From a2b41598d67b3e318bf5e678dfeb99611c88ed59 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 24 Jan 2022 14:52:59 +0100 Subject: [PATCH 001/328] Draft specification for key derivation Pass all the initial inputs in a single structure. It's impossible to pass the inputs as soon as the application makes them available because the core cannot know which driver to call until it receives the SECRET input. Do support hiding the key material inside a secure element if the relevant driver has all the requisite entry points. Do cooked key derivation (i.e. derivation of non-raw keys) and key agreement separately. Signed-off-by: Gilles Peskine --- docs/proposed/psa-driver-interface.md | 267 ++++++++++++++++++++++++-- 1 file changed, 250 insertions(+), 17 deletions(-) diff --git a/docs/proposed/psa-driver-interface.md b/docs/proposed/psa-driver-interface.md index 125a415f46..c12e01065c 100644 --- a/docs/proposed/psa-driver-interface.md +++ b/docs/proposed/psa-driver-interface.md @@ -297,25 +297,251 @@ TODO TODO -#### Operation family `"key_derivation"` +### Driver entry points for key derivation -This family requires the following type and entry points: +Key derivation is more complex than other multipart operations due to the multiplicity of inputs and outputs, to the fact that multiple drivers can be involved (key agreement and subsequent key derivation accelerator, opaque driver for the secret key and for derived keys), and because the involvement of an opaque driver cannot be determined as soon as the operation is set up (since `psa_key_derivation_setup()` does not determine the key input). -* Type `"key_derivation_operation_t"`: the type of a key derivation operation context. -* `"key_derivation_setup"`: called by `psa_key_derivation_setup()`. -* `"key_derivation_set_capacity"`: called by `psa_key_derivation_set_capacity()`. The core will always enforce the capacity, therefore this function does not need to do anything for algorithms where the output stream only depends on the effective generated length and not on the capacity. -* `"key_derivation_input_bytes"`: called by `psa_key_derivation_input_bytes()` and `psa_key_derivation_input_key()`. For transparent drivers, when processing a call to `psa_key_derivation_input_key()`, the core always calls the applicable driver's `"key_derivation_input_bytes"` entry point. -* `"key_derivation_input_integer"`: called by `psa_key_derivation_input_integer()`. -* `"key_derivation_input_key"` (opaque drivers only) -* `"key_derivation_output_bytes"`: called by `psa_key_derivation_output_bytes()`; also by `psa_key_derivation_output_key()` for transparent drivers. -* `"key_derivation_output_key"`: called by `psa_key_derivation_output_key()` for transparent drivers when deriving an asymmetric key pair, and also for opaque drivers. -* `"key_derivation_verify_bytes"` (opaque drivers only). -* `"key_derivation_verify_key"` (opaque drivers only). -* `"key_derivation_abort"`: called by all key derivation functions of the PSA Cryptography API. +#### Key derivation driver dispatch logic -TODO: key input and output for opaque drivers; deterministic key generation for transparent drivers +The core decides whether to dispatch a key derivation operation to a driver based on the location of the input step `PSA_KEY_DERIVATION_INPUT_SECRET`. -TODO +1. If this step is passed via `psa_key_derivation_input_key()` for a key in a secure element: + * If the driver for this secure element implements the `"key_derivation"` family for the specified key type and algorithm, the core calls that driver's `"key_derivation_setup"` and subsequent entry points. + * Otherwise the core calls the secure element driver's [`"export_key"`](#key-management-with-opaque-drivers) entry point. +2. Otherwise ([or on fallback?](#fallback-for-key-derivation-in-opaque-drivers)), if there is a transparent driver for the specified key type and algorithm, the core calls that driver's `"key_derivation_setup"` and subsequent entry points. +3. Otherwise, or on fallback, the core uses its built-in implementation. + +#### Summary of entry points for the operation family `"key_derivation"` + +A key derivation driver has the following entry points: + +* `"key_derivation_setup"` (mandatory): always the first entry point to be called. This entry point provides the [initial inputs](#key-derivation-driver-initial-inputs). See [“Key derivation driver setup”](#key-derivation-driver-setup). +* `"key_derivation_input_step"` (optional): provide an extra input for the key derivation. This entry point is only mandatory in drivers that support algorithms that have extra inputs. See [“Key derivation driver extra inputs”](#key-derivation-driver-inputs). +* `"key_derivation_output_bytes"` (mandatory): derive cryptographic material and output it. See [“Key derivation driver outputs”](#key-derivation-driver-outputs). +* `"key_derivation_derive_key"`, `"key_derivation_verify_bytes"`, `"key_derivation_verify_key"` (optional, opaque drivers only): derive key material which remains inside the same secure element. See [“Key derivation driver outputs”](#key-derivation-driver-outputs). +* `"key_derivation_set_capacity"` (mandatory for opaque drivers that implement `"key_derivation_output_bytes"` for non-raw-data key types): update the capacity policy on the operation. See [“Key derivation driver operation capacity”](#key-derivation-driver-operation-capacity). +* `"key_derivation_abort"` (mandatory): always the last entry point to be called. + +For naming purposes, here and in the following subsection, this specification takes the example of a driver with the prefix `"acme"` that implements the `"key_derivation"` entry point family with a capability that does not use the `"names"` property to declare different type and entry point names. Such a driver must implement the following type and functions, as well as the entry points listed above and described in the following subsections: +``` +typedef ... acme_key_derivation_operation_t; +psa_status_t acme_hash_abort(acme_key_derivation_operation_t *operation); +``` + +#### Key derivation driver initial inputs + +The core conveys the initial inputs for a key derivation via an opaque data structure of type `psa_crypto_driver_key_derivation_inputs_t`. + +``` +typedef ... psa_crypto_driver_key_derivation_inputs_t; // implementation-specific type +``` + +A driver receiving an argument that points to a `psa_crypto_driver_key_derivation_inputs_t` can retrieve its content using the following functions. + +``` +psa_status_t psa_crypto_driver_key_derivation_get_input_size( + const psa_crypto_driver_key_derivation_inputs_t *inputs, + psa_key_derivation_step_t step, + size_t *size); +psa_status_t psa_crypto_driver_key_derivation_get_input_bytes( + const psa_crypto_driver_key_derivation_inputs_t *inputs, + psa_key_derivation_step_t step, + uint8_t *output, size_t output_size, size_t *output_length); +psa_status_t psa_crypto_driver_key_derivation_get_input_key( + const psa_crypto_driver_key_derivation_inputs_t *inputs, + psa_key_derivation_step_t step, + uint8_t** p_key_buffer, size_t *key_buffer_size); +psa_status_t psa_crypto_driver_key_derivation_get_input_integer( + const psa_crypto_driver_key_derivation_inputs_t *inputs, + psa_key_derivation_step_t step, + uint64_t *value); +``` + +These functions take the following parameters: + +* The first parameter `inputs` must be a pointer passed by the core to a key derivation driver setup entry points which has not returned yet. +* The `step` parameter indicates the input step whose content the driver wants to retrieve. The type of the input step must be compatible with the function: + * `psa_crypto_driver_key_derivation_get_input_integer` for integer inputs (steps that the application passes with `psa_key_derivation_input_integer()`). + * `psa_crypto_driver_key_derivation_get_input_size` and `psa_crypto_driver_key_derivation_get_input_bytes` for data inputs (steps that the application passes with `psa_key_derivation_input_bytes()` or `psa_key_derivation_input_key()`, excluding key inputs from the same secure element). + * `psa_crypto_driver_key_derivation_get_input_key` for key inputs (steps that the application passes with `psa_key_derivation_input_key()`, only for secure element drivers receiving a key from the same secure element). +* On a successful invocation of `psa_crypto_driver_key_derivation_get_input_size`, the core sets `*size` to the size of the desired input in bytes. +* On a successful invocation of `psa_crypto_driver_key_derivation_get_input_bytes`, the core fills the first *N* bytes of `output` with the desired input and sets `*output_length` to *N*, where *N* is the length of the input in bytes. The value of `output_size` must be at least *N*, otherwise this function fails with the status `PSA_ERROR_BUFFER_TOO_SMALL`. +* On a successful invocation of `psa_crypto_driver_key_derivation_get_input_key`, the core sets `*key_buffer` to a pointer to a buffer containing the key context and `*key_buffer_size` to the size of the key context in bytes. The key context buffer remains valid for the duration of the driver entry point. If the driver needs to access the key context after the current entry point returns, it must make a copy of the key context. +* On a successful invocation of `psa_crypto_driver_key_derivation_get_input_integer`, the core sets `*value` to the value of the desired input. + +These functions can return the following statuses: + +* `PSA_SUCCESS`: the call succeeded and the desired value has been copied to the output parameter. +* `PSA_ERROR_INSUFFICIENT_DATA`: the driver called `psa_crypto_driver_key_derivation_get_input_key` on a data input step which is available as a bytes input, or the driver called ``psa_crypto_driver_key_derivation_get_input_size` or `psa_crypto_driver_key_derivation_get_input_bytes` on a data input step which is available as a key input. This is not a fatal error and the driver is expected to call the appropriate function(s) instead. +* `PSA_ERROR_DOES_NOT_EXIST`: the input step, is valid for this particular algorithm, but it is not part of the initial inputs. This is not a fatal error. The driver will receive the input later as a [long input](#key-derivation-driver-extra-inputs). +* `PSA_ERROR_INVALID_ARGUMENT`: the input step is not valid for this particular algorithm, or the type of the input step is not suitable for this function. This is not a fatal error and the driver can, for example, subsequently call the appropriate function on the same step. +* `PSA_ERROR_BUFFER_TOO_SMALL` (`psa_crypto_driver_key_derivation_get_input_bytes` only): the output buffer is too small. This is not a fatal error and the driver can, for example, subsequently call the same function again with a larger buffer. Call `psa_crypto_driver_key_derivation_get_input_size` to obtain the required size. +* The core may return other errors such as `PSA_ERROR_CORRUPTION_DETECTED` or `PSA_ERROR_COMMUNICATION_FAILURE` to convey implementation-specific error conditions. Portable drivers should treat such conditions as fatal errors. + +#### Key derivation driver setup + +A key derivation driver must implement the following entry point: +``` +psa_status_t acme_key_derivation_setup( + acme_key_derivation_operation_t *operation, + psa_algorithm_t alg, + const psa_crypto_driver_key_derivation_inputs_t *inputs); +``` + +* `operation` is a zero-initialized operation object. +* `alg` is the algorithm for the key derivation operation. It does not include a key agreement component. +* `inputs` is an opaque pointer to the [initial inputs](#key-derivation-driver-initial-inputs) for the key derivation. + +The following process describes how a driver is expected to retrieve the inputs of the key derivation. For each input step that is valid for the algorithm `alg` and is not a [long input](#key-derivation-driver-long-inputs): + +* If the step is a data step and the driver is an opaque driver, call `psa_crypto_driver_key_derivation_get_input_key`. This may either succeed or fail with `PSA_ERROR_INSUFFICIENT_DATA` depending on whether the input comes from the same secure element or not. Note that the driver obtains a pointer key context which only remains valid until the end of the call to the setup entry point. If the driver needs the context in subsequent steps of the operation, it must make a copy. +* If the step is a data step and the driver is a transparent driver, or if `psa_crypto_driver_key_derivation_get_input_key` returned `PSA_ERROR_INSUFFICIENT_DATA`, call `psa_crypto_driver_key_derivation_get_input_size` to retrieve the size of the input, then call `psa_crypto_driver_key_derivation_get_input_bytes` with a large enough buffer to retrieve the input data. +* If the step is an integer, call `psa_crypto_driver_key_derivation_get_input_integer`. + +#### Key derivation driver long inputs + +Some key derivation algorithms take long inputs which it would not be practical to pass in the [initial inputs](#key-derivation-driver-initial-inputs). A driver that implements a key derivation algorithm that takes such inputs must provide a `"key_derivation_input_step"` entry point. The core calls this input step for all the long inputs, in an unspecified order. Long input steps may be fragmented into multiple calls of `psa_key_derivation_input_bytes()`, and the core may reassemble or refragment those fragments before passing them to the driver. + +``` +psa_status_t acme_key_derivation_input_step( + acme_key_derivation_operation_t *operation, + psa_key_derivation_step_t step, + const uint8_t *input, size_t input_length); +``` + +At the time of writing, no standard key derivation algorithm has long inputs. It is likely that such algorithms will be added in the future. + +#### Key derivation driver operation capacity + +The core keeps track of an operation's capacity and enforces it. The core guarantees that it will not request output beyond the capacity of the operation, with one exception: opaque drivers that support `"key_derivation_derive_key"` for key types where the derived key material is not a direct copy of the key derivation's output stream. + +Such drivers must enforce the capacity limitation and must return `PSA_ERROR_INSUFFICIENT_CAPACITY` from any output request that exceeds the operation's capacity. Such drivers must provide the following entry point: +``` +psa_status_t acme_key_derivation_set_capacity( + acme_key_derivation_operation_t *operation, + size_t capacity); +``` +`capacity` is guaranteed to be less or equal to any value previously set through this entry point, and is guaraneed not to be `PSA_KEY_DERIVATION_UNLIMITED_CAPACITY`. + +If this entry point has not been called, the operation has an unlimited capacity. + +#### Key derivation driver outputs + +A key derivation driver must provide the following entry point: +``` +psa_status_t acme_key_derivation_output_bytes( + acme_key_derivation_operation_t *operation, + uint8_t *output, size_t length); +``` + +An opaque key derivation driver may provide the following entry points: +``` +psa_status_t acme_key_derivation_output_key( + const psa_key_attributes_t *attributes, + acme_key_derivation_operation_t *operation, + uint8_t *key_buffer, size_t key_buffer_size, size_t *key_buffer_length); +psa_status_t acme_key_derivation_verify_bytes( + acme_key_derivation_operation_t *operation, + const uint8_t *expected output, size_t length); +psa_status_t acme_key_derivation_verify_key( + acme_key_derivation_operation_t *operation, + uint8_t *key_buffer, size_t key_buffer_size); +``` + +The core calls a key derivation driver's output entry point when the application calls `psa_key_derivation_output_bytes()`, `psa_key_derivation_output_key()`, `psa_key_derivation_verify_bytes()` or `psa_key_derivation_verify_key()`. + +If the key derivation's `PSA_KEY_DERIVATION_INPUT_SECRET` input is in a secure element and the derivation operation is handled by that secure element, the core performs the following steps: + +1. For a call to `psa_key_derivation_output_key()` where the derived key is in the same secure element, if the driver has an `"key_derivation_output_key"` entry point, call that entry point. If the driver has no such entry point, or if that entry point returns `PSA_ERROR_NOT_SUPPORTED`, continue with the following steps, otherwise stop. +1. For a call to `psa_key_derivation_output_key()`, if the driver's capabilities indicate that its `"import_key"` entry point does not support the derived key, stop and return `PSA_ERROR_NOT_SUPPORTED`. +1. For a call to `psa_key_derivation_verify_key()`, if the driver has a `"key_derivation_verify_key"` entry point, call it and stop. +1. For a call to `psa_key_derivation_verify_key()` or `psa_key_derivation_verify_bytes()`, if the driver has a `"key_derivation_verify_bytes"` entry point, call the driver's `"export_key"` entry point on the key object that contains the expected value, call the `"key_derivation_verify_bytes"` entry point on the exported material, and stop. +1. Call the `"key_derivation_output_bytes"` entry point. The core may call this entry point multiple times to implement a single call from the application when deriving a non-raw key or if the output size exceeds some implementation limit. + +If the key derivation operation is not handled by an opaque driver as described above, the core calls the `"key_derivation_output_bytes"` from the applicable transparent driver (or multiple drivers in succession if fallback applies). In some cases, the driver then calls additional entry points in the same or another driver: + +* For a call to `psa_key_derivation_output_key()` for some key types, the core calls a transparent driver's `"derive_key"` entry point. See [“Transparent cooked key derivation”](#transparent-cooked-key-derivation). +* For a call to `psa_key_derivation_output_key()` where the derived key is in a secure element, call that secure element driver's `"import_key"` entry point. + +#### Transparent cooked key derivation + +Key derivation is said to be *raw* for some key types, where the key material of a derived (8×*n*)-bit key consists of the next *n* bytes of output from the key derivation, and *cooked* otherwise. When deriving a raw key, the core only calls the driver's `"output_bytes"` entry point, except when deriving a key entirely inside a secure element as described in [“Key derivation driver outputs”](#key-derivation-driver-outputs). When deriving a cooked key, the core calls a transparent driver's `"derive_key"` entry point if available. + +A capability for cooked key derivation contains the following properties (this is not a subset of [the usual entry point properties](#capability-syntax)): + +* `"entry_points"` (mandatory, list of strings). Must be `["derive_key"]`. +* `"derived_types"` (mandatory, list of strings). Each element is a [key type specification](#key-type-specifications). This capability only applies when deriving a key of the specified type. +* `"derived_sizes"` (optional, list of integers). Each element is a [key type specification](#key-type-specifications). This capability only applies when deriving a key of the specified sizes, in bits. If absent, this capability applies to all sizes for the specified types. +* `"memory"` (optional, boolean). If present and true, the driver must define a type `"derive_key_memory_t"` and the core will allocate an object of that type as specified below. +* `"names"` (optional, object). A mapping from entry point names to C function and type names, as usual. +* `"fallback"` (optional, boolean). If present and true, the driver may return `PSA_ERROR_NOT_SUPPORTED` if it only partially supports the specified mechanism, as usual. + +A transparent driver with the prefix `"acme"` that implements cooked key derivation must provide the following type and function: + +``` +typedef ... acme_derive_key_memory_t; // only if the "memory" property is true +psa_status_t acme_derive_key( + const psa_key_attributes_t *attributes, + const uint8_t *input, size_t input_length, + acme_derive_key_memory_t *memory, // if the "memory" property is false: void* + uint8_t *key_buffer, size_t key_buffer_size, size_t *key_buffer_length); +``` + +* `attributes` contains the attributes of the desired key. Note that only the key type and the bit-size are guaranteed to be set. +* `input` is a buffer of `input_length` bytes which contains the raw key stream, i.e. the data that `psa_key_derivation_output_bytes()` would return. +* If `"memory"` property in the driver capability is true, `memory` is a data structure that the driver may use to store data between successive calls of the `"derive_key"` entry point to derive the same key. If the `"memory"` property is false or absent, the `memory` parameter is a null pointer. +* `key_buffer` is a buffer for the output material. Its size is `key_buffer_size` bytes. +* On success, `*key_buffer_length` must contain the number of bytes written to `key_buffer`. + +This entry point may return the following statuses: + +* `PSA_SUCCESS`: a key was derived successfully. The driver has placed representation of the key is in `key_buffer`. +* `PSA_ERROR_NOT_SUPPORTED` (for the first call only) (only if fallback is enabled): the driver cannot fulfill this request, but a fallback driver might. +* `PSA_ERROR_INSUFFICIENT_DATA`: the core must call the `"derive_key"` entry point again with the same `memory` object and with subsequent data from the key stream. +* Any other error is a fatal error. + +The core calls the `"derive_key"` entry point in a loop until it returns a status other than `PSA_ERROR_INSUFFICIENT_DATA`. Each call has a successive fragment of the key stream. The `memory` object is guaranteed to be the same for successive calls, but note that its address may change between calls. Before the first call, `*memory` is initialized to all-bits-zero. + +For standard key types, the `"derive_key"` entry point is called with a certain input length as follows: + +* `PSA_KEY_TYPE_DES`: the length of the key. +* `PSA_KEY_TYPE_ECC_KEY_PAIR(…)`, `PSA_KEY_TYPE_DH_KEY_PAIR(…)`: *m* bytes, where the bit-size of the key *n* satisfies *m*-1 < 8×*n* ≤ *m*. +* `PSA_KEY_TYPE_RSA_KEY_PAIR`: an implementation-defined length. A future version of this specification may specify a length. +* Other key types: not applicable. + +#### Key agreement + +The core always decouples key agreement from symmetric key derivation. + +To implement a call to `psa_key_derivation_key_agreement()` where the private key is in a secure element that has a `"key_agreement_to_key"` entry point which is applicable for the given key type and algorithm, the core calls the secure element driver as follows: + +1. Call the `"key_agreement_to_key"` entry point to create a key object containing the shared secret. The key object is volatile and has the type `PSA_KEY_TYPE_DERIVE`. +2. Call the `"key_derivation_setup"` entry point, passing the resulting key object . +3. Perform the rest of the key derivation, up to and including the call to the `"key_derivation_abort"` entry point. +4. Call the `"destroy_key"` entry point to destroy the key containing the key object. + +In other cases, the core treats `psa_key_derivation_key_agreement()` as if it was a call to `psa_raw_key_agreement()` followed by a call to `psa_key_derivation_input_bytes()` on the shared secret. + +The entry points related to key agreement have the following prototypes for a driver with the prefix `"acme"`: +``` +psa_status_t acme_key_agreement(psa_algorithm_t alg, + const uint8_t *our_key_buffer, + size_t our_key_buffer_length, + const uint8_t *peer_key, + size_t peer_key_length, + uint8_t *output, + size_t output_size, + size_t *output_length); +psa_status_t acme_key_agreement_to_key(psa_algorithm_t alg, + const psa_key_attributes_t *attributes, + const uint8_t *our_key_buffer, + size_t our_key_buffer_length, + const uint8_t *peer_key, + size_t peer_key_length, + uint8_t *shared_secret_key_buffer, + size_t shared_secret_key_buffer_size, + size_t *shared_secret_key_buffer_length); +``` ### Driver entry points for key management @@ -336,8 +562,9 @@ psa_status_t acme_generate_key(const psa_key_attributes_t *attributes, size_t key_buffer_size, size_t *key_buffer_length); ``` +Additionally, opaque drivers can create keys through their [`"key_derivation_output_key"`](#key-derivation-driver-outputs) and [`"key_agreement_key"`](#key-agreement) entry points. Transparent drivers can create key material through their [`"derive_key"`](#transparent-cooked-key-derivation) entry point. -TODO: derivation, copy +TODO: copy * The key attributes (`attributes`) have the same semantics as in the PSA Cryptography application interface. * For the `"import_key"` entry point, the input in the `data` buffer is either the export format or an implementation-specific format that the core documents as an acceptable input format for `psa_import_key()`. @@ -660,7 +887,7 @@ If the key is stored in wrapped form outside the secure element, and the wrapped Opaque drivers may provide the following key management entry points: -* `"export_key"`: called by `psa_export_key()`, or by `psa_copy_key()` when copying a key from or to a different [location](#lifetimes-and-locations). +* `"export_key"`: called by `psa_export_key()`, or by `psa_copy_key()` when copying a key from or to a different [location](#lifetimes-and-locations), or [as a fallback for key derivation](#key-derivation-driver-dispatch-logic). * `"export_public_key"`: called by the core to obtain the public key of a key pair. The core may call this entry point at any time to obtain the public key, which can be for `psa_export_public_key()` but also at other times, including during a cryptographic operation that requires the public key such as a call to `psa_verify_message()` on a key pair object. * `"import_key"`: called by `psa_import_key()`, or by `psa_copy_key()` when copying a key from another location. * `"generate_key"`: called by `psa_generate_key()`. @@ -974,6 +1201,12 @@ An example use case for updating the persistent state at arbitrary times is to r `psa_crypto_driver_get_persistent_state` does not identify the calling driver, so the driver needs to remember which driver it's calling. This may require a thread-local variable in a multithreaded core. Is this ok? +#### Fallback for key derivation in opaque drivers + +Should [dispatch to an opaque driver](#key-derivation-driver-dispatch-logic) allow fallback, so that if `"key_derivation_setup"` returns `PSA_ERROR_NOT_SUPPORTED` then the core exports the key from the secure element instead? + +Should the ["`key_derivation_output_key`"](#key-derivation-driver-outputs) capability indicate which key types the driver can derive? How should fallback work? For example, consider a secure element that implements HMAC, HKDF and ECDSA, and that can derive an HMAC key from HKDF without exporting intermediate material but can only import or randomly generate ECC keys. How does this driver convey that it can't derive an ECC key with HKDF, but it can let the core do this and import the resulting key? + ### Randomness #### Input to `"add_entropy"` From 220bda7f76f04311aff19d5f066cbeb3590147b7 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 25 Jan 2022 12:03:34 +0100 Subject: [PATCH 002/328] Rename a function parameter to avoid confusion MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Don't use “output” for an input of the KDF. It's correct in context (it's the output of a function that copies the input of the KDF from core-owned memory to driver-owned memory) but confusing. Signed-off-by: Gilles Peskine --- docs/proposed/psa-driver-interface.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/docs/proposed/psa-driver-interface.md b/docs/proposed/psa-driver-interface.md index c12e01065c..e3ec0b19de 100644 --- a/docs/proposed/psa-driver-interface.md +++ b/docs/proposed/psa-driver-interface.md @@ -346,7 +346,7 @@ psa_status_t psa_crypto_driver_key_derivation_get_input_size( psa_status_t psa_crypto_driver_key_derivation_get_input_bytes( const psa_crypto_driver_key_derivation_inputs_t *inputs, psa_key_derivation_step_t step, - uint8_t *output, size_t output_size, size_t *output_length); + uint8_t *buffer, size_t buffer_size, size_t *buffer_length); psa_status_t psa_crypto_driver_key_derivation_get_input_key( const psa_crypto_driver_key_derivation_inputs_t *inputs, psa_key_derivation_step_t step, @@ -365,13 +365,13 @@ These functions take the following parameters: * `psa_crypto_driver_key_derivation_get_input_size` and `psa_crypto_driver_key_derivation_get_input_bytes` for data inputs (steps that the application passes with `psa_key_derivation_input_bytes()` or `psa_key_derivation_input_key()`, excluding key inputs from the same secure element). * `psa_crypto_driver_key_derivation_get_input_key` for key inputs (steps that the application passes with `psa_key_derivation_input_key()`, only for secure element drivers receiving a key from the same secure element). * On a successful invocation of `psa_crypto_driver_key_derivation_get_input_size`, the core sets `*size` to the size of the desired input in bytes. -* On a successful invocation of `psa_crypto_driver_key_derivation_get_input_bytes`, the core fills the first *N* bytes of `output` with the desired input and sets `*output_length` to *N*, where *N* is the length of the input in bytes. The value of `output_size` must be at least *N*, otherwise this function fails with the status `PSA_ERROR_BUFFER_TOO_SMALL`. +* On a successful invocation of `psa_crypto_driver_key_derivation_get_input_bytes`, the core fills the first *N* bytes of `buffer` with the desired input and sets `*buffer_length` to *N*, where *N* is the length of the input in bytes. The value of `buffer_size` must be at least *N*, otherwise this function fails with the status `PSA_ERROR_BUFFER_TOO_SMALL`. * On a successful invocation of `psa_crypto_driver_key_derivation_get_input_key`, the core sets `*key_buffer` to a pointer to a buffer containing the key context and `*key_buffer_size` to the size of the key context in bytes. The key context buffer remains valid for the duration of the driver entry point. If the driver needs to access the key context after the current entry point returns, it must make a copy of the key context. * On a successful invocation of `psa_crypto_driver_key_derivation_get_input_integer`, the core sets `*value` to the value of the desired input. These functions can return the following statuses: -* `PSA_SUCCESS`: the call succeeded and the desired value has been copied to the output parameter. +* `PSA_SUCCESS`: the call succeeded and the desired value has been copied to the output parameter (`size`, `buffer`, `value` or `p_key_buffer`) and if applicable the size of the value has been writen to the applicable parameter (`buffer_length`, `key_buffer_size`). * `PSA_ERROR_INSUFFICIENT_DATA`: the driver called `psa_crypto_driver_key_derivation_get_input_key` on a data input step which is available as a bytes input, or the driver called ``psa_crypto_driver_key_derivation_get_input_size` or `psa_crypto_driver_key_derivation_get_input_bytes` on a data input step which is available as a key input. This is not a fatal error and the driver is expected to call the appropriate function(s) instead. * `PSA_ERROR_DOES_NOT_EXIST`: the input step, is valid for this particular algorithm, but it is not part of the initial inputs. This is not a fatal error. The driver will receive the input later as a [long input](#key-derivation-driver-extra-inputs). * `PSA_ERROR_INVALID_ARGUMENT`: the input step is not valid for this particular algorithm, or the type of the input step is not suitable for this function. This is not a fatal error and the driver can, for example, subsequently call the appropriate function on the same step. From 0cd1f1c77fa6ee47ab92334476c3733ad609139f Mon Sep 17 00:00:00 2001 From: Pol Henarejos Date: Mon, 9 May 2022 01:04:15 +0200 Subject: [PATCH 003/328] Add SHA-3 module. Signed-off-by: Pol Henarejos --- ChangeLog.d/sha3.txt | 3 + include/mbedtls/error.h | 1 + include/mbedtls/mbedtls_config.h | 12 ++ include/mbedtls/sha3.h | 198 +++++++++++++++++++ library/CMakeLists.txt | 1 + library/Makefile | 1 + library/sha3.c | 305 +++++++++++++++++++++++++++++ scripts/generate_errors.pl | 2 +- tests/include/alt-dummy/sha3_alt.h | 30 +++ 9 files changed, 552 insertions(+), 1 deletion(-) create mode 100644 ChangeLog.d/sha3.txt create mode 100644 include/mbedtls/sha3.h create mode 100644 library/sha3.c create mode 100644 tests/include/alt-dummy/sha3_alt.h diff --git a/ChangeLog.d/sha3.txt b/ChangeLog.d/sha3.txt new file mode 100644 index 0000000000..dafff74f16 --- /dev/null +++ b/ChangeLog.d/sha3.txt @@ -0,0 +1,3 @@ +Features + * Add SHA3 family hash functions. + diff --git a/include/mbedtls/error.h b/include/mbedtls/error.h index 8b2b9ea580..b23b7491f0 100644 --- a/include/mbedtls/error.h +++ b/include/mbedtls/error.h @@ -78,6 +78,7 @@ * SHA1 1 0x0035-0x0035 0x0073-0x0073 * SHA256 1 0x0037-0x0037 0x0074-0x0074 * SHA512 1 0x0039-0x0039 0x0075-0x0075 + * SHA-3 1 0x0076-0x0076 * CHACHA20 3 0x0051-0x0055 * POLY1305 3 0x0057-0x005B * CHACHAPOLY 2 0x0054-0x0056 diff --git a/include/mbedtls/mbedtls_config.h b/include/mbedtls/mbedtls_config.h index 2d32f67cc1..35a4a0cbd6 100644 --- a/include/mbedtls/mbedtls_config.h +++ b/include/mbedtls/mbedtls_config.h @@ -328,6 +328,7 @@ //#define MBEDTLS_SHA1_ALT //#define MBEDTLS_SHA256_ALT //#define MBEDTLS_SHA512_ALT +//#define MBEDTLS_SHA3_ALT /* * When replacing the elliptic curve module, pleace consider, that it is @@ -2863,6 +2864,17 @@ */ #define MBEDTLS_SHA512_C +/** + * \def MBEDTLS_SHA3_C + * + * Enable the SHA3 cryptographic hash algorithm. + * + * Module: library/sha3.c + * + * This module adds support for SHA3. + */ +#define MBEDTLS_SHA3_C + /** * \def MBEDTLS_SHA512_USE_A64_CRYPTO_IF_PRESENT * diff --git a/include/mbedtls/sha3.h b/include/mbedtls/sha3.h new file mode 100644 index 0000000000..adecdc722f --- /dev/null +++ b/include/mbedtls/sha3.h @@ -0,0 +1,198 @@ +/** + * \file sha3.h + * + * \brief This file contains SHA3 definitions and functions. + * + * The Secure Hash Algorithms cryptographic + * hash functions are defined in FIPS 202: SHA-3 Standard: + * Permutation-Based Hash and Extendable-Output Functions . + */ +/* + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef MBEDTLS_SHA3_H +#define MBEDTLS_SHA3_H +#include "mbedtls/private_access.h" + +#include "mbedtls/build_info.h" + +#include +#include + +#ifdef __cplusplus +extern "C" { +#endif + +/** SHA3 input data was malformed. */ +#define MBEDTLS_ERR_SHA3_BAD_INPUT_DATA -0x0076 + +/** + * SHA-3 family id. + * + * It identifies the family (SHA3-256, SHA3-512, etc.) + */ + +typedef enum +{ + MBEDTLS_SHA3_NONE = 0, /*!< Operation not defined. */ + MBEDTLS_SHA3_224, /*!< SHA3-224 */ + MBEDTLS_SHA3_256, /*!< SHA3-256 */ + MBEDTLS_SHA3_384, /*!< SHA3-384 */ + MBEDTLS_SHA3_512, /*!< SHA3-512 */ +} mbedtls_sha3_id; + +#if !defined(MBEDTLS_SHA3_ALT) +// Regular implementation +// + +struct mbedtls_sha3_context; +typedef struct mbedtls_sha3_family_functions +{ + mbedtls_sha3_id id; + + uint16_t r; + uint16_t olen; + uint8_t xor_byte; +} +mbedtls_sha3_family_functions; + +/** + * \brief The SHA-3 context structure. + * + * The structure is used SHA-3 checksum calculations. + */ +typedef struct mbedtls_sha3_context { + uint64_t state[25]; + uint8_t index; + uint8_t id; + + uint16_t r; + uint16_t olen; + uint8_t xor_byte; + uint16_t max_block_size; +} +mbedtls_sha3_context; + +#else /* MBEDTLS_SHA3_ALT */ +#include "sha3_alt.h" +#endif /* MBEDTLS_SHA3_ALT */ + +/** + * \brief This function initializes a SHA-3 context. + * + * \param ctx The SHA-3 context to initialize. This must not be \c NULL. + */ +void mbedtls_sha3_init( mbedtls_sha3_context *ctx ); + +/** + * \brief This function clears a SHA-3 context. + * + * \param ctx The SHA-3 context to clear. This may be \c NULL, in which + * case this function returns immediately. If it is not \c NULL, + * it must point to an initialized SHA-3 context. + */ +void mbedtls_sha3_free( mbedtls_sha3_context *ctx ); + +/** + * \brief This function clones the state of a SHA-3 context. + * + * \param dst The destination context. This must be initialized. + * \param src The context to clone. This must be initialized. + */ +void mbedtls_sha3_clone( mbedtls_sha3_context *dst, + const mbedtls_sha3_context *src ); + +/** + * \brief This function starts a SHA-3 checksum + * calculation. + * + * \param ctx The context to use. This must be initialized. + * \param id The id of the SHA-3 family. + * + * \return \c 0 on success. + * \return A negative error code on failure. + */ +int mbedtls_sha3_starts( mbedtls_sha3_context *ctx, mbedtls_sha3_id id ); + +/** + * \brief This function feeds an input buffer into an ongoing + * SHA-3 checksum calculation. + * + * \param ctx The SHA-3 context. This must be initialized + * and have a hash operation started. + * \param input The buffer holding the data. This must be a readable + * buffer of length \p ilen Bytes. + * \param ilen The length of the input data in Bytes. + * + * \return \c 0 on success. + * \return A negative error code on failure. + */ +int mbedtls_sha3_update( mbedtls_sha3_context *ctx, + const uint8_t *input, + size_t ilen ); + +/** + * \brief This function finishes the SHA-3 operation, and writes + * the result to the output buffer. + * + * \param ctx The SHA-3 context. This must be initialized + * and have a hash operation started. + * \param output The SHA-3 checksum result. + * This must be a writable buffer of length \c olen bytes. + * \param olen Defines a variable output length (in bytes). \c output must be + * \c olen bytes length. For SHA-3 224, SHA-3 256, SHA-3 384 and + * SHA-3 512 must equal to 28, 32, 48 and 64, respectively. + * + * \return \c 0 on success. + * \return A negative error code on failure. + */ +int mbedtls_sha3_finish( mbedtls_sha3_context *ctx, + uint8_t *output, size_t olen ); + +/** + * \brief This function calculates the SHA-3 + * checksum of a buffer. + * + * The function allocates the context, performs the + * calculation, and frees the context. + * + * The SHA-3 result is calculated as + * output = SHA-3(id, input buffer, d). + * + * \param id The id of the SHA-3 family. + * \param input The buffer holding the data. This must be a readable + * buffer of length \p ilen Bytes. + * \param ilen The length of the input data in Bytes. + * \param output The SHA-3 checksum result. + * This must be a writable buffer of length \c olen bytes. + * \param olen Determines the length (in bytes) of the output. \c output + * must be \c olen bytes length. + * + * \return \c 0 on success. + * \return A negative error code on failure. + */ +int mbedtls_sha3( mbedtls_sha3_id id, const uint8_t *input, + size_t ilen, + uint8_t *output, + size_t olen ); + +#ifdef __cplusplus +} +#endif + +#endif /* mbedtls_sha3.h */ + diff --git a/library/CMakeLists.txt b/library/CMakeLists.txt index 6bb2ad38ce..f1b0d76695 100644 --- a/library/CMakeLists.txt +++ b/library/CMakeLists.txt @@ -77,6 +77,7 @@ set(src_crypto sha1.c sha256.c sha512.c + sha3.c ssl_debug_helpers_generated.c threading.c timing.c diff --git a/library/Makefile b/library/Makefile index d267e05b4a..79ea185c37 100644 --- a/library/Makefile +++ b/library/Makefile @@ -142,6 +142,7 @@ OBJS_CRYPTO= \ sha1.o \ sha256.o \ sha512.o \ + sha3.o \ ssl_debug_helpers_generated.o \ threading.o \ timing.o \ diff --git a/library/sha3.c b/library/sha3.c new file mode 100644 index 0000000000..d5db165fbc --- /dev/null +++ b/library/sha3.c @@ -0,0 +1,305 @@ +/* + * FIPS-202 compliant SHA3 implementation + * + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +/* + * The SHA-3 Secure Hash Standard was published by NIST in 2015. + * + * https://nvlpubs.nist.gov/nistpubs/fips/nist.fips.202.pdf + */ + +#include "common.h" + +#if defined(MBEDTLS_SHA3_C) + +#include "mbedtls/sha3.h" +#include "mbedtls/platform_util.h" +#include "mbedtls/error.h" + +#include + +#if defined(MBEDTLS_SELF_TEST) +#if defined(MBEDTLS_PLATFORM_C) +#include "mbedtls/platform.h" +#else +#include +#include +#define mbedtls_printf printf +#define mbedtls_calloc calloc +#define mbedtls_free free +#endif /* MBEDTLS_PLATFORM_C */ +#endif /* MBEDTLS_SELF_TEST */ + +#if !defined(MBEDTLS_SHA3_ALT) + +/* + * List of supported SHA-3 families + */ +static mbedtls_sha3_family_functions sha3_families[] = { + { MBEDTLS_SHA3_224, 1152, 224, 0x06 }, + { MBEDTLS_SHA3_256, 1088, 256, 0x06 }, + { MBEDTLS_SHA3_384, 832, 384, 0x06 }, + { MBEDTLS_SHA3_512, 576, 512, 0x06 }, + { MBEDTLS_SHA3_NONE, 0, 0, 0 } +}; + +static const uint64_t rc[24] = { + 0x0000000000000001, 0x0000000000008082, 0x800000000000808a, 0x8000000080008000, + 0x000000000000808b, 0x0000000080000001, 0x8000000080008081, 0x8000000000008009, + 0x000000000000008a, 0x0000000000000088, 0x0000000080008009, 0x000000008000000a, + 0x000000008000808b, 0x800000000000008b, 0x8000000000008089, 0x8000000000008003, + 0x8000000000008002, 0x8000000000000080, 0x000000000000800a, 0x800000008000000a, + 0x8000000080008081, 0x8000000000008080, 0x0000000080000001, 0x8000000080008008, +}; + +static const uint8_t rho[24] = { + 1, 62, 28, 27, 36, 44, 6, 55, 20, + 3, 10, 43, 25, 39, 41, 45, 15, + 21, 8, 18, 2, 61, 56, 14 +}; + +static const uint8_t pi[24] = { + 10, 7, 11, 17, 18, 3, 5, 16, 8, 21, 24, 4, + 15, 23, 19, 13, 12, 2, 20, 14, 22, 9, 6, 1, +}; + +#define ROT64( x , y ) ( ( ( x ) << ( y ) ) | ( ( x ) >> ( 64U - ( y ) ) ) ) +#define ABSORB( ctx, idx, v ) do { ctx->state[( idx ) >> 3] ^= ( ( uint64_t ) ( v ) ) << ( ( ( idx ) & 0x7 ) << 3 ); } while( 0 ) +#define SQUEEZE( ctx, idx ) ( ( uint8_t )( ctx->state[( idx ) >> 3] >> ( ( ( idx ) & 0x7 ) << 3 ) ) ) +#define SWAP( x, y ) do { uint64_t tmp = ( x ); ( x ) = ( y ); ( y ) = tmp; } while( 0 ) + +/* The permutation function. */ +static void keccak_f1600(mbedtls_sha3_context *ctx) +{ + uint64_t lane[5]; + uint64_t *s = ctx->state; + int i; + + for( int round = 0; round < 24; round++ ) + { + uint64_t t; + + /* Theta */ + lane[0] = s[0] ^ s[5] ^ s[10] ^ s[15] ^ s[20]; + lane[1] = s[1] ^ s[6] ^ s[11] ^ s[16] ^ s[21]; + lane[2] = s[2] ^ s[7] ^ s[12] ^ s[17] ^ s[22]; + lane[3] = s[3] ^ s[8] ^ s[13] ^ s[18] ^ s[23]; + lane[4] = s[4] ^ s[9] ^ s[14] ^ s[19] ^ s[24]; + + t = lane[4] ^ ROT64( lane[1], 1 ); + s[0] ^= t; s[5] ^= t; s[10] ^= t; s[15] ^= t; s[20] ^= t; + + t = lane[0] ^ ROT64( lane[2], 1 ); + s[1] ^= t; s[6] ^= t; s[11] ^= t; s[16] ^= t; s[21] ^= t; + + t = lane[1] ^ ROT64( lane[3], 1 ); + s[2] ^= t; s[7] ^= t; s[12] ^= t; s[17] ^= t; s[22] ^= t; + + t = lane[2] ^ ROT64( lane[4], 1 ); + s[3] ^= t; s[8] ^= t; s[13] ^= t; s[18] ^= t; s[23] ^= t; + + t = lane[3] ^ ROT64( lane[0], 1 ); + s[4] ^= t; s[9] ^= t; s[14] ^= t; s[19] ^= t; s[24] ^= t; + + /* Rho */ + for( i = 1; i < 25; i++ ) + s[i] = ROT64( s[i], rho[i-1] ); + + /* Pi */ + t = s[1]; + for( i = 0; i < 24; i++ ) + SWAP( s[pi[i]], t ); + + /* Chi */ + lane[0] = s[0]; lane[1] = s[1]; lane[2] = s[2]; lane[3] = s[3]; lane[4] = s[4]; + s[0] ^= (~lane[1]) & lane[2]; + s[1] ^= (~lane[2]) & lane[3]; + s[2] ^= (~lane[3]) & lane[4]; + s[3] ^= (~lane[4]) & lane[0]; + s[4] ^= (~lane[0]) & lane[1]; + + lane[0] = s[5]; lane[1] = s[6]; lane[2] = s[7]; lane[3] = s[8]; lane[4] = s[9]; + s[5] ^= (~lane[1]) & lane[2]; + s[6] ^= (~lane[2]) & lane[3]; + s[7] ^= (~lane[3]) & lane[4]; + s[8] ^= (~lane[4]) & lane[0]; + s[9] ^= (~lane[0]) & lane[1]; + + lane[0] = s[10]; lane[1] = s[11]; lane[2] = s[12]; lane[3] = s[13]; lane[4] = s[14]; + s[10] ^= (~lane[1]) & lane[2]; + s[11] ^= (~lane[2]) & lane[3]; + s[12] ^= (~lane[3]) & lane[4]; + s[13] ^= (~lane[4]) & lane[0]; + s[14] ^= (~lane[0]) & lane[1]; + + lane[0] = s[15]; lane[1] = s[16]; lane[2] = s[17]; lane[3] = s[18]; lane[4] = s[19]; + s[15] ^= (~lane[1]) & lane[2]; + s[16] ^= (~lane[2]) & lane[3]; + s[17] ^= (~lane[3]) & lane[4]; + s[18] ^= (~lane[4]) & lane[0]; + s[19] ^= (~lane[0]) & lane[1]; + + lane[0] = s[20]; lane[1] = s[21]; lane[2] = s[22]; lane[3] = s[23]; lane[4] = s[24]; + s[20] ^= (~lane[1]) & lane[2]; + s[21] ^= (~lane[2]) & lane[3]; + s[22] ^= (~lane[3]) & lane[4]; + s[23] ^= (~lane[4]) & lane[0]; + s[24] ^= (~lane[0]) & lane[1]; + + /* Iota */ + s[0] ^= rc[round]; + } +} + +void mbedtls_sha3_init( mbedtls_sha3_context *ctx ) +{ + if( ctx == NULL ) + return; + + memset( ctx, 0, sizeof( mbedtls_sha3_context ) ); +} + +void mbedtls_sha3_free( mbedtls_sha3_context *ctx ) +{ + if( ctx == NULL ) + return; + + mbedtls_platform_zeroize( ctx, sizeof( mbedtls_sha3_context ) ); +} + +void mbedtls_sha3_clone( mbedtls_sha3_context *dst, + const mbedtls_sha3_context *src ) +{ + if ( dst == NULL || src == NULL ) + return; + + *dst = *src; +} + +/* + * SHA-3 context setup + */ +int mbedtls_sha3_starts( mbedtls_sha3_context *ctx, mbedtls_sha3_id id ) +{ + mbedtls_sha3_family_functions *p = NULL; + if( ctx == NULL ) + return( MBEDTLS_ERR_SHA3_BAD_INPUT_DATA ); + + for( p = sha3_families; p->id != MBEDTLS_SHA3_NONE; p++ ) + { + if( p->id == id ) + break; + } + + if( p == NULL ) + return( MBEDTLS_ERR_SHA3_BAD_INPUT_DATA ); + + ctx->id = id; + ctx->r = p->r; + ctx->olen = p->olen / 8; + ctx->xor_byte = p->xor_byte; + ctx->max_block_size = ctx->r / 8; + + return( 0 ); +} + +/* + * SHA-3 process buffer + */ +int mbedtls_sha3_update( mbedtls_sha3_context *ctx, + const uint8_t *input, + size_t ilen ) +{ + if( ctx == NULL ) + return( MBEDTLS_ERR_SHA3_BAD_INPUT_DATA ); + + if( ilen == 0 || input == NULL ) + return( 0 ); + + while( ilen-- > 0 ) + { + ABSORB( ctx, ctx->index, *input++ ); + if( ( ctx->index = ( ctx->index + 1) % ctx->max_block_size ) == 0 ) + keccak_f1600( ctx ); + } + + return( 0 ); +} + +int mbedtls_sha3_finish( mbedtls_sha3_context *ctx, + uint8_t *output, size_t olen ) +{ + if( ctx == NULL ) + return( MBEDTLS_ERR_SHA3_BAD_INPUT_DATA ); + + if( olen == 0 ) + return( 0 ); + + if( ctx->olen > 0 && ctx->olen != olen ) + return( MBEDTLS_ERR_SHA3_BAD_INPUT_DATA ); + + ABSORB( ctx, ctx->index, ctx->xor_byte ); + ABSORB( ctx, ctx->max_block_size - 1, 0x80 ); + keccak_f1600( ctx ); + ctx->index = 0; + + while( olen-- > 0 ) + { + *output++ = SQUEEZE( ctx, ctx->index ); + + if( ( ctx->index = ( ctx->index + 1) % ctx->max_block_size ) == 0 ) + keccak_f1600( ctx ); + } + + return( 0 ); +} + +#endif /* !MBEDTLS_SHA3_ALT */ + +/* + * output = SHA3( input buffer ) + */ +int mbedtls_sha3( mbedtls_sha3_id id, const uint8_t *input, + size_t ilen, uint8_t *output, size_t olen ) +{ + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + mbedtls_sha3_context ctx; + + if( ilen != 0 && input == NULL ) + return( MBEDTLS_ERR_SHA3_BAD_INPUT_DATA ); + + if( output == NULL ) + return( MBEDTLS_ERR_SHA3_BAD_INPUT_DATA ); + + mbedtls_sha3_init( &ctx ); + + if( ( ret = mbedtls_sha3_starts( &ctx, id ) ) != 0 ) + goto exit; + + if( ( ret = mbedtls_sha3_update( &ctx, input, ilen ) ) != 0 ) + goto exit; + + if( ( ret = mbedtls_sha3_finish( &ctx, output, olen ) ) != 0 ) + goto exit; + +exit: + mbedtls_sha3_free( &ctx ); + + return( ret ); +} + +#endif /* MBEDTLS_SHA3_C */ diff --git a/scripts/generate_errors.pl b/scripts/generate_errors.pl index 0a03f02e96..a0808cad66 100755 --- a/scripts/generate_errors.pl +++ b/scripts/generate_errors.pl @@ -49,7 +49,7 @@ my @low_level_modules = qw( AES ARIA ASN1 BASE64 BIGNUM CAMELLIA CCM CHACHA20 CHACHAPOLY CMAC CTR_DRBG DES ENTROPY ERROR GCM HKDF HMAC_DRBG MD5 NET OID PADLOCK PBKDF2 PLATFORM POLY1305 RIPEMD160 - SHA1 SHA256 SHA512 THREADING ); + SHA1 SHA256 SHA512 SHA3 THREADING ); my @high_level_modules = qw( CIPHER DHM ECP MD PEM PK PKCS12 PKCS5 RSA SSL X509 ); diff --git a/tests/include/alt-dummy/sha3_alt.h b/tests/include/alt-dummy/sha3_alt.h new file mode 100644 index 0000000000..7f9345e48a --- /dev/null +++ b/tests/include/alt-dummy/sha3_alt.h @@ -0,0 +1,30 @@ +/* sha3_alt.h with dummy types for MBEDTLS_SHA3_ALT */ +/* + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef SHA3_ALT_H +#define SHA3_ALT_H + +typedef struct mbedtls_sha3_context +{ + int dummy; +} +mbedtls_sha3_context; + + +#endif /* sha3_alt.h */ + From f645705976d16c75b9ae97799de66af33affffe6 Mon Sep 17 00:00:00 2001 From: Pol Henarejos Date: Mon, 9 May 2022 01:04:34 +0200 Subject: [PATCH 004/328] Add test vectors (from NIST) for SHA-3. Signed-off-by: Pol Henarejos --- tests/suites/test_suite_shax.data | 2164 +++++++++++++++++++++++++ tests/suites/test_suite_shax.function | 41 + 2 files changed, 2205 insertions(+) diff --git a/tests/suites/test_suite_shax.data b/tests/suites/test_suite_shax.data index 3552346e42..9baacd0dad 100644 --- a/tests/suites/test_suite_shax.data +++ b/tests/suites/test_suite_shax.data @@ -176,3 +176,2167 @@ sha256_selftest: SHA-512 Selftest depends_on:MBEDTLS_SELF_TEST:MBEDTLS_SHA512_C sha512_selftest: + +SHA3_224 short #0 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_224:"01":"488286d9d32716e5881ea1ee51f36d3660d70f0db03b3f612ce9eda4" + +SHA3_224 short #1 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_224:"69cb":"94bd25c4cf6ca889126df37ddd9c36e6a9b28a4fe15cc3da6debcdd7" + +SHA3_224 short #2 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_224:"bf5831":"1bb36bebde5f3cb6d8e4672acf6eec8728f31a54dacc2560da2a00cc" + +SHA3_224 short #3 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_224:"d148ce6d":"0b521dac1efe292e20dfb585c8bff481899df72d59983315958391ba" + +SHA3_224 short #4 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_224:"91c71068f8":"989f017709f50bd0230623c417f3daf194507f7b90a11127ba1638fa" + +SHA3_224 short #5 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_224:"e7183e4d89c9":"650618f3b945c07de85b8478d69609647d5e2a432c6b15fbb3db91e4" + +SHA3_224 short #6 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_224:"d85e470a7c6988":"8a134c33c7abd673cd3d0c33956700760de980c5aee74c96e6ba08b2" + +SHA3_224 short #7 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_224:"e4ea2c16366b80d6":"7dd1a8e3ffe8c99cc547a69af14bd63b15ac26bd3d36b8a99513e89e" + +SHA3_224 short #8 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_224:"b29373f6f8839bd498":"e02a13fa4770f824bcd69799284878f19bfdc833ac6d865f28b757d0" + +SHA3_224 short #9 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_224:"49ec72c29b63036dbecd":"47cab44618f62dd431ccb13b3b9cd985d816c5d6026afc38a281aa00" + +SHA3_224 short #10 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_224:"502f4e28a6feb4c6a1cc47":"bbe61d85b4cae716329e2bcc4038e282b4d7836eb846228835f65308" + +SHA3_224 short #11 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_224:"e723c64b2258b5124f88405f":"d09da094cfefaad46b7b335830a9305570f4f4afe79f8629ff9d0c3d" + +SHA3_224 short #12 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_224:"0d512eceb74d8a047531c1f716":"29ae0744051e55167176317eb17850a22939d8d94ebb0a90b6d98fde" + +SHA3_224 short #13 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_224:"3b9ab76a23ae56340b5f4b80e1f3":"c0903be96f38051cfc2a5ad256aa0b8332217f450eab904ee84b6541" + +SHA3_224 short #14 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_224:"e9fef751a20297ad1938662d131e7a":"48eba36dfe0575597d13ca26133267199dae76d63d1b9e9612720d08" + +SHA3_224 short #15 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_224:"2bbb42b920b7feb4e3962a1552cc390f":"0dfa61f6b439bf8e3a6f378fe30a4134e8b2dfb652997a2a76c2789f" + +SHA3_224 short #16 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_224:"2254e100bde9295093565a94877c21d05a":"6965256463276dbb26ad34a378c4bacaeae79d700283b188d44d73eb" + +SHA3_224 short #17 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_224:"784ef7adecbb9a4cb5ac1df8513d87ae9772":"e918a5d52a0d42ab8ba2ea386eb6ad83cb8dd9a6bd461506be356ead" + +SHA3_224 short #18 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_224:"f4e68964f784fe5c4d0e00bb4622042fa7048e":"765f050c95ae3347cf3f4f5032b428faeab13694e8c7798eafb82475" + +SHA3_224 short #19 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_224:"a9ca7ec7aaf89db352fecba646ff73efe8e4a7e8":"65d6a49739c0e287584ff9d1f3463ce2e555ae9678147e21b5889e98" + +SHA3_224 short #20 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_224:"b2f7018581a4e459cf9b9d9816fc17903ba8033f13":"c6837f12227bfbd86ccfe794053ce3a54052c8ca8430f526fd64b5f2" + +SHA3_224 short #21 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_224:"f50086b4dc7bca0baec0076a878dd89571d52e47855b":"e39aa96fad581961bda032ed33dce36defde958baf9bae5dc558cf89" + +SHA3_224 short #22 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_224:"6e6ef963f5000d0b91b0ad537ddc9697f8db8f10a3d5ee":"66dcb292b4d6bb4cdd4099b8e7bfea9658680c92c51562c091577056" + +SHA3_224 short #23 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_224:"12a7b1a73b0b26a66362ec2a91ea5ff11af49a7a148a8cc5":"6fc91ec8ad448173f591b865ed3eb89115a278003376523c00e22f2a" + +SHA3_224 short #24 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_224:"8a4768add4a9bd7b3f27461220ceae0218cf3322f4d2a980d1":"9a88bc64e743f2acaa1670cca7e201a299e1cce6df7015b0d2535213" + +SHA3_224 short #25 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_224:"5c5b8c1902c8608c204e72a813e2b625021b3182c48b00f7fe4f":"31802a0fa9ae7ae88626604ad9ae41381d6f7c3c90effcfcf70efcf7" + +SHA3_224 short #26 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_224:"e89e5cf07afb4a58ebeee17ff596d90b3274ba348f14f284fff025":"3bc9b7973f55735b612ddee8cc7907a3f1429b06df7cb1293b989802" + +SHA3_224 short #27 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_224:"eb9e1143782a0f9fa815261c2adc2758fb1d88ffe40a0ae144189a48":"9d70d22520094a113297a192ead33e316924fdc7a2a9f8ea7098b84b" + +SHA3_224 short #28 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_224:"c4ba3bff885fb78357221a9a903bc7ebd11c771faf5789e5aabc993a5f":"7b0212b4ee0b14dba62c2db7a765ac56db46e0b06eb744ee35726ddd" + +SHA3_224 short #29 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_224:"07810e6b785177e52d0feac0394f3ecc41f35aa08ff1ed8162575f85888c":"b413d6f0cce14b7a1044a14bb2803d53bef907093769a5aa63a8e316" + +SHA3_224 short #30 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_224:"01c742dc9ab0b05df925d4a351e38bea7ca7ad783594e22487d5b8198583f3":"c42c707ddc7b630939544adbdbe567a333ac88c3b5e738dee8f862be" + +SHA3_224 short #31 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_224:"dd0f85b55fdf56ba254e06f8c2b650cc6b86bf28a14d714011141a86b8f14bd9":"0fe92469297c2c34911eae424710db6d312047898b9756edc5c2deb2" + +SHA3_224 short #32 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_224:"ddf48f4cdc856c448326092dcf6bfc4ebcf4b36fc2e516eba0956807588b6e827b":"6cd83ba70e1bd387d603ab14c9fdcbf9862d2ebf0987215f011abee8" + +SHA3_224 short #33 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_224:"c34d1f8729663569569f87b1fd6e0b954ae2e3b723d6c9fcae6ab09b13b4a87483b2":"e57e1d24dbd9a30ab311291f5d6a95530caa029c421dde0b487a577e" + +SHA3_224 short #34 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_224:"808de7cbf8d831ad4f17eb58031daed38bdab82f467f87c6b2e3a7c5de25c8e8229413":"b3c13f11227f4386afdcf7663a120990f27da205ffb9bf83676f86dc" + +SHA3_224 short #35 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_224:"5204a0a63707bd1cab67a8797994a052ee73884b325fdf37d86ef280b3f550c9eb4e7fd3":"6aa1060f84127bf2c988230a907242e7d6972a01c6772ba0f7b8bc86" + +SHA3_224 short #36 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_224:"da9439bd090dfc2eccc1203a7a82c5d6467fec4e5b0a2b2c2b9ea65b03203a8ce365fbd98e":"e8f0929f1f6209d41185292d35ebbf5a3bfe5492713b06d56579458d" + +SHA3_224 short #37 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_224:"668bbd38c0ad0881a7f095157d00f29b576b01ba54a8f1392e586c640ecb12b2a5c627a67884":"75dd056962c5bb5d6f616a9f57892992946d048df57c0a36a40a365a" + +SHA3_224 short #38 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_224:"d63ac3bcfee3a5bc503cf20fe8ff496bf7a8064769870c8fc514c29b55825b6288975beb94ba56":"c694da941a7a506cef471fdffb5230bb6c3cd2715341033ab7268e9b" + +SHA3_224 short #39 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_224:"985f06121aed603171020badc2075fd33256d67d40430839575ddaa7a3f1f22325d06ea40252d5e4":"29f8846aaf234281b515ea1d45674535a6126c38bd959c1995cad7c9" + +SHA3_224 short #40 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_224:"8783849552be4540cb24d67996a10d16444b2d936d2fa5fcff51fb0dd5ee03998c0454289215fce47f":"84502256e3f4291ef4d15e8705e579951fc0e39a2d58fda74852551f" + +SHA3_224 short #41 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_224:"dab31c7b3f40825aac13f6772771b7e7fbc09fedf6eff778d51190ecfd4b0f256cf189baeeec507e945f":"97168a9c3b07ec4987a4cf1f2478731fc674f56a2caeef074590ed6b" + +SHA3_224 short #42 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_224:"1119b962bed5815734af7827ec536701a494ac5d4ab83eea1b16ecc80ce4e5f8694a7d11bcba2e34f084dd":"205d89e032f03c8519cf43b720478389b1788f3522c3d347febd2c70" + +SHA3_224 short #43 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_224:"d2c45e2c1fa0c44efc84e6c0654cc0d867a3e33733c725aa718d974ed6a4b7f8f91de7d3622b1e4be428de2a":"d483e39b7add050eb4a793e54c85b250746e382399c74736f33da890" + +SHA3_224 short #44 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_224:"a873b148fe1807b89cbed930a7802abad6ca0442340e62ed21b84ead9a634713bb4de5648208c0eed6738d9cc8":"c86bcc12a6ab792c149aa83a6783ca8bb52b0ca4b2c12661c0a25d22" + +SHA3_224 short #45 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_224:"b3008f6f567d1eed9ab5b3bbce824d290e66f66bcfcff7f9b8994835b4d54a4e45c9b8651b37dbefe5e3fe5b674f":"23929753ad07e8476e7bdac8a0ca39e9aac158132653be10ebeeb50c" + +SHA3_224 short #46 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_224:"78d073b4e13f6850dc1ca36683abac72336465d790eb3575c942667d1e3ecc849f37a8d73604cb0fe726ffe55744a2":"6229233fc655ea48bb5b48b73a081897d855f6cf10478228fc305842" + +SHA3_224 short #47 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_224:"45325b80e043c0cdce3ec421ecda529481910c09730128b4bb927dda1659ddd8fd3ca667d857941e6f9fd939a1c57098":"776aa1f54e038f390491a5d69bde7a2dbcba97c35574ebe60c9a772f" + +SHA3_224 short #48 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_224:"3bdd6821d938fac52101fbee5d6ba191fb3b6cb634dbf42cebaae57bd897481ae5ee04e2d871a4c333ab5ab6588144f2f1":"62f8f3baea6dcf5af25d53ddfdac0bdcde88e3895df567c6c416a541" + +SHA3_224 short #49 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_224:"86fc66f2618c98fe9efa1e3ac04e340385dc2b746cbc0f7c757b88342810fe70d81200952928e7aad0c0b6b19a044537b009":"20a21eb1d3130a4519ce6abd5ab6817081ae1bef3603056476a00e41" + +SHA3_224 short #50 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_224:"f2a6168e7f92d313fc30f9e6f825a480916216f02e0308db70773ec165e25e81ffbf0220c5ca0cc6c91d3a09da99fa6efa877f":"5d6e5c82574f5e5c0339d3af1f9c28e17bcddc306a15187aff5d3dd7" + +SHA3_224 short #51 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_224:"5e3b6b75b54f21b8016effb39276f5e7f493117ac4c0f2dec38a80ae2917dad83c68900120db1325f1f4697e0f5c25a8b92a9702":"5dc2147f1cf655dabb5ca4b2970b4564eb19ec456e6f966bbae19762" + +SHA3_224 short #52 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_224:"e7f17c131950c06311f47799a0f5a6b4996f4cc890334450e1bd6cc6f5670771c0dc607f8eceb15300ec4220510ed5b7deb3429de6":"4ce80dab9f933112a3fd78c1f76434b197806eddfe35cb0bdd845c15" + +SHA3_224 short #53 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_224:"c9aa3d0f6d878db11235e7b028f8d67e2ce26eee718f308e21132e377e3170e26ece95bd37a4bd7f873ba7f8b71517ec50297b21cf94":"5963b41b13925a90c9e8fbcded9a82ade8aae36dee920199f6d6ac7f" + +SHA3_224 short #54 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_224:"0f170afafcefdfa8b0de328dab30b4e44d98d6aea2bc39557ff4658fce4fbf8526d8b5359f173c14e4da7cf88935c9369fc7d607863f25":"fe7e59028c7855c37ae3dc5ee324864cfee6b8bccc2c3b5a410b65d9" + +SHA3_224 short #55 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_224:"6b2b92584146a433bee8b947cc1f35b617b73f5b1e0376ac8bdadfe5bfdf2263b205f74dfa53db7a29e5078f5c34a268119736ba390961f6":"132cfa7e71fe0991abbd88ef588ac95ac9289b1d775b42033567dd33" + +SHA3_224 short #56 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_224:"39f7a94312bea1b4fa989f5a6775df538f01704120838c4a3104256478b5c0cfbe8b86e2912c980b390ea412edddb69d461e50f9f313bc17af":"fcc59655b8fec1a3d878345df9108bd99f4dd0e5218a55fc335e57f7" + +SHA3_224 short #57 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_224:"ac582b5a4bb0c5e9c40d8f277bda9de3d07fff01e820a1cdaf88708f1d60be60b9a5e83b5c593657387802b4182d1df4e9466e6d7ae6dc7c8079":"5c2e10fae8f4304cd9361690e5d2c4cd15f10a7b14ea60208739579b" + +SHA3_224 short #58 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_224:"072753981998453438a520d9de2d5704292910148b8f794ec3765b240c7af1b79462fa9a2f000dd94d592d3a2a069dc244daf57b12c57675f3f89b":"b0d290a6ebdd950811a2715f354b0d8935cb610a471cfc5dff5e0660" + +SHA3_224 short #59 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_224:"66a9a6d0a322ed2852378af82c0a2c027b1082098ab750925a4dc2e8961d0062c9db02e8cf42a6b48afb0056d6c1f1fbbec3fbeef049535f6e9b3864":"d683488c8420eb2d61e528ab0a7b73aa780a085b9c7982293b2ac6ad" + +SHA3_224 short #60 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_224:"18419a8498d4e9bfaa911748186c5753d5da5aa033371ffc56650d0ae9b73f430f0d1f3c9d40362786c0429d977b899b64016eca82e64203f6685c12ee":"51d0cd33fd6579b05c366c6fcc653638b7b13b62798b99b36792cdc4" + +SHA3_224 short #61 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_224:"4fc52009d58a0fc2573e83fa335b5c1df8c14b2e6daaf05bd6e13fd5722f28de4816772424c2f94ddc3de0d3d7e26812d014bb9fd83012dc9abf1ec9e3f1":"630ee2beaf1c1592eaa6263fc562a260b6054e9eab1aa19536fda170" + +SHA3_224 short #62 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_224:"acdaa28692f334732088f5efab2c7951fe0f845b9e2c6f1253c3cdcde30a4e8d2120e38c26422219df41eda2c8334e13f669a65f5ba2075b467eded32936d5":"7d4991d54c78af5809cd17024cadae783c6f5a1f0feb365b532580c2" + +SHA3_224 short #63 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_224:"d1593cd338b7a25bb5413f112a639fe31c981e505c81a820e638c25209e2ce56c8838a7c8117dbadccdec959a6f7cab0cf304315701d4ccf0167b4026a6744de":"84e18330723e4f90520d0b051a9bf9bd7b5c7ec0177803f15cf740e5" + +SHA3_224 short #64 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_224:"8cf8ea25310126ae1fdce3c9195395a9d45051a2a3f08ce154d8265b54cca7031a7ec840c3a3359efa4c91c41b74baa698d54ffb9b0170f2edadc5201650c2bdc6":"75de14169d16a9902f6e8a3359d94594a889c4aed9246caa6cf5612c" + +SHA3_224 short #65 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_224:"e0320fee19af5bfd511a23cabba75acb0815525a3734305aafa49c1d8bdfbd853579646a36a7873c4cfff2eabd7e3902eccff1192aca1f6dce3cf1c988e6aca9f2c8":"d7f2018c303ee045de4b8cdefcfb5395674e3a8770d65f0757b4cd5e" + +SHA3_224 short #66 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_224:"1a424ecce1a82c47742171a701ad6e0ff1a762ce26f8e332818a7fa1a800a4e506a4bdc813a09ee1d57222ada79a12e2399549ffd80f1628ef55e231ce0913f9ab1930":"277f96fca5d9ab055fae5d4dd10cc49c2237bd38d95bd8dbd168ec21" + +SHA3_224 short #67 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_224:"af172809570cc306333c25523f863c6d0e0154c55e404722f0d4ed419713dabf8e18493a0e0b53b220a36535b1e8f0bbe43e624fac9f566f992807b6f2d70bb805933e2e":"9581170093600cb67063a314d8decf109ff9368ffbc90ea2d3250577" + +SHA3_224 short #68 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_224:"a62f4b43250cdf3f43c1da439bc5e4224b15185b60d615e38e3c512425aab145401b57ac3fc0bcc178eafef52a2b7b04b2b89e760212f96c4ee694990831858f0fa7c13c24":"a0f5775a2d001a66f0882ce1415261994021988690840c6b4a3470c8" + +SHA3_224 short #69 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_224:"fcf81c93f917bb06f278f48826ef9ca8ba99ac8f00129fd9f8e81ca31750d5e54818af0331dd239eb77ee4b0c4d0c2d84794cef27da6bfeb707794d3bdbc7b349968f2a316d8":"a97a74fb01fec5caf3477220eef6e7c36d0ba4199ddc755f7ccf94ee" + +SHA3_224 short #70 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_224:"e61d24b500581734c29902ade4c5035c090868df9f24bb330609fcdff4a72d6f18001424fd813cea32923d8aa86c3d215b2ab7d134237bb62e78f61cb9e9b4ef5ced23729d019a":"40758314f1abbd43e0bc9c73a1c7e24719d56eebcd967b39d355e978" + +SHA3_224 short #71 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_224:"37b14f04233dfb4da5e5bd1852f77c41e25c4926936fe414c8108200f6f3cd78c03e2dd9615446c14bebc2c70d65506a7a5dec4808806291769e0dbab200e576f9fdb9e240c8b8ff":"2d36af0dd95619a96c5664d8987bbb82d183466ff44151034fed687b" + +SHA3_224 short #72 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_224:"45efb0a3d8fb7bb683913459727e8756d67959cfdd4f5b80e13ddf45e09debdc2cc68ceb632d6d45a2d0a869f6d4dc4c136c805849fe77b4b381e4c6b22a3ff69947a9b5aa6b7cbe42":"125e983229f65bf01b59a9b619810a88f1c53b4c3b1960b52a205d99" + +SHA3_224 short #73 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_224:"9b6c3c77746219dd88976966c68ead59eb62aa3cf6647798dc06d4fc7ef8bd44d8903f1b7b6f8bbf3d6249052f862e9ccfb0d1957f0bba233603bca0766286d17eb9746bc002abd69583":"762629518833ba68333fc3e3b4d482c60b4e0e828872826b68313315" + +SHA3_224 short #74 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_224:"9f452f900219017199edfc5d7d86a162d9750bba4cec77428ed1032e5711b6fb7c37c1a65b3d041c7aa1d4f16bbcfc54f35001436b60abfb6544c0b393fc1389e5c5bdbdf2eaab1d99dd59":"19b432f5c38f665441d36c472d386008a5bbd82aa4eabeaabe3d28cc" + +SHA3_224 short #75 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_224:"cbfd186592fa68dc3a21d62db1ba55121f58fecb11695859d70bd7ed2a21a2a013a699640842973b571bf4a7c8ee4f617d5e8a4d1e8c15ae33e77097d146eba27934b1e33d8a041f2444ca3a":"b32ad13ba4a0b9fc1aa9a1a57bdbfbebdfab71cf5a16e06040f75787" + +SHA3_224 short #76 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_224:"173225324c6c350ddba227b89a651e576d1ab6a96895453c33ea61ddb37fa253e666a84d0fea609814688495246161eb9cccdd792cb1b88f36f3125d766e2eabe84175cbe66dbecc91a0ccf173":"fc8feecaefffdaa966e9536b91dfc85ea5113a01d6b320677d727a7d" + +SHA3_224 short #77 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_224:"6999f398407480cd43bafdaedb8624d9ba0972aa5a2f3504a67fe54ef744b7bb41ea70cf8faa771fac6a2f5823de83826af4c3865b6faeeee3d1d0edfe7f0e9fe3207f917b467d841850fc6e648f":"e7abcb4c0f218814ecf45fbf28a3f286d90c5e740aafd1647437c1e1" + +SHA3_224 short #78 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_224:"2727eeb1d51098c69fd8141d78f21275b2bb949e7115fd3860526bbda25547c20cf31b79919fa37bfd4726c4e77906ffe0ca9705f1782da0454e799422c815e01e785d418fa881f84341d8cd71ec77":"2be332c873ed4fb70bc1916c76bef2cd3385e674b83aa1ee8ad28a01" + +SHA3_224 short #79 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_224:"1f48a5b401d88e6cbe37f3f634d55462865f7cde7990052a1e4a1e4cb2e58c84c2c7ef82923447d7c068b6aa25e388acfc05704e46da14316d37ccdd2706a7b79ddeb02dcdd76f342c9cb2f490c18dc1":"448b70f575a8a1eb74030a985e9c504d4eaf6b1814e1146f782c9af5" + +SHA3_224 short #80 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_224:"6dce9a9ecb48b9da8aef51a89e7f7fc1a6a78966b7bac0ac5ba7ab18d92b616bb74537bf7eeb9bd3bdfb40a450747c3de2e6eecfb12763049148fa9134c7870ba80636fb21fc7134f92b0364f5d27deaca":"df855d544e17f01125022bc18e9ffced12f3cd39674e68184657ec7e" + +SHA3_224 short #81 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_224:"d498b6901345afddc5aa50cac77f7f794d7929eed571d95b59c289a0c9f3b812b896bc7b566f5a639ed9948ed066c2c622c6e4dbb2ea37e7c06806d61a22c326d72356ec48c9b5182c29b5f923af20046605":"5b225c29e4547777a2c6a1a2bbe9da2dc6a8c6d0d01d8d8022988be2" + +SHA3_224 short #82 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_224:"e958b80489aa6a38526244da165dc4464e7961e457f763abdb23f7e48d368331197b37cd5ab1e515ceb1124848504d8be587bf3041d10437ebd53915164556b59106bebdf99115122d99529e02ee155138a13a":"364a988400424557a9c60e4e1f32f0855a3383c90b007d30ee3ec333" + +SHA3_224 short #83 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_224:"f33ba982bc2c3308f948a1b64c7fb68fb891bc05fa18781b1dc95dc749f7009adc58cca2bb0cf790ebdbb4165bbfab9304a2a6f234688dcf273094dcd8d7b38416be57cedace5783d8b92993548256b5373f2b4e":"ca37e52f2843a0f65692c5aeed0169601da3275dfb3ee6d81b467f60" + +SHA3_224 short #84 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_224:"8b5d77a906c7ec7563af7551a796e5d5dcf02c42121d7b13a49aa9d4bc79d637190e4e6510ecaf92d1104fd4ec5bd8351446350722d1b2775dbc5e65f8fab473dc637b5ca8a9eb88f68d11dde15275d7c472f9db43":"9337537de482f0cf88cad6b86e195a1e422e59cc60d41d0eca8b0091" + +SHA3_224 short #85 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_224:"3a564a84c2b48ee26da138ce2d1ae3c7933bcd65e40288406e56f30d1c48690a4998389dd27b55376f9b4e7f43607fadb16e8933726f00a3e41264cda553532761fefc73e86ed79b849b94e0895451332dc80fe39a4b":"88eab3e16ca8da5716542bae3c7c736b541c896199b2cb941213767b" + +SHA3_224 short #86 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_224:"618a53989ffbbf54a76f01f9b87772491d87c8f25c58eb11b18a04f5ba8ed62574c351a466df64731c911458d765cbde83e7f29de90bc1bb26cc56b35c140555a7dcf00f5394d76a4cc531d7d5f57bac7dcbd06a4f73ba":"4a727cc6b4bd93d5ff2ecb81ab5057dfdcbe3e0c49436a58b9ff3ef2" + +SHA3_224 short #87 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_224:"31857bb4e82497b526e426de6920a6063d02264d5249feffd14abdbbf03563d4c59ad1f7572c7d0efbc46a65dea9580bde0e387c9edce27cd9b20a46f62a70e6dd5f58e40aac3a22dfb6ba073facdadd58cd6f78c02bd219":"9e614fc139645e158cd1b216e2623e586242af64f8483e6fca20ed4b" + +SHA3_224 short #88 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_224:"14859008c83f2831be4d6e54b781b9fb61dadc40c459a93ede11b4c78a7e5a55a71701427526a03b42d883f247904813cd812e7a947c8fa37406aa6145aea6d3fd9ed494186f35333d423ce31e0cd473a031a5803c5593e9a4":"545fafa43afcaf38063d8a312c3a27e0d74bff957f8ef4d51cb29698" + +SHA3_224 short #89 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_224:"267a14bad702ef0a8468b31c72715f0533f6b97e6e943839dea420719d6defc5a399f84689e64ecf931ee395ee49f1fe362199b73cc6cb0105b3654b16f19f06ee8aa6b5d5418743d4804f9a059270710d126765e6a49c4ce2e3":"9b9360a5c747e6e1288f6f9d971051ffd84641f6d64e0a4b5142e4ec" + +SHA3_224 short #90 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_224:"6c98a8eb3ea4451401e0424c10cb722683b23f75ae254d62eba75abb9aa9698e65ba1ff7c9f86d36d1ca6f0425d19428441b00450e9a2ef685d5da1cd4de1e779184db743fc95a461797333808ae6e42fce1e9da5d82f90cd71b54":"0c6f33f9534fc52f3700f37b9ee678b4c5c8a90b1a2eb1574002e377" + +SHA3_224 short #91 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_224:"4bae62a008d9fdba351a1903c66d58e587361990f7c9eea05a2f51f90a2892f60e6c14c4ed36b908c4039bc89797fd88e54281b37f619b3d9a274587229ef48351e8cb1881cb0fc83e6ddc90a05b160fd7d0a1eb0835d57158e42c7b":"989c156ba1fd1f70deb378e46ffcbf6f2cf9cf977a92ac51643c97b4" + +SHA3_224 short #92 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_224:"83ca6d4ebdf1c04062ca1abb977670ef9bcc889906935fd64ff4c739912e541b8f8c7932f595ef66e18256dfa1f51f63bfe7a9df3ae2aa431771d19318d6aa3bccfac1a4c8aa0a0433ff807a881e0d5a9722aac6cd57c77eb6a9edf8c0":"fb831f2456595fabee9d458625283a80bb4f8f031e9abdbf48b7b51e" + +SHA3_224 short #93 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_224:"f4c7ad8d24ed5a682c473463e85391050c026fef0b0e6dca388e1a7e2bc872a46746a63f3a2c1ca6e4c8b7c5fb6b58850d77a58988ba091bd7fafb66ced184e548bcfb1b0e6e1485fb6a19cd5ed07640a0777b82273d5e80799b7fa7a57d":"13bee617474b3fc3447025f2a488dba8825d46a4e128b9a8bdeb1b85" + +SHA3_224 short #94 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_224:"5f81c5aec92385bfdc55ebd600f23cb04ac9d5c7a1396f801ffea1a6b94aa617231761bdeebc9ec0f4bf9bfaf5ebc7ac82a2c96f1a74c46d94f0dad0bcb9ef7b41ddaff8cf63d2b278239e6558dbaed2797ef3b7f4cff8fe592f6a3551b3d7":"143a6f0a20d5b4dbc5df64a7e50f9985631453eb09ded71667709083" + +SHA3_224 short #95 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_224:"0735cecaedef99bf4c53242f0552f49f56bbe589a2f611af75f4f3aec366cdd6702d46391512580202b869097fceb8a45889fbbf9852472f94bc2f432bb8309c4d0c4d3fba01f6e90c5c2ea3f890ed95d132c31f4dadbf268c378fac5604e8a4":"9f5e9f7429e5488a843c52ffb46ae2e84228919d32330a9193af3b21" + +SHA3_224 short #96 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_224:"9b4e4df92e5152fe1ec56a9fc865f30bac7e949fc4f62f0b158d10b083636b4de9bb05db69fe31b50103fefc5f8daf3af7156b4552ca3667a9d720bbb2e4bcdabadfd4b7f4fc5bc811faa36710a9d17758a98d4a0474fec27e9ef5b74f5c689935":"487a6f2f875cb253de4cef18ecb4f2a54388ebaffbfc4259bdd97f09" + +SHA3_224 short #97 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_224:"a61bef838867710ff4341b26b13b8d7af7e461ccd317b160cc4fdaaec7f1805a28ddd3663a4210a7d1b64a752e866aa7224a75bf77bd0d618bcc3b0a3eed6bfe0eb2b882819e6a4cc437bd38915ce53c55d94e9e9339286483dc230d0049777ea1c4":"e257bc45b62d0853ba4b0f8578698f4262c31a778cb6a6317b6e6d60" + +SHA3_224 short #98 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_224:"c0bd79e0c5f72fcb1de6c234bdb67bd0d3f481b962a3a01f2d8c483bd7d5d98548d51d27532716b195fdfb0ea0b77db759b54e269e69e48e2cb07bc9c06259927d2755f48e8d9a020c58a9c9221a9d836f03b30eabf9099c8eeba6abed63bb38275b28":"92df7f848ada8a9698ddc2e7452ac8fc43cf83d2ca2cadd712c595f2" + +SHA3_224 short #99 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_224:"77823af9b8796c63baebe7ba9dcde12c626b840ea04f42d878646970ca5bf7aba94eaf110da36ce0c834b654bcac93264a349f520e505f1ec903d3589e3a4adf82687a65ee6dd072d6bc05acdfbdf257cd70a5183a54b4fe8e87d1c22b2e9f4ee817c57d":"819a4340938497cd8b1def8444bb03f8429b9e87bad8000002d60b83" + +SHA3_224 short #100 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_224:"ada5651b4e240335600940f207b98371f7e743988957bffe0de8ef0862d1ba52c52b6950e7b05c3542c2fb13acaff0442d33940a0e3ea67232f8437eaa02128283ffc0cfe254ac8f542be3f05fbe4e855dd22ae98a81b9a55b3d3753111210048f2b50e068":"b6177d179cf17eddcd8988c9108b42af9c41adcc5942c4d33b0f1be2" + +SHA3_224 short #101 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_224:"ff4704bbbd719b011244ebedf2f2355338fcc7d64844c3a0f36a21569b55f74a9710f8f3d8d83b9bcd733f5885c32b3d149a5ad137d016c03b93a4d11aff8218e8eeec6d6d12a41d1441f3df040feb098ca2f003c4c277fc71300cdd2a399a7bb98ae711c446":"a1072b28f3453422e611421309aa49aaebba0273c72b835fdeea1132" + +SHA3_224 short #102 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_224:"eae4b62f697cf0bf40a1c2c109143c1dde18e24f1c289aba67e5c83eef52b70cf1433bb98013949285969630054e074ca2e249d465cb383dba51561cbcb626f0b3b1d542db1e1ff168f371c7c6764b4f25ade9eb351622212e99903614bbf1fe3914cdf203035a":"f5273e4d0bf9779a0975fee23c447b3abb1cd17c34c723d62f3a2fd1" + +SHA3_224 short #103 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_224:"0e39e0e6933c6104984fffe115dd8cde77edfee495480aa5e5def424f066a5770345fecb28b16caa5416bc79e2b83145409bd4bfe9a00c8493f06ea2a99dd658fb87b71eb57dafe58da55fa0411e790341e31a8ba8f35bbe71af23b4e8833fd65ec8b4e621e95340":"62fb7d6b3810d0fd7d96b4ff5efe7bd283ddbbeda4a21a62f985a3dc" + +SHA3_224 short #104 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_224:"e32bea9ab02de7d893ecb7857ba66df2c35ed258123065ca80e2a067fabb7dd4e79839ea0b3c58abace8e97bf42b0b8d97fcb09bb606a1da0243c32d24cc98985df008f8698362f2aa789e2a82b3e5b5011853d0c0e8fbd20c4d2b5f4733f2df8c5ae02e92a90d95d3":"278e06fd12a3e314f60d59a323673ba0a22003e42ac48e1cd04a70d0" + +SHA3_224 short #105 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_224:"4157752d3d175a4bc1334fd42c204111728e7059659dcedf334ea7ce30378798d67c598a0afacca5a1c5fba923d54c72cffc9887df1b8df10d96514955056815fd2dd855d32e8b58b6fdf4d45715f636416a0137179f7eb01d786daffa924ccabd523bb31d1b5f0d05c4":"1cab43635d501e43ac42beee263755b9a29827e2a18b21d7be42e447" + +SHA3_224 short #106 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_224:"2df12d8c256cd1a127e525ac3763e30c895982eee67ab7c150ce3deae906d2b9110d829ccfdf2793729e31e478e3a310ae525e059971a29515bad2273cee77ad89ad88d63d44e98402c63180cf5eb06d0be3b1faf5adfc5c43a79ffc09a6ee6cddf9c9a039421d5b2184ad":"ee60f0d01008cface49af2ee5780ccdee37404c37642008a55fafaf2" + +SHA3_224 short #107 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_224:"03be6940e859f9b072660dff28a187551c2425481dd0555d2dee4acc36164f84f8505b6f467ae6f772eafcc9065490d9b4ed12a690d044bf7da14986e571fe34aee28e1d698c4136cc9f95d462c990b6815a54467da6f41c1baa86c448f37ac10bbc2ad1b957b17368ce01a7":"a8aa80d4c925889b58eff41b89682b92bea60c1c3995043dac312d2d" + +SHA3_224 short #108 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_224:"0baf1ac243c1f34ca5e00aed4d867f967bc2b963e93956c35b6b68da7737de23d7a1405a5dd4a099c663cdc182d4c91bc35f7d3fd5f3ac35ad7a26dbc45e3e86264c7decc538984214a1a0a1d11679ae22f98d7ae483c1a74008a9cd7f7cf71b1f373a4226f5c58eb621ec56e2":"f12f7a1c5c1c383a2a5fff8932e2ae9dc342b37652d47356ffc1cb37" + +SHA3_224 short #109 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_224:"3c29a8c83e48194a7b87b69e376a06063de2449bd171fa91e58ed2bc904ba853bb35e3f51e7c06e96b5482aac89acfa383bbba3701d20104f8101d69de615f45a24c3e02991bf0d3bb3d37390fe87ecc64032438424218862093a69dd7b99008573661f9996ffe8ed50b7e54f49c":"5c6b29c3cbfd1d2eadf7c791513b27f21c934de6378ef748b779b71d" + +SHA3_224 short #110 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_224:"68a3c06e0740b569c72ea6a90d8b45e83c7c350d2bcf1cf6d6dffa7553b8b998087c052e1c065d862bcc6a7a3e0a90acfa1dc410172c9dab140ead9a296811557e1647359acd40341efeb6f5b3fdc0044162a45e62b0ec341634bcecb830626930392f8c6bde85fa088a322054acfc":"58a691524398a5746df28ac083f15861750e0cdd1fd5e5f57c982c18" + +SHA3_224 short #111 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_224:"d4f757d1c33b9c0b38b4e93e8e2483ec51b4861299f1d650961457496d86614d42a36e3696bf168fd4663efc26e88cd58d151e1531467b73f69dc9ce4f8d41ce579ce1c91e6760e340e7677abdf4fec1040745aa5144640a39b8c4f884df80753a691653003d634fa5bfce81f94ec3f6":"be11259377f09821d9dc358592b6565d8ef2b414dfaa7db5609fb751" + +SHA3_224 short #112 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_224:"ecd9e95f7c5efc8336f80fe67e113657b31482bafc22dc5b45073482846cdc48414d2ea855ae75d9f28a0bdbe30dbe511503788e578f20f25e20bb770ca1d787f2f02911139275dbeaa5ae1aaf155f40d7134915dac34d0938358dc8be97cf1005a922bf3d71c331282f41c86993e0ccff":"6950ad0f91398b39965b1859ea918c531212face1e51d4d390f094e1" + +SHA3_224 short #113 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_224:"834ddd8fc7ea0c3385ef8280d3a7b22d59ad17d710a51a544a293544f30659e816a98d38a2d4d92f6f96626a7c79d6f17bfd0a558f45e2fb541172b720ec629c88a7971326050f2b9ab80d30cf8c777f80e37c98fa61797523e81e1bbbc7cd6ee22e4249dae679ce0f3eccfb54495d7e7046":"ef21ee8d568c009eaa8d1ea770968cb718c4d56e7b2d966bfcbbf398" + +SHA3_224 short #114 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_224:"6ff611208395d81500505dae050ff0c29c0afde2a8e89c96192863ea62c17e292d0502e94dcb7f47f4cdd574264f48716d02d616cf27c759fdf787cdcd43b169ea586c8bca25fa3ce1a08eb615655e2471a0faa81d2edca28eff4030fabf36f10fb5f50fe4eb727c308f317bba995b6310ae12":"8a29f2c0d564935b8d31b7d007f58138489d140917a28ee85d43b6f2" + +SHA3_224 short #115 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_224:"f977ea38076328bb0ee2297cbe3b2a9755fe8bb95ae726298e04df05201a7ccf2046b82836e092da94a4eb1c291450121718159468e8a330fc2b1272c661fb62397e874ffcd7cccbe5425af725791001c0c035ea41c8c48dabd206ddb217666e2b688237c2127e96eb049d941b34126b373e1345":"15180df5554387337f04de2f37a16b28125adbd02b6fa6cfdb24195d" + +SHA3_224 short #116 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_224:"22a8fb43d54fff82749cdce98abe8adafcd443ffe16bf0e99341e1f7064fc07a5907c816abdb326c30fef0f5846e9e313f32b602c9e00352706358fcb7fb81eaf1857a7b0ffddf27b741a465961806ccf672c17993f284b2aaa9a2c854250a4212aa7937a9bfeefc30ec5f0067c3aaf34a1dce2ee6":"d11fcbbb2fa03109f952a56e16867c70904552eb580a6659314bd5fe" + +SHA3_224 short #117 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_224:"68727636ff38c0ba8999dde3cbd9503900d5ccb01d3c9b7959fb411eedf95cce1805cef6670d1e1133901cc06b55c41d945e654c0d18035498d4f92d167ae21b927cba3a810a41594885a00bff354ffc753e368274d01374469f1b3f7793e436ddc0822ad698f13bd15fb3ed10e0b97fac5f8778d9ce":"21c71bd09ebf5d09155347c4f476b8f9c5aed4579573211887ab6084" + +SHA3_224 short #118 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_224:"167cb772f096b2e3b1599cce3440d1af57c5b7df5d2f460b91acc7e52c9fdb19793bc0833751d09f3f664a4167095586a564420a7810125b832e38ae7bb3a0d14403ef6157c20d3d67e6e13a44115b19ff1fb8b64ffa018133b6d532d9da69b9bffbcd74189071a57101e7239401ea50ad1ea04aab961c":"c46cb2dfeb8b961e6e84d72e05111e04d62e3f93a055164b135b9072" + +SHA3_224 short #119 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_224:"b88ff728c8f829841a14e56194bbf278d69f88317a81b4749aa5fdbc9383486e09bff96a2c5b5bdf392c4263438aef43334c33170ef4d89a76263cb9745f3fea74e35fbf91f722bb1351b56436cdd2992e61e6266753749611a9b449dce281c600e37251813446c1b16c858cf6ea6424cdc6e9860f07510f":"8891cdfe486a582e8340bd8b893996d7a4e547e3bf50551902e722f2" + +SHA3_224 short #120 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_224:"520f27a4d096d4193d2bc0983cf83bbb5084845b41844800c1f5669b4f67f5785c9c886eac51b059005cc3caf2f7dcfc205c230a8c924f604386696f3d5dd2a68509879d991aa49314d7271a8a8ef711b42825d3cd0071ae3bf6109772bfac1b167fad995f99b7afc2c573f2ce6493e25411101dca79b6d2f1":"216ea50997596f71edc94ed96e2b686628640f94a3c64adef05c2b63" + +SHA3_224 short #121 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_224:"75c23e556178f00440533bcd25257934d0c6f5e68a64f1aa511bee9435c5277b02145fae1fdedce3b6b7b47015c547be55d00dfa3999920d586dbecf7ff95a775160d057308b32c661c17e5d6a772166bf69b9919ee91fe93877a50711939c85a9cf1ab65c28fa94879623faece20e1458b8821383fda2253762":"d1631028a8e0ec4adc689cabba8bf681d11e2e2a5059f293f7ef5be3" + +SHA3_224 short #122 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_224:"d23373b9405024d0c4b17aa503f7e2ff7d308083124ed2cbc4d990b9bee0d70b9635872fcfdaea58a2b696d1fd8c9492cd2ec11179ee755aae5663626219c0981348a8be50c9bdf77b061121cde246649af1f30bd7e84a93d952f8025f854d7bd3d59d0ecd07e6d4d909b23c7ae03fa06fe1de1c3424999fcc3618":"726f6584ff9ea998ff326c9f73291ace8726d8697e7aa94f1ed42f7e" + +SHA3_224 short #123 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_224:"6f057f91480fecee8a7e3879dbf8c52040f96f5929c6b8b6aea223b91843ddeba387a2288264df3d241d14b5b6bc7defe9bcf174f5060a88de1f86fff59fed52a3e574f2620922dc0c12316e5869b779a18e8697ea0a50bf20a50f169ed8a308f785bd98efe6fdf4cac4574dcae9bbe5f3d7f56a11bad282fc9c84a7":"6b40e5c86db3d9c384c22a46cbef5f8e8c427bb6bf43268edd918aeb" + +SHA3_224 short #124 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_224:"6f77874dcad9479f5bcac3763662cc30cb99823c5ff469dcbd64c028286b0e579580fd3a17b56b099b97bf62d555798f7a250e08b0e4f238c3fcf684198bd48a68c208a6268be2bb416eda3011b523388bce8357b7f26122640420461abcabcb5004519adfa2d43db718bce7d0c8f1b4645c89315c65df1f0842e57412":"0228626c63c20465d5139d1af0b9ce17e334ebe10a5eee2cafe96cb1" + +SHA3_224 short #125 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_224:"ea841bd41b22e4c98b223332918eb791f51d1978540785f9c617675dbd02721831f7e7fdfa7714af7d671b588a64f49d8556b5d1c448116839771faf51a85dbb1bbff59fad8e3fe3c4eb8631aa050f505df85757ed9e9d1a26a8a0e96feeaa7af204cd23fd0e6d4ca8d5ff25b91a0f94c42a887297b230f6d5d57271e07c":"ff33c64231dedfc247e11e35aaf82d283a9ad62034102ee2bb5d4609" + +SHA3_224 short #126 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_224:"7216a825029da1c9a9328d499b3ff98f6e18b8af368e2b19efc1c0121b35b965ab282f55232356d7fad002fe3f0b6ab7833b2cb6f2e392b0c37414cbd3661e538c8613ae0c9291928303f775dd2a2445a27e825a1a3544a9b411eb3aa87d0fdcdcd85c170511db620e747296bdc3afa39489c181f5abc76a8a404e47e4a214":"9440d3710b43e79899e116987366b2dd36b44b2f39e377fa2d4fe143" + +SHA3_224 short #127 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_224:"44a8508a3c3976d563e933705be4dbeebc726304b511203df7c7d1efceb6e06e91f1e57f3d8e6c105dfdf8262d984816fe7ad8f8dc95ab596fff48301f8d03137ba37dabdc4a6e664583a26b8edc42d3c2405516c51386c33a7f2875a3087702ca6721f56195053fe5263a29c8d8538dce6ce146b8b43ae520ee79a5a450c6a2":"a2743d341023ff5f775d90185d3139a7756b0a65c19ee876ebeb92ae" + +SHA3_224 short #128 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_224:"a8ef4107f41ebbc5799a716b6b50e87c19e976042afca7702682e0a2398b42453430d15ed5c9d62448608212ed65d33a5ca2bcdca7728037df2e5f9fd9e974d0315dde8290241e3e2b2cc06f8c653ebc95bc2195c24d690caed42fe7d96589f3a85eae9bad995ab829e674abcfb8efaacb1eee5703f52b979d5d99a1c1694855a0":"b411a28ff46513d0c3d63cf78a9b6353466cba3b926a8d895ee14fdd" + +SHA3_224 short #129 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_224:"f649d801b4040b7b5152f58a01e7852f565efc77b5dafe4607eee953b0ba6774c5573f1c79767121d94381c3ba9013ebef2fb8b0bf9f081f96ecf13cfad04e44c11ebb358160a89049bfad5e8e241d71689ddeecff0278063fd86b0ad475c6a25265f556b30ddb50078e216267edcd4a2b7016345d4b76806d7b02c625f3f717e0f6":"b94debadc833d5706cd4736bb1dc75039827832ae408859e2e6a6941" + +SHA3_224 short #130 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_224:"eb71b45a494e76462edf41a9fdcbb3f46fb863b9e259d0c8f4a79898516eebe8c90c3ea5a675440f3c7b1a18c14dc20c5f3dd27788c66d448acd73226327f52cd65cecc8beaa2acfa34d90ef8bfe824e12ba9870bdc4965b8ced9ff9ce13a5bd39e824893af410d08ade0cf802e7dc02b0b71d6c2a5c3356229084e53b3ae4e51b384f":"fbbec05ee1fb5f5cd1106ed7384850059cdcda474ba7cec0407a272b" + +SHA3_224 short #131 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_224:"4eca0c51d30829b9a1d2712da1fac31f52942d77c9f20c2bf6d3751028d7d4f0d336d3dc92b27ec368caa4444b3180c1e37e98b58f25e647a9a6361f0b04cf78d17955766168eebaa993a435a88e0b39307423d6ead87f639afea75ba44bbc6bd0fb5ac84a12c2c6ed9539a7c0f9abb0c1dc9483e2f321a85244926dfd95e2f05624aa7a":"fe313eb74f955c0cbb1c446dd4ff853f32b3232d93faba7db6d1fab8" + +SHA3_224 short #132 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_224:"97784d14db62a7f98f5ac3df742e013489ec0b8777b05ef82bba06edc5c3a807b191c65513ca3fc7690615e56c2773c036edef29aac50c2211e20392018fc33d83c436f274f7c6062c3420025e7037993f1b8cddebf4aeb20421fc829c7fb23255372455c69244a0210e6a9e13b155a5ec9d6d0900e54a8f4d9f7a255e3a7fd06f1218e5d1":"5504f39131773550b6f459f33a5b57a2ce60ce8bb78c574fef83dcf7" + +SHA3_224 short #133 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_224:"1ee9047351e2a13e4a2d5a826e304fef82241fbab5100835e1f850a20e51e34938b93dc852e58aab8adb0c3ccf61be9c90b53713c77ed0a5370309e6f19b290f1d642550f738c36818ddff74f77cae04af55617403b08c7a9f17e8fba0c21523575384b44ac4949e7c9dfbd1ef6a684f666c67856f8f84dba19cb38a23b0efad6eed229c536f":"b8f253512dabf9d89d2080830f23da5893b0f87edc0bd624ea767f14" + +SHA3_224 short #134 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_224:"1f363d2f7aa89e2b6c5e172f530d1a35531d0083a5acfcd232d64db06134b8232da2368f7a46ead9a9ce55cd6af8cdbdd1582b6bad56c52a15769c3f43dcd68da60f6e7232fd2aecfb3fcd00029f8e5c4ed7ca3b3f9cf68920dbd747fb43f532b1034d9f49d546aa893be68fc3084658f22343b9068877387b8f68903071fe5877083be068d626":"e59a19686df36bf5fe798a9565722b8e0bdd9f8eedbbb4a34a9ca7ab" + +SHA3_224 short #135 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_224:"ecf5d9e29c1c04c11a9503cc223d0cee4866fa26df2b4f7c1a017939718f545746c0f137c9169692194105b2acf001e2f0e70f2332517a20c05899644af454cb8e00e5363593dc83f78d66bd0670ce8faa7244ff28d0de59e964dc68d87a30ec0ce03e49a73ce07dfea2ad54fa667bdfbe2f2222894d830dde4dc9aee3caefa4088683d7e8b9a966":"a886eb94f15df208be122912d4edf02561482278a9f847ddc91c9bd2" + +SHA3_224 short #136 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_224:"9f44357664b5e3a958780641cca52049f3b49f07484b5f762a5571f7c9541b4346f81fa416f04065a80003864754b3b54114a77a4938c8b21a9e4d3e5d59c9fccd4d68f699f975da099320ab655a7fb51328d2c6ff460b9b40858e99f88a35be7b6a97d6b4778af2c559e616ee608c32b018a753321e321be333bb6f618f666f9a7734ab3112859323":"8839f755eee84e15c586b52e29a41ddc640ac432cf31370680987a44" + +SHA3_224 short #137 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_224:"c1aa1266f223c148bfa3d0ab29f278334d8fcbfbf0f4ebef5c1b7a766b415155e1ea75d0fe2546115411faced7a04a27339b6bcd62e740697d06ce3cd2e0f00238c44c1d9faa85efebbbb3880313108124c5f3277c1f03ddf430a4bb4d88b67b6e3f7f96fc39e5aa2ca7e11fd5d1300aca144c5166269a1168a2e53c01c00b872c63f6833e5ace09bedf":"439e3c7a0d655a30a9749afdefb7e048814335849df76d526c287727" + +SHA3_224 short #138 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_224:"0a367d3789827ccd4bef5fe8eb78c20503241f07fb8c41d81e97fb53f3891962ca3c976395ac11d1f9ba7b20a52912e8e3ed92466ca5aa808166ade737ba8a0213e8fee8d67608ee9aed9e821edc9e575f1f07c3686169656ae09a0a0f70abd10cc31a8ef6e7496d56102fd8ff984e9a9f44e54495c966cf028f2a8423b46419de54541d9a08bd9654ac98":"40318036a595630e4135f10703be1d759a6c7e5146e0fc82abeba184" + +SHA3_224 short #139 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_224:"8a05b00ae2d5f652f02f98a1b035003f8fa7ba1b17fc3778cdb1cae35ae1f768ea16ed05d25f515f75a23db468348911d4a749c51ce39615c07892318233a667c7f00e973fae98e7c8e9a8b7902480d87ac5bef8c4252661e6e8a2e4bd8a870fe83b1aa773ed5352b2abe193702c6dfb4aa8239e55ea6fc507a704e2540e23c917a01a1cb4420b07fb90ee2e":"9a26f054e57aea14242d7801f3d61ddca1523b738fc26fecfa5d9a6a" + +SHA3_224 short #140 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_224:"ba6442c6d2139201dfef32c1ffb0ce92dd64091bd507c250595395e993d9a5124b5199640c2fe51482774b6a27d1a1751fe0d4fe5fd02dba152ed3c344fd9249af06da85f96f0bef0a8fefb1b501885b97f70dd842d12fa19befa03080c3d6b8ae2a0d13e2fc8bfc3fe1277ef0670cac0e52bb93c4344f6db13d05188d53fbc6106538f50ffdeda2e915fab921":"58470da58476bcb89450c521fc396c6dc51b9fb6465c979aba5f8eb4" + +SHA3_224 short #141 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_224:"96fdb76f83bf12b3f4f322bf613fc38b2c8e0678856230418b6b062fb358488d6eed7c5c0656ec48c9bbf2da6a1473eea43faa68204f27239928172a3e49c52b58e861282c4401702337e5ce280aff00528eb26ac368db0cd0ad0eb262af226a9b16ef3bbd325614488f820363ca6ea77da4a7e8345554e57623732ee6326534819eadfe81c7f51d81ec51e1e3fc":"be92d4a6946de0e93d5bbe420651a8befb97cbdb5d63b22aaecf453d" + +SHA3_224 short #142 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_224:"0eef947f1e4f01cdb5481ca6eaa25f2caca4c401612888fecef52e283748c8dfc7b47259322c1f4f985f98f6ad44c13117f51e0517c0974d6c7b78af7419bcce957b8bc1db8801c5e280312ef78d6aa47a9cb98b866aaec3d5e26392dda6bbde3fece8a0628b30955b55f03711a8e1eb9e409a7cf84f56c8d0d0f8b9ba184c778fae90dc0f5c3329cb86dcf743bbae":"98ec52c21cb988b1434b1653dd4ac806d118de6af1bb471c16577c34" + +SHA3_224 short #143 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_224:"e65de91fdcb7606f14dbcfc94c9c94a57240a6b2c31ed410346c4dc011526559e44296fc988cc589de2dc713d0e82492d4991bd8c4c5e6c74c753fc09345225e1db8d565f0ce26f5f5d9f404a28cf00bd655a5fe04edb682942d675b86235f235965ad422ba5081a21865b8209ae81763e1c4c0cccbccdaad539cf773413a50f5ff1267b9238f5602adc06764f775d3c":"26ec9df54d9afe11710772bfbeccc83d9d0439d3530777c81b8ae6a3" + +SHA3_256 short #0 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_256:"e9":"f0d04dd1e6cfc29a4460d521796852f25d9ef8d28b44ee91ff5b759d72c1e6d6" + +SHA3_256 short #1 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_256:"d477":"94279e8f5ccdf6e17f292b59698ab4e614dfe696a46c46da78305fc6a3146ab7" + +SHA3_256 short #2 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_256:"b053fa":"9d0ff086cd0ec06a682c51c094dc73abdc492004292344bd41b82a60498ccfdb" + +SHA3_256 short #3 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_256:"e7372105":"3a42b68ab079f28c4ca3c752296f279006c4fe78b1eb79d989777f051e4046ae" + +SHA3_256 short #4 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_256:"0296f2c40a":"53a018937221081d09ed0497377e32a1fa724025dfdc1871fa503d545df4b40d" + +SHA3_256 short #5 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_256:"e6fd42037f80":"2294f8d3834f24aa9037c431f8c233a66a57b23fa3de10530bbb6911f6e1850f" + +SHA3_256 short #6 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_256:"37b442385e0538":"cfa55031e716bbd7a83f2157513099e229a88891bb899d9ccd317191819998f8" + +SHA3_256 short #7 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_256:"8bca931c8a132d2f":"dbb8be5dec1d715bd117b24566dc3f24f2cc0c799795d0638d9537481ef1e03e" + +SHA3_256 short #8 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_256:"fb8dfa3a132f9813ac":"fd09b3501888445ffc8c3bb95d106440ceee469415fce1474743273094306e2e" + +SHA3_256 short #9 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_256:"71fbacdbf8541779c24a":"cc4e5a216b01f987f24ab9cad5eb196e89d32ed4aac85acb727e18e40ceef00e" + +SHA3_256 short #10 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_256:"7e8f1fd1882e4a7c49e674":"79bef78c78aa71e11a3375394c2562037cd0f82a033b48a6cc932cc43358fd9e" + +SHA3_256 short #11 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_256:"5c56a6b18c39e66e1b7a993a":"b697556cb30d6df448ee38b973cb6942559de4c2567b1556240188c55ec0841c" + +SHA3_256 short #12 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_256:"9c76ca5b6f8d1212d8e6896ad8":"69dfc3a25865f3535f18b4a7bd9c0c69d78455f1fc1f4bf4e29fc82bf32818ec" + +SHA3_256 short #13 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_256:"687ff7485b7eb51fe208f6ff9a1b":"fe7e68ae3e1a91944e4d1d2146d9360e5333c099a256f3711edc372bc6eeb226" + +SHA3_256 short #14 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_256:"4149f41be1d265e668c536b85dde41":"229a7702448c640f55dafed08a52aa0b1139657ba9fc4c5eb8587e174ecd9b92" + +SHA3_256 short #15 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_256:"d83c721ee51b060c5a41438a8221e040":"b87d9e4722edd3918729ded9a6d03af8256998ee088a1ae662ef4bcaff142a96" + +SHA3_256 short #16 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_256:"266e8cbd3e73d80df2a49cfdaf0dc39cd1":"6c2de3c95900a1bcec6bd4ca780056af4acf3aa36ee640474b6e870187f59361" + +SHA3_256 short #17 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_256:"a1d7ce5104eb25d6131bb8f66e1fb13f3523":"ee9062f39720b821b88be5e64621d7e0ca026a9fe7248d78150b14bdbaa40bed" + +SHA3_256 short #18 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_256:"d751ccd2cd65f27db539176920a70057a08a6b":"7aaca80dbeb8dc3677d18b84795985463650d72f2543e0ec709c9e70b8cd7b79" + +SHA3_256 short #19 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_256:"b32dec58865ab74614ea982efb93c08d9acb1bb0":"6a12e535dbfddab6d374058d92338e760b1a211451a6c09be9b61ee22f3bb467" + +SHA3_256 short #20 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_256:"4e0cc4f5c6dcf0e2efca1f9f129372e2dcbca57ea6":"d2b7717864e9438dd02a4f8bb0203b77e2d3cd8f8ffcf9dc684e63de5ef39f0d" + +SHA3_256 short #21 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_256:"d16d978dfbaecf2c8a04090f6eebdb421a5a711137a6":"7f497913318defdc60c924b3704b65ada7ca3ba203f23fb918c6fb03d4b0c0da" + +SHA3_256 short #22 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_256:"47249c7cb85d8f0242ab240efd164b9c8b0bd3104bba3b":"435e276f06ae73aa5d5d6018f58e0f009be351eada47b677c2f7c06455f384e7" + +SHA3_256 short #23 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_256:"cf549a383c0ac31eae870c40867eeb94fa1b6f3cac4473f2":"cdfd1afa793e48fd0ee5b34dfc53fbcee43e9d2ac21515e4746475453ab3831f" + +SHA3_256 short #24 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_256:"9b3fdf8d448680840d6284f2997d3af55ffd85f6f4b33d7f8d":"25005d10e84ff97c74a589013be42fb37f68db64bdfc7626efc0dd628077493a" + +SHA3_256 short #25 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_256:"6b22fe94be2d0b2528d9847e127eb6c7d6967e7ec8b9660e77cc":"157a52b0477639b3bc179667b35c1cdfbb3eef845e4486f0f84a526e940b518c" + +SHA3_256 short #26 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_256:"d8decafdad377904a2789551135e782e302aed8450a42cfb89600c":"3ddecf5bba51643cd77ebde2141c8545f862067b209990d4cb65bfa65f4fa0c0" + +SHA3_256 short #27 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_256:"938fe6afdbf14d1229e03576e532f078898769e20620ae2164f5abfa":"9511abd13c756772b852114578ef9b96f9dc7d0f2b8dcde6ea7d1bd14c518890" + +SHA3_256 short #28 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_256:"66eb5e7396f5b451a02f39699da4dbc50538fb10678ec39a5e28baa3c0":"540acf81810a199996a612e885781308802fe460e9c638cc022e17076be8597a" + +SHA3_256 short #29 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_256:"de98968c8bd9408bd562ac6efbca2b10f5769aacaa01365763e1b2ce8048":"6b2f2547781449d4fa158180a178ef68d7056121bf8a2f2f49891afc24978521" + +SHA3_256 short #30 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_256:"94464e8fafd82f630e6aab9aa339d981db0a372dc5c1efb177305995ae2dc0":"ea7952ad759653cd47a18004ac2dbb9cf4a1e7bba8a530cf070570c711a634ea" + +SHA3_256 short #31 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_256:"c178ce0f720a6d73c6cf1caa905ee724d5ba941c2e2628136e3aad7d853733ba":"64537b87892835ff0963ef9ad5145ab4cfce5d303a0cb0415b3b03f9d16e7d6b" + +SHA3_256 short #32 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_256:"6ef70a3a21f9f7dc41c553c9b7ef70db82ca6994ac89b3627da4f521f07e1ae263":"0afe03b175a1c9489663d8a6f66d1b24aba5139b996400b8bd3d0e1a79580e4d" + +SHA3_256 short #33 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_256:"0c4a931ff7eace5ea7cd8d2a6761940838f30e43c5d1253299abd1bd903fed1e8b36":"dc5bebe05c499496a7ebfe04309cae515e3ea57c5d2a5fe2e6801243dd52c93b" + +SHA3_256 short #34 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_256:"210f7b00bf8b4337b42450c721c3f781256359d208733846b97c0a4b7b044c38dbb219":"3305c9d28e05288a2d13994d64c88d3506399cd62b2b544213cf3539a8e92e2e" + +SHA3_256 short #35 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_256:"3cb8992759e2dc60ebb022bd8ee27f0f98039e6a9fe360373b48c7850ce113a0ff7b2ae5":"3c00bf3e12ade9d2de2756506f809f147c8d6adc22e7bb666e0b1d26469e65a5" + +SHA3_256 short #36 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_256:"22634f6ba7b4fccaa3ba4040b664dbe5a72bf394fb534e49c76ec4cdc223f4969e2d37e899":"a87e5c78837d7be0060d8f5eda975489ec961b28d7088f42a70f92414ae17793" + +SHA3_256 short #37 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_256:"6e1dcd796b2015ee6760f98fdb40e668b2cf38b05c91f6a91e83bcc8ac59f816f90a59d64e8e":"746bf845c08aa186b5fe1ca35528232c4a491a3a2a32cd23e990bc603f3268ae" + +SHA3_256 short #38 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_256:"ee0be20320f9d44073281265a6e9fa6b9d252495624b8d016b8ef57e1b4e859d8ad3b50b89416d":"a3257baf14ca16e1137dc5158703f3b02ebc74fc7677165fe86d4be1f38e2f7c" + +SHA3_256 short #39 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_256:"8ae2da242635b6568289bf6bec8a438dbac1f5b4d50a90bb7449bdb92a59378e23452dbcabbbe879":"e25c44802c5cf2e9f633e683d37aa8c8db8a0e21c367808121d14d96c8a400b5" + +SHA3_256 short #40 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_256:"bdd0252dec5b798ef20e51791a18e8ca234d9bfde632a9e5395337a112dd97cdf068c9f57615424f59":"e02c1b197979c44a5a50d05ea4882c16d8205c2e3344265f8fe0e80aed06c065" + +SHA3_256 short #41 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_256:"c4c7b6315cb60b0e6cd01ef0b65f6486fdae4b94c6be21465c3a31c416ad2f06dcf3d6eae8eecf84ca7a":"2da21867cd6b5402d3caff92a05fddfca90199fd51a94a066af164ce3d36c949" + +SHA3_256 short #42 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_256:"b17977aced3a1184b14b0e41a04dd8b513c925ca19211e1abdc6c1b987ac845545fb3b820a083b4f7883c0":"f91b016d013ede8d6a2e1efd4c0dd99417da8b0222d787867ca02b0ea2e80e45" + +SHA3_256 short #43 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_256:"f65c3aa1d9981a84e49fc86d938f3f756f60e3858d5e1f6957dd4d268e28d68e90ba9a11d7b192d6c37fb30b":"3acbebf8eda9d3c99a6b6b666366c391e8200d55fd33ad8680734def1dc7ae85" + +SHA3_256 short #44 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_256:"49abba1fa98f3c4470d5dd4ed36924af4a7ad62f4c2dd13e599238883ed7d0cb95bbaae58b460332e6b7681446":"02bcd9ea4f1aa5276f38e30351a14a072bc5d53a52d04d559a65ca46f1bcb56e" + +SHA3_256 short #45 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_256:"275645b5a2514fe65a82efac57e406f224e0259677674f1d133f00a5ee9a6d1a8fed0eadbbff5a825041d2a9715d":"c70a874d786cd0f3f09fa4dc1bb8f551d45f26d77ad63de1a9fdfb3b7c09c041" + +SHA3_256 short #46 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_256:"cd02b32107b9a640fc1bf439ac81a5c27d037c6076e1cfe6ad229638037ac1550e71cf9557c29c2fc6017afd5a8184":"36c73d11d450784eb99af068cd4e1cbc5768c8a2118010aceec6d852dda80d95" + +SHA3_256 short #47 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_256:"5a72e0e1aec82a6541f04883bb463b0c39c22b59431cfb8bfd332117a1afb5832ce5c76a58fcf6c6cb4e3e6f8e1112de":"90fc3193552ec71d3315ebbb807913afd4cd2f0833a65e40d011d64de5e66513" + +SHA3_256 short #48 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_256:"43402165911890719f9179f883bbbc2a3be77682e60dd24b356a22621c6d2e3dcdd4cb2ce613b0dfe9f58629ee853e0394":"5c4b6ceac9441defa99b10b805a725d4018b74b3e1f24ad8934fc89b41b8fd9e" + +SHA3_256 short #49 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_256:"fc56ca9a93982a4669ccaba6e3d184a19de4ce800bb643a360c14572aedb22974f0c966b859d91ad5d713b7ad99935794d22":"e21806ce766bbce8b8d1b99bcf162fd154f54692351aec8e6914e1a694bda9ee" + +SHA3_256 short #50 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_256:"ace6297e50d50a11388118efc88ef97209b11e9dfcb7ad482fc9bf7d8deecc237ad163d920c51f250306d6cedc411386a457c7":"f5581403a082bbf5ad7e09bdfccc43bf9683ebc88291d71d9ce885a37e952bd6" + +SHA3_256 short #51 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_256:"3bad18046e9424de24e12944cd992cfba4556f0b2ae88b7bd342be5cff9586092bb66fac69c529040d10dd66aa35c1023d87eb68":"faed76ff5a1cd99183b311e502c54e516d70a87050cf8961c8cd46f65c1358cd" + +SHA3_256 short #52 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_256:"e564c9a1f1aaf8545a259f52c3fd1821ed03c22fd7424a0b2ad629d5d3026ef4f27cbe06f30b991dfa54de2885f192af4dc4ddc46d":"811529c600c9d780f796a29a6b3e89f8a12b3f29c36f72b06cca7edc36f48dc0" + +SHA3_256 short #53 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_256:"6043fa6465d69cab45520af5f0fd46c81dbf677531799802629863681cea30ffa3b00836fbf49f87051d92aaeac0ed09bcb9f0755b7b":"b0fceecdaef6c76d5fc3835b523ce2416f4a9b9bd1f90234445df0f2b689f2f5" + +SHA3_256 short #54 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_256:"2040c538c79237e6f2b8188c6375ec2f610ac2301607b9c23660c3a1e1c3a902cb2950c59aac3af28f984f6369c4debe8623dfa74c967b":"e33dbdc0acc23fcfad3c759c4333410bd3a40efb1366ade157d2c81d65a0a6c7" + +SHA3_256 short #55 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_256:"00ff6c96b7aa3cf27d036cf20af7031434113252574bda9cf9244d85aef2593d3a7a83bff6be904b75164a1766828042bc3f4f090d98a03d":"d000eafca34815783bed9b050c6901c97f2e77d4771a0ed724dd8f6ff1448791" + +SHA3_256 short #56 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_256:"e8df14936cce118139e690f1662f88cfbc9c333b6dea658c02cb1d959644592842542fd9d8d61a04d4a892128f0ddff7b6502efffbabe5cb0a":"3479a9617a3adca35854c08fe987c2fe7ff2b01b04f2d952c107b3f066420551" + +SHA3_256 short #57 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_256:"4ed981a31f70dd6b70c161be1f01fc1bba54d06d9494e7eb194e213d5e0e71e0fddd49cb1f075353da22624cbe4ba871aab32906e45b6fbb691b":"9c824a00e068d2fda73f9c2e7798e8d9394f57f94df0edeb132e78e8a379a0cf" + +SHA3_256 short #58 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_256:"7802b70c6158bc26d5f157671c3f3d81ab399db552b9f851b72333770348eb1fdb8a085f924095eb9d5ccfd8474b7ba5a61c7d7bcde5a7b44362cf":"fa9726ccb068c0adb5d20079c35a318b3d951eb43b196c509ab790b7e9202207" + +SHA3_256 short #59 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_256:"ff83dcd7c1a488e5a128d5b746284552f1f2c091615d9519f459bc9010ca5e0ac19796c4a3fd7a15032a55a1410737d07855b07f61fbd8f5759e9218":"8bd8d494a41acda4b7cd2994badaecff0f46ba2743458f6c3fdc0226f9492ede" + +SHA3_256 short #60 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_256:"afd4764cc7d5de16a3cf80c51d0c0d919f18700c7dc9bc4e887d634fe0a3aa94097d590e4123b73f11ccb59e23496a3d53d2bfa908056c11c52c23abfb":"e9e3b3da648cf230f1973f3814eb81316d2a496826ea39adf4674576f97e1167" + +SHA3_256 short #61 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_256:"6fa6de509719ffbf17759f051453c0ac3cbe13346546bbc17050541074b034af197af06e41142211ee906a476039b3e07d6cb83a76aac6fca8eac307c034":"766630993fbb651fd8d3603e3eebc81931fb1302a46791df259a6e13ca2cba9f" + +SHA3_256 short #62 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_256:"93cbb7e47c8859bef939155bea488090283ecf5023d99767c960d86baa333af05aa696fc170fb8bbac1e6473956d96b964580ee6640f0cc57be9598e55fc86":"d3212abca1100eb7658c0f916daf2692c57a47b772ee031c4ec6ad28a4a46de9" + +SHA3_256 short #63 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_256:"67e384d209f1bc449fa67da6ce5fbbe84f4610129f2f0b40f7c0caea7ed5cb69be22ffb7541b2077ec1045356d9db4ee7141f7d3f84d324a5d00b33689f0cb78":"9c9160268608ef09fe0bd3927d3dffa0c73499c528943e837be467b50e5c1f1e" + +SHA3_256 short #64 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_256:"4bef1a43faacc3e38412c875360606a8115d9197d59f61a85e0b48b433db27695dc962ed75d191c4013979f401cf3a67c472c99000d3a152227db61de313ab5a1c":"8703a1f7424c3535f1d4f88c9b03d194893499478969fbb0a5dc2808a069ab8f" + +SHA3_256 short #65 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_256:"f0be5e961bb55b3a9452a536504f612a3e66aec8160a882e5156eb7278433b7ea21de31e39383d57fcdfb2fb4a8d227a9d6085fb55cad3abb78a225535da0e34efea":"2fa180209bf6b4ad13c357d917fabb3e52c101a0cdb3f2299fa0f7f81dfb848e" + +SHA3_256 short #66 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_256:"206f1c36ba25aea73398fffc9b65c4637cc1f05a6bbee014dccbd61e3b7aa9423887bbac62152a4bf73a4b7afabe54e08720589464da7985d8e6591ac081d115df2fe6":"558ea7c800b687380cce7e06006e1ebe0b89973f788c4caac5780f22dbf382e8" + +SHA3_256 short #67 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_256:"8cd71434c00663f3bda0205508a4a266548dc69e00ca91fde06d165b40279af92674f75bd8133e5a9eb9a075c9068f68f4b820008a1fb42d89d1d759859e68f8efc6fb60":"085b343b08516f320a9b90fe50440a8bc51ae0850fa38d88724a4d6bd3df1ad4" + +SHA3_256 short #68 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_256:"4cf5bbd91cac61c21102052634e99faedd6cdddcd4426b42b6a372f29a5a5f35f51ce580bb1845a3c7cfcd447d269e8caeb9b320bb731f53fe5c969a65b12f40603a685afe":"f9dbb88c5bb4415e17dee9222174538eeab371b12d8d572cfdf55b806e3158e4" + +SHA3_256 short #69 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_256:"e00e46c96dec5cb36cf4732048376657bcd1eff08ccc05df734168ae5cc07a0ad5f25081c07d098a4b285ec623407b85e53a0d8cd6999d16d3131c188befbfc9ebb10d62daf9":"3571326a1577c400b967ac1c26df2a0dcf5db7070eac262a8071da16afa7c419" + +SHA3_256 short #70 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_256:"981f41a83d8f17f71fc03f915a30cd8ac91d99aa1b49ef5c29fb88c68646b93a588debcd67474b457400c339cca028731df0b599875ab80df6f18b11b0b1c62f2a07b3d8209402":"62aea8760759a996f4d855e99bcd79e9a57ea362522d9b42fd82c12c9294a217" + +SHA3_256 short #71 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_256:"5c589fc54fefc4d6e2249a36583e1992fc6b8a9c070e8e00c45a639af22063e66ae5cdb80238c82db043a5e1f39f65626e6d7be5d6a2d3380fa212f89211200412e5e4315fc04e40":"18deba74e9d93ae7df93c6c316ef201bf5e3a661e68868e14d4f56264f5d858c" + +SHA3_256 short #72 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_256:"7c8691e7b2560fe87fcc5e2877f7e3c84d9101eca4818f6322a58986c6cf05627c0d6919ef2edc859f81fa1f33e0cc1f10edf7e52a9c33981af2ff0d720c94ea4d62170b2a4d1224fa":"5a5a438b57c1b3ce8756094252362afeaa9fc91cd45b385d16994ec8af49aa6b" + +SHA3_256 short #73 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_256:"97359b564b2bc20800ed1e5151b4d2581a0427ce9539d324c3637cfb0e5378dc2cf6d72946e2a3535a2f664ede88ed42a6814c84072b22c43de71e880a77c2d9a05b673bc15a82e3255f":"be54f2e435f760d5b77c0ae61ef0aa7f5f3366f47819f350dc8a39aff8c73a8f" + +SHA3_256 short #74 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_256:"a0dfaecd3e307c5ddf9a93603f7e19725a779218734904525b14586ff0ce0425e4efe7e1c06e745c28ed136f6031c4280fd4061d433ef700b6d1bc745064231fecf387015f94f504b6ad8c":"60d80f1c703dad5da93db222fb45fb7fa768c8aa2787f4b81f1e00365b8f49e2" + +SHA3_256 short #75 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_256:"568d66d061306c3419a1928ce7edc8e3400c30998f09bdac6f63ff351eb23d362e8dc5927eac805d694ac9563dcd7fb2efa9591c0d827af9f39146f0424873aa8e3963d65734b1713baf0a44":"7a4fe37f296991121792dd7c2c30390725a1eebbf20b766a5a1c3c6c3646d996" + +SHA3_256 short #76 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_256:"d65b9f881d1fc7f17d6dd429faca8404e6ce60fba7d89b7fba003c8ef84d8083182979327611fc341291ba80dc70ad3b2f28b6d29b988445e7fdb7c6561f45822ac81dbf677a0b27d961dc6358":"51cc71b6934afcf28fa49942b76323f36cd6a0aecc5a0e49c10994ddcabdbb80" + +SHA3_256 short #77 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_256:"711c88adf13e7a0e694652f2b9a397543f4937fafb4ccca7f1ad1d93cf74e818d0fedfaee099f019014ec9e1edfe9c03fdb11fe6492ad89011bf971a5c674461de15daff1f44b47adad308baa314":"1780e52e306858478290c46b04d8068f078a7f6ad8e3790a68fc40dccfbdadc9" + +SHA3_256 short #78 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_256:"f714a27cd2d1bc754f5e4972ab940d366a754e029b6536655d977956a2c53880332424ddf597e6866a22bfca7aa26b7d74bc4c925014c4ed37bfe37245fa42628d1c2ee75dc909edc469ee3452d894":"f4afa72f3e489ad473dc247aae353da99fb005b490e2c4e1f5bd16a99732b100" + +SHA3_256 short #79 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_256:"fe0c3280422c4ef6c82116e947da89f344d6ff997bf1aec6807e7379a695d0ba20ae31d2666f73bbdbc3a6d6ac2c12dcfb5a79173dfc9cd2e0d6000e3114f2767edec995772c6b47dadc136d500251e5":"89198e2363efd4e0ba7a8a45f690f02712e6f856668517bae118d11e9a9dc7cc" + +SHA3_256 short #80 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_256:"02e238461d0a99d49c4cd16f442edf682c39b93114fc3d79f8546a99e5ead02f0cfc45081561da44b5c70eb48340418707fd6b2614580d5c581868ba32f1ee3ac34bf6224845b32ba7f867e34700d45025":"abef81b33591eedcac0cf32fb5a91c931f2d719c37801409133552170ce50dbf" + +SHA3_256 short #81 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_256:"fb7c8cd4031007f8159d5c4c6120dee6777a3ace0a245b56f31e8aae7828dab3cf35c308de1d0d684592ef3a9e55796603a92f68d109f7a3ac1635f7c4d334955614c812753431bb0a0743291a0fc41547f3":"5a67284d39e4f37caa64ca1a54593c35f6d8f3a3ec20d460393a39f6f57c4486" + +SHA3_256 short #82 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_256:"6b2e868c7d0ee1c240d3a67e2fdf36e8e23817c02644a54453d10454da5859d41e833a5285ec63e8ce28aa64a50435a7740eea4b7d5827892678b35993d3f5da7a1c64f533173f3d0fa37e1aebf70827052c26":"aecf5dab6fea9ffd1bce2cdfeec0bee9d214a669e8306d5b6688afa8957fc91f" + +SHA3_256 short #83 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_256:"e5f3ba000c43bb6aca4e0a711a75912a48241cffa5b4b0b17f901f9e5097d94036c205f7a307d008567d05e58ac0dfaf6d971bf9d3d450cf2c7c83f6b328f676e9ab425642f5a5a71e389dc4fa49b6d7e848a09f":"182d6e4316f4bc18d7163b1b21462d99f99c6f34d2c00ee771ce54fd6c5018b9" + +SHA3_256 short #84 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_256:"939c61e68af5e2fdb75a2eebb159a85b0c87a126ce22701622f5c5ef517c3ab0ed492b1650a6c862457c685c04732198645b95f84ccb0e726a07ce132827a044dc76b34d3f19a81721f1ea365bc23e2604949bd5e8":"121057b0b9a627be07dc54e7d1b719f0a3df9d20d29a03a38b5df0a51503df93" + +SHA3_256 short #85 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_256:"9eadaf4811a604c65eaa7b1c6e89f2c0ab96bebec25a950ba78aac16d9371ca1e7458acf331e077ef6a735d68474ab22d2389bdf357fb2136c9f40e1e1eb99592c2bbb95d94931016b4d37faa08b1e9bf71bf2d3708a":"c237194b902e48dca5bd096cb51562079d0cdccb2af8088197676c17b0896be2" + +SHA3_256 short #86 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_256:"71dcca239dced2ac5cc49a9bf9ea69a99be22ba62216716b524db80f337dee5eb7e032869e4adc1497babd1fa82fa8c3cfbd30d2eadfb4c5d40f99f9d194d7182c9cb7d41e8adbdcf2917e086782fdd756e2961c944070":"377d1cffb626735810b613fd31ef9bbb4577cd752521abe3a41afa921e623da0" + +SHA3_256 short #87 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_256:"ea130d3236bca7dffb4b9e50e805309a503e7347227aeb9f1bd15c263a98dd65753d2eedaa734b9ad88f41158f32419ca529f3062b910c019f3f239f635fc1116e5ab7b242feb4471ed9168474e501d39d6bae52cc21061a":"85c7a52d53f7b41162ea9f1ef0d07c3fb8f0ec621617f88cb3828ebe5388ab3d" + +SHA3_256 short #88 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_256:"28f1be1156792af95c6f72e971bf1b64e0127b7653ff1e8c527f698907a27d1544815e38c7745529bc859260832416f2b41cd01e60c506239a7bf7553650bf70d1fe7a2c1220ac122ea1e18db27490447d8545a70bf0ffc8fa":"b2eb3762a743d252567796692863b55636cb088e75527efd7306a2f6e3a48a85" + +SHA3_256 short #89 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_256:"c8400ef09c13e8acc8a72258f5d1d20302c6e43b53250c2f6c38ff15be77e3cac04d04b8421fc8fdff8be5ca71edd108e9287b42dea338bf859100eea376da08a0e695f0dc90b95e467cbd3c2a917a504a5ae01c310ae802c4bd":"69966e89b7bc7f39cd85791b92180ff3fed658d8240e393e1e6d7c24b8d0ac95" + +SHA3_256 short #90 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_256:"a48950c961438e09f4d054ac66a498e5f1a4f6eabfde9b4bf5776182f0e43bcbce5dd436318f73fa3f92220cee1a0ff07ef132d047a530cbb47e808f90b2cc2a80dc9a1dd1ab2bb274d7a390475a6b8d97dcd4c3e26ffde6e17cf6":"44c00cf622beca0fad08539ea466dcbe4476aef6b277c450ce8282fbc9a49111" + +SHA3_256 short #91 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_256:"e543edcff8c094c0b329c8190b31c03fa86f06ace957918728692d783fa824ba4a4e1772afbe2d3f5cba701250d673405d2c38d52c52522c818947bcc0373835b198c4cc80b029d20884ac8c50893c3f565d528a0cb51bf8a197d9d6":"6d5260384f3cefd3758fb900dcba3730d2b23cee03d197abeff01369dc73c180" + +SHA3_256 short #92 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_256:"4e10ab631718aa5f6e69ee2c7e17908ec82cb81667e508f6981f3814790cfd5d112a305c91762c0bd9dd78e93ef3a64c8be77af945b74ff234a0b78f1ed962d0d68041f276d5ea40e8a63f2cab0a4a9ed3526c8c523db7cb776b9825b4":"d88e5f3b2d0a698fd943233760a3000a3360d9040e7374b22e39ea58d868102d" + +SHA3_256 short #93 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_256:"604d8842855354811cd736d95c7f46d043a194048b64bf6cda22c3e0391113dcc723e881ae2ad8dc5740aa6bda6669ddb96bb71acd10648380693f7b3d862c262553777004bd6852831618519fbb824759f4dd65af1b2a79cc01096d7c8d":"8a8ab6cf5c02b9ae8f4c170740eff1592f3eda11d3420ac8b421d93cfbb35db8" + +SHA3_256 short #94 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_256:"628180e14f41ebdfde3b4439de55ee9cd743d41040f3457ef2280370dd659619fa0ce69580c709725b275a6eda8bcb82a8447c20fdf68cba15412f83e2a10079fe9399a3e3fa61975ec0a64041c0ecde59e4844e9f8a608cb22d2576854182":"8d154bf6f9cb72efc0d8b3927a8f690060d1d48bbe5cc72094d2c8b149a75132" + +SHA3_256 short #95 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_256:"fc150b1619d5c344d615e86fca1a723f4eeb24fbe21b12facde3615a04744ef54d8a7191a4454357de35df878cb305692278648759681919d1af73c1fb0ff9783678aec838da933db0376e1629fcca3f32913f84bc2ff3ffc3f261d2312f591c":"3f626c8bb20a132495bd3022b3fcd0ce0604b91a9d70132dab4099f73dde23d5" + +SHA3_256 short #96 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_256:"6dadbecdd15e5646e3f37a6fe5b328e06113cce3c8cf07285939afba44d117321017902b3a9d2ff51f60d18e1b585dcdf34e49e170ee60fa4d1dc246548d2c1fc38e7983f42769c43d65a28016f3f4d479ebe1cd8fec5d1f886dd21aca5067d94f":"9098ea34c40b541b153e80a8bd92da19432b18b7d329760b302f8a54c395dd06" + +SHA3_256 short #97 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_256:"9cc5fd3035b72dc63b8c3c326fd013081e6b8716f526d3fe176b45256d4c37cc3dc8417dff49ada96c702b8fd715c65fc08a17a0a720b9cf1eedfd4922ccde6baba437f782ee33b95371056b0350dad743470c3b663299f16fcfd34f6fc459cd0ee4":"b0c04f24bb6d3d4fcbfdf9222d0e886f1eb60a0566a478085f7623a025a5b981" + +SHA3_256 short #98 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_256:"f3f063fbcf2d74aa5a02d240c962ed7bb119b3a212bdb41594e28428108e613152ed16e01e451fcf702b0e5a08f82eb12677652b93e05fdee00ae86cf2dc9a1fbf05b93952ec5b8515eacc324fb830e1ec236afd7d073d4b7f7ab1c2e048b99cbfa012":"f930d79360b581b1bbfdeac57133a339444f5c44538c921631eabaf058277d32" + +SHA3_256 short #99 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_256:"840739a3d6992c13ec63e6dbf46f9d6875b2bd87d8878a7b265c074e13ab17643c2de356ad4a7bfda6d3c0cc9ff381638963e46257de087bbdd5e8cc3763836b4e833a421781791dfcae9901be5805c0bbf99cca6daf574634ec2c61556f32e642730510":"19795657e08cfbb247a17cf209a4905f46e4ddf58eea47feee0be9bb9f5c460f" + +SHA3_256 short #100 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_256:"4a51b49393ab4d1b44fb6dc6628855a34e7c94d13b8b2142e5d5a7bf810e202cefdca50e3780844a33b9942f89e5c5b7dd6afb0a44541d44fb40687859780af5025fecc85e10cf8249429a3b0c6ff2d68c350c87c2fcbf936bd9de5701b2c48ce9a330c9ee":"128fb4114e43eefd19277c708be9e6873e66d7fd59c58a1485b7b015facfa795" + +SHA3_256 short #101 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_256:"afc309e6b7b74dfb0d368e3894266fc4a706c3325e21f5550d07a6560e3d9703c134ca6ad078e4a7b82ad6fa85b0bc1ddcab05d43f29d5c58d1da78ac80c37051b089ff31ce2c0c44e9ce3abea1da0f1df28008e178fdefafca493413bf1d256c729d0a9225e":"03e782b01a4ba10f640470bb3cae487eb9cbbaab8c9941978b194f6a312cf79e" + +SHA3_256 short #102 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_256:"c5ae750f2230642092397b84ad5526c46ae9480ada16892816e0f2db7690b751035653ea2f33da3cc4168b591b46a5548eff7d012f60ccfdbb854deec9f0880c472de8e127b5144c56147cccee4732fbac68fc59a48da74b33ed9e643644bbe279795c7c737eba":"f64b7ab243ce6e6c04b483888ba8a655465c21d95eb60c7b8d6e566a3811bae2" + +SHA3_256 short #103 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_256:"603e13f61499e12ec6b33b68847a281d314f54dc705c0f3fc428981ff5689c04b519fadf83cbc9fcd0409c326035045df480570e265bb080940037ce4076a36437aafdb371c1a62af9ad9b614dfef89708fbbb5ebef2cb9528cc399781e4c5b22f1aa4dba623809f":"5f76962fd3d373e5db2953c0823a51fe81f874450bedf7e46876394b04d3ef66" + +SHA3_256 short #104 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_256:"e03115cfa19efcd796da389063c4be6acce684d983f8edfb3da6887b0b94fbb5e89e3a1a8e64fdd68f0670b1a02c2c33384a660c5a2266b3ae8a3b4cd76faecf011a7467b9b2a818020278a5a57d1eb1c87f1224c2d67dd02e81f1553eb75841532c2b7cca8fe5e418":"d107ee6ee4a58871a33c49657faa2573e475f11918c4a4e3801d0e17fb93c6e3" + +SHA3_256 short #105 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_256:"0e6c1d58b1b9d3a2d399aafd60529e07d483a2755bb7e44c373b5355632d5fca76d6ff56c93af93ddcec5ed6f62753420c1b1758e48542df7b824b00a3a54dfaf0470b18d51e31e10b12dd8e324b5dc1bb8f3b7305cb762ec6ef137dadffd4a2466748861d9004f626b0":"02ab2dbb02944354799051247b1a25c19f3696e1afcb502b859e83798b33fd77" + +SHA3_256 short #106 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_256:"6db2a43a229b10c3629249fc5136468b4d84df7b89ec90ebf7aa7a036c53aa2dffae9e81b2c60580543dc706a5e3457abc87e248a60ec29150c2d221a6ec08a1fda4ec0daee8576904ec7ab059b1230e7bd93c4e55ba9496cbb1e352e5b8086e303b94c861288ce53c466b":"8cc4d39b2f5ba0bc9d2ee2a8777cf08533e60cc69b65a7b31c5c2121193aa31e" + +SHA3_256 short #107 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_256:"31d995f7ff8b6de70829a8336c610f10df2c866107a4922b25151849f8566861df5a79163d02767f21357ad82733997899261f03dafb1ce1056f20efd16d4374b89768565823c38e19e899d910b847b023f1867b6e4fed02e604b8243c0bc7cb05b9ea1f17955bfa36698c9c":"c99c7191b34c9ad3f941d4ad442cc865205cbb4c2a6927c592e831cbc4d36fcf" + +SHA3_256 short #108 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_256:"cb0b8cb7de621c8e0a0fc6be2fc18d0e8818a2c2dd0b3219fa87831a61583f903c4d105495976ccac973b3ae3a09771145931a9e74c19f22f45cba4c492b29b1401347122581dfe2370d3e0359578cd10a355c619711810a8f8c232578671312c0a45c7cf7e81bdd3b249044f3":"6d2f57a7e42b35369cf2cd60caf9e65aca7d9aa019e6824bb806348f1acf3c7c" + +SHA3_256 short #109 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_256:"48dff78aed5f6e823054924a78dc1b8e51a117f1610181529f6d164ebf0f6406f0b02422cad8c916823759a361437ca17423d3fd84cc8afe486a31ccda01c732685418a32c064a7b9effb288e811ecc99adb2a759feecc3f702f31d9877dcdb717937c15fa2f163bea744400f58c":"14b631f0f00a3024ad1810dabf02711e28449668abe27f69380942268968d4f6" + +SHA3_256 short #110 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_256:"06cc9fa542ceb35c88fb6ab82c29d5dcd530f807d3f1c3bcb3974421101d1aa6ac112de6bf979cd28eb0f70c40bcaf91ed3eca9bf9e0dbc6a0b73271d1c7506740ca9ebfb72d5e00ac5ce189193ffa308804b42a6d20402bb99031cdac65ec36eb7f59f5d299df2e0b8690f760b9a0":"574fd82a9fceb8f7bbbf244d16e0412cbda8153b720846c32b8f10fe5779a881" + +SHA3_256 short #111 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_256:"8d93627c0b7cbf61a7fe70e78c2c8ed23b1344b4cfed31bd85980dd37b4690e5b8758f7d6d2269957a39a1ac3451cc196696ae9e9606a04089e13456095a1ce1e593481b3ac84f53f1cb10f789b099f316c948398ad52fa13474bdf486de9b431bd5d57ef9d83a42139a05f112b2bd08":"344ec86642eabb206b2fd930e4c5dde78aa878577d6c271cb0069d4999495652" + +SHA3_256 short #112 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_256:"d0af484b8be6b41c1971ae9d90650a1e894356c9191d6be303fa424f2b7c09544ec076a0f1865c8c97927ca137529d5bedc0df2ef08a4cc7c470b094b1eeaa86731c041633d24086b60f7369d59c57652dec9b3817477df9db289ba020e306c9a78a99b539128992deb23cfc508c5fc3af":"b7ba998726477c32792e9c3eddc1cb6feb7c3933e49f2e7590d8ce7a2113e6f8" + +SHA3_256 short #113 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_256:"b212f7ef04ffcdcf72c39a6309486c0eeb390ff8f218d6bd978b976612f7f898c350e90bd130723e1126af69295019b4f52c06a629ab74e03887020b75d73f0f78e12785c42feb70a7e5f12761511c9688c44da6aaa02afa35b31edc94c3a0779b6ab9462525c0ccfba76986f873fe1e6ba9":"2f26b96c1fa3f3dee728f17584e733b4189821c659b8885a5fb1d12d60d2aaa9" + +SHA3_256 short #114 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_256:"86591ada83fba8175a0fe91d264e7f9b2df97ee4c32570e76b579d6140508951932abdadd6a4ca53b8bb8c42927aac0a02126881d52d97b82b80e72dd59f6a42021651ee1bb5f7b3eb2b21d003d784b75dda87c13f714b216282e8175474fa661b445d071bd5341f3a88302f410d0f8a857962":"e3edbc8c42ce5d2384dfb24fb1de5d4798b1bc3cc78c97033894040dfa6feb6c" + +SHA3_256 short #115 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_256:"92b5a8e84b6a2ac4d5b1e61d63804abd641dd630058ec6d5f752f135724ef1947a0a84c6611d32448de6307f7b7d857404e96b81df94f87768fcfdf09faa2fe37468847542afe012995ff1bd40b257a47a7309f8896bf4fb711de55bfeb3a8be0837729ef6067c578182f17ebb080a754f22773c":"80ed0a702812297c2aa1b6b4b530c2b5ed17ecfba6d51791cf152d4303ced2e6" + +SHA3_256 short #116 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_256:"d284a0a9a4de5d4c68cc23884c95ad7619aa39b20a2cf401deaeb3362c3ce356f79cc3fa82d3d1f565ec8137e1f435f171496afaa1152f722315dca5209f0031cce39b6c3d718e007dfb4fd8de5ce1408dda04476aa8a96817afa86a4f8fb5857ae091c67ebd7db5d783f434ead699aa96e56f610d":"654eccefd0a4fdb2ac0ab56288c64399b37bc4d57ff4a9f1cce94362fc491bda" + +SHA3_256 short #117 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_256:"f57f0f8795385b805246a0a2573afc274346a9eccf50c626b0455a50bfb09668578b5a5afe54fbbd486444bdf97dba586aa224ce2e2b4b52f418ff06afa65a26f5204983a5f84734cd166c88cb70a73fb2db48f9ef20c1ee2c53ade07460114e98e7e2ebd24ac84ea90422eb143c4a42e2991a565959":"135ec8b144a667dceae8fadd287df81c10ef3ebef87ff2fb56e60ae708a88f3b" + +SHA3_256 short #118 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_256:"2a41a52e6578873588a57f11f1be7c7eb398d01f3bfdec2c33fe6b65a68a534a6540978daa82e0c8fccb8c6c5242f7f97b8ffa75bdedb217bd8083439eea5cbb6d193c13bd62f5658ed4304774c6b1faf5b3dce432487840cabab415fb5d67640a739ca6e5414e760869708a9d7331e7e7ad7d55e035c7":"a6a1b8a26f6f440f19f16dce1d3001477d73ee7f6c374bce2922167b81970d6a" + +SHA3_256 short #119 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_256:"4d11aa5d3c6b6900f49ff90dd815744572be5648b64bde638b9db7a9877dd745fa8ea80e2f7f655cee85c71a4509e21d899e49b4973579815f947587a404ad83fd4a248020d9d2a65f46485373fc926d793161f63a196ae0af590923c5be2a0e5d2f69da97e0788550c9c1dee9574ddc4a61e533275d7729":"fc5159f0ddd6d765c85fcc3fc3ac1dc0d317d8ea0b110e96ac9f7a398dc386c5" + +SHA3_256 short #120 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_256:"05cd99bfe031d123ca7061d3de0956f4bbf164bad792db881713d6599ddab55ee24fcee804e360896152c8766424f8309f7a24641a07be0feb5da5e5076a9af45842f385101f93433ca5199f9c6b5872b2b808e4198aba8e18dd12db772930b4912d6f5cabeb529884f4bb142de55e021b3276047b22b64cc5":"8aa07742e6f1f47ad020ed6684edc8dba4af36b782955f0f972be3ae980aea0e" + +SHA3_256 short #121 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_256:"529684398d68bdc19e7a00ce32cc1a8c1315b97f07137474f61f0cb84a04f2879b1109c78c6dacf7f0abf362329e3298f36fc31ef4ec06653723a5f961301dfb63537ad15946611cb2cd54ea928e322e7423fd6d146ee0b98c2c71e3bdcd33edf0845fbebd9ae4192d07acd01b432135e05af0d22f3f0c5a3d62":"a07049b6ebd7b355479a3d802fda436b83ae6747d741cf9626f7c62f47cbd563" + +SHA3_256 short #122 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_256:"982fb5f4af498a4a75e33a033235ea3ddb70d9d236519f883ff5b388cbef30126b98d96e93a65a26fb00d17246d18cf4e2db14a52f0f6b10e35a93beadc14ff118b02e95b38fc4736f973ba848e40b5527cb0599076d96bc578c4aada09e8faf6820bc4f562d5199974f808b7f95edca74e6b3940894a7f66534e0":"09c60fec5a089a23f5da3ed2492aa21fcf7aa36183850fafc15ae8c63f596db0" + +SHA3_256 short #123 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_256:"ca88614828f8acdb5fcffab6bb2fb62d932b7808e4d9cc3139a835b0cef471d9f4d8ffc4b744dffebf4f997e74ce80db662538bceb5d768f0a77077e9700149ea0e6a46a088a62717216a14b60119dd19c31038ed870b4709161c6c339c5cc60945a582263f3be9a40cd1a04c921947900f6e266f2390f3c970f7b69":"fe2d4183ccdaa816b4446a9b6c07d0ba4b42ac743599db5dc482b1941f443c71" + +SHA3_256 short #124 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_256:"ab6b92daf83275cb9c1b76cfb59fbcc8ac53188e0b6980918e7ac0c07c836ca9372d19e11251cca664bbb3c3db2e13b412a9820b65e95612042f5db24643cf9340b9808597735a1f92670ba573a2fb2f088d81087d70565574344af7576d35b2ed98318e2ca0067d4fa8e63f28045b83b6887d4ffa0668a10712ed5759":"744538e1ae1cd7357710b56c3bc6f1bd7a8564118a1e0f9acc30fcf0b5396eef" + +SHA3_256 short #125 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_256:"bfd4c7c8e90858ccf9c8834abefd9c1846ca4a11966fdd139d6de24a6bebf4b19f58d5d51e52bddd0bc6f1c7f35998f44707cae7100aeb4adefe373101429da3fca1d15737329dbbf47c783a84de59bfbb2fcd75a1a148d26aebb8d3a9a76089c0f8e4d49b71a06f9e323e2cdb54888189887a44b1fa9cb32b7c8fb7c9e0":"58b17843bc851a721c5a258eef57b3854d02190e732d9b8e7a9f926ac409c173" + +SHA3_256 short #126 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_256:"c5019433c285da2bb93f119e58b4f36cd1e4d99dda35dbf4f8ae39c7fe65fa0ed03bd2b96dc649472d8f1a94477ed9f29592d97c9cd54da7c790ad1af3bb5cc030b7871bc64050db779d2caf0419895bf3b7b50b8e22fbe62fe30fe7bbd6ace86ddf7b00d5d9370f20cf0f97996f4bce70bb33f1ba022cdaba0f25d55fa031":"f7c92a3fb7f180370d628be78de874d693f74ccc7a54c741634258d8c512fd7f" + +SHA3_256 short #127 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_256:"84b60cb3720bf29748483cf7abd0d1f1d9380459dfa968460c86e5d1a54f0b19dac6a78bf9509460e29dd466bb8bdf04e5483b782eb74d6448166f897add43d295e946942ad9a814fab95b4aaede6ae4c8108c8edaeff971f58f7cf96566c9dc9b6812586b70d5bc78e2f829ec8e179a6cd81d224b161175fd3a33aacfb1483f":"8814630a39dcb99792cc4e08cae5dd078973d15cd19f17bacf04deda9e62c45f" + +SHA3_256 short #128 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_256:"14365d3301150d7c5ba6bb8c1fc26e9dab218fc5d01c9ed528b72482aadee9c27bef667907797d55514468f68791f053daa2df598d7db7d54beea493bdcbb0c75c7b36ad84b9996dca96354190bd96d9d7fbe8ff54ffaf77c55eb92985da50825ee3b4179f5ec88b6fa60bb361d0caf9493494fe4d28ef843f0f498a2a9331b82a":"9b690531dee948a9c559a2e0efab2ec824151a9175f2730a030b748d07cbaa7f" + +SHA3_256 short #129 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_256:"4a757db93f6d4c6529211d70d5f8491799c0f73ae7f24bbd2138db2eaf2c63a85063b9f7adaa03fc348f275323248334e3ffdf9798859f9cf6693d29566ff7d50976c505ecb58e543c459b39acdf4ce4b5e80a682eaa7c1f1ce5fe4acb864ff91eb6892b23165735ea49626898b40ceeb78161f5d0ea4a103cb404d937f9d1dc362b":"1ac7cc7e2e8ea14fb1b90096f41265100712c5dd41519d78b2786cfb6355af72" + +SHA3_256 short #130 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_256:"da11c39c77250f6264dda4b096341ff9c4cc2c900633b20ea1664bf32193f790a923112488f882450cf334819bbaca46ffb88eff0265aa803bc79ca42739e4347c6bff0bb9aa99780261ffe42be0d3b5135d03723338fb2776841a0b4bc26360f9ef769b34c2bec5ed2feb216e2fa30fa5c37430c0360ecbfba3af6fb6b8dedacbb95c":"c163cd43de224ac5c262ae39db746cfcad66074ebaec4a6da23d86b310520f21" + +SHA3_256 short #131 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_256:"3341ca020d4835838b0d6c8f93aaaebb7af60730d208c85283f6369f1ee27fd96d38f2674f316ef9c29c1b6b42dd59ec5236f65f5845a401adceaa4cf5bbd91cac61c21102052634e99faedd6cdddcd4426b42b6a372f29a5a5f35f51ce580bb1845a3c7cfcd447d269e8caeb9b320bb731f53fe5c969a65b12f40603a685afed86bfe53":"6c3e93f2b49f493344cc3eb1e9454f79363032beee2f7ea65b3d994b5cae438f" + +SHA3_256 short #132 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_256:"989fc49594afc73405bacee4dbbe7135804f800368de39e2ea3bbec04e59c6c52752927ee3aa233ba0d8aab5410240f4c109d770c8c570777c928fce9a0bec9bc5156c821e204f0f14a9ab547e0319d3e758ae9e28eb2dbc3d9f7acf51bd52f41bf23aeb6d97b5780a35ba08b94965989744edd3b1d6d67ad26c68099af85f98d0f0e4fff9":"b10adeb6a9395a48788931d45a7b4e4f69300a76d8b716c40c614c3113a0f051" + +SHA3_256 short #133 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_256:"e5022f4c7dfe2dbd207105e2f27aaedd5a765c27c0bc60de958b49609440501848ccf398cf66dfe8dd7d131e04f1432f32827a057b8904d218e68ba3b0398038d755bd13d5f168cfa8a11ab34c0540873940c2a62eace3552dcd6953c683fdb29983d4e417078f1988c560c9521e6f8c78997c32618fc510db282a985f868f2d973f82351d11":"3293a4b9aeb8a65e1014d3847500ffc8241594e9c4564cbd7ce978bfa50767fe" + +SHA3_256 short #134 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_256:"b1f6076509938432145bb15dbe1a7b2e007934be5f753908b50fd24333455970a7429f2ffbd28bd6fe1804c4688311f318fe3fcd9f6744410243e115bcb00d7e039a4fee4c326c2d119c42abd2e8f4155a44472643704cc0bc72403b8a8ab0fd4d68e04a059d6e5ed45033b906326abb4eb4147052779bad6a03b55ca5bd8b140e131bed2dfada":"f82d9602b231d332d902cb6436b15aef89acc591cb8626233ced20c0a6e80d7a" + +SHA3_256 short #135 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_256:"56ea14d7fcb0db748ff649aaa5d0afdc2357528a9aad6076d73b2805b53d89e73681abfad26bee6c0f3d20215295f354f538ae80990d2281be6de0f6919aa9eb048c26b524f4d91ca87b54c0c54aa9b54ad02171e8bf31e8d158a9f586e92ffce994ecce9a5185cc80364d50a6f7b94849a914242fcb73f33a86ecc83c3403630d20650ddb8cd9c4":"4beae3515ba35ec8cbd1d94567e22b0d7809c466abfbafe9610349597ba15b45" + +SHA3_384 short #0 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_384:"80":"7541384852e10ff10d5fb6a7213a4a6c15ccc86d8bc1068ac04f69277142944f4ee50d91fdc56553db06b2f5039c8ab7" + +SHA3_384 short #1 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_384:"fb52":"d73a9d0e7f1802352ea54f3e062d3910577bf87edda48101de92a3de957e698b836085f5f10cab1de19fd0c906e48385" + +SHA3_384 short #2 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_384:"6ab7d6":"ea12d6d32d69ad2154a57e0e1be481a45add739ee7dd6e2a27e544b6c8b5ad122654bbf95134d567987156295d5e57db" + +SHA3_384 short #3 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_384:"11587dcb":"cb6e6ce4a266d438ddd52867f2e183021be50223c7d57f8fdcaa18093a9d0126607df026c025bff40bc314af43fd8a08" + +SHA3_384 short #4 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_384:"4d7fc6cae6":"e570d463a010c71b78acd7f9790c78ce946e00cc54dae82bfc3833a10f0d8d35b03cbb4aa2f9ba4b27498807a397cd47" + +SHA3_384 short #5 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_384:"5a6659e9f0e7":"21b1f3f63b907f968821185a7fe30b16d47e1d6ee5b9c80be68947854de7a8ef4a03a6b2e4ec96abdd4fa29ab9796f28" + +SHA3_384 short #6 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_384:"17510eca2fe11b":"35fba6958b6c68eae8f2b5f5bdf5ebcc565252bc70f983548c2dfd5406f111a0a95b1bb9a639988c8d65da912d2c3ea2" + +SHA3_384 short #7 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_384:"c44a2c58c84c393a":"60ad40f964d0edcf19281e415f7389968275ff613199a069c916a0ff7ef65503b740683162a622b913d43a46559e913c" + +SHA3_384 short #8 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_384:"a36e5a59043b6333d7":"bd045661663436d07720ff3c8b6f922066dfe244456a56ca46dfb3f7e271116d932107c7b04cc7c60173e08d0c2e107c" + +SHA3_384 short #9 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_384:"c0920f2bd1e2d302259b":"3d1584220409f88d38409a29ecaebb490ef884b5acba2c7eaf23914bab7f5f0fc97ee1e6336f88dfd4d0a06e902ccd25" + +SHA3_384 short #10 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_384:"70ae731af5e0d92d264ec9":"563359fd93fe09f3fe49fcf5f17e7f92aab589cdec3e55e4c3715e7775814bbbfb8c4c732e28d3b6e6404860812dc6e9" + +SHA3_384 short #11 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_384:"69c74a9b0db538eeff64d93d":"88c66389ca2c320a39022aa441fa884fbc6ed2d3cc9ac475372d947d4960579a64e061a297d1831d3524f98d8094404b" + +SHA3_384 short #12 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_384:"a4a9327be21b9277e08c40abc7":"751f5da5ff9e2460c99348070d5068d8a3d7ffcec7fd0e6f68f6cd4a2ef4226df8d9b4613c3b0d10a168eaf54eabe01a" + +SHA3_384 short #13 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_384:"cc4764d3e295097298f2af8882f6":"10f287f256643ad0dfb5955dd34587882e445cd5ae8da337e7c170fc0c1e48a03fb7a54ec71335113dbdccccc944da41" + +SHA3_384 short #14 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_384:"5a23ad0ce89e0fb1df4a95bb2488f0":"23840671e7570a248cf3579c7c8810b5fcc35b975a3a43b506cc67faefa6dbe1c945abc09a903e199f759dcbc7f2c4d0" + +SHA3_384 short #15 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_384:"65b27f6c5578a4d5d9f6519c554c3097":"dd734f4987fe1a71455cf9fb1ee8986882c82448827a7880fc90d2043c33b5cbc0ed58b8529e4c6bc3a7288829e0a40d" + +SHA3_384 short #16 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_384:"a74847930a03abeea473e1f3dc30b88815":"dba6f929fe55f9d66c5f67c0af3b82f17bcf58b36752f3165c16083fea8fd478ee6903f27f820ad2dd9950afb48c6700" + +SHA3_384 short #17 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_384:"6efaf78ed4d293927eef2c3a71930e6e887a":"8218498ab01b63041c2ba0709e3309496124ddf0904543a9e0d9d096a750dda97f7a02208af3d8c618d4be7c2bb2a288" + +SHA3_384 short #18 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_384:"fd039eb6e4657388b947ec01e737efbbad47da":"c5b3130ef8dbc580e1103fecae69c9a882d9ebf5a3def5938b07f843452a09c9f72f0dbca91d33b021cf6aa6fe60d2ed" + +SHA3_384 short #19 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_384:"9c694943389bdc4e05ad7c2f63ceac2820e1d2d7":"f692c025c5c5f3d1275213c1df9bf9eb6d2188eda90ab5bffe631f1dbf70ebd628caee88b7d149e1ac4e262873979afe" + +SHA3_384 short #20 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_384:"0fb18357b018b9bbb2cbb4cac50bc85609c92b8e7f":"d164306c99e3798790f0923fe92dbf2f96c3907127dacaa467c766ac75788062589272cb7690b8af2030dd8bd61a3df2" + +SHA3_384 short #21 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_384:"26cb40a460e2e727aeb867e0140d0f34790110deb5d7":"af2a42a4c67c3226c55b89605b0dee27e796c2792115f6097203db5aed89e35f563a8246d399fde00c2a5b97ed5a5e17" + +SHA3_384 short #22 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_384:"6690a3a0373c829facc56f824382f4feed6eb184642b4f":"84e1b68bc9e2daefc19b567dec911ef46f5f37a74fdbbb6155e7e646f2735df2ac44e239689eb5b536465dc571e55cb2" + +SHA3_384 short #23 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_384:"7d80b160c4b536a3beb79980599344047c5f82a1dfc3eed4":"041cc5861ba334563c61d4ef9710d4896c311c92edbe0d7cd53e803bf2f4eb6057235570770ce87c5520d7ec14198722" + +SHA3_384 short #24 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_384:"02128283ffc0cfe254ac8f542be3f05fbe4e855dd22ae98a81":"3840981a766d725f83d334e8982965033a5fbb5107d94ffef33b1f700cd46348091a49f6620c37ae3ef5b20513494826" + +SHA3_384 short #25 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_384:"27911dd0a6843ccae965d876aa1916f1dcd71e518f7f2197152e":"f59f8428555984d1526cded8129c649fb1b683d35cec7c5e1209441a6a9e7c17f0784151b5ab8a8c492b402a3acb98c4" + +SHA3_384 short #26 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_384:"d9378bb66e8c8dee556d691cbc9fdddd6333ca5d50668862c3c57d":"994532d1a557e990b1cc9e0395a2ad8b05619ca322db9da3c4ed2ee194c051d04582fde72dd2b8f674cf6ec958db75da" + +SHA3_384 short #27 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_384:"ae1828047c5f82a7b9712f3399832124b892f2f7aea51c8fe3536cd6":"d51111f8bffb44d81ad19683198f29d2033144d3cd856c749cac5b9cae0e712f500f8d0ef813f38e305ce175a7d6162c" + +SHA3_384 short #28 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_384:"7dd2d76fa054cf461e132e9ef914acdc53080a508cdc5368ab8c6224ff":"6c0b3395e4c86518ab0a06267320ee9ec95e50385b7a2527ddaa1bd0ead262c56122d4f4eb08b0ae22b3ee7e6f44dd18" + +SHA3_384 short #29 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_384:"6fd72888a021f36e550967cb5605b55b78657c9272d93c3ded340d67da6f":"0551583a5b4007401c77ef4382fd8e245c9cf12e976c9766af6b7ae3c7e07a82b3079f903b083d5ec85cb94e46a85ac0" + +SHA3_384 short #30 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_384:"d500eb9546553619cdc31e0848c502db92d547efef3ae5eeaa22258afcf0a9":"5edde2f94f8695f277ec05efcc00761fafd272200aed0e63d221c2b6c65b4972a6526f9a1f2e6ace0e81938f043fe877" + +SHA3_384 short #31 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_384:"6189597e0198a18c65fa0bdd0797f13037c75c4058b7d3454c0f71bd2dd13b6c":"110630ca7631b7620e6bee6ed6e929098965571936c34829484983eba9532b8175528c228c57439453f027a4f7c83ca3" + +SHA3_384 short #32 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_384:"243b941d748541af303f8e9d2c371cd03e437d62a9df485ddc176dc65da8c7da00":"5884201f7a555ea3c5deeb019fd9e8c161e1b89756045e475b141ec5135ce5a41c93e5e1f79534d36fd8345ba434da43" + +SHA3_384 short #33 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_384:"2dc3d789582c1a806c3b491d5972ef8f1733f1f5e02866dc9de2a8029ec0ab608d13":"05a3903b519cdf679120c7ccb4ef178b58e4502fcd461360988fa06669294851e629d9dd3e77ffb73d24599d5d3edd36" + +SHA3_384 short #34 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_384:"e5b3f6962fe57230780b3d55b29effe0dfebde2c81ba97d4512ecdbd33eca1576a7f82":"7ac2776afb74f55bbc4f6eccf825ee13ac7445fb54974e6c24ebc0f03fdcd8530199a61106a31b4279e02201ee0f54fd" + +SHA3_384 short #35 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_384:"da03486aa3cebbd6502e9f5a6f0f835e973a581befcc1aadefe7b3696ba71c70cd58c584":"02c44ceec0bb7dc0f664ebe44230192b5b0bb646bb944d23fa1ff3586dc0523fa9d7f0dd6df5449ab9edd9a1096b07dc" + +SHA3_384 short #36 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_384:"3c686d321ba66185cdca83ba9f41984fa61b826ef56b136e13f1239dadf6e03d877866ccb8":"ad624edd9f2c3a32b56c53d9e813c01d66bcfe424c4a96907d52ac1ddd68370ec86dac67504a90e8a8e75502e01081d2" + +SHA3_384 short #37 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_384:"4dcff99fac33840f6532547fb69b456902d6718fd5d4538e23462db6d00da61975f2b8e26298":"cf37dd27997c1bb7e6dc405170066e74c6ce517c029ed8dce126d025da74e0b8e86da567e8d7d8d5b5d3e2a546df7489" + +SHA3_384 short #38 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_384:"2799f672328834d7eaef9439795d35ce93c9094f58ded9f17c968a97a50a9e461489fed988e7f6":"85cfc23c97cb13910b808e7033809a45aa0b7f7138de618c2ca622c8b813c988e264af3b96c7925dcbd1d2761757d800" + +SHA3_384 short #39 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_384:"c7e947507822f28a562745a8fe6fed6cb47d73145804c894954e21245cde04fa9155a35904926aca":"8bddf3baebbc5b04fe0b0a9c3c2b730abe918ce4892d2843c613ee96da0228512f0d1307c7d1a8922e79a92e957dd18e" + +SHA3_384 short #40 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_384:"6c497bf6ff69cb39e3faa349212b8b6691ca237905ac0099c450b6d33abf362bedb65bdeb307bfea23":"3639fab6191b35246278522cfacee0cd5b15580a26c505ae3c46b4b1c2572016b48f1b012bbbedec47916950fbb33a1d" + +SHA3_384 short #41 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_384:"d15936f3b0c9018271812b4c81453c4457c7edd110bcea7f5735d6f5882d8f27155eb4cc285a65138ad6":"0293eeef0aa3392c93d9c6ca89c08b317622572d4de2286a4b9ae6c2f9c9e0e64ee6c483d4f10859077e3c6868430214" + +SHA3_384 short #42 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_384:"df18139f34b8904ef0681c1b7a3c86653e44b2535d6cecd1a2a17cd5b9357be79b85e5e04dd9eff2ca8b9a":"db9e171d6e3336631c9ceec6b4d732ce62b015939269fb69fae7d22725500e8a2fc9f1459cf0a31fb9d16d7c44583f52" + +SHA3_384 short #43 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_384:"0459dcbc149333ea2f937b779a5f3728148449a9aea3662cdd2cc653ce6a2050f9c0d54bf9326c039b263eb9":"464ba409fbb45e985f84ee24662eb7c042c3c2ad9649f1ac4a8b2be9c07d37ed2e4284362057493f6a7e52c356b05bc5" + +SHA3_384 short #44 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_384:"eb3f7002c8352270340b8da8643622e5f7e32cdb208a0dec06c6cb9e6b64cc4d8cb9de1d49397b3386464a25d1":"a26bd76ce42d818dbec462d8fe7cdd957e6b84ae8750fb5e1c9c76bc6000e23737e073a59b4600e5056524edc667909d" + +SHA3_384 short #45 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_384:"47e3e3d8c68ac9d9f4b3759d8c7d9dd901e35b096ee4c8b6cbe0cdf467463630926c08289abe153bfa1bcde3cd7c":"b504ef475a568f9caba8352a0b2d243acdf3d2b41d8890a6fb3abb8aa28a29e0c7527d20e2d79b25b400ec27c314db72" + +SHA3_384 short #46 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_384:"838d9c181c5ab59592723bd69360e0d7fd15232beada7591ea899ac78ffd53a32fc73a5fe522ed35d92a6e2bc148ca":"53e99e1158d59032ffe4b5ea304c7d2f7a61b6b2a96ac97832ca26013549fe3f7dcdf926bd74ceabe4f1ff172daed6e6" + +SHA3_384 short #47 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_384:"a90d2aa5b241e1ca9dab5b6dc05c3e2c93fc5a2210a6315d60f9b791b36b560d70e135ef8e7dba9441b74e53dab0606b":"4a16881ce156f45fdfdb45088e3f23be1b4c5a7a6a35315d36c51c75f275733319aca185d4ab33130ffe45f751f1bbc5" + +SHA3_384 short #48 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_384:"8c29345d3a091a5d5d71ab8f5a068a5711f7ba00b1830d5ed0bcdfb1bb8b03cd0af5fe78789c7314f289df7eee288735fe":"e27b39a96255ff69c45285fca6edaaa3954ce32c1e3d9b1f60c1b6676594bb45caf0889fc11daf93a1b60746229689dd" + +SHA3_384 short #49 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_384:"32876feefe9915a32399083472e3c3805ef261800b25582aa7c36395fd3ec05d47b49c4944bbcc2b8b5ebd081f63ae7943d0":"f96433cdb69a607433ea2eb77d87d3328867dc4076b67ccf17f50f9e08e89a86624b60f2ecdb8affcd431fc13173fe75" + +SHA3_384 short #50 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_384:"e2e77eb54f321f86f52ea3d3c8cdc3bc74d8b4f2f334591e5e63b781034da9d7b941d5827037dee40c58dc0d74c00996e582bc":"a352ab33ca730482c376bdc573c9d1dc6d3597f9be9f798b74a57beaa8e9c57b78ee6761056eb67363e882fefcad4fb9" + +SHA3_384 short #51 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_384:"da14b6d0b2ec4cf1e7c790e7f8f4212b8f4d05f50e75e2a56a5d70623c0d2e0115a15428129109b3b136d756e38a5c8463304290":"aae7ad977e17ac0e560c0e0186433420f9fddcd191b9e91567cee05df88f1e1aee50424a313998a873f7a9c289a02217" + +SHA3_384 short #52 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_384:"2db06f09abaa6a9e942d62741eacd0aa3b60d868bddf8717bef059d23f9efe170f8b5dc3ef87da3df361d4f12bfd720083a7a035e8":"85d4e3e5abcb1b59ca6f551eb43b43ff64890511f73a9083a2ce6e9c2861c6e9664c765629024f4b01b0cd1594a5981b" + +SHA3_384 short #53 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_384:"26bad23e51c4560c172076538b28716782ee6304962f68e27182048948d5c367a51a1c206a3e9b25135b40883b2e220f61cb5787ed8f":"a44c7f84ab962f68283404f8c5c4029dbc35d2138e075c9327580baf89f292937bf99422e45756b3f942bf0a5ae4acb6" + +SHA3_384 short #54 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_384:"77a9f652a003a83d22fb849b73fed7d37830c0dc53f89cea7dbec24e14f37197765206fe0e6672016e4dec4d9ebbe3e1b4423771a5d0a8":"29c8bb39bb2aad419a00a80216ec71ec5ec9ab54c41927e3e3f2f48f079a5886d7fe89db98c807ab686d2339001d6252" + +SHA3_384 short #55 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_384:"268c7b3a84849fec5c769bc4ad377dea10c9d20c91dd17fdbd9670a2fc909d0e212129ec40dee41dbf6194a3b04ae8be5e84ad5426ca4496":"0dfc6ffcf4a387ec09ff862c6139a6f7ac77abb2b5e1f6dc814eb71525f8657ac74a7697c2975c70a543af0e227d03ca" + +SHA3_384 short #56 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_384:"b8324341a6891a6b5e001a7d2ebba6e02e8335c124185309a4c9e9907c43bd8d4fa73c527fdf783650316dd24b148870e1436ac05111e9cdcc":"6278d1cc17fb6d54129d04987d4774fa846dcac4ba8b6b72f41e63dc387ce0081ba29fb2c17c6744edae24e669cc9e75" + +SHA3_384 short #57 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_384:"5ef8b3d79d299bee2c414560c7de626cc0d9fb429884aa69cc30095ef1f36b7e03a8ca25fb3601189f163b209e0facf8dc447f690b710fb47b72":"7ec9505f33f4a5493574422de078e0490b61be8e8d6f158192bb7d2bdc2dc335598dc88d9b443cd1c14b883a77119df1" + +SHA3_384 short #58 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_384:"ad7321c9a8b8f0bfe100811114270daad57f6e88772326b62d88a37a6f55c2cf9f759115ed6a590878e4dcefb592db151538db7de20229d26a181c":"3782d2caa537294e809e9df837b1b07e2f1df07d0f4c12e12459f56eeaa478d5b3a41e519d9414eafa5ddd5661c831ba" + +SHA3_384 short #59 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_384:"0719d9664541f0a824f71c83b809bb6afc973c9f7428e1ed11f7c29a558e1698b796aefb49eec2b098faf06bd43e82e1312bf0388c38a5bb523506d3":"362c05f678df92883d56e19221391fb00d0f0afcec51d3e0feb15ba2fb60693b09d69118af649648933259d7b1e240ab" + +SHA3_384 short #60 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_384:"5415c2596aa7d21e855be98491bd702357c19f21f46294f98a8aa37b3532ee1541ca35509adbef9d83eb99528ba14ef0bd2998a718da861c3f16fe6971":"8f9fd7d879d6b51ee843e1fbcd40bb67449ae744db9f673e3452f028cb0189d9cb0fef7bdb5c760d63fea0e3ba3dd8d1" + +SHA3_384 short #61 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_384:"b979a25a424b1e4c7ea71b6645545248498a2b8c4b568e4c8f3ff6e58d2ac8fbe97be4bea57d796b96041d1514511da5f6351120be7ab428107ef3c66921":"e248a64b6ef112bf3d29948b1c995808e506c049f3906d74c3ee1e4d9f351658681901fe42c8e28024fe31014e2d342b" + +SHA3_384 short #62 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_384:"e64c7bb9cd99ce547d43de3cc3b6f7d87a2df9d8a4760c18baf590c740ec53c89bfa075827e1f3f2858ce86f325077725e726103fbe94f7a1466c39f60924f":"d1e5a72d2595f38714c6198ac14f8a5cdd894dcf9b4b8e975174b100df7bbf4f7ce291b4864f27c0b64e6330f6c1c82c" + +SHA3_384 short #63 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_384:"91b7a1fd0e20072d9c5be7196e5eaf8df36fdf145895b30d4e4c02010d7c663499ac9d7a44732f4c7430511ba6fb0ae4b3dc9405523a054fdf962f5c5b79c423":"07c2e0aeae30da83b5a6b320aa1cf727b10c2034583d7acda55648fa3daa017aa15588b6e2149101c56e3d7df7c76df1" + +SHA3_384 short #64 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_384:"5bbc2d4efe63cbfc9fc221dd8d8384075a79c80a27d6a8c5219e677f4c5bb8338013dc2ab1770acf735d13c0bc704621ec2691350cf3ea2f53bded45ef8fc70702":"dd0bbfe4b799642191abe316df9d59a3743566778b4459c51c3be3f658bdce45516ad188fbe1a8cad8a1fa78f8ebb645" + +SHA3_384 short #65 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_384:"129549278e8976c38b5505815725400c3d2081edf141ad002e62ff299d9a0743f9c9f25971710b194dc88285d50b6cec6e140c19072f51cab32a9f6497abd3e407c6":"ca26aec527fadcd5ebeb4eafa7c102f79a3c2edb452afd04f6162dd7a17bdd1aad7d616508a89a3ec6a40791d915acc8" + +SHA3_384 short #66 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_384:"b9a9f378adeff4337bc7ec10d526c6dda07028375549f7fda7a81d05662c8a0da3b478f4152af42abb9f9a65c39da095abb8161ba6676b35411234bd466c2914e00370":"99914f684e0b317f9338af0c71e9655a3af7153eb9fabaae61454bf8de9e0bfd274c1eff6c4b550e47afcb3b20fa7d9e" + +SHA3_384 short #67 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_384:"101da5b09700dcadf80e5b7900f4e94c54d5f175569a854e488aa36fb41ab7220b0662178ca07a596768528123de3b2a3d944aa412875cedfeaf58dcc6d5b4a033a53b69":"d3e32c9b271e11e4968397d85d76938b974ac1ba55bcbe8d7b7da02dbd7e3b9c9af0d98bbd7e50c436fcf9e3551e3432" + +SHA3_384 short #68 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_384:"14761bbc5685b5de692973e2df7c9c4750889c19a952f912c817890546d5e37d940d13a14ac7925abbd875b8cd60e4920896ce6decc8db9f889da2b5489e1d110ff459d885":"272222ed50631aff465c0e6fe49ecdfdca983bcb7231e50903e200b335b845108202c28315912c9c4fd50e2c6f13a9ea" + +SHA3_384 short #69 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_384:"ed538009aeaed3284c29a6253702904967e0ea979f0a34a5f3d7b5ab886662da9b8e01efc4188e077c2cdeb5de0a8252aafbee948f86db62aae6e9e74abc89e6f6021a4db140":"8361b680243b1661d6f1df53db363cae41c2ebb7438c00606d76b9c2a253faa1f09d6f520d69d692ec1dca0c7885119c" + +SHA3_384 short #70 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_384:"c434d88468f1eda23848d0804b476933f24baeadec69743dd90d8455f1e1f290f6f1aaf3670c4c74f76d3ab83e9bef21ad8d9208c712ca478e70d5fb3c4bd48834c969dd38f484":"9c26e96fcc09a76cc13d24ad25c9cef4300e96e97e4fb59b441baffed07f6a70b1464f2548c7fd7839810dbb9e9c1e18" + +SHA3_384 short #71 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_384:"3064e5ba1e7751bf7198e0811ff4d4ca17d1311c25d9c3a316b562691cde75c974b0b52645c134ddcc709d77b6c1bd24cd684265d723c308bb4d0159e6b16d97ed9ceaa57436d302":"1ea779739b204abe911b4923e6f60fece271eedfc7f074fe1919f0cbc6ce2a99234b003389520884b660165f5a1e80f8" + +SHA3_384 short #72 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_384:"89d9521ad84b1c9afc2fbd0edc227193acd3330764b0d2cb71bf47c7aac946af85be13858b55976009f3b36b09ced4308052c817c9c4d0295225f61a9659a0874b88667cdcc5213919":"4209bb8f869f6f17c8d5c368c489ac51a75e24a85a12de1b16fefc292ce636ff8fa360e82f05684f6b0b074ba370a933" + +SHA3_384 short #73 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_384:"3216662da0227993d88288187177a0287de4eccf245d7c718b8045bbfb8869d93f1fb9e94d7478b0298e628c07e0edaab01dcf79264dc05f8b2181aa3f831dc949726fbcf80de4c9c9ed":"64c45e018cfbc88f8f4ffe3cef0df3a94aab3049fafae28e28efbb2a4b94809eb302caf901010abfa194f72965663d35" + +SHA3_384 short #74 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_384:"e776e6749c5b6c7def59cb98340984539280a9874f80412d4df0ee73d58acd1094d49ed4e35125834cf8cfe349e599144e4f2e200aba4fd3eb6d78cde027c1d5620e0270b5e83ab26b8d32":"94bd67b7f2587b0bda5487cc45d00e4365f1ee40073cdf0d23a5ea3fba01eef42a46bfbac5306d67be02d8d918ae5c9a" + +SHA3_384 short #75 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_384:"5d8f84b2f208b58a68e88ce8efb543a8404f0ec0c9805c760ad359d13faab84d3f8bb1d2a4bb45e72c0ec9245ffda2e572f94e466cffa44b876d5c5ed914d1ff338e06b74ad1e74d1405d23d":"947350307748c29467f00103d0a07c3c228c5f494fc88fe2352ca5d10449d0dda7076780c05439a09694eb528d1f477a" + +SHA3_384 short #76 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_384:"357d5765595065efe281afb8d021d4764fba091adde05e02af0a437051a04a3b8e552ec48fb7152c470412c40e40eec58b842842d8993a5ae1c61eb20de5112321bc97af618bbfbaf8e2a87699":"32286970204c3451958f5155f090448f061dd81b136a14592a3204c6b08e922ee5bb6d6534dbf8efb4bb7387092c8400" + +SHA3_384 short #77 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_384:"a8cb78e1485cbb7a9474c1c1f8e0f307cda5139a7e947df5ea20ac330a6dffcad4a9bd755f9f58724789eeee532615be550dd84f5241fde0e3058aeedbf287f02a460445027f5e6b3829bf71ecf4":"51168bfeef8a981c0def0c4cb067baf15ce5feb8d5f7e9d6076b2836267391aee1fd3a0b5d3434ceb5cf2d6fa06fa063" + +SHA3_384 short #78 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_384:"81acca82545e767ab59dcc750a09849cebad08ff31c9297f4fd510ebe6c27769938319180ccc66f36b1a7cf9c9f3538b0f6f371509f77cf0bc4d6d87facc85b933f2e27f8e1bf6cf388f80c0fcbfba":"4ae44d6509986893a8414753b57d11f9c554d89c15ad6d70687c56c6c2ac73537acbb0d51f48e6bea6cf762d58890d7a" + +SHA3_384 short #79 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_384:"94987498b1ca87a6f3fa4b999db726115c455d0ec24029b2f5810e49a94668864b8c470f7fc07c3dcd97f41c973b45ba4fa7879ee7546596881573b6863fc39d940eb3fa3444084f721341f5d23d2561":"a733b118be72a187ddcbe5ba67e04b589f9cd9f8482c4bd9d64c580aba7d19d2d1f9c1ddf95fe6efdeffd44f67fcabb5" + +SHA3_384 short #80 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_384:"de6b32c2d40d0659166db235259b530ea43f44e75d8b3e9e856ec4c1410bbea3696964af8b6c5dfd3304282369a4bc4e7cf66b91fecd0c7c105b59f1e0a496336f327440980a34614ee00fff2587d6b813":"17ba30c0b5fc185b3245313b83dd0481145953101128914765784af751745b8a2b6a90a434548f3adaf1f07f18649890" + +SHA3_384 short #81 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_384:"854211bedacc19f77b46cfa447a4ad672ea9b643f09f5cf5274ba28888207e2466b38127776fb976db8ad7165a378df6ee1e3a0f8109c9aff7e0d6126fd71333c6e6ebe15d7a65151d6a4a83b82c8a6f3149":"ca85632a9f7c32ac4705c6458770025dda4fd07a8d5d6921b897b0da490d64400587649f2d20bf608b9a18d071b63b48" + +SHA3_384 short #82 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_384:"822373d9d3d5b06a8da48a43095740fb98c9caf717350fd2c3b058024ff705b9346b7f0a495a6d4d93802bc45ece777f8c6a6e7c2ef6b8135115ff911a2ba5241665b6f7cbfa1b9d93b011b3aaa1dac1853fb2":"6e84587c8c6e54353a6032e7505902ef7f0f0538dd1bb32922e13a7d4d98c47a541015381eab27e9186398120da7fb32" + +SHA3_384 short #83 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_384:"c04b701f688092bbd1cf4217bc4b5877f2e60c087bdac46611482a61d51f820140403bc85be0c336332da0938734bde8c502014f3509266c73c6c93c22a1bd0ddf15a5ce7410c2894e9d092e32c079922ba1abb7":"75c585503f15a526113608bc183180b1cb80f4d1b466c576bf021b1ce7a1528391f70e10446681849fa8a643cb2b6828" + +SHA3_384 short #84 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_384:"009dd821cbed1235880fe647e191fe6f6555fdc98b8aad0ff3da5a6df0e5799044ef8e012ad54cb19a46fdd5c82f24f3ee77613d4bed961f6b7f4814aaac48bdf43c9234ce2e759e9af2f4ff16d86d5327c978dad5":"02a09d37d31e4365c26bec0eaacecf29eea4e8d21ab915dd605248764d964f10ebb8fafdb591982d33869a1d08a7e313" + +SHA3_384 short #85 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_384:"0b7dd6709d55e0d526d64c0c5af40acf595be353d705be7b7a0b1c4c83bbe6a1b1ec681f628e9d6cfc85ad9c8bb8b4ecac64c5b3a9b72f95e59afefa7bcec5be223a9b2b54836424afde52a29b22ab652d22cce34b39":"5c84ae39d959b79555231746ad5b33689a31720ed0070f6772147977edd0aead07fb8b7b71b0bd587ebc5c1a80d564c7" + +SHA3_384 short #86 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_384:"3e9b65d7bf4239420afa8639c8195b63902b24495b95c4143978e49843d88a92d1feed2eed1a88cd072d6d04ea26dce8ee4b14896fdb69bc7ff2971ed8ac5655148d2e9921218d74efdf17c56b533d0bb17d11e07d7458":"ab7890d1b51af10285752bf9da5eee5c3e87a285dc33262d0261aa9a575f303e94845d7ab21b48f4e6884568cd78b550" + +SHA3_384 short #87 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_384:"9436da433d1ebd10b946b129cb34bccec9b8f705aaba3f8561352ed36a8449aba2dd7ba15b1bc308b0c02913163af63a346524dff5521432db477f529606afb5d552efc95cb040db566b4d39eddaa19319e518a7b5c6931e":"968ae9104f9c907c5a72936250dfedd62cd04f6e5ddd2c113490808a11884449aaef5d013ea3993a6cb6fc5c08754408" + +SHA3_384 short #88 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_384:"37254bf9bc7cd4ed72e72b6bb623a0cc8eeb963d827aef65ad4bc54913235b6d3551533ce33421aa52ffbf186eb9a2787188eeb1b52ee645c6d4a631bc071415c80014940c28fbfeb0db472c326c8dacfd6ab21f3e225edef3":"975e10fac9aa77b780e5f6c2151ec4a3c72ff26e41233cc774c074df1b78cce5af1191ba955a0bce15926ae691b0ffe7" + +SHA3_384 short #89 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_384:"79e77cd08a6ef770bbe4bedf61557ea632b42d78637149670d4d6157d56ed7b2ccaee45d9439dcebc557b4118e86c15aa0ccc21c474b21abda1676cc56434d6d46422993e66dc99387dfa985358accf69884b9dd18a2c4d04448":"94729f5f99a54f5a3ea69233ff9d522392d4596eb6ac2bbb07492ece3c67317412bb47ae317ddd20536c3adc003862f1" + +SHA3_384 short #90 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_384:"64b76cb554f6becc238a3fcfc3eb97993667ec82fdc3fb28d42567709c3250c7997328aeddfdc2750451ac462281bf66fa94f4b8712c7a8342660574f20268e707c466627519c56259fea55be91e10faab3ad2ade6ce8b6557f202":"26d48ef5067d704ee9e2a64e399de23068908b3c911ffc4056c168362c37385c92d37d51354b6505a82c4d22fec37eaa" + +SHA3_384 short #91 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_384:"3df27829bfb1ab7d381f146b30370ef56b392b73b35b1be5d8bbcf88f499dda7f3c327b45350b8972991ee466545de96560cf451711fda884e3d9b2af3e909d655d25cee1c931beda79c40fa507097bdf1126771a7b9543ad5cb84b9":"5fa4ebfa24150236c03409f0857b31cb95b0150f381c8858b01559957b1268f73c698709233e6b15468675a102d0c5e5" + +SHA3_384 short #92 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_384:"b00f4e67ca08ccfa32b2698f70411d8f570f69c896e18ec8896cfe89551810543303f7df0c49f5b94783cce7df8d76d0b88d155633302d46003711f233339b1c9a8c20164ec8a328890a4932b7d90d92d023b548e4820558f8bd327010":"eaa756b5892fdfc793d74e3f9f4d6c7a5a6a2241dd11e0c38ced59c8ec7be377a41d1d06774a5970ce9722d8e119d0ad" + +SHA3_384 short #93 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_384:"a4f95f6a46a9cbf384a7e98e102d1fdc96839d1bf26b35a5a0bd6cb9734fd17e8a178d4581943c0fe469fb4fe94cc2f15e1ef59ae05b35324eb57ca07dfc69d42d41d80b3c3bb64e1aea143c7d79790a56697dc803ec93e6c68f27f6761c":"1aff8d9c64f0c162ed0195d1f3a342a010d14be0636903c48020ba42de1cfa8b98ae2142d89af3e69e9eb4c735857dd1" + +SHA3_384 short #94 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_384:"02713084bf93fdc35135515243c3bc0f4b2b447f2d3461c0dc104cbfe23479ab036762a91d1987c953f7b3386abc80b8734a1d4eabf94f3a9f2fb62c943152b5253846fc2ec8dbb2e93dc74857a7b05fe2d7ec8040ba8b0d9ae69777ee739a":"84da02114e341a3636f00822b32bd21a8a1f7b39f2956bd97f39346fedf9aae63b304c65c93a541e8bcda549576d5f27" + +SHA3_384 short #95 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_384:"00ce225eaea24843406fa42cc8450e66f76ac9f549b8591f7d40942f4833fc734a034c8741c551d57ddafb5d94ceb4b25680f045038306e6bcc53e88386e2b45b80b3ba23dec8c13f8ca01c202ae968c4d0df04cdb38395d2df42a5aff646928":"81d6e0d96575a9b8ca083ee9ec2ead57ddf72b97d7709086a2f4a749d3f61d16423463487562c7f09aba1b26e8cae47b" + +SHA3_384 short #96 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_384:"7af3feed9b0f6e9408e8c0397c9bb671d0f3f80926d2f48f68d2e814f12b3d3189d8174897f52a0c926ccf44b9d057cc04899fdc5a32e48c043fd99862e3f761dc3115351c8138d07a15ac23b8fc5454f0373e05ca1b7ad9f2f62d34caf5e1435c":"00e95f4e8a32a03e0a3afba0fd62c7c3c7120b41e297a7ff14958c0bdf015a478f7bab9a22082bfb0d206e88f4685117" + +SHA3_384 short #97 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_384:"2eae76f4e7f48d36cd83607813ce6bd9ab0ecf846ad999df67f64706a4708977f0e9440f0b31dc350c17b355007fed90d4b577b175014763357ce5a271212a70702747c98f8f0ad89bf95d6b7fbb10a51f34d8f2835e974038a3dd6df3f2affb7811":"eb396cfaf26ee2775af3c9a3a3047664ca34cbc228ccbb966df187d518717df6a328ecc316ed0ed09b170080eccc486f" + +SHA3_384 short #98 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_384:"093e56d33bd9337ad2ad268d14bac69a64a8a7361350cf9f787e69a043f5beb50eb460703578a81be882639f7e9ac9a50c54affa3792fd38464a61a37c8a4551a4b9ff8eed1f487ef8a8f00430e4d0e35a53ff236ce049b7a3abdc5cd00b45c4f3d49b":"4a339128486e5b274fc4ed538c0ec9e57f780e9c500c5f92b04ae81a22fbeebf3785259a0bb3b6d9b47f31873cd8dffa" + +SHA3_384 short #99 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_384:"0593babe7a6202077c026e253cb4c60ee7bad7b1c31a20da7aa0ce56b622eb57ed07d21a7f0ae6c6fe3c8398cc48353decfb287f1204e024fcf82a13059953b9f85797ab2217dc8dab34a13226c33104661c1ca79396e7d97e91039d32bafc98cc8af3bb":"5981815c1618cc49cd5cf71a4b7b32b8cd7b7ef553bfaef2149ac723ff2582a2d345c5bd05943e155ced1e5f091c5601" + +SHA3_384 short #100 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_384:"ae1828047c5f82a7b9712f3399832124b892f2f7aea51c8fe3536cd6a584b4a7777cc1ecac158c03354bb467b8fe2c8ce2f4310afd1e80fec51cc5ad7702566b2c5d21bc6571e4b8e7c59cb4c9e23f1ecb57ada9e900e4aa308874c2d12d34be74c332bbce":"7257f5bfa7d33d1cf5f4550d0cb78750e84c5b7d25027da6acec64bdf30879a0e5c97fe7c468e743aa5ec2bddb29d193" + +SHA3_384 short #101 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_384:"3bceedf5df8fe699871decb7dd48203e2518fb0fce0f865f46adce5c133a921320bf40915456204869a3ceb5fca3ed40e0a41a64b8951f0fc580694cfc55bd1f5ce926b07e3e32ac6e055de9b961ce49c7ee41e06b024559b933a79518192e969855889c85d1":"60d7f8bd85fb7a13701db5aded2b7771ab5e476ec34f1fd4298978defbd2b31bb2979391559a164b3ed28f6a39031a11" + +SHA3_384 short #102 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_384:"6c36147652e71b560becbca1e7656c81b4f70bece26321d5e55e67a3db9d89e26f2f2a38fd0f289bf7fa22c2877e38d9755412794cef24d7b855303c332e0cb5e01aa50bb74844f5e345108d6811d5010978038b699ffaa370de8473f0cda38b89a28ed6cabaf6":"b1319192df11faa00d3c4b068becc8f1ba3b00e0d1ff1f93c11a3663522fdb92ab3cca389634687c632e0a4b5a26ce92" + +SHA3_384 short #103 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_384:"92c41d34bd249c182ad4e18e3b856770766f1757209675020d4c1cf7b6f7686c8c1472678c7c412514e63eb9f5aee9f5c9d5cb8d8748ab7a5465059d9cbbb8a56211ff32d4aaa23a23c86ead916fe254cc6b2bff7a9553df1551b531f95bb41cbbc4acddbd372921":"71307eec1355f73e5b726ed9efa1129086af81364e30a291f684dfade693cc4bc3d6ffcb7f3b4012a21976ff9edcab61" + +SHA3_512 short #0 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_512:"e5":"150240baf95fb36f8ccb87a19a41767e7aed95125075a2b2dbba6e565e1ce8575f2b042b62e29a04e9440314a821c6224182964d8b557b16a492b3806f4c39c1" + +SHA3_512 short #1 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_512:"ef26":"809b4124d2b174731db14585c253194c8619a68294c8c48947879316fef249b1575da81ab72aad8fae08d24ece75ca1be46d0634143705d79d2f5177856a0437" + +SHA3_512 short #2 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_512:"37d518":"4aa96b1547e6402c0eee781acaa660797efe26ec00b4f2e0aec4a6d10688dd64cbd7f12b3b6c7f802e2096c041208b9289aec380d1a748fdfcd4128553d781e3" + +SHA3_512 short #3 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_512:"fc7b8cda":"58a5422d6b15eb1f223ebe4f4a5281bc6824d1599d979f4c6fe45695ca89014260b859a2d46ebf75f51ff204927932c79270dd7aef975657bb48fe09d8ea008e" + +SHA3_512 short #4 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_512:"4775c86b1c":"ce96da8bcd6bc9d81419f0dd3308e3ef541bc7b030eee1339cf8b3c4e8420cd303180f8da77037c8c1ae375cab81ee475710923b9519adbddedb36db0c199f70" + +SHA3_512 short #5 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_512:"71a986d2f662":"def6aac2b08c98d56a0501a8cb93f5b47d6322daf99e03255457c303326395f765576930f8571d89c01e727cc79c2d4497f85c45691b554e20da810c2bc865ef" + +SHA3_512 short #6 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_512:"ec83d707a1414a":"84fd3775bac5b87e550d03ec6fe4905cc60e851a4c33a61858d4e7d8a34d471f05008b9a1d63044445df5a9fce958cb012a6ac778ecf45104b0fcb979aa4692d" + +SHA3_512 short #7 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_512:"af53fa3ff8a3cfb2":"03c2ac02de1765497a0a6af466fb64758e3283ed83d02c0edb3904fd3cf296442e790018d4bf4ce55bc869cebb4aa1a799afc9d987e776fef5dfe6628e24de97" + +SHA3_512 short #8 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_512:"3d6093966950abd846":"53e30da8b74ae76abf1f65761653ebfbe87882e9ea0ea564addd7cfd5a6524578ad6be014d7799799ef5e15c679582b791159add823b95c91e26de62dcb74cfa" + +SHA3_512 short #9 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_512:"1ca984dcc913344370cf":"6915ea0eeffb99b9b246a0e34daf3947852684c3d618260119a22835659e4f23d4eb66a15d0affb8e93771578f5e8f25b7a5f2a55f511fb8b96325ba2cd14816" + +SHA3_512 short #10 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_512:"fc7b8cdadebe48588f6851":"c8439bb1285120b3c43631a00a3b5ac0badb4113586a3dd4f7c66c5d81012f7412617b169fa6d70f8e0a19e5e258e99a0ed2dcfa774c864c62a010e9b90ca00d" + +SHA3_512 short #11 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_512:"ecb907adfb85f9154a3c23e8":"94ae34fed2ef51a383fb853296e4b797e48e00cad27f094d2f411c400c4960ca4c610bf3dc40e94ecfd0c7a18e418877e182ca3ae5ca5136e2856a5531710f48" + +SHA3_512 short #12 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_512:"d91a9c324ece84b072d0753618":"fb1f06c4d1c0d066bdd850ab1a78b83296eba0ca423bb174d74283f46628e6095539214adfd82b462e8e9204a397a83c6842b721a32e8bb030927a568f3c29e6" + +SHA3_512 short #13 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_512:"c61a9188812ae73994bc0d6d4021":"069e6ab1675fed8d44105f3b62bbf5b8ff7ae804098986879b11e0d7d9b1b4cb7bc47aeb74201f509ddc92e5633abd2cbe0ddca2480e9908afa632c8c8d5af2a" + +SHA3_512 short #14 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_512:"a6e7b218449840d134b566290dc896":"3605a21ce00b289022193b70b535e6626f324739542978f5b307194fcf0a5988f542c0838a0443bb9bb8ff922a6a177fdbd12cf805f3ed809c48e9769c8bbd91" + +SHA3_512 short #15 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_512:"054095ba531eec22113cc345e83795c7":"f3adf5ccf2830cd621958021ef998252f2b6bc4c135096839586d5064a2978154ea076c600a97364bce0e9aab43b7f1f2da93537089de950557674ae6251ca4d" + +SHA3_512 short #16 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_512:"5b1ec1c4e920f5b995b6a788b6e989ac29":"135eea17ca4785482c19cd668b8dd2913216903311fa21f6b670b9b573264f8875b5d3c071d92d63556549e523b2af1f1a508bd1f105d29a436f455cd2ca1604" + +SHA3_512 short #17 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_512:"133b497b00932773a53ba9bf8e61d59f05f4":"783964a1cf41d6d210a8d7c81ce6970aa62c9053cb89e15f88053957ecf607f42af08804e76f2fbdbb31809c9eefc60e233d6624367a3b9c30f8ee5f65be56ac" + +SHA3_512 short #18 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_512:"88c050ea6b66b01256bda299f399398e1e3162":"6bf7fc8e9014f35c4bde6a2c7ce1965d9c1793f25c141021cc1c697d111363b3854953c2b4009df41878b5558e78a9a9092c22b8baa0ed6baca005455c6cca70" + +SHA3_512 short #19 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_512:"d7d5363350709e96939e6b68b3bbdef6999ac8d9":"7a46beca553fffa8021b0989f40a6563a8afb641e8133090bc034ab6763e96d7b7a0da4de3abd5a67d8085f7c28b21a24aefb359c37fac61d3a5374b4b1fb6bb" + +SHA3_512 short #20 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_512:"54746a7ba28b5f263d2496bd0080d83520cd2dc503":"d77048df60e20d03d336bfa634bc9931c2d3c1e1065d3a07f14ae01a085fe7e7fe6a89dc4c7880f1038938aa8fcd99d2a782d1bbe5eec790858173c7830c87a2" + +SHA3_512 short #21 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_512:"73df7885830633fc66c9eb16940b017e9c6f9f871978":"0edee1ea019a5c004fd8ae9dc8c2dd38d4331abe2968e1e9e0c128d2506db981a307c0f19bc2e62487a92992af77588d3ab7854fe1b68302f796b9dcd9f336df" + +SHA3_512 short #22 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_512:"14cb35fa933e49b0d0a400183cbbea099c44995fae1163":"af2ef4b0c01e381b4c382208b66ad95d759ec91e386e953984aa5f07774632d53b581eba32ed1d369c46b0a57fee64a02a0e5107c22f14f2227b1d11424becb5" + +SHA3_512 short #23 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_512:"75a06869ca2a6ea857e26e78bb78a139a671ccb098d8205a":"88be1934385522ae1d739666f395f1d7f99978d62883a261adf5d618d012dfab5224575634446876b86b3e5f7609d397d338a784b4311027b1024ddfd4995a0a" + +SHA3_512 short #24 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_512:"b413ab364dd410573b53f4c2f28982ca07061726e5d999f3c2":"289e889b25f9f38facfccf3bdbceea06ef3baad6e9612b7232cd553f4884a7a642f6583a1a589d4dcb2dc771f1ff6d711b85f731145a89b100680f9a55dcbb3f" + +SHA3_512 short #25 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_512:"d7f9053984213ebabc842fd8ce483609a9af5dc140ecdbe63336":"f167cb30e4bacbdc5ed53bc615f8c9ea19ad4f6bd85ca0ff5fb1f1cbe5b576bda49276aa5814291a7e320f1d687b16ba8d7daab2b3d7e9af3cd9f84a1e9979a1" + +SHA3_512 short #26 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_512:"9b7f9d11be48e786a11a472ab2344c57adf62f7c1d4e6d282074b6":"82fa525d5efaa3cce39bffef8eee01afb52067097f8965cde71703345322645eae59dbaebed0805693104dfb0c5811c5828da9a75d812e5562615248c03ff880" + +SHA3_512 short #27 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_512:"115784b1fccfabca457c4e27a24a7832280b7e7d6a123ffce5fdab72":"ec12c4ed5ae84808883c5351003f7e26e1eaf509c866b357f97472e5e19c84f99f16dbbb8bfff060d6c0fe0ca9c34a210c909b05f6a81f441627ce8e666f6dc7" + +SHA3_512 short #28 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_512:"c3b1ad16b2877def8d080477d8b59152fe5e84f3f3380d55182f36eb5f":"4b9144edeeec28fd52ba4176a78e080e57782d2329b67d8ac8780bb6e8c2057583172af1d068922feaaff759be5a6ea548f5db51f4c34dfe7236ca09a67921c7" + +SHA3_512 short #29 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_512:"4c66ca7a01129eaca1d99a08dd7226a5824b840d06d0059c60e97d291dc4":"567c46f2f636223bd5ed3dc98c3f7a739b42898e70886f132eac43c2a6fadabe0dd9f1b6bc4a9365e5232295ac1ac34701b0fb181d2f7f07a79d033dd426d5a2" + +SHA3_512 short #30 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_512:"481041c2f56662316ee85a10b98e103c8d48804f6f9502cf1b51cfa525cec1":"46f0058abe678195b576df5c7eb8d739468cad1908f7953ea39c93fa1d96845c38a2934d23804864a8368dae38191d983053ccd045a9ab87ef2619e9dd50c8c1" + +SHA3_512 short #31 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_512:"7c1688217b313278b9eae8edcf8aa4271614296d0c1e8916f9e0e940d28b88c5":"627ba4de74d05bb6df8991112e4d373bfced37acde1304e0f664f29fa126cb497c8a1b717b9929120883ec8898968e4649013b760a2180a9dc0fc9b27f5b7f3b" + +SHA3_512 short #32 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_512:"785f6513fcd92b674c450e85da22257b8e85bfa65e5d9b1b1ffc5c469ad337d1e3":"5c11d6e4c5c5f76d26876c5976b6f555c255c785b2f28b6700ca2d8b3b3fa585636239277773330f4cf8c5d5203bcc091b8d47e7743bbc0b5a2c54444ee2acce" + +SHA3_512 short #33 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_512:"34f4468e2d567b1e326c0942970efa32c5ca2e95d42c98eb5d3cab2889490ea16ee5":"49adfa335e183c94b3160154d6698e318c8b5dd100b0227e3e34cabea1fe0f745326220f64263961349996bbe1aae9054de6406e8b350408ab0b9f656bb8daf7" + +SHA3_512 short #34 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_512:"53a0121c8993b6f6eec921d2445035dd90654add1298c6727a2aed9b59bafb7dd62070":"918b4d92e1fcb65a4c1fa0bd75c562ac9d83186bb2fbfae5c4784de31a14654546e107df0e79076b8687bb3841c83ba9181f9956cd43428ba72f603881b33a71" + +SHA3_512 short #35 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_512:"d30fa4b40c9f84ac9bcbb535e86989ec6d1bec9b1b22e9b0f97370ed0f0d566082899d96":"39f104c1da4af314d6bceb34eca1dfe4e67484519eb76ba38e4701e113e6cbc0200df86e4439d674b0f42c72233360478ba5244384d28e388c87aaa817007c69" + +SHA3_512 short #36 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_512:"f34d100269aee3ead156895e8644d4749464d5921d6157dffcbbadf7a719aee35ae0fd4872":"565a1dd9d49f8ddefb79a3c7a209f53f0bc9f5396269b1ce2a2b283a3cb45ee3ae652e4ca10b26ced7e5236227006c94a37553db1b6fe5c0c2eded756c896bb1" + +SHA3_512 short #37 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_512:"12529769fe5191d3fce860f434ab1130ce389d340fca232cc50b7536e62ad617742e022ea38a":"daee10e815fff0f0985d208886e22f9bf20a3643eb9a29fda469b6a7dcd54b5213c851d6f19338d63688fe1f02936c5dae1b7c6d5906a13a9eeb934400b6fe8c" + +SHA3_512 short #38 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_512:"b2e3a0eb36bf16afb618bfd42a56789179147effecc684d8e39f037ec7b2d23f3f57f6d7a7d0bb":"04029d6d9e8e394afa387f1d03ab6b8a0a6cbab4b6b3c86ef62f7142ab3c108388d42cb87258b9e6d36e5814d8a662657cf717b35a5708365e8ec0396ec5546b" + +SHA3_512 short #39 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_512:"25c4a5f4a07f2b81e0533313664bf615c73257e6b2930e752fe5050e25ff02731fd2872f4f56f727":"ec2d38e5bb5d7b18438d5f2029c86d05a03510db0e66aa299c28635abd0988c58be203f04b7e0cc25451d18f2341cd46f8705d46c2066dafab30d90d63bf3d2c" + +SHA3_512 short #40 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_512:"134bb8e7ea5ff9edb69e8f6bbd498eb4537580b7fba7ad31d0a09921237acd7d66f4da23480b9c1222":"8f966aef96831a1499d63560b2578021ad970bf7557b8bf8078b3e12cefab122fe71b1212dc704f7094a40b36b71d3ad7ce2d30f72c1baa4d4bbccb3251198ac" + +SHA3_512 short #41 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_512:"f793256f039fad11af24cee4d223cd2a771598289995ab802b5930ba5c666a24188453dcd2f0842b8152":"22c3d9712535153a3e206b1033929c0fd9d937c39ba13cf1a6544dfbd68ebc94867b15fda3f1d30b00bf47f2c4bf41dabdeaa5c397dae901c57db9cd77ddbcc0" + +SHA3_512 short #42 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_512:"23cc7f9052d5e22e6712fab88e8dfaa928b6e015ca589c3b89cb745b756ca7c7634a503bf0228e71c28ee2":"6ecf3ad6064218ee101a555d20fab6cbeb6b145b4eeb9c8c971fc7ce05581a34b3c52179590e8a134be2e88c7e549875f4ff89b96374c6995960de3a5098cced" + +SHA3_512 short #43 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_512:"a60b7b3df15b3f1b19db15d480388b0f3b00837369aa2cc7c3d7315775d7309a2d6f6d1371d9c875350dec0a":"8d651605c6b32bf022ea06ce6306b2ca6b5ba2781af87ca2375860315c83ad88743030d148ed8d73194c461ec1e84c045fc914705747614c04c8865b51da94f7" + +SHA3_512 short #44 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_512:"2745dd2f1b215ea509a912e5761cccc4f19fa93ba38445c528cb2f099de99ab9fac955baa211fd8539a671cdb6":"4af918eb676ce278c730212ef79d818773a76a43c74d643f238e9b61acaf4030c617c4d6b3b7514c59b3e5e95d82e1e1e35443e851718b13b63e70b123d1b72c" + +SHA3_512 short #45 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_512:"88adee4b46d2a109c36fcfb660f17f48062f7a74679fb07e86cad84f79fd57c86d426356ec8e68c65b3caa5bc7ba":"6257acb9f589c919c93c0adc4e907fe011bef6018fbb18e618ba6fcc8cbc5e40641be589e86dbb0cf7d7d6bf33b98d8458cce0af7857f5a7c7647cf350e25af0" + +SHA3_512 short #46 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_512:"7d40f2dc4af3cfa12b00d64940dc32a22d66d81cb628be2b8dda47ed6728020d55b695e75260f4ec18c6d74839086a":"5c46c84a0a02d898ed5885ce99c47c77afd29ae015d027f2485d630f9b41d00b7c1f1faf6ce57a08b604b35021f7f79600381994b731bd8e6a5b010aeb90e1eb" + +SHA3_512 short #47 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_512:"3689d8836af0dc132f85b212eb670b41ecf9d4aba141092a0a8eca2e6d5eb0ba4b7e61af9273624d14192df7388a8436":"17355e61d66e40f750d0a9a8e8a88cd6f9bf6070b7efa76442698740b4487ea6c644d1654ef16a265204e03084a14cafdccf8ff298cd54c0b4009967b6dd47cc" + +SHA3_512 short #48 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_512:"58ff23dee2298c2ca7146227789c1d4093551047192d862fc34c1112d13f1f744456cecc4d4a02410523b4b15e598df75a":"aca89aa547c46173b4b2a380ba980da6f9ac084f46ac9ddea5e4164aeef31a9955b814a45aec1d8ce340bd37680952c5d68226dda1cac2677f73c9fd9174fd13" + +SHA3_512 short #49 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_512:"67f3f23df3bd8ebeb0096452fe4775fd9cc71fbb6e72fdcc7eb8094f42c903121d0817a927bcbabd3109d5a70420253deab2":"f4207cc565f266a245f29bf20b95b5d9a83e1bb68ad988edc91faa25f25286c8398bac7dd6628259bff98f28360f263dfc54c4228bc437c5691de1219b758d9f" + +SHA3_512 short #50 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_512:"a225070c2cb122c3354c74a254fc7b84061cba33005cab88c409fbd3738ff67ce23c41ebef46c7a61610f5b93fa92a5bda9569":"e815a9a4e4887be014635e97958341e0519314b3a3289e1835121b153b462272b0aca418be96d60e5ab355d3eb463697c0191eb522b60b8463d89f4c3f1bf142" + +SHA3_512 short #51 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_512:"6aa0886777e99c9acd5f1db6e12bda59a807f92411ae99c9d490b5656acb4b115c57beb3c1807a1b029ad64be1f03e15bafd91ec":"241f2ebaf7ad09e173b184244e69acd7ebc94774d0fa3902cbf267d4806063b044131bcf4af4cf180eb7bd4e7960ce5fe3dc6aebfc6b90eec461f414f79a67d9" + +SHA3_512 short #52 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_512:"6a06092a3cd221ae86b286b31f326248270472c5ea510cb9064d6024d10efee7f59e98785d4f09da554e97cdec7b75429d788c112f":"d14a1a47f2bef9e0d4b3e90a6be9ab5893e1110b12db38d33ffb9a61e1661aecc4ea100839cfee58a1c5aff72915c14170dd99e13f71b0a5fc1985bf43415cb0" + +SHA3_512 short #53 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_512:"dfc3fa61f7fffc7c88ed90e51dfc39a4f288b50d58ac83385b58a3b2a3a39d729862c40fcaf9bc308f713a43eecb0b72bb9458d204ba":"947bc873dc41df195f8045deb6ea1b840f633917e79c70a88d38b8862197dc2ab0cc6314e974fb5ba7e1703b22b1309e37bd430879056bdc166573075a9c5e04" + +SHA3_512 short #54 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_512:"52958b1ff0049efa5d050ab381ec99732e554dcd03725da991a37a80bd4756cf65d367c54721e93f1e0a22f70d36e9f841336956d3c523":"9cc5aad0f529f4bac491d733537b69c8ec700fe38ab423d815e0927c8657f9cb8f4207762d816ab697580122066bc2b68f4177335d0a6e9081540779e572c41f" + +SHA3_512 short #55 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_512:"302fa84fdaa82081b1192b847b81ddea10a9f05a0f04138fd1da84a39ba5e18e18bc3cea062e6df92ff1ace89b3c5f55043130108abf631e":"8c8eaae9a445643a37df34cfa6a7f09deccab2a222c421d2fc574bbc5641e504354391e81eb5130280b1226812556d474e951bb78dbdd9b77d19f647e2e7d7be" + +SHA3_512 short #56 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_512:"b82f500d6bc2dddcdc162d46cbfaa5ae64025d5c1cd72472dcd2c42161c9871ce329f94df445f0c8aceecafd0344f6317ecbb62f0ec2223a35":"55c69d7accd179d5d9fcc522f794e7af5f0eec7198ffa39f80fb55b866c0857ff3e7aeef33e130d9c74ef90606ca821d20b7608b12e6e561f9e6c7122ace3db0" + +SHA3_512 short #57 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_512:"86da9107ca3e16a2b58950e656a15c085b88033e79313e2c0f92f99f06fa187efba5b8fea08eb7145f8476304180dd280f36a072b7eac197f085":"0d3b1a0459b4eca801e0737ff9ea4a12b9a483a73a8a92742a93c297b7149326bd92c1643c8177c8924482ab3bbd916c417580cc75d3d3ae096de531bc5dc355" + +SHA3_512 short #58 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_512:"141a6eafe157053e780ac7a57b97990616ce1759ed132cb453bcdfcabdbb70b3767da4eb94125d9c2a8d6d20bfaeacc1ffbe49c4b1bb5da7e9b5c6":"bdbdd5b94cdc89466e7670c63ba6a55b58294e93b351261a5457bf5a40f1b5b2e0acc7fceb1bfb4c8872777eeeaff7927fd3635ca18c996d870bf86b12b89ba5" + +SHA3_512 short #59 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_512:"6e0c65ee0943e34d9bbd27a8547690f2291f5a86d713c2be258e6ac16919fe9c4d491895d3a961bb97f5fac255891a0eaa18f80e1fa1ebcb639fcfc1":"39ebb992b8d39daae973e3813a50e9e79a67d8458a6f17f97a6dd30dd7d11d95701a11129ffeaf7d45781b21cac0c4c034e389d7590df5beeb9805072d0183b9" + +SHA3_512 short #60 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_512:"57780b1c79e67fc3beaabead4a67a8cc98b83fa7647eae50c8798b96a516597b448851e93d1a62a098c4767333fcf7b463ce91edde2f3ad0d98f70716d":"3ef36c3effad6eb5ad2d0a67780f80d1b90efcb74db20410c2261a3ab0f784429df874814748dc1b6efaab3d06dd0a41ba54fce59b67d45838eaa4aa1fadfa0f" + +SHA3_512 short #61 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_512:"bcc9849da4091d0edfe908e7c3386b0cadadb2859829c9dfee3d8ecf9dec86196eb2ceb093c5551f7e9a4927faabcfaa7478f7c899cbef4727417738fc06":"1fcd8a2c7b4fd98fcdc5fa665bab49bde3f9f556aa66b3646638f5a2d3806192f8a33145d8d0c535c85adff3cc0ea3c2715b33cec9f8886e9f4377b3632e9055" + +SHA3_512 short #62 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_512:"05a32829642ed4808d6554d16b9b8023353ce65a935d126602970dba791623004dede90b52ac7f0d4335130a63cba68c656c139989614de20913e83db320db":"49d8747bb53ddde6d1485965208670d1130bf35619d7506a2f2040d1129fcf0320207e5b36fea083e84ffc98755e691ad8bd5dc66f8972cb9857389344e11aad" + +SHA3_512 short #63 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_512:"56ac4f6845a451dac3e8886f97f7024b64b1b1e9c5181c059b5755b9a6042be653a2a0d5d56a9e1e774be5c9312f48b4798019345beae2ffcc63554a3c69862e":"5fde5c57a31febb98061f27e4506fa5c245506336ee90d595c91d791a5975c712b3ab9b3b5868f941db0aeb4c6d2837c4447442f8402e0e150a9dc0ef178dca8" + +SHA3_512 short #64 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_512:"8a229f8d0294fe90d4cc8c875460d5d623f93287f905a999a2ab0f9a47046f78ef88b09445c671189c59388b3017cca2af8bdf59f8a6f04322b1701ec08624ab63":"16b0fd239cc632842c443e1b92d286dd519cfc616a41f2456dd5cddebd10703c3e9cb669004b7f169bb4f99f350ec96904b0e8dd4de8e6be9953dc892c65099f" + +SHA3_512 short #65 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_512:"87d6aa9979025b2437ea8159ea1d3e5d6f17f0a5b913b56970212f56de7884840c0da9a72865e1892aa780b8b8f5f57b46fc070b81ca5f00eee0470ace89b1e1466a":"d816acf1797decfe34f4cc49e52aa505cc59bd17fe69dc9543fad82e9cf96298183021f704054d3d06adde2bf54e82a090a57b239e88daa04cb76c4fc9127843" + +SHA3_512 short #66 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_512:"0823616ab87e4904308628c2226e721bb4169b7d34e8744a0700b721e38fe05e3f813fe4075d4c1a936d3a33da20cfb3e3ac722e7df7865330b8f62a73d9119a1f2199":"e1da6be4403a4fd784c59be4e71c658a78bb8c5d7d571c5e816fbb3e218a4162f62de1c285f3779781cb5506e29c94e1b7c7d65af2aa71ea5c96d9585b5e45d5" + +SHA3_512 short #67 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_512:"7d2d913c2460c09898b20366ae34775b1564f10edea49c073cebe41989bb93f38a533af1f425d3382f8aa40159b567358ee5a73b67df6d0dc09c1c92bf3f9a28124ab07f":"3aa1e19a52b86cf414d977768bb535b7e5817117d436b4425ec8d775e8cb0e0b538072213884c7ff1bb9ca9984c82d65cb0115cc07332b0ea903e3b38650e88e" + +SHA3_512 short #68 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_512:"fca5f68fd2d3a52187b349a8d2726b608fccea7db42e906b8718e85a0ec654fac70f5a839a8d3ff90cfed7aeb5ea9b08f487fc84e1d9f7fb831dea254468a65ba18cc5a126":"2c74f846ecc722ea4a1eb1162e231b6903291fffa95dd5e1d17dbc2c2be7dfe549a80dd34487d714130ddc9924aed904ad55f49c91c80ceb05c0c034dae0a0a4" + +SHA3_512 short #69 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_512:"881ff70ca34a3e1a0e864fd2615ca2a0e63def254e688c37a20ef6297cb3ae4c76d746b5e3d6bb41bd0d05d7df3eeded74351f4eb0ac801abe6dc10ef9b635055ee1dfbf4144":"9a10a7ce23c0497fe8783927f833232ae664f1e1b91302266b6ace25a9c253d1ecab1aaaa62f865469480b2145ed0e489ae3f3f9f7e6da27492c81b07e606fb6" + +SHA3_512 short #70 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_512:"b0de0430c200d74bf41ea0c92f8f28e11b68006a884e0d4b0d884533ee58b38a438cc1a75750b6434f467e2d0cd9aa4052ceb793291b93ef83fd5d8620456ce1aff2941b3605a4":"9e9e469ca9226cd012f5c9cc39c96adc22f420030fcee305a0ed27974e3c802701603dac873ae4476e9c3d57e55524483fc01adaef87daa9e304078c59802757" + +SHA3_512 short #71 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3:MBEDTLS_SHA3_512:"0ce9f8c3a990c268f34efd9befdb0f7c4ef8466cfdb01171f8de70dc5fefa92acbe93d29e2ac1a5c2979129f1ab08c0e77de7924ddf68a209cdfa0adc62f85c18637d9c6b33f4ff8":"b018a20fcf831dde290e4fb18c56342efe138472cbe142da6b77eea4fce52588c04c808eb32912faa345245a850346faec46c3a16d39bd2e1ddb1816bc57d2da" + +SHA3_224 long #0 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3_multi:MBEDTLS_SHA3_224:"31c82d71785b7ca6b651cb6c8c9ad5e2aceb0b0633c088d33aa247ada7a594ff4936c023251319820a9b19fc6c48de8a6f7ada214176ccdaadaeef51ed43714ac0c8269bbd497e46e78bb5e58196494b2471b1680e2d4c6dbd249831bd83a4d3be06c8a2e903933974aa05ee748bfe6ef359f7a143edf0d4918da916bd6f15e26a790cff514b40a5da7f72e1ed2fe63a05b8149587bea05653718cc8980eadbfeca85b7c9c286dd040936585938be7f98219700c83a9443c2856a80ff46852b26d1b1edf72a30203cf6c44a10fa6eaf1920173cedfb5c4cf3ac665b37a86ed02155bbbf17dc2e786af9478fe0889d86c5bfa85a242eb0854b1482b7bd16f67f80bef9c7a628f05a107936a64273a97b0088b0e515451f916b5656230a12ba6dc78":"aab23c9e7fb9d7dacefdfd0b1ae85ab1374abff7c4e3f7556ecae412" + +SHA3_224 long #2 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3_multi:MBEDTLS_SHA3_224:"ab4f9d765085ccb474be6e2369568292532f6fa4dd9c50d02a7d8fab0fabb56a7f9680a2462c3753fafd3a252f9dddf1eb4a76835acfb59fc2a83441b8674f2995573697245e40549d2883f1d781a153b903e470f2f28e53e9646a66f7a5a7f0d5d9e6dd50e392be44867010c7ca77c1a5a2e1f00dcb82f589f759a1332b65c62766b9fa3483d399d7602a0969400642976e948d13243a8b89aa287ad5c230b47344d7783606aced3dfed86424abf7de77b026ce6cc35d20d1c500794332b0c1a1bc67dfc033c4c360a8a3aa5fd2f19d2db1bf3b807094b949900827e6438ef5991692b539d3c42227a6b362847e9d88a1b6855db7f58760d953690b26bd7258439a7f8409ae53137a3f2f14fa77a2a6bc0aa3bb7a19dd1c69554aae6c6703f3879057d3978c1a9d41bd3f492985aa0064f43fde2fa33ff6e1dfd4961e0aeacd4e3f412b4d35c0c864660d8779705a9c82bb824c405c54f429392e4da66ecfee7ef066139270ee9ccc83be5952ff5c84ffa8938f130cc52129ab825b6a5b585f01ebed13ce074c225f5b7d441cfc58c0c1039a2f127b3982ca7df546d4993027bd78ffb36ac08161063870d23f2df556b214":"d61f04985026eee29d0f9700f8c5aea32ec2c23b1a9357edeb2be20c" + +SHA3_224 long #4 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3_multi:MBEDTLS_SHA3_224:"1050e9023d6cef2477171a5af4875e12763dc68568ce1d9629e9eefda896b0a431bc3a5186e67d86324671a61afb5058558f03303dc4d98dc6907fbd0f662d6837b71d2b72b941835c6735ed8dc9734b6d75c68a49560182a7acf01dd7548fbccb4a7ad6296ca5e29d804d7874792eb367f6f7d9b40cfb3e7445296528e83e69957b399bd2870f6d9f9ba18ff893eb57ea1a7e66a66e3089d46412dd29aba2373c5442c29592e9ea07bf197941a011009fea43794605082a6f0f93cd032423ed69dd7d939b169a2280f59d80762808762d6d2e5abc58ecebee51947cdddc2a55c31dd3560c9b8addb04415eabfb137813eac285031ef4292f92ffd33e0591d35f31c2a5210a721e33fb4690045c508e977ad17a4cd5373e837b3b63a34256656a0e26cd0cdc4c7fbd64d810a30ebe275827ae59fb70be8b551e4a7d900c86b8073787f186e79e4ef1d184550a8ac2def071b7886189f08c1eecab9586cc8967a13e54d72194ee085bb1c9e19d48e521dad96baa417983ad3b76ed2fea2af4e0e2a31bc26f7cc2386596172afdc1bb7c71df59140dd7de8b554d7db14c704fa025d65b67b2f7a15b99ef0ab58e9dbc5b7ff40e7a191d6792d6c0dbde20650041f568722bae9e11fe833d02f5d2355e4b4fa7da3105c2c5504a7195eb0851ad32dbda2e72c4f87a7d9bf09e806b1117d85b6b6add56605e402af02a8c66ceacff439bbef1686f61755eba4bc9abb97f6f3dcf2ed38d6ec8dee29d0826be448603b73dc21c3b9b6d5245fa895636b70b9c6143a4b81d466bb91c08cd3e915bdeecc130c65":"5c029633dfd4cd9b6ce97e1d20783a41cd2235b03c38832b90f759ee" + +SHA3_224 long #6 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3_multi:MBEDTLS_SHA3_224:"a63ebf8f97c6529298e4d4b573ca01d65d6758837bdec40fa4367ce56953281d5225454d6b1fcaa2ffeb0c2fa45cdf8477a4fe83a9c7ad6f3b4f9c4605420f51fd513cf9b652f4dc27f08620aea1e10755d9f8c4537e6b8ed69b63f2ff58bd6d2e2a6c3a81471869975d0b319a834e877c700fef80ea4693fd8299925f7f7c9a6e189cb9d3e67e70d798630a6fe9702b76cf0bac39f588a6386c05cd2b9e92004483961eb4176e1a700b565235ba8d1cc960b4a2858677f110c1704c6d9c48c638d320102cc22f8fe91cacb1f4e0ee820089d27a6c865d990ce9a2b72c63e615d270033744cf0af6ca352cd1b542db84a0b42cdcf6db80c9b54d63b571dab4149bc2073c032647779cbda0577fc89b4a33488b6e2c6e29a791537bee43e9faec1a32f3c772af2e3ce61cceee5b5a78fd41adb7db15279f5b2a64b10baa78ffc4d726917f9753066a30b97e3c50e0b8c5504a78c9b9ee2c0e08e9ceb4ae6f0cc55b07a70d7cf8192c03fe7ae96642a4c9ea8996e121ac16e8b1489b9058b669162d3efe182987ada8e552899ea568843296d1d8ca5447a610afebdd48af365ee1d6315e49a4e90b06611d7203163ba027dd8b072c5aa924af8a385f83bbd5334bdc4a8e48f7047b6ffcc8febfc0a13fd1451debb13cb8d8ecc899e8ea857c2f7ec9f058bc2ac2440b40b9f57bac83ab5858f04cff015e09f0f3753f2514149ba2248a824e430ab001b4591fdee0ca2ae39e6cf2beb18201e292332ddb7183bfde7682d5a54cc3057ae0104391665c059a9ef9a597550c06eb2e3d7ab4a2b3e35b463f196a4cd78c9d4d472b3b462384a6e0002c31f4e361334efaee5ab18a4f411c2916444c2d8d9382649d858606ee2fece7503696f15ae17ad25072a5f24ab780a893dc53ad508307d1621630ec8d5c4b18d94b431d381e3b2d6aa787d21ee5fb245ad9693f1c9665f442984bbfa75684f98f1a044f45111773029e5e1111f4140531e496cb3bf3233704b0e06685451ff4394b":"c09d926eaef34cfacc701434da80c340337ba48e8b044b1a60da9cda" + +SHA3_224 long #8 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3_multi:MBEDTLS_SHA3_224:"0f625082eaee9f064f2501022e4d7df85310de128b17fd5a08db3e2d06b85dedaf446bf73cde13d55e8a22b4dcfc47187df216ce28c753234a456e5378bc4a4456504274b7976e3005642208e4ddb87f12d490079154542c0979810f68852316cb31e0e2a14137810d5b0ae58d195a95da5d53a30fe588de0c1f7f481d3e70cbd78d4a274303f72f3f18e13520d8b5c39c36678ce8a276a11dde71e8e00dbacb420d8a2de50635a26143afdfe5414f6f2206d4a864b4a6de025e5ed6f91a877dd458a6dacf7279423b847dcb247db2033276a2e1cd43a0fb84484efab08e624b5417a918486e4c77978152e125b366e5952eda1d6976ed626b44493c4c91d09c8cf198ce992234a93be536092f0cf17f13d58446827614797ff95884174a5bd9428f7de40bb7bb40f056312b8cb0dd377313a6435e6b9daa881082ba57e28a683f985f41e45569a47e7c4c2f82c6b2777f924afc457c115c4d30d0c65581e5b24bb547cf6c23c53dad018efd5a77f6a6fdf7775981d1f6f697024890594df51f2d8e3c75ed4a5774458a007d5cea332bb6ed36425993d7e22e2ef501ab714118afca461badf2a7af0dc2a898cf48f070721a8e9f14ea3987da5bdcff9213520397116da9f5413e57ce4e9034fdb8b6dcf8268758fbfda64d63310773585cae49ae0dba080d62a3d550d9c03a2c630cd712ba295556f5a59c905a7d464373df53bc64341e3d7b5e8f5b093e93a5707ac9867e7d7f6df9bfdc2a7b465e9c806d8889bee4d4cdb5f8efb7861425b008881a1d198abc87327a75f93f6ba5aaadde4fdcc4d0130437f85c2bf94ada9453bf339f3458f5edc861d0c54bf302b720bc127f1d02c12c2ae63e810ae6999b78a67ad476f013e8e2f953564ae65c09018e38387282c78bb54bfc7f60f2490ba0c658848859fcbea8cc6774e24c9de979dd29d06b560e6901ad00eea475d42df2a53676119b9ab7436175e6bb2eac9fb0304c0faf887d103597b1957d78214997cd7a73babfd31ddb40e3757e937173cd0f0bbce720fbc77a8e773e940218a7b6c68e432bcc913697f21ae9d384d4adf802cda1ba2472d5f81cbaaf901ba18e7816d8ae0bcabb4ca0fe830a6108bd945b92fb84d19ec983d6c8e2b11bcba4480547c27c02c239a51eec859fd12714711b46fb2ed395e8193d1a570cda1b091b84e1b274babbf38938458772cae9c18c63a736676912b7df":"f62851d28512913aff9f697fc17bf46fe4a2548899f29af5d0c412f6" + +SHA3_224 long #10 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3_multi:MBEDTLS_SHA3_224:"b7b8ac96733943c648cf833e75ca4dee7bb6cce48130fbbff6f96867784937fbf566690b10745f08c68f99f85117c46e4c4bf4ba191a2e5d803529c098695525eb2c1dddd57669bb2dd268ca27b48c3b790dd6a1bd1d53611788e76317ad490ee1334f748be46cc9c6bf771ac148ad3b4a23fa0237e174b2041a28babdbc1aa01ea28738fa696d19d97f4e51e57c305807b6e8434d0f983a8f12772c523fd0c1eca24e91e9ab7693ae3975d85cf81c79f7ed29cec84fc8e0ff9959219ddd745b915b2ae721528e1f8c167515ee63798663f144096f480b8c9ed65801673f0d5556f4a6a26b07bea5bd3ed4726266506693e9c15e0ca36926b2f2fb35780ca3978396472a8d720d0d87d81d5682a8a803cffe29346507ea978414ca2398ed3f09606897e74f3a833f330cd52914d289445f5802f2441d97c55c654e348f8ae79335931d427b07282408048652e18bfb118a1ed7026f8d7799820d0ed0248aa61d493e61a1d78305a250e5b73bb17c07529a792dcbaefe92fb3d3393602196818fe592ec6d2d5421a251daf14b4c4cb4efd5908eb5cb19f1d4d6ff634a4c5582d151b7450f4322840d5508bbea79a40bd1848c81288c859b0a959a08f86d70b0cbd5d4f4ede19637c9a29a9d80022c12deee948f8cbbea9887c22c0ad04e8e1366b9118271d15741c080b61f75ad8bd3ff5dd13e491ef2f131a5dcef3cb658b48844977602da0eaad83985ca32436a561d176a19c77e43adf286d341a36c759a1abf8e5807c3637bfb142e251d8b70a11e6588a56fa285d4b1ac39876d398ecd05721eb1ea55fdbb1058d9b99f4f46beec8f536ca754616f5660354a01e54b562fa56d0712588572ff4eb00c215593b56dddf2f5d85a7e85c8eaef11c938533c82a0a6e5e794a2a8b03ed8a80966008c8b978ec86b7d861ef19290642cfa4f87e5aaefd0d1d0fd660a6f7c15c04a354d2c044e6ec6851e42b8a040cb92f2e6403f0d705238d63eb3f72bc2d9afc9d9003a6d5b6e533af0fa055b26cf63e9c16e7a0f53f2846c0c985fb8d27e3dab94ab9c1adc507964a44dc00c6bf708a788197df9bd391d5b0f1c285fd58cd1b710583a53fa9d9fcae244d2fb36cce7f4e2493013d8ad6c6af0473b68f389d5b6f20efc60dddc2f3551e62170b0d5699877077ba4ccd8d7635721801b53ffb071e5d6ca88ac95906d993b96b3019af65af05a46f6c142c70cebb3dfc01e75caad8fb78c1590502a3a634b190b50a3f703f54b794fde71a52f5504419e7b748b3598b92a4db0966564571f93c2c579d25b2de1fcf84befd7923d1c8cfe93835bd0a9e48c7935eea9b21cbeea1e8aa3f12a4124b7393144c7fe4904aa288e2aa2456a419be046e15eed5b300868c4a9ba38d81c9359b8f6db3a24c3816493f1c85d82d73dcc0cf6ecddbb":"e93d038156082ba508def0a26ea9172930f546dbec5b5652928a28c7" + +SHA3_224 long #12 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3_multi:MBEDTLS_SHA3_224:"b7174dd7242f30f5bcd81cb23c6f52617ff1290845b0f8b4344b36101cdce0367f731bc551c41b34fc1c4366a79a8e7eb89b2df4977672e9b56aecb7ced4d4cd6ba5a7baaa14158741901a4ac1f96bf8180f137b5a2b5e04c12df6a3f2b54c15819639ddb887e696941ce98711f5b078a73623c4153685b05d7c9bfb10e711b6cb2c195602865508fca8f7441ff727a56ef6a5f85001af93933f25e8b0d2eb5951508f4e10772b85821c8daa746596287438e03e94f3a3556a5eda915bdea1a61aebe2ed6bc330b72d60f3e197a8c6a8c2e51dbf67742b9febc1031f9873fd442ee35b5a9ad32c43055d711010297fce5ee3a4a254ec0d191c50e7b9f0f9c5dc952242be250ee7d412f94f5f684f8842521cbd10e0c3126a07f4d088ead8c215578edf4095db28105d1dd4f72681ababa676b0319562023ab49304b30e78bc987d11790971a4b99fedb24900d229aeb160dbc42cfa2fa5332916cc63e4417b0c0f92594041d0602aca9ef6a1f5ae5afd8a32422a9793c3fb706670c0f59cc61a13f8c80e8ec7e659fdcb2303167877372b637252f5f7233a916938f1c8ef666a932d0c9bdef013d38d1f184ebdefcd074c559ccd9bc18e9992096c1fe5a324a396186d0ebcb5ae4182841ca9727b2313f4f208c2115bccbf7d2d5371d521c66d25a1358fad7d814ae5e1793cbe8443062b21fe5ae02ba55659bd36101fd0147247b0aa483bb15297bd1d75302872f386f9cac5bd8f9be1032fa05d234b17d857042d165eedb7eacf122259ad39adfc3b67d5a612a611477006c010d3e260d8c76400bffc4bf8119becd76dda779d26cf7c2be981aef7a045e60497486b12dd687012ee48dedc8ea35424f8e06caa38e741b2d6342eb4b429d85439a96e94afe22f49ea6a2dcc2b8e51f144e7a03dfc2ebc53b450aeb04bc5e298401e735016deaa8efd8bc12eae05ec2697169abc3849f7f7cd00b6532dc10fb8f2d103adda04e7ca6dd3206be0af2cac3a95e291b5e3fa84676acf0521c4649d98e7a513c2fbf0e38369d4ec89351969758d00223ba2cbe4cbb6802ef176eb2d798be2ea986ccdc387766518713ebb468f267cd9922e74fd410d52366381ab51dfe3419b22fe8450c12159565f731b2bd287df1d8130fdb91097cc85408aacf210174a8c295a1f7478933a101d7b400184d9b155d1506cfe827b76834f3cf7f6555085267427a515f6f38fad710032aeee4378eb4a35cbb6dde2d8995a3c9347f6b67bd1cd0e1f1d816ae19524a7fa1c58eebe46b48821c86af37b2d273588cb3b70b3f6fab794736220b72ffe1a9f3109010aced7f0771c71d7e6a980cddf6c6ca7b5fbc4c90cffe13c99e5c60129d74ba5e5eb7b16d49a3ab5a1732bac9f10d0820a4af3ed90a945e70f1e4603a1f56402d60567a1402a0cb635f5f07bd0a1b02a39494fca2659d848a24344c90e739d3f6584643ac4b43102299599e27a0654c6ca629f09d9f7e088d9ba89fb78383e851ad03a896620efc005bdec88a627047f46fcad51ae6ba6ce3decdd40e72e8ffb7e51b13530568f1852d4b3165cec087d347e3f4baf9d724355410740643cd8ca187090e72a3e58339642b433a23da7e71c521e9ee3768c0ea922d1":"b5151a41c59cc98cab7b493dae476f5a2d8b6dd9fd8ff982eca3907f" + +SHA3_224 long #14 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3_multi:MBEDTLS_SHA3_224:"a51ee3b7c42fae9e771e085d14fb8eacc2653931db58e1f79547ff1de26bb7cb945a166ac5db981576f9ed4a7656fce686c22950ba0cd3f4221821f3aa32ff183fa2630f3381d5d1e3cb2e6397b5a0c0a940f614ea0e1d2a4174e42895d2007aed1f530cd6c86ebc06bb540f3ebe802275062ae43205c7833a83cf246bf0c2d7e8f96dca76596abd26f2e6b5351ca6f5303d4c2a5b9ad7e6546c6a4ff4374e19765739b1dbdbd1bb8c976cbf42751a1f230ce54d2e74573ad8583d12f74cab26e061402accf7aba081d36e942e72e28a969c7cb5703c4e690e6ed1d33edae1e86e41099b135501534bce759cc0ba081cd01499caec99c55a3ed7adfb8f87f945671c1d6d769cdabc32af083fc2f694bf1b9dc5f36934c3f5b0ba59f3b3fbfa27151d0209be753fc3809fb0e5facd8c5abd5f869baeb45022ac405e2272dfec75be6942d5b38737507bc5f4f632e8fad5ff81672784c274c9799143ef93dbd817ab2b653b1c7bca4b6d4a5cda30eee518292ced00b30638d260d490c4e096c5f42489f1a2c2f8009c9c5570f9bd88560a8387a28e0327a325a932ce081fb9bbf670ab70726ea7e22b510fb9bca05e549555bb0d393ccebeab9cd2842219ebc204d9ba6912e62f77e0d39fbe89a317e7a0e6efb66a25a2904a80dd3a7c96d5e306a5de65ecf23ac8a46c2e07c98c5b17147f4c2687874c21eb9f7a787d5e1f25e51d3eeb675c6ddb5d62e41de524d4edd768fae4fa2a7379773fd2c78d38709187890383ebeb72baf5fee88743332870d2e9207829d6c0a1d4a90cae14ed702dd53154b5e066f16d528863cd4d81ffa9ed4ae66b7e53daa0ec2551b67a46c803b75c5a0aaf9691fa5e487c786ad5029e11d275445f686b7ea5fac9652808201b16543d09be43fb6bff855c0f01f8d85924caf58b36df1843e9729b4684fe1f7bd85f243b7634d7c81f892a1a7cb32ae20f7a8ec96a7e8bf89fd3f0def7ef6e2de7c637263f33cc17a59a0f2242cca03fbb2a6684630e6ca5af66efb7eaa2b53929d1a05482068262790133aebb0be17a0f22a847895662500073c158c3e09ba588c7844da576a2b08306bd464f3a969bf2a97a97442016037c428d49ec71c87bebf20e97124bd40aabf0d672661f66a84e0904fefc3230c50a1a7c13cb1de5c3399863bc2f4dbf77d909a5bb6884faab0a886f031955579f9245b63dcaac9a835c02ae4466440cfff59753a8bd2ff9ab0e6fe32f03513397fd09624f4fe58ec53b7815b51ef762aae7e307c2cde80cb14206870822ee6db831afa8d1c4916a90be41c099be2f6a819735ea8f0179dbc48e948418dff4ad07177eb14c9078d5edcda7d877b0b4cc8bedd52499bfa90decda6302e7a02a9a8e97c0a5481b6278e250f085d85b4e2fd0d20adc68703f4b310eb928fbce59dd549abbac4bcd17fa7a2f65ee4327c53b592c1d3a827d043c9c12df1eded2491e6106b9ecdf0e5e05ba524e3c407ce0992de55667714cc08934ce1d0d1812c204bec500908b46013eaca2f39657c268f154e3fd8bbd473ad9022aba1d2ff88c3772bdd8bed8ddc64f57059b25116126ead7105acdecd53cd50c0f0075adeb6e6085d88b9e4c3b76e0c3649011f5c1df2dbd52b556885d8c255c63353e1a52322700fc605a71c8d998f9a818818c4b5e620e93554e1949f370fa10a29ffc979e33ea139e17cfedb62000b77c9d5c656a30d3ba83dc2500395eecfc8fc1dd217b2d4b048e00ec10d61fe07b048fef78ca3f13af872836ea26983c1143cb445890bc2bb7783a529b023ea2dbf77ccded4738d65aa95bd36f82c6f23508e6baa4a7899314":"92219c95e8983ffddcd73fc9669ddf1085eb87fdc3f2a8b707fee881" + +SHA3_224 long #16 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3_multi:MBEDTLS_SHA3_224:"11964921b3db3564118a0f62b02225c3e7b21e1e40a6836d20e17ebeab0ce12be22d690b0e7b456a6271d2b7dc21a9bd6ccbdbd558ae7b59df1e5d5b1dd71e972e9164a796d46776e00eb1f786e3221711c436f081c38b3fefa59d187139d4d83ee9c25c138fa570d58a348a771098b91ec5b8d8838db907999fc55c71dc0cd55a5e09914c530740870ce3d97751138bdbf8e7f526b60f9925345e8ee365ce76ca18c3b00ac994cf3fbd474a4e4e9c748f834eaf32e395dddb8bef18907f20a3d53e77201599540344c4e746c3ae3a5f848e726f6ebe52bc03cd006140d00c44c4f8ae49356a4fc5e04a4b369f19f6310042dd9ba3ef4e1ce4211ad1ba009941df70ef9332e48efe5977fc80aa39d7d34cc6169d991e91e7c7b0c4d0c8b8cf826ecbc266d3b01894f872818eacb3e52db043a5db18f22403f4a286c630a0b7f0b934af2ae176f571056462c66d32282773e113bfe8130e5ab31ee81bbb5f587108d13f4725dd2e7bc8742892b45ca9aadfc7e6afd02a57d24c4c7337319ebbeea2caf925648eca9c88cb5a594bd96f9c3a1ea9159adf08550655ae835a04e650d048662c6931d1bb8f908082f85282e7cd0de1580cd927ca2b612165fe3ae37dda730cc5fb6d4cbf23ec2377846feb71e0bd18e0efc1bf1801975546e4e7ba5f08727556e1ea42928d07ca9fb7d7b124bb56d5150a3ed529d120d18fd5b471dda16e2949e451bb1b1508fd625833dce6a5ffa15f27f973e4e2241da6994812deef8eae04cc4abf4202184428312a75a1e8e003260c99a0317ecac2f5f84da44c38fb8ef1617c57ef9e5e28590865823cca2283d282c765f8eb3a47e2ba68300ec5dc51766a908a0a2f03305da68b0e9f94eda9cb512bc921729d34d7a643bd0cde5a7dfdb12d617bfe2ee59dd3451eb28d68fe79416cd4955b1b123b8586532ecb9d9cedfcfce22a5308cd7f563bbc5dffbc09451a338e3aeedb68761fd9fa5cd3cc35ae14a5170076b9726cf914ef8830105295a32700f97306bef03ce2bb7e3f0fd1a8c1cf08e3ae685ccd8279c01b698d62d2a5f131bb31c39d10a44c9d7c5790f743ca22bcbc443d1108ba1135fef25bc065e9382966713b8b401ebda93e63742fe7f9483b7480611b876985591913a1f4b434a5f1e37b9512e874dde6acabe602fc14e68df1aafc02b0577c31541488872951e0901b97faba6e6c565caf770cf6eae4a7bb1d0a354ced4b9fc7983c37002b06900ef50d920a3bcfcd132d0e0e95193130cbdfe83583a50f9622cbd5d6e7211d5d745824848ab764ed140fb91567f1c32cc81e8b242e3f69084ad7258fc5755cf1c92e25f9c24af55b663ec049f3db6141b7c43c29d625229d48a27588218e8cf1155e58183b5d48c211a16bd1c13dd517a2b8436c02be02fe23160ce983d4750860d0050a7c5627c81e1f01d55980e55790e2e8163a72d0d3e31a34db73afdedcb36c74f60d9f581594a2cc7f440d5aa98a2a734f07a956c3919533867a879015151aed05779ea3527b1112f5094bfbb497782b3eefcb5a77337152111fc4545c8fc2b75f41bdd227db531c5f30a19221bfb4590c7c40a597d495d9a4ebcef059284c1b2bf363ab3bbd5232e64179e5970ac645e03671ffca79e91069650e2cb3e8a0619216f7f83728f59cb2c53abebf819637e3a4c42fb82c553e8515ead212d7a6d1bb31e37fc22524a1ea444be3412b0d773d4ea2ff0af4c1ad2383cba820fe47b2cecc8e0985bbc78ab644161cc411114c15bc743568da15a369381a788264694ef56f605d28f2c79f3f4f0233f0398b009377a09a79e439697fbb3d08e311f5eb56a3c14552d20a28adec77ee6fad64d9e10690f6e61c15478e949e20e90ed4d219ef1987ab64796d28a4dd17e675822024f1aa11568a9284be4ca38a3c62ec4b67dcd0ecdcaffcb6d7fd9d740097cf1c87c158b27235966a366ab60d8515279d68f14e3c8dbb7c4ae2811dce631d32172ffd01a3e2250a3f1f763e706c306c1243b6fc3f6591df7272b8c6ecb70e9257":"c7ed1c52072e982a7ada5351119d4a03ef04b483c95ed386d054642d" + +SHA3_224 long #18 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3_multi:MBEDTLS_SHA3_224:"6c4688c2c4a18eaa6010b613be6a8935c6494b13fd6bd001fb5892641f4500ba813918da286e377c7efa30fb00ae9c5a3a3f7286f3a3d8daa5be38e8303e9577cec420c84a44061e6dae8d7cbace5fb15b7125925ac9588714125449eb76afe93c2ec81591eba3971774f41e529079410f268dc19aa3fb0e329c100dbab5f419b1c13a48642ab5ef62938d6831bd93123fa7d29a1bfa6679e5a392be04c20c0e16c39be92dcae42e385581e2bf1d542dd43d1ba5469544d0177102e33066a0d0547d16805394da5d8000f81464776599b42e906b813e3b19af4c8905a86958685137d0963e4d3c8422dd198789946d5ec9c25b7335bbf35e957d4fabd393dbddf739f4b255c0b5a905340dc2943d1585f943a145cbd516a6b14c7b5d19abd2372dcaa85d02b4ebd6134dfc4def3805152ef78d6aa95449faeb0035a4e27be47fda33141eadf08612336f0db1004de4164f284469390036612be3a70696c9babce8bd627dbc3d2f664de4687531465b91441cf1cae2a185e3593bf60d9d5efbf63eadb70298638ed84af23621e9ea118cf51bba160bfede885d514d4160025035c44e3e36a92a4a7310e29f3e8f00af124a6fc7d41ee0e7591f6dd229457c618262e71ca0575a0b3c88fcca538d51dc282b5f418c820f4b5d87d7ad4db596d5e400bf7cc90bba7b3d9a87e0e84aa541d8803250c79f53b09c7ed6073519165564861f84372b13407d2fcd08852ec3852931311b0bdd74bf1feab3086ad7c58809dc4f5c74212d02042d146bb3a175512426a4cbe3a4391fedb5b7d773596b17dbeb972d0853d06adb7ea530f90b814dcf47d387d45c6b780ec5279dd805d0a9e2993f1f792bc41f0908c880e0d4b020347d0578686dd2748b044e812245bbe727cf8e59510fd0ca96b5c483ef64ca735bae83c6263f36b96b5873acd880f678b176cd041769be138b6be360ae2497ed4ac39698963a5fefb6abdd45821d47068874454754a054a1ef146b40a57adf370ba5841641c715bf75e4d575a8867736b5b33b4b8f1c5b1dca97a54a5dcf69f8a63a956aae4c1fd1afeba364d3224eb23f19fa3750459a2e24dcd9a75d8cfed9216c13b9653346cc6ca88f398a5993222e90c9342083db7d06cb4f7e2d1766828622442eefe25258b403e11d5693102d8bffef6a853ee4b2774c4ef856da699add4472eed3c30b1e90e4e037be388b7c5d4db50009de7e7480471f3d5f3bceca2cb9e324993c38c60733d5b04ab0cdb7ac64631f34cb716b28a40b74d0a45fb97d6bdff6cab7a3f822d808af82649e85802b41ee8d6d8540774b58c6327ce20fd741b08ced9b125be8bbc15defbac58ee28a96969c2d829b75244e5a0b2b207643239d0f8a504e9761c448e1181b0c7bd969ac3ee9712f232b183759e619e194c7f9eda72a3e1f5595dce46485f039f46eb0c90ffda25581a00d59ea48aeed116eabe97b54cd4c3d8de9df0ebf9f15a0a84736315f29bc5ddcecfe36bb520b963d22d9b490659ff650d47f064d9268288f173bcb976c2c5de89e6c64c66d05cb3e440579666ede29e6860d75b72ffa332b061f052ed56d2ccb0aeb9df267a15778fab4f35f50d27d58e6d08286e0926a85fd2c08abcb46708d17c509c5a8a8e3f32d2f4a0273439baddb1256410cfa75a4e5a8fc96b581d237af40cfc998e116b8c3bfa5d73ff92aed4f1918701af8fb90a4dc0978fde4f9d0b9a618869f1699cea6aa2c671dbbd320292ff19c7455a452241055d70a388e601c3d0b83260d133dbc38093973523e4f519a094c81d81af14b8c0b3e444438f0c24ed148938f2d0eefb361d6aa871282aea28708a94b02750397513213d2a0869220915d50648f4825615fc42b20f7bf2a919458547407e7337a4f3ddfa86d2d74fd744bc354e0f3488c288d5de59710acad57c5ea1dcf4ec37e2fe6108f48ea502ba2995627c8183f7ae7b8a7a0977c1d40f9d6d30c02b29ae816b50e4fd9c70ef342cf70a4f1bdf273c2ce7317a20b6390a114780a491ba2032e3342b0c7cb979d7c75789500ed49c1e15628135ec667e678053fde4c92c2169fe7127abbfed1717a14d8c0a0ad2cab6dd82d5c73b41189a6339152b21ee268915ae7745c69a5b76133f7ed770783788eddecba8ade4ac35226d72c23c8ea422b122a685313fbb65c5b3de62d0236716becccf54b4af8daa46477354997c3ec9599411c4705bcb7901312726ba62dde2d8d35d45d020417":"14123df0afadc8a3142ac07958417877c4ddc5718acee7a8ee44c48d" + +SHA3_224 long #20 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3_multi:MBEDTLS_SHA3_224:"44533d2c876e82db402fbb00a6c2f2cc3487973dfc1674463e81e42a39d9402941f39b5e126bafe864ea1648c0a5be0a912697a87e4f8eabf79cbf130ea8e6f989f3177335e2b0b87d078b843aa378becd69ea596c85f078b9dd67d599976f6343db1b3297da6d93b20f817ebfc408300fd9f8186dc182f4abcd453881adc1af98340e64e15bcdc32b8960fcf51156a880fc29af290a2c69f6f3bf036ff2c525af8458d1ba6ebb8f11fd8fc784914a6e485de6e44968d61dc1d73e000a6f630cb1566141cb191c3e8cf378a7154dcdc98e81958175e3685935022bf5fb2b84aec52f907cbc66d919c3f48263504bc5037af2a04c5484ca657afbecabe92e0e5114994f49345dda68df8715c5dc951c6236376d0e8f52e589b74aebea7d81eb3ec51b0672db050773073599936233b82fe7d8668ecd559f0d15788e795f2b01bd013e1bbd5a66488164857696892b83b1b85df196b796e138bb0c3f2236343a15f088f7f3598886db1eff1596fa876332cf4f78ecf51c9454d18e65abaaa57c90b98302dc7f74a7ca5c2bdc5b5c4f42f8543662592ef09ea7818767dd6585b17485b7a43f75319594469234ac5889074c709817a50a18e97af17eaf800cdcc00a7bab46e5e3c7368105bb8652963f9a764affff98339e5b1449fba45c4ab3919ac4e74e976f3f74dbc12e3816bd78e3be0cf282fa4e89debfb286ae38c4110c6c87f3261bc4a036e8a174b4be753dc96cdbfa089206e259c154a835de25fe19c7ed58343988f263f2ce146012689537c7e29ef92900b0b36356e8a1141382a0f51e9de2bb643de53f7096a6dc3c8812184666bd87e7fbd6ede0cf5ba336a6893c414a9767ff8aa317ae83ede2991e43a732dabc7461cca9a71ce4c9533871bce57ee7ba0702e085c4b0629ced2860b2bccc835eb8162a14d830af54ebbeec2137fefdb5611448738d9fbb1dc59055479f3ce80c1ab01dffca44b86435731da17ce913ef3edec955b9a317d7327a05eb97ab912c64d4ad52c3818862f7fc0e22fa67b2d065076b1391e3fc32fc8e7984ee4107285c2ce3f50c0ea6b4fa04c78dfb9e61c0a03836965d88f596ea73b8fbea25d166cb60c6d1ed149ac406314ecbc5b9a827b51933c465b9876bc6d2ca39d480775078185eccadbbedf9e32badc3a0de0f6d6d516986f09f3c195652b825f479824c2dfbb4cf962a26ba589bec5cd6361ffa9089e1c547619b08639c89a6913979c4b0b1cfc3ee8acd712e291180aee85f37e668a167b3292ca1b45745a6f4e7e41fcae3b88efe026a852d7c26166f1c588a3697b3557a1c784a132cf50c66ac4cc54339751a0ebb865e1d3d320562fc905c4abd1e78e464066c46c3a0c02db0371ee35a104d66dda864c6133e37cfad9116e883ebb73b295e7016c34ea9911a309272ef90114d8f59fff0a75193fe5ae31ed99121f9c59209bc4bd507b1dc12bc89b79ffe4d0df9209762a1730136290cdee58ec828ccc88ebaada0d4bf54c2656b7b1361e9ec448594e5a8ac69c04296bcd323e92b96f375d103cdbcbc4350b2a086f2c1cc3398105e416405b3e4ce09226df78bea6b3947681703c88eefe42b90a0e527e0291c4a5d3e7e85c8eaf5eb7779b3b64d95c58be9afebff1ea1a759a39194990c18f9baf9a39e358e1adec623c0fe723c5bbdc9bb942c6954a0c0c34220a622384656e99b3a6b1beebcb2218e0a81c89f044a8a468e6f0e183658f2d317c4c74cfc5c5da9c98e41d0179885201fe3bf5ed99354f2655cf753a9976cc03c9592318233a08d19aeaf1d74b97941c6cd606122c1b227e09a2beb42a4bb6f58c28acd20023aadf2746cbb1b3d8559c9e7b29027fb294dc8d2b2ca49a8664a32f2b7091ef1b1731c888094544b31d0eed8bdd42f6a43cce5ab95d606caf6b794ce22cec32a8f465e91f38f670b060efe4989138335870cffcedbf9c033f22044fdd20259d25b8d8138cd939ba68b7bc0e11f376c867d76dee28c1ac10ae2ec0b28cf8e26149eb24e24178a3a44497ffe4986263082ae704990b1214f784f83b1f7225b7316df1c8afdd95b8a0cc6837e28c6ca1753a1630a8050f5b3a5c04dfe11d2508700a633006d19eed4278ced0927e8096b21deb8e759748035b8bdb2ba1fe754acfb7c5f771ae12b5fbd232767eef2cd7213eed5a9c422a91cdace1aacc86a51282fe708b6ac38fa75f511976024effd7652582418686458b2327ced9db5622e44c3719686cc27435cf7e0a7bc71e481bd05a40bfbee41753de94e93558ed7d348dfa271af22b4ee5dec17be427fdb418f555bf41bfdc2e90626cd749cfad2287cad0101f955eae3c0fc3f43bbf3db24366a0446413eed9a55127ff83aa15914275216af2c0ece0acd4edfa0f078ed14f96b27693358cc7172d5ee88f62c778293f969e10ff46a4bcc0b7f3ca6b418f91f814dc5":"664b21533bc159c450ba98f77dd81616e6e8843d4eb69f28add3b08c" + +SHA3_224 long #22 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3_multi:MBEDTLS_SHA3_224:"e9acd147a1103f6a34a8c62f199f2d50f1a3c1f90c51f7d72fed5273945787be333ae0ec4087de86f52222bb91db8df8a19fa7b87eef3d9c17924fbef08729436b3ecf2f47089e7d66cb3170d3fa822403c451685b8ccad0f39a62059a1002601a1f67b7bd7ac9770f0bbaf3e6e652fca07b89b2ac0fe4994c6d54f098d85b3ec745702daac7a59b794b87efd28545a9ff2a153e7860d422a873ec26f4c97b04fa18b23816d67b122bf15e0aa0c1a553a83bbeb3c767e2919214f450b6caacdb3b00f4810a8f9204ad6708ec5780b82124144cb9a10c550f8fb83215e4c234eb136500b08dda349888134d3effacc83cfa1f87fa0f3777c329c7701e889b5c5b09af9c6ca89fa7f6435ff4a8a12c1bccb2c2371b18d08ed6e7a97412a93c6c54a646915d62c6344766b2c7d143e8f9f8d56723c7c5bfe36f51c6069a508dacfd7092a62cc33723b37a738c62f0c8ace8ea7514a41decbeb7f086f05e8476637ff1fca581d3dbbc61060c0c02adb47bc57954d25a283f66d64b52f9054ddfdb01b1ea54039b98477a92e40f5a8494adb70a6b2592eea125f3eb90e838b3b05aac37c57d5b22570b25a6635d127c508be52624d5f478f8413656aa869ebfd129a70bf6e6317001518bcbf1bdd19dd05d7854e6a927cd2e03c816069be0782a901bb5e3582c8e7c61d388f6f83ff0fd6b971d1a6ad4f529b3d1b30eefa5e7a4d630bdf69af483b2832666dad6057cbdfc6b0826e0a2f9d39978b32849961225450dac9676325789ffacec051fcb4af9591c9d73d33ae012fde6a0be725a039623db0a2ab28e13eb1c8ca2e09b38609acbd164690b43b2d026430137339ac2e0b9c15d1c17afbebf23ef10d112f5c88698b2e6704f6677f45db65ffb52fe55e94fe82fd36d3e60ed5cfcbf414baa8aa708e8aaf1694b3866ea674172972dc69b2d7807b77ce2025c0fdc36990ffeace3659b38521f99fd0e157f2f04ccd01ddd9a986e300b44aaf684b6fd3f26993824f5f219fd3af8ccd42626b119b78e6096e070eba6e40b63a203b39d9d582435510216d4588212afa064835019221099b045290681cde03248d3fb9d196d47ac52d22ff1cdbe8cad5a18bf936cd3fecf1212eb47298f6b21d13db5851d2ca9a40fad64f9c3b811ceea8a01037a92ff0ba48edd3707f2533723890ade105ef3256fdddd73a236471b38027226ab29bb544e03285d81bd417c27ff212e5acbcc385da9c3e7d101d69b2cc83a87685edbb2f8b7f34100badcf9c5e62300633bdde3be583eddbae16757af2380ab17fb072d8af3676cedafcdb5e68837d99276ce307b3375dec49da255a75d6c1c22c6e6ceecffac65ae65bbb8702b8643514346277c82917157ff2e9ffebc2861ef88219c0723e9b4ada44f0b4d1837c5086cedcfa98db91fdbcdb43d9a89d902e8085f9fc1a747e2503331b5639773e81db76c30ea9b166fb8d0db35650baa87731049e003d2ed7601dc08be9cef6232f9ed6b5228f5d0e957d04c91458cc179fa668766b6ee03f827657c2fde6a2b2d04d6913e49e40e151e95ae5924524660e4d3c03ac041b3f12997370f134ef761a63987fb37aef87c76e6aa93e9a662c2991f9c620b1423e8713ade6622e4ed5548dff591d89bb7a5c88ce8497cd03c298112c5e87dae7b6566161c3df37436915091810916f573187a500f82c518fe1c0474e0d30059e4f070f2969b6e46f99d2815d66ad802535ef6f8c747abc6cd248a0c982c7b5b8612f798f7887ba15f0236339abc050c80fea24cba9f1921d4c87ba392fad5fd885263cee50c02cf9047e4b5760787592280e8168e92f47238903f017945f88712391d5d0830eb16b3f4996111544531606d2f1ceb28250124043eeef316cb414e4e8b0d0afb1ebff091bc0114aa27de624cde277a6a9416beade032a8743672621916a59076831170a7b75b261215a751a55fffe25f29f92e128e9442672164762226ef45a703565bbdf138f093f7d35501196ccc0fcdf19dbbaede66f7745db3f224b1ce9884d4d95cd25f1935b5ab95e67436e08366483331aad6be2d17a6401076b4d651efd5100bc29a4a0038773adfd824c5c2dd4417fbe845f210f387460486c003d82d9f2b5229af2bfd667f6b71ad0024d41b2e72a1d2f2aaa8ee47ed57bb9dfd37257a50b96f676333280a51265b90a4c2074e6baccea78dfef1305c907c126d76beb0a8c9fc8a9bab676113854a9dee9388eb2ba3462a4319e588bc3733e8fb9be2885a0939e07a6b09cddb16e3eea94f884ed90ea1447502b09834d447e74eb078498e028c30a97df794ce628c4d7effeec09e7647bdcbbf3ca8edf020d70fbc673c6e3a5e44cfe81afe16f0ae8015aaa287a261a05dec5a6f000f122680e5c899a91f3b18e295b55955db48b25015588beb0c5a14ec81da33e7c1c3c1aa79dbf5d8cc8d20d3a3eb9bdf44f3fe852711933604e60b3131486fa72b8a591c73fd63109bb6e0dfa092cae67a78fce7f2dea1aeb48fedf5a5ab0b8676ef569f7a36cb9ab440becd35b3cdb0a55f133d1fc69e9d42dc2200840beecdca7a20fb368f15be40b3246709558c85eb31aa5155d27049d655121a777102c34eb41ff8500f2ac467957973c580efaf77752be93d0900fb9983250b26":"6a9a23e09105428915a6b648b3eee2b6a97a3a27ca6973c2eb4f862b" + +SHA3_224 