(); memset(buffer.buf, 0, 2000); buffer.ptr = buffer.buf; @@ -134,10 +132,9 @@ void mbedtls_debug_print_buf(char *file, int line, char *text, mbedtls_ssl_config conf; struct buffer_data buffer; - MD_OR_USE_PSA_INIT(); - mbedtls_ssl_init(&ssl); mbedtls_ssl_config_init(&conf); + MD_OR_USE_PSA_INIT(); memset(buffer.buf, 0, 2000); buffer.ptr = buffer.buf; @@ -211,11 +208,10 @@ void mbedtls_debug_print_mpi(char *value, char *file, int line, struct buffer_data buffer; mbedtls_mpi val; - MD_OR_USE_PSA_INIT(); - mbedtls_ssl_init(&ssl); mbedtls_ssl_config_init(&conf); mbedtls_mpi_init(&val); + MD_OR_USE_PSA_INIT(); memset(buffer.buf, 0, 2000); buffer.ptr = buffer.buf; From e8cd45ca6565bc2a19989969cc8d29219b8b8836 Mon Sep 17 00:00:00 2001 From: Elena Uziunaite Date: Fri, 31 May 2024 11:50:55 +0100 Subject: [PATCH 428/429] Replace MBEDTLS_MD_CAN_SHA3_512 with PSA_WANT_ALG_SHA3_512 Signed-off-by: Elena Uziunaite --- library/md.c | 8 +++--- library/oid.c | 6 ++--- tests/suites/test_suite_hmac_drbg.misc.data | 8 +++--- tests/suites/test_suite_md.data | 30 ++++++++++----------- tests/suites/test_suite_oid.data | 4 +-- 5 files changed, 28 insertions(+), 28 deletions(-) diff --git a/library/md.c b/library/md.c index 697725f821..27f9b03a4c 100644 --- a/library/md.c +++ b/library/md.c @@ -130,7 +130,7 @@ static const mbedtls_md_info_t mbedtls_sha3_384_info = { }; #endif -#if defined(MBEDTLS_MD_CAN_SHA3_512) +#if defined(PSA_WANT_ALG_SHA3_512) static const mbedtls_md_info_t mbedtls_sha3_512_info = { MD_INFO(MBEDTLS_MD_SHA3_512, 64, 72) }; @@ -179,7 +179,7 @@ const mbedtls_md_info_t *mbedtls_md_info_from_type(mbedtls_md_type_t md_type) case MBEDTLS_MD_SHA3_384: return &mbedtls_sha3_384_info; #endif -#if defined(MBEDTLS_MD_CAN_SHA3_512) +#if defined(PSA_WANT_ALG_SHA3_512) case MBEDTLS_MD_SHA3_512: return &mbedtls_sha3_512_info; #endif @@ -820,7 +820,7 @@ static const int supported_digests[] = { MBEDTLS_MD_SHA3_384, #endif -#if defined(MBEDTLS_MD_CAN_SHA3_512) +#if defined(PSA_WANT_ALG_SHA3_512) MBEDTLS_MD_SHA3_512, #endif @@ -869,7 +869,7 @@ static const md_name_entry md_names[] = { #if defined(MBEDTLS_MD_CAN_SHA3_384) { "SHA3-384", MBEDTLS_MD_SHA3_384 }, #endif -#if defined(MBEDTLS_MD_CAN_SHA3_512) +#if defined(PSA_WANT_ALG_SHA3_512) { "SHA3-512", MBEDTLS_MD_SHA3_512 }, #endif { NULL, MBEDTLS_MD_NONE }, diff --git a/library/oid.c b/library/oid.c index 8912722db7..3275395cd7 100644 --- a/library/oid.c +++ b/library/oid.c @@ -779,7 +779,7 @@ static const oid_md_alg_t oid_md_alg[] = MBEDTLS_MD_SHA3_384, }, #endif -#if defined(MBEDTLS_MD_CAN_SHA3_512) +#if defined(PSA_WANT_ALG_SHA3_512) { OID_DESCRIPTOR(MBEDTLS_OID_DIGEST_ALG_SHA3_512, "id-sha3-512", "SHA-3-512"), MBEDTLS_MD_SHA3_512, @@ -857,12 +857,12 @@ static const oid_md_hmac_t oid_md_hmac[] = MBEDTLS_MD_SHA3_384, }, #endif /* MBEDTLS_MD_CAN_SHA3_384 */ -#if defined(MBEDTLS_MD_CAN_SHA3_512) +#if