long #24 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3_multi:MBEDTLS_SHA3_224:"662c1cf710b71b5334e7fca1b65bed275331a4959029f443f0069ebb6a3869771ab975ec3735ccc7456d3a768cdd5feac89c029b2285a8cd5f9465125892f311aaf50185ae02cd89ac34f5124be18bbd4c1b67cb78d5c169d746ff352393cbff7ca869cc5d664721cf04d67eddaf992847747c2b7b6066a0c0e6112cb5801ac9fa9954c92dab621818a585c1288fb2b32170e8c61170c0f9833a46fdf4a407f88b926b83041745f4eedea9e316c9fee743d753a1234bf7fc860b43b2ca46bb1396595602ccf41940b878eaed8ea4a44b137167c69a3a32313220b3531ead5da285b8bc4e6b880581e03cf2e67769cc68fa06c93c5c859921ef433ce6d722162dbf744570cb1c3241cdef66d6bb61a0c4615d240b53745553263a8675dfed0e3dac589a6fd2f7c807e75cf1c541d145e9ae3f1e3c654f8e4f3dce3a071d566c59b42b63536a63ee5c964a39bcf104e65f4b745fd57c5d6b9e9ec700a579a5590a3fb447247aa6ccc74280e6c2b341a9ac9ec490e17fe715c7afed7f56db21fcd7b5bcefebe9098bd053c7a1e06fcfb65a11f759655635b452da0860222b137e487e0b03b0a1d453ff31e7121d0df736f10ad4616be98f6fc886df4a1151c306e502692a79894f4bdd44a8e081750151f7f32451fa203d6eb01a3be62c3679bd37aa9e0c5089c29cf1f5d2b31490352ef633afd01be386da9200e4dc7ac07dcac5dc71523c89746dc3aa2c35df44daf675323d87d51ab4dbf69fa2d303d816561701aca44671aee7dccc7f0ce97a3ad0fd58961e30ad0d98655f3d74d0678e89b68215a97429b832c3c493e03a1b9be5150d813c3484da3a67a87c66e8532b8a29c5750ad09ada7500f9305adb0d465d45b9c889ea8762e882e2285154863682f834936f62aa5cd91cd21e21d33a835f15c431af599fefcb407509df1ae6f698ac36397e314285859eb924de2a889a130e96855389b2c70b28cae7b6445db5f5cc322de2454b9ea10e150c39e9e1d2a2b7978b2083a933cfc2478a7ed9d2b9c0e0923841a6abef57f54d9cd9172c743498300dbb4e6d7b3f9755bae0e22c4c2271bd22445d4cc0cddacb9d67bc51c8f03ac7d1cff2e5e7842e5d3e836655b443061bb3927014592b45f6d68ae13716ff24c6a10278f8bfc60fc5df116d34394a2714b3d4eaed019abe3611eb8cc8a689de9343fce7904a2cc3f6652f00b125605c10e9b1d0be0242cef31432c8ebbfb5f1987f664794d1dfd159988725b4beac2e771ed22c6fa24afc95a8069a88ababe43b1fe8a1eb9c07c1553fc1e6254e5724b11ade05e72adad184950f0c88b0943fe6e929fc7ff3ca1c5124854bec1b88c726a57e6410e21cd429a3f625d117988b00a7d260371e5369b70d795bf26e689d3f875a50d111368dea9a63ed4c28de4ff11f8ad5fb64c830eec3481e1d8e1f30628719d1120050843041fd6de12a8f13201afa64b30f52fa5e0e989c56c5d408f86f63efbbf8934264616dac7967d260f75fca144765184d6fb512de8659afab6a05e2b3b53f264eecc25ab2fa25d0bcddb8a1eea0af43b489825deb9393d9a31e123b24e61d3230322c6d884eadb0b23aeb27f8a434fab4143b21cb67bb7a787e5d194b37dcdf719c674e355b479bc777c1053c3c3e66d778a90887e819b9b0f1b0222e90c35498943aa4c10b3ab985fa02e3c25113aea41d94b82600f4bfd5ded1fed7da19ba2d816f183544d031732c766890c9fcfca36cc4d9b09696b46eaf89564efb2738b8cbcc5198f04f2c1975e43db08e41755dcb00142e9145bf04cba0d299dd35f7c2d91af8f2f600d1003e160a2a862a4359a31111a7db4a081e9ade19c2668a1fd21520b44c3e2b49afedd276049bff8e1f5dc077235bedb844840bd4d18070d771e6a82eadb018bbaeece12948b4077d385fd3eeaaf975f7fff1eeaacc122d4726b4780d1d340e5086a10bccfeb88b392b131220459d2cecd5495044bd040a9879e85afaa4b25730be7617072c91d3ea80e047b2fb2f58c050f4f949ab3e4ff2f2e8139d4b123982ded1cf81dc2627b6c02d384fd597429af85ab1629fa7447c1a1d6e9d193cfd6f6f1cf9e3155fcfc87264ae9dd9bd32a354e44037a029315f78ef32a31718ea1ef8be5ed4e02412461eec7144118a6f03ecf86d6fb6ab5dc295c726564b8f4ab7011fc6fd445d3a594d2d49ed85e443e1480001b3e91611cef70b145fbf87636412a7f90549f28d28858ffe403cb5f465f162c5aa425095ab2825c2657be97f4bb4bebe96f7cb54dc517a57e43ee3cbb96e887efdc8423180b07bf811859ee4946eccde5557d1d69c36561e829357100247d8f75384d42d751577800be78dda68c93922ec70ea5d91be8b19c144fa0b6b05bcf7557cefd0b4e17f21faa99dabef4c6d4f034aff2fe27081114a57b304192f9b45abba7963629bfda286d1b89d507fd13041eef995b8d4a0cdc4d76942374ddcaafc465c2eaacc58cc5869c5fab4eacb8c4f63bed73b735117d8c9060eebe7e9eef0267e79b2fbf8671878ab084216c42ad4b1383d92d4fab52e3771b05d8629d93064c98ca2b0453b6e075410238a25d379e14d0fe68005706d289270b7b10432640823aea374a70f001da7597ece544fe6fae7945efdd8103da551951ef1e2c334187629ddcd86ac79c28c2d7c6bbb66c204ed1523d5dd5d48b59669bccd2b52469ea94377464adb7ffeebd245e8c0e0b60847da5c8f7a1f33604932b9cd47a845a1a44599645b62badaac9100cdcd84690cdd2b32b4191da9ae52393d799f8dd72a4f776db12109d45db8b2d5a3491b841b9750cdcb212050a899c66f5a99c9a440922018b4059a7290f5":"c445ddb56fa04b4a181ca4b1e97d2a3d4d561d10560ba6ceeab15fa4" + +SHA3_224 long #26 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3_multi:MBEDTLS_SHA3_224:"d18793d705f8597b71ec1aa00854935f8dbdaf4861d3f9059a2456395427f4ae4c7d7eb0ab7692b41fd7743e30db0401d277ed4736e22093e65581851110dfff239d2a869958e0eb142fc92aaca7e492861fa126a95950440d36da84f5c1afe37f6fff217aa62d67777b812d23c01d5bd43e32ae613f735e3750cafea9444aa3887c6648f46660717144040f3e2f95a4e25b08a7079c702a8b29babad5a19a87654bc5c5afa261512a11b998a4fb36b5d8fe8bd942792ff0324b108120de86d63f65855e5461184fc96a0a8ffd2ce6d5dfb0230cbbdd98f8543e361b3205f5da3d500fdc8bac6db377d75ebef3cb8f4d1ff738071ad0938917889250b41dd1d98896ca06fb8a48c45be11eeb2cde1866bf5e3293065a08eca6b38ee84e2f011c47be1da64d0391cb9e0fb0df50706965e76a79782784df6a274790aaa7426deba3517282291f301067ea7d6208866a95c1a5757e26550049c3ca025f685efd8ec4d6306435e70ddbdff9ed3cfc2a033d72968e6cabd653d1a1c64bcf388b994cd1d5be121c6210742dc46934d3631ca425c52d0c5d0dc14ceac2d3c2c0d2296ef3d78654849822227bd35713353a9d1300bbb824e5043000c5470200a83a953c5163eff41692292feeaf20a1ccb56ed22bff997deac389365bdc405097ccc5fe140161b879570ee1b0df2da63ddf7729cf1936df1550b536d309f57c358fa1fc6339446a55efba81e9ebe5ea33bda1601492f9120eb59b485656894a2b8b127e679401d054631456c05caf345459d2be21f149dd7cfa22b40c4c648321c8fecb4799feb31cba03aa5eb8f54e48baf38c1fbe8d09082534c11c72eeefbe4f4f2c2cd1a4da55fc71c3eb8a1efeb8e8ed1335822f5e5940b8b9af509055ab27ebe93ec25b0fa83245ea8e57920d4ceca6988cc396a4185295e2ec6fb07e9058bc4aa4f68c18bc6367676fa9b843abcd08664b0c2aa3ec64b585fc56b83313eba89687f59dbe3b97be82b707fa677e93fac49be253237e7dffe9068d0e3adfe799170e45f8c9cad634838efabf436c4663f9a4cf79eb75a55b58339d1c5b9a547613627003011329b0b11b09709d1eef2d4e8d5a04c47ae4b118ab0d4860ed3a27d3aafe282ebe971b5687bc733e3b963f0b7f0c5c763543e9729565fc0f7fa2939f0f75ce1773295bb8f99b31ee6c418178a16be9c94dc9ecae192e9f32f993a4bfb95f5c85d9e6591f9a2f127459fadbdc1c0114856b7fa01461ef998f0216417acf433c4098d6fdd592ff7f9aa9c8358117564371366beeec923051ef433252197aaad510590130210893de2605b477adbbf0df565797be7dd77a311963efc0e4e11b8fbdc470d84a247498e114c489a9305951fc750bf9105653a0d70b5571232d1ed20e802ade99102916937f0253bd9d19002b39ce85ed374606efe36d4e1e853b06cc36372b56f13abf04ed76be302ab653ab4ae74c5ca3d8cc2a923e3f1d12fb93bf8da0a6c9f230fafb0727b04c01bab443526135a5c2935850c1d02d67fbe5e2af2e6c363938923142751d125747ad8abdf641270fbbfe1329172cfe4569825964c0a3c5f0eee8cb9fde60cd9a27153cdfe0910ce3b7a1657c3d599cff845861a5ec4e3a343abb30dbeaf9c75dc77c3472b859cb6add05b713da5feddd73f1633c5a737c4e4491c7be42efeae84f69d93d259f4ce956b16fb49747db265fd5c5efb11d758635f5fa0f8e4a1d82e865930ad06d77ab492df7281c184d246f8af18799510c23356c309875124774baf7ca9f61ca34f7df02b53710da2a1dcc9a4dccbc19296f6b80d21fa0505207eca7e6c57fbf6b143fb713a81c965c5a9d8d4385bf7cb4b000b8466db70c2580a6fd4f44d252044b93d47745e753ca230be9397c4d83962f1c9cf54a614ca82a12826ee4038de7e400e24bd41a195cc03e3899770c34b534e5b5477d461ac34c55bda96dba78fc27b068f61e5cf0fa785d01ca3fa499fa06868aa5d00f7d5e2d9a3669a69e1a2c5bcbeee0eb56e18c9491cd349cbeba4def25a47509647e611607761758587b5dca78fc7103aff3fa5c01233f55029d9735eb8920f1ec23b44fc404194b90a378bae01b112d102f2c18d68b5334174cbe21ffc30f5050764020fa68d947ed9b66742bd22833219b0b10378dd8ffa6cfacfb89daa9ee387febd1d12bbd14176a0d4080aa1edb89427d8c4db2367f562c470bb35455924a459ea970d42f79b7185765072a5beef1296bd33f81d57cd06d7998a3bb7d0631d042f100eb964075ae2b2deada4733005abe2e36831ebebb9a29ec819688109328bdf2a8f95a2ff83370de4e424b745fdc5ce55a3e770cc0b93f4d766ede791956f9f19185e20fe9af10c15debcd77b5b72f40d23c492f87d4a204aacae7086a61dc39e21798a7ef2af21e3f5c3705abf31e86c705fdf0b7f23c5944320a872f515011c437e3c1b3adfe3d1c1defe6e9991001601ff915f81cf4936c2eb2bc0f2e3cc05f6e2b23dc3f1c651bb75fe216b1eff7c614a766f459b2fc4c474471b301878fda43d99613e934e064b1edc1da41a2b1206c6ead50b15eda0904296cc2d21bc65e3f53e200b22ef42093034adf53117797adb5b0b72ce176ceeec976e5a7dfad12e802cf4aa2f2ea77e60846caee24915361e638cfd32118c18b8c56c48abb8b1fc94e259ac1690a9030647e461bc3467b0f680d40ad07080a66dbd6068297aaac67a0ab9718799b94fc7eb7f9e1d6df3840a3f7b3c27b8dd2041cbc53975b50e24c5e2aeaae0be7aacfc0bc8b4845a4b17bffbed01b66f041efb9d155d2f0c6e9fff26b3a8b0834fb339154a558f8dd0f48e4293ebfae7a7eae18ddb13a3c54e808c23330b856cbafaf5946ef1ad7d2792fba02a6b63d70b2c9a3a812d8284107f0384d743cdff4edcc815b1095cbcb18b9e90faf09f91d04c8c0f91eb29cd7703dba80ad1f89f6dd106f5bb1d1ba0f136dd91902bfccc89d34d9997dd3815c487ab293836a3e1ba8058c0e79d78ee793d4f2e746e09db8a4955551d840bd19ba2c874fa024e5a97633403b11ae":"a88eb8ce917b17c34800b6bcfe9683deb431e128256f4edc7c084add" + +SHA3_224 long #28 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3_multi:MBEDTLS_SHA3_224:"cf97461544530735f9349d0800dab7d1a432227642f63f265b73b53ee68f636eeb0a99184d0487f8e8c0f50adba735a8279056f37a3e9b75452a2b0514830aea1f7448431ca579a65804650706c500dbd7a79c7ecb7a5dd246deed2a664d7266945cbd5f593dc485738953c6293cfeb2db025addddb16d858616627583f48129714a5f33acd552de61d62810eb1519755c26f9d959ebb3d62c5af2b01480217ddfc69689bb740af84a734dadf457376b819de23ae730160d603205a1c0fa39a80659ca273122d41d55e92865ed0a42dd73ee7cc82e8981714c2703123069b1f30d8a63d6b4e79893aabf23007e37211359a12e4bd7fdd94b15c055c90cd571a61de2c95eeccc3ea3727da5454ee5bc555c3e628a899507e3e686618efb4760095de8658783d8af95d5ac15fd061cfbeba44e7f4eed58f381e500902ba5c56864f6249d191e14d1b1fad3ddf04de4c61c5859ed5fab4e856d3ab64a66b35a70fe0f1edadb68868d3f0a7a64e6cc460532a1e513856a7fa6ee0e30f809cd0b6120d15f85960638cc862c2912a72b49a073a67c5b88d2f43c4e89f700da9ae22112646e0412a33274cf89694ffa11f67f2890a52c2f8cb430d3d292cca2c3e6991cefd3c117e57a6e6248c183a926538b9886e9ee4340c76bc61289c228ef1fb1869a17226d741aa38793ba167a136baa0db1ce0a8d9536d46f70654c36c79652978fc191dbf91afa868fda71368043c5cd38dee6d23408521515acd192f3526298f359752b1c805aa666acfaa514e5c52144a1ebddc545cf0128e9b9051a5bcad1f16736238456ad3040b51a8e78589051fd9e8175eff5327cd2a16b57e4ba738aae743c8cdaa4da6c447f39ba54a410a58a5d11615a2163cc3b5e5150fb76440b5507ee2dc570c9a29b91c0f24fd22b651466016aafd149398aa7d2b80497249b0ca9b6d0eec4621a6c7315fc11e8cbd8c242bb58960bce0de8055656aa26fd84fbe1fb3bfca78d1be0aea2a043f1d747bd78a5f3b6d9d98e7cff45f3922ab60c4c372637982232ef1fc9cea88df237fa2c902902b84253066f1d085767ab377c24339d8c6a3b39dc504c00da96f5d3393812ae4f434f22bbe8e7054acfb2681cae5ec90219fc8a2b9cbfa2000701934c09879ca000062ff610e6a594724531330f3f12614e6d0d242aab1be0871f5f7ac6775abe977162fe0ea150fcfa6f7a0b725fe170b095ab0e2398d343bf561f0d98685271af98a31d0ba06f4c0c352beafd449cf8e87c4a33ae0c32f056aebb4ba6e4eb80f081db992f6c684a53a12c19d878adc19d2ad3d9f491a0b1f52f1b7d19728db50436f0bba18ca5bf74ba65e02c837a9378a82f491cae854c44e227ea189ba0d690bfcccb8a888c721a88be8621eb6d3621fd44cb4fec498aeacec8dccce58cac3f22551111e9872deb142055de3aec713f31fca6b5d1543390fbe4995cdabaffb66975d45f36fdb68f6571938cf7610e7a4d3e2475e70e0fdd72646af1029097a09c135e9bf756d6af839b8952ab33d37c57f18bb8b6e0e57a3a3197b3e4773ba3c117f5eeb5f955f377847f59ddca89ea5aff24a5c5307f0e5b3168c908d8b567e268e280f650fb024816bcc8158ef86f5b4f37659c67a342de4e255cf619cb9506f06d7845c29085fe378ac8dce7e7b164c90c1fc3ee1abeca6f159337a446d53696ddff27b7db23a2d12f81b83d1f587c55eafcc32bac29277c819752dfedce79427c3c2697a5853bcbf41a34f8690dacdb1b242288202cfe5cb18fcf348a29d7dc9058c9cbb652d10d21bcd5808b78fb43e5be6b6c406e56f9eda4370ae38d584d627a98b9d6336d7ffe8e253d4d40717591f2233fd298373a7dfe10c8c2a3057b3acb1ccacdd01509d3b9ab98790d165a66ead4689f51a907a8c4e5d8ed13e54f6073dc6662d0d493e764eff7d589f3d8aecb05516f42b548b81f3ba12c8400b11b9961f65fdcaf0583b87ac32b5a0fd8afc03f610a1262e5f3369c8b499f5f8ab46531e08a9bb047efddd36541287243b3ee0900376ab9c7a2328ffe0a0b09c07300d68eabb6de4173fa8243df9c25ff0080eb96c0f2c0d40c3a9d623970063da092d8668cd441dc573710c7cf5d2ff6de9c6d8b6b5181f57b774c1f9c785fe78342bdd2f49ee2fee2bd0458d814980e976b1848013004133510279dfcc91ba864390f39aabbc8905db4e65dc16969317214733349364f14832eb345200b42678a9f550377d4fb7b10443f405303a946b6bf07b50d0c6ce2adf97a7dd2e7dd0c3e9b1897239184a543939568568b6035ac965a3713596363fb9803aed804f37ec855df5f76996af83ecc733d92a896e69cbef61f24c63a81b534d641fb0c8ca770f632c23895b55b48155e27ce035440cd6263d608fbfb2222f47c9c03a4b06e7ea69928302c6eb5ab96e08ed444a12d89a827c5879fae308b017c29b87668bb398c9df927079cf0ad7980da6a12869516b8cc53695a599238825e4fe22abb76ead1c59ee5ce47f397e3c77359150a5ebdbbdae775d6063071a0ab754868b288d99c9a7d322877a6b1fe3bc268f63571c6d9d7eb74b8bcf27e83ea05b3d754d74e16a3ffd6bd35f142f2662d615d0fb679394dc62fab84c0a652a366eb1fa94c9167688c983688bc94e7d01d0af1a1151e04c3e06b55658233365e00b8e9b9cfe9b6718d413b79efed04fffb2d5bf277fc61c2a1f35e67206b56a43be2dd8d49a02b476899730f7296717d2d90430ac25c79d1718e6f928297dbfc7f30a22ca0fcf071876887522dd757d21dfc4ff2e0867478b80330ef91feecef346be19ebe462a7750761e4a09f7de8431382ab1b7c2793fde1b488533eab204c25b41ec89c504e22d8be100ec402d1dd30e7a4f3158b0af4b9e605c51a154c391c86b1debc3a438856e787bc0f86d256a44e8d5358f424f67541f7dd46cfbb4097a0639cb863204c0e88ac36b68c5225ea31b4aaab157a79b042eefa293cf609338bb491057d7cb45c1bfe1d7d85e9e16f3bcb67a0416404d7834baa55ef74e95cc3253a47eba177ec1c1dcea8f5f20fcfc72228cd1a8a1e776dae7c3159c0679fc12626e43056fd2af35bc8ed7f1317785e695c85f3552cfc7c87de6ffe511a591037b56eedd5ca955c68aaaf63c58ef58bf1716f8e4dc6f33a584f565fbf68353afa844c66c656c791a4d2535671dcc3ba6b05ee2ddc62d811905d88f053d7909bbf02014da1281e4d90de9dc9b0877f7436988664998737bce0677":"6081b2be0c1cf8977092b63deb954403a5879a0abe8ac4c153008cdf" + +SHA3_256 long #0 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3_multi:MBEDTLS_SHA3_256:"b1caa396771a09a1db9bc20543e988e359d47c2a616417bbca1b62cb02796a888fc6eeff5c0b5c3d5062fcb4256f6ae1782f492c1cf03610b4a1fb7b814c057878e1190b9835425c7a4a0e182ad1f91535ed2a35033a5d8c670e21c575ff43c194a58a82d4a1a44881dd61f9f8161fc6b998860cbe4975780be93b6f87980bad0a99aa2cb7556b478ca35d1f3746c33e2bb7c47af426641cc7bbb3425e2144820345e1d0ea5b7da2c3236a52906acdc3b4d34e474dd714c0c40bf006a3a1d889a632983814bbc4a14fe5f159aa89249e7c738b3b73666bac2a615a83fd21ae0a1ce7352ade7b278b587158fd2fabb217aa1fe31d0bda53272045598015a8ae4d8cec226fefa58daa05500906c4d85e7567":"cb5648a1d61c6c5bdacd96f81c9591debc3950dcf658145b8d996570ba881a05" + +SHA3_256 long #2 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3_multi:MBEDTLS_SHA3_256:"712b03d9ebe78d3a032a612939c518a6166ca9a161183a7596aa35b294d19d1f962da3ff64b57494cb5656e24adcf3b50e16f4e52135d2d9de76e94aa801cf49db10e384035329c54c9455bb3a9725fd9a44f44cb9078d18d3783d46ce372c31281aecef2f8b53d5702b863d71bc5786a33dd15d9256103b5ff7572f703d5cde6695e6c84f239acd1d6512ef581330590f4ab2a114ea064a693d5f8df5d908587bc7f998cde4a8b43d8821595566597dc8b3bf9ea78b154bd8907ee6c5d4d8a851f94be510962292b7ddda04d17b79fab4c022deb400e5489639dbc448f573d5cf72073a8001b36f73ac6677351b39d9bdb900e9a1121f488a7fa0aee60682e7dc7c531c85ec0154593ded3ae70e4121cae58445d8896b549cacf22d07cdace7625d57158721b44851d796d6511c38dac28dd37cbf2d7073b407fbc813149adc485e3dacee66755443c389d2d90dc70d8ff91816c0c5d7adbad7e30772a1f3ce76c72a6a2284ec7f174aefb6e9a895c118717999421b470a9665d2728c3c60c6d3e048d58b43c0d1b5b2f00be8b64bfe453d1e8fadf5699331f9":"095dcd0bc55206d2e1e715fb7173fc16a81979f278495dfc69a6d8f3174eba5a" + +SHA3_256 long #4 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3_multi:MBEDTLS_SHA3_256:"2a459282195123ebc6cf5782ab611a11b9487706f7795e236df3a476404f4b8c1e9904e2dc5ef29c5e06b179b8649707928c3913d1e53164747f1fa9bba6eeaf8fb759d71e32adc8c611d061345882f1cdeee3ab4cab3554adb2e43f4b01c37b4546994b25f4dcd6c497bc206865643930157cb5b2f4f25be235fa223688535907efcc253bcd083021407ea09cb1c34684aa0c1849e7efe2d9af6938c46525af9e5afb4da6e5b83da4b61dc718672a8090549cbe5aadb44f5bc93a6b3fbdc2e6d32e2eaaae637465179ea17f23ad1e4f1ebc328e2c6dc90c302b74a1edbbb0676c136b269d70c41040a313af06ab291bf489d9700950b77f207c1fc41884799931b3bca8b93331a6e96b7a3f0a8bd24cdb64964c377e0512f36444bb0643a4e3ecb328194cd5428fd89ede167472a14a9bf5730aff1e3b2c708de96eff1ebaaf63beb75f9c7d8034d6e5471e8f8a1f7efce37793a958e134619c19c54d3d42645f7a7263f25471fbaae8be3ea2fbd34ec6d7aacd7d5680948c3cd9a837c9c469a88f600d95829f4d1e4e4a5ef4ed4623c07815a1c33d9fb3b91333ff04eac92806a68a46cf2e9293f8bff466ce87fe66b46fbff7c238c7f9b2c92eb2fdc7d8084167f6f4e680d03301e5c33f78f1857d6863b1b8c36c7fce3e07d2a96a8979712079ae0023a1e3970165bfcf3a5463d2a4fdf1ca0e044f9a247528cd935734cb6d85ba53ceb95325c0eaf0ff5cd81ecb32e58917eb26bfc52dba3704bf5a927fee3220":"cb1c691c87244c0caf733aacd427f83412cd48820b358c1b15dd9fadee54e5af" + +SHA3_256 long #6 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3_multi:MBEDTLS_SHA3_256:"32659902674c94473a283be00835eb86339d394a189a87da41dad500db27da6b6a4753b2bb219c961a227d88c6df466ba2fc1e9a2d4c982db4398778c76714d5e9940da48bc3808f3c9989131a07683b8c29d6af336e9aee1dfa57d83c48a86f17146edec07869bb06550689ebf4788159ed0a921048b4a6e3e3ec272413bec15d8e1f6a40897fa0e11d9df223ef9fc270106249ae220fdc6ebdef6d6611805421ccc850f53ee9c836baf657a94005883b5a85def344d218264f07b2ea8714afcc941096c6ded0bb6bf5b8bf652fd15a21931c58c9f526e27363ddff98c0a25bc7af9f469ab35bffea948b333f042cc18a82cec0177f33c3bdbf185b580353de79e51e675b03b31e195f19ba1f063d44def0441dc52820426c2c61cf12974ec249fd3502f017ffa06220075ced7e2d6b86a52677ba3916e8e8726062aec5bc8ea1c18b1e4137680b2c9d002191b423bee8691bd7e0f93c3b9959bc1c14d5c5cbe8f7c9c336aa16e9de9faa12f3f048c66d04cb441eb2bbc5e8a91e052c0f9000856896f9b7ba30c1e2eead36fc7ac30a7d3ddfc65caaba0e3b292d26dfba46b5e2dc9bc9acadde1c9f52b2969299bd1281ddff65822b629cfba2928613200e73661b803afdcc4a817d9361389e975e67dfadd22a797bdaf991ddf42db18711c079ecec55925f9978e478612609bacd900172011c27e24bad639ffc24a23877278318872153aef6893ccb5b68b94b33154df7334375aadd3edbb35272cc7b672dec68faa62900873ded52f6049891b77f2d0311a84b19b73660e09d1f1998095c1da1edecfa9f741b5fd6db048dd68255085d43529279021d59ed853470d6863b7c8e07fcb0d1e6acfb1eb16f7f60bb1f46ce70493010e57930a3b4b8b87e065272f6f1dd31df057627f4214e58798b664e1e40960f2789d44ccacfb3dbd8b02a68a053976711f8034c1ed3a8":"5ac9275e02543410359a3f364b2ae3b85763321fd6d374d13fe54314e5561b01" + +SHA3_256 long #8 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3_multi:MBEDTLS_SHA3_256:"a65da8277a3b3738432bca9822d43b3d810cdad3b0ed2468d02bd269f1a416cd77392190c2dde8630eeb28a297bda786017abe9cf82f14751422ac9fff6322d5d9a33173db49792d3bc37fff501af667f7ca3dd335d028551e04039ef5a9d42a9443e1b80ea872fd945ad8999514ae4a29a35f60b0f7e971b67ae04d1ba1b53470c03847a3225c3ddf593a57aed3599661ae2d2bb1cddd2fa62c4a94b8704c5c35c33e08e2debe54e567ae21e27e7eb36593ae1c807a8ef8b5c1495b15412108aaf3fce4130520aa6e2d3bdf7b3ea609fdf9ea1c64258435aae2e58a7b3abda198f979c17dbe0aa74253e979bf3a5800f388ea11a7f7454c4e36270a3083a790c77cbe89693205b32880c0d8f79b1c000ee9b5e58f175ba7696616c17c45673cff25d1221f899836e95cc9e26a887a7115c4537e65ad4eacc319ba98a9a8860c089cbc76e7ea4c984d900b80622afbbbd1c0cdc670e3a4c523f81c77fed38b6aa988876b097da8411cc48e9b25a826460a862aa3fadfe75952aa4347c2effebdac9138ebcc6c34991e9f5b19fc2b847a87be72ff49c99ecf19d837ee3e23686cd760d9dd7adc78091bca79e42fdb9bc0120faec1a6ca52913e2a0156ba9850e1f39d712859f7fdf7daedf0e206dff67e7121e5d1590a8a068947a8657d753e83c7f009b6b2e54acc24afc9fdc9601a1d6d9d1f17aab0ce96c4d83405d1e3baba1dffa86ecccee7f1c1b80b1bbf859106ce2b647ae1e4a6a9b584ae1dfc0a4deebb755638f1d95dcc79b1be263177e2a05c72bde545d09ba726f41d9547117e876af81bfc672e33c71442eb05675d9552df1b313d1f9934f9ddd08955fa21d6edf23000a277f6f149591299a0a96032861ecdc96bb76afa05a2bffb445d61dc891bc70c13695920b911cad0df3fa842a3e2318c57556974343f69794cb8fa18c1ad624835857e4781041198aa705c4d11f3ef82e941be2aee7a770e54521312fe6facbaf1138eee08fa90fae986a5d93719aeb30ac292a49c1d91bf4574d553a92a4a6c305ab09db6bbeffd84c7aa707f1c1628a0220d6ba4ee5e960566686228a6e766d8a30dddf30ed5aa637c949950c3d0e894a7560670b6879a7d70f3c7e5ab29aed236cc3527bdea076fec8add12d784fbcf9a":"68f62c418a6b97026cc70f6abf8419b671ee373709fa13074e37bd39f0a50fcb" + +SHA3_256 long #10 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3_multi:MBEDTLS_SHA3_256:"460f8c7aac921fa9a55800b1d04cf981717c78217cd43f98f02c5c0e66865c2eea90bcce0971a0d22bc1c74d24d9bfea054e558b38b8502fccb85f190d394f2f58f581a02d3b9cc986f07f5a67d57ab4b707bd964ecc10f94f8cc538b81eeb743746c537407b7b575ced0e1ec4c691a72eb0978be798e8be22b278b390be99c730896fdc69b6a44456be5ee261366e8b1351cbb22aa53e45ec325ed2bca0bfeeebc867d7d07681581b6d56ed66ac78280df04053407a7b57561261dd644cc7b20f0a95709e42795b5402dd89fcb11746c597e0b650a008bc085c681bb24b17db4458e1effba3f414a883ddfc4bccb3ace24d9223839d4b3ca9185ad5cc24193134b9339b0e205a4cc0fa3d8f7a85b4230d1b3ee101fbae9ee14c2153da5f337c853573bd004114cb436ee58ab1648373ee07cc39f14198ac5a02a4dd0585cf83dfd4899df88e8859dae8bc351af286642c1c25737bf8712cb941cbbb741d540feb9f5d831f901fbe2d6facd7dab626bd705f2fd7c9a7a0e7a9127e3451af2ae8509dd7b79dce41c1e30b9dba1c38cb4861dad3ac00d68fa5d07ba591c1c3b9d6b7d6e08099d0572ca4c475240601decba894fa3c4b0ea52ed687281beee268a1c8535e283b1fc7c51aa31d5ec098c50fec958acdd0d54a49643bef170093a1102a1b3bf5ad42fb55ebaf7db07385eadcd6e66da8b7b6e6c022a1e3d01f5fccec86365d3014c159a3bff17d614751b3fa0e8e89152936e159b7c0ea8d71cd4ffd83adae209b254b793f6f06bb63838a303b95c85b4edfa4ddcca0ed952165930bca87140f67f5389d1233fe04f0a3d647050410c44d389513084ad53155af00de02cc7943a3b988d8e1454f85153aff0816e24b964ec91dc514c588a93634ff3dd485c40575faa2f254abdf86fbcf6d381337601a7b1ba5b99719f045eb7bf6f2e8b9dd9d053ef0b3126f984fc9ea87a2a70b3798fab593b83a4ff44d9c0c4ec3e570ac537c10d9e3c4996027a813b70d7867b858f31f508aa56e7b087370707974b2186f02f5c549112f2158c0d365402e52cba18fe245f77f7e6fbf952ec2dc3c880b38be771caea23bc22838b1f70472d558bdf585d9c77088b7ba2dceaeb3e6f96df7d91d47da1ec42be03936d621ecf747f24f9073c122923b4161d99bc8190e24f57b6fac952ed344c7eae86a5f43c08089c28c7daf3aa7e39c59d6f1e17ece1977caf6b4a77a6ff52774521b861f38ebc978005e5763cc97123e4d17c7bc4134c8f139c7d7a9a02646fef9525d2a6871fc99747e81430b3fec38c677427c6f5e2f16c14eee646ebf6eb16775ad0957f8684c7045f7826bc3736eca":"7d495ddf961cbff060f80b509f2b9e20bed95319eef61c7adb5edeec18e64713" + +SHA3_256 long #12 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3_multi:MBEDTLS_SHA3_256:"c8a2a26587d0126abe9ba8031f37d8a7d18219c41fe639bc7281f32d7c83c376b7d8f9770e080d98d95b320c0f402d57b7ef680da04e42dd5211aacf4426ecca5050ca596312cfae79cee0e8c92e14913cc3c66b24ece86c2bfa99078991faad7b513e94f0b601b7853ddb1eb3c9345f47445a651389d070e482ea5db48d962820257daf1cbe4bb8e5f04a3637d836c8c1bc4d83d6eda5f165f2c2592be268412712ae324ef054bb812f56b8bc25c1d59071c64dd3e00df896924c84575817027861faa5f016c5c74142272daa767e8c9dacee4c732ab08b5fa9ad65a0b74c73fb5a889169f645e50d70e41d689415f7d0b4ec071e9238b5a88110856fc6ae9b9944817e21597d1ccd03b60e60472d1e11d3e9063de24a7b59609b6a2a4ee68238690cf2800614746941c48af9566e07494f0dd236e091e75a8f769e3b179b30c10f5277eec7b3f5c97337189b8b82bc5e717ff27355b2009356caa908e976ae1d7f7a94d36202a8d5e03641aeac0e453a8168ee5a0858ceecfcbf11fb8c1f033201add297a0a89476d2ea8b9a82bda8c3c7ef4f55c3295a4ecb7c607ac73d37eadc13b7a2494ec1928f7a80c8d534efe38a3d9ccb4ccdab9f092a1def6478532c5ad3cd5c259b3812600fa89e6d1e228114795d246cedc9c9fff0d1c1297a5ddfc1169c2efb3800df8dd18a8511214785abcc1bc7eb31bdb2f5f70358dfe860ed5a03ab7e95cc21df5ee7aee68be568d6985e5c1e91408e4432663b1c4e6d613d6dc382b5b900a4fc1b7a9c27a1138c5e2356ab9026c34465006602753daf6ab7427da93c307c901d0bb1ddb21c53bc0493dd8d857161e8ffa51fdecb75568243205aa979c2e7ed2a77b5f8edc34cffb0321a8c653bc381f96ab85a86bf0bb2c9518208d636eac40aa7ad754260a75d4a46362f994c90173b975afb0ee17601311b1c51ba562c1ca7e3c2dd18b90bdebb1858fe876c71b3ad742c4bcba33e7763c750098de856fde8731cb6d698218be9f0a98298630e5b374957d126cf0b1c489c48bab6b50f6fb59ee28be6c3916bbd16514234f80e1ac15d0215852b87f9c6e429eb9f85007bf6ae3de1af0202861fd177c7c4f51af533f956a051815815c6e51e25af20d02893e95442991f1de5f86a4397ae20d9f675657bf9f397267831e94cef4e4d287f759850350ce0898f2e29de3c5c41f4246fe998a8d1359a2bed36ded1e4d6b08682025843700fee8cab56703e342212870acdd53655255b35e414fa53d9810f47a37195f22d72f6e555392023a08adc282c585b2ae62e129efccdc9fe9617eecac12b2ecdabd247a1161a17750740f90ebed3520ceb17676f1fa87259815ff415c2794c5953f689c8d5407dbbd10d1241a986e265cea901af34ec1ded0323ca3290a317208ba865637af4797e65b9cfcad3b931bbf6ac896623e2f4408529172911f1b6a9bcae8279ec7e33452d0cd7b026b46a99cbe8a69cd4d21cdc6d3a84002fab527c4fd18a121526d49890ced3fb89beb384b524015a2e03c049241eb9":"b8d4b29b086ef6d6f73802b9e7a4f2001e384c8258e7046e6779662fd958517e" + +SHA3_256 long #14 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3_multi:MBEDTLS_SHA3_256:"3a86a182b54704a3af811e3e660abcfbaef2fb8f39bab09115c1068976ff694bb6f5a3839ae44590d73e4996d45af5ceb26b03218ab3fef6f5f4ef48d22839fb4371c270f9535357b22142c4ffb54e854b64cab41932fe888d41ca702e908c63eae244715bfbf69f481250f16f848dc881c6996e6f9d76f0e491de2c129f2a2ab22e72b04644f610a2fabc45aa2d7b3e5d77b87a135d2fd502ca74a207bddaf9a43e945245961a53c7bfcfe73a1ae090e6606ffe8ddbf1e0f0d6d4fa94526578c6faf282dd592b10bf4bce00a7b1846625690623667e83b9b59b465d42c6944e224ad36698f5f2ee938404b7775c2e66207bc41025adaf07590312f398812d24c0178126fdd334964a54b8353482a83be17cf2ee52d23b72e5f57fe31eebf8a1a64742eb9459bcb0eca231a1658ab88b7056d8e47554f0a46058d6565c6cbf6edec45fdde6f051e38255b82493de27ffd3efbe1b179b9642d2166073db6d4832707420237a00bad7125795e645e5bc3e1431ecbabf0ff5f74416626322545c966241cce6d8f2c035a78f100e030741f13b02a9eaf618d468bc40274db98bc342be12ad4d892c2ba546e571c556ac7cbf4e4c3fd3431efd40457cf65a297845dd8cce09811418c3cef941ff32c43c375157f6f49c2e893625e4b216b1f985aa0fd25f29a9011d4f59c78b037ed71f384e5de8116e3fc148c0a3cad07cb119b9829aac55eed9a299edb9abc5d017be485f690add70ff2efbb889ac6ce0da9b3bdbeb9dd47823116733d58a8d510b7f2e2c8244a2cbf53816b59e413207fb75f9c5ce1af06e67d182d3250ea3283bcbb45cb07ea6a6aa486361eb6f69199c0eb8e6490beff82e4ab274b1204e7f2f0ba097fba0332aa4c4a861771f5b3d45ce43e667581a40fee4bebe7fa9d87b70a5bb876c928f7e6d16ae604b3a4e9c7f1d616e2deab96b6207705b9a8f87468503cdd20a3c02cc8da43d046da68b5ed163d926a5a714a4df1b8ef007bca408f68b9e20de86d6398ad81df5e74d5aaac40874b5d6787211ff88e128cf1676e84ca7f51aee5951efee1915dcc11502a8df74fac4c8451dda49b631a8fb87470f0ebe9b67449bbd1640ceee6101e8cd82aa1033fa84f75b28450e461b93f65da5c43759b0e83660d50961702bb1ad015dad42e600117475237cf6e7279d4a02d1f67cf59de0108355d03963e3d84ce7647173dd7d77a6b3f275d7de74236d7bbb2df437d536136dbe1dbe8f307facc7bc7d0cde1abf745cbeb81af1ab2c46138cf007e901f22668377958bcbbadb7e9905973b27ff0c5baaece25e974c1bd116cc81dd1c81a30bae86a6fb12c6a5494068e122153128313eb3e628d76e9babc823c9eb9d3b81bacfa7a6b372abe6b1246a350f23e2e95b09c9037a75aac255ef7d4f267cad3ce869531b4165db2e5a9792094efea4ae3d9ea4d0efdc712e63df21882a353743190e016b2166e4da8a2c78e48defc7155d5fdfc4e596624e6a19c91b43719a22c1204b1cefe05989d455773d3881fa8d3eefc255f81dfe90bd41dc6f1e9c265a753298a6e98c999acd9525a9db5f9f9456a0f51a93dd9693e1d9c3fa283f7c58a9c752afcaa635abea8dfc80e2c326b939260069457fdad68c341852dcb5fcbbd351318defd7ae3b9f827478eb77306a5ae14cf8895f2bc6f0f361ffc8aa37e286629dc7e59b73a8712525e851c64d363065631edc1609f3d49a09575876a":"b71ec00c0fcc4f8663312711540df1cd236eb52f237409415b749ff9436dc331" + +SHA3_256 long #16 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3_multi:MBEDTLS_SHA3_256:"c041e23b6d55998681802114abc73d2776967cab715572698d3d497ec66a790b0531d32f45b3c432f5b2d8039ea47de5c6060a6514f3ff8fb5f58e61fd1b5b80524c812a46dad56c035a6e95ecb465ea8176d99b836e36f65977b7dbb3932a706d3af415b6f2549b7120ecb0db1e7d9e6f8df23607eda006436bccd32ef96d431fa434d9de22ca2608ab593eb50b4d6a57f45c1ce698c3283a77d330b876ad6030324a5c0693be7790a4bd26c0a25eb403531f37689829c20546d6dc97327131688b3d88766db8f5d1b22050450c37e53951446dd7155a3e6d7edcbe1354411d8f58154475d74008937e8ba48b706066c296d1a87936dd023ac8eebe7605a58c6c40da774cf9df189db0050adcf7629e66cbd1cf9824397834cb13c4066c26e6c8ec950b44fc1c8db8ef976a7ec8c4f4ec9849ca7a07f906223053b80db24b946b034ee7a30880d0ace348acba0d0ed21ea443816706a216ce9eb682d1fe9dfc1d2e0bf3b1449247413520b8d8ebc99fc298c6dca949be0ffebe450b9b79a387a615d617b8d9da5b3e8d2776208c7cc2a11bdbc387f9d4597b380739b24ae59dcd5fb63bfeefe0746d9266cfda18afa583d6891e483e6d5c0db305f5609beba75bb5b447ccac2dfb94ede4a94db6eaaf3070d8d5353f107f7bd74528eb913e0b19bed6236a3b48567c46a9eec28fb6486f92d0d09625452d8f4dd1b89c566533cc2326b820c2b9efed43be8481cb9ad809e47af7b31795cb0fbdb18fbb12e8853f8bacec366a092daf8f2a55d2911fc7c70ddd33d33e86c2c4ceeb9390ec506b399f6fa8f35abf7789d0f547fd09cb7e6fb6016a3fc2a27a762989ae620d234c810777d5a1bb633744af2844495d2963c986ef8540ca715bed7692c77b9dec90e06acc5986b47dd4a8d3ca3300b2bedf9f26ae6d1c7e7acef05c0fc521c3309e1e70771eea6e96b67de5e3fb6833145bb73d46081b074539498307929da779e003c27f0a171035458b8c7c86c905b23dda74c040878d5a05be94821537724ebd5608ec0754c3e3e99a719bbb6d5320eed07323fca637429b18378936364c389de1e9c6fce8af270a713b4b829b43e7d761e17724c22e84611e1322dde45cbee86a0e16d01cfb8910d99391c39afd8e5f5567c59f219aa8c19ad158f287cb6807ba1fe46d38d091639a217766b3aa9ded73ac14570ba236225218305d68c0be6099c336ba8455c86b7c8c04542e729ceb84596c33ca6eb7ec1091b406cf64495ccfa2169f47b3b590477d4073537c14c05015d51ba527b3869ae4ebd603df906323658b04cb11e13bc29b34ac69f18dd49f8958f7e3f5b05ab8b8ddb34e581bde5eb49dd15698d2d2b68fe7e8baf88d8f395cfcafcdff38cf34b59386f6f77333483655ee316f12bfeb00610d8cba9e59e637ca2cab6ed24dd584143844e61fcca994ba44a4c029682997ab04285f479a6dc2c854c569073c62cd68af804aa70f4976d5b9f6b09d3738fcccb6d60e11ba97a4001062195d05a43798d5f24e9466f082ac367169f892dfd6cc0adeef82212c867a49cba65e0e636bab91e2176d3865634aa45b13c1e3e7cdb4e7872b2437f40f3de5493792c06611a9ca97d0baed71bfb4e9fdd58191198a8b371aea7f65b6e851ce22f4808377d09b6a5a9f04eddc3ff4ef9fd8bf043bb559e1df5319113cb8beea9e06b0c05c50885873acd19f6e8a109c894403a415f627cd1e8f7ca54c288c230795aaddde3a787c2a20ac6dee4913da0240d6d971f3fce31fc53087afe0c45fa3c8f744c53673bec6231abe2623029053f4be0b1557e00b291ebb212d876e88bcc81e5bd9eb820691dca5fbdcc1e7a6c58945a2cac8db2d86c2a7d98dc5908598bda78ce202ac3cd174d48ad9cac9039e27f30658eef6317cd87c199944343e7fce1b3ea7":"ad635385a289163fbaf04b5850285bfe3759774aee7fd0211d770f63985e1b44" + +SHA3_256 long #18 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3_multi:MBEDTLS_SHA3_256:"01ec0bfc6cc56e4964808e2f1e516416717dad133061e30cb6b66b1dc213103b86b3b017fa7935457631c79e801941e3e3a0e1a3016d435e69a390eaac64f3166d944c8eb8df29fe95fdf27adc34631e4a1f3ff1d5af430f3d6f5908e40c0f83df1447274dfe30bbe76b758bd9abb40ed18331c7552dcc6959a1303e11134ec904bd0aab62de33c39703b99920851afd9d531eeb28f1c4b2e6c17c55db8296320316fbe19e881b5fcb4d266c58ca7f31d9176e26f70315330b58a516ec60d10404a78393aa03ced7acd225cb2a83caf3ab5888406a69a534f1ed1346e9b5e68831f90b872d57367361191c803eb7e38b3b9cd601282d5efdbf082db07d89bd06b093f986d08d3a7b12aa74513b6eb241b26ebf31da5726d59e315d1b4ee53ec6a9fdb6583bacc136e90e9607cab01e5d3853ab9727ede706b6f10b4e04d0510f45c0abc515bcb5ed0bcce86a92861126f4d502fcb8f988d62ecf9d124853de2bab633f9506c6fde8a36cd4413cf773e50f7b2d283482f18e2f547c2fc275cd60056ed98fb8d0816fd777c1566f0c2ae3b1cd92e344910a75e006106d193e06f7786ae37dd0e529cacf74176fd4cc1f6500549af5902dbbd56a70c194f5b671372edec425f90add40b4eb3d55123f3ab62797ad25bf5eecf4f417f86b00e6f76a4f52e44fd949851aae649dd0d26d641d4c1f343c7a2c851ca7851bbbdfd57ed6024eabc518a909a1e4689ea7bc5f83e19872950368a06e93ab41944c3d8befc5705b814e5f33511a7f7ea8a4771c804b321a3a3f32c18fa127d3c9e6c011337dc100ceb156ed45d0a62f238dacac44a3429f89bb7f98d09043c42451106e30471cc6fab7a4e1ce0a8202772b0218b631f287ec3ef82b1aa6299a0b54d6aad06aa9346d28f117d20f3b7f0d462267bd3c685cca8f4584532dfee0e8b9bacefa3092d28fcce7953a28f82e4ba6b3a1430ecca58b770dab656bed1b224663e196dffc28c96a2c65ef9de1989a125ecf2fed47eb96bef8a636a91bd521c47aeb8bc011bf81cc688fd8b620446353cbf7692201b5552cb07fb02eb3954dfaa6f5c31bf91e20b84419dcbbdaba0c31a124d8f4218b2f88da3eba44dbe40eb290052538dccd0ff7670de5f33a83ff74895b66adcff58c9c21e93b31bb49ccb2e026995ee155b5517b72daa76526a2e42aa6fa94357cd42e2a8a1d3e7d4cefc33d5d07d6303d798d2551a21f862b5f492d0c7cf078a77007a02847b34675dfad4fb457e9f20dc5750fb127a3c31b9d6a3996d50ac3ffc6ef29cca1d8414d0438bf3271dc4f4e00cfe19a507b447dc310f74aeb2a3c0b3fae6d7d13f4935bc72c35df3efa6e879164421505ee32d93b030e32a7970b53430b1643855167278e5058c4a48a7840e2fcdb282e45b5b86c0b2756f19b595f3bcfc926df35e33ac26dd1e88cd394015a5f54deb4c9f4a0bef0eabcb27c4eb88dc2302f09e92f1bcc4b4754df1eeb536154543c7dbf181c9979fe6ed08311e5a3acf365ebb5745212b2630e83b3a5bd5fa4834c727248b165700c7435f8cb6ee455bad16ee0da68fe6acd2062dae9c8bc178b157b29ade98a9bbbd4c723a3dcb7852c7978b488e4f73a2c9163dbdffae175119f812b6f4b70c2b498704bc2b58603f167f277a74e64ec296a6dfdb0de3486c0f36ac1b55f80af9fc817ba4f84b898b2a3c5725e2faf466bb26a8a84f91e123d182033a7ae2029236aa4b673ceb50c1733d7edd60e3f119b7141c882d508e0331689c96fbfb9f7e888fe88561de427c721123036737c1460b0da00d3f958b948f68fcb321ab4e297290f781ff8afb06b755d82a7e6ce1963761d799eed786524bf19801b4877b2d856becdf7e87d71aa359f2d51f09de64bcbf27d0c3aceac70790e314fd06c2f5216f3d10574b7302d6bc2775b185145c1b741524567c456d42c5826f93afa20ae7196ca7224c3b69b1eada9eee752fb6d43f24170fcc02af7e1dea73f0f884f936f900165800acb9d57480a31e409d3f676ed92b6812cf182a088fc49d68082aa19c7be0711f436db1d7be44d97dc9405591a8d3e7f6f731c6f3e6c401749829b7624497f5eeac1fc782e7d6988340541f2617a317e":"2a6283b1c02c6aaf74c4155091ff54a904bb700077f96a9c4bd84e8e51b54d01" + +SHA3_256 long #20 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3_multi:MBEDTLS_SHA3_256:"9271fd111dcf260c04cf4b748f269ac80f7485c41f7724352a7ed40b2e2125b0bf30f3984ee9d21aab6eb07ec976b557c2426e131ad32bd0485aa57172f0e4f1798760f8352067ac023fbeca7b9c8bf5851c724e90ffff44195b44ae73c9c317c85e8e585bddac6d0f2abf812d02e44b62eadb9d0765683aa56af8e9b91588c7b49dc3e146866a02dc18f9ca680f88006094ef29096c2d5af5700b4aca3dfcab462c48bb8085691671efb5ceb22b3ebd8702f71a1d7c184b1053c3fa30a7e76b85f3650d9140714fd4993bb496becf2ae01d3a98ccfdefb6fefd692173bd11af7adb61ffff214a550ffcd3a5993004ee72cb02ca9c577b42c85444e619e6411e2bca86bb548ebbd12a02c5c945eaa3b246f595d817f3849875429e72ac894160a2a91a6617f18e6b2b9258472152741d62843cebc537d25f0daebdedb410d71ee761662bd1b189ca1c93d648b5d141d8d05e3f2b2d8c2c40997fea7eb7e2cc0000d8b2300936759704ef85f38ad0d08a986de6bfd75b5be3209f6d4d3f67e7adf7f8469d47e81979ec8dae7127b5eadcc09779cf4b0a28efaaf58e83d307f2ced4a8699b142f3f19db5598e914e9577652c63f851203580d40699548fc2ab30a9dcf6452f673ad1ed92f8d84dad5dfff55e18107b3acb6e4e8e3c9c34038f40a5c577fe9771c2c31ef03d36a00e04a20d2d0877db66f091dac4b741d2a997b75182702881f9284fa23b9b3c20e715f80d07b9910a4b3185f9489dc7d3fb510f4da273559753d7d207f3975b48df2e7c857caffe703dfac53a786490c09f57d2fa93f60810186df4c0b6b616a04caab9f70a5002c5e5d8da0ed2805f20fbf89cd8d57ca2b4bd37125ce38bf09fb6170ae21f4e6043a9483ef6e585756d97cfb778e57bc7ddc8dfc54d086d6bcfa1f019c749ff79921ec56e833ff8660f0959cd4b5277e9f3b1d4880193fefa98a6c2512718e7c139acdcd324303db3adb70348d09b058baf0e91d52b24952f832b0a3b81fa9bc9a2e9fb276a64e9e0922778b4992d892f6845b4372a28e47d27b53443586d9015463cacb5b65c617f84e1168b15988737a7eda8187f1f4165fecbdd032ae04916cc4b6e18a87558d2ce6a5946c65a9446f66cda139a76506c60d560f56a013b508d6ccbbaa14e24ad0729dd823bf214efcc59e6932cdc860306687c84a63efb551237223641554940a7a60fa7e6ddad64a21b4a2176b046dc480b6c5b5ff7ed96e3211df609195b4028756c22479ba278105771493870372abe24dcc407daa69878b12b845908cf2e220e7fabeeaab88c8f64f864c2bacba0c14b2a693e45aacc6b7db76bc1a2195cfce7b68f3c99440477ea4c1ea5ee78c109f4f1b553c76eb513dd6e16c383ce7f3187ad66c1d5c982724de8e16299c2fde0a8af22e8de56e50a56ac0fef1c52e76864c0ad1eeedd8907065b37892b3eca0ddcdf5c8e0917dec78fedd194ea4b380a059ccc9452e48a9eba2f8b7a4150b7ba17feac83c61604c3cfcfe6655c2be37ef0ae6fc29072f9b1cfb277b64a8d499dd079ad9aa3d5e9a7ccbec8c100596c6fac51e13a260d78d8cd9066edc558e2219cfcda1310dc1fbbdd36f348756855349f33eb6b82186a8c1a55f361305833edd3e4ac8d9b9cf99897c4e06c19ed10765fd0c8c7433851445c5f87b119ef913b2bcdbf7aa2ad19c672e53a9c6c3c309d549513edd7c1cf8a0a399e6df0939cc1fb146d6ad460e2ce05144c69eafa3822141d473fbe5927c58a50c1e842f8b8fad85540ce9f6d06f7b4dea045248b999d24c5fd4d75631caf73518cc08f73684e2a1cd4266235d90c08a0d0ce8784c776fd1b80978b83f0705ba8498744884d5496b791f2db3ffb5377175856b25a643803aa8b9e7f1055e089c1929cf0cbba7674c204c4590fb076968e918e0390d268eeef78c2aebcbf58a429f28212a2425c6ad8970b6a09cadddd8336d519bca4820556d2c4b8cd9f41216de3c728a0774edf47d3489cd29cf1b2a192bc53325d0bed7d23e51be7684297f9d0ecb14acbf648bc440c5fde997acc464fb45e965e6f0dced6d4568ebcd55e5a64633b05a2cb4d8263b721a252b1710dc84d8a5d4b43fcc875e2e7281f621b0bf8bb3465be364456bcd990b26b3e474486f864fb85f320f68bc14c37d271249b18552bef50dfc385a9f41b831589c5a716357cf5a12520d582d00452a8ab21643dd180071d2041bbc5972099141c6292009540d02f3252f1f59f8dfcf4488803f3b0df41759055559a334e68c98ea491b0984f2f82a35db84ea0779b3801cf06b463a832e":"4e75bf3c580474575c96ec7faa03feb732379f95660b77149974133644f5d2a0" + +SHA3_256 long #22 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3_multi:MBEDTLS_SHA3_256:"075997f09ab1980a3179d4da78c2e914a1ff48f34e5d3c2ab157281ef1841052d0b45a228c3cd6b5028efd2d190d76205e1fdf4cec83c9868fe504f429af1e7c5423267c48a7b5bc005f30a1980147a3fae5c100b95c7cb23d43af9f21d87311d9cc826598993e077015f59ebc476383bb7a78787d915c97039ab188a2a618f7a8d7f64542ba787e9dd7d48c4c87d2aaea068c1b00c9711b2812901673c11418096d0a850fb36b0acece56d311689dfeceb0835009adc427f6d2d6b05ed26f5a43b6478bc72c1f914a2202dbd393cb69b1a1e78162e55ca4b3030ac0298131a7a0d934c032cc9dfc5afa600c59b064d2d9013f15d1184278a8ccb5ad9d7563e666fe5a8c173cec34467ef9cf6d6671208ff714741fee7c8d1d565edf82570dffde4f3f584024142056d8548ad55df83d1babed06141114c95ac88dbea0ce35d950f16d8a732a1ea7d22dfaa75a3e0410c546523277261116a64bcbb2be83e55e040f6c8c79f911b301a8718cc4b19a81d5f0cb6312d87c5b4b079e23a61d247541cfc2c41a37f52b2c6e43a3db5dc47892d0e1feabcc5c808f2391791e45fb065159f99c1d8dd2f69baaf75267eb89dd460f1b6c0badb96cbbc8291cefa370fa7ad6997a4ca2b1fe968216032f02f29837d40215fa219c09161df074e1de8e37056e28c86d1f992a651e271dfc4b0592ad481c613fd00c3eea4b6deabb9f5aa63a4830ed49ab93624fa7b208966eccb1f293f4b9a46411f37d7928e4478dde2f608d3851a8efa68e9d45402bc5124fde4ddc0f83ef82b31019d0aacb4b5121bbc064c95c5292da97981f58f051df9502054bf728e9d4fb7e04787a0890922b30a3f66a760e3d3763855e82be017fa603630a33115a02f02386982001def905784f6ba307a598c6dbaf2946fe9e978acbaf3e4ba50ab49ae8e9582520fc2eb6790deafc77e04a8ee75da92d16f0d249403112c74bc09102b573e110ccb4d8461d249bfe2e85fc9770d606be6fbfd5ec4c30ac306d46412f736e5b696ccc9fbe4adea730955c55ea5c63678271d34b7bd6f6340e72626d290820eeb96a0d2d25ea81361a122ffe8e954cf4ff84f4dafcc5c9d3e7c2ddbdf95ed2c0862d3f2783e4566f450ec49e8b01d9d7bf11e92a7903f2b045c57ed8a65ccbfc5b1d2a38e020a57b38f2e4deea8a52354a7e7be4f977b8f5afe30f6738e955c8bda295064586b6827b245766b217fe39263572b0850965c7ae845611b8efb64c36244a39b9fed0ab970ee5ddeb8f2608dd9c963524a14050c9101d7f2d5537b24d0b0f7a45703c1e131656ec9edc12cdf71dae1cde2790b888ef2a589f03201f8bbfad71f0c4430477a6713ad2e50aaefa1f840cbb839e277389454517e0b9bd76a8ecc5c2e22b854c25ff708f9256d3700adeaec49eb2c4134638ee9bd649b4982f931ec3b23cc819fbc835ddcb3d65e04585aa005e13b7ef8fcafa36cc1a2c79ba6c26fc1dc0f6668f9432c578088cd33a41a778ac0b298fcac212edab724c9fb33d827409fd36bc4b2b0e4e81006fd050d94d3271e0427c61e9ddca599a3c9480cfdd33603cb1a196557281ce6a375fef17463893db293dba0704d4bfda25e08beadd4208c58ea0d8d9066448910b087fc13792fc44075a3fe42e13c5792f093a552aa8ebe0f63e7a807102d5bc145468a0cb469263035c5647049054c18199f7da6d6defd51105e2125c605e327aca137ca85e3f7f46ca69f92d5252f84418293f4e9afeeb067c79576e88cc3c64f3e61d76e1e9e2f72cdfc35261a9679f0c374d7436ff6cfe2ba71650810522fa554a4aded87ad23f0b206b1bc63f56bbff8bcc8849d99e209bd519a953f32c667aa8cd874ad99846ed94b92f88fe0dbf788c8431dc76ca9553692622077da2cdea666c1b3fee7c335da37737afccd3d400a23d18f5bd3784dbcd0663a38acb5a2beef03fc0a1c52ee0b56bda4493f2221e35bee59f962f16bc6781133204f032c7a6209dd3dabd6100325ec14e3ab0d05aadd03fdfe9f8737da15edab9d2598046f8c6dd8381aaf244821994d5a956073c733bcebf9edbc2a6e2676242dc4e6a2e4ba8a7d57ed509340d61fae2c82bee4dedc73b469e202cc0916250d40a1718090690a1d3b986cf593b019b7b7f79ae14843b2e7ccf0fd85218184f7844fbb35e934476841b056b3a75bf20abb6866e19a0614e6a1af0eee4de510535724363b6598cccf08a99066021653177559c57e5aaff4417670a98fe4bd41a137c384f98c0324c20ef8bc851a9b975e9440191ff08deb78c9fa6fc29c76b371a4a1fa08c30fc9d1b3323d897738495086bfd43ef24c650cfa80c42ecbadc0453c4437d1a11b467e93ca95fbae98d38dcb2da953e657fb7ea6c8493d08cf028c5d3eb0fcbcb205493f4658440719e076e02deb07332d093e4d256175ca56f4c785d5e7e26c6090a20429f70b3757daac54153bc16f5828dc6c1c9f5186e2117754be5f1b46b3631980d9e4a9a5c":"2e07737d271b9a0162eb2f4be1be54887118c462317eb6bd9f9baf1e24111848" + +SHA3_256 long #24 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3_multi:MBEDTLS_SHA3_256:"119a356f8c0790bbd5e9f3b4c5c4a70e97f462364c88cad04d5435645342b35484e94e12df61908fd95546f74859849b817ee92fbd242435c210b7b9bfbffb3f77f965faa1a9073e8feb5a380f673add8fde32208402fa680c8b3e41d187a15131f1028f9d86feaf3fd4b6e0e094d2ba0839c67267c9535173ec51645343ad74fcfaae389aa17cca3137e2588488531c36ba2b8e2f2238d8415c798a0b9a258f1e3cef605fa18977ad3d6707c3ecc5ea5f86ebdaa4b4b0e5bc023d1bc335138ae0de506cb52f2d9efa0ecc546468310cccc88ec08d28c3602e07257f41bb7e4d8a0956c564f3712761d199a931a39e69c5a69aa7b3257931dd92b91e4ed56fbf64e48bd334945cfa2aaf576df04614eb914899f7df54db4012cc8261b12bedcab69876feedbbf7009dcf8d076af89b797ad71217d75cf07514dc07ae34640055c74c9faf560f491f015ac3e167623cfbc67b8e7163e7c1b92debd06e9d28b049e0298f4c38395a40a0778162af2cfe5abe5b946c4d9a54f2a321660ab521068c4957cd3f5be0324cc04f50f209fdea7caaa0ac705c1fb30abfa550e844f509074afde1ee87adda29aa09b7f93e7d064ad2715ee5571ee6e7c9a01672124cc2a22b4354c3844759c1a6ce3fdf17555cac7df73334073ef3730939410fe6cf37463352ad241958b7fafbc66e0d592df48bf55ab2c33428e494c6995826892572d9ab52747b1085fcbef318cfe9cfacd4cd80c164fba584c1344ae7e321c4f77b44db6b322f2f7831f4d4ede7dc407b065c6754cf4424f9903adb4c6b675ded58700bc36da83fd95e84e76c404f7342921ef23d7d07772f5b8ec2f077601cae13448385b04e074f895574be61a831a87efd68a1f6aa67cf291847fa8f74cbe3b4a78ad780895183bc51c30ad2514255d4e013abc097bc8103c0b1933b0b303341836ae167c1e31dfe5f1b791cb06ef29cae398065343eecf06e4ae2048d1547c4bf69ccec5e86c45867c633c62f7d27dc51234b6debb5b9f80a5810716240c64443d0c098c80220d0520a5f5834369b9eb019325e23e88f237c24440bf27959caf7e7e4f1671fda710630255a2962f7e9b3625dc243a0177aacf6a758a68aa85dc3f56181a4a59a406c7fae5575c9e2c64248f520b5a5f904821661e2e43a5a058f445fd0e55b07476c4122d18033053b45112201e0bfdcc9e7cb9931155018ca431a0564930aca8defbca954b2680753a4060bec2cb668d2c15e77cba29589b5c7c07bc7177a8b1adb3a6968732f9213476fd96901514626fa17243af1d156cd037eea81d773f1f71a018d942b524b851794b300c7591ecd783ec8066ccb261bdf9b7a183dbda42b92593b614297dcb0fabcc23ae69797d0251b8ab57a4da2a544615216b01f4dbe2d8c9b5520c7ed9cd9312e9ec6d05a36e7f693d1821d727518169b03976394b9d1e1d7fa2daa25529d391eb5d0cf0f07a8160be2ee043d9345037c655c4f2023689f14d8d2072dd92c1dba056a5b5d4c4fc4196e25caab05b1701ec666ac9a04d90f7d7575a7ac3970252c18fd3bec0cc448e5ff8f3765d546a4a8ad1d41a9640c79375b80534b7b50989976f238654fefea981c9413130beae943a3e9d8f64ce9256d1259d1b2a6b3c02ca5af1a701db8f25a4e9c255dad8785172f323728c3585a45206ae988c283e30a2f9ea9b47f07a7521b0f36e9c504c14bd96027e8d24161e70f196576d8a74a5e9c26acda7cc452a90e550e625a49e50829db70de808c827c67d00c23ee073d4e72aeed891dd73b86acd6756e753e3975a80cdab1d521052caef6a5380f8b03023ba0326a6928aa127ffb33b51dcb05bbdd592d0ad9e8321e6ef2f95c401be6a37e634425689fe7750e2a0fe05ad89001502b309095ca517b2e2ed0388b9f2c59c45feb61222539d6e1ccd397344d23708aebacec10ada96a7711f173f7ff1e4b94fceec6a0a0ea5d814a4581b412063012ff6ac5527b8314d00326b68c2304a276a217fde9fa4034750a2e47e10f816870d12fc4641a27a1c16c35a953f32685f2b92cae0519848045765591c42ddc402dc7c6914d74dd38d2b5e7f35358cb1d91a9f681fde7fd6c7af5840663525ee1d04bf6d3156fed018c44043d95383d92dada3d1cd84af51d9bee814ec8675073e1c48632c5f59e257682542e1f7dc20b56b5c92a9e2cb2be30cb1512fb55fa1de99a3f5864ed3acc19d79e6ffb0da3b08ba0615157747d75c1f308fa0202a4086f34e9eafa3e071dfbacaca731d228aa0304cf390c0a9e6ad7ce22ade758965cfbfc4c9390d24e41a667447fc7b29821464ad98bc5d65dc7f9c42bd4b23e174015592ff92c905660a2722f9fc7973d3cdad848ef88bf02b1b03dea16699b71dc46b35bc4d96069a0753335ae38685d244918e30c5fb0d45283a1281c1659ea591573999d9c2acd2ca9141d55230d41011b70748b518e1cd2fa58ad8dc05fcbdf0bffaf2c7fd6cb2ac67bb13b8f6d31fad64ac113664223599dca411270955c95aec06518894dabc352d2b70984727437040d944da7b42e0ef560ac532de3e4a4891e8509c275b51ed780f8660b0354e12c21b3e11bcc88198980b5f7ff31ad342182d5a933373164dced3cfb2a081720d7eee676cb7378a3e19326a7ee67fd6c00521f9de37c66bcea814b6feb6a061b8cdcf7b4bd8f45d48602c5":"c26d0b064e409df64819cd7c1a3b8076f19815b9823adac4e3ce0b4d3a29de18" + +SHA3_256 long #26 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3_multi:MBEDTLS_SHA3_256:"72c57c359e10684d0517e46653a02d18d29eff803eb009e4d5eb9e95add9ad1a4ac1f38a70296f3a369a16985ca3c957de2084cdc9bdd8994eb59b8815e0debad4ec1f001feac089820db8becdaf896aaf95721e8674e5d476b43bd2b873a7d135cd685f545b438210f9319e4dcd55986c85303c1ddf18dc746fe63a409df0a998ed376eb683e16c09e6e9018504152b3e7628ef350659fb716e058a5263a18823d2f2f6ee6a8091945a48ae1c5cb1694cf2c1fe76ef9177953afe8899cfa2b7fe0603bfa3180937dadfb66fbbdd119bbf8063338aa4a699075a3bfdbae8db7e5211d0917e9665a702fc9b0a0a901d08bea97654162d82a9f05622b060b634244779c33427eb7a29353a5f48b07cbefa72f3622ac5900bef77b71d6b314296f304c8426f451f32049b1f6af156a9dab702e8907d3cd72bb2c50493f4d593e731b285b70c803b74825b3524cda3205a8897106615260ac93c01c5ec14f5b11127783989d1824527e99e04f6a340e827b559f24db9292fcdd354838f9339a5fa1d7f6b2087f04835828b13463dd40927866f16ae33ed501ec0e6c4e63948768c5aeea3e4f6754985954bea7d61088c44430204ef491b74a64bde1358cecb2cad28ee6a3de5b752ff6a051104d88478653339457ac45ba44cbb65f54d1969d047cda746931d5e6a8b48e211416aefd5729f3d60b56b54e7f85aa2f42de3cb69419240c24e67139a11790a709edef2ac52cf35dd0a08af45926ebe9761f498ff83bfe263d6897ee97943a4b982fe3404ef0b4a45e06113c60340e0664f14799bf59cb4b3934b465fabefd87155905ee5309ba41e9e402973311831ea600b16437f71df39ee77130490c4d0227e5d1757fdc66af3ae6b9953053ed9aafca0160209858a7d4dd38fe10e0cb153672d08633ed6c54977aa0a6e67f9ff2f8c9d22dd7b21de08192960fd0e0da68d77c8d810db11dcaa61c725cd4092cbff76c8e1debd8d0361bb3f2e607911d45716f53067bdc0d89dd4889177765166a424e9fc0cb711201099dda213355e6639ac7eb86eca2ae0ab38b7f674f37ef8a6fcca1a6f52f55d9e1dcd631d2c3c82bba129172feb991d5af51afecd9d61a88b6832e4107480e392aed61a8644f551665ebff6b20953b635737a4f895e429fddcfe801f606fbda74b3bf6f5767d0fac14907fcfd0aa1d4c11b9e91b01d68052399b51a29f1ae6acd965109977c14a555cbcbd21ad8cb9f8853506d4bc21c01e62d61d7b21be1b923be54914e6b0a7ca84dd11f1159193e1184568a6134a6bbadf5b4df986edcf2019390ae841cfaa44435e28ce877d3dae4177992fa5d4e5c005876dbe3d1e63bec7dcc0942762b48b1ecc6c1a918409a8a72812a1e245c0c67be6e729c2b49bc6ee4d24a8f63e78e75db45655c26a9a78aff36fcd67117f26b8f654dca664b9f0e30681874cb749e1a692720078856286c2560b0292cc837933423147569350955c9571bf8941ba128fd339cb4268f46b94bc6ee203eb7026813706ea51c4f24c91866fc23a724bf2501327e6ae89c29f8db315dc28d2c7c719514036367e018f4835f63fdecd71f9bdced7132b6c4f8b13c69a517026fcd3622d67cb632320d5e7308f78f4b7cea11f6291b137851dc6cd6366f2785c71c3f237f81a7658b2a8d512b61e0ad5a4710b7b124151689fcb2116063fbff7e9115fed7b93de834970b838e49f8f8ba5f1f874c354078b5810a55ae289a56da563f1da6cd80a3757d6073fa55e016e45ac6cec1f69d871c92fd0ae9670c74249045e6b464787f9504128736309fed205f8df4d90e332908581298d9c75a3fa36ab0c3c9272e62de53ab290c803d67b696fd615c260a47bffad16746f18ba1a10a061bacbea9369693b3c042eec36bed289d7d12e52bca8aa1c2dff88ca7816498d25626d0f1e106ebb0b4a12138e00f3df5b1c2f49d98b1756e69b641b7c6353d99dbff050f4d76842c6cf1c2a4b062fc8e6336fa689b7c9d5c6b4ab8c15a5c20e514ff070a602d85ae52fa7810c22f8eeffd34a095b93342144f7a98d024216b3d68ed7bea047517bfcd83ec83febd1ba0e5858e2bdc1d8b1f7b0f89e90ccc432a3f930cb8209462e64556c5054c56ca2a85f16b32eb83a10459d13516faa4d23302b7607b9bd38dab2239ac9e9440c314433fdfb3ceadab4b4f87415ed6f240e017221f3b5f7ac196cdf54957bec42fe6893994b46de3d27dc7fb58ca88feb5b9e79cf20053d12530ac524337b22a3629bea52f40b06d3e2128f32060f9105847daed81d35f20e2002817434659baff64494c5b5c7f9216bfda38412a0f70511159dc73bb6bae1f8eaa0ef08d99bcb31f94f6be12c29c83df45926430b366c99fca3270c15fc4056398fdf3135b7779e3066a006961d1ac0ad1c83179ce39e87a96b722ec23aabc065badf3e188347a360772ca6a447abac7e6a44f0d4632d52926332e44a0a86bff5ce699fd063bdda3ffd4c41b53ded49fecec67f40599b934e16e3fd1bc063ad7026f8d71bfd4cbaf56599586774723194b692036f1b6bb242e2ffb9c600b5215b412764599476ce475c9e5b396fbcebd6be323dcf4d0048077400aac7500db41dc95fc7f7edbe7c9c2ec5ea89943fe13b42217eef530bbd023671509e12dfce4e1c1c82955d965e6a68aa66f6967dba48feda572db1f099d9a6dc4bc8edade852b5e824a06890dc48a6a6510ecaf8cf7620d757290e3166d431abecc624fa9ac2234d2eb783308ead45544910c633a94964b2ef5fbc409cb8835ac4147d384e12e0a5e13951f7de0ee13eafcb0ca0c04946d7804040c0a3cd088352424b097adb7aad1ca4495952f3e6c0158c02d2bcec33bfda69301434a84d9027ce02c0b9725dad118":"d894b86261436362e64241e61f6b3e6589daf64dc641f60570c4c0bf3b1f2ca3" + +SHA3_256 long #28 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3_multi:MBEDTLS_SHA3_256:"bdb13d9509e694e748c75c966b0fae62ffa91aadb022498c0c5fe11e8a8ba91dcb54eeb21f57258e4bd8d1368ab7a79ed19ff0fa578130d1554105530aaf51ec03b89b1999deb37bbbe5952aeecf904b910ba8e566ea38f04e52dcaf54b68d40ed450e727e6288d61f5571199f40b190c8540815e444aa1280fa2ddb6f8aa54112640e64d7cdeac800902aaba6f05296fde2d933d979ce5e71a2c27e6311e116f97b6297ab062279e5fe8b890ac9bb85b81de2e64e70ecfdabb06141393589e82bf4d3b402f5771056075b5bd3b23484826dedd749114c16b68ed3ccf8dce4de2e352963e58233b5db1361c8099204bbe13ac0add54436d218a2dfc6a8f03b218ca82c4b5a959c92fd8a6679b55374535fec2511f7f1f1595b564fd85258d6d8ccb3a3156c16fccc43d43216dfdccc7484ebe1abb900c6d20611eaa9fdfcfd2c77c0586820ed998e36598d468d155445d79fbf222259fd65a23a77e2b1c4f845143611ed8002bcfe5c813fb1c9e653efe071861f3ae5de3cb63bbf2a76980e4a2b7d974c933dac4440b50f009a37139927c7fd490a8ab07cca7b8a2a5560896345fdb22c6187b389675bc7db09f0da6c350aee499931bd5067629f895504afbae91d2935f3c617f55bdd2de91cf9f19091a31fc6f0c34bde1458c8f07f6cc9749f48c61050e421afa3a10ad3dd3aa02cc3f858691526a34e59c5cb07d9811ebcefe34f6580c719e0c7112540549c2e69547363da12440dc9be1171756e29f8b862578ddb8c5947af4f9348d98805e56ecb7b07c0ef03d077cca482e3434d9d907f0c481b7b80f245c4913946815e0b64b0770bc3b24d367f0ae7c6f862d6566dce6a48cd552664c9ae72c12e4790e9728cd1388c650985090040055dd2aa6b77d8da54982332e364939ea83ae382c7c1e5f056c30f1f063f371806b99bb324d524c23624ec8cb83efd7db6115c1bed78463c2d10b976014736d892b5c6d7c9b03b8bb41ab81c2b7e7377b35bba45a2c0341d84196af8be4985e671f95900a12fa39e97228fca834d7ef466c205e72fc139fb24892a8c846eadac6b2c5f15f57be661a6e37a7e0ad2a55c98ec46e8dca2dc3ed606011a9ddd359047f6ddfe0dbb8b3eab0680200636701711818532f18ca64e6038f88b4fbfa5fccf01dda331181b9c6c32aa98c0a0678d992ac8acb6a61d948ac916c5e33c8657c9f266eca9ba1de3b310ffce80391326f88f193e7319cb761e5e64b1a17b5f09fe7481c1bcc8197a464887aa8e28fb4bf5577fd06f0c385de2a2e837d0a5b87a362d350ab46a98cbed814a153196a7625a2a034af3a8eab2a03aac40b9e1191239c58aafd7ca213d726351f5b2aba0d5edb2ab9447146bdb1ed1b8b2a5580b39cee588986e0d3c389c98a334598e6d0a77948197b3794342250d1277da321557bf3538adc05e712432c548b86e68966bbf7b8d397ffff84d7c96c475a196c0d4d25ca1d717e3496afd95496b3960a45e8f0dd663f2cd1466ed15d69641ac9318d003cbfcb9c44b70c5adad33029f1e4dadf264fe550c1ff43e324ec0049d168b80d1bf05ef2a009f51b87cfa104d8c9fe2d33ff0f0e39f5f389436dd3091d195ac6f84db013dee5f6b5cbea7ac9176bcf65870230b7b1e0ea3e495d40eaf4d9f1a84226437249f19d9417c221e93650cb128fe7deefc236b47c9748de620110f93b9a28ad9089b336410be53ae7ce1f7dbecf1e8e18d37ddebecdaf0000ca54fdfb60b342e106817d4718a22a47470e53b4b514b2b56e1cc59f4cfe5a39a92c5c622654a7f65902bf10bea7747a29c3e9aee278d1580a9a0578a5c5418f25fdb10a5b9b3142e9bd98387e53ae02fec6ac07c7a98e73317c2ae568725a83d94f884e80e5935940f88518c8353b742e8d1759e5353e996b49826ff5a4098a3ba83ec936c232abf769f24c3cdaa140419db81fcb9a662d2078b862edd8d334b58e60e4edbf93ad65788c4d4ca273f9d06f1ab3db4799c0e9804988a17f5c05ef688b2bf64c3af013baaf96683b37f343879bc0a4cb4dd73f06922bc105e86031cd1a2910e69cf6aa96d8b21fe341ef135dd7d0a8a406e299623ed6bd0b2ce635329a56ae2d4e336293941af459462fd8783b3e675039757129bc14060d7e0a522f882f3e6ea32904376e4b560b99480b5d5294516e69f26ed3865e3c7b704f312a602d32494069e808c3cde558dfba14839a6d073d1d0bdae61a3fb0d388272aa9bedb2a4bba58867e411cf2ef6e189c719f12f96ad7045dd8041303b44a14c72400b3a6d45587781e42b33f3de8c60badcd3098760c8e503fc082c57c2aba9f2fb2311861c679354f552b0aa2c454daaea14064cd420c6a73dc0946c99e6b0b335ffdffa261a036a804dee5dc854781eab7ccfefefc00f51ab31137fb39b8a3c57654dce4db9f04bebe5961399010a9e87d20c789befe989ae224f9af7115e15c71e020c778b817d9fe250d589942bb2e6e064edbff67cd8ae5df0c44d9255c7eff2a7bc8ed9df8a050cc3aa7f5402e3306c8058431defc513a89f069d6497d936a8e4e479eb31fa842a989a648bb8b8cd3f08c00eac6ad945cc0467cfd04bd3030a608e2009a053830677ad1e7f74ba2521a32e0aeb179aac91c6efcc1e9a3ec0dec4c16b7b541f6c6606ec96785f6fa0daf9a91e221c92b0be8da67a96aba0d4edb786428874e5a613f05eb4c0a161a731b3393298a149ba1d0395c280a784a7ffe2e48d7a282e99d5db0b619e6118a0ef79e62f96cf463074cec38c23b56fa1dcede334979a81ad7370fc8359c71bf5dcf2b9fb64cd117c8c9638c1c8feeb2a4b7f8b1f28ef664ab75638033afdf20cc0c7b97f4ac432042d04fd47b7a97faa1540e537745265d86735c7ca8928254f63a0efa390dc31321ebf190838dfb48902daf862c5e907bf4cb7b2bf8e733c248d2361507d3c976d297094eb93c8102fdaf2cc8961dcd3672e8200c99004c0f505fb196c5a0dec1c14bf77d70f8b1d0465336a9591545239d53eb9d2d903392994ce1fe06f76b6a9a853c9b6f55163716b42d96c9d790a9b0894e6c1af992d280245799504":"baeda8f50d302bb2a30a5bd5376af9aab5fe9f3c306613de91e5841eaf1fea17" + +SHA3_256 long #30 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3_multi:MBEDTLS_SHA3_256:"f419d39625deb2ac11d7d361e2d2de958d3d94d0088da7cbb7e0cf3227e01aa8feeb840c3272c7fa7a9f7495023b438463cea73bd208a67c975fe81dc2fa0e0b19ce458f54071ad08da9909af2776f5dbd14e079666837b81645101c604a9ddc2c083ea9f3645235323c4ef6184e0c28825565112a7401881bd86eb8699a70221ee298e17752183251a2d633de87bfeb9cda5e8b88f6adf38f622b7845b02ee5d9a47bbf499914ced22151d8abec32b0f2ebf470e7b4e20258296ee55c54802d44960ecccf01ed119d02e76ee6430d7e6ccf4e46ae7849bc5f76608516500e0347007a8f72524c039a8dbf7cf955f75ef2d0969847088a298c9028e3dc6b7f6eca29e6919a53d8adb209028a4bea99566c34f1eb192c4c51c8c1f084146c7c77b55a7b58b0cd3a16cbc0d72144ca9b71c24489c98cae373df94fddf2281cac25f0db616e1a881946cef867c84cbca4b4dd4886b90855f4f4088319b47e43b88064f4bf5b424c1e46a4fad907cb895c29a3881044f5e82b7edea5cc5280a94790f7edbda58ee1f11d330e566629f96dd7fd4b4df0bb3083e461fd1d549415025e920d85d6680e39d3657b066eced47cc6d3db6848c2f5a52d7bd23543245090f11e9d3c75379c9e71218b10a623e234ff0e7e87d173fe3961136e3ca797239b5181e50d0b6354cafe4e849d968eeb3a89947dd3153415e689111759065553c887a52d1e1f54fb6282d6afd4c778b6396c4f20739b6e0054ab5c16b4eac6abc19a70bd9739715c1106a054dec04a0cd7b126ae8feb8a882cd2deb376da52f22e92ccdca1e2243e7d9094bbe2096ab5bc5f0071518eee7516037e35c75f61efb678a0d464a0d5684e2b9a2b092b4279917ec7afdf0b048fb94824e6ce005b6b0253d4eb07feeaa32ddc9aee7bad3820fe1762b161ea339ebea8b80cb445a82eba2b4f6ab281ccb7c2ad7c4a5f17b671aa30b9bf00b4e269cc2c23f0a0b6b0008508fb998fb3e36cb4a52888ddf223353ed4b420e3f07bb98cda4bdabbdcdba90bf3bfbfc31b978aabcc87ef1fc5e73461083b1e34266556a6bc19112d3e92f0f5f38325794151d8512b7fc94a186a36bcd636ff18de0808c1da75df1d643b9feb112f14d7ae771f4bc9f95c89741303f7458d0cb9a1cc97853a488ab3d7407c9454acd205e9732744afdef2025f4c62b95d288d3ff619ca9ce6785b191e075099c4e0a72c7aabb8e2e314d1dd637d1daa27efcad266576aabe6ef9a74c1fae2a169b4dd74ea899acd6f854143080cfa73aacb0a9878ee3f5d40938fef497ffc554c10bb04c07394ae5a178c5cd562c2bcefa297bcb4461157fe4e82af3d00645d74dd880584d3702dadb4f94f52e73c2cfc5eb764a2c7a8442807badf25e4e360e9018d9ebf10f4f16f43cf450703326cdbe5b3b9cbdacccac4a680a58a934107b46612f8f892e9a3a8ac57657d1f6a249421d3e2b6e54491dc121c29f27546f9dcf25e3ab7c116ea61d7d9d83ba1aefb2df85e07eb52d9427735d694e8f2bade698fbb8d8405456fa1ac9cc5c9f3c499b0549e52f38753859ef6f50ef172646064246f19e8c63cda7013ea55b07b74a7241cd9e955ee7a01583dc3be975d0d25d499c3056a6cc4d2d6f409af77a388cd923858f499ed155fadf286cd611b7dd5c1d6ff7a935fa5ffdc3742fda6d2c6b2018f639c48eeee46a5fe8763d7147c1933c26b9fe907a70a89c4dd64c66ff8ff790b4108e958cb5f49470ea682b0d29933474f9df6cd929be683220e5ee4e45b03933c6204937552a0b663c1e95846fcc84cf29b42172d59f95c5923f698536fa5109acf2107b4c6b233cdda9572a2eafbba9dc2534e41edcc38c9ca16f30ce36968a479c91c4f6488a7951a0c68ac0dd377983ab3db96fe67fdbb2c475dd95e5784a288833a10d329f804a8d8a02d0a586c2b2aea24f435d0957771103e8088764cdc24d8c9bdbb9d1060ad8084ec8c92819eba7e93233a11e645c0fafeca0acea899734f311fc6edd5f1508d7ab3398a9f3814f98feab432da6d418c057f8c678123a070dafe9a203101ba86ec48b947ac425de37f134c3958361e4ebc67b54abdc0d1c32c22df3e0bd612f34174b5d19104c0c2cd64a93047ea7cc889492e7e46b92fd190523e504ab9815de1ffd53137c66320e0a6741e91cf8683d5ef9e0b0256e1216c585e5dd8f22f4b34b1c06e85d06e8420a0540c1d2d6106091faefadbde0f3b29fae96d9cc94345a2521f9062690a77f51cf201d34e38d98ba20652b89be3a8300184897e86e5d393a999a0b8db5f80c7e0f5059b793185c5404d1b80d383efe834d9b766703f7e6f7fd7a46e6c9427feb606205df574911dc02c5d1dcf1798b85d90013cd076cd9e9c80a76c65d1f40264cd5b010b2a85fdec4a2176d7c82c0a42516fe8eeb54988c83dae9a0e40703cb2f1bd6f037beacc8a506e7332bd3245adc3085312227895cbb6c3e0ae0622126a1b4f90258e46f263e54dfc2a2032d0648ed46384e5e42e6c92ed268e4e92ed52f2184ab88c24d73fb2c5f90516b4152f5bdb018b2715b9747a3554f73e4936341f2086069c09e3e65ede520cc9417bd8d22616711092a0ac15a1522ffece53d6496f2d55e77f7e1f92a0f08761606a259abc887cc7e349d90c3c087eb7a9ae00190e25ee950d10b3f614b9be059a4ae05ca541f575901ec6060b5e2e9163ad7c36045819cd3c016b314196f8de7684cfbfea27244121853aac183d86b383ba114a59ac1eb792b90dec306f7f147c7ebb6c922450541fe8fca66a8bcd46913c86fa150b447c99a061cee72d99ce34a16b0aa51fc2d512aed59b09324c71169ba4f0415cd444d91e318070b68f342755a9422cffc3ed803f8d33fe184b5d993e33d4e5871636d99c43a9d3f4a970dc033bbc2dae99c4f303ec1750271131a28ffb4d0773527b218060f216ce2ea7db11ea1fb3138c81f262baef0745e816b9f5c304b10ad03a39345003432b6804ade97e13c316e64d06c4be622c5c163467d855a1ea33d79caa1edb8361f59dacd9f1bf42679fed4fb591c119c553e4b233a077cbbbd6b1c9faa8c91b791316cae7937551a696ebb08a318bbcdd129ab9a6b6f22a2adca4e8b439e172926d1b84603667eb89e326970a0ce4f27981807046808d67422bf9225d38ec31b4ebf302cb415eb6166fe72dbf8a9463a388de009e67122a08acf89e7f0fb3ffe775e86db01e225a57207599301462b8620ffb9033d4471a8647e885a125fb8534f340ed97347b8054":"7dfa7b3eb61c13390a56bdb01a354a51066825378ce22367a1d118d4bc47957d" + +SHA3_384 long #0 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3_multi:MBEDTLS_SHA3_384:"5fe35923b4e0af7dd24971812a58425519850a506dfa9b0d254795be785786c319a2567cbaa5e35bcf8fe83d943e23fa5169b73adc1fcf8b607084b15e6a013df147e46256e4e803ab75c110f77848136be7d806e8b2f868c16c3a90c14463407038cb7d9285079ef162c6a45cedf9c9f066375c969b5fcbcda37f02aacff4f31cded3767570885426bebd9eca877e44674e9ae2f0c24cdd0e7e1aaf1ff2fe7f80a1c4f5078eb34cd4f06fa94a2d1eab5806ca43fd0f06c60b63d5402b95c70c21ea65a151c5cfaf8262a46be3c722264b":"3054d249f916a6039b2a9c3ebec1418791a0608a170e6d36486035e5f92635eaba98072a85373cb54e2ae3f982ce132b" + +SHA3_384 long #2 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3_multi:MBEDTLS_SHA3_384:"035adcb639e5f28bb5c88658f45c1ce0be16e7dafe083b98d0ab45e8dcdbfa38e3234dfd973ba555b0cf8eea3c82ae1a3633fc565b7f2cc839876d3989f35731be371f60de140e3c916231ec780e5165bf5f25d3f67dc73a1c33655dfdf439dfbf1cbba8b779158a810ad7244f06ec078120cd18760af436a238941ce1e687880b5c879dc971a285a74ee85c6a746749a30159ee842e9b03f31d613dddd22975cd7fed06bd049d772cb6cc5a705faa734e87321dc8f2a4ea366a368a98bf06ee2b0b54ac3a3aeea637caebe70ad09ccda93cc06de95df73394a87ac9bbb5083a4d8a2458e91c7d5bf113aecae0ce279fdda76ba690787d26345e94c3edbc16a35c83c4d071b132dd81187bcd9961323011509c8f644a1c0a3f14ee40d7dd186f807f9edc7c02f6761061bbb6dd91a6c96ec0b9f10edbbd29dc52":"02535d86cc7518484a2a238c921b739b1704a50370a2924abf39958c5976e658dc5e87440063112459bddb40308b1c70" + +SHA3_384 long #4 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3_multi:MBEDTLS_SHA3_384:"7f25b2c0eb1a6911cc3328fcdcd40f28f010375f7b1b51a05402896fb999b17093b59b34fb9cc653feba3dbb9d96bd47180416946d9bd3101b691d532be6ddb3712721121054c1fb3c5c42ee44e7faf7cf8d75856545187a3220047f07373e9aa2e10c022f2aa2320f81fd3cd7b110609c131edd6e016707228d069a55731a4ead4d24ab6206b01ffd91384e60db45a907fed7428db707de721aeb4c1b84baf61ad230b6b0d034eb90f4b9cbe64de2fb98b6695dcc4f4129aa2e7a3f635166bb72d7faca227076bd5013495c72ef2e7dd8a39cd532b15d0d53307c1834c265c53cc64890becfbebec454afa90ba973584e2d3752c7c6a3b4f48aba8297bf013b0006e3b08ed354157420b559b963f7b383bd047e94745a4615a3f9239230804547ff93d19a657fece8e02114840504b7fdb9c9fea0a4ccea3ee304a330fd2b0d97191f9be86e8968a9fabc847577e08b468b4f7df43f3fc9f8b2a2ab760f4ab87bbc51b883d4b8b33ed84e4f93a1d359e6995ea1962bfc0bca789ae36e4c25717850efcd708155f52fe09f1de76b2746634dbe1290524bd73d9db5f21f9d035e183dc2":"927962c873a69caa05cadc1cb485eb1cbb07748e47d942192df4af9233f42b95a638918306ae83a8237d21c2824f666d" + +SHA3_384 long #6 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3_multi:MBEDTLS_SHA3_384:"386f98670b177683d0b804c5875fe9c7afa233ee66349c9fd1b60bb0becf5e1d887e67fd3baf34b4f90d94699d18d6bb9d77d4af358f31edc254de2d6c5fe3ec07425c633b18c1b9e3606b78b40b543e1fd31fb578cf58c45744fc073fbf3c7d7d607e815379a5fc565892d81560eab8fb5f1ae6771b998c592e6d288014f13ab283d53fcbfa66e31a9d107308402191fac2cf2b799c7dae91b93a7676898b8a6e516a86eac58ed8f6d8ed2fd4d38031e4a4466dc8798b90c48e6adb6b4391d47872443cfaffa542b4b132f6c3408f0081af8692aadb4c9bbd55053ea56d8b82998f6b4b41d331891acfe6af1bb0d6679989978368ea463743b514866d2d01fb9950e8990867bc14f1db1142254adeccf3da812949cd03cd1d569e9d0bab7ca7405cc21096e3cd4d007cbb9629372e98584b4c6b97ad0bc314e1ab6ac71184ee555c01973570ed9b115bed956f9e4e349083013098b1e483f0fe44d5e9849f38a2f7ae152b36a266ea1faf263ea8c706632ba8629602187379546fc6b82e57ededd6d074c15c771754710731e07c207899eb47e8d7c72ffd768c36257d373375ffa06f9b3f0af11417f9ff9f9b44e1f1f96ae8aaa429af88b14da1da81c7bb38a0fe9372ed6a9ac6fb5e9e56b82593d94c5192904450227bf040b7ce0904789f979845e112a1f995c849ec3f7e49bd975a474e8201630f40fc0d80e76019f110ae158cd0f8da96ea4561f242":"d30ec9a7baeabe40f6648a624dddf8721c89542e258f0fa9afcc9e68433faef781824048b0b771a94e8f0c17a403f9fb" + +SHA3_384 long #8 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3_multi:MBEDTLS_SHA3_384:"8c569727f1d4548f1c66a5c830346259612d10c5fef90518ae2fcdbffac9cd9c0bd5265ab56ddcfeb5e838bf37526a189c1a731b790b4208e37d1d1eeacd43b1630ad07debf1e03a281cf7715276a18df2f25535ea7d9fd9b6317f8bf1cb0c111b5f5c38994aa86bfd69ac8388884de1ed1d7eba583764b3afb1b8ae18ab6ee3bb3a9432c95f7cb7bd361da0e270b73b1503b653cc20d9bd5766932e6655b250cc053e148218a449efed136e661627c4f10dc5a84d22462035b8d7b4e4b11f7fd5272385cd5d67471bf556951e63e4a409a17260e324f203d2104be798a8ff985e080b2eb1160fdacab6aebe123d3802e5298624960f268fb4d4b9708c2098c5ef10beb6362be2298298e391498e69060e0bca9b6fc92aec656ee7f6c802342c11a703c76484295dce03bcb5cb3cc0da0bb1036e753b46416d449d22523719f54b35a306440a2b9d335f03d3a03085a36481fc44b14dc2b652c0a59c34a68f492622671ddda332123b147e92d153008ca2e57cc629e8e5759e48c60b7636e05029d614b4373884e36d8af69b648c79ba4c444a9ce7f2f8a3d846c7171ed15231dcba75725bb26a395129329564c23758ea052f6df355436b89217169365e2f15c734510050f72c3c705afc29d6df838c0492f3e153f70ef338418ca9c5c4bd2373ad6f051ef1121351831affc4caa57e23525ea111c2a1636d0ee07fd4ed4584678e982ace8664e77d0e55be356be558cead3755359c43e4b1f034916ac00e5f2b3d941767a069df7a61750e32aa8a3f8e0b48a5c56f3e9e8a4f518a8f2562dd48242b73f1266a24d2e64299c26fde5dead45737cb22d8b8839300104b04872645a925e77500afdd0c038404eda227da6a702db64e":"91e24f999cac1b9ab9ae456ecf47b52c1144ffd1df2d95feb05fce930e37ff767a005cf07bb7af45c8a73585e8544965" + +SHA3_384 long #10 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3_multi:MBEDTLS_SHA3_384:"eeaa4e8e343caa827d348cba7d83f4c6cf69f00b968a6174654501655c41a5f19448c04cbe59298306f81e6a3ec988d6385d800d734c137bfa8442a78ae04d65f3fd324cc049706a1a5c1037ea8ce6c83ebb1545ee74d19d7f3769784710846ed26eaa76853307a181086c08cbf39702a92bb49b4f2b2442ba057cc2ddf9d174fb4633b25440778e03a33ac4272722ee415467f7dd9892d27597856c92c2bcdf342bd2e87497479b68d58055474f0ff3cddf3541e1e4a5b576948b5eaf94cd1746c691002e62ff2f774848a27394e77817732761a336e55486a597807b968d84f9be77e2cac628b1f9a19993f21e31e7e5b943406bb7d9156c72b0ba40f1838e14bb8c7790ed498bb78b7c100e1475a7005993c4818e0961f2a2def444cc389e6167d9a5c7ffea2476acf7010d9e3c2030fa1fd62ce5fda1dedd2916d150321aa6676555b92393e401ac154e38e60cba3c44ed5fb6e13e3bf9cd9a082da4fb6cac663970ac82cd331f34dbe0d71170ddeee1084565ac53990b1838b2a0f21bfa3b0a5bdce9441f7997ec539d324aedf10c767572826ec421dc660cfc745f182e1bfbd583b890121e327b846e90b70d5e5fae3dcc544e1a3d33601ccfef157c6f13e2af4b608e2d8ab88a763b3b80578caf2e693d2575dc54d9ad72115b3cce24ec67ef1e2b68f826f1c032ed79ce53e4c4a101ac3b0b92cd97f616acfefb97b76e319fe35f43fb58a4c6bf6a93c98acc65ad0b00e037c41233e30e86217b5e8f61e9c682454abf899b43259cd19883ad5cfa91235921fb8a751b64890be4ab148d366de225a2cb229ce06d6a7a64c6f06f319afcf1f2be9d2747209c065d07aebac19bed4776a78970459ebbd854dcfb67fa2f73efd296b30f0e48a6580ef8c5af32588af2ecdc28df19c07931914c380bfc57709ae80a34f719e6914a2008c13530aca1702cf166b004dc8bce429e0d25e01adb3c5da288a510014424bbbf0a1463a01b075f6eaaadb0f8d9f7905be47b4d809c1b58e618e199a2a72e06":"2865a64e54bf077b8343beca94a9bcc137797cc916019722f5889726fb0a74efd3ee0f6526ad7e076fe4f23526714130" + +SHA3_384 long #12 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3_multi:MBEDTLS_SHA3_384:"42262515ac21c5c23edf72494250e8c57116d67c0c458fc22867021a4ac4ec9f33e04ca2fd44189567812e276e738db11dc3c5d1a5afac54b00e535af38e38b40241bd916958d95af82e0eda5e889ba2fa1bf2aced4e6c3e74423c11750fa2b35751612a17e472da98ebfaa93b177a60b02645540ca938471b0ba589f7cf9062d9191eb530704addf0c2dadb2da891b3e8eca713294976364e717608a2556b8b31a0dd79db84c92ba8ba96b95bc44a634a76fe2f6cb490d4b47d97d79d299cf407ee87bf41a9578b67db168beef20c377dcb34f1fe74ece9f636f03e11d38966020c02cf89665cc6d52e43990dbb40f82af32fa10711f43dbba56a8426db9ca8ca0138f1dc4440a49bba032ae1a64c6ef8f7d987ae110e97acd0ebf303ca3c8408d50f6d62ca6bed61883f87923b996190de18eb1cfea4c070c15cd1d128d0c06491718a42804669ce9ee0f947028f9999b0d614795f1d81b080a667b77bc225853c4591a5ee37e08b06ccc6288496ddbc75fa4becbde1a01413affdde4d797b14de73cab29da71940c8ed365e4817f7a1366cd89d9f58e5438461db6e255d8ab880e27d9214ffdd94ea299311d678adeffb1403b58dea1ae6dba3488e8cd6191a287cf26cdba5f42f766a2368b723c84ecada145c0fff05a41e5c8e66094cf2e1e12871697b0326ba7397308c727e1068ada652b9aeff70265776f31f2427dbb6b0ce41b17b7f3bddea9800a58ff34ce2ab6006f5f15221148dd8c0e165cf9d419f57ab6b6383fa3fe255dbda97e94667ccf078376160e015c96a3cd355ad0029b5a9f7c0bc762c8963b50b5311c8c49d193ef0a8849177d11214b11e7b27cb17faad6dd70cc0996276a3d73985f78f2c9932b670e54eacf170be65e95fa6c8b2774b54d9dec90973210486b47be06fbd55b511b609fd491deb50a15d8a93bda3336cf6edb7f844646ec161eb7cea2bf853ad4ba27a0814fc8cb2ada28354739136f6993c21b711dc65c2b0070f7d8d849d04aa5ebfd5d6375acdd1dfd253b22589d386eda36e3a830defbb2fbd015b0a3ba0770f60ce56755d87553d00f6410733e90529c68385026e30c98c0dde5e31336bf9e0e5595e5f9ec980e394a7eade3c225d18105fbb01906e2346877d5ea28f4b7af7d7e0b49d247c9cf916cd7352ad64d8e10b6a":"694b79148a8b6a3278b9088467c5f62e295275254c62ece9ba3586dd09f4791ceae4445999199f421eb5ad6d04fff52e" + +SHA3_384 long #14 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3_multi:MBEDTLS_SHA3_384:"aab61e333ac01069b347e201015bef397cbf857704a4992c50b8b8ff835f41280040d21980040064625a4bd9423f50eecc7c4165d27093289d0ff678812b8a46b4f350e161b9dfd2f7f85804c7959b29ce65bb58cff0b0fba6744ce8d82d71ce6ed480d30466147b1d26f1ccb9e537b02a81dc9a23ac586c12eea299afed5c86d5ed4a37929309277aeefe7740b88c4b87d88a72f52cf4458986e0d12ff4b4389245975432c8259eb657674e839402c48d73ae276df9ea4cb543efd980c9e2aa4de44d730d8ed0a77a691499ab0401e2e5593102b59aa44a3b2db5f9c9f54ca5add356dc4a6c720c6e2deda0df8df16c3792f94bf2978806c64c1b7833fe5cf05a1998d712eb739339aadbaa48b93a2b2a27f04a4f79004afca909a0e56e7955fdbefdac8d913c0583e9c4010d0f44e7671ffd46f2c673dc854b68b707cc0a9a3ecb6ca2e2e93329f6f092eb5817786796820789030949850a3a1e06c3a17988c447cc023a78c1c938c92bb14e5a3c755e59f859abc7e90d337f15d53f742de7383a0714bcc84eabf17c799b195ff9d767abb7ff118abd3ca721336ca3cd8e7f41ac042091604398ca0f62f0e1ae18565a802cc35fd92cda0f2862121834041788a6ab6ee0c806586a8cd0facdd0ffbadfe03fecba3d9eae129d8910c632f779b42fe446d28901b37bfaaaff064c18cb9dd4d8c44c3d7b81598790aed44ecf6b6e5097ef8f2a9b71a262d848b4aaca513d63df913d612c1b8bee5e346a11f4b65e10acb23e333b5989cb411dfd737c1366963c9cb531174451daddeab202cf222b770bd7072c4b35d83dcfc50c2e98dac174d72ddb36a5c45354f418d1a9c6767e8d9da6139e32cb37c1698a0763856ef605988bd7f73e6238638b05f28e427cfe5b48668a1158e34c5df7b2179bab97ac516800d2fc4be7a9108bfa3b3aacfa54e8f561940b2547c21b6286635c721d8b612dd2f4ce321c4d62da3fd4346ab9273c8ddd571601be3f03904e143142c73d3cd14a64f45dc6cd61611ce604e6812060f623feb9540f6b1c6a52519f835e67ea3ab04bf632b0d01508d999338619e75b1a7baf7d8603f06ed8d943309dabb474524cd05d1ba1ff87b8bd1448b44b2335df2c92e8ff627301c32d116bf873c9e1ff651cb07f6002be571180cbd7dd7cf72f80d18427f49fde1194e4d8fc8151392b455677c6b680c2ce1d044456989ca8f1bd91d96780190cac57e400129cf284bd32a73b576b219c0629c93c9b4428500d2cfd6d25d08c937abe386aa08b54cb9d7537829c478e53e67df73b0da9cbf76a153acbcaaa9e7c6510099e1017":"93d4fc2b9e42c2a48e6103f17d9d2fb38330aba7de7a43011cc4bb93d161d6a3b2746baad5d88e6f37cba4cba42fa053" + +SHA3_384 long #16 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3_multi:MBEDTLS_SHA3_384:"389dee6ad8582da38c63df546651dd4320c8c4e76c86ed8485a2a0980a1484760c785a31660febbb4c073f4e27fc100ba0be7ee2fb5505b1a742abb013087e0cc3eb3dd2a2f8560f9a451036627a0ac19790e41b0fd93cbe6a41dc98e9d331b4847f0016361a54e79ca6bbd2bed4b1ad2dc75d5c4e1b7bf2f5269a1a357d87b677ba09c5ca7dce8a7ab1a6ebe411ef1788ea506b6022ab9771794cfc9f0f6759c527c1a7052aad415def3a487b39ab46d3812711eef6b2f305c35c07ce90b8e6964b90839028d7546de6dfb32c55cd8334154916a0a07a4eda8a31036b0864a511b0df23127f360bd120fef29f6b3c16d32d1e421d27e9f2175933b81d8052de5fdd144d3438b1adb225fdce7b86e247d9510e5d0e93e926e5b5caee8dfe6ad9a75a99ca9e5a2f84377b460f69aba65e6e09812e1aed61316c285e6c638d94dd12b0d462f7ed9ad689ac3f7d10e470a2b9dedf7eea3c385cd33957fb4632b834c8662fdce8fad9eccf4052df1938285ce3579015258858ef43711d63def7be24f00410021887d40e32bde6ff2bb0b7d413fdfcbb74d9a832e356186cd4e38ef6b312e19a309f7384daad62a3ef52035272568c387f38106cdc72b1ddd0fe11f23819096dd7479e95ee9730940c28f51e28eca653edac78e7554d4e8079512d5fa8a1f043b6893d8a9604b79a2b3a757f5c47b4d5673ec8e9776d591b78e3cb872a30fee4746c38abfc7b5f7cf48e6cbf37ed1c8794f5e8bb695c387774bdd4b0e7509b17baf87740458490040e2ec024e068482e1dd9c1a554a2555c16e52e2306882fa53036e2919ca7b2f822225bf77f409e95a9f239ee60c516920665c328b06022577d2d62e6276d2d21d770237f3efb8883e14939e0b44fe5e0eb4579060d61dcf34ae6dd860e5d6a47d622020643236cbf6ce5aac179c8290f6e8b3a074412c6413e673cba7a00cf32c740dfd2b63fb412f4ce72dad6b649e73641ed717efc460b02ba68ca93dcc5a950d0a12cc0d8c7441e0d7b73f4a3af30ec6e7a8de2a5c5173de748fe807bb5761cdc325c89750d1d94a9abd4fb16c2b2371bc8a39997ac2e98f4c39d6a65055fd16b79aa389eee65feaaec441298ea35c04fc1fbca5a6118bbebc3f178201f2d18865e5ef5dcd2e30319250d61b08f802e124cdc9e744e9d4dd32f40d33669a89834c9bfeab521604cfd3e7511e6195c2a6c51903d6fd985f7b5eed3a22f4d97fa7da2163cb343a4815e1ec54ac2f1915c66b95dced36c976098eaf20e9131c3e569d1ab165ea1774944af4433cd7de76b076a8c79266e9c30840ae53fe67ff502013fc69e3da1a14cb8d83cf58e262600584d6468f2475d118236f35cb59ef3f94cd2affcd8ace933c181f3b78d5415c25f4a2fc0be5e9fa99856658d87f685715273ad59b72b18a66892b2a253707d5a264a33ac131d2da0d15383fce3ef75121c0b0add6384f64cb4f4c1de":"60742329b560bbc7929cd578f87e0979db19c938d413f36360aed6361550501941f32ee8e362478c96202683a28e4f25" + +SHA3_384 long #18 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3_multi:MBEDTLS_SHA3_384:"23cd7e8b7828a0ceed470598e88bde61d1487d471abd71a87c4af3ef83dd81ae4caec8ee8e2cc7c3d7363223188f14f7648cb973f510cba370babb47695d62e12ab1e90cb048e60ff7c3c7b278457451ef28302e61efc00b5e7cd0f98484926b443fa88ee96444ddd5548ef00e954694fa83aa2167429a08cef7faacd938587322c1ce1c3e682a53fa534d82e468d1eb0e05eff40ef19fc1499300087262fb214d9d235db93ce099ed26cd1302a45e7cb216c64e5fe5185f56b8acb756ebc49e4c3d6ffa61c8aed83637d6496e33356f6e1ef8d760044c097ecec45e8db9fb12a7077a9a3ef5dc385eec30cc32fb9eedca854e381b3785e8483d11a820b6e8a5e7650ce659a9b1e0ecafa24556e6e11e4fb38d19986709243c6e5b3a16c8d27d93beec86b9cd76f968e7f55ce0db452984118021de7a22e4e2c76abf77d903c53379e321664a74aa5bfbf1b8dac11336f105eef9f55a1550c3b105dd4bd0c1a35000b95f6906f01c4c555e024b82946f1ff89e49e5ed2d926695f63c9b95553f71ba36eac9eb3576c35c04e13c050dfa955359b8b61db1cf53d903856e1007c21e0f21678ee08ae14878abfeb432c9ffdb7ce7ee71d0e83213e7f560cd291e54df674481c1cc368564111a00bbf10fa77add10941ef01be02d259374bfc8e41c3d2a65de699982899e8f1a90592a2619f9dc9c52c364930429fda76a4cd59f43bfc04d268e2eb6167f5b735697c5577ee0e352cf6a1495c490d6f7e97c3898f0ee92c40238731a538edbedf97caaeafeb859fbb41ae86c48e9174d9a58d9174c5006921a7050f56953784f2211c227c008a65fa8dcc85fb9bc2a6f25e7a0637f6f857e153dad917f569a63785df355ed58314654b79cb53f927625313276c6b0d378519ba87234be20aaefa46826beac3164785fb34cb701f16339663f4186080245d356b887274e380ebc4d3a44a82619a6bc72d8c0ad286459716e18ebecae8656cceb75d4b2562630921cdc335c839a60dc352fe1dfdb70c097eec55a40cae7110405e7421cfe737739b955dd22ea3cf89e4fbf9594439f0071914c78ca86abe0434a17b7af70a64a78cbad28418386d7cb6990c515887881c8fcb72bd1085c2a50620c1cb1d1471318faecfe037700652b2aab5aabd183ac63da0e5d9f788156f4f6ce5a6b4cde39e2f01b46aeee320a853b173a9c4649e70cd157f57affa3cef7ae66572506f4249b5242e88b0fa52fa243dc4f3011519b89899cdbabc549f92131dbfd272a103b0ecb67cbe203e03a4beb037fb1572331a3ace4f77af1fb3f39283533b8debbe8020194d9fbf26b9546db93b46543480f22df38312eab4208093a7de0214a7c933e9cd0f91d03cfa65bba94d596fa479fcecc9f71111da4bc5710baeeab98dba28b452413925e93d754310fca8aa7a8486f1b219f696cabc3ec51f4449bed607eb1a49610a02c3f8ff8e70a7b8970f471cc74c6a37fc3df8690a633ca3c74948f786031d690955c350e8590d0dd7db284ae7d97659b48c76b0ab78068d552fe3da821fa4eaac071335fb2a6b1cdf76ae8dde19bcd0523ebdb242be206adb227f10891fb6035d606f0b3175606a006a5052146dac4047dd33f":"b6b1090cdb31627388f87c4fbe6253464215b812169a48fc8897d64e7b004742da4891264f0ce2bd2512f48a03c0afc7" + +SHA3_384 long #20 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3_multi:MBEDTLS_SHA3_384:"7ad50f6f55fea7b59e17c2727e72fc22910fe36cf463ac02a05925c9f697eb3a9a02dd088584d002560d853ce9d7d8692bef398c2df160d077123db39e642e6a19567581507ae9c3f68ceb5999af9c3677f94eb29432387409d96d969f680f049cdabf25dd6959be259cde13b581b24f1d37082551b09ab8ffb59db8202bf4cece94a43b55d988bc8c4646b066d6817cc4b1502f8df3ef6201afb5634a344692548e0a0adf50de84d3910979d3357187146e0f167081a03bb6ce9ddd450b6e16d9d0dbdba458c3e0a18610b62526ea36b7762b2321e4130bc71a3e6e3838d2230360fdf6cc789f969e2b43af8331545352d18e9ec9a4b29adb9b7e604b43dc807a485aa37e39da6f738a8aab16df17a490881ecf8f47e4af9b5a46f9a8b5f3f7e790d82ae221dc33c8abcef405b79bf216a1c5fd9c571014af5e7f8374167e4ef23e61d221ba0daa4494f5d0794249048f276972175ca08fbeaf0f44daece74e425cdce5638cd69b904fe9889a0687a4a11ff47429dcfbe97056e08500c195bf80f130a9cf1d9dd054e490638f8dbe98f4934d4cfa6189ea6f5ad88d0e1cf069530647678ef8cb0f3759d4ab815f57a9318a5c42b172b25960c3e1a62d86601364a20866c7a2c921e1b89ca69702b89f000d099d7798deffee9ae21685864d875bcd5bf0a3a4fecefb09cf9efa004b4208233ca7735975a5bfe6c2263da41f8bdf8f284b4a87d1dd2d5257d9d1e1775af2d4dda6ce40df117baf6b1e7d683ee898f157c0e3d3ac181e9d1ba0452ba3ae6528d4e3afd2840ccbfdc4466f5b13662ffad197970ef64577f1033a7e6839070a2809a63f99cd5d57d9b5e5380404cc4cb37c188dc2162ddf57f7f1a31fa02d89db6537a51c20cec64a264503eb7ae49622418bee767698ffd5df0bddd940e8894acedd0ae3e625c059ffacf699de74b6510937e1b37d4e7f76a3d1531d8100b27b2de19677882bef0d2863399596455348ba658f009316063f2c8b2e73cb3cae786b8b705f6ca8f86e8ab2f5670c1f160e3d5d1fe520b93c3a60819563866522496e23c123fc6486840be05298a6c9a7aa7b67baea8c00ca6e28fab1761a43b9f420f1b04c9f263f58943777afce0dad275bcb889840b058e36d40a933ef9e1983683d6661bcb7cbf10efd8d34ebb1d18ac4d0b076a2948da21599a6236d3eeafd2d4e0beabde0d3575f7bbbb0647ebadda0bf5b0d1b7312b2094ed0ccfdebd56b596dc66f0967ff9371f92aaaa33c1028d6e0b0e314148e1b32a64eb8056c81d4d3e2bf790814f6ac2abf01aa0fb37d714e7bd882f340aae677eb496fef8a984083f51f8f22b161aa7414693810aaa7c2f0d8fa7221bf0e1abf63e877210dbfb851ee0e3abf04e79636428add0eeb3622a43f3f39075961bff458545a05bda0422514b30147d73177588f8b20713cd39a52f7cf610cd64cdefd10b4a00161e3e9e7b0376c22f0e655c144958aa2662630e249d17297fd767dc2d431cf7fc330b27f0ac103b817af385ba8cfa20731d6ee3c7d6df2129788a72bebf371e6a92da7d56a7a4f721634290d0562f009648cdc48dbcd6be46c2961209f210d9edc85cfd2188ad7b6b41c2fbfa175fc10c9ef01efaa1664754402b58936e42c0f24de325c5b1823edb8105359c6314f8526a865173473662de7baaa4ef96355a148e1d95c7d4cbc80ebb79cc4babe70ce445e10a9bf0af8741dfa485730c710bc1235cbbbc44f29d515ba12e6c543e755ebba0b8e9403a2b2ad6a988c":"cd1a0d7f2bbac5cdac53fadf236c4675b5b23ff4847aef227cd71e653bae85e0da3bda458eae87bbcb5b4640d9451d45" + +SHA3_384 long #22 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3_multi:MBEDTLS_SHA3_384:"221710ca1c521ea4c3fe7aaf826691b9bcf37e7d0f587277da0c59f7fcfdba75df83df24b69237c90235f8ce5b3708926d231e0441702570bef5e1996fa3d407867263a2219c3580cd0adcfc480bb7088c4c16c40805a04f3170f2dc397f89091ecee26de7d7df702b656d60d24b64c11f55afe4ef7facbb3b65d5ebe4fba123b07ea5ac8faaff42242ef423805dd86531262e8c7b46115ce5bcd3ecf87de3fc436af488a27f5b9ec04db96cdbaadb9dc7a7dee636c297db365d3208fb6f183ddf7a1729a7bdbd2a08aa04646a9a3511ebc00617a75b05e037303a667738088d8c9655b626cbeb91032d1d32b596ad68a459ed4a567a2512ee1e352ff3407b9553a6f758a813ad79b9bf4b0044040c4afb5adca5cc85bd1a650d698af8ef39fd3b924536b4fccd8b3346d8f3a04d1a61f6ab1b5090e6969fa4e61fa00dad096c4d428779d2ee116e78ab0a3550da9f52a034f2742a03784ab1929f98bae2b58a909e05488a5143ca90d72aeedc1263c8fedea93923462bc396f8319b87f603000c8f07cc658e294984b17f45cd5c2d691a8f87c6021676b15bff1dd1fd51bc76c9fbd42cea0b8c915b205363a922c7ddfb30d5444fda22bd0691aa61a35ba893d0ccb591a231334a1d0eec70fbcbf7cda9aadcda93fcf78ea1952274017d8e0028e8f2231368e81dd362939348bf86e12de3e1b154e3bdcd33f2cb31a01d3765d939d309c71971b1840490f41a653cc08ec52ff01df73c21c592eec107a56c68eca59f6c46aa97b038db2bbcf827e013d4370dc073a03c335e5cd24bbe7bf3b46816a073168522bff7d1ac136b6c3c810720c249e04684aa0638c1f84e0994ef55731c47c110da88cacd5a20fa9d16b3306a97b2eb51dd2fc50e01f03eb519c2bba45c0fcfb587b3b8b87f0c2d20375057fcd4241d290f6aa4c6db5a16e948d4a390a8f4c6dbf0e8ca7861fe8c5e670182bec1c6fc36e202aa49975e5f0cebce1421481e30e9dece07f6481fa0bf6d6ebb98a5c112e11ea0e07d7d26a086c857173e83b49449190d771a7e97f0ac133e0972ca3ce7908aeb4c4bd5d761bea818b3cfa2df7b62694e22cd4a8d048b1f1a7534766001acef8cf89be69c2b1e52b8f0bdedc66c9c963911f5f32965c55aa905c6f255ea9e152aec56f99b840d90e0d6eeac92ef5f67754b7bc2959ac38c94c31086422acdc46e2f6256fcf7f328386e4b276a8c13a5abd848fff62bec7d82b7fb794f47a0c4ffc8a945e80939e367bfbca677cc201882c143f277a1a7f41ce86d15a6cb81dc87c2120e8744458916d12a70e036ef88a30d53e23d835ebb0a5e4fa06c3ed7d6ab2284f8002f80e2ecad7bcece53e6bdb5c4621973597898f3218a63cc26097815f2e94c7c5252b5925a990869a96e7e61ef57dd3fac5d547f3a04a6ec0d818b6d3a2853223624ccafe06a66d8c2f0954f941977c90274b757b0a7b1f47aa6d65a0029521b625cedec48d82f4426d2c826be922f3ae62788238b5acb0df6e023854ed4948e5e64e1f199caadd45b7ee08e72a94cbadddd918ad3043d5f089738962b1160a4b3a27065db2726b1eb5aa531ba46187071ff9835918f50113833de34a0c8fd84e88061f117d9e3025ed0deb49d51d98529f366cccde2494b0e1cdd07b3e1b45885647e3c54c72cf03a4655c224b3d8218d22c3f68de5733713bbfdb86e44cd4513b88def9ad949a30926d00155525d6a26f4765bdb8015face7606efd9d9907519e357b1f1f7814252d718193a17af8b7bd249a4be9b76bfc7b6bf53fb8944101f4da42b62091df69ec1f5b3dbea18aa152202793f1edfac87e4f18ddc3a333dad5e3c04f4f765e6744c2e773eb4def07a4d6a8164f198e99566644584d5a3254c7ee6e5b0a9a13b5ce08d0c6d5b4a8434bc496537fde99f":"d028f9a585a081207101ff8c32a54829879883fa0f4c4180542842168df757cac06a951aa68b277ca0fa99850b928e75" + +SHA3_384 long #24 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3_multi:MBEDTLS_SHA3_384:"111ab27c5b389f1e76246e429e34e71a8a54190f4e5956b680927e0099a081b19f881f130107f2ebc326afacda0da9ebda1c9613ce38965a676371f35a90208503b590dd4e21a2e0d71076c3507de97e24375c7d5937b899bb31ae483769441085c88d420a2fb7e4fc0b4cefc72ab1bbafcdf3b7b7fec25dc223be65f9d4f2396cea9eaafcd83ae1783fb79806bc088ac505e127b034bf8dc66228b4687834e802424c7dedc532be94d34126d6dcf7d3ac07b0370c81b4110d15749b4bfe11058df91e23a59ea76398ef7201ff32847eadfce74e928fabd1df652b846b0d927956369d04ec0aa2b8ccbdd1914965ba73100c0fd30b03abb4867ad4d6914ebd2aa5224f888ab129a47762e63f7c1e9e9a1d5eaf304088bda4497bf7f983689c01c2e5be18463c4712e30939715f043adb1c1b4fccf6c4e8896f911d550a0437e6f4a6721ae95301e756d85390bbc0951f546a780ff85f344941e3cd52edca94c2848df2f83b9d610c19f7bb0558f9b74c0e74b0610d02a9cd079a8f58f661bd7bbac3c61804c36e69748ff937fe58a94c9260822afc5550fd09ddebcfeb72bafbde7076e40c6c30e6aec8968d75847205285773d28eff30c18ed56a1f95a4912838bb8ac21b41b06c11c9197184261a6118810dc18ba95102e0a993b0bca04cec10cd8b1cf8eaf5e1e3bb0a4af5e6aa47a905d760bbfabca64582eeea280ef32eadce01596c0e072f6dc5f27f8e6b299e240c5915e59b789706880436a0948cd658e572e13f55ef3cf710577a185e9f50d1bd1c49d3338dbb6ae25cfaeddd21cb593a681c3969b4f2c9c4c4a25a661444f841a7654b6b04fcbbb97f9fd78fb9f7f8f66a7221ef5e372a08be5f1e2c9162e1bf82cf16ebe4413f34f38e26535d417d41014bc192f6f56404cf192a581d92d46036f1fc5a3571407c422ea2d014912f42b30fdff88313bde17e384791c1bc184c4a32c460007604b8f3e613afe6cf57220b2644c90d797ec753243d7f84c8f6aa46f938a64c37d4118f204097dbe33d088ef8b8ae9d0feeddd746d4cb6e9eb6a2b3b01ed4219cf7af9d43f231fcb6291dc6ed034e39bd574c9104d41d8727a05e18be3f92878db7b9a5b7f125502e63893a6eec53ec6bff3b0ac7041cd849fb03fd8b638687f25a5830e3051adf34327372e13c62bb012fd3c8f82d7168ed11bcea7f515b28b329b3c531f6b8b2b1e003f7b0bb26b0672f3c55fd17c43ffc28af6802d3b773b96cf3ec088ba8d08bb36350413144d285479d39408abc665c8904fe7caf436eea6b3f2dd08d9241acf4b805fe66672943bf1efa274e01e4f77ce43555aea6232f6dc011f2c51d0efaea2d9f4e2235be8adee9221c2a3cc1b3487794f598889a71bc9d1fd4f8f23e5fdfe7a5982c569840ee233986e815067a37e4a3c43593da969effe0dff1b9d9c219119f464d73bf4f35f7c5cd4e33ba338f54ea2b4d6deb875c0eda7b7719e80ae1d115bf4d343c9dfc8b5058253fe5c699eef290a7bed52d3df1971151ba72217f4f906bf44016148a07619134e08f1a9ddb425c0c2fa06f8bd19f0748457fee3bb598b20940559b299481df45bfc119e34262f8446755348cd578c7246218595d28b3fc56db02191f5a36aa1e8383aab24cdbca170ffc668a26acb7adb8434a2cd26bb1a1ba2478b5800b5b88d5dbb55420343c4dcf9beccbebc341aaf00aa9f1db4739b384c39f332e85584b5dd3230fe8f5b5ad4e3cae984d43cce5b1755ef56bcffc54e2e776e18e2e0a2fc272da2cc9a79d0035e6943874b6bf24a48b527da88c634b7c99e506c58dd9fcadc0c3f2edd15b0e2ba286f587a3843071546bd4bd05d462f9e0d4ecfe2a2e79c5c6c6ab7cfb599fd9776c15af9382d1bfd89241d0c2b85f02c52bd95f8e6f6fb38bcc9d9dadfe7be76d2ee1130d21ce3620b00b0a4c780b3e4fd216104006a71e17bb127970b269fc8cb4a1dc99c9f17f33ab7b922a7a2e5686b1eb3ac859e6af737d5038cbdd33c0dde69d31bfe20042196dd991e42890f172b19f05afd2f70ea6f89f0147e79fdd67ad1c3b08d4c4":"265fecfad0705b6deb29e1bc690f4eaee2a03c699e6352db82d94f71658b24f5fde1e885968b639d8361928cbcad8506" + +SHA3_384 long #26 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3_multi:MBEDTLS_SHA3_384:"9de3e6cef3da54cc609e2734c4dc69b8987e6b34dcd05deb50e11c13e72d4b957978a50eb8fd911965c8f7d0c46153904daa08fda40af646cbcb4eab97c1a53c602d48e3fde0d0a4efa4f624ddd7a86841595ce060a9a4a47f4a02fd546cfe27bbc87755aacc37f667f8ca37f8888fc9dc530fe4f8f38e8cd426e01307747edff012d96da707ee96338d1b11feba313a865fca115431dd8632268ff499224ceb69d31732dcd91e0cbd2b92bbd5b6b543a74735705daab81a0114b8a8f0be91d38cd3d8ad328cefe16c99d63c67c4446ca7d1f708f9a848d1a9b60238f6907420c3d9c5e48f67889ca7a1909c9a2b063eeec6b8e21171b43292d416ab91df1e5975af86e1ddb112c5d80968e458352240e4ed22048e4e25c625389b09abf5b706091bc2ac02b3b4e5669a051b8828c1fbf110db785687c313c8a93a5a2b1866afe9e6214be8b59783b91c1049124d0af57ef58b465364b5a3e4ee9ba7f99153dd7cd84dc875fee22739573076ddec26b8f165db746b2d24fee2d065f7fda8a7172ab8eb2a93d8be594e130eabd34d3cccb428720c882937aa281741531fa48ae65b50a67a298953a2601752f0dbb775b72d06fa1591a11731208bd6c247cf23d1776623bf1e5ac889d72ca34bdd74f903c6c718986eddeb1b31f3cd4c5d6f9b60e6c30d015c9346971b1aa9c6c2caef37e632769c0725dceec219cdf949cd191b112f0a49ca7cf45294a90d6870027fdcf411bc2944c112343dc37fd2f331c68b5e71c29e505dfb44aaa07739d063d3795a2a92470df8b47409ba8ade43e2ca373653df08d67d82f5c6c98e42ca3710967f459eff4a14eb378ec69826222a4ca7029b068f4425b2ec4eeafb8a47c461bccb2c8b58e35bde0434ae4eb0764f74642812e13c829db3b1accc66192d54ec71a6a6ff5bc016b663633c5686299a6bf512801816792daccc463775f8662dd940787aa20fc98c9adc833658b0215359e226ad53250f1dc5c686f3d32ed89751aea9711e7ce707b3f8fc65fb3448c266b4ce6039722db42825d3c726c36ddc7c45a15318aa00cd283e3691e81c842fb8f271637204bc3bfa74947c17c00b43818cc9e83ba2fd2722379a82c770bfe17a24767ca7e4a2fa663833da4d2c9c13880b87f72c6bc75dc9698eff3f36e021d2d347748018c93991fb17a9710f0795bb4b444a960d44b7445e7bd2f878cf37e8864b12a4aa1740a644a8b12a72341140d369a71f915e7dbc9ecac19b3d746be5c5ea20bca17656cb9c4eba215c0bce3f2b5cd76ffefcf658afe195d08eb704f1188c646f06cdc5288a718bfdd57416e1dc87a22f5c066b411b2a153e72804c330899a866e003d3e79679ed67e5572f4d6d51cf07b363249e6a0b0b8ef1b789d41c79b2483702c92d48cea807959c62ac6621289e0cfd699822ee3d67134404fbdd954abe14b1ef2529d88484ec2bf7265061739d6ebb8257cd3a7572e10f05d1d1533a707ef88cf4c0004987f2ec36e2b27879abe285b602f25779576200d47e821c49057dbfe9c595acbeb7b0c8670914ce02716f434fc21aad11bd9e00b82978593e2619ee4fbe3145acbd2da5d1c2fecbd6971ddd93becca4074c9ef5fbfb3970e27a5b6e04071b34db40726dbd36f9d7bcc4f43ccb1f90a422ad69c9e31b4fcbfdaa4a2550c9dbe013e98506738d8c5a7da0fd463e0cee1529880762b9b142d0575deefc7d2cfab01c60705a3bee40bce1d43fe436ae6f5fe58481aac4e798e9b73c50dbd257ff0ebd4c3b4f5d819c65b008c2fff92c9aea1e4ade874ee3db7de6ee77ab96737261c055eccf207028bdb2e38f7dd0aff81e9b8226e39dcd92f3ad1c6b5212a7dc10eb248dc1cee06c2daf0ead48035f0f6426d362a5face46b5d26e35ba8e1cc4850761250cadfbf11b6e312446da636a2285e599b5ad0e7e2a1d8bdcc951f9b227dbb4bd9a06e93ef0b8f3fd619de48ec18161d3fbfeb4c2ba581c6869a5672e5e31c35c5220d2db1555fc3f7f930905aae2ef185e35e89acd49c8e281d08ec192cf390a1c45dd51f00df5f28a05fb5644703671c999d48fcbba3851f91b95f22b7ebccfe0bb3227eba8861f693be109f6f3dfe521739d281d7114bdb9cea54a9106f4b486cbfae56ded56cd047de4a62a32917d4f0b6eee2936032fa831e5502d2f8bc0f7bd5d14dda50e0443132cb647f6f5403ba96d6858d3adadb08c":"e1207486293acd4065b8bcaa23562d32a0e532a2080f7825b8600fb85635cc9a11cddad32d2a6b8804f57c1ca7a71447" + +SHA3_384 long #28 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3_multi:MBEDTLS_SHA3_384:"daf3dafeb903e95c40cbb9ae4028ca494ab948721f89282168ef7405a7b3e3c76e72ad93cf449dd5139b6840ae6f3d1573989da2057b6d098ee84a42b3431c63c7e2ee1f3eb7fd8d652f0e2b51590523154bb4cd39c2f1746708eb5d661bbe054d0b44abf0a42e0e9f4d547810304afb999b34fba2a6dbed5b17005daa82f03668b5583ecc535be027bee22ed23a33266550c6342a7153f9d2dc304b66c2da7d80a7d2e0ba0baa89674a5f5581c1e92be3321181b86983223420242e8221a562fdaa5999a2154393c5b874f6040b94927a08bee935d891efe9ab830ee5e8796d478695726cb94f86abd2c81843605ae4919c74758704a5e85945f6f4795e7d27c6032f72013ff6e8805e04c3260a66a892b4dc2c9736e896ecb625e625cdda17e2e8cfa247ef5f43ac25cfff9550de66e4199d164db581800bc5b7efd17bb7c604ff1c082711b31e97efd2d57879eba7ef93603b91cb992f1c3c551465b13dba920ebfae89ec1902a984b44cb7ceb4f11beacda44cbe582989e1a65fcab7947df6de5f9c56c9ba764aab1e6d3a9762cfd0e58b5864d7e5f8b87d53d7e6d5e3979637a5d974f0be02e22eb83fe91c1cc6764d435fc35e692313d70384a253528edce1396dcda94c2ed9d329caada40b6075ea9cc24f9b0b3300b95f6fe7780bec2fa3c260483c8c8397631a166c78562435843f88f2d5f4afe9e90e9f9b8e3338f646e9baccf0a78884a5322c10e1279a1fe3d3b993564b1f3530b91ca7dbf5fb9b935584430fc5c608631a137f25a34b99ce015e1a64390c4c5608eff4a877bc854faec694df0dc38c6379d3a38cf4be0c0f717d6e48e6fd9623a21f693ce1031c459e86a7a9a809766ef8756260427be16cca21794a797a7b5f30b4ede15c59c83ccbce64b4be20304c3fffa6e7b40b7eaeb54f22b11b0b63d159b76add1044f1fbdda5b34a768e20c5f57c566b73f54d9dd91151c7f339b642c62fc779244eff4b7d147cb1f8ddb0a1c2f15a32a6c1b400df6eeed22a8bdc7a1f24ecfdc0ff5af45321a7326d9447a750689a8476f81da06e6fe21be78a3d410b9fc1b10ede6abe06d71c15fd3c4ca044e8fdab0b21ef462f1a13ea53bc415f32a62ddc337398713f3bc3a2cf5c2955497a6dee8cc492b8c9796a8796ab519b3d441bc85a464ad4a55784210c7c458b0525d294226a6ebfe594cf39d7dfd3bed47e70bba9e0e9b0e13248d9db25080d20f112e6f49aeb222b712b493edf31909e5e15fe48c8decd9ad4f51365dddaa243e6162c2bdc71ab421a64fff433d1d944ebf2d9608690f379467517d12f2311160dc6aeeeb86820d39764a321631d616d2def9319a366ea258fae2d48a04b23406d0ab366b7384a85ee117decf77bf0c22df5769aa6ca7947b78a9df2babaa06a0ecb85ba6049f1012955d57e78554debf2eac80c17236a87c7f0aef604d9503bf9ef6a133b03ddef5017f2ff6e12418f84b8d2967fd8838cc6c7a97d060efa5c3560ab99d1cfd5f5693f1d965f1a9456ec45dc6164538dffbcf9d6ae49c26874ca048f73a913a2be7eb49e6bd5d50eea317b2e9551fb4f87b16d7db2545e602cc1c560ca4c380cf09660bda757ab76f05b400f59cb3893cdae0be6b0af48ab2c218a64c540a7db34ba2ac2726e049613737ec9d55c721f79babb59d1e3ea111bf23ae58d0fc7d731f1faf4f3a04834f9801ca2328b11bc32de651d3d77ab59a13dbf294940ffc89043b89c5378df194a8a02e398e07d32a021f17b1bf3f24d67090079225cb975f8b84c02b97b310daf9a18d32ee41f496c8b47bb93e029b3155ee51c40ea5ca712599f6e4e33a6d8cfb646bc1d1e5dc93e245025cfc5b7545344565cca725026862d97283a27a74154e974e48c17a079bdf5f200f42a04f8c7c43b7fe97dfcbafb3c1d77a4df9a11e3388a94a4555122920516962d9778661ce57ccec492ca2b198f1aa5b4e4e91027ad70148d62d68c655ca52da0957b68f8b0029184392140892d74f894bdfa06c54f0eac6ec6997fdd03850e75ab75c4042bb31050fa69c2f31e15b969f237bb68264ca46f0700c3a201a081d562ce43e7607892515e0b7afe6be32f5e0c07f7b63b1343baaf751f5d5edccde841eead49573a61aeec6d2d531bc8a49892d181579549d374465f5db623233cd5d03dcad417dfc3902df8a69a36ab5e420cff22f43cd89ac852264354575c14c59724622ea850011fa714ac7ac573a68202f8a23539a6e1dc5d319ae0026f9edf1f093cff12766282e42a069bcf0ac480fd24c9c1939defd8eeea29012c43224cef5521f05d3830e26ca07da65c57006685eb5e4152a40ee58eb8ba60dec2e8338f71d9a8927db166":"56da709aa4104a9348bb7cc4531084395cae7cffdb79616dd8df2b74b03a7a717ea4215bd79036aee38c1de07affc6ad" + +SHA3_384 long #30 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3_multi:MBEDTLS_SHA3_384:"e756099dc8c4c789ce92fe40d53a1129f77d8a35affb5d153e0171ab4ea25cbed6096ff13d0df2f6c206b0ff1bdfb7755c6d59ed1bff7658d237fe798418b19da45f298632171ba82768da9813b01cc105d50159abd95193baae0516904c0aaf19024142ef09ca07c55f82f205d2ca73b85b8b60a7ae7730bf0f9169ba67ef5bfc97be0fbb0c887b6394b2f7397049f53eaafeec56a96e95a902a75a4a91e80c17c9a9d4e048db6ccbae718ef6b01fad5f6862e401efc02c402e51d187f17e27303d0979a4e44e42c356c89f86bad605e23ebf2ff0abf45b4c3c96b6bbb03815109ee6e5500966651434bd132fb7f66391d31eb76b03938c94d37ff12cf59f3e7f9249022bdead3d86ef5bd03acf053132d08663ba1f2426e19c126b22e9390a44c139b77f8caa33e030a7bfef298dd68edc001b24282f91fb3f590ae7b491e229d5beec923ae5adec9eabc895ee15ba6da093c7f2463d34aa635cb7c27d2c2cf473e089ae11e71470e26ed47545264597c347506da0d579b6b0225bfa6c94516e45a877193937d135a3f8c9d85747dfd3ee249cda5f7fc7e6d0b3dcd8ab50ba5ff31d9c1bd95d4a038a5291044c00f0eac9339484aac38703681724a45fe8ce8f2547e1fe19e2e9a13f8312424bd9e0a5fb7b20b2aa2a1fd5235619a6b3e4f4c5822f2e08224d15d9699336d97c5b17ca2d0429ab873bf824a679a525cdcd96cbb2dc6c831c263571b08be313080dfe2106d795b8687f7ab89c88af6bd52b1b675e5681b52ff6b332be7203361777fb742ffb4e21757c0d59ab891ebef484eb622ea657e78143f6e438507d8bd02277894f783a2ed8bc1ace7b86dc6751626e83c9d3d5603d98664fc92d395a5c95db290f574327b6c707e0b586d0ad164c0c94d8e5e26a897a6b3a17121febe3588d1c179f50533a233e570192e2da68cb2d5b02e5684b8d736d6fca0617858cf4f72a0e5848fb895a25fb06b1fa35716639a2f0da4e4c730ad4b48b1209717ff07f1b9d8b1567cef426936deb000559a5982f49cc7cb560c808d2023dddf8e5d48fb66b3f9edf2f77a8e9dd48dc934810b2cab6c4d9ce7e337191d68f7b60e6298ec4217ccbabd46d13c3ffd177276530ef3ddfc84fdef5d578b8af10cbf1a976e40d664a8412e65dceea7b8db708d88cb84f6be3c52fed36831137c9b6f55743f859e3b2b15d8dd04326f8858580caac73c7031a24078ddcfc6213c122b2171934703fbb3ad5f04dd93e1ebfcad563198a6e4e7752affd514974ee00f971127eff1a236e07bf385cf8fc97456c50ca5a630cf501386f661dd40f6e8f217a6ffdc11e37d101668c850826081f553928f768699fc0be8ef0c603fa3b758415571be34522ef0e11155171851c536bd8a479ff4cf5bdcd56c2d640fffeba088af262cb578dcd1707fb479ce179eb98746767927e9eff4b0d05d5f2e45f6797206759e21c1f75059165f0ef02c7eec257984988c8438e22fce049807205831821df88905b81eebef77bd2d3afaf65d3c760a849f08c73386b7cbc5471991672d381783ede5a402c816777b1b2d857b20de70a3dbe20b577a200b5d5a9c2298f7f76b0526b537436774e67efd1eccc477154faccfca85cc5e895bd6be229c2566ce5b836cb1490c3205b28f7d590cd7a3acffd5e70cb710c87635b7ee376ecafe4f71950c6449fbdc5b3442f856e6033b2829d5be332fb33c59117767550ac822dd45a0a238ba60bae814301ab2e905a1f93612b1e850222eb4879bc605f0cb790a303cbac93af9523ebabd40d7862d7ca2ad136e66b8fc140af0ab66c4c1337558d9dfa2701c1436c19060f75f2e092fb7076e4068ca8f80eef51cd60bfc9e8c4b9af015d80e5fdd034db1ca9471174fa8cd79e449158af9b2fd669065f37b3254fc14716b622ab9864b362711dfd630ea77dca6a22a4ce319822f324d56480bf795b34194b80350dd01549971dad4880e9eed23ee6963d1652bcd183c85938db5d063030e8078374a18939e1ee280c9879b41c898635e492842c6debe11cc1c12349a32135c07d18fe979a193876959e80571212a989abef56fb2e24c8b705b9f4adf5b5d9b20c4010c8d405a5a0cdda255d1aa3f89b7b73f1b07bf52431eb0bf8b98eb47de51633ffa34f6edbad9b9491509e021b723a687dd3be279e935afe56f5d7e6c862843af2b1741b82a5e613ebb705f8b916d21421ed5e82dde43cdb37e9361363303f9d1178a9d6439198a05c1bb74d7a9029c00685c3ce8a2c78eac21e1402f5572ea485825765c67898830c031cc908e729b3542355d34c74f673201bda7c27e038977657e791b262ce0422f79c340823b937324f7c59ccc39ebe7868ee49a1d247bd0b7dbf22af57226bc77f9f55254dc092c892a027b1215813f38eba310a35425f6d7e49e067607cff22248df5056c280d3f732906a4960cb9b914a4fc0a1210c5c4e2ec937f84c4095c6dcedc5088d8f0bf7b7fbe4d2ba2f9f18216714b709b37372f0f":"2ad3d03e159d5ea831351e90ac1a86a1bc9c607da81908cc7d14f8f222088c1576363a6f00e37c0ebd34b11a0aeded55" + +SHA3_384 long #32 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3_multi:MBEDTLS_SHA3_384:"d2e63418b5ed46aae4f5b414cffa98d391f80b6d2553f6fad77625e3f8ba9dead68a306aecc64ee055641eab875dcd103dc72781b53e641f1c89447d477b5ea7a316b4636ff78cb628ee7baa45ecc34f2522df0046675be7b7dae9c4d0c9b2e920d2ea89a748a73345d9f39a736d1f9731505b713f94845b90b13d3efc6f41b93506f867fc834860956dad0278a98cf1499bc45c0a8e8782905668753333b41ecaf90682d76e1643fef4d26abc68b063554942490e1d0b659d1091f1dedfb321c7f43d649ed3bae769b4895aa77133f83da3fcc1b308b80aa029e0386339e5c9143fc494bb78db51bff6fb5ba18ebeb5e9f11b4b6119377b82e77ed42c0af31e9a22c49a9425228be6024ff41285f9a4427bc670801630c02993934d9f1984283fe565ff93a4369cc820aeae621f8bcc2e8826b778c84adf7f744629263041f0eccfce4a1ebcc18c4c984010f9241d35966263a8b2f72ee26bd4c0f22815d27d8a2928039f34686359b12ca23f5c56e8634fa4cb946b84d0d4f9292f0d91ded7ff3b9ab27dd5d52ad9b59bec9d8fdfec7b9811a987ebf3b2a42ca8693c6c0d07354d4de02067b0e9b3eab47779845f49c885d3c9f441238fc2b565271f6e091412a76914f0b2a0a6cf99a0ca3c047f08315d12b34133bd6f16dc89f11d5f7706809115d7557d4e6b1509866d4fd7e7309d6af5f0d88a695b88e93c4f9e0602e6665279b0b792623f6d848fe918c53ec9f6f2a5071f0dce590023a5ca0a2c50bbab33be277eb7832bbf50e3c501962cdc233e4a808086957466d4ede9ca99098d397c0cc412b55935f3b6a98971115b6f0c960be461bb65b1a2423b354415d664f7758a10db538d68f1fe0abed0ff708d994110ba2c76e71a9cb5b835e1685f49cd656192425bc7c9a1702deb8528163bb289828a487dc3b63d778c7109594b43a396b8d2ad93ae62eb543b98fa54f3833fb489dd1d98a08d6bcfde7125b2425b614eb85985c5eb3ab8f15b4d964baf6c280b4c39139126a80f04d6be9b39ee98f0d689ae33b72659ee90b693c1d4f3fe55d6f429922ffe0e125f9edfd5b7f4023676525a1d3206c8777973f1e3b96742ae5da8320239d0c75a285b5c39f3ffa11c753ce3adfd338e39f4bbf064c0b23f1ce791decb7843dcd1a738be31b7b57e8a1d6ed34ae256b31e49b616adb27cfe85bed6b455b400545e235b8b24c9bea069b410b15ba717400dbf8bee24566f85d328a13c09b4af37e8e6ec4e7af2c30f9f834c064a151d3ced9f63fd327631deec6e17ff4d42f78e5936148c9afa6cd416d248597ef411afa83165cd3fd86a11bad862848a248060985cfacfeea960f6b4e92c325f0c9aa125bdbae5b445c32423adaa532923f3b58da0c89eddc7487d630f21195524611b4c8b89cdf785e321113716f59007f8952049a382cf1bcb720a8d4f97c8060d2405e3fb0e7260740f6bbccff12998360939a1b5022c6e92dc91abdd33207847c5380c382f8c9e1bf71985fdcf5b9e5618c0ee26a65d8844c3dfb1f376c543b705cd4f67b8ac0682e002dac6188de0ffcb9d791ef6c8318a2fdee7bbe7202f04ecacf4b0313c6251d2100255532927da29b88ac47bd6310c2975955a0e9703d782be433c23a37830d62a47d008963b8f3af96840bcef4f71b88c02fb739389d7d0e98333164910c5f238ef60c03ce4c506495dbb417c5462e50c77c49f7d87addd16febd9096f4bb3023432c0183ea24968eaf5d93e30986b7db3cdd19bbc600b12efa001bf2ebb898d18b5d56d31456f1b2a74d398e338636e2996f69b70e795517c0273ec5bc64312b0f1a44942b001f9b8db4bbe39d096a09d6a218d726c0d0bb9858827730690319168c552ef8cd2933a9b9a24c0eb85c393a9dad85d87c2a00c9bb6d700f6c1684eada100940621660428575304d3b13580e89b028ea556cd09d7a891821187352d12dfd8dce6aee0ca23fbcf72339974f9a8da92725f59d125aba5ed82d12216d14ada523698bb91e0f100008585af10726d221ec5101c5ae49a67216fd0528bbfb818f31d86d807ed220c7cdb4472867fa80a0de3624ec8bb263503b57979126cdd24321e4b94b1433969cadffa844565ebeac659b041b93dd1c7db004706395d4c74a59551720c8799a041000244ebe99b4cfe94a495aad11f782dccc39a6ef56892b43f32e0982ee56895e80644d86f48b90d2099cafc1981ce826769a621e9c3f6e4585a70d2ad8efb20047104996b76b7789a1a524b8b8b437f8cc3aa009ee129cc9d52934a88090075c1dcf4ad62a7b0d74da0bc078bae7f5b994c26898932a3c36a95d87e42e5f11dbca49592e94e4d9fc7b768beae6dcacd097d9c0b3d5aed6f4caeb0dc62a8457e515277d863fcd64894e908ef683bce3a79d28b242fac7f36b007acf37bb2862e3c711bfc6715f348419fed085dbae23a56e57452d4b9c1a0312b2d31d2a73b83ba8ae25d673c2d353a56b597d34dbf332d10d815c1056d324ca3d2362c08ce35780a7ba9e8d1dc960ba7d32c8d76bdbb68ff26fb8911ca636eec0c7ecc29c6b9d17a3830606989c121fdc624c0c85639970af162715171ca147e6c5a57bcad677354b8af7285dd6d09e31f1f31a5114443cec7f92e66ebccd9d542773323fae4ca147d657":"355ddfc00153e895e8f8f3a4b7a5d45d4307783744f95dcaa92d64b166a0b8cbb09aa505035c486e3925d92959fd00bd" + +SHA3_384 long #34 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3_multi:MBEDTLS_SHA3_384:"ae6d4141b918177a21ebbc69f6c36ee6044eef3db26586272a9c46f9ba17921c7a9fe1bd30f4bfc57065150c089fa9c99bc3e84e8bbbe4f21ccd994ed77074ac2d5f16bc5ded5589989883ac62e0f3bf3b5aba157f00b3a88bcbc653218469420ed766a609a9dfaddfab90b1cd2f55b02d3becfc56dcfb33bdbd557260f879c6642c5ce3fcd068198ec7c4831134d682ba8f0669d7f9c57afbccce125b77ac2078897ddbfe0bf5b5ec13a68af6967e1e287e91c6cbfc18658c20ba9adba70b38921453f7d702906943b8be2f44fe556cbf2f147afa90fddcbae0a174a8309df6f9f5659d4e5c401dd9dd94d8c2136454c9cb17ed2c5b7bc7cb3509078abb6b43f7553b362dc10eb9f8abb1ef397eb2bf8c79228729059a0e08467cbb49f07b05d25c5e2b3adb0025e64a9cda71e647935162beb0b837629ab93c81f8ac76d726d33155e23e4f2149ebe1dd0332f42cba60ad72d0a399dc51263ea1267cf6878c42fda8c500c8760d5198fdd04450681a0183c74fb0d20f1c967562ad8117912167e7e03b4aec095a5e9883ab6ea1039d7c0c4495a88b04e453084ff68382ffcb891884abe263e1165c09f7fb798f062a186f710a526bc18fa320ed674aded974f2b71c7f91d6062b9113e2272ec478a81fd5d617781b5006cfe5c6699dd42503e8ed301e1fed817f46dcca9952e56101d765fc22e042b9321e7e6165460ced60b4e249f0544f59fcc28f3ab8b09dca1c89486a95538902fada1446c10b2d38739ebdee5df8a596894f52b7ec0f91bae17ca5a8d69998354549cefee7b5e00f24eda7a8cdd296410d334dcb9d366c3938faa53f4f7a1659fdb5d5103d0ccc795bebc7fea8abcb6072b7aafd33eed44f094970b666beab77096450042dd79a7e00de4678564bebfe9f238ed516ff71053cb22d95852c0096519f68631de0f126fb0f4b9e3f7a9f207cbf23dcaf31ed62b97d0565138ebdbebdad45b377ed7a7a34c6fff9cc008fd0f1d29199644ced6e68f21fac78aa8af735d80e7fa2c7dc81934b891063a46215e6a600959e171c323259a4f51b480d4aa166ec4c0636c04301e5126b6e2fc1f843819756c65b1fb5fdf9bbc56632f1bee9a006a40b01cec964ddc293536a537ff0ac7e6642e0a100b31b8da6c02fdc5cf5ce850e19f2ad1aa67bc00f7c1ac1b4d56fde4d7c6e48193a07411f9106772bad38901398cf063ead0735674f0ab29fdb11df91dacdbc0a7c0500b942806933fa255039f061803e63c948243601cf47e8dca8bcc6c4a6db5f5df2fa39655a7cc2dfec0b8970c421ae0922cd98c6c0b4e5166256a71dae92cd563e6cdf7df40fefac8d0eccc479ef780eeaeadc222ceebb0834e5e59e7b39ad390d979c8fdcf367d55bcc1f2448b1a821c9046cddbbfe50fa47f3e810b6d7e64e8602d965bd3014a17dcceb59d96e268ae7a2afbf16eb8e34c207173a067562ddd235fcc53dcfdc5a1c96992cd32eda916b4c0d90e5bd5cfdceaadce6141a082e18b86f7804d7a9465fb38f62dff9ac7e7e8aee17cf7ca19f93629eda88cec08981149846bb5062af6faa37c6a4d8849847e5ba1d7d31476038bac6df0999723535d0e1f60a42efdb7303f81fcbd24a28efe4d96a97e43589e637babd3f84067b5b74b15298b6381394473934fbf0e6769d10b4c6c49b5361c463e33cd39665a31b886f200eb3249efafd64cedd3940ca7aefb1f9ac608932fbc5a9246dd875f59e95852913429dc6ccade0b518b5406cae0b39caf83abf42b2e5753cb4501fb80c235a35506a8bd133df15b1556ccfa360ecb5025032dddb124cad4d51084c368db8560c6d33d408561c6b8a3c67d3b9b8188b695b4ecb434381bb1feb08e2b547dee17511a561b35eeb4a0774ad35f4df1925c7c29871c26c0c057a2b56cb7e651c6339e4c91a1a72d51af2a646de9dfd77e9e42c18b8a2b576f526b9fcedd90dfa442090a6e784bb614311793bb5fb39b8418842d586294746f1ea3c02320d6801ecf2ba44b13b60172d2d9693a158bc66947aacd7c5a14a0463905d6e80649db8c4770cac5e858a7f400da4568cfaae08498311265b50e539b2dec34ac124d4a832772ee5d8ab6122e57b4c8c5d2a3627ca6b1acb327f416c469d169edc9637579fb9c8f705f40c87823d363efc307c4a7efa6ecd3075862587940070b902eb4f740681ebcfaab436811c09745054a9f9cdf7b6343f7cdbecdd8d27ca40b01b18172601c81d1380b848e06e3443dee5bd1f2c990846da684ab04e33b359e7ed38f2e1f196d679999441510c88bc15571cdc5fc0522cd856c668a1cd34ecf189396bfff95ee4222652d2368c77a44328a06c59d21adbbecde96d4c9d53e11418a3ec47c0272e57507b65599509e1ae7fd138e278663ad4f43927174a1a2099c2fcdc82eff99c5f3f966180d0475c9e8536a6c25a403161f440ffcc7d9191c8aecea3782ddc16841a2b2e74e438fd5d62571fc01fafa8aff5865b31ddbf1de805a0a9f123d9840c0ac234fd7ae5ad323dbc0ca56fbc87041e92a41013acaa43eefb55b579f7ce4036e4dae23a5452643eeed339f46db6a997ec432fc660211f9266118bd63fdd68c7188aedcb8fd53c8f74de4453cc1ee6891c9e569fe46bc51969453de2b797cce4e7ace4d69e1f0255d6938e37e1a5021caa1f4f453f6e7daa8c57914669e5b3b6d8a690028717febb9d5cde46b33447771f2de16279148e6d58b050aa5db0676473e1b9f854a477e650a0fe284ab4fbc3032fd39b9b44428b54b842b59ade2e1740c527600db0b70177c6b486ae0b6727":"35176b0bd105670592c7d16861e82818e5c86d37bbaecede6f37dbbda4d9d841fc16d51b3778382fef376e05db0cf6ab" + +SHA3_384 long #36 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3_multi:MBEDTLS_SHA3_384:"b6ebf0e81aa4563dc7d8421f685cc3b59d1ea2f493659408d759b3f56cc52f7e1b1c41460aba6135906db91d4834d99d6446ac464456abfd481650a0e2faceedef3eff9f472a9ed99295b6c85ea85a856fe497385666a783466a671e220f0cbeda5a113cf87c73f37658216ad340ae3366ff4a12f11df062795ee1b5558c50bb86765f6546394a49e3bee249ce843e6fefa0ad1c3c02ee628af9a4aea3fa04aa989dd16159e88aa582d0e2ad78fd7003b5cea89e609d0a4a2144995133df8f54bbd44f7a58119bcdfb9507e0f932adb55e9123df8576aae4e545a8e52ec659819525c1f66b3de589f5153a2978ab5e4f93f10628d11638f67f06bab4bb34caf8ce970f1ebcf2d0a3195964cf1df1e997fbf739c16f041a49968fb50403b34a830f32213a70bbc4e10e686b1b128bb8563faaa4f285c8baa5d3e6831e2eca41e800ffdf92b21d290d7c4b39557c013153061330033ceb7ed2de150a4a630217f04805326da8a267ed0d08b4c586dcbe58f938c33bbbf4d0975e2434cfcae134638f4d00157ad1e64a67a9c6b255a3c62bc02346e32b6b17bdfc19e7f78cf100097fdd33d051320eeb3235566614deb19502dca243b3d8ba0d5ffe0d08d1bae4aabebfb1e7554e489a17b54b27e916e65e6769bda37cc4234c2fda8d4bc0c3460df4fb64a2adacfa1dbd308f3efcd1cf4e99d4814badb7b94516b64f0882948ffbca97324882d58e3dceae09f3769ad32d3d25d5826f37e4bfba993b873eb5283ce79d0523fb4f6ac2ef38a18d7ff65ac2fe62a092eace0c81c38b390f1daf7798f514c47941a4f874cad43f563e6fccd68195ccc145039954da9531e94708e6d7990557937b5b9e1b078dcb94dc8c923171c54058a95ef300a7bd0b5ee34bdcc07d77a5b9d2fdc67e4e682d9081d5129b74fbe49e3d68834dd10dafb41afdc11c497298326e11d766456f4e9253d3b5dc323ea0dd2aa8af03018d053313a8fcb3a5ff1748761f399b97a914e17d0de3bb55965c5b97a7e0e9de44f625f7d3f74d37240b4112b053e5ea1e68c7250c0502820b0062adeb7fc8113a68d0ed0719b2aaeb5a666c4b8f0ce7d7338a7456817763a6743893fef2684177447e1ecbcaa9a45cedffa97854d735db5b739175c1e3a06ea0257268a39117047375b1a772fccd7eac54f4bf0b0f7c32cacaa4f12b0de16c6d7372aff80b3ae8dcfdcf237971cf597fac73a91a7c66e566d7d75029bfcda6c168ba5d5b9d542b6660a0c848d14ff54f514ebdeae699fb19e1501c22bf0c26864e73f933110ad6fbe44b1d45e3f85b0289ae83e315bd7cc93237dc7ed647f4a26bc40ce82d06ef82d3f9abd9716f92829dbb846dd17b716010b519a4cc2616ff08d61de2baf081e273d1f86c415fa2b5d59c47f1e17be1c5c4f25afe695096836cd1b4887f6f91050dfc8e671d6e9485787a55d50e64d4e0961527f3756e7b18e1dc5a44462c29d2e8a1f530cb446fd9d07c348320de5299cd4608ebb727cea5ad1f957dd5cf50314ee9b331138a3b9823cb6e61df9364d8b3af864ef824961119c3f09cf5ff0f0a85fc52d1bfe800acba8e8bd9122811858e752885000cdb466df0f0076e646d45d6015a779505c7fcddee115283486288a7c377f69788a62bf1cd1f2708a772cb8920518d5f8a9770d3138a34f8995dc946bffa0a8540fea8ed8304648b702682e683c17ae31e79f0e6247de63ac30c31b391392991dbeba5a8392727be669253354f31a6ea6a74645c4973d2116f77a63562bcbc8502750a6b1811d66a32bd26bdaf2a793b1690b47eacf35f4445a511155a0c29275ca5bf7e4849db577cafe4c7c9335ba0c9d5c9947285f59dec9e5b9ca0b0da409282ad29f0579c4deb71739bc5d4b4df2b4c89e6c6b1fce20d6a6a0f5d3035974b14bab439c48314270abd81cc95ecc1e5fcddbbce00dcdc4f1228b9b815a4f63064cf664a17f673d982a9c106ff6b0e9feead5db2f9fe535b9d7ce1dae58e23e879d5884cd85f34a9e21ea29a99998e0028e2129b25c80fd8134dceea2b5be71c5cb2626690251d3e31066db0ebdf08b1b46223b10aa3d76f7c85c9116c720a7413503cc1c6b0f74177486b727ea3465a9a17d81b32f874c8e10b1a77323d5497a8955e8402688959bccce106d94e0ea2e0e87802252daf8a49c7094304238d2e226b0fd8ccb59d2f097a1a948549293190bc4d8d69ac4e5dbda1de9e6b8c7ce08ab999e5adfff96a653a5d4508fb5fb0b17d9de588db19eb4481e0afeee0ea56e76742d22cae66b3d9f4f140eccb77c74c12b1310a24dad9e64f589f15889f38415c53c8d22aacb26c901faeb8233b1d6863d19a75ee57d2abf38e9568ea632da18213ee25db930e26f62fb7f56a715b0d58444853a0597c9c55caba706ffedd0ec0cc6daf2ae3700f0e69822a07e22843d954622ba4a87fc05e5435b47f37f190fec46cf87d637f30c11438df64562d13ce471086610c8420f4732fbc83d7112f244514863ddce490f57a009de89512841f667ceb3f4d33c20071d011e1a7e4f41b958ce3d317463793e103eafb667e9fb4f9cbe2a63233b06b943f3a036c13e6c9fcfd97a5d94e2e849269510592196b754828f3fe852df21b25a5bf4ff1450d17c48f281deda47caed559576ee28cf04b9ab9a7af0cc88efa6b29292ffd2372ed336920a21aef29fbf2fb869f1b7f361c39a6852190ad8eefb0f4ff0a57551c3493b4079b27d73e52307865fe089946d26b1816bdd883f9e13a2dc948c88213d22a976372dd06c29ad8f87cf4708327537937e0e9aef3d8ba53fd1050185260b1413bbe8e0421bdbd32a254ea1ae5e189ab2a6d0ed8a53261418c5a8c0f6f0ab71fc89f5764d338a2869f7446cf657d5a481a45951f400fbe4c013263747e19ce0e658f35c4c139311c17647157ae02b09a2eeee44b6d78b9be851d3d112a96dd":"7d9c9b9bf8f498815a36dd421a3fd4a67d8333a7801f4abb9e4b46270dc52cb17feb3b953fc34fb0f18b36f22c66f723" + +SHA3_384 long #38 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3_multi:MBEDTLS_SHA3_384:"8a73cb778c74f6adfe1c404bf6fd8505690589e74148a13aafffb0abc3d155aa3a52631197ca9206753774221b95aad3515c57fe724bd5e9c364a7590338aff74364a1f8f85cb8fd4f67a838c0ebd3d1e6ebbf888ecec89b0e6212ead820c2594eb26e76d8b2d15c34b5c4d70e886ac8d1b9aacbbc59e2183801d9a76913f6980342b0d15f5546e9ce27b0452df3d580b9cefe1025758b27ea49e5d8df98b37b091e5152b4cc7d6dc2c854ca44b47ec14733a59ff0a92b92cc431cc5613861cb094e3741009fe0afbb9d98b07b54cb5323ef85c0467e2a1f85f667b518796850aad84ce66a57d6795fb0653dfb5a26fdf40a88bb4f7bf097be6baff22be631d295c676881b7bc6915608a1bbec4ef688628d95d73228e5c11ea8dac2c304221971209f713a931ac049ad367076b9a2bd177f935e180d72674eb7d16e085da4ece7ecaee7f02739cee0a80aa5bf219461b8e86c9628b3fd4ff5a07d3d217820159f348b3365c08b83c20007a1f211333ff0d107c88ba1f042bc69c57937ddfc5a40ff1e9dc0e578a798bd14ae350ee71e64414c3b685fb1084b1c90687115a28473564f6c2a1f680109e81812b0a218c5bf402339e876aa6949c0c854f8a7785bdf4006eacaf5c35abe87fd168d542efda7d67408336d412d5e5e5483f31be8a62dc52b5dc9eff17a5ea5aa02f1ac918ec40c27f170cce01b33fd1c3e8bfa582f04eda60e4e955a299247071e0633aa40c0e9243cc81ceefd70a508cce8ca32bc0dc15f458270672f0277fcb1f470dfdb4075533162e3d399bd5e00773116dd16ef483e4a8c077e53553c7105e3ec9926efb99d1867acf6b7c031ec858f63c105538a2c6495e2095e349f4e60fa2d41ea72bce838fefcc1212425b43f293b4650e1900fdcc58a6e1946a67b0b61bd3def74871eda505d9b9e8f4340ed2825d4c14061d1fa43861749345be04e4124f7fd9b2025468456ecf5aa9278d7b3aad31e19055806385e6ab9a5c66670c2e8d5dc8f91e7c4c3701def1c1a4544f350ab3013858e48cb9bd13042eef3bb0b934153f9e24a9c353194548de38d7e0fa2c4bfd7e8590825c4b375b3db707545ada22c811938150123baeca7f63acb302587930c36a38d6d6177519f95c6e797bc602dce40987850cef77e0f5a32747e635a735b785320ccfb878cae25db592a4ae31f895e510d49b9b4d470175fc020e3a6286cb551096a194aee8992991325de92c9597c4d1c156c57b47036a7f93f2dd47be6f585906e43283fd8e4e75cb101d7f5e7a173eddb6f4ae7b7bef46502ca4a317240d7fd010189464223ac7ef6391969dbd5abc8c44bf335eeb72d4e92417215b79f2f974adcd5cc7058d2bf1b11c1eedc20ddf4f887bc65bd293afa161ab3ee5e1975a7725b74990a8b4068490e354c928bf1ba9eab0c41cb1d03b2b7de74830eb79175a007cf75b7c2dec0a7bade4ba61dd062de3f4a8fc19a6fbd9d141f9d70806b49fd664c281f0794115e9c24b3c0df6034e1cce01846a96865ef441b042b7ceb6bb1025479eb614aa1953c704b87d78a77cfda35a40351d6f0d6f6d080e8b3fa22e3635031c3d9e8ba752328dca40f3775d0efb1fba09a9fa779b3a6d94f2e7eb8bb0fa6184e7556a226d8b62ebe8f4d740a95bce4c48cacd2010205d607f460736290c0f6353f7ca1cfe380097e5db6bda853be281730e5b9956c5541b90d899c006e04931f3f430198cdf0358c835898d0b11f8f438d32a35e78fee00c82e07abc2fdcb7b57c9108aa1d6c798f091d4cab3847e1edab7cda83ae687ca95a4c57bf5daf299ffe50002d5b5e9f30f5eb23606f9fe6bf93a9a42d96fbdc379db779317fe4b284cd662f48102d6d1651ac6317df8d66614ca34a84b920ca5f530829391ee51a0df2bdde24c341ace9254755fa0e7a287bde5013af9e3d0cc98527afffc11929e1743b54e9fc02235377a4412e86cff5b4529a49d7cdbc6b1c3bfb53acf0e8a6a95bcadbbe43d89cfa51ab6fdecff295b4af683223cf03af017b6e5d6834ba5b0caf51b9cb212bdd86ba4426306f4dd024fda118bc2b7ca01f4f67145a13f70eb379b737391d63b0a0bb57b04cf0466eac452f41c9698d051fbecfc2ab17078845c1e69d30c0e8dbf05acc535bda4736f38ef9f67312a0a8a8d08cad82c853916b8dc533d79022261da18b5885b3b7f1a2e0e77ee2ad1c4f638e871d08ad41f1cde73c4057177a5bd0987c07f105fe676043e1233dc269c3f7ffa85c654e3a6f12d6330ed8dd5640b04688a7c8578460d6c0cf2badd9efcc0d2cd8b1c033a7d4e26392e381691f9f66b395823132b0a4ac5e99df597b15314d1bfd6341e5eee8e79441087a433e3e99e78cde551decfa892628876a2f45bc5ed600bb12eb7973c67329c5ecf319e5f2eb56045ca0a02c151e626b077ee733e965ca0158cdae3d2a083061ff011a5e18c6d93c6d433200f95030d259ef615f95ce427d3e14f70db95a3f26daf6a870b580ffcdb08f0b3fddc47b06870a1c080b1b4f76e947bbad1b713f5aa65a2ae26e22af014e0b93b16881294dba5780f6f354db3684ee61e3f95516468ab30a7dedb2d11e6f40321d438f23f01a5ff6f0f47fcd0335915378fb0fae32af8baf09da3b4c6d3ab4514c16f65236cea9e4c0b6a60d2624b9f834c8a5ed663c69814edcc20a36d8f1560788be9d69ffbdb32ce2d082e77bedb8de0922bd295ad6e8139c51f2c1717fab1441f0ebcfd424ccfd2006168d5fb6fb40658b05c531594c22c2efec552ce4b63bea9426b2766595fa174fb062fa9b292085eaad80e87a1541f5a5e03b31aae1462bb035580c0878ed70b338ac7424aa4710469ca3a8c1ab39dd7ab6bca95893fbab4e000abf96dc9cd23a97b4f5d9e77dafa8bc7598b777d12376561ebc77332413756f0fb79629d1e6edb3c2a44346890a17f440e1e3dfd36fa1a9a9918e2b870a2e6ab11b90c65254d3751da9e93035c89b2c4aaacd4c05680495a75125e2ed3980d936130c1de7c3f4c50f2d530e47923c4cdd1cfe2731b7a6035e23c5c01d4773a4e7c993955adb598cde580a46880f033d3f5ffdd61d048fdc1730f42de1dd0fb30c":"3aa0630a5e6dacff792164a3a0da804495daf356a6c4628965924f03c16f9a0280f18362ae52a88df4a81eacb859938e" + +SHA3_384 long #40 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3_multi:MBEDTLS_SHA3_384:"a9daec3394c46f2d6362b15276e72c043565b6914a3657b50e9c586040a49cbafd503464ecf42d01bae1acf6c6413e6d1d4269a0a8778754a47bd4a353d7c5fff1259b74ea76392d4af2323a75be2791182350525fec584f690f6ecbf99099826ea34beaf5113ab9fddc6ba7eb268f750f4f932ed75e73ad43a24f5f9999c04a5a106c4e748cd8abb9e97ec490412023eb0f5bbc79947f761c7a9ee79db8e35f9fb52529d1b0bc0d685f9419cdd680a292abd085ab5825b2dbe084ec6cb6aaca23da9f0273458ee6f187d42f08af57faee6b1910d6700d6a681c29f56e5abc92d0c70261c213f53f3ca9678daa924e34e6965fe563a5dea6ab76b48a0b6ec2bf8cc375ce26e19a1f310d74bc1c480c566176c98db8bf406c8c364d33abb8635a411720d20778258eb8fa2442c5993a6b4951808f3f86ddc6f3a31e79b602486ad60c2cf4cda13d95b9ba9fa90c4c80788570ab735fc25abbc8064ce3941218f733e8c1bde0228a3a1c930c785b2b8587fd1b73c27f3a6253f3a702faadb07c0a40f306b4a9c3b687c9ce933819fcf29f999a000309b79b975cce66446aa61ca9e57724618e4e6684a8b25e70ad886ec9413479be6401ad8eebc3a04b31bb9fdf0aba434cf8894438a28992a88197a20cdd32067cf8e0414189cdd9976bb6aeb1970589fe503ef8ab9d995a69fcf1367055dcd1c32d1cffb61c3639ae8160f02974a021fefc332ae5822cdc39865dd1fd917aff1e6b7c8ef78d44e71ad9810e4e89d331d4663181ef3a8840a387a41bbc7954bb121ac9970cc5400c63dde1af28bee6e209f4ffa5d0acf5af2c678ebeb4f6b22b29a2cbc1fbab72cf0ff4477cc0fc205b2410673f90bfbd515e8fe35fedeedb77ea6b4ab5ce262159a8857c1c1d29cbc5ad212ff7385d274dc0656ba9704b18c8dddd0e1a8d2096d1b6fa4938472f2d472c8f2074ce6d7acbda52ee4144f3b1468b61de993e801a60bfba747847f48e0a2ac1025f5dd6fff535bf33d271d0ee187b5d84daeb2ef32e4d2dc583246238352f219d5fea82fef15812030200c81667353bc6849b116962e7bb0602e66072f1c116b81d7f58bee7cbb52679f8c5735a42616d3f5713c62516ccfd9c96d583666a081d4023408900170e64e061ae4b1a293941b5261b509e60c873fa3babb4bbb15f9271df22a563c38785df446be7ce7229098b101251f6501731c4ddc94d191e84e058bae65b3a5786501da8e38f9fa69b8f6c1dde0f546b21fca1841796a73addcf9cbc75f3aa5c758e4395008bb54cf699fe5668d3e13b4f9f39397dd68e8cd326e6edb5b5dd59bb07f813a92237eca2f0e9c298e4c44707e03503e357f59dcfafdd568fe9fbd6c083e52bc69d4d0f075cd669578c2617b2893deb315f05f337302afeebd62b5beccab2e44044213c8da46d548b112f34b960f8f84f37e518747274edb2c59671a7a30647fd5fd8fb9c92558a1dbc0625822e0f322527bf94ef3d642ccafe649f59d8895ae6369dd49cec3713f6d5d47277ba29a19c76b8ed0f58a2c21dc9bc6e6a2fe427e3119650f57bbaf8fca4c0a4ffceef4e9a6efaad3b8dd5b7926ec6654271bfb6dd37ebf60f0787401970f342813009400855ad5bdda2a5141034ac0c4966c10dbaf1c54e525845f3348395d467a91e7fcf74f8805c60bce0816593ebe8d5933664874ce127359d1a3523cde21801d614d51304a3208fbf23cc47a58b8587dd39c141a736f46737bc0399c3f5fc00db06047af94c91f759e5d9230a738a45461cbb66ffd622b7bae1882da0947b6ed25d43f0fe04175f302f9040ea2b5dd576e939407b471aeacf91ab268c48fd12662279be3b511a91ec08d9e86c3c68ff16a82215441343cb1dd554ceae98eab53d5c902dd9be025336799c61b82d118dce5f602e81c104214db46b6b2f0caa1fff136f8300d0376eb689c1f4f786c2454518dad35bdac7b30637d946362ca518554ffe08d71121aa134030e951d0e2f124da784cfae5f34af16584a7ec814468e7192506870828cef5a6d188ed91d95712ae22e0856af0aeb54655d57992edd65c78ccc3373db5a406c48c18f4540e40b89ac0d824f225a7fbe2341a04e7092c5c75db8810392ef2eba14ae38d9eeb73bda93a7c0104fcfd6b420abcb509013091173a9d3a83fd814f45f12fe1f9d7bacbe078144128dc77ac6dbd04b57f3baba066d24adca38819d8b96b4518ec3adb874963e80fe62ddf676b373a2cd12164346a89d71f2239812e049e6d59007d9f9bebe14091c758fb43455ea642881a25f32c488b2a877783fa2e74efccbb06ceafcedb63ef52c394e9021c901d2b8db485b3f8b0265aa9e5e440d4129aa83e306afb3a9a5210d77100aa583fe842e4da93077f8c3a2439709341a51feb4c8d8c7579e42de287fc5c3146fafcc956865fc531c7678f6b8eecb039d15ee6315cac7750c364c6419b1b24dce90fe8eedb0bc238b68b4cba1021e2313f17b4de11561989be8627c61a7780770fc06e924ba63324363f9a9627d7d22fd7927cdb1653032bbcdd2c9ce338ee1c535783ca3ef7bffe2ecaa1893bd5283e811667b1d16bdc3ea7affe4d5c2615d59d1b4e1f1cc70fcd8575881ab4e48b6325ed9de7ac654dcb6645c461ef089ea9d555f8184ddeca99258878d2facca3a8ab5d45050d0bfdd8e1e7a75e03a830a1e44da83e3904996af54b983775551914fbaf88935e23957000ddcfceffcc74c3b04b871749012449dd0511d38e4695affe2b8d1a0676bc98ab6e63384d3d11192297bd2de39c123dc5000a2eab69be829a187d226dcc1b5acae38b2554c3b0ab22787108719e0c4f9582acce36843d94b8c07f31fbed59bd4584711c7c25f97f9938cc2e59d0b98635d41e3d9560b9ee4169bcd118a01fc904993aa52d2d939f6d1df52905f7c2ea8e3e890332c5db961b5c5b892cae1587ef6a1148cfa1271388701481dbdece83860715a6737b4b9630e185e19fe0e2feef3f1c8eca4a5ce1d07853bc454c865a0679e9b0c249b0f6663f6262d9fc2f37ea5f83fe87f0db132f7fd864a9089176f7da2ea986f8b3bca7c0199343caa338c9136f216c5b4cb18ccbcb0071db99df3f730b172650fbf2daaad3fd4314e70b75a3087de25255c1cea55519048d439ec88ca9840c19319fe746b72642a0a2b8d557759c529fa14ddf559e36cae639ba786d30779f1bfcccb5dcee98a9377d45d076df062208d65ca623cddf2bae233b395dc77947":"1501bc2bc0f94c7caed9eec2b30d3febd3d7a6fada1031805e176f53a46e6e5f51376ae05c640f4f76a414bfaf064d7c" + +SHA3_384 long #42 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3_multi:MBEDTLS_SHA3_384:"1f5619064d40421f8d25e387b2dc8d5fee1f1fd44532dfea41c5ca79e81c2974eb6d6571208a1c6632bf74b198feb05cc339019e9c109ea52dac16929eebe5c664bd465cb5ce49f63f6525bd198ccfa3fa71cceca90c43ecb402561265c9b225f20d65cef453f1571add9eb21fcd14bdf98d28c4546df7473e8e31fe2400b81bfd276acfc5633a0f2def8698910aa5312a55bf30857de13f33195060c3d61e2fedd1fc6710444fa8df658678568baa87f493363724822a5bfc6b5b3f29940dea2ad4c39fbd3f56aa9706455958984c48be0d38e119c5f924ff4cf9a44081acd21cf8697eb49c789bbf996c437e79b2fbf28c6b374c8e7721a584d296efe724712c04930ddea3dc05bee7a23eb0750628f7d87740a525cbda56da8f1d1e0c9c4fc0c2eb53219cab6ffcb89053d6d56d5735b905050dd11fd77b18d841b5393df242f8195866ce0c62e1d3dd89d9e2111114f7bd8c6adb98a17a04540b9db62fe4186fc52496822865d50232e99fe11addfc5946dfa68b60bfbd67ac82bccb99adacef96c097002600400b3779111db04455a94906a7299fb9aa0888affbc0a3d36440343353902fbb8ab7934317ddf9cd87ad6d0757fd7c18abb18e9842dc77e0aa294885b07a6b1f1bceef4f9a682000fa2e5bec9c4f2062272869477a693a5ce5737abe980501b35b18f2a380074b6516f3babd6066b3228636bfc489ad17cd7ce671e7f27a1affb35d4549b302a38544c633808a8b5cdd2fa3391559f134bdd94ad608a621dd8c89648f4919a14fe7ea6d6e3f0206431d8c377e44d17cb9b3636750279b4273e146f679a99c2c771372b11201b01f916904ba3759d898cf388205884ebb25038753dbab7323ea4592425ac7cf7c1e6e4afff30b5a588b9ed39eeb2584ed12b60416dbccaf9524dfebc43037b04e4a0147e5aba351389e4d0c1fe2d0d21950b4e2f9bd8463dc226da65efb08ac0eec73e81faaa6456019046b6eb2313e272824a8634b7d99df2c184c7a82e2cba44cebb513b8bd3fb744ed79f123efd300e22edfbc4b5c58868a07647f8e6e16f8b292372a9d904627662dbd11fcb3968ac6fc0e6b86cca9b9836476d5e75394f26690f5cc20c66298c9efbf36072491ae1bb3bddac473926060540ae4553a4d7baf0c77620b079bf0b35908c90aebcb552b7e7570cdf91e636a01a913a0cb4a79d72e465224fdfa186d931f30ceaf4c653c83bc95680752aae693dacc8fad92d62420e906344e86f83fc68cd51b191dc897ea1db15f45381e1f322677eb892d78df07e8e402a24878701ad81eb9d1456484dc1d2c785ad7a55c04147a7c0624494f0ecc5658a246814ab68a756f7ecc234a81466f7cef3728e4342c3e0acd7e2fbe5a1cc3fcf58af913c32a4106c8bbeb33001fe032ab619000e8f62b5d85431472166093b7441cca146841ea475919a6858130e864375cc3f849fbaa3cd77cdfb468212d513702da95ce56d8f7d6ee3b892e02f0d83a30ab147ec221716b3078cc78e5fb92754613de1cf172e1ea4292872d1c5e575de62f9cafd3f9c2e867c7026f376442a7f05b367b9a22cc3b1e93c7a6069ba9488536d706b79bf8f729b39e759cd02874069ce713da507f71892690c2491096a215aa0ea8f56ddb3f7f26e7b19ea70d8592bd370b3862c3358c332ca86c24e6139f7289c015d932697008264cc452b9819ba66f8c3dc1602f2ea2e182f73e604529769074a046c71c053fa46e9637f4112a3fd6bd6fd51e06775bf87573c8ceddbe9e6bec1d1c600145b4a63d9dbf86dd4670b6c75906c5626f46b8ab6729f68663d2615114c2c6bf384f77e46052368cf72155d180bd1ced1f4c6b4c5bc9a0e622fabbcb0da2c1ffe6f95e896859cdc7453afd046e60ec4c8e53577fd71096a502fec281912318695898a2553b3a143539a3f488aa59fd2ac444c66d64669f6c0cc6bb9c27ad95a495158c6f635fd07fda448284bc0e172dca08fe3e893382e3463af14358a8fe59a55964ff682ecc4c3105f1202de902fda7854819cfdf08b1ba43ab9fab7c1c2f914b722fd011cf4544cf87868350854363a5eb26bdd2f97e70c730d8a892b7cf60d2fd25256fa0121d888edb49ad6aa7074f318fdb741df46eafc915d75097e01ad84f09eeb0085ac41a4c4a046777d09a6b6079b12e3bb9bee4be7ec11f830bc844ae04b43bcfc53f6b0af83ee6756724e0c10ec8661d75684d573ded6844f870fe633efe7abdfd98650f107e922b13ae989c76a78589d172d1dc77e391a24e1dedb5de54d499a7d7efa5b84dd3637d3e7a39d9d6f44874e65a94572c0465b6d4fbee0c3eb12d6e02f012183211e34ddf6edf5ede1a2208cbcfc8024f2755d79f0f55f245793ff723529f5ab5b4742a965cd72d465ede322a17c0a3d4643a5a851131b5f09598ed41fc94a35e24debc6d2c6a6f962a469c0a1cc4604422dbe68feacb80c86b00f665d6391eb6c9e9ac6bc6dd4c57e520ee73c51c6126c80124c3806b7954643fba96c8d5f0440c5da298137beb10f635cf6efa0fcf02c074bb2bbc58c81ce81ce3dcbab24490530145fdf98b7549c74de801a3e6d26171fc54cf86dc96a86060163f94164023079e3ea16154118abf30e137a9ea91c9436197b5c73d0b8132d3fdc83e4a0c8491fc348d341fe85c46a56115f26035c59e6a2be765c44e2ec83d407ea096d13b57e3d0c758342246c47510a56793e5daeae1b96d4ab988378966876aa341b7d1c31bba59b7dbe6d1a16898eef0caca928f8ce84d5c64e025dc1679922d95e5cd3c6b994a385c5c8346469ef8764c0c74f5336191850c7f7e2b14be0027d884b7299d16a3c2feade719d7cdccdf62d20885a0cc41acfb8ccddd29ffbc7a53bb18f477d86b3f0b018283e3ca71155444d7a59ad063b97730975a1de4cc0c4eb37704c288aa96c97fdeed3140effe6a8c68bee8150193c9936609b8143ac711935cc145cd69af815082bd8ad54f84eccf43395344222439dcc154c1380e92e3844f93ca50af727a9bf65db631988e2138f17ca305cf530e3431a202f74e540eaed9e217b884c7fe89c3337dfdd20352ecf9f1a0ff0f0892c23d5c41fa04f7d8388116f6aef096534270a9a7e105cdc716e3ff11dbea2b0baf6de847e837628a4bd0972cdafcc7c2ed8525fb843ad3c8dc380dc04068a5c22249afdc6af07d6b0e4dce84e3af4293b38a11428f79fd9d667f8573d7925cff445a19c7283630c5aa8021c57212ef0ebb08d444a9c8338ddd40cef3486f390a3c278fd2c91163de46f1f9b62e2bb67b2e87d6c97b315de1690450083a07242a333877c3f689fe000b29bf21c0048021338d7f99adbb63e231517379556306a851163a6356a7e97121afd9cccfa53349f3a4377be66e2dd5":"583678431befa78e113f621fe22396ed963c825826e9314faaff5b9a53643552dbe0f3922b28558c4ecb26bdbb2dfa30" + +SHA3_512 long #0 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3_multi:MBEDTLS_SHA3_512:"664ef2e3a7059daf1c58caf52008c5227e85cdcb83b4c59457f02c508d4f4f69f826bd82c0cffc5cb6a97af6e561c6f96970005285e58f21ef6511d26e709889a7e513c434c90a3cf7448f0caeec7114c747b2a0758a3b4503a7cf0c69873ed31d94dbef2b7b2f168830ef7da3322c3d3e10cafb7c2c33c83bbf4c46a31da90cff3bfd4ccc6ed4b310758491eeba603a76":"e5825ff1a3c070d5a52fbbe711854a440554295ffb7a7969a17908d10163bfbe8f1d52a676e8a0137b56a11cdf0ffbb456bc899fc727d14bd8882232549d914e" + +SHA3_512 long #2 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3_multi:MBEDTLS_SHA3_512:"991c4e7402c7da689dd5525af76fcc58fe9cc1451308c0c4600363586ccc83c9ec10a8c9ddaec3d7cfbd206484d09634b9780108440bf27a5fa4a428446b3214fa17084b6eb197c5c59a4e8df1cfc521826c3b1cbf6f4212f6bfb9bc106dfb5568395643de58bffa2774c31e67f5c1e7017f57caadbb1a56cc5b8a5cf9584552e17e7af9542ba13e9c54695e0dc8f24eddb93d5a3678e10c8a80ff4f27b677d40bef5cb5f9b3a659cc4127970cd2c11ebf22d514812dfefdd73600dfc10efba38e93e5bff47736126043e50f8b9b941e4ec3083fb762dbf15c86":"cd0f2a48e9aa8cc700d3f64efb013f3600ebdbb524930c682d21025eab990eb6d7c52e611f884031fafd9360e5225ab7e4ec24cbe97f3af6dbe4a86a4f068ba7" + +SHA3_512 long #4 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3_multi:MBEDTLS_SHA3_512:"22e1df25c30d6e7806cae35cd4317e5f94db028741a76838bfb7d5576fbccab001749a95897122c8d51bb49cfef854563e2b27d9013b28833f161d520856ca4b61c2641c4e184800300aede3518617c7be3a4e6655588f181e9641f8df7a6a42ead423003a8c4ae6be9d767af5623078bb116074638505c10540299219b0155f45b1c18a74548e4328de37a911140531deb6434c534af2449c1abe67e18030681a61240225f87ede15d519b7ce2500bccf33e1364e2fbe6a8a2fe6c15d73242610ed36b0740080812e8902ee531c88e0359020797cbdd1fb78848ae6b5105961d05cdddb8af5fef21b02db94c9810464b8d3ea5f047b94bf0d23931f12df37e102b603cd8e5f5ffa83488df257ddde110106262e0ef16d7ef213e7b49c69276d4d048f":"a6375ff04af0a18fb4c8175f671181b4cf79653a3d70847c6d99694b3f5d41601f1dbef809675c63cac4ec83153b1c78131a7b61024ce36244f320ab8740cb7e" + +SHA3_512 long #6 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3_multi:MBEDTLS_SHA3_512:"8237ce9396ccde3a616754414cdf7b5a958c1eb7f25a48c2781b4e0dba220f8c350d7b02ece252b94f5e2e766189c4ac1a8e67f00acacead402316196a9b0a673e24a33f18b7cb6be4a066d33e1c93abd8252feb1c8d9cff134ac0c0861150a463264e316172d0b8e7d6043f2bbf71bf97fa7f9070ca3a21b93853ec55ab67a96db884c2113bea0822a70ea46f9ae5501eb55ec74eaa3179fa96d7842092d9e023844ed96f3c9fc35bbc8ee953d677c636fdd578fd5507719e0c55702fed2eaf4f32b35ec29a7a515bbc8bf61f9baf89a77aeb8bc6f247706c41d398cae5ec80b76abc3a5380001aea500eb31b10160139d5a8e8f1a976dd2dde5ce439a29dba24d370536a14bb87cf201e088e5e3397b3b61477c6a41e22a98af53cc34bc8c55f15d7924e7e32fed4d3c3ddc2ac8eb1dfc438218c08c6a6a8eea888b208f6092dd9f9df49e7ede8bf11051afd23b0b983a81bcc8d00f7d1f2b27cb04c03aeee59c7df23a17775ae5984eda7":"f08819ec3a9a9806a1f55be4f0e56bce084e66fa271784974bf80e1bed7b2be559ebf5b6396ce52f7db7ef45543965f83064095a70328489178718b491a4100d" + +SHA3_512 long #8 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3_multi:MBEDTLS_SHA3_512:"cfa6c0413dfc1a619417ac3f80fd38247b56941da8c2adf3ff70cc5dabed1875b0395d69d1200b73b1c7820b38868c5b38f52bf3514a96be12e27e34601d95d21c6f51c700b4edf1cac4b2079d487418a4cc5f34f815f469c4b44ef1a7dbaaa9597026c59260c9c22736c49d76ecf7430500b74866cbcfdb5e0fc4fa46cf5ee2b06363ca4ecba6d0104440348d191ec4a4bcbc9763152ffe271a69b805a0b9656970913dfd9e8c02cd16af33a878f083c926f48ab79b1db969fec493aef6c31accc1378867808440a5d5990490b07568bc66e9872904a0f46ae25ef4077b85ea217bdd12541a9472e2a9840e0d6ab55cc4a523f782f8c19774efbd41dad506bbafc90c438c14c780cab9fab9e74eb9452a0b29438a21878bcd4c6be4edac4e77bfd14a83d6152253a62e826de503880d37bf82d10924fab6bd23f04308a9660499bb223afcc5afd1bd2fa592d0322a9a30eab90bc7ac22018e99d2c8f573554c85b019d0c4cd75e359e5e9907082a8d660b353588b5f085486d89bd97bb32335cbd8b9adf7d57c72c078d9d08d9c09a70e43da1f1fe5b398ef08d2e06111d9a9b25a893a5d84cd643b0ffab8ef2755f781c1d6ca49":"3a4c2c9284c90515cb34a0895d0374e87467ffbbc7c1dda3239893a12aeae3b9951169fe85605ef7aa2c483662f3a65c72ff12becde50c23ec6a2bc8864c27c1" + +SHA3_512 long #10 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3_multi:MBEDTLS_SHA3_512:"43025615521d66fe8ec3a3f8ccc5abfab870a462c6b3d1396b8462b98c7f910c37d0ea579154eaf70ffbcc0be971a032ccfd9d96d0a9b829a9a3762e21e3fefcc60e72fedf9a7fffa53433a4b05e0f3ab05d5eb25d52c5eab1a71a2f54ac79ff5882951326394d9db83580ce09d6219bca588ec157f71d06e957f8c20d242c9f55f5fc9d4d777b59b0c75a8edc1ffedc84b5d5c8a5e0eb05bb7db8f234913d6325304fa43c9d32bbf6b269ee1182cd85453eddd12f55556d8edf02c4b13cd4d330f83531dbf2994cf0be56f59147b71f74b94be3dd9e83c8c9477c426c6d1a78de18564a12c0d99307b2c9ab42b6e3317befca0797029e9dd67bd1734e6c36d998565bfac94d1918a35869190d177943c1a8004445cace751c43a75f3d80517fc47cec46e8e382642d76df46dab1a3ddaeab95a2cf3f3ad70369a70f22f293f0cc50b03857c83cfe0bd5d23b92cd8788aac232291da60b4bf3b3788ae60a23b6169b50d7fe446e6ea73debfe1bb34dcb1db37fe2174a685954ebc2d86f102a590c24732bc5a1403d6876d2995fab1e2f6f4723d4a6727a8a8ed72f02a74ccf5f14b5c23d9525dbf2b5472e1345fd223b0846c707b06569650940650f75063b529814e514541a6715f879a875b4f08077517812841e6c5c732eed0c07c08595b9ff0a83b8ecc60b2f98d4e7c696cd616bb0a5ad52d9cf7b3a63a8cdf37212":"e7ba73407aa456aece211077d92087d5cd283e3868d284e07ed124b27cbc664a6a475a8d7b4cf6a8a4927ee059a2626a4f983923360145b265ebfd4f5b3c44fd" + +SHA3_512 long #12 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3_multi:MBEDTLS_SHA3_512:"e34acd510cb32ca5f97298a3829244bb23322229fd7a07821dd40a8d01582d5558873f7c0a3d00d278e1872605dfe15dd558fbc1d518c19bfbc88803cf64a9f72af06fab3d673420d6f5c6f8df65108927ddf63066c980e77b153b1af79fdcb7dfec2785ae1a0fb69a151fbf180e1867a229dc1eb8768a912523eb7b83f00dbe01e22db2643cdabd4cab5824b9c14320cda47435d40829bf815a5fce7a3e8333183c4adb67b6de5c751e3acec966d7dc31b7881ac165a29a182361bae573873faa6146a8c07160bc9cd68d6650e41dc254c8de788777404971e4b7e7cb76610a41b9e9c07654ab04493b199357255dfbc04140f52f244af414062afe342f59bb64acfbcc9146065d04b5a5fee410dfaefd887439bf5607c58af282a72986b77b9ca243731a31b8ef56acfb4e028dea04910742ed42f4c0e25a0f8789b063c2716f038a5e18fc0ae1c688e12cb684c725062474b9bde6be730cc4014dd4aec3c667379834938f445cddb120400addbf38e449d0443a1446a1297bb79a9a4f02a10ca6359e94d2ae87218f803105801866b1dd2037c066a393389b72190c2ec72be5b9294421ad8f8b1c8ac8a8af561ad6f7482a3958c41b73c18cfa7231345a8b7ad63bcd4508318f560bc24c11450fb13df1b7f30916f8664cb5174c114702ea536735e205cbdabc567834c632363d1e0c428e0ddb4480966280914fb5500970f9d2dd2a6bded33aa43be7bd1b12ed46eba2792ed636fc2b8a542f242438b544f381fc4e7e296430c8baa3dad2bf685062793efe03d4b34d4d99ba7366e54f8fc9da59f54694d4":"a1416054e488c1e013762d642b2c63361b33e4fc528149845606de20998bf2afec05da53067477a3c27ebb3c0d24ad3dd6ed390335977f129f1b6b1526c0e0c8" + +SHA3_512 long #14 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3_multi:MBEDTLS_SHA3_512:"0d542102f215c793f81cae2e79e5ae58b4439fa0d05577301eb6b2a19ff5f714c645f87e7e759a436f2256077d2bdec0926504109e90d8d3dc8a11f456c3af84abf1de0d10051c23955d9e3daa3bf0c3e176dd68f56f8eba0c47f6f7394f6d2345c09a57afad975cf135507905fd2c8828def04fdedae00e365527554f8178181b1bf605635551150b1332629859da38ef04066e5fb915f7e21c6cb4a0421a8cb568b8bf34e593776c5d0ea16a3841fabf52e66d83f4769c99048fbd357899a79c10a92c2b45a5aa9b7daadd8380aaf71e2f5af34f744b26e2755617150d3e90577c91f54f5dcfd520d9cebfec1b5d57970328a8cd1fdcbc46d78b6a48e751706e1338c2a915592184db44eeacefa241af37193604de70874c92f460d7f01a6e6a3c653a3f568ab54ee9d313cbe6c1ddf031f542fc9a50af7c0e5a9fc90ee0b3d261e2051b06acba066d42d652e70154e15a8477be39c55b5eb384cf262bed672ee975cc450f055735ce5ade48d9acce0a1a8d7a51a515b37bea3c99f72e87b0073ce737c357deb56274e3d4b5a60872f4dadaf6bdc488e05a1948a543fff7b9e3c2ffed9fc87efb15c7a55fa1355e69260031910b80680a83aa719a128685a84de38797e1492f52d62f6728156ef5db28f65bf342bffb587f037f206cab78a6ca0745dc8fc137e22e14f3d7183917ef832220c56a6b8bf3d58e3ae15a561adae4960365b31adfd2a4de0f13b37e0acdbeee47af8c6b5e030db16a82e36fb16d22f887d9543b6f4bc1f58484ed25179e61c19a58aea7bcafb0d6d6ae10de86860c9599e17b0c2f740bc119d3ce16868af502df69db07ef1f4564470be88be14e2bd503252f7566760cab98a85e3a9fb8011bdf8918733e7c54c38541735e09ed06218c4c785e5e784c19c7aaa677aa51":"0cd249160510bdbc1a117600ed8dec1b68b541c684337ad39e8dcdf84bc7a9856cd8e210098e1ac47fabb3af0a4313a4a70f388b11ef53771651d95131936ce4" + +SHA3_512 long #16 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3_multi:MBEDTLS_SHA3_512:"802c4c6faa7e25b79a985cc98b972847a2dfef587e5f7205101646e4add583f46147c0c987303ee996f263753e556a0cb4875aec4a62345a42ee7145e427ab26ce009b2a8ca74393680b6c5b839c531b2551a02c52f0970c9e8a92034244af066e5ec6dbe16d9e7eb8eb60c483f24b3e9e45aa60bf9003e2cbf19267eeb6f55dea692924af0ab5722d9b25f666e2ba3bc76a60d0b8cbe0a6722b57b91005e7f2e929ac4c1e04f2376f22a53a53f108db47c8aac36627971e3a41cb41d2b7ec8f14a7389d55e5bc942788c6d772a99ee6c7677183f02e8e13cc3ad5465a566bfa13eab35d7d347a52fdd67217ec91e224ee509b567f682e4ccf1e5c12d06acefc8dfa07d5bd7a963998139040e9313d5d658a12853b5cdf93ecf54aeb5d797c5d2be01a4d3e3e7711a147089b90121858d31dbc574b920aaecbc8861a290ddde594a3d60d270885a2bf7ac2700abbd9dee1128316d8921566139ef8e65bad595c704b215ca16128b49bb5a5077fb4eab737704e0809e56a836c8088991be2588969e1e584d4cfc80edcff9ba71686b1ab7c3f047707126fcd80751e7a93324235256b09cbe7dccd792b618c99f7b8988258878fa9f9a18e0cf485a2d0e8287f284cf4757a03109fbd30e25e264bd205037551d6e7081a2e0773b8fce44549772a878111d84ff2a6a2928afa943a5d62f778a4c1785c06b687a31714fed01f93037e1cc52ff40a4bf0fa61482bebe016260c8938a61ced90542ca9d265b131397ad8cc79c519e0f46e0f70303587e38958d70723b771552336b7771f631107d2593d9a15e4e7fd0be57abe9bf835ee235581266af482c8d7f5ec87e13e182ac766578c81d286e8f61de2536fbd1e8a4ce4b3eef6a578cd145872e3023fed217e6acbada5d71d291fdef03896cc693e6ccf1568ad127aed4228f29368aeb974612c4402693dd449ecf04c74f66d3f93ebdc4e9b7882b1aec92d139dfdd3a3acd7766895b64ad4cfc71a9d0f79e8c81031d40790403f449b122f7e":"238726f9c46f44f3457be33cd360e9a369b31280ab718b01c4b8e324e40712f8911aa4220bc5f0e9023f47f48028fa37108dcc8938a34943775617eb129bf7a5" + +SHA3_512 long #18 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3_multi:MBEDTLS_SHA3_512:"1f93eb3cefd64eca5d7ec36cb7f21d768cd6854262ebc930a730f7eaea4e2bed4b32a54530fc1e973a185c6578aa058eda30b114e8634222b35d784e0c01c01bf5984dc255b86a32f06a0f55958bb29599735f9f85d50b660ce6266b40c26f3d050b0c3bc5d3daa165bc02c3785dcd93b3e8b969a10acc04981328ccec57e05962d40a39e81515ee83565d3788e8fd910fd7e4fca5cb2c02412ca7f67a89ba7af63b6e432645c421307f49392df4eb9595880be0f7ded36aee78ca735020a5a5a88761e2e72d8e405680ee52cf483eaa2d42549b010b6a448740bac9d8e44be460020a9d93931c55dca17309d6ad9fd5bf4fe7b72a1c9996f3cc9e83789d513e06f292fc92401567aa2a00e7abebb62033f5edbcd9d7076a1c649f269a1262bc83a020874cfc227fa863bf73b4ca2a92717d8e3078065dc7e950e53ca50c2464bd54ddc72a8eeba4be94d6355a12a433622ff19d6e6f42b642d7974d01533f409d56f04392c017ded4046db5058acb0cec523f8a23db5f3d0f43dddf15af5c580bed8283ed584f35d2fcad7c1efb4824f8309f80ff115c6738dae07c4be823b2f062bb10a41f3ab2a0c4bd110b2dc2846f0f3a066adbe039a6e5c8ab0ac53b5832fdc2711ddd815c26a4c6fc36e8e232373838a4ccff93bd3fabbdf5bb0f4d52bb06c02ec25acb3c4de4f0c605f450383af3c0e28d461efaec76e6e0c48e00a671c5dcd0fa5dc158fbcb62f6e218b39e5e87fa49157829f8968c6bf68e0afd5e3e823fde2cb00bba19a24514341db36a8d3e0f60cc5d5bc0233675bf814beb82098410e0c219506a90b1c0a863ccf9a6ae5e27af1bbc5d597dbc2cc205187318ba14785f2361386e4640fc3bd7eb2d59a93069bf685fd6cb8a66b787833b3d2a387a9fe2b7506dd025972154f742f78c66fcfe171c0c6f1f347c3e96617af0bf6dfeacf1e6ad949814fe567c2d9bfd46cc0a0e40a08cd05c6145eb78099e34e040e8c814184258ccfabcc33ae1bcea8fc5a1c0c05ba7a08afb0ae4b4e16fb394997f1ad4b5d55e76c11a9116796e646f390a3c21b42488b2e91351d253b412e3600ccbb8252f519d5060e8985e7913ef0e8eabea15cd2fda13a85b5ac637fcd57dd7":"d75e227a5ad2d3ea262dc663adac6e339126163ac683b3e62aff92653a3de00986329e4c6b79c0af3ed614a3d10135279b92d6f4100613f41feeaffa170bd098" + +SHA3_512 long #20 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3_multi:MBEDTLS_SHA3_512:"09ab78274714140e9e25d81ca9a1cb475945094f39fb2296f651bd311e29813f28b23579b597250b1576c8a30d93a1c7d7ce636b6bd258c3fd900356c7ec055408b53d294ddb3352efdcb76fdd80c59a9bc6acf88b1e6f8d6cd86c5520dd3b90b29dd95d9748068a3441ebaba1d00069ad172d1d2247309e4a133e56b165ed9c2d50513e1c47655ced8cad7de2ea1adc13a72e03b7b5609b9f28c28303ede11f81b8edf3633e1a7021a5450d2638db9ad760f7d1d2cfca2f73ff40029ddbe0c2b7bcf5a4f496eb6dd874fb84f8210b4c0128cfb0fbff3500cf8000fb0798b22dd643b07b58b8a1fc1ae0170add0d719997e900c8bbad68b6ba934997ca8d1f07e637679d160a04c4f0d3e0c65f64d62aa38ad040993f2cfa3d2065fd6d21eff8f07f6235b6f6db6e61359fe1058f02a62cf388411e1e49745f0f9a5778bbe9aafa03e969c1e3f0a176ec9d8357f4bdb63b0c6ff2d0b287cb284831ca74c5d7c20fab4461be39090636e11fd2defccf02d7bdcf7c3a63aea7a0b37180e8a67feb345fba46355fef44a9fc70f9210fff3108eeee06e19a85b2d039a4a15cc6a9cb73079440aebf6a04d726d71ea99616ecd68716b94fbdd591bfc01054588d1f0ad38b1b76b2c041eec9459b6afcf7ddda4a708dbd0b3666ef7531ffc26563a8515dd39411c8ca3ea986420504a49c19a46b919b399d6b0072fb75b7130ab00b4817c74a38794527de16065d1429eb95f142d28a558ec66bc25872816ed0dc11960b5084144c99c5348278ebc4114e186ad51ca03b64ad6e889412a4fb3e4f82e3415489cdc92fe054d17ff63ae62c69b72e552710aa8ad36cb83c6ae4dc7126d9bfbca28a786d40e50b05c89e2fed517f556765ffe5c46015cbd8194e32abc41e8f711773e2bcac9039f1a71975f8986a5038a32d9fc3de2cd5cdfa63c963265ab95a30b28e85edfd612bdcd33fb7062229b228c55fef1458df05554b28021236435e356c042ecbd38e9aaef31591624ce8bc3eedaeb0cc42ef67722ed7f1515937676dcccd210ebbc52867a17fee7693933d2bcd136ecc9210db98335f97ab6d9c5c21f770c47e5c10bc4e070636089c341f388f1691ddef47491082475be7177b2499187581e35f763eaa4a31d2e112d249ad583f81c7019e99234417a7cf01dba91d5565bf046b0097c4958928c99b76a3d25317a652711cb316a158e229d3c4d2f5d6c7e5aa29b4ade4":"2c1182eee0a90b686a14e5c7f7bd47f89d44d531a53c84e88c459c1460ac7d2cc7922b7be672596d55654cb388cf9b3300a9f31f18fbb45f89a7dbee27ed462d" + +SHA3_512 long #22 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3_multi:MBEDTLS_SHA3_512:"85ff5f072442756665a41f36cb2c99d3152f3458bfc3fcb5cc759901c33f7311f8b41a490c7ee4b2b70ad84dc582caa75ffcc8ae8cf1b5c3f8f03410f393c81cbcb3399c00d8398d9ef3477fad50d434c0c6a469683178f4fb22ea0f94d498f45b6284aa0738bb1ea1c735758a7efda1bff591325c6b8c6f5f7282a6afe92cc05d2bc5182986b38e48ef6ad764f38e17e5f157b16f873a5dab4ac67c4bbacca94875c2916eaa69041bd1ae4c4499cebdb822be8da96dcae668117c3a702fbfd7a6a744bbdf8c25a9a3d6c97c315707bcc2f18e6f120584311d2e6d8726304f71fe2b133e83152fa46766821033157f3b8bc48efeb338af67520b610c76a5c29fd968f7c3632bce1eefeaa2b052bb8063990487e393ec95af900f20716776618bbec6b8f285b74c3fc4c8f2039732505b761a42c5ba0a7c325da2715d028b745a35ad1d72f3a2ef2e6d6a37b20960374caa6c844d317bad18442c1d784ecc4337c685f0ecb5d2001472363c64b02e7f5ebb641823ff257088ca15ed6b53221548fab6f707d131c6185c96c8c295846eb83369c5ee2cf20daa79c6a6de197334b558a8fb6c51a68b63b2f1a274bf4b4e839ae25256c1c9cba7d8a51378a9a9e6a769c4c3c23c18951cfcaf9321366965e676398805c591f3a76f1bfbe20aaa7446b37019b29b712e6cc337637103c8fc0a51d52fa04034cdd1c79125c4446026b9c015c3e475989c7b8df3da0e2d4e5a17b21e0fd23b99a14e676d5ac460b14329181c8affd2752770e54abf9dbce5c934227cef40bca8b746d718628d658715bd41eb36acbbf0197450a4dcc9b9748f8928579895ce4956e0a0fb05c55bc9e29ec5ec8f9236f1b8ae5869f7372be3f53f4c17d3777664c844497d0b154a5ff3f32c865c5a4e604e478402d9921a1a437e1624668fbee1539b5a053b243b3090e5fc2067ab082521665cd54a808f00c16d0fe71984ada8400d5cfd5e9b3526009cbf24762e6e287934694b12a9907fb735bec6b6fe4ba2d7c1d6cc3c2141288d3ffcf9528a8752a0d932cdf8b7287e6cfdab2a03a7a1b55fe050da9d5f661f7df63c07c3685b89dd7c40c1c54f5ce629ee5f7cca24b6ca2291528f49fcacf119eb06b69170f3b677451990411b369d36306122d12093ca66fd655307a11b87a943e26e834956c2b75d47a334c3bd8cdbea3986e1413e9b744b108ea1f6bcc975295897629c8c93e5ec526166eff99b6045700ec12fc12794a4dca8dda2969fc4c3f199f6109e134919c0319f46f3b30c688d243b9324540d305009844eb1f2e03934dc074e93282a0d1b7da670b2ba287b182f1515":"6d87f523d51ebfc11fffb33357ed7ff3e4051f58a52d45fba208429ee5b53995e5129d35e3b8d3448a3f56d32dbfdc762a1458569c839a4a1c57b4d69251f565" + +SHA3_512 long #24 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3_multi:MBEDTLS_SHA3_512:"d43522210236c67e4981bf3f441b941cd52c5732b94ad76160fa16f3fc74fe7ed9a74f0bec7ddc77ae60f71a2bfd2aa7554828539fc0023ac7f49efef34666b100ef3df51743b76181368927bc203ef4cebd2c18d978a7e7f0e9745f299c800bf314d226aa0fbf04690c5dae200b3acde6944dc990fa2c3182e1805ec5feb6535a1ef8e8ce6a5c280fe95bf77e4684f845d471adebcffbe026e5aa42f0f46f53dc169681abdbf6941ad56b49ff5a863d9485820d137e7abc83fbda55d10714d12203943a68eaf51133d975eecbcea6667baf67312f8f138c422ef8dd91be0b96d4edd95b2e1fc16702fb612c092a4e39a15b0861688b2d1a0a83ec2357a2bd6a99dc4f2c2403c25e2e45174ce1f7e580af914de5e6f92f2c84049e6f4c3a921419d9ddf5731d61bd60bf7f957cbbd3014c571e04d061838b57b8f709970ef35efdeb6bfd42f5044e3f70825102017f8521b763084e4b90ff2ca7dd3862a6460eed1be28dba1415d7746006c69b4e53d3d6b804378a40be50abda3945d28bf4ed907028ed0301fa21a697f43e6d2cb6b51262e9daa9c775457b58f478114466c38ff2266544441df47e1e35ffa32210f17dbefb38d6691da74529f4194759035891a9c43da566e418a4fcaf5163b9ca50c0d3209b37ad1e3eb05623709b5232733f9eebbc4feeb954bf394c7ed5774a9a83aa4149f41be1d265e668c536b85dde41d8812b6a64037177def3cd23e7f9976d49478b363bcc2b0be1aa5f4013eb5f3e5f6fd21d51293876f18c85728e3f0e27ba18a9259648104b50d387e0e944bfdf3c9ef9913c956e617dfeefedf685c959059eebe8b3be4bcd3aca853ec4d0c5cb76f5e8eeadaedee3873353b9a6318eaa30bf99a81a94a238a777a1832bf63baa155be65b2cdc4fa21912f90126ad26c24565fa8c5434de359fc223d7a721e72622ba3d00428788463a8328ebff5f594a4b7757bde804c76b2b935261bfb693e5a3f9330676175278f36e299fb8b1eeea4bddf8625e6e248352d2774afb1e058fa300119551f475e04bbb4546d90aaf494c7f25a43fd8bf241d67dab9e3c106cd27b71fd45a87b9254a53c108ead16210564526ab12ac5ef7923ac3d700075d473906a4ec1936e6eff81ce80c7470d0e67117429e5f51caa3bc347accd959d4a4e0d5ea05166ac3e85eff017bff4ec174a6ddc3a5af2fcbd1a03b46bff61d318c250c3745da8c19b683e4537c11d3fd62fc7fefea88ae2829483871d8e0bd3da90e93d4d7ec02b0016fb4273834674b577ce50f927536ab52bb1441411e9fc0a0a65209e1d43650722b55c5d7ef7274fb2df76ac8fb2f1af501b5ff1f382d821cf2311d8c1b8ec1b0beb17580ca5c41f7179e4ab2a4013eb92305f29db7cd4ac3fc195aff4874ca6430af7f5b4e8d77f342c0f578f714df4728eb64e0":"3e2fd51b402408073de5e665b81cd82052a11805345132a80f769f9574779081de8604f9a40699db3473fba4807eb1287dc2eb3e59763f21d81737b0ac6915f4" + +SHA3_512 long #26 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3_multi:MBEDTLS_SHA3_512:"211909dedf08fb0d8aa87bab8d45f6894b458761625e5fb031066ac3982b3015fe25f9d899e934d2e97f196a86b68e031c164788b4163248358f12052a716947c5b59cf624925228d4f41d38942a5c185bde60e89c4bcdc7c8aa43e915ed3ee97eb03b610a6d1db952efce3c3d0929710f8718a8a265f9d3f23f4797e00976a32f001e41d3e05c2a6b58769f0cbbbdb540f8b8f14ecc7e14bc366438132cd81ce28c8dbd0555d92627175b8886a8e08df61987ea29e824342d77e3f436bd2efd9e3cd0fd2a335a538f14c52035385aa13ad2cfbcba22b3d84eeb0cf2d2263eed6cf82e2ac9e2a859aa38fe8fa0d4f298130bd68e89e0f2aa2578265b6eced19553a8f16c6bca8be181694dfc4fe2721b8aace6891f8baa52bd077b56931dae9d5b345fea9753ca931a90f98fcbcca0d1a69d45d4038ca3781b81510cc87b9fac8c84c1cdd5e52f167f964b729bf844636fc63b99bd49a5c349ccf1a595506a6aef815e3cade88013b8618bca47d02878ed1012fdd62c78db4ed2a3488204d8818b118060a8c48631cbdb01c258ba13b92961102ad59ce3693279ae1d18ffb196681d6d614de10919c2ebf47f5520cccd2aa37f484201b015fdab5c4ddeaabd548f8e6e6625a7d172a478ae2cc6691c5ef8bca57ea6c2a586b84ff3005d6bc360074acb97b77fa5e57a6c75ef33fdcb119c96cbf588498b656b4dbc5d1bab8d65d83bcc1d8bcf4e1a4bae92f02544a1901d1738d570fd29591c8dff8da2d3e1090b48b920290095b81f264d5824a6668383293645e646490bd5f604b87a4988f4a758d9c71a7b4068ffbced4fb68be191d7b30b6d738cb1229d72120429774acfb455753be5a717d1f158bcfc655bdb63209c00769e372a477de9729c39c3ee423b26d5a412ebe49c00e20088b87e1ca166ce5d88f0af7c227b416da632973ef442b3412929b16d703142021b375c6cf2b1306acaf05d6f5aa263494b9a5a008ed4e401f2b3607bf68e600adb6b5d93fe0aaa6f6526a7cb98f7374eb2fb74fdb7f6a15c28385fd6d51e245ff3dbea586e7824b3811af6578384a5c604dc4dfd18b2d29cf33e1846b6e9774b89106984ea04867f4455b3dcc45096f768c64dc8590f5f077a4ff29341f83f14c69044df19b5b81bd95e44220263f02a0740dc25211630e6e6f255841d526603d1e5e131a493a3cf66bd13f1e6c69da808d262dd18cd2d805eb0a9e3f3ffd260d396aa4232a62de314fb8611188083b6940447b8e73e3f1f0b0f57766a086d73f32c05da6cf73f9e0a9f07493f998c9fd35ff37e36714c091599c5062b741d835a2e5cc0fa8dc2497131fd63031a9fa9ec6acef7ac6c3d87a3d65c5add4bccda2f2416bd83709c2c7039d0250e0aa31e08ad41ebf239fbe1dd4d843c299661be9b979b99afa9b78f3040e758057182444eb1b221b0e06d5fec86a672b75cc478c60e531c283ff9bad8cdacc493572364e7fd8a628d677a49f80928c52ea5dd50d711a60d933a4cf4916986305ec56ec5fa1a327631d80ce6285f74":"07a66b976af9b5982d5d776da8a7db28746161bd43a43e562c136357b0aefa7b8c33b8ad2af6add3b95cc962cd9617341322fdd2c07b4d65becc43a80f3df2a9" + +SHA3_512 long #28 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3_multi:MBEDTLS_SHA3_512:"97a89d3246067de18c799589040075c9e0d2083280a2c7a944222c0c9ec66a196bca5b8b8376ba858ea192341a74f6b1eb70f32492b2c32f4276438adedba8ea56e66d2834c88f9f7264fdd68f0c4a5fe28ba6fe2d690c0e756abd211158ece70202bb51828566f5dfcabeb58a50da9b6b2c0908784e0a0e8605801a5fc6a0d614292d4d9534a6517edcbe1934c90c2f315a048a9ce926f61d5075bdefab2b803760ab66945db779f7a1e34cb5fe49e1da1d7fcbc1c2c690e1518451ea92f5ad11b11de2a7890135f12116953477fa7b0f7d62140d6254a27b129620770066244a236b0af83eec4f1565403bd9bd85c3778395adab5036f5929b9170bf7fe6af8bbe7d26ac07e08d0a744787ce575482bb3600dec114d651cff25f8aea96dd147c8b3b7eee6945b9785715c138cdcd7f829f8cef78379a7eda21e6b61fceb31cc4918e59e4ee83990914903142a85a8475c41f27f740ec435a30103b86add08f0bd95c01b61d02f663b5a21e116f62573cafa2cf67b73369f825c36348bd9c35fb698fbc8d7e2a972e4132d2d0aa4dc17e68fe2fef24d6b95b0ae9748d8680d63a4b0dd3919a644613c12793a5e2828ae3f5198fb8103ff82be669b77c8fe2397087c08ee9f816c9b93c6baab89d6b7a1560dd37e903d5f112c22b743e602b2746238e34be21aae9cabae55f32666f59b9b1316eab83006bb6a517f3fa81c4686329610f379b866eeb447df93bc2f6ee7aeefc7e261a282dbf97157bd97b13c471a020657df01420c6e01bc2fa3b6802fd2128ad814fb500d6a10d5503d482031591b37fb7a7bac70399a70098582e5ded519c44e5aa0faca3c9e7ca9f1778ecf90301a50e49e22a4a7409fc3da1aec7f087408a79b49ff9cd198b20d6c95d48c5fef41eaa5df312417b2afe0f9f5108aecafcc966f4cbaffd99e19fcf7498df218b7334b26b554793b5f04d39d97fe7d122b847d3f3fc95da50d291b39f9379b3b0672d4efc6f91e62a4433e1d8a12efe975c4ee9379b740d46443ca9d3b5de2677b652a897abb8e3e30ff630221da3df32d024cf4a0e143d8320eada9766d520e849ebe5c4708331e737df4d415d0f1cfafc11aeb4bf3d13104fe16d730e28490a0840300b27bb783ea63660bdc7395df8c95faefb14b736f4b8698bef159d4be5db98aff5362862f14243931cc5eb49321d54f6a97749503742cc5c94e4fdcb81ab3d8a0906929507f54d0ce8beeb88b2e23aaf454fbd06e2d75007e9e10f74e75e75eacfffc1b988a59ef3a81a02c380fe57005804d902fb5e3fb577759deb1ede89f7d0897d777d3c7c71e540f8a2a25bf41269fe66ec8dbedf8dc4086ddb2e11c1d8930d8d77eda130ae269a95cc22df580d00a42b6b9de179b85a0349ea20e164b6a1f1ba60e0bc02d1f38fa1ea0774cd18a660f22835ae545dc1ccf7c0fb35bcb8809fccda5e753902d487e3a35a01995be19981cb5c0dbaa57fcd3f06c7f40f07ba7d8b8f70b41f6b52ea24a0226d05ff3cb8a1fb1be6f1b81e6deb648c08a6cad7f5be241d61fa31f4212c8867a2592c3c231a60792142bd2613c1815358c92a5d6e2f446e64137f4392c3043287dd096b43b4a37ea7f5dc1d298b0623ccbf4fd650a49569a5b27bc6a6":"767272f34a51e2ee0b69bc9d7a8b15f71c7f1d6c392ad37b4d2b43d8e989f076ff7167e368639eaad6df910eacf848c5f47979935988265bea455a15466876fc" + +SHA3_512 long #30 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3_multi:MBEDTLS_SHA3_512:"dfb77844e75f85583be98d8b02b601d95449ea7c954cd81001d31bf487e536f3db399124c73d6e0ec25c1e10c381750157d77b13f2d464fd8275c3594acbfa4aeeb6f563caf118c4884e7586f243435a04a68b6c46b5258e5959e392cfac0cf740b80cc9998269c2b847f9b53605532d843d83513af7020aab08e568bd905442f8c63e1ddcf84b4f78cd126538ce8dc1ff24c98875a3e2bba3082fa3bd7fba733e69f3293a5ba5b5f06a285da0a6d9609ce4c7d9a0c1afe766e32b0b768226d13c2793b35cb45e3a4aa5a36615951f508304e40e635750d71f203f6791a080a5178b8684ea0a6027ab06ec483fa447dadd0c87ed656fadd3f448d581b5e2b037fa1a34648b6692c43d1669cbc7da3946d2851a404f10ae220de2541f8b4e9ecf0b5e061ae7cfdc58285c83b65540dddc89f604cdc8433b0e9376240abaef33b572de6270a74d262d9461a2d390dc1be42be7ad5d790f3cddae8dad0aebca55305822b12c73e85889a8ab2fe821b8dca5dfe07db70a7c99d885ae56e7c6e9ed8ae5b35c17f2a95bb58cc490beafdc0668ce6adca522923a4741618968f253e4094018c9f9cd9715f969342f1de34e83751f0c32ed695a0772092eae56181020f692d9629aacbb6f9c678173cd65183914fb4fe75889dbe9a0069e2b79df298b99027f8ec1351b51e8ad35c395dc42128d8aba63ae271dc61b60386999f0a50c39b991b43813c1a42364d7893ef1d2f527f3d50eb7ee2988293e84d07ef28c8a1fde973ec5ecb54e96b3f02c914bd2c92b5f28513a83061513c80bc9ef8ee6ef949a19933169fd3989c3071453934978e1f53c920191bc57212854bab66cbc22de15a01b4331a34b43bba4a94f7040e991de983ad2be54349a83e80c9933150b4576b33ec5edaf6e0ec450524c8bbe048341c4b276b2d596c8044d28618cfa9213e6db647d4427893006917a118bcbb1ff474961b5164764f1d00d74d61e729f8e8c9ff535df1584f2a8f28667196fd84c18aeae5692b3865e12b05abf92851a00918759b36580479cd3f8df16ddb361b3db7b0323cd20e357f0bc41e58f3bebaf1c1bf8c07f71b976ae2dede67e9e347cb939c7e27096652392bb9111be9dfae456e43b23d5efc4c86218189fa5393aefd96f615c221df30c2134b109c6b22fe6666988a60e024fd91641c908f98b595364a53b598cbe7558c5b00b95518373ff7532480fd2b243f2f33166ea239c7af28163bca15680d450a5b6067f0416ac75abc8e427cb08865b216f590dca74861259324cfb276cf63ceace0a8e8975c4912fb2c2b69f0b015cc7830839971c63fc13995330a788c464bb807f8988a8a19b2a784c84f6c49c3d0df6dd36319bfbf8d82139097fde260f4155ce39a8b52ddbc3a3e958793940451c4f3ecb42f9344dd050674b57760587a4d45d6692a64e9823ba00fbcf74d3bd1c1695c26f3ef84522b143c1d65647120b8695d7ee83ee1c7145fb36a17d3eed35d449e162732e26f7c93632a588d6f99ef1de566352f4add6cd41cf975a6a1d8d0fc2f1c3a0be397622a9656c149884879fa1a9991d48947ad93a8e58153e954f5268b939cb8fc6c8430223d20077faeb18449939ebd21984f14e3d8db6a19ca122a3036dfe8b1514b4ab347f565aa5f5e231eeebc57a831d9de5a2dd437d7cab09db950740996d83fe0a601c1e28cbca87ce7056b2281c6c666787f1c6b97b968e7838ae9aa1183da8896f515ecbb5":"c6844ef20c8d121ce80dd8a3cee4f36501003232dc3e71519de69a4cf77329ece5f08967517804941bb00d65a864a0e82df5b5452d3700e4cc0f5b539ced454a" + +SHA3_512 long #32 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3_multi:MBEDTLS_SHA3_512:"1d024b761257e905688412b42057f150daba54c4ec7d5ef4b5557be82f24992dc47a9678635cf48dd245d45f466b227931430d9c5b47baaa34f739c2691eb8adb556f679facefb63904b07fbdc6dc8822534cf97a4c24513da63da3127cafff2979e55bfff356550499f91ce0ce64a34609484fbf07667f650a0487b91b1d7c313589a939b179a1ca5475c21fc5d1257876b131166ea891c3eb669e8d05aa9e9d18ead3df5fe028f4e4d4e3bd45a87b345c264212fa6114e4aae27c20c4ddb2d7847760537710571e9b85166bd65110f3fa05f73723269521f8f694f6c13d755b08cdc3386f90b8921914ce8df071835200dec4e5817f7f0636116d9193303292364ca0e0d1d7ca09bdf260a61c704eb8e11f3fc09dc25f2bf2c18a63b35c97377d725dff165c07e02aac9146b2e3efa31b55cc3ac095a1edaf956fef9a290f954edd6ee5d593febfcfb1c4e27c32c2ab3000fec6926fd3e5dcfb82b7b01bf8463afc583778261af31d907ffbb0e3742b9fbf4be69bc7818efb72674eadac0dc4b24dae667678f914b4c72714f97c70ceeacf483d452327539b888206eb6fac9b554fe5e56902f5bef5c45ea0ce7454ef71df581d271931ce2dac6782e1bd513494817356c86abd3c71268b3198517d17f56e00289a003d79325c9c45394b981ae070eb1d0d069c27b75c4149ff9a75d2c5d9e4c2467ea6cf4a2774c04a60edd8d99cc1babf6d3efb38d3f54c6cc5cbaa63c16a7c94eb0a4ac58b9576adb3ced8d0738bb24814f241663c2bdb5859daf96fb2f5da1debd476450782eacbaab7a575839d864f847274cfe369595acd405a4a0d3b5d39e7a1dc3909a1af4cbc44b9294b9bb92e322c1fe6781258dc968847735e9f687174ded722208616797ed2ae7c49fadd7cb48bad4a48db5c665c1f4b8c15869e7cf9f81180dab4b2fa58fddfeefd3f45b3621da75bf408d6807471d0e4d0a561850d99f5e5a6a22747d132d7e1d3cd845af15e98abf84f49a3862c722e0e60545226110ec102c2c5da8dfe21056c4a3bdbb8caebaad4034847f7ab99c82d4bd94cba19c6937dbb313ad5dc45ba3529bede4eef2ae905c934f64f7bc233bbcc72dd5ff0a7ed85efdbe14f49a080bcf0afbb1a37d0d70bf5a236f41985f14866b39c8e524d2fa9d5284660b2ebe9721360faa1317805653d02729c015f9141bf1e02abab00ea580fc902a0c46264e31685258a688af48ff3f8419dcfa994461a14985e677d9e1ef4208e85eabe738e7e7eb42c5974151abed61c8fe11e6aa41c39d60d141dcb7d26b15296925aa5d2bfd03f1d60edf763f23e7bc8c208950a39e0344e3d6be2e11c0de73957c17c6e6f0c2eb43b330c1a4293e7ff0f0293e707ba4b884fd284f94898c514a77d57afe094fba724fdd39c0478d9990496f7b8ea2a8441c80c221430e4648f0df8d815d90d3e5cda98de67cc5fc90d6f3030fe75b3670132533ac079635e2ef7ce6e4e9cd75f5ba8be9d1c1eab5ee29b58c0262ee76c5d1b524f8c66a80a6af1689aa8c075e71a3bb98017500dd3af058b35ce6a291cabef73c0e6ad3511c99751ddb2d88b5e1ef02437e814d9ffd95a51f265dc1af0842b524f5d917cdcd13604b80b496a3ce06289251ce1a21be7f617868ae91f705c6b583b5fd7e1e4086a1bb9f087a50bf50f52c8143ae8b0516576828c15b924bb0c00257bc526cfd5bfe1443137ce33c3531ba16c753065bc24e95707e66a8626a9e49e100d9de8df840ff71bce385cd1da3e319444fba46eb0da747cdfc60d05a17ff5eb05d9d77c72f2333ebf95dfb70145091a1ebce50f95d47b69663e21feaf3ccd3b424d0432e9229":"b250f9455a5a90e3b7d2e2c7a70e42547b63550cab908ab514de782b6215584404971db76d6e2f2c604f0697bc309e7f53672b617c8967943a896ba260d65eab" + +SHA3_512 long #34 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3_multi:MBEDTLS_SHA3_512:"ea850f0e319762b788d715889a51d30b160d54ab0de3df249c900d37ca0acfa2b311b24fe70762cc0d016dfbcc1e4a0beb189aa6b618ad6ca4cf48a138c2a62225e5bc9eb56cc2026bdeee35e86b83060b7f0a635c97dfcbab54f005f4cdc213862ab562646f8843ec951f9fb6df84e5bf6b2d48c7087d28f7478ccdc7d52b5b1f072302bcb7be76d64f899f002357914f0489bebe118d6ad1d1a560797feae438a590e885ed6b837233b29e8cde04f10371a82e0b5d197b811ac226d2750694192c837b87b89851086a240523b991ec22db12fe749228424f496b879a5f875509c385238ac14ccae01b673a8d5c086cf6694d98c259c3a7838629eb98e4760e52921d4855af8fd5416f01a7926e7058c544e362bd59f19264fb82ba95addaa73ac2d352b12b695a758e7cb2fa98d297d8935cc62c3bbaeb3bcd005c5962bb070a7b2faa66dde342c29f60c58c813513777f3e2ad8a6269a50272b3aacaa211809e4bab63c6c047371ca334711d1a1b3ea3013f88a433e88eb2f8aba562d15c18126fbdffb81d5d6c9397fa052321f5f78cd629708ba099b540da5451e949eeab8687a8d6ac35c531411cb37144ab5ff6a7eb46f1ab28fbcd2ea0444cd87c57bf7d3c02952dba3d3987da07622c16e7c086d90e88ad3d9d4afee301d2bad915d868f54197b70b23c9fa385c443404fbc9abf7e6a1fc6eec93140b03a00af0a76adc3bec7ad2b8f786fab02893e6f62a8689f065da033d785a1090c01143438afb4988799b0b4446d50be9f2edcf5ae28ba33b129d6c19aee4770cddc2fe524f1e23536f94bb2d9058c04e519e57b3b25d7a30636891941ee6a9e7a32186ad52281c2534e48cd54266aa45bb321a8128508188eed80e3d36c53ba9b6a986a532bd76967006daebfba31c68a6457253a3295bacfb485c6594f4bedb8ee778ea7f52d50f97783fd21a82a94f8955199bb12c6b053f45e6ada81985f5a257d7dd867ca9f911a516183d89d332facd5ad9e0fe223a216d4785ee98237087771dfee68f87fb753a183ec32d1ceb713ac09ea10333a4280af98ee6f539e4b4c1d5ef2e2fd18f48a390b649e108b16309e54a7fcff1ebd9cb77190fb51bbaa0c47a0ebbc2291cf25e2a0f404a092d66d7236ddbd8ff69bd1b4ac4e75c6b7ad1fb84de1deaf12d18d64eaa24cca0c7e31f259953a2beb62866df030c5f8b9dcee380edc30ecc5802a8793785ed62197e3e462d75b1b259c25abe63dd430eac0df8f8be59920d0676413407e220cf8a8ed11fca908a6cbd01536367d88b571e05b846b0304955b0ba4cf9bbb81b4ba39b641cd1529150587bed687f8cad177c4cbe0563f56918ff650844c3761158ed3a63b7d22a6b0fd48885381b783ca24f5956bf6a0785d93afd2fafbfaac789dfd25c9b5d867bfd89bdb74cdc199e99ffa23edf02e524190be90f94f0d48250f3f9bb11d40558ac1081f02131ef676115bdb2eeff1cc84aeacf449f0771f640b2170bc5c615659de18bcc6fad780b9a1a127f599f2cf7014ff64b18740177db92c0cb21b44537357521a852bf321f978536e0c9638414beb424afbbc711ab742e7d85b01ef3521553fa10a4e7ac080bdf917398fcb0c5e5afa0ded36100f5cceda3a7fb76ce2ab0065ba1c0a754494991c8c452cb416f18ab115509e28ddb2848e9be5e4c344597f4ecb8207eb977e344334f814fa494ca3eecaeb9bbe6e028d8a645631fa4272fb823e05eee4a086b5f67719f0a58bb6cc3a9488d6dca9931156fb9a451bc3409b87796d676847f345bdbd7267bec6792d1cdbedf68976af377bca79ca2db10988e7e6821980740f0b216ec9224be1dbef1c07e3a4cebd9c278037bb6539f316e92aeb0bad330f2030a9f2e7c857c4253ac2803288b266a30aedac27c04671afe7d6f2d2ca8a006fdbdeb29402e7579e3597aea2493d5a0c08":"74aa96e89e9ad0f23e1cb37ed4cecc53a0af47a68fa3289dd2c91da6f8b0ddd5d290418ea43abf0f3700bef12ce62de3f9969d45f8410381153c5d698f1f4406" + +SHA3_512 long #36 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3_multi:MBEDTLS_SHA3_512:"e6e9e74abc89e6f6021a4db140520c7c02e0271d894f0a1fc12e1e1a736e9934bc0b9ae8beef750695134bfb8ce7df5391f4a47ce7bf1bcd1bf15bc639b6f19a3f63ebead25b30d43033132c66142709c36154848c9a2abcf181761e407b13e3593803d96296be67bcc3cacb35a28ca77f715ebce1a8e2f52c2495a7f184a717f1d40a3dd569c9c71f0b9b61615ab834ac6aebac4cb1e87fb223e1ebb29b543fef7d279c9399f6fd4353ac75520150b8349522dd367ce7626dc68171ec86c2613a7c828004f1ef100ee3258f6f62ff3cfe3a2cd608d285a744549dc1080e9a88bc19447090385c086a022f3822446bc6f2a1301f287b6a551e175f646cfb84b95c9b95f59f35e4ee3efaf2f6d36e3c61f8115741003f3f74e555ede1821527fe024c9c9699b130c972119554e8a91b12f8d4c9c3f6e6ac0d80576fc0b1242c5e967282dbe674e8a1ed9040d7cabdb0e3da30ad2d74375826d7650e8a60ef3ae201566e4cee46b37e99bf1d09e172a2db866e2b08e1fbeccad2c6f1c6f93ffa902940897219ef39695de5517195909902e5d56ddba5fa0ffe59c442fce3dc1472f777fbd4d0362369214b07974fde3f61ddaf982e28fc6acc54a526b4868e2f905345ebfa79e51987cd3a6504752539ff5742d78ad1c9a53babb2c7774a1df3f026f0816d7ec2c2ca4af8933f712d32e53cd850750a28675346334dcc97500a9c56c1e7b44596c73a7ecdbad0a9bed01972b72b793be3581d0d70e03cd5f0199ccd0042573828cfdf5203024087a0bba5e327911ecac021a0e9b0a64e6cc5cbf671f5bddfbd4283c2aee19216719a9c907572aaeb20886ae5c03dca8ac497c5b42ce87dd33eaa8bea7bae93dad1761be312df9d68a502daf27c5d7278452eb2dee520adbb22298e5f9fb32c150efadfa5a1b5931dc1f81ad10359c7a15852387a84e67320d187352a0438864e90ef91de0a3db393dd30d28a3f79f08c63caff92f082f788b38c27529084c80dbf1cd89735bf26515f74a923160415c1d05fb02d133c627e30000cdf2de11bda034b5dd70a8213dfb18a47a6724460c905d9f354d45bdc87b0aa8edac295a73ec442c8a671d0a3c6393a551a3a7ff72b6c006f0e1b298c2d9b53534a37e993c06acac00c52effd8d614e7b8856fe026f6b9bcd63d0ec9bf759c30337742508e95dabed1295284bbc908c60f7ad09aa1e6c74b45bdced316d52c247a960912d3f05adf8bf22c3b2dc2dbead6f29e716bfd651cdff25747418ee18c7a9e5752b4ccb98891ce1085c74a2aa09f9b1e270da11fbc05694c98f7f968c2a3eea1829981533472fba3f710c56191d9b2e40ddf7853a34681133a82bb0e8187158c350a94c47db0296af182cb1d2915f864a879f9ad5d23e85fbe8a2a6f23b4915bec809d99cec9d5ba17a5d1b9f0c4da2489659b89641dfd66a766ede7338ce0a51b84022fa2306f35dbf26fc46366c6a8232ae47432953eec67b16c232ba081fc448d491292847442b0e10bc90b8c4c63f8125afa534a3b3571e23b8f967003d5ea24f8df0a26838538fa2c3453a5d9fc9ae46588408d60f67881c2a8ee7bd4a68eb397d193a6fb61c6c647a2d6340db66df99aaa84df4e93ce0897fbae3472f2a4e18cb6a9766a5d0cade470fdc74645f3da70ed8ac06281f4ff31f4503a7d5ecf176deac6254efb5d49993b54c0120fceff7eadecc13b658fde172f7eee423f6fcda1ea642427b13af1cc7e55cf0f9841d11a78057237a2f11dbe0984d06008f98cdf322e037313486ef4968b448d641f17eae87f23f5cecb369d1efc7165601edd6c5e6e33bf95f7f9b8306fb119e7991c566ba476d44d60d14adc5051a0c92227dfcbcf456bbdbc2a7db86da533b75256e36e3feb71a364463dce2ae1d0a8b5f4a006abb915ff1789bbbb2f817947dd60288c8bf25c65483dfc60e6b243834cec63ab8dff3cde9c9008a50fe6491d8cb08c33331be3178f00ed311e4397ed4947810700985ee0bdc5cb02993431ad02e084eeafc8a41eab37a6cb2c063c4b4dce8eb58e04ea89eda":"a598cdcbc02e98ca000e739872235834bc639971465f52cefe54304c0af4cc86f6e60e0292bc9bad2654bfde619eab534202675ef22b3b1c321fef534a5d190a" + +SHA3_512 long #38 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3_multi:MBEDTLS_SHA3_512:"a48a4ae3ffa7acd035454bc8188419fed665629dc37eb21759f3f4b97da1d784049c763876dc37b11233f37612825890302d8c9868cc13140024f304c65516b79954efe32a9c61f50421dca6ca86c9cfc08f287e8dd9774940c9d6e290c26aec689bff0da350f14514f74c7ec9f6326490747d76bb0da65d21cae67d65509acb7b57ecde675eb048489d8c26963c5cf6a8c2d4a979d067f9ab0f68fdcc6770fbd972ff7d003066a7aafce4c7b9be0f2e0e63753f4f8a84c5e780a78a4e6fb2258ad28013f62cda0942fa9b89bbe612b4cc3da85fc5a3c368dc06ea4a72d029f09761b7c7cfbcd6171680fb93231b2f2fea3ab5316483ed8b92877868c0f29d050705ebc21547207931774a0e79c42c476e41e3deb393cad512ec9a0ac03ed60be2a8662b4f3581d698c5d121464bd2a562397c8e3b3921ef631e9859fb1a9bab30316e2b06edc1d65554d8f51017e9f1cd0cc66882debb808d04ba7cf8efb58dfa884ceac1d9a8226e0aa7b1629039d2b8a10a9512eb61319985489b3f26ed584895488f0860fe62eed1857ec11e89f12ae08f3d73c6d9aa8e8b89e0592509b42040a94363ea8a3dda90bc84b729a3f62bb19f862bd9eb9274fdc671cd56d14b8c71b92d5bdf155c3c2f92eacb194d88c3fc809bc48b619254c2477623200fc29310be7677a867671b9550d98656504ffba97ba2c643025135c45418e4ea89c43d05014540ab480580ac3d786e4874f5daa0d8c4b76b95781fea357e971e08f79338cac33d5180de725ba3f00d58801f69cadf28216ae3ae1a1c31d2c42354039c916117f602d69bf98ac868ebec3e77af0dd8f78ba8b49c2f429139f361359161f90d6bf32714e41d21f5098e6e74a5b4520a587e8dcfe965459eddad407349e85617e4bd260060e70972fb8044eb518082be748181fe3ec50b9de67928d5d23b92c7acdb6963b85e28876549d86b221c833c721cec0743557dd97ce08125d5629365ebd55604948b677c6f6f90bcc08f3fcc7bd736b39f1f8399c569b329f9634339c83457ad9a74ae98437cd6a5d4e19cb6b73bc7cafb2b0624ec9c26aae748888b6c7ed3247523e62506f811ef061a84414dcf0714fe7fecc31701426f46194ca2ff3e3232cba0f569e369a862fd43deb6661b5f5951251fbe6f217042bfdc76c7a8f9db9f45f1c5ad005905c66264925d29a835609b25855d1b8316e9fa9bee428f3938338a203d38854f8fe3dc83877ebffdf2f2858508e843af9e2d9e5d9c5bdd85b0b6433544549bd4ae8114aaa7614fa3ffd7b74f8fa6112e6ed6532b685aba66abef1736c4476a6fca67b1e0d94e0220c2d7d88b01e0ab87f0acc30c3a864d6391a7af2da45a19a84b5e5c2e058c00fea5b9903f48de39428a779408fa28bf04cba6b221ccd5d0079a2ebd9a136470c40f4789754be8e4e8a6fe6e27908837d1bfb4c91b2300b9151d9f7b2fec1e7afb68476834f246d300ab0afa72e4eede53d6999c229322f9593d783ff27602482a1782d885253f30120163dff0dea2dc11781cd23e0485bb5b6283b0ed9a57ffd986c07f6ecc1c20a610d1c6a967eb58930e0713775c6f25a4f58677274167ca911cc905facf26cd453f1c57a665137a62fe2009d684295fbb5c4a3ba85178cfd84164132e16a25f76f80b39eec2606c05b2305a6264fb92280197a579b4d336395d5b51148adbfec2a3671589641b530490feae24e42ce6744a355da150c02839d87466b31118d0b0a6f89280358b5ae80254ae22ed068226a1eb0a280f86cd621b78fb1394a000c86a8659da1bfaa6386ff8016665cf8fc66d825417d76f4c3b8c2eb73dfcbcb49257d9119f00ae627c3fb350f836d034dd16c3e57592c1cd4c946043382fb41597d6b863d8cbf0b43dd94d43de46519af20473624a27c57a1e9cd4460c17d04a5e4dedf78c6408c401a78e81227f9ae88d9e5d769e7ec379380a5369c29b587b6f253e74c3b33ebb53103eb3ccc7f247364e48c77a7f03f22247a55461a293d253c77483859fdac1b87c2480e208a3df767cfbfde512cc0e65bc92aef116ca74919957cbdb1223fdba5309916e29f3d7d48e3fc1e81f68f488d0e21f7bde458cb105aef5ccf46298e0feb58d77122b58d9eddcbb8a8e1dce13ea5c5105e24c40":"10f9dea4b2b5fba6d63e37612450a26a3ca900804c0d3ab8426d4539a1b89d4da38ed3821232bd9ffb1f27c26418072cf44369e48b86ec8b4015e37cd29ce5f4" + +SHA3_512 long #40 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3_multi:MBEDTLS_SHA3_512:"b5033dd03db57f3da4ba033569a3e4fd0ff36b4bc630d2fb473a4d0300db4ba9719ef8f4d6e507600636b0d59bd6f4da53992807b6f8b1b8f9640d0923da13fe6eb87b01f0cfa0927ab9853ac16c16c0bb10b1a04c0ee5b9226a7a46de52b10f74f7cce1d49bd13bcaeb8c4a2290d31711010e00d09bf6658af39ca3786bad464b03f57aca7223c3bc76ccee0868b2481b13450d8ac66a23f8a87c083b4c900aba85feb6197c1d9219ff4d0fb91c3bb9a2ef60b1c1b8cb5d3630215e6d1ee2c28a25ed7b0be04710a83118937ed5f6d36d3c66d2bf98a07a0a35938b570829d8838accb3e6c729a633b134649fbb6cfe46a3605aca8f72e23d5cdb794133efb36d5da245f3584cba802aa96864f524a3f3cc55302bc5c8fc974f000e72c6bbbb104578197abc37b65942808915aca6283d5e4d3c2a612a32dfb60a3434ea165834eb5517c31a720084a1c0adf9077bf7ec0251660e8c20ebdf3802d2cdc787f2a0f64127159b8602c9f071be592f2a76c85f6796216d33905d7eefd0868496f11d0f4531ba67fa22f2d79ba37d4b3b0f981e9ab4a92dea872230d915a74acbbd73de671df8a556cac5fd4744ad84372926e6efa8eff3ce39f6f5c88b7840afbe6a0ab1d3187d23610c0b7d893102a52b3860705a3be8660ea075c519418fc95dc93c2b3b6118e74f8da8435a50ec0d7f973324b3d5333a6fea59d7a7495ea1005a1bdc3e1d9e2dfb117da39f546af78c0b08139904fed2c29a49071ed9d6c011e350ccc292377acf5f32a44083a6ecba5c8746f5116eb77079ec5c64391fadf62d8203b00a095832416e4e2526c573715157c4b044ad70e24febde62b160f019005a8af1cb3f4e8c7dd9aa3784f21519b32195b0e5e3857fe4ed950089c112e02480686b1dffe546dc1cbf5ce753591a4a8cc2df3c377eaeff9b8a27086b9ab5609ba5084a71a3c626df967d9510c7ddde41522491d2e4d96a9dc4bd778610ff7d534aaf99bf137523c93583d752e7c837e74d662bdc3f67eb9a4bab1e39fd2544525d48510ebabb9a83a654f54142441c27bc8f537c15c04b3b28da45ade8917a3de9babb89220155b5f1da37045fba57a9a68651daf04c51276231340a59aaeabff3ef1f55d2ad1a061cfbe5c4c690ae1413336d1f5772c70601973277d8d85b7e85cec59d5229b21e31a146a80030ea110b7eef73d39d73820ef6891cee839422a63ff4872bdbe5a637b3a3d99400d347974f1efdeb321f418f357f2222135e545f2af53be42d7a463719447e0a6a305fbe8e43e6279a91eb8f3c5db1fdf081bcb77711e205863ba538bb71c0ebd4cb008923a6550f3d922913f36bf00683c501b60f8da4164dee6c428172c7bea86ad3fef68f732c83e9a32542f008c532f2cb64d8b4a8a0ec5c425d538eba0b4dd67f28f0466805d56000cc113621c266cfc4cabbcd172bca4dd092190fc15b2bd7ad0cf7125b2299bde81148836186882592efa01f183d4f89bee8bb3b0634aa3405b4f43d740c39c905facf20f398febcdddb70f3d460e3d7b368215bae2132b72e27d00ddd4a1b4cfc928e55fd80325c4e971191731bee00571933b6e4a72b26d16d71cbbb64a90e78de6d69a8c78acd8c2a6d411cf6d8cd5303da96ce50fd4a958fc1be39e349d61fe855a61bf470d6409c6b4bf77a09034f2efc4194a310eb2394a7307c4e656d99b72c527f8f4b4112f6f2f62d2eea6df2a382005f28cdd122840a67af2d649c8f53dcb6fb2083d4a93fec8ce69be1d2e569551b57689ac33b67d4acf809ae29a9c54b1ab8308058ae7f4053494757f9d0885bdaa3eae08a1646ec477f68abdc8e1463c5dd46a994c8bed6947fbcb5ab59097e856c3608ee5a283a806dd5c37fe7480a0193eb6852a0059696af8261b02bf3a563d9d578b7b016a69fead55ed85b6a2a1402a62458de5b68a3021fc5d0ec4eb8bd134e9aadbf1718eb1df2e4b19380aa4751ff466f29c93401a01d47d345229edb4129d598303378ad2fb3bdd0369572e2a97e345f2956e2f9b0045180dd7841058cef903faa72ae2e48a051fdedae6a2d31ac57f0870a5ad35b5a4aa05d5788831c27356bd6dda2b38e42080260d57a70121017eaebed84d7c8a99afb6cc85b9c18592be45b7b3d872c204ba636118af27333dd14fc08484d2078a859b3d2a29aa80eda72e35565f148c380b0186b82fc7d9b0f3763628f7c8a50de82d97d45c3f6ccaadd137103380bb111e9ade94ad657d2171bc8033fad":"eed31b1cf35dfa5d2afe01f13448ee3ff01e89b6da29d36c93d9292ba8d142f96945c645a888e6a13e22532b6e3f7f434d4ab47e791bf3b0159a9b70d4753fad" + +SHA3_512 long #42 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3_multi:MBEDTLS_SHA3_512:"48645a050dcd38634f2edc65bdcf79462f72e06324ef96fb6f1c2a332defc55dfae7037965a701fca1e5b8d17d82899e95fa1848caff5eb9f161fae1c831c8fa2e26b511933fd2c2adaaa7436ce5c9a43123af543bf1c1e86119b21807c7100a4bea19d47fddd13cdc4751c1744062e069b54a905d0de60f290cf9e0d2f8c415b9fbd7ca11c926f296825f567cda7bdaa6779402199bf6b6b0027842110e0da1df2196fb324afa6c442579076dfc3d1b513232b458e218655ec3d745ac4f12382724fe70c8aa75334cf646de2deed02ad0aecfae002b75a59b16bdf28b04fc61f8cbb830bc2fbece18be6fe2a5f85b8f8db311f6fabe34fdcfc5d24f9774f2a5badf6c43f722fec50e449b1bbd6206d3ee09a0962fe37ff66296bf67b6e91d8ad629c1b260cb5ca1985273925e73fb7d5d77259686e27b16bd522c3fd1a9a49ab26e6084de7101e81dae9f4e6e745f1541c748fce60252e846c1c0e1d1fdb05db779f1c15b5d14250521c657d6ad5d2302bfb0d2398c2cf166aa24549c2d695a4d111b71bed8beddb77390b67f661a300828062066c830bb85d600a01c81f619ddfd869def28279a9d6ca77250e7c1c3bac9f1ec55fe87cd0c0efbce37418022cd06db4dd59576e31ed4b09330777865826c1a40ee7658af6118bde4d7b42efe87f4c2875a69d441a27256220960679dc7d728231977cceaeebcefede3232934718fe25565ea683b910f3e26c2e8b8f3f2d3c49ebe4b0b051ac439ee43d6984cf59ee4bedf625b59547313a7435890ef692896b7c5383c884cf642f1df15a4ce7aeb6fcbae17d42351667bae74f81a1a959e4578168788fbee1cb3fd9f287543683c2c82bb52fc22f1b01e413d0f7bfbdefd7ae9998016e767fc331b6b563233265ac3edee5afadd9c18a66b86e7de1bad0cdc11376a0fd41f5f6b522be904241e0ddb142f79f7dcbb68b83137c66900689414f8d68f9a487e0c02aac72712a0b71c1cfd67f51ba8b466ff9d38f54434795dc9a65f35e0cdeccda12b2759852e595130b27c178dc8f1db20b671bc983f462fa424bba508ead168f0de33c684576c72bc3b582776c4d88ec684ca628da739d24d79d0273b2895a696cad4b838a158486b9ee16dfd25d34997102c314af6b80d6bad8802a10da04f3cf7f075c896869be2e501304b7249d23b617d6ff8b32daaa6c9ca8061235a2b896e70465dbe5c33cc189fba8733a2f25b7fa765be67ff6fa8d37de7a4f22c0126363d731fa043d7cf3da351daf145719f73905bc599962516d68b8091017c9bba573d4435c4a451935ef43e6c329c17ae44229834d15a949bd7db9351d8b3bfeeda5a01c8b2e567c1827cc964810eac31fa43663498b383dde055680bff3a366ac67bf1fff370e201b22239eb6303f7cf9edd0bed7409bb84f8e146e8ff77c8d523885d030eab89faf5ced82862e3c13137d7d086f0c40539286777105ed43cd8fa688dfb8b0026555368ec440517d2fecd19fd28914c27a477cf41aaa7b85c1a5205c910f3d67fb9d4d9be66d405f2df698bdafae109e96ced01edde5f8bee443346596acc945ecf810796b75816e97c1115af256764153992e6c2d610b4bbfda5138430a1a4893f61dbbc5f18b27e7cd09fc3d0abc371b56f640ab7419d8beeb154948bf76dc8b07c3d77859d427b88ab115f24368fc7868b640bac7bad26be5ef1cfa25857e5cbdb1610516d2ca647ac53cb498f31dd54eecf0fda454c5316b5d37e9e4bcaa637854ccfec12dac762da4d4f663e0f7bc8a18b5c6c27e2dc9ebce0e8a6592ed59c82c9fc7e14b2a8803de833a3cc936b89ab823a88a9d787fd7d0157e308eb38a4db73df2ef91e104ade0abe29c0247440149af35754941ddc001f117ce36998f59734c0254b85c667c49c3920a2295d95e5bdce00af7f65e24b205f9a6f11bc37bef3e68b914f9380f787ecb0fb0cef2f25d212ab430129b868ee896536496e1359989a8754e33f3d80b11fff5134f2b7dcc1088296832f055f6fd704bf7a74306f0a24411bab924566041a382f092ed41272f8aa326b4072368d91a0920d97380833cce26e0e5441b16724811af36a2fd0cc294e9f2224a7f72efe6038689fd02cfada92d5744cd86ac187029c5a70701db9e5946311a34baa3c676d38f554a2e4479578d94543b398fc89e53ca6063e022172a4089f8506559e14ee1a1b7e56370246bd01ea017a43ff734f833ff54186ea19a716339182023c4d0c6741e4942e143588d6c94ed473b28d6af78e0422b1fd22c513379064b8fe5aefa6d14f03d063aa02df4bf26931fd1e5e22f9fd898b42d52589124b5780cc82be5f32874b25d8ed53a4d8b4e284c870":"72db99e7a99975cdf4792f4649e2d08a1beb53bbdb7b6b186f2e7dc03abdd649c43b3b1f43b7cab4da8603eb6327e9595f186188aa798312837e61a4276657a1" + +SHA3_512 long #44 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3_multi:MBEDTLS_SHA3_512:"2109959848fbc919af4f76595c42f41e8f61a908f8f1da17288dc06d4611df5503b79385cf80eca04ed6bbff056fedb15a7418c0bbe354b61d324c60a83595d2b0413eabe892a89bd2ea97227a7b8a9a64074877c346bcceeb880214099bc22912efbd94f9f8a51125d43249222e72e0976261b478e1b9647cd80b10d20c0f60100839c86c7b8c0a2edcb3fc654f4e8bd9cc8a00427ef482b7698fdc6950238191d6d9cda7e3058ed54943c3aba8c5a4148febe289e3142f8485b501382fa8937f9fc62d14f8b7a6026509275cff80312ff1ade2b5d9c274cb72a506a571439fc1ac277019814b599d762eafe01d263d123bf8882e28a658747988731add9eac3f45251c204868b08ec5d9e4a0ca60cda5b4f35d5c9867e368e286d1fe3c61c2e1b2e8bb9013b7b1bd9a334c02cdd6ebd0a6c7e8a8f1ae1d8df5c6a7b95634e98f3a97d4d1abe066133d64716ff02f9e7b579bb178fa220fccfa717db3f3bd2a31265af04bd88ad776f593db50f914ef8e109841357c6cc00e38aedc53dba78cafbe5b9666615d0bcf0be8100bb12ce4f119e61f4840333839f8a64a03d59818f14abf4e8a10030a07c78c9a0ae020888cbaacd3170b2080368280512bab38d5df12b1a11fab21dc0471a701b34e97e0473b13e60ca8db9fee1e6579312331cb625e57158dfb628ab05160cb70c23af60be342df8edd0b9d48147d497e0628026075d9343cc86b1af2afe082a806b1d1befc6146047458832babef497a1bc883c2a0608694dae797b1d24fadc2e0a3794acc9aa4d8336c58812ce4018d2cb65571271492fef87c06d703d4d52819b8f7959c138071e3ec2431df83fa20ff9d8054521ce0e0ecd2714b8a97814179995289b3f462374c83ef230cf5bb995e230d5268a0f8a37c92dff5afc13975c7ee920d5b66d29235d7c23ffb61cc620ff00355b3ca63b0716459bdba7a862ccd5ec008da9159ea6790a46df4f0b6e1daad6a4479c0a86e92efe68bf2e9eece5192e264799c7ea7ab579e953eca008089024a0603aa4f44a9dc8e47a037fbc31c32030880afca31c7d4b79f221632a6e296ac8599b1e09c7cd259d90c8b3574f6e528dc37f4c4f183aef773e8fdd5baaf1297a883fde4ddd57a50297e0e2347a6535bc8e590f44da98d66f9d8a67026b61d145708b5e36e7a7c7a203ee84da5f625a3b4d4aee2aeff1b0d1a39398b51c0602a7a710163b9337fe0a493403bf7ac0309884a74177d4ffdf3bc55e0aea39483e1fa060aee25ca2b889ec73e76a39194932c900a1a205fde20c872c16284fc2d41bd0ff80b1a052a7cf7200c85136d814b88ee997301f7649d27d9042e5cbe0653acd4f34300ae21c495e7cff0ad08713985ab49ab86e13771bfd2d29b93a3b71eaf9d221c408bbb666263b240db290d640911414919e400a47aa453309173e8aaafb1ad2040659e6c45dedafc049afdd4fd66aad521c7673f3f99ae75bff640009259bdd7690372dd259e72ac8f21e8914af3abd706531349f5f70cf283f3682742dd7ac8232fe0c2ececa0d8e68777a4d6006dd82f50adca8607943046340827a5850b7bd7af8f2281108c09709351148bd518600686dccbd9116fb6717fc709a5989878eb4c2905cc5260c6950f1ee950b9d3f5f2bc4952d65dc40c6a9d4dd429604b48c9ce5374b5fa4198bdc1882b0cf6c6215bbc9c6a6532bcbb9b56439018234a72d7fdb775244f5906507335e3a9d21a6ba94c7c186eda7f4a6a7151465c2abd7e7fa1fd13019ad098b6ebcd190e96f75b45359166d99b344141b81efddcbdcdf42881cd533423ced658f2f9d32389847a953e845b8ebe032987f153bd8024a15d3966cd3fa5327a499c4f611bd0f5ea4f0231fdff768a1588a4e5978e30a663411c18a8de3d0ffc78ebccacf8fd205063f5d5a35b774992e9005c9379d48c3826385f0438e2027debae2f82739253df3cd4f11f767a41a2d1031eef85541f4a96f5038a567d52252b4b418d9277d6bf64084e185968bc6bca15f252bb98a4c118bbcbe13ff7481bbf2cca725f95f11763fab4370a2700185b9ea164218966c535f280b1fb362c882fb792dce2d2ec0fbf11ea2493a155cf0d06f4cec20dac7c7302eaa4932446930456607122170ed102b4ba86fbbc05b866b5b038a30dbd115d54d1600ea8dd65c570fdd9274da182b34dea064b6257fdf013a049ce72e2aa784efd8d74a93a25fa6c32bdf95aeb4d5b43434b8a7a92c333898baa4a2263704e5936d4ce11a6fc2cb4c5c5a128355881fe8dfec0ecff35b67d38031f07888a66de43dd23c76712e2af7e98269dc6cbade690c6f6a0e678015870fb560899204843ed4f7bb3c58ea4c527df90a3e8cf6863134c337d8fb79c83fb3af50cdd5c7df2fcd2debd0a98fa5e8641e721e18c38dde0377f6d41181064a16907fd9d648c51381055cd7c5a6de2656734fefa29a8bcbd30":"c69d1e7b32f7300a89291d2fe03c63b4bf50c6746003100ef82cbefd20468ac8536c697ac1cf5340ab21b15e80745665516e708f028bb37728e2d13440d4b384" + +SHA3_512 long #46 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3_multi:MBEDTLS_SHA3_512:"97586b625a8aa48ba39ed7e0134446b480871e853d00e6d39b491d32afb51f9f563e491077bf5d4f88642807545e621ffbdbd5483a35c2d2ec6980c4d1cc662b8ff9ebb2f60e0c738818ee0d39cbc5f77377f4145d3776875d6c7cc8dc6957f74970997160de77a2aca2721a4af337e2f143c3102f6eca99f5385a6756f6bcab8c8b9b753c966782fbeafc54103f7f887b278965374388b1bdb662c8c9da5bef603238e512a0a4bb7dd8d4e6121567931c0b903afd1c7676bbcedb14bc7dfc69ce4db9e96b63f6f63a5541f6d8deb5a8d9d71eb80a625e91f9690f72b84769c4ddc466abcd4725db3b478cadeb033271bc737c06e57e06a97f6d440b44a069a6967f8750c3b4f8118798fe32d2eaa696ccc7f24e16d6366753c4c306e8f0c3b8ff676403d2123941262eddae15fdd9bf11bbc7b526d4b8737f54d48c2c9f40a1236245ea84c9ae1221f371483da39293943845659cdf53740b07bec59915a8090759712d6041202d7fcd0429d1439bba5c24b286005ece12fdc3cbd8b6bac39ab53531f5eee3563948a6dc785947badd7169573fdbbbf2f65f7241ee0bf758fa34dccd6ab7151adf8465425e5e16b8a4dced7cb9b45d87c838fb692e213231d18c388db3424032c73cf27e0367185cb6a49a691c13ac552f91468bc17fd414c8c630b8f917cd67987835d88efcb570bcd156658f801023d4713befceae46ca86e8ab9863bf2281fa3e169827a555ba5d6c0bb93a84f1ba5fe0c2dc7e34ef1bb4fd93731ac1a94897987d05f8eb6004427ca0ae46a6b7e377e7c39cf99b36cefa0acf9245a5c984148d526826553e141209fd8adb6fca64c48c2675666a85adff19473d0df4e9fc1c257d09dc6c57b2761c0a9520669305f0d9d3b0ed2a437e6c31e3bc9a3573795569e63040b614a816bbaf193e137890a0d6b294b862d70ae85b8b5613f0cec3676075257abddbbd99f1d45c5dfee2cb7e8aac6bec9aab191c9e2754a0ae62a2fb13132fb30915b8a8c361a7a3b03a8032fda77bb45b2673b0029ffe6bf597deb988a69813202b62ea3b3e423bb0e67564378c0e362bb0df4b8fdb9c9950d53e48c917a6c18c8383086053754b865073bb41446a9a95b126954ec3765544848b51de4fa2e6d587e3a93a8888fcbbde41df22b6d7091e9110384640d4c55b0c8d7bcd35d4a9819e4976d2c6c275d6faa979e2c99fab50b965d97f38fd111cd50c6fa0b083331a2f7e162ff36ddf5f0b71318a6709a7b28fed2302953a620f47d0d45faaf8ab28a44b3259f9cf61de7962ae20775c25cc7c70bbd63dd3e0bdcba053100a7c3a3164767259be3024dcab4499afe0e14f27e9b54c031a10b2adc74694bdb85508bfd7c77d362cda4fe10bdf993c8ce04b4a3c857c9212380167a5883e6d9bcb3c596508fcf82a140b7300fa57d162a041bddfa8f38a0f95f474cb2ff9299d28ff8876ff96a89f25801cf25f7a754a6b5a0938e65af3f86db45ba3036ff8a5b278d27275f44d7556d56349d4ab312c87bdb5b10759d6b50968a493cb45e29cb3d0c2c133beef93ef33d06e22920cf03d9449b0d2973a2db139d8055126ef68712eddcbfe9b96e138c1ecc711d60e7fd5044e9f10bd274aad4f7e605bb828f235bbadf9a1334b4778a83ebd68203fbf97374be58972a5f344d11e0cb2a39422469eb9b1e22f15adf90f4fb9f117a899cb55c8ea055fbd10bfe741711e903be1ee00895c8b37fdfb011fa521726450f5b8854d164c2c768a66bb6ef7662726157309a66362f20a19d9ffca5eb4ae3fbca7f063d12580d94781722d06540f5ca71ee0972c300944efc9d946d97f9e7ed4e0be91835a03ec3058370606aef1e58037aee421bc23b36618d29ff99adc1427ab166094b15eb92d3330825f3d74ca86069a16a9d0e9606410145f25cf0f099c5020576cf339482759852879c94112a3d2cdb42b320352d2f7c70dc7e4df661a1606fe73e83b9f04135f80bc1affc5bee56f4611ab18919916123246a2f6328b47eddd12570dc8aea9e61391f757ecbf85a754c203d0269fb51e550ad1f975d629ff7daf0957cb0b6341685e29f18e8dfb9d67a602d518ce1c13fe7b399337e3056465b4c7c0ae058899088c7974b3128f7a062570cc6f0d9218b601a16a819a22441d8757f07b8362157984ac8963358866baa71460344360550304d3265ae3cac62e9281903a6c37de45ad8dd7a7de30880a94b7376e5acff370ec9570cba643121f3b0f48f1aa501bf36ee30786f5cd097e5421f92539251a8221b0f0dbcbd65178ecc7bfaa24f5f50c3175c00963a8109e4f1a4f61c8aaf1c30bec4d923acbabc20c739e6cc26e94175d0cab370e09c6f3ee6ae12befa8a1ba12102ff8db6a478303d98c406c021f9c5a706f18df37530497d8568a966551ef9fe6401696fa4e4638c2322c0afabe248f69b5b4be7cde59b32e5687a52a2aeb183425f354c5e79015f5373b849e9b3666bf2514941e8f7bab328b29043f5435e7c38997fb113beb013c4572c236db5a4639663f47668ff1e5ad9a789cecf655725b120b752772de645d01":"19f109cb86236a5ef1eb3064413da5712989d87ab7eda21313d72471ad577ada2632cf058a554cf2512c821a0638dc343d62744199c2ea2507ab0fa09e740faa" + +SHA3_512 long #48 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3_multi:MBEDTLS_SHA3_512:"b8fc129b4d456a3fa1cc832b81859386066bb9cb556849ca897565f0ee02cdc97098f7c353bd63352418299fefd5d434b24b729512dcece04d1d94e97037fdc7ca8e0f93a0a05a6c222fabbe9ea2ddc4f4a9f24c4a2063bb0036b350e6ce4aadad2581939cb5faed845a3210f6b45941b3cc617764fa55638c06ecaeba8d5e8203a6764bafc6e8bf33e1e61c60d2eeb0d9fde69fca336ae1d7d6658a533dde4eb35915444299cfea160cee6a42c6441b4d84a94be3934b3ccbed466c19a67519a5868705bbf855771422728205560489f7a9d30317e1a07c4f95b8dc748fc9ecc175f31684a9226d176d9ced124bd603bfb48c50cee710aa4a14e363ccc182ceef6e82000374dfd406339232d06c61908decfbb8706b44cca6b3ee88890549c817b85c4aa22334b4c8bd7cd9a6834e38499a49c56536e4ed4aba01d41321c6e1219ca87cc87cc8164753836afe564403db069dff161097121e7146ced3dda021f5628f1fdc4944016a3dcf6e3fafecfa2b7820ede9c005450a1fe2fe2f037f907b5238ba48504f7e19c2876dd054ee242238fa174710d78df60e00ec90590d379cb3cbd5735a92943c2bd3ed1b0df18aa68d520599c6b5f3ca84c6215fa9ef1d3ecf72f8c52eb54bbcc0dc7887a49d32a0c1504045ab467d6eca5c2402b9d04a4aec53aca6965fab7fc9ca957cdf9c26f91a1e4fb5873335ca28eb7de35156c7a95396787e5838bd6e8ec5cd6288936e97e1e1ba4f222323c7e59bb5683b299b414c64e5b53de9887157f4a6a2652d10645dc40a7d43bf4e4b4b9353fb3ef2cefc1ee57ab30d1a14716b7faaa23f101647d8ecc6a6b4afbe3fa0fcdf03215969c11340bfe190726a54138f61cbdde48727988476313b9a7b8c2dfde1e8ad057377719e3ca58d9a9104974c528509526ceee6b2a288a1298e183abfe211aa9ff40881267a68ce3a91673fdd05398901cc830a9ed312ad03fecd0f6a6ae8e0cef55b8b01009319f97367526a024d269bafce4c72903729d0d392f325ffd4163b7c58d756568c377f3eeb1a1dd22ba8c51eb7f453625fdb3a154e30182b3d168e94e7ac4e05bdf075fadadd1cfc39d7291f26496bd0f28de7cdeb0c6c758ba66e42f05411948c0b83b01ee48f08e17b6fbd0394e26258057f0350d04965278f83905b15c68b635250679e779f7e8a5b3ffd361de0a0fa0cabbd65c3d6847798768510389573a98b852742de73e79b403fe9a72c8c133e691305122f3c59e48bef29f804a7d2c67fc9f8f26035cb7ef21a883f090e428de65ee23f5aa26dd72f9585f9c3243322f6c5e396460ab09a3976e2e4fc8fb55049345dd48d3146b64b11a0fcbb341b25b821ef16d91c2057ddfc007f4c37f5ed5b3f7cb910116eeaa80a83ea36fd14378c84255a5e93a21da553e9f9422d89cee42449d72b696ddc0e2934a97aaaa5c03b968b4b2097bf545a23a538269af959ac8ecc142661c9f34416bd23cf6157288e002ccf664efd64c4163d2640a5cef87a230c5948230c961478253e7f4ab0d74a6a0dcf77e3e7b6abd2b8aad7778f12178b118fdbd4bd2f44f875e4d18f3a353a7b38349c7c02b0d7ff1eab3437c40e4c6fe39c259f65259d3db4fc0c557dab25dcb4e41d42d8bb10467813a00ef656df778b6a6faa8be0e7f0ea6e79c7009fd23589c9425cf0401d4fcdc96124ac51984a10df001db7c8eab82022600a4b7a0a2dc0ca53f2d2a5c7c125b5bfa06e6741917ae5222172456d3e5dff0949e6a5956c5fce972e0754d64488bf04aac400a0f3d1631bde42bf3a29a9efbbaa5a863b9b71bf573616b31282ffcf766c37847f191e40347bb29e17220cdabf552d87c462fb84db32872c422091cd5f0b4e5ba4aa6966b520474acdd18fa65e73ea0ff76807056b4be32530c947a105b292eed74fb8bce6f78b2b24dd393cdd2c16859d569c2a4fa8b008a2232733b18789a3e2b0152a0e2505a9e3ef138487a73b537ed3c3dbce73793c61d63c6baab2bde38c74879877d53d2dd4ae2366a30de0e06288830031d1c329358b8b323a5cb6179c4417ee672dbc1dbdc373cb78858e94111ce481c1ec1837e5ea1e6ea7adfaa5dbc7cb14275509e367d50b994f38ccd75238ee46c3ecffce3b9afc093acc13f711a6adf3ff76ace59a8df1ba704e2211ef84aa3782f90156fd442de93be289730588c57136b82e8d1d932f1423ee18aaaea71f3d4539a537f48fbaf8f216e2838116197716421642ba8ecd91b040370a584a553e53d773d9e824aa1ca691a88e4bf8b4eee53dec6b3726d1185e6d069ab5145523f5f9f3a5a1aa053fa17a62fc2cd59bbcecd039725d044590779d0ec08cae26d573c8ae01e6cad34829fa9934ec55d8cb732483bef4d030e341f7d5e5a6bfd03b156b2b56802c1d1f8739d4a053217101c26055b7c4319bf805a4e572ccf05c3c230af20d3877ebac035e9ba729e1714820ad34c594d08db70accc6cdc4e9d1c2e4cf8c8cd45343d7e49276b1353cdd87d733aa502e550e089a95fe60565137b4a1e0803d1c6a2f8874fcee2640dbbfa62d193ec0586726d3fb2a17924cd197f9a2655687da61b6a7f9c58a6f12661e8c6b88797ddbaede0076b199ca6d10f87b2f8797d1d4e3e01cbc14d3f273840323d8a7e1ef7fd43d7753530a7280b76221":"d1b2db67f3b0539ca9c4cb755343efe7076e0c28625d3e63e98b864c98db3184cebce0f2d4fac97c36920f7c6e29ec3c801986fe9b30e2eecb4b4e9b7707d755" + +SHA3_512 long #50 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3_multi:MBEDTLS_SHA3_512:"a23675723ccfb3decbe4652fdde21951fd2f660d1f0473803f7fb8cc44f4090d2a85d08f60f29a3e6fb2d55ddd42d77b51bd23a3f7ade8d42620cbb041ffe678db9c11381e8a603f6db1edd248a1d72270278a7b4c1e41bd8c88ca100cde89d4fba4c0d73c3f0ecb0c0b35f7e6a9202ca39624fbe6028625b7df3d536e38fa07d3c466d383bbaac996e835327e00b9833232778c8dffbdf3f04cade12fb53ffbab258a94bba33f20516f76ecda4ead0d65220d9708bdf00f7ff7a12217fe6296cbeeb482aca2d2ba86c97f8ec03c01b4848f6e8220e52660ac09a17eedbb6bc27a486c051d5e6d7e7c1dd87ef971bf5ed6a020b69d1f68d0bfaa355d7b936066015b3b85d87f17547d940a264d96eff5a47ead9c4712bd46ff01e627872f4b6aa84ea86aa3aed924cf569ced8353976036509d9be5672dabb6373b44da3733b5b7493c1c4793bad6bb8a163a654fc187d43f761a41c6c0e52a73bd1c3c52213176767d038cd5c25389590177b9337452c673c28321d57fdda3def21775281cc52dfbf587391cf98181eae30b48a6b9a95313083d4e3f717b6ba0649e4c622c5923002c1118126849eb66475eda519774c547d1b090aa9ea8c9e09b178aa859d6a1aea907ef5d16930ef4b2d837dc169b6239a444aebf0f4a04c61eecf7a1ac22ef2cf4d387a50b4833bdaee126ee3e06730e09617225cb4a657c75835bf62c2655a395dba893504ea2e8c2e1702f189e3ff1886fa284da91342728467e4fe2ca1b3b148919ceec8fa39e7740dd49ab491008aad607864506b9f2bf9b2852d4f7881bfa44a4ffe7f27e07536635e1fff02c7bf6fe69d113903b03c3ec20aa0c93e56ccf730fce4a5e7a4ae0bb40a21d7cdc73f550900d4c190482bca02ffd92877a55198023e21cbde090a6a8c6310cd368182d3243e3f9885a98301f1df46cbc8fff62d2a8e465f6f8002c938e39d4df1891280d4cfa21c5866da9d1b236a4196c9231d1667b2df10ac3fae561607e8634076e4a71fcccb7cf28ae1eb56c428559350fe525507d965e009807074e11b203a1854f7b8e02487ff1c86ef03d4cea9d108376ac0b5ccd3ce08f5f48ac954ace88f786315acc5fddf27d292952cc2f814c15ecc453d37eeb8b6557ec221336dde34c555d0831e4305058b72952c93c4d114daf35d0e991b428a556ba57915e78db0a26c5403ac0c136de80b8e64cf94986b427c72ba6eedfdfd4c37bf41aaae798bb6032a9eed9d8ca99ed9db65c4ebcd4d1bd410c127db4da7c08f7a0b3027141e66b6deb5518bc341064a2690123f0222cd76d1a36277a3e248cf604664e60fe14af3baf7765b79dcb4e8da743602b994edf11fe19d27b3655b740c83a76faf9cc94679d5da90f2d5314271a2bedb661be3bf660c367fde796f19c93386288579682b75c0eca0d0b2f1c3868c0b2d9a10455e4e63dcf497c6fa2d40d66fa5143fae1f59592b2f960e7d088390b97db82a993a33b8ef0a71b6832aedfce279fe38119e7eff2471b530497de361285062b345ffa05beb45eed0a0af3b178cfb85fb29256133573ba0d0dd80406df62a0c42d20b2edd602b819dc906b2a6adbe5e016b409a8631d20b58afdc0527a18f2771d3d939addc1fbc7672dddf3ae346e8e33e8ca57852d9374036ddbc2e98d446a8b2065b5dbdb7021314912b44cc09b9094945fc8a18a5c7201901dfd36abdec5ff30f0e5d9375f4cc44dd3144a69b40fbe2291a2c21ec3d60bce4dac695807b101d5fcd3ddbd1073a89fe6bbb21600323bf8288dedd00fc9aa8f3576887e08561a775026f255cabc63a913528cafc8229180ec332c888a72653b9b049d0429dbd17eb5871de7d74f7fd22481de1b54064b20a539862e7afac43a48fdafd2b268af53f39e685b7d558481dfefb244ec07ee421a4a04ab28884ff4040ac7d0eb273b5cd212da9905f6f8200e450f11d84d044d140cace5dc458fd296d3ece61c3efd021a8c7b8ab7596516772afe6a5fff15a95b2788c5de580b3ac8ff26fc8cd57dad92b35414daa752cbe3478537cb45a7bdb744a03375ea4b9560377dfa841544c603306c20b80748a71944af60624844f3f00bfa18ea23d84c2722fac84c25d9b335aacc9797a2ce12e3c881ce6d3073b2cd23a05a852a39c5e569a44e2c2ec4def0ca7a5fc0a06c74077b05673325bd6317359ae38e28f66a62b384756c588eadfc3880627b28aa354e064214fe4ea86c96e8ee994d4498a265a9a02353cabe8a209be6860f6211bd801140be14d3be3612e5a6660aa7a6d4b8f302412aaddcdc259bb2b5c67728746543084bbedd872953d3ca310c78a86a2138b2b83928700bd4e1eed6e68f77c3c445a1a544948aad205b60e29ce027cb6920b66ec864037ff315a1d1b8d1871067be13b2ee1f4f2b432572600207aa5f5855184d1f891c9f4adfd48e8466dfc41457675c04a65e0982d807958614b98eb57ce03c86be44d5a3e58ef49276084894b8a489cd5340b1a61c28687030dcc04a401422442b0289c4d2d7ed29288803af88d223924c7c89779bdcc107829c5ddd46bee9a2f9de21764cb76192a4e95c2c70fa119bb99afbbcfa2b88943380cd3739e578e850600681fb37361613b2bdd517223b30c3226e3fe41da55f6a117820bf92b75e5711a0ad895e55fb9d6c8d7026558999929d4ac6ffbb01b050d5c75f80cc8e4b377857c29b35a689699e33c64498e31d4d93f61af30c82cf0d5620be269be5f9171e9487dcc2110aa0d0199f1af531061c":"f230ef921cde7b61cfef00b479835a892a7eb41794545a494e141749cc18734d0df36ed0f57e5d1519ffb3845a751ac726c6926551c738ff001ccd040473b197" + +SHA3_512 long #52 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3_multi:MBEDTLS_SHA3_512:"a1990301c5f0fb63024de2f5b828a00fb2ab0749f066b7d9a9443e1c90be8472574e674f7127a28f1d23f30aa0fd7d69d1c06b38db7fd63c3f47e806185242c8a37d9c68fefcabd3304d48946a6acea58d43c484eb6bbc8a52127a79473359548f0eeb73f4d9e0d645b329ba9fd95d6aeb1c5b58a893316ceb8d3c9ca3c991bd22ea9c98d9250741633ddda4c6b1f061f53478da995dfc8910a07698b67db2ab64f7f7013748e9bb93d3ae7b675a5031b27162324632e78bcc336f9408b583c85e1e43d395aa4eeddc5de2670a3c45832abc6389377bb817242e70b91fdacdb91748ca397cb3fe7e46c3c28f38bf96ff66fec107f59e38d82279c12e85555829975bd25973cbc017d9ed961c784b0d4c6d1dc5d307052f73cdfcaa1cc28cecbee741a45b025a5d609ec3a635534870134703b716f51665932da073ab5ce951200ee08868b1c89e009c2e3903501e88fbfd96dff7483ba1de4b4b6302ddd34ef81422c5a8097d48a0db1499aef7351dad96c0849f87dbadfc2ee6c34acdb2adee02eda54291e126e7645f0c5dd0f5f7d01a67f0353a5d4f96de5adbaab2ed34a9df2b6e5ed15cff7e3ef5db3864c7dd0d927569e2e92b5054648df34b16eeacd2b3c3692652579a0c71c04e683a11980c05d138ce1dac77ddc7695355801cdc10879ddec09b38c03a06a6ac15da3cf1747b63a5205d488eda0fd543ef79df8e0c62a11554356939b004913f66cdb1adeefc13f70132675bf245b80a41889f886e4cb7550ba650cd1573684d849ad7972191c978982371a8ce70fcf17435c493dd4dc7e80c785744125c131f97c91576b6416d6e0eb8ce3b15988840b008b677016eb9148032e5654ec679fdc6e3d5115415e7228a79e7dc70c5443f1c8adefc83b675228f5d61f972b9842e396f7e31a4131fdc35ef225587001835e142a2ea0b2ee35a608035c8253d1bfc19f5789e4d45fee436a1e86d0150ec6c26b86b0840dcec031c23c89a105b26ad8efd2a20f8b36a81b617a2eb87bea82a1475a21fcbca7666eacf8237da1a8e8abf10fe7f4d644cfcdddab698c05134b8d300adf753006accf30acb672c8339dbd5b55b82f3608d9dd2718e3c5511785e8ae1f6588184b17b5f5f0bf1ae9c10e8f775a9f393af13acbe64909fed065d6362a1e30afd6031bc5553aa9e076ffbf84ed75198d45ac871c83c26883139c91182c7ded46e9cd4d6fd701036e004e3550263b9395f6793341980b7c0c8b1a5ae12db4e807d3e8113803da681e061ae453aa14aa0dbe15b3cd8b8aa105c76da833c669bd4d15020b90642d246b09046111e1a6c94f1cd0ad22e6d693e92914fd826ef2c9913d99811b608fd4ff7999101d75588dc4935873e43255b121409ebf5f8fe6b96eae2d363b91690625e82795c8dda04418a20bac83e6be8568ae69821db1bbf95ff72b8f737f4f1488d55e56c67324a8b5d978bb848c478d09b313da5f7cf905cf9912f14572b8ac92b1abc778ee4c08269a1e25588ba7349f0f1c1c973a147b5814720034142c2ace0d7e8c62a78d0ed5746a7e827d4428a312e0ed5771a4a663f9d730d1ec100bb569650a16277e196ce8ec2b94c9b4b5805f00b112dc00237da9a10781631aebc325edc4f5e685a4377821b102095f77e1440a0c5bb1ed7f2fb47e08c501933781f38741a47d3a5bdfa299b35cb4caec20725b53849b9325d49aac993f501f7b7c32a0048454029ccfe8c286f7448d9ee86a832b3001b79426dceb4d32c716240c63f68227f384e372bb1ab08430fdec838d0ff7e07cb16670eb88a951ef2dcddd17c94f01e427cc82aa20d46612b2719c6a505e187516f94d5723121f20bcd548ceb6dfa49e71b45a3673472f6241aa8d72f2a24a836ee93690393bfd1459d6e9e93d98729ae93773d060ad32980213f1477578e9101f92b747397b7e327b4f3b07cc1e1e61f4d26a18976b323c9a3a4258475686b3afa239bca24504f397aab69af0e4ea7c2af1a77f75f580c8608a0b15e6afa5d695844881124d43e03585e7233a6179420221a6659af0b0b40b7fb600e208c90177b56e3507e89d70eb4d372107384d6c00ff016b64d14487e1a7ddc9b7d662ccbcb21538d1ab843e1f7d3124f5cdc952adc62301621bbecc898eeca0d6bd0580eb06c81d2e0a8a9048a26faf74869f8e7f3395c8213481fa69915d56dd1113c6792011526b8a33200d394d1102171287eba3c41000b0208a185bba3c29672015ed9a6b6928aef065c3ce53fa3ce3d4d779b35889bf133d040c5a8dc14a43bcf7bed240c1c3ed54ca02ce0eeb637158e5bfcead858ad219e0cbfa4296be2b4cd473642c0cfbc9d2d550b4e8354444013b14725da4127149b8cdc7732d0382424491dca7ab0ec8fd00240f7a982dd080501e3ac365d4856ef4884e89e4a8ed5fb090882e1c9b6f35e2f35a3064aeab38cd4384793b4f62ec1c820c115e2cc0d7b1060349e210310fe64511a42b3538acfb0aec0994f1ae3399516c8419fdb15cce58ea659c0b92fd92afc2306c500d5f720addef1359dbe8136d0c6c789a1351511f8a1b9afc29816089e88fa89d9dc2ba99d68436e6507be33b48252a807b47f1a08ec66f50493de879f0fc506c7e694d5e62736035c061b152cc68805f5dc318a2551099a6968592d68810f45b03d592bf0e373fb6902be629f5811a754f353e8b6964aa7d85eae855fa5824c7e27a4332463a25e7345cfa5750196960a420fbd2584d02338be0614ed45c42517ed9a76e8716a35641577631589bfdb01118b90d9e3441673d088647a277dd865d7657ba5d3738723bbdd26e9b8337d1fa8efe93a7b4d8870dc5dfc6f14566b4e2c2dcac452665c987f2b7558569b844e4e":"074228e463f71f74ffc3d270373c247acf7ff36b7796419d917d7ed1b1f9312417410b8d59070f5ccc7a6ccf2a4b3fafa5951107cfca1c01dccf0be9fd422529" + +SHA3_512 long #54 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3_multi:MBEDTLS_SHA3_512:"9d0f499d8552ce5d995e158c400d5b033f2324c7dae07f383bd68b8c18f93a7c91f5553d57c4c1b2137f00e00674faa2ec7afe9e27810477196d3545d225ad42ebe67fc5b1def97587f62ab685efa26865b079d1a0de93d7d4ae217369f76b62748cce1edbc8000cbb6a9cf706a3dabd716e9d488d20b4c0334059ff2698fe46f48c4a2e1dab5ee177845c89d1bb2a09d75c73ec366eef9a00cce5d25130ee543391fbdebfaf995a85ec74562e5d1ab4602102a3e2f1cdce01f9cbd332e6c1f6f841ea1708fb3be1ac49eb4565b23326d4655356dad1d5c2ff7015e910e301930c441ebf42b8ccddb343ca3dbde1fcc8fbd26cee673590dfc1d8cbfe354f359238439fbfb30dd2b6638318287f12fe009c0e5751cf45848d11daf3f9e751e65d42e67600a323d7d384b1ddedf46fbf3781c11c695a2b3b35b51e97c16f119b5bf2d4aa695c21629ede752274611dc9d67094c11c520c3d3d764bbe4015b8dcf412b643e12530fc7e3875eea51147a443322e5054fd13100f1c09715d206e329068334a5245782bdb5b5c49684b13d6e88f39d0f8a5653e116f02b700da5a2397bef4c6a305207a1e10d03ba556a9e92c4e5a4af0902d4fad37db981189a53971daa0bfbcad516ead1d79cd447b326576393bc5240691c94a3b3f1c797676fc8784e03d85853291f14a01062d02d6d0301684497c51b9364f44d44c1ee9f6f33f865c49e6d4ec6a52610def4833bcb4c1aedddfe0b8ce1d261a422fe9294da602a7bbeac7e4a6813928488e7e550d9891c9ec8d3882f807368532cdc280a29d39aea62910fb895f0c6957edb5b2f005082f5c5d6cf85e7be74d4c2f92341d614a64c40ca962bd8b34eae514d6908e828ea7d35764622901a139375c3f8ee8799f91be9e7a61698d1a749809ca380f978bfaf98208088021cc129c5cb3d6286d9efd3be46b3fb5ee25ce18d677f29acc67f078e641318c64d0a02238d45408c6b16fe4e86546ca35bcc20e83c70657aa8a51f58bf526755116ab72f78c50ae0b3fb061b14ebcd0ea49162216a1bb6fb85ce51b7a0d30627104fb33a1c21142c4b089594710eaee963393fb99ec5a0a7e46748fba72957b4a03570e3f5ee0ed796bbf74b391184dc0e2014213922b4f85aec5fc530a9dea667c89abd84705d6b3da1d5bfcbb8e15f0be289e8d7a766754fda1084ebf92d44dd557b17467c827f9646ab62a74936dae2fcfb80e8c837a749cd05bb278ba6485788ac91ba57005d4716d2c46a6707d839dc0379eb099af6bf11a9e871d5fbf98cbea9ad6e9479acb69ef6656386e6ef670c1c445ce022ec3664779d595c7100e383ecdac1b930e66b5b80c6512d36890109b070cce042003621e93a5ca3a7d6d255009a6249d892dbb90c5781ce792d7e516a7fa98e8adb44d6895fea3022e3ffce6f7cbeaad32a9e43f39993ef4155558f94d1815f6fc5d8eed26e908664c0b24c93e23560b3161988c11cf60401992cf0ea06d2b7536868f75ef6de1adff5a05c187b650feafdd4041f5236a14c515b31b4901c3af82b8b7c8989216206eb307957a8dc1cfd4a642248c9b44b841666de9efdcc6ea09796eadc8609007c29e920fbeaf8fc7c74308fe7f42d674b60d63403b071a6ff2541cee27e035aa22a30ef5fc24a42cb13cf896751d09904c92ffe7d589a98666ce29515e19ee50b74be310dbf5e646b91a7cb61736c3532a7ea8a8646a59768d71fe9f1513a442a91d792804293f5f0864fb240d94ed077959c54990b214898ec4019ff3d73dc91fa239051ec896bdc5a2dda9fe3f70f260a9c093036ac105924f9b1ba16ca32b4160896ed2dbd2a9195d890d9340325c08f8004e629a4833c09b34d9c7dabcb038e1d22cc868dd6b2c1b6918739e1d8f98cded425848915b412f35a30c2a72a22cad7d08a77a9e4b2567e492466118d239b1ef368b7e83c53c93043f1863ab47444af0c71816fd912cc66242b6920a6c132b6ef4a34308b8da500b75948d51e9a9429534c246e2846bc24bf16937dda64dc3d24249a0077e43edb10f28b14bce831dd3164e11356d07e20867075b78c8100183e9259b695d9ef25dd37bd6813ef96111346380de942baeff6c3903c31a836eeab1de3f149e13e8798b3604db833398b957aa99c641fdaf99c8a739a6e3cf916d611c91f188cc566cfd004341e45a493247ca66d3bca56c3e42f804096d1bf275c3899be865eec49ef2829c9ba896fde4cc6cefee4c4c6e57a4d46dd4fe901a6b9dcb64e27ba4ba77316416d1180e3b37ae383b003b1a3b4ab4e57aefdf5690b5b88af4c51414c15f844dbacb7ceb8b93b4d552efcf365d813bd035425894dcbddc6f547b766660beb1e58f721c547560a8ec3ca551c95c620040a6b6b07287e9d0218beae9c320fc81d59dac3f7282065024010808fabe57cddbd431311918a35e49a1fcb7538881bcc5ec622e6d39ed7426aa023ef20dc76849c79c21b117524c8f9f97263d20b52a5c857d326c237dde9a3f7a39d8d01a9a3387e0c9610d5d639a8ca580aa700192436fe39197c61f5526c65743d590b72b411de37152812e6b13700d0bc101cbbe22b27e9317ac39a0754983a211d408e31a908f61acfb2c2ca153b710ab5a7c74a0573482145d35882dcfe59eb324748a67e8cbe09603bf6eed3e8bd68f037d7d6564efa4b56079d5f7616581e40863e7cf2d7e3738224ff89f3871a7968535a11ae49643233c6f4f7a06eb91cb093dc3fb6892afbbdf44935e4a51c9e7670ba767dc11a5867c7dbd5fc65f1891ae6be692a1ee8e47c30707d27b1385ac316959f356481205a50de94da9a95c5d8053183dde7a1c0355fe1ca4d39f230a6cb67d675923d4c8418699edb8b2a658065e21a4291ea3181d92997c5addeb2b9f59dc6aee8a32f8d75096e7fa603da9c8f4c86e89c269aea32b480119b6253752bc3ea51c6573bdf0d3a8e2789c6b7a4e7ed644074e":"5f88a84dbc3b2769aad1604365f5aa701340b42867fc44aebba6b0a73f06f0ef6261b0c90ff2884cb78c4569ac3f8a678441263fc3afc1bd9f8a2187a11ff4c5" + +SHA3_512 long #56 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3_multi:MBEDTLS_SHA3_512:"a8a3016669bcdd9f98deabda37529e4f2db001ed3d00cc9e392075cc7366082475857a9af2b53badfc0e0aec76350db9cd3b214de3c26ffc4c6240babd4b12dfc12bea27ae52edfdd8142af9046ebba720ed0c8a31cc7a608c5c20a849a9ed62f55bfa1687da1b1795b6b509c845cfa18e8e6bac0e65165361d8be9dffcac43577de526e6497ef849cbd5025aa02712f7fe5e5bc64d76b5c339cc1a1c7f5bde1b17c99372ccf8fcb54f0a55392eccbda5bbb23c01a68a0036a72d2bc897100ed09fc7879c9cb237424195c9d684c02298ad8ccc31861ddd06e2099f72d87b6e1e928963d22d3d40876fe1d0b146a41a5740489ca460a4c4ca86ebd599b7f0746b8c69c8a1f2ec90eb1698fa47f8eaed4810702df8caa12fe7e26e7ebbca11aa2de9f3169a8262c0e3c205a708f0071401aa8de09d28a5a6e590ebeb476341880c37bfee1a501229081eb27772d07b371a5b0c65100f34a25a2f0ebbcb2822865cf22aafafe08d51de7949ec242ed9cee8ce861bdfe2b0aaabf92150b59d173db6a5bdebc9c836d3cd6e16658b4f8533f35155858b47ac3851abce5aa516a2169fcef423065ba1176b69c28416d7101ec0a0252270a2a9d3f193802a084955998eda77d5d42f4ea52f08b8b8653a0cd7d7176f834e982bf5f26cd16f5d89a43eea549384c1b7b2058ea77382e50cce07bd438f28637c9526da842c6b137c008f58c9d1a03d995da100d27d6414b3e616e9a11e725de487df20760bcdd8850d0350a6dcc8c628b4003c1650ec82b3f79dc2bc97f1ac4476975aaefa081b392c235887ff5efa0a57cb86ff788c9da15504fef28636cd30d3d7efbb719a39fce077d6c9c3e327a2ab3b77da6eb4f3f080d4e4ef63b23f1e42295617fd04d364cc695208c4f5fd7641089553adf5f4262d962b0faae480812404344116d865f5328060a17cf7da199b8b55d7b0e03cb69db117dfd65e1ffe0be0f0c339757022d555694056795bf12d6c3ff311d42c2673ce61dc708f9be96c58222aef6c608207410251dbeae1917903ca223b7250fa22366f8203e952d7c7c22ec4933de5775aeb924287dd097ef0ea7ad1a82b29b63b91b76d0afbf34da0c7ad3cef6a4d8742adbfbef4b0321e4798c8ade26f34cf1258c009e047ebbf79c0f4003e622736411fd1137d1509f3cf973a0374cf00b969041fc53e5dbaa1c556b99b2ac5f118f8aa8cecbb6bef940b5e557ed9cb0c19822c3d4b7f9dce9915f1547a1f063983bbe639a72a3561738d66917c7bd3b54400299ee92e98c609ee195b3995937f2b1d4b6ddf3401fe16c8388488e5899aed6594bb4ac5cf0f88b037444618fe20539f529ff1734214023e5c9520a14d3b5a24e628ccdfb12979fef3961c33b6cbb1a494568a628641aa724b49e039aef53eb0a65e0bc6ef92623ca6c748505defa9ef7918168c3f1593e67d1924191f86ffbb5dc17425cad8e5fbf95e470943fac0b2896b024aecfe331d6a9978ba2f3f018764f99276e37b59bf33d194c9197b8aa03da5ea49006a2c89bc316ab75eac08b7547ce334b9e851f91eb7be1a3ee06c3b1e7f4ae129f7c4adba77567b1e4c69cdb4c1e2d9beae532bf2872f6734d7e9e5945d80bdca15b01c1de1e88feeaea92d0e4f1df0823bc1ea57b6655a8bb0882247a74839514263372ef77d6060314b77b99af0f3852f4296d6cbfc4eb418cb93a102fdde500c5291962ea186e372c5105f2c086d37f749c3c83e50ce4e6f289c28f70e3766e1f2bdcc0dd18e18e1aa995778c0c82b024bf3d4940f53ab2223be47da15bed651e80e390ba9c0511c60754b17c69edefecd99545384696ad0416ca64290ef5eea972575ae86d82c719b26a27f664bb43b4346f0036c99fe0816499cb70c43410a84760a7cf5301b9f9f4fe6163c694b56416f100a044fe527f6b7c3bde4452d3044825fdd7152aed4f1338e82c57224be4c843cfe0805a0be775993bdb58f83fa3bdcfe7687da46d04584143b7df0a0f1c928ef55c455c14a2c81853cfc6ce5d6eee85eaea511841fe0b41fa6e26f709f5bbfaf87e5aac7497ac220b22577b344d227090c55a2d6f27745f96b8f38f40558dae62ad89f133ad6bdfec3cd3a8cc29a3b86061608c0166dbc49efc107abc264ed3ba5098d35ace4c767d8502fc2ee8b784e2272bdcfea287989aa44361854e479089d150fcf0e1960f4666ac206174a7fc9f7d82c66fc5c102131755eca4b7c00e56977911fdcd92d4d04598bb6db3bb4a1ecc2ef25bb6d12a90bd0ec220470074a90adbbd8a7c88eba28b8f765b8f3a93e77df807ca5dff3999fe358c01e851eb0a923da69dd5bf7c45a159f932ef6e0283f6a5aec5a29357b64294f14f81f99b0297697441c081b03fedbeebfaba9dbc79a1008e526dd4ab70f1f19a13f941ab188125d07b2514ae1ad986f4bcda10ec51e5d0507ca60b5e4e73152e553a7144d5b83a6255ecc19f5dcc78bd7f360fb89429dc9b48358097d930c8561b2bd18dc0a470d1d6fed0ab912e5dee4bb6e148c9d7ed18c0027b7f9791d1ba6fb4a9af61ae8ec5064189f93d66fd2f2842d0c57856cb6eebf6443e12fcfa0158bd40d1403c5ee8ee9e34b2e9de20261fc222572a0e3e46d1f722fbd2da09d4df2edf1ce6b8a6df95fd18fd1efd8e7e371e202565670e487bee5fdf5d94c7da0aefceb8da882f5504477e03622b0edd793e1258b4c9021bf0c441113d90fcbce3e955cca416c1f04162aeec40d06aeceb0b40179c9ce468385f11b9fa3870217202bc80cdc824585638f0df3d546852976bf18ba7487ad65ca916011af3eab2be234afddc081f364ab08c04e320d1b785476fdc5c358d0e63899a0f27283417cf35486b593d7b3226b1c984b99a6cc5bc88003143cbe4b755e6e30ba94114f7ad1efef2ccce00f3f125f187472b03224414edb2e573497a3baa3a1e26a553fa61c8b4b8be257622b3f34a34163b5c7625d57e89c99382ff1cbce77028bcb9c9f219b2e8b7a9a56675031db4ad33416a67b2fadb789558ed0004322836ee0d0c68fb3fa83dc255683e3db12f947978a51392abd378df93edef6a":"b9c0384217f755b7392a0c9adfbea180e16a45f77ac535a42337eb8ddf3c854eb92c69caae0ee2aaf72cbe24f5b6b11dc985d7c8003c8aa0663c8d4f269fa9c2" + +SHA3_512 long #58 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3_multi:MBEDTLS_SHA3_512:"993a3df248d8a14607a75122f59986a73c80d6e245760851287c27a36761d5c0dbe6e209ee1f1de10b1c6a6c53c9159692136658714c7637edd1400d07eafb0bbdf1a8ff3ab7e7d34a230e56101c7c40fba92b70f6578577dfdc795a3bf9cd9428a5b65b9267a624aa046569945a63aa608c4db23c5fde1be8e4f8146a58f362024835a560f802dd1506962c484b71deaa02f3a6ac2c282aef33e5c2fbcd147d35234c660b33a5057272ca2892b64fe3bf5445d5ac850caddb0f69ed5821d8eea77e2424fbdd34a4a99028e3db65a5c189ca6cc6a53432ab96c1ac1ce81ce9bc42a1e46a98c15ac3a1a8d9e78c1e1a80efab900100ff412c0790d5d71385ecefecd3b5bd4aa6bd68440204bc0baa5629d841d80f23afe23916c60ca741268c908f5dbfa77953059e79e6d2e8c2d102c42ed26d77780cbcd8abaa7b12dac56fa6128729af8d91db6a289b6bf5175ac657d8a777c165dd7814ae8347a2462b3d395d991c5eee28e7d6396af66b740f49ecbe081d7654ecbdf2079a9bdfee209f5258dbbf3a04e0d0e9959b9bd040b6348ac83c871dacff347c9f379d50386b3cf7eb953bcd38813eab227684aee3182e3ade8dde3ed5df84b95ca1757d8dd6be33fe0eb79ff0d2db25c942d68cc5fde003e8414a61375456b127224cee5627ca0b798f5c36959c4c5e7349bcf34e2df1edcea1f20f3a25526de9004a2cf9270b894460511c90a73c5e06d15c6ae66f0a0078f5ffcf461c1ff4888496bee09e26b447c9bfd947bb512e6c23de79f58cd345ce85982ac3ff664eeef6592c7154c6946b12cef324a033d58b876ba8e34df3c3b998e6a71997ce84019ebaff161091329682a5f48e1d8b5b4d442b80187713821f7811ceb0ac009dabc3e2be369c2f95b1626d64edfc01c998a44588fcd5da8bea6b4027f006a3a1d2aff8f138be49c5a5fa4dc9a8033c2656ede148f72ef1e500ba9b3b426c609960a82520863f87cb58926ead29fbe57a6e6829497249ff984bad4b910ca7df8c3cf791d487e690aeb472f897d7aba3cec85d4312d3efadadb18b78b1b780c7824ee46394a37d0d76a0e212101add1f294c14572c84e8a32b1c9e4924acbcc1837eb6c4e942caa52c0329e49f5a570193e2d48e1debfc881a732ce77152267498b4b7db5acc9701d7c79097ccffe2f01472e70f6f72f305839e7e7a20108589c8d82dd16fa9aac87fd35f531f714694b5e49303a98094c16d84dc29ba50a0a71cd261cdb042cba32c0fde3f21194b967d202192547ca865e00f8d1cc67940779a8a9bf8a6fdc43ae7635484595db99e750ed9e3f7d0f798e426db7cccf32da04ce92379d8435c34b7b70b494fa65753a397021f1ae3490382b10c7154252fcb3ad54079ce7d5a3aa5f349b78c5dee5e11a1e56d461d664dc1996922e7790ea06b373b20111187f3b8ff57f697e84666c715cbf601e6161faac43ab80c5691c6e7f85c952869ab08f8c37d2df8b12714cbdcfae2d6a62021431bc75a4c2482e6b6feeb019beb8e206d280285381e591027dcbb584ac54dfa968657312e4ca7a7e133308bf301f7e420143025de99a301e3ff5580e7ab6553abee34653a34c8b26e7e735cb712affb18704d357289cf90052c128334c130d38839a41df845afae68c6fb9b6f857f0f5d25a2df7d56a364974b3889b96d75233751f081f1e72344d4f51171a4c42dc5f81a77498667e826a04310b9ff18feeac01c60baac83eb1cbcf2fd06dc3681c7f036149b1526657d29fee23c8d2b91d129843bf0b17fd0dd27a50781a24345bd4d63c0feb2fae4123963f63aeb0cf7807c70cb4a89459a301ef6770b7b533f4e1888c49ae64b2b8cd85a93daa225f89ec1c756f1bb3b11bca8cd94cbf1ce3823588c6896388204940ecb024439dd5bd3fe73250dcfcbfc2acd12a7ea8b1df9e41559f41a310535d2e49e8ca1389beac93d5b80c54e5c252195adf88fd2a6473857d6b050573d86ed61bb771928c96b258567ae41bf55524a0986cfe34cd2edc727ebe45e3592c18e8e0b0bd390cea792df7ff9aaaa204c4d3086740e8309b13a8c80d76c506dac5c717492f8f81266b6518ba7289724dbd113932e37ffb45d398f7dd2a33234110015df52afe8fd6f39e67301e20fc9c67eb89647864639b76b37ca1d2a6251b6217f359421e9f78cc4a31f4f019977d7fd29780524e20288798c50002a682a6368b95ca075826883ff9278d9acbe96d4f66e1fb1395b75970a96f5c3cbcd29e27cca3ebed43cb81d91ba64e60c058e86108d7592ec37fcaec75ea2ad3418b4fa07bac236669e4f222323ccc049f6c8b5f49061f26600fe9358eb40078ed13572ae91cf4f5230955a5cd699ad8a19aa294a7eca17cf3de30f6445b519008013131b584f53c17af38de5dab1f6f7f79da9b9609a4a4e7712ea9375eb2bb3aeb6a5f6172988da05cf826537fee3b9170affe93db8d30b35f5ec8f82c885cfe286f0e6d44537c658920285f667bbf80157f1831d0cfa2ffff3ddfd74366f7ba5ebbb94998ba7acfba5d5ed1ed3c8db3eee482f097e07e25d748488541c30df7e4dd0a86de322b5776ec344b72c508b5535cb9407f6414bd8e0aad629611124f514f5c95935ee0953579432ca599c30ce96445b225cf293f7a0178ffbef5a7292a8f39f636954cf17c70f615d42f4f13277792b5f9860e1431a935cd2ad53f0de7191d396679c304c26fd767bcf9ff6084234adc892d35e43b7e6e5b78343c760d8990df7170e5379db261c29e8e768d85e3b89643395327fdfd7d1b159741ea043d1f49061f261265052f97175126f2b3356663b61ed847ffb30c8c9172c1e271b0331682e8f81dbec49b55a5e693287294fec5605227ccc71b77406a6b4ef7cc9f56c87642edc2117d2f9ec8b34da77a8edc4bc087d44edab357a70ec54b828b3704cf6ed17997f39b76d30e4bb8e8018f796755046016a0f71850fd253a2b1433b79bcaf92e17ebabeb82d5245772ce136098ac7c5decc07353bec40fbd4a1e0209ce194e7dca403b082ecbb1cbc026b72c60254410199fa47440e1f92767ff1e55d6e835db17c7a5475730986878a1f7275e5de04925c5070497d5561b2d4e053636a633d898b887437cc22ccfd4d6300bd3c4f54ba9a7078f242ccb0ae27143257dd1ecf8b5b95d670fff03648d2a0e2":"d9b7d7f2ab02c4229f0cce5a02939b5ecd8364070d1861c72a5590a9825d153fe146f044ba8fee3f26fa3923b0a66d751fc360b19a43e5e3f10b6921b8e4097f" + +SHA3_512 long #60 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3_multi:MBEDTLS_SHA3_512:"b7571241008d792f0e1be9cea346e4aae82967db6aaa119262ad88f1398819204bb69e9deccfa5d3a8b7ceefcf1675ef320991fb2718dcf9d367355ca830423c2c7059acfce1a1481129740d4351086e0b784fa38dc91b45d6aa861862369128e1ee0b173aabb5b5d1d8a3d106dde54ffede677ba5a6169df3de44ce6f834e09f2977c85ae1628426e2b23e21fa454bb90a4a22a7697152ab36b3725d8fec10ae8d2739f5f084419728cbbea998d9dda4b30c85908855f139dba27c6a48e31504a09ba0d556a4f5f6562358e797f07d3b6eba1af64563d813a31dc58db1de806a0a317769825923fcd145778c964dbcf593df4d591f4f79c10391d8486922c5273085382311f55df340cea50912362f5bd8f8b729745d58ba93bb4f2abd4465c499f36da2742e06721b1b5bdd7a4e16e69472c2f7f331e778d9d674955cd7e4dadd2872682757a001d6b8268a5cfa361e5cfa0b450a51c8742c9ff3189641b4d2408100d4a9f6cd2afa217f9028ceff7ba8dafa8128215e4522544545181678338aa973888aaff045fbe3d17f7c30c576feb20b4ceb452b5451bfd57b40ca818701ee54f447d78beb527bc6a8a5c43ab8c4fbd7f8b221b23a111f4e5bbee273454cdc2f98400222a3a465c9bc53fdc189a234cb251b4b856f071efa46c0d2cfd6d1ff5de521b446d7581e552b0541fc820ce96f428527075b9a2b73cd152fe9e427d48a7b5b625b2ee411e36528453e3a6b863ee19e48ca9850c1456f2a5e73d5c4d81fcb6b90e1f2eefd0f0b3b5c290b4497b472b525419db17cd9ad5ef2d0341f869845b0c47dcbcf1c328dbd0b2f8d3e9a5a8678410ee432bacaf841619177be7c8e8ae98181220b1bf85d3be6c438a00abb9d363084f45b0773e0704f3a1928166d0b743c9e9e3958cafa265389862f653217ad584656a0ef7ee649f03cb0c2d0ae27df6a1888c07f14f50af5d1fe233668961c3cb5739adf468a5d190bb73557ec9089ae918a36eb80de6832502921fab989216264e3bf63653d281e4994e60882b6015eac0b132a7906bc8d666fa23ecf714b4dd72f64f8458f197458e26b6f1b18e51e9a93dba8781e768b975a3a5ef4def8738eaf421a71f0cfafcc282bf8002993431facf701f87624a1657140f7d432b767edfbdd5684f2a94515ceae2ffc789a809dcefbb394be5563534d5c75e81d168f978d7d18d90544c8b84e68a34a76694b87726039b7477745d336f375aaee947efdecc7fde8c910af464ff1ce94b39df87f2fbb10eab218cd87c69c5397279faa938244625e8e9b6d221bc01e45a0a73be76f72b5a98ea86ec384bdbc2778b696faf658d284f64396ee6a6a1ee7ddf37a52aa0da47e2da4ae28f9ee0be62267c896b19beb0670b7910d94364ce5cc213833781269d32f9c102a8e83cf6de531b3e93c74085d8e55f00221eb34e9ebaefa2c41f78232f50d193acb4562f91192ed750f87b6f4bfad385eabcf434ebcfb348fa0436a282e663dfc287983423809d9cc933d7366853bee859a79149ed0a48be01b7cae3d2c3602c13eb69cc3d9050d52700bca1d6f706729666f0554972944c00c09aabc8f0aec3c76731be87522fca91e7927a3eee9568ca817b20aa1080391fa810c50c7437ec058459d3a8cd23c33071c187474151151c809871b6eaf4cf88f592f84557e1eef5c847d3490912072b25b1919af724c0b5ecb111150bd95460328a0b1ba29613c0bd6486110fe6dfab8cca5fde18f5b0bc4d2dc970781511d2e45fc7385c3da18eeb18b3a9e68593d82c75bbbcadab2e5a29745f6f3a924e039579f4418dbee186d9cc24b896d96bd990186bdcbd3082b70aee9bb95a36531ecc405ae13d011bd10fe69fe728c8aed73d1d38e5506bf4fa770347f7e0eb6749121cc0be75ed979615d0eddea33ca6f9bdeaea806e44cc4cf91b29d0d298d3acee75ef803c6c9cfe74f0d6440f1c996896e9495420a351d4179e0bed3a25e071e8b3b0d09b667331b3b021c17550d04b53801c0a6d70ccbb59f4b3f51f79d3bd883ec95699c165565a7798ffdcbf93cb79192d495e9385284785e9918a7ef7bb577e02b93e66b896f1ac01a34c532a10921b42bafaf5c4446ab97769821b9390dcdc25a1923db41801b92558cdf3dc4126ee2404497cd13649f924240f38ee679fbef8b89e2ea3051105ccc46887f287bbfa9bd05311f3276cabb76b39be5166298d45a36922cb84aaf8bd8f24f8b409dba66fc6219d743f5c39f9e5099304b501b2d20dfbff76be53fac2620a2c6af00d5c678dba069aa5a009b23b86a04f7daf93679c5dafeada9473a1e5200c5c63da844cce2636ae82c085a914b9cd7ae6bc9acef896186f01f5cb23bf7080d28bc884e6306e13f7fd4513a819a803cc17af2ececaae244f5bff6a10980271138f61c5fd5c9987bf3fb61d75f25d288e3910b62ebaaebad00f39b9301adcc568982daf59f9af794c709b0ad946e0250973689cb76f9dc13c462c1e4beb086619ceb3abc1b0b9d0e8b67d429cbd37e382ee3e4731928323d9275e0228b38e3a6e587b1fff29bd76d93ce22d86006c4944d11a1f64ca69c7f0db59ce901b742bae5f0d74d90bc652672855335fb7873e9645848c17c05695c889a5e84bcac420230af21318ffd94cdca35bbcee8a8eacbf7205f6141c5275ab5ac8ba216a86001382b16284ac004c7ed47e30fc1f8b7a087f24c52185654fdf764caadaa0c0b5c7eed2cbe4bb423a97e445f751218590b9956a6107a3980bad04b9223d167c268777ddb501d3a8fe6dfa3879b53685d61adb5e338d1ff2915d2c95891374c13b9b455b88a49d3881483fe01ef0069234727a88a17da17bc937186a47246198dc4a7fd4ab93c0fca972dbc44fc93ab4920b9970149ed03c9c83edbfc4388607f1dd4ece8897e5fc5f32f56d720a7af3d82b619ff5b7553cf088d61d67178b19629cd9d38677b43f8ccfb561f1796d58ee1bfa9caa91d784af8ff90b9a8817d317cf496a0dfdd4cd1692442a32dfbceabc238bef9df4ff1abfe07e11c555d23ff9bec51c85efeeaee7c3ca509f030fb22a8a3c2134a775080ac38eb74e446664eeb1766f5616a9ebe5aa6e599eaf0cb6219a37b9d974e056768051869e1e784adfef83ede93aae8afa8e59cf99a95e008799a13ff321e90aed5eee051daab3fab5c1151ea423a4960db9b339f7baab9846d0a53bea77372e56a68dbd33b2bc7b566f5489f09834140571a32020aa9c8444876836253e73c998a1583449fc3ed5ac4167b63662060eccff":"a3e6224e7cc986c44ba987f70dd90f08cc77e36ec717cb07f9c831c0770bba22b88e9d4e86e994751718ee0472b2ae7b1c1cc8c832f5118adc896b0f05fb3c14" + +SHA3_512 long #62 +depends_on:MBEDTLS_SHA3_C +mbedtls_sha3_multi:MBEDTLS_SHA3_512:"e78360a670b2c0080307cfee5a2d20eebf117dfc66e7d98eff6f86fe8c76a92f709fea73c96370ac00570cb29fadb4f562fe34649047208d8b310d05a695000a383f2767eff2c79866ad762ff92d8a76d8b3d1565a07837794bd74a92bb78e8366eb7f498766af135c91752c11b48ab948b8be9b6b31e996419c25b2c0e43ae1232c5ae33cc80f670a8c71738e4a9c05db9661fb6dcc3c30bb5586e80f25ec6e968820fbb31fceda9925d2ca19f7a8a4b8d4243d05e1638e2a700112c0818c70e889395a9773d6b531e500fa5ac496dc09fa6e2bdd7746f8b575fdfa7b01033040b70ec88ecd0e40f95364cbf8b84ef6f391a68b9d96cdb584ede266e7ac37f6c799050d40345ec21af764049cdcb939a0203626ed46e00fc060171fac8a110aa4b787f057b0ae85bc59696fed36bdef382f85c47390674c915406ed73a379b30099fd3a7849e6cf0502dcd294d1435ee246fb2dda7b4ab51e531697e400583a03c8cdb34d08efe9207923f638b234d0c7ee0028c810719290e4afe7a6a894e7d4cb61237ef4af1b3346a8a382e3768b0faefc7ee656c42b0e9039a362a317029c2a1f52b3150fac67f2d1a0196bf3d8e10f57f7db552cc7c1dd1c94bffac7d3826e71089374f7e6e30408b7a75291fe6598795b4f158fb0d155c18266b48ea2af1ebe0cc618500fd004b4aed1a03a47c5d1cb72ec9fd72c65808e35fed953b64bc26d27f50a0070557a3c4e415ed5f92642b30457faea84a5e5ec743072fe587de2e821c850f1519bef0a5f9f944a5db3749ad83b2eb200ba0c4408a48576d06d0796c2e6f409fac9eb85a9924881bb91eee9b73e4415e7cc7dfcba011da56644b8dfd1f8fd32b208f415f3c384615beb3806690843fd8302c17e50ef3f72622a7e2b18a57453c280942207da4fd484e7db5bb64233511a855f309218f5c50b46e0e25d96605472585214ab7eb2c27fad5e4e66941cf9f57ddf7c4a214686aac1666c6972c91c0ab9b654a857b3119566494940a507dc5c11cac93eb53b9d87c2983204e2b895d2ca4948c60e5daa0b3a25b30d1efbe49669a67e377adaf3ea72ff9af58e33a612b49259cc4bb5752c5078f495a601f8edaefe05fd182d6e1bf9220d061d4537119e1aef84b5c55a3fd1cd74a0e62000a70857c558383cf7617e89f4fd38f33118b16773b4f594428be4a99af68660e50d9e3b2610820d770629bdb5a386477a6f14034b25b32a1359b296d05e2dc98d67993190ec9dabd4502345bac0b048fb5ef076e19f9690b7f1631b7ea28364e1fd20c26bb6321bf88894a9691c5dfe9c2d6d469cea46cd149b1ec10a883238c9165c741f34e866c9f5a4722c7e36724623b2fde3cd6ce9149f0b0eddd9df4d2efc75d2142f689531e179276ab0e2abdf89e8222011b0ed9e44538c5f5c34acf6f59261b36e59b017923e508a780ab150a7363eba7eb9e099d41ec3f8dbd95c0b4adbab62bb64bd62511976f69f568d82c5c5d819dc30caef95933a111c7665534379378adc31c6fc66322015ed6d465c2bbd78a5f3bcb387d0db7910e9b2d0b827948d949a67d2cc19b2d64f29f8e4c52145a7c68b06a449cc1d085f0835a421405336e6bdaeeabab2c1200c1d9e70a7ee85ebe46bb5a41dd382706441a8e975d4dfb9ea0db015ae788687b48f08f1e9dba6cf675c72bceb2b3238895eb3a89e2c609e0752125b90b42a92af48de6f7330d0d8b726e5f39b1d54e83525fde88390fd6ea4537fc448afd4ca6610c7f32d352a903c91b55115f11108cf602fb10c47deb02bd99d59bfaeadb53fae6b83ff31dd7e5e658bde41ef9021c1d5f00b219b2cec03ac1421dbfcdddda3ec732ad16e102a86690ea3085ffaba724de9ffaad20faa94948d2485e08bcafb9087ed8b32ec1d1a66e7a75088765c4a8fc2948f35ae734659b06ba6a1e002ad634ed615c699de8424bdf203b32d8eb16522d3b80c32ce81c224fd2488030f232d71ec57723ef52a6b398d072846d80f95b1c20e9fc244ad9892e3e9dd1c79c3b69737397d04eb7603037f462feac2cce8186c7735875c32a3a123dbe855c6f7c569c0a4311247ceb3c2d0a61041d55026ffd6dc18a99e78abfac7e4f0d48026248f8e7ed491919c441e891112729804170d0a268e4f92e87844d6eb3fc12eb799b0a9b1afa852477fc1b16e7ea6944e82eb0f3be0a1c1e8d12859d71b455914ed741a230a801037295050a59c044f973141ed0556c8b2e1804e5792cd8888a4e885e8be2d4056d40d766f9db4b55348eab6ac6b37eced3c4b5dd8039cb143cf51881b685f11a986f2d914400ee028c776f25554cd34fb5ffbfee512d2e813fdf228bc0be91b93b59f214a75f2ae547e9d9ef0aa5ec963b458d884a7b6577e96910bd28e13859bc9ddf71624a74761d32662835433d3ada12994c0aa8f230e02f7d965d925784a2a7403823576d2d730dbe5183a9479629038d99e03a6774baaec3b7ed4671b26402cec9591a7773cfc82d0b644c8e309e84b50289b4379bcf437d823672197b974cd5a571e82601a9fe4ca665a193a2a112ba06558ad51e949a25a5f7a9a138b2c1ef7d1c54eb2f881c97c2f64cda64d73a0725d232e285a12f36637f51bb822d1e8680a6f55985f0af98d194a2d4efb76716e19e50c2698b5f3a7b5c0ecad08ccf3580a02dd38d6a23ba62cf4815bbb82683ba08490722a9c6ac2e0c3551bc583076dda682fbae5b1586f714a11f416ff4b82faea0235982d2062c0e79e2adf60ec4f81879347149f198fef3524429355e3ea30fdaa966bd2dc2d5e120e01e0ca69a707495007ecd443afae9b046dbaecf81c49a7cfbe2af268cbc12deec95029481d7594b021f4b8a176b766f79c132c52bf4dcebbd45df48ae5f12186a9b5e44f58d252f9bdb4b3fa8d117c46f7277eb87c455cb4018c420b23f7d41eca99654701266a7405b52e159bc4c739a77d48f3fb3838036d4043b22cda30fe548313f7bf7ac4691f7e8fbb49d92d17d49df3cce32e4af03f005f49a9a21c6e6efc56293bd54820339840b43f57982aa510e808dd2f7ac2a055fe9641587fb5408b96a31d3fdee06a89a7c82446efb8435d8e729044b0c3b7c688639d03431cf3b83b2e0cc06ef3ebdb2ebfa1af1a0ad60c4cd1a574d439addb657664ab4febaf0bad92b061e09fdf153c605d99006885a68cecc3c8ce6da91cfe973f588b6a9b0d5597b2291c2d6ec03874010c8b1978b2b58c934686a7d412b990d613dfe0e0459905ba210ae5bf638cc33410a267d8b82f79bcf8e52f5544ff28d0e33397a53be2a36f4f930efb869f159fae2d98cd40617be7e6d14c553a3926d6d16fd51378993a7abd9df149b2d932e9ed15f57ed3b55abc173347fc7dcd538fe47be3":"cd4af24388fcf4481291f864142b6cf011bb4dbda0c31668a055f8530c253b9bc14b8784e31a1b32870c9703314308d1a79fa557da734b31fcddd874728b1a48" diff --git a/tests/suites/test_suite_shax.function b/tests/suites/test_suite_shax.function index 95d45baa40..28474b7723 100644 --- a/tests/suites/test_suite_shax.function +++ b/tests/suites/test_suite_shax.function @@ -2,6 +2,7 @@ #include "mbedtls/sha1.h" #include "mbedtls/sha256.h" #include "mbedtls/sha512.h" +#include "mbedtls/sha3.h" /* END_HEADER */ /* BEGIN_CASE depends_on:MBEDTLS_SHA1_C */ @@ -136,3 +137,43 @@ void sha512_selftest( ) TEST_ASSERT( mbedtls_sha512_self_test( 1 ) == 0 ); } /* END_CASE */ + +/* BEGIN_CASE depends_on:MBEDTLS_SHA3_C */ +void mbedtls_sha3( int family, data_t *in, data_t *hash ) +{ + unsigned char *output = NULL; + + ASSERT_ALLOC( output, hash->len ); + + TEST_ASSERT( mbedtls_sha3( family, in->x, in->len, output, hash->len ) == 0 ); + + ASSERT_COMPARE( output, hash->len, hash->x, hash->len ); + +exit: + mbedtls_free( output ); +} +/* END_CASE */ + +/* BEGIN_CASE depends_on:MBEDTLS_SHA3_C */ +void mbedtls_sha3_multi( int family, data_t *in, data_t *hash ) +{ + unsigned char *output = NULL; + mbedtls_sha3_context ctx; + const unsigned int block_size = 256; + + ASSERT_ALLOC( output, hash->len ); + + mbedtls_sha3_init( &ctx ); + mbedtls_sha3_starts( &ctx, family ); + + for( size_t l = 0; l < in->len; l += block_size ) + TEST_ASSERT( mbedtls_sha3_update( &ctx, in->x + l, MIN( in->len - l, block_size ) ) == 0 ); + + TEST_ASSERT( mbedtls_sha3_finish( &ctx, output, hash->len ) == 0 ); + + ASSERT_COMPARE( output, hash->len, hash->x, hash->len ); + +exit: + mbedtls_free( output ); +} +/* END_CASE */ From 90f360e091610da693dafdbb5391ac45b50d9ad2 Mon Sep 17 00:00:00 2001 From: Pol Henarejos Date: Tue, 17 May 2022 11:33:43 +0200 Subject: [PATCH 005/328] Aligning spaces Signed-off-by: Pol Henarejos --- include/mbedtls/error.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/mbedtls/error.h b/include/mbedtls/error.h index b23b7491f0..51c515d49f 100644 --- a/include/mbedtls/error.h +++ b/include/mbedtls/error.h @@ -78,7 +78,7 @@ * SHA1 1 0x0035-0x0035 0x0073-0x0073 * SHA256 1 0x0037-0x0037 0x0074-0x0074 * SHA512 1 0x0039-0x0039 0x0075-0x0075 - * SHA-3 1 0x0076-0x0076 + * SHA-3 1 0x0076-0x0076 * CHACHA20 3 0x0051-0x0055 * POLY1305 3 0x0057-0x005B * CHACHAPOLY 2 0x0054-0x0056 From 084649d189a9e25f065d420b38f6383793896e1e Mon Sep 17 00:00:00 2001 From: Pol Henarejos Date: Tue, 17 May 2022 11:33:55 +0200 Subject: [PATCH 006/328] SHA-3 does not use SHA3_ALT anymore. Next releases will not use alt files. Signed-off-by: Pol Henarejos --- include/mbedtls/mbedtls_config.h | 1 - include/mbedtls/sha3.h | 8 -------- library/sha3.c | 4 ---- 3 files changed, 13 deletions(-) diff --git a/include/mbedtls/mbedtls_config.h b/include/mbedtls/mbedtls_config.h index 35a4a0cbd6..bfaa5f982d 100644 --- a/include/mbedtls/mbedtls_config.h +++ b/include/mbedtls/mbedtls_config.h @@ -328,7 +328,6 @@ //#define MBEDTLS_SHA1_ALT //#define MBEDTLS_SHA256_ALT //#define MBEDTLS_SHA512_ALT -//#define MBEDTLS_SHA3_ALT /* * When replacing the elliptic curve module, pleace consider, that it is diff --git a/include/mbedtls/sha3.h b/include/mbedtls/sha3.h index adecdc722f..36942db88a 100644 --- a/include/mbedtls/sha3.h +++ b/include/mbedtls/sha3.h @@ -55,10 +55,6 @@ typedef enum MBEDTLS_SHA3_512, /*!< SHA3-512 */ } mbedtls_sha3_id; -#if !defined(MBEDTLS_SHA3_ALT) -// Regular implementation -// - struct mbedtls_sha3_context; typedef struct mbedtls_sha3_family_functions { @@ -87,10 +83,6 @@ typedef struct mbedtls_sha3_context { } mbedtls_sha3_context; -#else /* MBEDTLS_SHA3_ALT */ -#include "sha3_alt.h" -#endif /* MBEDTLS_SHA3_ALT */ - /** * \brief This function initializes a SHA-3 context. * diff --git a/library/sha3.c b/library/sha3.c index d5db165fbc..4a08131e6b 100644 --- a/library/sha3.c +++ b/library/sha3.c @@ -44,8 +44,6 @@ #endif /* MBEDTLS_PLATFORM_C */ #endif /* MBEDTLS_SELF_TEST */ -#if !defined(MBEDTLS_SHA3_ALT) - /* * List of supported SHA-3 families */ @@ -268,8 +266,6 @@ int mbedtls_sha3_finish( mbedtls_sha3_context *ctx, return( 0 ); } -#endif /* !MBEDTLS_SHA3_ALT */ - /* * output = SHA3( input buffer ) */ From 85eeda01222e6632639b6ae30f65bd807c158950 Mon Sep 17 00:00:00 2001 From: Pol Henarejos Date: Tue, 17 May 2022 11:43:15 +0200 Subject: [PATCH 007/328] olen = 0 is not allowed for SHA-3. Sanity checks are moved to mbedtls_sha3_xxx() functions. Signed-off-by: Pol Henarejos --- library/sha3.c | 12 ++---------- 1 file changed, 2 insertions(+), 10 deletions(-) diff --git a/library/sha3.c b/library/sha3.c index 4a08131e6b..705f48c32c 100644 --- a/library/sha3.c +++ b/library/sha3.c @@ -241,12 +241,9 @@ int mbedtls_sha3_update( mbedtls_sha3_context *ctx, int mbedtls_sha3_finish( mbedtls_sha3_context *ctx, uint8_t *output, size_t olen ) { - if( ctx == NULL ) + if( ctx == NULL || output == NULL ) return( MBEDTLS_ERR_SHA3_BAD_INPUT_DATA ); - if( olen == 0 ) - return( 0 ); - if( ctx->olen > 0 && ctx->olen != olen ) return( MBEDTLS_ERR_SHA3_BAD_INPUT_DATA ); @@ -275,14 +272,9 @@ int mbedtls_sha3( mbedtls_sha3_id id, const uint8_t *input, int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; mbedtls_sha3_context ctx; - if( ilen != 0 && input == NULL ) - return( MBEDTLS_ERR_SHA3_BAD_INPUT_DATA ); - - if( output == NULL ) - return( MBEDTLS_ERR_SHA3_BAD_INPUT_DATA ); - mbedtls_sha3_init( &ctx ); + /* Sanity checks are performed in every mbedtls_sha3_xxx() */ if( ( ret = mbedtls_sha3_starts( &ctx, id ) ) != 0 ) goto exit; From 116411e1a979dde5fc4b3456eef7474131f29724 Mon Sep 17 00:00:00 2001 From: Pol Henarejos Date: Tue, 17 May 2022 11:45:59 +0200 Subject: [PATCH 008/328] Fix when no SHA3 family is found. Signed-off-by: Pol Henarejos --- library/sha3.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/sha3.c b/library/sha3.c index 705f48c32c..f5af2b7b81 100644 --- a/library/sha3.c +++ b/library/sha3.c @@ -203,7 +203,7 @@ int mbedtls_sha3_starts( mbedtls_sha3_context *ctx, mbedtls_sha3_id id ) break; } - if( p == NULL ) + if( p == NULL || p->id == MBEDTLS_SHA3_NONE ) return( MBEDTLS_ERR_SHA3_BAD_INPUT_DATA ); ctx->id = id; From e6b8c83c7a2928367791336f3b5d1461b9356297 Mon Sep 17 00:00:00 2001 From: Pol Henarejos Date: Tue, 17 May 2022 12:17:44 +0200 Subject: [PATCH 009/328] Remove sha3_alt.h Next releases will not rely on alt files. Signed-off-by: Pol Henarejos --- tests/include/alt-dummy/sha3_alt.h | 30 ------------------------------ 1 file changed, 30 deletions(-) delete mode 100644 tests/include/alt-dummy/sha3_alt.h diff --git a/tests/include/alt-dummy/sha3_alt.h b/tests/include/alt-dummy/sha3_alt.h deleted file mode 100644 index 7f9345e48a..0000000000 --- a/tests/include/alt-dummy/sha3_alt.h +++ /dev/null @@ -1,30 +0,0 @@ -/* sha3_alt.h with dummy types for MBEDTLS_SHA3_ALT */ -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#ifndef SHA3_ALT_H -#define SHA3_ALT_H - -typedef struct mbedtls_sha3_context -{ - int dummy; -} -mbedtls_sha3_context; - - -#endif /* sha3_alt.h */ - From 1f3ae1639d8a6d32605362bed35f1d611ac94408 Mon Sep 17 00:00:00 2001 From: Pol Henarejos Date: Tue, 17 May 2022 12:53:30 +0200 Subject: [PATCH 010/328] olen parameter shall contain the length of the buffer. For SHA-3 families, it must be at least 28, 32, 48 or 64, depending on the family. Signed-off-by: Pol Henarejos --- include/mbedtls/sha3.h | 11 ++++++----- library/sha3.c | 9 +++++++-- 2 files changed, 13 insertions(+), 7 deletions(-) diff --git a/include/mbedtls/sha3.h b/include/mbedtls/sha3.h index 36942db88a..7d673bc917 100644 --- a/include/mbedtls/sha3.h +++ b/include/mbedtls/sha3.h @@ -145,9 +145,9 @@ int mbedtls_sha3_update( mbedtls_sha3_context *ctx, * and have a hash operation started. * \param output The SHA-3 checksum result. * This must be a writable buffer of length \c olen bytes. - * \param olen Defines a variable output length (in bytes). \c output must be - * \c olen bytes length. For SHA-3 224, SHA-3 256, SHA-3 384 and - * SHA-3 512 must equal to 28, 32, 48 and 64, respectively. + * \param olen Defines the length of output buffer (in bytes). For SHA-3 224, SHA-3 256, + * SHA-3 384 and SHA-3 512 \c olen must equal to 28, 32, 48 and 64, + * respectively. * * \return \c 0 on success. * \return A negative error code on failure. @@ -171,8 +171,9 @@ int mbedtls_sha3_finish( mbedtls_sha3_context *ctx, * \param ilen The length of the input data in Bytes. * \param output The SHA-3 checksum result. * This must be a writable buffer of length \c olen bytes. - * \param olen Determines the length (in bytes) of the output. \c output - * must be \c olen bytes length. + * \param olen Defines the length of output buffer (in bytes). For SHA-3 224, SHA-3 256, + * SHA-3 384 and SHA-3 512 \c olen must equal to 28, 32, 48 and 64, + * respectively. * * \return \c 0 on success. * \return A negative error code on failure. diff --git a/library/sha3.c b/library/sha3.c index f5af2b7b81..9aadf9df7f 100644 --- a/library/sha3.c +++ b/library/sha3.c @@ -244,8 +244,13 @@ int mbedtls_sha3_finish( mbedtls_sha3_context *ctx, if( ctx == NULL || output == NULL ) return( MBEDTLS_ERR_SHA3_BAD_INPUT_DATA ); - if( ctx->olen > 0 && ctx->olen != olen ) - return( MBEDTLS_ERR_SHA3_BAD_INPUT_DATA ); + /* Catch SHA-3 families, with fixed output length */ + if( ctx->olen > 0 ) + { + if ( ctx->olen > olen ) + return( MBEDTLS_ERR_SHA3_BAD_INPUT_DATA ); + olen = ctx->olen; + } ABSORB( ctx, ctx->index, ctx->xor_byte ); ABSORB( ctx, ctx->max_block_size - 1, 0x80 ); From 4712d4c3e66b19b840b333d90c965cd98559710f Mon Sep 17 00:00:00 2001 From: Pol Henarejos Date: Fri, 20 May 2022 14:17:14 +0200 Subject: [PATCH 011/328] Added SHA3 to MD. This enables HMAC with SHA3. Signed-off-by: Pol Henarejos --- include/mbedtls/md.h | 12 ++++- library/md.c | 125 +++++++++++++++++++++++++++++++++++++++++++ library/md_wrap.h | 6 +++ 3 files changed, 141 insertions(+), 2 deletions(-) diff --git a/include/mbedtls/md.h b/include/mbedtls/md.h index 612061d152..78f9b4056b 100644 --- a/include/mbedtls/md.h +++ b/include/mbedtls/md.h @@ -61,15 +61,23 @@ typedef enum { MBEDTLS_MD_SHA384, /**< The SHA-384 message digest. */ MBEDTLS_MD_SHA512, /**< The SHA-512 message digest. */ MBEDTLS_MD_RIPEMD160, /**< The RIPEMD-160 message digest. */ +#if defined(MBEDTLS_SHA3_C) + MBEDTLS_MD_SHA3_224, /**< The SHA3-224 message digest. */ + MBEDTLS_MD_SHA3_256, /**< The SHA3-256 message digest. */ + MBEDTLS_MD_SHA3_384, /**< The SHA3-384 message digest. */ + MBEDTLS_MD_SHA3_512, /**< The SHA3-512 message digest. */ +#endif } mbedtls_md_type_t; -#if defined(MBEDTLS_SHA512_C) +#if defined(MBEDTLS_SHA512_C) || defined(MBEDTLS_SHA3_C) #define MBEDTLS_MD_MAX_SIZE 64 /* longest known is SHA512 */ #else #define MBEDTLS_MD_MAX_SIZE 32 /* longest known is SHA256 or less */ #endif -#if defined(MBEDTLS_SHA512_C) +#if defined(MBEDTLS_SHA3_C) +#define MBEDTLS_MD_MAX_BLOCK_SIZE 144 /* the longest known is SHA3-224 */ +#elif defined(MBEDTLS_SHA512_C) #define MBEDTLS_MD_MAX_BLOCK_SIZE 128 #else #define MBEDTLS_MD_MAX_BLOCK_SIZE 64 diff --git a/library/md.c b/library/md.c index f2c1a90f86..ca3b9a0175 100644 --- a/library/md.c +++ b/library/md.c @@ -35,6 +35,9 @@ #include "mbedtls/sha1.h" #include "mbedtls/sha256.h" #include "mbedtls/sha512.h" +#if defined(MBEDTLS_SHA3_C) +#include "mbedtls/sha3.h" +#endif #if defined(MBEDTLS_PLATFORM_C) #include "mbedtls/platform.h" @@ -113,11 +116,46 @@ const mbedtls_md_info_t mbedtls_sha512_info = { }; #endif +#if defined(MBEDTLS_SHA3_C) +const mbedtls_md_info_t mbedtls_sha3_224_info = { + "SHA3-224", + MBEDTLS_MD_SHA3_224, + 28, + 144, +}; +const mbedtls_md_info_t mbedtls_sha3_256_info = { + "SHA3-256", + MBEDTLS_MD_SHA3_256, + 32, + 136, +}; +const mbedtls_md_info_t mbedtls_sha3_384_info = { + "SHA3-384", + MBEDTLS_MD_SHA3_384, + 48, + 104, +}; +const mbedtls_md_info_t mbedtls_sha3_512_info = { + "SHA3-512", + MBEDTLS_MD_SHA3_512, + 64, + 72, +}; +#endif + + /* * Reminder: update profiles in x509_crt.c when adding a new hash! */ static const int supported_digests[] = { +#if defined(MBEDTLS_SHA3_C) + MBEDTLS_MD_SHA3_512, + MBEDTLS_MD_SHA3_384, + MBEDTLS_MD_SHA3_256, + MBEDTLS_MD_SHA3_224, +#endif + #if defined(MBEDTLS_SHA512_C) MBEDTLS_MD_SHA512, #endif @@ -186,6 +224,16 @@ const mbedtls_md_info_t *mbedtls_md_info_from_string( const char *md_name ) #if defined(MBEDTLS_SHA512_C) if( !strcmp( "SHA512", md_name ) ) return mbedtls_md_info_from_type( MBEDTLS_MD_SHA512 ); +#endif +#if defined(MBEDTLS_SHA3_C) + if( !strcmp( "SHA3-224", md_name ) ) + return mbedtls_md_info_from_type( MBEDTLS_MD_SHA3_224 ); + if( !strcmp( "SHA3-256", md_name ) ) + return mbedtls_md_info_from_type( MBEDTLS_MD_SHA3_256 ); + if( !strcmp( "SHA3-384", md_name ) ) + return mbedtls_md_info_from_type( MBEDTLS_MD_SHA3_384 ); + if( !strcmp( "SHA3-512", md_name ) ) + return mbedtls_md_info_from_type( MBEDTLS_MD_SHA3_512 ); #endif return( NULL ); } @@ -221,6 +269,16 @@ const mbedtls_md_info_t *mbedtls_md_info_from_type( mbedtls_md_type_t md_type ) #if defined(MBEDTLS_SHA512_C) case MBEDTLS_MD_SHA512: return( &mbedtls_sha512_info ); +#endif +#if defined(MBEDTLS_SHA3_C) + case MBEDTLS_MD_SHA3_224: + return( &mbedtls_sha3_224_info ); + case MBEDTLS_MD_SHA3_256: + return( &mbedtls_sha3_256_info ); + case MBEDTLS_MD_SHA3_384: + return( &mbedtls_sha3_384_info ); + case MBEDTLS_MD_SHA3_512: + return( &mbedtls_sha3_512_info ); #endif default: return( NULL ); @@ -284,6 +342,14 @@ void mbedtls_md_free( mbedtls_md_context_t *ctx ) case MBEDTLS_MD_SHA512: mbedtls_sha512_free( ctx->md_ctx ); break; +#endif +#if defined(MBEDTLS_SHA3_C) + case MBEDTLS_MD_SHA3_224: + case MBEDTLS_MD_SHA3_256: + case MBEDTLS_MD_SHA3_384: + case MBEDTLS_MD_SHA3_512: + mbedtls_sha3_free( ctx->md_ctx ); + break; #endif default: /* Shouldn't happen */ @@ -348,6 +414,14 @@ int mbedtls_md_clone( mbedtls_md_context_t *dst, case MBEDTLS_MD_SHA512: mbedtls_sha512_clone( dst->md_ctx, src->md_ctx ); break; +#endif +#if defined(MBEDTLS_SHA3_C) + case MBEDTLS_MD_SHA3_224: + case MBEDTLS_MD_SHA3_256: + case MBEDTLS_MD_SHA3_384: + case MBEDTLS_MD_SHA3_512: + mbedtls_sha3_clone( dst->md_ctx, src->md_ctx ); + break; #endif default: return( MBEDTLS_ERR_MD_BAD_INPUT_DATA ); @@ -410,6 +484,14 @@ int mbedtls_md_setup( mbedtls_md_context_t *ctx, const mbedtls_md_info_t *md_inf case MBEDTLS_MD_SHA512: ALLOC( sha512 ); break; +#endif +#if defined(MBEDTLS_SHA3_C) + case MBEDTLS_MD_SHA3_224: + case MBEDTLS_MD_SHA3_256: + case MBEDTLS_MD_SHA3_384: + case MBEDTLS_MD_SHA3_512: + ALLOC( sha3 ); + break; #endif default: return( MBEDTLS_ERR_MD_BAD_INPUT_DATA ); @@ -463,6 +545,16 @@ int mbedtls_md_starts( mbedtls_md_context_t *ctx ) #if defined(MBEDTLS_SHA512_C) case MBEDTLS_MD_SHA512: return( mbedtls_sha512_starts( ctx->md_ctx, 0 ) ); +#endif +#if defined(MBEDTLS_SHA3_C) + case MBEDTLS_MD_SHA3_224: + return( mbedtls_sha3_starts( ctx->md_ctx, MBEDTLS_SHA3_224 ) ); + case MBEDTLS_MD_SHA3_256: + return( mbedtls_sha3_starts( ctx->md_ctx, MBEDTLS_SHA3_256 ) ); + case MBEDTLS_MD_SHA3_384: + return( mbedtls_sha3_starts( ctx->md_ctx, MBEDTLS_SHA3_384 ) ); + case MBEDTLS_MD_SHA3_512: + return( mbedtls_sha3_starts( ctx->md_ctx, MBEDTLS_SHA3_512 ) ); #endif default: return( MBEDTLS_ERR_MD_BAD_INPUT_DATA ); @@ -503,6 +595,13 @@ int mbedtls_md_update( mbedtls_md_context_t *ctx, const unsigned char *input, si #if defined(MBEDTLS_SHA512_C) case MBEDTLS_MD_SHA512: return( mbedtls_sha512_update( ctx->md_ctx, input, ilen ) ); +#endif +#if defined(MBEDTLS_SHA3_C) + case MBEDTLS_MD_SHA3_224: + case MBEDTLS_MD_SHA3_256: + case MBEDTLS_MD_SHA3_384: + case MBEDTLS_MD_SHA3_512: + return( mbedtls_sha3_update( ctx->md_ctx, input, ilen ) ); #endif default: return( MBEDTLS_ERR_MD_BAD_INPUT_DATA ); @@ -543,6 +642,13 @@ int mbedtls_md_finish( mbedtls_md_context_t *ctx, unsigned char *output ) #if defined(MBEDTLS_SHA512_C) case MBEDTLS_MD_SHA512: return( mbedtls_sha512_finish( ctx->md_ctx, output ) ); +#endif +#if defined(MBEDTLS_SHA3_C) + case MBEDTLS_MD_SHA3_224: + case MBEDTLS_MD_SHA3_256: + case MBEDTLS_MD_SHA3_384: + case MBEDTLS_MD_SHA3_512: + return( mbedtls_sha3_finish( ctx->md_ctx, output, ctx->md_info->size ) ); #endif default: return( MBEDTLS_ERR_MD_BAD_INPUT_DATA ); @@ -584,6 +690,16 @@ int mbedtls_md( const mbedtls_md_info_t *md_info, const unsigned char *input, si #if defined(MBEDTLS_SHA512_C) case MBEDTLS_MD_SHA512: return( mbedtls_sha512( input, ilen, output, 0 ) ); +#endif +#if defined(MBEDTLS_SHA3_C) + case MBEDTLS_MD_SHA3_224: + return( mbedtls_sha3( MBEDTLS_SHA3_224, input, ilen, output, md_info->size ) ); + case MBEDTLS_MD_SHA3_256: + return( mbedtls_sha3( MBEDTLS_SHA3_256, input, ilen, output, md_info->size ) ); + case MBEDTLS_MD_SHA3_384: + return( mbedtls_sha3( MBEDTLS_SHA3_384, input, ilen, output, md_info->size ) ); + case MBEDTLS_MD_SHA3_512: + return( mbedtls_sha3( MBEDTLS_SHA3_512, input, ilen, output, md_info->size ) ); #endif default: return( MBEDTLS_ERR_MD_BAD_INPUT_DATA ); @@ -788,6 +904,15 @@ int mbedtls_md_process( mbedtls_md_context_t *ctx, const unsigned char *data ) #if defined(MBEDTLS_SHA512_C) case MBEDTLS_MD_SHA512: return( mbedtls_internal_sha512_process( ctx->md_ctx, data ) ); +#endif +#if defined(MBEDTLS_SHA3_C) + /* mbedtls_md_process() is used for test suite. Since, sha3.c does not + implement mbedtls_sha3_process(), we silently return 0 */ + case MBEDTLS_MD_SHA3_224: + case MBEDTLS_MD_SHA3_256: + case MBEDTLS_MD_SHA3_384: + case MBEDTLS_MD_SHA3_512: + return( 0 ); #endif default: return( MBEDTLS_ERR_MD_BAD_INPUT_DATA ); diff --git a/library/md_wrap.h b/library/md_wrap.h index 90c7957316..50a409352a 100644 --- a/library/md_wrap.h +++ b/library/md_wrap.h @@ -74,6 +74,12 @@ extern const mbedtls_md_info_t mbedtls_sha384_info; #if defined(MBEDTLS_SHA512_C) extern const mbedtls_md_info_t mbedtls_sha512_info; #endif +#if defined(MBEDTLS_SHA3_C) +extern const mbedtls_md_info_t mbedtls_sha3_224_info; +extern const mbedtls_md_info_t mbedtls_sha3_256_info; +extern const mbedtls_md_info_t mbedtls_sha3_384_info; +extern const mbedtls_md_info_t mbedtls_sha3_512_info; +#endif #ifdef __cplusplus } From ebb3640ada0824713b2707b99c46929e84d13fdb Mon Sep 17 00:00:00 2001 From: Pol Henarejos Date: Fri, 20 May 2022 14:26:00 +0200 Subject: [PATCH 012/328] Added SHA3 to benchmark. Taken from #1549, as it is closed. Signed-off-by: Pol Henarejos --- programs/test/benchmark.c | 27 ++++++++++++++++++++++++--- 1 file changed, 24 insertions(+), 3 deletions(-) diff --git a/programs/test/benchmark.c b/programs/test/benchmark.c index 6ff2eb8827..08695a5521 100644 --- a/programs/test/benchmark.c +++ b/programs/test/benchmark.c @@ -46,6 +46,7 @@ int main( void ) #include "mbedtls/sha1.h" #include "mbedtls/sha256.h" #include "mbedtls/sha512.h" +#include "mbedtls/sha3.h" #include "mbedtls/des.h" #include "mbedtls/aes.h" @@ -120,11 +121,12 @@ static void mbedtls_set_alarm( int seconds ); #define TITLE_LEN 25 #define OPTIONS \ - "md5, ripemd160, sha1, sha256, sha512,\n" \ - "des3, des, camellia, chacha20,\n" \ + "md5, ripemd160, sha1, sha256, sha512,\n" \ + "sha3_224, sha3_256, sha3_384, sha3_512,\n" \ + "des3, des, camellia, chacha20,\n" \ "aes_cbc, aes_gcm, aes_ccm, aes_xts, chachapoly,\n" \ "aes_cmac, des3_cmac, poly1305\n" \ - "ctr_drbg, hmac_drbg\n" \ + "ctr_drbg, hmac_drbg\n" \ "rsa, dhm, ecdsa, ecdh.\n" #if defined(MBEDTLS_ERROR_C) @@ -518,6 +520,7 @@ unsigned char buf[BUFSIZE]; typedef struct { char md5, ripemd160, sha1, sha256, sha512, + sha3_224, sha3_256, sha3_384, sha3_512, des3, des, aes_cbc, aes_gcm, aes_ccm, aes_xts, chachapoly, aes_cmac, des3_cmac, @@ -569,6 +572,14 @@ int main( int argc, char *argv[] ) todo.sha256 = 1; else if( strcmp( argv[i], "sha512" ) == 0 ) todo.sha512 = 1; + else if( strcmp( argv[i], "sha3_224" ) == 0 ) + todo.sha3_224 = 1; + else if( strcmp( argv[i], "sha3_256" ) == 0 ) + todo.sha3_256 = 1; + else if( strcmp( argv[i], "sha3_384" ) == 0 ) + todo.sha3_384 = 1; + else if( strcmp( argv[i], "sha3_512" ) == 0 ) + todo.sha3_512 = 1; else if( strcmp( argv[i], "des3" ) == 0 ) todo.des3 = 1; else if( strcmp( argv[i], "des" ) == 0 ) @@ -655,6 +666,16 @@ int main( int argc, char *argv[] ) if( todo.sha512 ) TIME_AND_TSC( "SHA-512", mbedtls_sha512( buf, BUFSIZE, tmp, 0 ) ); #endif +#if defined(MBEDTLS_SHA3_C) + if ( todo.sha3_224 ) + TIME_AND_TSC( "SHA3-224", mbedtls_sha3( MBEDTLS_SHA3_224, buf, BUFSIZE, tmp, 28 ) ); + if ( todo.sha3_256 ) + TIME_AND_TSC( "SHA3-256", mbedtls_sha3( MBEDTLS_SHA3_256, buf, BUFSIZE, tmp, 32 ) ); + if ( todo.sha3_384 ) + TIME_AND_TSC( "SHA3-384", mbedtls_sha3( MBEDTLS_SHA3_384, buf, BUFSIZE, tmp, 48 ) ); + if ( todo.sha3_512 ) + TIME_AND_TSC( "SHA3-512", mbedtls_sha3( MBEDTLS_SHA3_512, buf, BUFSIZE, tmp, 64 ) ); +#endif #if defined(MBEDTLS_DES_C) #if defined(MBEDTLS_CIPHER_MODE_CBC) From 938b5abb13d23111fd8cd8acbb7c1284c4cc8855 Mon Sep 17 00:00:00 2001 From: Pol Henarejos Date: Fri, 20 May 2022 16:01:07 +0200 Subject: [PATCH 013/328] Fix when reusing the same context for another operation. Occurs in hmac, where multiple hashes are performed with the same context) and thus, it requires to reinitialize the internal states to 0. Signed-off-by: Pol Henarejos --- library/sha3.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/library/sha3.c b/library/sha3.c index 9aadf9df7f..a92f8af8be 100644 --- a/library/sha3.c +++ b/library/sha3.c @@ -212,6 +212,9 @@ int mbedtls_sha3_starts( mbedtls_sha3_context *ctx, mbedtls_sha3_id id ) ctx->xor_byte = p->xor_byte; ctx->max_block_size = ctx->r / 8; + memset( ctx->state, 0, sizeof( ctx->state ) ); + ctx->index = 0; + return( 0 ); } From 8aadc614dbffc58e8bb11b9749e764b3e1fcca6f Mon Sep 17 00:00:00 2001 From: Pol Henarejos Date: Fri, 20 May 2022 16:07:21 +0200 Subject: [PATCH 014/328] Adding tests for MD SHA3 (taken from #1549). Signed-off-by: Pol Henarejos --- tests/suites/test_suite_md.data | 304 ++++++++++++++++++++++++++++++++ 1 file changed, 304 insertions(+) diff --git a/tests/suites/test_suite_md.data b/tests/suites/test_suite_md.data index a74106835a..9ed616018a 100644 --- a/tests/suites/test_suite_md.data +++ b/tests/suites/test_suite_md.data @@ -33,6 +33,22 @@ Information on SHA512 depends_on:MBEDTLS_SHA512_C md_info:MBEDTLS_MD_SHA512:"SHA512":64 +Information on SHA3-224 +depends_on:MBEDTLS_SHA3_C +md_info:MBEDTLS_MD_SHA3_224:"SHA3-224":28 + +Information on SHA3-256 +depends_on:MBEDTLS_SHA3_C +md_info:MBEDTLS_MD_SHA3_256:"SHA3-256":32 + +Information on SHA3-384 +depends_on:MBEDTLS_SHA3_C +md_info:MBEDTLS_MD_SHA3_384:"SHA3-384":48 + +Information on SHA3-512 +depends_on:MBEDTLS_SHA3_C +md_info:MBEDTLS_MD_SHA3_512:"SHA3-512":64 + generic mbedtls_md5 Test vector RFC1321 #1 depends_on:MBEDTLS_MD5_C md_text:"MD5":"":"d41d8cd98f00b204e9800998ecf8427e" @@ -93,6 +109,22 @@ generic mbedtls_ripemd160 Test vector from paper #8 depends_on:MBEDTLS_RIPEMD160_C md_text:"RIPEMD160":"12345678901234567890123456789012345678901234567890123456789012345678901234567890":"9b752e45573d4b39f4dbd3323cab82bf63326bfb" +generic mbedtls_sha3 SHA3-224 Test vector from CAVS 19.0 with Len = 8 +depends_on:MBEDTLS_SHA3_C +md_hex:"SHA3-224":"01":"488286d9d32716e5881ea1ee51f36d3660d70f0db03b3f612ce9eda4" + +generic mbedtls_sha3 SHA3-256 Test vector from CAVS 19.0 with Len = 8 +depends_on:MBEDTLS_SHA3_C +md_hex:"SHA3-256":"e9":"f0d04dd1e6cfc29a4460d521796852f25d9ef8d28b44ee91ff5b759d72c1e6d6" + +generic mbedtls_sha3 SHA3-384 Test vector from CAVS 19.0 with Len = 8 +depends_on:MBEDTLS_SHA3_C +md_hex:"SHA3-384":"80":"7541384852e10ff10d5fb6a7213a4a6c15ccc86d8bc1068ac04f69277142944f4ee50d91fdc56553db06b2f5039c8ab7" + +generic mbedtls_sha3 SHA3-512 Test vector from CAVS 19.0 with Len = 8 +depends_on:MBEDTLS_SHA3_C +md_hex:"SHA3-512":"e5":"150240baf95fb36f8ccb87a19a41767e7aed95125075a2b2dbba6e565e1ce8575f2b042b62e29a04e9440314a821c6224182964d8b557b16a492b3806f4c39c1" + generic HMAC-MD5 Hash File OpenSSL test #1 depends_on:MBEDTLS_MD5_C mbedtls_md_hmac:"MD5":16:"61616161616161616161616161616161":"b91ce5ac77d33c234e61002ed6":"42552882f00bd4633ea81135a184b284" @@ -225,6 +257,22 @@ generic multi step mbedtls_ripemd160 Test vector from paper #8 depends_on:MBEDTLS_RIPEMD160_C md_text_multi:"RIPEMD160":"12345678901234567890123456789012345678901234567890123456789012345678901234567890":"9b752e45573d4b39f4dbd3323cab82bf63326bfb" +generic multi step mbedtls_sha3 SHA3-224 Test vector from CAVS 19.0 with Len = 48 +depends_on:MBEDTLS_SHA3_C +md_hex_multi:"SHA3-224":"e7183e4d89c9":"650618f3b945c07de85b8478d69609647d5e2a432c6b15fbb3db91e4" + +generic multi step mbedtls_sha3 SHA3-256 Test vector from CAVS 19.0 with Len = 48 +depends_on:MBEDTLS_SHA3_C +md_hex_multi:"SHA3-256":"e6fd42037f80":"2294f8d3834f24aa9037c431f8c233a66a57b23fa3de10530bbb6911f6e1850f" + +generic multi step mbedtls_sha3 SHA3-384 Test vector from CAVS 19.0 with Len = 48 +depends_on:MBEDTLS_SHA3_C +md_hex_multi:"SHA3-384":"5a6659e9f0e7":"21b1f3f63b907f968821185a7fe30b16d47e1d6ee5b9c80be68947854de7a8ef4a03a6b2e4ec96abdd4fa29ab9796f28" + +generic multi step mbedtls_sha3 SHA3-512 Test vector from CAVS 19.0 with Len = 48 +depends_on:MBEDTLS_SHA3_C +md_hex_multi:"SHA3-512":"71a986d2f662":"def6aac2b08c98d56a0501a8cb93f5b47d6322daf99e03255457c303326395f765576930f8571d89c01e727cc79c2d4497f85c45691b554e20da810c2bc865ef" + generic multi step HMAC-MD5 Hash File OpenSSL test #1 depends_on:MBEDTLS_MD5_C md_hmac_multi:"MD5":16:"61616161616161616161616161616161":"b91ce5ac77d33c234e61002ed6":"42552882f00bd4633ea81135a184b284" @@ -473,6 +521,134 @@ generic HMAC-SHA-512 Test Vector NIST CAVS #6 depends_on:MBEDTLS_SHA512_C mbedtls_md_hmac:"SHA512":48:"8ab783d5acf32efa0d9c0a21abce955e96630d89":"17371e013dce839963d54418e97be4bd9fa3cb2a368a5220f5aa1b8aaddfa3bdefc91afe7c717244fd2fb640f5cb9d9bf3e25f7f0c8bc758883b89dcdce6d749d9672fed222277ece3e84b3ec01b96f70c125fcb3cbee6d19b8ef0873f915f173bdb05d81629ba187cc8ac1934b2f75952fb7616ae6bd812946df694bd2763af":"9ac7ca8d1aefc166b046e4cf7602ebe181a0e5055474bff5b342106731da0d7e48e4d87bc0a6f05871574289a1b099f8" +HMAC-SHA3-224: NIST example #1: keylenblocklen +depends_on:MBEDTLS_SHA3_C +mbedtls_md_hmac:"SHA3-224":28:"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaab":"53616d706c65206d65737361676520666f72206b65796c656e3e626c6f636b6c656e":"078695eecc227c636ad31d063a15dd05a7e819a66ec6d8de1e193e59" + +HMAC-SHA3-224: NIST example #4: keylenblocklen +depends_on:MBEDTLS_SHA3_C +mbedtls_md_hmac:"SHA3-256":32:"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7":"53616d706c65206d65737361676520666f72206b65796c656e3e626c6f636b6c656e":"9bcf2c238e235c3ce88404e813bd2f3a97185ac6f238c63d6229a00b07974258" + +HMAC-SHA3-256: NIST example #4: keylenblocklen +depends_on:MBEDTLS_SHA3_C +mbedtls_md_hmac:"SHA3-384":48:"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f9091929394959697":"53616d706c65206d65737361676520666f72206b65796c656e3e626c6f636b6c656e":"e5ae4c739f455279368ebf36d4f5354c95aa184c899d3870e460ebc288ef1f9470053f73f7c6da2a71bcaec38ce7d6ac" + +HMAC-SHA3-384: NIST example #4: keylenblocklen +depends_on:MBEDTLS_SHA3_C +mbedtls_md_hmac:"SHA3-512":64:"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f8081828384858687":"53616d706c65206d65737361676520666f72206b65796c656e3e626c6f636b6c656e":"5f464f5e5b7848e3885e49b2c385f0694985d0e38966242dc4a5fe3fea4b37d46b65ceced5dcf59438dd840bab22269f0ba7febdb9fcf74602a35666b2a32915" + +HMAC-SHA3-512: NIST example #4: keylenblocklen +depends_on:MBEDTLS_SHA256_C +mbedtls_md_hmac:"SHA224":28:"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f60616263":"53616d706c65206d65737361676520666f72206b65796c656e3d626c6f636b6c656e":"91c52509e5af8531601ae6230099d90bef88aaefb961f4080abc014d" + +HMAC-SHA-224: NIST example #4: keylenblocklen +depends_on:MBEDTLS_SHA256_C +mbedtls_md_hmac:"SHA256":32:"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f60616263":"53616d706c65206d65737361676520666f72206b65796c656e3d626c6f636b6c656e":"bdccb6c72ddeadb500ae768386cb38cc41c63dbb0878ddb9c7a38a431b78378d" + +HMAC-SHA-256: NIST example #4: keylenblocklen +depends_on:MBEDTLS_SHA512_C +mbedtls_md_hmac:"SHA384":48:"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeafb0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7":"53616d706c65206d65737361676520666f72206b65796c656e3d626c6f636b6c656e":"5b664436df69b0ca22551231a3f0a3d5b4f97991713cfa84bff4d0792eff96c27dccbbb6f79b65d548b40e8564cef594" + +HMAC-SHA-384: NIST example #4: keylenblocklen +depends_on:MBEDTLS_SHA512_C +mbedtls_md_hmac:"SHA512":64:"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeafb0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7":"53616d706c65206d65737361676520666f72206b65796c656e3d626c6f636b6c656e":"d93ec8d2de1ad2a9957cb9b83f14e76ad6b5e0cce285079a127d3b14bccb7aa7286d4ac0d4ce64215f2bc9e6870b33d97438be4aaa20cda5c5a912b48b8e27f3" + +HMAC-SHA-512: NIST example #4: keylenblocklen +depends_on:MBEDTLS_SHA3_C +md_hmac_multi:"SHA3-224":28:"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaab":"53616d706c65206d65737361676520666f72206b65796c656e3e626c6f636b6c656e":"078695eecc227c636ad31d063a15dd05a7e819a66ec6d8de1e193e59" + +HMAC-SHA3-224 multi-step: NIST example #4: keylenblocklen +depends_on:MBEDTLS_SHA3_C +md_hmac_multi:"SHA3-256":32:"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7":"53616d706c65206d65737361676520666f72206b65796c656e3e626c6f636b6c656e":"9bcf2c238e235c3ce88404e813bd2f3a97185ac6f238c63d6229a00b07974258" + +HMAC-SHA3-256 multi-step: NIST example #4: keylenblocklen +depends_on:MBEDTLS_SHA3_C +md_hmac_multi:"SHA3-384":48:"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f9091929394959697":"53616d706c65206d65737361676520666f72206b65796c656e3e626c6f636b6c656e":"e5ae4c739f455279368ebf36d4f5354c95aa184c899d3870e460ebc288ef1f9470053f73f7c6da2a71bcaec38ce7d6ac" + +HMAC-SHA3-384 multi-step: NIST example #4: keylenblocklen +depends_on:MBEDTLS_SHA3_C +md_hmac_multi:"SHA3-512":64:"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f8081828384858687":"53616d706c65206d65737361676520666f72206b65796c656e3e626c6f636b6c656e":"5f464f5e5b7848e3885e49b2c385f0694985d0e38966242dc4a5fe3fea4b37d46b65ceced5dcf59438dd840bab22269f0ba7febdb9fcf74602a35666b2a32915" + +HMAC-SHA3-512 multi-step: NIST example #4: keylen Date: Fri, 20 May 2022 18:14:22 +0200 Subject: [PATCH 015/328] Fix travis build. Enum values should not be conditioned. Signed-off-by: Pol Henarejos --- include/mbedtls/md.h | 2 -- 1 file changed, 2 deletions(-) diff --git a/include/mbedtls/md.h b/include/mbedtls/md.h index 78f9b4056b..8f6c2d7029 100644 --- a/include/mbedtls/md.h +++ b/include/mbedtls/md.h @@ -61,12 +61,10 @@ typedef enum { MBEDTLS_MD_SHA384, /**< The SHA-384 message digest. */ MBEDTLS_MD_SHA512, /**< The SHA-512 message digest. */ MBEDTLS_MD_RIPEMD160, /**< The RIPEMD-160 message digest. */ -#if defined(MBEDTLS_SHA3_C) MBEDTLS_MD_SHA3_224, /**< The SHA3-224 message digest. */ MBEDTLS_MD_SHA3_256, /**< The SHA3-256 message digest. */ MBEDTLS_MD_SHA3_384, /**< The SHA3-384 message digest. */ MBEDTLS_MD_SHA3_512, /**< The SHA3-512 message digest. */ -#endif } mbedtls_md_type_t; #if defined(MBEDTLS_SHA512_C) || defined(MBEDTLS_SHA3_C) From 7dbd5d1760c8000fdbeeef97ddc0745739a36909 Mon Sep 17 00:00:00 2001 From: Pol Henarejos Date: Fri, 20 May 2022 20:42:33 +0200 Subject: [PATCH 016/328] Add self tests (taken from #1549). Signed-off-by: Pol Henarejos --- include/mbedtls/sha3.h | 11 + library/sha3.c | 328 ++++++++++++++++++++++++++ programs/test/selftest.c | 4 + tests/suites/test_suite_shax.data | 4 + tests/suites/test_suite_shax.function | 7 + 5 files changed, 354 insertions(+) diff --git a/include/mbedtls/sha3.h b/include/mbedtls/sha3.h index 7d673bc917..278655ac81 100644 --- a/include/mbedtls/sha3.h +++ b/include/mbedtls/sha3.h @@ -183,6 +183,17 @@ int mbedtls_sha3( mbedtls_sha3_id id, const uint8_t *input, uint8_t *output, size_t olen ); +#if defined(MBEDTLS_SELF_TEST) +/** + * \brief Checkup routine for the algorithms implemented + * by this module: SHA3-224, SHA3-256, SHA3-384, SHA3-512, + * SHAKE128, SHAKE256, cSHAKE128 and cSHAKE256. + * + * \return 0 if successful, or 1 if the test failed. + */ +int mbedtls_sha3_self_test( int verbose ); +#endif /* MBEDTLS_SELF_TEST */ + #ifdef __cplusplus } #endif diff --git a/library/sha3.c b/library/sha3.c index a92f8af8be..c8fa06c657 100644 --- a/library/sha3.c +++ b/library/sha3.c @@ -298,4 +298,332 @@ exit: return( ret ); } +/**************** Self-tests ****************/ + +#if defined(MBEDTLS_SELF_TEST) + +static const unsigned char test_data[2][4] = +{ + "", + "abc", +}; + +static const size_t test_data_len[2] = +{ + 0, /* "" */ + 3 /* "abc" */ +}; + +static const unsigned char test_hash_sha3_224[2][28] = +{ + { /* "" */ + 0x6B, 0x4E, 0x03, 0x42, 0x36, 0x67, 0xDB, 0xB7, + 0x3B, 0x6E, 0x15, 0x45, 0x4F, 0x0E, 0xB1, 0xAB, + 0xD4, 0x59, 0x7F, 0x9A, 0x1B, 0x07, 0x8E, 0x3F, + 0x5B, 0x5A, 0x6B, 0xC7 + }, + { /* "abc" */ + 0xE6, 0x42, 0x82, 0x4C, 0x3F, 0x8C, 0xF2, 0x4A, + 0xD0, 0x92, 0x34, 0xEE, 0x7D, 0x3C, 0x76, 0x6F, + 0xC9, 0xA3, 0xA5, 0x16, 0x8D, 0x0C, 0x94, 0xAD, + 0x73, 0xB4, 0x6F, 0xDF + } +}; + +static const unsigned char test_hash_sha3_256[2][32] = +{ + { /* "" */ + 0xA7, 0xFF, 0xC6, 0xF8, 0xBF, 0x1E, 0xD7, 0x66, + 0x51, 0xC1, 0x47, 0x56, 0xA0, 0x61, 0xD6, 0x62, + 0xF5, 0x80, 0xFF, 0x4D, 0xE4, 0x3B, 0x49, 0xFA, + 0x82, 0xD8, 0x0A, 0x4B, 0x80, 0xF8, 0x43, 0x4A + }, + { /* "abc" */ + 0x3A, 0x98, 0x5D, 0xA7, 0x4F, 0xE2, 0x25, 0xB2, + 0x04, 0x5C, 0x17, 0x2D, 0x6B, 0xD3, 0x90, 0xBD, + 0x85, 0x5F, 0x08, 0x6E, 0x3E, 0x9D, 0x52, 0x5B, + 0x46, 0xBF, 0xE2, 0x45, 0x11, 0x43, 0x15, 0x32 + } +}; + +static const unsigned char test_hash_sha3_384[2][48] = +{ + { /* "" */ + 0x0C, 0x63, 0xA7, 0x5B, 0x84, 0x5E, 0x4F, 0x7D, + 0x01, 0x10, 0x7D, 0x85, 0x2E, 0x4C, 0x24, 0x85, + 0xC5, 0x1A, 0x50, 0xAA, 0xAA, 0x94, 0xFC, 0x61, + 0x99, 0x5E, 0x71, 0xBB, 0xEE, 0x98, 0x3A, 0x2A, + 0xC3, 0x71, 0x38, 0x31, 0x26, 0x4A, 0xDB, 0x47, + 0xFB, 0x6B, 0xD1, 0xE0, 0x58, 0xD5, 0xF0, 0x04 + }, + { /* "abc" */ + 0xEC, 0x01, 0x49, 0x82, 0x88, 0x51, 0x6F, 0xC9, + 0x26, 0x45, 0x9F, 0x58, 0xE2, 0xC6, 0xAD, 0x8D, + 0xF9, 0xB4, 0x73, 0xCB, 0x0F, 0xC0, 0x8C, 0x25, + 0x96, 0xDA, 0x7C, 0xF0, 0xE4, 0x9B, 0xE4, 0xB2, + 0x98, 0xD8, 0x8C, 0xEA, 0x92, 0x7A, 0xC7, 0xF5, + 0x39, 0xF1, 0xED, 0xF2, 0x28, 0x37, 0x6D, 0x25 + } +}; + +static const unsigned char test_hash_sha3_512[2][64] = +{ + { /* "" */ + 0xA6, 0x9F, 0x73, 0xCC, 0xA2, 0x3A, 0x9A, 0xC5, + 0xC8, 0xB5, 0x67, 0xDC, 0x18, 0x5A, 0x75, 0x6E, + 0x97, 0xC9, 0x82, 0x16, 0x4F, 0xE2, 0x58, 0x59, + 0xE0, 0xD1, 0xDC, 0xC1, 0x47, 0x5C, 0x80, 0xA6, + 0x15, 0xB2, 0x12, 0x3A, 0xF1, 0xF5, 0xF9, 0x4C, + 0x11, 0xE3, 0xE9, 0x40, 0x2C, 0x3A, 0xC5, 0x58, + 0xF5, 0x00, 0x19, 0x9D, 0x95, 0xB6, 0xD3, 0xE3, + 0x01, 0x75, 0x85, 0x86, 0x28, 0x1D, 0xCD, 0x26 + }, + { /* "abc" */ + 0xB7, 0x51, 0x85, 0x0B, 0x1A, 0x57, 0x16, 0x8A, + 0x56, 0x93, 0xCD, 0x92, 0x4B, 0x6B, 0x09, 0x6E, + 0x08, 0xF6, 0x21, 0x82, 0x74, 0x44, 0xF7, 0x0D, + 0x88, 0x4F, 0x5D, 0x02, 0x40, 0xD2, 0x71, 0x2E, + 0x10, 0xE1, 0x16, 0xE9, 0x19, 0x2A, 0xF3, 0xC9, + 0x1A, 0x7E, 0xC5, 0x76, 0x47, 0xE3, 0x93, 0x40, + 0x57, 0x34, 0x0B, 0x4C, 0xF4, 0x08, 0xD5, 0xA5, + 0x65, 0x92, 0xF8, 0x27, 0x4E, 0xEC, 0x53, 0xF0 + } +}; + +static const unsigned char long_kat_hash_sha3_224[28] = +{ + 0xD6, 0x93, 0x35, 0xB9, 0x33, 0x25, 0x19, 0x2E, + 0x51, 0x6A, 0x91, 0x2E, 0x6D, 0x19, 0xA1, 0x5C, + 0xB5, 0x1C, 0x6E, 0xD5, 0xC1, 0x52, 0x43, 0xE7, + 0xA7, 0xFD, 0x65, 0x3C +}; + +static const unsigned char long_kat_hash_sha3_256[32] = +{ + 0x5C, 0x88, 0x75, 0xAE, 0x47, 0x4A, 0x36, 0x34, + 0xBA, 0x4F, 0xD5, 0x5E, 0xC8, 0x5B, 0xFF, 0xD6, + 0x61, 0xF3, 0x2A, 0xCA, 0x75, 0xC6, 0xD6, 0x99, + 0xD0, 0xCD, 0xCB, 0x6C, 0x11, 0x58, 0x91, 0xC1 +}; + +static const unsigned char long_kat_hash_sha3_384[48] = +{ + 0xEE, 0xE9, 0xE2, 0x4D, 0x78, 0xC1, 0x85, 0x53, + 0x37, 0x98, 0x34, 0x51, 0xDF, 0x97, 0xC8, 0xAD, + 0x9E, 0xED, 0xF2, 0x56, 0xC6, 0x33, 0x4F, 0x8E, + 0x94, 0x8D, 0x25, 0x2D, 0x5E, 0x0E, 0x76, 0x84, + 0x7A, 0xA0, 0x77, 0x4D, 0xDB, 0x90, 0xA8, 0x42, + 0x19, 0x0D, 0x2C, 0x55, 0x8B, 0x4B, 0x83, 0x40 +}; + +static const unsigned char long_kat_hash_sha3_512[64] = +{ + 0x3C, 0x3A, 0x87, 0x6D, 0xA1, 0x40, 0x34, 0xAB, + 0x60, 0x62, 0x7C, 0x07, 0x7B, 0xB9, 0x8F, 0x7E, + 0x12, 0x0A, 0x2A, 0x53, 0x70, 0x21, 0x2D, 0xFF, + 0xB3, 0x38, 0x5A, 0x18, 0xD4, 0xF3, 0x88, 0x59, + 0xED, 0x31, 0x1D, 0x0A, 0x9D, 0x51, 0x41, 0xCE, + 0x9C, 0xC5, 0xC6, 0x6E, 0xE6, 0x89, 0xB2, 0x66, + 0xA8, 0xAA, 0x18, 0xAC, 0xE8, 0x28, 0x2A, 0x0E, + 0x0D, 0xB5, 0x96, 0xC9, 0x0B, 0x0A, 0x7B, 0x87 +}; + +static int mbedtls_sha3_kat_test( int verbose, + const char* type_name, + mbedtls_sha3_id id, + int test_num ) +{ + uint8_t hash[64]; + int result; + + result = mbedtls_sha3( id, + test_data[test_num], test_data_len[test_num], + hash, sizeof( hash ) ); + if( result != 0 ) + { + if( verbose != 0 ) + { + mbedtls_printf( " %s test %d error code: %d\n", + type_name, test_num, result ); + } + + return( result ); + } + + switch( id ) + { + case MBEDTLS_SHA3_224: + result = memcmp( hash, test_hash_sha3_224[test_num], 28 ); + break; + case MBEDTLS_SHA3_256: + result = memcmp( hash, test_hash_sha3_256[test_num], 32 ); + break; + case MBEDTLS_SHA3_384: + result = memcmp( hash, test_hash_sha3_384[test_num], 48 ); + break; + case MBEDTLS_SHA3_512: + result = memcmp( hash, test_hash_sha3_512[test_num], 64 ); + break; + default: + break; + } + + if( 0 != result ) + { + if( verbose != 0 ) + { + mbedtls_printf( " %s test %d failed\n", type_name, test_num ); + } + + return( -1 ); + } + + if( verbose != 0 ) + { + mbedtls_printf( " %s test %d passed\n", type_name, test_num ); + } + + return( 0 ); +} + +static int mbedtls_sha3_long_kat_test( int verbose, + const char* type_name, + mbedtls_sha3_id id ) +{ + mbedtls_sha3_context ctx; + unsigned char buffer[1000]; + unsigned char hash[64]; + int i; + int result = 0; + + memset( buffer, 'a', 1000 ); + + if( verbose != 0 ) + { + mbedtls_printf( " %s long KAT test ", type_name ); + } + + mbedtls_sha3_init( &ctx ); + + result = mbedtls_sha3_starts( &ctx, id ); + if( result != 0 ) + { + if( verbose != 0 ) + { + mbedtls_printf( "setup failed\n " ); + } + } + + /* Process 1,000,000 (one million) 'a' characters */ + for( i = 0; i < 1000; i++ ) + { + result = mbedtls_sha3_update( &ctx, buffer, 1000 ); + if( result != 0 ) + { + if( verbose != 0 ) + { + mbedtls_printf( "update error code: %i\n", result ); + } + + goto cleanup; + } + } + + result = mbedtls_sha3_finish( &ctx, hash, sizeof( hash ) ); + if( result != 0 ) + { + if( verbose != 0 ) + { + mbedtls_printf( "finish error code: %d\n", result ); + } + + goto cleanup; + } + + switch( id ) + { + case MBEDTLS_SHA3_224: + result = memcmp( hash, long_kat_hash_sha3_224, 28 ); + break; + case MBEDTLS_SHA3_256: + result = memcmp( hash, long_kat_hash_sha3_256, 32 ); + break; + case MBEDTLS_SHA3_384: + result = memcmp( hash, long_kat_hash_sha3_384, 48 ); + break; + case MBEDTLS_SHA3_512: + result = memcmp( hash, long_kat_hash_sha3_512, 64 ); + break; + default: + break; + } + + if( result != 0 ) + { + if( verbose != 0 ) + { + mbedtls_printf( "failed\n" ); + } + } + + if( verbose != 0 ) + { + mbedtls_printf( "passed\n" ); + } + +cleanup: + mbedtls_sha3_free( &ctx ); + return( result ); +} + +int mbedtls_sha3_self_test( int verbose ) +{ + int i; + + /* SHA3 Known Answer Tests (KAT) */ + for( i = 0; i < 2; i++ ) + { + if( 0 != mbedtls_sha3_kat_test( verbose, + "SHA3-224", MBEDTLS_SHA3_224, i ) ) + return( 1 ); + + if( 0 != mbedtls_sha3_kat_test( verbose, + "SHA3-256", MBEDTLS_SHA3_256, i ) ) + return( 1 ); + + if( 0 != mbedtls_sha3_kat_test( verbose, + "SHA3-384", MBEDTLS_SHA3_384, i ) ) + return( 1 ); + + if( 0 != mbedtls_sha3_kat_test( verbose, + "SHA3-512", MBEDTLS_SHA3_512, i ) ) + return( 1 ); + } + + /* SHA3 long KAT tests */ + if( 0 != mbedtls_sha3_long_kat_test( verbose, + "SHA3-224", MBEDTLS_SHA3_224 ) ) + return( 1 ); + + if( 0 != mbedtls_sha3_long_kat_test( verbose, + "SHA3-256", MBEDTLS_SHA3_256 ) ) + return( 1 ); + + if( 0 != mbedtls_sha3_long_kat_test( verbose, + "SHA3-384", MBEDTLS_SHA3_384 ) ) + return( 1 ); + + if( 0 != mbedtls_sha3_long_kat_test( verbose, + "SHA3-512", MBEDTLS_SHA3_512 ) ) + return( 1 ); + + if( verbose != 0 ) + { + mbedtls_printf( "\n" ); + } + + return( 0 ); +} +#endif /* MBEDTLS_SELF_TEST */ + #endif /* MBEDTLS_SHA3_C */ diff --git a/programs/test/selftest.c b/programs/test/selftest.c index 0c40686f74..b91bd07b5f 100644 --- a/programs/test/selftest.c +++ b/programs/test/selftest.c @@ -33,6 +33,7 @@ #include "mbedtls/sha1.h" #include "mbedtls/sha256.h" #include "mbedtls/sha512.h" +#include "mbedtls/sha3.h" #include "mbedtls/des.h" #include "mbedtls/aes.h" #include "mbedtls/camellia.h" @@ -265,6 +266,9 @@ const selftest_t selftests[] = #if defined(MBEDTLS_SHA512_C) {"sha512", mbedtls_sha512_self_test}, #endif +#if defined(MBEDTLS_SHA3_C) + {"sha3", mbedtls_sha3_self_test}, +#endif #if defined(MBEDTLS_DES_C) {"des", mbedtls_des_self_test}, #endif diff --git a/tests/suites/test_suite_shax.data b/tests/suites/test_suite_shax.data index 9baacd0dad..c65e4dc7c7 100644 --- a/tests/suites/test_suite_shax.data +++ b/tests/suites/test_suite_shax.data @@ -2340,3 +2340,7 @@ mbedtls_sha3_multi:MBEDTLS_SHA3_512:"b7571241008d792f0e1be9cea346e4aae82967db6aa SHA3_512 long #62 depends_on:MBEDTLS_SHA3_C mbedtls_sha3_multi:MBEDTLS_SHA3_512:"e78360a670b2c0080307cfee5a2d20eebf117dfc66e7d98eff6f86fe8c76a92f709fea73c96370ac00570cb29fadb4f562fe34649047208d8b310d05a695000a383f2767eff2c79866ad762ff92d8a76d8b3d1565a07837794bd74a92bb78e8366eb7f498766af135c91752c11b48ab948b8be9b6b31e996419c25b2c0e43ae1232c5ae33cc80f670a8c71738e4a9c05db9661fb6dcc3c30bb5586e80f25ec6e968820fbb31fceda9925d2ca19f7a8a4b8d4243d05e1638e2a700112c0818c70e889395a9773d6b531e500fa5ac496dc09fa6e2bdd7746f8b575fdfa7b01033040b70ec88ecd0e40f95364cbf8b84ef6f391a68b9d96cdb584ede266e7ac37f6c799050d40345ec21af764049cdcb939a0203626ed46e00fc060171fac8a110aa4b787f057b0ae85bc59696fed36bdef382f85c47390674c915406ed73a379b30099fd3a7849e6cf0502dcd294d1435ee246fb2dda7b4ab51e531697e400583a03c8cdb34d08efe9207923f638b234d0c7ee0028c810719290e4afe7a6a894e7d4cb61237ef4af1b3346a8a382e3768b0faefc7ee656c42b0e9039a362a317029c2a1f52b3150fac67f2d1a0196bf3d8e10f57f7db552cc7c1dd1c94bffac7d3826e71089374f7e6e30408b7a75291fe6598795b4f158fb0d155c18266b48ea2af1ebe0cc618500fd004b4aed1a03a47c5d1cb72ec9fd72c65808e35fed953b64bc26d27f50a0070557a3c4e415ed5f92642b30457faea84a5e5ec743072fe587de2e821c850f1519bef0a5f9f944a5db3749ad83b2eb200ba0c4408a48576d06d0796c2e6f409fac9eb85a9924881bb91eee9b73e4415e7cc7dfcba011da56644b8dfd1f8fd32b208f415f3c384615beb3806690843fd8302c17e50ef3f72622a7e2b18a57453c280942207da4fd484e7db5bb64233511a855f309218f5c50b46e0e25d96605472585214ab7eb2c27fad5e4e66941cf9f57ddf7c4a214686aac1666c6972c91c0ab9b654a857b3119566494940a507dc5c11cac93eb53b9d87c2983204e2b895d2ca4948c60e5daa0b3a25b30d1efbe49669a67e377adaf3ea72ff9af58e33a612b49259cc4bb5752c5078f495a601f8edaefe05fd182d6e1bf9220d061d4537119e1aef84b5c55a3fd1cd74a0e62000a70857c558383cf7617e89f4fd38f33118b16773b4f594428be4a99af68660e50d9e3b2610820d770629bdb5a386477a6f14034b25b32a1359b296d05e2dc98d67993190ec9dabd4502345bac0b048fb5ef076e19f9690b7f1631b7ea28364e1fd20c26bb6321bf88894a9691c5dfe9c2d6d469cea46cd149b1ec10a883238c9165c741f34e866c9f5a4722c7e36724623b2fde3cd6ce9149f0b0eddd9df4d2efc75d2142f689531e179276ab0e2abdf89e8222011b0ed9e44538c5f5c34acf6f59261b36e59b017923e508a780ab150a7363eba7eb9e099d41ec3f8dbd95c0b4adbab62bb64bd62511976f69f568d82c5c5d819dc30caef95933a111c7665534379378adc31c6fc66322015ed6d465c2bbd78a5f3bcb387d0db7910e9b2d0b827948d949a67d2cc19b2d64f29f8e4c52145a7c68b06a449cc1d085f0835a421405336e6bdaeeabab2c1200c1d9e70a7ee85ebe46bb5a41dd382706441a8e975d4dfb9ea0db015ae788687b48f08f1e9dba6cf675c72bceb2b3238895eb3a89e2c609e0752125b90b42a92af48de6f7330d0d8b726e5f39b1d54e83525fde88390fd6ea4537fc448afd4ca6610c7f32d352a903c91b55115f11108cf602fb10c47deb02bd99d59bfaeadb53fae6b83ff31dd7e5e658bde41ef9021c1d5f00b219b2cec03ac1421dbfcdddda3ec732ad16e102a86690ea3085ffaba724de9ffaad20faa94948d2485e08bcafb9087ed8b32ec1d1a66e7a75088765c4a8fc2948f35ae734659b06ba6a1e002ad634ed615c699de8424bdf203b32d8eb16522d3b80c32ce81c224fd2488030f232d71ec57723ef52a6b398d072846d80f95b1c20e9fc244ad9892e3e9dd1c79c3b69737397d04eb7603037f462feac2cce8186c7735875c32a3a123dbe855c6f7c569c0a4311247ceb3c2d0a61041d55026ffd6dc18a99e78abfac7e4f0d48026248f8e7ed491919c441e891112729804170d0a268e4f92e87844d6eb3fc12eb799b0a9b1afa852477fc1b16e7ea6944e82eb0f3be0a1c1e8d12859d71b455914ed741a230a801037295050a59c044f973141ed0556c8b2e1804e5792cd8888a4e885e8be2d4056d40d766f9db4b55348eab6ac6b37eced3c4b5dd8039cb143cf51881b685f11a986f2d914400ee028c776f25554cd34fb5ffbfee512d2e813fdf228bc0be91b93b59f214a75f2ae547e9d9ef0aa5ec963b458d884a7b6577e96910bd28e13859bc9ddf71624a74761d32662835433d3ada12994c0aa8f230e02f7d965d925784a2a7403823576d2d730dbe5183a9479629038d99e03a6774baaec3b7ed4671b26402cec9591a7773cfc82d0b644c8e309e84b50289b4379bcf437d823672197b974cd5a571e82601a9fe4ca665a193a2a112ba06558ad51e949a25a5f7a9a138b2c1ef7d1c54eb2f881c97c2f64cda64d73a0725d232e285a12f36637f51bb822d1e8680a6f55985f0af98d194a2d4efb76716e19e50c2698b5f3a7b5c0ecad08ccf3580a02dd38d6a23ba62cf4815bbb82683ba08490722a9c6ac2e0c3551bc583076dda682fbae5b1586f714a11f416ff4b82faea0235982d2062c0e79e2adf60ec4f81879347149f198fef3524429355e3ea30fdaa966bd2dc2d5e120e01e0ca69a707495007ecd443afae9b046dbaecf81c49a7cfbe2af268cbc12deec95029481d7594b021f4b8a176b766f79c132c52bf4dcebbd45df48ae5f12186a9b5e44f58d252f9bdb4b3fa8d117c46f7277eb87c455cb4018c420b23f7d41eca99654701266a7405b52e159bc4c739a77d48f3fb3838036d4043b22cda30fe548313f7bf7ac4691f7e8fbb49d92d17d49df3cce32e4af03f005f49a9a21c6e6efc56293bd54820339840b43f57982aa510e808dd2f7ac2a055fe9641587fb5408b96a31d3fdee06a89a7c82446efb8435d8e729044b0c3b7c688639d03431cf3b83b2e0cc06ef3ebdb2ebfa1af1a0ad60c4cd1a574d439addb657664ab4febaf0bad92b061e09fdf153c605d99006885a68cecc3c8ce6da91cfe973f588b6a9b0d5597b2291c2d6ec03874010c8b1978b2b58c934686a7d412b990d613dfe0e0459905ba210ae5bf638cc33410a267d8b82f79bcf8e52f5544ff28d0e33397a53be2a36f4f930efb869f159fae2d98cd40617be7e6d14c553a3926d6d16fd51378993a7abd9df149b2d932e9ed15f57ed3b55abc173347fc7dcd538fe47be3":"cd4af24388fcf4481291f864142b6cf011bb4dbda0c31668a055f8530c253b9bc14b8784e31a1b32870c9703314308d1a79fa557da734b31fcddd874728b1a48" + +SHA-3 Selftest +depends_on:MBEDTLS_SELF_TEST:MBEDTLS_SHA3_C +sha3_selftest: diff --git a/tests/suites/test_suite_shax.function b/tests/suites/test_suite_shax.function index 28474b7723..025bdb46e3 100644 --- a/tests/suites/test_suite_shax.function +++ b/tests/suites/test_suite_shax.function @@ -177,3 +177,10 @@ exit: mbedtls_free( output ); } /* END_CASE */ + +/* BEGIN_CASE depends_on:MBEDTLS_SHA3_C:MBEDTLS_SELF_TEST */ +void sha3_selftest() +{ + TEST_ASSERT( mbedtls_sha3_self_test( 0 ) == 0 ); +} +/* END_CASE */ From 90f803c584260cb2321858d5477944d1320a2fe1 Mon Sep 17 00:00:00 2001 From: Pol Henarejos Date: Fri, 20 May 2022 20:50:29 +0200 Subject: [PATCH 017/328] Add sha3 streaming and reuse tests. Signed-off-by: Pol Henarejos --- tests/suites/test_suite_shax.data | 58 ++++++++++++++++ tests/suites/test_suite_shax.function | 95 +++++++++++++++++++++++++++ 2 files changed, 153 insertions(+) diff --git a/tests/suites/test_suite_shax.data b/tests/suites/test_suite_shax.data index c65e4dc7c7..1dc31a20a0 100644 --- a/tests/suites/test_suite_shax.data +++ b/tests/suites/test_suite_shax.data @@ -2341,6 +2341,64 @@ SHA3_512 long #62 depends_on:MBEDTLS_SHA3_C mbedtls_sha3_multi:MBEDTLS_SHA3_512:"e78360a670b2c0080307cfee5a2d20eebf117dfc66e7d98eff6f86fe8c76a92f709fea73c96370ac00570cb29fadb4f562fe34649047208d8b310d05a695000a383f2767eff2c79866ad762ff92d8a76d8b3d1565a07837794bd74a92bb78e8366eb7f498766af135c91752c11b48ab948b8be9b6b31e996419c25b2c0e43ae1232c5ae33cc80f670a8c71738e4a9c05db9661fb6dcc3c30bb5586e80f25ec6e968820fbb31fceda9925d2ca19f7a8a4b8d4243d05e1638e2a700112c0818c70e889395a9773d6b531e500fa5ac496dc09fa6e2bdd7746f8b575fdfa7b01033040b70ec88ecd0e40f95364cbf8b84ef6f391a68b9d96cdb584ede266e7ac37f6c799050d40345ec21af764049cdcb939a0203626ed46e00fc060171fac8a110aa4b787f057b0ae85bc59696fed36bdef382f85c47390674c915406ed73a379b30099fd3a7849e6cf0502dcd294d1435ee246fb2dda7b4ab51e531697e400583a03c8cdb34d08efe9207923f638b234d0c7ee0028c810719290e4afe7a6a894e7d4cb61237ef4af1b3346a8a382e3768b0faefc7ee656c42b0e9039a362a317029c2a1f52b3150fac67f2d1a0196bf3d8e10f57f7db552cc7c1dd1c94bffac7d3826e71089374f7e6e30408b7a75291fe6598795b4f158fb0d155c18266b48ea2af1ebe0cc618500fd004b4aed1a03a47c5d1cb72ec9fd72c65808e35fed953b64bc26d27f50a0070557a3c4e415ed5f92642b30457faea84a5e5ec743072fe587de2e821c850f1519bef0a5f9f944a5db3749ad83b2eb200ba0c4408a48576d06d0796c2e6f409fac9eb85a9924881bb91eee9b73e4415e7cc7dfcba011da56644b8dfd1f8fd32b208f415f3c384615beb3806690843fd8302c17e50ef3f72622a7e2b18a57453c280942207da4fd484e7db5bb64233511a855f309218f5c50b46e0e25d96605472585214ab7eb2c27fad5e4e66941cf9f57ddf7c4a214686aac1666c6972c91c0ab9b654a857b3119566494940a507dc5c11cac93eb53b9d87c2983204e2b895d2ca4948c60e5daa0b3a25b30d1efbe49669a67e377adaf3ea72ff9af58e33a612b49259cc4bb5752c5078f495a601f8edaefe05fd182d6e1bf9220d061d4537119e1aef84b5c55a3fd1cd74a0e62000a70857c558383cf7617e89f4fd38f33118b16773b4f594428be4a99af68660e50d9e3b2610820d770629bdb5a386477a6f14034b25b32a1359b296d05e2dc98d67993190ec9dabd4502345bac0b048fb5ef076e19f9690b7f1631b7ea28364e1fd20c26bb6321bf88894a9691c5dfe9c2d6d469cea46cd149b1ec10a883238c9165c741f34e866c9f5a4722c7e36724623b2fde3cd6ce9149f0b0eddd9df4d2efc75d2142f689531e179276ab0e2abdf89e8222011b0ed9e44538c5f5c34acf6f59261b36e59b017923e508a780ab150a7363eba7eb9e099d41ec3f8dbd95c0b4adbab62bb64bd62511976f69f568d82c5c5d819dc30caef95933a111c7665534379378adc31c6fc66322015ed6d465c2bbd78a5f3bcb387d0db7910e9b2d0b827948d949a67d2cc19b2d64f29f8e4c52145a7c68b06a449cc1d085f0835a421405336e6bdaeeabab2c1200c1d9e70a7ee85ebe46bb5a41dd382706441a8e975d4dfb9ea0db015ae788687b48f08f1e9dba6cf675c72bceb2b3238895eb3a89e2c609e0752125b90b42a92af48de6f7330d0d8b726e5f39b1d54e83525fde88390fd6ea4537fc448afd4ca6610c7f32d352a903c91b55115f11108cf602fb10c47deb02bd99d59bfaeadb53fae6b83ff31dd7e5e658bde41ef9021c1d5f00b219b2cec03ac1421dbfcdddda3ec732ad16e102a86690ea3085ffaba724de9ffaad20faa94948d2485e08bcafb9087ed8b32ec1d1a66e7a75088765c4a8fc2948f35ae734659b06ba6a1e002ad634ed615c699de8424bdf203b32d8eb16522d3b80c32ce81c224fd2488030f232d71ec57723ef52a6b398d072846d80f95b1c20e9fc244ad9892e3e9dd1c79c3b69737397d04eb7603037f462feac2cce8186c7735875c32a3a123dbe855c6f7c569c0a4311247ceb3c2d0a61041d55026ffd6dc18a99e78abfac7e4f0d48026248f8e7ed491919c441e891112729804170d0a268e4f92e87844d6eb3fc12eb799b0a9b1afa852477fc1b16e7ea6944e82eb0f3be0a1c1e8d12859d71b455914ed741a230a801037295050a59c044f973141ed0556c8b2e1804e5792cd8888a4e885e8be2d4056d40d766f9db4b55348eab6ac6b37eced3c4b5dd8039cb143cf51881b685f11a986f2d914400ee028c776f25554cd34fb5ffbfee512d2e813fdf228bc0be91b93b59f214a75f2ae547e9d9ef0aa5ec963b458d884a7b6577e96910bd28e13859bc9ddf71624a74761d32662835433d3ada12994c0aa8f230e02f7d965d925784a2a7403823576d2d730dbe5183a9479629038d99e03a6774baaec3b7ed4671b26402cec9591a7773cfc82d0b644c8e309e84b50289b4379bcf437d823672197b974cd5a571e82601a9fe4ca665a193a2a112ba06558ad51e949a25a5f7a9a138b2c1ef7d1c54eb2f881c97c2f64cda64d73a0725d232e285a12f36637f51bb822d1e8680a6f55985f0af98d194a2d4efb76716e19e50c2698b5f3a7b5c0ecad08ccf3580a02dd38d6a23ba62cf4815bbb82683ba08490722a9c6ac2e0c3551bc583076dda682fbae5b1586f714a11f416ff4b82faea0235982d2062c0e79e2adf60ec4f81879347149f198fef3524429355e3ea30fdaa966bd2dc2d5e120e01e0ca69a707495007ecd443afae9b046dbaecf81c49a7cfbe2af268cbc12deec95029481d7594b021f4b8a176b766f79c132c52bf4dcebbd45df48ae5f12186a9b5e44f58d252f9bdb4b3fa8d117c46f7277eb87c455cb4018c420b23f7d41eca99654701266a7405b52e159bc4c739a77d48f3fb3838036d4043b22cda30fe548313f7bf7ac4691f7e8fbb49d92d17d49df3cce32e4af03f005f49a9a21c6e6efc56293bd54820339840b43f57982aa510e808dd2f7ac2a055fe9641587fb5408b96a31d3fdee06a89a7c82446efb8435d8e729044b0c3b7c688639d03431cf3b83b2e0cc06ef3ebdb2ebfa1af1a0ad60c4cd1a574d439addb657664ab4febaf0bad92b061e09fdf153c605d99006885a68cecc3c8ce6da91cfe973f588b6a9b0d5597b2291c2d6ec03874010c8b1978b2b58c934686a7d412b990d613dfe0e0459905ba210ae5bf638cc33410a267d8b82f79bcf8e52f5544ff28d0e33397a53be2a36f4f930efb869f159fae2d98cd40617be7e6d14c553a3926d6d16fd51378993a7abd9df149b2d932e9ed15f57ed3b55abc173347fc7dcd538fe47be3":"cd4af24388fcf4481291f864142b6cf011bb4dbda0c31668a055f8530c253b9bc14b8784e31a1b32870c9703314308d1a79fa557da734b31fcddd874728b1a48" +SHA3-224 Streaming Test #1 +depends_on:MBEDTLS_SHA3_C +sha3_streaming:MBEDTLS_SHA3_224:"a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3" + +SHA3-224 Streaming Test #2 +depends_on:MBEDTLS_SHA3_C +sha3_streaming:MBEDTLS_SHA3_224:"7f46ce506d593c4ed53c82edeb602037e0485befbee03f7f930fe532d18ff2a3f5fd6076672c8145a1bf40dd94f7abab47c9ae71c234213d2ad1069c2dac0b0ba15257ae672b8245960ae55bd50315c0097daa3a318745788d70d14706910809ca6e396237fe4934fa46f9ce782d66606d8bd6b2d283b1160513ce9c24e9f084b97891f99d4cdefc169a029e431ca772ba1bba426fce6f01d8e286014e5acc66b799e4db62bd4783322f8a32ff78e0de3957df50ce10871f4e0680df4e8ca3960af9bc6f4efa8eb3962d18f474eb178c3265cc46b8f2ff5ab1a7449fea297dfcfabfa01f28abbb7289bb354b691b5664ec6d098af51be19947ec5ba7ebd66380d1141953ba78d4aa5401679fa7b0a44db1981f864d3535c45afe4c61183d5b0ad51fae71ca07e34240283959f7530a32c70d95a088e501c230059f333b0670825009e7e22103ef22935830df1fac8ef877f5f3426dd54f7d1128dd871ad9a7d088f94c0e8712013295b8d69ae7623b880978c2d3c6ad26dc478f8dc47f5c0adcc618665dc3dc205a9071b2f2191e16cac5bd89bb59148fc719633752303aa08e518dbc389f0a5482caaa4c507b8729a6f3edd061efb39026cecc6399f51971cf7381d605e144a5928c8c2d1ad7467b05da2f202f4f3234e1aff19a0198a28685721c3d2d52311c721e3fdcbaf30214cdc3acff8c433880e104fb63f2df7ce69a97857819ba7ac00ac8eae1969764fde8f68cf8e0916d7e0c151147d4944f99f42ae50f30e1c79a42d2b6c5188d133d3cbbf69094027b354b295ccd0f7dc5a87d73638bd98ebfb00383ca0fa69cb8dcb35a12510e5e07ad8789047d0b63841a1bb928737e8b0a0c33254f47aa8bfbe3341a09c2b76dbcefa67e30df300d34f7b8465c4f869e51b6bcfe6cf68b238359a645036bf7f63f02924e087ce7457e483b6025a859903cb484574aa3b12cf946f32127d537c33bee3141b5db96d10a148c50ae045f287210757710d6846e04b202f79e87dd9a56bc6da15f84a77a7f63935e1dee00309cd276a8e7176cb04da6bb0e9009534438732cb42d008008853d38d19beba46e61006e30f7efd1bc7c2906b024e4ff898a1b58c448d68b43c6ab63f34f85b3ac6aa4475867e51b583844cb23829f4b30f4bdd817d88e2ef3e7b4fc0a624395b05ec5e8686082b24d29fef2b0d3c29e031d5f94f504b1d3df9361eb5ffbadb242e66c39a8094cfe62f85f639f3fd65fc8ae0c74a8f4c6e1d070b9183a434c722caaa0225f8bcd68614d6f0738ed62f8484ec96077d155c08e26c46be262a73e3551698bd70d8d5610cf37c4c306eed04ba6a040a9c3e6d7e15e8acda17f477c2484cf5c56b813313927be8387b1024f995e98fc87f1029091c01424bdc2b296c2eadb7d25b3e762a2fd0c2dcd1727ddf91db97c5984305265f3695a7f5472f2d72c94d68c27914f14f82aa8dd5fe4e2348b0ca967a3f98626a091552f5d0ffa2bf10350d23c996256c01fdeffb2c2c612519869f877e4929c6e95ff15040f1485e22ed14119880232fef3b57b3848f15b1766a5552879df8f06" + +SHA3-256 Streaming Test #1 +depends_on:MBEDTLS_SHA3_C +sha3_streaming:MBEDTLS_SHA3_256:"a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3" + +SHA3-256 Streaming Test #2 +depends_on:MBEDTLS_SHA3_C +sha3_streaming:MBEDTLS_SHA3_256:"7f46ce506d593c4ed53c82edeb602037e0485befbee03f7f930fe532d18ff2a3f5fd6076672c8145a1bf40dd94f7abab47c9ae71c234213d2ad1069c2dac0b0ba15257ae672b8245960ae55bd50315c0097daa3a318745788d70d14706910809ca6e396237fe4934fa46f9ce782d66606d8bd6b2d283b1160513ce9c24e9f084b97891f99d4cdefc169a029e431ca772ba1bba426fce6f01d8e286014e5acc66b799e4db62bd4783322f8a32ff78e0de3957df50ce10871f4e0680df4e8ca3960af9bc6f4efa8eb3962d18f474eb178c3265cc46b8f2ff5ab1a7449fea297dfcfabfa01f28abbb7289bb354b691b5664ec6d098af51be19947ec5ba7ebd66380d1141953ba78d4aa5401679fa7b0a44db1981f864d3535c45afe4c61183d5b0ad51fae71ca07e34240283959f7530a32c70d95a088e501c230059f333b0670825009e7e22103ef22935830df1fac8ef877f5f3426dd54f7d1128dd871ad9a7d088f94c0e8712013295b8d69ae7623b880978c2d3c6ad26dc478f8dc47f5c0adcc618665dc3dc205a9071b2f2191e16cac5bd89bb59148fc719633752303aa08e518dbc389f0a5482caaa4c507b8729a6f3edd061efb39026cecc6399f51971cf7381d605e144a5928c8c2d1ad7467b05da2f202f4f3234e1aff19a0198a28685721c3d2d52311c721e3fdcbaf30214cdc3acff8c433880e104fb63f2df7ce69a97857819ba7ac00ac8eae1969764fde8f68cf8e0916d7e0c151147d4944f99f42ae50f30e1c79a42d2b6c5188d133d3cbbf69094027b354b295ccd0f7dc5a87d73638bd98ebfb00383ca0fa69cb8dcb35a12510e5e07ad8789047d0b63841a1bb928737e8b0a0c33254f47aa8bfbe3341a09c2b76dbcefa67e30df300d34f7b8465c4f869e51b6bcfe6cf68b238359a645036bf7f63f02924e087ce7457e483b6025a859903cb484574aa3b12cf946f32127d537c33bee3141b5db96d10a148c50ae045f287210757710d6846e04b202f79e87dd9a56bc6da15f84a77a7f63935e1dee00309cd276a8e7176cb04da6bb0e9009534438732cb42d008008853d38d19beba46e61006e30f7efd1bc7c2906b024e4ff898a1b58c448d68b43c6ab63f34f85b3ac6aa4475867e51b583844cb23829f4b30f4bdd817d88e2ef3e7b4fc0a624395b05ec5e8686082b24d29fef2b0d3c29e031d5f94f504b1d3df9361eb5ffbadb242e66c39a8094cfe62f85f639f3fd65fc8ae0c74a8f4c6e1d070b9183a434c722caaa0225f8bcd68614d6f0738ed62f8484ec96077d155c08e26c46be262a73e3551698bd70d8d5610cf37c4c306eed04ba6a040a9c3e6d7e15e8acda17f477c2484cf5c56b813313927be8387b1024f995e98fc87f1029091c01424bdc2b296c2eadb7d25b3e762a2fd0c2dcd1727ddf91db97c5984305265f3695a7f5472f2d72c94d68c27914f14f82aa8dd5fe4e2348b0ca967a3f98626a091552f5d0ffa2bf10350d23c996256c01fdeffb2c2c612519869f877e4929c6e95ff15040f1485e22ed14119880232fef3b57b3848f15b1766a5552879df8f06" + +SHA3-384 Streaming Test #1 +depends_on:MBEDTLS_SHA3_C +sha3_streaming:MBEDTLS_SHA3_384:"a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3" + +SHA3-384 Streaming Test #2 +depends_on:MBEDTLS_SHA3_C +sha3_streaming:MBEDTLS_SHA3_384:"7f46ce506d593c4ed53c82edeb602037e0485befbee03f7f930fe532d18ff2a3f5fd6076672c8145a1bf40dd94f7abab47c9ae71c234213d2ad1069c2dac0b0ba15257ae672b8245960ae55bd50315c0097daa3a318745788d70d14706910809ca6e396237fe4934fa46f9ce782d66606d8bd6b2d283b1160513ce9c24e9f084b97891f99d4cdefc169a029e431ca772ba1bba426fce6f01d8e286014e5acc66b799e4db62bd4783322f8a32ff78e0de3957df50ce10871f4e0680df4e8ca3960af9bc6f4efa8eb3962d18f474eb178c3265cc46b8f2ff5ab1a7449fea297dfcfabfa01f28abbb7289bb354b691b5664ec6d098af51be19947ec5ba7ebd66380d1141953ba78d4aa5401679fa7b0a44db1981f864d3535c45afe4c61183d5b0ad51fae71ca07e34240283959f7530a32c70d95a088e501c230059f333b0670825009e7e22103ef22935830df1fac8ef877f5f3426dd54f7d1128dd871ad9a7d088f94c0e8712013295b8d69ae7623b880978c2d3c6ad26dc478f8dc47f5c0adcc618665dc3dc205a9071b2f2191e16cac5bd89bb59148fc719633752303aa08e518dbc389f0a5482caaa4c507b8729a6f3edd061efb39026cecc6399f51971cf7381d605e144a5928c8c2d1ad7467b05da2f202f4f3234e1aff19a0198a28685721c3d2d52311c721e3fdcbaf30214cdc3acff8c433880e104fb63f2df7ce69a97857819ba7ac00ac8eae1969764fde8f68cf8e0916d7e0c151147d4944f99f42ae50f30e1c79a42d2b6c5188d133d3cbbf69094027b354b295ccd0f7dc5a87d73638bd98ebfb00383ca0fa69cb8dcb35a12510e5e07ad8789047d0b63841a1bb928737e8b0a0c33254f47aa8bfbe3341a09c2b76dbcefa67e30df300d34f7b8465c4f869e51b6bcfe6cf68b238359a645036bf7f63f02924e087ce7457e483b6025a859903cb484574aa3b12cf946f32127d537c33bee3141b5db96d10a148c50ae045f287210757710d6846e04b202f79e87dd9a56bc6da15f84a77a7f63935e1dee00309cd276a8e7176cb04da6bb0e9009534438732cb42d008008853d38d19beba46e61006e30f7efd1bc7c2906b024e4ff898a1b58c448d68b43c6ab63f34f85b3ac6aa4475867e51b583844cb23829f4b30f4bdd817d88e2ef3e7b4fc0a624395b05ec5e8686082b24d29fef2b0d3c29e031d5f94f504b1d3df9361eb5ffbadb242e66c39a8094cfe62f85f639f3fd65fc8ae0c74a8f4c6e1d070b9183a434c722caaa0225f8bcd68614d6f0738ed62f8484ec96077d155c08e26c46be262a73e3551698bd70d8d5610cf37c4c306eed04ba6a040a9c3e6d7e15e8acda17f477c2484cf5c56b813313927be8387b1024f995e98fc87f1029091c01424bdc2b296c2eadb7d25b3e762a2fd0c2dcd1727ddf91db97c5984305265f3695a7f5472f2d72c94d68c27914f14f82aa8dd5fe4e2348b0ca967a3f98626a091552f5d0ffa2bf10350d23c996256c01fdeffb2c2c612519869f877e4929c6e95ff15040f1485e22ed14119880232fef3b57b3848f15b1766a5552879df8f06" + +SHA3-512 Streaming Test #1 +depends_on:MBEDTLS_SHA3_C +sha3_streaming:MBEDTLS_SHA3_512:"a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3a3" + +SHA3-512 Streaming Test #2 +depends_on:MBEDTLS_SHA3_C +sha3_streaming:MBEDTLS_SHA3_512:"7f46ce506d593c4ed53c82edeb602037e0485befbee03f7f930fe532d18ff2a3f5fd6076672c8145a1bf40dd94f7abab47c9ae71c234213d2ad1069c2dac0b0ba15257ae672b8245960ae55bd50315c0097daa3a318745788d70d14706910809ca6e396237fe4934fa46f9ce782d66606d8bd6b2d283b1160513ce9c24e9f084b97891f99d4cdefc169a029e431ca772ba1bba426fce6f01d8e286014e5acc66b799e4db62bd4783322f8a32ff78e0de3957df50ce10871f4e0680df4e8ca3960af9bc6f4efa8eb3962d18f474eb178c3265cc46b8f2ff5ab1a7449fea297dfcfabfa01f28abbb7289bb354b691b5664ec6d098af51be19947ec5ba7ebd66380d1141953ba78d4aa5401679fa7b0a44db1981f864d3535c45afe4c61183d5b0ad51fae71ca07e34240283959f7530a32c70d95a088e501c230059f333b0670825009e7e22103ef22935830df1fac8ef877f5f3426dd54f7d1128dd871ad9a7d088f94c0e8712013295b8d69ae7623b880978c2d3c6ad26dc478f8dc47f5c0adcc618665dc3dc205a9071b2f2191e16cac5bd89bb59148fc719633752303aa08e518dbc389f0a5482caaa4c507b8729a6f3edd061efb39026cecc6399f51971cf7381d605e144a5928c8c2d1ad7467b05da2f202f4f3234e1aff19a0198a28685721c3d2d52311c721e3fdcbaf30214cdc3acff8c433880e104fb63f2df7ce69a97857819ba7ac00ac8eae1969764fde8f68cf8e0916d7e0c151147d4944f99f42ae50f30e1c79a42d2b6c5188d133d3cbbf69094027b354b295ccd0f7dc5a87d73638bd98ebfb00383ca0fa69cb8dcb35a12510e5e07ad8789047d0b63841a1bb928737e8b0a0c33254f47aa8bfbe3341a09c2b76dbcefa67e30df300d34f7b8465c4f869e51b6bcfe6cf68b238359a645036bf7f63f02924e087ce7457e483b6025a859903cb484574aa3b12cf946f32127d537c33bee3141b5db96d10a148c50ae045f287210757710d6846e04b202f79e87dd9a56bc6da15f84a77a7f63935e1dee00309cd276a8e7176cb04da6bb0e9009534438732cb42d008008853d38d19beba46e61006e30f7efd1bc7c2906b024e4ff898a1b58c448d68b43c6ab63f34f85b3ac6aa4475867e51b583844cb23829f4b30f4bdd817d88e2ef3e7b4fc0a624395b05ec5e8686082b24d29fef2b0d3c29e031d5f94f504b1d3df9361eb5ffbadb242e66c39a8094cfe62f85f639f3fd65fc8ae0c74a8f4c6e1d070b9183a434c722caaa0225f8bcd68614d6f0738ed62f8484ec96077d155c08e26c46be262a73e3551698bd70d8d5610cf37c4c306eed04ba6a040a9c3e6d7e15e8acda17f477c2484cf5c56b813313927be8387b1024f995e98fc87f1029091c01424bdc2b296c2eadb7d25b3e762a2fd0c2dcd1727ddf91db97c5984305265f3695a7f5472f2d72c94d68c27914f14f82aa8dd5fe4e2348b0ca967a3f98626a091552f5d0ffa2bf10350d23c996256c01fdeffb2c2c612519869f877e4929c6e95ff15040f1485e22ed14119880232fef3b57b3848f15b1766a5552879df8f06" + +SHA3-224 context reuse +sha3_reuse:"41":"97e2f98c0938943ab1a18a1721a04dff922ecc1ad14d4bbf905c02ca":"42":"b60bd459170afa28b3ef45a22ce41ede9ad62a9a0b250482a7e1beb6" + +SHA3-256 context reuse +sha3_reuse:"41":"1c9ebd6caf02840a5b2b7f0fc870ec1db154886ae9fe621b822b14fd0bf513d6":"42":"521ec18851e17bbba961bc46c70baf03ee67ebdea11a8306de39c15a90e9d2e5" + +SHA3-384 context reuse +sha3_reuse:"41":"15000d20f59aa483b5eac0a1f33abe8e09dea1054d173d3e7443c68035b99240b50f7abdb9553baf220320384c6b1cd6":"42":"8283d235852af9bbf7d81037b8b70aaba733a4433a4438f1b944c04c9e1d9d6d927e96d61b1fb7e7ecfcf2983ad816b5" + +SHA3-512 context reuse +sha3_reuse:"41":"f5f0eaa9ca3fd0c4e0d72a3471e4b71edaabe2d01c4b25e16715004ed91e663a1750707cc9f04430f19b995f4aba21b0ec878fc5c4eb838a18df5bf9fdc949df":"42":"7b637bc5543d96f49500aaad3b27d8bd37624db23d415c4d0f3dd231e9b9fb061f39b7d8561c540650de8bef02aca43a2069cc2512697bd34f2244ee732743a9" + +# Test a subset of the 12 possible cross-size context reuse, with both +# larger and smaller hashes. +SHA3-224 to SHA3-256 context reuse +sha3_reuse:"41":"97e2f98c0938943ab1a18a1721a04dff922ecc1ad14d4bbf905c02ca":"42":"521ec18851e17bbba961bc46c70baf03ee67ebdea11a8306de39c15a90e9d2e5" + +SHA3-256 to SHA3-512 context reuse +sha3_reuse:"41":"1c9ebd6caf02840a5b2b7f0fc870ec1db154886ae9fe621b822b14fd0bf513d6":"42":"7b637bc5543d96f49500aaad3b27d8bd37624db23d415c4d0f3dd231e9b9fb061f39b7d8561c540650de8bef02aca43a2069cc2512697bd34f2244ee732743a9" + +SHA3-512 to SHA3-384 context reuse +sha3_reuse:"41":"f5f0eaa9ca3fd0c4e0d72a3471e4b71edaabe2d01c4b25e16715004ed91e663a1750707cc9f04430f19b995f4aba21b0ec878fc5c4eb838a18df5bf9fdc949df":"42":"8283d235852af9bbf7d81037b8b70aaba733a4433a4438f1b944c04c9e1d9d6d927e96d61b1fb7e7ecfcf2983ad816b5" + +SHA3-384 to SHA3-224 context reuse +sha3_reuse:"41":"15000d20f59aa483b5eac0a1f33abe8e09dea1054d173d3e7443c68035b99240b50f7abdb9553baf220320384c6b1cd6":"42":"b60bd459170afa28b3ef45a22ce41ede9ad62a9a0b250482a7e1beb6" + SHA-3 Selftest depends_on:MBEDTLS_SELF_TEST:MBEDTLS_SHA3_C sha3_selftest: diff --git a/tests/suites/test_suite_shax.function b/tests/suites/test_suite_shax.function index 025bdb46e3..aee55b9c3d 100644 --- a/tests/suites/test_suite_shax.function +++ b/tests/suites/test_suite_shax.function @@ -178,6 +178,101 @@ exit: } /* END_CASE */ +/* BEGIN_CASE depends_on:MBEDTLS_SHA3_C */ +void sha3_streaming( int type, data_t *input ) +{ + mbedtls_sha3_context ctx; + unsigned char reference_hash[64]; + unsigned char hash[64]; + size_t chunk_size; + size_t hash_length = ( type == MBEDTLS_SHA3_224 ? 28 : + type == MBEDTLS_SHA3_256 ? 32 : + type == MBEDTLS_SHA3_384 ? 48 : + type == MBEDTLS_SHA3_512 ? 64 : + 0 ); + + mbedtls_sha3_init( &ctx ); + memset( reference_hash, 0, sizeof( reference_hash ) ); + memset( hash, 0, sizeof( hash ) ); + TEST_ASSERT( hash_length != 0 ); + + /* Generate a reference hash */ + mbedtls_sha3( type, input->x, input->len, reference_hash, hash_length ); + + /* Repeat each test with increasingly-sized data chunks + * E.g. start by processing bytes individual bytes, then 2-byte chunks, + * then 3-byte chunks, and so on... + * At each test ensure that the same hash is generated. + */ + for( chunk_size = 1; chunk_size < input->len; chunk_size++ ) + { + size_t i; + size_t remaining = input->len; + + mbedtls_sha3_init( &ctx ); + TEST_ASSERT( mbedtls_sha3_starts( &ctx, type ) == 0 ); + + for ( i = 0; i < input->len; i += chunk_size ) + { + size_t len = remaining >= chunk_size ? chunk_size : remaining; + TEST_ASSERT( mbedtls_sha3_update( &ctx, input->x + i, len ) == 0 ); + remaining -= len; + } + + mbedtls_sha3_finish( &ctx, hash, hash_length ); + mbedtls_sha3_free( &ctx ); + + ASSERT_COMPARE( hash, hash_length, reference_hash, hash_length ); + } + +exit: + mbedtls_sha3_free( &ctx ); +} +/* END_CASE */ + +/* BEGIN_CASE depends_on:MBEDTLS_SHA3_C */ +void sha3_reuse( data_t *input1, data_t *hash1, + data_t *input2, data_t *hash2 ) +{ + unsigned char output[64]; + mbedtls_sha3_context ctx; + mbedtls_sha3_id type1, type2; + + mbedtls_sha3_init( &ctx ); + switch( hash1->len ) + { + case 28: type1 = MBEDTLS_SHA3_224; break; + case 32: type1 = MBEDTLS_SHA3_256; break; + case 48: type1 = MBEDTLS_SHA3_384; break; + case 64: type1 = MBEDTLS_SHA3_512; break; + default: TEST_ASSERT( ! "hash1->len validity" ); break; + } + switch( hash2->len ) + { + case 28: type2 = MBEDTLS_SHA3_224; break; + case 32: type2 = MBEDTLS_SHA3_256; break; + case 48: type2 = MBEDTLS_SHA3_384; break; + case 64: type2 = MBEDTLS_SHA3_512; break; + default: TEST_ASSERT( ! "hash2->len validity" ); break; + } + + /* Round 1 */ + TEST_ASSERT( mbedtls_sha3_starts( &ctx, type1 ) == 0 ); + TEST_ASSERT( mbedtls_sha3_update( &ctx, input1->x, input1->len ) == 0 ); + TEST_ASSERT( mbedtls_sha3_finish( &ctx, output, sizeof( output ) ) == 0 ); + ASSERT_COMPARE( output, hash1->len, hash1->x, hash1->len ); + + /* Round 2 */ + TEST_ASSERT( mbedtls_sha3_starts( &ctx, type2 ) == 0 ); + TEST_ASSERT( mbedtls_sha3_update( &ctx, input2->x, input2->len ) == 0 ); + TEST_ASSERT( mbedtls_sha3_finish( &ctx, output, sizeof( output ) ) == 0 ); + ASSERT_COMPARE( output, hash2->len, hash2->x, hash2->len ); + +exit: + mbedtls_sha3_free( &ctx ); +} +/* END_CASE */ + /* BEGIN_CASE depends_on:MBEDTLS_SHA3_C:MBEDTLS_SELF_TEST */ void sha3_selftest() { From e884fd7acb7431528ea4b3472af87704eeddb6de Mon Sep 17 00:00:00 2001 From: Pol Henarejos Date: Sat, 21 May 2022 11:21:58 +0200 Subject: [PATCH 018/328] Fix dependency of HMAC-SHA384 tests. Signed-off-by: Pol Henarejos --- tests/suites/test_suite_md.data | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/tests/suites/test_suite_md.data b/tests/suites/test_suite_md.data index 9ed616018a..e9500cfe9b 100644 --- a/tests/suites/test_suite_md.data +++ b/tests/suites/test_suite_md.data @@ -618,19 +618,19 @@ depends_on:MBEDTLS_SHA256_C mbedtls_md_hmac:"SHA256":16:"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f30":"53616d706c65206d65737361676520666f72206b65796c656e3c626c6f636b6c656e2c2077697468207472756e636174656420746167":"27a8b157839efeac98df070b331d5936" HMAC-SHA-384: NIST example #1: keylen=blocklen -depends_on:MBEDTLS_SHA512_C +depends_on:MBEDTLS_SHA384_C mbedtls_md_hmac:"SHA384":48:"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f":"53616d706c65206d65737361676520666f72206b65796c656e3d626c6f636b6c656e":"63c5daa5e651847ca897c95814ab830bededc7d25e83eef9195cd45857a37f448947858f5af50cc2b1b730ddf29671a9" HMAC-SHA-384: NIST example #2: keylenblocklen -depends_on:MBEDTLS_SHA512_C +depends_on:MBEDTLS_SHA384_C mbedtls_md_hmac:"SHA384":48:"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeafb0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7":"53616d706c65206d65737361676520666f72206b65796c656e3d626c6f636b6c656e":"5b664436df69b0ca22551231a3f0a3d5b4f97991713cfa84bff4d0792eff96c27dccbbb6f79b65d548b40e8564cef594" HMAC-SHA-384: NIST example #4: keylen Date: Fri, 3 Jun 2022 17:07:19 +0200 Subject: [PATCH 019/328] Fix internal links Signed-off-by: Gilles Peskine --- docs/proposed/psa-driver-interface.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/docs/proposed/psa-driver-interface.md b/docs/proposed/psa-driver-interface.md index e3ec0b19de..43586f397e 100644 --- a/docs/proposed/psa-driver-interface.md +++ b/docs/proposed/psa-driver-interface.md @@ -316,7 +316,7 @@ The core decides whether to dispatch a key derivation operation to a driver base A key derivation driver has the following entry points: * `"key_derivation_setup"` (mandatory): always the first entry point to be called. This entry point provides the [initial inputs](#key-derivation-driver-initial-inputs). See [“Key derivation driver setup”](#key-derivation-driver-setup). -* `"key_derivation_input_step"` (optional): provide an extra input for the key derivation. This entry point is only mandatory in drivers that support algorithms that have extra inputs. See [“Key derivation driver extra inputs”](#key-derivation-driver-inputs). +* `"key_derivation_input_step"` (optional): provide an extra input for the key derivation. This entry point is only mandatory in drivers that support algorithms that have extra inputs. See [“Key derivation driver long inputs”](#key-derivation-driver-long-inputs). * `"key_derivation_output_bytes"` (mandatory): derive cryptographic material and output it. See [“Key derivation driver outputs”](#key-derivation-driver-outputs). * `"key_derivation_derive_key"`, `"key_derivation_verify_bytes"`, `"key_derivation_verify_key"` (optional, opaque drivers only): derive key material which remains inside the same secure element. See [“Key derivation driver outputs”](#key-derivation-driver-outputs). * `"key_derivation_set_capacity"` (mandatory for opaque drivers that implement `"key_derivation_output_bytes"` for non-raw-data key types): update the capacity policy on the operation. See [“Key derivation driver operation capacity”](#key-derivation-driver-operation-capacity). @@ -373,7 +373,7 @@ These functions can return the following statuses: * `PSA_SUCCESS`: the call succeeded and the desired value has been copied to the output parameter (`size`, `buffer`, `value` or `p_key_buffer`) and if applicable the size of the value has been writen to the applicable parameter (`buffer_length`, `key_buffer_size`). * `PSA_ERROR_INSUFFICIENT_DATA`: the driver called `psa_crypto_driver_key_derivation_get_input_key` on a data input step which is available as a bytes input, or the driver called ``psa_crypto_driver_key_derivation_get_input_size` or `psa_crypto_driver_key_derivation_get_input_bytes` on a data input step which is available as a key input. This is not a fatal error and the driver is expected to call the appropriate function(s) instead. -* `PSA_ERROR_DOES_NOT_EXIST`: the input step, is valid for this particular algorithm, but it is not part of the initial inputs. This is not a fatal error. The driver will receive the input later as a [long input](#key-derivation-driver-extra-inputs). +* `PSA_ERROR_DOES_NOT_EXIST`: the input step, is valid for this particular algorithm, but it is not part of the initial inputs. This is not a fatal error. The driver will receive the input later as a [long input](#key-derivation-driver-long-inputs). * `PSA_ERROR_INVALID_ARGUMENT`: the input step is not valid for this particular algorithm, or the type of the input step is not suitable for this function. This is not a fatal error and the driver can, for example, subsequently call the appropriate function on the same step. * `PSA_ERROR_BUFFER_TOO_SMALL` (`psa_crypto_driver_key_derivation_get_input_bytes` only): the output buffer is too small. This is not a fatal error and the driver can, for example, subsequently call the same function again with a larger buffer. Call `psa_crypto_driver_key_derivation_get_input_size` to obtain the required size. * The core may return other errors such as `PSA_ERROR_CORRUPTION_DETECTED` or `PSA_ERROR_COMMUNICATION_FAILURE` to convey implementation-specific error conditions. Portable drivers should treat such conditions as fatal errors. @@ -697,7 +697,7 @@ psa_status_t acme_import_key(const psa_key_attributes_t *attributes, This entry point has several roles: 1. Parse the key data in the input buffer `data`. The driver must support the export format for the key types that the entry point is declared for. It may support additional formats as specified in the description of [`psa_import_key()`](https://armmbed.github.io/mbed-crypto/html/api/keys/management.html#c.psa_export_key) in the PSA Cryptography API specification. -2. Validate the key data. The necessary validation is described in the section [“Key validation with transparent drivers”](#key-validation-with-transparent-drivers) above. +2. Validate the key data. The necessary validation is described in the section [“Key validation”](#key-validation) above. 3. [Determine the key size](#key-size-determination-on-import) and output it through `*bits`. 4. Copy the validated key data from `data` to `key_buffer`. The output must be in the canonical format documented for [`psa_export_key()`](https://armmbed.github.io/mbed-crypto/html/api/keys/management.html#c.psa_export_key) or [`psa_export_public_key()`](https://armmbed.github.io/mbed-crypto/html/api/keys/management.html#c.psa_export_public_key), so if the input is not in this format, the entry point must convert it. From 1a5b83007c4c1dc6950941f7764c3adb18d208aa Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 3 Jun 2022 17:47:40 +0200 Subject: [PATCH 020/328] Fix typos and copypasta Signed-off-by: Gilles Peskine --- docs/proposed/psa-driver-interface.md | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/docs/proposed/psa-driver-interface.md b/docs/proposed/psa-driver-interface.md index 43586f397e..a0e995c763 100644 --- a/docs/proposed/psa-driver-interface.md +++ b/docs/proposed/psa-driver-interface.md @@ -325,7 +325,7 @@ A key derivation driver has the following entry points: For naming purposes, here and in the following subsection, this specification takes the example of a driver with the prefix `"acme"` that implements the `"key_derivation"` entry point family with a capability that does not use the `"names"` property to declare different type and entry point names. Such a driver must implement the following type and functions, as well as the entry points listed above and described in the following subsections: ``` typedef ... acme_key_derivation_operation_t; -psa_status_t acme_hash_abort(acme_key_derivation_operation_t *operation); +psa_status_t acme_key_derivation_abort(acme_key_derivation_operation_t *operation); ``` #### Key derivation driver initial inputs @@ -336,7 +336,7 @@ The core conveys the initial inputs for a key derivation via an opaque data stru typedef ... psa_crypto_driver_key_derivation_inputs_t; // implementation-specific type ``` -A driver receiving an argument that points to a `psa_crypto_driver_key_derivation_inputs_t` can retrieve its content using the following functions. +A driver receiving an argument that points to a `psa_crypto_driver_key_derivation_inputs_t` can retrieve its contents using the following functions. ``` psa_status_t psa_crypto_driver_key_derivation_get_input_size( @@ -359,7 +359,7 @@ psa_status_t psa_crypto_driver_key_derivation_get_input_integer( These functions take the following parameters: -* The first parameter `inputs` must be a pointer passed by the core to a key derivation driver setup entry points which has not returned yet. +* The first parameter `inputs` must be a pointer passed by the core to a key derivation driver setup entry point which has not returned yet. * The `step` parameter indicates the input step whose content the driver wants to retrieve. The type of the input step must be compatible with the function: * `psa_crypto_driver_key_derivation_get_input_integer` for integer inputs (steps that the application passes with `psa_key_derivation_input_integer()`). * `psa_crypto_driver_key_derivation_get_input_size` and `psa_crypto_driver_key_derivation_get_input_bytes` for data inputs (steps that the application passes with `psa_key_derivation_input_bytes()` or `psa_key_derivation_input_key()`, excluding key inputs from the same secure element). @@ -373,7 +373,7 @@ These functions can return the following statuses: * `PSA_SUCCESS`: the call succeeded and the desired value has been copied to the output parameter (`size`, `buffer`, `value` or `p_key_buffer`) and if applicable the size of the value has been writen to the applicable parameter (`buffer_length`, `key_buffer_size`). * `PSA_ERROR_INSUFFICIENT_DATA`: the driver called `psa_crypto_driver_key_derivation_get_input_key` on a data input step which is available as a bytes input, or the driver called ``psa_crypto_driver_key_derivation_get_input_size` or `psa_crypto_driver_key_derivation_get_input_bytes` on a data input step which is available as a key input. This is not a fatal error and the driver is expected to call the appropriate function(s) instead. -* `PSA_ERROR_DOES_NOT_EXIST`: the input step, is valid for this particular algorithm, but it is not part of the initial inputs. This is not a fatal error. The driver will receive the input later as a [long input](#key-derivation-driver-long-inputs). +* `PSA_ERROR_DOES_NOT_EXIST`: the input step is valid for this particular algorithm, but it is not part of the initial inputs. This is not a fatal error. The driver will receive the input later as a [long input](#key-derivation-driver-long-inputs). * `PSA_ERROR_INVALID_ARGUMENT`: the input step is not valid for this particular algorithm, or the type of the input step is not suitable for this function. This is not a fatal error and the driver can, for example, subsequently call the appropriate function on the same step. * `PSA_ERROR_BUFFER_TOO_SMALL` (`psa_crypto_driver_key_derivation_get_input_bytes` only): the output buffer is too small. This is not a fatal error and the driver can, for example, subsequently call the same function again with a larger buffer. Call `psa_crypto_driver_key_derivation_get_input_size` to obtain the required size. * The core may return other errors such as `PSA_ERROR_CORRUPTION_DETECTED` or `PSA_ERROR_COMMUNICATION_FAILURE` to convey implementation-specific error conditions. Portable drivers should treat such conditions as fatal errors. @@ -394,7 +394,7 @@ psa_status_t acme_key_derivation_setup( The following process describes how a driver is expected to retrieve the inputs of the key derivation. For each input step that is valid for the algorithm `alg` and is not a [long input](#key-derivation-driver-long-inputs): -* If the step is a data step and the driver is an opaque driver, call `psa_crypto_driver_key_derivation_get_input_key`. This may either succeed or fail with `PSA_ERROR_INSUFFICIENT_DATA` depending on whether the input comes from the same secure element or not. Note that the driver obtains a pointer key context which only remains valid until the end of the call to the setup entry point. If the driver needs the context in subsequent steps of the operation, it must make a copy. +* If the step is a data step and the driver is an opaque driver, call `psa_crypto_driver_key_derivation_get_input_key`. This may either succeed or fail with `PSA_ERROR_INSUFFICIENT_DATA` depending on whether the input comes from the same secure element or not. Note that the driver obtains a pointer to the [key context](#overview-of-driver-entry-points) which only remains valid until the end of the call to the setup entry point. If the driver needs the context in subsequent steps of the operation, it must make a copy. * If the step is a data step and the driver is a transparent driver, or if `psa_crypto_driver_key_derivation_get_input_key` returned `PSA_ERROR_INSUFFICIENT_DATA`, call `psa_crypto_driver_key_derivation_get_input_size` to retrieve the size of the input, then call `psa_crypto_driver_key_derivation_get_input_bytes` with a large enough buffer to retrieve the input data. * If the step is an integer, call `psa_crypto_driver_key_derivation_get_input_integer`. From 3fc9e04bc489b3fcaa8677a1d7add640c1b1e789 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 3 Jun 2022 17:48:46 +0200 Subject: [PATCH 021/328] Be more consistent with raw/cooked key derivation terminology Signed-off-by: Gilles Peskine --- docs/proposed/psa-driver-interface.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/docs/proposed/psa-driver-interface.md b/docs/proposed/psa-driver-interface.md index a0e995c763..d737b0d80c 100644 --- a/docs/proposed/psa-driver-interface.md +++ b/docs/proposed/psa-driver-interface.md @@ -319,7 +319,7 @@ A key derivation driver has the following entry points: * `"key_derivation_input_step"` (optional): provide an extra input for the key derivation. This entry point is only mandatory in drivers that support algorithms that have extra inputs. See [“Key derivation driver long inputs”](#key-derivation-driver-long-inputs). * `"key_derivation_output_bytes"` (mandatory): derive cryptographic material and output it. See [“Key derivation driver outputs”](#key-derivation-driver-outputs). * `"key_derivation_derive_key"`, `"key_derivation_verify_bytes"`, `"key_derivation_verify_key"` (optional, opaque drivers only): derive key material which remains inside the same secure element. See [“Key derivation driver outputs”](#key-derivation-driver-outputs). -* `"key_derivation_set_capacity"` (mandatory for opaque drivers that implement `"key_derivation_output_bytes"` for non-raw-data key types): update the capacity policy on the operation. See [“Key derivation driver operation capacity”](#key-derivation-driver-operation-capacity). +* `"key_derivation_set_capacity"` (mandatory for opaque drivers that implement `"key_derivation_output_bytes"` for “cooked”, i.e. non-raw-data key types): update the capacity policy on the operation. See [“Key derivation driver operation capacity”](#key-derivation-driver-operation-capacity). * `"key_derivation_abort"` (mandatory): always the last entry point to be called. For naming purposes, here and in the following subsection, this specification takes the example of a driver with the prefix `"acme"` that implements the `"key_derivation"` entry point family with a capability that does not use the `"names"` property to declare different type and entry point names. Such a driver must implement the following type and functions, as well as the entry points listed above and described in the following subsections: @@ -413,7 +413,7 @@ At the time of writing, no standard key derivation algorithm has long inputs. It #### Key derivation driver operation capacity -The core keeps track of an operation's capacity and enforces it. The core guarantees that it will not request output beyond the capacity of the operation, with one exception: opaque drivers that support `"key_derivation_derive_key"` for key types where the derived key material is not a direct copy of the key derivation's output stream. +The core keeps track of an operation's capacity and enforces it. The core guarantees that it will not request output beyond the capacity of the operation, with one exception: opaque drivers that support `"key_derivation_derive_key"` [cooked key types](#transparent-cooked-key-derivation), i.e. for key types where the derived key material is not a direct copy of the key derivation's output stream. Such drivers must enforce the capacity limitation and must return `PSA_ERROR_INSUFFICIENT_CAPACITY` from any output request that exceeds the operation's capacity. Such drivers must provide the following entry point: ``` @@ -456,7 +456,7 @@ If the key derivation's `PSA_KEY_DERIVATION_INPUT_SECRET` input is in a secure e 1. For a call to `psa_key_derivation_output_key()`, if the driver's capabilities indicate that its `"import_key"` entry point does not support the derived key, stop and return `PSA_ERROR_NOT_SUPPORTED`. 1. For a call to `psa_key_derivation_verify_key()`, if the driver has a `"key_derivation_verify_key"` entry point, call it and stop. 1. For a call to `psa_key_derivation_verify_key()` or `psa_key_derivation_verify_bytes()`, if the driver has a `"key_derivation_verify_bytes"` entry point, call the driver's `"export_key"` entry point on the key object that contains the expected value, call the `"key_derivation_verify_bytes"` entry point on the exported material, and stop. -1. Call the `"key_derivation_output_bytes"` entry point. The core may call this entry point multiple times to implement a single call from the application when deriving a non-raw key or if the output size exceeds some implementation limit. +1. Call the `"key_derivation_output_bytes"` entry point. The core may call this entry point multiple times to implement a single call from the application when deriving a cooked (non-raw) key as described below, or if the output size exceeds some implementation limit. If the key derivation operation is not handled by an opaque driver as described above, the core calls the `"key_derivation_output_bytes"` from the applicable transparent driver (or multiple drivers in succession if fallback applies). In some cases, the driver then calls additional entry points in the same or another driver: From 54eb0686b3aae1310ea084a3663098653eb9b047 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 30 Jun 2022 18:09:27 +0200 Subject: [PATCH 022/328] New function psa_crypto_driver_key_derivation_get_input_type The new function psa_crypto_driver_key_derivation_get_input_type() allows drivers to retrieve the effective type of each input step, and thus to call the correct get-data function. This is simpler than the previous scheme which required a somewhat contrived dance with get_key() and get_bytes() for inputs that can be passed either as a key or as a byte buffer at the application's choice. Signed-off-by: Gilles Peskine --- docs/proposed/psa-driver-interface.md | 42 ++++++++++++++++++--------- 1 file changed, 28 insertions(+), 14 deletions(-) diff --git a/docs/proposed/psa-driver-interface.md b/docs/proposed/psa-driver-interface.md index d737b0d80c..fa3f1d1698 100644 --- a/docs/proposed/psa-driver-interface.md +++ b/docs/proposed/psa-driver-interface.md @@ -336,7 +336,31 @@ The core conveys the initial inputs for a key derivation via an opaque data stru typedef ... psa_crypto_driver_key_derivation_inputs_t; // implementation-specific type ``` -A driver receiving an argument that points to a `psa_crypto_driver_key_derivation_inputs_t` can retrieve its contents using the following functions. +A driver receiving an argument that points to a `psa_crypto_driver_key_derivation_inputs_t` can retrieve its contents by calling one of type-specific the functions below. To determine the correct function, the driver can call `psa_crypto_driver_key_derivation_get_input_type()`. + +``` +enum psa_crypto_driver_key_derivation_input_type_t { + PSA_KEY_DERIVATION_INPUT_TYPE_INVALID = 0, + PSA_KEY_DERIVATION_INPUT_TYPE_OMITTED, + PSA_KEY_DERIVATION_INPUT_TYPE_BYTES, + PSA_KEY_DERIVATION_INPUT_TYPE_KEY, + PSA_KEY_DERIVATION_INPUT_TYPE_INTEGER, + // Implementations may add other values, and may freely choose the + // numerical values for each identifer except as explicitly specified + // above. +}; +psa_crypto_driver_key_derivation_input_type_t psa_crypto_driver_key_derivation_get_input_type( + const psa_crypto_driver_key_derivation_inputs_t *inputs, + psa_key_derivation_step_t step); +``` + +The function `psa_crypto_driver_key_derivation_get_input_type()` determines whether a given step is present and how to access its value: + +* `PSA_KEY_DERIVATION_INPUT_TYPE_INVALID`: the step is invalid for the algorithm of the operation that the inputs are for. +* `PSA_KEY_DERIVATION_INPUT_TYPE_OMITTED`: the step is optional for the algorithm of the operation that the inputs are for, and has been omitted. +* `PSA_KEY_DERIVATION_INPUT_TYPE_BYTES`: the step is valid and present and is a transparent byte string. Call `psa_crypto_driver_key_derivation_get_input_size()` to obtain the size of the input data. Call `psa_crypto_driver_key_derivation_get_input_bytes()` make a copy of the input data. +* `PSA_KEY_DERIVATION_INPUT_TYPE_KEY`: the step is valid and present and is a byte string passed via a key object. Call `psa_crypto_driver_key_derivation_get_input_key()` to obtain a pointer to the key data. +* `PSA_KEY_DERIVATION_INPUT_TYPE_INTEGER`: the step is valid and present and is an integer. Call `psa_crypto_driver_key_derivation_get_input_integer()` to retrieve the integer value. ``` psa_status_t psa_crypto_driver_key_derivation_get_input_size( @@ -357,13 +381,10 @@ psa_status_t psa_crypto_driver_key_derivation_get_input_integer( uint64_t *value); ``` -These functions take the following parameters: +The get-data functions take the following parameters: * The first parameter `inputs` must be a pointer passed by the core to a key derivation driver setup entry point which has not returned yet. -* The `step` parameter indicates the input step whose content the driver wants to retrieve. The type of the input step must be compatible with the function: - * `psa_crypto_driver_key_derivation_get_input_integer` for integer inputs (steps that the application passes with `psa_key_derivation_input_integer()`). - * `psa_crypto_driver_key_derivation_get_input_size` and `psa_crypto_driver_key_derivation_get_input_bytes` for data inputs (steps that the application passes with `psa_key_derivation_input_bytes()` or `psa_key_derivation_input_key()`, excluding key inputs from the same secure element). - * `psa_crypto_driver_key_derivation_get_input_key` for key inputs (steps that the application passes with `psa_key_derivation_input_key()`, only for secure element drivers receiving a key from the same secure element). +* The `step` parameter indicates the input step whose content the driver wants to retrieve. * On a successful invocation of `psa_crypto_driver_key_derivation_get_input_size`, the core sets `*size` to the size of the desired input in bytes. * On a successful invocation of `psa_crypto_driver_key_derivation_get_input_bytes`, the core fills the first *N* bytes of `buffer` with the desired input and sets `*buffer_length` to *N*, where *N* is the length of the input in bytes. The value of `buffer_size` must be at least *N*, otherwise this function fails with the status `PSA_ERROR_BUFFER_TOO_SMALL`. * On a successful invocation of `psa_crypto_driver_key_derivation_get_input_key`, the core sets `*key_buffer` to a pointer to a buffer containing the key context and `*key_buffer_size` to the size of the key context in bytes. The key context buffer remains valid for the duration of the driver entry point. If the driver needs to access the key context after the current entry point returns, it must make a copy of the key context. @@ -372,9 +393,8 @@ These functions take the following parameters: These functions can return the following statuses: * `PSA_SUCCESS`: the call succeeded and the desired value has been copied to the output parameter (`size`, `buffer`, `value` or `p_key_buffer`) and if applicable the size of the value has been writen to the applicable parameter (`buffer_length`, `key_buffer_size`). -* `PSA_ERROR_INSUFFICIENT_DATA`: the driver called `psa_crypto_driver_key_derivation_get_input_key` on a data input step which is available as a bytes input, or the driver called ``psa_crypto_driver_key_derivation_get_input_size` or `psa_crypto_driver_key_derivation_get_input_bytes` on a data input step which is available as a key input. This is not a fatal error and the driver is expected to call the appropriate function(s) instead. * `PSA_ERROR_DOES_NOT_EXIST`: the input step is valid for this particular algorithm, but it is not part of the initial inputs. This is not a fatal error. The driver will receive the input later as a [long input](#key-derivation-driver-long-inputs). -* `PSA_ERROR_INVALID_ARGUMENT`: the input step is not valid for this particular algorithm, or the type of the input step is not suitable for this function. This is not a fatal error and the driver can, for example, subsequently call the appropriate function on the same step. +* `PSA_ERROR_INVALID_ARGUMENT`: the input type is not compatible with this function or was omitted. Call `psa_crypto_driver_key_derivation_get_input_type()` to find out the actual type of this input step. This is not a fatal error and the driver can, for example, subsequently call the appropriate function on the same step. * `PSA_ERROR_BUFFER_TOO_SMALL` (`psa_crypto_driver_key_derivation_get_input_bytes` only): the output buffer is too small. This is not a fatal error and the driver can, for example, subsequently call the same function again with a larger buffer. Call `psa_crypto_driver_key_derivation_get_input_size` to obtain the required size. * The core may return other errors such as `PSA_ERROR_CORRUPTION_DETECTED` or `PSA_ERROR_COMMUNICATION_FAILURE` to convey implementation-specific error conditions. Portable drivers should treat such conditions as fatal errors. @@ -392,12 +412,6 @@ psa_status_t acme_key_derivation_setup( * `alg` is the algorithm for the key derivation operation. It does not include a key agreement component. * `inputs` is an opaque pointer to the [initial inputs](#key-derivation-driver-initial-inputs) for the key derivation. -The following process describes how a driver is expected to retrieve the inputs of the key derivation. For each input step that is valid for the algorithm `alg` and is not a [long input](#key-derivation-driver-long-inputs): - -* If the step is a data step and the driver is an opaque driver, call `psa_crypto_driver_key_derivation_get_input_key`. This may either succeed or fail with `PSA_ERROR_INSUFFICIENT_DATA` depending on whether the input comes from the same secure element or not. Note that the driver obtains a pointer to the [key context](#overview-of-driver-entry-points) which only remains valid until the end of the call to the setup entry point. If the driver needs the context in subsequent steps of the operation, it must make a copy. -* If the step is a data step and the driver is a transparent driver, or if `psa_crypto_driver_key_derivation_get_input_key` returned `PSA_ERROR_INSUFFICIENT_DATA`, call `psa_crypto_driver_key_derivation_get_input_size` to retrieve the size of the input, then call `psa_crypto_driver_key_derivation_get_input_bytes` with a large enough buffer to retrieve the input data. -* If the step is an integer, call `psa_crypto_driver_key_derivation_get_input_integer`. - #### Key derivation driver long inputs Some key derivation algorithms take long inputs which it would not be practical to pass in the [initial inputs](#key-derivation-driver-initial-inputs). A driver that implements a key derivation algorithm that takes such inputs must provide a `"key_derivation_input_step"` entry point. The core calls this input step for all the long inputs, in an unspecified order. Long input steps may be fragmented into multiple calls of `psa_key_derivation_input_bytes()`, and the core may reassemble or refragment those fragments before passing them to the driver. From d9645c847e90f73cca0afad97d70a02631a4cc8e Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 30 Jun 2022 18:19:51 +0200 Subject: [PATCH 023/328] Fix naming confusion with opaque key derivation "key_derivation_derive_key" should have been "key_derivation_output_key". Signed-off-by: Gilles Peskine --- docs/proposed/psa-driver-interface.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/proposed/psa-driver-interface.md b/docs/proposed/psa-driver-interface.md index fa3f1d1698..ae84987de3 100644 --- a/docs/proposed/psa-driver-interface.md +++ b/docs/proposed/psa-driver-interface.md @@ -318,7 +318,7 @@ A key derivation driver has the following entry points: * `"key_derivation_setup"` (mandatory): always the first entry point to be called. This entry point provides the [initial inputs](#key-derivation-driver-initial-inputs). See [“Key derivation driver setup”](#key-derivation-driver-setup). * `"key_derivation_input_step"` (optional): provide an extra input for the key derivation. This entry point is only mandatory in drivers that support algorithms that have extra inputs. See [“Key derivation driver long inputs”](#key-derivation-driver-long-inputs). * `"key_derivation_output_bytes"` (mandatory): derive cryptographic material and output it. See [“Key derivation driver outputs”](#key-derivation-driver-outputs). -* `"key_derivation_derive_key"`, `"key_derivation_verify_bytes"`, `"key_derivation_verify_key"` (optional, opaque drivers only): derive key material which remains inside the same secure element. See [“Key derivation driver outputs”](#key-derivation-driver-outputs). +* `"key_derivation_output_key"`, `"key_derivation_verify_bytes"`, `"key_derivation_verify_key"` (optional, opaque drivers only): derive key material which remains inside the same secure element. See [“Key derivation driver outputs”](#key-derivation-driver-outputs). * `"key_derivation_set_capacity"` (mandatory for opaque drivers that implement `"key_derivation_output_bytes"` for “cooked”, i.e. non-raw-data key types): update the capacity policy on the operation. See [“Key derivation driver operation capacity”](#key-derivation-driver-operation-capacity). * `"key_derivation_abort"` (mandatory): always the last entry point to be called. @@ -427,7 +427,7 @@ At the time of writing, no standard key derivation algorithm has long inputs. It #### Key derivation driver operation capacity -The core keeps track of an operation's capacity and enforces it. The core guarantees that it will not request output beyond the capacity of the operation, with one exception: opaque drivers that support `"key_derivation_derive_key"` [cooked key types](#transparent-cooked-key-derivation), i.e. for key types where the derived key material is not a direct copy of the key derivation's output stream. +The core keeps track of an operation's capacity and enforces it. The core guarantees that it will not request output beyond the capacity of the operation, with one exception: opaque drivers that support [`"key_derivation_output_key"`](#key-derivation-driver-outputs), i.e. for key types where the derived key material is not a direct copy of the key derivation's output stream. Such drivers must enforce the capacity limitation and must return `PSA_ERROR_INSUFFICIENT_CAPACITY` from any output request that exceeds the operation's capacity. Such drivers must provide the following entry point: ``` From 5205fb42a1c6a0eb162d7673a1efaca2f7a1cd30 Mon Sep 17 00:00:00 2001 From: Simon Date: Mon, 5 Sep 2022 23:15:07 +0200 Subject: [PATCH 024/328] Update mps_common.h Signed-off-by: Simon --- library/mps_common.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/library/mps_common.h b/library/mps_common.h index 668876ccfc..a2aee43af9 100644 --- a/library/mps_common.h +++ b/library/mps_common.h @@ -169,7 +169,7 @@ * */ typedef size_t mbedtls_mps_stored_size_t; -#define MBEDTLS_MPS_STORED_SIZE_MAX ( (mbedtls_mps_stored_size_t) -1 ) +#define MBEDTLS_MPS_STORED_SIZE_MAX (SIZE_MAX) /** \brief The type of buffer sizes and offsets used in the MPS API * and implementation. @@ -183,7 +183,7 @@ typedef size_t mbedtls_mps_stored_size_t; * so almost 10%. */ typedef size_t mbedtls_mps_size_t; -#define MBEDTLS_MPS_SIZE_MAX ( (mbedtls_mps_size_t) -1 ) +#define MBEDTLS_MPS_SIZE_MAX (SIZE_MAX) #if MBEDTLS_MPS_STORED_SIZE_MAX > MBEDTLS_MPS_SIZE_MAX #error "Misconfiguration of mbedtls_mps_size_t and mbedtls_mps_stored_size_t." From 39fb1d52d13d4fa3b47ee3c02b2ab3e9d9512d41 Mon Sep 17 00:00:00 2001 From: Pol Henarejos <55573252+polhenarejos@users.noreply.github.com> Date: Thu, 13 Oct 2022 08:29:47 +0200 Subject: [PATCH 025/328] Update library/sha3.c Co-authored-by: Gilles Peskine Signed-off-by: Pol Henarejos <55573252+polhenarejos@users.noreply.github.com> --- library/sha3.c | 8 -------- 1 file changed, 8 deletions(-) diff --git a/library/sha3.c b/library/sha3.c index c8fa06c657..dbaf8b613e 100644 --- a/library/sha3.c +++ b/library/sha3.c @@ -33,15 +33,7 @@ #include #if defined(MBEDTLS_SELF_TEST) -#if defined(MBEDTLS_PLATFORM_C) #include "mbedtls/platform.h" -#else -#include -#include -#define mbedtls_printf printf -#define mbedtls_calloc calloc -#define mbedtls_free free -#endif /* MBEDTLS_PLATFORM_C */ #endif /* MBEDTLS_SELF_TEST */ /* From eda71ce5356c67beeb03e06bd898323fdead19cc Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 12 Jan 2023 14:32:56 +0100 Subject: [PATCH 026/328] Key derivation: improve overview of the problem space Signed-off-by: Gilles Peskine --- docs/proposed/psa-driver-interface.md | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/docs/proposed/psa-driver-interface.md b/docs/proposed/psa-driver-interface.md index ae84987de3..be09f0d167 100644 --- a/docs/proposed/psa-driver-interface.md +++ b/docs/proposed/psa-driver-interface.md @@ -299,7 +299,12 @@ TODO ### Driver entry points for key derivation -Key derivation is more complex than other multipart operations due to the multiplicity of inputs and outputs, to the fact that multiple drivers can be involved (key agreement and subsequent key derivation accelerator, opaque driver for the secret key and for derived keys), and because the involvement of an opaque driver cannot be determined as soon as the operation is set up (since `psa_key_derivation_setup()` does not determine the key input). +Key derivation is more complex than other multipart operations for several reasons: + +* There are multiple of inputs and outputs. +* Multiple drivers can be involved. This happens when an operation combines a key agreement and a subsequent symmetric key derivation, each of which can have independent drivers. This also happens when deriving an asymmetric key, where processing the secret input and generating the key output might involve different drivers. +* When multiple drivers are involved, they are not always independent: if the secret input is managed by an opaque driver, it might not allow the core to retrieve the intermediate output and pass it to another driver. +* The involvement of an opaque driver cannot be determined as soon as the operation is set up (since `psa_key_derivation_setup()` does not determine the key input). #### Key derivation driver dispatch logic From 4e346bd569308481bbf56136e300a7f7381bf3b6 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 12 Jan 2023 14:33:22 +0100 Subject: [PATCH 027/328] Fix entry point name Signed-off-by: Gilles Peskine --- docs/proposed/psa-driver-interface.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/proposed/psa-driver-interface.md b/docs/proposed/psa-driver-interface.md index be09f0d167..bc7e57a395 100644 --- a/docs/proposed/psa-driver-interface.md +++ b/docs/proposed/psa-driver-interface.md @@ -324,7 +324,7 @@ A key derivation driver has the following entry points: * `"key_derivation_input_step"` (optional): provide an extra input for the key derivation. This entry point is only mandatory in drivers that support algorithms that have extra inputs. See [“Key derivation driver long inputs”](#key-derivation-driver-long-inputs). * `"key_derivation_output_bytes"` (mandatory): derive cryptographic material and output it. See [“Key derivation driver outputs”](#key-derivation-driver-outputs). * `"key_derivation_output_key"`, `"key_derivation_verify_bytes"`, `"key_derivation_verify_key"` (optional, opaque drivers only): derive key material which remains inside the same secure element. See [“Key derivation driver outputs”](#key-derivation-driver-outputs). -* `"key_derivation_set_capacity"` (mandatory for opaque drivers that implement `"key_derivation_output_bytes"` for “cooked”, i.e. non-raw-data key types): update the capacity policy on the operation. See [“Key derivation driver operation capacity”](#key-derivation-driver-operation-capacity). +* `"key_derivation_set_capacity"` (mandatory for opaque drivers that implement `"key_derivation_output_key"` for “cooked”, i.e. non-raw-data key types): update the capacity policy on the operation. See [“Key derivation driver operation capacity”](#key-derivation-driver-operation-capacity). * `"key_derivation_abort"` (mandatory): always the last entry point to be called. For naming purposes, here and in the following subsection, this specification takes the example of a driver with the prefix `"acme"` that implements the `"key_derivation"` entry point family with a capability that does not use the `"names"` property to declare different type and entry point names. Such a driver must implement the following type and functions, as well as the entry points listed above and described in the following subsections: From 635b779cfd238c4300c4f7d5d6d5636d54cb0dfd Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 12 Jan 2023 14:33:44 +0100 Subject: [PATCH 028/328] Fix math character used in text mode Signed-off-by: Gilles Peskine --- docs/proposed/psa-driver-interface.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/proposed/psa-driver-interface.md b/docs/proposed/psa-driver-interface.md index bc7e57a395..d4b5542c42 100644 --- a/docs/proposed/psa-driver-interface.md +++ b/docs/proposed/psa-driver-interface.md @@ -524,7 +524,7 @@ The core calls the `"derive_key"` entry point in a loop until it returns a statu For standard key types, the `"derive_key"` entry point is called with a certain input length as follows: * `PSA_KEY_TYPE_DES`: the length of the key. -* `PSA_KEY_TYPE_ECC_KEY_PAIR(…)`, `PSA_KEY_TYPE_DH_KEY_PAIR(…)`: *m* bytes, where the bit-size of the key *n* satisfies *m*-1 < 8×*n* ≤ *m*. +* `PSA_KEY_TYPE_ECC_KEY_PAIR(…)`, `PSA_KEY_TYPE_DH_KEY_PAIR(…)`: $m$ bytes, where the bit-size of the key $n$ satisfies $m-1 < 8 n \le m$. * `PSA_KEY_TYPE_RSA_KEY_PAIR`: an implementation-defined length. A future version of this specification may specify a length. * Other key types: not applicable. From fd094081e1fe702dbfdbe84cc8a63c0bd27f72a8 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 20 Jan 2023 20:24:17 +0100 Subject: [PATCH 029/328] Pass attributes alongside key buffer MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This is the generic way of going adapting a psa_key_id_t argument in the application interface to the driver interface. Thanks Hannes Lindström. Signed-off-by: Gilles Peskine --- docs/proposed/psa-driver-interface.md | 1 + 1 file changed, 1 insertion(+) diff --git a/docs/proposed/psa-driver-interface.md b/docs/proposed/psa-driver-interface.md index d4b5542c42..faa0ec369f 100644 --- a/docs/proposed/psa-driver-interface.md +++ b/docs/proposed/psa-driver-interface.md @@ -379,6 +379,7 @@ psa_status_t psa_crypto_driver_key_derivation_get_input_bytes( psa_status_t psa_crypto_driver_key_derivation_get_input_key( const psa_crypto_driver_key_derivation_inputs_t *inputs, psa_key_derivation_step_t step, + const psa_key_attributes_t *attributes, uint8_t** p_key_buffer, size_t *key_buffer_size); psa_status_t psa_crypto_driver_key_derivation_get_input_integer( const psa_crypto_driver_key_derivation_inputs_t *inputs, From a391a9e472254056fbf7f00d00672e670d321e77 Mon Sep 17 00:00:00 2001 From: Pol Henarejos Date: Tue, 7 Feb 2023 20:05:31 +0100 Subject: [PATCH 030/328] Bad merge. These tests are not used. Signed-off-by: Pol Henarejos --- tests/suites/test_suite_md.data | 64 --------------------------------- 1 file changed, 64 deletions(-) diff --git a/tests/suites/test_suite_md.data b/tests/suites/test_suite_md.data index e9500cfe9b..fd6c10d4e6 100644 --- a/tests/suites/test_suite_md.data +++ b/tests/suites/test_suite_md.data @@ -585,70 +585,6 @@ HMAC-SHA3-512: NIST example #4: keylenblocklen -depends_on:MBEDTLS_SHA256_C -mbedtls_md_hmac:"SHA224":28:"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f60616263":"53616d706c65206d65737361676520666f72206b65796c656e3d626c6f636b6c656e":"91c52509e5af8531601ae6230099d90bef88aaefb961f4080abc014d" - -HMAC-SHA-224: NIST example #4: keylenblocklen -depends_on:MBEDTLS_SHA256_C -mbedtls_md_hmac:"SHA256":32:"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f60616263":"53616d706c65206d65737361676520666f72206b65796c656e3d626c6f636b6c656e":"bdccb6c72ddeadb500ae768386cb38cc41c63dbb0878ddb9c7a38a431b78378d" - -HMAC-SHA-256: NIST example #4: keylenblocklen -depends_on:MBEDTLS_SHA384_C -mbedtls_md_hmac:"SHA384":48:"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeafb0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7":"53616d706c65206d65737361676520666f72206b65796c656e3d626c6f636b6c656e":"5b664436df69b0ca22551231a3f0a3d5b4f97991713cfa84bff4d0792eff96c27dccbbb6f79b65d548b40e8564cef594" - -HMAC-SHA-384: NIST example #4: keylenblocklen -depends_on:MBEDTLS_SHA512_C -mbedtls_md_hmac:"SHA512":64:"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeafb0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7":"53616d706c65206d65737361676520666f72206b65796c656e3d626c6f636b6c656e":"d93ec8d2de1ad2a9957cb9b83f14e76ad6b5e0cce285079a127d3b14bccb7aa7286d4ac0d4ce64215f2bc9e6870b33d97438be4aaa20cda5c5a912b48b8e27f3" - -HMAC-SHA-512: NIST example #4: keylen Date: Wed, 8 Feb 2023 00:50:04 +0100 Subject: [PATCH 031/328] Style. Signed-off-by: Pol Henarejos --- include/mbedtls/sha3.h | 37 ++-- library/md.c | 36 ++-- library/sha3.c | 371 +++++++++++++++++++------------------- programs/test/benchmark.c | 20 +- 4 files changed, 233 insertions(+), 231 deletions(-) diff --git a/include/mbedtls/sha3.h b/include/mbedtls/sha3.h index 278655ac81..2ddb22a3be 100644 --- a/include/mbedtls/sha3.h +++ b/include/mbedtls/sha3.h @@ -46,8 +46,7 @@ extern "C" { * It identifies the family (SHA3-256, SHA3-512, etc.) */ -typedef enum -{ +typedef enum { MBEDTLS_SHA3_NONE = 0, /*!< Operation not defined. */ MBEDTLS_SHA3_224, /*!< SHA3-224 */ MBEDTLS_SHA3_256, /*!< SHA3-256 */ @@ -56,8 +55,7 @@ typedef enum } mbedtls_sha3_id; struct mbedtls_sha3_context; -typedef struct mbedtls_sha3_family_functions -{ +typedef struct mbedtls_sha3_family_functions { mbedtls_sha3_id id; uint16_t r; @@ -88,7 +86,7 @@ mbedtls_sha3_context; * * \param ctx The SHA-3 context to initialize. This must not be \c NULL. */ -void mbedtls_sha3_init( mbedtls_sha3_context *ctx ); +void mbedtls_sha3_init(mbedtls_sha3_context *ctx); /** * \brief This function clears a SHA-3 context. @@ -97,7 +95,7 @@ void mbedtls_sha3_init( mbedtls_sha3_context *ctx ); * case this function returns immediately. If it is not \c NULL, * it must point to an initialized SHA-3 context. */ -void mbedtls_sha3_free( mbedtls_sha3_context *ctx ); +void mbedtls_sha3_free(mbedtls_sha3_context *ctx); /** * \brief This function clones the state of a SHA-3 context. @@ -105,8 +103,8 @@ void mbedtls_sha3_free( mbedtls_sha3_context *ctx ); * \param dst The destination context. This must be initialized. * \param src The context to clone. This must be initialized. */ -void mbedtls_sha3_clone( mbedtls_sha3_context *dst, - const mbedtls_sha3_context *src ); +void mbedtls_sha3_clone(mbedtls_sha3_context *dst, + const mbedtls_sha3_context *src); /** * \brief This function starts a SHA-3 checksum @@ -118,7 +116,7 @@ void mbedtls_sha3_clone( mbedtls_sha3_context *dst, * \return \c 0 on success. * \return A negative error code on failure. */ -int mbedtls_sha3_starts( mbedtls_sha3_context *ctx, mbedtls_sha3_id id ); +int mbedtls_sha3_starts(mbedtls_sha3_context *ctx, mbedtls_sha3_id id); /** * \brief This function feeds an input buffer into an ongoing @@ -133,9 +131,9 @@ int mbedtls_sha3_starts( mbedtls_sha3_context *ctx, mbedtls_sha3_id id ); * \return \c 0 on success. * \return A negative error code on failure. */ -int mbedtls_sha3_update( mbedtls_sha3_context *ctx, - const uint8_t *input, - size_t ilen ); +int mbedtls_sha3_update(mbedtls_sha3_context *ctx, + const uint8_t *input, + size_t ilen); /** * \brief This function finishes the SHA-3 operation, and writes @@ -152,8 +150,8 @@ int mbedtls_sha3_update( mbedtls_sha3_context *ctx, * \return \c 0 on success. * \return A negative error code on failure. */ -int mbedtls_sha3_finish( mbedtls_sha3_context *ctx, - uint8_t *output, size_t olen ); +int mbedtls_sha3_finish(mbedtls_sha3_context *ctx, + uint8_t *output, size_t olen); /** * \brief This function calculates the SHA-3 @@ -178,10 +176,10 @@ int mbedtls_sha3_finish( mbedtls_sha3_context *ctx, * \return \c 0 on success. * \return A negative error code on failure. */ -int mbedtls_sha3( mbedtls_sha3_id id, const uint8_t *input, - size_t ilen, - uint8_t *output, - size_t olen ); +int mbedtls_sha3(mbedtls_sha3_id id, const uint8_t *input, + size_t ilen, + uint8_t *output, + size_t olen); #if defined(MBEDTLS_SELF_TEST) /** @@ -191,7 +189,7 @@ int mbedtls_sha3( mbedtls_sha3_id id, const uint8_t *input, * * \return 0 if successful, or 1 if the test failed. */ -int mbedtls_sha3_self_test( int verbose ); +int mbedtls_sha3_self_test(int verbose); #endif /* MBEDTLS_SELF_TEST */ #ifdef __cplusplus @@ -199,4 +197,3 @@ int mbedtls_sha3_self_test( int verbose ); #endif #endif /* mbedtls_sha3.h */ - diff --git a/library/md.c b/library/md.c index 0be1b7db85..bc0a1152c9 100644 --- a/library/md.c +++ b/library/md.c @@ -277,13 +277,13 @@ const mbedtls_md_info_t *mbedtls_md_info_from_type(mbedtls_md_type_t md_type) #endif #if defined(MBEDTLS_SHA3_C) case MBEDTLS_MD_SHA3_224: - return( &mbedtls_sha3_224_info ); + return &mbedtls_sha3_224_info; case MBEDTLS_MD_SHA3_256: - return( &mbedtls_sha3_256_info ); + return &mbedtls_sha3_256_info; case MBEDTLS_MD_SHA3_384: - return( &mbedtls_sha3_384_info ); + return &mbedtls_sha3_384_info; case MBEDTLS_MD_SHA3_512: - return( &mbedtls_sha3_512_info ); + return &mbedtls_sha3_512_info; #endif default: return NULL; @@ -353,7 +353,7 @@ void mbedtls_md_free(mbedtls_md_context_t *ctx) case MBEDTLS_MD_SHA3_256: case MBEDTLS_MD_SHA3_384: case MBEDTLS_MD_SHA3_512: - mbedtls_sha3_free( ctx->md_ctx ); + mbedtls_sha3_free(ctx->md_ctx); break; #endif default: @@ -422,7 +422,7 @@ int mbedtls_md_clone(mbedtls_md_context_t *dst, case MBEDTLS_MD_SHA3_256: case MBEDTLS_MD_SHA3_384: case MBEDTLS_MD_SHA3_512: - mbedtls_sha3_clone( dst->md_ctx, src->md_ctx ); + mbedtls_sha3_clone(dst->md_ctx, src->md_ctx); break; #endif default: @@ -492,7 +492,7 @@ int mbedtls_md_setup(mbedtls_md_context_t *ctx, const mbedtls_md_info_t *md_info case MBEDTLS_MD_SHA3_256: case MBEDTLS_MD_SHA3_384: case MBEDTLS_MD_SHA3_512: - ALLOC( sha3 ); + ALLOC(sha3); break; #endif default: @@ -548,13 +548,13 @@ int mbedtls_md_starts(mbedtls_md_context_t *ctx) #endif #if defined(MBEDTLS_SHA3_C) case MBEDTLS_MD_SHA3_224: - return( mbedtls_sha3_starts( ctx->md_ctx, MBEDTLS_SHA3_224 ) ); + return mbedtls_sha3_starts(ctx->md_ctx, MBEDTLS_SHA3_224); case MBEDTLS_MD_SHA3_256: - return( mbedtls_sha3_starts( ctx->md_ctx, MBEDTLS_SHA3_256 ) ); + return mbedtls_sha3_starts(ctx->md_ctx, MBEDTLS_SHA3_256); case MBEDTLS_MD_SHA3_384: - return( mbedtls_sha3_starts( ctx->md_ctx, MBEDTLS_SHA3_384 ) ); + return mbedtls_sha3_starts(ctx->md_ctx, MBEDTLS_SHA3_384); case MBEDTLS_MD_SHA3_512: - return( mbedtls_sha3_starts( ctx->md_ctx, MBEDTLS_SHA3_512 ) ); + return mbedtls_sha3_starts(ctx->md_ctx, MBEDTLS_SHA3_512); #endif default: return MBEDTLS_ERR_MD_BAD_INPUT_DATA; @@ -601,7 +601,7 @@ int mbedtls_md_update(mbedtls_md_context_t *ctx, const unsigned char *input, siz case MBEDTLS_MD_SHA3_256: case MBEDTLS_MD_SHA3_384: case MBEDTLS_MD_SHA3_512: - return( mbedtls_sha3_update( ctx->md_ctx, input, ilen ) ); + return mbedtls_sha3_update(ctx->md_ctx, input, ilen); #endif default: return MBEDTLS_ERR_MD_BAD_INPUT_DATA; @@ -648,7 +648,7 @@ int mbedtls_md_finish(mbedtls_md_context_t *ctx, unsigned char *output) case MBEDTLS_MD_SHA3_256: case MBEDTLS_MD_SHA3_384: case MBEDTLS_MD_SHA3_512: - return( mbedtls_sha3_finish( ctx->md_ctx, output, ctx->md_info->size ) ); + return mbedtls_sha3_finish(ctx->md_ctx, output, ctx->md_info->size); #endif default: return MBEDTLS_ERR_MD_BAD_INPUT_DATA; @@ -693,13 +693,13 @@ int mbedtls_md(const mbedtls_md_info_t *md_info, const unsigned char *input, siz #endif #if defined(MBEDTLS_SHA3_C) case MBEDTLS_MD_SHA3_224: - return( mbedtls_sha3( MBEDTLS_SHA3_224, input, ilen, output, md_info->size ) ); + return mbedtls_sha3(MBEDTLS_SHA3_224, input, ilen, output, md_info->size); case MBEDTLS_MD_SHA3_256: - return( mbedtls_sha3( MBEDTLS_SHA3_256, input, ilen, output, md_info->size ) ); + return mbedtls_sha3(MBEDTLS_SHA3_256, input, ilen, output, md_info->size); case MBEDTLS_MD_SHA3_384: - return( mbedtls_sha3( MBEDTLS_SHA3_384, input, ilen, output, md_info->size ) ); + return mbedtls_sha3(MBEDTLS_SHA3_384, input, ilen, output, md_info->size); case MBEDTLS_MD_SHA3_512: - return( mbedtls_sha3( MBEDTLS_SHA3_512, input, ilen, output, md_info->size ) ); + return mbedtls_sha3(MBEDTLS_SHA3_512, input, ilen, output, md_info->size); #endif default: return MBEDTLS_ERR_MD_BAD_INPUT_DATA; @@ -936,7 +936,7 @@ int mbedtls_md_process(mbedtls_md_context_t *ctx, const unsigned char *data) case MBEDTLS_MD_SHA3_256: case MBEDTLS_MD_SHA3_384: case MBEDTLS_MD_SHA3_512: - return( 0 ); + return 0; #endif default: return MBEDTLS_ERR_MD_BAD_INPUT_DATA; diff --git a/library/sha3.c b/library/sha3.c index dbaf8b613e..959928e9da 100644 --- a/library/sha3.c +++ b/library/sha3.c @@ -67,10 +67,11 @@ static const uint8_t pi[24] = { 15, 23, 19, 13, 12, 2, 20, 14, 22, 9, 6, 1, }; -#define ROT64( x , y ) ( ( ( x ) << ( y ) ) | ( ( x ) >> ( 64U - ( y ) ) ) ) -#define ABSORB( ctx, idx, v ) do { ctx->state[( idx ) >> 3] ^= ( ( uint64_t ) ( v ) ) << ( ( ( idx ) & 0x7 ) << 3 ); } while( 0 ) -#define SQUEEZE( ctx, idx ) ( ( uint8_t )( ctx->state[( idx ) >> 3] >> ( ( ( idx ) & 0x7 ) << 3 ) ) ) -#define SWAP( x, y ) do { uint64_t tmp = ( x ); ( x ) = ( y ); ( y ) = tmp; } while( 0 ) +#define ROT64(x, y) (((x) << (y)) | ((x) >> (64U - (y)))) +#define ABSORB(ctx, idx, v) do { ctx->state[(idx) >> 3] ^= ((uint64_t) (v)) << (((idx) & 0x7) << 3); \ +} while (0) +#define SQUEEZE(ctx, idx) ((uint8_t) (ctx->state[(idx) >> 3] >> (((idx) & 0x7) << 3))) +#define SWAP(x, y) do { uint64_t tmp = (x); (x) = (y); (y) = tmp; } while (0) /* The permutation function. */ static void keccak_f1600(mbedtls_sha3_context *ctx) @@ -79,8 +80,7 @@ static void keccak_f1600(mbedtls_sha3_context *ctx) uint64_t *s = ctx->state; int i; - for( int round = 0; round < 24; round++ ) - { + for (int round = 0; round < 24; round++) { uint64_t t; /* Theta */ @@ -90,29 +90,31 @@ static void keccak_f1600(mbedtls_sha3_context *ctx) lane[3] = s[3] ^ s[8] ^ s[13] ^ s[18] ^ s[23]; lane[4] = s[4] ^ s[9] ^ s[14] ^ s[19] ^ s[24]; - t = lane[4] ^ ROT64( lane[1], 1 ); + t = lane[4] ^ ROT64(lane[1], 1); s[0] ^= t; s[5] ^= t; s[10] ^= t; s[15] ^= t; s[20] ^= t; - t = lane[0] ^ ROT64( lane[2], 1 ); + t = lane[0] ^ ROT64(lane[2], 1); s[1] ^= t; s[6] ^= t; s[11] ^= t; s[16] ^= t; s[21] ^= t; - t = lane[1] ^ ROT64( lane[3], 1 ); + t = lane[1] ^ ROT64(lane[3], 1); s[2] ^= t; s[7] ^= t; s[12] ^= t; s[17] ^= t; s[22] ^= t; - t = lane[2] ^ ROT64( lane[4], 1 ); + t = lane[2] ^ ROT64(lane[4], 1); s[3] ^= t; s[8] ^= t; s[13] ^= t; s[18] ^= t; s[23] ^= t; - t = lane[3] ^ ROT64( lane[0], 1 ); + t = lane[3] ^ ROT64(lane[0], 1); s[4] ^= t; s[9] ^= t; s[14] ^= t; s[19] ^= t; s[24] ^= t; /* Rho */ - for( i = 1; i < 25; i++ ) - s[i] = ROT64( s[i], rho[i-1] ); + for (i = 1; i < 25; i++) { + s[i] = ROT64(s[i], rho[i-1]); + } /* Pi */ t = s[1]; - for( i = 0; i < 24; i++ ) - SWAP( s[pi[i]], t ); + for (i = 0; i < 24; i++) { + SWAP(s[pi[i]], t); + } /* Chi */ lane[0] = s[0]; lane[1] = s[1]; lane[2] = s[2]; lane[3] = s[3]; lane[4] = s[4]; @@ -155,27 +157,30 @@ static void keccak_f1600(mbedtls_sha3_context *ctx) } } -void mbedtls_sha3_init( mbedtls_sha3_context *ctx ) +void mbedtls_sha3_init(mbedtls_sha3_context *ctx) { - if( ctx == NULL ) + if (ctx == NULL) { return; + } - memset( ctx, 0, sizeof( mbedtls_sha3_context ) ); + memset(ctx, 0, sizeof(mbedtls_sha3_context)); } -void mbedtls_sha3_free( mbedtls_sha3_context *ctx ) +void mbedtls_sha3_free(mbedtls_sha3_context *ctx) { - if( ctx == NULL ) + if (ctx == NULL) { return; + } - mbedtls_platform_zeroize( ctx, sizeof( mbedtls_sha3_context ) ); + mbedtls_platform_zeroize(ctx, sizeof(mbedtls_sha3_context)); } -void mbedtls_sha3_clone( mbedtls_sha3_context *dst, - const mbedtls_sha3_context *src ) +void mbedtls_sha3_clone(mbedtls_sha3_context *dst, + const mbedtls_sha3_context *src) { - if ( dst == NULL || src == NULL ) + if (dst == NULL || src == NULL) { return; + } *dst = *src; } @@ -183,20 +188,22 @@ void mbedtls_sha3_clone( mbedtls_sha3_context *dst, /* * SHA-3 context setup */ -int mbedtls_sha3_starts( mbedtls_sha3_context *ctx, mbedtls_sha3_id id ) +int mbedtls_sha3_starts(mbedtls_sha3_context *ctx, mbedtls_sha3_id id) { mbedtls_sha3_family_functions *p = NULL; - if( ctx == NULL ) - return( MBEDTLS_ERR_SHA3_BAD_INPUT_DATA ); - - for( p = sha3_families; p->id != MBEDTLS_SHA3_NONE; p++ ) - { - if( p->id == id ) - break; + if (ctx == NULL) { + return MBEDTLS_ERR_SHA3_BAD_INPUT_DATA; } - if( p == NULL || p->id == MBEDTLS_SHA3_NONE ) - return( MBEDTLS_ERR_SHA3_BAD_INPUT_DATA ); + for (p = sha3_families; p->id != MBEDTLS_SHA3_NONE; p++) { + if (p->id == id) { + break; + } + } + + if (p == NULL || p->id == MBEDTLS_SHA3_NONE) { + return MBEDTLS_ERR_SHA3_BAD_INPUT_DATA; + } ctx->id = id; ctx->r = p->r; @@ -204,90 +211,96 @@ int mbedtls_sha3_starts( mbedtls_sha3_context *ctx, mbedtls_sha3_id id ) ctx->xor_byte = p->xor_byte; ctx->max_block_size = ctx->r / 8; - memset( ctx->state, 0, sizeof( ctx->state ) ); + memset(ctx->state, 0, sizeof(ctx->state)); ctx->index = 0; - return( 0 ); + return 0; } /* * SHA-3 process buffer */ -int mbedtls_sha3_update( mbedtls_sha3_context *ctx, - const uint8_t *input, - size_t ilen ) +int mbedtls_sha3_update(mbedtls_sha3_context *ctx, + const uint8_t *input, + size_t ilen) { - if( ctx == NULL ) - return( MBEDTLS_ERR_SHA3_BAD_INPUT_DATA ); - - if( ilen == 0 || input == NULL ) - return( 0 ); - - while( ilen-- > 0 ) - { - ABSORB( ctx, ctx->index, *input++ ); - if( ( ctx->index = ( ctx->index + 1) % ctx->max_block_size ) == 0 ) - keccak_f1600( ctx ); + if (ctx == NULL) { + return MBEDTLS_ERR_SHA3_BAD_INPUT_DATA; } - return( 0 ); + if (ilen == 0 || input == NULL) { + return 0; + } + + while (ilen-- > 0) { + ABSORB(ctx, ctx->index, *input++); + if ((ctx->index = (ctx->index + 1) % ctx->max_block_size) == 0) { + keccak_f1600(ctx); + } + } + + return 0; } -int mbedtls_sha3_finish( mbedtls_sha3_context *ctx, - uint8_t *output, size_t olen ) +int mbedtls_sha3_finish(mbedtls_sha3_context *ctx, + uint8_t *output, size_t olen) { - if( ctx == NULL || output == NULL ) - return( MBEDTLS_ERR_SHA3_BAD_INPUT_DATA ); + if (ctx == NULL || output == NULL) { + return MBEDTLS_ERR_SHA3_BAD_INPUT_DATA; + } /* Catch SHA-3 families, with fixed output length */ - if( ctx->olen > 0 ) - { - if ( ctx->olen > olen ) - return( MBEDTLS_ERR_SHA3_BAD_INPUT_DATA ); + if (ctx->olen > 0) { + if (ctx->olen > olen) { + return MBEDTLS_ERR_SHA3_BAD_INPUT_DATA; + } olen = ctx->olen; } - ABSORB( ctx, ctx->index, ctx->xor_byte ); - ABSORB( ctx, ctx->max_block_size - 1, 0x80 ); - keccak_f1600( ctx ); + ABSORB(ctx, ctx->index, ctx->xor_byte); + ABSORB(ctx, ctx->max_block_size - 1, 0x80); + keccak_f1600(ctx); ctx->index = 0; - while( olen-- > 0 ) - { - *output++ = SQUEEZE( ctx, ctx->index ); + while (olen-- > 0) { + *output++ = SQUEEZE(ctx, ctx->index); - if( ( ctx->index = ( ctx->index + 1) % ctx->max_block_size ) == 0 ) - keccak_f1600( ctx ); + if ((ctx->index = (ctx->index + 1) % ctx->max_block_size) == 0) { + keccak_f1600(ctx); + } } - return( 0 ); + return 0; } /* * output = SHA3( input buffer ) */ -int mbedtls_sha3( mbedtls_sha3_id id, const uint8_t *input, - size_t ilen, uint8_t *output, size_t olen ) +int mbedtls_sha3(mbedtls_sha3_id id, const uint8_t *input, + size_t ilen, uint8_t *output, size_t olen) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; mbedtls_sha3_context ctx; - mbedtls_sha3_init( &ctx ); + mbedtls_sha3_init(&ctx); /* Sanity checks are performed in every mbedtls_sha3_xxx() */ - if( ( ret = mbedtls_sha3_starts( &ctx, id ) ) != 0 ) + if ((ret = mbedtls_sha3_starts(&ctx, id)) != 0) { goto exit; + } - if( ( ret = mbedtls_sha3_update( &ctx, input, ilen ) ) != 0 ) + if ((ret = mbedtls_sha3_update(&ctx, input, ilen)) != 0) { goto exit; + } - if( ( ret = mbedtls_sha3_finish( &ctx, output, olen ) ) != 0 ) + if ((ret = mbedtls_sha3_finish(&ctx, output, olen)) != 0) { goto exit; + } exit: - mbedtls_sha3_free( &ctx ); + mbedtls_sha3_free(&ctx); - return( ret ); + return ret; } /**************** Self-tests ****************/ @@ -420,67 +433,61 @@ static const unsigned char long_kat_hash_sha3_512[64] = 0x0D, 0xB5, 0x96, 0xC9, 0x0B, 0x0A, 0x7B, 0x87 }; -static int mbedtls_sha3_kat_test( int verbose, - const char* type_name, - mbedtls_sha3_id id, - int test_num ) +static int mbedtls_sha3_kat_test(int verbose, + const char *type_name, + mbedtls_sha3_id id, + int test_num) { uint8_t hash[64]; int result; - result = mbedtls_sha3( id, - test_data[test_num], test_data_len[test_num], - hash, sizeof( hash ) ); - if( result != 0 ) - { - if( verbose != 0 ) - { - mbedtls_printf( " %s test %d error code: %d\n", - type_name, test_num, result ); + result = mbedtls_sha3(id, + test_data[test_num], test_data_len[test_num], + hash, sizeof(hash)); + if (result != 0) { + if (verbose != 0) { + mbedtls_printf(" %s test %d error code: %d\n", + type_name, test_num, result); } - return( result ); + return result; } - switch( id ) - { + switch (id) { case MBEDTLS_SHA3_224: - result = memcmp( hash, test_hash_sha3_224[test_num], 28 ); + result = memcmp(hash, test_hash_sha3_224[test_num], 28); break; case MBEDTLS_SHA3_256: - result = memcmp( hash, test_hash_sha3_256[test_num], 32 ); + result = memcmp(hash, test_hash_sha3_256[test_num], 32); break; case MBEDTLS_SHA3_384: - result = memcmp( hash, test_hash_sha3_384[test_num], 48 ); + result = memcmp(hash, test_hash_sha3_384[test_num], 48); break; case MBEDTLS_SHA3_512: - result = memcmp( hash, test_hash_sha3_512[test_num], 64 ); + result = memcmp(hash, test_hash_sha3_512[test_num], 64); break; default: break; } - if( 0 != result ) - { - if( verbose != 0 ) - { - mbedtls_printf( " %s test %d failed\n", type_name, test_num ); + if (0 != result) { + if (verbose != 0) { + mbedtls_printf(" %s test %d failed\n", type_name, test_num); } - return( -1 ); + return -1; } - if( verbose != 0 ) - { - mbedtls_printf( " %s test %d passed\n", type_name, test_num ); + if (verbose != 0) { + mbedtls_printf(" %s test %d passed\n", type_name, test_num); } - return( 0 ); + return 0; } -static int mbedtls_sha3_long_kat_test( int verbose, - const char* type_name, - mbedtls_sha3_id id ) +static int mbedtls_sha3_long_kat_test(int verbose, + const char *type_name, + mbedtls_sha3_id id) { mbedtls_sha3_context ctx; unsigned char buffer[1000]; @@ -488,133 +495,127 @@ static int mbedtls_sha3_long_kat_test( int verbose, int i; int result = 0; - memset( buffer, 'a', 1000 ); + memset(buffer, 'a', 1000); - if( verbose != 0 ) - { - mbedtls_printf( " %s long KAT test ", type_name ); + if (verbose != 0) { + mbedtls_printf(" %s long KAT test ", type_name); } - mbedtls_sha3_init( &ctx ); + mbedtls_sha3_init(&ctx); - result = mbedtls_sha3_starts( &ctx, id ); - if( result != 0 ) - { - if( verbose != 0 ) - { - mbedtls_printf( "setup failed\n " ); + result = mbedtls_sha3_starts(&ctx, id); + if (result != 0) { + if (verbose != 0) { + mbedtls_printf("setup failed\n "); } } /* Process 1,000,000 (one million) 'a' characters */ - for( i = 0; i < 1000; i++ ) - { - result = mbedtls_sha3_update( &ctx, buffer, 1000 ); - if( result != 0 ) - { - if( verbose != 0 ) - { - mbedtls_printf( "update error code: %i\n", result ); + for (i = 0; i < 1000; i++) { + result = mbedtls_sha3_update(&ctx, buffer, 1000); + if (result != 0) { + if (verbose != 0) { + mbedtls_printf("update error code: %i\n", result); } goto cleanup; } } - result = mbedtls_sha3_finish( &ctx, hash, sizeof( hash ) ); - if( result != 0 ) - { - if( verbose != 0 ) - { - mbedtls_printf( "finish error code: %d\n", result ); + result = mbedtls_sha3_finish(&ctx, hash, sizeof(hash)); + if (result != 0) { + if (verbose != 0) { + mbedtls_printf("finish error code: %d\n", result); } goto cleanup; } - switch( id ) - { + switch (id) { case MBEDTLS_SHA3_224: - result = memcmp( hash, long_kat_hash_sha3_224, 28 ); + result = memcmp(hash, long_kat_hash_sha3_224, 28); break; case MBEDTLS_SHA3_256: - result = memcmp( hash, long_kat_hash_sha3_256, 32 ); + result = memcmp(hash, long_kat_hash_sha3_256, 32); break; case MBEDTLS_SHA3_384: - result = memcmp( hash, long_kat_hash_sha3_384, 48 ); + result = memcmp(hash, long_kat_hash_sha3_384, 48); break; case MBEDTLS_SHA3_512: - result = memcmp( hash, long_kat_hash_sha3_512, 64 ); + result = memcmp(hash, long_kat_hash_sha3_512, 64); break; default: break; } - if( result != 0 ) - { - if( verbose != 0 ) - { - mbedtls_printf( "failed\n" ); + if (result != 0) { + if (verbose != 0) { + mbedtls_printf("failed\n"); } } - if( verbose != 0 ) - { - mbedtls_printf( "passed\n" ); + if (verbose != 0) { + mbedtls_printf("passed\n"); } cleanup: - mbedtls_sha3_free( &ctx ); - return( result ); + mbedtls_sha3_free(&ctx); + return result; } -int mbedtls_sha3_self_test( int verbose ) +int mbedtls_sha3_self_test(int verbose) { int i; /* SHA3 Known Answer Tests (KAT) */ - for( i = 0; i < 2; i++ ) - { - if( 0 != mbedtls_sha3_kat_test( verbose, - "SHA3-224", MBEDTLS_SHA3_224, i ) ) - return( 1 ); + for (i = 0; i < 2; i++) { + if (0 != mbedtls_sha3_kat_test(verbose, + "SHA3-224", MBEDTLS_SHA3_224, i)) { + return 1; + } - if( 0 != mbedtls_sha3_kat_test( verbose, - "SHA3-256", MBEDTLS_SHA3_256, i ) ) - return( 1 ); + if (0 != mbedtls_sha3_kat_test(verbose, + "SHA3-256", MBEDTLS_SHA3_256, i)) { + return 1; + } - if( 0 != mbedtls_sha3_kat_test( verbose, - "SHA3-384", MBEDTLS_SHA3_384, i ) ) - return( 1 ); + if (0 != mbedtls_sha3_kat_test(verbose, + "SHA3-384", MBEDTLS_SHA3_384, i)) { + return 1; + } - if( 0 != mbedtls_sha3_kat_test( verbose, - "SHA3-512", MBEDTLS_SHA3_512, i ) ) - return( 1 ); + if (0 != mbedtls_sha3_kat_test(verbose, + "SHA3-512", MBEDTLS_SHA3_512, i)) { + return 1; + } } /* SHA3 long KAT tests */ - if( 0 != mbedtls_sha3_long_kat_test( verbose, - "SHA3-224", MBEDTLS_SHA3_224 ) ) - return( 1 ); - - if( 0 != mbedtls_sha3_long_kat_test( verbose, - "SHA3-256", MBEDTLS_SHA3_256 ) ) - return( 1 ); - - if( 0 != mbedtls_sha3_long_kat_test( verbose, - "SHA3-384", MBEDTLS_SHA3_384 ) ) - return( 1 ); - - if( 0 != mbedtls_sha3_long_kat_test( verbose, - "SHA3-512", MBEDTLS_SHA3_512 ) ) - return( 1 ); - - if( verbose != 0 ) - { - mbedtls_printf( "\n" ); + if (0 != mbedtls_sha3_long_kat_test(verbose, + "SHA3-224", MBEDTLS_SHA3_224)) { + return 1; } - return( 0 ); + if (0 != mbedtls_sha3_long_kat_test(verbose, + "SHA3-256", MBEDTLS_SHA3_256)) { + return 1; + } + + if (0 != mbedtls_sha3_long_kat_test(verbose, + "SHA3-384", MBEDTLS_SHA3_384)) { + return 1; + } + + if (0 != mbedtls_sha3_long_kat_test(verbose, + "SHA3-512", MBEDTLS_SHA3_512)) { + return 1; + } + + if (verbose != 0) { + mbedtls_printf("\n"); + } + + return 0; } #endif /* MBEDTLS_SELF_TEST */ diff --git a/programs/test/benchmark.c b/programs/test/benchmark.c index 05f9084ccc..80bb63d4be 100644 --- a/programs/test/benchmark.c +++ b/programs/test/benchmark.c @@ -657,14 +657,18 @@ int main(int argc, char *argv[]) } #endif #if defined(MBEDTLS_SHA3_C) - if ( todo.sha3_224 ) - TIME_AND_TSC( "SHA3-224", mbedtls_sha3( MBEDTLS_SHA3_224, buf, BUFSIZE, tmp, 28 ) ); - if ( todo.sha3_256 ) - TIME_AND_TSC( "SHA3-256", mbedtls_sha3( MBEDTLS_SHA3_256, buf, BUFSIZE, tmp, 32 ) ); - if ( todo.sha3_384 ) - TIME_AND_TSC( "SHA3-384", mbedtls_sha3( MBEDTLS_SHA3_384, buf, BUFSIZE, tmp, 48 ) ); - if ( todo.sha3_512 ) - TIME_AND_TSC( "SHA3-512", mbedtls_sha3( MBEDTLS_SHA3_512, buf, BUFSIZE, tmp, 64 ) ); + if (todo.sha3_224) { + TIME_AND_TSC("SHA3-224", mbedtls_sha3(MBEDTLS_SHA3_224, buf, BUFSIZE, tmp, 28)); + } + if (todo.sha3_256) { + TIME_AND_TSC("SHA3-256", mbedtls_sha3(MBEDTLS_SHA3_256, buf, BUFSIZE, tmp, 32)); + } + if (todo.sha3_384) { + TIME_AND_TSC("SHA3-384", mbedtls_sha3(MBEDTLS_SHA3_384, buf, BUFSIZE, tmp, 48)); + } + if (todo.sha3_512) { + TIME_AND_TSC("SHA3-512", mbedtls_sha3(MBEDTLS_SHA3_512, buf, BUFSIZE, tmp, 64)); + } #endif #if defined(MBEDTLS_DES_C) From aa426e023c7f0dd30dbd0c7f2cdd1e191aac2b6f Mon Sep 17 00:00:00 2001 From: Pol Henarejos Date: Wed, 8 Feb 2023 12:52:10 +0100 Subject: [PATCH 032/328] SHA3 cannot be tested alone, as ENTROPY_C needs also SHA256 enabled. Signed-off-by: Pol Henarejos --- tests/scripts/depends.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/tests/scripts/depends.py b/tests/scripts/depends.py index 52ca41261e..83401ecb40 100755 --- a/tests/scripts/depends.py +++ b/tests/scripts/depends.py @@ -418,7 +418,8 @@ class DomainData: 'hashes': DualDomain(hash_symbols, build_and_test, exclude=r'MBEDTLS_(MD|RIPEMD|SHA1_)' \ '|MBEDTLS_SHA224_' \ - '|MBEDTLS_SHA384_'), + '|MBEDTLS_SHA384_' \ + '|MBEDTLS_SHA3_'), # Key exchange types. 'kex': ExclusiveDomain(key_exchange_symbols, build_and_test), 'pkalgs': ComplementaryDomain(['MBEDTLS_ECDSA_C', From b3b220cbf82dd7f4dd05b9f9516b4a2d9c0d572d Mon Sep 17 00:00:00 2001 From: Pol Henarejos Date: Wed, 8 Feb 2023 12:52:18 +0100 Subject: [PATCH 033/328] Correct style. Signed-off-by: Pol Henarejos --- library/md.c | 8 +- programs/test/selftest.c | 2 +- tests/suites/test_suite_shax.function | 107 +++++++++++++------------- 3 files changed, 57 insertions(+), 60 deletions(-) diff --git a/library/md.c b/library/md.c index bc0a1152c9..90c6bff9b3 100644 --- a/library/md.c +++ b/library/md.c @@ -144,10 +144,10 @@ const mbedtls_md_info_t mbedtls_sha3_512_info = { static const int supported_digests[] = { #if defined(MBEDTLS_SHA3_C) - MBEDTLS_MD_SHA3_512, - MBEDTLS_MD_SHA3_384, - MBEDTLS_MD_SHA3_256, - MBEDTLS_MD_SHA3_224, + MBEDTLS_MD_SHA3_512, + MBEDTLS_MD_SHA3_384, + MBEDTLS_MD_SHA3_256, + MBEDTLS_MD_SHA3_224, #endif #if defined(MBEDTLS_SHA512_C) diff --git a/programs/test/selftest.c b/programs/test/selftest.c index 23a45c943d..8874761275 100644 --- a/programs/test/selftest.c +++ b/programs/test/selftest.c @@ -253,7 +253,7 @@ const selftest_t selftests[] = { "sha512", mbedtls_sha512_self_test }, #endif #if defined(MBEDTLS_SHA3_C) - {"sha3", mbedtls_sha3_self_test}, + { "sha3", mbedtls_sha3_self_test }, #endif #if defined(MBEDTLS_DES_C) { "des", mbedtls_des_self_test }, diff --git a/tests/suites/test_suite_shax.function b/tests/suites/test_suite_shax.function index 7b45bf32d6..dec9f696b9 100644 --- a/tests/suites/test_suite_shax.function +++ b/tests/suites/test_suite_shax.function @@ -151,143 +151,140 @@ void sha512_selftest() /* END_CASE */ /* BEGIN_CASE depends_on:MBEDTLS_SHA3_C */ -void mbedtls_sha3( int family, data_t *in, data_t *hash ) +void mbedtls_sha3(int family, data_t *in, data_t *hash) { unsigned char *output = NULL; - ASSERT_ALLOC( output, hash->len ); + ASSERT_ALLOC(output, hash->len); - TEST_ASSERT( mbedtls_sha3( family, in->x, in->len, output, hash->len ) == 0 ); + TEST_ASSERT(mbedtls_sha3(family, in->x, in->len, output, hash->len) == 0); - ASSERT_COMPARE( output, hash->len, hash->x, hash->len ); + ASSERT_COMPARE(output, hash->len, hash->x, hash->len); exit: - mbedtls_free( output ); + mbedtls_free(output); } /* END_CASE */ /* BEGIN_CASE depends_on:MBEDTLS_SHA3_C */ -void mbedtls_sha3_multi( int family, data_t *in, data_t *hash ) +void mbedtls_sha3_multi(int family, data_t *in, data_t *hash) { unsigned char *output = NULL; mbedtls_sha3_context ctx; const unsigned int block_size = 256; - ASSERT_ALLOC( output, hash->len ); + ASSERT_ALLOC(output, hash->len); - mbedtls_sha3_init( &ctx ); - mbedtls_sha3_starts( &ctx, family ); + mbedtls_sha3_init(&ctx); + mbedtls_sha3_starts(&ctx, family); - for( size_t l = 0; l < in->len; l += block_size ) - TEST_ASSERT( mbedtls_sha3_update( &ctx, in->x + l, MIN( in->len - l, block_size ) ) == 0 ); + for (size_t l = 0; l < in->len; l += block_size) { + TEST_ASSERT(mbedtls_sha3_update(&ctx, in->x + l, MIN(in->len - l, block_size)) == 0); + } - TEST_ASSERT( mbedtls_sha3_finish( &ctx, output, hash->len ) == 0 ); + TEST_ASSERT(mbedtls_sha3_finish(&ctx, output, hash->len) == 0); - ASSERT_COMPARE( output, hash->len, hash->x, hash->len ); + ASSERT_COMPARE(output, hash->len, hash->x, hash->len); exit: - mbedtls_free( output ); + mbedtls_free(output); } /* END_CASE */ /* BEGIN_CASE depends_on:MBEDTLS_SHA3_C */ -void sha3_streaming( int type, data_t *input ) +void sha3_streaming(int type, data_t *input) { mbedtls_sha3_context ctx; unsigned char reference_hash[64]; unsigned char hash[64]; size_t chunk_size; - size_t hash_length = ( type == MBEDTLS_SHA3_224 ? 28 : - type == MBEDTLS_SHA3_256 ? 32 : - type == MBEDTLS_SHA3_384 ? 48 : - type == MBEDTLS_SHA3_512 ? 64 : - 0 ); + size_t hash_length = (type == MBEDTLS_SHA3_224 ? 28 : + type == MBEDTLS_SHA3_256 ? 32 : + type == MBEDTLS_SHA3_384 ? 48 : + type == MBEDTLS_SHA3_512 ? 64 : + 0); - mbedtls_sha3_init( &ctx ); - memset( reference_hash, 0, sizeof( reference_hash ) ); - memset( hash, 0, sizeof( hash ) ); - TEST_ASSERT( hash_length != 0 ); + mbedtls_sha3_init(&ctx); + memset(reference_hash, 0, sizeof(reference_hash)); + memset(hash, 0, sizeof(hash)); + TEST_ASSERT(hash_length != 0); /* Generate a reference hash */ - mbedtls_sha3( type, input->x, input->len, reference_hash, hash_length ); + mbedtls_sha3(type, input->x, input->len, reference_hash, hash_length); /* Repeat each test with increasingly-sized data chunks * E.g. start by processing bytes individual bytes, then 2-byte chunks, * then 3-byte chunks, and so on... * At each test ensure that the same hash is generated. */ - for( chunk_size = 1; chunk_size < input->len; chunk_size++ ) - { + for (chunk_size = 1; chunk_size < input->len; chunk_size++) { size_t i; size_t remaining = input->len; - mbedtls_sha3_init( &ctx ); - TEST_ASSERT( mbedtls_sha3_starts( &ctx, type ) == 0 ); + mbedtls_sha3_init(&ctx); + TEST_ASSERT(mbedtls_sha3_starts(&ctx, type) == 0); - for ( i = 0; i < input->len; i += chunk_size ) - { + for (i = 0; i < input->len; i += chunk_size) { size_t len = remaining >= chunk_size ? chunk_size : remaining; - TEST_ASSERT( mbedtls_sha3_update( &ctx, input->x + i, len ) == 0 ); + TEST_ASSERT(mbedtls_sha3_update(&ctx, input->x + i, len) == 0); remaining -= len; } - mbedtls_sha3_finish( &ctx, hash, hash_length ); - mbedtls_sha3_free( &ctx ); + mbedtls_sha3_finish(&ctx, hash, hash_length); + mbedtls_sha3_free(&ctx); - ASSERT_COMPARE( hash, hash_length, reference_hash, hash_length ); + ASSERT_COMPARE(hash, hash_length, reference_hash, hash_length); } exit: - mbedtls_sha3_free( &ctx ); + mbedtls_sha3_free(&ctx); } /* END_CASE */ /* BEGIN_CASE depends_on:MBEDTLS_SHA3_C */ -void sha3_reuse( data_t *input1, data_t *hash1, - data_t *input2, data_t *hash2 ) +void sha3_reuse(data_t *input1, data_t *hash1, + data_t *input2, data_t *hash2) { unsigned char output[64]; mbedtls_sha3_context ctx; mbedtls_sha3_id type1, type2; - mbedtls_sha3_init( &ctx ); - switch( hash1->len ) - { + mbedtls_sha3_init(&ctx); + switch (hash1->len) { case 28: type1 = MBEDTLS_SHA3_224; break; case 32: type1 = MBEDTLS_SHA3_256; break; case 48: type1 = MBEDTLS_SHA3_384; break; case 64: type1 = MBEDTLS_SHA3_512; break; - default: TEST_ASSERT( ! "hash1->len validity" ); break; + default: TEST_ASSERT(!"hash1->len validity"); break; } - switch( hash2->len ) - { + switch (hash2->len) { case 28: type2 = MBEDTLS_SHA3_224; break; case 32: type2 = MBEDTLS_SHA3_256; break; case 48: type2 = MBEDTLS_SHA3_384; break; case 64: type2 = MBEDTLS_SHA3_512; break; - default: TEST_ASSERT( ! "hash2->len validity" ); break; + default: TEST_ASSERT(!"hash2->len validity"); break; } /* Round 1 */ - TEST_ASSERT( mbedtls_sha3_starts( &ctx, type1 ) == 0 ); - TEST_ASSERT( mbedtls_sha3_update( &ctx, input1->x, input1->len ) == 0 ); - TEST_ASSERT( mbedtls_sha3_finish( &ctx, output, sizeof( output ) ) == 0 ); - ASSERT_COMPARE( output, hash1->len, hash1->x, hash1->len ); + TEST_ASSERT(mbedtls_sha3_starts(&ctx, type1) == 0); + TEST_ASSERT(mbedtls_sha3_update(&ctx, input1->x, input1->len) == 0); + TEST_ASSERT(mbedtls_sha3_finish(&ctx, output, sizeof(output)) == 0); + ASSERT_COMPARE(output, hash1->len, hash1->x, hash1->len); /* Round 2 */ - TEST_ASSERT( mbedtls_sha3_starts( &ctx, type2 ) == 0 ); - TEST_ASSERT( mbedtls_sha3_update( &ctx, input2->x, input2->len ) == 0 ); - TEST_ASSERT( mbedtls_sha3_finish( &ctx, output, sizeof( output ) ) == 0 ); - ASSERT_COMPARE( output, hash2->len, hash2->x, hash2->len ); + TEST_ASSERT(mbedtls_sha3_starts(&ctx, type2) == 0); + TEST_ASSERT(mbedtls_sha3_update(&ctx, input2->x, input2->len) == 0); + TEST_ASSERT(mbedtls_sha3_finish(&ctx, output, sizeof(output)) == 0); + ASSERT_COMPARE(output, hash2->len, hash2->x, hash2->len); exit: - mbedtls_sha3_free( &ctx ); + mbedtls_sha3_free(&ctx); } /* END_CASE */ /* BEGIN_CASE depends_on:MBEDTLS_SHA3_C:MBEDTLS_SELF_TEST */ void sha3_selftest() { - TEST_ASSERT( mbedtls_sha3_self_test( 0 ) == 0 ); + TEST_ASSERT(mbedtls_sha3_self_test(0) == 0); } /* END_CASE */ From 92337c0e620d2162e6fb7f0dbaec286670beefc2 Mon Sep 17 00:00:00 2001 From: David Horstmann Date: Wed, 18 Jan 2023 18:40:49 +0000 Subject: [PATCH 034/328] Add function to parse an OID from a string Signed-off-by: David Horstmann --- include/mbedtls/oid.h | 14 ++++ library/oid.c | 164 ++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 178 insertions(+) diff --git a/include/mbedtls/oid.h b/include/mbedtls/oid.h index a592e63c4f..1284aa9294 100644 --- a/include/mbedtls/oid.h +++ b/include/mbedtls/oid.h @@ -466,6 +466,20 @@ typedef struct mbedtls_oid_descriptor_t { */ int mbedtls_oid_get_numeric_string(char *buf, size_t size, const mbedtls_asn1_buf *oid); +/** + * \brief Translate a string containing a numeric representation + * of an ASN.1 OID into its encoded form + * (e.g. "1.2.840.113549" into "\x2A\x86\x48\x86\xF7\x0D") + * + * \param buf buffer to put representation in + * \param size size of the buffer + * \param oid OID to translate + * + * \return Length of the string written (excluding final NULL) or + * MBEDTLS_ERR_OID_BUF_TOO_SMALL in case of error + */ +int mbedtls_oid_from_numeric_string(mbedtls_asn1_buf *oid, const char *buf, size_t size); + /** * \brief Translate an X.509 extension OID into local values * diff --git a/library/oid.c b/library/oid.c index 86214b23a0..9b8bef6dec 100644 --- a/library/oid.c +++ b/library/oid.c @@ -895,4 +895,168 @@ int mbedtls_oid_get_numeric_string(char *buf, size_t size, return (int) (size - n); } +static int oid_parse_number(const char **p, const char *bound) +{ + int ret = MBEDTLS_ERR_ASN1_INVALID_DATA; + int num = 0; + while (*p < bound && **p >= '0' && **p <= '9') { + ret = 0; + if (num > (INT_MAX / 10)) { + return MBEDTLS_ERR_OID_BUF_TOO_SMALL; + } + num *= 10; + num += **p - '0'; + (*p)++; + } + if (ret != 0) { + return ret; + } else { + return num; + } +} + +static size_t oid_subidentifier_num_bytes(unsigned int value) +{ + size_t num_bytes = 1; + value >>= 7; + while (value != 0) { + num_bytes++; + value >>= 7; + } + return num_bytes; +} + +static int oid_subidentifier_encode_into(unsigned char **p, + unsigned char *bound, + unsigned int value) +{ + size_t num_bytes = oid_subidentifier_num_bytes(value); + if ((size_t) (bound - *p) < num_bytes) { + return MBEDTLS_ERR_OID_BUF_TOO_SMALL; + } + (*p)[num_bytes - 1] = (unsigned char) (value & 0x7f); + value >>= 7; + + for (size_t i = 2; i <= num_bytes; i++) { + (*p)[num_bytes - i] = 0x80 | (unsigned char) (value & 0x7f); + value >>= 7; + } + *p += num_bytes; + + return 0; +} + +/* Return the OID for the given x.y.z.... style numeric string */ +int mbedtls_oid_from_numeric_string(mbedtls_asn1_buf *oid, + const char *buf, size_t size) +{ + int ret = MBEDTLS_ERR_ASN1_INVALID_DATA; + + const char *str_ptr = buf; + const char *str_bound = buf + size; + int val = 0; + size_t encoded_len; + + int component1 = oid_parse_number(&str_ptr, str_bound); + if (component1 < 0) { + return component1; + } + if (component1 > 2) { + /* First component can't be > 2 */ + return MBEDTLS_ERR_ASN1_INVALID_DATA; + } + if (str_ptr >= str_bound || *str_ptr != '.') { + return MBEDTLS_ERR_ASN1_INVALID_DATA; + } + str_ptr++; + + int component2 = oid_parse_number(&str_ptr, str_bound); + if (component2 < 0) { + return component2; + } + if ((component1 < 2) && (component2 > 38)) { + /* Root nodes 0 and 1 may have up to 39 children */ + return MBEDTLS_ERR_ASN1_INVALID_DATA; + } + if (str_ptr < str_bound && *str_ptr != '\0') { + if (*str_ptr == '.') { + str_ptr++; + } else { + return MBEDTLS_ERR_ASN1_INVALID_DATA; + } + } + + if ((UINT_MAX - (unsigned int) component2) <= + ((unsigned int) component1 * 40)) { + return MBEDTLS_ERR_OID_BUF_TOO_SMALL; + } + encoded_len = oid_subidentifier_num_bytes(((unsigned int) component1 * 40) + + (unsigned int) component2); + + while (str_ptr < str_bound && *str_ptr != '\0') { + val = oid_parse_number(&str_ptr, str_bound); + if (val < 0) { + return val; + } + if (str_ptr < str_bound && *str_ptr != '\0') { + if (*str_ptr == '.') { + str_ptr++; + } else { + return MBEDTLS_ERR_ASN1_INVALID_DATA; + } + } + + size_t num_bytes = oid_subidentifier_num_bytes(val); + if ((SIZE_MAX - encoded_len) <= num_bytes) { + return MBEDTLS_ERR_OID_BUF_TOO_SMALL; + } + encoded_len += num_bytes; + } + + oid->p = mbedtls_calloc(encoded_len, sizeof(unsigned char)); + if (oid->p == NULL) { + return MBEDTLS_ERR_ASN1_ALLOC_FAILED; + } + oid->len = encoded_len; + + /* Now that we've allocated the buffer, go back to the start and encode */ + str_ptr = buf; + unsigned char *out_ptr = oid->p; + unsigned char *out_bound = oid->p + oid->len; + + /* No need to do validation this time, as we did it on the first pass */ + component1 = oid_parse_number(&str_ptr, str_bound); + /* Skip past the '.' */ + str_ptr++; + component2 = oid_parse_number(&str_ptr, str_bound); + /* Skip past the '.' */ + str_ptr++; + ret = oid_subidentifier_encode_into(&out_ptr, out_bound, + (component1 * 40) + component2); + if (ret != 0) { + mbedtls_free(oid->p); + oid->p = NULL; + oid->len = 0; + return ret; + } + while (str_ptr < str_bound && *str_ptr != '\0') { + val = oid_parse_number(&str_ptr, str_bound); + if (str_ptr < str_bound && *str_ptr == '.') { + /* Skip past the '.' */ + str_ptr++; + } + + ret = oid_subidentifier_encode_into(&out_ptr, out_bound, val); + if (ret != 0) { + mbedtls_free(oid->p); + oid->p = NULL; + oid->len = 0; + return ret; + } + } + oid->tag = MBEDTLS_ASN1_OID; + + return 0; +} + #endif /* MBEDTLS_OID_C */ From 0f852c92772e28fb04fc184c62015c223e530e4e Mon Sep 17 00:00:00 2001 From: David Horstmann Date: Wed, 15 Feb 2023 11:09:10 +0000 Subject: [PATCH 035/328] Add tests for OID parsing from string Signed-off-by: David Horstmann --- tests/suites/test_suite_oid.data | 12 ++++++++++++ tests/suites/test_suite_oid.function | 26 ++++++++++++++++++++++++++ 2 files changed, 38 insertions(+) diff --git a/tests/suites/test_suite_oid.data b/tests/suites/test_suite_oid.data index b9fa6543d9..9e47ef42a0 100644 --- a/tests/suites/test_suite_oid.data +++ b/tests/suites/test_suite_oid.data @@ -119,3 +119,15 @@ oid_get_numeric_string:"8001":MBEDTLS_ERR_ASN1_INVALID_DATA:"" OID get numeric string - overlong encoding, second subidentifier oid_get_numeric_string:"2B8001":MBEDTLS_ERR_ASN1_INVALID_DATA:"" + +OID from numeric string - hardware module name +oid_from_numeric_string:"1.3.6.1.5.5.7.8.4":0:"2B06010505070804" + +OID from numeric string - multi-byte subidentifier +oid_from_numeric_string:"1.1.2108":0:"29903C" + +OID from numeric string - second component greater than 39 +oid_from_numeric_string:"2.49.0.0.826.0":0:"81010000863A00" + +OID from numeric string - multi-byte first subidentifier +oid_from_numeric_string:"2.999":0:"8837" diff --git a/tests/suites/test_suite_oid.function b/tests/suites/test_suite_oid.function index 3004b65fe1..329bd8b486 100644 --- a/tests/suites/test_suite_oid.function +++ b/tests/suites/test_suite_oid.function @@ -117,3 +117,29 @@ void oid_get_numeric_string(data_t *oid, int error_ret, char *result_str) } } /* END_CASE */ + +/* BEGIN_CASE */ +void oid_from_numeric_string(char *oid_str, int error_ret, + data_t *exp_oid_buf) +{ + mbedtls_asn1_buf oid = { 0, 0, NULL }; + mbedtls_asn1_buf exp_oid = { 0, 0, NULL }; + int ret; + + exp_oid.tag = MBEDTLS_ASN1_OID; + exp_oid.p = exp_oid_buf->x; + exp_oid.len = exp_oid_buf->len; + + ret = mbedtls_oid_from_numeric_string(&oid, oid_str, strlen(oid_str)); + + if (error_ret == 0) { + TEST_EQUAL(oid.len, exp_oid.len); + TEST_ASSERT(memcmp(oid.p, exp_oid.p, oid.len) == 0); + mbedtls_free(oid.p); + oid.p = NULL; + oid.len = 0; + } else { + TEST_EQUAL(ret, error_ret); + } +} +/* END_CASE */ From 18ec9d7da120cbd7d916483de69961b6dca41c48 Mon Sep 17 00:00:00 2001 From: David Horstmann Date: Mon, 20 Feb 2023 17:18:45 +0000 Subject: [PATCH 036/328] Change some error codes to be more accurate Signed-off-by: David Horstmann --- library/oid.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/library/oid.c b/library/oid.c index 9b8bef6dec..996b5419ed 100644 --- a/library/oid.c +++ b/library/oid.c @@ -902,7 +902,7 @@ static int oid_parse_number(const char **p, const char *bound) while (*p < bound && **p >= '0' && **p <= '9') { ret = 0; if (num > (INT_MAX / 10)) { - return MBEDTLS_ERR_OID_BUF_TOO_SMALL; + return MBEDTLS_ERR_ASN1_INVALID_DATA; } num *= 10; num += **p - '0'; @@ -988,7 +988,7 @@ int mbedtls_oid_from_numeric_string(mbedtls_asn1_buf *oid, if ((UINT_MAX - (unsigned int) component2) <= ((unsigned int) component1 * 40)) { - return MBEDTLS_ERR_OID_BUF_TOO_SMALL; + return MBEDTLS_ERR_ASN1_INVALID_DATA; } encoded_len = oid_subidentifier_num_bytes(((unsigned int) component1 * 40) + (unsigned int) component2); @@ -1008,7 +1008,7 @@ int mbedtls_oid_from_numeric_string(mbedtls_asn1_buf *oid, size_t num_bytes = oid_subidentifier_num_bytes(val); if ((SIZE_MAX - encoded_len) <= num_bytes) { - return MBEDTLS_ERR_OID_BUF_TOO_SMALL; + return MBEDTLS_ERR_ASN1_INVALID_DATA; } encoded_len += num_bytes; } From 03329970dec32c99d40e3129bd998022e49493c7 Mon Sep 17 00:00:00 2001 From: David Horstmann Date: Mon, 20 Feb 2023 17:28:36 +0000 Subject: [PATCH 037/328] Correct error in processing of second component Root nodes 0 and 1 may have up to 40 children (0 - 39), not 39 children (0 - 38) as previously thought. Signed-off-by: David Horstmann --- library/oid.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/library/oid.c b/library/oid.c index 996b5419ed..06127c26e8 100644 --- a/library/oid.c +++ b/library/oid.c @@ -974,8 +974,8 @@ int mbedtls_oid_from_numeric_string(mbedtls_asn1_buf *oid, if (component2 < 0) { return component2; } - if ((component1 < 2) && (component2 > 38)) { - /* Root nodes 0 and 1 may have up to 39 children */ + if ((component1 < 2) && (component2 > 39)) { + /* Root nodes 0 and 1 may have up to 40 children, numbered 0-39 */ return MBEDTLS_ERR_ASN1_INVALID_DATA; } if (str_ptr < str_bound && *str_ptr != '\0') { From 59400ffed5562cc64b6ea1fb373834e3a1e817e4 Mon Sep 17 00:00:00 2001 From: David Horstmann Date: Tue, 21 Feb 2023 15:27:16 +0000 Subject: [PATCH 038/328] Improve header docs and rename parameter Signed-off-by: David Horstmann --- include/mbedtls/oid.h | 17 +++++++++++------ library/oid.c | 8 ++++---- 2 files changed, 15 insertions(+), 10 deletions(-) diff --git a/include/mbedtls/oid.h b/include/mbedtls/oid.h index 1284aa9294..49f4af5208 100644 --- a/include/mbedtls/oid.h +++ b/include/mbedtls/oid.h @@ -470,15 +470,20 @@ int mbedtls_oid_get_numeric_string(char *buf, size_t size, const mbedtls_asn1_bu * \brief Translate a string containing a numeric representation * of an ASN.1 OID into its encoded form * (e.g. "1.2.840.113549" into "\x2A\x86\x48\x86\xF7\x0D") + * On success, this function allocates oid->buf from the + * heap. It must be free'd by the caller. * - * \param buf buffer to put representation in - * \param size size of the buffer - * \param oid OID to translate + * \param oid mbedtls_asn1_buf to populate with the DER-encoded OID + * \param oid_str string representation of the OID to parse + * \param size length of the OID string * - * \return Length of the string written (excluding final NULL) or - * MBEDTLS_ERR_OID_BUF_TOO_SMALL in case of error + * \return 0 if successful + * \return #MBEDTLS_ERR_ASN1_INVALID_DATA if oid_str does not + * represent a valid OID + * \return #MBEDTLS_ERR_ASN1_ALLOC_FAILED if the function fails to + * allocate oid->buf */ -int mbedtls_oid_from_numeric_string(mbedtls_asn1_buf *oid, const char *buf, size_t size); +int mbedtls_oid_from_numeric_string(mbedtls_asn1_buf *oid, const char *oid_str, size_t size); /** * \brief Translate an X.509 extension OID into local values diff --git a/library/oid.c b/library/oid.c index 06127c26e8..6c62b949b9 100644 --- a/library/oid.c +++ b/library/oid.c @@ -948,12 +948,12 @@ static int oid_subidentifier_encode_into(unsigned char **p, /* Return the OID for the given x.y.z.... style numeric string */ int mbedtls_oid_from_numeric_string(mbedtls_asn1_buf *oid, - const char *buf, size_t size) + const char *oid_str, size_t size) { int ret = MBEDTLS_ERR_ASN1_INVALID_DATA; - const char *str_ptr = buf; - const char *str_bound = buf + size; + const char *str_ptr = oid_str; + const char *str_bound = oid_str + size; int val = 0; size_t encoded_len; @@ -1020,7 +1020,7 @@ int mbedtls_oid_from_numeric_string(mbedtls_asn1_buf *oid, oid->len = encoded_len; /* Now that we've allocated the buffer, go back to the start and encode */ - str_ptr = buf; + str_ptr = oid_str; unsigned char *out_ptr = oid->p; unsigned char *out_bound = oid->p + oid->len; From 0f4ee418d8f4a7b9e46eb953f29a8e07d2f854e0 Mon Sep 17 00:00:00 2001 From: David Horstmann Date: Tue, 21 Feb 2023 16:17:41 +0000 Subject: [PATCH 039/328] Use return for errors only in oid_parse_number() Signed-off-by: David Horstmann --- library/oid.c | 47 +++++++++++++++++++++-------------------------- 1 file changed, 21 insertions(+), 26 deletions(-) diff --git a/library/oid.c b/library/oid.c index 6c62b949b9..91f6da6e5d 100644 --- a/library/oid.c +++ b/library/oid.c @@ -895,24 +895,20 @@ int mbedtls_oid_get_numeric_string(char *buf, size_t size, return (int) (size - n); } -static int oid_parse_number(const char **p, const char *bound) +static int oid_parse_number(unsigned int *num, const char **p, const char *bound) { int ret = MBEDTLS_ERR_ASN1_INVALID_DATA; - int num = 0; + *num = 0; while (*p < bound && **p >= '0' && **p <= '9') { ret = 0; - if (num > (INT_MAX / 10)) { + if (*num > (INT_MAX / 10)) { return MBEDTLS_ERR_ASN1_INVALID_DATA; } - num *= 10; - num += **p - '0'; + *num *= 10; + *num += **p - '0'; (*p)++; } - if (ret != 0) { - return ret; - } else { - return num; - } + return ret; } static size_t oid_subidentifier_num_bytes(unsigned int value) @@ -956,10 +952,11 @@ int mbedtls_oid_from_numeric_string(mbedtls_asn1_buf *oid, const char *str_bound = oid_str + size; int val = 0; size_t encoded_len; + unsigned int component1, component2; - int component1 = oid_parse_number(&str_ptr, str_bound); - if (component1 < 0) { - return component1; + ret = oid_parse_number(&component1, &str_ptr, str_bound); + if (ret != 0) { + return ret; } if (component1 > 2) { /* First component can't be > 2 */ @@ -970,9 +967,9 @@ int mbedtls_oid_from_numeric_string(mbedtls_asn1_buf *oid, } str_ptr++; - int component2 = oid_parse_number(&str_ptr, str_bound); - if (component2 < 0) { - return component2; + ret = oid_parse_number(&component2, &str_ptr, str_bound); + if (ret != 0) { + return ret; } if ((component1 < 2) && (component2 > 39)) { /* Root nodes 0 and 1 may have up to 40 children, numbered 0-39 */ @@ -986,17 +983,15 @@ int mbedtls_oid_from_numeric_string(mbedtls_asn1_buf *oid, } } - if ((UINT_MAX - (unsigned int) component2) <= - ((unsigned int) component1 * 40)) { + if ((UINT_MAX - component2) <= (component1 * 40)) { return MBEDTLS_ERR_ASN1_INVALID_DATA; } - encoded_len = oid_subidentifier_num_bytes(((unsigned int) component1 * 40) - + (unsigned int) component2); + encoded_len = oid_subidentifier_num_bytes((component1 * 40) + component2); while (str_ptr < str_bound && *str_ptr != '\0') { - val = oid_parse_number(&str_ptr, str_bound); - if (val < 0) { - return val; + oid_parse_number(&val, &str_ptr, str_bound); + if (ret != 0) { + return ret; } if (str_ptr < str_bound && *str_ptr != '\0') { if (*str_ptr == '.') { @@ -1025,10 +1020,10 @@ int mbedtls_oid_from_numeric_string(mbedtls_asn1_buf *oid, unsigned char *out_bound = oid->p + oid->len; /* No need to do validation this time, as we did it on the first pass */ - component1 = oid_parse_number(&str_ptr, str_bound); + oid_parse_number(&component1, &str_ptr, str_bound); /* Skip past the '.' */ str_ptr++; - component2 = oid_parse_number(&str_ptr, str_bound); + oid_parse_number(&component2, &str_ptr, str_bound); /* Skip past the '.' */ str_ptr++; ret = oid_subidentifier_encode_into(&out_ptr, out_bound, @@ -1040,7 +1035,7 @@ int mbedtls_oid_from_numeric_string(mbedtls_asn1_buf *oid, return ret; } while (str_ptr < str_bound && *str_ptr != '\0') { - val = oid_parse_number(&str_ptr, str_bound); + oid_parse_number(&val, &str_ptr, str_bound); if (str_ptr < str_bound && *str_ptr == '.') { /* Skip past the '.' */ str_ptr++; From 7cdfda12da9619e68e15c8516654c8018f4463f3 Mon Sep 17 00:00:00 2001 From: David Horstmann Date: Tue, 21 Feb 2023 16:20:52 +0000 Subject: [PATCH 040/328] Fixup: Correct signedness of val local variable Signed-off-by: David Horstmann --- library/oid.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/oid.c b/library/oid.c index 91f6da6e5d..3b5b31a5ee 100644 --- a/library/oid.c +++ b/library/oid.c @@ -950,7 +950,7 @@ int mbedtls_oid_from_numeric_string(mbedtls_asn1_buf *oid, const char *str_ptr = oid_str; const char *str_bound = oid_str + size; - int val = 0; + unsigned int val = 0; size_t encoded_len; unsigned int component1, component2; From 89d67bd472dec4aff1b770004da3a488ac749051 Mon Sep 17 00:00:00 2001 From: David Horstmann Date: Tue, 21 Feb 2023 16:24:38 +0000 Subject: [PATCH 041/328] Remove superfluous sizeof(unsigned char) Signed-off-by: David Horstmann --- library/oid.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/oid.c b/library/oid.c index 3b5b31a5ee..103199012c 100644 --- a/library/oid.c +++ b/library/oid.c @@ -1008,7 +1008,7 @@ int mbedtls_oid_from_numeric_string(mbedtls_asn1_buf *oid, encoded_len += num_bytes; } - oid->p = mbedtls_calloc(encoded_len, sizeof(unsigned char)); + oid->p = mbedtls_calloc(encoded_len, 1); if (oid->p == NULL) { return MBEDTLS_ERR_ASN1_ALLOC_FAILED; } From 376e8df9d6098539c7ece0bbbce99214f1d5b412 Mon Sep 17 00:00:00 2001 From: David Horstmann Date: Tue, 21 Feb 2023 16:33:40 +0000 Subject: [PATCH 042/328] Clarify structure of parsing with comments: 1. Parse through to get the required buffer length. 2. Having allocated a buffer, parse into the buffer. Signed-off-by: David Horstmann --- library/oid.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/library/oid.c b/library/oid.c index 103199012c..811d343248 100644 --- a/library/oid.c +++ b/library/oid.c @@ -954,6 +954,8 @@ int mbedtls_oid_from_numeric_string(mbedtls_asn1_buf *oid, size_t encoded_len; unsigned int component1, component2; + /* First pass - parse the string to get the length of buffer required */ + ret = oid_parse_number(&component1, &str_ptr, str_bound); if (ret != 0) { return ret; @@ -1014,7 +1016,9 @@ int mbedtls_oid_from_numeric_string(mbedtls_asn1_buf *oid, } oid->len = encoded_len; - /* Now that we've allocated the buffer, go back to the start and encode */ + /* Second pass - now that we've allocated the buffer, go back to the + * start and encode */ + str_ptr = oid_str; unsigned char *out_ptr = oid->p; unsigned char *out_bound = oid->p + oid->len; From e91cbcfb2cbc66705e0b7bc9058ca332b89d8d28 Mon Sep 17 00:00:00 2001 From: David Horstmann Date: Tue, 21 Feb 2023 17:19:45 +0000 Subject: [PATCH 043/328] Add negative test cases for OID parsing Signed-off-by: David Horstmann --- tests/suites/test_suite_oid.data | 27 +++++++++++++++++++++++++++ 1 file changed, 27 insertions(+) diff --git a/tests/suites/test_suite_oid.data b/tests/suites/test_suite_oid.data index 9e47ef42a0..d4a7dea21d 100644 --- a/tests/suites/test_suite_oid.data +++ b/tests/suites/test_suite_oid.data @@ -131,3 +131,30 @@ oid_from_numeric_string:"2.49.0.0.826.0":0:"81010000863A00" OID from numeric string - multi-byte first subidentifier oid_from_numeric_string:"2.999":0:"8837" + +OID from numeric string - empty string input +oid_from_numeric_string:"":MBEDTLS_ERR_ASN1_INVALID_DATA:"" + +OID from numeric string - first component not a number +oid_from_numeric_string:"abc.1.2":MBEDTLS_ERR_ASN1_INVALID_DATA:"" + +OID from numeric string - second component not a number +oid_from_numeric_string:"1.abc.2":MBEDTLS_ERR_ASN1_INVALID_DATA:"" + +OID from numeric string - first component too large +oid_from_numeric_string:"3.1":MBEDTLS_ERR_ASN1_INVALID_DATA:"" + +OID from numeric string - first component < 2, second > 39 +oid_from_numeric_string:"1.40":MBEDTLS_ERR_ASN1_INVALID_DATA:"" + +OID from numeric string - third component not a number +oid_from_numeric_string:"1.2.abc":MBEDTLS_ERR_ASN1_INVALID_DATA:"" + +OID from numeric string - non-'.' separator between first and second +oid_from_numeric_string:"1/2.3.4":MBEDTLS_ERR_ASN1_INVALID_DATA:"" + +OID from numeric string - non-'.' separator between second and third +oid_from_numeric_string:"1.2/3.4":MBEDTLS_ERR_ASN1_INVALID_DATA:"" + +OID from numeric string - non-'.' separator between third and fourth +oid_from_numeric_string:"1.2.3/4":MBEDTLS_ERR_ASN1_INVALID_DATA:"" From ce16474d9119cdef01aa6bda53d0210d0821b853 Mon Sep 17 00:00:00 2001 From: David Horstmann Date: Thu, 23 Feb 2023 13:50:48 +0000 Subject: [PATCH 044/328] Correct INT_MAX overflow check to UINT_MAX Signed-off-by: David Horstmann --- library/oid.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/oid.c b/library/oid.c index 811d343248..3c27bfc732 100644 --- a/library/oid.c +++ b/library/oid.c @@ -901,7 +901,7 @@ static int oid_parse_number(unsigned int *num, const char **p, const char *bound *num = 0; while (*p < bound && **p >= '0' && **p <= '9') { ret = 0; - if (*num > (INT_MAX / 10)) { + if (*num > (UINT_MAX / 10)) { return MBEDTLS_ERR_ASN1_INVALID_DATA; } *num *= 10; From 099be74d28edd04dff9753751c2f0f6a5cdeb9fe Mon Sep 17 00:00:00 2001 From: David Horstmann Date: Thu, 23 Feb 2023 13:51:43 +0000 Subject: [PATCH 045/328] Change free'd to freed for consistency Also clarify that the user must use mbedtls_free(). Signed-off-by: David Horstmann --- include/mbedtls/oid.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/mbedtls/oid.h b/include/mbedtls/oid.h index 49f4af5208..b2f5dd196b 100644 --- a/include/mbedtls/oid.h +++ b/include/mbedtls/oid.h @@ -471,7 +471,7 @@ int mbedtls_oid_get_numeric_string(char *buf, size_t size, const mbedtls_asn1_bu * of an ASN.1 OID into its encoded form * (e.g. "1.2.840.113549" into "\x2A\x86\x48\x86\xF7\x0D") * On success, this function allocates oid->buf from the - * heap. It must be free'd by the caller. + * heap. It must be freed by the caller using mbedtls_free(). * * \param oid mbedtls_asn1_buf to populate with the DER-encoded OID * \param oid_str string representation of the OID to parse From 0004a8672782cc0804f37a52b00e4096579a84bf Mon Sep 17 00:00:00 2001 From: Pol Henarejos Date: Sat, 4 Mar 2023 00:22:05 +0100 Subject: [PATCH 046/328] Fix md test with sha3. Signed-off-by: Pol Henarejos --- tests/suites/test_suite_md.data | 112 ++++++++++++++++---------------- 1 file changed, 56 insertions(+), 56 deletions(-) diff --git a/tests/suites/test_suite_md.data b/tests/suites/test_suite_md.data index edd7d9afbf..62379a2ff1 100644 --- a/tests/suites/test_suite_md.data +++ b/tests/suites/test_suite_md.data @@ -111,19 +111,19 @@ md_text:MBEDTLS_MD_RIPEMD160:"12345678901234567890123456789012345678901234567890 generic mbedtls_sha3 SHA3-224 Test vector from CAVS 19.0 with Len = 8 depends_on:MBEDTLS_SHA3_C -md_hex:"SHA3-224":"01":"488286d9d32716e5881ea1ee51f36d3660d70f0db03b3f612ce9eda4" +md_hex:MBEDTLS_MD_SHA3_224:"01":"488286d9d32716e5881ea1ee51f36d3660d70f0db03b3f612ce9eda4" generic mbedtls_sha3 SHA3-256 Test vector from CAVS 19.0 with Len = 8 depends_on:MBEDTLS_SHA3_C -md_hex:"SHA3-256":"e9":"f0d04dd1e6cfc29a4460d521796852f25d9ef8d28b44ee91ff5b759d72c1e6d6" +md_hex:MBEDTLS_MD_SHA3_256:"e9":"f0d04dd1e6cfc29a4460d521796852f25d9ef8d28b44ee91ff5b759d72c1e6d6" generic mbedtls_sha3 SHA3-384 Test vector from CAVS 19.0 with Len = 8 depends_on:MBEDTLS_SHA3_C -md_hex:"SHA3-384":"80":"7541384852e10ff10d5fb6a7213a4a6c15ccc86d8bc1068ac04f69277142944f4ee50d91fdc56553db06b2f5039c8ab7" +md_hex:MBEDTLS_MD_SHA3_384:"80":"7541384852e10ff10d5fb6a7213a4a6c15ccc86d8bc1068ac04f69277142944f4ee50d91fdc56553db06b2f5039c8ab7" generic mbedtls_sha3 SHA3-512 Test vector from CAVS 19.0 with Len = 8 depends_on:MBEDTLS_SHA3_C -md_hex:"SHA3-512":"e5":"150240baf95fb36f8ccb87a19a41767e7aed95125075a2b2dbba6e565e1ce8575f2b042b62e29a04e9440314a821c6224182964d8b557b16a492b3806f4c39c1" +md_hex:MBEDTLS_MD_SHA3_512:"e5":"150240baf95fb36f8ccb87a19a41767e7aed95125075a2b2dbba6e565e1ce8575f2b042b62e29a04e9440314a821c6224182964d8b557b16a492b3806f4c39c1" generic HMAC-MD5 Hash File OpenSSL test #1 depends_on:MBEDTLS_MD5_C @@ -259,19 +259,19 @@ md_text_multi:MBEDTLS_MD_RIPEMD160:"12345678901234567890123456789012345678901234 generic multi step mbedtls_sha3 SHA3-224 Test vector from CAVS 19.0 with Len = 48 depends_on:MBEDTLS_SHA3_C -md_hex_multi:"SHA3-224":"e7183e4d89c9":"650618f3b945c07de85b8478d69609647d5e2a432c6b15fbb3db91e4" +md_hex_multi:MBEDTLS_MD_SHA3_224:"e7183e4d89c9":"650618f3b945c07de85b8478d69609647d5e2a432c6b15fbb3db91e4" generic multi step mbedtls_sha3 SHA3-256 Test vector from CAVS 19.0 with Len = 48 depends_on:MBEDTLS_SHA3_C -md_hex_multi:"SHA3-256":"e6fd42037f80":"2294f8d3834f24aa9037c431f8c233a66a57b23fa3de10530bbb6911f6e1850f" +md_hex_multi:MBEDTLS_MD_SHA3_256:"e6fd42037f80":"2294f8d3834f24aa9037c431f8c233a66a57b23fa3de10530bbb6911f6e1850f" generic multi step mbedtls_sha3 SHA3-384 Test vector from CAVS 19.0 with Len = 48 depends_on:MBEDTLS_SHA3_C -md_hex_multi:"SHA3-384":"5a6659e9f0e7":"21b1f3f63b907f968821185a7fe30b16d47e1d6ee5b9c80be68947854de7a8ef4a03a6b2e4ec96abdd4fa29ab9796f28" +md_hex_multi:MBEDTLS_MD_SHA3_384:"5a6659e9f0e7":"21b1f3f63b907f968821185a7fe30b16d47e1d6ee5b9c80be68947854de7a8ef4a03a6b2e4ec96abdd4fa29ab9796f28" generic multi step mbedtls_sha3 SHA3-512 Test vector from CAVS 19.0 with Len = 48 depends_on:MBEDTLS_SHA3_C -md_hex_multi:"SHA3-512":"71a986d2f662":"def6aac2b08c98d56a0501a8cb93f5b47d6322daf99e03255457c303326395f765576930f8571d89c01e727cc79c2d4497f85c45691b554e20da810c2bc865ef" +md_hex_multi:MBEDTLS_MD_SHA3_512:"71a986d2f662":"def6aac2b08c98d56a0501a8cb93f5b47d6322daf99e03255457c303326395f765576930f8571d89c01e727cc79c2d4497f85c45691b554e20da810c2bc865ef" generic multi step HMAC-MD5 Hash File OpenSSL test #1 depends_on:MBEDTLS_MD5_C @@ -523,67 +523,67 @@ mbedtls_md_hmac:MBEDTLS_MD_SHA512:48:"8ab783d5acf32efa0d9c0a21abce955e96630d89": HMAC-SHA3-224: NIST example #1: keylenblocklen depends_on:MBEDTLS_SHA3_C -mbedtls_md_hmac:"SHA3-224":28:"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaab":"53616d706c65206d65737361676520666f72206b65796c656e3e626c6f636b6c656e":"078695eecc227c636ad31d063a15dd05a7e819a66ec6d8de1e193e59" +mbedtls_md_hmac:MBEDTLS_MD_SHA3_224:28:"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaab":"53616d706c65206d65737361676520666f72206b65796c656e3e626c6f636b6c656e":"078695eecc227c636ad31d063a15dd05a7e819a66ec6d8de1e193e59" HMAC-SHA3-224: NIST example #4: keylenblocklen depends_on:MBEDTLS_SHA3_C -mbedtls_md_hmac:"SHA3-256":32:"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7":"53616d706c65206d65737361676520666f72206b65796c656e3e626c6f636b6c656e":"9bcf2c238e235c3ce88404e813bd2f3a97185ac6f238c63d6229a00b07974258" +mbedtls_md_hmac:MBEDTLS_MD_SHA3_256:32:"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7":"53616d706c65206d65737361676520666f72206b65796c656e3e626c6f636b6c656e":"9bcf2c238e235c3ce88404e813bd2f3a97185ac6f238c63d6229a00b07974258" HMAC-SHA3-256: NIST example #4: keylenblocklen depends_on:MBEDTLS_SHA3_C -mbedtls_md_hmac:"SHA3-384":48:"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f9091929394959697":"53616d706c65206d65737361676520666f72206b65796c656e3e626c6f636b6c656e":"e5ae4c739f455279368ebf36d4f5354c95aa184c899d3870e460ebc288ef1f9470053f73f7c6da2a71bcaec38ce7d6ac" +mbedtls_md_hmac:MBEDTLS_MD_SHA3_384:48:"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f9091929394959697":"53616d706c65206d65737361676520666f72206b65796c656e3e626c6f636b6c656e":"e5ae4c739f455279368ebf36d4f5354c95aa184c899d3870e460ebc288ef1f9470053f73f7c6da2a71bcaec38ce7d6ac" HMAC-SHA3-384: NIST example #4: keylenblocklen depends_on:MBEDTLS_SHA3_C -mbedtls_md_hmac:"SHA3-512":64:"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f8081828384858687":"53616d706c65206d65737361676520666f72206b65796c656e3e626c6f636b6c656e":"5f464f5e5b7848e3885e49b2c385f0694985d0e38966242dc4a5fe3fea4b37d46b65ceced5dcf59438dd840bab22269f0ba7febdb9fcf74602a35666b2a32915" +mbedtls_md_hmac:MBEDTLS_MD_SHA3_512:64:"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f8081828384858687":"53616d706c65206d65737361676520666f72206b65796c656e3e626c6f636b6c656e":"5f464f5e5b7848e3885e49b2c385f0694985d0e38966242dc4a5fe3fea4b37d46b65ceced5dcf59438dd840bab22269f0ba7febdb9fcf74602a35666b2a32915" HMAC-SHA3-512: NIST example #4: keylenblocklen depends_on:MBEDTLS_SHA3_C -md_hmac_multi:"SHA3-224":28:"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaab":"53616d706c65206d65737361676520666f72206b65796c656e3e626c6f636b6c656e":"078695eecc227c636ad31d063a15dd05a7e819a66ec6d8de1e193e59" +md_hmac_multi:MBEDTLS_MD_SHA3_224:28:"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaab":"53616d706c65206d65737361676520666f72206b65796c656e3e626c6f636b6c656e":"078695eecc227c636ad31d063a15dd05a7e819a66ec6d8de1e193e59" HMAC-SHA3-224 multi-step: NIST example #4: keylenblocklen depends_on:MBEDTLS_SHA3_C -md_hmac_multi:"SHA3-256":32:"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7":"53616d706c65206d65737361676520666f72206b65796c656e3e626c6f636b6c656e":"9bcf2c238e235c3ce88404e813bd2f3a97185ac6f238c63d6229a00b07974258" +md_hmac_multi:MBEDTLS_MD_SHA3_256:32:"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7":"53616d706c65206d65737361676520666f72206b65796c656e3e626c6f636b6c656e":"9bcf2c238e235c3ce88404e813bd2f3a97185ac6f238c63d6229a00b07974258" HMAC-SHA3-256 multi-step: NIST example #4: keylenblocklen depends_on:MBEDTLS_SHA3_C -md_hmac_multi:"SHA3-384":48:"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f9091929394959697":"53616d706c65206d65737361676520666f72206b65796c656e3e626c6f636b6c656e":"e5ae4c739f455279368ebf36d4f5354c95aa184c899d3870e460ebc288ef1f9470053f73f7c6da2a71bcaec38ce7d6ac" +md_hmac_multi:MBEDTLS_MD_SHA3_384:48:"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f9091929394959697":"53616d706c65206d65737361676520666f72206b65796c656e3e626c6f636b6c656e":"e5ae4c739f455279368ebf36d4f5354c95aa184c899d3870e460ebc288ef1f9470053f73f7c6da2a71bcaec38ce7d6ac" HMAC-SHA3-384 multi-step: NIST example #4: keylenblocklen depends_on:MBEDTLS_SHA3_C -md_hmac_multi:"SHA3-512":64:"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f8081828384858687":"53616d706c65206d65737361676520666f72206b65796c656e3e626c6f636b6c656e":"5f464f5e5b7848e3885e49b2c385f0694985d0e38966242dc4a5fe3fea4b37d46b65ceced5dcf59438dd840bab22269f0ba7febdb9fcf74602a35666b2a32915" +md_hmac_multi:MBEDTLS_MD_SHA3_512:64:"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f8081828384858687":"53616d706c65206d65737361676520666f72206b65796c656e3e626c6f636b6c656e":"5f464f5e5b7848e3885e49b2c385f0694985d0e38966242dc4a5fe3fea4b37d46b65ceced5dcf59438dd840bab22269f0ba7febdb9fcf74602a35666b2a32915" HMAC-SHA3-512 multi-step: NIST example #4: keylen Date: Wed, 19 Apr 2023 18:15:51 +0100 Subject: [PATCH 047/328] Change to using an alloc-realloc strategy Allocate enough memory to guarantee we can store the OID, encode into the buffer, then realloc and copy into a buffer of exactly the right size. Signed-off-by: David Horstmann --- library/oid.c | 119 +++++++++++++++++++++++++------------------------- 1 file changed, 60 insertions(+), 59 deletions(-) diff --git a/library/oid.c b/library/oid.c index 3c27bfc732..139a707c8e 100644 --- a/library/oid.c +++ b/library/oid.c @@ -951,111 +951,112 @@ int mbedtls_oid_from_numeric_string(mbedtls_asn1_buf *oid, const char *str_ptr = oid_str; const char *str_bound = oid_str + size; unsigned int val = 0; - size_t encoded_len; unsigned int component1, component2; - /* First pass - parse the string to get the length of buffer required */ + /* Count the number of dots to get a worst-case allocation size. */ + size_t num_dots = 0; + for (size_t i = 0; (i < size) && (oid_str[i] != '\0'); i++) { + if (oid_str[i] == '.') { + num_dots++; + } + } + /* Allocate maximum possible required memory: + * There are (num_dots + 1) integer components, but the first 2 share the + * same subidentifier, so we only need num_dots subidentifiers maximum. */ + if (num_dots == 0 || (num_dots > SIZE_MAX / sizeof(unsigned int))) { + return MBEDTLS_ERR_ASN1_INVALID_DATA; + } + size_t max_possible_bytes = num_dots * sizeof(unsigned int); + oid->p = mbedtls_calloc(max_possible_bytes, 1); + if (oid->p == NULL) { + return MBEDTLS_ERR_ASN1_ALLOC_FAILED; + } + unsigned char *out_ptr = oid->p; + unsigned char *out_bound = oid->p + max_possible_bytes; ret = oid_parse_number(&component1, &str_ptr, str_bound); if (ret != 0) { - return ret; + goto error; } if (component1 > 2) { /* First component can't be > 2 */ - return MBEDTLS_ERR_ASN1_INVALID_DATA; + ret = MBEDTLS_ERR_ASN1_INVALID_DATA; + goto error; } if (str_ptr >= str_bound || *str_ptr != '.') { - return MBEDTLS_ERR_ASN1_INVALID_DATA; + ret = MBEDTLS_ERR_ASN1_INVALID_DATA; + goto error; } str_ptr++; ret = oid_parse_number(&component2, &str_ptr, str_bound); if (ret != 0) { - return ret; + goto error; } if ((component1 < 2) && (component2 > 39)) { /* Root nodes 0 and 1 may have up to 40 children, numbered 0-39 */ - return MBEDTLS_ERR_ASN1_INVALID_DATA; + ret = MBEDTLS_ERR_ASN1_INVALID_DATA; + goto error; } if (str_ptr < str_bound && *str_ptr != '\0') { if (*str_ptr == '.') { str_ptr++; } else { - return MBEDTLS_ERR_ASN1_INVALID_DATA; + ret = MBEDTLS_ERR_ASN1_INVALID_DATA; + goto error; } } if ((UINT_MAX - component2) <= (component1 * 40)) { - return MBEDTLS_ERR_ASN1_INVALID_DATA; + ret = MBEDTLS_ERR_ASN1_INVALID_DATA; + goto error; + } + ret = oid_subidentifier_encode_into(&out_ptr, out_bound, + (component1 * 40) + component2); + if (ret != 0) { + goto error; } - encoded_len = oid_subidentifier_num_bytes((component1 * 40) + component2); while (str_ptr < str_bound && *str_ptr != '\0') { - oid_parse_number(&val, &str_ptr, str_bound); + ret = oid_parse_number(&val, &str_ptr, str_bound); if (ret != 0) { - return ret; + goto error; } if (str_ptr < str_bound && *str_ptr != '\0') { if (*str_ptr == '.') { str_ptr++; } else { - return MBEDTLS_ERR_ASN1_INVALID_DATA; + ret = MBEDTLS_ERR_ASN1_INVALID_DATA; + goto error; } } - size_t num_bytes = oid_subidentifier_num_bytes(val); - if ((SIZE_MAX - encoded_len) <= num_bytes) { - return MBEDTLS_ERR_ASN1_INVALID_DATA; - } - encoded_len += num_bytes; - } - - oid->p = mbedtls_calloc(encoded_len, 1); - if (oid->p == NULL) { - return MBEDTLS_ERR_ASN1_ALLOC_FAILED; - } - oid->len = encoded_len; - - /* Second pass - now that we've allocated the buffer, go back to the - * start and encode */ - - str_ptr = oid_str; - unsigned char *out_ptr = oid->p; - unsigned char *out_bound = oid->p + oid->len; - - /* No need to do validation this time, as we did it on the first pass */ - oid_parse_number(&component1, &str_ptr, str_bound); - /* Skip past the '.' */ - str_ptr++; - oid_parse_number(&component2, &str_ptr, str_bound); - /* Skip past the '.' */ - str_ptr++; - ret = oid_subidentifier_encode_into(&out_ptr, out_bound, - (component1 * 40) + component2); - if (ret != 0) { - mbedtls_free(oid->p); - oid->p = NULL; - oid->len = 0; - return ret; - } - while (str_ptr < str_bound && *str_ptr != '\0') { - oid_parse_number(&val, &str_ptr, str_bound); - if (str_ptr < str_bound && *str_ptr == '.') { - /* Skip past the '.' */ - str_ptr++; - } - ret = oid_subidentifier_encode_into(&out_ptr, out_bound, val); if (ret != 0) { - mbedtls_free(oid->p); - oid->p = NULL; - oid->len = 0; - return ret; + goto error; } } + + size_t encoded_len = out_ptr - oid->p; + unsigned char *minimum_mem = mbedtls_calloc(encoded_len, 1); + if (minimum_mem == NULL) { + ret = MBEDTLS_ERR_ASN1_ALLOC_FAILED; + goto error; + } + memcpy(minimum_mem, oid->p, encoded_len); + mbedtls_free(oid->p); + oid->p = minimum_mem; + oid->len = encoded_len; + oid->tag = MBEDTLS_ASN1_OID; return 0; + +error: + mbedtls_free(oid->p); + oid->p = NULL; + oid->len = 0; + return ret; } #endif /* MBEDTLS_OID_C */ From 9643575d92440b8efc91cb60b7f0270e23f5fae8 Mon Sep 17 00:00:00 2001 From: David Horstmann Date: Wed, 26 Apr 2023 11:50:14 +0100 Subject: [PATCH 048/328] Limit OIDs to 128 components The longest OID known by oid-info.com is 34 components[1], so 128 should be plenty and will limit the potential for attacks. [1] http://oid-info.com/get/1.3.6.1.4.1.1248.1.1.2.1.3.21.69.112.115.111.110.32.83.116.121.108.117.115.32.80.114.111.32.52.57.48.48 Signed-off-by: David Horstmann --- include/mbedtls/oid.h | 5 +++++ library/oid.c | 2 +- tests/suites/test_suite_oid.data | 3 +++ 3 files changed, 9 insertions(+), 1 deletion(-) diff --git a/include/mbedtls/oid.h b/include/mbedtls/oid.h index b2f5dd196b..1d73506dc4 100644 --- a/include/mbedtls/oid.h +++ b/include/mbedtls/oid.h @@ -63,6 +63,11 @@ #define MBEDTLS_OID_X509_EXT_FRESHEST_CRL (1 << 14) #define MBEDTLS_OID_X509_EXT_NS_CERT_TYPE (1 << 16) +/* + * Maximum number of OID components allowed + */ +#define MBEDTLS_OID_MAX_COMPONENTS 128 + /* * Top level OID tuples */ diff --git a/library/oid.c b/library/oid.c index 139a707c8e..8da4103803 100644 --- a/library/oid.c +++ b/library/oid.c @@ -963,7 +963,7 @@ int mbedtls_oid_from_numeric_string(mbedtls_asn1_buf *oid, /* Allocate maximum possible required memory: * There are (num_dots + 1) integer components, but the first 2 share the * same subidentifier, so we only need num_dots subidentifiers maximum. */ - if (num_dots == 0 || (num_dots > SIZE_MAX / sizeof(unsigned int))) { + if (num_dots == 0 || (num_dots > MBEDTLS_OID_MAX_COMPONENTS - 1)) { return MBEDTLS_ERR_ASN1_INVALID_DATA; } size_t max_possible_bytes = num_dots * sizeof(unsigned int); diff --git a/tests/suites/test_suite_oid.data b/tests/suites/test_suite_oid.data index d4a7dea21d..c5f13175b8 100644 --- a/tests/suites/test_suite_oid.data +++ b/tests/suites/test_suite_oid.data @@ -158,3 +158,6 @@ oid_from_numeric_string:"1.2/3.4":MBEDTLS_ERR_ASN1_INVALID_DATA:"" OID from numeric string - non-'.' separator between third and fourth oid_from_numeric_string:"1.2.3/4":MBEDTLS_ERR_ASN1_INVALID_DATA:"" + +OID from numeric string - OID greater than max length (129 components) +oid_from_numeric_string:"1.2.3.4.5.6.7.8.1.2.3.4.5.6.7.8.1.2.3.4.5.6.7.8.1.2.3.4.5.6.7.8.1.2.3.4.5.6.7.8.1.2.3.4.5.6.7.8.1.2.3.4.5.6.7.8.1.2.3.4.5.6.7.8.1.2.3.4.5.6.7.8.1.2.3.4.5.6.7.8.1.2.3.4.5.6.7.8.1.2.3.4.5.6.7.8.1.2.3.4.5.6.7.8.1.2.3.4.5.6.7.8.1.2.3.4.5.6.7.8.1.2.3.4.5.6.7.8.1":MBEDTLS_ERR_ASN1_INVALID_DATA:"" From b6ff8a2c4bf117d67500f04f346d77604214055e Mon Sep 17 00:00:00 2001 From: David Horstmann Date: Wed, 26 Apr 2023 12:10:36 +0100 Subject: [PATCH 049/328] Add ChangeLog entry for string-to-OID parsing Signed-off-by: David Horstmann --- ChangeLog.d/oid-parse-from-numeric-string.txt | 3 +++ 1 file changed, 3 insertions(+) create mode 100644 ChangeLog.d/oid-parse-from-numeric-string.txt diff --git a/ChangeLog.d/oid-parse-from-numeric-string.txt b/ChangeLog.d/oid-parse-from-numeric-string.txt new file mode 100644 index 0000000000..459bedc832 --- /dev/null +++ b/ChangeLog.d/oid-parse-from-numeric-string.txt @@ -0,0 +1,3 @@ +Features + * Add a function mbedtls_oid_from_numeric_string to parse an OID from a + string to a DER-encoded mbedtls_asn1_buf. From aca31654e6e96c76b073e0ffedb6ae53c9e4f4c7 Mon Sep 17 00:00:00 2001 From: Kusumit Ghoderao Date: Wed, 3 May 2023 11:35:50 +0530 Subject: [PATCH 050/328] Enable PSA_WANT_ALG_PBKDF2_HMAC in crypto_config.h Signed-off-by: Kusumit Ghoderao --- include/psa/crypto_config.h | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) diff --git a/include/psa/crypto_config.h b/include/psa/crypto_config.h index e68fac8b44..7e44427bd9 100644 --- a/include/psa/crypto_config.h +++ b/include/psa/crypto_config.h @@ -74,9 +74,7 @@ #define PSA_WANT_ALG_HMAC 1 #define PSA_WANT_ALG_MD5 1 #define PSA_WANT_ALG_OFB 1 -/* PBKDF2-HMAC is not yet supported via the PSA API in Mbed TLS. - * Note: when adding support, also adjust include/mbedtls/config_psa.h */ -//#define PSA_WANT_ALG_PBKDF2_HMAC 1 +#define PSA_WANT_ALG_PBKDF2_HMAC 1 #define PSA_WANT_ALG_RIPEMD160 1 #define PSA_WANT_ALG_RSA_OAEP 1 #define PSA_WANT_ALG_RSA_PKCS1V15_CRYPT 1 @@ -92,8 +90,7 @@ #define PSA_WANT_ALG_TLS12_PSK_TO_MS 1 #define PSA_WANT_ALG_TLS12_ECJPAKE_TO_PMS 1 -/* PBKDF2-HMAC is not yet supported via the PSA API in Mbed TLS. - * Note: when adding support, also adjust include/mbedtls/config_psa.h */ +/* Note: when adding support, also adjust include/mbedtls/config_psa.h */ //#define PSA_WANT_ALG_XTS 1 #define PSA_WANT_ECC_BRAINPOOL_P_R1_256 1 From 83baf8968dfaf312a4deb507f71e647243efc97f Mon Sep 17 00:00:00 2001 From: Kusumit Ghoderao Date: Wed, 3 May 2023 11:42:29 +0530 Subject: [PATCH 051/328] Add builtin PBKDF2_HMAC definition in config_psa.h Signed-off-by: Kusumit Ghoderao --- include/mbedtls/config_psa.h | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/include/mbedtls/config_psa.h b/include/mbedtls/config_psa.h index 20d4358f9b..bbad0c4af1 100644 --- a/include/mbedtls/config_psa.h +++ b/include/mbedtls/config_psa.h @@ -261,6 +261,13 @@ extern "C" { #define MBEDTLS_SHA512_C #endif +#if defined(PSA_WANT_ALG_PBKDF2_HMAC) +#if !defined(MBEDTLS_PSA_ACCEL_ALG_PBKDF2_HMAC) +#define MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_HMAC 1 +#define MBEDTLS_PSA_BUILTIN_ALG_HMAC 1 +#endif /* !MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_HMAC */ +#endif /* PSA_WANT_ALG_PBKDF2_HMAC */ + #if defined(PSA_WANT_ALG_TLS12_PRF) #if !defined(MBEDTLS_PSA_ACCEL_ALG_TLS12_PRF) #define MBEDTLS_PSA_BUILTIN_ALG_TLS12_PRF 1 @@ -675,6 +682,13 @@ extern "C" { #define PSA_WANT_ALG_HMAC 1 #define PSA_WANT_KEY_TYPE_HMAC +#if defined(MBEDTLS_PKCS5_C) +#define MBEDTLS_PSA_BUILTIN_ALG_HMAC 1 +#define PSA_WANT_ALG_HMAC 1 +#define MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_HMAC 1 +#define PSA_WANT_ALG_PBKDF2_HMAC 1 +#endif /* MBEDTLS_PKCS5_C */ + #if defined(MBEDTLS_MD_C) #define MBEDTLS_PSA_BUILTIN_ALG_TLS12_PRF 1 #define PSA_WANT_ALG_TLS12_PRF 1 From 876e2c242482fbc7b683950fcd52922b0b704db9 Mon Sep 17 00:00:00 2001 From: Kusumit Ghoderao Date: Wed, 3 May 2023 11:51:25 +0530 Subject: [PATCH 052/328] Add psa_pbkdf2_key_derivation_state_t Signed-off-by: Kusumit Ghoderao --- include/psa/crypto_builtin_key_derivation.h | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/include/psa/crypto_builtin_key_derivation.h b/include/psa/crypto_builtin_key_derivation.h index 1913a9b548..18e3fde93f 100644 --- a/include/psa/crypto_builtin_key_derivation.h +++ b/include/psa/crypto_builtin_key_derivation.h @@ -105,5 +105,14 @@ typedef struct psa_tls12_prf_key_derivation_s { } psa_tls12_prf_key_derivation_t; #endif /* MBEDTLS_PSA_BUILTIN_ALG_TLS12_PRF) || * MBEDTLS_PSA_BUILTIN_ALG_TLS12_PSK_TO_MS */ +#if defined(MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_HMAC) +typedef enum { + PSA_PBKDF2_STATE_INIT, /* no input provided */ + PSA_PBKDF2_STATE_INPUT_COST_SET, /* input cost has been set */ + PSA_PBKDF2_STATE_SALT_SET, /* salt has been set */ + PSA_PBKDF2_STATE_PASSWORD_SET, /* password has been set */ + PSA_PBKDF2_STATE_OUTPUT /* output has been started */ +} psa_pbkdf2_key_derivation_state_t; +#endif /* MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_HMAC */ #endif /* PSA_CRYPTO_BUILTIN_KEY_DERIVATION_H */ From 30ced52497919678600c1f5677ca40832d8747c4 Mon Sep 17 00:00:00 2001 From: Kusumit Ghoderao Date: Wed, 3 May 2023 11:56:02 +0530 Subject: [PATCH 053/328] Add pbkdf2 struct to crypto_builtin_key_derivation.h Signed-off-by: Kusumit Ghoderao --- include/psa/crypto_builtin_key_derivation.h | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/include/psa/crypto_builtin_key_derivation.h b/include/psa/crypto_builtin_key_derivation.h index 18e3fde93f..d2cf4df972 100644 --- a/include/psa/crypto_builtin_key_derivation.h +++ b/include/psa/crypto_builtin_key_derivation.h @@ -114,5 +114,14 @@ typedef enum { PSA_PBKDF2_STATE_OUTPUT /* output has been started */ } psa_pbkdf2_key_derivation_state_t; +typedef struct { + psa_pbkdf2_key_derivation_state_t MBEDTLS_PRIVATE(state); + uint64_t MBEDTLS_PRIVATE(input_cost); + uint8_t *MBEDTLS_PRIVATE(salt); + size_t MBEDTLS_PRIVATE(salt_length); + uint8_t *MBEDTLS_PRIVATE(password); + size_t MBEDTLS_PRIVATE(password_length); +} psa_pbkdf2_key_derivation_t; #endif /* MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_HMAC */ + #endif /* PSA_CRYPTO_BUILTIN_KEY_DERIVATION_H */ From dcfa5482933128aec459cd57a276ce02fa3b1c55 Mon Sep 17 00:00:00 2001 From: Kusumit Ghoderao Date: Wed, 3 May 2023 11:57:09 +0530 Subject: [PATCH 054/328] Add pbkdf2 to key_derivation context struct Signed-off-by: Kusumit Ghoderao --- include/psa/crypto_driver_contexts_key_derivation.h | 3 +++ 1 file changed, 3 insertions(+) diff --git a/include/psa/crypto_driver_contexts_key_derivation.h b/include/psa/crypto_driver_contexts_key_derivation.h index 39754cc010..5b4e4745d6 100644 --- a/include/psa/crypto_driver_contexts_key_derivation.h +++ b/include/psa/crypto_driver_contexts_key_derivation.h @@ -55,6 +55,9 @@ typedef union { #if defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_ECJPAKE_TO_PMS) psa_tls12_ecjpake_to_pms_t MBEDTLS_PRIVATE(tls12_ecjpake_to_pms); #endif +#if defined(MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_HMAC) + psa_pbkdf2_key_derivation_t MBEDTLS_PRIVATE(pbkdf2); +#endif } psa_driver_key_derivation_context_t; #endif /* PSA_CRYPTO_DRIVER_CONTEXTS_KEY_DERIVATION_H */ From af0b534256a1ee195d48ecd1761ca9b1a29c21d2 Mon Sep 17 00:00:00 2001 From: Kusumit Ghoderao Date: Wed, 3 May 2023 11:58:46 +0530 Subject: [PATCH 055/328] Add pbkdf2 to ATLEAST_ONE_BUILTIN_KDF definition Signed-off-by: Kusumit Ghoderao --- library/psa_crypto.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index f7e91d606f..6c7f2b0ece 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -4989,7 +4989,8 @@ psa_status_t psa_aead_abort(psa_aead_operation_t *operation) #if defined(BUILTIN_ALG_ANY_HKDF) || \ defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_PRF) || \ defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_PSK_TO_MS) || \ - defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_ECJPAKE_TO_PMS) + defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_ECJPAKE_TO_PMS) || \ + defined(MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_HMAC) #define AT_LEAST_ONE_BUILTIN_KDF #endif /* At least one builtin KDF */ From d132cacb38a4dc6e05d110887ecbd69c10cd2634 Mon Sep 17 00:00:00 2001 From: Kusumit Ghoderao Date: Wed, 3 May 2023 12:00:27 +0530 Subject: [PATCH 056/328] Add pbkdf2_hmac to is_kdf_alg_supported() Signed-off-by: Kusumit Ghoderao --- library/psa_crypto.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 6c7f2b0ece..46b957874c 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -5890,6 +5890,11 @@ static int is_kdf_alg_supported(psa_algorithm_t kdf_alg) if (kdf_alg == PSA_ALG_TLS12_ECJPAKE_TO_PMS) { return 1; } +#endif +#if defined(MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_HMAC) + if (PSA_ALG_IS_PBKDF2_HMAC(kdf_alg)) { + return 1; + } #endif return 0; } From 944bba1e30aec6204cbaa21415d04db51e5e82fb Mon Sep 17 00:00:00 2001 From: Kusumit Ghoderao Date: Wed, 3 May 2023 12:14:03 +0530 Subject: [PATCH 057/328] Add input cost function for pbkdf2 Signed-off-by: Kusumit Ghoderao --- library/psa_crypto.c | 35 +++++++++++++++++++++++++++++++++++ 1 file changed, 35 insertions(+) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 46b957874c..0ed005f32d 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -6384,6 +6384,35 @@ static psa_status_t psa_tls12_ecjpake_to_pms_input( return PSA_SUCCESS; } #endif /* MBEDTLS_PSA_BUILTIN_ALG_TLS12_ECJPAKE_TO_PMS */ + +#if defined(MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_HMAC) +static psa_status_t psa_pbkdf2_set_input_cost( + psa_pbkdf2_key_derivation_t *pbkdf2, + psa_key_derivation_step_t step, + uint64_t data) +{ + if (step != PSA_KEY_DERIVATION_INPUT_COST) { + return PSA_ERROR_INVALID_ARGUMENT; + } + + if (pbkdf2->state != PSA_PBKDF2_STATE_INIT) { + return PSA_ERROR_BAD_STATE; + } +#if UINT_MAX > 0xFFFFFFFF + if (data > 0xFFFFFFFF) { + return PSA_ERROR_INVALID_ARGUMENT; + } +#endif + if (data == 0) { + return PSA_ERROR_INVALID_ARGUMENT; + } + pbkdf2->input_cost = data; + pbkdf2->state = PSA_PBKDF2_STATE_INPUT_COST_SET; + + return PSA_SUCCESS; +} +#endif /* MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_HMAC */ + /** Check whether the given key type is acceptable for the given * input step of a key derivation. * @@ -6491,6 +6520,12 @@ static psa_status_t psa_key_derivation_input_integer_internal( psa_status_t status; psa_algorithm_t kdf_alg = psa_key_derivation_get_kdf_alg(operation); +#if defined(MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_HMAC) + if (PSA_ALG_IS_PBKDF2_HMAC(kdf_alg)) { + status = psa_pbkdf2_set_input_cost( + &operation->ctx.pbkdf2, step, value); + } else +#endif /* MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_HMAC */ { (void) step; (void) value; From 547a6c6fd1cc3e13077c3efd1d42d7e585dfec2d Mon Sep 17 00:00:00 2001 From: Kusumit Ghoderao Date: Wed, 3 May 2023 12:18:19 +0530 Subject: [PATCH 058/328] add input salt function for pbkdf2 Signed-off-by: Kusumit Ghoderao --- library/psa_crypto.c | 44 ++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 44 insertions(+) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 0ed005f32d..ba6a64a554 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -6411,6 +6411,50 @@ static psa_status_t psa_pbkdf2_set_input_cost( return PSA_SUCCESS; } + +static psa_status_t psa_pbkdf2_set_salt(psa_pbkdf2_key_derivation_t *pbkdf2, + const uint8_t *data, + size_t data_length) +{ + uint8_t *prev_salt; + size_t prev_salt_length; + + if (pbkdf2->state != PSA_PBKDF2_STATE_INPUT_COST_SET && + pbkdf2->state != PSA_PBKDF2_STATE_SALT_SET) { + return PSA_ERROR_BAD_STATE; + } + + if (data_length != 0) { + if (pbkdf2->state == PSA_PBKDF2_STATE_INPUT_COST_SET) { + pbkdf2->salt = mbedtls_calloc(1, data_length); + if (pbkdf2->salt == NULL) { + return PSA_ERROR_INSUFFICIENT_MEMORY; + } + + memcpy(pbkdf2->salt, data, data_length); + pbkdf2->salt_length = data_length; + } else if (pbkdf2->state == PSA_PBKDF2_STATE_SALT_SET) { + prev_salt = pbkdf2->salt; + prev_salt_length = pbkdf2->salt_length; + pbkdf2->salt = mbedtls_calloc(1, data_length + prev_salt_length); + if (pbkdf2->salt == NULL) { + return PSA_ERROR_INSUFFICIENT_MEMORY; + } + + memcpy(pbkdf2->salt, prev_salt, prev_salt_length); + memcpy(pbkdf2->salt + prev_salt_length, data, + data_length); + pbkdf2->salt_length += data_length; + mbedtls_free(prev_salt); + } + } else { + return PSA_ERROR_INVALID_ARGUMENT; + } + + pbkdf2->state = PSA_PBKDF2_STATE_SALT_SET; + + return PSA_SUCCESS; +} #endif /* MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_HMAC */ /** Check whether the given key type is acceptable for the given From f4fe3ee9e40df638924c92605415338b6bae8b85 Mon Sep 17 00:00:00 2001 From: Kusumit Ghoderao Date: Wed, 3 May 2023 12:21:07 +0530 Subject: [PATCH 059/328] Add input password function for pbkdf2 Also adds PSA_KEY_DERIVATION_INPUT_PASSWORD case handling to psa_key_derivation_check_input_type function Signed-off-by: Kusumit Ghoderao --- library/psa_crypto.c | 34 ++++++++++++++++++++++++++++++++++ 1 file changed, 34 insertions(+) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index ba6a64a554..82a362ca0f 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -6455,6 +6455,29 @@ static psa_status_t psa_pbkdf2_set_salt(psa_pbkdf2_key_derivation_t *pbkdf2, return PSA_SUCCESS; } + +static psa_status_t psa_pbkdf2_set_password(psa_pbkdf2_key_derivation_t *pbkdf2, + const uint8_t *data, + size_t data_length) +{ + if (pbkdf2->state != PSA_PBKDF2_STATE_SALT_SET) { + return PSA_ERROR_BAD_STATE; + } + + if (data_length != 0) { + pbkdf2->password = mbedtls_calloc(1, data_length); + if (pbkdf2->password == NULL) { + return PSA_ERROR_INSUFFICIENT_MEMORY; + } + + memcpy(pbkdf2->password, data, data_length); + pbkdf2->password_length = data_length; + } + + pbkdf2->state = PSA_PBKDF2_STATE_PASSWORD_SET; + + return PSA_SUCCESS; +} #endif /* MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_HMAC */ /** Check whether the given key type is acceptable for the given @@ -6498,6 +6521,17 @@ static int psa_key_derivation_check_input_type( return PSA_SUCCESS; } break; + case PSA_KEY_DERIVATION_INPUT_PASSWORD: + if (key_type == PSA_KEY_TYPE_PASSWORD) { + return PSA_SUCCESS; + } + if (key_type == PSA_KEY_TYPE_DERIVE) { + return PSA_SUCCESS; + } + if (key_type == PSA_KEY_TYPE_NONE) { + return PSA_SUCCESS; + } + break; } return PSA_ERROR_INVALID_ARGUMENT; } From 24b3895dee1475fc2a41beffbb0227ed6b4792c6 Mon Sep 17 00:00:00 2001 From: Kusumit Ghoderao Date: Wed, 3 May 2023 12:25:26 +0530 Subject: [PATCH 060/328] Add pbkdf2 input functions to psa_key_derivation_input_internal Signed-off-by: Kusumit Ghoderao --- library/psa_crypto.c | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 82a362ca0f..bf3f2a004c 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -6478,6 +6478,21 @@ static psa_status_t psa_pbkdf2_set_password(psa_pbkdf2_key_derivation_t *pbkdf2, return PSA_SUCCESS; } + +static psa_status_t psa_pbkdf2_input(psa_pbkdf2_key_derivation_t *pbkdf2, + psa_key_derivation_step_t step, + const uint8_t *data, + size_t data_length) +{ + switch (step) { + case PSA_KEY_DERIVATION_INPUT_SALT: + return psa_pbkdf2_set_salt(pbkdf2, data, data_length); + case PSA_KEY_DERIVATION_INPUT_PASSWORD: + return psa_pbkdf2_set_password(pbkdf2, data, data_length); + default: + return PSA_ERROR_INVALID_ARGUMENT; + } +} #endif /* MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_HMAC */ /** Check whether the given key type is acceptable for the given @@ -6575,6 +6590,12 @@ static psa_status_t psa_key_derivation_input_internal( &operation->ctx.tls12_ecjpake_to_pms, step, data, data_length); } else #endif /* MBEDTLS_PSA_BUILTIN_ALG_TLS12_ECJPAKE_TO_PMS */ +#if defined(MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_HMAC) + if (PSA_ALG_IS_PBKDF2_HMAC(kdf_alg)) { + status = psa_pbkdf2_input( + &operation->ctx.pbkdf2, step, data, data_length); + } else +#endif /* MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_HMAC */ { /* This can't happen unless the operation object was not initialized */ (void) data; From 3128c5d9ceaf5cbb9c714a0a1a85a1bf4793d180 Mon Sep 17 00:00:00 2001 From: Kusumit Ghoderao Date: Wed, 3 May 2023 12:27:57 +0530 Subject: [PATCH 061/328] Enable can_output_key with PSA_KEY_DERIVATION_INPUT_PASSWORD Signed-off-by: Kusumit Ghoderao --- library/psa_crypto.