defined(PSA_WANT_ALG_SHA3_512) { OID_DESCRIPTOR(MBEDTLS_OID_HMAC_SHA3_512, "hmacSHA3-512", "HMAC-SHA3-512"), MBEDTLS_MD_SHA3_512, }, -#endif /* MBEDTLS_MD_CAN_SHA3_512 */ +#endif /* PSA_WANT_ALG_SHA3_512 */ #if defined(PSA_WANT_ALG_RIPEMD160) { OID_DESCRIPTOR(MBEDTLS_OID_HMAC_RIPEMD160, "hmacRIPEMD160", "HMAC-RIPEMD160"), diff --git a/tests/suites/test_suite_hmac_drbg.misc.data b/tests/suites/test_suite_hmac_drbg.misc.data index b305473389..b9d9d2f00e 100644 --- a/tests/suites/test_suite_hmac_drbg.misc.data +++ b/tests/suites/test_suite_hmac_drbg.misc.data @@ -31,7 +31,7 @@ depends_on:MBEDTLS_MD_CAN_SHA3_384 hmac_drbg_entropy_usage:MBEDTLS_MD_SHA3_384 HMAC_DRBG entropy usage SHA3-512 -depends_on:MBEDTLS_MD_CAN_SHA3_512 +depends_on:PSA_WANT_ALG_SHA3_512 hmac_drbg_entropy_usage:MBEDTLS_MD_SHA3_512 HMAC_DRBG write/update seed file SHA-1 [#1] @@ -99,11 +99,11 @@ depends_on:MBEDTLS_MD_CAN_SHA3_384 hmac_drbg_seed_file:MBEDTLS_MD_SHA3_384:"no_such_dir/file":MBEDTLS_ERR_HMAC_DRBG_FILE_IO_ERROR HMAC_DRBG write/update seed file SHA3-512 [#1] -depends_on:MBEDTLS_MD_CAN_SHA3_512 +depends_on:PSA_WANT_ALG_SHA3_512 hmac_drbg_seed_file:MBEDTLS_MD_SHA3_512:"data_files/hmac_drbg_seed":0 HMAC_DRBG write/update seed file SHA3-512 [#2] -depends_on:MBEDTLS_MD_CAN_SHA3_512 +depends_on:PSA_WANT_ALG_SHA3_512 hmac_drbg_seed_file:MBEDTLS_MD_SHA3_512:"no_such_dir/file":MBEDTLS_ERR_HMAC_DRBG_FILE_IO_ERROR HMAC_DRBG from buffer SHA-1 @@ -139,7 +139,7 @@ depends_on:MBEDTLS_MD_CAN_SHA3_384 hmac_drbg_buf:MBEDTLS_MD_SHA3_384 HMAC_DRBG from buffer SHA3-512 -depends_on:MBEDTLS_MD_CAN_SHA3_512 +depends_on:PSA_WANT_ALG_SHA3_512 hmac_drbg_buf:MBEDTLS_MD_SHA3_512 HMAC_DRBG self test diff --git a/tests/suites/test_suite_md.data b/tests/suites/test_suite_md.data index 13efacaf59..803af21df9 100644 --- a/tests/suites/test_suite_md.data +++ b/tests/suites/test_suite_md.data @@ -49,7 +49,7 @@ depends_on:MBEDTLS_MD_CAN_SHA3_384 md_info:MBEDTLS_MD_SHA3_384:"SHA3-384":48 Information on SHA3-512 -depends_on:MBEDTLS_MD_CAN_SHA3_512 +depends_on:PSA_WANT_ALG_SHA3_512 md_info:MBEDTLS_MD_SHA3_512:"SHA3-512":64 generic mbedtls_md5 Test vector RFC1321 #1 @@ -125,7 +125,7 @@ depends_on:MBEDTLS_MD_CAN_SHA3_384 md_hex:MBEDTLS_MD_SHA3_384:"80":"7541384852e10ff10d5fb6a7213a4a6c15ccc86d8bc1068ac04f69277142944f4ee50d91fdc56553db06b2f5039c8ab7" generic mbedtls_sha3 SHA3-512 Test vector from CAVS 19.0 with Len = 8 -depends_on:MBEDTLS_MD_CAN_SHA3_512 +depends_on:PSA_WANT_ALG_SHA3_512 md_hex:MBEDTLS_MD_SHA3_512:"e5":"150240baf95fb36f8ccb87a19a41767e7aed95125075a2b2dbba6e565e1ce8575f2b042b62e29a04e9440314a821c6224182964d8b557b16a492b3806f4c39c1" generic HMAC-MD5 Hash File OpenSSL test #1 @@ -273,7 +273,7 @@ depends_on:MBEDTLS_MD_CAN_SHA3_384 md_hex_multi:MBEDTLS_MD_SHA3_384:"5a6659e9f0e7":"21b1f3f63b907f968821185a7fe30b16d47e1d6ee5b9c80be68947854de7a8ef4a03a6b2e4ec96abdd4fa29ab9796f28" generic