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index bf3f2a004c..849bb95a6e 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -6673,9 +6673,10 @@ psa_status_t psa_key_derivation_input_key( return status; } - /* Passing a key object as a SECRET input unlocks the permission - * to output to a key object. */ - if (step == PSA_KEY_DERIVATION_INPUT_SECRET) { + /* Passing a key object as a SECRET or PASSWORD input unlocks the + * permission to output to a key object. */ + if (step == PSA_KEY_DERIVATION_INPUT_SECRET || + step == PSA_KEY_DERIVATION_INPUT_PASSWORD) { operation->can_output_key = 1; } From f5fedf1e0da991a4818f65205980ced47a86cf74 Mon Sep 17 00:00:00 2001 From: Kusumit Ghoderao Date: Wed, 3 May 2023 12:29:48 +0530 Subject: [PATCH 062/328] Add pbkdf2 to psa_key_derivation_abort Signed-off-by: Kusumit Ghoderao --- library/psa_crypto.c | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 849bb95a6e..a289895c41 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -5094,6 +5094,25 @@ psa_status_t psa_key_derivation_abort(psa_key_derivation_operation_t *operation) sizeof(operation->ctx.tls12_ecjpake_to_pms.data)); } else #endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_ECJPAKE_TO_PMS) */ +#if defined(MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_HMAC) + if (PSA_ALG_IS_PBKDF2_HMAC(kdf_alg)) { + if (operation->ctx.pbkdf2.input_cost != 0U) { + operation->ctx.pbkdf2.input_cost = 0U; + } + if (operation->ctx.pbkdf2.salt != NULL) { + mbedtls_platform_zeroize(operation->ctx.pbkdf2.salt, + operation->ctx.pbkdf2.salt_length); + mbedtls_free(operation->ctx.pbkdf2.salt); + } + if (operation->ctx.pbkdf2.password != NULL) { + mbedtls_platform_zeroize(operation->ctx.pbkdf2.password, + operation->ctx.pbkdf2.password_length); + mbedtls_free(operation->ctx.pbkdf2.password); + } + + status = PSA_SUCCESS; + } else +#endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_HMAC) */ { status = PSA_ERROR_BAD_STATE; } From 7c05c009886ab41cc66d129bab2de7ed95e7290b Mon Sep 17 00:00:00 2001 From: Kusumit Ghoderao Date: Wed, 3 May 2023 12:54:33 +0530 Subject: [PATCH 063/328] Add test cases for pbkdf2 input functions Signed-off-by: Kusumit Ghoderao --- tests/suites/test_suite_psa_crypto.data | 60 +++++++++++++++++++++++++ 1 file changed, 60 insertions(+) diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data index fd35c8796d..06b57ad459 100644 --- a/tests/suites/test_suite_psa_crypto.data +++ b/tests/suites/test_suite_psa_crypto.data @@ -5307,6 +5307,66 @@ PSA key derivation: TLS12_ECJPAKE_TO_PMS, input too long depends_on:PSA_WANT_ALG_TLS12_ECJPAKE_TO_PMS derive_input:PSA_ALG_TLS12_ECJPAKE_TO_PMS:PSA_KEY_DERIVATION_INPUT_SECRET:PSA_KEY_TYPE_NONE:"04aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_ERROR_INVALID_ARGUMENT:0:UNUSED:"":UNUSED:0:UNUSED:"":UNUSED:PSA_KEY_TYPE_NONE:PSA_ERROR_BAD_STATE +PSA key derivation: PBKDF2-HMAC-SHA256, good case, direct output +depends_on:PSA_WANT_ALG_PBKDF2_HMAC:PSA_WANT_ALG_SHA_256 +derive_input:PSA_ALG_PBKDF2_HMAC(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_COST:INPUT_INTEGER:"01":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SALT:PSA_KEY_TYPE_NONE:"73616c74":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_PASSWORD:PSA_KEY_TYPE_PASSWORD:"706173737764":PSA_SUCCESS:PSA_KEY_TYPE_NONE:PSA_SUCCESS + +PSA key derivation: PBKDF2-HMAC-SHA256, salt missing +depends_on:PSA_WANT_ALG_PBKDF2_HMAC:PSA_WANT_ALG_SHA_256 +derive_input:PSA_ALG_PBKDF2_HMAC(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_COST:INPUT_INTEGER:"01":PSA_SUCCESS:0:UNUSED:"":UNUSED:PSA_KEY_DERIVATION_INPUT_PASSWORD:PSA_KEY_TYPE_PASSWORD:"706173737764":PSA_ERROR_BAD_STATE:PSA_KEY_TYPE_NONE:PSA_ERROR_BAD_STATE + +PSA key derivation: PBKDF2-HMAC-SHA256, password missing +depends_on:PSA_WANT_ALG_PBKDF2_HMAC:PSA_WANT_ALG_SHA_256 +derive_input:PSA_ALG_PBKDF2_HMAC(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_COST:INPUT_INTEGER:"01":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SALT:PSA_KEY_TYPE_NONE:"73616c74":PSA_SUCCESS:0:UNUSED:"":UNUSED:PSA_KEY_TYPE_NONE:PSA_ERROR_BAD_STATE + +PSA key derivation: PBKDF2-HMAC-SHA256, salt and password before cost +depends_on:PSA_WANT_ALG_PBKDF2_HMAC:PSA_WANT_ALG_SHA_256 +derive_input:PSA_ALG_PBKDF2_HMAC(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SALT:PSA_KEY_TYPE_NONE:"73616c74":PSA_ERROR_BAD_STATE:PSA_KEY_DERIVATION_INPUT_PASSWORD:PSA_KEY_TYPE_PASSWORD:"706173737764":PSA_ERROR_BAD_STATE:PSA_KEY_DERIVATION_INPUT_COST:INPUT_INTEGER:"01":PSA_ERROR_BAD_STATE:PSA_KEY_TYPE_NONE:PSA_ERROR_BAD_STATE + +PSA key derivation: PBKDF2-HMAC-SHA256, password before cost +depends_on:PSA_WANT_ALG_PBKDF2_HMAC:PSA_WANT_ALG_SHA_256 +derive_input:PSA_ALG_PBKDF2_HMAC(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_PASSWORD:PSA_KEY_TYPE_PASSWORD:"706173737764":PSA_ERROR_BAD_STATE:PSA_KEY_DERIVATION_INPUT_COST:INPUT_INTEGER:"01":PSA_ERROR_BAD_STATE:PSA_KEY_DERIVATION_INPUT_SALT:PSA_KEY_TYPE_NONE:"73616c74":PSA_ERROR_BAD_STATE:PSA_KEY_TYPE_NONE:PSA_ERROR_BAD_STATE + +PSA key derivation: PBKDF2-HMAC-SHA256, password bad key type +depends_on:PSA_WANT_ALG_PBKDF2_HMAC:PSA_WANT_ALG_SHA_256 +derive_input:PSA_ALG_PBKDF2_HMAC(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_COST:INPUT_INTEGER:"01":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SALT:PSA_KEY_TYPE_NONE:"73616c74":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_PASSWORD:PSA_KEY_TYPE_RAW_DATA:"706173737764":PSA_ERROR_INVALID_ARGUMENT:PSA_KEY_TYPE_NONE:PSA_ERROR_BAD_STATE + +PSA key derivation: PBKDF2-HMAC-SHA256, direct password, direct output +depends_on:PSA_WANT_ALG_PBKDF2_HMAC:PSA_WANT_ALG_SHA_256 +derive_input:PSA_ALG_PBKDF2_HMAC(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_COST:INPUT_INTEGER:"01":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SALT:PSA_KEY_TYPE_NONE:"73616c74":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_PASSWORD:PSA_KEY_TYPE_NONE:"706173737764":PSA_SUCCESS:PSA_KEY_TYPE_NONE:PSA_SUCCESS + +PSA key derivation: PBKDF2-HMAC-SHA256, direct empty password, direct output +depends_on:PSA_WANT_ALG_PBKDF2_HMAC:PSA_WANT_ALG_SHA_256 +derive_input:PSA_ALG_PBKDF2_HMAC(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_COST:INPUT_INTEGER:"01":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SALT:PSA_KEY_TYPE_NONE:"73616c74":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_PASSWORD:PSA_KEY_TYPE_NONE:"":PSA_SUCCESS:PSA_KEY_TYPE_NONE:PSA_SUCCESS + +PSA key derivation: PBKDF2-HMAC-SHA256, direct password, key output +depends_on:PSA_WANT_ALG_PBKDF2_HMAC:PSA_WANT_ALG_SHA_256 +derive_input:PSA_ALG_PBKDF2_HMAC(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_COST:INPUT_INTEGER:"01":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SALT:PSA_KEY_TYPE_NONE:"73616c74":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_PASSWORD:PSA_KEY_TYPE_NONE:"706173737764":PSA_SUCCESS:PSA_KEY_TYPE_RAW_DATA:PSA_ERROR_NOT_PERMITTED + +PSA key derivation: PBKDF2-HMAC-SHA256, DERIVE key as salt +depends_on:PSA_WANT_ALG_PBKDF2_HMAC:PSA_WANT_ALG_SHA_256 +derive_input:PSA_ALG_PBKDF2_HMAC(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_COST:INPUT_INTEGER:"01":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SALT:PSA_KEY_TYPE_DERIVE:"73616c74":PSA_ERROR_INVALID_ARGUMENT:PSA_KEY_DERIVATION_INPUT_PASSWORD:PSA_KEY_TYPE_NONE:"706173737764":PSA_ERROR_BAD_STATE:PSA_KEY_TYPE_NONE:PSA_ERROR_BAD_STATE + +PSA key derivation: PBKDF2-HMAC-SHA256, duplicate cost step +depends_on:PSA_WANT_ALG_PBKDF2_HMAC:PSA_WANT_ALG_SHA_256 +derive_input:PSA_ALG_PBKDF2_HMAC(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_COST:INPUT_INTEGER:"01":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_COST:INPUT_INTEGER:"01":PSA_ERROR_BAD_STATE:PSA_KEY_DERIVATION_INPUT_PASSWORD:PSA_KEY_TYPE_NONE:"706173737764":PSA_ERROR_BAD_STATE:PSA_KEY_TYPE_NONE:PSA_ERROR_BAD_STATE + +PSA key derivation: PBKDF2-HMAC-SHA256, duplicate salt step +depends_on:PSA_WANT_ALG_PBKDF2_HMAC:PSA_WANT_ALG_SHA_256 +derive_input:PSA_ALG_PBKDF2_HMAC(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_COST:INPUT_INTEGER:"01":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SALT:PSA_KEY_TYPE_NONE:"73616c74":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SALT:PSA_KEY_TYPE_NONE:"73616c74":PSA_SUCCESS:PSA_KEY_TYPE_NONE:PSA_ERROR_BAD_STATE + +PSA key derivation: PBKDF2-HMAC-SHA256, reject secret step +depends_on:PSA_WANT_ALG_PBKDF2_HMAC:PSA_WANT_ALG_SHA_256 +derive_input:PSA_ALG_PBKDF2_HMAC(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SECRET:PSA_KEY_TYPE_NONE:"":PSA_ERROR_INVALID_ARGUMENT:PSA_KEY_DERIVATION_INPUT_SALT:PSA_KEY_TYPE_NONE:"73616c74":PSA_ERROR_BAD_STATE:PSA_KEY_DERIVATION_INPUT_PASSWORD:PSA_KEY_TYPE_NONE:"706173737764":PSA_ERROR_BAD_STATE:PSA_KEY_TYPE_NONE:PSA_ERROR_BAD_STATE + +PSA key derivation: PBKDF2-HMAC-SHA256, reject label step +depends_on:PSA_WANT_ALG_PBKDF2_HMAC:PSA_WANT_ALG_SHA_256 +derive_input:PSA_ALG_PBKDF2_HMAC(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_LABEL:PSA_KEY_TYPE_NONE:"":PSA_ERROR_INVALID_ARGUMENT:PSA_KEY_DERIVATION_INPUT_SALT:PSA_KEY_TYPE_NONE:"73616c74":PSA_ERROR_BAD_STATE:PSA_KEY_DERIVATION_INPUT_PASSWORD:PSA_KEY_TYPE_NONE:"706173737764":PSA_ERROR_BAD_STATE:PSA_KEY_TYPE_NONE:PSA_ERROR_BAD_STATE + +PSA key derivation: PBKDF2-HMAC-SHA256, reject seed step +depends_on:PSA_WANT_ALG_PBKDF2_HMAC:PSA_WANT_ALG_SHA_256 +derive_input:PSA_ALG_PBKDF2_HMAC(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SEED:PSA_KEY_TYPE_NONE:"":PSA_ERROR_INVALID_ARGUMENT:PSA_KEY_DERIVATION_INPUT_SALT:PSA_KEY_TYPE_NONE:"73616c74":PSA_ERROR_BAD_STATE:PSA_KEY_DERIVATION_INPUT_PASSWORD:PSA_KEY_TYPE_NONE:"706173737764":PSA_ERROR_BAD_STATE:PSA_KEY_TYPE_NONE:PSA_ERROR_BAD_STATE + PSA key derivation over capacity: HKDF depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256 derive_over_capacity:PSA_ALG_HKDF(PSA_ALG_SHA_256) From 056f0c5047c139309e3bc736805262f672474e6c Mon Sep 17 00:00:00 2001 From: Kusumit Ghoderao Date: Wed, 3 May 2023 15:58:34 +0530 Subject: [PATCH 064/328] Make output_byte return not_supported for pbkdf2 As output functionality is not added yet return PSA_SUCCESS for now if inputs are passed correctly. If input validation fails operation is aborted and output_bytes will return PSA_ERROR_BAD_STATE Signed-off-by: Kusumit Ghoderao --- library/psa_crypto.c | 9 +++++++++ tests/suites/test_suite_psa_crypto.data | 14 +++++++------- 2 files changed, 16 insertions(+), 7 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index a289895c41..2a4ac7b2b5 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -5492,6 +5492,15 @@ psa_status_t psa_key_derivation_output_bytes( &operation->ctx.tls12_ecjpake_to_pms, output, output_length); } else #endif /* MBEDTLS_PSA_BUILTIN_ALG_TLS12_ECJPAKE_TO_PMS */ +#if defined(MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_HMAC) + if (PSA_ALG_IS_PBKDF2_HMAC(kdf_alg)) { + /* As output functionality is not added yet return + * PSA_ERROR_NOT_SUPPORTED for now if inputs are passed correctly. + * If input validation fails operation is aborted and output_bytes + * will return PSA_ERROR_BAD_STATE */ + status = PSA_ERROR_NOT_SUPPORTED; + } else +#endif /* MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_HMAC */ { (void) kdf_alg; diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data index 06b57ad459..d1972995ed 100644 --- a/tests/suites/test_suite_psa_crypto.data +++ b/tests/suites/test_suite_psa_crypto.data @@ -5309,7 +5309,7 @@ derive_input:PSA_ALG_TLS12_ECJPAKE_TO_PMS:PSA_KEY_DERIVATION_INPUT_SECRET:PSA_KE PSA key derivation: PBKDF2-HMAC-SHA256, good case, direct output depends_on:PSA_WANT_ALG_PBKDF2_HMAC:PSA_WANT_ALG_SHA_256 -derive_input:PSA_ALG_PBKDF2_HMAC(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_COST:INPUT_INTEGER:"01":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SALT:PSA_KEY_TYPE_NONE:"73616c74":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_PASSWORD:PSA_KEY_TYPE_PASSWORD:"706173737764":PSA_SUCCESS:PSA_KEY_TYPE_NONE:PSA_SUCCESS +derive_input:PSA_ALG_PBKDF2_HMAC(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_COST:INPUT_INTEGER:"01":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SALT:PSA_KEY_TYPE_NONE:"73616c74":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_PASSWORD:PSA_KEY_TYPE_PASSWORD:"706173737764":PSA_SUCCESS:PSA_KEY_TYPE_NONE:PSA_ERROR_NOT_SUPPORTED PSA key derivation: PBKDF2-HMAC-SHA256, salt missing depends_on:PSA_WANT_ALG_PBKDF2_HMAC:PSA_WANT_ALG_SHA_256 @@ -5317,15 +5317,15 @@ derive_input:PSA_ALG_PBKDF2_HMAC(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_COST: PSA key derivation: PBKDF2-HMAC-SHA256, password missing depends_on:PSA_WANT_ALG_PBKDF2_HMAC:PSA_WANT_ALG_SHA_256 -derive_input:PSA_ALG_PBKDF2_HMAC(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_COST:INPUT_INTEGER:"01":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SALT:PSA_KEY_TYPE_NONE:"73616c74":PSA_SUCCESS:0:UNUSED:"":UNUSED:PSA_KEY_TYPE_NONE:PSA_ERROR_BAD_STATE +derive_input:PSA_ALG_PBKDF2_HMAC(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_COST:INPUT_INTEGER:"01":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SALT:PSA_KEY_TYPE_NONE:"73616c74":PSA_SUCCESS:0:UNUSED:"":UNUSED:PSA_KEY_TYPE_NONE:PSA_ERROR_NOT_SUPPORTED PSA key derivation: PBKDF2-HMAC-SHA256, salt and password before cost depends_on:PSA_WANT_ALG_PBKDF2_HMAC:PSA_WANT_ALG_SHA_256 -derive_input:PSA_ALG_PBKDF2_HMAC(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SALT:PSA_KEY_TYPE_NONE:"73616c74":PSA_ERROR_BAD_STATE:PSA_KEY_DERIVATION_INPUT_PASSWORD:PSA_KEY_TYPE_PASSWORD:"706173737764":PSA_ERROR_BAD_STATE:PSA_KEY_DERIVATION_INPUT_COST:INPUT_INTEGER:"01":PSA_ERROR_BAD_STATE:PSA_KEY_TYPE_NONE:PSA_ERROR_BAD_STATE +derive_input:PSA_ALG_PBKDF2_HMAC(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SALT:PSA_KEY_TYPE_NONE:"73616c74":PSA_ERROR_BAD_STATE:PSA_KEY_DERIVATION_INPUT_PASSWORD:PSA_KEY_TYPE_PASSWORD:"706173737764":PSA_ERROR_BAD_STATE:PSA_KEY_DERIVATION_INPUT_COST:INPUT_INTEGER:"01":PSA_ERROR_INVALID_ARGUMENT:PSA_KEY_TYPE_NONE:PSA_ERROR_BAD_STATE PSA key derivation: PBKDF2-HMAC-SHA256, password before cost depends_on:PSA_WANT_ALG_PBKDF2_HMAC:PSA_WANT_ALG_SHA_256 -derive_input:PSA_ALG_PBKDF2_HMAC(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_PASSWORD:PSA_KEY_TYPE_PASSWORD:"706173737764":PSA_ERROR_BAD_STATE:PSA_KEY_DERIVATION_INPUT_COST:INPUT_INTEGER:"01":PSA_ERROR_BAD_STATE:PSA_KEY_DERIVATION_INPUT_SALT:PSA_KEY_TYPE_NONE:"73616c74":PSA_ERROR_BAD_STATE:PSA_KEY_TYPE_NONE:PSA_ERROR_BAD_STATE +derive_input:PSA_ALG_PBKDF2_HMAC(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_PASSWORD:PSA_KEY_TYPE_PASSWORD:"706173737764":PSA_ERROR_BAD_STATE:PSA_KEY_DERIVATION_INPUT_COST:INPUT_INTEGER:"01":PSA_ERROR_INVALID_ARGUMENT:PSA_KEY_DERIVATION_INPUT_SALT:PSA_KEY_TYPE_NONE:"73616c74":PSA_ERROR_BAD_STATE:PSA_KEY_TYPE_NONE:PSA_ERROR_BAD_STATE PSA key derivation: PBKDF2-HMAC-SHA256, password bad key type depends_on:PSA_WANT_ALG_PBKDF2_HMAC:PSA_WANT_ALG_SHA_256 @@ -5333,11 +5333,11 @@ derive_input:PSA_ALG_PBKDF2_HMAC(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_COST: PSA key derivation: PBKDF2-HMAC-SHA256, direct password, direct output depends_on:PSA_WANT_ALG_PBKDF2_HMAC:PSA_WANT_ALG_SHA_256 -derive_input:PSA_ALG_PBKDF2_HMAC(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_COST:INPUT_INTEGER:"01":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SALT:PSA_KEY_TYPE_NONE:"73616c74":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_PASSWORD:PSA_KEY_TYPE_NONE:"706173737764":PSA_SUCCESS:PSA_KEY_TYPE_NONE:PSA_SUCCESS +derive_input:PSA_ALG_PBKDF2_HMAC(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_COST:INPUT_INTEGER:"01":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SALT:PSA_KEY_TYPE_NONE:"73616c74":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_PASSWORD:PSA_KEY_TYPE_NONE:"706173737764":PSA_SUCCESS:PSA_KEY_TYPE_NONE:PSA_ERROR_NOT_SUPPORTED PSA key derivation: PBKDF2-HMAC-SHA256, direct empty password, direct output depends_on:PSA_WANT_ALG_PBKDF2_HMAC:PSA_WANT_ALG_SHA_256 -derive_input:PSA_ALG_PBKDF2_HMAC(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_COST:INPUT_INTEGER:"01":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SALT:PSA_KEY_TYPE_NONE:"73616c74":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_PASSWORD:PSA_KEY_TYPE_NONE:"":PSA_SUCCESS:PSA_KEY_TYPE_NONE:PSA_SUCCESS +derive_input:PSA_ALG_PBKDF2_HMAC(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_COST:INPUT_INTEGER:"01":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SALT:PSA_KEY_TYPE_NONE:"73616c74":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_PASSWORD:PSA_KEY_TYPE_NONE:"":PSA_SUCCESS:PSA_KEY_TYPE_NONE:PSA_ERROR_NOT_SUPPORTED PSA key derivation: PBKDF2-HMAC-SHA256, direct password, key output depends_on:PSA_WANT_ALG_PBKDF2_HMAC:PSA_WANT_ALG_SHA_256 @@ -5353,7 +5353,7 @@ derive_input:PSA_ALG_PBKDF2_HMAC(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_COST: PSA key derivation: PBKDF2-HMAC-SHA256, duplicate salt step depends_on:PSA_WANT_ALG_PBKDF2_HMAC:PSA_WANT_ALG_SHA_256 -derive_input:PSA_ALG_PBKDF2_HMAC(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_COST:INPUT_INTEGER:"01":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SALT:PSA_KEY_TYPE_NONE:"73616c74":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SALT:PSA_KEY_TYPE_NONE:"73616c74":PSA_SUCCESS:PSA_KEY_TYPE_NONE:PSA_ERROR_BAD_STATE +derive_input:PSA_ALG_PBKDF2_HMAC(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_COST:INPUT_INTEGER:"01":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SALT:PSA_KEY_TYPE_NONE:"73616c74":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SALT:PSA_KEY_TYPE_NONE:"73616c74":PSA_SUCCESS:PSA_KEY_TYPE_NONE:PSA_ERROR_NOT_SUPPORTED PSA key derivation: PBKDF2-HMAC-SHA256, reject secret step depends_on:PSA_WANT_ALG_PBKDF2_HMAC:PSA_WANT_ALG_SHA_256 From b9410e89b4380653836da161b6750e1c5bc3f959 Mon Sep 17 00:00:00 2001 From: Kusumit Ghoderao Date: Wed, 3 May 2023 18:36:35 +0530 Subject: [PATCH 065/328] Fix failing CI Signed-off-by: Kusumit Ghoderao --- include/mbedtls/config_psa.h | 14 ++++++++------ library/psa_crypto.c | 2 +- 2 files changed, 9 insertions(+), 7 deletions(-) diff --git a/include/mbedtls/config_psa.h b/include/mbedtls/config_psa.h index bbad0c4af1..bb39131972 100644 --- a/include/mbedtls/config_psa.h +++ b/include/mbedtls/config_psa.h @@ -264,7 +264,9 @@ extern "C" { #if defined(PSA_WANT_ALG_PBKDF2_HMAC) #if !defined(MBEDTLS_PSA_ACCEL_ALG_PBKDF2_HMAC) #define MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_HMAC 1 +#if !defined(MBEDTLS_PSA_ACCEL_ALG_HMAC) #define MBEDTLS_PSA_BUILTIN_ALG_HMAC 1 +#endif /* !MBEDTLS_PSA_ACCEL_ALG_HMAC */ #endif /* !MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_HMAC */ #endif /* PSA_WANT_ALG_PBKDF2_HMAC */ @@ -682,12 +684,12 @@ extern "C" { #define PSA_WANT_ALG_HMAC 1 #define PSA_WANT_KEY_TYPE_HMAC -#if defined(MBEDTLS_PKCS5_C) -#define MBEDTLS_PSA_BUILTIN_ALG_HMAC 1 -#define PSA_WANT_ALG_HMAC 1 -#define MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_HMAC 1 -#define PSA_WANT_ALG_PBKDF2_HMAC 1 -#endif /* MBEDTLS_PKCS5_C */ +// #if defined(MBEDTLS_PKCS5_C) +// #define MBEDTLS_PSA_BUILTIN_ALG_HMAC 1 +// #define PSA_WANT_ALG_HMAC 1 +// #define MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_HMAC 1 +// #define PSA_WANT_ALG_PBKDF2_HMAC 1 +// #endif /* MBEDTLS_PKCS5_C */ #if defined(MBEDTLS_MD_C) #define MBEDTLS_PSA_BUILTIN_ALG_TLS12_PRF 1 diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 2a4ac7b2b5..7262d84b45 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -6471,7 +6471,7 @@ static psa_status_t psa_pbkdf2_set_salt(psa_pbkdf2_key_derivation_t *pbkdf2, memcpy(pbkdf2->salt, prev_salt, prev_salt_length); memcpy(pbkdf2->salt + prev_salt_length, data, - data_length); + data_length); pbkdf2->salt_length += data_length; mbedtls_free(prev_salt); } From 6731a2580c30139683fddb818493ace0be17d7f1 Mon Sep 17 00:00:00 2001 From: Kusumit Ghoderao Date: Mon, 8 May 2023 15:54:54 +0530 Subject: [PATCH 066/328] Remove redundant code in key_derivation_abort() Signed-off-by: Kusumit Ghoderao --- library/psa_crypto.c | 3 --- 1 file changed, 3 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 7262d84b45..0373f38098 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -5096,9 +5096,6 @@ psa_status_t psa_key_derivation_abort(psa_key_derivation_operation_t *operation) #endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_ECJPAKE_TO_PMS) */ #if defined(MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_HMAC) if (PSA_ALG_IS_PBKDF2_HMAC(kdf_alg)) { - if (operation->ctx.pbkdf2.input_cost != 0U) { - operation->ctx.pbkdf2.input_cost = 0U; - } if (operation->ctx.pbkdf2.salt != NULL) { mbedtls_platform_zeroize(operation->ctx.pbkdf2.salt, operation->ctx.pbkdf2.salt_length); From d0422f30c586bc197be1dce278ec4cceb7de6450 Mon Sep 17 00:00:00 2001 From: Kusumit Ghoderao Date: Mon, 8 May 2023 15:56:19 +0530 Subject: [PATCH 067/328] Enable empty salt as input for pbkdf2 Signed-off-by: Kusumit Ghoderao --- library/psa_crypto.c | 44 ++++++++++++++++++++------------------------ 1 file changed, 20 insertions(+), 24 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 0373f38098..59169d504c 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -6449,31 +6449,27 @@ static psa_status_t psa_pbkdf2_set_salt(psa_pbkdf2_key_derivation_t *pbkdf2, return PSA_ERROR_BAD_STATE; } - if (data_length != 0) { - if (pbkdf2->state == PSA_PBKDF2_STATE_INPUT_COST_SET) { - pbkdf2->salt = mbedtls_calloc(1, data_length); - if (pbkdf2->salt == NULL) { - return PSA_ERROR_INSUFFICIENT_MEMORY; - } - - memcpy(pbkdf2->salt, data, data_length); - pbkdf2->salt_length = data_length; - } else if (pbkdf2->state == PSA_PBKDF2_STATE_SALT_SET) { - prev_salt = pbkdf2->salt; - prev_salt_length = pbkdf2->salt_length; - pbkdf2->salt = mbedtls_calloc(1, data_length + prev_salt_length); - if (pbkdf2->salt == NULL) { - return PSA_ERROR_INSUFFICIENT_MEMORY; - } - - memcpy(pbkdf2->salt, prev_salt, prev_salt_length); - memcpy(pbkdf2->salt + prev_salt_length, data, - data_length); - pbkdf2->salt_length += data_length; - mbedtls_free(prev_salt); + if (pbkdf2->state == PSA_PBKDF2_STATE_INPUT_COST_SET) { + pbkdf2->salt = mbedtls_calloc(1, data_length); + if (pbkdf2->salt == NULL) { + return PSA_ERROR_INSUFFICIENT_MEMORY; } - } else { - return PSA_ERROR_INVALID_ARGUMENT; + + memcpy(pbkdf2->salt, data, data_length); + pbkdf2->salt_length = data_length; + } else if (pbkdf2->state == PSA_PBKDF2_STATE_SALT_SET) { + prev_salt = pbkdf2->salt; + prev_salt_length = pbkdf2->salt_length; + pbkdf2->salt = mbedtls_calloc(1, data_length + prev_salt_length); + if (pbkdf2->salt == NULL) { + return PSA_ERROR_INSUFFICIENT_MEMORY; + } + + memcpy(pbkdf2->salt, prev_salt, prev_salt_length); + memcpy(pbkdf2->salt + prev_salt_length, data, + data_length); + pbkdf2->salt_length += data_length; + mbedtls_free(prev_salt); } pbkdf2->state = PSA_PBKDF2_STATE_SALT_SET; From 3fc4ca727263c070fe629acb94887beafaf3b20b Mon Sep 17 00:00:00 2001 From: Kusumit Ghoderao Date: Mon, 8 May 2023 15:57:41 +0530 Subject: [PATCH 068/328] Limit max input cost to 32bit Signed-off-by: Kusumit Ghoderao --- include/psa/crypto_builtin_key_derivation.h | 2 +- library/psa_crypto.c | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/include/psa/crypto_builtin_key_derivation.h b/include/psa/crypto_builtin_key_derivation.h index d2cf4df972..5d01f6c583 100644 --- a/include/psa/crypto_builtin_key_derivation.h +++ b/include/psa/crypto_builtin_key_derivation.h @@ -116,7 +116,7 @@ typedef enum { typedef struct { psa_pbkdf2_key_derivation_state_t MBEDTLS_PRIVATE(state); - uint64_t MBEDTLS_PRIVATE(input_cost); + size_t MBEDTLS_PRIVATE(input_cost); uint8_t *MBEDTLS_PRIVATE(salt); size_t MBEDTLS_PRIVATE(salt_length); uint8_t *MBEDTLS_PRIVATE(password); diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 59169d504c..af4ab65159 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -6423,11 +6423,11 @@ static psa_status_t psa_pbkdf2_set_input_cost( if (pbkdf2->state != PSA_PBKDF2_STATE_INIT) { return PSA_ERROR_BAD_STATE; } -#if UINT_MAX > 0xFFFFFFFF + if (data > 0xFFFFFFFF) { - return PSA_ERROR_INVALID_ARGUMENT; + return PSA_ERROR_NOT_SUPPORTED; } -#endif + if (data == 0) { return PSA_ERROR_INVALID_ARGUMENT; } From 9016bc4ed26f54d08c5e22ec0f8514cdc93fe0f9 Mon Sep 17 00:00:00 2001 From: Kusumit Ghoderao Date: Mon, 8 May 2023 16:04:05 +0530 Subject: [PATCH 069/328] Clean up commented code Signed-off-by: Kusumit Ghoderao --- include/mbedtls/config_psa.h | 7 ------- 1 file changed, 7 deletions(-) diff --git a/include/mbedtls/config_psa.h b/include/mbedtls/config_psa.h index bb39131972..43a499f4e3 100644 --- a/include/mbedtls/config_psa.h +++ b/include/mbedtls/config_psa.h @@ -684,13 +684,6 @@ extern "C" { #define PSA_WANT_ALG_HMAC 1 #define PSA_WANT_KEY_TYPE_HMAC -// #if defined(MBEDTLS_PKCS5_C) -// #define MBEDTLS_PSA_BUILTIN_ALG_HMAC 1 -// #define PSA_WANT_ALG_HMAC 1 -// #define MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_HMAC 1 -// #define PSA_WANT_ALG_PBKDF2_HMAC 1 -// #endif /* MBEDTLS_PKCS5_C */ - #if defined(MBEDTLS_MD_C) #define MBEDTLS_PSA_BUILTIN_ALG_TLS12_PRF 1 #define PSA_WANT_ALG_TLS12_PRF 1 From 2d8076978a34920d833b6202569fb2de614f7193 Mon Sep 17 00:00:00 2001 From: Pol Henarejos Date: Tue, 9 May 2023 11:44:57 +0200 Subject: [PATCH 070/328] Fix coding style. Signed-off-by: Pol Henarejos --- library/md.c | 9 +++------ 1 file changed, 3 insertions(+), 6 deletions(-) diff --git a/library/md.c b/library/md.c index a95763ef1e..993b006d21 100644 --- a/library/md.c +++ b/library/md.c @@ -862,14 +862,11 @@ const mbedtls_md_info_t *mbedtls_md_info_from_string(const char *md_name) #if defined(MBEDTLS_SHA3_C) if (!strcmp("SHA3-224", md_name)) { return mbedtls_md_info_from_type(MBEDTLS_MD_SHA3_224); - } - else if (!strcmp("SHA3-256", md_name)) { + } else if (!strcmp("SHA3-256", md_name)) { return mbedtls_md_info_from_type(MBEDTLS_MD_SHA3_256); - } - else if (!strcmp("SHA3-384", md_name)) { + } else if (!strcmp("SHA3-384", md_name)) { return mbedtls_md_info_from_type(MBEDTLS_MD_SHA3_384); - } - else if (!strcmp("SHA3-512", md_name)) { + } else if (!strcmp("SHA3-512", md_name)) { return mbedtls_md_info_from_type(MBEDTLS_MD_SHA3_512); } #endif From 199eab97e7af6848ea7ee8e671d170ee4603855a Mon Sep 17 00:00:00 2001 From: Andrzej Kurek Date: Wed, 10 May 2023 09:57:19 -0400 Subject: [PATCH 071/328] Add partial support for URI SubjectAltNames Only exact matching without normalization is supported. Signed-off-by: Andrzej Kurek --- ChangeLog.d/basic-uri-verification.txt | 4 +++ include/mbedtls/x509_crt.h | 8 ++++-- library/x509_crt.c | 36 +++++++++++++++++++++++--- tests/suites/test_suite_x509parse.data | 16 ++++++++++++ 4 files changed, 59 insertions(+), 5 deletions(-) create mode 100644 ChangeLog.d/basic-uri-verification.txt diff --git a/ChangeLog.d/basic-uri-verification.txt b/ChangeLog.d/basic-uri-verification.txt new file mode 100644 index 0000000000..aa039ea299 --- /dev/null +++ b/ChangeLog.d/basic-uri-verification.txt @@ -0,0 +1,4 @@ +Features + * X.509 hostname verification now partially supports URI Subject Alternate + Names. Only exact matching, without any normalization procedures + described in 7.4 of RFC5280, will result in a positive URI verification. diff --git a/include/mbedtls/x509_crt.h b/include/mbedtls/x509_crt.h index e1b4aa238d..6675bf89df 100644 --- a/include/mbedtls/x509_crt.h +++ b/include/mbedtls/x509_crt.h @@ -641,8 +641,12 @@ int mbedtls_x509_crt_verify_info(char *buf, size_t size, const char *prefix, * \param cn The expected Common Name. This will be checked to be * present in the certificate's subjectAltNames extension or, * if this extension is absent, as a CN component in its - * Subject name. DNS names and IP addresses are supported. This - * may be \c NULL if the CN need not be verified. + * Subject name. DNS names and IP addresses are fully + * supported, while the URI subtype is partially supported: + * only exact matching, without any normalization procedures + * described in 7.4 of RFC5280, will result in a positive + * URI verification. + * This may be \c NULL if the CN need not be verified. * \param flags The address at which to store the result of the verification. * If the verification couldn't be completed, the flag value is * set to (uint32_t) -1. diff --git a/library/x509_crt.c b/library/x509_crt.c index 6d62e4494a..abba05b845 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -2904,6 +2904,21 @@ static int x509_crt_check_san_ip(const mbedtls_x509_sequence *san, return -1; } +static int x509_crt_check_san_uri(const mbedtls_x509_sequence *san, + const char *cn, size_t cn_len) +{ + for (const mbedtls_x509_sequence *cur = san; cur != NULL; cur = cur->next) { + const unsigned char san_type = (unsigned char) cur->buf.tag & + MBEDTLS_ASN1_TAG_VALUE_MASK; + if (san_type == MBEDTLS_X509_SAN_UNIFORM_RESOURCE_IDENTIFIER && + cur->buf.len == cn_len && memcmp(cur->buf.p, cn, cn_len) == 0) { + return 0; + } + } + + return -1; +} + /* * Check for SAN match, see RFC 5280 Section 4.2.1.6 */ @@ -2911,23 +2926,38 @@ static int x509_crt_check_san(const mbedtls_x509_sequence *san, const char *cn, size_t cn_len) { int san_ip = 0; + int san_uri = 0; + /* Prioritize DNS name over other subtypes due to popularity */ for (const mbedtls_x509_sequence *cur = san; cur != NULL; cur = cur->next) { switch ((unsigned char) cur->buf.tag & MBEDTLS_ASN1_TAG_VALUE_MASK) { - case MBEDTLS_X509_SAN_DNS_NAME: /* dNSName */ + case MBEDTLS_X509_SAN_DNS_NAME: if (x509_crt_check_cn(&cur->buf, cn, cn_len) == 0) { return 0; } break; - case MBEDTLS_X509_SAN_IP_ADDRESS: /* iPAddress */ + case MBEDTLS_X509_SAN_IP_ADDRESS: san_ip = 1; break; + case MBEDTLS_X509_SAN_UNIFORM_RESOURCE_IDENTIFIER: + san_uri = 1; + break; /* (We may handle other types here later.) */ default: /* Unrecognized type */ break; } } + if (san_ip) { + if (x509_crt_check_san_ip(san, cn, cn_len) == 0) { + return 0; + } + } + if (san_uri) { + if (x509_crt_check_san_uri(san, cn, cn_len) == 0) { + return 0; + } + } - return san_ip ? x509_crt_check_san_ip(san, cn, cn_len) : -1; + return -1; } /* diff --git a/tests/suites/test_suite_x509parse.data b/tests/suites/test_suite_x509parse.data index 55ed0c55d5..0193e07ffe 100644 --- a/tests/suites/test_suite_x509parse.data +++ b/tests/suites/test_suite_x509parse.data @@ -1043,6 +1043,22 @@ X509 CRT verification: mismatching IPv6 in SubjectAltName depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_MD_CAN_SHA256:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_RSA_C x509_verify:"data_files/server5-tricky-ip-san.crt":"data_files/server5-tricky-ip-san.crt":"data_files/crl_sha256.pem":"6162\:6364\:\:6F6D":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_CN_MISMATCH:"":"NULL" +X509 CRT verification: matching URI in SubjectAltName +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_MD_CAN_SHA256:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_RSA_C +x509_verify:"data_files/rsa_single_san_uri.crt.der":"data_files/rsa_single_san_uri.crt.der":"data_files/crl_sha256.pem":"urn\:example.com\:5ff40f78-9210-494f-8206-c2c082f0609c":0:0:"":"NULL" + +X509 CRT verification: URI with trailing data in SubjectAltName +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_MD_CAN_SHA256:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_RSA_C +x509_verify:"data_files/rsa_single_san_uri.crt.der":"data_files/rsa_single_san_uri.crt.der":"data_files/crl_sha256.pem":"urn\:example.com\:5ff40f78-9210-494f-8206-c2c082f0609cz":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_CN_MISMATCH:"":"NULL" + +X509 CRT verification: URI with preceding data in SubjectAltName +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_MD_CAN_SHA256:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_RSA_C +x509_verify:"data_files/rsa_single_san_uri.crt.der":"data_files/rsa_single_san_uri.crt.der":"data_files/crl_sha256.pem":"zurn\:example.com\:5ff40f78-9210-494f-8206-c2c082f0609c":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_CN_MISMATCH:"":"NULL" + +X509 CRT verification: URI with bad data in SubjectAltName +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_MD_CAN_SHA256:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_RSA_C +x509_verify:"data_files/rsa_single_san_uri.crt.der":"data_files/rsa_single_san_uri.crt.der":"data_files/crl_sha256.pem":"bad\:example.com\:5ff40f78-9210-494f-8206-c2c082f0609c":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_CN_MISMATCH:"":"NULL" + X509 CRT parse CN: IPv4 valid address x509_crt_parse_cn_inet_pton:"10.10.10.10":"0A0A0A0A":4 From dccb20204a79429316a4ad17133e883963022092 Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Thu, 11 May 2023 10:48:50 +0200 Subject: [PATCH 072/328] Add test component for accelerated FFDH Signed-off-by: Przemek Stekiel --- tests/scripts/all.sh | 46 +++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 45 insertions(+), 1 deletion(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 78666b41f2..f2a37f2d4c 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -187,7 +187,7 @@ pre_initialize_variables () { # CFLAGS and LDFLAGS for Asan builds that don't use CMake # default to -O2, use -Ox _after_ this if you want another level - ASAN_CFLAGS='-O2 -Werror -fsanitize=address,undefined -fno-sanitize-recover=all' + ASAN_CFLAGS='-O0 -Werror -fsanitize=address,undefined -fno-sanitize-recover=all' # Gather the list of available components. These are the functions # defined in this script whose name starts with "component_". @@ -2160,6 +2160,50 @@ component_test_psa_crypto_config_accel_ecdh () { make test } +component_test_psa_crypto_config_accel_ffdh () { + msg "build: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated FFDH" + + # Algorithms and key types to accelerate + loc_accel_list="ALG_FFDH KEY_TYPE_DH_KEY_PAIR KEY_TYPE_DH_PUBLIC_KEY" + + # Configure and build the test driver library + # ------------------------------------------- + + # Disable ALG_STREAM_CIPHER and ALG_ECB_NO_PADDING to avoid having + # partial support for cipher operations in the driver test library. + scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_STREAM_CIPHER + scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_ECB_NO_PADDING + + loc_accel_flags=$( echo "$loc_accel_list" | sed 's/[^ ]* */-DLIBTESTDRIVER1_MBEDTLS_PSA_ACCEL_&/g' ) + make -C tests libtestdriver1.a CFLAGS=" $ASAN_CFLAGS $loc_accel_flags" LDFLAGS="$ASAN_CFLAGS" + + # Configure and build the main libraries + # -------------------------------------- + + # Start from default config (no USE_PSA or TLS 1.3) + scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG + + # Disable the module that's accelerated + scripts/config.py unset MBEDTLS_DHM_C + + # Disable things that depend on it + scripts/config.py unset MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED + scripts/config.py unset MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED + + # Build the main library + loc_accel_flags="$loc_accel_flags $( echo "$loc_accel_list" | sed 's/[^ ]* */-DMBEDTLS_PSA_ACCEL_&/g' )" + make CFLAGS="$ASAN_CFLAGS -O -Werror -I../tests/include -I../tests -I../../tests -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_TEST_LIBTESTDRIVER1 $loc_accel_flags" LDFLAGS="-ltestdriver1 $ASAN_CFLAGS" + + # Make sure this was not re-enabled by accident (additive config) + not grep mbedtls_dhm_ library/dhm.o + + # Run the tests + # ------------- + + msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated FFDH" + make test +} + component_test_psa_crypto_config_accel_pake() { msg "build: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated PAKE" From bfba51d672df62b02630a9b3697e1d27d35a8687 Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Thu, 11 May 2023 11:01:55 +0200 Subject: [PATCH 073/328] Add FFDH support for transparent drivers(generate, export public key) Signed-off-by: Przemek Stekiel --- .../src/drivers/test_driver_key_management.c | 28 +++++++++++++++++++ 1 file changed, 28 insertions(+) diff --git a/tests/src/drivers/test_driver_key_management.c b/tests/src/drivers/test_driver_key_management.c index a3ff2ddea6..dba0c26225 100644 --- a/tests/src/drivers/test_driver_key_management.c +++ b/tests/src/drivers/test_driver_key_management.c @@ -25,6 +25,7 @@ #include "psa_crypto_core.h" #include "psa_crypto_ecp.h" #include "psa_crypto_rsa.h" +#include "psa_crypto_ffdh.h" #include "mbedtls/ecp.h" #include "mbedtls/error.h" @@ -36,6 +37,7 @@ #if defined(MBEDTLS_TEST_LIBTESTDRIVER1) #include "libtestdriver1/library/psa_crypto_ecp.h" #include "libtestdriver1/library/psa_crypto_rsa.h" +#include "libtestdriver1/library/psa_crypto_ffdh.h" #endif #include @@ -239,6 +241,17 @@ psa_status_t mbedtls_test_transparent_generate_key( #elif defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) return mbedtls_psa_rsa_generate_key( attributes, key, key_size, key_length); +#endif + } else if (PSA_KEY_TYPE_IS_DH(psa_get_key_type(attributes)) + && PSA_KEY_TYPE_IS_KEY_PAIR(psa_get_key_type(attributes))) { +#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ + defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_KEY_PAIR) + return libtestdriver1_mbedtls_psa_ffdh_generate_key( + (const libtestdriver1_psa_key_attributes_t *) attributes, + key, key_size, key_length); +#elif defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_KEY_PAIR) + return mbedtls_psa_ffdh_generate_key( + attributes, key, key_size, key_length); #endif } @@ -559,6 +572,21 @@ psa_status_t mbedtls_test_transparent_export_public_key( attributes, key_buffer, key_buffer_size, data, data_size, data_length); +#endif + } else if (PSA_KEY_TYPE_IS_DH(key_type)) { +#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ + (defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_KEY_PAIR) || \ + defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_PUBLIC_KEY)) + return libtestdriver1_mbedtls_psa_export_ffdh_public_key( + (const libtestdriver1_psa_key_attributes_t *) attributes, + key_buffer, key_buffer_size, + data, data_size, data_length); +#elif defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_KEY_PAIR) || \ + defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_PUBLIC_KEY) + return mbedtls_psa_export_ffdh_public_key( + attributes, + key_buffer, key_buffer_size, + data, data_size, data_length); #endif } From c49163e7862c21897a1fe251f7d30e975e0361af Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Thu, 11 May 2023 11:03:01 +0200 Subject: [PATCH 074/328] Adapt test driver configuration for FFDH Signed-off-by: Przemek Stekiel --- .../test/drivers/crypto_config_test_driver_extension.h | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/tests/include/test/drivers/crypto_config_test_driver_extension.h b/tests/include/test/drivers/crypto_config_test_driver_extension.h index 10d8e6edeb..f8b3a34a7e 100644 --- a/tests/include/test/drivers/crypto_config_test_driver_extension.h +++ b/tests/include/test/drivers/crypto_config_test_driver_extension.h @@ -206,6 +206,14 @@ #endif #endif +#if defined(PSA_WANT_KEY_TYPE_DH_KEY_PAIR) +#if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_DH_KEY_PAIR) +#undef MBEDTLS_PSA_ACCEL_KEY_TYPE_DH_KEY_PAIR +#else +#define MBEDTLS_PSA_ACCEL_KEY_TYPE_DH_KEY_PAIR 1 +#endif +#endif + #if defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR) #if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR) #undef MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR @@ -222,6 +230,7 @@ #endif #endif + #if defined(PSA_WANT_ALG_TLS12_PRF) #if defined(MBEDTLS_PSA_ACCEL_ALG_TLS12_PRF) #undef MBEDTLS_PSA_ACCEL_ALG_TLS12_PRF @@ -283,3 +292,4 @@ #define MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY 1 #define MBEDTLS_PSA_ACCEL_KEY_TYPE_RAW_DATA 1 #define MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_PUBLIC_KEY 1 +#define MBEDTLS_PSA_ACCEL_KEY_TYPE_DH_PUBLIC_KEY 1 From a59255f04f764fc9a04ca9bc890b451a7828cc4f Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Thu, 11 May 2023 11:03:54 +0200 Subject: [PATCH 075/328] Adapt guards in ffdh driver Signed-off-by: Przemek Stekiel --- library/psa_crypto_ffdh.c | 142 ++++++++++++++++++++------------------ 1 file changed, 75 insertions(+), 67 deletions(-) diff --git a/library/psa_crypto_ffdh.c b/library/psa_crypto_ffdh.c index 6e34eaa54f..db30a89533 100644 --- a/library/psa_crypto_ffdh.c +++ b/library/psa_crypto_ffdh.c @@ -26,9 +26,11 @@ #include "psa_crypto_core.h" #include "psa_crypto_ffdh.h" #include "psa_crypto_random_impl.h" +#include "mbedtls/platform.h" -#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_KEY_PAIR) || \ - defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_PUBLIC_KEY) +#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_KEY_PAIR) || \ + defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_PUBLIC_KEY) || \ + defined(MBEDTLS_PSA_BUILTIN_ALG_FFDH) static psa_status_t mbedtls_psa_ffdh_set_prime_generator(size_t key_size, mbedtls_mpi *P, mbedtls_mpi *G) @@ -115,72 +117,12 @@ cleanup: return PSA_SUCCESS; } +#endif /* MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_KEY_PAIR || + MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_PUBLIC_KEY || + MBEDTLS_PSA_BUILTIN_ALG_FFDH */ -#if defined(MBEDTLS_PSA_BUILTIN_ALG_FFDH) -psa_status_t mbedtls_psa_key_agreement_ffdh( - const psa_key_attributes_t *attributes, - const uint8_t *peer_key, - size_t peer_key_length, - const uint8_t *key_buffer, - size_t key_buffer_size, - uint8_t *shared_secret, - size_t shared_secret_size, - size_t *shared_secret_length) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - mbedtls_mpi P, G, X, GY, K; - const size_t calculated_shared_secret_size = peer_key_length; - - if (peer_key_length != key_buffer_size || - calculated_shared_secret_size > shared_secret_size) { - return PSA_ERROR_INVALID_ARGUMENT; - } - - if (!PSA_KEY_TYPE_IS_DH_KEY_PAIR(psa_get_key_type(attributes))) { - return PSA_ERROR_INVALID_ARGUMENT; - } - - mbedtls_mpi_init(&P); mbedtls_mpi_init(&G); - mbedtls_mpi_init(&X); mbedtls_mpi_init(&GY); - mbedtls_mpi_init(&K); - - status = mbedtls_psa_ffdh_set_prime_generator( - PSA_BITS_TO_BYTES(attributes->core.bits), &P, &G); - - if (status != PSA_SUCCESS) { - goto cleanup; - } - - MBEDTLS_MPI_CHK(mbedtls_mpi_read_binary(&X, key_buffer, - key_buffer_size)); - - MBEDTLS_MPI_CHK(mbedtls_mpi_read_binary(&GY, peer_key, - peer_key_length)); - - /* Calculate shared secret public key: K = G^(XY) mod P = GY^X mod P */ - MBEDTLS_MPI_CHK(mbedtls_mpi_exp_mod(&K, &GY, &X, &P, NULL)); - - MBEDTLS_MPI_CHK(mbedtls_mpi_write_binary(&K, shared_secret, - calculated_shared_secret_size)); - - *shared_secret_length = calculated_shared_secret_size; - - ret = 0; - -cleanup: - mbedtls_mpi_free(&P); mbedtls_mpi_free(&G); - mbedtls_mpi_free(&X); mbedtls_mpi_free(&GY); - mbedtls_mpi_free(&K); - - if (status == PSA_SUCCESS && ret != 0) { - status = mbedtls_to_psa_error(ret); - } - - return status; -} -#endif /* MBEDTLS_PSA_BUILTIN_ALG_FFDH */ - +#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_KEY_PAIR) || \ + defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_PUBLIC_KEY) psa_status_t mbedtls_psa_export_ffdh_public_key( const psa_key_attributes_t *attributes, const uint8_t *key_buffer, @@ -256,7 +198,73 @@ cleanup: return status; } + #endif /* MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_KEY_PAIR || MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_PUBLIC_KEY */ +#if defined(MBEDTLS_PSA_BUILTIN_ALG_FFDH) +psa_status_t mbedtls_psa_key_agreement_ffdh( + const psa_key_attributes_t *attributes, + const uint8_t *peer_key, + size_t peer_key_length, + const uint8_t *key_buffer, + size_t key_buffer_size, + uint8_t *shared_secret, + size_t shared_secret_size, + size_t *shared_secret_length) +{ + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + mbedtls_mpi P, G, X, GY, K; + const size_t calculated_shared_secret_size = peer_key_length; + + if (peer_key_length != key_buffer_size || + calculated_shared_secret_size > shared_secret_size) { + return PSA_ERROR_INVALID_ARGUMENT; + } + + if (!PSA_KEY_TYPE_IS_DH_KEY_PAIR(psa_get_key_type(attributes))) { + return PSA_ERROR_INVALID_ARGUMENT; + } + + mbedtls_mpi_init(&P); mbedtls_mpi_init(&G); + mbedtls_mpi_init(&X); mbedtls_mpi_init(&GY); + mbedtls_mpi_init(&K); + + status = mbedtls_psa_ffdh_set_prime_generator( + PSA_BITS_TO_BYTES(attributes->core.bits), &P, &G); + + if (status != PSA_SUCCESS) { + goto cleanup; + } + + MBEDTLS_MPI_CHK(mbedtls_mpi_read_binary(&X, key_buffer, + key_buffer_size)); + + MBEDTLS_MPI_CHK(mbedtls_mpi_read_binary(&GY, peer_key, + peer_key_length)); + + /* Calculate shared secret public key: K = G^(XY) mod P = GY^X mod P */ + MBEDTLS_MPI_CHK(mbedtls_mpi_exp_mod(&K, &GY, &X, &P, NULL)); + + MBEDTLS_MPI_CHK(mbedtls_mpi_write_binary(&K, shared_secret, + calculated_shared_secret_size)); + + *shared_secret_length = calculated_shared_secret_size; + + ret = 0; + +cleanup: + mbedtls_mpi_free(&P); mbedtls_mpi_free(&G); + mbedtls_mpi_free(&X); mbedtls_mpi_free(&GY); + mbedtls_mpi_free(&K); + + if (status == PSA_SUCCESS && ret != 0) { + status = mbedtls_to_psa_error(ret); + } + + return status; +} +#endif /* MBEDTLS_PSA_BUILTIN_ALG_FFDH */ + #endif /* MBEDTLS_PSA_CRYPTO_C */ From c4019fa74f15232583b7765b9c44624c10a74fe7 Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Thu, 11 May 2023 11:05:11 +0200 Subject: [PATCH 076/328] Fix peer vs our key missmatch in ffdh key agreement transparent driver Signed-off-by: Przemek Stekiel --- tests/src/drivers/test_driver_key_agreement.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/tests/src/drivers/test_driver_key_agreement.c b/tests/src/drivers/test_driver_key_agreement.c index 843ebf95b3..6cfde20ad6 100644 --- a/tests/src/drivers/test_driver_key_agreement.c +++ b/tests/src/drivers/test_driver_key_agreement.c @@ -34,6 +34,7 @@ #if defined(MBEDTLS_TEST_LIBTESTDRIVER1) #include "libtestdriver1/include/psa/crypto.h" #include "libtestdriver1/library/psa_crypto_ecp.h" +#include "libtestdriver1/library/psa_crypto_ffdh.h" #endif mbedtls_test_driver_key_agreement_hooks_t @@ -101,8 +102,8 @@ psa_status_t mbedtls_test_transparent_key_agreement( defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_ALG_FFDH)) return libtestdriver1_mbedtls_psa_key_agreement_ffdh( (const libtestdriver1_psa_key_attributes_t *) attributes, + peer_key, peer_key_length, key_buffer, key_buffer_size, - alg, peer_key, peer_key_length, shared_secret, shared_secret_size, shared_secret_length); #elif defined(MBEDTLS_PSA_BUILTIN_ALG_FFDH) From c80e7506a0666cc1469a109140abb5bfbe566bd7 Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Thu, 11 May 2023 11:14:25 +0200 Subject: [PATCH 077/328] Handle simple copy import/export before driver dispatch Signed-off-by: Przemek Stekiel --- library/psa_crypto.c | 97 ++++++++++++++++++++++++++------------------ 1 file changed, 58 insertions(+), 39 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 7b6f05be31..242eb8571f 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -640,23 +640,6 @@ psa_status_t psa_import_key_into_slot( return PSA_SUCCESS; } else if (PSA_KEY_TYPE_IS_ASYMMETRIC(type)) { -#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_KEY_PAIR) || \ - defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_PUBLIC_KEY) - if (PSA_KEY_TYPE_IS_DH(type)) { - if (psa_is_dh_key_size_valid(PSA_BYTES_TO_BITS(data_length)) == 0) { - return PSA_ERROR_INVALID_ARGUMENT; - } - - /* Copy the key material. */ - memcpy(key_buffer, data, data_length); - *key_buffer_length = data_length; - *bits = PSA_BYTES_TO_BITS(data_length); - (void) key_buffer_size; - - return PSA_SUCCESS; - } -#endif /* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_KEY_PAIR) || - * defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_PUBLIC_KEY) */ #if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR) || \ defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY) if (PSA_KEY_TYPE_IS_ECC(type)) { @@ -1426,14 +1409,7 @@ psa_status_t psa_export_public_key_internal( { psa_key_type_t type = attributes->core.type; - if (PSA_KEY_TYPE_IS_PUBLIC_KEY(type) && - (PSA_KEY_TYPE_IS_RSA(type) || PSA_KEY_TYPE_IS_ECC(type) || - PSA_KEY_TYPE_IS_DH(type))) { - /* Exporting public -> public */ - return psa_export_key_buffer_internal( - key_buffer, key_buffer_size, - data, data_size, data_length); - } else if (PSA_KEY_TYPE_IS_RSA(type)) { + if (PSA_KEY_TYPE_IS_RSA(type)) { #if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) || \ defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY) return mbedtls_psa_rsa_export_public_key(attributes, @@ -1514,9 +1490,23 @@ psa_status_t psa_export_public_key(mbedtls_svc_key_id_t key, psa_key_attributes_t attributes = { .core = slot->attr }; - status = psa_driver_wrapper_export_public_key( - &attributes, slot->key.data, slot->key.bytes, - data, data_size, data_length); + + psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( + psa_get_key_lifetime(&attributes)); + + if (location == PSA_KEY_LOCATION_LOCAL_STORAGE && + PSA_KEY_TYPE_IS_PUBLIC_KEY(slot->attr.type) && + (PSA_KEY_TYPE_IS_RSA(slot->attr.type) || PSA_KEY_TYPE_IS_ECC(slot->attr.type) || + PSA_KEY_TYPE_IS_DH(slot->attr.type))) { + /* Exporting public -> public */ + status = psa_export_key_buffer_internal( + slot->key.data, slot->key.bytes, + data, data_size, data_length); + } else { + status = psa_driver_wrapper_export_public_key( + &attributes, slot->key.data, slot->key.bytes, + data, data_size, data_length); + } exit: unlock_status = psa_unlock_key_slot(slot); @@ -2011,12 +2001,27 @@ psa_status_t psa_import_key(const psa_key_attributes_t *attributes, } } - bits = slot->attr.bits; - status = psa_driver_wrapper_import_key(attributes, - data, data_length, - slot->key.data, - slot->key.bytes, - &slot->key.bytes, &bits); + if (PSA_KEY_TYPE_IS_ASYMMETRIC(attributes->core.type) && + PSA_KEY_TYPE_IS_DH(attributes->core.type)) { + if (psa_is_dh_key_size_valid(PSA_BYTES_TO_BITS(data_length)) == 0) { + status = PSA_ERROR_INVALID_ARGUMENT; + goto exit; + } + + /* Copy the key material. */ + memcpy(slot->key.data, data, data_length); + bits = PSA_BYTES_TO_BITS(data_length); + + status = PSA_SUCCESS; + } else { + bits = slot->attr.bits; + status = psa_driver_wrapper_import_key(attributes, + data, data_length, + slot->key.data, + slot->key.bytes, + &slot->key.bytes, &bits); + } + if (status != PSA_SUCCESS) { goto exit; } @@ -5831,11 +5836,25 @@ static psa_status_t psa_generate_derived_key_internal( goto exit; } - status = psa_driver_wrapper_import_key(&attributes, - data, bytes, - slot->key.data, - slot->key.bytes, - &slot->key.bytes, &bits); + if (PSA_KEY_TYPE_IS_ASYMMETRIC(attributes.core.type) && + PSA_KEY_TYPE_IS_DH(attributes.core.type)) { + if (psa_is_dh_key_size_valid(PSA_BYTES_TO_BITS(bytes)) == 0) { + status = PSA_ERROR_INVALID_ARGUMENT; + goto exit; + } + + /* Copy the key material. */ + memcpy(slot->key.data, data, bytes); + bits = PSA_BYTES_TO_BITS(bytes); + + status = PSA_SUCCESS; + } else { + status = psa_driver_wrapper_import_key(&attributes, + data, bytes, + slot->key.data, + slot->key.bytes, + &slot->key.bytes, &bits); + } if (bits != slot->attr.bits) { status = PSA_ERROR_INVALID_ARGUMENT; } From ea52e1a43f6df2754877474119434e9c4c7ee803 Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Thu, 11 May 2023 12:23:12 +0200 Subject: [PATCH 078/328] Add changelog entry (FFDH driver dispatch) Signed-off-by: Przemek Stekiel --- ChangeLog.d/driver-ffdh.txt | 3 +++ 1 file changed, 3 insertions(+) create mode 100644 ChangeLog.d/driver-ffdh.txt diff --git a/ChangeLog.d/driver-ffdh.txt b/ChangeLog.d/driver-ffdh.txt new file mode 100644 index 0000000000..1185133042 --- /dev/null +++ b/ChangeLog.d/driver-ffdh.txt @@ -0,0 +1,3 @@ +Features + * Add a driver dispatch layer for FFDH keys, enabling alternative + implementations of FFDH through the driver entry points. From 0b11ee08882e10f5512f9150cb42be620b1ccffb Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Tue, 16 May 2023 13:26:06 +0200 Subject: [PATCH 079/328] Fix compilation errors(unused variables, guards) Signed-off-by: Przemek Stekiel --- library/psa_crypto.c | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 242eb8571f..ec23830a2e 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -129,9 +129,6 @@ int psa_can_do_hash(psa_algorithm_t hash_alg) (void) hash_alg; return global_data.drivers_initialized; } -#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_KEY_PAIR) || \ - defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_PUBLIC_KEY) || \ - defined(PSA_WANT_KEY_TYPE_DH_KEY_PAIR) static int psa_is_dh_key_size_valid(size_t bits) { if (bits != 2048 && bits != 3072 && bits != 4096 && @@ -141,9 +138,6 @@ static int psa_is_dh_key_size_valid(size_t bits) return 1; } -#endif /* MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_KEY_PAIR || - MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_PUBLIC_KEY || - PSA_WANT_KEY_TYPE_DH_KEY_PAIR */ psa_status_t mbedtls_to_psa_error(int ret) { @@ -1450,6 +1444,11 @@ psa_status_t psa_export_public_key_internal( #endif /* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_KEY_PAIR) || * defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_PUBLIC_KEY) */ } else { + (void) key_buffer; + (void) key_buffer_size; + (void) data; + (void) data_size; + (void) data_length; return PSA_ERROR_NOT_SUPPORTED; } } From 1a75269589613e1c687050e7cf2c628268083a4b Mon Sep 17 00:00:00 2001 From: Andrzej Kurek Date: Sat, 1 Apr 2023 09:44:11 -0400 Subject: [PATCH 080/328] Move mbedtls_x509_san_list to x509.h Signed-off-by: Andrzej Kurek --- include/mbedtls/x509.h | 7 +++++++ include/mbedtls/x509_csr.h | 6 ------ 2 files changed, 7 insertions(+), 6 deletions(-) diff --git a/include/mbedtls/x509.h b/include/mbedtls/x509.h index 7faf176b5a..8582e76b8d 100644 --- a/include/mbedtls/x509.h +++ b/include/mbedtls/x509.h @@ -312,6 +312,12 @@ typedef struct mbedtls_x509_subject_alternative_name { } mbedtls_x509_subject_alternative_name; +typedef struct mbedtls_x509_san_list { + mbedtls_x509_subject_alternative_name node; + struct mbedtls_x509_san_list *next; +} +mbedtls_x509_san_list; + /** \} name Structures for parsing X.509 certificates, CRLs and CSRs */ /** @@ -467,6 +473,7 @@ int mbedtls_x509_set_extension(mbedtls_asn1_named_data **head, const char *oid, size_t val_len); int mbedtls_x509_write_extensions(unsigned char **p, unsigned char *start, mbedtls_asn1_named_data *first); + int mbedtls_x509_write_names(unsigned char **p, unsigned char *start, mbedtls_asn1_named_data *first); int mbedtls_x509_write_sig(unsigned char **p, unsigned char *start, diff --git a/include/mbedtls/x509_csr.h b/include/mbedtls/x509_csr.h index f3f9e13a03..e469df26c8 100644 --- a/include/mbedtls/x509_csr.h +++ b/include/mbedtls/x509_csr.h @@ -83,12 +83,6 @@ typedef struct mbedtls_x509write_csr { } mbedtls_x509write_csr; -typedef struct mbedtls_x509_san_list { - mbedtls_x509_subject_alternative_name node; - struct mbedtls_x509_san_list *next; -} -mbedtls_x509_san_list; - #if defined(MBEDTLS_X509_CSR_PARSE_C) /** * \brief Load a Certificate Signing Request (CSR) in DER format From ccdd9752865b4ca24e788f74e38fa423040df468 Mon Sep 17 00:00:00 2001 From: Andrzej Kurek Date: Sat, 1 Apr 2023 10:38:30 -0400 Subject: [PATCH 081/328] Add a certificate exercising all supported SAN types This will be used for comparison in unit tests. Add a possibility to write certificates with SAN in cert_write. Signed-off-by: Andrzej Kurek --- programs/x509/cert_write.c | 102 +++++++++++++++++- tests/data_files/Makefile | 2 + .../data_files/server1.allSubjectAltNames.crt | 23 ++++ 3 files changed, 125 insertions(+), 2 deletions(-) create mode 100644 tests/data_files/server1.allSubjectAltNames.crt diff --git a/programs/x509/cert_write.c b/programs/x509/cert_write.c index 51b09f3d65..ac6187a198 100644 --- a/programs/x509/cert_write.c +++ b/programs/x509/cert_write.c @@ -79,6 +79,7 @@ int main(void) #define DFL_NOT_AFTER "20301231235959" #define DFL_SERIAL "1" #define DFL_SERIAL_HEX "1" +#define DFL_EXT_SUBJECTALTNAME "" #define DFL_SELFSIGN 0 #define DFL_IS_CA 0 #define DFL_MAX_PATHLEN -1 @@ -134,6 +135,13 @@ int main(void) " subject_identifier=%%s default: 1\n" \ " Possible values: 0, 1\n" \ " (Considered for v3 only)\n" \ + " san=%%s default: (none)\n" \ + " Comma-separated-list of values:\n" \ + " DNS:value\n" \ + " URI:value\n" \ + " RFC822:value\n" \ + " IP:value (Only IPv4 is supported)\n" \ + " DN:value\n" \ " authority_identifier=%%s default: 1\n" \ " Possible values: 0, 1\n" \ " (Considered for v3 only)\n" \ @@ -188,6 +196,7 @@ struct options { const char *issuer_pwd; /* password for the issuer key file */ const char *output_file; /* where to store the constructed CRT */ const char *subject_name; /* subject name for certificate */ + mbedtls_x509_san_list *san_list; /* subjectAltName for certificate */ const char *issuer_name; /* issuer name for certificate */ const char *not_before; /* validity period not before */ const char *not_after; /* validity period not after */ @@ -207,6 +216,19 @@ struct options { int format; /* format */ } opt; +static int ip_string_to_bytes(const char *str, uint8_t *bytes, int maxBytes) +{ + for (int i = 0; i < maxBytes; i++) { + bytes[i] = strtoul(str, NULL, 16); + str = strchr(str, '.'); + if (str == NULL || *str == '\0') { + break; + } + str++; + } + return 0; +} + int write_certificate(mbedtls_x509write_cert *crt, const char *output_file, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng) @@ -301,7 +323,7 @@ int main(int argc, char *argv[]) char buf[1024]; char issuer_name[256]; int i; - char *p, *q, *r; + char *p, *q, *r, *r2; #if defined(MBEDTLS_X509_CSR_PARSE_C) char subject_name[256]; mbedtls_x509_csr csr; @@ -314,7 +336,8 @@ int main(int argc, char *argv[]) mbedtls_entropy_context entropy; mbedtls_ctr_drbg_context ctr_drbg; const char *pers = "crt example app"; - + mbedtls_x509_san_list *cur, *prev; + uint8_t ip[4] = { 0 }; /* * Set to sane values */ @@ -370,6 +393,7 @@ usage: opt.authority_identifier = DFL_AUTH_IDENT; opt.basic_constraints = DFL_CONSTRAINTS; opt.format = DFL_FORMAT; + opt.san_list = NULL; for (i = 1; i < argc; i++) { @@ -526,6 +550,69 @@ usage: *tail = ext_key_usage; tail = &ext_key_usage->next; + q = r; + } + } else if (strcmp(p, "san") == 0) { + prev = NULL; + + while (q != NULL) { + if ((r = strchr(q, ';')) != NULL) { + *r++ = '\0'; + } + + cur = mbedtls_calloc(1, sizeof(mbedtls_x509_san_list)); + if (cur == NULL) { + mbedtls_printf("Not enough memory for subjectAltName list\n"); + goto usage; + } + + cur->next = NULL; + + if ((r2 = strchr(q, ':')) != NULL) { + *r2++ = '\0'; + } + if (strcmp(q, "RFC822") == 0) { + cur->node.type = MBEDTLS_X509_SAN_RFC822_NAME; + } else if (strcmp(q, "URI") == 0) { + cur->node.type = MBEDTLS_X509_SAN_UNIFORM_RESOURCE_IDENTIFIER; + } else if (strcmp(q, "DNS") == 0) { + cur->node.type = MBEDTLS_X509_SAN_DNS_NAME; + } else if (strcmp(q, "IP") == 0) { + cur->node.type = MBEDTLS_X509_SAN_IP_ADDRESS; + ip_string_to_bytes(r2, ip, 4); + cur->node.san.unstructured_name.p = (unsigned char *) ip; + cur->node.san.unstructured_name.len = sizeof(ip); + } else if (strcmp(q, "DN") == 0) { + mbedtls_asn1_named_data *ext_san_dirname = NULL; + cur->node.type = MBEDTLS_X509_SAN_DIRECTORY_NAME; + if ((ret = mbedtls_x509_string_to_names(&ext_san_dirname, + r2)) != 0) { + mbedtls_strerror(ret, buf, sizeof(buf)); + mbedtls_printf( + " failed\n ! mbedtls_x509_string_to_names " + "returned -0x%04x - %s\n\n", + (unsigned int) -ret, buf); + goto exit; + } + cur->node.san.directory_name = *ext_san_dirname; + } else { + mbedtls_free(cur); + goto usage; + } + + if (strcmp(q, "IP") != 0 && strcmp(q, "DN") != 0) { + q = r2; + cur->node.san.unstructured_name.p = (unsigned char *) q; + cur->node.san.unstructured_name.len = strlen(q); + } + + if (prev == NULL) { + opt.san_list = cur; + } else { + prev->next = cur; + } + + prev = cur; q = r; } } else if (strcmp(p, "ns_cert_type") == 0) { @@ -833,6 +920,17 @@ usage: mbedtls_printf(" ok\n"); } + if (opt.san_list != NULL) { + ret = mbedtls_x509write_crt_set_subject_alternative_name(&crt, opt.san_list); + + if (ret != 0) { + mbedtls_printf( + " failed\n ! mbedtls_x509write_csr_set_subject_alternative_name returned %d", + ret); + goto exit; + } + } + if (opt.ext_key_usage) { mbedtls_printf(" . Adding the Extended Key Usage extension ..."); fflush(stdout); diff --git a/tests/data_files/Makefile b/tests/data_files/Makefile index 2bc17fb24b..fd68336e1d 100644 --- a/tests/data_files/Makefile +++ b/tests/data_files/Makefile @@ -1198,6 +1198,8 @@ test_ca_server1_config_file = test-ca.server1.opensslconf server1.crt: server1.key server1.req.sha256 $(test_ca_crt) $(test_ca_key_file_rsa) $(MBEDTLS_CERT_WRITE) request_file=server1.req.sha256 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) version=1 not_before=20190210144406 not_after=20290210144406 md=SHA1 version=3 output_file=$@ +server1.allSubjectAltNames.crt: server1.key server1.req.sha256 $(test_ca_crt) $(test_ca_key_file_rsa) + $(MBEDTLS_CERT_WRITE) request_file=server1.req.sha256 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) version=1 not_before=20190210144406 not_after=20290210144406 md=SHA1 version=3 output_file=$@ san=URI:http://pki.example.com\;IP:1.2.3.4\;DN:C=UK,O="Mbed TLS",CN="SubjectAltName test"\;DNS:example.com\;RFC822:mail@example.com server1.long_serial.crt: server1.key server1.req.sha256 $(test_ca_crt) $(test_ca_key_file_rsa) echo "112233445566778899aabbccddeeff0011223344" > test-ca.server1.tmp.serial $(OPENSSL) ca -in server1.req.sha256 -key PolarSSLTest -config test-ca.server1.test_serial.opensslconf -notext -batch -out $@ diff --git a/tests/data_files/server1.allSubjectAltNames.crt b/tests/data_files/server1.allSubjectAltNames.crt new file mode 100644 index 0000000000..13af873107 --- /dev/null +++ b/tests/data_files/server1.allSubjectAltNames.crt @@ -0,0 +1,23 @@ +-----BEGIN CERTIFICATE----- +MIIDzTCCArWgAwIBAgIBATANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER +MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN +MTkwMjEwMTQ0NDA2WhcNMjkwMjEwMTQ0NDA2WjA8MQswCQYDVQQGEwJOTDERMA8G +A1UECgwIUG9sYXJTU0wxGjAYBgNVBAMMEVBvbGFyU1NMIFNlcnZlciAxMIIBIjAN +BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqQIfPUBq1VVTi/027oJlLhVhXom/ +uOhFkNvuiBZS0/FDUEeWEllkh2v9K+BG+XO+3c+S4ZFb7Wagb4kpeUWA0INq1UFD +d185fAkER4KwVzlw7aPsFRkeqDMIR8EFQqn9TMO0390GH00QUUBncxMPQPhtgSVf +CrFTxjB+FTms+Vruf5KepgVb5xOXhbUjktnUJAbVCSWJdQfdphqPPwkZvq1lLGTr +lZvc/kFeF6babFtpzAK6FCwWJJxK3M3Q91Jnc/EtoCP9fvQxyi1wyokLBNsupk9w +bp7OvViJ4lNZnm5akmXiiD8MlBmj3eXonZUT7Snbq3AS3FrKaxerUoJUsQIDAQAB +o4HaMIHXMAkGA1UdEwQCMAAwHQYDVR0OBBYEFB901j8pwXR0RTsFEiw9qL1DWQKm +MB8GA1UdIwQYMBaAFLRa5KWz3tJS9rnVppUP6z68x/3/MIGJBgNVHREEgYEwf4EQ +bWFpbEBleGFtcGxlLmNvbYILZXhhbXBsZS5jb22kQDA+MQswCQYDVQQGEwJVSzER +MA8GA1UECgwITWJlZCBUTFMxHDAaBgNVBAMME1N1YmplY3RBbHROYW1lIHRlc3SH +BAECAwSGFmh0dHA6Ly9wa2kuZXhhbXBsZS5jb20wDQYJKoZIhvcNAQEFBQADggEB +AGPFB8YGpe6PRniPkYVlpCf5WwleYCpcP4AEvFHj5dD1UcBcqKjppJRGssg+S0fP +nNwYRjaVjKuhWSGIMrk0nZqsiexnkCma0S8kdFvHtCfbR9c9pQSn44olVMbHx/t8 +dzv7Z48HqsqvG0hn3AwDlZ+KrnTZFzzpWzfLkbPdZko/oHoFmqEekEuyOK9vO3fj +eNm5SzYtqOigw8TxkTb1+Qi9Cj66VEwVESW1y/TL9073Kx0lBoY8wj1Pvfdhplrg +IwYIwrr0HM+7nlYEhEI++NAbZhjQoS2kF5i7xpomUkYH9ePbrwWYBcuN00pljXEm +ioY0KKlx00fRehPH/6TBHZI= +-----END CERTIFICATE----- From 67fdb3307dd96f210675f014f2bce29065b3f4ee Mon Sep 17 00:00:00 2001 From: Andrzej Kurek Date: Tue, 4 Apr 2023 06:56:14 -0400 Subject: [PATCH 082/328] Add a possibility to write subject alt names in a certificate Signed-off-by: Andrzej Kurek --- include/mbedtls/x509_crt.h | 3 + library/x509write_crt.c | 123 +++++++++++++++++++++++++++++++++++++ 2 files changed, 126 insertions(+) diff --git a/include/mbedtls/x509_crt.h b/include/mbedtls/x509_crt.h index e1b4aa238d..57e3cce1ac 100644 --- a/include/mbedtls/x509_crt.h +++ b/include/mbedtls/x509_crt.h @@ -241,6 +241,9 @@ typedef struct mbedtls_x509write_cert { } mbedtls_x509write_cert; +int mbedtls_x509write_crt_set_subject_alternative_name(mbedtls_x509write_cert *ctx, + const mbedtls_x509_san_list *san_list); + /** * Item in a verification chain: cert and flags for it */ diff --git a/library/x509write_crt.c b/library/x509write_crt.c index 70d7e93db2..bcc9cb007d 100644 --- a/library/x509write_crt.c +++ b/library/x509write_crt.c @@ -31,6 +31,7 @@ #include "mbedtls/asn1write.h" #include "mbedtls/error.h" #include "mbedtls/oid.h" +#include "mbedtls/platform.h" #include "mbedtls/platform_util.h" #include "mbedtls/md.h" @@ -152,6 +153,128 @@ int mbedtls_x509write_crt_set_validity(mbedtls_x509write_cert *ctx, return 0; } + +int mbedtls_x509write_crt_set_subject_alternative_name(mbedtls_x509write_cert *ctx, + const mbedtls_x509_san_list *san_list) +{ + int ret = 0; + const mbedtls_x509_san_list *cur; + unsigned char *buf; + unsigned char *p; + size_t len; + size_t buflen = 0; + + /* Determine the maximum size of the SubjectAltName list */ + for (cur = san_list; cur != NULL; cur = cur->next) { + /* Calculate size of the required buffer */ + switch (cur->node.type) { + case MBEDTLS_X509_SAN_DNS_NAME: + case MBEDTLS_X509_SAN_UNIFORM_RESOURCE_IDENTIFIER: + case MBEDTLS_X509_SAN_IP_ADDRESS: + /* length of value for each name entry, + * maximum 4 bytes for the length field, + * 1 byte for the tag/type. + */ + buflen += cur->node.san.unstructured_name.len + 4 + 1; + break; + case MBEDTLS_X509_SAN_DIRECTORY_NAME: + const mbedtls_asn1_named_data *chunk = &cur->node.san.directory_name; + while (chunk != NULL) { + // 5 bytes for OID, max 4 bytes for length, +1 for tag, + // additional 4 max for length, +1 for tag. + // See x509_write_name for more information. + buflen += chunk->val.len + 5 + 4 + 1 + 4 + 1; + chunk = chunk->next; + } + buflen += cur->node.san.unstructured_name.len + 4 + 1; + break; + default: + /* Not supported - skip. */ + break; + } + } + + /* Add the extra length field and tag */ + buflen += 4 + 1; + + /* Allocate buffer */ + buf = mbedtls_calloc(1, buflen); + if (buf == NULL) { + return MBEDTLS_ERR_ASN1_ALLOC_FAILED; + } + + mbedtls_platform_zeroize(buf, buflen); + p = buf + buflen; + + /* Write ASN.1-based structure */ + cur = san_list; + len = 0; + while (cur != NULL) { + size_t single_san_len = 0; + switch (cur->node.type) { + case MBEDTLS_X509_SAN_DNS_NAME: + case MBEDTLS_X509_SAN_RFC822_NAME: + case MBEDTLS_X509_SAN_UNIFORM_RESOURCE_IDENTIFIER: + case MBEDTLS_X509_SAN_IP_ADDRESS: + { + const unsigned char *unstructured_name = + (const unsigned char *) cur->node.san.unstructured_name.p; + size_t unstructured_name_len = cur->node.san.unstructured_name.len; + + MBEDTLS_ASN1_CHK_CLEANUP_ADD(single_san_len, + mbedtls_asn1_write_raw_buffer( + &p, buf, + unstructured_name, unstructured_name_len)); + MBEDTLS_ASN1_CHK_CLEANUP_ADD(single_san_len, mbedtls_asn1_write_len( + &p, buf, unstructured_name_len)); + MBEDTLS_ASN1_CHK_CLEANUP_ADD(single_san_len, + mbedtls_asn1_write_tag( + &p, buf, + MBEDTLS_ASN1_CONTEXT_SPECIFIC | cur->node.type)); + } + break; + case MBEDTLS_X509_SAN_DIRECTORY_NAME: + MBEDTLS_ASN1_CHK_CLEANUP_ADD(single_san_len, + mbedtls_x509_write_names(&p, buf, + (mbedtls_asn1_named_data *) & + cur->node + .san.directory_name)); + MBEDTLS_ASN1_CHK_CLEANUP_ADD(single_san_len, + mbedtls_asn1_write_len(&p, buf, single_san_len)); + MBEDTLS_ASN1_CHK_CLEANUP_ADD(single_san_len, + mbedtls_asn1_write_tag(&p, buf, + MBEDTLS_ASN1_CONTEXT_SPECIFIC | + MBEDTLS_ASN1_CONSTRUCTED | + MBEDTLS_X509_SAN_DIRECTORY_NAME)); + break; + default: + /* Skip unsupported names. */ + break; + } + cur = cur->next; + len += single_san_len; + } + + MBEDTLS_ASN1_CHK_CLEANUP_ADD(len, mbedtls_asn1_write_len(&p, buf, len)); + MBEDTLS_ASN1_CHK_CLEANUP_ADD(len, + mbedtls_asn1_write_tag(&p, buf, + MBEDTLS_ASN1_CONSTRUCTED | + MBEDTLS_ASN1_SEQUENCE)); + + ret = mbedtls_x509write_crt_set_extension( + ctx, + MBEDTLS_OID_SUBJECT_ALT_NAME, + MBEDTLS_OID_SIZE(MBEDTLS_OID_SUBJECT_ALT_NAME), + 0, + buf + buflen - len, + len); + +cleanup: + mbedtls_free(buf); + return ret; +} + + int mbedtls_x509write_crt_set_extension(mbedtls_x509write_cert *ctx, const char *oid, size_t oid_len, int critical, From 76c9662e8eefdc9768cfa34e9d43e2b26d36ba9b Mon Sep 17 00:00:00 2001 From: Andrzej Kurek Date: Tue, 4 Apr 2023 06:57:08 -0400 Subject: [PATCH 083/328] Add a test for SubjectAltName writing to a certificate Signed-off-by: Andrzej Kurek --- tests/suites/test_suite_x509write.data | 56 ++++++++++++---------- tests/suites/test_suite_x509write.function | 47 +++++++++++++++++- 2 files changed, 76 insertions(+), 27 deletions(-) diff --git a/tests/suites/test_suite_x509write.data b/tests/suites/test_suite_x509write.data index e2198dc6bd..bf6fe69831 100644 --- a/tests/suites/test_suite_x509write.data +++ b/tests/suites/test_suite_x509write.data @@ -60,107 +60,111 @@ x509_csr_check_opaque:"data_files/server5.key":MBEDTLS_MD_SHA256:MBEDTLS_X509_KU Certificate write check Server1 SHA1 depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD_CAN_MD5 -x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":0:0:1:-1:"data_files/server1.crt":0:0:"data_files/test-ca.crt" +x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":0:0:1:-1:"data_files/server1.crt":0:0:"data_files/test-ca.crt":0 Certificate write check Server1 SHA1, not before 1970 depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD_CAN_MD5 -x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"19700210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":0:0:1:-1:"":0:0:"data_files/test-ca.crt" +x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"19700210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":0:0:1:-1:"":0:0:"data_files/test-ca.crt":0 Certificate write check Server1 SHA1, not after 2050 depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD_CAN_MD5 -x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20190210144406":"20500210144406":MBEDTLS_MD_SHA1:0:0:"NULL":0:0:1:-1:"":0:0:"data_files/test-ca.crt" +x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20190210144406":"20500210144406":MBEDTLS_MD_SHA1:0:0:"NULL":0:0:1:-1:"":0:0:"data_files/test-ca.crt":0 Certificate write check Server1 SHA1, not before 1970, not after 2050 depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD_CAN_MD5 -x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"19700210144406":"20500210144406":MBEDTLS_MD_SHA1:0:0:"NULL":0:0:1:-1:"":0:0:"data_files/test-ca.crt" +x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"19700210144406":"20500210144406":MBEDTLS_MD_SHA1:0:0:"NULL":0:0:1:-1:"":0:0:"data_files/test-ca.crt":0 Certificate write check Server1 SHA1, not before 2050, not after 2059 depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD_CAN_MD5 -x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20500210144406":"20590210144406":MBEDTLS_MD_SHA1:0:0:"NULL":0:0:1:-1:"":0:0:"data_files/test-ca.crt" +x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20500210144406":"20590210144406":MBEDTLS_MD_SHA1:0:0:"NULL":0:0:1:-1:"":0:0:"data_files/test-ca.crt":0 Certificate write check Server1 SHA1, key_usage depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD_CAN_MD5 -x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:MBEDTLS_X509_KU_DIGITAL_SIGNATURE | MBEDTLS_X509_KU_NON_REPUDIATION | MBEDTLS_X509_KU_KEY_ENCIPHERMENT:1:"NULL":0:0:1:-1:"data_files/server1.key_usage.crt":0:0:"data_files/test-ca.crt" +x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:MBEDTLS_X509_KU_DIGITAL_SIGNATURE | MBEDTLS_X509_KU_NON_REPUDIATION | MBEDTLS_X509_KU_KEY_ENCIPHERMENT:1:"NULL":0:0:1:-1:"data_files/server1.key_usage.crt":0:0:"data_files/test-ca.crt":0 Certificate write check Server1 SHA1, one ext_key_usage depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD_CAN_MD5 -x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20110212144406":"20210212144406":MBEDTLS_MD_SHA1:0:0:"serverAuth":0:0:1:-1:"data_files/server1.key_ext_usage.crt":0:0:"data_files/test-ca.crt" +x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20110212144406":"20210212144406":MBEDTLS_MD_SHA1:0:0:"serverAuth":0:0:1:-1:"data_files/server1.key_ext_usage.crt":0:0:"data_files/test-ca.crt":0 Certificate write check Server1 SHA1, two ext_key_usages depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD_CAN_MD5 -x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20110212144406":"20210212144406":MBEDTLS_MD_SHA1:0:0:"codeSigning,timeStamping":0:0:1:-1:"data_files/server1.key_ext_usages.crt":0:0:"data_files/test-ca.crt" +x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20110212144406":"20210212144406":MBEDTLS_MD_SHA1:0:0:"codeSigning,timeStamping":0:0:1:-1:"data_files/server1.key_ext_usages.crt":0:0:"data_files/test-ca.crt":0 Certificate write check Server1 SHA1, ns_cert_type depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD_CAN_MD5 -x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":MBEDTLS_X509_NS_CERT_TYPE_SSL_SERVER:1:1:-1:"data_files/server1.cert_type.crt":0:0:"data_files/test-ca.crt" +x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":MBEDTLS_X509_NS_CERT_TYPE_SSL_SERVER:1:1:-1:"data_files/server1.cert_type.crt":0:0:"data_files/test-ca.crt":0 Certificate write check Server1 SHA1, version 1 depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD_CAN_MD5 -x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":0:0:1:MBEDTLS_X509_CRT_VERSION_1:"data_files/server1.v1.crt":0:0:"data_files/test-ca.crt" +x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":0:0:1:MBEDTLS_X509_CRT_VERSION_1:"data_files/server1.v1.crt":0:0:"data_files/test-ca.crt":0 Certificate write check Server1 SHA1, CA depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD_CAN_MD5 -x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":0:0:1:-1:"data_files/server1.ca.crt":0:1:"data_files/test-ca.crt" +x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":0:0:1:-1:"data_files/server1.ca.crt":0:1:"data_files/test-ca.crt":0 Certificate write check Server1 SHA1, RSA_ALT depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD_CAN_MD5 -x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":0:0:0:-1:"data_files/server1.noauthid.crt":1:0:"data_files/test-ca.crt" +x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":0:0:0:-1:"data_files/server1.noauthid.crt":1:0:"data_files/test-ca.crt":0 Certificate write check Server1 SHA1, RSA_ALT, key_usage depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD_CAN_MD5 -x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:MBEDTLS_X509_KU_DIGITAL_SIGNATURE | MBEDTLS_X509_KU_NON_REPUDIATION | MBEDTLS_X509_KU_KEY_ENCIPHERMENT:1:"NULL":0:0:0:-1:"data_files/server1.key_usage_noauthid.crt":1:0:"data_files/test-ca.crt" +x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:MBEDTLS_X509_KU_DIGITAL_SIGNATURE | MBEDTLS_X509_KU_NON_REPUDIATION | MBEDTLS_X509_KU_KEY_ENCIPHERMENT:1:"NULL":0:0:0:-1:"data_files/server1.key_usage_noauthid.crt":1:0:"data_files/test-ca.crt":0 Certificate write check Server1 SHA1, RSA_ALT, ns_cert_type depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD_CAN_MD5 -x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":MBEDTLS_X509_NS_CERT_TYPE_SSL_SERVER:1:0:-1:"data_files/server1.cert_type_noauthid.crt":1:0:"data_files/test-ca.crt" +x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":MBEDTLS_X509_NS_CERT_TYPE_SSL_SERVER:1:0:-1:"data_files/server1.cert_type_noauthid.crt":1:0:"data_files/test-ca.crt":0 Certificate write check Server1 SHA1, RSA_ALT, version 1 depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD_CAN_MD5 -x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":0:0:0:MBEDTLS_X509_CRT_VERSION_1:"data_files/server1.v1.crt":1:0:"data_files/test-ca.crt" +x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":0:0:0:MBEDTLS_X509_CRT_VERSION_1:"data_files/server1.v1.crt":1:0:"data_files/test-ca.crt":0 Certificate write check Server1 SHA1, RSA_ALT, CA depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD_CAN_MD5 -x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":0:0:0:-1:"data_files/server1.ca_noauthid.crt":1:1:"data_files/test-ca.crt" +x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":0:0:0:-1:"data_files/server1.ca_noauthid.crt":1:1:"data_files/test-ca.crt":0 Certificate write check Server1 SHA1, Opaque depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD_CAN_MD5:MBEDTLS_USE_PSA_CRYPTO -x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":0:0:1:-1:"data_files/server1.crt":2:0:"data_files/test-ca.crt" +x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":0:0:1:-1:"data_files/server1.crt":2:0:"data_files/test-ca.crt":0 Certificate write check Server1 SHA1, Opaque, key_usage depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD_CAN_MD5:MBEDTLS_USE_PSA_CRYPTO -x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:MBEDTLS_X509_KU_DIGITAL_SIGNATURE | MBEDTLS_X509_KU_NON_REPUDIATION | MBEDTLS_X509_KU_KEY_ENCIPHERMENT:1:"NULL":0:0:1:-1:"data_files/server1.key_usage.crt":2:0:"data_files/test-ca.crt" +x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:MBEDTLS_X509_KU_DIGITAL_SIGNATURE | MBEDTLS_X509_KU_NON_REPUDIATION | MBEDTLS_X509_KU_KEY_ENCIPHERMENT:1:"NULL":0:0:1:-1:"data_files/server1.key_usage.crt":2:0:"data_files/test-ca.crt":0 Certificate write check Server1 SHA1, Opaque, ns_cert_type depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD_CAN_MD5:MBEDTLS_USE_PSA_CRYPTO -x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":MBEDTLS_X509_NS_CERT_TYPE_SSL_SERVER:1:1:-1:"data_files/server1.cert_type.crt":2:0:"data_files/test-ca.crt" +x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":MBEDTLS_X509_NS_CERT_TYPE_SSL_SERVER:1:1:-1:"data_files/server1.cert_type.crt":2:0:"data_files/test-ca.crt":0 Certificate write check Server1 SHA1, Opaque, version 1 depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD_CAN_MD5:MBEDTLS_USE_PSA_CRYPTO -x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":0:0:1:MBEDTLS_X509_CRT_VERSION_1:"data_files/server1.v1.crt":2:0:"data_files/test-ca.crt" +x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":0:0:1:MBEDTLS_X509_CRT_VERSION_1:"data_files/server1.v1.crt":2:0:"data_files/test-ca.crt":0 Certificate write check Server1 SHA1, Opaque, CA depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD_CAN_MD5:MBEDTLS_USE_PSA_CRYPTO -x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":0:0:1:-1:"data_files/server1.ca.crt":2:1:"data_files/test-ca.crt" +x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":0:0:1:-1:"data_files/server1.ca.crt":2:1:"data_files/test-ca.crt":0 Certificate write check Server1 SHA1, Full length serial depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD_CAN_MD5 -x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"112233445566778899aabbccddeeff0011223344":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":0:0:1:-1:"data_files/server1.long_serial.crt":0:0:"data_files/test-ca.crt" +x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"112233445566778899aabbccddeeff0011223344":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":0:0:1:-1:"data_files/server1.long_serial.crt":0:0:"data_files/test-ca.crt":0 Certificate write check Server1 SHA1, Serial starting with 0x80 depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD_CAN_MD5 -x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"8011223344":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":0:0:1:-1:"data_files/server1.80serial.crt":0:0:"data_files/test-ca.crt" +x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"8011223344":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":0:0:1:-1:"data_files/server1.80serial.crt":0:0:"data_files/test-ca.crt":0 Certificate write check Server1 SHA1, All 0xFF full length serial depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD_CAN_MD5 -x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"ffffffffffffffffffffffffffffffff":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":0:0:1:-1:"data_files/server1.long_serial_FF.crt":0:0:"data_files/test-ca.crt" +x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"ffffffffffffffffffffffffffffffff":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":0:0:1:-1:"data_files/server1.long_serial_FF.crt":0:0:"data_files/test-ca.crt":0 Certificate write check Server5 ECDSA depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECDSA_DETERMINISTIC:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ECP_DP_SECP256R1_ENABLED -x509_crt_check:"data_files/server5.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca2.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=Polarssl Test EC CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA256:0:0:"NULL":0:0:1:-1:"data_files/server5.crt":0:0:"data_files/test-ca2.crt" +x509_crt_check:"data_files/server5.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca2.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=Polarssl Test EC CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA256:0:0:"NULL":0:0:1:-1:"data_files/server5.crt":0:0:"data_files/test-ca2.crt":0 Certificate write check Server5 ECDSA, Opaque depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECDSA_DETERMINISTIC:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_USE_PSA_CRYPTO -x509_crt_check:"data_files/server5.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca2.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=Polarssl Test EC CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA256:0:0:"NULL":0:0:1:-1:"":2:0:"data_files/test-ca2.crt" +x509_crt_check:"data_files/server5.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca2.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=Polarssl Test EC CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA256:0:0:"NULL":0:0:1:-1:"":2:0:"data_files/test-ca2.crt":0 + +Certificate write check Server5 ECDSA, SubjectAltNames +depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECDSA_DETERMINISTIC:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ECP_DP_SECP256R1_ENABLED +x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":0:0:1:-1:"data_files/server1.allSubjectAltNames.crt":0:0:"data_files/test-ca.crt":1 X509 String to Names #1 mbedtls_x509_string_to_names:"C=NL,O=Offspark\\, Inc., OU=PolarSSL":"C=NL, O=Offspark\\, Inc., OU=PolarSSL":0 diff --git a/tests/suites/test_suite_x509write.function b/tests/suites/test_suite_x509write.function index b08555c9b8..6f9b8db5b9 100644 --- a/tests/suites/test_suite_x509write.function +++ b/tests/suites/test_suite_x509write.function @@ -326,7 +326,7 @@ void x509_crt_check(char *subject_key_file, char *subject_pwd, char *ext_key_usage, int cert_type, int set_cert_type, int auth_ident, int ver, char *cert_check_file, int pk_wrap, int is_ca, - char *cert_verify_file) + char *cert_verify_file, int set_subjectAltNames) { mbedtls_pk_context subject_key, issuer_key, issuer_key_alt; mbedtls_pk_context *key = &issuer_key; @@ -348,6 +348,48 @@ void x509_crt_check(char *subject_key_file, char *subject_pwd, mbedtls_svc_key_id_t key_id = MBEDTLS_SVC_KEY_ID_INIT; #endif mbedtls_pk_type_t issuer_key_type; + mbedtls_x509_san_list san_ip; + mbedtls_x509_san_list san_dns; + mbedtls_x509_san_list san_uri; + mbedtls_x509_san_list san_mail; + mbedtls_x509_san_list san_dn; + mbedtls_asn1_named_data *ext_san_dirname = NULL; + const char san_ip_name[] = { 0x01, 0x02, 0x03, 0x04 }; + const char *san_dns_name = "example.com"; + const char *san_dn_name = "C=UK,O=Mbed TLS,CN=SubjectAltName test"; + const char *san_mail_name = "mail@example.com"; + const char *san_uri_name = "http://pki.example.com"; + mbedtls_x509_san_list *san_list = NULL; + + if (set_subjectAltNames) { + san_mail.node.type = MBEDTLS_X509_SAN_RFC822_NAME; + san_mail.node.san.unstructured_name.p = (unsigned char *) san_mail_name; + san_mail.node.san.unstructured_name.len = sizeof(san_mail_name); + san_mail.next = NULL; + + san_dns.node.type = MBEDTLS_X509_SAN_DNS_NAME; + san_dns.node.san.unstructured_name.p = (unsigned char *) san_dns_name; + san_dns.node.san.unstructured_name.len = strlen(san_dns_name); + san_dns.next = &san_mail; + + san_dn.node.type = MBEDTLS_X509_SAN_DIRECTORY_NAME; + TEST_ASSERT(mbedtls_x509_string_to_names(&ext_san_dirname, + san_dn_name) == 0); + san_dn.node.san.directory_name = *ext_san_dirname; + san_dn.next = &san_dns; + + san_ip.node.type = MBEDTLS_X509_SAN_IP_ADDRESS; + san_ip.node.san.unstructured_name.p = (unsigned char *) san_ip_name; + san_ip.node.san.unstructured_name.len = sizeof(san_ip_name); + san_ip.next = &san_dn; + + san_uri.node.type = MBEDTLS_X509_SAN_UNIFORM_RESOURCE_IDENTIFIER; + san_uri.node.san.unstructured_name.p = (unsigned char *) san_uri_name; + san_uri.node.san.unstructured_name.len = strlen(san_uri_name); + san_uri.next = &san_ip; + + san_list = &san_uri; + } memset(&rnd_info, 0x2a, sizeof(mbedtls_test_rnd_pseudo_info)); #if defined(MBEDTLS_TEST_DEPRECATED) && defined(MBEDTLS_BIGNUM_C) @@ -465,6 +507,9 @@ void x509_crt_check(char *subject_key_file, char *subject_pwd, } } + if (set_subjectAltNames) { + TEST_ASSERT(mbedtls_x509write_crt_set_subject_alternative_name(&crt, san_list) == 0); + } ret = mbedtls_x509write_crt_pem(&crt, buf, sizeof(buf), mbedtls_test_rnd_pseudo_rand, &rnd_info); TEST_ASSERT(ret == 0); From 1bc7df2540d37459a30ea652af3d7a15e2bbf083 Mon Sep 17 00:00:00 2001 From: Andrzej Kurek Date: Tue, 4 Apr 2023 07:09:04 -0400 Subject: [PATCH 084/328] Add documentation and a changelog entry Signed-off-by: Andrzej Kurek --- ChangeLog.d/add-subjectAltName-certs.txt | 6 ++++++ include/mbedtls/x509.h | 1 - include/mbedtls/x509_crt.h | 12 ++++++++++++ library/x509write_crt.c | 1 - programs/x509/cert_write.c | 2 +- 5 files changed, 19 insertions(+), 3 deletions(-) create mode 100644 ChangeLog.d/add-subjectAltName-certs.txt diff --git a/ChangeLog.d/add-subjectAltName-certs.txt b/ChangeLog.d/add-subjectAltName-certs.txt new file mode 100644 index 0000000000..487e5c656e --- /dev/null +++ b/ChangeLog.d/add-subjectAltName-certs.txt @@ -0,0 +1,6 @@ +Features + * It is now possible to generate certificates with SubjectAltNames. + Currently supported subtypes: DnsName, UniformResourceIdentifier, + IP address, OtherName, and DirectoryName, as defined in RFC 5280. + See mbedtls_x509write_crt_set_subject_alternative_name for + more information. diff --git a/include/mbedtls/x509.h b/include/mbedtls/x509.h index 8582e76b8d..ef4d75da2d 100644 --- a/include/mbedtls/x509.h +++ b/include/mbedtls/x509.h @@ -473,7 +473,6 @@ int mbedtls_x509_set_extension(mbedtls_asn1_named_data **head, const char *oid, size_t val_len); int mbedtls_x509_write_extensions(unsigned char **p, unsigned char *start, mbedtls_asn1_named_data *first); - int mbedtls_x509_write_names(unsigned char **p, unsigned char *start, mbedtls_asn1_named_data *first); int mbedtls_x509_write_sig(unsigned char **p, unsigned char *start, diff --git a/include/mbedtls/x509_crt.h b/include/mbedtls/x509_crt.h index 57e3cce1ac..537408e79e 100644 --- a/include/mbedtls/x509_crt.h +++ b/include/mbedtls/x509_crt.h @@ -241,6 +241,18 @@ typedef struct mbedtls_x509write_cert { } mbedtls_x509write_cert; +/** + * \brief Set Subject Alternative Name + * + * \param ctx Certificate context to use + * \param san_list List of SAN values + * + * \return 0 if successful, or MBEDTLS_ERR_X509_ALLOC_FAILED + * + * \note "dnsName", "uniformResourceIdentifier", "IP address", + * "otherName", and "DirectoryName", as defined in RFC 5280, + * are supported. + */ int mbedtls_x509write_crt_set_subject_alternative_name(mbedtls_x509write_cert *ctx, const mbedtls_x509_san_list *san_list); diff --git a/library/x509write_crt.c b/library/x509write_crt.c index bcc9cb007d..04ce9845d8 100644 --- a/library/x509write_crt.c +++ b/library/x509write_crt.c @@ -153,7 +153,6 @@ int mbedtls_x509write_crt_set_validity(mbedtls_x509write_cert *ctx, return 0; } - int mbedtls_x509write_crt_set_subject_alternative_name(mbedtls_x509write_cert *ctx, const mbedtls_x509_san_list *san_list) { diff --git a/programs/x509/cert_write.c b/programs/x509/cert_write.c index ac6187a198..477b47bf18 100644 --- a/programs/x509/cert_write.c +++ b/programs/x509/cert_write.c @@ -925,7 +925,7 @@ usage: if (ret != 0) { mbedtls_printf( - " failed\n ! mbedtls_x509write_csr_set_subject_alternative_name returned %d", + " failed\n ! mbedtls_x509write_crt_set_subject_alternative_name returned %d", ret); goto exit; } From c6215b0ce1ad833cc2e2441c5c6275a5d5b0fb0a Mon Sep 17 00:00:00 2001 From: Andrzej Kurek Date: Tue, 4 Apr 2023 09:30:12 -0400 Subject: [PATCH 085/328] Add braces to a switch case Signed-off-by: Andrzej Kurek --- library/x509write_crt.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/library/x509write_crt.c b/library/x509write_crt.c index 04ce9845d8..63f490d6df 100644 --- a/library/x509write_crt.c +++ b/library/x509write_crt.c @@ -177,6 +177,7 @@ int mbedtls_x509write_crt_set_subject_alternative_name(mbedtls_x509write_cert *c buflen += cur->node.san.unstructured_name.len + 4 + 1; break; case MBEDTLS_X509_SAN_DIRECTORY_NAME: + { const mbedtls_asn1_named_data *chunk = &cur->node.san.directory_name; while (chunk != NULL) { // 5 bytes for OID, max 4 bytes for length, +1 for tag, @@ -187,6 +188,7 @@ int mbedtls_x509write_crt_set_subject_alternative_name(mbedtls_x509write_cert *c } buflen += cur->node.san.unstructured_name.len + 4 + 1; break; + } default: /* Not supported - skip. */ break; From 13c43f682eeec3a698ce8b1d7ae7681a5cd29083 Mon Sep 17 00:00:00 2001 From: Andrzej Kurek Date: Tue, 4 Apr 2023 10:43:38 -0400 Subject: [PATCH 086/328] Fix a copy-paste typo Signed-off-by: Andrzej Kurek --- tests/suites/test_suite_x509write.function | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/suites/test_suite_x509write.function b/tests/suites/test_suite_x509write.function index 6f9b8db5b9..8407a654fa 100644 --- a/tests/suites/test_suite_x509write.function +++ b/tests/suites/test_suite_x509write.function @@ -364,7 +364,7 @@ void x509_crt_check(char *subject_key_file, char *subject_pwd, if (set_subjectAltNames) { san_mail.node.type = MBEDTLS_X509_SAN_RFC822_NAME; san_mail.node.san.unstructured_name.p = (unsigned char *) san_mail_name; - san_mail.node.san.unstructured_name.len = sizeof(san_mail_name); + san_mail.node.san.unstructured_name.len = strlen(san_mail_name); san_mail.next = NULL; san_dns.node.type = MBEDTLS_X509_SAN_DNS_NAME; From 5da1d751e97723e1ae464843d4cb938c78f2f828 Mon Sep 17 00:00:00 2001 From: Andrzej Kurek Date: Wed, 5 Apr 2023 08:30:59 -0400 Subject: [PATCH 087/328] Add missing memory deallocation Signed-off-by: Andrzej Kurek --- programs/x509/cert_write.c | 3 ++- tests/suites/test_suite_x509write.function | 1 + 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/programs/x509/cert_write.c b/programs/x509/cert_write.c index 477b47bf18..07a59b83a8 100644 --- a/programs/x509/cert_write.c +++ b/programs/x509/cert_write.c @@ -337,6 +337,7 @@ int main(int argc, char *argv[]) mbedtls_ctr_drbg_context ctr_drbg; const char *pers = "crt example app"; mbedtls_x509_san_list *cur, *prev; + mbedtls_asn1_named_data *ext_san_dirname = NULL; uint8_t ip[4] = { 0 }; /* * Set to sane values @@ -583,7 +584,6 @@ usage: cur->node.san.unstructured_name.p = (unsigned char *) ip; cur->node.san.unstructured_name.len = sizeof(ip); } else if (strcmp(q, "DN") == 0) { - mbedtls_asn1_named_data *ext_san_dirname = NULL; cur->node.type = MBEDTLS_X509_SAN_DIRECTORY_NAME; if ((ret = mbedtls_x509_string_to_names(&ext_san_dirname, r2)) != 0) { @@ -986,6 +986,7 @@ exit: #if defined(MBEDTLS_X509_CSR_PARSE_C) mbedtls_x509_csr_free(&csr); #endif /* MBEDTLS_X509_CSR_PARSE_C */ + mbedtls_asn1_free_named_data_list(&ext_san_dirname); mbedtls_x509_crt_free(&issuer_crt); mbedtls_x509write_crt_free(&crt); mbedtls_pk_free(&loaded_subject_key); diff --git a/tests/suites/test_suite_x509write.function b/tests/suites/test_suite_x509write.function index 8407a654fa..d93c1716db 100644 --- a/tests/suites/test_suite_x509write.function +++ b/tests/suites/test_suite_x509write.function @@ -618,6 +618,7 @@ void x509_crt_check(char *subject_key_file, char *subject_pwd, TEST_ASSERT(ret == MBEDTLS_ERR_ASN1_BUF_TOO_SMALL); exit: + mbedtls_asn1_free_named_data_list(&ext_san_dirname); mbedtls_x509write_crt_free(&crt); mbedtls_pk_free(&issuer_key_alt); mbedtls_pk_free(&subject_key); From a194904055fc2046ab224a9700307ee92b81404c Mon Sep 17 00:00:00 2001 From: Andrzej Kurek Date: Wed, 5 Apr 2023 09:59:02 -0400 Subject: [PATCH 088/328] Fix subjectAltName test prerequisites Signed-off-by: Andrzej Kurek --- tests/suites/test_suite_x509write.data | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/suites/test_suite_x509write.data b/tests/suites/test_suite_x509write.data index bf6fe69831..05a6c2c2cd 100644 --- a/tests/suites/test_suite_x509write.data +++ b/tests/suites/test_suite_x509write.data @@ -162,8 +162,8 @@ Certificate write check Server5 ECDSA, Opaque depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECDSA_DETERMINISTIC:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_USE_PSA_CRYPTO x509_crt_check:"data_files/server5.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca2.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=Polarssl Test EC CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA256:0:0:"NULL":0:0:1:-1:"":2:0:"data_files/test-ca2.crt":0 -Certificate write check Server5 ECDSA, SubjectAltNames -depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECDSA_DETERMINISTIC:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ECP_DP_SECP256R1_ENABLED +Certificate write check Server1 SHA1, SubjectAltNames +depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD_CAN_MD5 x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":0:0:1:-1:"data_files/server1.allSubjectAltNames.crt":0:0:"data_files/test-ca.crt":1 X509 String to Names #1 From ed557930bbeb5c7d18bb0b801d619f75c22d818f Mon Sep 17 00:00:00 2001 From: Andrzej Kurek Date: Wed, 5 Apr 2023 11:19:30 -0400 Subject: [PATCH 089/328] Update ip_string_to_bytes to cert_req version Signed-off-by: Andrzej Kurek --- programs/x509/cert_write.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/programs/x509/cert_write.c b/programs/x509/cert_write.c index 07a59b83a8..c8412fb0f8 100644 --- a/programs/x509/cert_write.c +++ b/programs/x509/cert_write.c @@ -216,17 +216,16 @@ struct options { int format; /* format */ } opt; -static int ip_string_to_bytes(const char *str, uint8_t *bytes, int maxBytes) +static void ip_string_to_bytes(const char *str, uint8_t *bytes, int maxBytes) { for (int i = 0; i < maxBytes; i++) { - bytes[i] = strtoul(str, NULL, 16); + bytes[i] = (uint8_t) strtoul(str, NULL, 16); str = strchr(str, '.'); if (str == NULL || *str == '\0') { break; } str++; } - return 0; } int write_certificate(mbedtls_x509write_cert *crt, const char *output_file, From f70f460e5f8d0423bccfa4eddf4941e30a0f5940 Mon Sep 17 00:00:00 2001 From: Andrzej Kurek Date: Mon, 24 Apr 2023 18:39:53 -0400 Subject: [PATCH 090/328] Fix temporary IP parsing error Signed-off-by: Andrzej Kurek --- programs/x509/cert_req.c | 4 ++-- programs/x509/cert_write.c | 6 +++--- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/programs/x509/cert_req.c b/programs/x509/cert_req.c index 1772f87d9b..fe060f3d92 100644 --- a/programs/x509/cert_req.c +++ b/programs/x509/cert_req.c @@ -66,7 +66,7 @@ int main(void) " output_file=%%s default: cert.req\n" \ " subject_name=%%s default: CN=Cert,O=mbed TLS,C=UK\n" \ " san=%%s default: (none)\n" \ - " Comma-separated-list of values:\n" \ + " Semicolon-separated-list of values:\n" \ " DNS:value\n" \ " URI:value\n" \ " IP:value (Only IPv4 is supported)\n" \ @@ -119,7 +119,7 @@ struct options { static void ip_string_to_bytes(const char *str, uint8_t *bytes, int maxBytes) { for (int i = 0; i < maxBytes; i++) { - bytes[i] = (uint8_t) strtoul(str, NULL, 16); + bytes[i] = (uint8_t) strtoul(str, NULL, 10); str = strchr(str, '.'); if (str == NULL || *str == '\0') { break; diff --git a/programs/x509/cert_write.c b/programs/x509/cert_write.c index c8412fb0f8..717cd396a7 100644 --- a/programs/x509/cert_write.c +++ b/programs/x509/cert_write.c @@ -136,12 +136,12 @@ int main(void) " Possible values: 0, 1\n" \ " (Considered for v3 only)\n" \ " san=%%s default: (none)\n" \ - " Comma-separated-list of values:\n" \ + " Semicolon-separated-list of values:\n" \ " DNS:value\n" \ " URI:value\n" \ " RFC822:value\n" \ " IP:value (Only IPv4 is supported)\n" \ - " DN:value\n" \ + " DN:list of comma separated key=value pairs\n"\ " authority_identifier=%%s default: 1\n" \ " Possible values: 0, 1\n" \ " (Considered for v3 only)\n" \ @@ -219,7 +219,7 @@ struct options { static void ip_string_to_bytes(const char *str, uint8_t *bytes, int maxBytes) { for (int i = 0; i < maxBytes; i++) { - bytes[i] = (uint8_t) strtoul(str, NULL, 16); + bytes[i] = (uint8_t) strtoul(str, NULL, 10); str = strchr(str, '.'); if (str == NULL || *str == '\0') { break; From 446e53d401af619272a8ea2015e0e044bcc36318 Mon Sep 17 00:00:00 2001 From: Andrzej Kurek Date: Tue, 25 Apr 2023 02:21:07 -0400 Subject: [PATCH 091/328] Fix a code style issue Signed-off-by: Andrzej Kurek --- programs/x509/cert_write.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/programs/x509/cert_write.c b/programs/x509/cert_write.c index 717cd396a7..554db3191e 100644 --- a/programs/x509/cert_write.c +++ b/programs/x509/cert_write.c @@ -141,7 +141,7 @@ int main(void) " URI:value\n" \ " RFC822:value\n" \ " IP:value (Only IPv4 is supported)\n" \ - " DN:list of comma separated key=value pairs\n"\ + " DN:list of comma separated key=value pairs\n" \ " authority_identifier=%%s default: 1\n" \ " Possible values: 0, 1\n" \ " (Considered for v3 only)\n" \ From dc22090671acdc815597831b5e69eea97fe49e1c Mon Sep 17 00:00:00 2001 From: Andrzej Kurek Date: Tue, 25 Apr 2023 02:29:00 -0400 Subject: [PATCH 092/328] Return an error on an unsupported SubjectAltName Signed-off-by: Andrzej Kurek --- library/x509write_crt.c | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/library/x509write_crt.c b/library/x509write_crt.c index 63f490d6df..aa4b9074c0 100644 --- a/library/x509write_crt.c +++ b/library/x509write_crt.c @@ -190,8 +190,8 @@ int mbedtls_x509write_crt_set_subject_alternative_name(mbedtls_x509write_cert *c break; } default: - /* Not supported - skip. */ - break; + /* Not supported - return. */ + return MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE; } } @@ -249,8 +249,9 @@ int mbedtls_x509write_crt_set_subject_alternative_name(mbedtls_x509write_cert *c MBEDTLS_X509_SAN_DIRECTORY_NAME)); break; default: - /* Skip unsupported names. */ - break; + /* Error out on an unsupported SAN */ + ret = MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE; + goto cleanup; } cur = cur->next; len += single_san_len; From e488c454ea7c4b10c926f35b8c04b4f9a4a66a49 Mon Sep 17 00:00:00 2001 From: Andrzej Kurek Date: Tue, 25 Apr 2023 04:23:33 -0400 Subject: [PATCH 093/328] Remove unnecessary zeroization Signed-off-by: Andrzej Kurek --- library/x509write_crt.c | 2 -- 1 file changed, 2 deletions(-) diff --git a/library/x509write_crt.c b/library/x509write_crt.c index aa4b9074c0..6b23a94a9a 100644 --- a/library/x509write_crt.c +++ b/library/x509write_crt.c @@ -203,8 +203,6 @@ int mbedtls_x509write_crt_set_subject_alternative_name(mbedtls_x509write_cert *c if (buf == NULL) { return MBEDTLS_ERR_ASN1_ALLOC_FAILED; } - - mbedtls_platform_zeroize(buf, buflen); p = buf + buflen; /* Write ASN.1-based structure */ From 908716f09712c68c2e9271fa8d4149a2947011f2 Mon Sep 17 00:00:00 2001 From: Andrzej Kurek Date: Tue, 25 Apr 2023 04:31:26 -0400 Subject: [PATCH 094/328] Add missing RFC822_NAME case to SAN setting Signed-off-by: Andrzej Kurek --- library/x509write_crt.c | 1 + 1 file changed, 1 insertion(+) diff --git a/library/x509write_crt.c b/library/x509write_crt.c index 6b23a94a9a..e3b8f605ea 100644 --- a/library/x509write_crt.c +++ b/library/x509write_crt.c @@ -170,6 +170,7 @@ int mbedtls_x509write_crt_set_subject_alternative_name(mbedtls_x509write_cert *c case MBEDTLS_X509_SAN_DNS_NAME: case MBEDTLS_X509_SAN_UNIFORM_RESOURCE_IDENTIFIER: case MBEDTLS_X509_SAN_IP_ADDRESS: + case MBEDTLS_X509_SAN_RFC822_NAME: /* length of value for each name entry, * maximum 4 bytes for the length field, * 1 byte for the tag/type. From 5eebfb8fd06b7e01421ca3eb6869744dcdc0aed5 Mon Sep 17 00:00:00 2001 From: Andrzej Kurek Date: Thu, 27 Apr 2023 07:50:56 -0400 Subject: [PATCH 095/328] Enable escaping ';' in cert_write.c SANs This might get used in URIs. Signed-off-by: Andrzej Kurek --- programs/x509/cert_write.c | 40 +++++++++++++++++++++++++++++--------- 1 file changed, 31 insertions(+), 9 deletions(-) diff --git a/programs/x509/cert_write.c b/programs/x509/cert_write.c index 554db3191e..6d318e5f7e 100644 --- a/programs/x509/cert_write.c +++ b/programs/x509/cert_write.c @@ -322,7 +322,7 @@ int main(int argc, char *argv[]) char buf[1024]; char issuer_name[256]; int i; - char *p, *q, *r, *r2; + char *p, *q, *r; #if defined(MBEDTLS_X509_CSR_PARSE_C) char subject_name[256]; mbedtls_x509_csr csr; @@ -553,11 +553,34 @@ usage: q = r; } } else if (strcmp(p, "san") == 0) { + char *subtype_value; prev = NULL; while (q != NULL) { - if ((r = strchr(q, ';')) != NULL) { + char *semicolon; + r = q; + + /* Find the first non-escaped ; occurrence and remove escaped ones */ + do { + if ((semicolon = strchr(r, ';')) != NULL) { + if (*(semicolon-1) != '\\') { + r = semicolon; + break; + } + /* Remove the escape character */ + size_t size_left = strlen(semicolon); + memmove(semicolon-1, semicolon, size_left); + *(semicolon + size_left - 1) = '\0'; + /* r will now point at the character after the semicolon */ + r = semicolon; + } + + } while (semicolon != NULL); + + if (semicolon != NULL) { *r++ = '\0'; + } else { + r = NULL; } cur = mbedtls_calloc(1, sizeof(mbedtls_x509_san_list)); @@ -568,8 +591,8 @@ usage: cur->next = NULL; - if ((r2 = strchr(q, ':')) != NULL) { - *r2++ = '\0'; + if ((subtype_value = strchr(q, ':')) != NULL) { + *subtype_value++ = '\0'; } if (strcmp(q, "RFC822") == 0) { cur->node.type = MBEDTLS_X509_SAN_RFC822_NAME; @@ -579,13 +602,13 @@ usage: cur->node.type = MBEDTLS_X509_SAN_DNS_NAME; } else if (strcmp(q, "IP") == 0) { cur->node.type = MBEDTLS_X509_SAN_IP_ADDRESS; - ip_string_to_bytes(r2, ip, 4); + ip_string_to_bytes(subtype_value, ip, 4); cur->node.san.unstructured_name.p = (unsigned char *) ip; cur->node.san.unstructured_name.len = sizeof(ip); } else if (strcmp(q, "DN") == 0) { cur->node.type = MBEDTLS_X509_SAN_DIRECTORY_NAME; if ((ret = mbedtls_x509_string_to_names(&ext_san_dirname, - r2)) != 0) { + subtype_value)) != 0) { mbedtls_strerror(ret, buf, sizeof(buf)); mbedtls_printf( " failed\n ! mbedtls_x509_string_to_names " @@ -600,9 +623,8 @@ usage: } if (strcmp(q, "IP") != 0 && strcmp(q, "DN") != 0) { - q = r2; - cur->node.san.unstructured_name.p = (unsigned char *) q; - cur->node.san.unstructured_name.len = strlen(q); + cur->node.san.unstructured_name.p = (unsigned char *) subtype_value; + cur->node.san.unstructured_name.len = strlen(subtype_value); } if (prev == NULL) { From 63a6a267a4ab95d727a1b07eb5c7ce67384dbffa Mon Sep 17 00:00:00 2001 From: Andrzej Kurek Date: Thu, 27 Apr 2023 08:25:41 -0400 Subject: [PATCH 096/328] Check for overflows when writing x509 SANs Signed-off-by: Andrzej Kurek --- library/x509write_crt.c | 24 ++++++++++++++++++++---- 1 file changed, 20 insertions(+), 4 deletions(-) diff --git a/library/x509write_crt.c b/library/x509write_crt.c index e3b8f605ea..f57841c4fd 100644 --- a/library/x509write_crt.c +++ b/library/x509write_crt.c @@ -36,6 +36,7 @@ #include "mbedtls/md.h" #include +#include #if defined(MBEDTLS_PEM_WRITE_C) #include "mbedtls/pem.h" @@ -48,6 +49,16 @@ #include "hash_info.h" +#define CHECK_OVERFLOW_ADD(a, b) \ + do \ + { \ + if (a > SIZE_MAX - (b)) \ + { \ + return MBEDTLS_ERR_X509_BAD_INPUT_DATA; \ + } \ + a += b; \ + } while (0) + void mbedtls_x509write_crt_init(mbedtls_x509write_cert *ctx) { memset(ctx, 0, sizeof(mbedtls_x509write_cert)); @@ -175,7 +186,7 @@ int mbedtls_x509write_crt_set_subject_alternative_name(mbedtls_x509write_cert *c * maximum 4 bytes for the length field, * 1 byte for the tag/type. */ - buflen += cur->node.san.unstructured_name.len + 4 + 1; + CHECK_OVERFLOW_ADD(buflen, cur->node.san.unstructured_name.len + 4 + 1); break; case MBEDTLS_X509_SAN_DIRECTORY_NAME: { @@ -184,10 +195,10 @@ int mbedtls_x509write_crt_set_subject_alternative_name(mbedtls_x509write_cert *c // 5 bytes for OID, max 4 bytes for length, +1 for tag, // additional 4 max for length, +1 for tag. // See x509_write_name for more information. - buflen += chunk->val.len + 5 + 4 + 1 + 4 + 1; + CHECK_OVERFLOW_ADD(buflen, chunk->val.len + 5 + 4 + 1 + 4 + 1); chunk = chunk->next; } - buflen += cur->node.san.unstructured_name.len + 4 + 1; + CHECK_OVERFLOW_ADD(buflen, cur->node.san.unstructured_name.len + 4 + 1); break; } default: @@ -197,7 +208,7 @@ int mbedtls_x509write_crt_set_subject_alternative_name(mbedtls_x509write_cert *c } /* Add the extra length field and tag */ - buflen += 4 + 1; + CHECK_OVERFLOW_ADD(buflen, 4 + 1); /* Allocate buffer */ buf = mbedtls_calloc(1, buflen); @@ -253,6 +264,11 @@ int mbedtls_x509write_crt_set_subject_alternative_name(mbedtls_x509write_cert *c goto cleanup; } cur = cur->next; + /* check for overflow */ + if (len > SIZE_MAX - single_san_len) { + ret = MBEDTLS_ERR_X509_BAD_INPUT_DATA; + goto cleanup; + } len += single_san_len; } From 51cef9ce38c36bac8a060bbfae025d1defae2651 Mon Sep 17 00:00:00 2001 From: Andrzej Kurek Date: Mon, 22 May 2023 15:20:21 -0400 Subject: [PATCH 097/328] Add missing AES_C dependency in x509 tests Signed-off-by: Andrzej Kurek --- tests/suites/test_suite_x509write.data | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/suites/test_suite_x509write.data b/tests/suites/test_suite_x509write.data index 05a6c2c2cd..4eeeacdcc3 100644 --- a/tests/suites/test_suite_x509write.data +++ b/tests/suites/test_suite_x509write.data @@ -163,7 +163,7 @@ depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECDSA_DETERMI x509_crt_check:"data_files/server5.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca2.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=Polarssl Test EC CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA256:0:0:"NULL":0:0:1:-1:"":2:0:"data_files/test-ca2.crt":0 Certificate write check Server1 SHA1, SubjectAltNames -depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD_CAN_MD5 +depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD_CAN_MD5:MBEDTLS_AES_C x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":0:0:1:-1:"data_files/server1.allSubjectAltNames.crt":0:0:"data_files/test-ca.crt":1 X509 String to Names #1 From da609130f37fff9a778094271ce2d0f3ce086a0e Mon Sep 17 00:00:00 2001 From: YxC Date: Mon, 22 May 2023 12:08:12 -0700 Subject: [PATCH 098/328] fix: correct calling to time function in tls13 client&server Call `mbedtls_time` to handle the case when MBEDTLS_PLATFORM_TIME_MACRO is defined Signed-off-by: Yuxiang Cao --- library/ssl_tls13_client.c | 2 +- library/ssl_tls13_server.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c index e1d0c6ced0..e347853818 100644 --- a/library/ssl_tls13_client.c +++ b/library/ssl_tls13_client.c @@ -1696,7 +1696,7 @@ static int ssl_tls13_parse_server_hello(mbedtls_ssl_context *ssl, cipher_suite, ciphersuite_info->name)); #if defined(MBEDTLS_HAVE_TIME) - ssl->session_negotiate->start = time(NULL); + ssl->session_negotiate->start = mbedtls_time(NULL); #endif /* MBEDTLS_HAVE_TIME */ /* ... diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c index 33121afa73..dc3c2f070d 100644 --- a/library/ssl_tls13_server.c +++ b/library/ssl_tls13_server.c @@ -1846,7 +1846,7 @@ static int ssl_tls13_prepare_server_hello(mbedtls_ssl_context *ssl) MBEDTLS_SERVER_HELLO_RANDOM_LEN); #if defined(MBEDTLS_HAVE_TIME) - ssl->session_negotiate->start = time(NULL); + ssl->session_negotiate->start = mbedtls_time(NULL); #endif /* MBEDTLS_HAVE_TIME */ return ret; From d0292c2acafc75be99c283a652450c82fa0f5033 Mon Sep 17 00:00:00 2001 From: Minos Galanakis Date: Wed, 10 May 2023 15:46:47 +0100 Subject: [PATCH 099/328] ecp_curves: Refactored `mbedtls_ecp_mod_p255`. This patch introduces following methods, as implemented in the design prototype, and updates them to utilise the _core methods available for multiplication and addition. * `mbedtls_ecp_mod_p255()` * `mbedtls_ecp_mod_p255_raw()` An entry has been exposed in the `ecp_invasive.h` header to facilitate testing. Signed-off-by: Minos Galanakis --- library/ecp_curves.c | 51 ++++++++++++++++++++++++++++++------------ library/ecp_invasive.h | 7 ++++++ 2 files changed, 44 insertions(+), 14 deletions(-) diff --git a/library/ecp_curves.c b/library/ecp_curves.c index 6573f8954d..98e2f95196 100644 --- a/library/ecp_curves.c +++ b/library/ecp_curves.c @@ -4604,6 +4604,8 @@ int mbedtls_ecp_mod_p521_raw(mbedtls_mpi_uint *N_p, size_t N_n); /* Additional forward declarations */ #if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED) static int ecp_mod_p255(mbedtls_mpi *); +MBEDTLS_STATIC_TESTABLE +int mbedtls_ecp_mod_p255_raw(mbedtls_mpi_uint *X, size_t X_limbs); #endif #if defined(MBEDTLS_ECP_DP_CURVE448_ENABLED) static int ecp_mod_p448(mbedtls_mpi *); @@ -5417,26 +5419,47 @@ int mbedtls_ecp_mod_p521_raw(mbedtls_mpi_uint *X, size_t X_limbs) */ static int ecp_mod_p255(mbedtls_mpi *N) { - mbedtls_mpi_uint Mp[P255_WIDTH]; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + size_t expected_width = 2 * ((256 + biL - 1) / biL); + MBEDTLS_MPI_CHK(mbedtls_mpi_grow(N, expected_width)); + ret = mbedtls_ecp_mod_p255_raw(N->p, expected_width); +cleanup: + return ret; +} - /* Helper references for top part of N */ - mbedtls_mpi_uint * const NT_p = N->p + P255_WIDTH; - const size_t NT_n = N->n - P255_WIDTH; - if (N->n <= P255_WIDTH) { +MBEDTLS_STATIC_TESTABLE +int mbedtls_ecp_mod_p255_raw(mbedtls_mpi_uint *X, size_t X_Limbs) +{ + mbedtls_mpi_uint carry[P255_WIDTH]; + memset(carry, 0, sizeof(mbedtls_mpi_uint) * P255_WIDTH); + + if (X_Limbs > 2*P255_WIDTH) { + X_Limbs = 2*P255_WIDTH; + } else if (X_Limbs < P255_WIDTH) { return 0; } - if (NT_n > P255_WIDTH) { - return MBEDTLS_ERR_ECP_BAD_INPUT_DATA; + + /* Step 1: Reduction to P255_WIDTH limbs */ + if (X_Limbs > P255_WIDTH) { + /* Helper references for top part of N */ + mbedtls_mpi_uint * const NT_p = X + P255_WIDTH; + const size_t NT_n = X_Limbs - P255_WIDTH; + + /* N = A0 + 38 * A1, capture carry out */ + carry[0] = mbedtls_mpi_core_mla(X, P255_WIDTH, NT_p, NT_n, 38); + /* Clear top part */ + memset(NT_p, 0, sizeof(mbedtls_mpi_uint) * NT_n); } - /* Split N as N + 2^256 M */ - memcpy(Mp, NT_p, sizeof(mbedtls_mpi_uint) * NT_n); - memset(NT_p, 0, sizeof(mbedtls_mpi_uint) * NT_n); + /* Step 2: Reduce to

> (biL - 1)); + carry[0] *= 19; - /* N = A0 + 38 * A1 */ - mbedtls_mpi_core_mla(N->p, P255_WIDTH + 1, - Mp, NT_n, - 38); + /* Clear top bit */ + X[P255_WIDTH-1] <<= 1; X[P255_WIDTH-1] >>= 1; + (void) mbedtls_mpi_core_add(X, X, &carry[0], P255_WIDTH); return 0; } diff --git a/library/ecp_invasive.h b/library/ecp_invasive.h index aadcdbc78e..bea002c35a 100644 --- a/library/ecp_invasive.h +++ b/library/ecp_invasive.h @@ -241,6 +241,13 @@ int mbedtls_ecp_mod_p256k1_raw(mbedtls_mpi_uint *X, size_t X_limbs); #endif /* MBEDTLS_ECP_DP_SECP256K1_ENABLED */ +#if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED) + +MBEDTLS_STATIC_TESTABLE +int mbedtls_ecp_mod_p255_raw(mbedtls_mpi_uint *X, size_t X_limbs); + +#endif /* MBEDTLS_ECP_DP_CURVE25519_ENABLED */ + #if defined(MBEDTLS_ECP_DP_CURVE448_ENABLED) MBEDTLS_STATIC_TESTABLE From 16a62e312994af29a1f50d1f83388dad4eebf403 Mon Sep 17 00:00:00 2001 From: Aditya Deshpande Date: Tue, 11 Apr 2023 16:25:02 +0100 Subject: [PATCH 100/328] Bring over both necessary medium config files (regular and PSA style) from TFM. Signed-off-by: Aditya Deshpande --- configs/crypto_config_profile_medium.h | 115 ++++ .../tfm_mbedcrypto_config_profile_medium.h | 634 ++++++++++++++++++ 2 files changed, 749 insertions(+) create mode 100644 configs/crypto_config_profile_medium.h create mode 100644 configs/tfm_mbedcrypto_config_profile_medium.h diff --git a/configs/crypto_config_profile_medium.h b/configs/crypto_config_profile_medium.h new file mode 100644 index 0000000000..939e2a33e3 --- /dev/null +++ b/configs/crypto_config_profile_medium.h @@ -0,0 +1,115 @@ +/* + * Copyright (c) 2018-2022, Arm Limited. All rights reserved. + * + * SPDX-License-Identifier: BSD-3-Clause + * + */ +/** + * \file psa/crypto_config.h + * \brief PSA crypto configuration options (set of defines) + * + */ +#if defined(MBEDTLS_PSA_CRYPTO_CONFIG) +/** + * When #MBEDTLS_PSA_CRYPTO_CONFIG is enabled in mbedtls_config.h, + * this file determines which cryptographic mechanisms are enabled + * through the PSA Cryptography API (\c psa_xxx() functions). + * + * To enable a cryptographic mechanism, uncomment the definition of + * the corresponding \c PSA_WANT_xxx preprocessor symbol. + * To disable a cryptographic mechanism, comment out the definition of + * the corresponding \c PSA_WANT_xxx preprocessor symbol. + * The names of cryptographic mechanisms correspond to values + * defined in psa/crypto_values.h, with the prefix \c PSA_WANT_ instead + * of \c PSA_. + * + * Note that many cryptographic mechanisms involve two symbols: one for + * the key type (\c PSA_WANT_KEY_TYPE_xxx) and one for the algorithm + * (\c PSA_WANT_ALG_xxx). Mechanisms with additional parameters may involve + * additional symbols. + */ +#else +/** + * When \c MBEDTLS_PSA_CRYPTO_CONFIG is disabled in mbedtls_config.h, + * this file is not used, and cryptographic mechanisms are supported + * through the PSA API if and only if they are supported through the + * mbedtls_xxx API. + */ +#endif + +#ifndef PROFILE_M_PSA_CRYPTO_CONFIG_H +#define PROFILE_M_PSA_CRYPTO_CONFIG_H + +/* + * CBC-MAC is not yet supported via the PSA API in Mbed TLS. + */ +//#define PSA_WANT_ALG_CBC_MAC 1 +//#define PSA_WANT_ALG_CBC_NO_PADDING 1 +//#define PSA_WANT_ALG_CBC_PKCS7 1 +#define PSA_WANT_ALG_CCM 1 +//#define PSA_WANT_ALG_CMAC 1 +//#define PSA_WANT_ALG_CFB 1 +//#define PSA_WANT_ALG_CHACHA20_POLY1305 1 +//#define PSA_WANT_ALG_CTR 1 +#define PSA_WANT_ALG_DETERMINISTIC_ECDSA 1 +//#define PSA_WANT_ALG_ECB_NO_PADDING 1 +#define PSA_WANT_ALG_ECDH 1 +#define PSA_WANT_ALG_ECDSA 1 +//#define PSA_WANT_ALG_GCM 1 +#define PSA_WANT_ALG_HKDF 1 +#define PSA_WANT_ALG_HMAC 1 +//#define PSA_WANT_ALG_MD5 1 +//#define PSA_WANT_ALG_OFB 1 +/* PBKDF2-HMAC is not yet supported via the PSA API in Mbed TLS. + * Note: when adding support, also adjust include/mbedtls/config_psa.h */ +//#define PSA_WANT_ALG_PBKDF2_HMAC 1 +//#define PSA_WANT_ALG_RIPEMD160 1 +//#define PSA_WANT_ALG_RSA_OAEP 1 +//#define PSA_WANT_ALG_RSA_PKCS1V15_CRYPT 1 +//#define PSA_WANT_ALG_RSA_PKCS1V15_SIGN 1 +//#define PSA_WANT_ALG_RSA_PSS 1 +//#define PSA_WANT_ALG_SHA_1 1 +#define PSA_WANT_ALG_SHA_224 1 +#define PSA_WANT_ALG_SHA_256 1 +//#define PSA_WANT_ALG_SHA_384 1 +//#define PSA_WANT_ALG_SHA_512 1 +//#define PSA_WANT_ALG_STREAM_CIPHER 1 +#define PSA_WANT_ALG_TLS12_PRF 1 +#define PSA_WANT_ALG_TLS12_PSK_TO_MS 1 +/* PBKDF2-HMAC is not yet supported via the PSA API in Mbed TLS. + * Note: when adding support, also adjust include/mbedtls/config_psa.h */ +//#define PSA_WANT_ALG_XTS 1 + +//#define PSA_WANT_ECC_BRAINPOOL_P_R1_256 1 +//#define PSA_WANT_ECC_BRAINPOOL_P_R1_384 1 +//#define PSA_WANT_ECC_BRAINPOOL_P_R1_512 1 +//#define PSA_WANT_ECC_MONTGOMERY_255 1 +//#define PSA_WANT_ECC_MONTGOMERY_448 1 +//#define PSA_WANT_ECC_SECP_K1_192 1 +/* + * SECP224K1 is buggy via the PSA API in Mbed TLS + * (https://github.com/Mbed-TLS/mbedtls/issues/3541). Thus, do not enable it by + * default. + */ +//#define PSA_WANT_ECC_SECP_K1_224 1 +//#define PSA_WANT_ECC_SECP_K1_256 1 +//#define PSA_WANT_ECC_SECP_R1_192 1 +//#define PSA_WANT_ECC_SECP_R1_224 1 +#define PSA_WANT_ECC_SECP_R1_256 1 +//#define PSA_WANT_ECC_SECP_R1_384 1 +//#define PSA_WANT_ECC_SECP_R1_521 1 + +#define PSA_WANT_KEY_TYPE_DERIVE 1 +#define PSA_WANT_KEY_TYPE_HMAC 1 +#define PSA_WANT_KEY_TYPE_AES 1 +//#define PSA_WANT_KEY_TYPE_ARIA 1 +//#define PSA_WANT_KEY_TYPE_CAMELLIA 1 +//#define PSA_WANT_KEY_TYPE_CHACHA20 1 +//#define PSA_WANT_KEY_TYPE_DES 1 +#define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR 1 +#define PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY 1 +#define PSA_WANT_KEY_TYPE_RAW_DATA 1 +//#define PSA_WANT_KEY_TYPE_RSA_KEY_PAIR 1 +//#define PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY 1 + +#endif /* PROFILE_M_PSA_CRYPTO_CONFIG_H */ diff --git a/configs/tfm_mbedcrypto_config_profile_medium.h b/configs/tfm_mbedcrypto_config_profile_medium.h new file mode 100644 index 0000000000..5ecfeaa606 --- /dev/null +++ b/configs/tfm_mbedcrypto_config_profile_medium.h @@ -0,0 +1,634 @@ +/** + * \file config.h + * + * \brief Configuration options (set of defines) + * + * This set of compile-time options may be used to enable + * or disable features selectively, and reduce the global + * memory footprint. + */ +/* + * Copyright (C) 2006-2022, ARM Limited, All Rights Reserved + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * This file is part of mbed TLS (https://tls.mbed.org) + */ + +#ifndef PROFILE_M_MBEDTLS_CONFIG_H +#define PROFILE_M_MBEDTLS_CONFIG_H + +#include "config_tfm.h" + +#if defined(_MSC_VER) && !defined(_CRT_SECURE_NO_DEPRECATE) +#define _CRT_SECURE_NO_DEPRECATE 1 +#endif + +/** + * \name SECTION: System support + * + * This section sets system specific settings. + * \{ + */ + +/** + * \def MBEDTLS_HAVE_ASM + * + * The compiler has support for asm(). + * + * Requires support for asm() in compiler. + * + * Used in: + * library/aria.c + * library/timing.c + * include/mbedtls/bn_mul.h + * + * Required by: + * MBEDTLS_AESNI_C + * MBEDTLS_PADLOCK_C + * + * Comment to disable the use of assembly code. + */ +#define MBEDTLS_HAVE_ASM + +/** + * \def MBEDTLS_PLATFORM_MEMORY + * + * Enable the memory allocation layer. + * + * By default mbed TLS uses the system-provided calloc() and free(). + * This allows different allocators (self-implemented or provided) to be + * provided to the platform abstraction layer. + * + * Enabling MBEDTLS_PLATFORM_MEMORY without the + * MBEDTLS_PLATFORM_{FREE,CALLOC}_MACROs will provide + * "mbedtls_platform_set_calloc_free()" allowing you to set an alternative calloc() and + * free() function pointer at runtime. + * + * Enabling MBEDTLS_PLATFORM_MEMORY and specifying + * MBEDTLS_PLATFORM_{CALLOC,FREE}_MACROs will allow you to specify the + * alternate function at compile time. + * + * Requires: MBEDTLS_PLATFORM_C + * + * Enable this layer to allow use of alternative memory allocators. + */ +#define MBEDTLS_PLATFORM_MEMORY + +/* \} name SECTION: System support */ + +/** + * \name SECTION: mbed TLS feature support + * + * This section sets support for features that are or are not needed + * within the modules that are enabled. + * \{ + */ + +/** + * \def MBEDTLS_MD2_PROCESS_ALT + * + * MBEDTLS__FUNCTION_NAME__ALT: Uncomment a macro to let mbed TLS use you + * alternate core implementation of symmetric crypto or hash function. Keep in + * mind that function prototypes should remain the same. + * + * This replaces only one function. The header file from mbed TLS is still + * used, in contrast to the MBEDTLS__MODULE_NAME__ALT flags. + * + * Example: In case you uncomment MBEDTLS_SHA256_PROCESS_ALT, mbed TLS will + * no longer provide the mbedtls_sha1_process() function, but it will still provide + * the other function (using your mbedtls_sha1_process() function) and the definition + * of mbedtls_sha1_context, so your implementation of mbedtls_sha1_process must be compatible + * with this definition. + * + * \note Because of a signature change, the core AES encryption and decryption routines are + * currently named mbedtls_aes_internal_encrypt and mbedtls_aes_internal_decrypt, + * respectively. When setting up alternative implementations, these functions should + * be overridden, but the wrapper functions mbedtls_aes_decrypt and mbedtls_aes_encrypt + * must stay untouched. + * + * \note If you use the AES_xxx_ALT macros, then is is recommended to also set + * MBEDTLS_AES_ROM_TABLES in order to help the linker garbage-collect the AES + * tables. + * + * Uncomment a macro to enable alternate implementation of the corresponding + * function. + * + * \warning MD2, MD4, MD5, DES and SHA-1 are considered weak and their use + * constitutes a security risk. If possible, we recommend avoiding + * dependencies on them, and considering stronger message digests + * and ciphers instead. + * + */ +#define MBEDTLS_AES_SETKEY_DEC_ALT +#define MBEDTLS_AES_DECRYPT_ALT + +/** + * \def MBEDTLS_AES_ROM_TABLES + * + * Use precomputed AES tables stored in ROM. + * + * Uncomment this macro to use precomputed AES tables stored in ROM. + * Comment this macro to generate AES tables in RAM at runtime. + * + * Tradeoff: Using precomputed ROM tables reduces RAM usage by ~8kb + * (or ~2kb if \c MBEDTLS_AES_FEWER_TABLES is used) and reduces the + * initialization time before the first AES operation can be performed. + * It comes at the cost of additional ~8kb ROM use (resp. ~2kb if \c + * MBEDTLS_AES_FEWER_TABLES below is used), and potentially degraded + * performance if ROM access is slower than RAM access. + * + * This option is independent of \c MBEDTLS_AES_FEWER_TABLES. + * + */ +#define MBEDTLS_AES_ROM_TABLES + +/** + * \def MBEDTLS_AES_FEWER_TABLES + * + * Use less ROM/RAM for AES tables. + * + * Uncommenting this macro omits 75% of the AES tables from + * ROM / RAM (depending on the value of \c MBEDTLS_AES_ROM_TABLES) + * by computing their values on the fly during operations + * (the tables are entry-wise rotations of one another). + * + * Tradeoff: Uncommenting this reduces the RAM / ROM footprint + * by ~6kb but at the cost of more arithmetic operations during + * runtime. Specifically, one has to compare 4 accesses within + * different tables to 4 accesses with additional arithmetic + * operations within the same table. The performance gain/loss + * depends on the system and memory details. + * + * This option is independent of \c MBEDTLS_AES_ROM_TABLES. + * + */ +#define MBEDTLS_AES_FEWER_TABLES + +/** + * \def MBEDTLS_ECP_NIST_OPTIM + * + * Enable specific 'modulo p' routines for each NIST prime. + * Depending on the prime and architecture, makes operations 4 to 8 times + * faster on the corresponding curve. + * + * Comment this macro to disable NIST curves optimisation. + */ +#define MBEDTLS_ECP_NIST_OPTIM + +/** + * \def MBEDTLS_ERROR_STRERROR_DUMMY + * + * Enable a dummy error function to make use of mbedtls_strerror() in + * third party libraries easier when MBEDTLS_ERROR_C is disabled + * (no effect when MBEDTLS_ERROR_C is enabled). + * + * You can safely disable this if MBEDTLS_ERROR_C is enabled, or if you're + * not using mbedtls_strerror() or error_strerror() in your application. + * + * Disable if you run into name conflicts and want to really remove the + * mbedtls_strerror() + */ +#define MBEDTLS_ERROR_STRERROR_DUMMY + +/** + * \def MBEDTLS_NO_PLATFORM_ENTROPY + * + * Do not use built-in platform entropy functions. + * This is useful if your platform does not support + * standards like the /dev/urandom or Windows CryptoAPI. + * + * Uncomment this macro to disable the built-in platform entropy functions. + */ +#define MBEDTLS_NO_PLATFORM_ENTROPY + +/** + * \def MBEDTLS_ENTROPY_NV_SEED + * + * Enable the non-volatile (NV) seed file-based entropy source. + * (Also enables the NV seed read/write functions in the platform layer) + * + * This is crucial (if not required) on systems that do not have a + * cryptographic entropy source (in hardware or kernel) available. + * + * Requires: MBEDTLS_ENTROPY_C, MBEDTLS_PLATFORM_C + * + * \note The read/write functions that are used by the entropy source are + * determined in the platform layer, and can be modified at runtime and/or + * compile-time depending on the flags (MBEDTLS_PLATFORM_NV_SEED_*) used. + * + * \note If you use the default implementation functions that read a seedfile + * with regular fopen(), please make sure you make a seedfile with the + * proper name (defined in MBEDTLS_PLATFORM_STD_NV_SEED_FILE) and at + * least MBEDTLS_ENTROPY_BLOCK_SIZE bytes in size that can be read from + * and written to or you will get an entropy source error! The default + * implementation will only use the first MBEDTLS_ENTROPY_BLOCK_SIZE + * bytes from the file. + * + * \note The entropy collector will write to the seed file before entropy is + * given to an external source, to update it. + */ +#define MBEDTLS_ENTROPY_NV_SEED + +/* MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER + * + * Enable key identifiers that encode a key owner identifier. + * + * This is only meaningful when building the library as part of a + * multi-client service. When you activate this option, you must provide an + * implementation of the type mbedtls_key_owner_id_t and a translation from + * mbedtls_svc_key_id_t to file name in all the storage backends that you + * you wish to support. + * + * Note that this option is meant for internal use only and may be removed + * without notice. + */ +#define MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER + +/** + * \def MBEDTLS_PSA_CRYPTO_SPM + * + * When MBEDTLS_PSA_CRYPTO_SPM is defined, the code is built for SPM (Secure + * Partition Manager) integration which separates the code into two parts: a + * NSPE (Non-Secure Process Environment) and an SPE (Secure Process + * Environment). + * + * Module: library/psa_crypto.c + * Requires: MBEDTLS_PSA_CRYPTO_C + * + */ +#define MBEDTLS_PSA_CRYPTO_SPM + +/** + * \def MBEDTLS_SHA256_SMALLER + * + * Enable an implementation of SHA-256 that has lower ROM footprint but also + * lower performance. + * + * The default implementation is meant to be a reasonnable compromise between + * performance and size. This version optimizes more aggressively for size at + * the expense of performance. Eg on Cortex-M4 it reduces the size of + * mbedtls_sha256_process() from ~2KB to ~0.5KB for a performance hit of about + * 30%. + * + * Uncomment to enable the smaller implementation of SHA256. + */ +#define MBEDTLS_SHA256_SMALLER + +/** + * \def MBEDTLS_PSA_CRYPTO_CONFIG + * + * This setting allows support for cryptographic mechanisms through the PSA + * API to be configured separately from support through the mbedtls API. + * + * When this option is disabled, the PSA API exposes the cryptographic + * mechanisms that can be implemented on top of the `mbedtls_xxx` API + * configured with `MBEDTLS_XXX` symbols. + * + * When this option is enabled, the PSA API exposes the cryptographic + * mechanisms requested by the `PSA_WANT_XXX` symbols defined in + * include/psa/crypto_config.h. The corresponding `MBEDTLS_XXX` settings are + * automatically enabled if required (i.e. if no PSA driver provides the + * mechanism). You may still freely enable additional `MBEDTLS_XXX` symbols + * in mbedtls_config.h. + * + * If the symbol #MBEDTLS_PSA_CRYPTO_CONFIG_FILE is defined, it specifies + * an alternative header to include instead of include/psa/crypto_config.h. + * + * This feature is still experimental and is not ready for production since + * it is not completed. + */ +#define MBEDTLS_PSA_CRYPTO_CONFIG + +/* \} name SECTION: mbed TLS feature support */ + +/** + * \name SECTION: mbed TLS modules + * + * This section enables or disables entire modules in mbed TLS + * \{ + */ + +/** + * \def MBEDTLS_AES_C + * + * Enable the AES block cipher. + * + * Module: library/aes.c + * Caller: library/cipher.c + * library/pem.c + * library/ctr_drbg.c + * + * This module is required to support the TLS ciphersuites that use the AES + * cipher. + * + * PEM_PARSE uses AES for decrypting encrypted keys. + */ +#define MBEDTLS_AES_C + +/** + * \def MBEDTLS_CIPHER_C + * + * Enable the generic cipher layer. + * + * Module: library/cipher.c + * + * Uncomment to enable generic cipher wrappers. + */ +#define MBEDTLS_CIPHER_C + +/** + * \def MBEDTLS_CTR_DRBG_C + * + * Enable the CTR_DRBG AES-based random generator. + * The CTR_DRBG generator uses AES-256 by default. + * To use AES-128 instead, enable MBEDTLS_CTR_DRBG_USE_128_BIT_KEY below. + * + * Module: library/ctr_drbg.c + * Caller: + * + * Requires: MBEDTLS_AES_C + * + * This module provides the CTR_DRBG AES random number generator. + */ +#define MBEDTLS_CTR_DRBG_C + +/** + * \def MBEDTLS_ENTROPY_C + * + * Enable the platform-specific entropy code. + * + * Module: library/entropy.c + * Caller: + * + * Requires: MBEDTLS_SHA512_C or MBEDTLS_SHA256_C + * + * This module provides a generic entropy pool + */ +#define MBEDTLS_ENTROPY_C + +/** + * \def MBEDTLS_ERROR_C + * + * Enable error code to error string conversion. + * + * Module: library/error.c + * Caller: + * + * This module enables mbedtls_strerror(). + */ +#define MBEDTLS_ERROR_C + +/** + * \def MBEDTLS_HKDF_C + * + * Enable the HKDF algorithm (RFC 5869). + * + * Module: library/hkdf.c + * Caller: + * + * Requires: MBEDTLS_MD_C + * + * This module adds support for the Hashed Message Authentication Code + * (HMAC)-based key derivation function (HKDF). + */ +#define MBEDTLS_HKDF_C /* Used for HUK deriviation */ + +/** + * \def MBEDTLS_MEMORY_BUFFER_ALLOC_C + * + * Enable the buffer allocator implementation that makes use of a (stack) + * based buffer to 'allocate' dynamic memory. (replaces calloc() and free() + * calls) + * + * Module: library/memory_buffer_alloc.c + * + * Requires: MBEDTLS_PLATFORM_C + * MBEDTLS_PLATFORM_MEMORY (to use it within mbed TLS) + * + * Enable this module to enable the buffer memory allocator. + */ +#define MBEDTLS_MEMORY_BUFFER_ALLOC_C + +/** + * \def MBEDTLS_PK_C + * + * Enable the generic public (asymetric) key layer. + * + * Module: library/pk.c + * + * Requires: MBEDTLS_RSA_C or MBEDTLS_ECP_C + * + * Uncomment to enable generic public key wrappers. + */ +#define MBEDTLS_PK_C + +/** + * \def MBEDTLS_PK_PARSE_C + * + * Enable the generic public (asymetric) key parser. + * + * Module: library/pkparse.c + * + * Requires: MBEDTLS_PK_C + * + * Uncomment to enable generic public key parse functions. + */ +#define MBEDTLS_PK_PARSE_C + +/** + * \def MBEDTLS_PK_WRITE_C + * + * Enable the generic public (asymetric) key writer. + * + * Module: library/pkwrite.c + * + * Requires: MBEDTLS_PK_C + * + * Uncomment to enable generic public key write functions. + */ +#define MBEDTLS_PK_WRITE_C + +/** + * \def MBEDTLS_PLATFORM_C + * + * Enable the platform abstraction layer that allows you to re-assign + * functions like calloc(), free(), snprintf(), printf(), fprintf(), exit(). + * + * Enabling MBEDTLS_PLATFORM_C enables to use of MBEDTLS_PLATFORM_XXX_ALT + * or MBEDTLS_PLATFORM_XXX_MACRO directives, allowing the functions mentioned + * above to be specified at runtime or compile time respectively. + * + * \note This abstraction layer must be enabled on Windows (including MSYS2) + * as other module rely on it for a fixed snprintf implementation. + * + * Module: library/platform.c + * Caller: Most other .c files + * + * This module enables abstraction of common (libc) functions. + */ +#define MBEDTLS_PLATFORM_C + +#define MBEDTLS_PLATFORM_NO_STD_FUNCTIONS +#define MBEDTLS_PLATFORM_STD_MEM_HDR + +#include + +#define MBEDTLS_PLATFORM_SNPRINTF_MACRO snprintf +#define MBEDTLS_PLATFORM_PRINTF_ALT +#define MBEDTLS_PLATFORM_STD_EXIT_SUCCESS EXIT_SUCCESS +#define MBEDTLS_PLATFORM_STD_EXIT_FAILURE EXIT_FAILURE + +/** + * \def MBEDTLS_PSA_CRYPTO_C + * + * Enable the Platform Security Architecture cryptography API. + * + * Module: library/psa_crypto.c + * + * Requires: MBEDTLS_CTR_DRBG_C, MBEDTLS_ENTROPY_C + * + */ +#define MBEDTLS_PSA_CRYPTO_C + +/** + * \def MBEDTLS_PSA_CRYPTO_STORAGE_C + * + * Enable the Platform Security Architecture persistent key storage. + * + * Module: library/psa_crypto_storage.c + * + * Requires: MBEDTLS_PSA_CRYPTO_C, + * either MBEDTLS_PSA_ITS_FILE_C or a native implementation of + * the PSA ITS interface + */ +#define MBEDTLS_PSA_CRYPTO_STORAGE_C + +/* \} name SECTION: mbed TLS modules */ + +/** + * \name SECTION: General configuration options + * + * This section contains Mbed TLS build settings that are not associated + * with a particular module. + * + * \{ + */ + +/** + * \def MBEDTLS_CONFIG_FILE + * + * If defined, this is a header which will be included instead of + * `"mbedtls/mbedtls_config.h"`. + * This header file specifies the compile-time configuration of Mbed TLS. + * Unlike other configuration options, this one must be defined on the + * compiler command line: a definition in `mbedtls_config.h` would have + * no effect. + * + * This macro is expanded after an \#include directive. This is a popular but + * non-standard feature of the C language, so this feature is only available + * with compilers that perform macro expansion on an \#include line. + * + * The value of this symbol is typically a path in double quotes, either + * absolute or relative to a directory on the include search path. + */ +//#define MBEDTLS_CONFIG_FILE "mbedtls/mbedtls_config.h" + +/** + * \def MBEDTLS_USER_CONFIG_FILE + * + * If defined, this is a header which will be included after + * `"mbedtls/mbedtls_config.h"` or #MBEDTLS_CONFIG_FILE. + * This allows you to modify the default configuration, including the ability + * to undefine options that are enabled by default. + * + * This macro is expanded after an \#include directive. This is a popular but + * non-standard feature of the C language, so this feature is only available + * with compilers that perform macro expansion on an \#include line. + * + * The value of this symbol is typically a path in double quotes, either + * absolute or relative to a directory on the include search path. + */ +//#define MBEDTLS_USER_CONFIG_FILE "/dev/null" + +/** + * \def MBEDTLS_PSA_CRYPTO_CONFIG_FILE + * + * If defined, this is a header which will be included instead of + * `"psa/crypto_config.h"`. + * This header file specifies which cryptographic mechanisms are available + * through the PSA API when #MBEDTLS_PSA_CRYPTO_CONFIG is enabled, and + * is not used when #MBEDTLS_PSA_CRYPTO_CONFIG is disabled. + * + * This macro is expanded after an \#include directive. This is a popular but + * non-standard feature of the C language, so this feature is only available + * with compilers that perform macro expansion on an \#include line. + * + * The value of this symbol is typically a path in double quotes, either + * absolute or relative to a directory on the include search path. + */ +//#define MBEDTLS_PSA_CRYPTO_CONFIG_FILE "psa/crypto_config.h" + +/** + * \def MBEDTLS_PSA_CRYPTO_USER_CONFIG_FILE + * + * If defined, this is a header which will be included after + * `"psa/crypto_config.h"` or #MBEDTLS_PSA_CRYPTO_CONFIG_FILE. + * This allows you to modify the default configuration, including the ability + * to undefine options that are enabled by default. + * + * This macro is expanded after an \#include directive. This is a popular but + * non-standard feature of the C language, so this feature is only available + * with compilers that perform macro expansion on an \#include line. + * + * The value of this symbol is typically a path in double quotes, either + * absolute or relative to a directory on the include search path. + */ +//#define MBEDTLS_PSA_CRYPTO_USER_CONFIG_FILE "/dev/null" + +/** \} name SECTION: General configuration options */ + +/** + * \name SECTION: Module configuration options + * + * This section allows for the setting of module specific sizes and + * configuration options. The default values are already present in the + * relevant header files and should suffice for the regular use cases. + * + * Our advice is to enable options and change their values here + * only if you have a good reason and know the consequences. + * + * Please check the respective header file for documentation on these + * parameters (to prevent duplicate documentation). + * \{ + */ + +/* ECP options */ +#define MBEDTLS_ECP_FIXED_POINT_OPTIM 0 /**< Disable fixed-point speed-up */ + +/* \} name SECTION: Customisation configuration options */ + +#if CRYPTO_NV_SEED +#include "tfm_mbedcrypto_config_extra_nv_seed.h" +#endif /* CRYPTO_NV_SEED */ + +#if !defined(CRYPTO_HW_ACCELERATOR) && defined(MBEDTLS_ENTROPY_NV_SEED) +#include "mbedtls_entropy_nv_seed_config.h" +#endif + +#ifdef CRYPTO_HW_ACCELERATOR +#include "mbedtls_accelerator_config.h" +#endif + +#endif /* PROFILE_M_MBEDTLS_CONFIG_H */ From 2f1ae5a86ebd67faa50c3983b4567656c2234674 Mon Sep 17 00:00:00 2001 From: Aditya Deshpande Date: Tue, 11 Apr 2023 16:43:08 +0100 Subject: [PATCH 101/328] Modify TFM files to allow them to build on baremetal with Mbed TLS and fix code style. Also change the include path of crypto_spe.h in crypto_platform.h to allow the former file to be included in library-only builds. Signed-off-by: Aditya Deshpande --- .../tfm_mbedcrypto_config_profile_medium.h | 25 ++++++++----------- include/psa/crypto_platform.h | 2 +- 2 files changed, 11 insertions(+), 16 deletions(-) diff --git a/configs/tfm_mbedcrypto_config_profile_medium.h b/configs/tfm_mbedcrypto_config_profile_medium.h index 5ecfeaa606..b581f1f62a 100644 --- a/configs/tfm_mbedcrypto_config_profile_medium.h +++ b/configs/tfm_mbedcrypto_config_profile_medium.h @@ -29,8 +29,6 @@ #ifndef PROFILE_M_MBEDTLS_CONFIG_H #define PROFILE_M_MBEDTLS_CONFIG_H -#include "config_tfm.h" - #if defined(_MSC_VER) && !defined(_CRT_SECURE_NO_DEPRECATE) #define _CRT_SECURE_NO_DEPRECATE 1 #endif @@ -239,7 +237,9 @@ * \note The entropy collector will write to the seed file before entropy is * given to an external source, to update it. */ -#define MBEDTLS_ENTROPY_NV_SEED +// This macro is enabled in TFM Medium but is disabled here because it is +// incompatible with baremetal builds in Mbed TLS. +//#define MBEDTLS_ENTROPY_NV_SEED /* MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER * @@ -251,8 +251,10 @@ * mbedtls_svc_key_id_t to file name in all the storage backends that you * you wish to support. * - * Note that this option is meant for internal use only and may be removed - * without notice. + * Note that while this define has been removed from TF-M's copy of this config + * file, TF-M still passes this option to Mbed TLS during the build via CMake. + * Therefore we keep it in our copy. See discussion on PR #7426 for more info. + * */ #define MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER @@ -480,15 +482,6 @@ */ #define MBEDTLS_PLATFORM_C -#define MBEDTLS_PLATFORM_NO_STD_FUNCTIONS -#define MBEDTLS_PLATFORM_STD_MEM_HDR - -#include - -#define MBEDTLS_PLATFORM_SNPRINTF_MACRO snprintf -#define MBEDTLS_PLATFORM_PRINTF_ALT -#define MBEDTLS_PLATFORM_STD_EXIT_SUCCESS EXIT_SUCCESS -#define MBEDTLS_PLATFORM_STD_EXIT_FAILURE EXIT_FAILURE /** * \def MBEDTLS_PSA_CRYPTO_C @@ -513,7 +506,9 @@ * either MBEDTLS_PSA_ITS_FILE_C or a native implementation of * the PSA ITS interface */ -#define MBEDTLS_PSA_CRYPTO_STORAGE_C +// This macro is enabled in TFM Medium but is disabled here because it is +// incompatible with baremetal builds in Mbed TLS. +//#define MBEDTLS_PSA_CRYPTO_STORAGE_C /* \} name SECTION: mbed TLS modules */ diff --git a/include/psa/crypto_platform.h b/include/psa/crypto_platform.h index ee41c897f6..35a42f825a 100644 --- a/include/psa/crypto_platform.h +++ b/include/psa/crypto_platform.h @@ -83,7 +83,7 @@ static inline int mbedtls_key_owner_id_equal(mbedtls_key_owner_id_t id1, */ #if defined(MBEDTLS_PSA_CRYPTO_SPM) #define PSA_CRYPTO_SECURE 1 -#include "crypto_spe.h" +#include "../tests/include/spe/crypto_spe.h" #endif // MBEDTLS_PSA_CRYPTO_SPM #if defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG) From c2c967b1f03dc5f592e886aecca0b407d53fc7ed Mon Sep 17 00:00:00 2001 From: Minos Galanakis Date: Thu, 11 May 2023 09:59:05 +0100 Subject: [PATCH 102/328] ecp.py: Added tests for `mbedtls_ecp_mod_p255_raw` This patch introduces the `EcpP255Raw` test class for testing the curve using the preestablished `ecp_mod_p_generic_raw()` test. The test's logic has been updated accordingly. Signed-off-by: Minos Galanakis --- scripts/mbedtls_dev/ecp.py | 82 ++++++++++++++++++++++++++++ tests/suites/test_suite_ecp.function | 7 +++ 2 files changed, 89 insertions(+) diff --git a/scripts/mbedtls_dev/ecp.py b/scripts/mbedtls_dev/ecp.py index c9fb5e55e8..9d882819c8 100644 --- a/scripts/mbedtls_dev/ecp.py +++ b/scripts/mbedtls_dev/ecp.py @@ -711,6 +711,88 @@ class EcpP256K1Raw(bignum_common.ModOperationCommon, return ["MBEDTLS_ECP_DP_SECP256K1"] + args +class EcpP255Raw(bignum_common.ModOperationCommon, + EcpTarget): + """Test cases for ECP 25519 fast reduction.""" + symbol = "-" + test_function = "ecp_mod_p_generic_raw" + test_name = "mbedtls_ecp_mod_p255_raw" + input_style = "fixed" + arity = 1 + dependencies = ["MBEDTLS_ECP_DP_CURVE25519_ENABLED"] + + moduli = [("7fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffed")] # type: List[str] + + input_values = [ + "0", "1", + + # Modulus - 1 + ("7fffffffffffffffffffffffffffffffffffffffffffffffffffffff" + "ffffffec"), + + # Modulus + 1 + ("7fffffffffffffffffffffffffffffffffffffffffffffffffffffff" + "ffffffee"), + + # 2^255 - 1 + ("7fffffffffffffffffffffffffffffffffffffffffffffffffffffff" + "ffffffff"), + + # Maximum canonical P255 multiplication result + ("3fffffffffffffffffffffffffffffffffffffffffffffffffffffff" + "ffffffec000000000000000000000000000000000000000000000000" + "0000000000000190"), + + # First 8 number generated by random.getrandbits(510) - seed(2,2) + ("1019f0d64ee207f8da94e3e8ab73738fcf1822ffbc6887782b491044d5" + "e341245c6e433715ba2bdd177219d30e7a269fd95bafc8f2a4d27bdcf4" + "bb99f4bea973"), + ("20948fa1feac7eb7dc38f519b91751dacdbd47d364be8049a372db8f6e" + "405d93ffed9235288bc781ae66267594c9c9500925e4749b575bd13653" + "f8dd9b1f282e"), + ("3a1893ea5186ee32ee8d7ee9770348a05d300cb90706a045defc044a09" + "325626e6b58de744ab6cce80877b6f71e1f6d2ef8acd128b4f2fc15f3f" + "57ebf30b94fa"), + ("20a6923522fe99a22c70501e533c91352d3d854e061b90303b08c6e33c" + "7295782d6c797f8f7d9b782a1be9cd8697bbd0e2520e33e44c50556c71" + "c4a66148a86f"), + ("3a248138e8168561867e5e15bc01bfce6a27e0dfcbf8754472154e76e4" + "c11ab2fec3f6b32e8d4b8a8f54f8ceacaab39e83844b40ffa9b9f15c14" + "bc4a829e07b0"), + ("2f450feab714210c665d7435c1066932f4767f26294365b2721dea3bf6" + "3f23d0dbe53fcafb2147df5ca495fa5a91c89b97eeab64ca2ce6bc5d3f" + "d983c34c769f"), + ("1d199effe202849da9643a295a9ac6decbd4d3e2d4dec9ef83f0be4e80" + "371eb97f81375eecc1cb6347733e847d718d733ff98ff387c56473a7a8" + "3ee0761ebfd2"), + ("3423c6ec531d6460f0caeef038c89b38a8acb5137c9260dc74e088a9b9" + "492f258ebdbfe3eb9ac688b9d39cca91551e8259cc60b17604e4b4e736" + "95c3e652c71a"), + + # Next 2 number generated by random.getrandbits(255) + ("62f1243644a4a8f69dc8db48e86ec9c6e06f291b2a838af8d5c44a4eb3" + "172062"), + ("6a606e54b4c9e755cc9c3adcf515a8234da4daeb4f3f87777ad1f45ae9" + "500ec9"), + ] + + @property + def arg_a(self) -> str: + return super().format_arg('{:x}'.format(self.int_a)).zfill(2 * self.hex_digits) + + def result(self) -> List[str]: + result = self.int_a % self.int_n + return [self.format_result(result)] + + @property + def is_valid(self) -> bool: + return True + + def arguments(self): + args = super().arguments() + return ["MBEDTLS_ECP_DP_CURVE25519"] + args + + class EcpP448Raw(bignum_common.ModOperationCommon, EcpTarget): """Test cases for ECP P448 fast reduction.""" diff --git a/tests/suites/test_suite_ecp.function b/tests/suites/test_suite_ecp.function index 250efcc673..cc8a3271e9 100644 --- a/tests/suites/test_suite_ecp.function +++ b/tests/suites/test_suite_ecp.function @@ -1348,6 +1348,13 @@ void ecp_mod_p_generic_raw(int curve_id, curve_bits = 256; curve_func = &mbedtls_ecp_mod_p256k1_raw; break; +#endif +#if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED) + case MBEDTLS_ECP_DP_CURVE25519: + limbs = 2 * limbs_N; + curve_bits = 255; + curve_func = &mbedtls_ecp_mod_p255_raw; + break; #endif default: mbedtls_test_fail("Unsupported curve_id", __LINE__, __FILE__); From aada68f1bef17976d5f7ce11980bdfe7ca14f221 Mon Sep 17 00:00:00 2001 From: Minos Galanakis Date: Fri, 12 May 2023 17:10:16 +0100 Subject: [PATCH 103/328] ecp.py: Fixed types for `arguments()` overrides. Signed-off-by: Minos Galanakis --- scripts/mbedtls_dev/ecp.py | 19 ++++++++++--------- 1 file changed, 10 insertions(+), 9 deletions(-) diff --git a/scripts/mbedtls_dev/ecp.py b/scripts/mbedtls_dev/ecp.py index 9d882819c8..7626eda409 100644 --- a/scripts/mbedtls_dev/ecp.py +++ b/scripts/mbedtls_dev/ecp.py @@ -97,7 +97,7 @@ class EcpP192R1Raw(bignum_common.ModOperationCommon, def is_valid(self) -> bool: return True - def arguments(self): + def arguments(self)-> List[str]: args = super().arguments() return ["MBEDTLS_ECP_DP_SECP192R1"] + args @@ -174,7 +174,7 @@ class EcpP224R1Raw(bignum_common.ModOperationCommon, def is_valid(self) -> bool: return True - def arguments(self): + def arguments(self)-> List[str]: args = super().arguments() return ["MBEDTLS_ECP_DP_SECP224R1"] + args @@ -258,7 +258,7 @@ class EcpP256R1Raw(bignum_common.ModOperationCommon, def is_valid(self) -> bool: return True - def arguments(self): + def arguments(self)-> List[str]: args = super().arguments() return ["MBEDTLS_ECP_DP_SECP256R1"] + args @@ -380,7 +380,7 @@ class EcpP384R1Raw(bignum_common.ModOperationCommon, def is_valid(self) -> bool: return True - def arguments(self): + def arguments(self)-> List[str]: args = super().arguments() return ["MBEDTLS_ECP_DP_SECP384R1"] + args @@ -485,7 +485,7 @@ class EcpP521R1Raw(bignum_common.ModOperationCommon, def is_valid(self) -> bool: return True - def arguments(self): + def arguments(self)-> List[str]: args = super().arguments() return ["MBEDTLS_ECP_DP_SECP521R1"] + args @@ -721,18 +721,19 @@ class EcpP255Raw(bignum_common.ModOperationCommon, arity = 1 dependencies = ["MBEDTLS_ECP_DP_CURVE25519_ENABLED"] - moduli = [("7fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffed")] # type: List[str] + moduli = [("7fffffffffffffffffffffffffffffffffffffffffffffffff" + "ffffffffffffed")] # type: List[str] input_values = [ "0", "1", # Modulus - 1 ("7fffffffffffffffffffffffffffffffffffffffffffffffffffffff" - "ffffffec"), + "ffffffec"), # Modulus + 1 ("7fffffffffffffffffffffffffffffffffffffffffffffffffffffff" - "ffffffee"), + "ffffffee"), # 2^255 - 1 ("7fffffffffffffffffffffffffffffffffffffffffffffffffffffff" @@ -788,7 +789,7 @@ class EcpP255Raw(bignum_common.ModOperationCommon, def is_valid(self) -> bool: return True - def arguments(self): + def arguments(self)-> List[str]: args = super().arguments() return ["MBEDTLS_ECP_DP_CURVE25519"] + args From 2daa374ea868a48e0dbd8de6f03d54f62ae90bd2 Mon Sep 17 00:00:00 2001 From: Minos Galanakis Date: Wed, 17 May 2023 15:01:08 +0100 Subject: [PATCH 104/328] ecp_curves: Minor refactoring of `mbedtls_ecp_mod_p255_raw()` * Fixed whitespace issues. * Renamed variables to align with bignum conventions. * Updated alignment on test input data. Signed-off-by: Minos Galanakis --- library/ecp_curves.c | 24 ++++++--------- scripts/mbedtls_dev/ecp.py | 60 +++++++++++++++----------------------- 2 files changed, 32 insertions(+), 52 deletions(-) diff --git a/library/ecp_curves.c b/library/ecp_curves.c index 98e2f95196..fe62fec4d6 100644 --- a/library/ecp_curves.c +++ b/library/ecp_curves.c @@ -5420,7 +5420,7 @@ int mbedtls_ecp_mod_p521_raw(mbedtls_mpi_uint *X, size_t X_limbs) static int ecp_mod_p255(mbedtls_mpi *N) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - size_t expected_width = 2 * ((256 + biL - 1) / biL); + size_t expected_width = 2 * ((255 + biL - 1) / biL); MBEDTLS_MPI_CHK(mbedtls_mpi_grow(N, expected_width)); ret = mbedtls_ecp_mod_p255_raw(N->p, expected_width); cleanup: @@ -5433,32 +5433,26 @@ int mbedtls_ecp_mod_p255_raw(mbedtls_mpi_uint *X, size_t X_Limbs) mbedtls_mpi_uint carry[P255_WIDTH]; memset(carry, 0, sizeof(mbedtls_mpi_uint) * P255_WIDTH); - if (X_Limbs > 2*P255_WIDTH) { - X_Limbs = 2*P255_WIDTH; - } else if (X_Limbs < P255_WIDTH) { - return 0; - } - /* Step 1: Reduction to P255_WIDTH limbs */ if (X_Limbs > P255_WIDTH) { - /* Helper references for top part of N */ - mbedtls_mpi_uint * const NT_p = X + P255_WIDTH; - const size_t NT_n = X_Limbs - P255_WIDTH; + /* Helper references for top part of X */ + mbedtls_mpi_uint * const A1 = X + P255_WIDTH; + const size_t A1_limbs = X_Limbs - P255_WIDTH; - /* N = A0 + 38 * A1, capture carry out */ - carry[0] = mbedtls_mpi_core_mla(X, P255_WIDTH, NT_p, NT_n, 38); + /* X = A0 + 38 * A1, capture carry out */ + carry[0] = mbedtls_mpi_core_mla(X, P255_WIDTH, A1, A1_limbs, 38); /* Clear top part */ - memset(NT_p, 0, sizeof(mbedtls_mpi_uint) * NT_n); + memset(A1, 0, sizeof(mbedtls_mpi_uint) * A1_limbs); } /* Step 2: Reduce to

> (biL - 1)); + carry[0] += (X[P255_WIDTH - 1] >> (biL - 1)); carry[0] *= 19; /* Clear top bit */ - X[P255_WIDTH-1] <<= 1; X[P255_WIDTH-1] >>= 1; + X[P255_WIDTH - 1] <<= 1; X[P255_WIDTH - 1] >>= 1; (void) mbedtls_mpi_core_add(X, X, &carry[0], P255_WIDTH); return 0; diff --git a/scripts/mbedtls_dev/ecp.py b/scripts/mbedtls_dev/ecp.py index 7626eda409..02db438a72 100644 --- a/scripts/mbedtls_dev/ecp.py +++ b/scripts/mbedtls_dev/ecp.py @@ -728,53 +728,39 @@ class EcpP255Raw(bignum_common.ModOperationCommon, "0", "1", # Modulus - 1 - ("7fffffffffffffffffffffffffffffffffffffffffffffffffffffff" - "ffffffec"), + ("7fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffec"), # Modulus + 1 - ("7fffffffffffffffffffffffffffffffffffffffffffffffffffffff" - "ffffffee"), + ("7fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffee"), # 2^255 - 1 - ("7fffffffffffffffffffffffffffffffffffffffffffffffffffffff" - "ffffffff"), + ("7fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff"), # Maximum canonical P255 multiplication result - ("3fffffffffffffffffffffffffffffffffffffffffffffffffffffff" - "ffffffec000000000000000000000000000000000000000000000000" - "0000000000000190"), + ("3fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffec" + "0000000000000000000000000000000000000000000000000000000000000190"), # First 8 number generated by random.getrandbits(510) - seed(2,2) - ("1019f0d64ee207f8da94e3e8ab73738fcf1822ffbc6887782b491044d5" - "e341245c6e433715ba2bdd177219d30e7a269fd95bafc8f2a4d27bdcf4" - "bb99f4bea973"), - ("20948fa1feac7eb7dc38f519b91751dacdbd47d364be8049a372db8f6e" - "405d93ffed9235288bc781ae66267594c9c9500925e4749b575bd13653" - "f8dd9b1f282e"), - ("3a1893ea5186ee32ee8d7ee9770348a05d300cb90706a045defc044a09" - "325626e6b58de744ab6cce80877b6f71e1f6d2ef8acd128b4f2fc15f3f" - "57ebf30b94fa"), - ("20a6923522fe99a22c70501e533c91352d3d854e061b90303b08c6e33c" - "7295782d6c797f8f7d9b782a1be9cd8697bbd0e2520e33e44c50556c71" - "c4a66148a86f"), - ("3a248138e8168561867e5e15bc01bfce6a27e0dfcbf8754472154e76e4" - "c11ab2fec3f6b32e8d4b8a8f54f8ceacaab39e83844b40ffa9b9f15c14" - "bc4a829e07b0"), - ("2f450feab714210c665d7435c1066932f4767f26294365b2721dea3bf6" - "3f23d0dbe53fcafb2147df5ca495fa5a91c89b97eeab64ca2ce6bc5d3f" - "d983c34c769f"), - ("1d199effe202849da9643a295a9ac6decbd4d3e2d4dec9ef83f0be4e80" - "371eb97f81375eecc1cb6347733e847d718d733ff98ff387c56473a7a8" - "3ee0761ebfd2"), - ("3423c6ec531d6460f0caeef038c89b38a8acb5137c9260dc74e088a9b9" - "492f258ebdbfe3eb9ac688b9d39cca91551e8259cc60b17604e4b4e736" - "95c3e652c71a"), + ("1019f0d64ee207f8da94e3e8ab73738fcf1822ffbc6887782b491044d5e34124" + "5c6e433715ba2bdd177219d30e7a269fd95bafc8f2a4d27bdcf4bb99f4bea973"), + ("20948fa1feac7eb7dc38f519b91751dacdbd47d364be8049a372db8f6e405d93" + "ffed9235288bc781ae66267594c9c9500925e4749b575bd13653f8dd9b1f282e"), + ("3a1893ea5186ee32ee8d7ee9770348a05d300cb90706a045defc044a09325626" + "e6b58de744ab6cce80877b6f71e1f6d2ef8acd128b4f2fc15f3f57ebf30b94fa"), + ("20a6923522fe99a22c70501e533c91352d3d854e061b90303b08c6e33c729578" + "2d6c797f8f7d9b782a1be9cd8697bbd0e2520e33e44c50556c71c4a66148a86f"), + ("3a248138e8168561867e5e15bc01bfce6a27e0dfcbf8754472154e76e4c11ab2" + "fec3f6b32e8d4b8a8f54f8ceacaab39e83844b40ffa9b9f15c14bc4a829e07b0"), + ("2f450feab714210c665d7435c1066932f4767f26294365b2721dea3bf63f23d0" + "dbe53fcafb2147df5ca495fa5a91c89b97eeab64ca2ce6bc5d3fd983c34c769f"), + ("1d199effe202849da9643a295a9ac6decbd4d3e2d4dec9ef83f0be4e80371eb9" + "7f81375eecc1cb6347733e847d718d733ff98ff387c56473a7a83ee0761ebfd2"), + ("3423c6ec531d6460f0caeef038c89b38a8acb5137c9260dc74e088a9b9492f25" + "8ebdbfe3eb9ac688b9d39cca91551e8259cc60b17604e4b4e73695c3e652c71a"), # Next 2 number generated by random.getrandbits(255) - ("62f1243644a4a8f69dc8db48e86ec9c6e06f291b2a838af8d5c44a4eb3" - "172062"), - ("6a606e54b4c9e755cc9c3adcf515a8234da4daeb4f3f87777ad1f45ae9" - "500ec9"), + ("62f1243644a4a8f69dc8db48e86ec9c6e06f291b2a838af8d5c44a4eb3172062"), + ("6a606e54b4c9e755cc9c3adcf515a8234da4daeb4f3f87777ad1f45ae9500ec9"), ] @property From 65c386ee3dd6423622f5152cc6e5400b23dbb62b Mon Sep 17 00:00:00 2001 From: Minos Galanakis Date: Wed, 17 May 2023 18:18:13 +0100 Subject: [PATCH 105/328] ecp_curves: Switched to dynamic memory for Signed-off-by: Minos Galanakis --- library/ecp_curves.c | 18 +++++++++++------- 1 file changed, 11 insertions(+), 7 deletions(-) diff --git a/library/ecp_curves.c b/library/ecp_curves.c index fe62fec4d6..16800aadc8 100644 --- a/library/ecp_curves.c +++ b/library/ecp_curves.c @@ -22,6 +22,7 @@ #if defined(MBEDTLS_ECP_LIGHT) #include "mbedtls/ecp.h" +#include "mbedtls/platform.h" #include "mbedtls/platform_util.h" #include "mbedtls/error.h" @@ -5430,8 +5431,10 @@ cleanup: MBEDTLS_STATIC_TESTABLE int mbedtls_ecp_mod_p255_raw(mbedtls_mpi_uint *X, size_t X_Limbs) { - mbedtls_mpi_uint carry[P255_WIDTH]; - memset(carry, 0, sizeof(mbedtls_mpi_uint) * P255_WIDTH); + mbedtls_mpi_uint *carry = mbedtls_calloc(P255_WIDTH, ciL); + if (carry == NULL) { + return MBEDTLS_ERR_ECP_ALLOC_FAILED; + } /* Step 1: Reduction to P255_WIDTH limbs */ if (X_Limbs > P255_WIDTH) { @@ -5440,21 +5443,22 @@ int mbedtls_ecp_mod_p255_raw(mbedtls_mpi_uint *X, size_t X_Limbs) const size_t A1_limbs = X_Limbs - P255_WIDTH; /* X = A0 + 38 * A1, capture carry out */ - carry[0] = mbedtls_mpi_core_mla(X, P255_WIDTH, A1, A1_limbs, 38); + *carry = mbedtls_mpi_core_mla(X, P255_WIDTH, A1, A1_limbs, 38); /* Clear top part */ memset(A1, 0, sizeof(mbedtls_mpi_uint) * A1_limbs); } /* Step 2: Reduce to

> (biL - 1)); - carry[0] *= 19; + *carry <<= 1; + *carry += (X[P255_WIDTH - 1] >> (biL - 1)); + *carry *= 19; /* Clear top bit */ X[P255_WIDTH - 1] <<= 1; X[P255_WIDTH - 1] >>= 1; - (void) mbedtls_mpi_core_add(X, X, &carry[0], P255_WIDTH); + (void) mbedtls_mpi_core_add(X, X, carry, P255_WIDTH); + mbedtls_free(carry); return 0; } #endif /* MBEDTLS_ECP_DP_CURVE25519_ENABLED */ From 31f0b452c7b76531ff1d6cf1851ae159f76d1b3c Mon Sep 17 00:00:00 2001 From: Minos Galanakis Date: Thu, 18 May 2023 11:08:50 +0100 Subject: [PATCH 106/328] ecp_curves: Reintroduced input checking for Signed-off-by: Minos Galanakis --- library/ecp_curves.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/library/ecp_curves.c b/library/ecp_curves.c index 16800aadc8..1808152920 100644 --- a/library/ecp_curves.c +++ b/library/ecp_curves.c @@ -5431,6 +5431,13 @@ cleanup: MBEDTLS_STATIC_TESTABLE int mbedtls_ecp_mod_p255_raw(mbedtls_mpi_uint *X, size_t X_Limbs) { + + if (X_Limbs > 2*P255_WIDTH) { + X_Limbs = 2*P255_WIDTH; + } else if (X_Limbs < P255_WIDTH) { + return 0; + } + mbedtls_mpi_uint *carry = mbedtls_calloc(P255_WIDTH, ciL); if (carry == NULL) { return MBEDTLS_ERR_ECP_ALLOC_FAILED; From 47249fd9ec96167b9caf91769fc55463f77ce6f6 Mon Sep 17 00:00:00 2001 From: Minos Galanakis Date: Thu, 18 May 2023 16:16:17 +0100 Subject: [PATCH 107/328] ecp_curves: Added documentation for mbedtls_ecp_mod_p255_raw Signed-off-by: Minos Galanakis --- library/ecp_curves.c | 2 +- library/ecp_invasive.h | 16 ++++++++++++++++ 2 files changed, 17 insertions(+), 1 deletion(-) diff --git a/library/ecp_curves.c b/library/ecp_curves.c index 1808152920..2ad14e1086 100644 --- a/library/ecp_curves.c +++ b/library/ecp_curves.c @@ -5435,7 +5435,7 @@ int mbedtls_ecp_mod_p255_raw(mbedtls_mpi_uint *X, size_t X_Limbs) if (X_Limbs > 2*P255_WIDTH) { X_Limbs = 2*P255_WIDTH; } else if (X_Limbs < P255_WIDTH) { - return 0; + return MBEDTLS_ERR_ECP_BAD_INPUT_DATA; } mbedtls_mpi_uint *carry = mbedtls_calloc(P255_WIDTH, ciL); diff --git a/library/ecp_invasive.h b/library/ecp_invasive.h index bea002c35a..e73bdb1ef9 100644 --- a/library/ecp_invasive.h +++ b/library/ecp_invasive.h @@ -243,6 +243,22 @@ int mbedtls_ecp_mod_p256k1_raw(mbedtls_mpi_uint *X, size_t X_limbs); #if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED) +/** Fast quasi-reduction modulo p255 = 2^255 - 19 + * + * \param[in,out] X The address of the MPI to be converted. + * Must have exact limb size that stores a 510-bit MPI + * (double the bitlength of the modulus). + * Upon return holds the reduced value which is + * in range `0 <= X < 2 * N` (where N is the modulus). + * The bitlength of the reduced value is the same as + * that of the modulus (255 bits). + * \param[in] X_limbs The length of \p X in limbs. + * + * \return \c 0 on success. + * \return #MBEDTLS_ERR_ECP_BAD_INPUT_DATA if \p X does not have + * twice as many limbs as the modulus. + * \return #MBEDTLS_ERR_ECP_ALLOC_FAILED if memory allocation failed. + */ MBEDTLS_STATIC_TESTABLE int mbedtls_ecp_mod_p255_raw(mbedtls_mpi_uint *X, size_t X_limbs); From d6beda7af973f2d8fa6b0ec6eb903f3ad3176df5 Mon Sep 17 00:00:00 2001 From: Minos Galanakis Date: Mon, 22 May 2023 11:23:56 +0100 Subject: [PATCH 108/328] ecp_curves: Extended documentation for CURVE25519. Signed-off-by: Minos Galanakis --- library/ecp_curves.c | 9 ++++++++- library/ecp_invasive.h | 2 -- 2 files changed, 8 insertions(+), 3 deletions(-) diff --git a/library/ecp_curves.c b/library/ecp_curves.c index 2ad14e1086..c9868f39d2 100644 --- a/library/ecp_curves.c +++ b/library/ecp_curves.c @@ -5455,7 +5455,7 @@ int mbedtls_ecp_mod_p255_raw(mbedtls_mpi_uint *X, size_t X_Limbs) memset(A1, 0, sizeof(mbedtls_mpi_uint) * A1_limbs); } - /* Step 2: Reduce to

> (biL - 1)); @@ -5463,6 +5463,13 @@ int mbedtls_ecp_mod_p255_raw(mbedtls_mpi_uint *X, size_t X_Limbs) /* Clear top bit */ X[P255_WIDTH - 1] <<= 1; X[P255_WIDTH - 1] >>= 1; + /* Since the top bit for X has been cleared 0 + 0 + Carry + * will not overflow. + * + * Furthermore for 2p = 2^256-38. When a carry propagation on the highest + * limb occurs, X > 2^255 and all the remaining bits on the limb are zero. + * - If X < 2^255 ==> X < 2p + * - If X > 2^255 ==> X < 2^256 - 2^255 < 2p */ (void) mbedtls_mpi_core_add(X, X, carry, P255_WIDTH); mbedtls_free(carry); diff --git a/library/ecp_invasive.h b/library/ecp_invasive.h index e73bdb1ef9..746eea16eb 100644 --- a/library/ecp_invasive.h +++ b/library/ecp_invasive.h @@ -250,8 +250,6 @@ int mbedtls_ecp_mod_p256k1_raw(mbedtls_mpi_uint *X, size_t X_limbs); * (double the bitlength of the modulus). * Upon return holds the reduced value which is * in range `0 <= X < 2 * N` (where N is the modulus). - * The bitlength of the reduced value is the same as - * that of the modulus (255 bits). * \param[in] X_limbs The length of \p X in limbs. * * \return \c 0 on success. From 8a6225062a9887ffd3b7738df6ba2ec63b6edd53 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Thu, 18 May 2023 18:46:38 +0200 Subject: [PATCH 109/328] pk: move PSA error translation macros to internal header Signed-off-by: Valerio Setti --- library/pk.c | 7 ------- library/pk_internal.h | 11 +++++++++++ library/pk_wrap.c | 7 ------- 3 files changed, 11 insertions(+), 14 deletions(-) diff --git a/library/pk.c b/library/pk.c index 9c4aa16a6b..5ed485bafb 100644 --- a/library/pk.c +++ b/library/pk.c @@ -42,13 +42,6 @@ #if defined(MBEDTLS_PSA_CRYPTO_C) #include "mbedtls/psa_util.h" -#define PSA_PK_TO_MBEDTLS_ERR(status) psa_pk_status_to_mbedtls(status) -#define PSA_PK_RSA_TO_MBEDTLS_ERR(status) PSA_TO_MBEDTLS_ERR_LIST(status, \ - psa_to_pk_rsa_errors, \ - psa_pk_status_to_mbedtls) -#define PSA_PK_ECDSA_TO_MBEDTLS_ERR(status) PSA_TO_MBEDTLS_ERR_LIST(status, \ - psa_to_pk_ecdsa_errors, \ - psa_pk_status_to_mbedtls) #endif #include diff --git a/library/pk_internal.h b/library/pk_internal.h index dbb7bc1659..e47a0a95d3 100644 --- a/library/pk_internal.h +++ b/library/pk_internal.h @@ -33,6 +33,17 @@ #include "psa/crypto.h" #endif +#if defined(MBEDTLS_PSA_CRYPTO_C) +#include "mbedtls/psa_util.h" +#define PSA_PK_TO_MBEDTLS_ERR(status) psa_pk_status_to_mbedtls(status) +#define PSA_PK_RSA_TO_MBEDTLS_ERR(status) PSA_TO_MBEDTLS_ERR_LIST(status, \ + psa_to_pk_rsa_errors, \ + psa_pk_status_to_mbedtls) +#define PSA_PK_ECDSA_TO_MBEDTLS_ERR(status) PSA_TO_MBEDTLS_ERR_LIST(status, \ + psa_to_pk_ecdsa_errors, \ + psa_pk_status_to_mbedtls) +#endif + #if defined(MBEDTLS_ECP_LIGHT) /** * Public function mbedtls_pk_ec() can be used to get direct access to the diff --git a/library/pk_wrap.c b/library/pk_wrap.c index 3a3d3998b0..45ded6e2bc 100644 --- a/library/pk_wrap.c +++ b/library/pk_wrap.c @@ -43,13 +43,6 @@ #if defined(MBEDTLS_PSA_CRYPTO_C) #include "mbedtls/psa_util.h" -#define PSA_PK_TO_MBEDTLS_ERR(status) psa_pk_status_to_mbedtls(status) -#define PSA_PK_RSA_TO_MBEDTLS_ERR(status) PSA_TO_MBEDTLS_ERR_LIST(status, \ - psa_to_pk_rsa_errors, \ - psa_pk_status_to_mbedtls) -#define PSA_PK_ECDSA_TO_MBEDTLS_ERR(status) PSA_TO_MBEDTLS_ERR_LIST(status, \ - psa_to_pk_ecdsa_errors, \ - psa_pk_status_to_mbedtls) #endif #if defined(MBEDTLS_USE_PSA_CRYPTO) From e0e6311b64223e55214897ea1057b1bd42b57070 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Thu, 18 May 2023 18:48:07 +0200 Subject: [PATCH 110/328] pk: change location of Montgomery helpers This is to have them available only where they are really required. Signed-off-by: Valerio Setti --- library/pk_internal.h | 28 ++++++++++++---------------- library/pkparse.c | 6 ++++++ library/pkwrite.c | 20 ++++++++++++++++++++ 3 files changed, 38 insertions(+), 16 deletions(-) diff --git a/library/pk_internal.h b/library/pk_internal.h index e47a0a95d3..8d4b005710 100644 --- a/library/pk_internal.h +++ b/library/pk_internal.h @@ -81,24 +81,20 @@ static inline mbedtls_ecp_keypair *mbedtls_pk_ec_rw(const mbedtls_pk_context pk) } } -/* Helpers for Montgomery curves */ +static inline mbedtls_ecp_group_id mbedtls_pk_get_group_id(const mbedtls_pk_context *pk) +{ + mbedtls_ecp_group_id id; +#if defined(MBEDTLS_PK_USE_PSA_EC_DATA) + id = mbedtls_ecc_group_of_psa(pk->ec_family, pk->ec_bits, 0); +#else /* MBEDTLS_PK_USE_PSA_EC_DATA */ + id = mbedtls_pk_ec_ro(*pk)->grp.id; +#endif /* MBEDTLS_PK_USE_PSA_EC_DATA */ + return id; +} + +/* Helper for Montgomery curves */ #if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED) || defined(MBEDTLS_ECP_DP_CURVE448_ENABLED) #define MBEDTLS_PK_HAVE_RFC8410_CURVES - -static inline int mbedtls_pk_is_rfc8410_curve(mbedtls_ecp_group_id id) -{ -#if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED) - if (id == MBEDTLS_ECP_DP_CURVE25519) { - return 1; - } -#endif -#if defined(MBEDTLS_ECP_DP_CURVE448_ENABLED) - if (id == MBEDTLS_ECP_DP_CURVE448) { - return 1; - } -#endif - return 0; -} #endif /* MBEDTLS_ECP_DP_CURVE25519_ENABLED || MBEDTLS_ECP_DP_CURVE448_ENABLED */ #endif /* MBEDTLS_ECP_LIGHT */ diff --git a/library/pkparse.c b/library/pkparse.c index 9bc88015af..c2ececb44c 100644 --- a/library/pkparse.c +++ b/library/pkparse.c @@ -63,6 +63,12 @@ #include "mbedtls/platform.h" +/* Helper for Montgomery curves */ +#if defined(MBEDTLS_ECP_LIGHT) && defined(MBEDTLS_PK_HAVE_RFC8410_CURVES) +#define MBEDTLS_PK_IS_RFC8410_GROUP_ID(id) \ + ((id == MBEDTLS_ECP_DP_CURVE25519) || (id == MBEDTLS_ECP_DP_CURVE448)) +#endif /* MBEDTLS_ECP_LIGHT && MBEDTLS_PK_HAVE_RFC8410_CURVES */ + #if defined(MBEDTLS_FS_IO) /* * Load all data from a file into a given buffer. diff --git a/library/pkwrite.c b/library/pkwrite.c index 3577fa1a0f..e89baaf256 100644 --- a/library/pkwrite.c +++ b/library/pkwrite.c @@ -57,6 +57,26 @@ #endif #include "mbedtls/platform.h" +/* Helper for Montgomery curves */ +#if defined(MBEDTLS_ECP_LIGHT) && defined(MBEDTLS_PK_HAVE_RFC8410_CURVES) +static inline int mbedtls_pk_is_rfc8410(const mbedtls_pk_context *pk) +{ + mbedtls_ecp_group_id id = mbedtls_pk_get_group_id(pk); + +#if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED) + if (id == MBEDTLS_ECP_DP_CURVE25519) { + return 1; + } +#endif +#if defined(MBEDTLS_ECP_DP_CURVE448_ENABLED) + if (id == MBEDTLS_ECP_DP_CURVE448) { + return 1; + } +#endif + return 0; +} +#endif /* MBEDTLS_ECP_LIGHT && MBEDTLS_PK_HAVE_RFC8410_CURVES */ + #if defined(MBEDTLS_RSA_C) /* * RSAPublicKey ::= SEQUENCE { From b536126183e1ae58f3b44990b4ef98e964e26aac Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Thu, 18 May 2023 18:51:58 +0200 Subject: [PATCH 111/328] pk: manage allocate and free space when working with PSA private key Allocation does not need to perform any action since the priv_id field is already present on the pk_context. Free should destroy the key. Of course this is true only if the key is not opaque (because in that case it's the user responsibility to do so). Signed-off-by: Valerio Setti --- library/pk.c | 10 +++++++++- library/pk_wrap.c | 21 +++++++++++++++++++-- 2 files changed, 28 insertions(+), 3 deletions(-) diff --git a/library/pk.c b/library/pk.c index 5ed485bafb..77012e1578 100644 --- a/library/pk.c +++ b/library/pk.c @@ -78,6 +78,14 @@ void mbedtls_pk_free(mbedtls_pk_context *ctx) ctx->pk_info->ctx_free_func(ctx->pk_ctx); } +#if defined(MBEDTLS_PK_USE_PSA_EC_DATA) + /* The ownership of the priv_id key for opaque keys is external of the PK + * module. It's the user responsibility to clear it after use. */ + if ((ctx->pk_info != NULL) && (ctx->pk_info->type != MBEDTLS_PK_OPAQUE)) { + psa_destroy_key(ctx->priv_id); + } +#endif /* MBEDTLS_PK_USE_PSA_EC_DATA */ + mbedtls_platform_zeroize(ctx, sizeof(mbedtls_pk_context)); } @@ -143,7 +151,7 @@ int mbedtls_pk_setup(mbedtls_pk_context *ctx, const mbedtls_pk_info_t *info) return MBEDTLS_ERR_PK_BAD_INPUT_DATA; } - if ((info->ctx_alloc_func == NULL) || + if ((info->ctx_alloc_func != NULL) && ((ctx->pk_ctx = info->ctx_alloc_func()) == NULL)) { return MBEDTLS_ERR_PK_ALLOC_FAILED; } diff --git a/library/pk_wrap.c b/library/pk_wrap.c index 45ded6e2bc..7f5e751a9b 100644 --- a/library/pk_wrap.c +++ b/library/pk_wrap.c @@ -1214,6 +1214,7 @@ static int eckey_check_pair(mbedtls_pk_context *pub, mbedtls_pk_context *prv, #endif } +#if !defined(MBEDTLS_PK_USE_PSA_EC_DATA) static void *eckey_alloc_wrap(void) { void *ctx = mbedtls_calloc(1, sizeof(mbedtls_ecp_keypair)); @@ -1230,6 +1231,7 @@ static void eckey_free_wrap(void *ctx) mbedtls_ecp_keypair_free((mbedtls_ecp_keypair *) ctx); mbedtls_free(ctx); } +#endif /* MBEDTLS_PK_USE_PSA_EC_DATA */ static void eckey_debug(mbedtls_pk_context *pk, mbedtls_pk_debug_item *items) { @@ -1267,8 +1269,13 @@ const mbedtls_pk_info_t mbedtls_eckey_info = { NULL, NULL, eckey_check_pair, +#if defined(MBEDTLS_PK_USE_PSA_EC_DATA) + NULL, + NULL, +#else /* MBEDTLS_PK_USE_PSA_EC_DATA */ eckey_alloc_wrap, eckey_free_wrap, +#endif /* MBEDTLS_PK_USE_PSA_EC_DATA */ #if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE) eckey_rs_alloc, eckey_rs_free, @@ -1299,8 +1306,13 @@ const mbedtls_pk_info_t mbedtls_eckeydh_info = { NULL, NULL, eckey_check_pair, - eckey_alloc_wrap, /* Same underlying key structure */ - eckey_free_wrap, /* Same underlying key structure */ +#if defined(MBEDTLS_PK_USE_PSA_EC_DATA) + NULL, + NULL, +#else /* MBEDTLS_PK_USE_PSA_EC_DATA */ + eckey_alloc_wrap, /* Same underlying key structure */ + eckey_free_wrap, /* Same underlying key structure */ +#endif /* MBEDTLS_PK_USE_PSA_EC_DATA */ #if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE) NULL, NULL, @@ -1389,8 +1401,13 @@ const mbedtls_pk_info_t mbedtls_ecdsa_info = { NULL, NULL, eckey_check_pair, /* Compatible key structures */ +#if defined(MBEDTLS_PK_USE_PSA_EC_DATA) + NULL, + NULL, +#else /* MBEDTLS_PK_USE_PSA_EC_DATA */ eckey_alloc_wrap, /* Compatible key structures */ eckey_free_wrap, /* Compatible key structures */ +#endif /* MBEDTLS_PK_USE_PSA_EC_DATA */ #if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE) ecdsa_rs_alloc, ecdsa_rs_free, From 00e8dd15d2cc7960fc58b049b850b0f03329fa0d Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Thu, 18 May 2023 18:56:59 +0200 Subject: [PATCH 112/328] pk: manage parse and write for the new format Signed-off-by: Valerio Setti --- library/pkparse.c | 124 ++++++++++++++++++++++++++++++++++++---------- library/pkwrite.c | 53 +++++++++++++++----- 2 files changed, 138 insertions(+), 39 deletions(-) diff --git a/library/pkparse.c b/library/pkparse.c index c2ececb44c..18b40ceb84 100644 --- a/library/pkparse.c +++ b/library/pkparse.c @@ -514,6 +514,9 @@ static int pk_use_ecparams(const mbedtls_asn1_buf *params, mbedtls_pk_context *p #endif } +#if defined(MBEDTLS_PK_USE_PSA_EC_DATA) + ret = pk_update_psa_ecparams(pk, grp_id); +#else /* grp may already be initialized; if so, make sure IDs match */ if (mbedtls_pk_ec_ro(*pk)->grp.id != MBEDTLS_ECP_DP_NONE && mbedtls_pk_ec_ro(*pk)->grp.id != grp_id) { @@ -524,8 +527,6 @@ static int pk_use_ecparams(const mbedtls_asn1_buf *params, mbedtls_pk_context *p grp_id)) != 0) { return ret; } -#if defined(MBEDTLS_PK_USE_PSA_EC_DATA) - ret = pk_update_psa_ecparams(pk, grp_id); #endif /* MBEDTLS_PK_USE_PSA_EC_DATA */ return ret; @@ -539,20 +540,26 @@ static int pk_derive_public_key(mbedtls_pk_context *pk, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng) { int ret; - mbedtls_ecp_keypair *eck = (mbedtls_ecp_keypair *) pk->pk_ctx; #if defined(MBEDTLS_USE_PSA_CRYPTO) - psa_status_t status, destruction_status; + psa_status_t status; + (void) f_rng; + (void) p_rng; +#if defined(MBEDTLS_PK_USE_PSA_EC_DATA) + (void) d; + (void) d_len; + + status = psa_export_public_key(pk->priv_id, pk->pub_raw, sizeof(pk->pub_raw), + &pk->pub_raw_len); + ret = psa_pk_status_to_mbedtls(status); +#else /* MBEDTLS_PK_USE_PSA_EC_DATA */ + mbedtls_ecp_keypair *eck = (mbedtls_ecp_keypair *) pk->pk_ctx; + unsigned char key_buf[MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH]; + size_t key_len; + mbedtls_svc_key_id_t key_id = MBEDTLS_SVC_KEY_ID_INIT; psa_key_attributes_t key_attr = PSA_KEY_ATTRIBUTES_INIT; size_t curve_bits; psa_ecc_family_t curve = mbedtls_ecc_group_to_psa(eck->grp.id, &curve_bits); -#if !defined(MBEDTLS_PK_USE_PSA_EC_DATA) - unsigned char key_buf[MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH]; - size_t key_len; -#endif /* !MBEDTLS_PK_USE_PSA_EC_DATA */ - mbedtls_svc_key_id_t key_id = MBEDTLS_SVC_KEY_ID_INIT; - - (void) f_rng; - (void) p_rng; + psa_status_t destruction_status; psa_set_key_type(&key_attr, PSA_KEY_TYPE_ECC_KEY_PAIR(curve)); psa_set_key_usage_flags(&key_attr, PSA_KEY_USAGE_EXPORT); @@ -563,12 +570,7 @@ static int pk_derive_public_key(mbedtls_pk_context *pk, return ret; } -#if defined(MBEDTLS_PK_USE_PSA_EC_DATA) - status = psa_export_public_key(key_id, pk->pub_raw, sizeof(pk->pub_raw), - &pk->pub_raw_len); -#else /* MBEDTLS_PK_USE_PSA_EC_DATA */ status = psa_export_public_key(key_id, key_buf, sizeof(key_buf), &key_len); -#endif /* MBEDTLS_PK_USE_PSA_EC_DATA */ ret = psa_pk_status_to_mbedtls(status); destruction_status = psa_destroy_key(key_id); if (ret != 0) { @@ -576,10 +578,10 @@ static int pk_derive_public_key(mbedtls_pk_context *pk, } else if (destruction_status != PSA_SUCCESS) { return psa_pk_status_to_mbedtls(destruction_status); } -#if !defined(MBEDTLS_PK_USE_PSA_EC_DATA) ret = mbedtls_ecp_point_read_binary(&eck->grp, &eck->Q, key_buf, key_len); -#endif /* !MBEDTLS_PK_USE_PSA_EC_DATA */ +#endif /* MBEDTLS_PK_USE_PSA_EC_DATA */ #else /* MBEDTLS_USE_PSA_CRYPTO */ + mbedtls_ecp_keypair *eck = (mbedtls_ecp_keypair *) pk->pk_ctx; (void) d; (void) d_len; @@ -597,21 +599,21 @@ static int pk_use_ecparams_rfc8410(const mbedtls_asn1_buf *params, mbedtls_ecp_group_id grp_id, mbedtls_pk_context *pk) { - mbedtls_ecp_keypair *ecp = mbedtls_pk_ec_rw(*pk); int ret; if (params->tag != 0 || params->len != 0) { return MBEDTLS_ERR_PK_KEY_INVALID_FORMAT; } +#if defined(MBEDTLS_PK_USE_PSA_EC_DATA) + ret = pk_update_psa_ecparams(pk, grp_id); +#else + mbedtls_ecp_keypair *ecp = mbedtls_pk_ec_rw(*pk); ret = mbedtls_ecp_group_load(&(ecp->grp), grp_id); if (ret != 0) { return ret; } - -#if defined(MBEDTLS_PK_USE_PSA_EC_DATA) - ret = pk_update_psa_ecparams(pk, grp_id); -#endif /* MBEDTLS_PK_USE_PSA_EC_DATA */ +#endif return ret; } @@ -624,7 +626,6 @@ static int pk_parse_key_rfc8410_der(mbedtls_pk_context *pk, unsigned char *key, size_t keylen, const unsigned char *end, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng) { - mbedtls_ecp_keypair *eck = mbedtls_pk_ec_rw(*pk); int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t len; @@ -636,23 +637,54 @@ static int pk_parse_key_rfc8410_der(mbedtls_pk_context *pk, return MBEDTLS_ERR_PK_KEY_INVALID_FORMAT; } +#if defined(MBEDTLS_PK_USE_PSA_EC_DATA) + psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; + psa_status_t status; + + psa_set_key_type(&attributes, PSA_KEY_TYPE_ECC_KEY_PAIR(pk->ec_family)); + /* Setting largest masks for usage and key algorithms */ + psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_SIGN_HASH | + PSA_KEY_USAGE_SIGN_MESSAGE | + PSA_KEY_USAGE_EXPORT); +#if defined(MBEDTLS_ECDSA_DETERMINISTIC) + psa_set_key_algorithm(&attributes, + PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_ANY_HASH)); +#else + psa_set_key_algorithm(&attributes, PSA_ALG_ECDSA(PSA_ALG_ANY_HASH)); +#endif + + status = psa_import_key(&attributes, key, len, &pk->priv_id); + if (status != PSA_SUCCESS) { + ret = psa_pk_status_to_mbedtls(status); + return ret; + } +#else /* MBEDTLS_PK_USE_PSA_EC_DATA */ + mbedtls_ecp_keypair *eck = mbedtls_pk_ec_rw(*pk); + if ((ret = mbedtls_mpi_read_binary_le(&eck->d, key, len)) != 0) { mbedtls_ecp_keypair_free(eck); return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, ret); } +#endif /* MBEDTLS_PK_USE_PSA_EC_DATA */ /* pk_parse_key_pkcs8_unencrypted_der() only supports version 1 PKCS8 keys, * which never contain a public key. As such, derive the public key * unconditionally. */ if ((ret = pk_derive_public_key(pk, key, len, f_rng, p_rng)) != 0) { +#if !defined(MBEDTLS_PK_USE_PSA_EC_DATA) mbedtls_ecp_keypair_free(eck); +#endif /* !MBEDTLS_PK_USE_PSA_EC_DATA */ return ret; } + /* When MBEDTLS_PK_USE_PSA_EC_DATA the key is checked while importing it + * into PSA. */ +#if !defined(MBEDTLS_PK_USE_PSA_EC_DATA) if ((ret = mbedtls_ecp_check_privkey(&eck->grp, &eck->d)) != 0) { mbedtls_ecp_keypair_free(eck); return ret; } +#endif /* !MBEDTLS_PK_USE_PSA_EC_DATA */ return 0; } @@ -926,7 +958,7 @@ int mbedtls_pk_parse_subpubkey(unsigned char **p, const unsigned char *end, #if defined(MBEDTLS_ECP_LIGHT) if (pk_alg == MBEDTLS_PK_ECKEY_DH || pk_alg == MBEDTLS_PK_ECKEY) { #if defined(MBEDTLS_PK_HAVE_RFC8410_CURVES) - if (mbedtls_pk_is_rfc8410_curve(ec_grp_id)) { + if (MBEDTLS_PK_IS_RFC8410_GROUP_ID(ec_grp_id)) { ret = pk_use_ecparams_rfc8410(&alg_params, ec_grp_id, pk); } else #endif @@ -1158,6 +1190,12 @@ static int pk_parse_key_sec1_der(mbedtls_pk_context *pk, unsigned char *end = p + keylen; unsigned char *end2; mbedtls_ecp_keypair *eck = mbedtls_pk_ec_rw(*pk); +#if defined(MBEDTLS_PK_USE_PSA_EC_DATA) + psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; + psa_status_t status; + uint8_t priv_key_raw[MBEDTLS_PSA_MAX_EC_KEY_PAIR_LENGTH]; + size_t priv_key_len; +#endif /* MBEDTLS_PK_USE_PSA_EC_DATA */ /* * RFC 5915, or SEC1 Appendix C.4 @@ -1190,10 +1228,19 @@ static int pk_parse_key_sec1_der(mbedtls_pk_context *pk, d = p; d_len = len; + +#if defined(MBEDTLS_PK_USE_PSA_EC_DATA) + if (len > MBEDTLS_PSA_MAX_EC_KEY_PAIR_LENGTH) { + return MBEDTLS_ERR_PK_BAD_INPUT_DATA; + } + memcpy(priv_key_raw, p, len); + priv_key_len = len; +#else if ((ret = mbedtls_mpi_read_binary(&eck->d, p, len)) != 0) { mbedtls_ecp_keypair_free(eck); return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, ret); } +#endif p += len; @@ -1252,6 +1299,27 @@ static int pk_parse_key_sec1_der(mbedtls_pk_context *pk, } } +#if defined(MBEDTLS_PK_USE_PSA_EC_DATA) + psa_set_key_type(&attributes, PSA_KEY_TYPE_ECC_KEY_PAIR(pk->ec_family)); + /* Setting largest masks for usage and key algorithms */ + psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_SIGN_HASH | + PSA_KEY_USAGE_SIGN_MESSAGE | + PSA_KEY_USAGE_EXPORT); +#if defined(MBEDTLS_ECDSA_DETERMINISTIC) + psa_set_key_algorithm(&attributes, + PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_ANY_HASH)); +#else + psa_set_key_algorithm(&attributes, PSA_ALG_ECDSA(PSA_ALG_ANY_HASH)); +#endif + + status = psa_import_key(&attributes, priv_key_raw, priv_key_len, + &pk->priv_id); + if (status != PSA_SUCCESS) { + ret = psa_pk_status_to_mbedtls(status); + return ret; + } +#endif /* MBEDTLS_PK_USE_PSA_EC_DATA */ + if (!pubkey_done) { if ((ret = pk_derive_public_key(pk, d, d_len, f_rng, p_rng)) != 0) { mbedtls_ecp_keypair_free(eck); @@ -1259,10 +1327,12 @@ static int pk_parse_key_sec1_der(mbedtls_pk_context *pk, } } +#if !defined(MBEDTLS_PK_USE_PSA_EC_DATA) if ((ret = mbedtls_ecp_check_privkey(&eck->grp, &eck->d)) != 0) { mbedtls_ecp_keypair_free(eck); return ret; } +#endif /* !MBEDTLS_PK_USE_PSA_EC_DATA */ return 0; } @@ -1363,7 +1433,7 @@ static int pk_parse_key_pkcs8_unencrypted_der( #if defined(MBEDTLS_ECP_LIGHT) if (pk_alg == MBEDTLS_PK_ECKEY || pk_alg == MBEDTLS_PK_ECKEY_DH) { #if defined(MBEDTLS_PK_HAVE_RFC8410_CURVES) - if (mbedtls_pk_is_rfc8410_curve(ec_grp_id)) { + if (MBEDTLS_PK_IS_RFC8410_GROUP_ID(ec_grp_id)) { if ((ret = pk_use_ecparams_rfc8410(¶ms, ec_grp_id, pk)) != 0 || (ret = diff --git a/library/pkwrite.c b/library/pkwrite.c index e89baaf256..c8a96d9eaa 100644 --- a/library/pkwrite.c +++ b/library/pkwrite.c @@ -185,20 +185,33 @@ static int pk_write_ec_param(unsigned char **p, unsigned char *start, * privateKey OCTET STRING -- always of length ceil(log2(n)/8) */ static int pk_write_ec_private(unsigned char **p, unsigned char *start, - mbedtls_ecp_keypair *ec) + const mbedtls_pk_context *pk) { + size_t byte_length; int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - size_t byte_length = (ec->grp.pbits + 7) / 8; + +#if defined(MBEDTLS_PK_USE_PSA_EC_DATA) + unsigned char tmp[MBEDTLS_PSA_MAX_EC_KEY_PAIR_LENGTH]; + psa_status_t status; + + status = psa_export_key(pk->priv_id, tmp, sizeof(tmp), &byte_length); + if (status != PSA_SUCCESS) { + ret = PSA_PK_ECDSA_TO_MBEDTLS_ERR(status); + goto exit; + } +#else /* MBEDTLS_PK_USE_PSA_EC_DATA */ unsigned char tmp[MBEDTLS_ECP_MAX_BYTES]; + mbedtls_ecp_keypair *ec = mbedtls_pk_ec_rw(*pk); + byte_length = (ec->grp.pbits + 7) / 8; ret = mbedtls_ecp_write_key(ec, tmp, byte_length); if (ret != 0) { goto exit; } +#endif /* MBEDTLS_PK_USE_PSA_EC_DATA */ ret = mbedtls_asn1_write_octet_string(p, start, tmp, byte_length); - exit: - mbedtls_platform_zeroize(tmp, byte_length); + mbedtls_platform_zeroize(tmp, sizeof(tmp)); return ret; } #endif /* MBEDTLS_ECP_LIGHT */ @@ -280,7 +293,11 @@ int mbedtls_pk_write_pubkey_der(const mbedtls_pk_context *key, unsigned char *bu pk_type = mbedtls_pk_get_type(key); #if defined(MBEDTLS_ECP_LIGHT) if (pk_type == MBEDTLS_PK_ECKEY) { +#if defined(MBEDTLS_ECP_C) ec_grp_id = mbedtls_pk_ec_ro(*key)->grp.id; +#else /* MBEDTLS_ECP_C */ + ec_grp_id = mbedtls_ecc_group_of_psa(key->ec_family, key->ec_bits, 0); +#endif /* MBEDTLS_ECP_C */ } #endif /* MBEDTLS_ECP_LIGHT */ #if defined(MBEDTLS_USE_PSA_CRYPTO) @@ -372,7 +389,7 @@ int mbedtls_pk_write_pubkey_der(const mbedtls_pk_context *key, unsigned char *bu * CurvePrivateKey ::= OCTET STRING */ static int pk_write_ec_rfc8410_der(unsigned char **p, unsigned char *buf, - mbedtls_ecp_keypair *ec) + const mbedtls_pk_context *pk) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t len = 0; @@ -380,14 +397,23 @@ static int pk_write_ec_rfc8410_der(unsigned char **p, unsigned char *buf, const char *oid; /* privateKey */ - MBEDTLS_ASN1_CHK_ADD(len, pk_write_ec_private(p, buf, ec)); + MBEDTLS_ASN1_CHK_ADD(len, pk_write_ec_private(p, buf, pk)); MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(p, buf, len)); MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(p, buf, MBEDTLS_ASN1_OCTET_STRING)); /* privateKeyAlgorithm */ +#if defined(MBEDTLS_PK_USE_PSA_EC_DATA) + mbedtls_ecp_group_id grp_id = mbedtls_ecc_group_of_psa(pk->ec_family, + pk->ec_bits, 0); + if ((ret = mbedtls_oid_get_oid_by_ec_grp_algid(grp_id, &oid, &oid_len)) != 0) { + return ret; + } +#else /* MBEDTLS_PK_USE_PSA_EC_DATA */ + mbedtls_ecp_keypair *ec = mbedtls_pk_ec_rw(*pk); if ((ret = mbedtls_oid_get_oid_by_ec_grp_algid(ec->grp.id, &oid, &oid_len)) != 0) { return ret; } +#endif /* MBEDTLS_PK_USE_PSA_EC_DATA */ MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_algorithm_identifier_ext(p, buf, oid, oid_len, 0, 0)); @@ -408,6 +434,9 @@ int mbedtls_pk_write_key_der(const mbedtls_pk_context *key, unsigned char *buf, int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; unsigned char *c; size_t len = 0; +#if defined(MBEDTLS_ECP_LIGHT) + mbedtls_ecp_group_id grp_id; +#endif if (size == 0) { return MBEDTLS_ERR_ASN1_BUF_TOO_SMALL; @@ -503,12 +532,11 @@ end_of_export: #endif /* MBEDTLS_RSA_C */ #if defined(MBEDTLS_ECP_LIGHT) if (mbedtls_pk_get_type(key) == MBEDTLS_PK_ECKEY) { - mbedtls_ecp_keypair *ec = mbedtls_pk_ec_rw(*key); size_t pub_len = 0, par_len = 0; #if defined(MBEDTLS_PK_HAVE_RFC8410_CURVES) - if (mbedtls_pk_is_rfc8410_curve(ec->grp.id)) { - return pk_write_ec_rfc8410_der(&c, buf, ec); + if (mbedtls_pk_is_rfc8410(key)) { + return pk_write_ec_rfc8410_der(&c, buf, key); } #endif @@ -542,7 +570,8 @@ end_of_export: len += pub_len; /* parameters */ - MBEDTLS_ASN1_CHK_ADD(par_len, pk_write_ec_param(&c, buf, ec->grp.id)); + grp_id = mbedtls_pk_get_group_id(key); + MBEDTLS_ASN1_CHK_ADD(par_len, pk_write_ec_param(&c, buf, grp_id)); MBEDTLS_ASN1_CHK_ADD(par_len, mbedtls_asn1_write_len(&c, buf, par_len)); MBEDTLS_ASN1_CHK_ADD(par_len, mbedtls_asn1_write_tag(&c, buf, @@ -551,7 +580,7 @@ end_of_export: len += par_len; /* privateKey */ - MBEDTLS_ASN1_CHK_ADD(len, pk_write_ec_private(&c, buf, ec)); + MBEDTLS_ASN1_CHK_ADD(len, pk_write_ec_private(&c, buf, key)); /* version */ MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_int(&c, buf, 1)); @@ -625,7 +654,7 @@ int mbedtls_pk_write_key_pem(const mbedtls_pk_context *key, unsigned char *buf, #if defined(MBEDTLS_ECP_LIGHT) if (mbedtls_pk_get_type(key) == MBEDTLS_PK_ECKEY) { #if defined(MBEDTLS_PK_HAVE_RFC8410_CURVES) - if (mbedtls_pk_is_rfc8410_curve(mbedtls_pk_ec_ro(*key)->grp.id)) { + if (mbedtls_pk_is_rfc8410(key)) { begin = PEM_BEGIN_PRIVATE_KEY_PKCS8; end = PEM_END_PRIVATE_KEY_PKCS8; } else From ae8c628edb60be2a546a864f5e918b391ae85920 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Thu, 18 May 2023 18:57:57 +0200 Subject: [PATCH 113/328] pk: improve sign, check_pair and wrap_as_opaque functions with new format Signed-off-by: Valerio Setti --- library/pk.c | 16 +++++++++++++--- library/pk_wrap.c | 32 +++++++++++++++++++++----------- 2 files changed, 34 insertions(+), 14 deletions(-) diff --git a/library/pk.c b/library/pk.c index 77012e1578..cccadb1f92 100644 --- a/library/pk.c +++ b/library/pk.c @@ -912,24 +912,34 @@ int mbedtls_pk_wrap_as_opaque(mbedtls_pk_context *pk, #else /* !MBEDTLS_ECP_LIGHT && !MBEDTLS_RSA_C */ #if defined(MBEDTLS_ECP_LIGHT) if (mbedtls_pk_get_type(pk) == MBEDTLS_PK_ECKEY) { - mbedtls_ecp_keypair *ec; unsigned char d[MBEDTLS_ECP_MAX_BYTES]; size_t d_len; psa_ecc_family_t curve_id; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; psa_key_type_t key_type; size_t bits; - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; psa_status_t status; /* export the private key material in the format PSA wants */ - ec = mbedtls_pk_ec_rw(*pk); +#if defined(MBEDTLS_PK_USE_PSA_EC_DATA) + status = psa_export_key(pk->priv_id, d, sizeof(d), &d_len); + if (status != PSA_SUCCESS) { + return psa_pk_status_to_mbedtls(status); + } + + curve_id = pk->ec_family; + bits = pk->ec_bits; +#else /* MBEDTLS_PK_USE_PSA_EC_DATA */ + mbedtls_ecp_keypair *ec = mbedtls_pk_ec_rw(*pk); + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + d_len = PSA_BITS_TO_BYTES(ec->grp.nbits); if ((ret = mbedtls_ecp_write_key(ec, d, d_len)) != 0) { return ret; } curve_id = mbedtls_ecc_group_to_psa(ec->grp.id, &bits); +#endif /* MBEDTLS_PK_USE_PSA_EC_DATA */ key_type = PSA_KEY_TYPE_ECC_KEY_PAIR(curve_id); /* prepare the key attributes */ diff --git a/library/pk_wrap.c b/library/pk_wrap.c index 7f5e751a9b..f3a44aedfb 100644 --- a/library/pk_wrap.c +++ b/library/pk_wrap.c @@ -925,12 +925,9 @@ static int ecdsa_sign_wrap(mbedtls_pk_context *pk, mbedtls_md_type_t md_alg, unsigned char *sig, size_t sig_size, size_t *sig_len, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng) { - mbedtls_ecp_keypair *ctx = pk->pk_ctx; int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; mbedtls_svc_key_id_t key_id = MBEDTLS_SVC_KEY_ID_INIT; psa_status_t status; - unsigned char buf[MBEDTLS_PSA_MAX_EC_KEY_PAIR_LENGTH]; #if defined(MBEDTLS_ECDSA_DETERMINISTIC) psa_algorithm_t psa_sig_md = PSA_ALG_DETERMINISTIC_ECDSA(mbedtls_hash_info_psa_from_md(md_alg)); @@ -938,10 +935,17 @@ static int ecdsa_sign_wrap(mbedtls_pk_context *pk, mbedtls_md_type_t md_alg, psa_algorithm_t psa_sig_md = PSA_ALG_ECDSA(mbedtls_hash_info_psa_from_md(md_alg)); #endif +#if defined(MBEDTLS_PK_USE_PSA_EC_DATA) + psa_ecc_family_t curve = pk->ec_family; +#else /* MBEDTLS_PK_USE_PSA_EC_DATA */ + mbedtls_ecp_keypair *ctx = pk->pk_ctx; + psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; + unsigned char buf[MBEDTLS_PSA_MAX_EC_KEY_PAIR_LENGTH]; size_t curve_bits; psa_ecc_family_t curve = mbedtls_ecc_group_to_psa(ctx->grp.id, &curve_bits); size_t key_len = PSA_BITS_TO_BYTES(curve_bits); +#endif /* MBEDTLS_PK_USE_PSA_EC_DATA */ /* PSA has its own RNG */ ((void) f_rng); @@ -951,6 +955,12 @@ static int ecdsa_sign_wrap(mbedtls_pk_context *pk, mbedtls_md_type_t md_alg, return MBEDTLS_ERR_PK_BAD_INPUT_DATA; } +#if defined(MBEDTLS_PK_USE_PSA_EC_DATA) + if (MBEDTLS_SVC_KEY_ID_GET_KEY_ID(pk->priv_id) == PSA_KEY_ID_NULL) { + return MBEDTLS_ERR_PK_BAD_INPUT_DATA; + } + key_id = pk->priv_id; +#else if (key_len > sizeof(buf)) { return MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; } @@ -970,6 +980,7 @@ static int ecdsa_sign_wrap(mbedtls_pk_context *pk, mbedtls_md_type_t md_alg, ret = PSA_PK_TO_MBEDTLS_ERR(status); goto cleanup; } +#endif /* MBEDTLS_PK_USE_PSA_EC_DATA */ status = psa_sign_hash(key_id, psa_sig_md, hash, hash_len, sig, sig_size, sig_len); @@ -981,8 +992,11 @@ static int ecdsa_sign_wrap(mbedtls_pk_context *pk, mbedtls_md_type_t md_alg, ret = pk_ecdsa_sig_asn1_from_psa(sig, sig_len, sig_size); cleanup: + +#if !defined(MBEDTLS_PK_USE_PSA_EC_DATA) mbedtls_platform_zeroize(buf, sizeof(buf)); status = psa_destroy_key(key_id); +#endif /* MBEDTLS_PK_USE_PSA_EC_DATA */ if (ret == 0 && status != PSA_SUCCESS) { ret = PSA_PK_TO_MBEDTLS_ERR(status); } @@ -1123,24 +1137,19 @@ cleanup: static int eckey_check_pair_psa(mbedtls_pk_context *pub, mbedtls_pk_context *prv) { psa_status_t status, destruction_status; - psa_key_attributes_t key_attr = PSA_KEY_ATTRIBUTES_INIT; int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - /* We are using MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH for the size of this - * buffer because it will be used to hold the private key at first and - * then its public part (but not at the same time). */ uint8_t prv_key_buf[MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH]; size_t prv_key_len; - mbedtls_svc_key_id_t key_id = MBEDTLS_SVC_KEY_ID_INIT; #if defined(MBEDTLS_PK_USE_PSA_EC_DATA) - const psa_ecc_family_t curve = prv->ec_family; - const size_t curve_bits = prv->ec_bits; + mbedtls_svc_key_id_t key_id = prv->priv_id; #else /* !MBEDTLS_PK_USE_PSA_EC_DATA */ + mbedtls_svc_key_id_t key_id = MBEDTLS_SVC_KEY_ID_INIT; + psa_key_attributes_t key_attr = PSA_KEY_ATTRIBUTES_INIT; uint8_t pub_key_buf[MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH]; size_t pub_key_len; size_t curve_bits; const psa_ecc_family_t curve = mbedtls_ecc_group_to_psa(mbedtls_pk_ec_ro(*prv)->grp.id, &curve_bits); -#endif /* !MBEDTLS_PK_USE_PSA_EC_DATA */ const size_t curve_bytes = PSA_BITS_TO_BYTES(curve_bits); if (curve == 0) { @@ -1163,6 +1172,7 @@ static int eckey_check_pair_psa(mbedtls_pk_context *pub, mbedtls_pk_context *prv } mbedtls_platform_zeroize(prv_key_buf, sizeof(prv_key_buf)); +#endif /* !MBEDTLS_PK_USE_PSA_EC_DATA */ status = psa_export_public_key(key_id, prv_key_buf, sizeof(prv_key_buf), &prv_key_len); From 972077820b392af04ce86a4e4a1a5692224db0d2 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Thu, 18 May 2023 18:59:06 +0200 Subject: [PATCH 114/328] tls/x509: minor enhancement for using the new private key format Signed-off-by: Valerio Setti --- library/ssl_tls.c | 9 +++++++-- library/ssl_tls12_client.c | 20 +++++++++++--------- library/ssl_tls12_server.c | 19 +++++++++++++++++-- library/x509_crt.c | 2 +- 4 files changed, 36 insertions(+), 14 deletions(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index fe666e88cc..2babb04a4a 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -7388,13 +7388,18 @@ static int ssl_parse_certificate_verify(mbedtls_ssl_context *ssl, /* and in the unlikely case the above assumption no longer holds * we are making sure that pk_ec() here does not return a NULL */ + mbedtls_ecp_group_id grp_id; +#if defined(MBEDTLS_PK_USE_PSA_EC_DATA) + grp_id = mbedtls_ecc_group_of_psa(pk->ec_family, pk->ec_bits, 0); +#else /* MBEDTLS_PK_USE_PSA_EC_DATA */ const mbedtls_ecp_keypair *ec = mbedtls_pk_ec_ro(*pk); if (ec == NULL) { MBEDTLS_SSL_DEBUG_MSG(1, ("mbedtls_pk_ec_ro() returned NULL")); return MBEDTLS_ERR_SSL_INTERNAL_ERROR; } - - if (mbedtls_ssl_check_curve(ssl, ec->grp.id) != 0) { + grp_id = ec->grp.id; +#endif /* MBEDTLS_PK_USE_PSA_EC_DATA */ + if (mbedtls_ssl_check_curve(ssl, grp_id) != 0) { ssl->session_negotiate->verify_result |= MBEDTLS_X509_BADCERT_BAD_KEY; diff --git a/library/ssl_tls12_client.c b/library/ssl_tls12_client.c index 070583b138..691fa62dbd 100644 --- a/library/ssl_tls12_client.c +++ b/library/ssl_tls12_client.c @@ -1986,7 +1986,6 @@ MBEDTLS_CHECK_RETURN_CRITICAL static int ssl_get_ecdh_params_from_cert(mbedtls_ssl_context *ssl) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - const mbedtls_ecp_keypair *peer_key; mbedtls_pk_context *peer_pk; #if !defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE) @@ -2007,21 +2006,24 @@ static int ssl_get_ecdh_params_from_cert(mbedtls_ssl_context *ssl) return MBEDTLS_ERR_SSL_PK_TYPE_MISMATCH; } - peer_key = mbedtls_pk_ec_ro(*peer_pk); +#if defined(MBEDTLS_ECP_C) + const mbedtls_ecp_keypair *peer_key = mbedtls_pk_ec_ro(*peer_pk); +#endif /* MBEDTLS_ECP_C */ #if defined(MBEDTLS_USE_PSA_CRYPTO) uint16_t tls_id = 0; psa_ecc_family_t ecc_family; + mbedtls_ecp_group_id grp_id = mbedtls_pk_get_group_id(peer_pk); - if (mbedtls_ssl_check_curve(ssl, peer_key->grp.id) != 0) { + if (mbedtls_ssl_check_curve(ssl, grp_id) != 0) { MBEDTLS_SSL_DEBUG_MSG(1, ("bad server certificate (ECDH curve)")); return MBEDTLS_ERR_SSL_BAD_CERTIFICATE; } - tls_id = mbedtls_ssl_get_tls_id_from_ecp_group_id(peer_key->grp.id); + tls_id = mbedtls_ssl_get_tls_id_from_ecp_group_id(grp_id); if (tls_id == 0) { MBEDTLS_SSL_DEBUG_MSG(1, ("ECC group %u not suported", - peer_key->grp.id)); + grp_id)); return MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER; } @@ -2037,7 +2039,7 @@ static int ssl_get_ecdh_params_from_cert(mbedtls_ssl_context *ssl) memcpy(ssl->handshake->ecdh_psa_peerkey, peer_pk->pub_raw, peer_pk->pub_raw_len); ssl->handshake->ecdh_psa_peerkey_len = peer_pk->pub_raw_len; ret = 0; -#else +#else /* MBEDTLS_PK_USE_PSA_EC_DATA */ size_t olen = 0; ret = mbedtls_ecp_point_write_binary(&peer_key->grp, &peer_key->Q, MBEDTLS_ECP_PF_UNCOMPRESSED, &olen, @@ -2049,8 +2051,8 @@ static int ssl_get_ecdh_params_from_cert(mbedtls_ssl_context *ssl) return ret; } ssl->handshake->ecdh_psa_peerkey_len = olen; -#endif /* MBEDTLS_ECP_C */ -#else +#endif /* MBEDTLS_PK_USE_PSA_EC_DATA */ +#else /* MBEDTLS_USE_PSA_CRYPTO */ if ((ret = mbedtls_ecdh_get_params(&ssl->handshake->ecdh_ctx, peer_key, MBEDTLS_ECDH_THEIRS)) != 0) { MBEDTLS_SSL_DEBUG_RET(1, ("mbedtls_ecdh_get_params"), ret); @@ -2061,7 +2063,7 @@ static int ssl_get_ecdh_params_from_cert(mbedtls_ssl_context *ssl) MBEDTLS_SSL_DEBUG_MSG(1, ("bad server certificate (ECDH curve)")); return MBEDTLS_ERR_SSL_BAD_CERTIFICATE; } -#endif +#endif /* MBEDTLS_USE_PSA_CRYPTO */ #if !defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE) /* We don't need the peer's public key anymore. Free it, * so that more RAM is available for upcoming expensive diff --git a/library/ssl_tls12_server.c b/library/ssl_tls12_server.c index aa3e306a4a..a442b3714b 100644 --- a/library/ssl_tls12_server.c +++ b/library/ssl_tls12_server.c @@ -2600,7 +2600,10 @@ static int ssl_get_ecdh_params_from_cert(mbedtls_ssl_context *ssl) psa_ecc_family_t ecc_family; size_t key_len; mbedtls_pk_context *pk; + mbedtls_ecp_group_id grp_id; +#if !defined(MBEDTLS_PK_USE_PSA_EC_DATA) mbedtls_ecp_keypair *key; +#endif /* !MBEDTLS_PK_USE_PSA_EC_DATA */ pk = mbedtls_ssl_own_key(ssl); @@ -2636,12 +2639,16 @@ static int ssl_get_ecdh_params_from_cert(mbedtls_ssl_context *ssl) case MBEDTLS_PK_ECKEY: case MBEDTLS_PK_ECKEY_DH: case MBEDTLS_PK_ECDSA: +#if defined(MBEDTLS_PK_USE_PSA_EC_DATA) + grp_id = mbedtls_ecc_group_of_psa(pk->ec_family, pk->ec_bits, 0); +#else /* MBEDTLS_PK_USE_PSA_EC_DATA */ key = mbedtls_pk_ec_rw(*pk); if (key == NULL) { return MBEDTLS_ERR_ECP_BAD_INPUT_DATA; } - - tls_id = mbedtls_ssl_get_tls_id_from_ecp_group_id(key->grp.id); + grp_id = key->grp.id; +#endif /* MBEDTLS_PK_USE_PSA_EC_DATA */ + tls_id = mbedtls_ssl_get_tls_id_from_ecp_group_id(grp_id); if (tls_id == 0) { /* This elliptic curve is not supported */ return MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE; @@ -2661,11 +2668,19 @@ static int ssl_get_ecdh_params_from_cert(mbedtls_ssl_context *ssl) PSA_KEY_TYPE_ECC_KEY_PAIR(ssl->handshake->ecdh_psa_type)); psa_set_key_bits(&key_attributes, ssl->handshake->ecdh_bits); +#if defined(MBEDTLS_PK_USE_PSA_EC_DATA) + status = psa_export_key(pk->priv_id, buf, sizeof(buf), &key_len); + if (status != PSA_SUCCESS) { + ret = PSA_TO_MBEDTLS_ERR(status); + goto cleanup; + } +#else /* MBEDTLS_PK_USE_PSA_EC_DATA */ key_len = PSA_BITS_TO_BYTES(key->grp.pbits); ret = mbedtls_ecp_write_key(key, buf, key_len); if (ret != 0) { goto cleanup; } +#endif /* MBEDTLS_PK_USE_PSA_EC_DATA */ status = psa_import_key(&key_attributes, buf, key_len, &ssl->handshake->ecdh_psa_privkey); diff --git a/library/x509_crt.c b/library/x509_crt.c index cba30aaf27..b658f7caa6 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -238,7 +238,7 @@ static int x509_profile_check_key(const mbedtls_x509_crt_profile *profile, if (pk_alg == MBEDTLS_PK_ECDSA || pk_alg == MBEDTLS_PK_ECKEY || pk_alg == MBEDTLS_PK_ECKEY_DH) { - const mbedtls_ecp_group_id gid = mbedtls_pk_ec_ro(*pk)->grp.id; + const mbedtls_ecp_group_id gid = mbedtls_pk_get_group_id(pk); if (gid == MBEDTLS_ECP_DP_NONE) { return -1; From 7237d5ff5b269f9859d1b97b317a4d2b535b8f9a Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Thu, 18 May 2023 19:00:22 +0200 Subject: [PATCH 115/328] test: minor enhancement for using the new private key format Signed-off-by: Valerio Setti --- tests/suites/test_suite_pk.function | 47 +++++++++--------------- tests/suites/test_suite_pkparse.function | 7 +++- 2 files changed, 22 insertions(+), 32 deletions(-) diff --git a/tests/suites/test_suite_pk.function b/tests/suites/test_suite_pk.function index 7227f92782..a5b50dec45 100644 --- a/tests/suites/test_suite_pk.function +++ b/tests/suites/test_suite_pk.function @@ -29,13 +29,9 @@ static int pk_genkey_ec(mbedtls_pk_context *pk, mbedtls_ecp_group_id grp_id) { psa_status_t status; - mbedtls_ecp_keypair *eck = mbedtls_pk_ec_rw(*pk); psa_key_attributes_t key_attr = PSA_KEY_ATTRIBUTES_INIT; - mbedtls_svc_key_id_t key_id = MBEDTLS_SVC_KEY_ID_INIT; size_t curve_bits; psa_ecc_family_t curve = mbedtls_ecc_group_to_psa(grp_id, &curve_bits); - unsigned char key_buf[MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH]; - size_t key_len; int ret; if (curve == 0) { @@ -44,25 +40,21 @@ static int pk_genkey_ec(mbedtls_pk_context *pk, mbedtls_ecp_group_id grp_id) psa_set_key_type(&key_attr, PSA_KEY_TYPE_ECC_KEY_PAIR(curve)); psa_set_key_bits(&key_attr, curve_bits); - psa_set_key_usage_flags(&key_attr, PSA_KEY_USAGE_EXPORT); + psa_set_key_usage_flags(&key_attr, PSA_KEY_USAGE_EXPORT | + PSA_KEY_USAGE_SIGN_HASH | + PSA_KEY_USAGE_SIGN_MESSAGE); +#if defined(MBEDTLS_ECDSA_DETERMINISTIC) + psa_set_key_algorithm(&key_attr, PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_ANY_HASH)); +#else + psa_set_key_algorithm(&key_attr, PSA_ALG_ECDSA(PSA_ALG_ANY_HASH)); +#endif - status = psa_generate_key(&key_attr, &key_id); + status = psa_generate_key(&key_attr, &pk->priv_id); if (status != PSA_SUCCESS) { return MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE; } - status = psa_export_key(key_id, key_buf, sizeof(key_buf), &key_len); - if (status != PSA_SUCCESS) { - ret = MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE; - goto exit; - } - - ret = mbedtls_mpi_read_binary(&eck->d, key_buf, key_len); - if (ret != 0) { - goto exit; - } - - status = psa_export_public_key(key_id, pk->pub_raw, sizeof(pk->pub_raw), + status = psa_export_public_key(pk->priv_id, pk->pub_raw, sizeof(pk->pub_raw), &pk->pub_raw_len); if (status != PSA_SUCCESS) { ret = MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE; @@ -72,15 +64,10 @@ static int pk_genkey_ec(mbedtls_pk_context *pk, mbedtls_ecp_group_id grp_id) pk->ec_family = curve; pk->ec_bits = curve_bits; - status = psa_destroy_key(key_id); - if (status != PSA_SUCCESS) { - return psa_pk_status_to_mbedtls(status); - } - return 0; exit: - status = psa_destroy_key(key_id); + status = psa_destroy_key(pk->priv_id); return (ret != 0) ? ret : psa_pk_status_to_mbedtls(status); } #endif /* MBEDTLS_PK_USE_PSA_EC_DATA */ @@ -114,10 +101,16 @@ static int pk_genkey(mbedtls_pk_context *pk, int parameter) mbedtls_pk_get_type(pk) == MBEDTLS_PK_ECDSA) { int ret; +#if defined(MBEDTLS_ECP_C) ret = mbedtls_ecp_group_load(&mbedtls_pk_ec_rw(*pk)->grp, parameter); if (ret != 0) { return ret; } + return mbedtls_ecp_gen_keypair(&mbedtls_pk_ec_rw(*pk)->grp, + &mbedtls_pk_ec_rw(*pk)->d, + &mbedtls_pk_ec_rw(*pk)->Q, + mbedtls_test_rnd_std_rand, NULL); +#endif /* MBEDTLS_ECP_C */ #if defined(MBEDTLS_PK_USE_PSA_EC_DATA) mbedtls_ecp_group grp; @@ -136,12 +129,6 @@ static int pk_genkey(mbedtls_pk_context *pk, int parameter) return 0; #endif /* MBEDTLS_PK_USE_PSA_EC_DATA */ -#if defined(MBEDTLS_ECP_C) - return mbedtls_ecp_gen_keypair(&mbedtls_pk_ec_rw(*pk)->grp, - &mbedtls_pk_ec_rw(*pk)->d, - &mbedtls_pk_ec_rw(*pk)->Q, - mbedtls_test_rnd_std_rand, NULL); -#endif /* MBEDTLS_ECP_C */ } #endif /* MBEDTLS_ECP_LIGHT */ diff --git a/tests/suites/test_suite_pkparse.function b/tests/suites/test_suite_pkparse.function index a49b6d3195..6fa78c1498 100644 --- a/tests/suites/test_suite_pkparse.function +++ b/tests/suites/test_suite_pkparse.function @@ -117,10 +117,13 @@ void pk_parse_keyfile_ec(char *key_file, char *password, int result) TEST_ASSERT(res == result); if (res == 0) { - const mbedtls_ecp_keypair *eckey; TEST_ASSERT(mbedtls_pk_can_do(&ctx, MBEDTLS_PK_ECKEY)); - eckey = mbedtls_pk_ec_ro(ctx); +#if defined(MBEDTLS_ECP_C) + const mbedtls_ecp_keypair *eckey = mbedtls_pk_ec_ro(ctx); TEST_ASSERT(mbedtls_ecp_check_privkey(&eckey->grp, &eckey->d) == 0); +#else + /* PSA keys are already checked on import so nothing to do here. */ +#endif } exit: From ed25edb1a2fbdd7b38c306bb1e25ca199983f692 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Thu, 18 May 2023 19:04:36 +0200 Subject: [PATCH 116/328] test_suite_pkparse: fix failure When the key is imported into an ecp_keypair structure it is read by means of mbedtls_mpi_read_binary_le() and then checked with mbedtls_ecp_check_privkey() which returns error (as expected). When the key is imported in PSA then it is read using mbedtls_ecp_read_key() which fixes the errors in the test before importing. This cause the test itself to fail. As a consequence I set the dependency to ECP_C because it's the only case in which the key is imported in an ecp_keypair structure. Signed-off-by: Valerio Setti --- tests/suites/test_suite_pkparse.data | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/suites/test_suite_pkparse.data b/tests/suites/test_suite_pkparse.data index 02a6ae7507..978439ac33 100644 --- a/tests/suites/test_suite_pkparse.data +++ b/tests/suites/test_suite_pkparse.data @@ -1197,7 +1197,7 @@ depends_on:MBEDTLS_ECP_LIGHT pk_parse_key:"30070201010400a000":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT Key ASN1 (OneAsymmetricKey X25519, doesn't match masking requirements, from RFC8410 Appendix A but made into version 0) -depends_on:MBEDTLS_ECP_LIGHT +depends_on:MBEDTLS_ECP_C pk_parse_key:"302e020100300506032b656e04220420f8ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff3f":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT Key ASN1 (OneAsymmetricKey X25519, with invalid optional AlgorithIdentifier parameters) From 9efa8c4d14206ec19072f5113fc624ee4a501655 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Fri, 19 May 2023 13:27:30 +0200 Subject: [PATCH 117/328] pk: fix eckey_check_pair_psa The problem was that the private key ID was destroyed even when MBEDTLS_PK_USE_PSA_EC_DATA was enabled and of course this was not correct. At the same time the code has been slighlty reorganized to make it more readable. Signed-off-by: Valerio Setti --- library/pk_wrap.c | 20 +++++++++++++------- 1 file changed, 13 insertions(+), 7 deletions(-) diff --git a/library/pk_wrap.c b/library/pk_wrap.c index f3a44aedfb..92937c8f3b 100644 --- a/library/pk_wrap.c +++ b/library/pk_wrap.c @@ -1136,13 +1136,25 @@ cleanup: */ static int eckey_check_pair_psa(mbedtls_pk_context *pub, mbedtls_pk_context *prv) { - psa_status_t status, destruction_status; + psa_status_t status; int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; uint8_t prv_key_buf[MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH]; size_t prv_key_len; #if defined(MBEDTLS_PK_USE_PSA_EC_DATA) mbedtls_svc_key_id_t key_id = prv->priv_id; + + status = psa_export_public_key(key_id, prv_key_buf, sizeof(prv_key_buf), + &prv_key_len); + ret = PSA_PK_TO_MBEDTLS_ERR(status); + if (ret != 0) { + return ret; + } + + if (memcmp(prv_key_buf, pub->pub_raw, pub->pub_raw_len) != 0) { + return MBEDTLS_ERR_PK_BAD_INPUT_DATA; + } #else /* !MBEDTLS_PK_USE_PSA_EC_DATA */ + psa_status_t destruction_status; mbedtls_svc_key_id_t key_id = MBEDTLS_SVC_KEY_ID_INIT; psa_key_attributes_t key_attr = PSA_KEY_ATTRIBUTES_INIT; uint8_t pub_key_buf[MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH]; @@ -1172,7 +1184,6 @@ static int eckey_check_pair_psa(mbedtls_pk_context *pub, mbedtls_pk_context *prv } mbedtls_platform_zeroize(prv_key_buf, sizeof(prv_key_buf)); -#endif /* !MBEDTLS_PK_USE_PSA_EC_DATA */ status = psa_export_public_key(key_id, prv_key_buf, sizeof(prv_key_buf), &prv_key_len); @@ -1184,11 +1195,6 @@ static int eckey_check_pair_psa(mbedtls_pk_context *pub, mbedtls_pk_context *prv return PSA_PK_TO_MBEDTLS_ERR(destruction_status); } -#if defined(MBEDTLS_PK_USE_PSA_EC_DATA) - if (memcmp(prv_key_buf, pub->pub_raw, pub->pub_raw_len) != 0) { - return MBEDTLS_ERR_PK_BAD_INPUT_DATA; - } -#else ret = mbedtls_ecp_point_write_binary(&mbedtls_pk_ec_rw(*pub)->grp, &mbedtls_pk_ec_rw(*pub)->Q, MBEDTLS_ECP_PF_UNCOMPRESSED, From e50a75f6ff10904a45c7fc7078a5eb34fed659a3 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Fri, 19 May 2023 17:43:06 +0200 Subject: [PATCH 118/328] test: add exception in analyze_outcomes.py and fix test for montgomery curves The exception in analyze_outcomes.py follows previous commit in which a test in test_suite_pkparse was set with the ECP_C guard for a different parsing of the private key between the legacy and PSA implementations. The wrong guard in test_suite_ecp.function instead was erroneously added in a past commit and it was setting a non-existing symbol of mbedTLS so those tests were basically never executed. Signed-off-by: Valerio Setti --- tests/scripts/analyze_outcomes.py | 16 +++++++++++++++- tests/suites/test_suite_ecp.function | 2 +- 2 files changed, 16 insertions(+), 2 deletions(-) diff --git a/tests/scripts/analyze_outcomes.py b/tests/scripts/analyze_outcomes.py index 293459b11f..0238555367 100755 --- a/tests/scripts/analyze_outcomes.py +++ b/tests/scripts/analyze_outcomes.py @@ -247,7 +247,21 @@ TASKS = { 'ECP test vectors secp256r1 rfc 5114', 'ECP test vectors secp384r1 rfc 5114', 'ECP test vectors secp521r1 rfc 5114', - ] + ], + 'test_suite_pkparse': [ + # This is a known difference for Montgomery curves: in + # reference component private keys are parsed using + # mbedtls_mpi_read_binary_le(), while in driver version they + # they are imported in PSA and there the parsing is done + # through mbedtls_ecp_read_key(). Unfortunately the latter + # fixes the errors which are intentionally set on the parsed + # key and therefore the following test case is not failing + # as expected. + # This cause the following test to be guarded by ECP_C and + # not being executed on the driver version. + ('Key ASN1 (OneAsymmetricKey X25519, doesn\'t match masking ' + 'requirements, from RFC8410 Appendix A but made into version 0)'), + ], } } }, diff --git a/tests/suites/test_suite_ecp.function b/tests/suites/test_suite_ecp.function index 250efcc673..f67c5ae9df 100644 --- a/tests/suites/test_suite_ecp.function +++ b/tests/suites/test_suite_ecp.function @@ -1086,7 +1086,7 @@ exit: } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_TEST_HOOKS:MBEDTLS_ECP_MONTGOMERY_ENABLED:MBBEDTLS_ECP_C */ +/* BEGIN_CASE depends_on:MBEDTLS_TEST_HOOKS:MBEDTLS_ECP_MONTGOMERY_ENABLED:MBEDTLS_ECP_LIGHT */ void genkey_mx_known_answer(int bits, data_t *seed, data_t *expected) { mbedtls_test_rnd_buf_info rnd_info; From ec00b500b52a4a8cbe398a76efa20bcbdad6ffea Mon Sep 17 00:00:00 2001 From: Minos Galanakis Date: Tue, 23 May 2023 17:31:01 +0100 Subject: [PATCH 119/328] ecp_curves: Adjusted input checking for `ecp_mod_p255`. Signed-off-by: Minos Galanakis --- library/ecp_curves.c | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/library/ecp_curves.c b/library/ecp_curves.c index c9868f39d2..6192f6a645 100644 --- a/library/ecp_curves.c +++ b/library/ecp_curves.c @@ -5432,9 +5432,7 @@ MBEDTLS_STATIC_TESTABLE int mbedtls_ecp_mod_p255_raw(mbedtls_mpi_uint *X, size_t X_Limbs) { - if (X_Limbs > 2*P255_WIDTH) { - X_Limbs = 2*P255_WIDTH; - } else if (X_Limbs < P255_WIDTH) { + if (X_Limbs != 2 * P255_WIDTH) { return MBEDTLS_ERR_ECP_BAD_INPUT_DATA; } From 7ef8a8d0dac58f6a5df44dfa2e71e085177c471a Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Tue, 23 May 2023 18:39:54 +0200 Subject: [PATCH 120/328] pk: improve description for the new priv_id field Signed-off-by: Valerio Setti --- include/mbedtls/pk.h | 26 +++++++++++++++++++------- 1 file changed, 19 insertions(+), 7 deletions(-) diff --git a/include/mbedtls/pk.h b/include/mbedtls/pk.h index ffd1b73b23..ec99c8413a 100644 --- a/include/mbedtls/pk.h +++ b/include/mbedtls/pk.h @@ -262,11 +262,24 @@ typedef struct mbedtls_pk_info_t mbedtls_pk_info_t; typedef struct mbedtls_pk_context { const mbedtls_pk_info_t *MBEDTLS_PRIVATE(pk_info); /**< Public key information */ void *MBEDTLS_PRIVATE(pk_ctx); /**< Underlying public key context */ - /* When MBEDTLS_PSA_CRYPTO_C is enabled then the following priv_id field is - * used to store the ID of the opaque key. - * This priv_id is guarded by MBEDTLS_PSA_CRYPTO_C and not by - * MBEDTLS_USE_PSA_CRYPTO because it can be used also in mbedtls_pk_sign_ext - * for RSA keys. */ + /* The following field is used to store the ID of a private key in the + * following cases: + * - opaque key when MBEDTLS_PSA_CRYPTO_C is defined + * - normal key when MBEDTLS_PK_USE_PSA_EC_DATA is defined. In this case: + * - the pk_ctx above is not not used to store the private key anymore. + * Actually that field not populated at all in this case because also + * the public key will be stored in raw format as explained below + * - this ID is used for all private key operations (ex: sign, check + * key pair, key write, etc) using PSA functions + * + * Note: this private key storing solution only affects EC keys, not the + * other ones. The latters still use the pk_ctx to store their own + * context. + * + * Note: this priv_id is guarded by MBEDTLS_PSA_CRYPTO_C and not by + * MBEDTLS_PK_USE_PSA_EC_DATA (as the public counterpart below) because, + * when working with opaque keys, it can be used also in + * mbedtls_pk_sign_ext for RSA keys. */ #if defined(MBEDTLS_PSA_CRYPTO_C) mbedtls_svc_key_id_t MBEDTLS_PRIVATE(priv_id); /**< Key ID for opaque keys */ #endif /* MBEDTLS_PSA_CRYPTO_C */ @@ -277,8 +290,7 @@ typedef struct mbedtls_pk_context { * * When MBEDTLS_PK_USE_PSA_EC_DATA is enabled: * - the pk_ctx above is not used anymore for storing the public key - * inside the ecp_keypair structure (only the private part, but also this - * one is going to change in the future) + * inside the ecp_keypair structure * - the following fields are used for all public key operations: signature * verify, key pair check and key write. * Of course, when MBEDTLS_PK_USE_PSA_EC_DATA is not enabled, the legacy From 52fe517a77090aa3cf361285eb30053c0664871d Mon Sep 17 00:00:00 2001 From: Kusumit Ghoderao Date: Wed, 24 May 2023 12:28:46 +0530 Subject: [PATCH 121/328] Change pbkdf2 password to array Signed-off-by: Kusumit Ghoderao --- include/psa/crypto_builtin_key_derivation.h | 2 +- library/psa_crypto.c | 5 ----- 2 files changed, 1 insertion(+), 6 deletions(-) diff --git a/include/psa/crypto_builtin_key_derivation.h b/include/psa/crypto_builtin_key_derivation.h index 5d01f6c583..245f26a15f 100644 --- a/include/psa/crypto_builtin_key_derivation.h +++ b/include/psa/crypto_builtin_key_derivation.h @@ -119,7 +119,7 @@ typedef struct { size_t MBEDTLS_PRIVATE(input_cost); uint8_t *MBEDTLS_PRIVATE(salt); size_t MBEDTLS_PRIVATE(salt_length); - uint8_t *MBEDTLS_PRIVATE(password); + uint8_t MBEDTLS_PRIVATE(password)[PSA_HMAC_MAX_HASH_BLOCK_SIZE]; size_t MBEDTLS_PRIVATE(password_length); } psa_pbkdf2_key_derivation_t; #endif /* MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_HMAC */ diff --git a/library/psa_crypto.c b/library/psa_crypto.c index af4ab65159..4615920055 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -5101,11 +5101,6 @@ psa_status_t psa_key_derivation_abort(psa_key_derivation_operation_t *operation) operation->ctx.pbkdf2.salt_length); mbedtls_free(operation->ctx.pbkdf2.salt); } - if (operation->ctx.pbkdf2.password != NULL) { - mbedtls_platform_zeroize(operation->ctx.pbkdf2.password, - operation->ctx.pbkdf2.password_length); - mbedtls_free(operation->ctx.pbkdf2.password); - } status = PSA_SUCCESS; } else From e66a8ad8d6b502a74a3c97dbf41ec76a62574506 Mon Sep 17 00:00:00 2001 From: Kusumit Ghoderao Date: Wed, 24 May 2023 12:30:43 +0530 Subject: [PATCH 122/328] Define PSA_VENDOR_PBKDF2_MAX_ITERATIONS Signed-off-by: Kusumit Ghoderao --- include/psa/crypto_sizes.h | 4 ++++ library/psa_crypto.c | 3 ++- 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/include/psa/crypto_sizes.h b/include/psa/crypto_sizes.h index 37f72054f7..6b8ccbb9a4 100644 --- a/include/psa/crypto_sizes.h +++ b/include/psa/crypto_sizes.h @@ -253,6 +253,10 @@ * curve. */ #define PSA_TLS12_ECJPAKE_TO_PMS_DATA_SIZE 32 +/* The maximum number of iterations for PBKDF2 on this implementation, in bits. + * This is a vendor-specific macro. This can be configured if necessary */ +#define PSA_VENDOR_PBKDF2_MAX_ITERATIONS 0xffffffff + /** The maximum size of a block cipher. */ #define PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE 16 diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 4615920055..a8ccde56f2 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -6419,13 +6419,14 @@ static psa_status_t psa_pbkdf2_set_input_cost( return PSA_ERROR_BAD_STATE; } - if (data > 0xFFFFFFFF) { + if (data > PSA_VENDOR_PBKDF2_MAX_ITERATIONS) { return PSA_ERROR_NOT_SUPPORTED; } if (data == 0) { return PSA_ERROR_INVALID_ARGUMENT; } + pbkdf2->input_cost = data; pbkdf2->state = PSA_PBKDF2_STATE_INPUT_COST_SET; From b538bb7a028e6a340cd2d240868513719013e004 Mon Sep 17 00:00:00 2001 From: Kusumit Ghoderao Date: Wed, 24 May 2023 12:32:14 +0530 Subject: [PATCH 123/328] Restructure pbkdf2_set_salt function Signed-off-by: Kusumit Ghoderao --- library/psa_crypto.c | 11 ++++------- 1 file changed, 4 insertions(+), 7 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index a8ccde56f2..77c51847f8 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -6437,9 +6437,6 @@ static psa_status_t psa_pbkdf2_set_salt(psa_pbkdf2_key_derivation_t *pbkdf2, const uint8_t *data, size_t data_length) { - uint8_t *prev_salt; - size_t prev_salt_length; - if (pbkdf2->state != PSA_PBKDF2_STATE_INPUT_COST_SET && pbkdf2->state != PSA_PBKDF2_STATE_SALT_SET) { return PSA_ERROR_BAD_STATE; @@ -6454,16 +6451,16 @@ static psa_status_t psa_pbkdf2_set_salt(psa_pbkdf2_key_derivation_t *pbkdf2, memcpy(pbkdf2->salt, data, data_length); pbkdf2->salt_length = data_length; } else if (pbkdf2->state == PSA_PBKDF2_STATE_SALT_SET) { - prev_salt = pbkdf2->salt; - prev_salt_length = pbkdf2->salt_length; + uint8_t *prev_salt = pbkdf2->salt; + size_t prev_salt_length = pbkdf2->salt_length; + pbkdf2->salt = mbedtls_calloc(1, data_length + prev_salt_length); if (pbkdf2->salt == NULL) { return PSA_ERROR_INSUFFICIENT_MEMORY; } memcpy(pbkdf2->salt, prev_salt, prev_salt_length); - memcpy(pbkdf2->salt + prev_salt_length, data, - data_length); + memcpy(pbkdf2->salt + prev_salt_length, data, data_length); pbkdf2->salt_length += data_length; mbedtls_free(prev_salt); } From 10cc6bda1cdb5878ff230c9c60988a77ce45f706 Mon Sep 17 00:00:00 2001 From: Kusumit Ghoderao Date: Wed, 24 May 2023 12:35:14 +0530 Subject: [PATCH 124/328] Add PSA_ALG_PBKDF2_HMAC_GET_HASH macro Signed-off-by: Kusumit Ghoderao --- include/psa/crypto_values.h | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/include/psa/crypto_values.h b/include/psa/crypto_values.h index 39acd96c52..580e3ae80d 100644 --- a/include/psa/crypto_values.h +++ b/include/psa/crypto_values.h @@ -2102,7 +2102,8 @@ */ #define PSA_ALG_IS_PBKDF2_HMAC(alg) \ (((alg) & ~PSA_ALG_HASH_MASK) == PSA_ALG_PBKDF2_HMAC_BASE) - +#define PSA_ALG_PBKDF2_HMAC_GET_HASH(pbkdf2_alg) \ + (PSA_ALG_CATEGORY_HASH | ((pbkdf2_alg) & PSA_ALG_HASH_MASK)) /** The PBKDF2-AES-CMAC-PRF-128 password hashing / key stretching algorithm. * * PBKDF2 is defined by PKCS#5, republished as RFC 8018 (section 5.2). From bd6cefb3daf459019c6dab53a02828e35150b4ff Mon Sep 17 00:00:00 2001 From: Kusumit Ghoderao Date: Wed, 24 May 2023 12:36:34 +0530 Subject: [PATCH 125/328] Add HMAC specific function for setting password Signed-off-by: Kusumit Ghoderao --- library/psa_crypto.c | 39 +++++++++++++++++++++++++++++---------- 1 file changed, 29 insertions(+), 10 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 77c51847f8..02ca4d735f 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -6470,30 +6470,49 @@ static psa_status_t psa_pbkdf2_set_salt(psa_pbkdf2_key_derivation_t *pbkdf2, return PSA_SUCCESS; } +static psa_status_t psa_pbkdf2_hmac_set_password(psa_algorithm_t hash_alg, + const uint8_t *input, + size_t input_len, + uint8_t *output, + size_t output_len) +{ + psa_status_t status = PSA_SUCCESS; + if (input_len > PSA_HASH_BLOCK_LENGTH(hash_alg)) { + status = psa_hash_compute(hash_alg, input, input_len, output, + PSA_HMAC_MAX_HASH_BLOCK_SIZE, &output_len); + } else { + memcpy(output, input, input_len); + output_len = PSA_HASH_BLOCK_LENGTH(hash_alg); + } + return status; +} + static psa_status_t psa_pbkdf2_set_password(psa_pbkdf2_key_derivation_t *pbkdf2, + psa_algorithm_t kdf_alg, const uint8_t *data, size_t data_length) { + psa_status_t status; if (pbkdf2->state != PSA_PBKDF2_STATE_SALT_SET) { return PSA_ERROR_BAD_STATE; } if (data_length != 0) { - pbkdf2->password = mbedtls_calloc(1, data_length); - if (pbkdf2->password == NULL) { - return PSA_ERROR_INSUFFICIENT_MEMORY; + if (PSA_ALG_IS_PBKDF2_HMAC(kdf_alg)) { + psa_algorithm_t hash_alg = PSA_ALG_PBKDF2_HMAC_GET_HASH(kdf_alg); + status = psa_pbkdf2_hmac_set_password(hash_alg, data, data_length, + pbkdf2->password, + pbkdf2->password_length); } - - memcpy(pbkdf2->password, data, data_length); - pbkdf2->password_length = data_length; } pbkdf2->state = PSA_PBKDF2_STATE_PASSWORD_SET; - return PSA_SUCCESS; + return status; } static psa_status_t psa_pbkdf2_input(psa_pbkdf2_key_derivation_t *pbkdf2, + psa_algorithm_t kdf_alg, psa_key_derivation_step_t step, const uint8_t *data, size_t data_length) @@ -6502,7 +6521,7 @@ static psa_status_t psa_pbkdf2_input(psa_pbkdf2_key_derivation_t *pbkdf2, case PSA_KEY_DERIVATION_INPUT_SALT: return psa_pbkdf2_set_salt(pbkdf2, data, data_length); case PSA_KEY_DERIVATION_INPUT_PASSWORD: - return psa_pbkdf2_set_password(pbkdf2, data, data_length); + return psa_pbkdf2_set_password(pbkdf2, kdf_alg, data, data_length); default: return PSA_ERROR_INVALID_ARGUMENT; } @@ -6606,8 +6625,8 @@ static psa_status_t psa_key_derivation_input_internal( #endif /* MBEDTLS_PSA_BUILTIN_ALG_TLS12_ECJPAKE_TO_PMS */ #if defined(MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_HMAC) if (PSA_ALG_IS_PBKDF2_HMAC(kdf_alg)) { - status = psa_pbkdf2_input( - &operation->ctx.pbkdf2, step, data, data_length); + status = psa_pbkdf2_input(&operation->ctx.pbkdf2, kdf_alg, + step, data, data_length); } else #endif /* MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_HMAC */ { From 0202ccc9cc036c711bf630dc9760e0acee2480ad Mon Sep 17 00:00:00 2001 From: Kusumit Ghoderao Date: Wed, 24 May 2023 12:38:40 +0530 Subject: [PATCH 126/328] Add tests with direct and key output Signed-off-by: Kusumit Ghoderao --- tests/suites/test_suite_psa_crypto.data | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data index d1972995ed..351d0cedae 100644 --- a/tests/suites/test_suite_psa_crypto.data +++ b/tests/suites/test_suite_psa_crypto.data @@ -5309,7 +5309,15 @@ derive_input:PSA_ALG_TLS12_ECJPAKE_TO_PMS:PSA_KEY_DERIVATION_INPUT_SECRET:PSA_KE PSA key derivation: PBKDF2-HMAC-SHA256, good case, direct output depends_on:PSA_WANT_ALG_PBKDF2_HMAC:PSA_WANT_ALG_SHA_256 -derive_input:PSA_ALG_PBKDF2_HMAC(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_COST:INPUT_INTEGER:"01":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SALT:PSA_KEY_TYPE_NONE:"73616c74":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_PASSWORD:PSA_KEY_TYPE_PASSWORD:"706173737764":PSA_SUCCESS:PSA_KEY_TYPE_NONE:PSA_ERROR_NOT_SUPPORTED +derive_input:PSA_ALG_PBKDF2_HMAC(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_COST:INPUT_INTEGER:"01":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SALT:PSA_KEY_TYPE_NONE:"":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_PASSWORD:PSA_KEY_TYPE_PASSWORD:"706173737764":PSA_SUCCESS:PSA_KEY_TYPE_NONE:PSA_ERROR_NOT_SUPPORTED + +PSA key derivation: PBKDF2-HMAC-SHA256, good case, key output +depends_on:PSA_WANT_ALG_PBKDF2_HMAC:PSA_WANT_ALG_SHA_256 +derive_input:PSA_ALG_PBKDF2_HMAC(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_COST:INPUT_INTEGER:"01":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SALT:PSA_KEY_TYPE_NONE:"":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_PASSWORD:PSA_KEY_TYPE_PASSWORD:"706173737764":PSA_SUCCESS:PSA_KEY_TYPE_DERIVE:PSA_ERROR_NOT_SUPPORTED + +PSA key derivation: PBKDF2-HMAC-SHA256, good case, DERIVE key as password, key output +depends_on:PSA_WANT_ALG_PBKDF2_HMAC:PSA_WANT_ALG_SHA_256 +derive_input:PSA_ALG_PBKDF2_HMAC(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_COST:INPUT_INTEGER:"01":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SALT:PSA_KEY_TYPE_NONE:"":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_PASSWORD:PSA_KEY_TYPE_DERIVE:"706173737764":PSA_SUCCESS:PSA_KEY_TYPE_DERIVE:PSA_ERROR_NOT_SUPPORTED PSA key derivation: PBKDF2-HMAC-SHA256, salt missing depends_on:PSA_WANT_ALG_PBKDF2_HMAC:PSA_WANT_ALG_SHA_256 From aac9a581f80f6db7c5bce36bc2dba67f21133aa9 Mon Sep 17 00:00:00 2001 From: Kusumit Ghoderao Date: Wed, 24 May 2023 14:19:17 +0530 Subject: [PATCH 127/328] Fix code style and initialize status Signed-off-by: Kusumit Ghoderao --- library/psa_crypto.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 02ca4d735f..4cce837c52 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -6471,10 +6471,10 @@ static psa_status_t psa_pbkdf2_set_salt(psa_pbkdf2_key_derivation_t *pbkdf2, } static psa_status_t psa_pbkdf2_hmac_set_password(psa_algorithm_t hash_alg, - const uint8_t *input, - size_t input_len, - uint8_t *output, - size_t output_len) + const uint8_t *input, + size_t input_len, + uint8_t *output, + size_t output_len) { psa_status_t status = PSA_SUCCESS; if (input_len > PSA_HASH_BLOCK_LENGTH(hash_alg)) { @@ -6492,7 +6492,7 @@ static psa_status_t psa_pbkdf2_set_password(psa_pbkdf2_key_derivation_t *pbkdf2, const uint8_t *data, size_t data_length) { - psa_status_t status; + psa_status_t status = PSA_SUCCESS; if (pbkdf2->state != PSA_PBKDF2_STATE_SALT_SET) { return PSA_ERROR_BAD_STATE; } From 4489c8dcefb764ecee779d838fc4eb9850a7a5fb Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Wed, 24 May 2023 12:06:48 +0100 Subject: [PATCH 128/328] Disable bignum assembly for certain Arm M-class CPUs Signed-off-by: Dave Rodgman --- library/bn_mul.h | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/library/bn_mul.h b/library/bn_mul.h index ab59fbd64f..c5124702bd 100644 --- a/library/bn_mul.h +++ b/library/bn_mul.h @@ -673,6 +673,22 @@ #define MULADDC_CANNOT_USE_R7 #endif +/* + * Similarly, we need to disable the assembly below if: + * - compiler is armclang + * - optimisation is not -O0 + * - target is Thumb + * - target cpu is one of cortex-m0, cortex-m0plus, cortex-m1, cortex-m23, sc000 + * + * Checking for __ARM_ARCH_6M__ or __ARM_ARCH_8M_BASE__ seems to identify exactly these + * cpus and no others (tested against all values for -mcpu known to armclang 6.20). + */ +#if defined(__ARMCC_VERSION) && defined(__OPTIMIZE__) && defined(__thumb__) +#if defined(__ARM_ARCH_8M_BASE__) || defined(__ARM_ARCH_6M__) +#define MULADDC_CANNOT_USE_R7 +#endif +#endif + #if defined(__arm__) && !defined(MULADDC_CANNOT_USE_R7) #if defined(__thumb__) && !defined(__thumb2__) From a55e12c525d868c887590f9ca12cef67da60a497 Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Wed, 24 May 2023 12:14:13 +0100 Subject: [PATCH 129/328] Add Changelog Signed-off-by: Dave Rodgman --- ChangeLog.d/armclang-compile-fix.txt | 3 +++ 1 file changed, 3 insertions(+) create mode 100644 ChangeLog.d/armclang-compile-fix.txt diff --git a/ChangeLog.d/armclang-compile-fix.txt b/ChangeLog.d/armclang-compile-fix.txt new file mode 100644 index 0000000000..428de020f9 --- /dev/null +++ b/ChangeLog.d/armclang-compile-fix.txt @@ -0,0 +1,3 @@ +Bugfix + * Fix armclang compilation error when targetting certain Arm M-class CPUs (Cortex-M0, + Cortex-M0+, Cortex-M1, Cortex-M23, SecurCore SC000). Fixes #1077. From 99318e6138c257e6741343d6efda2ffd5ed08efe Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Wed, 24 May 2023 12:27:42 +0100 Subject: [PATCH 130/328] Add build test for armclang / Cortex-M0 / -Os Signed-off-by: Dave Rodgman --- tests/scripts/all.sh | 3 +++ 1 file changed, 3 insertions(+) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 78666b41f2..f34d0eb86b 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -3894,6 +3894,9 @@ component_build_armcc () { # ARM Compiler 6 - Target ARMv8.2-A - AArch64 armc6_build_test "-O1 --target=aarch64-arm-none-eabi -march=armv8.2-a+crypto" + + # ARM Compiler 6 - Target Cortex-M0 + armc6_build_test "-Os --target=arm-arm-none-eabi -mcpu=cortex-m0" } support_build_armcc () { armc5_cc="$ARMC5_BIN_DIR/armcc" From 51aa52eba4d9b53ddcc1f39d297d0d78b8ef61a4 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Wed, 24 May 2023 12:37:50 +0200 Subject: [PATCH 131/328] pk: fix key properties when importing private key Signed-off-by: Valerio Setti --- library/pkparse.c | 16 +++++----------- 1 file changed, 5 insertions(+), 11 deletions(-) diff --git a/library/pkparse.c b/library/pkparse.c index 18b40ceb84..e70953e9af 100644 --- a/library/pkparse.c +++ b/library/pkparse.c @@ -642,16 +642,9 @@ static int pk_parse_key_rfc8410_der(mbedtls_pk_context *pk, psa_status_t status; psa_set_key_type(&attributes, PSA_KEY_TYPE_ECC_KEY_PAIR(pk->ec_family)); - /* Setting largest masks for usage and key algorithms */ - psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_SIGN_HASH | - PSA_KEY_USAGE_SIGN_MESSAGE | - PSA_KEY_USAGE_EXPORT); -#if defined(MBEDTLS_ECDSA_DETERMINISTIC) - psa_set_key_algorithm(&attributes, - PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_ANY_HASH)); -#else - psa_set_key_algorithm(&attributes, PSA_ALG_ECDSA(PSA_ALG_ANY_HASH)); -#endif + psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_EXPORT | + PSA_KEY_USAGE_DERIVE); + psa_set_key_algorithm(&attributes, PSA_ALG_ECDH); status = psa_import_key(&attributes, key, len, &pk->priv_id); if (status != PSA_SUCCESS) { @@ -1304,13 +1297,14 @@ static int pk_parse_key_sec1_der(mbedtls_pk_context *pk, /* Setting largest masks for usage and key algorithms */ psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | - PSA_KEY_USAGE_EXPORT); + PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_DERIVE); #if defined(MBEDTLS_ECDSA_DETERMINISTIC) psa_set_key_algorithm(&attributes, PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_ANY_HASH)); #else psa_set_key_algorithm(&attributes, PSA_ALG_ECDSA(PSA_ALG_ANY_HASH)); #endif + psa_set_key_enrollment_algorithm(&attributes, PSA_ALG_ECDH); status = psa_import_key(&attributes, priv_key_raw, priv_key_len, &pk->priv_id); From 1194ffa82fc1a541e6fbb39e9d19b86238c7ab89 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Wed, 24 May 2023 13:15:58 +0200 Subject: [PATCH 132/328] pk: minor code fixes/enhancements Signed-off-by: Valerio Setti --- library/pk.c | 3 ++- library/pkwrite.c | 7 +++---- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/library/pk.c b/library/pk.c index cccadb1f92..8e42b8d4c7 100644 --- a/library/pk.c +++ b/library/pk.c @@ -912,7 +912,6 @@ int mbedtls_pk_wrap_as_opaque(mbedtls_pk_context *pk, #else /* !MBEDTLS_ECP_LIGHT && !MBEDTLS_RSA_C */ #if defined(MBEDTLS_ECP_LIGHT) if (mbedtls_pk_get_type(pk) == MBEDTLS_PK_ECKEY) { - unsigned char d[MBEDTLS_ECP_MAX_BYTES]; size_t d_len; psa_ecc_family_t curve_id; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; @@ -922,6 +921,7 @@ int mbedtls_pk_wrap_as_opaque(mbedtls_pk_context *pk, /* export the private key material in the format PSA wants */ #if defined(MBEDTLS_PK_USE_PSA_EC_DATA) + unsigned char d[MBEDTLS_PSA_MAX_EC_KEY_PAIR_LENGTH]; status = psa_export_key(pk->priv_id, d, sizeof(d), &d_len); if (status != PSA_SUCCESS) { return psa_pk_status_to_mbedtls(status); @@ -930,6 +930,7 @@ int mbedtls_pk_wrap_as_opaque(mbedtls_pk_context *pk, curve_id = pk->ec_family; bits = pk->ec_bits; #else /* MBEDTLS_PK_USE_PSA_EC_DATA */ + unsigned char d[MBEDTLS_ECP_MAX_BYTES]; mbedtls_ecp_keypair *ec = mbedtls_pk_ec_rw(*pk); int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; diff --git a/library/pkwrite.c b/library/pkwrite.c index c8a96d9eaa..8df63946ce 100644 --- a/library/pkwrite.c +++ b/library/pkwrite.c @@ -395,22 +395,21 @@ static int pk_write_ec_rfc8410_der(unsigned char **p, unsigned char *buf, size_t len = 0; size_t oid_len = 0; const char *oid; + mbedtls_ecp_group_id grp_id; /* privateKey */ MBEDTLS_ASN1_CHK_ADD(len, pk_write_ec_private(p, buf, pk)); MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(p, buf, len)); MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(p, buf, MBEDTLS_ASN1_OCTET_STRING)); + grp_id = mbedtls_pk_get_group_id(pk); /* privateKeyAlgorithm */ #if defined(MBEDTLS_PK_USE_PSA_EC_DATA) - mbedtls_ecp_group_id grp_id = mbedtls_ecc_group_of_psa(pk->ec_family, - pk->ec_bits, 0); if ((ret = mbedtls_oid_get_oid_by_ec_grp_algid(grp_id, &oid, &oid_len)) != 0) { return ret; } #else /* MBEDTLS_PK_USE_PSA_EC_DATA */ - mbedtls_ecp_keypair *ec = mbedtls_pk_ec_rw(*pk); - if ((ret = mbedtls_oid_get_oid_by_ec_grp_algid(ec->grp.id, &oid, &oid_len)) != 0) { + if ((ret = mbedtls_oid_get_oid_by_ec_grp_algid(grp_id, &oid, &oid_len)) != 0) { return ret; } #endif /* MBEDTLS_PK_USE_PSA_EC_DATA */ From a1f51c213cc612b1bd587a4a0c145b22e197cba8 Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Wed, 24 May 2023 13:02:18 +0100 Subject: [PATCH 133/328] Fix Changelog formatting Signed-off-by: Dave Rodgman --- ChangeLog.d/armclang-compile-fix.txt | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/ChangeLog.d/armclang-compile-fix.txt b/ChangeLog.d/armclang-compile-fix.txt index 428de020f9..b1f070d433 100644 --- a/ChangeLog.d/armclang-compile-fix.txt +++ b/ChangeLog.d/armclang-compile-fix.txt @@ -1,3 +1,4 @@ Bugfix - * Fix armclang compilation error when targetting certain Arm M-class CPUs (Cortex-M0, - Cortex-M0+, Cortex-M1, Cortex-M23, SecurCore SC000). Fixes #1077. + * Fix armclang compilation error when targetting certain Arm M-class CPUs + (Cortex-M0, Cortex-M0+, Cortex-M1, Cortex-M23, SecurCore SC000). + Fixes #1077. From d0405093d93959dcc0167fd9990a1180d51e3326 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Wed, 24 May 2023 13:16:40 +0200 Subject: [PATCH 134/328] tls: use pk_get_group_id() instead of directly accessing PK's structure Signed-off-by: Valerio Setti --- library/ssl_tls.c | 12 +++--------- library/ssl_tls12_server.c | 16 ++++++---------- 2 files changed, 9 insertions(+), 19 deletions(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 2babb04a4a..036b5a720b 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -7388,17 +7388,11 @@ static int ssl_parse_certificate_verify(mbedtls_ssl_context *ssl, /* and in the unlikely case the above assumption no longer holds * we are making sure that pk_ec() here does not return a NULL */ - mbedtls_ecp_group_id grp_id; -#if defined(MBEDTLS_PK_USE_PSA_EC_DATA) - grp_id = mbedtls_ecc_group_of_psa(pk->ec_family, pk->ec_bits, 0); -#else /* MBEDTLS_PK_USE_PSA_EC_DATA */ - const mbedtls_ecp_keypair *ec = mbedtls_pk_ec_ro(*pk); - if (ec == NULL) { - MBEDTLS_SSL_DEBUG_MSG(1, ("mbedtls_pk_ec_ro() returned NULL")); + mbedtls_ecp_group_id grp_id = mbedtls_pk_get_group_id(pk); + if (grp_id == MBEDTLS_ECP_DP_NONE) { + MBEDTLS_SSL_DEBUG_MSG(1, ("invalid group ID")); return MBEDTLS_ERR_SSL_INTERNAL_ERROR; } - grp_id = ec->grp.id; -#endif /* MBEDTLS_PK_USE_PSA_EC_DATA */ if (mbedtls_ssl_check_curve(ssl, grp_id) != 0) { ssl->session_negotiate->verify_result |= MBEDTLS_X509_BADCERT_BAD_KEY; diff --git a/library/ssl_tls12_server.c b/library/ssl_tls12_server.c index a442b3714b..b0a4fdf474 100644 --- a/library/ssl_tls12_server.c +++ b/library/ssl_tls12_server.c @@ -2601,9 +2601,6 @@ static int ssl_get_ecdh_params_from_cert(mbedtls_ssl_context *ssl) size_t key_len; mbedtls_pk_context *pk; mbedtls_ecp_group_id grp_id; -#if !defined(MBEDTLS_PK_USE_PSA_EC_DATA) - mbedtls_ecp_keypair *key; -#endif /* !MBEDTLS_PK_USE_PSA_EC_DATA */ pk = mbedtls_ssl_own_key(ssl); @@ -2611,6 +2608,10 @@ static int ssl_get_ecdh_params_from_cert(mbedtls_ssl_context *ssl) return MBEDTLS_ERR_ECP_BAD_INPUT_DATA; } +#if !defined(MBEDTLS_PK_USE_PSA_EC_DATA) + mbedtls_ecp_keypair *key = mbedtls_pk_ec_rw(*pk); +#endif /* !MBEDTLS_PK_USE_PSA_EC_DATA */ + switch (mbedtls_pk_get_type(pk)) { case MBEDTLS_PK_OPAQUE: if (!mbedtls_pk_can_do(pk, MBEDTLS_PK_ECKEY)) { @@ -2639,15 +2640,10 @@ static int ssl_get_ecdh_params_from_cert(mbedtls_ssl_context *ssl) case MBEDTLS_PK_ECKEY: case MBEDTLS_PK_ECKEY_DH: case MBEDTLS_PK_ECDSA: -#if defined(MBEDTLS_PK_USE_PSA_EC_DATA) - grp_id = mbedtls_ecc_group_of_psa(pk->ec_family, pk->ec_bits, 0); -#else /* MBEDTLS_PK_USE_PSA_EC_DATA */ - key = mbedtls_pk_ec_rw(*pk); - if (key == NULL) { + grp_id = mbedtls_pk_get_group_id(pk); + if (grp_id == MBEDTLS_ECP_DP_NONE) { return MBEDTLS_ERR_ECP_BAD_INPUT_DATA; } - grp_id = key->grp.id; -#endif /* MBEDTLS_PK_USE_PSA_EC_DATA */ tls_id = mbedtls_ssl_get_tls_id_from_ecp_group_id(grp_id); if (tls_id == 0) { /* This elliptic curve is not supported */ From a541e0108bf78ed55b4e16dbe14bfed612e857f7 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Wed, 24 May 2023 14:31:21 +0200 Subject: [PATCH 135/328] pkparse: avoid creating extra copy of the private key Signed-off-by: Valerio Setti --- library/pkparse.c | 13 ++----------- 1 file changed, 2 insertions(+), 11 deletions(-) diff --git a/library/pkparse.c b/library/pkparse.c index e70953e9af..07fce5c1c9 100644 --- a/library/pkparse.c +++ b/library/pkparse.c @@ -1186,8 +1186,6 @@ static int pk_parse_key_sec1_der(mbedtls_pk_context *pk, #if defined(MBEDTLS_PK_USE_PSA_EC_DATA) psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; psa_status_t status; - uint8_t priv_key_raw[MBEDTLS_PSA_MAX_EC_KEY_PAIR_LENGTH]; - size_t priv_key_len; #endif /* MBEDTLS_PK_USE_PSA_EC_DATA */ /* @@ -1222,13 +1220,7 @@ static int pk_parse_key_sec1_der(mbedtls_pk_context *pk, d = p; d_len = len; -#if defined(MBEDTLS_PK_USE_PSA_EC_DATA) - if (len > MBEDTLS_PSA_MAX_EC_KEY_PAIR_LENGTH) { - return MBEDTLS_ERR_PK_BAD_INPUT_DATA; - } - memcpy(priv_key_raw, p, len); - priv_key_len = len; -#else +#if !defined(MBEDTLS_PK_USE_PSA_EC_DATA) if ((ret = mbedtls_mpi_read_binary(&eck->d, p, len)) != 0) { mbedtls_ecp_keypair_free(eck); return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, ret); @@ -1306,8 +1298,7 @@ static int pk_parse_key_sec1_der(mbedtls_pk_context *pk, #endif psa_set_key_enrollment_algorithm(&attributes, PSA_ALG_ECDH); - status = psa_import_key(&attributes, priv_key_raw, priv_key_len, - &pk->priv_id); + status = psa_import_key(&attributes, d, d_len, &pk->priv_id); if (status != PSA_SUCCESS) { ret = psa_pk_status_to_mbedtls(status); return ret; From e72bf2da3d66c0a69231fd88e58f41e4c94b6170 Mon Sep 17 00:00:00 2001 From: Minos Galanakis Date: Wed, 24 May 2023 15:13:21 +0100 Subject: [PATCH 136/328] ecp_curves: Adjusted the expected limb size for `ecp_mod_p255()`. Signed-off-by: Minos Galanakis --- library/ecp_curves.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/ecp_curves.c b/library/ecp_curves.c index 6192f6a645..4fc4b1d839 100644 --- a/library/ecp_curves.c +++ b/library/ecp_curves.c @@ -5421,7 +5421,7 @@ int mbedtls_ecp_mod_p521_raw(mbedtls_mpi_uint *X, size_t X_limbs) static int ecp_mod_p255(mbedtls_mpi *N) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - size_t expected_width = 2 * ((255 + biL - 1) / biL); + size_t expected_width = 2 * P255_WIDTH; MBEDTLS_MPI_CHK(mbedtls_mpi_grow(N, expected_width)); ret = mbedtls_ecp_mod_p255_raw(N->p, expected_width); cleanup: From 0ffc6f48fadf129413b070459e8d98a1cee3158d Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Wed, 24 May 2023 17:19:10 +0100 Subject: [PATCH 137/328] First draft at fixing the choice of asm Signed-off-by: Dave Rodgman --- library/bn_mul.h | 58 ++++++++++++++++++++++++++---------------------- 1 file changed, 31 insertions(+), 27 deletions(-) diff --git a/library/bn_mul.h b/library/bn_mul.h index c5124702bd..92a9266303 100644 --- a/library/bn_mul.h +++ b/library/bn_mul.h @@ -659,39 +659,46 @@ #endif /* TriCore */ /* + * There is a fairly complex matrix of supported options for Thumb / Thumb2 / Arm + * assembly. Choosing the correct code path depends on the target, the compiler, + * and the optimisation level. + * * Note, gcc -O0 by default uses r7 for the frame pointer, so it complains about * our use of r7 below, unless -fomit-frame-pointer is passed. * * On the other hand, -fomit-frame-pointer is implied by any -Ox options with * x !=0, which we can detect using __OPTIMIZE__ (which is also defined by * clang and armcc5 under the same conditions). - * - * So, only use the optimized assembly below for optimized build, which avoids - * the build error and is pretty reasonable anyway. */ -#if defined(__GNUC__) && !defined(__OPTIMIZE__) -#define MULADDC_CANNOT_USE_R7 + + +#if defined(__thumb__) && !defined(__thumb2__) // Thumb1 (not Thumb 2) ISA +// Only supported by gcc, when optimisation is enabled; only option A works +#if defined(__OPTIMIZE__) && !defined(__ARMCC_VERSION) +#define ARM_OPTION_A #endif -/* - * Similarly, we need to disable the assembly below if: - * - compiler is armclang - * - optimisation is not -O0 - * - target is Thumb - * - target cpu is one of cortex-m0, cortex-m0plus, cortex-m1, cortex-m23, sc000 - * - * Checking for __ARM_ARCH_6M__ or __ARM_ARCH_8M_BASE__ seems to identify exactly these - * cpus and no others (tested against all values for -mcpu known to armclang 6.20). - */ -#if defined(__ARMCC_VERSION) && defined(__OPTIMIZE__) && defined(__thumb__) -#if defined(__ARM_ARCH_8M_BASE__) || defined(__ARM_ARCH_6M__) -#define MULADDC_CANNOT_USE_R7 -#endif +#elif defined(__thumb2__) // Thumb 2 ISA + +#if !defined(__ARMCC_VERSION) && !defined(__OPTIMIZE__) +// gcc -O0 +// only option B builds +#define ARM_OPTION_B +#elif !defined(__ARMCC_VERSION) +// gcc with optimisation - any option builds +#define ARM_OPTION_A +#else +// armclang +// options A or C build +#define ARM_OPTION_A #endif -#if defined(__arm__) && !defined(MULADDC_CANNOT_USE_R7) +#elif defined(__arm__) // Arm ISA +// any option builds. A does not seem to work; B is about 2x faster than C (under emulation). +#define ARM_OPTION_B +#endif -#if defined(__thumb__) && !defined(__thumb2__) +#if defined(ARM_OPTION_A) #define MULADDC_X1_INIT \ asm( \ @@ -746,8 +753,7 @@ "r6", "r7", "r8", "r9", "cc" \ ); -#elif (__ARM_ARCH >= 6) && \ - defined (__ARM_FEATURE_DSP) && (__ARM_FEATURE_DSP == 1) +#elif defined(ARM_OPTION_B) #define MULADDC_X1_INIT \ { \ @@ -812,7 +818,7 @@ ); \ } -#else +#elif defined(ARM_OPTION_C) #define MULADDC_X1_INIT \ asm( \ @@ -840,9 +846,7 @@ "r6", "r7", "cc" \ ); -#endif /* Thumb */ - -#endif /* ARMv3 */ +#endif /* Arm */ #if defined(__alpha__) From d7a3f8065f7a274ed267b59798977979acd3b68c Mon Sep 17 00:00:00 2001 From: Kusumit Ghoderao Date: Wed, 24 May 2023 22:19:47 +0530 Subject: [PATCH 138/328] Restructure set salt function Signed-off-by: Kusumit Ghoderao --- library/psa_crypto.c | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 4cce837c52..f3699d41ba 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -6451,18 +6451,18 @@ static psa_status_t psa_pbkdf2_set_salt(psa_pbkdf2_key_derivation_t *pbkdf2, memcpy(pbkdf2->salt, data, data_length); pbkdf2->salt_length = data_length; } else if (pbkdf2->state == PSA_PBKDF2_STATE_SALT_SET) { - uint8_t *prev_salt = pbkdf2->salt; - size_t prev_salt_length = pbkdf2->salt_length; + uint8_t *next_salt; - pbkdf2->salt = mbedtls_calloc(1, data_length + prev_salt_length); - if (pbkdf2->salt == NULL) { + next_salt = mbedtls_calloc(1, data_length + pbkdf2->salt_length); + if (next_salt == NULL) { return PSA_ERROR_INSUFFICIENT_MEMORY; } - memcpy(pbkdf2->salt, prev_salt, prev_salt_length); - memcpy(pbkdf2->salt + prev_salt_length, data, data_length); + memcpy(next_salt, pbkdf2->salt, pbkdf2->salt_length); + memcpy(next_salt + pbkdf2->salt_length, data, data_length); pbkdf2->salt_length += data_length; - mbedtls_free(prev_salt); + mbedtls_free(pbkdf2->salt); + pbkdf2->salt = next_salt; } pbkdf2->state = PSA_PBKDF2_STATE_SALT_SET; From 91f99f52c442d78f91683e9947277aa399a49a2c Mon Sep 17 00:00:00 2001 From: Kusumit Ghoderao Date: Wed, 24 May 2023 22:21:48 +0530 Subject: [PATCH 139/328] Change output length parameter in pbkdf2_hmac_set_password Signed-off-by: Kusumit Ghoderao --- library/psa_crypto.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index f3699d41ba..ae7d7473fa 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -6474,15 +6474,15 @@ static psa_status_t psa_pbkdf2_hmac_set_password(psa_algorithm_t hash_alg, const uint8_t *input, size_t input_len, uint8_t *output, - size_t output_len) + size_t *output_len) { psa_status_t status = PSA_SUCCESS; if (input_len > PSA_HASH_BLOCK_LENGTH(hash_alg)) { status = psa_hash_compute(hash_alg, input, input_len, output, - PSA_HMAC_MAX_HASH_BLOCK_SIZE, &output_len); + PSA_HMAC_MAX_HASH_BLOCK_SIZE, output_len); } else { memcpy(output, input, input_len); - output_len = PSA_HASH_BLOCK_LENGTH(hash_alg); + *output_len = PSA_HASH_BLOCK_LENGTH(hash_alg); } return status; } @@ -6502,7 +6502,7 @@ static psa_status_t psa_pbkdf2_set_password(psa_pbkdf2_key_derivation_t *pbkdf2, psa_algorithm_t hash_alg = PSA_ALG_PBKDF2_HMAC_GET_HASH(kdf_alg); status = psa_pbkdf2_hmac_set_password(hash_alg, data, data_length, pbkdf2->password, - pbkdf2->password_length); + &pbkdf2->password_length); } } From 1416cba81f009414914b3b13a512cb32781eb992 Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Wed, 24 May 2023 18:07:48 +0100 Subject: [PATCH 140/328] Gate all arm asm on Armv6 or better architecture Signed-off-by: Dave Rodgman --- library/bn_mul.h | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/library/bn_mul.h b/library/bn_mul.h index 92a9266303..4751802525 100644 --- a/library/bn_mul.h +++ b/library/bn_mul.h @@ -671,6 +671,8 @@ * clang and armcc5 under the same conditions). */ +#if defined(__ARM_ARCH) +#if __ARM_ARCH >= 6 #if defined(__thumb__) && !defined(__thumb2__) // Thumb1 (not Thumb 2) ISA // Only supported by gcc, when optimisation is enabled; only option A works @@ -698,6 +700,9 @@ #define ARM_OPTION_B #endif +#endif +#endif + #if defined(ARM_OPTION_A) #define MULADDC_X1_INIT \ From ffbb7c5edc779df135f477bcf0a4e700184aa850 Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Wed, 24 May 2023 18:28:46 +0100 Subject: [PATCH 141/328] Tidy-up macros and fix guards around option B Signed-off-by: Dave Rodgman --- library/bn_mul.h | 50 ++++++++++++++++++++++++++++-------------------- 1 file changed, 29 insertions(+), 21 deletions(-) diff --git a/library/bn_mul.h b/library/bn_mul.h index 4751802525..e76a8fd91a 100644 --- a/library/bn_mul.h +++ b/library/bn_mul.h @@ -671,37 +671,45 @@ * clang and armcc5 under the same conditions). */ -#if defined(__ARM_ARCH) -#if __ARM_ARCH >= 6 +//#if defined(__ARM_ARCH) +//#if __ARM_ARCH >= 6 #if defined(__thumb__) && !defined(__thumb2__) // Thumb1 (not Thumb 2) ISA -// Only supported by gcc, when optimisation is enabled; only option A works -#if defined(__OPTIMIZE__) && !defined(__ARMCC_VERSION) -#define ARM_OPTION_A -#endif + + // Only supported by gcc, when optimisation is enabled; only option A works + #if defined(__OPTIMIZE__) && !defined(__ARMCC_VERSION) + #define ARM_OPTION_A + #endif #elif defined(__thumb2__) // Thumb 2 ISA -#if !defined(__ARMCC_VERSION) && !defined(__OPTIMIZE__) -// gcc -O0 -// only option B builds -#define ARM_OPTION_B -#elif !defined(__ARMCC_VERSION) -// gcc with optimisation - any option builds -#define ARM_OPTION_A -#else -// armclang -// options A or C build -#define ARM_OPTION_A -#endif + #if !defined(__ARMCC_VERSION) && !defined(__OPTIMIZE__) + // gcc -O0: only option B builds + #if defined (__ARM_FEATURE_DSP) && (__ARM_FEATURE_DSP == 1) + #define ARM_OPTION_B + #endif + #else + // gcc with optimisation, or armclang: any option builds + #define ARM_OPTION_B_OR_C + #endif #elif defined(__arm__) // Arm ISA -// any option builds. A does not seem to work; B is about 2x faster than C (under emulation). -#define ARM_OPTION_B -#endif + + // any option builds. A does not seem to work; B is about 2x faster than C (under emulation). + #define ARM_OPTION_B_OR_C #endif + +#if defined(ARM_OPTION_B_OR_C) +#if (__ARM_ARCH >= 6) && defined (__ARM_FEATURE_DSP) && (__ARM_FEATURE_DSP == 1) +#define ARM_OPTION_B +#else +#define ARM_OPTION_C #endif +#endif + +//#endif +//#endif #if defined(ARM_OPTION_A) From 5e7ef203e38a198e7d1e266b4b5400de0ecdc59d Mon Sep 17 00:00:00 2001 From: Kusumit Ghoderao Date: Wed, 24 May 2023 22:59:42 +0530 Subject: [PATCH 142/328] Add test case for PSA_VENDOR_PBKDF2_MAX_ITERATIONS Signed-off-by: Kusumit Ghoderao --- tests/suites/test_suite_psa_crypto.data | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data index 351d0cedae..c16879bc0f 100644 --- a/tests/suites/test_suite_psa_crypto.data +++ b/tests/suites/test_suite_psa_crypto.data @@ -5319,6 +5319,11 @@ PSA key derivation: PBKDF2-HMAC-SHA256, good case, DERIVE key as password, key o depends_on:PSA_WANT_ALG_PBKDF2_HMAC:PSA_WANT_ALG_SHA_256 derive_input:PSA_ALG_PBKDF2_HMAC(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_COST:INPUT_INTEGER:"01":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SALT:PSA_KEY_TYPE_NONE:"":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_PASSWORD:PSA_KEY_TYPE_DERIVE:"706173737764":PSA_SUCCESS:PSA_KEY_TYPE_DERIVE:PSA_ERROR_NOT_SUPPORTED +PSA key derivation: PBKDF2-HMAC-SHA256, input cost greater than PSA_VENDOR_PBKDF2_MAX_ITERATIONS +#Input cost is passed as hex number. Value of PSA_VENDOR_PBKDF2_MAX_ITERATIONS is 0xffffffff +depends_on:PSA_WANT_ALG_PBKDF2_HMAC:PSA_WANT_ALG_SHA_256 +derive_input:PSA_ALG_PBKDF2_HMAC(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_COST:INPUT_INTEGER:"0100000001":PSA_ERROR_NOT_SUPPORTED:PSA_KEY_DERIVATION_INPUT_SALT:PSA_KEY_TYPE_NONE:"":PSA_ERROR_BAD_STATE:PSA_KEY_DERIVATION_INPUT_PASSWORD:PSA_KEY_TYPE_DERIVE:"706173737764":PSA_ERROR_BAD_STATE:PSA_KEY_TYPE_NONE:PSA_ERROR_BAD_STATE + PSA key derivation: PBKDF2-HMAC-SHA256, salt missing depends_on:PSA_WANT_ALG_PBKDF2_HMAC:PSA_WANT_ALG_SHA_256 derive_input:PSA_ALG_PBKDF2_HMAC(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_COST:INPUT_INTEGER:"01":PSA_SUCCESS:0:UNUSED:"":UNUSED:PSA_KEY_DERIVATION_INPUT_PASSWORD:PSA_KEY_TYPE_PASSWORD:"706173737764":PSA_ERROR_BAD_STATE:PSA_KEY_TYPE_NONE:PSA_ERROR_BAD_STATE From 6adaca60626f53b1388a99fd05db23ba350ea4ac Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Wed, 24 May 2023 19:43:13 +0100 Subject: [PATCH 143/328] Minor tidy-up Signed-off-by: Dave Rodgman --- library/bn_mul.h | 16 +++++----------- 1 file changed, 5 insertions(+), 11 deletions(-) diff --git a/library/bn_mul.h b/library/bn_mul.h index e76a8fd91a..c6e9fab462 100644 --- a/library/bn_mul.h +++ b/library/bn_mul.h @@ -670,11 +670,7 @@ * x !=0, which we can detect using __OPTIMIZE__ (which is also defined by * clang and armcc5 under the same conditions). */ - -//#if defined(__ARM_ARCH) -//#if __ARM_ARCH >= 6 - -#if defined(__thumb__) && !defined(__thumb2__) // Thumb1 (not Thumb 2) ISA +#if defined(__thumb__) && !defined(__thumb2__) // Thumb 1 (not Thumb 2) ISA // Only supported by gcc, when optimisation is enabled; only option A works #if defined(__OPTIMIZE__) && !defined(__ARMCC_VERSION) @@ -685,7 +681,7 @@ #if !defined(__ARMCC_VERSION) && !defined(__OPTIMIZE__) // gcc -O0: only option B builds - #if defined (__ARM_FEATURE_DSP) && (__ARM_FEATURE_DSP == 1) + #if (__ARM_ARCH >= 6) && defined (__ARM_FEATURE_DSP) && (__ARM_FEATURE_DSP == 1) #define ARM_OPTION_B #endif #else @@ -698,18 +694,16 @@ // any option builds. A does not seem to work; B is about 2x faster than C (under emulation). #define ARM_OPTION_B_OR_C -#endif +#endif /* Arm ISA selection */ #if defined(ARM_OPTION_B_OR_C) +// Prefer B, if we have the right features for it #if (__ARM_ARCH >= 6) && defined (__ARM_FEATURE_DSP) && (__ARM_FEATURE_DSP == 1) #define ARM_OPTION_B #else #define ARM_OPTION_C #endif -#endif - -//#endif -//#endif +#endif /* defined(ARM_OPTION_B_OR_C) */ #if defined(ARM_OPTION_A) From 5c5a6dece6ec23d2374cd862c79387a9e1f5d7b1 Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Wed, 24 May 2023 23:24:16 +0100 Subject: [PATCH 144/328] Give options clearer names Signed-off-by: Dave Rodgman --- library/bn_mul.h | 22 +++++++++++----------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/library/bn_mul.h b/library/bn_mul.h index c6e9fab462..6149375066 100644 --- a/library/bn_mul.h +++ b/library/bn_mul.h @@ -674,7 +674,7 @@ // Only supported by gcc, when optimisation is enabled; only option A works #if defined(__OPTIMIZE__) && !defined(__ARMCC_VERSION) - #define ARM_OPTION_A + #define ARM_THUMB_1 #endif #elif defined(__thumb2__) // Thumb 2 ISA @@ -682,30 +682,30 @@ #if !defined(__ARMCC_VERSION) && !defined(__OPTIMIZE__) // gcc -O0: only option B builds #if (__ARM_ARCH >= 6) && defined (__ARM_FEATURE_DSP) && (__ARM_FEATURE_DSP == 1) - #define ARM_OPTION_B + #define ARM_V6_DSP #endif #else // gcc with optimisation, or armclang: any option builds - #define ARM_OPTION_B_OR_C + #define ARM_V6_DSP_OR_THUMB_2 #endif #elif defined(__arm__) // Arm ISA // any option builds. A does not seem to work; B is about 2x faster than C (under emulation). - #define ARM_OPTION_B_OR_C + #define ARM_V6_DSP_OR_THUMB_2 #endif /* Arm ISA selection */ -#if defined(ARM_OPTION_B_OR_C) +#if defined(ARM_V6_DSP_OR_THUMB_2) // Prefer B, if we have the right features for it #if (__ARM_ARCH >= 6) && defined (__ARM_FEATURE_DSP) && (__ARM_FEATURE_DSP == 1) -#define ARM_OPTION_B +#define ARM_V6_DSP #else -#define ARM_OPTION_C +#define ARM_THUMB_2 #endif -#endif /* defined(ARM_OPTION_B_OR_C) */ +#endif /* defined(ARM_V6_DSP_OR_THUMB_2) */ -#if defined(ARM_OPTION_A) +#if defined(ARM_THUMB_1) #define MULADDC_X1_INIT \ asm( \ @@ -760,7 +760,7 @@ "r6", "r7", "r8", "r9", "cc" \ ); -#elif defined(ARM_OPTION_B) +#elif defined(ARM_V6_DSP) #define MULADDC_X1_INIT \ { \ @@ -825,7 +825,7 @@ ); \ } -#elif defined(ARM_OPTION_C) +#elif defined(ARM_THUMB_2) #define MULADDC_X1_INIT \ asm( \ From 16a36e64d9d94367bf06f35cb3369bf1fd78d5ff Mon Sep 17 00:00:00 2001 From: Xiaokang Qian Date: Mon, 22 May 2023 10:05:11 +0000 Subject: [PATCH 145/328] Add mod test functions for unit read write Signed-off-by: Xiaokang Qian --- tests/suites/test_suite_ecp.function | 45 ++++++++++++++++++++++++++++ 1 file changed, 45 insertions(+) diff --git a/tests/suites/test_suite_ecp.function b/tests/suites/test_suite_ecp.function index eb85dc2d05..4c5b66e789 100644 --- a/tests/suites/test_suite_ecp.function +++ b/tests/suites/test_suite_ecp.function @@ -1562,3 +1562,48 @@ exit: mbedtls_free(p_S); } /* END_CASE */ + +/* BEGIN_CASE depends_on:MBEDTLS_TEST_HOOKS */ +void ecp_mod_read_write(char *input_A, int id, int ctype) +{ + size_t limbs; + mbedtls_mpi_mod_modulus m; + mbedtls_mpi_mod_residue rA; // For input + mbedtls_mpi_mod_residue rX; // For read back + mbedtls_mpi_uint *rX_raw = NULL; + mbedtls_mpi_uint *A = NULL; + mbedtls_mpi_uint *bufx = NULL; + + mbedtls_mpi_mod_modulus_init(&m); + + TEST_EQUAL(0, mbedtls_ecp_modulus_setup(&m, id, ctype)); + + TEST_EQUAL(mbedtls_test_read_mpi_core(&A, &limbs, input_A), 0); + TEST_EQUAL(0, mbedtls_mpi_mod_residue_setup(&rA, &m, A, limbs)); + + /* Test for limb sizes */ + TEST_EQUAL(m.limbs, limbs); + + ASSERT_ALLOC(rX_raw, limbs); + TEST_EQUAL(0, mbedtls_mpi_mod_residue_setup(&rX, &m, rX_raw, limbs)); + + ASSERT_ALLOC(bufx, limbs); + TEST_EQUAL(mbedtls_mpi_mod_write(&rA, &m, (unsigned char *) bufx, + limbs * ciL, + MBEDTLS_MPI_MOD_EXT_REP_LE), 0); + + TEST_EQUAL(0, mbedtls_mpi_mod_read(&rX, &m, (unsigned char *) bufx, limbs * ciL, + MBEDTLS_MPI_MOD_EXT_REP_LE)); + + TEST_EQUAL(rA.limbs, rX.limbs); + ASSERT_COMPARE(rA.p, rA.limbs * ciL, rX.p, rA.limbs * ciL); + +exit: + mbedtls_mpi_mod_modulus_free(&m); + mbedtls_mpi_mod_residue_release(&rA); + mbedtls_mpi_mod_residue_release(&rX); + mbedtls_free(A); + mbedtls_free(rX_raw); + mbedtls_free(bufx); +} +/* END_CASE */ From 5e4e287dbec2c1d6306c379296ad48aa6fcfae3a Mon Sep 17 00:00:00 2001 From: Xiaokang Qian Date: Mon, 22 May 2023 10:06:15 +0000 Subject: [PATCH 146/328] Add test data for ecp mod read write Signed-off-by: Xiaokang Qian --- tests/suites/test_suite_ecp.data | 147 +++++++++++++++++++++++++++++++ 1 file changed, 147 insertions(+) diff --git a/tests/suites/test_suite_ecp.data b/tests/suites/test_suite_ecp.data index d08ce0f99a..efaa5061d1 100644 --- a/tests/suites/test_suite_ecp.data +++ b/tests/suites/test_suite_ecp.data @@ -1520,3 +1520,150 @@ ecp_add_sub #48 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_CURVE448) depends_on:MBEDTLS_ECP_DP_CURVE448_ENABLED ecp_mod_add_sub:"0000000000000003f7defb1691e8e3b705620733deaaddd33a760e17a4e9ba333445533fcd71d42a6d00e3468c946b0ff353728c6173d944afbfae4877c606f":"0000000000000003f96c1d081a3cfe300dc4c27fa2ebbc37396957d4bf81156d86b88de3a9312ca5be57d93fa3549b71895aa36bd5231f38146a2f0970425b":MBEDTLS_ECP_DP_CURVE448:MBEDTLS_ECP_MOD_SCALAR +# The following data be generated by random.getrandbits() in python with seed(6,2), it must be +# less than the named curves' modulus. we can use mbedtls_mpi_mod_residue_setup() check whether +# it satisfy the requirements. +ecp_read_write #1 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_SECP192R1) +depends_on:MBEDTLS_ECP_DP_SECP192R1_ENABLED +ecp_mod_read_write:"c320a4737c2b3abe14a03569d26b949692e5dfe8cb1855fe":MBEDTLS_ECP_DP_SECP192R1:MBEDTLS_ECP_MOD_SCALAR + +ecp_read_write #2 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_SECP192R1) +depends_on:MBEDTLS_ECP_DP_SECP192R1_ENABLED +ecp_mod_read_write:"9623d7cfa9ae7a34254499c7001d9a88096d373742f9a039":MBEDTLS_ECP_DP_SECP192R1:MBEDTLS_ECP_MOD_SCALAR + +ecp_read_write #3 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_SECP224R1) +depends_on:MBEDTLS_ECP_DP_SECP224R1_ENABLED +ecp_mod_read_write:"df5ca32ebad5ccc232b7228fcd4a55577d24b39645cf8aa4059a91e1":MBEDTLS_ECP_DP_SECP224R1:MBEDTLS_ECP_MOD_SCALAR + +ecp_read_write #4 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_SECP224R1) +depends_on:MBEDTLS_ECP_DP_SECP224R1_ENABLED +ecp_mod_read_write:"c527e27951c342505f877031bc1e3ac1c27db4ecf72c2c2678629522":MBEDTLS_ECP_DP_SECP224R1:MBEDTLS_ECP_MOD_SCALAR + +ecp_read_write #7 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_SECP256R1) +depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED +ecp_mod_read_write:"903c2ac9316774fe181e290aae9af1698a0c510089ce5ef7e91b4ad169fc5360":MBEDTLS_ECP_DP_SECP256R1:MBEDTLS_ECP_MOD_SCALAR + +ecp_read_write #8 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_SECP256R1) +depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED +ecp_mod_read_write:"9c2c0ac2cda95957a9b3d1a243f9300cba98666ace1c9c17b313fc7e8db9b92c":MBEDTLS_ECP_DP_SECP256R1:MBEDTLS_ECP_MOD_SCALAR + +ecp_read_write #10 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_SECP384R1) +depends_on:MBEDTLS_ECP_DP_SECP384R1_ENABLED +ecp_mod_read_write:"401fe4fcce06294d68f22599ccdf540b5cb53ec017d7ab26fd80206055e8b3eb6cb9185ed822e2f9168e5087af895f5b":MBEDTLS_ECP_DP_SECP384R1:MBEDTLS_ECP_MOD_SCALAR + +ecp_read_write #11 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_SECP384R1) +depends_on:MBEDTLS_ECP_DP_SECP384R1_ENABLED +ecp_mod_read_write:"bb1e330f38d2e6418f918e24a8b0188cbe19514a28a0aaab3642b1932793637c16cf5c51801fd9ab31a5bf371f970cf":MBEDTLS_ECP_DP_SECP384R1:MBEDTLS_ECP_MOD_SCALAR + +ecp_read_write #13 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_SECP521R1) +depends_on:MBEDTLS_ECP_DP_SECP521R1_ENABLED +ecp_mod_read_write:"1477156c589f498b61beb35f57662410d8821f3a1ee4a5968a8009618dbe4afda408809822eb0e994fbf9da1659c1ea21b151db97cd1f1567fa4b9327967e0aa591":MBEDTLS_ECP_DP_SECP521R1:MBEDTLS_ECP_MOD_SCALAR + +ecp_read_write #14 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_SECP521R1) +depends_on:MBEDTLS_ECP_DP_SECP521R1_ENABLED +ecp_mod_read_write:"158dd0fdd801513590d221009f2b6c212f2b30214cc3b1f80aaf9142dc9f328c8e2b0af83e1acdb102d85f287d77188c2b8e7911cf9452f5014966f28da330e1fa6":MBEDTLS_ECP_DP_SECP521R1:MBEDTLS_ECP_MOD_SCALAR + +# The following data be generated by random.getrandbits() in python with seed(7,2) +ecp_read_write #15 MBEDTLS_ECP_MOD_COORDINATE(MBEDTLS_ECP_DP_BP256R1) +depends_on:MBEDTLS_ECP_DP_BP256R1_ENABLED +ecp_mod_read_write:"6b4cb2424a23d5962217beaddbc496cb8e81973e0becd7b03898d190f9ebdacc":MBEDTLS_ECP_DP_BP256R1:MBEDTLS_ECP_MOD_COORDINATE + +ecp_read_write #16 MBEDTLS_ECP_MOD_COORDINATE(MBEDTLS_ECP_DP_BP256R1) +depends_on:MBEDTLS_ECP_DP_BP256R1_ENABLED +ecp_mod_read_write:"36f675cc81e74ef5e8e25d940ed904759531985d5d9dc9f81818e811892f902b":MBEDTLS_ECP_DP_BP256R1:MBEDTLS_ECP_MOD_COORDINATE + +ecp_read_write #17 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_BP256R1) +depends_on:MBEDTLS_ECP_DP_BP256R1_ENABLED +ecp_mod_read_write:"8d116ece1738f7d93d9c172411e20b8f6b0d549b6f03675a1600a35a099950d8":MBEDTLS_ECP_DP_BP256R1:MBEDTLS_ECP_MOD_SCALAR + +ecp_read_write #18 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_BP256R1) +depends_on:MBEDTLS_ECP_DP_BP256R1_ENABLED +ecp_mod_read_write:"a170b33839263059f28c105d1fb17c2390c192cfd3ac94af0f21ddb66cad4a26":MBEDTLS_ECP_DP_BP256R1:MBEDTLS_ECP_MOD_SCALAR + +ecp_read_write #19 MBEDTLS_ECP_MOD_COORDINATE(MBEDTLS_ECP_DP_BP384R1) +depends_on:MBEDTLS_ECP_DP_BP384R1_ENABLED +ecp_mod_read_write:"7f15052434b9b5df9e7769b10f4205b4907a70c31012f037b64ce4228c38fb2918f135d25f557203301850c5a38fd547":MBEDTLS_ECP_DP_BP384R1:MBEDTLS_ECP_MOD_COORDINATE + +ecp_read_write #20 MBEDTLS_ECP_MOD_COORDINATE(MBEDTLS_ECP_DP_BP384R1) +depends_on:MBEDTLS_ECP_DP_BP384R1_ENABLED +ecp_mod_read_write:"3f98e2774cbd87ad5c90a9587403e430ec66a78795e761d17731af10506bf2efc6f877186d76b07e881ed162ae2eb154":MBEDTLS_ECP_DP_BP384R1:MBEDTLS_ECP_MOD_COORDINATE + +ecp_read_write #21 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_BP384R1) +depends_on:MBEDTLS_ECP_DP_BP384R1_ENABLED +ecp_mod_read_write:"57ee05cde00902c77ebff206867347214cdd2055930d6eaf14f4733f3e7d1bfbc7a2ea20b2f14c942e05319acb5c7427":MBEDTLS_ECP_DP_BP384R1:MBEDTLS_ECP_MOD_SCALAR + +ecp_read_write #22 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_BP384R1) +depends_on:MBEDTLS_ECP_DP_BP384R1_ENABLED +ecp_mod_read_write:"5790f82ec1d3fcff2a3af4d46b0a18e8830e07bc1e398f1012bd4acefaecbd389be4bcfc49b64a0872e6cc3ababced20":MBEDTLS_ECP_DP_BP384R1:MBEDTLS_ECP_MOD_SCALAR + +ecp_read_write #23 MBEDTLS_ECP_MOD_COORDINATE(MBEDTLS_ECP_DP_BP512R1) +depends_on:MBEDTLS_ECP_DP_BP512R1_ENABLED +ecp_mod_read_write:"57ee05cde00902c77ebff206867347214cdd2055930d6eaf14f4733f3e7d1bfbc7a2ea20b2f14c942e05319acb5c74273f98e2774cbd87ad5c90a9587403e430":MBEDTLS_ECP_DP_BP512R1:MBEDTLS_ECP_MOD_COORDINATE + +ecp_read_write #24 MBEDTLS_ECP_MOD_COORDINATE(MBEDTLS_ECP_DP_BP512R1) +depends_on:MBEDTLS_ECP_DP_BP512R1_ENABLED +ecp_mod_read_write:"6bf46c697d2caf82eeeacbe226e875555790f82ec1d3fcff2a3af4d46b0a18e8830e07bc1e398f1012bd4acefaecbd389be4bcfc49b64a0872e6cc3ababced20":MBEDTLS_ECP_DP_BP512R1:MBEDTLS_ECP_MOD_COORDINATE + +ecp_read_write #25 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_BP512R1) +depends_on:MBEDTLS_ECP_DP_BP512R1_ENABLED +ecp_mod_read_write:"7f26144b98289fcd59a54a7bb1fee08f571242425051c1ccd17f9acae01f5057ca02135e92b1d3f28ede0d7ac3baea9e13deef86ab1031d0f646e1f40a097c97":MBEDTLS_ECP_DP_BP512R1:MBEDTLS_ECP_MOD_SCALAR + +ecp_read_write #26 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_BP512R1) +depends_on:MBEDTLS_ECP_DP_BP512R1_ENABLED +ecp_mod_read_write:"4f426dcbb394fb36bb2d420f0f88080b10a3d6b2aa05e11ab2715945795e8229451abd81f1d69ed617f5e837d70820fe119a72d174c9df6acc011cdd9474031b":MBEDTLS_ECP_DP_BP512R1:MBEDTLS_ECP_MOD_SCALAR + +# The following data be generated by random.getrandbits(252) in python with seed(8,2) +ecp_read_write #27 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_CURVE25519) +depends_on:MBEDTLS_ECP_DP_CURVE25519_ENABLED +ecp_mod_read_write:"00b3510bb46ee1da317017a6205738d16018366cf658f7a75ed34fe53a096533":MBEDTLS_ECP_DP_CURVE25519:MBEDTLS_ECP_MOD_SCALAR + +# The following data be generated by random.getrandbits(252) +ecp_read_write #28 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_CURVE25519) +depends_on:MBEDTLS_ECP_DP_CURVE25519_ENABLED +ecp_mod_read_write:"06694f22359b154881a0d5b3ffc6e35ccfaf00103f584ad4230824d215ceb3a1":MBEDTLS_ECP_DP_CURVE25519:MBEDTLS_ECP_MOD_SCALAR + +# The least 122 bits are generated by random.getrandbits(122) +ecp_read_write #29 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_CURVE25519) +depends_on:MBEDTLS_ECP_DP_CURVE25519_ENABLED +ecp_mod_read_write:"1000000000000000000000000000000011f319877589ca4a07c15471a4517d6c":MBEDTLS_ECP_DP_CURVE25519:MBEDTLS_ECP_MOD_SCALAR + +# The following datas are generated by random.getrandbits(192). +ecp_read_write #30 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_SECP192K1) +depends_on:MBEDTLS_ECP_DP_SECP192K1_ENABLED +ecp_mod_read_write:"e5b8063831360a4092b850ad7eb72f8263f65da874007cb4":MBEDTLS_ECP_DP_SECP192K1:MBEDTLS_ECP_MOD_SCALAR + +ecp_read_write #31 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_SECP192K1) +depends_on:MBEDTLS_ECP_DP_SECP192K1_ENABLED +ecp_mod_read_write:"c24f6aa83bf36a147c2f7ad016edc5d467164890d49d0ac1":MBEDTLS_ECP_DP_SECP192K1:MBEDTLS_ECP_MOD_SCALAR + +# The following datas are generated by random.getrandbits(224). +ecp_read_write #32 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_SECP224K1) +depends_on:MBEDTLS_ECP_DP_SECP224K1_ENABLED +ecp_mod_read_write:"0e6edaf80796d3bc4685ca8af852a5fba444adf42b37f5722051e2670":MBEDTLS_ECP_DP_SECP224K1:MBEDTLS_ECP_MOD_SCALAR + +ecp_read_write #33 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_SECP224K1) +depends_on:MBEDTLS_ECP_DP_SECP224K1_ENABLED +ecp_mod_read_write:"018dff3934223aa56a9b7e3ea1d1d784fb9db434b610b1631e941aa79":MBEDTLS_ECP_DP_SECP224K1:MBEDTLS_ECP_MOD_SCALAR + +# The least 112 bits are generated by random.getrandbits(112) +ecp_read_write #34 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_SECP224K1) +depends_on:MBEDTLS_ECP_DP_SECP224K1_ENABLED +ecp_mod_read_write:"1000000000000000000000000000162e910269470d0718c1afdd9a78d":MBEDTLS_ECP_DP_SECP224K1:MBEDTLS_ECP_MOD_SCALAR + +# The following datas are generated by random.getrandbits(256). +ecp_read_write #35 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_SECP256K1) +depends_on:MBEDTLS_ECP_DP_SECP256K1_ENABLED +ecp_mod_read_write:"3c02e56756a3e9570edca4eca92d04a31b941f4360908405d45c39a39ec353c1":MBEDTLS_ECP_DP_SECP256K1:MBEDTLS_ECP_MOD_SCALAR + +ecp_read_write #36 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_SECP256K1) +depends_on:MBEDTLS_ECP_DP_SECP256K1_ENABLED +ecp_mod_read_write:"353a0106e6c08269844dbc0ca65423a9e744b24e7f61701e1607b1c4b0f91306":MBEDTLS_ECP_DP_SECP256K1:MBEDTLS_ECP_MOD_SCALAR + +# The least 440 bits are generated by random.getrandbits(440) +ecp_read_write #37 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_CURVE448) +depends_on:MBEDTLS_ECP_DP_CURVE448_ENABLED +ecp_mod_read_write:"000000000000003fdc3d71f22ff5fd25f0f21231a06a7cb3aa75ab7d1944ff09974b85f2306d4a8a2ad16e107ac8069b51c6322463278ecef2d30194df943c":MBEDTLS_ECP_DP_CURVE448:MBEDTLS_ECP_MOD_SCALAR + +ecp_read_write #38 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_CURVE448) +depends_on:MBEDTLS_ECP_DP_CURVE448_ENABLED +ecp_mod_read_write:"000000000000003f9fbd8780ed55037ea03260d7ef27bba4d70dfcf3332eb05b6659eab3bfcd5d50545214b0afb81e8824918818fd64f799ef936ac3a8db56":MBEDTLS_ECP_DP_CURVE448:MBEDTLS_ECP_MOD_SCALAR From b8cf6226f2860e9f3a56b009ecf830808a5fbe32 Mon Sep 17 00:00:00 2001 From: Xiaokang Qian Date: Wed, 24 May 2023 08:55:59 +0000 Subject: [PATCH 147/328] Add test function ecp_mod_random Signed-off-by: Xiaokang Qian --- tests/suites/test_suite_ecp.function | 29 ++++++++++++++++++++++++++++ 1 file changed, 29 insertions(+) diff --git a/tests/suites/test_suite_ecp.function b/tests/suites/test_suite_ecp.function index 4c5b66e789..7675fd9b2f 100644 --- a/tests/suites/test_suite_ecp.function +++ b/tests/suites/test_suite_ecp.function @@ -7,6 +7,7 @@ #include "bignum_core.h" #include "ecp_invasive.h" #include "bignum_mod_raw_invasive.h" +#include "constant_time_internal.h" #define ECP_PF_UNKNOWN -1 @@ -1607,3 +1608,31 @@ exit: mbedtls_free(bufx); } /* END_CASE */ + +/* BEGIN_CASE depends_on:MBEDTLS_TEST_HOOKS */ +void ecp_mod_random(int id, int ctype) +{ + size_t limbs; + mbedtls_mpi_mod_modulus m; + mbedtls_mpi_mod_residue rX; // For random data + mbedtls_mpi_uint *rX_raw = NULL; + + mbedtls_mpi_mod_modulus_init(&m); + TEST_EQUAL(0, mbedtls_ecp_modulus_setup(&m, id, ctype)); + + limbs = m.limbs; + + ASSERT_ALLOC(rX_raw, limbs); + TEST_EQUAL(0, mbedtls_mpi_mod_residue_setup(&rX, &m, rX_raw, limbs)); + + TEST_EQUAL(mbedtls_mpi_mod_random(&rX, 1, &m, + mbedtls_test_rnd_std_rand, NULL), 0); + + TEST_ASSERT(mbedtls_mpi_core_lt_ct(rX.p, m.p, limbs) == 1); + +exit: + mbedtls_mpi_mod_modulus_free(&m); + mbedtls_mpi_mod_residue_release(&rX); + mbedtls_free(rX_raw); +} +/* END_CASE */ From dfaf90f3d1c1c627410c13c250a95f7903bba186 Mon Sep 17 00:00:00 2001 From: Xiaokang Qian Date: Wed, 24 May 2023 08:56:50 +0000 Subject: [PATCH 148/328] Add test data for function ecp_mod_random Signed-off-by: Xiaokang Qian --- tests/suites/test_suite_ecp.data | 100 +++++++++++++++++++++++++++++++ 1 file changed, 100 insertions(+) diff --git a/tests/suites/test_suite_ecp.data b/tests/suites/test_suite_ecp.data index efaa5061d1..ccba3ac3c5 100644 --- a/tests/suites/test_suite_ecp.data +++ b/tests/suites/test_suite_ecp.data @@ -1667,3 +1667,103 @@ ecp_mod_read_write:"000000000000003fdc3d71f22ff5fd25f0f21231a06a7cb3aa75ab7d1944 ecp_read_write #38 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_CURVE448) depends_on:MBEDTLS_ECP_DP_CURVE448_ENABLED ecp_mod_read_write:"000000000000003f9fbd8780ed55037ea03260d7ef27bba4d70dfcf3332eb05b6659eab3bfcd5d50545214b0afb81e8824918818fd64f799ef936ac3a8db56":MBEDTLS_ECP_DP_CURVE448:MBEDTLS_ECP_MOD_SCALAR + +ecp_random #1 MBEDTLS_ECP_MOD_COORDINATE(MBEDTLS_ECP_DP_SECP192R1) +depends_on:MBEDTLS_ECP_DP_SECP192R1_ENABLED +ecp_mod_random:MBEDTLS_ECP_DP_SECP192R1:MBEDTLS_ECP_MOD_COORDINATE + +ecp_random #2 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_SECP192R1) +depends_on:MBEDTLS_ECP_DP_SECP192R1_ENABLED +ecp_mod_random:MBEDTLS_ECP_DP_SECP192R1:MBEDTLS_ECP_MOD_SCALAR + +ecp_random #3 MBEDTLS_ECP_MOD_COORDINATE(MBEDTLS_ECP_DP_SECP224R1) +depends_on:MBEDTLS_ECP_DP_SECP224R1_ENABLED +ecp_mod_random:MBEDTLS_ECP_DP_SECP224R1:MBEDTLS_ECP_MOD_COORDINATE + +ecp_random #4 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_SECP224R1) +depends_on:MBEDTLS_ECP_DP_SECP224R1_ENABLED +ecp_mod_random:MBEDTLS_ECP_DP_SECP224R1:MBEDTLS_ECP_MOD_SCALAR + +ecp_random #5 MBEDTLS_ECP_MOD_COORDINATE(MBEDTLS_ECP_DP_SECP256R1) +depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED +ecp_mod_random:MBEDTLS_ECP_DP_SECP256R1:MBEDTLS_ECP_MOD_COORDINATE + +ecp_random #6 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_SECP256R1) +depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED +ecp_mod_random:MBEDTLS_ECP_DP_SECP256R1:MBEDTLS_ECP_MOD_SCALAR + +ecp_random #7 MBEDTLS_ECP_MOD_COORDINATE(MBEDTLS_ECP_DP_SECP384R1) +depends_on:MBEDTLS_ECP_DP_SECP384R1_ENABLED +ecp_mod_random:MBEDTLS_ECP_DP_SECP384R1:MBEDTLS_ECP_MOD_COORDINATE + +ecp_random #8 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_SECP384R1) +depends_on:MBEDTLS_ECP_DP_SECP384R1_ENABLED +ecp_mod_random:MBEDTLS_ECP_DP_SECP384R1:MBEDTLS_ECP_MOD_SCALAR + +ecp_random #9 MBEDTLS_ECP_MOD_COORDINATE(MBEDTLS_ECP_DP_SECP521R1) +depends_on:MBEDTLS_ECP_DP_SECP521R1_ENABLED +ecp_mod_random:MBEDTLS_ECP_DP_SECP521R1:MBEDTLS_ECP_MOD_COORDINATE + +ecp_random #10 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_SECP521R1) +depends_on:MBEDTLS_ECP_DP_SECP521R1_ENABLED +ecp_mod_random:MBEDTLS_ECP_DP_SECP521R1:MBEDTLS_ECP_MOD_SCALAR + +ecp_random #11 MBEDTLS_ECP_MOD_COORDINATE(MBEDTLS_ECP_DP_BP256R1) +depends_on:MBEDTLS_ECP_DP_BP256R1_ENABLED +ecp_mod_random:MBEDTLS_ECP_DP_BP256R1:MBEDTLS_ECP_MOD_COORDINATE + +ecp_random #12 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_BP256R1) +depends_on:MBEDTLS_ECP_DP_BP256R1_ENABLED +ecp_mod_random:MBEDTLS_ECP_DP_BP256R1:MBEDTLS_ECP_MOD_SCALAR + +ecp_random #13 MBEDTLS_ECP_MOD_COORDINATE(MBEDTLS_ECP_DP_BP384R1) +depends_on:MBEDTLS_ECP_DP_BP384R1_ENABLED +ecp_mod_random:MBEDTLS_ECP_DP_BP384R1:MBEDTLS_ECP_MOD_COORDINATE + +ecp_random #14 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_BP384R1) +depends_on:MBEDTLS_ECP_DP_BP384R1_ENABLED +ecp_mod_random:MBEDTLS_ECP_DP_BP384R1:MBEDTLS_ECP_MOD_SCALAR + +ecp_random #15 MBEDTLS_ECP_MOD_COORDINATE(MBEDTLS_ECP_DP_BP512R1) +depends_on:MBEDTLS_ECP_DP_BP512R1_ENABLED +ecp_mod_random:MBEDTLS_ECP_DP_BP512R1:MBEDTLS_ECP_MOD_COORDINATE + +ecp_random #16 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_BP512R1) +depends_on:MBEDTLS_ECP_DP_BP512R1_ENABLED +ecp_mod_random:MBEDTLS_ECP_DP_BP512R1:MBEDTLS_ECP_MOD_SCALAR + +ecp_random #17 MBEDTLS_ECP_MOD_COORDINATE(MBEDTLS_ECP_DP_CURVE25519) +depends_on:MBEDTLS_ECP_DP_CURVE25519_ENABLED +ecp_mod_random:MBEDTLS_ECP_DP_CURVE25519:MBEDTLS_ECP_MOD_COORDINATE + +ecp_random #18 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_CURVE25519) +depends_on:MBEDTLS_ECP_DP_CURVE25519_ENABLED +ecp_mod_random:MBEDTLS_ECP_DP_CURVE25519:MBEDTLS_ECP_MOD_SCALAR + +ecp_random #19 MBEDTLS_ECP_MOD_COORDINATE(MBEDTLS_ECP_DP_SECP192K1) +depends_on:MBEDTLS_ECP_DP_SECP192K1_ENABLED +ecp_mod_random:MBEDTLS_ECP_DP_SECP192K1:MBEDTLS_ECP_MOD_COORDINATE + +ecp_random #20 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_SECP192K1) +depends_on:MBEDTLS_ECP_DP_SECP192K1_ENABLED +ecp_mod_random:MBEDTLS_ECP_DP_SECP192K1:MBEDTLS_ECP_MOD_SCALAR + +ecp_random #21 MBEDTLS_ECP_MOD_COORDINATE(MBEDTLS_ECP_DP_SECP224K1) +depends_on:MBEDTLS_ECP_DP_SECP224K1_ENABLED +ecp_mod_random:MBEDTLS_ECP_DP_SECP224K1:MBEDTLS_ECP_MOD_COORDINATE + +ecp_random #22 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_SECP224K1) +depends_on:MBEDTLS_ECP_DP_SECP224K1_ENABLED +ecp_mod_random:MBEDTLS_ECP_DP_SECP224K1:MBEDTLS_ECP_MOD_SCALAR + +ecp_random #23 MBEDTLS_ECP_MOD_COORDINATE(MBEDTLS_ECP_DP_SECP256K1) +depends_on:MBEDTLS_ECP_DP_SECP256K1_ENABLED +ecp_mod_random:MBEDTLS_ECP_DP_SECP256K1:MBEDTLS_ECP_MOD_COORDINATE + +ecp_random #24 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_SECP256K1) +depends_on:MBEDTLS_ECP_DP_SECP256K1_ENABLED +ecp_mod_random:MBEDTLS_ECP_DP_SECP256K1:MBEDTLS_ECP_MOD_SCALAR + +ecp_random #25 MBEDTLS_ECP_MOD_COORDINATE(MBEDTLS_ECP_DP_CURVE448) +depends_on:MBEDTLS_ECP_DP_CURVE448_ENABLED +ecp_mod_random:MBEDTLS_ECP_DP_CURVE448:MBEDTLS_ECP_MOD_COORDINATE From b3366c556c8124dc2eb4aa22ef36fc66853e5143 Mon Sep 17 00:00:00 2001 From: Xiaokang Qian Date: Thu, 25 May 2023 03:35:46 +0000 Subject: [PATCH 149/328] Update comments about how to generate mod_read_write data Signed-off-by: Xiaokang Qian --- tests/suites/test_suite_ecp.data | 27 +++++++++++++++------------ 1 file changed, 15 insertions(+), 12 deletions(-) diff --git a/tests/suites/test_suite_ecp.data b/tests/suites/test_suite_ecp.data index ccba3ac3c5..030cd464c7 100644 --- a/tests/suites/test_suite_ecp.data +++ b/tests/suites/test_suite_ecp.data @@ -1520,9 +1520,10 @@ ecp_add_sub #48 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_CURVE448) depends_on:MBEDTLS_ECP_DP_CURVE448_ENABLED ecp_mod_add_sub:"0000000000000003f7defb1691e8e3b705620733deaaddd33a760e17a4e9ba333445533fcd71d42a6d00e3468c946b0ff353728c6173d944afbfae4877c606f":"0000000000000003f96c1d081a3cfe300dc4c27fa2ebbc37396957d4bf81156d86b88de3a9312ca5be57d93fa3549b71895aa36bd5231f38146a2f0970425b":MBEDTLS_ECP_DP_CURVE448:MBEDTLS_ECP_MOD_SCALAR -# The following data be generated by random.getrandbits() in python with seed(6,2), it must be -# less than the named curves' modulus. we can use mbedtls_mpi_mod_residue_setup() check whether -# it satisfy the requirements. +# The following data was generated using python's standard random library, +# initialised with seed(6,2) and random.getrandbits(curve bits). Curve bits are 192,224,256,384,520. +# They must be less than the named curves' modulus. mbedtls_mpi_mod_residue_setup() +# can be used to check whether they satisfy the requirements. ecp_read_write #1 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_SECP192R1) depends_on:MBEDTLS_ECP_DP_SECP192R1_ENABLED ecp_mod_read_write:"c320a4737c2b3abe14a03569d26b949692e5dfe8cb1855fe":MBEDTLS_ECP_DP_SECP192R1:MBEDTLS_ECP_MOD_SCALAR @@ -1563,7 +1564,8 @@ ecp_read_write #14 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_SECP521R1) depends_on:MBEDTLS_ECP_DP_SECP521R1_ENABLED ecp_mod_read_write:"158dd0fdd801513590d221009f2b6c212f2b30214cc3b1f80aaf9142dc9f328c8e2b0af83e1acdb102d85f287d77188c2b8e7911cf9452f5014966f28da330e1fa6":MBEDTLS_ECP_DP_SECP521R1:MBEDTLS_ECP_MOD_SCALAR -# The following data be generated by random.getrandbits() in python with seed(7,2) +# The following data was generated using python's standard random library, +# initialised with seed(7,2) and random.getrandbits(curve bits). Curve bits are 256,384,512. ecp_read_write #15 MBEDTLS_ECP_MOD_COORDINATE(MBEDTLS_ECP_DP_BP256R1) depends_on:MBEDTLS_ECP_DP_BP256R1_ENABLED ecp_mod_read_write:"6b4cb2424a23d5962217beaddbc496cb8e81973e0becd7b03898d190f9ebdacc":MBEDTLS_ECP_DP_BP256R1:MBEDTLS_ECP_MOD_COORDINATE @@ -1612,22 +1614,23 @@ ecp_read_write #26 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_BP512R1) depends_on:MBEDTLS_ECP_DP_BP512R1_ENABLED ecp_mod_read_write:"4f426dcbb394fb36bb2d420f0f88080b10a3d6b2aa05e11ab2715945795e8229451abd81f1d69ed617f5e837d70820fe119a72d174c9df6acc011cdd9474031b":MBEDTLS_ECP_DP_BP512R1:MBEDTLS_ECP_MOD_SCALAR -# The following data be generated by random.getrandbits(252) in python with seed(8,2) +# The following data was generated using python's standard random library, +# initialised with seed(8,2) and random.getrandbits(252). ecp_read_write #27 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_CURVE25519) depends_on:MBEDTLS_ECP_DP_CURVE25519_ENABLED ecp_mod_read_write:"00b3510bb46ee1da317017a6205738d16018366cf658f7a75ed34fe53a096533":MBEDTLS_ECP_DP_CURVE25519:MBEDTLS_ECP_MOD_SCALAR -# The following data be generated by random.getrandbits(252) +# The following data was generated using python's standard random library random.getrandbits(252). ecp_read_write #28 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_CURVE25519) depends_on:MBEDTLS_ECP_DP_CURVE25519_ENABLED ecp_mod_read_write:"06694f22359b154881a0d5b3ffc6e35ccfaf00103f584ad4230824d215ceb3a1":MBEDTLS_ECP_DP_CURVE25519:MBEDTLS_ECP_MOD_SCALAR -# The least 122 bits are generated by random.getrandbits(122) +# The least 122 bits were generated by random.getrandbits(122) ecp_read_write #29 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_CURVE25519) depends_on:MBEDTLS_ECP_DP_CURVE25519_ENABLED ecp_mod_read_write:"1000000000000000000000000000000011f319877589ca4a07c15471a4517d6c":MBEDTLS_ECP_DP_CURVE25519:MBEDTLS_ECP_MOD_SCALAR -# The following datas are generated by random.getrandbits(192). +# The following data was generated by random.getrandbits(192). ecp_read_write #30 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_SECP192K1) depends_on:MBEDTLS_ECP_DP_SECP192K1_ENABLED ecp_mod_read_write:"e5b8063831360a4092b850ad7eb72f8263f65da874007cb4":MBEDTLS_ECP_DP_SECP192K1:MBEDTLS_ECP_MOD_SCALAR @@ -1636,7 +1639,7 @@ ecp_read_write #31 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_SECP192K1) depends_on:MBEDTLS_ECP_DP_SECP192K1_ENABLED ecp_mod_read_write:"c24f6aa83bf36a147c2f7ad016edc5d467164890d49d0ac1":MBEDTLS_ECP_DP_SECP192K1:MBEDTLS_ECP_MOD_SCALAR -# The following datas are generated by random.getrandbits(224). +# The following data was generated by random.getrandbits(224). ecp_read_write #32 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_SECP224K1) depends_on:MBEDTLS_ECP_DP_SECP224K1_ENABLED ecp_mod_read_write:"0e6edaf80796d3bc4685ca8af852a5fba444adf42b37f5722051e2670":MBEDTLS_ECP_DP_SECP224K1:MBEDTLS_ECP_MOD_SCALAR @@ -1645,12 +1648,12 @@ ecp_read_write #33 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_SECP224K1) depends_on:MBEDTLS_ECP_DP_SECP224K1_ENABLED ecp_mod_read_write:"018dff3934223aa56a9b7e3ea1d1d784fb9db434b610b1631e941aa79":MBEDTLS_ECP_DP_SECP224K1:MBEDTLS_ECP_MOD_SCALAR -# The least 112 bits are generated by random.getrandbits(112) +# The least 112 bits were generated by random.getrandbits(112) ecp_read_write #34 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_SECP224K1) depends_on:MBEDTLS_ECP_DP_SECP224K1_ENABLED ecp_mod_read_write:"1000000000000000000000000000162e910269470d0718c1afdd9a78d":MBEDTLS_ECP_DP_SECP224K1:MBEDTLS_ECP_MOD_SCALAR -# The following datas are generated by random.getrandbits(256). +# The following data was generated by random.getrandbits(256). ecp_read_write #35 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_SECP256K1) depends_on:MBEDTLS_ECP_DP_SECP256K1_ENABLED ecp_mod_read_write:"3c02e56756a3e9570edca4eca92d04a31b941f4360908405d45c39a39ec353c1":MBEDTLS_ECP_DP_SECP256K1:MBEDTLS_ECP_MOD_SCALAR @@ -1659,7 +1662,7 @@ ecp_read_write #36 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_SECP256K1) depends_on:MBEDTLS_ECP_DP_SECP256K1_ENABLED ecp_mod_read_write:"353a0106e6c08269844dbc0ca65423a9e744b24e7f61701e1607b1c4b0f91306":MBEDTLS_ECP_DP_SECP256K1:MBEDTLS_ECP_MOD_SCALAR -# The least 440 bits are generated by random.getrandbits(440) +# The least 440 bits were generated by random.getrandbits(440) ecp_read_write #37 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_CURVE448) depends_on:MBEDTLS_ECP_DP_CURVE448_ENABLED ecp_mod_read_write:"000000000000003fdc3d71f22ff5fd25f0f21231a06a7cb3aa75ab7d1944ff09974b85f2306d4a8a2ad16e107ac8069b51c6322463278ecef2d30194df943c":MBEDTLS_ECP_DP_CURVE448:MBEDTLS_ECP_MOD_SCALAR From ebc2478e064a7941f4c19c359e1f5666fe073cf3 Mon Sep 17 00:00:00 2001 From: Xiaokang Qian Date: Thu, 25 May 2023 06:22:29 +0000 Subject: [PATCH 150/328] Move const result to the first parameter Signed-off-by: Xiaokang Qian --- tests/suites/test_suite_ecp.function | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) diff --git a/tests/suites/test_suite_ecp.function b/tests/suites/test_suite_ecp.function index 7675fd9b2f..2e2605bfd5 100644 --- a/tests/suites/test_suite_ecp.function +++ b/tests/suites/test_suite_ecp.function @@ -1579,7 +1579,7 @@ void ecp_mod_read_write(char *input_A, int id, int ctype) TEST_EQUAL(0, mbedtls_ecp_modulus_setup(&m, id, ctype)); - TEST_EQUAL(mbedtls_test_read_mpi_core(&A, &limbs, input_A), 0); + TEST_EQUAL(0, mbedtls_test_read_mpi_core(&A, &limbs, input_A)); TEST_EQUAL(0, mbedtls_mpi_mod_residue_setup(&rA, &m, A, limbs)); /* Test for limb sizes */ @@ -1589,11 +1589,12 @@ void ecp_mod_read_write(char *input_A, int id, int ctype) TEST_EQUAL(0, mbedtls_mpi_mod_residue_setup(&rX, &m, rX_raw, limbs)); ASSERT_ALLOC(bufx, limbs); - TEST_EQUAL(mbedtls_mpi_mod_write(&rA, &m, (unsigned char *) bufx, - limbs * ciL, - MBEDTLS_MPI_MOD_EXT_REP_LE), 0); + TEST_EQUAL(0, mbedtls_mpi_mod_write(&rA, &m, (unsigned char *) bufx, + limbs * ciL, + MBEDTLS_MPI_MOD_EXT_REP_LE)); - TEST_EQUAL(0, mbedtls_mpi_mod_read(&rX, &m, (unsigned char *) bufx, limbs * ciL, + TEST_EQUAL(0, mbedtls_mpi_mod_read(&rX, &m, (unsigned char *) bufx, + limbs * ciL, MBEDTLS_MPI_MOD_EXT_REP_LE)); TEST_EQUAL(rA.limbs, rX.limbs); @@ -1625,8 +1626,8 @@ void ecp_mod_random(int id, int ctype) ASSERT_ALLOC(rX_raw, limbs); TEST_EQUAL(0, mbedtls_mpi_mod_residue_setup(&rX, &m, rX_raw, limbs)); - TEST_EQUAL(mbedtls_mpi_mod_random(&rX, 1, &m, - mbedtls_test_rnd_std_rand, NULL), 0); + TEST_EQUAL(0, mbedtls_mpi_mod_random(&rX, 1, &m, + mbedtls_test_rnd_std_rand, NULL)); TEST_ASSERT(mbedtls_mpi_core_lt_ct(rX.p, m.p, limbs) == 1); From 92e8a88390d89ff2b1633783506793f405ea56de Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Thu, 25 May 2023 08:10:33 +0100 Subject: [PATCH 151/328] Improve comments Signed-off-by: Dave Rodgman --- library/bn_mul.h | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/library/bn_mul.h b/library/bn_mul.h index 6149375066..51c0a31482 100644 --- a/library/bn_mul.h +++ b/library/bn_mul.h @@ -660,7 +660,7 @@ /* * There is a fairly complex matrix of supported options for Thumb / Thumb2 / Arm - * assembly. Choosing the correct code path depends on the target, the compiler, + * assembly. Choosing the correct codepath depends on the target, the compiler, * and the optimisation level. * * Note, gcc -O0 by default uses r7 for the frame pointer, so it complains about @@ -672,7 +672,7 @@ */ #if defined(__thumb__) && !defined(__thumb2__) // Thumb 1 (not Thumb 2) ISA - // Only supported by gcc, when optimisation is enabled; only option A works + // Only supported by gcc, when optimisation is enabled; only Thumb 1 codepath works #if defined(__OPTIMIZE__) && !defined(__ARMCC_VERSION) #define ARM_THUMB_1 #endif @@ -680,24 +680,26 @@ #elif defined(__thumb2__) // Thumb 2 ISA #if !defined(__ARMCC_VERSION) && !defined(__OPTIMIZE__) - // gcc -O0: only option B builds + // gcc -O0: only V6+DSP codepath builds #if (__ARM_ARCH >= 6) && defined (__ARM_FEATURE_DSP) && (__ARM_FEATURE_DSP == 1) #define ARM_V6_DSP #endif #else - // gcc with optimisation, or armclang: any option builds + // gcc with optimisation, or armclang: any codepath builds #define ARM_V6_DSP_OR_THUMB_2 #endif #elif defined(__arm__) // Arm ISA - // any option builds. A does not seem to work; B is about 2x faster than C (under emulation). + // any option builds. Thumb 1 codepath does not seem to work. #define ARM_V6_DSP_OR_THUMB_2 #endif /* Arm ISA selection */ #if defined(ARM_V6_DSP_OR_THUMB_2) -// Prefer B, if we have the right features for it +// Prefer V6+DSP codepath, if we have the right features for it; otherwise +// fall back to generic Thumb 2 / Arm codepath +// V6+DSP codepath is about 2x faster than Thumb 2 (under emulation). #if (__ARM_ARCH >= 6) && defined (__ARM_FEATURE_DSP) && (__ARM_FEATURE_DSP == 1) #define ARM_V6_DSP #else From 449803abffdaa3181d65d5f86fae16fddb504cdc Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Thu, 25 May 2023 09:37:05 +0200 Subject: [PATCH 152/328] pkwrite: remove unnecessary code duplication Signed-off-by: Valerio Setti --- library/pkwrite.c | 6 ------ 1 file changed, 6 deletions(-) diff --git a/library/pkwrite.c b/library/pkwrite.c index 8df63946ce..d6848151c1 100644 --- a/library/pkwrite.c +++ b/library/pkwrite.c @@ -404,15 +404,9 @@ static int pk_write_ec_rfc8410_der(unsigned char **p, unsigned char *buf, grp_id = mbedtls_pk_get_group_id(pk); /* privateKeyAlgorithm */ -#if defined(MBEDTLS_PK_USE_PSA_EC_DATA) if ((ret = mbedtls_oid_get_oid_by_ec_grp_algid(grp_id, &oid, &oid_len)) != 0) { return ret; } -#else /* MBEDTLS_PK_USE_PSA_EC_DATA */ - if ((ret = mbedtls_oid_get_oid_by_ec_grp_algid(grp_id, &oid, &oid_len)) != 0) { - return ret; - } -#endif /* MBEDTLS_PK_USE_PSA_EC_DATA */ MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_algorithm_identifier_ext(p, buf, oid, oid_len, 0, 0)); From 23bd53239d4d07cd416d47a896357e8b37d54bbc Mon Sep 17 00:00:00 2001 From: Yanray Wang Date: Wed, 24 May 2023 11:03:59 +0800 Subject: [PATCH 153/328] code_size_compare.py: add --arch and detection of host arch Signed-off-by: Yanray Wang --- scripts/code_size_compare.py | 30 ++++++++++++++++++++++++++++++ 1 file changed, 30 insertions(+) diff --git a/scripts/code_size_compare.py b/scripts/code_size_compare.py index af6ddd4fcb..fbc0dc171b 100755 --- a/scripts/code_size_compare.py +++ b/scripts/code_size_compare.py @@ -29,9 +29,32 @@ import argparse import os import subprocess import sys +from enum import Enum from mbedtls_dev import build_tree +class SupportedArch(Enum): + """Supported architecture for code size measurement.""" + AARCH64 = 'aarch64' + AARCH32 = 'aarch32' + X86_64 = 'x86_64' + X86 = 'x86' + +DETECT_ARCH_CMD = "cc -dM -E - < /dev/null" +def detect_arch() -> str: + """Auto-detect host architecture.""" + cc_output = subprocess.check_output(DETECT_ARCH_CMD, shell=True).decode() + if "__aarch64__" in cc_output: + return SupportedArch.AARCH64.value + if "__arm__" in cc_output: + return SupportedArch.AARCH32.value + if "__x86_64__" in cc_output: + return SupportedArch.X86_64.value + if "__x86__" in cc_output: + return SupportedArch.X86.value + else: + print("Unknown host architecture, cannot auto-detect arch.") + sys.exit(1) class CodeSizeComparison: """Compare code size between two Git revisions.""" @@ -199,6 +222,12 @@ def main(): help="new revision for comparison, default is the current work \ directory, including uncommitted changes." ) + parser.add_argument( + "-a", "--arch", type=str, default=detect_arch(), + choices=list(map(lambda s: s.value, SupportedArch)), + help="specify architecture for code size comparison, default is the\ + host architecture." + ) comp_args = parser.parse_args() if os.path.isfile(comp_args.result_dir): @@ -214,6 +243,7 @@ def main(): else: new_revision = "current" + print("Measure code size for architecture: {}".format(comp_args.arch)) result_dir = comp_args.result_dir size_compare = CodeSizeComparison(old_revision, new_revision, result_dir) return_code = size_compare.get_comparision_results() From 6a86258eab384700dbdc67c80809339083077028 Mon Sep 17 00:00:00 2001 From: Yanray Wang Date: Wed, 24 May 2023 12:24:38 +0800 Subject: [PATCH 154/328] code_size_compare.py: support measurement of tfm-medium Signed-off-by: Yanray Wang --- scripts/code_size_compare.py | 66 ++++++++++++++++++++++++++++++++---- 1 file changed, 59 insertions(+), 7 deletions(-) diff --git a/scripts/code_size_compare.py b/scripts/code_size_compare.py index fbc0dc171b..5b93b1a30f 100755 --- a/scripts/code_size_compare.py +++ b/scripts/code_size_compare.py @@ -40,6 +40,13 @@ class SupportedArch(Enum): X86_64 = 'x86_64' X86 = 'x86' +CONFIG_TFM_MEDIUM_MBEDCRYPTO_H = "../configs/tfm_mbedcrypto_config_profile_medium.h" +CONFIG_TFM_MEDIUM_PSA_CRYPTO_H = "../configs/crypto_config_profile_medium.h" +class SupportedConfig(Enum): + """Supported configuration for code size measurement.""" + DEFAULT = 'default' + TFM_MEDIUM = 'tfm-medium' + DETECT_ARCH_CMD = "cc -dM -E - < /dev/null" def detect_arch() -> str: """Auto-detect host architecture.""" @@ -56,14 +63,50 @@ def detect_arch() -> str: print("Unknown host architecture, cannot auto-detect arch.") sys.exit(1) +class CodeSizeInfo: # pylint: disable=too-few-public-methods + """Gather information used to measure code size. + + It collects information about architecture, configuration in order to + infer build command for code size measurement. + """ + + def __init__(self, arch: str, config: str) -> None: + """ + arch: architecture to measure code size on. + config: configuration type to measure code size with. + make_command: command to build library (Inferred from arch and config). + """ + self.arch = arch + self.config = config + self.make_command = self.set_make_command() + + def set_make_command(self) -> str: + """Infer build command based on architecture and configuration.""" + + if self.config == SupportedConfig.DEFAULT.value: + return 'make -j lib CFLAGS=\'-Os \' ' + elif self.arch == SupportedArch.AARCH32.value and \ + self.config == SupportedConfig.TFM_MEDIUM.value: + return \ + 'make -j lib CC=/usr/local/ArmCompilerforEmbedded6.19/bin/armclang \ + CFLAGS=\'--target=arm-arm-none-eabi -mcpu=cortex-m33 -Os \ + -DMBEDTLS_CONFIG_FILE=\\\"' + CONFIG_TFM_MEDIUM_MBEDCRYPTO_H + '\\\" \ + -DMBEDTLS_PSA_CRYPTO_CONFIG_FILE=\\\"' + CONFIG_TFM_MEDIUM_PSA_CRYPTO_H + '\\\" \'' + else: + print("Unsupported architecture: {} and configurations: {}" + .format(self.arch, self.config)) + sys.exit(1) + + class CodeSizeComparison: """Compare code size between two Git revisions.""" - def __init__(self, old_revision, new_revision, result_dir): + def __init__(self, old_revision, new_revision, result_dir, code_size_info): """ - old_revision: revision to compare against + old_revision: revision to compare against. new_revision: - result_dir: directory for comparison result + result_dir: directory for comparison result. + code_size_info: an object containing information to build library. """ self.repo_path = "." self.result_dir = os.path.abspath(result_dir) @@ -75,7 +118,7 @@ class CodeSizeComparison: self.old_rev = old_revision self.new_rev = new_revision self.git_command = "git" - self.make_command = "make" + self.make_command = code_size_info.make_command @staticmethod def validate_revision(revision): @@ -105,7 +148,7 @@ class CodeSizeComparison: my_environment = os.environ.copy() subprocess.check_output( - [self.make_command, "-j", "lib"], env=my_environment, + self.make_command, env=my_environment, shell=True, cwd=git_worktree_path, stderr=subprocess.STDOUT, ) @@ -228,6 +271,12 @@ def main(): help="specify architecture for code size comparison, default is the\ host architecture." ) + parser.add_argument( + "-c", "--config", type=str, default=SupportedConfig.DEFAULT.value, + choices=list(map(lambda s: s.value, SupportedConfig)), + help="specify configuration type for code size comparison,\ + default is the current MbedTLS configuration." + ) comp_args = parser.parse_args() if os.path.isfile(comp_args.result_dir): @@ -243,9 +292,12 @@ def main(): else: new_revision = "current" - print("Measure code size for architecture: {}".format(comp_args.arch)) + print("Measure code size for architecture: {}, configuration: {}" + .format(comp_args.arch, comp_args.config)) + code_size_info = CodeSizeInfo(comp_args.arch, comp_args.config) result_dir = comp_args.result_dir - size_compare = CodeSizeComparison(old_revision, new_revision, result_dir) + size_compare = CodeSizeComparison(old_revision, new_revision, result_dir, + code_size_info) return_code = size_compare.get_comparision_results() sys.exit(return_code) From 41a0aad78dddcb43813f5cdea61ee6b8bbc51433 Mon Sep 17 00:00:00 2001 From: Aditya Deshpande Date: Thu, 13 Apr 2023 16:32:21 +0100 Subject: [PATCH 155/328] code_size_compare.py: clean up worktree in errors of subprocess With this change, the program cleans up worktree in errors of execution of subprocess.checkout. Additionally, the error log is printed out for users. Signed-off-by: Aditya Deshpande Signed-off-by: Yanray Wang --- scripts/code_size_compare.py | 26 ++++++++++++++++++++++---- 1 file changed, 22 insertions(+), 4 deletions(-) diff --git a/scripts/code_size_compare.py b/scripts/code_size_compare.py index 5b93b1a30f..0145349ae3 100755 --- a/scripts/code_size_compare.py +++ b/scripts/code_size_compare.py @@ -141,16 +141,20 @@ class CodeSizeComparison: git_worktree_path, revision], cwd=self.repo_path, stderr=subprocess.STDOUT ) + return git_worktree_path def _build_libraries(self, git_worktree_path): """Build libraries in the specified worktree.""" my_environment = os.environ.copy() - subprocess.check_output( - self.make_command, env=my_environment, shell=True, - cwd=git_worktree_path, stderr=subprocess.STDOUT, - ) + try: + subprocess.check_output( + self.make_command, env=my_environment, shell=True, + cwd=git_worktree_path, stderr=subprocess.STDOUT, + ) + except subprocess.CalledProcessError as e: + self._handle_called_process_error(e, git_worktree_path) def _gen_code_size_csv(self, revision, git_worktree_path): """Generate code size csv file.""" @@ -241,6 +245,20 @@ class CodeSizeComparison: self._get_code_size_for_rev(self.new_rev) return self.compare_code_size() + def _handle_called_process_error(self, e: subprocess.CalledProcessError, + git_worktree_path): + """Handle a CalledProcessError and quit the program gracefully. + Remove any extra worktrees so that the script may be called again.""" + + # Tell the user what went wrong + print("The following command: {} failed and exited with code {}" + .format(e.cmd, e.returncode)) + print("Process output:\n {}".format(str(e.output, "utf-8"))) + + # Quit gracefully by removing the existing worktree + self._remove_worktree(git_worktree_path) + sys.exit(-1) + def main(): parser = argparse.ArgumentParser( description=( From 369cd9617689bd56c0159f2b5b7b62575d9c1423 Mon Sep 17 00:00:00 2001 From: Yanray Wang Date: Wed, 24 May 2023 17:13:29 +0800 Subject: [PATCH 156/328] code_size_compare.py: add suffix to code size report This commit adds suffix of architecture and configuration to the file of code size record and comparison result. Signed-off-by: Yanray Wang --- scripts/code_size_compare.py | 18 ++++++++++++------ 1 file changed, 12 insertions(+), 6 deletions(-) diff --git a/scripts/code_size_compare.py b/scripts/code_size_compare.py index 0145349ae3..b0d72e4adf 100755 --- a/scripts/code_size_compare.py +++ b/scripts/code_size_compare.py @@ -119,6 +119,8 @@ class CodeSizeComparison: self.new_rev = new_revision self.git_command = "git" self.make_command = code_size_info.make_command + self.fname_suffix = "-" + code_size_info.arch + "-" +\ + code_size_info.config @staticmethod def validate_revision(revision): @@ -159,7 +161,7 @@ class CodeSizeComparison: def _gen_code_size_csv(self, revision, git_worktree_path): """Generate code size csv file.""" - csv_fname = revision + ".csv" + csv_fname = revision + self.fname_suffix + ".csv" if revision == "current": print("Measuring code size in current work directory.") else: @@ -187,7 +189,7 @@ class CodeSizeComparison: """Generate code size csv file for the specified git revision.""" # Check if the corresponding record exists - csv_fname = revision + ".csv" + csv_fname = revision + self.fname_suffix + ".csv" if (revision != "current") and \ os.path.exists(os.path.join(self.csv_dir, csv_fname)): print("Code size csv file for", revision, "already exists.") @@ -202,10 +204,14 @@ class CodeSizeComparison: old and new. Measured code size results of these two revisions must be available.""" - old_file = open(os.path.join(self.csv_dir, self.old_rev + ".csv"), "r") - new_file = open(os.path.join(self.csv_dir, self.new_rev + ".csv"), "r") - res_file = open(os.path.join(self.result_dir, "compare-" + self.old_rev - + "-" + self.new_rev + ".csv"), "w") + old_file = open(os.path.join(self.csv_dir, self.old_rev + + self.fname_suffix + ".csv"), "r") + new_file = open(os.path.join(self.csv_dir, self.new_rev + + self.fname_suffix + ".csv"), "r") + res_file = open(os.path.join(self.result_dir, "compare-" + + self.old_rev + "-" + self.new_rev + + self.fname_suffix + + ".csv"), "w") res_file.write("file_name, this_size, old_size, change, change %\n") print("Generating comparison results.") From a3841ab2996cc683aa9d1916f896379b256ed148 Mon Sep 17 00:00:00 2001 From: Yanray Wang Date: Wed, 24 May 2023 18:33:08 +0800 Subject: [PATCH 157/328] code_size_compare.py: add missing aes.o in code size comparison Signed-off-by: Yanray Wang --- scripts/code_size_compare.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/scripts/code_size_compare.py b/scripts/code_size_compare.py index b0d72e4adf..afc2c590f0 100755 --- a/scripts/code_size_compare.py +++ b/scripts/code_size_compare.py @@ -217,7 +217,7 @@ class CodeSizeComparison: print("Generating comparison results.") old_ds = {} - for line in old_file.readlines()[1:]: + for line in old_file.readlines(): cols = line.split(", ") fname = cols[0] size = int(cols[1]) @@ -225,7 +225,7 @@ class CodeSizeComparison: old_ds[fname] = size new_ds = {} - for line in new_file.readlines()[1:]: + for line in new_file.readlines(): cols = line.split(", ") fname = cols[0] size = int(cols[1]) From 7d6ec95517d3ca56b93c1503924ffde9298df410 Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Thu, 25 May 2023 09:41:42 +0100 Subject: [PATCH 158/328] Revert to detecting __GNUCC__ instead of armclang Signed-off-by: Dave Rodgman --- library/bn_mul.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/library/bn_mul.h b/library/bn_mul.h index 51c0a31482..936810e4e6 100644 --- a/library/bn_mul.h +++ b/library/bn_mul.h @@ -673,13 +673,13 @@ #if defined(__thumb__) && !defined(__thumb2__) // Thumb 1 (not Thumb 2) ISA // Only supported by gcc, when optimisation is enabled; only Thumb 1 codepath works - #if defined(__OPTIMIZE__) && !defined(__ARMCC_VERSION) + #if defined(__OPTIMIZE__) && defined(__GNUC__) #define ARM_THUMB_1 #endif #elif defined(__thumb2__) // Thumb 2 ISA - #if !defined(__ARMCC_VERSION) && !defined(__OPTIMIZE__) + #if defined(__GNUC__) && !defined(__OPTIMIZE__) // gcc -O0: only V6+DSP codepath builds #if (__ARM_ARCH >= 6) && defined (__ARM_FEATURE_DSP) && (__ARM_FEATURE_DSP == 1) #define ARM_V6_DSP From 1ae50aebb9811409963dc4ed71e63e03637d6ab7 Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Thu, 25 May 2023 09:46:34 +0100 Subject: [PATCH 159/328] Update Changelog Signed-off-by: Dave Rodgman --- ChangeLog.d/armclang-compile-fix.txt | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/ChangeLog.d/armclang-compile-fix.txt b/ChangeLog.d/armclang-compile-fix.txt index b1f070d433..7ef6a9711f 100644 --- a/ChangeLog.d/armclang-compile-fix.txt +++ b/ChangeLog.d/armclang-compile-fix.txt @@ -1,4 +1,5 @@ Bugfix * Fix armclang compilation error when targetting certain Arm M-class CPUs - (Cortex-M0, Cortex-M0+, Cortex-M1, Cortex-M23, SecurCore SC000). - Fixes #1077. + (Cortex-M0, Cortex-M0+, Cortex-M1, Cortex-M23, SecurCore SC000). Enable + bignum optimisations for most Arm platforms when compiling with -O0, + (previously optimisations were not available in this case). Fixes #1077. From cee166e3f5f073860f2d3787ae905edb7f3a32e2 Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Thu, 25 May 2023 11:00:05 +0100 Subject: [PATCH 160/328] Don't use r7 in generic codepath Signed-off-by: Dave Rodgman --- library/bn_mul.h | 17 +++++------------ 1 file changed, 5 insertions(+), 12 deletions(-) diff --git a/library/bn_mul.h b/library/bn_mul.h index 936810e4e6..c91743ac4d 100644 --- a/library/bn_mul.h +++ b/library/bn_mul.h @@ -679,15 +679,8 @@ #elif defined(__thumb2__) // Thumb 2 ISA - #if defined(__GNUC__) && !defined(__OPTIMIZE__) - // gcc -O0: only V6+DSP codepath builds - #if (__ARM_ARCH >= 6) && defined (__ARM_FEATURE_DSP) && (__ARM_FEATURE_DSP == 1) - #define ARM_V6_DSP - #endif - #else - // gcc with optimisation, or armclang: any codepath builds - #define ARM_V6_DSP_OR_THUMB_2 - #endif + // Any codepath builds. + #define ARM_V6_DSP_OR_THUMB_2 #elif defined(__arm__) // Arm ISA @@ -841,9 +834,9 @@ "mov r5, #0 \n\t" \ "ldr r6, [r1] \n\t" \ "umlal r2, r5, r3, r4 \n\t" \ - "adds r7, r6, r2 \n\t" \ + "adds r4, r6, r2 \n\t" \ "adc r2, r5, #0 \n\t" \ - "str r7, [r1], #4 \n\t" + "str r4, [r1], #4 \n\t" #define MULADDC_X1_STOP \ "str r2, %0 \n\t" \ @@ -852,7 +845,7 @@ : "=m" (c), "=m" (d), "=m" (s) \ : "m" (s), "m" (d), "m" (c), "m" (b) \ : "r0", "r1", "r2", "r3", "r4", "r5", \ - "r6", "r7", "cc" \ + "r6", "cc" \ ); #endif /* Arm */ From b047bf64e2d17535091bbf7c8df368da1db6a8b5 Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Thu, 25 May 2023 11:01:41 +0100 Subject: [PATCH 161/328] Restrict use of r7 in Thumb 1 code Signed-off-by: Dave Rodgman --- library/bn_mul.h | 59 ++++++++++++++++++++++++++++++++---------------- 1 file changed, 39 insertions(+), 20 deletions(-) diff --git a/library/bn_mul.h b/library/bn_mul.h index c91743ac4d..af0adb6ef3 100644 --- a/library/bn_mul.h +++ b/library/bn_mul.h @@ -662,20 +662,11 @@ * There is a fairly complex matrix of supported options for Thumb / Thumb2 / Arm * assembly. Choosing the correct codepath depends on the target, the compiler, * and the optimisation level. - * - * Note, gcc -O0 by default uses r7 for the frame pointer, so it complains about - * our use of r7 below, unless -fomit-frame-pointer is passed. - * - * On the other hand, -fomit-frame-pointer is implied by any -Ox options with - * x !=0, which we can detect using __OPTIMIZE__ (which is also defined by - * clang and armcc5 under the same conditions). */ #if defined(__thumb__) && !defined(__thumb2__) // Thumb 1 (not Thumb 2) ISA // Only supported by gcc, when optimisation is enabled; only Thumb 1 codepath works - #if defined(__OPTIMIZE__) && defined(__GNUC__) #define ARM_THUMB_1 - #endif #elif defined(__thumb2__) // Thumb 2 ISA @@ -702,21 +693,48 @@ #if defined(ARM_THUMB_1) +#if defined(__OPTIMIZE__) && defined(__GNUC__) +/* + * Note, gcc -O0 by default uses r7 for the frame pointer, so it complains about + * our use of r7 below, unless -fomit-frame-pointer is passed. + * + * On the other hand, -fomit-frame-pointer is implied by any -Ox options with + * x !=0, which we can detect using __OPTIMIZE__ (which is also defined by + * clang and armcc5 under the same conditions). + * + * If gcc needs to use r7, we use r1 as a scratch register and have a few extra + * instructions to preserve/restore it; otherwise, we can use r7 and avoid + * the preserve/restore overhead. + */ +#define MULADDC_SCRATCH "RS .req r1 \n\t" +#define MULADDC_PRESERVE_R1 "mov r10, r1 \n\t" +#define MULADDC_RESTORE_R1 "mov r1, r10 \n\t" +#define MULADDC_SCRATCH_CLOBBER "r10" +#else +#define MULADDC_SCRATCH "RS .req r7 \n\t" +#define MULADDC_PRESERVE_R1 "" +#define MULADDC_RESTORE_R1 "" +#define MULADDC_SCRATCH_CLOBBER "r7" +#endif + #define MULADDC_X1_INIT \ asm( \ + MULADDC_SCRATCH \ "ldr r0, %3 \n\t" \ "ldr r1, %4 \n\t" \ "ldr r2, %5 \n\t" \ "ldr r3, %6 \n\t" \ - "lsr r7, r3, #16 \n\t" \ - "mov r9, r7 \n\t" \ - "lsl r7, r3, #16 \n\t" \ - "lsr r7, r7, #16 \n\t" \ - "mov r8, r7 \n\t" + "lsr r4, r3, #16 \n\t" \ + "mov r9, r4 \n\t" \ + "lsl r4, r3, #16 \n\t" \ + "lsr r4, r4, #16 \n\t" \ + "mov r8, r4 \n\t" \ + #define MULADDC_X1_CORE \ + MULADDC_PRESERVE_R1 \ "ldmia r0!, {r6} \n\t" \ - "lsr r7, r6, #16 \n\t" \ + "lsr RS, r6, #16 \n\t" \ "lsl r6, r6, #16 \n\t" \ "lsr r6, r6, #16 \n\t" \ "mov r4, r8 \n\t" \ @@ -724,12 +742,12 @@ "mov r3, r9 \n\t" \ "mul r6, r3 \n\t" \ "mov r5, r9 \n\t" \ - "mul r5, r7 \n\t" \ + "mul r5, RS \n\t" \ "mov r3, r8 \n\t" \ - "mul r7, r3 \n\t" \ + "mul RS, r3 \n\t" \ "lsr r3, r6, #16 \n\t" \ "add r5, r5, r3 \n\t" \ - "lsr r3, r7, #16 \n\t" \ + "lsr r3, RS, #16 \n\t" \ "add r5, r5, r3 \n\t" \ "add r4, r4, r2 \n\t" \ "mov r2, #0 \n\t" \ @@ -737,9 +755,10 @@ "lsl r3, r6, #16 \n\t" \ "add r4, r4, r3 \n\t" \ "adc r5, r2 \n\t" \ - "lsl r3, r7, #16 \n\t" \ + "lsl r3, RS, #16 \n\t" \ "add r4, r4, r3 \n\t" \ "adc r5, r2 \n\t" \ + MULADDC_RESTORE_R1 \ "ldr r3, [r1] \n\t" \ "add r4, r4, r3 \n\t" \ "adc r2, r5 \n\t" \ @@ -752,7 +771,7 @@ : "=m" (c), "=m" (d), "=m" (s) \ : "m" (s), "m" (d), "m" (c), "m" (b) \ : "r0", "r1", "r2", "r3", "r4", "r5", \ - "r6", "r7", "r8", "r9", "cc" \ + "r6", MULADDC_SCRATCH_CLOBBER, "r8", "r9", "cc" \ ); #elif defined(ARM_V6_DSP) From 12b14b2c977c5671690507ed819ea11babf4c59e Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Thu, 25 May 2023 12:53:41 +0100 Subject: [PATCH 162/328] Simplify ifdefs Signed-off-by: Dave Rodgman --- library/bn_mul.h | 53 ++++++++++++++---------------------------------- 1 file changed, 15 insertions(+), 38 deletions(-) diff --git a/library/bn_mul.h b/library/bn_mul.h index af0adb6ef3..2aea1e8410 100644 --- a/library/bn_mul.h +++ b/library/bn_mul.h @@ -658,42 +658,14 @@ #endif /* TriCore */ +#if defined(__arm__) + +#if defined(__thumb__) && !defined(__thumb2__) && !defined(__ARMCC_VERSION) /* - * There is a fairly complex matrix of supported options for Thumb / Thumb2 / Arm - * assembly. Choosing the correct codepath depends on the target, the compiler, - * and the optimisation level. + * Thumb 1 ISA. This code path does not work on armclang. */ -#if defined(__thumb__) && !defined(__thumb2__) // Thumb 1 (not Thumb 2) ISA - // Only supported by gcc, when optimisation is enabled; only Thumb 1 codepath works - #define ARM_THUMB_1 - -#elif defined(__thumb2__) // Thumb 2 ISA - - // Any codepath builds. - #define ARM_V6_DSP_OR_THUMB_2 - -#elif defined(__arm__) // Arm ISA - - // any option builds. Thumb 1 codepath does not seem to work. - #define ARM_V6_DSP_OR_THUMB_2 - -#endif /* Arm ISA selection */ - -#if defined(ARM_V6_DSP_OR_THUMB_2) -// Prefer V6+DSP codepath, if we have the right features for it; otherwise -// fall back to generic Thumb 2 / Arm codepath -// V6+DSP codepath is about 2x faster than Thumb 2 (under emulation). -#if (__ARM_ARCH >= 6) && defined (__ARM_FEATURE_DSP) && (__ARM_FEATURE_DSP == 1) -#define ARM_V6_DSP -#else -#define ARM_THUMB_2 -#endif -#endif /* defined(ARM_V6_DSP_OR_THUMB_2) */ - -#if defined(ARM_THUMB_1) - -#if defined(__OPTIMIZE__) && defined(__GNUC__) +#if !defined(__OPTIMIZE__) && defined(__GNUC__) /* * Note, gcc -O0 by default uses r7 for the frame pointer, so it complains about * our use of r7 below, unless -fomit-frame-pointer is passed. @@ -710,12 +682,12 @@ #define MULADDC_PRESERVE_R1 "mov r10, r1 \n\t" #define MULADDC_RESTORE_R1 "mov r1, r10 \n\t" #define MULADDC_SCRATCH_CLOBBER "r10" -#else +#else /* !defined(__OPTIMIZE__) && defined(__GNUC__) */ #define MULADDC_SCRATCH "RS .req r7 \n\t" #define MULADDC_PRESERVE_R1 "" #define MULADDC_RESTORE_R1 "" #define MULADDC_SCRATCH_CLOBBER "r7" -#endif +#endif /* !defined(__OPTIMIZE__) && defined(__GNUC__) */ #define MULADDC_X1_INIT \ asm( \ @@ -774,7 +746,9 @@ "r6", MULADDC_SCRATCH_CLOBBER, "r8", "r9", "cc" \ ); -#elif defined(ARM_V6_DSP) +#elif (__ARM_ARCH >= 6) && \ + defined (__ARM_FEATURE_DSP) && (__ARM_FEATURE_DSP == 1) +/* Armv6-M with DSP Instruction Set Extensions */ #define MULADDC_X1_INIT \ { \ @@ -839,7 +813,8 @@ ); \ } -#elif defined(ARM_THUMB_2) +#elif defined(__thumb2__) || !defined(__thumb__) +/* Thumb 2 or Arm ISA, without DSP extensions */ #define MULADDC_X1_INIT \ asm( \ @@ -867,7 +842,9 @@ "r6", "cc" \ ); -#endif /* Arm */ +#endif /* ISA codepath selection */ + +#endif /* defined(__arm__) */ #if defined(__alpha__) From 3964fe0f5e6622f68cc9059358b08e1fd7cc4d36 Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Thu, 25 May 2023 18:53:57 +0100 Subject: [PATCH 163/328] Improve ISA detection Signed-off-by: Dave Rodgman --- library/bn_mul.h | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/library/bn_mul.h b/library/bn_mul.h index 2aea1e8410..83b65cd086 100644 --- a/library/bn_mul.h +++ b/library/bn_mul.h @@ -660,7 +660,8 @@ #if defined(__arm__) -#if defined(__thumb__) && !defined(__thumb2__) && !defined(__ARMCC_VERSION) +#if defined(__thumb__) && !defined(__thumb2__) +#if !defined(__ARMCC_VERSION) /* * Thumb 1 ISA. This code path does not work on armclang. */ @@ -745,10 +746,13 @@ : "r0", "r1", "r2", "r3", "r4", "r5", \ "r6", MULADDC_SCRATCH_CLOBBER, "r8", "r9", "cc" \ ); +#endif /* !defined(__ARMCC_VERSION) */ #elif (__ARM_ARCH >= 6) && \ defined (__ARM_FEATURE_DSP) && (__ARM_FEATURE_DSP == 1) -/* Armv6-M with DSP Instruction Set Extensions */ +/* Armv6-M (or later) with DSP Instruction Set Extensions. + * Requires support for either Thumb 2 or Arm ISA. + */ #define MULADDC_X1_INIT \ { \ @@ -813,7 +817,7 @@ ); \ } -#elif defined(__thumb2__) || !defined(__thumb__) +#else /* Thumb 2 or Arm ISA, without DSP extensions */ #define MULADDC_X1_INIT \ From 60430bda37d292d5d7969ec67f8b5727f30a13a0 Mon Sep 17 00:00:00 2001 From: Yanray Wang Date: Mon, 29 May 2023 14:48:18 +0800 Subject: [PATCH 164/328] code_size_compare.py: change default path of armclang Signed-off-by: Yanray Wang --- scripts/code_size_compare.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/code_size_compare.py b/scripts/code_size_compare.py index afc2c590f0..86facb964a 100755 --- a/scripts/code_size_compare.py +++ b/scripts/code_size_compare.py @@ -88,7 +88,7 @@ class CodeSizeInfo: # pylint: disable=too-few-public-methods elif self.arch == SupportedArch.AARCH32.value and \ self.config == SupportedConfig.TFM_MEDIUM.value: return \ - 'make -j lib CC=/usr/local/ArmCompilerforEmbedded6.19/bin/armclang \ + 'make -j lib CC=armclang \ CFLAGS=\'--target=arm-arm-none-eabi -mcpu=cortex-m33 -Os \ -DMBEDTLS_CONFIG_FILE=\\\"' + CONFIG_TFM_MEDIUM_MBEDCRYPTO_H + '\\\" \ -DMBEDTLS_PSA_CRYPTO_CONFIG_FILE=\\\"' + CONFIG_TFM_MEDIUM_PSA_CRYPTO_H + '\\\" \'' From da5cf4896e22a68333c70f0e38750320684b3719 Mon Sep 17 00:00:00 2001 From: Xiaokang Qian Date: Mon, 29 May 2023 07:13:50 +0000 Subject: [PATCH 165/328] Add intermediate variable to represent the bytes of big num Signed-off-by: Xiaokang Qian --- tests/suites/test_suite_ecp.function | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/tests/suites/test_suite_ecp.function b/tests/suites/test_suite_ecp.function index 2e2605bfd5..d1d7644b7d 100644 --- a/tests/suites/test_suite_ecp.function +++ b/tests/suites/test_suite_ecp.function @@ -1568,6 +1568,7 @@ exit: void ecp_mod_read_write(char *input_A, int id, int ctype) { size_t limbs; + size_t bytes; mbedtls_mpi_mod_modulus m; mbedtls_mpi_mod_residue rA; // For input mbedtls_mpi_mod_residue rX; // For read back @@ -1588,17 +1589,18 @@ void ecp_mod_read_write(char *input_A, int id, int ctype) ASSERT_ALLOC(rX_raw, limbs); TEST_EQUAL(0, mbedtls_mpi_mod_residue_setup(&rX, &m, rX_raw, limbs)); + bytes = limbs * ciL; ASSERT_ALLOC(bufx, limbs); TEST_EQUAL(0, mbedtls_mpi_mod_write(&rA, &m, (unsigned char *) bufx, - limbs * ciL, + bytes, MBEDTLS_MPI_MOD_EXT_REP_LE)); TEST_EQUAL(0, mbedtls_mpi_mod_read(&rX, &m, (unsigned char *) bufx, - limbs * ciL, + bytes, MBEDTLS_MPI_MOD_EXT_REP_LE)); - TEST_EQUAL(rA.limbs, rX.limbs); - ASSERT_COMPARE(rA.p, rA.limbs * ciL, rX.p, rA.limbs * ciL); + TEST_EQUAL(limbs, rX.limbs); + ASSERT_COMPARE(rA.p, bytes, rX.p, bytes); exit: mbedtls_mpi_mod_modulus_free(&m); From 254f94bb43d916e21ea08011f436cd3b1a9c9016 Mon Sep 17 00:00:00 2001 From: Xiaokang Qian Date: Mon, 29 May 2023 07:46:40 +0000 Subject: [PATCH 166/328] Add test code for big endian write/read Signed-off-by: Xiaokang Qian --- tests/suites/test_suite_ecp.function | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/tests/suites/test_suite_ecp.function b/tests/suites/test_suite_ecp.function index d1d7644b7d..e5ec3737a6 100644 --- a/tests/suites/test_suite_ecp.function +++ b/tests/suites/test_suite_ecp.function @@ -1591,6 +1591,9 @@ void ecp_mod_read_write(char *input_A, int id, int ctype) bytes = limbs * ciL; ASSERT_ALLOC(bufx, limbs); + /* Write source mod residue to a buffer, then read it back to + * the destination mod residue, compare the two mod residues. + * Firstly test little endian write and read */ TEST_EQUAL(0, mbedtls_mpi_mod_write(&rA, &m, (unsigned char *) bufx, bytes, MBEDTLS_MPI_MOD_EXT_REP_LE)); @@ -1602,6 +1605,20 @@ void ecp_mod_read_write(char *input_A, int id, int ctype) TEST_EQUAL(limbs, rX.limbs); ASSERT_COMPARE(rA.p, bytes, rX.p, bytes); + memset(bufx, 0x00, bytes); + memset(rX_raw, 0x00, bytes); + /* Then test big endian write and read */ + TEST_EQUAL(0, mbedtls_mpi_mod_write(&rA, &m, (unsigned char *) bufx, + bytes, + MBEDTLS_MPI_MOD_EXT_REP_BE)); + + TEST_EQUAL(0, mbedtls_mpi_mod_read(&rX, &m, (unsigned char *) bufx, + bytes, + MBEDTLS_MPI_MOD_EXT_REP_BE)); + + TEST_EQUAL(limbs, rX.limbs); + ASSERT_COMPARE(rA.p, bytes, rX.p, bytes); + exit: mbedtls_mpi_mod_modulus_free(&m); mbedtls_mpi_mod_residue_release(&rA); From aba7158a6ff77556f483e224d32cb354172e39f5 Mon Sep 17 00:00:00 2001 From: Yanray Wang Date: Mon, 29 May 2023 16:45:56 +0800 Subject: [PATCH 167/328] code_size_compare.py: add armv8-m option for arch Signed-off-by: Yanray Wang --- scripts/code_size_compare.py | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/scripts/code_size_compare.py b/scripts/code_size_compare.py index 86facb964a..e61236ad3c 100755 --- a/scripts/code_size_compare.py +++ b/scripts/code_size_compare.py @@ -37,6 +37,7 @@ class SupportedArch(Enum): """Supported architecture for code size measurement.""" AARCH64 = 'aarch64' AARCH32 = 'aarch32' + ARMV8_M = 'armv8-m' X86_64 = 'x86_64' X86 = 'x86' @@ -85,7 +86,7 @@ class CodeSizeInfo: # pylint: disable=too-few-public-methods if self.config == SupportedConfig.DEFAULT.value: return 'make -j lib CFLAGS=\'-Os \' ' - elif self.arch == SupportedArch.AARCH32.value and \ + elif self.arch == SupportedArch.ARMV8_M.value and \ self.config == SupportedConfig.TFM_MEDIUM.value: return \ 'make -j lib CC=armclang \ @@ -316,9 +317,9 @@ def main(): else: new_revision = "current" - print("Measure code size for architecture: {}, configuration: {}" - .format(comp_args.arch, comp_args.config)) code_size_info = CodeSizeInfo(comp_args.arch, comp_args.config) + print("Measure code size for architecture: {}, configuration: {}" + .format(code_size_info.arch, code_size_info.config)) result_dir = comp_args.result_dir size_compare = CodeSizeComparison(old_revision, new_revision, result_dir, code_size_info) From 2d412c6b24e9f5a59d99e5ce028df108767f1171 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Mon, 29 May 2023 17:28:40 +0800 Subject: [PATCH 168/328] change path of mbedtls_x509_crl_info input data - Copy data_files/crl_expired.pem->data_files/parse_input/crl_expired.pem - Move data_files/crl_md5.pem->data_files/parse_input/crl_md5.pem - Move data_files/crl_sha1.pem->data_files/parse_input/crl_sha1.pem - Move data_files/crl_sha224.pem->data_files/parse_input/crl_sha224.pem - Copy data_files/crl_sha256.pem->data_files/parse_input/crl_sha256.pem - Move data_files/crl_sha384.pem->data_files/parse_input/crl_sha384.pem - Move data_files/crl_sha512.pem->data_files/parse_input/crl_sha512.pem - Copy data_files/crl-rsa-pss-sha1.pem->data_files/parse_input/crl-rsa-pss-sha1.pem - Copy data_files/crl-rsa-pss-sha224.pem->data_files/parse_input/crl-rsa-pss-sha224.pem - Copy data_files/crl-rsa-pss-sha256.pem->data_files/parse_input/crl-rsa-pss-sha256.pem - Copy data_files/crl-rsa-pss-sha384.pem->data_files/parse_input/crl-rsa-pss-sha384.pem - Copy data_files/crl-rsa-pss-sha512.pem->data_files/parse_input/crl-rsa-pss-sha512.pem - Copy data_files/crl-ec-sha1.pem->data_files/parse_input/crl-ec-sha1.pem - Move data_files/crl-ec-sha224.pem->data_files/parse_input/crl-ec-sha224.pem - Copy data_files/crl-ec-sha256.pem->data_files/parse_input/crl-ec-sha256.pem - Move data_files/crl-ec-sha384.pem->data_files/parse_input/crl-ec-sha384.pem - Move data_files/crl-ec-sha512.pem->data_files/parse_input/crl-ec-sha512.pem Signed-off-by: Jerry Yu --- tests/data_files/parse_input/crl-ec-sha1.pem | 10 ++++++ .../{ => parse_input}/crl-ec-sha224.pem | 0 .../data_files/parse_input/crl-ec-sha256.pem | 10 ++++++ .../{ => parse_input}/crl-ec-sha384.pem | 0 .../{ => parse_input}/crl-ec-sha512.pem | 0 .../parse_input/crl-rsa-pss-sha1.pem | 14 ++++++++ .../parse_input/crl-rsa-pss-sha224.pem | 16 +++++++++ .../parse_input/crl-rsa-pss-sha256.pem | 16 +++++++++ .../parse_input/crl-rsa-pss-sha384.pem | 16 +++++++++ .../parse_input/crl-rsa-pss-sha512.pem | 16 +++++++++ tests/data_files/parse_input/crl_expired.pem | 11 ++++++ .../data_files/{ => parse_input}/crl_md5.pem | 0 .../data_files/{ => parse_input}/crl_sha1.pem | 0 .../{ => parse_input}/crl_sha224.pem | 0 tests/data_files/parse_input/crl_sha256.pem | 11 ++++++ .../{ => parse_input}/crl_sha384.pem | 0 .../{ => parse_input}/crl_sha512.pem | 0 tests/suites/test_suite_x509parse.data | 34 +++++++++---------- 18 files changed, 137 insertions(+), 17 deletions(-) create mode 100644 tests/data_files/parse_input/crl-ec-sha1.pem rename tests/data_files/{ => parse_input}/crl-ec-sha224.pem (100%) create mode 100644 tests/data_files/parse_input/crl-ec-sha256.pem rename tests/data_files/{ => parse_input}/crl-ec-sha384.pem (100%) rename tests/data_files/{ => parse_input}/crl-ec-sha512.pem (100%) create mode 100644 tests/data_files/parse_input/crl-rsa-pss-sha1.pem create mode 100644 tests/data_files/parse_input/crl-rsa-pss-sha224.pem create mode 100644 tests/data_files/parse_input/crl-rsa-pss-sha256.pem create mode 100644 tests/data_files/parse_input/crl-rsa-pss-sha384.pem create mode 100644 tests/data_files/parse_input/crl-rsa-pss-sha512.pem create mode 100644 tests/data_files/parse_input/crl_expired.pem rename tests/data_files/{ => parse_input}/crl_md5.pem (100%) rename tests/data_files/{ => parse_input}/crl_sha1.pem (100%) rename tests/data_files/{ => parse_input}/crl_sha224.pem (100%) create mode 100644 tests/data_files/parse_input/crl_sha256.pem rename tests/data_files/{ => parse_input}/crl_sha384.pem (100%) rename tests/data_files/{ => parse_input}/crl_sha512.pem (100%) diff --git a/tests/data_files/parse_input/crl-ec-sha1.pem b/tests/data_files/parse_input/crl-ec-sha1.pem new file mode 100644 index 0000000000..8358640a0d --- /dev/null +++ b/tests/data_files/parse_input/crl-ec-sha1.pem @@ -0,0 +1,10 @@ +-----BEGIN X509 CRL----- +MIIBbzCB9gIBATAJBgcqhkjOPQQBMD4xCzAJBgNVBAYTAk5MMREwDwYDVQQKEwhQ +b2xhclNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBFQyBDQRcNMTMwOTI0MTYz +MTA4WhcNMjMwOTIyMTYzMTA4WjAUMBICAQoXDTEzMDkyNDE2MjgzOFqgcjBwMG4G +A1UdIwRnMGWAFJ1tICRJAT8ry3i1Gbx+JMnb+zZ8oUKkQDA+MQswCQYDVQQGEwJO +TDERMA8GA1UEChMIUG9sYXJTU0wxHDAaBgNVBAMTE1BvbGFyc3NsIFRlc3QgRUMg +Q0GCCQDBQ+J+YkPM6DAJBgcqhkjOPQQBA2kAMGYCMQDVG95rrSSl4dJgbJ5vR1GW +svEuEsAh35EhF1WrcadMuCeMQVX9cUPupFfQUpHyMfoCMQCKf0yv8pN9BAoi3FVm +56meWPhUekgLKKMAobt2oJJY6feuiFU2YFGs1aF0rV6Bj+U= +-----END X509 CRL----- diff --git a/tests/data_files/crl-ec-sha224.pem b/tests/data_files/parse_input/crl-ec-sha224.pem similarity index 100% rename from tests/data_files/crl-ec-sha224.pem rename to tests/data_files/parse_input/crl-ec-sha224.pem diff --git a/tests/data_files/parse_input/crl-ec-sha256.pem b/tests/data_files/parse_input/crl-ec-sha256.pem new file mode 100644 index 0000000000..adfd5f8937 --- /dev/null +++ b/tests/data_files/parse_input/crl-ec-sha256.pem @@ -0,0 +1,10 @@ +-----BEGIN X509 CRL----- +MIIBcTCB9wIBATAKBggqhkjOPQQDAjA+MQswCQYDVQQGEwJOTDERMA8GA1UEChMI +UG9sYXJTU0wxHDAaBgNVBAMTE1BvbGFyc3NsIFRlc3QgRUMgQ0EXDTEzMDkyNDE2 +MzEwOFoXDTIzMDkyMjE2MzEwOFowFDASAgEKFw0xMzA5MjQxNjI4MzhaoHIwcDBu +BgNVHSMEZzBlgBSdbSAkSQE/K8t4tRm8fiTJ2/s2fKFCpEAwPjELMAkGA1UEBhMC +TkwxETAPBgNVBAoTCFBvbGFyU1NMMRwwGgYDVQQDExNQb2xhcnNzbCBUZXN0IEVD +IENBggkAwUPifmJDzOgwCgYIKoZIzj0EAwIDaQAwZgIxAKuQ684s7gyhtxKJr6Ln +S2BQ02f1jjPHrZVdXaZvm3C5tGi2cKkoK1aMiyC3LsRCuAIxAIMhj0TmcuIZr5fX +g5RByD7zUnZBpoEAdgxFy4JPJ2IViWOPekSGh8b/JY1VNS6Zbw== +-----END X509 CRL----- diff --git a/tests/data_files/crl-ec-sha384.pem b/tests/data_files/parse_input/crl-ec-sha384.pem similarity index 100% rename from tests/data_files/crl-ec-sha384.pem rename to tests/data_files/parse_input/crl-ec-sha384.pem diff --git a/tests/data_files/crl-ec-sha512.pem b/tests/data_files/parse_input/crl-ec-sha512.pem similarity index 100% rename from tests/data_files/crl-ec-sha512.pem rename to tests/data_files/parse_input/crl-ec-sha512.pem diff --git a/tests/data_files/parse_input/crl-rsa-pss-sha1.pem b/tests/data_files/parse_input/crl-rsa-pss-sha1.pem new file mode 100644 index 0000000000..59ca4f703e --- /dev/null +++ b/tests/data_files/parse_input/crl-rsa-pss-sha1.pem @@ -0,0 +1,14 @@ +-----BEGIN X509 CRL----- +MIICJDCCAQYCAQEwEwYJKoZIhvcNAQEKMAaiBAICAOowOzELMAkGA1UEBhMCTkwx +ETAPBgNVBAoTCFBvbGFyU1NMMRkwFwYDVQQDExBQb2xhclNTTCBUZXN0IENBFw0x +NDAxMjAxMzQ2MzVaFw0yNDAxMTgxMzQ2MzVaMCgwEgIBChcNMTMwOTI0MTYyODM4 +WjASAgEWFw0xNDAxMjAxMzQzMDVaoGcwZTBjBgNVHSMEXDBagBS0WuSls97SUva5 +1aaVD+s+vMf9/6E/pD0wOzELMAkGA1UEBhMCTkwxETAPBgNVBAoTCFBvbGFyU1NM +MRkwFwYDVQQDExBQb2xhclNTTCBUZXN0IENBggEAMBMGCSqGSIb3DQEBCjAGogQC +AgDqA4IBAQB8ZBX0BEgRcx0lfk1ctELRu1AYoJ5BnsmQpq23Ca4YIP2yb2kTN1ZS +4fR4SgYcNctgo2JJiNiUkCu1ZnRUOJUy8UlEio0+aeumTNz6CbeJEDhr5NC3oiV0 +MzvLn9rJVLPetOT9UrvvIy8iz5Pn1d8mu5rkt9BKQRq9NQx8riKnSIoTc91NLCMo +mkCCB55DVbazODSWK19e6yQ0JS454RglOsqRtLJ/EDbi6lCsLXotFt3GEGMrob1O +7Qck1Z59boaHxGYFEVnx90+4M3/qikVtwZdcBjLEmfuwYvszFw8J2y6Xwmg/HtUa +y6li0JzWNHtkKUlCv2+SESZbD3NU8GQZ +-----END X509 CRL----- diff --git a/tests/data_files/parse_input/crl-rsa-pss-sha224.pem b/tests/data_files/parse_input/crl-rsa-pss-sha224.pem new file mode 100644 index 0000000000..a51d5d9113 --- /dev/null +++ b/tests/data_files/parse_input/crl-rsa-pss-sha224.pem @@ -0,0 +1,16 @@ +-----BEGIN X509 CRL----- +MIICejCCATECAQEwPgYJKoZIhvcNAQEKMDGgDTALBglghkgBZQMEAgShGjAYBgkq +hkiG9w0BAQgwCwYJYIZIAWUDBAIEogQCAgDiMDsxCzAJBgNVBAYTAk5MMREwDwYD +VQQKEwhQb2xhclNTTDEZMBcGA1UEAxMQUG9sYXJTU0wgVGVzdCBDQRcNMTQwMTIw +MTM1NjA2WhcNMjQwMTE4MTM1NjA2WjAoMBICAQoXDTEzMDkyNDE2MjgzOFowEgIB +FhcNMTQwMTIwMTM0MzA1WqBnMGUwYwYDVR0jBFwwWoAUtFrkpbPe0lL2udWmlQ/r +PrzH/f+hP6Q9MDsxCzAJBgNVBAYTAk5MMREwDwYDVQQKEwhQb2xhclNTTDEZMBcG +A1UEAxMQUG9sYXJTU0wgVGVzdCBDQYIBADA+BgkqhkiG9w0BAQowMaANMAsGCWCG +SAFlAwQCBKEaMBgGCSqGSIb3DQEBCDALBglghkgBZQMEAgSiBAICAOIDggEBAEJI +i9sQOzMvvOTksN48+X+kk/wkLMKRGI222lqU6y6tP1LX3OE/+KN8gPXR+lCC+e0v +TsRTJkpKEcmHZoP/8kOtZnLb9PdITKGMQnZ+dmn5MFEzZI/zyrYWuJTuK1Q83w0e +Mc88cAhu8i4PTk/WnsWDphK1Q2YRupmmwWSUpp1Z2rpR+YSCedC01TVrtSUJUBw9 +NSqKDhyWYJIbS6/bFaERswC8xlMRhyLHUvikjmAK36TbIdhTnEffHOPW75sEOEEB +f0A3VtlZ7y5yt2/a6vOauJCivxKt/PutdHfBqH43QQmoVLWC2FmT9ADTJwcsZB3D +a6JSqCIMRCQY2JOUn0A= +-----END X509 CRL----- diff --git a/tests/data_files/parse_input/crl-rsa-pss-sha256.pem b/tests/data_files/parse_input/crl-rsa-pss-sha256.pem new file mode 100644 index 0000000000..f16a49118e --- /dev/null +++ b/tests/data_files/parse_input/crl-rsa-pss-sha256.pem @@ -0,0 +1,16 @@ +-----BEGIN X509 CRL----- +MIICejCCATECAQEwPgYJKoZIhvcNAQEKMDGgDTALBglghkgBZQMEAgGhGjAYBgkq +hkiG9w0BAQgwCwYJYIZIAWUDBAIBogQCAgDeMDsxCzAJBgNVBAYTAk5MMREwDwYD +VQQKEwhQb2xhclNTTDEZMBcGA1UEAxMQUG9sYXJTU0wgVGVzdCBDQRcNMTQwMTIw +MTM1NjE2WhcNMjQwMTE4MTM1NjE2WjAoMBICAQoXDTEzMDkyNDE2MjgzOFowEgIB +FhcNMTQwMTIwMTM0MzA1WqBnMGUwYwYDVR0jBFwwWoAUtFrkpbPe0lL2udWmlQ/r +PrzH/f+hP6Q9MDsxCzAJBgNVBAYTAk5MMREwDwYDVQQKEwhQb2xhclNTTDEZMBcG +A1UEAxMQUG9sYXJTU0wgVGVzdCBDQYIBADA+BgkqhkiG9w0BAQowMaANMAsGCWCG +SAFlAwQCAaEaMBgGCSqGSIb3DQEBCDALBglghkgBZQMEAgGiBAICAN4DggEBAEZ4 +oqp9i5eXrN6aCSTaU1j07MVTFW/U1jQAq6GseB6bEvoEXFMUHJsgAObqCK9flfEC +FEqXqWSo33hhPU7AKKttbDLjUYRNnQAPRUnRIl1/a1+UjqgKchWWD9ityeW8ICxo +IdATX9reYmPDLIMqTC7zuflYkvrvdEOuBORQP5mn4j8t84MSQF/p4qzaU0XxLo4X +ckzZCcHpa45AApCDjJMd9onhFVCYsykiYrF9NQFO8TI4lQ5jv79GoufEzvhY1SPB +r1xz4sMpfyaoPaa3SM2/nD65E5jzXell2u2VWNGKv4zAQP0E5yGel+1rklBltadb +XLdJyyak33CLBKu+nJc= +-----END X509 CRL----- diff --git a/tests/data_files/parse_input/crl-rsa-pss-sha384.pem b/tests/data_files/parse_input/crl-rsa-pss-sha384.pem new file mode 100644 index 0000000000..50f7e4cd24 --- /dev/null +++ b/tests/data_files/parse_input/crl-rsa-pss-sha384.pem @@ -0,0 +1,16 @@ +-----BEGIN X509 CRL----- +MIICejCCATECAQEwPgYJKoZIhvcNAQEKMDGgDTALBglghkgBZQMEAgKhGjAYBgkq +hkiG9w0BAQgwCwYJYIZIAWUDBAICogQCAgDOMDsxCzAJBgNVBAYTAk5MMREwDwYD +VQQKEwhQb2xhclNTTDEZMBcGA1UEAxMQUG9sYXJTU0wgVGVzdCBDQRcNMTQwMTIw +MTM1NjI4WhcNMjQwMTE4MTM1NjI4WjAoMBICAQoXDTEzMDkyNDE2MjgzOFowEgIB +FhcNMTQwMTIwMTM0MzA1WqBnMGUwYwYDVR0jBFwwWoAUtFrkpbPe0lL2udWmlQ/r +PrzH/f+hP6Q9MDsxCzAJBgNVBAYTAk5MMREwDwYDVQQKEwhQb2xhclNTTDEZMBcG +A1UEAxMQUG9sYXJTU0wgVGVzdCBDQYIBADA+BgkqhkiG9w0BAQowMaANMAsGCWCG +SAFlAwQCAqEaMBgGCSqGSIb3DQEBCDALBglghkgBZQMEAgKiBAICAM4DggEBAAco +SntUGDLBOAu0IIZaVea5Nt1NMsMcppC0hWPuH1LKAwyUODBqpT+0+AuALK0eIdYR +a7mAB+cv2fFwmwxnQWJ1Fvx4ft/N2AAfB83VRKpSo3xR8bxloHfTWKmyxJHmH9j1 +EYmLS86rj3Nhjf4m/YlQQ3Im5HwOgSgBOE8glq5D+0Wmsi9LsNEZXEzMw7TMUgbs +y9o/ghYF/shKU4mewK3DeM9gQiTcH5A4ISXR87hBQ08AKJRAG1CLvTyzqWiUUY+k +q8iZDYF17sHrPi2yn8q9c4zdxiaWDGDdL0Lh90wXGTAageoGEq25TMuL5FpX+u1u +KUH/xf1jEnNzbYNGiZw= +-----END X509 CRL----- diff --git a/tests/data_files/parse_input/crl-rsa-pss-sha512.pem b/tests/data_files/parse_input/crl-rsa-pss-sha512.pem new file mode 100644 index 0000000000..0f1d6510bc --- /dev/null +++ b/tests/data_files/parse_input/crl-rsa-pss-sha512.pem @@ -0,0 +1,16 @@ +-----BEGIN X509 CRL----- +MIICejCCATECAQEwPgYJKoZIhvcNAQEKMDGgDTALBglghkgBZQMEAgOhGjAYBgkq +hkiG9w0BAQgwCwYJYIZIAWUDBAIDogQCAgC+MDsxCzAJBgNVBAYTAk5MMREwDwYD +VQQKEwhQb2xhclNTTDEZMBcGA1UEAxMQUG9sYXJTU0wgVGVzdCBDQRcNMTQwMTIw +MTM1NjM4WhcNMjQwMTE4MTM1NjM4WjAoMBICAQoXDTEzMDkyNDE2MjgzOFowEgIB +FhcNMTQwMTIwMTM0MzA1WqBnMGUwYwYDVR0jBFwwWoAUtFrkpbPe0lL2udWmlQ/r +PrzH/f+hP6Q9MDsxCzAJBgNVBAYTAk5MMREwDwYDVQQKEwhQb2xhclNTTDEZMBcG +A1UEAxMQUG9sYXJTU0wgVGVzdCBDQYIBADA+BgkqhkiG9w0BAQowMaANMAsGCWCG +SAFlAwQCA6EaMBgGCSqGSIb3DQEBCDALBglghkgBZQMEAgOiBAICAL4DggEBAB9F +ywBfxOjetxNbCFhOYoPY2jvFCFVdlowMGuxEhX/LktqiBXqRc2r5naQSzuHqO8Iq +1zACtiDLri0CvgSHlravBNeY4c2wj//ueFE89tY5pK9E6vZp7cV+RfMx2YfGPAA2 +t7tWZ2rJWzELg8cZ8hpjSwFH7JmgJzjE5gi2gADhBYO6Vv5S3SOgqNjiN1OM31AU +p6GHK5Y1jurF5Zwzs+w3wXoXgpOxxwEC4eiS86c9kNSudwTLvDTU0bYEQE1cF+K0 +sB8QWABFJfuO5kjD2w3rWgmAiOKsZoxd1xrda+WD3JhDXnoVq3oVBIVlWVz6YID8 +enMfMvwScA5AImzu9xA= +-----END X509 CRL----- diff --git a/tests/data_files/parse_input/crl_expired.pem b/tests/data_files/parse_input/crl_expired.pem new file mode 100644 index 0000000000..cf60ae4d78 --- /dev/null +++ b/tests/data_files/parse_input/crl_expired.pem @@ -0,0 +1,11 @@ +-----BEGIN X509 CRL----- +MIIBqzCBlDANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDERMA8GA1UEChMI +UG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EXDTExMDIyMDEwMjQx +OVoXDTExMDIyMDExMjQxOVowKDASAgEBFw0xMTAyMTIxNDQ0MDdaMBICAQMXDTEx +MDIxMjE0NDQwN1owDQYJKoZIhvcNAQEFBQADggEBAKgP1XmCIPbfY1/UO+SVFQir +jArZ94QnQdoan4tJ29d8DmTxJ+z9/KyWNoGeOwc9P/2GQQaZahQOBr0f6lYd67Ct +wFVh/Q2zF8FgRcrQV7u/vJM33Q2yEsQkMGlM7rE5lC972vUKWu/NKq8bN9W/tWxZ +SFbvTXpv024aI0IRudpOCALnIy8SFhVb2/52IN2uR6qrFizDexMEdSckgpHuJzGS +IiANhIMn5LdQYJFjPgBzQU12tDdgzcpxtGhT10y4uQre+UbSjw+iVyml3issw59k +OSmkWFb06LamRC215JAMok3YQO5RnxCR8EjqPcJr+7+O9a1O1++yiaitg4bUjEA= +-----END X509 CRL----- diff --git a/tests/data_files/crl_md5.pem b/tests/data_files/parse_input/crl_md5.pem similarity index 100% rename from tests/data_files/crl_md5.pem rename to tests/data_files/parse_input/crl_md5.pem diff --git a/tests/data_files/crl_sha1.pem b/tests/data_files/parse_input/crl_sha1.pem similarity index 100% rename from tests/data_files/crl_sha1.pem rename to tests/data_files/parse_input/crl_sha1.pem diff --git a/tests/data_files/crl_sha224.pem b/tests/data_files/parse_input/crl_sha224.pem similarity index 100% rename from tests/data_files/crl_sha224.pem rename to tests/data_files/parse_input/crl_sha224.pem diff --git a/tests/data_files/parse_input/crl_sha256.pem b/tests/data_files/parse_input/crl_sha256.pem new file mode 100644 index 0000000000..c3ca25699f --- /dev/null +++ b/tests/data_files/parse_input/crl_sha256.pem @@ -0,0 +1,11 @@ +-----BEGIN X509 CRL----- +MIIBqzCBlDANBgkqhkiG9w0BAQsFADA7MQswCQYDVQQGEwJOTDERMA8GA1UEChMI +UG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EXDTExMDIxMjE0NDQw +N1oXDTExMDQxMzE0NDQwN1owKDASAgEBFw0xMTAyMTIxNDQ0MDdaMBICAQMXDTEx +MDIxMjE0NDQwN1owDQYJKoZIhvcNAQELBQADggEBAG4mBBgwfNynCYYL2CEnqore +mgKpC32tB6WiUBu9figcvdN3nSX/1wrB8rpiE8R04C8oSFglwhotJCnlWsy42tjb +0pk0Wuizln0PFMc/OypqRNNhwx31SHH42W4KzONiqvq3n/WkH3M1YniR1ZnMlyvi +lJioQn6ZAoc6O6mMP1J9duKYYhiMAOV992PD1/iqXw+jYN31RwdIS8/mGzIs4ake +EdviwhM3E4/sVbNOWCOnZFYV4m+yNAEe29HL1VKw6UXixBczct+brqXNVD3U6T0F +5ovR6BTefZO17eT52Duke5RZGDUyQOGywxOYKI5W+FcOYdp+U5Idk399tAz2Mdw= +-----END X509 CRL----- diff --git a/tests/data_files/crl_sha384.pem b/tests/data_files/parse_input/crl_sha384.pem similarity index 100% rename from tests/data_files/crl_sha384.pem rename to tests/data_files/parse_input/crl_sha384.pem diff --git a/tests/data_files/crl_sha512.pem b/tests/data_files/parse_input/crl_sha512.pem similarity index 100% rename from tests/data_files/crl_sha512.pem rename to tests/data_files/parse_input/crl_sha512.pem diff --git a/tests/suites/test_suite_x509parse.data b/tests/suites/test_suite_x509parse.data index 2d799a03af..c52c88a106 100644 --- a/tests/suites/test_suite_x509parse.data +++ b/tests/suites/test_suite_x509parse.data @@ -232,71 +232,71 @@ x509_parse_san:"data_files/test_cert_rfc822name.crt.der":"type \: 1\nrfc822Name X509 CRL information #1 depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_RSA_C:!MBEDTLS_X509_REMOVE_INFO -mbedtls_x509_crl_info:"data_files/crl_expired.pem":"CRL version \: 1\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2011-02-20 10\:24\:19\nnext update \: 2011-02-20 11\:24\:19\nRevoked certificates\:\nserial number\: 01 revocation date\: 2011-02-12 14\:44\:07\nserial number\: 03 revocation date\: 2011-02-12 14\:44\:07\nsigned using \: RSA with SHA1\n" +mbedtls_x509_crl_info:"data_files/parse_input/crl_expired.pem":"CRL version \: 1\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2011-02-20 10\:24\:19\nnext update \: 2011-02-20 11\:24\:19\nRevoked certificates\:\nserial number\: 01 revocation date\: 2011-02-12 14\:44\:07\nserial number\: 03 revocation date\: 2011-02-12 14\:44\:07\nsigned using \: RSA with SHA1\n" X509 CRL Information MD5 Digest depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD_CAN_MD5:MBEDTLS_RSA_C:!MBEDTLS_X509_REMOVE_INFO -mbedtls_x509_crl_info:"data_files/crl_md5.pem":"CRL version \: 1\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2011-02-12 14\:44\:07\nnext update \: 2011-04-13 14\:44\:07\nRevoked certificates\:\nserial number\: 01 revocation date\: 2011-02-12 14\:44\:07\nserial number\: 03 revocation date\: 2011-02-12 14\:44\:07\nsigned using \: RSA with MD5\n" +mbedtls_x509_crl_info:"data_files/parse_input/crl_md5.pem":"CRL version \: 1\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2011-02-12 14\:44\:07\nnext update \: 2011-04-13 14\:44\:07\nRevoked certificates\:\nserial number\: 01 revocation date\: 2011-02-12 14\:44\:07\nserial number\: 03 revocation date\: 2011-02-12 14\:44\:07\nsigned using \: RSA with MD5\n" X509 CRL Information SHA1 Digest depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_RSA_C:!MBEDTLS_X509_REMOVE_INFO -mbedtls_x509_crl_info:"data_files/crl_sha1.pem":"CRL version \: 1\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2011-02-12 14\:44\:07\nnext update \: 2011-04-13 14\:44\:07\nRevoked certificates\:\nserial number\: 01 revocation date\: 2011-02-12 14\:44\:07\nserial number\: 03 revocation date\: 2011-02-12 14\:44\:07\nsigned using \: RSA with SHA1\n" +mbedtls_x509_crl_info:"data_files/parse_input/crl_sha1.pem":"CRL version \: 1\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2011-02-12 14\:44\:07\nnext update \: 2011-04-13 14\:44\:07\nRevoked certificates\:\nserial number\: 01 revocation date\: 2011-02-12 14\:44\:07\nserial number\: 03 revocation date\: 2011-02-12 14\:44\:07\nsigned using \: RSA with SHA1\n" X509 CRL Information SHA224 Digest depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD_CAN_SHA224:MBEDTLS_RSA_C:!MBEDTLS_X509_REMOVE_INFO -mbedtls_x509_crl_info:"data_files/crl_sha224.pem":"CRL version \: 1\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2011-02-12 14\:44\:07\nnext update \: 2011-04-13 14\:44\:07\nRevoked certificates\:\nserial number\: 01 revocation date\: 2011-02-12 14\:44\:07\nserial number\: 03 revocation date\: 2011-02-12 14\:44\:07\nsigned using \: RSA with SHA-224\n" +mbedtls_x509_crl_info:"data_files/parse_input/crl_sha224.pem":"CRL version \: 1\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2011-02-12 14\:44\:07\nnext update \: 2011-04-13 14\:44\:07\nRevoked certificates\:\nserial number\: 01 revocation date\: 2011-02-12 14\:44\:07\nserial number\: 03 revocation date\: 2011-02-12 14\:44\:07\nsigned using \: RSA with SHA-224\n" X509 CRL Information SHA256 Digest depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD_CAN_SHA256:MBEDTLS_RSA_C:!MBEDTLS_X509_REMOVE_INFO -mbedtls_x509_crl_info:"data_files/crl_sha256.pem":"CRL version \: 1\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2011-02-12 14\:44\:07\nnext update \: 2011-04-13 14\:44\:07\nRevoked certificates\:\nserial number\: 01 revocation date\: 2011-02-12 14\:44\:07\nserial number\: 03 revocation date\: 2011-02-12 14\:44\:07\nsigned using \: RSA with SHA-256\n" +mbedtls_x509_crl_info:"data_files/parse_input/crl_sha256.pem":"CRL version \: 1\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2011-02-12 14\:44\:07\nnext update \: 2011-04-13 14\:44\:07\nRevoked certificates\:\nserial number\: 01 revocation date\: 2011-02-12 14\:44\:07\nserial number\: 03 revocation date\: 2011-02-12 14\:44\:07\nsigned using \: RSA with SHA-256\n" X509 CRL Information SHA384 Digest depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_RSA_C:!MBEDTLS_X509_REMOVE_INFO -mbedtls_x509_crl_info:"data_files/crl_sha384.pem":"CRL version \: 1\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2011-02-12 14\:44\:07\nnext update \: 2011-04-13 14\:44\:07\nRevoked certificates\:\nserial number\: 01 revocation date\: 2011-02-12 14\:44\:07\nserial number\: 03 revocation date\: 2011-02-12 14\:44\:07\nsigned using \: RSA with SHA-384\n" +mbedtls_x509_crl_info:"data_files/parse_input/crl_sha384.pem":"CRL version \: 1\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2011-02-12 14\:44\:07\nnext update \: 2011-04-13 14\:44\:07\nRevoked certificates\:\nserial number\: 01 revocation date\: 2011-02-12 14\:44\:07\nserial number\: 03 revocation date\: 2011-02-12 14\:44\:07\nsigned using \: RSA with SHA-384\n" X509 CRL Information SHA512 Digest depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD_CAN_SHA512:MBEDTLS_RSA_C:!MBEDTLS_X509_REMOVE_INFO -mbedtls_x509_crl_info:"data_files/crl_sha512.pem":"CRL version \: 1\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2011-02-12 14\:44\:07\nnext update \: 2011-04-13 14\:44\:07\nRevoked certificates\:\nserial number\: 01 revocation date\: 2011-02-12 14\:44\:07\nserial number\: 03 revocation date\: 2011-02-12 14\:44\:07\nsigned using \: RSA with SHA-512\n" +mbedtls_x509_crl_info:"data_files/parse_input/crl_sha512.pem":"CRL version \: 1\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2011-02-12 14\:44\:07\nnext update \: 2011-04-13 14\:44\:07\nRevoked certificates\:\nserial number\: 01 revocation date\: 2011-02-12 14\:44\:07\nserial number\: 03 revocation date\: 2011-02-12 14\:44\:07\nsigned using \: RSA with SHA-512\n" X509 CRL information RSA-PSS, SHA1 Digest depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_MD_CAN_SHA1:!MBEDTLS_X509_REMOVE_INFO -mbedtls_x509_crl_info:"data_files/crl-rsa-pss-sha1.pem":"CRL version \: 2\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2014-01-20 13\:46\:35\nnext update \: 2024-01-18 13\:46\:35\nRevoked certificates\:\nserial number\: 0A revocation date\: 2013-09-24 16\:28\:38\nserial number\: 16 revocation date\: 2014-01-20 13\:43\:05\nsigned using \: RSASSA-PSS (SHA1, MGF1-SHA1, 0xEA)\n" +mbedtls_x509_crl_info:"data_files/parse_input/crl-rsa-pss-sha1.pem":"CRL version \: 2\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2014-01-20 13\:46\:35\nnext update \: 2024-01-18 13\:46\:35\nRevoked certificates\:\nserial number\: 0A revocation date\: 2013-09-24 16\:28\:38\nserial number\: 16 revocation date\: 2014-01-20 13\:43\:05\nsigned using \: RSASSA-PSS (SHA1, MGF1-SHA1, 0xEA)\n" X509 CRL information RSA-PSS, SHA224 Digest depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_MD_CAN_SHA224:!MBEDTLS_X509_REMOVE_INFO -mbedtls_x509_crl_info:"data_files/crl-rsa-pss-sha224.pem":"CRL version \: 2\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2014-01-20 13\:56\:06\nnext update \: 2024-01-18 13\:56\:06\nRevoked certificates\:\nserial number\: 0A revocation date\: 2013-09-24 16\:28\:38\nserial number\: 16 revocation date\: 2014-01-20 13\:43\:05\nsigned using \: RSASSA-PSS (SHA224, MGF1-SHA224, 0xE2)\n" +mbedtls_x509_crl_info:"data_files/parse_input/crl-rsa-pss-sha224.pem":"CRL version \: 2\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2014-01-20 13\:56\:06\nnext update \: 2024-01-18 13\:56\:06\nRevoked certificates\:\nserial number\: 0A revocation date\: 2013-09-24 16\:28\:38\nserial number\: 16 revocation date\: 2014-01-20 13\:43\:05\nsigned using \: RSASSA-PSS (SHA224, MGF1-SHA224, 0xE2)\n" X509 CRL information RSA-PSS, SHA256 Digest depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_MD_CAN_SHA256:!MBEDTLS_X509_REMOVE_INFO -mbedtls_x509_crl_info:"data_files/crl-rsa-pss-sha256.pem":"CRL version \: 2\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2014-01-20 13\:56\:16\nnext update \: 2024-01-18 13\:56\:16\nRevoked certificates\:\nserial number\: 0A revocation date\: 2013-09-24 16\:28\:38\nserial number\: 16 revocation date\: 2014-01-20 13\:43\:05\nsigned using \: RSASSA-PSS (SHA256, MGF1-SHA256, 0xDE)\n" +mbedtls_x509_crl_info:"data_files/parse_input/crl-rsa-pss-sha256.pem":"CRL version \: 2\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2014-01-20 13\:56\:16\nnext update \: 2024-01-18 13\:56\:16\nRevoked certificates\:\nserial number\: 0A revocation date\: 2013-09-24 16\:28\:38\nserial number\: 16 revocation date\: 2014-01-20 13\:43\:05\nsigned using \: RSASSA-PSS (SHA256, MGF1-SHA256, 0xDE)\n" X509 CRL information RSA-PSS, SHA384 Digest depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_MD_CAN_SHA384:!MBEDTLS_X509_REMOVE_INFO -mbedtls_x509_crl_info:"data_files/crl-rsa-pss-sha384.pem":"CRL version \: 2\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2014-01-20 13\:56\:28\nnext update \: 2024-01-18 13\:56\:28\nRevoked certificates\:\nserial number\: 0A revocation date\: 2013-09-24 16\:28\:38\nserial number\: 16 revocation date\: 2014-01-20 13\:43\:05\nsigned using \: RSASSA-PSS (SHA384, MGF1-SHA384, 0xCE)\n" +mbedtls_x509_crl_info:"data_files/parse_input/crl-rsa-pss-sha384.pem":"CRL version \: 2\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2014-01-20 13\:56\:28\nnext update \: 2024-01-18 13\:56\:28\nRevoked certificates\:\nserial number\: 0A revocation date\: 2013-09-24 16\:28\:38\nserial number\: 16 revocation date\: 2014-01-20 13\:43\:05\nsigned using \: RSASSA-PSS (SHA384, MGF1-SHA384, 0xCE)\n" X509 CRL information RSA-PSS, SHA512 Digest depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_MD_CAN_SHA512:!MBEDTLS_X509_REMOVE_INFO -mbedtls_x509_crl_info:"data_files/crl-rsa-pss-sha512.pem":"CRL version \: 2\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2014-01-20 13\:56\:38\nnext update \: 2024-01-18 13\:56\:38\nRevoked certificates\:\nserial number\: 0A revocation date\: 2013-09-24 16\:28\:38\nserial number\: 16 revocation date\: 2014-01-20 13\:43\:05\nsigned using \: RSASSA-PSS (SHA512, MGF1-SHA512, 0xBE)\n" +mbedtls_x509_crl_info:"data_files/parse_input/crl-rsa-pss-sha512.pem":"CRL version \: 2\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2014-01-20 13\:56\:38\nnext update \: 2024-01-18 13\:56\:38\nRevoked certificates\:\nserial number\: 0A revocation date\: 2013-09-24 16\:28\:38\nserial number\: 16 revocation date\: 2014-01-20 13\:43\:05\nsigned using \: RSASSA-PSS (SHA512, MGF1-SHA512, 0xBE)\n" X509 CRL Information EC, SHA1 Digest depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PK_CAN_ECDSA_SOME:!MBEDTLS_X509_REMOVE_INFO -mbedtls_x509_crl_info:"data_files/crl-ec-sha1.pem":"CRL version \: 2\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nthis update \: 2013-09-24 16\:31\:08\nnext update \: 2023-09-22 16\:31\:08\nRevoked certificates\:\nserial number\: 0A revocation date\: 2013-09-24 16\:28\:38\nsigned using \: ECDSA with SHA1\n" +mbedtls_x509_crl_info:"data_files/parse_input/crl-ec-sha1.pem":"CRL version \: 2\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nthis update \: 2013-09-24 16\:31\:08\nnext update \: 2023-09-22 16\:31\:08\nRevoked certificates\:\nserial number\: 0A revocation date\: 2013-09-24 16\:28\:38\nsigned using \: ECDSA with SHA1\n" X509 CRL Information EC, SHA224 Digest depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD_CAN_SHA224:MBEDTLS_PK_CAN_ECDSA_SOME:!MBEDTLS_X509_REMOVE_INFO -mbedtls_x509_crl_info:"data_files/crl-ec-sha224.pem":"CRL version \: 2\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nthis update \: 2013-09-24 16\:31\:08\nnext update \: 2023-09-22 16\:31\:08\nRevoked certificates\:\nserial number\: 0A revocation date\: 2013-09-24 16\:28\:38\nsigned using \: ECDSA with SHA224\n" +mbedtls_x509_crl_info:"data_files/parse_input/crl-ec-sha224.pem":"CRL version \: 2\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nthis update \: 2013-09-24 16\:31\:08\nnext update \: 2023-09-22 16\:31\:08\nRevoked certificates\:\nserial number\: 0A revocation date\: 2013-09-24 16\:28\:38\nsigned using \: ECDSA with SHA224\n" X509 CRL Information EC, SHA256 Digest depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD_CAN_SHA256:MBEDTLS_PK_CAN_ECDSA_SOME:!MBEDTLS_X509_REMOVE_INFO -mbedtls_x509_crl_info:"data_files/crl-ec-sha256.pem":"CRL version \: 2\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nthis update \: 2013-09-24 16\:31\:08\nnext update \: 2023-09-22 16\:31\:08\nRevoked certificates\:\nserial number\: 0A revocation date\: 2013-09-24 16\:28\:38\nsigned using \: ECDSA with SHA256\n" +mbedtls_x509_crl_info:"data_files/parse_input/crl-ec-sha256.pem":"CRL version \: 2\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nthis update \: 2013-09-24 16\:31\:08\nnext update \: 2023-09-22 16\:31\:08\nRevoked certificates\:\nserial number\: 0A revocation date\: 2013-09-24 16\:28\:38\nsigned using \: ECDSA with SHA256\n" X509 CRL Information EC, SHA384 Digest depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PK_CAN_ECDSA_SOME:!MBEDTLS_X509_REMOVE_INFO -mbedtls_x509_crl_info:"data_files/crl-ec-sha384.pem":"CRL version \: 2\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nthis update \: 2013-09-24 16\:31\:08\nnext update \: 2023-09-22 16\:31\:08\nRevoked certificates\:\nserial number\: 0A revocation date\: 2013-09-24 16\:28\:38\nsigned using \: ECDSA with SHA384\n" +mbedtls_x509_crl_info:"data_files/parse_input/crl-ec-sha384.pem":"CRL version \: 2\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nthis update \: 2013-09-24 16\:31\:08\nnext update \: 2023-09-22 16\:31\:08\nRevoked certificates\:\nserial number\: 0A revocation date\: 2013-09-24 16\:28\:38\nsigned using \: ECDSA with SHA384\n" X509 CRL Information EC, SHA512 Digest depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD_CAN_SHA512:MBEDTLS_PK_CAN_ECDSA_SOME:!MBEDTLS_X509_REMOVE_INFO -mbedtls_x509_crl_info:"data_files/crl-ec-sha512.pem":"CRL version \: 2\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nthis update \: 2013-09-24 16\:31\:08\nnext update \: 2023-09-22 16\:31\:08\nRevoked certificates\:\nserial number\: 0A revocation date\: 2013-09-24 16\:28\:38\nsigned using \: ECDSA with SHA512\n" +mbedtls_x509_crl_info:"data_files/parse_input/crl-ec-sha512.pem":"CRL version \: 2\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nthis update \: 2013-09-24 16\:31\:08\nnext update \: 2023-09-22 16\:31\:08\nRevoked certificates\:\nserial number\: 0A revocation date\: 2013-09-24 16\:28\:38\nsigned using \: ECDSA with SHA512\n" X509 CRL Malformed Input (trailing spaces at end of file) depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_MD_CAN_SHA512:MBEDTLS_PK_CAN_ECDSA_VERIFY From 85b0758b41b8c6b2bf06d2c53a6ab1b570fdf10b Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Mon, 29 May 2023 17:28:42 +0800 Subject: [PATCH 169/328] change path of x509_cert_info input data - Copy data_files/server1.crt->data_files/parse_input/server1.crt - Move data_files/server1.crt.der->data_files/parse_input/server1.crt.der - Copy data_files/server2.crt->data_files/parse_input/server2.crt - Copy data_files/server2.crt.der->data_files/parse_input/server2.crt.der - Copy data_files/test-ca.crt->data_files/parse_input/test-ca.crt - Move data_files/test-ca.crt.der->data_files/parse_input/test-ca.crt.der - Copy data_files/cert_md5.crt->data_files/parse_input/cert_md5.crt - Copy data_files/cert_sha1.crt->data_files/parse_input/cert_sha1.crt - Copy data_files/cert_sha224.crt->data_files/parse_input/cert_sha224.crt - Copy data_files/cert_sha256.crt->data_files/parse_input/cert_sha256.crt - Copy data_files/cert_sha384.crt->data_files/parse_input/cert_sha384.crt - Copy data_files/cert_sha512.crt->data_files/parse_input/cert_sha512.crt - Copy data_files/server9.crt->data_files/parse_input/server9.crt - Copy data_files/server9-sha224.crt->data_files/parse_input/server9-sha224.crt - Copy data_files/server9-sha256.crt->data_files/parse_input/server9-sha256.crt - Copy data_files/server9-sha384.crt->data_files/parse_input/server9-sha384.crt - Copy data_files/server9-sha512.crt->data_files/parse_input/server9-sha512.crt - Copy data_files/server5-sha1.crt->data_files/parse_input/server5-sha1.crt - Copy data_files/server5-sha224.crt->data_files/parse_input/server5-sha224.crt - Copy data_files/server5.crt->data_files/parse_input/server5.crt - Copy data_files/server5-sha384.crt->data_files/parse_input/server5-sha384.crt - Copy data_files/server5-sha512.crt->data_files/parse_input/server5-sha512.crt - Copy data_files/server5-othername.crt->data_files/parse_input/server5-othername.crt - Copy data_files/server5-nonprintable_othername.crt->data_files/parse_input/server5-nonprintable_othername.crt - Copy data_files/server5-directoryname.crt.der->data_files/parse_input/server5-directoryname.crt.der - Move data_files/server5-two-directorynames.crt.der->data_files/parse_input/server5-two-directorynames.crt.der - Move data_files/server5-fan.crt->data_files/parse_input/server5-fan.crt - Copy data_files/server1.cert_type.crt->data_files/parse_input/server1.cert_type.crt - Copy data_files/server1.key_usage.crt->data_files/parse_input/server1.key_usage.crt - Copy data_files/keyUsage.decipherOnly.crt->data_files/parse_input/keyUsage.decipherOnly.crt - Copy data_files/cert_example_multi.crt->data_files/parse_input/cert_example_multi.crt - Copy data_files/multiple_san.crt->data_files/parse_input/multiple_san.crt - Copy data_files/cert_example_multi_nocn.crt->data_files/parse_input/cert_example_multi_nocn.crt - Move data_files/rsa_single_san_uri.crt.der->data_files/parse_input/rsa_single_san_uri.crt.der - Move data_files/rsa_multiple_san_uri.crt.der->data_files/parse_input/rsa_multiple_san_uri.crt.der - Move data_files/test-ca-any_policy.crt->data_files/parse_input/test-ca-any_policy.crt - Move data_files/test-ca-any_policy_ec.crt->data_files/parse_input/test-ca-any_policy_ec.crt - Move data_files/test-ca-any_policy_with_qualifier.crt->data_files/parse_input/test-ca-any_policy_with_qualifier.crt - Move data_files/test-ca-any_policy_with_qualifier_ec.crt->data_files/parse_input/test-ca-any_policy_with_qualifier_ec.crt - Move data_files/test-ca-multi_policy.crt->data_files/parse_input/test-ca-multi_policy.crt - Move data_files/test-ca-multi_policy_ec.crt->data_files/parse_input/test-ca-multi_policy_ec.crt - Move data_files/test-ca-unsupported_policy.crt->data_files/parse_input/test-ca-unsupported_policy.crt - Move data_files/test-ca-unsupported_policy_ec.crt->data_files/parse_input/test-ca-unsupported_policy_ec.crt - Move data_files/server1.ext_ku.crt->data_files/parse_input/server1.ext_ku.crt - Copy data_files/server4.crt->data_files/parse_input/server4.crt - Copy data_files/server3.crt->data_files/parse_input/server3.crt - Move data_files/bitstring-in-dn.pem->data_files/parse_input/bitstring-in-dn.pem - Move data_files/non-ascii-string-in-issuer.crt->data_files/parse_input/non-ascii-string-in-issuer.crt Signed-off-by: Jerry Yu --- .../{ => parse_input}/bitstring-in-dn.pem | 0 .../parse_input/cert_example_multi.crt | 17 ++++ .../parse_input/cert_example_multi_nocn.crt | 13 +++ tests/data_files/parse_input/cert_md5.crt | 20 ++++ tests/data_files/parse_input/cert_sha1.crt | 20 ++++ tests/data_files/parse_input/cert_sha224.crt | 20 ++++ tests/data_files/parse_input/cert_sha256.crt | 20 ++++ tests/data_files/parse_input/cert_sha384.crt | 20 ++++ tests/data_files/parse_input/cert_sha512.crt | 20 ++++ .../parse_input/keyUsage.decipherOnly.crt | 14 +++ tests/data_files/parse_input/multiple_san.crt | 12 +++ .../non-ascii-string-in-issuer.crt | 0 .../rsa_multiple_san_uri.crt.der | Bin .../rsa_single_san_uri.crt.der | Bin .../parse_input/server1.cert_type.crt | 20 ++++ tests/data_files/parse_input/server1.crt | 20 ++++ .../{ => parse_input}/server1.crt.der | Bin .../{ => parse_input}/server1.ext_ku.crt | 0 .../parse_input/server1.key_usage.crt | 20 ++++ tests/data_files/parse_input/server2.crt | 20 ++++ tests/data_files/parse_input/server2.crt.der | Bin 0 -> 827 bytes tests/data_files/parse_input/server3.crt | 17 ++++ tests/data_files/parse_input/server4.crt | 18 ++++ .../parse_input/server5-directoryname.crt.der | Bin 0 -> 498 bytes .../{ => parse_input}/server5-fan.crt | 0 .../server5-nonprintable_othername.crt | 12 +++ .../parse_input/server5-othername.crt | 11 ++ tests/data_files/parse_input/server5-sha1.crt | 14 +++ .../data_files/parse_input/server5-sha224.crt | 14 +++ .../data_files/parse_input/server5-sha384.crt | 14 +++ .../data_files/parse_input/server5-sha512.crt | 14 +++ .../server5-two-directorynames.crt.der | Bin tests/data_files/parse_input/server5.crt | 14 +++ .../data_files/parse_input/server9-sha224.crt | 20 ++++ .../data_files/parse_input/server9-sha256.crt | 20 ++++ .../data_files/parse_input/server9-sha384.crt | 20 ++++ .../data_files/parse_input/server9-sha512.crt | 20 ++++ tests/data_files/parse_input/server9.crt | 19 ++++ .../{ => parse_input}/test-ca-any_policy.crt | 0 .../test-ca-any_policy_ec.crt | 0 .../test-ca-any_policy_with_qualifier.crt | 0 .../test-ca-any_policy_with_qualifier_ec.crt | 0 .../test-ca-multi_policy.crt | 0 .../test-ca-multi_policy_ec.crt | 0 .../test-ca-unsupported_policy.crt | 0 .../test-ca-unsupported_policy_ec.crt | 0 tests/data_files/parse_input/test-ca.crt | 20 ++++ .../{ => parse_input}/test-ca.crt.der | Bin tests/suites/test_suite_x509parse.data | 96 +++++++++--------- 49 files changed, 551 insertions(+), 48 deletions(-) rename tests/data_files/{ => parse_input}/bitstring-in-dn.pem (100%) create mode 100644 tests/data_files/parse_input/cert_example_multi.crt create mode 100644 tests/data_files/parse_input/cert_example_multi_nocn.crt create mode 100644 tests/data_files/parse_input/cert_md5.crt create mode 100644 tests/data_files/parse_input/cert_sha1.crt create mode 100644 tests/data_files/parse_input/cert_sha224.crt create mode 100644 tests/data_files/parse_input/cert_sha256.crt create mode 100644 tests/data_files/parse_input/cert_sha384.crt create mode 100644 tests/data_files/parse_input/cert_sha512.crt create mode 100644 tests/data_files/parse_input/keyUsage.decipherOnly.crt create mode 100644 tests/data_files/parse_input/multiple_san.crt rename tests/data_files/{ => parse_input}/non-ascii-string-in-issuer.crt (100%) rename tests/data_files/{ => parse_input}/rsa_multiple_san_uri.crt.der (100%) rename tests/data_files/{ => parse_input}/rsa_single_san_uri.crt.der (100%) create mode 100644 tests/data_files/parse_input/server1.cert_type.crt create mode 100644 tests/data_files/parse_input/server1.crt rename tests/data_files/{ => parse_input}/server1.crt.der (100%) rename tests/data_files/{ => parse_input}/server1.ext_ku.crt (100%) create mode 100644 tests/data_files/parse_input/server1.key_usage.crt create mode 100644 tests/data_files/parse_input/server2.crt create mode 100644 tests/data_files/parse_input/server2.crt.der create mode 100644 tests/data_files/parse_input/server3.crt create mode 100644 tests/data_files/parse_input/server4.crt create mode 100644 tests/data_files/parse_input/server5-directoryname.crt.der rename tests/data_files/{ => parse_input}/server5-fan.crt (100%) create mode 100644 tests/data_files/parse_input/server5-nonprintable_othername.crt create mode 100644 tests/data_files/parse_input/server5-othername.crt create mode 100644 tests/data_files/parse_input/server5-sha1.crt create mode 100644 tests/data_files/parse_input/server5-sha224.crt create mode 100644 tests/data_files/parse_input/server5-sha384.crt create mode 100644 tests/data_files/parse_input/server5-sha512.crt rename tests/data_files/{ => parse_input}/server5-two-directorynames.crt.der (100%) create mode 100644 tests/data_files/parse_input/server5.crt create mode 100644 tests/data_files/parse_input/server9-sha224.crt create mode 100644 tests/data_files/parse_input/server9-sha256.crt create mode 100644 tests/data_files/parse_input/server9-sha384.crt create mode 100644 tests/data_files/parse_input/server9-sha512.crt create mode 100644 tests/data_files/parse_input/server9.crt rename tests/data_files/{ => parse_input}/test-ca-any_policy.crt (100%) rename tests/data_files/{ => parse_input}/test-ca-any_policy_ec.crt (100%) rename tests/data_files/{ => parse_input}/test-ca-any_policy_with_qualifier.crt (100%) rename tests/data_files/{ => parse_input}/test-ca-any_policy_with_qualifier_ec.crt (100%) rename tests/data_files/{ => parse_input}/test-ca-multi_policy.crt (100%) rename tests/data_files/{ => parse_input}/test-ca-multi_policy_ec.crt (100%) rename tests/data_files/{ => parse_input}/test-ca-unsupported_policy.crt (100%) rename tests/data_files/{ => parse_input}/test-ca-unsupported_policy_ec.crt (100%) create mode 100644 tests/data_files/parse_input/test-ca.crt rename tests/data_files/{ => parse_input}/test-ca.crt.der (100%) diff --git a/tests/data_files/bitstring-in-dn.pem b/tests/data_files/parse_input/bitstring-in-dn.pem similarity index 100% rename from tests/data_files/bitstring-in-dn.pem rename to tests/data_files/parse_input/bitstring-in-dn.pem diff --git a/tests/data_files/parse_input/cert_example_multi.crt b/tests/data_files/parse_input/cert_example_multi.crt new file mode 100644 index 0000000000..0e3295dc71 --- /dev/null +++ b/tests/data_files/parse_input/cert_example_multi.crt @@ -0,0 +1,17 @@ +-----BEGIN CERTIFICATE----- +MIICojCCAYqgAwIBAgIBETANBgkqhkiG9w0BAQsFADA7MQswCQYDVQQGEwJOTDER +MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN +MTkwNzEwMTEyNzUyWhcNMjkwNzEwMTEyNzUyWjA6MQswCQYDVQQGEwJOTDERMA8G +A1UECgwIUG9sYXJTU0wxGDAWBgNVBAMMD3d3dy5leGFtcGxlLmNvbTCBnzANBgkq +hkiG9w0BAQEFAAOBjQAwgYkCgYEAxziSxcP0cBAIa/gTNezzARyKJQ+VgjYeqh6W +ElUarPh7dTMLcFcznNmV8U1MRDfIvsSgP+RkPNPzyQJDPcN8W455qgmEroITNwq/ +hWm9KjVibLH+5KzgQrJBfHvknScUmywHa45DPT9sdjpGmhxwDSWdvAjHQPzYAjdi +/33r/C0CAwEAAaM2MDQwMgYDVR0RBCswKYILZXhhbXBsZS5jb22CC2V4YW1wbGUu +bmV0gg0qLmV4YW1wbGUub3JnMA0GCSqGSIb3DQEBCwUAA4IBAQCJbFizurHz804x +6NbsvsPPgLcESq0OcGOEXOCOe8seZqomhSYTXtHBzrFtRp2/gmtORq2oapoDDiq+ +I+xRLJYsUBut2NdkZmEIRSW4n4sXJwqb0fXTTkd7EAXBvGNWbERab5Sbf84oqd4t +yjjz2u+Hvx8hZCHJG2V9qg3zaw5zJT1AfAsMbjXqi8CfU7U+Fcor+O3GeuUVgpJC +QCXb2Qjj3ZmrCvGZA9x59XtnEN6m2O4pWkmqR/Z7MlQrZzQ80vcQMk9+qoKIr2EJ +RcJhAtE+dLV19IlccwsDlGx5kT5N5zSYLK9nARV1/AjK48bUxGH353A1Y2MCfy0E +dXDReJa1 +-----END CERTIFICATE----- diff --git a/tests/data_files/parse_input/cert_example_multi_nocn.crt b/tests/data_files/parse_input/cert_example_multi_nocn.crt new file mode 100644 index 0000000000..1634846e1b --- /dev/null +++ b/tests/data_files/parse_input/cert_example_multi_nocn.crt @@ -0,0 +1,13 @@ +-----BEGIN CERTIFICATE----- +MIIB/TCCAWagAwIBAgIJAPfGf/jpqWP5MA0GCSqGSIb3DQEBBQUAMA0xCzAJBgNV +BAYTAk5MMB4XDTE0MDEyMjEwMDQzM1oXDTI0MDEyMjEwMDQzM1owDTELMAkGA1UE +BhMCTkwwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAN0Rip+ZurBoyirqO2pt +WZftTslU5A3uzqB9oB6q6A7CuxNA24oSjokTJKXF9frY9ZDXyMrLxf6THa/aEiNz +UnlGGrqgVyt2FjGzqK/nOJsIi2OZOgol7kXSGFi6uZMa7dRYmmMbN/z3FAifhWVJ +81kybdHg6G3eUu1mtKkL2kCVAgMBAAGjZTBjMAkGA1UdEwQCMAAwCwYDVR0PBAQD +AgXgMEkGA1UdEQRCMECCHHd3dy5zaG90b2thbi1icmF1bnNjaHdlaWcuZGWCFHd3 +dy5tYXNzaW1vLWFiYXRlLmV1hwTAqAEBhwTAqEWQMA0GCSqGSIb3DQEBBQUAA4GB +ABjx1ytrqCyFC5/0cjWnbLK9vsvLny2ZikDewfRxqJ5zAxGWLqHOr1SmUmu2DrvB +bkT9g5z19+iMhPnzJz1x7Q2m7WTIJTuUPK+hKZJATDLNhZ86h5Nkw8k9YzKcOrPm +EIqsy55CSgLU0ntljqSBvSb4ifrF1NnIWej2lSfN6r+3 +-----END CERTIFICATE----- diff --git a/tests/data_files/parse_input/cert_md5.crt b/tests/data_files/parse_input/cert_md5.crt new file mode 100644 index 0000000000..e514fd631c --- /dev/null +++ b/tests/data_files/parse_input/cert_md5.crt @@ -0,0 +1,20 @@ +-----BEGIN CERTIFICATE----- +MIIDPzCCAiegAwIBAgIBBjANBgkqhkiG9w0BAQQFADA7MQswCQYDVQQGEwJOTDER +MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN +MDAwMTAxMTIxMjEyWhcNMzAwMTAxMTIxMjEyWjA8MQswCQYDVQQGEwJOTDERMA8G +A1UECgwIUG9sYXJTU0wxGjAYBgNVBAMMEVBvbGFyU1NMIENlcnQgTUQ1MIIBIjAN +BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyHTEzLn5tXnpRdkUYLB9u5Pyax6f +M60Nj4o8VmXl3ETZzGaFB9X4J7BKNdBjngpuG7fa8H6r7gwQk4ZJGDTzqCrSV/Uu +1C93KYRhTYJQj6eVSHD1bk2y1RPD0hrt5kPqQhTrdOrA7R/UV06p86jt0uDBMHEw +MjDV0/YI0FZPRo7yX/k9Z5GIMC5Cst99++UMd//sMcB4j7/Cf8qtbCHWjdmLao5v +4Jv4EFbMs44TFeY0BGbH7vk2DmqV9gmaBmf0ZXH4yqSxJeD+PIs1BGe64E92hfx/ +/DZrtenNLQNiTrM9AM+vdqBpVoNq0qjU51Bx5rU2BXcFbXvI5MT9TNUhXwIDAQAB +o00wSzAJBgNVHRMEAjAAMB0GA1UdDgQWBBRxoQBzckAvVHZeM/xSj7zx3WtGITAf +BgNVHSMEGDAWgBS0WuSls97SUva51aaVD+s+vMf9/zANBgkqhkiG9w0BAQQFAAOC +AQEAF4QcMshVtVbYgvvU7f2lWakubbAISM/k+FW/f7u63m0MSSoSFeYflBOC1Wf4 +imgDEnWcWTH5V7sxsLNogxfpfTuFUaKfHeQmRhAK4UgqbDEs4dZvgo3wZ/w92G0/ +QNntJefnqaFiITXZTn6J8hxeoEq4QbucbWgeY6fTAwXtIv40BvMOSakkuIFAyIvV +90VY1j4vnx0/xv5lIBAxah1HdtXhqtDu/sUfdCtWX5SCcVUwwM3gZ4Q1ZdWQmlvF +737ZG7XaINxsDaI04sJxc7qvuRYhLdCwUPnZL5TGEQJ8jNa/39eEbnkvs7hbTU98 +6qG8UAYsSI7aMe1j7DZpkoPL9w== +-----END CERTIFICATE----- diff --git a/tests/data_files/parse_input/cert_sha1.crt b/tests/data_files/parse_input/cert_sha1.crt new file mode 100644 index 0000000000..1e23585c55 --- /dev/null +++ b/tests/data_files/parse_input/cert_sha1.crt @@ -0,0 +1,20 @@ +-----BEGIN CERTIFICATE----- +MIIDQDCCAiigAwIBAgIBBzANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER +MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN +MTkwMjEwMTQ0NDA2WhcNMjkwMjEwMTQ0NDA2WjA9MQswCQYDVQQGEwJOTDERMA8G +A1UECgwIUG9sYXJTU0wxGzAZBgNVBAMMElBvbGFyU1NMIENlcnQgU0hBMTCCASIw +DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKkCHz1AatVVU4v9Nu6CZS4VYV6J +v7joRZDb7ogWUtPxQ1BHlhJZZIdr/SvgRvlzvt3PkuGRW+1moG+JKXlFgNCDatVB +Q3dfOXwJBEeCsFc5cO2j7BUZHqgzCEfBBUKp/UzDtN/dBh9NEFFAZ3MTD0D4bYEl +XwqxU8YwfhU5rPla7n+SnqYFW+cTl4W1I5LZ1CQG1QkliXUH3aYajz8JGb6tZSxk +65Wb3P5BXhem2mxbacwCuhQsFiScStzN0PdSZ3PxLaAj/X70McotcMqJCwTbLqZP +cG6ezr1YieJTWZ5uWpJl4og/DJQZo93l6J2VE+0p26twEtxaymsXq1KCVLECAwEA +AaNNMEswCQYDVR0TBAIwADAdBgNVHQ4EFgQUH3TWPynBdHRFOwUSLD2ovUNZAqYw +HwYDVR0jBBgwFoAUtFrkpbPe0lL2udWmlQ/rPrzH/f8wDQYJKoZIhvcNAQEFBQAD +ggEBAFAHuWfjOp+GaM5dP3NBaUayXmjbrsY5fo/ysfOVV9xipzbPWvE2Bu679iU1 +Eg+5hME9VlMmQejGzG09ReXE+30gyhtO3vWA8U21YrsL3ybvS6EREHGKk238bIBh +yDP/b0VuoNsS3xRn9WyH3TRu5re0vK68OSkLIWPd01fgvcfl6YyUY+WuuSrpYcDv +nrgKvFZws/EE4RNldtRC1Blwy497AtmWBQWs65zj5JkNdNnm4JJqXZAArNh2GSZo +83C/1ZSFrNo9GONsCJ0GVGEt7IK7FPqXYW7rXi30BRse33ziU7RPWGDT13bh9Rdz +RqsoZ5h5VjtHOnMUUD99gIWinBE= +-----END CERTIFICATE----- diff --git a/tests/data_files/parse_input/cert_sha224.crt b/tests/data_files/parse_input/cert_sha224.crt new file mode 100644 index 0000000000..c8a209d0c3 --- /dev/null +++ b/tests/data_files/parse_input/cert_sha224.crt @@ -0,0 +1,20 @@ +-----BEGIN CERTIFICATE----- +MIIDQjCCAiqgAwIBAgIBCDANBgkqhkiG9w0BAQ4FADA7MQswCQYDVQQGEwJOTDER +MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN +MTkwMjEwMTQ0NDA2WhcNMjkwMjEwMTQ0NDA2WjA/MQswCQYDVQQGEwJOTDERMA8G +A1UECgwIUG9sYXJTU0wxHTAbBgNVBAMMFFBvbGFyU1NMIENlcnQgU0hBMjI0MIIB +IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqQIfPUBq1VVTi/027oJlLhVh +Xom/uOhFkNvuiBZS0/FDUEeWEllkh2v9K+BG+XO+3c+S4ZFb7Wagb4kpeUWA0INq +1UFDd185fAkER4KwVzlw7aPsFRkeqDMIR8EFQqn9TMO0390GH00QUUBncxMPQPht +gSVfCrFTxjB+FTms+Vruf5KepgVb5xOXhbUjktnUJAbVCSWJdQfdphqPPwkZvq1l +LGTrlZvc/kFeF6babFtpzAK6FCwWJJxK3M3Q91Jnc/EtoCP9fvQxyi1wyokLBNsu +pk9wbp7OvViJ4lNZnm5akmXiiD8MlBmj3eXonZUT7Snbq3AS3FrKaxerUoJUsQID +AQABo00wSzAJBgNVHRMEAjAAMB0GA1UdDgQWBBQfdNY/KcF0dEU7BRIsPai9Q1kC +pjAfBgNVHSMEGDAWgBS0WuSls97SUva51aaVD+s+vMf9/zANBgkqhkiG9w0BAQ4F +AAOCAQEATdo7p7dok8gcxS0dYGluXMOsAEALyHAgvAJSZUt0x8RxemJfpquv4XG/ +rppQmtA5aPf59Fo0z5GcS0zzYFLTQIcLHKnuuG0W6yjhx3e+5J1hjLbv///vvKGN +jq55z+CANkragMk6XQ/t+iXkh/Fq00FS+zbf1JLaMXOLst5dfv3uPQaJHwzX/EaE +VdognXxWudNQgIvemindk9TTQon27zBS/z6nwcBCIXMDfesAjcHuBCfxl6pofK6E +28qs4up/JayptG2CX98LGsEyAgegwTMSYGLJoWcHhrUcbF0fNOcXPgQKGTcZO4Tg +yPYGbkG9FjgaASc2gTrYVPRZ6mY19g== +-----END CERTIFICATE----- diff --git a/tests/data_files/parse_input/cert_sha256.crt b/tests/data_files/parse_input/cert_sha256.crt new file mode 100644 index 0000000000..e56d428530 --- /dev/null +++ b/tests/data_files/parse_input/cert_sha256.crt @@ -0,0 +1,20 @@ +-----BEGIN CERTIFICATE----- +MIIDQjCCAiqgAwIBAgIBCTANBgkqhkiG9w0BAQsFADA7MQswCQYDVQQGEwJOTDER +MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN +MTkwMjEwMTQ0NDA2WhcNMjkwMjEwMTQ0NDA2WjA/MQswCQYDVQQGEwJOTDERMA8G +A1UECgwIUG9sYXJTU0wxHTAbBgNVBAMMFFBvbGFyU1NMIENlcnQgU0hBMjU2MIIB +IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqQIfPUBq1VVTi/027oJlLhVh +Xom/uOhFkNvuiBZS0/FDUEeWEllkh2v9K+BG+XO+3c+S4ZFb7Wagb4kpeUWA0INq +1UFDd185fAkER4KwVzlw7aPsFRkeqDMIR8EFQqn9TMO0390GH00QUUBncxMPQPht +gSVfCrFTxjB+FTms+Vruf5KepgVb5xOXhbUjktnUJAbVCSWJdQfdphqPPwkZvq1l +LGTrlZvc/kFeF6babFtpzAK6FCwWJJxK3M3Q91Jnc/EtoCP9fvQxyi1wyokLBNsu +pk9wbp7OvViJ4lNZnm5akmXiiD8MlBmj3eXonZUT7Snbq3AS3FrKaxerUoJUsQID +AQABo00wSzAJBgNVHRMEAjAAMB0GA1UdDgQWBBQfdNY/KcF0dEU7BRIsPai9Q1kC +pjAfBgNVHSMEGDAWgBS0WuSls97SUva51aaVD+s+vMf9/zANBgkqhkiG9w0BAQsF +AAOCAQEAuo8kRDdQj3+rgqbz7bS3ZfBVCqgbQfruRZncP0s3IQJ6g7k6BNfCTO+N +tIgnCDhnhjK9DS4l1LTkQJKfcd6sfuwBxjHKWGZUqTqHWFm/O5MJwfMpxI305xXE +evDzh8LK1W3moX5OcT4bx3QsY9I4nqXQkOzjGidxhOXYA2v+X5OhRt3IJ2dzmQQu +BVXnDbzuchUfP5aeCwW6l7VX+RJOE2zlqO5yt0ejT02E44qtC5sBf24V9ko5LORw +1J7Zk34QwsKrSPSGxOuoWNwH3fJpgZQImKgJIQCsksJ+A45CK6iz0km8oTiI3Hoo +2LpE6UNx2M8jiZWVzH1L4tkg4fcCoQ== +-----END CERTIFICATE----- diff --git a/tests/data_files/parse_input/cert_sha384.crt b/tests/data_files/parse_input/cert_sha384.crt new file mode 100644 index 0000000000..f8ec10b66d --- /dev/null +++ b/tests/data_files/parse_input/cert_sha384.crt @@ -0,0 +1,20 @@ +-----BEGIN CERTIFICATE----- +MIIDQjCCAiqgAwIBAgIBCjANBgkqhkiG9w0BAQwFADA7MQswCQYDVQQGEwJOTDER +MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN +MTkwMjEwMTQ0NDA2WhcNMjkwMjEwMTQ0NDA2WjA/MQswCQYDVQQGEwJOTDERMA8G +A1UECgwIUG9sYXJTU0wxHTAbBgNVBAMMFFBvbGFyU1NMIENlcnQgU0hBMzg0MIIB +IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqQIfPUBq1VVTi/027oJlLhVh +Xom/uOhFkNvuiBZS0/FDUEeWEllkh2v9K+BG+XO+3c+S4ZFb7Wagb4kpeUWA0INq +1UFDd185fAkER4KwVzlw7aPsFRkeqDMIR8EFQqn9TMO0390GH00QUUBncxMPQPht +gSVfCrFTxjB+FTms+Vruf5KepgVb5xOXhbUjktnUJAbVCSWJdQfdphqPPwkZvq1l +LGTrlZvc/kFeF6babFtpzAK6FCwWJJxK3M3Q91Jnc/EtoCP9fvQxyi1wyokLBNsu +pk9wbp7OvViJ4lNZnm5akmXiiD8MlBmj3eXonZUT7Snbq3AS3FrKaxerUoJUsQID +AQABo00wSzAJBgNVHRMEAjAAMB0GA1UdDgQWBBQfdNY/KcF0dEU7BRIsPai9Q1kC +pjAfBgNVHSMEGDAWgBS0WuSls97SUva51aaVD+s+vMf9/zANBgkqhkiG9w0BAQwF +AAOCAQEAeyHm+emo4/QHqEVKj/MYPOsPrrcr5MupNE7WmoUA7SilVUlceIy8ApWR +MUdwnh7UPkCa6K1yvayknEbHzD2Lv9BLEf5A1/a+F/LmFXiV0kXIFue13u+z7laV +N/s/jphPVgjPwZiC1ZtOoD7WvSkIInB53j4Q3VCH6EpZxZuDO/u8CGBQ0g+9Eqhn +W3+4GFnxUPYeN17u/opt16mEPx6WFbRl9hs5wUvND/FCDEJ/9uVNiVYlPYyHKzzq +e3WXCHLYUKGESQX+85IrnmlwbAb33bM+sAM6naFafXTZEimeEpX3iYrHzhoU7aR7 +piojwAE+Yb3Ac+Hu1fY4CRO4ZHL6Zg== +-----END CERTIFICATE----- diff --git a/tests/data_files/parse_input/cert_sha512.crt b/tests/data_files/parse_input/cert_sha512.crt new file mode 100644 index 0000000000..b2254fa729 --- /dev/null +++ b/tests/data_files/parse_input/cert_sha512.crt @@ -0,0 +1,20 @@ +-----BEGIN CERTIFICATE----- +MIIDQjCCAiqgAwIBAgIBCzANBgkqhkiG9w0BAQ0FADA7MQswCQYDVQQGEwJOTDER +MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN +MTkwMjEwMTQ0NDA2WhcNMjkwMjEwMTQ0NDA2WjA/MQswCQYDVQQGEwJOTDERMA8G +A1UECgwIUG9sYXJTU0wxHTAbBgNVBAMMFFBvbGFyU1NMIENlcnQgU0hBNTEyMIIB +IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqQIfPUBq1VVTi/027oJlLhVh +Xom/uOhFkNvuiBZS0/FDUEeWEllkh2v9K+BG+XO+3c+S4ZFb7Wagb4kpeUWA0INq +1UFDd185fAkER4KwVzlw7aPsFRkeqDMIR8EFQqn9TMO0390GH00QUUBncxMPQPht +gSVfCrFTxjB+FTms+Vruf5KepgVb5xOXhbUjktnUJAbVCSWJdQfdphqPPwkZvq1l +LGTrlZvc/kFeF6babFtpzAK6FCwWJJxK3M3Q91Jnc/EtoCP9fvQxyi1wyokLBNsu +pk9wbp7OvViJ4lNZnm5akmXiiD8MlBmj3eXonZUT7Snbq3AS3FrKaxerUoJUsQID +AQABo00wSzAJBgNVHRMEAjAAMB0GA1UdDgQWBBQfdNY/KcF0dEU7BRIsPai9Q1kC +pjAfBgNVHSMEGDAWgBS0WuSls97SUva51aaVD+s+vMf9/zANBgkqhkiG9w0BAQ0F +AAOCAQEABnuq7gMU6EWqcmEcj2/wiqOFUBeH9ro0tni9JZzaDAKkBMwoeJ3RP/59 +wY92UZC/SoWPm0yLK25KTwxJhd645a5ZeRk+yi1SG+oXNgZFS03F1Orat0bM5u94 +RtzLRInGzTxhlVS8HPRya2+nEaPT9YNO25vORczPDjtrI82UnysaWiKx1OCPhdP3 +ZySAkX/zE1U8Te0+948C0vmg2aTWCSk5zutryFgHH5UojmmWAkBHpX3tIm8JMRG9 +tvp6fbIDan0LmSsVK8rq5OPSwAKMso6GF4Iuxou/jP2gI+NutenX26wrffSjlPiW +KksLNj8oL6vIUap28Oh+Gwph02biSQ== +-----END CERTIFICATE----- diff --git a/tests/data_files/parse_input/keyUsage.decipherOnly.crt b/tests/data_files/parse_input/keyUsage.decipherOnly.crt new file mode 100644 index 0000000000..7c379787a4 --- /dev/null +++ b/tests/data_files/parse_input/keyUsage.decipherOnly.crt @@ -0,0 +1,14 @@ +-----BEGIN CERTIFICATE----- +MIICFzCCAYCgAwIBAgIJAJsTzkylb95SMA0GCSqGSIb3DQEBBQUAMD8xCzAJBgNV +BAYTAkdCMRIwEAYDVQQHDAlDYW1icmlkZ2UxHDAaBgNVBAoME0RlZmF1bHQgQ29t +cGFueSBMdGQwHhcNMTUwNTEyMTAzNjU1WhcNMTgwNTExMTAzNjU1WjA/MQswCQYD +VQQGEwJHQjESMBAGA1UEBwwJQ2FtYnJpZGdlMRwwGgYDVQQKDBNEZWZhdWx0IENv +bXBhbnkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC9nxYOSbha/Ap4 +6rACrOMH7zfDD+0ZEHhbO0bgGRjc5ElvOaNuD321y9TnyAx+JrqPp/lFrAgNiVo1 +HPurPHfcJ+tNBUgBHboWGNENNaf9ovwFPawsBzEZraGnDaqVPEFcIsUQPVqO1lrQ +CHLUjtqo1hMZDqe/Web0Mw9cZrqOaQIDAQABoxswGTAJBgNVHRMEAjAAMAwGA1Ud +DwQFAwMH4IAwDQYJKoZIhvcNAQEFBQADgYEAJ0NS2wUbgRelK0qKxrR2Ts6jVYEH +bmykx3GHjFyKpscDIn2vNyyB7ygfFglZPcw+2mn3xuVIwOV/mWxFvKHk+j2WrTQL +tDqSC5BhFoR01veFu07JdEYvz+I+NCL5z0IGWXkUrk235Wl4w4WMZDnXTqncMNEk +fLtpo9y79XD00QY= +-----END CERTIFICATE----- diff --git a/tests/data_files/parse_input/multiple_san.crt b/tests/data_files/parse_input/multiple_san.crt new file mode 100644 index 0000000000..8cdc730611 --- /dev/null +++ b/tests/data_files/parse_input/multiple_san.crt @@ -0,0 +1,12 @@ +-----BEGIN CERTIFICATE----- +MIIB2jCCAYCgAwIBAgIBBDAKBggqhkjOPQQDAjBKMQswCQYDVQQGEwJVSzERMA8G +A1UECgwITWJlZCBUTFMxKDAmBgNVBAMMH01iZWQgVExTIG11bHRpcGxlIG90aGVy +bmFtZSBTQU4wHhcNMTkwNDIyMTYxMDQ4WhcNMjkwNDE5MTYxMDQ4WjBKMQswCQYD +VQQGEwJVSzERMA8GA1UECgwITWJlZCBUTFMxKDAmBgNVBAMMH01iZWQgVExTIG11 +bHRpcGxlIG90aGVybmFtZSBTQU4wWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQ3 +zFbZdgkeWnI+x1kt/yBu7nz5BpF00K0UtfdoIllikk7lANgjEf/qL9I0XV0WvYqI +wmt3DVXNiioO+gHItO3/o1cwVTBTBgNVHREETDBKggtleGFtcGxlLmNvbaAfBggr +BgEFBQcIBKATMBEGBysGAQQBEQMEBjEyMzQ1NoILZXhhbXBsZS5uZXSCDSouZXhh +bXBsZS5vcmcwCgYIKoZIzj0EAwIDSAAwRQIhAMZUkp+pcuFQ3WWdgvV4Y+tIXOyS +L6p0RtEAOi/GgigVAiB50n3rIUKjapYstPp3yOpGZGyRxnc6uRdSiMH5wLA4yw== +-----END CERTIFICATE----- diff --git a/tests/data_files/non-ascii-string-in-issuer.crt b/tests/data_files/parse_input/non-ascii-string-in-issuer.crt similarity index 100% rename from tests/data_files/non-ascii-string-in-issuer.crt rename to tests/data_files/parse_input/non-ascii-string-in-issuer.crt diff --git a/tests/data_files/rsa_multiple_san_uri.crt.der b/tests/data_files/parse_input/rsa_multiple_san_uri.crt.der similarity index 100% rename from tests/data_files/rsa_multiple_san_uri.crt.der rename to tests/data_files/parse_input/rsa_multiple_san_uri.crt.der diff --git a/tests/data_files/rsa_single_san_uri.crt.der b/tests/data_files/parse_input/rsa_single_san_uri.crt.der similarity index 100% rename from tests/data_files/rsa_single_san_uri.crt.der rename to tests/data_files/parse_input/rsa_single_san_uri.crt.der diff --git a/tests/data_files/parse_input/server1.cert_type.crt b/tests/data_files/parse_input/server1.cert_type.crt new file mode 100644 index 0000000000..34fe4f6a40 --- /dev/null +++ b/tests/data_files/parse_input/server1.cert_type.crt @@ -0,0 +1,20 @@ +-----BEGIN CERTIFICATE----- +MIIDUjCCAjqgAwIBAgIBATANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER +MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN +MTkwMjEwMTQ0NDA2WhcNMjkwMjEwMTQ0NDA2WjA8MQswCQYDVQQGEwJOTDERMA8G +A1UECgwIUG9sYXJTU0wxGjAYBgNVBAMMEVBvbGFyU1NMIFNlcnZlciAxMIIBIjAN +BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqQIfPUBq1VVTi/027oJlLhVhXom/ +uOhFkNvuiBZS0/FDUEeWEllkh2v9K+BG+XO+3c+S4ZFb7Wagb4kpeUWA0INq1UFD +d185fAkER4KwVzlw7aPsFRkeqDMIR8EFQqn9TMO0390GH00QUUBncxMPQPhtgSVf +CrFTxjB+FTms+Vruf5KepgVb5xOXhbUjktnUJAbVCSWJdQfdphqPPwkZvq1lLGTr +lZvc/kFeF6babFtpzAK6FCwWJJxK3M3Q91Jnc/EtoCP9fvQxyi1wyokLBNsupk9w +bp7OvViJ4lNZnm5akmXiiD8MlBmj3eXonZUT7Snbq3AS3FrKaxerUoJUsQIDAQAB +o2AwXjAJBgNVHRMEAjAAMB0GA1UdDgQWBBQfdNY/KcF0dEU7BRIsPai9Q1kCpjAf +BgNVHSMEGDAWgBS0WuSls97SUva51aaVD+s+vMf9/zARBglghkgBhvhCAQEEBAMC +BkAwDQYJKoZIhvcNAQEFBQADggEBAElJPaCG6aFHoymoCrzckPfjENxgXW2czh5t +TsMPshkzX5p2AU89GBGdy0gQwoPuMtcznsDe4adM6Na8f30YDffATsgDECMIWtV1 +XVYKQIwFmZzEt4B+5sUmyMOLtTuuZBThOLPwOw8e4RnILKOYPHnQNRf6Eap4lFDx +lp2pAaiXMDWH88gmWoU5XrGTppllYV0IorzJ4xV9Sg3ittNwNO40ehVQDAseFwZH +iyh9iHz4BqtWjElmQ3hL8N/Cbqp3iN15h2pUgIj8JIt9rCsIZrsG3K42iSlPzEn2 +DCzWQSj9cQNCRVJnwgJAWnC1Hx0YYFQMgQquVxnK15THTGQAeB8= +-----END CERTIFICATE----- diff --git a/tests/data_files/parse_input/server1.crt b/tests/data_files/parse_input/server1.crt new file mode 100644 index 0000000000..258da5e173 --- /dev/null +++ b/tests/data_files/parse_input/server1.crt @@ -0,0 +1,20 @@ +-----BEGIN CERTIFICATE----- +MIIDPzCCAiegAwIBAgIBATANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER +MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN +MTkwMjEwMTQ0NDA2WhcNMjkwMjEwMTQ0NDA2WjA8MQswCQYDVQQGEwJOTDERMA8G +A1UECgwIUG9sYXJTU0wxGjAYBgNVBAMMEVBvbGFyU1NMIFNlcnZlciAxMIIBIjAN +BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqQIfPUBq1VVTi/027oJlLhVhXom/ +uOhFkNvuiBZS0/FDUEeWEllkh2v9K+BG+XO+3c+S4ZFb7Wagb4kpeUWA0INq1UFD +d185fAkER4KwVzlw7aPsFRkeqDMIR8EFQqn9TMO0390GH00QUUBncxMPQPhtgSVf +CrFTxjB+FTms+Vruf5KepgVb5xOXhbUjktnUJAbVCSWJdQfdphqPPwkZvq1lLGTr +lZvc/kFeF6babFtpzAK6FCwWJJxK3M3Q91Jnc/EtoCP9fvQxyi1wyokLBNsupk9w +bp7OvViJ4lNZnm5akmXiiD8MlBmj3eXonZUT7Snbq3AS3FrKaxerUoJUsQIDAQAB +o00wSzAJBgNVHRMEAjAAMB0GA1UdDgQWBBQfdNY/KcF0dEU7BRIsPai9Q1kCpjAf +BgNVHSMEGDAWgBS0WuSls97SUva51aaVD+s+vMf9/zANBgkqhkiG9w0BAQUFAAOC +AQEAf2k5OiORp60gBNqioC2mIqSXA0CU/qzllt8IvlcMv1V0PAP9f4IEm5mdkERr +UXjnB1Tr3edrsvXLgZ9vEosbFpNMsKfsmBkpjgWG2ui8pdn8cJiws4k4h5fuueSw +Ps1FLK5Tfpi+GJyPqk4ha9Ojp2p9opuA0aIfLuxI+0UzXH4wgrEW/Yydowv959gf +gGSl766CRdUvJbXOeVryFjFTRfLFFNfTvrftZk1dl8tas1nim8xfWet+BZVvq2zY +C7LeCI9nrfuAxfMJTrWFp17y72+hCDk7NEaB2ZLVuAM/ri7LWrr2V2hLFdIAhfC2 +nUaulRRpGt/ZTISw6uSIumNoNA== +-----END CERTIFICATE----- diff --git a/tests/data_files/server1.crt.der b/tests/data_files/parse_input/server1.crt.der similarity index 100% rename from tests/data_files/server1.crt.der rename to tests/data_files/parse_input/server1.crt.der diff --git a/tests/data_files/server1.ext_ku.crt b/tests/data_files/parse_input/server1.ext_ku.crt similarity index 100% rename from tests/data_files/server1.ext_ku.crt rename to tests/data_files/parse_input/server1.ext_ku.crt diff --git a/tests/data_files/parse_input/server1.key_usage.crt b/tests/data_files/parse_input/server1.key_usage.crt new file mode 100644 index 0000000000..9d70b0018f --- /dev/null +++ b/tests/data_files/parse_input/server1.key_usage.crt @@ -0,0 +1,20 @@ +-----BEGIN CERTIFICATE----- +MIIDTzCCAjegAwIBAgIBATANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER +MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN +MTkwMjEwMTQ0NDA2WhcNMjkwMjEwMTQ0NDA2WjA8MQswCQYDVQQGEwJOTDERMA8G +A1UECgwIUG9sYXJTU0wxGjAYBgNVBAMMEVBvbGFyU1NMIFNlcnZlciAxMIIBIjAN +BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqQIfPUBq1VVTi/027oJlLhVhXom/ +uOhFkNvuiBZS0/FDUEeWEllkh2v9K+BG+XO+3c+S4ZFb7Wagb4kpeUWA0INq1UFD +d185fAkER4KwVzlw7aPsFRkeqDMIR8EFQqn9TMO0390GH00QUUBncxMPQPhtgSVf +CrFTxjB+FTms+Vruf5KepgVb5xOXhbUjktnUJAbVCSWJdQfdphqPPwkZvq1lLGTr +lZvc/kFeF6babFtpzAK6FCwWJJxK3M3Q91Jnc/EtoCP9fvQxyi1wyokLBNsupk9w +bp7OvViJ4lNZnm5akmXiiD8MlBmj3eXonZUT7Snbq3AS3FrKaxerUoJUsQIDAQAB +o10wWzAJBgNVHRMEAjAAMB0GA1UdDgQWBBQfdNY/KcF0dEU7BRIsPai9Q1kCpjAf +BgNVHSMEGDAWgBS0WuSls97SUva51aaVD+s+vMf9/zAOBgNVHQ8BAf8EBAMCBeAw +DQYJKoZIhvcNAQEFBQADggEBAHM8eESmE8CQvuCw2/w1JSWKaU9cJIvrtpJXavRC +yMEv6SQL0hxrNZBhFPM8vAiq6zBdic2HwuiZ9N/iEXuCf92SOcK4b/2/Flos0JI5 +quu4eGkwoNrOvfZUcO7SB8JHUvmJtTP+avF3QeRfHo9bHRtnyOs9GXqq+CMZiNgO +Bw+/tAOml3tV1Uf+yjp6XroWLRNMbvY1Sor4UW6FFMpOii/vlJ4450OlpcJdRU70 +LpHfxjmPNvc9YOPWve75/+CNF9lMi29UoEUYslxMPylZ/L0vYxi+xuvQBTaLiZeP +CJ59Mc63LEmJNSAwnnV8s2KXL/Okm32lf6sy0fjsrvAdoCc= +-----END CERTIFICATE----- diff --git a/tests/data_files/parse_input/server2.crt b/tests/data_files/parse_input/server2.crt new file mode 100644 index 0000000000..074519676b --- /dev/null +++ b/tests/data_files/parse_input/server2.crt @@ -0,0 +1,20 @@ +-----BEGIN CERTIFICATE----- +MIIDNzCCAh+gAwIBAgIBAjANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER +MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN +MTkwMjEwMTQ0NDA2WhcNMjkwMjEwMTQ0NDA2WjA0MQswCQYDVQQGEwJOTDERMA8G +A1UECgwIUG9sYXJTU0wxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcN +AQEBBQADggEPADCCAQoCggEBAMFNo93nzR3RBNdJcriZrA545Do8Ss86ExbQWuTN +owCIp+4ea5anUrSQ7y1yej4kmvy2NKwk9XfgJmSMnLAofaHa6ozmyRyWvP7BBFKz +NtSj+uGxdtiQwWG0ZlI2oiZTqqt0Xgd9GYLbKtgfoNkNHC1JZvdbJXNG6AuKT2kM +tQCQ4dqCEGZ9rlQri2V5kaHiYcPNQEkI7mgM8YuG0ka/0LiqEQMef1aoGh5EGA8P +hYvai0Re4hjGYi/HZo36Xdh98yeJKQHFkA4/J/EwyEoO79bex8cna8cFPXrEAjya +HT4P6DSYW8tzS1KW2BGiLICIaTla0w+w3lkvEcf36hIBMJcCAwEAAaNNMEswCQYD +VR0TBAIwADAdBgNVHQ4EFgQUpQXoZLjc32APUBJNYKhkr02LQ5MwHwYDVR0jBBgw +FoAUtFrkpbPe0lL2udWmlQ/rPrzH/f8wDQYJKoZIhvcNAQEFBQADggEBAJklg3Q4 +cB7v7BzsxM/vLyKccO6op0/gZzM4ghuLq2Y32kl0sM6kSNUUmduuq3u/+GmUZN2A +O/7c+Hw7hDFEIvZk98aBGjCLqn3DmgHIv8ToQ67nellQxx2Uj309PdgjNi/r9HOc +KNAYPbBcg6MJGWWj2TI6vNaceios/DhOYx5V0j5nfqSJ/pnU0g9Ign2LAhgYpGJE +iEM9wW7hEMkwmk0h/sqZsrJsGH5YsF/VThSq/JVO1e2mZH2vruyZKJVBq+8tDNYp +HkK6tSyVYQhzIt3StMJWKMl/o5k2AYz6tSC164+1oG+ML3LWg8XrGKa91H4UOKap +Awgk0+4m0T25cNs= +-----END CERTIFICATE----- diff --git a/tests/data_files/parse_input/server2.crt.der b/tests/data_files/parse_input/server2.crt.der new file mode 100644 index 0000000000000000000000000000000000000000..9cfa9ab1407b99e7f2937f47a7abf7f297a5c27c GIT binary patch literal 827 zcmXqLVm3EuVv=9L%*4n9L%5h)*oCMkXBRVcEPp4LJ#Bf=mI?25i>mBYX8qY_vPR`=`2)3- zo;e#dY8T#m)${D6%(OlK4zdJoHoLO;*TaovHzpiR+>#b#wn!~_)#{Qs_FBoN+gdl| z7u@8P(e+IG9<5sJ_JX_1Ka*!G!-R*ongr5n*M(?zr&dl}_$cx4SqD#!cNsh%yW1|g z?Z2>Nl_0ZReb@>qITs0j{?_hW-7ayDB#tHNA5ZK36?>!hvwEi{6u~JpTQa5Tn6# zCT2zk#>Kt{-r$In6=q>FU@(vc2BRz=ix`W@Qq~tKJMP?1;13Y;O<0k#-nZL%vVlBE zTA4+{K&(MzOVpF4o9|r;`nL1xvZ?&9?e-l1`yV;Lfyn|G;EW72RhvsJ3gq6uk$H3E z{Cj<+IR)=lEcbtqZfwyc-Mu=^{FZ0QhI30iu8PdOy>4~&{vVlBQtmcb|GV>}#=6DO zMd@40_hXGx2HmS_56@yevH!>m=XKAkA_I=gPU)|;wY{NirvLg&@f?i{61E#+niq3Q zrY^o|WVPqooGLAyKNfz;a-o;(((9IV{+oH_62C`NZ8wvI#F8YJ4rkkgc@G6n8qD%l z{C8^RrcF5#brBolulk9s`ZLw<>f2>0wd>ctnW-_=arJv$o@<(NPP?}1Oikn{R=Rs> z%b_rhll6;dnlbkL+N!Yib^q1{`91nY*P4&MmRPp;N}Y(svX#snDwp4>U9{a`S3_%W5xD%bsWkr=M6pErN#G)@x+$5{}-1U z6dMEqJt`~6;%(r$#GP7BmIax~$0Eie5|FsG{|fuf>rIS2PgCoAlHHaI??a9YW)B7f zS0;sQyF0V=PrLrIP&8TlEv\n \nkey usage \: Digital Signature, Non Repudiation, Key Encipherment\n" +x509_cert_info:"data_files/parse_input/cert_example_multi_nocn.crt":"cert. version \: 3\nserial number \: F7\:C6\:7F\:F8\:E9\:A9\:63\:F9\nissuer name \: C=NL\nsubject name \: C=NL\nissued on \: 2014-01-22 10\:04\:33\nexpires on \: 2024-01-22 10\:04\:33\nsigned using \: RSA with SHA1\nRSA key size \: 1024 bits\nbasic constraints \: CA=false\nsubject alt name \:\n dNSName \: www.shotokan-braunschweig.de\n dNSName \: www.massimo-abate.eu\n \n \nkey usage \: Digital Signature, Non Repudiation, Key Encipherment\n" X509 CRT information, Subject Alt Name with uniformResourceIdentifier depends_on:MBEDTLS_RSA_C:MBEDTLS_MD_CAN_SHA256 -x509_cert_info:"data_files/rsa_single_san_uri.crt.der":"cert. version \: 3\nserial number \: 6F\:75\:EB\:E9\:6D\:25\:BC\:88\:82\:62\:A3\:E0\:68\:A7\:37\:3B\:EC\:75\:8F\:9C\nissuer name \: C=UK, O=Mbed TLS, CN=Mbed TLS URI SAN\nsubject name \: C=UK, O=Mbed TLS, CN=Mbed TLS URI SAN\nissued on \: 2023-02-14 10\:38\:05\nexpires on \: 2043-02-09 10\:38\:05\nsigned using \: RSA with SHA-256\nRSA key size \: 2048 bits\nbasic constraints \: CA=false\nsubject alt name \:\n uniformResourceIdentifier \: urn\:example.com\:5ff40f78-9210-494f-8206-c2c082f0609c\nkey usage \: Digital Signature, Non Repudiation, Key Encipherment\n" +x509_cert_info:"data_files/parse_input/rsa_single_san_uri.crt.der":"cert. version \: 3\nserial number \: 6F\:75\:EB\:E9\:6D\:25\:BC\:88\:82\:62\:A3\:E0\:68\:A7\:37\:3B\:EC\:75\:8F\:9C\nissuer name \: C=UK, O=Mbed TLS, CN=Mbed TLS URI SAN\nsubject name \: C=UK, O=Mbed TLS, CN=Mbed TLS URI SAN\nissued on \: 2023-02-14 10\:38\:05\nexpires on \: 2043-02-09 10\:38\:05\nsigned using \: RSA with SHA-256\nRSA key size \: 2048 bits\nbasic constraints \: CA=false\nsubject alt name \:\n uniformResourceIdentifier \: urn\:example.com\:5ff40f78-9210-494f-8206-c2c082f0609c\nkey usage \: Digital Signature, Non Repudiation, Key Encipherment\n" X509 CRT information, Subject Alt Name with two uniformResourceIdentifiers depends_on:MBEDTLS_RSA_C:MBEDTLS_MD_CAN_SHA256 -x509_cert_info:"data_files/rsa_multiple_san_uri.crt.der":"cert. version \: 3\nserial number \: 08\:E2\:93\:18\:91\:26\:D8\:46\:88\:90\:10\:4F\:B5\:86\:CB\:C4\:78\:E6\:EA\:0D\nissuer name \: C=UK, O=Mbed TLS, CN=Mbed TLS URI SAN\nsubject name \: C=UK, O=Mbed TLS, CN=Mbed TLS URI SAN\nissued on \: 2023-02-14 10\:37\:50\nexpires on \: 2043-02-09 10\:37\:50\nsigned using \: RSA with SHA-256\nRSA key size \: 2048 bits\nbasic constraints \: CA=false\nsubject alt name \:\n uniformResourceIdentifier \: urn\:example.com\:5ff40f78-9210-494f-8206-c2c082f0609c\n uniformResourceIdentifier \: urn\:example.com\:5ff40f78-9210-494f-8206-abcde1234567\nkey usage \: Digital Signature, Non Repudiation, Key Encipherment\n" +x509_cert_info:"data_files/parse_input/rsa_multiple_san_uri.crt.der":"cert. version \: 3\nserial number \: 08\:E2\:93\:18\:91\:26\:D8\:46\:88\:90\:10\:4F\:B5\:86\:CB\:C4\:78\:E6\:EA\:0D\nissuer name \: C=UK, O=Mbed TLS, CN=Mbed TLS URI SAN\nsubject name \: C=UK, O=Mbed TLS, CN=Mbed TLS URI SAN\nissued on \: 2023-02-14 10\:37\:50\nexpires on \: 2043-02-09 10\:37\:50\nsigned using \: RSA with SHA-256\nRSA key size \: 2048 bits\nbasic constraints \: CA=false\nsubject alt name \:\n uniformResourceIdentifier \: urn\:example.com\:5ff40f78-9210-494f-8206-c2c082f0609c\n uniformResourceIdentifier \: urn\:example.com\:5ff40f78-9210-494f-8206-abcde1234567\nkey usage \: Digital Signature, Non Repudiation, Key Encipherment\n" X509 CRT information, RSA Certificate Policy any depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_MD_CAN_SHA256 -x509_cert_info:"data_files/test-ca-any_policy.crt":"cert. version \: 3\nserial number \: 00\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nissued on \: 2019-03-21 16\:40\:59\nexpires on \: 2029-03-21 16\:40\:59\nsigned using \: RSA with SHA-256\nRSA key size \: 2048 bits\nbasic constraints \: CA=true\ncertificate policies \: Any Policy\n" +x509_cert_info:"data_files/parse_input/test-ca-any_policy.crt":"cert. version \: 3\nserial number \: 00\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nissued on \: 2019-03-21 16\:40\:59\nexpires on \: 2029-03-21 16\:40\:59\nsigned using \: RSA with SHA-256\nRSA key size \: 2048 bits\nbasic constraints \: CA=true\ncertificate policies \: Any Policy\n" X509 CRT information, ECDSA Certificate Policy any depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_MD_CAN_SHA256 -x509_cert_info:"data_files/test-ca-any_policy_ec.crt":"cert. version \: 3\nserial number \: 00\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nsubject name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nissued on \: 2019-03-25 09\:02\:45\nexpires on \: 2029-03-25 09\:02\:45\nsigned using \: ECDSA with SHA256\nEC key size \: 384 bits\nbasic constraints \: CA=true\ncertificate policies \: Any Policy\n" +x509_cert_info:"data_files/parse_input/test-ca-any_policy_ec.crt":"cert. version \: 3\nserial number \: 00\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nsubject name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nissued on \: 2019-03-25 09\:02\:45\nexpires on \: 2029-03-25 09\:02\:45\nsigned using \: ECDSA with SHA256\nEC key size \: 384 bits\nbasic constraints \: CA=true\ncertificate policies \: Any Policy\n" X509 CRT information, RSA Certificate Policy any with qualifier depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_MD_CAN_SHA256 -x509_cert_info:"data_files/test-ca-any_policy_with_qualifier.crt":"cert. version \: 3\nserial number \: 00\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nissued on \: 2019-04-28 13\:14\:31\nexpires on \: 2029-04-28 13\:14\:31\nsigned using \: RSA with SHA-256\nRSA key size \: 2048 bits\nbasic constraints \: CA=true\ncertificate policies \: Any Policy\n" +x509_cert_info:"data_files/parse_input/test-ca-any_policy_with_qualifier.crt":"cert. version \: 3\nserial number \: 00\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nissued on \: 2019-04-28 13\:14\:31\nexpires on \: 2029-04-28 13\:14\:31\nsigned using \: RSA with SHA-256\nRSA key size \: 2048 bits\nbasic constraints \: CA=true\ncertificate policies \: Any Policy\n" X509 CRT information, ECDSA Certificate Policy any with qualifier depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_MD_CAN_SHA256 -x509_cert_info:"data_files/test-ca-any_policy_with_qualifier_ec.crt":"cert. version \: 3\nserial number \: 00\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nsubject name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nissued on \: 2019-04-28 10\:16\:05\nexpires on \: 2029-04-28 10\:16\:05\nsigned using \: ECDSA with SHA256\nEC key size \: 384 bits\nbasic constraints \: CA=true\ncertificate policies \: Any Policy\n" +x509_cert_info:"data_files/parse_input/test-ca-any_policy_with_qualifier_ec.crt":"cert. version \: 3\nserial number \: 00\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nsubject name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nissued on \: 2019-04-28 10\:16\:05\nexpires on \: 2029-04-28 10\:16\:05\nsigned using \: ECDSA with SHA256\nEC key size \: 384 bits\nbasic constraints \: CA=true\ncertificate policies \: Any Policy\n" X509 CRT information, RSA Certificate multiple Policies depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_MD_CAN_SHA256 -x509_cert_info:"data_files/test-ca-multi_policy.crt":"cert. version \: 3\nserial number \: 00\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nissued on \: 2019-04-28 12\:59\:19\nexpires on \: 2029-04-28 12\:59\:19\nsigned using \: RSA with SHA-256\nRSA key size \: 2048 bits\nbasic constraints \: CA=true\ncertificate policies \: ???, Any Policy\n" +x509_cert_info:"data_files/parse_input/test-ca-multi_policy.crt":"cert. version \: 3\nserial number \: 00\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nissued on \: 2019-04-28 12\:59\:19\nexpires on \: 2029-04-28 12\:59\:19\nsigned using \: RSA with SHA-256\nRSA key size \: 2048 bits\nbasic constraints \: CA=true\ncertificate policies \: ???, Any Policy\n" X509 CRT information, ECDSA Certificate multiple Policies depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_MD_CAN_SHA256 -x509_cert_info:"data_files/test-ca-multi_policy_ec.crt":"cert. version \: 3\nserial number \: 00\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nsubject name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nissued on \: 2019-04-28 12\:59\:51\nexpires on \: 2029-04-28 12\:59\:51\nsigned using \: ECDSA with SHA256\nEC key size \: 384 bits\nbasic constraints \: CA=true\ncertificate policies \: ???, Any Policy\n" +x509_cert_info:"data_files/parse_input/test-ca-multi_policy_ec.crt":"cert. version \: 3\nserial number \: 00\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nsubject name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nissued on \: 2019-04-28 12\:59\:51\nexpires on \: 2029-04-28 12\:59\:51\nsigned using \: ECDSA with SHA256\nEC key size \: 384 bits\nbasic constraints \: CA=true\ncertificate policies \: ???, Any Policy\n" X509 CRT information, RSA Certificate unsupported policy depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_MD_CAN_SHA256 -x509_cert_info:"data_files/test-ca-unsupported_policy.crt":"cert. version \: 3\nserial number \: 00\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nissued on \: 2019-04-28 13\:00\:13\nexpires on \: 2029-04-28 13\:00\:13\nsigned using \: RSA with SHA-256\nRSA key size \: 2048 bits\nbasic constraints \: CA=true\ncertificate policies \: ???\n" +x509_cert_info:"data_files/parse_input/test-ca-unsupported_policy.crt":"cert. version \: 3\nserial number \: 00\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nissued on \: 2019-04-28 13\:00\:13\nexpires on \: 2029-04-28 13\:00\:13\nsigned using \: RSA with SHA-256\nRSA key size \: 2048 bits\nbasic constraints \: CA=true\ncertificate policies \: ???\n" X509 CRT information, ECDSA Certificate unsupported policy depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_MD_CAN_SHA256 -x509_cert_info:"data_files/test-ca-unsupported_policy_ec.crt":"cert. version \: 3\nserial number \: 00\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nsubject name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nissued on \: 2019-04-28 13\:00\:19\nexpires on \: 2029-04-28 13\:00\:19\nsigned using \: ECDSA with SHA256\nEC key size \: 384 bits\nbasic constraints \: CA=true\ncertificate policies \: ???\n" +x509_cert_info:"data_files/parse_input/test-ca-unsupported_policy_ec.crt":"cert. version \: 3\nserial number \: 00\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nsubject name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nissued on \: 2019-04-28 13\:00\:19\nexpires on \: 2029-04-28 13\:00\:19\nsigned using \: ECDSA with SHA256\nEC key size \: 384 bits\nbasic constraints \: CA=true\ncertificate policies \: ???\n" X509 CRT information, Key Usage + Extended Key Usage depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_MD_CAN_SHA256 -x509_cert_info:"data_files/server1.ext_ku.crt":"cert. version \: 3\nserial number \: 21\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Server 1\nissued on \: 2014-04-01 14\:44\:43\nexpires on \: 2024-03-29 14\:44\:43\nsigned using \: RSA with SHA-256\nRSA key size \: 2048 bits\nbasic constraints \: CA=false\nkey usage \: Digital Signature, Non Repudiation, Key Encipherment\next key usage \: TLS Web Server Authentication\n" +x509_cert_info:"data_files/parse_input/server1.ext_ku.crt":"cert. version \: 3\nserial number \: 21\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Server 1\nissued on \: 2014-04-01 14\:44\:43\nexpires on \: 2024-03-29 14\:44\:43\nsigned using \: RSA with SHA-256\nRSA key size \: 2048 bits\nbasic constraints \: CA=false\nkey usage \: Digital Signature, Non Repudiation, Key Encipherment\next key usage \: TLS Web Server Authentication\n" X509 CRT information RSA signed by EC depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_MD_CAN_SHA256:MBEDTLS_PK_CAN_ECDSA_SOME -x509_cert_info:"data_files/server4.crt":"cert. version \: 3\nserial number \: 08\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nissued on \: 2013-09-24 15\:52\:04\nexpires on \: 2023-09-22 15\:52\:04\nsigned using \: ECDSA with SHA256\nRSA key size \: 2048 bits\nbasic constraints \: CA=false\n" +x509_cert_info:"data_files/parse_input/server4.crt":"cert. version \: 3\nserial number \: 08\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nissued on \: 2013-09-24 15\:52\:04\nexpires on \: 2023-09-22 15\:52\:04\nsigned using \: ECDSA with SHA256\nRSA key size \: 2048 bits\nbasic constraints \: CA=false\n" X509 CRT information EC signed by RSA depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_DP_SECP192R1_ENABLED:MBEDTLS_MD_CAN_SHA1:MBEDTLS_RSA_C -x509_cert_info:"data_files/server3.crt":"cert. version \: 3\nserial number \: 0D\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nissued on \: 2013-08-09 09\:17\:03\nexpires on \: 2023-08-07 09\:17\:03\nsigned using \: RSA with SHA1\nEC key size \: 192 bits\nbasic constraints \: CA=false\n" +x509_cert_info:"data_files/parse_input/server3.crt":"cert. version \: 3\nserial number \: 0D\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nissued on \: 2013-08-09 09\:17\:03\nexpires on \: 2023-08-07 09\:17\:03\nsigned using \: RSA with SHA1\nEC key size \: 192 bits\nbasic constraints \: CA=false\n" X509 CRT information Bitstring in subject name depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_MD_CAN_SHA1 -x509_cert_info:"data_files/bitstring-in-dn.pem":"cert. version \: 3\nserial number \: 02\nissuer name \: CN=Test CA 01, ST=Ecnivorp, C=XX, emailAddress=tca@example.com, O=Test CA Authority\nsubject name \: C=XX, O=tca, ST=Ecnivorp, OU=TCA, CN=Client, emailAddress=client@example.com, serialNumber=7101012255, uniqueIdentifier=?7101012255\nissued on \: 2015-03-11 12\:06\:51\nexpires on \: 2025-03-08 12\:06\:51\nsigned using \: RSA with SHA1\nRSA key size \: 2048 bits\nbasic constraints \: CA=false\nsubject alt name \:\n rfc822Name \: client@example.com\next key usage \: TLS Web Client Authentication\n" +x509_cert_info:"data_files/parse_input/bitstring-in-dn.pem":"cert. version \: 3\nserial number \: 02\nissuer name \: CN=Test CA 01, ST=Ecnivorp, C=XX, emailAddress=tca@example.com, O=Test CA Authority\nsubject name \: C=XX, O=tca, ST=Ecnivorp, OU=TCA, CN=Client, emailAddress=client@example.com, serialNumber=7101012255, uniqueIdentifier=?7101012255\nissued on \: 2015-03-11 12\:06\:51\nexpires on \: 2025-03-08 12\:06\:51\nsigned using \: RSA with SHA1\nRSA key size \: 2048 bits\nbasic constraints \: CA=false\nsubject alt name \:\n rfc822Name \: client@example.com\next key usage \: TLS Web Client Authentication\n" X509 CRT information Non-ASCII string in issuer name and subject name depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_MD_CAN_SHA256 -x509_cert_info:"data_files/non-ascii-string-in-issuer.crt":"cert. version \: 3\nserial number \: 05\:E6\:53\:E7\:1B\:74\:F0\:B5\:D3\:84\:6D\:0C\:6D\:DC\:FA\:3F\:A4\:5A\:2B\:E0\nissuer name \: C=JP, ST=Tokyo, O=?????????????????? Ltd, CN=?????????????????? CA\nsubject name \: C=JP, ST=Tokyo, O=?????????????????? Ltd, CN=?????????????????? CA\nissued on \: 2020-05-20 16\:17\:23\nexpires on \: 2020-06-19 16\:17\:23\nsigned using \: RSA with SHA-256\nRSA key size \: 2048 bits\nbasic constraints \: CA=true\n" +x509_cert_info:"data_files/parse_input/non-ascii-string-in-issuer.crt":"cert. version \: 3\nserial number \: 05\:E6\:53\:E7\:1B\:74\:F0\:B5\:D3\:84\:6D\:0C\:6D\:DC\:FA\:3F\:A4\:5A\:2B\:E0\nissuer name \: C=JP, ST=Tokyo, O=?????????????????? Ltd, CN=?????????????????? CA\nsubject name \: C=JP, ST=Tokyo, O=?????????????????? Ltd, CN=?????????????????? CA\nissued on \: 2020-05-20 16\:17\:23\nexpires on \: 2020-06-19 16\:17\:23\nsigned using \: RSA with SHA-256\nRSA key size \: 2048 bits\nbasic constraints \: CA=true\n" X509 SAN parsing otherName depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_MD_CAN_SHA256 From 1c3cfb3ed618359be87181425df19d2d2d0a54fe Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Mon, 29 May 2023 17:28:42 +0800 Subject: [PATCH 170/328] change path of x509parse_crt_file input data - Move data_files/server1_pathlen_int_max.crt->data_files/parse_input/server1_pathlen_int_max.crt - Move data_files/server1_pathlen_int_max-1.crt->data_files/parse_input/server1_pathlen_int_max-1.crt - Copy data_files/server7_int-ca.crt->data_files/parse_input/server7_int-ca.crt - Move data_files/server7_pem_space.crt->data_files/parse_input/server7_pem_space.crt - Move data_files/server7_all_space.crt->data_files/parse_input/server7_all_space.crt - Move data_files/server7_trailing_space.crt->data_files/parse_input/server7_trailing_space.crt - Move data_files/cli-rsa-sha256-badalg.crt.der->data_files/parse_input/cli-rsa-sha256-badalg.crt.der Signed-off-by: Jerry Yu --- .../cli-rsa-sha256-badalg.crt.der | Bin .../server1_pathlen_int_max-1.crt | 0 .../server1_pathlen_int_max.crt | 0 .../{ => parse_input}/server7_all_space.crt | 0 .../data_files/parse_input/server7_int-ca.crt | 47 ++++++++++++++++++ .../{ => parse_input}/server7_pem_space.crt | 0 .../server7_trailing_space.crt | 0 tests/suites/test_suite_x509parse.data | 14 +++--- 8 files changed, 54 insertions(+), 7 deletions(-) rename tests/data_files/{ => parse_input}/cli-rsa-sha256-badalg.crt.der (100%) rename tests/data_files/{ => parse_input}/server1_pathlen_int_max-1.crt (100%) rename tests/data_files/{ => parse_input}/server1_pathlen_int_max.crt (100%) rename tests/data_files/{ => parse_input}/server7_all_space.crt (100%) create mode 100644 tests/data_files/parse_input/server7_int-ca.crt rename tests/data_files/{ => parse_input}/server7_pem_space.crt (100%) rename tests/data_files/{ => parse_input}/server7_trailing_space.crt (100%) diff --git a/tests/data_files/cli-rsa-sha256-badalg.crt.der b/tests/data_files/parse_input/cli-rsa-sha256-badalg.crt.der similarity index 100% rename from tests/data_files/cli-rsa-sha256-badalg.crt.der rename to tests/data_files/parse_input/cli-rsa-sha256-badalg.crt.der diff --git a/tests/data_files/server1_pathlen_int_max-1.crt b/tests/data_files/parse_input/server1_pathlen_int_max-1.crt similarity index 100% rename from tests/data_files/server1_pathlen_int_max-1.crt rename to tests/data_files/parse_input/server1_pathlen_int_max-1.crt diff --git a/tests/data_files/server1_pathlen_int_max.crt b/tests/data_files/parse_input/server1_pathlen_int_max.crt similarity index 100% rename from tests/data_files/server1_pathlen_int_max.crt rename to tests/data_files/parse_input/server1_pathlen_int_max.crt diff --git a/tests/data_files/server7_all_space.crt b/tests/data_files/parse_input/server7_all_space.crt similarity index 100% rename from tests/data_files/server7_all_space.crt rename to tests/data_files/parse_input/server7_all_space.crt diff --git a/tests/data_files/parse_input/server7_int-ca.crt b/tests/data_files/parse_input/server7_int-ca.crt new file mode 100644 index 0000000000..d3ddc46a8b --- /dev/null +++ b/tests/data_files/parse_input/server7_int-ca.crt @@ -0,0 +1,47 @@ +-----BEGIN CERTIFICATE----- +MIIDwjCCAaqgAwIBAgIBEDANBgkqhkiG9w0BAQsFADBIMQswCQYDVQQGEwJOTDER +MA8GA1UEChMIUG9sYXJTU0wxJjAkBgNVBAMTHVBvbGFyU1NMIFRlc3QgSW50ZXJt +ZWRpYXRlIENBMB4XDTEzMDkyNDE2MTIyNFoXDTIzMDkyMjE2MTIyNFowNDELMAkG +A1UEBhMCTkwxETAPBgNVBAoTCFBvbGFyU1NMMRIwEAYDVQQDEwlsb2NhbGhvc3Qw +WTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQcbffp2qXqoZyychmoCRxzrd4Vu96m +47NPBehtEC46aTeXgDnBdf++znABrAtfXBRNQz8ARIeYBmskr22rlKjyo4GVMIGS +MAkGA1UdEwQCMAAwHQYDVR0OBBYEFNIK06V3H85VsFxGoo5zbL+hYCa7MGYGA1Ud +IwRfMF2AFDh32Gt3nCh3gotO2BupHveUFrcOoUKkQDA+MQswCQYDVQQGEwJOTDER +MA8GA1UEChMIUG9sYXJTU0wxHDAaBgNVBAMTE1BvbGFyc3NsIFRlc3QgRUMgQ0GC +AQ4wDQYJKoZIhvcNAQELBQADggIBADRoQ5fHKw+vkl0D3aqLX1XrZidb+25AWbhr +FYXdaskN219PrXBL3cV8x5tK6qsPKSyyw1lue80OmhXs/w7PJkOHHUSWRnmTv7lr +8Us3Zr/yOF/VVqzdGs7DlOTpyzEBdugI9uar/aCqHDoltN8wOduOoQB9aojYpROj ++gjlEO0mgt/87XpjYOig1o0jv44QYDQZQzpj1zeIn6WMe6xk9YDwCLMjRIpg++c7 +QyxvcEJTn80wX1SaEBM2gau97G7bORLMwBVkMT4oSY+iKYgpPpawOnMJbqUP73Dm +yfJExDdrW/BbWZ/vKIcSqSZIbkHdkNjUDVHczyVwQxZxzvLFw/B1k9s7jYFsi5eK +TNAdXFa4et1H2sd+uhu24GxsjmJioDrftixcgzPVBjDCjH8QWkBEX292WJ58on0e +deWLpZUnzPdE1B4rsiPw1Vg28mGgr2O1xgBQr/fx6A+8ItNTzAXbZfEcult9ypwM +0b6YDNe5IvdKk8iwz3mof0VNy47K6xoCaE/fxxWkjoXK8x2wfswGeP2QgUzQE93b +OtjdHpsG1c7gIVFQmKATyAPUz4vqmezgNRleXU0oL0PYtoCmKQ51UjNMUfmO9xCj +VJaNa2iTQ5Dgic+CW4TYAgj5/9g9X3WfwnDNxrZ0UxxawGElczHXqbrNleTtPaKp +a8Si6UK5 +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIEATCCA4egAwIBAgIBDjAKBggqhkjOPQQDAjA+MQswCQYDVQQGEwJOTDERMA8G +A1UEChMIUG9sYXJTU0wxHDAaBgNVBAMTE1BvbGFyc3NsIFRlc3QgRUMgQ0EwHhcN +MTMwOTI0MTU1NTE0WhcNMjMwOTIyMTU1NTE0WjBIMQswCQYDVQQGEwJOTDERMA8G +A1UEChMIUG9sYXJTU0wxJjAkBgNVBAMTHVBvbGFyU1NMIFRlc3QgSW50ZXJtZWRp +YXRlIENBMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAo1Oc8nr6fMTq +vowV+CpC55i5BZGFGc50Eb4RLBSRTH1e7JepdFjAVbBtyQRJSiY1ja0tgLQDDKZR +wfEI+b4azse460InPHv7C1TN0upXlxuj6m9B1IlP+sBaM7WBC6dVfPO+jVMIxgkF +CaBCLhhdK1Fjf8HjkT/PkctWnho8NTwivc9+nqRZjXe/eIcqm5HwjDDhu+gz+o0g +Vz9MfZNi1JyCrOyNZcy+cr2QeNnNVGnFq8xTxtu6dLunhpmLFj2mm0Vjwa7Ypj5q +AjpqTMtDvqbRuToyoyzajhMNcCAf7gwzIupJJFVdjdtgYAcQwzikwF5HoITJzzJ2 +qgxF7CmvGZNb7G99mLdLdhtclH3wAQKHYwEGJo7XKyNEuHPQgB+e0cg1SD1HqlAM +uCfGGTWQ6me7Bjan3t0NzoTdDq6IpKTesbaY+/9e2xn8DCrhBKLXQMZFDZqUoLYA +kGPOEGgvlPnIIXAawouxCaNYEh5Uw871YMSPT28rLdFr49dwYOtDg9foA8hDIW2P +d6KXbrZteesvA1nYzEOs+3AjrbT79Md2W8Bz9bqBVNlNOESSqm4kiCJFmslm/6br +Np0MSQd+o22PQ4xRtmP6UsTfU0ueiMpYc8TYYhMbfnfFyo4m707ebcflPbBEN2dg +updQ66cvfCJB0QJt9upafY0lpdV1qUkCAwEAAaOBoDCBnTAdBgNVHQ4EFgQUOHfY +a3ecKHeCi07YG6ke95QWtw4wbgYDVR0jBGcwZYAUnW0gJEkBPyvLeLUZvH4kydv7 +NnyhQqRAMD4xCzAJBgNVBAYTAk5MMREwDwYDVQQKEwhQb2xhclNTTDEcMBoGA1UE +AxMTUG9sYXJzc2wgVGVzdCBFQyBDQYIJAMFD4n5iQ8zoMAwGA1UdEwQFMAMBAf8w +CgYIKoZIzj0EAwIDaAAwZQIxAPyE+u+eP7gRrSFjQicmpYg8jiFUCYEowWY2zuOG +i1HXYwmpDHfasQ3rNSuf/gHvjwIwbSSjumDk+uYNci/KMELDsD0MFHxZhhBc9Hp9 +Af5cNR8KhzegznL6amRObGGKmX1F +-----END CERTIFICATE----- diff --git a/tests/data_files/server7_pem_space.crt b/tests/data_files/parse_input/server7_pem_space.crt similarity index 100% rename from tests/data_files/server7_pem_space.crt rename to tests/data_files/parse_input/server7_pem_space.crt diff --git a/tests/data_files/server7_trailing_space.crt b/tests/data_files/parse_input/server7_trailing_space.crt similarity index 100% rename from tests/data_files/server7_trailing_space.crt rename to tests/data_files/parse_input/server7_trailing_space.crt diff --git a/tests/suites/test_suite_x509parse.data b/tests/suites/test_suite_x509parse.data index 351ba2f70c..0645ecdf1f 100644 --- a/tests/suites/test_suite_x509parse.data +++ b/tests/suites/test_suite_x509parse.data @@ -2027,11 +2027,11 @@ x509parse_crt:"3081b030819aa0030201028204deadbeef300d06092a864886f70d01010b05003 X509 CRT ASN1 (inv extBasicConstraint, pathlen is INT_MAX) depends_on:MBEDTLS_RSA_C:MBEDTLS_MD_CAN_SHA256:MBEDTLS_MD_CAN_SHA1 -x509parse_crt_file:"data_files/server1_pathlen_int_max.crt":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_INVALID_LENGTH +x509parse_crt_file:"data_files/parse_input/server1_pathlen_int_max.crt":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_INVALID_LENGTH X509 CRT ASN1 (pathlen is INT_MAX-1) depends_on:MBEDTLS_RSA_C:MBEDTLS_MD_CAN_SHA256:MBEDTLS_MD_CAN_SHA1 -x509parse_crt_file:"data_files/server1_pathlen_int_max-1.crt":0 +x509parse_crt_file:"data_files/parse_input/server1_pathlen_int_max-1.crt":0 X509 CRT ASN1 (TBS, inv extBasicConstraint, pathlen inv length encoding) depends_on:MBEDTLS_RSA_C:MBEDTLS_MD_CAN_SHA256 @@ -3059,23 +3059,23 @@ mbedtls_x509_csr_parse_file:"data_files/test_csr_v3_all_malformed_extension_type X509 File parse (no issues) depends_on:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_MD_CAN_SHA256:MBEDTLS_RSA_C -x509parse_crt_file:"data_files/server7_int-ca.crt":0 +x509parse_crt_file:"data_files/parse_input/server7_int-ca.crt":0 X509 File parse (extra space in one certificate) depends_on:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_MD_CAN_SHA256:MBEDTLS_RSA_C -x509parse_crt_file:"data_files/server7_pem_space.crt":1 +x509parse_crt_file:"data_files/parse_input/server7_pem_space.crt":1 X509 File parse (all certificates fail) depends_on:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_RSA_C -x509parse_crt_file:"data_files/server7_all_space.crt":MBEDTLS_ERR_PEM_INVALID_DATA + MBEDTLS_ERR_BASE64_INVALID_CHARACTER +x509parse_crt_file:"data_files/parse_input/server7_all_space.crt":MBEDTLS_ERR_PEM_INVALID_DATA + MBEDTLS_ERR_BASE64_INVALID_CHARACTER X509 File parse (trailing spaces, OK) depends_on:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_MD_CAN_SHA256:MBEDTLS_RSA_C -x509parse_crt_file:"data_files/server7_trailing_space.crt":0 +x509parse_crt_file:"data_files/parse_input/server7_trailing_space.crt":0 X509 File parse (Algorithm Params Tag mismatch) depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_RSA_C -x509parse_crt_file:"data_files/cli-rsa-sha256-badalg.crt.der":MBEDTLS_ERR_X509_SIG_MISMATCH +x509parse_crt_file:"data_files/parse_input/cli-rsa-sha256-badalg.crt.der":MBEDTLS_ERR_X509_SIG_MISMATCH X509 Get time (UTC no issues) depends_on:MBEDTLS_X509_USE_C From e8e7bbb59d663f34b42ec16b39173bc1c125a4c2 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Mon, 29 May 2023 17:28:43 +0800 Subject: [PATCH 171/328] change path of x509_parse_san input data - Move data_files/server5-othername.crt->data_files/parse_input/server5-othername.crt - Move data_files/server5-nonprintable_othername.crt->data_files/parse_input/server5-nonprintable_othername.crt - Move data_files/server5-directoryname.crt.der->data_files/parse_input/server5-directoryname.crt.der - Move data_files/server5-directoryname-seq-malformed.crt.der->data_files/parse_input/server5-directoryname-seq-malformed.crt.der - Move data_files/server5-second-directoryname-oid-malformed.crt.der->data_files/parse_input/server5-second-directoryname-oid-malformed.crt.der - Copy data_files/cert_example_multi.crt->data_files/parse_input/cert_example_multi.crt - Move data_files/multiple_san.crt->data_files/parse_input/multiple_san.crt - Copy data_files/server4.crt->data_files/parse_input/server4.crt - Move data_files/server5-unsupported_othername.crt->data_files/parse_input/server5-unsupported_othername.crt - Move data_files/test_cert_rfc822name.crt.der->data_files/parse_input/test_cert_rfc822name.crt.der Signed-off-by: Jerry Yu --- tests/data_files/multiple_san.crt | 12 ----------- ...erver5-directoryname-seq-malformed.crt.der | Bin ...second-directoryname-oid-malformed.crt.der | Bin .../server5-unsupported_othername.crt | 0 .../test_cert_rfc822name.crt.der | Bin .../data_files/server5-directoryname.crt.der | Bin 498 -> 0 bytes .../server5-nonprintable_othername.crt | 12 ----------- tests/data_files/server5-othername.crt | 11 ---------- tests/suites/test_suite_x509parse.data | 20 +++++++++--------- 9 files changed, 10 insertions(+), 45 deletions(-) delete mode 100644 tests/data_files/multiple_san.crt rename tests/data_files/{ => parse_input}/server5-directoryname-seq-malformed.crt.der (100%) rename tests/data_files/{ => parse_input}/server5-second-directoryname-oid-malformed.crt.der (100%) rename tests/data_files/{ => parse_input}/server5-unsupported_othername.crt (100%) rename tests/data_files/{ => parse_input}/test_cert_rfc822name.crt.der (100%) delete mode 100644 tests/data_files/server5-directoryname.crt.der delete mode 100644 tests/data_files/server5-nonprintable_othername.crt delete mode 100644 tests/data_files/server5-othername.crt diff --git a/tests/data_files/multiple_san.crt b/tests/data_files/multiple_san.crt deleted file mode 100644 index 8cdc730611..0000000000 --- a/tests/data_files/multiple_san.crt +++ /dev/null @@ -1,12 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIB2jCCAYCgAwIBAgIBBDAKBggqhkjOPQQDAjBKMQswCQYDVQQGEwJVSzERMA8G -A1UECgwITWJlZCBUTFMxKDAmBgNVBAMMH01iZWQgVExTIG11bHRpcGxlIG90aGVy -bmFtZSBTQU4wHhcNMTkwNDIyMTYxMDQ4WhcNMjkwNDE5MTYxMDQ4WjBKMQswCQYD -VQQGEwJVSzERMA8GA1UECgwITWJlZCBUTFMxKDAmBgNVBAMMH01iZWQgVExTIG11 -bHRpcGxlIG90aGVybmFtZSBTQU4wWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQ3 -zFbZdgkeWnI+x1kt/yBu7nz5BpF00K0UtfdoIllikk7lANgjEf/qL9I0XV0WvYqI -wmt3DVXNiioO+gHItO3/o1cwVTBTBgNVHREETDBKggtleGFtcGxlLmNvbaAfBggr -BgEFBQcIBKATMBEGBysGAQQBEQMEBjEyMzQ1NoILZXhhbXBsZS5uZXSCDSouZXhh -bXBsZS5vcmcwCgYIKoZIzj0EAwIDSAAwRQIhAMZUkp+pcuFQ3WWdgvV4Y+tIXOyS -L6p0RtEAOi/GgigVAiB50n3rIUKjapYstPp3yOpGZGyRxnc6uRdSiMH5wLA4yw== ------END CERTIFICATE----- diff --git a/tests/data_files/server5-directoryname-seq-malformed.crt.der b/tests/data_files/parse_input/server5-directoryname-seq-malformed.crt.der similarity index 100% rename from tests/data_files/server5-directoryname-seq-malformed.crt.der rename to tests/data_files/parse_input/server5-directoryname-seq-malformed.crt.der diff --git a/tests/data_files/server5-second-directoryname-oid-malformed.crt.der b/tests/data_files/parse_input/server5-second-directoryname-oid-malformed.crt.der similarity index 100% rename from tests/data_files/server5-second-directoryname-oid-malformed.crt.der rename to tests/data_files/parse_input/server5-second-directoryname-oid-malformed.crt.der diff --git a/tests/data_files/server5-unsupported_othername.crt b/tests/data_files/parse_input/server5-unsupported_othername.crt similarity index 100% rename from tests/data_files/server5-unsupported_othername.crt rename to tests/data_files/parse_input/server5-unsupported_othername.crt diff --git a/tests/data_files/test_cert_rfc822name.crt.der b/tests/data_files/parse_input/test_cert_rfc822name.crt.der similarity index 100% rename from tests/data_files/test_cert_rfc822name.crt.der rename to tests/data_files/parse_input/test_cert_rfc822name.crt.der diff --git a/tests/data_files/server5-directoryname.crt.der b/tests/data_files/server5-directoryname.crt.der deleted file mode 100644 index 4badea1a279ff3e58a340bdafe353563bb93355e..