multi step mbedtls_sha3 SHA3-512 Test vector from CAVS 19.0 with Len = 48 -depends_on:MBEDTLS_MD_CAN_SHA3_512 +depends_on:PSA_WANT_ALG_SHA3_512 md_hex_multi:MBEDTLS_MD_SHA3_512:"71a986d2f662":"def6aac2b08c98d56a0501a8cb93f5b47d6322daf99e03255457c303326395f765576930f8571d89c01e727cc79c2d4497f85c45691b554e20da810c2bc865ef" generic multi step HMAC-MD5 Hash File OpenSSL test #1 @@ -573,19 +573,19 @@ depends_on:MBEDTLS_MD_CAN_SHA3_384 mbedtls_md_hmac:MBEDTLS_MD_SHA3_384:24:"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f":"53616d706c65206d65737361676520666f72206b65796c656e3c626c6f636b6c656e2c2077697468207472756e636174656420746167":"25f4bf53606e91af79d24a4bb1fd6aecd44414a30c8ebb0a" HMAC-SHA3-512: NIST example #1: keylenblocklen -depends_on:MBEDTLS_MD_CAN_SHA3_512 +depends_on:PSA_WANT_ALG_SHA3_512 mbedtls_md_hmac:MBEDTLS_MD_SHA3_512:64:"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f8081828384858687":"53616d706c65206d65737361676520666f72206b65796c656e3e626c6f636b6c656e":"5f464f5e5b7848e3885e49b2c385f0694985d0e38966242dc4a5fe3fea4b37d46b65ceced5dcf59438dd840bab22269f0ba7febdb9fcf74602a35666b2a32915" HMAC-SHA3-512: NIST example #4: keylenblocklen -depends_on:MBEDTLS_MD_CAN_SHA3_512 +depends_on:PSA_WANT_ALG_SHA3_512 md_hmac_multi:MBEDTLS_MD_SHA3_512:64:"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f8081828384858687":"53616d706c65206d65737361676520666f72206b65796c656e3e626c6f636b6c656e":"5f464f5e5b7848e3885e49b2c385f0694985d0e38966242dc4a5fe3fea4b37d46b65ceced5dcf59438dd840bab22269f0ba7febdb9fcf74602a35666b2a32915" HMAC-SHA3-512 multi-step: NIST example #4: keylen Date: Wed, 26 Jun 2024 13:52:05 +0100 Subject: [PATCH 429/429] Replace MBEDTLS_MD_CAN_SHA3_512 in md.h Signed-off-by: Elena Uziunaite --- tf-psa-crypto/drivers/builtin/include/mbedtls/md.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tf-psa-crypto/drivers/builtin/include/mbedtls/md.h b/tf-psa-crypto/drivers/builtin/include/mbedtls/md.h index bbf4ec02d5..7a66029fdd 100644 --- a/tf-psa-crypto/drivers/builtin/include/mbedtls/md.h +++ b/tf-psa-crypto/drivers/builtin/include/mbedtls/md.h @@ -67,7 +67,7 @@ typedef enum { * and legacy, then assume the buffer's size is PSA_HASH_MAX_SIZE in another * part of the code based on PSA. */ -#if defined(MBEDTLS_MD_CAN_SHA512) || defined(MBEDTLS_MD_CAN_SHA3_512) +#if defined(MBEDTLS_MD_CAN_SHA512) || defined(PSA_WANT_ALG_SHA3_512) #define MBEDTLS_MD_MAX_SIZE 64 /* longest known is SHA512 */ #elif defined(MBEDTLS_MD_CAN_SHA384) || defined(MBEDTLS_MD_CAN_SHA3_384) #define MBEDTLS_MD_MAX_SIZE 48 /* longest known is SHA384 */ @@ -88,7 +88,7 @@ typedef enum { #define MBEDTLS_MD_MAX_BLOCK_SIZE 128 #elif defined(MBEDTLS_MD_CAN_SHA3_384) #define MBEDTLS_MD_MAX_BLOCK_SIZE 104 -#elif defined(MBEDTLS_MD_CAN_SHA3_512) +#elif defined(PSA_WANT_ALG_SHA3_512) #define MBEDTLS_MD_MAX_BLOCK_SIZE 72 #else #define MBEDTLS_MD_MAX_BLOCK_SIZE 64