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 498 zcmXqLVti-N#5iREGZP~d6Qi#I7aNCGo5wj@7G@>`S3_%W5xD%bsWkr=M6pErN#G)@x+$5{}-1U z6dMEqJt`~6;%(r$#GP7BmIax~$0Eie5|FsG{|fuf>rIS2PgCoAlHHaI??a9YW)B7f zS0;sQyF0V=PrLrIP&8TlEv Date: Mon, 29 May 2023 17:28:44 +0800 Subject: [PATCH 172/328] change path of mbedtls_x509_csr_info input data - Copy data_files/server1.req.md5->data_files/parse_input/server1.req.md5 - Copy data_files/server1.req.sha1->data_files/parse_input/server1.req.sha1 - Copy data_files/server1.req.sha224->data_files/parse_input/server1.req.sha224 - Copy data_files/server1.req.sha256->data_files/parse_input/server1.req.sha256 - Copy data_files/server1.req.sha384->data_files/parse_input/server1.req.sha384 - Copy data_files/server1.req.sha512->data_files/parse_input/server1.req.sha512 - Move data_files/server1.req.commas.sha256->data_files/parse_input/server1.req.commas.sha256 - Move data_files/server5.req.sha1->data_files/parse_input/server5.req.sha1 - Move data_files/server5.req.sha224->data_files/parse_input/server5.req.sha224 - Move data_files/server5.req.sha256->data_files/parse_input/server5.req.sha256 - Move data_files/server5.req.sha384->data_files/parse_input/server5.req.sha384 - Move data_files/server5.req.sha512->data_files/parse_input/server5.req.sha512 - Move data_files/server9.req.sha1->data_files/parse_input/server9.req.sha1 - Move data_files/server9.req.sha224->data_files/parse_input/server9.req.sha224 - Move data_files/server9.req.sha256->data_files/parse_input/server9.req.sha256 - Move data_files/server9.req.sha384->data_files/parse_input/server9.req.sha384 - Move data_files/server9.req.sha512->data_files/parse_input/server9.req.sha512 - Move data_files/server1-ms.req.sha256->data_files/parse_input/server1-ms.req.sha256 - Move data_files/test_csr_v3_all.csr.der->data_files/parse_input/test_csr_v3_all.csr.der - Move data_files/test_csr_v3_nsCertType.csr.der->data_files/parse_input/test_csr_v3_nsCertType.csr.der - Move data_files/test_csr_v3_subjectAltName.csr.der->data_files/parse_input/test_csr_v3_subjectAltName.csr.der - Move data_files/test_csr_v3_keyUsage.csr.der->data_files/parse_input/test_csr_v3_keyUsage.csr.der Signed-off-by: Jerry Yu --- .../{ => parse_input}/server1-ms.req.sha256 | 0 .../server1.req.commas.sha256 | 0 tests/data_files/parse_input/server1.req.md5 | 16 +++++++ tests/data_files/parse_input/server1.req.sha1 | 16 +++++++ .../data_files/parse_input/server1.req.sha224 | 16 +++++++ .../data_files/parse_input/server1.req.sha256 | 16 +++++++ .../data_files/parse_input/server1.req.sha384 | 16 +++++++ .../data_files/parse_input/server1.req.sha512 | 16 +++++++ .../{ => parse_input}/server5.req.sha1 | 0 .../{ => parse_input}/server5.req.sha224 | 0 .../{ => parse_input}/server5.req.sha256 | 0 .../{ => parse_input}/server5.req.sha384 | 0 .../{ => parse_input}/server5.req.sha512 | 0 .../{ => parse_input}/server9.req.sha1 | 0 .../{ => parse_input}/server9.req.sha224 | 0 .../{ => parse_input}/server9.req.sha256 | 0 .../{ => parse_input}/server9.req.sha384 | 0 .../{ => parse_input}/server9.req.sha512 | 0 .../{ => parse_input}/test_csr_v3_all.csr.der | Bin .../test_csr_v3_keyUsage.csr.der | Bin .../test_csr_v3_nsCertType.csr.der | Bin .../test_csr_v3_subjectAltName.csr.der | Bin tests/suites/test_suite_x509parse.data | 44 +++++++++--------- 23 files changed, 118 insertions(+), 22 deletions(-) rename tests/data_files/{ => parse_input}/server1-ms.req.sha256 (100%) rename tests/data_files/{ => parse_input}/server1.req.commas.sha256 (100%) create mode 100644 tests/data_files/parse_input/server1.req.md5 create mode 100644 tests/data_files/parse_input/server1.req.sha1 create mode 100644 tests/data_files/parse_input/server1.req.sha224 create mode 100644 tests/data_files/parse_input/server1.req.sha256 create mode 100644 tests/data_files/parse_input/server1.req.sha384 create mode 100644 tests/data_files/parse_input/server1.req.sha512 rename tests/data_files/{ => parse_input}/server5.req.sha1 (100%) rename tests/data_files/{ => parse_input}/server5.req.sha224 (100%) rename tests/data_files/{ => parse_input}/server5.req.sha256 (100%) rename tests/data_files/{ => parse_input}/server5.req.sha384 (100%) rename tests/data_files/{ => parse_input}/server5.req.sha512 (100%) rename tests/data_files/{ => parse_input}/server9.req.sha1 (100%) rename tests/data_files/{ => parse_input}/server9.req.sha224 (100%) rename tests/data_files/{ => parse_input}/server9.req.sha256 (100%) rename tests/data_files/{ => parse_input}/server9.req.sha384 (100%) rename tests/data_files/{ => parse_input}/server9.req.sha512 (100%) rename tests/data_files/{ => parse_input}/test_csr_v3_all.csr.der (100%) rename tests/data_files/{ => parse_input}/test_csr_v3_keyUsage.csr.der (100%) rename tests/data_files/{ => parse_input}/test_csr_v3_nsCertType.csr.der (100%) rename tests/data_files/{ => parse_input}/test_csr_v3_subjectAltName.csr.der (100%) diff --git a/tests/data_files/server1-ms.req.sha256 b/tests/data_files/parse_input/server1-ms.req.sha256 similarity index 100% rename from tests/data_files/server1-ms.req.sha256 rename to tests/data_files/parse_input/server1-ms.req.sha256 diff --git a/tests/data_files/server1.req.commas.sha256 b/tests/data_files/parse_input/server1.req.commas.sha256 similarity index 100% rename from tests/data_files/server1.req.commas.sha256 rename to tests/data_files/parse_input/server1.req.commas.sha256 diff --git a/tests/data_files/parse_input/server1.req.md5 b/tests/data_files/parse_input/server1.req.md5 new file mode 100644 index 0000000000..57714ede37 --- /dev/null +++ b/tests/data_files/parse_input/server1.req.md5 @@ -0,0 +1,16 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIICgTCCAWkCAQAwPDELMAkGA1UEBhMCTkwxETAPBgNVBAoMCFBvbGFyU1NMMRow +GAYDVQQDDBFQb2xhclNTTCBTZXJ2ZXIgMTCCASIwDQYJKoZIhvcNAQEBBQADggEP +ADCCAQoCggEBAKkCHz1AatVVU4v9Nu6CZS4VYV6Jv7joRZDb7ogWUtPxQ1BHlhJZ +ZIdr/SvgRvlzvt3PkuGRW+1moG+JKXlFgNCDatVBQ3dfOXwJBEeCsFc5cO2j7BUZ +HqgzCEfBBUKp/UzDtN/dBh9NEFFAZ3MTD0D4bYElXwqxU8YwfhU5rPla7n+SnqYF +W+cTl4W1I5LZ1CQG1QkliXUH3aYajz8JGb6tZSxk65Wb3P5BXhem2mxbacwCuhQs +FiScStzN0PdSZ3PxLaAj/X70McotcMqJCwTbLqZPcG6ezr1YieJTWZ5uWpJl4og/ +DJQZo93l6J2VE+0p26twEtxaymsXq1KCVLECAwEAAaAAMA0GCSqGSIb3DQEBBAUA +A4IBAQCEiv3QM4xyKhYTsoOjyzQdXMhsXK3Kpw+Rh874Hf6pXHxUaYy7xLUZUx6K +x5Bvem1HMHAdmOqYTzsE9ZblAMZNRwv/CKGS3pvMkx/VZwXQhFGlHLFG//fPrgl3 +j4dt20QsWP8LnL4LweYSYI1wt1rjgYRHeF6bG/VIck6BIYQhKOGlzIwWUmfAGym6 +q4SYrd+ObZullSarGGSfNKjIUEpYtfQBz31f5tRsyzSps7oG4uc7Xba4qnl2o9FN +lWOMEER79QGwr7+T41FTHFztFddfJ06CCjoRCfEn0Tcsg11tSMS0851oLkMm8RyY +aozIzO82R3Em7aPhZBiBDy3wZC2l +-----END CERTIFICATE REQUEST----- diff --git a/tests/data_files/parse_input/server1.req.sha1 b/tests/data_files/parse_input/server1.req.sha1 new file mode 100644 index 0000000000..578ec7f79a --- /dev/null +++ b/tests/data_files/parse_input/server1.req.sha1 @@ -0,0 +1,16 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIICgTCCAWkCAQAwPDELMAkGA1UEBhMCTkwxETAPBgNVBAoMCFBvbGFyU1NMMRow +GAYDVQQDDBFQb2xhclNTTCBTZXJ2ZXIgMTCCASIwDQYJKoZIhvcNAQEBBQADggEP +ADCCAQoCggEBAKkCHz1AatVVU4v9Nu6CZS4VYV6Jv7joRZDb7ogWUtPxQ1BHlhJZ +ZIdr/SvgRvlzvt3PkuGRW+1moG+JKXlFgNCDatVBQ3dfOXwJBEeCsFc5cO2j7BUZ +HqgzCEfBBUKp/UzDtN/dBh9NEFFAZ3MTD0D4bYElXwqxU8YwfhU5rPla7n+SnqYF +W+cTl4W1I5LZ1CQG1QkliXUH3aYajz8JGb6tZSxk65Wb3P5BXhem2mxbacwCuhQs +FiScStzN0PdSZ3PxLaAj/X70McotcMqJCwTbLqZPcG6ezr1YieJTWZ5uWpJl4og/ +DJQZo93l6J2VE+0p26twEtxaymsXq1KCVLECAwEAAaAAMA0GCSqGSIb3DQEBBQUA +A4IBAQCiYQMOv2ALPUeg8wHKn9L5SdDbNxOzuMwhYsCYTw2TJMQO7NLUq6icEzxY +pUIIFt60JUQjZHxQSY3y9cSivwKXQA7pPfaPaFC/aMA2GxG23t2eaIWNQX8MfcWf +XAa8bl/vmC1MTov+mP2DGoXRiKYORrEInyDS2RaTathvHckcAv25nCIx7wYO9tC9 +LUwyoE9bhiQ7fo3KFlz4dK1HukyCM/FoPbJuL7NgdzmKVPyYCLh5Ah+TTD6+sltz +dFc4fj28w1v3jsBXz+tLrgFQidzuUI2poxt5UwU9TKY0dAJaTCtfIRcXW3h6DGG7 +EDR6rim6sbIQkGzYvGqs4TNoJOR+ +-----END CERTIFICATE REQUEST----- diff --git a/tests/data_files/parse_input/server1.req.sha224 b/tests/data_files/parse_input/server1.req.sha224 new file mode 100644 index 0000000000..a4f2af4c1d --- /dev/null +++ b/tests/data_files/parse_input/server1.req.sha224 @@ -0,0 +1,16 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIICgTCCAWkCAQAwPDELMAkGA1UEBhMCTkwxETAPBgNVBAoMCFBvbGFyU1NMMRow +GAYDVQQDDBFQb2xhclNTTCBTZXJ2ZXIgMTCCASIwDQYJKoZIhvcNAQEBBQADggEP +ADCCAQoCggEBAKkCHz1AatVVU4v9Nu6CZS4VYV6Jv7joRZDb7ogWUtPxQ1BHlhJZ +ZIdr/SvgRvlzvt3PkuGRW+1moG+JKXlFgNCDatVBQ3dfOXwJBEeCsFc5cO2j7BUZ +HqgzCEfBBUKp/UzDtN/dBh9NEFFAZ3MTD0D4bYElXwqxU8YwfhU5rPla7n+SnqYF +W+cTl4W1I5LZ1CQG1QkliXUH3aYajz8JGb6tZSxk65Wb3P5BXhem2mxbacwCuhQs +FiScStzN0PdSZ3PxLaAj/X70McotcMqJCwTbLqZPcG6ezr1YieJTWZ5uWpJl4og/ +DJQZo93l6J2VE+0p26twEtxaymsXq1KCVLECAwEAAaAAMA0GCSqGSIb3DQEBDgUA +A4IBAQArYR2mLKU5lsHyAyGHr4PlmC/cfePmCRyC/mj1riGTjDlNC2X3J1VZDqKb +U/uUxLudP7sbuttRksIAREATT74Pa40bMWiPUlBfA/M2mFTmKb/91uXeIISW8DL3 +xM/5BCDrhnZ/cjP23gKDgJRk+IGBNhYZDGz50TIBbDJ2e4GDkFjzANngUW64UcCQ +7hZOYtnYLBnoRvPwtal5jZqHwsgaPPePXu+SQ8mfuAJwJ78MOCAaKw0IP1h1OnPG +iubdl34lSIaYWwbHTdjaqUSQG3SSs4oxEvluYymrpZ6XGKXtphJXEPdTRiLu9d9l +A5NYVgvqHFQPmuXS92zrGzB788pV +-----END CERTIFICATE REQUEST----- diff --git a/tests/data_files/parse_input/server1.req.sha256 b/tests/data_files/parse_input/server1.req.sha256 new file mode 100644 index 0000000000..6d21dc5d94 --- /dev/null +++ b/tests/data_files/parse_input/server1.req.sha256 @@ -0,0 +1,16 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIICgTCCAWkCAQAwPDELMAkGA1UEBhMCTkwxETAPBgNVBAoMCFBvbGFyU1NMMRow +GAYDVQQDDBFQb2xhclNTTCBTZXJ2ZXIgMTCCASIwDQYJKoZIhvcNAQEBBQADggEP +ADCCAQoCggEBAKkCHz1AatVVU4v9Nu6CZS4VYV6Jv7joRZDb7ogWUtPxQ1BHlhJZ +ZIdr/SvgRvlzvt3PkuGRW+1moG+JKXlFgNCDatVBQ3dfOXwJBEeCsFc5cO2j7BUZ +HqgzCEfBBUKp/UzDtN/dBh9NEFFAZ3MTD0D4bYElXwqxU8YwfhU5rPla7n+SnqYF +W+cTl4W1I5LZ1CQG1QkliXUH3aYajz8JGb6tZSxk65Wb3P5BXhem2mxbacwCuhQs +FiScStzN0PdSZ3PxLaAj/X70McotcMqJCwTbLqZPcG6ezr1YieJTWZ5uWpJl4og/ +DJQZo93l6J2VE+0p26twEtxaymsXq1KCVLECAwEAAaAAMA0GCSqGSIb3DQEBCwUA +A4IBAQCVlSU7qeKri7E3u8JCZbCyjsGJTH9iHYyeDZ/nDLig7iKGYvyNmyzJ76Qu ++EntSmL2OtL95Yqooc6h1AQHzoCs+SO2wPoTUs3Ypi9r7vNNVO3ZnnxVtGgqCRVA +W+z9W4p2mHXQhgW1HkuLa5JD1SvJViyZbx9z3ie1BQ9NVKfv++ArPIv70zBtA7O3 +PZNG1JYN30Esz7RsCDRHbz6Npvu9ggUQL/U3mvQQ+Yo+xhwu1yFV+dRH7PebBeQv +vjcD2fXDabeofK3zztIpUIyUULX0GGClM9jslgJ/ZHUlArWKpLZph0AgF1Dzts// +M6c/sRw7gtjXmV0zq2tf2fL4+e2b +-----END CERTIFICATE REQUEST----- diff --git a/tests/data_files/parse_input/server1.req.sha384 b/tests/data_files/parse_input/server1.req.sha384 new file mode 100644 index 0000000000..b857af7f15 --- /dev/null +++ b/tests/data_files/parse_input/server1.req.sha384 @@ -0,0 +1,16 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIICgTCCAWkCAQAwPDELMAkGA1UEBhMCTkwxETAPBgNVBAoMCFBvbGFyU1NMMRow +GAYDVQQDDBFQb2xhclNTTCBTZXJ2ZXIgMTCCASIwDQYJKoZIhvcNAQEBBQADggEP +ADCCAQoCggEBAKkCHz1AatVVU4v9Nu6CZS4VYV6Jv7joRZDb7ogWUtPxQ1BHlhJZ +ZIdr/SvgRvlzvt3PkuGRW+1moG+JKXlFgNCDatVBQ3dfOXwJBEeCsFc5cO2j7BUZ +HqgzCEfBBUKp/UzDtN/dBh9NEFFAZ3MTD0D4bYElXwqxU8YwfhU5rPla7n+SnqYF +W+cTl4W1I5LZ1CQG1QkliXUH3aYajz8JGb6tZSxk65Wb3P5BXhem2mxbacwCuhQs +FiScStzN0PdSZ3PxLaAj/X70McotcMqJCwTbLqZPcG6ezr1YieJTWZ5uWpJl4og/ +DJQZo93l6J2VE+0p26twEtxaymsXq1KCVLECAwEAAaAAMA0GCSqGSIb3DQEBDAUA +A4IBAQBy35zHYLiYaScq1niQkzQ/BScUbdiWd2V90isBsB5Q3NjVoJl/yCaMrla3 +2XfrutpFpdqwenl5jM0o6+enKCmfur+z2/ije69Dju2aBd6A62cx1AEvFiMq7lyF +4DYJ32+2ty6KA8EhzE3NFs7zKXxmD5ybp+oXNEvXoeU3W8a+Ld5c1K/n+Ipa0TUy +cFBs6dCsbYO9wI6npwWqC5Hc9r/0zziMFO+4N5VORdYUFqObq4vCYOMXETpl8ryu +lGZorNUoJ7vV55T31CDqEtb0EE+nO+nT4agfDobncYjvc3WpQuLtUB4UwR5gpZl6 +ZI+j4uwikOgGO9gcx4IjaRP3q63F +-----END CERTIFICATE REQUEST----- diff --git a/tests/data_files/parse_input/server1.req.sha512 b/tests/data_files/parse_input/server1.req.sha512 new file mode 100644 index 0000000000..85d52460db --- /dev/null +++ b/tests/data_files/parse_input/server1.req.sha512 @@ -0,0 +1,16 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIICgTCCAWkCAQAwPDELMAkGA1UEBhMCTkwxETAPBgNVBAoMCFBvbGFyU1NMMRow +GAYDVQQDDBFQb2xhclNTTCBTZXJ2ZXIgMTCCASIwDQYJKoZIhvcNAQEBBQADggEP +ADCCAQoCggEBAKkCHz1AatVVU4v9Nu6CZS4VYV6Jv7joRZDb7ogWUtPxQ1BHlhJZ +ZIdr/SvgRvlzvt3PkuGRW+1moG+JKXlFgNCDatVBQ3dfOXwJBEeCsFc5cO2j7BUZ +HqgzCEfBBUKp/UzDtN/dBh9NEFFAZ3MTD0D4bYElXwqxU8YwfhU5rPla7n+SnqYF +W+cTl4W1I5LZ1CQG1QkliXUH3aYajz8JGb6tZSxk65Wb3P5BXhem2mxbacwCuhQs +FiScStzN0PdSZ3PxLaAj/X70McotcMqJCwTbLqZPcG6ezr1YieJTWZ5uWpJl4og/ +DJQZo93l6J2VE+0p26twEtxaymsXq1KCVLECAwEAAaAAMA0GCSqGSIb3DQEBDQUA +A4IBAQBb8jNpt0nkNVWstVoOCepQSF5R1R9hF0yEr7mk3HB9oO/nK07R1Oamgjw+ +CHQReTSjIKUX53o7ZwNZB5E+jBDsGz/2Yyj/vxNHJFk2exELtW30he8K2omVHE1F +XESbftCssWLNpTSDq6ME12+llkEDtgCtkv69oRUkuuF5ESUSZRGIZN4Vledm8SM1 +uGFtaG/PXbBbtUaNwNISDeIWDKRtbuca5web+QEi1djiUH21ZWIGEpOy7mtkYmRs +Qt1D32FoaqFNhafiaxNIXO11yd4lgpaDDlmrOSBsELcTIF9916o3DwMeVXy0GONW +BrwaO8q8rg+C+xvMY7858Kk8kwjb +-----END CERTIFICATE REQUEST----- diff --git a/tests/data_files/server5.req.sha1 b/tests/data_files/parse_input/server5.req.sha1 similarity index 100% rename from tests/data_files/server5.req.sha1 rename to tests/data_files/parse_input/server5.req.sha1 diff --git a/tests/data_files/server5.req.sha224 b/tests/data_files/parse_input/server5.req.sha224 similarity index 100% rename from tests/data_files/server5.req.sha224 rename to tests/data_files/parse_input/server5.req.sha224 diff --git a/tests/data_files/server5.req.sha256 b/tests/data_files/parse_input/server5.req.sha256 similarity index 100% rename from tests/data_files/server5.req.sha256 rename to tests/data_files/parse_input/server5.req.sha256 diff --git a/tests/data_files/server5.req.sha384 b/tests/data_files/parse_input/server5.req.sha384 similarity index 100% rename from tests/data_files/server5.req.sha384 rename to tests/data_files/parse_input/server5.req.sha384 diff --git a/tests/data_files/server5.req.sha512 b/tests/data_files/parse_input/server5.req.sha512 similarity index 100% rename from tests/data_files/server5.req.sha512 rename to tests/data_files/parse_input/server5.req.sha512 diff --git a/tests/data_files/server9.req.sha1 b/tests/data_files/parse_input/server9.req.sha1 similarity index 100% rename from tests/data_files/server9.req.sha1 rename to tests/data_files/parse_input/server9.req.sha1 diff --git a/tests/data_files/server9.req.sha224 b/tests/data_files/parse_input/server9.req.sha224 similarity index 100% rename from tests/data_files/server9.req.sha224 rename to tests/data_files/parse_input/server9.req.sha224 diff --git a/tests/data_files/server9.req.sha256 b/tests/data_files/parse_input/server9.req.sha256 similarity index 100% rename from tests/data_files/server9.req.sha256 rename to tests/data_files/parse_input/server9.req.sha256 diff --git a/tests/data_files/server9.req.sha384 b/tests/data_files/parse_input/server9.req.sha384 similarity index 100% rename from tests/data_files/server9.req.sha384 rename to tests/data_files/parse_input/server9.req.sha384 diff --git a/tests/data_files/server9.req.sha512 b/tests/data_files/parse_input/server9.req.sha512 similarity index 100% rename from tests/data_files/server9.req.sha512 rename to tests/data_files/parse_input/server9.req.sha512 diff --git a/tests/data_files/test_csr_v3_all.csr.der b/tests/data_files/parse_input/test_csr_v3_all.csr.der similarity index 100% rename from tests/data_files/test_csr_v3_all.csr.der rename to tests/data_files/parse_input/test_csr_v3_all.csr.der diff --git a/tests/data_files/test_csr_v3_keyUsage.csr.der b/tests/data_files/parse_input/test_csr_v3_keyUsage.csr.der similarity index 100% rename from tests/data_files/test_csr_v3_keyUsage.csr.der rename to tests/data_files/parse_input/test_csr_v3_keyUsage.csr.der diff --git a/tests/data_files/test_csr_v3_nsCertType.csr.der b/tests/data_files/parse_input/test_csr_v3_nsCertType.csr.der similarity index 100% rename from tests/data_files/test_csr_v3_nsCertType.csr.der rename to tests/data_files/parse_input/test_csr_v3_nsCertType.csr.der diff --git a/tests/data_files/test_csr_v3_subjectAltName.csr.der b/tests/data_files/parse_input/test_csr_v3_subjectAltName.csr.der similarity index 100% rename from tests/data_files/test_csr_v3_subjectAltName.csr.der rename to tests/data_files/parse_input/test_csr_v3_subjectAltName.csr.der diff --git a/tests/suites/test_suite_x509parse.data b/tests/suites/test_suite_x509parse.data index 3eed78bdd4..d7dba7d374 100644 --- a/tests/suites/test_suite_x509parse.data +++ b/tests/suites/test_suite_x509parse.data @@ -312,91 +312,91 @@ mbedtls_x509_crl_parse:"data_files/crl-idpnc.pem":0 X509 CSR Information RSA with MD5 depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD_CAN_MD5:MBEDTLS_RSA_C:!MBEDTLS_X509_REMOVE_INFO -mbedtls_x509_csr_info:"data_files/server1.req.md5":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Server 1\nsigned using \: RSA with MD5\nRSA key size \: 2048 bits\n" +mbedtls_x509_csr_info:"data_files/parse_input/server1.req.md5":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Server 1\nsigned using \: RSA with MD5\nRSA key size \: 2048 bits\n" X509 CSR Information RSA with SHA1 depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_RSA_C:!MBEDTLS_X509_REMOVE_INFO -mbedtls_x509_csr_info:"data_files/server1.req.sha1":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Server 1\nsigned using \: RSA with SHA1\nRSA key size \: 2048 bits\n" +mbedtls_x509_csr_info:"data_files/parse_input/server1.req.sha1":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Server 1\nsigned using \: RSA with SHA1\nRSA key size \: 2048 bits\n" X509 CSR Information RSA with SHA224 depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD_CAN_SHA224:MBEDTLS_RSA_C:!MBEDTLS_X509_REMOVE_INFO -mbedtls_x509_csr_info:"data_files/server1.req.sha224":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Server 1\nsigned using \: RSA with SHA-224\nRSA key size \: 2048 bits\n" +mbedtls_x509_csr_info:"data_files/parse_input/server1.req.sha224":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Server 1\nsigned using \: RSA with SHA-224\nRSA key size \: 2048 bits\n" X509 CSR Information RSA with SHA-256 depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD_CAN_SHA256:MBEDTLS_RSA_C:MBEDTS_X509_INFO -mbedtls_x509_csr_info:"data_files/server1.req.sha256":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Server 1\nsigned using \: RSA with SHA-256\nRSA key size \: 2048 bits\n" +mbedtls_x509_csr_info:"data_files/parse_input/server1.req.sha256":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Server 1\nsigned using \: RSA with SHA-256\nRSA key size \: 2048 bits\n" X509 CSR Information RSA with SHA384 depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_RSA_C:!MBEDTLS_X509_REMOVE_INFO -mbedtls_x509_csr_info:"data_files/server1.req.sha384":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Server 1\nsigned using \: RSA with SHA-384\nRSA key size \: 2048 bits\n" +mbedtls_x509_csr_info:"data_files/parse_input/server1.req.sha384":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Server 1\nsigned using \: RSA with SHA-384\nRSA key size \: 2048 bits\n" X509 CSR Information RSA with SHA512 depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD_CAN_SHA512:MBEDTLS_RSA_C:!MBEDTLS_X509_REMOVE_INFO -mbedtls_x509_csr_info:"data_files/server1.req.sha512":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Server 1\nsigned using \: RSA with SHA-512\nRSA key size \: 2048 bits\n" +mbedtls_x509_csr_info:"data_files/parse_input/server1.req.sha512":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Server 1\nsigned using \: RSA with SHA-512\nRSA key size \: 2048 bits\n" X509 CSR Information RSA with SHA-256, containing commas depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD_CAN_SHA256:MBEDTLS_RSA_C:MBEDTS_X509_INFO -mbedtls_x509_csr_info:"data_files/server1.req.commas.sha256":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL\\, Commas, CN=PolarSSL Server 1\nsigned using \: RSA with SHA-256\nRSA key size \: 2048 bits\n" +mbedtls_x509_csr_info:"data_files/parse_input/server1.req.commas.sha256":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL\\, Commas, CN=PolarSSL Server 1\nsigned using \: RSA with SHA-256\nRSA key size \: 2048 bits\n" X509 CSR Information EC with SHA1 depends_on:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_MD_CAN_SHA1:!MBEDTLS_X509_REMOVE_INFO -mbedtls_x509_csr_info:"data_files/server5.req.sha1":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nsigned using \: ECDSA with SHA1\nEC key size \: 256 bits\n\nkey usage \: Digital Signature, Non Repudiation, Key Encipherment\n" +mbedtls_x509_csr_info:"data_files/parse_input/server5.req.sha1":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nsigned using \: ECDSA with SHA1\nEC key size \: 256 bits\n\nkey usage \: Digital Signature, Non Repudiation, Key Encipherment\n" X509 CSR Information EC with SHA224 depends_on:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_MD_CAN_SHA224:!MBEDTLS_X509_REMOVE_INFO -mbedtls_x509_csr_info:"data_files/server5.req.sha224":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nsigned using \: ECDSA with SHA224\nEC key size \: 256 bits\n\nkey usage \: Digital Signature, Non Repudiation, Key Encipherment\n" +mbedtls_x509_csr_info:"data_files/parse_input/server5.req.sha224":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nsigned using \: ECDSA with SHA224\nEC key size \: 256 bits\n\nkey usage \: Digital Signature, Non Repudiation, Key Encipherment\n" X509 CSR Information EC with SHA256 depends_on:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_MD_CAN_SHA256:!MBEDTLS_X509_REMOVE_INFO -mbedtls_x509_csr_info:"data_files/server5.req.sha256":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nsigned using \: ECDSA with SHA256\nEC key size \: 256 bits\n\nkey usage \: Digital Signature, Non Repudiation, Key Encipherment\n" +mbedtls_x509_csr_info:"data_files/parse_input/server5.req.sha256":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nsigned using \: ECDSA with SHA256\nEC key size \: 256 bits\n\nkey usage \: Digital Signature, Non Repudiation, Key Encipherment\n" X509 CSR Information EC with SHA384 depends_on:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_MD_CAN_SHA384:!MBEDTLS_X509_REMOVE_INFO -mbedtls_x509_csr_info:"data_files/server5.req.sha384":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nsigned using \: ECDSA with SHA384\nEC key size \: 256 bits\n\nkey usage \: Digital Signature, Non Repudiation, Key Encipherment\n" +mbedtls_x509_csr_info:"data_files/parse_input/server5.req.sha384":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nsigned using \: ECDSA with SHA384\nEC key size \: 256 bits\n\nkey usage \: Digital Signature, Non Repudiation, Key Encipherment\n" X509 CSR Information EC with SHA512 depends_on:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_MD_CAN_SHA512:!MBEDTLS_X509_REMOVE_INFO -mbedtls_x509_csr_info:"data_files/server5.req.sha512":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nsigned using \: ECDSA with SHA512\nEC key size \: 256 bits\n\nkey usage \: Digital Signature, Non Repudiation, Key Encipherment\n" +mbedtls_x509_csr_info:"data_files/parse_input/server5.req.sha512":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nsigned using \: ECDSA with SHA512\nEC key size \: 256 bits\n\nkey usage \: Digital Signature, Non Repudiation, Key Encipherment\n" X509 CSR Information RSA-PSS with SHA1 depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_MD_CAN_SHA1:!MBEDTLS_X509_REMOVE_INFO -mbedtls_x509_csr_info:"data_files/server9.req.sha1":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nsigned using \: RSASSA-PSS (SHA1, MGF1-SHA1, 0x6A)\nRSA key size \: 1024 bits\n\nkey usage \: Digital Signature, Non Repudiation, Key Encipherment\n" +mbedtls_x509_csr_info:"data_files/parse_input/server9.req.sha1":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nsigned using \: RSASSA-PSS (SHA1, MGF1-SHA1, 0x6A)\nRSA key size \: 1024 bits\n\nkey usage \: Digital Signature, Non Repudiation, Key Encipherment\n" X509 CSR Information RSA-PSS with SHA224 depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_MD_CAN_SHA224:!MBEDTLS_X509_REMOVE_INFO -mbedtls_x509_csr_info:"data_files/server9.req.sha224":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nsigned using \: RSASSA-PSS (SHA224, MGF1-SHA224, 0x62)\nRSA key size \: 1024 bits\n\nkey usage \: Digital Signature, Non Repudiation, Key Encipherment\n" +mbedtls_x509_csr_info:"data_files/parse_input/server9.req.sha224":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nsigned using \: RSASSA-PSS (SHA224, MGF1-SHA224, 0x62)\nRSA key size \: 1024 bits\n\nkey usage \: Digital Signature, Non Repudiation, Key Encipherment\n" X509 CSR Information RSA-PSS with SHA256 depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_MD_CAN_SHA256:!MBEDTLS_X509_REMOVE_INFO -mbedtls_x509_csr_info:"data_files/server9.req.sha256":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nsigned using \: RSASSA-PSS (SHA256, MGF1-SHA256, 0x5E)\nRSA key size \: 1024 bits\n\nkey usage \: Digital Signature, Non Repudiation, Key Encipherment\n" +mbedtls_x509_csr_info:"data_files/parse_input/server9.req.sha256":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nsigned using \: RSASSA-PSS (SHA256, MGF1-SHA256, 0x5E)\nRSA key size \: 1024 bits\n\nkey usage \: Digital Signature, Non Repudiation, Key Encipherment\n" X509 CSR Information RSA-PSS with SHA384 depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_MD_CAN_SHA384:!MBEDTLS_X509_REMOVE_INFO -mbedtls_x509_csr_info:"data_files/server9.req.sha384":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nsigned using \: RSASSA-PSS (SHA384, MGF1-SHA384, 0x4E)\nRSA key size \: 1024 bits\n\nkey usage \: Digital Signature, Non Repudiation, Key Encipherment\n" +mbedtls_x509_csr_info:"data_files/parse_input/server9.req.sha384":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nsigned using \: RSASSA-PSS (SHA384, MGF1-SHA384, 0x4E)\nRSA key size \: 1024 bits\n\nkey usage \: Digital Signature, Non Repudiation, Key Encipherment\n" X509 CSR Information RSA-PSS with SHA512 depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_MD_CAN_SHA512:!MBEDTLS_X509_REMOVE_INFO -mbedtls_x509_csr_info:"data_files/server9.req.sha512":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nsigned using \: RSASSA-PSS (SHA512, MGF1-SHA512, 0x3E)\nRSA key size \: 1024 bits\n\nkey usage \: Digital Signature, Non Repudiation, Key Encipherment\n" +mbedtls_x509_csr_info:"data_files/parse_input/server9.req.sha512":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nsigned using \: RSASSA-PSS (SHA512, MGF1-SHA512, 0x3E)\nRSA key size \: 1024 bits\n\nkey usage \: Digital Signature, Non Repudiation, Key Encipherment\n" X509 CSR Information RSA with SHA-256 - Microsoft header depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD_CAN_SHA256:MBEDTLS_RSA_C -mbedtls_x509_csr_info:"data_files/server1-ms.req.sha256":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Server 1\nsigned using \: RSA with SHA-256\nRSA key size \: 2048 bits\n" +mbedtls_x509_csr_info:"data_files/parse_input/server1-ms.req.sha256":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Server 1\nsigned using \: RSA with SHA-256\nRSA key size \: 2048 bits\n" X509 CSR Information v3 extensions #1 (all) depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_RSA_C:!MBEDTLS_X509_REMOVE_INFO -mbedtls_x509_csr_info:"data_files/test_csr_v3_all.csr.der":"CSR version \: 1\nsubject name \: CN=etcd\nsigned using \: RSA with SHA-256\nRSA key size \: 1024 bits\n\nsubject alt name \:\n otherName \:\n hardware module name \:\n hardware type \: 1.3.6.1.4.1.17.3\n hardware serial number \: 3132338081008180333231\ncert. type \: SSL Client\nkey usage \: CRL Sign\n" +mbedtls_x509_csr_info:"data_files/parse_input/test_csr_v3_all.csr.der":"CSR version \: 1\nsubject name \: CN=etcd\nsigned using \: RSA with SHA-256\nRSA key size \: 1024 bits\n\nsubject alt name \:\n otherName \:\n hardware module name \:\n hardware type \: 1.3.6.1.4.1.17.3\n hardware serial number \: 3132338081008180333231\ncert. type \: SSL Client\nkey usage \: CRL Sign\n" X509 CSR Information v3 extensions #2 (nsCertType only) depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_RSA_C:!MBEDTLS_X509_REMOVE_INFO -mbedtls_x509_csr_info:"data_files/test_csr_v3_nsCertType.csr.der":"CSR version \: 1\nsubject name \: CN=etcd\nsigned using \: RSA with SHA-256\nRSA key size \: 1024 bits\n\ncert. type \: SSL Server\n" +mbedtls_x509_csr_info:"data_files/parse_input/test_csr_v3_nsCertType.csr.der":"CSR version \: 1\nsubject name \: CN=etcd\nsigned using \: RSA with SHA-256\nRSA key size \: 1024 bits\n\ncert. type \: SSL Server\n" X509 CSR Information v3 extensions #3 (subjectAltName only) depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_RSA_C:!MBEDTLS_X509_REMOVE_INFO -mbedtls_x509_csr_info:"data_files/test_csr_v3_subjectAltName.csr.der":"CSR version \: 1\nsubject name \: CN=etcd\nsigned using \: RSA with SHA-256\nRSA key size \: 1024 bits\n\nsubject alt name \:\n dNSName \: example.com\n dNSName \: example.net\n dNSName \: *.example.org\n" +mbedtls_x509_csr_info:"data_files/parse_input/test_csr_v3_subjectAltName.csr.der":"CSR version \: 1\nsubject name \: CN=etcd\nsigned using \: RSA with SHA-256\nRSA key size \: 1024 bits\n\nsubject alt name \:\n dNSName \: example.com\n dNSName \: example.net\n dNSName \: *.example.org\n" X509 CSR Information v3 extensions #4 (keyUsage only) depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_RSA_C:!MBEDTLS_X509_REMOVE_INFO -mbedtls_x509_csr_info:"data_files/test_csr_v3_keyUsage.csr.der":"CSR version \: 1\nsubject name \: CN=etcd\nsigned using \: RSA with SHA-256\nRSA key size \: 1024 bits\n\nkey usage \: Digital Signature, Key Encipherment\n" +mbedtls_x509_csr_info:"data_files/parse_input/test_csr_v3_keyUsage.csr.der":"CSR version \: 1\nsubject name \: CN=etcd\nsigned using \: RSA with SHA-256\nRSA key size \: 1024 bits\n\nkey usage \: Digital Signature, Key Encipherment\n" X509 Verify Information: empty x509_verify_info:0:"":"" From 87f647776b0634b92ec99f955b7576290da07525 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Mon, 29 May 2023 17:28:45 +0800 Subject: [PATCH 173/328] change path of mbedtls_x509_csr_parse_file input data - Move data_files/test_csr_v3_all_malformed_attributes_sequence_tag.csr.der->data_files/parse_input/test_csr_v3_all_malformed_attributes_sequence_tag.csr.der - Move data_files/test_csr_v3_all_malformed_attributes_id_tag.csr.der->data_files/parse_input/test_csr_v3_all_malformed_attributes_id_tag.csr.der - Move data_files/test_csr_v3_all_malformed_attributes_extension_request.csr.der->data_files/parse_input/test_csr_v3_all_malformed_attributes_extension_request.csr.der - Move data_files/test_csr_v3_all_malformed_attributes_extension_request_set_tag.csr.der->data_files/parse_input/test_csr_v3_all_malformed_attributes_extension_request_set_tag.csr.der - Move data_files/test_csr_v3_all_malformed_attributes_extension_request_sequence_tag.csr.der->data_files/parse_input/test_csr_v3_all_malformed_attributes_extension_request_sequence_tag.csr.der - Move data_files/test_csr_v3_all_malformed_attributes_len1.csr.der->data_files/parse_input/test_csr_v3_all_malformed_attributes_len1.csr.der - Move data_files/test_csr_v3_all_malformed_attributes_len2.csr.der->data_files/parse_input/test_csr_v3_all_malformed_attributes_len2.csr.der - Move data_files/test_csr_v3_all_malformed_attributes_extension_request_sequence_len1.csr.der->data_files/parse_input/test_csr_v3_all_malformed_attributes_extension_request_sequence_len1.csr.der - Move data_files/test_csr_v3_all_malformed_attributes_extension_request_sequence_len2.csr.der->data_files/parse_input/test_csr_v3_all_malformed_attributes_extension_request_sequence_len2.csr.der - Move data_files/test_csr_v3_all_malformed_extensions_sequence_tag.csr.der->data_files/parse_input/test_csr_v3_all_malformed_extensions_sequence_tag.csr.der - Move data_files/test_csr_v3_all_malformed_extension_id_tag.csr.der->data_files/parse_input/test_csr_v3_all_malformed_extension_id_tag.csr.der - Move data_files/test_csr_v3_all_malformed_extension_data_tag.csr.der->data_files/parse_input/test_csr_v3_all_malformed_extension_data_tag.csr.der - Move data_files/test_csr_v3_all_malformed_extension_data_len1.csr.der->data_files/parse_input/test_csr_v3_all_malformed_extension_data_len1.csr.der - Move data_files/test_csr_v3_all_malformed_extension_data_len2.csr.der->data_files/parse_input/test_csr_v3_all_malformed_extension_data_len2.csr.der - Move data_files/test_csr_v3_all_malformed_extension_key_usage_bitstream_tag.csr.der->data_files/parse_input/test_csr_v3_all_malformed_extension_key_usage_bitstream_tag.csr.der - Move data_files/test_csr_v3_all_malformed_extension_subject_alt_name_sequence_tag.csr.der->data_files/parse_input/test_csr_v3_all_malformed_extension_subject_alt_name_sequence_tag.csr.der - Move data_files/test_csr_v3_all_malformed_extension_ns_cert_bitstream_tag.csr.der->data_files/parse_input/test_csr_v3_all_malformed_extension_ns_cert_bitstream_tag.csr.der - Move data_files/test_csr_v3_all_malformed_duplicated_extension.csr.der->data_files/parse_input/test_csr_v3_all_malformed_duplicated_extension.csr.der - Move data_files/test_csr_v3_all_malformed_extension_type_oid.csr.der->data_files/parse_input/test_csr_v3_all_malformed_extension_type_oid.csr.der Signed-off-by: Jerry Yu --- ...ormed_attributes_extension_request.csr.der | Bin ...es_extension_request_sequence_len1.csr.der | Bin ...es_extension_request_sequence_len2.csr.der | Bin ...tes_extension_request_sequence_tag.csr.der | Bin ...tributes_extension_request_set_tag.csr.der | Bin ...v3_all_malformed_attributes_id_tag.csr.der | Bin ...r_v3_all_malformed_attributes_len1.csr.der | Bin ...r_v3_all_malformed_attributes_len2.csr.der | Bin ..._malformed_attributes_sequence_tag.csr.der | Bin ...all_malformed_duplicated_extension.csr.der | Bin ..._all_malformed_extension_data_len1.csr.der | Bin ..._all_malformed_extension_data_len2.csr.der | Bin ...3_all_malformed_extension_data_tag.csr.der | Bin ..._v3_all_malformed_extension_id_tag.csr.der | Bin ..._extension_key_usage_bitstream_tag.csr.der | Bin ...ed_extension_ns_cert_bitstream_tag.csr.der | Bin ...sion_subject_alt_name_sequence_tag.csr.der | Bin ...3_all_malformed_extension_type_oid.csr.der | Bin ..._malformed_extensions_sequence_tag.csr.der | Bin tests/suites/test_suite_x509parse.data | 38 +++++++++--------- 20 files changed, 19 insertions(+), 19 deletions(-) rename tests/data_files/{ => parse_input}/test_csr_v3_all_malformed_attributes_extension_request.csr.der (100%) rename tests/data_files/{ => parse_input}/test_csr_v3_all_malformed_attributes_extension_request_sequence_len1.csr.der (100%) rename tests/data_files/{ => parse_input}/test_csr_v3_all_malformed_attributes_extension_request_sequence_len2.csr.der (100%) rename tests/data_files/{ => parse_input}/test_csr_v3_all_malformed_attributes_extension_request_sequence_tag.csr.der (100%) rename tests/data_files/{ => parse_input}/test_csr_v3_all_malformed_attributes_extension_request_set_tag.csr.der (100%) rename tests/data_files/{ => parse_input}/test_csr_v3_all_malformed_attributes_id_tag.csr.der (100%) rename tests/data_files/{ => parse_input}/test_csr_v3_all_malformed_attributes_len1.csr.der (100%) rename tests/data_files/{ => parse_input}/test_csr_v3_all_malformed_attributes_len2.csr.der (100%) rename tests/data_files/{ => parse_input}/test_csr_v3_all_malformed_attributes_sequence_tag.csr.der (100%) rename tests/data_files/{ => parse_input}/test_csr_v3_all_malformed_duplicated_extension.csr.der (100%) rename tests/data_files/{ => parse_input}/test_csr_v3_all_malformed_extension_data_len1.csr.der (100%) rename tests/data_files/{ => parse_input}/test_csr_v3_all_malformed_extension_data_len2.csr.der (100%) rename tests/data_files/{ => parse_input}/test_csr_v3_all_malformed_extension_data_tag.csr.der (100%) rename tests/data_files/{ => parse_input}/test_csr_v3_all_malformed_extension_id_tag.csr.der (100%) rename tests/data_files/{ => parse_input}/test_csr_v3_all_malformed_extension_key_usage_bitstream_tag.csr.der (100%) rename tests/data_files/{ => parse_input}/test_csr_v3_all_malformed_extension_ns_cert_bitstream_tag.csr.der (100%) rename tests/data_files/{ => parse_input}/test_csr_v3_all_malformed_extension_subject_alt_name_sequence_tag.csr.der (100%) rename tests/data_files/{ => parse_input}/test_csr_v3_all_malformed_extension_type_oid.csr.der (100%) rename tests/data_files/{ => parse_input}/test_csr_v3_all_malformed_extensions_sequence_tag.csr.der (100%) diff --git a/tests/data_files/test_csr_v3_all_malformed_attributes_extension_request.csr.der b/tests/data_files/parse_input/test_csr_v3_all_malformed_attributes_extension_request.csr.der similarity index 100% rename from tests/data_files/test_csr_v3_all_malformed_attributes_extension_request.csr.der rename to tests/data_files/parse_input/test_csr_v3_all_malformed_attributes_extension_request.csr.der diff --git a/tests/data_files/test_csr_v3_all_malformed_attributes_extension_request_sequence_len1.csr.der b/tests/data_files/parse_input/test_csr_v3_all_malformed_attributes_extension_request_sequence_len1.csr.der similarity index 100% rename from tests/data_files/test_csr_v3_all_malformed_attributes_extension_request_sequence_len1.csr.der rename to tests/data_files/parse_input/test_csr_v3_all_malformed_attributes_extension_request_sequence_len1.csr.der diff --git a/tests/data_files/test_csr_v3_all_malformed_attributes_extension_request_sequence_len2.csr.der b/tests/data_files/parse_input/test_csr_v3_all_malformed_attributes_extension_request_sequence_len2.csr.der similarity index 100% rename from tests/data_files/test_csr_v3_all_malformed_attributes_extension_request_sequence_len2.csr.der rename to tests/data_files/parse_input/test_csr_v3_all_malformed_attributes_extension_request_sequence_len2.csr.der diff --git a/tests/data_files/test_csr_v3_all_malformed_attributes_extension_request_sequence_tag.csr.der b/tests/data_files/parse_input/test_csr_v3_all_malformed_attributes_extension_request_sequence_tag.csr.der similarity index 100% rename from tests/data_files/test_csr_v3_all_malformed_attributes_extension_request_sequence_tag.csr.der rename to tests/data_files/parse_input/test_csr_v3_all_malformed_attributes_extension_request_sequence_tag.csr.der diff --git a/tests/data_files/test_csr_v3_all_malformed_attributes_extension_request_set_tag.csr.der b/tests/data_files/parse_input/test_csr_v3_all_malformed_attributes_extension_request_set_tag.csr.der similarity index 100% rename from tests/data_files/test_csr_v3_all_malformed_attributes_extension_request_set_tag.csr.der rename to tests/data_files/parse_input/test_csr_v3_all_malformed_attributes_extension_request_set_tag.csr.der diff --git a/tests/data_files/test_csr_v3_all_malformed_attributes_id_tag.csr.der b/tests/data_files/parse_input/test_csr_v3_all_malformed_attributes_id_tag.csr.der similarity index 100% rename from tests/data_files/test_csr_v3_all_malformed_attributes_id_tag.csr.der rename to tests/data_files/parse_input/test_csr_v3_all_malformed_attributes_id_tag.csr.der diff --git a/tests/data_files/test_csr_v3_all_malformed_attributes_len1.csr.der b/tests/data_files/parse_input/test_csr_v3_all_malformed_attributes_len1.csr.der similarity index 100% rename from tests/data_files/test_csr_v3_all_malformed_attributes_len1.csr.der rename to tests/data_files/parse_input/test_csr_v3_all_malformed_attributes_len1.csr.der diff --git a/tests/data_files/test_csr_v3_all_malformed_attributes_len2.csr.der b/tests/data_files/parse_input/test_csr_v3_all_malformed_attributes_len2.csr.der similarity index 100% rename from tests/data_files/test_csr_v3_all_malformed_attributes_len2.csr.der rename to tests/data_files/parse_input/test_csr_v3_all_malformed_attributes_len2.csr.der diff --git a/tests/data_files/test_csr_v3_all_malformed_attributes_sequence_tag.csr.der b/tests/data_files/parse_input/test_csr_v3_all_malformed_attributes_sequence_tag.csr.der similarity index 100% rename from tests/data_files/test_csr_v3_all_malformed_attributes_sequence_tag.csr.der rename to tests/data_files/parse_input/test_csr_v3_all_malformed_attributes_sequence_tag.csr.der diff --git a/tests/data_files/test_csr_v3_all_malformed_duplicated_extension.csr.der b/tests/data_files/parse_input/test_csr_v3_all_malformed_duplicated_extension.csr.der similarity index 100% rename from tests/data_files/test_csr_v3_all_malformed_duplicated_extension.csr.der rename to tests/data_files/parse_input/test_csr_v3_all_malformed_duplicated_extension.csr.der diff --git a/tests/data_files/test_csr_v3_all_malformed_extension_data_len1.csr.der b/tests/data_files/parse_input/test_csr_v3_all_malformed_extension_data_len1.csr.der similarity index 100% rename from tests/data_files/test_csr_v3_all_malformed_extension_data_len1.csr.der rename to tests/data_files/parse_input/test_csr_v3_all_malformed_extension_data_len1.csr.der diff --git a/tests/data_files/test_csr_v3_all_malformed_extension_data_len2.csr.der b/tests/data_files/parse_input/test_csr_v3_all_malformed_extension_data_len2.csr.der similarity index 100% rename from tests/data_files/test_csr_v3_all_malformed_extension_data_len2.csr.der rename to tests/data_files/parse_input/test_csr_v3_all_malformed_extension_data_len2.csr.der diff --git a/tests/data_files/test_csr_v3_all_malformed_extension_data_tag.csr.der b/tests/data_files/parse_input/test_csr_v3_all_malformed_extension_data_tag.csr.der similarity index 100% rename from tests/data_files/test_csr_v3_all_malformed_extension_data_tag.csr.der rename to tests/data_files/parse_input/test_csr_v3_all_malformed_extension_data_tag.csr.der diff --git a/tests/data_files/test_csr_v3_all_malformed_extension_id_tag.csr.der b/tests/data_files/parse_input/test_csr_v3_all_malformed_extension_id_tag.csr.der similarity index 100% rename from tests/data_files/test_csr_v3_all_malformed_extension_id_tag.csr.der rename to tests/data_files/parse_input/test_csr_v3_all_malformed_extension_id_tag.csr.der diff --git a/tests/data_files/test_csr_v3_all_malformed_extension_key_usage_bitstream_tag.csr.der b/tests/data_files/parse_input/test_csr_v3_all_malformed_extension_key_usage_bitstream_tag.csr.der similarity index 100% rename from tests/data_files/test_csr_v3_all_malformed_extension_key_usage_bitstream_tag.csr.der rename to tests/data_files/parse_input/test_csr_v3_all_malformed_extension_key_usage_bitstream_tag.csr.der diff --git a/tests/data_files/test_csr_v3_all_malformed_extension_ns_cert_bitstream_tag.csr.der b/tests/data_files/parse_input/test_csr_v3_all_malformed_extension_ns_cert_bitstream_tag.csr.der similarity index 100% rename from tests/data_files/test_csr_v3_all_malformed_extension_ns_cert_bitstream_tag.csr.der rename to tests/data_files/parse_input/test_csr_v3_all_malformed_extension_ns_cert_bitstream_tag.csr.der diff --git a/tests/data_files/test_csr_v3_all_malformed_extension_subject_alt_name_sequence_tag.csr.der b/tests/data_files/parse_input/test_csr_v3_all_malformed_extension_subject_alt_name_sequence_tag.csr.der similarity index 100% rename from tests/data_files/test_csr_v3_all_malformed_extension_subject_alt_name_sequence_tag.csr.der rename to tests/data_files/parse_input/test_csr_v3_all_malformed_extension_subject_alt_name_sequence_tag.csr.der diff --git a/tests/data_files/test_csr_v3_all_malformed_extension_type_oid.csr.der b/tests/data_files/parse_input/test_csr_v3_all_malformed_extension_type_oid.csr.der similarity index 100% rename from tests/data_files/test_csr_v3_all_malformed_extension_type_oid.csr.der rename to tests/data_files/parse_input/test_csr_v3_all_malformed_extension_type_oid.csr.der diff --git a/tests/data_files/test_csr_v3_all_malformed_extensions_sequence_tag.csr.der b/tests/data_files/parse_input/test_csr_v3_all_malformed_extensions_sequence_tag.csr.der similarity index 100% rename from tests/data_files/test_csr_v3_all_malformed_extensions_sequence_tag.csr.der rename to tests/data_files/parse_input/test_csr_v3_all_malformed_extensions_sequence_tag.csr.der diff --git a/tests/suites/test_suite_x509parse.data b/tests/suites/test_suite_x509parse.data index d7dba7d374..f49486dafb 100644 --- a/tests/suites/test_suite_x509parse.data +++ b/tests/suites/test_suite_x509parse.data @@ -2983,79 +2983,79 @@ mbedtls_x509_csr_parse:"3008300602047fffffff":"":MBEDTLS_ERR_X509_UNKNOWN_VERSIO # Please see makefile for data_files to check malformation details (test_csr_v3_all_malformed_xxx.csr files) X509 CSR ASN.1 (attributes: invalid sequence tag) depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_RSA_C -mbedtls_x509_csr_parse_file:"data_files/test_csr_v3_all_malformed_attributes_sequence_tag.csr.der":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS+MBEDTLS_ERR_ASN1_UNEXPECTED_TAG +mbedtls_x509_csr_parse_file:"data_files/parse_input/test_csr_v3_all_malformed_attributes_sequence_tag.csr.der":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS+MBEDTLS_ERR_ASN1_UNEXPECTED_TAG X509 CSR ASN.1 (attributes: invalid attribute id) depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_RSA_C -mbedtls_x509_csr_parse_file:"data_files/test_csr_v3_all_malformed_attributes_id_tag.csr.der":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS+MBEDTLS_ERR_ASN1_UNEXPECTED_TAG +mbedtls_x509_csr_parse_file:"data_files/parse_input/test_csr_v3_all_malformed_attributes_id_tag.csr.der":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS+MBEDTLS_ERR_ASN1_UNEXPECTED_TAG X509 CSR ASN.1 (attributes: not extension request) depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_RSA_C -mbedtls_x509_csr_parse_file:"data_files/test_csr_v3_all_malformed_attributes_extension_request.csr.der":"CSR version \: 1\nsubject name \: CN=etcd\nsigned using \: RSA with SHA-256\nRSA key size \: 1024 bits\n":0 +mbedtls_x509_csr_parse_file:"data_files/parse_input/test_csr_v3_all_malformed_attributes_extension_request.csr.der":"CSR version \: 1\nsubject name \: CN=etcd\nsigned using \: RSA with SHA-256\nRSA key size \: 1024 bits\n":0 X509 CSR ASN.1 (attributes: invalid extenstion request set tag) depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_RSA_C -mbedtls_x509_csr_parse_file:"data_files/test_csr_v3_all_malformed_attributes_extension_request_set_tag.csr.der":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS+MBEDTLS_ERR_ASN1_UNEXPECTED_TAG +mbedtls_x509_csr_parse_file:"data_files/parse_input/test_csr_v3_all_malformed_attributes_extension_request_set_tag.csr.der":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS+MBEDTLS_ERR_ASN1_UNEXPECTED_TAG X509 CSR ASN.1 (attributes: invalid extenstion request sequence tag) depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_RSA_C -mbedtls_x509_csr_parse_file:"data_files/test_csr_v3_all_malformed_attributes_extension_request_sequence_tag.csr.der":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS+MBEDTLS_ERR_ASN1_UNEXPECTED_TAG +mbedtls_x509_csr_parse_file:"data_files/parse_input/test_csr_v3_all_malformed_attributes_extension_request_sequence_tag.csr.der":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS+MBEDTLS_ERR_ASN1_UNEXPECTED_TAG X509 CSR ASN.1 (attributes: invalid len (len > data)) depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_RSA_C -mbedtls_x509_csr_parse_file:"data_files/test_csr_v3_all_malformed_attributes_len1.csr.der":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS+MBEDTLS_ERR_ASN1_OUT_OF_DATA +mbedtls_x509_csr_parse_file:"data_files/parse_input/test_csr_v3_all_malformed_attributes_len1.csr.der":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS+MBEDTLS_ERR_ASN1_OUT_OF_DATA X509 CSR ASN.1 (attributes: invalid len (len < data)) depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_RSA_C -mbedtls_x509_csr_parse_file:"data_files/test_csr_v3_all_malformed_attributes_len2.csr.der":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS+MBEDTLS_ERR_ASN1_LENGTH_MISMATCH +mbedtls_x509_csr_parse_file:"data_files/parse_input/test_csr_v3_all_malformed_attributes_len2.csr.der":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS+MBEDTLS_ERR_ASN1_LENGTH_MISMATCH X509 CSR ASN.1 (attributes: extension request invalid len (len > data)) depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_RSA_C -mbedtls_x509_csr_parse_file:"data_files/test_csr_v3_all_malformed_attributes_extension_request_sequence_len1.csr.der":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS+MBEDTLS_ERR_ASN1_OUT_OF_DATA +mbedtls_x509_csr_parse_file:"data_files/parse_input/test_csr_v3_all_malformed_attributes_extension_request_sequence_len1.csr.der":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS+MBEDTLS_ERR_ASN1_OUT_OF_DATA X509 CSR ASN.1 (attributes: extension request invalid len (len < data)) depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_RSA_C -mbedtls_x509_csr_parse_file:"data_files/test_csr_v3_all_malformed_attributes_extension_request_sequence_len2.csr.der":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS+MBEDTLS_ERR_ASN1_OUT_OF_DATA +mbedtls_x509_csr_parse_file:"data_files/parse_input/test_csr_v3_all_malformed_attributes_extension_request_sequence_len2.csr.der":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS+MBEDTLS_ERR_ASN1_OUT_OF_DATA X509 CSR ASN.1 (extensions: invalid sequence tag) depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_RSA_C -mbedtls_x509_csr_parse_file:"data_files/test_csr_v3_all_malformed_extensions_sequence_tag.csr.der":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS+MBEDTLS_ERR_ASN1_UNEXPECTED_TAG +mbedtls_x509_csr_parse_file:"data_files/parse_input/test_csr_v3_all_malformed_extensions_sequence_tag.csr.der":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS+MBEDTLS_ERR_ASN1_UNEXPECTED_TAG X509 CSR ASN.1 (extensions: invalid extension id tag) depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_RSA_C -mbedtls_x509_csr_parse_file:"data_files/test_csr_v3_all_malformed_extension_id_tag.csr.der":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS+MBEDTLS_ERR_ASN1_UNEXPECTED_TAG +mbedtls_x509_csr_parse_file:"data_files/parse_input/test_csr_v3_all_malformed_extension_id_tag.csr.der":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS+MBEDTLS_ERR_ASN1_UNEXPECTED_TAG X509 CSR ASN.1 (extensions: invalid extension data tag) depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_RSA_C -mbedtls_x509_csr_parse_file:"data_files/test_csr_v3_all_malformed_extension_data_tag.csr.der":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS+MBEDTLS_ERR_ASN1_UNEXPECTED_TAG +mbedtls_x509_csr_parse_file:"data_files/parse_input/test_csr_v3_all_malformed_extension_data_tag.csr.der":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS+MBEDTLS_ERR_ASN1_UNEXPECTED_TAG X509 CSR ASN.1 (extensions: invalid extension data len (len > data)) depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_RSA_C -mbedtls_x509_csr_parse_file:"data_files/test_csr_v3_all_malformed_extension_data_len1.csr.der":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS+MBEDTLS_ERR_ASN1_OUT_OF_DATA +mbedtls_x509_csr_parse_file:"data_files/parse_input/test_csr_v3_all_malformed_extension_data_len1.csr.der":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS+MBEDTLS_ERR_ASN1_OUT_OF_DATA X509 CSR ASN.1 (extensions: invalid extension data len (len < data)) depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_RSA_C -mbedtls_x509_csr_parse_file:"data_files/test_csr_v3_all_malformed_extension_data_len2.csr.der":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS+MBEDTLS_ERR_ASN1_LENGTH_MISMATCH +mbedtls_x509_csr_parse_file:"data_files/parse_input/test_csr_v3_all_malformed_extension_data_len2.csr.der":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS+MBEDTLS_ERR_ASN1_LENGTH_MISMATCH X509 CSR ASN.1 (extensions: invalid extension key usage bitstream tag) depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_RSA_C -mbedtls_x509_csr_parse_file:"data_files/test_csr_v3_all_malformed_extension_key_usage_bitstream_tag.csr.der":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS+MBEDTLS_ERR_ASN1_UNEXPECTED_TAG +mbedtls_x509_csr_parse_file:"data_files/parse_input/test_csr_v3_all_malformed_extension_key_usage_bitstream_tag.csr.der":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS+MBEDTLS_ERR_ASN1_UNEXPECTED_TAG X509 CSR ASN.1 (extensions: invalid extension subject alt name sequence tag) depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_RSA_C -mbedtls_x509_csr_parse_file:"data_files/test_csr_v3_all_malformed_extension_subject_alt_name_sequence_tag.csr.der":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS+MBEDTLS_ERR_ASN1_UNEXPECTED_TAG +mbedtls_x509_csr_parse_file:"data_files/parse_input/test_csr_v3_all_malformed_extension_subject_alt_name_sequence_tag.csr.der":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS+MBEDTLS_ERR_ASN1_UNEXPECTED_TAG X509 CSR ASN.1 (extensions: invalid extension ns cert bitstream tag) depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_RSA_C -mbedtls_x509_csr_parse_file:"data_files/test_csr_v3_all_malformed_extension_ns_cert_bitstream_tag.csr.der":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS+MBEDTLS_ERR_ASN1_UNEXPECTED_TAG +mbedtls_x509_csr_parse_file:"data_files/parse_input/test_csr_v3_all_malformed_extension_ns_cert_bitstream_tag.csr.der":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS+MBEDTLS_ERR_ASN1_UNEXPECTED_TAG X509 CSR ASN.1 (extensions: duplicated extension) depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_RSA_C -mbedtls_x509_csr_parse_file:"data_files/test_csr_v3_all_malformed_duplicated_extension.csr.der":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS+MBEDTLS_ERR_ASN1_INVALID_DATA +mbedtls_x509_csr_parse_file:"data_files/parse_input/test_csr_v3_all_malformed_duplicated_extension.csr.der":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS+MBEDTLS_ERR_ASN1_INVALID_DATA X509 CSR ASN.1 (extensions: invalid extension type data) depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_RSA_C -mbedtls_x509_csr_parse_file:"data_files/test_csr_v3_all_malformed_extension_type_oid.csr.der":"CSR version \: 1\nsubject name \: CN=etcd\nsigned using \: RSA with SHA-256\nRSA key size \: 1024 bits\n\ncert. type \: SSL Client\nkey usage \: CRL Sign\n":0 +mbedtls_x509_csr_parse_file:"data_files/parse_input/test_csr_v3_all_malformed_extension_type_oid.csr.der":"CSR version \: 1\nsubject name \: CN=etcd\nsigned using \: RSA with SHA-256\nRSA key size \: 1024 bits\n\ncert. type \: SSL Client\nkey usage \: CRL Sign\n":0 X509 File parse (no issues) depends_on:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_MD_CAN_SHA256:MBEDTLS_RSA_C From bffe31cbfb688653135ed946b333276fa1d1ad18 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Mon, 29 May 2023 17:28:45 +0800 Subject: [PATCH 174/328] change path of mbedtls_x509_crl_parse input data - Move data_files/crl-malformed-trailing-spaces.pem->data_files/parse_input/crl-malformed-trailing-spaces.pem - Move data_files/crl-idp.pem->data_files/parse_input/crl-idp.pem - Move data_files/crl-idpnc.pem->data_files/parse_input/crl-idpnc.pem Signed-off-by: Jerry Yu --- tests/data_files/{ => parse_input}/crl-idp.pem | 0 tests/data_files/{ => parse_input}/crl-idpnc.pem | 0 .../{ => parse_input}/crl-malformed-trailing-spaces.pem | 0 tests/suites/test_suite_x509parse.data | 6 +++--- 4 files changed, 3 insertions(+), 3 deletions(-) rename tests/data_files/{ => parse_input}/crl-idp.pem (100%) rename tests/data_files/{ => parse_input}/crl-idpnc.pem (100%) rename tests/data_files/{ => parse_input}/crl-malformed-trailing-spaces.pem (100%) diff --git a/tests/data_files/crl-idp.pem b/tests/data_files/parse_input/crl-idp.pem similarity index 100% rename from tests/data_files/crl-idp.pem rename to tests/data_files/parse_input/crl-idp.pem diff --git a/tests/data_files/crl-idpnc.pem b/tests/data_files/parse_input/crl-idpnc.pem similarity index 100% rename from tests/data_files/crl-idpnc.pem rename to tests/data_files/parse_input/crl-idpnc.pem diff --git a/tests/data_files/crl-malformed-trailing-spaces.pem b/tests/data_files/parse_input/crl-malformed-trailing-spaces.pem similarity index 100% rename from tests/data_files/crl-malformed-trailing-spaces.pem rename to tests/data_files/parse_input/crl-malformed-trailing-spaces.pem diff --git a/tests/suites/test_suite_x509parse.data b/tests/suites/test_suite_x509parse.data index f49486dafb..c67d01d128 100644 --- a/tests/suites/test_suite_x509parse.data +++ b/tests/suites/test_suite_x509parse.data @@ -300,15 +300,15 @@ mbedtls_x509_crl_info:"data_files/parse_input/crl-ec-sha512.pem":"CRL version X509 CRL Malformed Input (trailing spaces at end of file) depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_MD_CAN_SHA512:MBEDTLS_PK_CAN_ECDSA_VERIFY -mbedtls_x509_crl_parse:"data_files/crl-malformed-trailing-spaces.pem":MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT +mbedtls_x509_crl_parse:"data_files/parse_input/crl-malformed-trailing-spaces.pem":MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT X509 CRL Unsupported critical extension (issuingDistributionPoint) depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_MD_CAN_SHA256 -mbedtls_x509_crl_parse:"data_files/crl-idp.pem":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG +mbedtls_x509_crl_parse:"data_files/parse_input/crl-idp.pem":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG X509 CRL Unsupported non-critical extension (issuingDistributionPoint) depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_MD_CAN_SHA256 -mbedtls_x509_crl_parse:"data_files/crl-idpnc.pem":0 +mbedtls_x509_crl_parse:"data_files/parse_input/crl-idpnc.pem":0 X509 CSR Information RSA with MD5 depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD_CAN_MD5:MBEDTLS_RSA_C:!MBEDTLS_X509_REMOVE_INFO From 491c64cd37870f85f4103a28b2aae638142f1739 Mon Sep 17 00:00:00 2001 From: Pengyu Lv Date: Wed, 24 May 2023 10:33:42 +0800 Subject: [PATCH 175/328] Mark all_intermediate as intermediate files Signed-off-by: Pengyu Lv --- tests/data_files/Makefile | 2 ++ 1 file changed, 2 insertions(+) diff --git a/tests/data_files/Makefile b/tests/data_files/Makefile index 3d2d5dccd5..d1aa3ce650 100644 --- a/tests/data_files/Makefile +++ b/tests/data_files/Makefile @@ -1602,3 +1602,5 @@ clean: neat: clean rm -f $(all_final) .PHONY: clean neat + +.INTERMEDIATE: $(all_intermediate) From 6f804693e5709a2e61953914b40b757acdd01df8 Mon Sep 17 00:00:00 2001 From: Pengyu Lv Date: Mon, 8 May 2023 14:34:22 +0800 Subject: [PATCH 176/328] Fix wrong target names in the Makefile in tests/data_files Signed-off-by: Pengyu Lv --- tests/data_files/Makefile | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/tests/data_files/Makefile b/tests/data_files/Makefile index d1aa3ce650..3345237b65 100644 --- a/tests/data_files/Makefile +++ b/tests/data_files/Makefile @@ -1519,17 +1519,17 @@ all_final += pkcs7_data_signed_badsigner1_fuzzbad.der pkcs7_data_signed_badsigner2_badsize.der: pkcs7_data_3_signed.der cp pkcs7_data_3_signed.der $@ echo '72'| xxd -p -r | dd of=$@ bs=1 seek=813 conv=notrunc -all_final += pkcs7_data_signed_badsigner2_badsize +all_final += pkcs7_data_signed_badsigner2_badsize.der pkcs7_data_signed_badsigner2_badtag.der: pkcs7_data_3_signed.der cp pkcs7_data_3_signed.der $@ echo 'a1'| xxd -p -r | dd of=$@ bs=1 seek=817 conv=notrunc -all_final += pkcs7_data_signed_badsigner2_badtag +all_final += pkcs7_data_signed_badsigner2_badtag.der pkcs7_data_signed_badsigner2_fuzzbad.der: pkcs7_data_3_signed.der cp pkcs7_data_3_signed.der $@ echo 'a1'| xxd -p -r | dd of=$@ bs=1 seek=925 conv=notrunc -all_final += pkcs7_data_signed_badsigner2_fuzzbad +all_final += pkcs7_data_signed_badsigner2_fuzzbad.der # pkcs7 file with version 2 pkcs7_data_cert_signed_v2.der: pkcs7_data_cert_signed_sha256.der From cd61b740c581d88b13de0fcd8b03955f24590a54 Mon Sep 17 00:00:00 2001 From: Pengyu Lv Date: Tue, 9 May 2023 12:04:56 +0800 Subject: [PATCH 177/328] Add rules to generate server3.crt Signed-off-by: Pengyu Lv --- tests/data_files/Makefile | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/tests/data_files/Makefile b/tests/data_files/Makefile index 3345237b65..d1dafe043d 100644 --- a/tests/data_files/Makefile +++ b/tests/data_files/Makefile @@ -1324,6 +1324,12 @@ server2-sha256.crt: server2.req.sha256 $(MBEDTLS_CERT_WRITE) request_file=server2.req.sha256 serial=2 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20190210144406 not_after=20290210144406 md=SHA256 version=3 output_file=$@ all_final += server2-sha256.crt +# server3* + +server3.crt: server3.key + $(MBEDTLS_CERT_WRITE) subject_key=$< subject_name="C=NL,O=PolarSSL,CN=localhost" serial=13 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20190210144406 not_after=20290210144406 md=SHA1 version=3 output_file=$@ +all_final += server3.crt + # MD5 test certificate cert_md_test_key = $(cli_crt_key_file_rsa) From f31d18a52bd60285e919809c247d33f402fb0d84 Mon Sep 17 00:00:00 2001 From: Pengyu Lv Date: Wed, 10 May 2023 09:26:41 +0800 Subject: [PATCH 178/328] Add rules to generate server4.crt Signed-off-by: Pengyu Lv --- tests/data_files/Makefile | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/tests/data_files/Makefile b/tests/data_files/Makefile index d1dafe043d..1af31321ac 100644 --- a/tests/data_files/Makefile +++ b/tests/data_files/Makefile @@ -1330,6 +1330,12 @@ server3.crt: server3.key $(MBEDTLS_CERT_WRITE) subject_key=$< subject_name="C=NL,O=PolarSSL,CN=localhost" serial=13 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20190210144406 not_after=20290210144406 md=SHA1 version=3 output_file=$@ all_final += server3.crt +# server4* + +server4.crt: server4.key + $(MBEDTLS_CERT_WRITE) subject_key=$< subject_name="C=NL,O=PolarSSL,CN=localhost" serial=8 issuer_crt=$(test_ca_crt_file_ec) issuer_key=$(test_ca_key_file_ec) not_before=20190210144400 not_after=20290210144400 md=SHA256 version=3 output_file=$@ +all_final += server4.crt + # MD5 test certificate cert_md_test_key = $(cli_crt_key_file_rsa) From 543d912495716bd4499af7845e48b154f8d3d7db Mon Sep 17 00:00:00 2001 From: Pengyu Lv Date: Tue, 23 May 2023 11:54:11 +0800 Subject: [PATCH 179/328] Update server3.crt and server4.crt Signed-off-by: Pengyu Lv --- tests/data_files/server3.crt | 26 ++++++++++++-------------- tests/data_files/server4.crt | 31 +++++++++++++++---------------- 2 files changed, 27 insertions(+), 30 deletions(-) diff --git a/tests/data_files/server3.crt b/tests/data_files/server3.crt index ed0d696b4a..46987c3ef2 100644 --- a/tests/data_files/server3.crt +++ b/tests/data_files/server3.crt @@ -1,17 +1,15 @@ -----BEGIN CERTIFICATE----- -MIICojCCAYqgAwIBAgIBDTANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER -MA8GA1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwHhcN -MTMwODA5MDkxNzAzWhcNMjMwODA3MDkxNzAzWjA0MQswCQYDVQQGEwJOTDERMA8G -A1UEChMIUG9sYXJTU0wxEjAQBgNVBAMTCWxvY2FsaG9zdDBJMBMGByqGSM49AgEG +MIICXDCCAUSgAwIBAgIBDTANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER +MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN +MTkwMjEwMTQ0NDA2WhcNMjkwMjEwMTQ0NDA2WjA0MQswCQYDVQQGEwJOTDERMA8G +A1UECgwIUG9sYXJTU0wxEjAQBgNVBAMMCWxvY2FsaG9zdDBJMBMGByqGSM49AgEG CCqGSM49AwEBAzIABH0AoQyUhPABS38y67uEVs4O3RXmKKrBdUR7/L2QPB8EC2p5 -fQcsej6EFasvlTdJ/6OBkjCBjzAJBgNVHRMEAjAAMB0GA1UdDgQWBBTkF2s2sgaJ -OtleQ7bgZH2Hq33eNzBjBgNVHSMEXDBagBS0WuSls97SUva51aaVD+s+vMf9/6E/ -pD0wOzELMAkGA1UEBhMCTkwxETAPBgNVBAoTCFBvbGFyU1NMMRkwFwYDVQQDExBQ -b2xhclNTTCBUZXN0IENBggEAMA0GCSqGSIb3DQEBBQUAA4IBAQBjmSIjGKD1eH5W -4bl2MXfNIsTwc2vv/MAAhBzBEbTXd3T37+zAGPGjKncvTB+oufUVRGkoKbfoC6Jm -DYSEUuxtnUZOko/C//XlCEtK0TuS2aLEqF3gJjBJTCfthEdAhJCtmPAQDCzeKsdx -CoOtH0NQx6Xl64oDt2wYSQNWUTGLPfRpdsVEvBHhHYATQijkl2ZH8BDjsYcBicrS -qmCeN+0T1B9vrOQVEZe+fwgzVL38n8lkJZNPIbdovA9WLHwXAEzPv4la3w0qh4Tb -kSb8HtILl4I474QxrFywylyXR/p2znPleRIRgB5HtUp9tLSWkB0bwMlqQlg2EHXu -CAQ1sXmQ +fQcsej6EFasvlTdJ/6NNMEswCQYDVR0TBAIwADAdBgNVHQ4EFgQU5BdrNrIGiTrZ +XkO24GR9h6t93jcwHwYDVR0jBBgwFoAUtFrkpbPe0lL2udWmlQ/rPrzH/f8wDQYJ +KoZIhvcNAQEFBQADggEBAKSCuGCXcpDrVwRVgHVlUsxACRDUH2QirsLFAUk1CGsR +SniBgWi+5KGK8fd3Tf+GkVeIZocaf7tnKm0YJg8W5QPDnwrMD2L1SjYFgc7r1G4f +579FOo0qRKdJabTV0e022XFyN77JJHAm8RkjZEnzUuW7k8/RohY8NBzh+KACyHOi +96DhGsBp9LG6QIKB1rxiNx4wq3WUygaMgImoaDRqgAFxJjwRBEhcsWtU2AmoOKdO +hzQp+EzEjn04+ScJpMzMF4FY+kLaz9PlvEO61aQuZsC2fUmk+M6q8xcBNEdoFNvv +0cOl5Liuewb32srAZWCMpbHFxaT9Nd3TxJwFxFCJpvc= -----END CERTIFICATE----- diff --git a/tests/data_files/server4.crt b/tests/data_files/server4.crt index 96b1aa7729..2b4134d66c 100644 --- a/tests/data_files/server4.crt +++ b/tests/data_files/server4.crt @@ -1,18 +1,17 @@ -----BEGIN CERTIFICATE----- -MIIC6jCCAnCgAwIBAgIBCDAKBggqhkjOPQQDAjA+MQswCQYDVQQGEwJOTDERMA8G -A1UEChMIUG9sYXJTU0wxHDAaBgNVBAMTE1BvbGFyc3NsIFRlc3QgRUMgQ0EwHhcN -MTMwOTI0MTU1MjA0WhcNMjMwOTIyMTU1MjA0WjA0MQswCQYDVQQGEwJOTDERMA8G -A1UEChMIUG9sYXJTU0wxEjAQBgNVBAMTCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcN -AQEBBQADggEPADCCAQoCggEBAKvXjL5VfYc7D/truqEpYcZcvlUhnuCNDJctYDJL -vgYYj5uxDxLHBXvnEHLgO5K+lps42p+r/dd4oE64ttRoeZZUvr+7eBnW35n0EpPA -Ik9Gwu+vg7GfxmifgIR8hZnOQkt2OjvvpChPCxvUailtB450Izh+mEK/hYFr+7Jl -NnxR1XQlbbyDM7Ect1HwYcuS3MBlBqq048J+0KEkQXICSjKeHFga9eDCq+Jyfqe5 -bt0K30hl1N0164B7aoh08Eomme+aSuAsz+MsJ3m7AO2DUYdrDxlrky1QrvRWWfX0 -d8djTM+uHTo1DviRM6o9+P9DfoFd53/Z0Km03sVLQWvUrhECAwEAAaOBnTCBmjAJ -BgNVHRMEAjAAMB0GA1UdDgQWBBTAlAm1+0L41mhqYWjFiejsRVrGeTBuBgNVHSME -ZzBlgBSdbSAkSQE/K8t4tRm8fiTJ2/s2fKFCpEAwPjELMAkGA1UEBhMCTkwxETAP -BgNVBAoTCFBvbGFyU1NMMRwwGgYDVQQDExNQb2xhcnNzbCBUZXN0IEVDIENBggkA -wUPifmJDzOgwCgYIKoZIzj0EAwIDaAAwZQIxAPWlxnMcjBaxaVieQYSLBqzizS3/ -O8Na6owRGPk0/UK+j5O9NTBHk+uXW/fQblKamQIwUQl4dl6gkRDE4rBR/yGjZZ1Z -3dEpvL2Wimt3keD7AcLpYB2FJ1mVcY1XQUeK1Vfc +MIICnTCCAiGgAwIBAgIBCDAMBggqhkjOPQQDAgUAMD4xCzAJBgNVBAYTAk5MMREw +DwYDVQQKDAhQb2xhclNTTDEcMBoGA1UEAwwTUG9sYXJzc2wgVGVzdCBFQyBDQTAe +Fw0xOTAyMTAxNDQ0MDBaFw0yOTAyMTAxNDQ0MDBaMDQxCzAJBgNVBAYTAk5MMREw +DwYDVQQKDAhQb2xhclNTTDESMBAGA1UEAwwJbG9jYWxob3N0MIIBIjANBgkqhkiG +9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq9eMvlV9hzsP+2u6oSlhxly+VSGe4I0Mly1g +Mku+BhiPm7EPEscFe+cQcuA7kr6Wmzjan6v913igTri21Gh5llS+v7t4GdbfmfQS +k8AiT0bC76+DsZ/GaJ+AhHyFmc5CS3Y6O++kKE8LG9RqKW0HjnQjOH6YQr+FgWv7 +smU2fFHVdCVtvIMzsRy3UfBhy5LcwGUGqrTjwn7QoSRBcgJKMp4cWBr14MKr4nJ+ +p7lu3QrfSGXU3TXrgHtqiHTwSiaZ75pK4CzP4ywnebsA7YNRh2sPGWuTLVCu9FZZ +9fR3x2NMz64dOjUO+JEzqj34/0N+gV3nf9nQqbTexUtBa9SuEQIDAQABo00wSzAJ +BgNVHRMEAjAAMB0GA1UdDgQWBBTAlAm1+0L41mhqYWjFiejsRVrGeTAfBgNVHSME +GDAWgBSdbSAkSQE/K8t4tRm8fiTJ2/s2fDAMBggqhkjOPQQDAgUAA2gAMGUCMQDB +ek00E3uHPwnUDBVAPRJThsj2mQr/MSCTwRMNXnNlki9Lux0qGd6uvhp5v31I7V0C +MDiCHwEm55sU4gWrAxYVKVVV9qMTG2Moy4YnJDDlxwpyXPta5Ac2FV+0AbInBXSM +Bg== -----END CERTIFICATE----- From b7b40b494d78d36e27647a7f321244fa17236140 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Sun, 23 Apr 2023 17:49:39 +0800 Subject: [PATCH 180/328] Add rules to generate server5[-badsign].crt Signed-off-by: Jerry Yu --- tests/data_files/Makefile | 13 +++++++++++++ tests/data_files/server5.crt.openssl.v3_ext | 3 +++ 2 files changed, 16 insertions(+) create mode 100644 tests/data_files/server5.crt.openssl.v3_ext diff --git a/tests/data_files/Makefile b/tests/data_files/Makefile index 1af31321ac..7e1d94b771 100644 --- a/tests/data_files/Makefile +++ b/tests/data_files/Makefile @@ -1173,6 +1173,19 @@ all_final += server2.key.enc # server5* +server5.csr: server5.key + $(OPENSSL) req -new -subj "/C=NL/O=PolarSSL/CN=localhost" \ + -key $< -out $@ +all_intermediate += server5.csr +server5.crt: server5.csr + $(OPENSSL) x509 -req -CA $(test_ca_crt_cat21) -CAkey $(test_ca_key_file_ec) \ + -extfile server5.crt.openssl.v3_ext -set_serial 9 -days 3650 -sha256 -in $< -out $@ +all_final += server5.crt + +server5-badsign.crt: server5.crt + { head -n-2 $<; tail -n-2 $< | sed -e '1s/0\(=*\)$$/_\1/' -e '1s/[^_=]\(=*\)$$/0\1/' -e '1s/_/1/'; } > $@ +all_final += server5-badsign.crt + # The use of 'Server 1' in the DN is intentional here, as the DN is hardcoded in the x509_write test suite.' server5.req.ku.sha1: server5.key $(MBEDTLS_CERT_REQ) output_file=$@ filename=$< key_usage=digital_signature,non_repudiation subject_name="C=NL,O=PolarSSL,CN=PolarSSL Server 1" md=SHA1 diff --git a/tests/data_files/server5.crt.openssl.v3_ext b/tests/data_files/server5.crt.openssl.v3_ext new file mode 100644 index 0000000000..594e90ad09 --- /dev/null +++ b/tests/data_files/server5.crt.openssl.v3_ext @@ -0,0 +1,3 @@ +basicConstraints = CA:false +subjectKeyIdentifier=hash +authorityKeyIdentifier=keyid:always,issuer:always From 460b6cf0ba7ec2a962a466a1e50f30b042c39caf Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Mon, 24 Apr 2023 17:03:15 +0800 Subject: [PATCH 181/328] Add server5-der*crt generate command Signed-off-by: Jerry Yu --- tests/data_files/Makefile | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) diff --git a/tests/data_files/Makefile b/tests/data_files/Makefile index 7e1d94b771..5366b972c6 100644 --- a/tests/data_files/Makefile +++ b/tests/data_files/Makefile @@ -348,6 +348,30 @@ server5-directoryname.crt.der: server5.key server5-two-directorynames.crt.der: server5.key $(OPENSSL) req -x509 -outform der -new -subj "/C=UK/O=Mbed TLS/CN=Mbed TLS directoryName SAN" -set_serial 77 -config $(test_ca_config_file) -extensions two_directorynames -days 3650 -sha256 -key server5.key -out $@ +server5-der0.crt: server5.crt.der + cp $< $@ +server5-der1a.crt: server5.crt.der + cp $< $@ + echo '00' | xxd -r -p | dd of=$@ bs=1 seek=$(shell du -b $< | cut -f1) conv=notrunc +server5-der1b.crt: server5.crt.der + cp $< $@ + echo 'c1' | xxd -r -p | dd of=$@ bs=1 seek=$(shell du -b $< | cut -f1) conv=notrunc +server5-der2.crt: server5.crt.der + cp $< $@ + echo 'b90a' | xxd -r -p | dd of=$@ bs=1 seek=$(shell du -b $< | cut -f1) conv=notrunc +server5-der4.crt: server5.crt.der + cp $< $@ + echo 'a710945f' | xxd -r -p | dd of=$@ bs=1 seek=$(shell du -b $< | cut -f1) conv=notrunc +server5-der8.crt: server5.crt.der + cp $< $@ + echo 'a4a7ff27267aaa0f' | xxd -r -p | dd of=$@ bs=1 seek=$(shell du -b $< | cut -f1) conv=notrunc +server5-der9.crt: server5.crt.der + cp $< $@ + echo 'cff8303376ffa47a29' | xxd -r -p | dd of=$@ bs=1 seek=$(shell du -b $< | cut -f1) conv=notrunc +all_final += server5-der0.crt server5-der1b.crt server5-der4.crt \ + server5-der9.crt server5-der1a.crt server5-der2.crt \ + server5-der8.crt + # directoryname sequence tag malformed server5-directoryname-seq-malformed.crt.der: server5-two-directorynames.crt.der hexdump -ve '1/1 "%.2X"' $< | sed "s/62A4473045310B/62A4473145310B/" | xxd -r -p > $@ From 540b0220a09b994c43755283aa46260b1a58e3a9 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Fri, 12 May 2023 16:31:26 +0800 Subject: [PATCH 182/328] Add rules to generate server5-sha*.crt Signed-off-by: Jerry Yu --- tests/data_files/Makefile | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/tests/data_files/Makefile b/tests/data_files/Makefile index 5366b972c6..9a290b5857 100644 --- a/tests/data_files/Makefile +++ b/tests/data_files/Makefile @@ -1201,10 +1201,14 @@ server5.csr: server5.key $(OPENSSL) req -new -subj "/C=NL/O=PolarSSL/CN=localhost" \ -key $< -out $@ all_intermediate += server5.csr -server5.crt: server5.csr - $(OPENSSL) x509 -req -CA $(test_ca_crt_cat21) -CAkey $(test_ca_key_file_ec) \ - -extfile server5.crt.openssl.v3_ext -set_serial 9 -days 3650 -sha256 -in $< -out $@ -all_final += server5.crt +server5.crt: server5-sha256.crt + cp $< $@ +all_intermediate += server5-sha256.crt +server5-sha%.crt: server5.csr $(test_ca_crt_file_ec) $(test_ca_key_file_ec) server5.crt.openssl.v3_ext + $(OPENSSL) x509 -req -CA $(test_ca_crt_file_ec) -CAkey $(test_ca_key_file_ec) \ + -extfile server5.crt.openssl.v3_ext -set_serial 9 -days 3650 \ + -sha$(@:server5-sha%.crt=%) -in $< -out $@ +all_final += server5.crt server5-sha1.crt server5-sha224.crt server5-sha384.crt server5-sha512.crt server5-badsign.crt: server5.crt { head -n-2 $<; tail -n-2 $< | sed -e '1s/0\(=*\)$$/_\1/' -e '1s/[^_=]\(=*\)$$/0\1/' -e '1s/_/1/'; } > $@ From 964ddb5cb4568d2eeee7997b112d538c3bbb679e Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Tue, 9 May 2023 13:46:38 +0800 Subject: [PATCH 183/328] Add rules to generate server6.crt Signed-off-by: Jerry Yu --- tests/data_files/Makefile | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/tests/data_files/Makefile b/tests/data_files/Makefile index 9a290b5857..b95d1f64f9 100644 --- a/tests/data_files/Makefile +++ b/tests/data_files/Makefile @@ -1219,6 +1219,17 @@ server5.req.ku.sha1: server5.key $(MBEDTLS_CERT_REQ) output_file=$@ filename=$< key_usage=digital_signature,non_repudiation subject_name="C=NL,O=PolarSSL,CN=PolarSSL Server 1" md=SHA1 all_final += server5.req.ku.sha1 +# server6* + +server6.csr: server6.key + $(OPENSSL) req -new -subj "/C=NL/O=PolarSSL/CN=localhost" \ + -key $< -out $@ +all_intermediate += server6.csr +server6.crt: server6.csr $(test_ca_crt_file_ec) $(test_ca_key_file_ec) + $(OPENSSL) x509 -req -CA $(test_ca_crt_file_ec) -CAkey $(test_ca_key_file_ec) \ + -extfile server5.crt.openssl.v3_ext -set_serial 10 -days 3650 -sha256 -in $< -out $@ +all_final += server6.crt + ################################################################ ### Generate certificates for CRT write check tests ################################################################ From 2d5e6aecdf36e6563e35faf1a64894220ff9d43e Mon Sep 17 00:00:00 2001 From: Pengyu Lv Date: Fri, 12 May 2023 16:27:26 +0800 Subject: [PATCH 184/328] Add rules to generate server7*.crt Signed-off-by: Pengyu Lv --- tests/data_files/Makefile | 38 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 38 insertions(+) diff --git a/tests/data_files/Makefile b/tests/data_files/Makefile index b95d1f64f9..3b7da60e44 100644 --- a/tests/data_files/Makefile +++ b/tests/data_files/Makefile @@ -271,23 +271,60 @@ cli-rsa.key.der: $(cli_crt_key_file_rsa) all_final += cli-rsa.key.der test_ca_int_rsa1 = test-int-ca.crt +test_ca_int_ec = test-int-ca2.crt + +# server7* server7.csr: server7.key $(OPENSSL) req -new -key server7.key -subj "/C=NL/O=PolarSSL/CN=localhost" -out $@ all_intermediate += server7.csr + +server7.crt: server7.csr $(test_ca_int_rsa1) + $(OPENSSL) x509 -req -extfile $(cli_crt_extensions_file) -extensions cli-rsa -CA $(test_ca_int_rsa1) -CAkey test-int-ca.key -set_serial 16 -days 3653 -sha256 -in server7.csr > $@ +all_final += server7.crt + server7-expired.crt: server7.csr $(test_ca_int_rsa1) $(FAKETIME) -f -3653d $(OPENSSL) x509 -req -extfile $(cli_crt_extensions_file) -extensions cli-rsa -CA $(test_ca_int_rsa1) -CAkey test-int-ca.key -set_serial 16 -days 3653 -sha256 -in server7.csr | cat - $(test_ca_int_rsa1) > $@ all_final += server7-expired.crt + server7-future.crt: server7.csr $(test_ca_int_rsa1) $(FAKETIME) -f +3653d $(OPENSSL) x509 -req -extfile $(cli_crt_extensions_file) -extensions cli-rsa -CA $(test_ca_int_rsa1) -CAkey test-int-ca.key -set_serial 16 -days 3653 -sha256 -in server7.csr | cat - $(test_ca_int_rsa1) > $@ all_final += server7-future.crt + server7-badsign.crt: server7.crt $(test_ca_int_rsa1) { head -n-2 $<; tail -n-2 $< | sed -e '1s/0\(=*\)$$/_\1/' -e '1s/[^_=]\(=*\)$$/0\1/' -e '1s/_/1/'; cat $(test_ca_int_rsa1); } > $@ all_final += server7-badsign.crt + +server7_int-ca.crt: server7.crt $(test_ca_int_rsa1) + cat server7.crt $(test_ca_int_rsa1) > $@ +all_final += server7_int-ca.crt + +server7_pem_space.crt: server7.crt $(test_ca_int_rsa1) + cat server7.crt $(test_ca_int_rsa1) | sed '4s/\(.\)$$/ \1/' > $@ +all_final += server7_pem_space.crt + +server7_all_space.crt: server7.crt $(test_ca_int_rsa1) + { cat server7.crt | sed '4s/\(.\)$$/ \1/'; cat test-int-ca.crt | sed '4s/\(.\)$$/ \1/'; } > $@ +all_final += server7_all_space.crt + +server7_trailing_space.crt: server7.crt $(test_ca_int_rsa1) + cat server7.crt $(test_ca_int_rsa1) | sed 's/\(.\)$$/\1 /' > $@ +all_final += server7_trailing_space.crt + +server7_int-ca_ca2.crt: server7.crt $(test_ca_int_rsa1) $(test_ca_crt_file_ec) + cat server7.crt $(test_ca_int_rsa1) $(test_ca_crt_file_ec) > $@ +all_final += server7_int-ca_ca2.crt + server7_int-ca-exp.crt: server7.crt test-int-ca-exp.crt cat server7.crt test-int-ca-exp.crt > $@ all_final += server7_int-ca-exp.crt +server7_spurious_int-ca.crt: server7.crt $(test_ca_int_ec) $(test_ca_int_rsa1) + cat server7.crt $(test_ca_int_ec) $(test_ca_int_rsa1) > $@ +all_final += server7_spurious_int-ca.crt + +server7_all: server7.crt server7-badsign.crt server7-expired.crt server7-future.crt server7_int-ca-exp.crt server7_int-ca.crt server7_int-ca_ca2.crt server7_all_space.crt server7_pem_space.crt server7_trailing_space.crt server7_spurious_int-ca.crt + cli2.req.sha256: cli2.key $(MBEDTLS_CERT_REQ) output_file=$@ filename=$< subject_name="C=NL,O=PolarSSL,CN=PolarSSL Test Client 2" md=SHA256 @@ -1648,6 +1685,7 @@ all: $(all_intermediate) $(all_final) .PHONY: keys_rsa_enc_pkcs8_v1_2048 keys_rsa_enc_pkcs8_v2_2048 .PHONY: keys_rsa_enc_pkcs8_v1_4096 keys_rsa_enc_pkcs8_v2_4096 .PHONY: server1_all +.PHONY: server7_all # These files should not be committed to the repository. list_intermediate: From 44c42fe30353e095c0df8a4f04e50cfe93adcc55 Mon Sep 17 00:00:00 2001 From: Pengyu Lv Date: Fri, 12 May 2023 17:52:09 +0800 Subject: [PATCH 185/328] Add rules to generate server8*.crt Signed-off-by: Pengyu Lv --- tests/data_files/Makefile | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/tests/data_files/Makefile b/tests/data_files/Makefile index 3b7da60e44..e5cbbee52d 100644 --- a/tests/data_files/Makefile +++ b/tests/data_files/Makefile @@ -272,6 +272,7 @@ all_final += cli-rsa.key.der test_ca_int_rsa1 = test-int-ca.crt test_ca_int_ec = test-int-ca2.crt +test_ca_int_key_file_ec = test-int-ca2.key # server7* @@ -325,6 +326,18 @@ all_final += server7_spurious_int-ca.crt server7_all: server7.crt server7-badsign.crt server7-expired.crt server7-future.crt server7_int-ca-exp.crt server7_int-ca.crt server7_int-ca_ca2.crt server7_all_space.crt server7_pem_space.crt server7_trailing_space.crt server7_spurious_int-ca.crt +# server8* + +server8.crt: server8.key + $(MBEDTLS_CERT_WRITE) subject_key=$< subject_name="C=NL, O=PolarSSL, CN=localhost" serial=17 issuer_crt=$(test_ca_int_ec) issuer_key=$(test_ca_int_key_file_ec) not_before=20190210144406 not_after=20290210144406 md=SHA256 version=3 output_file=$@ +all_final += server8.crt + +server8_int-ca2.crt: server8.crt $(test_ca_int_ec) + cat $^ > $@ +all_final += server8_int-ca2.crt + +server8_all: server8.crt server8_int-ca2.crt + cli2.req.sha256: cli2.key $(MBEDTLS_CERT_REQ) output_file=$@ filename=$< subject_name="C=NL,O=PolarSSL,CN=PolarSSL Test Client 2" md=SHA256 @@ -1686,6 +1699,7 @@ all: $(all_intermediate) $(all_final) .PHONY: keys_rsa_enc_pkcs8_v1_4096 keys_rsa_enc_pkcs8_v2_4096 .PHONY: server1_all .PHONY: server7_all +.PHONY: server8_all # These files should not be committed to the repository. list_intermediate: From 309d434f940a04e56b2eb2232845503d3912d3c6 Mon Sep 17 00:00:00 2001 From: Pengyu Lv Date: Mon, 15 May 2023 11:07:55 +0800 Subject: [PATCH 186/328] Add rules to generate server10*.crt Signed-off-by: Pengyu Lv --- tests/data_files/Makefile | 21 ++++++++++++++++++--- 1 file changed, 18 insertions(+), 3 deletions(-) diff --git a/tests/data_files/Makefile b/tests/data_files/Makefile index e5cbbee52d..6fe3fbc759 100644 --- a/tests/data_files/Makefile +++ b/tests/data_files/Makefile @@ -438,18 +438,33 @@ rsa_single_san_uri.crt.der: rsa_single_san_uri.key rsa_multiple_san_uri.crt.der: rsa_multiple_san_uri.key $(OPENSSL) req -x509 -outform der -nodes -days 7300 -newkey rsa:2048 -key $< -out $@ -addext "subjectAltName = URI:urn:example.com:5ff40f78-9210-494f-8206-c2c082f0609c, URI:urn:example.com:5ff40f78-9210-494f-8206-abcde1234567" -extensions 'v3_req' -subj "/C=UK/O=Mbed TLS/CN=Mbed TLS URI SAN" +test-int-ca3-badsign.crt: test-int-ca3.crt + { head -n-2 $<; tail -n-2 $< | sed -e '1s/0\(=*\)$$/_\1/' -e '1s/[^_=]\(=*\)$$/0\1/' -e '1s/_/1/'; } > $@ +all_final += test-int-ca3-badsign.crt + +# server10* + +server10.crt: server10.key test-int-ca3.crt test-int-ca3.key + $(MBEDTLS_CERT_WRITE) subject_key=$< subject_name="CN=localhost" serial=75 issuer_crt=test-int-ca3.crt issuer_key=test-int-ca3.key subject_identifier=0 authority_identifier=0 not_before=20190210144406 not_after=20290210144406 md=SHA256 version=3 output_file=$@ +all_final += server10.crt server10-badsign.crt: server10.crt { head -n-2 $<; tail -n-2 $< | sed -e '1s/0\(=*\)$$/_\1/' -e '1s/[^_=]\(=*\)$$/0\1/' -e '1s/_/1/'; } > $@ all_final += server10-badsign.crt server10-bs_int3.pem: server10-badsign.crt test-int-ca3.crt cat server10-badsign.crt test-int-ca3.crt > $@ all_final += server10-bs_int3.pem -test-int-ca3-badsign.crt: test-int-ca3.crt - { head -n-2 $<; tail -n-2 $< | sed -e '1s/0\(=*\)$$/_\1/' -e '1s/[^_=]\(=*\)$$/0\1/' -e '1s/_/1/'; } > $@ -all_final += test-int-ca3-badsign.crt server10_int3-bs.pem: server10.crt test-int-ca3-badsign.crt cat server10.crt test-int-ca3-badsign.crt > $@ all_final += server10_int3-bs.pem +server10_int3_int-ca2.crt: server10.crt test-int-ca3.crt $(test_ca_int_ec) + cat $^ > $@ +all_final += server10_int3_int-ca2.crt +server10_int3_int-ca2_ca.crt: server10.crt test-int-ca3.crt $(test_ca_int_ec) $(test_ca_crt) + cat $^ > $@ +all_final += server10_int3_int-ca2_ca.crt +server10_int3_spurious_int-ca2.crt: server10.crt test-int-ca3.crt $(test_ca_int_rsa1) $(test_ca_int_ec) + cat $^ > $@ +all_final += server10_int3_spurious_int-ca2.crt rsa_pkcs1_2048_public.pem: server8.key $(OPENSSL) rsa -in $< -outform PEM -RSAPublicKey_out -out $@ From 467deeffbba0e20daa8d820b58ee91e9efb00b1d Mon Sep 17 00:00:00 2001 From: Pengyu Lv Date: Fri, 12 May 2023 12:04:50 +0800 Subject: [PATCH 187/328] Add rules to generate test-ca2_cat-*.crt Signed-off-by: Pengyu Lv --- tests/data_files/Makefile | 23 ++++++++++++++++++++++- 1 file changed, 22 insertions(+), 1 deletion(-) diff --git a/tests/data_files/Makefile b/tests/data_files/Makefile index 6fe3fbc759..80da98273c 100644 --- a/tests/data_files/Makefile +++ b/tests/data_files/Makefile @@ -171,7 +171,28 @@ all_intermediate += test-ca2.req.sha256 test-ca2.crt: $(test_ca_key_file_ec) test-ca2.req.sha256 $(MBEDTLS_CERT_WRITE) is_ca=1 serial=13926223505202072808 request_file=test-ca2.req.sha256 selfsign=1 issuer_name="C=NL,O=PolarSSL,CN=Polarssl Test EC CA" issuer_key=$(test_ca_key_file_ec) not_before=20190210144400 not_after=20290210144400 md=SHA256 version=3 output_file=$@ -all_final += test-ca.crt +all_final += test-ca2.crt + +test-ca2-future.crt: $(test_ca_key_file_ec) test-ca2.req.sha256 + $(MBEDTLS_CERT_WRITE) is_ca=1 serial=13926223505202072808 request_file=test-ca2.req.sha256 selfsign=1 issuer_name="C=NL,O=PolarSSL,CN=Polarssl Test EC CA" issuer_key=$(test_ca_key_file_ec) not_before=20290210144400 not_after=20390210144400 md=SHA256 version=3 output_file=$@ +all_intermediate += test-ca2-future.crt + +test_ca_ec_cat := # files that concatenate different crt +test-ca2_cat-future-invalid.crt: test-ca2-future.crt server6.crt +test_ca_ec_cat += test-ca2_cat-future-invalid.crt +test-ca2_cat-future-present.crt: test-ca2-future.crt test-ca2.crt +test_ca_ec_cat += test-ca2_cat-future-present.crt +test-ca2_cat-present-future.crt: test-ca2.crt test-ca2-future.crt +test_ca_ec_cat += test-ca2_cat-present-future.crt +test-ca2_cat-present-past.crt: test-ca2.crt test-ca2-expired.crt +test_ca_ec_cat += test-ca2_cat-present-past.crt +test-ca2_cat-past-invalid.crt: test-ca2-expired.crt server6.crt +test_ca_ec_cat += test-ca2_cat-past-invalid.crt +test-ca2_cat-past-present.crt: test-ca2-expired.crt test-ca2.crt +test_ca_ec_cat += test-ca2_cat-past-present.crt +$(test_ca_ec_cat): + cat $^ > $@ +all_final += $(test_ca_ec_cat) test-ca-any_policy.crt: $(test_ca_key_file_rsa) test-ca.req.sha256 $(OPENSSL) req -x509 -config $(test_ca_config_file) -extensions v3_any_policy_ca -key $(test_ca_key_file_rsa) -passin "pass:$(test_ca_pwd_rsa)" -set_serial 0 -days 3653 -sha256 -in test-ca.req.sha256 -out $@ From 0f704b094b9a730b9fa56aa85e72a24f585a0323 Mon Sep 17 00:00:00 2001 From: Pengyu Lv Date: Tue, 23 May 2023 17:40:25 +0800 Subject: [PATCH 188/328] Update server5[-der*|-sha*].crt Signed-off-by: Pengyu Lv --- tests/data_files/server5-badsign.crt | 18 +++++++++--------- tests/data_files/server5-der0.crt | Bin 547 -> 548 bytes tests/data_files/server5-der1a.crt | Bin 548 -> 549 bytes tests/data_files/server5-der1b.crt | Bin 548 -> 549 bytes tests/data_files/server5-der2.crt | Bin 549 -> 550 bytes tests/data_files/server5-der4.crt | Bin 551 -> 552 bytes tests/data_files/server5-der8.crt | Bin 555 -> 556 bytes tests/data_files/server5-der9.crt | Bin 556 -> 557 bytes tests/data_files/server5-sha1.crt | 18 +++++++++--------- tests/data_files/server5-sha224.crt | 18 +++++++++--------- tests/data_files/server5-sha384.crt | 18 +++++++++--------- tests/data_files/server5-sha512.crt | 18 +++++++++--------- tests/data_files/server5.crt | 18 +++++++++--------- tests/data_files/server5.crt.der | Bin 547 -> 548 bytes 14 files changed, 54 insertions(+), 54 deletions(-) diff --git a/tests/data_files/server5-badsign.crt b/tests/data_files/server5-badsign.crt index 0c65072330..b641f70196 100644 --- a/tests/data_files/server5-badsign.crt +++ b/tests/data_files/server5-badsign.crt @@ -1,14 +1,14 @@ -----BEGIN CERTIFICATE----- -MIICHzCCAaWgAwIBAgIBCTAKBggqhkjOPQQDAjA+MQswCQYDVQQGEwJOTDERMA8G -A1UEChMIUG9sYXJTU0wxHDAaBgNVBAMTE1BvbGFyc3NsIFRlc3QgRUMgQ0EwHhcN -MTMwOTI0MTU1MjA0WhcNMjMwOTIyMTU1MjA0WjA0MQswCQYDVQQGEwJOTDERMA8G -A1UEChMIUG9sYXJTU0wxEjAQBgNVBAMTCWxvY2FsaG9zdDBZMBMGByqGSM49AgEG +MIICIDCCAaWgAwIBAgIBCTAKBggqhkjOPQQDAjA+MQswCQYDVQQGEwJOTDERMA8G +A1UECgwIUG9sYXJTU0wxHDAaBgNVBAMME1BvbGFyc3NsIFRlc3QgRUMgQ0EwHhcN +MjMwNTE3MDcxMDM2WhcNMzMwNTE0MDcxMDM2WjA0MQswCQYDVQQGEwJOTDERMA8G +A1UECgwIUG9sYXJTU0wxEjAQBgNVBAMMCWxvY2FsaG9zdDBZMBMGByqGSM49AgEG CCqGSM49AwEHA0IABDfMVtl2CR5acj7HWS3/IG7ufPkGkXTQrRS192giWWKSTuUA 2CMR/+ov0jRdXRa9iojCa3cNVc2KKg76Aci07f+jgZ0wgZowCQYDVR0TBAIwADAd BgNVHQ4EFgQUUGGlj9QH2deCAQzlZX+MY0anE74wbgYDVR0jBGcwZYAUnW0gJEkB -PyvLeLUZvH4kydv7NnyhQqRAMD4xCzAJBgNVBAYTAk5MMREwDwYDVQQKEwhQb2xh -clNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBFQyBDQYIJAMFD4n5iQ8zoMAoG -CCqGSM49BAMCA2gAMGUCMQCaLFzXptui5WQN8LlO3ddh1hMxx6tzgLvT03MTVK2S -C12r0Lz3ri/moSEpNZWqPjkCMCE2f53GXcYLqyfyJR078c/xNSUU5+Xxl7VZ414V -fGa5kHvHARBPc8YAIVIqDvHH1A== +PyvLeLUZvH4kydv7NnyhQqRAMD4xCzAJBgNVBAYTAk5MMREwDwYDVQQKDAhQb2xh +clNTTDEcMBoGA1UEAwwTUG9sYXJzc2wgVGVzdCBFQyBDQYIJAMFD4n5iQ8zoMAoG +CCqGSM49BAMCA2kAMGYCMQDg6p7PPfr2+n7nGvya3pU4ust3k7Obk4/tZX+uHHRQ +qaccsyULeFNzkyRvWHFeT5sCMQCzDJX79Ii7hILYza/iXWJe/BjJEE8MteCRGXDN +06jC+BLgOH1KQV9ArqEh3AhOhE0= -----END CERTIFICATE----- diff --git a/tests/data_files/server5-der0.crt b/tests/data_files/server5-der0.crt index 08d8dd311b525fd51171a1019ad3194dad91580a..1e0a00894d5bfae4e3fb4be83c5dedc703b6b739 100644 GIT binary patch delta 246 zcmZ3?vV?`jpovLgB8!0+4@W?LPGV7Tu#cgPffO5aC<`->Fj%O#I7cBQwYWsV)mg#W z(Lhd|*T~qw)X?0(+|a<-EJ~c$7{oP!at%x-%87{}nI>c)05NUiic84ia9bw#G3sPx zG8m*W88SS0HSfIbuW!HVo=g3ib#JQ0uG8g{H_x8j|2DOLolHr<%H=YfRknO*hW2e-xV(_ebKSfIrXH2NNX=&R$+|=!eh)i&`(oc!zZh L74LBPwRivk`~6jv delta 245 zcmZ3&vY3U%povL-B8!2SFh@XsPGV7Tu#cgPffO5aC=0W&Fj%O#I7cBQwYWsV)mg#W z(Lhd|*U;F&(#XWn)YQnpBubpu2*fplat%x-%87{}nI>c)05NUiic84ia9bw#G3sPy zFc_pV88Xb$iMhV)_M)dLydQS@-MyZ8P1x}G>f(momoFC!hpe5%9lQF%p6~1QpDk3> zG@ZK2&XUPM(X4*%vDjnWtJOcL%36Os|It)cFj%O#I7cBQwYWsV)mg#W z(Lhd|*T~qw)X?0(+|a<-EJ~c$7{oP!at%x-%87{}nI>c)05NUiic84ia9bw#G3sPz zG8m*W88SS0HSfIbuW!HVo=g3ib#JQ0uG8g{H_x8j|2DOLolHr<%H=YfRknO*hW2e-xV(_ebKSfIrXH2NNX=&R$+|=!eh)i&`(oc!zZh M74LBPwRkW908{u?mjD0& delta 246 zcmZ3=vV?`jpovL-B8!2SFh@XsPGV7Tu#cgPffO5aC=0W&Fj%O#I7cBQwYWsV)mg#W z(Lhd|*U;F&(#XWn)YQnpBubpu2*fplat%x-%87{}nI>c)05NUiic84ia9bw#G3sPx zFc_pV88Xb$iMhV)_M)dLydQS@-MyZ8P1x}G>f(momoFC!hpe5%9lQF%p6~1QpDk3> zG@ZK2&XUPM(X4*%vDjnWtJOcL%36Os|It)cFj%O#I7cBQwYWsV)mg#W z(Lhd|*T~qw)X?0(+|a<-EJ~c$7{oP!at%x-%87{}nI>c)05NUiic84ia9bw#G3sPz zG8m*W88SS0HSfIbuW!HVo=g3ib#JQ0uG8g{H_x8j|2DOLolHr<%H=YfRknO*hW2e-xV(_ebKSfIrXH2NNX=&R$+|=!eh)i&`(oc!zZh M74LBPwRju^093hFSO5S3 delta 246 zcmZ3=vV?`jpovL-B8!2SFh@XsPGV7Tu#cgPffO5aC=0W&Fj%O#I7cBQwYWsV)mg#W z(Lhd|*U;F&(#XWn)YQnpBubpu2*fplat%x-%87{}nI>c)05NUiic84ia9bw#G3sPx zFc_pV88Xb$iMhV)_M)dLydQS@-MyZ8P1x}G>f(momoFC!hpe5%9lQF%p6~1QpDk3> zG@ZK2&XUPM(X4*%vDjnWtJOcL%36Os|It)cFj%O#I7cBQwYWsV)mg#W z(Lhd|*T~qw)X?0(+|a<-EJ~c$7{oP!at%x-%87{}nI>c)05NUiic84ia9bw#G3w-G zG8m*W88SS0HSfIbuW!HVo=g3ib#JQ0uG8g{H_x8j|2DOLolHr<%H=YfRknO*hW2e-xV(_ebKSfIrXH2NNX=&R$+|=!eh)i&`(oc!zZh N74LBPwRr600syUMR$Tx9 delta 247 zcmZ3+vXq6zpovL-B8!2SFh@XsPGV7Tu#cgPffO5aC=0W&Fj%O#I7cBQwYWsV)mg#W z(Lhd|*U;F&(#XWn)YQnpBubpu2*fplat%x-%87{}nI>c)05NUiic84ia9bw#G3sPz zFc_pV88Xb$iMhV)_M)dLydQS@-MyZ8P1x}G>f(momoFC!hpe5%9lQF%p6~1QpDk3> zG@ZK2&XUPM(X4*%vDjnWtJOcL%36Os|It)c0syp!Q;`4w diff --git a/tests/data_files/server5-der4.crt b/tests/data_files/server5-der4.crt index 4af05cce1ed05ea02e9fac3fed3a0904b44799b0..4ceed41c496a286d6d7ae2c225d0f6376618d770 100644 GIT binary patch delta 250 zcmZ3^vVw)hpovLgB8!0+4@W?LPGV7Tu#cgPffO5aC<`->Fj%O#I7cBQwYWsV)mg#W z(Lhd|*T~qw)X?0(+|a<-EJ~c$7{oP!at%x-%87{}nI>c)05NUiic84ia9bw#G3w-H zG8m*W88SS0HSfIbuW!HVo=g3ib#JQ0uG8g{H_x8j|2DOLolHr<%H=YfRknO*hW2e-xV(_ebKSfIrXH2NNX=&R$+|=!eh)i&`(oc!zZh P74LBPwRkKSm=X^FU_w_) delta 249 zcmZ3%vYds*povL-B8!2SFh@XsPGV7Tu#cgPffO5aC=0W&Fj%O#I7cBQwYWsV)mg#W z(Lhd|*U;F&(#XWn)YQnpBubpu2*fplat%x-%87{}nI>c)05NUiic84ia9bw#G3w-I zFc_pV88Xb$iMhV)_M)dLydQS@-MyZ8P1x}G>f(momoFC!hpe5%9lQF%p6~1QpDk3> zG@ZK2&XUPM(X4*%vDjnWtJOcL%36Os|It)cFj%O#I7cBQwYWsV)mg#W z(Lhd|*T~qw)X?0(+|a<-EJ~c$7{oP!at%x-%87{}nI>c)05NUiic84ia9bw#G3pd$ zG8m*W88SS0HSfIbuW!HVo=g3ib#JQ0uG8g{H_x8j|2DOLolHr<%H=YfRknO*hW2e-xV(_ebKSfIrXH2NNX=&R$+|=!eh)i&`(oc!zZh T74LBPwRkL9{$E|KY85{K&c)05NUiic84ia9bw#G3pd% zFc_pV88Xb$iMhV)_M)dLydQS@-MyZ8P1x}G>f(momoFC!hpe5%9lQF%p6~1QpDk3> zG@ZK2&XUPM(X4*%vDjnWtJOcL%36Os|It)cFj%O#I7cBQwYWsV)mg#W z(Lhd|*T~qw)X?0(+|a<-EJ~c$7{oP!at%x-%87{}nI>c)05NUiic84ia9bw#G3pd& zG8m*W88SS0HSfIbuW!HVo=g3ib#JQ0uG8g{H_x8j|2DOLolHr<%H=YfRknO*hW2e-xV(_ebKSfIrXH2NNX=&R$+|=!eh)i&`(oc!zZh U74LBPwRoKWVPIVLe@T@l053UOl>h($ delta 254 zcmZ3>vWA7lpovL-B8!2SFh@XsPGV7Tu#cgPffO5aC=0W&Fj%O#I7cBQwYWsV)mg#W z(Lhd|*U;F&(#XWn)YQnpBubpu2*fplat%x-%87{}nI>c)05NUiic84ia9bw#G3pd$ zFc_pV88Xb$iMhV)_M)dLydQS@-MyZ8P1x}G>f(momoFC!hpe5%9lQF%p6~1QpDk3> zG@ZK2&XUPM(X4*%vDjnWtJOcL%36Os|It)cFj%O#I7cBQwYWsV)mg#W z(Lhd|*T~qw)X?0(+|a<-EJ~c$7{oP!at%x-%87{}nI>c)05NUiic84ia9bw#G3sPx zG8m*W88SS0HSfIbuW!HVo=g3ib#JQ0uG8g{H_x8j|2DOLolHr<%H=YfRknO*hW2e-xV(_ebKSfIrXH2NNX=&R$+|=!eh)i&`(oc!zZh L74LBPwRivk`~6jv delta 245 zcmZ3&vY3U%povL-B8!2SFh@XsPGV7Tu#cgPffO5aC=0W&Fj%O#I7cBQwYWsV)mg#W z(Lhd|*U;F&(#XWn)YQnpBubpu2*fplat%x-%87{}nI>c)05NUiic84ia9bw#G3sPy zFc_pV88Xb$iMhV)_M)dLydQS@-MyZ8P1x}G>f(momoFC!hpe5%9lQF%p6~1QpDk3> zG@ZK2&XUPM(X4*%vDjnWtJOcL%36Os|It)c Date: Tue, 30 May 2023 12:51:49 +0200 Subject: [PATCH 189/328] Revert "Handle simple copy import/export before driver dispatch" This reverts commit c80e7506a0666cc1469a109140abb5bfbe566bd7. Signed-off-by: Przemek Stekiel --- library/psa_crypto.c | 97 ++++++++++++++++++-------------------------- 1 file changed, 39 insertions(+), 58 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index ec23830a2e..acb39a1bcf 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -634,6 +634,23 @@ psa_status_t psa_import_key_into_slot( return PSA_SUCCESS; } else if (PSA_KEY_TYPE_IS_ASYMMETRIC(type)) { +#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_KEY_PAIR) || \ + defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_PUBLIC_KEY) + if (PSA_KEY_TYPE_IS_DH(type)) { + if (psa_is_dh_key_size_valid(PSA_BYTES_TO_BITS(data_length)) == 0) { + return PSA_ERROR_INVALID_ARGUMENT; + } + + /* Copy the key material. */ + memcpy(key_buffer, data, data_length); + *key_buffer_length = data_length; + *bits = PSA_BYTES_TO_BITS(data_length); + (void) key_buffer_size; + + return PSA_SUCCESS; + } +#endif /* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_KEY_PAIR) || + * defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_PUBLIC_KEY) */ #if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR) || \ defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY) if (PSA_KEY_TYPE_IS_ECC(type)) { @@ -1403,7 +1420,14 @@ psa_status_t psa_export_public_key_internal( { psa_key_type_t type = attributes->core.type; - if (PSA_KEY_TYPE_IS_RSA(type)) { + if (PSA_KEY_TYPE_IS_PUBLIC_KEY(type) && + (PSA_KEY_TYPE_IS_RSA(type) || PSA_KEY_TYPE_IS_ECC(type) || + PSA_KEY_TYPE_IS_DH(type))) { + /* Exporting public -> public */ + return psa_export_key_buffer_internal( + key_buffer, key_buffer_size, + data, data_size, data_length); + } else if (PSA_KEY_TYPE_IS_RSA(type)) { #if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) || \ defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY) return mbedtls_psa_rsa_export_public_key(attributes, @@ -1489,23 +1513,9 @@ psa_status_t psa_export_public_key(mbedtls_svc_key_id_t key, psa_key_attributes_t attributes = { .core = slot->attr }; - - psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( - psa_get_key_lifetime(&attributes)); - - if (location == PSA_KEY_LOCATION_LOCAL_STORAGE && - PSA_KEY_TYPE_IS_PUBLIC_KEY(slot->attr.type) && - (PSA_KEY_TYPE_IS_RSA(slot->attr.type) || PSA_KEY_TYPE_IS_ECC(slot->attr.type) || - PSA_KEY_TYPE_IS_DH(slot->attr.type))) { - /* Exporting public -> public */ - status = psa_export_key_buffer_internal( - slot->key.data, slot->key.bytes, - data, data_size, data_length); - } else { - status = psa_driver_wrapper_export_public_key( - &attributes, slot->key.data, slot->key.bytes, - data, data_size, data_length); - } + status = psa_driver_wrapper_export_public_key( + &attributes, slot->key.data, slot->key.bytes, + data, data_size, data_length); exit: unlock_status = psa_unlock_key_slot(slot); @@ -2000,27 +2010,12 @@ psa_status_t psa_import_key(const psa_key_attributes_t *attributes, } } - if (PSA_KEY_TYPE_IS_ASYMMETRIC(attributes->core.type) && - PSA_KEY_TYPE_IS_DH(attributes->core.type)) { - if (psa_is_dh_key_size_valid(PSA_BYTES_TO_BITS(data_length)) == 0) { - status = PSA_ERROR_INVALID_ARGUMENT; - goto exit; - } - - /* Copy the key material. */ - memcpy(slot->key.data, data, data_length); - bits = PSA_BYTES_TO_BITS(data_length); - - status = PSA_SUCCESS; - } else { - bits = slot->attr.bits; - status = psa_driver_wrapper_import_key(attributes, - data, data_length, - slot->key.data, - slot->key.bytes, - &slot->key.bytes, &bits); - } - + bits = slot->attr.bits; + status = psa_driver_wrapper_import_key(attributes, + data, data_length, + slot->key.data, + slot->key.bytes, + &slot->key.bytes, &bits); if (status != PSA_SUCCESS) { goto exit; } @@ -5835,25 +5830,11 @@ static psa_status_t psa_generate_derived_key_internal( goto exit; } - if (PSA_KEY_TYPE_IS_ASYMMETRIC(attributes.core.type) && - PSA_KEY_TYPE_IS_DH(attributes.core.type)) { - if (psa_is_dh_key_size_valid(PSA_BYTES_TO_BITS(bytes)) == 0) { - status = PSA_ERROR_INVALID_ARGUMENT; - goto exit; - } - - /* Copy the key material. */ - memcpy(slot->key.data, data, bytes); - bits = PSA_BYTES_TO_BITS(bytes); - - status = PSA_SUCCESS; - } else { - status = psa_driver_wrapper_import_key(&attributes, - data, bytes, - slot->key.data, - slot->key.bytes, - &slot->key.bytes, &bits); - } + status = psa_driver_wrapper_import_key(&attributes, + data, bytes, + slot->key.data, + slot->key.bytes, + &slot->key.bytes, &bits); if (bits != slot->attr.bits) { status = PSA_ERROR_INVALID_ARGUMENT; } From 33c91eb5d33ec56943e1e4f1c5ac720e9372322d Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Tue, 30 May 2023 15:16:35 +0200 Subject: [PATCH 190/328] Add driver support for DH import key and export public key Signed-off-by: Przemek Stekiel --- library/psa_crypto.c | 13 +++----- library/psa_crypto_ffdh.c | 31 ++++++++++++++++++- library/psa_crypto_ffdh.h | 29 +++++++++++++++++ .../src/drivers/test_driver_key_management.c | 18 ++++++++++- 4 files changed, 81 insertions(+), 10 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index acb39a1bcf..dc383bca31 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -640,14 +640,11 @@ psa_status_t psa_import_key_into_slot( if (psa_is_dh_key_size_valid(PSA_BYTES_TO_BITS(data_length)) == 0) { return PSA_ERROR_INVALID_ARGUMENT; } - - /* Copy the key material. */ - memcpy(key_buffer, data, data_length); - *key_buffer_length = data_length; - *bits = PSA_BYTES_TO_BITS(data_length); - (void) key_buffer_size; - - return PSA_SUCCESS; + return mbedtls_psa_ffdh_import_key(attributes, + data, data_length, + key_buffer, key_buffer_size, + key_buffer_length, + bits); } #endif /* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_KEY_PAIR) || * defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_PUBLIC_KEY) */ diff --git a/library/psa_crypto_ffdh.c b/library/psa_crypto_ffdh.c index db30a89533..4550a72b96 100644 --- a/library/psa_crypto_ffdh.c +++ b/library/psa_crypto_ffdh.c @@ -134,7 +134,18 @@ psa_status_t mbedtls_psa_export_ffdh_public_key( int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; mbedtls_mpi GX, G, X, P; - (void) attributes; + psa_key_type_t type = attributes->core.type; + + if (PSA_KEY_TYPE_IS_PUBLIC_KEY(type)) { + if (key_buffer_size > data_size) { + return PSA_ERROR_BUFFER_TOO_SMALL; + } + memcpy(data, key_buffer, key_buffer_size); + memset(data + key_buffer_size, 0, + data_size - key_buffer_size); + *data_length = key_buffer_size; + return PSA_SUCCESS; + } mbedtls_mpi_init(&GX); mbedtls_mpi_init(&G); mbedtls_mpi_init(&X); mbedtls_mpi_init(&P); @@ -199,6 +210,24 @@ cleanup: return status; } +psa_status_t mbedtls_psa_ffdh_import_key( + const psa_key_attributes_t *attributes, + const uint8_t *data, size_t data_length, + uint8_t *key_buffer, size_t key_buffer_size, + size_t *key_buffer_length, size_t *bits) +{ + (void) attributes; + + if (key_buffer_size < data_length) { + return PSA_ERROR_BUFFER_TOO_SMALL; + } + memcpy(key_buffer, data, data_length); + *key_buffer_length = data_length; + *bits = PSA_BYTES_TO_BITS(data_length); + + return PSA_SUCCESS; +} + #endif /* MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_KEY_PAIR || MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_PUBLIC_KEY */ diff --git a/library/psa_crypto_ffdh.h b/library/psa_crypto_ffdh.h index 62b05b2e77..5d7d951c70 100644 --- a/library/psa_crypto_ffdh.h +++ b/library/psa_crypto_ffdh.h @@ -112,4 +112,33 @@ psa_status_t mbedtls_psa_ffdh_generate_key( size_t key_buffer_size, size_t *key_buffer_length); +/** + * \brief Import DH key. + * + * \note The signature of the function is that of a PSA driver import_key + * entry point. + * + * \param[in] attributes The attributes for the key to import. + * \param[in] data The buffer containing the key data in import + * format. + * \param[in] data_length Size of the \p data buffer in bytes. + * \param[out] key_buffer The buffer containing the key data in output + * format. + * \param[in] key_buffer_size Size of the \p key_buffer buffer in bytes. This + * size is greater or equal to \p data_length. + * \param[out] key_buffer_length The length of the data written in \p + * key_buffer in bytes. + * \param[out] bits The key size in number of bits. + * + * \retval #PSA_SUCCESS + * The key was generated successfully. + * \retval #PSA_ERROR_BUFFER_TOO_SMALL + * The size of \p key_buffer is too small. + */ +psa_status_t mbedtls_psa_ffdh_import_key( + const psa_key_attributes_t *attributes, + const uint8_t *data, size_t data_length, + uint8_t *key_buffer, size_t key_buffer_size, + size_t *key_buffer_length, size_t *bits); + #endif /* PSA_CRYPTO_FFDH_H */ diff --git a/tests/src/drivers/test_driver_key_management.c b/tests/src/drivers/test_driver_key_management.c index dba0c26225..3ff1053e30 100644 --- a/tests/src/drivers/test_driver_key_management.c +++ b/tests/src/drivers/test_driver_key_management.c @@ -321,9 +321,25 @@ psa_status_t mbedtls_test_transparent_import_key( data, data_length, key_buffer, key_buffer_size, key_buffer_length, bits); +#endif + } else if (PSA_KEY_TYPE_IS_DH(type)) { +#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ + (defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_KEY_PAIR) || \ + defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_PUBLIC_KEY)) + return libtestdriver1_mbedtls_psa_ffdh_import_key( + (const libtestdriver1_psa_key_attributes_t *) attributes, + data, data_length, + key_buffer, key_buffer_size, + key_buffer_length, bits); +#elif defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) || \ + defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY) + return mbedtls_psa_ffdh_import_key( + attributes, + data, data_length, + key_buffer, key_buffer_size, + key_buffer_length, bits); #endif } - (void) data; (void) data_length; (void) key_buffer; From cd33413a55aad3cf7ed68427dfa98cf25beaf35b Mon Sep 17 00:00:00 2001 From: Thomas Daubney Date: Tue, 30 May 2023 16:41:55 +0100 Subject: [PATCH 191/328] Modify tests to suit new behaviour Prevent the null argument test from running when only MBEDTLS_MD_LIGHT is enabled. Signed-off-by: Thomas Daubney --- tests/suites/test_suite_md.data | 1 + 1 file changed, 1 insertion(+) diff --git a/tests/suites/test_suite_md.data b/tests/suites/test_suite_md.data index ccc7b10ae4..15e3b99d56 100644 --- a/tests/suites/test_suite_md.data +++ b/tests/suites/test_suite_md.data @@ -3,6 +3,7 @@ MD list mbedtls_md_list: MD NULL/uninitialised arguments +depends_on:MBEDTLS_MD_C md_null_args: Information on MD5 From 66b96e2d877d84a1ee13ba185895d3963b9fb85a Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 31 May 2023 00:39:58 +0200 Subject: [PATCH 192/328] Copyediting Fix some typos and copypasta. Some very minor wording improvements. Signed-off-by: Gilles Peskine --- docs/proposed/psa-driver-interface.md | 28 +++++++++++++-------------- 1 file changed, 14 insertions(+), 14 deletions(-) diff --git a/docs/proposed/psa-driver-interface.md b/docs/proposed/psa-driver-interface.md index faa0ec369f..5cae1ff290 100644 --- a/docs/proposed/psa-driver-interface.md +++ b/docs/proposed/psa-driver-interface.md @@ -301,14 +301,14 @@ TODO Key derivation is more complex than other multipart operations for several reasons: -* There are multiple of inputs and outputs. +* There are multiple inputs and outputs. * Multiple drivers can be involved. This happens when an operation combines a key agreement and a subsequent symmetric key derivation, each of which can have independent drivers. This also happens when deriving an asymmetric key, where processing the secret input and generating the key output might involve different drivers. * When multiple drivers are involved, they are not always independent: if the secret input is managed by an opaque driver, it might not allow the core to retrieve the intermediate output and pass it to another driver. * The involvement of an opaque driver cannot be determined as soon as the operation is set up (since `psa_key_derivation_setup()` does not determine the key input). #### Key derivation driver dispatch logic -The core decides whether to dispatch a key derivation operation to a driver based on the location of the input step `PSA_KEY_DERIVATION_INPUT_SECRET`. +The core decides whether to dispatch a key derivation operation to a driver based on the location associated with of the input step `PSA_KEY_DERIVATION_INPUT_SECRET`. 1. If this step is passed via `psa_key_derivation_input_key()` for a key in a secure element: * If the driver for this secure element implements the `"key_derivation"` family for the specified key type and algorithm, the core calls that driver's `"key_derivation_setup"` and subsequent entry points. @@ -341,7 +341,7 @@ The core conveys the initial inputs for a key derivation via an opaque data stru typedef ... psa_crypto_driver_key_derivation_inputs_t; // implementation-specific type ``` -A driver receiving an argument that points to a `psa_crypto_driver_key_derivation_inputs_t` can retrieve its contents by calling one of type-specific the functions below. To determine the correct function, the driver can call `psa_crypto_driver_key_derivation_get_input_type()`. +A driver receiving an argument that points to a `psa_crypto_driver_key_derivation_inputs_t` can retrieve its contents by calling one of the type-specific the functions below. To determine the correct function, the driver can call `psa_crypto_driver_key_derivation_get_input_type()`. ``` enum psa_crypto_driver_key_derivation_input_type_t { @@ -364,7 +364,7 @@ The function `psa_crypto_driver_key_derivation_get_input_type()` determines whet * `PSA_KEY_DERIVATION_INPUT_TYPE_INVALID`: the step is invalid for the algorithm of the operation that the inputs are for. * `PSA_KEY_DERIVATION_INPUT_TYPE_OMITTED`: the step is optional for the algorithm of the operation that the inputs are for, and has been omitted. * `PSA_KEY_DERIVATION_INPUT_TYPE_BYTES`: the step is valid and present and is a transparent byte string. Call `psa_crypto_driver_key_derivation_get_input_size()` to obtain the size of the input data. Call `psa_crypto_driver_key_derivation_get_input_bytes()` make a copy of the input data. -* `PSA_KEY_DERIVATION_INPUT_TYPE_KEY`: the step is valid and present and is a byte string passed via a key object. Call `psa_crypto_driver_key_derivation_get_input_key()` to obtain a pointer to the key data. +* `PSA_KEY_DERIVATION_INPUT_TYPE_KEY`: the step is valid and present and is a byte string passed via a key object. Call `psa_crypto_driver_key_derivation_get_input_key()` to obtain a pointer to the key context. * `PSA_KEY_DERIVATION_INPUT_TYPE_INTEGER`: the step is valid and present and is an integer. Call `psa_crypto_driver_key_derivation_get_input_integer()` to retrieve the integer value. ``` @@ -391,14 +391,14 @@ The get-data functions take the following parameters: * The first parameter `inputs` must be a pointer passed by the core to a key derivation driver setup entry point which has not returned yet. * The `step` parameter indicates the input step whose content the driver wants to retrieve. -* On a successful invocation of `psa_crypto_driver_key_derivation_get_input_size`, the core sets `*size` to the size of the desired input in bytes. -* On a successful invocation of `psa_crypto_driver_key_derivation_get_input_bytes`, the core fills the first *N* bytes of `buffer` with the desired input and sets `*buffer_length` to *N*, where *N* is the length of the input in bytes. The value of `buffer_size` must be at least *N*, otherwise this function fails with the status `PSA_ERROR_BUFFER_TOO_SMALL`. +* On a successful invocation of `psa_crypto_driver_key_derivation_get_input_size`, the core sets `*size` to the size of the specified input in bytes. +* On a successful invocation of `psa_crypto_driver_key_derivation_get_input_bytes`, the core fills the first *N* bytes of `buffer` with the specified input and sets `*buffer_length` to *N*, where *N* is the length of the input in bytes. The value of `buffer_size` must be at least *N*, otherwise this function fails with the status `PSA_ERROR_BUFFER_TOO_SMALL`. * On a successful invocation of `psa_crypto_driver_key_derivation_get_input_key`, the core sets `*key_buffer` to a pointer to a buffer containing the key context and `*key_buffer_size` to the size of the key context in bytes. The key context buffer remains valid for the duration of the driver entry point. If the driver needs to access the key context after the current entry point returns, it must make a copy of the key context. -* On a successful invocation of `psa_crypto_driver_key_derivation_get_input_integer`, the core sets `*value` to the value of the desired input. +* On a successful invocation of `psa_crypto_driver_key_derivation_get_input_integer`, the core sets `*value` to the value of the specified input. These functions can return the following statuses: -* `PSA_SUCCESS`: the call succeeded and the desired value has been copied to the output parameter (`size`, `buffer`, `value` or `p_key_buffer`) and if applicable the size of the value has been writen to the applicable parameter (`buffer_length`, `key_buffer_size`). +* `PSA_SUCCESS`: the call succeeded and the requested value has been copied to the output parameter (`size`, `buffer`, `value` or `p_key_buffer`) and if applicable the size of the value has been written to the applicable parameter (`buffer_length`, `key_buffer_size`). * `PSA_ERROR_DOES_NOT_EXIST`: the input step is valid for this particular algorithm, but it is not part of the initial inputs. This is not a fatal error. The driver will receive the input later as a [long input](#key-derivation-driver-long-inputs). * `PSA_ERROR_INVALID_ARGUMENT`: the input type is not compatible with this function or was omitted. Call `psa_crypto_driver_key_derivation_get_input_type()` to find out the actual type of this input step. This is not a fatal error and the driver can, for example, subsequently call the appropriate function on the same step. * `PSA_ERROR_BUFFER_TOO_SMALL` (`psa_crypto_driver_key_derivation_get_input_bytes` only): the output buffer is too small. This is not a fatal error and the driver can, for example, subsequently call the same function again with a larger buffer. Call `psa_crypto_driver_key_derivation_get_input_size` to obtain the required size. @@ -441,7 +441,7 @@ psa_status_t acme_key_derivation_set_capacity( acme_key_derivation_operation_t *operation, size_t capacity); ``` -`capacity` is guaranteed to be less or equal to any value previously set through this entry point, and is guaraneed not to be `PSA_KEY_DERIVATION_UNLIMITED_CAPACITY`. +`capacity` is guaranteed to be less or equal to any value previously set through this entry point, and is guaranteed not to be `PSA_KEY_DERIVATION_UNLIMITED_CAPACITY`. If this entry point has not been called, the operation has an unlimited capacity. @@ -478,7 +478,7 @@ If the key derivation's `PSA_KEY_DERIVATION_INPUT_SECRET` input is in a secure e 1. For a call to `psa_key_derivation_verify_key()` or `psa_key_derivation_verify_bytes()`, if the driver has a `"key_derivation_verify_bytes"` entry point, call the driver's `"export_key"` entry point on the key object that contains the expected value, call the `"key_derivation_verify_bytes"` entry point on the exported material, and stop. 1. Call the `"key_derivation_output_bytes"` entry point. The core may call this entry point multiple times to implement a single call from the application when deriving a cooked (non-raw) key as described below, or if the output size exceeds some implementation limit. -If the key derivation operation is not handled by an opaque driver as described above, the core calls the `"key_derivation_output_bytes"` from the applicable transparent driver (or multiple drivers in succession if fallback applies). In some cases, the driver then calls additional entry points in the same or another driver: +If the key derivation operation is not handled by an opaque driver as described above, the core calls the `"key_derivation_output_bytes"` from the applicable transparent driver (or multiple drivers in succession if fallback applies). In some cases, the core then calls additional entry points in the same or another driver: * For a call to `psa_key_derivation_output_key()` for some key types, the core calls a transparent driver's `"derive_key"` entry point. See [“Transparent cooked key derivation”](#transparent-cooked-key-derivation). * For a call to `psa_key_derivation_output_key()` where the derived key is in a secure element, call that secure element driver's `"import_key"` entry point. @@ -491,7 +491,7 @@ A capability for cooked key derivation contains the following properties (this i * `"entry_points"` (mandatory, list of strings). Must be `["derive_key"]`. * `"derived_types"` (mandatory, list of strings). Each element is a [key type specification](#key-type-specifications). This capability only applies when deriving a key of the specified type. -* `"derived_sizes"` (optional, list of integers). Each element is a [key type specification](#key-type-specifications). This capability only applies when deriving a key of the specified sizes, in bits. If absent, this capability applies to all sizes for the specified types. +* `"derived_sizes"` (optional, list of integers). Each element is a size for the derived key, in bits. This capability only applies when deriving a key of the specified sizes. If absent, this capability applies to all sizes for the specified types. * `"memory"` (optional, boolean). If present and true, the driver must define a type `"derive_key_memory_t"` and the core will allocate an object of that type as specified below. * `"names"` (optional, object). A mapping from entry point names to C function and type names, as usual. * `"fallback"` (optional, boolean). If present and true, the driver may return `PSA_ERROR_NOT_SUPPORTED` if it only partially supports the specified mechanism, as usual. @@ -507,7 +507,7 @@ psa_status_t acme_derive_key( uint8_t *key_buffer, size_t key_buffer_size, size_t *key_buffer_length); ``` -* `attributes` contains the attributes of the desired key. Note that only the key type and the bit-size are guaranteed to be set. +* `attributes` contains the attributes of the specified key. Note that only the key type and the bit-size are guaranteed to be set. * `input` is a buffer of `input_length` bytes which contains the raw key stream, i.e. the data that `psa_key_derivation_output_bytes()` would return. * If `"memory"` property in the driver capability is true, `memory` is a data structure that the driver may use to store data between successive calls of the `"derive_key"` entry point to derive the same key. If the `"memory"` property is false or absent, the `memory` parameter is a null pointer. * `key_buffer` is a buffer for the output material. Its size is `key_buffer_size` bytes. @@ -515,7 +515,7 @@ psa_status_t acme_derive_key( This entry point may return the following statuses: -* `PSA_SUCCESS`: a key was derived successfully. The driver has placed representation of the key is in `key_buffer`. +* `PSA_SUCCESS`: a key was derived successfully. The driver has placed the representation of the key in `key_buffer`. * `PSA_ERROR_NOT_SUPPORTED` (for the first call only) (only if fallback is enabled): the driver cannot fulfill this request, but a fallback driver might. * `PSA_ERROR_INSUFFICIENT_DATA`: the core must call the `"derive_key"` entry point again with the same `memory` object and with subsequent data from the key stream. * Any other error is a fatal error. @@ -525,7 +525,7 @@ The core calls the `"derive_key"` entry point in a loop until it returns a statu For standard key types, the `"derive_key"` entry point is called with a certain input length as follows: * `PSA_KEY_TYPE_DES`: the length of the key. -* `PSA_KEY_TYPE_ECC_KEY_PAIR(…)`, `PSA_KEY_TYPE_DH_KEY_PAIR(…)`: $m$ bytes, where the bit-size of the key $n$ satisfies $m-1 < 8 n \le m$. +* `PSA_KEY_TYPE_ECC_KEY_PAIR(…)`, `PSA_KEY_TYPE_DH_KEY_PAIR(…)`: $m$ bytes, where the bit-size of the key $n$ satisfies $8 (m-1) < n \le 8 m$. * `PSA_KEY_TYPE_RSA_KEY_PAIR`: an implementation-defined length. A future version of this specification may specify a length. * Other key types: not applicable. From 4e94fead864467901039d5cb27af490eccad2220 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 31 May 2023 00:40:56 +0200 Subject: [PATCH 193/328] Key derivation dispatch doesn't depend on the key type At least for all currently specified algorithms. Signed-off-by: Gilles Peskine --- docs/proposed/psa-driver-interface.md | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/docs/proposed/psa-driver-interface.md b/docs/proposed/psa-driver-interface.md index 5cae1ff290..dd35ed2264 100644 --- a/docs/proposed/psa-driver-interface.md +++ b/docs/proposed/psa-driver-interface.md @@ -311,9 +311,10 @@ Key derivation is more complex than other multipart operations for several reaso The core decides whether to dispatch a key derivation operation to a driver based on the location associated with of the input step `PSA_KEY_DERIVATION_INPUT_SECRET`. 1. If this step is passed via `psa_key_derivation_input_key()` for a key in a secure element: - * If the driver for this secure element implements the `"key_derivation"` family for the specified key type and algorithm, the core calls that driver's `"key_derivation_setup"` and subsequent entry points. + * If the driver for this secure element implements the `"key_derivation"` family for the specified algorithm, the core calls that driver's `"key_derivation_setup"` and subsequent entry points. + Note that for all currently specified algorithms, the key type for the secret input does not matter. * Otherwise the core calls the secure element driver's [`"export_key"`](#key-management-with-opaque-drivers) entry point. -2. Otherwise ([or on fallback?](#fallback-for-key-derivation-in-opaque-drivers)), if there is a transparent driver for the specified key type and algorithm, the core calls that driver's `"key_derivation_setup"` and subsequent entry points. +2. Otherwise ([or on fallback?](#fallback-for-key-derivation-in-opaque-drivers)), if there is a transparent driver for the specified algorithm, the core calls that driver's `"key_derivation_setup"` and subsequent entry points. 3. Otherwise, or on fallback, the core uses its built-in implementation. #### Summary of entry points for the operation family `"key_derivation"` From d2fe1d5498ca48e4a31ef4db88dcfd1c8e896ddb Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 31 May 2023 00:41:57 +0200 Subject: [PATCH 194/328] Rationale on key derivation inputs and buffer ownership Signed-off-by: Gilles Peskine --- docs/proposed/psa-driver-interface.md | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/docs/proposed/psa-driver-interface.md b/docs/proposed/psa-driver-interface.md index dd35ed2264..cca709d433 100644 --- a/docs/proposed/psa-driver-interface.md +++ b/docs/proposed/psa-driver-interface.md @@ -364,7 +364,7 @@ The function `psa_crypto_driver_key_derivation_get_input_type()` determines whet * `PSA_KEY_DERIVATION_INPUT_TYPE_INVALID`: the step is invalid for the algorithm of the operation that the inputs are for. * `PSA_KEY_DERIVATION_INPUT_TYPE_OMITTED`: the step is optional for the algorithm of the operation that the inputs are for, and has been omitted. -* `PSA_KEY_DERIVATION_INPUT_TYPE_BYTES`: the step is valid and present and is a transparent byte string. Call `psa_crypto_driver_key_derivation_get_input_size()` to obtain the size of the input data. Call `psa_crypto_driver_key_derivation_get_input_bytes()` make a copy of the input data. +* `PSA_KEY_DERIVATION_INPUT_TYPE_BYTES`: the step is valid and present and is a transparent byte string. Call `psa_crypto_driver_key_derivation_get_input_size()` to obtain the size of the input data. Call `psa_crypto_driver_key_derivation_get_input_bytes()` to make a copy of the input data (design note: [why a copy?](#key-derivation-inputs-and-buffer-ownership)). * `PSA_KEY_DERIVATION_INPUT_TYPE_KEY`: the step is valid and present and is a byte string passed via a key object. Call `psa_crypto_driver_key_derivation_get_input_key()` to obtain a pointer to the key context. * `PSA_KEY_DERIVATION_INPUT_TYPE_INTEGER`: the step is valid and present and is an integer. Call `psa_crypto_driver_key_derivation_get_input_integer()` to retrieve the integer value. @@ -1179,6 +1179,12 @@ Should drivers really have to cope with overlap? Should the core guarantee that the output buffer size has the size indicated by the applicable buffer size macro (which may be an overestimation)? +#### Key derivation inputs and buffer ownership + +Why is `psa_crypto_driver_key_derivation_get_input_bytes` a copy, rather than giving a pointer? + +The main reason is to avoid complex buffer ownership. A driver entry point does not own memory after the entry point return. This is generally necessary because an API function does not own memory after the entry point returns. In the case of key derivation inputs, this could be relaxed because the driver entry point is making callbacks to the core: these functions could return a pointer that is valid until the driver entry point, which would allow the driver to process the data immediately (e.g. hash it rather than copy it). + ### Partial computations in drivers #### Substitution points From f787879a140e933614cc68686613bbb21339c21e Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 31 May 2023 00:42:29 +0200 Subject: [PATCH 195/328] Clarify sequencing of long inputs Signed-off-by: Gilles Peskine --- docs/proposed/psa-driver-interface.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/proposed/psa-driver-interface.md b/docs/proposed/psa-driver-interface.md index cca709d433..8cdc359427 100644 --- a/docs/proposed/psa-driver-interface.md +++ b/docs/proposed/psa-driver-interface.md @@ -421,7 +421,7 @@ psa_status_t acme_key_derivation_setup( #### Key derivation driver long inputs -Some key derivation algorithms take long inputs which it would not be practical to pass in the [initial inputs](#key-derivation-driver-initial-inputs). A driver that implements a key derivation algorithm that takes such inputs must provide a `"key_derivation_input_step"` entry point. The core calls this input step for all the long inputs, in an unspecified order. Long input steps may be fragmented into multiple calls of `psa_key_derivation_input_bytes()`, and the core may reassemble or refragment those fragments before passing them to the driver. +Some key derivation algorithms take long inputs which it would not be practical to pass in the [initial inputs](#key-derivation-driver-initial-inputs). A driver that implements a key derivation algorithm that takes such inputs must provide a `"key_derivation_input_step"` entry point. The core calls this entry point for all the long inputs after calling `"acme_key_derivation_setup"`. A long input step may be fragmented into multiple calls of `psa_key_derivation_input_bytes()`, and the core may reassemble or refragment those fragments before passing them to the driver. Calls to this entry point for different step values occur in an unspecified order and may be interspersed. ``` psa_status_t acme_key_derivation_input_step( From b319ed69c4a358ab1a056f3842a1bc7b377e0750 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 31 May 2023 00:42:45 +0200 Subject: [PATCH 196/328] State explicitly that cooked key derivation uses the export format This is the case for all key creation in a secure element, but state it explicitly where relevant. Signed-off-by: Gilles Peskine --- docs/proposed/psa-driver-interface.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/proposed/psa-driver-interface.md b/docs/proposed/psa-driver-interface.md index 8cdc359427..3aaa58bf50 100644 --- a/docs/proposed/psa-driver-interface.md +++ b/docs/proposed/psa-driver-interface.md @@ -511,7 +511,7 @@ psa_status_t acme_derive_key( * `attributes` contains the attributes of the specified key. Note that only the key type and the bit-size are guaranteed to be set. * `input` is a buffer of `input_length` bytes which contains the raw key stream, i.e. the data that `psa_key_derivation_output_bytes()` would return. * If `"memory"` property in the driver capability is true, `memory` is a data structure that the driver may use to store data between successive calls of the `"derive_key"` entry point to derive the same key. If the `"memory"` property is false or absent, the `memory` parameter is a null pointer. -* `key_buffer` is a buffer for the output material. Its size is `key_buffer_size` bytes. +* `key_buffer` is a buffer for the output material, in the appropriate [export format](#key-format-for-transparent-drivers) for the key type. Its size is `key_buffer_size` bytes. * On success, `*key_buffer_length` must contain the number of bytes written to `key_buffer`. This entry point may return the following statuses: From e52bff994cbfe1f253a3842663cb2f9d66a646f4 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 31 May 2023 00:43:29 +0200 Subject: [PATCH 197/328] Note possible issue with derive_key: who should choose the input length? Signed-off-by: Gilles Peskine --- docs/proposed/psa-driver-interface.md | 1 + 1 file changed, 1 insertion(+) diff --git a/docs/proposed/psa-driver-interface.md b/docs/proposed/psa-driver-interface.md index 3aaa58bf50..da251465ea 100644 --- a/docs/proposed/psa-driver-interface.md +++ b/docs/proposed/psa-driver-interface.md @@ -510,6 +510,7 @@ psa_status_t acme_derive_key( * `attributes` contains the attributes of the specified key. Note that only the key type and the bit-size are guaranteed to be set. * `input` is a buffer of `input_length` bytes which contains the raw key stream, i.e. the data that `psa_key_derivation_output_bytes()` would return. + TODO: how does the core choose `input_length`? Doesn't the driver know better? Should there be a driver entry point to determine the length, or should there be a callback that allows the driver to retrieve the input? (Note that for some algorithms, it's impossible to predict the amount of input in advance, because it depends on some complex calculation or even on random data, e.g. if doing a randomized pseudo-primality test.) * If `"memory"` property in the driver capability is true, `memory` is a data structure that the driver may use to store data between successive calls of the `"derive_key"` entry point to derive the same key. If the `"memory"` property is false or absent, the `memory` parameter is a null pointer. * `key_buffer` is a buffer for the output material, in the appropriate [export format](#key-format-for-transparent-drivers) for the key type. Its size is `key_buffer_size` bytes. * On success, `*key_buffer_length` must contain the number of bytes written to `key_buffer`. From 24f52296f1e785712f4eb968c19a49e86f507325 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 31 May 2023 00:44:04 +0200 Subject: [PATCH 198/328] Key agreement needs an attribute structure for our key Signed-off-by: Gilles Peskine --- docs/proposed/psa-driver-interface.md | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/docs/proposed/psa-driver-interface.md b/docs/proposed/psa-driver-interface.md index da251465ea..075b386b10 100644 --- a/docs/proposed/psa-driver-interface.md +++ b/docs/proposed/psa-driver-interface.md @@ -547,6 +547,7 @@ In other cases, the core treats `psa_key_derivation_key_agreement()` as if it wa The entry points related to key agreement have the following prototypes for a driver with the prefix `"acme"`: ``` psa_status_t acme_key_agreement(psa_algorithm_t alg, + const psa_key_attributes_t *our_attributes, const uint8_t *our_key_buffer, size_t our_key_buffer_length, const uint8_t *peer_key, @@ -555,16 +556,19 @@ psa_status_t acme_key_agreement(psa_algorithm_t alg, size_t output_size, size_t *output_length); psa_status_t acme_key_agreement_to_key(psa_algorithm_t alg, - const psa_key_attributes_t *attributes, + const psa_key_attributes_t *our_attributes, const uint8_t *our_key_buffer, size_t our_key_buffer_length, const uint8_t *peer_key, size_t peer_key_length, + const psa_key_attributes_t *shared_secret_attributes, uint8_t *shared_secret_key_buffer, size_t shared_secret_key_buffer_size, size_t *shared_secret_key_buffer_length); ``` +Note that unlike most other key creation entry points, in `"acme_key_agreement_to_key"`, the parameters for the shared secret are not placed near the beginning, but rather grouped with the other parameters at the end, to avoid confusion with the keys passed as inputs. + ### Driver entry points for key management The driver entry points for key management differ significantly between [transparent drivers](#key-management-with-transparent-drivers) and [opaque drivers](#key-management-with-opaque-drivers). This section describes common elements. Refer to the applicable section for each driver type for more information. From 6824bad4fcdb61888089a666dd46cbebd84b8458 Mon Sep 17 00:00:00 2001 From: Xiaokang Qian Date: Wed, 31 May 2023 02:19:47 +0000 Subject: [PATCH 199/328] Change coding style to fix multi lines into one line Signed-off-by: Xiaokang Qian --- tests/suites/test_suite_ecp.function | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/tests/suites/test_suite_ecp.function b/tests/suites/test_suite_ecp.function index e5ec3737a6..e344ab6205 100644 --- a/tests/suites/test_suite_ecp.function +++ b/tests/suites/test_suite_ecp.function @@ -1595,12 +1595,10 @@ void ecp_mod_read_write(char *input_A, int id, int ctype) * the destination mod residue, compare the two mod residues. * Firstly test little endian write and read */ TEST_EQUAL(0, mbedtls_mpi_mod_write(&rA, &m, (unsigned char *) bufx, - bytes, - MBEDTLS_MPI_MOD_EXT_REP_LE)); + bytes, MBEDTLS_MPI_MOD_EXT_REP_LE)); TEST_EQUAL(0, mbedtls_mpi_mod_read(&rX, &m, (unsigned char *) bufx, - bytes, - MBEDTLS_MPI_MOD_EXT_REP_LE)); + bytes, MBEDTLS_MPI_MOD_EXT_REP_LE)); TEST_EQUAL(limbs, rX.limbs); ASSERT_COMPARE(rA.p, bytes, rX.p, bytes); From d1200ee2e88c18cfd464ccb6feee202b5060e988 Mon Sep 17 00:00:00 2001 From: Pengyu Lv Date: Tue, 30 May 2023 18:54:39 +0800 Subject: [PATCH 200/328] Fix invalid commands for ec_x{25519,448}_{prv,pub}.{der,pem} Signed-off-by: Pengyu Lv --- tests/data_files/Makefile | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/tests/data_files/Makefile b/tests/data_files/Makefile index 3d2d5dccd5..55d6cd2195 100644 --- a/tests/data_files/Makefile +++ b/tests/data_files/Makefile @@ -1011,32 +1011,32 @@ ec_x25519_prv.der: $(OPENSSL) genpkey -algorithm X25519 -out $@ -outform DER all_final += ec_x25519_prv.der -ec_x25519_pub.der: ec_x25519_pub.der - $(OPENSSL) pkey -in $< -inform DER -out $@ -outform DER +ec_x25519_pub.der: ec_x25519_prv.der + $(OPENSSL) pkey -in $< -inform DER -out $@ -outform DER -pubout all_final += ec_x25519_pub.der -ec_x25519_prv.pem: ec_x25519_prv.pem +ec_x25519_prv.pem: ec_x25519_prv.der $(OPENSSL) pkey -in $< -inform DER -out $@ all_final += ec_x25519_prv.pem -ec_x25519_pub.pem: ec_x25519_pub.pem - $(OPENSSL) pkey -in $< -inform DER -out $@ +ec_x25519_pub.pem: ec_x25519_pub.der + $(OPENSSL) pkey -in $< -inform DER -out $@ -pubin all_final += ec_x25519_pub.pem ec_x448_prv.der: $(OPENSSL) genpkey -algorithm X448 -out $@ -outform DER all_final += ec_x448_prv.der -ec_x448_pub.der: ec_x448_pub.der - $(OPENSSL) pkey -in $< -inform DER -out $@ -outform DER +ec_x448_pub.der: ec_x448_prv.der + $(OPENSSL) pkey -in $< -inform DER -out $@ -outform DER -pubout all_final += ec_x448_pub.der -ec_x448_prv.pem: ec_x448_prv.pem +ec_x448_prv.pem: ec_x448_prv.der $(OPENSSL) pkey -in $< -inform DER -out $@ all_final += ec_x448_prv.pem -ec_x448_pub.pem: ec_x448_pub.pem - $(OPENSSL) pkey -in $< -inform DER -out $@ +ec_x448_pub.pem: ec_x448_pub.der + $(OPENSSL) pkey -in $< -inform DER -out $@ -pubin all_final += ec_x448_pub.pem ################################################################ From c18cd89b718a664b4c31c29c8eaa573360d8670c Mon Sep 17 00:00:00 2001 From: Yanray Wang Date: Wed, 31 May 2023 11:08:04 +0800 Subject: [PATCH 201/328] code_size_compare.py: add prompt for unsupported arch and config Add prompt message for a series of supported combination of architecture and configuration when someone tries unsupported combinations. Signed-off-by: Yanray Wang --- scripts/code_size_compare.py | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/scripts/code_size_compare.py b/scripts/code_size_compare.py index e61236ad3c..b8f29422d4 100755 --- a/scripts/code_size_compare.py +++ b/scripts/code_size_compare.py @@ -71,6 +71,14 @@ class CodeSizeInfo: # pylint: disable=too-few-public-methods infer build command for code size measurement. """ + SupportedArchConfig = [ + "-a " + SupportedArch.AARCH64.value + " -c " + SupportedConfig.DEFAULT.value, + "-a " + SupportedArch.AARCH32.value + " -c " + SupportedConfig.DEFAULT.value, + "-a " + SupportedArch.X86_64.value + " -c " + SupportedConfig.DEFAULT.value, + "-a " + SupportedArch.X86.value + " -c " + SupportedConfig.DEFAULT.value, + "-a " + SupportedArch.ARMV8_M.value + " -c " + SupportedConfig.TFM_MEDIUM.value, + ] + def __init__(self, arch: str, config: str) -> None: """ arch: architecture to measure code size on. @@ -96,6 +104,9 @@ class CodeSizeInfo: # pylint: disable=too-few-public-methods else: print("Unsupported architecture: {} and configurations: {}" .format(self.arch, self.config)) + print("\nPlease use supported combination of architecture and configuration:") + for comb in CodeSizeInfo.SupportedArchConfig: + print(comb) sys.exit(1) From 502c54f8c1f5837ac8bc5b285ab79d7c88f2fe2b Mon Sep 17 00:00:00 2001 From: Yanray Wang Date: Wed, 31 May 2023 11:41:36 +0800 Subject: [PATCH 202/328] code_size_compare.py: classify arguments in parser This commit splits parsed arguments into required group and optional group to present help message clearer to users. Signed-off-by: Yanray Wang --- scripts/code_size_compare.py | 46 +++++++++++++++--------------------- 1 file changed, 19 insertions(+), 27 deletions(-) diff --git a/scripts/code_size_compare.py b/scripts/code_size_compare.py index b8f29422d4..f9e672dd08 100755 --- a/scripts/code_size_compare.py +++ b/scripts/code_size_compare.py @@ -1,8 +1,6 @@ #!/usr/bin/env python3 """ -Purpose - This script is for comparing the size of the library files from two different Git revisions within an Mbed TLS repository. The results of the comparison is formatted as csv and stored at a @@ -278,41 +276,35 @@ class CodeSizeComparison: sys.exit(-1) def main(): - parser = argparse.ArgumentParser( - description=( - """This script is for comparing the size of the library files - from two different Git revisions within an Mbed TLS repository. - The results of the comparison is formatted as csv, and stored at - a configurable location. - Note: must be run from Mbed TLS root.""" - ) - ) - parser.add_argument( + parser = argparse.ArgumentParser(description=(__doc__)) + group_required = parser.add_argument_group( + 'required arguments', + 'required arguments to parse for running ' + os.path.basename(__file__)) + group_required.add_argument( + "-o", "--old-rev", type=str, required=True, + help="old revision for comparison.") + + group_optional = parser.add_argument_group( + 'optional arguments', + 'optional arguments to parse for running ' + os.path.basename(__file__)) + group_optional.add_argument( "-r", "--result-dir", type=str, default="comparison", help="directory where comparison result is stored, \ - default is comparison", - ) - parser.add_argument( - "-o", "--old-rev", type=str, help="old revision for comparison.", - required=True, - ) - parser.add_argument( + default is comparison") + group_optional.add_argument( "-n", "--new-rev", type=str, default=None, help="new revision for comparison, default is the current work \ - directory, including uncommitted changes." - ) - parser.add_argument( + directory, including uncommitted changes.") + group_optional.add_argument( "-a", "--arch", type=str, default=detect_arch(), choices=list(map(lambda s: s.value, SupportedArch)), help="specify architecture for code size comparison, default is the\ - host architecture." - ) - parser.add_argument( + host architecture.") + group_optional.add_argument( "-c", "--config", type=str, default=SupportedConfig.DEFAULT.value, choices=list(map(lambda s: s.value, SupportedConfig)), help="specify configuration type for code size comparison,\ - default is the current MbedTLS configuration." - ) + default is the current MbedTLS configuration.") comp_args = parser.parse_args() if os.path.isfile(comp_args.result_dir): From b20f13a41bb20a4e392b392047289a4e6bb629c0 Mon Sep 17 00:00:00 2001 From: Kusumit Ghoderao Date: Wed, 31 May 2023 12:51:02 +0530 Subject: [PATCH 203/328] Change input cost type to uint64_t and fix max iteration test case Signed-off-by: Kusumit Ghoderao --- include/psa/crypto_builtin_key_derivation.h | 2 +- tests/suites/test_suite_psa_crypto.data | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/include/psa/crypto_builtin_key_derivation.h b/include/psa/crypto_builtin_key_derivation.h index 245f26a15f..d54291f819 100644 --- a/include/psa/crypto_builtin_key_derivation.h +++ b/include/psa/crypto_builtin_key_derivation.h @@ -116,7 +116,7 @@ typedef enum { typedef struct { psa_pbkdf2_key_derivation_state_t MBEDTLS_PRIVATE(state); - size_t MBEDTLS_PRIVATE(input_cost); + uint64_t MBEDTLS_PRIVATE(input_cost); uint8_t *MBEDTLS_PRIVATE(salt); size_t MBEDTLS_PRIVATE(salt_length); uint8_t MBEDTLS_PRIVATE(password)[PSA_HMAC_MAX_HASH_BLOCK_SIZE]; diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data index c16879bc0f..a979570b44 100644 --- a/tests/suites/test_suite_psa_crypto.data +++ b/tests/suites/test_suite_psa_crypto.data @@ -5322,7 +5322,7 @@ derive_input:PSA_ALG_PBKDF2_HMAC(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_COST: PSA key derivation: PBKDF2-HMAC-SHA256, input cost greater than PSA_VENDOR_PBKDF2_MAX_ITERATIONS #Input cost is passed as hex number. Value of PSA_VENDOR_PBKDF2_MAX_ITERATIONS is 0xffffffff depends_on:PSA_WANT_ALG_PBKDF2_HMAC:PSA_WANT_ALG_SHA_256 -derive_input:PSA_ALG_PBKDF2_HMAC(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_COST:INPUT_INTEGER:"0100000001":PSA_ERROR_NOT_SUPPORTED:PSA_KEY_DERIVATION_INPUT_SALT:PSA_KEY_TYPE_NONE:"":PSA_ERROR_BAD_STATE:PSA_KEY_DERIVATION_INPUT_PASSWORD:PSA_KEY_TYPE_DERIVE:"706173737764":PSA_ERROR_BAD_STATE:PSA_KEY_TYPE_NONE:PSA_ERROR_BAD_STATE +derive_input:PSA_ALG_PBKDF2_HMAC(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_COST:INPUT_INTEGER:"0100000000":PSA_ERROR_NOT_SUPPORTED:PSA_KEY_DERIVATION_INPUT_SALT:PSA_KEY_TYPE_NONE:"":PSA_ERROR_BAD_STATE:PSA_KEY_DERIVATION_INPUT_PASSWORD:PSA_KEY_TYPE_DERIVE:"706173737764":PSA_ERROR_BAD_STATE:PSA_KEY_TYPE_NONE:PSA_ERROR_BAD_STATE PSA key derivation: PBKDF2-HMAC-SHA256, salt missing depends_on:PSA_WANT_ALG_PBKDF2_HMAC:PSA_WANT_ALG_SHA_256 From 28111dbf06f549c26998df86e013bc3a8facc681 Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Wed, 31 May 2023 09:30:58 +0200 Subject: [PATCH 204/328] Adapt guards for psa_is_dh_key_size_valid Signed-off-by: Przemek Stekiel --- library/psa_crypto.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index dc383bca31..58e8a8a2e5 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -129,6 +129,9 @@ int psa_can_do_hash(psa_algorithm_t hash_alg) (void) hash_alg; return global_data.drivers_initialized; } +#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_KEY_PAIR) || \ + defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_PUBLIC_KEY) || \ + defined(PSA_WANT_KEY_TYPE_DH_KEY_PAIR) static int psa_is_dh_key_size_valid(size_t bits) { if (bits != 2048 && bits != 3072 && bits != 4096 && @@ -138,6 +141,9 @@ static int psa_is_dh_key_size_valid(size_t bits) return 1; } +#endif /* MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_KEY_PAIR || + MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_PUBLIC_KEY || + PSA_WANT_KEY_TYPE_DH_KEY_PAIR */ psa_status_t mbedtls_to_psa_error(int ret) { From 6efa608d20b1928ebf4f9f82a1fcde273eace59f Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Wed, 31 May 2023 09:38:21 +0200 Subject: [PATCH 205/328] Revert setting optimization flag(use O2) Signed-off-by: Przemek Stekiel --- tests/scripts/all.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index f2a37f2d4c..4b220404d2 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -187,7 +187,7 @@ pre_initialize_variables () { # CFLAGS and LDFLAGS for Asan builds that don't use CMake # default to -O2, use -Ox _after_ this if you want another level - ASAN_CFLAGS='-O0 -Werror -fsanitize=address,undefined -fno-sanitize-recover=all' + ASAN_CFLAGS='-O2 -Werror -fsanitize=address,undefined -fno-sanitize-recover=all' # Gather the list of available components. These are the functions # defined in this script whose name starts with "component_". From 57b5d22a9e6b9bae09fde67b794f34ab36e44199 Mon Sep 17 00:00:00 2001 From: David Horstmann Date: Wed, 31 May 2023 14:36:41 +0100 Subject: [PATCH 206/328] Reword ChangeLog entry for consistency Signed-off-by: David Horstmann --- ChangeLog.d/oid-parse-from-numeric-string.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ChangeLog.d/oid-parse-from-numeric-string.txt b/ChangeLog.d/oid-parse-from-numeric-string.txt index 459bedc832..82ed2fd713 100644 --- a/ChangeLog.d/oid-parse-from-numeric-string.txt +++ b/ChangeLog.d/oid-parse-from-numeric-string.txt @@ -1,3 +1,3 @@ Features - * Add a function mbedtls_oid_from_numeric_string to parse an OID from a + * Add function mbedtls_oid_from_numeric_string() to parse an OID from a string to a DER-encoded mbedtls_asn1_buf. From b97b689832d77464b63651fdabbec9d7bdd7dca0 Mon Sep 17 00:00:00 2001 From: David Horstmann Date: Wed, 31 May 2023 14:41:11 +0100 Subject: [PATCH 207/328] Reword function description slightly Use of the term "dotted-decimal" improves clarity. Put a full-stop where one should have been. Signed-off-by: David Horstmann --- include/mbedtls/oid.h | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/include/mbedtls/oid.h b/include/mbedtls/oid.h index 1d73506dc4..5b75077ea7 100644 --- a/include/mbedtls/oid.h +++ b/include/mbedtls/oid.h @@ -472,9 +472,9 @@ typedef struct mbedtls_oid_descriptor_t { int mbedtls_oid_get_numeric_string(char *buf, size_t size, const mbedtls_asn1_buf *oid); /** - * \brief Translate a string containing a numeric representation - * of an ASN.1 OID into its encoded form - * (e.g. "1.2.840.113549" into "\x2A\x86\x48\x86\xF7\x0D") + * \brief Translate a string containing a dotted-decimal + * representation of an ASN.1 OID into its encoded form + * (e.g. "1.2.840.113549" into "\x2A\x86\x48\x86\xF7\x0D"). * On success, this function allocates oid->buf from the * heap. It must be freed by the caller using mbedtls_free(). * From ada7d72447e996b31448af1d8a22fc7bbb8d2261 Mon Sep 17 00:00:00 2001 From: David Horstmann Date: Wed, 31 May 2023 14:49:56 +0100 Subject: [PATCH 208/328] Improve line spacing after variable declarations Signed-off-by: David Horstmann --- library/oid.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/library/oid.c b/library/oid.c index 8da4103803..d2efbed1fe 100644 --- a/library/oid.c +++ b/library/oid.c @@ -898,7 +898,9 @@ int mbedtls_oid_get_numeric_string(char *buf, size_t size, static int oid_parse_number(unsigned int *num, const char **p, const char *bound) { int ret = MBEDTLS_ERR_ASN1_INVALID_DATA; + *num = 0; + while (*p < bound && **p >= '0' && **p <= '9') { ret = 0; if (*num > (UINT_MAX / 10)) { @@ -914,7 +916,9 @@ static int oid_parse_number(unsigned int *num, const char **p, const char *bound static size_t oid_subidentifier_num_bytes(unsigned int value) { size_t num_bytes = 1; + value >>= 7; + while (value != 0) { num_bytes++; value >>= 7; @@ -927,6 +931,7 @@ static int oid_subidentifier_encode_into(unsigned char **p, unsigned int value) { size_t num_bytes = oid_subidentifier_num_bytes(value); + if ((size_t) (bound - *p) < num_bytes) { return MBEDTLS_ERR_OID_BUF_TOO_SMALL; } @@ -947,14 +952,13 @@ int mbedtls_oid_from_numeric_string(mbedtls_asn1_buf *oid, const char *oid_str, size_t size) { int ret = MBEDTLS_ERR_ASN1_INVALID_DATA; - const char *str_ptr = oid_str; const char *str_bound = oid_str + size; unsigned int val = 0; unsigned int component1, component2; - /* Count the number of dots to get a worst-case allocation size. */ size_t num_dots = 0; + for (size_t i = 0; (i < size) && (oid_str[i] != '\0'); i++) { if (oid_str[i] == '.') { num_dots++; From 25d65e85274b4eb788be1dda8781625ec35dc4a9 Mon Sep 17 00:00:00 2001 From: David Horstmann Date: Wed, 31 May 2023 14:53:07 +0100 Subject: [PATCH 209/328] Refactor while loop for simplicity Signed-off-by: David Horstmann --- library/oid.c | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) diff --git a/library/oid.c b/library/oid.c index d2efbed1fe..ea1e70bf09 100644 --- a/library/oid.c +++ b/library/oid.c @@ -915,14 +915,13 @@ static int oid_parse_number(unsigned int *num, const char **p, const char *bound static size_t oid_subidentifier_num_bytes(unsigned int value) { - size_t num_bytes = 1; + size_t num_bytes = 0; - value >>= 7; - - while (value != 0) { - num_bytes++; + do { value >>= 7; - } + num_bytes++; + } while (value != 0); + return num_bytes; } From 6883358c16f2e369129753d3999bb345e57c3f29 Mon Sep 17 00:00:00 2001 From: David Horstmann Date: Wed, 31 May 2023 17:27:28 +0100 Subject: [PATCH 210/328] Hoist variable declarations to before goto This should appease IAR, which does not like declarations in the middle of goto sequences. Signed-off-by: David Horstmann --- library/oid.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/library/oid.c b/library/oid.c index ea1e70bf09..87e5d892f2 100644 --- a/library/oid.c +++ b/library/oid.c @@ -957,6 +957,8 @@ int mbedtls_oid_from_numeric_string(mbedtls_asn1_buf *oid, unsigned int component1, component2; /* Count the number of dots to get a worst-case allocation size. */ size_t num_dots = 0; + size_t encoded_len; + unsigned char *minimum_mem; for (size_t i = 0; (i < size) && (oid_str[i] != '\0'); i++) { if (oid_str[i] == '.') { @@ -1040,8 +1042,8 @@ int mbedtls_oid_from_numeric_string(mbedtls_asn1_buf *oid, } } - size_t encoded_len = out_ptr - oid->p; - unsigned char *minimum_mem = mbedtls_calloc(encoded_len, 1); + encoded_len = out_ptr - oid->p; + minimum_mem = mbedtls_calloc(encoded_len, 1); if (minimum_mem == NULL) { ret = MBEDTLS_ERR_ASN1_ALLOC_FAILED; goto error; From f6853a87512171975949b0b8d8ca1b5ae6aba14f Mon Sep 17 00:00:00 2001 From: valerio Date: Wed, 31 May 2023 12:00:11 +0200 Subject: [PATCH 211/328] test: optimizing test_suite_pkwrite code Signed-off-by: valerio --- tests/suites/test_suite_pkwrite.function | 94 +++++++++++++++++------- 1 file changed, 66 insertions(+), 28 deletions(-) diff --git a/tests/suites/test_suite_pkwrite.function b/tests/suites/test_suite_pkwrite.function index c148c8a848..4820fbd439 100644 --- a/tests/suites/test_suite_pkwrite.function +++ b/tests/suites/test_suite_pkwrite.function @@ -28,6 +28,43 @@ static void fix_new_lines(unsigned char *in_str, size_t *len) } } +static int pk_write_any_key(mbedtls_pk_context *pk, unsigned char **p, + size_t *buf_len, int is_public_key, int is_der) +{ + int ret = 0; + + if (is_der) { + if (is_public_key) { + ret = mbedtls_pk_write_pubkey_der(pk, *p, *buf_len); + } else { + ret = mbedtls_pk_write_key_der(pk, *p, *buf_len); + } + if (ret <= 0) { + return ret; + } + + *p = *p + *buf_len - ret; + *buf_len = ret; + } else { +#if defined(MBEDTLS_PEM_WRITE_C) + if (is_public_key) { + ret = mbedtls_pk_write_pubkey_pem(pk, *p, *buf_len); + } else { + ret = mbedtls_pk_write_key_pem(pk, *p, *buf_len); + } + if (ret != 0) { + return ret; + } + + *buf_len = strlen((char *) *p) + 1; /* +1 takes the string terminator into account */ +#else + return MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE; +#endif + } + + return 0; +} + static void pk_write_check_common(char *key_file, int is_public_key, int is_der) { mbedtls_pk_context key; @@ -35,7 +72,11 @@ static void pk_write_check_common(char *key_file, int is_public_key, int is_der) unsigned char *check_buf = NULL; unsigned char *start_buf; size_t buf_len, check_buf_len; - int ret; +#if defined(MBEDTLS_USE_PSA_CRYPTO) + mbedtls_svc_key_id_t opaque_id = MBEDTLS_SVC_KEY_ID_INIT; +#endif /* MBEDTLS_USE_PSA_CRYPTO */ + + USE_PSA_INIT(); mbedtls_pk_init(&key); USE_PSA_INIT(); @@ -62,42 +103,39 @@ static void pk_write_check_common(char *key_file, int is_public_key, int is_der) if (is_public_key) { TEST_EQUAL(mbedtls_pk_parse_public_keyfile(&key, key_file), 0); - if (is_der) { - ret = mbedtls_pk_write_pubkey_der(&key, buf, check_buf_len); - } else { -#if defined(MBEDTLS_PEM_WRITE_C) - ret = mbedtls_pk_write_pubkey_pem(&key, buf, check_buf_len); -#else - ret = MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE; -#endif - } } else { TEST_EQUAL(mbedtls_pk_parse_keyfile(&key, key_file, NULL, mbedtls_test_rnd_std_rand, NULL), 0); - if (is_der) { - ret = mbedtls_pk_write_key_der(&key, buf, check_buf_len); - } else { -#if defined(MBEDTLS_PEM_WRITE_C) - ret = mbedtls_pk_write_key_pem(&key, buf, check_buf_len); -#else - ret = MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE; -#endif - } } - if (is_der) { - TEST_LE_U(1, ret); - buf_len = ret; - start_buf = buf + check_buf_len - buf_len; - } else { - TEST_EQUAL(ret, 0); - buf_len = strlen((char *) buf) + 1; /* +1 takes the string terminator into account */ - start_buf = buf; - } + start_buf = buf; + buf_len = check_buf_len; + TEST_EQUAL(pk_write_any_key(&key, &start_buf, &buf_len, is_public_key, + is_der), 0); ASSERT_COMPARE(start_buf, buf_len, check_buf, check_buf_len); +#if defined(MBEDTLS_USE_PSA_CRYPTO) + /* Verify that pk_write works also for opaque private keys */ + if (!is_public_key) { + memset(buf, 0, check_buf_len); + TEST_EQUAL(mbedtls_pk_wrap_as_opaque(&key, &opaque_id, + PSA_ALG_NONE, + PSA_KEY_USAGE_EXPORT, + PSA_ALG_NONE), 0); + start_buf = buf; + buf_len = check_buf_len; + TEST_EQUAL(pk_write_any_key(&key, &start_buf, &buf_len, is_public_key, + is_der), 0); + + ASSERT_COMPARE(start_buf, buf_len, check_buf, check_buf_len); + } +#endif /* MBEDTLS_USE_PSA_CRYPTO */ + exit: +#if defined(MBEDTLS_USE_PSA_CRYPTO) + psa_destroy_key(opaque_id); +#endif /* MBEDTLS_USE_PSA_CRYPTO */ mbedtls_free(buf); mbedtls_free(check_buf); mbedtls_pk_free(&key); From a87601dc112e3fe308b04609f9706d3f138ba179 Mon Sep 17 00:00:00 2001 From: valerio Date: Wed, 31 May 2023 12:01:55 +0200 Subject: [PATCH 212/328] pk_internal: add support for opaque keys for getting EC curve ID Signed-off-by: valerio --- library/pk_internal.h | 23 +++++++++++++++++++++-- 1 file changed, 21 insertions(+), 2 deletions(-) diff --git a/library/pk_internal.h b/library/pk_internal.h index 8d4b005710..21fb34a8f4 100644 --- a/library/pk_internal.h +++ b/library/pk_internal.h @@ -84,11 +84,30 @@ static inline mbedtls_ecp_keypair *mbedtls_pk_ec_rw(const mbedtls_pk_context pk) static inline mbedtls_ecp_group_id mbedtls_pk_get_group_id(const mbedtls_pk_context *pk) { mbedtls_ecp_group_id id; + +#if defined(MBEDTLS_USE_PSA_CRYPTO) + psa_key_attributes_t opaque_attrs = PSA_KEY_ATTRIBUTES_INIT; + psa_key_type_t opaque_key_type; + psa_ecc_family_t curve; + + if (mbedtls_pk_get_type(pk) == MBEDTLS_PK_OPAQUE) { + if (psa_get_key_attributes(pk->priv_id, &opaque_attrs) != PSA_SUCCESS) { + return MBEDTLS_ECP_DP_NONE; + } + opaque_key_type = psa_get_key_type(&opaque_attrs); + curve = PSA_KEY_TYPE_ECC_GET_FAMILY(opaque_key_type); + id = mbedtls_ecc_group_of_psa(curve, psa_get_key_bits(&opaque_attrs), 0); + psa_reset_key_attributes(&opaque_attrs); + } else +#endif /* MBEDTLS_USE_PSA_CRYPTO */ + { #if defined(MBEDTLS_PK_USE_PSA_EC_DATA) - id = mbedtls_ecc_group_of_psa(pk->ec_family, pk->ec_bits, 0); + id = mbedtls_ecc_group_of_psa(pk->ec_family, pk->ec_bits, 0); #else /* MBEDTLS_PK_USE_PSA_EC_DATA */ - id = mbedtls_pk_ec_ro(*pk)->grp.id; + id = mbedtls_pk_ec_ro(*pk)->grp.id; #endif /* MBEDTLS_PK_USE_PSA_EC_DATA */ + } + return id; } From 64e0184a39625f91a0c7090eb5e647a159d84e34 Mon Sep 17 00:00:00 2001 From: valerio Date: Wed, 31 May 2023 12:02:43 +0200 Subject: [PATCH 213/328] psa_util: add support for rfc8410's OIDs Signed-off-by: valerio --- include/mbedtls/psa_util.h | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/include/mbedtls/psa_util.h b/include/mbedtls/psa_util.h index f7ed2ebfee..64c24358ef 100644 --- a/include/mbedtls/psa_util.h +++ b/include/mbedtls/psa_util.h @@ -248,6 +248,22 @@ static inline int mbedtls_psa_get_ecc_oid_from_id( #endif /* MBEDTLS_ECP_DP_BP512R1_ENABLED */ } break; + case PSA_ECC_FAMILY_MONTGOMERY: + switch (bits) { +#if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED) + case 255: + *oid = MBEDTLS_OID_X25519; + *oid_len = MBEDTLS_OID_SIZE(MBEDTLS_OID_X25519); + return 0; +#endif /* MBEDTLS_ECP_DP_CURVE25519_ENABLED */ +#if defined(MBEDTLS_ECP_DP_CURVE448_ENABLED) + case 448: + *oid = MBEDTLS_OID_X448; + *oid_len = MBEDTLS_OID_SIZE(MBEDTLS_OID_X448); + return 0; +#endif /* MBEDTLS_ECP_DP_CURVE448_ENABLED */ + } + break; } (void) oid; (void) oid_len; From b7273141333e9eb8a7cf7d397f156f72cfdca6d8 Mon Sep 17 00:00:00 2001 From: valerio Date: Wed, 31 May 2023 12:07:18 +0200 Subject: [PATCH 214/328] pk: add internal helpers for opaque keys Signed-off-by: valerio --- library/pkwrite.c | 39 +++++++++++++++++++++++++++++++++++++-- 1 file changed, 37 insertions(+), 2 deletions(-) diff --git a/library/pkwrite.c b/library/pkwrite.c index d6848151c1..559611c0d7 100644 --- a/library/pkwrite.c +++ b/library/pkwrite.c @@ -58,7 +58,8 @@ #include "mbedtls/platform.h" /* Helper for Montgomery curves */ -#if defined(MBEDTLS_ECP_LIGHT) && defined(MBEDTLS_PK_HAVE_RFC8410_CURVES) +#if defined(MBEDTLS_ECP_LIGHT) +#if defined(MBEDTLS_PK_HAVE_RFC8410_CURVES) static inline int mbedtls_pk_is_rfc8410(const mbedtls_pk_context *pk) { mbedtls_ecp_group_id id = mbedtls_pk_get_group_id(pk); @@ -75,7 +76,41 @@ static inline int mbedtls_pk_is_rfc8410(const mbedtls_pk_context *pk) #endif return 0; } -#endif /* MBEDTLS_ECP_LIGHT && MBEDTLS_PK_HAVE_RFC8410_CURVES */ +#endif /* MBEDTLS_PK_HAVE_RFC8410_CURVES */ +#if defined(MBEDTLS_USE_PSA_CRYPTO) +/* It is assumed that the input key is opaque */ +static psa_ecc_family_t pk_get_opaque_ec_family(const mbedtls_pk_context *pk) +{ + psa_ecc_family_t ec_family = 0; + psa_key_attributes_t key_attrs = PSA_KEY_ATTRIBUTES_INIT; + + if (psa_get_key_attributes(pk->priv_id, &key_attrs) != PSA_SUCCESS) { + return 0; + } + ec_family = PSA_KEY_TYPE_ECC_GET_FAMILY(psa_get_key_type(&key_attrs)); + psa_reset_key_attributes(&key_attrs); + + return ec_family; +} +#endif /* MBETLS_USE_PSA_CRYPTO */ +#endif /* MBEDTLS_ECP_LIGHT */ + +#if defined(MBEDTLS_USE_PSA_CRYPTO) +/* It is assumed that the input key is opaque */ +static psa_key_type_t pk_get_opaque_key_type(const mbedtls_pk_context *pk) +{ + psa_key_attributes_t opaque_attrs = PSA_KEY_ATTRIBUTES_INIT; + psa_key_type_t opaque_key_type; + + if (psa_get_key_attributes(pk->priv_id, &opaque_attrs) != PSA_SUCCESS) { + return 0; + } + opaque_key_type = psa_get_key_type(&opaque_attrs); + psa_reset_key_attributes(&opaque_attrs); + + return opaque_key_type; +} +#endif /* MBETLS_USE_PSA_CRYPTO */ #if defined(MBEDTLS_RSA_C) /* From 9ea26173d6bf4d2124459a6b5b50722ef2b8a551 Mon Sep 17 00:00:00 2001 From: valerio Date: Wed, 31 May 2023 12:10:23 +0200 Subject: [PATCH 215/328] pk: uniformmize public key writing functions Signed-off-by: valerio --- library/pkwrite.c | 115 +++++++++++++++++++++++++++++++++------------- 1 file changed, 82 insertions(+), 33 deletions(-) diff --git a/library/pkwrite.c b/library/pkwrite.c index 559611c0d7..9fd660fd2e 100644 --- a/library/pkwrite.c +++ b/library/pkwrite.c @@ -120,11 +120,12 @@ static psa_key_type_t pk_get_opaque_key_type(const mbedtls_pk_context *pk) * } */ static int pk_write_rsa_pubkey(unsigned char **p, unsigned char *start, - mbedtls_rsa_context *rsa) + const mbedtls_pk_context *pk) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t len = 0; mbedtls_mpi T; + mbedtls_rsa_context *rsa = mbedtls_pk_rsa(*pk); mbedtls_mpi_init(&T); @@ -158,29 +159,26 @@ end_of_export: #endif /* MBEDTLS_RSA_C */ #if defined(MBEDTLS_ECP_LIGHT) +#if defined(MBEDTLS_PK_USE_PSA_EC_DATA) static int pk_write_ec_pubkey(unsigned char **p, unsigned char *start, const mbedtls_pk_context *pk) { size_t len = 0; + uint8_t buf[PSA_EXPORT_KEY_PAIR_MAX_SIZE]; -#if defined(MBEDTLS_PK_USE_PSA_EC_DATA) - len = pk->pub_raw_len; + if (mbedtls_pk_get_type(pk) == MBEDTLS_PK_OPAQUE) { + if (psa_export_public_key(pk->priv_id, buf, sizeof(buf), &len) != PSA_SUCCESS) { + return MBEDTLS_ERR_PK_BAD_INPUT_DATA; + } + } else { + len = pk->pub_raw_len; - if (*p < start || (size_t) (*p - start) < len) { - return MBEDTLS_ERR_ASN1_BUF_TOO_SMALL; - } + if (*p < start || (size_t) (*p - start) < len) { + return MBEDTLS_ERR_ASN1_BUF_TOO_SMALL; + } - memcpy(*p - len, pk->pub_raw, len); - *p -= len; -#else - unsigned char buf[MBEDTLS_ECP_MAX_PT_LEN]; - mbedtls_ecp_keypair *ec = mbedtls_pk_ec(*pk); - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - - if ((ret = mbedtls_ecp_point_write_binary(&ec->grp, &ec->Q, - MBEDTLS_ECP_PF_UNCOMPRESSED, - &len, buf, sizeof(buf))) != 0) { - return ret; + memcpy(*p - len, pk->pub_raw, len); + *p -= len; } if (*p < start || (size_t) (*p - start) < len) { @@ -189,10 +187,50 @@ static int pk_write_ec_pubkey(unsigned char **p, unsigned char *start, *p -= len; memcpy(*p, buf, len); -#endif return (int) len; } +#else /* MBEDTLS_PK_USE_PSA_EC_DATA */ +static int pk_write_ec_pubkey(unsigned char **p, unsigned char *start, + const mbedtls_pk_context *pk) +{ + size_t len = 0; +#if defined(MBEDTLS_USE_PSA_CRYPTO) + uint8_t buf[PSA_EXPORT_PUBLIC_KEY_MAX_SIZE]; +#else + unsigned char buf[MBEDTLS_ECP_MAX_PT_LEN]; +#endif /* MBEDTLS_USE_PSA_CRYPTO */ + mbedtls_ecp_keypair *ec = mbedtls_pk_ec(*pk); + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + +#if defined(MBEDTLS_USE_PSA_CRYPTO) + if (mbedtls_pk_get_type(pk) == MBEDTLS_PK_OPAQUE) { + if (psa_export_public_key(pk->priv_id, buf, sizeof(buf), &len) != PSA_SUCCESS) { + return MBEDTLS_ERR_PK_BAD_INPUT_DATA; + } + *p -= len; + memcpy(*p, buf, len); + return (int) len; + } else +#endif /* MBEDTLS_USE_PSA_CRYPTO */ + { + if ((ret = mbedtls_ecp_point_write_binary(&ec->grp, &ec->Q, + MBEDTLS_ECP_PF_UNCOMPRESSED, + &len, buf, sizeof(buf))) != 0) { + return ret; + } + } + + if (*p < start || (size_t) (*p - start) < len) { + return MBEDTLS_ERR_ASN1_BUF_TOO_SMALL; + } + + *p -= len; + memcpy(*p, buf, len); + + return (int) len; +} +#endif /* MBEDTLS_PK_USE_PSA_EC_DATA */ /* * ECParameters ::= CHOICE { @@ -251,6 +289,30 @@ exit: } #endif /* MBEDTLS_ECP_LIGHT */ +#if defined(MBEDTLS_USE_PSA_CRYPTO) +static int pk_write_opaque_pubkey(unsigned char **p, unsigned char *start, + const mbedtls_pk_context *pk) +{ + size_t buffer_size; + size_t len = 0; + + if (*p < start) { + return MBEDTLS_ERR_PK_BAD_INPUT_DATA; + } + + buffer_size = (size_t) (*p - start); + if (psa_export_public_key(pk->priv_id, start, buffer_size, + &len) != PSA_SUCCESS) { + return MBEDTLS_ERR_PK_BAD_INPUT_DATA; + } + + *p -= len; + memmove(*p, start, len); + + return (int) len; +} +#endif /* MBEDTLS_USE_PSA_CRYPTO */ + int mbedtls_pk_write_pubkey(unsigned char **p, unsigned char *start, const mbedtls_pk_context *key) { @@ -259,7 +321,7 @@ int mbedtls_pk_write_pubkey(unsigned char **p, unsigned char *start, #if defined(MBEDTLS_RSA_C) if (mbedtls_pk_get_type(key) == MBEDTLS_PK_RSA) { - MBEDTLS_ASN1_CHK_ADD(len, pk_write_rsa_pubkey(p, start, mbedtls_pk_rsa(*key))); + MBEDTLS_ASN1_CHK_ADD(len, pk_write_rsa_pubkey(p, start, key)); } else #endif #if defined(MBEDTLS_ECP_LIGHT) @@ -269,20 +331,7 @@ int mbedtls_pk_write_pubkey(unsigned char **p, unsigned char *start, #endif #if defined(MBEDTLS_USE_PSA_CRYPTO) if (mbedtls_pk_get_type(key) == MBEDTLS_PK_OPAQUE) { - size_t buffer_size; - - if (*p < start) { - return MBEDTLS_ERR_PK_BAD_INPUT_DATA; - } - - buffer_size = (size_t) (*p - start); - if (psa_export_public_key(key->priv_id, start, buffer_size, &len) - != PSA_SUCCESS) { - return MBEDTLS_ERR_PK_BAD_INPUT_DATA; - } else { - *p -= len; - memmove(*p, start, len); - } + MBEDTLS_ASN1_CHK_ADD(len, pk_write_opaque_pubkey(p, start, key)); } else #endif /* MBEDTLS_USE_PSA_CRYPTO */ return MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE; From ba1fd32eda9d7ecc0ff5f9465b55005de5cc2f7f Mon Sep 17 00:00:00 2001 From: valerio Date: Wed, 31 May 2023 12:13:17 +0200 Subject: [PATCH 216/328] pk: optimize/reshape public key writing Signed-off-by: valerio --- library/pkwrite.c | 40 ++++++++++------------------------------ 1 file changed, 10 insertions(+), 30 deletions(-) diff --git a/library/pkwrite.c b/library/pkwrite.c index 9fd660fd2e..a86d16c7b3 100644 --- a/library/pkwrite.c +++ b/library/pkwrite.c @@ -377,44 +377,22 @@ int mbedtls_pk_write_pubkey_der(const mbedtls_pk_context *key, unsigned char *bu pk_type = mbedtls_pk_get_type(key); #if defined(MBEDTLS_ECP_LIGHT) if (pk_type == MBEDTLS_PK_ECKEY) { -#if defined(MBEDTLS_ECP_C) - ec_grp_id = mbedtls_pk_ec_ro(*key)->grp.id; -#else /* MBEDTLS_ECP_C */ - ec_grp_id = mbedtls_ecc_group_of_psa(key->ec_family, key->ec_bits, 0); -#endif /* MBEDTLS_ECP_C */ + ec_grp_id = mbedtls_pk_get_group_id(key); } #endif /* MBEDTLS_ECP_LIGHT */ #if defined(MBEDTLS_USE_PSA_CRYPTO) if (pk_type == MBEDTLS_PK_OPAQUE) { - psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; - psa_key_type_t key_type; - - if (PSA_SUCCESS != psa_get_key_attributes(key->priv_id, - &attributes)) { - return MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED; - } - key_type = psa_get_key_type(&attributes); - + psa_key_type_t opaque_key_type = pk_get_opaque_key_type(key); #if defined(MBEDTLS_ECP_LIGHT) - if (PSA_KEY_TYPE_IS_ECC_KEY_PAIR(key_type)) { - psa_ecc_family_t curve; - - curve = PSA_KEY_TYPE_ECC_GET_FAMILY(key_type); - if (curve != 0) { - ec_grp_id = mbedtls_ecc_group_of_psa(curve, psa_get_key_bits(&attributes), 0); - if (ec_grp_id != MBEDTLS_ECP_DP_NONE) { - /* The rest of the function works as for legacy EC contexts. */ + if (PSA_KEY_TYPE_IS_ECC(opaque_key_type)) { pk_type = MBEDTLS_PK_ECKEY; - } - } - } + ec_grp_id = mbedtls_pk_get_group_id(key); + } else #endif /* MBEDTLS_ECP_LIGHT */ - if (PSA_KEY_TYPE_IS_RSA(key_type)) { + if (PSA_KEY_TYPE_IS_RSA(opaque_key_type)) { /* The rest of the function works as for legacy RSA contexts. */ pk_type = MBEDTLS_PK_RSA; } - - psa_reset_key_attributes(&attributes); } /* `pk_type` will have been changed to non-opaque by here if this function can handle it */ if (pk_type == MBEDTLS_PK_OPAQUE) { @@ -424,11 +402,13 @@ int mbedtls_pk_write_pubkey_der(const mbedtls_pk_context *key, unsigned char *bu #if defined(MBEDTLS_ECP_LIGHT) if (pk_type == MBEDTLS_PK_ECKEY) { - /* Some groups have their own AlgorithmIdentifier OID, others are handled by mbedtls_oid_get_oid_by_pk_alg() below */ + /* Some groups have their own AlgorithmIdentifier OID, others are handled + * by mbedtls_oid_get_oid_by_pk_alg() below */ ret = mbedtls_oid_get_oid_by_ec_grp_algid(ec_grp_id, &oid, &oid_len); if (ret == 0) { - /* Currently, none of the supported algorithms that have their own AlgorithmIdentifier OID have any parameters */ + /* Currently, none of the supported algorithms that have their own + * AlgorithmIdentifier OID have any parameters */ has_par = 0; } else if (ret == MBEDTLS_ERR_OID_NOT_FOUND) { MBEDTLS_ASN1_CHK_ADD(par_len, pk_write_ec_param(&c, buf, ec_grp_id)); From 52b675ffc30961c1e7a5d8edee5e4969684d7967 Mon Sep 17 00:00:00 2001 From: valerio Date: Wed, 31 May 2023 12:14:37 +0200 Subject: [PATCH 217/328] pk: extend pk_write_ec_private to support opaque keys Signed-off-by: valerio --- library/pkwrite.c | 67 ++++++++++++++++++++++++++++++++++++----------- 1 file changed, 51 insertions(+), 16 deletions(-) diff --git a/library/pkwrite.c b/library/pkwrite.c index a86d16c7b3..a53bada240 100644 --- a/library/pkwrite.c +++ b/library/pkwrite.c @@ -257,36 +257,71 @@ static int pk_write_ec_param(unsigned char **p, unsigned char *start, /* * privateKey OCTET STRING -- always of length ceil(log2(n)/8) */ +#if defined(MBEDTLS_PK_USE_PSA_EC_DATA) static int pk_write_ec_private(unsigned char **p, unsigned char *start, const mbedtls_pk_context *pk) { size_t byte_length; int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - -#if defined(MBEDTLS_PK_USE_PSA_EC_DATA) unsigned char tmp[MBEDTLS_PSA_MAX_EC_KEY_PAIR_LENGTH]; psa_status_t status; - status = psa_export_key(pk->priv_id, tmp, sizeof(tmp), &byte_length); - if (status != PSA_SUCCESS) { - ret = PSA_PK_ECDSA_TO_MBEDTLS_ERR(status); - goto exit; + if (mbedtls_pk_get_type(pk) == MBEDTLS_PK_OPAQUE) { + status = psa_export_key(pk->priv_id, tmp, sizeof(tmp), &byte_length); + if (status != PSA_SUCCESS) { + ret = PSA_PK_ECDSA_TO_MBEDTLS_ERR(status); + return ret; + } + } else { + status = psa_export_key(pk->priv_id, tmp, sizeof(tmp), &byte_length); + if (status != PSA_SUCCESS) { + ret = PSA_PK_ECDSA_TO_MBEDTLS_ERR(status); + goto exit; + } } -#else /* MBEDTLS_PK_USE_PSA_EC_DATA */ - unsigned char tmp[MBEDTLS_ECP_MAX_BYTES]; - mbedtls_ecp_keypair *ec = mbedtls_pk_ec_rw(*pk); - byte_length = (ec->grp.pbits + 7) / 8; - ret = mbedtls_ecp_write_key(ec, tmp, byte_length); - if (ret != 0) { - goto exit; - } -#endif /* MBEDTLS_PK_USE_PSA_EC_DATA */ ret = mbedtls_asn1_write_octet_string(p, start, tmp, byte_length); exit: mbedtls_platform_zeroize(tmp, sizeof(tmp)); return ret; } +#else /* MBEDTLS_PK_USE_PSA_EC_DATA */ +static int pk_write_ec_private(unsigned char **p, unsigned char *start, + const mbedtls_pk_context *pk) +{ + size_t byte_length; + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; +#if defined(MBEDTLS_USE_PSA_CRYPTO) + unsigned char tmp[MBEDTLS_PSA_MAX_EC_KEY_PAIR_LENGTH]; + psa_status_t status; +#else + unsigned char tmp[MBEDTLS_ECP_MAX_BYTES]; +#endif /* MBEDTLS_USE_PSA_CRYPTO */ + +#if defined(MBEDTLS_USE_PSA_CRYPTO) + if (mbedtls_pk_get_type(pk) == MBEDTLS_PK_OPAQUE) { + status = psa_export_key(pk->priv_id, tmp, sizeof(tmp), &byte_length); + if (status != PSA_SUCCESS) { + ret = PSA_PK_ECDSA_TO_MBEDTLS_ERR(status); + return ret; + } + } else +#endif /* MBEDTLS_USE_PSA_CRYPTO */ + { + mbedtls_ecp_keypair *ec = mbedtls_pk_ec_rw(*pk); + byte_length = (ec->grp.pbits + 7) / 8; + + ret = mbedtls_ecp_write_key(ec, tmp, byte_length); + if (ret != 0) { + goto exit; + } + } + ret = mbedtls_asn1_write_octet_string(p, start, tmp, byte_length); +exit: + mbedtls_platform_zeroize(tmp, sizeof(tmp)); + return ret; +} +#endif /* MBEDTLS_PK_USE_PSA_EC_DATA */ #endif /* MBEDTLS_ECP_LIGHT */ #if defined(MBEDTLS_USE_PSA_CRYPTO) @@ -385,7 +420,7 @@ int mbedtls_pk_write_pubkey_der(const mbedtls_pk_context *key, unsigned char *bu psa_key_type_t opaque_key_type = pk_get_opaque_key_type(key); #if defined(MBEDTLS_ECP_LIGHT) if (PSA_KEY_TYPE_IS_ECC(opaque_key_type)) { - pk_type = MBEDTLS_PK_ECKEY; + pk_type = MBEDTLS_PK_ECKEY; ec_grp_id = mbedtls_pk_get_group_id(key); } else #endif /* MBEDTLS_ECP_LIGHT */ From c0bac57ac90d15e4f2e4d93ea85d15178f5977c4 Mon Sep 17 00:00:00 2001 From: valerio Date: Wed, 31 May 2023 12:15:41 +0200 Subject: [PATCH 218/328] pk: optimized/reshape code for writing private key DER Signed-off-by: valerio --- library/pkwrite.c | 202 +++++++++++++++++++++++++++++----------------- 1 file changed, 128 insertions(+), 74 deletions(-) diff --git a/library/pkwrite.c b/library/pkwrite.c index a53bada240..869596de3b 100644 --- a/library/pkwrite.c +++ b/library/pkwrite.c @@ -519,27 +519,91 @@ static int pk_write_ec_rfc8410_der(unsigned char **p, unsigned char *buf, return (int) len; } #endif /* MBEDTLS_PK_HAVE_RFC8410_CURVES */ -#endif /* MBEDTLS_ECP_LIGHT */ -int mbedtls_pk_write_key_der(const mbedtls_pk_context *key, unsigned char *buf, size_t size) +/* + * RFC 5915, or SEC1 Appendix C.4 + * + * ECPrivateKey ::= SEQUENCE { + * version INTEGER { ecPrivkeyVer1(1) } (ecPrivkeyVer1), + * privateKey OCTET STRING, + * parameters [0] ECParameters {{ NamedCurve }} OPTIONAL, + * publicKey [1] BIT STRING OPTIONAL + * } + */ +static int pk_write_ec_der(unsigned char **p, unsigned char *buf, + const mbedtls_pk_context *pk) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - unsigned char *c; size_t len = 0; -#if defined(MBEDTLS_ECP_LIGHT) + int ret; + size_t pub_len = 0, par_len = 0; mbedtls_ecp_group_id grp_id; -#endif - if (size == 0) { + /* publicKey */ + MBEDTLS_ASN1_CHK_ADD(pub_len, pk_write_ec_pubkey(p, buf, pk)); + + if (*p - buf < 1) { return MBEDTLS_ERR_ASN1_BUF_TOO_SMALL; } + (*p)--; + **p = 0; + pub_len += 1; - c = buf + size; + MBEDTLS_ASN1_CHK_ADD(pub_len, mbedtls_asn1_write_len(p, buf, pub_len)); + MBEDTLS_ASN1_CHK_ADD(pub_len, mbedtls_asn1_write_tag(p, buf, MBEDTLS_ASN1_BIT_STRING)); + + MBEDTLS_ASN1_CHK_ADD(pub_len, mbedtls_asn1_write_len(p, buf, pub_len)); + MBEDTLS_ASN1_CHK_ADD(pub_len, mbedtls_asn1_write_tag(p, buf, + MBEDTLS_ASN1_CONTEXT_SPECIFIC | + MBEDTLS_ASN1_CONSTRUCTED | 1)); + len += pub_len; + + /* parameters */ + grp_id = mbedtls_pk_get_group_id(pk); + MBEDTLS_ASN1_CHK_ADD(par_len, pk_write_ec_param(p, buf, grp_id)); + MBEDTLS_ASN1_CHK_ADD(par_len, mbedtls_asn1_write_len(p, buf, par_len)); + MBEDTLS_ASN1_CHK_ADD(par_len, mbedtls_asn1_write_tag(p, buf, + MBEDTLS_ASN1_CONTEXT_SPECIFIC | + MBEDTLS_ASN1_CONSTRUCTED | 0)); + len += par_len; + + /* privateKey */ + MBEDTLS_ASN1_CHK_ADD(len, pk_write_ec_private(p, buf, pk)); + + /* version */ + MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_int(p, buf, 1)); + + MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(p, buf, len)); + MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(p, buf, MBEDTLS_ASN1_CONSTRUCTED | + MBEDTLS_ASN1_SEQUENCE)); + + return (int) len; +} +#endif /* MBEDTLS_ECP_LIGHT */ #if defined(MBEDTLS_RSA_C) - if (mbedtls_pk_get_type(key) == MBEDTLS_PK_RSA) { +static int pk_write_rsa_der(unsigned char **p, unsigned char *buf, + const mbedtls_pk_context *pk) +{ + size_t len = 0; + int ret; + +#if defined(MBEDTLS_USE_PSA_CRYPTO) + if (mbedtls_pk_get_type(pk) == MBEDTLS_PK_OPAQUE) { + uint8_t tmp[PSA_EXPORT_KEY_PAIR_MAX_SIZE]; + size_t tmp_len = 0; + + if (psa_export_key(pk->priv_id, tmp, sizeof(tmp), &tmp_len) != PSA_SUCCESS) { + return MBEDTLS_ERR_PK_BAD_INPUT_DATA; + } + *p -= tmp_len; + memcpy(*p, tmp, tmp_len); + len += tmp_len; + mbedtls_platform_zeroize(tmp, sizeof(tmp)); + } else +#endif /* MBEDTLS_USE_PSA_CRYPTO */ + { mbedtls_mpi T; /* Temporary holding the exported parameters */ - mbedtls_rsa_context *rsa = mbedtls_pk_rsa(*key); + mbedtls_rsa_context *rsa = mbedtls_pk_rsa(*pk); /* * Export the parameters one after another to avoid simultaneous copies. @@ -549,21 +613,21 @@ int mbedtls_pk_write_key_der(const mbedtls_pk_context *key, unsigned char *buf, /* Export QP */ if ((ret = mbedtls_rsa_export_crt(rsa, NULL, NULL, &T)) != 0 || - (ret = mbedtls_asn1_write_mpi(&c, buf, &T)) < 0) { + (ret = mbedtls_asn1_write_mpi(p, buf, &T)) < 0) { goto end_of_export; } len += ret; /* Export DQ */ if ((ret = mbedtls_rsa_export_crt(rsa, NULL, &T, NULL)) != 0 || - (ret = mbedtls_asn1_write_mpi(&c, buf, &T)) < 0) { + (ret = mbedtls_asn1_write_mpi(p, buf, &T)) < 0) { goto end_of_export; } len += ret; /* Export DP */ if ((ret = mbedtls_rsa_export_crt(rsa, &T, NULL, NULL)) != 0 || - (ret = mbedtls_asn1_write_mpi(&c, buf, &T)) < 0) { + (ret = mbedtls_asn1_write_mpi(p, buf, &T)) < 0) { goto end_of_export; } len += ret; @@ -571,7 +635,7 @@ int mbedtls_pk_write_key_der(const mbedtls_pk_context *key, unsigned char *buf, /* Export Q */ if ((ret = mbedtls_rsa_export(rsa, NULL, NULL, &T, NULL, NULL)) != 0 || - (ret = mbedtls_asn1_write_mpi(&c, buf, &T)) < 0) { + (ret = mbedtls_asn1_write_mpi(p, buf, &T)) < 0) { goto end_of_export; } len += ret; @@ -579,7 +643,7 @@ int mbedtls_pk_write_key_der(const mbedtls_pk_context *key, unsigned char *buf, /* Export P */ if ((ret = mbedtls_rsa_export(rsa, NULL, &T, NULL, NULL, NULL)) != 0 || - (ret = mbedtls_asn1_write_mpi(&c, buf, &T)) < 0) { + (ret = mbedtls_asn1_write_mpi(p, buf, &T)) < 0) { goto end_of_export; } len += ret; @@ -587,7 +651,7 @@ int mbedtls_pk_write_key_der(const mbedtls_pk_context *key, unsigned char *buf, /* Export D */ if ((ret = mbedtls_rsa_export(rsa, NULL, NULL, NULL, &T, NULL)) != 0 || - (ret = mbedtls_asn1_write_mpi(&c, buf, &T)) < 0) { + (ret = mbedtls_asn1_write_mpi(p, buf, &T)) < 0) { goto end_of_export; } len += ret; @@ -595,7 +659,7 @@ int mbedtls_pk_write_key_der(const mbedtls_pk_context *key, unsigned char *buf, /* Export E */ if ((ret = mbedtls_rsa_export(rsa, NULL, NULL, NULL, NULL, &T)) != 0 || - (ret = mbedtls_asn1_write_mpi(&c, buf, &T)) < 0) { + (ret = mbedtls_asn1_write_mpi(p, buf, &T)) < 0) { goto end_of_export; } len += ret; @@ -603,7 +667,7 @@ int mbedtls_pk_write_key_der(const mbedtls_pk_context *key, unsigned char *buf, /* Export N */ if ((ret = mbedtls_rsa_export(rsa, &T, NULL, NULL, NULL, NULL)) != 0 || - (ret = mbedtls_asn1_write_mpi(&c, buf, &T)) < 0) { + (ret = mbedtls_asn1_write_mpi(p, buf, &T)) < 0) { goto end_of_export; } len += ret; @@ -615,71 +679,61 @@ end_of_export: return ret; } - MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_int(&c, buf, 0)); - MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(&c, buf, len)); - MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(&c, + MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_int(p, buf, 0)); + MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(p, buf, len)); + MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(p, buf, MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)); + } + + return (int) len; +} +#endif /* MBEDTLS_RSA_C */ + +int mbedtls_pk_write_key_der(const mbedtls_pk_context *key, unsigned char *buf, size_t size) +{ + unsigned char *c; + size_t len = 0; +#if defined(MBEDTLS_RSA_C) + int is_rsa_opaque = 0; +#endif /* MBEDTLS_RSA_C */ +#if defined(MBEDTLS_ECP_LIGHT) + int is_ec_opaque = 0; +#endif /* MBEDTLS_ECP_LIGHT */ +#if defined(MBEDTLS_USE_PSA_CRYPTO) + psa_key_type_t opaque_key_type = pk_get_opaque_key_type(key); +#endif /* MBEDTLS_USE_PSA_CRYPTO */ + + if (size == 0) { + return MBEDTLS_ERR_ASN1_BUF_TOO_SMALL; + } + + c = buf + size; + +#if defined(MBEDTLS_USE_PSA_CRYPTO) + if (mbedtls_pk_get_type(key) == MBEDTLS_PK_OPAQUE) { +#if defined(MBEDTLS_RSA_C) + is_rsa_opaque = PSA_KEY_TYPE_IS_RSA(opaque_key_type); +#endif /* MBEDTLS_RSA_C */ +#if defined(MBEDTLS_ECP_LIGHT) + is_ec_opaque = PSA_KEY_TYPE_IS_ECC(opaque_key_type); +#endif /* MBEDTLS_ECP_LIGHT */ + } +#endif /* MBEDTLS_USE_PSA_CRYPTO */ + +#if defined(MBEDTLS_RSA_C) + if ((mbedtls_pk_get_type(key) == MBEDTLS_PK_RSA) || is_rsa_opaque) { + return pk_write_rsa_der(&c, buf, key); } else #endif /* MBEDTLS_RSA_C */ #if defined(MBEDTLS_ECP_LIGHT) - if (mbedtls_pk_get_type(key) == MBEDTLS_PK_ECKEY) { - size_t pub_len = 0, par_len = 0; - + if ((mbedtls_pk_get_type(key) == MBEDTLS_PK_ECKEY) || is_ec_opaque) { #if defined(MBEDTLS_PK_HAVE_RFC8410_CURVES) if (mbedtls_pk_is_rfc8410(key)) { return pk_write_ec_rfc8410_der(&c, buf, key); } -#endif - - /* - * RFC 5915, or SEC1 Appendix C.4 - * - * ECPrivateKey ::= SEQUENCE { - * version INTEGER { ecPrivkeyVer1(1) } (ecPrivkeyVer1), - * privateKey OCTET STRING, - * parameters [0] ECParameters {{ NamedCurve }} OPTIONAL, - * publicKey [1] BIT STRING OPTIONAL - * } - */ - - /* publicKey */ - MBEDTLS_ASN1_CHK_ADD(pub_len, pk_write_ec_pubkey(&c, buf, key)); - - if (c - buf < 1) { - return MBEDTLS_ERR_ASN1_BUF_TOO_SMALL; - } - *--c = 0; - pub_len += 1; - - MBEDTLS_ASN1_CHK_ADD(pub_len, mbedtls_asn1_write_len(&c, buf, pub_len)); - MBEDTLS_ASN1_CHK_ADD(pub_len, mbedtls_asn1_write_tag(&c, buf, MBEDTLS_ASN1_BIT_STRING)); - - MBEDTLS_ASN1_CHK_ADD(pub_len, mbedtls_asn1_write_len(&c, buf, pub_len)); - MBEDTLS_ASN1_CHK_ADD(pub_len, mbedtls_asn1_write_tag(&c, buf, - MBEDTLS_ASN1_CONTEXT_SPECIFIC | - MBEDTLS_ASN1_CONSTRUCTED | 1)); - len += pub_len; - - /* parameters */ - grp_id = mbedtls_pk_get_group_id(key); - MBEDTLS_ASN1_CHK_ADD(par_len, pk_write_ec_param(&c, buf, grp_id)); - - MBEDTLS_ASN1_CHK_ADD(par_len, mbedtls_asn1_write_len(&c, buf, par_len)); - MBEDTLS_ASN1_CHK_ADD(par_len, mbedtls_asn1_write_tag(&c, buf, - MBEDTLS_ASN1_CONTEXT_SPECIFIC | - MBEDTLS_ASN1_CONSTRUCTED | 0)); - len += par_len; - - /* privateKey */ - MBEDTLS_ASN1_CHK_ADD(len, pk_write_ec_private(&c, buf, key)); - - /* version */ - MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_int(&c, buf, 1)); - - MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(&c, buf, len)); - MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(&c, buf, MBEDTLS_ASN1_CONSTRUCTED | - MBEDTLS_ASN1_SEQUENCE)); +#endif /* MBEDTLS_PK_HAVE_RFC8410_CURVES */ + return pk_write_ec_der(&c, buf, key); } else #endif /* MBEDTLS_ECP_LIGHT */ return MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE; From e279e50a76580a03b690fac61d8a823f68137a0e Mon Sep 17 00:00:00 2001 From: valerio Date: Wed, 31 May 2023 12:16:12 +0200 Subject: [PATCH 219/328] pk: optimized/reshape code for writing private key PEM Signed-off-by: valerio --- library/pkwrite.c | 35 ++++++++++++++++++++++++++++++++--- 1 file changed, 32 insertions(+), 3 deletions(-) diff --git a/library/pkwrite.c b/library/pkwrite.c index 869596de3b..821de14286 100644 --- a/library/pkwrite.c +++ b/library/pkwrite.c @@ -786,21 +786,50 @@ int mbedtls_pk_write_key_pem(const mbedtls_pk_context *key, unsigned char *buf, unsigned char output_buf[PRV_DER_MAX_BYTES]; const char *begin, *end; size_t olen = 0; +#if defined(MBEDTLS_ECP_LIGHT) + int is_ec_opaque = 0; +#if defined(MBEDTLS_PK_HAVE_RFC8410_CURVES) + int is_montgomery_opaque = 0; +#endif /* MBEDTLS_PK_HAVE_RFC8410_CURVES */ +#endif /* MBEDTLS_ECP_LIGHT */ +#if defined(MBEDTLS_RSA_C) + int is_rsa_opaque = 0; +#endif if ((ret = mbedtls_pk_write_key_der(key, output_buf, sizeof(output_buf))) < 0) { return ret; } +#if defined(MBEDTLS_USE_PSA_CRYPTO) + if (mbedtls_pk_get_type(key) == MBEDTLS_PK_OPAQUE) { + psa_key_type_t opaque_key_type = pk_get_opaque_key_type(key); + #if defined(MBEDTLS_RSA_C) - if (mbedtls_pk_get_type(key) == MBEDTLS_PK_RSA) { + is_rsa_opaque = PSA_KEY_TYPE_IS_RSA(opaque_key_type); +#endif +#if defined(MBEDTLS_ECP_LIGHT) + is_ec_opaque = PSA_KEY_TYPE_IS_ECC(opaque_key_type); +#if defined(MBEDTLS_PK_HAVE_RFC8410_CURVES) + if (pk_get_opaque_ec_family(key) == PSA_ECC_FAMILY_MONTGOMERY) { + is_montgomery_opaque = 1; + } +#endif /* MBEDTLS_PK_HAVE_RFC8410_CURVES */ +#endif /* MBEDTLS_ECP_LIGHT */ + } +#endif /* MBEDTLS_USE_PSA_CRYPTO */ + +#if defined(MBEDTLS_RSA_C) + if ((mbedtls_pk_get_type(key) == MBEDTLS_PK_RSA) || is_rsa_opaque) { begin = PEM_BEGIN_PRIVATE_KEY_RSA; end = PEM_END_PRIVATE_KEY_RSA; } else #endif #if defined(MBEDTLS_ECP_LIGHT) - if (mbedtls_pk_get_type(key) == MBEDTLS_PK_ECKEY) { + if ((mbedtls_pk_get_type(key) == MBEDTLS_PK_ECKEY) || is_ec_opaque) { #if defined(MBEDTLS_PK_HAVE_RFC8410_CURVES) - if (mbedtls_pk_is_rfc8410(key)) { + if (is_montgomery_opaque || + ((mbedtls_pk_get_type(key) == MBEDTLS_PK_ECKEY) && + (mbedtls_pk_is_rfc8410(key)))) { begin = PEM_BEGIN_PRIVATE_KEY_PKCS8; end = PEM_END_PRIVATE_KEY_PKCS8; } else From f1d29136acef7b5aa97ce7c5e3cdc5b6e7d9660c Mon Sep 17 00:00:00 2001 From: valerio Date: Wed, 31 May 2023 15:22:48 +0200 Subject: [PATCH 220/328] test: remove debug echo in component Signed-off-by: valerio --- tests/scripts/all.sh | 1 - 1 file changed, 1 deletion(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 4b220404d2..36d5fa4167 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -2508,7 +2508,6 @@ psa_crypto_config_accel_all_curves_except_one () { scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_KEY_TYPE_RSA_KEY_PAIR scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY for ALG in $(sed -n 's/^#define \(PSA_WANT_ALG_RSA_[0-9A-Z_a-z]*\).*/\1/p' <"$CRYPTO_CONFIG_H"); do - echo $ALG scripts/config.py -f include/psa/crypto_config.h unset $ALG done From c6e6fb320fb2c3dff2927827419b40362aec8794 Mon Sep 17 00:00:00 2001 From: valerio Date: Wed, 31 May 2023 15:46:20 +0200 Subject: [PATCH 221/328] pk: fix guard position Signed-off-by: valerio --- library/pkwrite.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/pkwrite.c b/library/pkwrite.c index 821de14286..8a08f605b8 100644 --- a/library/pkwrite.c +++ b/library/pkwrite.c @@ -76,7 +76,6 @@ static inline int mbedtls_pk_is_rfc8410(const mbedtls_pk_context *pk) #endif return 0; } -#endif /* MBEDTLS_PK_HAVE_RFC8410_CURVES */ #if defined(MBEDTLS_USE_PSA_CRYPTO) /* It is assumed that the input key is opaque */ static psa_ecc_family_t pk_get_opaque_ec_family(const mbedtls_pk_context *pk) @@ -93,6 +92,7 @@ static psa_ecc_family_t pk_get_opaque_ec_family(const mbedtls_pk_context *pk) return ec_family; } #endif /* MBETLS_USE_PSA_CRYPTO */ +#endif /* MBEDTLS_PK_HAVE_RFC8410_CURVES */ #endif /* MBEDTLS_ECP_LIGHT */ #if defined(MBEDTLS_USE_PSA_CRYPTO) From f9139e55ce99aa4ca31c7e0bd165bb85b8efe67d Mon Sep 17 00:00:00 2001 From: valerio Date: Wed, 31 May 2023 18:01:33 +0200 Subject: [PATCH 222/328] pk: minor code fixes - removing duplicated code - uninitialized variable usage Signed-off-by: valerio --- library/pkwrite.c | 11 +++-------- 1 file changed, 3 insertions(+), 8 deletions(-) diff --git a/library/pkwrite.c b/library/pkwrite.c index 8a08f605b8..218d0c1abe 100644 --- a/library/pkwrite.c +++ b/library/pkwrite.c @@ -172,13 +172,7 @@ static int pk_write_ec_pubkey(unsigned char **p, unsigned char *start, } } else { len = pk->pub_raw_len; - - if (*p < start || (size_t) (*p - start) < len) { - return MBEDTLS_ERR_ASN1_BUF_TOO_SMALL; - } - - memcpy(*p - len, pk->pub_raw, len); - *p -= len; + memcpy(buf, pk->pub_raw, len); } if (*p < start || (size_t) (*p - start) < len) { @@ -701,7 +695,7 @@ int mbedtls_pk_write_key_der(const mbedtls_pk_context *key, unsigned char *buf, int is_ec_opaque = 0; #endif /* MBEDTLS_ECP_LIGHT */ #if defined(MBEDTLS_USE_PSA_CRYPTO) - psa_key_type_t opaque_key_type = pk_get_opaque_key_type(key); + psa_key_type_t opaque_key_type; #endif /* MBEDTLS_USE_PSA_CRYPTO */ if (size == 0) { @@ -712,6 +706,7 @@ int mbedtls_pk_write_key_der(const mbedtls_pk_context *key, unsigned char *buf, #if defined(MBEDTLS_USE_PSA_CRYPTO) if (mbedtls_pk_get_type(key) == MBEDTLS_PK_OPAQUE) { + opaque_key_type = pk_get_opaque_key_type(key); #if defined(MBEDTLS_RSA_C) is_rsa_opaque = PSA_KEY_TYPE_IS_RSA(opaque_key_type); #endif /* MBEDTLS_RSA_C */ From 73cfde8f85e10f4face574ee783904b33e6d0c62 Mon Sep 17 00:00:00 2001 From: Thomas Daubney Date: Tue, 30 May 2023 15:34:28 +0100 Subject: [PATCH 223/328] Remove certain null pointer checks when only MD_LIGHT enabled When MD_LIGHT is enabled but MD_C is not then certain null pointer checks can be removed on functions that take an mbedtls_md_context_t * as a parameter, since MD_LIGHT does not support these null pointers. Signed-off-by: Thomas Daubney --- library/md.c | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/library/md.c b/library/md.c index bebe3580bd..306af72b32 100644 --- a/library/md.c +++ b/library/md.c @@ -376,7 +376,12 @@ int mbedtls_md_clone(mbedtls_md_context_t *dst, int mbedtls_md_setup(mbedtls_md_context_t *ctx, const mbedtls_md_info_t *md_info, int hmac) { - if (md_info == NULL || ctx == NULL) { +#if defined(MBEDTLS_MD_C) + if (ctx == NULL) { + return MBEDTLS_ERR_MD_BAD_INPUT_DATA; + } +#endif + if (md_info == NULL) { return MBEDTLS_ERR_MD_BAD_INPUT_DATA; } @@ -455,9 +460,11 @@ int mbedtls_md_setup(mbedtls_md_context_t *ctx, const mbedtls_md_info_t *md_info int mbedtls_md_starts(mbedtls_md_context_t *ctx) { +#if defined(MBEDTLS_MD_C) if (ctx == NULL || ctx->md_info == NULL) { return MBEDTLS_ERR_MD_BAD_INPUT_DATA; } +#endif #if defined(MBEDTLS_MD_SOME_PSA) if (ctx->engine == MBEDTLS_MD_ENGINE_PSA) { @@ -504,9 +511,11 @@ int mbedtls_md_starts(mbedtls_md_context_t *ctx) int mbedtls_md_update(mbedtls_md_context_t *ctx, const unsigned char *input, size_t ilen) { +#if defined(MBEDTLS_MD_C) if (ctx == NULL || ctx->md_info == NULL) { return MBEDTLS_ERR_MD_BAD_INPUT_DATA; } +#endif #if defined(MBEDTLS_MD_SOME_PSA) if (ctx->engine == MBEDTLS_MD_ENGINE_PSA) { @@ -551,9 +560,11 @@ int mbedtls_md_update(mbedtls_md_context_t *ctx, const unsigned char *input, siz int mbedtls_md_finish(mbedtls_md_context_t *ctx, unsigned char *output) { +#if defined(MBEDTLS_MD_C) if (ctx == NULL || ctx->md_info == NULL) { return MBEDTLS_ERR_MD_BAD_INPUT_DATA; } +#endif #if defined(MBEDTLS_MD_SOME_PSA) if (ctx->engine == MBEDTLS_MD_ENGINE_PSA) { From d1a203a382a65a458a5736525237525dc3ca9697 Mon Sep 17 00:00:00 2001 From: David Horstmann Date: Thu, 1 Jun 2023 15:02:15 +0100 Subject: [PATCH 224/328] Cosmetic fixes to doxygen comment Signed-off-by: David Horstmann --- include/mbedtls/oid.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/include/mbedtls/oid.h b/include/mbedtls/oid.h index 5b75077ea7..da3d70ed57 100644 --- a/include/mbedtls/oid.h +++ b/include/mbedtls/oid.h @@ -478,12 +478,12 @@ int mbedtls_oid_get_numeric_string(char *buf, size_t size, const mbedtls_asn1_bu * On success, this function allocates oid->buf from the * heap. It must be freed by the caller using mbedtls_free(). * - * \param oid mbedtls_asn1_buf to populate with the DER-encoded OID + * \param oid #mbedtls_asn1_buf to populate with the DER-encoded OID * \param oid_str string representation of the OID to parse * \param size length of the OID string * * \return 0 if successful - * \return #MBEDTLS_ERR_ASN1_INVALID_DATA if oid_str does not + * \return #MBEDTLS_ERR_ASN1_INVALID_DATA if \p oid_str does not * represent a valid OID * \return #MBEDTLS_ERR_ASN1_ALLOC_FAILED if the function fails to * allocate oid->buf From 017139751a81895faa33ce59f1d1ff5ced5b741b Mon Sep 17 00:00:00 2001 From: David Horstmann Date: Thu, 1 Jun 2023 15:04:20 +0100 Subject: [PATCH 225/328] Change behaviour away from NUL-terminated strings Instead, require the length of the string to be passed. This is more useful for our use-case, as it is likely we will parse OIDs from the middle of strings. Signed-off-by: David Horstmann --- include/mbedtls/oid.h | 5 +++-- library/oid.c | 8 ++++---- 2 files changed, 7 insertions(+), 6 deletions(-) diff --git a/include/mbedtls/oid.h b/include/mbedtls/oid.h index da3d70ed57..68ae723179 100644 --- a/include/mbedtls/oid.h +++ b/include/mbedtls/oid.h @@ -479,8 +479,9 @@ int mbedtls_oid_get_numeric_string(char *buf, size_t size, const mbedtls_asn1_bu * heap. It must be freed by the caller using mbedtls_free(). * * \param oid #mbedtls_asn1_buf to populate with the DER-encoded OID - * \param oid_str string representation of the OID to parse - * \param size length of the OID string + * \param oid_str string representation of the OID to parse, not + * NUL-terminated + * \param size length of the OID string, not including any NUL terminator * * \return 0 if successful * \return #MBEDTLS_ERR_ASN1_INVALID_DATA if \p oid_str does not diff --git a/library/oid.c b/library/oid.c index 87e5d892f2..312a6375bd 100644 --- a/library/oid.c +++ b/library/oid.c @@ -960,7 +960,7 @@ int mbedtls_oid_from_numeric_string(mbedtls_asn1_buf *oid, size_t encoded_len; unsigned char *minimum_mem; - for (size_t i = 0; (i < size) && (oid_str[i] != '\0'); i++) { + for (size_t i = 0; i < size; i++) { if (oid_str[i] == '.') { num_dots++; } @@ -1003,7 +1003,7 @@ int mbedtls_oid_from_numeric_string(mbedtls_asn1_buf *oid, ret = MBEDTLS_ERR_ASN1_INVALID_DATA; goto error; } - if (str_ptr < str_bound && *str_ptr != '\0') { + if (str_ptr < str_bound) { if (*str_ptr == '.') { str_ptr++; } else { @@ -1022,12 +1022,12 @@ int mbedtls_oid_from_numeric_string(mbedtls_asn1_buf *oid, goto error; } - while (str_ptr < str_bound && *str_ptr != '\0') { + while (str_ptr < str_bound) { ret = oid_parse_number(&val, &str_ptr, str_bound); if (ret != 0) { goto error; } - if (str_ptr < str_bound && *str_ptr != '\0') { + if (str_ptr < str_bound) { if (*str_ptr == '.') { str_ptr++; } else { From 5d074168f38e6ee87c34087343f7a7abc9ac5be4 Mon Sep 17 00:00:00 2001 From: David Horstmann Date: Thu, 1 Jun 2023 15:09:27 +0100 Subject: [PATCH 226/328] Rearrange declarations for readability Signed-off-by: David Horstmann --- library/oid.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/library/oid.c b/library/oid.c index 312a6375bd..cda87a9dcf 100644 --- a/library/oid.c +++ b/library/oid.c @@ -955,11 +955,11 @@ int mbedtls_oid_from_numeric_string(mbedtls_asn1_buf *oid, const char *str_bound = oid_str + size; unsigned int val = 0; unsigned int component1, component2; - /* Count the number of dots to get a worst-case allocation size. */ - size_t num_dots = 0; size_t encoded_len; unsigned char *minimum_mem; + /* Count the number of dots to get a worst-case allocation size. */ + size_t num_dots = 0; for (size_t i = 0; i < size; i++) { if (oid_str[i] == '.') { num_dots++; From 45d5e2dc1a5c12e732f8b6c2ceadcc1b99130c13 Mon Sep 17 00:00:00 2001 From: David Horstmann Date: Thu, 1 Jun 2023 15:10:33 +0100 Subject: [PATCH 227/328] Rename minimum_mem to resized_mem This new name is clearer about its purpose. Signed-off-by: David Horstmann --- library/oid.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/library/oid.c b/library/oid.c index cda87a9dcf..02e41363e2 100644 --- a/library/oid.c +++ b/library/oid.c @@ -956,7 +956,7 @@ int mbedtls_oid_from_numeric_string(mbedtls_asn1_buf *oid, unsigned int val = 0; unsigned int component1, component2; size_t encoded_len; - unsigned char *minimum_mem; + unsigned char *resized_mem; /* Count the number of dots to get a worst-case allocation size. */ size_t num_dots = 0; @@ -1043,14 +1043,14 @@ int mbedtls_oid_from_numeric_string(mbedtls_asn1_buf *oid, } encoded_len = out_ptr - oid->p; - minimum_mem = mbedtls_calloc(encoded_len, 1); - if (minimum_mem == NULL) { + resized_mem = mbedtls_calloc(encoded_len, 1); + if (resized_mem == NULL) { ret = MBEDTLS_ERR_ASN1_ALLOC_FAILED; goto error; } - memcpy(minimum_mem, oid->p, encoded_len); + memcpy(resized_mem, oid->p, encoded_len); mbedtls_free(oid->p); - oid->p = minimum_mem; + oid->p = resized_mem; oid->len = encoded_len; oid->tag = MBEDTLS_ASN1_OID; From bf95e9a0584c54bf7535c76608de31b0e52d29b2 Mon Sep 17 00:00:00 2001 From: David Horstmann Date: Thu, 1 Jun 2023 15:33:15 +0100 Subject: [PATCH 228/328] Reword description and change NUL to null Signed-off-by: David Horstmann --- include/mbedtls/oid.h | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/include/mbedtls/oid.h b/include/mbedtls/oid.h index 68ae723179..7fa0141399 100644 --- a/include/mbedtls/oid.h +++ b/include/mbedtls/oid.h @@ -479,9 +479,8 @@ int mbedtls_oid_get_numeric_string(char *buf, size_t size, const mbedtls_asn1_bu * heap. It must be freed by the caller using mbedtls_free(). * * \param oid #mbedtls_asn1_buf to populate with the DER-encoded OID - * \param oid_str string representation of the OID to parse, not - * NUL-terminated - * \param size length of the OID string, not including any NUL terminator + * \param oid_str string representation of the OID to parse + * \param size length of the OID string, not including any null terminator * * \return 0 if successful * \return #MBEDTLS_ERR_ASN1_INVALID_DATA if \p oid_str does not From 21f1744d76c06351a392301a9d3960ad278e8e40 Mon Sep 17 00:00:00 2001 From: Yanray Wang Date: Thu, 1 Jun 2023 11:29:06 +0800 Subject: [PATCH 229/328] code_size_compare.py: fix make command logic in default config If system architecture doesn't match architecture of input argument for default configuration, it's reported as an error. Additionally, it prints out help message to show which architecture and configuration option should be used. Signed-off-by: Yanray Wang --- scripts/code_size_compare.py | 16 ++++++++++++---- 1 file changed, 12 insertions(+), 4 deletions(-) diff --git a/scripts/code_size_compare.py b/scripts/code_size_compare.py index f9e672dd08..de5249a5e7 100755 --- a/scripts/code_size_compare.py +++ b/scripts/code_size_compare.py @@ -77,7 +77,7 @@ class CodeSizeInfo: # pylint: disable=too-few-public-methods "-a " + SupportedArch.ARMV8_M.value + " -c " + SupportedConfig.TFM_MEDIUM.value, ] - def __init__(self, arch: str, config: str) -> None: + def __init__(self, arch: str, config: str, sys_arch: str) -> None: """ arch: architecture to measure code size on. config: configuration type to measure code size with. @@ -85,12 +85,14 @@ class CodeSizeInfo: # pylint: disable=too-few-public-methods """ self.arch = arch self.config = config + self.sys_arch = sys_arch self.make_command = self.set_make_command() def set_make_command(self) -> str: """Infer build command based on architecture and configuration.""" - if self.config == SupportedConfig.DEFAULT.value: + if self.config == SupportedConfig.DEFAULT.value and \ + self.arch == self.sys_arch: return 'make -j lib CFLAGS=\'-Os \' ' elif self.arch == SupportedArch.ARMV8_M.value and \ self.config == SupportedConfig.TFM_MEDIUM.value: @@ -100,11 +102,16 @@ class CodeSizeInfo: # pylint: disable=too-few-public-methods -DMBEDTLS_CONFIG_FILE=\\\"' + CONFIG_TFM_MEDIUM_MBEDCRYPTO_H + '\\\" \ -DMBEDTLS_PSA_CRYPTO_CONFIG_FILE=\\\"' + CONFIG_TFM_MEDIUM_PSA_CRYPTO_H + '\\\" \'' else: - print("Unsupported architecture: {} and configurations: {}" + print("Unsupported combination of architecture: {} and configuration: {}" .format(self.arch, self.config)) print("\nPlease use supported combination of architecture and configuration:") for comb in CodeSizeInfo.SupportedArchConfig: print(comb) + print("\nFor your system, please use:") + for comb in CodeSizeInfo.SupportedArchConfig: + if "default" in comb and self.sys_arch not in comb: + continue + print(comb) sys.exit(1) @@ -320,7 +327,8 @@ def main(): else: new_revision = "current" - code_size_info = CodeSizeInfo(comp_args.arch, comp_args.config) + code_size_info = CodeSizeInfo(comp_args.arch, comp_args.config, + detect_arch()) print("Measure code size for architecture: {}, configuration: {}" .format(code_size_info.arch, code_size_info.config)) result_dir = comp_args.result_dir From 1747304a7a3e86706261ad96447feb1b496ae490 Mon Sep 17 00:00:00 2001 From: Andrzej Kurek Date: Sun, 30 Apr 2023 14:11:23 -0400 Subject: [PATCH 230/328] Update the descriptions of SANs All of them are listed, so the previous description was wrong. Signed-off-by: Andrzej Kurek --- include/mbedtls/x509.h | 5 +++-- include/mbedtls/x509_crt.h | 2 +- include/mbedtls/x509_csr.h | 2 +- 3 files changed, 5 insertions(+), 4 deletions(-) diff --git a/include/mbedtls/x509.h b/include/mbedtls/x509.h index 7faf176b5a..6f3b555782 100644 --- a/include/mbedtls/x509.h +++ b/include/mbedtls/x509.h @@ -304,7 +304,7 @@ mbedtls_x509_san_other_name; typedef struct mbedtls_x509_subject_alternative_name { int type; /**< The SAN type, value of MBEDTLS_X509_SAN_XXX. */ union { - mbedtls_x509_san_other_name other_name; /**< The otherName supported type. */ + mbedtls_x509_san_other_name other_name; mbedtls_x509_name directory_name; mbedtls_x509_buf unstructured_name; /**< The buffer for the unstructured types. rfc822Name, dnsName and uniformResourceIdentifier are currently supported. */ } @@ -401,7 +401,8 @@ int mbedtls_x509_time_is_future(const mbedtls_x509_time *from); * of the subject alternative name encoded in \p san_raw. * * \note Supported GeneralName types, as defined in RFC 5280: - * "rfc822Name", "dnsName", "uniformResourceIdentifier" and "hardware_module_name" + * "rfc822Name", "dnsName", "directoryName", + * "uniformResourceIdentifier" and "hardware_module_name" * of type "otherName", as defined in RFC 4108. * * \note This function should be called on a single raw data of diff --git a/include/mbedtls/x509_crt.h b/include/mbedtls/x509_crt.h index e1b4aa238d..803ef735de 100644 --- a/include/mbedtls/x509_crt.h +++ b/include/mbedtls/x509_crt.h @@ -75,7 +75,7 @@ typedef struct mbedtls_x509_crt { mbedtls_x509_buf issuer_id; /**< Optional X.509 v2/v3 issuer unique identifier. */ mbedtls_x509_buf subject_id; /**< Optional X.509 v2/v3 subject unique identifier. */ mbedtls_x509_buf v3_ext; /**< Optional X.509 v3 extensions. */ - mbedtls_x509_sequence subject_alt_names; /**< Optional list of raw entries of Subject Alternative Names extension (currently only dNSName, uniformResourceIdentifier, DirectoryName and OtherName are listed). */ + mbedtls_x509_sequence subject_alt_names; /**< Optional list of raw entries of Subject Alternative Names extension. These can be later parsed by mbedtls_x509_parse_subject_alt_name. */ mbedtls_x509_buf subject_key_id; /**< Optional X.509 v3 extension subject key identifier. */ mbedtls_x509_authority authority_key_id; /**< Optional X.509 v3 extension authority key identifier. */ diff --git a/include/mbedtls/x509_csr.h b/include/mbedtls/x509_csr.h index f3f9e13a03..76e02380fb 100644 --- a/include/mbedtls/x509_csr.h +++ b/include/mbedtls/x509_csr.h @@ -60,7 +60,7 @@ typedef struct mbedtls_x509_csr { unsigned int key_usage; /**< Optional key usage extension value: See the values in x509.h */ unsigned char ns_cert_type; /**< Optional Netscape certificate type extension value: See the values in x509.h */ - mbedtls_x509_sequence subject_alt_names; /**< Optional list of raw entries of Subject Alternative Names extension (currently only dNSName and OtherName are listed). */ + mbedtls_x509_sequence subject_alt_names; /**< Optional list of raw entries of Subject Alternative Names extension. These can be later parsed by mbedtls_x509_parse_subject_alt_name. */ int MBEDTLS_PRIVATE(ext_types); /**< Bit string containing detected and parsed extensions */ From 154a605ae81cacf7ead7c70e116f240ef5e07765 Mon Sep 17 00:00:00 2001 From: Andrzej Kurek Date: Sun, 30 Apr 2023 14:11:49 -0400 Subject: [PATCH 231/328] Change the name of the temporary san variable Explain why it is used. Signed-off-by: Andrzej Kurek --- library/x509.c | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/library/x509.c b/library/x509.c index 5f6715aa25..8a4426478d 100644 --- a/library/x509.c +++ b/library/x509.c @@ -1215,9 +1215,9 @@ int mbedtls_x509_get_subject_alt_name_ext(unsigned char **p, mbedtls_asn1_sequence *cur = subject_alt_name; while (*p < end) { - mbedtls_x509_subject_alternative_name dummy_san_buf; + mbedtls_x509_subject_alternative_name tmp_san_name; mbedtls_x509_buf tmp_san_buf; - memset(&dummy_san_buf, 0, sizeof(dummy_san_buf)); + memset(&tmp_san_name, 0, sizeof(tmp_san_name)); tmp_san_buf.tag = **p; (*p)++; @@ -1236,9 +1236,10 @@ int mbedtls_x509_get_subject_alt_name_ext(unsigned char **p, } /* - * Check that the SAN is structured correctly. + * Check that the SAN is structured correctly by parsing it. + * The SAN structure is discarded afterwards. */ - ret = mbedtls_x509_parse_subject_alt_name(&tmp_san_buf, &dummy_san_buf); + ret = mbedtls_x509_parse_subject_alt_name(&tmp_san_buf, &tmp_san_name); /* * In case the extension is malformed, return an error, * and clear the allocated sequences. @@ -1249,7 +1250,7 @@ int mbedtls_x509_get_subject_alt_name_ext(unsigned char **p, return ret; } - mbedtls_x509_free_subject_alt_name(&dummy_san_buf); + mbedtls_x509_free_subject_alt_name(&tmp_san_name); /* Allocate and assign next pointer */ if (cur->buf.p != NULL) { if (cur->next != NULL) { @@ -1439,7 +1440,7 @@ int mbedtls_x509_parse_subject_alt_name(const mbedtls_x509_buf *san_buf, break; /* - * RFC822 Name + * rfc822Name */ case (MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_X509_SAN_RFC822_NAME): { From 7c86974d6de67d71c628f13e8bad93d5324ae5c5 Mon Sep 17 00:00:00 2001 From: Andrzej Kurek Date: Fri, 2 Jun 2023 05:02:41 -0400 Subject: [PATCH 232/328] Fix overflow checks in x509write_crt Previous ones could still overflow. Signed-off-by: Andrzej Kurek --- library/x509write_crt.c | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/library/x509write_crt.c b/library/x509write_crt.c index f57841c4fd..ea8471cfb0 100644 --- a/library/x509write_crt.c +++ b/library/x509write_crt.c @@ -186,19 +186,23 @@ int mbedtls_x509write_crt_set_subject_alternative_name(mbedtls_x509write_cert *c * maximum 4 bytes for the length field, * 1 byte for the tag/type. */ - CHECK_OVERFLOW_ADD(buflen, cur->node.san.unstructured_name.len + 4 + 1); + CHECK_OVERFLOW_ADD(buflen, cur->node.san.unstructured_name.len); + CHECK_OVERFLOW_ADD(buflen, 4 + 1); break; case MBEDTLS_X509_SAN_DIRECTORY_NAME: { const mbedtls_asn1_named_data *chunk = &cur->node.san.directory_name; while (chunk != NULL) { - // 5 bytes for OID, max 4 bytes for length, +1 for tag, + // Max 4 bytes for length, +1 for tag, // additional 4 max for length, +1 for tag. // See x509_write_name for more information. - CHECK_OVERFLOW_ADD(buflen, chunk->val.len + 5 + 4 + 1 + 4 + 1); + CHECK_OVERFLOW_ADD(buflen, 4 + 1 + 4 + 1); + CHECK_OVERFLOW_ADD(buflen, chunk->oid.len); + CHECK_OVERFLOW_ADD(buflen, chunk->val.len); chunk = chunk->next; } - CHECK_OVERFLOW_ADD(buflen, cur->node.san.unstructured_name.len + 4 + 1); + CHECK_OVERFLOW_ADD(buflen, cur->node.san.unstructured_name.len); + CHECK_OVERFLOW_ADD(buflen, 4 + 1); break; } default: From f994bc51adcc6ba0e68eb1ac501633fee94b3003 Mon Sep 17 00:00:00 2001 From: Andrzej Kurek Date: Fri, 2 Jun 2023 05:10:17 -0400 Subject: [PATCH 233/328] Refactor code in cert_write.c This way is more robust. Signed-off-by: Andrzej Kurek --- programs/x509/cert_write.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/programs/x509/cert_write.c b/programs/x509/cert_write.c index 6d318e5f7e..e4f8886fe9 100644 --- a/programs/x509/cert_write.c +++ b/programs/x509/cert_write.c @@ -622,7 +622,9 @@ usage: goto usage; } - if (strcmp(q, "IP") != 0 && strcmp(q, "DN") != 0) { + if (cur->node.type == MBEDTLS_X509_SAN_RFC822_NAME || + cur->node.type == MBEDTLS_X509_SAN_UNIFORM_RESOURCE_IDENTIFIER || + cur->node.type == MBEDTLS_X509_SAN_DNS_NAME) { cur->node.san.unstructured_name.p = (unsigned char *) subtype_value; cur->node.san.unstructured_name.len = strlen(subtype_value); } From 5903e9c428ce0800fc3bb447cb038b96cd4fb597 Mon Sep 17 00:00:00 2001 From: Thomas Daubney Date: Fri, 2 Jun 2023 10:43:08 +0100 Subject: [PATCH 234/328] Modify tests in response to review comments. Address the way the tests have been modified in response to review comments. Signed-off-by: Thomas Daubney --- tests/suites/test_suite_md.data | 1 - tests/suites/test_suite_md.function | 2 +- 2 files changed, 1 insertion(+), 2 deletions(-) diff --git a/tests/suites/test_suite_md.data b/tests/suites/test_suite_md.data index 15e3b99d56..ccc7b10ae4 100644 --- a/tests/suites/test_suite_md.data +++ b/tests/suites/test_suite_md.data @@ -3,7 +3,6 @@ MD list mbedtls_md_list: MD NULL/uninitialised arguments -depends_on:MBEDTLS_MD_C md_null_args: Information on MD5 diff --git a/tests/suites/test_suite_md.function b/tests/suites/test_suite_md.function index 4438fa1509..ac9516ab8d 100644 --- a/tests/suites/test_suite_md.function +++ b/tests/suites/test_suite_md.function @@ -61,7 +61,6 @@ void md_null_args() TEST_EQUAL(mbedtls_md_setup(&ctx, NULL, 0), MBEDTLS_ERR_MD_BAD_INPUT_DATA); #if defined(MBEDTLS_MD_C) TEST_EQUAL(mbedtls_md_setup(NULL, info, 0), MBEDTLS_ERR_MD_BAD_INPUT_DATA); -#endif TEST_EQUAL(mbedtls_md_starts(NULL), MBEDTLS_ERR_MD_BAD_INPUT_DATA); TEST_EQUAL(mbedtls_md_starts(&ctx), MBEDTLS_ERR_MD_BAD_INPUT_DATA); @@ -71,6 +70,7 @@ void md_null_args() TEST_EQUAL(mbedtls_md_finish(NULL, buf), MBEDTLS_ERR_MD_BAD_INPUT_DATA); TEST_EQUAL(mbedtls_md_finish(&ctx, buf), MBEDTLS_ERR_MD_BAD_INPUT_DATA); +#endif TEST_EQUAL(mbedtls_md(NULL, buf, 1, buf), MBEDTLS_ERR_MD_BAD_INPUT_DATA); From e773978e68a49bf0a2aa3a06c243afbb2c2a1449 Mon Sep 17 00:00:00 2001 From: Andrzej Kurek Date: Fri, 2 Jun 2023 09:42:44 -0400 Subject: [PATCH 235/328] Remove unnecessary addition to buffer size estimation Signed-off-by: Andrzej Kurek --- library/x509write_crt.c | 1 - 1 file changed, 1 deletion(-) diff --git a/library/x509write_crt.c b/library/x509write_crt.c index ea8471cfb0..274eb4b7ad 100644 --- a/library/x509write_crt.c +++ b/library/x509write_crt.c @@ -201,7 +201,6 @@ int mbedtls_x509write_crt_set_subject_alternative_name(mbedtls_x509write_cert *c CHECK_OVERFLOW_ADD(buflen, chunk->val.len); chunk = chunk->next; } - CHECK_OVERFLOW_ADD(buflen, cur->node.san.unstructured_name.len); CHECK_OVERFLOW_ADD(buflen, 4 + 1); break; } From 49bd1f2cb2826d6f11588491e76e728fc5488ee4 Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Fri, 2 Jun 2023 09:21:46 -0400 Subject: [PATCH 236/328] Fix spelling in Changelog Signed-off-by: Dave Rodgman --- ChangeLog.d/armclang-compile-fix.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ChangeLog.d/armclang-compile-fix.txt b/ChangeLog.d/armclang-compile-fix.txt index 7ef6a9711f..63c1eee02c 100644 --- a/ChangeLog.d/armclang-compile-fix.txt +++ b/ChangeLog.d/armclang-compile-fix.txt @@ -1,5 +1,5 @@ Bugfix - * Fix armclang compilation error when targetting certain Arm M-class CPUs + * Fix armclang compilation error when targeting certain Arm M-class CPUs (Cortex-M0, Cortex-M0+, Cortex-M1, Cortex-M23, SecurCore SC000). Enable bignum optimisations for most Arm platforms when compiling with -O0, (previously optimisations were not available in this case). Fixes #1077. From 02127ab02245936cb4869d8e2ed3b3fc378ef32b Mon Sep 17 00:00:00 2001 From: David Horstmann Date: Fri, 2 Jun 2023 14:50:35 +0100 Subject: [PATCH 237/328] Allow subidentifiers of size UINT_MAX Make overflow check more accurate and add testcases Signed-off-by: David Horstmann --- library/oid.c | 2 +- tests/suites/test_suite_oid.data | 6 ++++++ 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/library/oid.c b/library/oid.c index 02e41363e2..b13c76b1e7 100644 --- a/library/oid.c +++ b/library/oid.c @@ -1012,7 +1012,7 @@ int mbedtls_oid_from_numeric_string(mbedtls_asn1_buf *oid, } } - if ((UINT_MAX - component2) <= (component1 * 40)) { + if (component2 > (UINT_MAX - (component1 * 40))) { ret = MBEDTLS_ERR_ASN1_INVALID_DATA; goto error; } diff --git a/tests/suites/test_suite_oid.data b/tests/suites/test_suite_oid.data index c5f13175b8..1435507f64 100644 --- a/tests/suites/test_suite_oid.data +++ b/tests/suites/test_suite_oid.data @@ -161,3 +161,9 @@ oid_from_numeric_string:"1.2.3/4":MBEDTLS_ERR_ASN1_INVALID_DATA:"" OID from numeric string - OID greater than max length (129 components) oid_from_numeric_string:"1.2.3.4.5.6.7.8.1.2.3.4.5.6.7.8.1.2.3.4.5.6.7.8.1.2.3.4.5.6.7.8.1.2.3.4.5.6.7.8.1.2.3.4.5.6.7.8.1.2.3.4.5.6.7.8.1.2.3.4.5.6.7.8.1.2.3.4.5.6.7.8.1.2.3.4.5.6.7.8.1.2.3.4.5.6.7.8.1.2.3.4.5.6.7.8.1.2.3.4.5.6.7.8.1.2.3.4.5.6.7.8.1.2.3.4.5.6.7.8.1.2.3.4.5.6.7.8.1":MBEDTLS_ERR_ASN1_INVALID_DATA:"" + +OID from numeric string - OID with maximum subidentifier +oid_from_numeric_string:"2.4294967215":0:"8FFFFFFF7F" + +OID from numeric string - OID with overflowing subidentifier +oid_from_numeric_string:"2.4294967216":MBEDTLS_ERR_ASN1_INVALID_DATA:"" From 62e7fae1090544357bcfaf209b9d87f8f827bfeb Mon Sep 17 00:00:00 2001 From: David Horstmann Date: Fri, 2 Jun 2023 15:32:20 +0100 Subject: [PATCH 238/328] Fix bug in calculation of maximum possible bytes Each DER-encoded OID byte can only store 7 bits of actual data, so take account of that. Calculate the number of bytes required as: number_of_bytes = ceil(subidentifier_size * 8 / 7) Signed-off-by: David Horstmann --- library/oid.c | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/library/oid.c b/library/oid.c index b13c76b1e7..88165d3120 100644 --- a/library/oid.c +++ b/library/oid.c @@ -971,7 +971,14 @@ int mbedtls_oid_from_numeric_string(mbedtls_asn1_buf *oid, if (num_dots == 0 || (num_dots > MBEDTLS_OID_MAX_COMPONENTS - 1)) { return MBEDTLS_ERR_ASN1_INVALID_DATA; } - size_t max_possible_bytes = num_dots * sizeof(unsigned int); + /* Each byte can store 7 bits, calculate number of bytes for a + * subidentifier: + * + * bytes = ceil(subidentifer_size * 8 / 7) + */ + size_t bytes_per_subidentifier = (((sizeof(unsigned int) * 8) - 1) / 7) + + 1; + size_t max_possible_bytes = num_dots * bytes_per_subidentifier; oid->p = mbedtls_calloc(max_possible_bytes, 1); if (oid->p == NULL) { return MBEDTLS_ERR_ASN1_ALLOC_FAILED; From 1414bc34b9cd91e6ebe4a0161c17ed2d125cf96e Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 2 Jun 2023 17:54:21 +0200 Subject: [PATCH 239/328] Minor copyediting Signed-off-by: Gilles Peskine --- docs/proposed/psa-driver-interface.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/docs/proposed/psa-driver-interface.md b/docs/proposed/psa-driver-interface.md index 075b386b10..551e59265c 100644 --- a/docs/proposed/psa-driver-interface.md +++ b/docs/proposed/psa-driver-interface.md @@ -308,7 +308,7 @@ Key derivation is more complex than other multipart operations for several reaso #### Key derivation driver dispatch logic -The core decides whether to dispatch a key derivation operation to a driver based on the location associated with of the input step `PSA_KEY_DERIVATION_INPUT_SECRET`. +The core decides whether to dispatch a key derivation operation to a driver based on the location associated with the input step `PSA_KEY_DERIVATION_INPUT_SECRET`. 1. If this step is passed via `psa_key_derivation_input_key()` for a key in a secure element: * If the driver for this secure element implements the `"key_derivation"` family for the specified algorithm, the core calls that driver's `"key_derivation_setup"` and subsequent entry points. @@ -342,7 +342,7 @@ The core conveys the initial inputs for a key derivation via an opaque data stru typedef ... psa_crypto_driver_key_derivation_inputs_t; // implementation-specific type ``` -A driver receiving an argument that points to a `psa_crypto_driver_key_derivation_inputs_t` can retrieve its contents by calling one of the type-specific the functions below. To determine the correct function, the driver can call `psa_crypto_driver_key_derivation_get_input_type()`. +A driver receiving an argument that points to a `psa_crypto_driver_key_derivation_inputs_t` can retrieve its contents by calling one of the type-specific functions below. To determine the correct function, the driver can call `psa_crypto_driver_key_derivation_get_input_type()`. ``` enum psa_crypto_driver_key_derivation_input_type_t { @@ -567,7 +567,7 @@ psa_status_t acme_key_agreement_to_key(psa_algorithm_t alg, size_t *shared_secret_key_buffer_length); ``` -Note that unlike most other key creation entry points, in `"acme_key_agreement_to_key"`, the parameters for the shared secret are not placed near the beginning, but rather grouped with the other parameters at the end, to avoid confusion with the keys passed as inputs. +Note that unlike most other key creation entry points, in `"acme_key_agreement_to_key"`, the attributes for the shared secret are not placed near the beginning, but rather grouped with the other parameters related to the shared secret at the end of the parameter list. This is to avoid potential confusion with the attributes of the private key that is passed as an input. ### Driver entry points for key management @@ -1188,7 +1188,7 @@ Should the core guarantee that the output buffer size has the size indicated by Why is `psa_crypto_driver_key_derivation_get_input_bytes` a copy, rather than giving a pointer? -The main reason is to avoid complex buffer ownership. A driver entry point does not own memory after the entry point return. This is generally necessary because an API function does not own memory after the entry point returns. In the case of key derivation inputs, this could be relaxed because the driver entry point is making callbacks to the core: these functions could return a pointer that is valid until the driver entry point, which would allow the driver to process the data immediately (e.g. hash it rather than copy it). +The main reason is to avoid complex buffer ownership. A driver entry point does not own memory after the entry point return. This is generally necessary because an API function does not own memory after the entry point returns. In the case of key derivation inputs, this could be relaxed because the driver entry point is making callbacks to the core: these functions could return a pointer that is valid until the driver entry point returns, which would allow the driver to process the data immediately (e.g. hash it rather than copy it). ### Partial computations in drivers From f96a18edc7b7d1a21bf3c322521d48e3a1a467e7 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 2 Jun 2023 18:02:15 +0200 Subject: [PATCH 240/328] Probably resolve concern about the input size for derive_key Signed-off-by: Gilles Peskine --- docs/proposed/psa-driver-interface.md | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/docs/proposed/psa-driver-interface.md b/docs/proposed/psa-driver-interface.md index 551e59265c..f04f8e976e 100644 --- a/docs/proposed/psa-driver-interface.md +++ b/docs/proposed/psa-driver-interface.md @@ -510,7 +510,6 @@ psa_status_t acme_derive_key( * `attributes` contains the attributes of the specified key. Note that only the key type and the bit-size are guaranteed to be set. * `input` is a buffer of `input_length` bytes which contains the raw key stream, i.e. the data that `psa_key_derivation_output_bytes()` would return. - TODO: how does the core choose `input_length`? Doesn't the driver know better? Should there be a driver entry point to determine the length, or should there be a callback that allows the driver to retrieve the input? (Note that for some algorithms, it's impossible to predict the amount of input in advance, because it depends on some complex calculation or even on random data, e.g. if doing a randomized pseudo-primality test.) * If `"memory"` property in the driver capability is true, `memory` is a data structure that the driver may use to store data between successive calls of the `"derive_key"` entry point to derive the same key. If the `"memory"` property is false or absent, the `memory` parameter is a null pointer. * `key_buffer` is a buffer for the output material, in the appropriate [export format](#key-format-for-transparent-drivers) for the key type. Its size is `key_buffer_size` bytes. * On success, `*key_buffer_length` must contain the number of bytes written to `key_buffer`. @@ -531,6 +530,8 @@ For standard key types, the `"derive_key"` entry point is called with a certain * `PSA_KEY_TYPE_RSA_KEY_PAIR`: an implementation-defined length. A future version of this specification may specify a length. * Other key types: not applicable. +See [“Open questions around cooked key derivation”](#open-questions-around-cooked-key-derivation) for some points that may not be fully settled. + #### Key agreement The core always decouples key agreement from symmetric key derivation. @@ -1233,6 +1234,10 @@ An example use case for updating the persistent state at arbitrary times is to r `psa_crypto_driver_get_persistent_state` does not identify the calling driver, so the driver needs to remember which driver it's calling. This may require a thread-local variable in a multithreaded core. Is this ok? +#### Open questions around cooked key derivation + +For the `"derive_key"` entry point, how does the core choose `input_length`? Doesn't the driver know better? Should there be a driver entry point to determine the length, or should there be a callback that allows the driver to retrieve the input? Note that for some key types, it's impossible to predict the amount of input in advance, because it depends on some complex calculation or even on random data, e.g. if doing a randomized pseudo-primality test. However, for all key types except RSA, the specification mandates how the key is derived, which practically dictates how the pseudorandom key stream is consumed. So it's probably ok. + #### Fallback for key derivation in opaque drivers Should [dispatch to an opaque driver](#key-derivation-driver-dispatch-logic) allow fallback, so that if `"key_derivation_setup"` returns `PSA_ERROR_NOT_SUPPORTED` then the core exports the key from the secure element instead? From dcaf104eefbcd524410da7b1413a1b8ac8018d26 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 2 Jun 2023 18:02:41 +0200 Subject: [PATCH 241/328] Note that we may want to rename derive_key ... if we think of a better name Signed-off-by: Gilles Peskine --- docs/proposed/psa-driver-interface.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/docs/proposed/psa-driver-interface.md b/docs/proposed/psa-driver-interface.md index f04f8e976e..b5e657c627 100644 --- a/docs/proposed/psa-driver-interface.md +++ b/docs/proposed/psa-driver-interface.md @@ -1236,6 +1236,8 @@ An example use case for updating the persistent state at arbitrary times is to r #### Open questions around cooked key derivation +`"derive_key"` is not a clear name. Can we use a better one? + For the `"derive_key"` entry point, how does the core choose `input_length`? Doesn't the driver know better? Should there be a driver entry point to determine the length, or should there be a callback that allows the driver to retrieve the input? Note that for some key types, it's impossible to predict the amount of input in advance, because it depends on some complex calculation or even on random data, e.g. if doing a randomized pseudo-primality test. However, for all key types except RSA, the specification mandates how the key is derived, which practically dictates how the pseudorandom key stream is consumed. So it's probably ok. #### Fallback for key derivation in opaque drivers From 7df8ba6a103bebf747d523ad77440c1c09f5cef0 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 2 Jun 2023 18:16:02 +0200 Subject: [PATCH 242/328] Rework the description of key derivation output/verify key Some of the fallback mechanisms between the entry points were not described corrrectly. Signed-off-by: Gilles Peskine --- docs/proposed/psa-driver-interface.md | 21 ++++++++++++++++----- 1 file changed, 16 insertions(+), 5 deletions(-) diff --git a/docs/proposed/psa-driver-interface.md b/docs/proposed/psa-driver-interface.md index b5e657c627..c96452e5fc 100644 --- a/docs/proposed/psa-driver-interface.md +++ b/docs/proposed/psa-driver-interface.md @@ -473,11 +473,22 @@ The core calls a key derivation driver's output entry point when the application If the key derivation's `PSA_KEY_DERIVATION_INPUT_SECRET` input is in a secure element and the derivation operation is handled by that secure element, the core performs the following steps: -1. For a call to `psa_key_derivation_output_key()` where the derived key is in the same secure element, if the driver has an `"key_derivation_output_key"` entry point, call that entry point. If the driver has no such entry point, or if that entry point returns `PSA_ERROR_NOT_SUPPORTED`, continue with the following steps, otherwise stop. -1. For a call to `psa_key_derivation_output_key()`, if the driver's capabilities indicate that its `"import_key"` entry point does not support the derived key, stop and return `PSA_ERROR_NOT_SUPPORTED`. -1. For a call to `psa_key_derivation_verify_key()`, if the driver has a `"key_derivation_verify_key"` entry point, call it and stop. -1. For a call to `psa_key_derivation_verify_key()` or `psa_key_derivation_verify_bytes()`, if the driver has a `"key_derivation_verify_bytes"` entry point, call the driver's `"export_key"` entry point on the key object that contains the expected value, call the `"key_derivation_verify_bytes"` entry point on the exported material, and stop. -1. Call the `"key_derivation_output_bytes"` entry point. The core may call this entry point multiple times to implement a single call from the application when deriving a cooked (non-raw) key as described below, or if the output size exceeds some implementation limit. +* For a call to `psa_key_derivation_output_key()`: + + 1. If the derived key is in the same secure element, if the driver has an `"key_derivation_output_key"` entry point, call that entry point. If the driver has no such entry point, or if that entry point returns `PSA_ERROR_NOT_SUPPORTED`, continue with the following steps, otherwise stop. + 1. If the driver's capabilities indicate that its `"import_key"` entry point does not support the derived key, stop and return `PSA_ERROR_NOT_SUPPORTED`. + 1. Otherwise proceed as for `psa_key_derivation_output_bytes()`, then import the resulting key material. + +* For a call to `psa_key_derivation_verify_key()`: + 1. For ``psa_key_derivation_verify_key()` only: if the driver has a `"key_derivation_verify_key"` entry point, call it and stop. + 1. Call the driver's `"export_key"` entry point on the key object that contains the expected value, then proceed as for `psa_key_derivation_verify_bytes()`. + +* For a call to `psa_key_derivation_verify_bytes()`: + 1. If the driver has a `"key_derivation_verify_bytes"` entry point, call the driver's , call the `"key_derivation_verify_bytes"` entry point on the expected output, then stop. + 1. Otherwise, proceed as for `psa_key_derivation_output_bytes()`, and compare the resulting output to the expected output inside the core.. + +* For a call to `psa_key_derivation_output_bytes()`: + 1. Call the `"key_derivation_output_bytes"` entry point. The core may call this entry point multiple times to implement a single call from the application when deriving a cooked (non-raw) key as described below, or if the output size exceeds some implementation limit. If the key derivation operation is not handled by an opaque driver as described above, the core calls the `"key_derivation_output_bytes"` from the applicable transparent driver (or multiple drivers in succession if fallback applies). In some cases, the core then calls additional entry points in the same or another driver: From 6df1e54c1d0cc9ef375b329aee89ae40d68713cd Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Fri, 2 Jun 2023 10:27:13 -0400 Subject: [PATCH 243/328] Do not use assembly on Thumb 1 / clang Signed-off-by: Dave Rodgman --- library/bn_mul.h | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/library/bn_mul.h b/library/bn_mul.h index 83b65cd086..fce8d7dbab 100644 --- a/library/bn_mul.h +++ b/library/bn_mul.h @@ -661,9 +661,9 @@ #if defined(__arm__) #if defined(__thumb__) && !defined(__thumb2__) -#if !defined(__ARMCC_VERSION) +#if !defined(__ARMCC_VERSION) && !defined(__clang__) /* - * Thumb 1 ISA. This code path does not work on armclang. + * Thumb 1 ISA. This code path does not build on clang or armclang. */ #if !defined(__OPTIMIZE__) && defined(__GNUC__) @@ -746,7 +746,7 @@ : "r0", "r1", "r2", "r3", "r4", "r5", \ "r6", MULADDC_SCRATCH_CLOBBER, "r8", "r9", "cc" \ ); -#endif /* !defined(__ARMCC_VERSION) */ +#endif /* !defined(__ARMCC_VERSION) && !defined(__clang__) */ #elif (__ARM_ARCH >= 6) && \ defined (__ARM_FEATURE_DSP) && (__ARM_FEATURE_DSP == 1) From 8c315f2f747be8f80a6348c6afa906674d68abf7 Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Fri, 2 Jun 2023 10:26:24 -0400 Subject: [PATCH 244/328] Add build tests for Thumb and Thumb2 with clang Signed-off-by: Dave Rodgman --- tests/scripts/all.sh | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index f34d0eb86b..4bfb1aa597 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -3852,6 +3852,25 @@ component_build_arm_none_eabi_gcc_no_64bit_multiplication () { not grep __aeabi_lmul library/*.o } +component_build_arm_clang_thumb () { + # ~ 30s + + scripts/config.py baremetal + + msg "build: clang thumb 2, make" + make clean + make CC="clang" CFLAGS='-std=c99 -Werror -Os --target=arm-linux-gnueabihf -march=armv7-m -mthumb' lib + + # Some Thumb 1 asm is sensitive to optimisation level, so test both -O0 and -Os + msg "build: clang thumb 1 -O0, make" + make clean + make CC="clang" CFLAGS='-std=c99 -Werror -O0 --target=arm-linux-gnueabihf -mcpu=arm1136j-s -mthumb' lib + + msg "build: clang thumb 1 -Os, make" + make clean + make CC="clang" CFLAGS='-std=c99 -Werror -Os --target=arm-linux-gnueabihf -mcpu=arm1136j-s -mthumb' lib +} + component_build_armcc () { msg "build: ARM Compiler 5" scripts/config.py baremetal From b45d58b9a5b5361bb8bf534ca07ba6d1f95df5cd Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Fri, 2 Jun 2023 13:54:00 -0400 Subject: [PATCH 245/328] Add armclang -O0 build test Signed-off-by: Dave Rodgman --- tests/scripts/all.sh | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 4bfb1aa597..d075926852 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -3894,7 +3894,7 @@ component_build_armcc () { make clean - # Compile with -O1 since some Arm inline assembly is disabled for -O0. + # Compile mostly with -O1 since some Arm inline assembly is disabled for -O0. # ARM Compiler 6 - Target ARMv7-A armc6_build_test "-O1 --target=arm-arm-none-eabi -march=armv7-a" @@ -3914,6 +3914,9 @@ component_build_armcc () { # ARM Compiler 6 - Target ARMv8.2-A - AArch64 armc6_build_test "-O1 --target=aarch64-arm-none-eabi -march=armv8.2-a+crypto" + # ARM Compiler 6 - Target Cortex-M0 - no optimisation + armc6_build_test "-O0 --target=arm-arm-none-eabi -mcpu=cortex-m0" + # ARM Compiler 6 - Target Cortex-M0 armc6_build_test "-Os --target=arm-arm-none-eabi -mcpu=cortex-m0" } From 4db4d6b9b0d1e389fb23328b1ea19f374c273e67 Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Sun, 4 Jun 2023 20:41:24 -0400 Subject: [PATCH 246/328] Improve changelog Signed-off-by: Dave Rodgman --- ChangeLog.d/armclang-compile-fix.txt | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/ChangeLog.d/armclang-compile-fix.txt b/ChangeLog.d/armclang-compile-fix.txt index 63c1eee02c..59ae1cd9db 100644 --- a/ChangeLog.d/armclang-compile-fix.txt +++ b/ChangeLog.d/armclang-compile-fix.txt @@ -1,5 +1,7 @@ Bugfix - * Fix armclang compilation error when targeting certain Arm M-class CPUs - (Cortex-M0, Cortex-M0+, Cortex-M1, Cortex-M23, SecurCore SC000). Enable - bignum optimisations for most Arm platforms when compiling with -O0, - (previously optimisations were not available in this case). Fixes #1077. + * Fix clang and armclang compilation error when targeting certain Arm + M-class CPUs (Cortex-M0, Cortex-M0+, Cortex-M1, Cortex-M23, + SecurCore SC000). Fixes #1077. +Changes + * Enable Arm / Thumb bignum assembly for most Arm platforms when + compiling with gcc, clang or armclang and -O0. From f89e3c5fbd0c83539f68450423abb186f1ea8787 Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Sun, 4 Jun 2023 20:41:52 -0400 Subject: [PATCH 247/328] Improve docs & check for non-gcc compilers Signed-off-by: Dave Rodgman --- library/bn_mul.h | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/library/bn_mul.h b/library/bn_mul.h index fce8d7dbab..5d6e728b06 100644 --- a/library/bn_mul.h +++ b/library/bn_mul.h @@ -661,9 +661,14 @@ #if defined(__arm__) #if defined(__thumb__) && !defined(__thumb2__) -#if !defined(__ARMCC_VERSION) && !defined(__clang__) +#if !defined(__ARMCC_VERSION) && !defined(__clang__) \ + && !defined(__llvm__) && !defined(__INTEL_COMPILER) /* - * Thumb 1 ISA. This code path does not build on clang or armclang. + * Thumb 1 ISA. This code path has only been tested successfully on gcc; + * it does not compile on clang or armclang. + * + * Other compilers which define __GNUC__ may not work. The above macro + * attempts to exclude these untested compilers. */ #if !defined(__OPTIMIZE__) && defined(__GNUC__) From b6e06549f5d3677d7fc47c07cd987b99e8798c27 Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Sun, 4 Jun 2023 20:42:17 -0400 Subject: [PATCH 248/328] Rename MULADDC_PRESERVE_R1 etc to MULADDC_PRESERVE_SCRATCH etc Signed-off-by: Dave Rodgman --- library/bn_mul.h | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/library/bn_mul.h b/library/bn_mul.h index 5d6e728b06..a7473d1a30 100644 --- a/library/bn_mul.h +++ b/library/bn_mul.h @@ -684,15 +684,15 @@ * instructions to preserve/restore it; otherwise, we can use r7 and avoid * the preserve/restore overhead. */ -#define MULADDC_SCRATCH "RS .req r1 \n\t" -#define MULADDC_PRESERVE_R1 "mov r10, r1 \n\t" -#define MULADDC_RESTORE_R1 "mov r1, r10 \n\t" -#define MULADDC_SCRATCH_CLOBBER "r10" +#define MULADDC_SCRATCH "RS .req r1 \n\t" +#define MULADDC_PRESERVE_SCRATCH "mov r10, r1 \n\t" +#define MULADDC_RESTORE_SCRATCH "mov r1, r10 \n\t" +#define MULADDC_SCRATCH_CLOBBER "r10" #else /* !defined(__OPTIMIZE__) && defined(__GNUC__) */ -#define MULADDC_SCRATCH "RS .req r7 \n\t" -#define MULADDC_PRESERVE_R1 "" -#define MULADDC_RESTORE_R1 "" -#define MULADDC_SCRATCH_CLOBBER "r7" +#define MULADDC_SCRATCH "RS .req r7 \n\t" +#define MULADDC_PRESERVE_SCRATCH "" +#define MULADDC_RESTORE_SCRATCH "" +#define MULADDC_SCRATCH_CLOBBER "r7" #endif /* !defined(__OPTIMIZE__) && defined(__GNUC__) */ #define MULADDC_X1_INIT \ @@ -710,7 +710,7 @@ #define MULADDC_X1_CORE \ - MULADDC_PRESERVE_R1 \ + MULADDC_PRESERVE_SCRATCH \ "ldmia r0!, {r6} \n\t" \ "lsr RS, r6, #16 \n\t" \ "lsl r6, r6, #16 \n\t" \ @@ -736,7 +736,7 @@ "lsl r3, RS, #16 \n\t" \ "add r4, r4, r3 \n\t" \ "adc r5, r2 \n\t" \ - MULADDC_RESTORE_R1 \ + MULADDC_RESTORE_SCRATCH \ "ldr r3, [r1] \n\t" \ "add r4, r4, r3 \n\t" \ "adc r2, r5 \n\t" \ From 9a676a7f98309654b3b38500a01b09414dae3abb Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Sun, 4 Jun 2023 20:42:28 -0400 Subject: [PATCH 249/328] Comment tidy-up Signed-off-by: Dave Rodgman --- library/bn_mul.h | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/library/bn_mul.h b/library/bn_mul.h index a7473d1a30..c5994f7049 100644 --- a/library/bn_mul.h +++ b/library/bn_mul.h @@ -710,7 +710,7 @@ #define MULADDC_X1_CORE \ - MULADDC_PRESERVE_SCRATCH \ + MULADDC_PRESERVE_SCRATCH \ "ldmia r0!, {r6} \n\t" \ "lsr RS, r6, #16 \n\t" \ "lsl r6, r6, #16 \n\t" \ @@ -736,7 +736,7 @@ "lsl r3, RS, #16 \n\t" \ "add r4, r4, r3 \n\t" \ "adc r5, r2 \n\t" \ - MULADDC_RESTORE_SCRATCH \ + MULADDC_RESTORE_SCRATCH \ "ldr r3, [r1] \n\t" \ "add r4, r4, r3 \n\t" \ "adc r2, r5 \n\t" \ @@ -822,8 +822,7 @@ ); \ } -#else -/* Thumb 2 or Arm ISA, without DSP extensions */ +#else /* Thumb 2 or Arm ISA, without DSP extensions */ #define MULADDC_X1_INIT \ asm( \ From eab9a85f4c716f599b41427fc4244affd65ec1f3 Mon Sep 17 00:00:00 2001 From: valerio Date: Thu, 1 Jun 2023 10:58:19 +0200 Subject: [PATCH 250/328] pk_wrap: add support for key pair check for EC opaque keys Signed-off-by: valerio --- library/pk_wrap.c | 49 ++++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 48 insertions(+), 1 deletion(-) diff --git a/library/pk_wrap.c b/library/pk_wrap.c index 92937c8f3b..9170231d6f 100644 --- a/library/pk_wrap.c +++ b/library/pk_wrap.c @@ -1669,6 +1669,53 @@ static int pk_opaque_sign_wrap(mbedtls_pk_context *pk, mbedtls_md_type_t md_alg, #endif /* !MBEDTLS_PK_CAN_ECDSA_SIGN && !MBEDTLS_RSA_C */ } +static int pk_opaque_ec_check_pair(mbedtls_pk_context *pub, mbedtls_pk_context *prv, + int (*f_rng)(void *, unsigned char *, size_t), + void *p_rng) +{ + /* The main difference between this function and eckey_check_pair_psa() is + * that in the opaque case the private key is always stored in PSA side no + * matter if MBEDTLS_PK_USE_PSA_EC_DATA is enabled or not. + * When MBEDTLS_PK_USE_PSA_EC_DATA is enabled, we can simply use the + * eckey_check_pair_psa(). */ + (void) f_rng; + (void) p_rng; + +#if defined(MBEDTLS_PK_USE_PSA_EC_DATA) + return eckey_check_pair_psa(pub, prv); +#elif defined(MBEDTLS_ECP_LIGHT) + psa_status_t status; + uint8_t exp_pub_key[MBEDTLS_PK_MAX_EC_PUBKEY_RAW_LEN]; + size_t exp_pub_key_len = 0; + uint8_t pub_key[MBEDTLS_PK_MAX_EC_PUBKEY_RAW_LEN]; + size_t pub_key_len = 0; + int ret; + + status = psa_export_public_key(prv->priv_id, exp_pub_key, sizeof(exp_pub_key), + &exp_pub_key_len); + if (status != PSA_SUCCESS) { + ret = psa_pk_status_to_mbedtls(status); + return ret; + } + ret = mbedtls_ecp_point_write_binary(&(mbedtls_pk_ec_ro(*pub)->grp), + &(mbedtls_pk_ec_ro(*pub)->Q), + MBEDTLS_ECP_PF_UNCOMPRESSED, + &pub_key_len, pub_key, sizeof(pub_key)); + if (ret != 0) { + return ret; + } + if ((exp_pub_key_len != pub_key_len) || + memcmp(exp_pub_key, pub_key, exp_pub_key_len)) { + return MBEDTLS_ERR_PK_BAD_INPUT_DATA; + } + return 0; +#else + (void) pub; + (void) prv; + return MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE; +#endif /* !MBEDTLS_PK_USE_PSA_EC_DATA */ +} + const mbedtls_pk_info_t mbedtls_pk_ecdsa_opaque_info = { MBEDTLS_PK_OPAQUE, "Opaque", @@ -1682,7 +1729,7 @@ const mbedtls_pk_info_t mbedtls_pk_ecdsa_opaque_info = { #endif NULL, /* decrypt - not relevant */ NULL, /* encrypt - not relevant */ - NULL, /* check_pair - could be done later or left NULL */ + pk_opaque_ec_check_pair, NULL, /* alloc - no need to allocate new data dynamically */ NULL, /* free - as for the alloc, there is no data to free */ #if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE) From 8cbef4d55ec3394de8cf2620cfdc8f49a9163402 Mon Sep 17 00:00:00 2001 From: valerio Date: Thu, 1 Jun 2023 10:59:03 +0200 Subject: [PATCH 251/328] pk: allow key pair checking for opaque keys Signed-off-by: valerio --- library/pk.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/library/pk.c b/library/pk.c index 8e42b8d4c7..d30205cf78 100644 --- a/library/pk.c +++ b/library/pk.c @@ -825,7 +825,8 @@ int mbedtls_pk_check_pair(const mbedtls_pk_context *pub, return MBEDTLS_ERR_PK_TYPE_MISMATCH; } } else { - if (pub->pk_info != prv->pk_info) { + if ((prv->pk_info->type != MBEDTLS_PK_OPAQUE) && + (pub->pk_info != prv->pk_info)) { return MBEDTLS_ERR_PK_TYPE_MISMATCH; } } From 6c666c6c8dcdef068af78ae9708b1a263b3925fe Mon Sep 17 00:00:00 2001 From: valerio Date: Thu, 1 Jun 2023 10:59:42 +0200 Subject: [PATCH 252/328] test: add key pair check verification for opaque EC keys Signed-off-by: valerio --- tests/suites/test_suite_pk.function | 18 +++++++++++++++++- 1 file changed, 17 insertions(+), 1 deletion(-) diff --git a/tests/suites/test_suite_pk.function b/tests/suites/test_suite_pk.function index a5b50dec45..65b0c0303f 100644 --- a/tests/suites/test_suite_pk.function +++ b/tests/suites/test_suite_pk.function @@ -562,6 +562,9 @@ exit: void mbedtls_pk_check_pair(char *pub_file, char *prv_file, int ret) { mbedtls_pk_context pub, prv, alt; +#if defined(MBEDTLS_USE_PSA_CRYPTO) + mbedtls_svc_key_id_t opaque_key_id = MBEDTLS_SVC_KEY_ID_INIT; +#endif /* MBEDTLS_USE_PSA_CRYPTO */ mbedtls_pk_init(&pub); mbedtls_pk_init(&prv); @@ -575,7 +578,7 @@ void mbedtls_pk_check_pair(char *pub_file, char *prv_file, int ret) if (ret == MBEDTLS_ERR_ECP_BAD_INPUT_DATA) { ret = MBEDTLS_ERR_PK_BAD_INPUT_DATA; } -#endif +#endif /* MBEDTLS_USE_PSA_CRYPTO */ TEST_ASSERT(mbedtls_pk_parse_public_keyfile(&pub, pub_file) == 0); TEST_ASSERT(mbedtls_pk_parse_keyfile(&prv, prv_file, NULL, @@ -596,7 +599,20 @@ void mbedtls_pk_check_pair(char *pub_file, char *prv_file, int ret) == ret); } #endif +#if defined(MBEDTLS_USE_PSA_CRYPTO) + if (mbedtls_pk_get_type(&prv) == MBEDTLS_PK_ECKEY) { + TEST_EQUAL(mbedtls_pk_wrap_as_opaque(&prv, &opaque_key_id, + PSA_ALG_ANY_HASH, + PSA_KEY_USAGE_EXPORT, 0), 0); + TEST_EQUAL(mbedtls_pk_check_pair(&pub, &prv, mbedtls_test_rnd_std_rand, + NULL), ret); + } +#endif +exit: +#if defined(MBEDTLS_USE_PSA_CRYPTO) + psa_destroy_key(opaque_key_id); +#endif /* MBEDTLS_USE_PSA_CRYPTO */ mbedtls_pk_free(&pub); mbedtls_pk_free(&prv); mbedtls_pk_free(&alt); From ede0c4676e3d94d41c3b82fe730bed0640c904bb Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Mon, 5 Jun 2023 11:08:28 +0200 Subject: [PATCH 253/328] pk_internal: minor rearrangement in mbedtls_pk_get_group_id() Signed-off-by: Valerio Setti --- library/pk_internal.h | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/library/pk_internal.h b/library/pk_internal.h index 21fb34a8f4..388f94ac80 100644 --- a/library/pk_internal.h +++ b/library/pk_internal.h @@ -86,11 +86,11 @@ static inline mbedtls_ecp_group_id mbedtls_pk_get_group_id(const mbedtls_pk_cont mbedtls_ecp_group_id id; #if defined(MBEDTLS_USE_PSA_CRYPTO) - psa_key_attributes_t opaque_attrs = PSA_KEY_ATTRIBUTES_INIT; - psa_key_type_t opaque_key_type; - psa_ecc_family_t curve; - if (mbedtls_pk_get_type(pk) == MBEDTLS_PK_OPAQUE) { + psa_key_attributes_t opaque_attrs = PSA_KEY_ATTRIBUTES_INIT; + psa_key_type_t opaque_key_type; + psa_ecc_family_t curve; + if (psa_get_key_attributes(pk->priv_id, &opaque_attrs) != PSA_SUCCESS) { return MBEDTLS_ECP_DP_NONE; } From 21e5939479648453d787badb560f014730e090e6 Mon Sep 17 00:00:00 2001 From: Pengyu Lv Date: Mon, 5 Jun 2023 17:40:15 +0800 Subject: [PATCH 254/328] Generate PEM pub key directly from DER prv key Signed-off-by: Pengyu Lv --- tests/data_files/Makefile | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/tests/data_files/Makefile b/tests/data_files/Makefile index 55d6cd2195..46aa5052da 100644 --- a/tests/data_files/Makefile +++ b/tests/data_files/Makefile @@ -1019,8 +1019,8 @@ ec_x25519_prv.pem: ec_x25519_prv.der $(OPENSSL) pkey -in $< -inform DER -out $@ all_final += ec_x25519_prv.pem -ec_x25519_pub.pem: ec_x25519_pub.der - $(OPENSSL) pkey -in $< -inform DER -out $@ -pubin +ec_x25519_pub.pem: ec_x25519_prv.der + $(OPENSSL) pkey -in $< -inform DER -out $@ -pubout all_final += ec_x25519_pub.pem ec_x448_prv.der: @@ -1035,8 +1035,8 @@ ec_x448_prv.pem: ec_x448_prv.der $(OPENSSL) pkey -in $< -inform DER -out $@ all_final += ec_x448_prv.pem -ec_x448_pub.pem: ec_x448_pub.der - $(OPENSSL) pkey -in $< -inform DER -out $@ -pubin +ec_x448_pub.pem: ec_x448_prv.der + $(OPENSSL) pkey -in $< -inform DER -out $@ -pubout all_final += ec_x448_pub.pem ################################################################ From 8dd1e623e1774688377c79293086b5bea2bf99f2 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 5 Jun 2023 14:14:41 +0200 Subject: [PATCH 255/328] Copyediting Signed-off-by: Gilles Peskine --- docs/proposed/psa-driver-interface.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/docs/proposed/psa-driver-interface.md b/docs/proposed/psa-driver-interface.md index c96452e5fc..bbd1f58877 100644 --- a/docs/proposed/psa-driver-interface.md +++ b/docs/proposed/psa-driver-interface.md @@ -480,12 +480,12 @@ If the key derivation's `PSA_KEY_DERIVATION_INPUT_SECRET` input is in a secure e 1. Otherwise proceed as for `psa_key_derivation_output_bytes()`, then import the resulting key material. * For a call to `psa_key_derivation_verify_key()`: - 1. For ``psa_key_derivation_verify_key()` only: if the driver has a `"key_derivation_verify_key"` entry point, call it and stop. + 1. If the driver has a `"key_derivation_verify_key"` entry point, call it and stop. 1. Call the driver's `"export_key"` entry point on the key object that contains the expected value, then proceed as for `psa_key_derivation_verify_bytes()`. * For a call to `psa_key_derivation_verify_bytes()`: - 1. If the driver has a `"key_derivation_verify_bytes"` entry point, call the driver's , call the `"key_derivation_verify_bytes"` entry point on the expected output, then stop. - 1. Otherwise, proceed as for `psa_key_derivation_output_bytes()`, and compare the resulting output to the expected output inside the core.. + 1. If the driver has a `"key_derivation_verify_bytes"` entry point, call that entry point on the expected output, then stop. + 1. Otherwise, proceed as for `psa_key_derivation_output_bytes()`, and compare the resulting output to the expected output inside the core. * For a call to `psa_key_derivation_output_bytes()`: 1. Call the `"key_derivation_output_bytes"` entry point. The core may call this entry point multiple times to implement a single call from the application when deriving a cooked (non-raw) key as described below, or if the output size exceeds some implementation limit. From f4ba0013e2361088fa42a90719e57d5017495c01 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 5 Jun 2023 14:23:58 +0200 Subject: [PATCH 256/328] Clarify when key derivation entry points are mandatory/permitted Signed-off-by: Gilles Peskine --- docs/proposed/psa-driver-interface.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/proposed/psa-driver-interface.md b/docs/proposed/psa-driver-interface.md index bbd1f58877..b6a650888f 100644 --- a/docs/proposed/psa-driver-interface.md +++ b/docs/proposed/psa-driver-interface.md @@ -322,10 +322,10 @@ The core decides whether to dispatch a key derivation operation to a driver base A key derivation driver has the following entry points: * `"key_derivation_setup"` (mandatory): always the first entry point to be called. This entry point provides the [initial inputs](#key-derivation-driver-initial-inputs). See [“Key derivation driver setup”](#key-derivation-driver-setup). -* `"key_derivation_input_step"` (optional): provide an extra input for the key derivation. This entry point is only mandatory in drivers that support algorithms that have extra inputs. See [“Key derivation driver long inputs”](#key-derivation-driver-long-inputs). +* `"key_derivation_input_step"` (mandatory if the driver supports a key derivation algorithm with long inputs, otherwise ignored): provide an extra input for the key derivation. This entry point is only mandatory in drivers that support algorithms that have extra inputs. See [“Key derivation driver long inputs”](#key-derivation-driver-long-inputs). * `"key_derivation_output_bytes"` (mandatory): derive cryptographic material and output it. See [“Key derivation driver outputs”](#key-derivation-driver-outputs). * `"key_derivation_output_key"`, `"key_derivation_verify_bytes"`, `"key_derivation_verify_key"` (optional, opaque drivers only): derive key material which remains inside the same secure element. See [“Key derivation driver outputs”](#key-derivation-driver-outputs). -* `"key_derivation_set_capacity"` (mandatory for opaque drivers that implement `"key_derivation_output_key"` for “cooked”, i.e. non-raw-data key types): update the capacity policy on the operation. See [“Key derivation driver operation capacity”](#key-derivation-driver-operation-capacity). +* `"key_derivation_set_capacity"` (mandatory for opaque drivers that implement `"key_derivation_output_key"` for “cooked”, i.e. non-raw-data key types; ignored for other opaque drivers; not permitted for transparent drivers): update the capacity policy on the operation. See [“Key derivation driver operation capacity”](#key-derivation-driver-operation-capacity). * `"key_derivation_abort"` (mandatory): always the last entry point to be called. For naming purposes, here and in the following subsection, this specification takes the example of a driver with the prefix `"acme"` that implements the `"key_derivation"` entry point family with a capability that does not use the `"names"` property to declare different type and entry point names. Such a driver must implement the following type and functions, as well as the entry points listed above and described in the following subsections: From 0c0f84e54fb420effd94b7b7447bbc3bb720aca4 Mon Sep 17 00:00:00 2001 From: Pengyu Lv Date: Wed, 24 May 2023 18:23:59 +0800 Subject: [PATCH 257/328] Update test-ca[1|2].crt[.der] Signed-off-by: Pengyu Lv --- tests/data_files/test-ca.crt | 18 +++++++++--------- tests/data_files/test-ca.req.sha256 | 16 ++++++++++++++++ tests/data_files/test-ca.req_ec.sha256 | 9 +++++++++ tests/data_files/test-ca2.crt | 12 ++++++------ tests/data_files/test-ca2.crt.der | Bin 520 -> 523 bytes tests/data_files/test-ca2.req.sha256 | 9 +++++++++ 6 files changed, 49 insertions(+), 15 deletions(-) create mode 100644 tests/data_files/test-ca.req.sha256 create mode 100644 tests/data_files/test-ca.req_ec.sha256 create mode 100644 tests/data_files/test-ca2.req.sha256 diff --git a/tests/data_files/test-ca.crt b/tests/data_files/test-ca.crt index 31790b5bb4..ef7e4c7294 100644 --- a/tests/data_files/test-ca.crt +++ b/tests/data_files/test-ca.crt @@ -1,5 +1,5 @@ -----BEGIN CERTIFICATE----- -MIIDQTCCAimgAwIBAgIBAzANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER +MIIDRDCCAiygAwIBAgIBAzANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN MTkwMjEwMTQ0NDAwWhcNMjkwMjEwMTQ0NDAwWjA7MQswCQYDVQQGEwJOTDERMA8G A1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwggEiMA0G @@ -9,12 +9,12 @@ mdTs6st8GFgIlKXsm8WL3xoemTiZhx57wI053zhdcHgH057Zk+i5clHFzqMwUqny YMPGn8u67GB9t+aEMr5P+1gmIgNb1LTV+/Xjli5wwOQuvfwu7uJBVcA0Ln0kcmnL R7EUQIN9Z/SG9jGr8XmksrUuEvmEF/Bibyc+E1ixVA0hmnM3oTDPb5Lc9un8rNsu KNF+AksjoBXyOGVkCeoMbo4bF6BxyLObyavpw/LPh5aPgAIynplYb6LVAgMBAAGj -UDBOMAwGA1UdEwQFMAMBAf8wHQYDVR0OBBYEFLRa5KWz3tJS9rnVppUP6z68x/3/ -MB8GA1UdIwQYMBaAFLRa5KWz3tJS9rnVppUP6z68x/3/MA0GCSqGSIb3DQEBBQUA -A4IBAQB0ZiNRFdia6kskaPnhrqejIRq8YMEGAf2oIPnyZ78xoyERgc35lHGyMtsL -hWicNjP4d/hS9As4j5KA2gdNGi5ETA1X7SowWOGsryivSpMSHVy1+HdfWlsYQOzm -8o+faQNUm8XzPVmttfAVspxeHSxJZ36Oo+QWZ5wZlCIEyjEdLUId+Tm4Bz3B5jRD -zZa/SaqDokq66N2zpbgKKAl3GU2O++fBqP2dSkdQykmTxhLLWRN8FJqhYATyQntZ -0QSi3W9HfSZPnFTcPIXeoiPd2pLlxt1hZu8dws2LTXE63uP6MM4LHvWxiuJaWkP/ -mtxyUALj2pQxRitopORFQdn7AOY5 +UzBRMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFLRa5KWz3tJS9rnVppUP6z68 +x/3/MB8GA1UdIwQYMBaAFLRa5KWz3tJS9rnVppUP6z68x/3/MA0GCSqGSIb3DQEB +BQUAA4IBAQCz557ZZmWv5UTTHebzTyVzku5ldpcicJPqKHP3xZ4tPPY52JQyJg/T +hsRB44yTyNo3/jo9or2KgVnc+/nCmnlvTq22a/j26DtKZ7wD9MWxunpkqRwExtA/ +G816msrl6X6m50WwdLXTvaVJGXCYp8TPVLx5YY3WPIVoX0CPN7Hs9iNJNiEWo4Qf +7dAqjWBB/QpusmWhjaDSc4+cFhT24Yo9HuS1yrkUTrBtJaj0AykTsiyFm6SBVDNH +9XIxCgYy9QrYbDKNtJXhuevpN0yUMV/aUnIkU2wTTouhOzZisjNk0sS1guqmSHzf +hlf8qotOhNvFXpEsCGwZUywayo7c4DtO -----END CERTIFICATE----- diff --git a/tests/data_files/test-ca.req.sha256 b/tests/data_files/test-ca.req.sha256 new file mode 100644 index 0000000000..1114338791 --- /dev/null +++ b/tests/data_files/test-ca.req.sha256 @@ -0,0 +1,16 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIICgDCCAWgCAQAwOzELMAkGA1UEBhMCTkwxETAPBgNVBAoMCFBvbGFyU1NMMRkw +FwYDVQQDDBBQb2xhclNTTCBUZXN0IENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A +MIIBCgKCAQEAwN83/Be74JadP4beljJ9RKUWoM0h8ZnU7OrLfBhYCJSl7JvFi98a +Hpk4mYcee8CNOd84XXB4B9Oe2ZPouXJRxc6jMFKp8udAcBTLRKJyC8LlQPk+5aYO +s/nsSmPAuCkAdJxXO6ilBJBx8b2D2T/WpeI8Ko/vJ2DDxp/LuuxgfbfmhDK+T/tY +JiIDW9S01fv145YucMDkLr38Lu7iQVXANC59JHJpy0exFECDfWf0hvYxq/F5pLK1 +LhL5hBfwYm8nPhNYsVQNIZpzN6Ewz2+S3Pbp/KzbLijRfgJLI6AV8jhlZAnqDG6O +Gxegccizm8mr6cPyz4eWj4ACMp6ZWG+i1QIDAQABoAAwDQYJKoZIhvcNAQELBQAD +ggEBAKI+q840+CyPj6DJDJr9mP/aE8U+VyxbarQuZHxbiyS2HDuNQNFvP2TmCDRx +juERTU8yDOj3F2p7JhFF4QkCP2TP4JFYjLlOE7ISxYegGdJNNO6W00btMHG1s0aW +uPcPIIy9HxGiOFFmjYz7Jo8mcFl+bl4ET7zPoj21R4dOl7E3oYLtEZqTuiWnfW2H ++whurU13PYyog3jvJex99VIL8ZRliUSKgdmQ7A4GMvE6kf6Uk+441ynZ7RQr4jF9 +xsVIrR7cyt/SsVEYF+2SfJi0dO9pf6yV3PdwtpU2URTyZoitlneqEINXKi7Qx6E+ ++f5fAI8FbCJtgKEKf2TfqiH6sCI= +-----END CERTIFICATE REQUEST----- diff --git a/tests/data_files/test-ca.req_ec.sha256 b/tests/data_files/test-ca.req_ec.sha256 new file mode 100644 index 0000000000..6d46b2ad84 --- /dev/null +++ b/tests/data_files/test-ca.req_ec.sha256 @@ -0,0 +1,9 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIIBOTCBvQIBADA+MQswCQYDVQQGEwJOTDERMA8GA1UECgwIUG9sYXJTU0wxHDAa +BgNVBAMME1BvbGFyc3NsIFRlc3QgRUMgQ0EwdjAQBgcqhkjOPQIBBgUrgQQAIgNi +AATD2is0QTdYL4dW/vyJuilDS07gbsMOV1MzOVjUUrSRlTkLI99fFyRiSPwalSnO +LC2HwohSgK/Waqsh3bjTHG5YuMrosmmO80GtKcO0X3WnR2/VGSlVaZpTOyC0ZhZg +Mx6gADAMBggqhkjOPQQDAgUAA2kAMGYCMQDElef9+KfRbZOA29ZyU750fB3ob82E +8R711+hk9HOsk0G9Uccp3tT+1nhCcMNhnWsCMQD6Y8e9jcEaKSPiWWfgCZ5NaQ5l +pvPDUdcPV8sZt2cgNS8fcRIIHblQKvr6miHXl9Y= +-----END CERTIFICATE REQUEST----- diff --git a/tests/data_files/test-ca2.crt b/tests/data_files/test-ca2.crt index 7ac79e440f..b974f4c5bc 100644 --- a/tests/data_files/test-ca2.crt +++ b/tests/data_files/test-ca2.crt @@ -1,13 +1,13 @@ -----BEGIN CERTIFICATE----- -MIICBDCCAYigAwIBAgIJAMFD4n5iQ8zoMAwGCCqGSM49BAMCBQAwPjELMAkGA1UE +MIICBzCCAYugAwIBAgIJAMFD4n5iQ8zoMAwGCCqGSM49BAMCBQAwPjELMAkGA1UE BhMCTkwxETAPBgNVBAoMCFBvbGFyU1NMMRwwGgYDVQQDDBNQb2xhcnNzbCBUZXN0 IEVDIENBMB4XDTE5MDIxMDE0NDQwMFoXDTI5MDIxMDE0NDQwMFowPjELMAkGA1UE BhMCTkwxETAPBgNVBAoMCFBvbGFyU1NMMRwwGgYDVQQDDBNQb2xhcnNzbCBUZXN0 IEVDIENBMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEw9orNEE3WC+HVv78ibopQ0tO 4G7DDldTMzlY1FK0kZU5CyPfXxckYkj8GpUpziwth8KIUoCv1mqrId240xxuWLjK -6LJpjvNBrSnDtF91p0dv1RkpVWmaUzsgtGYWYDMeo1AwTjAMBgNVHRMEBTADAQH/ -MB0GA1UdDgQWBBSdbSAkSQE/K8t4tRm8fiTJ2/s2fDAfBgNVHSMEGDAWgBSdbSAk -SQE/K8t4tRm8fiTJ2/s2fDAMBggqhkjOPQQDAgUAA2gAMGUCMFHKrjAPpHB0BN1a -LH8TwcJ3vh0AxeKZj30mRdOKBmg/jLS3rU3g8VQBHpn8sOTTBwIxANxPO5AerimZ -hCjMe0d4CTHf1gFZMF70+IqEP+o5VHsIp2Cqvflb0VGWFC5l9a4cQg== +6LJpjvNBrSnDtF91p0dv1RkpVWmaUzsgtGYWYDMeo1MwUTAPBgNVHRMBAf8EBTAD +AQH/MB0GA1UdDgQWBBSdbSAkSQE/K8t4tRm8fiTJ2/s2fDAfBgNVHSMEGDAWgBSd +bSAkSQE/K8t4tRm8fiTJ2/s2fDAMBggqhkjOPQQDAgUAA2gAMGUCMQDpNWfBIlzq +6xV2UwQD/1YGz9fQUM7AfNKzVa2PVBpf/QD1TAylTYTF4GI6qlb6EPYCMF/YVa29 +N5yC1mFAir19jb9Pl9iiIkRm17dM4y6m5VIMepEPm/VlWAa8H5p1+BPbGw== -----END CERTIFICATE----- diff --git a/tests/data_files/test-ca2.crt.der b/tests/data_files/test-ca2.crt.der index 2c8e217432a33259f5a5bf666daa4b77de32b0dc..70d6abca4cd491a0123bc09a168fee5e160d810a 100644 GIT binary patch delta 136 zcmV;30C)e01d9X+FoFUHFoFS#u?RN-4O1{tFb@U;RUH!n0soUp0b67-0O>Vn!6IDh z>lJoW1Oxw82G7^fP|m=7(z8{qk5n38{Q&h$45dwk#o%H(s#f|C_5v_p*j25)H=Kgj qVL*z#eT~0Qm)N2rL}u5wOye%5 Date: Wed, 24 May 2023 14:26:53 +0800 Subject: [PATCH 258/328] Update server6.crt Signed-off-by: Pengyu Lv --- tests/data_files/server6.crt | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/tests/data_files/server6.crt b/tests/data_files/server6.crt index 6df6716861..51e4393194 100644 --- a/tests/data_files/server6.crt +++ b/tests/data_files/server6.crt @@ -1,14 +1,14 @@ -----BEGIN CERTIFICATE----- MIICIDCCAaWgAwIBAgIBCjAKBggqhkjOPQQDAjA+MQswCQYDVQQGEwJOTDERMA8G -A1UEChMIUG9sYXJTU0wxHDAaBgNVBAMTE1BvbGFyc3NsIFRlc3QgRUMgQ0EwHhcN -MTMwOTI0MTU1MjA0WhcNMjMwOTIyMTU1MjA0WjA0MQswCQYDVQQGEwJOTDERMA8G -A1UEChMIUG9sYXJTU0wxEjAQBgNVBAMTCWxvY2FsaG9zdDBZMBMGByqGSM49AgEG +A1UECgwIUG9sYXJTU0wxHDAaBgNVBAMME1BvbGFyc3NsIFRlc3QgRUMgQ0EwHhcN +MjMwNTE3MDcxMDM3WhcNMzMwNTE0MDcxMDM3WjA0MQswCQYDVQQGEwJOTDERMA8G +A1UECgwIUG9sYXJTU0wxEjAQBgNVBAMMCWxvY2FsaG9zdDBZMBMGByqGSM49AgEG CCqGSM49AwEHA0IABIFZMXZJJPoVraugMW4O7TMR+pElVcGwwZwDcj6Yui2kcjeJ H0M3jR+OOtjwV+gvT8kApPfbcw+yxgSU0UA7OOOjgZ0wgZowCQYDVR0TBAIwADAd BgNVHQ4EFgQUfmWPPjMDFOXhvmCy4IV/jOdgK3swbgYDVR0jBGcwZYAUnW0gJEkB -PyvLeLUZvH4kydv7NnyhQqRAMD4xCzAJBgNVBAYTAk5MMREwDwYDVQQKEwhQb2xh -clNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBFQyBDQYIJAMFD4n5iQ8zoMAoG -CCqGSM49BAMCA2kAMGYCMQCsYTyleBFuI4nizuxo/ie5dxJnD0ynwCnRJ+84PZP4 -AQA3HdUz0qNYs4CZ2am9Gz0CMQDr2TNLFA3C3S3pmgXMT0eKzR1Ca1/Nulf0llQZ -Xj09kLboxuemP40IIqhQnpYptMg= +PyvLeLUZvH4kydv7NnyhQqRAMD4xCzAJBgNVBAYTAk5MMREwDwYDVQQKDAhQb2xh +clNTTDEcMBoGA1UEAwwTUG9sYXJzc2wgVGVzdCBFQyBDQYIJAMFD4n5iQ8zoMAoG +CCqGSM49BAMCA2kAMGYCMQC7mlP+bq/c4hKB3zfJgPdwSnzzQOkXwdA2O6QumC2o +ZuHyjUYV5/ZyU8QQ7cNnKnYCMQD9ByA7ddpVE2Gk+OVuBPGfwV4O2COgFrasfrTn +KgfuCEF96BhSjLDXWKB4IFWaXUQ= -----END CERTIFICATE----- From 465c6eb37140d8b48497462b02819cbb769a7bfe Mon Sep 17 00:00:00 2001 From: Pengyu Lv Date: Wed, 24 May 2023 14:31:42 +0800 Subject: [PATCH 259/328] Update test-ca2_cat-*.crt and test-ca_cat*.crt Signed-off-by: Pengyu Lv --- .../test-ca2_cat-future-invalid.crt | 42 ++++++++--------- .../test-ca2_cat-future-present.crt | 46 +++++++++---------- .../data_files/test-ca2_cat-past-invalid.crt | 16 +++---- .../data_files/test-ca2_cat-past-present.crt | 24 +++++----- .../test-ca2_cat-present-future.crt | 46 +++++++++---------- .../data_files/test-ca2_cat-present-past.crt | 24 +++++----- tests/data_files/test-ca_cat12.crt | 42 ++++++++--------- tests/data_files/test-ca_cat21.crt | 42 ++++++++--------- 8 files changed, 135 insertions(+), 147 deletions(-) diff --git a/tests/data_files/test-ca2_cat-future-invalid.crt b/tests/data_files/test-ca2_cat-future-invalid.crt index b1cfbf0547..833e497faa 100644 --- a/tests/data_files/test-ca2_cat-future-invalid.crt +++ b/tests/data_files/test-ca2_cat-future-invalid.crt @@ -1,27 +1,27 @@ -----BEGIN CERTIFICATE----- +MIICBjCCAYugAwIBAgIJAMFD4n5iQ8zoMAwGCCqGSM49BAMCBQAwPjELMAkGA1UE +BhMCTkwxETAPBgNVBAoMCFBvbGFyU1NMMRwwGgYDVQQDDBNQb2xhcnNzbCBUZXN0 +IEVDIENBMB4XDTI5MDIxMDE0NDQwMFoXDTM5MDIxMDE0NDQwMFowPjELMAkGA1UE +BhMCTkwxETAPBgNVBAoMCFBvbGFyU1NMMRwwGgYDVQQDDBNQb2xhcnNzbCBUZXN0 +IEVDIENBMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEw9orNEE3WC+HVv78ibopQ0tO +4G7DDldTMzlY1FK0kZU5CyPfXxckYkj8GpUpziwth8KIUoCv1mqrId240xxuWLjK +6LJpjvNBrSnDtF91p0dv1RkpVWmaUzsgtGYWYDMeo1MwUTAPBgNVHRMBAf8EBTAD +AQH/MB0GA1UdDgQWBBSdbSAkSQE/K8t4tRm8fiTJ2/s2fDAfBgNVHSMEGDAWgBSd +bSAkSQE/K8t4tRm8fiTJ2/s2fDAMBggqhkjOPQQDAgUAA2cAMGQCMCDwxpvV0mzZ +5nyr3tpLILyaERGyVuSGHAJqd88fsWEiV6/xmiOTeIGlN8WLVL03FQIwJYnSIeCj +vwuQaWzeIypEnGIT2A2eJ2IIrJrFr9xpafqN1vRDSK5VZuM1B4RtW2OU +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- MIICIDCCAaWgAwIBAgIBCjAKBggqhkjOPQQDAjA+MQswCQYDVQQGEwJOTDERMA8G -A1UEChMIUG9sYXJTU0wxHDAaBgNVBAMTE1BvbGFyc3NsIFRlc3QgRUMgQ0EwHhcN -MTMwOTI0MTU1MjA0WhcNMjMwOTIyMTU1MjA0WjA0MQswCQYDVQQGEwJOTDERMA8G -A1UEChMIUG9sYXJTU0wxEjAQBgNVBAMTCWxvY2FsaG9zdDBZMBMGByqGSM49AgEG +A1UECgwIUG9sYXJTU0wxHDAaBgNVBAMME1BvbGFyc3NsIFRlc3QgRUMgQ0EwHhcN +MjMwNTE3MDcxMDM3WhcNMzMwNTE0MDcxMDM3WjA0MQswCQYDVQQGEwJOTDERMA8G +A1UECgwIUG9sYXJTU0wxEjAQBgNVBAMMCWxvY2FsaG9zdDBZMBMGByqGSM49AgEG CCqGSM49AwEHA0IABIFZMXZJJPoVraugMW4O7TMR+pElVcGwwZwDcj6Yui2kcjeJ H0M3jR+OOtjwV+gvT8kApPfbcw+yxgSU0UA7OOOjgZ0wgZowCQYDVR0TBAIwADAd BgNVHQ4EFgQUfmWPPjMDFOXhvmCy4IV/jOdgK3swbgYDVR0jBGcwZYAUnW0gJEkB -PyvLeLUZvH4kydv7NnyhQqRAMD4xCzAJBgNVBAYTAk5MMREwDwYDVQQKEwhQb2xh -clNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBFQyBDQYIJAMFD4n5iQ8zoMAoG -CCqGSM49BAMCA2kAMGYCMQCsYTyleBFuI4nizuxo/ie5dxJnD0ynwCnRJ+84PZP4 -AQA3HdUz0qNYs4CZ2am9Gz0CMQDr2TNLFA3C3S3pmgXMT0eKzR1Ca1/Nulf0llQZ -Xj09kLboxuemP40IIqhQnpYptMg= ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIB+zCCAYCgAwIBAgIBATAMBggqhkjOPQQDAgUAMD4xCzAJBgNVBAYTAk5MMREw -DwYDVQQKEwhQb2xhclNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBFQyBDQTAe -Fw0yMzA5MjIxNTQ5NDlaFw0zMDEyMzEyMzU5NTlaMD4xCzAJBgNVBAYTAk5MMREw -DwYDVQQKEwhQb2xhclNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBFQyBDQTB2 -MBAGByqGSM49AgEGBSuBBAAiA2IABMPaKzRBN1gvh1b+/Im6KUNLTuBuww5XUzM5 -WNRStJGVOQsj318XJGJI/BqVKc4sLYfCiFKAr9ZqqyHduNMcbli4yuiyaY7zQa0p -w7RfdadHb9UZKVVpmlM7ILRmFmAzHqNQME4wDAYDVR0TBAUwAwEB/zAdBgNVHQ4E -FgQUnW0gJEkBPyvLeLUZvH4kydv7NnwwHwYDVR0jBBgwFoAUnW0gJEkBPyvLeLUZ -vH4kydv7NnwwDAYIKoZIzj0EAwIFAANnADBkAjB1ZNdOM7KRJiPo45hP17A1sJSH -qHFPEJbml6KdNevoVZ1HqvP8AoFGcPJRpQVtzC0CMDa7JEqn0dOss8EmW9pVF/N2 -+XvzNczj89mWMgPhJJlT+MONQx3LFQO+TMSI9hLdkw== +PyvLeLUZvH4kydv7NnyhQqRAMD4xCzAJBgNVBAYTAk5MMREwDwYDVQQKDAhQb2xh +clNTTDEcMBoGA1UEAwwTUG9sYXJzc2wgVGVzdCBFQyBDQYIJAMFD4n5iQ8zoMAoG +CCqGSM49BAMCA2kAMGYCMQC7mlP+bq/c4hKB3zfJgPdwSnzzQOkXwdA2O6QumC2o +ZuHyjUYV5/ZyU8QQ7cNnKnYCMQD9ByA7ddpVE2Gk+OVuBPGfwV4O2COgFrasfrTn +KgfuCEF96BhSjLDXWKB4IFWaXUQ= -----END CERTIFICATE----- diff --git a/tests/data_files/test-ca2_cat-future-present.crt b/tests/data_files/test-ca2_cat-future-present.crt index 776e725cb6..649cca05a6 100644 --- a/tests/data_files/test-ca2_cat-future-present.crt +++ b/tests/data_files/test-ca2_cat-future-present.crt @@ -1,28 +1,26 @@ -----BEGIN CERTIFICATE----- -MIIB+zCCAYCgAwIBAgIBATAMBggqhkjOPQQDAgUAMD4xCzAJBgNVBAYTAk5MMREw -DwYDVQQKEwhQb2xhclNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBFQyBDQTAe -Fw0yMzA5MjIxNTQ5NDlaFw0zMDEyMzEyMzU5NTlaMD4xCzAJBgNVBAYTAk5MMREw -DwYDVQQKEwhQb2xhclNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBFQyBDQTB2 -MBAGByqGSM49AgEGBSuBBAAiA2IABMPaKzRBN1gvh1b+/Im6KUNLTuBuww5XUzM5 -WNRStJGVOQsj318XJGJI/BqVKc4sLYfCiFKAr9ZqqyHduNMcbli4yuiyaY7zQa0p -w7RfdadHb9UZKVVpmlM7ILRmFmAzHqNQME4wDAYDVR0TBAUwAwEB/zAdBgNVHQ4E -FgQUnW0gJEkBPyvLeLUZvH4kydv7NnwwHwYDVR0jBBgwFoAUnW0gJEkBPyvLeLUZ -vH4kydv7NnwwDAYIKoZIzj0EAwIFAANnADBkAjB1ZNdOM7KRJiPo45hP17A1sJSH -qHFPEJbml6KdNevoVZ1HqvP8AoFGcPJRpQVtzC0CMDa7JEqn0dOss8EmW9pVF/N2 -+XvzNczj89mWMgPhJJlT+MONQx3LFQO+TMSI9hLdkw== +MIICBjCCAYugAwIBAgIJAMFD4n5iQ8zoMAwGCCqGSM49BAMCBQAwPjELMAkGA1UE +BhMCTkwxETAPBgNVBAoMCFBvbGFyU1NMMRwwGgYDVQQDDBNQb2xhcnNzbCBUZXN0 +IEVDIENBMB4XDTI5MDIxMDE0NDQwMFoXDTM5MDIxMDE0NDQwMFowPjELMAkGA1UE +BhMCTkwxETAPBgNVBAoMCFBvbGFyU1NMMRwwGgYDVQQDDBNQb2xhcnNzbCBUZXN0 +IEVDIENBMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEw9orNEE3WC+HVv78ibopQ0tO +4G7DDldTMzlY1FK0kZU5CyPfXxckYkj8GpUpziwth8KIUoCv1mqrId240xxuWLjK +6LJpjvNBrSnDtF91p0dv1RkpVWmaUzsgtGYWYDMeo1MwUTAPBgNVHRMBAf8EBTAD +AQH/MB0GA1UdDgQWBBSdbSAkSQE/K8t4tRm8fiTJ2/s2fDAfBgNVHSMEGDAWgBSd +bSAkSQE/K8t4tRm8fiTJ2/s2fDAMBggqhkjOPQQDAgUAA2cAMGQCMCDwxpvV0mzZ +5nyr3tpLILyaERGyVuSGHAJqd88fsWEiV6/xmiOTeIGlN8WLVL03FQIwJYnSIeCj +vwuQaWzeIypEnGIT2A2eJ2IIrJrFr9xpafqN1vRDSK5VZuM1B4RtW2OU -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- -MIICUjCCAdegAwIBAgIJAMFD4n5iQ8zoMAoGCCqGSM49BAMCMD4xCzAJBgNVBAYT -Ak5MMREwDwYDVQQKEwhQb2xhclNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBF -QyBDQTAeFw0xMzA5MjQxNTQ5NDhaFw0yMzA5MjIxNTQ5NDhaMD4xCzAJBgNVBAYT -Ak5MMREwDwYDVQQKEwhQb2xhclNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBF -QyBDQTB2MBAGByqGSM49AgEGBSuBBAAiA2IABMPaKzRBN1gvh1b+/Im6KUNLTuBu -ww5XUzM5WNRStJGVOQsj318XJGJI/BqVKc4sLYfCiFKAr9ZqqyHduNMcbli4yuiy -aY7zQa0pw7RfdadHb9UZKVVpmlM7ILRmFmAzHqOBoDCBnTAdBgNVHQ4EFgQUnW0g -JEkBPyvLeLUZvH4kydv7NnwwbgYDVR0jBGcwZYAUnW0gJEkBPyvLeLUZvH4kydv7 -NnyhQqRAMD4xCzAJBgNVBAYTAk5MMREwDwYDVQQKEwhQb2xhclNTTDEcMBoGA1UE -AxMTUG9sYXJzc2wgVGVzdCBFQyBDQYIJAMFD4n5iQ8zoMAwGA1UdEwQFMAMBAf8w -CgYIKoZIzj0EAwIDaQAwZgIxAMO0YnNWKJUAfXgSJtJxexn4ipg+kv4znuR50v56 -t4d0PCu412mUC6Nnd7izvtE2MgIxAP1nnJQjZ8BWukszFQDG48wxCCyci9qpdSMv -uCjn8pwUOkABXK8Mss90fzCfCEOtIA== +MIICBzCCAYugAwIBAgIJAMFD4n5iQ8zoMAwGCCqGSM49BAMCBQAwPjELMAkGA1UE +BhMCTkwxETAPBgNVBAoMCFBvbGFyU1NMMRwwGgYDVQQDDBNQb2xhcnNzbCBUZXN0 +IEVDIENBMB4XDTE5MDIxMDE0NDQwMFoXDTI5MDIxMDE0NDQwMFowPjELMAkGA1UE +BhMCTkwxETAPBgNVBAoMCFBvbGFyU1NMMRwwGgYDVQQDDBNQb2xhcnNzbCBUZXN0 +IEVDIENBMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEw9orNEE3WC+HVv78ibopQ0tO +4G7DDldTMzlY1FK0kZU5CyPfXxckYkj8GpUpziwth8KIUoCv1mqrId240xxuWLjK +6LJpjvNBrSnDtF91p0dv1RkpVWmaUzsgtGYWYDMeo1MwUTAPBgNVHRMBAf8EBTAD +AQH/MB0GA1UdDgQWBBSdbSAkSQE/K8t4tRm8fiTJ2/s2fDAfBgNVHSMEGDAWgBSd +bSAkSQE/K8t4tRm8fiTJ2/s2fDAMBggqhkjOPQQDAgUAA2gAMGUCMQDpNWfBIlzq +6xV2UwQD/1YGz9fQUM7AfNKzVa2PVBpf/QD1TAylTYTF4GI6qlb6EPYCMF/YVa29 +N5yC1mFAir19jb9Pl9iiIkRm17dM4y6m5VIMepEPm/VlWAa8H5p1+BPbGw== -----END CERTIFICATE----- diff --git a/tests/data_files/test-ca2_cat-past-invalid.crt b/tests/data_files/test-ca2_cat-past-invalid.crt index febad74081..a0b0a2f868 100644 --- a/tests/data_files/test-ca2_cat-past-invalid.crt +++ b/tests/data_files/test-ca2_cat-past-invalid.crt @@ -13,15 +13,15 @@ l7tz0Sw/RW6AHFtaIauGkhHqeKIaKIi6WSgHu6x97uyg -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIICIDCCAaWgAwIBAgIBCjAKBggqhkjOPQQDAjA+MQswCQYDVQQGEwJOTDERMA8G -A1UEChMIUG9sYXJTU0wxHDAaBgNVBAMTE1BvbGFyc3NsIFRlc3QgRUMgQ0EwHhcN -MTMwOTI0MTU1MjA0WhcNMjMwOTIyMTU1MjA0WjA0MQswCQYDVQQGEwJOTDERMA8G -A1UEChMIUG9sYXJTU0wxEjAQBgNVBAMTCWxvY2FsaG9zdDBZMBMGByqGSM49AgEG +A1UECgwIUG9sYXJTU0wxHDAaBgNVBAMME1BvbGFyc3NsIFRlc3QgRUMgQ0EwHhcN +MjMwNTE3MDcxMDM3WhcNMzMwNTE0MDcxMDM3WjA0MQswCQYDVQQGEwJOTDERMA8G +A1UECgwIUG9sYXJTU0wxEjAQBgNVBAMMCWxvY2FsaG9zdDBZMBMGByqGSM49AgEG CCqGSM49AwEHA0IABIFZMXZJJPoVraugMW4O7TMR+pElVcGwwZwDcj6Yui2kcjeJ H0M3jR+OOtjwV+gvT8kApPfbcw+yxgSU0UA7OOOjgZ0wgZowCQYDVR0TBAIwADAd BgNVHQ4EFgQUfmWPPjMDFOXhvmCy4IV/jOdgK3swbgYDVR0jBGcwZYAUnW0gJEkB -PyvLeLUZvH4kydv7NnyhQqRAMD4xCzAJBgNVBAYTAk5MMREwDwYDVQQKEwhQb2xh -clNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBFQyBDQYIJAMFD4n5iQ8zoMAoG -CCqGSM49BAMCA2kAMGYCMQCsYTyleBFuI4nizuxo/ie5dxJnD0ynwCnRJ+84PZP4 -AQA3HdUz0qNYs4CZ2am9Gz0CMQDr2TNLFA3C3S3pmgXMT0eKzR1Ca1/Nulf0llQZ -Xj09kLboxuemP40IIqhQnpYptMg= +PyvLeLUZvH4kydv7NnyhQqRAMD4xCzAJBgNVBAYTAk5MMREwDwYDVQQKDAhQb2xh +clNTTDEcMBoGA1UEAwwTUG9sYXJzc2wgVGVzdCBFQyBDQYIJAMFD4n5iQ8zoMAoG +CCqGSM49BAMCA2kAMGYCMQC7mlP+bq/c4hKB3zfJgPdwSnzzQOkXwdA2O6QumC2o +ZuHyjUYV5/ZyU8QQ7cNnKnYCMQD9ByA7ddpVE2Gk+OVuBPGfwV4O2COgFrasfrTn +KgfuCEF96BhSjLDXWKB4IFWaXUQ= -----END CERTIFICATE----- diff --git a/tests/data_files/test-ca2_cat-past-present.crt b/tests/data_files/test-ca2_cat-past-present.crt index bc1ba9a2ef..24e05c6422 100644 --- a/tests/data_files/test-ca2_cat-past-present.crt +++ b/tests/data_files/test-ca2_cat-past-present.crt @@ -12,17 +12,15 @@ tRBXQiGPMzUvmKBk7gM7bF4iFPsdJikyXHmuwv3RAjEA8vtUX8fAAB3fbh5dEXRm l7tz0Sw/RW6AHFtaIauGkhHqeKIaKIi6WSgHu6x97uyg -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- -MIICUjCCAdegAwIBAgIJAMFD4n5iQ8zoMAoGCCqGSM49BAMCMD4xCzAJBgNVBAYT -Ak5MMREwDwYDVQQKEwhQb2xhclNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBF -QyBDQTAeFw0xMzA5MjQxNTQ5NDhaFw0yMzA5MjIxNTQ5NDhaMD4xCzAJBgNVBAYT -Ak5MMREwDwYDVQQKEwhQb2xhclNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBF -QyBDQTB2MBAGByqGSM49AgEGBSuBBAAiA2IABMPaKzRBN1gvh1b+/Im6KUNLTuBu -ww5XUzM5WNRStJGVOQsj318XJGJI/BqVKc4sLYfCiFKAr9ZqqyHduNMcbli4yuiy -aY7zQa0pw7RfdadHb9UZKVVpmlM7ILRmFmAzHqOBoDCBnTAdBgNVHQ4EFgQUnW0g -JEkBPyvLeLUZvH4kydv7NnwwbgYDVR0jBGcwZYAUnW0gJEkBPyvLeLUZvH4kydv7 -NnyhQqRAMD4xCzAJBgNVBAYTAk5MMREwDwYDVQQKEwhQb2xhclNTTDEcMBoGA1UE -AxMTUG9sYXJzc2wgVGVzdCBFQyBDQYIJAMFD4n5iQ8zoMAwGA1UdEwQFMAMBAf8w -CgYIKoZIzj0EAwIDaQAwZgIxAMO0YnNWKJUAfXgSJtJxexn4ipg+kv4znuR50v56 -t4d0PCu412mUC6Nnd7izvtE2MgIxAP1nnJQjZ8BWukszFQDG48wxCCyci9qpdSMv -uCjn8pwUOkABXK8Mss90fzCfCEOtIA== +MIICBzCCAYugAwIBAgIJAMFD4n5iQ8zoMAwGCCqGSM49BAMCBQAwPjELMAkGA1UE +BhMCTkwxETAPBgNVBAoMCFBvbGFyU1NMMRwwGgYDVQQDDBNQb2xhcnNzbCBUZXN0 +IEVDIENBMB4XDTE5MDIxMDE0NDQwMFoXDTI5MDIxMDE0NDQwMFowPjELMAkGA1UE +BhMCTkwxETAPBgNVBAoMCFBvbGFyU1NMMRwwGgYDVQQDDBNQb2xhcnNzbCBUZXN0 +IEVDIENBMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEw9orNEE3WC+HVv78ibopQ0tO +4G7DDldTMzlY1FK0kZU5CyPfXxckYkj8GpUpziwth8KIUoCv1mqrId240xxuWLjK +6LJpjvNBrSnDtF91p0dv1RkpVWmaUzsgtGYWYDMeo1MwUTAPBgNVHRMBAf8EBTAD +AQH/MB0GA1UdDgQWBBSdbSAkSQE/K8t4tRm8fiTJ2/s2fDAfBgNVHSMEGDAWgBSd +bSAkSQE/K8t4tRm8fiTJ2/s2fDAMBggqhkjOPQQDAgUAA2gAMGUCMQDpNWfBIlzq +6xV2UwQD/1YGz9fQUM7AfNKzVa2PVBpf/QD1TAylTYTF4GI6qlb6EPYCMF/YVa29 +N5yC1mFAir19jb9Pl9iiIkRm17dM4y6m5VIMepEPm/VlWAa8H5p1+BPbGw== -----END CERTIFICATE----- diff --git a/tests/data_files/test-ca2_cat-present-future.crt b/tests/data_files/test-ca2_cat-present-future.crt index d62ed09cd4..6539479e63 100644 --- a/tests/data_files/test-ca2_cat-present-future.crt +++ b/tests/data_files/test-ca2_cat-present-future.crt @@ -1,28 +1,26 @@ -----BEGIN CERTIFICATE----- -MIICUjCCAdegAwIBAgIJAMFD4n5iQ8zoMAoGCCqGSM49BAMCMD4xCzAJBgNVBAYT -Ak5MMREwDwYDVQQKEwhQb2xhclNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBF -QyBDQTAeFw0xMzA5MjQxNTQ5NDhaFw0yMzA5MjIxNTQ5NDhaMD4xCzAJBgNVBAYT -Ak5MMREwDwYDVQQKEwhQb2xhclNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBF -QyBDQTB2MBAGByqGSM49AgEGBSuBBAAiA2IABMPaKzRBN1gvh1b+/Im6KUNLTuBu -ww5XUzM5WNRStJGVOQsj318XJGJI/BqVKc4sLYfCiFKAr9ZqqyHduNMcbli4yuiy -aY7zQa0pw7RfdadHb9UZKVVpmlM7ILRmFmAzHqOBoDCBnTAdBgNVHQ4EFgQUnW0g -JEkBPyvLeLUZvH4kydv7NnwwbgYDVR0jBGcwZYAUnW0gJEkBPyvLeLUZvH4kydv7 -NnyhQqRAMD4xCzAJBgNVBAYTAk5MMREwDwYDVQQKEwhQb2xhclNTTDEcMBoGA1UE -AxMTUG9sYXJzc2wgVGVzdCBFQyBDQYIJAMFD4n5iQ8zoMAwGA1UdEwQFMAMBAf8w -CgYIKoZIzj0EAwIDaQAwZgIxAMO0YnNWKJUAfXgSJtJxexn4ipg+kv4znuR50v56 -t4d0PCu412mUC6Nnd7izvtE2MgIxAP1nnJQjZ8BWukszFQDG48wxCCyci9qpdSMv -uCjn8pwUOkABXK8Mss90fzCfCEOtIA== +MIICBzCCAYugAwIBAgIJAMFD4n5iQ8zoMAwGCCqGSM49BAMCBQAwPjELMAkGA1UE +BhMCTkwxETAPBgNVBAoMCFBvbGFyU1NMMRwwGgYDVQQDDBNQb2xhcnNzbCBUZXN0 +IEVDIENBMB4XDTE5MDIxMDE0NDQwMFoXDTI5MDIxMDE0NDQwMFowPjELMAkGA1UE +BhMCTkwxETAPBgNVBAoMCFBvbGFyU1NMMRwwGgYDVQQDDBNQb2xhcnNzbCBUZXN0 +IEVDIENBMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEw9orNEE3WC+HVv78ibopQ0tO +4G7DDldTMzlY1FK0kZU5CyPfXxckYkj8GpUpziwth8KIUoCv1mqrId240xxuWLjK +6LJpjvNBrSnDtF91p0dv1RkpVWmaUzsgtGYWYDMeo1MwUTAPBgNVHRMBAf8EBTAD +AQH/MB0GA1UdDgQWBBSdbSAkSQE/K8t4tRm8fiTJ2/s2fDAfBgNVHSMEGDAWgBSd +bSAkSQE/K8t4tRm8fiTJ2/s2fDAMBggqhkjOPQQDAgUAA2gAMGUCMQDpNWfBIlzq +6xV2UwQD/1YGz9fQUM7AfNKzVa2PVBpf/QD1TAylTYTF4GI6qlb6EPYCMF/YVa29 +N5yC1mFAir19jb9Pl9iiIkRm17dM4y6m5VIMepEPm/VlWAa8H5p1+BPbGw== -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- -MIIB+zCCAYCgAwIBAgIBATAMBggqhkjOPQQDAgUAMD4xCzAJBgNVBAYTAk5MMREw -DwYDVQQKEwhQb2xhclNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBFQyBDQTAe -Fw0yMzA5MjIxNTQ5NDlaFw0zMDEyMzEyMzU5NTlaMD4xCzAJBgNVBAYTAk5MMREw -DwYDVQQKEwhQb2xhclNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBFQyBDQTB2 -MBAGByqGSM49AgEGBSuBBAAiA2IABMPaKzRBN1gvh1b+/Im6KUNLTuBuww5XUzM5 -WNRStJGVOQsj318XJGJI/BqVKc4sLYfCiFKAr9ZqqyHduNMcbli4yuiyaY7zQa0p -w7RfdadHb9UZKVVpmlM7ILRmFmAzHqNQME4wDAYDVR0TBAUwAwEB/zAdBgNVHQ4E -FgQUnW0gJEkBPyvLeLUZvH4kydv7NnwwHwYDVR0jBBgwFoAUnW0gJEkBPyvLeLUZ -vH4kydv7NnwwDAYIKoZIzj0EAwIFAANnADBkAjB1ZNdOM7KRJiPo45hP17A1sJSH -qHFPEJbml6KdNevoVZ1HqvP8AoFGcPJRpQVtzC0CMDa7JEqn0dOss8EmW9pVF/N2 -+XvzNczj89mWMgPhJJlT+MONQx3LFQO+TMSI9hLdkw== +MIICBjCCAYugAwIBAgIJAMFD4n5iQ8zoMAwGCCqGSM49BAMCBQAwPjELMAkGA1UE +BhMCTkwxETAPBgNVBAoMCFBvbGFyU1NMMRwwGgYDVQQDDBNQb2xhcnNzbCBUZXN0 +IEVDIENBMB4XDTI5MDIxMDE0NDQwMFoXDTM5MDIxMDE0NDQwMFowPjELMAkGA1UE +BhMCTkwxETAPBgNVBAoMCFBvbGFyU1NMMRwwGgYDVQQDDBNQb2xhcnNzbCBUZXN0 +IEVDIENBMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEw9orNEE3WC+HVv78ibopQ0tO +4G7DDldTMzlY1FK0kZU5CyPfXxckYkj8GpUpziwth8KIUoCv1mqrId240xxuWLjK +6LJpjvNBrSnDtF91p0dv1RkpVWmaUzsgtGYWYDMeo1MwUTAPBgNVHRMBAf8EBTAD +AQH/MB0GA1UdDgQWBBSdbSAkSQE/K8t4tRm8fiTJ2/s2fDAfBgNVHSMEGDAWgBSd +bSAkSQE/K8t4tRm8fiTJ2/s2fDAMBggqhkjOPQQDAgUAA2cAMGQCMCDwxpvV0mzZ +5nyr3tpLILyaERGyVuSGHAJqd88fsWEiV6/xmiOTeIGlN8WLVL03FQIwJYnSIeCj +vwuQaWzeIypEnGIT2A2eJ2IIrJrFr9xpafqN1vRDSK5VZuM1B4RtW2OU -----END CERTIFICATE----- diff --git a/tests/data_files/test-ca2_cat-present-past.crt b/tests/data_files/test-ca2_cat-present-past.crt index a321d5dd78..08aeeea120 100644 --- a/tests/data_files/test-ca2_cat-present-past.crt +++ b/tests/data_files/test-ca2_cat-present-past.crt @@ -1,17 +1,15 @@ -----BEGIN CERTIFICATE----- -MIICUjCCAdegAwIBAgIJAMFD4n5iQ8zoMAoGCCqGSM49BAMCMD4xCzAJBgNVBAYT -Ak5MMREwDwYDVQQKEwhQb2xhclNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBF -QyBDQTAeFw0xMzA5MjQxNTQ5NDhaFw0yMzA5MjIxNTQ5NDhaMD4xCzAJBgNVBAYT -Ak5MMREwDwYDVQQKEwhQb2xhclNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBF -QyBDQTB2MBAGByqGSM49AgEGBSuBBAAiA2IABMPaKzRBN1gvh1b+/Im6KUNLTuBu -ww5XUzM5WNRStJGVOQsj318XJGJI/BqVKc4sLYfCiFKAr9ZqqyHduNMcbli4yuiy -aY7zQa0pw7RfdadHb9UZKVVpmlM7ILRmFmAzHqOBoDCBnTAdBgNVHQ4EFgQUnW0g -JEkBPyvLeLUZvH4kydv7NnwwbgYDVR0jBGcwZYAUnW0gJEkBPyvLeLUZvH4kydv7 -NnyhQqRAMD4xCzAJBgNVBAYTAk5MMREwDwYDVQQKEwhQb2xhclNTTDEcMBoGA1UE -AxMTUG9sYXJzc2wgVGVzdCBFQyBDQYIJAMFD4n5iQ8zoMAwGA1UdEwQFMAMBAf8w -CgYIKoZIzj0EAwIDaQAwZgIxAMO0YnNWKJUAfXgSJtJxexn4ipg+kv4znuR50v56 -t4d0PCu412mUC6Nnd7izvtE2MgIxAP1nnJQjZ8BWukszFQDG48wxCCyci9qpdSMv -uCjn8pwUOkABXK8Mss90fzCfCEOtIA== +MIICBzCCAYugAwIBAgIJAMFD4n5iQ8zoMAwGCCqGSM49BAMCBQAwPjELMAkGA1UE +BhMCTkwxETAPBgNVBAoMCFBvbGFyU1NMMRwwGgYDVQQDDBNQb2xhcnNzbCBUZXN0 +IEVDIENBMB4XDTE5MDIxMDE0NDQwMFoXDTI5MDIxMDE0NDQwMFowPjELMAkGA1UE +BhMCTkwxETAPBgNVBAoMCFBvbGFyU1NMMRwwGgYDVQQDDBNQb2xhcnNzbCBUZXN0 +IEVDIENBMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEw9orNEE3WC+HVv78ibopQ0tO +4G7DDldTMzlY1FK0kZU5CyPfXxckYkj8GpUpziwth8KIUoCv1mqrId240xxuWLjK +6LJpjvNBrSnDtF91p0dv1RkpVWmaUzsgtGYWYDMeo1MwUTAPBgNVHRMBAf8EBTAD +AQH/MB0GA1UdDgQWBBSdbSAkSQE/K8t4tRm8fiTJ2/s2fDAfBgNVHSMEGDAWgBSd +bSAkSQE/K8t4tRm8fiTJ2/s2fDAMBggqhkjOPQQDAgUAA2gAMGUCMQDpNWfBIlzq +6xV2UwQD/1YGz9fQUM7AfNKzVa2PVBpf/QD1TAylTYTF4GI6qlb6EPYCMF/YVa29 +N5yC1mFAir19jb9Pl9iiIkRm17dM4y6m5VIMepEPm/VlWAa8H5p1+BPbGw== -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIB/TCCAYCgAwIBAgIBATAMBggqhkjOPQQDAgUAMD4xCzAJBgNVBAYTAk5MMREw diff --git a/tests/data_files/test-ca_cat12.crt b/tests/data_files/test-ca_cat12.crt index 8928144637..c54bcc178a 100644 --- a/tests/data_files/test-ca_cat12.crt +++ b/tests/data_files/test-ca_cat12.crt @@ -1,5 +1,5 @@ -----BEGIN CERTIFICATE----- -MIIDQTCCAimgAwIBAgIBAzANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER +MIIDRDCCAiygAwIBAgIBAzANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN MTkwMjEwMTQ0NDAwWhcNMjkwMjEwMTQ0NDAwWjA7MQswCQYDVQQGEwJOTDERMA8G A1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwggEiMA0G @@ -9,27 +9,25 @@ mdTs6st8GFgIlKXsm8WL3xoemTiZhx57wI053zhdcHgH057Zk+i5clHFzqMwUqny YMPGn8u67GB9t+aEMr5P+1gmIgNb1LTV+/Xjli5wwOQuvfwu7uJBVcA0Ln0kcmnL R7EUQIN9Z/SG9jGr8XmksrUuEvmEF/Bibyc+E1ixVA0hmnM3oTDPb5Lc9un8rNsu KNF+AksjoBXyOGVkCeoMbo4bF6BxyLObyavpw/LPh5aPgAIynplYb6LVAgMBAAGj -UDBOMAwGA1UdEwQFMAMBAf8wHQYDVR0OBBYEFLRa5KWz3tJS9rnVppUP6z68x/3/ -MB8GA1UdIwQYMBaAFLRa5KWz3tJS9rnVppUP6z68x/3/MA0GCSqGSIb3DQEBBQUA -A4IBAQB0ZiNRFdia6kskaPnhrqejIRq8YMEGAf2oIPnyZ78xoyERgc35lHGyMtsL -hWicNjP4d/hS9As4j5KA2gdNGi5ETA1X7SowWOGsryivSpMSHVy1+HdfWlsYQOzm -8o+faQNUm8XzPVmttfAVspxeHSxJZ36Oo+QWZ5wZlCIEyjEdLUId+Tm4Bz3B5jRD -zZa/SaqDokq66N2zpbgKKAl3GU2O++fBqP2dSkdQykmTxhLLWRN8FJqhYATyQntZ -0QSi3W9HfSZPnFTcPIXeoiPd2pLlxt1hZu8dws2LTXE63uP6MM4LHvWxiuJaWkP/ -mtxyUALj2pQxRitopORFQdn7AOY5 +UzBRMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFLRa5KWz3tJS9rnVppUP6z68 +x/3/MB8GA1UdIwQYMBaAFLRa5KWz3tJS9rnVppUP6z68x/3/MA0GCSqGSIb3DQEB +BQUAA4IBAQCz557ZZmWv5UTTHebzTyVzku5ldpcicJPqKHP3xZ4tPPY52JQyJg/T +hsRB44yTyNo3/jo9or2KgVnc+/nCmnlvTq22a/j26DtKZ7wD9MWxunpkqRwExtA/ +G816msrl6X6m50WwdLXTvaVJGXCYp8TPVLx5YY3WPIVoX0CPN7Hs9iNJNiEWo4Qf +7dAqjWBB/QpusmWhjaDSc4+cFhT24Yo9HuS1yrkUTrBtJaj0AykTsiyFm6SBVDNH +9XIxCgYy9QrYbDKNtJXhuevpN0yUMV/aUnIkU2wTTouhOzZisjNk0sS1guqmSHzf +hlf8qotOhNvFXpEsCGwZUywayo7c4DtO -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- -MIICUjCCAdegAwIBAgIJAMFD4n5iQ8zoMAoGCCqGSM49BAMCMD4xCzAJBgNVBAYT -Ak5MMREwDwYDVQQKEwhQb2xhclNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBF -QyBDQTAeFw0xMzA5MjQxNTQ5NDhaFw0yMzA5MjIxNTQ5NDhaMD4xCzAJBgNVBAYT -Ak5MMREwDwYDVQQKEwhQb2xhclNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBF -QyBDQTB2MBAGByqGSM49AgEGBSuBBAAiA2IABMPaKzRBN1gvh1b+/Im6KUNLTuBu -ww5XUzM5WNRStJGVOQsj318XJGJI/BqVKc4sLYfCiFKAr9ZqqyHduNMcbli4yuiy -aY7zQa0pw7RfdadHb9UZKVVpmlM7ILRmFmAzHqOBoDCBnTAdBgNVHQ4EFgQUnW0g -JEkBPyvLeLUZvH4kydv7NnwwbgYDVR0jBGcwZYAUnW0gJEkBPyvLeLUZvH4kydv7 -NnyhQqRAMD4xCzAJBgNVBAYTAk5MMREwDwYDVQQKEwhQb2xhclNTTDEcMBoGA1UE -AxMTUG9sYXJzc2wgVGVzdCBFQyBDQYIJAMFD4n5iQ8zoMAwGA1UdEwQFMAMBAf8w -CgYIKoZIzj0EAwIDaQAwZgIxAMO0YnNWKJUAfXgSJtJxexn4ipg+kv4znuR50v56 -t4d0PCu412mUC6Nnd7izvtE2MgIxAP1nnJQjZ8BWukszFQDG48wxCCyci9qpdSMv -uCjn8pwUOkABXK8Mss90fzCfCEOtIA== +MIICBzCCAYugAwIBAgIJAMFD4n5iQ8zoMAwGCCqGSM49BAMCBQAwPjELMAkGA1UE +BhMCTkwxETAPBgNVBAoMCFBvbGFyU1NMMRwwGgYDVQQDDBNQb2xhcnNzbCBUZXN0 +IEVDIENBMB4XDTE5MDIxMDE0NDQwMFoXDTI5MDIxMDE0NDQwMFowPjELMAkGA1UE +BhMCTkwxETAPBgNVBAoMCFBvbGFyU1NMMRwwGgYDVQQDDBNQb2xhcnNzbCBUZXN0 +IEVDIENBMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEw9orNEE3WC+HVv78ibopQ0tO +4G7DDldTMzlY1FK0kZU5CyPfXxckYkj8GpUpziwth8KIUoCv1mqrId240xxuWLjK +6LJpjvNBrSnDtF91p0dv1RkpVWmaUzsgtGYWYDMeo1MwUTAPBgNVHRMBAf8EBTAD +AQH/MB0GA1UdDgQWBBSdbSAkSQE/K8t4tRm8fiTJ2/s2fDAfBgNVHSMEGDAWgBSd +bSAkSQE/K8t4tRm8fiTJ2/s2fDAMBggqhkjOPQQDAgUAA2gAMGUCMQDpNWfBIlzq +6xV2UwQD/1YGz9fQUM7AfNKzVa2PVBpf/QD1TAylTYTF4GI6qlb6EPYCMF/YVa29 +N5yC1mFAir19jb9Pl9iiIkRm17dM4y6m5VIMepEPm/VlWAa8H5p1+BPbGw== -----END CERTIFICATE----- diff --git a/tests/data_files/test-ca_cat21.crt b/tests/data_files/test-ca_cat21.crt index 7234863c71..b090dc6eca 100644 --- a/tests/data_files/test-ca_cat21.crt +++ b/tests/data_files/test-ca_cat21.crt @@ -1,20 +1,18 @@ -----BEGIN CERTIFICATE----- -MIICUjCCAdegAwIBAgIJAMFD4n5iQ8zoMAoGCCqGSM49BAMCMD4xCzAJBgNVBAYT -Ak5MMREwDwYDVQQKEwhQb2xhclNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBF -QyBDQTAeFw0xMzA5MjQxNTQ5NDhaFw0yMzA5MjIxNTQ5NDhaMD4xCzAJBgNVBAYT -Ak5MMREwDwYDVQQKEwhQb2xhclNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBF -QyBDQTB2MBAGByqGSM49AgEGBSuBBAAiA2IABMPaKzRBN1gvh1b+/Im6KUNLTuBu -ww5XUzM5WNRStJGVOQsj318XJGJI/BqVKc4sLYfCiFKAr9ZqqyHduNMcbli4yuiy -aY7zQa0pw7RfdadHb9UZKVVpmlM7ILRmFmAzHqOBoDCBnTAdBgNVHQ4EFgQUnW0g -JEkBPyvLeLUZvH4kydv7NnwwbgYDVR0jBGcwZYAUnW0gJEkBPyvLeLUZvH4kydv7 -NnyhQqRAMD4xCzAJBgNVBAYTAk5MMREwDwYDVQQKEwhQb2xhclNTTDEcMBoGA1UE -AxMTUG9sYXJzc2wgVGVzdCBFQyBDQYIJAMFD4n5iQ8zoMAwGA1UdEwQFMAMBAf8w -CgYIKoZIzj0EAwIDaQAwZgIxAMO0YnNWKJUAfXgSJtJxexn4ipg+kv4znuR50v56 -t4d0PCu412mUC6Nnd7izvtE2MgIxAP1nnJQjZ8BWukszFQDG48wxCCyci9qpdSMv -uCjn8pwUOkABXK8Mss90fzCfCEOtIA== +MIICBzCCAYugAwIBAgIJAMFD4n5iQ8zoMAwGCCqGSM49BAMCBQAwPjELMAkGA1UE +BhMCTkwxETAPBgNVBAoMCFBvbGFyU1NMMRwwGgYDVQQDDBNQb2xhcnNzbCBUZXN0 +IEVDIENBMB4XDTE5MDIxMDE0NDQwMFoXDTI5MDIxMDE0NDQwMFowPjELMAkGA1UE +BhMCTkwxETAPBgNVBAoMCFBvbGFyU1NMMRwwGgYDVQQDDBNQb2xhcnNzbCBUZXN0 +IEVDIENBMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEw9orNEE3WC+HVv78ibopQ0tO +4G7DDldTMzlY1FK0kZU5CyPfXxckYkj8GpUpziwth8KIUoCv1mqrId240xxuWLjK +6LJpjvNBrSnDtF91p0dv1RkpVWmaUzsgtGYWYDMeo1MwUTAPBgNVHRMBAf8EBTAD +AQH/MB0GA1UdDgQWBBSdbSAkSQE/K8t4tRm8fiTJ2/s2fDAfBgNVHSMEGDAWgBSd +bSAkSQE/K8t4tRm8fiTJ2/s2fDAMBggqhkjOPQQDAgUAA2gAMGUCMQDpNWfBIlzq +6xV2UwQD/1YGz9fQUM7AfNKzVa2PVBpf/QD1TAylTYTF4GI6qlb6EPYCMF/YVa29 +N5yC1mFAir19jb9Pl9iiIkRm17dM4y6m5VIMepEPm/VlWAa8H5p1+BPbGw== -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- -MIIDQTCCAimgAwIBAgIBAzANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER +MIIDRDCCAiygAwIBAgIBAzANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN MTkwMjEwMTQ0NDAwWhcNMjkwMjEwMTQ0NDAwWjA7MQswCQYDVQQGEwJOTDERMA8G A1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwggEiMA0G @@ -24,12 +22,12 @@ mdTs6st8GFgIlKXsm8WL3xoemTiZhx57wI053zhdcHgH057Zk+i5clHFzqMwUqny YMPGn8u67GB9t+aEMr5P+1gmIgNb1LTV+/Xjli5wwOQuvfwu7uJBVcA0Ln0kcmnL R7EUQIN9Z/SG9jGr8XmksrUuEvmEF/Bibyc+E1ixVA0hmnM3oTDPb5Lc9un8rNsu KNF+AksjoBXyOGVkCeoMbo4bF6BxyLObyavpw/LPh5aPgAIynplYb6LVAgMBAAGj -UDBOMAwGA1UdEwQFMAMBAf8wHQYDVR0OBBYEFLRa5KWz3tJS9rnVppUP6z68x/3/ -MB8GA1UdIwQYMBaAFLRa5KWz3tJS9rnVppUP6z68x/3/MA0GCSqGSIb3DQEBBQUA -A4IBAQB0ZiNRFdia6kskaPnhrqejIRq8YMEGAf2oIPnyZ78xoyERgc35lHGyMtsL -hWicNjP4d/hS9As4j5KA2gdNGi5ETA1X7SowWOGsryivSpMSHVy1+HdfWlsYQOzm -8o+faQNUm8XzPVmttfAVspxeHSxJZ36Oo+QWZ5wZlCIEyjEdLUId+Tm4Bz3B5jRD -zZa/SaqDokq66N2zpbgKKAl3GU2O++fBqP2dSkdQykmTxhLLWRN8FJqhYATyQntZ -0QSi3W9HfSZPnFTcPIXeoiPd2pLlxt1hZu8dws2LTXE63uP6MM4LHvWxiuJaWkP/ -mtxyUALj2pQxRitopORFQdn7AOY5 +UzBRMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFLRa5KWz3tJS9rnVppUP6z68 +x/3/MB8GA1UdIwQYMBaAFLRa5KWz3tJS9rnVppUP6z68x/3/MA0GCSqGSIb3DQEB +BQUAA4IBAQCz557ZZmWv5UTTHebzTyVzku5ldpcicJPqKHP3xZ4tPPY52JQyJg/T +hsRB44yTyNo3/jo9or2KgVnc+/nCmnlvTq22a/j26DtKZ7wD9MWxunpkqRwExtA/ +G816msrl6X6m50WwdLXTvaVJGXCYp8TPVLx5YY3WPIVoX0CPN7Hs9iNJNiEWo4Qf +7dAqjWBB/QpusmWhjaDSc4+cFhT24Yo9HuS1yrkUTrBtJaj0AykTsiyFm6SBVDNH +9XIxCgYy9QrYbDKNtJXhuevpN0yUMV/aUnIkU2wTTouhOzZisjNk0sS1guqmSHzf +hlf8qotOhNvFXpEsCGwZUywayo7c4DtO -----END CERTIFICATE----- From 0f5ca2dc8709b979813694e395639d63d417a5c3 Mon Sep 17 00:00:00 2001 From: Pengyu Lv Date: Thu, 25 May 2023 09:24:17 +0800 Subject: [PATCH 260/328] Add rules to generate test-int-ca{2,3}.crt Signed-off-by: Pengyu Lv --- tests/data_files/Makefile | 29 ++++++++++++++++++++++++++-- tests/data_files/test-ca.opensslconf | 5 +++++ 2 files changed, 32 insertions(+), 2 deletions(-) diff --git a/tests/data_files/Makefile b/tests/data_files/Makefile index 80da98273c..7e3b3a0219 100644 --- a/tests/data_files/Makefile +++ b/tests/data_files/Makefile @@ -250,10 +250,35 @@ all_final += $(test_ca_crt_cat21) test-int-ca.csr: test-int-ca.key $(test_ca_config_file) $(OPENSSL) req -new -config $(test_ca_config_file) -key test-int-ca.key -subj "/C=NL/O=PolarSSL/CN=PolarSSL Test Intermediate CA" -out $@ -all_intermediate += test-int-ca.csr + +test-int-ca2.csr: test-int-ca2.key $(test_ca_config_file) + $(OPENSSL) req -new -config $(test_ca_config_file) -key test-int-ca2.key \ + -subj "/C=NL/O=PolarSSL/CN=PolarSSL Test Intermediate EC CA" -out $@ + +test-int-ca3.csr: test-int-ca3.key $(test_ca_config_file) + $(OPENSSL) req -new -config $(test_ca_config_file) -key test-int-ca3.key \ + -subj "/C=UK/O=mbed TLS/CN=mbed TLS Test intermediate CA 3" -out $@ + +all_intermediate += test-int-ca.csr test-int-ca2.csr test-int-ca3.csr + +test-int-ca.crt: $(test_ca_crt_file_ec) $(test_ca_key_file_ec) $(test_ca_config_file) test-int-ca.csr + $(OPENSSL) x509 -req -extfile $(test_ca_config_file) -extensions v3_ca -CA $(test_ca_crt_file_ec) -CAkey $(test_ca_key_file_ec) -set_serial 14 -days 3653 -sha256 -in test-int-ca.csr -out $@ + +test-int-ca2.crt: $(test_ca_key_file_rsa) $(test_ca_crt) $(test_ca_config_file) test-int-ca2.csr + $(OPENSSL) x509 -req -extfile $(test_ca_config_file) -extensions v3_ca -CA $(test_ca_crt) \ + -CAkey $(test_ca_key_file_rsa) -set_serial 15 -days 3653 -sha256 -in test-int-ca2.csr \ + -passin "pass:$(test_ca_pwd_rsa)" -out $@ + +# Note: This requests openssl version >= 3.x.xx +test-int-ca3.crt: test-int-ca2.crt test-int-ca2.key $(test_ca_config_file) test-int-ca3.csr + $(OPENSSL) x509 -req -extfile $(test_ca_config_file) -extensions no_subj_auth_id \ + -CA test-int-ca2.crt -CAkey test-int-ca2.key -set_serial 77 -days 3653 \ + -sha256 -in test-int-ca3.csr -out $@ + test-int-ca-exp.crt: $(test_ca_crt_file_ec) $(test_ca_key_file_ec) $(test_ca_config_file) test-int-ca.csr $(FAKETIME) -f -3653d $(OPENSSL) x509 -req -extfile $(test_ca_config_file) -extensions v3_ca -CA $(test_ca_crt_file_ec) -CAkey $(test_ca_key_file_ec) -set_serial 14 -days 3653 -sha256 -in test-int-ca.csr -out $@ -all_final += test-int-ca-exp.crt + +all_final += test-int-ca-exp.crt test-int-ca.crt test-int-ca2.crt test-int-ca3.crt enco-cert-utf8str.pem: rsa_pkcs1_1024_clear.pem $(MBEDTLS_CERT_WRITE) subject_key=rsa_pkcs1_1024_clear.pem subject_name="CN=dw.yonan.net" issuer_crt=enco-ca-prstr.pem issuer_key=rsa_pkcs1_1024_clear.pem not_before=20190210144406 not_after=20290210144406 md=SHA1 version=3 output_file=$@ diff --git a/tests/data_files/test-ca.opensslconf b/tests/data_files/test-ca.opensslconf index a642b7379a..ff22cdbb49 100644 --- a/tests/data_files/test-ca.opensslconf +++ b/tests/data_files/test-ca.opensslconf @@ -12,6 +12,11 @@ subjectKeyIdentifier=hash authorityKeyIdentifier=keyid:always,issuer:always basicConstraints = CA:true +[no_subj_auth_id] +subjectKeyIdentifier=none +authorityKeyIdentifier=none +basicConstraints = CA:true + [othername_san] subjectAltName=otherName:1.3.6.1.5.5.7.8.4;SEQ:hw_module_name From 193f414cf8c71689da604b6d59c890a51581b9f2 Mon Sep 17 00:00:00 2001 From: Pengyu Lv Date: Thu, 25 May 2023 09:38:03 +0800 Subject: [PATCH 261/328] Update test-int-ca*.crt Signed-off-by: Pengyu Lv --- tests/data_files/test-int-ca-exp.crt | 14 +++++++------- tests/data_files/test-int-ca.crt | 16 ++++++++-------- tests/data_files/test-int-ca2.crt | 22 +++++++++++----------- tests/data_files/test-int-ca3-badsign.crt | 16 ++++++++-------- tests/data_files/test-int-ca3.crt | 16 ++++++++-------- 5 files changed, 42 insertions(+), 42 deletions(-) diff --git a/tests/data_files/test-int-ca-exp.crt b/tests/data_files/test-int-ca-exp.crt index c549654b0f..835c7dbbfc 100644 --- a/tests/data_files/test-int-ca-exp.crt +++ b/tests/data_files/test-int-ca-exp.crt @@ -1,7 +1,7 @@ -----BEGIN CERTIFICATE----- MIIEATCCA4egAwIBAgIBDjAKBggqhkjOPQQDAjA+MQswCQYDVQQGEwJOTDERMA8G -A1UEChMIUG9sYXJTU0wxHDAaBgNVBAMTE1BvbGFyc3NsIFRlc3QgRUMgQ0EwHhcN -MDcwNjI3MTAzODM3WhcNMTcwNjI3MTAzODM3WjBIMQswCQYDVQQGEwJOTDERMA8G +A1UECgwIUG9sYXJTU0wxHDAaBgNVBAMME1BvbGFyc3NsIFRlc3QgRUMgQ0EwHhcN +MTMwNTE2MDcxMDM3WhcNMjMwNTE3MDcxMDM3WjBIMQswCQYDVQQGEwJOTDERMA8G A1UECgwIUG9sYXJTU0wxJjAkBgNVBAMMHVBvbGFyU1NMIFRlc3QgSW50ZXJtZWRp YXRlIENBMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAo1Oc8nr6fMTq vowV+CpC55i5BZGFGc50Eb4RLBSRTH1e7JepdFjAVbBtyQRJSiY1ja0tgLQDDKZR @@ -16,9 +16,9 @@ d6KXbrZteesvA1nYzEOs+3AjrbT79Md2W8Bz9bqBVNlNOESSqm4kiCJFmslm/6br Np0MSQd+o22PQ4xRtmP6UsTfU0ueiMpYc8TYYhMbfnfFyo4m707ebcflPbBEN2dg updQ66cvfCJB0QJt9upafY0lpdV1qUkCAwEAAaOBoDCBnTAdBgNVHQ4EFgQUOHfY a3ecKHeCi07YG6ke95QWtw4wbgYDVR0jBGcwZYAUnW0gJEkBPyvLeLUZvH4kydv7 -NnyhQqRAMD4xCzAJBgNVBAYTAk5MMREwDwYDVQQKEwhQb2xhclNTTDEcMBoGA1UE -AxMTUG9sYXJzc2wgVGVzdCBFQyBDQYIJAMFD4n5iQ8zoMAwGA1UdEwQFMAMBAf8w -CgYIKoZIzj0EAwIDaAAwZQIxAPu/FDEPvIC/BnzPQDAr1bQakGiwBsE9zGKRgXgX -Y3Q+XJKhMEKZ8h1m+S5c6taO0gIwNB14zmJ1gJ9X3+tPDfriWrVaNMG54Kr57/Ep -773Ap7Gxpk168id1EFhvW22YabKs +NnyhQqRAMD4xCzAJBgNVBAYTAk5MMREwDwYDVQQKDAhQb2xhclNTTDEcMBoGA1UE +AwwTUG9sYXJzc2wgVGVzdCBFQyBDQYIJAMFD4n5iQ8zoMAwGA1UdEwQFMAMBAf8w +CgYIKoZIzj0EAwIDaAAwZQIxAJH0e4fySJI2nJt1Knd+yU7zn1jTFDAABJMbndhR +07OSM6vwUaGSMVatSzr8ah+UDgIwaI/MBcorSxT92jAQb1W5dJkEudoYSg49fjAf +z0BtLCVhFwQlrzCqgXC98SGfT6sZ -----END CERTIFICATE----- diff --git a/tests/data_files/test-int-ca.crt b/tests/data_files/test-int-ca.crt index cbe99e0a62..8b2846d3b4 100644 --- a/tests/data_files/test-int-ca.crt +++ b/tests/data_files/test-int-ca.crt @@ -1,8 +1,8 @@ -----BEGIN CERTIFICATE----- MIIEATCCA4egAwIBAgIBDjAKBggqhkjOPQQDAjA+MQswCQYDVQQGEwJOTDERMA8G -A1UEChMIUG9sYXJTU0wxHDAaBgNVBAMTE1BvbGFyc3NsIFRlc3QgRUMgQ0EwHhcN -MTMwOTI0MTU1NTE0WhcNMjMwOTIyMTU1NTE0WjBIMQswCQYDVQQGEwJOTDERMA8G -A1UEChMIUG9sYXJTU0wxJjAkBgNVBAMTHVBvbGFyU1NMIFRlc3QgSW50ZXJtZWRp +A1UECgwIUG9sYXJTU0wxHDAaBgNVBAMME1BvbGFyc3NsIFRlc3QgRUMgQ0EwHhcN +MjMwNTE3MDcxMDM3WhcNMzMwNTE3MDcxMDM3WjBIMQswCQYDVQQGEwJOTDERMA8G +A1UECgwIUG9sYXJTU0wxJjAkBgNVBAMMHVBvbGFyU1NMIFRlc3QgSW50ZXJtZWRp YXRlIENBMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAo1Oc8nr6fMTq vowV+CpC55i5BZGFGc50Eb4RLBSRTH1e7JepdFjAVbBtyQRJSiY1ja0tgLQDDKZR wfEI+b4azse460InPHv7C1TN0upXlxuj6m9B1IlP+sBaM7WBC6dVfPO+jVMIxgkF @@ -16,9 +16,9 @@ d6KXbrZteesvA1nYzEOs+3AjrbT79Md2W8Bz9bqBVNlNOESSqm4kiCJFmslm/6br Np0MSQd+o22PQ4xRtmP6UsTfU0ueiMpYc8TYYhMbfnfFyo4m707ebcflPbBEN2dg updQ66cvfCJB0QJt9upafY0lpdV1qUkCAwEAAaOBoDCBnTAdBgNVHQ4EFgQUOHfY a3ecKHeCi07YG6ke95QWtw4wbgYDVR0jBGcwZYAUnW0gJEkBPyvLeLUZvH4kydv7 -NnyhQqRAMD4xCzAJBgNVBAYTAk5MMREwDwYDVQQKEwhQb2xhclNTTDEcMBoGA1UE -AxMTUG9sYXJzc2wgVGVzdCBFQyBDQYIJAMFD4n5iQ8zoMAwGA1UdEwQFMAMBAf8w -CgYIKoZIzj0EAwIDaAAwZQIxAPyE+u+eP7gRrSFjQicmpYg8jiFUCYEowWY2zuOG -i1HXYwmpDHfasQ3rNSuf/gHvjwIwbSSjumDk+uYNci/KMELDsD0MFHxZhhBc9Hp9 -Af5cNR8KhzegznL6amRObGGKmX1F +NnyhQqRAMD4xCzAJBgNVBAYTAk5MMREwDwYDVQQKDAhQb2xhclNTTDEcMBoGA1UE +AwwTUG9sYXJzc2wgVGVzdCBFQyBDQYIJAMFD4n5iQ8zoMAwGA1UdEwQFMAMBAf8w +CgYIKoZIzj0EAwIDaAAwZQIxAOAch+gz4rHfI/pm8MIDssMtJCqzS6xtOvQHJZ9l +fdgWfJV5cSHJpOIWGXeFKKR18wIwODTRnTIioy+bYacNq8TQPjzdVlT9XbYkWIYN +JAuV9fLJJdB5nZUG3l85Dt27VNkT -----END CERTIFICATE----- diff --git a/tests/data_files/test-int-ca2.crt b/tests/data_files/test-int-ca2.crt index 9ce44c2310..80f39b9cf7 100644 --- a/tests/data_files/test-int-ca2.crt +++ b/tests/data_files/test-int-ca2.crt @@ -1,18 +1,18 @@ -----BEGIN CERTIFICATE----- MIIC6TCCAdGgAwIBAgIBDzANBgkqhkiG9w0BAQsFADA7MQswCQYDVQQGEwJOTDER -MA8GA1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwHhcN -MTMwOTI0MTYwODQyWhcNMjMwOTIyMTYwODQyWjBLMQswCQYDVQQGEwJOTDERMA8G -A1UEChMIUG9sYXJTU0wxKTAnBgNVBAMTIFBvbGFyU1NMIFRlc3QgSW50ZXJtZWRp +MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN +MjMwNTE3MDkyNzAyWhcNMzMwNTE3MDkyNzAyWjBLMQswCQYDVQQGEwJOTDERMA8G +A1UECgwIUG9sYXJTU0wxKTAnBgNVBAMMIFBvbGFyU1NMIFRlc3QgSW50ZXJtZWRp YXRlIEVDIENBMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAE8Oih3fX5SLeN1dmFncQl WMw9+Y6sXblhlrXBxhXxjwdwpCHENn+foUVdrqYVYa7Suv3QVeO6nJ19H3QNixW8 ik1P+hxsbaq8bta78vAyHmC4EmXQLg1w7oxb9Q82qX1Yo4GVMIGSMB0GA1UdDgQW BBQPib1jQevLXhco/2gwPcGI0JxYOTBjBgNVHSMEXDBagBS0WuSls97SUva51aaV -D+s+vMf9/6E/pD0wOzELMAkGA1UEBhMCTkwxETAPBgNVBAoTCFBvbGFyU1NMMRkw -FwYDVQQDExBQb2xhclNTTCBUZXN0IENBggEAMAwGA1UdEwQFMAMBAf8wDQYJKoZI -hvcNAQELBQADggEBAAjeaTUaCBiXT1CYLVr6UFSeRNZBrDPnj6PwqUQTvgB5I5n6 -yXqoE4RYDaEL0Lg24juFxI26itBuypto6vscgGq77cfrP/avSdxU+xeZ4bCWvh3M -ddj9lmko2U8I8GhBcHpSuIiTvgKDB8eKkjeq3AsLGchHDvip8pB3IhcNfL7W94Zf -7/lH9VQiE3/px7amD32cidoPvWLA9U3f1FsPmJESUz0wwNfINpDjmPr8dGbkCN+M -CFhxo6sCfK8KLYG4nYX8FwxVR86kpSrO9e84AX0YYbdzxprbc2XOaebJ8+BDmzut -ARkD7DTXrodN1wV7jQJkrUuEwPj9Rhvk+MFRkaw= +D+s+vMf9/6E/pD0wOzELMAkGA1UEBhMCTkwxETAPBgNVBAoMCFBvbGFyU1NMMRkw +FwYDVQQDDBBQb2xhclNTTCBUZXN0IENBggEDMAwGA1UdEwQFMAMBAf8wDQYJKoZI +hvcNAQELBQADggEBAHTN0URrP2MpwD8vODymjjq7iaB7WFZ4CWUjx9LWu3PPZbX2 +12MxzkyFaVR7rnPKZSFHJJEmNaPDJWwYhGQRXLCoD6NiJy6De4fa5gSYoXthRGFf +GnFXZu3e37GDKoKP87TZ+VXcyx6PHvPxJB3/9N94Vj2Yh3hCs7F72GmwfDww6ooj +whIqhxBYOhPleANs70FZ7Y7tjZV1RtQ1/9sRcbyv9OvdPuWvukBVq1KM6nqVHBZ3 +/4kHBWaFaWMq/AAxMxaTGFAOA8S2yU56jkB65viQrpQQWffBJWK+WfrcgxRWqR33 +hqG3yT1IWbJ5E11XL9TCKD+DReqeXHyYawx8fBU= -----END CERTIFICATE----- diff --git a/tests/data_files/test-int-ca3-badsign.crt b/tests/data_files/test-int-ca3-badsign.crt index 2087056e8e..8c363152b1 100644 --- a/tests/data_files/test-int-ca3-badsign.crt +++ b/tests/data_files/test-int-ca3-badsign.crt @@ -1,12 +1,12 @@ -----BEGIN CERTIFICATE----- -MIIBtDCCATqgAwIBAgIBTTAKBggqhkjOPQQDAjBLMQswCQYDVQQGEwJOTDERMA8G -A1UEChMIUG9sYXJTU0wxKTAnBgNVBAMTIFBvbGFyU1NMIFRlc3QgSW50ZXJtZWRp -YXRlIEVDIENBMB4XDTE1MDkwMTE0MDg0M1oXDTI1MDgyOTE0MDg0M1owSjELMAkG -A1UEBhMCVUsxETAPBgNVBAoTCG1iZWQgVExTMSgwJgYDVQQDEx9tYmVkIFRMUyBU +MIIBszCCATqgAwIBAgIBTTAKBggqhkjOPQQDAjBLMQswCQYDVQQGEwJOTDERMA8G +A1UECgwIUG9sYXJTU0wxKTAnBgNVBAMMIFBvbGFyU1NMIFRlc3QgSW50ZXJtZWRp +YXRlIEVDIENBMB4XDTIzMDUxNzA3MTAzN1oXDTMzMDUxNzA3MTAzN1owSjELMAkG +A1UEBhMCVUsxETAPBgNVBAoMCG1iZWQgVExTMSgwJgYDVQQDDB9tYmVkIFRMUyBU ZXN0IGludGVybWVkaWF0ZSBDQSAzMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE 732fWHLNPMPsP1U1ibXvb55erlEVMlpXBGsj+KYwVqU1XCmW9Z9hhP7X/5js/DX9 -2J/utoHyjUtVpQOzdTrbsaMQMA4wDAYDVR0TBAUwAwEB/zAKBggqhkjOPQQDAgNo -ADBlAjAJRxbGRas3NBmk9MnGWXg7PT1xnRELHRWWIvfLdVQt06l1/xFg3ZuPdQdt -Qh7CK80CMQD7wa1o1a8qyDKBfLN636uKmKGga0E+vYXBeFCy9oARBangGCB0B2vt -pz590JvGWf0= +2J/utoHyjUtVpQOzdTrbsaMQMA4wDAYDVR0TBAUwAwEB/zAKBggqhkjOPQQDAgNn +ADBkAjAZx8k0q+DtT/LJd1FjPcG/peoQDfMBL2jS/6PwxW+3+ZPMpHZn0r+JpCaF ++V/sM9kCMGqcxQwx/bsMaK0y9zqshC7/S5hVlA+WRVyMfEGJmXnfbdwh6CByKIwv +1GRe86dg10== -----END CERTIFICATE----- diff --git a/tests/data_files/test-int-ca3.crt b/tests/data_files/test-int-ca3.crt index 7e724b241d..3aa64b137d 100644 --- a/tests/data_files/test-int-ca3.crt +++ b/tests/data_files/test-int-ca3.crt @@ -1,12 +1,12 @@ -----BEGIN CERTIFICATE----- -MIIBtDCCATqgAwIBAgIBTTAKBggqhkjOPQQDAjBLMQswCQYDVQQGEwJOTDERMA8G -A1UEChMIUG9sYXJTU0wxKTAnBgNVBAMTIFBvbGFyU1NMIFRlc3QgSW50ZXJtZWRp -YXRlIEVDIENBMB4XDTE1MDkwMTE0MDg0M1oXDTI1MDgyOTE0MDg0M1owSjELMAkG -A1UEBhMCVUsxETAPBgNVBAoTCG1iZWQgVExTMSgwJgYDVQQDEx9tYmVkIFRMUyBU +MIIBszCCATqgAwIBAgIBTTAKBggqhkjOPQQDAjBLMQswCQYDVQQGEwJOTDERMA8G +A1UECgwIUG9sYXJTU0wxKTAnBgNVBAMMIFBvbGFyU1NMIFRlc3QgSW50ZXJtZWRp +YXRlIEVDIENBMB4XDTIzMDUxNzA3MTAzN1oXDTMzMDUxNzA3MTAzN1owSjELMAkG +A1UEBhMCVUsxETAPBgNVBAoMCG1iZWQgVExTMSgwJgYDVQQDDB9tYmVkIFRMUyBU ZXN0IGludGVybWVkaWF0ZSBDQSAzMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE 732fWHLNPMPsP1U1ibXvb55erlEVMlpXBGsj+KYwVqU1XCmW9Z9hhP7X/5js/DX9 -2J/utoHyjUtVpQOzdTrbsaMQMA4wDAYDVR0TBAUwAwEB/zAKBggqhkjOPQQDAgNo -ADBlAjAJRxbGRas3NBmk9MnGWXg7PT1xnRELHRWWIvfLdVQt06l1/xFg3ZuPdQdt -Qh7CK80CMQD7wa1o1a8qyDKBfLN636uKmKGga0E+vYXBeFCy9oARBangGCB0B2vt -pz590JvGWfM= +2J/utoHyjUtVpQOzdTrbsaMQMA4wDAYDVR0TBAUwAwEB/zAKBggqhkjOPQQDAgNn +ADBkAjAZx8k0q+DtT/LJd1FjPcG/peoQDfMBL2jS/6PwxW+3+ZPMpHZn0r+JpCaF ++V/sM9kCMGqcxQwx/bsMaK0y9zqshC7/S5hVlA+WRVyMfEGJmXnfbdwh6CByKIwv +1GRe86dg1A== -----END CERTIFICATE----- From 0a7108f32dc9f75ab345999721b37de188500278 Mon Sep 17 00:00:00 2001 From: Pengyu Lv Date: Thu, 25 May 2023 10:04:05 +0800 Subject: [PATCH 262/328] Extend the validity period of pkcs7-rsa-sha*.crt to 10 years Signed-off-by: Pengyu Lv --- tests/data_files/Makefile | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/tests/data_files/Makefile b/tests/data_files/Makefile index 7e3b3a0219..936ef13d06 100644 --- a/tests/data_files/Makefile +++ b/tests/data_files/Makefile @@ -1569,17 +1569,17 @@ all_final += pkcs7_data_1.bin # Generate signing cert pkcs7-rsa-sha256-1.crt: - $(OPENSSL) req -x509 -subj="/C=NL/O=PKCS7/CN=PKCS7 Cert 1" -sha256 -nodes -days 365 -newkey rsa:2048 -keyout pkcs7-rsa-sha256-1.key -out pkcs7-rsa-sha256-1.crt + $(OPENSSL) req -x509 -subj="/C=NL/O=PKCS7/CN=PKCS7 Cert 1" -sha256 -nodes -days 3653 -newkey rsa:2048 -keyout pkcs7-rsa-sha256-1.key -out pkcs7-rsa-sha256-1.crt cat pkcs7-rsa-sha256-1.crt pkcs7-rsa-sha256-1.key > pkcs7-rsa-sha256-1.pem all_final += pkcs7-rsa-sha256-1.crt pkcs7-rsa-sha256-2.crt: - $(OPENSSL) req -x509 -subj="/C=NL/O=PKCS7/CN=PKCS7 Cert 2" -sha256 -nodes -days 365 -newkey rsa:2048 -keyout pkcs7-rsa-sha256-2.key -out pkcs7-rsa-sha256-2.crt + $(OPENSSL) req -x509 -subj="/C=NL/O=PKCS7/CN=PKCS7 Cert 2" -sha256 -nodes -days 3653 -newkey rsa:2048 -keyout pkcs7-rsa-sha256-2.key -out pkcs7-rsa-sha256-2.crt cat pkcs7-rsa-sha256-2.crt pkcs7-rsa-sha256-2.key > pkcs7-rsa-sha256-2.pem all_final += pkcs7-rsa-sha256-2.crt pkcs7-rsa-sha256-3.crt: - $(OPENSSL) req -x509 -subj="/C=NL/O=PKCS7/CN=PKCS7 Cert 3" -sha256 -nodes -days 365 -newkey rsa:2048 -keyout pkcs7-rsa-sha256-3.key -out pkcs7-rsa-sha256-3.crt + $(OPENSSL) req -x509 -subj="/C=NL/O=PKCS7/CN=PKCS7 Cert 3" -sha256 -nodes -days 3653 -newkey rsa:2048 -keyout pkcs7-rsa-sha256-3.key -out pkcs7-rsa-sha256-3.crt cat pkcs7-rsa-sha256-3.crt pkcs7-rsa-sha256-3.key > pkcs7-rsa-sha256-3.pem all_final += pkcs7-rsa-sha256-3.crt From cd378f2ffec7754351e2fdeea209fe92dc18abbd Mon Sep 17 00:00:00 2001 From: Pengyu Lv Date: Thu, 25 May 2023 10:08:21 +0800 Subject: [PATCH 263/328] Update pkcs7 files Signed-off-by: Pengyu Lv --- tests/data_files/pkcs7-rsa-sha256-1.crt | 32 +++---- tests/data_files/pkcs7-rsa-sha256-1.der | Bin 845 -> 845 bytes tests/data_files/pkcs7-rsa-sha256-1.key | 52 +++++------ tests/data_files/pkcs7-rsa-sha256-1.pem | 84 +++++++++--------- tests/data_files/pkcs7-rsa-sha256-2.crt | 32 +++---- tests/data_files/pkcs7-rsa-sha256-2.der | Bin 845 -> 845 bytes tests/data_files/pkcs7-rsa-sha256-2.key | 52 +++++------ tests/data_files/pkcs7-rsa-sha256-2.pem | 84 +++++++++--------- tests/data_files/pkcs7-rsa-sha256-3.crt | 32 +++---- tests/data_files/pkcs7-rsa-sha256-3.key | 52 +++++------ tests/data_files/pkcs7-rsa-sha256-3.pem | 84 +++++++++--------- tests/data_files/pkcs7_data_3_signed.der | Bin 1185 -> 1185 bytes .../data_files/pkcs7_data_cert_encrypted.der | Bin 452 -> 452 bytes .../pkcs7_data_cert_signed_sha1.der | Bin 1276 -> 1276 bytes .../pkcs7_data_cert_signed_sha256.der | Bin 1284 -> 1284 bytes .../pkcs7_data_cert_signed_sha512.der | Bin 1284 -> 1284 bytes .../data_files/pkcs7_data_cert_signed_v2.der | Bin 1284 -> 1284 bytes .../pkcs7_data_cert_signeddata_sha256.der | Bin 1265 -> 1265 bytes .../pkcs7_data_multiple_certs_signed.der | Bin 2504 -> 2504 bytes .../data_files/pkcs7_data_multiple_signed.der | Bin 810 -> 810 bytes .../data_files/pkcs7_data_signed_badcert.der | Bin 1284 -> 1284 bytes .../pkcs7_data_signed_badsigner.der | Bin 1284 -> 1284 bytes .../pkcs7_data_signed_badsigner1_badsize.der | Bin 1185 -> 1185 bytes .../pkcs7_data_signed_badsigner1_badtag.der | Bin 1185 -> 1185 bytes .../pkcs7_data_signed_badsigner1_fuzzbad.der | Bin 1185 -> 1185 bytes .../pkcs7_data_signed_badsigner2_badsize.der | Bin 1185 -> 1185 bytes .../pkcs7_data_signed_badsigner2_badtag.der | Bin 1185 -> 1185 bytes .../pkcs7_data_signed_badsigner2_fuzzbad.der | Bin 1185 -> 1185 bytes .../data_files/pkcs7_data_with_signature.der | Bin 446 -> 446 bytes .../pkcs7_data_without_cert_signed.der | Bin 435 -> 435 bytes ...o_1_serial_invalid_tag_after_long_name.der | Bin 810 -> 810 bytes .../pkcs7_signerInfo_2_invalid_tag.der | Bin 1185 -> 1185 bytes .../pkcs7_signerInfo_issuer_invalid_size.der | Bin 1284 -> 1284 bytes .../pkcs7_signerInfo_serial_invalid_size.der | Bin 1284 -> 1284 bytes .../data_files/pkcs7_zerolendata_detached.der | Bin 435 -> 435 bytes 35 files changed, 252 insertions(+), 252 deletions(-) diff --git a/tests/data_files/pkcs7-rsa-sha256-1.crt b/tests/data_files/pkcs7-rsa-sha256-1.crt index 9e461cd0c6..fe282ab836 100644 --- a/tests/data_files/pkcs7-rsa-sha256-1.crt +++ b/tests/data_files/pkcs7-rsa-sha256-1.crt @@ -1,20 +1,20 @@ -----BEGIN CERTIFICATE----- -MIIDSTCCAjGgAwIBAgIUe97d0kRM0c3+XEGoECyJt98ubL8wDQYJKoZIhvcNAQEL +MIIDSTCCAjGgAwIBAgIUI2LNEq0VTrCDZpmJyvSG20rKV+MwDQYJKoZIhvcNAQEL BQAwNDELMAkGA1UEBhMCTkwxDjAMBgNVBAoMBVBLQ1M3MRUwEwYDVQQDDAxQS0NT -NyBDZXJ0IDEwHhcNMjIxMDI4MTYxMDU2WhcNMjMxMDI4MTYxMDU2WjA0MQswCQYD +NyBDZXJ0IDEwHhcNMjMwNTA4MTAxOTExWhcNMzMwNTA4MTAxOTExWjA0MQswCQYD VQQGEwJOTDEOMAwGA1UECgwFUEtDUzcxFTATBgNVBAMMDFBLQ1M3IENlcnQgMTCC -ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMi2z2mJnNHw67TKZFwF5w4N -Lv7dzGHQicvVFaOaNXm5I0O2HsdQBg+07TeHYzJADkJfHTdsfnXClzMU7fS7MMj4 -3QO5/P+VWiRdSRN61uYAVsrBlVKoZdUhhxh8wELJxJ4+OpwXpTS0U82rwMsRO09j -9bMXS57pkCsZENEUlqJ5p0Mmrc/uEL/Z5+uvuzd76bY5WRZdE91XURccra08HTra -xovIAR1htUz2AXi+NoOaiayRq0GePKN9a6iB0lUYxNtovKb3yDYC9pmoaxf7Hnc7 -y+dLuTpJslGuhkKLV0Dhhoux1vq54ocS6Y7DGa2Pyk1zAQxLCcS4BFiWHnzwg1MC -AwEAAaNTMFEwHQYDVR0OBBYEFIru5ZR8xnxd1RWnbip+zTHuUv3IMB8GA1UdIwQY -MBaAFIru5ZR8xnxd1RWnbip+zTHuUv3IMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZI -hvcNAQELBQADggEBAIIda5jNRX3r0rCBrKJ+vs1Pk6zIKEQ7Oeq/+p+k6eRUO0b8 -wx4rW0gXeQPeppaaxKLMZXBlA5DxsI1DpML5dcfti/M1bHIYOAISRRqPEd5GVTy8 -1ltCVN249mg06yHdoqjzO1geFIRVesoblO6JMd3xYDe3pxcTIakZNq/Cf/zjld51 -1fcMuLWu4F/1BwiNZa8eQ5Zs1Cy+b3+s+NrgVd2CIrFpZSFyP4EkUXhZXJha6Rf9 -SzmYdz4al7e9EAhURvQlm8wJpFSSkoLBuJtx7Vh6d14KPUU2NB9F2ulp6AbJb+/H -EGd3bAK6IhIrkZmxTAwowESHUJBwuX890tbZcnM= +ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJqiVc1m06wYnKshqXSoOFDl +iFW6F/3I/vVmD6/kyTmsZ425tiCiunmSR2rlJc7/2aWbTH0P3ut3dinnooUsSws8 +EwRTjSdECDzF96QTCIUvhMHINQfpQuxSr9leK3AvoiCPi3XUefKhTuoF1A/bTQx2 +QcNzJluQPAzdvUDFBZLdLImjJ7gid1j7KSRZHjVxnFPnolr1EELXDJs29RVup1in +8fOaBIlHEArWuSgV2aQ7uVLuBHM8Nz0Y810PElgUaOCMxGvo/Ew4TpBJfDipSD2l +WFPisxnBzjmq3byi+mARpr+BHxETvbrZ1uRbaIA6bzGL1PZlw/vMcvuTHu3yKMkC +AwEAAaNTMFEwHQYDVR0OBBYEFBvPc+YWbxPtP3MFjmyrL6lQkJJvMB8GA1UdIwQY +MBaAFBvPc+YWbxPtP3MFjmyrL6lQkJJvMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZI +hvcNAQELBQADggEBAJK7huNJR+TlkZBHiCtb0KMfljHRWPuAL6fW0mGvBDeZyRTH +OzGdqgjnYzgYZ538pG7TsMGomrSQwlATfICKsf8dNSlnPqOiIPo2fdd8gr/tO7yl +FG/KvXk0v5Dfs4RGUs7UYdmzncEYC2JsToFsD4jja+5tnY//NJRxkJdswfn+wBqH +wN+y4qELdq+AEBKymbQsIwOBt3UdeVUwBBjtqJXFtET9yhqkqVxnb/i0jHrhjyiS +Q/Y+T9s35+A6XlI6nSiJLDxMfgJVCWa2OtGI//aAlzlw+6dHiiJVVBHpZbW0YTY4 +qE7kjhPrddJYlB6k4S3ub9j4e87k0P0IyFptxw8= -----END CERTIFICATE----- diff --git a/tests/data_files/pkcs7-rsa-sha256-1.der b/tests/data_files/pkcs7-rsa-sha256-1.der index 0d799ea335a51b79ecc1f0b50037469ab0b69ade..ed29e40933e1c2bd9ed4041fc3b8b2269eb208c4 100644 GIT binary patch delta 668 zcmV;N0%QHn2F(T|FoFX~FoFUxpaTK{0s<5xV$Bk*6;7~&W|@h~^oH9?%2(r&BT5=G zFf}kZF)%SXF)>;f4Kp(^H840aFflnXF_DK@f109I&1TcA7@VsisdT6~Q00hKx)=S( z{`F=LujI)&tY?k6wjiRqd6GwJ{74UUMp}fq9Bipb<}zCp-$=r)DPQD40b`ob0%AmJPh5vK*a@; zf88vJqbIl`cUb!=Bv~Fcahy}nKXV0+Y^yJ+P>_;ulPCfu zf0Da~<4H&4<&ls_h$~yrqaT(r(OCO{FQ?YhVXp)?naLE#J29QA2h~sPSZJm$*G?a0Wmu$iLfBwK4hrr*m;-L$6uYeE|vYE6jBLjiAbsc$C zFa#LwsFlUEME%Mdq^VqIZ}_x~df|^Kl0)`BPun-=;5uGXI-MwqEIdqp0#ylSwmQ*> z|Mq~FIdJ=@M~Wg=-O C-!cmT delta 668 zcmV;N0%QHn2F(T|FoFX~FoFUxpaTK{0s<6!-rdqfOwrB$TtTQ1EQz<@E^NP%BT5=F zF)%VXF*Y$UH8xro4Kgz^FfuqXHZd?YHj#%|f5^7aX^EWC@awe7WLyR34h=5;-OORo ziOba$qnb5&xg$fi9>-7y547z!hhs884nkiYH*9`&!k04??ex1a$oSm@x%~f?S|nXb z6MEL>09MMul~Sl>)ggx%e857<#GXDnoEN1uv{TKiz{?RkPh<777fYV$kSiGw(G-@V ze|e`vCaurz5Wm^y>#w^vd+D}0Sr%Or-B(c;9IdT99Xi^^i^u^TVYN*50eHSPgPMt~ zk*h(TJfnSUsDaW|7{uFXyr%caHUjpUsB0Jd9(Oy-=S#UdNwQI{hC+*1K;edqvDW&z z;)fFHj>8$PkIGGR0SrqC#JB`lmL7cYOM_Da0|5X5qf;(a1+tfGFt%}}eU-MIE>H0vSVqNwvbSRNFF zReH)BlIx2G2qA*mTQufl))f8&+jb=CI_xV5g}U-btFjb*PMLzZmREWU4l ztoYjCRo#Ljv1w%?azBA2QFvKgm|E!<{YyERcRm`Ix4jSuR7UhAo6HHMRFaZ{!MK}o z?O1wuUJ5-$HZ&ha+UaTN2FY*l#}H?CYy!F>5-X9Ju}lmoz(j{okZ`$wJ<`_M0&;Vx C%{4m! diff --git a/tests/data_files/pkcs7-rsa-sha256-1.key b/tests/data_files/pkcs7-rsa-sha256-1.key index e31159d561..c6367fb29c 100644 --- a/tests/data_files/pkcs7-rsa-sha256-1.key +++ b/tests/data_files/pkcs7-rsa-sha256-1.key @@ -1,28 +1,28 @@ -----BEGIN PRIVATE KEY----- -MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDIts9piZzR8Ou0 -ymRcBecODS7+3cxh0InL1RWjmjV5uSNDth7HUAYPtO03h2MyQA5CXx03bH51wpcz -FO30uzDI+N0Dufz/lVokXUkTetbmAFbKwZVSqGXVIYcYfMBCycSePjqcF6U0tFPN -q8DLETtPY/WzF0ue6ZArGRDRFJaieadDJq3P7hC/2efrr7s3e+m2OVkWXRPdV1EX -HK2tPB062saLyAEdYbVM9gF4vjaDmomskatBnjyjfWuogdJVGMTbaLym98g2AvaZ -qGsX+x53O8vnS7k6SbJRroZCi1dA4YaLsdb6ueKHEumOwxmtj8pNcwEMSwnEuARY -lh588INTAgMBAAECggEBAIg+P1B+TurbRMQ11iX5A7wwCsSKPh/vdHneLJAfL0lu -+JcP2piko1iqEZPt3NHRVVyMP8LNbJH3Ardz74p+PkFNXIkZCLlc4hFpGR+V9KWv -eTqsaPXwxR8FYTSoCcHMQCDCUPp/um6qMXCcs4OkMMRVMATfPT+jf28h1p52AUJL -aAoBJfn7gP3WiB0FWq0bRZgSZzNYowE/MhGAQ+DuBGTSASSK3YJcxE94044fBVE8 -EqYKrxoY/x56li5cZ0v9kaURCrvhqCeq2+U5kIkgtvp2l6wF0Mm1du3BLxo2LQEI -Y2j+6BFEV74Mtv48GTwrZcyit787zyo9vVGcviSD5VECgYEA/mgLc5KfF/cQLmM/ -20T4k0edvktkRIJHFUBphowt5Hb0a0wM5C1VM4z3yN3b9ikQK+ZaQXETdPATBXIe -LntX1D1xtbMxdcAfd1FSq8QxAuaPknJZBgtzlpCsx3ZvMnNuzKZN/TU8kR1biwPE -9HaeEG3bouUu+CI/l/DqrBbQRacCgYEAyfiqsLWGhXQ7e3pLk47PDYlMOsjDWPjs -SGcatH1/lIMWyZue4W2IUcFMbpbjA6QWibo3VnOavIRSTn97JNUWYvgc5MmaQ7iX -Iss4m3vJ1LIqx30iUgw3EfDoWdpufEEYssZ/VxJPs3sdmZGALgd3CaqxHJuhuS+U -eVhWzD6LonUCgYBRCbt8GRxsedrBrAPPSO0VnR52W3WZDRavglEa9tQ3jlzVQOhq -VrZpMWJMrb8/bl0kXsApUGeuPDsS5QMQM2IKzXfHNUlwBL8BNvpqlJg4IFFjiOEq -t8MeFv+ymdtZ6sNElUUKf0bHwt5CLfUzGgXHnfb0sKSBjgdL0wYtwyacyQKBgQDJ -NcyG4zEy/srLhtiIFnu8Fo40+hFzL/nlX6JBMc3KHJa1Hy43krF+ET6d5gAffndd -moDKxbzgFksRHPuHhCobSucuHpJq6RjYdvDcJYS7OwxXVRi9+KFcZE52RaBQdWGv -qQTvr7RrMDoa5dN3B8TVgpGT2JBTN02JXjKKo7zkiQKBgCZwKDiXl7qsGidvlFZc -4CEtFsCgnNgdRTzsTL/Pr8q9CBK3BhjZjNzQALF1iGFDC1FdFYFOwI1E3j+MRHJB -rQMF8zbmmlZ6SC5QtqatCSCCKUyrUjD5J+4UfJqWFjiBBdwz+5VJojHw1yijEwl4 -LrS/V2yBrDJVczQQM4psonLF +MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQCaolXNZtOsGJyr +Ial0qDhQ5YhVuhf9yP71Zg+v5Mk5rGeNubYgorp5kkdq5SXO/9mlm0x9D97rd3Yp +56KFLEsLPBMEU40nRAg8xfekEwiFL4TByDUH6ULsUq/ZXitwL6Igj4t11HnyoU7q +BdQP200MdkHDcyZbkDwM3b1AxQWS3SyJoye4IndY+ykkWR41cZxT56Ja9RBC1wyb +NvUVbqdYp/HzmgSJRxAK1rkoFdmkO7lS7gRzPDc9GPNdDxJYFGjgjMRr6PxMOE6Q +SXw4qUg9pVhT4rMZwc45qt28ovpgEaa/gR8RE7262dbkW2iAOm8xi9T2ZcP7zHL7 +kx7t8ijJAgMBAAECggEACirXl611yERng7iPRO59InOPKOzXID6XpgDHkgYJ5ZcE +iYzvENsGRhFUTQ7jUyafM8x/5V62ZnbYwAVdGiLJDeRtryyDtNPcM0vEfkcqmaA/ +20J72yjvF60RpyoSEtqs7zVlAvK9MHMDBm/q6z59BM9fQFfJSz6y9hkb1R8HQGpc +ktIBxqANvQ3XYzPwxBdECB6YH12t1UkCEFNmOVup7M/TpMBu79h4cd69Q709iOqP +9kIOxABrRE7evWpwYHFCI7QfbRpFeY7I9b94NQULmOLKJm8QfYfXumzfIQ3gqUW2 +WyIOJc5zAftQ/7Ddu5CKbqsL7yBiMGxI4IHQZ/gEcQKBgQDBE3Fl8XW7JpP9J0vw +VvCBGJgPOU7tn9JG082RUr0pi7HRiEo23zL37PvwPwjn81SkWmh9WcIQFm8Ip4Oy +9sUMR0oInjU3PaAI2oRQCOPynod23wC4tVmjLrNBek8T2AnTtkvSZalooACNumgD +Ef/hpMYDa2O9dTbjtqNOp2AOuQKBgQDNB6UGzwY+HDG444Ir/Q2s2XjOD1cvG3q8 +3NaSnIHuxJeUhYlBXmWsygpGLrq4i5h4EWPz8qKWQwBDwsZIBGisJFQcQzsXS9/Z ++F8l555ikb/AsbZHrWw+miTauXT0xe1dbjkqqpAiiYfJFeDss32WqgaAUD28IK9P +djR85p9ikQKBgHuRDPcYZKelFftjpfcoPP3yFodPvxLXQUVxElQaZtPrAp++IPkj +OcRwWAE25mVEVvxknBD1W/zdzqv0QZZM1ml4SopfbmFvQDfKWfm65uAE01+hcx3D +ep20KqcSNv/VONzVA4ug4p4CILiT/zNP1rq7sLrJhOjg1oNABR42goSJAoGAcs1N +Ajr5a92tmbEKOkc/WQGMOxUr5Bym5QlivEUWG/PITElZSVjp5Y5bomCX/K1teg2C +wh2iHDD3/PkavUh6s6jDz+91Lt41QX9pB3hhnx+tFuBrCEd6zLLS4AXoDwakmiQV +rmZCvpPzjAzMHL2EHNCnQ0Gqz6QdhYjSav1XUYECgYBiv8t7WZFLIsi7Baa1oocv +VU9WsohcqTGP8/i+J4fuRRVGDLl/jcBFm5dYzGVSbpBaM0qhfGIyaAmInHozxooR ++izbLM5nSAO3fXEsPROEx9RwLxQmrs2Ee5W4qDajTm3VOhfQXHQf/z5o3xsdnQJt +mbHCXPhmMn9O6jmrDlGeMg== -----END PRIVATE KEY----- diff --git a/tests/data_files/pkcs7-rsa-sha256-1.pem b/tests/data_files/pkcs7-rsa-sha256-1.pem index 3795b71887..deee4b2e6c 100644 --- a/tests/data_files/pkcs7-rsa-sha256-1.pem +++ b/tests/data_files/pkcs7-rsa-sha256-1.pem @@ -1,48 +1,48 @@ -----BEGIN CERTIFICATE----- -MIIDSTCCAjGgAwIBAgIUe97d0kRM0c3+XEGoECyJt98ubL8wDQYJKoZIhvcNAQEL +MIIDSTCCAjGgAwIBAgIUI2LNEq0VTrCDZpmJyvSG20rKV+MwDQYJKoZIhvcNAQEL BQAwNDELMAkGA1UEBhMCTkwxDjAMBgNVBAoMBVBLQ1M3MRUwEwYDVQQDDAxQS0NT -NyBDZXJ0IDEwHhcNMjIxMDI4MTYxMDU2WhcNMjMxMDI4MTYxMDU2WjA0MQswCQYD +NyBDZXJ0IDEwHhcNMjMwNTA4MTAxOTExWhcNMzMwNTA4MTAxOTExWjA0MQswCQYD VQQGEwJOTDEOMAwGA1UECgwFUEtDUzcxFTATBgNVBAMMDFBLQ1M3IENlcnQgMTCC -ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMi2z2mJnNHw67TKZFwF5w4N -Lv7dzGHQicvVFaOaNXm5I0O2HsdQBg+07TeHYzJADkJfHTdsfnXClzMU7fS7MMj4 -3QO5/P+VWiRdSRN61uYAVsrBlVKoZdUhhxh8wELJxJ4+OpwXpTS0U82rwMsRO09j -9bMXS57pkCsZENEUlqJ5p0Mmrc/uEL/Z5+uvuzd76bY5WRZdE91XURccra08HTra -xovIAR1htUz2AXi+NoOaiayRq0GePKN9a6iB0lUYxNtovKb3yDYC9pmoaxf7Hnc7 -y+dLuTpJslGuhkKLV0Dhhoux1vq54ocS6Y7DGa2Pyk1zAQxLCcS4BFiWHnzwg1MC -AwEAAaNTMFEwHQYDVR0OBBYEFIru5ZR8xnxd1RWnbip+zTHuUv3IMB8GA1UdIwQY -MBaAFIru5ZR8xnxd1RWnbip+zTHuUv3IMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZI -hvcNAQELBQADggEBAIIda5jNRX3r0rCBrKJ+vs1Pk6zIKEQ7Oeq/+p+k6eRUO0b8 -wx4rW0gXeQPeppaaxKLMZXBlA5DxsI1DpML5dcfti/M1bHIYOAISRRqPEd5GVTy8 -1ltCVN249mg06yHdoqjzO1geFIRVesoblO6JMd3xYDe3pxcTIakZNq/Cf/zjld51 -1fcMuLWu4F/1BwiNZa8eQ5Zs1Cy+b3+s+NrgVd2CIrFpZSFyP4EkUXhZXJha6Rf9 -SzmYdz4al7e9EAhURvQlm8wJpFSSkoLBuJtx7Vh6d14KPUU2NB9F2ulp6AbJb+/H -EGd3bAK6IhIrkZmxTAwowESHUJBwuX890tbZcnM= +ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJqiVc1m06wYnKshqXSoOFDl +iFW6F/3I/vVmD6/kyTmsZ425tiCiunmSR2rlJc7/2aWbTH0P3ut3dinnooUsSws8 +EwRTjSdECDzF96QTCIUvhMHINQfpQuxSr9leK3AvoiCPi3XUefKhTuoF1A/bTQx2 +QcNzJluQPAzdvUDFBZLdLImjJ7gid1j7KSRZHjVxnFPnolr1EELXDJs29RVup1in +8fOaBIlHEArWuSgV2aQ7uVLuBHM8Nz0Y810PElgUaOCMxGvo/Ew4TpBJfDipSD2l +WFPisxnBzjmq3byi+mARpr+BHxETvbrZ1uRbaIA6bzGL1PZlw/vMcvuTHu3yKMkC +AwEAAaNTMFEwHQYDVR0OBBYEFBvPc+YWbxPtP3MFjmyrL6lQkJJvMB8GA1UdIwQY +MBaAFBvPc+YWbxPtP3MFjmyrL6lQkJJvMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZI +hvcNAQELBQADggEBAJK7huNJR+TlkZBHiCtb0KMfljHRWPuAL6fW0mGvBDeZyRTH +OzGdqgjnYzgYZ538pG7TsMGomrSQwlATfICKsf8dNSlnPqOiIPo2fdd8gr/tO7yl +FG/KvXk0v5Dfs4RGUs7UYdmzncEYC2JsToFsD4jja+5tnY//NJRxkJdswfn+wBqH +wN+y4qELdq+AEBKymbQsIwOBt3UdeVUwBBjtqJXFtET9yhqkqVxnb/i0jHrhjyiS +Q/Y+T9s35+A6XlI6nSiJLDxMfgJVCWa2OtGI//aAlzlw+6dHiiJVVBHpZbW0YTY4 +qE7kjhPrddJYlB6k4S3ub9j4e87k0P0IyFptxw8= -----END CERTIFICATE----- -----BEGIN PRIVATE KEY----- -MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDIts9piZzR8Ou0 -ymRcBecODS7+3cxh0InL1RWjmjV5uSNDth7HUAYPtO03h2MyQA5CXx03bH51wpcz -FO30uzDI+N0Dufz/lVokXUkTetbmAFbKwZVSqGXVIYcYfMBCycSePjqcF6U0tFPN -q8DLETtPY/WzF0ue6ZArGRDRFJaieadDJq3P7hC/2efrr7s3e+m2OVkWXRPdV1EX -HK2tPB062saLyAEdYbVM9gF4vjaDmomskatBnjyjfWuogdJVGMTbaLym98g2AvaZ -qGsX+x53O8vnS7k6SbJRroZCi1dA4YaLsdb6ueKHEumOwxmtj8pNcwEMSwnEuARY -lh588INTAgMBAAECggEBAIg+P1B+TurbRMQ11iX5A7wwCsSKPh/vdHneLJAfL0lu -+JcP2piko1iqEZPt3NHRVVyMP8LNbJH3Ardz74p+PkFNXIkZCLlc4hFpGR+V9KWv -eTqsaPXwxR8FYTSoCcHMQCDCUPp/um6qMXCcs4OkMMRVMATfPT+jf28h1p52AUJL -aAoBJfn7gP3WiB0FWq0bRZgSZzNYowE/MhGAQ+DuBGTSASSK3YJcxE94044fBVE8 -EqYKrxoY/x56li5cZ0v9kaURCrvhqCeq2+U5kIkgtvp2l6wF0Mm1du3BLxo2LQEI -Y2j+6BFEV74Mtv48GTwrZcyit787zyo9vVGcviSD5VECgYEA/mgLc5KfF/cQLmM/ -20T4k0edvktkRIJHFUBphowt5Hb0a0wM5C1VM4z3yN3b9ikQK+ZaQXETdPATBXIe -LntX1D1xtbMxdcAfd1FSq8QxAuaPknJZBgtzlpCsx3ZvMnNuzKZN/TU8kR1biwPE -9HaeEG3bouUu+CI/l/DqrBbQRacCgYEAyfiqsLWGhXQ7e3pLk47PDYlMOsjDWPjs -SGcatH1/lIMWyZue4W2IUcFMbpbjA6QWibo3VnOavIRSTn97JNUWYvgc5MmaQ7iX -Iss4m3vJ1LIqx30iUgw3EfDoWdpufEEYssZ/VxJPs3sdmZGALgd3CaqxHJuhuS+U -eVhWzD6LonUCgYBRCbt8GRxsedrBrAPPSO0VnR52W3WZDRavglEa9tQ3jlzVQOhq -VrZpMWJMrb8/bl0kXsApUGeuPDsS5QMQM2IKzXfHNUlwBL8BNvpqlJg4IFFjiOEq -t8MeFv+ymdtZ6sNElUUKf0bHwt5CLfUzGgXHnfb0sKSBjgdL0wYtwyacyQKBgQDJ -NcyG4zEy/srLhtiIFnu8Fo40+hFzL/nlX6JBMc3KHJa1Hy43krF+ET6d5gAffndd -moDKxbzgFksRHPuHhCobSucuHpJq6RjYdvDcJYS7OwxXVRi9+KFcZE52RaBQdWGv -qQTvr7RrMDoa5dN3B8TVgpGT2JBTN02JXjKKo7zkiQKBgCZwKDiXl7qsGidvlFZc -4CEtFsCgnNgdRTzsTL/Pr8q9CBK3BhjZjNzQALF1iGFDC1FdFYFOwI1E3j+MRHJB -rQMF8zbmmlZ6SC5QtqatCSCCKUyrUjD5J+4UfJqWFjiBBdwz+5VJojHw1yijEwl4 -LrS/V2yBrDJVczQQM4psonLF +MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQCaolXNZtOsGJyr +Ial0qDhQ5YhVuhf9yP71Zg+v5Mk5rGeNubYgorp5kkdq5SXO/9mlm0x9D97rd3Yp +56KFLEsLPBMEU40nRAg8xfekEwiFL4TByDUH6ULsUq/ZXitwL6Igj4t11HnyoU7q +BdQP200MdkHDcyZbkDwM3b1AxQWS3SyJoye4IndY+ykkWR41cZxT56Ja9RBC1wyb +NvUVbqdYp/HzmgSJRxAK1rkoFdmkO7lS7gRzPDc9GPNdDxJYFGjgjMRr6PxMOE6Q +SXw4qUg9pVhT4rMZwc45qt28ovpgEaa/gR8RE7262dbkW2iAOm8xi9T2ZcP7zHL7 +kx7t8ijJAgMBAAECggEACirXl611yERng7iPRO59InOPKOzXID6XpgDHkgYJ5ZcE +iYzvENsGRhFUTQ7jUyafM8x/5V62ZnbYwAVdGiLJDeRtryyDtNPcM0vEfkcqmaA/ +20J72yjvF60RpyoSEtqs7zVlAvK9MHMDBm/q6z59BM9fQFfJSz6y9hkb1R8HQGpc +ktIBxqANvQ3XYzPwxBdECB6YH12t1UkCEFNmOVup7M/TpMBu79h4cd69Q709iOqP +9kIOxABrRE7evWpwYHFCI7QfbRpFeY7I9b94NQULmOLKJm8QfYfXumzfIQ3gqUW2 +WyIOJc5zAftQ/7Ddu5CKbqsL7yBiMGxI4IHQZ/gEcQKBgQDBE3Fl8XW7JpP9J0vw +VvCBGJgPOU7tn9JG082RUr0pi7HRiEo23zL37PvwPwjn81SkWmh9WcIQFm8Ip4Oy +9sUMR0oInjU3PaAI2oRQCOPynod23wC4tVmjLrNBek8T2AnTtkvSZalooACNumgD +Ef/hpMYDa2O9dTbjtqNOp2AOuQKBgQDNB6UGzwY+HDG444Ir/Q2s2XjOD1cvG3q8 +3NaSnIHuxJeUhYlBXmWsygpGLrq4i5h4EWPz8qKWQwBDwsZIBGisJFQcQzsXS9/Z ++F8l555ikb/AsbZHrWw+miTauXT0xe1dbjkqqpAiiYfJFeDss32WqgaAUD28IK9P +djR85p9ikQKBgHuRDPcYZKelFftjpfcoPP3yFodPvxLXQUVxElQaZtPrAp++IPkj +OcRwWAE25mVEVvxknBD1W/zdzqv0QZZM1ml4SopfbmFvQDfKWfm65uAE01+hcx3D +ep20KqcSNv/VONzVA4ug4p4CILiT/zNP1rq7sLrJhOjg1oNABR42goSJAoGAcs1N +Ajr5a92tmbEKOkc/WQGMOxUr5Bym5QlivEUWG/PITElZSVjp5Y5bomCX/K1teg2C +wh2iHDD3/PkavUh6s6jDz+91Lt41QX9pB3hhnx+tFuBrCEd6zLLS4AXoDwakmiQV +rmZCvpPzjAzMHL2EHNCnQ0Gqz6QdhYjSav1XUYECgYBiv8t7WZFLIsi7Baa1oocv +VU9WsohcqTGP8/i+J4fuRRVGDLl/jcBFm5dYzGVSbpBaM0qhfGIyaAmInHozxooR ++izbLM5nSAO3fXEsPROEx9RwLxQmrs2Ee5W4qDajTm3VOhfQXHQf/z5o3xsdnQJt +mbHCXPhmMn9O6jmrDlGeMg== -----END PRIVATE KEY----- diff --git a/tests/data_files/pkcs7-rsa-sha256-2.crt b/tests/data_files/pkcs7-rsa-sha256-2.crt index a0df7d93db..2f0becb5c5 100644 --- a/tests/data_files/pkcs7-rsa-sha256-2.crt +++ b/tests/data_files/pkcs7-rsa-sha256-2.crt @@ -1,20 +1,20 @@ -----BEGIN CERTIFICATE----- -MIIDSTCCAjGgAwIBAgIUVk1VQCWvWZ4ycHmycg7wDfN8+3wwDQYJKoZIhvcNAQEL +MIIDSTCCAjGgAwIBAgIULQiixEME/TOd8CzfFgp/HxWQOj4wDQYJKoZIhvcNAQEL BQAwNDELMAkGA1UEBhMCTkwxDjAMBgNVBAoMBVBLQ1M3MRUwEwYDVQQDDAxQS0NT -NyBDZXJ0IDIwHhcNMjIxMDI4MTYxMDU2WhcNMjMxMDI4MTYxMDU2WjA0MQswCQYD +NyBDZXJ0IDIwHhcNMjMwNTA4MTAxOTExWhcNMzMwNTA4MTAxOTExWjA0MQswCQYD VQQGEwJOTDEOMAwGA1UECgwFUEtDUzcxFTATBgNVBAMMDFBLQ1M3IENlcnQgMjCC -ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMmVNZZ0/qcT+h/lVNO+gP65 -lERTTudQ15h8QTLjaKhx5SSTLnuUhD0jLbR+ng8PMqdJ8ePkZEh1+7mi9MHzID4Y -c47jH8M+Jc/JdBr6cSjbFd23QHESUjKKmV1IjSHc6Llbxe962z4gEXYjJAMkfr6B -g1iecK3AlnEI4F0BsQfC5dgA4Qce2okvcTuhYgvHtLZ+UN4ca50Kw0o4u5FYdl89 -KDCE4zNp8MaaxGC83xcM4A9XqjHyZ7a2wvACTlmLQ2q/E+RN/8THEel4Y+yv82Uj -j2LqqEaA06dvSdOPdaGz9jUZauqBw7TcuGGVzrrsZ0g/sHXKng9TppehAV/HrJUC -AwEAAaNTMFEwHQYDVR0OBBYEFI5FVrtfLwPXRERcyVX6qBVvfoduMB8GA1UdIwQY -MBaAFI5FVrtfLwPXRERcyVX6qBVvfoduMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZI -hvcNAQELBQADggEBAKRl0wgREe6eAduJSV5fs+Ec0s2qs2lHQqt/0JGEIbZBBtka -q1UH9CIMMAd6Kb0kh5GlJT2shg/EAYWoitMwntkeRYTln2k2/B5jux+U5Ph4HyC+ -ad2GqmsoXWDru79rltT7Pv1hS1ofJyQ4Jv88vQA/SuIIRGdTC24VAVgg00JxvDRB -xeqsQ9Pld4ebg4VvqsInnSpmKCcxfWxFhJk/Ax8bK/tV/GnrPiwsvry1j9nZyebS -IyI01/6DwJS2ZhFnsLGyPHFOAFNtomjIdQ6gf2L1wq0qiGOKj/K9IzFNCpCz82a+ -gMgqFzCT5TCZC16kUG2NA2pXAx9O4uppKjRk97U= +ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANarbCe4NkIbeBjAEKWuHhA7 +haz080iy8N1Xbdr0Xa6llOLKgsDVNxkzW+WHRgJNZAtN8XgT7IubIrno9ygcBK5B +b1E4/Butpfnw5aSJhW2uI8Wl7/xCvonEDd3jBQUA4cO8x3ie+7WcGJC2mUXlgUuJ +jdvX7/px5DQuJwy0R3Vul0IOSBvzXVo9UOTYkmoQI2e2UcAk6aU3zQKK8Db5dmlR +cA+sVCb9j1tEmSXQAj0XfXv0Sqijwr7MUYB9vUt2wYexC3b0SosqNqg7MYx6eDUJ +adVvPwHW4VQh5Rv9TVYr9Rpc1pyfgjtvlnouPU+yROJ9VO0irbMY5LI2rAIpQksC +AwEAAaNTMFEwHQYDVR0OBBYEFOozYBd7pxAmsVUtJwSQvRGNvKO9MB8GA1UdIwQY +MBaAFOozYBd7pxAmsVUtJwSQvRGNvKO9MA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZI +hvcNAQELBQADggEBAJmOMP3gVqP0/vFqPdMjIa5Pjtwy02z4Z4uLplo/4K8CQp6T ++XMfz+p/UDoglyAuZ34TQ/dnGMM9EFEBgm/O5dJHl442+FrortIEhzGo0QAf+XYK +9HQKVk0a5ecVO9CZw2mduxMJ//r9GyFG0XSqpNqt2yi7UgcPsrq+2OqhzYngYmyr +V5HtQzwBaIqwoXzhHIOX1pJg4GUxrhsaqInrhUM0VTdfpKcRlzFsimQ60LZ6GMcm +rPy3oLs1ioVfYS7et0MnGhgSHIjBeocqYKchzfBk/NnF0eK+lJo+hrGk6F2rDJ4G +ViNKP6MhMBzlZ73yTRTWZcYu6O+sg5cHwjlHhRc= -----END CERTIFICATE----- diff --git a/tests/data_files/pkcs7-rsa-sha256-2.der b/tests/data_files/pkcs7-rsa-sha256-2.der index fc7a3eabf7b575630dd1a9d74ad17c128a902cbb..a101435991459604a11220538ecee2b8b248c221 100644 GIT binary patch delta 668 zcmX@hc9u=qpo!Vjpoz(F0W%XL6O)K8$D$+7EPsvXe$cru##JvbI>E|rqOzBiv4N?9 zg`t6=rJ-SzIIl4hcVc@){k7FO>O0Jwq$?y22rOMECt%&W=F4Y~O&{)t=id4fyKd=} zN2i(&Ts4<8j(*zi#^jsA?fbDp_)Yh0rJXOnYsj#ybIcF4_#?e`>CX>Omvpw~u2Vj` z^!*>FeVs>m?>=T_Wq5da&+&?Rzqihjn6Pc8>(fT>&feSC-~TFnVxp(cv&Fr%K5x1c zpNI74*eKh8CpRW#2`Hy;3p}9ma;f=QrmhcWKg%)$3;5TBsQvAacA2Sqfyq|9w)%_L zip7Waoe6BH-RoU;uze$U*%z;FEwdHYhCNjkrkt5q^X(b0Jq%HND*e|tO#7=;%(Xf5 zo2>JvRq5IKZ*qB58}e3Z?PiH5o6OcQX?i<(GchwVFfI-@2sDsoV-A(&V-aH!d1ag+ zUcFpEZDXjeI?IH;g1vhd?=_GINh`BR7>G4sRWMnDNwt1vpTXY;VT-@~`WRn`p9`k1(lnM_&)G{uK8UvQQ1q%$k4#Z z!qCjnz|<^CoY%-0!JXJ1QGar(>9mr6%Y}c*KMlFOui@X$DK5c&&jYT{sBtuUoUx+t zsmf%%>M1R@%DP+X=JE3zE%*HR_(_UK>F=G3z8w6lU?)-B_gMb0o$C3MB~rf%HExUE z-R@8*6lByjGuES5@y?5#(MR7`-L_K@EK^otR;k<9*c>shVC{ivg&YrJ88@=mA9{L& z;UT-+txo+y>xD_&$G2>&3%DnfJ(ugSm&NXh5oPhV8U`(ojWa(Sn{^~%&wX*82mIly z3_qoB+ji&!lV4=FbJl+0C%*rW92b09k^E-;=TznXq*p848ZIx-_q^O+x^VM1Q^~AX zjfc0~*^xN)+^#q29`+kbPtD^GUN(IpWBhUNHB*_G85tNC2O9($$g(kq%JQ*@v554! zhV72mXTI*@5_2;2*9y`6y7oK+d62X+i-dt#16Bo-HJDWEm!w|i5EOhjkMVY=XI%W| zhccJWuG*aG?zFo8!o(KEZH{a=rB;Wse^KHwV6W2LtI|GksjBUoHvS`wtt+}N8_c^Y z=i2ggex}(Ux#ZpQQ=a^&kXP83dADs)rdar(OAN_czfyN?u*XLhZlJUIu%w zM;tEc!Q6SGj1dZ#o$3qsm^dDNwZ{4K)AIJ&&8_*X4yn)8O4Cp`tj%$4nQ6}~FRlGM z^iSq%I~|>Ud$#u9ym|83C1oX(>;IY$Oxczun7(1-CYwS(hTz;q87E5l7StzwJ+xM< zBe|>p(_UpmU#ep`eve*dYMG=kecuWIcTFeT diff --git a/tests/data_files/pkcs7-rsa-sha256-2.key b/tests/data_files/pkcs7-rsa-sha256-2.key index 659c015666..fe78b1130a 100644 --- a/tests/data_files/pkcs7-rsa-sha256-2.key +++ b/tests/data_files/pkcs7-rsa-sha256-2.key @@ -1,28 +1,28 @@ -----BEGIN PRIVATE KEY----- -MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDJlTWWdP6nE/of -5VTTvoD+uZREU07nUNeYfEEy42ioceUkky57lIQ9Iy20fp4PDzKnSfHj5GRIdfu5 -ovTB8yA+GHOO4x/DPiXPyXQa+nEo2xXdt0BxElIyipldSI0h3Oi5W8Xvets+IBF2 -IyQDJH6+gYNYnnCtwJZxCOBdAbEHwuXYAOEHHtqJL3E7oWILx7S2flDeHGudCsNK -OLuRWHZfPSgwhOMzafDGmsRgvN8XDOAPV6ox8me2tsLwAk5Zi0NqvxPkTf/ExxHp -eGPsr/NlI49i6qhGgNOnb0nTj3Whs/Y1GWrqgcO03Lhhlc667GdIP7B1yp4PU6aX -oQFfx6yVAgMBAAECggEBAMVHm3w134qQCHfyroPTqtaftDTx+wRyn6yB3iT5XdGM -NZ8H07Pp80kKBo7gY7uFOiNyQKKxQFuR69sPWc3+LI3YzC8IpGslhUfHdjN46gn7 -73hfAVgnf/4qmlEq0cRUOAY/hIUMjUhNhglB9tqEeu3iPjMaTFgfZJwW/czH/QMD -w4zj5XoLgwRkqVvUceu/dBgV8KP5DpON+q8wpfWtjunv7rg5Nc3BVBrpb5SadJ7T -i5TsS+pZQyp+mTvyCI3A1hkr2Vw5tULWO8SPhuEQkdtC/CL+luCUO7L16lU6KhFB -qP5Fduik5skyLCVvAMUkjKcrC22k0gkhOHvfmMhjaAECgYEA68+hAQIiV9ErZGk9 -ZLu+VJHBSPmEQCkUcbviwzoRo8YSyka12TZERy+NJcvmD9deNgFbp8GyZf01XJWH -slSYt6LyInrJrTpv+3q2Vl5GQp0f+39i7MHnwGGKbWsDbSAm+L9yKTJzYJz1O5fo -in06AiyyGPwnXd1cm5bTXVX+dQECgYEA2tdi6DXF8awE23pv4HphPBhXS5hmYP/D -NC7CtP8wQsxjPdiIxkBFFVEaFCC2njq1VhTyJb5noJM4kOIwcoaQ/zgyyxQa0u7w -+CqvAh1WwG+sT/B7vivrtDmmYeyGQapFo5DRIz+MflKAhzDhtnEyT9vLuCdn8J95 -0YvxZJ9+k5UCgYEAh+e7SER9nJUt6AoLWyIlGMKEXlWIFh5W7RG3KIMwJW6D59aG -+fAfu9M5Cx6PsnOSlZeExpOJCOS9O2Xmti2xcqzT1nFkCJWUcqCPtAlTfxLlmuIZ -FpDOy36r9FHnwJ32OAjGd93ex0DOyZDMcfyoURaHcoTo/10UAYwUt0dXhwECgYAI -xad2TWmA1XdgYNkJM36gTQ16v0IjUz084z70yGHj25OC0CIzaDIct6KG+gS39Px9 -1dsa/jXjLuOOkzKD9LbtNBB9KXIl0GQiXnujZw+qKQ/MKISdS99n2wO7WyLKkQu3 -kb+AXTTBf4cdZC04BfORVesll5bIA2x7pNNpSCdnvQKBgG7VXYcPlIV7iAyi2xFa -uN1jccu/AK7xA0G1jz2SHNlpet74LmWR8XsTujJeo8WG1IRFxSky4h/pAP0XWIFO -0LPK7eeDtnFq6y1/DXpI+/9BWX5T/8+4Yk93p37YrBVWKfd21dhrAklQs11m3rlQ -Qn6c/zyvMKSyrCVxo5pTd5Il +MIIEuwIBADANBgkqhkiG9w0BAQEFAASCBKUwggShAgEAAoIBAQDWq2wnuDZCG3gY +wBClrh4QO4Ws9PNIsvDdV23a9F2upZTiyoLA1TcZM1vlh0YCTWQLTfF4E+yLmyK5 +6PcoHASuQW9ROPwbraX58OWkiYVtriPFpe/8Qr6JxA3d4wUFAOHDvMd4nvu1nBiQ +tplF5YFLiY3b1+/6ceQ0LicMtEd1bpdCDkgb811aPVDk2JJqECNntlHAJOmlN80C +ivA2+XZpUXAPrFQm/Y9bRJkl0AI9F3179Eqoo8K+zFGAfb1LdsGHsQt29EqLKjao +OzGMeng1CWnVbz8B1uFUIeUb/U1WK/UaXNacn4I7b5Z6Lj1PskTifVTtIq2zGOSy +NqwCKUJLAgMBAAECgf8TtKi4/K/+YYckvnzIuLMJymz684FhqwtxRhVPhB8VaR3B +s9VM3kWwioZlC4XhsDj+0KjZ3PpZ1mPZrQkDJY9Ib7lIO3LpF4ek6fgqonUdHF8s +RY9CGN5kxxp+w9gyHWKcFTg6Wl3AzhNzNU/cmrTDulzLUYc19j58i8AJ6oKkxNcT +gie9c38wDjZr67cynARkS9N94WkMsOQzM59TzOfukldsbwYISZahR/L9hgQqzcFL +hxsrQbZ0M5XFziOjuDGzJZswbbTvkupqt0EwEXcI1jnvOtKPC50RaIY9y9sQYRPX +RXFzUaBGKHjLWtEYQd/bXWTtCLx6C4FDRkOsVQUCgYEA69z8xq8lp77lD2gNsh3x +o8cnnx3xcwnj+9bEDDKXgA1RBwnXpQ/Gq5Jme7zm9552xJXDQwckuJQ9/Fd4L8Zy +ZjyOuYC6Mdc4ncwo1yT9Rv6ipSq/dsVKQbMYaOxtQ6Lce1wPyF32slu2mPlwOgIo +w0Adl3MqC+Gk3ANcPWyJha8CgYEA6P86jw8MfaA4qTn6Zy1YEq17+8Chd15PA2E7 +NWdEL75Jr+Im9kTY+niWcZo6q/JKa5FokxrSB988NMK6Qd20d2gZijc1yHprC1fq +W3RP9C2qvEOs+4+w38F63JkBXOyqh6+bqclsEDk5COoe2EdIevF4PQheWuQtbNHv +7G5yECUCgYEApNTDMnakch5OJf4p1BhpDnPXlLNwUVzQHudwCrYweiTUQ371XT0x +MiYVyNOy9cmgZrHiy6zqVLQEvZzDOWAOArS/aZQ0izBFOMG8qN4Iwtyg/ZxqQa6O +vmtS28Cee24Nd4hW30gLZ4oAideIPoHTyt+7zmOFNthyRe9zPtnjIbECgYAfnrOV +wpcRXXMTFDk1U2QGdODEk6nWB0h1zvY4EyGf0RUy92AOP92qcD8Kf8HCoAkVfBBT +Fmq2gscq6dpZIfth0RDWPxPfdy2bxnyZmLlZC/GFxzFsml2IoDtKQMF8mOmzrFNV +wW4W7Y0d9pflBheCB88niUE02I6JnBwRXBPCuQKBgD01VJsGqgFvlvjK0KVpPVCB +KK0GPI5TFNSDjYSIG25Vm4lYmiWwr54iaqWvlK9SFXH0C9R1VAuU+uaY+8tGM4o5 +RO9mk0AvIJ4BC0FZHS2fHDld/37WO3rh66Qym6zgp02ZPYDSLXT18sf0SVMAzU7h +2j60FMMEJPr7clx+n6xU -----END PRIVATE KEY----- diff --git a/tests/data_files/pkcs7-rsa-sha256-2.pem b/tests/data_files/pkcs7-rsa-sha256-2.pem index b11a00a199..71004b5f83 100644 --- a/tests/data_files/pkcs7-rsa-sha256-2.pem +++ b/tests/data_files/pkcs7-rsa-sha256-2.pem @@ -1,48 +1,48 @@ -----BEGIN CERTIFICATE----- -MIIDSTCCAjGgAwIBAgIUVk1VQCWvWZ4ycHmycg7wDfN8+3wwDQYJKoZIhvcNAQEL +MIIDSTCCAjGgAwIBAgIULQiixEME/TOd8CzfFgp/HxWQOj4wDQYJKoZIhvcNAQEL BQAwNDELMAkGA1UEBhMCTkwxDjAMBgNVBAoMBVBLQ1M3MRUwEwYDVQQDDAxQS0NT -NyBDZXJ0IDIwHhcNMjIxMDI4MTYxMDU2WhcNMjMxMDI4MTYxMDU2WjA0MQswCQYD +NyBDZXJ0IDIwHhcNMjMwNTA4MTAxOTExWhcNMzMwNTA4MTAxOTExWjA0MQswCQYD VQQGEwJOTDEOMAwGA1UECgwFUEtDUzcxFTATBgNVBAMMDFBLQ1M3IENlcnQgMjCC -ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMmVNZZ0/qcT+h/lVNO+gP65 -lERTTudQ15h8QTLjaKhx5SSTLnuUhD0jLbR+ng8PMqdJ8ePkZEh1+7mi9MHzID4Y -c47jH8M+Jc/JdBr6cSjbFd23QHESUjKKmV1IjSHc6Llbxe962z4gEXYjJAMkfr6B -g1iecK3AlnEI4F0BsQfC5dgA4Qce2okvcTuhYgvHtLZ+UN4ca50Kw0o4u5FYdl89 -KDCE4zNp8MaaxGC83xcM4A9XqjHyZ7a2wvACTlmLQ2q/E+RN/8THEel4Y+yv82Uj -j2LqqEaA06dvSdOPdaGz9jUZauqBw7TcuGGVzrrsZ0g/sHXKng9TppehAV/HrJUC -AwEAAaNTMFEwHQYDVR0OBBYEFI5FVrtfLwPXRERcyVX6qBVvfoduMB8GA1UdIwQY -MBaAFI5FVrtfLwPXRERcyVX6qBVvfoduMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZI -hvcNAQELBQADggEBAKRl0wgREe6eAduJSV5fs+Ec0s2qs2lHQqt/0JGEIbZBBtka -q1UH9CIMMAd6Kb0kh5GlJT2shg/EAYWoitMwntkeRYTln2k2/B5jux+U5Ph4HyC+ -ad2GqmsoXWDru79rltT7Pv1hS1ofJyQ4Jv88vQA/SuIIRGdTC24VAVgg00JxvDRB -xeqsQ9Pld4ebg4VvqsInnSpmKCcxfWxFhJk/Ax8bK/tV/GnrPiwsvry1j9nZyebS -IyI01/6DwJS2ZhFnsLGyPHFOAFNtomjIdQ6gf2L1wq0qiGOKj/K9IzFNCpCz82a+ -gMgqFzCT5TCZC16kUG2NA2pXAx9O4uppKjRk97U= +ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANarbCe4NkIbeBjAEKWuHhA7 +haz080iy8N1Xbdr0Xa6llOLKgsDVNxkzW+WHRgJNZAtN8XgT7IubIrno9ygcBK5B +b1E4/Butpfnw5aSJhW2uI8Wl7/xCvonEDd3jBQUA4cO8x3ie+7WcGJC2mUXlgUuJ +jdvX7/px5DQuJwy0R3Vul0IOSBvzXVo9UOTYkmoQI2e2UcAk6aU3zQKK8Db5dmlR +cA+sVCb9j1tEmSXQAj0XfXv0Sqijwr7MUYB9vUt2wYexC3b0SosqNqg7MYx6eDUJ +adVvPwHW4VQh5Rv9TVYr9Rpc1pyfgjtvlnouPU+yROJ9VO0irbMY5LI2rAIpQksC +AwEAAaNTMFEwHQYDVR0OBBYEFOozYBd7pxAmsVUtJwSQvRGNvKO9MB8GA1UdIwQY +MBaAFOozYBd7pxAmsVUtJwSQvRGNvKO9MA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZI +hvcNAQELBQADggEBAJmOMP3gVqP0/vFqPdMjIa5Pjtwy02z4Z4uLplo/4K8CQp6T ++XMfz+p/UDoglyAuZ34TQ/dnGMM9EFEBgm/O5dJHl442+FrortIEhzGo0QAf+XYK +9HQKVk0a5ecVO9CZw2mduxMJ//r9GyFG0XSqpNqt2yi7UgcPsrq+2OqhzYngYmyr +V5HtQzwBaIqwoXzhHIOX1pJg4GUxrhsaqInrhUM0VTdfpKcRlzFsimQ60LZ6GMcm +rPy3oLs1ioVfYS7et0MnGhgSHIjBeocqYKchzfBk/NnF0eK+lJo+hrGk6F2rDJ4G +ViNKP6MhMBzlZ73yTRTWZcYu6O+sg5cHwjlHhRc= -----END CERTIFICATE----- -----BEGIN PRIVATE KEY----- -MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDJlTWWdP6nE/of -5VTTvoD+uZREU07nUNeYfEEy42ioceUkky57lIQ9Iy20fp4PDzKnSfHj5GRIdfu5 -ovTB8yA+GHOO4x/DPiXPyXQa+nEo2xXdt0BxElIyipldSI0h3Oi5W8Xvets+IBF2 -IyQDJH6+gYNYnnCtwJZxCOBdAbEHwuXYAOEHHtqJL3E7oWILx7S2flDeHGudCsNK -OLuRWHZfPSgwhOMzafDGmsRgvN8XDOAPV6ox8me2tsLwAk5Zi0NqvxPkTf/ExxHp -eGPsr/NlI49i6qhGgNOnb0nTj3Whs/Y1GWrqgcO03Lhhlc667GdIP7B1yp4PU6aX -oQFfx6yVAgMBAAECggEBAMVHm3w134qQCHfyroPTqtaftDTx+wRyn6yB3iT5XdGM -NZ8H07Pp80kKBo7gY7uFOiNyQKKxQFuR69sPWc3+LI3YzC8IpGslhUfHdjN46gn7 -73hfAVgnf/4qmlEq0cRUOAY/hIUMjUhNhglB9tqEeu3iPjMaTFgfZJwW/czH/QMD -w4zj5XoLgwRkqVvUceu/dBgV8KP5DpON+q8wpfWtjunv7rg5Nc3BVBrpb5SadJ7T -i5TsS+pZQyp+mTvyCI3A1hkr2Vw5tULWO8SPhuEQkdtC/CL+luCUO7L16lU6KhFB -qP5Fduik5skyLCVvAMUkjKcrC22k0gkhOHvfmMhjaAECgYEA68+hAQIiV9ErZGk9 -ZLu+VJHBSPmEQCkUcbviwzoRo8YSyka12TZERy+NJcvmD9deNgFbp8GyZf01XJWH -slSYt6LyInrJrTpv+3q2Vl5GQp0f+39i7MHnwGGKbWsDbSAm+L9yKTJzYJz1O5fo -in06AiyyGPwnXd1cm5bTXVX+dQECgYEA2tdi6DXF8awE23pv4HphPBhXS5hmYP/D -NC7CtP8wQsxjPdiIxkBFFVEaFCC2njq1VhTyJb5noJM4kOIwcoaQ/zgyyxQa0u7w -+CqvAh1WwG+sT/B7vivrtDmmYeyGQapFo5DRIz+MflKAhzDhtnEyT9vLuCdn8J95 -0YvxZJ9+k5UCgYEAh+e7SER9nJUt6AoLWyIlGMKEXlWIFh5W7RG3KIMwJW6D59aG -+fAfu9M5Cx6PsnOSlZeExpOJCOS9O2Xmti2xcqzT1nFkCJWUcqCPtAlTfxLlmuIZ -FpDOy36r9FHnwJ32OAjGd93ex0DOyZDMcfyoURaHcoTo/10UAYwUt0dXhwECgYAI -xad2TWmA1XdgYNkJM36gTQ16v0IjUz084z70yGHj25OC0CIzaDIct6KG+gS39Px9 -1dsa/jXjLuOOkzKD9LbtNBB9KXIl0GQiXnujZw+qKQ/MKISdS99n2wO7WyLKkQu3 -kb+AXTTBf4cdZC04BfORVesll5bIA2x7pNNpSCdnvQKBgG7VXYcPlIV7iAyi2xFa -uN1jccu/AK7xA0G1jz2SHNlpet74LmWR8XsTujJeo8WG1IRFxSky4h/pAP0XWIFO -0LPK7eeDtnFq6y1/DXpI+/9BWX5T/8+4Yk93p37YrBVWKfd21dhrAklQs11m3rlQ -Qn6c/zyvMKSyrCVxo5pTd5Il +MIIEuwIBADANBgkqhkiG9w0BAQEFAASCBKUwggShAgEAAoIBAQDWq2wnuDZCG3gY +wBClrh4QO4Ws9PNIsvDdV23a9F2upZTiyoLA1TcZM1vlh0YCTWQLTfF4E+yLmyK5 +6PcoHASuQW9ROPwbraX58OWkiYVtriPFpe/8Qr6JxA3d4wUFAOHDvMd4nvu1nBiQ +tplF5YFLiY3b1+/6ceQ0LicMtEd1bpdCDkgb811aPVDk2JJqECNntlHAJOmlN80C +ivA2+XZpUXAPrFQm/Y9bRJkl0AI9F3179Eqoo8K+zFGAfb1LdsGHsQt29EqLKjao +OzGMeng1CWnVbz8B1uFUIeUb/U1WK/UaXNacn4I7b5Z6Lj1PskTifVTtIq2zGOSy +NqwCKUJLAgMBAAECgf8TtKi4/K/+YYckvnzIuLMJymz684FhqwtxRhVPhB8VaR3B +s9VM3kWwioZlC4XhsDj+0KjZ3PpZ1mPZrQkDJY9Ib7lIO3LpF4ek6fgqonUdHF8s +RY9CGN5kxxp+w9gyHWKcFTg6Wl3AzhNzNU/cmrTDulzLUYc19j58i8AJ6oKkxNcT +gie9c38wDjZr67cynARkS9N94WkMsOQzM59TzOfukldsbwYISZahR/L9hgQqzcFL +hxsrQbZ0M5XFziOjuDGzJZswbbTvkupqt0EwEXcI1jnvOtKPC50RaIY9y9sQYRPX +RXFzUaBGKHjLWtEYQd/bXWTtCLx6C4FDRkOsVQUCgYEA69z8xq8lp77lD2gNsh3x +o8cnnx3xcwnj+9bEDDKXgA1RBwnXpQ/Gq5Jme7zm9552xJXDQwckuJQ9/Fd4L8Zy +ZjyOuYC6Mdc4ncwo1yT9Rv6ipSq/dsVKQbMYaOxtQ6Lce1wPyF32slu2mPlwOgIo +w0Adl3MqC+Gk3ANcPWyJha8CgYEA6P86jw8MfaA4qTn6Zy1YEq17+8Chd15PA2E7 +NWdEL75Jr+Im9kTY+niWcZo6q/JKa5FokxrSB988NMK6Qd20d2gZijc1yHprC1fq +W3RP9C2qvEOs+4+w38F63JkBXOyqh6+bqclsEDk5COoe2EdIevF4PQheWuQtbNHv +7G5yECUCgYEApNTDMnakch5OJf4p1BhpDnPXlLNwUVzQHudwCrYweiTUQ371XT0x +MiYVyNOy9cmgZrHiy6zqVLQEvZzDOWAOArS/aZQ0izBFOMG8qN4Iwtyg/ZxqQa6O +vmtS28Cee24Nd4hW30gLZ4oAideIPoHTyt+7zmOFNthyRe9zPtnjIbECgYAfnrOV +wpcRXXMTFDk1U2QGdODEk6nWB0h1zvY4EyGf0RUy92AOP92qcD8Kf8HCoAkVfBBT +Fmq2gscq6dpZIfth0RDWPxPfdy2bxnyZmLlZC/GFxzFsml2IoDtKQMF8mOmzrFNV +wW4W7Y0d9pflBheCB88niUE02I6JnBwRXBPCuQKBgD01VJsGqgFvlvjK0KVpPVCB +KK0GPI5TFNSDjYSIG25Vm4lYmiWwr54iaqWvlK9SFXH0C9R1VAuU+uaY+8tGM4o5 +RO9mk0AvIJ4BC0FZHS2fHDld/37WO3rh66Qym6zgp02ZPYDSLXT18sf0SVMAzU7h +2j60FMMEJPr7clx+n6xU -----END PRIVATE KEY----- diff --git a/tests/data_files/pkcs7-rsa-sha256-3.crt b/tests/data_files/pkcs7-rsa-sha256-3.crt index 5f22ce2f5f..03ce5b35df 100644 --- a/tests/data_files/pkcs7-rsa-sha256-3.crt +++ b/tests/data_files/pkcs7-rsa-sha256-3.crt @@ -1,20 +1,20 @@ -----BEGIN CERTIFICATE----- -MIIDSTCCAjGgAwIBAgIUYkdymHWejgRxiuVjFV81I8+4TNswDQYJKoZIhvcNAQEL +MIIDSTCCAjGgAwIBAgIUT1tppAbQpx6vLbVzRx/54bi0ehowDQYJKoZIhvcNAQEL BQAwNDELMAkGA1UEBhMCTkwxDjAMBgNVBAoMBVBLQ1M3MRUwEwYDVQQDDAxQS0NT -NyBDZXJ0IDMwHhcNMjMwMTMwMTkyMTQzWhcNMjQwMTMwMTkyMTQzWjA0MQswCQYD +NyBDZXJ0IDMwHhcNMjMwNTA4MTAxOTExWhcNMzMwNTA4MTAxOTExWjA0MQswCQYD VQQGEwJOTDEOMAwGA1UECgwFUEtDUzcxFTATBgNVBAMMDFBLQ1M3IENlcnQgMzCC -ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANJ/vfx54ZcwX1ImcNW6ERqk -XMUWzQnnNrfKBRkxebIq/NAu/5vVE6D2qAeNBiZO+O3dYcyJGiP6O+SfzyKKrG3z -7O1v4ONY3A5P0ge3LJpj2MaUzPOANdQ8444IdWh1cP02uDhVJxgab6cSoFykK2bC -lETgb5XrV9/42/qCrT+UTuuRFadRLtO7lcs4ZoVCUJ/hBN2Ad65rX6TAc1AmUV+K -gO6b0ZvnVW1cevZ2rlpUqcoJyYtYE3Ysd/aVpqE19vS7gMXvFL616a4d+IUi2Rmu -6uXBYGvzf7eLVLpdzwSurG0oEklfSjDHejxKX7QETlSLNwODK/W0Se+sQQt1t0kC -AwEAAaNTMFEwHQYDVR0OBBYEFC7YxdBlJ9oR3H+KJt8toimNCyudMB8GA1UdIwQY -MBaAFC7YxdBlJ9oR3H+KJt8toimNCyudMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZI -hvcNAQELBQADggEBAGqqNRMi6uJRCPFae7L+yOY09FtFjMCY/1cvHjnQzYk3i90u -WiiZfOUD8js96SkdanaZEqxDNjx0VM3t0KDPrNHTMP2LDK58sktPRi62C2eHWI3C -PfqmCxWjSKjOeUaJsVBU4rfQgvnMFlG9iVfhix3aB79GfBSQmLxLAOBVsphTLL6C -AzJ60WjSM9WhILV4U5QnpTUuXFId+ub43jOHfLtJVk2nM5YSaZ0H9jM69FzOnqFE -qUuJ7d0CW256aiAz3hs/y0wXImFUPCfoU45nw7fFcb/EMon5cqgx99IADLecHL8P -uOX5xpJ64mBR5NuVdH2d4bld9vh3sOcCGebHaWw= +ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAO1SO1OUqWVMqINj+MZPgE5s +8sdFrVyXlt/3EqXNs6zUBr12Kj4USt5tmVyF1FxYsw76U1ZpeUUBIrQ62CyQgZtD +l96tipHbxFneWXV0COrp+2rjWUDz3bY0lM39JCrOxlBDx/QYOJHm4HAeWPkg0F1R +26kKLNUYxg54gtjnauleWefrMcV3S69RTJGlf3hVJ1fltz/yw8N9XG8XxANZT0Cz +JV31yzLMxCTm2iBXXALSkw5QDVT+SD0mbkYT26bwtAvXptPjbC7ZrOxYyrmnhk2U +aPVewp5ncrDhZpfKCXVG6qtSQ3zHu6WwBCk3hdZ9RpBMDMOm+VFl+rGgD46p2osC +AwEAAaNTMFEwHQYDVR0OBBYEFGNzo9wwEk9/t6xxxpby/NRmNJRlMB8GA1UdIwQY +MBaAFGNzo9wwEk9/t6xxxpby/NRmNJRlMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZI +hvcNAQELBQADggEBAKJEmDyEmw8Q6mbaqREvmNScGrA60wONTQdlX3lny4VzqAzi +MxIeCIfwSvR9Lho0lPmFMErdDPTUKzWmlAXUSlsyjnGrqP5uCixTUBZ9Ic1gaxDz +Mere8nr7yow+I9euYNN1/dNJZP9mcrP269FGyTuM/8Woi+zaJHr0Y8K9TRRXudqP +wu6X/qZ+OeQrW4WMeb1+eZ59FtRadamsQabxvtgkRJhmqNsGQ/i+S0SqGt2t2xvq +lTxshA5p17bLQmTJsNKXbQeVPH99M+ecXvwN0hj3fDnQeDMTjdKOsyFupyZ+vxN+ +pFvT7lP0hrOuU07FFqt36B0xObB1QwZb2DPcEIw= -----END CERTIFICATE----- diff --git a/tests/data_files/pkcs7-rsa-sha256-3.key b/tests/data_files/pkcs7-rsa-sha256-3.key index 3cdc717b03..17c4eedb18 100644 --- a/tests/data_files/pkcs7-rsa-sha256-3.key +++ b/tests/data_files/pkcs7-rsa-sha256-3.key @@ -1,28 +1,28 @@ -----BEGIN PRIVATE KEY----- -MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDSf738eeGXMF9S -JnDVuhEapFzFFs0J5za3ygUZMXmyKvzQLv+b1ROg9qgHjQYmTvjt3WHMiRoj+jvk -n88iiqxt8+ztb+DjWNwOT9IHtyyaY9jGlMzzgDXUPOOOCHVodXD9Nrg4VScYGm+n -EqBcpCtmwpRE4G+V61ff+Nv6gq0/lE7rkRWnUS7Tu5XLOGaFQlCf4QTdgHeua1+k -wHNQJlFfioDum9Gb51VtXHr2dq5aVKnKCcmLWBN2LHf2laahNfb0u4DF7xS+temu -HfiFItkZrurlwWBr83+3i1S6Xc8ErqxtKBJJX0owx3o8Sl+0BE5UizcDgyv1tEnv -rEELdbdJAgMBAAECggEANIkePRecNnQjriia67SjFS+lWaktpkWXEfqxGA8RjOaO -r1SzhcyBuCAnYq8PNFtsZE1m3bnwFL+c2BwMgdXzYAPLg5zzFzqzvTytsjBEyQmX -bkRv/Gvow14o+udgiiAZgZD5HFIgTjM2349WB5kPnfd9Ms2C+/s/NM5y9IxNufqR -Toto9xwEviJDNVQUeamMbV1hYg0GkvYFNBg5JnGZw+2Sxdml3NFkaHjO+lOhC1VJ -nhtP0OeOhEMJe9J/MlqkByeg4WQW+jgPo9ysOa+JsEYBokBTleAboNNUJz1SmZ2o -CCLcMaEwA1IFZAbqjKzPb0xwjeZAtPsBzGFBwiuDyQKBgQDdCkiCeo+AuCdIK4Y3 -i8uf2Pv/eieN37pHBJZcRvNbwcrcnk4Tx0QAsiqnemLDurd+3Xp2BbPMKSNXNkaI -X4KAtv3hh6sNCQZ2QwkSGYvSOrR4xaExbeuPlrDteLG6Z7W+Txl6iFR8r7sbdySD -XIIB2yyyh/01gkphB1XPhPxAnQKBgQDzyqf8IccG/yoSm/luX7yKbsPsLMnV1CkR -hKaPik9vA8wi4P460HqGSwjECubbx2LuGNijVRHqufu6Arm7/hMNya0gA4ToHN+i -r7MiD8iGpKKYv7Dn1KVhw/Knwx3MHhFgB9V55EBn92MVL1ZC1S7cLq7tn1ggVHnC -mlS0OW1DnQKBgDx679QjzNgfi0AICLVyHskiCfGhbuk26jU8YBfnofbdU7CB8EMh -Js458cnZhuSfVk30M+nPLZ8TMoROaYYu+/pUF6t5/6eVbJs3RGgbbVKclXzmNnDb -7rRfOxH/EEI81lG4OvR4EQX832lodCktSrVPTy+aXgIiIE/kPeqGLK9RAoGBAIdN -4X/A62pJsfsUEBKfFdAq+5gXn4mKr6RmX97on394txJglxjjXi0sddgASPKPrauB -pLK54zDIOhqZqqXYtJCBbxGGgnwkkkYDh8MOyXdY5lkqgq+YSJWDICjV1LLVuUT3 -9BYrhUdueNJoLFL5aIGRc0q0lj+TQuSrrPk9qhPNAoGADbbSa+iD3C+sladHkMAU -u7CvM/0izVqokKnUTBzQh5oxfKQncMVyYrws/Orkcc7u30FeX6bkCoY6dP1+YXLh -ZlmiSgDK6kebOCGRWjCGKGys4WU1QiFluEjRfXQIMW3Wj45vxB3xPrD1TTHcfWgJ -7BT4C+yor7c/fL356athqxk= +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDtUjtTlKllTKiD +Y/jGT4BObPLHRa1cl5bf9xKlzbOs1Aa9dio+FErebZlchdRcWLMO+lNWaXlFASK0 +OtgskIGbQ5ferYqR28RZ3ll1dAjq6ftq41lA8922NJTN/SQqzsZQQ8f0GDiR5uBw +Hlj5INBdUdupCizVGMYOeILY52rpXlnn6zHFd0uvUUyRpX94VSdX5bc/8sPDfVxv +F8QDWU9AsyVd9csyzMQk5togV1wC0pMOUA1U/kg9Jm5GE9um8LQL16bT42wu2azs +WMq5p4ZNlGj1XsKeZ3Kw4WaXygl1RuqrUkN8x7ulsAQpN4XWfUaQTAzDpvlRZfqx +oA+OqdqLAgMBAAECggEAU51l9rBJsL2+H7Dw/VoUcE1Vip1Dk/x69YUVRmK/2/RG +Pams/3th15WQ87bZWAIOcIgFJcx6pDPeuNaExMrTR1Oc5iGJ0ZM3TpyXM1lDLRVs +dkAM+eQSKTjEdwEqJYT9/VisUhXYlJteV1Jx8bC8iSymspu5qQkV+xI9s9NxaTAd +19U5NoozZRBS37lU3WxMhPCHCrbl6vwcfvtsZClEICA8YUKyS+wUh0wjzgkQrORT +kaTxY8YyQ/ufSIkA3XKJX1flO1UdNFJcHhseiXWuuUTKUMvWNILUoFpbky5uYb5z +VM7u57ZBF3uVHmvJNYS04iQdNkV1ZkpWH8opuQ1kyQKBgQD2jl6Y0qTy/s+g9aQ7 +ypZ0zi/lhIJaTBDqxwJA18e8+4kq3WEEBDD1X/eT44nVPhGy78ccJZCnw2PBHy1k +6xVCfGAZVV850m9JGf4L/VEN6D5qdB2owJPVCEh7fa6hVvLKYFNCuvs0osKCVnyy +PGq8ixAP5sJp8yoEnlUi0II3UwKBgQD2aU7xdQgba7uMu2rJo0bzDKfxv4q5nUYO +XLBm7l+Mz6Uz68A/scLsKWmdvmdPKy83pmR/2RJ1pp0HNVfa8rL+0DHCqf1PApE+ +jFgcQIdnyzwRFHPDH/9zmrHUy32L5MdiQEWwqg9wP2HYbuv9VbN0Rn3HTFdRVarD +hg36/hSA6QKBgBaH+iMTFNnT6Vt3NzPzln5EHWJnEpZ33w/lcdJFJc6iWe2d33DD +hUnXJEPShlUDYBCvEs4CrM5375TFaZuQVBgIT6vg/lvFXEAc7Pdhhde0goet5sv2 +FUxhfmYynRPHY1aVKOavOaecvBO3HZwYI1TpjGU3nEqcWxmi8nrE/TFbAoGALGaD +XAzLfi1maRBoSJcMNMVmCbCK7bFCK1pWSuXO/892pClpxdBhIC7CIjNp6CEO7Acm +escBhYOVLfRVtVUgHbwkC0CYLUF4LH4bblPOUkyTsTwvM8yzOgB45LAaGjgKGVEd +fZzXFVHGbrpl+YsUv/Hnvh6qaTR3ha3FHSHlTekCgYEA889EzlEOwmu69z06RJsZ +mlYoR0/1xxiYmSNy+hXWoM64G99R94bc/bx/QSJAXu93HX4N0GHPmjjpZvk1IjHL +zQGikdb2jvbKnRcR/4DiXQ1jggk59bCUDaQkpEbBvtCLj/LjMnwxAJAoCOGjuIxG +hmSyoAlNQm47tGD3i+2erv0= -----END PRIVATE KEY----- diff --git a/tests/data_files/pkcs7-rsa-sha256-3.pem b/tests/data_files/pkcs7-rsa-sha256-3.pem index ee99782c3b..0dc2fe985a 100644 --- a/tests/data_files/pkcs7-rsa-sha256-3.pem +++ b/tests/data_files/pkcs7-rsa-sha256-3.pem @@ -1,48 +1,48 @@ -----BEGIN CERTIFICATE----- -MIIDSTCCAjGgAwIBAgIUYkdymHWejgRxiuVjFV81I8+4TNswDQYJKoZIhvcNAQEL +MIIDSTCCAjGgAwIBAgIUT1tppAbQpx6vLbVzRx/54bi0ehowDQYJKoZIhvcNAQEL BQAwNDELMAkGA1UEBhMCTkwxDjAMBgNVBAoMBVBLQ1M3MRUwEwYDVQQDDAxQS0NT -NyBDZXJ0IDMwHhcNMjMwMTMwMTkyMTQzWhcNMjQwMTMwMTkyMTQzWjA0MQswCQYD +NyBDZXJ0IDMwHhcNMjMwNTA4MTAxOTExWhcNMzMwNTA4MTAxOTExWjA0MQswCQYD VQQGEwJOTDEOMAwGA1UECgwFUEtDUzcxFTATBgNVBAMMDFBLQ1M3IENlcnQgMzCC -ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANJ/vfx54ZcwX1ImcNW6ERqk -XMUWzQnnNrfKBRkxebIq/NAu/5vVE6D2qAeNBiZO+O3dYcyJGiP6O+SfzyKKrG3z -7O1v4ONY3A5P0ge3LJpj2MaUzPOANdQ8444IdWh1cP02uDhVJxgab6cSoFykK2bC -lETgb5XrV9/42/qCrT+UTuuRFadRLtO7lcs4ZoVCUJ/hBN2Ad65rX6TAc1AmUV+K -gO6b0ZvnVW1cevZ2rlpUqcoJyYtYE3Ysd/aVpqE19vS7gMXvFL616a4d+IUi2Rmu -6uXBYGvzf7eLVLpdzwSurG0oEklfSjDHejxKX7QETlSLNwODK/W0Se+sQQt1t0kC -AwEAAaNTMFEwHQYDVR0OBBYEFC7YxdBlJ9oR3H+KJt8toimNCyudMB8GA1UdIwQY -MBaAFC7YxdBlJ9oR3H+KJt8toimNCyudMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZI -hvcNAQELBQADggEBAGqqNRMi6uJRCPFae7L+yOY09FtFjMCY/1cvHjnQzYk3i90u -WiiZfOUD8js96SkdanaZEqxDNjx0VM3t0KDPrNHTMP2LDK58sktPRi62C2eHWI3C -PfqmCxWjSKjOeUaJsVBU4rfQgvnMFlG9iVfhix3aB79GfBSQmLxLAOBVsphTLL6C -AzJ60WjSM9WhILV4U5QnpTUuXFId+ub43jOHfLtJVk2nM5YSaZ0H9jM69FzOnqFE -qUuJ7d0CW256aiAz3hs/y0wXImFUPCfoU45nw7fFcb/EMon5cqgx99IADLecHL8P -uOX5xpJ64mBR5NuVdH2d4bld9vh3sOcCGebHaWw= +ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAO1SO1OUqWVMqINj+MZPgE5s +8sdFrVyXlt/3EqXNs6zUBr12Kj4USt5tmVyF1FxYsw76U1ZpeUUBIrQ62CyQgZtD +l96tipHbxFneWXV0COrp+2rjWUDz3bY0lM39JCrOxlBDx/QYOJHm4HAeWPkg0F1R +26kKLNUYxg54gtjnauleWefrMcV3S69RTJGlf3hVJ1fltz/yw8N9XG8XxANZT0Cz +JV31yzLMxCTm2iBXXALSkw5QDVT+SD0mbkYT26bwtAvXptPjbC7ZrOxYyrmnhk2U +aPVewp5ncrDhZpfKCXVG6qtSQ3zHu6WwBCk3hdZ9RpBMDMOm+VFl+rGgD46p2osC +AwEAAaNTMFEwHQYDVR0OBBYEFGNzo9wwEk9/t6xxxpby/NRmNJRlMB8GA1UdIwQY +MBaAFGNzo9wwEk9/t6xxxpby/NRmNJRlMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZI +hvcNAQELBQADggEBAKJEmDyEmw8Q6mbaqREvmNScGrA60wONTQdlX3lny4VzqAzi +MxIeCIfwSvR9Lho0lPmFMErdDPTUKzWmlAXUSlsyjnGrqP5uCixTUBZ9Ic1gaxDz +Mere8nr7yow+I9euYNN1/dNJZP9mcrP269FGyTuM/8Woi+zaJHr0Y8K9TRRXudqP +wu6X/qZ+OeQrW4WMeb1+eZ59FtRadamsQabxvtgkRJhmqNsGQ/i+S0SqGt2t2xvq +lTxshA5p17bLQmTJsNKXbQeVPH99M+ecXvwN0hj3fDnQeDMTjdKOsyFupyZ+vxN+ +pFvT7lP0hrOuU07FFqt36B0xObB1QwZb2DPcEIw= -----END CERTIFICATE----- -----BEGIN PRIVATE KEY----- -MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDSf738eeGXMF9S -JnDVuhEapFzFFs0J5za3ygUZMXmyKvzQLv+b1ROg9qgHjQYmTvjt3WHMiRoj+jvk -n88iiqxt8+ztb+DjWNwOT9IHtyyaY9jGlMzzgDXUPOOOCHVodXD9Nrg4VScYGm+n -EqBcpCtmwpRE4G+V61ff+Nv6gq0/lE7rkRWnUS7Tu5XLOGaFQlCf4QTdgHeua1+k -wHNQJlFfioDum9Gb51VtXHr2dq5aVKnKCcmLWBN2LHf2laahNfb0u4DF7xS+temu -HfiFItkZrurlwWBr83+3i1S6Xc8ErqxtKBJJX0owx3o8Sl+0BE5UizcDgyv1tEnv -rEELdbdJAgMBAAECggEANIkePRecNnQjriia67SjFS+lWaktpkWXEfqxGA8RjOaO -r1SzhcyBuCAnYq8PNFtsZE1m3bnwFL+c2BwMgdXzYAPLg5zzFzqzvTytsjBEyQmX -bkRv/Gvow14o+udgiiAZgZD5HFIgTjM2349WB5kPnfd9Ms2C+/s/NM5y9IxNufqR -Toto9xwEviJDNVQUeamMbV1hYg0GkvYFNBg5JnGZw+2Sxdml3NFkaHjO+lOhC1VJ -nhtP0OeOhEMJe9J/MlqkByeg4WQW+jgPo9ysOa+JsEYBokBTleAboNNUJz1SmZ2o -CCLcMaEwA1IFZAbqjKzPb0xwjeZAtPsBzGFBwiuDyQKBgQDdCkiCeo+AuCdIK4Y3 -i8uf2Pv/eieN37pHBJZcRvNbwcrcnk4Tx0QAsiqnemLDurd+3Xp2BbPMKSNXNkaI -X4KAtv3hh6sNCQZ2QwkSGYvSOrR4xaExbeuPlrDteLG6Z7W+Txl6iFR8r7sbdySD -XIIB2yyyh/01gkphB1XPhPxAnQKBgQDzyqf8IccG/yoSm/luX7yKbsPsLMnV1CkR -hKaPik9vA8wi4P460HqGSwjECubbx2LuGNijVRHqufu6Arm7/hMNya0gA4ToHN+i -r7MiD8iGpKKYv7Dn1KVhw/Knwx3MHhFgB9V55EBn92MVL1ZC1S7cLq7tn1ggVHnC -mlS0OW1DnQKBgDx679QjzNgfi0AICLVyHskiCfGhbuk26jU8YBfnofbdU7CB8EMh -Js458cnZhuSfVk30M+nPLZ8TMoROaYYu+/pUF6t5/6eVbJs3RGgbbVKclXzmNnDb -7rRfOxH/EEI81lG4OvR4EQX832lodCktSrVPTy+aXgIiIE/kPeqGLK9RAoGBAIdN -4X/A62pJsfsUEBKfFdAq+5gXn4mKr6RmX97on394txJglxjjXi0sddgASPKPrauB -pLK54zDIOhqZqqXYtJCBbxGGgnwkkkYDh8MOyXdY5lkqgq+YSJWDICjV1LLVuUT3 -9BYrhUdueNJoLFL5aIGRc0q0lj+TQuSrrPk9qhPNAoGADbbSa+iD3C+sladHkMAU -u7CvM/0izVqokKnUTBzQh5oxfKQncMVyYrws/Orkcc7u30FeX6bkCoY6dP1+YXLh -ZlmiSgDK6kebOCGRWjCGKGys4WU1QiFluEjRfXQIMW3Wj45vxB3xPrD1TTHcfWgJ -7BT4C+yor7c/fL356athqxk= +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDtUjtTlKllTKiD +Y/jGT4BObPLHRa1cl5bf9xKlzbOs1Aa9dio+FErebZlchdRcWLMO+lNWaXlFASK0 +OtgskIGbQ5ferYqR28RZ3ll1dAjq6ftq41lA8922NJTN/SQqzsZQQ8f0GDiR5uBw +Hlj5INBdUdupCizVGMYOeILY52rpXlnn6zHFd0uvUUyRpX94VSdX5bc/8sPDfVxv +F8QDWU9AsyVd9csyzMQk5togV1wC0pMOUA1U/kg9Jm5GE9um8LQL16bT42wu2azs +WMq5p4ZNlGj1XsKeZ3Kw4WaXygl1RuqrUkN8x7ulsAQpN4XWfUaQTAzDpvlRZfqx +oA+OqdqLAgMBAAECggEAU51l9rBJsL2+H7Dw/VoUcE1Vip1Dk/x69YUVRmK/2/RG +Pams/3th15WQ87bZWAIOcIgFJcx6pDPeuNaExMrTR1Oc5iGJ0ZM3TpyXM1lDLRVs +dkAM+eQSKTjEdwEqJYT9/VisUhXYlJteV1Jx8bC8iSymspu5qQkV+xI9s9NxaTAd +19U5NoozZRBS37lU3WxMhPCHCrbl6vwcfvtsZClEICA8YUKyS+wUh0wjzgkQrORT +kaTxY8YyQ/ufSIkA3XKJX1flO1UdNFJcHhseiXWuuUTKUMvWNILUoFpbky5uYb5z +VM7u57ZBF3uVHmvJNYS04iQdNkV1ZkpWH8opuQ1kyQKBgQD2jl6Y0qTy/s+g9aQ7 +ypZ0zi/lhIJaTBDqxwJA18e8+4kq3WEEBDD1X/eT44nVPhGy78ccJZCnw2PBHy1k +6xVCfGAZVV850m9JGf4L/VEN6D5qdB2owJPVCEh7fa6hVvLKYFNCuvs0osKCVnyy +PGq8ixAP5sJp8yoEnlUi0II3UwKBgQD2aU7xdQgba7uMu2rJo0bzDKfxv4q5nUYO +XLBm7l+Mz6Uz68A/scLsKWmdvmdPKy83pmR/2RJ1pp0HNVfa8rL+0DHCqf1PApE+ +jFgcQIdnyzwRFHPDH/9zmrHUy32L5MdiQEWwqg9wP2HYbuv9VbN0Rn3HTFdRVarD +hg36/hSA6QKBgBaH+iMTFNnT6Vt3NzPzln5EHWJnEpZ33w/lcdJFJc6iWe2d33DD +hUnXJEPShlUDYBCvEs4CrM5375TFaZuQVBgIT6vg/lvFXEAc7Pdhhde0goet5sv2 +FUxhfmYynRPHY1aVKOavOaecvBO3HZwYI1TpjGU3nEqcWxmi8nrE/TFbAoGALGaD +XAzLfi1maRBoSJcMNMVmCbCK7bFCK1pWSuXO/892pClpxdBhIC7CIjNp6CEO7Acm +escBhYOVLfRVtVUgHbwkC0CYLUF4LH4bblPOUkyTsTwvM8yzOgB45LAaGjgKGVEd +fZzXFVHGbrpl+YsUv/Hnvh6qaTR3ha3FHSHlTekCgYEA889EzlEOwmu69z06RJsZ +mlYoR0/1xxiYmSNy+hXWoM64G99R94bc/bx/QSJAXu93HX4N0GHPmjjpZvk1IjHL +zQGikdb2jvbKnRcR/4DiXQ1jggk59bCUDaQkpEbBvtCLj/LjMnwxAJAoCOGjuIxG +hmSyoAlNQm47tGD3i+2erv0= -----END PRIVATE KEY----- diff --git a/tests/data_files/pkcs7_data_3_signed.der b/tests/data_files/pkcs7_data_3_signed.der index 92c0710753352dfdd3d21367b766da5eab62b1b0..23181ae82040668f6700a8710c452620a47a3702 100644 GIT binary patch delta 867 zcmV-p1DyP!384v)eH0^N%@VB@POyV!nTg8uhTBTYSL2b9B7cx|x=5k@;U0q{iM{Tw z31o}M6v)UdBho^0aORsAFXR@jTT)vS6&EQsC}KK)?&D{j47kln5p7a@2#hFvZTbZV zJqJaJB6fDq`=jMWoE&~V6TB&1A;II{S%pck@0i%af0j-6JXY%=|7ucRkuQ#g>D{7@zDgm;D~dYDQ8^(@3xnKA z9Mv~q3q^zZ0>agSJiaDBCS!QxgawnSKz9s54(sv8H?@mySmX6v2OI-$WEw)z)z(K#(eb z35yt>d@!lCLG7f4$@>1^5ALu6;wo*OhFcTWbfb+&yfIV+qJt%Opziw6A$*$Q#_|fD zsB4I~(qAQmcBRoM3WkYcxW$^1EwDb}!5j-1iho-zuUa2g55;MBV@Ks>N&p`feq;W&O1>A82d9u|H29`DXe1Ul)ts)A$isYtBV6 tE=p5II~#Ekq^YMLDdwZ*=c~jLOcUx|D%J)oe^#5=R`|IMUBB`Ih$5rRq1pfd delta 867 zcmV-p1DyP!384v)eH44%-O@x%(aru`L8uTciMQV_Y`>9_B7a-#*m0G?-v5xoOpzv= zRkQGEydqpOY%xq4QFw3u6v!~XPD{r;x;DvnceFuhC!6UWeBXQ-IBMb;VsV`lqoDur zfIUVDV)D(XHxz`2GE&3W1x>gVJ}U?sI2P>)1j zZ%ITknV#A(nGR1^b7L;jSpEWbXEmAHZ_YK%t#>A%y8=wDnQMsP%b0~s>s$+N$4J@v z&T4GbH-(F=xD;WECol7)6~^FyJ+PREcm3>yT9?0l5CSdGkvu*ZG6EDOgdp7B@akj>O*TN`lzop=ZauaS4B}=hxwoo705*{9%)h z{G}X;lgAyi7jq95=jV2YdgT4ZV%G6p<%Q?DPV|}o|D|5Hx-AyA(?r+a|`xgMwGUEBT?0a0*g*RUEY2zl^`T!~7D&$f(Be&~>3NP(`o zd?L~FH}8@@16l%P0FgXC7c&ABVn=eAb)Jp{af;<*6<;+Y&$vw6k&z;QZ7jPt{SuXa zT6BQU1U2aIV0Yf|kMeMYP2y2%M?&%u*vCeYya`C)iYaQlsVHA-vjw?Zf0PK$MCdqx z#~DOMa_pIOYp0CFz2tQ^z~5&@|X|P%|bbSzi~J2e;zW;fTOpo60~d< zk{~CIcNe#cJVn+yS`!M3ScDwBDGpD8edDD57VOY>$}^y*KTJlCU<&LNQUo z01~dhs%S8+-dW-5VjPtchT?z4Z;Y!*huoU#cgs|pAtx7UR?VygJ{KmJ>^A%i(Xj6y zoOHujcCC@$=i{lZMv9D{adx+kk27bexLSO)mQM6GfKZSnd4I2xVeSPqu(j9^4t6>a z?SG++AHzeoBt^h3FtoIpM1^(~HCa||;yIXhz<@<2qFU|U&(*5I<-r(_(l-gSP0q+E zPw)|XPZIwqK8)f4PIudYkOEom5P+X%1>td24E#)}Tbf#U0Z7c3C{54q@rf;k<#r71 zr5T@ymGeI6*Jr&LNQUo z02|E?%VZ8~v|qeCiAtktbZk}c;3S$mcAxPLg`4XgR55*-lUGBoLvLzrMVC3$L?D_m z7SvVux-a@^!)qyZuS-crr7VqJeUl8=F@yW0{s9TnBHvz8}N>$yH4()!`6Mc8furBe% zhM#AKt6>o8cFdE3Edq>t#zhPiQEFdMr2U*UVXUzKoi3WmUd-MGFIblx zK^J=@Lx^J9WM}?bDYijRe8cy@LQ7h51>}`{(G;>%QT-aYSr=Pwh?9t?p1f;usQmDi7-d2e#^lVrtB}B-UO|`8K+&K zzeu6KyYx!sr-gp6Sg-Kk_T?#aJY1|6J;8?O?p}wZtdr{R>U1tv-=S0<@mo_RQqHt+ zPVnYH^H;UVx@=e(um+kn z%76)z@(tuc(#k9n24W3Z6--WGQmvn~yX~>3`;(^=C%AWLM_*VhKh5xB#P0_E<<~AH zu4gfyc~a!Kwc*@V9M6+2B+}>pS(0~o!@(7^woEt_AY9YXwei2Ksb;#};zbI-%xbUK zH0^(Dy=SRN{;9o{Ci^Gc-`wIBbnZ&x&CPQUN^mFT_%-J6cRbF1mpixrzsZ!s3Da{9 z{;dCZK&t(~{Y{S+a+j@d5D?llbBm5LbK~|>*~(A@7KyhjrXJnm^7oX~l9e&(`9HSw zR6Xq1nB@G;&i}Ug^9NROK~{4$I(2M(>X;A`IZj07G9Bli+{)~VH8D=U$1GQG8KhRt zXR4yGr$yx4G^tzx%R6s*5_kVe?%=<^caWktr(Tp-9J2T);}oxzL()@T|wZr=bKkdFP6%Xs(UH7KH|bU zx2B~B1m60`N}tt=TdM4`#Y;_n#`CK7sln&39q`dvwQ8JtpV>L*;)mB;PNl@KKIh}r`*-(D;)TxBS49`kGOgUH?7U6xcmNy!mbd2Z z$wm%*PVutlId!FnrW=dA{j%HO#E-koJOBKj8l@8JDO`2!8AI5qgHwZ6q+V5Qm#8`5 zbn?hNJF7Y3OHH-}pIv?6w4k+r^4HDc-t%5g(3TXqC^BtPedTgzwYBHp3GBc5{Pp_X z=G8B^Sw@P*3f~P66qi}M)<)Lq*0JsrjIxPaeZDbP>@#bg)wyQkYR7pti)*u2G+qjo zIC48<&$90)%$UB-T#+sQTdv&t^mFf>R-T&z*R?ryhdVrM>)v?n*Um@nLNEIcORnud zxtb5&&B08}j0}v6gAD==WZ9TQW%*ddSVX$sJ)Kf>tS0uV=<+ zO7#oga|^ZEb1m8_u3vZ`Y#hGqoiE~{)3pk&)u@x`|Pi_7D^PzCP+4=kwQJWy&@D44xERP9Bo$epDHdy79=7Q*ZE7|gA+>QKy`i}0&Cn8%4 NxR?{3W-wJg0s!5)!5shq diff --git a/tests/data_files/pkcs7_data_cert_signed_sha256.der b/tests/data_files/pkcs7_data_cert_signed_sha256.der index 8dc2f4c9cd40932dc37fe681b2419775252db316..cc48123d45d7437b843d625389a2af434cf90401 100644 GIT binary patch delta 947 zcmZqSYT=sTEux%sR%orL--hP2nVqM;wB7bP75;c)yqC1GfvJIop@E^Lp<$FbuQ4)r zVxIZL-wO4!7KNToySzqX&T7S#B`Yifo_2)p690SR-`6z$^-oS(u1W9RxlLiwuF6U7 zSx;5Z{lB?%wofhpz1QVsn$H)t>UeY82(twDs=IL59R0pTn4?v{<=_cZ_Loj?g4W-R z(=O0oq|o18dZqHyLcdq6SNL!H@{~CqE>?@4V8e5FuftK+N%ePiIv1<&P%4l3t*H_z zXIeNX`1zu!uL4fjd1jk^70p{7vHaubSuCCI0$kU2YKY!kV!boy9ZRu|xvj+KSbm`h zk&FjDN3vi1@v-om;8|m_(!+LXMDU}{k_XROuDZKt(XRx-W&0cD1%>zSx_RwMbVh?! zzG3&3Z>fiWpDFr1S?=v8Z;g{o%!~|-i-QdU4P@DvLuL6`#8^b6&lf)v%NKrYU(DK< zvs!;;z=TQp2J#?jWflnou?DOPCZ{l|)=%2q_Sn2v=q$-BJa;EGvWCL9V7u4(An_+QpkGu>|SB86XO zwbyH!_P@2>vs5Ji)ZR*y{S)qQZgC4bcO~)W=D7zYxRY}H8guwN9%sMHo!kH4WJ=+L z={W~~*8e*o)qddqrbi38%hopt2yL3VMMs&raeJw3WvBs*#M>29k8W}KdrE4_%9!;0 zA6t5=9`HRR_)&fC$%VfhC!%thj`L6MWOl`xASXX!R;r&+ zy31qX--mL|%AI@Pt>aATJ}z?NgpTqhr=o&qv&HqFh^>tdiWU|X*EG{evZ{agIDIb9 zjJ6lakWj=WX#vTf-FK5c%HF%Dw5; zbw`4lV}f^jeHOCQTd7&38?Z2Jzn_;{o$5=C(hqGLiYE5%opmWyD+!_FK7S6crR%qLjxlVLo-7IQ?n>>UL#{9 z?!-LviN6)-wh8Gmsz{kM%L=qvF;O$vWZ)LzA;wpGi#pJxn|;O$9Xo3YqM80 zUJ8{sayw(svhOF%n7++ikuCmPuH5?cbMKv2o|^*KwK;W%J3MUb-gxcT&PVM+FZ&Kl zuI)eNTg=Gg&3R-8OT;v}nh)O1!A#7I42+9|4FU~h*_cCR`B=nQM7rKRolq`akuLr`{{Q`kiOT)^!i!zp``mrmmNBo|bb(XJ3B(njg0wgx+mZ+L)QDSY+R* z5?B!#Gb8Gy_+M|!8Rd3T)3@&x;0SU1qB{Ew=aP^~lbR0hm|gfbqN+TO%huJ*MBeq* z%gh&SC-dJQ7f3J9VcMl6q&;!wMjsxH11{|W6AE_L+g`eMlc}h9awoGZ)&x2E5wlW# z^qU)nQxD$zKjDziM77zWn?GdkQHn9jG4zoNtjPZ-a>8JrpZ9T_U1lfC%C|UXsLy^W zS98Bc(jx1TL{i~g;l&I7e`v6E<4pQ=c7?e}OS@6f;p?ovJ4EcXIixJa-g2;<3YfVr z{>=;97#;KGjWfEv-R?|z8rr^){gtTOex*xYob~moS`KMH(i z&-CyQMl9dM3QXHCa9vTU%$fA3>UF-Si{Z?9w+v?T`G*%L>s^ZY$5fVXI`dZkIn%Ri z%heX_X7X7(GrQx#=^3p)uVc9Lj(gnvc`hsGig|1InjIpEUF!OumxvyFP;a|oMtk|+ PH!V@q_ty$A>0ST;QHQ_$ diff --git a/tests/data_files/pkcs7_data_cert_signed_sha512.der b/tests/data_files/pkcs7_data_cert_signed_sha512.der index a4aa5875876de0170637190fe7e71da8bbd73ee6..75bdf0fa6badc3f9314d8b7e2f2f97859734ca00 100644 GIT binary patch delta 947 zcmZqSYT=sTEux%sR%orL--hP2nVqM;wB7bP75;c)yqC1GfvJIop@E^Lp<$FbuQ4)r zVxIZL-wO4!7KNToySzqX&T7S#B`Yifo_2)p690SR-`6z$^-oS(u1W9RxlLiwuF6U7 zSx;5Z{lB?%wofhpz1QVsn$H)t>UeY82(twDs=IL59R0pTn4?v{<=_cZ_Loj?g4W-R z(=O0oq|o18dZqHyLcdq6SNL!H@{~CqE>?@4V8e5FuftK+N%ePiIv1<&P%4l3t*H_z zXIeNX`1zu!uL4fjd1jk^70p{7vHaubSuCCI0$kU2YKY!kV!boy9ZRu|xvj+KSbm`h zk&FjDN3vi1@v-om;8|m_(!+LXMDU}{k_XROuDZKt(XRx-W&0cD1%>zSx_RwMbVh?! zzG3&3Z>fiWpDFr1S?=v8Z;g{o%!~|-i-QdU4P@DvLuL6`#8^b6&lf)v%NKrYU(DK< zvs!;;z=TQp2J#?jWflnou?DOPCZ{l|)=%2q_Sn2v=q$-BJa;EGvWCL9V7u4(An_+QpkGu>|SB86XO zwbyH!_P@2>vs5Ji)ZR*y{S)qQZgC4bcO~)W=D7zYxRY}H8guwN9%sMHo!kH4WJ=+L z={W~~*8e*o)qddqrbi38%hopt2yL3VMMs&raeJw3WvBs*#M>29k8W}KdrE4_%9!;0 zA6t5=9`HRR_)&fC$%VfhC!%thj`L6MWOl`xASXX!R;n-F ztQMH^sJSux_=PpqJ5SUdYxg+oyJO#pZ3c{zGvXhp&#Ye`6T%YiQIj3?+kfUh=bsjC ze;)EM&l28qG*5E#wL;}HleVgE{#+BJCG<${k(#Ah`(|hH4(Sa7-YX(b?c8{TyDQfwro|UKQ=L8b-_iNE ze=fMD%lX3p)s1T2nP*F8xX#IA-*{oajY7n;)UEv!|8ViNWP45j`Dgn5G$qT*y*DHy z-V5ro_?+vQ%=vi7#Do9qzuZ~BDf{?u>90rbf3h}>NDDV_IQwPG#MalI+mlP#VkWLW QkT-krlajN}Og9$-03&t6b^rhX delta 947 zcmZqSYT=sTEmD2&?j;wWi)a7EIIa-T>D+!_FK7S6crR%qLjxlVLo-7IQ?n>>UL#{9 z?!-LviN6)-wh8Gmsz{kM%L=qvF;O$vWZ)LzA;wpGi#pJxn|;O$9Xo3YqM80 zUJ8{sayw(svhOF%n7++ikuCmPuH5?cbMKv2o|^*KwK;W%J3MUb-gxcT&PVM+FZ&Kl zuI)eNTg=Gg&3R-8OT;v}nh)O1!A#7I42+9|4FU~h*_cCR`B=nQM7rKRolq`akuLr`{{Q`kiOT)^!i!zp``mrmmNBo|bb(XJ3B(njg0wgx+mZ+L)QDSY+R* z5?B!#Gb8Gy_+M|!8Rd3T)3@&x;0SU1qB{Ew=aP^~lbR0hm|gfbqN+TO%huJ*MBeq* z%gh&SC-dJQ7f3J9VcMl6q&;!wMjsxH11{|W6AE_L+g`eMlc}h9awoGZ)&x2E5wlXg z^G=tw&I&q$^}o!1%5J;0qFi{n=f}*`S2xct{L2$CRZ6d}h(|s0?rIw^$>R4bZ&muS zB3#k|Dwd<(uk}T154YH9I`br-@U+XDRg}*f)_?B# zuB`$rEtUeY82(twDs=IL59R0pTn4?v{<=_cZ_Loj?g4W-R z(=O0oq|o18dZqHyLcdq6SNL!H@{~CqE>?@4V8e5FuftK+N%ePiIv1<&P%4l3t*H_z zXIeNX`1zu!uL4fjd1jk^70p{7vHaubSuCCI0$kU2YKY!kV!boy9ZRu|xvj+KSbm`h zk&FjDN3vi1@v-om;8|m_(!+LXMDU}{k_XROuDZKt(XRx-W&0cD1%>zSx_RwMbVh?! zzG3&3Z>fiWpDFr1S?=v8Z;g{o%!~|-i-QdU4P@DvLuL6`#8^b6&lf)v%NKrYU(DK< zvs!;;z=TQp2J#?jWflnou?DOPCZ{l|)=%2q_Sn2v=q$-BJa;EGvWCL9V7u4(An_+QpkGu>|SB86XO zwbyH!_P@2>vs5Ji)ZR*y{S)qQZgC4bcO~)W=D7zYxRY}H8guwN9%sMHo!kH4WJ=+L z={W~~*8e*o)qddqrbi38%hopt2yL3VMMs&raeJw3WvBs*#M>29k8W}KdrE4_%9!;0 zA6t5=9`HRR_)&fC$%VfhC!%thj`L6MWOl`xASXX!R;r&+ zy31qX--mL|%AI@Pt>aATJ}z?NgpTqhr=o&qv&HqFh^>tdiWU|X*EG{evZ{agIDIb9 zjJ6lakWj=WX#vTf-FK5c%HF%Dw5; zbw`4lV}f^jeHOCQTd7&38?Z2Jzn_;{o$5=C(hqGLiYE5%opmWyD+!_FK7S6crR%qLjxlVLo-7IQ?n>>UL#{9 z?!-LviN6)-wh8Gmsz{kM%L=qvF;O$vWZ)LzA;wpGi#pJxn|;O$9Xo3YqM80 zUJ8{sayw(svhOF%n7++ikuCmPuH5?cbMKv2o|^*KwK;W%J3MUb-gxcT&PVM+FZ&Kl zuI)eNTg=Gg&3R-8OT;v}nh)O1!A#7I42+9|4FU~h*_cCR`B=nQM7rKRolq`akuLr`{{Q`kiOT)^!i!zp``mrmmNBo|bb(XJ3B(njg0wgx+mZ+L)QDSY+R* z5?B!#Gb8Gy_+M|!8Rd3T)3@&x;0SU1qB{Ew=aP^~lbR0hm|gfbqN+TO%huJ*MBeq* z%gh&SC-dJQ7f3J9VcMl6q&;!wMjsxH11{|W6AE_L+g`eMlc}h9awoGZ)&x2E5wlW# z^qU)nQxD$zKjDziM77zWn?GdkQHn9jG4zoNtjPZ-a>8JrpZ9T_U1lfC%C|UXsLy^W zS98Bc(jx1TL{i~g;l&I7e`v6E<4pQ=c7?e}OS@6f;p?ovJ4EcXIixJa-g2;<3YfVr z{>=;97#;KGjWfEv-R?|z8rr^){gtTOex*xYob~moS`KMH(i z&-CyQMl9dM3QXHCa9vTU%$fA3>UF-Si{Z?9w+v?T`G*%L>s^ZY$5fVXI`dZkIn%Ri z%heX_X7X7(GrQx#=^3p)uVc9Lj(gnvc`hsGig|1InjIpEUF!OumxvyFP;a|oMtk|+ PH!V@q_ty$A>0ST;QHQ_$ diff --git a/tests/data_files/pkcs7_data_cert_signeddata_sha256.der b/tests/data_files/pkcs7_data_cert_signeddata_sha256.der index cb7d75103daf5ed7cbaf0e2201458ca7c1fad8cf..cb97b9b6f763abacc3dd02e8d6c76d977632f7b8 100644 GIT binary patch delta 943 zcmey!`H^#ig@|&}S)sL}ejA$8W_F(X(stYHRQThGK3-DB2BroUh6aX~hK5n%yv9h} zi5nv7XDtdnn|67P#GKWND@#^b1U&5s-6j6_#J{g;{Og~bv|N+kyK|euqFt4f+_Rpl zp8J1u>1>}`{(G;>%QT-aYSr=Pwh?9t?p1f;usQmDi7-d2e#^lVrtB}B-UO|`8K+&K zzeu6KyYx!sr-gp6Sg-Kk_T?#aJY1|6J;8?O?p}wZtdr{R>U1tv-=S0<@mo_RQqHt+ zPVnYH^H;UVx@=e(um+kn z%76)z@(tuc(#k9n24W3Z6-*9fQmvn~yX~>3`;(^=C%AWLM_*VhKh5xB#P0_E<<~AH zu4gfyc~a!Kwc*@V9M6+2B+}>pS(0~o!@(7^woEt_AY9YXwei2Ksb;#};zbI-%xbUK zH0^(Dy=SRN{;9o{Ci^Gc-`wIBbnZ&x&CPQUN^mFT_%-J6cRbF1mpixrzsZ!s3Da{9 z{;dCZK&t(~{Y{S+a+j@d5D?llbBm5LbK~|>*~(A@7KyhjrXJnm^7oX~l9e&(`9HSw zR6Xq1nB@G;&i}Ug^9NROK~{4$I(2M(>X;A`IZj07G9BliT*mB*H8D;;&#Y8Gp>&tW z!oLsYnw2~EzFWtc(tTXy#0eecOHM@v&t{A3KM`9S9TY7rDz0g!kz`f>?s58Do*idB z1#^RHIC?Z{a(}V1+p@cMDwUO;|GoIB>l~RnTj4#Lv5E&D-;Zqd-0*(JjYIX*{H!$A zdP(*DieIwqCCBv{6?e9pl*)Ya2#h@xT3^nTziaaTy!Edhh&{RA#t`45{`}0bDE70R zi4%|2wpcAaz5pP1I1;iB`guUuNZ(b2>-;jUykbHVe{*-&utLu&g zHOB<+^!hAhr?*nGNH<_%*nU4RwK~<88l@lFHWW?l-8<`2s>*k^jLkl2SDpzt=(&CE K-PXkP^)LXJcDc;} delta 943 zcmey!`H^#ig-G?iyO&&iE}s1tQ8JtpV>L*;)mB;PNl@KKIh}r`*-(D;)TxBS49`kGOgUH?7U6xcmNy!mbd2Z z$wm%*PVutlId!FnrW=dA{j%HO#E-koJOBKj8l@8JDO`2!8AI5qgHwZ6q+V5Qm#8`5 zbn?hNJF7Y3OHH-}pIv?6w4k+r^4HDc-t%5g(3TXqC^BtPedTgzwYBHp3GBc5{Pp_X z=G8B^Sw@P*3f~P66qi}M)<)Lq*0JsrjIxPaeZDbP>@#bg)wyQkYR7pti)*u2G+qjo zIC48<&$90)%$UB-T#+sQTdv&t^mFf>R-T&z*R?ryhdVrM>)v?n*Um@nLNEIcORnud zxtb5&&B08}j0}v6gAD==WZ9TQW%*ddSVX$sJ)Kf>tS0uV=<+ zO7#oga|^ZEb1m8_mF>basWgNK3m>(BbQ>zB@$hv^k_K#NKkSoC=t^F8<96 z+ZY}5=8ZGDz1{9ic^cZjko}dY+kT}>U7Ypxsag(ccQjMgCSFK}H^smz)5r|NaSr;FjtdAAH^^7)4sC+l5`_{UV1ZaVW;{yEdLYs=LZ z>}K*=J2SiE!RZ;TKCffA^NxGm{CO@b=Zbl2_nI9diCyaYpO=Updr)t?VMcrT-#0B$ M)A!d3FzH?Z0FZ;e(EtDd diff --git a/tests/data_files/pkcs7_data_multiple_certs_signed.der b/tests/data_files/pkcs7_data_multiple_certs_signed.der index 4a237e9d145e0f4afedd8c3bcffb3bf146f96c4a..63d7194c780f077116a277f4c268f20744f81d00 100644 GIT binary patch delta 1910 zcmaKscQhM{0>&$1tAqr(C_)jfkz53^S8cVqRMD1Hi?mg-#R_6I#H~wlOQNVfTWZCw zQ;Hf@RWr3p&8k)Jz5CaD=Q!`r?|k21-}!xCKcpW*Hit^y8sw|sx2lfy&L$1)#ZQ|J zI4!2Tn+Yi)Rgh{ZBuX8HauK|!^k0$!2BOmsB?vi%4ujqw%3-->@Y2U6YSxTIhi1Xk z{$KmvpsJ;}>gCwfrbh9?=8z2Idkm?ev#FwI77?H?>p^(gh`c? z5N6~^RGHTjLC(jrm;Vq|d6;XrT zwRvh{$@Oj&28T)>`{C7f{O-{)MRa4w9Pt*w%yfZ?YKOEzUSef-xWoe#078Y|2YeO4 zK{j*(SkipU6icni891cae{4x03@H$GZh%t5B1On}6TfI`yu?T+8z)|M9j1ysMU6Ng zM=2IhjCxi9RkPnh`!rB_FWHxGtHH2&Cp7;L)%22_dUB^VBs?mq=IoM+ELNLZD1L;F zm<*3;-_U3&g5m~RLzLUevvqOTY=_1?r|R8z zhQSZ*>(i>sbC{d9m^=hYPSYY1;K1SCh#5&d`w^9;{@}RSI7!06o_E!&q23d%R${f3 z23ZdrbH{HTm`#x}0Mv74022TJm1i&PHUOR~W&h~;~`Cbe5LPJW;E+$xJQ z7Y1TF##Mh)a%Ci316bbSvfK`ad`o^N(X?`a5CK-|;cV1Sge!^;w-_`M(XUdnr|A2M zejBO#;>;oo%Z2%_mcHQp$Qdp z5%wDr6?L$sT68%;)?DBGJT}*qJOsmv!O}Gj@-jejD{pEGwe^44JTLGMo7ri|(>X`# z-mmR@S|23gmDkfg|Ng=ECpJ0xg^SKy6+l0qau^`?evM#_5zi7=z(zt04zRE;EwBw! z3~q=qYMhmZ{^_z(ISNcbm5f{vJH&JDJ?3<@6k;s%YYb<1`Q*KUaGV{T3d66BJbp?0 zR56WsW6K7rZEpLxRxn5+%-!-Wb4uSZ&}6!sR9z50FA|$Ik>N4tg{l-5Dj}^C4U`>J z-D$7fZ%Jc{9iTX#;TdPWx7 zGIO-!YiKKOW!(9!j*@0NR5((Efo^ z+|Q&avPlrgfz2ibr}Lt*lBCwnN{&0pebD}XImuD|M-RR}6I5IhsBpD)h42f?q7k<+ zgv~{49{1}(Q(iyYaP|~LxZe>An--f9Ndk|5e@tZ<<%&dVL0V+p;Pl1WKZvH)-~am9 zNqB07K~$Itr5(A`UaYcD{uTVWK{-%l$Hd01(}55Kz%^6a{j1jI1eRvwFSw`3EWhh@ zVH+fQruRm~VTw8~P6m&2Zx-7t+z)g9W-kmD6xW5A5q9fJ>~x}VgPmg7I9%qJtgy&# z+t?d+O=i1%+6twzkL0Zj9NVqTq$8zP5rJFr)sNCsTXROeE+4Sot+VhR`wG@oxVE3# z7z5bv`gcWo=MMLue%QzzY0{dG>+rLCwl~ui(}=4xg{f_3@cyewm_8eIxCK}2XH$`J zRSzzs*h4_)c(i7lw2t)c;Keu=N~vxTw;s>>cCTtfau~&TKOtT-Tl~{_B8>+k>i}a8 zscj$2e}06MAN7~pCYY!k;Co&)uErn4{Hf=0=Ce*Vs)y1E*jYoU)A+LKc=P{x1j8Sg|SjW&o_^T;o&*+y*r%wCHE6w zjk-(4;)_NQobe>j*F8BI^3~e&bP+CC62Voz%0?JW<_-=hU;Cig(IL NM1xXe+5k5U{sojEY|H=v delta 1910 zcmaKscQhM{0>&j#t7?Xz6}1&5NeQhzFM?81yLKaJNnLxyPSM&c+@>{Jxwg`fQo9lq zEyXpWT3lPBbfLWW?mzFmbDa0*cfRkh@BF@xE=U*5MuDRj7~{s4??#SY4aj`TX{{er z0=shDEyNIT7(x?{gu~R4&X9A6EB}>we5}ZvpHg@_Wel74$2;a`%aD)jnN^;1D#wgB zo^R8JCxt3X)FY|VMieN`hK;vnTZ7<@(C0C97uN`k3+*ks0^Z(lhtYp9K-8m?0%sXF zbHS*ozgcb$^%UG7`%X#{L}I!P2m497*ZzP!Rco;usp%f(*ShZgwHbmUt!FEV^1TBW zmg6Id*YWH-9SQtKBnLnaq2XG?t0?L<^XInpsfHO2`X5s>nx+n@ zp9li$nSG*lSwmJK0B#g#e;cb~AvA`GO0olj04#tCJD4p@oDGB)=V29Q1*h+<m0eBS4&qg z*1EdUb?~@yec4{i^r#Q2c(}WOUTf`TU(UIAhmCqqPbmDEX%-vY{7$ zgkLIH2%Y@S-S(n>(funs$3x!+s8M0yd*#j`eC?0fMKmK(stM~Wc~37v#x}yqwb*$b z@(XpfI9yk(sPz>ehrQ{(Z0Q@$O8ea0#GbZN+_qy>_$@9S6Qr7i$?Q6IjcqXKGmQ@u z9teCXC7_f;Y_jB5=r$(UWCv66I^$C_viCw@i6C=WA`t!r1Oxzq;G0%xec1*l5+XSA z`8^)yxxJXfm>hTGJSK?k|KsV1A1qKW{QbB}@IYe4exft}n3`{FXT54OT^wV8Sn?y| zR%G&2qVtn=q%XI`k$8C#Rpz@(%RXkIht%@@p1q5@A|aVe5`DU|V}rko9pDt^gcz;* zIDs38bfTNtL&^Cys>|!oQFFQ%`NO1TKr(Ti2}zEm;JWTY9LJ&?potydyYd&yM|S9J znkr7K%PjJbe7i!*))ElD#&~yE3~Zno4Tm~MnYf9e4A&%=*umP znOI6_NYs*WC%G=Wp!#(dHVq= z*D0iDjf#2Pn9CY_@j=6uv*y{pE>rmXMdxlsnOW z#iD2NiNhFUclNFj!13aQAs*MEX7GBW)@WiSoKTvS5>(wQ|48w+f;>Dn&?K3t2a-6i zbcjB}Zt5y4cXqtUnwc5=dt6#dZTdK=JD+l!AJf?MTpMT2Vt1$9j~>eN1n>2=w@&fC zcY4;BSJH4RuI%Q$+nw=rMF=c!1x7r3tJ3DqLy*4%NW%Kl23Aqchwb|dcp`8o&z3_M z0tcS@nR%-0Qh1lGziFiL&_Bq2)7iojR-mh(_x*~D4O<5HW7I2$yoK2jGh z_oN+YSw{@Gzc^f+V!7#h_AbqA=I5w?;CqdfjM_G^XS%%VUZv2$B3`Glm=OMJE7`fI zE0zy<`R%_eGB|a(|MbJ^Q9SRiL|p1nnew@e=kokq)8nd1^S;vYW@iUka^1p(LEdnZ zGmu%n#7sr_>CBZycgbB&q;wu=S%c#>{2$=8W8)Mtk?p&QUezhFYrR|ol=9I`D?FTW zUeqpk%rm87RIOprvG7bZa=i&h8Hk(iRS4`N>-{Lh&^mCO`1;l9kJ+UY$%jXtd6`E~ zFQnzs#G4@@yuz!iVX0Bezg~My?Yga`tWvG_3o9_*nDXK3RtnN5gC*?cjO!f$68g<2>>dzYQ=5t7!0rt#!NSgDRM+I@4Kd15XLAEtm4+PJVlksJ}mzNsFr+5 diff --git a/tests/data_files/pkcs7_data_multiple_signed.der b/tests/data_files/pkcs7_data_multiple_signed.der index 095b80ce1b2b43bc24694807b247e96fca78f576..cc441fb7ce1cbf5f4eab2bc127d04a48b7144f66 100644 GIT binary patch delta 578 zcmV-I0=@mJ2C4>-eH0^N%@VB@POyV!nTg8uhTBTYSL2b9B7cx|x=5k@;U0q{iM{Tw z31o}M6v)UdBho^0aORsAFXR@jTT)vS6&EQsC}KK)?&D{j47kln5p7a@2#hFvZTbZV zJqJaJB6fDq`=jMWoE&~V6TB&1A;II{S%pck@0i%af0j-6JXY%=|7ucRkuQ#g>D{7@zDgm;D~dYDQ8^(@3xnKA z9Mv~q3q^zZ0>agSJiaDBCS!QxgawnSKz9s54(sv8H?@mySmX6v2OI-$WEw)z)z(K#(eb z35yt>d@!lCLG7f4$@>1^5ALu6;wo*OhFcTWbfb+&yfIV+qJt%Opziw6A$*$Q#_|fD zsB4I~(qAQmcBRoM3WkYcxW$^1EwDb}!5j-1iho-zuUa2g55;MBV@-eH44%-O@x%(aru`L8uTciMQV_Y`>9_B7a-#*m0G?-v5xoOpzv= zRkQGEydqpOY%xq4QFw3u6v!~XPD{r;x;DvnceFuhC!6UWeBXQ-IBMb;VsV`lqoDur zfIUVDV)D(XHxz`2GE&3W1x>gVJ}U?sI2P>)1j zZ%ITknV#A(nGR1^b7L;jSpEWbXEmAHZ_YK%t#>A%y8=wDnQMsP%b0~s>s$+N$4J@v z&T4GbH-(F=xD;WECol7)6~^FyJ+PREcm3>yT9?0l5CSdGkvu*ZG6EDOgdp7B@akj>O*TN`lzop=ZauaS4B}=hxwoo705*{9%)h z{G}X;lgAyi7jq95=jV2YdgT4ZV%G6p<%Q?DPV|}o|D|5Hx-AyA(?r+a|`xgMwGUEBT?0a0*g*RUEY2zl^`T!~7D&$f(Be&~>3NP(`o Qd?L~FH}8@@16l%P0EoOF4*&oF diff --git a/tests/data_files/pkcs7_data_signed_badcert.der b/tests/data_files/pkcs7_data_signed_badcert.der index ed00f65fa3e418f7d03b508ed2b54004d92506fd..c74d69dc0d5b9c2ff3a3c45e86a0f96fadcc4a60 100644 GIT binary patch delta 947 zcmZqSYT=sTEux%sR%orL--hP2nVqM;wB7bP75;c)yqC1GfvJIop@E^Lp<$FbuQ4)r zVxIZL-wO4!7KNToySzqX&T7S#B`Yifo_2)p690SR-`6z$^-oS(u1W9RxlLiwuF6U7 zSx;5Z{lB?%wofhpz1QVsn$H)t>UeY82(twDs=IL59R0pTn4?v{<=_cZ_Loj?g4W-R z(=O0oq|o18dZqHyLcdq6SNL!H@{~CqE>?@4V8e5FuftK+N%ePiIv1<&P%4l3t*H_z zXIeNX`1zu!uL4fjd1jk^70p{7vHaubSuCCI0$kU2YKY!kV!boy9ZRu|xvj+KSbm`h zk&FjDN3vi1@v-om;8|m_(!+LXMDU}{k_XROuDZKt(XRx-W&0cD1%>zSx_RwMbVh?! zzG3&3Z>fiWpDFr1S?=v8Z;g{o%!~|-i-Qdo8pyIShsyG?h_Q%BpD%tUmM{F)zL>Qy zXSM#yfC-cG4dg-6$}AEFVhvaoOip1^t)H~J?Xjo(lcy6WxOZqrUsxg#&2tY*a3|&XHRkYlJkEZXJGcM8$&|tg z({m2~tp9gFs{O$IO^+6Gm#uFQ5ZW|zi;gmLdb}dr@uT|OlM8=2PDJH09p|6i$?S?XK~8?etW-at zbeG4%zYpb_l{@#oTgREweO%;XRtMiU%Lxk8Jha@P5XPL-o`A ztTfhoN%j4TU$X2a$MqQ%cea|8%6#$&j6D=uU(S@jYx4fQ^{*a?J-Oe;5Z|Nz{LHZ^ z_OqRd6OYxlSS>xkd%fZ+&%5OzdfC+xZ$hL6#1$Nbz3M-2UJ-2Hkbm}&e0od%lzY>w z>y899#{}>6`YdFpw^Fl6H(+7dem^g@I@OmNr61Zh6iw{iJL^)a%6GPm%|2;Yo(VYU Nxqa>3*2MJnFaQ>D+!_FK7S6crR%qLjxlVLo-7IQ?n>>UL#{9 z?!-LviN6)-wh8Gmsz{kM%L=qvF;O$vWZ)LzA;wpGi#pJxn|;O$9Xo3YqM80 zUJ8{sayw(svhOF%n7++ikuCmPuH5?cbMKv2o|^*KwK;W%J3MUb-gxcT&PVM+FZ&Kl zuI)eNTg=Gg&3R-8OT;v}nh)O1!A#7I42+9|4Hg>6vN4Cs^0A1qh;+SsI;G}VP3%?C z<#}3lXAR#4{XJnI50X}9kuVTzz^Y(!3X^JmlWg{kv#zzTFKuXCv#4(0S^vpvPH4DT zTfW-=YyOg#PeQES{v4Lmj`k3*WWKj-+N>js&ZHKkGEexpq1SoIp`WG4-*$gC%_)+w zU=nhb>KDA{7HYHSTC`Kh-5uXDOkOMAU9{q}b%dNqOK8<8=_&6z4ex$TFyFphTv&0X zq}lpI^?&LgPrX-q^*hgwt?M4de`V+BOL{)hlm#wRriM;Er zmzgivPUgQqE|6ZH!?a6DNPFVUjXpdY2VB|%CKT+fx4m@jCR0)IUeY82(twDs=IL59R0pTn4?v{<=_cZ_Loj?g4W-R z(=O0oq|o18dZqHyLcdq6SNL!H@{~CqE>?@4V8e5FuftK+N%ePiIv1<&P%4l3t*H_z zXIeNX`1zu!uL4fjd1jk^70p{7vHaubSuCCI0$kU2YKY!kV!boy9ZRu|xvj+KSbm`h zk&FjDN3vi1@v-om;8|m_(!+LXMDU}{k_XROuDZKt(XRx-W&0cD1%>zSx_RwMbVh?! zzG3&3Z>fiWpDFr1S?=v8Z;g{o%!~|-i-QdU4P@DvLuL6`#8^b6&lf)v%NKrYU(DK< zvs!;;z=TQp2J#?jWflnou?DOPCZ{l|)=%2q_Sn2v=q$-BJa;EGvWCL9V7u4(An_+QpkGu>|SB86XO zwbyH!_P@2>vs5Ji)ZR*y{S)qQZgC4bcO~)W=D7zYxRY}H8guwN9%sMHo!kH4WJ=+L z={W~~*8e*o)qddqrbi38%hopt2yL3VMMs&raeJw3WvBs*#M>29k8W}KdrE4_%9!;0 zA6t5=9`HRR_)&fC$%VfhC!%thj`L6MWOl`xASXX!R;r&+ zy31qX--mL|%AI@Pt>aATJ}z?NgpTqhr=o&qv&HqFh^>tdiWU|X*EG{evZ{agIDIb9 zjJ6lakWj=WX#vTf-FK5c%HF%Dw5; zbw`4lV}f^jeHOCQTd7&38?Z2Jzn_;{o$5=C(hqGLiYE5%opmWyD+!_FK7S6crR%qLjxlVLo-7IQ?n>>UL#{9 z?!-LviN6)-wh8Gmsz{kM%L=qvF;O$vWZ)LzA;wpGi#pJxn|;O$9Xo3YqM80 zUJ8{sayw(svhOF%n7++ikuCmPuH5?cbMKv2o|^*KwK;W%J3MUb-gxcT&PVM+FZ&Kl zuI)eNTg=Gg&3R-8OT;v}nh)O1!A#7I42+9|4FU~h*_cCR`B=nQM7rKRolq`akuLr`{{Q`kiOT)^!i!zp``mrmmNBo|bb(XJ3B(njg0wgx+mZ+L)QDSY+R* z5?B!#Gb8Gy_+M|!8Rd3T)3@&x;0SU1qB{Ew=aP^~lbR0hm|gfbqN+TO%huJ*MBeq* z%gh&SC-dJQ7f3J9VcMl6q&;!wMjsxH11{|W6AE_L+g`eMlc}h9awoGZ)&x2E5wlW# z^qU)nQxD$zKjDziM77zWn?GdkQHn9jG4zoNtjPZ-a>8JrpZ9T_U1lfC%C|UXsLy^W zS98Bc(jx1TL{i~g;l&I7e`v6E<4pQ=c7?e}OS@6f;p?ovJ4EcXIixJa-g2;<3YfVr z{>=;97#;KGjWfEv-R?|z8rr^){gtTOex*xYob~moS`KMH(i z&-CyQMl9dM3QXHCa9vTU%$fA3>UF-Si{Z?9w+v?T`G*%L>s^ZY$5fVXI`dZkIn%Ri z%heX_X7X7(GrQx#=^3p)uVc9Lj(gnvc`hsGig|1InjIpEUF!OumxvyFP;a|oMtk|+ PH!V@q_ty$A>0ST;QHQ_$ diff --git a/tests/data_files/pkcs7_data_signed_badsigner1_badsize.der b/tests/data_files/pkcs7_data_signed_badsigner1_badsize.der index da7f3a9910f62aa76ba08523e29d6db28c46cacf..dbe9320f8e8d9d2a62324210fe4bd6a6e5635f87 100644 GIT binary patch delta 871 zcmV-t1DO1w384v)eH0^N%@VB@POyV!nTg8uhTBTYSL2b9B7cx|x=5k@;U0q{iM{Tw z31o}M6v)UdBho^0aORsAFXR@jTT)vS6&EQsC}KK)?&D{j47kln5p7a@2#hFvZTbZV zJqJaJB6fDq`=jMWoE&~V6TB&1A;II{S%pck@0i%af0j-6JXY%=|7ucRkuQ#g>D{7@zDgm;D~dYDQ8^(@ z3xnKA9Mv~q3q^zZ0>agSJiaDBCS!QxgawnSKz9s54(sv8H?@mySmX6v2OI-$WEw)z)z( zK#(eb35yt>d@!lCLG7f4$@>1^5ALu6;wo*OhFcTWbfb+&yfIV+qJt%Opziw6A$*$Q z#_|fDsB4I~(qAQmcBRoM3WkYcxW$^1EwDb}!5j-1iho-zuUa2g55;MBV@Ks>N&p`feq;W&O1>A82d9u|H29`DXe1Ul)ts)A$is xYtBV6E=p5II~#Ekq^YMLDdwZ*=c~jLOcUx|D%J)oe^#5=R`|IMUBB`Ih$3u1qXPf{ delta 871 zcmV-t1DO1w384v)eH44%-O@x%(aru`L8uTciMQV_Y`>9_B7a-#*m0G?-v5xoOpzv= zRkQGEydqpOY%xq4QFw3u6v!~XPD{r;x;DvnceFuhC!6UWeBXQ-IBMb;VsV`lqoDur zfIUVDV)D(XHxz`2GE&3W1x>gVJ}U?sI2P>)1j zZ%ITknV#A(nGR1^b7L;jSpEWbXEmAHZ_YK%t#>A%y8=wDnQMsP%b0~s>s$+N$4J@v z&T4GbH-(F=xD;WECol7)6~^FyJ+PREcm3>yT9?0l5C$#KFoFSckw7{ZG6EDOgdp7B@akj>O*TN`lzop=ZauaS4B}=hxwoo705* z{9%)h{G}X;lgAyi7jq95=jV2YdgT4ZV%G6p<%Q?DPV|}o|D|5Hx-AyA(?r+a|`xgMwGUEBT?0a0*g*RUEY2zl^`T!~7D&$f(Be&~>3 zNP(`od?L~FH}8@@16l%P0FgXC7c&ABVn=eAb)Jp{af;<*6<;+Y&$vw6k&z;QZ7jPt z{SuXaT6BQU1U2aIV0Yf|kMeMYP2y2%M?&%u*vCeYya`C)iYaQlsVHA-vjw?Zf0PK$ zMCdqx#~DOMa_pIOYp0CFz2tQ^z~5&@|X|P%|bbSzi~J2e;zW;fTOpo z60~d$}^y*KTJlCU<mmPYQeKfSj)m#nqK&>vA;>F=I>%8tAxsN{+({hO zH((1zgZTo&)qy;|CO;-)c;kcxlc_*=3_%X-@y0i`i+hu7^@oN$nIPKLh@=h^DODH) zd9uIMo}l_~Ez)i*@qb7)_jbjmw&{lVf|WsF|7q)xMYI&be`nuB6j#;OaV0>IDt`%! z7@mAEskK4vq=m`){@)Mouma*LZJmZ&6V-I1jYqsOR0N`fC3m3i`p_YKn&HOs3ZAHI zh_}*TC4+XQ(I^UriD9_KnvyNBKHGp0$f9pJU$mQ0u)bMX`}|wryj2@wR1-w`Qf;)531v0E9m{&FV9&_I6yN$Tf)n zXWSHI)R~qG^iz*O;eW@$0$ZH=dQN`XaNRl?<1}lG7o7h(PxeZ;v@&bq={)(au delta 865 zcmV-n1D^b$384v)eH44%-O@x%(aru`L8uTciMQV_Y`>9_B7a-#*m0G?-v5xoOpzv= zRkQGEydqpOY%xq4QFw3u6v!~XPD{r;x;DvnceFuhC!6UWeBXQ-IBMb;VsV`lqoDur zfIUVDV)D(XHxz`2GE&3W1x>gVJ}U?sI2P>)1j zZ%ITknV#A(nGR1^b7L;jSpEWbXEmAHZ_YK%t#>A%y8=wDnQMsP%b0~s>s$+N$4J@v z&T4GbH-(F=xD;WECol7)6~^FyJ+PREcm3>yT9?0l5CSdGld}Oq6jn`DKqaqPo-%NG zvT_da4fA~ae36kNe*|Ed++Qo1RBd1 zB;+aZhB9b9+o5~ECM|-tzWO^(6o5BsjDI|Rekx~qyYYfzs)c>%!U__$qRx&@e=*$~ z8B>zaVTG^GG_T-TmIZq@>9KLP#(vkrC~Uu|Klq_%$GmX~f3D}(;gFltg!}wqlaBnQ z9Ep?19kUm64;JU=c7}T7{l#L|@m=MG=ebVwmZN85XQIohx3)H9ivV`I)y?tXmq6@l zMH~N9PWmBGpF5{}fdRQ5r{!JS{uBXGaA()B8Y&2R@Q7TAN{7$3j7@&%kYGrGuDN_7 z(epR&l0E}k0%QP@JU$mQ0u*9La+r0Vjs$UvB7bcxyEpw3m3~@u zfX)Op=_kW;6RtMw5Qv3AvQ3mpu57W&;IeouzH|~EPGR=Uax2qDgY!;Fr zCyjR(w~9PP);U@e3X52T9K0zGPl0{or2ZD{(09r+psFR}HOzlzRj3Q7uIz`9Te7EA rS+~5!p)>NCG?TO+{PsN8qmkq0_kfhjL@a<5L<7qTUjV6JXY%=|7ucRkuQ#g>D{7@zDgm;D~dYDQ8^(@ z3xnKA9Mv~q3q^zZ0>agSJiaDBCS!QxgawnSKz9s54(sv8H?@myUp%v=qT--$WEw)z)z( zK#(eb35yt>d@!lCLG7f4$@>1^5ALu6;wo*OhFcTWbfb+&yfIV+qJt%Opziw6A$*$Q z#_|fDsB4I~(qAQmcBRoM3WkYcxW$^1EwDb}!5j-1iho-zuUa2g55;MBV@hLyKs>N&p`feq;W&O1>A82d9u|H29`DXe1Ul)ts)A$is xYtBV6E=p5II~#Ekq^YMLDdwZ*=c~jLOcUx|D%J)oe^#5=R`|IMUBB`Ih$3U@qW%B? delta 871 zcmV-t1DO1w384v)eH44%-O@x%(aru`L8uTciMQV_Y`>9_B7a-#*m0G?-v5xoOpzv= zRkQGEydqpOY%xq4QFw3u6v!~XPD{r;x;DvnceFuhC!6UWeBXQ-IBMb;VsV`lqoDur zfIUVDV)D(XHxz`2GE&3W1x>gVJ}U?sI2P>)1j zZ%ITknV#A(nGR1^b7L;jSpEWbXEmAHZ_YK%t#>A%y8=wDnQMsP%b0~s>s$+N$4J@v z&T4GbH-(F=xD;WECol7)6~^FyJ+PREcm3>yT9?0l5CSdGkvu*ZG6EDOgdp7B@akj>O*TN`lzop=W=`ym1Mx=hxwoo705* z{9%)h{G}X;lgAyi7jq95=jV2YdgT4ZV%G6p<%Q?DPV|}o|D|5Hx-AyA(?r+a|`xgMwGUEBT?0a0*g*RUEY2zl^`T!~7D&$f(Be&~>3 zNP(`od?L~FH}3|LJ_A~00FgXC7c&ABVn=eAb)Jp{af;<*6<;+Y&$vw6k&z;QZ7jPt z{SuXaT6BQU1U2aIV0Yf|kMeMYP2y2%M?&%u*vCeYya`C)iYaQlsVHA-vjw?Zf0PK$ zMCdqx#~DOMa_pIOYp0CFz2tQ^z~5&@|X|P%|bbSzi~J2e;zW;fTOpo z60~d$}^y*KTJlCU<6JXY%=|7ucRkuQ#g>D{7@zDgm;D~dYDQ8^(@3xnKA z9Mv~q3q^zZ0>agSJiaDBCS!QxgawnSKz9s54(sv8H?@mySmX6v2OI-$WEw)z)z(K#(eb z35yt>d@!lCLG7f4$@>1^5ALu6;wo*OhFcTWbfb+&yfIV+qJt%Opziw6A$*$Q#_|fD zsB4I~(qAQmcBRoM3WkYcxW$^1EwDb}!5j-1iho-zuUa2g55;MBV@Ks>N&p`feq;W&O1>A82d9u|H29`DXe1Ul)ts)A$is xYtBV6E=p5II~#Ekq^YMLDdwZ*=c~jLOcUx|D%J)oe^#5=R`|IMUBB`Ih$1;5qXPf{ delta 871 zcmV-t1DO1w384v)eH44%-O@x%(aru`L8uTciMQV_Y`>9_B7a-#*m0G?-v5xoOpzv= zRkQGEydqpOY%xq4QFw3u6v!~XPD{r;x;DvnceFuhC!6UWeBXQ-IBMb;VsV`lqoDur zfIUVDV)D(XHxz`2GE&3W1x>gVJ}U?sI2P>)1j zZ%ITknV#A(nGR1^b7L;jSpEWbXEmAHZ_YK%t#>A%y8=wDnQMsP%b0~s>s$+N$4J@v z&T4GbH-(F=xD;WECol7)6~^FyJ+PREcm3>yT9?0l5CSdGkvu*ZG6EDOgdp7B@akj>O*TN`lzop=ZauaS4B}=hxwoo705*{9%)h z{G}X;lgAyi7jq95=jV2YdgT4ZV%G6p<%Q?DPV|}o|D|5Hx-AyA(?r+a|`xgMwGUEBT?0a0*g*RUEY2zl^`T!~7D&$f(Be&~>3NP(`o zd?L~FH}8@@16l@T05F09a*;qf7c&ABVn=eAb)Jp{af;<*6<;+Y&$vw6k&z;QZ7jPt z{SuXaT6BQU1U2aIV0Yf|kMeMYP2y2%M?&%u*vCeYya`C)iYaQlsVHA-vjw?Zf0PK$ zMCdqx#~DOMa_pIOYp0CFz2tQ^z~5&@|X|P%|bbSzi~J2e;zW;fTOpo z60~d$}^y*KTJlCU<6JXY%=|7ucRkuQ#g>D{7@zDgm;D~dYDQ8^(@3xnKA z9Mv~q3q^zZ0>agSJiaDBCS!QxgawnSKz9s54(sv8H?@mySmX6v2OI-$WEw)z)z(K#(eb z35yt>d@!lCLG7f4$@>1^5ALu6;wo*OhFcTWbfb+&yfIV+qJt%Opziw6A$*$Q#_|fD zsB4I~(qAQmcBRoM3WkYcxW$^1EwDb}!5j-1iho-zuUa2g55;MBV@)531v0E9m{&FV9&_I6yN$Tf)n zXWSHI)R~qG^iz*O;eW@$0$ZH=dQN`XaNRl?<1}lG7o7h(PxeZ;v@&bq=APS*` delta 865 zcmV-n1D^b$384v)eH44%-O@x%(aru`L8uTciMQV_Y`>9_B7a-#*m0G?-v5xoOpzv= zRkQGEydqpOY%xq4QFw3u6v!~XPD{r;x;DvnceFuhC!6UWeBXQ-IBMb;VsV`lqoDur zfIUVDV)D(XHxz`2GE&3W1x>gVJ}U?sI2P>)1j zZ%ITknV#A(nGR1^b7L;jSpEWbXEmAHZ_YK%t#>A%y8=wDnQMsP%b0~s>s$+N$4J@v z&T4GbH-(F=xD;WECol7)6~^FyJ+PREcm3>yT9?0l5CSdGkvu*ZG6EDOgdp7B@akj>O*TN`lzop=ZauaS4B}=hxwoo705*{9%)h z{G}X;lgAyi7jq95=jV2YdgT4ZV%G6p<%Q?DPV|}o|D|5Hx-AyA(?r+a|`xgMwGUEBT?0a0*g*RUEY2zl^`T!~7D&$f(Be&~>3NP(`o zd?L~FH}8@@16l%P0Fx>MK@?&~a+r0Vjs$UvB7bcxyEpw3m3~@u zfX)Op=_kW;6RtMw5Qv3AvQ3mpu57W&;IeouzH|~EPGR=Uax2qDgY!;Fr zCyjR(w~9PP);U@e3X52T9K0zGPl0{or2ZD{(09r+psFR}HOzlzRj3Q7uIz`9Te7EA rS+~5!p)>NCG?TO+{PsN8qmkq0_kfhjL@a<5L<7qTUjV6JXY%=|7ucRkuQ#g>D{7@zDgm;D~dYDQ8^(@3xnKA z9Mv~q3q^zZ0>agSJiaDBCS!QxgawnSKz9s54(sv8H?@mySmX6v2OI-$WEw)z)z(K#(eb z35yt>d@!lCLG7f4$@>1^5ALu6;wo*OhFcTWbfb+&yfIV+qJt%Opziw6A$*$Q#_|fD zsB4I~(qAQmcBRoM3WkYcxW$^1EwDb}!5j-1iho-zuUa2g55;MBV@Ks>N&p`feq;W&O1>A82d9u|H29`DXe1Ul)ts)A$is xYtBV6E=p5II~#Ekq^YMLDdwZ*=c~jLOcUx|D%J)oe^#5=R`|IF4PC$Th$22jqW%B? delta 871 zcmV-t1DO1w384v)eH44%-O@x%(aru`L8uTciMQV_Y`>9_B7a-#*m0G?-v5xoOpzv= zRkQGEydqpOY%xq4QFw3u6v!~XPD{r;x;DvnceFuhC!6UWeBXQ-IBMb;VsV`lqoDur zfIUVDV)D(XHxz`2GE&3W1x>gVJ}U?sI2P>)1j zZ%ITknV#A(nGR1^b7L;jSpEWbXEmAHZ_YK%t#>A%y8=wDnQMsP%b0~s>s$+N$4J@v z&T4GbH-(F=xD;WECol7)6~^FyJ+PREcm3>yT9?0l5CSdGkvu*ZG6EDOgdp7B@akj>O*TN`lzop=ZauaS4B}=hxwoo705*{9%)h z{G}X;lgAyi7jq95=jV2YdgT4ZV%G6p<%Q?DPV|}o|D|5Hx-AyA(?r+a|`xgMwGUEBT?0a0*g*RUEY2zl^`T!~7D&$f(Be&~>3NP(`o zd?L~FH}8@@16l%P0FgXC7c&ABVn=eAb)Jp{af;<*6<;+Y&$vw6k&zyMp@IPbZ7jPt z{SuXaT6BQU1U2aIV0Yf|kMeMYP2y2%M?&%u*vCeYya`C)iYaQlsVHA-vjw?Zf0PK$ zMCdqx#~DOMa_pIOYp0CFz2tQ^z~5&@|X|P%|bbSzi~J2e;zW;fTOpo z60~d$}^y*KTJlCU<=z#z2t@Qu^ diff --git a/tests/data_files/pkcs7_data_with_signature.der b/tests/data_files/pkcs7_data_with_signature.der index cb9d1267fb31d7633f5ef781447f8c82b8a8f118..b98cab6bcf88f31d57443e44f09e3d28909f609f 100644 GIT binary patch delta 289 zcmV++0p9+;1HJ>0h!i7Y%@VB@POyV!nTg8uhTBTYSL2bKB7cx|x=5k@;U0q{iM{Tw z31o}M6v)UdBho^0aORsAFXR@jTT)vS6&EQsC}KK)?&D{j47kln5p7a@2#hFvZTbZV zJqJaJB6fDq`=jMWoE&~V6TB&1A;II{S%pck@0i%af0j-0h!lI?-O@x%(aru`L8uTciMQV_Y`>A5B7a-#*m0G?-v5xoOpzv= zRkQGEydqpOY%xq4QFw3u6v!~XPD{r;x;DvnceFuhC!6UWeBXQ-IBMb;VsV`lqoDur zfIUVDV)D(XHxz`2GE&3W1x>gVJ}U?sI2P>)1j zZ%ITknV#A(nGR1^b7L;jSpEWbXEmAHZ_YK%t#>A%y8=wDnQMsP%b0~s>s$+N$4J@v n&T4GbH-(F=xD;WECol7)6~^FyJ+PREcm3>yT9?0l5CSdGzD$e9 diff --git a/tests/data_files/pkcs7_data_without_cert_signed.der b/tests/data_files/pkcs7_data_without_cert_signed.der index b47fe927e5b427158e0d5f27002e6e1ca885dd63..390361fe10665e488087977e2a247e49ffe59448 100644 GIT binary patch delta 289 zcmV++0p9+z1G58=eH0^N%@VB@POyV!nTg8uhTBTYSL2b9B7cx|x=5k@;U0q{iM{Tw z31o}M6v)UdBho^0aORsAFXR@jTT)vS6&EQsC}KK)?&D{j47kln5p7a@2#hFvZTbZV zJqJaJB6fDq`=jMWoE&~V6TB&1A;II{S%pck@0i%af0j-9_B7a-#*m0G?-v5xoOpzv= zRkQGEydqpOY%xq4QFw3u6v!~XPD{r;x;DvnceFuhC!6UWeBXQ-IBMb;VsV`lqoDur zfIUVDV)D(XHxz`2GE&3W1x>gVJ}U?sI2P>)1j zZ%ITknV#A(nGR1^b7L;jSpEWbXEmAHZ_YK%t#>A%y8=wDnQMsP%b0~s>s$+N$4J@v n&T4GbH-(F=xD;WECol7)6~^FyJ+PREcm3>yT9?0l5CSdGjv-eH0^N%@VB@POyV!nTg8uhTBTYSL2b9B7cx|x=5k@;U0q{iM{Tw z31o}M6v)UdBho^0aORsAFXR@jTT)vS6&EQsC}KK)?&D{j47kln5p7a@2#hFvZTbZV zJqJaJB6fDq`=jMWoE&~V6TB&1A;II{S%pck@0i%af0j-6JXY%=|7ucRkuQ#g>D{7@zDgm;D~dYDQ8^(@3xnKA z9Mv~q3q^zZ0>agSJiaDBCS!QxgawnSKz9s54(sv8H?@mySmX6v2OI-$WEw)z)z(K#(eb z35yt>d@!lCLG7f4$@>1^5ALu6;wo*OhFcTWbfb+&yfIV+qJt%Opziw6A$*$Q#_|fD zsB4I~(qAQmcBRoM3WkYcxW$^1EwDb}!5j-1iho-zuUa2g55;MBV@-eH44%-O@x%(aru`L8uTciMQV_Y`>9_B7a-#*m0G?-v5xoOpzv= zRkQGEydqpOY%xq4QFw3u6v!~XPD{r;x;DvnceFuhC!6UWeBXQ-IBMb;VsV`lqoDur zfIUVDV)D(XHxz`2GE&3W1x>gVJ}U?sI2P>)1j zZ%ITknV#A(nGR1^b7L;jSpEWbXEmAHZ_YK%t#>A%y8=wDnQMsP%b0~s>s$+N$4J@v z&T4GbH-(F=xD;WECol7)6~^FyJ+PREcm3>yT9?0l5CSdGkvu*ZGNBY!O;tc8uUVcl zaCx$F4)6{0eEWQnks^NtV3^!rE1BcGF4kl%e+psmtHE42$73_R%Ogdp7B@akj>O*TN`lzop=ZauaS4B}=hxwoo705*{9%)h z{G}X;lgAyi7jq95=jV2YdgT4ZV%G6p<%Q?DPV|}o|D|5Hx-AyA(?r+a|`xgMwGUEBT?0a0*g*RUEY2zl^`T!~7D&$f(Be&~>3NP(`o Qd?L~FH}8@@16l%P068xot^fc4 diff --git a/tests/data_files/pkcs7_signerInfo_2_invalid_tag.der b/tests/data_files/pkcs7_signerInfo_2_invalid_tag.der index 3a4287426c1758419224ca36729255bee68c32c5..4f059c270531c0ecb55e435645aa1dd6e7ad3cfd 100644 GIT binary patch delta 868 zcmV-q1DpJz384v)eH0^N%@VB@POyV!nTg8uhTBTYSL2b9B7cx|x=5k@;U0q{iM{Tw z31o}M6v)UdBho^0aORsAFXR@jTT)vS6&EQsC}KK)?&D{j47kln5p7a@2#hFvZTbZV zJqJaJB6fDq`=jMWoE&~V6TB&1A;II{S%pck@0i%af0j-6JXY%=|7ucRkuQ#g>D{7@zDgm;D~dYDQ8^(@3xnKA z9Mv~q3q^zZ0>agSJiaDBCS!QxgawnSKz9s54(sv8H?@mySmX6v2OI-$WEw)z)z(K#(eb z35yt>d@!lCLG7f4$@>1^5ALu6;wo*OhFcTWbfb+&yfIV+qJt%Opziw6A$*$Q#_|fD zsB4I~(qAQmcBRoM3WkYcxW$^1EwDb}!5j-1iho-zuUa2g55;MBV@L!ps9Jr^?q6i-`eqz2HZ9SosqP_Jn2y#;`e9?8R z3QrM0rU~^b>G>XM`1RI;c$jrNBhMc3h&! zHHiOb+!SQgnU)LmQ;$I5f5*WBTb%lOPJY?s907!sBC&gB^O9_B7a-#*m0G?-v5xoOpzv= zRkQGEydqpOY%xq4QFw3u6v!~XPD{r;x;DvnceFuhC!6UWeBXQ-IBMb;VsV`lqoDur zfIUVDV)D(XHxz`2GE&3W1x>gVJ}U?sI2P>)1j zZ%ITknV#A(nGR1^b7L;jSpEWbXEmAHZ_YK%t#>A%y8=wDnQMsP%b0~s>s$+N$4J@v z&T4GbH-(F=xD;WECol7)6~^FyJ+PREcm3>yT9?0l5CSdGkvu*ZG6EDOgdp7B@akj>O*TN`lzop=ZauaS4B}=hxwoo705*{9%)h z{G}X;lgAyi7jq95=jV2YdgT4ZV%G6p<%Q?DPV|}o|D|5Hx-AyA(?r+a|`xgMwGUEBT?0a0*g*RUEY2zl^`T!~7D&$f(Be&~>3NP(`o zd?L~FH}8@@16l)Q0HKjRJr^?q6k<;EE|~yQwH&YqJHpTYr=Y&P3=q zfX5j`Msn<#bZe)K#J%KoF`WUu=X^=kjTY0g=^QR$=rBB^*X^Tuf7r8Jrz^2b6{1U4 zyKvkSNJV9Ufe`;)wTxExf1pEF2jjz1`}Flu2J)B>)6GITeZO%x?tdOK&48n~s}i(q z7Lp(*jdvHfiabTuIa(76i&%slyeSS(fqmno{ub=ecgi!MswLtz%ztK8s0*mB?1zwB uvZqv8x4gxnGxC`lp~fRxHaEPxb51Ir3u0Kdi>0_cDRIjwU5 diff --git a/tests/data_files/pkcs7_signerInfo_issuer_invalid_size.der b/tests/data_files/pkcs7_signerInfo_issuer_invalid_size.der index 898ca6777a799d3b720622dd95bc7949d2107fde..cd77545f34528bbf6d5331af2285fcfe27a3238b 100644 GIT binary patch delta 947 zcmZqSYT=sTEux%sR%orL--hP2nVqM;wB7bP75;c)yqC1GfvJIop@E^Lp<$FbuQ4)r zVxIZL-wO4!7KNToySzqX&T7S#B`Yifo_2)p690SR-`6z$^-oS(u1W9RxlLiwuF6U7 zSx;5Z{lB?%wofhpz1QVsn$H)t>UeY82(twDs=IL59R0pTn4?v{<=_cZ_Loj?g4W-R z(=O0oq|o18dZqHyLcdq6SNL!H@{~CqE>?@4V8e5FuftK+N%ePiIv1<&P%4l3t*H_z zXIeNX`1zu!uL4fjd1jk^70p{7vHaubSuCCI0$kU2YKY!kV!boy9ZRu|xvj+KSbm`h zk&FjDN3vi1@v-om;8|m_(!+LXMDU}{k_XROuDZKt(XRx-W&0cD1%>zSx_RwMbVh?! zzG3&3Z>fiWpDFr1S?=v8Z;g{o%!~|-i-QdU4P@DvLuL6`#8^b6&lf)v%NKrYU(DK< zvs!;;z=TQp2J#?jWflnou?DOPCZ{l|)=%2q_Sn2v=q$-BJa;EGvWCL9V7u4(An_+QpkGu>|SB86XO zwbyH!_P@2>vs5Ji)ZR*y{S)qQZgC4bcO~)W=D7zYxRY}H8guwN9%sMHo!kH4WJ=+L z={W~~*8e*o)qddqrbi38%hopt2yL3VMMs&raeJw3WvBs*#M>29k8W}KdrE4_%9!;0 zA6t5=9`HRR_)&fC$%VfhC!%thj`L6MWOl`xASXX!R;r&+ zy31qX--mL|%AI@Pt>aATJ}z?NgpTqhr=o&qv&HqFh^>tdiWU|X*EG{evZ{agIDIb9 zjJ6lakWj=WX#vTf-FK5c%HF%Dw5; zbw`4lV}f^jeHOCQTd7&38?Z2Jzn_;{o$5=C(hqGLiYE5%opmWyD+!_FK7S6crR%qLjxlVLo-7IQ?n>>UL#{9 z?!-LviN6)-wh8Gmsz{kM%L=qvF;O$vWZ)LzA;wpGi#pJxn|;O$9Xo3YqM80 zUJ8{sayw(svhOF%n7++ikuCmPuH5?cbMKv2o|^*KwK;W%J3MUb-gxcT&PVM+FZ&Kl zuI)eNTg=Gg&3R-8OT;v}nh)O1!A#7I42+9|4FU~h*_cCR`B=nQM7rKRolq`akuLr`{{Q`kiOT)^!i!zp``mrmmNBo|bb(XJ3B(njg0wgx+mZ+L)QDSY+R* z5?B!#Gb8Gy_+M|!8Rd3T)3@&x;0SU1qB{Ew=aP^~lbR0hm|gfbqN+TO%huJ*MBeq* z%gh&SC-dJQ7f3J9VcMl6q&;!wMjsxH11{|W6AE_L+g`eMlc}h9awoGZ)&x2E5wlW# z^qU)nQxD$zKjDziM77zWn?GdkQHn9jG4zoNtjPZ-a>8JrpZ9T_U1lfC%C|UXsLy^W zS98Bc(jx1TL{i~g;l&I7e`v6E<4pQ=c7?e}OS@6f;p?ovJ4EcXIixJa-g2;<3YfVr z{>=;97#;KGjWfEv-R?|z8rr^){gtTOex*xYob~moS`KMH(i z&-CyQMl9dM3QXHCa9vTU%$fA3>UF-Si{Z?9w+v?T`G*%L>s^ZY$5fVXI`dZkIn%Ri z%heX_X7X7(GrQx#=^3p)uVc9Lj(gnvc`hsGig|1InjIpEUF!OumxvyFP;a|oMtk|+ PH!V@q_ty$A>0ST;QHQ_$ diff --git a/tests/data_files/pkcs7_signerInfo_serial_invalid_size.der b/tests/data_files/pkcs7_signerInfo_serial_invalid_size.der index f4b4e384dbfc145a6c0382f71b51c8718701eb1c..5efa3a94f44735a620afbff95d1c6aad243e68ac 100644 GIT binary patch delta 947 zcmZqSYT=sTEux%sR%orL--hP2nVqM;wB7bP75;c)yqC1GfvJIop@E^Lp<$FbuQ4)r zVxIZL-wO4!7KNToySzqX&T7S#B`Yifo_2)p690SR-`6z$^-oS(u1W9RxlLiwuF6U7 zSx;5Z{lB?%wofhpz1QVsn$H)t>UeY82(twDs=IL59R0pTn4?v{<=_cZ_Loj?g4W-R z(=O0oq|o18dZqHyLcdq6SNL!H@{~CqE>?@4V8e5FuftK+N%ePiIv1<&P%4l3t*H_z zXIeNX`1zu!uL4fjd1jk^70p{7vHaubSuCCI0$kU2YKY!kV!boy9ZRu|xvj+KSbm`h zk&FjDN3vi1@v-om;8|m_(!+LXMDU}{k_XROuDZKt(XRx-W&0cD1%>zSx_RwMbVh?! zzG3&3Z>fiWpDFr1S?=v8Z;g{o%!~|-i-QdU4P@DvLuL6`#8^b6&lf)v%NKrYU(DK< zvs!;;z=TQp2J#?jWflnou?DOPCZ{l|)=%2q_Sn2v=q$-BJa;EGvWCL9V7u4(An_+QpkGu>|SB86XO zwbyH!_P@2>vs5Ji)ZR*y{S)qQZgC4bcO~)W=D7zYxRY}H8guwN9%sMHo!kH4WJ=+L z={W~~*8e*o)qddqrbi38%hopt2yL3VMMs&raeJw3WvBs*#M>29k8W}KdrE4_%9!;0 zA6t5=9`HRR_)&fC$%VfhC!%thj`L6MWOl`xASXX!R;r&+ zy31qX--mL|%AI@Pt>aATJ}z?NgpTqhr=o&qv&HqFh^>tdiWU|X*EG{evZ{agIDIb9 zjJ6lakWj=WX#vTf-FK5c%HF%Dw5; zbw`4lV}f^jeHOCQTd7&38?Z2Jzn_;{o$5=C(hqGLiYE5%opmWyD+!_FK7S6crR%qLjxlVLo-7IQ?n>>UL#{9 z?!-LviN6)-wh8Gmsz{kM%L=qvF;O$vWZ)LzA;wpGi#pJxn|;O$9Xo3YqM80 zUJ8{sayw(svhOF%n7++ikuCmPuH5?cbMKv2o|^*KwK;W%J3MUb-gxcT&PVM+FZ&Kl zuI)eNTg=Gg&3R-8OT;v}nh)O1!A#7I42+9|4FU~h*_cCR`B=nQM7rKRolq`akuLr`{{Q`kiOT)^!i!zp``mrmmNBo|bb(XJ3B(njg0wgx+mZ+L)QDSY+R* z5?B!#Gb8Gy_+M|!8Rd3T)3@&x;0SU1qB{Ew=aP^~lbR0hm|gfbqN+TO%huJ*MBeq* z%gh&SC-dJQ7f3J9VcMl6q&;!wMjsxH11{|W6AE_L+g`eMlc}h9awoGZ)&x2E5wlW# z^qU)nQxD$zKjDziM77zWn?GdkQHn9jG4zoNtjPZ-a>8JrpZ9T_U1lfC%C|UXsLy^W zS98Bc(jx1TL{i~g;l&I7e`v6E<4pQ=c7?e}OS@6f;p?ovJ4EcXIixJa-g2;<3YfVr z{>=;97#;KGjWfEv-R?|z8rr^){gtTOex*xYob~moS`KMH(i z&-CyQMl9dM3QXHCa9vTU%$fA3>UF-Si{Z?9w+v?T`G*%L>s^ZY$5fVXI`dZkIn%Ri z%heX_X7X7(GrQx#=^3p)uVc9Lj(gnvc`hsGig|1InjIpEUF!OumxvyFP;a|oMtk|+ PH!V@q_ty$A>0ST;QHQ_$ diff --git a/tests/data_files/pkcs7_zerolendata_detached.der b/tests/data_files/pkcs7_zerolendata_detached.der index 2a389ab484991c53322dc87f998c23666c7f40d8..5f9b62eda71afa772b6a95266d9d7038ac66b3e7 100644 GIT binary patch delta 289 zcmV++0p9+z1G58=eH0^N%@VB@POyV!nTg8uhTBTYSL2b9B7bH7o!4`gS5K5wuvUbq zF6!DvsX?v9BQ{clJ}Of1VfI8P1MY+-XR?ZMi)PL5EgtEaWk4=?8bTI|{8_WJNePAF zfF?A$fI?WOEbig*yoOaV;?qZ%sw%W9CW6vHrWL4sua6xd3MA3%kEP8FL>!|E$Ojz% zh=m;deMcsh{eL5+tx!DHEVJ;9r+o8FB|V`GL^A~;LPFp`XR#T;%m4AdZd9>-%^O=L z>FhlpOpaWkZz7#@IOt0m)Q_Mncf2;bQQ^@A#QmlIH!zM(UG7n!ka3vy(v*MLkGqr~ nWsJXHBL@jkqq?a|9_B7a;7I2$7i!rx~y+-FH_ zOIzeiTb}iR70w~%C`}qJ!v*PGa|D*Lnu{c$Kkt=jl8wZnndbc1Y(FsLCDC*RoXeAH z4W$dWC0w^ShWUUGu+x2i1=JP-?3>cIY!@Z6f??Gcjwu~^vFQbs@wI!EBN%LE=BvVl z=$nT5>g`n;^M9wimT7SWc68Oqv?n?s4au4F*A_#oPF4(DNp`YDQ0L^0`wAhxd(Pt# zsN~Y+F|5pzKcl;u>E}Obtp}zKjl^)IPPdofS_K^`4ux|pr6h6(B`px5r68 Date: Thu, 25 May 2023 10:21:41 +0800 Subject: [PATCH 264/328] Update server7*.crt Signed-off-by: Pengyu Lv --- tests/data_files/server7-badsign.crt | 52 +++++++------- tests/data_files/server7-expired.crt | 48 ++++++------- tests/data_files/server7-future.crt | 48 ++++++------- tests/data_files/server7.crt | 36 +++++----- tests/data_files/server7_int-ca-exp.crt | 50 ++++++------- tests/data_files/server7_int-ca.crt | 52 +++++++------- tests/data_files/server7_int-ca_ca2.crt | 76 ++++++++++---------- tests/data_files/server7_spurious_int-ca.crt | 74 +++++++++---------- 8 files changed, 217 insertions(+), 219 deletions(-) diff --git a/tests/data_files/server7-badsign.crt b/tests/data_files/server7-badsign.crt index 954b53a5b5..e0d18b0a89 100644 --- a/tests/data_files/server7-badsign.crt +++ b/tests/data_files/server7-badsign.crt @@ -1,31 +1,31 @@ -----BEGIN CERTIFICATE----- MIIDwjCCAaqgAwIBAgIBEDANBgkqhkiG9w0BAQsFADBIMQswCQYDVQQGEwJOTDER -MA8GA1UEChMIUG9sYXJTU0wxJjAkBgNVBAMTHVBvbGFyU1NMIFRlc3QgSW50ZXJt -ZWRpYXRlIENBMB4XDTEzMDkyNDE2MTIyNFoXDTIzMDkyMjE2MTIyNFowNDELMAkG -A1UEBhMCTkwxETAPBgNVBAoTCFBvbGFyU1NMMRIwEAYDVQQDEwlsb2NhbGhvc3Qw +MA8GA1UECgwIUG9sYXJTU0wxJjAkBgNVBAMMHVBvbGFyU1NMIFRlc3QgSW50ZXJt +ZWRpYXRlIENBMB4XDTIzMDUxNzA3MTAzN1oXDTMzMDUxNzA3MTAzN1owNDELMAkG +A1UEBhMCTkwxETAPBgNVBAoMCFBvbGFyU1NMMRIwEAYDVQQDDAlsb2NhbGhvc3Qw WTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQcbffp2qXqoZyychmoCRxzrd4Vu96m 47NPBehtEC46aTeXgDnBdf++znABrAtfXBRNQz8ARIeYBmskr22rlKjyo4GVMIGS -MAkGA1UdEwQCMAAwHQYDVR0OBBYEFNIK06V3H85VsFxGoo5zbL+hYCa7MGYGA1Ud -IwRfMF2AFDh32Gt3nCh3gotO2BupHveUFrcOoUKkQDA+MQswCQYDVQQGEwJOTDER -MA8GA1UEChMIUG9sYXJTU0wxHDAaBgNVBAMTE1BvbGFyc3NsIFRlc3QgRUMgQ0GC -AQ4wDQYJKoZIhvcNAQELBQADggIBADRoQ5fHKw+vkl0D3aqLX1XrZidb+25AWbhr -FYXdaskN219PrXBL3cV8x5tK6qsPKSyyw1lue80OmhXs/w7PJkOHHUSWRnmTv7lr -8Us3Zr/yOF/VVqzdGs7DlOTpyzEBdugI9uar/aCqHDoltN8wOduOoQB9aojYpROj -+gjlEO0mgt/87XpjYOig1o0jv44QYDQZQzpj1zeIn6WMe6xk9YDwCLMjRIpg++c7 -QyxvcEJTn80wX1SaEBM2gau97G7bORLMwBVkMT4oSY+iKYgpPpawOnMJbqUP73Dm -yfJExDdrW/BbWZ/vKIcSqSZIbkHdkNjUDVHczyVwQxZxzvLFw/B1k9s7jYFsi5eK -TNAdXFa4et1H2sd+uhu24GxsjmJioDrftixcgzPVBjDCjH8QWkBEX292WJ58on0e -deWLpZUnzPdE1B4rsiPw1Vg28mGgr2O1xgBQr/fx6A+8ItNTzAXbZfEcult9ypwM -0b6YDNe5IvdKk8iwz3mof0VNy47K6xoCaE/fxxWkjoXK8x2wfswGeP2QgUzQE93b -OtjdHpsG1c7gIVFQmKATyAPUz4vqmezgNRleXU0oL0PYtoCmKQ51UjNMUfmO9xCj -VJaNa2iTQ5Dgic+CW4TYAgj5/9g9X3WfwnDNxrZ0UxxawGElczHXqbrNleTtPaKp -a8Si6UK0 +MB0GA1UdDgQWBBTSCtOldx/OVbBcRqKOc2y/oWAmuzBmBgNVHSMEXzBdgBQ4d9hr +d5wod4KLTtgbqR73lBa3DqFCpEAwPjELMAkGA1UEBhMCTkwxETAPBgNVBAoMCFBv +bGFyU1NMMRwwGgYDVQQDDBNQb2xhcnNzbCBUZXN0IEVDIENBggEOMAkGA1UdEwQC +MAAwDQYJKoZIhvcNAQELBQADggIBADU9ZyZWfX1T1Pi0PRBeqpm52pehUX2wMsyi +KudSpLeN++eS9p/R0hpNuB8WvZcsFy/qul0djPARKGpYgYTZQvOQ10VcY40jxttm +ETScnnqKH2lMr0asOpM31kKt/ghJS0njUhI9NY6yAI2XhcDzItSpqOhn6YLC3mrW +DIyBCksLKEu8x/KpRbvj3QK1ez3cHItoxCCe9gy8tMEwb8FE15dtDuL7G7iRb4Dh +VyL6qzBRvJP9AcQKT4PTaOMwu8O+hClDvLllJzCkJX4qZmQr3jwO8Emi9dvQ87ZF +cDpLbxqIgtRF8lkxn00UuhuugMgM8ldTd/aRxZrddIgFVNmEdWIWBu5ZTWmBM/FH +aguuZr3mty7Jh4XZJ0RZ4H7XaYzoVnCK9cA5koRv/gtSQdDh8BiYlJwWx8adqygo +fibinQnIOhZ4HcnlTDshsb5eY+GtkSLmc8735V5rtEt7zrtahFT5I7r2X6dDiPdD +Blvb9/5gIMC3fy0NZigDueBOYF78kpxqMRknt6x86irVdbRXw1fpVux24cfTDc/u +5Eat4YFfM1eKZnuOETumPOoa27jvcYTPMOsUN8+Q8Os6SDkJC8e2obedQoffQC06 +1Xzri3HOHzZrPHLGkwAFNYBynl1/wxGu0vPlmpzJDzc7y0e1FgKqD6YadAQM+APA +ZKasihO0 -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIEATCCA4egAwIBAgIBDjAKBggqhkjOPQQDAjA+MQswCQYDVQQGEwJOTDERMA8G -A1UEChMIUG9sYXJTU0wxHDAaBgNVBAMTE1BvbGFyc3NsIFRlc3QgRUMgQ0EwHhcN -MTMwOTI0MTU1NTE0WhcNMjMwOTIyMTU1NTE0WjBIMQswCQYDVQQGEwJOTDERMA8G -A1UEChMIUG9sYXJTU0wxJjAkBgNVBAMTHVBvbGFyU1NMIFRlc3QgSW50ZXJtZWRp +A1UECgwIUG9sYXJTU0wxHDAaBgNVBAMME1BvbGFyc3NsIFRlc3QgRUMgQ0EwHhcN +MjMwNTE3MDcxMDM3WhcNMzMwNTE3MDcxMDM3WjBIMQswCQYDVQQGEwJOTDERMA8G +A1UECgwIUG9sYXJTU0wxJjAkBgNVBAMMHVBvbGFyU1NMIFRlc3QgSW50ZXJtZWRp YXRlIENBMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAo1Oc8nr6fMTq vowV+CpC55i5BZGFGc50Eb4RLBSRTH1e7JepdFjAVbBtyQRJSiY1ja0tgLQDDKZR wfEI+b4azse460InPHv7C1TN0upXlxuj6m9B1IlP+sBaM7WBC6dVfPO+jVMIxgkF @@ -39,9 +39,9 @@ d6KXbrZteesvA1nYzEOs+3AjrbT79Md2W8Bz9bqBVNlNOESSqm4kiCJFmslm/6br Np0MSQd+o22PQ4xRtmP6UsTfU0ueiMpYc8TYYhMbfnfFyo4m707ebcflPbBEN2dg updQ66cvfCJB0QJt9upafY0lpdV1qUkCAwEAAaOBoDCBnTAdBgNVHQ4EFgQUOHfY a3ecKHeCi07YG6ke95QWtw4wbgYDVR0jBGcwZYAUnW0gJEkBPyvLeLUZvH4kydv7 -NnyhQqRAMD4xCzAJBgNVBAYTAk5MMREwDwYDVQQKEwhQb2xhclNTTDEcMBoGA1UE -AxMTUG9sYXJzc2wgVGVzdCBFQyBDQYIJAMFD4n5iQ8zoMAwGA1UdEwQFMAMBAf8w -CgYIKoZIzj0EAwIDaAAwZQIxAPyE+u+eP7gRrSFjQicmpYg8jiFUCYEowWY2zuOG -i1HXYwmpDHfasQ3rNSuf/gHvjwIwbSSjumDk+uYNci/KMELDsD0MFHxZhhBc9Hp9 -Af5cNR8KhzegznL6amRObGGKmX1F +NnyhQqRAMD4xCzAJBgNVBAYTAk5MMREwDwYDVQQKDAhQb2xhclNTTDEcMBoGA1UE +AwwTUG9sYXJzc2wgVGVzdCBFQyBDQYIJAMFD4n5iQ8zoMAwGA1UdEwQFMAMBAf8w +CgYIKoZIzj0EAwIDaAAwZQIxAOAch+gz4rHfI/pm8MIDssMtJCqzS6xtOvQHJZ9l +fdgWfJV5cSHJpOIWGXeFKKR18wIwODTRnTIioy+bYacNq8TQPjzdVlT9XbYkWIYN +JAuV9fLJJdB5nZUG3l85Dt27VNkT -----END CERTIFICATE----- diff --git a/tests/data_files/server7-expired.crt b/tests/data_files/server7-expired.crt index a25ce4b07f..9c423c9618 100644 --- a/tests/data_files/server7-expired.crt +++ b/tests/data_files/server7-expired.crt @@ -1,31 +1,31 @@ -----BEGIN CERTIFICATE----- MIIDwjCCAaqgAwIBAgIBEDANBgkqhkiG9w0BAQsFADBIMQswCQYDVQQGEwJOTDER -MA8GA1UEChMIUG9sYXJTU0wxJjAkBgNVBAMTHVBvbGFyU1NMIFRlc3QgSW50ZXJt -ZWRpYXRlIENBMB4XDTA3MDYwNTA4MTQwM1oXDTE3MDYwNTA4MTQwM1owNDELMAkG +MA8GA1UECgwIUG9sYXJTU0wxJjAkBgNVBAMMHVBvbGFyU1NMIFRlc3QgSW50ZXJt +ZWRpYXRlIENBMB4XDTEzMDUxNjA3MTAzN1oXDTIzMDUxNzA3MTAzN1owNDELMAkG A1UEBhMCTkwxETAPBgNVBAoMCFBvbGFyU1NMMRIwEAYDVQQDDAlsb2NhbGhvc3Qw WTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQcbffp2qXqoZyychmoCRxzrd4Vu96m 47NPBehtEC46aTeXgDnBdf++znABrAtfXBRNQz8ARIeYBmskr22rlKjyo4GVMIGS MB0GA1UdDgQWBBTSCtOldx/OVbBcRqKOc2y/oWAmuzBmBgNVHSMEXzBdgBQ4d9hr -d5wod4KLTtgbqR73lBa3DqFCpEAwPjELMAkGA1UEBhMCTkwxETAPBgNVBAoTCFBv -bGFyU1NMMRwwGgYDVQQDExNQb2xhcnNzbCBUZXN0IEVDIENBggEOMAkGA1UdEwQC -MAAwDQYJKoZIhvcNAQELBQADggIBAHcG1ysT8yImc0x3Z2O0SOtSYYjCPS1Gc89j -fWdBSoS5YhPHLgEjHQgDA6XdDNL0eUo3afhucEvSexhqLUABLu89cmi7ST+TsTEb -/lu8qZUgpa1bcMOk1+whl0JllfcDEq2y0aclkO0/6M6JftNNJ3egq2qVBDEszTtY -zcYZIr1o04TNp0fAtmPUH6zjpBkNB0DQyKFhgYPJNwTapj6ZDVi1zBK3wwFfZfgK -s3QvwhWNNbHL4B0sPec/6TiF5dY3SeUM4L8oAGdT7/ELE6E74rFyS/EpjJdVzXDs -FfQvUDPb6PJuWZbr4mNg/FANeGPa3VENcPz+4fj+Azi1vV3wD4OKT7W0zIkRZ+Wq -1hLFuwa/JCSHsn1GWFyWd3+qHIoFJUSU3HNxWho+MZqta0Jx/PGvMdOxnJ2az1QX -TaRwrilvN3KwvjGJ+cvGa7V9x8y9seRHZwfXXOx1ZZ0uEYquZ0jxKpBp/SdhRbA5 -zLmq088npt7tgi+LcrXydorgltBaGZA7P+/OJA2JkbIBBwdSjyfG6T07y4pgQ90h -CeRqzu4jFcZE7mjpTdEyxAQRJa2dhHkhFB7Muq7ZTi3jlml5LZnlbUdPlR5iTgOU -yueZsAAEb//A6EU008WmG/K+EY230JxEUzGNf2l1j1H94HcP9OwjY4bn2PJdVzcb -B8PmaiMB +d5wod4KLTtgbqR73lBa3DqFCpEAwPjELMAkGA1UEBhMCTkwxETAPBgNVBAoMCFBv +bGFyU1NMMRwwGgYDVQQDDBNQb2xhcnNzbCBUZXN0IEVDIENBggEOMAkGA1UdEwQC +MAAwDQYJKoZIhvcNAQELBQADggIBAHX0pu54c8rk2F76lxnMKuS+C3Kiwab0KxII +ZkpAgpk5sj2KxiGrNLDhK0ZGjVlVuUjauySVuBUfrr8GfjQ1xE7RUrxwBrEU5fVs +FHKscBF58AaIXIPf5xIuCdc2C487Leuu+LIbGsg9EvKq/pg7avIB9hSjvwn5W3m3 +3o8eL/ahD4t5rh8r7hKptY+7dqeraBrmCnitxsRQToMV+jy2RCGD3vYUDxyJc3x+ +m3o7nWGreyLCqPCRgeEh9RKbbhygcoBtdjojZABZmlGa9BO72hK5lhy2a1QiIOiL +OoBgDFf8gVo81MX02RtSQISZLq/hJ8smtil8oaKgJ+VyGjfCR1uZY7RpaEfP4U+R +tX8gqt/4TJ4mIJOv4xL12XsV65rZuB7+yhZ6rqWRlZx9Aa4/GqxIbALrQPs17uRX +41TPIdz3Pjq3w3x3bdGxbyF0TvJRaeobB60KHlrm6DWltY7k2Ucju9oTko6bJLgp +rCRC1JkTXzWS3jZDqULTVPxDsZjVRqwEl46PPe0gSloB+h/ulq8rNIG1snWTGdNQ +Bovbko9lFHA8md8f7ZULQ6pB8SV/LH2qufSsWb5LY9ZfHUprwH2oBQ+A9eYkk5ZR +LJC879ZC8w8LMQfBGT22fLnOJ2qS6GyguB+y17beF8RMgFpiFTzoD1nPQAd9cyGY +b2ta+9o9 -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIEATCCA4egAwIBAgIBDjAKBggqhkjOPQQDAjA+MQswCQYDVQQGEwJOTDERMA8G -A1UEChMIUG9sYXJTU0wxHDAaBgNVBAMTE1BvbGFyc3NsIFRlc3QgRUMgQ0EwHhcN -MTMwOTI0MTU1NTE0WhcNMjMwOTIyMTU1NTE0WjBIMQswCQYDVQQGEwJOTDERMA8G -A1UEChMIUG9sYXJTU0wxJjAkBgNVBAMTHVBvbGFyU1NMIFRlc3QgSW50ZXJtZWRp +A1UECgwIUG9sYXJTU0wxHDAaBgNVBAMME1BvbGFyc3NsIFRlc3QgRUMgQ0EwHhcN +MjMwNTE3MDcxMDM3WhcNMzMwNTE3MDcxMDM3WjBIMQswCQYDVQQGEwJOTDERMA8G +A1UECgwIUG9sYXJTU0wxJjAkBgNVBAMMHVBvbGFyU1NMIFRlc3QgSW50ZXJtZWRp YXRlIENBMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAo1Oc8nr6fMTq vowV+CpC55i5BZGFGc50Eb4RLBSRTH1e7JepdFjAVbBtyQRJSiY1ja0tgLQDDKZR wfEI+b4azse460InPHv7C1TN0upXlxuj6m9B1IlP+sBaM7WBC6dVfPO+jVMIxgkF @@ -39,9 +39,9 @@ d6KXbrZteesvA1nYzEOs+3AjrbT79Md2W8Bz9bqBVNlNOESSqm4kiCJFmslm/6br Np0MSQd+o22PQ4xRtmP6UsTfU0ueiMpYc8TYYhMbfnfFyo4m707ebcflPbBEN2dg updQ66cvfCJB0QJt9upafY0lpdV1qUkCAwEAAaOBoDCBnTAdBgNVHQ4EFgQUOHfY a3ecKHeCi07YG6ke95QWtw4wbgYDVR0jBGcwZYAUnW0gJEkBPyvLeLUZvH4kydv7 -NnyhQqRAMD4xCzAJBgNVBAYTAk5MMREwDwYDVQQKEwhQb2xhclNTTDEcMBoGA1UE -AxMTUG9sYXJzc2wgVGVzdCBFQyBDQYIJAMFD4n5iQ8zoMAwGA1UdEwQFMAMBAf8w -CgYIKoZIzj0EAwIDaAAwZQIxAPyE+u+eP7gRrSFjQicmpYg8jiFUCYEowWY2zuOG -i1HXYwmpDHfasQ3rNSuf/gHvjwIwbSSjumDk+uYNci/KMELDsD0MFHxZhhBc9Hp9 -Af5cNR8KhzegznL6amRObGGKmX1F +NnyhQqRAMD4xCzAJBgNVBAYTAk5MMREwDwYDVQQKDAhQb2xhclNTTDEcMBoGA1UE +AwwTUG9sYXJzc2wgVGVzdCBFQyBDQYIJAMFD4n5iQ8zoMAwGA1UdEwQFMAMBAf8w +CgYIKoZIzj0EAwIDaAAwZQIxAOAch+gz4rHfI/pm8MIDssMtJCqzS6xtOvQHJZ9l +fdgWfJV5cSHJpOIWGXeFKKR18wIwODTRnTIioy+bYacNq8TQPjzdVlT9XbYkWIYN +JAuV9fLJJdB5nZUG3l85Dt27VNkT -----END CERTIFICATE----- diff --git a/tests/data_files/server7-future.crt b/tests/data_files/server7-future.crt index eeb596fc29..b725eb7348 100644 --- a/tests/data_files/server7-future.crt +++ b/tests/data_files/server7-future.crt @@ -1,31 +1,31 @@ -----BEGIN CERTIFICATE----- MIIDwjCCAaqgAwIBAgIBEDANBgkqhkiG9w0BAQsFADBIMQswCQYDVQQGEwJOTDER -MA8GA1UEChMIUG9sYXJTU0wxJjAkBgNVBAMTHVBvbGFyU1NMIFRlc3QgSW50ZXJt -ZWRpYXRlIENBMB4XDTI3MDYwNjA4MTQwM1oXDTM3MDYwNjA4MTQwM1owNDELMAkG +MA8GA1UECgwIUG9sYXJTU0wxJjAkBgNVBAMMHVBvbGFyU1NMIFRlc3QgSW50ZXJt +ZWRpYXRlIENBMB4XDTMzMDUxNzA3MTAzN1oXDTQzMDUxODA3MTAzN1owNDELMAkG A1UEBhMCTkwxETAPBgNVBAoMCFBvbGFyU1NMMRIwEAYDVQQDDAlsb2NhbGhvc3Qw WTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQcbffp2qXqoZyychmoCRxzrd4Vu96m 47NPBehtEC46aTeXgDnBdf++znABrAtfXBRNQz8ARIeYBmskr22rlKjyo4GVMIGS MB0GA1UdDgQWBBTSCtOldx/OVbBcRqKOc2y/oWAmuzBmBgNVHSMEXzBdgBQ4d9hr -d5wod4KLTtgbqR73lBa3DqFCpEAwPjELMAkGA1UEBhMCTkwxETAPBgNVBAoTCFBv -bGFyU1NMMRwwGgYDVQQDExNQb2xhcnNzbCBUZXN0IEVDIENBggEOMAkGA1UdEwQC -MAAwDQYJKoZIhvcNAQELBQADggIBAHF4y9PmCUF1yOlBIUCUAAFMZmXJwOGsMNKI -u0+At0sbs+W8J06PVyYt4UxL4TyIxHM6SOvKndFdCQxG7NQY0KU+HBdLVUM1iZy0 -Kopg7yHvEAZ0YWPptgCd10C/wmTz0b0R3cxhSb8FZjlBjNB7dJKhRQsh0za+GMx/ -LXunH/t0oP5an4yO3zTog+4+7bDGGEY7SymQJ9Z8t2gdZpn/r60j9IGhL5XI2BS/ -+cU96DMF3cMmFk24vAfduYicKc8KowhUpGCsIP0bl+TY8Vq6kepBA2lnj7/YOkDs -/f+wIS/Id/hdw9KxRUPX+cQLUt0/C7JktDVudZ5zLt1y0A971R+23ARtJGUBJGSp -5tkVX8+hK8sT6AVOkcvA51IOBsVxmuoWk/WcjBDdOjyIK2JFdbcJYvR8cpRbL+j8 -HdQEu+LorvGp28m3Q5mBTKZLKgyUeQWrbYDqeub1OvYYkuvZPZWFEDP2VYcS7AXN -IoUSTcMyhLNuncQl/z0Jbkto59+il6cQ2HIqkubLBk2X8uwMw2tloROlmklweHqR -ta6aRlLxBMgccJpK7cU5H8TMb6aR9GJGyzQJ2vET3jPBq/uEwbvK8HRVJ7Ld68k6 -ZMCwXGdTeYuDWt0ngAhf+i+GNexJRSLvzRGt18DOrpmj2X3naarNSTfRArm4EINW -WKW7hd8h +d5wod4KLTtgbqR73lBa3DqFCpEAwPjELMAkGA1UEBhMCTkwxETAPBgNVBAoMCFBv +bGFyU1NMMRwwGgYDVQQDDBNQb2xhcnNzbCBUZXN0IEVDIENBggEOMAkGA1UdEwQC +MAAwDQYJKoZIhvcNAQELBQADggIBAFgzS8NNGRayelUleAee5udbk9+fkkxvYA/p +QEaD+UvuSmgJ7iEU0gx6cJ2RcEbg/NqgrMBni8ayiGptOZRTq4j8bPcrZZCrcsvO +jFk/yXwWIv1hRofQ8wBynPOgbtPJ5J7zYkE0sqXbAPOWeNdya+R0CuSex5DW9kj/ ++tiXGXdGiLKu/FOC9tedfsu67a+ZEK0Q3rbFqsWpHdQcKIEN4A18xPBXNtx/DJuq +0+fcjtIsigpRvLbLSFuvSI5vWP1MFyuMDTLYVKN1PceRg2yxpKecKbsDpeSRX3R9 +Fs444mDSJs75i8fkdXS4GLXfJjJOft3HbRtEEznF5sITppjr40PszMvOj2njWPPn +o3ECca7HbhuhtqIGfM5+2mCwPgmm7fEmYILVYgTihFfPKUhGUKN+4Qp75gOzMKds +7t8NRFTKPEpFmicc1wKfEsp22UWC6azyTu6iVByWlt+fojFbdHjvxDY8iIqBFU6/ +44uLMTxu9r9gMSZK9sX7vGIgeER3RnArP0ZSxAvoxG3lu+QQXwItxnTKQnA3CDra +MkmwSM5kMewO/Ub1bgkdQ3j/DD0uSwreEdg0fvxaAJIH2N/lOFUWPrzbg8TJR1Sb +ohctT+uAKoPQrxsZuSdrz9QHOdgkPR6gp9bdnXkZSa9jGX7Pd5Ur5LDEXljol1ZL +T97oaKB7 -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIEATCCA4egAwIBAgIBDjAKBggqhkjOPQQDAjA+MQswCQYDVQQGEwJOTDERMA8G -A1UEChMIUG9sYXJTU0wxHDAaBgNVBAMTE1BvbGFyc3NsIFRlc3QgRUMgQ0EwHhcN -MTMwOTI0MTU1NTE0WhcNMjMwOTIyMTU1NTE0WjBIMQswCQYDVQQGEwJOTDERMA8G -A1UEChMIUG9sYXJTU0wxJjAkBgNVBAMTHVBvbGFyU1NMIFRlc3QgSW50ZXJtZWRp +A1UECgwIUG9sYXJTU0wxHDAaBgNVBAMME1BvbGFyc3NsIFRlc3QgRUMgQ0EwHhcN +MjMwNTE3MDcxMDM3WhcNMzMwNTE3MDcxMDM3WjBIMQswCQYDVQQGEwJOTDERMA8G +A1UECgwIUG9sYXJTU0wxJjAkBgNVBAMMHVBvbGFyU1NMIFRlc3QgSW50ZXJtZWRp YXRlIENBMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAo1Oc8nr6fMTq vowV+CpC55i5BZGFGc50Eb4RLBSRTH1e7JepdFjAVbBtyQRJSiY1ja0tgLQDDKZR wfEI+b4azse460InPHv7C1TN0upXlxuj6m9B1IlP+sBaM7WBC6dVfPO+jVMIxgkF @@ -39,9 +39,9 @@ d6KXbrZteesvA1nYzEOs+3AjrbT79Md2W8Bz9bqBVNlNOESSqm4kiCJFmslm/6br Np0MSQd+o22PQ4xRtmP6UsTfU0ueiMpYc8TYYhMbfnfFyo4m707ebcflPbBEN2dg updQ66cvfCJB0QJt9upafY0lpdV1qUkCAwEAAaOBoDCBnTAdBgNVHQ4EFgQUOHfY a3ecKHeCi07YG6ke95QWtw4wbgYDVR0jBGcwZYAUnW0gJEkBPyvLeLUZvH4kydv7 -NnyhQqRAMD4xCzAJBgNVBAYTAk5MMREwDwYDVQQKEwhQb2xhclNTTDEcMBoGA1UE -AxMTUG9sYXJzc2wgVGVzdCBFQyBDQYIJAMFD4n5iQ8zoMAwGA1UdEwQFMAMBAf8w -CgYIKoZIzj0EAwIDaAAwZQIxAPyE+u+eP7gRrSFjQicmpYg8jiFUCYEowWY2zuOG -i1HXYwmpDHfasQ3rNSuf/gHvjwIwbSSjumDk+uYNci/KMELDsD0MFHxZhhBc9Hp9 -Af5cNR8KhzegznL6amRObGGKmX1F +NnyhQqRAMD4xCzAJBgNVBAYTAk5MMREwDwYDVQQKDAhQb2xhclNTTDEcMBoGA1UE +AwwTUG9sYXJzc2wgVGVzdCBFQyBDQYIJAMFD4n5iQ8zoMAwGA1UdEwQFMAMBAf8w +CgYIKoZIzj0EAwIDaAAwZQIxAOAch+gz4rHfI/pm8MIDssMtJCqzS6xtOvQHJZ9l +fdgWfJV5cSHJpOIWGXeFKKR18wIwODTRnTIioy+bYacNq8TQPjzdVlT9XbYkWIYN +JAuV9fLJJdB5nZUG3l85Dt27VNkT -----END CERTIFICATE----- diff --git a/tests/data_files/server7.crt b/tests/data_files/server7.crt index ed087ef613..c5c2cb8c58 100644 --- a/tests/data_files/server7.crt +++ b/tests/data_files/server7.crt @@ -1,23 +1,23 @@ -----BEGIN CERTIFICATE----- MIIDwjCCAaqgAwIBAgIBEDANBgkqhkiG9w0BAQsFADBIMQswCQYDVQQGEwJOTDER -MA8GA1UEChMIUG9sYXJTU0wxJjAkBgNVBAMTHVBvbGFyU1NMIFRlc3QgSW50ZXJt -ZWRpYXRlIENBMB4XDTEzMDkyNDE2MTIyNFoXDTIzMDkyMjE2MTIyNFowNDELMAkG -A1UEBhMCTkwxETAPBgNVBAoTCFBvbGFyU1NMMRIwEAYDVQQDEwlsb2NhbGhvc3Qw +MA8GA1UECgwIUG9sYXJTU0wxJjAkBgNVBAMMHVBvbGFyU1NMIFRlc3QgSW50ZXJt +ZWRpYXRlIENBMB4XDTIzMDUxNzA3MTAzN1oXDTMzMDUxNzA3MTAzN1owNDELMAkG +A1UEBhMCTkwxETAPBgNVBAoMCFBvbGFyU1NMMRIwEAYDVQQDDAlsb2NhbGhvc3Qw WTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQcbffp2qXqoZyychmoCRxzrd4Vu96m 47NPBehtEC46aTeXgDnBdf++znABrAtfXBRNQz8ARIeYBmskr22rlKjyo4GVMIGS -MAkGA1UdEwQCMAAwHQYDVR0OBBYEFNIK06V3H85VsFxGoo5zbL+hYCa7MGYGA1Ud -IwRfMF2AFDh32Gt3nCh3gotO2BupHveUFrcOoUKkQDA+MQswCQYDVQQGEwJOTDER -MA8GA1UEChMIUG9sYXJTU0wxHDAaBgNVBAMTE1BvbGFyc3NsIFRlc3QgRUMgQ0GC -AQ4wDQYJKoZIhvcNAQELBQADggIBADRoQ5fHKw+vkl0D3aqLX1XrZidb+25AWbhr -FYXdaskN219PrXBL3cV8x5tK6qsPKSyyw1lue80OmhXs/w7PJkOHHUSWRnmTv7lr -8Us3Zr/yOF/VVqzdGs7DlOTpyzEBdugI9uar/aCqHDoltN8wOduOoQB9aojYpROj -+gjlEO0mgt/87XpjYOig1o0jv44QYDQZQzpj1zeIn6WMe6xk9YDwCLMjRIpg++c7 -QyxvcEJTn80wX1SaEBM2gau97G7bORLMwBVkMT4oSY+iKYgpPpawOnMJbqUP73Dm -yfJExDdrW/BbWZ/vKIcSqSZIbkHdkNjUDVHczyVwQxZxzvLFw/B1k9s7jYFsi5eK -TNAdXFa4et1H2sd+uhu24GxsjmJioDrftixcgzPVBjDCjH8QWkBEX292WJ58on0e -deWLpZUnzPdE1B4rsiPw1Vg28mGgr2O1xgBQr/fx6A+8ItNTzAXbZfEcult9ypwM -0b6YDNe5IvdKk8iwz3mof0VNy47K6xoCaE/fxxWkjoXK8x2wfswGeP2QgUzQE93b -OtjdHpsG1c7gIVFQmKATyAPUz4vqmezgNRleXU0oL0PYtoCmKQ51UjNMUfmO9xCj -VJaNa2iTQ5Dgic+CW4TYAgj5/9g9X3WfwnDNxrZ0UxxawGElczHXqbrNleTtPaKp -a8Si6UK5 +MB0GA1UdDgQWBBTSCtOldx/OVbBcRqKOc2y/oWAmuzBmBgNVHSMEXzBdgBQ4d9hr +d5wod4KLTtgbqR73lBa3DqFCpEAwPjELMAkGA1UEBhMCTkwxETAPBgNVBAoMCFBv +bGFyU1NMMRwwGgYDVQQDDBNQb2xhcnNzbCBUZXN0IEVDIENBggEOMAkGA1UdEwQC +MAAwDQYJKoZIhvcNAQELBQADggIBADU9ZyZWfX1T1Pi0PRBeqpm52pehUX2wMsyi +KudSpLeN++eS9p/R0hpNuB8WvZcsFy/qul0djPARKGpYgYTZQvOQ10VcY40jxttm +ETScnnqKH2lMr0asOpM31kKt/ghJS0njUhI9NY6yAI2XhcDzItSpqOhn6YLC3mrW +DIyBCksLKEu8x/KpRbvj3QK1ez3cHItoxCCe9gy8tMEwb8FE15dtDuL7G7iRb4Dh +VyL6qzBRvJP9AcQKT4PTaOMwu8O+hClDvLllJzCkJX4qZmQr3jwO8Emi9dvQ87ZF +cDpLbxqIgtRF8lkxn00UuhuugMgM8ldTd/aRxZrddIgFVNmEdWIWBu5ZTWmBM/FH +aguuZr3mty7Jh4XZJ0RZ4H7XaYzoVnCK9cA5koRv/gtSQdDh8BiYlJwWx8adqygo +fibinQnIOhZ4HcnlTDshsb5eY+GtkSLmc8735V5rtEt7zrtahFT5I7r2X6dDiPdD +Blvb9/5gIMC3fy0NZigDueBOYF78kpxqMRknt6x86irVdbRXw1fpVux24cfTDc/u +5Eat4YFfM1eKZnuOETumPOoa27jvcYTPMOsUN8+Q8Os6SDkJC8e2obedQoffQC06 +1Xzri3HOHzZrPHLGkwAFNYBynl1/wxGu0vPlmpzJDzc7y0e1FgKqD6YadAQM+APA +ZKasihO3 -----END CERTIFICATE----- diff --git a/tests/data_files/server7_int-ca-exp.crt b/tests/data_files/server7_int-ca-exp.crt index fc0051772e..a3a8f69dd1 100644 --- a/tests/data_files/server7_int-ca-exp.crt +++ b/tests/data_files/server7_int-ca-exp.crt @@ -1,30 +1,30 @@ -----BEGIN CERTIFICATE----- MIIDwjCCAaqgAwIBAgIBEDANBgkqhkiG9w0BAQsFADBIMQswCQYDVQQGEwJOTDER -MA8GA1UEChMIUG9sYXJTU0wxJjAkBgNVBAMTHVBvbGFyU1NMIFRlc3QgSW50ZXJt -ZWRpYXRlIENBMB4XDTEzMDkyNDE2MTIyNFoXDTIzMDkyMjE2MTIyNFowNDELMAkG -A1UEBhMCTkwxETAPBgNVBAoTCFBvbGFyU1NMMRIwEAYDVQQDEwlsb2NhbGhvc3Qw +MA8GA1UECgwIUG9sYXJTU0wxJjAkBgNVBAMMHVBvbGFyU1NMIFRlc3QgSW50ZXJt +ZWRpYXRlIENBMB4XDTIzMDUxNzA3MTAzN1oXDTMzMDUxNzA3MTAzN1owNDELMAkG +A1UEBhMCTkwxETAPBgNVBAoMCFBvbGFyU1NMMRIwEAYDVQQDDAlsb2NhbGhvc3Qw WTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQcbffp2qXqoZyychmoCRxzrd4Vu96m 47NPBehtEC46aTeXgDnBdf++znABrAtfXBRNQz8ARIeYBmskr22rlKjyo4GVMIGS -MAkGA1UdEwQCMAAwHQYDVR0OBBYEFNIK06V3H85VsFxGoo5zbL+hYCa7MGYGA1Ud -IwRfMF2AFDh32Gt3nCh3gotO2BupHveUFrcOoUKkQDA+MQswCQYDVQQGEwJOTDER -MA8GA1UEChMIUG9sYXJTU0wxHDAaBgNVBAMTE1BvbGFyc3NsIFRlc3QgRUMgQ0GC -AQ4wDQYJKoZIhvcNAQELBQADggIBADRoQ5fHKw+vkl0D3aqLX1XrZidb+25AWbhr -FYXdaskN219PrXBL3cV8x5tK6qsPKSyyw1lue80OmhXs/w7PJkOHHUSWRnmTv7lr -8Us3Zr/yOF/VVqzdGs7DlOTpyzEBdugI9uar/aCqHDoltN8wOduOoQB9aojYpROj -+gjlEO0mgt/87XpjYOig1o0jv44QYDQZQzpj1zeIn6WMe6xk9YDwCLMjRIpg++c7 -QyxvcEJTn80wX1SaEBM2gau97G7bORLMwBVkMT4oSY+iKYgpPpawOnMJbqUP73Dm -yfJExDdrW/BbWZ/vKIcSqSZIbkHdkNjUDVHczyVwQxZxzvLFw/B1k9s7jYFsi5eK -TNAdXFa4et1H2sd+uhu24GxsjmJioDrftixcgzPVBjDCjH8QWkBEX292WJ58on0e -deWLpZUnzPdE1B4rsiPw1Vg28mGgr2O1xgBQr/fx6A+8ItNTzAXbZfEcult9ypwM -0b6YDNe5IvdKk8iwz3mof0VNy47K6xoCaE/fxxWkjoXK8x2wfswGeP2QgUzQE93b -OtjdHpsG1c7gIVFQmKATyAPUz4vqmezgNRleXU0oL0PYtoCmKQ51UjNMUfmO9xCj -VJaNa2iTQ5Dgic+CW4TYAgj5/9g9X3WfwnDNxrZ0UxxawGElczHXqbrNleTtPaKp -a8Si6UK5 +MB0GA1UdDgQWBBTSCtOldx/OVbBcRqKOc2y/oWAmuzBmBgNVHSMEXzBdgBQ4d9hr +d5wod4KLTtgbqR73lBa3DqFCpEAwPjELMAkGA1UEBhMCTkwxETAPBgNVBAoMCFBv +bGFyU1NMMRwwGgYDVQQDDBNQb2xhcnNzbCBUZXN0IEVDIENBggEOMAkGA1UdEwQC +MAAwDQYJKoZIhvcNAQELBQADggIBADU9ZyZWfX1T1Pi0PRBeqpm52pehUX2wMsyi +KudSpLeN++eS9p/R0hpNuB8WvZcsFy/qul0djPARKGpYgYTZQvOQ10VcY40jxttm +ETScnnqKH2lMr0asOpM31kKt/ghJS0njUhI9NY6yAI2XhcDzItSpqOhn6YLC3mrW +DIyBCksLKEu8x/KpRbvj3QK1ez3cHItoxCCe9gy8tMEwb8FE15dtDuL7G7iRb4Dh +VyL6qzBRvJP9AcQKT4PTaOMwu8O+hClDvLllJzCkJX4qZmQr3jwO8Emi9dvQ87ZF +cDpLbxqIgtRF8lkxn00UuhuugMgM8ldTd/aRxZrddIgFVNmEdWIWBu5ZTWmBM/FH +aguuZr3mty7Jh4XZJ0RZ4H7XaYzoVnCK9cA5koRv/gtSQdDh8BiYlJwWx8adqygo +fibinQnIOhZ4HcnlTDshsb5eY+GtkSLmc8735V5rtEt7zrtahFT5I7r2X6dDiPdD +Blvb9/5gIMC3fy0NZigDueBOYF78kpxqMRknt6x86irVdbRXw1fpVux24cfTDc/u +5Eat4YFfM1eKZnuOETumPOoa27jvcYTPMOsUN8+Q8Os6SDkJC8e2obedQoffQC06 +1Xzri3HOHzZrPHLGkwAFNYBynl1/wxGu0vPlmpzJDzc7y0e1FgKqD6YadAQM+APA +ZKasihO3 -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIEATCCA4egAwIBAgIBDjAKBggqhkjOPQQDAjA+MQswCQYDVQQGEwJOTDERMA8G -A1UEChMIUG9sYXJTU0wxHDAaBgNVBAMTE1BvbGFyc3NsIFRlc3QgRUMgQ0EwHhcN -MDcwNjI3MTAzODM3WhcNMTcwNjI3MTAzODM3WjBIMQswCQYDVQQGEwJOTDERMA8G +A1UECgwIUG9sYXJTU0wxHDAaBgNVBAMME1BvbGFyc3NsIFRlc3QgRUMgQ0EwHhcN +MTMwNTE2MDcxMDM3WhcNMjMwNTE3MDcxMDM3WjBIMQswCQYDVQQGEwJOTDERMA8G A1UECgwIUG9sYXJTU0wxJjAkBgNVBAMMHVBvbGFyU1NMIFRlc3QgSW50ZXJtZWRp YXRlIENBMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAo1Oc8nr6fMTq vowV+CpC55i5BZGFGc50Eb4RLBSRTH1e7JepdFjAVbBtyQRJSiY1ja0tgLQDDKZR @@ -39,9 +39,9 @@ d6KXbrZteesvA1nYzEOs+3AjrbT79Md2W8Bz9bqBVNlNOESSqm4kiCJFmslm/6br Np0MSQd+o22PQ4xRtmP6UsTfU0ueiMpYc8TYYhMbfnfFyo4m707ebcflPbBEN2dg updQ66cvfCJB0QJt9upafY0lpdV1qUkCAwEAAaOBoDCBnTAdBgNVHQ4EFgQUOHfY a3ecKHeCi07YG6ke95QWtw4wbgYDVR0jBGcwZYAUnW0gJEkBPyvLeLUZvH4kydv7 -NnyhQqRAMD4xCzAJBgNVBAYTAk5MMREwDwYDVQQKEwhQb2xhclNTTDEcMBoGA1UE -AxMTUG9sYXJzc2wgVGVzdCBFQyBDQYIJAMFD4n5iQ8zoMAwGA1UdEwQFMAMBAf8w -CgYIKoZIzj0EAwIDaAAwZQIxAPu/FDEPvIC/BnzPQDAr1bQakGiwBsE9zGKRgXgX -Y3Q+XJKhMEKZ8h1m+S5c6taO0gIwNB14zmJ1gJ9X3+tPDfriWrVaNMG54Kr57/Ep -773Ap7Gxpk168id1EFhvW22YabKs +NnyhQqRAMD4xCzAJBgNVBAYTAk5MMREwDwYDVQQKDAhQb2xhclNTTDEcMBoGA1UE +AwwTUG9sYXJzc2wgVGVzdCBFQyBDQYIJAMFD4n5iQ8zoMAwGA1UdEwQFMAMBAf8w +CgYIKoZIzj0EAwIDaAAwZQIxAJH0e4fySJI2nJt1Knd+yU7zn1jTFDAABJMbndhR +07OSM6vwUaGSMVatSzr8ah+UDgIwaI/MBcorSxT92jAQb1W5dJkEudoYSg49fjAf +z0BtLCVhFwQlrzCqgXC98SGfT6sZ -----END CERTIFICATE----- diff --git a/tests/data_files/server7_int-ca.crt b/tests/data_files/server7_int-ca.crt index d3ddc46a8b..cb108a46f2 100644 --- a/tests/data_files/server7_int-ca.crt +++ b/tests/data_files/server7_int-ca.crt @@ -1,31 +1,31 @@ -----BEGIN CERTIFICATE----- MIIDwjCCAaqgAwIBAgIBEDANBgkqhkiG9w0BAQsFADBIMQswCQYDVQQGEwJOTDER -MA8GA1UEChMIUG9sYXJTU0wxJjAkBgNVBAMTHVBvbGFyU1NMIFRlc3QgSW50ZXJt -ZWRpYXRlIENBMB4XDTEzMDkyNDE2MTIyNFoXDTIzMDkyMjE2MTIyNFowNDELMAkG -A1UEBhMCTkwxETAPBgNVBAoTCFBvbGFyU1NMMRIwEAYDVQQDEwlsb2NhbGhvc3Qw +MA8GA1UECgwIUG9sYXJTU0wxJjAkBgNVBAMMHVBvbGFyU1NMIFRlc3QgSW50ZXJt +ZWRpYXRlIENBMB4XDTIzMDUxNzA3MTAzN1oXDTMzMDUxNzA3MTAzN1owNDELMAkG +A1UEBhMCTkwxETAPBgNVBAoMCFBvbGFyU1NMMRIwEAYDVQQDDAlsb2NhbGhvc3Qw WTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQcbffp2qXqoZyychmoCRxzrd4Vu96m 47NPBehtEC46aTeXgDnBdf++znABrAtfXBRNQz8ARIeYBmskr22rlKjyo4GVMIGS -MAkGA1UdEwQCMAAwHQYDVR0OBBYEFNIK06V3H85VsFxGoo5zbL+hYCa7MGYGA1Ud -IwRfMF2AFDh32Gt3nCh3gotO2BupHveUFrcOoUKkQDA+MQswCQYDVQQGEwJOTDER -MA8GA1UEChMIUG9sYXJTU0wxHDAaBgNVBAMTE1BvbGFyc3NsIFRlc3QgRUMgQ0GC -AQ4wDQYJKoZIhvcNAQELBQADggIBADRoQ5fHKw+vkl0D3aqLX1XrZidb+25AWbhr -FYXdaskN219PrXBL3cV8x5tK6qsPKSyyw1lue80OmhXs/w7PJkOHHUSWRnmTv7lr -8Us3Zr/yOF/VVqzdGs7DlOTpyzEBdugI9uar/aCqHDoltN8wOduOoQB9aojYpROj -+gjlEO0mgt/87XpjYOig1o0jv44QYDQZQzpj1zeIn6WMe6xk9YDwCLMjRIpg++c7 -QyxvcEJTn80wX1SaEBM2gau97G7bORLMwBVkMT4oSY+iKYgpPpawOnMJbqUP73Dm -yfJExDdrW/BbWZ/vKIcSqSZIbkHdkNjUDVHczyVwQxZxzvLFw/B1k9s7jYFsi5eK -TNAdXFa4et1H2sd+uhu24GxsjmJioDrftixcgzPVBjDCjH8QWkBEX292WJ58on0e -deWLpZUnzPdE1B4rsiPw1Vg28mGgr2O1xgBQr/fx6A+8ItNTzAXbZfEcult9ypwM -0b6YDNe5IvdKk8iwz3mof0VNy47K6xoCaE/fxxWkjoXK8x2wfswGeP2QgUzQE93b -OtjdHpsG1c7gIVFQmKATyAPUz4vqmezgNRleXU0oL0PYtoCmKQ51UjNMUfmO9xCj -VJaNa2iTQ5Dgic+CW4TYAgj5/9g9X3WfwnDNxrZ0UxxawGElczHXqbrNleTtPaKp -a8Si6UK5 +MB0GA1UdDgQWBBTSCtOldx/OVbBcRqKOc2y/oWAmuzBmBgNVHSMEXzBdgBQ4d9hr +d5wod4KLTtgbqR73lBa3DqFCpEAwPjELMAkGA1UEBhMCTkwxETAPBgNVBAoMCFBv +bGFyU1NMMRwwGgYDVQQDDBNQb2xhcnNzbCBUZXN0IEVDIENBggEOMAkGA1UdEwQC +MAAwDQYJKoZIhvcNAQELBQADggIBADU9ZyZWfX1T1Pi0PRBeqpm52pehUX2wMsyi +KudSpLeN++eS9p/R0hpNuB8WvZcsFy/qul0djPARKGpYgYTZQvOQ10VcY40jxttm +ETScnnqKH2lMr0asOpM31kKt/ghJS0njUhI9NY6yAI2XhcDzItSpqOhn6YLC3mrW +DIyBCksLKEu8x/KpRbvj3QK1ez3cHItoxCCe9gy8tMEwb8FE15dtDuL7G7iRb4Dh +VyL6qzBRvJP9AcQKT4PTaOMwu8O+hClDvLllJzCkJX4qZmQr3jwO8Emi9dvQ87ZF +cDpLbxqIgtRF8lkxn00UuhuugMgM8ldTd/aRxZrddIgFVNmEdWIWBu5ZTWmBM/FH +aguuZr3mty7Jh4XZJ0RZ4H7XaYzoVnCK9cA5koRv/gtSQdDh8BiYlJwWx8adqygo +fibinQnIOhZ4HcnlTDshsb5eY+GtkSLmc8735V5rtEt7zrtahFT5I7r2X6dDiPdD +Blvb9/5gIMC3fy0NZigDueBOYF78kpxqMRknt6x86irVdbRXw1fpVux24cfTDc/u +5Eat4YFfM1eKZnuOETumPOoa27jvcYTPMOsUN8+Q8Os6SDkJC8e2obedQoffQC06 +1Xzri3HOHzZrPHLGkwAFNYBynl1/wxGu0vPlmpzJDzc7y0e1FgKqD6YadAQM+APA +ZKasihO3 -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIEATCCA4egAwIBAgIBDjAKBggqhkjOPQQDAjA+MQswCQYDVQQGEwJOTDERMA8G -A1UEChMIUG9sYXJTU0wxHDAaBgNVBAMTE1BvbGFyc3NsIFRlc3QgRUMgQ0EwHhcN -MTMwOTI0MTU1NTE0WhcNMjMwOTIyMTU1NTE0WjBIMQswCQYDVQQGEwJOTDERMA8G -A1UEChMIUG9sYXJTU0wxJjAkBgNVBAMTHVBvbGFyU1NMIFRlc3QgSW50ZXJtZWRp +A1UECgwIUG9sYXJTU0wxHDAaBgNVBAMME1BvbGFyc3NsIFRlc3QgRUMgQ0EwHhcN +MjMwNTE3MDcxMDM3WhcNMzMwNTE3MDcxMDM3WjBIMQswCQYDVQQGEwJOTDERMA8G +A1UECgwIUG9sYXJTU0wxJjAkBgNVBAMMHVBvbGFyU1NMIFRlc3QgSW50ZXJtZWRp YXRlIENBMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAo1Oc8nr6fMTq vowV+CpC55i5BZGFGc50Eb4RLBSRTH1e7JepdFjAVbBtyQRJSiY1ja0tgLQDDKZR wfEI+b4azse460InPHv7C1TN0upXlxuj6m9B1IlP+sBaM7WBC6dVfPO+jVMIxgkF @@ -39,9 +39,9 @@ d6KXbrZteesvA1nYzEOs+3AjrbT79Md2W8Bz9bqBVNlNOESSqm4kiCJFmslm/6br Np0MSQd+o22PQ4xRtmP6UsTfU0ueiMpYc8TYYhMbfnfFyo4m707ebcflPbBEN2dg updQ66cvfCJB0QJt9upafY0lpdV1qUkCAwEAAaOBoDCBnTAdBgNVHQ4EFgQUOHfY a3ecKHeCi07YG6ke95QWtw4wbgYDVR0jBGcwZYAUnW0gJEkBPyvLeLUZvH4kydv7 -NnyhQqRAMD4xCzAJBgNVBAYTAk5MMREwDwYDVQQKEwhQb2xhclNTTDEcMBoGA1UE -AxMTUG9sYXJzc2wgVGVzdCBFQyBDQYIJAMFD4n5iQ8zoMAwGA1UdEwQFMAMBAf8w -CgYIKoZIzj0EAwIDaAAwZQIxAPyE+u+eP7gRrSFjQicmpYg8jiFUCYEowWY2zuOG -i1HXYwmpDHfasQ3rNSuf/gHvjwIwbSSjumDk+uYNci/KMELDsD0MFHxZhhBc9Hp9 -Af5cNR8KhzegznL6amRObGGKmX1F +NnyhQqRAMD4xCzAJBgNVBAYTAk5MMREwDwYDVQQKDAhQb2xhclNTTDEcMBoGA1UE +AwwTUG9sYXJzc2wgVGVzdCBFQyBDQYIJAMFD4n5iQ8zoMAwGA1UdEwQFMAMBAf8w +CgYIKoZIzj0EAwIDaAAwZQIxAOAch+gz4rHfI/pm8MIDssMtJCqzS6xtOvQHJZ9l +fdgWfJV5cSHJpOIWGXeFKKR18wIwODTRnTIioy+bYacNq8TQPjzdVlT9XbYkWIYN +JAuV9fLJJdB5nZUG3l85Dt27VNkT -----END CERTIFICATE----- diff --git a/tests/data_files/server7_int-ca_ca2.crt b/tests/data_files/server7_int-ca_ca2.crt index c289c0aadf..097447fd0a 100644 --- a/tests/data_files/server7_int-ca_ca2.crt +++ b/tests/data_files/server7_int-ca_ca2.crt @@ -1,31 +1,31 @@ -----BEGIN CERTIFICATE----- MIIDwjCCAaqgAwIBAgIBEDANBgkqhkiG9w0BAQsFADBIMQswCQYDVQQGEwJOTDER -MA8GA1UEChMIUG9sYXJTU0wxJjAkBgNVBAMTHVBvbGFyU1NMIFRlc3QgSW50ZXJt -ZWRpYXRlIENBMB4XDTEzMDkyNDE2MTIyNFoXDTIzMDkyMjE2MTIyNFowNDELMAkG -A1UEBhMCTkwxETAPBgNVBAoTCFBvbGFyU1NMMRIwEAYDVQQDEwlsb2NhbGhvc3Qw +MA8GA1UECgwIUG9sYXJTU0wxJjAkBgNVBAMMHVBvbGFyU1NMIFRlc3QgSW50ZXJt +ZWRpYXRlIENBMB4XDTIzMDUxNzA3MTAzN1oXDTMzMDUxNzA3MTAzN1owNDELMAkG +A1UEBhMCTkwxETAPBgNVBAoMCFBvbGFyU1NMMRIwEAYDVQQDDAlsb2NhbGhvc3Qw WTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQcbffp2qXqoZyychmoCRxzrd4Vu96m 47NPBehtEC46aTeXgDnBdf++znABrAtfXBRNQz8ARIeYBmskr22rlKjyo4GVMIGS -MAkGA1UdEwQCMAAwHQYDVR0OBBYEFNIK06V3H85VsFxGoo5zbL+hYCa7MGYGA1Ud -IwRfMF2AFDh32Gt3nCh3gotO2BupHveUFrcOoUKkQDA+MQswCQYDVQQGEwJOTDER -MA8GA1UEChMIUG9sYXJTU0wxHDAaBgNVBAMTE1BvbGFyc3NsIFRlc3QgRUMgQ0GC -AQ4wDQYJKoZIhvcNAQELBQADggIBADRoQ5fHKw+vkl0D3aqLX1XrZidb+25AWbhr -FYXdaskN219PrXBL3cV8x5tK6qsPKSyyw1lue80OmhXs/w7PJkOHHUSWRnmTv7lr -8Us3Zr/yOF/VVqzdGs7DlOTpyzEBdugI9uar/aCqHDoltN8wOduOoQB9aojYpROj -+gjlEO0mgt/87XpjYOig1o0jv44QYDQZQzpj1zeIn6WMe6xk9YDwCLMjRIpg++c7 -QyxvcEJTn80wX1SaEBM2gau97G7bORLMwBVkMT4oSY+iKYgpPpawOnMJbqUP73Dm -yfJExDdrW/BbWZ/vKIcSqSZIbkHdkNjUDVHczyVwQxZxzvLFw/B1k9s7jYFsi5eK -TNAdXFa4et1H2sd+uhu24GxsjmJioDrftixcgzPVBjDCjH8QWkBEX292WJ58on0e -deWLpZUnzPdE1B4rsiPw1Vg28mGgr2O1xgBQr/fx6A+8ItNTzAXbZfEcult9ypwM -0b6YDNe5IvdKk8iwz3mof0VNy47K6xoCaE/fxxWkjoXK8x2wfswGeP2QgUzQE93b -OtjdHpsG1c7gIVFQmKATyAPUz4vqmezgNRleXU0oL0PYtoCmKQ51UjNMUfmO9xCj -VJaNa2iTQ5Dgic+CW4TYAgj5/9g9X3WfwnDNxrZ0UxxawGElczHXqbrNleTtPaKp -a8Si6UK5 +MB0GA1UdDgQWBBTSCtOldx/OVbBcRqKOc2y/oWAmuzBmBgNVHSMEXzBdgBQ4d9hr +d5wod4KLTtgbqR73lBa3DqFCpEAwPjELMAkGA1UEBhMCTkwxETAPBgNVBAoMCFBv +bGFyU1NMMRwwGgYDVQQDDBNQb2xhcnNzbCBUZXN0IEVDIENBggEOMAkGA1UdEwQC +MAAwDQYJKoZIhvcNAQELBQADggIBADU9ZyZWfX1T1Pi0PRBeqpm52pehUX2wMsyi +KudSpLeN++eS9p/R0hpNuB8WvZcsFy/qul0djPARKGpYgYTZQvOQ10VcY40jxttm +ETScnnqKH2lMr0asOpM31kKt/ghJS0njUhI9NY6yAI2XhcDzItSpqOhn6YLC3mrW +DIyBCksLKEu8x/KpRbvj3QK1ez3cHItoxCCe9gy8tMEwb8FE15dtDuL7G7iRb4Dh +VyL6qzBRvJP9AcQKT4PTaOMwu8O+hClDvLllJzCkJX4qZmQr3jwO8Emi9dvQ87ZF +cDpLbxqIgtRF8lkxn00UuhuugMgM8ldTd/aRxZrddIgFVNmEdWIWBu5ZTWmBM/FH +aguuZr3mty7Jh4XZJ0RZ4H7XaYzoVnCK9cA5koRv/gtSQdDh8BiYlJwWx8adqygo +fibinQnIOhZ4HcnlTDshsb5eY+GtkSLmc8735V5rtEt7zrtahFT5I7r2X6dDiPdD +Blvb9/5gIMC3fy0NZigDueBOYF78kpxqMRknt6x86irVdbRXw1fpVux24cfTDc/u +5Eat4YFfM1eKZnuOETumPOoa27jvcYTPMOsUN8+Q8Os6SDkJC8e2obedQoffQC06 +1Xzri3HOHzZrPHLGkwAFNYBynl1/wxGu0vPlmpzJDzc7y0e1FgKqD6YadAQM+APA +ZKasihO3 -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIEATCCA4egAwIBAgIBDjAKBggqhkjOPQQDAjA+MQswCQYDVQQGEwJOTDERMA8G -A1UEChMIUG9sYXJTU0wxHDAaBgNVBAMTE1BvbGFyc3NsIFRlc3QgRUMgQ0EwHhcN -MTMwOTI0MTU1NTE0WhcNMjMwOTIyMTU1NTE0WjBIMQswCQYDVQQGEwJOTDERMA8G -A1UEChMIUG9sYXJTU0wxJjAkBgNVBAMTHVBvbGFyU1NMIFRlc3QgSW50ZXJtZWRp +A1UECgwIUG9sYXJTU0wxHDAaBgNVBAMME1BvbGFyc3NsIFRlc3QgRUMgQ0EwHhcN +MjMwNTE3MDcxMDM3WhcNMzMwNTE3MDcxMDM3WjBIMQswCQYDVQQGEwJOTDERMA8G +A1UECgwIUG9sYXJTU0wxJjAkBgNVBAMMHVBvbGFyU1NMIFRlc3QgSW50ZXJtZWRp YXRlIENBMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAo1Oc8nr6fMTq vowV+CpC55i5BZGFGc50Eb4RLBSRTH1e7JepdFjAVbBtyQRJSiY1ja0tgLQDDKZR wfEI+b4azse460InPHv7C1TN0upXlxuj6m9B1IlP+sBaM7WBC6dVfPO+jVMIxgkF @@ -39,24 +39,22 @@ d6KXbrZteesvA1nYzEOs+3AjrbT79Md2W8Bz9bqBVNlNOESSqm4kiCJFmslm/6br Np0MSQd+o22PQ4xRtmP6UsTfU0ueiMpYc8TYYhMbfnfFyo4m707ebcflPbBEN2dg updQ66cvfCJB0QJt9upafY0lpdV1qUkCAwEAAaOBoDCBnTAdBgNVHQ4EFgQUOHfY a3ecKHeCi07YG6ke95QWtw4wbgYDVR0jBGcwZYAUnW0gJEkBPyvLeLUZvH4kydv7 -NnyhQqRAMD4xCzAJBgNVBAYTAk5MMREwDwYDVQQKEwhQb2xhclNTTDEcMBoGA1UE -AxMTUG9sYXJzc2wgVGVzdCBFQyBDQYIJAMFD4n5iQ8zoMAwGA1UdEwQFMAMBAf8w -CgYIKoZIzj0EAwIDaAAwZQIxAPyE+u+eP7gRrSFjQicmpYg8jiFUCYEowWY2zuOG -i1HXYwmpDHfasQ3rNSuf/gHvjwIwbSSjumDk+uYNci/KMELDsD0MFHxZhhBc9Hp9 -Af5cNR8KhzegznL6amRObGGKmX1F +NnyhQqRAMD4xCzAJBgNVBAYTAk5MMREwDwYDVQQKDAhQb2xhclNTTDEcMBoGA1UE +AwwTUG9sYXJzc2wgVGVzdCBFQyBDQYIJAMFD4n5iQ8zoMAwGA1UdEwQFMAMBAf8w +CgYIKoZIzj0EAwIDaAAwZQIxAOAch+gz4rHfI/pm8MIDssMtJCqzS6xtOvQHJZ9l +fdgWfJV5cSHJpOIWGXeFKKR18wIwODTRnTIioy+bYacNq8TQPjzdVlT9XbYkWIYN +JAuV9fLJJdB5nZUG3l85Dt27VNkT -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- -MIICUjCCAdegAwIBAgIJAMFD4n5iQ8zoMAoGCCqGSM49BAMCMD4xCzAJBgNVBAYT -Ak5MMREwDwYDVQQKEwhQb2xhclNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBF -QyBDQTAeFw0xMzA5MjQxNTQ5NDhaFw0yMzA5MjIxNTQ5NDhaMD4xCzAJBgNVBAYT -Ak5MMREwDwYDVQQKEwhQb2xhclNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBF -QyBDQTB2MBAGByqGSM49AgEGBSuBBAAiA2IABMPaKzRBN1gvh1b+/Im6KUNLTuBu -ww5XUzM5WNRStJGVOQsj318XJGJI/BqVKc4sLYfCiFKAr9ZqqyHduNMcbli4yuiy -aY7zQa0pw7RfdadHb9UZKVVpmlM7ILRmFmAzHqOBoDCBnTAdBgNVHQ4EFgQUnW0g -JEkBPyvLeLUZvH4kydv7NnwwbgYDVR0jBGcwZYAUnW0gJEkBPyvLeLUZvH4kydv7 -NnyhQqRAMD4xCzAJBgNVBAYTAk5MMREwDwYDVQQKEwhQb2xhclNTTDEcMBoGA1UE -AxMTUG9sYXJzc2wgVGVzdCBFQyBDQYIJAMFD4n5iQ8zoMAwGA1UdEwQFMAMBAf8w -CgYIKoZIzj0EAwIDaQAwZgIxAMO0YnNWKJUAfXgSJtJxexn4ipg+kv4znuR50v56 -t4d0PCu412mUC6Nnd7izvtE2MgIxAP1nnJQjZ8BWukszFQDG48wxCCyci9qpdSMv -uCjn8pwUOkABXK8Mss90fzCfCEOtIA== +MIICBzCCAYugAwIBAgIJAMFD4n5iQ8zoMAwGCCqGSM49BAMCBQAwPjELMAkGA1UE +BhMCTkwxETAPBgNVBAoMCFBvbGFyU1NMMRwwGgYDVQQDDBNQb2xhcnNzbCBUZXN0 +IEVDIENBMB4XDTE5MDIxMDE0NDQwMFoXDTI5MDIxMDE0NDQwMFowPjELMAkGA1UE +BhMCTkwxETAPBgNVBAoMCFBvbGFyU1NMMRwwGgYDVQQDDBNQb2xhcnNzbCBUZXN0 +IEVDIENBMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEw9orNEE3WC+HVv78ibopQ0tO +4G7DDldTMzlY1FK0kZU5CyPfXxckYkj8GpUpziwth8KIUoCv1mqrId240xxuWLjK +6LJpjvNBrSnDtF91p0dv1RkpVWmaUzsgtGYWYDMeo1MwUTAPBgNVHRMBAf8EBTAD +AQH/MB0GA1UdDgQWBBSdbSAkSQE/K8t4tRm8fiTJ2/s2fDAfBgNVHSMEGDAWgBSd +bSAkSQE/K8t4tRm8fiTJ2/s2fDAMBggqhkjOPQQDAgUAA2gAMGUCMQDpNWfBIlzq +6xV2UwQD/1YGz9fQUM7AfNKzVa2PVBpf/QD1TAylTYTF4GI6qlb6EPYCMF/YVa29 +N5yC1mFAir19jb9Pl9iiIkRm17dM4y6m5VIMepEPm/VlWAa8H5p1+BPbGw== -----END CERTIFICATE----- diff --git a/tests/data_files/server7_spurious_int-ca.crt b/tests/data_files/server7_spurious_int-ca.crt index 632c4fd13c..fdc1146231 100644 --- a/tests/data_files/server7_spurious_int-ca.crt +++ b/tests/data_files/server7_spurious_int-ca.crt @@ -1,49 +1,49 @@ -----BEGIN CERTIFICATE----- MIIDwjCCAaqgAwIBAgIBEDANBgkqhkiG9w0BAQsFADBIMQswCQYDVQQGEwJOTDER -MA8GA1UEChMIUG9sYXJTU0wxJjAkBgNVBAMTHVBvbGFyU1NMIFRlc3QgSW50ZXJt -ZWRpYXRlIENBMB4XDTEzMDkyNDE2MTIyNFoXDTIzMDkyMjE2MTIyNFowNDELMAkG -A1UEBhMCTkwxETAPBgNVBAoTCFBvbGFyU1NMMRIwEAYDVQQDEwlsb2NhbGhvc3Qw +MA8GA1UECgwIUG9sYXJTU0wxJjAkBgNVBAMMHVBvbGFyU1NMIFRlc3QgSW50ZXJt +ZWRpYXRlIENBMB4XDTIzMDUxNzA3MTAzN1oXDTMzMDUxNzA3MTAzN1owNDELMAkG +A1UEBhMCTkwxETAPBgNVBAoMCFBvbGFyU1NMMRIwEAYDVQQDDAlsb2NhbGhvc3Qw WTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQcbffp2qXqoZyychmoCRxzrd4Vu96m 47NPBehtEC46aTeXgDnBdf++znABrAtfXBRNQz8ARIeYBmskr22rlKjyo4GVMIGS -MAkGA1UdEwQCMAAwHQYDVR0OBBYEFNIK06V3H85VsFxGoo5zbL+hYCa7MGYGA1Ud -IwRfMF2AFDh32Gt3nCh3gotO2BupHveUFrcOoUKkQDA+MQswCQYDVQQGEwJOTDER -MA8GA1UEChMIUG9sYXJTU0wxHDAaBgNVBAMTE1BvbGFyc3NsIFRlc3QgRUMgQ0GC -AQ4wDQYJKoZIhvcNAQELBQADggIBADRoQ5fHKw+vkl0D3aqLX1XrZidb+25AWbhr -FYXdaskN219PrXBL3cV8x5tK6qsPKSyyw1lue80OmhXs/w7PJkOHHUSWRnmTv7lr -8Us3Zr/yOF/VVqzdGs7DlOTpyzEBdugI9uar/aCqHDoltN8wOduOoQB9aojYpROj -+gjlEO0mgt/87XpjYOig1o0jv44QYDQZQzpj1zeIn6WMe6xk9YDwCLMjRIpg++c7 -QyxvcEJTn80wX1SaEBM2gau97G7bORLMwBVkMT4oSY+iKYgpPpawOnMJbqUP73Dm -yfJExDdrW/BbWZ/vKIcSqSZIbkHdkNjUDVHczyVwQxZxzvLFw/B1k9s7jYFsi5eK -TNAdXFa4et1H2sd+uhu24GxsjmJioDrftixcgzPVBjDCjH8QWkBEX292WJ58on0e -deWLpZUnzPdE1B4rsiPw1Vg28mGgr2O1xgBQr/fx6A+8ItNTzAXbZfEcult9ypwM -0b6YDNe5IvdKk8iwz3mof0VNy47K6xoCaE/fxxWkjoXK8x2wfswGeP2QgUzQE93b -OtjdHpsG1c7gIVFQmKATyAPUz4vqmezgNRleXU0oL0PYtoCmKQ51UjNMUfmO9xCj -VJaNa2iTQ5Dgic+CW4TYAgj5/9g9X3WfwnDNxrZ0UxxawGElczHXqbrNleTtPaKp -a8Si6UK5 +MB0GA1UdDgQWBBTSCtOldx/OVbBcRqKOc2y/oWAmuzBmBgNVHSMEXzBdgBQ4d9hr +d5wod4KLTtgbqR73lBa3DqFCpEAwPjELMAkGA1UEBhMCTkwxETAPBgNVBAoMCFBv +bGFyU1NMMRwwGgYDVQQDDBNQb2xhcnNzbCBUZXN0IEVDIENBggEOMAkGA1UdEwQC +MAAwDQYJKoZIhvcNAQELBQADggIBADU9ZyZWfX1T1Pi0PRBeqpm52pehUX2wMsyi +KudSpLeN++eS9p/R0hpNuB8WvZcsFy/qul0djPARKGpYgYTZQvOQ10VcY40jxttm +ETScnnqKH2lMr0asOpM31kKt/ghJS0njUhI9NY6yAI2XhcDzItSpqOhn6YLC3mrW +DIyBCksLKEu8x/KpRbvj3QK1ez3cHItoxCCe9gy8tMEwb8FE15dtDuL7G7iRb4Dh +VyL6qzBRvJP9AcQKT4PTaOMwu8O+hClDvLllJzCkJX4qZmQr3jwO8Emi9dvQ87ZF +cDpLbxqIgtRF8lkxn00UuhuugMgM8ldTd/aRxZrddIgFVNmEdWIWBu5ZTWmBM/FH +aguuZr3mty7Jh4XZJ0RZ4H7XaYzoVnCK9cA5koRv/gtSQdDh8BiYlJwWx8adqygo +fibinQnIOhZ4HcnlTDshsb5eY+GtkSLmc8735V5rtEt7zrtahFT5I7r2X6dDiPdD +Blvb9/5gIMC3fy0NZigDueBOYF78kpxqMRknt6x86irVdbRXw1fpVux24cfTDc/u +5Eat4YFfM1eKZnuOETumPOoa27jvcYTPMOsUN8+Q8Os6SDkJC8e2obedQoffQC06 +1Xzri3HOHzZrPHLGkwAFNYBynl1/wxGu0vPlmpzJDzc7y0e1FgKqD6YadAQM+APA +ZKasihO3 -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIC6TCCAdGgAwIBAgIBDzANBgkqhkiG9w0BAQsFADA7MQswCQYDVQQGEwJOTDER -MA8GA1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwHhcN -MTMwOTI0MTYwODQyWhcNMjMwOTIyMTYwODQyWjBLMQswCQYDVQQGEwJOTDERMA8G -A1UEChMIUG9sYXJTU0wxKTAnBgNVBAMTIFBvbGFyU1NMIFRlc3QgSW50ZXJtZWRp +MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN +MjMwNTE3MDcxMDM3WhcNMzMwNTE3MDcxMDM3WjBLMQswCQYDVQQGEwJOTDERMA8G +A1UECgwIUG9sYXJTU0wxKTAnBgNVBAMMIFBvbGFyU1NMIFRlc3QgSW50ZXJtZWRp YXRlIEVDIENBMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAE8Oih3fX5SLeN1dmFncQl WMw9+Y6sXblhlrXBxhXxjwdwpCHENn+foUVdrqYVYa7Suv3QVeO6nJ19H3QNixW8 ik1P+hxsbaq8bta78vAyHmC4EmXQLg1w7oxb9Q82qX1Yo4GVMIGSMB0GA1UdDgQW BBQPib1jQevLXhco/2gwPcGI0JxYOTBjBgNVHSMEXDBagBS0WuSls97SUva51aaV -D+s+vMf9/6E/pD0wOzELMAkGA1UEBhMCTkwxETAPBgNVBAoTCFBvbGFyU1NMMRkw -FwYDVQQDExBQb2xhclNTTCBUZXN0IENBggEAMAwGA1UdEwQFMAMBAf8wDQYJKoZI -hvcNAQELBQADggEBAAjeaTUaCBiXT1CYLVr6UFSeRNZBrDPnj6PwqUQTvgB5I5n6 -yXqoE4RYDaEL0Lg24juFxI26itBuypto6vscgGq77cfrP/avSdxU+xeZ4bCWvh3M -ddj9lmko2U8I8GhBcHpSuIiTvgKDB8eKkjeq3AsLGchHDvip8pB3IhcNfL7W94Zf -7/lH9VQiE3/px7amD32cidoPvWLA9U3f1FsPmJESUz0wwNfINpDjmPr8dGbkCN+M -CFhxo6sCfK8KLYG4nYX8FwxVR86kpSrO9e84AX0YYbdzxprbc2XOaebJ8+BDmzut -ARkD7DTXrodN1wV7jQJkrUuEwPj9Rhvk+MFRkaw= +D+s+vMf9/6E/pD0wOzELMAkGA1UEBhMCTkwxETAPBgNVBAoMCFBvbGFyU1NMMRkw +FwYDVQQDDBBQb2xhclNTTCBUZXN0IENBggEDMAwGA1UdEwQFMAMBAf8wDQYJKoZI +hvcNAQELBQADggEBABN3b1ltNlBQ9PhwJhxBWENlMNdy1vyKBGH3EdZ7w4uHJJOm +w8JS5p/B5+9fDIIOThDr80hLq4QOQVJhxAT1/Zsb2OzsTxc1BaCNbBv2Y+FyFcpL +I8EjMF+gnSgbs46kGKce1EJNrZrkvpCngtNj7qqg9qnPXd1en0z349xHJPmYuWEb +9sHdVlwnebPm1n9u1NzpktAChb28UFnBYTWraZCtMBMozuMhz6mo66XOEyH06Ypa +QPOlBmbgW/e+fuXow41QUqP2tvVL6MsmSZFWk8hr45rNRzeTok1M5bW91sZ78We5 +95m3T6IE+qpj2/RILncwy7vWBlFzbuiIA3eSJa8= -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIEATCCA4egAwIBAgIBDjAKBggqhkjOPQQDAjA+MQswCQYDVQQGEwJOTDERMA8G -A1UEChMIUG9sYXJTU0wxHDAaBgNVBAMTE1BvbGFyc3NsIFRlc3QgRUMgQ0EwHhcN -MTMwOTI0MTU1NTE0WhcNMjMwOTIyMTU1NTE0WjBIMQswCQYDVQQGEwJOTDERMA8G -A1UEChMIUG9sYXJTU0wxJjAkBgNVBAMTHVBvbGFyU1NMIFRlc3QgSW50ZXJtZWRp +A1UECgwIUG9sYXJTU0wxHDAaBgNVBAMME1BvbGFyc3NsIFRlc3QgRUMgQ0EwHhcN +MjMwNTE3MDcxMDM3WhcNMzMwNTE3MDcxMDM3WjBIMQswCQYDVQQGEwJOTDERMA8G +A1UECgwIUG9sYXJTU0wxJjAkBgNVBAMMHVBvbGFyU1NMIFRlc3QgSW50ZXJtZWRp YXRlIENBMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAo1Oc8nr6fMTq vowV+CpC55i5BZGFGc50Eb4RLBSRTH1e7JepdFjAVbBtyQRJSiY1ja0tgLQDDKZR wfEI+b4azse460InPHv7C1TN0upXlxuj6m9B1IlP+sBaM7WBC6dVfPO+jVMIxgkF @@ -57,9 +57,9 @@ d6KXbrZteesvA1nYzEOs+3AjrbT79Md2W8Bz9bqBVNlNOESSqm4kiCJFmslm/6br Np0MSQd+o22PQ4xRtmP6UsTfU0ueiMpYc8TYYhMbfnfFyo4m707ebcflPbBEN2dg updQ66cvfCJB0QJt9upafY0lpdV1qUkCAwEAAaOBoDCBnTAdBgNVHQ4EFgQUOHfY a3ecKHeCi07YG6ke95QWtw4wbgYDVR0jBGcwZYAUnW0gJEkBPyvLeLUZvH4kydv7 -NnyhQqRAMD4xCzAJBgNVBAYTAk5MMREwDwYDVQQKEwhQb2xhclNTTDEcMBoGA1UE -AxMTUG9sYXJzc2wgVGVzdCBFQyBDQYIJAMFD4n5iQ8zoMAwGA1UdEwQFMAMBAf8w -CgYIKoZIzj0EAwIDaAAwZQIxAPyE+u+eP7gRrSFjQicmpYg8jiFUCYEowWY2zuOG -i1HXYwmpDHfasQ3rNSuf/gHvjwIwbSSjumDk+uYNci/KMELDsD0MFHxZhhBc9Hp9 -Af5cNR8KhzegznL6amRObGGKmX1F +NnyhQqRAMD4xCzAJBgNVBAYTAk5MMREwDwYDVQQKDAhQb2xhclNTTDEcMBoGA1UE +AwwTUG9sYXJzc2wgVGVzdCBFQyBDQYIJAMFD4n5iQ8zoMAwGA1UdEwQFMAMBAf8w +CgYIKoZIzj0EAwIDaAAwZQIxAOAch+gz4rHfI/pm8MIDssMtJCqzS6xtOvQHJZ9l +fdgWfJV5cSHJpOIWGXeFKKR18wIwODTRnTIioy+bYacNq8TQPjzdVlT9XbYkWIYN +JAuV9fLJJdB5nZUG3l85Dt27VNkT -----END CERTIFICATE----- From 1fa43077fb8a4ef2fdfe6794ccabc2604b0bc068 Mon Sep 17 00:00:00 2001 From: Pengyu Lv Date: Thu, 25 May 2023 10:44:30 +0800 Subject: [PATCH 265/328] Update server8*.crt Signed-off-by: Pengyu Lv --- tests/data_files/server8.crt | 31 ++++++++-------- tests/data_files/server8_int-ca2.crt | 53 ++++++++++++++-------------- 2 files changed, 41 insertions(+), 43 deletions(-) diff --git a/tests/data_files/server8.crt b/tests/data_files/server8.crt index b435b2deb5..515b17b3c1 100644 --- a/tests/data_files/server8.crt +++ b/tests/data_files/server8.crt @@ -1,18 +1,17 @@ -----BEGIN CERTIFICATE----- -MIIC6zCCAnKgAwIBAgIBETAKBggqhkjOPQQDAjBLMQswCQYDVQQGEwJOTDERMA8G -A1UEChMIUG9sYXJTU0wxKTAnBgNVBAMTIFBvbGFyU1NMIFRlc3QgSW50ZXJtZWRp -YXRlIEVDIENBMB4XDTEzMDkyNDE2MTI1NloXDTIzMDkyMjE2MTI1NlowNDELMAkG -A1UEBhMCTkwxETAPBgNVBAoTCFBvbGFyU1NMMRIwEAYDVQQDEwlsb2NhbGhvc3Qw -ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDbHH8uC82/ztF1EKCiuM59 -quIF4HrYRGOPtb3AsBm5N7gZSg7xXXSAZ0aHBt5bfwYDvcGNXgcV1Fv03OXPPfnB -ESyuarmKvR1nZhfqTr3bFZqCh+TweMOjhYew/Z+pmV/jM+zM6gu1YV7xSX4/oy3q -AQzMQpp2m8TQN9OxFwFhARZZfhwXw1P90XLLTGAV2n3i6q1Q747ii9Rqd1XWcNlr -u/HuOQQ4o73i0eBma+KcR5npKOa2/C7KZ0OE6NWD1p2YawE+gdw8esr585z31igb -J3h8w9DVY6eBNImtJWq98urt+lf85TTGwQ9xLdIIEButREHg/nmgY5OKsV3psO5v -AgMBAAGjgZIwgY8wCQYDVR0TBAIwADAdBgNVHQ4EFgQU4j/mLfTnuKaM3G0XpxhA -J2F2Dx0wYwYDVR0jBFwwWoAUD4m9Y0Hry14XKP9oMD3BiNCcWDmhP6Q9MDsxCzAJ -BgNVBAYTAk5MMREwDwYDVQQKEwhQb2xhclNTTDEZMBcGA1UEAxMQUG9sYXJTU0wg -VGVzdCBDQYIBDzAKBggqhkjOPQQDAgNnADBkAjBkP1bGlZvxnYySZjdBq4m8lkyz -2cjfqjYs8COEkRkONaVz7888HvFdGpL98uQeFvECMHCyCrHprkGzvq/L9kUnx9Bh -2IHbCzbbi9moYC1XcOxgfsEKmhtVF/uQdf8+3VtGqA== +MIICqTCCAi6gAwIBAgIBETAMBggqhkjOPQQDAgUAMEsxCzAJBgNVBAYTAk5MMREw +DwYDVQQKDAhQb2xhclNTTDEpMCcGA1UEAwwgUG9sYXJTU0wgVGVzdCBJbnRlcm1l +ZGlhdGUgRUMgQ0EwHhcNMTkwMjEwMTQ0NDA2WhcNMjkwMjEwMTQ0NDA2WjA0MQsw +CQYDVQQGEwJOTDERMA8GA1UECgwIUG9sYXJTU0wxEjAQBgNVBAMMCWxvY2FsaG9z +dDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANscfy4Lzb/O0XUQoKK4 +zn2q4gXgethEY4+1vcCwGbk3uBlKDvFddIBnRocG3lt/BgO9wY1eBxXUW/Tc5c89 ++cERLK5quYq9HWdmF+pOvdsVmoKH5PB4w6OFh7D9n6mZX+Mz7MzqC7VhXvFJfj+j +LeoBDMxCmnabxNA307EXAWEBFll+HBfDU/3RcstMYBXafeLqrVDvjuKL1Gp3VdZw +2Wu78e45BDijveLR4GZr4pxHmeko5rb8LspnQ4To1YPWnZhrAT6B3Dx6yvnznPfW +KBsneHzD0NVjp4E0ia0lar3y6u36V/zlNMbBD3Et0ggQG61EQeD+eaBjk4qxXemw +7m8CAwEAAaNNMEswCQYDVR0TBAIwADAdBgNVHQ4EFgQU4j/mLfTnuKaM3G0XpxhA +J2F2Dx0wHwYDVR0jBBgwFoAUD4m9Y0Hry14XKP9oMD3BiNCcWDkwDAYIKoZIzj0E +AwIFAANnADBkAjA3KJ1/SvOZnpmtqturkt+0DhQIXGMRDPnPksCuy/wqGHR8DsWS +dEa7PQEgrbA60HoCMCpH2fYtcAfhg5gGg+QxmVsUIt/9Gd9syQlnX7wNCfweUeSS +MxG1isOdUiQTajM1TQ== -----END CERTIFICATE----- diff --git a/tests/data_files/server8_int-ca2.crt b/tests/data_files/server8_int-ca2.crt index 7a8da717d4..e99727d369 100644 --- a/tests/data_files/server8_int-ca2.crt +++ b/tests/data_files/server8_int-ca2.crt @@ -1,36 +1,35 @@ -----BEGIN CERTIFICATE----- -MIIC6zCCAnKgAwIBAgIBETAKBggqhkjOPQQDAjBLMQswCQYDVQQGEwJOTDERMA8G -A1UEChMIUG9sYXJTU0wxKTAnBgNVBAMTIFBvbGFyU1NMIFRlc3QgSW50ZXJtZWRp -YXRlIEVDIENBMB4XDTEzMDkyNDE2MTI1NloXDTIzMDkyMjE2MTI1NlowNDELMAkG -A1UEBhMCTkwxETAPBgNVBAoTCFBvbGFyU1NMMRIwEAYDVQQDEwlsb2NhbGhvc3Qw -ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDbHH8uC82/ztF1EKCiuM59 -quIF4HrYRGOPtb3AsBm5N7gZSg7xXXSAZ0aHBt5bfwYDvcGNXgcV1Fv03OXPPfnB -ESyuarmKvR1nZhfqTr3bFZqCh+TweMOjhYew/Z+pmV/jM+zM6gu1YV7xSX4/oy3q -AQzMQpp2m8TQN9OxFwFhARZZfhwXw1P90XLLTGAV2n3i6q1Q747ii9Rqd1XWcNlr -u/HuOQQ4o73i0eBma+KcR5npKOa2/C7KZ0OE6NWD1p2YawE+gdw8esr585z31igb -J3h8w9DVY6eBNImtJWq98urt+lf85TTGwQ9xLdIIEButREHg/nmgY5OKsV3psO5v -AgMBAAGjgZIwgY8wCQYDVR0TBAIwADAdBgNVHQ4EFgQU4j/mLfTnuKaM3G0XpxhA -J2F2Dx0wYwYDVR0jBFwwWoAUD4m9Y0Hry14XKP9oMD3BiNCcWDmhP6Q9MDsxCzAJ -BgNVBAYTAk5MMREwDwYDVQQKEwhQb2xhclNTTDEZMBcGA1UEAxMQUG9sYXJTU0wg -VGVzdCBDQYIBDzAKBggqhkjOPQQDAgNnADBkAjBkP1bGlZvxnYySZjdBq4m8lkyz -2cjfqjYs8COEkRkONaVz7888HvFdGpL98uQeFvECMHCyCrHprkGzvq/L9kUnx9Bh -2IHbCzbbi9moYC1XcOxgfsEKmhtVF/uQdf8+3VtGqA== +MIICqTCCAi6gAwIBAgIBETAMBggqhkjOPQQDAgUAMEsxCzAJBgNVBAYTAk5MMREw +DwYDVQQKDAhQb2xhclNTTDEpMCcGA1UEAwwgUG9sYXJTU0wgVGVzdCBJbnRlcm1l +ZGlhdGUgRUMgQ0EwHhcNMTkwMjEwMTQ0NDA2WhcNMjkwMjEwMTQ0NDA2WjA0MQsw +CQYDVQQGEwJOTDERMA8GA1UECgwIUG9sYXJTU0wxEjAQBgNVBAMMCWxvY2FsaG9z +dDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANscfy4Lzb/O0XUQoKK4 +zn2q4gXgethEY4+1vcCwGbk3uBlKDvFddIBnRocG3lt/BgO9wY1eBxXUW/Tc5c89 ++cERLK5quYq9HWdmF+pOvdsVmoKH5PB4w6OFh7D9n6mZX+Mz7MzqC7VhXvFJfj+j +LeoBDMxCmnabxNA307EXAWEBFll+HBfDU/3RcstMYBXafeLqrVDvjuKL1Gp3VdZw +2Wu78e45BDijveLR4GZr4pxHmeko5rb8LspnQ4To1YPWnZhrAT6B3Dx6yvnznPfW +KBsneHzD0NVjp4E0ia0lar3y6u36V/zlNMbBD3Et0ggQG61EQeD+eaBjk4qxXemw +7m8CAwEAAaNNMEswCQYDVR0TBAIwADAdBgNVHQ4EFgQU4j/mLfTnuKaM3G0XpxhA +J2F2Dx0wHwYDVR0jBBgwFoAUD4m9Y0Hry14XKP9oMD3BiNCcWDkwDAYIKoZIzj0E +AwIFAANnADBkAjA3KJ1/SvOZnpmtqturkt+0DhQIXGMRDPnPksCuy/wqGHR8DsWS +dEa7PQEgrbA60HoCMCpH2fYtcAfhg5gGg+QxmVsUIt/9Gd9syQlnX7wNCfweUeSS +MxG1isOdUiQTajM1TQ== -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIC6TCCAdGgAwIBAgIBDzANBgkqhkiG9w0BAQsFADA7MQswCQYDVQQGEwJOTDER -MA8GA1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwHhcN -MTMwOTI0MTYwODQyWhcNMjMwOTIyMTYwODQyWjBLMQswCQYDVQQGEwJOTDERMA8G -A1UEChMIUG9sYXJTU0wxKTAnBgNVBAMTIFBvbGFyU1NMIFRlc3QgSW50ZXJtZWRp +MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN +MjMwNTE3MDkyNzAyWhcNMzMwNTE3MDkyNzAyWjBLMQswCQYDVQQGEwJOTDERMA8G +A1UECgwIUG9sYXJTU0wxKTAnBgNVBAMMIFBvbGFyU1NMIFRlc3QgSW50ZXJtZWRp YXRlIEVDIENBMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAE8Oih3fX5SLeN1dmFncQl WMw9+Y6sXblhlrXBxhXxjwdwpCHENn+foUVdrqYVYa7Suv3QVeO6nJ19H3QNixW8 ik1P+hxsbaq8bta78vAyHmC4EmXQLg1w7oxb9Q82qX1Yo4GVMIGSMB0GA1UdDgQW BBQPib1jQevLXhco/2gwPcGI0JxYOTBjBgNVHSMEXDBagBS0WuSls97SUva51aaV -D+s+vMf9/6E/pD0wOzELMAkGA1UEBhMCTkwxETAPBgNVBAoTCFBvbGFyU1NMMRkw -FwYDVQQDExBQb2xhclNTTCBUZXN0IENBggEAMAwGA1UdEwQFMAMBAf8wDQYJKoZI -hvcNAQELBQADggEBAAjeaTUaCBiXT1CYLVr6UFSeRNZBrDPnj6PwqUQTvgB5I5n6 -yXqoE4RYDaEL0Lg24juFxI26itBuypto6vscgGq77cfrP/avSdxU+xeZ4bCWvh3M -ddj9lmko2U8I8GhBcHpSuIiTvgKDB8eKkjeq3AsLGchHDvip8pB3IhcNfL7W94Zf -7/lH9VQiE3/px7amD32cidoPvWLA9U3f1FsPmJESUz0wwNfINpDjmPr8dGbkCN+M -CFhxo6sCfK8KLYG4nYX8FwxVR86kpSrO9e84AX0YYbdzxprbc2XOaebJ8+BDmzut -ARkD7DTXrodN1wV7jQJkrUuEwPj9Rhvk+MFRkaw= +D+s+vMf9/6E/pD0wOzELMAkGA1UEBhMCTkwxETAPBgNVBAoMCFBvbGFyU1NMMRkw +FwYDVQQDDBBQb2xhclNTTCBUZXN0IENBggEDMAwGA1UdEwQFMAMBAf8wDQYJKoZI +hvcNAQELBQADggEBAHTN0URrP2MpwD8vODymjjq7iaB7WFZ4CWUjx9LWu3PPZbX2 +12MxzkyFaVR7rnPKZSFHJJEmNaPDJWwYhGQRXLCoD6NiJy6De4fa5gSYoXthRGFf +GnFXZu3e37GDKoKP87TZ+VXcyx6PHvPxJB3/9N94Vj2Yh3hCs7F72GmwfDww6ooj +whIqhxBYOhPleANs70FZ7Y7tjZV1RtQ1/9sRcbyv9OvdPuWvukBVq1KM6nqVHBZ3 +/4kHBWaFaWMq/AAxMxaTGFAOA8S2yU56jkB65viQrpQQWffBJWK+WfrcgxRWqR33 +hqG3yT1IWbJ5E11XL9TCKD+DReqeXHyYawx8fBU= -----END CERTIFICATE----- From 89d71e241a7f70f0b3b768f607a1932d712811a7 Mon Sep 17 00:00:00 2001 From: Pengyu Lv Date: Thu, 25 May 2023 11:04:53 +0800 Subject: [PATCH 266/328] Update server10*.crt Signed-off-by: Pengyu Lv --- tests/data_files/server10-badsign.crt | 16 +- tests/data_files/server10-bs_int3.pem | 32 ++-- tests/data_files/server10.crt | 16 +- tests/data_files/server10_int3-bs.pem | 32 ++-- tests/data_files/server10_int3_int-ca2.crt | 54 +++---- tests/data_files/server10_int3_int-ca2_ca.crt | 138 +++++------------- .../server10_int3_spurious_int-ca2.crt | 70 ++++----- 7 files changed, 149 insertions(+), 209 deletions(-) diff --git a/tests/data_files/server10-badsign.crt b/tests/data_files/server10-badsign.crt index eca171f351..d4ac4b1708 100644 --- a/tests/data_files/server10-badsign.crt +++ b/tests/data_files/server10-badsign.crt @@ -1,10 +1,10 @@ -----BEGIN CERTIFICATE----- -MIIBWjCCAQCgAwIBAgIBSzAKBggqhkjOPQQDAjBKMQswCQYDVQQGEwJVSzERMA8G -A1UEChMIbWJlZCBUTFMxKDAmBgNVBAMTH21iZWQgVExTIFRlc3QgaW50ZXJtZWRp -YXRlIENBIDMwHhcNMTUwOTAxMTM0NzU1WhcNMjUwODI5MTM0NzU1WjAUMRIwEAYD -VQQDEwlsb2NhbGhvc3QwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQcbffp2qXq -oZyychmoCRxzrd4Vu96m47NPBehtEC46aTeXgDnBdf++znABrAtfXBRNQz8ARIeY -Bmskr22rlKjyow0wCzAJBgNVHRMEAjAAMAoGCCqGSM49BAMCA0gAMEUCIQDLc+Io -rg8VxEbCgVv8iH+kOIEn9MjhpvKzvwUoV+6rjQIgZU/RXAyc1a+H2+soGfNEIOBQ -AzO3pJx7WJAApZuBX10= +MIIBXTCCAQKgAwIBAgIBSzAMBggqhkjOPQQDAgUAMEoxCzAJBgNVBAYTAlVLMREw +DwYDVQQKDAhtYmVkIFRMUzEoMCYGA1UEAwwfbWJlZCBUTFMgVGVzdCBpbnRlcm1l +ZGlhdGUgQ0EgMzAeFw0xOTAyMTAxNDQ0MDZaFw0yOTAyMTAxNDQ0MDZaMBQxEjAQ +BgNVBAMMCWxvY2FsaG9zdDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABBxt9+na +peqhnLJyGagJHHOt3hW73qbjs08F6G0QLjppN5eAOcF1/77OcAGsC19cFE1DPwBE +h5gGaySvbauUqPKjDTALMAkGA1UdEwQCMAAwDAYIKoZIzj0EAwIFAANHADBEAiBw +JW8c5xNiHIn83+Fx74JiW0IyRKe9TRN3w+MmfcFKwwIgWyjAp/xKOBaQ2ifRqXH6 +3mQUjQNFzHPFpWqjHCp0vS0= -----END CERTIFICATE----- diff --git a/tests/data_files/server10-bs_int3.pem b/tests/data_files/server10-bs_int3.pem index b84cee7c32..d824c43f35 100644 --- a/tests/data_files/server10-bs_int3.pem +++ b/tests/data_files/server10-bs_int3.pem @@ -1,22 +1,22 @@ -----BEGIN CERTIFICATE----- -MIIBWjCCAQCgAwIBAgIBSzAKBggqhkjOPQQDAjBKMQswCQYDVQQGEwJVSzERMA8G -A1UEChMIbWJlZCBUTFMxKDAmBgNVBAMTH21iZWQgVExTIFRlc3QgaW50ZXJtZWRp -YXRlIENBIDMwHhcNMTUwOTAxMTM0NzU1WhcNMjUwODI5MTM0NzU1WjAUMRIwEAYD -VQQDEwlsb2NhbGhvc3QwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQcbffp2qXq -oZyychmoCRxzrd4Vu96m47NPBehtEC46aTeXgDnBdf++znABrAtfXBRNQz8ARIeY -Bmskr22rlKjyow0wCzAJBgNVHRMEAjAAMAoGCCqGSM49BAMCA0gAMEUCIQDLc+Io -rg8VxEbCgVv8iH+kOIEn9MjhpvKzvwUoV+6rjQIgZU/RXAyc1a+H2+soGfNEIOBQ -AzO3pJx7WJAApZuBX10= +MIIBXTCCAQKgAwIBAgIBSzAMBggqhkjOPQQDAgUAMEoxCzAJBgNVBAYTAlVLMREw +DwYDVQQKDAhtYmVkIFRMUzEoMCYGA1UEAwwfbWJlZCBUTFMgVGVzdCBpbnRlcm1l +ZGlhdGUgQ0EgMzAeFw0xOTAyMTAxNDQ0MDZaFw0yOTAyMTAxNDQ0MDZaMBQxEjAQ +BgNVBAMMCWxvY2FsaG9zdDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABBxt9+na +peqhnLJyGagJHHOt3hW73qbjs08F6G0QLjppN5eAOcF1/77OcAGsC19cFE1DPwBE +h5gGaySvbauUqPKjDTALMAkGA1UdEwQCMAAwDAYIKoZIzj0EAwIFAANHADBEAiBw +JW8c5xNiHIn83+Fx74JiW0IyRKe9TRN3w+MmfcFKwwIgWyjAp/xKOBaQ2ifRqXH6 +3mQUjQNFzHPFpWqjHCp0vS0= -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- -MIIBtDCCATqgAwIBAgIBTTAKBggqhkjOPQQDAjBLMQswCQYDVQQGEwJOTDERMA8G -A1UEChMIUG9sYXJTU0wxKTAnBgNVBAMTIFBvbGFyU1NMIFRlc3QgSW50ZXJtZWRp -YXRlIEVDIENBMB4XDTE1MDkwMTE0MDg0M1oXDTI1MDgyOTE0MDg0M1owSjELMAkG -A1UEBhMCVUsxETAPBgNVBAoTCG1iZWQgVExTMSgwJgYDVQQDEx9tYmVkIFRMUyBU +MIIBszCCATqgAwIBAgIBTTAKBggqhkjOPQQDAjBLMQswCQYDVQQGEwJOTDERMA8G +A1UECgwIUG9sYXJTU0wxKTAnBgNVBAMMIFBvbGFyU1NMIFRlc3QgSW50ZXJtZWRp +YXRlIEVDIENBMB4XDTIzMDUxNzA3MTAzN1oXDTMzMDUxNzA3MTAzN1owSjELMAkG +A1UEBhMCVUsxETAPBgNVBAoMCG1iZWQgVExTMSgwJgYDVQQDDB9tYmVkIFRMUyBU ZXN0IGludGVybWVkaWF0ZSBDQSAzMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE 732fWHLNPMPsP1U1ibXvb55erlEVMlpXBGsj+KYwVqU1XCmW9Z9hhP7X/5js/DX9 -2J/utoHyjUtVpQOzdTrbsaMQMA4wDAYDVR0TBAUwAwEB/zAKBggqhkjOPQQDAgNo -ADBlAjAJRxbGRas3NBmk9MnGWXg7PT1xnRELHRWWIvfLdVQt06l1/xFg3ZuPdQdt -Qh7CK80CMQD7wa1o1a8qyDKBfLN636uKmKGga0E+vYXBeFCy9oARBangGCB0B2vt -pz590JvGWfM= +2J/utoHyjUtVpQOzdTrbsaMQMA4wDAYDVR0TBAUwAwEB/zAKBggqhkjOPQQDAgNn +ADBkAjAZx8k0q+DtT/LJd1FjPcG/peoQDfMBL2jS/6PwxW+3+ZPMpHZn0r+JpCaF ++V/sM9kCMGqcxQwx/bsMaK0y9zqshC7/S5hVlA+WRVyMfEGJmXnfbdwh6CByKIwv +1GRe86dg1A== -----END CERTIFICATE----- diff --git a/tests/data_files/server10.crt b/tests/data_files/server10.crt index 96a4040cef..52b5ea0cec 100644 --- a/tests/data_files/server10.crt +++ b/tests/data_files/server10.crt @@ -1,10 +1,10 @@ -----BEGIN CERTIFICATE----- -MIIBWjCCAQCgAwIBAgIBSzAKBggqhkjOPQQDAjBKMQswCQYDVQQGEwJVSzERMA8G -A1UEChMIbWJlZCBUTFMxKDAmBgNVBAMTH21iZWQgVExTIFRlc3QgaW50ZXJtZWRp -YXRlIENBIDMwHhcNMTUwOTAxMTM0NzU1WhcNMjUwODI5MTM0NzU1WjAUMRIwEAYD -VQQDEwlsb2NhbGhvc3QwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQcbffp2qXq -oZyychmoCRxzrd4Vu96m47NPBehtEC46aTeXgDnBdf++znABrAtfXBRNQz8ARIeY -Bmskr22rlKjyow0wCzAJBgNVHRMEAjAAMAoGCCqGSM49BAMCA0gAMEUCIQDLc+Io -rg8VxEbCgVv8iH+kOIEn9MjhpvKzvwUoV+6rjQIgZU/RXAyc1a+H2+soGfNEIOBQ -AzO3pJx7WJAApZuBX1Q= +MIIBXTCCAQKgAwIBAgIBSzAMBggqhkjOPQQDAgUAMEoxCzAJBgNVBAYTAlVLMREw +DwYDVQQKDAhtYmVkIFRMUzEoMCYGA1UEAwwfbWJlZCBUTFMgVGVzdCBpbnRlcm1l +ZGlhdGUgQ0EgMzAeFw0xOTAyMTAxNDQ0MDZaFw0yOTAyMTAxNDQ0MDZaMBQxEjAQ +BgNVBAMMCWxvY2FsaG9zdDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABBxt9+na +peqhnLJyGagJHHOt3hW73qbjs08F6G0QLjppN5eAOcF1/77OcAGsC19cFE1DPwBE +h5gGaySvbauUqPKjDTALMAkGA1UdEwQCMAAwDAYIKoZIzj0EAwIFAANHADBEAiBw +JW8c5xNiHIn83+Fx74JiW0IyRKe9TRN3w+MmfcFKwwIgWyjAp/xKOBaQ2ifRqXH6 +3mQUjQNFzHPFpWqjHCp0vS4= -----END CERTIFICATE----- diff --git a/tests/data_files/server10_int3-bs.pem b/tests/data_files/server10_int3-bs.pem index a9e06150bd..9a82b1730d 100644 --- a/tests/data_files/server10_int3-bs.pem +++ b/tests/data_files/server10_int3-bs.pem @@ -1,22 +1,22 @@ -----BEGIN CERTIFICATE----- -MIIBWjCCAQCgAwIBAgIBSzAKBggqhkjOPQQDAjBKMQswCQYDVQQGEwJVSzERMA8G -A1UEChMIbWJlZCBUTFMxKDAmBgNVBAMTH21iZWQgVExTIFRlc3QgaW50ZXJtZWRp -YXRlIENBIDMwHhcNMTUwOTAxMTM0NzU1WhcNMjUwODI5MTM0NzU1WjAUMRIwEAYD -VQQDEwlsb2NhbGhvc3QwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQcbffp2qXq -oZyychmoCRxzrd4Vu96m47NPBehtEC46aTeXgDnBdf++znABrAtfXBRNQz8ARIeY -Bmskr22rlKjyow0wCzAJBgNVHRMEAjAAMAoGCCqGSM49BAMCA0gAMEUCIQDLc+Io -rg8VxEbCgVv8iH+kOIEn9MjhpvKzvwUoV+6rjQIgZU/RXAyc1a+H2+soGfNEIOBQ -AzO3pJx7WJAApZuBX1Q= +MIIBXTCCAQKgAwIBAgIBSzAMBggqhkjOPQQDAgUAMEoxCzAJBgNVBAYTAlVLMREw +DwYDVQQKDAhtYmVkIFRMUzEoMCYGA1UEAwwfbWJlZCBUTFMgVGVzdCBpbnRlcm1l +ZGlhdGUgQ0EgMzAeFw0xOTAyMTAxNDQ0MDZaFw0yOTAyMTAxNDQ0MDZaMBQxEjAQ +BgNVBAMMCWxvY2FsaG9zdDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABBxt9+na +peqhnLJyGagJHHOt3hW73qbjs08F6G0QLjppN5eAOcF1/77OcAGsC19cFE1DPwBE +h5gGaySvbauUqPKjDTALMAkGA1UdEwQCMAAwDAYIKoZIzj0EAwIFAANHADBEAiBw +JW8c5xNiHIn83+Fx74JiW0IyRKe9TRN3w+MmfcFKwwIgWyjAp/xKOBaQ2ifRqXH6 +3mQUjQNFzHPFpWqjHCp0vS4= -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- -MIIBtDCCATqgAwIBAgIBTTAKBggqhkjOPQQDAjBLMQswCQYDVQQGEwJOTDERMA8G -A1UEChMIUG9sYXJTU0wxKTAnBgNVBAMTIFBvbGFyU1NMIFRlc3QgSW50ZXJtZWRp -YXRlIEVDIENBMB4XDTE1MDkwMTE0MDg0M1oXDTI1MDgyOTE0MDg0M1owSjELMAkG -A1UEBhMCVUsxETAPBgNVBAoTCG1iZWQgVExTMSgwJgYDVQQDEx9tYmVkIFRMUyBU +MIIBszCCATqgAwIBAgIBTTAKBggqhkjOPQQDAjBLMQswCQYDVQQGEwJOTDERMA8G +A1UECgwIUG9sYXJTU0wxKTAnBgNVBAMMIFBvbGFyU1NMIFRlc3QgSW50ZXJtZWRp +YXRlIEVDIENBMB4XDTIzMDUxNzA3MTAzN1oXDTMzMDUxNzA3MTAzN1owSjELMAkG +A1UEBhMCVUsxETAPBgNVBAoMCG1iZWQgVExTMSgwJgYDVQQDDB9tYmVkIFRMUyBU ZXN0IGludGVybWVkaWF0ZSBDQSAzMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE 732fWHLNPMPsP1U1ibXvb55erlEVMlpXBGsj+KYwVqU1XCmW9Z9hhP7X/5js/DX9 -2J/utoHyjUtVpQOzdTrbsaMQMA4wDAYDVR0TBAUwAwEB/zAKBggqhkjOPQQDAgNo -ADBlAjAJRxbGRas3NBmk9MnGWXg7PT1xnRELHRWWIvfLdVQt06l1/xFg3ZuPdQdt -Qh7CK80CMQD7wa1o1a8qyDKBfLN636uKmKGga0E+vYXBeFCy9oARBangGCB0B2vt -pz590JvGWf0= +2J/utoHyjUtVpQOzdTrbsaMQMA4wDAYDVR0TBAUwAwEB/zAKBggqhkjOPQQDAgNn +ADBkAjAZx8k0q+DtT/LJd1FjPcG/peoQDfMBL2jS/6PwxW+3+ZPMpHZn0r+JpCaF ++V/sM9kCMGqcxQwx/bsMaK0y9zqshC7/S5hVlA+WRVyMfEGJmXnfbdwh6CByKIwv +1GRe86dg10== -----END CERTIFICATE----- diff --git a/tests/data_files/server10_int3_int-ca2.crt b/tests/data_files/server10_int3_int-ca2.crt index 0df2c653bb..b5852927c2 100644 --- a/tests/data_files/server10_int3_int-ca2.crt +++ b/tests/data_files/server10_int3_int-ca2.crt @@ -1,40 +1,40 @@ -----BEGIN CERTIFICATE----- -MIIBWjCCAQCgAwIBAgIBSzAKBggqhkjOPQQDAjBKMQswCQYDVQQGEwJVSzERMA8G -A1UEChMIbWJlZCBUTFMxKDAmBgNVBAMTH21iZWQgVExTIFRlc3QgaW50ZXJtZWRp -YXRlIENBIDMwHhcNMTUwOTAxMTM0NzU1WhcNMjUwODI5MTM0NzU1WjAUMRIwEAYD -VQQDEwlsb2NhbGhvc3QwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQcbffp2qXq -oZyychmoCRxzrd4Vu96m47NPBehtEC46aTeXgDnBdf++znABrAtfXBRNQz8ARIeY -Bmskr22rlKjyow0wCzAJBgNVHRMEAjAAMAoGCCqGSM49BAMCA0gAMEUCIQDLc+Io -rg8VxEbCgVv8iH+kOIEn9MjhpvKzvwUoV+6rjQIgZU/RXAyc1a+H2+soGfNEIOBQ -AzO3pJx7WJAApZuBX1Q= +MIIBXTCCAQKgAwIBAgIBSzAMBggqhkjOPQQDAgUAMEoxCzAJBgNVBAYTAlVLMREw +DwYDVQQKDAhtYmVkIFRMUzEoMCYGA1UEAwwfbWJlZCBUTFMgVGVzdCBpbnRlcm1l +ZGlhdGUgQ0EgMzAeFw0xOTAyMTAxNDQ0MDZaFw0yOTAyMTAxNDQ0MDZaMBQxEjAQ +BgNVBAMMCWxvY2FsaG9zdDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABBxt9+na +peqhnLJyGagJHHOt3hW73qbjs08F6G0QLjppN5eAOcF1/77OcAGsC19cFE1DPwBE +h5gGaySvbauUqPKjDTALMAkGA1UdEwQCMAAwDAYIKoZIzj0EAwIFAANHADBEAiBw +JW8c5xNiHIn83+Fx74JiW0IyRKe9TRN3w+MmfcFKwwIgWyjAp/xKOBaQ2ifRqXH6 +3mQUjQNFzHPFpWqjHCp0vS4= -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- -MIIBtDCCATqgAwIBAgIBTTAKBggqhkjOPQQDAjBLMQswCQYDVQQGEwJOTDERMA8G -A1UEChMIUG9sYXJTU0wxKTAnBgNVBAMTIFBvbGFyU1NMIFRlc3QgSW50ZXJtZWRp -YXRlIEVDIENBMB4XDTE1MDkwMTE0MDg0M1oXDTI1MDgyOTE0MDg0M1owSjELMAkG -A1UEBhMCVUsxETAPBgNVBAoTCG1iZWQgVExTMSgwJgYDVQQDEx9tYmVkIFRMUyBU +MIIBszCCATqgAwIBAgIBTTAKBggqhkjOPQQDAjBLMQswCQYDVQQGEwJOTDERMA8G +A1UECgwIUG9sYXJTU0wxKTAnBgNVBAMMIFBvbGFyU1NMIFRlc3QgSW50ZXJtZWRp +YXRlIEVDIENBMB4XDTIzMDUxNzA3MTAzN1oXDTMzMDUxNzA3MTAzN1owSjELMAkG +A1UEBhMCVUsxETAPBgNVBAoMCG1iZWQgVExTMSgwJgYDVQQDDB9tYmVkIFRMUyBU ZXN0IGludGVybWVkaWF0ZSBDQSAzMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE 732fWHLNPMPsP1U1ibXvb55erlEVMlpXBGsj+KYwVqU1XCmW9Z9hhP7X/5js/DX9 -2J/utoHyjUtVpQOzdTrbsaMQMA4wDAYDVR0TBAUwAwEB/zAKBggqhkjOPQQDAgNo -ADBlAjAJRxbGRas3NBmk9MnGWXg7PT1xnRELHRWWIvfLdVQt06l1/xFg3ZuPdQdt -Qh7CK80CMQD7wa1o1a8qyDKBfLN636uKmKGga0E+vYXBeFCy9oARBangGCB0B2vt -pz590JvGWfM= +2J/utoHyjUtVpQOzdTrbsaMQMA4wDAYDVR0TBAUwAwEB/zAKBggqhkjOPQQDAgNn +ADBkAjAZx8k0q+DtT/LJd1FjPcG/peoQDfMBL2jS/6PwxW+3+ZPMpHZn0r+JpCaF ++V/sM9kCMGqcxQwx/bsMaK0y9zqshC7/S5hVlA+WRVyMfEGJmXnfbdwh6CByKIwv +1GRe86dg1A== -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIC6TCCAdGgAwIBAgIBDzANBgkqhkiG9w0BAQsFADA7MQswCQYDVQQGEwJOTDER -MA8GA1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwHhcN -MTMwOTI0MTYwODQyWhcNMjMwOTIyMTYwODQyWjBLMQswCQYDVQQGEwJOTDERMA8G -A1UEChMIUG9sYXJTU0wxKTAnBgNVBAMTIFBvbGFyU1NMIFRlc3QgSW50ZXJtZWRp +MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN +MjMwNTE3MDkyNzAyWhcNMzMwNTE3MDkyNzAyWjBLMQswCQYDVQQGEwJOTDERMA8G +A1UECgwIUG9sYXJTU0wxKTAnBgNVBAMMIFBvbGFyU1NMIFRlc3QgSW50ZXJtZWRp YXRlIEVDIENBMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAE8Oih3fX5SLeN1dmFncQl WMw9+Y6sXblhlrXBxhXxjwdwpCHENn+foUVdrqYVYa7Suv3QVeO6nJ19H3QNixW8 ik1P+hxsbaq8bta78vAyHmC4EmXQLg1w7oxb9Q82qX1Yo4GVMIGSMB0GA1UdDgQW BBQPib1jQevLXhco/2gwPcGI0JxYOTBjBgNVHSMEXDBagBS0WuSls97SUva51aaV -D+s+vMf9/6E/pD0wOzELMAkGA1UEBhMCTkwxETAPBgNVBAoTCFBvbGFyU1NMMRkw -FwYDVQQDExBQb2xhclNTTCBUZXN0IENBggEAMAwGA1UdEwQFMAMBAf8wDQYJKoZI -hvcNAQELBQADggEBAAjeaTUaCBiXT1CYLVr6UFSeRNZBrDPnj6PwqUQTvgB5I5n6 -yXqoE4RYDaEL0Lg24juFxI26itBuypto6vscgGq77cfrP/avSdxU+xeZ4bCWvh3M -ddj9lmko2U8I8GhBcHpSuIiTvgKDB8eKkjeq3AsLGchHDvip8pB3IhcNfL7W94Zf -7/lH9VQiE3/px7amD32cidoPvWLA9U3f1FsPmJESUz0wwNfINpDjmPr8dGbkCN+M -CFhxo6sCfK8KLYG4nYX8FwxVR86kpSrO9e84AX0YYbdzxprbc2XOaebJ8+BDmzut -ARkD7DTXrodN1wV7jQJkrUuEwPj9Rhvk+MFRkaw= +D+s+vMf9/6E/pD0wOzELMAkGA1UEBhMCTkwxETAPBgNVBAoMCFBvbGFyU1NMMRkw +FwYDVQQDDBBQb2xhclNTTCBUZXN0IENBggEDMAwGA1UdEwQFMAMBAf8wDQYJKoZI +hvcNAQELBQADggEBAHTN0URrP2MpwD8vODymjjq7iaB7WFZ4CWUjx9LWu3PPZbX2 +12MxzkyFaVR7rnPKZSFHJJEmNaPDJWwYhGQRXLCoD6NiJy6De4fa5gSYoXthRGFf +GnFXZu3e37GDKoKP87TZ+VXcyx6PHvPxJB3/9N94Vj2Yh3hCs7F72GmwfDww6ooj +whIqhxBYOhPleANs70FZ7Y7tjZV1RtQ1/9sRcbyv9OvdPuWvukBVq1KM6nqVHBZ3 +/4kHBWaFaWMq/AAxMxaTGFAOA8S2yU56jkB65viQrpQQWffBJWK+WfrcgxRWqR33 +hqG3yT1IWbJ5E11XL9TCKD+DReqeXHyYawx8fBU= -----END CERTIFICATE----- diff --git a/tests/data_files/server10_int3_int-ca2_ca.crt b/tests/data_files/server10_int3_int-ca2_ca.crt index c25482b8b5..3601a20023 100644 --- a/tests/data_files/server10_int3_int-ca2_ca.crt +++ b/tests/data_files/server10_int3_int-ca2_ca.crt @@ -1,120 +1,60 @@ -----BEGIN CERTIFICATE----- -MIIBWjCCAQCgAwIBAgIBSzAKBggqhkjOPQQDAjBKMQswCQYDVQQGEwJVSzERMA8G -A1UEChMIbWJlZCBUTFMxKDAmBgNVBAMTH21iZWQgVExTIFRlc3QgaW50ZXJtZWRp -YXRlIENBIDMwHhcNMTUwOTAxMTM0NzU1WhcNMjUwODI5MTM0NzU1WjAUMRIwEAYD -VQQDEwlsb2NhbGhvc3QwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQcbffp2qXq -oZyychmoCRxzrd4Vu96m47NPBehtEC46aTeXgDnBdf++znABrAtfXBRNQz8ARIeY -Bmskr22rlKjyow0wCzAJBgNVHRMEAjAAMAoGCCqGSM49BAMCA0gAMEUCIQDLc+Io -rg8VxEbCgVv8iH+kOIEn9MjhpvKzvwUoV+6rjQIgZU/RXAyc1a+H2+soGfNEIOBQ -AzO3pJx7WJAApZuBX1Q= +MIIBXTCCAQKgAwIBAgIBSzAMBggqhkjOPQQDAgUAMEoxCzAJBgNVBAYTAlVLMREw +DwYDVQQKDAhtYmVkIFRMUzEoMCYGA1UEAwwfbWJlZCBUTFMgVGVzdCBpbnRlcm1l +ZGlhdGUgQ0EgMzAeFw0xOTAyMTAxNDQ0MDZaFw0yOTAyMTAxNDQ0MDZaMBQxEjAQ +BgNVBAMMCWxvY2FsaG9zdDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABBxt9+na +peqhnLJyGagJHHOt3hW73qbjs08F6G0QLjppN5eAOcF1/77OcAGsC19cFE1DPwBE +h5gGaySvbauUqPKjDTALMAkGA1UdEwQCMAAwDAYIKoZIzj0EAwIFAANHADBEAiBw +JW8c5xNiHIn83+Fx74JiW0IyRKe9TRN3w+MmfcFKwwIgWyjAp/xKOBaQ2ifRqXH6 +3mQUjQNFzHPFpWqjHCp0vS4= -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- -MIIBtDCCATqgAwIBAgIBTTAKBggqhkjOPQQDAjBLMQswCQYDVQQGEwJOTDERMA8G -A1UEChMIUG9sYXJTU0wxKTAnBgNVBAMTIFBvbGFyU1NMIFRlc3QgSW50ZXJtZWRp -YXRlIEVDIENBMB4XDTE1MDkwMTE0MDg0M1oXDTI1MDgyOTE0MDg0M1owSjELMAkG -A1UEBhMCVUsxETAPBgNVBAoTCG1iZWQgVExTMSgwJgYDVQQDEx9tYmVkIFRMUyBU +MIIBszCCATqgAwIBAgIBTTAKBggqhkjOPQQDAjBLMQswCQYDVQQGEwJOTDERMA8G +A1UECgwIUG9sYXJTU0wxKTAnBgNVBAMMIFBvbGFyU1NMIFRlc3QgSW50ZXJtZWRp +YXRlIEVDIENBMB4XDTIzMDUxNzA3MTAzN1oXDTMzMDUxNzA3MTAzN1owSjELMAkG +A1UEBhMCVUsxETAPBgNVBAoMCG1iZWQgVExTMSgwJgYDVQQDDB9tYmVkIFRMUyBU ZXN0IGludGVybWVkaWF0ZSBDQSAzMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE 732fWHLNPMPsP1U1ibXvb55erlEVMlpXBGsj+KYwVqU1XCmW9Z9hhP7X/5js/DX9 -2J/utoHyjUtVpQOzdTrbsaMQMA4wDAYDVR0TBAUwAwEB/zAKBggqhkjOPQQDAgNo -ADBlAjAJRxbGRas3NBmk9MnGWXg7PT1xnRELHRWWIvfLdVQt06l1/xFg3ZuPdQdt -Qh7CK80CMQD7wa1o1a8qyDKBfLN636uKmKGga0E+vYXBeFCy9oARBangGCB0B2vt -pz590JvGWfM= +2J/utoHyjUtVpQOzdTrbsaMQMA4wDAYDVR0TBAUwAwEB/zAKBggqhkjOPQQDAgNn +ADBkAjAZx8k0q+DtT/LJd1FjPcG/peoQDfMBL2jS/6PwxW+3+ZPMpHZn0r+JpCaF ++V/sM9kCMGqcxQwx/bsMaK0y9zqshC7/S5hVlA+WRVyMfEGJmXnfbdwh6CByKIwv +1GRe86dg1A== -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIC6TCCAdGgAwIBAgIBDzANBgkqhkiG9w0BAQsFADA7MQswCQYDVQQGEwJOTDER -MA8GA1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwHhcN -MTMwOTI0MTYwODQyWhcNMjMwOTIyMTYwODQyWjBLMQswCQYDVQQGEwJOTDERMA8G -A1UEChMIUG9sYXJTU0wxKTAnBgNVBAMTIFBvbGFyU1NMIFRlc3QgSW50ZXJtZWRp +MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN +MjMwNTE3MDkyNzAyWhcNMzMwNTE3MDkyNzAyWjBLMQswCQYDVQQGEwJOTDERMA8G +A1UECgwIUG9sYXJTU0wxKTAnBgNVBAMMIFBvbGFyU1NMIFRlc3QgSW50ZXJtZWRp YXRlIEVDIENBMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAE8Oih3fX5SLeN1dmFncQl WMw9+Y6sXblhlrXBxhXxjwdwpCHENn+foUVdrqYVYa7Suv3QVeO6nJ19H3QNixW8 ik1P+hxsbaq8bta78vAyHmC4EmXQLg1w7oxb9Q82qX1Yo4GVMIGSMB0GA1UdDgQW BBQPib1jQevLXhco/2gwPcGI0JxYOTBjBgNVHSMEXDBagBS0WuSls97SUva51aaV -D+s+vMf9/6E/pD0wOzELMAkGA1UEBhMCTkwxETAPBgNVBAoTCFBvbGFyU1NMMRkw -FwYDVQQDExBQb2xhclNTTCBUZXN0IENBggEAMAwGA1UdEwQFMAMBAf8wDQYJKoZI -hvcNAQELBQADggEBAAjeaTUaCBiXT1CYLVr6UFSeRNZBrDPnj6PwqUQTvgB5I5n6 -yXqoE4RYDaEL0Lg24juFxI26itBuypto6vscgGq77cfrP/avSdxU+xeZ4bCWvh3M -ddj9lmko2U8I8GhBcHpSuIiTvgKDB8eKkjeq3AsLGchHDvip8pB3IhcNfL7W94Zf -7/lH9VQiE3/px7amD32cidoPvWLA9U3f1FsPmJESUz0wwNfINpDjmPr8dGbkCN+M -CFhxo6sCfK8KLYG4nYX8FwxVR86kpSrO9e84AX0YYbdzxprbc2XOaebJ8+BDmzut -ARkD7DTXrodN1wV7jQJkrUuEwPj9Rhvk+MFRkaw= +D+s+vMf9/6E/pD0wOzELMAkGA1UEBhMCTkwxETAPBgNVBAoMCFBvbGFyU1NMMRkw +FwYDVQQDDBBQb2xhclNTTCBUZXN0IENBggEDMAwGA1UdEwQFMAMBAf8wDQYJKoZI +hvcNAQELBQADggEBAHTN0URrP2MpwD8vODymjjq7iaB7WFZ4CWUjx9LWu3PPZbX2 +12MxzkyFaVR7rnPKZSFHJJEmNaPDJWwYhGQRXLCoD6NiJy6De4fa5gSYoXthRGFf +GnFXZu3e37GDKoKP87TZ+VXcyx6PHvPxJB3/9N94Vj2Yh3hCs7F72GmwfDww6ooj +whIqhxBYOhPleANs70FZ7Y7tjZV1RtQ1/9sRcbyv9OvdPuWvukBVq1KM6nqVHBZ3 +/4kHBWaFaWMq/AAxMxaTGFAOA8S2yU56jkB65viQrpQQWffBJWK+WfrcgxRWqR33 +hqG3yT1IWbJ5E11XL9TCKD+DReqeXHyYawx8fBU= -----END CERTIFICATE----- -Certificate: - Data: - Version: 3 (0x2) - Serial Number: 0 (0x0) - Signature Algorithm: sha1WithRSAEncryption - Issuer: C=NL, O=PolarSSL, CN=PolarSSL Test CA - Validity - Not Before: Feb 12 14:44:00 2011 GMT - Not After : Feb 12 14:44:00 2021 GMT - Subject: C=NL, O=PolarSSL, CN=PolarSSL Test CA - Subject Public Key Info: - Public Key Algorithm: rsaEncryption - RSA Public Key: (2048 bit) - Modulus (2048 bit): - 00:c0:df:37:fc:17:bb:e0:96:9d:3f:86:de:96:32: - 7d:44:a5:16:a0:cd:21:f1:99:d4:ec:ea:cb:7c:18: - 58:08:94:a5:ec:9b:c5:8b:df:1a:1e:99:38:99:87: - 1e:7b:c0:8d:39:df:38:5d:70:78:07:d3:9e:d9:93: - e8:b9:72:51:c5:ce:a3:30:52:a9:f2:e7:40:70:14: - cb:44:a2:72:0b:c2:e5:40:f9:3e:e5:a6:0e:b3:f9: - ec:4a:63:c0:b8:29:00:74:9c:57:3b:a8:a5:04:90: - 71:f1:bd:83:d9:3f:d6:a5:e2:3c:2a:8f:ef:27:60: - c3:c6:9f:cb:ba:ec:60:7d:b7:e6:84:32:be:4f:fb: - 58:26:22:03:5b:d4:b4:d5:fb:f5:e3:96:2e:70:c0: - e4:2e:bd:fc:2e:ee:e2:41:55:c0:34:2e:7d:24:72: - 69:cb:47:b1:14:40:83:7d:67:f4:86:f6:31:ab:f1: - 79:a4:b2:b5:2e:12:f9:84:17:f0:62:6f:27:3e:13: - 58:b1:54:0d:21:9a:73:37:a1:30:cf:6f:92:dc:f6: - e9:fc:ac:db:2e:28:d1:7e:02:4b:23:a0:15:f2:38: - 65:64:09:ea:0c:6e:8e:1b:17:a0:71:c8:b3:9b:c9: - ab:e9:c3:f2:cf:87:96:8f:80:02:32:9e:99:58:6f: - a2:d5 - Exponent: 65537 (0x10001) - X509v3 extensions: - X509v3 Basic Constraints: - CA:TRUE - X509v3 Subject Key Identifier: - B4:5A:E4:A5:B3:DE:D2:52:F6:B9:D5:A6:95:0F:EB:3E:BC:C7:FD:FF - X509v3 Authority Key Identifier: - keyid:B4:5A:E4:A5:B3:DE:D2:52:F6:B9:D5:A6:95:0F:EB:3E:BC:C7:FD:FF - DirName:/C=NL/O=PolarSSL/CN=PolarSSL Test CA - serial:00 - - Signature Algorithm: sha1WithRSAEncryption - b8:fd:54:d8:00:54:90:8b:25:b0:27:dd:95:cd:a2:f7:84:07: - 1d:87:89:4a:c4:78:11:d8:07:b5:d7:22:50:8e:48:eb:62:7a: - 32:89:be:63:47:53:ff:b6:be:f1:2e:8c:54:c0:99:3f:a0:b9: - 37:23:72:5f:0d:46:59:8f:d8:47:cd:97:4c:9f:07:0c:12:62: - 09:3a:24:e4:36:d9:e9:2c:da:38:d0:73:75:61:d7:c1:6c:26: - 8b:9b:e0:d5:dc:67:ed:8c:6b:33:d7:74:22:3c:4c:db:b5:8d: - 2a:ce:2c:0d:08:59:05:09:05:a6:39:9f:b3:67:1b:e2:83:e5: - e1:8f:53:f6:67:93:c7:f9:6f:76:44:58:12:e8:3a:d4:97:e7: - e9:c0:3e:a8:7a:72:3d:87:53:1f:e5:2c:84:84:e7:9a:9e:7f: - 66:d9:1f:9b:f5:13:48:b0:4d:14:d1:de:b2:24:d9:78:7d:f5: - 35:cc:58:19:d1:d2:99:ef:4d:73:f8:1f:89:d4:5a:d0:52:ce: - 09:f5:b1:46:51:6a:00:8e:3b:cc:6f:63:01:00:99:ed:9d:a6: - 08:60:cd:32:18:d0:73:e0:58:71:d9:e5:d2:53:d7:8d:d0:ca: - e9:5d:2a:0a:0d:5d:55:ec:21:50:17:16:e6:06:4a:cd:5e:de: - f7:e0:e9:54 -----BEGIN CERTIFICATE----- -MIIDhzCCAm+gAwIBAgIBADANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER -MA8GA1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwHhcN -MTEwMjEyMTQ0NDAwWhcNMjEwMjEyMTQ0NDAwWjA7MQswCQYDVQQGEwJOTDERMA8G -A1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwggEiMA0G +MIIDRDCCAiygAwIBAgIBAzANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER +MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN +MTkwMjEwMTQ0NDAwWhcNMjkwMjEwMTQ0NDAwWjA7MQswCQYDVQQGEwJOTDERMA8G +A1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwggEiMA0G CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDA3zf8F7vglp0/ht6WMn1EpRagzSHx mdTs6st8GFgIlKXsm8WL3xoemTiZhx57wI053zhdcHgH057Zk+i5clHFzqMwUqny 50BwFMtEonILwuVA+T7lpg6z+exKY8C4KQB0nFc7qKUEkHHxvYPZP9al4jwqj+8n YMPGn8u67GB9t+aEMr5P+1gmIgNb1LTV+/Xjli5wwOQuvfwu7uJBVcA0Ln0kcmnL R7EUQIN9Z/SG9jGr8XmksrUuEvmEF/Bibyc+E1ixVA0hmnM3oTDPb5Lc9un8rNsu KNF+AksjoBXyOGVkCeoMbo4bF6BxyLObyavpw/LPh5aPgAIynplYb6LVAgMBAAGj -gZUwgZIwDAYDVR0TBAUwAwEB/zAdBgNVHQ4EFgQUtFrkpbPe0lL2udWmlQ/rPrzH -/f8wYwYDVR0jBFwwWoAUtFrkpbPe0lL2udWmlQ/rPrzH/f+hP6Q9MDsxCzAJBgNV -BAYTAk5MMREwDwYDVQQKEwhQb2xhclNTTDEZMBcGA1UEAxMQUG9sYXJTU0wgVGVz -dCBDQYIBADANBgkqhkiG9w0BAQUFAAOCAQEAuP1U2ABUkIslsCfdlc2i94QHHYeJ -SsR4EdgHtdciUI5I62J6Mom+Y0dT/7a+8S6MVMCZP6C5NyNyXw1GWY/YR82XTJ8H -DBJiCTok5DbZ6SzaONBzdWHXwWwmi5vg1dxn7YxrM9d0IjxM27WNKs4sDQhZBQkF -pjmfs2cb4oPl4Y9T9meTx/lvdkRYEug61Jfn6cA+qHpyPYdTH+UshITnmp5/Ztkf -m/UTSLBNFNHesiTZeH31NcxYGdHSme9Nc/gfidRa0FLOCfWxRlFqAI47zG9jAQCZ -7Z2mCGDNMhjQc+BYcdnl0lPXjdDK6V0qCg1dVewhUBcW5gZKzV7e9+DpVA== +UzBRMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFLRa5KWz3tJS9rnVppUP6z68 +x/3/MB8GA1UdIwQYMBaAFLRa5KWz3tJS9rnVppUP6z68x/3/MA0GCSqGSIb3DQEB +BQUAA4IBAQCz557ZZmWv5UTTHebzTyVzku5ldpcicJPqKHP3xZ4tPPY52JQyJg/T +hsRB44yTyNo3/jo9or2KgVnc+/nCmnlvTq22a/j26DtKZ7wD9MWxunpkqRwExtA/ +G816msrl6X6m50WwdLXTvaVJGXCYp8TPVLx5YY3WPIVoX0CPN7Hs9iNJNiEWo4Qf +7dAqjWBB/QpusmWhjaDSc4+cFhT24Yo9HuS1yrkUTrBtJaj0AykTsiyFm6SBVDNH +9XIxCgYy9QrYbDKNtJXhuevpN0yUMV/aUnIkU2wTTouhOzZisjNk0sS1guqmSHzf +hlf8qotOhNvFXpEsCGwZUywayo7c4DtO -----END CERTIFICATE----- diff --git a/tests/data_files/server10_int3_spurious_int-ca2.crt b/tests/data_files/server10_int3_spurious_int-ca2.crt index c9d6715f44..87cc476b18 100644 --- a/tests/data_files/server10_int3_spurious_int-ca2.crt +++ b/tests/data_files/server10_int3_spurious_int-ca2.crt @@ -1,30 +1,30 @@ -----BEGIN CERTIFICATE----- -MIIBWjCCAQCgAwIBAgIBSzAKBggqhkjOPQQDAjBKMQswCQYDVQQGEwJVSzERMA8G -A1UEChMIbWJlZCBUTFMxKDAmBgNVBAMTH21iZWQgVExTIFRlc3QgaW50ZXJtZWRp -YXRlIENBIDMwHhcNMTUwOTAxMTM0NzU1WhcNMjUwODI5MTM0NzU1WjAUMRIwEAYD -VQQDEwlsb2NhbGhvc3QwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQcbffp2qXq -oZyychmoCRxzrd4Vu96m47NPBehtEC46aTeXgDnBdf++znABrAtfXBRNQz8ARIeY -Bmskr22rlKjyow0wCzAJBgNVHRMEAjAAMAoGCCqGSM49BAMCA0gAMEUCIQDLc+Io -rg8VxEbCgVv8iH+kOIEn9MjhpvKzvwUoV+6rjQIgZU/RXAyc1a+H2+soGfNEIOBQ -AzO3pJx7WJAApZuBX1Q= +MIIBXTCCAQKgAwIBAgIBSzAMBggqhkjOPQQDAgUAMEoxCzAJBgNVBAYTAlVLMREw +DwYDVQQKDAhtYmVkIFRMUzEoMCYGA1UEAwwfbWJlZCBUTFMgVGVzdCBpbnRlcm1l +ZGlhdGUgQ0EgMzAeFw0xOTAyMTAxNDQ0MDZaFw0yOTAyMTAxNDQ0MDZaMBQxEjAQ +BgNVBAMMCWxvY2FsaG9zdDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABBxt9+na +peqhnLJyGagJHHOt3hW73qbjs08F6G0QLjppN5eAOcF1/77OcAGsC19cFE1DPwBE +h5gGaySvbauUqPKjDTALMAkGA1UdEwQCMAAwDAYIKoZIzj0EAwIFAANHADBEAiBw +JW8c5xNiHIn83+Fx74JiW0IyRKe9TRN3w+MmfcFKwwIgWyjAp/xKOBaQ2ifRqXH6 +3mQUjQNFzHPFpWqjHCp0vS4= -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- -MIIBtDCCATqgAwIBAgIBTTAKBggqhkjOPQQDAjBLMQswCQYDVQQGEwJOTDERMA8G -A1UEChMIUG9sYXJTU0wxKTAnBgNVBAMTIFBvbGFyU1NMIFRlc3QgSW50ZXJtZWRp -YXRlIEVDIENBMB4XDTE1MDkwMTE0MDg0M1oXDTI1MDgyOTE0MDg0M1owSjELMAkG -A1UEBhMCVUsxETAPBgNVBAoTCG1iZWQgVExTMSgwJgYDVQQDEx9tYmVkIFRMUyBU +MIIBszCCATqgAwIBAgIBTTAKBggqhkjOPQQDAjBLMQswCQYDVQQGEwJOTDERMA8G +A1UECgwIUG9sYXJTU0wxKTAnBgNVBAMMIFBvbGFyU1NMIFRlc3QgSW50ZXJtZWRp +YXRlIEVDIENBMB4XDTIzMDUxNzA3MTAzN1oXDTMzMDUxNzA3MTAzN1owSjELMAkG +A1UEBhMCVUsxETAPBgNVBAoMCG1iZWQgVExTMSgwJgYDVQQDDB9tYmVkIFRMUyBU ZXN0IGludGVybWVkaWF0ZSBDQSAzMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE 732fWHLNPMPsP1U1ibXvb55erlEVMlpXBGsj+KYwVqU1XCmW9Z9hhP7X/5js/DX9 -2J/utoHyjUtVpQOzdTrbsaMQMA4wDAYDVR0TBAUwAwEB/zAKBggqhkjOPQQDAgNo -ADBlAjAJRxbGRas3NBmk9MnGWXg7PT1xnRELHRWWIvfLdVQt06l1/xFg3ZuPdQdt -Qh7CK80CMQD7wa1o1a8qyDKBfLN636uKmKGga0E+vYXBeFCy9oARBangGCB0B2vt -pz590JvGWfM= +2J/utoHyjUtVpQOzdTrbsaMQMA4wDAYDVR0TBAUwAwEB/zAKBggqhkjOPQQDAgNn +ADBkAjAZx8k0q+DtT/LJd1FjPcG/peoQDfMBL2jS/6PwxW+3+ZPMpHZn0r+JpCaF ++V/sM9kCMGqcxQwx/bsMaK0y9zqshC7/S5hVlA+WRVyMfEGJmXnfbdwh6CByKIwv +1GRe86dg1A== -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIEATCCA4egAwIBAgIBDjAKBggqhkjOPQQDAjA+MQswCQYDVQQGEwJOTDERMA8G -A1UEChMIUG9sYXJTU0wxHDAaBgNVBAMTE1BvbGFyc3NsIFRlc3QgRUMgQ0EwHhcN -MTMwOTI0MTU1NTE0WhcNMjMwOTIyMTU1NTE0WjBIMQswCQYDVQQGEwJOTDERMA8G -A1UEChMIUG9sYXJTU0wxJjAkBgNVBAMTHVBvbGFyU1NMIFRlc3QgSW50ZXJtZWRp +A1UECgwIUG9sYXJTU0wxHDAaBgNVBAMME1BvbGFyc3NsIFRlc3QgRUMgQ0EwHhcN +MjMwNTE3MDcxMDM3WhcNMzMwNTE3MDcxMDM3WjBIMQswCQYDVQQGEwJOTDERMA8G +A1UECgwIUG9sYXJTU0wxJjAkBgNVBAMMHVBvbGFyU1NMIFRlc3QgSW50ZXJtZWRp YXRlIENBMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAo1Oc8nr6fMTq vowV+CpC55i5BZGFGc50Eb4RLBSRTH1e7JepdFjAVbBtyQRJSiY1ja0tgLQDDKZR wfEI+b4azse460InPHv7C1TN0upXlxuj6m9B1IlP+sBaM7WBC6dVfPO+jVMIxgkF @@ -38,27 +38,27 @@ d6KXbrZteesvA1nYzEOs+3AjrbT79Md2W8Bz9bqBVNlNOESSqm4kiCJFmslm/6br Np0MSQd+o22PQ4xRtmP6UsTfU0ueiMpYc8TYYhMbfnfFyo4m707ebcflPbBEN2dg updQ66cvfCJB0QJt9upafY0lpdV1qUkCAwEAAaOBoDCBnTAdBgNVHQ4EFgQUOHfY a3ecKHeCi07YG6ke95QWtw4wbgYDVR0jBGcwZYAUnW0gJEkBPyvLeLUZvH4kydv7 -NnyhQqRAMD4xCzAJBgNVBAYTAk5MMREwDwYDVQQKEwhQb2xhclNTTDEcMBoGA1UE -AxMTUG9sYXJzc2wgVGVzdCBFQyBDQYIJAMFD4n5iQ8zoMAwGA1UdEwQFMAMBAf8w -CgYIKoZIzj0EAwIDaAAwZQIxAPyE+u+eP7gRrSFjQicmpYg8jiFUCYEowWY2zuOG -i1HXYwmpDHfasQ3rNSuf/gHvjwIwbSSjumDk+uYNci/KMELDsD0MFHxZhhBc9Hp9 -Af5cNR8KhzegznL6amRObGGKmX1F +NnyhQqRAMD4xCzAJBgNVBAYTAk5MMREwDwYDVQQKDAhQb2xhclNTTDEcMBoGA1UE +AwwTUG9sYXJzc2wgVGVzdCBFQyBDQYIJAMFD4n5iQ8zoMAwGA1UdEwQFMAMBAf8w +CgYIKoZIzj0EAwIDaAAwZQIxAOAch+gz4rHfI/pm8MIDssMtJCqzS6xtOvQHJZ9l +fdgWfJV5cSHJpOIWGXeFKKR18wIwODTRnTIioy+bYacNq8TQPjzdVlT9XbYkWIYN +JAuV9fLJJdB5nZUG3l85Dt27VNkT -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIC6TCCAdGgAwIBAgIBDzANBgkqhkiG9w0BAQsFADA7MQswCQYDVQQGEwJOTDER -MA8GA1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwHhcN -MTMwOTI0MTYwODQyWhcNMjMwOTIyMTYwODQyWjBLMQswCQYDVQQGEwJOTDERMA8G -A1UEChMIUG9sYXJTU0wxKTAnBgNVBAMTIFBvbGFyU1NMIFRlc3QgSW50ZXJtZWRp +MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN +MjMwNTE3MDkyNzAyWhcNMzMwNTE3MDkyNzAyWjBLMQswCQYDVQQGEwJOTDERMA8G +A1UECgwIUG9sYXJTU0wxKTAnBgNVBAMMIFBvbGFyU1NMIFRlc3QgSW50ZXJtZWRp YXRlIEVDIENBMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAE8Oih3fX5SLeN1dmFncQl WMw9+Y6sXblhlrXBxhXxjwdwpCHENn+foUVdrqYVYa7Suv3QVeO6nJ19H3QNixW8 ik1P+hxsbaq8bta78vAyHmC4EmXQLg1w7oxb9Q82qX1Yo4GVMIGSMB0GA1UdDgQW BBQPib1jQevLXhco/2gwPcGI0JxYOTBjBgNVHSMEXDBagBS0WuSls97SUva51aaV -D+s+vMf9/6E/pD0wOzELMAkGA1UEBhMCTkwxETAPBgNVBAoTCFBvbGFyU1NMMRkw -FwYDVQQDExBQb2xhclNTTCBUZXN0IENBggEAMAwGA1UdEwQFMAMBAf8wDQYJKoZI -hvcNAQELBQADggEBAAjeaTUaCBiXT1CYLVr6UFSeRNZBrDPnj6PwqUQTvgB5I5n6 -yXqoE4RYDaEL0Lg24juFxI26itBuypto6vscgGq77cfrP/avSdxU+xeZ4bCWvh3M -ddj9lmko2U8I8GhBcHpSuIiTvgKDB8eKkjeq3AsLGchHDvip8pB3IhcNfL7W94Zf -7/lH9VQiE3/px7amD32cidoPvWLA9U3f1FsPmJESUz0wwNfINpDjmPr8dGbkCN+M -CFhxo6sCfK8KLYG4nYX8FwxVR86kpSrO9e84AX0YYbdzxprbc2XOaebJ8+BDmzut -ARkD7DTXrodN1wV7jQJkrUuEwPj9Rhvk+MFRkaw= +D+s+vMf9/6E/pD0wOzELMAkGA1UEBhMCTkwxETAPBgNVBAoMCFBvbGFyU1NMMRkw +FwYDVQQDDBBQb2xhclNTTCBUZXN0IENBggEDMAwGA1UdEwQFMAMBAf8wDQYJKoZI +hvcNAQELBQADggEBAHTN0URrP2MpwD8vODymjjq7iaB7WFZ4CWUjx9LWu3PPZbX2 +12MxzkyFaVR7rnPKZSFHJJEmNaPDJWwYhGQRXLCoD6NiJy6De4fa5gSYoXthRGFf +GnFXZu3e37GDKoKP87TZ+VXcyx6PHvPxJB3/9N94Vj2Yh3hCs7F72GmwfDww6ooj +whIqhxBYOhPleANs70FZ7Y7tjZV1RtQ1/9sRcbyv9OvdPuWvukBVq1KM6nqVHBZ3 +/4kHBWaFaWMq/AAxMxaTGFAOA8S2yU56jkB65viQrpQQWffBJWK+WfrcgxRWqR33 +hqG3yT1IWbJ5E11XL9TCKD+DReqeXHyYawx8fBU= -----END CERTIFICATE----- From f4b568cc98a2769ba64518202e00d751a8e09d49 Mon Sep 17 00:00:00 2001 From: Pengyu Lv Date: Thu, 25 May 2023 12:26:11 +0800 Subject: [PATCH 267/328] Add rules to generate crl_cat* Signed-off-by: Jerry Yu Signed-off-by: Pengyu Lv --- tests/data_files/Makefile | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/tests/data_files/Makefile b/tests/data_files/Makefile index 936ef13d06..7b5150ec3e 100644 --- a/tests/data_files/Makefile +++ b/tests/data_files/Makefile @@ -528,6 +528,19 @@ rsa_pkcs8_2048_public.der: rsa_pkcs8_2048_public.pem $(OPENSSL) rsa -pubin -in $< -outform DER -pubout -out $@ all_final += rsa_pkcs8_2048_public.der +# Generate crl_cat_*.pem +# - crt_cat_*.pem: (1+2) concatenations in various orders: +# ec = crl-ec-sha256.pem, ecfut = crl-future.pem +# rsa = crl.pem, rsabadpem = same with pem error, rsaexp = crl_expired.pem + +crl_cat_ec-rsa.pem:crl-ec-sha256.pem crl.pem + cat $^ > $@ + +crl_cat_rsa-ec.pem:crl.pem crl-ec-sha256.pem + cat $^ > $@ + +all_final += crl_cat_ec-rsa.pem crl_cat_rsa-ec.pem + ################################################################ #### Generate various RSA keys ################################################################ From 1ced2cce9b6ddfc4022896163bd1c1010765f2fc Mon Sep 17 00:00:00 2001 From: Pengyu Lv Date: Thu, 25 May 2023 12:20:21 +0800 Subject: [PATCH 268/328] Update crl-ec-sha*.pem, crl.pem, crl_cat_*.pem This commit updates the files manually, the rules of generating these files will be upload in other PR. Signed-off-by: Pengyu Lv --- tests/data_files/crl-ec-sha1.pem | 14 ++++++------- tests/data_files/crl-ec-sha256.pem | 14 ++++++------- tests/data_files/crl.pem | 16 +++++++-------- tests/data_files/crl_cat_ec-rsa.pem | 32 ++++++++++++++--------------- tests/data_files/crl_cat_rsa-ec.pem | 32 ++++++++++++++--------------- 5 files changed, 54 insertions(+), 54 deletions(-) diff --git a/tests/data_files/crl-ec-sha1.pem b/tests/data_files/crl-ec-sha1.pem index 8358640a0d..f82d94674d 100644 --- a/tests/data_files/crl-ec-sha1.pem +++ b/tests/data_files/crl-ec-sha1.pem @@ -1,10 +1,10 @@ -----BEGIN X509 CRL----- -MIIBbzCB9gIBATAJBgcqhkjOPQQBMD4xCzAJBgNVBAYTAk5MMREwDwYDVQQKEwhQ -b2xhclNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBFQyBDQRcNMTMwOTI0MTYz -MTA4WhcNMjMwOTIyMTYzMTA4WjAUMBICAQoXDTEzMDkyNDE2MjgzOFqgcjBwMG4G +MIIBbjCB9gIBATAJBgcqhkjOPQQBMD4xCzAJBgNVBAYTAk5MMREwDwYDVQQKDAhQ +b2xhclNTTDEcMBoGA1UEAwwTUG9sYXJzc2wgVGVzdCBFQyBDQRcNMjMwNTE3MDcx +NDM5WhcNMzMwNTE3MDcxNDM5WjAUMBICAQoXDTIzMDUxNzA3MTQzOVqgcjBwMG4G A1UdIwRnMGWAFJ1tICRJAT8ry3i1Gbx+JMnb+zZ8oUKkQDA+MQswCQYDVQQGEwJO -TDERMA8GA1UEChMIUG9sYXJTU0wxHDAaBgNVBAMTE1BvbGFyc3NsIFRlc3QgRUMg -Q0GCCQDBQ+J+YkPM6DAJBgcqhkjOPQQBA2kAMGYCMQDVG95rrSSl4dJgbJ5vR1GW -svEuEsAh35EhF1WrcadMuCeMQVX9cUPupFfQUpHyMfoCMQCKf0yv8pN9BAoi3FVm -56meWPhUekgLKKMAobt2oJJY6feuiFU2YFGs1aF0rV6Bj+U= +TDERMA8GA1UECgwIUG9sYXJTU0wxHDAaBgNVBAMME1BvbGFyc3NsIFRlc3QgRUMg +Q0GCCQDBQ+J+YkPM6DAJBgcqhkjOPQQBA2gAMGUCMQCRAtXd7kXgijlMXHXr6m0B +IzDbpAAwDwCJtgOzarF5hZKGDZeDp6vptGZK0y40NsoCMACxRrXIV+6KUBipFarI +36yXDoBNol2xzst6p9fOg+prl6p7vO1sRYrIGg1WJGA5wQ== -----END X509 CRL----- diff --git a/tests/data_files/crl-ec-sha256.pem b/tests/data_files/crl-ec-sha256.pem index adfd5f8937..b9fad50fc8 100644 --- a/tests/data_files/crl-ec-sha256.pem +++ b/tests/data_files/crl-ec-sha256.pem @@ -1,10 +1,10 @@ -----BEGIN X509 CRL----- -MIIBcTCB9wIBATAKBggqhkjOPQQDAjA+MQswCQYDVQQGEwJOTDERMA8GA1UEChMI -UG9sYXJTU0wxHDAaBgNVBAMTE1BvbGFyc3NsIFRlc3QgRUMgQ0EXDTEzMDkyNDE2 -MzEwOFoXDTIzMDkyMjE2MzEwOFowFDASAgEKFw0xMzA5MjQxNjI4MzhaoHIwcDBu +MIIBcTCB9wIBATAKBggqhkjOPQQDAjA+MQswCQYDVQQGEwJOTDERMA8GA1UECgwI +UG9sYXJTU0wxHDAaBgNVBAMME1BvbGFyc3NsIFRlc3QgRUMgQ0EXDTIzMDUxNzA3 +MTQ0MFoXDTMzMDUxNzA3MTQ0MFowFDASAgEKFw0yMzA1MTcwNzE0NDBaoHIwcDBu BgNVHSMEZzBlgBSdbSAkSQE/K8t4tRm8fiTJ2/s2fKFCpEAwPjELMAkGA1UEBhMC -TkwxETAPBgNVBAoTCFBvbGFyU1NMMRwwGgYDVQQDExNQb2xhcnNzbCBUZXN0IEVD -IENBggkAwUPifmJDzOgwCgYIKoZIzj0EAwIDaQAwZgIxAKuQ684s7gyhtxKJr6Ln -S2BQ02f1jjPHrZVdXaZvm3C5tGi2cKkoK1aMiyC3LsRCuAIxAIMhj0TmcuIZr5fX -g5RByD7zUnZBpoEAdgxFy4JPJ2IViWOPekSGh8b/JY1VNS6Zbw== +TkwxETAPBgNVBAoMCFBvbGFyU1NMMRwwGgYDVQQDDBNQb2xhcnNzbCBUZXN0IEVD +IENBggkAwUPifmJDzOgwCgYIKoZIzj0EAwIDaQAwZgIxAOFCq4tS7s27+KShmh4n +zavpLBQUbqyjkH9dJk0jg862YXjirOu9oCOoWtZQz6/LhQIxAJbtOSwJNq0F/FTq +NYhP7ibE1jad9Tbs6igtZ7Z9NN7V5upnnL4SVETU9pvy9zh+tw== -----END X509 CRL----- diff --git a/tests/data_files/crl.pem b/tests/data_files/crl.pem index df7417e8ee..5a1bdd35ab 100644 --- a/tests/data_files/crl.pem +++ b/tests/data_files/crl.pem @@ -1,11 +1,11 @@ -----BEGIN X509 CRL----- MIIBqzCBlDANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDERMA8GA1UECgwI -UG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EXDTE5MDIwNjE2MzQ0 -NloXDTI5MDIwNjE2MzQ0NlowKDASAgEBFw0xMTAyMTIxMjQ0MDdaMBICAQMXDTEx -MDIxMjEyNDQwN1owDQYJKoZIhvcNAQEFBQADggEBAGHkRHGDz2HsoiXzfJDBpkfg -I+yK34O9zoHMyGcDZbF9fj4NVyyNA6XCgY3IgQYe3boA1edO6+8ImjqiZjYK+GWt -4ne7YhapRFAoFbKQY5hgy8mlpSRlNfmRVVCDDKannMac4tQff1LCFHN8msk/uG1b -WHWAsL6dzLVojhbUFY6mZTb6nqjm5YgqcsNsz37n4dyrCDftB99FQdE/aAec2RXP -Jgy9DnY5jMotPqHLZtMyfVNEoivDb7YJA5Vv6NSyiYVTjyWyTHNRsFEXRtHqjpqs -oZdBgLZAAQsUvuVpMbDKQ4FrZjOaOW/xLtKPlh/HNA5p7hNtwIiCAIvp7uQti0w= +UG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EXDTIzMDUxNzA3MTQz +OFoXDTMzMDUxNzA3MTQzOFowKDASAgEBFw0yMzA1MTcwNzE0MzhaMBICAQMXDTIz +MDUxNzA3MTQzOFowDQYJKoZIhvcNAQEFBQADggEBAEKGf/KYnv3EpFiEsPii5f3S +CEgD0NL44rYIU7n9oBIqgqxP93tDeqwqvv/oDYBA41fugxU63nO5qKn4xszKN/w0 +e3GDg6ihFFz2wO6NE37Wfn3lVIvMbboNyMGqH1CTqTbNcsam8DhvILCMkG60kV66 +pSVGVIJftDzE+33mUundQMYz4wN4QJFGRSfHW745iowF9ejiPsfAn4gO9eLDrRmA +C0oedNyRLj6jfGRtaQddlCjCAGwNlIJBe/IhixafW9g8deGPHJu8RSlJ/Q77pgjx +7WccwCz+dWP+uqi8fwgerHYdTjiAvFVu1Yd4KA5WTndzI3wzJwbdZZ08OfDLmyU= -----END X509 CRL----- diff --git a/tests/data_files/crl_cat_ec-rsa.pem b/tests/data_files/crl_cat_ec-rsa.pem index 3cda8ff03e..cafa1d4112 100644 --- a/tests/data_files/crl_cat_ec-rsa.pem +++ b/tests/data_files/crl_cat_ec-rsa.pem @@ -1,21 +1,21 @@ -----BEGIN X509 CRL----- -MIIBcTCB9wIBATAKBggqhkjOPQQDAjA+MQswCQYDVQQGEwJOTDERMA8GA1UEChMI -UG9sYXJTU0wxHDAaBgNVBAMTE1BvbGFyc3NsIFRlc3QgRUMgQ0EXDTEzMDkyNDE2 -MzEwOFoXDTIzMDkyMjE2MzEwOFowFDASAgEKFw0xMzA5MjQxNjI4MzhaoHIwcDBu +MIIBcTCB9wIBATAKBggqhkjOPQQDAjA+MQswCQYDVQQGEwJOTDERMA8GA1UECgwI +UG9sYXJTU0wxHDAaBgNVBAMME1BvbGFyc3NsIFRlc3QgRUMgQ0EXDTIzMDUxNzA3 +MTQ0MFoXDTMzMDUxNzA3MTQ0MFowFDASAgEKFw0yMzA1MTcwNzE0NDBaoHIwcDBu BgNVHSMEZzBlgBSdbSAkSQE/K8t4tRm8fiTJ2/s2fKFCpEAwPjELMAkGA1UEBhMC -TkwxETAPBgNVBAoTCFBvbGFyU1NMMRwwGgYDVQQDExNQb2xhcnNzbCBUZXN0IEVD -IENBggkAwUPifmJDzOgwCgYIKoZIzj0EAwIDaQAwZgIxAKuQ684s7gyhtxKJr6Ln -S2BQ02f1jjPHrZVdXaZvm3C5tGi2cKkoK1aMiyC3LsRCuAIxAIMhj0TmcuIZr5fX -g5RByD7zUnZBpoEAdgxFy4JPJ2IViWOPekSGh8b/JY1VNS6Zbw== +TkwxETAPBgNVBAoMCFBvbGFyU1NMMRwwGgYDVQQDDBNQb2xhcnNzbCBUZXN0IEVD +IENBggkAwUPifmJDzOgwCgYIKoZIzj0EAwIDaQAwZgIxAOFCq4tS7s27+KShmh4n +zavpLBQUbqyjkH9dJk0jg862YXjirOu9oCOoWtZQz6/LhQIxAJbtOSwJNq0F/FTq +NYhP7ibE1jad9Tbs6igtZ7Z9NN7V5upnnL4SVETU9pvy9zh+tw== -----END X509 CRL----- -----BEGIN X509 CRL----- -MIIBqzCBlDANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDERMA8GA1UEChMI -UG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EXDTExMDIyMDEwMjI1 -OVoXDTE5MTEyNTEwMjI1OVowKDASAgEBFw0xMTAyMTIxNDQ0MDdaMBICAQMXDTEx -MDIxMjE0NDQwN1owDQYJKoZIhvcNAQEFBQADggEBAJYuWdKPdblMVWCnxpMnchuL -dqWzK2BA0RelCaGjpxuwX3NmLDm+5hKja/DJxaRqTOf4RSC3kcX8CdIldsLO96dz -//wAQdFPDhy6AFT5vKTO8ItPHDb7qFOqFqpeJi5XN1yoZGTB1ei0mgD3xBaKbp6U -yCOZJSIFomt7piT4GcgWVHLUmpyHDDeodNhYPrN0jf2mr+ECd9fQJYdz1qm0Xx+Q -NbKXDiPRmPX0qVleCZSeSp1JAmU4GoCO+96qQUpjgll+6xWya3UNj61f9sh0Zzr7 -5ug2LZo5uBM/LpNR1K3TLxNCcg7uUPTn9r143d7ivJhPl3tEJn4PXjv6mlLoOgU= +MIIBqzCBlDANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDERMA8GA1UECgwI +UG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EXDTIzMDUxNzA3MTQz +OFoXDTMzMDUxNzA3MTQzOFowKDASAgEBFw0yMzA1MTcwNzE0MzhaMBICAQMXDTIz +MDUxNzA3MTQzOFowDQYJKoZIhvcNAQEFBQADggEBAEKGf/KYnv3EpFiEsPii5f3S +CEgD0NL44rYIU7n9oBIqgqxP93tDeqwqvv/oDYBA41fugxU63nO5qKn4xszKN/w0 +e3GDg6ihFFz2wO6NE37Wfn3lVIvMbboNyMGqH1CTqTbNcsam8DhvILCMkG60kV66 +pSVGVIJftDzE+33mUundQMYz4wN4QJFGRSfHW745iowF9ejiPsfAn4gO9eLDrRmA +C0oedNyRLj6jfGRtaQddlCjCAGwNlIJBe/IhixafW9g8deGPHJu8RSlJ/Q77pgjx +7WccwCz+dWP+uqi8fwgerHYdTjiAvFVu1Yd4KA5WTndzI3wzJwbdZZ08OfDLmyU= -----END X509 CRL----- diff --git a/tests/data_files/crl_cat_rsa-ec.pem b/tests/data_files/crl_cat_rsa-ec.pem index ded369d897..92ecccc6df 100644 --- a/tests/data_files/crl_cat_rsa-ec.pem +++ b/tests/data_files/crl_cat_rsa-ec.pem @@ -1,21 +1,21 @@ -----BEGIN X509 CRL----- -MIIBqzCBlDANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDERMA8GA1UEChMI -UG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EXDTExMDIyMDEwMjI1 -OVoXDTE5MTEyNTEwMjI1OVowKDASAgEBFw0xMTAyMTIxNDQ0MDdaMBICAQMXDTEx -MDIxMjE0NDQwN1owDQYJKoZIhvcNAQEFBQADggEBAJYuWdKPdblMVWCnxpMnchuL -dqWzK2BA0RelCaGjpxuwX3NmLDm+5hKja/DJxaRqTOf4RSC3kcX8CdIldsLO96dz -//wAQdFPDhy6AFT5vKTO8ItPHDb7qFOqFqpeJi5XN1yoZGTB1ei0mgD3xBaKbp6U -yCOZJSIFomt7piT4GcgWVHLUmpyHDDeodNhYPrN0jf2mr+ECd9fQJYdz1qm0Xx+Q -NbKXDiPRmPX0qVleCZSeSp1JAmU4GoCO+96qQUpjgll+6xWya3UNj61f9sh0Zzr7 -5ug2LZo5uBM/LpNR1K3TLxNCcg7uUPTn9r143d7ivJhPl3tEJn4PXjv6mlLoOgU= +MIIBqzCBlDANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDERMA8GA1UECgwI +UG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EXDTIzMDUxNzA3MTQz +OFoXDTMzMDUxNzA3MTQzOFowKDASAgEBFw0yMzA1MTcwNzE0MzhaMBICAQMXDTIz +MDUxNzA3MTQzOFowDQYJKoZIhvcNAQEFBQADggEBAEKGf/KYnv3EpFiEsPii5f3S +CEgD0NL44rYIU7n9oBIqgqxP93tDeqwqvv/oDYBA41fugxU63nO5qKn4xszKN/w0 +e3GDg6ihFFz2wO6NE37Wfn3lVIvMbboNyMGqH1CTqTbNcsam8DhvILCMkG60kV66 +pSVGVIJftDzE+33mUundQMYz4wN4QJFGRSfHW745iowF9ejiPsfAn4gO9eLDrRmA +C0oedNyRLj6jfGRtaQddlCjCAGwNlIJBe/IhixafW9g8deGPHJu8RSlJ/Q77pgjx +7WccwCz+dWP+uqi8fwgerHYdTjiAvFVu1Yd4KA5WTndzI3wzJwbdZZ08OfDLmyU= -----END X509 CRL----- -----BEGIN X509 CRL----- -MIIBcTCB9wIBATAKBggqhkjOPQQDAjA+MQswCQYDVQQGEwJOTDERMA8GA1UEChMI -UG9sYXJTU0wxHDAaBgNVBAMTE1BvbGFyc3NsIFRlc3QgRUMgQ0EXDTEzMDkyNDE2 -MzEwOFoXDTIzMDkyMjE2MzEwOFowFDASAgEKFw0xMzA5MjQxNjI4MzhaoHIwcDBu +MIIBcTCB9wIBATAKBggqhkjOPQQDAjA+MQswCQYDVQQGEwJOTDERMA8GA1UECgwI +UG9sYXJTU0wxHDAaBgNVBAMME1BvbGFyc3NsIFRlc3QgRUMgQ0EXDTIzMDUxNzA3 +MTQ0MFoXDTMzMDUxNzA3MTQ0MFowFDASAgEKFw0yMzA1MTcwNzE0NDBaoHIwcDBu BgNVHSMEZzBlgBSdbSAkSQE/K8t4tRm8fiTJ2/s2fKFCpEAwPjELMAkGA1UEBhMC -TkwxETAPBgNVBAoTCFBvbGFyU1NMMRwwGgYDVQQDExNQb2xhcnNzbCBUZXN0IEVD -IENBggkAwUPifmJDzOgwCgYIKoZIzj0EAwIDaQAwZgIxAKuQ684s7gyhtxKJr6Ln -S2BQ02f1jjPHrZVdXaZvm3C5tGi2cKkoK1aMiyC3LsRCuAIxAIMhj0TmcuIZr5fX -g5RByD7zUnZBpoEAdgxFy4JPJ2IViWOPekSGh8b/JY1VNS6Zbw== +TkwxETAPBgNVBAoMCFBvbGFyU1NMMRwwGgYDVQQDDBNQb2xhcnNzbCBUZXN0IEVD +IENBggkAwUPifmJDzOgwCgYIKoZIzj0EAwIDaQAwZgIxAOFCq4tS7s27+KShmh4n +zavpLBQUbqyjkH9dJk0jg862YXjirOu9oCOoWtZQz6/LhQIxAJbtOSwJNq0F/FTq +NYhP7ibE1jad9Tbs6igtZ7Z9NN7V5upnnL4SVETU9pvy9zh+tw== -----END X509 CRL----- From 5e2f312195436e4ea7b7e85d9e1bddcfa5ac336c Mon Sep 17 00:00:00 2001 From: Pengyu Lv Date: Thu, 25 May 2023 15:05:18 +0800 Subject: [PATCH 269/328] Update cert macros in tests/src/certs.c This commit manually updates: - TEST_CA_CRT_EC_PEM - TEST_CA_CRT_EC_DER - TEST_SRV_CRT_EC_PEM - TEST_SRV_CRT_EC_DER Signed-off-by: Pengyu Lv --- tests/src/certs.c | 238 +++++++++++++++++++++++----------------------- 1 file changed, 119 insertions(+), 119 deletions(-) diff --git a/tests/src/certs.c b/tests/src/certs.c index 1f48570d7e..d2808d71c9 100644 --- a/tests/src/certs.c +++ b/tests/src/certs.c @@ -40,69 +40,69 @@ /* This is taken from tests/data_files/test-ca2.crt */ /* BEGIN FILE string macro TEST_CA_CRT_EC_PEM tests/data_files/test-ca2.crt */ -#define TEST_CA_CRT_EC_PEM \ - "-----BEGIN CERTIFICATE-----\r\n" \ - "MIICBDCCAYigAwIBAgIJAMFD4n5iQ8zoMAwGCCqGSM49BAMCBQAwPjELMAkGA1UE\r\n" \ - "BhMCTkwxETAPBgNVBAoMCFBvbGFyU1NMMRwwGgYDVQQDDBNQb2xhcnNzbCBUZXN0\r\n" \ - "IEVDIENBMB4XDTE5MDIxMDE0NDQwMFoXDTI5MDIxMDE0NDQwMFowPjELMAkGA1UE\r\n" \ - "BhMCTkwxETAPBgNVBAoMCFBvbGFyU1NMMRwwGgYDVQQDDBNQb2xhcnNzbCBUZXN0\r\n" \ - "IEVDIENBMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEw9orNEE3WC+HVv78ibopQ0tO\r\n" \ - "4G7DDldTMzlY1FK0kZU5CyPfXxckYkj8GpUpziwth8KIUoCv1mqrId240xxuWLjK\r\n" \ - "6LJpjvNBrSnDtF91p0dv1RkpVWmaUzsgtGYWYDMeo1AwTjAMBgNVHRMEBTADAQH/\r\n" \ - "MB0GA1UdDgQWBBSdbSAkSQE/K8t4tRm8fiTJ2/s2fDAfBgNVHSMEGDAWgBSdbSAk\r\n" \ - "SQE/K8t4tRm8fiTJ2/s2fDAMBggqhkjOPQQDAgUAA2gAMGUCMFHKrjAPpHB0BN1a\r\n" \ - "LH8TwcJ3vh0AxeKZj30mRdOKBmg/jLS3rU3g8VQBHpn8sOTTBwIxANxPO5AerimZ\r\n" \ - "hCjMe0d4CTHf1gFZMF70+IqEP+o5VHsIp2Cqvflb0VGWFC5l9a4cQg==\r\n" \ +#define TEST_CA_CRT_EC_PEM \ + "-----BEGIN CERTIFICATE-----\r\n" \ + "MIICBzCCAYugAwIBAgIJAMFD4n5iQ8zoMAwGCCqGSM49BAMCBQAwPjELMAkGA1UE\r\n" \ + "BhMCTkwxETAPBgNVBAoMCFBvbGFyU1NMMRwwGgYDVQQDDBNQb2xhcnNzbCBUZXN0\r\n" \ + "IEVDIENBMB4XDTE5MDIxMDE0NDQwMFoXDTI5MDIxMDE0NDQwMFowPjELMAkGA1UE\r\n" \ + "BhMCTkwxETAPBgNVBAoMCFBvbGFyU1NMMRwwGgYDVQQDDBNQb2xhcnNzbCBUZXN0\r\n" \ + "IEVDIENBMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEw9orNEE3WC+HVv78ibopQ0tO\r\n" \ + "4G7DDldTMzlY1FK0kZU5CyPfXxckYkj8GpUpziwth8KIUoCv1mqrId240xxuWLjK\r\n" \ + "6LJpjvNBrSnDtF91p0dv1RkpVWmaUzsgtGYWYDMeo1MwUTAPBgNVHRMBAf8EBTAD\r\n" \ + "AQH/MB0GA1UdDgQWBBSdbSAkSQE/K8t4tRm8fiTJ2/s2fDAfBgNVHSMEGDAWgBSd\r\n" \ + "bSAkSQE/K8t4tRm8fiTJ2/s2fDAMBggqhkjOPQQDAgUAA2gAMGUCMQDpNWfBIlzq\r\n" \ + "6xV2UwQD/1YGz9fQUM7AfNKzVa2PVBpf/QD1TAylTYTF4GI6qlb6EPYCMF/YVa29\r\n" \ + "N5yC1mFAir19jb9Pl9iiIkRm17dM4y6m5VIMepEPm/VlWAa8H5p1+BPbGw==\r\n" \ "-----END CERTIFICATE-----\r\n" /* END FILE */ /* This is generated from tests/data_files/test-ca2.crt.der using `xxd -i`. */ /* BEGIN FILE binary macro TEST_CA_CRT_EC_DER tests/data_files/test-ca2.crt.der */ -#define TEST_CA_CRT_EC_DER { \ - 0x30, 0x82, 0x02, 0x04, 0x30, 0x82, 0x01, 0x88, 0xa0, 0x03, 0x02, 0x01, \ - 0x02, 0x02, 0x09, 0x00, 0xc1, 0x43, 0xe2, 0x7e, 0x62, 0x43, 0xcc, 0xe8, \ - 0x30, 0x0c, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, 0x03, 0x02, \ - 0x05, 0x00, 0x30, 0x3e, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, \ - 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, 0x30, 0x0f, 0x06, 0x03, 0x55, \ - 0x04, 0x0a, 0x0c, 0x08, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, 0x53, 0x4c, \ - 0x31, 0x1c, 0x30, 0x1a, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x13, 0x50, \ - 0x6f, 0x6c, 0x61, 0x72, 0x73, 0x73, 0x6c, 0x20, 0x54, 0x65, 0x73, 0x74, \ - 0x20, 0x45, 0x43, 0x20, 0x43, 0x41, 0x30, 0x1e, 0x17, 0x0d, 0x31, 0x39, \ - 0x30, 0x32, 0x31, 0x30, 0x31, 0x34, 0x34, 0x34, 0x30, 0x30, 0x5a, 0x17, \ - 0x0d, 0x32, 0x39, 0x30, 0x32, 0x31, 0x30, 0x31, 0x34, 0x34, 0x34, 0x30, \ - 0x30, 0x5a, 0x30, 0x3e, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, \ - 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, 0x30, 0x0f, 0x06, 0x03, 0x55, \ - 0x04, 0x0a, 0x0c, 0x08, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, 0x53, 0x4c, \ - 0x31, 0x1c, 0x30, 0x1a, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x13, 0x50, \ - 0x6f, 0x6c, 0x61, 0x72, 0x73, 0x73, 0x6c, 0x20, 0x54, 0x65, 0x73, 0x74, \ - 0x20, 0x45, 0x43, 0x20, 0x43, 0x41, 0x30, 0x76, 0x30, 0x10, 0x06, 0x07, \ - 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, \ - 0x00, 0x22, 0x03, 0x62, 0x00, 0x04, 0xc3, 0xda, 0x2b, 0x34, 0x41, 0x37, \ - 0x58, 0x2f, 0x87, 0x56, 0xfe, 0xfc, 0x89, 0xba, 0x29, 0x43, 0x4b, 0x4e, \ - 0xe0, 0x6e, 0xc3, 0x0e, 0x57, 0x53, 0x33, 0x39, 0x58, 0xd4, 0x52, 0xb4, \ - 0x91, 0x95, 0x39, 0x0b, 0x23, 0xdf, 0x5f, 0x17, 0x24, 0x62, 0x48, 0xfc, \ - 0x1a, 0x95, 0x29, 0xce, 0x2c, 0x2d, 0x87, 0xc2, 0x88, 0x52, 0x80, 0xaf, \ - 0xd6, 0x6a, 0xab, 0x21, 0xdd, 0xb8, 0xd3, 0x1c, 0x6e, 0x58, 0xb8, 0xca, \ - 0xe8, 0xb2, 0x69, 0x8e, 0xf3, 0x41, 0xad, 0x29, 0xc3, 0xb4, 0x5f, 0x75, \ - 0xa7, 0x47, 0x6f, 0xd5, 0x19, 0x29, 0x55, 0x69, 0x9a, 0x53, 0x3b, 0x20, \ - 0xb4, 0x66, 0x16, 0x60, 0x33, 0x1e, 0xa3, 0x50, 0x30, 0x4e, 0x30, 0x0c, \ - 0x06, 0x03, 0x55, 0x1d, 0x13, 0x04, 0x05, 0x30, 0x03, 0x01, 0x01, 0xff, \ - 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0x9d, \ - 0x6d, 0x20, 0x24, 0x49, 0x01, 0x3f, 0x2b, 0xcb, 0x78, 0xb5, 0x19, 0xbc, \ - 0x7e, 0x24, 0xc9, 0xdb, 0xfb, 0x36, 0x7c, 0x30, 0x1f, 0x06, 0x03, 0x55, \ - 0x1d, 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, 0x14, 0x9d, 0x6d, 0x20, 0x24, \ - 0x49, 0x01, 0x3f, 0x2b, 0xcb, 0x78, 0xb5, 0x19, 0xbc, 0x7e, 0x24, 0xc9, \ - 0xdb, 0xfb, 0x36, 0x7c, 0x30, 0x0c, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, \ - 0x3d, 0x04, 0x03, 0x02, 0x05, 0x00, 0x03, 0x68, 0x00, 0x30, 0x65, 0x02, \ - 0x30, 0x51, 0xca, 0xae, 0x30, 0x0f, 0xa4, 0x70, 0x74, 0x04, 0xdd, 0x5a, \ - 0x2c, 0x7f, 0x13, 0xc1, 0xc2, 0x77, 0xbe, 0x1d, 0x00, 0xc5, 0xe2, 0x99, \ - 0x8f, 0x7d, 0x26, 0x45, 0xd3, 0x8a, 0x06, 0x68, 0x3f, 0x8c, 0xb4, 0xb7, \ - 0xad, 0x4d, 0xe0, 0xf1, 0x54, 0x01, 0x1e, 0x99, 0xfc, 0xb0, 0xe4, 0xd3, \ - 0x07, 0x02, 0x31, 0x00, 0xdc, 0x4f, 0x3b, 0x90, 0x1e, 0xae, 0x29, 0x99, \ - 0x84, 0x28, 0xcc, 0x7b, 0x47, 0x78, 0x09, 0x31, 0xdf, 0xd6, 0x01, 0x59, \ - 0x30, 0x5e, 0xf4, 0xf8, 0x8a, 0x84, 0x3f, 0xea, 0x39, 0x54, 0x7b, 0x08, \ - 0xa7, 0x60, 0xaa, 0xbd, 0xf9, 0x5b, 0xd1, 0x51, 0x96, 0x14, 0x2e, 0x65, \ - 0xf5, 0xae, 0x1c, 0x42 \ +#define TEST_CA_CRT_EC_DER { \ + 0x30, 0x82, 0x02, 0x07, 0x30, 0x82, 0x01, 0x8b, 0xa0, 0x03, 0x02, 0x01, \ + 0x02, 0x02, 0x09, 0x00, 0xc1, 0x43, 0xe2, 0x7e, 0x62, 0x43, 0xcc, 0xe8, \ + 0x30, 0x0c, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, 0x03, 0x02, \ + 0x05, 0x00, 0x30, 0x3e, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, \ + 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, 0x30, 0x0f, 0x06, 0x03, 0x55, \ + 0x04, 0x0a, 0x0c, 0x08, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, 0x53, 0x4c, \ + 0x31, 0x1c, 0x30, 0x1a, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x13, 0x50, \ + 0x6f, 0x6c, 0x61, 0x72, 0x73, 0x73, 0x6c, 0x20, 0x54, 0x65, 0x73, 0x74, \ + 0x20, 0x45, 0x43, 0x20, 0x43, 0x41, 0x30, 0x1e, 0x17, 0x0d, 0x31, 0x39, \ + 0x30, 0x32, 0x31, 0x30, 0x31, 0x34, 0x34, 0x34, 0x30, 0x30, 0x5a, 0x17, \ + 0x0d, 0x32, 0x39, 0x30, 0x32, 0x31, 0x30, 0x31, 0x34, 0x34, 0x34, 0x30, \ + 0x30, 0x5a, 0x30, 0x3e, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, \ + 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, 0x30, 0x0f, 0x06, 0x03, 0x55, \ + 0x04, 0x0a, 0x0c, 0x08, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, 0x53, 0x4c, \ + 0x31, 0x1c, 0x30, 0x1a, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x13, 0x50, \ + 0x6f, 0x6c, 0x61, 0x72, 0x73, 0x73, 0x6c, 0x20, 0x54, 0x65, 0x73, 0x74, \ + 0x20, 0x45, 0x43, 0x20, 0x43, 0x41, 0x30, 0x76, 0x30, 0x10, 0x06, 0x07, \ + 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, \ + 0x00, 0x22, 0x03, 0x62, 0x00, 0x04, 0xc3, 0xda, 0x2b, 0x34, 0x41, 0x37, \ + 0x58, 0x2f, 0x87, 0x56, 0xfe, 0xfc, 0x89, 0xba, 0x29, 0x43, 0x4b, 0x4e, \ + 0xe0, 0x6e, 0xc3, 0x0e, 0x57, 0x53, 0x33, 0x39, 0x58, 0xd4, 0x52, 0xb4, \ + 0x91, 0x95, 0x39, 0x0b, 0x23, 0xdf, 0x5f, 0x17, 0x24, 0x62, 0x48, 0xfc, \ + 0x1a, 0x95, 0x29, 0xce, 0x2c, 0x2d, 0x87, 0xc2, 0x88, 0x52, 0x80, 0xaf, \ + 0xd6, 0x6a, 0xab, 0x21, 0xdd, 0xb8, 0xd3, 0x1c, 0x6e, 0x58, 0xb8, 0xca, \ + 0xe8, 0xb2, 0x69, 0x8e, 0xf3, 0x41, 0xad, 0x29, 0xc3, 0xb4, 0x5f, 0x75, \ + 0xa7, 0x47, 0x6f, 0xd5, 0x19, 0x29, 0x55, 0x69, 0x9a, 0x53, 0x3b, 0x20, \ + 0xb4, 0x66, 0x16, 0x60, 0x33, 0x1e, 0xa3, 0x53, 0x30, 0x51, 0x30, 0x0f, \ + 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01, 0x01, 0xff, 0x04, 0x05, 0x30, 0x03, \ + 0x01, 0x01, 0xff, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, \ + 0x04, 0x14, 0x9d, 0x6d, 0x20, 0x24, 0x49, 0x01, 0x3f, 0x2b, 0xcb, 0x78, \ + 0xb5, 0x19, 0xbc, 0x7e, 0x24, 0xc9, 0xdb, 0xfb, 0x36, 0x7c, 0x30, 0x1f, \ + 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, 0x14, 0x9d, \ + 0x6d, 0x20, 0x24, 0x49, 0x01, 0x3f, 0x2b, 0xcb, 0x78, 0xb5, 0x19, 0xbc, \ + 0x7e, 0x24, 0xc9, 0xdb, 0xfb, 0x36, 0x7c, 0x30, 0x0c, 0x06, 0x08, 0x2a, \ + 0x86, 0x48, 0xce, 0x3d, 0x04, 0x03, 0x02, 0x05, 0x00, 0x03, 0x68, 0x00, \ + 0x30, 0x65, 0x02, 0x31, 0x00, 0xe9, 0x35, 0x67, 0xc1, 0x22, 0x5c, 0xea, \ + 0xeb, 0x15, 0x76, 0x53, 0x04, 0x03, 0xff, 0x56, 0x06, 0xcf, 0xd7, 0xd0, \ + 0x50, 0xce, 0xc0, 0x7c, 0xd2, 0xb3, 0x55, 0xad, 0x8f, 0x54, 0x1a, 0x5f, \ + 0xfd, 0x00, 0xf5, 0x4c, 0x0c, 0xa5, 0x4d, 0x84, 0xc5, 0xe0, 0x62, 0x3a, \ + 0xaa, 0x56, 0xfa, 0x10, 0xf6, 0x02, 0x30, 0x5f, 0xd8, 0x55, 0xad, 0xbd, \ + 0x37, 0x9c, 0x82, 0xd6, 0x61, 0x40, 0x8a, 0xbd, 0x7d, 0x8d, 0xbf, 0x4f, \ + 0x97, 0xd8, 0xa2, 0x22, 0x44, 0x66, 0xd7, 0xb7, 0x4c, 0xe3, 0x2e, 0xa6, \ + 0xe5, 0x52, 0x0c, 0x7a, 0x91, 0x0f, 0x9b, 0xf5, 0x65, 0x58, 0x06, 0xbc, \ + 0x1f, 0x9a, 0x75, 0xf8, 0x13, 0xdb, 0x1b \ } /* END FILE */ @@ -503,72 +503,72 @@ /* This is taken from tests/data_files/server5.crt. */ /* BEGIN FILE string macro TEST_SRV_CRT_EC_PEM tests/data_files/server5.crt */ -#define TEST_SRV_CRT_EC_PEM \ - "-----BEGIN CERTIFICATE-----\r\n" \ - "MIICHzCCAaWgAwIBAgIBCTAKBggqhkjOPQQDAjA+MQswCQYDVQQGEwJOTDERMA8G\r\n" \ - "A1UEChMIUG9sYXJTU0wxHDAaBgNVBAMTE1BvbGFyc3NsIFRlc3QgRUMgQ0EwHhcN\r\n" \ - "MTMwOTI0MTU1MjA0WhcNMjMwOTIyMTU1MjA0WjA0MQswCQYDVQQGEwJOTDERMA8G\r\n" \ - "A1UEChMIUG9sYXJTU0wxEjAQBgNVBAMTCWxvY2FsaG9zdDBZMBMGByqGSM49AgEG\r\n" \ - "CCqGSM49AwEHA0IABDfMVtl2CR5acj7HWS3/IG7ufPkGkXTQrRS192giWWKSTuUA\r\n" \ - "2CMR/+ov0jRdXRa9iojCa3cNVc2KKg76Aci07f+jgZ0wgZowCQYDVR0TBAIwADAd\r\n" \ - "BgNVHQ4EFgQUUGGlj9QH2deCAQzlZX+MY0anE74wbgYDVR0jBGcwZYAUnW0gJEkB\r\n" \ - "PyvLeLUZvH4kydv7NnyhQqRAMD4xCzAJBgNVBAYTAk5MMREwDwYDVQQKEwhQb2xh\r\n" \ - "clNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBFQyBDQYIJAMFD4n5iQ8zoMAoG\r\n" \ - "CCqGSM49BAMCA2gAMGUCMQCaLFzXptui5WQN8LlO3ddh1hMxx6tzgLvT03MTVK2S\r\n" \ - "C12r0Lz3ri/moSEpNZWqPjkCMCE2f53GXcYLqyfyJR078c/xNSUU5+Xxl7VZ414V\r\n" \ - "fGa5kHvHARBPc8YAIVIqDvHH1Q==\r\n" \ +#define TEST_SRV_CRT_EC_PEM \ + "-----BEGIN CERTIFICATE-----\r\n" \ + "MIICIDCCAaWgAwIBAgIBCTAKBggqhkjOPQQDAjA+MQswCQYDVQQGEwJOTDERMA8G\r\n" \ + "A1UECgwIUG9sYXJTU0wxHDAaBgNVBAMME1BvbGFyc3NsIFRlc3QgRUMgQ0EwHhcN\r\n" \ + "MjMwNTE3MDcxMDM2WhcNMzMwNTE0MDcxMDM2WjA0MQswCQYDVQQGEwJOTDERMA8G\r\n" \ + "A1UECgwIUG9sYXJTU0wxEjAQBgNVBAMMCWxvY2FsaG9zdDBZMBMGByqGSM49AgEG\r\n" \ + "CCqGSM49AwEHA0IABDfMVtl2CR5acj7HWS3/IG7ufPkGkXTQrRS192giWWKSTuUA\r\n" \ + "2CMR/+ov0jRdXRa9iojCa3cNVc2KKg76Aci07f+jgZ0wgZowCQYDVR0TBAIwADAd\r\n" \ + "BgNVHQ4EFgQUUGGlj9QH2deCAQzlZX+MY0anE74wbgYDVR0jBGcwZYAUnW0gJEkB\r\n" \ + "PyvLeLUZvH4kydv7NnyhQqRAMD4xCzAJBgNVBAYTAk5MMREwDwYDVQQKDAhQb2xh\r\n" \ + "clNTTDEcMBoGA1UEAwwTUG9sYXJzc2wgVGVzdCBFQyBDQYIJAMFD4n5iQ8zoMAoG\r\n" \ + "CCqGSM49BAMCA2kAMGYCMQDg6p7PPfr2+n7nGvya3pU4ust3k7Obk4/tZX+uHHRQ\r\n" \ + "qaccsyULeFNzkyRvWHFeT5sCMQCzDJX79Ii7hILYza/iXWJe/BjJEE8MteCRGXDN\r\n" \ + "06jC+BLgOH1KQV9ArqEh3AhOhEg=\r\n" \ "-----END CERTIFICATE-----\r\n" /* END FILE */ /* This is generated from tests/data_files/server5.crt.der using `xxd -i`. */ /* BEGIN FILE binary macro TEST_SRV_CRT_EC_DER tests/data_files/server5.crt.der */ -#define TEST_SRV_CRT_EC_DER { \ - 0x30, 0x82, 0x02, 0x1f, 0x30, 0x82, 0x01, 0xa5, 0xa0, 0x03, 0x02, 0x01, \ - 0x02, 0x02, 0x01, 0x09, 0x30, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, \ - 0x3d, 0x04, 0x03, 0x02, 0x30, 0x3e, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, \ - 0x55, 0x04, 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, 0x30, 0x0f, 0x06, \ - 0x03, 0x55, 0x04, 0x0a, 0x13, 0x08, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, \ - 0x53, 0x4c, 0x31, 0x1c, 0x30, 0x1a, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, \ - 0x13, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x73, 0x73, 0x6c, 0x20, 0x54, 0x65, \ - 0x73, 0x74, 0x20, 0x45, 0x43, 0x20, 0x43, 0x41, 0x30, 0x1e, 0x17, 0x0d, \ - 0x31, 0x33, 0x30, 0x39, 0x32, 0x34, 0x31, 0x35, 0x35, 0x32, 0x30, 0x34, \ - 0x5a, 0x17, 0x0d, 0x32, 0x33, 0x30, 0x39, 0x32, 0x32, 0x31, 0x35, 0x35, \ - 0x32, 0x30, 0x34, 0x5a, 0x30, 0x34, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, \ - 0x55, 0x04, 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, 0x30, 0x0f, 0x06, \ - 0x03, 0x55, 0x04, 0x0a, 0x13, 0x08, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, \ - 0x53, 0x4c, 0x31, 0x12, 0x30, 0x10, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, \ - 0x09, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x68, 0x6f, 0x73, 0x74, 0x30, 0x59, \ - 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, 0x01, 0x06, \ - 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03, 0x42, 0x00, \ - 0x04, 0x37, 0xcc, 0x56, 0xd9, 0x76, 0x09, 0x1e, 0x5a, 0x72, 0x3e, 0xc7, \ - 0x59, 0x2d, 0xff, 0x20, 0x6e, 0xee, 0x7c, 0xf9, 0x06, 0x91, 0x74, 0xd0, \ - 0xad, 0x14, 0xb5, 0xf7, 0x68, 0x22, 0x59, 0x62, 0x92, 0x4e, 0xe5, 0x00, \ - 0xd8, 0x23, 0x11, 0xff, 0xea, 0x2f, 0xd2, 0x34, 0x5d, 0x5d, 0x16, 0xbd, \ - 0x8a, 0x88, 0xc2, 0x6b, 0x77, 0x0d, 0x55, 0xcd, 0x8a, 0x2a, 0x0e, 0xfa, \ - 0x01, 0xc8, 0xb4, 0xed, 0xff, 0xa3, 0x81, 0x9d, 0x30, 0x81, 0x9a, 0x30, \ - 0x09, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x04, 0x02, 0x30, 0x00, 0x30, 0x1d, \ - 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0x50, 0x61, 0xa5, \ - 0x8f, 0xd4, 0x07, 0xd9, 0xd7, 0x82, 0x01, 0x0c, 0xe5, 0x65, 0x7f, 0x8c, \ - 0x63, 0x46, 0xa7, 0x13, 0xbe, 0x30, 0x6e, 0x06, 0x03, 0x55, 0x1d, 0x23, \ - 0x04, 0x67, 0x30, 0x65, 0x80, 0x14, 0x9d, 0x6d, 0x20, 0x24, 0x49, 0x01, \ - 0x3f, 0x2b, 0xcb, 0x78, 0xb5, 0x19, 0xbc, 0x7e, 0x24, 0xc9, 0xdb, 0xfb, \ - 0x36, 0x7c, 0xa1, 0x42, 0xa4, 0x40, 0x30, 0x3e, 0x31, 0x0b, 0x30, 0x09, \ - 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, 0x30, \ - 0x0f, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x08, 0x50, 0x6f, 0x6c, 0x61, \ - 0x72, 0x53, 0x53, 0x4c, 0x31, 0x1c, 0x30, 0x1a, 0x06, 0x03, 0x55, 0x04, \ - 0x03, 0x13, 0x13, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x73, 0x73, 0x6c, 0x20, \ - 0x54, 0x65, 0x73, 0x74, 0x20, 0x45, 0x43, 0x20, 0x43, 0x41, 0x82, 0x09, \ - 0x00, 0xc1, 0x43, 0xe2, 0x7e, 0x62, 0x43, 0xcc, 0xe8, 0x30, 0x0a, 0x06, \ - 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, 0x03, 0x02, 0x03, 0x68, 0x00, \ - 0x30, 0x65, 0x02, 0x31, 0x00, 0x9a, 0x2c, 0x5c, 0xd7, 0xa6, 0xdb, 0xa2, \ - 0xe5, 0x64, 0x0d, 0xf0, 0xb9, 0x4e, 0xdd, 0xd7, 0x61, 0xd6, 0x13, 0x31, \ - 0xc7, 0xab, 0x73, 0x80, 0xbb, 0xd3, 0xd3, 0x73, 0x13, 0x54, 0xad, 0x92, \ - 0x0b, 0x5d, 0xab, 0xd0, 0xbc, 0xf7, 0xae, 0x2f, 0xe6, 0xa1, 0x21, 0x29, \ - 0x35, 0x95, 0xaa, 0x3e, 0x39, 0x02, 0x30, 0x21, 0x36, 0x7f, 0x9d, 0xc6, \ - 0x5d, 0xc6, 0x0b, 0xab, 0x27, 0xf2, 0x25, 0x1d, 0x3b, 0xf1, 0xcf, 0xf1, \ - 0x35, 0x25, 0x14, 0xe7, 0xe5, 0xf1, 0x97, 0xb5, 0x59, 0xe3, 0x5e, 0x15, \ - 0x7c, 0x66, 0xb9, 0x90, 0x7b, 0xc7, 0x01, 0x10, 0x4f, 0x73, 0xc6, 0x00, \ - 0x21, 0x52, 0x2a, 0x0e, 0xf1, 0xc7, 0xd5 \ +#define TEST_SRV_CRT_EC_DER { \ + 0x30, 0x82, 0x02, 0x20, 0x30, 0x82, 0x01, 0xa5, 0xa0, 0x03, 0x02, 0x01, \ + 0x02, 0x02, 0x01, 0x09, 0x30, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, \ + 0x3d, 0x04, 0x03, 0x02, 0x30, 0x3e, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, \ + 0x55, 0x04, 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, 0x30, 0x0f, 0x06, \ + 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x08, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, \ + 0x53, 0x4c, 0x31, 0x1c, 0x30, 0x1a, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, \ + 0x13, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x73, 0x73, 0x6c, 0x20, 0x54, 0x65, \ + 0x73, 0x74, 0x20, 0x45, 0x43, 0x20, 0x43, 0x41, 0x30, 0x1e, 0x17, 0x0d, \ + 0x32, 0x33, 0x30, 0x35, 0x31, 0x37, 0x30, 0x37, 0x31, 0x30, 0x33, 0x36, \ + 0x5a, 0x17, 0x0d, 0x33, 0x33, 0x30, 0x35, 0x31, 0x34, 0x30, 0x37, 0x31, \ + 0x30, 0x33, 0x36, 0x5a, 0x30, 0x34, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, \ + 0x55, 0x04, 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, 0x30, 0x0f, 0x06, \ + 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x08, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, \ + 0x53, 0x4c, 0x31, 0x12, 0x30, 0x10, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, \ + 0x09, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x68, 0x6f, 0x73, 0x74, 0x30, 0x59, \ + 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, 0x01, 0x06, \ + 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03, 0x42, 0x00, \ + 0x04, 0x37, 0xcc, 0x56, 0xd9, 0x76, 0x09, 0x1e, 0x5a, 0x72, 0x3e, 0xc7, \ + 0x59, 0x2d, 0xff, 0x20, 0x6e, 0xee, 0x7c, 0xf9, 0x06, 0x91, 0x74, 0xd0, \ + 0xad, 0x14, 0xb5, 0xf7, 0x68, 0x22, 0x59, 0x62, 0x92, 0x4e, 0xe5, 0x00, \ + 0xd8, 0x23, 0x11, 0xff, 0xea, 0x2f, 0xd2, 0x34, 0x5d, 0x5d, 0x16, 0xbd, \ + 0x8a, 0x88, 0xc2, 0x6b, 0x77, 0x0d, 0x55, 0xcd, 0x8a, 0x2a, 0x0e, 0xfa, \ + 0x01, 0xc8, 0xb4, 0xed, 0xff, 0xa3, 0x81, 0x9d, 0x30, 0x81, 0x9a, 0x30, \ + 0x09, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x04, 0x02, 0x30, 0x00, 0x30, 0x1d, \ + 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0x50, 0x61, 0xa5, \ + 0x8f, 0xd4, 0x07, 0xd9, 0xd7, 0x82, 0x01, 0x0c, 0xe5, 0x65, 0x7f, 0x8c, \ + 0x63, 0x46, 0xa7, 0x13, 0xbe, 0x30, 0x6e, 0x06, 0x03, 0x55, 0x1d, 0x23, \ + 0x04, 0x67, 0x30, 0x65, 0x80, 0x14, 0x9d, 0x6d, 0x20, 0x24, 0x49, 0x01, \ + 0x3f, 0x2b, 0xcb, 0x78, 0xb5, 0x19, 0xbc, 0x7e, 0x24, 0xc9, 0xdb, 0xfb, \ + 0x36, 0x7c, 0xa1, 0x42, 0xa4, 0x40, 0x30, 0x3e, 0x31, 0x0b, 0x30, 0x09, \ + 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, 0x30, \ + 0x0f, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x08, 0x50, 0x6f, 0x6c, 0x61, \ + 0x72, 0x53, 0x53, 0x4c, 0x31, 0x1c, 0x30, 0x1a, 0x06, 0x03, 0x55, 0x04, \ + 0x03, 0x0c, 0x13, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x73, 0x73, 0x6c, 0x20, \ + 0x54, 0x65, 0x73, 0x74, 0x20, 0x45, 0x43, 0x20, 0x43, 0x41, 0x82, 0x09, \ + 0x00, 0xc1, 0x43, 0xe2, 0x7e, 0x62, 0x43, 0xcc, 0xe8, 0x30, 0x0a, 0x06, \ + 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, 0x03, 0x02, 0x03, 0x69, 0x00, \ + 0x30, 0x66, 0x02, 0x31, 0x00, 0xe0, 0xea, 0x9e, 0xcf, 0x3d, 0xfa, 0xf6, \ + 0xfa, 0x7e, 0xe7, 0x1a, 0xfc, 0x9a, 0xde, 0x95, 0x38, 0xba, 0xcb, 0x77, \ + 0x93, 0xb3, 0x9b, 0x93, 0x8f, 0xed, 0x65, 0x7f, 0xae, 0x1c, 0x74, 0x50, \ + 0xa9, 0xa7, 0x1c, 0xb3, 0x25, 0x0b, 0x78, 0x53, 0x73, 0x93, 0x24, 0x6f, \ + 0x58, 0x71, 0x5e, 0x4f, 0x9b, 0x02, 0x31, 0x00, 0xb3, 0x0c, 0x95, 0xfb, \ + 0xf4, 0x88, 0xbb, 0x84, 0x82, 0xd8, 0xcd, 0xaf, 0xe2, 0x5d, 0x62, 0x5e, \ + 0xfc, 0x18, 0xc9, 0x10, 0x4f, 0x0c, 0xb5, 0xe0, 0x91, 0x19, 0x70, 0xcd, \ + 0xd3, 0xa8, 0xc2, 0xf8, 0x12, 0xe0, 0x38, 0x7d, 0x4a, 0x41, 0x5f, 0x40, \ + 0xae, 0xa1, 0x21, 0xdc, 0x08, 0x4e, 0x84, 0x48 \ } /* END FILE */ From 6561f7d8abb470fd67b94b0930f5d921caf7bd6c Mon Sep 17 00:00:00 2001 From: Pengyu Lv Date: Fri, 2 Jun 2023 12:52:21 +0800 Subject: [PATCH 270/328] server5-der*.crt: Simplify the size calculation Signed-off-by: Pengyu Lv --- tests/data_files/Makefile | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/tests/data_files/Makefile b/tests/data_files/Makefile index 7b5150ec3e..17d719de6b 100644 --- a/tests/data_files/Makefile +++ b/tests/data_files/Makefile @@ -448,22 +448,22 @@ server5-der0.crt: server5.crt.der cp $< $@ server5-der1a.crt: server5.crt.der cp $< $@ - echo '00' | xxd -r -p | dd of=$@ bs=1 seek=$(shell du -b $< | cut -f1) conv=notrunc + echo '00' | xxd -r -p | dd of=$@ bs=1 seek=$$(wc -c <$<) conv=notrunc server5-der1b.crt: server5.crt.der cp $< $@ - echo 'c1' | xxd -r -p | dd of=$@ bs=1 seek=$(shell du -b $< | cut -f1) conv=notrunc + echo 'c1' | xxd -r -p | dd of=$@ bs=1 seek=$$(wc -c <$<) conv=notrunc server5-der2.crt: server5.crt.der cp $< $@ - echo 'b90a' | xxd -r -p | dd of=$@ bs=1 seek=$(shell du -b $< | cut -f1) conv=notrunc + echo 'b90a' | xxd -r -p | dd of=$@ bs=1 seek=$$(wc -c <$<) conv=notrunc server5-der4.crt: server5.crt.der cp $< $@ - echo 'a710945f' | xxd -r -p | dd of=$@ bs=1 seek=$(shell du -b $< | cut -f1) conv=notrunc + echo 'a710945f' | xxd -r -p | dd of=$@ bs=1 seek=$$(wc -c <$<) conv=notrunc server5-der8.crt: server5.crt.der cp $< $@ - echo 'a4a7ff27267aaa0f' | xxd -r -p | dd of=$@ bs=1 seek=$(shell du -b $< | cut -f1) conv=notrunc + echo 'a4a7ff27267aaa0f' | xxd -r -p | dd of=$@ bs=1 seek=$$(wc -c <$<) conv=notrunc server5-der9.crt: server5.crt.der cp $< $@ - echo 'cff8303376ffa47a29' | xxd -r -p | dd of=$@ bs=1 seek=$(shell du -b $< | cut -f1) conv=notrunc + echo 'cff8303376ffa47a29' | xxd -r -p | dd of=$@ bs=1 seek=$$(wc -c <$<) conv=notrunc all_final += server5-der0.crt server5-der1b.crt server5-der4.crt \ server5-der9.crt server5-der1a.crt server5-der2.crt \ server5-der8.crt From c7995a8185ee75d5c2bc9082eb845bef28a7b2f5 Mon Sep 17 00:00:00 2001 From: Pengyu Lv Date: Fri, 2 Jun 2023 13:23:39 +0800 Subject: [PATCH 271/328] Fix long line format Signed-off-by: Pengyu Lv --- tests/data_files/Makefile | 33 ++++++++++++++++++++++++++------- 1 file changed, 26 insertions(+), 7 deletions(-) diff --git a/tests/data_files/Makefile b/tests/data_files/Makefile index 17d719de6b..ec4d00bd9f 100644 --- a/tests/data_files/Makefile +++ b/tests/data_files/Makefile @@ -174,7 +174,9 @@ test-ca2.crt: $(test_ca_key_file_ec) test-ca2.req.sha256 all_final += test-ca2.crt test-ca2-future.crt: $(test_ca_key_file_ec) test-ca2.req.sha256 - $(MBEDTLS_CERT_WRITE) is_ca=1 serial=13926223505202072808 request_file=test-ca2.req.sha256 selfsign=1 issuer_name="C=NL,O=PolarSSL,CN=Polarssl Test EC CA" issuer_key=$(test_ca_key_file_ec) not_before=20290210144400 not_after=20390210144400 md=SHA256 version=3 output_file=$@ + $(MBEDTLS_CERT_WRITE) is_ca=1 serial=13926223505202072808 request_file=test-ca2.req.sha256 selfsign=1 \ + issuer_name="C=NL,O=PolarSSL,CN=Polarssl Test EC CA" issuer_key=$(test_ca_key_file_ec) \ + not_before=20290210144400 not_after=20390210144400 md=SHA256 version=3 output_file=$@ all_intermediate += test-ca2-future.crt test_ca_ec_cat := # files that concatenate different crt @@ -262,7 +264,9 @@ test-int-ca3.csr: test-int-ca3.key $(test_ca_config_file) all_intermediate += test-int-ca.csr test-int-ca2.csr test-int-ca3.csr test-int-ca.crt: $(test_ca_crt_file_ec) $(test_ca_key_file_ec) $(test_ca_config_file) test-int-ca.csr - $(OPENSSL) x509 -req -extfile $(test_ca_config_file) -extensions v3_ca -CA $(test_ca_crt_file_ec) -CAkey $(test_ca_key_file_ec) -set_serial 14 -days 3653 -sha256 -in test-int-ca.csr -out $@ + $(OPENSSL) x509 -req -extfile $(test_ca_config_file) -extensions v3_ca \ + -CA $(test_ca_crt_file_ec) -CAkey $(test_ca_key_file_ec) \ + -set_serial 14 -days 3653 -sha256 -in test-int-ca.csr -out $@ test-int-ca2.crt: $(test_ca_key_file_rsa) $(test_ca_crt) $(test_ca_config_file) test-int-ca2.csr $(OPENSSL) x509 -req -extfile $(test_ca_config_file) -extensions v3_ca -CA $(test_ca_crt) \ @@ -327,7 +331,9 @@ server7.csr: server7.key all_intermediate += server7.csr server7.crt: server7.csr $(test_ca_int_rsa1) - $(OPENSSL) x509 -req -extfile $(cli_crt_extensions_file) -extensions cli-rsa -CA $(test_ca_int_rsa1) -CAkey test-int-ca.key -set_serial 16 -days 3653 -sha256 -in server7.csr > $@ + $(OPENSSL) x509 -req -extfile $(cli_crt_extensions_file) -extensions cli-rsa \ + -CA $(test_ca_int_rsa1) -CAkey test-int-ca.key \ + -set_serial 16 -days 3653 -sha256 -in server7.csr > $@ all_final += server7.crt server7-expired.crt: server7.csr $(test_ca_int_rsa1) @@ -375,7 +381,10 @@ server7_all: server7.crt server7-badsign.crt server7-expired.crt server7-future. # server8* server8.crt: server8.key - $(MBEDTLS_CERT_WRITE) subject_key=$< subject_name="C=NL, O=PolarSSL, CN=localhost" serial=17 issuer_crt=$(test_ca_int_ec) issuer_key=$(test_ca_int_key_file_ec) not_before=20190210144406 not_after=20290210144406 md=SHA256 version=3 output_file=$@ + $(MBEDTLS_CERT_WRITE) subject_key=$< subject_name="C=NL, O=PolarSSL, CN=localhost" serial=17 \ + issuer_crt=$(test_ca_int_ec) issuer_key=$(test_ca_int_key_file_ec) \ + not_before=20190210144406 not_after=20290210144406 \ + md=SHA256 version=3 output_file=$@ all_final += server8.crt server8_int-ca2.crt: server8.crt $(test_ca_int_ec) @@ -491,7 +500,11 @@ all_final += test-int-ca3-badsign.crt # server10* server10.crt: server10.key test-int-ca3.crt test-int-ca3.key - $(MBEDTLS_CERT_WRITE) subject_key=$< subject_name="CN=localhost" serial=75 issuer_crt=test-int-ca3.crt issuer_key=test-int-ca3.key subject_identifier=0 authority_identifier=0 not_before=20190210144406 not_after=20290210144406 md=SHA256 version=3 output_file=$@ + $(MBEDTLS_CERT_WRITE) subject_key=$< subject_name="CN=localhost" serial=75 \ + issuer_crt=test-int-ca3.crt issuer_key=test-int-ca3.key \ + subject_identifier=0 authority_identifier=0 \ + not_before=20190210144406 not_after=20290210144406 \ + md=SHA256 version=3 output_file=$@ all_final += server10.crt server10-badsign.crt: server10.crt { head -n-2 $<; tail -n-2 $< | sed -e '1s/0\(=*\)$$/_\1/' -e '1s/[^_=]\(=*\)$$/0\1/' -e '1s/_/1/'; } > $@ @@ -1503,13 +1516,19 @@ all_final += server2-sha256.crt # server3* server3.crt: server3.key - $(MBEDTLS_CERT_WRITE) subject_key=$< subject_name="C=NL,O=PolarSSL,CN=localhost" serial=13 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20190210144406 not_after=20290210144406 md=SHA1 version=3 output_file=$@ + $(MBEDTLS_CERT_WRITE) subject_key=$< subject_name="C=NL,O=PolarSSL,CN=localhost" serial=13 \ + issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) \ + not_before=20190210144406 not_after=20290210144406 \ + md=SHA1 version=3 output_file=$@ all_final += server3.crt # server4* server4.crt: server4.key - $(MBEDTLS_CERT_WRITE) subject_key=$< subject_name="C=NL,O=PolarSSL,CN=localhost" serial=8 issuer_crt=$(test_ca_crt_file_ec) issuer_key=$(test_ca_key_file_ec) not_before=20190210144400 not_after=20290210144400 md=SHA256 version=3 output_file=$@ + $(MBEDTLS_CERT_WRITE) subject_key=$< subject_name="C=NL,O=PolarSSL,CN=localhost" serial=8 \ + issuer_crt=$(test_ca_crt_file_ec) issuer_key=$(test_ca_key_file_ec) \ + not_before=20190210144400 not_after=20290210144400 \ + md=SHA256 version=3 output_file=$@ all_final += server4.crt # MD5 test certificate From 9770704cf2ad4677ef862c995045ff922b313e9e Mon Sep 17 00:00:00 2001 From: Pengyu Lv Date: Fri, 2 Jun 2023 13:27:21 +0800 Subject: [PATCH 272/328] Remove redundant PHONY targets Signed-off-by: Pengyu Lv --- tests/data_files/Makefile | 6 ------ 1 file changed, 6 deletions(-) diff --git a/tests/data_files/Makefile b/tests/data_files/Makefile index ec4d00bd9f..06365aba83 100644 --- a/tests/data_files/Makefile +++ b/tests/data_files/Makefile @@ -376,8 +376,6 @@ server7_spurious_int-ca.crt: server7.crt $(test_ca_int_ec) $(test_ca_int_rsa1) cat server7.crt $(test_ca_int_ec) $(test_ca_int_rsa1) > $@ all_final += server7_spurious_int-ca.crt -server7_all: server7.crt server7-badsign.crt server7-expired.crt server7-future.crt server7_int-ca-exp.crt server7_int-ca.crt server7_int-ca_ca2.crt server7_all_space.crt server7_pem_space.crt server7_trailing_space.crt server7_spurious_int-ca.crt - # server8* server8.crt: server8.key @@ -391,8 +389,6 @@ server8_int-ca2.crt: server8.crt $(test_ca_int_ec) cat $^ > $@ all_final += server8_int-ca2.crt -server8_all: server8.crt server8_int-ca2.crt - cli2.req.sha256: cli2.key $(MBEDTLS_CERT_REQ) output_file=$@ filename=$< subject_name="C=NL,O=PolarSSL,CN=PolarSSL Test Client 2" md=SHA256 @@ -1791,8 +1787,6 @@ all: $(all_intermediate) $(all_final) .PHONY: keys_rsa_enc_pkcs8_v1_2048 keys_rsa_enc_pkcs8_v2_2048 .PHONY: keys_rsa_enc_pkcs8_v1_4096 keys_rsa_enc_pkcs8_v2_4096 .PHONY: server1_all -.PHONY: server7_all -.PHONY: server8_all # These files should not be committed to the repository. list_intermediate: From b8b9cd4a797f10d4b8c07e9ead913f072769fc39 Mon Sep 17 00:00:00 2001 From: Pengyu Lv Date: Tue, 6 Jun 2023 10:38:35 +0800 Subject: [PATCH 273/328] Mark all_intermediate as .SECONDARY Signed-off-by: Pengyu Lv --- tests/data_files/Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/data_files/Makefile b/tests/data_files/Makefile index 06365aba83..453db6f186 100644 --- a/tests/data_files/Makefile +++ b/tests/data_files/Makefile @@ -1806,4 +1806,4 @@ neat: clean rm -f $(all_final) .PHONY: clean neat -.INTERMEDIATE: $(all_intermediate) +.SECONDARY: $(all_intermediate) From abf35d4ca35d145894d4cd260b555232ed0f72dd Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Tue, 6 Jun 2023 14:35:02 +0800 Subject: [PATCH 274/328] Restore rsa_single_san_uri.crt.der The file is moved by #7617 and used by #7575. That causes conflict. Signed-off-by: Jerry Yu --- tests/data_files/rsa_single_san_uri.crt.der | Bin 0 -> 898 bytes 1 file changed, 0 insertions(+), 0 deletions(-) create mode 100644 tests/data_files/rsa_single_san_uri.crt.der diff --git a/tests/data_files/rsa_single_san_uri.crt.der b/tests/data_files/rsa_single_san_uri.crt.der new file mode 100644 index 0000000000000000000000000000000000000000..22308c6f45d82f7ed64c5a4224ae63a56aada704 GIT binary patch literal 898 zcmXqLVy-i2VoF=U%*4pVB$8kH`em-_o{pxZ#Sb!;n_Isr?Vn@7%f_kI=F#?@mywa1 zmBGN;klTQhjX9KsO_(Xv+fdMeAH?C};qXmLO;HH(2{x285C;h{^9aC%6hebM6@nf8 z4CKUljf@S93{4CTj4cdIqr`blfLsGhD3>zBn;4al9m~kdz}&>h&tTBR$i>ve$jGp~ z*>7`Mq+*hS*WDKY7tn-np}0 z=M+y{+4{p^^_p9ky}LF<%wH6e%OuhMd2z`;iv~5Ho9<`du?3lZo~``+p|RWUc3q%a~4n7KfT9s+n#gF zsu~S``Wg51^w_L9xBGPMU)!YK^mTvE>vxBTUS9ZNvc&_@59y}M(qBb}uQ+JBut>ye zmfqQiQ*UP+>9%_RPRNWeEJ>4Te&4zt=kP+KYq^h}?5f$f_hIyr|K5^sZz)ZTZf9G) zMwj)D^!pH%s@+PPe!a{5bRyy>&#B4fN~>8;pGZvjC1l1Ll`iYaUb<_uKZ|OF=5xjE zJiTl8t0#q670oGP`QfO(WQB#crbywkza@`9yG`5irkL><%Z>Z9Rz_FK{+D&)PW$h3 y(?|G|?z+{PoXQG!rIe%|?)N+CcBw)wQ2O_WlcD1G_^n>@iS3v+zac)Orvv~P1yK?J literal 0 HcmV?d00001 From 1ef26e285e06597c96486b540c5ac1422a982cbb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Fri, 27 Jan 2023 11:47:05 +0100 Subject: [PATCH 275/328] Add convenience inline function to md.h MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Manuel Pégourié-Gonnard --- include/mbedtls/md.h | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/include/mbedtls/md.h b/include/mbedtls/md.h index 7bad24dc9b..79e25ea1b4 100644 --- a/include/mbedtls/md.h +++ b/include/mbedtls/md.h @@ -310,6 +310,20 @@ int mbedtls_md_clone(mbedtls_md_context_t *dst, */ unsigned char mbedtls_md_get_size(const mbedtls_md_info_t *md_info); +/** + * \brief This function gives the message-digest size associated to + * message-digest type. + * + * \param md_type The message-digest type. + * + * \return The size of the message-digest output in Bytes, + * or 0 if the message-digest type is not known. + */ +static inline unsigned char mbedtls_md_get_size_from_type(mbedtls_md_type_t md_type) +{ + return mbedtls_md_get_size(mbedtls_md_info_from_type(md_type)); +} + /** * \brief This function extracts the message-digest type from the * message-digest information structure. From 9b41eb8533474d264be33368ba625034111e2fd7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 28 Mar 2023 11:14:24 +0200 Subject: [PATCH 276/328] Replace hash_info_get_type with MD function MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Mostly a search and replace with just two manual changes: 1. Now PK and TLS need MD light, so auto-enable it. 2. Remove the old function in hash_info.[ch] Signed-off-by: Manuel Pégourié-Gonnard --- include/mbedtls/build_info.h | 4 +++- library/ecjpake.c | 4 ++-- library/hash_info.c | 12 ------------ library/hash_info.h | 10 ---------- library/pk.c | 2 +- library/pkcs12.c | 2 +- library/psa_crypto_rsa.c | 2 +- library/rsa.c | 14 +++++++------- library/ssl_tls12_client.c | 2 +- tests/src/test_helpers/ssl_helpers.c | 2 +- tests/suites/test_suite_pk.function | 2 +- tests/suites/test_suite_x509write.function | 2 +- 12 files changed, 19 insertions(+), 39 deletions(-) diff --git a/include/mbedtls/build_info.h b/include/mbedtls/build_info.h index 0917bf72a0..59d18b0347 100644 --- a/include/mbedtls/build_info.h +++ b/include/mbedtls/build_info.h @@ -112,8 +112,10 @@ #if defined(MBEDTLS_ECJPAKE_C) || \ defined(MBEDTLS_PEM_PARSE_C) || \ defined(MBEDTLS_ENTROPY_C) || \ + defined(MBEDTLS_PK_C) || \ defined(MBEDTLS_PKCS12_C) || \ - defined(MBEDTLS_RSA_C) + defined(MBEDTLS_RSA_C) || \ + defined(MBEDTLS_SSL_TLS_C) #define MBEDTLS_MD_LIGHT #endif diff --git a/library/ecjpake.c b/library/ecjpake.c index 7d452bcd50..6f448b0301 100644 --- a/library/ecjpake.c +++ b/library/ecjpake.c @@ -244,7 +244,7 @@ static int ecjpake_hash(const mbedtls_md_type_t md_type, /* Turn it into an integer mod n */ MBEDTLS_MPI_CHK(mbedtls_mpi_read_binary(h, hash, - mbedtls_hash_info_get_size(md_type))); + mbedtls_md_get_size_from_type(md_type))); MBEDTLS_MPI_CHK(mbedtls_mpi_mod_mpi(h, h, &grp->N)); cleanup: @@ -780,7 +780,7 @@ int mbedtls_ecjpake_derive_secret(mbedtls_ecjpake_context *ctx, unsigned char kx[MBEDTLS_ECP_MAX_BYTES]; size_t x_bytes; - *olen = mbedtls_hash_info_get_size(ctx->md_type); + *olen = mbedtls_md_get_size_from_type(ctx->md_type); if (len < *olen) { return MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL; } diff --git a/library/hash_info.c b/library/hash_info.c index 37e44c6bd2..783fb2642e 100644 --- a/library/hash_info.c +++ b/library/hash_info.c @@ -55,18 +55,6 @@ static const hash_entry hash_table[] = { { PSA_ALG_NONE, MBEDTLS_MD_NONE, 0, 0 }, }; -/* Get size from MD type */ -unsigned char mbedtls_hash_info_get_size(mbedtls_md_type_t md_type) -{ - const hash_entry *entry = hash_table; - while (entry->md_type != MBEDTLS_MD_NONE && - entry->md_type != md_type) { - entry++; - } - - return entry->size; -} - /* Get block size from MD type */ unsigned char mbedtls_hash_info_get_block_size(mbedtls_md_type_t md_type) { diff --git a/library/hash_info.h b/library/hash_info.h index f984c82427..fb041fa914 100644 --- a/library/hash_info.h +++ b/library/hash_info.h @@ -50,16 +50,6 @@ #define MBEDTLS_HASH_MAX_SIZE PSA_HASH_MAX_SIZE #endif -/** Get the output length of the given hash type from its MD type. - * - * \note To get the output length from the PSA alg, use \c PSA_HASH_LENGTH(). - * - * \param md_type The hash MD type. - * - * \return The output length in bytes, or 0 if not known. - */ -unsigned char mbedtls_hash_info_get_size(mbedtls_md_type_t md_type); - /** Get the block size of the given hash type from its MD type. * * \note To get the output length from the PSA alg, use diff --git a/library/pk.c b/library/pk.c index d30205cf78..d731d5b2d4 100644 --- a/library/pk.c +++ b/library/pk.c @@ -418,7 +418,7 @@ static inline int pk_hashlen_helper(mbedtls_md_type_t md_alg, size_t *hash_len) return 0; } - *hash_len = mbedtls_hash_info_get_size(md_alg); + *hash_len = mbedtls_md_get_size_from_type(md_alg); if (*hash_len == 0) { return -1; diff --git a/library/pkcs12.c b/library/pkcs12.c index 515d9e1370..2f76618d7d 100644 --- a/library/pkcs12.c +++ b/library/pkcs12.c @@ -314,7 +314,7 @@ int mbedtls_pkcs12_derivation(unsigned char *data, size_t datalen, use_password = (pwd && pwdlen != 0); use_salt = (salt && saltlen != 0); - hlen = mbedtls_hash_info_get_size(md_type); + hlen = mbedtls_md_get_size_from_type(md_type); if (hlen <= 32) { v = 64; diff --git a/library/psa_crypto_rsa.c b/library/psa_crypto_rsa.c index 3ff589dc88..02cade2deb 100644 --- a/library/psa_crypto_rsa.c +++ b/library/psa_crypto_rsa.c @@ -332,7 +332,7 @@ static psa_status_t psa_rsa_decode_md_type(psa_algorithm_t alg, if (*md_alg == MBEDTLS_MD_NONE) { return PSA_ERROR_NOT_SUPPORTED; } - if (mbedtls_hash_info_get_size(*md_alg) != hash_length) { + if (mbedtls_md_get_size_from_type(*md_alg) != hash_length) { return PSA_ERROR_INVALID_ARGUMENT; } } diff --git a/library/rsa.c b/library/rsa.c index 87b3311899..f7e7943269 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -1229,7 +1229,7 @@ int mbedtls_rsa_rsaes_oaep_encrypt(mbedtls_rsa_context *ctx, return MBEDTLS_ERR_RSA_BAD_INPUT_DATA; } - hlen = mbedtls_hash_info_get_size((mbedtls_md_type_t) ctx->hash_id); + hlen = mbedtls_md_get_size_from_type((mbedtls_md_type_t) ctx->hash_id); if (hlen == 0) { return MBEDTLS_ERR_RSA_BAD_INPUT_DATA; } @@ -1396,7 +1396,7 @@ int mbedtls_rsa_rsaes_oaep_decrypt(mbedtls_rsa_context *ctx, return MBEDTLS_ERR_RSA_BAD_INPUT_DATA; } - hlen = mbedtls_hash_info_get_size((mbedtls_md_type_t) ctx->hash_id); + hlen = mbedtls_md_get_size_from_type((mbedtls_md_type_t) ctx->hash_id); if (hlen == 0) { return MBEDTLS_ERR_RSA_BAD_INPUT_DATA; } @@ -1596,7 +1596,7 @@ static int rsa_rsassa_pss_sign(mbedtls_rsa_context *ctx, if (md_alg != MBEDTLS_MD_NONE) { /* Gather length of hash to sign */ - size_t exp_hashlen = mbedtls_hash_info_get_size(md_alg); + size_t exp_hashlen = mbedtls_md_get_size_from_type(md_alg); if (exp_hashlen == 0) { return MBEDTLS_ERR_RSA_BAD_INPUT_DATA; } @@ -1606,7 +1606,7 @@ static int rsa_rsassa_pss_sign(mbedtls_rsa_context *ctx, } } - hlen = mbedtls_hash_info_get_size((mbedtls_md_type_t) ctx->hash_id); + hlen = mbedtls_md_get_size_from_type((mbedtls_md_type_t) ctx->hash_id); if (hlen == 0) { return MBEDTLS_ERR_RSA_BAD_INPUT_DATA; } @@ -1744,7 +1744,7 @@ static int rsa_rsassa_pkcs1_v15_encode(mbedtls_md_type_t md_alg, /* Are we signing hashed or raw data? */ if (md_alg != MBEDTLS_MD_NONE) { - unsigned char md_size = mbedtls_hash_info_get_size(md_alg); + unsigned char md_size = mbedtls_md_get_size_from_type(md_alg); if (md_size == 0) { return MBEDTLS_ERR_RSA_BAD_INPUT_DATA; } @@ -1995,7 +1995,7 @@ int mbedtls_rsa_rsassa_pss_verify_ext(mbedtls_rsa_context *ctx, if (md_alg != MBEDTLS_MD_NONE) { /* Gather length of hash to sign */ - size_t exp_hashlen = mbedtls_hash_info_get_size(md_alg); + size_t exp_hashlen = mbedtls_md_get_size_from_type(md_alg); if (exp_hashlen == 0) { return MBEDTLS_ERR_RSA_BAD_INPUT_DATA; } @@ -2005,7 +2005,7 @@ int mbedtls_rsa_rsassa_pss_verify_ext(mbedtls_rsa_context *ctx, } } - hlen = mbedtls_hash_info_get_size(mgf1_hash_id); + hlen = mbedtls_md_get_size_from_type(mgf1_hash_id); if (hlen == 0) { return MBEDTLS_ERR_RSA_BAD_INPUT_DATA; } diff --git a/library/ssl_tls12_client.c b/library/ssl_tls12_client.c index 691fa62dbd..b875fac53b 100644 --- a/library/ssl_tls12_client.c +++ b/library/ssl_tls12_client.c @@ -2408,7 +2408,7 @@ start_processing: mbedtls_pk_rsassa_pss_options rsassa_pss_options; rsassa_pss_options.mgf1_hash_id = md_alg; rsassa_pss_options.expected_salt_len = - mbedtls_hash_info_get_size(md_alg); + mbedtls_md_get_size_from_type(md_alg); if (rsassa_pss_options.expected_salt_len == 0) { return MBEDTLS_ERR_SSL_INTERNAL_ERROR; } diff --git a/tests/src/test_helpers/ssl_helpers.c b/tests/src/test_helpers/ssl_helpers.c index fbf9ea5c89..efa7efe728 100644 --- a/tests/src/test_helpers/ssl_helpers.c +++ b/tests/src/test_helpers/ssl_helpers.c @@ -1200,7 +1200,7 @@ int mbedtls_test_ssl_build_transforms(mbedtls_ssl_transform *t_in, mbedtls_md_info_t const *md_info = mbedtls_md_info_from_type(hash_id); CHK(md_info != NULL); #endif - maclen = mbedtls_hash_info_get_size(hash_id); + maclen = mbedtls_md_get_size_from_type(hash_id); CHK(maclen != 0); /* Pick hash keys */ CHK((md0 = mbedtls_calloc(1, maclen)) != NULL); diff --git a/tests/suites/test_suite_pk.function b/tests/suites/test_suite_pk.function index 65b0c0303f..65aa593a87 100644 --- a/tests/suites/test_suite_pk.function +++ b/tests/suites/test_suite_pk.function @@ -1448,7 +1448,7 @@ void pk_psa_sign_ext(int pk_type, int parameter, int key_pk_type, int md_alg) size_t sig_len; unsigned char sig[MBEDTLS_PK_SIGNATURE_MAX_SIZE]; unsigned char hash[PSA_HASH_MAX_SIZE]; - size_t hash_len = mbedtls_hash_info_get_size(md_alg); + size_t hash_len = mbedtls_md_get_size_from_type(md_alg); void const *options = NULL; mbedtls_pk_rsassa_pss_options rsassa_pss_options; memset(hash, 0x2a, sizeof(hash)); diff --git a/tests/suites/test_suite_x509write.function b/tests/suites/test_suite_x509write.function index d93c1716db..22525d2d63 100644 --- a/tests/suites/test_suite_x509write.function +++ b/tests/suites/test_suite_x509write.function @@ -59,7 +59,7 @@ static int x509_crt_verifycsr(const unsigned char *buf, size_t buflen) } if (mbedtls_pk_verify_ext(csr.sig_pk, csr.sig_opts, &csr.pk, - csr.sig_md, hash, mbedtls_hash_info_get_size(csr.sig_md), + csr.sig_md, hash, mbedtls_md_get_size_from_type(csr.sig_md), csr.sig.p, csr.sig.len) != 0) { ret = MBEDTLS_ERR_X509_CERT_VERIFY_FAILED; goto cleanup; From 8857984b2f87f4caab853c4bcf04934f97f19c9f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 28 Mar 2023 11:20:23 +0200 Subject: [PATCH 277/328] Replace hash_info macro with MD macro MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Now the MD macro also accounts for PSA-only hashes. Just a search-and-replace, plus manually removing the definition in hash_info.h. Signed-off-by: Manuel Pégourié-Gonnard --- library/ecjpake.c | 2 +- library/hash_info.h | 14 -------------- library/pkcs12.c | 2 +- library/rsa.c | 6 +++--- library/ssl_tls12_client.c | 2 +- library/ssl_tls12_server.c | 2 +- library/x509_crt.c | 4 ++-- library/x509write_crt.c | 2 +- library/x509write_csr.c | 2 +- .../suites/test_suite_constant_time_hmac.function | 2 +- tests/suites/test_suite_ecdsa.function | 4 ++-- tests/suites/test_suite_ssl.function | 4 ++-- 12 files changed, 16 insertions(+), 30 deletions(-) diff --git a/library/ecjpake.c b/library/ecjpake.c index 6f448b0301..c2ab4b86ad 100644 --- a/library/ecjpake.c +++ b/library/ecjpake.c @@ -217,7 +217,7 @@ static int ecjpake_hash(const mbedtls_md_type_t md_type, unsigned char *p = buf; const unsigned char *end = buf + sizeof(buf); const size_t id_len = strlen(id); - unsigned char hash[MBEDTLS_HASH_MAX_SIZE]; + unsigned char hash[MBEDTLS_MD_MAX_SIZE]; /* Write things to temporary buffer */ MBEDTLS_MPI_CHK(ecjpake_write_len_point(&p, end, grp, pf, G)); diff --git a/library/hash_info.h b/library/hash_info.h index fb041fa914..84d3d7143f 100644 --- a/library/hash_info.h +++ b/library/hash_info.h @@ -36,20 +36,6 @@ #include "psa/crypto.h" #include "mbedtls/platform_util.h" -/** \def MBEDTLS_HASH_MAX_SIZE - * - * Maximum size of a hash based on configuration. - */ -#if defined(MBEDTLS_MD_C) && ( \ - !defined(MBEDTLS_PSA_CRYPTO_C) || \ - MBEDTLS_MD_MAX_SIZE >= PSA_HASH_MAX_SIZE) -#define MBEDTLS_HASH_MAX_SIZE MBEDTLS_MD_MAX_SIZE -#elif defined(MBEDTLS_PSA_CRYPTO_C) && ( \ - !defined(MBEDTLS_MD_C) || \ - PSA_HASH_MAX_SIZE >= MBEDTLS_MD_MAX_SIZE) -#define MBEDTLS_HASH_MAX_SIZE PSA_HASH_MAX_SIZE -#endif - /** Get the block size of the given hash type from its MD type. * * \note To get the output length from the PSA alg, use diff --git a/library/pkcs12.c b/library/pkcs12.c index 2f76618d7d..2e6ed7e814 100644 --- a/library/pkcs12.c +++ b/library/pkcs12.c @@ -290,7 +290,7 @@ int mbedtls_pkcs12_derivation(unsigned char *data, size_t datalen, unsigned char diversifier[128]; unsigned char salt_block[128], pwd_block[128], hash_block[128] = { 0 }; - unsigned char hash_output[MBEDTLS_HASH_MAX_SIZE]; + unsigned char hash_output[MBEDTLS_MD_MAX_SIZE]; unsigned char *p; unsigned char c; int use_password = 0; diff --git a/library/rsa.c b/library/rsa.c index f7e7943269..3eb7cc0dcc 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -1076,7 +1076,7 @@ static int mgf_mask(unsigned char *dst, size_t dlen, unsigned char *src, unsigned char *p; unsigned int hlen; size_t i, use_len; - unsigned char mask[MBEDTLS_HASH_MAX_SIZE]; + unsigned char mask[MBEDTLS_MD_MAX_SIZE]; int ret = 0; const mbedtls_md_info_t *md_info; mbedtls_md_context_t md_ctx; @@ -1380,7 +1380,7 @@ int mbedtls_rsa_rsaes_oaep_decrypt(mbedtls_rsa_context *ctx, size_t ilen, i, pad_len; unsigned char *p, bad, pad_done; unsigned char buf[MBEDTLS_MPI_MAX_SIZE]; - unsigned char lhash[MBEDTLS_HASH_MAX_SIZE]; + unsigned char lhash[MBEDTLS_MD_MAX_SIZE]; unsigned int hlen; /* @@ -1966,7 +1966,7 @@ int mbedtls_rsa_rsassa_pss_verify_ext(mbedtls_rsa_context *ctx, size_t siglen; unsigned char *p; unsigned char *hash_start; - unsigned char result[MBEDTLS_HASH_MAX_SIZE]; + unsigned char result[MBEDTLS_MD_MAX_SIZE]; unsigned int hlen; size_t observed_salt_len, msb; unsigned char buf[MBEDTLS_MPI_MAX_SIZE] = { 0 }; diff --git a/library/ssl_tls12_client.c b/library/ssl_tls12_client.c index b875fac53b..df4c00373d 100644 --- a/library/ssl_tls12_client.c +++ b/library/ssl_tls12_client.c @@ -2291,7 +2291,7 @@ start_processing: #if defined(MBEDTLS_KEY_EXCHANGE_WITH_SERVER_SIGNATURE_ENABLED) if (mbedtls_ssl_ciphersuite_uses_server_signature(ciphersuite_info)) { size_t sig_len, hashlen; - unsigned char hash[MBEDTLS_HASH_MAX_SIZE]; + unsigned char hash[MBEDTLS_MD_MAX_SIZE]; mbedtls_md_type_t md_alg = MBEDTLS_MD_NONE; mbedtls_pk_type_t pk_alg = MBEDTLS_PK_NONE; diff --git a/library/ssl_tls12_server.c b/library/ssl_tls12_server.c index 3b8710e413..40e6fc9795 100644 --- a/library/ssl_tls12_server.c +++ b/library/ssl_tls12_server.c @@ -3081,7 +3081,7 @@ curve_matching_done: size_t dig_signed_len = ssl->out_msg + ssl->out_msglen - dig_signed; size_t hashlen = 0; - unsigned char hash[MBEDTLS_HASH_MAX_SIZE]; + unsigned char hash[MBEDTLS_MD_MAX_SIZE]; int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; diff --git a/library/x509_crt.c b/library/x509_crt.c index 9c44ba6a4b..9b49a1b665 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -2024,7 +2024,7 @@ static int x509_crt_verifycrl(mbedtls_x509_crt *crt, mbedtls_x509_crt *ca, const mbedtls_x509_crt_profile *profile) { int flags = 0; - unsigned char hash[MBEDTLS_HASH_MAX_SIZE]; + unsigned char hash[MBEDTLS_MD_MAX_SIZE]; #if defined(MBEDTLS_USE_PSA_CRYPTO) psa_algorithm_t psa_algorithm; #else @@ -2133,7 +2133,7 @@ static int x509_crt_check_signature(const mbedtls_x509_crt *child, mbedtls_x509_crt_restart_ctx *rs_ctx) { size_t hash_len; - unsigned char hash[MBEDTLS_HASH_MAX_SIZE]; + unsigned char hash[MBEDTLS_MD_MAX_SIZE]; #if !defined(MBEDTLS_USE_PSA_CRYPTO) const mbedtls_md_info_t *md_info; md_info = mbedtls_md_info_from_type(child->sig_md); diff --git a/library/x509write_crt.c b/library/x509write_crt.c index 274eb4b7ad..c89670aa45 100644 --- a/library/x509write_crt.c +++ b/library/x509write_crt.c @@ -569,7 +569,7 @@ int mbedtls_x509write_crt_der(mbedtls_x509write_cert *ctx, unsigned char *c, *c2; unsigned char sig[MBEDTLS_PK_SIGNATURE_MAX_SIZE]; size_t hash_length = 0; - unsigned char hash[MBEDTLS_HASH_MAX_SIZE]; + unsigned char hash[MBEDTLS_MD_MAX_SIZE]; #if defined(MBEDTLS_USE_PSA_CRYPTO) psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; psa_algorithm_t psa_algorithm; diff --git a/library/x509write_csr.c b/library/x509write_csr.c index deb66174b2..06f5c933bc 100644 --- a/library/x509write_csr.c +++ b/library/x509write_csr.c @@ -243,7 +243,7 @@ static int x509write_csr_der_internal(mbedtls_x509write_csr *ctx, const char *sig_oid; size_t sig_oid_len = 0; unsigned char *c, *c2; - unsigned char hash[MBEDTLS_HASH_MAX_SIZE]; + unsigned char hash[MBEDTLS_MD_MAX_SIZE]; size_t pub_len = 0, sig_and_oid_len = 0, sig_len; size_t len = 0; mbedtls_pk_type_t pk_alg; diff --git a/tests/suites/test_suite_constant_time_hmac.function b/tests/suites/test_suite_constant_time_hmac.function index 985d482ebe..55886fa7ae 100644 --- a/tests/suites/test_suite_constant_time_hmac.function +++ b/tests/suites/test_suite_constant_time_hmac.function @@ -28,7 +28,7 @@ void ssl_cf_hmac(int hash) size_t min_in_len, in_len, max_in_len, i; /* TLS additional data is 13 bytes (hence the "lucky 13" name) */ unsigned char add_data[13]; - unsigned char ref_out[MBEDTLS_HASH_MAX_SIZE]; + unsigned char ref_out[MBEDTLS_MD_MAX_SIZE]; unsigned char *data = NULL; unsigned char *out = NULL; unsigned char rec_num = 0; diff --git a/tests/suites/test_suite_ecdsa.function b/tests/suites/test_suite_ecdsa.function index 60bb6c2d2b..14fe2f058b 100644 --- a/tests/suites/test_suite_ecdsa.function +++ b/tests/suites/test_suite_ecdsa.function @@ -15,7 +15,7 @@ void ecdsa_prim_zero(int id) mbedtls_ecp_point Q; mbedtls_mpi d, r, s; mbedtls_test_rnd_pseudo_info rnd_info; - unsigned char buf[MBEDTLS_HASH_MAX_SIZE]; + unsigned char buf[MBEDTLS_MD_MAX_SIZE]; mbedtls_ecp_group_init(&grp); mbedtls_ecp_point_init(&Q); @@ -47,7 +47,7 @@ void ecdsa_prim_random(int id) mbedtls_ecp_point Q; mbedtls_mpi d, r, s; mbedtls_test_rnd_pseudo_info rnd_info; - unsigned char buf[MBEDTLS_HASH_MAX_SIZE]; + unsigned char buf[MBEDTLS_MD_MAX_SIZE]; mbedtls_ecp_group_init(&grp); mbedtls_ecp_point_init(&Q); diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index 6f9e544138..fb71b835b0 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -1974,7 +1974,7 @@ void ssl_tls13_create_psk_binder(int hash_alg, data_t *transcript, data_t *binder_expected) { - unsigned char binder[MBEDTLS_HASH_MAX_SIZE]; + unsigned char binder[MBEDTLS_MD_MAX_SIZE]; /* Double-check that we've passed sane parameters. */ psa_algorithm_t alg = (psa_algorithm_t) hash_alg; @@ -2108,7 +2108,7 @@ void ssl_tls13_key_evolution(int hash_alg, data_t *input, data_t *expected) { - unsigned char secret_new[MBEDTLS_HASH_MAX_SIZE]; + unsigned char secret_new[MBEDTLS_MD_MAX_SIZE]; PSA_INIT(); From 1b180bec40472a59e33ff2dd844a948b6398e6af Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 28 Mar 2023 11:25:32 +0200 Subject: [PATCH 278/328] Remove unused function MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Manuel Pégourié-Gonnard --- library/hash_info.c | 12 ------------ library/hash_info.h | 11 ----------- 2 files changed, 23 deletions(-) diff --git a/library/hash_info.c b/library/hash_info.c index 783fb2642e..8daa4d0bc6 100644 --- a/library/hash_info.c +++ b/library/hash_info.c @@ -55,18 +55,6 @@ static const hash_entry hash_table[] = { { PSA_ALG_NONE, MBEDTLS_MD_NONE, 0, 0 }, }; -/* Get block size from MD type */ -unsigned char mbedtls_hash_info_get_block_size(mbedtls_md_type_t md_type) -{ - const hash_entry *entry = hash_table; - while (entry->md_type != MBEDTLS_MD_NONE && - entry->md_type != md_type) { - entry++; - } - - return entry->block_size; -} - /* Get PSA from MD */ psa_algorithm_t mbedtls_hash_info_psa_from_md(mbedtls_md_type_t md_type) { diff --git a/library/hash_info.h b/library/hash_info.h index 84d3d7143f..1dd206e70c 100644 --- a/library/hash_info.h +++ b/library/hash_info.h @@ -36,17 +36,6 @@ #include "psa/crypto.h" #include "mbedtls/platform_util.h" -/** Get the block size of the given hash type from its MD type. - * - * \note To get the output length from the PSA alg, use - * \c PSA_HASH_BLOCK_LENGTH(). - * - * \param md_type The hash MD type. - * - * \return The block size in bytes, or 0 if not known. - */ -unsigned char mbedtls_hash_info_get_block_size(mbedtls_md_type_t md_type); - /** Get the PSA alg from the MD type. * * \param md_type The hash MD type. From 36fb12e7dde2a59432bd76e66d535f15ab2e5a44 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 28 Mar 2023 11:33:23 +0200 Subject: [PATCH 279/328] Add MD <-> PSA translation functions to MD light MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Manuel Pégourié-Gonnard --- library/md.c | 97 +++++++++++++++++++++++++++++++++++++++++++++++- library/md_psa.h | 60 ++++++++++++++++++++++++++++++ 2 files changed, 156 insertions(+), 1 deletion(-) create mode 100644 library/md_psa.h diff --git a/library/md.c b/library/md.c index 306af72b32..14a88ba1b3 100644 --- a/library/md.c +++ b/library/md.c @@ -52,8 +52,12 @@ #include "mbedtls/sha256.h" #include "mbedtls/sha512.h" -#if defined(MBEDTLS_MD_SOME_PSA) +#if defined(MBEDTLS_PSA_CRYPTO_C) #include +#include "md_psa.h" +#endif + +#if defined(MBEDTLS_MD_SOME_PSA) #include "psa_crypto_core.h" #endif @@ -678,6 +682,97 @@ mbedtls_md_type_t mbedtls_md_get_type(const mbedtls_md_info_t *md_info) return md_info->type; } +#if defined(MBEDTLS_PSA_CRYPTO_C) +psa_algorithm_t mbedtls_md_psa_alg_from_type(mbedtls_md_type_t md_type) +{ + switch (md_type) { +#if defined(MBEDTLS_MD_CAN_MD5) + case MBEDTLS_MD_MD5: + return PSA_ALG_MD5; +#endif +#if defined(MBEDTLS_MD_CAN_RIPEMD160) + case MBEDTLS_MD_RIPEMD160: + return PSA_ALG_RIPEMD160; +#endif +#if defined(MBEDTLS_MD_CAN_SHA1) + case MBEDTLS_MD_SHA1: + return PSA_ALG_SHA_1; +#endif +#if defined(MBEDTLS_MD_CAN_SHA224) + case MBEDTLS_MD_SHA224: + return PSA_ALG_SHA_224; +#endif +#if defined(MBEDTLS_MD_CAN_SHA256) + case MBEDTLS_MD_SHA256: + return PSA_ALG_SHA_256; +#endif +#if defined(MBEDTLS_MD_CAN_SHA384) + case MBEDTLS_MD_SHA384: + return PSA_ALG_SHA_384; +#endif +#if defined(MBEDTLS_MD_CAN_SHA512) + case MBEDTLS_MD_SHA512: + return PSA_ALG_SHA_512; +#endif + default: + return PSA_ALG_NONE; + } +} + +mbedtls_md_type_t mbedtls_md_type_from_psa_alg(psa_algorithm_t psa_alg) +{ + switch (psa_alg) { +#if defined(MBEDTLS_MD_CAN_MD5) + case PSA_ALG_MD5: + return MBEDTLS_MD_MD5; +#endif +#if defined(MBEDTLS_MD_CAN_RIPEMD160) + case PSA_ALG_RIPEMD160: + return MBEDTLS_MD_RIPEMD160; +#endif +#if defined(MBEDTLS_MD_CAN_SHA1) + case PSA_ALG_SHA_1: + return MBEDTLS_MD_SHA1; +#endif +#if defined(MBEDTLS_MD_CAN_SHA224) + case PSA_ALG_SHA_224: + return MBEDTLS_MD_SHA224; +#endif +#if defined(MBEDTLS_MD_CAN_SHA256) + case PSA_ALG_SHA_256: + return MBEDTLS_MD_SHA256; +#endif +#if defined(MBEDTLS_MD_CAN_SHA384) + case PSA_ALG_SHA_384: + return MBEDTLS_MD_SHA384; +#endif +#if defined(MBEDTLS_MD_CAN_SHA512) + case PSA_ALG_SHA_512: + return MBEDTLS_MD_SHA512; +#endif + default: + return MBEDTLS_MD_NONE; + } +} + +int mbedtls_md_error_from_psa(psa_status_t status) +{ + switch (status) { + case PSA_SUCCESS: + return 0; + case PSA_ERROR_NOT_SUPPORTED: + return MBEDTLS_ERR_MD_FEATURE_UNAVAILABLE; + case PSA_ERROR_INVALID_ARGUMENT: + return MBEDTLS_ERR_MD_BAD_INPUT_DATA; + case PSA_ERROR_INSUFFICIENT_MEMORY: + return MBEDTLS_ERR_MD_ALLOC_FAILED; + default: + return MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED; + } +} +#endif /* MBEDTLS_PSA_CRYPTO_C */ + + /************************************************************************ * Functions above this separator are part of MBEDTLS_MD_LIGHT, * * functions below are only available when MBEDTLS_MD_C is set. * diff --git a/library/md_psa.h b/library/md_psa.h new file mode 100644 index 0000000000..6645c832e6 --- /dev/null +++ b/library/md_psa.h @@ -0,0 +1,60 @@ +/** + * Translation between MD and PSA identifiers (algorithms, errors). + * + * Note: this internal module will go away when everything becomes based on + * PSA Crypto; it is a helper for the transition period. + * + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +#ifndef MBEDTLS_MD_PSA_H +#define MBEDTLS_MD_PSA_H + +#include "common.h" + +#include "mbedtls/md.h" +#include "psa/crypto.h" + +/** + * \brief This function returns the PSA algorithm identifier + * associated with the given digest type. + * + * \param md_type The type of digest to search for. + * + * \return The PSA algorithm identifier associated with \p md_type. + * \return PSA_ALG_NONE if the algorithm is not supported. + */ +psa_algorithm_t mbedtls_md_psa_alg_from_type(mbedtls_md_type_t md_type); + +/** + * \brief This function returns the given digest type + * associated with the PSA algorithm identifier. + * + * \param psa_alg The PSA algorithm identifier to search for. + * + * \return The MD type associated with \p psa_alg. + * \return MBEDTLS_MD_NONE if the algorithm is not supported. + */ +mbedtls_md_type_t mbedtls_md_type_from_psa_alg(psa_algorithm_t psa_alg); + +/** Convert PSA status to MD error code. + * + * \param status PSA status. + * + * \return The corresponding MD error code, + */ +int mbedtls_md_error_from_psa(psa_status_t status); + +#endif /* MBEDTLS_MD_PSA_H */ From 2d6d993662558b5c0874c1c2ce8564defcb60bdb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 28 Mar 2023 11:38:08 +0200 Subject: [PATCH 280/328] Use MD<->PSA functions from MD light MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit As usual, just a search-and-replace plus: 1. Removing things from hash_info.[ch] 2. Adding new auto-enable MD_LIGHT in build-info.h 3. Including md_psa.h where needed Signed-off-by: Manuel Pégourié-Gonnard --- include/mbedtls/build_info.h | 4 +- include/mbedtls/psa_util.h | 2 +- library/hash_info.c | 42 ------------------- library/hash_info.h | 27 ------------ library/pk.c | 5 ++- library/pk_wrap.c | 12 +++--- library/psa_crypto.c | 2 +- library/psa_crypto_ecp.c | 3 +- library/psa_crypto_rsa.c | 5 ++- library/rsa.c | 3 +- library/ssl_ciphersuites.c | 4 +- library/ssl_cookie.c | 2 +- library/ssl_tls.c | 8 ++-- library/ssl_tls13_client.c | 2 +- library/ssl_tls13_generic.c | 4 +- library/ssl_tls13_keys.c | 14 +++---- library/ssl_tls13_server.c | 2 +- library/x509_crt.c | 4 +- library/x509write_crt.c | 2 +- library/x509write_csr.c | 2 +- tests/src/test_helpers/ssl_helpers.c | 4 +- .../test_suite_constant_time_hmac.function | 2 +- tests/suites/test_suite_pk.function | 2 +- tests/suites/test_suite_x509write.function | 6 +-- 24 files changed, 50 insertions(+), 113 deletions(-) diff --git a/include/mbedtls/build_info.h b/include/mbedtls/build_info.h index 59d18b0347..c2c9dc9de4 100644 --- a/include/mbedtls/build_info.h +++ b/include/mbedtls/build_info.h @@ -115,7 +115,9 @@ defined(MBEDTLS_PK_C) || \ defined(MBEDTLS_PKCS12_C) || \ defined(MBEDTLS_RSA_C) || \ - defined(MBEDTLS_SSL_TLS_C) + defined(MBEDTLS_SSL_TLS_C) || \ + defined(MBEDTLS_X509_USE_C) || \ + defined(MBEDTLS_X509_CREATE_C) #define MBEDTLS_MD_LIGHT #endif diff --git a/include/mbedtls/psa_util.h b/include/mbedtls/psa_util.h index 64c24358ef..5fdecc6021 100644 --- a/include/mbedtls/psa_util.h +++ b/include/mbedtls/psa_util.h @@ -123,7 +123,7 @@ static inline psa_key_usage_t mbedtls_psa_translate_cipher_operation( /* Translations for hashing. */ /* Note: this function should not be used from inside the library, use - * mbedtls_hash_info_psa_from_md() from the internal hash_info.h instead. + * mbedtls_md_psa_alg_from_type() from the internal hash_info.h instead. * It is kept only for compatibility in case applications were using it. */ static inline psa_algorithm_t mbedtls_psa_translate_md(mbedtls_md_type_t md_alg) { diff --git a/library/hash_info.c b/library/hash_info.c index 8daa4d0bc6..3a26251691 100644 --- a/library/hash_info.c +++ b/library/hash_info.c @@ -54,45 +54,3 @@ static const hash_entry hash_table[] = { #endif { PSA_ALG_NONE, MBEDTLS_MD_NONE, 0, 0 }, }; - -/* Get PSA from MD */ -psa_algorithm_t mbedtls_hash_info_psa_from_md(mbedtls_md_type_t md_type) -{ - const hash_entry *entry = hash_table; - while (entry->md_type != MBEDTLS_MD_NONE && - entry->md_type != md_type) { - entry++; - } - - return entry->psa_alg; -} - -/* Get MD from PSA */ -mbedtls_md_type_t mbedtls_hash_info_md_from_psa(psa_algorithm_t psa_alg) -{ - const hash_entry *entry = hash_table; - while (entry->md_type != MBEDTLS_MD_NONE && - entry->psa_alg != psa_alg) { - entry++; - } - - return entry->md_type; -} - -#if !defined(MBEDTLS_DEPRECATED_REMOVED) -int mbedtls_md_error_from_psa(psa_status_t status) -{ - switch (status) { - case PSA_SUCCESS: - return 0; - case PSA_ERROR_NOT_SUPPORTED: - return MBEDTLS_ERR_MD_FEATURE_UNAVAILABLE; - case PSA_ERROR_INVALID_ARGUMENT: - return MBEDTLS_ERR_MD_BAD_INPUT_DATA; - case PSA_ERROR_INSUFFICIENT_MEMORY: - return MBEDTLS_ERR_MD_ALLOC_FAILED; - default: - return MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED; - } -} -#endif /* !MBEDTLS_DEPRECATED_REMOVED */ diff --git a/library/hash_info.h b/library/hash_info.h index 1dd206e70c..26e60e4f8d 100644 --- a/library/hash_info.h +++ b/library/hash_info.h @@ -36,31 +36,4 @@ #include "psa/crypto.h" #include "mbedtls/platform_util.h" -/** Get the PSA alg from the MD type. - * - * \param md_type The hash MD type. - * - * \return The corresponding PSA algorithm identifier, - * or PSA_ALG_NONE if not known. - */ -psa_algorithm_t mbedtls_hash_info_psa_from_md(mbedtls_md_type_t md_type); - -/** Get the MD type alg from the PSA algorithm identifier. - * - * \param psa_alg The PSA hash algorithm. - * - * \return The corresponding MD type, - * or MBEDTLS_MD_NONE if not known. - */ -mbedtls_md_type_t mbedtls_hash_info_md_from_psa(psa_algorithm_t psa_alg); - -#if !defined(MBEDTLS_DEPRECATED_REMOVED) -/** Convert PSA status to MD error code. - * - * \param status PSA status. - * - * \return The corresponding MD error code, - */ -int MBEDTLS_DEPRECATED mbedtls_md_error_from_psa(psa_status_t status); -#endif /* !MBEDTLS_DEPRECATED_REMOVED */ #endif /* MBEDTLS_HASH_INFO_H */ diff --git a/library/pk.c b/library/pk.c index d731d5b2d4..74a1ffae35 100644 --- a/library/pk.c +++ b/library/pk.c @@ -42,6 +42,7 @@ #if defined(MBEDTLS_PSA_CRYPTO_C) #include "mbedtls/psa_util.h" +#include "md_psa.h" #endif #include @@ -567,7 +568,7 @@ int mbedtls_pk_verify_ext(mbedtls_pk_type_t type, const void *options, psa_status_t status = PSA_ERROR_DATA_CORRUPT; psa_status_t destruction_status = PSA_ERROR_DATA_CORRUPT; - psa_algorithm_t psa_md_alg = mbedtls_hash_info_psa_from_md(md_alg); + psa_algorithm_t psa_md_alg = mbedtls_md_psa_alg_from_type(md_alg); mbedtls_svc_key_id_t key_id = MBEDTLS_SVC_KEY_ID_INIT; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; psa_algorithm_t psa_sig_alg = PSA_ALG_RSA_PSS_ANY_SALT(psa_md_alg); @@ -735,7 +736,7 @@ int mbedtls_pk_sign_ext(mbedtls_pk_type_t pk_type, } #if defined(MBEDTLS_RSA_C) - psa_md_alg = mbedtls_hash_info_psa_from_md(md_alg); + psa_md_alg = mbedtls_md_psa_alg_from_type(md_alg); if (psa_md_alg == 0) { return MBEDTLS_ERR_PK_BAD_INPUT_DATA; } diff --git a/library/pk_wrap.c b/library/pk_wrap.c index 9170231d6f..1bafd1fa03 100644 --- a/library/pk_wrap.c +++ b/library/pk_wrap.c @@ -205,7 +205,7 @@ static int rsa_verify_wrap(mbedtls_pk_context *pk, mbedtls_md_type_t md_alg, int key_len; unsigned char buf[MBEDTLS_PK_RSA_PUB_DER_MAX_BYTES]; psa_algorithm_t psa_alg_md = - PSA_ALG_RSA_PKCS1V15_SIGN(mbedtls_hash_info_psa_from_md(md_alg)); + PSA_ALG_RSA_PKCS1V15_SIGN(mbedtls_md_psa_alg_from_type(md_alg)); size_t rsa_len = mbedtls_rsa_get_len(rsa); if (md_alg == MBEDTLS_MD_NONE && UINT_MAX < hash_len) { @@ -357,7 +357,7 @@ static int rsa_sign_wrap(mbedtls_pk_context *pk, mbedtls_md_type_t md_alg, ((void) p_rng); psa_algorithm_t psa_md_alg; - psa_md_alg = mbedtls_hash_info_psa_from_md(md_alg); + psa_md_alg = mbedtls_md_psa_alg_from_type(md_alg); if (psa_md_alg == 0) { return MBEDTLS_ERR_PK_BAD_INPUT_DATA; } @@ -930,10 +930,10 @@ static int ecdsa_sign_wrap(mbedtls_pk_context *pk, mbedtls_md_type_t md_alg, psa_status_t status; #if defined(MBEDTLS_ECDSA_DETERMINISTIC) psa_algorithm_t psa_sig_md = - PSA_ALG_DETERMINISTIC_ECDSA(mbedtls_hash_info_psa_from_md(md_alg)); + PSA_ALG_DETERMINISTIC_ECDSA(mbedtls_md_psa_alg_from_type(md_alg)); #else psa_algorithm_t psa_sig_md = - PSA_ALG_ECDSA(mbedtls_hash_info_psa_from_md(md_alg)); + PSA_ALG_ECDSA(mbedtls_md_psa_alg_from_type(md_alg)); #endif #if defined(MBEDTLS_PK_USE_PSA_EC_DATA) psa_ecc_family_t curve = pk->ec_family; @@ -1631,12 +1631,12 @@ static int pk_opaque_sign_wrap(mbedtls_pk_context *pk, mbedtls_md_type_t md_alg, #if defined(MBEDTLS_PK_CAN_ECDSA_SIGN) if (PSA_KEY_TYPE_IS_ECC_KEY_PAIR(type)) { - alg = PSA_ALG_ECDSA(mbedtls_hash_info_psa_from_md(md_alg)); + alg = PSA_ALG_ECDSA(mbedtls_md_psa_alg_from_type(md_alg)); } else #endif /* MBEDTLS_PK_CAN_ECDSA_SIGN */ #if defined(MBEDTLS_RSA_C) if (PSA_KEY_TYPE_IS_RSA(type)) { - alg = PSA_ALG_RSA_PKCS1V15_SIGN(mbedtls_hash_info_psa_from_md(md_alg)); + alg = PSA_ALG_RSA_PKCS1V15_SIGN(mbedtls_md_psa_alg_from_type(md_alg)); } else #endif /* MBEDTLS_RSA_C */ return MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE; diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 85451bf649..7fb1063f0b 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -3610,7 +3610,7 @@ psa_status_t mbedtls_psa_sign_hash_start( operation->ctx->grp.nbits); psa_algorithm_t hash_alg = PSA_ALG_SIGN_GET_HASH(alg); - operation->md_alg = mbedtls_hash_info_md_from_psa(hash_alg); + operation->md_alg = mbedtls_md_type_from_psa_alg(hash_alg); operation->alg = alg; /* We only need to store the same length of hash as the private key size diff --git a/library/psa_crypto_ecp.c b/library/psa_crypto_ecp.c index f70d804b0f..bf2cae82b2 100644 --- a/library/psa_crypto_ecp.c +++ b/library/psa_crypto_ecp.c @@ -27,6 +27,7 @@ #include "psa_crypto_ecp.h" #include "psa_crypto_random_impl.h" #include "hash_info.h" +#include "md_psa.h" #include #include @@ -366,7 +367,7 @@ psa_status_t mbedtls_psa_ecdsa_sign_hash( if (PSA_ALG_ECDSA_IS_DETERMINISTIC(alg)) { #if defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA) psa_algorithm_t hash_alg = PSA_ALG_SIGN_GET_HASH(alg); - mbedtls_md_type_t md_alg = mbedtls_hash_info_md_from_psa(hash_alg); + mbedtls_md_type_t md_alg = mbedtls_md_type_from_psa_alg(hash_alg); MBEDTLS_MPI_CHK(mbedtls_ecdsa_sign_det_ext( &ecp->grp, &r, &s, &ecp->d, hash, diff --git a/library/psa_crypto_rsa.c b/library/psa_crypto_rsa.c index 02cade2deb..bb8371a885 100644 --- a/library/psa_crypto_rsa.c +++ b/library/psa_crypto_rsa.c @@ -28,6 +28,7 @@ #include "psa_crypto_random_impl.h" #include "psa_crypto_rsa.h" #include "psa_crypto_hash.h" +#include "md_psa.h" #include #include @@ -318,7 +319,7 @@ static psa_status_t psa_rsa_decode_md_type(psa_algorithm_t alg, mbedtls_md_type_t *md_alg) { psa_algorithm_t hash_alg = PSA_ALG_SIGN_GET_HASH(alg); - *md_alg = mbedtls_hash_info_md_from_psa(hash_alg); + *md_alg = mbedtls_md_type_from_psa_alg(hash_alg); /* The Mbed TLS RSA module uses an unsigned int for hash length * parameters. Validate that it fits so that we don't risk an @@ -527,7 +528,7 @@ static int psa_rsa_oaep_set_padding_mode(psa_algorithm_t alg, mbedtls_rsa_context *rsa) { psa_algorithm_t hash_alg = PSA_ALG_RSA_OAEP_GET_HASH(alg); - mbedtls_md_type_t md_alg = mbedtls_hash_info_md_from_psa(hash_alg); + mbedtls_md_type_t md_alg = mbedtls_md_type_from_psa_alg(hash_alg); return mbedtls_rsa_set_padding(rsa, MBEDTLS_RSA_PKCS_V21, md_alg); } diff --git a/library/rsa.c b/library/rsa.c index 3eb7cc0dcc..aa8cdf6a82 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -47,6 +47,7 @@ #include "constant_time_internal.h" #include "mbedtls/constant_time.h" #include "hash_info.h" +#include "md_psa.h" #include @@ -478,7 +479,7 @@ int mbedtls_rsa_set_padding(mbedtls_rsa_context *ctx, int padding, if ((padding == MBEDTLS_RSA_PKCS_V21) && (hash_id != MBEDTLS_MD_NONE)) { /* Just make sure this hash is supported in this build. */ - if (mbedtls_hash_info_psa_from_md(hash_id) == PSA_ALG_NONE) { + if (mbedtls_md_psa_alg_from_type(hash_id) == PSA_ALG_NONE) { return MBEDTLS_ERR_RSA_INVALID_PADDING; } } diff --git a/library/ssl_ciphersuites.c b/library/ssl_ciphersuites.c index 9cef3fe79a..3d4466a978 100644 --- a/library/ssl_ciphersuites.c +++ b/library/ssl_ciphersuites.c @@ -1966,10 +1966,10 @@ psa_algorithm_t mbedtls_ssl_get_ciphersuite_sig_pk_psa_alg(const mbedtls_ssl_cip case MBEDTLS_KEY_EXCHANGE_DHE_RSA: case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA: return PSA_ALG_RSA_PKCS1V15_SIGN( - mbedtls_hash_info_psa_from_md(info->mac)); + mbedtls_md_psa_alg_from_type(info->mac)); case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA: - return PSA_ALG_ECDSA(mbedtls_hash_info_psa_from_md(info->mac)); + return PSA_ALG_ECDSA(mbedtls_md_psa_alg_from_type(info->mac)); case MBEDTLS_KEY_EXCHANGE_ECDH_RSA: case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA: diff --git a/library/ssl_cookie.c b/library/ssl_cookie.c index 6d54300bc9..b51e91a122 100644 --- a/library/ssl_cookie.c +++ b/library/ssl_cookie.c @@ -114,7 +114,7 @@ int mbedtls_ssl_cookie_setup(mbedtls_ssl_cookie_ctx *ctx, (void) f_rng; (void) p_rng; - alg = mbedtls_hash_info_psa_from_md(COOKIE_MD); + alg = mbedtls_md_psa_alg_from_type(COOKIE_MD); if (alg == 0) { return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; } diff --git a/library/ssl_tls.c b/library/ssl_tls.c index c928ccda81..2a6242099f 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -8292,9 +8292,9 @@ static int ssl_tls12_populate_transform(mbedtls_ssl_transform *transform, #endif /* MBEDTLS_USE_PSA_CRYPTO */ #if defined(MBEDTLS_USE_PSA_CRYPTO) - mac_alg = mbedtls_hash_info_psa_from_md(ciphersuite_info->mac); + mac_alg = mbedtls_md_psa_alg_from_type(ciphersuite_info->mac); if (mac_alg == 0) { - MBEDTLS_SSL_DEBUG_MSG(1, ("mbedtls_hash_info_psa_from_md for %u not found", + MBEDTLS_SSL_DEBUG_MSG(1, ("mbedtls_md_psa_alg_from_type for %u not found", (unsigned) ciphersuite_info->mac)); return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; } @@ -8741,7 +8741,7 @@ int mbedtls_ssl_get_key_exchange_md_tls1_2(mbedtls_ssl_context *ssl, { psa_status_t status; psa_hash_operation_t hash_operation = PSA_HASH_OPERATION_INIT; - psa_algorithm_t hash_alg = mbedtls_hash_info_psa_from_md(md_alg); + psa_algorithm_t hash_alg = mbedtls_md_psa_alg_from_type(md_alg); MBEDTLS_SSL_DEBUG_MSG(3, ("Perform PSA-based computation of digest of ServerKeyExchange")); @@ -8870,7 +8870,7 @@ unsigned int mbedtls_ssl_tls12_get_preferred_hash_for_sig_alg( #if defined(MBEDTLS_USE_PSA_CRYPTO) if (ssl->handshake->key_cert && ssl->handshake->key_cert->key) { psa_algorithm_t psa_hash_alg = - mbedtls_hash_info_psa_from_md(hash_alg_received); + mbedtls_md_psa_alg_from_type(hash_alg_received); if (sig_alg_received == MBEDTLS_SSL_SIG_ECDSA && !mbedtls_pk_can_do_ext(ssl->handshake->key_cert->key, diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c index e347853818..937463d772 100644 --- a/library/ssl_tls13_client.c +++ b/library/ssl_tls13_client.c @@ -850,7 +850,7 @@ static int ssl_tls13_write_binder(mbedtls_ssl_context *ssl, /* Get current state of handshake transcript. */ ret = mbedtls_ssl_get_handshake_transcript( - ssl, mbedtls_hash_info_md_from_psa(hash_alg), + ssl, mbedtls_md_type_from_psa_alg(hash_alg), transcript, sizeof(transcript), &transcript_len); if (ret != 0) { return ret; diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c index a00785b09b..de2ce32625 100644 --- a/library/ssl_tls13_generic.c +++ b/library/ssl_tls13_generic.c @@ -274,7 +274,7 @@ static int ssl_tls13_parse_certificate_verify(mbedtls_ssl_context *ssl, goto error; } - hash_alg = mbedtls_hash_info_psa_from_md(md_alg); + hash_alg = mbedtls_md_psa_alg_from_type(md_alg); if (hash_alg == 0) { goto error; } @@ -1076,7 +1076,7 @@ static int ssl_tls13_write_certificate_verify_body(mbedtls_ssl_context *ssl, } /* Hash verify buffer with indicated hash function */ - psa_algorithm = mbedtls_hash_info_psa_from_md(md_alg); + psa_algorithm = mbedtls_md_psa_alg_from_type(md_alg); status = psa_hash_compute(psa_algorithm, verify_buffer, verify_buffer_len, diff --git a/library/ssl_tls13_keys.c b/library/ssl_tls13_keys.c index 46caa45d3e..74dbe48fbb 100644 --- a/library/ssl_tls13_keys.c +++ b/library/ssl_tls13_keys.c @@ -677,7 +677,7 @@ static int ssl_tls13_key_schedule_stage_application(mbedtls_ssl_context *ssl) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; mbedtls_ssl_handshake_params *handshake = ssl->handshake; - psa_algorithm_t const hash_alg = mbedtls_hash_info_psa_from_md( + psa_algorithm_t const hash_alg = mbedtls_md_psa_alg_from_type( handshake->ciphersuite_info->mac); /* @@ -792,7 +792,7 @@ int mbedtls_ssl_tls13_calculate_verify_data(mbedtls_ssl_context *ssl, mbedtls_md_type_t const md_type = ssl->handshake->ciphersuite_info->mac; - psa_algorithm_t hash_alg = mbedtls_hash_info_psa_from_md( + psa_algorithm_t hash_alg = mbedtls_md_psa_alg_from_type( ssl->handshake->ciphersuite_info->mac); size_t const hash_len = PSA_HASH_LENGTH(hash_alg); @@ -1163,7 +1163,7 @@ static int ssl_tls13_generate_early_key(mbedtls_ssl_context *ssl, md_type = ciphersuite_info->mac; - hash_alg = mbedtls_hash_info_psa_from_md(ciphersuite_info->mac); + hash_alg = mbedtls_md_psa_alg_from_type(ciphersuite_info->mac); hash_len = PSA_HASH_LENGTH(hash_alg); ret = mbedtls_ssl_get_handshake_transcript(ssl, md_type, @@ -1291,7 +1291,7 @@ int mbedtls_ssl_tls13_key_schedule_stage_early(mbedtls_ssl_context *ssl) return MBEDTLS_ERR_SSL_INTERNAL_ERROR; } - hash_alg = mbedtls_hash_info_psa_from_md(handshake->ciphersuite_info->mac); + hash_alg = mbedtls_md_psa_alg_from_type(handshake->ciphersuite_info->mac); #if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED) if (mbedtls_ssl_tls13_key_exchange_mode_with_psk(ssl)) { ret = mbedtls_ssl_tls13_export_handshake_psk(ssl, &psk, &psk_len); @@ -1365,7 +1365,7 @@ static int ssl_tls13_generate_handshake_keys(mbedtls_ssl_context *ssl, md_type = ciphersuite_info->mac; - hash_alg = mbedtls_hash_info_psa_from_md(ciphersuite_info->mac); + hash_alg = mbedtls_md_psa_alg_from_type(ciphersuite_info->mac); hash_len = PSA_HASH_LENGTH(hash_alg); ret = mbedtls_ssl_get_handshake_transcript(ssl, md_type, @@ -1472,7 +1472,7 @@ static int ssl_tls13_key_schedule_stage_handshake(mbedtls_ssl_context *ssl) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; mbedtls_ssl_handshake_params *handshake = ssl->handshake; - psa_algorithm_t const hash_alg = mbedtls_hash_info_psa_from_md( + psa_algorithm_t const hash_alg = mbedtls_md_psa_alg_from_type( handshake->ciphersuite_info->mac); unsigned char *shared_secret = NULL; size_t shared_secret_len = 0; @@ -1608,7 +1608,7 @@ static int ssl_tls13_generate_application_keys( md_type = handshake->ciphersuite_info->mac; - hash_alg = mbedtls_hash_info_psa_from_md(handshake->ciphersuite_info->mac); + hash_alg = mbedtls_md_psa_alg_from_type(handshake->ciphersuite_info->mac); hash_len = PSA_HASH_LENGTH(hash_alg); /* Compute current handshake transcript. It's the caller's responsibility diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c index dc3c2f070d..8403151218 100644 --- a/library/ssl_tls13_server.c +++ b/library/ssl_tls13_server.c @@ -332,7 +332,7 @@ static int ssl_tls13_offered_psks_check_binder_match( /* Get current state of handshake transcript. */ ret = mbedtls_ssl_get_handshake_transcript( - ssl, mbedtls_hash_info_md_from_psa(psk_hash_alg), + ssl, mbedtls_md_type_from_psa_alg(psk_hash_alg), transcript, sizeof(transcript), &transcript_len); if (ret != 0) { return ret; diff --git a/library/x509_crt.c b/library/x509_crt.c index 9b49a1b665..69c3c03481 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -2064,7 +2064,7 @@ static int x509_crt_verifycrl(mbedtls_x509_crt *crt, mbedtls_x509_crt *ca, } #if defined(MBEDTLS_USE_PSA_CRYPTO) - psa_algorithm = mbedtls_hash_info_psa_from_md(crl_list->sig_md); + psa_algorithm = mbedtls_md_psa_alg_from_type(crl_list->sig_md); if (psa_hash_compute(psa_algorithm, crl_list->tbs.p, crl_list->tbs.len, @@ -2144,7 +2144,7 @@ static int x509_crt_check_signature(const mbedtls_x509_crt *child, return -1; } #else - psa_algorithm_t hash_alg = mbedtls_hash_info_psa_from_md(child->sig_md); + psa_algorithm_t hash_alg = mbedtls_md_psa_alg_from_type(child->sig_md); psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; status = psa_hash_compute(hash_alg, diff --git a/library/x509write_crt.c b/library/x509write_crt.c index c89670aa45..a8ea945997 100644 --- a/library/x509write_crt.c +++ b/library/x509write_crt.c @@ -728,7 +728,7 @@ int mbedtls_x509write_crt_der(mbedtls_x509write_cert *ctx, /* Compute hash of CRT. */ #if defined(MBEDTLS_USE_PSA_CRYPTO) - psa_algorithm = mbedtls_hash_info_psa_from_md(ctx->md_alg); + psa_algorithm = mbedtls_md_psa_alg_from_type(ctx->md_alg); status = psa_hash_compute(psa_algorithm, c, diff --git a/library/x509write_csr.c b/library/x509write_csr.c index 06f5c933bc..f4fad884af 100644 --- a/library/x509write_csr.c +++ b/library/x509write_csr.c @@ -249,7 +249,7 @@ static int x509write_csr_der_internal(mbedtls_x509write_csr *ctx, mbedtls_pk_type_t pk_alg; #if defined(MBEDTLS_USE_PSA_CRYPTO) size_t hash_len; - psa_algorithm_t hash_alg = mbedtls_hash_info_psa_from_md(ctx->md_alg); + psa_algorithm_t hash_alg = mbedtls_md_psa_alg_from_type(ctx->md_alg); #endif /* MBEDTLS_USE_PSA_CRYPTO */ /* Write the CSR backwards starting from the end of buf */ diff --git a/tests/src/test_helpers/ssl_helpers.c b/tests/src/test_helpers/ssl_helpers.c index efa7efe728..d1e3d9ce83 100644 --- a/tests/src/test_helpers/ssl_helpers.c +++ b/tests/src/test_helpers/ssl_helpers.c @@ -1209,7 +1209,7 @@ int mbedtls_test_ssl_build_transforms(mbedtls_ssl_transform *t_in, memset(md1, 0x6, maclen); #if defined(MBEDTLS_USE_PSA_CRYPTO) - alg = mbedtls_hash_info_psa_from_md(hash_id); + alg = mbedtls_md_psa_alg_from_type(hash_id); CHK(alg != 0); @@ -1501,7 +1501,7 @@ int mbedtls_test_ssl_tls12_populate_session(mbedtls_ssl_session *session, } #if defined(MBEDTLS_USE_PSA_CRYPTO) - psa_algorithm_t psa_alg = mbedtls_hash_info_psa_from_md( + psa_algorithm_t psa_alg = mbedtls_md_psa_alg_from_type( MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_TYPE); size_t hash_size = 0; psa_status_t status = psa_hash_compute( diff --git a/tests/suites/test_suite_constant_time_hmac.function b/tests/suites/test_suite_constant_time_hmac.function index 55886fa7ae..35ed0430e5 100644 --- a/tests/suites/test_suite_constant_time_hmac.function +++ b/tests/suites/test_suite_constant_time_hmac.function @@ -36,7 +36,7 @@ void ssl_cf_hmac(int hash) USE_PSA_INIT(); #if defined(MBEDTLS_USE_PSA_CRYPTO) - alg = PSA_ALG_HMAC(mbedtls_hash_info_psa_from_md(hash)); + alg = PSA_ALG_HMAC(mbedtls_md_psa_alg_from_type(hash)); out_len = PSA_HASH_LENGTH(alg); block_size = PSA_HASH_BLOCK_LENGTH(alg); diff --git a/tests/suites/test_suite_pk.function b/tests/suites/test_suite_pk.function index 65aa593a87..0adf1fc69e 100644 --- a/tests/suites/test_suite_pk.function +++ b/tests/suites/test_suite_pk.function @@ -1491,7 +1491,7 @@ void pk_psa_wrap_sign_ext(int pk_type, int parameter, int key_pk_type, int md_al unsigned char pkey[PSA_EXPORT_PUBLIC_KEY_MAX_SIZE]; unsigned char *pkey_start; unsigned char hash[PSA_HASH_MAX_SIZE]; - psa_algorithm_t psa_md_alg = mbedtls_hash_info_psa_from_md(md_alg); + psa_algorithm_t psa_md_alg = mbedtls_md_psa_alg_from_type(md_alg); psa_algorithm_t psa_alg; size_t hash_len = PSA_HASH_LENGTH(psa_md_alg); void const *options = NULL; diff --git a/tests/suites/test_suite_x509write.function b/tests/suites/test_suite_x509write.function index 22525d2d63..be6a066fef 100644 --- a/tests/suites/test_suite_x509write.function +++ b/tests/suites/test_suite_x509write.function @@ -47,7 +47,7 @@ static int x509_crt_verifycsr(const unsigned char *buf, size_t buflen) goto cleanup; } - psa_algorithm_t psa_alg = mbedtls_hash_info_psa_from_md(csr.sig_md); + psa_algorithm_t psa_alg = mbedtls_md_psa_alg_from_type(csr.sig_md); size_t hash_size = 0; psa_status_t status = psa_hash_compute(psa_alg, csr.cri.p, csr.cri.len, hash, PSA_HASH_MAX_SIZE, &hash_size); @@ -270,7 +270,7 @@ void x509_csr_check_opaque(char *key_file, int md_type, int key_usage, memset(&rnd_info, 0x2a, sizeof(mbedtls_test_rnd_pseudo_info)); - md_alg_psa = mbedtls_hash_info_psa_from_md((mbedtls_md_type_t) md_type); + md_alg_psa = mbedtls_md_psa_alg_from_type((mbedtls_md_type_t) md_type); TEST_ASSERT(md_alg_psa != MBEDTLS_MD_NONE); mbedtls_pk_init(&key); @@ -428,7 +428,7 @@ void x509_crt_check(char *subject_key_file, char *subject_pwd, if (pk_wrap == 2) { psa_algorithm_t alg_psa, md_alg_psa; - md_alg_psa = mbedtls_hash_info_psa_from_md((mbedtls_md_type_t) md_type); + md_alg_psa = mbedtls_md_psa_alg_from_type((mbedtls_md_type_t) md_type); TEST_ASSERT(md_alg_psa != MBEDTLS_MD_NONE); if (mbedtls_pk_get_type(&issuer_key) == MBEDTLS_PK_ECKEY) { From 6076f4124a1df99a782229f814578b5e2fa3533f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 28 Mar 2023 11:43:36 +0200 Subject: [PATCH 281/328] Remove hash_info.[ch] MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Manuel Pégourié-Gonnard --- include/mbedtls/psa_util.h | 2 +- library/CMakeLists.txt | 1 - library/Makefile | 1 - library/ecjpake.c | 2 - library/hash_info.c | 56 ------------------- library/hash_info.h | 39 ------------- library/pem.c | 1 - library/pk.c | 2 - library/pk_wrap.c | 1 - library/pkcs12.c | 1 - library/pkcs5.c | 1 - library/psa_crypto.c | 1 - library/psa_crypto_ecp.c | 1 - library/psa_crypto_rsa.c | 1 - library/rsa.c | 1 - library/ssl_misc.h | 1 - library/ssl_tls12_client.c | 2 - library/ssl_tls12_server.c | 1 - library/x509_crt.c | 1 - library/x509write_crt.c | 2 - library/x509write_csr.c | 1 - tests/include/test/ssl_helpers.h | 1 - .../test_suite_constant_time_hmac.function | 1 - tests/suites/test_suite_ecdsa.function | 1 - tests/suites/test_suite_pk.function | 2 - tests/suites/test_suite_ssl.function | 2 - tests/suites/test_suite_x509write.function | 2 - 27 files changed, 1 insertion(+), 127 deletions(-) delete mode 100644 library/hash_info.c delete mode 100644 library/hash_info.h diff --git a/include/mbedtls/psa_util.h b/include/mbedtls/psa_util.h index 5fdecc6021..cdc20e8af7 100644 --- a/include/mbedtls/psa_util.h +++ b/include/mbedtls/psa_util.h @@ -123,7 +123,7 @@ static inline psa_key_usage_t mbedtls_psa_translate_cipher_operation( /* Translations for hashing. */ /* Note: this function should not be used from inside the library, use - * mbedtls_md_psa_alg_from_type() from the internal hash_info.h instead. + * mbedtls_md_psa_alg_from_type() from the internal md_psa.h instead. * It is kept only for compatibility in case applications were using it. */ static inline psa_algorithm_t mbedtls_psa_translate_md(mbedtls_md_type_t md_alg) { diff --git a/library/CMakeLists.txt b/library/CMakeLists.txt index a08f3ff0b1..915c8200fa 100644 --- a/library/CMakeLists.txt +++ b/library/CMakeLists.txt @@ -42,7 +42,6 @@ set(src_crypto entropy_poll.c error.c gcm.c - hash_info.c hkdf.c hmac_drbg.c lmots.c diff --git a/library/Makefile b/library/Makefile index 51e7a15a6a..01da1c9cff 100644 --- a/library/Makefile +++ b/library/Makefile @@ -107,7 +107,6 @@ OBJS_CRYPTO= \ entropy_poll.o \ error.o \ gcm.o \ - hash_info.o \ hkdf.o \ hmac_drbg.o \ lmots.o \ diff --git a/library/ecjpake.c b/library/ecjpake.c index c2ab4b86ad..19ad2c6e0f 100644 --- a/library/ecjpake.c +++ b/library/ecjpake.c @@ -30,8 +30,6 @@ #include "mbedtls/platform_util.h" #include "mbedtls/error.h" -#include "hash_info.h" - #include #if !defined(MBEDTLS_ECJPAKE_ALT) diff --git a/library/hash_info.c b/library/hash_info.c deleted file mode 100644 index 3a26251691..0000000000 --- a/library/hash_info.c +++ /dev/null @@ -1,56 +0,0 @@ -/* - * Hash information that's independent from the crypto implementation. - * - * (See the corresponding header file for usage notes.) - */ -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#include "hash_info.h" -#include "mbedtls/error.h" - -typedef struct { - psa_algorithm_t psa_alg; - mbedtls_md_type_t md_type; - unsigned char size; - unsigned char block_size; -} hash_entry; - -static const hash_entry hash_table[] = { -#if defined(MBEDTLS_MD_CAN_MD5) - { PSA_ALG_MD5, MBEDTLS_MD_MD5, 16, 64 }, -#endif -#if defined(MBEDTLS_MD_CAN_RIPEMD160) - { PSA_ALG_RIPEMD160, MBEDTLS_MD_RIPEMD160, 20, 64 }, -#endif -#if defined(MBEDTLS_MD_CAN_SHA1) - { PSA_ALG_SHA_1, MBEDTLS_MD_SHA1, 20, 64 }, -#endif -#if defined(MBEDTLS_MD_CAN_SHA224) - { PSA_ALG_SHA_224, MBEDTLS_MD_SHA224, 28, 64 }, -#endif -#if defined(MBEDTLS_MD_CAN_SHA256) - { PSA_ALG_SHA_256, MBEDTLS_MD_SHA256, 32, 64 }, -#endif -#if defined(MBEDTLS_MD_CAN_SHA384) - { PSA_ALG_SHA_384, MBEDTLS_MD_SHA384, 48, 128 }, -#endif -#if defined(MBEDTLS_MD_CAN_SHA512) - { PSA_ALG_SHA_512, MBEDTLS_MD_SHA512, 64, 128 }, -#endif - { PSA_ALG_NONE, MBEDTLS_MD_NONE, 0, 0 }, -}; diff --git a/library/hash_info.h b/library/hash_info.h deleted file mode 100644 index 26e60e4f8d..0000000000 --- a/library/hash_info.h +++ /dev/null @@ -1,39 +0,0 @@ -/** - * Hash information that's independent from the crypto implementation. - * - * This can be used by: - * - code based on PSA - * - code based on the legacy API - * - code based on either of them depending on MBEDTLS_USE_PSA_CRYPTO - * - code based on either of them depending on what's available - * - * Note: this internal module will go away when everything becomes based on - * PSA Crypto; it is a helper for the transition while hash algorithms are - * still represented using mbedtls_md_type_t in most places even when PSA is - * used for the actual crypto computations. - * - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -#ifndef MBEDTLS_HASH_INFO_H -#define MBEDTLS_HASH_INFO_H - -#include "common.h" - -#include "mbedtls/md.h" -#include "psa/crypto.h" -#include "mbedtls/platform_util.h" - -#endif /* MBEDTLS_HASH_INFO_H */ diff --git a/library/pem.c b/library/pem.c index aed4788bfe..056c98c771 100644 --- a/library/pem.c +++ b/library/pem.c @@ -29,7 +29,6 @@ #include "mbedtls/cipher.h" #include "mbedtls/platform_util.h" #include "mbedtls/error.h" -#include "hash_info.h" #include diff --git a/library/pk.c b/library/pk.c index 74a1ffae35..91796dec9d 100644 --- a/library/pk.c +++ b/library/pk.c @@ -25,8 +25,6 @@ #include "pkwrite.h" #include "pk_internal.h" -#include "hash_info.h" - #include "mbedtls/platform_util.h" #include "mbedtls/error.h" diff --git a/library/pk_wrap.c b/library/pk_wrap.c index 1bafd1fa03..087a7a386a 100644 --- a/library/pk_wrap.c +++ b/library/pk_wrap.c @@ -47,7 +47,6 @@ #if defined(MBEDTLS_USE_PSA_CRYPTO) #include "psa/crypto.h" -#include "hash_info.h" #if defined(MBEDTLS_PK_CAN_ECDSA_SOME) #include "mbedtls/asn1write.h" diff --git a/library/pkcs12.c b/library/pkcs12.c index 2e6ed7e814..ce2dcf27ea 100644 --- a/library/pkcs12.c +++ b/library/pkcs12.c @@ -39,7 +39,6 @@ #include "mbedtls/des.h" #endif -#include "hash_info.h" #include "mbedtls/psa_util.h" #if defined(MBEDTLS_ASN1_PARSE_C) diff --git a/library/pkcs5.c b/library/pkcs5.c index 0f4baf1bdb..94da9813e9 100644 --- a/library/pkcs5.c +++ b/library/pkcs5.c @@ -44,7 +44,6 @@ #include "mbedtls/platform.h" -#include "hash_info.h" #include "mbedtls/psa_util.h" #if defined(MBEDTLS_ASN1_PARSE_C) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 7fb1063f0b..9a4cfdbdd7 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -82,7 +82,6 @@ #include "mbedtls/sha1.h" #include "mbedtls/sha256.h" #include "mbedtls/sha512.h" -#include "hash_info.h" #define ARRAY_LENGTH(array) (sizeof(array) / sizeof(*(array))) diff --git a/library/psa_crypto_ecp.c b/library/psa_crypto_ecp.c index bf2cae82b2..488020882f 100644 --- a/library/psa_crypto_ecp.c +++ b/library/psa_crypto_ecp.c @@ -26,7 +26,6 @@ #include "psa_crypto_core.h" #include "psa_crypto_ecp.h" #include "psa_crypto_random_impl.h" -#include "hash_info.h" #include "md_psa.h" #include diff --git a/library/psa_crypto_rsa.c b/library/psa_crypto_rsa.c index bb8371a885..ab93146deb 100644 --- a/library/psa_crypto_rsa.c +++ b/library/psa_crypto_rsa.c @@ -38,7 +38,6 @@ #include #include #include "pk_wrap.h" -#include "hash_info.h" #if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT) || \ defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP) || \ diff --git a/library/rsa.c b/library/rsa.c index aa8cdf6a82..950d8e91c0 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -46,7 +46,6 @@ #include "mbedtls/error.h" #include "constant_time_internal.h" #include "mbedtls/constant_time.h" -#include "hash_info.h" #include "md_psa.h" #include diff --git a/library/ssl_misc.h b/library/ssl_misc.h index 17149c59e6..2d6d7bace5 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -30,7 +30,6 @@ #if defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3) #include "psa/crypto.h" #include "mbedtls/psa_util.h" -#include "hash_info.h" #endif #if defined(MBEDTLS_MD_CAN_MD5) diff --git a/library/ssl_tls12_client.c b/library/ssl_tls12_client.c index df4c00373d..fc96dae1e2 100644 --- a/library/ssl_tls12_client.c +++ b/library/ssl_tls12_client.c @@ -50,8 +50,6 @@ #include "mbedtls/platform_util.h" #endif -#include "hash_info.h" - #if defined(MBEDTLS_SSL_RENEGOTIATION) MBEDTLS_CHECK_RETURN_CRITICAL static int ssl_write_renegotiation_ext(mbedtls_ssl_context *ssl, diff --git a/library/ssl_tls12_server.c b/library/ssl_tls12_server.c index 40e6fc9795..30c35f3a45 100644 --- a/library/ssl_tls12_server.c +++ b/library/ssl_tls12_server.c @@ -30,7 +30,6 @@ #include "mbedtls/platform_util.h" #include "constant_time_internal.h" #include "mbedtls/constant_time.h" -#include "hash_info.h" #include diff --git a/library/x509_crt.c b/library/x509_crt.c index 69c3c03481..65b464a724 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -48,7 +48,6 @@ #include "psa/crypto.h" #include "mbedtls/psa_util.h" #endif /* MBEDTLS_USE_PSA_CRYPTO */ -#include "hash_info.h" #include "x509_invasive.h" #include "pk_internal.h" diff --git a/library/x509write_crt.c b/library/x509write_crt.c index a8ea945997..6c781933eb 100644 --- a/library/x509write_crt.c +++ b/library/x509write_crt.c @@ -47,8 +47,6 @@ #include "mbedtls/psa_util.h" #endif /* MBEDTLS_USE_PSA_CRYPTO */ -#include "hash_info.h" - #define CHECK_OVERFLOW_ADD(a, b) \ do \ { \ diff --git a/library/x509write_csr.c b/library/x509write_csr.c index f4fad884af..1862388777 100644 --- a/library/x509write_csr.c +++ b/library/x509write_csr.c @@ -37,7 +37,6 @@ #include "psa/crypto.h" #include "mbedtls/psa_util.h" #endif /* MBEDTLS_USE_PSA_CRYPTO */ -#include "hash_info.h" #include #include diff --git a/tests/include/test/ssl_helpers.h b/tests/include/test/ssl_helpers.h index 572b6cb71e..2841691c9c 100644 --- a/tests/include/test/ssl_helpers.h +++ b/tests/include/test/ssl_helpers.h @@ -36,7 +36,6 @@ #include #include #include -#include "hash_info.h" #include "test/certs.h" diff --git a/tests/suites/test_suite_constant_time_hmac.function b/tests/suites/test_suite_constant_time_hmac.function index 35ed0430e5..42b1e7c62f 100644 --- a/tests/suites/test_suite_constant_time_hmac.function +++ b/tests/suites/test_suite_constant_time_hmac.function @@ -3,7 +3,6 @@ #include #include #include -#include #include /* END_HEADER */ diff --git a/tests/suites/test_suite_ecdsa.function b/tests/suites/test_suite_ecdsa.function index 14fe2f058b..f16a6d4134 100644 --- a/tests/suites/test_suite_ecdsa.function +++ b/tests/suites/test_suite_ecdsa.function @@ -1,6 +1,5 @@ /* BEGIN_HEADER */ #include "mbedtls/ecdsa.h" -#include "hash_info.h" /* END_HEADER */ /* BEGIN_DEPENDENCIES diff --git a/tests/suites/test_suite_pk.function b/tests/suites/test_suite_pk.function index 0adf1fc69e..eca46c86ab 100644 --- a/tests/suites/test_suite_pk.function +++ b/tests/suites/test_suite_pk.function @@ -9,8 +9,6 @@ #include "mbedtls/rsa.h" #include "pk_internal.h" -#include "hash_info.h" - #include #include diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index fb71b835b0..a8c714f391 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -7,8 +7,6 @@ #include #include -#include "hash_info.h" - #include #include diff --git a/tests/suites/test_suite_x509write.function b/tests/suites/test_suite_x509write.function index be6a066fef..c3b67684db 100644 --- a/tests/suites/test_suite_x509write.function +++ b/tests/suites/test_suite_x509write.function @@ -8,8 +8,6 @@ #include "mbedtls/asn1write.h" #include "mbedtls/pk.h" -#include "hash_info.h" - #if defined(MBEDTLS_RSA_C) int mbedtls_rsa_decrypt_func(void *ctx, size_t *olen, const unsigned char *input, unsigned char *output, From 1f2a587cdf821eb18301014b8a80bcf044336862 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 28 Mar 2023 11:46:17 +0200 Subject: [PATCH 282/328] Use actual function instead of static inline MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Large static inline functions used from several translation units in the library are bad for code size as we end up with multiple copies. Use the actual function instead. There's already a comment that says so. Signed-off-by: Manuel Pégourié-Gonnard --- library/ssl_tls13_client.c | 6 +++--- library/ssl_tls13_keys.c | 4 ++-- library/ssl_tls13_server.c | 6 +++--- 3 files changed, 8 insertions(+), 8 deletions(-) diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c index 937463d772..48780d8439 100644 --- a/library/ssl_tls13_client.c +++ b/library/ssl_tls13_client.c @@ -672,7 +672,7 @@ static psa_algorithm_t ssl_tls13_get_ciphersuite_hash_alg(int ciphersuite) ciphersuite_info = mbedtls_ssl_ciphersuite_from_id(ciphersuite); if (ciphersuite_info != NULL) { - return mbedtls_psa_translate_md(ciphersuite_info->mac); + return mbedtls_md_psa_alg_from_type(ciphersuite_info->mac); } return PSA_ALG_NONE; @@ -1126,7 +1126,7 @@ static int ssl_tls13_parse_server_pre_shared_key_ext(mbedtls_ssl_context *ssl, return ret; } - if (mbedtls_psa_translate_md(ssl->handshake->ciphersuite_info->mac) + if (mbedtls_md_psa_alg_from_type(ssl->handshake->ciphersuite_info->mac) != hash_alg) { MBEDTLS_SSL_DEBUG_MSG( 1, ("Invalid ciphersuite for external psk.")); @@ -2844,7 +2844,7 @@ static int ssl_tls13_postprocess_new_session_ticket(mbedtls_ssl_context *ssl, return MBEDTLS_ERR_SSL_INTERNAL_ERROR; } - psa_hash_alg = mbedtls_psa_translate_md(ciphersuite_info->mac); + psa_hash_alg = mbedtls_md_psa_alg_from_type(ciphersuite_info->mac); hash_length = PSA_HASH_LENGTH(psa_hash_alg); if (hash_length == -1 || (size_t) hash_length > sizeof(session->resumption_key)) { diff --git a/library/ssl_tls13_keys.c b/library/ssl_tls13_keys.c index 74dbe48fbb..533865d86d 100644 --- a/library/ssl_tls13_keys.c +++ b/library/ssl_tls13_keys.c @@ -1766,7 +1766,7 @@ int mbedtls_ssl_tls13_compute_resumption_master_secret(mbedtls_ssl_context *ssl) } ret = mbedtls_ssl_tls13_derive_resumption_master_secret( - mbedtls_psa_translate_md(md_type), + mbedtls_md_psa_alg_from_type(md_type), handshake->tls13_master_secrets.app, transcript, transcript_len, &ssl->session_negotiate->app_secrets); @@ -1781,7 +1781,7 @@ int mbedtls_ssl_tls13_compute_resumption_master_secret(mbedtls_ssl_context *ssl) MBEDTLS_SSL_DEBUG_BUF( 4, "Resumption master secret", ssl->session_negotiate->app_secrets.resumption_master_secret, - PSA_HASH_LENGTH(mbedtls_psa_translate_md(md_type))); + PSA_HASH_LENGTH(mbedtls_md_psa_alg_from_type(md_type))); MBEDTLS_SSL_DEBUG_MSG( 2, ("<= mbedtls_ssl_tls13_compute_resumption_master_secret")); diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c index 8403151218..60ffd269d7 100644 --- a/library/ssl_tls13_server.c +++ b/library/ssl_tls13_server.c @@ -406,7 +406,7 @@ static int ssl_tls13_select_ciphersuite_for_psk( /* MAC of selected ciphersuite MUST be same with PSK binder if exist. * Otherwise, client should reject. */ - if (psk_hash_alg == mbedtls_psa_translate_md(ciphersuite_info->mac)) { + if (psk_hash_alg == mbedtls_md_psa_alg_from_type(ciphersuite_info->mac)) { *selected_ciphersuite = cipher_suite; *selected_ciphersuite_info = ciphersuite_info; return 0; @@ -612,7 +612,7 @@ static int ssl_tls13_parse_pre_shared_key_ext( ret = ssl_tls13_offered_psks_check_binder_match( ssl, binder, binder_len, psk_type, - mbedtls_psa_translate_md(ciphersuite_info->mac)); + mbedtls_md_psa_alg_from_type(ciphersuite_info->mac)); if (ret != SSL_TLS1_3_OFFERED_PSK_MATCH) { /* For security reasons, the handshake should be aborted when we * fail to validate a binder value. See RFC 8446 section 4.2.11.2 @@ -2783,7 +2783,7 @@ static int ssl_tls13_prepare_new_session_ticket(mbedtls_ssl_context *ssl, ciphersuite_info = (mbedtls_ssl_ciphersuite_t *) ssl->handshake->ciphersuite_info; - psa_hash_alg = mbedtls_psa_translate_md(ciphersuite_info->mac); + psa_hash_alg = mbedtls_md_psa_alg_from_type(ciphersuite_info->mac); hash_length = PSA_HASH_LENGTH(psa_hash_alg); if (hash_length == -1 || (size_t) hash_length > sizeof(session->resumption_key)) { From 1c32e37b0c93b0ad1403f26db5b78f9ff4e8f639 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 28 Mar 2023 11:57:09 +0200 Subject: [PATCH 283/328] Formally deprecate mbedtls_psa_translate_md() MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The previous informal comment was not enough to prevent it from being used in several places in the library. This should have more effect, considering with have builds with DEPRECATED_REMOVED. Signed-off-by: Manuel Pégourié-Gonnard --- include/mbedtls/psa_util.h | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/include/mbedtls/psa_util.h b/include/mbedtls/psa_util.h index cdc20e8af7..f1a49ec2ab 100644 --- a/include/mbedtls/psa_util.h +++ b/include/mbedtls/psa_util.h @@ -29,6 +29,8 @@ #include "mbedtls/build_info.h" +#include "mbedtls/platform_util.h" + #if defined(MBEDTLS_PSA_CRYPTO_C) #include "psa/crypto.h" @@ -125,7 +127,8 @@ static inline psa_key_usage_t mbedtls_psa_translate_cipher_operation( /* Note: this function should not be used from inside the library, use * mbedtls_md_psa_alg_from_type() from the internal md_psa.h instead. * It is kept only for compatibility in case applications were using it. */ -static inline psa_algorithm_t mbedtls_psa_translate_md(mbedtls_md_type_t md_alg) +#if !defined(MBEDTLS_DEPRECATED_REMOVED) +static inline MBEDTLS_DEPRECATED psa_algorithm_t mbedtls_psa_translate_md(mbedtls_md_type_t md_alg) { switch (md_alg) { #if defined(MBEDTLS_MD5_C) || defined(PSA_WANT_ALG_MD5) @@ -162,6 +165,7 @@ static inline psa_algorithm_t mbedtls_psa_translate_md(mbedtls_md_type_t md_alg) return 0; } } +#endif /* MBEDTLS_DEPRECATED_REMOVED */ /* Translations for ECC. */ From ddbf61a9387686f16d58191c01f6935b529bef44 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 28 Mar 2023 12:14:01 +0200 Subject: [PATCH 284/328] Use general framework for PSA status conversion MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Manuel Pégourié-Gonnard --- library/md.c | 13 +++---------- 1 file changed, 3 insertions(+), 10 deletions(-) diff --git a/library/md.c b/library/md.c index 14a88ba1b3..14b400bdc6 100644 --- a/library/md.c +++ b/library/md.c @@ -55,6 +55,7 @@ #if defined(MBEDTLS_PSA_CRYPTO_C) #include #include "md_psa.h" +#include "mbedtls/psa_util.h" #endif #if defined(MBEDTLS_MD_SOME_PSA) @@ -217,16 +218,8 @@ static int md_can_use_psa(const mbedtls_md_info_t *info) static int mbedtls_md_error_from_psa(psa_status_t status) { - switch (status) { - case PSA_SUCCESS: - return 0; - case PSA_ERROR_NOT_SUPPORTED: - return MBEDTLS_ERR_MD_FEATURE_UNAVAILABLE; - case PSA_ERROR_INSUFFICIENT_MEMORY: - return MBEDTLS_ERR_MD_ALLOC_FAILED; - default: - return MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED; - } + return PSA_TO_MBEDTLS_ERR_LIST(status, psa_to_md_errors, + psa_generic_status_to_mbedtls); } #endif /* MBEDTLS_MD_SOME_PSA */ From 02b10d826696eb3168c309a8a66a882513b9eecc Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 28 Mar 2023 12:33:20 +0200 Subject: [PATCH 285/328] Add missing include MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Fix build failures with config full Signed-off-by: Manuel Pégourié-Gonnard --- library/pk_wrap.c | 1 + library/psa_crypto.c | 1 + library/ssl_ciphersuites.c | 3 +++ library/ssl_cookie.c | 1 + library/ssl_tls.c | 1 + library/ssl_tls13_client.c | 1 + library/ssl_tls13_generic.c | 2 +- library/ssl_tls13_keys.c | 1 + library/ssl_tls13_server.c | 1 + library/x509_crt.c | 1 + library/x509write_crt.c | 1 + library/x509write_csr.c | 1 + tests/src/test_helpers/ssl_helpers.c | 1 + tests/suites/test_suite_constant_time_hmac.function | 1 + tests/suites/test_suite_pk.function | 1 + tests/suites/test_suite_x509write.function | 1 + 16 files changed, 18 insertions(+), 1 deletion(-) diff --git a/library/pk_wrap.c b/library/pk_wrap.c index 087a7a386a..a4c2a3bfe0 100644 --- a/library/pk_wrap.c +++ b/library/pk_wrap.c @@ -25,6 +25,7 @@ #include "pk_wrap.h" #include "pk_internal.h" #include "mbedtls/error.h" +#include "md_psa.h" /* Even if RSA not activated, for the sake of RSA-alt */ #include "mbedtls/rsa.h" diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 9a4cfdbdd7..399e7f3879 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -82,6 +82,7 @@ #include "mbedtls/sha1.h" #include "mbedtls/sha256.h" #include "mbedtls/sha512.h" +#include "md_psa.h" #define ARRAY_LENGTH(array) (sizeof(array) / sizeof(*(array))) diff --git a/library/ssl_ciphersuites.c b/library/ssl_ciphersuites.c index 3d4466a978..793ec6a1c8 100644 --- a/library/ssl_ciphersuites.c +++ b/library/ssl_ciphersuites.c @@ -28,6 +28,9 @@ #include "mbedtls/ssl_ciphersuites.h" #include "mbedtls/ssl.h" #include "ssl_misc.h" +#if defined(MBEDTLS_USE_PSA_CRYPTO) +#include "md_psa.h" +#endif #include diff --git a/library/ssl_cookie.c b/library/ssl_cookie.c index b51e91a122..ae7a4204ca 100644 --- a/library/ssl_cookie.c +++ b/library/ssl_cookie.c @@ -36,6 +36,7 @@ #include #if defined(MBEDTLS_USE_PSA_CRYPTO) +#include "md_psa.h" #define PSA_TO_MBEDTLS_ERR(status) PSA_TO_MBEDTLS_ERR_LIST(status, \ psa_to_ssl_errors, \ psa_generic_status_to_mbedtls) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 2a6242099f..a5562e6a13 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -41,6 +41,7 @@ #include #if defined(MBEDTLS_USE_PSA_CRYPTO) +#include "md_psa.h" #include "mbedtls/psa_util.h" #include "psa/crypto.h" #endif diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c index 48780d8439..3dffc1df4a 100644 --- a/library/ssl_tls13_client.c +++ b/library/ssl_tls13_client.c @@ -33,6 +33,7 @@ #include "ssl_client.h" #include "ssl_tls13_keys.h" #include "ssl_debug_helpers.h" +#include "md_psa.h" #define PSA_TO_MBEDTLS_ERR(status) PSA_TO_MBEDTLS_ERR_LIST(status, \ psa_to_ssl_errors, \ diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c index de2ce32625..a59f01c3e0 100644 --- a/library/ssl_tls13_generic.c +++ b/library/ssl_tls13_generic.c @@ -29,7 +29,7 @@ #include "mbedtls/platform.h" #include "mbedtls/constant_time.h" #include "psa/crypto.h" -#include "mbedtls/psa_util.h" +#include "md_psa.h" #include "ssl_misc.h" #include "ssl_tls13_invasive.h" diff --git a/library/ssl_tls13_keys.c b/library/ssl_tls13_keys.c index 533865d86d..540f854a84 100644 --- a/library/ssl_tls13_keys.c +++ b/library/ssl_tls13_keys.c @@ -34,6 +34,7 @@ #include "ssl_tls13_invasive.h" #include "psa/crypto.h" +#include "md_psa.h" #define PSA_TO_MBEDTLS_ERR(status) PSA_TO_MBEDTLS_ERR_LIST(status, \ psa_to_ssl_errors, \ diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c index 60ffd269d7..cf61191877 100644 --- a/library/ssl_tls13_server.c +++ b/library/ssl_tls13_server.c @@ -25,6 +25,7 @@ #include "mbedtls/error.h" #include "mbedtls/platform.h" #include "mbedtls/constant_time.h" +#include "md_psa.h" #include "ssl_misc.h" #include "ssl_tls13_keys.h" diff --git a/library/x509_crt.c b/library/x509_crt.c index 65b464a724..9b3414a49e 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -47,6 +47,7 @@ #if defined(MBEDTLS_USE_PSA_CRYPTO) #include "psa/crypto.h" #include "mbedtls/psa_util.h" +#include "md_psa.h" #endif /* MBEDTLS_USE_PSA_CRYPTO */ #include "x509_invasive.h" #include "pk_internal.h" diff --git a/library/x509write_crt.c b/library/x509write_crt.c index 6c781933eb..59fd589003 100644 --- a/library/x509write_crt.c +++ b/library/x509write_crt.c @@ -45,6 +45,7 @@ #if defined(MBEDTLS_USE_PSA_CRYPTO) #include "psa/crypto.h" #include "mbedtls/psa_util.h" +#include "md_psa.h" #endif /* MBEDTLS_USE_PSA_CRYPTO */ #define CHECK_OVERFLOW_ADD(a, b) \ diff --git a/library/x509write_csr.c b/library/x509write_csr.c index 1862388777..d792d34509 100644 --- a/library/x509write_csr.c +++ b/library/x509write_csr.c @@ -36,6 +36,7 @@ #if defined(MBEDTLS_USE_PSA_CRYPTO) #include "psa/crypto.h" #include "mbedtls/psa_util.h" +#include "md_psa.h" #endif /* MBEDTLS_USE_PSA_CRYPTO */ #include diff --git a/tests/src/test_helpers/ssl_helpers.c b/tests/src/test_helpers/ssl_helpers.c index d1e3d9ce83..e8bbc78d1e 100644 --- a/tests/src/test_helpers/ssl_helpers.c +++ b/tests/src/test_helpers/ssl_helpers.c @@ -21,6 +21,7 @@ */ #include +#include "md_psa.h" #if defined(MBEDTLS_SSL_TLS_C) #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) diff --git a/tests/suites/test_suite_constant_time_hmac.function b/tests/suites/test_suite_constant_time_hmac.function index 42b1e7c62f..9ee372b5f9 100644 --- a/tests/suites/test_suite_constant_time_hmac.function +++ b/tests/suites/test_suite_constant_time_hmac.function @@ -3,6 +3,7 @@ #include #include #include +#include "md_psa.h" #include /* END_HEADER */ diff --git a/tests/suites/test_suite_pk.function b/tests/suites/test_suite_pk.function index eca46c86ab..78711404ac 100644 --- a/tests/suites/test_suite_pk.function +++ b/tests/suites/test_suite_pk.function @@ -16,6 +16,7 @@ * but the test code generator requires test case data to be valid C code * unconditionally (https://github.com/Mbed-TLS/mbedtls/issues/2023). */ #include "psa/crypto.h" +#include "md_psa.h" /* Used for properly sizing the key buffer in pk_genkey_ec() */ #include "mbedtls/psa_util.h" diff --git a/tests/suites/test_suite_x509write.function b/tests/suites/test_suite_x509write.function index c3b67684db..ab4a2d0d35 100644 --- a/tests/suites/test_suite_x509write.function +++ b/tests/suites/test_suite_x509write.function @@ -7,6 +7,7 @@ #include "mbedtls/rsa.h" #include "mbedtls/asn1write.h" #include "mbedtls/pk.h" +#include "md_psa.h" #if defined(MBEDTLS_RSA_C) int mbedtls_rsa_decrypt_func(void *ctx, size_t *olen, From a14b8f0a174b7747154ae9ca922cfd94d118d693 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 28 Mar 2023 12:49:39 +0200 Subject: [PATCH 286/328] Add total when printing sizes in all.sh MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Manuel Pégourié-Gonnard --- tests/scripts/all.sh | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 36d5fa4167..7b0893b8fc 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -3836,7 +3836,7 @@ component_build_arm_none_eabi_gcc () { make CC="${ARM_NONE_EABI_GCC_PREFIX}gcc" AR="${ARM_NONE_EABI_GCC_PREFIX}ar" LD="${ARM_NONE_EABI_GCC_PREFIX}ld" CFLAGS='-std=c99 -Werror -Wall -Wextra -O1' lib msg "size: ${ARM_NONE_EABI_GCC_PREFIX}gcc -O1, baremetal+debug" - ${ARM_NONE_EABI_GCC_PREFIX}size library/*.o + ${ARM_NONE_EABI_GCC_PREFIX}size -t library/*.o } component_build_arm_linux_gnueabi_gcc_arm5vte () { @@ -3850,7 +3850,7 @@ component_build_arm_linux_gnueabi_gcc_arm5vte () { make CC="${ARM_LINUX_GNUEABI_GCC_PREFIX}gcc" AR="${ARM_LINUX_GNUEABI_GCC_PREFIX}ar" CFLAGS='-Werror -Wall -Wextra -march=armv5te -O1' LDFLAGS='-march=armv5te' msg "size: ${ARM_LINUX_GNUEABI_GCC_PREFIX}gcc -march=armv5te -O1, baremetal+debug" - ${ARM_LINUX_GNUEABI_GCC_PREFIX}size library/*.o + ${ARM_LINUX_GNUEABI_GCC_PREFIX}size -t library/*.o } support_build_arm_linux_gnueabi_gcc_arm5vte () { type ${ARM_LINUX_GNUEABI_GCC_PREFIX}gcc >/dev/null 2>&1 @@ -3865,7 +3865,7 @@ component_build_arm_none_eabi_gcc_arm5vte () { make CC="${ARM_NONE_EABI_GCC_PREFIX}gcc" AR="${ARM_NONE_EABI_GCC_PREFIX}ar" CFLAGS='-std=c99 -Werror -Wall -Wextra -march=armv5te -O1' LDFLAGS='-march=armv5te' SHELL='sh -x' lib msg "size: ${ARM_NONE_EABI_GCC_PREFIX}gcc -march=armv5te -O1, baremetal+debug" - ${ARM_NONE_EABI_GCC_PREFIX}size library/*.o + ${ARM_NONE_EABI_GCC_PREFIX}size -t library/*.o } component_build_arm_none_eabi_gcc_m0plus () { @@ -3874,7 +3874,7 @@ component_build_arm_none_eabi_gcc_m0plus () { make CC="${ARM_NONE_EABI_GCC_PREFIX}gcc" AR="${ARM_NONE_EABI_GCC_PREFIX}ar" LD="${ARM_NONE_EABI_GCC_PREFIX}ld" CFLAGS='-std=c99 -Werror -Wall -Wextra -mthumb -mcpu=cortex-m0plus -Os' lib msg "size: ${ARM_NONE_EABI_GCC_PREFIX}gcc -mthumb -mcpu=cortex-m0plus -Os, baremetal_size" - ${ARM_NONE_EABI_GCC_PREFIX}size library/*.o + ${ARM_NONE_EABI_GCC_PREFIX}size -t library/*.o } component_build_arm_none_eabi_gcc_no_udbl_division () { From 3761e9e8fdce6fbe17d1bb89f4ab867cf1851512 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 28 Mar 2023 12:54:56 +0200 Subject: [PATCH 287/328] Use function instead of macro for error conversion MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit tests/scripts/all.sh build_arm_none_eabi_gcc_m0plus | grep TOTALS Before: 323003 After: 322883 Saved: 120 bytes Not huge, but still nice to have. Signed-off-by: Manuel Pégourié-Gonnard --- library/ssl_tls.c | 28 ++++++++++++++-------------- 1 file changed, 14 insertions(+), 14 deletions(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index a5562e6a13..f0067f4b2d 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -844,11 +844,11 @@ int mbedtls_ssl_reset_checksum(mbedtls_ssl_context *ssl) #if defined(MBEDTLS_USE_PSA_CRYPTO) status = psa_hash_abort(&ssl->handshake->fin_sha256_psa); if (status != PSA_SUCCESS) { - return PSA_TO_MD_ERR(status); + return mbedtls_md_error_from_psa(status); } status = psa_hash_setup(&ssl->handshake->fin_sha256_psa, PSA_ALG_SHA_256); if (status != PSA_SUCCESS) { - return PSA_TO_MD_ERR(status); + return mbedtls_md_error_from_psa(status); } #else mbedtls_md_free(&ssl->handshake->fin_sha256); @@ -869,11 +869,11 @@ int mbedtls_ssl_reset_checksum(mbedtls_ssl_context *ssl) #if defined(MBEDTLS_USE_PSA_CRYPTO) status = psa_hash_abort(&ssl->handshake->fin_sha384_psa); if (status != PSA_SUCCESS) { - return PSA_TO_MD_ERR(status); + return mbedtls_md_error_from_psa(status); } status = psa_hash_setup(&ssl->handshake->fin_sha384_psa, PSA_ALG_SHA_384); if (status != PSA_SUCCESS) { - return PSA_TO_MD_ERR(status); + return mbedtls_md_error_from_psa(status); } #else mbedtls_md_free(&ssl->handshake->fin_sha384); @@ -911,7 +911,7 @@ static int ssl_update_checksum_start(mbedtls_ssl_context *ssl, #if defined(MBEDTLS_USE_PSA_CRYPTO) status = psa_hash_update(&ssl->handshake->fin_sha256_psa, buf, len); if (status != PSA_SUCCESS) { - return PSA_TO_MD_ERR(status); + return mbedtls_md_error_from_psa(status); } #else ret = mbedtls_md_update(&ssl->handshake->fin_sha256, buf, len); @@ -924,7 +924,7 @@ static int ssl_update_checksum_start(mbedtls_ssl_context *ssl, #if defined(MBEDTLS_USE_PSA_CRYPTO) status = psa_hash_update(&ssl->handshake->fin_sha384_psa, buf, len); if (status != PSA_SUCCESS) { - return PSA_TO_MD_ERR(status); + return mbedtls_md_error_from_psa(status); } #else ret = mbedtls_md_update(&ssl->handshake->fin_sha384, buf, len); @@ -941,8 +941,8 @@ static int ssl_update_checksum_sha256(mbedtls_ssl_context *ssl, const unsigned char *buf, size_t len) { #if defined(MBEDTLS_USE_PSA_CRYPTO) - return PSA_TO_MD_ERR(psa_hash_update( - &ssl->handshake->fin_sha256_psa, buf, len)); + return mbedtls_md_error_from_psa(psa_hash_update( + &ssl->handshake->fin_sha256_psa, buf, len)); #else return mbedtls_md_update(&ssl->handshake->fin_sha256, buf, len); #endif @@ -954,8 +954,8 @@ static int ssl_update_checksum_sha384(mbedtls_ssl_context *ssl, const unsigned char *buf, size_t len) { #if defined(MBEDTLS_USE_PSA_CRYPTO) - return PSA_TO_MD_ERR(psa_hash_update( - &ssl->handshake->fin_sha384_psa, buf, len)); + return mbedtls_md_error_from_psa(psa_hash_update( + &ssl->handshake->fin_sha384_psa, buf, len)); #else return mbedtls_md_update(&ssl->handshake->fin_sha384, buf, len); #endif @@ -6627,7 +6627,7 @@ int ssl_calc_verify_tls_sha256(const mbedtls_ssl_context *ssl, exit: psa_hash_abort(&sha256_psa); - return PSA_TO_MD_ERR(status); + return mbedtls_md_error_from_psa(status); #else int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; mbedtls_md_context_t sha256; @@ -6689,7 +6689,7 @@ int ssl_calc_verify_tls_sha384(const mbedtls_ssl_context *ssl, exit: psa_hash_abort(&sha384_psa); - return PSA_TO_MD_ERR(status); + return mbedtls_md_error_from_psa(status); #else int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; mbedtls_md_context_t sha384; @@ -7742,7 +7742,7 @@ static int ssl_calc_finished_tls_sha256( exit: #if defined(MBEDTLS_USE_PSA_CRYPTO) psa_hash_abort(&sha256_psa); - return PSA_TO_MD_ERR(status); + return mbedtls_md_error_from_psa(status); #else mbedtls_md_free(&sha256); return ret; @@ -7831,7 +7831,7 @@ static int ssl_calc_finished_tls_sha384( exit: #if defined(MBEDTLS_USE_PSA_CRYPTO) psa_hash_abort(&sha384_psa); - return PSA_TO_MD_ERR(status); + return mbedtls_md_error_from_psa(status); #else mbedtls_md_free(&sha384); return ret; From b3b54abf8afe7540a15a42c7136f8c04e1ac4fcd Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Wed, 29 Mar 2023 12:36:34 +0200 Subject: [PATCH 288/328] Fix duplicated definition of a function MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Manuel Pégourié-Gonnard --- library/md.c | 20 ++------------------ 1 file changed, 2 insertions(+), 18 deletions(-) diff --git a/library/md.c b/library/md.c index 14b400bdc6..b77ce9f776 100644 --- a/library/md.c +++ b/library/md.c @@ -215,12 +215,6 @@ static int md_can_use_psa(const mbedtls_md_info_t *info) return psa_can_do_hash(alg); } - -static int mbedtls_md_error_from_psa(psa_status_t status) -{ - return PSA_TO_MBEDTLS_ERR_LIST(status, psa_to_md_errors, - psa_generic_status_to_mbedtls); -} #endif /* MBEDTLS_MD_SOME_PSA */ void mbedtls_md_init(mbedtls_md_context_t *ctx) @@ -750,18 +744,8 @@ mbedtls_md_type_t mbedtls_md_type_from_psa_alg(psa_algorithm_t psa_alg) int mbedtls_md_error_from_psa(psa_status_t status) { - switch (status) { - case PSA_SUCCESS: - return 0; - case PSA_ERROR_NOT_SUPPORTED: - return MBEDTLS_ERR_MD_FEATURE_UNAVAILABLE; - case PSA_ERROR_INVALID_ARGUMENT: - return MBEDTLS_ERR_MD_BAD_INPUT_DATA; - case PSA_ERROR_INSUFFICIENT_MEMORY: - return MBEDTLS_ERR_MD_ALLOC_FAILED; - default: - return MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED; - } + return PSA_TO_MBEDTLS_ERR_LIST(status, psa_to_md_errors, + psa_generic_status_to_mbedtls); } #endif /* MBEDTLS_PSA_CRYPTO_C */ From 725d2e24aa4d1244137d57a0c82cd4c6c41e62e9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Wed, 29 Mar 2023 12:38:37 +0200 Subject: [PATCH 289/328] Fix guard for PSA->MD error conversion MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Manuel Pégourié-Gonnard --- include/mbedtls/psa_util.h | 2 +- library/psa_util.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/include/mbedtls/psa_util.h b/include/mbedtls/psa_util.h index f1a49ec2ab..1971646234 100644 --- a/include/mbedtls/psa_util.h +++ b/include/mbedtls/psa_util.h @@ -373,7 +373,7 @@ typedef struct { int16_t mbedtls_error; } mbedtls_error_pair_t; -#if !defined(MBEDTLS_MD_C) || !defined(MBEDTLS_MD5_C) || defined(MBEDTLS_USE_PSA_CRYPTO) +#if defined(MBEDTLS_MD_LIGHT) extern const mbedtls_error_pair_t psa_to_md_errors[4]; #endif diff --git a/library/psa_util.c b/library/psa_util.c index 43a10a32c1..c354f34dbf 100644 --- a/library/psa_util.c +++ b/library/psa_util.c @@ -33,7 +33,7 @@ /* PSA_SUCCESS is kept at the top of each error table since * it's the most common status when everything functions properly. */ -#if !defined(MBEDTLS_MD_C) || !defined(MBEDTLS_MD5_C) || defined(MBEDTLS_USE_PSA_CRYPTO) +#if defined(MBEDTLS_MD_LIGHT) const mbedtls_error_pair_t psa_to_md_errors[] = { { PSA_SUCCESS, 0 }, From 28f504e89293adb9d3760b925af5bdc321221d8d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Thu, 30 Mar 2023 09:42:10 +0200 Subject: [PATCH 290/328] Use PSA-neutral function for availability check MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit We just want to check if this hash is available, and the check is present in builds both with PSA and without it. The function we were using is only present in builds with PSA, so it wasn't appropriate. Signed-off-by: Manuel Pégourié-Gonnard --- library/rsa.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/rsa.c b/library/rsa.c index 950d8e91c0..8126ae9cf0 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -478,7 +478,7 @@ int mbedtls_rsa_set_padding(mbedtls_rsa_context *ctx, int padding, if ((padding == MBEDTLS_RSA_PKCS_V21) && (hash_id != MBEDTLS_MD_NONE)) { /* Just make sure this hash is supported in this build. */ - if (mbedtls_md_psa_alg_from_type(hash_id) == PSA_ALG_NONE) { + if (mbedtls_md_info_from_type(hash_id) == NULL) { return MBEDTLS_ERR_RSA_INVALID_PADDING; } } From 45b34517fb01762b1ee3542e7dc8921f9aad86a0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Thu, 30 Mar 2023 12:19:35 +0200 Subject: [PATCH 291/328] Keep MD and PSA max size in sync MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Some TLS code is using MD_MAX_SIZE in parts that are common to USE_PSA and non-USE_PSA, then using PSA_HASH_MAX_SIZE in parts specific to USE_PSA, and having different values causes trouble. Signed-off-by: Manuel Pégourié-Gonnard --- include/mbedtls/md.h | 1 + include/psa/crypto_sizes.h | 14 ++++++++++++-- 2 files changed, 13 insertions(+), 2 deletions(-) diff --git a/include/mbedtls/md.h b/include/mbedtls/md.h index 79e25ea1b4..657b5cc01c 100644 --- a/include/mbedtls/md.h +++ b/include/mbedtls/md.h @@ -151,6 +151,7 @@ typedef enum { MBEDTLS_MD_RIPEMD160, /**< The RIPEMD-160 message digest. */ } mbedtls_md_type_t; +/* Note: this should be kept in sync with PSA_HASH_MAX_SIZE */ #if defined(MBEDTLS_MD_CAN_SHA512) #define MBEDTLS_MD_MAX_SIZE 64 /* longest known is SHA512 */ #elif defined(MBEDTLS_MD_CAN_SHA384) diff --git a/include/psa/crypto_sizes.h b/include/psa/crypto_sizes.h index 75d6582de1..94a8948fe4 100644 --- a/include/psa/crypto_sizes.h +++ b/include/psa/crypto_sizes.h @@ -128,12 +128,22 @@ /* Note: for HMAC-SHA-3, the block size is 144 bytes for HMAC-SHA3-226, * 136 bytes for HMAC-SHA3-256, 104 bytes for SHA3-384, 72 bytes for * HMAC-SHA3-512. */ -#if defined(PSA_WANT_ALG_SHA_512) || defined(PSA_WANT_ALG_SHA_384) +/* Note: PSA_HASH_MAX_SIZE should be kept in sync with MBEDTLS_MD_MAX_SIZE. */ +#if defined(PSA_WANT_ALG_SHA_512) #define PSA_HASH_MAX_SIZE 64 #define PSA_HMAC_MAX_HASH_BLOCK_SIZE 128 -#else +#elif defined(PSA_WANT_ALG_SHA_384) +#define PSA_HASH_MAX_SIZE 48 +#define PSA_HMAC_MAX_HASH_BLOCK_SIZE 128 +#elif defined(PSA_WANT_ALG_SHA_256) #define PSA_HASH_MAX_SIZE 32 #define PSA_HMAC_MAX_HASH_BLOCK_SIZE 64 +#elif defined(PSA_WANT_ALG_SHA_224) +#define PSA_HASH_MAX_SIZE 28 +#define PSA_HMAC_MAX_HASH_BLOCK_SIZE 64 +#else /* SHA-1 or smaller */ +#define PSA_HASH_MAX_SIZE 20 +#define PSA_HMAC_MAX_HASH_BLOCK_SIZE 64 #endif /** \def PSA_MAC_MAX_SIZE From f76c2208f6f3a3abd6044d9e47180a3e244717d9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Wed, 24 May 2023 12:19:54 +0200 Subject: [PATCH 292/328] Remove mbedtls_psa_translate_md(). MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The header clearly states all functions here are internal, so we're free to remove them at any time. Signed-off-by: Manuel Pégourié-Gonnard --- include/mbedtls/psa_util.h | 45 -------------------------------------- 1 file changed, 45 deletions(-) diff --git a/include/mbedtls/psa_util.h b/include/mbedtls/psa_util.h index 1971646234..528c0ab36e 100644 --- a/include/mbedtls/psa_util.h +++ b/include/mbedtls/psa_util.h @@ -122,51 +122,6 @@ static inline psa_key_usage_t mbedtls_psa_translate_cipher_operation( } } -/* Translations for hashing. */ - -/* Note: this function should not be used from inside the library, use - * mbedtls_md_psa_alg_from_type() from the internal md_psa.h instead. - * It is kept only for compatibility in case applications were using it. */ -#if !defined(MBEDTLS_DEPRECATED_REMOVED) -static inline MBEDTLS_DEPRECATED psa_algorithm_t mbedtls_psa_translate_md(mbedtls_md_type_t md_alg) -{ - switch (md_alg) { -#if defined(MBEDTLS_MD5_C) || defined(PSA_WANT_ALG_MD5) - case MBEDTLS_MD_MD5: - return PSA_ALG_MD5; -#endif -#if defined(MBEDTLS_SHA1_C) || defined(PSA_WANT_ALG_SHA_1) - case MBEDTLS_MD_SHA1: - return PSA_ALG_SHA_1; -#endif -#if defined(MBEDTLS_SHA224_C) || defined(PSA_WANT_ALG_SHA_224) - case MBEDTLS_MD_SHA224: - return PSA_ALG_SHA_224; -#endif -#if defined(MBEDTLS_SHA256_C) || defined(PSA_WANT_ALG_SHA_256) - case MBEDTLS_MD_SHA256: - return PSA_ALG_SHA_256; -#endif -#if defined(MBEDTLS_SHA384_C) || defined(PSA_WANT_ALG_SHA_384) - case MBEDTLS_MD_SHA384: - return PSA_ALG_SHA_384; -#endif -#if defined(MBEDTLS_SHA512_C) || defined(PSA_WANT_ALG_SHA_512) - case MBEDTLS_MD_SHA512: - return PSA_ALG_SHA_512; -#endif -#if defined(MBEDTLS_RIPEMD160_C) || defined(PSA_WANT_ALG_RIPEMD160) - case MBEDTLS_MD_RIPEMD160: - return PSA_ALG_RIPEMD160; -#endif - case MBEDTLS_MD_NONE: - return 0; - default: - return 0; - } -} -#endif /* MBEDTLS_DEPRECATED_REMOVED */ - /* Translations for ECC. */ static inline int mbedtls_psa_get_ecc_oid_from_id( From c9d98295339752a1e547d1eeb6933dcccbccc224 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Wed, 24 May 2023 12:28:38 +0200 Subject: [PATCH 293/328] Add comment on macros that should be kept in sync MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Manuel Pégourié-Gonnard --- include/mbedtls/md.h | 11 ++++++++++- include/psa/crypto_sizes.h | 3 ++- 2 files changed, 12 insertions(+), 2 deletions(-) diff --git a/include/mbedtls/md.h b/include/mbedtls/md.h index 657b5cc01c..44b76f403f 100644 --- a/include/mbedtls/md.h +++ b/include/mbedtls/md.h @@ -151,7 +151,16 @@ typedef enum { MBEDTLS_MD_RIPEMD160, /**< The RIPEMD-160 message digest. */ } mbedtls_md_type_t; -/* Note: this should be kept in sync with PSA_HASH_MAX_SIZE */ +/* Note: this should always be >= PSA_HASH_MAX_SIZE + * in all builds with both CRYPTO_C and MD_LIGHT. + * + * This is to make things easier for modules such as TLS that may define a + * buffer size using MD_MAX_SIZE in a part of the code that's common to PSA + * and legacy, then assume the buffer's size is PSA_HASH_MAX_SIZE in another + * part of the code based on PSA. + * + * Currently both macros have the same value, avoiding such issues. + */ #if defined(MBEDTLS_MD_CAN_SHA512) #define MBEDTLS_MD_MAX_SIZE 64 /* longest known is SHA512 */ #elif defined(MBEDTLS_MD_CAN_SHA384) diff --git a/include/psa/crypto_sizes.h b/include/psa/crypto_sizes.h index 94a8948fe4..8cc965b09f 100644 --- a/include/psa/crypto_sizes.h +++ b/include/psa/crypto_sizes.h @@ -128,7 +128,8 @@ /* Note: for HMAC-SHA-3, the block size is 144 bytes for HMAC-SHA3-226, * 136 bytes for HMAC-SHA3-256, 104 bytes for SHA3-384, 72 bytes for * HMAC-SHA3-512. */ -/* Note: PSA_HASH_MAX_SIZE should be kept in sync with MBEDTLS_MD_MAX_SIZE. */ +/* Note: PSA_HASH_MAX_SIZE should be kept in sync with MBEDTLS_MD_MAX_SIZE, + * see the note on MBEDTLS_MD_MAX_SIZE for details. */ #if defined(PSA_WANT_ALG_SHA_512) #define PSA_HASH_MAX_SIZE 64 #define PSA_HMAC_MAX_HASH_BLOCK_SIZE 128 From cf61a742096e517b114051b054d05296a9d9604a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Thu, 25 May 2023 09:11:41 +0200 Subject: [PATCH 294/328] Add static check for macros that should be in sync MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Manuel Pégourié-Gonnard --- library/md.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/library/md.c b/library/md.c index b77ce9f776..0be1d7e4fc 100644 --- a/library/md.c +++ b/library/md.c @@ -70,6 +70,11 @@ #include #endif +/* See comment above MBEDTLS_MD_MAX_SIZE in md.h */ +#if defined(MBEDTLS_PSA_CRYPTO_C) && MBEDTLS_MD_MAX_SIZE < PSA_HASH_MAX_SIZE +#error "Internal error: MBEDTLS_MD_MAX_SIZE < PSA_HASH_MAX_SIZE" +#endif + #if defined(MBEDTLS_MD_CAN_MD5) const mbedtls_md_info_t mbedtls_md5_info = { "MD5", From 0ab5b9392231dc585717e91593cdc7fc0ee9451a Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Mon, 29 May 2023 16:30:50 +0200 Subject: [PATCH 295/328] Add support for parsing SAN IP address Signed-off-by: Przemek Stekiel --- library/x509.c | 42 ++++++++++++++++++++++++++++++++++++------ 1 file changed, 36 insertions(+), 6 deletions(-) diff --git a/library/x509.c b/library/x509.c index 8a4426478d..32846f9cff 100644 --- a/library/x509.c +++ b/library/x509.c @@ -1438,7 +1438,18 @@ int mbedtls_x509_parse_subject_alt_name(const mbedtls_x509_buf *san_buf, san_buf, sizeof(*san_buf)); } break; + /* + * IP address + */ + case (MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_X509_SAN_IP_ADDRESS): + { + memset(san, 0, sizeof(mbedtls_x509_subject_alternative_name)); + san->type = MBEDTLS_X509_SAN_IP_ADDRESS; + memcpy(&san->san.unstructured_name, + san_buf, sizeof(*san_buf)); + } + break; /* * rfc822Name */ @@ -1449,7 +1460,6 @@ int mbedtls_x509_parse_subject_alt_name(const mbedtls_x509_buf *san_buf, memcpy(&san->san.unstructured_name, san_buf, sizeof(*san_buf)); } break; - /* * directoryName */ @@ -1576,27 +1586,47 @@ int mbedtls_x509_info_subject_alt_name(char **buf, size_t *size, /* * dNSName * RFC822 Name + * iPAddress */ case MBEDTLS_X509_SAN_DNS_NAME: case MBEDTLS_X509_SAN_RFC822_NAME: + case MBEDTLS_X509_SAN_IP_ADDRESS: { const char *dns_name = "dNSName"; const char *rfc822_name = "rfc822Name"; + const char *ip_name = "iPAddress"; + + const char *name = san.type == MBEDTLS_X509_SAN_DNS_NAME ? dns_name : san.type == + MBEDTLS_X509_SAN_RFC822_NAME ? rfc822_name : ip_name; ret = mbedtls_snprintf(p, n, "\n%s %s : ", prefix, - san.type == - MBEDTLS_X509_SAN_DNS_NAME ? dns_name : rfc822_name); + name); MBEDTLS_X509_SAFE_SNPRINTF; if (san.san.unstructured_name.len >= n) { *p = '\0'; return MBEDTLS_ERR_X509_BUFFER_TOO_SMALL; } - memcpy(p, san.san.unstructured_name.p, san.san.unstructured_name.len); - p += san.san.unstructured_name.len; - n -= san.san.unstructured_name.len; + if (san.type == MBEDTLS_X509_SAN_IP_ADDRESS) { + int len = 0; + unsigned char *ip = san.san.unstructured_name.p; + // Only IPv6 (16 bytes) and IPv4 (4 bytes) types are supported + if (san.san.unstructured_name.len == 4) { + len = sprintf(p, "%d.%d.%d.%d", ip[0], ip[1], ip[2], ip[3]); + } else { + len = sprintf(p, "%X%X:%X%X:%X%X:%X%X:%X%X:%X%X:%X%X:%X%X", + ip[0], ip[1], ip[2], ip[3], ip[4], ip[5], ip[6], ip[7], ip[8], + ip[9], ip[10], ip[11], ip[12], ip[13], ip[14], ip[15]); + } + p += len; + n -= len; + } else { + memcpy(p, san.san.unstructured_name.p, san.san.unstructured_name.len); + p += san.san.unstructured_name.len; + n -= san.san.unstructured_name.len; + } } break; From 63a4cdd1ebea3e2730b99c4aec4b822462aec3f0 Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Mon, 29 May 2023 16:35:33 +0200 Subject: [PATCH 296/328] Add test to parse ipV4 and ipV6 addresses Signed-off-by: Przemek Stekiel --- tests/suites/test_suite_x509parse.data | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/tests/suites/test_suite_x509parse.data b/tests/suites/test_suite_x509parse.data index 36f1df1ba0..15175cfcb2 100644 --- a/tests/suites/test_suite_x509parse.data +++ b/tests/suites/test_suite_x509parse.data @@ -128,7 +128,7 @@ x509_cert_info:"data_files/parse_input/multiple_san.crt":"cert. version \: 3 X509 CRT information, Subject Alt Name + Key Usage depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_MD_CAN_SHA1 -x509_cert_info:"data_files/parse_input/cert_example_multi_nocn.crt":"cert. version \: 3\nserial number \: F7\:C6\:7F\:F8\:E9\:A9\:63\:F9\nissuer name \: C=NL\nsubject name \: C=NL\nissued on \: 2014-01-22 10\:04\:33\nexpires on \: 2024-01-22 10\:04\:33\nsigned using \: RSA with SHA1\nRSA key size \: 1024 bits\nbasic constraints \: CA=false\nsubject alt name \:\n dNSName \: www.shotokan-braunschweig.de\n dNSName \: www.massimo-abate.eu\n \n \nkey usage \: Digital Signature, Non Repudiation, Key Encipherment\n" +x509_cert_info:"data_files/parse_input/cert_example_multi_nocn.crt":"cert. version \: 3\nserial number \: F7\:C6\:7F\:F8\:E9\:A9\:63\:F9\nissuer name \: C=NL\nsubject name \: C=NL\nissued on \: 2014-01-22 10\:04\:33\nexpires on \: 2024-01-22 10\:04\:33\nsigned using \: RSA with SHA1\nRSA key size \: 1024 bits\nbasic constraints \: CA=false\nsubject alt name \:\n dNSName \: www.shotokan-braunschweig.de\n dNSName \: www.massimo-abate.eu\n iPAddress \: 192.168.1.1\n iPAddress \: 192.168.69.144\nkey usage \: Digital Signature, Non Repudiation, Key Encipherment\n" X509 CRT information, Subject Alt Name with uniformResourceIdentifier depends_on:MBEDTLS_RSA_C:MBEDTLS_MD_CAN_SHA256 @@ -190,6 +190,10 @@ X509 CRT information Non-ASCII string in issuer name and subject name depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_MD_CAN_SHA256 x509_cert_info:"data_files/parse_input/non-ascii-string-in-issuer.crt":"cert. version \: 3\nserial number \: 05\:E6\:53\:E7\:1B\:74\:F0\:B5\:D3\:84\:6D\:0C\:6D\:DC\:FA\:3F\:A4\:5A\:2B\:E0\nissuer name \: C=JP, ST=Tokyo, O=?????????????????? Ltd, CN=?????????????????? CA\nsubject name \: C=JP, ST=Tokyo, O=?????????????????? Ltd, CN=?????????????????? CA\nissued on \: 2020-05-20 16\:17\:23\nexpires on \: 2020-06-19 16\:17\:23\nsigned using \: RSA with SHA-256\nRSA key size \: 2048 bits\nbasic constraints \: CA=true\n" +X509 CRT information Parsing IPv4 and IPv6 IP names +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_MD_CAN_SHA256:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_RSA_C +x509_cert_info:"data_files/server5-tricky-ip-san.crt":"cert. version \: 3\nserial number \: 4D\nissuer name \: C=UK, O=Mbed TLS, CN=Mbed TLS Tricky IP SAN\nsubject name \: C=UK, O=Mbed TLS, CN=Mbed TLS Tricky IP SAN\nissued on \: 2020-07-23 10\:27\:46\nexpires on \: 2030-07-21 10\:27\:46\nsigned using \: ECDSA with SHA256\nEC key size \: 256 bits\nsubject alt name \:\n iPAddress \: 97.98.99.100\n iPAddress \: 6162\:6364\:2E65\:7861\:6D70\:6C65\:2E63\:6F6D\n" + X509 SAN parsing otherName depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_MD_CAN_SHA256 x509_parse_san:"data_files/parse_input/server5-othername.crt":"type \: 0\notherName \: hardware module name \: hardware type \: 1.3.6.1.4.1.17.3, hardware serial number \: 313233343536\n":0 From 093c97d492be691f788fdda06cbebb43ae5c0999 Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Fri, 2 Jun 2023 10:11:32 +0200 Subject: [PATCH 297/328] Add separate case for ip address Signed-off-by: Przemek Stekiel --- library/x509.c | 57 +++++++++++++++++++++++++++++--------------------- 1 file changed, 33 insertions(+), 24 deletions(-) diff --git a/library/x509.c b/library/x509.c index 32846f9cff..c5741291e9 100644 --- a/library/x509.c +++ b/library/x509.c @@ -1590,46 +1590,55 @@ int mbedtls_x509_info_subject_alt_name(char **buf, size_t *size, */ case MBEDTLS_X509_SAN_DNS_NAME: case MBEDTLS_X509_SAN_RFC822_NAME: - case MBEDTLS_X509_SAN_IP_ADDRESS: { const char *dns_name = "dNSName"; const char *rfc822_name = "rfc822Name"; - const char *ip_name = "iPAddress"; - - const char *name = san.type == MBEDTLS_X509_SAN_DNS_NAME ? dns_name : san.type == - MBEDTLS_X509_SAN_RFC822_NAME ? rfc822_name : ip_name; ret = mbedtls_snprintf(p, n, "\n%s %s : ", prefix, - name); + san.type == + MBEDTLS_X509_SAN_DNS_NAME ? dns_name : rfc822_name); MBEDTLS_X509_SAFE_SNPRINTF; if (san.san.unstructured_name.len >= n) { *p = '\0'; return MBEDTLS_ERR_X509_BUFFER_TOO_SMALL; } - if (san.type == MBEDTLS_X509_SAN_IP_ADDRESS) { - int len = 0; - unsigned char *ip = san.san.unstructured_name.p; - // Only IPv6 (16 bytes) and IPv4 (4 bytes) types are supported - if (san.san.unstructured_name.len == 4) { - len = sprintf(p, "%d.%d.%d.%d", ip[0], ip[1], ip[2], ip[3]); - } else { - len = sprintf(p, "%X%X:%X%X:%X%X:%X%X:%X%X:%X%X:%X%X:%X%X", - ip[0], ip[1], ip[2], ip[3], ip[4], ip[5], ip[6], ip[7], ip[8], - ip[9], ip[10], ip[11], ip[12], ip[13], ip[14], ip[15]); - } - p += len; - n -= len; - } else { - memcpy(p, san.san.unstructured_name.p, san.san.unstructured_name.len); - p += san.san.unstructured_name.len; - n -= san.san.unstructured_name.len; - } + memcpy(p, san.san.unstructured_name.p, san.san.unstructured_name.len); + p += san.san.unstructured_name.len; + n -= san.san.unstructured_name.len; } break; + /* + * iPAddress + */ + case MBEDTLS_X509_SAN_IP_ADDRESS: + { + ret = mbedtls_snprintf(p, n, "\n%s %s : ", + prefix, "iPAddress"); + MBEDTLS_X509_SAFE_SNPRINTF; + if (san.san.unstructured_name.len >= n) { + *p = '\0'; + return MBEDTLS_ERR_X509_BUFFER_TOO_SMALL; + } + int len = 0; + unsigned char *ip = san.san.unstructured_name.p; + // Only IPv6 (16 bytes) and IPv4 (4 bytes) types are supported + if (san.san.unstructured_name.len == 4) { + len = sprintf(p, "%d.%d.%d.%d", ip[0], ip[1], ip[2], ip[3]); + } else if (san.san.unstructured_name.len == 16) { + len = sprintf(p, "%X%X:%X%X:%X%X:%X%X:%X%X:%X%X:%X%X:%X%X", + ip[0], ip[1], ip[2], ip[3], ip[4], ip[5], ip[6], ip[7], ip[8], + ip[9], ip[10], ip[11], ip[12], ip[13], ip[14], ip[15]); + } else { + return MBEDTLS_ERR_X509_BAD_INPUT_DATA; + } + p += len; + n -= len; + } + break; /* * directoryName */ From 01cb6eb251943d7ac625d82aff7aa49f71ea2d3b Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Mon, 5 Jun 2023 16:38:13 +0200 Subject: [PATCH 298/328] Fix parsing of SAN IP (use mbedtls_snprintf, validate buffer length) Signed-off-by: Przemek Stekiel --- library/x509.c | 38 ++++++++++++++++++++++++++++---------- 1 file changed, 28 insertions(+), 10 deletions(-) diff --git a/library/x509.c b/library/x509.c index c5741291e9..130d4e7397 100644 --- a/library/x509.c +++ b/library/x509.c @@ -1445,9 +1445,13 @@ int mbedtls_x509_parse_subject_alt_name(const mbedtls_x509_buf *san_buf, { memset(san, 0, sizeof(mbedtls_x509_subject_alternative_name)); san->type = MBEDTLS_X509_SAN_IP_ADDRESS; - - memcpy(&san->san.unstructured_name, - san_buf, sizeof(*san_buf)); + // Only IPv6 (16 bytes) and IPv4 (4 bytes) types are supported + if (san_buf->len == 4 || san_buf->len == 16) { + memcpy(&san->san.unstructured_name, + san_buf, sizeof(*san_buf)); + } else { + return MBEDTLS_ERR_X509_BAD_INPUT_DATA; + } } break; /* @@ -1574,7 +1578,9 @@ int mbedtls_x509_info_subject_alt_name(char **buf, size_t *size, ret = mbedtls_snprintf(p, n, "\n%s uniformResourceIdentifier : ", prefix); MBEDTLS_X509_SAFE_SNPRINTF; if (san.san.unstructured_name.len >= n) { - *p = '\0'; + if (n > 0) { + *p = '\0'; + } return MBEDTLS_ERR_X509_BUFFER_TOO_SMALL; } @@ -1601,7 +1607,9 @@ int mbedtls_x509_info_subject_alt_name(char **buf, size_t *size, MBEDTLS_X509_SAN_DNS_NAME ? dns_name : rfc822_name); MBEDTLS_X509_SAFE_SNPRINTF; if (san.san.unstructured_name.len >= n) { - *p = '\0'; + if (n > 0) { + *p = '\0'; + } return MBEDTLS_ERR_X509_BUFFER_TOO_SMALL; } @@ -1619,7 +1627,9 @@ int mbedtls_x509_info_subject_alt_name(char **buf, size_t *size, prefix, "iPAddress"); MBEDTLS_X509_SAFE_SNPRINTF; if (san.san.unstructured_name.len >= n) { - *p = '\0'; + if (n > 0) { + *p = '\0'; + } return MBEDTLS_ERR_X509_BUFFER_TOO_SMALL; } @@ -1627,12 +1637,17 @@ int mbedtls_x509_info_subject_alt_name(char **buf, size_t *size, unsigned char *ip = san.san.unstructured_name.p; // Only IPv6 (16 bytes) and IPv4 (4 bytes) types are supported if (san.san.unstructured_name.len == 4) { - len = sprintf(p, "%d.%d.%d.%d", ip[0], ip[1], ip[2], ip[3]); + len = mbedtls_snprintf(p, n, "%u.%u.%u.%u", ip[0], ip[1], ip[2], ip[3]); } else if (san.san.unstructured_name.len == 16) { - len = sprintf(p, "%X%X:%X%X:%X%X:%X%X:%X%X:%X%X:%X%X:%X%X", - ip[0], ip[1], ip[2], ip[3], ip[4], ip[5], ip[6], ip[7], ip[8], - ip[9], ip[10], ip[11], ip[12], ip[13], ip[14], ip[15]); + len = mbedtls_snprintf(p, n, + "%X%X:%X%X:%X%X:%X%X:%X%X:%X%X:%X%X:%X%X", + ip[0], ip[1], ip[2], ip[3], ip[4], ip[5], ip[6], + ip[7], ip[8], ip[9], ip[10], ip[11], ip[12],ip[13], + ip[14], ip[15]); } else { + if (n > 0) { + *p = '\0'; + } return MBEDTLS_ERR_X509_BAD_INPUT_DATA; } p += len; @@ -1654,6 +1669,9 @@ int mbedtls_x509_info_subject_alt_name(char **buf, size_t *size, if (ret < 0) { mbedtls_x509_free_subject_alt_name(&san); + if (n > 0) { + *p = '\0'; + } return ret; } From 63973ab80e090d9daabe43125cf6d206f5297789 Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Mon, 5 Jun 2023 16:39:57 +0200 Subject: [PATCH 299/328] Add test for invalid IP length (+use der format in tests) Signed-off-by: Przemek Stekiel --- tests/data_files/Makefile | 8 +++- ...erver5-tricky-ip-san-malformed-len.crt.der | Bin 0 -> 409 bytes tests/data_files/server5-tricky-ip-san.crt | 11 ------ .../data_files/server5-tricky-ip-san.crt.der | Bin 0 -> 409 bytes tests/suites/test_suite_x509parse.data | 36 ++++++++++-------- 5 files changed, 26 insertions(+), 29 deletions(-) create mode 100644 tests/data_files/server5-tricky-ip-san-malformed-len.crt.der delete mode 100644 tests/data_files/server5-tricky-ip-san.crt create mode 100644 tests/data_files/server5-tricky-ip-san.crt.der diff --git a/tests/data_files/Makefile b/tests/data_files/Makefile index 070a8f70f9..63486167a3 100644 --- a/tests/data_files/Makefile +++ b/tests/data_files/Makefile @@ -339,8 +339,12 @@ server5-unsupported_othername.crt: server5.key server5-fan.crt: server5.key $(OPENSSL) req -x509 -new -subj "/C=UK/O=Mbed TLS/CN=Mbed TLS FAN" -set_serial 77 -config $(test_ca_config_file) -extensions fan_cert -days 3650 -sha256 -key server5.key -out $@ -server5-tricky-ip-san.crt: server5.key - $(OPENSSL) req -x509 -new -subj "/C=UK/O=Mbed TLS/CN=Mbed TLS Tricky IP SAN" -set_serial 77 -config $(test_ca_config_file) -extensions tricky_ip_san -days 3650 -sha256 -key server5.key -out $@ +server5-tricky-ip-san.crt.der: server5.key + $(OPENSSL) req -x509 -new -subj "/C=UK/O=Mbed TLS/CN=Mbed TLS Tricky IP SAN" -set_serial 77 -config $(test_ca_config_file) -extensions tricky_ip_san -days 3650 -sha256 -key server5.key -outform der -out $@ + +# malformed IP length +server5-tricky-ip-san-malformed-len.crt.der: server5-tricky-ip-san.crt.der + hexdump -ve '1/1 "%.2X"' $< | sed "s/87046162636487106162/87056162636487106162/" | xxd -r -p > $@ server5-directoryname.crt.der: server5.key $(OPENSSL) req -x509 -outform der -new -subj "/C=UK/O=Mbed TLS/CN=Mbed TLS directoryName SAN" -set_serial 77 -config $(test_ca_config_file) -extensions directory_name_san -days 3650 -sha256 -key server5.key -out $@ diff --git a/tests/data_files/server5-tricky-ip-san-malformed-len.crt.der b/tests/data_files/server5-tricky-ip-san-malformed-len.crt.der new file mode 100644 index 0000000000000000000000000000000000000000..a26da6ca04cf518827bb11b754cff5a5d6647b42 GIT binary patch literal 409 zcmXqLVw`Hw#AvgCnTe5!iP6`9i;Y98&EuRc3p0~}qan8eCmVAp3!5-gsJEe@0Y8Yt z#lzv7l$xRt;uCBrZy*a2V&)Np2`PjWWhQ4=DtHDc1Uvc}$cghB85@`xm>L=y8yK5K ziSrtRxJFPeHLQp<5N2ZsyP1g*>Ud^Gc4j9A7V|Sw9^7cbZ6vCw$uEyly`Z$&!#{HkWN`Y$Q{vdnBT HW5`SZC1H4O literal 0 HcmV?d00001 diff --git a/tests/data_files/server5-tricky-ip-san.crt b/tests/data_files/server5-tricky-ip-san.crt deleted file mode 100644 index 135830fbec..0000000000 --- a/tests/data_files/server5-tricky-ip-san.crt +++ /dev/null @@ -1,11 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIBljCCATygAwIBAgIBTTAKBggqhkjOPQQDAjBBMQswCQYDVQQGEwJVSzERMA8G -A1UECgwITWJlZCBUTFMxHzAdBgNVBAMMFk1iZWQgVExTIFRyaWNreSBJUCBTQU4w -HhcNMjAwNzIzMTAyNzQ2WhcNMzAwNzIxMTAyNzQ2WjBBMQswCQYDVQQGEwJVSzER -MA8GA1UECgwITWJlZCBUTFMxHzAdBgNVBAMMFk1iZWQgVExTIFRyaWNreSBJUCBT -QU4wWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQ3zFbZdgkeWnI+x1kt/yBu7nz5 -BpF00K0UtfdoIllikk7lANgjEf/qL9I0XV0WvYqIwmt3DVXNiioO+gHItO3/oyUw -IzAhBgNVHREEGjAYhwRhYmNkhxBhYmNkLmV4YW1wbGUuY29tMAoGCCqGSM49BAMC -A0gAMEUCIFDc8ZALA/9Zv7dZTWrZOOp/dgPAEJRT+h68nD6KF+XyAiEAs1QqugOo -Dwru0DSEmpYkmj1Keunpd0VopM0joC1cc5A= ------END CERTIFICATE----- diff --git a/tests/data_files/server5-tricky-ip-san.crt.der b/tests/data_files/server5-tricky-ip-san.crt.der new file mode 100644 index 0000000000000000000000000000000000000000..0bd06f845be296a056aba730844d8cb2e4b7f4db GIT binary patch literal 409 zcmXqLVw`Hw#AvgCnTe5!iP6`9i;Y98&EuRc3p0~}qan8eCmVAp3!5-gsJEe@0Y8Yt z#lzv7l$xRt;uCBrZy*a2V&)Np2`PjWWhQ4=DtHDc1Uvc}$cghB85@`xm>L=y8yK5K ziSrtRxJFPeHLQp<5N2ZsyP1g*>Ud^Gc4j9A7V|Sw9^7cbZ6vCw$uEyly`Z$&!#{HkWN`Y$Q{vdnBT HW5`SZB=vZ0 literal 0 HcmV?d00001 diff --git a/tests/suites/test_suite_x509parse.data b/tests/suites/test_suite_x509parse.data index 15175cfcb2..35ad93eac4 100644 --- a/tests/suites/test_suite_x509parse.data +++ b/tests/suites/test_suite_x509parse.data @@ -191,8 +191,8 @@ depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_MD_CAN_SHA256 x509_cert_info:"data_files/parse_input/non-ascii-string-in-issuer.crt":"cert. version \: 3\nserial number \: 05\:E6\:53\:E7\:1B\:74\:F0\:B5\:D3\:84\:6D\:0C\:6D\:DC\:FA\:3F\:A4\:5A\:2B\:E0\nissuer name \: C=JP, ST=Tokyo, O=?????????????????? Ltd, CN=?????????????????? CA\nsubject name \: C=JP, ST=Tokyo, O=?????????????????? Ltd, CN=?????????????????? CA\nissued on \: 2020-05-20 16\:17\:23\nexpires on \: 2020-06-19 16\:17\:23\nsigned using \: RSA with SHA-256\nRSA key size \: 2048 bits\nbasic constraints \: CA=true\n" X509 CRT information Parsing IPv4 and IPv6 IP names -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_MD_CAN_SHA256:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_RSA_C -x509_cert_info:"data_files/server5-tricky-ip-san.crt":"cert. version \: 3\nserial number \: 4D\nissuer name \: C=UK, O=Mbed TLS, CN=Mbed TLS Tricky IP SAN\nsubject name \: C=UK, O=Mbed TLS, CN=Mbed TLS Tricky IP SAN\nissued on \: 2020-07-23 10\:27\:46\nexpires on \: 2030-07-21 10\:27\:46\nsigned using \: ECDSA with SHA256\nEC key size \: 256 bits\nsubject alt name \:\n iPAddress \: 97.98.99.100\n iPAddress \: 6162\:6364\:2E65\:7861\:6D70\:6C65\:2E63\:6F6D\n" +depends_on:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_MD_CAN_SHA256:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_RSA_C +x509_cert_info:"data_files/server5-tricky-ip-san.crt.der":"cert. version \: 3\nserial number \: 4D\nissuer name \: C=UK, O=Mbed TLS, CN=Mbed TLS Tricky IP SAN\nsubject name \: C=UK, O=Mbed TLS, CN=Mbed TLS Tricky IP SAN\nissued on \: 2023-06-05 11\:30\:36\nexpires on \: 2033-06-02 11\:30\:36\nsigned using \: ECDSA with SHA256\nEC key size \: 256 bits\nsubject alt name \:\n iPAddress \: 97.98.99.100\n iPAddress \: 6162\:6364\:2E65\:7861\:6D70\:6C65\:2E63\:6F6D\n" X509 SAN parsing otherName depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_MD_CAN_SHA256 @@ -234,6 +234,10 @@ X509 SAN parsing rfc822Name depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_MD_CAN_SHA256 x509_parse_san:"data_files/parse_input/test_cert_rfc822name.crt.der":"type \: 1\nrfc822Name \: my@other.address\ntype \: 1\nrfc822Name \: second@other.address\n":0 +X509 CRT information Parsing IP (invalid data) +depends_on:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_MD_CAN_SHA256:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_RSA_C +x509_parse_san:"data_files/server5-tricky-ip-san-malformed-len.crt.der":"":MBEDTLS_ERR_X509_BAD_INPUT_DATA + X509 CRL information #1 depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_RSA_C:!MBEDTLS_X509_REMOVE_INFO mbedtls_x509_crl_info:"data_files/parse_input/crl_expired.pem":"CRL version \: 1\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2011-02-20 10\:24\:19\nnext update \: 2011-02-20 11\:24\:19\nRevoked certificates\:\nserial number\: 01 revocation date\: 2011-02-12 14\:44\:07\nserial number\: 03 revocation date\: 2011-02-12 14\:44\:07\nsigned using \: RSA with SHA1\n" @@ -1020,32 +1024,32 @@ depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V x509_verify:"data_files/server1.crt":"data_files/test-ca.crt":"data_files/crl-futureRevocationDate.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_REVOKED:"compat":"NULL" X509 CRT verification: domain identical to IPv4 in SubjectAltName -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_MD_CAN_SHA256:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_RSA_C -x509_verify:"data_files/server5-tricky-ip-san.crt":"data_files/server5-tricky-ip-san.crt":"data_files/crl_sha256.pem":"abcd":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_CN_MISMATCH:"":"NULL" +depends_on:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_MD_CAN_SHA256:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_RSA_C +x509_verify:"data_files/server5-tricky-ip-san.crt.der":"data_files/server5-tricky-ip-san.crt.der":"data_files/crl_sha256.pem":"abcd":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_CN_MISMATCH:"":"NULL" X509 CRT verification: domain identical to IPv6 in SubjectAltName -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_MD_CAN_SHA256:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_RSA_C -x509_verify:"data_files/server5-tricky-ip-san.crt":"data_files/server5-tricky-ip-san.crt":"data_files/crl_sha256.pem":"abcd.example.com":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_CN_MISMATCH:"":"NULL" +depends_on:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_MD_CAN_SHA256:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_RSA_C +x509_verify:"data_files/server5-tricky-ip-san.crt.der":"data_files/server5-tricky-ip-san.crt.der":"data_files/crl_sha256.pem":"abcd.example.com":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_CN_MISMATCH:"":"NULL" X509 CRT verification: matching IPv4 in SubjectAltName -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_MD_CAN_SHA256:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_RSA_C -x509_verify:"data_files/server5-tricky-ip-san.crt":"data_files/server5-tricky-ip-san.crt":"data_files/crl_sha256.pem":"97.98.99.100":0:0:"":"NULL" +depends_on:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_MD_CAN_SHA256:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_RSA_C +x509_verify:"data_files/server5-tricky-ip-san.crt.der":"data_files/server5-tricky-ip-san.crt.der":"data_files/crl_sha256.pem":"97.98.99.100":0:0:"":"NULL" X509 CRT verification: mismatching IPv4 in SubjectAltName -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_MD_CAN_SHA256:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_RSA_C -x509_verify:"data_files/server5-tricky-ip-san.crt":"data_files/server5-tricky-ip-san.crt":"data_files/crl_sha256.pem":"7.8.9.10":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_CN_MISMATCH:"":"NULL" +depends_on:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_MD_CAN_SHA256:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_RSA_C +x509_verify:"data_files/server5-tricky-ip-san.crt.der":"data_files/server5-tricky-ip-san.crt.der":"data_files/crl_sha256.pem":"7.8.9.10":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_CN_MISMATCH:"":"NULL" X509 CRT verification: IPv4 with trailing data in SubjectAltName -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_MD_CAN_SHA256:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_RSA_C -x509_verify:"data_files/server5-tricky-ip-san.crt":"data_files/server5-tricky-ip-san.crt":"data_files/crl_sha256.pem":"97.98.99.100?":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_CN_MISMATCH:"":"NULL" +depends_on:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_MD_CAN_SHA256:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_RSA_C +x509_verify:"data_files/server5-tricky-ip-san.crt.der":"data_files/server5-tricky-ip-san.crt.der":"data_files/crl_sha256.pem":"97.98.99.100?":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_CN_MISMATCH:"":"NULL" X509 CRT verification: matching IPv6 in SubjectAltName -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_MD_CAN_SHA256:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_RSA_C -x509_verify:"data_files/server5-tricky-ip-san.crt":"data_files/server5-tricky-ip-san.crt":"data_files/crl_sha256.pem":"6162\:6364\:2E65\:7861\:6D70\:6C65\:2E63\:6F6D":0:0:"":"NULL" +depends_on:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_MD_CAN_SHA256:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_RSA_C +x509_verify:"data_files/server5-tricky-ip-san.crt.der":"data_files/server5-tricky-ip-san.crt.der":"data_files/crl_sha256.pem":"6162\:6364\:2E65\:7861\:6D70\:6C65\:2E63\:6F6D":0:0:"":"NULL" X509 CRT verification: mismatching IPv6 in SubjectAltName -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_MD_CAN_SHA256:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_RSA_C -x509_verify:"data_files/server5-tricky-ip-san.crt":"data_files/server5-tricky-ip-san.crt":"data_files/crl_sha256.pem":"6162\:6364\:\:6F6D":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_CN_MISMATCH:"":"NULL" +depends_on:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_MD_CAN_SHA256:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_RSA_C +x509_verify:"data_files/server5-tricky-ip-san.crt.der":"data_files/server5-tricky-ip-san.crt.der":"data_files/crl_sha256.pem":"6162\:6364\:\:6F6D":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_CN_MISMATCH:"":"NULL" X509 CRT verification: matching URI in SubjectAltName depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_MD_CAN_SHA256:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_RSA_C From 4d3fc216fca8e2c4ec145cf3abef957d6d7da2d3 Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Tue, 6 Jun 2023 11:40:32 +0200 Subject: [PATCH 300/328] Use safe snprintf Signed-off-by: Przemek Stekiel --- library/x509.c | 12 +++++------- 1 file changed, 5 insertions(+), 7 deletions(-) diff --git a/library/x509.c b/library/x509.c index 130d4e7397..6e16c4c27c 100644 --- a/library/x509.c +++ b/library/x509.c @@ -1592,7 +1592,6 @@ int mbedtls_x509_info_subject_alt_name(char **buf, size_t *size, /* * dNSName * RFC822 Name - * iPAddress */ case MBEDTLS_X509_SAN_DNS_NAME: case MBEDTLS_X509_SAN_RFC822_NAME: @@ -1633,25 +1632,24 @@ int mbedtls_x509_info_subject_alt_name(char **buf, size_t *size, return MBEDTLS_ERR_X509_BUFFER_TOO_SMALL; } - int len = 0; unsigned char *ip = san.san.unstructured_name.p; // Only IPv6 (16 bytes) and IPv4 (4 bytes) types are supported if (san.san.unstructured_name.len == 4) { - len = mbedtls_snprintf(p, n, "%u.%u.%u.%u", ip[0], ip[1], ip[2], ip[3]); + ret = mbedtls_snprintf(p, n, "%u.%u.%u.%u", ip[0], ip[1], ip[2], ip[3]); + MBEDTLS_X509_SAFE_SNPRINTF; } else if (san.san.unstructured_name.len == 16) { - len = mbedtls_snprintf(p, n, + ret = mbedtls_snprintf(p, n, "%X%X:%X%X:%X%X:%X%X:%X%X:%X%X:%X%X:%X%X", ip[0], ip[1], ip[2], ip[3], ip[4], ip[5], ip[6], - ip[7], ip[8], ip[9], ip[10], ip[11], ip[12],ip[13], + ip[7], ip[8], ip[9], ip[10], ip[11], ip[12], ip[13], ip[14], ip[15]); + MBEDTLS_X509_SAFE_SNPRINTF; } else { if (n > 0) { *p = '\0'; } return MBEDTLS_ERR_X509_BAD_INPUT_DATA; } - p += len; - n -= len; } break; /* From feb1757ead05c614378739399089f301e3250f68 Mon Sep 17 00:00:00 2001 From: David Horstmann Date: Wed, 7 Jun 2023 15:21:59 +0100 Subject: [PATCH 301/328] Add clangd compilation databases to gitignore The clangd language server uses a file called compile_commands.json to interpret the source tree. This is generated by CMake and must be present in the source tree in order to use clangd properly. Add this to the gitignore to improve the developer experience for users of clangd. Signed-off-by: David Horstmann --- .gitignore | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.gitignore b/.gitignore index 288c71b133..e483bc7bb9 100644 --- a/.gitignore +++ b/.gitignore @@ -60,3 +60,6 @@ massif-* /TAGS /cscope*.out /tags + +# Clangd compilation database +compile_commands.json From bcfd79c6992ac1dc79c34eeb75f1a623169f692b Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Mon, 29 May 2023 22:04:18 +0100 Subject: [PATCH 302/328] Consume input in 8-byte chunks Signed-off-by: Dave Rodgman --- library/sha3.c | 28 ++++++++++++++++++++++++++++ 1 file changed, 28 insertions(+) diff --git a/library/sha3.c b/library/sha3.c index 959928e9da..d875b8185b 100644 --- a/library/sha3.c +++ b/library/sha3.c @@ -70,6 +70,8 @@ static const uint8_t pi[24] = { #define ROT64(x, y) (((x) << (y)) | ((x) >> (64U - (y)))) #define ABSORB(ctx, idx, v) do { ctx->state[(idx) >> 3] ^= ((uint64_t) (v)) << (((idx) & 0x7) << 3); \ } while (0) +#define ABSORB8(ctx, idx, v) do { ctx->state[(idx) >> 3] ^= ((uint64_t) (v)) << ((idx) << 3); \ +} while (0) #define SQUEEZE(ctx, idx) ((uint8_t) (ctx->state[(idx) >> 3] >> (((idx) & 0x7) << 3))) #define SWAP(x, y) do { uint64_t tmp = (x); (x) = (y); (y) = tmp; } while (0) @@ -232,6 +234,32 @@ int mbedtls_sha3_update(mbedtls_sha3_context *ctx, return 0; } + if (ilen >= 8) { + // 8-byte align index + int align_bytes = 8 - (ctx->index % 8); + if (align_bytes) { + for (; align_bytes > 0; align_bytes--) { + ABSORB(ctx, ctx->index, *input++); + ilen--; + ctx->index++; + } + if ((ctx->index = ctx->index % ctx->max_block_size) == 0) { + keccak_f1600(ctx); + } + } + + // process input in 8-byte chunks + while (ilen >= 8) { + ABSORB8(ctx, ctx->index, mbedtls_get_unaligned_uint64(input)); + input += 8; + ilen -= 8; + if ((ctx->index = (ctx->index + 8) % ctx->max_block_size) == 0) { + keccak_f1600(ctx); + } + } + } + + // handle remaining bytes while (ilen-- > 0) { ABSORB(ctx, ctx->index, *input++); if ((ctx->index = (ctx->index + 1) % ctx->max_block_size) == 0) { From 1789d84282ac27136b00e30328f8a3f65c0edcf6 Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Mon, 29 May 2023 22:05:19 +0100 Subject: [PATCH 303/328] remove not-needed fields from SHA-3 context Signed-off-by: Dave Rodgman --- include/mbedtls/sha3.h | 5 ----- library/sha3.c | 19 +++++++++---------- 2 files changed, 9 insertions(+), 15 deletions(-) diff --git a/include/mbedtls/sha3.h b/include/mbedtls/sha3.h index 2ddb22a3be..a153892003 100644 --- a/include/mbedtls/sha3.h +++ b/include/mbedtls/sha3.h @@ -60,7 +60,6 @@ typedef struct mbedtls_sha3_family_functions { uint16_t r; uint16_t olen; - uint8_t xor_byte; } mbedtls_sha3_family_functions; @@ -72,11 +71,7 @@ mbedtls_sha3_family_functions; typedef struct mbedtls_sha3_context { uint64_t state[25]; uint8_t index; - uint8_t id; - - uint16_t r; uint16_t olen; - uint8_t xor_byte; uint16_t max_block_size; } mbedtls_sha3_context; diff --git a/library/sha3.c b/library/sha3.c index d875b8185b..b8abf9d321 100644 --- a/library/sha3.c +++ b/library/sha3.c @@ -36,15 +36,17 @@ #include "mbedtls/platform.h" #endif /* MBEDTLS_SELF_TEST */ +#define XOR_BYTE 0x6 + /* * List of supported SHA-3 families */ static mbedtls_sha3_family_functions sha3_families[] = { - { MBEDTLS_SHA3_224, 1152, 224, 0x06 }, - { MBEDTLS_SHA3_256, 1088, 256, 0x06 }, - { MBEDTLS_SHA3_384, 832, 384, 0x06 }, - { MBEDTLS_SHA3_512, 576, 512, 0x06 }, - { MBEDTLS_SHA3_NONE, 0, 0, 0 } + { MBEDTLS_SHA3_224, 1152, 224 }, + { MBEDTLS_SHA3_256, 1088, 256 }, + { MBEDTLS_SHA3_384, 832, 384 }, + { MBEDTLS_SHA3_512, 576, 512 }, + { MBEDTLS_SHA3_NONE, 0, 0 } }; static const uint64_t rc[24] = { @@ -207,11 +209,8 @@ int mbedtls_sha3_starts(mbedtls_sha3_context *ctx, mbedtls_sha3_id id) return MBEDTLS_ERR_SHA3_BAD_INPUT_DATA; } - ctx->id = id; - ctx->r = p->r; ctx->olen = p->olen / 8; - ctx->xor_byte = p->xor_byte; - ctx->max_block_size = ctx->r / 8; + ctx->max_block_size = p->r / 8; memset(ctx->state, 0, sizeof(ctx->state)); ctx->index = 0; @@ -285,7 +284,7 @@ int mbedtls_sha3_finish(mbedtls_sha3_context *ctx, olen = ctx->olen; } - ABSORB(ctx, ctx->index, ctx->xor_byte); + ABSORB(ctx, ctx->index, XOR_BYTE); ABSORB(ctx, ctx->max_block_size - 1, 0x80); keccak_f1600(ctx); ctx->index = 0; From e627bef2f88ebe08f0f894c8289392ae8c937013 Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Mon, 29 May 2023 22:05:50 +0100 Subject: [PATCH 304/328] Use faster type for state index Signed-off-by: Dave Rodgman --- include/mbedtls/sha3.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/mbedtls/sha3.h b/include/mbedtls/sha3.h index a153892003..1fbcc7aa2f 100644 --- a/include/mbedtls/sha3.h +++ b/include/mbedtls/sha3.h @@ -70,7 +70,7 @@ mbedtls_sha3_family_functions; */ typedef struct mbedtls_sha3_context { uint64_t state[25]; - uint8_t index; + uint32_t index; uint16_t olen; uint16_t max_block_size; } From 9d7fa93e6cdf2b1d326fa9e3b0a8119f770aa744 Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Mon, 29 May 2023 22:07:06 +0100 Subject: [PATCH 305/328] move mbedtls_sha3_family_functions out of public interface Signed-off-by: Dave Rodgman --- include/mbedtls/sha3.h | 7 ------- library/sha3.c | 8 ++++++++ 2 files changed, 8 insertions(+), 7 deletions(-) diff --git a/include/mbedtls/sha3.h b/include/mbedtls/sha3.h index 1fbcc7aa2f..8eb0268832 100644 --- a/include/mbedtls/sha3.h +++ b/include/mbedtls/sha3.h @@ -55,13 +55,6 @@ typedef enum { } mbedtls_sha3_id; struct mbedtls_sha3_context; -typedef struct mbedtls_sha3_family_functions { - mbedtls_sha3_id id; - - uint16_t r; - uint16_t olen; -} -mbedtls_sha3_family_functions; /** * \brief The SHA-3 context structure. diff --git a/library/sha3.c b/library/sha3.c index b8abf9d321..c5ce1c669f 100644 --- a/library/sha3.c +++ b/library/sha3.c @@ -38,6 +38,14 @@ #define XOR_BYTE 0x6 +typedef struct mbedtls_sha3_family_functions { + mbedtls_sha3_id id; + + uint16_t r; + uint16_t olen; +} +mbedtls_sha3_family_functions; + /* * List of supported SHA-3 families */ From c3048b3eea1e363c82b72f9e6b1e74b78ce1c6b4 Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Mon, 29 May 2023 22:08:19 +0100 Subject: [PATCH 306/328] Tidy-up definition of mbedtls_sha3_context Signed-off-by: Dave Rodgman --- include/mbedtls/sha3.h | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/include/mbedtls/sha3.h b/include/mbedtls/sha3.h index 8eb0268832..f596c2e59c 100644 --- a/include/mbedtls/sha3.h +++ b/include/mbedtls/sha3.h @@ -54,14 +54,12 @@ typedef enum { MBEDTLS_SHA3_512, /*!< SHA3-512 */ } mbedtls_sha3_id; -struct mbedtls_sha3_context; - /** * \brief The SHA-3 context structure. * * The structure is used SHA-3 checksum calculations. */ -typedef struct mbedtls_sha3_context { +typedef struct { uint64_t state[25]; uint32_t index; uint16_t olen; From 2468ad10d7299c10b0cfd2d8cebee170e1a5bb48 Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Wed, 7 Jun 2023 17:06:13 +0100 Subject: [PATCH 307/328] Add tests for invalid paramters Signed-off-by: Dave Rodgman --- tests/suites/test_suite_shax.data | 4 ++++ tests/suites/test_suite_shax.function | 20 ++++++++++++++++++++ 2 files changed, 24 insertions(+) diff --git a/tests/suites/test_suite_shax.data b/tests/suites/test_suite_shax.data index f443ecf614..5769aa26ac 100644 --- a/tests/suites/test_suite_shax.data +++ b/tests/suites/test_suite_shax.data @@ -2410,3 +2410,7 @@ sha3_reuse:"41":"15000d20f59aa483b5eac0a1f33abe8e09dea1054d173d3e7443c68035b9924 SHA-3 Selftest depends_on:MBEDTLS_SELF_TEST:MBEDTLS_SHA3_C sha3_selftest: + +SHA-3 invalid param +depends_on:MBEDTLS_SHA3_C +sha3_invalid_param diff --git a/tests/suites/test_suite_shax.function b/tests/suites/test_suite_shax.function index dec9f696b9..0468f721c7 100644 --- a/tests/suites/test_suite_shax.function +++ b/tests/suites/test_suite_shax.function @@ -166,6 +166,26 @@ exit: } /* END_CASE */ +/* BEGIN_CASE */ +void sha3_invalid_param() +{ + unsigned char output[32]; + mbedtls_sha3_context ctx; + + mbedtls_sha3_init(&ctx); + TEST_EQUAL(mbedtls_sha3_starts(&ctx, MBEDTLS_SHA3_NONE), MBEDTLS_ERR_SHA3_BAD_INPUT_DATA); + + TEST_EQUAL(mbedtls_sha3_starts(&ctx, MBEDTLS_SHA3_256), 0); + + TEST_EQUAL(mbedtls_sha3_finish(&ctx, output, 0), MBEDTLS_ERR_SHA3_BAD_INPUT_DATA); + TEST_EQUAL(mbedtls_sha3_finish(&ctx, output, 31), MBEDTLS_ERR_SHA3_BAD_INPUT_DATA); + TEST_EQUAL(mbedtls_sha3_finish(&ctx, output, 32), 0); + +exit: + return; +} +/* END_CASE */ + /* BEGIN_CASE depends_on:MBEDTLS_SHA3_C */ void mbedtls_sha3_multi(int family, data_t *in, data_t *hash) { From cf4d2bdc09f3f4839751746b12b63568999110a0 Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Wed, 7 Jun 2023 17:08:09 +0100 Subject: [PATCH 308/328] Spell as SHA-3 not SHA3 Signed-off-by: Dave Rodgman --- ChangeLog.d/sha3.txt | 2 +- include/mbedtls/sha3.h | 4 ++-- library/sha3.c | 6 +++--- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/ChangeLog.d/sha3.txt b/ChangeLog.d/sha3.txt index dafff74f16..9426f879f9 100644 --- a/ChangeLog.d/sha3.txt +++ b/ChangeLog.d/sha3.txt @@ -1,3 +1,3 @@ Features - * Add SHA3 family hash functions. + * Add SHA-3 family hash functions. diff --git a/include/mbedtls/sha3.h b/include/mbedtls/sha3.h index f596c2e59c..f41696b5e3 100644 --- a/include/mbedtls/sha3.h +++ b/include/mbedtls/sha3.h @@ -1,7 +1,7 @@ /** * \file sha3.h * - * \brief This file contains SHA3 definitions and functions. + * \brief This file contains SHA-3 definitions and functions. * * The Secure Hash Algorithms cryptographic * hash functions are defined in FIPS 202: SHA-3 Standard: @@ -37,7 +37,7 @@ extern "C" { #endif -/** SHA3 input data was malformed. */ +/** SHA-3 input data was malformed. */ #define MBEDTLS_ERR_SHA3_BAD_INPUT_DATA -0x0076 /** diff --git a/library/sha3.c b/library/sha3.c index c5ce1c669f..615e5e9cf0 100644 --- a/library/sha3.c +++ b/library/sha3.c @@ -309,7 +309,7 @@ int mbedtls_sha3_finish(mbedtls_sha3_context *ctx, } /* - * output = SHA3( input buffer ) + * output = SHA-3( input buffer ) */ int mbedtls_sha3(mbedtls_sha3_id id, const uint8_t *input, size_t ilen, uint8_t *output, size_t olen) @@ -602,7 +602,7 @@ int mbedtls_sha3_self_test(int verbose) { int i; - /* SHA3 Known Answer Tests (KAT) */ + /* SHA-3 Known Answer Tests (KAT) */ for (i = 0; i < 2; i++) { if (0 != mbedtls_sha3_kat_test(verbose, "SHA3-224", MBEDTLS_SHA3_224, i)) { @@ -625,7 +625,7 @@ int mbedtls_sha3_self_test(int verbose) } } - /* SHA3 long KAT tests */ + /* SHA-3 long KAT tests */ if (0 != mbedtls_sha3_long_kat_test(verbose, "SHA3-224", MBEDTLS_SHA3_224)) { return 1; From a35551ef01735fd589c30726c041717f8bb7e619 Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Wed, 7 Jun 2023 17:08:19 +0100 Subject: [PATCH 309/328] Use MBEDTLS_PRIVATE Signed-off-by: Dave Rodgman --- include/mbedtls/sha3.h | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/include/mbedtls/sha3.h b/include/mbedtls/sha3.h index f41696b5e3..0f6919b3e4 100644 --- a/include/mbedtls/sha3.h +++ b/include/mbedtls/sha3.h @@ -60,10 +60,10 @@ typedef enum { * The structure is used SHA-3 checksum calculations. */ typedef struct { - uint64_t state[25]; - uint32_t index; - uint16_t olen; - uint16_t max_block_size; + uint64_t MBEDTLS_PRIVATE(state[25]); + uint32_t MBEDTLS_PRIVATE(index); + uint16_t MBEDTLS_PRIVATE(olen); + uint16_t MBEDTLS_PRIVATE(max_block_size); } mbedtls_sha3_context; From f9d8f4cd681dc97eef07510dadfb59ad555d3b35 Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Wed, 7 Jun 2023 17:08:29 +0100 Subject: [PATCH 310/328] Remove reference to SHAKE Signed-off-by: Dave Rodgman --- include/mbedtls/sha3.h | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/include/mbedtls/sha3.h b/include/mbedtls/sha3.h index 0f6919b3e4..77748be1f6 100644 --- a/include/mbedtls/sha3.h +++ b/include/mbedtls/sha3.h @@ -170,8 +170,7 @@ int mbedtls_sha3(mbedtls_sha3_id id, const uint8_t *input, #if defined(MBEDTLS_SELF_TEST) /** * \brief Checkup routine for the algorithms implemented - * by this module: SHA3-224, SHA3-256, SHA3-384, SHA3-512, - * SHAKE128, SHAKE256, cSHAKE128 and cSHAKE256. + * by this module: SHA3-224, SHA3-256, SHA3-384, SHA3-512. * * \return 0 if successful, or 1 if the test failed. */ From 1b427635165bcba9c69ad4d2f0c96cdecd21e35a Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Wed, 7 Jun 2023 17:09:02 +0100 Subject: [PATCH 311/328] Remove NULL checks Signed-off-by: Dave Rodgman --- library/sha3.c | 23 ----------------------- 1 file changed, 23 deletions(-) diff --git a/library/sha3.c b/library/sha3.c index 615e5e9cf0..092790ba6e 100644 --- a/library/sha3.c +++ b/library/sha3.c @@ -171,10 +171,6 @@ static void keccak_f1600(mbedtls_sha3_context *ctx) void mbedtls_sha3_init(mbedtls_sha3_context *ctx) { - if (ctx == NULL) { - return; - } - memset(ctx, 0, sizeof(mbedtls_sha3_context)); } @@ -190,10 +186,6 @@ void mbedtls_sha3_free(mbedtls_sha3_context *ctx) void mbedtls_sha3_clone(mbedtls_sha3_context *dst, const mbedtls_sha3_context *src) { - if (dst == NULL || src == NULL) { - return; - } - *dst = *src; } @@ -203,9 +195,6 @@ void mbedtls_sha3_clone(mbedtls_sha3_context *dst, int mbedtls_sha3_starts(mbedtls_sha3_context *ctx, mbedtls_sha3_id id) { mbedtls_sha3_family_functions *p = NULL; - if (ctx == NULL) { - return MBEDTLS_ERR_SHA3_BAD_INPUT_DATA; - } for (p = sha3_families; p->id != MBEDTLS_SHA3_NONE; p++) { if (p->id == id) { @@ -233,14 +222,6 @@ int mbedtls_sha3_update(mbedtls_sha3_context *ctx, const uint8_t *input, size_t ilen) { - if (ctx == NULL) { - return MBEDTLS_ERR_SHA3_BAD_INPUT_DATA; - } - - if (ilen == 0 || input == NULL) { - return 0; - } - if (ilen >= 8) { // 8-byte align index int align_bytes = 8 - (ctx->index % 8); @@ -280,10 +261,6 @@ int mbedtls_sha3_update(mbedtls_sha3_context *ctx, int mbedtls_sha3_finish(mbedtls_sha3_context *ctx, uint8_t *output, size_t olen) { - if (ctx == NULL || output == NULL) { - return MBEDTLS_ERR_SHA3_BAD_INPUT_DATA; - } - /* Catch SHA-3 families, with fixed output length */ if (ctx->olen > 0) { if (ctx->olen > olen) { From f213d0a7b0102b17e6d94ef3ca1429aa721310a9 Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Wed, 7 Jun 2023 17:09:47 +0100 Subject: [PATCH 312/328] Tidy-up Signed-off-by: Dave Rodgman --- library/sha3.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/library/sha3.c b/library/sha3.c index 092790ba6e..8b48cf75b2 100644 --- a/library/sha3.c +++ b/library/sha3.c @@ -504,7 +504,6 @@ static int mbedtls_sha3_long_kat_test(int verbose, mbedtls_sha3_context ctx; unsigned char buffer[1000]; unsigned char hash[64]; - int i; int result = 0; memset(buffer, 'a', 1000); @@ -523,7 +522,7 @@ static int mbedtls_sha3_long_kat_test(int verbose, } /* Process 1,000,000 (one million) 'a' characters */ - for (i = 0; i < 1000; i++) { + for (int i = 0; i < 1000; i++) { result = mbedtls_sha3_update(&ctx, buffer, 1000); if (result != 0) { if (verbose != 0) { From 8b0deef299dabad96a2afec984ecfcd97055bcd5 Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Wed, 7 Jun 2023 17:56:09 +0100 Subject: [PATCH 313/328] Add HMAC DRBG SHA-3 tests Signed-off-by: Dave Rodgman --- tests/suites/test_suite_hmac_drbg.misc.data | 64 +++++++++++++++++++++ 1 file changed, 64 insertions(+) diff --git a/tests/suites/test_suite_hmac_drbg.misc.data b/tests/suites/test_suite_hmac_drbg.misc.data index 2b3b24dddc..6a63507622 100644 --- a/tests/suites/test_suite_hmac_drbg.misc.data +++ b/tests/suites/test_suite_hmac_drbg.misc.data @@ -18,6 +18,22 @@ HMAC_DRBG entropy usage SHA-512 depends_on:MBEDTLS_MD_CAN_SHA512 hmac_drbg_entropy_usage:MBEDTLS_MD_SHA512 +HMAC_DRBG entropy usage SHA3-224 +depends_on:MBEDTLS_MD_CAN_SHA3 +hmac_drbg_entropy_usage:MBEDTLS_MD_SHA3_224 + +HMAC_DRBG entropy usage SHA3-256 +depends_on:MBEDTLS_MD_CAN_SHA3 +hmac_drbg_entropy_usage:MBEDTLS_MD_SHA3_256 + +HMAC_DRBG entropy usage SHA3-384 +depends_on:MBEDTLS_MD_CAN_SHA3 +hmac_drbg_entropy_usage:MBEDTLS_MD_SHA3_384 + +HMAC_DRBG entropy usage SHA3-512 +depends_on:MBEDTLS_MD_CAN_SHA3 +hmac_drbg_entropy_usage:MBEDTLS_MD_SHA3_512 + HMAC_DRBG write/update seed file SHA-1 [#1] depends_on:MBEDTLS_MD_CAN_SHA1 hmac_drbg_seed_file:MBEDTLS_MD_SHA1:"data_files/hmac_drbg_seed":0 @@ -58,6 +74,38 @@ HMAC_DRBG write/update seed file SHA-512 [#2] depends_on:MBEDTLS_MD_CAN_SHA512 hmac_drbg_seed_file:MBEDTLS_MD_SHA512:"no_such_dir/file":MBEDTLS_ERR_HMAC_DRBG_FILE_IO_ERROR +HMAC_DRBG write/update seed file SHA3-224 [#1] +depends_on:MBEDTLS_MD_CAN_SHA3 +hmac_drbg_seed_file:MBEDTLS_MD_SHA3_224:"data_files/hmac_drbg_seed":0 + +HMAC_DRBG write/update seed file SHA3-224 [#2] +depends_on:MBEDTLS_MD_CAN_SHA3 +hmac_drbg_seed_file:MBEDTLS_MD_SHA3_224:"no_such_dir/file":MBEDTLS_ERR_HMAC_DRBG_FILE_IO_ERROR + +HMAC_DRBG write/update seed file SHA3-256 [#1] +depends_on:MBEDTLS_MD_CAN_SHA3 +hmac_drbg_seed_file:MBEDTLS_MD_SHA3_256:"data_files/hmac_drbg_seed":0 + +HMAC_DRBG write/update seed file SHA3-256 [#2] +depends_on:MBEDTLS_MD_CAN_SHA3 +hmac_drbg_seed_file:MBEDTLS_MD_SHA3_256:"no_such_dir/file":MBEDTLS_ERR_HMAC_DRBG_FILE_IO_ERROR + +HMAC_DRBG write/update seed file SHA3-384 [#1] +depends_on:MBEDTLS_MD_CAN_SHA3 +hmac_drbg_seed_file:MBEDTLS_MD_SHA3_384:"data_files/hmac_drbg_seed":0 + +HMAC_DRBG write/update seed file SHA3-384 [#2] +depends_on:MBEDTLS_MD_CAN_SHA3 +hmac_drbg_seed_file:MBEDTLS_MD_SHA3_384:"no_such_dir/file":MBEDTLS_ERR_HMAC_DRBG_FILE_IO_ERROR + +HMAC_DRBG write/update seed file SHA3-512 [#1] +depends_on:MBEDTLS_MD_CAN_SHA3 +hmac_drbg_seed_file:MBEDTLS_MD_SHA3_512:"data_files/hmac_drbg_seed":0 + +HMAC_DRBG write/update seed file SHA3-512 [#2] +depends_on:MBEDTLS_MD_CAN_SHA3 +hmac_drbg_seed_file:MBEDTLS_MD_SHA3_512:"no_such_dir/file":MBEDTLS_ERR_HMAC_DRBG_FILE_IO_ERROR + HMAC_DRBG from buffer SHA-1 depends_on:MBEDTLS_MD_CAN_SHA1 hmac_drbg_buf:MBEDTLS_MD_SHA1 @@ -78,5 +126,21 @@ HMAC_DRBG from buffer SHA-512 depends_on:MBEDTLS_MD_CAN_SHA512 hmac_drbg_buf:MBEDTLS_MD_SHA512 +HMAC_DRBG from buffer SHA3-224 +depends_on:MBEDTLS_MD_CAN_SHA3 +hmac_drbg_buf:MBEDTLS_MD_SHA3_224 + +HMAC_DRBG from buffer SHA3-256 +depends_on:MBEDTLS_MD_CAN_SHA3 +hmac_drbg_buf:MBEDTLS_MD_SHA3_256 + +HMAC_DRBG from buffer SHA3-384 +depends_on:MBEDTLS_MD_CAN_SHA3 +hmac_drbg_buf:MBEDTLS_MD_SHA3_384 + +HMAC_DRBG from buffer SHA3-512 +depends_on:MBEDTLS_MD_CAN_SHA3 +hmac_drbg_buf:MBEDTLS_MD_SHA3_512 + HMAC_DRBG self test hmac_drbg_selftest: From b61cd1042a156ce6a07b447894e92861b7bf4cd7 Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Wed, 7 Jun 2023 17:59:57 +0100 Subject: [PATCH 314/328] Correct minor merge mistakes Signed-off-by: Dave Rodgman --- include/mbedtls/md.h | 10 ---------- library/md.c | 3 --- 2 files changed, 13 deletions(-) diff --git a/include/mbedtls/md.h b/include/mbedtls/md.h index d72b7fc2be..2f1b3e2bae 100644 --- a/include/mbedtls/md.h +++ b/include/mbedtls/md.h @@ -158,16 +158,6 @@ typedef enum { MBEDTLS_MD_SHA3_512, /**< The SHA3-512 message digest. */ } mbedtls_md_type_t; -/* Note: this should always be >= PSA_HASH_MAX_SIZE - * in all builds with both CRYPTO_C and MD_LIGHT. - * - * This is to make things easier for modules such as TLS that may define a - * buffer size using MD_MAX_SIZE in a part of the code that's common to PSA - * and legacy, then assume the buffer's size is PSA_HASH_MAX_SIZE in another - * part of the code based on PSA. - * - * Currently both macros have the same value, avoiding such issues. - */ #if defined(MBEDTLS_MD_CAN_SHA512) || defined(MBEDTLS_SHA3_C) #define MBEDTLS_MD_MAX_SIZE 64 /* longest known is SHA512 */ #elif defined(MBEDTLS_MD_CAN_SHA384) diff --git a/library/md.c b/library/md.c index ee7610e8d7..ac0619871d 100644 --- a/library/md.c +++ b/library/md.c @@ -146,21 +146,18 @@ const mbedtls_md_info_t mbedtls_sha3_224_info = { 28, 144, }; - const mbedtls_md_info_t mbedtls_sha3_256_info = { "SHA3-256", MBEDTLS_MD_SHA3_256, 32, 136, }; - const mbedtls_md_info_t mbedtls_sha3_384_info = { "SHA3-384", MBEDTLS_MD_SHA3_384, 48, 104, }; - const mbedtls_md_info_t mbedtls_sha3_512_info = { "SHA3-512", MBEDTLS_MD_SHA3_512, From a8af4f4da2e4c031f93f97ef1190161d5464b7dd Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Wed, 7 Jun 2023 18:27:09 +0100 Subject: [PATCH 315/328] Fix test dependency Signed-off-by: Dave Rodgman --- tests/suites/test_suite_shax.function | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/suites/test_suite_shax.function b/tests/suites/test_suite_shax.function index 0468f721c7..326cc79e6e 100644 --- a/tests/suites/test_suite_shax.function +++ b/tests/suites/test_suite_shax.function @@ -166,7 +166,7 @@ exit: } /* END_CASE */ -/* BEGIN_CASE */ +/* BEGIN_CASE depends_on:MBEDTLS_SHA3_C */ void sha3_invalid_param() { unsigned char output[32]; From 2f0f998ec4fb0808904e2944f33409ebdc777391 Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Wed, 7 Jun 2023 19:12:04 +0100 Subject: [PATCH 316/328] Unify ABSORB and ABSORB8 to fix compile error Signed-off-by: Dave Rodgman --- library/sha3.c | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/library/sha3.c b/library/sha3.c index 8b48cf75b2..7151094452 100644 --- a/library/sha3.c +++ b/library/sha3.c @@ -80,8 +80,6 @@ static const uint8_t pi[24] = { #define ROT64(x, y) (((x) << (y)) | ((x) >> (64U - (y)))) #define ABSORB(ctx, idx, v) do { ctx->state[(idx) >> 3] ^= ((uint64_t) (v)) << (((idx) & 0x7) << 3); \ } while (0) -#define ABSORB8(ctx, idx, v) do { ctx->state[(idx) >> 3] ^= ((uint64_t) (v)) << ((idx) << 3); \ -} while (0) #define SQUEEZE(ctx, idx) ((uint8_t) (ctx->state[(idx) >> 3] >> (((idx) & 0x7) << 3))) #define SWAP(x, y) do { uint64_t tmp = (x); (x) = (y); (y) = tmp; } while (0) @@ -238,7 +236,7 @@ int mbedtls_sha3_update(mbedtls_sha3_context *ctx, // process input in 8-byte chunks while (ilen >= 8) { - ABSORB8(ctx, ctx->index, mbedtls_get_unaligned_uint64(input)); + ABSORB(ctx, ctx->index, mbedtls_get_unaligned_uint64(input)); input += 8; ilen -= 8; if ((ctx->index = (ctx->index + 8) % ctx->max_block_size) == 0) { From 2c91f4b8b27c6f8e1a1a76559851317a37939a7c Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Wed, 7 Jun 2023 19:59:05 +0100 Subject: [PATCH 317/328] Fix for big-endian architectures Signed-off-by: Dave Rodgman --- library/sha3.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/sha3.c b/library/sha3.c index 7151094452..4b97a85c5f 100644 --- a/library/sha3.c +++ b/library/sha3.c @@ -236,7 +236,7 @@ int mbedtls_sha3_update(mbedtls_sha3_context *ctx, // process input in 8-byte chunks while (ilen >= 8) { - ABSORB(ctx, ctx->index, mbedtls_get_unaligned_uint64(input)); + ABSORB(ctx, ctx->index, MBEDTLS_GET_UINT64_LE(input, 0)); input += 8; ilen -= 8; if ((ctx->index = (ctx->index + 8) % ctx->max_block_size) == 0) { From ff45d44c02cf49d7998b65df1f8421064302b551 Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Thu, 8 Jun 2023 10:11:34 +0100 Subject: [PATCH 318/328] Replace MBEDTLS_MD_CAN_SHA3 with MBEDTLS_MD_CAN_SHA3_xxx Signed-off-by: Dave Rodgman --- include/mbedtls/md.h | 7 +++++-- library/md.c | 39 +++++++++++++++++++++++++++++++++------ 2 files changed, 38 insertions(+), 8 deletions(-) diff --git a/include/mbedtls/md.h b/include/mbedtls/md.h index 2f1b3e2bae..a73a7b0eaf 100644 --- a/include/mbedtls/md.h +++ b/include/mbedtls/md.h @@ -113,7 +113,10 @@ #define MBEDTLS_MD_SOME_LEGACY #endif #if defined(MBEDTLS_SHA3_C) -#define MBEDTLS_MD_CAN_SHA3 +#define MBEDTLS_MD_CAN_SHA3_224 +#define MBEDTLS_MD_CAN_SHA3_256 +#define MBEDTLS_MD_CAN_SHA3_384 +#define MBEDTLS_MD_CAN_SHA3_512 #endif #if defined(MBEDTLS_RIPEMD160_C) #define MBEDTLS_MD_CAN_RIPEMD160 @@ -171,7 +174,7 @@ typedef enum { or smaller (MD5 and earlier) */ #endif -#if defined(MBEDTLS_MD_CAN_SHA3) +#if defined(MBEDTLS_MD_CAN_SHA3_224) #define MBEDTLS_MD_MAX_BLOCK_SIZE 144 /* the longest known is SHA3-224 */ #elif defined(MBEDTLS_MD_CAN_SHA512) #define MBEDTLS_MD_MAX_BLOCK_SIZE 128 diff --git a/library/md.c b/library/md.c index ac0619871d..2af2e44925 100644 --- a/library/md.c +++ b/library/md.c @@ -139,25 +139,34 @@ const mbedtls_md_info_t mbedtls_sha512_info = { }; #endif -#if defined(MBEDTLS_MD_CAN_SHA3) +#if defined(MBEDTLS_MD_CAN_SHA3_224) const mbedtls_md_info_t mbedtls_sha3_224_info = { "SHA3-224", MBEDTLS_MD_SHA3_224, 28, 144, }; +#endif + +#if defined(MBEDTLS_MD_CAN_SHA3_256) const mbedtls_md_info_t mbedtls_sha3_256_info = { "SHA3-256", MBEDTLS_MD_SHA3_256, 32, 136, }; +#endif + +#if defined(MBEDTLS_MD_CAN_SHA3_384) const mbedtls_md_info_t mbedtls_sha3_384_info = { "SHA3-384", MBEDTLS_MD_SHA3_384, 48, 104, }; +#endif + +#if defined(MBEDTLS_MD_CAN_SHA3_512) const mbedtls_md_info_t mbedtls_sha3_512_info = { "SHA3-512", MBEDTLS_MD_SHA3_512, @@ -889,10 +898,19 @@ static const int supported_digests[] = { MBEDTLS_MD_MD5, #endif -#if defined(MBEDTLS_MD_CAN_SHA3) +#if defined(MBEDTLS_MD_CAN_SHA3_224) MBEDTLS_MD_SHA3_224, +#endif + +#if defined(MBEDTLS_MD_CAN_SHA3_256) MBEDTLS_MD_SHA3_256, +#endif + +#if defined(MBEDTLS_MD_CAN_SHA3_384) MBEDTLS_MD_SHA3_384, +#endif + +#if defined(MBEDTLS_MD_CAN_SHA3_512) MBEDTLS_MD_SHA3_512, #endif @@ -946,14 +964,23 @@ const mbedtls_md_info_t *mbedtls_md_info_from_string(const char *md_name) return mbedtls_md_info_from_type(MBEDTLS_MD_SHA512); } #endif -#if defined(MBEDTLS_SHA3_C) +#if defined(MBEDTLS_MD_CAN_SHA3_224) if (!strcmp("SHA3-224", md_name)) { return mbedtls_md_info_from_type(MBEDTLS_MD_SHA3_224); - } else if (!strcmp("SHA3-256", md_name)) { + } +#endif +#if defined(MBEDTLS_MD_CAN_SHA3_256) + if (!strcmp("SHA3-256", md_name)) { return mbedtls_md_info_from_type(MBEDTLS_MD_SHA3_256); - } else if (!strcmp("SHA3-384", md_name)) { + } +#endif +#if defined(MBEDTLS_MD_CAN_SHA3_384) + if (!strcmp("SHA3-384", md_name)) { return mbedtls_md_info_from_type(MBEDTLS_MD_SHA3_384); - } else if (!strcmp("SHA3-512", md_name)) { + } +#endif +#if defined(MBEDTLS_MD_CAN_SHA3_512) + if (!strcmp("SHA3-512", md_name)) { return mbedtls_md_info_from_type(MBEDTLS_MD_SHA3_512); } #endif From 9304186ae9c79579379d211f21940a1444f59e42 Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Thu, 8 Jun 2023 10:13:22 +0100 Subject: [PATCH 319/328] Restore accidentally removed comment Signed-off-by: Dave Rodgman --- include/mbedtls/md.h | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/include/mbedtls/md.h b/include/mbedtls/md.h index a73a7b0eaf..67a5bd6ce0 100644 --- a/include/mbedtls/md.h +++ b/include/mbedtls/md.h @@ -161,6 +161,14 @@ typedef enum { MBEDTLS_MD_SHA3_512, /**< The SHA3-512 message digest. */ } mbedtls_md_type_t; +/* Note: this should always be >= PSA_HASH_MAX_SIZE + * in all builds with both CRYPTO_C and MD_LIGHT. + * + * This is to make things easier for modules such as TLS that may define a + * buffer size using MD_MAX_SIZE in a part of the code that's common to PSA + * and legacy, then assume the buffer's size is PSA_HASH_MAX_SIZE in another + * part of the code based on PSA. + */ #if defined(MBEDTLS_MD_CAN_SHA512) || defined(MBEDTLS_SHA3_C) #define MBEDTLS_MD_MAX_SIZE 64 /* longest known is SHA512 */ #elif defined(MBEDTLS_MD_CAN_SHA384) From 33701acf554b3f501f50c6bc0c27c2b1df2c8d73 Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Thu, 8 Jun 2023 13:48:42 +0100 Subject: [PATCH 320/328] Fix test dependencies Signed-off-by: Dave Rodgman --- tests/suites/test_suite_hmac_drbg.misc.data | 32 ++++++++++----------- 1 file changed, 16 insertions(+), 16 deletions(-) diff --git a/tests/suites/test_suite_hmac_drbg.misc.data b/tests/suites/test_suite_hmac_drbg.misc.data index 6a63507622..68866d7aa8 100644 --- a/tests/suites/test_suite_hmac_drbg.misc.data +++ b/tests/suites/test_suite_hmac_drbg.misc.data @@ -19,19 +19,19 @@ depends_on:MBEDTLS_MD_CAN_SHA512 hmac_drbg_entropy_usage:MBEDTLS_MD_SHA512 HMAC_DRBG entropy usage SHA3-224 -depends_on:MBEDTLS_MD_CAN_SHA3 +depends_on:MBEDTLS_MD_CAN_SHA3_224 hmac_drbg_entropy_usage:MBEDTLS_MD_SHA3_224 HMAC_DRBG entropy usage SHA3-256 -depends_on:MBEDTLS_MD_CAN_SHA3 +depends_on:MBEDTLS_MD_CAN_SHA3_256 hmac_drbg_entropy_usage:MBEDTLS_MD_SHA3_256 HMAC_DRBG entropy usage SHA3-384 -depends_on:MBEDTLS_MD_CAN_SHA3 +depends_on:MBEDTLS_MD_CAN_SHA3_384 hmac_drbg_entropy_usage:MBEDTLS_MD_SHA3_384 HMAC_DRBG entropy usage SHA3-512 -depends_on:MBEDTLS_MD_CAN_SHA3 +depends_on:MBEDTLS_MD_CAN_SHA3_512 hmac_drbg_entropy_usage:MBEDTLS_MD_SHA3_512 HMAC_DRBG write/update seed file SHA-1 [#1] @@ -75,35 +75,35 @@ depends_on:MBEDTLS_MD_CAN_SHA512 hmac_drbg_seed_file:MBEDTLS_MD_SHA512:"no_such_dir/file":MBEDTLS_ERR_HMAC_DRBG_FILE_IO_ERROR HMAC_DRBG write/update seed file SHA3-224 [#1] -depends_on:MBEDTLS_MD_CAN_SHA3 +depends_on:MBEDTLS_MD_CAN_SHA3_224 hmac_drbg_seed_file:MBEDTLS_MD_SHA3_224:"data_files/hmac_drbg_seed":0 HMAC_DRBG write/update seed file SHA3-224 [#2] -depends_on:MBEDTLS_MD_CAN_SHA3 +depends_on:MBEDTLS_MD_CAN_SHA3_224 hmac_drbg_seed_file:MBEDTLS_MD_SHA3_224:"no_such_dir/file":MBEDTLS_ERR_HMAC_DRBG_FILE_IO_ERROR HMAC_DRBG write/update seed file SHA3-256 [#1] -depends_on:MBEDTLS_MD_CAN_SHA3 +depends_on:MBEDTLS_MD_CAN_SHA3_256 hmac_drbg_seed_file:MBEDTLS_MD_SHA3_256:"data_files/hmac_drbg_seed":0 HMAC_DRBG write/update seed file SHA3-256 [#2] -depends_on:MBEDTLS_MD_CAN_SHA3 +depends_on:MBEDTLS_MD_CAN_SHA3_256 hmac_drbg_seed_file:MBEDTLS_MD_SHA3_256:"no_such_dir/file":MBEDTLS_ERR_HMAC_DRBG_FILE_IO_ERROR HMAC_DRBG write/update seed file SHA3-384 [#1] -depends_on:MBEDTLS_MD_CAN_SHA3 +depends_on:MBEDTLS_MD_CAN_SHA3_384 hmac_drbg_seed_file:MBEDTLS_MD_SHA3_384:"data_files/hmac_drbg_seed":0 HMAC_DRBG write/update seed file SHA3-384 [#2] -depends_on:MBEDTLS_MD_CAN_SHA3 +depends_on:MBEDTLS_MD_CAN_SHA3_384 hmac_drbg_seed_file:MBEDTLS_MD_SHA3_384:"no_such_dir/file":MBEDTLS_ERR_HMAC_DRBG_FILE_IO_ERROR HMAC_DRBG write/update seed file SHA3-512 [#1] -depends_on:MBEDTLS_MD_CAN_SHA3 +depends_on:MBEDTLS_MD_CAN_SHA3_512 hmac_drbg_seed_file:MBEDTLS_MD_SHA3_512:"data_files/hmac_drbg_seed":0 HMAC_DRBG write/update seed file SHA3-512 [#2] -depends_on:MBEDTLS_MD_CAN_SHA3 +depends_on:MBEDTLS_MD_CAN_SHA3_512 hmac_drbg_seed_file:MBEDTLS_MD_SHA3_512:"no_such_dir/file":MBEDTLS_ERR_HMAC_DRBG_FILE_IO_ERROR HMAC_DRBG from buffer SHA-1 @@ -127,19 +127,19 @@ depends_on:MBEDTLS_MD_CAN_SHA512 hmac_drbg_buf:MBEDTLS_MD_SHA512 HMAC_DRBG from buffer SHA3-224 -depends_on:MBEDTLS_MD_CAN_SHA3 +depends_on:MBEDTLS_MD_CAN_SHA3_224 hmac_drbg_buf:MBEDTLS_MD_SHA3_224 HMAC_DRBG from buffer SHA3-256 -depends_on:MBEDTLS_MD_CAN_SHA3 +depends_on:MBEDTLS_MD_CAN_SHA3_256 hmac_drbg_buf:MBEDTLS_MD_SHA3_256 HMAC_DRBG from buffer SHA3-384 -depends_on:MBEDTLS_MD_CAN_SHA3 +depends_on:MBEDTLS_MD_CAN_SHA3_384 hmac_drbg_buf:MBEDTLS_MD_SHA3_384 HMAC_DRBG from buffer SHA3-512 -depends_on:MBEDTLS_MD_CAN_SHA3 +depends_on:MBEDTLS_MD_CAN_SHA3_512 hmac_drbg_buf:MBEDTLS_MD_SHA3_512 HMAC_DRBG self test From 0442e1b56141a31f36127f489c484cec7ba34b3d Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Thu, 8 Jun 2023 16:03:33 +0100 Subject: [PATCH 321/328] Fix definition of MBEDTLS_MD_MAX_SIZE and MBEDTLS_MD_MAX_BLOCK_SIZE Signed-off-by: Dave Rodgman --- include/mbedtls/md.h | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) diff --git a/include/mbedtls/md.h b/include/mbedtls/md.h index 67a5bd6ce0..c040a48c57 100644 --- a/include/mbedtls/md.h +++ b/include/mbedtls/md.h @@ -169,13 +169,13 @@ typedef enum { * and legacy, then assume the buffer's size is PSA_HASH_MAX_SIZE in another * part of the code based on PSA. */ -#if defined(MBEDTLS_MD_CAN_SHA512) || defined(MBEDTLS_SHA3_C) +#if defined(MBEDTLS_MD_CAN_SHA512) || defined(MBEDTLS_MD_CAN_SHA3_512) #define MBEDTLS_MD_MAX_SIZE 64 /* longest known is SHA512 */ -#elif defined(MBEDTLS_MD_CAN_SHA384) +#elif defined(MBEDTLS_MD_CAN_SHA384) || defined(MBEDTLS_MD_CAN_SHA3_384) #define MBEDTLS_MD_MAX_SIZE 48 /* longest known is SHA384 */ -#elif defined(MBEDTLS_MD_CAN_SHA256) +#elif defined(MBEDTLS_MD_CAN_SHA256) || defined(MBEDTLS_MD_CAN_SHA3_256) #define MBEDTLS_MD_MAX_SIZE 32 /* longest known is SHA256 */ -#elif defined(MBEDTLS_MD_CAN_SHA224) +#elif defined(MBEDTLS_MD_CAN_SHA224) || defined(MBEDTLS_MD_CAN_SHA3_224) #define MBEDTLS_MD_MAX_SIZE 28 /* longest known is SHA224 */ #else #define MBEDTLS_MD_MAX_SIZE 20 /* longest known is SHA1 or RIPE MD-160 @@ -184,8 +184,14 @@ typedef enum { #if defined(MBEDTLS_MD_CAN_SHA3_224) #define MBEDTLS_MD_MAX_BLOCK_SIZE 144 /* the longest known is SHA3-224 */ +#elif defined(MBEDTLS_MD_CAN_SHA3_256) +#define MBEDTLS_MD_MAX_BLOCK_SIZE 136 #elif defined(MBEDTLS_MD_CAN_SHA512) #define MBEDTLS_MD_MAX_BLOCK_SIZE 128 +#elif defined(MBEDTLS_MD_CAN_SHA3_384) +#define MBEDTLS_MD_MAX_BLOCK_SIZE 104 +#elif defined(MBEDTLS_MD_CAN_SHA3_512) +#define MBEDTLS_MD_MAX_BLOCK_SIZE 72 #else #define MBEDTLS_MD_MAX_BLOCK_SIZE 64 #endif From 6d4933e54d833092503cc62d48864843bc5a9fed Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Thu, 8 Jun 2023 16:03:54 +0100 Subject: [PATCH 322/328] Replace use of MBEDTLS_SHA3_C with MBEDTLS_MD_CAN_SHA3_xxx Signed-off-by: Dave Rodgman --- library/md.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/library/md.c b/library/md.c index 2af2e44925..a29d876e9e 100644 --- a/library/md.c +++ b/library/md.c @@ -206,13 +206,19 @@ const mbedtls_md_info_t *mbedtls_md_info_from_type(mbedtls_md_type_t md_type) case MBEDTLS_MD_SHA512: return &mbedtls_sha512_info; #endif -#if defined(MBEDTLS_SHA3_C) +#if defined(MBEDTLS_MD_CAN_SHA3_224) case MBEDTLS_MD_SHA3_224: return &mbedtls_sha3_224_info; +#endif +#if defined(MBEDTLS_MD_CAN_SHA3_256) case MBEDTLS_MD_SHA3_256: return &mbedtls_sha3_256_info; +#endif +#if defined(MBEDTLS_MD_CAN_SHA3_384) case MBEDTLS_MD_SHA3_384: return &mbedtls_sha3_384_info; +#endif +#if defined(MBEDTLS_MD_CAN_SHA3_512) case MBEDTLS_MD_SHA3_512: return &mbedtls_sha3_512_info; #endif From ef2aa0ecad3cbdf400f3878e92cf6416fb16d38b Mon Sep 17 00:00:00 2001 From: Tom Cosgrove Date: Fri, 9 Jun 2023 11:29:50 +0100 Subject: [PATCH 323/328] Fix "unterminated '#pragma clang attribute push'" in sha256/sha512.c If we're built with MBEDTLS_SHAxxx_USE_A64_CRYPTO_IF_PRESENT but don't have a way to detect the crypto extensions required, the code turns off _IF_PRESENT and falls back to C only (with a warning). This was done after the attributes are pushed, and the pop is done only #if defined(xxx_IF_PRESENT), so this commit fixes that. Signed-off-by: Tom Cosgrove --- ChangeLog.d/fix-unterminated-pragma-clang-attribute-push.txt | 4 ++++ library/sha256.c | 4 ++-- library/sha512.c | 4 ++-- 3 files changed, 8 insertions(+), 4 deletions(-) create mode 100644 ChangeLog.d/fix-unterminated-pragma-clang-attribute-push.txt diff --git a/ChangeLog.d/fix-unterminated-pragma-clang-attribute-push.txt b/ChangeLog.d/fix-unterminated-pragma-clang-attribute-push.txt new file mode 100644 index 0000000000..7fcb5ec293 --- /dev/null +++ b/ChangeLog.d/fix-unterminated-pragma-clang-attribute-push.txt @@ -0,0 +1,4 @@ +Bugfix + * Fix "unterminated '#pragma clang attribute push'" in sha256/sha512.c when + built with MBEDTLS_SHAxxx_USE_A64_CRYPTO_IF_PRESENT but don't have a + way to detect the crypto extensions required. A warning is still issued. diff --git a/library/sha256.c b/library/sha256.c index 08822f4413..169229c888 100644 --- a/library/sha256.c +++ b/library/sha256.c @@ -399,6 +399,8 @@ int mbedtls_internal_sha256_process_a64_crypto(mbedtls_sha256_context *ctx, SHA256_BLOCK_SIZE) ? 0 : -1; } +#endif /* MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT || MBEDTLS_SHA256_USE_A64_CRYPTO_ONLY */ + #if defined(MBEDTLS_POP_TARGET_PRAGMA) #if defined(__clang__) #pragma clang attribute pop @@ -408,8 +410,6 @@ int mbedtls_internal_sha256_process_a64_crypto(mbedtls_sha256_context *ctx, #undef MBEDTLS_POP_TARGET_PRAGMA #endif -#endif /* MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT || MBEDTLS_SHA256_USE_A64_CRYPTO_ONLY */ - #if !defined(MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT) #define mbedtls_internal_sha256_process_many_c mbedtls_internal_sha256_process_many #define mbedtls_internal_sha256_process_c mbedtls_internal_sha256_process diff --git a/library/sha512.c b/library/sha512.c index 67acfee481..b8b24854d7 100644 --- a/library/sha512.c +++ b/library/sha512.c @@ -569,6 +569,8 @@ int mbedtls_internal_sha512_process_a64_crypto(mbedtls_sha512_context *ctx, SHA512_BLOCK_SIZE) ? 0 : -1; } +#endif /* MBEDTLS_SHA512_USE_A64_CRYPTO_IF_PRESENT || MBEDTLS_SHA512_USE_A64_CRYPTO_ONLY */ + #if defined(MBEDTLS_POP_TARGET_PRAGMA) #if defined(__clang__) #pragma clang attribute pop @@ -578,8 +580,6 @@ int mbedtls_internal_sha512_process_a64_crypto(mbedtls_sha512_context *ctx, #undef MBEDTLS_POP_TARGET_PRAGMA #endif -#endif /* MBEDTLS_SHA512_USE_A64_CRYPTO_IF_PRESENT || MBEDTLS_SHA512_USE_A64_CRYPTO_ONLY */ - #if !defined(MBEDTLS_SHA512_USE_A64_CRYPTO_IF_PRESENT) #define mbedtls_internal_sha512_process_many_c mbedtls_internal_sha512_process_many From 46ed3a9834811d49b57fc4480b7bd7d1f8c2b32d Mon Sep 17 00:00:00 2001 From: Tom Cosgrove Date: Fri, 9 Jun 2023 12:21:53 +0100 Subject: [PATCH 324/328] Add an all.sh build test that catches the unterminated pragmas Signed-off-by: Tom Cosgrove --- tests/scripts/all.sh | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 8242f88bcc..b7bf854214 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -3962,6 +3962,11 @@ component_build_armcc () { # ARM Compiler 6 - Target Cortex-M0 armc6_build_test "-Os --target=arm-arm-none-eabi -mcpu=cortex-m0" + + # Check that we handle "No mechanism to detect A64_CRYPTO found" properly + scripts/config.py set MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT + scripts/config.py set MBEDTLS_SHA512_USE_A64_CRYPTO_IF_PRESENT + armc6_build_test "-Wno-#warnings -O1 --target=aarch64-arm-none-eabi -march=armv8.2-a+crypto" } support_build_armcc () { armc5_cc="$ARMC5_BIN_DIR/armcc" From 579e6e9a0567ae3d8e9313522ebdfd166a648b2f Mon Sep 17 00:00:00 2001 From: Tom Cosgrove Date: Fri, 9 Jun 2023 13:01:21 +0100 Subject: [PATCH 325/328] Merge the two ARM Compiler 6 - Target ARMv8.2-A - AArch64 builds Signed-off-by: Tom Cosgrove --- tests/scripts/all.sh | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index b7bf854214..b1f8f0fcf4 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -3954,16 +3954,14 @@ component_build_armcc () { # ARM Compiler 6 - Target ARMv8-M armc6_build_test "-O1 --target=arm-arm-none-eabi -march=armv8-m.main" - # ARM Compiler 6 - Target ARMv8.2-A - AArch64 - armc6_build_test "-O1 --target=aarch64-arm-none-eabi -march=armv8.2-a+crypto" - # ARM Compiler 6 - Target Cortex-M0 - no optimisation armc6_build_test "-O0 --target=arm-arm-none-eabi -mcpu=cortex-m0" # ARM Compiler 6 - Target Cortex-M0 armc6_build_test "-Os --target=arm-arm-none-eabi -mcpu=cortex-m0" - # Check that we handle "No mechanism to detect A64_CRYPTO found" properly + # ARM Compiler 6 - Target ARMv8.2-A - AArch64, and + # check that we handle "No mechanism to detect A64_CRYPTO found" properly scripts/config.py set MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT scripts/config.py set MBEDTLS_SHA512_USE_A64_CRYPTO_IF_PRESENT armc6_build_test "-Wno-#warnings -O1 --target=aarch64-arm-none-eabi -march=armv8.2-a+crypto" From 730addc203111e066873ca671d4aeeb45e3eb4e3 Mon Sep 17 00:00:00 2001 From: Tom Cosgrove Date: Fri, 9 Jun 2023 14:20:18 +0100 Subject: [PATCH 326/328] Fix armc5-bin-dir and armc6-bin-dir options to all.sh ARMC5_BIN_DIR and ARMC6_BIN_DIR were set in pre_parse_command_line() and used by support_build_armcc() which is called by pre_initialize_variables() to determines SUPPORTED_COMPONENTS. As pre_initialize_variables() is called before pre_parse_command_line(), support_build_armcc() failed to use the directories set on the command line. However, we can't call pre_parse_command_line() before pre_initialize_variables() since the former needs SUPPORTED_COMPONENTS! Fix the circular dependency by parsing the command line twice, with the first pass only to get these directories. Signed-off-by: Tom Cosgrove --- tests/scripts/all.sh | 17 +++++++++++++++-- 1 file changed, 15 insertions(+), 2 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index b1f8f0fcf4..7772da9ac1 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -411,6 +411,18 @@ check_tools() done } +pre_parse_command_line_for_dirs () { + # Make an early pass through the options given, so we can set directories + # for Arm compilers, before SUPPORTED_COMPONENTS is determined. + while [ $# -gt 0 ]; do + case "$1" in + --armc5-bin-dir) shift; ARMC5_BIN_DIR="$1";; + --armc6-bin-dir) shift; ARMC6_BIN_DIR="$1";; + esac + shift + done +} + pre_parse_command_line () { COMMAND_LINE_COMPONENTS= all_except=0 @@ -427,8 +439,8 @@ pre_parse_command_line () { --arm-none-eabi-gcc-prefix) shift; ARM_NONE_EABI_GCC_PREFIX="$1";; --arm-linux-gnueabi-gcc-prefix) shift; ARM_LINUX_GNUEABI_GCC_PREFIX="$1";; --armcc) no_armcc=;; - --armc5-bin-dir) shift; ARMC5_BIN_DIR="$1";; - --armc6-bin-dir) shift; ARMC6_BIN_DIR="$1";; + --armc5-bin-dir) shift; ;; # assignment to ARMC5_BIN_DIR done in pre_parse_command_line_for_dirs + --armc6-bin-dir) shift; ;; # assignment to ARMC6_BIN_DIR done in pre_parse_command_line_for_dirs --error-test) error_test=$((error_test + 1));; --except) all_except=1;; --force|-f) FORCE=1;; @@ -4447,6 +4459,7 @@ run_component () { # Preliminary setup pre_check_environment +pre_parse_command_line_for_dirs "$@" pre_initialize_variables pre_parse_command_line "$@" From 6ec39cacaaed4f7dfdbc9a4ae30e6be18e3f4347 Mon Sep 17 00:00:00 2001 From: Tom Cosgrove Date: Fri, 9 Jun 2023 15:34:31 +0100 Subject: [PATCH 327/328] Remove the all.sh test for this, since armclang on CI is too old Signed-off-by: Tom Cosgrove --- tests/scripts/all.sh | 10 ++++------ 1 file changed, 4 insertions(+), 6 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 7772da9ac1..78179a83f7 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -3966,18 +3966,16 @@ component_build_armcc () { # ARM Compiler 6 - Target ARMv8-M armc6_build_test "-O1 --target=arm-arm-none-eabi -march=armv8-m.main" + # ARM Compiler 6 - Target ARMv8.2-A - AArch64 + armc6_build_test "-O1 --target=aarch64-arm-none-eabi -march=armv8.2-a+crypto" + # ARM Compiler 6 - Target Cortex-M0 - no optimisation armc6_build_test "-O0 --target=arm-arm-none-eabi -mcpu=cortex-m0" # ARM Compiler 6 - Target Cortex-M0 armc6_build_test "-Os --target=arm-arm-none-eabi -mcpu=cortex-m0" - - # ARM Compiler 6 - Target ARMv8.2-A - AArch64, and - # check that we handle "No mechanism to detect A64_CRYPTO found" properly - scripts/config.py set MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT - scripts/config.py set MBEDTLS_SHA512_USE_A64_CRYPTO_IF_PRESENT - armc6_build_test "-Wno-#warnings -O1 --target=aarch64-arm-none-eabi -march=armv8.2-a+crypto" } + support_build_armcc () { armc5_cc="$ARMC5_BIN_DIR/armcc" armc6_cc="$ARMC6_BIN_DIR/armclang" From f956312174ed8b8b24403cad4885269f62e6292a Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Sun, 11 Jun 2023 16:04:29 +0100 Subject: [PATCH 328/328] Fix typo in MBEDTLS_MD_CAN macros Signed-off-by: Dave Rodgman --- include/mbedtls/md.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/mbedtls/md.h b/include/mbedtls/md.h index c040a48c57..f717618d27 100644 --- a/include/mbedtls/md.h +++ b/include/mbedtls/md.h @@ -186,7 +186,7 @@ typedef enum { #define MBEDTLS_MD_MAX_BLOCK_SIZE 144 /* the longest known is SHA3-224 */ #elif defined(MBEDTLS_MD_CAN_SHA3_256) #define MBEDTLS_MD_MAX_BLOCK_SIZE 136 -#elif defined(MBEDTLS_MD_CAN_SHA512) +#elif defined(MBEDTLS_MD_CAN_SHA512) || defined(MBEDTLS_MD_CAN_SHA384) #define MBEDTLS_MD_MAX_BLOCK_SIZE 128 #elif defined(MBEDTLS_MD_CAN_SHA3_384) #define MBEDTLS_MD_MAX_BLOCK_SIZE 104